Forward built-in-admin-name and administrators-group-name as part of

UploadDeviceDetails RPC. Bug: 1084333 Change-Id: I079c80db8e92c0696bf3b6dba13562e2abf37574 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2208181 Commit-Queue: Rakesh Soma <rakeshsoma@google.com> Reviewed-by: Yusuf Sengul <yusufsn@google.com> Cr-Commit-Position: refs/heads/master@{#770050}

Forward built-in-admin-name and administrators-group-name as part of
UploadDeviceDetails RPC. Bug: 1084333 Change-Id: I079c80db8e92c0696bf3b6dba13562e2abf37574 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/2208181 Commit-Queue: Rakesh Soma <rakeshsoma@google.com> Reviewed-by: Yusuf Sengul <yusufsn@google.com> Cr-Commit-Position: refs/heads/master@{#770050}
17280dfe · Rakesh Soma · Commit Bot · 677e03f0 · 17280dfe · 17280dfe
Commit 17280dfe authored May 19, 2020 by Rakesh Soma Committed by Commit Bot May 19, 2020
4 changed files
--- a/chrome/credential_provider/gaiacp/gcp_utils.cc
+++ b/chrome/credential_provider/gaiacp/gcp_utils.cc
@@ -664,6 +664,39 @@ HRESULT GetCommandLineForEntrypoint(HINSTANCE dll_handle,
  return hr;
 }

+// Gets localized name for builtin administrator account. Extracting
+// localized name for builtin administrator account requires DomainSid
+// to be passed onto the CreateWellKnownSid function unlike any other
+// WellKnownSid as per microsoft documentation. That's why we need to
+// first extract the DomainSid (even for local accounts) and pass it as
+// a parameter to the CreateWellKnownSid function call.
+HRESULT GetLocalizedNameBuiltinAdministratorAccount(
+    base::string16* builtin_localized_admin_name) {
+  LSA_HANDLE PolicyHandle;
+  LSA_OBJECT_ATTRIBUTES oa = {sizeof(oa)};
+  NTSTATUS status =
+      LsaOpenPolicy(0, &oa, POLICY_VIEW_LOCAL_INFORMATION, &PolicyHandle);
+  if (status >= 0) {
+    PPOLICY_ACCOUNT_DOMAIN_INFO ppadi;
+    status = LsaQueryInformationPolicy(
+        PolicyHandle, PolicyAccountDomainInformation, (void**)&ppadi);
+    if (status >= 0) {
+      BYTE well_known_sid[SECURITY_MAX_SID_SIZE];
+      DWORD size_local_users_group_sid = base::size(well_known_sid);
+      if (CreateWellKnownSid(::WinAccountAdministratorSid, ppadi->DomainSid,
+                             well_known_sid, &size_local_users_group_sid)) {
+        return LookupLocalizedNameBySid(well_known_sid,
+                                        builtin_localized_admin_name);
+      } else {
+        status = GetLastError();
+      }
+      LsaFreeMemory(ppadi);
+    }
+    LsaClose(PolicyHandle);
+  }
+  return status >= 0 ? S_OK : E_FAIL;
+}
+
 HRESULT LookupLocalizedNameBySid(PSID sid, base::string16* localized_name) {
  DCHECK(localized_name);
  std::vector<wchar_t> localized_name_buffer;

--- a/chrome/credential_provider/gaiacp/gcp_utils.h
+++ b/chrome/credential_provider/gaiacp/gcp_utils.h
@@ -223,6 +223,10 @@ HRESULT GetCommandLineForEntrypoint(HINSTANCE dll_handle,
 // failure or no name is associated with the |sid|.
 HRESULT LookupLocalizedNameBySid(PSID sid, base::string16* localized_name);

+// Gets localalized name for builtin administrator account.
+HRESULT GetLocalizedNameBuiltinAdministratorAccount(
+    base::string16* builtin_localized_admin_name);
+
 // Looks up the name associated to the well known |sid_type| (if any). Returns
 // an error on any failure or no name is associated with the |sid_type|.
 HRESULT LookupLocalizedNameForWellKnownSid(WELL_KNOWN_SID_TYPE sid_type,

--- a/chrome/credential_provider/gaiacp/gem_device_details_manager.cc
+++ b/chrome/credential_provider/gaiacp/gem_device_details_manager.cc
@@ -50,6 +50,8 @@ const char kMacAddressParameterName[] = "wlan_mac_addr";
 const char kUploadDeviceDetailsResponseDeviceResourceIdParameterName[] =
    "deviceResourceId";
 const char kOsVersion[] = "os_edition";
+const char kBuiltInAdminNameParameterName[] = "built_in_admin_name";
+const char kAdminGroupNameParameterName[] = "admin_group_name";

 // Maximum number of retries if a HTTP call to the backend fails.
 constexpr unsigned int kMaxNumHttpRetries = 3;
@@ -81,9 +83,10 @@ GURL GemDeviceDetailsManager::GetGemServiceUploadDeviceDetailsUrl() {
  return gem_service_url.Resolve(kGemServiceUploadDeviceDetailsPath);
 }

-// Uploads the device details into GEM database using |access_token| for
-// authentication and authorization. The GEM service would use |serial_number|
-// and |machine_guid| for identifying the device entry in GEM database.
+// Uploads the device details into GEM database using |access_token|
+// for authentication and authorization. The GEM service would use
+// |serial_number| and |machine_guid| for identifying the device
+// entry in GEM database.
 HRESULT GemDeviceDetailsManager::UploadDeviceDetails(
    const std::string& access_token,
    const base::string16& sid,
@@ -102,6 +105,14 @@ HRESULT GemDeviceDetailsManager::UploadDeviceDetails(
  std::string version;
  GetOsVersion(&version);

+  // Extract built-in administrator and administrator group name
+  // in device locale.
+  base::string16 admin_group_name = L"";
+  hr = LookupLocalizedNameForWellKnownSid(WinBuiltinAdministratorsSid,
+                                          &admin_group_name);
+  base::string16 built_in_admin_name = L"";
+  hr = GetLocalizedNameBuiltinAdministratorAccount(&built_in_admin_name);
+
  base::Value mac_address_value_list(base::Value::Type::LIST);
  for (const std::string& mac_address : mac_addresses)
    mac_address_value_list.Append(base::Value(mac_address));
@@ -124,6 +135,9 @@ HRESULT GemDeviceDetailsManager::UploadDeviceDetails(
  request_dict_->SetKey(kMacAddressParameterName,
                        std::move(mac_address_value_list));
  request_dict_->SetStringKey(kOsVersion, version);
+  request_dict_->SetStringKey(kBuiltInAdminNameParameterName,
+                              built_in_admin_name);
+  request_dict_->SetStringKey(kAdminGroupNameParameterName, admin_group_name);

  base::string16 known_resource_id = GetUserDeviceResourceId(sid);
  if (!known_resource_id.empty()) {

--- a/chrome/credential_provider/gaiacp/mdm_utils.cc
+++ b/chrome/credential_provider/gaiacp/mdm_utils.cc
@@ -232,39 +232,6 @@ HRESULT ExtractRegistrationData(const base::Value& registration_data,
  return S_OK;
 }

-// Gets localalized name for builtin administrator account. Extracting
-// localized name for builtin administrator account requires DomainSid
-// to be passed onto the CreateWellKnownSid function unlike any other
-// WellKnownSid as per microsoft documentation. Thats why we need to first
-// extract the DomainSid (even for local accounts) and pass it as a
-// parameter to the CreateWellKnownSid function call.
-HRESULT GetLocalizedNameBuiltinAdministratorAccount(
-    base::string16* builtin_localized_admin_name) {
-  LSA_HANDLE PolicyHandle;
-  static LSA_OBJECT_ATTRIBUTES oa = {sizeof(oa)};
-  NTSTATUS status =
-      LsaOpenPolicy(0, &oa, POLICY_VIEW_LOCAL_INFORMATION, &PolicyHandle);
-  if (status >= 0) {
-    PPOLICY_ACCOUNT_DOMAIN_INFO ppadi;
-    status = LsaQueryInformationPolicy(
-        PolicyHandle, PolicyAccountDomainInformation, (void**)&ppadi);
-    if (status >= 0) {
-      BYTE well_known_sid[SECURITY_MAX_SID_SIZE];
-      DWORD size_local_users_group_sid = base::size(well_known_sid);
-      if (CreateWellKnownSid(::WinAccountAdministratorSid, ppadi->DomainSid,
-                             well_known_sid, &size_local_users_group_sid)) {
-        return LookupLocalizedNameBySid(well_known_sid,
-                                        builtin_localized_admin_name);
-      } else {
-        status = GetLastError();
-      }
-      LsaFreeMemory(ppadi);
-    }
-    LsaClose(PolicyHandle);
-  }
-  return status >= 0 ? S_OK : E_FAIL;
-}
-
 HRESULT RegisterWithGoogleDeviceManagement(const base::string16& mdm_url,
                                           const base::Value& properties) {
  // Make sure all the needed data is present in the dictionary.