reactos/dll/win32/lsasrv/privileges.c

278 lines
8.8 KiB
C
Raw Normal View History

/*
* COPYRIGHT: See COPYING in the top level directory
* PROJECT: Local Security Authority (LSA) Server
* FILE: reactos/dll/win32/lsasrv/privileges.c
* PURPOSE: Privilege lookup functions
*
* PROGRAMMERS: Eric Kohl
*/
#include "lsasrv.h"
typedef struct
{
LUID Luid;
LPCWSTR Name;
} PRIVILEGE_DATA;
typedef struct
{
ULONG Flag;
LPCWSTR Name;
} RIGHT_DATA;
/* GLOBALS *****************************************************************/
static const PRIVILEGE_DATA WellKnownPrivileges[] =
{
{{SE_CREATE_TOKEN_PRIVILEGE, 0}, SE_CREATE_TOKEN_NAME},
{{SE_ASSIGNPRIMARYTOKEN_PRIVILEGE, 0}, SE_ASSIGNPRIMARYTOKEN_NAME},
{{SE_LOCK_MEMORY_PRIVILEGE, 0}, SE_LOCK_MEMORY_NAME},
{{SE_INCREASE_QUOTA_PRIVILEGE, 0}, SE_INCREASE_QUOTA_NAME},
{{SE_MACHINE_ACCOUNT_PRIVILEGE, 0}, SE_MACHINE_ACCOUNT_NAME},
{{SE_TCB_PRIVILEGE, 0}, SE_TCB_NAME},
{{SE_SECURITY_PRIVILEGE, 0}, SE_SECURITY_NAME},
{{SE_TAKE_OWNERSHIP_PRIVILEGE, 0}, SE_TAKE_OWNERSHIP_NAME},
{{SE_LOAD_DRIVER_PRIVILEGE, 0}, SE_LOAD_DRIVER_NAME},
{{SE_SYSTEM_PROFILE_PRIVILEGE, 0}, SE_SYSTEM_PROFILE_NAME},
{{SE_SYSTEMTIME_PRIVILEGE, 0}, SE_SYSTEMTIME_NAME},
{{SE_PROF_SINGLE_PROCESS_PRIVILEGE, 0}, SE_PROF_SINGLE_PROCESS_NAME},
{{SE_INC_BASE_PRIORITY_PRIVILEGE, 0}, SE_INC_BASE_PRIORITY_NAME},
{{SE_CREATE_PAGEFILE_PRIVILEGE, 0}, SE_CREATE_PAGEFILE_NAME},
{{SE_CREATE_PERMANENT_PRIVILEGE, 0}, SE_CREATE_PERMANENT_NAME},
{{SE_BACKUP_PRIVILEGE, 0}, SE_BACKUP_NAME},
{{SE_RESTORE_PRIVILEGE, 0}, SE_RESTORE_NAME},
{{SE_SHUTDOWN_PRIVILEGE, 0}, SE_SHUTDOWN_NAME},
{{SE_DEBUG_PRIVILEGE, 0}, SE_DEBUG_NAME},
{{SE_AUDIT_PRIVILEGE, 0}, SE_AUDIT_NAME},
{{SE_SYSTEM_ENVIRONMENT_PRIVILEGE, 0}, SE_SYSTEM_ENVIRONMENT_NAME},
{{SE_CHANGE_NOTIFY_PRIVILEGE, 0}, SE_CHANGE_NOTIFY_NAME},
{{SE_REMOTE_SHUTDOWN_PRIVILEGE, 0}, SE_REMOTE_SHUTDOWN_NAME},
{{SE_UNDOCK_PRIVILEGE, 0}, SE_UNDOCK_NAME},
{{SE_SYNC_AGENT_PRIVILEGE, 0}, SE_SYNC_AGENT_NAME},
{{SE_ENABLE_DELEGATION_PRIVILEGE, 0}, SE_ENABLE_DELEGATION_NAME},
{{SE_MANAGE_VOLUME_PRIVILEGE, 0}, SE_MANAGE_VOLUME_NAME},
{{SE_IMPERSONATE_PRIVILEGE, 0}, SE_IMPERSONATE_NAME},
{{SE_CREATE_GLOBAL_PRIVILEGE, 0}, SE_CREATE_GLOBAL_NAME}
};
static const RIGHT_DATA WellKnownRights[] =
{
{SECURITY_ACCESS_INTERACTIVE_LOGON, SE_INTERACTIVE_LOGON_NAME},
{SECURITY_ACCESS_NETWORK_LOGON, SE_NETWORK_LOGON_NAME},
{SECURITY_ACCESS_BATCH_LOGON, SE_BATCH_LOGON_NAME},
{SECURITY_ACCESS_SERVICE_LOGON, SE_SERVICE_LOGON_NAME},
{SECURITY_ACCESS_DENY_INTERACTIVE_LOGON, SE_DENY_INTERACTIVE_LOGON_NAME},
{SECURITY_ACCESS_DENY_NETWORK_LOGON, SE_DENY_NETWORK_LOGON_NAME},
{SECURITY_ACCESS_DENY_BATCH_LOGON, SE_DENY_BATCH_LOGON_NAME},
{SECURITY_ACCESS_DENY_SERVICE_LOGON, SE_DENY_SERVICE_LOGON_NAME},
{SECURITY_ACCESS_REMOTE_INTERACTIVE_LOGON, SE_REMOTE_INTERACTIVE_LOGON_NAME},
{SECURITY_ACCESS_DENY_REMOTE_INTERACTIVE_LOGON, SE_DENY_REMOTE_INTERACTIVE_LOGON_NAME}
};
/* FUNCTIONS ***************************************************************/
NTSTATUS
LsarpLookupPrivilegeName(PLUID Value,
PRPC_UNICODE_STRING *Name)
{
PRPC_UNICODE_STRING NameBuffer;
ULONG Priv;
if (Value->HighPart != 0 ||
(Value->LowPart < SE_MIN_WELL_KNOWN_PRIVILEGE ||
Value->LowPart > SE_MAX_WELL_KNOWN_PRIVILEGE))
{
return STATUS_NO_SUCH_PRIVILEGE;
}
for (Priv = 0; Priv < sizeof(WellKnownPrivileges) / sizeof(WellKnownPrivileges[0]); Priv++)
{
if (Value->LowPart == WellKnownPrivileges[Priv].Luid.LowPart &&
Value->HighPart == WellKnownPrivileges[Priv].Luid.HighPart)
{
NameBuffer = MIDL_user_allocate(sizeof(RPC_UNICODE_STRING));
if (NameBuffer == NULL)
return STATUS_NO_MEMORY;
NameBuffer->Length = wcslen(WellKnownPrivileges[Priv].Name) * sizeof(WCHAR);
NameBuffer->MaximumLength = NameBuffer->Length + sizeof(WCHAR);
NameBuffer->Buffer = MIDL_user_allocate(NameBuffer->MaximumLength);
if (NameBuffer->Buffer == NULL)
{
MIDL_user_free(NameBuffer);
return STATUS_NO_MEMORY;
}
wcscpy(NameBuffer->Buffer, WellKnownPrivileges[Priv].Name);
*Name = NameBuffer;
return STATUS_SUCCESS;
}
}
return STATUS_NO_SUCH_PRIVILEGE;
}
NTSTATUS
LsarpLookupPrivilegeValue(PRPC_UNICODE_STRING Name,
PLUID Value)
{
ULONG Priv;
if (Name->Length == 0 || Name->Buffer == NULL)
return STATUS_NO_SUCH_PRIVILEGE;
for (Priv = 0; Priv < sizeof(WellKnownPrivileges) / sizeof(WellKnownPrivileges[0]); Priv++)
{
if (_wcsicmp(Name->Buffer, WellKnownPrivileges[Priv].Name) == 0)
{
*Value = WellKnownPrivileges[Priv].Luid;
return STATUS_SUCCESS;
}
}
return STATUS_NO_SUCH_PRIVILEGE;
}
NTSTATUS
LsarpEnumeratePrivileges(DWORD *EnumerationContext,
PLSAPR_PRIVILEGE_ENUM_BUFFER EnumerationBuffer,
DWORD PreferedMaximumLength)
{
PLSAPR_POLICY_PRIVILEGE_DEF Privileges = NULL;
ULONG EnumIndex;
ULONG EnumCount = 0;
ULONG RequiredLength = 0;
ULONG i;
BOOLEAN MoreEntries = FALSE;
NTSTATUS Status = STATUS_SUCCESS;
EnumIndex = *EnumerationContext;
for (; EnumIndex < sizeof(WellKnownPrivileges) / sizeof(WellKnownPrivileges[0]); EnumIndex++)
{
TRACE("EnumIndex: %lu\n", EnumIndex);
TRACE("Privilege Name: %S\n", WellKnownPrivileges[EnumIndex].Name);
TRACE("Name Length: %lu\n", wcslen(WellKnownPrivileges[EnumIndex].Name));
if ((RequiredLength +
wcslen(WellKnownPrivileges[EnumIndex].Name) * sizeof(WCHAR) +
sizeof(UNICODE_NULL) +
sizeof(LSAPR_POLICY_PRIVILEGE_DEF)) > PreferedMaximumLength)
{
MoreEntries = TRUE;
break;
}
RequiredLength += (wcslen(WellKnownPrivileges[EnumIndex].Name) * sizeof(WCHAR) +
sizeof(UNICODE_NULL) + sizeof(LSAPR_POLICY_PRIVILEGE_DEF));
EnumCount++;
}
TRACE("EnumCount: %lu\n", EnumCount);
TRACE("RequiredLength: %lu\n", RequiredLength);
if (EnumCount == 0)
goto done;
Privileges = MIDL_user_allocate(EnumCount * sizeof(LSAPR_POLICY_PRIVILEGE_DEF));
if (Privileges == NULL)
{
Status = STATUS_INSUFFICIENT_RESOURCES;
goto done;
}
EnumIndex = *EnumerationContext;
for (i = 0; i < EnumCount; i++, EnumIndex++)
{
Privileges[i].LocalValue = WellKnownPrivileges[EnumIndex].Luid;
Privileges[i].Name.Length = (USHORT)wcslen(WellKnownPrivileges[EnumIndex].Name) * sizeof(WCHAR);
Privileges[i].Name.MaximumLength = (USHORT)Privileges[i].Name.Length + sizeof(UNICODE_NULL);
Privileges[i].Name.Buffer = MIDL_user_allocate(Privileges[i].Name.MaximumLength);
if (Privileges[i].Name.Buffer == NULL)
{
Status = STATUS_INSUFFICIENT_RESOURCES;
goto done;
}
memcpy(Privileges[i].Name.Buffer,
WellKnownPrivileges[EnumIndex].Name,
Privileges[i].Name.Length);
}
done:
if (NT_SUCCESS(Status))
{
EnumerationBuffer->Entries = EnumCount;
EnumerationBuffer->Privileges = Privileges;
*EnumerationContext += EnumCount;
}
else
{
if (Privileges != NULL)
{
for (i = 0; i < EnumCount; i++)
{
if (Privileges[i].Name.Buffer != NULL)
MIDL_user_free(Privileges[i].Name.Buffer);
}
MIDL_user_free(Privileges);
}
}
if ((Status == STATUS_SUCCESS) && (MoreEntries == TRUE))
Status = STATUS_MORE_ENTRIES;
return Status;
}
NTSTATUS
LsapLookupAccountRightName(ULONG RightValue,
PRPC_UNICODE_STRING *Name)
{
PRPC_UNICODE_STRING NameBuffer;
ULONG i;
for (i = 0; i < sizeof(WellKnownRights) / sizeof(WellKnownRights[0]); i++)
{
if (WellKnownRights[i].Flag == RightValue)
{
NameBuffer = MIDL_user_allocate(sizeof(RPC_UNICODE_STRING));
if (NameBuffer == NULL)
return STATUS_NO_MEMORY;
NameBuffer->Length = wcslen(WellKnownRights[i].Name) * sizeof(WCHAR);
NameBuffer->MaximumLength = NameBuffer->Length + sizeof(WCHAR);
NameBuffer->Buffer = MIDL_user_allocate(NameBuffer->MaximumLength);
if (NameBuffer->Buffer == NULL)
{
MIDL_user_free(NameBuffer);
return STATUS_INSUFFICIENT_RESOURCES;
}
wcscpy(NameBuffer->Buffer, WellKnownRights[i].Name);
*Name = NameBuffer;
return STATUS_SUCCESS;
}
}
return STATUS_NO_SUCH_PRIVILEGE;
}
/* EOF */