Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2025-01-02 12:32:47 +00:00
Code Issues Projects Releases Packages Wiki Activity

[PSDK/LSASRV]

Browse source 
- Add new ntlsa.h file to the PSDK.
- LsarAddPrivilegesToAccount: Implement the ability to add new privileges to an existing privilege set.

svn path=/trunk/; revision=56594
This commit is contained in:
Eric Kohl 2012-05-17 12:02:50 +00:00
parent d96a93f204
commit 22d062da04
3 changed files with 148 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

110
reactos/dll/win32/lsasrv/lsarpc.c
View file

@ -733,7 +733,7 @@ NTSTATUS WINAPI LsarEnumeratePrivilegesAccount(
/* Validate the AccountHandle */ /* Validate the AccountHandle */
Status = LsapValidateDbObject(AccountHandle, Status = LsapValidateDbObject(AccountHandle,
LsaDbAccountObject, LsaDbAccountObject,
0, ACCOUNT_VIEW,
&AccountObject); &AccountObject);
if (!NT_SUCCESS(Status)) if (!NT_SUCCESS(Status))
{ {
@ -778,13 +778,18 @@ NTSTATUS WINAPI LsarAddPrivilegesToAccount(
PLSAPR_PRIVILEGE_SET Privileges) PLSAPR_PRIVILEGE_SET Privileges)
{ {
PLSA_DB_OBJECT AccountObject; PLSA_DB_OBJECT AccountObject;
PPRIVILEGE_SET CurrentPrivileges = NULL;
PPRIVILEGE_SET NewPrivileges = NULL;
ULONG PrivilegeSetSize = 0; ULONG PrivilegeSetSize = 0;
ULONG PrivilegeCount;
ULONG i, j;
BOOL bFound;
NTSTATUS Status; NTSTATUS Status;
/* Validate the AccountHandle */ /* Validate the AccountHandle */
Status = LsapValidateDbObject(AccountHandle, Status = LsapValidateDbObject(AccountHandle,
LsaDbAccountObject, LsaDbAccountObject,
0, ACCOUNT_ADJUST_PRIVILEGES,
&AccountObject); &AccountObject);
if (!NT_SUCCESS(Status)) if (!NT_SUCCESS(Status))
{ {
@ -811,9 +816,108 @@ NTSTATUS WINAPI LsarAddPrivilegesToAccount(
{ {
/* The Privilgs attribute exists */ /* The Privilgs attribute exists */
Status = STATUS_NOT_IMPLEMENTED; /* Allocate memory for the stored privilege set */
CurrentPrivileges = MIDL_user_allocate(PrivilegeSetSize);
if (CurrentPrivileges == NULL)
return STATUS_NO_MEMORY;
/* Get the current privilege set */
Status = LsapGetObjectAttribute(AccountObject,
L"Privilgs",
CurrentPrivileges,
&PrivilegeSetSize);
if (!NT_SUCCESS(Status))
{
TRACE("LsapGetObjectAttribute() failed (Status 0x%08lx)\n", Status);
goto done;
}
PrivilegeCount = CurrentPrivileges->PrivilegeCount;
TRACE("Current privilege count: %lu\n", PrivilegeCount);
/* Calculate the number privileges in the combined privilege set */
for (i = 0; i < Privileges->PrivilegeCount; i++)
{
bFound = FALSE;
for (j = 0; j < CurrentPrivileges->PrivilegeCount; j++)
{
if (RtlEqualLuid(&(Privileges->Privilege[i].Luid),
&(CurrentPrivileges->Privilege[i].Luid)))
{
bFound = TRUE;
break;
}
}
if (bFound == FALSE)
{
TRACE("Found new privilege\n");
PrivilegeCount++;
}
}
TRACE("New privilege count: %lu\n", PrivilegeCount);
/* Calculate the size of the new privilege set and allocate it */
PrivilegeSetSize = sizeof(PRIVILEGE_SET) +
(PrivilegeCount - 1) * sizeof(LUID_AND_ATTRIBUTES);
NewPrivileges = MIDL_user_allocate(PrivilegeSetSize);
if (NewPrivileges == NULL)
{
Status = STATUS_NO_MEMORY;
goto done;
}
/* Initialize the new privilege set */
NewPrivileges->PrivilegeCount = PrivilegeCount;
NewPrivileges->Control = 0;
/* Copy all privileges from the current privilege set */
RtlCopyLuidAndAttributesArray(CurrentPrivileges->PrivilegeCount,
&(CurrentPrivileges->Privilege[0]),
&(NewPrivileges->Privilege[0]));
/* Add new privileges to the new privilege set */
PrivilegeCount = CurrentPrivileges->PrivilegeCount;
for (i = 0; i < Privileges->PrivilegeCount; i++)
{
bFound = FALSE;
for (j = 0; j < CurrentPrivileges->PrivilegeCount; j++)
{
if (RtlEqualLuid(&(Privileges->Privilege[i].Luid),
&(CurrentPrivileges->Privilege[i].Luid)))
{
/* Overwrite attributes if a matching privilege was found */
NewPrivileges->Privilege[j].Attributes = Privileges->Privilege[i].Attributes;
bFound = TRUE;
break;
}
}
if (bFound == FALSE)
{
/* Copy the new privilege */
RtlCopyLuidAndAttributesArray(1,
(PLUID_AND_ATTRIBUTES)&(Privileges->Privilege[i]),
&(NewPrivileges->Privilege[PrivilegeCount]));
PrivilegeCount++;
}
}
/* Set the new priivliege set */
Status = LsapSetObjectAttribute(AccountObject,
L"Privilgs",
NewPrivileges,
PrivilegeSetSize);
} }
done:
if (CurrentPrivileges != NULL)
MIDL_user_free(CurrentPrivileges);
if (NewPrivileges != NULL)
MIDL_user_free(NewPrivileges);
return Status; return Status;
} }

1
reactos/dll/win32/lsasrv/lsasrv.h
View file

@ -17,6 +17,7 @@
#include <ndk/rtlfuncs.h> #include <ndk/rtlfuncs.h>
#include <ndk/setypes.h> #include <ndk/setypes.h>
#include <ntlsa.h>
#include <ntsecapi.h> #include <ntsecapi.h>
#include <sddl.h> #include <sddl.h>

40
reactos/include/psdk/ntlsa.h Normal file
View file

@ -0,0 +1,40 @@
/*
* ntlsa.h
*
* This file is part of the ReactOS PSDK package.
*
* Contributors:
* Created by Eric Kohl.
*
* THIS SOFTWARE IS NOT COPYRIGHTED
*
* This source code is offered for use in the public domain. You may
* use, modify or distribute it freely.
*
* This code is distributed in the hope that it will be useful but
* WITHOUT ANY WARRANTY. ALL WARRANTIES, EXPRESS OR IMPLIED ARE HEREBY
* DISCLAIMED. This includes but is not limited to warranties of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
*
*/
#ifndef _NTLSA_
#define _NTLSA_
#ifdef __cplusplus
extern "C" {
#endif
#define ACCOUNT_VIEW 1
#define ACCOUNT_ADJUST_PRIVILEGES 2
#define ACCOUNT_ADJUST_QUOTAS 4
#define ACCOUNT_ADJUST_SYSTEM_ACCESS 8
#ifdef __cplusplus
}
#endif
#endif /* _NTLSA_ */