mirror of
https://github.com/reactos/reactos.git
synced 2025-01-02 12:32:47 +00:00
[PSDK/LSASRV]
- Add new ntlsa.h file to the PSDK. - LsarAddPrivilegesToAccount: Implement the ability to add new privileges to an existing privilege set. svn path=/trunk/; revision=56594
This commit is contained in:
parent
d96a93f204
commit
22d062da04
3 changed files with 148 additions and 3 deletions
|
@ -733,7 +733,7 @@ NTSTATUS WINAPI LsarEnumeratePrivilegesAccount(
|
|||
/* Validate the AccountHandle */
|
||||
Status = LsapValidateDbObject(AccountHandle,
|
||||
LsaDbAccountObject,
|
||||
0,
|
||||
ACCOUNT_VIEW,
|
||||
&AccountObject);
|
||||
if (!NT_SUCCESS(Status))
|
||||
{
|
||||
|
@ -778,13 +778,18 @@ NTSTATUS WINAPI LsarAddPrivilegesToAccount(
|
|||
PLSAPR_PRIVILEGE_SET Privileges)
|
||||
{
|
||||
PLSA_DB_OBJECT AccountObject;
|
||||
PPRIVILEGE_SET CurrentPrivileges = NULL;
|
||||
PPRIVILEGE_SET NewPrivileges = NULL;
|
||||
ULONG PrivilegeSetSize = 0;
|
||||
ULONG PrivilegeCount;
|
||||
ULONG i, j;
|
||||
BOOL bFound;
|
||||
NTSTATUS Status;
|
||||
|
||||
/* Validate the AccountHandle */
|
||||
Status = LsapValidateDbObject(AccountHandle,
|
||||
LsaDbAccountObject,
|
||||
0,
|
||||
ACCOUNT_ADJUST_PRIVILEGES,
|
||||
&AccountObject);
|
||||
if (!NT_SUCCESS(Status))
|
||||
{
|
||||
|
@ -811,9 +816,108 @@ NTSTATUS WINAPI LsarAddPrivilegesToAccount(
|
|||
{
|
||||
/* The Privilgs attribute exists */
|
||||
|
||||
Status = STATUS_NOT_IMPLEMENTED;
|
||||
/* Allocate memory for the stored privilege set */
|
||||
CurrentPrivileges = MIDL_user_allocate(PrivilegeSetSize);
|
||||
if (CurrentPrivileges == NULL)
|
||||
return STATUS_NO_MEMORY;
|
||||
|
||||
/* Get the current privilege set */
|
||||
Status = LsapGetObjectAttribute(AccountObject,
|
||||
L"Privilgs",
|
||||
CurrentPrivileges,
|
||||
&PrivilegeSetSize);
|
||||
if (!NT_SUCCESS(Status))
|
||||
{
|
||||
TRACE("LsapGetObjectAttribute() failed (Status 0x%08lx)\n", Status);
|
||||
goto done;
|
||||
}
|
||||
|
||||
PrivilegeCount = CurrentPrivileges->PrivilegeCount;
|
||||
TRACE("Current privilege count: %lu\n", PrivilegeCount);
|
||||
|
||||
/* Calculate the number privileges in the combined privilege set */
|
||||
for (i = 0; i < Privileges->PrivilegeCount; i++)
|
||||
{
|
||||
bFound = FALSE;
|
||||
for (j = 0; j < CurrentPrivileges->PrivilegeCount; j++)
|
||||
{
|
||||
if (RtlEqualLuid(&(Privileges->Privilege[i].Luid),
|
||||
&(CurrentPrivileges->Privilege[i].Luid)))
|
||||
{
|
||||
bFound = TRUE;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if (bFound == FALSE)
|
||||
{
|
||||
TRACE("Found new privilege\n");
|
||||
PrivilegeCount++;
|
||||
}
|
||||
}
|
||||
TRACE("New privilege count: %lu\n", PrivilegeCount);
|
||||
|
||||
/* Calculate the size of the new privilege set and allocate it */
|
||||
PrivilegeSetSize = sizeof(PRIVILEGE_SET) +
|
||||
(PrivilegeCount - 1) * sizeof(LUID_AND_ATTRIBUTES);
|
||||
NewPrivileges = MIDL_user_allocate(PrivilegeSetSize);
|
||||
if (NewPrivileges == NULL)
|
||||
{
|
||||
Status = STATUS_NO_MEMORY;
|
||||
goto done;
|
||||
}
|
||||
|
||||
/* Initialize the new privilege set */
|
||||
NewPrivileges->PrivilegeCount = PrivilegeCount;
|
||||
NewPrivileges->Control = 0;
|
||||
|
||||
/* Copy all privileges from the current privilege set */
|
||||
RtlCopyLuidAndAttributesArray(CurrentPrivileges->PrivilegeCount,
|
||||
&(CurrentPrivileges->Privilege[0]),
|
||||
&(NewPrivileges->Privilege[0]));
|
||||
|
||||
/* Add new privileges to the new privilege set */
|
||||
PrivilegeCount = CurrentPrivileges->PrivilegeCount;
|
||||
for (i = 0; i < Privileges->PrivilegeCount; i++)
|
||||
{
|
||||
bFound = FALSE;
|
||||
for (j = 0; j < CurrentPrivileges->PrivilegeCount; j++)
|
||||
{
|
||||
if (RtlEqualLuid(&(Privileges->Privilege[i].Luid),
|
||||
&(CurrentPrivileges->Privilege[i].Luid)))
|
||||
{
|
||||
/* Overwrite attributes if a matching privilege was found */
|
||||
NewPrivileges->Privilege[j].Attributes = Privileges->Privilege[i].Attributes;
|
||||
|
||||
bFound = TRUE;
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if (bFound == FALSE)
|
||||
{
|
||||
/* Copy the new privilege */
|
||||
RtlCopyLuidAndAttributesArray(1,
|
||||
(PLUID_AND_ATTRIBUTES)&(Privileges->Privilege[i]),
|
||||
&(NewPrivileges->Privilege[PrivilegeCount]));
|
||||
PrivilegeCount++;
|
||||
}
|
||||
}
|
||||
|
||||
/* Set the new priivliege set */
|
||||
Status = LsapSetObjectAttribute(AccountObject,
|
||||
L"Privilgs",
|
||||
NewPrivileges,
|
||||
PrivilegeSetSize);
|
||||
}
|
||||
|
||||
done:
|
||||
if (CurrentPrivileges != NULL)
|
||||
MIDL_user_free(CurrentPrivileges);
|
||||
|
||||
if (NewPrivileges != NULL)
|
||||
MIDL_user_free(NewPrivileges);
|
||||
|
||||
return Status;
|
||||
}
|
||||
|
||||
|
|
|
@ -17,6 +17,7 @@
|
|||
#include <ndk/rtlfuncs.h>
|
||||
#include <ndk/setypes.h>
|
||||
|
||||
#include <ntlsa.h>
|
||||
#include <ntsecapi.h>
|
||||
#include <sddl.h>
|
||||
|
||||
|
|
40
reactos/include/psdk/ntlsa.h
Normal file
40
reactos/include/psdk/ntlsa.h
Normal file
|
@ -0,0 +1,40 @@
|
|||
/*
|
||||
* ntlsa.h
|
||||
*
|
||||
* This file is part of the ReactOS PSDK package.
|
||||
*
|
||||
* Contributors:
|
||||
* Created by Eric Kohl.
|
||||
*
|
||||
* THIS SOFTWARE IS NOT COPYRIGHTED
|
||||
*
|
||||
* This source code is offered for use in the public domain. You may
|
||||
* use, modify or distribute it freely.
|
||||
*
|
||||
* This code is distributed in the hope that it will be useful but
|
||||
* WITHOUT ANY WARRANTY. ALL WARRANTIES, EXPRESS OR IMPLIED ARE HEREBY
|
||||
* DISCLAIMED. This includes but is not limited to warranties of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
|
||||
*
|
||||
*/
|
||||
|
||||
#ifndef _NTLSA_
|
||||
#define _NTLSA_
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C" {
|
||||
#endif
|
||||
|
||||
#define ACCOUNT_VIEW 1
|
||||
#define ACCOUNT_ADJUST_PRIVILEGES 2
|
||||
#define ACCOUNT_ADJUST_QUOTAS 4
|
||||
#define ACCOUNT_ADJUST_SYSTEM_ACCESS 8
|
||||
|
||||
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
#endif /* _NTLSA_ */
|
Loading…
Reference in a new issue