mirror of
https://github.com/reactos/reactos.git
synced 2024-12-30 19:14:31 +00:00
[LSA]
- Implement the LSA object database. - Implement the information classes PolicyPrimaryDomainInformation and PolicyAccountDomainInformation of LsarSetInformationPolicy(). svn path=/trunk/; revision=53783
This commit is contained in:
parent
0194a753c7
commit
2454366c35
9 changed files with 754 additions and 98 deletions
|
@ -12,8 +12,10 @@ spec2def(lsasrv.dll lsasrv.spec)
|
|||
|
||||
list(APPEND SOURCE
|
||||
authport.c
|
||||
database.c
|
||||
lsarpc.c
|
||||
lsasrv.c
|
||||
policy.c
|
||||
privileges.c
|
||||
sids.c
|
||||
lsasrv.rc
|
||||
|
|
476
reactos/dll/win32/lsasrv/database.c
Normal file
476
reactos/dll/win32/lsasrv/database.c
Normal file
|
@ -0,0 +1,476 @@
|
|||
/*
|
||||
* PROJECT: Local Security Authority Server DLL
|
||||
* LICENSE: GPL - See COPYING in the top level directory
|
||||
* FILE: dll/win32/lsasrv/database.c
|
||||
* PURPOSE: LSA object database
|
||||
* COPYRIGHT: Copyright 2011 Eric Kohl
|
||||
*/
|
||||
|
||||
/* INCLUDES ****************************************************************/
|
||||
|
||||
#include "lsasrv.h"
|
||||
|
||||
WINE_DEFAULT_DEBUG_CHANNEL(lsasrv);
|
||||
|
||||
|
||||
/* GLOBALS *****************************************************************/
|
||||
|
||||
static HANDLE SecurityKeyHandle = NULL;
|
||||
|
||||
|
||||
/* FUNCTIONS ***************************************************************/
|
||||
|
||||
static NTSTATUS
|
||||
LsapOpenServiceKey(VOID)
|
||||
{
|
||||
OBJECT_ATTRIBUTES ObjectAttributes;
|
||||
UNICODE_STRING KeyName;
|
||||
NTSTATUS Status;
|
||||
|
||||
RtlInitUnicodeString(&KeyName,
|
||||
L"\\Registry\\Machine\\SECURITY");
|
||||
|
||||
InitializeObjectAttributes(&ObjectAttributes,
|
||||
&KeyName,
|
||||
OBJ_CASE_INSENSITIVE,
|
||||
NULL,
|
||||
NULL);
|
||||
|
||||
Status = RtlpNtOpenKey(&SecurityKeyHandle,
|
||||
KEY_READ | KEY_CREATE_SUB_KEY | KEY_ENUMERATE_SUB_KEYS,
|
||||
&ObjectAttributes,
|
||||
0);
|
||||
|
||||
return Status;
|
||||
}
|
||||
|
||||
|
||||
static BOOLEAN
|
||||
LsapIsDatabaseInstalled(VOID)
|
||||
{
|
||||
OBJECT_ATTRIBUTES ObjectAttributes;
|
||||
UNICODE_STRING KeyName;
|
||||
HANDLE KeyHandle;
|
||||
NTSTATUS Status;
|
||||
|
||||
RtlInitUnicodeString(&KeyName,
|
||||
L"Policy");
|
||||
|
||||
InitializeObjectAttributes(&ObjectAttributes,
|
||||
&KeyName,
|
||||
OBJ_CASE_INSENSITIVE,
|
||||
SecurityKeyHandle,
|
||||
NULL);
|
||||
|
||||
Status = RtlpNtOpenKey(&KeyHandle,
|
||||
KEY_READ,
|
||||
&ObjectAttributes,
|
||||
0);
|
||||
if (!NT_SUCCESS(Status))
|
||||
return FALSE;
|
||||
|
||||
NtClose(KeyHandle);
|
||||
|
||||
return TRUE;
|
||||
}
|
||||
|
||||
|
||||
static NTSTATUS
|
||||
LsapInstallDatabase(VOID)
|
||||
{
|
||||
OBJECT_ATTRIBUTES ObjectAttributes;
|
||||
UNICODE_STRING KeyName;
|
||||
HANDLE PolicyKeyHandle = NULL;
|
||||
HANDLE AccountsKeyHandle = NULL;
|
||||
HANDLE DomainsKeyHandle = NULL;
|
||||
HANDLE SecretsKeyHandle = NULL;
|
||||
NTSTATUS Status = STATUS_SUCCESS;
|
||||
|
||||
TRACE("LsapInstallDatabase()\n");
|
||||
|
||||
/* Create the 'Policy' key */
|
||||
RtlInitUnicodeString(&KeyName,
|
||||
L"Policy");
|
||||
|
||||
InitializeObjectAttributes(&ObjectAttributes,
|
||||
&KeyName,
|
||||
OBJ_CASE_INSENSITIVE,
|
||||
SecurityKeyHandle,
|
||||
NULL);
|
||||
|
||||
Status = NtCreateKey(&PolicyKeyHandle,
|
||||
KEY_ALL_ACCESS,
|
||||
&ObjectAttributes,
|
||||
0,
|
||||
NULL,
|
||||
0,
|
||||
NULL);
|
||||
if (!NT_SUCCESS(Status))
|
||||
{
|
||||
ERR("Failed to create the 'Policy' key (Status: 0x%08lx)\n", Status);
|
||||
goto Done;
|
||||
}
|
||||
|
||||
/* Create the 'Accounts' key */
|
||||
RtlInitUnicodeString(&KeyName,
|
||||
L"Accounts");
|
||||
|
||||
InitializeObjectAttributes(&ObjectAttributes,
|
||||
&KeyName,
|
||||
OBJ_CASE_INSENSITIVE,
|
||||
PolicyKeyHandle,
|
||||
NULL);
|
||||
|
||||
Status = NtCreateKey(&AccountsKeyHandle,
|
||||
KEY_ALL_ACCESS,
|
||||
&ObjectAttributes,
|
||||
0,
|
||||
NULL,
|
||||
0,
|
||||
NULL);
|
||||
if (!NT_SUCCESS(Status))
|
||||
{
|
||||
ERR("Failed to create the 'Accounts' key (Status: 0x%08lx)\n", Status);
|
||||
goto Done;
|
||||
}
|
||||
|
||||
/* Create the 'Domains' key */
|
||||
RtlInitUnicodeString(&KeyName,
|
||||
L"Domains");
|
||||
|
||||
InitializeObjectAttributes(&ObjectAttributes,
|
||||
&KeyName,
|
||||
OBJ_CASE_INSENSITIVE,
|
||||
PolicyKeyHandle,
|
||||
NULL);
|
||||
|
||||
Status = NtCreateKey(&DomainsKeyHandle,
|
||||
KEY_ALL_ACCESS,
|
||||
&ObjectAttributes,
|
||||
0,
|
||||
NULL,
|
||||
0,
|
||||
NULL);
|
||||
if (!NT_SUCCESS(Status))
|
||||
{
|
||||
ERR("Failed to create the 'Domains' key (Status: 0x%08lx)\n", Status);
|
||||
goto Done;
|
||||
}
|
||||
|
||||
/* Create the 'Secrets' key */
|
||||
RtlInitUnicodeString(&KeyName,
|
||||
L"Secrets");
|
||||
|
||||
InitializeObjectAttributes(&ObjectAttributes,
|
||||
&KeyName,
|
||||
OBJ_CASE_INSENSITIVE,
|
||||
PolicyKeyHandle,
|
||||
NULL);
|
||||
|
||||
Status = NtCreateKey(&SecretsKeyHandle,
|
||||
KEY_ALL_ACCESS,
|
||||
&ObjectAttributes,
|
||||
0,
|
||||
NULL,
|
||||
0,
|
||||
NULL);
|
||||
if (!NT_SUCCESS(Status))
|
||||
{
|
||||
ERR("Failed to create the 'Secrets' key (Status: 0x%08lx)\n", Status);
|
||||
goto Done;
|
||||
}
|
||||
|
||||
|
||||
Done:
|
||||
if (SecretsKeyHandle != NULL)
|
||||
NtClose(SecretsKeyHandle);
|
||||
|
||||
if (DomainsKeyHandle != NULL)
|
||||
NtClose(DomainsKeyHandle);
|
||||
|
||||
if (AccountsKeyHandle != NULL)
|
||||
NtClose(AccountsKeyHandle);
|
||||
|
||||
if (PolicyKeyHandle != NULL)
|
||||
NtClose(PolicyKeyHandle);
|
||||
|
||||
TRACE("LsapInstallDatabase() done (Status: 0x%08lx)\n", Status);
|
||||
|
||||
return Status;
|
||||
}
|
||||
|
||||
|
||||
NTSTATUS
|
||||
LsapInitDatabase(VOID)
|
||||
{
|
||||
NTSTATUS Status;
|
||||
|
||||
TRACE("LsapInitDatabase()\n");
|
||||
|
||||
Status = LsapOpenServiceKey();
|
||||
if (!NT_SUCCESS(Status))
|
||||
{
|
||||
ERR("Failed to open the service key (Status: 0x%08lx)\n", Status);
|
||||
return Status;
|
||||
}
|
||||
|
||||
if (!LsapIsDatabaseInstalled())
|
||||
{
|
||||
Status = LsapInstallDatabase();
|
||||
if (!NT_SUCCESS(Status))
|
||||
{
|
||||
ERR("Failed to install the LSA database (Status: 0x%08lx)\n", Status);
|
||||
return Status;
|
||||
}
|
||||
}
|
||||
|
||||
TRACE("LsapInitDatabase() done\n");
|
||||
|
||||
return STATUS_SUCCESS;
|
||||
}
|
||||
|
||||
|
||||
LSAPR_HANDLE
|
||||
LsapCreateDbObject(LSAPR_HANDLE ParentHandle,
|
||||
LPWSTR ObjectName,
|
||||
BOOLEAN Open,
|
||||
LSA_DB_OBJECT_TYPE ObjectType,
|
||||
ACCESS_MASK DesiredAccess)
|
||||
{
|
||||
PLSA_DB_OBJECT ParentObject = (PLSA_DB_OBJECT)ParentHandle;
|
||||
PLSA_DB_OBJECT DbObject;
|
||||
OBJECT_ATTRIBUTES ObjectAttributes;
|
||||
UNICODE_STRING KeyName;
|
||||
HANDLE ParentKeyHandle;
|
||||
HANDLE ObjectKeyHandle;
|
||||
NTSTATUS Status;
|
||||
|
||||
if (ParentHandle != NULL)
|
||||
ParentKeyHandle = ParentObject->KeyHandle;
|
||||
else
|
||||
ParentKeyHandle = SecurityKeyHandle;
|
||||
|
||||
RtlInitUnicodeString(&KeyName,
|
||||
ObjectName);
|
||||
|
||||
InitializeObjectAttributes(&ObjectAttributes,
|
||||
&KeyName,
|
||||
OBJ_CASE_INSENSITIVE,
|
||||
ParentKeyHandle,
|
||||
NULL);
|
||||
|
||||
if (Open == TRUE)
|
||||
{
|
||||
Status = NtOpenKey(&ObjectKeyHandle,
|
||||
KEY_ALL_ACCESS,
|
||||
&ObjectAttributes);
|
||||
}
|
||||
else
|
||||
{
|
||||
Status = NtCreateKey(&ObjectKeyHandle,
|
||||
KEY_ALL_ACCESS,
|
||||
&ObjectAttributes,
|
||||
0,
|
||||
NULL,
|
||||
0,
|
||||
NULL);
|
||||
}
|
||||
|
||||
if (!NT_SUCCESS(Status))
|
||||
{
|
||||
return NULL;
|
||||
}
|
||||
|
||||
DbObject = (PLSA_DB_OBJECT)RtlAllocateHeap(RtlGetProcessHeap(),
|
||||
0,
|
||||
sizeof(LSA_DB_OBJECT));
|
||||
if (DbObject == NULL)
|
||||
{
|
||||
NtClose(ObjectKeyHandle);
|
||||
return NULL;
|
||||
}
|
||||
|
||||
DbObject->Signature = LSAP_DB_SIGNATURE;
|
||||
DbObject->RefCount = 0;
|
||||
DbObject->ObjectType = ObjectType;
|
||||
DbObject->Access = DesiredAccess;
|
||||
DbObject->KeyHandle = ObjectKeyHandle;
|
||||
DbObject->ParentObject = ParentObject;
|
||||
|
||||
if (ParentObject != NULL)
|
||||
ParentObject->RefCount++;
|
||||
|
||||
return (LSAPR_HANDLE)DbObject;
|
||||
}
|
||||
|
||||
|
||||
NTSTATUS
|
||||
LsapValidateDbObject(LSAPR_HANDLE Handle,
|
||||
LSA_DB_OBJECT_TYPE ObjectType,
|
||||
ACCESS_MASK GrantedAccess)
|
||||
{
|
||||
PLSA_DB_OBJECT DbObject = (PLSA_DB_OBJECT)Handle;
|
||||
BOOLEAN bValid = FALSE;
|
||||
|
||||
_SEH2_TRY
|
||||
{
|
||||
if (DbObject->Signature == LSAP_DB_SIGNATURE)
|
||||
{
|
||||
if ((ObjectType == LsaDbIgnoreObject) ||
|
||||
(DbObject->ObjectType == ObjectType))
|
||||
bValid = TRUE;
|
||||
}
|
||||
}
|
||||
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
|
||||
{
|
||||
bValid = FALSE;
|
||||
}
|
||||
_SEH2_END;
|
||||
|
||||
if (bValid == FALSE)
|
||||
return STATUS_INVALID_HANDLE;
|
||||
|
||||
if (GrantedAccess != 0)
|
||||
{
|
||||
/* FIXME: Check for granted access rights */
|
||||
}
|
||||
|
||||
return STATUS_SUCCESS;
|
||||
}
|
||||
|
||||
|
||||
NTSTATUS
|
||||
LsapCloseDbObject(LSAPR_HANDLE Handle)
|
||||
{
|
||||
PLSA_DB_OBJECT DbObject = (PLSA_DB_OBJECT)Handle;
|
||||
|
||||
if (DbObject->RefCount != 0)
|
||||
return STATUS_UNSUCCESSFUL;
|
||||
|
||||
if (DbObject->ParentObject != NULL)
|
||||
DbObject->ParentObject->RefCount--;
|
||||
|
||||
if (DbObject->KeyHandle != NULL)
|
||||
NtClose(DbObject->KeyHandle);
|
||||
|
||||
RtlFreeHeap(RtlGetProcessHeap(), 0, DbObject);
|
||||
|
||||
return STATUS_SUCCESS;
|
||||
}
|
||||
|
||||
|
||||
NTSTATUS
|
||||
LsapSetObjectAttribute(PLSA_DB_OBJECT DbObject,
|
||||
LPWSTR AttributeName,
|
||||
LPVOID AttributeData,
|
||||
ULONG AttributeSize)
|
||||
{
|
||||
OBJECT_ATTRIBUTES ObjectAttributes;
|
||||
UNICODE_STRING KeyName;
|
||||
HANDLE AttributeKey;
|
||||
NTSTATUS Status;
|
||||
|
||||
RtlInitUnicodeString(&KeyName,
|
||||
AttributeName);
|
||||
|
||||
InitializeObjectAttributes(&ObjectAttributes,
|
||||
&KeyName,
|
||||
OBJ_CASE_INSENSITIVE,
|
||||
DbObject->KeyHandle,
|
||||
NULL);
|
||||
|
||||
Status = NtCreateKey(&AttributeKey,
|
||||
KEY_SET_VALUE,
|
||||
&ObjectAttributes,
|
||||
0,
|
||||
NULL,
|
||||
REG_OPTION_NON_VOLATILE,
|
||||
NULL);
|
||||
if (!NT_SUCCESS(Status))
|
||||
{
|
||||
|
||||
return Status;
|
||||
}
|
||||
|
||||
Status = RtlpNtSetValueKey(AttributeKey,
|
||||
REG_NONE,
|
||||
AttributeData,
|
||||
AttributeSize);
|
||||
|
||||
NtClose(AttributeKey);
|
||||
|
||||
return Status;
|
||||
}
|
||||
|
||||
|
||||
NTSTATUS
|
||||
LsapGetObjectAttribute(PLSA_DB_OBJECT DbObject,
|
||||
LPWSTR AttributeName,
|
||||
LPVOID AttributeData,
|
||||
PULONG AttributeSize)
|
||||
{
|
||||
OBJECT_ATTRIBUTES ObjectAttributes;
|
||||
UNICODE_STRING KeyName;
|
||||
HANDLE AttributeKey;
|
||||
ULONG ValueSize;
|
||||
NTSTATUS Status;
|
||||
|
||||
RtlInitUnicodeString(&KeyName,
|
||||
AttributeName);
|
||||
|
||||
InitializeObjectAttributes(&ObjectAttributes,
|
||||
&KeyName,
|
||||
OBJ_CASE_INSENSITIVE,
|
||||
DbObject->KeyHandle,
|
||||
NULL);
|
||||
|
||||
Status = NtOpenKey(&AttributeKey,
|
||||
KEY_QUERY_VALUE,
|
||||
&ObjectAttributes);
|
||||
if (!NT_SUCCESS(Status))
|
||||
{
|
||||
return Status;
|
||||
}
|
||||
|
||||
ValueSize = *AttributeSize;
|
||||
Status = RtlpNtQueryValueKey(AttributeKey,
|
||||
NULL,
|
||||
NULL,
|
||||
&ValueSize,
|
||||
0);
|
||||
if (!NT_SUCCESS(Status) && Status != STATUS_BUFFER_OVERFLOW)
|
||||
{
|
||||
goto Done;
|
||||
}
|
||||
|
||||
if (AttributeData == NULL || *AttributeSize == 0)
|
||||
{
|
||||
*AttributeSize = ValueSize;
|
||||
Status == STATUS_SUCCESS;
|
||||
goto Done;
|
||||
}
|
||||
else if (*AttributeSize < ValueSize)
|
||||
{
|
||||
*AttributeSize = ValueSize;
|
||||
Status == STATUS_BUFFER_OVERFLOW;
|
||||
goto Done;
|
||||
}
|
||||
|
||||
Status = RtlpNtQueryValueKey(AttributeKey,
|
||||
NULL,
|
||||
AttributeData,
|
||||
&ValueSize,
|
||||
0);
|
||||
if (NT_SUCCESS(Status))
|
||||
{
|
||||
*AttributeSize = ValueSize;
|
||||
}
|
||||
|
||||
Done:
|
||||
NtClose(AttributeKey);
|
||||
|
||||
return Status;
|
||||
}
|
||||
|
||||
/* EOF */
|
||||
|
|
@ -11,22 +11,6 @@
|
|||
|
||||
#include "lsasrv.h"
|
||||
|
||||
typedef enum _LSA_DB_HANDLE_TYPE
|
||||
{
|
||||
LsaDbIgnoreHandle,
|
||||
LsaDbPolicyHandle,
|
||||
LsaDbAccountHandle
|
||||
} LSA_DB_HANDLE_TYPE, *PLSA_DB_HANDLE_TYPE;
|
||||
|
||||
typedef struct _LSA_DB_HANDLE
|
||||
{
|
||||
ULONG Signature;
|
||||
LSA_DB_HANDLE_TYPE HandleType;
|
||||
LONG RefCount;
|
||||
ACCESS_MASK Access;
|
||||
} LSA_DB_HANDLE, *PLSA_DB_HANDLE;
|
||||
|
||||
#define LSAP_DB_SIGNATURE 0x12345678
|
||||
|
||||
static RTL_CRITICAL_SECTION PolicyHandleTableLock;
|
||||
|
||||
|
@ -35,68 +19,6 @@ WINE_DEFAULT_DEBUG_CHANNEL(lsasrv);
|
|||
|
||||
/* FUNCTIONS ***************************************************************/
|
||||
|
||||
static LSAPR_HANDLE
|
||||
LsapCreateDbHandle(LSA_DB_HANDLE_TYPE HandleType,
|
||||
ACCESS_MASK DesiredAccess)
|
||||
{
|
||||
PLSA_DB_HANDLE DbHandle;
|
||||
|
||||
// RtlEnterCriticalSection(&PolicyHandleTableLock);
|
||||
|
||||
DbHandle = (PLSA_DB_HANDLE)RtlAllocateHeap(RtlGetProcessHeap(),
|
||||
0,
|
||||
sizeof(LSA_DB_HANDLE));
|
||||
if (DbHandle != NULL)
|
||||
{
|
||||
DbHandle->Signature = LSAP_DB_SIGNATURE;
|
||||
DbHandle->RefCount = 1;
|
||||
DbHandle->HandleType = HandleType;
|
||||
DbHandle->Access = DesiredAccess;
|
||||
}
|
||||
|
||||
// RtlLeaveCriticalSection(&PolicyHandleTableLock);
|
||||
|
||||
return (LSAPR_HANDLE)DbHandle;
|
||||
}
|
||||
|
||||
|
||||
static NTSTATUS
|
||||
LsapValidateDbHandle(LSAPR_HANDLE Handle,
|
||||
LSA_DB_HANDLE_TYPE HandleType,
|
||||
ACCESS_MASK GrantedAccess)
|
||||
{
|
||||
PLSA_DB_HANDLE DbHandle = (PLSA_DB_HANDLE)Handle;
|
||||
BOOL bValid = FALSE;
|
||||
|
||||
_SEH2_TRY
|
||||
{
|
||||
if (DbHandle->Signature == LSAP_DB_SIGNATURE)
|
||||
{
|
||||
if (HandleType == LsaDbIgnoreHandle)
|
||||
bValid = TRUE;
|
||||
else if (DbHandle->HandleType == HandleType)
|
||||
bValid = TRUE;
|
||||
}
|
||||
}
|
||||
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
|
||||
{
|
||||
bValid = FALSE;
|
||||
}
|
||||
_SEH2_END;
|
||||
|
||||
if (bValid == FALSE)
|
||||
return STATUS_INVALID_HANDLE;
|
||||
|
||||
if (GrantedAccess != 0)
|
||||
{
|
||||
/* FIXME: Check for granted access rights */
|
||||
}
|
||||
|
||||
return STATUS_SUCCESS;
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
VOID
|
||||
LsarStartRpcServer(VOID)
|
||||
|
@ -153,13 +75,12 @@ NTSTATUS WINAPI LsarClose(
|
|||
|
||||
// RtlEnterCriticalSection(&PolicyHandleTableLock);
|
||||
|
||||
Status = LsapValidateDbHandle(*ObjectHandle,
|
||||
LsaDbIgnoreHandle,
|
||||
Status = LsapValidateDbObject(*ObjectHandle,
|
||||
LsaDbIgnoreObject,
|
||||
0);
|
||||
|
||||
if (Status == STATUS_SUCCESS)
|
||||
{
|
||||
RtlFreeHeap(RtlGetProcessHeap(), 0, *ObjectHandle);
|
||||
Status = LsapCloseDbObject(*ObjectHandle);
|
||||
*ObjectHandle = NULL;
|
||||
}
|
||||
|
||||
|
@ -239,7 +160,10 @@ NTSTATUS WINAPI LsarOpenPolicy(
|
|||
|
||||
RtlEnterCriticalSection(&PolicyHandleTableLock);
|
||||
|
||||
*PolicyHandle = LsapCreateDbHandle(LsaDbPolicyHandle,
|
||||
*PolicyHandle = LsapCreateDbObject(NULL,
|
||||
L"Policy",
|
||||
TRUE,
|
||||
LsaDbPolicyObject,
|
||||
DesiredAccess);
|
||||
if (*PolicyHandle == NULL)
|
||||
Status = STATUS_INSUFFICIENT_RESOURCES;
|
||||
|
@ -268,8 +192,8 @@ NTSTATUS WINAPI LsarQueryInformationPolicy(
|
|||
TRACE("*PolicyInformation %p\n", *PolicyInformation);
|
||||
}
|
||||
|
||||
Status = LsapValidateDbHandle(PolicyHandle,
|
||||
LsaDbPolicyHandle,
|
||||
Status = LsapValidateDbObject(PolicyHandle,
|
||||
LsaDbPolicyObject,
|
||||
0); /* FIXME */
|
||||
if (!NT_SUCCESS(Status))
|
||||
return Status;
|
||||
|
@ -409,8 +333,53 @@ NTSTATUS WINAPI LsarSetInformationPolicy(
|
|||
POLICY_INFORMATION_CLASS InformationClass,
|
||||
PLSAPR_POLICY_INFORMATION PolicyInformation)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
return STATUS_NOT_IMPLEMENTED;
|
||||
NTSTATUS Status;
|
||||
|
||||
TRACE("LsarSetInformationPolicy(%p,0x%08x,%p)\n",
|
||||
PolicyHandle, InformationClass, PolicyInformation);
|
||||
|
||||
if (PolicyInformation)
|
||||
{
|
||||
TRACE("*PolicyInformation %p\n", *PolicyInformation);
|
||||
}
|
||||
|
||||
Status = LsapValidateDbObject(PolicyHandle,
|
||||
LsaDbPolicyObject,
|
||||
0); /* FIXME */
|
||||
if (!NT_SUCCESS(Status))
|
||||
return Status;
|
||||
|
||||
switch (InformationClass)
|
||||
{
|
||||
case PolicyAuditEventsInformation:
|
||||
Status = STATUS_NOT_IMPLEMENTED;
|
||||
break;
|
||||
|
||||
case PolicyPrimaryDomainInformation:
|
||||
Status = LsarSetPrimaryDomain(PolicyHandle,
|
||||
(PLSAPR_POLICY_PRIMARY_DOM_INFO)PolicyInformation);
|
||||
break;
|
||||
|
||||
case PolicyAccountDomainInformation:
|
||||
Status = LsarSetAccountDomain(PolicyHandle,
|
||||
(PLSAPR_POLICY_ACCOUNT_DOM_INFO)PolicyInformation);
|
||||
break;
|
||||
|
||||
case PolicyDnsDomainInformation:
|
||||
Status = LsarSetDnsDomain(PolicyHandle,
|
||||
(PLSAPR_POLICY_DNS_DOMAIN_INFO)PolicyInformation);
|
||||
break;
|
||||
|
||||
case PolicyLsaServerRoleInformation:
|
||||
Status = STATUS_NOT_IMPLEMENTED;
|
||||
break;
|
||||
|
||||
default:
|
||||
Status = STATUS_INVALID_PARAMETER;
|
||||
break;
|
||||
}
|
||||
|
||||
return Status;
|
||||
}
|
||||
|
||||
|
||||
|
@ -838,8 +807,8 @@ NTSTATUS WINAPI LsarLookupPrivilegeValue(
|
|||
TRACE("LsarLookupPrivilegeValue(%p, %wZ, %p)\n",
|
||||
PolicyHandle, Name, Value);
|
||||
|
||||
Status = LsapValidateDbHandle(PolicyHandle,
|
||||
LsaDbPolicyHandle,
|
||||
Status = LsapValidateDbObject(PolicyHandle,
|
||||
LsaDbPolicyObject,
|
||||
0); /* FIXME */
|
||||
if (!NT_SUCCESS(Status))
|
||||
{
|
||||
|
@ -867,8 +836,8 @@ NTSTATUS WINAPI LsarLookupPrivilegeName(
|
|||
TRACE("LsarLookupPrivilegeName(%p, %p, %p)\n",
|
||||
PolicyHandle, Value, Name);
|
||||
|
||||
Status = LsapValidateDbHandle(PolicyHandle,
|
||||
LsaDbPolicyHandle,
|
||||
Status = LsapValidateDbObject(PolicyHandle,
|
||||
LsaDbPolicyObject,
|
||||
0); /* FIXME */
|
||||
if (!NT_SUCCESS(Status))
|
||||
{
|
||||
|
@ -926,8 +895,8 @@ NTSTATUS WINAPI LsarEnmuerateAccountRights(
|
|||
|
||||
FIXME("(%p,%p,%p) stub\n", PolicyHandle, AccountSid, UserRights);
|
||||
|
||||
Status = LsapValidateDbHandle(PolicyHandle,
|
||||
LsaDbPolicyHandle,
|
||||
Status = LsapValidateDbObject(PolicyHandle,
|
||||
LsaDbPolicyObject,
|
||||
0); /* FIXME */
|
||||
if (!NT_SUCCESS(Status))
|
||||
return Status;
|
||||
|
|
|
@ -26,6 +26,9 @@ LsapInitLsa(VOID)
|
|||
/* Initialize the well known SIDs */
|
||||
LsapInitSids();
|
||||
|
||||
/* Initialize the LSA database */
|
||||
LsapInitDatabase();
|
||||
|
||||
/* Start the RPC server */
|
||||
LsarStartRpcServer();
|
||||
|
||||
|
|
|
@ -9,13 +9,17 @@
|
|||
|
||||
#define WIN32_NO_STATUS
|
||||
#include <windows.h>
|
||||
#include <ntsecapi.h>
|
||||
#define NTOS_MODE_USER
|
||||
#include <ndk/cmfuncs.h>
|
||||
#include <ndk/lpctypes.h>
|
||||
#include <ndk/lpcfuncs.h>
|
||||
#include <ndk/obfuncs.h>
|
||||
#include <ndk/rtlfuncs.h>
|
||||
#include <ndk/setypes.h>
|
||||
|
||||
|
||||
#include <ntsecapi.h>
|
||||
|
||||
#include <string.h>
|
||||
|
||||
#include "lsass.h"
|
||||
|
@ -24,11 +28,80 @@
|
|||
#include <wine/debug.h>
|
||||
|
||||
|
||||
typedef enum _LSA_DB_OBJECT_TYPE
|
||||
{
|
||||
LsaDbIgnoreObject,
|
||||
LsaDbContainerObject,
|
||||
LsaDbPolicyObject,
|
||||
LsaDbAccountObject,
|
||||
LsaDbDomainObject,
|
||||
LsaDbSecretObject
|
||||
} LSA_DB_OBJECT_TYPE, *PLSA_DB_OBJECT_TYPE;
|
||||
|
||||
typedef struct _LSA_DB_OBJECT
|
||||
{
|
||||
ULONG Signature;
|
||||
LSA_DB_OBJECT_TYPE ObjectType;
|
||||
ULONG RefCount;
|
||||
ACCESS_MASK Access;
|
||||
HANDLE KeyHandle;
|
||||
struct _LSA_DB_OBJECT *ParentObject;
|
||||
} LSA_DB_OBJECT, *PLSA_DB_OBJECT;
|
||||
|
||||
#define LSAP_DB_SIGNATURE 0x12345678
|
||||
|
||||
|
||||
/* authport.c */
|
||||
NTSTATUS StartAuthenticationPort(VOID);
|
||||
NTSTATUS
|
||||
StartAuthenticationPort(VOID);
|
||||
|
||||
/* database.c */
|
||||
NTSTATUS
|
||||
LsapInitDatabase(VOID);
|
||||
|
||||
LSAPR_HANDLE
|
||||
LsapCreateDbObject(LSAPR_HANDLE ParentHandle,
|
||||
LPWSTR ObjectName,
|
||||
BOOLEAN Open,
|
||||
LSA_DB_OBJECT_TYPE HandleType,
|
||||
ACCESS_MASK DesiredAccess);
|
||||
|
||||
NTSTATUS
|
||||
LsapValidateDbObject(LSAPR_HANDLE Handle,
|
||||
LSA_DB_OBJECT_TYPE HandleType,
|
||||
ACCESS_MASK GrantedAccess);
|
||||
|
||||
NTSTATUS
|
||||
LsapCloseDbObject(LSAPR_HANDLE Handle);
|
||||
|
||||
NTSTATUS
|
||||
LsapGetObjectAttribute(PLSA_DB_OBJECT DbObject,
|
||||
LPWSTR AttributeName,
|
||||
LPVOID AttributeData,
|
||||
PULONG AttributeSize);
|
||||
|
||||
NTSTATUS
|
||||
LsapSetObjectAttribute(PLSA_DB_OBJECT DbObject,
|
||||
LPWSTR AttributeName,
|
||||
LPVOID AttributeData,
|
||||
ULONG AttributeSize);
|
||||
|
||||
/* lsarpc.c */
|
||||
VOID LsarStartRpcServer(VOID);
|
||||
VOID
|
||||
LsarStartRpcServer(VOID);
|
||||
|
||||
/* policy.c */
|
||||
NTSTATUS
|
||||
LsarSetPrimaryDomain(LSAPR_HANDLE PolicyObject,
|
||||
PLSAPR_POLICY_PRIMARY_DOM_INFO Info);
|
||||
|
||||
NTSTATUS
|
||||
LsarSetAccountDomain(LSAPR_HANDLE PolicyObject,
|
||||
PLSAPR_POLICY_ACCOUNT_DOM_INFO Info);
|
||||
|
||||
NTSTATUS
|
||||
LsarSetDnsDomain(LSAPR_HANDLE PolicyObject,
|
||||
PLSAPR_POLICY_DNS_DOMAIN_INFO Info);
|
||||
|
||||
/* privileges.c */
|
||||
NTSTATUS
|
||||
|
|
|
@ -9,8 +9,10 @@
|
|||
<library>ntdll</library>
|
||||
<library>pseh</library>
|
||||
<file>authport.c</file>
|
||||
<file>database.c</file>
|
||||
<file>lsarpc.c</file>
|
||||
<file>lsasrv.c</file>
|
||||
<file>policy.c</file>
|
||||
<file>privileges.c</file>
|
||||
<file>sids.c</file>
|
||||
<file>lsasrv.rc</file>
|
||||
|
|
|
@ -35,11 +35,13 @@
|
|||
@ stdcall LsarCreateAccount(ptr ptr long ptr)
|
||||
@ stdcall LsarCreateSecret(ptr ptr long ptr)
|
||||
@ stdcall LsarCreateTrustedDomain(ptr ptr long ptr)
|
||||
@ stub LsarCreateTrustedDomainEx
|
||||
@ stdcall LsarDelete(ptr)
|
||||
@ stdcall LsarEnumerateAccounts(ptr ptr ptr long)
|
||||
@ stdcall LsarEnumeratePrivileges(ptr ptr ptr long)
|
||||
@ stdcall LsarEnumeratePrivilegesAccount(ptr ptr)
|
||||
@ stdcall LsarEnumerateTrustedDomains(ptr ptr ptr long)
|
||||
@ stub LsarEnumerateTrustedDomainsEx
|
||||
@ stdcall LsarGetQuotasForAccount(ptr ptr)
|
||||
@ stdcall LsarGetSystemAccessAccount(ptr ptr)
|
||||
@ stdcall LsarLookupNames(ptr long ptr ptr ptr long ptr)
|
||||
|
@ -47,19 +49,29 @@
|
|||
@ stdcall LsarLookupPrivilegeName(ptr ptr ptr)
|
||||
@ stdcall LsarLookupPrivilegeValue(ptr ptr ptr)
|
||||
@ stdcall LsarLookupSids(ptr ptr ptr ptr long ptr)
|
||||
@ stub LsarLookupSids2
|
||||
@ stdcall LsarOpenAccount(ptr ptr long ptr)
|
||||
@ stdcall LsarOpenPolicy(ptr ptr long ptr)
|
||||
@ stub LsarOpenPolicySce
|
||||
@ stdcall LsarOpenSecret(ptr ptr long ptr)
|
||||
@ stdcall LsarOpenTrustedDomain(ptr ptr long ptr)
|
||||
@ stub LsarOpenTrustedDomainByName
|
||||
@ stub LsarQueryDomainInformationPolicy
|
||||
@ stub LsarQueryForestTrustInformation
|
||||
@ stdcall LsarQueryInfoTrustedDomain(ptr long ptr)
|
||||
@ stdcall LsarQueryInformationPolicy(ptr long ptr)
|
||||
@ stdcall LsarQuerySecret(ptr ptr ptr ptr ptr)
|
||||
@ stdcall LsarQuerySecurityObject(ptr long ptr)
|
||||
@ stub LsarQueryTrustedDomainInfo
|
||||
@ stub LsarQueryTrustedDomainInfoByName
|
||||
@ stdcall LsarRemovePrivilegesFromAccount(ptr long ptr)
|
||||
@ stub LsarSetDomainInformationPolicy
|
||||
@ stub LsarSetForestTrustInformation
|
||||
@ stdcall LsarSetInformationPolicy(ptr long ptr)
|
||||
@ stdcall LsarSetInformationTrustedDomain(ptr long ptr)
|
||||
@ stdcall LsarSetQuotasForAccount(ptr ptr)
|
||||
@ stdcall LsarSetSecret(ptr ptr ptr)
|
||||
@ stdcall LsarSetSecurityObject(ptr long ptr)
|
||||
@ stdcall LsarSetSystemAccessAccount(ptr long)
|
||||
@ stub LsarSetTrustedDomainInfoByName
|
||||
@ stdcall ServiceInit()
|
||||
|
|
118
reactos/dll/win32/lsasrv/policy.c
Normal file
118
reactos/dll/win32/lsasrv/policy.c
Normal file
|
@ -0,0 +1,118 @@
|
|||
/*
|
||||
* PROJECT: Local Security Authority Server DLL
|
||||
* LICENSE: GPL - See COPYING in the top level directory
|
||||
* FILE: dll/win32/lsasrv/policy.c
|
||||
* PURPOSE: Policy object routines
|
||||
* COPYRIGHT: Copyright 2011 Eric Kohl
|
||||
*/
|
||||
|
||||
/* INCLUDES ****************************************************************/
|
||||
|
||||
#include "lsasrv.h"
|
||||
|
||||
WINE_DEFAULT_DEBUG_CHANNEL(lsasrv);
|
||||
|
||||
|
||||
/* FUNCTIONS ***************************************************************/
|
||||
|
||||
NTSTATUS
|
||||
LsarSetPrimaryDomain(LSAPR_HANDLE PolicyHandle,
|
||||
PLSAPR_POLICY_PRIMARY_DOM_INFO Info)
|
||||
{
|
||||
PUNICODE_STRING Buffer;
|
||||
ULONG Length = 0;
|
||||
NTSTATUS Status;
|
||||
LPWSTR Ptr;
|
||||
|
||||
TRACE("LsarSetPrimaryDomain(%p, %p)\n", PolicyHandle, Info);
|
||||
|
||||
Length = sizeof(UNICODE_STRING) + Info->Name.MaximumLength;
|
||||
Buffer = RtlAllocateHeap(RtlGetProcessHeap(),
|
||||
0,
|
||||
Length);
|
||||
if (Buffer == NULL)
|
||||
return STATUS_INSUFFICIENT_RESOURCES;
|
||||
|
||||
Buffer->Length = Info->Name.Length;
|
||||
Buffer->MaximumLength = Info->Name.MaximumLength;
|
||||
Buffer->Buffer = (LPWSTR)sizeof(UNICODE_STRING);
|
||||
Ptr = (LPWSTR)((ULONG_PTR)Buffer + sizeof(UNICODE_STRING));
|
||||
memcpy(Ptr, Info->Name.Buffer, Info->Name.MaximumLength);
|
||||
|
||||
Status = LsapSetObjectAttribute((PLSA_DB_OBJECT)PolicyHandle,
|
||||
L"PolPrDmN",
|
||||
Buffer, Length);
|
||||
|
||||
RtlFreeHeap(RtlGetProcessHeap(), 0, Buffer);
|
||||
|
||||
if (!NT_SUCCESS(Status))
|
||||
return Status;
|
||||
|
||||
Length = 0;
|
||||
if (Info->Sid != NULL)
|
||||
Length = RtlLengthSid(Info->Sid);
|
||||
|
||||
Status = LsapSetObjectAttribute((PLSA_DB_OBJECT)PolicyHandle,
|
||||
L"PolPrDmS",
|
||||
(LPBYTE)Info->Sid,
|
||||
Length);
|
||||
|
||||
return Status;
|
||||
}
|
||||
|
||||
|
||||
NTSTATUS
|
||||
LsarSetAccountDomain(LSAPR_HANDLE PolicyHandle,
|
||||
PLSAPR_POLICY_ACCOUNT_DOM_INFO Info)
|
||||
{
|
||||
PUNICODE_STRING Buffer;
|
||||
ULONG Length = 0;
|
||||
NTSTATUS Status;
|
||||
LPWSTR Ptr;
|
||||
|
||||
TRACE("LsarSetAccountDomain(%p, %p)\n", PolicyHandle, Info);
|
||||
|
||||
Length = sizeof(UNICODE_STRING) + Info->DomainName.MaximumLength;
|
||||
Buffer = RtlAllocateHeap(RtlGetProcessHeap(),
|
||||
0,
|
||||
Length);
|
||||
if (Buffer == NULL)
|
||||
return STATUS_INSUFFICIENT_RESOURCES;
|
||||
|
||||
Buffer->Length = Info->DomainName.Length;
|
||||
Buffer->MaximumLength = Info->DomainName.MaximumLength;
|
||||
Buffer->Buffer = (LPWSTR)sizeof(UNICODE_STRING);
|
||||
Ptr = (LPWSTR)((ULONG_PTR)Buffer + sizeof(UNICODE_STRING));
|
||||
memcpy(Ptr, Info->DomainName.Buffer, Info->DomainName.MaximumLength);
|
||||
|
||||
Status = LsapSetObjectAttribute((PLSA_DB_OBJECT)PolicyHandle,
|
||||
L"PolAcDmN",
|
||||
Buffer, Length);
|
||||
|
||||
RtlFreeHeap(RtlGetProcessHeap(), 0, Buffer);
|
||||
|
||||
if (!NT_SUCCESS(Status))
|
||||
return Status;
|
||||
|
||||
Length = 0;
|
||||
if (Info->Sid != NULL)
|
||||
Length = RtlLengthSid(Info->Sid);
|
||||
|
||||
Status = LsapSetObjectAttribute((PLSA_DB_OBJECT)PolicyHandle,
|
||||
L"PolAcDmS",
|
||||
(LPBYTE)Info->Sid,
|
||||
Length);
|
||||
|
||||
return Status;
|
||||
}
|
||||
|
||||
|
||||
NTSTATUS
|
||||
LsarSetDnsDomain(LSAPR_HANDLE PolicyHandle,
|
||||
PLSAPR_POLICY_DNS_DOMAIN_INFO Info)
|
||||
{
|
||||
|
||||
return STATUS_NOT_IMPLEMENTED;
|
||||
}
|
||||
|
||||
/* EOF */
|
|
@ -111,8 +111,9 @@ LsarpLookupPrivilegeValue(PUNICODE_STRING Name,
|
|||
{
|
||||
if (_wcsicmp(Name->Buffer, WellKnownPrivileges[Priv].Name) == 0)
|
||||
{
|
||||
Value->LowPart = WellKnownPrivileges[Priv].Luid.LowPart;
|
||||
Value->HighPart = WellKnownPrivileges[Priv].Luid.HighPart;
|
||||
// Value->LowPart = WellKnownPrivileges[Priv].Luid.LowPart;
|
||||
// Value->HighPart = WellKnownPrivileges[Priv].Luid.HighPart;
|
||||
*Value = WellKnownPrivileges[Priv].Luid;
|
||||
return STATUS_SUCCESS;
|
||||
}
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue