From 2454366c35e921338ad9644819dc1545b273d379 Mon Sep 17 00:00:00 2001 From: Eric Kohl Date: Tue, 20 Sep 2011 23:15:51 +0000 Subject: [PATCH] [LSA] - Implement the LSA object database. - Implement the information classes PolicyPrimaryDomainInformation and PolicyAccountDomainInformation of LsarSetInformationPolicy(). svn path=/trunk/; revision=53783 --- reactos/dll/win32/lsasrv/CMakeLists.txt | 2 + reactos/dll/win32/lsasrv/database.c | 476 ++++++++++++++++++++++++ reactos/dll/win32/lsasrv/lsarpc.c | 155 +++----- reactos/dll/win32/lsasrv/lsasrv.c | 3 + reactos/dll/win32/lsasrv/lsasrv.h | 79 +++- reactos/dll/win32/lsasrv/lsasrv.rbuild | 2 + reactos/dll/win32/lsasrv/lsasrv.spec | 12 + reactos/dll/win32/lsasrv/policy.c | 118 ++++++ reactos/dll/win32/lsasrv/privileges.c | 5 +- 9 files changed, 754 insertions(+), 98 deletions(-) create mode 100644 reactos/dll/win32/lsasrv/database.c create mode 100644 reactos/dll/win32/lsasrv/policy.c diff --git a/reactos/dll/win32/lsasrv/CMakeLists.txt b/reactos/dll/win32/lsasrv/CMakeLists.txt index 8e98f23e592..a4778fb8516 100644 --- a/reactos/dll/win32/lsasrv/CMakeLists.txt +++ b/reactos/dll/win32/lsasrv/CMakeLists.txt @@ -12,8 +12,10 @@ spec2def(lsasrv.dll lsasrv.spec) list(APPEND SOURCE authport.c + database.c lsarpc.c lsasrv.c + policy.c privileges.c sids.c lsasrv.rc diff --git a/reactos/dll/win32/lsasrv/database.c b/reactos/dll/win32/lsasrv/database.c new file mode 100644 index 00000000000..d58d07b8ac6 --- /dev/null +++ b/reactos/dll/win32/lsasrv/database.c @@ -0,0 +1,476 @@ +/* + * PROJECT: Local Security Authority Server DLL + * LICENSE: GPL - See COPYING in the top level directory + * FILE: dll/win32/lsasrv/database.c + * PURPOSE: LSA object database + * COPYRIGHT: Copyright 2011 Eric Kohl + */ + +/* INCLUDES ****************************************************************/ + +#include "lsasrv.h" + +WINE_DEFAULT_DEBUG_CHANNEL(lsasrv); + + +/* GLOBALS *****************************************************************/ + +static HANDLE SecurityKeyHandle = NULL; + + +/* FUNCTIONS ***************************************************************/ + +static NTSTATUS +LsapOpenServiceKey(VOID) +{ + OBJECT_ATTRIBUTES ObjectAttributes; + UNICODE_STRING KeyName; + NTSTATUS Status; + + RtlInitUnicodeString(&KeyName, + L"\\Registry\\Machine\\SECURITY"); + + InitializeObjectAttributes(&ObjectAttributes, + &KeyName, + OBJ_CASE_INSENSITIVE, + NULL, + NULL); + + Status = RtlpNtOpenKey(&SecurityKeyHandle, + KEY_READ | KEY_CREATE_SUB_KEY | KEY_ENUMERATE_SUB_KEYS, + &ObjectAttributes, + 0); + + return Status; +} + + +static BOOLEAN +LsapIsDatabaseInstalled(VOID) +{ + OBJECT_ATTRIBUTES ObjectAttributes; + UNICODE_STRING KeyName; + HANDLE KeyHandle; + NTSTATUS Status; + + RtlInitUnicodeString(&KeyName, + L"Policy"); + + InitializeObjectAttributes(&ObjectAttributes, + &KeyName, + OBJ_CASE_INSENSITIVE, + SecurityKeyHandle, + NULL); + + Status = RtlpNtOpenKey(&KeyHandle, + KEY_READ, + &ObjectAttributes, + 0); + if (!NT_SUCCESS(Status)) + return FALSE; + + NtClose(KeyHandle); + + return TRUE; +} + + +static NTSTATUS +LsapInstallDatabase(VOID) +{ + OBJECT_ATTRIBUTES ObjectAttributes; + UNICODE_STRING KeyName; + HANDLE PolicyKeyHandle = NULL; + HANDLE AccountsKeyHandle = NULL; + HANDLE DomainsKeyHandle = NULL; + HANDLE SecretsKeyHandle = NULL; + NTSTATUS Status = STATUS_SUCCESS; + + TRACE("LsapInstallDatabase()\n"); + + /* Create the 'Policy' key */ + RtlInitUnicodeString(&KeyName, + L"Policy"); + + InitializeObjectAttributes(&ObjectAttributes, + &KeyName, + OBJ_CASE_INSENSITIVE, + SecurityKeyHandle, + NULL); + + Status = NtCreateKey(&PolicyKeyHandle, + KEY_ALL_ACCESS, + &ObjectAttributes, + 0, + NULL, + 0, + NULL); + if (!NT_SUCCESS(Status)) + { + ERR("Failed to create the 'Policy' key (Status: 0x%08lx)\n", Status); + goto Done; + } + + /* Create the 'Accounts' key */ + RtlInitUnicodeString(&KeyName, + L"Accounts"); + + InitializeObjectAttributes(&ObjectAttributes, + &KeyName, + OBJ_CASE_INSENSITIVE, + PolicyKeyHandle, + NULL); + + Status = NtCreateKey(&AccountsKeyHandle, + KEY_ALL_ACCESS, + &ObjectAttributes, + 0, + NULL, + 0, + NULL); + if (!NT_SUCCESS(Status)) + { + ERR("Failed to create the 'Accounts' key (Status: 0x%08lx)\n", Status); + goto Done; + } + + /* Create the 'Domains' key */ + RtlInitUnicodeString(&KeyName, + L"Domains"); + + InitializeObjectAttributes(&ObjectAttributes, + &KeyName, + OBJ_CASE_INSENSITIVE, + PolicyKeyHandle, + NULL); + + Status = NtCreateKey(&DomainsKeyHandle, + KEY_ALL_ACCESS, + &ObjectAttributes, + 0, + NULL, + 0, + NULL); + if (!NT_SUCCESS(Status)) + { + ERR("Failed to create the 'Domains' key (Status: 0x%08lx)\n", Status); + goto Done; + } + + /* Create the 'Secrets' key */ + RtlInitUnicodeString(&KeyName, + L"Secrets"); + + InitializeObjectAttributes(&ObjectAttributes, + &KeyName, + OBJ_CASE_INSENSITIVE, + PolicyKeyHandle, + NULL); + + Status = NtCreateKey(&SecretsKeyHandle, + KEY_ALL_ACCESS, + &ObjectAttributes, + 0, + NULL, + 0, + NULL); + if (!NT_SUCCESS(Status)) + { + ERR("Failed to create the 'Secrets' key (Status: 0x%08lx)\n", Status); + goto Done; + } + + +Done: + if (SecretsKeyHandle != NULL) + NtClose(SecretsKeyHandle); + + if (DomainsKeyHandle != NULL) + NtClose(DomainsKeyHandle); + + if (AccountsKeyHandle != NULL) + NtClose(AccountsKeyHandle); + + if (PolicyKeyHandle != NULL) + NtClose(PolicyKeyHandle); + + TRACE("LsapInstallDatabase() done (Status: 0x%08lx)\n", Status); + + return Status; +} + + +NTSTATUS +LsapInitDatabase(VOID) +{ + NTSTATUS Status; + + TRACE("LsapInitDatabase()\n"); + + Status = LsapOpenServiceKey(); + if (!NT_SUCCESS(Status)) + { + ERR("Failed to open the service key (Status: 0x%08lx)\n", Status); + return Status; + } + + if (!LsapIsDatabaseInstalled()) + { + Status = LsapInstallDatabase(); + if (!NT_SUCCESS(Status)) + { + ERR("Failed to install the LSA database (Status: 0x%08lx)\n", Status); + return Status; + } + } + + TRACE("LsapInitDatabase() done\n"); + + return STATUS_SUCCESS; +} + + +LSAPR_HANDLE +LsapCreateDbObject(LSAPR_HANDLE ParentHandle, + LPWSTR ObjectName, + BOOLEAN Open, + LSA_DB_OBJECT_TYPE ObjectType, + ACCESS_MASK DesiredAccess) +{ + PLSA_DB_OBJECT ParentObject = (PLSA_DB_OBJECT)ParentHandle; + PLSA_DB_OBJECT DbObject; + OBJECT_ATTRIBUTES ObjectAttributes; + UNICODE_STRING KeyName; + HANDLE ParentKeyHandle; + HANDLE ObjectKeyHandle; + NTSTATUS Status; + + if (ParentHandle != NULL) + ParentKeyHandle = ParentObject->KeyHandle; + else + ParentKeyHandle = SecurityKeyHandle; + + RtlInitUnicodeString(&KeyName, + ObjectName); + + InitializeObjectAttributes(&ObjectAttributes, + &KeyName, + OBJ_CASE_INSENSITIVE, + ParentKeyHandle, + NULL); + + if (Open == TRUE) + { + Status = NtOpenKey(&ObjectKeyHandle, + KEY_ALL_ACCESS, + &ObjectAttributes); + } + else + { + Status = NtCreateKey(&ObjectKeyHandle, + KEY_ALL_ACCESS, + &ObjectAttributes, + 0, + NULL, + 0, + NULL); + } + + if (!NT_SUCCESS(Status)) + { + return NULL; + } + + DbObject = (PLSA_DB_OBJECT)RtlAllocateHeap(RtlGetProcessHeap(), + 0, + sizeof(LSA_DB_OBJECT)); + if (DbObject == NULL) + { + NtClose(ObjectKeyHandle); + return NULL; + } + + DbObject->Signature = LSAP_DB_SIGNATURE; + DbObject->RefCount = 0; + DbObject->ObjectType = ObjectType; + DbObject->Access = DesiredAccess; + DbObject->KeyHandle = ObjectKeyHandle; + DbObject->ParentObject = ParentObject; + + if (ParentObject != NULL) + ParentObject->RefCount++; + + return (LSAPR_HANDLE)DbObject; +} + + +NTSTATUS +LsapValidateDbObject(LSAPR_HANDLE Handle, + LSA_DB_OBJECT_TYPE ObjectType, + ACCESS_MASK GrantedAccess) +{ + PLSA_DB_OBJECT DbObject = (PLSA_DB_OBJECT)Handle; + BOOLEAN bValid = FALSE; + + _SEH2_TRY + { + if (DbObject->Signature == LSAP_DB_SIGNATURE) + { + if ((ObjectType == LsaDbIgnoreObject) || + (DbObject->ObjectType == ObjectType)) + bValid = TRUE; + } + } + _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) + { + bValid = FALSE; + } + _SEH2_END; + + if (bValid == FALSE) + return STATUS_INVALID_HANDLE; + + if (GrantedAccess != 0) + { + /* FIXME: Check for granted access rights */ + } + + return STATUS_SUCCESS; +} + + +NTSTATUS +LsapCloseDbObject(LSAPR_HANDLE Handle) +{ + PLSA_DB_OBJECT DbObject = (PLSA_DB_OBJECT)Handle; + + if (DbObject->RefCount != 0) + return STATUS_UNSUCCESSFUL; + + if (DbObject->ParentObject != NULL) + DbObject->ParentObject->RefCount--; + + if (DbObject->KeyHandle != NULL) + NtClose(DbObject->KeyHandle); + + RtlFreeHeap(RtlGetProcessHeap(), 0, DbObject); + + return STATUS_SUCCESS; +} + + +NTSTATUS +LsapSetObjectAttribute(PLSA_DB_OBJECT DbObject, + LPWSTR AttributeName, + LPVOID AttributeData, + ULONG AttributeSize) +{ + OBJECT_ATTRIBUTES ObjectAttributes; + UNICODE_STRING KeyName; + HANDLE AttributeKey; + NTSTATUS Status; + + RtlInitUnicodeString(&KeyName, + AttributeName); + + InitializeObjectAttributes(&ObjectAttributes, + &KeyName, + OBJ_CASE_INSENSITIVE, + DbObject->KeyHandle, + NULL); + + Status = NtCreateKey(&AttributeKey, + KEY_SET_VALUE, + &ObjectAttributes, + 0, + NULL, + REG_OPTION_NON_VOLATILE, + NULL); + if (!NT_SUCCESS(Status)) + { + + return Status; + } + + Status = RtlpNtSetValueKey(AttributeKey, + REG_NONE, + AttributeData, + AttributeSize); + + NtClose(AttributeKey); + + return Status; +} + + +NTSTATUS +LsapGetObjectAttribute(PLSA_DB_OBJECT DbObject, + LPWSTR AttributeName, + LPVOID AttributeData, + PULONG AttributeSize) +{ + OBJECT_ATTRIBUTES ObjectAttributes; + UNICODE_STRING KeyName; + HANDLE AttributeKey; + ULONG ValueSize; + NTSTATUS Status; + + RtlInitUnicodeString(&KeyName, + AttributeName); + + InitializeObjectAttributes(&ObjectAttributes, + &KeyName, + OBJ_CASE_INSENSITIVE, + DbObject->KeyHandle, + NULL); + + Status = NtOpenKey(&AttributeKey, + KEY_QUERY_VALUE, + &ObjectAttributes); + if (!NT_SUCCESS(Status)) + { + return Status; + } + + ValueSize = *AttributeSize; + Status = RtlpNtQueryValueKey(AttributeKey, + NULL, + NULL, + &ValueSize, + 0); + if (!NT_SUCCESS(Status) && Status != STATUS_BUFFER_OVERFLOW) + { + goto Done; + } + + if (AttributeData == NULL || *AttributeSize == 0) + { + *AttributeSize = ValueSize; + Status == STATUS_SUCCESS; + goto Done; + } + else if (*AttributeSize < ValueSize) + { + *AttributeSize = ValueSize; + Status == STATUS_BUFFER_OVERFLOW; + goto Done; + } + + Status = RtlpNtQueryValueKey(AttributeKey, + NULL, + AttributeData, + &ValueSize, + 0); + if (NT_SUCCESS(Status)) + { + *AttributeSize = ValueSize; + } + +Done: + NtClose(AttributeKey); + + return Status; +} + +/* EOF */ + diff --git a/reactos/dll/win32/lsasrv/lsarpc.c b/reactos/dll/win32/lsasrv/lsarpc.c index c4c94970121..1881e30b460 100644 --- a/reactos/dll/win32/lsasrv/lsarpc.c +++ b/reactos/dll/win32/lsasrv/lsarpc.c @@ -11,22 +11,6 @@ #include "lsasrv.h" -typedef enum _LSA_DB_HANDLE_TYPE -{ - LsaDbIgnoreHandle, - LsaDbPolicyHandle, - LsaDbAccountHandle -} LSA_DB_HANDLE_TYPE, *PLSA_DB_HANDLE_TYPE; - -typedef struct _LSA_DB_HANDLE -{ - ULONG Signature; - LSA_DB_HANDLE_TYPE HandleType; - LONG RefCount; - ACCESS_MASK Access; -} LSA_DB_HANDLE, *PLSA_DB_HANDLE; - -#define LSAP_DB_SIGNATURE 0x12345678 static RTL_CRITICAL_SECTION PolicyHandleTableLock; @@ -35,68 +19,6 @@ WINE_DEFAULT_DEBUG_CHANNEL(lsasrv); /* FUNCTIONS ***************************************************************/ -static LSAPR_HANDLE -LsapCreateDbHandle(LSA_DB_HANDLE_TYPE HandleType, - ACCESS_MASK DesiredAccess) -{ - PLSA_DB_HANDLE DbHandle; - -// RtlEnterCriticalSection(&PolicyHandleTableLock); - - DbHandle = (PLSA_DB_HANDLE)RtlAllocateHeap(RtlGetProcessHeap(), - 0, - sizeof(LSA_DB_HANDLE)); - if (DbHandle != NULL) - { - DbHandle->Signature = LSAP_DB_SIGNATURE; - DbHandle->RefCount = 1; - DbHandle->HandleType = HandleType; - DbHandle->Access = DesiredAccess; - } - -// RtlLeaveCriticalSection(&PolicyHandleTableLock); - - return (LSAPR_HANDLE)DbHandle; -} - - -static NTSTATUS -LsapValidateDbHandle(LSAPR_HANDLE Handle, - LSA_DB_HANDLE_TYPE HandleType, - ACCESS_MASK GrantedAccess) -{ - PLSA_DB_HANDLE DbHandle = (PLSA_DB_HANDLE)Handle; - BOOL bValid = FALSE; - - _SEH2_TRY - { - if (DbHandle->Signature == LSAP_DB_SIGNATURE) - { - if (HandleType == LsaDbIgnoreHandle) - bValid = TRUE; - else if (DbHandle->HandleType == HandleType) - bValid = TRUE; - } - } - _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) - { - bValid = FALSE; - } - _SEH2_END; - - if (bValid == FALSE) - return STATUS_INVALID_HANDLE; - - if (GrantedAccess != 0) - { - /* FIXME: Check for granted access rights */ - } - - return STATUS_SUCCESS; -} - - - VOID LsarStartRpcServer(VOID) @@ -153,13 +75,12 @@ NTSTATUS WINAPI LsarClose( // RtlEnterCriticalSection(&PolicyHandleTableLock); - Status = LsapValidateDbHandle(*ObjectHandle, - LsaDbIgnoreHandle, + Status = LsapValidateDbObject(*ObjectHandle, + LsaDbIgnoreObject, 0); - if (Status == STATUS_SUCCESS) { - RtlFreeHeap(RtlGetProcessHeap(), 0, *ObjectHandle); + Status = LsapCloseDbObject(*ObjectHandle); *ObjectHandle = NULL; } @@ -239,7 +160,10 @@ NTSTATUS WINAPI LsarOpenPolicy( RtlEnterCriticalSection(&PolicyHandleTableLock); - *PolicyHandle = LsapCreateDbHandle(LsaDbPolicyHandle, + *PolicyHandle = LsapCreateDbObject(NULL, + L"Policy", + TRUE, + LsaDbPolicyObject, DesiredAccess); if (*PolicyHandle == NULL) Status = STATUS_INSUFFICIENT_RESOURCES; @@ -268,8 +192,8 @@ NTSTATUS WINAPI LsarQueryInformationPolicy( TRACE("*PolicyInformation %p\n", *PolicyInformation); } - Status = LsapValidateDbHandle(PolicyHandle, - LsaDbPolicyHandle, + Status = LsapValidateDbObject(PolicyHandle, + LsaDbPolicyObject, 0); /* FIXME */ if (!NT_SUCCESS(Status)) return Status; @@ -409,8 +333,53 @@ NTSTATUS WINAPI LsarSetInformationPolicy( POLICY_INFORMATION_CLASS InformationClass, PLSAPR_POLICY_INFORMATION PolicyInformation) { - UNIMPLEMENTED; - return STATUS_NOT_IMPLEMENTED; + NTSTATUS Status; + + TRACE("LsarSetInformationPolicy(%p,0x%08x,%p)\n", + PolicyHandle, InformationClass, PolicyInformation); + + if (PolicyInformation) + { + TRACE("*PolicyInformation %p\n", *PolicyInformation); + } + + Status = LsapValidateDbObject(PolicyHandle, + LsaDbPolicyObject, + 0); /* FIXME */ + if (!NT_SUCCESS(Status)) + return Status; + + switch (InformationClass) + { + case PolicyAuditEventsInformation: + Status = STATUS_NOT_IMPLEMENTED; + break; + + case PolicyPrimaryDomainInformation: + Status = LsarSetPrimaryDomain(PolicyHandle, + (PLSAPR_POLICY_PRIMARY_DOM_INFO)PolicyInformation); + break; + + case PolicyAccountDomainInformation: + Status = LsarSetAccountDomain(PolicyHandle, + (PLSAPR_POLICY_ACCOUNT_DOM_INFO)PolicyInformation); + break; + + case PolicyDnsDomainInformation: + Status = LsarSetDnsDomain(PolicyHandle, + (PLSAPR_POLICY_DNS_DOMAIN_INFO)PolicyInformation); + break; + + case PolicyLsaServerRoleInformation: + Status = STATUS_NOT_IMPLEMENTED; + break; + + default: + Status = STATUS_INVALID_PARAMETER; + break; + } + + return Status; } @@ -838,8 +807,8 @@ NTSTATUS WINAPI LsarLookupPrivilegeValue( TRACE("LsarLookupPrivilegeValue(%p, %wZ, %p)\n", PolicyHandle, Name, Value); - Status = LsapValidateDbHandle(PolicyHandle, - LsaDbPolicyHandle, + Status = LsapValidateDbObject(PolicyHandle, + LsaDbPolicyObject, 0); /* FIXME */ if (!NT_SUCCESS(Status)) { @@ -867,8 +836,8 @@ NTSTATUS WINAPI LsarLookupPrivilegeName( TRACE("LsarLookupPrivilegeName(%p, %p, %p)\n", PolicyHandle, Value, Name); - Status = LsapValidateDbHandle(PolicyHandle, - LsaDbPolicyHandle, + Status = LsapValidateDbObject(PolicyHandle, + LsaDbPolicyObject, 0); /* FIXME */ if (!NT_SUCCESS(Status)) { @@ -926,8 +895,8 @@ NTSTATUS WINAPI LsarEnmuerateAccountRights( FIXME("(%p,%p,%p) stub\n", PolicyHandle, AccountSid, UserRights); - Status = LsapValidateDbHandle(PolicyHandle, - LsaDbPolicyHandle, + Status = LsapValidateDbObject(PolicyHandle, + LsaDbPolicyObject, 0); /* FIXME */ if (!NT_SUCCESS(Status)) return Status; diff --git a/reactos/dll/win32/lsasrv/lsasrv.c b/reactos/dll/win32/lsasrv/lsasrv.c index 1a007ecef16..6398e999d5a 100644 --- a/reactos/dll/win32/lsasrv/lsasrv.c +++ b/reactos/dll/win32/lsasrv/lsasrv.c @@ -26,6 +26,9 @@ LsapInitLsa(VOID) /* Initialize the well known SIDs */ LsapInitSids(); + /* Initialize the LSA database */ + LsapInitDatabase(); + /* Start the RPC server */ LsarStartRpcServer(); diff --git a/reactos/dll/win32/lsasrv/lsasrv.h b/reactos/dll/win32/lsasrv/lsasrv.h index bf5febba6af..1686ca69b47 100644 --- a/reactos/dll/win32/lsasrv/lsasrv.h +++ b/reactos/dll/win32/lsasrv/lsasrv.h @@ -9,13 +9,17 @@ #define WIN32_NO_STATUS #include -#include #define NTOS_MODE_USER +#include #include #include +#include #include #include + +#include + #include #include "lsass.h" @@ -24,11 +28,80 @@ #include +typedef enum _LSA_DB_OBJECT_TYPE +{ + LsaDbIgnoreObject, + LsaDbContainerObject, + LsaDbPolicyObject, + LsaDbAccountObject, + LsaDbDomainObject, + LsaDbSecretObject +} LSA_DB_OBJECT_TYPE, *PLSA_DB_OBJECT_TYPE; + +typedef struct _LSA_DB_OBJECT +{ + ULONG Signature; + LSA_DB_OBJECT_TYPE ObjectType; + ULONG RefCount; + ACCESS_MASK Access; + HANDLE KeyHandle; + struct _LSA_DB_OBJECT *ParentObject; +} LSA_DB_OBJECT, *PLSA_DB_OBJECT; + +#define LSAP_DB_SIGNATURE 0x12345678 + + /* authport.c */ -NTSTATUS StartAuthenticationPort(VOID); +NTSTATUS +StartAuthenticationPort(VOID); + +/* database.c */ +NTSTATUS +LsapInitDatabase(VOID); + +LSAPR_HANDLE +LsapCreateDbObject(LSAPR_HANDLE ParentHandle, + LPWSTR ObjectName, + BOOLEAN Open, + LSA_DB_OBJECT_TYPE HandleType, + ACCESS_MASK DesiredAccess); + +NTSTATUS +LsapValidateDbObject(LSAPR_HANDLE Handle, + LSA_DB_OBJECT_TYPE HandleType, + ACCESS_MASK GrantedAccess); + +NTSTATUS +LsapCloseDbObject(LSAPR_HANDLE Handle); + +NTSTATUS +LsapGetObjectAttribute(PLSA_DB_OBJECT DbObject, + LPWSTR AttributeName, + LPVOID AttributeData, + PULONG AttributeSize); + +NTSTATUS +LsapSetObjectAttribute(PLSA_DB_OBJECT DbObject, + LPWSTR AttributeName, + LPVOID AttributeData, + ULONG AttributeSize); /* lsarpc.c */ -VOID LsarStartRpcServer(VOID); +VOID +LsarStartRpcServer(VOID); + +/* policy.c */ +NTSTATUS +LsarSetPrimaryDomain(LSAPR_HANDLE PolicyObject, + PLSAPR_POLICY_PRIMARY_DOM_INFO Info); + +NTSTATUS +LsarSetAccountDomain(LSAPR_HANDLE PolicyObject, + PLSAPR_POLICY_ACCOUNT_DOM_INFO Info); + +NTSTATUS +LsarSetDnsDomain(LSAPR_HANDLE PolicyObject, + PLSAPR_POLICY_DNS_DOMAIN_INFO Info); /* privileges.c */ NTSTATUS diff --git a/reactos/dll/win32/lsasrv/lsasrv.rbuild b/reactos/dll/win32/lsasrv/lsasrv.rbuild index f2d9494cdcb..44dd9ff9fa8 100644 --- a/reactos/dll/win32/lsasrv/lsasrv.rbuild +++ b/reactos/dll/win32/lsasrv/lsasrv.rbuild @@ -9,8 +9,10 @@ ntdll pseh authport.c + database.c lsarpc.c lsasrv.c + policy.c privileges.c sids.c lsasrv.rc diff --git a/reactos/dll/win32/lsasrv/lsasrv.spec b/reactos/dll/win32/lsasrv/lsasrv.spec index 7372ad6258e..07dffaade39 100644 --- a/reactos/dll/win32/lsasrv/lsasrv.spec +++ b/reactos/dll/win32/lsasrv/lsasrv.spec @@ -35,11 +35,13 @@ @ stdcall LsarCreateAccount(ptr ptr long ptr) @ stdcall LsarCreateSecret(ptr ptr long ptr) @ stdcall LsarCreateTrustedDomain(ptr ptr long ptr) + @ stub LsarCreateTrustedDomainEx @ stdcall LsarDelete(ptr) @ stdcall LsarEnumerateAccounts(ptr ptr ptr long) @ stdcall LsarEnumeratePrivileges(ptr ptr ptr long) @ stdcall LsarEnumeratePrivilegesAccount(ptr ptr) @ stdcall LsarEnumerateTrustedDomains(ptr ptr ptr long) + @ stub LsarEnumerateTrustedDomainsEx @ stdcall LsarGetQuotasForAccount(ptr ptr) @ stdcall LsarGetSystemAccessAccount(ptr ptr) @ stdcall LsarLookupNames(ptr long ptr ptr ptr long ptr) @@ -47,19 +49,29 @@ @ stdcall LsarLookupPrivilegeName(ptr ptr ptr) @ stdcall LsarLookupPrivilegeValue(ptr ptr ptr) @ stdcall LsarLookupSids(ptr ptr ptr ptr long ptr) + @ stub LsarLookupSids2 @ stdcall LsarOpenAccount(ptr ptr long ptr) @ stdcall LsarOpenPolicy(ptr ptr long ptr) + @ stub LsarOpenPolicySce @ stdcall LsarOpenSecret(ptr ptr long ptr) @ stdcall LsarOpenTrustedDomain(ptr ptr long ptr) + @ stub LsarOpenTrustedDomainByName + @ stub LsarQueryDomainInformationPolicy + @ stub LsarQueryForestTrustInformation @ stdcall LsarQueryInfoTrustedDomain(ptr long ptr) @ stdcall LsarQueryInformationPolicy(ptr long ptr) @ stdcall LsarQuerySecret(ptr ptr ptr ptr ptr) @ stdcall LsarQuerySecurityObject(ptr long ptr) + @ stub LsarQueryTrustedDomainInfo + @ stub LsarQueryTrustedDomainInfoByName @ stdcall LsarRemovePrivilegesFromAccount(ptr long ptr) + @ stub LsarSetDomainInformationPolicy + @ stub LsarSetForestTrustInformation @ stdcall LsarSetInformationPolicy(ptr long ptr) @ stdcall LsarSetInformationTrustedDomain(ptr long ptr) @ stdcall LsarSetQuotasForAccount(ptr ptr) @ stdcall LsarSetSecret(ptr ptr ptr) @ stdcall LsarSetSecurityObject(ptr long ptr) @ stdcall LsarSetSystemAccessAccount(ptr long) + @ stub LsarSetTrustedDomainInfoByName @ stdcall ServiceInit() diff --git a/reactos/dll/win32/lsasrv/policy.c b/reactos/dll/win32/lsasrv/policy.c new file mode 100644 index 00000000000..66f20d1a615 --- /dev/null +++ b/reactos/dll/win32/lsasrv/policy.c @@ -0,0 +1,118 @@ +/* + * PROJECT: Local Security Authority Server DLL + * LICENSE: GPL - See COPYING in the top level directory + * FILE: dll/win32/lsasrv/policy.c + * PURPOSE: Policy object routines + * COPYRIGHT: Copyright 2011 Eric Kohl + */ + +/* INCLUDES ****************************************************************/ + +#include "lsasrv.h" + +WINE_DEFAULT_DEBUG_CHANNEL(lsasrv); + + +/* FUNCTIONS ***************************************************************/ + +NTSTATUS +LsarSetPrimaryDomain(LSAPR_HANDLE PolicyHandle, + PLSAPR_POLICY_PRIMARY_DOM_INFO Info) +{ + PUNICODE_STRING Buffer; + ULONG Length = 0; + NTSTATUS Status; + LPWSTR Ptr; + + TRACE("LsarSetPrimaryDomain(%p, %p)\n", PolicyHandle, Info); + + Length = sizeof(UNICODE_STRING) + Info->Name.MaximumLength; + Buffer = RtlAllocateHeap(RtlGetProcessHeap(), + 0, + Length); + if (Buffer == NULL) + return STATUS_INSUFFICIENT_RESOURCES; + + Buffer->Length = Info->Name.Length; + Buffer->MaximumLength = Info->Name.MaximumLength; + Buffer->Buffer = (LPWSTR)sizeof(UNICODE_STRING); + Ptr = (LPWSTR)((ULONG_PTR)Buffer + sizeof(UNICODE_STRING)); + memcpy(Ptr, Info->Name.Buffer, Info->Name.MaximumLength); + + Status = LsapSetObjectAttribute((PLSA_DB_OBJECT)PolicyHandle, + L"PolPrDmN", + Buffer, Length); + + RtlFreeHeap(RtlGetProcessHeap(), 0, Buffer); + + if (!NT_SUCCESS(Status)) + return Status; + + Length = 0; + if (Info->Sid != NULL) + Length = RtlLengthSid(Info->Sid); + + Status = LsapSetObjectAttribute((PLSA_DB_OBJECT)PolicyHandle, + L"PolPrDmS", + (LPBYTE)Info->Sid, + Length); + + return Status; +} + + +NTSTATUS +LsarSetAccountDomain(LSAPR_HANDLE PolicyHandle, + PLSAPR_POLICY_ACCOUNT_DOM_INFO Info) +{ + PUNICODE_STRING Buffer; + ULONG Length = 0; + NTSTATUS Status; + LPWSTR Ptr; + + TRACE("LsarSetAccountDomain(%p, %p)\n", PolicyHandle, Info); + + Length = sizeof(UNICODE_STRING) + Info->DomainName.MaximumLength; + Buffer = RtlAllocateHeap(RtlGetProcessHeap(), + 0, + Length); + if (Buffer == NULL) + return STATUS_INSUFFICIENT_RESOURCES; + + Buffer->Length = Info->DomainName.Length; + Buffer->MaximumLength = Info->DomainName.MaximumLength; + Buffer->Buffer = (LPWSTR)sizeof(UNICODE_STRING); + Ptr = (LPWSTR)((ULONG_PTR)Buffer + sizeof(UNICODE_STRING)); + memcpy(Ptr, Info->DomainName.Buffer, Info->DomainName.MaximumLength); + + Status = LsapSetObjectAttribute((PLSA_DB_OBJECT)PolicyHandle, + L"PolAcDmN", + Buffer, Length); + + RtlFreeHeap(RtlGetProcessHeap(), 0, Buffer); + + if (!NT_SUCCESS(Status)) + return Status; + + Length = 0; + if (Info->Sid != NULL) + Length = RtlLengthSid(Info->Sid); + + Status = LsapSetObjectAttribute((PLSA_DB_OBJECT)PolicyHandle, + L"PolAcDmS", + (LPBYTE)Info->Sid, + Length); + + return Status; +} + + +NTSTATUS +LsarSetDnsDomain(LSAPR_HANDLE PolicyHandle, + PLSAPR_POLICY_DNS_DOMAIN_INFO Info) +{ + + return STATUS_NOT_IMPLEMENTED; +} + +/* EOF */ diff --git a/reactos/dll/win32/lsasrv/privileges.c b/reactos/dll/win32/lsasrv/privileges.c index 2c988501cfe..b42c5daab77 100644 --- a/reactos/dll/win32/lsasrv/privileges.c +++ b/reactos/dll/win32/lsasrv/privileges.c @@ -111,8 +111,9 @@ LsarpLookupPrivilegeValue(PUNICODE_STRING Name, { if (_wcsicmp(Name->Buffer, WellKnownPrivileges[Priv].Name) == 0) { - Value->LowPart = WellKnownPrivileges[Priv].Luid.LowPart; - Value->HighPart = WellKnownPrivileges[Priv].Luid.HighPart; +// Value->LowPart = WellKnownPrivileges[Priv].Luid.LowPart; +// Value->HighPart = WellKnownPrivileges[Priv].Luid.HighPart; + *Value = WellKnownPrivileges[Priv].Luid; return STATUS_SUCCESS; } }