- Implement the LSA object database.
- Implement the information classes PolicyPrimaryDomainInformation and PolicyAccountDomainInformation of LsarSetInformationPolicy().

svn path=/trunk/; revision=53783
This commit is contained in:
Eric Kohl 2011-09-20 23:15:51 +00:00
parent 0194a753c7
commit 2454366c35
9 changed files with 754 additions and 98 deletions

View file

@ -12,8 +12,10 @@ spec2def(lsasrv.dll lsasrv.spec)
list(APPEND SOURCE list(APPEND SOURCE
authport.c authport.c
database.c
lsarpc.c lsarpc.c
lsasrv.c lsasrv.c
policy.c
privileges.c privileges.c
sids.c sids.c
lsasrv.rc lsasrv.rc

View file

@ -0,0 +1,476 @@
/*
* PROJECT: Local Security Authority Server DLL
* LICENSE: GPL - See COPYING in the top level directory
* FILE: dll/win32/lsasrv/database.c
* PURPOSE: LSA object database
* COPYRIGHT: Copyright 2011 Eric Kohl
*/
/* INCLUDES ****************************************************************/
#include "lsasrv.h"
WINE_DEFAULT_DEBUG_CHANNEL(lsasrv);
/* GLOBALS *****************************************************************/
static HANDLE SecurityKeyHandle = NULL;
/* FUNCTIONS ***************************************************************/
static NTSTATUS
LsapOpenServiceKey(VOID)
{
OBJECT_ATTRIBUTES ObjectAttributes;
UNICODE_STRING KeyName;
NTSTATUS Status;
RtlInitUnicodeString(&KeyName,
L"\\Registry\\Machine\\SECURITY");
InitializeObjectAttributes(&ObjectAttributes,
&KeyName,
OBJ_CASE_INSENSITIVE,
NULL,
NULL);
Status = RtlpNtOpenKey(&SecurityKeyHandle,
KEY_READ | KEY_CREATE_SUB_KEY | KEY_ENUMERATE_SUB_KEYS,
&ObjectAttributes,
0);
return Status;
}
static BOOLEAN
LsapIsDatabaseInstalled(VOID)
{
OBJECT_ATTRIBUTES ObjectAttributes;
UNICODE_STRING KeyName;
HANDLE KeyHandle;
NTSTATUS Status;
RtlInitUnicodeString(&KeyName,
L"Policy");
InitializeObjectAttributes(&ObjectAttributes,
&KeyName,
OBJ_CASE_INSENSITIVE,
SecurityKeyHandle,
NULL);
Status = RtlpNtOpenKey(&KeyHandle,
KEY_READ,
&ObjectAttributes,
0);
if (!NT_SUCCESS(Status))
return FALSE;
NtClose(KeyHandle);
return TRUE;
}
static NTSTATUS
LsapInstallDatabase(VOID)
{
OBJECT_ATTRIBUTES ObjectAttributes;
UNICODE_STRING KeyName;
HANDLE PolicyKeyHandle = NULL;
HANDLE AccountsKeyHandle = NULL;
HANDLE DomainsKeyHandle = NULL;
HANDLE SecretsKeyHandle = NULL;
NTSTATUS Status = STATUS_SUCCESS;
TRACE("LsapInstallDatabase()\n");
/* Create the 'Policy' key */
RtlInitUnicodeString(&KeyName,
L"Policy");
InitializeObjectAttributes(&ObjectAttributes,
&KeyName,
OBJ_CASE_INSENSITIVE,
SecurityKeyHandle,
NULL);
Status = NtCreateKey(&PolicyKeyHandle,
KEY_ALL_ACCESS,
&ObjectAttributes,
0,
NULL,
0,
NULL);
if (!NT_SUCCESS(Status))
{
ERR("Failed to create the 'Policy' key (Status: 0x%08lx)\n", Status);
goto Done;
}
/* Create the 'Accounts' key */
RtlInitUnicodeString(&KeyName,
L"Accounts");
InitializeObjectAttributes(&ObjectAttributes,
&KeyName,
OBJ_CASE_INSENSITIVE,
PolicyKeyHandle,
NULL);
Status = NtCreateKey(&AccountsKeyHandle,
KEY_ALL_ACCESS,
&ObjectAttributes,
0,
NULL,
0,
NULL);
if (!NT_SUCCESS(Status))
{
ERR("Failed to create the 'Accounts' key (Status: 0x%08lx)\n", Status);
goto Done;
}
/* Create the 'Domains' key */
RtlInitUnicodeString(&KeyName,
L"Domains");
InitializeObjectAttributes(&ObjectAttributes,
&KeyName,
OBJ_CASE_INSENSITIVE,
PolicyKeyHandle,
NULL);
Status = NtCreateKey(&DomainsKeyHandle,
KEY_ALL_ACCESS,
&ObjectAttributes,
0,
NULL,
0,
NULL);
if (!NT_SUCCESS(Status))
{
ERR("Failed to create the 'Domains' key (Status: 0x%08lx)\n", Status);
goto Done;
}
/* Create the 'Secrets' key */
RtlInitUnicodeString(&KeyName,
L"Secrets");
InitializeObjectAttributes(&ObjectAttributes,
&KeyName,
OBJ_CASE_INSENSITIVE,
PolicyKeyHandle,
NULL);
Status = NtCreateKey(&SecretsKeyHandle,
KEY_ALL_ACCESS,
&ObjectAttributes,
0,
NULL,
0,
NULL);
if (!NT_SUCCESS(Status))
{
ERR("Failed to create the 'Secrets' key (Status: 0x%08lx)\n", Status);
goto Done;
}
Done:
if (SecretsKeyHandle != NULL)
NtClose(SecretsKeyHandle);
if (DomainsKeyHandle != NULL)
NtClose(DomainsKeyHandle);
if (AccountsKeyHandle != NULL)
NtClose(AccountsKeyHandle);
if (PolicyKeyHandle != NULL)
NtClose(PolicyKeyHandle);
TRACE("LsapInstallDatabase() done (Status: 0x%08lx)\n", Status);
return Status;
}
NTSTATUS
LsapInitDatabase(VOID)
{
NTSTATUS Status;
TRACE("LsapInitDatabase()\n");
Status = LsapOpenServiceKey();
if (!NT_SUCCESS(Status))
{
ERR("Failed to open the service key (Status: 0x%08lx)\n", Status);
return Status;
}
if (!LsapIsDatabaseInstalled())
{
Status = LsapInstallDatabase();
if (!NT_SUCCESS(Status))
{
ERR("Failed to install the LSA database (Status: 0x%08lx)\n", Status);
return Status;
}
}
TRACE("LsapInitDatabase() done\n");
return STATUS_SUCCESS;
}
LSAPR_HANDLE
LsapCreateDbObject(LSAPR_HANDLE ParentHandle,
LPWSTR ObjectName,
BOOLEAN Open,
LSA_DB_OBJECT_TYPE ObjectType,
ACCESS_MASK DesiredAccess)
{
PLSA_DB_OBJECT ParentObject = (PLSA_DB_OBJECT)ParentHandle;
PLSA_DB_OBJECT DbObject;
OBJECT_ATTRIBUTES ObjectAttributes;
UNICODE_STRING KeyName;
HANDLE ParentKeyHandle;
HANDLE ObjectKeyHandle;
NTSTATUS Status;
if (ParentHandle != NULL)
ParentKeyHandle = ParentObject->KeyHandle;
else
ParentKeyHandle = SecurityKeyHandle;
RtlInitUnicodeString(&KeyName,
ObjectName);
InitializeObjectAttributes(&ObjectAttributes,
&KeyName,
OBJ_CASE_INSENSITIVE,
ParentKeyHandle,
NULL);
if (Open == TRUE)
{
Status = NtOpenKey(&ObjectKeyHandle,
KEY_ALL_ACCESS,
&ObjectAttributes);
}
else
{
Status = NtCreateKey(&ObjectKeyHandle,
KEY_ALL_ACCESS,
&ObjectAttributes,
0,
NULL,
0,
NULL);
}
if (!NT_SUCCESS(Status))
{
return NULL;
}
DbObject = (PLSA_DB_OBJECT)RtlAllocateHeap(RtlGetProcessHeap(),
0,
sizeof(LSA_DB_OBJECT));
if (DbObject == NULL)
{
NtClose(ObjectKeyHandle);
return NULL;
}
DbObject->Signature = LSAP_DB_SIGNATURE;
DbObject->RefCount = 0;
DbObject->ObjectType = ObjectType;
DbObject->Access = DesiredAccess;
DbObject->KeyHandle = ObjectKeyHandle;
DbObject->ParentObject = ParentObject;
if (ParentObject != NULL)
ParentObject->RefCount++;
return (LSAPR_HANDLE)DbObject;
}
NTSTATUS
LsapValidateDbObject(LSAPR_HANDLE Handle,
LSA_DB_OBJECT_TYPE ObjectType,
ACCESS_MASK GrantedAccess)
{
PLSA_DB_OBJECT DbObject = (PLSA_DB_OBJECT)Handle;
BOOLEAN bValid = FALSE;
_SEH2_TRY
{
if (DbObject->Signature == LSAP_DB_SIGNATURE)
{
if ((ObjectType == LsaDbIgnoreObject) ||
(DbObject->ObjectType == ObjectType))
bValid = TRUE;
}
}
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
{
bValid = FALSE;
}
_SEH2_END;
if (bValid == FALSE)
return STATUS_INVALID_HANDLE;
if (GrantedAccess != 0)
{
/* FIXME: Check for granted access rights */
}
return STATUS_SUCCESS;
}
NTSTATUS
LsapCloseDbObject(LSAPR_HANDLE Handle)
{
PLSA_DB_OBJECT DbObject = (PLSA_DB_OBJECT)Handle;
if (DbObject->RefCount != 0)
return STATUS_UNSUCCESSFUL;
if (DbObject->ParentObject != NULL)
DbObject->ParentObject->RefCount--;
if (DbObject->KeyHandle != NULL)
NtClose(DbObject->KeyHandle);
RtlFreeHeap(RtlGetProcessHeap(), 0, DbObject);
return STATUS_SUCCESS;
}
NTSTATUS
LsapSetObjectAttribute(PLSA_DB_OBJECT DbObject,
LPWSTR AttributeName,
LPVOID AttributeData,
ULONG AttributeSize)
{
OBJECT_ATTRIBUTES ObjectAttributes;
UNICODE_STRING KeyName;
HANDLE AttributeKey;
NTSTATUS Status;
RtlInitUnicodeString(&KeyName,
AttributeName);
InitializeObjectAttributes(&ObjectAttributes,
&KeyName,
OBJ_CASE_INSENSITIVE,
DbObject->KeyHandle,
NULL);
Status = NtCreateKey(&AttributeKey,
KEY_SET_VALUE,
&ObjectAttributes,
0,
NULL,
REG_OPTION_NON_VOLATILE,
NULL);
if (!NT_SUCCESS(Status))
{
return Status;
}
Status = RtlpNtSetValueKey(AttributeKey,
REG_NONE,
AttributeData,
AttributeSize);
NtClose(AttributeKey);
return Status;
}
NTSTATUS
LsapGetObjectAttribute(PLSA_DB_OBJECT DbObject,
LPWSTR AttributeName,
LPVOID AttributeData,
PULONG AttributeSize)
{
OBJECT_ATTRIBUTES ObjectAttributes;
UNICODE_STRING KeyName;
HANDLE AttributeKey;
ULONG ValueSize;
NTSTATUS Status;
RtlInitUnicodeString(&KeyName,
AttributeName);
InitializeObjectAttributes(&ObjectAttributes,
&KeyName,
OBJ_CASE_INSENSITIVE,
DbObject->KeyHandle,
NULL);
Status = NtOpenKey(&AttributeKey,
KEY_QUERY_VALUE,
&ObjectAttributes);
if (!NT_SUCCESS(Status))
{
return Status;
}
ValueSize = *AttributeSize;
Status = RtlpNtQueryValueKey(AttributeKey,
NULL,
NULL,
&ValueSize,
0);
if (!NT_SUCCESS(Status) && Status != STATUS_BUFFER_OVERFLOW)
{
goto Done;
}
if (AttributeData == NULL || *AttributeSize == 0)
{
*AttributeSize = ValueSize;
Status == STATUS_SUCCESS;
goto Done;
}
else if (*AttributeSize < ValueSize)
{
*AttributeSize = ValueSize;
Status == STATUS_BUFFER_OVERFLOW;
goto Done;
}
Status = RtlpNtQueryValueKey(AttributeKey,
NULL,
AttributeData,
&ValueSize,
0);
if (NT_SUCCESS(Status))
{
*AttributeSize = ValueSize;
}
Done:
NtClose(AttributeKey);
return Status;
}
/* EOF */

View file

@ -11,22 +11,6 @@
#include "lsasrv.h" #include "lsasrv.h"
typedef enum _LSA_DB_HANDLE_TYPE
{
LsaDbIgnoreHandle,
LsaDbPolicyHandle,
LsaDbAccountHandle
} LSA_DB_HANDLE_TYPE, *PLSA_DB_HANDLE_TYPE;
typedef struct _LSA_DB_HANDLE
{
ULONG Signature;
LSA_DB_HANDLE_TYPE HandleType;
LONG RefCount;
ACCESS_MASK Access;
} LSA_DB_HANDLE, *PLSA_DB_HANDLE;
#define LSAP_DB_SIGNATURE 0x12345678
static RTL_CRITICAL_SECTION PolicyHandleTableLock; static RTL_CRITICAL_SECTION PolicyHandleTableLock;
@ -35,68 +19,6 @@ WINE_DEFAULT_DEBUG_CHANNEL(lsasrv);
/* FUNCTIONS ***************************************************************/ /* FUNCTIONS ***************************************************************/
static LSAPR_HANDLE
LsapCreateDbHandle(LSA_DB_HANDLE_TYPE HandleType,
ACCESS_MASK DesiredAccess)
{
PLSA_DB_HANDLE DbHandle;
// RtlEnterCriticalSection(&PolicyHandleTableLock);
DbHandle = (PLSA_DB_HANDLE)RtlAllocateHeap(RtlGetProcessHeap(),
0,
sizeof(LSA_DB_HANDLE));
if (DbHandle != NULL)
{
DbHandle->Signature = LSAP_DB_SIGNATURE;
DbHandle->RefCount = 1;
DbHandle->HandleType = HandleType;
DbHandle->Access = DesiredAccess;
}
// RtlLeaveCriticalSection(&PolicyHandleTableLock);
return (LSAPR_HANDLE)DbHandle;
}
static NTSTATUS
LsapValidateDbHandle(LSAPR_HANDLE Handle,
LSA_DB_HANDLE_TYPE HandleType,
ACCESS_MASK GrantedAccess)
{
PLSA_DB_HANDLE DbHandle = (PLSA_DB_HANDLE)Handle;
BOOL bValid = FALSE;
_SEH2_TRY
{
if (DbHandle->Signature == LSAP_DB_SIGNATURE)
{
if (HandleType == LsaDbIgnoreHandle)
bValid = TRUE;
else if (DbHandle->HandleType == HandleType)
bValid = TRUE;
}
}
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
{
bValid = FALSE;
}
_SEH2_END;
if (bValid == FALSE)
return STATUS_INVALID_HANDLE;
if (GrantedAccess != 0)
{
/* FIXME: Check for granted access rights */
}
return STATUS_SUCCESS;
}
VOID VOID
LsarStartRpcServer(VOID) LsarStartRpcServer(VOID)
@ -153,13 +75,12 @@ NTSTATUS WINAPI LsarClose(
// RtlEnterCriticalSection(&PolicyHandleTableLock); // RtlEnterCriticalSection(&PolicyHandleTableLock);
Status = LsapValidateDbHandle(*ObjectHandle, Status = LsapValidateDbObject(*ObjectHandle,
LsaDbIgnoreHandle, LsaDbIgnoreObject,
0); 0);
if (Status == STATUS_SUCCESS) if (Status == STATUS_SUCCESS)
{ {
RtlFreeHeap(RtlGetProcessHeap(), 0, *ObjectHandle); Status = LsapCloseDbObject(*ObjectHandle);
*ObjectHandle = NULL; *ObjectHandle = NULL;
} }
@ -239,7 +160,10 @@ NTSTATUS WINAPI LsarOpenPolicy(
RtlEnterCriticalSection(&PolicyHandleTableLock); RtlEnterCriticalSection(&PolicyHandleTableLock);
*PolicyHandle = LsapCreateDbHandle(LsaDbPolicyHandle, *PolicyHandle = LsapCreateDbObject(NULL,
L"Policy",
TRUE,
LsaDbPolicyObject,
DesiredAccess); DesiredAccess);
if (*PolicyHandle == NULL) if (*PolicyHandle == NULL)
Status = STATUS_INSUFFICIENT_RESOURCES; Status = STATUS_INSUFFICIENT_RESOURCES;
@ -268,8 +192,8 @@ NTSTATUS WINAPI LsarQueryInformationPolicy(
TRACE("*PolicyInformation %p\n", *PolicyInformation); TRACE("*PolicyInformation %p\n", *PolicyInformation);
} }
Status = LsapValidateDbHandle(PolicyHandle, Status = LsapValidateDbObject(PolicyHandle,
LsaDbPolicyHandle, LsaDbPolicyObject,
0); /* FIXME */ 0); /* FIXME */
if (!NT_SUCCESS(Status)) if (!NT_SUCCESS(Status))
return Status; return Status;
@ -409,8 +333,53 @@ NTSTATUS WINAPI LsarSetInformationPolicy(
POLICY_INFORMATION_CLASS InformationClass, POLICY_INFORMATION_CLASS InformationClass,
PLSAPR_POLICY_INFORMATION PolicyInformation) PLSAPR_POLICY_INFORMATION PolicyInformation)
{ {
UNIMPLEMENTED; NTSTATUS Status;
return STATUS_NOT_IMPLEMENTED;
TRACE("LsarSetInformationPolicy(%p,0x%08x,%p)\n",
PolicyHandle, InformationClass, PolicyInformation);
if (PolicyInformation)
{
TRACE("*PolicyInformation %p\n", *PolicyInformation);
}
Status = LsapValidateDbObject(PolicyHandle,
LsaDbPolicyObject,
0); /* FIXME */
if (!NT_SUCCESS(Status))
return Status;
switch (InformationClass)
{
case PolicyAuditEventsInformation:
Status = STATUS_NOT_IMPLEMENTED;
break;
case PolicyPrimaryDomainInformation:
Status = LsarSetPrimaryDomain(PolicyHandle,
(PLSAPR_POLICY_PRIMARY_DOM_INFO)PolicyInformation);
break;
case PolicyAccountDomainInformation:
Status = LsarSetAccountDomain(PolicyHandle,
(PLSAPR_POLICY_ACCOUNT_DOM_INFO)PolicyInformation);
break;
case PolicyDnsDomainInformation:
Status = LsarSetDnsDomain(PolicyHandle,
(PLSAPR_POLICY_DNS_DOMAIN_INFO)PolicyInformation);
break;
case PolicyLsaServerRoleInformation:
Status = STATUS_NOT_IMPLEMENTED;
break;
default:
Status = STATUS_INVALID_PARAMETER;
break;
}
return Status;
} }
@ -838,8 +807,8 @@ NTSTATUS WINAPI LsarLookupPrivilegeValue(
TRACE("LsarLookupPrivilegeValue(%p, %wZ, %p)\n", TRACE("LsarLookupPrivilegeValue(%p, %wZ, %p)\n",
PolicyHandle, Name, Value); PolicyHandle, Name, Value);
Status = LsapValidateDbHandle(PolicyHandle, Status = LsapValidateDbObject(PolicyHandle,
LsaDbPolicyHandle, LsaDbPolicyObject,
0); /* FIXME */ 0); /* FIXME */
if (!NT_SUCCESS(Status)) if (!NT_SUCCESS(Status))
{ {
@ -867,8 +836,8 @@ NTSTATUS WINAPI LsarLookupPrivilegeName(
TRACE("LsarLookupPrivilegeName(%p, %p, %p)\n", TRACE("LsarLookupPrivilegeName(%p, %p, %p)\n",
PolicyHandle, Value, Name); PolicyHandle, Value, Name);
Status = LsapValidateDbHandle(PolicyHandle, Status = LsapValidateDbObject(PolicyHandle,
LsaDbPolicyHandle, LsaDbPolicyObject,
0); /* FIXME */ 0); /* FIXME */
if (!NT_SUCCESS(Status)) if (!NT_SUCCESS(Status))
{ {
@ -926,8 +895,8 @@ NTSTATUS WINAPI LsarEnmuerateAccountRights(
FIXME("(%p,%p,%p) stub\n", PolicyHandle, AccountSid, UserRights); FIXME("(%p,%p,%p) stub\n", PolicyHandle, AccountSid, UserRights);
Status = LsapValidateDbHandle(PolicyHandle, Status = LsapValidateDbObject(PolicyHandle,
LsaDbPolicyHandle, LsaDbPolicyObject,
0); /* FIXME */ 0); /* FIXME */
if (!NT_SUCCESS(Status)) if (!NT_SUCCESS(Status))
return Status; return Status;

View file

@ -26,6 +26,9 @@ LsapInitLsa(VOID)
/* Initialize the well known SIDs */ /* Initialize the well known SIDs */
LsapInitSids(); LsapInitSids();
/* Initialize the LSA database */
LsapInitDatabase();
/* Start the RPC server */ /* Start the RPC server */
LsarStartRpcServer(); LsarStartRpcServer();

View file

@ -9,13 +9,17 @@
#define WIN32_NO_STATUS #define WIN32_NO_STATUS
#include <windows.h> #include <windows.h>
#include <ntsecapi.h>
#define NTOS_MODE_USER #define NTOS_MODE_USER
#include <ndk/cmfuncs.h>
#include <ndk/lpctypes.h> #include <ndk/lpctypes.h>
#include <ndk/lpcfuncs.h> #include <ndk/lpcfuncs.h>
#include <ndk/obfuncs.h>
#include <ndk/rtlfuncs.h> #include <ndk/rtlfuncs.h>
#include <ndk/setypes.h> #include <ndk/setypes.h>
#include <ntsecapi.h>
#include <string.h> #include <string.h>
#include "lsass.h" #include "lsass.h"
@ -24,11 +28,80 @@
#include <wine/debug.h> #include <wine/debug.h>
typedef enum _LSA_DB_OBJECT_TYPE
{
LsaDbIgnoreObject,
LsaDbContainerObject,
LsaDbPolicyObject,
LsaDbAccountObject,
LsaDbDomainObject,
LsaDbSecretObject
} LSA_DB_OBJECT_TYPE, *PLSA_DB_OBJECT_TYPE;
typedef struct _LSA_DB_OBJECT
{
ULONG Signature;
LSA_DB_OBJECT_TYPE ObjectType;
ULONG RefCount;
ACCESS_MASK Access;
HANDLE KeyHandle;
struct _LSA_DB_OBJECT *ParentObject;
} LSA_DB_OBJECT, *PLSA_DB_OBJECT;
#define LSAP_DB_SIGNATURE 0x12345678
/* authport.c */ /* authport.c */
NTSTATUS StartAuthenticationPort(VOID); NTSTATUS
StartAuthenticationPort(VOID);
/* database.c */
NTSTATUS
LsapInitDatabase(VOID);
LSAPR_HANDLE
LsapCreateDbObject(LSAPR_HANDLE ParentHandle,
LPWSTR ObjectName,
BOOLEAN Open,
LSA_DB_OBJECT_TYPE HandleType,
ACCESS_MASK DesiredAccess);
NTSTATUS
LsapValidateDbObject(LSAPR_HANDLE Handle,
LSA_DB_OBJECT_TYPE HandleType,
ACCESS_MASK GrantedAccess);
NTSTATUS
LsapCloseDbObject(LSAPR_HANDLE Handle);
NTSTATUS
LsapGetObjectAttribute(PLSA_DB_OBJECT DbObject,
LPWSTR AttributeName,
LPVOID AttributeData,
PULONG AttributeSize);
NTSTATUS
LsapSetObjectAttribute(PLSA_DB_OBJECT DbObject,
LPWSTR AttributeName,
LPVOID AttributeData,
ULONG AttributeSize);
/* lsarpc.c */ /* lsarpc.c */
VOID LsarStartRpcServer(VOID); VOID
LsarStartRpcServer(VOID);
/* policy.c */
NTSTATUS
LsarSetPrimaryDomain(LSAPR_HANDLE PolicyObject,
PLSAPR_POLICY_PRIMARY_DOM_INFO Info);
NTSTATUS
LsarSetAccountDomain(LSAPR_HANDLE PolicyObject,
PLSAPR_POLICY_ACCOUNT_DOM_INFO Info);
NTSTATUS
LsarSetDnsDomain(LSAPR_HANDLE PolicyObject,
PLSAPR_POLICY_DNS_DOMAIN_INFO Info);
/* privileges.c */ /* privileges.c */
NTSTATUS NTSTATUS

View file

@ -9,8 +9,10 @@
<library>ntdll</library> <library>ntdll</library>
<library>pseh</library> <library>pseh</library>
<file>authport.c</file> <file>authport.c</file>
<file>database.c</file>
<file>lsarpc.c</file> <file>lsarpc.c</file>
<file>lsasrv.c</file> <file>lsasrv.c</file>
<file>policy.c</file>
<file>privileges.c</file> <file>privileges.c</file>
<file>sids.c</file> <file>sids.c</file>
<file>lsasrv.rc</file> <file>lsasrv.rc</file>

View file

@ -35,11 +35,13 @@
@ stdcall LsarCreateAccount(ptr ptr long ptr) @ stdcall LsarCreateAccount(ptr ptr long ptr)
@ stdcall LsarCreateSecret(ptr ptr long ptr) @ stdcall LsarCreateSecret(ptr ptr long ptr)
@ stdcall LsarCreateTrustedDomain(ptr ptr long ptr) @ stdcall LsarCreateTrustedDomain(ptr ptr long ptr)
@ stub LsarCreateTrustedDomainEx
@ stdcall LsarDelete(ptr) @ stdcall LsarDelete(ptr)
@ stdcall LsarEnumerateAccounts(ptr ptr ptr long) @ stdcall LsarEnumerateAccounts(ptr ptr ptr long)
@ stdcall LsarEnumeratePrivileges(ptr ptr ptr long) @ stdcall LsarEnumeratePrivileges(ptr ptr ptr long)
@ stdcall LsarEnumeratePrivilegesAccount(ptr ptr) @ stdcall LsarEnumeratePrivilegesAccount(ptr ptr)
@ stdcall LsarEnumerateTrustedDomains(ptr ptr ptr long) @ stdcall LsarEnumerateTrustedDomains(ptr ptr ptr long)
@ stub LsarEnumerateTrustedDomainsEx
@ stdcall LsarGetQuotasForAccount(ptr ptr) @ stdcall LsarGetQuotasForAccount(ptr ptr)
@ stdcall LsarGetSystemAccessAccount(ptr ptr) @ stdcall LsarGetSystemAccessAccount(ptr ptr)
@ stdcall LsarLookupNames(ptr long ptr ptr ptr long ptr) @ stdcall LsarLookupNames(ptr long ptr ptr ptr long ptr)
@ -47,19 +49,29 @@
@ stdcall LsarLookupPrivilegeName(ptr ptr ptr) @ stdcall LsarLookupPrivilegeName(ptr ptr ptr)
@ stdcall LsarLookupPrivilegeValue(ptr ptr ptr) @ stdcall LsarLookupPrivilegeValue(ptr ptr ptr)
@ stdcall LsarLookupSids(ptr ptr ptr ptr long ptr) @ stdcall LsarLookupSids(ptr ptr ptr ptr long ptr)
@ stub LsarLookupSids2
@ stdcall LsarOpenAccount(ptr ptr long ptr) @ stdcall LsarOpenAccount(ptr ptr long ptr)
@ stdcall LsarOpenPolicy(ptr ptr long ptr) @ stdcall LsarOpenPolicy(ptr ptr long ptr)
@ stub LsarOpenPolicySce
@ stdcall LsarOpenSecret(ptr ptr long ptr) @ stdcall LsarOpenSecret(ptr ptr long ptr)
@ stdcall LsarOpenTrustedDomain(ptr ptr long ptr) @ stdcall LsarOpenTrustedDomain(ptr ptr long ptr)
@ stub LsarOpenTrustedDomainByName
@ stub LsarQueryDomainInformationPolicy
@ stub LsarQueryForestTrustInformation
@ stdcall LsarQueryInfoTrustedDomain(ptr long ptr) @ stdcall LsarQueryInfoTrustedDomain(ptr long ptr)
@ stdcall LsarQueryInformationPolicy(ptr long ptr) @ stdcall LsarQueryInformationPolicy(ptr long ptr)
@ stdcall LsarQuerySecret(ptr ptr ptr ptr ptr) @ stdcall LsarQuerySecret(ptr ptr ptr ptr ptr)
@ stdcall LsarQuerySecurityObject(ptr long ptr) @ stdcall LsarQuerySecurityObject(ptr long ptr)
@ stub LsarQueryTrustedDomainInfo
@ stub LsarQueryTrustedDomainInfoByName
@ stdcall LsarRemovePrivilegesFromAccount(ptr long ptr) @ stdcall LsarRemovePrivilegesFromAccount(ptr long ptr)
@ stub LsarSetDomainInformationPolicy
@ stub LsarSetForestTrustInformation
@ stdcall LsarSetInformationPolicy(ptr long ptr) @ stdcall LsarSetInformationPolicy(ptr long ptr)
@ stdcall LsarSetInformationTrustedDomain(ptr long ptr) @ stdcall LsarSetInformationTrustedDomain(ptr long ptr)
@ stdcall LsarSetQuotasForAccount(ptr ptr) @ stdcall LsarSetQuotasForAccount(ptr ptr)
@ stdcall LsarSetSecret(ptr ptr ptr) @ stdcall LsarSetSecret(ptr ptr ptr)
@ stdcall LsarSetSecurityObject(ptr long ptr) @ stdcall LsarSetSecurityObject(ptr long ptr)
@ stdcall LsarSetSystemAccessAccount(ptr long) @ stdcall LsarSetSystemAccessAccount(ptr long)
@ stub LsarSetTrustedDomainInfoByName
@ stdcall ServiceInit() @ stdcall ServiceInit()

View file

@ -0,0 +1,118 @@
/*
* PROJECT: Local Security Authority Server DLL
* LICENSE: GPL - See COPYING in the top level directory
* FILE: dll/win32/lsasrv/policy.c
* PURPOSE: Policy object routines
* COPYRIGHT: Copyright 2011 Eric Kohl
*/
/* INCLUDES ****************************************************************/
#include "lsasrv.h"
WINE_DEFAULT_DEBUG_CHANNEL(lsasrv);
/* FUNCTIONS ***************************************************************/
NTSTATUS
LsarSetPrimaryDomain(LSAPR_HANDLE PolicyHandle,
PLSAPR_POLICY_PRIMARY_DOM_INFO Info)
{
PUNICODE_STRING Buffer;
ULONG Length = 0;
NTSTATUS Status;
LPWSTR Ptr;
TRACE("LsarSetPrimaryDomain(%p, %p)\n", PolicyHandle, Info);
Length = sizeof(UNICODE_STRING) + Info->Name.MaximumLength;
Buffer = RtlAllocateHeap(RtlGetProcessHeap(),
0,
Length);
if (Buffer == NULL)
return STATUS_INSUFFICIENT_RESOURCES;
Buffer->Length = Info->Name.Length;
Buffer->MaximumLength = Info->Name.MaximumLength;
Buffer->Buffer = (LPWSTR)sizeof(UNICODE_STRING);
Ptr = (LPWSTR)((ULONG_PTR)Buffer + sizeof(UNICODE_STRING));
memcpy(Ptr, Info->Name.Buffer, Info->Name.MaximumLength);
Status = LsapSetObjectAttribute((PLSA_DB_OBJECT)PolicyHandle,
L"PolPrDmN",
Buffer, Length);
RtlFreeHeap(RtlGetProcessHeap(), 0, Buffer);
if (!NT_SUCCESS(Status))
return Status;
Length = 0;
if (Info->Sid != NULL)
Length = RtlLengthSid(Info->Sid);
Status = LsapSetObjectAttribute((PLSA_DB_OBJECT)PolicyHandle,
L"PolPrDmS",
(LPBYTE)Info->Sid,
Length);
return Status;
}
NTSTATUS
LsarSetAccountDomain(LSAPR_HANDLE PolicyHandle,
PLSAPR_POLICY_ACCOUNT_DOM_INFO Info)
{
PUNICODE_STRING Buffer;
ULONG Length = 0;
NTSTATUS Status;
LPWSTR Ptr;
TRACE("LsarSetAccountDomain(%p, %p)\n", PolicyHandle, Info);
Length = sizeof(UNICODE_STRING) + Info->DomainName.MaximumLength;
Buffer = RtlAllocateHeap(RtlGetProcessHeap(),
0,
Length);
if (Buffer == NULL)
return STATUS_INSUFFICIENT_RESOURCES;
Buffer->Length = Info->DomainName.Length;
Buffer->MaximumLength = Info->DomainName.MaximumLength;
Buffer->Buffer = (LPWSTR)sizeof(UNICODE_STRING);
Ptr = (LPWSTR)((ULONG_PTR)Buffer + sizeof(UNICODE_STRING));
memcpy(Ptr, Info->DomainName.Buffer, Info->DomainName.MaximumLength);
Status = LsapSetObjectAttribute((PLSA_DB_OBJECT)PolicyHandle,
L"PolAcDmN",
Buffer, Length);
RtlFreeHeap(RtlGetProcessHeap(), 0, Buffer);
if (!NT_SUCCESS(Status))
return Status;
Length = 0;
if (Info->Sid != NULL)
Length = RtlLengthSid(Info->Sid);
Status = LsapSetObjectAttribute((PLSA_DB_OBJECT)PolicyHandle,
L"PolAcDmS",
(LPBYTE)Info->Sid,
Length);
return Status;
}
NTSTATUS
LsarSetDnsDomain(LSAPR_HANDLE PolicyHandle,
PLSAPR_POLICY_DNS_DOMAIN_INFO Info)
{
return STATUS_NOT_IMPLEMENTED;
}
/* EOF */

View file

@ -111,8 +111,9 @@ LsarpLookupPrivilegeValue(PUNICODE_STRING Name,
{ {
if (_wcsicmp(Name->Buffer, WellKnownPrivileges[Priv].Name) == 0) if (_wcsicmp(Name->Buffer, WellKnownPrivileges[Priv].Name) == 0)
{ {
Value->LowPart = WellKnownPrivileges[Priv].Luid.LowPart; // Value->LowPart = WellKnownPrivileges[Priv].Luid.LowPart;
Value->HighPart = WellKnownPrivileges[Priv].Luid.HighPart; // Value->HighPart = WellKnownPrivileges[Priv].Luid.HighPart;
*Value = WellKnownPrivileges[Priv].Luid;
return STATUS_SUCCESS; return STATUS_SUCCESS;
} }
} }