Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2025-01-02 20:43:18 +00:00
Code Issues Projects Releases Packages Wiki Activity

[ADVAPI32/LSASRV]

Browse source 
- Prepare LsapValidateDbHandle for access checks.
- Move the functionality of LsaQueryInformationPolicy (advapi32.dll) into the new function LsarQueryInformationPolicy (lsasrv.dll).
- Remove dead code from advapi32.dll.

svn path=/trunk/; revision=49161
This commit is contained in:
Eric Kohl 2010-10-15 21:28:42 +00:00
parent 7796502f67
commit 40a9859ca5
2 changed files with 197 additions and 155 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

161
reactos/dll/win32/advapi32/sec/lsa.c
View file

@ -16,59 +16,6 @@
WINE_DEFAULT_DEBUG_CHANNEL(advapi); WINE_DEFAULT_DEBUG_CHANNEL(advapi);
/* imported from wine 1.1.14 */
static void* ADVAPI_GetDomainName(unsigned sz, unsigned ofs)
{
HKEY key;
LONG ret;
BYTE* ptr = NULL;
UNICODE_STRING* ustr;
static const WCHAR wVNETSUP[] = {
'S','y','s','t','e','m','\\',
'C','u','r','r','e','n','t','C','o','n','t','r','o','l','S','e','t','\\',
'S','e','r','v','i','c','e','s','\\',
'V','x','D','\\','V','N','E','T','S','U','P','\0'};
ret = RegOpenKeyExW(HKEY_LOCAL_MACHINE, wVNETSUP, 0, KEY_READ, &key);
if (ret == ERROR_SUCCESS)
{
DWORD size = 0;
static const WCHAR wg[] = { 'W','o','r','k','g','r','o','u','p',0 };
ret = RegQueryValueExW(key, wg, NULL, NULL, NULL, &size);
if (ret == ERROR_MORE_DATA || ret == ERROR_SUCCESS)
{
ptr = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, sz + size);
if (!ptr) return NULL;
ustr = (UNICODE_STRING*)(ptr + ofs);
ustr->MaximumLength = size;
ustr->Buffer = (WCHAR*)(ptr + sz);
ret = RegQueryValueExW(key, wg, NULL, NULL, (LPBYTE)ustr->Buffer, &size);
if (ret != ERROR_SUCCESS)
{
HeapFree(GetProcessHeap(), 0, ptr);
ptr = NULL;
}
else ustr->Length = size - sizeof(WCHAR);
}
RegCloseKey(key);
}
if (!ptr)
{
static const WCHAR wDomain[] = {'D','O','M','A','I','N','\0'};
ptr = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY,
sz + sizeof(wDomain));
if (!ptr) return NULL;
ustr = (UNICODE_STRING*)(ptr + ofs);
ustr->MaximumLength = sizeof(wDomain);
ustr->Buffer = (WCHAR*)(ptr + sz);
ustr->Length = sizeof(wDomain) - sizeof(WCHAR);
memcpy(ustr->Buffer, wDomain, sizeof(wDomain));
}
return ptr;
}
static BOOL LsapIsLocalComputer(PLSA_UNICODE_STRING ServerName) static BOOL LsapIsLocalComputer(PLSA_UNICODE_STRING ServerName)
{ {
@ -647,103 +594,37 @@ LsaQueryForestTrustInformation(
} }
/* /*
* @unimplemented * @implemented
*/ */
NTSTATUS WINAPI NTSTATUS WINAPI
LsaQueryInformationPolicy(LSA_HANDLE PolicyHandle, LsaQueryInformationPolicy(LSA_HANDLE PolicyHandle,
POLICY_INFORMATION_CLASS InformationClass, POLICY_INFORMATION_CLASS InformationClass,
PVOID *Buffer) PVOID *Buffer)
{ {
PLSAPR_POLICY_INFORMATION PolicyInformation = NULL;
NTSTATUS Status;
TRACE("(%p,0x%08x,%p)\n", PolicyHandle, InformationClass, Buffer); TRACE("(%p,0x%08x,%p)\n", PolicyHandle, InformationClass, Buffer);
if(!Buffer) return STATUS_INVALID_PARAMETER; RpcTryExcept
switch (InformationClass)
{ {
case PolicyAuditEventsInformation: /* 2 */ Status = LsarQueryInformationPolicy((LSAPR_HANDLE)PolicyHandle,
{ InformationClass,
PPOLICY_AUDIT_EVENTS_INFO p = RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, &PolicyInformation);
sizeof(POLICY_AUDIT_EVENTS_INFO)); *Buffer = PolicyInformation;
p->AuditingMode = FALSE; /* no auditing */
*Buffer = p;
}
break;
case PolicyPrimaryDomainInformation: /* 3 */
{
/* Only the domain name is valid for the local computer.
* All other fields are zero.
*/
PPOLICY_PRIMARY_DOMAIN_INFO pinfo;
pinfo = ADVAPI_GetDomainName(sizeof(*pinfo), offsetof(POLICY_PRIMARY_DOMAIN_INFO, Name));
TRACE("setting domain to %s\n", debugstr_w(pinfo->Name.Buffer));
*Buffer = pinfo;
}
case PolicyAccountDomainInformation: /* 5 */
{
struct di
{
POLICY_ACCOUNT_DOMAIN_INFO info;
SID sid;
DWORD padding[3];
WCHAR domain[MAX_COMPUTERNAME_LENGTH + 1];
};
DWORD dwSize = MAX_COMPUTERNAME_LENGTH + 1;
struct di * xdi = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(*xdi));
xdi->info.DomainName.MaximumLength = dwSize * sizeof(WCHAR);
xdi->info.DomainName.Buffer = xdi->domain;
if (GetComputerNameW(xdi->info.DomainName.Buffer, &dwSize))
xdi->info.DomainName.Length = dwSize * sizeof(WCHAR);
TRACE("setting name to %s\n", debugstr_w(xdi->info.DomainName.Buffer));
xdi->info.DomainSid = &xdi->sid;
/* read the computer SID from the registry */
if (!ADVAPI_GetComputerSid(&xdi->sid))
{
HeapFree(GetProcessHeap(), 0, xdi);
WARN("Computer SID not found\n");
return STATUS_UNSUCCESSFUL;
}
*Buffer = xdi;
}
break;
case PolicyDnsDomainInformation: /* 12 (0xc) */
{
/* Only the domain name is valid for the local computer.
* All other fields are zero.
*/
PPOLICY_DNS_DOMAIN_INFO pinfo;
pinfo = ADVAPI_GetDomainName(sizeof(*pinfo), offsetof(POLICY_DNS_DOMAIN_INFO, Name));
TRACE("setting domain to %s\n", debugstr_w(pinfo->Name.Buffer));
*Buffer = pinfo;
}
break;
case PolicyAuditLogInformation:
case PolicyPdAccountInformation:
case PolicyLsaServerRoleInformation:
case PolicyReplicaSourceInformation:
case PolicyDefaultQuotaInformation:
case PolicyModificationInformation:
case PolicyAuditFullSetInformation:
case PolicyAuditFullQueryInformation:
case PolicyEfsInformation:
{
FIXME("category not implemented\n");
return STATUS_UNSUCCESSFUL;
}
} }
return STATUS_SUCCESS; RpcExcept(EXCEPTION_EXECUTE_HANDLER)
{
if (PolicyInformation != NULL)
MIDL_user_free(PolicyInformation);
Status = I_RpcMapWin32Status(RpcExceptionCode());
}
RpcEndExcept;
TRACE("Done (Status: 0x%08x)\n", Status);
return Status;
} }
/* /*

191
reactos/dll/win32/lsasrv/lsarpc.c
View file

@ -60,9 +60,10 @@ LsapCreateDbHandle(LSA_DB_HANDLE_TYPE HandleType,
} }
static BOOL static NTSTATUS
LsapValidateDbHandle(LSAPR_HANDLE Handle, LsapValidateDbHandle(LSAPR_HANDLE Handle,
LSA_DB_HANDLE_TYPE HandleType) LSA_DB_HANDLE_TYPE HandleType,
ACCESS_MASK GrantedAccess)
{ {
PLSA_DB_HANDLE DbHandle = (PLSA_DB_HANDLE)Handle; PLSA_DB_HANDLE DbHandle = (PLSA_DB_HANDLE)Handle;
BOOL bValid = FALSE; BOOL bValid = FALSE;
@ -83,8 +84,15 @@ LsapValidateDbHandle(LSAPR_HANDLE Handle,
} }
_SEH2_END; _SEH2_END;
if (bValid == FALSE)
return STATUS_INVALID_HANDLE;
return bValid; if (GrantedAccess != 0)
{
/* FIXME: Check for granted access rights */
}
return STATUS_SUCCESS;
} }
@ -145,13 +153,15 @@ NTSTATUS LsarClose(
// RtlEnterCriticalSection(&PolicyHandleTableLock); // RtlEnterCriticalSection(&PolicyHandleTableLock);
if (LsapValidateDbHandle(*ObjectHandle, LsaDbIgnoreHandle)) Status = LsapValidateDbHandle(*ObjectHandle,
LsaDbIgnoreHandle,
0);
if (Status == STATUS_SUCCESS)
{ {
RtlFreeHeap(RtlGetProcessHeap(), 0, *ObjectHandle); RtlFreeHeap(RtlGetProcessHeap(), 0, *ObjectHandle);
*ObjectHandle = NULL; *ObjectHandle = NULL;
} }
else
Status = STATUS_INVALID_HANDLE;
// RtlLeaveCriticalSection(&PolicyHandleTableLock); // RtlLeaveCriticalSection(&PolicyHandleTableLock);
@ -248,8 +258,148 @@ NTSTATUS LsarQueryInformationPolicy(
POLICY_INFORMATION_CLASS InformationClass, POLICY_INFORMATION_CLASS InformationClass,
PLSAPR_POLICY_INFORMATION *PolicyInformation) PLSAPR_POLICY_INFORMATION *PolicyInformation)
{ {
UNIMPLEMENTED; NTSTATUS Status;
return STATUS_NOT_IMPLEMENTED;
TRACE("LsarQueryInformationPolicy(%p,0x%08x,%p)\n",
PolicyHandle, InformationClass, PolicyInformation);
if (PolicyInformation)
{
TRACE("*PolicyInformation %p\n", *PolicyInformation);
}
Status = LsapValidateDbHandle(PolicyHandle,
LsaDbPolicyHandle,
0); /* FIXME */
if (!NT_SUCCESS(Status))
return Status;
switch (InformationClass)
{
case PolicyAuditEventsInformation: /* 2 */
{
PLSAPR_POLICY_AUDIT_EVENTS_INFO p = MIDL_user_allocate(sizeof(LSAPR_POLICY_AUDIT_EVENTS_INFO));
if (p == NULL)
return STATUS_INSUFFICIENT_RESOURCES;
p->AuditingMode = FALSE; /* no auditing */
p->EventAuditingOptions = NULL;
p->MaximumAuditEventCount = 0;
*PolicyInformation = (PLSAPR_POLICY_INFORMATION)p;
}
break;
case PolicyPrimaryDomainInformation: /* 3 */
{
PLSAPR_POLICY_PRIMARY_DOM_INFO p = MIDL_user_allocate(sizeof(LSAPR_POLICY_PRIMARY_DOM_INFO));
if (p == NULL)
return STATUS_INSUFFICIENT_RESOURCES;
p->Name.Length = 0;
p->Name.MaximumLength = 0;
p->Name.Buffer = NULL;
#if 0
p->Name.Length = wcslen(L"COMPUTERNAME");
p->Name.MaximumLength = p->Name.Length + sizeof(WCHAR);
p->Name.Buffer = MIDL_user_allocate(p->Name.MaximumLength);
if (p->Name.Buffer == NULL)
{
MIDL_user_free(p);
return STATUS_INSUFFICIENT_RESOURCES;
}
wcscpy(p->Name.Buffer, L"COMPUTERNAME");
#endif
p->Sid = NULL; /* no domain, no workgroup */
*PolicyInformation = (PLSAPR_POLICY_INFORMATION)p;
}
break;
case PolicyAccountDomainInformation: /* 5 */
{
PLSAPR_POLICY_ACCOUNT_DOM_INFO p = MIDL_user_allocate(sizeof(LSAPR_POLICY_ACCOUNT_DOM_INFO));
if (p == NULL)
return STATUS_INSUFFICIENT_RESOURCES;
p->DomainName.Length = 0;
p->DomainName.MaximumLength = 0;
p->DomainName.Buffer = NULL;
#if 0
p->DomainName.Length = wcslen(L"COMPUTERNAME");
p->DomainName.MaximumLength = p->DomainName.Length + sizeof(WCHAR);
p->DomainName.Buffer = MIDL_user_allocate(p->DomainName.MaximumLength);
if (p->DomainName.Buffer == NULL)
{
MIDL_user_free(p);
return STATUS_INSUFFICIENT_RESOURCES;
}
wcscpy(p->DomainName.Buffer, L"COMPUTERNAME");
#endif
p->Sid = NULL; /* no domain, no workgroup */
*PolicyInformation = (PLSAPR_POLICY_INFORMATION)p;
}
break;
case PolicyDnsDomainInformation: /* 12 (0xc) */
{
PLSAPR_POLICY_DNS_DOMAIN_INFO p = MIDL_user_allocate(sizeof(LSAPR_POLICY_DNS_DOMAIN_INFO));
if (p == NULL)
return STATUS_INSUFFICIENT_RESOURCES;
p->Name.Length = 0;
p->Name.MaximumLength = 0;
p->Name.Buffer = NULL;
#if 0
p->Name.Length = wcslen(L"COMPUTERNAME");
p->Name.MaximumLength = p->Name.Length + sizeof(WCHAR);
p->Name.Buffer = MIDL_user_allocate(p->Name.MaximumLength);
if (p->Name.Buffer == NULL)
{
MIDL_user_free(p);
return STATUS_INSUFFICIENT_RESOURCES;
}
wcscpy(p->Name.Buffer, L"COMPUTERNAME");
#endif
p->DnsDomainName.Length = 0;
p->DnsDomainName.MaximumLength = 0;
p->DnsDomainName.Buffer = NULL;
p->DnsForestName.Length = 0;
p->DnsForestName.MaximumLength = 0;
p->DnsForestName.Buffer = 0;
memset(&p->DomainGuid, 0, sizeof(GUID));
p->Sid = NULL; /* no domain, no workgroup */
*PolicyInformation = (PLSAPR_POLICY_INFORMATION)p;
}
break;
case PolicyAuditLogInformation:
case PolicyPdAccountInformation:
case PolicyLsaServerRoleInformation:
case PolicyReplicaSourceInformation:
case PolicyDefaultQuotaInformation:
case PolicyModificationInformation:
case PolicyAuditFullSetInformation:
case PolicyAuditFullQueryInformation:
case PolicyEfsInformation:
{
FIXME("category not implemented\n");
return STATUS_UNSUCCESSFUL;
}
}
return STATUS_SUCCESS;
} }
@ -688,10 +838,13 @@ NTSTATUS LsarLookupPrivilegeValue(
TRACE("LsarLookupPrivilegeValue(%p, %wZ, %p)\n", TRACE("LsarLookupPrivilegeValue(%p, %wZ, %p)\n",
PolicyHandle, Name, Value); PolicyHandle, Name, Value);
if (!LsapValidateDbHandle(PolicyHandle, LsaDbPolicyHandle)) Status = LsapValidateDbHandle(PolicyHandle,
LsaDbPolicyHandle,
0); /* FIXME */
if (!NT_SUCCESS(Status))
{ {
ERR("Invalid handle\n"); ERR("Invalid handle (Status %lx)\n", Status);
return STATUS_INVALID_HANDLE; return Status;
} }
TRACE("Privilege: %wZ\n", Name); TRACE("Privilege: %wZ\n", Name);
@ -714,10 +867,13 @@ NTSTATUS LsarLookupPrivilegeName(
TRACE("LsarLookupPrivilegeName(%p, %p, %p)\n", TRACE("LsarLookupPrivilegeName(%p, %p, %p)\n",
PolicyHandle, Value, Name); PolicyHandle, Value, Name);
if (!LsapValidateDbHandle(PolicyHandle, LsaDbPolicyHandle)) Status = LsapValidateDbHandle(PolicyHandle,
LsaDbPolicyHandle,
0); /* FIXME */
if (!NT_SUCCESS(Status))
{ {
ERR("Invalid handle\n"); ERR("Invalid handle\n");
return STATUS_INVALID_HANDLE; return Status;
} }
Status = LsarpLookupPrivilegeName(Value, (PUNICODE_STRING*)Name); Status = LsarpLookupPrivilegeName(Value, (PUNICODE_STRING*)Name);
@ -766,10 +922,15 @@ NTSTATUS LsarEnmuerateAccountRights(
PRPC_SID AccountSid, PRPC_SID AccountSid,
PLSAPR_USER_RIGHT_SET UserRights) PLSAPR_USER_RIGHT_SET UserRights)
{ {
NTSTATUS Status;
FIXME("(%p,%p,%p) stub\n", PolicyHandle, AccountSid, UserRights); FIXME("(%p,%p,%p) stub\n", PolicyHandle, AccountSid, UserRights);
if (!LsapValidateDbHandle(PolicyHandle, LsaDbPolicyHandle)) Status = LsapValidateDbHandle(PolicyHandle,
return STATUS_INVALID_HANDLE; LsaDbPolicyHandle,
0); /* FIXME */
if (!NT_SUCCESS(Status))
return Status;
UserRights->Entries = 0; UserRights->Entries = 0;
UserRights->UserRights = NULL; UserRights->UserRights = NULL;