[ADVAPI32/LSASRV]

- Implement LookupPrivilegeValueW and LsaLookupPrivilegeValue.
- Move lookup code from LookupPrivilegeValueW to LsarLookupPrivilegeValue.

svn path=/trunk/; revision=47934

reactos/dll/win32/advapi32/advapi32.spec

@@ -374,7 +374,7 @@
 @ stdcall LsaLookupNames2(ptr long long ptr ptr ptr)
 @ stub LsaLookupPrivilegeDisplayName
 @ stub LsaLookupPrivilegeName
-@ stub LsaLookupPrivilegeValue
+@ stdcall LsaLookupPrivilegeValue(ptr ptr ptr)
 @ stdcall LsaLookupSids(ptr long ptr ptr ptr)
 @ stdcall LsaNtStatusToWinError(long)
 @ stub LsaOpenAccount

reactos/dll/win32/advapi32/sec/lsa.c

@@ -396,6 +396,37 @@ LsaLookupNames2(
     return STATUS_NONE_MAPPED;
 }
 
+/*
+ * @implemented
+ */
+NTSTATUS
+WINAPI
+LsaLookupPrivilegeValue(IN LSA_HANDLE PolicyHandle,
+                        IN PLSA_UNICODE_STRING Name,
+                        OUT PLUID Value)
+{
+    LUID Luid;
+    NTSTATUS Status;
+
+    FIXME("(%p,%p,%p) stub\n", PolicyHandle, Name, Value);
+
+    RpcTryExcept
+    {
+        Status = LsarLookupPrivilegeValue(PolicyHandle,
+                                          (PRPC_UNICODE_STRING)Name,
+                                          &Luid);
+        if (Status == STATUS_SUCCESS)
+            *Value = Luid;
+    }
+    RpcExcept(EXCEPTION_EXECUTE_HANDLER)
+    {
+        Status = I_RpcMapWin32Status(RpcExceptionCode());
+    }
+    RpcEndExcept;
+
+    return Status;
+}
+
 /*
  * @unimplemented
  */

reactos/dll/win32/advapi32/sec/misc.c

@@ -1409,81 +1409,51 @@ LookupPrivilegeValueA(LPCSTR lpSystemName,
 
 
 /**********************************************************************
- * LookupPrivilegeValueW				EXPORTED
+ * LookupPrivilegeValueW
  *
- * @unimplemented
+ * @implemented
  */
 BOOL
 WINAPI
-LookupPrivilegeValueW(LPCWSTR SystemName,
+LookupPrivilegeValueW(LPCWSTR lpSystemName,
-                      LPCWSTR PrivName,
+                      LPCWSTR lpPrivilegeName,
-                      PLUID Luid)
+                      PLUID lpLuid)
 {
-  static const WCHAR * const DefaultPrivNames[] =
+    LSA_OBJECT_ATTRIBUTES ObjectAttributes = {0};
-    {
+    LSA_UNICODE_STRING SystemName;
-      L"SeCreateTokenPrivilege",
+    LSA_UNICODE_STRING PrivilegeName;
-      L"SeAssignPrimaryTokenPrivilege",
+    LSA_HANDLE PolicyHandle = NULL;
-      L"SeLockMemoryPrivilege",
+    NTSTATUS Status;
-      L"SeIncreaseQuotaPrivilege",
-      L"SeMachineAccountPrivilege",
-      L"SeTcbPrivilege",
-      L"SeSecurityPrivilege",
-      L"SeTakeOwnershipPrivilege",
-      L"SeLoadDriverPrivilege",
-      L"SeSystemProfilePrivilege",
-      L"SeSystemtimePrivilege",
-      L"SeProfileSingleProcessPrivilege",
-      L"SeIncreaseBasePriorityPrivilege",
-      L"SeCreatePagefilePrivilege",
-      L"SeCreatePermanentPrivilege",
-      L"SeBackupPrivilege",
-      L"SeRestorePrivilege",
-      L"SeShutdownPrivilege",
-      L"SeDebugPrivilege",
-      L"SeAuditPrivilege",
-      L"SeSystemEnvironmentPrivilege",
-      L"SeChangeNotifyPrivilege",
-      L"SeRemoteShutdownPrivilege",
-      L"SeUndockPrivilege",
-      L"SeSyncAgentPrivilege",
-      L"SeEnableDelegationPrivilege",
-      L"SeManageVolumePrivilege",
-      L"SeImpersonatePrivilege",
-      L"SeCreateGlobalPrivilege"
-    };
-  unsigned Priv;
 
-  if (!ADVAPI_IsLocalComputer(SystemName))
+    RtlInitUnicodeString(&SystemName,
+                         lpSystemName);
+
+    Status = LsaOpenPolicy(lpSystemName ? &SystemName : NULL,
+                           &ObjectAttributes,
+                           POLICY_LOOKUP_NAMES,
+                           &PolicyHandle);
+    if (!NT_SUCCESS(Status))
     {
-        SetLastError(RPC_S_SERVER_UNAVAILABLE);
+        SetLastError(LsaNtStatusToWinError(Status));
-        return FALSE;
-    }
-  if (!PrivName)
-    {
-        SetLastError(ERROR_NO_SUCH_PRIVILEGE);
         return FALSE;
     }
 
-  if (NULL != SystemName && L'\0' != *SystemName)
+    RtlInitUnicodeString(&PrivilegeName,
+                         lpPrivilegeName);
+
+    Status = LsaLookupPrivilegeValue(PolicyHandle,
+                                     &PrivilegeName,
+                                     lpLuid);
+
+    LsaClose(PolicyHandle);
+
+    if (!NT_SUCCESS(Status))
     {
-      FIXME("LookupPrivilegeValueW: not implemented for remote system\n");
+        SetLastError(LsaNtStatusToWinError(Status));
-      SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
+        return FALSE;
-      return FALSE;
     }
 
-  for (Priv = 0; Priv < sizeof(DefaultPrivNames) / sizeof(DefaultPrivNames[0]); Priv++)
+    return TRUE;
-    {
-      if (0 == _wcsicmp(PrivName, DefaultPrivNames[Priv]))
-        {
-          Luid->LowPart = Priv + SE_MIN_WELL_KNOWN_PRIVILEGE;
-          Luid->HighPart = 0;
-          return TRUE;
-        }
-    }
-
-  WARN("LookupPrivilegeValueW: no such privilege %S\n", PrivName);
-  SetLastError(ERROR_NO_SUCH_PRIVILEGE);
-  return FALSE;
 }
 
 

reactos/dll/win32/lsasrv/lsarpc.c

@@ -10,12 +10,19 @@
 
 #include <wine/debug.h>
 
+typedef enum _LSA_DB_HANDLE_TYPE
+{
+    LsaDbIgnoreHandle,
+    LsaDbPolicyHandle,
+    LsaDbAccountHandle
+} LSA_DB_HANDLE_TYPE, *PLSA_DB_HANDLE_TYPE;
+
 typedef struct _LSA_DB_HANDLE
 {
     ULONG Signature;
-    ULONG Type;
+    LSA_DB_HANDLE_TYPE HandleType;
     LONG RefCount;
-    ACCESS_MASK AccessGranted;
+    ACCESS_MASK Access;
 } LSA_DB_HANDLE, *PLSA_DB_HANDLE;
 
 #define LSAP_DB_SIGNATURE 0x12345678
@@ -28,7 +35,8 @@ WINE_DEFAULT_DEBUG_CHANNEL(lsasrv);
 /* FUNCTIONS ***************************************************************/
 
 static LSAPR_HANDLE
-LsapCreateDbHandle(ULONG Type)
+LsapCreateDbHandle(LSA_DB_HANDLE_TYPE HandleType,
+                   ACCESS_MASK DesiredAccess)
 {
     PLSA_DB_HANDLE DbHandle;
 
@@ -41,7 +49,8 @@ LsapCreateDbHandle(ULONG Type)
     {
         DbHandle->Signature = LSAP_DB_SIGNATURE;
         DbHandle->RefCount = 1;
-        DbHandle->Type = Type;
+        DbHandle->HandleType = HandleType;
+        DbHandle->Access = DesiredAccess;
     }
 
 //    RtlLeaveCriticalSection(&PolicyHandleTableLock);
@@ -51,7 +60,8 @@ LsapCreateDbHandle(ULONG Type)
 
 
 static BOOL
-LsapValidateDbHandle(LSAPR_HANDLE Handle)
+LsapValidateDbHandle(LSAPR_HANDLE Handle,
+                     LSA_DB_HANDLE_TYPE HandleType)
 {
     PLSA_DB_HANDLE DbHandle = (PLSA_DB_HANDLE)Handle;
     BOOL bValid = FALSE;
@@ -59,7 +69,12 @@ LsapValidateDbHandle(LSAPR_HANDLE Handle)
     _SEH2_TRY
     {
         if (DbHandle->Signature == LSAP_DB_SIGNATURE)
-            bValid = TRUE;
+        {
+            if (HandleType == LsaDbIgnoreHandle)
+                bValid = TRUE;
+            else if (DbHandle->HandleType == HandleType)
+                bValid = TRUE;
+        }
     }
     _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
     {
@@ -81,7 +96,7 @@ LsarStartRpcServer(VOID)
 
     RtlInitializeCriticalSection(&PolicyHandleTableLock);
 
-    TRACE("LsarStartRpcServer() called");
+    TRACE("LsarStartRpcServer() called\n");
 
     Status = RpcServerUseProtseqEpW(L"ncacn_np",
                                     10,
@@ -129,7 +144,7 @@ NTSTATUS LsarClose(
 
 //    RtlEnterCriticalSection(&PolicyHandleTableLock);
 
-    if (LsapValidateDbHandle(*ObjectHandle))
+    if (LsapValidateDbHandle(*ObjectHandle, LsaDbIgnoreHandle))
     {
         RtlFreeHeap(RtlGetProcessHeap(), 0, *ObjectHandle);
         *ObjectHandle = NULL;
@@ -213,7 +228,8 @@ NTSTATUS LsarOpenPolicy(
 
     RtlEnterCriticalSection(&PolicyHandleTableLock);
 
-    *PolicyHandle = LsapCreateDbHandle(0);
+    *PolicyHandle = LsapCreateDbHandle(LsaDbPolicyHandle,
+                                       DesiredAccess);
     if (*PolicyHandle == NULL)
         Status = STATUS_INSUFFICIENT_RESOURCES;
 
@@ -504,8 +520,63 @@ NTSTATUS LsarLookupPrivilegeValue(
     PRPC_UNICODE_STRING Name,
     PLUID Value)
 {
-    UNIMPLEMENTED;
+    static const WCHAR * const DefaultPrivNames[] =
-    return STATUS_NOT_IMPLEMENTED;
+    {
+      L"SeCreateTokenPrivilege",
+      L"SeAssignPrimaryTokenPrivilege",
+      L"SeLockMemoryPrivilege",
+      L"SeIncreaseQuotaPrivilege",
+      L"SeMachineAccountPrivilege",
+      L"SeTcbPrivilege",
+      L"SeSecurityPrivilege",
+      L"SeTakeOwnershipPrivilege",
+      L"SeLoadDriverPrivilege",
+      L"SeSystemProfilePrivilege",
+      L"SeSystemtimePrivilege",
+      L"SeProfileSingleProcessPrivilege",
+      L"SeIncreaseBasePriorityPrivilege",
+      L"SeCreatePagefilePrivilege",
+      L"SeCreatePermanentPrivilege",
+      L"SeBackupPrivilege",
+      L"SeRestorePrivilege",
+      L"SeShutdownPrivilege",
+      L"SeDebugPrivilege",
+      L"SeAuditPrivilege",
+      L"SeSystemEnvironmentPrivilege",
+      L"SeChangeNotifyPrivilege",
+      L"SeRemoteShutdownPrivilege",
+      L"SeUndockPrivilege",
+      L"SeSyncAgentPrivilege",
+      L"SeEnableDelegationPrivilege",
+      L"SeManageVolumePrivilege",
+      L"SeImpersonatePrivilege",
+      L"SeCreateGlobalPrivilege"
+    };
+    ULONG Priv;
+
+
+    TRACE("LsarLookupPrivilegeValue(%p, %wZ, %p)\n",
+          PolicyHandle, Name, Value);
+
+    if (!LsapValidateDbHandle(PolicyHandle, LsaDbPolicyHandle))
+    {
+        ERR("Invalid handle\n");
+        return STATUS_INVALID_HANDLE;
+    }
+
+    for (Priv = 0; Priv < sizeof(DefaultPrivNames) / sizeof(DefaultPrivNames[0]); Priv++)
+    {
+        if (0 == _wcsicmp(Name->Buffer, DefaultPrivNames[Priv]))
+        {
+            Value->LowPart = Priv + SE_MIN_WELL_KNOWN_PRIVILEGE;
+            Value->HighPart = 0;
+            return STATUS_SUCCESS;
+        }
+    }
+
+    WARN("LsarLookupPrivilegeValue: no such privilege %wZ\n", Name);
+
+    return STATUS_NO_SUCH_PRIVILEGE;
 }
 
 
@@ -562,7 +633,7 @@ NTSTATUS LsarEnmuerateAccountRights(
 {
     FIXME("(%p,%p,%p) stub\n", PolicyHandle, AccountSid, UserRights);
 
-    if (!LsapValidateDbHandle(PolicyHandle))
+    if (!LsapValidateDbHandle(PolicyHandle, LsaDbPolicyHandle))
         return STATUS_INVALID_HANDLE;
 
     UserRights->Entries = 0;

reactos/include/psdk/ntsecapi.h

@@ -698,6 +698,7 @@ NTSTATUS NTAPI LsaLookupNames(LSA_HANDLE,ULONG,PLSA_UNICODE_STRING,
                             PLSA_REFERENCED_DOMAIN_LIST*,PLSA_TRANSLATED_SID*);
 NTSTATUS NTAPI LsaLookupNames2(LSA_HANDLE,ULONG,ULONG,PLSA_UNICODE_STRING,
                             PLSA_REFERENCED_DOMAIN_LIST*,PLSA_TRANSLATED_SID2*);
+NTSTATUS NTAPI LsaLookupPrivilegeValue(LSA_HANDLE, PLSA_UNICODE_STRING, PLUID);
 NTSTATUS NTAPI LsaLookupSids(LSA_HANDLE,ULONG,PSID*,
                             PLSA_REFERENCED_DOMAIN_LIST*,PLSA_TRANSLATED_NAME*);
 ULONG NTAPI LsaNtStatusToWinError(NTSTATUS);