[ADVAPI32/LSASRV]

- Implement LookupPrivilegeValueW and LsaLookupPrivilegeValue.
- Move lookup code from LookupPrivilegeValueW to LsarLookupPrivilegeValue.

svn path=/trunk/; revision=47934
This commit is contained in:
Eric Kohl 2010-07-03 22:51:44 +00:00
parent 35deb4dbb9
commit 66f17acd8f
5 changed files with 148 additions and 75 deletions

View file

@ -374,7 +374,7 @@
@ stdcall LsaLookupNames2(ptr long long ptr ptr ptr)
@ stub LsaLookupPrivilegeDisplayName
@ stub LsaLookupPrivilegeName
@ stub LsaLookupPrivilegeValue
@ stdcall LsaLookupPrivilegeValue(ptr ptr ptr)
@ stdcall LsaLookupSids(ptr long ptr ptr ptr)
@ stdcall LsaNtStatusToWinError(long)
@ stub LsaOpenAccount

View file

@ -396,6 +396,37 @@ LsaLookupNames2(
return STATUS_NONE_MAPPED;
}
/*
* @implemented
*/
NTSTATUS
WINAPI
LsaLookupPrivilegeValue(IN LSA_HANDLE PolicyHandle,
IN PLSA_UNICODE_STRING Name,
OUT PLUID Value)
{
LUID Luid;
NTSTATUS Status;
FIXME("(%p,%p,%p) stub\n", PolicyHandle, Name, Value);
RpcTryExcept
{
Status = LsarLookupPrivilegeValue(PolicyHandle,
(PRPC_UNICODE_STRING)Name,
&Luid);
if (Status == STATUS_SUCCESS)
*Value = Luid;
}
RpcExcept(EXCEPTION_EXECUTE_HANDLER)
{
Status = I_RpcMapWin32Status(RpcExceptionCode());
}
RpcEndExcept;
return Status;
}
/*
* @unimplemented
*/

View file

@ -1409,82 +1409,52 @@ LookupPrivilegeValueA(LPCSTR lpSystemName,
/**********************************************************************
* LookupPrivilegeValueW EXPORTED
* LookupPrivilegeValueW
*
* @unimplemented
* @implemented
*/
BOOL
WINAPI
LookupPrivilegeValueW(LPCWSTR SystemName,
LPCWSTR PrivName,
PLUID Luid)
LookupPrivilegeValueW(LPCWSTR lpSystemName,
LPCWSTR lpPrivilegeName,
PLUID lpLuid)
{
static const WCHAR * const DefaultPrivNames[] =
{
L"SeCreateTokenPrivilege",
L"SeAssignPrimaryTokenPrivilege",
L"SeLockMemoryPrivilege",
L"SeIncreaseQuotaPrivilege",
L"SeMachineAccountPrivilege",
L"SeTcbPrivilege",
L"SeSecurityPrivilege",
L"SeTakeOwnershipPrivilege",
L"SeLoadDriverPrivilege",
L"SeSystemProfilePrivilege",
L"SeSystemtimePrivilege",
L"SeProfileSingleProcessPrivilege",
L"SeIncreaseBasePriorityPrivilege",
L"SeCreatePagefilePrivilege",
L"SeCreatePermanentPrivilege",
L"SeBackupPrivilege",
L"SeRestorePrivilege",
L"SeShutdownPrivilege",
L"SeDebugPrivilege",
L"SeAuditPrivilege",
L"SeSystemEnvironmentPrivilege",
L"SeChangeNotifyPrivilege",
L"SeRemoteShutdownPrivilege",
L"SeUndockPrivilege",
L"SeSyncAgentPrivilege",
L"SeEnableDelegationPrivilege",
L"SeManageVolumePrivilege",
L"SeImpersonatePrivilege",
L"SeCreateGlobalPrivilege"
};
unsigned Priv;
LSA_OBJECT_ATTRIBUTES ObjectAttributes = {0};
LSA_UNICODE_STRING SystemName;
LSA_UNICODE_STRING PrivilegeName;
LSA_HANDLE PolicyHandle = NULL;
NTSTATUS Status;
if (!ADVAPI_IsLocalComputer(SystemName))
RtlInitUnicodeString(&SystemName,
lpSystemName);
Status = LsaOpenPolicy(lpSystemName ? &SystemName : NULL,
&ObjectAttributes,
POLICY_LOOKUP_NAMES,
&PolicyHandle);
if (!NT_SUCCESS(Status))
{
SetLastError(RPC_S_SERVER_UNAVAILABLE);
return FALSE;
}
if (!PrivName)
{
SetLastError(ERROR_NO_SUCH_PRIVILEGE);
SetLastError(LsaNtStatusToWinError(Status));
return FALSE;
}
if (NULL != SystemName && L'\0' != *SystemName)
RtlInitUnicodeString(&PrivilegeName,
lpPrivilegeName);
Status = LsaLookupPrivilegeValue(PolicyHandle,
&PrivilegeName,
lpLuid);
LsaClose(PolicyHandle);
if (!NT_SUCCESS(Status))
{
FIXME("LookupPrivilegeValueW: not implemented for remote system\n");
SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
SetLastError(LsaNtStatusToWinError(Status));
return FALSE;
}
for (Priv = 0; Priv < sizeof(DefaultPrivNames) / sizeof(DefaultPrivNames[0]); Priv++)
{
if (0 == _wcsicmp(PrivName, DefaultPrivNames[Priv]))
{
Luid->LowPart = Priv + SE_MIN_WELL_KNOWN_PRIVILEGE;
Luid->HighPart = 0;
return TRUE;
}
}
WARN("LookupPrivilegeValueW: no such privilege %S\n", PrivName);
SetLastError(ERROR_NO_SUCH_PRIVILEGE);
return FALSE;
}
/**********************************************************************

View file

@ -10,12 +10,19 @@
#include <wine/debug.h>
typedef enum _LSA_DB_HANDLE_TYPE
{
LsaDbIgnoreHandle,
LsaDbPolicyHandle,
LsaDbAccountHandle
} LSA_DB_HANDLE_TYPE, *PLSA_DB_HANDLE_TYPE;
typedef struct _LSA_DB_HANDLE
{
ULONG Signature;
ULONG Type;
LSA_DB_HANDLE_TYPE HandleType;
LONG RefCount;
ACCESS_MASK AccessGranted;
ACCESS_MASK Access;
} LSA_DB_HANDLE, *PLSA_DB_HANDLE;
#define LSAP_DB_SIGNATURE 0x12345678
@ -28,7 +35,8 @@ WINE_DEFAULT_DEBUG_CHANNEL(lsasrv);
/* FUNCTIONS ***************************************************************/
static LSAPR_HANDLE
LsapCreateDbHandle(ULONG Type)
LsapCreateDbHandle(LSA_DB_HANDLE_TYPE HandleType,
ACCESS_MASK DesiredAccess)
{
PLSA_DB_HANDLE DbHandle;
@ -41,7 +49,8 @@ LsapCreateDbHandle(ULONG Type)
{
DbHandle->Signature = LSAP_DB_SIGNATURE;
DbHandle->RefCount = 1;
DbHandle->Type = Type;
DbHandle->HandleType = HandleType;
DbHandle->Access = DesiredAccess;
}
// RtlLeaveCriticalSection(&PolicyHandleTableLock);
@ -51,7 +60,8 @@ LsapCreateDbHandle(ULONG Type)
static BOOL
LsapValidateDbHandle(LSAPR_HANDLE Handle)
LsapValidateDbHandle(LSAPR_HANDLE Handle,
LSA_DB_HANDLE_TYPE HandleType)
{
PLSA_DB_HANDLE DbHandle = (PLSA_DB_HANDLE)Handle;
BOOL bValid = FALSE;
@ -59,7 +69,12 @@ LsapValidateDbHandle(LSAPR_HANDLE Handle)
_SEH2_TRY
{
if (DbHandle->Signature == LSAP_DB_SIGNATURE)
{
if (HandleType == LsaDbIgnoreHandle)
bValid = TRUE;
else if (DbHandle->HandleType == HandleType)
bValid = TRUE;
}
}
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
{
@ -81,7 +96,7 @@ LsarStartRpcServer(VOID)
RtlInitializeCriticalSection(&PolicyHandleTableLock);
TRACE("LsarStartRpcServer() called");
TRACE("LsarStartRpcServer() called\n");
Status = RpcServerUseProtseqEpW(L"ncacn_np",
10,
@ -129,7 +144,7 @@ NTSTATUS LsarClose(
// RtlEnterCriticalSection(&PolicyHandleTableLock);
if (LsapValidateDbHandle(*ObjectHandle))
if (LsapValidateDbHandle(*ObjectHandle, LsaDbIgnoreHandle))
{
RtlFreeHeap(RtlGetProcessHeap(), 0, *ObjectHandle);
*ObjectHandle = NULL;
@ -213,7 +228,8 @@ NTSTATUS LsarOpenPolicy(
RtlEnterCriticalSection(&PolicyHandleTableLock);
*PolicyHandle = LsapCreateDbHandle(0);
*PolicyHandle = LsapCreateDbHandle(LsaDbPolicyHandle,
DesiredAccess);
if (*PolicyHandle == NULL)
Status = STATUS_INSUFFICIENT_RESOURCES;
@ -504,8 +520,63 @@ NTSTATUS LsarLookupPrivilegeValue(
PRPC_UNICODE_STRING Name,
PLUID Value)
{
UNIMPLEMENTED;
return STATUS_NOT_IMPLEMENTED;
static const WCHAR * const DefaultPrivNames[] =
{
L"SeCreateTokenPrivilege",
L"SeAssignPrimaryTokenPrivilege",
L"SeLockMemoryPrivilege",
L"SeIncreaseQuotaPrivilege",
L"SeMachineAccountPrivilege",
L"SeTcbPrivilege",
L"SeSecurityPrivilege",
L"SeTakeOwnershipPrivilege",
L"SeLoadDriverPrivilege",
L"SeSystemProfilePrivilege",
L"SeSystemtimePrivilege",
L"SeProfileSingleProcessPrivilege",
L"SeIncreaseBasePriorityPrivilege",
L"SeCreatePagefilePrivilege",
L"SeCreatePermanentPrivilege",
L"SeBackupPrivilege",
L"SeRestorePrivilege",
L"SeShutdownPrivilege",
L"SeDebugPrivilege",
L"SeAuditPrivilege",
L"SeSystemEnvironmentPrivilege",
L"SeChangeNotifyPrivilege",
L"SeRemoteShutdownPrivilege",
L"SeUndockPrivilege",
L"SeSyncAgentPrivilege",
L"SeEnableDelegationPrivilege",
L"SeManageVolumePrivilege",
L"SeImpersonatePrivilege",
L"SeCreateGlobalPrivilege"
};
ULONG Priv;
TRACE("LsarLookupPrivilegeValue(%p, %wZ, %p)\n",
PolicyHandle, Name, Value);
if (!LsapValidateDbHandle(PolicyHandle, LsaDbPolicyHandle))
{
ERR("Invalid handle\n");
return STATUS_INVALID_HANDLE;
}
for (Priv = 0; Priv < sizeof(DefaultPrivNames) / sizeof(DefaultPrivNames[0]); Priv++)
{
if (0 == _wcsicmp(Name->Buffer, DefaultPrivNames[Priv]))
{
Value->LowPart = Priv + SE_MIN_WELL_KNOWN_PRIVILEGE;
Value->HighPart = 0;
return STATUS_SUCCESS;
}
}
WARN("LsarLookupPrivilegeValue: no such privilege %wZ\n", Name);
return STATUS_NO_SUCH_PRIVILEGE;
}
@ -562,7 +633,7 @@ NTSTATUS LsarEnmuerateAccountRights(
{
FIXME("(%p,%p,%p) stub\n", PolicyHandle, AccountSid, UserRights);
if (!LsapValidateDbHandle(PolicyHandle))
if (!LsapValidateDbHandle(PolicyHandle, LsaDbPolicyHandle))
return STATUS_INVALID_HANDLE;
UserRights->Entries = 0;

View file

@ -698,6 +698,7 @@ NTSTATUS NTAPI LsaLookupNames(LSA_HANDLE,ULONG,PLSA_UNICODE_STRING,
PLSA_REFERENCED_DOMAIN_LIST*,PLSA_TRANSLATED_SID*);
NTSTATUS NTAPI LsaLookupNames2(LSA_HANDLE,ULONG,ULONG,PLSA_UNICODE_STRING,
PLSA_REFERENCED_DOMAIN_LIST*,PLSA_TRANSLATED_SID2*);
NTSTATUS NTAPI LsaLookupPrivilegeValue(LSA_HANDLE, PLSA_UNICODE_STRING, PLUID);
NTSTATUS NTAPI LsaLookupSids(LSA_HANDLE,ULONG,PSID*,
PLSA_REFERENCED_DOMAIN_LIST*,PLSA_TRANSLATED_NAME*);
ULONG NTAPI LsaNtStatusToWinError(NTSTATUS);