mirror of
https://github.com/reactos/reactos.git
synced 2025-01-02 20:43:18 +00:00
[ADVAPI32/LSASRV]
- Implement LookupPrivilegeValueW and LsaLookupPrivilegeValue. - Move lookup code from LookupPrivilegeValueW to LsarLookupPrivilegeValue. svn path=/trunk/; revision=47934
This commit is contained in:
parent
35deb4dbb9
commit
66f17acd8f
5 changed files with 148 additions and 75 deletions
|
@ -374,7 +374,7 @@
|
|||
@ stdcall LsaLookupNames2(ptr long long ptr ptr ptr)
|
||||
@ stub LsaLookupPrivilegeDisplayName
|
||||
@ stub LsaLookupPrivilegeName
|
||||
@ stub LsaLookupPrivilegeValue
|
||||
@ stdcall LsaLookupPrivilegeValue(ptr ptr ptr)
|
||||
@ stdcall LsaLookupSids(ptr long ptr ptr ptr)
|
||||
@ stdcall LsaNtStatusToWinError(long)
|
||||
@ stub LsaOpenAccount
|
||||
|
|
|
@ -396,6 +396,37 @@ LsaLookupNames2(
|
|||
return STATUS_NONE_MAPPED;
|
||||
}
|
||||
|
||||
/*
|
||||
* @implemented
|
||||
*/
|
||||
NTSTATUS
|
||||
WINAPI
|
||||
LsaLookupPrivilegeValue(IN LSA_HANDLE PolicyHandle,
|
||||
IN PLSA_UNICODE_STRING Name,
|
||||
OUT PLUID Value)
|
||||
{
|
||||
LUID Luid;
|
||||
NTSTATUS Status;
|
||||
|
||||
FIXME("(%p,%p,%p) stub\n", PolicyHandle, Name, Value);
|
||||
|
||||
RpcTryExcept
|
||||
{
|
||||
Status = LsarLookupPrivilegeValue(PolicyHandle,
|
||||
(PRPC_UNICODE_STRING)Name,
|
||||
&Luid);
|
||||
if (Status == STATUS_SUCCESS)
|
||||
*Value = Luid;
|
||||
}
|
||||
RpcExcept(EXCEPTION_EXECUTE_HANDLER)
|
||||
{
|
||||
Status = I_RpcMapWin32Status(RpcExceptionCode());
|
||||
}
|
||||
RpcEndExcept;
|
||||
|
||||
return Status;
|
||||
}
|
||||
|
||||
/*
|
||||
* @unimplemented
|
||||
*/
|
||||
|
|
|
@ -1409,82 +1409,52 @@ LookupPrivilegeValueA(LPCSTR lpSystemName,
|
|||
|
||||
|
||||
/**********************************************************************
|
||||
* LookupPrivilegeValueW EXPORTED
|
||||
* LookupPrivilegeValueW
|
||||
*
|
||||
* @unimplemented
|
||||
* @implemented
|
||||
*/
|
||||
BOOL
|
||||
WINAPI
|
||||
LookupPrivilegeValueW(LPCWSTR SystemName,
|
||||
LPCWSTR PrivName,
|
||||
PLUID Luid)
|
||||
LookupPrivilegeValueW(LPCWSTR lpSystemName,
|
||||
LPCWSTR lpPrivilegeName,
|
||||
PLUID lpLuid)
|
||||
{
|
||||
static const WCHAR * const DefaultPrivNames[] =
|
||||
{
|
||||
L"SeCreateTokenPrivilege",
|
||||
L"SeAssignPrimaryTokenPrivilege",
|
||||
L"SeLockMemoryPrivilege",
|
||||
L"SeIncreaseQuotaPrivilege",
|
||||
L"SeMachineAccountPrivilege",
|
||||
L"SeTcbPrivilege",
|
||||
L"SeSecurityPrivilege",
|
||||
L"SeTakeOwnershipPrivilege",
|
||||
L"SeLoadDriverPrivilege",
|
||||
L"SeSystemProfilePrivilege",
|
||||
L"SeSystemtimePrivilege",
|
||||
L"SeProfileSingleProcessPrivilege",
|
||||
L"SeIncreaseBasePriorityPrivilege",
|
||||
L"SeCreatePagefilePrivilege",
|
||||
L"SeCreatePermanentPrivilege",
|
||||
L"SeBackupPrivilege",
|
||||
L"SeRestorePrivilege",
|
||||
L"SeShutdownPrivilege",
|
||||
L"SeDebugPrivilege",
|
||||
L"SeAuditPrivilege",
|
||||
L"SeSystemEnvironmentPrivilege",
|
||||
L"SeChangeNotifyPrivilege",
|
||||
L"SeRemoteShutdownPrivilege",
|
||||
L"SeUndockPrivilege",
|
||||
L"SeSyncAgentPrivilege",
|
||||
L"SeEnableDelegationPrivilege",
|
||||
L"SeManageVolumePrivilege",
|
||||
L"SeImpersonatePrivilege",
|
||||
L"SeCreateGlobalPrivilege"
|
||||
};
|
||||
unsigned Priv;
|
||||
LSA_OBJECT_ATTRIBUTES ObjectAttributes = {0};
|
||||
LSA_UNICODE_STRING SystemName;
|
||||
LSA_UNICODE_STRING PrivilegeName;
|
||||
LSA_HANDLE PolicyHandle = NULL;
|
||||
NTSTATUS Status;
|
||||
|
||||
if (!ADVAPI_IsLocalComputer(SystemName))
|
||||
RtlInitUnicodeString(&SystemName,
|
||||
lpSystemName);
|
||||
|
||||
Status = LsaOpenPolicy(lpSystemName ? &SystemName : NULL,
|
||||
&ObjectAttributes,
|
||||
POLICY_LOOKUP_NAMES,
|
||||
&PolicyHandle);
|
||||
if (!NT_SUCCESS(Status))
|
||||
{
|
||||
SetLastError(RPC_S_SERVER_UNAVAILABLE);
|
||||
return FALSE;
|
||||
}
|
||||
if (!PrivName)
|
||||
{
|
||||
SetLastError(ERROR_NO_SUCH_PRIVILEGE);
|
||||
SetLastError(LsaNtStatusToWinError(Status));
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
if (NULL != SystemName && L'\0' != *SystemName)
|
||||
RtlInitUnicodeString(&PrivilegeName,
|
||||
lpPrivilegeName);
|
||||
|
||||
Status = LsaLookupPrivilegeValue(PolicyHandle,
|
||||
&PrivilegeName,
|
||||
lpLuid);
|
||||
|
||||
LsaClose(PolicyHandle);
|
||||
|
||||
if (!NT_SUCCESS(Status))
|
||||
{
|
||||
FIXME("LookupPrivilegeValueW: not implemented for remote system\n");
|
||||
SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
|
||||
SetLastError(LsaNtStatusToWinError(Status));
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
for (Priv = 0; Priv < sizeof(DefaultPrivNames) / sizeof(DefaultPrivNames[0]); Priv++)
|
||||
{
|
||||
if (0 == _wcsicmp(PrivName, DefaultPrivNames[Priv]))
|
||||
{
|
||||
Luid->LowPart = Priv + SE_MIN_WELL_KNOWN_PRIVILEGE;
|
||||
Luid->HighPart = 0;
|
||||
return TRUE;
|
||||
}
|
||||
}
|
||||
|
||||
WARN("LookupPrivilegeValueW: no such privilege %S\n", PrivName);
|
||||
SetLastError(ERROR_NO_SUCH_PRIVILEGE);
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
|
||||
/**********************************************************************
|
||||
|
|
|
@ -10,12 +10,19 @@
|
|||
|
||||
#include <wine/debug.h>
|
||||
|
||||
typedef enum _LSA_DB_HANDLE_TYPE
|
||||
{
|
||||
LsaDbIgnoreHandle,
|
||||
LsaDbPolicyHandle,
|
||||
LsaDbAccountHandle
|
||||
} LSA_DB_HANDLE_TYPE, *PLSA_DB_HANDLE_TYPE;
|
||||
|
||||
typedef struct _LSA_DB_HANDLE
|
||||
{
|
||||
ULONG Signature;
|
||||
ULONG Type;
|
||||
LSA_DB_HANDLE_TYPE HandleType;
|
||||
LONG RefCount;
|
||||
ACCESS_MASK AccessGranted;
|
||||
ACCESS_MASK Access;
|
||||
} LSA_DB_HANDLE, *PLSA_DB_HANDLE;
|
||||
|
||||
#define LSAP_DB_SIGNATURE 0x12345678
|
||||
|
@ -28,7 +35,8 @@ WINE_DEFAULT_DEBUG_CHANNEL(lsasrv);
|
|||
/* FUNCTIONS ***************************************************************/
|
||||
|
||||
static LSAPR_HANDLE
|
||||
LsapCreateDbHandle(ULONG Type)
|
||||
LsapCreateDbHandle(LSA_DB_HANDLE_TYPE HandleType,
|
||||
ACCESS_MASK DesiredAccess)
|
||||
{
|
||||
PLSA_DB_HANDLE DbHandle;
|
||||
|
||||
|
@ -41,7 +49,8 @@ LsapCreateDbHandle(ULONG Type)
|
|||
{
|
||||
DbHandle->Signature = LSAP_DB_SIGNATURE;
|
||||
DbHandle->RefCount = 1;
|
||||
DbHandle->Type = Type;
|
||||
DbHandle->HandleType = HandleType;
|
||||
DbHandle->Access = DesiredAccess;
|
||||
}
|
||||
|
||||
// RtlLeaveCriticalSection(&PolicyHandleTableLock);
|
||||
|
@ -51,7 +60,8 @@ LsapCreateDbHandle(ULONG Type)
|
|||
|
||||
|
||||
static BOOL
|
||||
LsapValidateDbHandle(LSAPR_HANDLE Handle)
|
||||
LsapValidateDbHandle(LSAPR_HANDLE Handle,
|
||||
LSA_DB_HANDLE_TYPE HandleType)
|
||||
{
|
||||
PLSA_DB_HANDLE DbHandle = (PLSA_DB_HANDLE)Handle;
|
||||
BOOL bValid = FALSE;
|
||||
|
@ -59,7 +69,12 @@ LsapValidateDbHandle(LSAPR_HANDLE Handle)
|
|||
_SEH2_TRY
|
||||
{
|
||||
if (DbHandle->Signature == LSAP_DB_SIGNATURE)
|
||||
{
|
||||
if (HandleType == LsaDbIgnoreHandle)
|
||||
bValid = TRUE;
|
||||
else if (DbHandle->HandleType == HandleType)
|
||||
bValid = TRUE;
|
||||
}
|
||||
}
|
||||
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
|
||||
{
|
||||
|
@ -81,7 +96,7 @@ LsarStartRpcServer(VOID)
|
|||
|
||||
RtlInitializeCriticalSection(&PolicyHandleTableLock);
|
||||
|
||||
TRACE("LsarStartRpcServer() called");
|
||||
TRACE("LsarStartRpcServer() called\n");
|
||||
|
||||
Status = RpcServerUseProtseqEpW(L"ncacn_np",
|
||||
10,
|
||||
|
@ -129,7 +144,7 @@ NTSTATUS LsarClose(
|
|||
|
||||
// RtlEnterCriticalSection(&PolicyHandleTableLock);
|
||||
|
||||
if (LsapValidateDbHandle(*ObjectHandle))
|
||||
if (LsapValidateDbHandle(*ObjectHandle, LsaDbIgnoreHandle))
|
||||
{
|
||||
RtlFreeHeap(RtlGetProcessHeap(), 0, *ObjectHandle);
|
||||
*ObjectHandle = NULL;
|
||||
|
@ -213,7 +228,8 @@ NTSTATUS LsarOpenPolicy(
|
|||
|
||||
RtlEnterCriticalSection(&PolicyHandleTableLock);
|
||||
|
||||
*PolicyHandle = LsapCreateDbHandle(0);
|
||||
*PolicyHandle = LsapCreateDbHandle(LsaDbPolicyHandle,
|
||||
DesiredAccess);
|
||||
if (*PolicyHandle == NULL)
|
||||
Status = STATUS_INSUFFICIENT_RESOURCES;
|
||||
|
||||
|
@ -504,8 +520,63 @@ NTSTATUS LsarLookupPrivilegeValue(
|
|||
PRPC_UNICODE_STRING Name,
|
||||
PLUID Value)
|
||||
{
|
||||
UNIMPLEMENTED;
|
||||
return STATUS_NOT_IMPLEMENTED;
|
||||
static const WCHAR * const DefaultPrivNames[] =
|
||||
{
|
||||
L"SeCreateTokenPrivilege",
|
||||
L"SeAssignPrimaryTokenPrivilege",
|
||||
L"SeLockMemoryPrivilege",
|
||||
L"SeIncreaseQuotaPrivilege",
|
||||
L"SeMachineAccountPrivilege",
|
||||
L"SeTcbPrivilege",
|
||||
L"SeSecurityPrivilege",
|
||||
L"SeTakeOwnershipPrivilege",
|
||||
L"SeLoadDriverPrivilege",
|
||||
L"SeSystemProfilePrivilege",
|
||||
L"SeSystemtimePrivilege",
|
||||
L"SeProfileSingleProcessPrivilege",
|
||||
L"SeIncreaseBasePriorityPrivilege",
|
||||
L"SeCreatePagefilePrivilege",
|
||||
L"SeCreatePermanentPrivilege",
|
||||
L"SeBackupPrivilege",
|
||||
L"SeRestorePrivilege",
|
||||
L"SeShutdownPrivilege",
|
||||
L"SeDebugPrivilege",
|
||||
L"SeAuditPrivilege",
|
||||
L"SeSystemEnvironmentPrivilege",
|
||||
L"SeChangeNotifyPrivilege",
|
||||
L"SeRemoteShutdownPrivilege",
|
||||
L"SeUndockPrivilege",
|
||||
L"SeSyncAgentPrivilege",
|
||||
L"SeEnableDelegationPrivilege",
|
||||
L"SeManageVolumePrivilege",
|
||||
L"SeImpersonatePrivilege",
|
||||
L"SeCreateGlobalPrivilege"
|
||||
};
|
||||
ULONG Priv;
|
||||
|
||||
|
||||
TRACE("LsarLookupPrivilegeValue(%p, %wZ, %p)\n",
|
||||
PolicyHandle, Name, Value);
|
||||
|
||||
if (!LsapValidateDbHandle(PolicyHandle, LsaDbPolicyHandle))
|
||||
{
|
||||
ERR("Invalid handle\n");
|
||||
return STATUS_INVALID_HANDLE;
|
||||
}
|
||||
|
||||
for (Priv = 0; Priv < sizeof(DefaultPrivNames) / sizeof(DefaultPrivNames[0]); Priv++)
|
||||
{
|
||||
if (0 == _wcsicmp(Name->Buffer, DefaultPrivNames[Priv]))
|
||||
{
|
||||
Value->LowPart = Priv + SE_MIN_WELL_KNOWN_PRIVILEGE;
|
||||
Value->HighPart = 0;
|
||||
return STATUS_SUCCESS;
|
||||
}
|
||||
}
|
||||
|
||||
WARN("LsarLookupPrivilegeValue: no such privilege %wZ\n", Name);
|
||||
|
||||
return STATUS_NO_SUCH_PRIVILEGE;
|
||||
}
|
||||
|
||||
|
||||
|
@ -562,7 +633,7 @@ NTSTATUS LsarEnmuerateAccountRights(
|
|||
{
|
||||
FIXME("(%p,%p,%p) stub\n", PolicyHandle, AccountSid, UserRights);
|
||||
|
||||
if (!LsapValidateDbHandle(PolicyHandle))
|
||||
if (!LsapValidateDbHandle(PolicyHandle, LsaDbPolicyHandle))
|
||||
return STATUS_INVALID_HANDLE;
|
||||
|
||||
UserRights->Entries = 0;
|
||||
|
|
|
@ -698,6 +698,7 @@ NTSTATUS NTAPI LsaLookupNames(LSA_HANDLE,ULONG,PLSA_UNICODE_STRING,
|
|||
PLSA_REFERENCED_DOMAIN_LIST*,PLSA_TRANSLATED_SID*);
|
||||
NTSTATUS NTAPI LsaLookupNames2(LSA_HANDLE,ULONG,ULONG,PLSA_UNICODE_STRING,
|
||||
PLSA_REFERENCED_DOMAIN_LIST*,PLSA_TRANSLATED_SID2*);
|
||||
NTSTATUS NTAPI LsaLookupPrivilegeValue(LSA_HANDLE, PLSA_UNICODE_STRING, PLUID);
|
||||
NTSTATUS NTAPI LsaLookupSids(LSA_HANDLE,ULONG,PSID*,
|
||||
PLSA_REFERENCED_DOMAIN_LIST*,PLSA_TRANSLATED_NAME*);
|
||||
ULONG NTAPI LsaNtStatusToWinError(NTSTATUS);
|
||||
|
|
Loading…
Reference in a new issue