From 686b87d7d280e6333dc7dd5ce902f7f71d793451 Mon Sep 17 00:00:00 2001 From: Eric Kohl Date: Sun, 6 May 2012 20:57:21 +0000 Subject: [PATCH] [ADVAPI32/LSASRV] - Implement LsaEnumeratePrivilegesOfAccount and LsarEnumeratePrivilegesAccount. - Implement parts of LsarAddPrivilegesToAccount. svn path=/trunk/; revision=56527 --- reactos/dll/win32/advapi32/advapi32.spec | 2 +- reactos/dll/win32/advapi32/sec/lsa.c | 30 +++++++- reactos/dll/win32/lsasrv/lsarpc.c | 88 ++++++++++++++++++++++-- reactos/include/psdk/ntsecapi.h | 1 + 4 files changed, 115 insertions(+), 6 deletions(-) diff --git a/reactos/dll/win32/advapi32/advapi32.spec b/reactos/dll/win32/advapi32/advapi32.spec index 83ac5825cf0..96409ffa3f5 100644 --- a/reactos/dll/win32/advapi32/advapi32.spec +++ b/reactos/dll/win32/advapi32/advapi32.spec @@ -358,7 +358,7 @@ @ stub LsaEnumerateAccounts @ stdcall LsaEnumerateAccountsWithUserRight(ptr ptr ptr ptr) @ stub LsaEnumeratePrivileges -@ stub LsaEnumeratePrivilegesOfAccount +@ stdcall LsaEnumeratePrivilegesOfAccount(ptr ptr) @ stdcall LsaEnumerateTrustedDomains(ptr ptr ptr long ptr) @ stdcall LsaEnumerateTrustedDomainsEx(ptr ptr ptr long ptr) @ stdcall LsaFreeMemory(ptr) diff --git a/reactos/dll/win32/advapi32/sec/lsa.c b/reactos/dll/win32/advapi32/sec/lsa.c index ef52bc65dc4..8b393604f48 100644 --- a/reactos/dll/win32/advapi32/sec/lsa.c +++ b/reactos/dll/win32/advapi32/sec/lsa.c @@ -366,6 +366,34 @@ LsaEnumerateAccountsWithUserRight( return STATUS_NO_MORE_ENTRIES; } + +/* + * @implemented + */ +NTSTATUS +WINAPI +LsaEnumeratePrivilegesOfAccount(IN LSA_HANDLE AccountHandle, + OUT PPRIVILEGE_SET *Privileges) +{ + NTSTATUS Status; + + TRACE("(%p,%p) stub\n", AccountHandle, Privileges); + + RpcTryExcept + { + Status = LsarEnumeratePrivilegesAccount((LSAPR_HANDLE)AccountHandle, + (LSAPR_PRIVILEGE_SET **)Privileges); + } + RpcExcept(EXCEPTION_EXECUTE_HANDLER) + { + Status = I_RpcMapWin32Status(RpcExceptionCode()); + } + RpcEndExcept; + + return Status; +} + + /* * @unimplemented */ @@ -380,7 +408,7 @@ LsaEnumerateTrustedDomains( { FIXME("(%p,%p,%p,0x%08x,%p) stub\n", PolicyHandle, EnumerationContext, Buffer, PreferedMaximumLength, CountReturned); - + if (CountReturned) *CountReturned = 0; return STATUS_SUCCESS; } diff --git a/reactos/dll/win32/lsasrv/lsarpc.c b/reactos/dll/win32/lsasrv/lsarpc.c index dd747f36439..f398c800e15 100644 --- a/reactos/dll/win32/lsasrv/lsarpc.c +++ b/reactos/dll/win32/lsasrv/lsarpc.c @@ -723,8 +723,52 @@ NTSTATUS WINAPI LsarEnumeratePrivilegesAccount( LSAPR_HANDLE AccountHandle, PLSAPR_PRIVILEGE_SET *Privileges) { - UNIMPLEMENTED; - return STATUS_NOT_IMPLEMENTED; + PLSA_DB_OBJECT AccountObject; + ULONG PrivilegeSetSize = 0; + PLSAPR_PRIVILEGE_SET PrivilegeSet = NULL; + NTSTATUS Status; + + *Privileges = NULL; + + /* Validate the AccountHandle */ + Status = LsapValidateDbObject(AccountHandle, + LsaDbAccountObject, + 0, + &AccountObject); + if (!NT_SUCCESS(Status)) + { + ERR("LsapValidateDbObject returned 0x%08lx\n", Status); + return Status; + } + + /* Get the size of the privilege set */ + Status = LsapGetObjectAttribute(AccountObject, + L"Privilgs", + NULL, + &PrivilegeSetSize); + if (!NT_SUCCESS(Status)) + return Status; + + /* Allocate a buffer for the privilege set */ + PrivilegeSet = MIDL_user_allocate(PrivilegeSetSize); + if (PrivilegeSet == NULL) + return STATUS_NO_MEMORY; + + /* Get the privilege set */ + Status = LsapGetObjectAttribute(AccountObject, + L"Privilgs", + PrivilegeSet, + &PrivilegeSetSize); + if (!NT_SUCCESS(Status)) + { + MIDL_user_free(PrivilegeSet); + return Status; + } + + /* Return a pointer to the privilege set */ + *Privileges = PrivilegeSet; + + return STATUS_SUCCESS; } @@ -733,8 +777,44 @@ NTSTATUS WINAPI LsarAddPrivilegesToAccount( LSAPR_HANDLE AccountHandle, PLSAPR_PRIVILEGE_SET Privileges) { - UNIMPLEMENTED; - return STATUS_NOT_IMPLEMENTED; + PLSA_DB_OBJECT AccountObject; + ULONG PrivilegeSetSize = 0; + NTSTATUS Status; + + /* Validate the AccountHandle */ + Status = LsapValidateDbObject(AccountHandle, + LsaDbAccountObject, + 0, + &AccountObject); + if (!NT_SUCCESS(Status)) + { + ERR("LsapValidateDbObject returned 0x%08lx\n", Status); + return Status; + } + + Status = LsapGetObjectAttribute(AccountObject, + L"Privilgs", + NULL, + &PrivilegeSetSize); + if (!NT_SUCCESS(Status) || PrivilegeSetSize == 0) + { + /* The Privilgs attribute does not exist */ + + PrivilegeSetSize = sizeof(PRIVILEGE_SET) + + (Privileges->PrivilegeCount - 1) * sizeof(LUID_AND_ATTRIBUTES); + Status = LsapSetObjectAttribute(AccountObject, + L"Privilgs", + Privileges, + PrivilegeSetSize); + } + else + { + /* The Privilgs attribute exists */ + + Status = STATUS_NOT_IMPLEMENTED; + } + + return Status; } diff --git a/reactos/include/psdk/ntsecapi.h b/reactos/include/psdk/ntsecapi.h index b092038bf4f..58995c779db 100644 --- a/reactos/include/psdk/ntsecapi.h +++ b/reactos/include/psdk/ntsecapi.h @@ -688,6 +688,7 @@ NTSTATUS NTAPI LsaDeregisterLogonProcess(HANDLE); NTSTATUS NTAPI LsaEnumerateAccountRights(LSA_HANDLE,PSID,PLSA_UNICODE_STRING*,PULONG); NTSTATUS NTAPI LsaEnumerateAccountsWithUserRight(LSA_HANDLE,PLSA_UNICODE_STRING, PVOID*,PULONG); +NTSTATUS NTAPI LsaEnumeratePrivilegesOfAccount(LSA_HANDLE, PPRIVILEGE_SET*); NTSTATUS NTAPI LsaEnumerateTrustedDomains(LSA_HANDLE,PLSA_ENUMERATION_HANDLE, PVOID*,ULONG,PULONG); NTSTATUS NTAPI LsaEnumerateTrustedDomainsEx(LSA_HANDLE,PLSA_ENUMERATION_HANDLE,