diff --git a/reactos/dll/win32/lsasrv/lsarpc.c b/reactos/dll/win32/lsasrv/lsarpc.c index e82fda02b2a..0d91ee090a6 100644 --- a/reactos/dll/win32/lsasrv/lsarpc.c +++ b/reactos/dll/win32/lsasrv/lsarpc.c @@ -1915,7 +1915,7 @@ NTSTATUS WINAPI LsarLookupPrivilegeValue( TRACE("Privilege: %wZ\n", Name); - Status = LsarpLookupPrivilegeValue((PUNICODE_STRING)Name, + Status = LsarpLookupPrivilegeValue(Name, Value); return Status; @@ -1944,7 +1944,7 @@ NTSTATUS WINAPI LsarLookupPrivilegeName( } Status = LsarpLookupPrivilegeName(Value, - (PUNICODE_STRING*)Name); + Name); return Status; } @@ -1994,9 +1994,10 @@ NTSTATUS WINAPI LsarEnumerateAccountRights( PLSAPR_PRIVILEGE_SET PrivilegeSet = NULL; PRPC_UNICODE_STRING RightsBuffer = NULL; PRPC_UNICODE_STRING PrivilegeString; + ACCESS_MASK SystemAccess; ULONG RightsCount; ULONG RightsIndex; - ULONG PrivIndex; + ULONG i; NTSTATUS Status; TRACE("LsarEnumerateAccountRights(%p %p %p)\n", @@ -2022,13 +2023,23 @@ NTSTATUS WINAPI LsarEnumerateAccountRights( goto done; } - /* FIXME: Get account rights */ - + /* Get account rights */ + Status = LsarGetSystemAccessAccount(AccountHandle, + &SystemAccess); + if (!NT_SUCCESS(Status)) + { + ERR("LsarGetSystemAccessAccount returned 0x%08lx\n", Status); + goto done; + } RightsCount = PrivilegeSet->PrivilegeCount; - /* FIXME: Count account rights */ - + /* Count account rights */ + for (i = 0; i < sizeof(ACCESS_MASK) * 8; i++) + { + if (SystemAccess & (1 << i)) + RightsCount++; + } /* We are done if there are no rights to be enumerated */ if (RightsCount == 0) @@ -2049,25 +2060,41 @@ NTSTATUS WINAPI LsarEnumerateAccountRights( /* Copy the privileges into the buffer */ RightsIndex = 0; - for (PrivIndex = 0; PrivIndex < PrivilegeSet->PrivilegeCount; PrivIndex++) + for (i = 0; i < PrivilegeSet->PrivilegeCount; i++) { PrivilegeString = NULL; Status = LsarLookupPrivilegeName(PolicyHandle, - (PLUID)&PrivilegeSet->Privilege[PrivIndex].Luid, - (PRPC_UNICODE_STRING *)&PrivilegeString); + (PLUID)&PrivilegeSet->Privilege[i].Luid, + &PrivilegeString); if (!NT_SUCCESS(Status)) goto done; - RightsBuffer[RightsIndex].Length = PrivilegeString->Length; - RightsBuffer[RightsIndex].MaximumLength = PrivilegeString->MaximumLength; - RightsBuffer[RightsIndex].Buffer = PrivilegeString->Buffer; + RightsBuffer[i].Length = PrivilegeString->Length; + RightsBuffer[i].MaximumLength = PrivilegeString->MaximumLength; + RightsBuffer[i].Buffer = PrivilegeString->Buffer; MIDL_user_free(PrivilegeString); RightsIndex++; } - /* FIXME: Copy account rights into the buffer */ + /* Copy account rights into the buffer */ + for (i = 0; i < sizeof(ACCESS_MASK) * 8; i++) + { + if (SystemAccess & (1 << i)) + { + Status = LsapLookupAccountRightName(1 << i, + &PrivilegeString); + if (!NT_SUCCESS(Status)) + goto done; + RightsBuffer[i].Length = PrivilegeString->Length; + RightsBuffer[i].MaximumLength = PrivilegeString->MaximumLength; + RightsBuffer[i].Buffer = PrivilegeString->Buffer; + + MIDL_user_free(PrivilegeString); + RightsIndex++; + } + } UserRights->Entries = RightsCount; UserRights->UserRights = (PRPC_UNICODE_STRING)RightsBuffer; diff --git a/reactos/dll/win32/lsasrv/lsasrv.h b/reactos/dll/win32/lsasrv/lsasrv.h index f4eba9fd9bb..e8182441c9e 100644 --- a/reactos/dll/win32/lsasrv/lsasrv.h +++ b/reactos/dll/win32/lsasrv/lsasrv.h @@ -252,10 +252,10 @@ LsarSetLocalAccountDomain(PLSA_DB_OBJECT PolicyObject, /* privileges.c */ NTSTATUS LsarpLookupPrivilegeName(PLUID Value, - PUNICODE_STRING *Name); + PRPC_UNICODE_STRING *Name); NTSTATUS -LsarpLookupPrivilegeValue(PUNICODE_STRING Name, +LsarpLookupPrivilegeValue(PRPC_UNICODE_STRING Name, PLUID Value); NTSTATUS @@ -263,6 +263,10 @@ LsarpEnumeratePrivileges(DWORD *EnumerationContext, PLSAPR_PRIVILEGE_ENUM_BUFFER EnumerationBuffer, DWORD PreferedMaximumLength); +NTSTATUS +LsapLookupAccountRightName(ULONG RightValue, + PRPC_UNICODE_STRING *Name); + /* registry.h */ NTSTATUS LsapRegCloseKey(IN HANDLE KeyHandle); diff --git a/reactos/dll/win32/lsasrv/privileges.c b/reactos/dll/win32/lsasrv/privileges.c index d2d21e7c98e..6b9cff9c504 100644 --- a/reactos/dll/win32/lsasrv/privileges.c +++ b/reactos/dll/win32/lsasrv/privileges.c @@ -18,6 +18,12 @@ typedef struct LPCWSTR Name; } PRIVILEGE_DATA; +typedef struct +{ + ULONG Flag; + LPCWSTR Name; +} RIGHT_DATA; + /* GLOBALS *****************************************************************/ @@ -54,14 +60,28 @@ static const PRIVILEGE_DATA WellKnownPrivileges[] = {{SE_CREATE_GLOBAL_PRIVILEGE, 0}, SE_CREATE_GLOBAL_NAME} }; +static const RIGHT_DATA WellKnownRights[] = +{ + {SECURITY_ACCESS_INTERACTIVE_LOGON, SE_INTERACTIVE_LOGON_NAME}, + {SECURITY_ACCESS_NETWORK_LOGON, SE_NETWORK_LOGON_NAME}, + {SECURITY_ACCESS_BATCH_LOGON, SE_BATCH_LOGON_NAME}, + {SECURITY_ACCESS_SERVICE_LOGON, SE_SERVICE_LOGON_NAME}, + {SECURITY_ACCESS_DENY_INTERACTIVE_LOGON, SE_DENY_INTERACTIVE_LOGON_NAME}, + {SECURITY_ACCESS_DENY_NETWORK_LOGON, SE_DENY_NETWORK_LOGON_NAME}, + {SECURITY_ACCESS_DENY_BATCH_LOGON, SE_DENY_BATCH_LOGON_NAME}, + {SECURITY_ACCESS_DENY_SERVICE_LOGON, SE_DENY_SERVICE_LOGON_NAME}, + {SECURITY_ACCESS_REMOTE_INTERACTIVE_LOGON, SE_REMOTE_INTERACTIVE_LOGON_NAME}, + {SECURITY_ACCESS_DENY_REMOTE_INTERACTIVE_LOGON, SE_DENY_REMOTE_INTERACTIVE_LOGON_NAME} +}; + /* FUNCTIONS ***************************************************************/ NTSTATUS LsarpLookupPrivilegeName(PLUID Value, - PUNICODE_STRING *Name) + PRPC_UNICODE_STRING *Name) { - PUNICODE_STRING NameBuffer; + PRPC_UNICODE_STRING NameBuffer; ULONG Priv; if (Value->HighPart != 0 || @@ -76,7 +96,7 @@ LsarpLookupPrivilegeName(PLUID Value, if (Value->LowPart == WellKnownPrivileges[Priv].Luid.LowPart && Value->HighPart == WellKnownPrivileges[Priv].Luid.HighPart) { - NameBuffer = MIDL_user_allocate(sizeof(UNICODE_STRING)); + NameBuffer = MIDL_user_allocate(sizeof(RPC_UNICODE_STRING)); if (NameBuffer == NULL) return STATUS_NO_MEMORY; @@ -103,7 +123,7 @@ LsarpLookupPrivilegeName(PLUID Value, NTSTATUS -LsarpLookupPrivilegeValue(PUNICODE_STRING Name, +LsarpLookupPrivilegeValue(PRPC_UNICODE_STRING Name, PLUID Value) { ULONG Priv; @@ -218,4 +238,43 @@ done: Status = STATUS_MORE_ENTRIES; return Status; -} \ No newline at end of file +} + + +NTSTATUS +LsapLookupAccountRightName(ULONG RightValue, + PRPC_UNICODE_STRING *Name) +{ + PRPC_UNICODE_STRING NameBuffer; + ULONG i; + + for (i = 0; i < sizeof(WellKnownRights) / sizeof(WellKnownRights[0]); i++) + { + if (WellKnownRights[i].Flag == RightValue) + { + NameBuffer = MIDL_user_allocate(sizeof(RPC_UNICODE_STRING)); + if (NameBuffer == NULL) + return STATUS_NO_MEMORY; + + NameBuffer->Length = wcslen(WellKnownRights[i].Name) * sizeof(WCHAR); + NameBuffer->MaximumLength = NameBuffer->Length + sizeof(WCHAR); + + NameBuffer->Buffer = MIDL_user_allocate(NameBuffer->MaximumLength); + if (NameBuffer == NULL) + { + MIDL_user_free(NameBuffer); + return STATUS_INSUFFICIENT_RESOURCES; + } + + wcscpy(NameBuffer->Buffer, WellKnownRights[i].Name); + + *Name = NameBuffer; + + return STATUS_SUCCESS; + } + } + + return STATUS_NO_SUCH_PRIVILEGE; +} + +/* EOF */