Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2025-01-02 20:43:18 +00:00
Code Issues Projects Releases Packages Wiki Activity

[LSASRV]

Browse source 
- Add enumeration of user rights to LsarEnumerateAccountRights.
- Use RPC_UNICODE_STRING instead of UNICODE_STRING in the privilege lookup code.

svn path=/trunk/; revision=57767
This commit is contained in:
Eric Kohl 2012-11-25 13:47:07 +00:00
parent 3c766118e3
commit 7595ef1c18
3 changed files with 111 additions and 21 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

55
reactos/dll/win32/lsasrv/lsarpc.c
View file

@ -1915,7 +1915,7 @@ NTSTATUS WINAPI LsarLookupPrivilegeValue(
TRACE("Privilege: %wZ\n", Name); TRACE("Privilege: %wZ\n", Name);
Status = LsarpLookupPrivilegeValue((PUNICODE_STRING)Name, Status = LsarpLookupPrivilegeValue(Name,
Value); Value);
return Status; return Status;
@ -1944,7 +1944,7 @@ NTSTATUS WINAPI LsarLookupPrivilegeName(
} }
Status = LsarpLookupPrivilegeName(Value, Status = LsarpLookupPrivilegeName(Value,
(PUNICODE_STRING*)Name); Name);
return Status; return Status;
} }
@ -1994,9 +1994,10 @@ NTSTATUS WINAPI LsarEnumerateAccountRights(
PLSAPR_PRIVILEGE_SET PrivilegeSet = NULL; PLSAPR_PRIVILEGE_SET PrivilegeSet = NULL;
PRPC_UNICODE_STRING RightsBuffer = NULL; PRPC_UNICODE_STRING RightsBuffer = NULL;
PRPC_UNICODE_STRING PrivilegeString; PRPC_UNICODE_STRING PrivilegeString;
ACCESS_MASK SystemAccess;
ULONG RightsCount; ULONG RightsCount;
ULONG RightsIndex; ULONG RightsIndex;
ULONG PrivIndex; ULONG i;
NTSTATUS Status; NTSTATUS Status;
TRACE("LsarEnumerateAccountRights(%p %p %p)\n", TRACE("LsarEnumerateAccountRights(%p %p %p)\n",
@ -2022,13 +2023,23 @@ NTSTATUS WINAPI LsarEnumerateAccountRights(
goto done; goto done;
} }
/* FIXME: Get account rights */ /* Get account rights */
Status = LsarGetSystemAccessAccount(AccountHandle,
&SystemAccess);
if (!NT_SUCCESS(Status))
{
ERR("LsarGetSystemAccessAccount returned 0x%08lx\n", Status);
goto done;
}
RightsCount = PrivilegeSet->PrivilegeCount; RightsCount = PrivilegeSet->PrivilegeCount;
/* FIXME: Count account rights */ /* Count account rights */
for (i = 0; i < sizeof(ACCESS_MASK) * 8; i++)
{
if (SystemAccess & (1 << i))
RightsCount++;
}
/* We are done if there are no rights to be enumerated */ /* We are done if there are no rights to be enumerated */
if (RightsCount == 0) if (RightsCount == 0)
@ -2049,25 +2060,41 @@ NTSTATUS WINAPI LsarEnumerateAccountRights(
/* Copy the privileges into the buffer */ /* Copy the privileges into the buffer */
RightsIndex = 0; RightsIndex = 0;
for (PrivIndex = 0; PrivIndex < PrivilegeSet->PrivilegeCount; PrivIndex++) for (i = 0; i < PrivilegeSet->PrivilegeCount; i++)
{ {
PrivilegeString = NULL; PrivilegeString = NULL;
Status = LsarLookupPrivilegeName(PolicyHandle, Status = LsarLookupPrivilegeName(PolicyHandle,
(PLUID)&PrivilegeSet->Privilege[PrivIndex].Luid, (PLUID)&PrivilegeSet->Privilege[i].Luid,
(PRPC_UNICODE_STRING *)&PrivilegeString); &PrivilegeString);
if (!NT_SUCCESS(Status)) if (!NT_SUCCESS(Status))
goto done; goto done;
RightsBuffer[RightsIndex].Length = PrivilegeString->Length; RightsBuffer[i].Length = PrivilegeString->Length;
RightsBuffer[RightsIndex].MaximumLength = PrivilegeString->MaximumLength; RightsBuffer[i].MaximumLength = PrivilegeString->MaximumLength;
RightsBuffer[RightsIndex].Buffer = PrivilegeString->Buffer; RightsBuffer[i].Buffer = PrivilegeString->Buffer;
MIDL_user_free(PrivilegeString); MIDL_user_free(PrivilegeString);
RightsIndex++; RightsIndex++;
} }
/* FIXME: Copy account rights into the buffer */ /* Copy account rights into the buffer */
for (i = 0; i < sizeof(ACCESS_MASK) * 8; i++)
{
if (SystemAccess & (1 << i))
{
Status = LsapLookupAccountRightName(1 << i,
&PrivilegeString);
if (!NT_SUCCESS(Status))
goto done;
RightsBuffer[i].Length = PrivilegeString->Length;
RightsBuffer[i].MaximumLength = PrivilegeString->MaximumLength;
RightsBuffer[i].Buffer = PrivilegeString->Buffer;
MIDL_user_free(PrivilegeString);
RightsIndex++;
}
}
UserRights->Entries = RightsCount; UserRights->Entries = RightsCount;
UserRights->UserRights = (PRPC_UNICODE_STRING)RightsBuffer; UserRights->UserRights = (PRPC_UNICODE_STRING)RightsBuffer;

8
reactos/dll/win32/lsasrv/lsasrv.h
View file

@ -252,10 +252,10 @@ LsarSetLocalAccountDomain(PLSA_DB_OBJECT PolicyObject,
/* privileges.c */ /* privileges.c */
NTSTATUS NTSTATUS
LsarpLookupPrivilegeName(PLUID Value, LsarpLookupPrivilegeName(PLUID Value,
PUNICODE_STRING *Name); PRPC_UNICODE_STRING *Name);
NTSTATUS NTSTATUS
LsarpLookupPrivilegeValue(PUNICODE_STRING Name, LsarpLookupPrivilegeValue(PRPC_UNICODE_STRING Name,
PLUID Value); PLUID Value);
NTSTATUS NTSTATUS
@ -263,6 +263,10 @@ LsarpEnumeratePrivileges(DWORD *EnumerationContext,
PLSAPR_PRIVILEGE_ENUM_BUFFER EnumerationBuffer, PLSAPR_PRIVILEGE_ENUM_BUFFER EnumerationBuffer,
DWORD PreferedMaximumLength); DWORD PreferedMaximumLength);
NTSTATUS
LsapLookupAccountRightName(ULONG RightValue,
PRPC_UNICODE_STRING *Name);
/* registry.h */ /* registry.h */
NTSTATUS NTSTATUS
LsapRegCloseKey(IN HANDLE KeyHandle); LsapRegCloseKey(IN HANDLE KeyHandle);

69
reactos/dll/win32/lsasrv/privileges.c
View file

@ -18,6 +18,12 @@ typedef struct
LPCWSTR Name; LPCWSTR Name;
} PRIVILEGE_DATA; } PRIVILEGE_DATA;
typedef struct
{
ULONG Flag;
LPCWSTR Name;
} RIGHT_DATA;
/* GLOBALS *****************************************************************/ /* GLOBALS *****************************************************************/
@ -54,14 +60,28 @@ static const PRIVILEGE_DATA WellKnownPrivileges[] =
{{SE_CREATE_GLOBAL_PRIVILEGE, 0}, SE_CREATE_GLOBAL_NAME} {{SE_CREATE_GLOBAL_PRIVILEGE, 0}, SE_CREATE_GLOBAL_NAME}
}; };
static const RIGHT_DATA WellKnownRights[] =
{
{SECURITY_ACCESS_INTERACTIVE_LOGON, SE_INTERACTIVE_LOGON_NAME},
{SECURITY_ACCESS_NETWORK_LOGON, SE_NETWORK_LOGON_NAME},
{SECURITY_ACCESS_BATCH_LOGON, SE_BATCH_LOGON_NAME},
{SECURITY_ACCESS_SERVICE_LOGON, SE_SERVICE_LOGON_NAME},
{SECURITY_ACCESS_DENY_INTERACTIVE_LOGON, SE_DENY_INTERACTIVE_LOGON_NAME},
{SECURITY_ACCESS_DENY_NETWORK_LOGON, SE_DENY_NETWORK_LOGON_NAME},
{SECURITY_ACCESS_DENY_BATCH_LOGON, SE_DENY_BATCH_LOGON_NAME},
{SECURITY_ACCESS_DENY_SERVICE_LOGON, SE_DENY_SERVICE_LOGON_NAME},
{SECURITY_ACCESS_REMOTE_INTERACTIVE_LOGON, SE_REMOTE_INTERACTIVE_LOGON_NAME},
{SECURITY_ACCESS_DENY_REMOTE_INTERACTIVE_LOGON, SE_DENY_REMOTE_INTERACTIVE_LOGON_NAME}
};
/* FUNCTIONS ***************************************************************/ /* FUNCTIONS ***************************************************************/
NTSTATUS NTSTATUS
LsarpLookupPrivilegeName(PLUID Value, LsarpLookupPrivilegeName(PLUID Value,
PUNICODE_STRING *Name) PRPC_UNICODE_STRING *Name)
{ {
PUNICODE_STRING NameBuffer; PRPC_UNICODE_STRING NameBuffer;
ULONG Priv; ULONG Priv;
if (Value->HighPart != 0 || if (Value->HighPart != 0 ||
@ -76,7 +96,7 @@ LsarpLookupPrivilegeName(PLUID Value,
if (Value->LowPart == WellKnownPrivileges[Priv].Luid.LowPart && if (Value->LowPart == WellKnownPrivileges[Priv].Luid.LowPart &&
Value->HighPart == WellKnownPrivileges[Priv].Luid.HighPart) Value->HighPart == WellKnownPrivileges[Priv].Luid.HighPart)
{ {
NameBuffer = MIDL_user_allocate(sizeof(UNICODE_STRING)); NameBuffer = MIDL_user_allocate(sizeof(RPC_UNICODE_STRING));
if (NameBuffer == NULL) if (NameBuffer == NULL)
return STATUS_NO_MEMORY; return STATUS_NO_MEMORY;
@ -103,7 +123,7 @@ LsarpLookupPrivilegeName(PLUID Value,
NTSTATUS NTSTATUS
LsarpLookupPrivilegeValue(PUNICODE_STRING Name, LsarpLookupPrivilegeValue(PRPC_UNICODE_STRING Name,
PLUID Value) PLUID Value)
{ {
ULONG Priv; ULONG Priv;
@ -218,4 +238,43 @@ done:
Status = STATUS_MORE_ENTRIES; Status = STATUS_MORE_ENTRIES;
return Status; return Status;
} }
NTSTATUS
LsapLookupAccountRightName(ULONG RightValue,
PRPC_UNICODE_STRING *Name)
{
PRPC_UNICODE_STRING NameBuffer;
ULONG i;
for (i = 0; i < sizeof(WellKnownRights) / sizeof(WellKnownRights[0]); i++)
{
if (WellKnownRights[i].Flag == RightValue)
{
NameBuffer = MIDL_user_allocate(sizeof(RPC_UNICODE_STRING));
if (NameBuffer == NULL)
return STATUS_NO_MEMORY;
NameBuffer->Length = wcslen(WellKnownRights[i].Name) * sizeof(WCHAR);
NameBuffer->MaximumLength = NameBuffer->Length + sizeof(WCHAR);
NameBuffer->Buffer = MIDL_user_allocate(NameBuffer->MaximumLength);
if (NameBuffer == NULL)
{
MIDL_user_free(NameBuffer);
return STATUS_INSUFFICIENT_RESOURCES;
}
wcscpy(NameBuffer->Buffer, WellKnownRights[i].Name);
*Name = NameBuffer;
return STATUS_SUCCESS;
}
}
return STATUS_NO_SUCH_PRIVILEGE;
}
/* EOF */