Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2025-01-02 20:43:18 +00:00
Code Issues Projects Releases Packages Wiki Activity

[LSASRV]

Browse source 
- Add enumeration of user rights to LsarEnumerateAccountRights.
- Use RPC_UNICODE_STRING instead of UNICODE_STRING in the privilege lookup code.

svn path=/trunk/; revision=57767
This commit is contained in:
Eric Kohl 2012-11-25 13:47:07 +00:00
parent 3c766118e3
commit 7595ef1c18
3 changed files with 111 additions and 21 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

55
reactos/dll/win32/lsasrv/lsarpc.c
View file

@ -1915,7 +1915,7 @@ NTSTATUS WINAPI LsarLookupPrivilegeValue(
TRACE("Privilege: %wZ\n", Name);
Status = LsarpLookupPrivilegeValue((PUNICODE_STRING)Name,
Status = LsarpLookupPrivilegeValue(Name,
Value);
return Status;
@ -1944,7 +1944,7 @@ NTSTATUS WINAPI LsarLookupPrivilegeName(
}
Status = LsarpLookupPrivilegeName(Value,
(PUNICODE_STRING*)Name);
Name);
return Status;
}
@ -1994,9 +1994,10 @@ NTSTATUS WINAPI LsarEnumerateAccountRights(
PLSAPR_PRIVILEGE_SET PrivilegeSet = NULL;
PRPC_UNICODE_STRING RightsBuffer = NULL;
PRPC_UNICODE_STRING PrivilegeString;
ACCESS_MASK SystemAccess;
ULONG RightsCount;
ULONG RightsIndex;
ULONG PrivIndex;
ULONG i;
NTSTATUS Status;
TRACE("LsarEnumerateAccountRights(%p %p %p)\n",
@ -2022,13 +2023,23 @@ NTSTATUS WINAPI LsarEnumerateAccountRights(
goto done;
}
/* FIXME: Get account rights */
/* Get account rights */
Status = LsarGetSystemAccessAccount(AccountHandle,
&SystemAccess);
if (!NT_SUCCESS(Status))
{
ERR("LsarGetSystemAccessAccount returned 0x%08lx\n", Status);
goto done;
}
RightsCount = PrivilegeSet->PrivilegeCount;
/* FIXME: Count account rights */
/* Count account rights */
for (i = 0; i < sizeof(ACCESS_MASK) * 8; i++)
{
if (SystemAccess & (1 << i))
RightsCount++;
}
/* We are done if there are no rights to be enumerated */
if (RightsCount == 0)
@ -2049,25 +2060,41 @@ NTSTATUS WINAPI LsarEnumerateAccountRights(
/* Copy the privileges into the buffer */
RightsIndex = 0;
for (PrivIndex = 0; PrivIndex < PrivilegeSet->PrivilegeCount; PrivIndex++)
for (i = 0; i < PrivilegeSet->PrivilegeCount; i++)
{
PrivilegeString = NULL;
Status = LsarLookupPrivilegeName(PolicyHandle,
(PLUID)&PrivilegeSet->Privilege[PrivIndex].Luid,
(PRPC_UNICODE_STRING *)&PrivilegeString);
(PLUID)&PrivilegeSet->Privilege[i].Luid,
&PrivilegeString);
if (!NT_SUCCESS(Status))
goto done;
RightsBuffer[RightsIndex].Length = PrivilegeString->Length;
RightsBuffer[RightsIndex].MaximumLength = PrivilegeString->MaximumLength;
RightsBuffer[RightsIndex].Buffer = PrivilegeString->Buffer;
RightsBuffer[i].Length = PrivilegeString->Length;
RightsBuffer[i].MaximumLength = PrivilegeString->MaximumLength;
RightsBuffer[i].Buffer = PrivilegeString->Buffer;
MIDL_user_free(PrivilegeString);
RightsIndex++;
}
/* FIXME: Copy account rights into the buffer */
/* Copy account rights into the buffer */
for (i = 0; i < sizeof(ACCESS_MASK) * 8; i++)
{
if (SystemAccess & (1 << i))
{
Status = LsapLookupAccountRightName(1 << i,
&PrivilegeString);
if (!NT_SUCCESS(Status))
goto done;
RightsBuffer[i].Length = PrivilegeString->Length;
RightsBuffer[i].MaximumLength = PrivilegeString->MaximumLength;
RightsBuffer[i].Buffer = PrivilegeString->Buffer;
MIDL_user_free(PrivilegeString);
RightsIndex++;
}
}
UserRights->Entries = RightsCount;
UserRights->UserRights = (PRPC_UNICODE_STRING)RightsBuffer;

8
reactos/dll/win32/lsasrv/lsasrv.h
View file

@ -252,10 +252,10 @@ LsarSetLocalAccountDomain(PLSA_DB_OBJECT PolicyObject,
/* privileges.c */
NTSTATUS
LsarpLookupPrivilegeName(PLUID Value,
PUNICODE_STRING *Name);
PRPC_UNICODE_STRING *Name);
NTSTATUS
LsarpLookupPrivilegeValue(PUNICODE_STRING Name,
LsarpLookupPrivilegeValue(PRPC_UNICODE_STRING Name,
PLUID Value);
NTSTATUS
@ -263,6 +263,10 @@ LsarpEnumeratePrivileges(DWORD *EnumerationContext,
PLSAPR_PRIVILEGE_ENUM_BUFFER EnumerationBuffer,
DWORD PreferedMaximumLength);
NTSTATUS
LsapLookupAccountRightName(ULONG RightValue,
PRPC_UNICODE_STRING *Name);
/* registry.h */
NTSTATUS
LsapRegCloseKey(IN HANDLE KeyHandle);

67
reactos/dll/win32/lsasrv/privileges.c
View file

@ -18,6 +18,12 @@ typedef struct
LPCWSTR Name;
} PRIVILEGE_DATA;
typedef struct
{
ULONG Flag;
LPCWSTR Name;
} RIGHT_DATA;
/* GLOBALS *****************************************************************/
@ -54,14 +60,28 @@ static const PRIVILEGE_DATA WellKnownPrivileges[] =
{{SE_CREATE_GLOBAL_PRIVILEGE, 0}, SE_CREATE_GLOBAL_NAME}
};
static const RIGHT_DATA WellKnownRights[] =
{
{SECURITY_ACCESS_INTERACTIVE_LOGON, SE_INTERACTIVE_LOGON_NAME},
{SECURITY_ACCESS_NETWORK_LOGON, SE_NETWORK_LOGON_NAME},
{SECURITY_ACCESS_BATCH_LOGON, SE_BATCH_LOGON_NAME},
{SECURITY_ACCESS_SERVICE_LOGON, SE_SERVICE_LOGON_NAME},
{SECURITY_ACCESS_DENY_INTERACTIVE_LOGON, SE_DENY_INTERACTIVE_LOGON_NAME},
{SECURITY_ACCESS_DENY_NETWORK_LOGON, SE_DENY_NETWORK_LOGON_NAME},
{SECURITY_ACCESS_DENY_BATCH_LOGON, SE_DENY_BATCH_LOGON_NAME},
{SECURITY_ACCESS_DENY_SERVICE_LOGON, SE_DENY_SERVICE_LOGON_NAME},
{SECURITY_ACCESS_REMOTE_INTERACTIVE_LOGON, SE_REMOTE_INTERACTIVE_LOGON_NAME},
{SECURITY_ACCESS_DENY_REMOTE_INTERACTIVE_LOGON, SE_DENY_REMOTE_INTERACTIVE_LOGON_NAME}
};
/* FUNCTIONS ***************************************************************/
NTSTATUS
LsarpLookupPrivilegeName(PLUID Value,
PUNICODE_STRING *Name)
PRPC_UNICODE_STRING *Name)
{
PUNICODE_STRING NameBuffer;
PRPC_UNICODE_STRING NameBuffer;
ULONG Priv;
if (Value->HighPart != 0 ||
@ -76,7 +96,7 @@ LsarpLookupPrivilegeName(PLUID Value,
if (Value->LowPart == WellKnownPrivileges[Priv].Luid.LowPart &&
Value->HighPart == WellKnownPrivileges[Priv].Luid.HighPart)
{
NameBuffer = MIDL_user_allocate(sizeof(UNICODE_STRING));
NameBuffer = MIDL_user_allocate(sizeof(RPC_UNICODE_STRING));
if (NameBuffer == NULL)
return STATUS_NO_MEMORY;
@ -103,7 +123,7 @@ LsarpLookupPrivilegeName(PLUID Value,
NTSTATUS
LsarpLookupPrivilegeValue(PUNICODE_STRING Name,
LsarpLookupPrivilegeValue(PRPC_UNICODE_STRING Name,
PLUID Value)
{
ULONG Priv;
@ -219,3 +239,42 @@ done:
return Status;
}
NTSTATUS
LsapLookupAccountRightName(ULONG RightValue,
PRPC_UNICODE_STRING *Name)
{
PRPC_UNICODE_STRING NameBuffer;
ULONG i;
for (i = 0; i < sizeof(WellKnownRights) / sizeof(WellKnownRights[0]); i++)
{
if (WellKnownRights[i].Flag == RightValue)
{
NameBuffer = MIDL_user_allocate(sizeof(RPC_UNICODE_STRING));
if (NameBuffer == NULL)
return STATUS_NO_MEMORY;
NameBuffer->Length = wcslen(WellKnownRights[i].Name) * sizeof(WCHAR);
NameBuffer->MaximumLength = NameBuffer->Length + sizeof(WCHAR);
NameBuffer->Buffer = MIDL_user_allocate(NameBuffer->MaximumLength);
if (NameBuffer == NULL)
{
MIDL_user_free(NameBuffer);
return STATUS_INSUFFICIENT_RESOURCES;
}
wcscpy(NameBuffer->Buffer, WellKnownRights[i].Name);
*Name = NameBuffer;
return STATUS_SUCCESS;
}
}
return STATUS_NO_SUCH_PRIVILEGE;
}
/* EOF */