diff --git a/reactos/dll/win32/advapi32/advapi32.spec b/reactos/dll/win32/advapi32/advapi32.spec index 6dcc98ca0b0..e770be0b61f 100644 --- a/reactos/dll/win32/advapi32/advapi32.spec +++ b/reactos/dll/win32/advapi32/advapi32.spec @@ -349,7 +349,7 @@ @ stub LsaClearAuditLog @ stdcall LsaClose(ptr) @ stdcall LsaCreateAccount(ptr ptr long ptr) -@ stub LsaCreateSecret +@ stdcall LsaCreateSecret(ptr ptr long ptr) @ stdcall LsaCreateTrustedDomain(ptr ptr long ptr) @ stdcall LsaCreateTrustedDomainEx(ptr ptr ptr long ptr) @ stdcall LsaDelete(ptr) @@ -364,7 +364,7 @@ @ stdcall LsaFreeMemory(ptr) @ stub LsaGetQuotasForAccount @ stub LsaGetRemoteUserName -@ stub LsaGetSystemAccessAccount +@ stdcall LsaGetSystemAccessAccount(ptr ptr) @ stdcall LsaGetUserName(ptr ptr) @ stub LsaICLookupNames @ stub LsaICLookupNamesWithCreds @@ -380,7 +380,7 @@ @ stdcall LsaOpenAccount(ptr ptr long ptr) @ stdcall LsaOpenPolicy(ptr ptr long ptr) @ stub LsaOpenPolicySce -@ stub LsaOpenSecret +@ stdcall LsaOpenSecret(ptr ptr long ptr) @ stub LsaOpenTrustedDomain @ stdcall LsaOpenTrustedDomainByName(ptr ptr long ptr) @ stdcall LsaQueryDomainInformationPolicy(ptr long ptr) diff --git a/reactos/dll/win32/advapi32/sec/lsa.c b/reactos/dll/win32/advapi32/sec/lsa.c index 1fa624c0072..d6587d185b1 100644 --- a/reactos/dll/win32/advapi32/sec/lsa.c +++ b/reactos/dll/win32/advapi32/sec/lsa.c @@ -152,7 +152,8 @@ LsaAddAccountRights(IN LSA_HANDLE PolicyHandle, LSAPR_USER_RIGHT_SET UserRightSet; NTSTATUS Status; - TRACE("(%p,%p,%p,0x%08x) stub\n", PolicyHandle, AccountSid, UserRights, CountOfRights); + TRACE("LsaAddAccountRights(%p %p %p 0x%08x)\n", + PolicyHandle, AccountSid, UserRights, CountOfRights); UserRightSet.Entries = CountOfRights; UserRightSet.UserRights = (PRPC_UNICODE_STRING)UserRights; @@ -184,7 +185,8 @@ LsaAddPrivilegesToAccount(IN LSA_HANDLE AccountHandle, { NTSTATUS Status; - TRACE("(%p,%p) stub\n", AccountHandle, PrivilegeSet); + TRACE("LsaAddPrivilegesToAccount(%p %p)\n", + AccountHandle, PrivilegeSet); RpcTryExcept { @@ -213,7 +215,8 @@ LsaCreateAccount(IN LSA_HANDLE PolicyHandle, { NTSTATUS Status; - TRACE("(%p,%p,0x%08x,%p)\n", PolicyHandle, AccountSid, DesiredAccess, AccountHandle); + TRACE("LsaCreateAccount(%p %p 0x%08x %p)\n", + PolicyHandle, AccountSid, DesiredAccess, AccountHandle); RpcTryExcept { @@ -232,6 +235,38 @@ LsaCreateAccount(IN LSA_HANDLE PolicyHandle, } +/* + * @implemented + */ +NTSTATUS +WINAPI +LsaCreateSecret(IN LSA_HANDLE PolicyHandle, + IN PLSA_UNICODE_STRING SecretName, + IN ACCESS_MASK DesiredAccess, + OUT PLSA_HANDLE SecretHandle) +{ + NTSTATUS Status; + + TRACE("LsaCreateSecret(%p %p 0x%08lx %p)\n", + PolicyHandle, SecretName, DesiredAccess, SecretHandle); + + RpcTryExcept + { + Status = LsarCreateSecret((LSAPR_HANDLE)PolicyHandle, + (PRPC_UNICODE_STRING)SecretName, + DesiredAccess, + SecretHandle); + } + RpcExcept(EXCEPTION_EXECUTE_HANDLER) + { + Status = I_RpcMapWin32Status(RpcExceptionCode()); + } + RpcEndExcept; + + return Status; +} + + /* * @implemented */ @@ -444,6 +479,33 @@ LsaFreeMemory(IN PVOID Buffer) } +/* + * @implemented + */ +NTSTATUS +WINAPI +LsaGetSystemAccessAccount(IN LSA_HANDLE AccountHandle, + OUT PULONG SystemAccess) +{ + NTSTATUS Status; + + TRACE("(%p,%p)\n", AccountHandle, SystemAccess); + + RpcTryExcept + { + Status = LsarGetSystemAccessAccount((LSAPR_HANDLE)AccountHandle, + (ACCESS_MASK *)SystemAccess); + } + RpcExcept(EXCEPTION_EXECUTE_HANDLER) + { + Status = I_RpcMapWin32Status(RpcExceptionCode()); + } + RpcEndExcept; + + return Status; +} + + /* * @implemented */ @@ -770,6 +832,39 @@ LsaOpenPolicy(IN PLSA_UNICODE_STRING SystemName, } +NTSTATUS +WINAPI +LsaOpenSecret(IN LSA_HANDLE PolicyHandle, + IN PLSA_UNICODE_STRING SecretName, + IN ACCESS_MASK DesiredAccess, + OUT PLSA_HANDLE SecretHandle) +{ + NTSTATUS Status; + + TRACE("LsaOpenSecret(%p %p 0x%08x %p)\n", + PolicyHandle, SecretName, DesiredAccess, SecretHandle); + + RpcTryExcept + { + *SecretHandle = NULL; + + Status = LsarOpenSecret((LSAPR_HANDLE)PolicyHandle, + (PRPC_UNICODE_STRING)SecretName, + DesiredAccess, + SecretHandle); + } + RpcExcept(EXCEPTION_EXECUTE_HANDLER) + { + Status = I_RpcMapWin32Status(RpcExceptionCode()); + } + RpcEndExcept; + + TRACE("LsaOpenSecret() done (Status: 0x%08lx)\n", Status); + + return Status; +} + + /* * @implemented */ diff --git a/reactos/dll/win32/lsasrv/lsarpc.c b/reactos/dll/win32/lsasrv/lsarpc.c index 1b380595645..1631143db42 100644 --- a/reactos/dll/win32/lsasrv/lsarpc.c +++ b/reactos/dll/win32/lsasrv/lsarpc.c @@ -11,14 +11,15 @@ #include "lsasrv.h" - -static RTL_CRITICAL_SECTION PolicyHandleTableLock; - WINE_DEFAULT_DEBUG_CHANNEL(lsasrv); -/* FUNCTIONS ***************************************************************/ +/* GLOBALS *****************************************************************/ +static RTL_CRITICAL_SECTION PolicyHandleTableLock; + + +/* FUNCTIONS ***************************************************************/ VOID LsarStartRpcServer(VOID) @@ -629,8 +630,87 @@ NTSTATUS WINAPI LsarCreateSecret( ACCESS_MASK DesiredAccess, LSAPR_HANDLE *SecretHandle) { - UNIMPLEMENTED; - return STATUS_NOT_IMPLEMENTED; + PLSA_DB_OBJECT PolicyObject; + PLSA_DB_OBJECT SecretsObject = NULL; + PLSA_DB_OBJECT SecretObject = NULL; + LARGE_INTEGER Time; + NTSTATUS Status = STATUS_SUCCESS; + + /* Validate the PolicyHandle */ + Status = LsapValidateDbObject(PolicyHandle, + LsaDbPolicyObject, + POLICY_CREATE_SECRET, + &PolicyObject); + if (!NT_SUCCESS(Status)) + { + ERR("LsapValidateDbObject returned 0x%08lx\n", Status); + return Status; + } + + /* Open the Secrets object */ + Status = LsapOpenDbObject(PolicyObject, + L"Secrets", + LsaDbContainerObject, + 0, + &SecretsObject); + if (!NT_SUCCESS(Status)) + { + ERR("LsapCreateDbObject (Secrets) failed (Status 0x%08lx)\n", Status); + goto done; + } + + /* Get the current time */ + Status = NtQuerySystemTime(&Time); + if (!NT_SUCCESS(Status)) + { + ERR("NtQuerySystemTime failed (Status 0x%08lx)\n", Status); + goto done; + } + + /* Create the Secret object */ + Status = LsapCreateDbObject(SecretsObject, + SecretName->Buffer, + LsaDbSecretObject, + DesiredAccess, + &SecretObject); + if (!NT_SUCCESS(Status)) + { + ERR("LsapCreateDbObject (Secret) failed (Status 0x%08lx)\n", Status); + goto done; + } + + /* Set the CurrentTime attribute */ + Status = LsapSetObjectAttribute(SecretObject, + L"CurrentTime", + (PVOID)&Time, + sizeof(LARGE_INTEGER)); + if (!NT_SUCCESS(Status)) + { + ERR("LsapSetObjectAttribute (CurrentTime) failed (Status 0x%08lx)\n", Status); + goto done; + } + + /* Set the OldTime attribute */ + Status = LsapSetObjectAttribute(SecretObject, + L"OldTime", + (PVOID)&Time, + sizeof(LARGE_INTEGER)); + +done: + if (!NT_SUCCESS(Status)) + { + if (SecretObject != NULL) + LsapCloseDbObject(SecretObject); + } + else + { + *SecretHandle = (LSAPR_HANDLE)SecretObject; + } + + if (SecretsObject != NULL) + LsapCloseDbObject(SecretsObject); + + return STATUS_SUCCESS; } @@ -958,8 +1038,28 @@ NTSTATUS WINAPI LsarGetSystemAccessAccount( LSAPR_HANDLE AccountHandle, ACCESS_MASK *SystemAccess) { - UNIMPLEMENTED; - return STATUS_NOT_IMPLEMENTED; + PLSA_DB_OBJECT AccountObject; + ULONG Size; + NTSTATUS Status; + + /* Validate the account handle */ + Status = LsapValidateDbObject(AccountHandle, + LsaDbAccountObject, + ACCOUNT_VIEW, + &AccountObject); + if (!NT_SUCCESS(Status)) + { + ERR("Invalid handle (Status %lx)\n", Status); + return Status; + } + + /* Get the system access flags */ + Status = LsapGetObjectAttribute(AccountObject, + L"ActSysAc", + SystemAccess, + &Size); + + return Status; } @@ -968,8 +1068,27 @@ NTSTATUS WINAPI LsarSetSystemAccessAccount( LSAPR_HANDLE AccountHandle, ACCESS_MASK SystemAccess) { - UNIMPLEMENTED; - return STATUS_NOT_IMPLEMENTED; + PLSA_DB_OBJECT AccountObject; + NTSTATUS Status; + + /* Validate the account handle */ + Status = LsapValidateDbObject(AccountHandle, + LsaDbAccountObject, + ACCOUNT_ADJUST_SYSTEM_ACCESS, + &AccountObject); + if (!NT_SUCCESS(Status)) + { + ERR("Invalid handle (Status %lx)\n", Status); + return Status; + } + + /* Set the system access flags */ + Status = LsapSetObjectAttribute(AccountObject, + L"ActSysAc", + &SystemAccess, + sizeof(ACCESS_MASK)); + + return Status; } @@ -1014,8 +1133,61 @@ NTSTATUS WINAPI LsarOpenSecret( ACCESS_MASK DesiredAccess, LSAPR_HANDLE *SecretHandle) { - UNIMPLEMENTED; - return STATUS_NOT_IMPLEMENTED; + PLSA_DB_OBJECT PolicyObject; + PLSA_DB_OBJECT SecretsObject = NULL; + PLSA_DB_OBJECT SecretObject = NULL; + NTSTATUS Status = STATUS_SUCCESS; + + /* Validate the PolicyHandle */ + Status = LsapValidateDbObject(PolicyHandle, + LsaDbPolicyObject, + POLICY_CREATE_SECRET, + &PolicyObject); + if (!NT_SUCCESS(Status)) + { + ERR("LsapValidateDbObject returned 0x%08lx\n", Status); + return Status; + } + + /* Open the Secrets object */ + Status = LsapOpenDbObject(PolicyObject, + L"Secrets", + LsaDbContainerObject, + 0, + &SecretsObject); + if (!NT_SUCCESS(Status)) + { + ERR("LsapCreateDbObject (Secrets) failed (Status 0x%08lx)\n", Status); + goto done; + } + + /* Create the secret object */ + Status = LsapOpenDbObject(SecretsObject, + SecretName->Buffer, + LsaDbSecretObject, + DesiredAccess, + &SecretObject); + if (!NT_SUCCESS(Status)) + { + ERR("LsapOpenDbObject (Secret) failed (Status 0x%08lx)\n", Status); + goto done; + } + +done: + if (!NT_SUCCESS(Status)) + { + if (SecretObject != NULL) + LsapCloseDbObject(SecretObject); + } + else + { + *SecretHandle = (LSAPR_HANDLE)SecretObject; + } + + if (SecretsObject != NULL) + LsapCloseDbObject(SecretsObject); + + return STATUS_SUCCESS; } @@ -1147,7 +1319,7 @@ NTSTATUS WINAPI LsarEnmuerateAccountRights( Status = LsapValidateDbObject(PolicyHandle, LsaDbPolicyObject, - 0, /* FIXME */ + ACCOUNT_VIEW, &PolicyObject); if (!NT_SUCCESS(Status)) return Status; diff --git a/reactos/include/psdk/ntsecapi.h b/reactos/include/psdk/ntsecapi.h index 17356347dbc..765a137902d 100644 --- a/reactos/include/psdk/ntsecapi.h +++ b/reactos/include/psdk/ntsecapi.h @@ -679,6 +679,7 @@ NTSTATUS NTAPI LsaCallAuthenticationPackage(HANDLE,ULONG,PVOID,ULONG,PVOID*, NTSTATUS NTAPI LsaClose(LSA_HANDLE); NTSTATUS NTAPI LsaConnectUntrusted(PHANDLE); NTSTATUS NTAPI LsaCreateAccount(LSA_HANDLE, PSID, ACCESS_MASK, PLSA_HANDLE); +NTSTATUS NTAPI LsaCreateSecret(LSA_HANDLE, PLSA_UNICODE_STRING, ACCESS_MASK, PLSA_HANDLE); NTSTATUS NTAPI LsaCreateTrustedDomain(LSA_HANDLE, PLSA_TRUST_INFORMATION, ACCESS_MASK, PLSA_HANDLE); NTSTATUS NTAPI LsaCreateTrustedDomainEx(LSA_HANDLE, PTRUSTED_DOMAIN_INFORMATION_EX, @@ -695,6 +696,7 @@ NTSTATUS NTAPI LsaEnumerateTrustedDomainsEx(LSA_HANDLE,PLSA_ENUMERATION_HANDLE, PVOID*,ULONG,PULONG); NTSTATUS NTAPI LsaFreeMemory(PVOID); NTSTATUS NTAPI LsaFreeReturnBuffer(PVOID); +NTSTATUS NTAPI LsaGetSystemAccessAccount(LSA_HANDLE, PULONG); NTSTATUS NTAPI LsaLogonUser(HANDLE,PLSA_STRING,SECURITY_LOGON_TYPE,ULONG,PVOID, ULONG,PTOKEN_GROUPS,PTOKEN_SOURCE,PVOID*,PULONG, PLUID,PHANDLE,PQUOTA_LIMITS,PNTSTATUS); @@ -711,6 +713,7 @@ ULONG NTAPI LsaNtStatusToWinError(NTSTATUS); NTSTATUS NTAPI LsaOpenAccount(LSA_HANDLE, PSID, ACCESS_MASK, PLSA_HANDLE); NTSTATUS NTAPI LsaOpenPolicy(PLSA_UNICODE_STRING,PLSA_OBJECT_ATTRIBUTES, ACCESS_MASK,PLSA_HANDLE); +NTSTATUS NTAPI LsaOpenSecret(LSA_HANDLE, PLSA_UNICODE_STRING, ACCESS_MASK, PLSA_HANDLE); NTSTATUS NTAPI LsaOpenTrustedDomainByName(LSA_HANDLE, PLSA_UNICODE_STRING, ACCESS_MASK, PLSA_HANDLE); NTSTATUS NTAPI LsaQueryDomainInformationPolicy(LSA_HANDLE, @@ -732,6 +735,7 @@ NTSTATUS NTAPI LsaSetDomainInformationPolicy(LSA_HANDLE, NTSTATUS NTAPI LsaSetInformationPolicy(LSA_HANDLE,POLICY_INFORMATION_CLASS, PVOID); NTSTATUS NTAPI LsaSetLocalInformationPolicy(LSA_HANDLE, POLICY_LOCAL_INFORMATION_CLASS,PVOID); +NTSTATUS NTAPI LsaSetSystemAccessAccount(LSA_HANDLE, ULONG); NTSTATUS NTAPI LsaSetTrustedDomainInformation(LSA_HANDLE,PSID, TRUSTED_INFORMATION_CLASS,PVOID); NTSTATUS NTAPI LsaSetTrustedDomainInfoByName(LSA_HANDLE,PLSA_UNICODE_STRING,