[LSASRV] Return STATUS_DIRECTORY_SERVICE_REQUIRED for all trusted domain functions that use a policy handle and a domain name or domain SID when the machine is not a domain controller.

This commit is contained in:
Eric Kohl 2018-11-04 15:27:57 +01:00
parent 91eaa5e2d4
commit ee90e7f608
3 changed files with 69 additions and 16 deletions

View file

@ -1161,8 +1161,12 @@ LsarCreateTrustedDomain(
ACCESS_MASK DesiredAccess, ACCESS_MASK DesiredAccess,
LSAPR_HANDLE *TrustedDomainHandle) LSAPR_HANDLE *TrustedDomainHandle)
{ {
/* FIXME: We are not running an AD yet */ /* Fail, if we are not a domain controller */
if (LsapProductType != NtProductLanManNt)
return STATUS_DIRECTORY_SERVICE_REQUIRED; return STATUS_DIRECTORY_SERVICE_REQUIRED;
UNIMPLEMENTED;
return STATUS_NOT_IMPLEMENTED;
} }
@ -2045,6 +2049,10 @@ LsarOpenTrustedDomain(
ACCESS_MASK DesiredAccess, ACCESS_MASK DesiredAccess,
LSAPR_HANDLE *TrustedDomainHandle) LSAPR_HANDLE *TrustedDomainHandle)
{ {
/* Fail, if we are not a domain controller */
if (LsapProductType != NtProductLanManNt)
return STATUS_DIRECTORY_SERVICE_REQUIRED;
UNIMPLEMENTED; UNIMPLEMENTED;
return STATUS_NOT_IMPLEMENTED; return STATUS_NOT_IMPLEMENTED;
} }
@ -3405,8 +3413,12 @@ LsarQueryTrustedDomainInfo(
TRUSTED_INFORMATION_CLASS InformationClass, TRUSTED_INFORMATION_CLASS InformationClass,
PLSAPR_TRUSTED_DOMAIN_INFO *TrustedDomainInformation) PLSAPR_TRUSTED_DOMAIN_INFO *TrustedDomainInformation)
{ {
/* FIXME: We are not running an AD yet */ /* Fail, if we are not a domain controller */
if (LsapProductType != NtProductLanManNt)
return STATUS_DIRECTORY_SERVICE_REQUIRED; return STATUS_DIRECTORY_SERVICE_REQUIRED;
UNIMPLEMENTED;
return STATUS_NOT_IMPLEMENTED;
} }
@ -3419,8 +3431,12 @@ LsarSetTrustedDomainInfo(
TRUSTED_INFORMATION_CLASS InformationClass, TRUSTED_INFORMATION_CLASS InformationClass,
PLSAPR_TRUSTED_DOMAIN_INFO TrustedDomainInformation) PLSAPR_TRUSTED_DOMAIN_INFO TrustedDomainInformation)
{ {
/* FIXME: We are not running an AD yet */ /* Fail, if we are not a domain controller */
if (LsapProductType != NtProductLanManNt)
return STATUS_DIRECTORY_SERVICE_REQUIRED; return STATUS_DIRECTORY_SERVICE_REQUIRED;
UNIMPLEMENTED;
return STATUS_NOT_IMPLEMENTED;
} }
@ -3431,8 +3447,12 @@ LsarDeleteTrustedDomain(
LSAPR_HANDLE PolicyHandle, LSAPR_HANDLE PolicyHandle,
PRPC_SID TrustedDomainSid) PRPC_SID TrustedDomainSid)
{ {
/* FIXME: We are not running an AD yet */ /* Fail, if we are not a domain controller */
if (LsapProductType != NtProductLanManNt)
return STATUS_DIRECTORY_SERVICE_REQUIRED; return STATUS_DIRECTORY_SERVICE_REQUIRED;
UNIMPLEMENTED;
return STATUS_NOT_IMPLEMENTED;
} }
@ -3763,6 +3783,10 @@ LsarQueryTrustedDomainInfoByName(
POLICY_INFORMATION_CLASS InformationClass, POLICY_INFORMATION_CLASS InformationClass,
PLSAPR_TRUSTED_DOMAIN_INFO *PolicyInformation) PLSAPR_TRUSTED_DOMAIN_INFO *PolicyInformation)
{ {
/* Fail, if we are not a domain controller */
if (LsapProductType != NtProductLanManNt)
return STATUS_DIRECTORY_SERVICE_REQUIRED;
/* FIXME: We are not running an AD yet */ /* FIXME: We are not running an AD yet */
return STATUS_OBJECT_NAME_NOT_FOUND; return STATUS_OBJECT_NAME_NOT_FOUND;
} }
@ -3777,6 +3801,10 @@ LsarSetTrustedDomainInfoByName(
POLICY_INFORMATION_CLASS InformationClass, POLICY_INFORMATION_CLASS InformationClass,
PLSAPR_TRUSTED_DOMAIN_INFO PolicyInformation) PLSAPR_TRUSTED_DOMAIN_INFO PolicyInformation)
{ {
/* Fail, if we are not a domain controller */
if (LsapProductType != NtProductLanManNt)
return STATUS_DIRECTORY_SERVICE_REQUIRED;
/* FIXME: We are not running an AD yet */ /* FIXME: We are not running an AD yet */
return STATUS_OBJECT_NAME_NOT_FOUND; return STATUS_OBJECT_NAME_NOT_FOUND;
} }
@ -3791,6 +3819,10 @@ LsarEnumerateTrustedDomainsEx(
PLSAPR_TRUSTED_ENUM_BUFFER_EX EnumerationBuffer, PLSAPR_TRUSTED_ENUM_BUFFER_EX EnumerationBuffer,
DWORD PreferedMaximumLength) DWORD PreferedMaximumLength)
{ {
/* Fail, if we are not a domain controller */
if (LsapProductType != NtProductLanManNt)
return STATUS_DIRECTORY_SERVICE_REQUIRED;
/* FIXME: We are not running an AD yet */ /* FIXME: We are not running an AD yet */
EnumerationBuffer->EntriesRead = 0; EnumerationBuffer->EntriesRead = 0;
EnumerationBuffer->EnumerationBuffer = NULL; EnumerationBuffer->EnumerationBuffer = NULL;
@ -3808,8 +3840,12 @@ LsarCreateTrustedDomainEx(
ACCESS_MASK DesiredAccess, ACCESS_MASK DesiredAccess,
LSAPR_HANDLE *TrustedDomainHandle) LSAPR_HANDLE *TrustedDomainHandle)
{ {
/* FIXME: We are not running an AD yet */ /* Fail, if we are not a domain controller */
if (LsapProductType != NtProductLanManNt)
return STATUS_DIRECTORY_SERVICE_REQUIRED; return STATUS_DIRECTORY_SERVICE_REQUIRED;
UNIMPLEMENTED;
return STATUS_NOT_IMPLEMENTED;
} }
@ -3859,8 +3895,12 @@ LsarOpenTrustedDomainByName(
ACCESS_MASK DesiredAccess, ACCESS_MASK DesiredAccess,
LSAPR_HANDLE *TrustedDomainHandle) LSAPR_HANDLE *TrustedDomainHandle)
{ {
/* FIXME: We are not running an AD yet */ /* Fail, if we are not a domain controller */
return STATUS_OBJECT_NAME_NOT_FOUND; if (LsapProductType != NtProductLanManNt)
return STATUS_DIRECTORY_SERVICE_REQUIRED;
UNIMPLEMENTED;
return STATUS_NOT_IMPLEMENTED;
} }
@ -3989,8 +4029,12 @@ LsarCreateTrustedDomainEx2(
ACCESS_MASK DesiredAccess, ACCESS_MASK DesiredAccess,
LSAPR_HANDLE *TrustedDomainHandle) LSAPR_HANDLE *TrustedDomainHandle)
{ {
/* FIXME: We are not running an AD yet */ /* Fail, if we are not a domain controller */
if (LsapProductType != NtProductLanManNt)
return STATUS_DIRECTORY_SERVICE_REQUIRED; return STATUS_DIRECTORY_SERVICE_REQUIRED;
UNIMPLEMENTED;
return STATUS_NOT_IMPLEMENTED;
} }

View file

@ -10,6 +10,8 @@
#include "lsasrv.h" #include "lsasrv.h"
NT_PRODUCT_TYPE LsapProductType = NtProductWinNt;
/* FUNCTIONS ***************************************************************/ /* FUNCTIONS ***************************************************************/
VOID VOID
@ -268,13 +270,17 @@ LsaIFree_LSAPR_TRANSLATED_SIDS(
} }
NTSTATUS WINAPI NTSTATUS
WINAPI
LsapInitLsa(VOID) LsapInitLsa(VOID)
{ {
NTSTATUS Status; NTSTATUS Status;
BOOLEAN PrivilegeEnabled; BOOLEAN PrivilegeEnabled;
TRACE("LsapInitLsa() called\n"); TRACE("LsapInitLsa()\n");
/* Get the product type */
RtlGetNtProductType(&LsapProductType);
/* Initialize the well known SIDs */ /* Initialize the well known SIDs */
LsapInitSids(); LsapInitSids();

View file

@ -28,6 +28,7 @@
#include <ndk/obfuncs.h> #include <ndk/obfuncs.h>
#include <ndk/psfuncs.h> #include <ndk/psfuncs.h>
#include <ndk/rtlfuncs.h> #include <ndk/rtlfuncs.h>
#include <ndk/ketypes.h>
#include <ndk/setypes.h> #include <ndk/setypes.h>
#include <ntsam.h> #include <ntsam.h>
@ -85,6 +86,8 @@ typedef struct _SAMPR_ULONG_ARRAY
unsigned long *Element; unsigned long *Element;
} SAMPR_ULONG_ARRAY, *PSAMPR_ULONG_ARRAY; } SAMPR_ULONG_ARRAY, *PSAMPR_ULONG_ARRAY;
extern NT_PRODUCT_TYPE LsapProductType;
extern SID_IDENTIFIER_AUTHORITY NullSidAuthority; extern SID_IDENTIFIER_AUTHORITY NullSidAuthority;
extern SID_IDENTIFIER_AUTHORITY WorldSidAuthority; extern SID_IDENTIFIER_AUTHORITY WorldSidAuthority;
extern SID_IDENTIFIER_AUTHORITY LocalSidAuthority; extern SID_IDENTIFIER_AUTHORITY LocalSidAuthority;