reactos/dll/win32/lsasrv/lsarpc.c
2013-06-16 22:01:41 +00:00

2941 lines
83 KiB
C

/*
* COPYRIGHT: See COPYING in the top level directory
* PROJECT: Local Security Authority (LSA) Server
* FILE: reactos/dll/win32/lsasrv/lsarpc.h
* PURPOSE: RPC interface functions
*
* PROGRAMMERS: Eric Kohl
*/
/* INCLUDES ****************************************************************/
#include "lsasrv.h"
WINE_DEFAULT_DEBUG_CHANNEL(lsasrv);
/* GLOBALS *****************************************************************/
static RTL_CRITICAL_SECTION PolicyHandleTableLock;
/* FUNCTIONS ***************************************************************/
VOID
LsarStartRpcServer(VOID)
{
RPC_STATUS Status;
RtlInitializeCriticalSection(&PolicyHandleTableLock);
TRACE("LsarStartRpcServer() called\n");
Status = RpcServerUseProtseqEpW(L"ncacn_np",
10,
L"\\pipe\\lsarpc",
NULL);
if (Status != RPC_S_OK)
{
WARN("RpcServerUseProtseqEpW() failed (Status %lx)\n", Status);
return;
}
Status = RpcServerRegisterIf(lsarpc_v0_0_s_ifspec,
NULL,
NULL);
if (Status != RPC_S_OK)
{
WARN("RpcServerRegisterIf() failed (Status %lx)\n", Status);
return;
}
Status = RpcServerListen(1, 20, TRUE);
if (Status != RPC_S_OK)
{
WARN("RpcServerListen() failed (Status %lx)\n", Status);
return;
}
TRACE("LsarStartRpcServer() done\n");
}
void __RPC_USER LSAPR_HANDLE_rundown(LSAPR_HANDLE hHandle)
{
}
/* Function 0 */
NTSTATUS WINAPI LsarClose(
LSAPR_HANDLE *ObjectHandle)
{
PLSA_DB_OBJECT DbObject;
NTSTATUS Status = STATUS_SUCCESS;
TRACE("0x%p\n", ObjectHandle);
// RtlEnterCriticalSection(&PolicyHandleTableLock);
Status = LsapValidateDbObject(*ObjectHandle,
LsaDbIgnoreObject,
0,
&DbObject);
if (Status == STATUS_SUCCESS)
{
Status = LsapCloseDbObject(DbObject);
*ObjectHandle = NULL;
}
// RtlLeaveCriticalSection(&PolicyHandleTableLock);
return Status;
}
/* Function 1 */
NTSTATUS WINAPI LsarDelete(
LSAPR_HANDLE ObjectHandle)
{
return LsarDeleteObject(&ObjectHandle);
}
/* Function 2 */
NTSTATUS WINAPI LsarEnumeratePrivileges(
LSAPR_HANDLE PolicyHandle,
DWORD *EnumerationContext,
PLSAPR_PRIVILEGE_ENUM_BUFFER EnumerationBuffer,
DWORD PreferedMaximumLength)
{
PLSA_DB_OBJECT PolicyObject;
NTSTATUS Status;
TRACE("LsarEnumeratePrivileges(%p %p %p %lu)\n",
PolicyHandle, EnumerationContext, EnumerationBuffer,
PreferedMaximumLength);
Status = LsapValidateDbObject(PolicyHandle,
LsaDbPolicyObject,
POLICY_VIEW_LOCAL_INFORMATION,
&PolicyObject);
if (!NT_SUCCESS(Status))
return Status;
if (EnumerationContext == NULL)
return STATUS_INVALID_PARAMETER;
return LsarpEnumeratePrivileges(EnumerationContext,
EnumerationBuffer,
PreferedMaximumLength);
}
/* Function 3 */
NTSTATUS WINAPI LsarQuerySecurityObject(
LSAPR_HANDLE ObjectHandle,
SECURITY_INFORMATION SecurityInformation,
PLSAPR_SR_SECURITY_DESCRIPTOR *SecurityDescriptor)
{
PLSA_DB_OBJECT DbObject = NULL;
PSECURITY_DESCRIPTOR RelativeSd = NULL;
PLSAPR_SR_SECURITY_DESCRIPTOR SdData = NULL;
ACCESS_MASK DesiredAccess = 0;
ULONG RelativeSdSize = 0;
NTSTATUS Status;
if (SecurityDescriptor == NULL)
return STATUS_INVALID_PARAMETER;
if ((SecurityInformation & OWNER_SECURITY_INFORMATION) ||
(SecurityInformation & GROUP_SECURITY_INFORMATION) ||
(SecurityInformation & DACL_SECURITY_INFORMATION))
DesiredAccess |= READ_CONTROL;
if (SecurityInformation & SACL_SECURITY_INFORMATION)
DesiredAccess |= ACCESS_SYSTEM_SECURITY;
/* Validate the ObjectHandle */
Status = LsapValidateDbObject(ObjectHandle,
LsaDbIgnoreObject,
DesiredAccess,
&DbObject);
if (!NT_SUCCESS(Status))
return Status;
/* Get the size of the SD */
Status = LsapGetObjectAttribute(DbObject,
L"SecDesc",
NULL,
&RelativeSdSize);
if (!NT_SUCCESS(Status))
return Status;
/* Allocate a buffer for the SD */
RelativeSd = MIDL_user_allocate(RelativeSdSize);
if (RelativeSd == NULL)
return STATUS_INSUFFICIENT_RESOURCES;
/* Get the SD */
Status = LsapGetObjectAttribute(DbObject,
L"SecDesc",
RelativeSd,
&RelativeSdSize);
if (!NT_SUCCESS(Status))
goto done;
/*
* FIXME: Invalidate the SD information that was not requested.
* (see SecurityInformation)
*/
/* Allocate the SD data buffer */
SdData = MIDL_user_allocate(sizeof(LSAPR_SR_SECURITY_DESCRIPTOR));
if (SdData == NULL)
{
Status = STATUS_INSUFFICIENT_RESOURCES;
goto done;
}
/* Fill the SD data buffer and return it to the caller */
SdData->Length = RelativeSdSize;
SdData->SecurityDescriptor = (PBYTE)RelativeSd;
*SecurityDescriptor = SdData;
done:
if (!NT_SUCCESS(Status))
{
if (RelativeSd != NULL)
MIDL_user_free(RelativeSd);
}
return Status;
}
/* Function 4 */
NTSTATUS WINAPI LsarSetSecurityObject(
LSAPR_HANDLE ObjectHandle,
SECURITY_INFORMATION SecurityInformation,
PLSAPR_SR_SECURITY_DESCRIPTOR SecurityDescriptor)
{
UNIMPLEMENTED;
return STATUS_NOT_IMPLEMENTED;
}
/* Function 5 */
NTSTATUS WINAPI LsarChangePassword(
handle_t IDL_handle,
PRPC_UNICODE_STRING String1,
PRPC_UNICODE_STRING String2,
PRPC_UNICODE_STRING String3,
PRPC_UNICODE_STRING String4,
PRPC_UNICODE_STRING String5)
{
/* Deprecated */
return STATUS_NOT_IMPLEMENTED;
}
/* Function 6 */
NTSTATUS WINAPI LsarOpenPolicy(
LPWSTR SystemName,
PLSAPR_OBJECT_ATTRIBUTES ObjectAttributes,
ACCESS_MASK DesiredAccess,
LSAPR_HANDLE *PolicyHandle)
{
PLSA_DB_OBJECT PolicyObject;
NTSTATUS Status;
TRACE("LsarOpenPolicy called!\n");
RtlEnterCriticalSection(&PolicyHandleTableLock);
Status = LsapOpenDbObject(NULL,
NULL,
L"Policy",
LsaDbPolicyObject,
DesiredAccess,
FALSE,
&PolicyObject);
RtlLeaveCriticalSection(&PolicyHandleTableLock);
if (NT_SUCCESS(Status))
*PolicyHandle = (LSAPR_HANDLE)PolicyObject;
TRACE("LsarOpenPolicy done!\n");
return Status;
}
/* Function 7 */
NTSTATUS WINAPI LsarQueryInformationPolicy(
LSAPR_HANDLE PolicyHandle,
POLICY_INFORMATION_CLASS InformationClass,
PLSAPR_POLICY_INFORMATION *PolicyInformation)
{
PLSA_DB_OBJECT PolicyObject;
ACCESS_MASK DesiredAccess = 0;
NTSTATUS Status;
TRACE("LsarQueryInformationPolicy(%p,0x%08x,%p)\n",
PolicyHandle, InformationClass, PolicyInformation);
if (PolicyInformation)
{
TRACE("*PolicyInformation %p\n", *PolicyInformation);
}
switch (InformationClass)
{
case PolicyAuditLogInformation:
case PolicyAuditEventsInformation:
case PolicyAuditFullQueryInformation:
DesiredAccess = POLICY_VIEW_AUDIT_INFORMATION;
break;
case PolicyPrimaryDomainInformation:
case PolicyAccountDomainInformation:
case PolicyLsaServerRoleInformation:
case PolicyReplicaSourceInformation:
case PolicyDefaultQuotaInformation:
case PolicyModificationInformation:
case PolicyDnsDomainInformation:
case PolicyDnsDomainInformationInt:
case PolicyLocalAccountDomainInformation:
DesiredAccess = POLICY_VIEW_LOCAL_INFORMATION;
break;
case PolicyPdAccountInformation:
DesiredAccess = POLICY_GET_PRIVATE_INFORMATION;
break;
default:
ERR("Invalid InformationClass!\n");
return STATUS_INVALID_PARAMETER;
}
Status = LsapValidateDbObject(PolicyHandle,
LsaDbPolicyObject,
DesiredAccess,
&PolicyObject);
if (!NT_SUCCESS(Status))
return Status;
switch (InformationClass)
{
case PolicyAuditLogInformation: /* 1 */
Status = LsarQueryAuditLog(PolicyObject,
PolicyInformation);
break;
case PolicyAuditEventsInformation: /* 2 */
Status = LsarQueryAuditEvents(PolicyObject,
PolicyInformation);
break;
case PolicyPrimaryDomainInformation: /* 3 */
Status = LsarQueryPrimaryDomain(PolicyObject,
PolicyInformation);
break;
case PolicyPdAccountInformation: /* 4 */
Status = LsarQueryPdAccount(PolicyObject,
PolicyInformation);
break;
case PolicyAccountDomainInformation: /* 5 */
Status = LsarQueryAccountDomain(PolicyObject,
PolicyInformation);
break;
case PolicyLsaServerRoleInformation: /* 6 */
Status = LsarQueryServerRole(PolicyObject,
PolicyInformation);
break;
case PolicyReplicaSourceInformation: /* 7 */
Status = LsarQueryReplicaSource(PolicyObject,
PolicyInformation);
break;
case PolicyDefaultQuotaInformation: /* 8 */
Status = LsarQueryDefaultQuota(PolicyObject,
PolicyInformation);
break;
case PolicyModificationInformation: /* 9 */
Status = LsarQueryModification(PolicyObject,
PolicyInformation);
break;
case PolicyAuditFullQueryInformation: /* 11 (0xB) */
Status = LsarQueryAuditFull(PolicyObject,
PolicyInformation);
break;
case PolicyDnsDomainInformation: /* 12 (0xC) */
Status = LsarQueryDnsDomain(PolicyObject,
PolicyInformation);
break;
case PolicyDnsDomainInformationInt: /* 13 (0xD) */
Status = LsarQueryDnsDomainInt(PolicyObject,
PolicyInformation);
break;
case PolicyLocalAccountDomainInformation: /* 14 (0xE) */
Status = LsarQueryLocalAccountDomain(PolicyObject,
PolicyInformation);
break;
default:
ERR("Invalid InformationClass!\n");
Status = STATUS_INVALID_PARAMETER;
}
return Status;
}
/* Function 8 */
NTSTATUS WINAPI LsarSetInformationPolicy(
LSAPR_HANDLE PolicyHandle,
POLICY_INFORMATION_CLASS InformationClass,
PLSAPR_POLICY_INFORMATION PolicyInformation)
{
PLSA_DB_OBJECT PolicyObject;
ACCESS_MASK DesiredAccess = 0;
NTSTATUS Status;
TRACE("LsarSetInformationPolicy(%p,0x%08x,%p)\n",
PolicyHandle, InformationClass, PolicyInformation);
if (PolicyInformation)
{
TRACE("*PolicyInformation %p\n", *PolicyInformation);
}
switch (InformationClass)
{
case PolicyAuditLogInformation:
case PolicyAuditFullSetInformation:
DesiredAccess = POLICY_AUDIT_LOG_ADMIN;
break;
case PolicyAuditEventsInformation:
DesiredAccess = POLICY_SET_AUDIT_REQUIREMENTS;
break;
case PolicyPrimaryDomainInformation:
case PolicyAccountDomainInformation:
case PolicyDnsDomainInformation:
case PolicyDnsDomainInformationInt:
case PolicyLocalAccountDomainInformation:
DesiredAccess = POLICY_TRUST_ADMIN;
break;
case PolicyLsaServerRoleInformation:
case PolicyReplicaSourceInformation:
DesiredAccess = POLICY_SERVER_ADMIN;
break;
case PolicyDefaultQuotaInformation:
DesiredAccess = POLICY_SET_DEFAULT_QUOTA_LIMITS;
break;
default:
ERR("Invalid InformationClass!\n");
return STATUS_INVALID_PARAMETER;
}
Status = LsapValidateDbObject(PolicyHandle,
LsaDbPolicyObject,
DesiredAccess,
&PolicyObject);
if (!NT_SUCCESS(Status))
return Status;
switch (InformationClass)
{
case PolicyAuditLogInformation: /* 1 */
Status = LsarSetAuditLog(PolicyObject,
(PPOLICY_AUDIT_LOG_INFO)PolicyInformation);
break;
case PolicyAuditEventsInformation: /* 2 */
Status = LsarSetAuditEvents(PolicyObject,
(PLSAPR_POLICY_AUDIT_EVENTS_INFO)PolicyInformation);
break;
case PolicyPrimaryDomainInformation: /* 3 */
Status = LsarSetPrimaryDomain(PolicyObject,
(PLSAPR_POLICY_PRIMARY_DOM_INFO)PolicyInformation);
break;
case PolicyAccountDomainInformation: /* 5 */
Status = LsarSetAccountDomain(PolicyObject,
(PLSAPR_POLICY_ACCOUNT_DOM_INFO)PolicyInformation);
break;
case PolicyLsaServerRoleInformation: /* 6 */
Status = LsarSetServerRole(PolicyObject,
(PPOLICY_LSA_SERVER_ROLE_INFO)PolicyInformation);
break;
case PolicyReplicaSourceInformation: /* 7 */
Status = LsarSetReplicaSource(PolicyObject,
(PPOLICY_LSA_REPLICA_SRCE_INFO)PolicyInformation);
break;
case PolicyDefaultQuotaInformation: /* 8 */
Status = LsarSetDefaultQuota(PolicyObject,
(PPOLICY_DEFAULT_QUOTA_INFO)PolicyInformation);
break;
case PolicyModificationInformation: /* 9 */
Status = LsarSetModification(PolicyObject,
(PPOLICY_MODIFICATION_INFO)PolicyInformation);
break;
case PolicyAuditFullSetInformation: /* 10 (0xA) */
Status = LsarSetAuditFull(PolicyObject,
(PPOLICY_AUDIT_FULL_QUERY_INFO)PolicyInformation);
break;
case PolicyDnsDomainInformation: /* 12 (0xC) */
Status = LsarSetDnsDomain(PolicyObject,
(PLSAPR_POLICY_DNS_DOMAIN_INFO)PolicyInformation);
break;
case PolicyDnsDomainInformationInt: /* 13 (0xD) */
Status = LsarSetDnsDomainInt(PolicyObject,
(PLSAPR_POLICY_DNS_DOMAIN_INFO)PolicyInformation);
break;
case PolicyLocalAccountDomainInformation: /* 14 (0xE) */
Status = LsarSetLocalAccountDomain(PolicyObject,
(PLSAPR_POLICY_ACCOUNT_DOM_INFO)PolicyInformation);
break;
default:
Status = STATUS_INVALID_PARAMETER;
break;
}
return Status;
}
/* Function 9 */
NTSTATUS WINAPI LsarClearAuditLog(
LSAPR_HANDLE ObjectHandle)
{
/* Deprecated */
return STATUS_NOT_IMPLEMENTED;
}
/* Function 10 */
NTSTATUS WINAPI LsarCreateAccount(
LSAPR_HANDLE PolicyHandle,
PRPC_SID AccountSid,
ACCESS_MASK DesiredAccess,
LSAPR_HANDLE *AccountHandle)
{
PLSA_DB_OBJECT PolicyObject;
PLSA_DB_OBJECT AccountObject = NULL;
LPWSTR SidString = NULL;
PSECURITY_DESCRIPTOR AccountSd = NULL;
ULONG AccountSdSize;
NTSTATUS Status = STATUS_SUCCESS;
/* Validate the AccountSid */
if (!RtlValidSid(AccountSid))
return STATUS_INVALID_PARAMETER;
/* Validate the PolicyHandle */
Status = LsapValidateDbObject(PolicyHandle,
LsaDbPolicyObject,
POLICY_CREATE_ACCOUNT,
&PolicyObject);
if (!NT_SUCCESS(Status))
{
ERR("LsapValidateDbObject returned 0x%08lx\n", Status);
return Status;
}
/* Create SID string */
if (!ConvertSidToStringSid((PSID)AccountSid,
&SidString))
{
ERR("ConvertSidToStringSid failed\n");
Status = STATUS_INVALID_PARAMETER;
goto done;
}
/* Create a security descriptor for the account */
Status = LsapCreateAccountSd(&AccountSd,
&AccountSdSize);
if (!NT_SUCCESS(Status))
{
ERR("LsapCreateAccountSd returned 0x%08lx\n", Status);
return Status;
}
/* Create the Account object */
Status = LsapCreateDbObject(PolicyObject,
L"Accounts",
SidString,
LsaDbAccountObject,
DesiredAccess,
PolicyObject->Trusted,
&AccountObject);
if (!NT_SUCCESS(Status))
{
ERR("LsapCreateDbObject failed (Status 0x%08lx)\n", Status);
goto done;
}
/* Set the Sid attribute */
Status = LsapSetObjectAttribute(AccountObject,
L"Sid",
(PVOID)AccountSid,
GetLengthSid(AccountSid));
if (!NT_SUCCESS(Status))
goto done;
/* Set the SecDesc attribute */
Status = LsapSetObjectAttribute(AccountObject,
L"SecDesc",
AccountSd,
AccountSdSize);
done:
if (SidString != NULL)
LocalFree(SidString);
if (AccountSd != NULL)
RtlFreeHeap(RtlGetProcessHeap(), 0, AccountSd);
if (!NT_SUCCESS(Status))
{
if (AccountObject != NULL)
LsapCloseDbObject(AccountObject);
}
else
{
*AccountHandle = (LSAPR_HANDLE)AccountObject;
}
return STATUS_SUCCESS;
}
/* Function 11 */
NTSTATUS WINAPI LsarEnumerateAccounts(
LSAPR_HANDLE PolicyHandle,
DWORD *EnumerationContext,
PLSAPR_ACCOUNT_ENUM_BUFFER EnumerationBuffer,
DWORD PreferedMaximumLength)
{
LSAPR_ACCOUNT_ENUM_BUFFER EnumBuffer = {0, NULL};
PLSA_DB_OBJECT PolicyObject = NULL;
WCHAR AccountKeyName[64];
HANDLE AccountsKeyHandle = NULL;
HANDLE AccountKeyHandle;
HANDLE SidKeyHandle;
ULONG EnumIndex;
ULONG EnumCount;
ULONG RequiredLength;
ULONG DataLength;
ULONG i;
NTSTATUS Status = STATUS_SUCCESS;
TRACE("(%p %p %p %lu)\n", PolicyHandle, EnumerationContext,
EnumerationBuffer, PreferedMaximumLength);
if (EnumerationContext == NULL ||
EnumerationBuffer == NULL)
return STATUS_INVALID_PARAMETER;
EnumerationBuffer->EntriesRead = 0;
EnumerationBuffer->Information = NULL;
/* Validate the PolicyHandle */
Status = LsapValidateDbObject(PolicyHandle,
LsaDbPolicyObject,
POLICY_VIEW_LOCAL_INFORMATION,
&PolicyObject);
if (!NT_SUCCESS(Status))
{
ERR("LsapValidateDbObject returned 0x%08lx\n", Status);
return Status;
}
Status = LsapRegOpenKey(PolicyObject->KeyHandle,
L"Accounts",
KEY_READ,
&AccountsKeyHandle);
if (!NT_SUCCESS(Status))
return Status;
EnumIndex = *EnumerationContext;
EnumCount = 0;
RequiredLength = 0;
while (TRUE)
{
Status = LsapRegEnumerateSubKey(AccountsKeyHandle,
EnumIndex,
64 * sizeof(WCHAR),
AccountKeyName);
if (!NT_SUCCESS(Status))
break;
TRACE("EnumIndex: %lu\n", EnumIndex);
TRACE("Account key name: %S\n", AccountKeyName);
Status = LsapRegOpenKey(AccountsKeyHandle,
AccountKeyName,
KEY_READ,
&AccountKeyHandle);
TRACE("LsapRegOpenKey returned %08lX\n", Status);
if (NT_SUCCESS(Status))
{
Status = LsapRegOpenKey(AccountKeyHandle,
L"Sid",
KEY_READ,
&SidKeyHandle);
TRACE("LsapRegOpenKey returned %08lX\n", Status);
if (NT_SUCCESS(Status))
{
DataLength = 0;
Status = LsapRegQueryValue(SidKeyHandle,
NULL,
NULL,
NULL,
&DataLength);
TRACE("LsapRegQueryValue returned %08lX\n", Status);
if (NT_SUCCESS(Status))
{
TRACE("Data length: %lu\n", DataLength);
if ((RequiredLength + DataLength + sizeof(LSAPR_ACCOUNT_INFORMATION)) > PreferedMaximumLength)
break;
RequiredLength += (DataLength + sizeof(LSAPR_ACCOUNT_INFORMATION));
EnumCount++;
}
LsapRegCloseKey(SidKeyHandle);
}
LsapRegCloseKey(AccountKeyHandle);
}
EnumIndex++;
}
TRACE("EnumCount: %lu\n", EnumCount);
TRACE("RequiredLength: %lu\n", RequiredLength);
EnumBuffer.EntriesRead = EnumCount;
EnumBuffer.Information = midl_user_allocate(EnumCount * sizeof(LSAPR_ACCOUNT_INFORMATION));
if (EnumBuffer.Information == NULL)
{
Status = STATUS_INSUFFICIENT_RESOURCES;
goto done;
}
EnumIndex = *EnumerationContext;
for (i = 0; i < EnumCount; i++, EnumIndex++)
{
Status = LsapRegEnumerateSubKey(AccountsKeyHandle,
EnumIndex,
64 * sizeof(WCHAR),
AccountKeyName);
if (!NT_SUCCESS(Status))
break;
TRACE("EnumIndex: %lu\n", EnumIndex);
TRACE("Account key name: %S\n", AccountKeyName);
Status = LsapRegOpenKey(AccountsKeyHandle,
AccountKeyName,
KEY_READ,
&AccountKeyHandle);
TRACE("LsapRegOpenKey returned %08lX\n", Status);
if (NT_SUCCESS(Status))
{
Status = LsapRegOpenKey(AccountKeyHandle,
L"Sid",
KEY_READ,
&SidKeyHandle);
TRACE("LsapRegOpenKey returned %08lX\n", Status);
if (NT_SUCCESS(Status))
{
DataLength = 0;
Status = LsapRegQueryValue(SidKeyHandle,
NULL,
NULL,
NULL,
&DataLength);
TRACE("LsapRegQueryValue returned %08lX\n", Status);
if (NT_SUCCESS(Status))
{
EnumBuffer.Information[i].Sid = midl_user_allocate(DataLength);
if (EnumBuffer.Information[i].Sid == NULL)
{
LsapRegCloseKey(AccountKeyHandle);
Status = STATUS_INSUFFICIENT_RESOURCES;
goto done;
}
Status = LsapRegQueryValue(SidKeyHandle,
NULL,
NULL,
EnumBuffer.Information[i].Sid,
&DataLength);
TRACE("SampRegQueryValue returned %08lX\n", Status);
}
LsapRegCloseKey(SidKeyHandle);
}
LsapRegCloseKey(AccountKeyHandle);
if (!NT_SUCCESS(Status))
goto done;
}
}
if (NT_SUCCESS(Status))
{
*EnumerationContext += EnumCount;
EnumerationBuffer->EntriesRead = EnumBuffer.EntriesRead;
EnumerationBuffer->Information = EnumBuffer.Information;
}
done:
if (!NT_SUCCESS(Status))
{
if (EnumBuffer.Information)
{
for (i = 0; i < EnumBuffer.EntriesRead; i++)
{
if (EnumBuffer.Information[i].Sid != NULL)
midl_user_free(EnumBuffer.Information[i].Sid);
}
midl_user_free(EnumBuffer.Information);
}
}
if (AccountsKeyHandle != NULL)
LsapRegCloseKey(AccountsKeyHandle);
return Status;
}
/* Function 12 */
NTSTATUS WINAPI LsarCreateTrustedDomain(
LSAPR_HANDLE PolicyHandle,
PLSAPR_TRUST_INFORMATION TrustedDomainInformation,
ACCESS_MASK DesiredAccess,
LSAPR_HANDLE *TrustedDomainHandle)
{
UNIMPLEMENTED;
return STATUS_NOT_IMPLEMENTED;
}
/* Function 13 */
NTSTATUS WINAPI LsarEnumerateTrustedDomains(
LSAPR_HANDLE PolicyHandle,
DWORD *EnumerationContext,
PLSAPR_TRUSTED_ENUM_BUFFER EnumerationBuffer,
DWORD PreferedMaximumLength)
{
UNIMPLEMENTED;
return STATUS_NOT_IMPLEMENTED;
}
/* Function 14 */
NTSTATUS WINAPI LsarLookupNames(
LSAPR_HANDLE PolicyHandle,
DWORD Count,
PRPC_UNICODE_STRING Names,
PLSAPR_REFERENCED_DOMAIN_LIST *ReferencedDomains,
PLSAPR_TRANSLATED_SIDS TranslatedSids,
LSAP_LOOKUP_LEVEL LookupLevel,
DWORD *MappedCount)
{
LSAPR_TRANSLATED_SIDS_EX2 TranslatedSidsEx2;
ULONG i;
NTSTATUS Status;
TRACE("(%p %lu %p %p %p %d %p)\n",
PolicyHandle, Count, Names, ReferencedDomains, TranslatedSids,
LookupLevel, MappedCount);
TranslatedSids->Entries = 0;
TranslatedSids->Sids = NULL;
*ReferencedDomains = NULL;
if (Count == 0)
return STATUS_NONE_MAPPED;
TranslatedSidsEx2.Entries = 0;
TranslatedSidsEx2.Sids = NULL;
Status = LsapLookupNames(Count,
Names,
ReferencedDomains,
&TranslatedSidsEx2,
LookupLevel,
MappedCount,
0,
0);
if (!NT_SUCCESS(Status))
return Status;
TranslatedSids->Entries = TranslatedSidsEx2.Entries;
TranslatedSids->Sids = MIDL_user_allocate(TranslatedSids->Entries * sizeof(LSA_TRANSLATED_SID));
if (TranslatedSids->Sids == NULL)
{
MIDL_user_free(TranslatedSidsEx2.Sids);
MIDL_user_free(*ReferencedDomains);
*ReferencedDomains = NULL;
return STATUS_INSUFFICIENT_RESOURCES;
}
for (i = 0; i < TranslatedSidsEx2.Entries; i++)
{
TranslatedSids->Sids[i].Use = TranslatedSidsEx2.Sids[i].Use;
TranslatedSids->Sids[i].RelativeId = LsapGetRelativeIdFromSid(TranslatedSidsEx2.Sids[i].Sid);
TranslatedSids->Sids[i].DomainIndex = TranslatedSidsEx2.Sids[i].DomainIndex;
}
MIDL_user_free(TranslatedSidsEx2.Sids);
return STATUS_SUCCESS;
}
/* Function 15 */
NTSTATUS WINAPI LsarLookupSids(
LSAPR_HANDLE PolicyHandle,
PLSAPR_SID_ENUM_BUFFER SidEnumBuffer,
PLSAPR_REFERENCED_DOMAIN_LIST *ReferencedDomains,
PLSAPR_TRANSLATED_NAMES TranslatedNames,
LSAP_LOOKUP_LEVEL LookupLevel,
DWORD *MappedCount)
{
LSAPR_TRANSLATED_NAMES_EX TranslatedNamesEx;
ULONG i;
NTSTATUS Status;
TRACE("(%p %p %p %p %d %p)\n",
PolicyHandle, SidEnumBuffer, ReferencedDomains, TranslatedNames,
LookupLevel, MappedCount);
/* FIXME: Fail, if there is an invalid SID in the SidEnumBuffer */
TranslatedNames->Entries = SidEnumBuffer->Entries;
TranslatedNames->Names = NULL;
*ReferencedDomains = NULL;
TranslatedNamesEx.Entries = SidEnumBuffer->Entries;
TranslatedNamesEx.Names = NULL;
Status = LsapLookupSids(SidEnumBuffer,
ReferencedDomains,
&TranslatedNamesEx,
LookupLevel,
MappedCount,
0,
0);
if (!NT_SUCCESS(Status))
return Status;
TranslatedNames->Entries = SidEnumBuffer->Entries;
TranslatedNames->Names = MIDL_user_allocate(SidEnumBuffer->Entries * sizeof(LSAPR_TRANSLATED_NAME));
if (TranslatedNames->Names == NULL)
{
MIDL_user_free(TranslatedNamesEx.Names);
MIDL_user_free(*ReferencedDomains);
*ReferencedDomains = NULL;
return STATUS_INSUFFICIENT_RESOURCES;
}
for (i = 0; i < TranslatedNamesEx.Entries; i++)
{
TranslatedNames->Names[i].Use = TranslatedNamesEx.Names[i].Use;
TranslatedNames->Names[i].Name.Length = TranslatedNamesEx.Names[i].Name.Length;
TranslatedNames->Names[i].Name.MaximumLength = TranslatedNamesEx.Names[i].Name.MaximumLength;
TranslatedNames->Names[i].Name.Buffer = TranslatedNamesEx.Names[i].Name.Buffer;
TranslatedNames->Names[i].DomainIndex = TranslatedNamesEx.Names[i].DomainIndex;
}
MIDL_user_free(TranslatedNamesEx.Names);
return Status;
}
/* Function 16 */
NTSTATUS WINAPI LsarCreateSecret(
LSAPR_HANDLE PolicyHandle,
PRPC_UNICODE_STRING SecretName,
ACCESS_MASK DesiredAccess,
LSAPR_HANDLE *SecretHandle)
{
PLSA_DB_OBJECT PolicyObject;
PLSA_DB_OBJECT SecretObject = NULL;
LARGE_INTEGER Time;
PSECURITY_DESCRIPTOR SecretSd = NULL;
ULONG SecretSdSize;
NTSTATUS Status = STATUS_SUCCESS;
/* Validate the PolicyHandle */
Status = LsapValidateDbObject(PolicyHandle,
LsaDbPolicyObject,
POLICY_CREATE_SECRET,
&PolicyObject);
if (!NT_SUCCESS(Status))
{
ERR("LsapValidateDbObject returned 0x%08lx\n", Status);
return Status;
}
/* Get the current time */
Status = NtQuerySystemTime(&Time);
if (!NT_SUCCESS(Status))
{
ERR("NtQuerySystemTime failed (Status 0x%08lx)\n", Status);
goto done;
}
/* Create a security descriptor for the secret */
Status = LsapCreateSecretSd(&SecretSd,
&SecretSdSize);
if (!NT_SUCCESS(Status))
{
ERR("LsapCreateAccountSd returned 0x%08lx\n", Status);
return Status;
}
/* Create the Secret object */
Status = LsapCreateDbObject(PolicyObject,
L"Secrets",
SecretName->Buffer,
LsaDbSecretObject,
DesiredAccess,
PolicyObject->Trusted,
&SecretObject);
if (!NT_SUCCESS(Status))
{
ERR("LsapCreateDbObject failed (Status 0x%08lx)\n", Status);
goto done;
}
/* Set the CurrentTime attribute */
Status = LsapSetObjectAttribute(SecretObject,
L"CurrentTime",
(PVOID)&Time,
sizeof(LARGE_INTEGER));
if (!NT_SUCCESS(Status))
{
ERR("LsapSetObjectAttribute (CurrentTime) failed (Status 0x%08lx)\n", Status);
goto done;
}
/* Set the OldTime attribute */
Status = LsapSetObjectAttribute(SecretObject,
L"OldTime",
(PVOID)&Time,
sizeof(LARGE_INTEGER));
if (!NT_SUCCESS(Status))
{
ERR("LsapSetObjectAttribute (OldTime) failed (Status 0x%08lx)\n", Status);
goto done;
}
/* Set the SecDesc attribute */
Status = LsapSetObjectAttribute(SecretObject,
L"SecDesc",
SecretSd,
SecretSdSize);
done:
if (SecretSd != NULL)
RtlFreeHeap(RtlGetProcessHeap(), 0, SecretSd);
if (!NT_SUCCESS(Status))
{
if (SecretObject != NULL)
LsapCloseDbObject(SecretObject);
}
else
{
*SecretHandle = (LSAPR_HANDLE)SecretObject;
}
return STATUS_SUCCESS;
}
/* Function 17 */
NTSTATUS WINAPI LsarOpenAccount(
LSAPR_HANDLE PolicyHandle,
PRPC_SID AccountSid,
ACCESS_MASK DesiredAccess,
LSAPR_HANDLE *AccountHandle)
{
PLSA_DB_OBJECT PolicyObject;
PLSA_DB_OBJECT AccountObject = NULL;
LPWSTR SidString = NULL;
NTSTATUS Status = STATUS_SUCCESS;
/* Validate the AccountSid */
if (!RtlValidSid(AccountSid))
return STATUS_INVALID_PARAMETER;
/* Validate the PolicyHandle */
Status = LsapValidateDbObject(PolicyHandle,
LsaDbPolicyObject,
0,
&PolicyObject);
if (!NT_SUCCESS(Status))
{
ERR("LsapValidateDbObject returned 0x%08lx\n", Status);
return Status;
}
/* Create SID string */
if (!ConvertSidToStringSid((PSID)AccountSid,
&SidString))
{
ERR("ConvertSidToStringSid failed\n");
Status = STATUS_INVALID_PARAMETER;
goto done;
}
/* Create the Account object */
Status = LsapOpenDbObject(PolicyObject,
L"Accounts",
SidString,
LsaDbAccountObject,
DesiredAccess,
PolicyObject->Trusted,
&AccountObject);
if (!NT_SUCCESS(Status))
{
ERR("LsapOpenDbObject failed (Status 0x%08lx)\n", Status);
goto done;
}
/* Set the Sid attribute */
Status = LsapSetObjectAttribute(AccountObject,
L"Sid",
(PVOID)AccountSid,
GetLengthSid(AccountSid));
done:
if (SidString != NULL)
LocalFree(SidString);
if (!NT_SUCCESS(Status))
{
if (AccountObject != NULL)
LsapCloseDbObject(AccountObject);
}
else
{
*AccountHandle = (LSAPR_HANDLE)AccountObject;
}
return Status;
}
/* Function 18 */
NTSTATUS WINAPI LsarEnumeratePrivilegesAccount(
LSAPR_HANDLE AccountHandle,
PLSAPR_PRIVILEGE_SET *Privileges)
{
PLSA_DB_OBJECT AccountObject;
ULONG PrivilegeSetSize = 0;
PLSAPR_PRIVILEGE_SET PrivilegeSet = NULL;
NTSTATUS Status;
*Privileges = NULL;
/* Validate the AccountHandle */
Status = LsapValidateDbObject(AccountHandle,
LsaDbAccountObject,
ACCOUNT_VIEW,
&AccountObject);
if (!NT_SUCCESS(Status))
{
ERR("LsapValidateDbObject returned 0x%08lx\n", Status);
return Status;
}
/* Get the size of the privilege set */
Status = LsapGetObjectAttribute(AccountObject,
L"Privilgs",
NULL,
&PrivilegeSetSize);
if (!NT_SUCCESS(Status))
return Status;
/* Allocate a buffer for the privilege set */
PrivilegeSet = MIDL_user_allocate(PrivilegeSetSize);
if (PrivilegeSet == NULL)
return STATUS_NO_MEMORY;
/* Get the privilege set */
Status = LsapGetObjectAttribute(AccountObject,
L"Privilgs",
PrivilegeSet,
&PrivilegeSetSize);
if (!NT_SUCCESS(Status))
{
MIDL_user_free(PrivilegeSet);
return Status;
}
/* Return a pointer to the privilege set */
*Privileges = PrivilegeSet;
return STATUS_SUCCESS;
}
/* Function 19 */
NTSTATUS WINAPI LsarAddPrivilegesToAccount(
LSAPR_HANDLE AccountHandle,
PLSAPR_PRIVILEGE_SET Privileges)
{
PLSA_DB_OBJECT AccountObject;
PPRIVILEGE_SET CurrentPrivileges = NULL;
PPRIVILEGE_SET NewPrivileges = NULL;
ULONG PrivilegeSetSize = 0;
ULONG PrivilegeCount;
ULONG i, j;
BOOL bFound;
NTSTATUS Status;
/* Validate the AccountHandle */
Status = LsapValidateDbObject(AccountHandle,
LsaDbAccountObject,
ACCOUNT_ADJUST_PRIVILEGES,
&AccountObject);
if (!NT_SUCCESS(Status))
{
ERR("LsapValidateDbObject returned 0x%08lx\n", Status);
return Status;
}
/* Get the size of the Privilgs attribute */
Status = LsapGetObjectAttribute(AccountObject,
L"Privilgs",
NULL,
&PrivilegeSetSize);
if (!NT_SUCCESS(Status) || PrivilegeSetSize == 0)
{
/* The Privilgs attribute does not exist */
PrivilegeSetSize = sizeof(PRIVILEGE_SET) +
(Privileges->PrivilegeCount - 1) * sizeof(LUID_AND_ATTRIBUTES);
Status = LsapSetObjectAttribute(AccountObject,
L"Privilgs",
Privileges,
PrivilegeSetSize);
}
else
{
/* The Privilgs attribute exists */
/* Allocate memory for the stored privilege set */
CurrentPrivileges = MIDL_user_allocate(PrivilegeSetSize);
if (CurrentPrivileges == NULL)
return STATUS_NO_MEMORY;
/* Get the current privilege set */
Status = LsapGetObjectAttribute(AccountObject,
L"Privilgs",
CurrentPrivileges,
&PrivilegeSetSize);
if (!NT_SUCCESS(Status))
{
TRACE("LsapGetObjectAttribute() failed (Status 0x%08lx)\n", Status);
goto done;
}
PrivilegeCount = CurrentPrivileges->PrivilegeCount;
TRACE("Current privilege count: %lu\n", PrivilegeCount);
/* Calculate the number privileges in the combined privilege set */
for (i = 0; i < Privileges->PrivilegeCount; i++)
{
bFound = FALSE;
for (j = 0; j < CurrentPrivileges->PrivilegeCount; j++)
{
if (RtlEqualLuid(&(Privileges->Privilege[i].Luid),
&(CurrentPrivileges->Privilege[i].Luid)))
{
bFound = TRUE;
break;
}
}
if (bFound == FALSE)
{
TRACE("Found new privilege\n");
PrivilegeCount++;
}
}
TRACE("New privilege count: %lu\n", PrivilegeCount);
/* Calculate the size of the new privilege set and allocate it */
PrivilegeSetSize = sizeof(PRIVILEGE_SET) +
(PrivilegeCount - 1) * sizeof(LUID_AND_ATTRIBUTES);
NewPrivileges = MIDL_user_allocate(PrivilegeSetSize);
if (NewPrivileges == NULL)
{
Status = STATUS_NO_MEMORY;
goto done;
}
/* Initialize the new privilege set */
NewPrivileges->PrivilegeCount = PrivilegeCount;
NewPrivileges->Control = 0;
/* Copy all privileges from the current privilege set */
RtlCopyLuidAndAttributesArray(CurrentPrivileges->PrivilegeCount,
&(CurrentPrivileges->Privilege[0]),
&(NewPrivileges->Privilege[0]));
/* Add new privileges to the new privilege set */
PrivilegeCount = CurrentPrivileges->PrivilegeCount;
for (i = 0; i < Privileges->PrivilegeCount; i++)
{
bFound = FALSE;
for (j = 0; j < CurrentPrivileges->PrivilegeCount; j++)
{
if (RtlEqualLuid(&(Privileges->Privilege[i].Luid),
&(CurrentPrivileges->Privilege[i].Luid)))
{
/* Overwrite attributes if a matching privilege was found */
NewPrivileges->Privilege[j].Attributes = Privileges->Privilege[i].Attributes;
bFound = TRUE;
break;
}
}
if (bFound == FALSE)
{
/* Copy the new privilege */
RtlCopyLuidAndAttributesArray(1,
(PLUID_AND_ATTRIBUTES)&(Privileges->Privilege[i]),
&(NewPrivileges->Privilege[PrivilegeCount]));
PrivilegeCount++;
}
}
/* Set the new privilege set */
Status = LsapSetObjectAttribute(AccountObject,
L"Privilgs",
NewPrivileges,
PrivilegeSetSize);
}
done:
if (CurrentPrivileges != NULL)
MIDL_user_free(CurrentPrivileges);
if (NewPrivileges != NULL)
MIDL_user_free(NewPrivileges);
return Status;
}
/* Function 20 */
NTSTATUS WINAPI LsarRemovePrivilegesFromAccount(
LSAPR_HANDLE AccountHandle,
BOOL AllPrivileges,
PLSAPR_PRIVILEGE_SET Privileges)
{
PLSA_DB_OBJECT AccountObject;
PPRIVILEGE_SET CurrentPrivileges = NULL;
PPRIVILEGE_SET NewPrivileges = NULL;
ULONG PrivilegeSetSize = 0;
ULONG PrivilegeCount;
ULONG i, j, k;
BOOL bFound;
NTSTATUS Status;
TRACE("(%p %u %p)\n", AccountHandle, AllPrivileges, Privileges);
/* */
if ((AllPrivileges == FALSE && Privileges == NULL) ||
(AllPrivileges == TRUE && Privileges != NULL))
return STATUS_INVALID_PARAMETER;
/* Validate the AccountHandle */
Status = LsapValidateDbObject(AccountHandle,
LsaDbAccountObject,
ACCOUNT_ADJUST_PRIVILEGES,
&AccountObject);
if (!NT_SUCCESS(Status))
{
ERR("LsapValidateDbObject returned 0x%08lx\n", Status);
return Status;
}
if (AllPrivileges == TRUE)
{
/* Delete the Privilgs attribute */
Status = LsapDeleteObjectAttribute(AccountObject,
L"Privilgs");
if (Status == STATUS_OBJECT_NAME_NOT_FOUND)
Status = STATUS_SUCCESS;
}
else
{
/* Get the size of the Privilgs attribute */
Status = LsapGetObjectAttribute(AccountObject,
L"Privilgs",
NULL,
&PrivilegeSetSize);
if (!NT_SUCCESS(Status))
goto done;
/* Succeed, if there is no privilege set to remove privileges from */
if (PrivilegeSetSize == 0)
{
Status = STATUS_SUCCESS;
goto done;
}
/* Allocate memory for the stored privilege set */
CurrentPrivileges = MIDL_user_allocate(PrivilegeSetSize);
if (CurrentPrivileges == NULL)
return STATUS_NO_MEMORY;
/* Get the current privilege set */
Status = LsapGetObjectAttribute(AccountObject,
L"Privilgs",
CurrentPrivileges,
&PrivilegeSetSize);
if (!NT_SUCCESS(Status))
{
TRACE("LsapGetObjectAttribute() failed (Status 0x%08lx)\n", Status);
goto done;
}
PrivilegeCount = CurrentPrivileges->PrivilegeCount;
TRACE("Current privilege count: %lu\n", PrivilegeCount);
/* Calculate the number of privileges in the new privilege set */
for (i = 0; i < CurrentPrivileges->PrivilegeCount; i++)
{
for (j = 0; j < Privileges->PrivilegeCount; j++)
{
if (RtlEqualLuid(&(CurrentPrivileges->Privilege[i].Luid),
&(Privileges->Privilege[j].Luid)))
{
if (PrivilegeCount > 0)
PrivilegeCount--;
}
}
}
TRACE("New privilege count: %lu\n", PrivilegeCount);
if (PrivilegeCount == 0)
{
/* Delete the Privilgs attribute */
Status = LsapDeleteObjectAttribute(AccountObject,
L"Privilgs");
if (Status == STATUS_OBJECT_NAME_NOT_FOUND)
Status = STATUS_SUCCESS;
}
else
{
/* Calculate the size of the new privilege set and allocate it */
PrivilegeSetSize = sizeof(PRIVILEGE_SET) +
(PrivilegeCount - 1) * sizeof(LUID_AND_ATTRIBUTES);
NewPrivileges = MIDL_user_allocate(PrivilegeSetSize);
if (NewPrivileges == NULL)
{
Status = STATUS_NO_MEMORY;
goto done;
}
/* Initialize the new privilege set */
NewPrivileges->PrivilegeCount = PrivilegeCount;
NewPrivileges->Control = 0;
/* Copy the privileges which are not to be removed */
for (i = 0, k = 0; i < CurrentPrivileges->PrivilegeCount; i++)
{
bFound = FALSE;
for (j = 0; j < Privileges->PrivilegeCount; j++)
{
if (RtlEqualLuid(&(CurrentPrivileges->Privilege[i].Luid),
&(Privileges->Privilege[j].Luid)))
bFound = TRUE;
}
if (bFound == FALSE)
{
/* Copy the privilege */
RtlCopyLuidAndAttributesArray(1,
&(CurrentPrivileges->Privilege[i]),
&(NewPrivileges->Privilege[k]));
k++;
}
}
/* Set the new privilege set */
Status = LsapSetObjectAttribute(AccountObject,
L"Privilgs",
NewPrivileges,
PrivilegeSetSize);
}
}
done:
if (CurrentPrivileges != NULL)
MIDL_user_free(CurrentPrivileges);
if (NewPrivileges != NULL)
MIDL_user_free(NewPrivileges);
return Status;
}
/* Function 21 */
NTSTATUS WINAPI LsarGetQuotasForAccount(
LSAPR_HANDLE AccountHandle,
PQUOTA_LIMITS QuotaLimits)
{
PLSA_DB_OBJECT AccountObject;
ULONG Size;
NTSTATUS Status;
TRACE("(%p %p)\n", AccountHandle, QuotaLimits);
/* Validate the account handle */
Status = LsapValidateDbObject(AccountHandle,
LsaDbAccountObject,
ACCOUNT_VIEW,
&AccountObject);
if (!NT_SUCCESS(Status))
{
ERR("Invalid handle (Status %lx)\n", Status);
return Status;
}
/* Get the quota attribute */
Status = LsapGetObjectAttribute(AccountObject,
L"DefQuota",
QuotaLimits,
&Size);
return Status;
}
/* Function 22 */
NTSTATUS WINAPI LsarSetQuotasForAccount(
LSAPR_HANDLE AccountHandle,
PQUOTA_LIMITS QuotaLimits)
{
PLSA_DB_OBJECT AccountObject;
QUOTA_LIMITS InternalQuotaLimits;
ULONG Size;
NTSTATUS Status;
TRACE("(%p %p)\n", AccountHandle, QuotaLimits);
/* Validate the account handle */
Status = LsapValidateDbObject(AccountHandle,
LsaDbAccountObject,
ACCOUNT_ADJUST_QUOTAS,
&AccountObject);
if (!NT_SUCCESS(Status))
{
ERR("Invalid handle (Status %lx)\n", Status);
return Status;
}
/* Get the quota limits attribute */
Size = sizeof(QUOTA_LIMITS);
Status = LsapGetObjectAttribute(AccountObject,
L"DefQuota",
&InternalQuotaLimits,
&Size);
if (!NT_SUCCESS(Status))
{
TRACE("LsapGetObjectAttribute() failed (Status 0x%08lx)\n", Status);
return Status;
}
/* Update the quota limits */
if (QuotaLimits->PagedPoolLimit != 0)
InternalQuotaLimits.PagedPoolLimit = QuotaLimits->PagedPoolLimit;
if (QuotaLimits->NonPagedPoolLimit != 0)
InternalQuotaLimits.NonPagedPoolLimit = QuotaLimits->NonPagedPoolLimit;
if (QuotaLimits->MinimumWorkingSetSize != 0)
InternalQuotaLimits.MinimumWorkingSetSize = QuotaLimits->MinimumWorkingSetSize;
if (QuotaLimits->MaximumWorkingSetSize != 0)
InternalQuotaLimits.MaximumWorkingSetSize = QuotaLimits->MaximumWorkingSetSize;
if (QuotaLimits->PagefileLimit != 0)
InternalQuotaLimits.PagefileLimit = QuotaLimits->PagefileLimit;
/* Set the quota limits attribute */
Status = LsapSetObjectAttribute(AccountObject,
L"DefQuota",
&InternalQuotaLimits,
sizeof(QUOTA_LIMITS));
return Status;
}
/* Function 23 */
NTSTATUS WINAPI LsarGetSystemAccessAccount(
LSAPR_HANDLE AccountHandle,
ACCESS_MASK *SystemAccess)
{
PLSA_DB_OBJECT AccountObject;
ULONG Size;
NTSTATUS Status;
/* Validate the account handle */
Status = LsapValidateDbObject(AccountHandle,
LsaDbAccountObject,
ACCOUNT_VIEW,
&AccountObject);
if (!NT_SUCCESS(Status))
{
ERR("Invalid handle (Status %lx)\n", Status);
return Status;
}
/* Get the system access flags */
Status = LsapGetObjectAttribute(AccountObject,
L"ActSysAc",
SystemAccess,
&Size);
return Status;
}
/* Function 24 */
NTSTATUS WINAPI LsarSetSystemAccessAccount(
LSAPR_HANDLE AccountHandle,
ACCESS_MASK SystemAccess)
{
PLSA_DB_OBJECT AccountObject;
NTSTATUS Status;
/* Validate the account handle */
Status = LsapValidateDbObject(AccountHandle,
LsaDbAccountObject,
ACCOUNT_ADJUST_SYSTEM_ACCESS,
&AccountObject);
if (!NT_SUCCESS(Status))
{
ERR("Invalid handle (Status %lx)\n", Status);
return Status;
}
/* Set the system access flags */
Status = LsapSetObjectAttribute(AccountObject,
L"ActSysAc",
&SystemAccess,
sizeof(ACCESS_MASK));
return Status;
}
/* Function 25 */
NTSTATUS WINAPI LsarOpenTrustedDomain(
LSAPR_HANDLE PolicyHandle,
PRPC_SID TrustedDomainSid,
ACCESS_MASK DesiredAccess,
LSAPR_HANDLE *TrustedDomainHandle)
{
UNIMPLEMENTED;
return STATUS_NOT_IMPLEMENTED;
}
/* Function 26 */
NTSTATUS WINAPI LsarQueryInfoTrustedDomain(
LSAPR_HANDLE TrustedDomainHandle,
TRUSTED_INFORMATION_CLASS InformationClass,
PLSAPR_TRUSTED_DOMAIN_INFO *TrustedDomainInformation)
{
UNIMPLEMENTED;
return STATUS_NOT_IMPLEMENTED;
}
/* Function 27 */
NTSTATUS WINAPI LsarSetInformationTrustedDomain(
LSAPR_HANDLE TrustedDomainHandle,
TRUSTED_INFORMATION_CLASS InformationClass,
PLSAPR_TRUSTED_DOMAIN_INFO TrustedDomainInformation)
{
UNIMPLEMENTED;
return STATUS_NOT_IMPLEMENTED;
}
/* Function 28 */
NTSTATUS WINAPI LsarOpenSecret(
LSAPR_HANDLE PolicyHandle,
PRPC_UNICODE_STRING SecretName,
ACCESS_MASK DesiredAccess,
LSAPR_HANDLE *SecretHandle)
{
PLSA_DB_OBJECT PolicyObject;
PLSA_DB_OBJECT SecretObject = NULL;
NTSTATUS Status = STATUS_SUCCESS;
/* Validate the PolicyHandle */
Status = LsapValidateDbObject(PolicyHandle,
LsaDbPolicyObject,
0,
&PolicyObject);
if (!NT_SUCCESS(Status))
{
ERR("LsapValidateDbObject returned 0x%08lx\n", Status);
return Status;
}
/* Create the secret object */
Status = LsapOpenDbObject(PolicyObject,
L"Secrets",
SecretName->Buffer,
LsaDbSecretObject,
DesiredAccess,
PolicyObject->Trusted,
&SecretObject);
if (!NT_SUCCESS(Status))
{
ERR("LsapOpenDbObject failed (Status 0x%08lx)\n", Status);
goto done;
}
done:
if (!NT_SUCCESS(Status))
{
if (SecretObject != NULL)
LsapCloseDbObject(SecretObject);
}
else
{
*SecretHandle = (LSAPR_HANDLE)SecretObject;
}
return Status;
}
/* Function 29 */
NTSTATUS WINAPI LsarSetSecret(
LSAPR_HANDLE SecretHandle,
PLSAPR_CR_CIPHER_VALUE EncryptedCurrentValue,
PLSAPR_CR_CIPHER_VALUE EncryptedOldValue)
{
PLSA_DB_OBJECT SecretObject;
PBYTE CurrentValue = NULL;
PBYTE OldValue = NULL;
ULONG CurrentValueLength = 0;
ULONG OldValueLength = 0;
LARGE_INTEGER Time;
NTSTATUS Status;
TRACE("LsarSetSecret(%p %p %p)\n", SecretHandle,
EncryptedCurrentValue, EncryptedOldValue);
/* Validate the SecretHandle */
Status = LsapValidateDbObject(SecretHandle,
LsaDbSecretObject,
SECRET_SET_VALUE,
&SecretObject);
if (!NT_SUCCESS(Status))
{
ERR("LsapValidateDbObject returned 0x%08lx\n", Status);
return Status;
}
if (EncryptedCurrentValue != NULL)
{
/* FIXME: Decrypt the current value */
CurrentValue = EncryptedCurrentValue->Buffer;
CurrentValueLength = EncryptedCurrentValue->MaximumLength;
}
/* Set the current value */
Status = LsapSetObjectAttribute(SecretObject,
L"CurrentValue",
CurrentValue,
CurrentValueLength);
if (!NT_SUCCESS(Status))
{
ERR("LsapSetObjectAttribute failed (Status 0x%08lx)\n", Status);
goto done;
}
/* Get the current time */
Status = NtQuerySystemTime(&Time);
if (!NT_SUCCESS(Status))
{
ERR("NtQuerySystemTime failed (Status 0x%08lx)\n", Status);
goto done;
}
/* Set the current time */
Status = LsapSetObjectAttribute(SecretObject,
L"CurrentTime",
&Time,
sizeof(LARGE_INTEGER));
if (!NT_SUCCESS(Status))
{
ERR("LsapSetObjectAttribute failed (Status 0x%08lx)\n", Status);
goto done;
}
if (EncryptedOldValue != NULL)
{
/* FIXME: Decrypt the old value */
OldValue = EncryptedOldValue->Buffer;
OldValueLength = EncryptedOldValue->MaximumLength;
}
/* Set the old value */
Status = LsapSetObjectAttribute(SecretObject,
L"OldValue",
OldValue,
OldValueLength);
if (!NT_SUCCESS(Status))
{
ERR("LsapSetObjectAttribute failed (Status 0x%08lx)\n", Status);
goto done;
}
/* Set the old time */
Status = LsapSetObjectAttribute(SecretObject,
L"OldTime",
&Time,
sizeof(LARGE_INTEGER));
if (!NT_SUCCESS(Status))
{
ERR("LsapSetObjectAttribute failed (Status 0x%08lx)\n", Status);
}
done:
return Status;
}
/* Function 30 */
NTSTATUS WINAPI LsarQuerySecret(
LSAPR_HANDLE SecretHandle,
PLSAPR_CR_CIPHER_VALUE *EncryptedCurrentValue,
PLARGE_INTEGER CurrentValueSetTime,
PLSAPR_CR_CIPHER_VALUE *EncryptedOldValue,
PLARGE_INTEGER OldValueSetTime)
{
PLSA_DB_OBJECT SecretObject;
PLSAPR_CR_CIPHER_VALUE EncCurrentValue = NULL;
PLSAPR_CR_CIPHER_VALUE EncOldValue = NULL;
PBYTE CurrentValue = NULL;
PBYTE OldValue = NULL;
ULONG CurrentValueLength = 0;
ULONG OldValueLength = 0;
ULONG BufferSize;
NTSTATUS Status;
TRACE("LsarQuerySecret(%p %p %p %p %p)\n", SecretHandle,
EncryptedCurrentValue, CurrentValueSetTime,
EncryptedOldValue, OldValueSetTime);
/* Validate the SecretHandle */
Status = LsapValidateDbObject(SecretHandle,
LsaDbSecretObject,
SECRET_QUERY_VALUE,
&SecretObject);
if (!NT_SUCCESS(Status))
{
ERR("LsapValidateDbObject returned 0x%08lx\n", Status);
return Status;
}
if (EncryptedCurrentValue != NULL)
{
CurrentValueLength = 0;
/* Get the size of the current value */
Status = LsapGetObjectAttribute(SecretObject,
L"CurrentValue",
NULL,
&CurrentValueLength);
if (!NT_SUCCESS(Status))
goto done;
/* Allocate a buffer for the current value */
CurrentValue = midl_user_allocate(CurrentValueLength);
if (CurrentValue == NULL)
{
Status = STATUS_INSUFFICIENT_RESOURCES;
goto done;
}
/* Get the current value */
Status = LsapGetObjectAttribute(SecretObject,
L"CurrentValue",
CurrentValue,
&CurrentValueLength);
if (!NT_SUCCESS(Status))
goto done;
/* Allocate a buffer for the encrypted current value */
EncCurrentValue = midl_user_allocate(sizeof(LSAPR_CR_CIPHER_VALUE));
if (EncCurrentValue == NULL)
{
Status = STATUS_INSUFFICIENT_RESOURCES;
goto done;
}
/* FIXME: Encrypt the current value */
EncCurrentValue->Length = (USHORT)(CurrentValueLength - sizeof(WCHAR));
EncCurrentValue->MaximumLength = (USHORT)CurrentValueLength;
EncCurrentValue->Buffer = (PBYTE)CurrentValue;
}
if (CurrentValueSetTime != NULL)
{
BufferSize = sizeof(LARGE_INTEGER);
/* Get the current value time */
Status = LsapGetObjectAttribute(SecretObject,
L"CurrentTime",
(PBYTE)CurrentValueSetTime,
&BufferSize);
if (!NT_SUCCESS(Status))
goto done;
}
if (EncryptedOldValue != NULL)
{
OldValueLength = 0;
/* Get the size of the old value */
Status = LsapGetObjectAttribute(SecretObject,
L"OldValue",
NULL,
&OldValueLength);
if (!NT_SUCCESS(Status))
goto done;
/* Allocate a buffer for the old value */
OldValue = midl_user_allocate(OldValueLength);
if (OldValue == NULL)
{
Status = STATUS_INSUFFICIENT_RESOURCES;
goto done;
}
/* Get the old value */
Status = LsapGetObjectAttribute(SecretObject,
L"OldValue",
OldValue,
&OldValueLength);
if (!NT_SUCCESS(Status))
goto done;
/* Allocate a buffer for the encrypted old value */
EncOldValue = midl_user_allocate(sizeof(LSAPR_CR_CIPHER_VALUE) + OldValueLength);
if (EncOldValue == NULL)
{
Status = STATUS_INSUFFICIENT_RESOURCES;
goto done;
}
/* FIXME: Encrypt the old value */
EncOldValue->Length = (USHORT)(OldValueLength - sizeof(WCHAR));
EncOldValue->MaximumLength = (USHORT)OldValueLength;
EncOldValue->Buffer = (PBYTE)OldValue;
}
if (OldValueSetTime != NULL)
{
BufferSize = sizeof(LARGE_INTEGER);
/* Get the old value time */
Status = LsapGetObjectAttribute(SecretObject,
L"OldTime",
(PBYTE)OldValueSetTime,
&BufferSize);
if (!NT_SUCCESS(Status))
goto done;
}
done:
if (NT_SUCCESS(Status))
{
if (EncryptedCurrentValue != NULL)
*EncryptedCurrentValue = EncCurrentValue;
if (EncryptedOldValue != NULL)
*EncryptedOldValue = EncOldValue;
}
else
{
if (EncryptedCurrentValue != NULL)
*EncryptedCurrentValue = NULL;
if (EncryptedOldValue != NULL)
*EncryptedOldValue = NULL;
if (EncCurrentValue != NULL)
midl_user_free(EncCurrentValue);
if (EncOldValue != NULL)
midl_user_free(EncOldValue);
if (CurrentValue != NULL)
midl_user_free(CurrentValue);
if (OldValue != NULL)
midl_user_free(OldValue);
}
TRACE("LsarQuerySecret done (Status 0x%08lx)\n", Status);
return Status;
}
/* Function 31 */
NTSTATUS WINAPI LsarLookupPrivilegeValue(
LSAPR_HANDLE PolicyHandle,
PRPC_UNICODE_STRING Name,
PLUID Value)
{
NTSTATUS Status;
TRACE("LsarLookupPrivilegeValue(%p, %wZ, %p)\n",
PolicyHandle, Name, Value);
Status = LsapValidateDbObject(PolicyHandle,
LsaDbPolicyObject,
POLICY_LOOKUP_NAMES,
NULL);
if (!NT_SUCCESS(Status))
{
ERR("Invalid handle (Status %lx)\n", Status);
return Status;
}
TRACE("Privilege: %wZ\n", Name);
Status = LsarpLookupPrivilegeValue(Name,
Value);
return Status;
}
/* Function 32 */
NTSTATUS WINAPI LsarLookupPrivilegeName(
LSAPR_HANDLE PolicyHandle,
PLUID Value,
PRPC_UNICODE_STRING *Name)
{
NTSTATUS Status;
TRACE("LsarLookupPrivilegeName(%p, %p, %p)\n",
PolicyHandle, Value, Name);
Status = LsapValidateDbObject(PolicyHandle,
LsaDbPolicyObject,
POLICY_LOOKUP_NAMES,
NULL);
if (!NT_SUCCESS(Status))
{
ERR("Invalid handle\n");
return Status;
}
Status = LsarpLookupPrivilegeName(Value,
Name);
return Status;
}
/* Function 33 */
NTSTATUS WINAPI LsarLookupPrivilegeDisplayName(
LSAPR_HANDLE PolicyHandle,
PRPC_UNICODE_STRING Name,
USHORT ClientLanguage,
USHORT ClientSystemDefaultLanguage,
PRPC_UNICODE_STRING *DisplayName,
USHORT *LanguageReturned)
{
UNIMPLEMENTED;
return STATUS_NOT_IMPLEMENTED;
}
/* Function 34 */
NTSTATUS WINAPI LsarDeleteObject(
LSAPR_HANDLE *ObjectHandle)
{
PLSA_DB_OBJECT DbObject;
NTSTATUS Status;
TRACE("(%p)\n", ObjectHandle);
if (ObjectHandle == NULL)
return STATUS_INVALID_PARAMETER;
/* Validate the ObjectHandle */
Status = LsapValidateDbObject(*ObjectHandle,
LsaDbIgnoreObject,
DELETE,
&DbObject);
if (!NT_SUCCESS(Status))
{
ERR("LsapValidateDbObject returned 0x%08lx\n", Status);
return Status;
}
/* You cannot delete the policy object */
if (DbObject->ObjectType == LsaDbPolicyObject)
return STATUS_INVALID_PARAMETER;
/* Delete the database object */
Status = LsapDeleteDbObject(DbObject);
if (!NT_SUCCESS(Status))
{
ERR("LsapDeleteDbObject returned 0x%08lx\n", Status);
return Status;
}
/* Invalidate the object handle */
*ObjectHandle = NULL;
return STATUS_SUCCESS;
}
/* Function 35 */
NTSTATUS WINAPI LsarEnumerateAccountsWithUserRight(
LSAPR_HANDLE PolicyHandle,
PRPC_UNICODE_STRING UserRight,
PLSAPR_ACCOUNT_ENUM_BUFFER EnumerationBuffer)
{
UNIMPLEMENTED;
return STATUS_NOT_IMPLEMENTED;
}
/* Function 36 */
NTSTATUS WINAPI LsarEnumerateAccountRights(
LSAPR_HANDLE PolicyHandle,
PRPC_SID AccountSid,
PLSAPR_USER_RIGHT_SET UserRights)
{
LSAPR_HANDLE AccountHandle;
PLSAPR_PRIVILEGE_SET PrivilegeSet = NULL;
PRPC_UNICODE_STRING RightsBuffer = NULL;
PRPC_UNICODE_STRING PrivilegeString;
ACCESS_MASK SystemAccess;
ULONG RightsCount = 0;
ULONG RightsIndex;
ULONG i;
NTSTATUS Status;
TRACE("LsarEnumerateAccountRights(%p %p %p)\n",
PolicyHandle, AccountSid, UserRights);
/* Open the account */
Status = LsarOpenAccount(PolicyHandle,
AccountSid,
ACCOUNT_VIEW,
&AccountHandle);
if (!NT_SUCCESS(Status))
{
ERR("LsarOpenAccount returned 0x%08lx\n", Status);
return Status;
}
/* Enumerate the privileges */
Status = LsarEnumeratePrivilegesAccount(AccountHandle,
&PrivilegeSet);
if (!NT_SUCCESS(Status))
{
ERR("LsarEnumeratePrivilegesAccount returned 0x%08lx\n", Status);
goto done;
}
/* Get account rights */
Status = LsarGetSystemAccessAccount(AccountHandle,
&SystemAccess);
if (!NT_SUCCESS(Status))
{
ERR("LsarGetSystemAccessAccount returned 0x%08lx\n", Status);
goto done;
}
RightsCount = PrivilegeSet->PrivilegeCount;
/* Count account rights */
for (i = 0; i < sizeof(ACCESS_MASK) * 8; i++)
{
if (SystemAccess & (1 << i))
RightsCount++;
}
/* We are done if there are no rights to be enumerated */
if (RightsCount == 0)
{
UserRights->Entries = 0;
UserRights->UserRights = NULL;
Status = STATUS_SUCCESS;
goto done;
}
/* Allocate a buffer for the account rights */
RightsBuffer = MIDL_user_allocate(RightsCount * sizeof(RPC_UNICODE_STRING));
if (RightsBuffer == NULL)
{
Status = STATUS_INSUFFICIENT_RESOURCES;
goto done;
}
/* Copy the privileges into the buffer */
RightsIndex = 0;
for (i = 0; i < PrivilegeSet->PrivilegeCount; i++)
{
PrivilegeString = NULL;
Status = LsarLookupPrivilegeName(PolicyHandle,
(PLUID)&PrivilegeSet->Privilege[i].Luid,
&PrivilegeString);
if (!NT_SUCCESS(Status))
goto done;
RightsBuffer[i].Length = PrivilegeString->Length;
RightsBuffer[i].MaximumLength = PrivilegeString->MaximumLength;
RightsBuffer[i].Buffer = PrivilegeString->Buffer;
MIDL_user_free(PrivilegeString);
RightsIndex++;
}
/* Copy account rights into the buffer */
for (i = 0; i < sizeof(ACCESS_MASK) * 8; i++)
{
if (SystemAccess & (1 << i))
{
Status = LsapLookupAccountRightName(1 << i,
&PrivilegeString);
if (!NT_SUCCESS(Status))
goto done;
RightsBuffer[i].Length = PrivilegeString->Length;
RightsBuffer[i].MaximumLength = PrivilegeString->MaximumLength;
RightsBuffer[i].Buffer = PrivilegeString->Buffer;
MIDL_user_free(PrivilegeString);
RightsIndex++;
}
}
UserRights->Entries = RightsCount;
UserRights->UserRights = (PRPC_UNICODE_STRING)RightsBuffer;
done:
if (!NT_SUCCESS(Status))
{
if (RightsBuffer != NULL)
{
for (RightsIndex = 0; RightsIndex < RightsCount; RightsIndex++)
{
if (RightsBuffer[RightsIndex].Buffer != NULL)
MIDL_user_free(RightsBuffer[RightsIndex].Buffer);
}
MIDL_user_free(RightsBuffer);
}
}
if (PrivilegeSet != NULL)
MIDL_user_free(PrivilegeSet);
LsarClose(&AccountHandle);
return Status;
}
/* Function 37 */
NTSTATUS WINAPI LsarAddAccountRights(
LSAPR_HANDLE PolicyHandle,
PRPC_SID AccountSid,
PLSAPR_USER_RIGHT_SET UserRights)
{
UNIMPLEMENTED;
return STATUS_NOT_IMPLEMENTED;
}
/* Function 38 */
NTSTATUS WINAPI LsarRemoveAccountRights(
LSAPR_HANDLE PolicyHandle,
PRPC_SID AccountSid,
BOOL AllRights,
PLSAPR_USER_RIGHT_SET UserRights)
{
UNIMPLEMENTED;
return STATUS_NOT_IMPLEMENTED;
}
/* Function 39 */
NTSTATUS WINAPI LsarQueryTrustedDomainInfo(
LSAPR_HANDLE PolicyHandle,
PRPC_SID TrustedDomainSid,
TRUSTED_INFORMATION_CLASS InformationClass,
PLSAPR_TRUSTED_DOMAIN_INFO *TrustedDomainInformation)
{
UNIMPLEMENTED;
return STATUS_NOT_IMPLEMENTED;
}
/* Function 40 */
NTSTATUS WINAPI LsarSetTrustedDomainInfo(
LSAPR_HANDLE PolicyHandle,
PRPC_SID TrustedDomainSid,
TRUSTED_INFORMATION_CLASS InformationClass,
PLSAPR_TRUSTED_DOMAIN_INFO TrustedDomainInformation)
{
UNIMPLEMENTED;
return STATUS_NOT_IMPLEMENTED;
}
/* Function 41 */
NTSTATUS WINAPI LsarDeleteTrustedDomain(
LSAPR_HANDLE PolicyHandle,
PRPC_SID TrustedDomainSid)
{
UNIMPLEMENTED;
return STATUS_NOT_IMPLEMENTED;
}
/* Function 42 */
NTSTATUS WINAPI LsarStorePrivateData(
LSAPR_HANDLE PolicyHandle,
PRPC_UNICODE_STRING KeyName,
PLSAPR_CR_CIPHER_VALUE EncryptedData)
{
UNIMPLEMENTED;
return STATUS_NOT_IMPLEMENTED;
}
/* Function 43 */
NTSTATUS WINAPI LsarRetrievePrivateData(
LSAPR_HANDLE PolicyHandle,
PRPC_UNICODE_STRING KeyName,
PLSAPR_CR_CIPHER_VALUE *EncryptedData)
{
UNIMPLEMENTED;
return STATUS_NOT_IMPLEMENTED;
}
/* Function 44 */
NTSTATUS WINAPI LsarOpenPolicy2(
LPWSTR SystemName,
PLSAPR_OBJECT_ATTRIBUTES ObjectAttributes,
ACCESS_MASK DesiredAccess,
LSAPR_HANDLE *PolicyHandle)
{
return LsarOpenPolicy(SystemName,
ObjectAttributes,
DesiredAccess,
PolicyHandle);
}
/* Function 45 */
NTSTATUS WINAPI LsarGetUserName(
LPWSTR SystemName,
PRPC_UNICODE_STRING *UserName,
PRPC_UNICODE_STRING *DomainName)
{
UNIMPLEMENTED;
return STATUS_NOT_IMPLEMENTED;
}
/* Function 46 */
NTSTATUS WINAPI LsarQueryInformationPolicy2(
LSAPR_HANDLE PolicyHandle,
POLICY_INFORMATION_CLASS InformationClass,
PLSAPR_POLICY_INFORMATION *PolicyInformation)
{
return LsarQueryInformationPolicy(PolicyHandle,
InformationClass,
PolicyInformation);
}
/* Function 47 */
NTSTATUS WINAPI LsarSetInformationPolicy2(
LSAPR_HANDLE PolicyHandle,
POLICY_INFORMATION_CLASS InformationClass,
PLSAPR_POLICY_INFORMATION PolicyInformation)
{
return LsarSetInformationPolicy(PolicyHandle,
InformationClass,
PolicyInformation);
}
/* Function 48 */
NTSTATUS WINAPI LsarQueryTrustedDomainInfoByName(
LSAPR_HANDLE PolicyHandle,
PRPC_UNICODE_STRING TrustedDomainName,
POLICY_INFORMATION_CLASS InformationClass,
PLSAPR_TRUSTED_DOMAIN_INFO *PolicyInformation)
{
UNIMPLEMENTED;
return STATUS_NOT_IMPLEMENTED;
}
/* Function 49 */
NTSTATUS WINAPI LsarSetTrustedDomainInfoByName(
LSAPR_HANDLE PolicyHandle,
PRPC_UNICODE_STRING TrustedDomainName,
POLICY_INFORMATION_CLASS InformationClass,
PLSAPR_TRUSTED_DOMAIN_INFO PolicyInformation)
{
UNIMPLEMENTED;
return STATUS_NOT_IMPLEMENTED;
}
/* Function 50 */
NTSTATUS WINAPI LsarEnumerateTrustedDomainsEx(
LSAPR_HANDLE PolicyHandle,
DWORD *EnumerationContext,
PLSAPR_TRUSTED_ENUM_BUFFER_EX EnumerationBuffer,
DWORD PreferedMaximumLength)
{
UNIMPLEMENTED;
return STATUS_NOT_IMPLEMENTED;
}
/* Function 51 */
NTSTATUS WINAPI LsarCreateTrustedDomainEx(
LSAPR_HANDLE PolicyHandle,
PLSAPR_TRUSTED_DOMAIN_INFORMATION_EX TrustedDomainInformation,
PLSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION AuthentificationInformation,
ACCESS_MASK DesiredAccess,
LSAPR_HANDLE *TrustedDomainHandle)
{
UNIMPLEMENTED;
return STATUS_NOT_IMPLEMENTED;
}
/* Function 52 */
NTSTATUS WINAPI LsarSetPolicyReplicationHandle(
PLSAPR_HANDLE PolicyHandle)
{
/* Deprecated */
return STATUS_NOT_IMPLEMENTED;
}
/* Function 53 */
NTSTATUS WINAPI LsarQueryDomainInformationPolicy(
LSAPR_HANDLE PolicyHandle,
POLICY_INFORMATION_CLASS InformationClass,
PLSAPR_POLICY_DOMAIN_INFORMATION *PolicyInformation)
{
UNIMPLEMENTED;
return STATUS_NOT_IMPLEMENTED;
}
/* Function 54 */
NTSTATUS WINAPI LsarSetDomainInformationPolicy(
LSAPR_HANDLE PolicyHandle,
POLICY_INFORMATION_CLASS InformationClass,
PLSAPR_POLICY_DOMAIN_INFORMATION PolicyInformation)
{
UNIMPLEMENTED;
return STATUS_NOT_IMPLEMENTED;
}
/* Function 55 */
NTSTATUS WINAPI LsarOpenTrustedDomainByName(
LSAPR_HANDLE PolicyHandle,
PRPC_UNICODE_STRING TrustedDomainName,
ACCESS_MASK DesiredAccess,
LSAPR_HANDLE *TrustedDomainHandle)
{
UNIMPLEMENTED;
return STATUS_NOT_IMPLEMENTED;
}
/* Function 56 */
NTSTATUS WINAPI LsarTestCall(
handle_t hBinding)
{
UNIMPLEMENTED;
return STATUS_NOT_IMPLEMENTED;
}
/* Function 57 */
NTSTATUS WINAPI LsarLookupSids2(
LSAPR_HANDLE PolicyHandle,
PLSAPR_SID_ENUM_BUFFER SidEnumBuffer,
PLSAPR_REFERENCED_DOMAIN_LIST *ReferencedDomains,
PLSAPR_TRANSLATED_NAMES_EX TranslatedNames,
LSAP_LOOKUP_LEVEL LookupLevel,
DWORD *MappedCount,
DWORD LookupOptions,
DWORD ClientRevision)
{
NTSTATUS Status;
TRACE("(%p %p %p %p %d %p %lu %lu)\n",
PolicyHandle, SidEnumBuffer, ReferencedDomains, TranslatedNames,
LookupLevel, MappedCount, LookupOptions, ClientRevision);
TranslatedNames->Entries = SidEnumBuffer->Entries;
TranslatedNames->Names = NULL;
*ReferencedDomains = NULL;
/* FIXME: Fail, if there is an invalid SID in the SidEnumBuffer */
Status = LsapLookupSids(SidEnumBuffer,
ReferencedDomains,
TranslatedNames,
LookupLevel,
MappedCount,
LookupOptions,
ClientRevision);
return Status;
}
/* Function 58 */
NTSTATUS WINAPI LsarLookupNames2(
LSAPR_HANDLE PolicyHandle,
DWORD Count,
PRPC_UNICODE_STRING Names,
PLSAPR_REFERENCED_DOMAIN_LIST *ReferencedDomains,
PLSAPR_TRANSLATED_SIDS_EX TranslatedSids,
LSAP_LOOKUP_LEVEL LookupLevel,
DWORD *MappedCount,
DWORD LookupOptions,
DWORD ClientRevision)
{
LSAPR_TRANSLATED_SIDS_EX2 TranslatedSidsEx2;
ULONG i;
NTSTATUS Status;
TRACE("(%p %lu %p %p %p %d %p %lu %lu)\n",
PolicyHandle, Count, Names, ReferencedDomains, TranslatedSids,
LookupLevel, MappedCount, LookupOptions, ClientRevision);
TranslatedSids->Entries = 0;
TranslatedSids->Sids = NULL;
*ReferencedDomains = NULL;
if (Count == 0)
return STATUS_NONE_MAPPED;
TranslatedSidsEx2.Entries = 0;
TranslatedSidsEx2.Sids = NULL;
Status = LsapLookupNames(Count,
Names,
ReferencedDomains,
&TranslatedSidsEx2,
LookupLevel,
MappedCount,
LookupOptions,
ClientRevision);
if (!NT_SUCCESS(Status))
return Status;
TranslatedSids->Entries = TranslatedSidsEx2.Entries;
TranslatedSids->Sids = MIDL_user_allocate(TranslatedSids->Entries * sizeof(LSA_TRANSLATED_SID));
if (TranslatedSids->Sids == NULL)
{
MIDL_user_free(TranslatedSidsEx2.Sids);
MIDL_user_free(*ReferencedDomains);
*ReferencedDomains = NULL;
return STATUS_INSUFFICIENT_RESOURCES;
}
for (i = 0; i < TranslatedSidsEx2.Entries; i++)
{
TranslatedSids->Sids[i].Use = TranslatedSidsEx2.Sids[i].Use;
TranslatedSids->Sids[i].RelativeId = LsapGetRelativeIdFromSid(TranslatedSidsEx2.Sids[i].Sid);
TranslatedSids->Sids[i].DomainIndex = TranslatedSidsEx2.Sids[i].DomainIndex;
TranslatedSids->Sids[i].Flags = TranslatedSidsEx2.Sids[i].Flags;
}
MIDL_user_free(TranslatedSidsEx2.Sids);
return STATUS_SUCCESS;
}
/* Function 59 */
NTSTATUS WINAPI LsarCreateTrustedDomainEx2(
LSAPR_HANDLE PolicyHandle,
PLSAPR_TRUSTED_DOMAIN_INFORMATION_EX TrustedDomainInformation,
PLSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION_INTERNAL AuthentificationInformation,
ACCESS_MASK DesiredAccess,
LSAPR_HANDLE *TrustedDomainHandle)
{
UNIMPLEMENTED;
return STATUS_NOT_IMPLEMENTED;
}
/* Function 60 */
NTSTATUS WINAPI CredrWrite(
handle_t hBinding)
{
UNIMPLEMENTED;
return STATUS_NOT_IMPLEMENTED;
}
/* Function 61 */
NTSTATUS WINAPI CredrRead(
handle_t hBinding)
{
UNIMPLEMENTED;
return STATUS_NOT_IMPLEMENTED;
}
/* Function 62 */
NTSTATUS WINAPI CredrEnumerate(
handle_t hBinding)
{
UNIMPLEMENTED;
return STATUS_NOT_IMPLEMENTED;
}
/* Function 63 */
NTSTATUS WINAPI CredrWriteDomainCredentials(
handle_t hBinding)
{
UNIMPLEMENTED;
return STATUS_NOT_IMPLEMENTED;
}
/* Function 64 */
NTSTATUS WINAPI CredrReadDomainCredentials(
handle_t hBinding)
{
UNIMPLEMENTED;
return STATUS_NOT_IMPLEMENTED;
}
/* Function 65 */
NTSTATUS WINAPI CredrDelete(
handle_t hBinding)
{
UNIMPLEMENTED;
return STATUS_NOT_IMPLEMENTED;
}
/* Function 66 */
NTSTATUS WINAPI CredrGetTargetInfo(
handle_t hBinding)
{
UNIMPLEMENTED;
return STATUS_NOT_IMPLEMENTED;
}
/* Function 67 */
NTSTATUS WINAPI CredrProfileLoaded(
handle_t hBinding)
{
UNIMPLEMENTED;
return STATUS_NOT_IMPLEMENTED;
}
/* Function 68 */
NTSTATUS WINAPI LsarLookupNames3(
LSAPR_HANDLE PolicyHandle,
DWORD Count,
PRPC_UNICODE_STRING Names,
PLSAPR_REFERENCED_DOMAIN_LIST *ReferencedDomains,
PLSAPR_TRANSLATED_SIDS_EX2 TranslatedSids,
LSAP_LOOKUP_LEVEL LookupLevel,
DWORD *MappedCount,
DWORD LookupOptions,
DWORD ClientRevision)
{
NTSTATUS Status;
TRACE("(%p %lu %p %p %p %d %p %lu %lu)\n",
PolicyHandle, Count, Names, ReferencedDomains, TranslatedSids,
LookupLevel, MappedCount, LookupOptions, ClientRevision);
TranslatedSids->Entries = 0;
TranslatedSids->Sids = NULL;
*ReferencedDomains = NULL;
if (Count == 0)
return STATUS_NONE_MAPPED;
Status = LsapLookupNames(Count,
Names,
ReferencedDomains,
TranslatedSids,
LookupLevel,
MappedCount,
LookupOptions,
ClientRevision);
return Status;
}
/* Function 69 */
NTSTATUS WINAPI CredrGetSessionTypes(
handle_t hBinding)
{
UNIMPLEMENTED;
return STATUS_NOT_IMPLEMENTED;
}
/* Function 70 */
NTSTATUS WINAPI LsarRegisterAuditEvent(
handle_t hBinding)
{
UNIMPLEMENTED;
return STATUS_NOT_IMPLEMENTED;
}
/* Function 71 */
NTSTATUS WINAPI LsarGenAuditEvent(
handle_t hBinding)
{
UNIMPLEMENTED;
return STATUS_NOT_IMPLEMENTED;
}
/* Function 72 */
NTSTATUS WINAPI LsarUnregisterAuditEvent(
handle_t hBinding)
{
UNIMPLEMENTED;
return STATUS_NOT_IMPLEMENTED;
}
/* Function 73 */
NTSTATUS WINAPI LsarQueryForestTrustInformation(
LSAPR_HANDLE PolicyHandle,
PLSA_UNICODE_STRING TrustedDomainName,
LSA_FOREST_TRUST_RECORD_TYPE HighestRecordType,
PLSA_FOREST_TRUST_INFORMATION *ForestTrustInfo)
{
UNIMPLEMENTED;
return STATUS_NOT_IMPLEMENTED;
}
/* Function 74 */
NTSTATUS WINAPI LsarSetForestTrustInformation(
LSAPR_HANDLE PolicyHandle,
PLSA_UNICODE_STRING TrustedDomainName,
LSA_FOREST_TRUST_RECORD_TYPE HighestRecordType,
PLSA_FOREST_TRUST_INFORMATION ForestTrustInfo,
BOOL CheckOnly,
PLSA_FOREST_TRUST_COLLISION_INFORMATION *CollisionInfo)
{
UNIMPLEMENTED;
return STATUS_NOT_IMPLEMENTED;
}
/* Function 75 */
NTSTATUS WINAPI CredrRename(
handle_t hBinding)
{
UNIMPLEMENTED;
return STATUS_NOT_IMPLEMENTED;
}
/* Function 76 */
NTSTATUS WINAPI LsarLookupSids3(
LSAPR_HANDLE PolicyHandle,
PLSAPR_SID_ENUM_BUFFER SidEnumBuffer,
PLSAPR_REFERENCED_DOMAIN_LIST *ReferencedDomains,
PLSAPR_TRANSLATED_NAMES_EX TranslatedNames,
LSAP_LOOKUP_LEVEL LookupLevel,
DWORD *MappedCount,
DWORD LookupOptions,
DWORD ClientRevision)
{
NTSTATUS Status;
TRACE("(%p %p %p %p %d %p %lu %lu)\n",
PolicyHandle, SidEnumBuffer, ReferencedDomains, TranslatedNames,
LookupLevel, MappedCount, LookupOptions, ClientRevision);
TranslatedNames->Entries = SidEnumBuffer->Entries;
TranslatedNames->Names = NULL;
*ReferencedDomains = NULL;
/* FIXME: Fail, if there is an invalid SID in the SidEnumBuffer */
Status = LsapLookupSids(SidEnumBuffer,
ReferencedDomains,
TranslatedNames,
LookupLevel,
MappedCount,
LookupOptions,
ClientRevision);
return Status;
}
/* Function 77 */
NTSTATUS WINAPI LsarLookupNames4(
handle_t RpcHandle,
DWORD Count,
PRPC_UNICODE_STRING Names,
PLSAPR_REFERENCED_DOMAIN_LIST *ReferencedDomains,
PLSAPR_TRANSLATED_SIDS_EX2 TranslatedSids,
LSAP_LOOKUP_LEVEL LookupLevel,
DWORD *MappedCount,
DWORD LookupOptions,
DWORD ClientRevision)
{
NTSTATUS Status;
TRACE("(%p %lu %p %p %p %d %p %lu %lu)\n",
RpcHandle, Count, Names, ReferencedDomains, TranslatedSids,
LookupLevel, MappedCount, LookupOptions, ClientRevision);
TranslatedSids->Entries = 0;
TranslatedSids->Sids = NULL;
*ReferencedDomains = NULL;
if (Count == 0)
return STATUS_NONE_MAPPED;
Status = LsapLookupNames(Count,
Names,
ReferencedDomains,
TranslatedSids,
LookupLevel,
MappedCount,
LookupOptions,
ClientRevision);
return Status;
}
/* Function 78 */
NTSTATUS WINAPI LsarOpenPolicySce(
handle_t hBinding)
{
UNIMPLEMENTED;
return STATUS_NOT_IMPLEMENTED;
}
/* Function 79 */
NTSTATUS WINAPI LsarAdtRegisterSecurityEventSource(
handle_t hBinding)
{
UNIMPLEMENTED;
return STATUS_NOT_IMPLEMENTED;
}
/* Function 80 */
NTSTATUS WINAPI LsarAdtUnregisterSecurityEventSource(
handle_t hBinding)
{
UNIMPLEMENTED;
return STATUS_NOT_IMPLEMENTED;
}
/* Function 81 */
NTSTATUS WINAPI LsarAdtReportSecurityEvent(
handle_t hBinding)
{
UNIMPLEMENTED;
return STATUS_NOT_IMPLEMENTED;
}
/* EOF */