[ros-diffs] [ekohl] 56594: [PSDK/LSASRV] - Add new ntlsa.h file to the PSDK. - LsarAddPrivilegesToAccount: Implement the ability to add new privileges to an existing privilege set.
ekohl at svn.reactos.org
ekohl at svn.reactos.org
Thu May 17 12:02:52 UTC 2012
Author: ekohl
Date: Thu May 17 12:02:50 2012
New Revision: 56594
URL: http://svn.reactos.org/svn/reactos?rev=56594&view=rev
Log:
[PSDK/LSASRV]
- Add new ntlsa.h file to the PSDK.
- LsarAddPrivilegesToAccount: Implement the ability to add new privileges to an existing privilege set.
Added:
trunk/reactos/include/psdk/ntlsa.h (with props)
Modified:
trunk/reactos/dll/win32/lsasrv/lsarpc.c
trunk/reactos/dll/win32/lsasrv/lsasrv.h
Modified: trunk/reactos/dll/win32/lsasrv/lsarpc.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/lsasrv/lsarpc.c?rev=56594&r1=56593&r2=56594&view=diff
==============================================================================
--- trunk/reactos/dll/win32/lsasrv/lsarpc.c [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/lsasrv/lsarpc.c [iso-8859-1] Thu May 17 12:02:50 2012
@@ -733,7 +733,7 @@
/* Validate the AccountHandle */
Status = LsapValidateDbObject(AccountHandle,
LsaDbAccountObject,
- 0,
+ ACCOUNT_VIEW,
&AccountObject);
if (!NT_SUCCESS(Status))
{
@@ -778,13 +778,18 @@
PLSAPR_PRIVILEGE_SET Privileges)
{
PLSA_DB_OBJECT AccountObject;
+ PPRIVILEGE_SET CurrentPrivileges = NULL;
+ PPRIVILEGE_SET NewPrivileges = NULL;
ULONG PrivilegeSetSize = 0;
+ ULONG PrivilegeCount;
+ ULONG i, j;
+ BOOL bFound;
NTSTATUS Status;
/* Validate the AccountHandle */
Status = LsapValidateDbObject(AccountHandle,
LsaDbAccountObject,
- 0,
+ ACCOUNT_ADJUST_PRIVILEGES,
&AccountObject);
if (!NT_SUCCESS(Status))
{
@@ -811,8 +816,107 @@
{
/* The Privilgs attribute exists */
- Status = STATUS_NOT_IMPLEMENTED;
- }
+ /* Allocate memory for the stored privilege set */
+ CurrentPrivileges = MIDL_user_allocate(PrivilegeSetSize);
+ if (CurrentPrivileges == NULL)
+ return STATUS_NO_MEMORY;
+
+ /* Get the current privilege set */
+ Status = LsapGetObjectAttribute(AccountObject,
+ L"Privilgs",
+ CurrentPrivileges,
+ &PrivilegeSetSize);
+ if (!NT_SUCCESS(Status))
+ {
+ TRACE("LsapGetObjectAttribute() failed (Status 0x%08lx)\n", Status);
+ goto done;
+ }
+
+ PrivilegeCount = CurrentPrivileges->PrivilegeCount;
+ TRACE("Current privilege count: %lu\n", PrivilegeCount);
+
+ /* Calculate the number privileges in the combined privilege set */
+ for (i = 0; i < Privileges->PrivilegeCount; i++)
+ {
+ bFound = FALSE;
+ for (j = 0; j < CurrentPrivileges->PrivilegeCount; j++)
+ {
+ if (RtlEqualLuid(&(Privileges->Privilege[i].Luid),
+ &(CurrentPrivileges->Privilege[i].Luid)))
+ {
+ bFound = TRUE;
+ break;
+ }
+ }
+
+ if (bFound == FALSE)
+ {
+ TRACE("Found new privilege\n");
+ PrivilegeCount++;
+ }
+ }
+ TRACE("New privilege count: %lu\n", PrivilegeCount);
+
+ /* Calculate the size of the new privilege set and allocate it */
+ PrivilegeSetSize = sizeof(PRIVILEGE_SET) +
+ (PrivilegeCount - 1) * sizeof(LUID_AND_ATTRIBUTES);
+ NewPrivileges = MIDL_user_allocate(PrivilegeSetSize);
+ if (NewPrivileges == NULL)
+ {
+ Status = STATUS_NO_MEMORY;
+ goto done;
+ }
+
+ /* Initialize the new privilege set */
+ NewPrivileges->PrivilegeCount = PrivilegeCount;
+ NewPrivileges->Control = 0;
+
+ /* Copy all privileges from the current privilege set */
+ RtlCopyLuidAndAttributesArray(CurrentPrivileges->PrivilegeCount,
+ &(CurrentPrivileges->Privilege[0]),
+ &(NewPrivileges->Privilege[0]));
+
+ /* Add new privileges to the new privilege set */
+ PrivilegeCount = CurrentPrivileges->PrivilegeCount;
+ for (i = 0; i < Privileges->PrivilegeCount; i++)
+ {
+ bFound = FALSE;
+ for (j = 0; j < CurrentPrivileges->PrivilegeCount; j++)
+ {
+ if (RtlEqualLuid(&(Privileges->Privilege[i].Luid),
+ &(CurrentPrivileges->Privilege[i].Luid)))
+ {
+ /* Overwrite attributes if a matching privilege was found */
+ NewPrivileges->Privilege[j].Attributes = Privileges->Privilege[i].Attributes;
+
+ bFound = TRUE;
+ break;
+ }
+ }
+
+ if (bFound == FALSE)
+ {
+ /* Copy the new privilege */
+ RtlCopyLuidAndAttributesArray(1,
+ (PLUID_AND_ATTRIBUTES)&(Privileges->Privilege[i]),
+ &(NewPrivileges->Privilege[PrivilegeCount]));
+ PrivilegeCount++;
+ }
+ }
+
+ /* Set the new priivliege set */
+ Status = LsapSetObjectAttribute(AccountObject,
+ L"Privilgs",
+ NewPrivileges,
+ PrivilegeSetSize);
+ }
+
+done:
+ if (CurrentPrivileges != NULL)
+ MIDL_user_free(CurrentPrivileges);
+
+ if (NewPrivileges != NULL)
+ MIDL_user_free(NewPrivileges);
return Status;
}
Modified: trunk/reactos/dll/win32/lsasrv/lsasrv.h
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/lsasrv/lsasrv.h?rev=56594&r1=56593&r2=56594&view=diff
==============================================================================
--- trunk/reactos/dll/win32/lsasrv/lsasrv.h [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/lsasrv/lsasrv.h [iso-8859-1] Thu May 17 12:02:50 2012
@@ -17,6 +17,7 @@
#include <ndk/rtlfuncs.h>
#include <ndk/setypes.h>
+#include <ntlsa.h>
#include <ntsecapi.h>
#include <sddl.h>
Added: trunk/reactos/include/psdk/ntlsa.h
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/include/psdk/ntlsa.h?rev=56594&view=auto
==============================================================================
--- trunk/reactos/include/psdk/ntlsa.h (added)
+++ trunk/reactos/include/psdk/ntlsa.h [iso-8859-1] Thu May 17 12:02:50 2012
@@ -1,0 +1,40 @@
+/*
+ * ntlsa.h
+ *
+ * This file is part of the ReactOS PSDK package.
+ *
+ * Contributors:
+ * Created by Eric Kohl.
+ *
+ * THIS SOFTWARE IS NOT COPYRIGHTED
+ *
+ * This source code is offered for use in the public domain. You may
+ * use, modify or distribute it freely.
+ *
+ * This code is distributed in the hope that it will be useful but
+ * WITHOUT ANY WARRANTY. ALL WARRANTIES, EXPRESS OR IMPLIED ARE HEREBY
+ * DISCLAIMED. This includes but is not limited to warranties of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ *
+ */
+
+#ifndef _NTLSA_
+#define _NTLSA_
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define ACCOUNT_VIEW 1
+#define ACCOUNT_ADJUST_PRIVILEGES 2
+#define ACCOUNT_ADJUST_QUOTAS 4
+#define ACCOUNT_ADJUST_SYSTEM_ACCESS 8
+
+
+
+#ifdef __cplusplus
+}
+#endif
+
+
+#endif /* _NTLSA_ */
Propchange: trunk/reactos/include/psdk/ntlsa.h
------------------------------------------------------------------------------
svn:eol-style = native
Propchange: trunk/reactos/include/psdk/ntlsa.h
------------------------------------------------------------------------------
svn:keywords = author date id revision
More information about the Ros-diffs
mailing list