[ros-diffs] [ekohl] 47934: [ADVAPI32/LSASRV] - Implement LookupPrivilegeValueW and LsaLookupPrivilegeValue. - Move lookup code from LookupPrivilegeValueW to LsarLookupPrivilegeValue.
ekohl at svn.reactos.org
ekohl at svn.reactos.org
Sat Jul 3 22:51:44 UTC 2010
Author: ekohl
Date: Sat Jul 3 22:51:44 2010
New Revision: 47934
URL: http://svn.reactos.org/svn/reactos?rev=47934&view=rev
Log:
[ADVAPI32/LSASRV]
- Implement LookupPrivilegeValueW and LsaLookupPrivilegeValue.
- Move lookup code from LookupPrivilegeValueW to LsarLookupPrivilegeValue.
Modified:
trunk/reactos/dll/win32/advapi32/advapi32.spec
trunk/reactos/dll/win32/advapi32/sec/lsa.c
trunk/reactos/dll/win32/advapi32/sec/misc.c
trunk/reactos/dll/win32/lsasrv/lsarpc.c
trunk/reactos/include/psdk/ntsecapi.h
Modified: trunk/reactos/dll/win32/advapi32/advapi32.spec
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/advapi32/advapi32.spec?rev=47934&r1=47933&r2=47934&view=diff
==============================================================================
--- trunk/reactos/dll/win32/advapi32/advapi32.spec [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/advapi32/advapi32.spec [iso-8859-1] Sat Jul 3 22:51:44 2010
@@ -374,7 +374,7 @@
@ stdcall LsaLookupNames2(ptr long long ptr ptr ptr)
@ stub LsaLookupPrivilegeDisplayName
@ stub LsaLookupPrivilegeName
-@ stub LsaLookupPrivilegeValue
+@ stdcall LsaLookupPrivilegeValue(ptr ptr ptr)
@ stdcall LsaLookupSids(ptr long ptr ptr ptr)
@ stdcall LsaNtStatusToWinError(long)
@ stub LsaOpenAccount
Modified: trunk/reactos/dll/win32/advapi32/sec/lsa.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/advapi32/sec/lsa.c?rev=47934&r1=47933&r2=47934&view=diff
==============================================================================
--- trunk/reactos/dll/win32/advapi32/sec/lsa.c [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/advapi32/sec/lsa.c [iso-8859-1] Sat Jul 3 22:51:44 2010
@@ -397,6 +397,37 @@
}
/*
+ * @implemented
+ */
+NTSTATUS
+WINAPI
+LsaLookupPrivilegeValue(IN LSA_HANDLE PolicyHandle,
+ IN PLSA_UNICODE_STRING Name,
+ OUT PLUID Value)
+{
+ LUID Luid;
+ NTSTATUS Status;
+
+ FIXME("(%p,%p,%p) stub\n", PolicyHandle, Name, Value);
+
+ RpcTryExcept
+ {
+ Status = LsarLookupPrivilegeValue(PolicyHandle,
+ (PRPC_UNICODE_STRING)Name,
+ &Luid);
+ if (Status == STATUS_SUCCESS)
+ *Value = Luid;
+ }
+ RpcExcept(EXCEPTION_EXECUTE_HANDLER)
+ {
+ Status = I_RpcMapWin32Status(RpcExceptionCode());
+ }
+ RpcEndExcept;
+
+ return Status;
+}
+
+/*
* @unimplemented
*/
NTSTATUS
Modified: trunk/reactos/dll/win32/advapi32/sec/misc.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/advapi32/sec/misc.c?rev=47934&r1=47933&r2=47934&view=diff
==============================================================================
--- trunk/reactos/dll/win32/advapi32/sec/misc.c [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/advapi32/sec/misc.c [iso-8859-1] Sat Jul 3 22:51:44 2010
@@ -1409,81 +1409,51 @@
/**********************************************************************
- * LookupPrivilegeValueW EXPORTED
- *
- * @unimplemented
- */
-BOOL
-WINAPI
-LookupPrivilegeValueW(LPCWSTR SystemName,
- LPCWSTR PrivName,
- PLUID Luid)
-{
- static const WCHAR * const DefaultPrivNames[] =
- {
- L"SeCreateTokenPrivilege",
- L"SeAssignPrimaryTokenPrivilege",
- L"SeLockMemoryPrivilege",
- L"SeIncreaseQuotaPrivilege",
- L"SeMachineAccountPrivilege",
- L"SeTcbPrivilege",
- L"SeSecurityPrivilege",
- L"SeTakeOwnershipPrivilege",
- L"SeLoadDriverPrivilege",
- L"SeSystemProfilePrivilege",
- L"SeSystemtimePrivilege",
- L"SeProfileSingleProcessPrivilege",
- L"SeIncreaseBasePriorityPrivilege",
- L"SeCreatePagefilePrivilege",
- L"SeCreatePermanentPrivilege",
- L"SeBackupPrivilege",
- L"SeRestorePrivilege",
- L"SeShutdownPrivilege",
- L"SeDebugPrivilege",
- L"SeAuditPrivilege",
- L"SeSystemEnvironmentPrivilege",
- L"SeChangeNotifyPrivilege",
- L"SeRemoteShutdownPrivilege",
- L"SeUndockPrivilege",
- L"SeSyncAgentPrivilege",
- L"SeEnableDelegationPrivilege",
- L"SeManageVolumePrivilege",
- L"SeImpersonatePrivilege",
- L"SeCreateGlobalPrivilege"
- };
- unsigned Priv;
-
- if (!ADVAPI_IsLocalComputer(SystemName))
- {
- SetLastError(RPC_S_SERVER_UNAVAILABLE);
- return FALSE;
- }
- if (!PrivName)
- {
- SetLastError(ERROR_NO_SUCH_PRIVILEGE);
- return FALSE;
- }
-
- if (NULL != SystemName && L'\0' != *SystemName)
- {
- FIXME("LookupPrivilegeValueW: not implemented for remote system\n");
- SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
- return FALSE;
- }
-
- for (Priv = 0; Priv < sizeof(DefaultPrivNames) / sizeof(DefaultPrivNames[0]); Priv++)
- {
- if (0 == _wcsicmp(PrivName, DefaultPrivNames[Priv]))
- {
- Luid->LowPart = Priv + SE_MIN_WELL_KNOWN_PRIVILEGE;
- Luid->HighPart = 0;
- return TRUE;
- }
- }
-
- WARN("LookupPrivilegeValueW: no such privilege %S\n", PrivName);
- SetLastError(ERROR_NO_SUCH_PRIVILEGE);
- return FALSE;
+ * LookupPrivilegeValueW
+ *
+ * @implemented
+ */
+BOOL
+WINAPI
+LookupPrivilegeValueW(LPCWSTR lpSystemName,
+ LPCWSTR lpPrivilegeName,
+ PLUID lpLuid)
+{
+ LSA_OBJECT_ATTRIBUTES ObjectAttributes = {0};
+ LSA_UNICODE_STRING SystemName;
+ LSA_UNICODE_STRING PrivilegeName;
+ LSA_HANDLE PolicyHandle = NULL;
+ NTSTATUS Status;
+
+ RtlInitUnicodeString(&SystemName,
+ lpSystemName);
+
+ Status = LsaOpenPolicy(lpSystemName ? &SystemName : NULL,
+ &ObjectAttributes,
+ POLICY_LOOKUP_NAMES,
+ &PolicyHandle);
+ if (!NT_SUCCESS(Status))
+ {
+ SetLastError(LsaNtStatusToWinError(Status));
+ return FALSE;
+ }
+
+ RtlInitUnicodeString(&PrivilegeName,
+ lpPrivilegeName);
+
+ Status = LsaLookupPrivilegeValue(PolicyHandle,
+ &PrivilegeName,
+ lpLuid);
+
+ LsaClose(PolicyHandle);
+
+ if (!NT_SUCCESS(Status))
+ {
+ SetLastError(LsaNtStatusToWinError(Status));
+ return FALSE;
+ }
+
+ return TRUE;
}
Modified: trunk/reactos/dll/win32/lsasrv/lsarpc.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/lsasrv/lsarpc.c?rev=47934&r1=47933&r2=47934&view=diff
==============================================================================
--- trunk/reactos/dll/win32/lsasrv/lsarpc.c [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/lsasrv/lsarpc.c [iso-8859-1] Sat Jul 3 22:51:44 2010
@@ -10,12 +10,19 @@
#include <wine/debug.h>
+typedef enum _LSA_DB_HANDLE_TYPE
+{
+ LsaDbIgnoreHandle,
+ LsaDbPolicyHandle,
+ LsaDbAccountHandle
+} LSA_DB_HANDLE_TYPE, *PLSA_DB_HANDLE_TYPE;
+
typedef struct _LSA_DB_HANDLE
{
ULONG Signature;
- ULONG Type;
+ LSA_DB_HANDLE_TYPE HandleType;
LONG RefCount;
- ACCESS_MASK AccessGranted;
+ ACCESS_MASK Access;
} LSA_DB_HANDLE, *PLSA_DB_HANDLE;
#define LSAP_DB_SIGNATURE 0x12345678
@@ -28,7 +35,8 @@
/* FUNCTIONS ***************************************************************/
static LSAPR_HANDLE
-LsapCreateDbHandle(ULONG Type)
+LsapCreateDbHandle(LSA_DB_HANDLE_TYPE HandleType,
+ ACCESS_MASK DesiredAccess)
{
PLSA_DB_HANDLE DbHandle;
@@ -41,7 +49,8 @@
{
DbHandle->Signature = LSAP_DB_SIGNATURE;
DbHandle->RefCount = 1;
- DbHandle->Type = Type;
+ DbHandle->HandleType = HandleType;
+ DbHandle->Access = DesiredAccess;
}
// RtlLeaveCriticalSection(&PolicyHandleTableLock);
@@ -51,7 +60,8 @@
static BOOL
-LsapValidateDbHandle(LSAPR_HANDLE Handle)
+LsapValidateDbHandle(LSAPR_HANDLE Handle,
+ LSA_DB_HANDLE_TYPE HandleType)
{
PLSA_DB_HANDLE DbHandle = (PLSA_DB_HANDLE)Handle;
BOOL bValid = FALSE;
@@ -59,7 +69,12 @@
_SEH2_TRY
{
if (DbHandle->Signature == LSAP_DB_SIGNATURE)
- bValid = TRUE;
+ {
+ if (HandleType == LsaDbIgnoreHandle)
+ bValid = TRUE;
+ else if (DbHandle->HandleType == HandleType)
+ bValid = TRUE;
+ }
}
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
{
@@ -81,7 +96,7 @@
RtlInitializeCriticalSection(&PolicyHandleTableLock);
- TRACE("LsarStartRpcServer() called");
+ TRACE("LsarStartRpcServer() called\n");
Status = RpcServerUseProtseqEpW(L"ncacn_np",
10,
@@ -129,7 +144,7 @@
// RtlEnterCriticalSection(&PolicyHandleTableLock);
- if (LsapValidateDbHandle(*ObjectHandle))
+ if (LsapValidateDbHandle(*ObjectHandle, LsaDbIgnoreHandle))
{
RtlFreeHeap(RtlGetProcessHeap(), 0, *ObjectHandle);
*ObjectHandle = NULL;
@@ -213,7 +228,8 @@
RtlEnterCriticalSection(&PolicyHandleTableLock);
- *PolicyHandle = LsapCreateDbHandle(0);
+ *PolicyHandle = LsapCreateDbHandle(LsaDbPolicyHandle,
+ DesiredAccess);
if (*PolicyHandle == NULL)
Status = STATUS_INSUFFICIENT_RESOURCES;
@@ -504,8 +520,63 @@
PRPC_UNICODE_STRING Name,
PLUID Value)
{
- UNIMPLEMENTED;
- return STATUS_NOT_IMPLEMENTED;
+ static const WCHAR * const DefaultPrivNames[] =
+ {
+ L"SeCreateTokenPrivilege",
+ L"SeAssignPrimaryTokenPrivilege",
+ L"SeLockMemoryPrivilege",
+ L"SeIncreaseQuotaPrivilege",
+ L"SeMachineAccountPrivilege",
+ L"SeTcbPrivilege",
+ L"SeSecurityPrivilege",
+ L"SeTakeOwnershipPrivilege",
+ L"SeLoadDriverPrivilege",
+ L"SeSystemProfilePrivilege",
+ L"SeSystemtimePrivilege",
+ L"SeProfileSingleProcessPrivilege",
+ L"SeIncreaseBasePriorityPrivilege",
+ L"SeCreatePagefilePrivilege",
+ L"SeCreatePermanentPrivilege",
+ L"SeBackupPrivilege",
+ L"SeRestorePrivilege",
+ L"SeShutdownPrivilege",
+ L"SeDebugPrivilege",
+ L"SeAuditPrivilege",
+ L"SeSystemEnvironmentPrivilege",
+ L"SeChangeNotifyPrivilege",
+ L"SeRemoteShutdownPrivilege",
+ L"SeUndockPrivilege",
+ L"SeSyncAgentPrivilege",
+ L"SeEnableDelegationPrivilege",
+ L"SeManageVolumePrivilege",
+ L"SeImpersonatePrivilege",
+ L"SeCreateGlobalPrivilege"
+ };
+ ULONG Priv;
+
+
+ TRACE("LsarLookupPrivilegeValue(%p, %wZ, %p)\n",
+ PolicyHandle, Name, Value);
+
+ if (!LsapValidateDbHandle(PolicyHandle, LsaDbPolicyHandle))
+ {
+ ERR("Invalid handle\n");
+ return STATUS_INVALID_HANDLE;
+ }
+
+ for (Priv = 0; Priv < sizeof(DefaultPrivNames) / sizeof(DefaultPrivNames[0]); Priv++)
+ {
+ if (0 == _wcsicmp(Name->Buffer, DefaultPrivNames[Priv]))
+ {
+ Value->LowPart = Priv + SE_MIN_WELL_KNOWN_PRIVILEGE;
+ Value->HighPart = 0;
+ return STATUS_SUCCESS;
+ }
+ }
+
+ WARN("LsarLookupPrivilegeValue: no such privilege %wZ\n", Name);
+
+ return STATUS_NO_SUCH_PRIVILEGE;
}
@@ -562,7 +633,7 @@
{
FIXME("(%p,%p,%p) stub\n", PolicyHandle, AccountSid, UserRights);
- if (!LsapValidateDbHandle(PolicyHandle))
+ if (!LsapValidateDbHandle(PolicyHandle, LsaDbPolicyHandle))
return STATUS_INVALID_HANDLE;
UserRights->Entries = 0;
Modified: trunk/reactos/include/psdk/ntsecapi.h
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/include/psdk/ntsecapi.h?rev=47934&r1=47933&r2=47934&view=diff
==============================================================================
--- trunk/reactos/include/psdk/ntsecapi.h [iso-8859-1] (original)
+++ trunk/reactos/include/psdk/ntsecapi.h [iso-8859-1] Sat Jul 3 22:51:44 2010
@@ -698,6 +698,7 @@
PLSA_REFERENCED_DOMAIN_LIST*,PLSA_TRANSLATED_SID*);
NTSTATUS NTAPI LsaLookupNames2(LSA_HANDLE,ULONG,ULONG,PLSA_UNICODE_STRING,
PLSA_REFERENCED_DOMAIN_LIST*,PLSA_TRANSLATED_SID2*);
+NTSTATUS NTAPI LsaLookupPrivilegeValue(LSA_HANDLE, PLSA_UNICODE_STRING, PLUID);
NTSTATUS NTAPI LsaLookupSids(LSA_HANDLE,ULONG,PSID*,
PLSA_REFERENCED_DOMAIN_LIST*,PLSA_TRANSLATED_NAME*);
ULONG NTAPI LsaNtStatusToWinError(NTSTATUS);
More information about the Ros-diffs
mailing list