2 * COPYRIGHT: See COPYING in the top level directory
3 * PROJECT: Local Security Authority (LSA) Server
4 * FILE: reactos/dll/win32/lsasrv/lsarpc.h
5 * PURPOSE: RPC interface functions
7 * PROGRAMMERS: Eric Kohl
12 /* GLOBALS *****************************************************************/
14 static RTL_CRITICAL_SECTION PolicyHandleTableLock
;
18 LsapPolicyMapping
= {POLICY_READ
,
25 LsapAccountMapping
= {ACCOUNT_READ
,
32 LsapSecretMapping
= {SECRET_READ
,
37 /* FUNCTIONS ***************************************************************/
40 LsarStartRpcServer(VOID
)
46 RtlInitializeCriticalSection(&PolicyHandleTableLock
);
48 TRACE("LsarStartRpcServer() called\n");
50 Status
= RpcServerUseProtseqEpW(L
"ncacn_np",
51 RPC_C_PROTSEQ_MAX_REQS_DEFAULT
,
54 if (Status
!= RPC_S_OK
)
56 WARN("RpcServerUseProtseqEpW() failed (Status %lx)\n", Status
);
57 return I_RpcMapWin32Status(Status
);
60 Status
= RpcServerRegisterIf(lsarpc_v0_0_s_ifspec
,
63 if (Status
!= RPC_S_OK
)
65 WARN("RpcServerRegisterIf() failed (Status %lx)\n", Status
);
66 return I_RpcMapWin32Status(Status
);
71 Status
= RpcServerListen(1, 20, TRUE
);
72 if (Status
!= RPC_S_OK
)
74 WARN("RpcServerListen() failed (Status %lx)\n", Status
);
75 return I_RpcMapWin32Status(Status
);
78 /* Notify the service manager */
79 TRACE("Creating notification event!\n");
80 hEvent
= CreateEventW(NULL
,
83 L
"LSA_RPC_SERVER_ACTIVE");
86 dwError
= GetLastError();
87 TRACE("Failed to create or open the notification event (Error %lu)\n", dwError
);
89 if (dwError
== ERROR_ALREADY_EXISTS
)
91 hEvent
= OpenEventW(GENERIC_WRITE
,
93 L
"LSA_RPC_SERVER_ACTIVE");
96 ERR("Could not open the notification event (Error %lu)\n", GetLastError());
97 return STATUS_UNSUCCESSFUL
;
101 return STATUS_UNSUCCESSFUL
;
104 TRACE("Set notification event!\n");
107 /* NOTE: Do not close the event handle, as it must remain alive! */
109 TRACE("LsarStartRpcServer() done\n");
110 return STATUS_SUCCESS
;
114 void __RPC_USER
LSAPR_HANDLE_rundown(LSAPR_HANDLE hHandle
)
121 NTSTATUS WINAPI
LsarClose(
122 LSAPR_HANDLE
*ObjectHandle
)
124 PLSA_DB_OBJECT DbObject
;
125 NTSTATUS Status
= STATUS_SUCCESS
;
127 TRACE("LsarClose(%p)\n", ObjectHandle
);
129 // RtlEnterCriticalSection(&PolicyHandleTableLock);
131 Status
= LsapValidateDbObject(*ObjectHandle
,
135 if (Status
== STATUS_SUCCESS
)
137 Status
= LsapCloseDbObject(DbObject
);
138 *ObjectHandle
= NULL
;
141 // RtlLeaveCriticalSection(&PolicyHandleTableLock);
148 NTSTATUS WINAPI
LsarDelete(
149 LSAPR_HANDLE ObjectHandle
)
151 TRACE("LsarDelete(%p)\n", ObjectHandle
);
153 return LsarDeleteObject(&ObjectHandle
);
158 NTSTATUS WINAPI
LsarEnumeratePrivileges(
159 LSAPR_HANDLE PolicyHandle
,
160 DWORD
*EnumerationContext
,
161 PLSAPR_PRIVILEGE_ENUM_BUFFER EnumerationBuffer
,
162 DWORD PreferedMaximumLength
)
164 PLSA_DB_OBJECT PolicyObject
;
167 TRACE("LsarEnumeratePrivileges(%p %p %p %lu)\n",
168 PolicyHandle
, EnumerationContext
, EnumerationBuffer
,
169 PreferedMaximumLength
);
171 Status
= LsapValidateDbObject(PolicyHandle
,
173 POLICY_VIEW_LOCAL_INFORMATION
,
175 if (!NT_SUCCESS(Status
))
178 if (EnumerationContext
== NULL
)
179 return STATUS_INVALID_PARAMETER
;
181 return LsarpEnumeratePrivileges(EnumerationContext
,
183 PreferedMaximumLength
);
188 NTSTATUS WINAPI
LsarQuerySecurityObject(
189 LSAPR_HANDLE ObjectHandle
,
190 SECURITY_INFORMATION SecurityInformation
,
191 PLSAPR_SR_SECURITY_DESCRIPTOR
*SecurityDescriptor
)
193 PLSA_DB_OBJECT DbObject
= NULL
;
194 PSECURITY_DESCRIPTOR RelativeSd
= NULL
;
195 PSECURITY_DESCRIPTOR ResultSd
= NULL
;
196 PLSAPR_SR_SECURITY_DESCRIPTOR SdData
= NULL
;
197 ACCESS_MASK DesiredAccess
= 0;
198 ULONG RelativeSdSize
= 0;
199 ULONG ResultSdSize
= 0;
202 TRACE("LsarQuerySecurityObject(%p %lx %p)\n",
203 ObjectHandle
, SecurityInformation
, SecurityDescriptor
);
205 if (SecurityDescriptor
== NULL
)
206 return STATUS_INVALID_PARAMETER
;
208 *SecurityDescriptor
= NULL
;
210 if ((SecurityInformation
& OWNER_SECURITY_INFORMATION
) ||
211 (SecurityInformation
& GROUP_SECURITY_INFORMATION
) ||
212 (SecurityInformation
& DACL_SECURITY_INFORMATION
))
213 DesiredAccess
|= READ_CONTROL
;
215 if (SecurityInformation
& SACL_SECURITY_INFORMATION
)
216 DesiredAccess
|= ACCESS_SYSTEM_SECURITY
;
218 /* Validate the ObjectHandle */
219 Status
= LsapValidateDbObject(ObjectHandle
,
223 if (!NT_SUCCESS(Status
))
226 /* Get the size of the SD */
227 Status
= LsapGetObjectAttribute(DbObject
,
231 if (!NT_SUCCESS(Status
))
234 /* Allocate a buffer for the SD */
235 RelativeSd
= MIDL_user_allocate(RelativeSdSize
);
236 if (RelativeSd
== NULL
)
237 return STATUS_INSUFFICIENT_RESOURCES
;
240 Status
= LsapGetObjectAttribute(DbObject
,
244 if (!NT_SUCCESS(Status
))
247 /* Invalidate the SD information that was not requested */
248 if (!(SecurityInformation
& OWNER_SECURITY_INFORMATION
))
249 ((PISECURITY_DESCRIPTOR
)RelativeSd
)->Owner
= NULL
;
251 if (!(SecurityInformation
& GROUP_SECURITY_INFORMATION
))
252 ((PISECURITY_DESCRIPTOR
)RelativeSd
)->Group
= NULL
;
254 if (!(SecurityInformation
& DACL_SECURITY_INFORMATION
))
255 ((PISECURITY_DESCRIPTOR
)RelativeSd
)->Control
&= ~SE_DACL_PRESENT
;
257 if (!(SecurityInformation
& SACL_SECURITY_INFORMATION
))
258 ((PISECURITY_DESCRIPTOR
)RelativeSd
)->Control
&= ~SE_SACL_PRESENT
;
260 /* Calculate the required SD size */
261 Status
= RtlMakeSelfRelativeSD(RelativeSd
,
264 if (Status
!= STATUS_BUFFER_TOO_SMALL
)
267 /* Allocate a buffer for the new SD */
268 ResultSd
= MIDL_user_allocate(ResultSdSize
);
269 if (ResultSd
== NULL
)
271 Status
= STATUS_INSUFFICIENT_RESOURCES
;
275 /* Build the new SD */
276 Status
= RtlMakeSelfRelativeSD(RelativeSd
,
279 if (!NT_SUCCESS(Status
))
282 /* Allocate the SD data buffer */
283 SdData
= MIDL_user_allocate(sizeof(LSAPR_SR_SECURITY_DESCRIPTOR
));
286 Status
= STATUS_INSUFFICIENT_RESOURCES
;
290 /* Fill the SD data buffer and return it to the caller */
291 SdData
->Length
= RelativeSdSize
;
292 SdData
->SecurityDescriptor
= (PBYTE
)ResultSd
;
294 *SecurityDescriptor
= SdData
;
297 if (!NT_SUCCESS(Status
))
299 if (ResultSd
!= NULL
)
300 MIDL_user_free(ResultSd
);
303 if (RelativeSd
!= NULL
)
304 MIDL_user_free(RelativeSd
);
311 NTSTATUS WINAPI
LsarSetSecurityObject(
312 LSAPR_HANDLE ObjectHandle
,
313 SECURITY_INFORMATION SecurityInformation
,
314 PLSAPR_SR_SECURITY_DESCRIPTOR SecurityDescriptor
)
316 PLSA_DB_OBJECT DbObject
= NULL
;
317 ACCESS_MASK DesiredAccess
= 0;
318 PSECURITY_DESCRIPTOR RelativeSd
= NULL
;
319 ULONG RelativeSdSize
= 0;
320 HANDLE TokenHandle
= NULL
;
321 PGENERIC_MAPPING Mapping
;
324 TRACE("LsarSetSecurityObject(%p %lx %p)\n",
325 ObjectHandle
, SecurityInformation
, SecurityDescriptor
);
327 if ((SecurityDescriptor
== NULL
) ||
328 (SecurityDescriptor
->SecurityDescriptor
== NULL
) ||
329 !RtlValidSecurityDescriptor((PSECURITY_DESCRIPTOR
)SecurityDescriptor
->SecurityDescriptor
))
330 return ERROR_INVALID_PARAMETER
;
332 if (SecurityInformation
== 0 ||
333 SecurityInformation
& ~(OWNER_SECURITY_INFORMATION
| GROUP_SECURITY_INFORMATION
334 | DACL_SECURITY_INFORMATION
| SACL_SECURITY_INFORMATION
))
335 return ERROR_INVALID_PARAMETER
;
337 if (SecurityInformation
& SACL_SECURITY_INFORMATION
)
338 DesiredAccess
|= ACCESS_SYSTEM_SECURITY
;
340 if (SecurityInformation
& DACL_SECURITY_INFORMATION
)
341 DesiredAccess
|= WRITE_DAC
;
343 if (SecurityInformation
& (OWNER_SECURITY_INFORMATION
| GROUP_SECURITY_INFORMATION
))
344 DesiredAccess
|= WRITE_OWNER
;
346 if ((SecurityInformation
& OWNER_SECURITY_INFORMATION
) &&
347 (((PISECURITY_DESCRIPTOR
)SecurityDescriptor
)->Owner
== NULL
))
348 return ERROR_INVALID_PARAMETER
;
350 if ((SecurityInformation
& GROUP_SECURITY_INFORMATION
) &&
351 (((PISECURITY_DESCRIPTOR
)SecurityDescriptor
)->Group
== NULL
))
352 return ERROR_INVALID_PARAMETER
;
354 /* Validate the ObjectHandle */
355 Status
= LsapValidateDbObject(ObjectHandle
,
359 if (!NT_SUCCESS(Status
))
361 ERR("LsapValidateDbObject failed (Status 0x%08lx)\n", Status
);
365 /* Get the mapping for the object type */
366 switch (DbObject
->ObjectType
)
368 case LsaDbPolicyObject
:
369 Mapping
= &LsapPolicyMapping
;
372 case LsaDbAccountObject
:
373 Mapping
= &LsapAccountMapping
;
376 // case LsaDbDomainObject:
377 // Mapping = &LsapDomainMapping;
380 case LsaDbSecretObject
:
381 Mapping
= &LsapSecretMapping
;
385 return STATUS_INVALID_HANDLE
;
388 /* Get the size of the SD */
389 Status
= LsapGetObjectAttribute(DbObject
,
393 if (!NT_SUCCESS(Status
))
396 /* Allocate a buffer for the SD */
397 RelativeSd
= RtlAllocateHeap(RtlGetProcessHeap(), 0, RelativeSdSize
);
398 if (RelativeSd
== NULL
)
399 return STATUS_INSUFFICIENT_RESOURCES
;
402 Status
= LsapGetObjectAttribute(DbObject
,
406 if (!NT_SUCCESS(Status
))
409 /* Get the clients token if we try to set the owner */
410 if (SecurityInformation
& OWNER_SECURITY_INFORMATION
)
412 Status
= I_RpcMapWin32Status(RpcImpersonateClient(NULL
));
413 if (!NT_SUCCESS(Status
))
415 ERR("RpcImpersonateClient returns 0x%08lx\n", Status
);
419 Status
= NtOpenThreadToken(NtCurrentThread(),
424 if (!NT_SUCCESS(Status
))
426 ERR("NtOpenThreadToken returns 0x%08lx\n", Status
);
431 /* Build the new security descriptor */
432 Status
= RtlSetSecurityObject(SecurityInformation
,
433 (PSECURITY_DESCRIPTOR
)SecurityDescriptor
->SecurityDescriptor
,
437 if (!NT_SUCCESS(Status
))
439 ERR("RtlSetSecurityObject failed (Status 0x%08lx)\n", Status
);
443 /* Set the modified SD */
444 Status
= LsapSetObjectAttribute(DbObject
,
447 RtlLengthSecurityDescriptor(RelativeSd
));
448 if (!NT_SUCCESS(Status
))
450 ERR("LsapSetObjectAttribute failed (Status 0x%08lx)\n", Status
);
454 if (TokenHandle
!= NULL
)
455 NtClose(TokenHandle
);
457 if (RelativeSd
!= NULL
)
458 RtlFreeHeap(RtlGetProcessHeap(), 0, RelativeSd
);
465 NTSTATUS WINAPI
LsarChangePassword(
467 PRPC_UNICODE_STRING String1
,
468 PRPC_UNICODE_STRING String2
,
469 PRPC_UNICODE_STRING String3
,
470 PRPC_UNICODE_STRING String4
,
471 PRPC_UNICODE_STRING String5
)
474 return STATUS_NOT_IMPLEMENTED
;
479 NTSTATUS WINAPI
LsarOpenPolicy(
481 PLSAPR_OBJECT_ATTRIBUTES ObjectAttributes
,
482 ACCESS_MASK DesiredAccess
,
483 LSAPR_HANDLE
*PolicyHandle
)
485 PLSA_DB_OBJECT PolicyObject
;
488 TRACE("LsarOpenPolicy(%S %p %lx %p)\n",
489 SystemName
, ObjectAttributes
, DesiredAccess
, PolicyHandle
);
491 RtlEnterCriticalSection(&PolicyHandleTableLock
);
493 Status
= LsapOpenDbObject(NULL
,
501 RtlLeaveCriticalSection(&PolicyHandleTableLock
);
503 if (NT_SUCCESS(Status
))
504 *PolicyHandle
= (LSAPR_HANDLE
)PolicyObject
;
506 TRACE("LsarOpenPolicy done!\n");
513 NTSTATUS WINAPI
LsarQueryInformationPolicy(
514 LSAPR_HANDLE PolicyHandle
,
515 POLICY_INFORMATION_CLASS InformationClass
,
516 PLSAPR_POLICY_INFORMATION
*PolicyInformation
)
518 PLSA_DB_OBJECT PolicyObject
;
519 ACCESS_MASK DesiredAccess
= 0;
522 TRACE("LsarQueryInformationPolicy(%p,0x%08x,%p)\n",
523 PolicyHandle
, InformationClass
, PolicyInformation
);
525 if (PolicyInformation
)
527 TRACE("*PolicyInformation %p\n", *PolicyInformation
);
530 switch (InformationClass
)
532 case PolicyAuditLogInformation
:
533 case PolicyAuditEventsInformation
:
534 case PolicyAuditFullQueryInformation
:
535 DesiredAccess
= POLICY_VIEW_AUDIT_INFORMATION
;
538 case PolicyPrimaryDomainInformation
:
539 case PolicyAccountDomainInformation
:
540 case PolicyLsaServerRoleInformation
:
541 case PolicyReplicaSourceInformation
:
542 case PolicyDefaultQuotaInformation
:
543 case PolicyModificationInformation
:
544 case PolicyDnsDomainInformation
:
545 case PolicyDnsDomainInformationInt
:
546 case PolicyLocalAccountDomainInformation
:
547 DesiredAccess
= POLICY_VIEW_LOCAL_INFORMATION
;
550 case PolicyPdAccountInformation
:
551 DesiredAccess
= POLICY_GET_PRIVATE_INFORMATION
;
555 ERR("Invalid InformationClass!\n");
556 return STATUS_INVALID_PARAMETER
;
559 Status
= LsapValidateDbObject(PolicyHandle
,
563 if (!NT_SUCCESS(Status
))
566 switch (InformationClass
)
568 case PolicyAuditLogInformation
: /* 1 */
569 Status
= LsarQueryAuditLog(PolicyObject
,
573 case PolicyAuditEventsInformation
: /* 2 */
574 Status
= LsarQueryAuditEvents(PolicyObject
,
578 case PolicyPrimaryDomainInformation
: /* 3 */
579 Status
= LsarQueryPrimaryDomain(PolicyObject
,
583 case PolicyPdAccountInformation
: /* 4 */
584 Status
= LsarQueryPdAccount(PolicyObject
,
588 case PolicyAccountDomainInformation
: /* 5 */
589 Status
= LsarQueryAccountDomain(PolicyObject
,
593 case PolicyLsaServerRoleInformation
: /* 6 */
594 Status
= LsarQueryServerRole(PolicyObject
,
598 case PolicyReplicaSourceInformation
: /* 7 */
599 Status
= LsarQueryReplicaSource(PolicyObject
,
603 case PolicyDefaultQuotaInformation
: /* 8 */
604 Status
= LsarQueryDefaultQuota(PolicyObject
,
608 case PolicyModificationInformation
: /* 9 */
609 Status
= LsarQueryModification(PolicyObject
,
613 case PolicyAuditFullQueryInformation
: /* 11 (0xB) */
614 Status
= LsarQueryAuditFull(PolicyObject
,
618 case PolicyDnsDomainInformation
: /* 12 (0xC) */
619 Status
= LsarQueryDnsDomain(PolicyObject
,
623 case PolicyDnsDomainInformationInt
: /* 13 (0xD) */
624 Status
= LsarQueryDnsDomainInt(PolicyObject
,
628 case PolicyLocalAccountDomainInformation
: /* 14 (0xE) */
629 Status
= LsarQueryLocalAccountDomain(PolicyObject
,
634 ERR("Invalid InformationClass!\n");
635 Status
= STATUS_INVALID_PARAMETER
;
643 NTSTATUS WINAPI
LsarSetInformationPolicy(
644 LSAPR_HANDLE PolicyHandle
,
645 POLICY_INFORMATION_CLASS InformationClass
,
646 PLSAPR_POLICY_INFORMATION PolicyInformation
)
648 PLSA_DB_OBJECT PolicyObject
;
649 ACCESS_MASK DesiredAccess
= 0;
652 TRACE("LsarSetInformationPolicy(%p,0x%08x,%p)\n",
653 PolicyHandle
, InformationClass
, PolicyInformation
);
655 if (PolicyInformation
)
657 TRACE("*PolicyInformation %p\n", *PolicyInformation
);
660 switch (InformationClass
)
662 case PolicyAuditLogInformation
:
663 case PolicyAuditFullSetInformation
:
664 DesiredAccess
= POLICY_AUDIT_LOG_ADMIN
;
667 case PolicyAuditEventsInformation
:
668 DesiredAccess
= POLICY_SET_AUDIT_REQUIREMENTS
;
671 case PolicyPrimaryDomainInformation
:
672 case PolicyAccountDomainInformation
:
673 case PolicyDnsDomainInformation
:
674 case PolicyDnsDomainInformationInt
:
675 case PolicyLocalAccountDomainInformation
:
676 DesiredAccess
= POLICY_TRUST_ADMIN
;
679 case PolicyLsaServerRoleInformation
:
680 case PolicyReplicaSourceInformation
:
681 DesiredAccess
= POLICY_SERVER_ADMIN
;
684 case PolicyDefaultQuotaInformation
:
685 DesiredAccess
= POLICY_SET_DEFAULT_QUOTA_LIMITS
;
689 ERR("Invalid InformationClass!\n");
690 return STATUS_INVALID_PARAMETER
;
693 Status
= LsapValidateDbObject(PolicyHandle
,
697 if (!NT_SUCCESS(Status
))
700 switch (InformationClass
)
702 case PolicyAuditLogInformation
: /* 1 */
703 Status
= LsarSetAuditLog(PolicyObject
,
704 (PPOLICY_AUDIT_LOG_INFO
)PolicyInformation
);
707 case PolicyAuditEventsInformation
: /* 2 */
708 Status
= LsarSetAuditEvents(PolicyObject
,
709 (PLSAPR_POLICY_AUDIT_EVENTS_INFO
)PolicyInformation
);
710 if (NT_SUCCESS(Status
))
711 LsapNotifyPolicyChange(PolicyNotifyAuditEventsInformation
);
714 case PolicyPrimaryDomainInformation
: /* 3 */
715 Status
= LsarSetPrimaryDomain(PolicyObject
,
716 (PLSAPR_POLICY_PRIMARY_DOM_INFO
)PolicyInformation
);
717 if (NT_SUCCESS(Status
))
718 LsapNotifyPolicyChange(PolicyNotifyDnsDomainInformation
);
721 case PolicyAccountDomainInformation
: /* 5 */
722 Status
= LsarSetAccountDomain(PolicyObject
,
723 (PLSAPR_POLICY_ACCOUNT_DOM_INFO
)PolicyInformation
);
724 if (NT_SUCCESS(Status
))
725 LsapNotifyPolicyChange(PolicyNotifyAccountDomainInformation
);
728 case PolicyLsaServerRoleInformation
: /* 6 */
729 Status
= LsarSetServerRole(PolicyObject
,
730 (PPOLICY_LSA_SERVER_ROLE_INFO
)PolicyInformation
);
731 if (NT_SUCCESS(Status
))
732 LsapNotifyPolicyChange(PolicyNotifyServerRoleInformation
);
735 case PolicyReplicaSourceInformation
: /* 7 */
736 Status
= LsarSetReplicaSource(PolicyObject
,
737 (PPOLICY_LSA_REPLICA_SRCE_INFO
)PolicyInformation
);
740 case PolicyDefaultQuotaInformation
: /* 8 */
741 Status
= LsarSetDefaultQuota(PolicyObject
,
742 (PPOLICY_DEFAULT_QUOTA_INFO
)PolicyInformation
);
745 case PolicyModificationInformation
: /* 9 */
746 Status
= LsarSetModification(PolicyObject
,
747 (PPOLICY_MODIFICATION_INFO
)PolicyInformation
);
750 case PolicyAuditFullSetInformation
: /* 10 (0xA) */
751 Status
= LsarSetAuditFull(PolicyObject
,
752 (PPOLICY_AUDIT_FULL_QUERY_INFO
)PolicyInformation
);
755 case PolicyDnsDomainInformation
: /* 12 (0xC) */
756 Status
= LsarSetDnsDomain(PolicyObject
,
757 (PLSAPR_POLICY_DNS_DOMAIN_INFO
)PolicyInformation
);
758 if (NT_SUCCESS(Status
))
759 LsapNotifyPolicyChange(PolicyNotifyDnsDomainInformation
);
762 case PolicyDnsDomainInformationInt
: /* 13 (0xD) */
763 Status
= LsarSetDnsDomainInt(PolicyObject
,
764 (PLSAPR_POLICY_DNS_DOMAIN_INFO
)PolicyInformation
);
767 case PolicyLocalAccountDomainInformation
: /* 14 (0xE) */
768 Status
= LsarSetLocalAccountDomain(PolicyObject
,
769 (PLSAPR_POLICY_ACCOUNT_DOM_INFO
)PolicyInformation
);
773 Status
= STATUS_INVALID_PARAMETER
;
782 NTSTATUS WINAPI
LsarClearAuditLog(
783 LSAPR_HANDLE ObjectHandle
)
786 return STATUS_NOT_IMPLEMENTED
;
792 PLSA_DB_OBJECT PolicyObject
,
794 ACCESS_MASK DesiredAccess
,
795 PLSA_DB_OBJECT
*AccountObject
)
797 LPWSTR SidString
= NULL
;
798 PSECURITY_DESCRIPTOR AccountSd
= NULL
;
800 NTSTATUS Status
= STATUS_SUCCESS
;
802 /* Create SID string */
803 if (!ConvertSidToStringSid((PSID
)AccountSid
,
806 ERR("ConvertSidToStringSid failed\n");
807 return STATUS_INVALID_PARAMETER
;
810 /* Create a security descriptor for the account */
811 Status
= LsapCreateAccountSd(&AccountSd
,
813 if (!NT_SUCCESS(Status
))
815 ERR("LsapCreateAccountSd returned 0x%08lx\n", Status
);
819 /* Create the Account object */
820 Status
= LsapCreateDbObject(PolicyObject
,
825 PolicyObject
->Trusted
,
827 if (!NT_SUCCESS(Status
))
829 ERR("LsapCreateDbObject failed (Status 0x%08lx)\n", Status
);
833 /* Set the Sid attribute */
834 Status
= LsapSetObjectAttribute(*AccountObject
,
837 GetLengthSid(AccountSid
));
838 if (!NT_SUCCESS(Status
))
841 /* Set the SecDesc attribute */
842 Status
= LsapSetObjectAttribute(*AccountObject
,
848 if (SidString
!= NULL
)
849 LocalFree(SidString
);
851 if (AccountSd
!= NULL
)
852 RtlFreeHeap(RtlGetProcessHeap(), 0, AccountSd
);
859 NTSTATUS WINAPI
LsarCreateAccount(
860 LSAPR_HANDLE PolicyHandle
,
862 ACCESS_MASK DesiredAccess
,
863 LSAPR_HANDLE
*AccountHandle
)
865 PLSA_DB_OBJECT PolicyObject
;
866 PLSA_DB_OBJECT AccountObject
= NULL
;
867 NTSTATUS Status
= STATUS_SUCCESS
;
869 TRACE("LsarCreateAccount(%p %p %lx %p)\n",
870 PolicyHandle
, AccountSid
, DesiredAccess
, AccountHandle
);
872 /* Validate the AccountSid */
873 if (!RtlValidSid(AccountSid
))
874 return STATUS_INVALID_PARAMETER
;
876 /* Validate the PolicyHandle */
877 Status
= LsapValidateDbObject(PolicyHandle
,
879 POLICY_CREATE_ACCOUNT
,
881 if (!NT_SUCCESS(Status
))
883 ERR("LsapValidateDbObject returned 0x%08lx\n", Status
);
888 Status
= LsarpCreateAccount(PolicyObject
,
892 if (NT_SUCCESS(Status
))
894 *AccountHandle
= (LSAPR_HANDLE
)AccountObject
;
902 NTSTATUS WINAPI
LsarEnumerateAccounts(
903 LSAPR_HANDLE PolicyHandle
,
904 DWORD
*EnumerationContext
,
905 PLSAPR_ACCOUNT_ENUM_BUFFER EnumerationBuffer
,
906 DWORD PreferedMaximumLength
)
908 LSAPR_ACCOUNT_ENUM_BUFFER EnumBuffer
= {0, NULL
};
909 PLSA_DB_OBJECT PolicyObject
= NULL
;
910 PWSTR AccountKeyBuffer
= NULL
;
911 HANDLE AccountsKeyHandle
= NULL
;
912 HANDLE AccountKeyHandle
;
914 ULONG AccountKeyBufferSize
;
917 ULONG RequiredLength
;
920 NTSTATUS Status
= STATUS_SUCCESS
;
922 TRACE("LsarEnumerateAccount(%p %p %p %lu)\n",
923 PolicyHandle
, EnumerationContext
, EnumerationBuffer
, PreferedMaximumLength
);
925 if (EnumerationContext
== NULL
||
926 EnumerationBuffer
== NULL
)
927 return STATUS_INVALID_PARAMETER
;
929 EnumerationBuffer
->EntriesRead
= 0;
930 EnumerationBuffer
->Information
= NULL
;
932 /* Validate the PolicyHandle */
933 Status
= LsapValidateDbObject(PolicyHandle
,
935 POLICY_VIEW_LOCAL_INFORMATION
,
937 if (!NT_SUCCESS(Status
))
939 ERR("LsapValidateDbObject returned 0x%08lx\n", Status
);
943 Status
= LsapRegOpenKey(PolicyObject
->KeyHandle
,
947 if (!NT_SUCCESS(Status
))
950 Status
= LsapRegQueryKeyInfo(AccountsKeyHandle
,
952 &AccountKeyBufferSize
,
954 if (!NT_SUCCESS(Status
))
956 ERR("LsapRegQueryKeyInfo returned 0x%08lx\n", Status
);
960 AccountKeyBufferSize
+= sizeof(WCHAR
);
961 AccountKeyBuffer
= RtlAllocateHeap(RtlGetProcessHeap(), 0, AccountKeyBufferSize
);
962 if (AccountKeyBuffer
== NULL
)
964 return STATUS_NO_MEMORY
;
967 EnumIndex
= *EnumerationContext
;
973 Status
= LsapRegEnumerateSubKey(AccountsKeyHandle
,
975 AccountKeyBufferSize
,
977 if (!NT_SUCCESS(Status
))
980 TRACE("EnumIndex: %lu\n", EnumIndex
);
981 TRACE("Account key name: %S\n", AccountKeyBuffer
);
983 Status
= LsapRegOpenKey(AccountsKeyHandle
,
987 TRACE("LsapRegOpenKey returned %08lX\n", Status
);
988 if (NT_SUCCESS(Status
))
990 Status
= LsapRegOpenKey(AccountKeyHandle
,
994 TRACE("LsapRegOpenKey returned %08lX\n", Status
);
995 if (NT_SUCCESS(Status
))
998 Status
= LsapRegQueryValue(SidKeyHandle
,
1003 TRACE("LsapRegQueryValue returned %08lX\n", Status
);
1004 if (NT_SUCCESS(Status
))
1006 TRACE("Data length: %lu\n", DataLength
);
1008 if ((RequiredLength
+ DataLength
+ sizeof(LSAPR_ACCOUNT_INFORMATION
)) > PreferedMaximumLength
)
1011 RequiredLength
+= (DataLength
+ sizeof(LSAPR_ACCOUNT_INFORMATION
));
1015 LsapRegCloseKey(SidKeyHandle
);
1018 LsapRegCloseKey(AccountKeyHandle
);
1024 TRACE("EnumCount: %lu\n", EnumCount
);
1025 TRACE("RequiredLength: %lu\n", RequiredLength
);
1027 EnumBuffer
.EntriesRead
= EnumCount
;
1028 EnumBuffer
.Information
= midl_user_allocate(EnumCount
* sizeof(LSAPR_ACCOUNT_INFORMATION
));
1029 if (EnumBuffer
.Information
== NULL
)
1031 Status
= STATUS_INSUFFICIENT_RESOURCES
;
1035 EnumIndex
= *EnumerationContext
;
1036 for (i
= 0; i
< EnumCount
; i
++, EnumIndex
++)
1038 Status
= LsapRegEnumerateSubKey(AccountsKeyHandle
,
1040 AccountKeyBufferSize
,
1042 if (!NT_SUCCESS(Status
))
1045 TRACE("EnumIndex: %lu\n", EnumIndex
);
1046 TRACE("Account key name: %S\n", AccountKeyBuffer
);
1048 Status
= LsapRegOpenKey(AccountsKeyHandle
,
1052 TRACE("LsapRegOpenKey returned %08lX\n", Status
);
1053 if (NT_SUCCESS(Status
))
1055 Status
= LsapRegOpenKey(AccountKeyHandle
,
1059 TRACE("LsapRegOpenKey returned %08lX\n", Status
);
1060 if (NT_SUCCESS(Status
))
1063 Status
= LsapRegQueryValue(SidKeyHandle
,
1068 TRACE("LsapRegQueryValue returned %08lX\n", Status
);
1069 if (NT_SUCCESS(Status
))
1071 EnumBuffer
.Information
[i
].Sid
= midl_user_allocate(DataLength
);
1072 if (EnumBuffer
.Information
[i
].Sid
== NULL
)
1074 LsapRegCloseKey(AccountKeyHandle
);
1075 Status
= STATUS_INSUFFICIENT_RESOURCES
;
1079 Status
= LsapRegQueryValue(SidKeyHandle
,
1082 EnumBuffer
.Information
[i
].Sid
,
1084 TRACE("SampRegQueryValue returned %08lX\n", Status
);
1087 LsapRegCloseKey(SidKeyHandle
);
1090 LsapRegCloseKey(AccountKeyHandle
);
1092 if (!NT_SUCCESS(Status
))
1097 if (NT_SUCCESS(Status
))
1099 *EnumerationContext
+= EnumCount
;
1100 EnumerationBuffer
->EntriesRead
= EnumBuffer
.EntriesRead
;
1101 EnumerationBuffer
->Information
= EnumBuffer
.Information
;
1105 if (!NT_SUCCESS(Status
))
1107 if (EnumBuffer
.Information
)
1109 for (i
= 0; i
< EnumBuffer
.EntriesRead
; i
++)
1111 if (EnumBuffer
.Information
[i
].Sid
!= NULL
)
1112 midl_user_free(EnumBuffer
.Information
[i
].Sid
);
1115 midl_user_free(EnumBuffer
.Information
);
1119 if (AccountKeyBuffer
!= NULL
)
1120 RtlFreeHeap(RtlGetProcessHeap(), 0, AccountKeyBuffer
);
1122 if (AccountsKeyHandle
!= NULL
)
1123 LsapRegCloseKey(AccountsKeyHandle
);
1130 NTSTATUS WINAPI
LsarCreateTrustedDomain(
1131 LSAPR_HANDLE PolicyHandle
,
1132 PLSAPR_TRUST_INFORMATION TrustedDomainInformation
,
1133 ACCESS_MASK DesiredAccess
,
1134 LSAPR_HANDLE
*TrustedDomainHandle
)
1136 /* FIXME: We are not running an AD yet */
1137 return STATUS_DIRECTORY_SERVICE_REQUIRED
;
1142 NTSTATUS WINAPI
LsarEnumerateTrustedDomains(
1143 LSAPR_HANDLE PolicyHandle
,
1144 DWORD
*EnumerationContext
,
1145 PLSAPR_TRUSTED_ENUM_BUFFER EnumerationBuffer
,
1146 DWORD PreferedMaximumLength
)
1148 /* FIXME: We are not running an AD yet */
1149 EnumerationBuffer
->EntriesRead
= 0;
1150 EnumerationBuffer
->Information
= NULL
;
1151 return STATUS_NO_MORE_ENTRIES
;
1156 NTSTATUS WINAPI
LsarLookupNames(
1157 LSAPR_HANDLE PolicyHandle
,
1159 PRPC_UNICODE_STRING Names
,
1160 PLSAPR_REFERENCED_DOMAIN_LIST
*ReferencedDomains
,
1161 PLSAPR_TRANSLATED_SIDS TranslatedSids
,
1162 LSAP_LOOKUP_LEVEL LookupLevel
,
1165 LSAPR_TRANSLATED_SIDS_EX2 TranslatedSidsEx2
;
1169 TRACE("LsarLookupNames(%p %lu %p %p %p %d %p)\n",
1170 PolicyHandle
, Count
, Names
, ReferencedDomains
, TranslatedSids
,
1171 LookupLevel
, MappedCount
);
1173 TranslatedSids
->Entries
= 0;
1174 TranslatedSids
->Sids
= NULL
;
1175 *ReferencedDomains
= NULL
;
1178 return STATUS_NONE_MAPPED
;
1180 TranslatedSidsEx2
.Entries
= 0;
1181 TranslatedSidsEx2
.Sids
= NULL
;
1183 Status
= LsapLookupNames(Count
,
1191 if (!NT_SUCCESS(Status
))
1194 TranslatedSids
->Entries
= TranslatedSidsEx2
.Entries
;
1195 TranslatedSids
->Sids
= MIDL_user_allocate(TranslatedSids
->Entries
* sizeof(LSA_TRANSLATED_SID
));
1196 if (TranslatedSids
->Sids
== NULL
)
1198 MIDL_user_free(TranslatedSidsEx2
.Sids
);
1199 MIDL_user_free(*ReferencedDomains
);
1200 *ReferencedDomains
= NULL
;
1201 return STATUS_INSUFFICIENT_RESOURCES
;
1204 for (i
= 0; i
< TranslatedSidsEx2
.Entries
; i
++)
1206 TranslatedSids
->Sids
[i
].Use
= TranslatedSidsEx2
.Sids
[i
].Use
;
1207 TranslatedSids
->Sids
[i
].RelativeId
= LsapGetRelativeIdFromSid(TranslatedSidsEx2
.Sids
[i
].Sid
);
1208 TranslatedSids
->Sids
[i
].DomainIndex
= TranslatedSidsEx2
.Sids
[i
].DomainIndex
;
1211 MIDL_user_free(TranslatedSidsEx2
.Sids
);
1213 return STATUS_SUCCESS
;
1218 NTSTATUS WINAPI
LsarLookupSids(
1219 LSAPR_HANDLE PolicyHandle
,
1220 PLSAPR_SID_ENUM_BUFFER SidEnumBuffer
,
1221 PLSAPR_REFERENCED_DOMAIN_LIST
*ReferencedDomains
,
1222 PLSAPR_TRANSLATED_NAMES TranslatedNames
,
1223 LSAP_LOOKUP_LEVEL LookupLevel
,
1226 LSAPR_TRANSLATED_NAMES_EX TranslatedNamesEx
;
1230 TRACE("LsarLookupSids(%p %p %p %p %d %p)\n",
1231 PolicyHandle
, SidEnumBuffer
, ReferencedDomains
, TranslatedNames
,
1232 LookupLevel
, MappedCount
);
1234 /* FIXME: Fail, if there is an invalid SID in the SidEnumBuffer */
1236 TranslatedNames
->Entries
= SidEnumBuffer
->Entries
;
1237 TranslatedNames
->Names
= NULL
;
1238 *ReferencedDomains
= NULL
;
1240 TranslatedNamesEx
.Entries
= SidEnumBuffer
->Entries
;
1241 TranslatedNamesEx
.Names
= NULL
;
1243 Status
= LsapLookupSids(SidEnumBuffer
,
1250 if (!NT_SUCCESS(Status
))
1253 TranslatedNames
->Entries
= SidEnumBuffer
->Entries
;
1254 TranslatedNames
->Names
= MIDL_user_allocate(SidEnumBuffer
->Entries
* sizeof(LSAPR_TRANSLATED_NAME
));
1255 if (TranslatedNames
->Names
== NULL
)
1257 MIDL_user_free(TranslatedNamesEx
.Names
);
1258 MIDL_user_free(*ReferencedDomains
);
1259 *ReferencedDomains
= NULL
;
1260 return STATUS_INSUFFICIENT_RESOURCES
;
1263 for (i
= 0; i
< TranslatedNamesEx
.Entries
; i
++)
1265 TranslatedNames
->Names
[i
].Use
= TranslatedNamesEx
.Names
[i
].Use
;
1266 TranslatedNames
->Names
[i
].Name
.Length
= TranslatedNamesEx
.Names
[i
].Name
.Length
;
1267 TranslatedNames
->Names
[i
].Name
.MaximumLength
= TranslatedNamesEx
.Names
[i
].Name
.MaximumLength
;
1268 TranslatedNames
->Names
[i
].Name
.Buffer
= TranslatedNamesEx
.Names
[i
].Name
.Buffer
;
1269 TranslatedNames
->Names
[i
].DomainIndex
= TranslatedNamesEx
.Names
[i
].DomainIndex
;
1272 MIDL_user_free(TranslatedNamesEx
.Names
);
1279 NTSTATUS WINAPI
LsarCreateSecret(
1280 LSAPR_HANDLE PolicyHandle
,
1281 PRPC_UNICODE_STRING SecretName
,
1282 ACCESS_MASK DesiredAccess
,
1283 LSAPR_HANDLE
*SecretHandle
)
1285 PLSA_DB_OBJECT PolicyObject
;
1286 PLSA_DB_OBJECT SecretObject
= NULL
;
1288 PSECURITY_DESCRIPTOR SecretSd
= NULL
;
1290 NTSTATUS Status
= STATUS_SUCCESS
;
1292 TRACE("LsarCreateSecret(%p %wZ %lx %p)\n",
1293 PolicyHandle
, SecretName
, DesiredAccess
, SecretHandle
);
1295 /* Validate the PolicyHandle */
1296 Status
= LsapValidateDbObject(PolicyHandle
,
1298 POLICY_CREATE_SECRET
,
1300 if (!NT_SUCCESS(Status
))
1302 ERR("LsapValidateDbObject returned 0x%08lx\n", Status
);
1306 /* Get the current time */
1307 Status
= NtQuerySystemTime(&Time
);
1308 if (!NT_SUCCESS(Status
))
1310 ERR("NtQuerySystemTime failed (Status 0x%08lx)\n", Status
);
1314 /* Create a security descriptor for the secret */
1315 Status
= LsapCreateSecretSd(&SecretSd
,
1317 if (!NT_SUCCESS(Status
))
1319 ERR("LsapCreateAccountSd returned 0x%08lx\n", Status
);
1323 /* Create the Secret object */
1324 Status
= LsapCreateDbObject(PolicyObject
,
1329 PolicyObject
->Trusted
,
1331 if (!NT_SUCCESS(Status
))
1333 ERR("LsapCreateDbObject failed (Status 0x%08lx)\n", Status
);
1337 /* Set the CurrentTime attribute */
1338 Status
= LsapSetObjectAttribute(SecretObject
,
1341 sizeof(LARGE_INTEGER
));
1342 if (!NT_SUCCESS(Status
))
1344 ERR("LsapSetObjectAttribute (CurrentTime) failed (Status 0x%08lx)\n", Status
);
1348 /* Set the OldTime attribute */
1349 Status
= LsapSetObjectAttribute(SecretObject
,
1352 sizeof(LARGE_INTEGER
));
1353 if (!NT_SUCCESS(Status
))
1355 ERR("LsapSetObjectAttribute (OldTime) failed (Status 0x%08lx)\n", Status
);
1359 /* Set the SecDesc attribute */
1360 Status
= LsapSetObjectAttribute(SecretObject
,
1366 if (SecretSd
!= NULL
)
1367 RtlFreeHeap(RtlGetProcessHeap(), 0, SecretSd
);
1369 if (!NT_SUCCESS(Status
))
1371 if (SecretObject
!= NULL
)
1372 LsapCloseDbObject(SecretObject
);
1376 *SecretHandle
= (LSAPR_HANDLE
)SecretObject
;
1379 return STATUS_SUCCESS
;
1386 IN PLSA_DB_OBJECT PolicyObject
,
1387 IN PRPC_SID AccountSid
,
1388 IN ACCESS_MASK DesiredAccess
,
1389 OUT PLSA_DB_OBJECT
*AccountObject
)
1391 LPWSTR SidString
= NULL
;
1392 NTSTATUS Status
= STATUS_SUCCESS
;
1394 /* Create SID string */
1395 if (!ConvertSidToStringSid((PSID
)AccountSid
,
1398 ERR("ConvertSidToStringSid failed\n");
1399 return STATUS_INVALID_PARAMETER
;
1402 /* Create the Account object */
1403 Status
= LsapOpenDbObject(PolicyObject
,
1408 PolicyObject
->Trusted
,
1410 if (!NT_SUCCESS(Status
))
1412 ERR("LsapOpenDbObject(Accounts/%S) failed (Status 0x%08lx)\n", SidString
, Status
);
1415 if (SidString
!= NULL
)
1416 LocalFree(SidString
);
1423 NTSTATUS WINAPI
LsarOpenAccount(
1424 LSAPR_HANDLE PolicyHandle
,
1425 PRPC_SID AccountSid
,
1426 ACCESS_MASK DesiredAccess
,
1427 LSAPR_HANDLE
*AccountHandle
)
1429 PLSA_DB_OBJECT PolicyObject
;
1432 TRACE("LsarOpenAccount(%p %p %lx %p)\n",
1433 PolicyHandle
, AccountSid
, DesiredAccess
, AccountHandle
);
1435 /* Validate the AccountSid */
1436 if (!RtlValidSid(AccountSid
))
1437 return STATUS_INVALID_PARAMETER
;
1439 /* Validate the PolicyHandle */
1440 Status
= LsapValidateDbObject(PolicyHandle
,
1444 if (!NT_SUCCESS(Status
))
1446 ERR("LsapValidateDbObject returned 0x%08lx\n", Status
);
1451 /* Open the Account object */
1452 return LsarpOpenAccount(PolicyObject
,
1455 (PLSA_DB_OBJECT
*)AccountHandle
);
1460 NTSTATUS WINAPI
LsarEnumeratePrivilegesAccount(
1461 LSAPR_HANDLE AccountHandle
,
1462 PLSAPR_PRIVILEGE_SET
*Privileges
)
1464 PLSA_DB_OBJECT AccountObject
;
1465 ULONG PrivilegeSetSize
= 0;
1466 PLSAPR_PRIVILEGE_SET PrivilegeSet
= NULL
;
1469 TRACE("LsarEnumeratePrivilegesAccount(%p %p)\n",
1470 AccountHandle
, Privileges
);
1474 /* Validate the AccountHandle */
1475 Status
= LsapValidateDbObject(AccountHandle
,
1479 if (!NT_SUCCESS(Status
))
1481 ERR("LsapValidateDbObject returned 0x%08lx\n", Status
);
1485 /* Get the size of the privilege set */
1486 Status
= LsapGetObjectAttribute(AccountObject
,
1490 if (!NT_SUCCESS(Status
))
1493 /* Allocate a buffer for the privilege set */
1494 PrivilegeSet
= MIDL_user_allocate(PrivilegeSetSize
);
1495 if (PrivilegeSet
== NULL
)
1496 return STATUS_NO_MEMORY
;
1498 /* Get the privilege set */
1499 Status
= LsapGetObjectAttribute(AccountObject
,
1503 if (!NT_SUCCESS(Status
))
1505 MIDL_user_free(PrivilegeSet
);
1509 /* Return a pointer to the privilege set */
1510 *Privileges
= PrivilegeSet
;
1512 return STATUS_SUCCESS
;
1517 NTSTATUS WINAPI
LsarAddPrivilegesToAccount(
1518 LSAPR_HANDLE AccountHandle
,
1519 PLSAPR_PRIVILEGE_SET Privileges
)
1521 PLSA_DB_OBJECT AccountObject
;
1522 PPRIVILEGE_SET CurrentPrivileges
= NULL
;
1523 PPRIVILEGE_SET NewPrivileges
= NULL
;
1524 ULONG PrivilegeSetSize
= 0;
1525 ULONG PrivilegeCount
;
1530 TRACE("LsarAddPrivilegesToAccount(%p %p)\n",
1531 AccountHandle
, Privileges
);
1533 /* Validate the AccountHandle */
1534 Status
= LsapValidateDbObject(AccountHandle
,
1536 ACCOUNT_ADJUST_PRIVILEGES
,
1538 if (!NT_SUCCESS(Status
))
1540 ERR("LsapValidateDbObject returned 0x%08lx\n", Status
);
1544 /* Get the size of the Privilgs attribute */
1545 Status
= LsapGetObjectAttribute(AccountObject
,
1549 if (!NT_SUCCESS(Status
) || PrivilegeSetSize
== 0)
1551 /* The Privilgs attribute does not exist */
1553 PrivilegeSetSize
= sizeof(PRIVILEGE_SET
) +
1554 (Privileges
->PrivilegeCount
- 1) * sizeof(LUID_AND_ATTRIBUTES
);
1555 Status
= LsapSetObjectAttribute(AccountObject
,
1562 /* The Privilgs attribute exists */
1564 /* Allocate memory for the stored privilege set */
1565 CurrentPrivileges
= MIDL_user_allocate(PrivilegeSetSize
);
1566 if (CurrentPrivileges
== NULL
)
1567 return STATUS_NO_MEMORY
;
1569 /* Get the current privilege set */
1570 Status
= LsapGetObjectAttribute(AccountObject
,
1574 if (!NT_SUCCESS(Status
))
1576 TRACE("LsapGetObjectAttribute() failed (Status 0x%08lx)\n", Status
);
1580 PrivilegeCount
= CurrentPrivileges
->PrivilegeCount
;
1581 TRACE("Current privilege count: %lu\n", PrivilegeCount
);
1583 /* Calculate the number of privileges in the combined privilege set */
1584 for (i
= 0; i
< Privileges
->PrivilegeCount
; i
++)
1587 for (j
= 0; j
< CurrentPrivileges
->PrivilegeCount
; j
++)
1589 if (RtlEqualLuid(&(Privileges
->Privilege
[i
].Luid
),
1590 &(CurrentPrivileges
->Privilege
[i
].Luid
)))
1597 if (bFound
== FALSE
)
1599 TRACE("Found new privilege\n");
1603 TRACE("New privilege count: %lu\n", PrivilegeCount
);
1605 /* Calculate the size of the new privilege set and allocate it */
1606 PrivilegeSetSize
= sizeof(PRIVILEGE_SET
) +
1607 (PrivilegeCount
- 1) * sizeof(LUID_AND_ATTRIBUTES
);
1608 NewPrivileges
= MIDL_user_allocate(PrivilegeSetSize
);
1609 if (NewPrivileges
== NULL
)
1611 Status
= STATUS_NO_MEMORY
;
1615 /* Initialize the new privilege set */
1616 NewPrivileges
->PrivilegeCount
= PrivilegeCount
;
1617 NewPrivileges
->Control
= 0;
1619 /* Copy all privileges from the current privilege set */
1620 RtlCopyLuidAndAttributesArray(CurrentPrivileges
->PrivilegeCount
,
1621 &(CurrentPrivileges
->Privilege
[0]),
1622 &(NewPrivileges
->Privilege
[0]));
1624 /* Add new privileges to the new privilege set */
1625 PrivilegeCount
= CurrentPrivileges
->PrivilegeCount
;
1626 for (i
= 0; i
< Privileges
->PrivilegeCount
; i
++)
1629 for (j
= 0; j
< CurrentPrivileges
->PrivilegeCount
; j
++)
1631 if (RtlEqualLuid(&(Privileges
->Privilege
[i
].Luid
),
1632 &(CurrentPrivileges
->Privilege
[i
].Luid
)))
1634 /* Overwrite attributes if a matching privilege was found */
1635 NewPrivileges
->Privilege
[j
].Attributes
= Privileges
->Privilege
[i
].Attributes
;
1642 if (bFound
== FALSE
)
1644 /* Copy the new privilege */
1645 RtlCopyLuidAndAttributesArray(1,
1646 (PLUID_AND_ATTRIBUTES
)&(Privileges
->Privilege
[i
]),
1647 &(NewPrivileges
->Privilege
[PrivilegeCount
]));
1652 /* Set the new privilege set */
1653 Status
= LsapSetObjectAttribute(AccountObject
,
1660 if (CurrentPrivileges
!= NULL
)
1661 MIDL_user_free(CurrentPrivileges
);
1663 if (NewPrivileges
!= NULL
)
1664 MIDL_user_free(NewPrivileges
);
1671 NTSTATUS WINAPI
LsarRemovePrivilegesFromAccount(
1672 LSAPR_HANDLE AccountHandle
,
1673 BOOLEAN AllPrivileges
,
1674 PLSAPR_PRIVILEGE_SET Privileges
)
1676 PLSA_DB_OBJECT AccountObject
;
1677 PPRIVILEGE_SET CurrentPrivileges
= NULL
;
1678 PPRIVILEGE_SET NewPrivileges
= NULL
;
1679 ULONG PrivilegeSetSize
= 0;
1680 ULONG PrivilegeCount
;
1685 TRACE("LsarRemovePrivilegesFromAccount(%p %u %p)\n",
1686 AccountHandle
, AllPrivileges
, Privileges
);
1689 if (((AllPrivileges
== FALSE
) && (Privileges
== NULL
)) ||
1690 ((AllPrivileges
!= FALSE
) && (Privileges
!= NULL
)))
1691 return STATUS_INVALID_PARAMETER
;
1693 /* Validate the AccountHandle */
1694 Status
= LsapValidateDbObject(AccountHandle
,
1696 ACCOUNT_ADJUST_PRIVILEGES
,
1698 if (!NT_SUCCESS(Status
))
1700 ERR("LsapValidateDbObject returned 0x%08lx\n", Status
);
1704 if (AllPrivileges
!= FALSE
)
1706 /* Delete the Privilgs attribute */
1707 Status
= LsapDeleteObjectAttribute(AccountObject
,
1709 if (Status
== STATUS_OBJECT_NAME_NOT_FOUND
)
1710 Status
= STATUS_SUCCESS
;
1714 /* Get the size of the Privilgs attribute */
1715 Status
= LsapGetObjectAttribute(AccountObject
,
1719 if (!NT_SUCCESS(Status
))
1722 /* Succeed, if there is no privilege set to remove privileges from */
1723 if (PrivilegeSetSize
== 0)
1725 Status
= STATUS_SUCCESS
;
1729 /* Allocate memory for the stored privilege set */
1730 CurrentPrivileges
= MIDL_user_allocate(PrivilegeSetSize
);
1731 if (CurrentPrivileges
== NULL
)
1732 return STATUS_NO_MEMORY
;
1734 /* Get the current privilege set */
1735 Status
= LsapGetObjectAttribute(AccountObject
,
1739 if (!NT_SUCCESS(Status
))
1741 TRACE("LsapGetObjectAttribute() failed (Status 0x%08lx)\n", Status
);
1745 PrivilegeCount
= CurrentPrivileges
->PrivilegeCount
;
1746 TRACE("Current privilege count: %lu\n", PrivilegeCount
);
1748 /* Calculate the number of privileges in the new privilege set */
1749 for (i
= 0; i
< CurrentPrivileges
->PrivilegeCount
; i
++)
1751 for (j
= 0; j
< Privileges
->PrivilegeCount
; j
++)
1753 if (RtlEqualLuid(&(CurrentPrivileges
->Privilege
[i
].Luid
),
1754 &(Privileges
->Privilege
[j
].Luid
)))
1756 if (PrivilegeCount
> 0)
1761 TRACE("New privilege count: %lu\n", PrivilegeCount
);
1763 if (PrivilegeCount
== 0)
1765 /* Delete the Privilgs attribute */
1766 Status
= LsapDeleteObjectAttribute(AccountObject
,
1768 if (Status
== STATUS_OBJECT_NAME_NOT_FOUND
)
1769 Status
= STATUS_SUCCESS
;
1773 /* Calculate the size of the new privilege set and allocate it */
1774 PrivilegeSetSize
= sizeof(PRIVILEGE_SET
) +
1775 (PrivilegeCount
- 1) * sizeof(LUID_AND_ATTRIBUTES
);
1776 NewPrivileges
= MIDL_user_allocate(PrivilegeSetSize
);
1777 if (NewPrivileges
== NULL
)
1779 Status
= STATUS_NO_MEMORY
;
1783 /* Initialize the new privilege set */
1784 NewPrivileges
->PrivilegeCount
= PrivilegeCount
;
1785 NewPrivileges
->Control
= 0;
1787 /* Copy the privileges which are not to be removed */
1788 for (i
= 0, k
= 0; i
< CurrentPrivileges
->PrivilegeCount
; i
++)
1791 for (j
= 0; j
< Privileges
->PrivilegeCount
; j
++)
1793 if (RtlEqualLuid(&(CurrentPrivileges
->Privilege
[i
].Luid
),
1794 &(Privileges
->Privilege
[j
].Luid
)))
1798 if (bFound
== FALSE
)
1800 /* Copy the privilege */
1801 RtlCopyLuidAndAttributesArray(1,
1802 &(CurrentPrivileges
->Privilege
[i
]),
1803 &(NewPrivileges
->Privilege
[k
]));
1808 /* Set the new privilege set */
1809 Status
= LsapSetObjectAttribute(AccountObject
,
1817 if (CurrentPrivileges
!= NULL
)
1818 MIDL_user_free(CurrentPrivileges
);
1820 if (NewPrivileges
!= NULL
)
1821 MIDL_user_free(NewPrivileges
);
1828 NTSTATUS WINAPI
LsarGetQuotasForAccount(
1829 LSAPR_HANDLE AccountHandle
,
1830 PQUOTA_LIMITS QuotaLimits
)
1832 PLSA_DB_OBJECT AccountObject
;
1836 TRACE("LsarGetQuotasForAccount(%p %p)\n",
1837 AccountHandle
, QuotaLimits
);
1839 /* Validate the account handle */
1840 Status
= LsapValidateDbObject(AccountHandle
,
1844 if (!NT_SUCCESS(Status
))
1846 ERR("Invalid handle (Status %lx)\n", Status
);
1850 /* Get the quota attribute */
1851 Status
= LsapGetObjectAttribute(AccountObject
,
1861 NTSTATUS WINAPI
LsarSetQuotasForAccount(
1862 LSAPR_HANDLE AccountHandle
,
1863 PQUOTA_LIMITS QuotaLimits
)
1865 PLSA_DB_OBJECT AccountObject
;
1866 QUOTA_LIMITS InternalQuotaLimits
;
1870 TRACE("LsarSetQuotasForAccount(%p %p)\n",
1871 AccountHandle
, QuotaLimits
);
1873 /* Validate the account handle */
1874 Status
= LsapValidateDbObject(AccountHandle
,
1876 ACCOUNT_ADJUST_QUOTAS
,
1878 if (!NT_SUCCESS(Status
))
1880 ERR("Invalid handle (Status %lx)\n", Status
);
1884 /* Get the quota limits attribute */
1885 Size
= sizeof(QUOTA_LIMITS
);
1886 Status
= LsapGetObjectAttribute(AccountObject
,
1888 &InternalQuotaLimits
,
1890 if (!NT_SUCCESS(Status
))
1892 TRACE("LsapGetObjectAttribute() failed (Status 0x%08lx)\n", Status
);
1896 /* Update the quota limits */
1897 if (QuotaLimits
->PagedPoolLimit
!= 0)
1898 InternalQuotaLimits
.PagedPoolLimit
= QuotaLimits
->PagedPoolLimit
;
1900 if (QuotaLimits
->NonPagedPoolLimit
!= 0)
1901 InternalQuotaLimits
.NonPagedPoolLimit
= QuotaLimits
->NonPagedPoolLimit
;
1903 if (QuotaLimits
->MinimumWorkingSetSize
!= 0)
1904 InternalQuotaLimits
.MinimumWorkingSetSize
= QuotaLimits
->MinimumWorkingSetSize
;
1906 if (QuotaLimits
->MaximumWorkingSetSize
!= 0)
1907 InternalQuotaLimits
.MaximumWorkingSetSize
= QuotaLimits
->MaximumWorkingSetSize
;
1909 if (QuotaLimits
->PagefileLimit
!= 0)
1910 InternalQuotaLimits
.PagefileLimit
= QuotaLimits
->PagefileLimit
;
1912 /* Set the quota limits attribute */
1913 Status
= LsapSetObjectAttribute(AccountObject
,
1915 &InternalQuotaLimits
,
1916 sizeof(QUOTA_LIMITS
));
1923 NTSTATUS WINAPI
LsarGetSystemAccessAccount(
1924 LSAPR_HANDLE AccountHandle
,
1925 ACCESS_MASK
*SystemAccess
)
1927 PLSA_DB_OBJECT AccountObject
;
1928 ULONG Size
= sizeof(ACCESS_MASK
);
1931 TRACE("LsarGetSystemAccessAccount(%p %p)\n",
1932 AccountHandle
, SystemAccess
);
1934 /* Validate the account handle */
1935 Status
= LsapValidateDbObject(AccountHandle
,
1939 if (!NT_SUCCESS(Status
))
1941 ERR("Invalid handle (Status %lx)\n", Status
);
1945 /* Get the system access flags */
1946 Status
= LsapGetObjectAttribute(AccountObject
,
1956 NTSTATUS WINAPI
LsarSetSystemAccessAccount(
1957 LSAPR_HANDLE AccountHandle
,
1958 ACCESS_MASK SystemAccess
)
1960 PLSA_DB_OBJECT AccountObject
;
1963 TRACE("LsarSetSystemAccessAccount(%p %lx)\n",
1964 AccountHandle
, SystemAccess
);
1966 /* Validate the account handle */
1967 Status
= LsapValidateDbObject(AccountHandle
,
1969 ACCOUNT_ADJUST_SYSTEM_ACCESS
,
1971 if (!NT_SUCCESS(Status
))
1973 ERR("Invalid handle (Status %lx)\n", Status
);
1977 /* Set the system access flags */
1978 Status
= LsapSetObjectAttribute(AccountObject
,
1981 sizeof(ACCESS_MASK
));
1988 NTSTATUS WINAPI
LsarOpenTrustedDomain(
1989 LSAPR_HANDLE PolicyHandle
,
1990 PRPC_SID TrustedDomainSid
,
1991 ACCESS_MASK DesiredAccess
,
1992 LSAPR_HANDLE
*TrustedDomainHandle
)
1995 return STATUS_NOT_IMPLEMENTED
;
2000 NTSTATUS WINAPI
LsarQueryInfoTrustedDomain(
2001 LSAPR_HANDLE TrustedDomainHandle
,
2002 TRUSTED_INFORMATION_CLASS InformationClass
,
2003 PLSAPR_TRUSTED_DOMAIN_INFO
*TrustedDomainInformation
)
2006 return STATUS_NOT_IMPLEMENTED
;
2011 NTSTATUS WINAPI
LsarSetInformationTrustedDomain(
2012 LSAPR_HANDLE TrustedDomainHandle
,
2013 TRUSTED_INFORMATION_CLASS InformationClass
,
2014 PLSAPR_TRUSTED_DOMAIN_INFO TrustedDomainInformation
)
2017 return STATUS_NOT_IMPLEMENTED
;
2022 NTSTATUS WINAPI
LsarOpenSecret(
2023 LSAPR_HANDLE PolicyHandle
,
2024 PRPC_UNICODE_STRING SecretName
,
2025 ACCESS_MASK DesiredAccess
,
2026 LSAPR_HANDLE
*SecretHandle
)
2028 PLSA_DB_OBJECT PolicyObject
;
2029 PLSA_DB_OBJECT SecretObject
= NULL
;
2030 NTSTATUS Status
= STATUS_SUCCESS
;
2032 TRACE("LsarOpenSecret(%p %wZ %lx %p)\n",
2033 PolicyHandle
, SecretName
, DesiredAccess
, SecretHandle
);
2035 /* Validate the PolicyHandle */
2036 Status
= LsapValidateDbObject(PolicyHandle
,
2040 if (!NT_SUCCESS(Status
))
2042 ERR("LsapValidateDbObject returned 0x%08lx\n", Status
);
2046 /* Create the secret object */
2047 Status
= LsapOpenDbObject(PolicyObject
,
2052 PolicyObject
->Trusted
,
2054 if (!NT_SUCCESS(Status
))
2056 ERR("LsapOpenDbObject failed (Status 0x%08lx)\n", Status
);
2061 if (!NT_SUCCESS(Status
))
2063 if (SecretObject
!= NULL
)
2064 LsapCloseDbObject(SecretObject
);
2068 *SecretHandle
= (LSAPR_HANDLE
)SecretObject
;
2076 NTSTATUS WINAPI
LsarSetSecret(
2077 LSAPR_HANDLE SecretHandle
,
2078 PLSAPR_CR_CIPHER_VALUE EncryptedCurrentValue
,
2079 PLSAPR_CR_CIPHER_VALUE EncryptedOldValue
)
2081 PLSA_DB_OBJECT SecretObject
;
2082 PBYTE CurrentValue
= NULL
;
2083 PBYTE OldValue
= NULL
;
2084 ULONG CurrentValueLength
= 0;
2085 ULONG OldValueLength
= 0;
2089 TRACE("LsarSetSecret(%p %p %p)\n", SecretHandle
,
2090 EncryptedCurrentValue
, EncryptedOldValue
);
2092 /* Validate the SecretHandle */
2093 Status
= LsapValidateDbObject(SecretHandle
,
2097 if (!NT_SUCCESS(Status
))
2099 ERR("LsapValidateDbObject returned 0x%08lx\n", Status
);
2103 if (EncryptedCurrentValue
!= NULL
)
2105 /* FIXME: Decrypt the current value */
2106 CurrentValue
= EncryptedCurrentValue
->Buffer
;
2107 CurrentValueLength
= EncryptedCurrentValue
->MaximumLength
;
2110 /* Set the current value */
2111 Status
= LsapSetObjectAttribute(SecretObject
,
2114 CurrentValueLength
);
2115 if (!NT_SUCCESS(Status
))
2117 ERR("LsapSetObjectAttribute failed (Status 0x%08lx)\n", Status
);
2121 /* Get the current time */
2122 Status
= NtQuerySystemTime(&Time
);
2123 if (!NT_SUCCESS(Status
))
2125 ERR("NtQuerySystemTime failed (Status 0x%08lx)\n", Status
);
2129 /* Set the current time */
2130 Status
= LsapSetObjectAttribute(SecretObject
,
2133 sizeof(LARGE_INTEGER
));
2134 if (!NT_SUCCESS(Status
))
2136 ERR("LsapSetObjectAttribute failed (Status 0x%08lx)\n", Status
);
2140 if (EncryptedOldValue
!= NULL
)
2142 /* FIXME: Decrypt the old value */
2143 OldValue
= EncryptedOldValue
->Buffer
;
2144 OldValueLength
= EncryptedOldValue
->MaximumLength
;
2147 /* Set the old value */
2148 Status
= LsapSetObjectAttribute(SecretObject
,
2152 if (!NT_SUCCESS(Status
))
2154 ERR("LsapSetObjectAttribute failed (Status 0x%08lx)\n", Status
);
2158 /* Set the old time */
2159 Status
= LsapSetObjectAttribute(SecretObject
,
2162 sizeof(LARGE_INTEGER
));
2163 if (!NT_SUCCESS(Status
))
2165 ERR("LsapSetObjectAttribute failed (Status 0x%08lx)\n", Status
);
2174 NTSTATUS WINAPI
LsarQuerySecret(
2175 LSAPR_HANDLE SecretHandle
,
2176 PLSAPR_CR_CIPHER_VALUE
*EncryptedCurrentValue
,
2177 PLARGE_INTEGER CurrentValueSetTime
,
2178 PLSAPR_CR_CIPHER_VALUE
*EncryptedOldValue
,
2179 PLARGE_INTEGER OldValueSetTime
)
2181 PLSA_DB_OBJECT SecretObject
;
2182 PLSAPR_CR_CIPHER_VALUE EncCurrentValue
= NULL
;
2183 PLSAPR_CR_CIPHER_VALUE EncOldValue
= NULL
;
2184 PBYTE CurrentValue
= NULL
;
2185 PBYTE OldValue
= NULL
;
2186 ULONG CurrentValueLength
= 0;
2187 ULONG OldValueLength
= 0;
2191 TRACE("LsarQuerySecret(%p %p %p %p %p)\n", SecretHandle
,
2192 EncryptedCurrentValue
, CurrentValueSetTime
,
2193 EncryptedOldValue
, OldValueSetTime
);
2195 /* Validate the SecretHandle */
2196 Status
= LsapValidateDbObject(SecretHandle
,
2200 if (!NT_SUCCESS(Status
))
2202 ERR("LsapValidateDbObject returned 0x%08lx\n", Status
);
2206 if (EncryptedCurrentValue
!= NULL
)
2208 CurrentValueLength
= 0;
2210 /* Get the size of the current value */
2211 Status
= LsapGetObjectAttribute(SecretObject
,
2214 &CurrentValueLength
);
2215 if (!NT_SUCCESS(Status
))
2218 /* Allocate a buffer for the current value */
2219 CurrentValue
= midl_user_allocate(CurrentValueLength
);
2220 if (CurrentValue
== NULL
)
2222 Status
= STATUS_INSUFFICIENT_RESOURCES
;
2226 /* Get the current value */
2227 Status
= LsapGetObjectAttribute(SecretObject
,
2230 &CurrentValueLength
);
2231 if (!NT_SUCCESS(Status
))
2234 /* Allocate a buffer for the encrypted current value */
2235 EncCurrentValue
= midl_user_allocate(sizeof(LSAPR_CR_CIPHER_VALUE
));
2236 if (EncCurrentValue
== NULL
)
2238 Status
= STATUS_INSUFFICIENT_RESOURCES
;
2242 /* FIXME: Encrypt the current value */
2243 EncCurrentValue
->Length
= (USHORT
)(CurrentValueLength
- sizeof(WCHAR
));
2244 EncCurrentValue
->MaximumLength
= (USHORT
)CurrentValueLength
;
2245 EncCurrentValue
->Buffer
= (PBYTE
)CurrentValue
;
2248 if (CurrentValueSetTime
!= NULL
)
2250 BufferSize
= sizeof(LARGE_INTEGER
);
2252 /* Get the current value time */
2253 Status
= LsapGetObjectAttribute(SecretObject
,
2255 (PBYTE
)CurrentValueSetTime
,
2257 if (!NT_SUCCESS(Status
))
2261 if (EncryptedOldValue
!= NULL
)
2265 /* Get the size of the old value */
2266 Status
= LsapGetObjectAttribute(SecretObject
,
2270 if (!NT_SUCCESS(Status
))
2273 /* Allocate a buffer for the old value */
2274 OldValue
= midl_user_allocate(OldValueLength
);
2275 if (OldValue
== NULL
)
2277 Status
= STATUS_INSUFFICIENT_RESOURCES
;
2281 /* Get the old value */
2282 Status
= LsapGetObjectAttribute(SecretObject
,
2286 if (!NT_SUCCESS(Status
))
2289 /* Allocate a buffer for the encrypted old value */
2290 EncOldValue
= midl_user_allocate(sizeof(LSAPR_CR_CIPHER_VALUE
) + OldValueLength
);
2291 if (EncOldValue
== NULL
)
2293 Status
= STATUS_INSUFFICIENT_RESOURCES
;
2297 /* FIXME: Encrypt the old value */
2298 EncOldValue
->Length
= (USHORT
)(OldValueLength
- sizeof(WCHAR
));
2299 EncOldValue
->MaximumLength
= (USHORT
)OldValueLength
;
2300 EncOldValue
->Buffer
= (PBYTE
)OldValue
;
2303 if (OldValueSetTime
!= NULL
)
2305 BufferSize
= sizeof(LARGE_INTEGER
);
2307 /* Get the old value time */
2308 Status
= LsapGetObjectAttribute(SecretObject
,
2310 (PBYTE
)OldValueSetTime
,
2312 if (!NT_SUCCESS(Status
))
2318 if (NT_SUCCESS(Status
))
2320 if (EncryptedCurrentValue
!= NULL
)
2321 *EncryptedCurrentValue
= EncCurrentValue
;
2323 if (EncryptedOldValue
!= NULL
)
2324 *EncryptedOldValue
= EncOldValue
;
2328 if (EncryptedCurrentValue
!= NULL
)
2329 *EncryptedCurrentValue
= NULL
;
2331 if (EncryptedOldValue
!= NULL
)
2332 *EncryptedOldValue
= NULL
;
2334 if (EncCurrentValue
!= NULL
)
2335 midl_user_free(EncCurrentValue
);
2337 if (EncOldValue
!= NULL
)
2338 midl_user_free(EncOldValue
);
2340 if (CurrentValue
!= NULL
)
2341 midl_user_free(CurrentValue
);
2343 if (OldValue
!= NULL
)
2344 midl_user_free(OldValue
);
2347 TRACE("LsarQuerySecret done (Status 0x%08lx)\n", Status
);
2354 NTSTATUS WINAPI
LsarLookupPrivilegeValue(
2355 LSAPR_HANDLE PolicyHandle
,
2356 PRPC_UNICODE_STRING Name
,
2362 TRACE("LsarLookupPrivilegeValue(%p, %wZ, %p)\n",
2363 PolicyHandle
, Name
, Value
);
2365 Status
= LsapValidateDbObject(PolicyHandle
,
2367 POLICY_LOOKUP_NAMES
,
2369 if (!NT_SUCCESS(Status
))
2371 ERR("Invalid handle (Status %lx)\n", Status
);
2375 TRACE("Privilege: %wZ\n", Name
);
2377 pValue
= LsarpLookupPrivilegeValue(Name
);
2379 return STATUS_NO_SUCH_PRIVILEGE
;
2381 RtlCopyLuid(Value
, pValue
);
2383 return STATUS_SUCCESS
;
2388 NTSTATUS WINAPI
LsarLookupPrivilegeName(
2389 LSAPR_HANDLE PolicyHandle
,
2391 PRPC_UNICODE_STRING
*Name
)
2395 TRACE("LsarLookupPrivilegeName(%p, %p, %p)\n",
2396 PolicyHandle
, Value
, Name
);
2398 Status
= LsapValidateDbObject(PolicyHandle
,
2400 POLICY_LOOKUP_NAMES
,
2402 if (!NT_SUCCESS(Status
))
2404 ERR("Invalid handle\n");
2408 Status
= LsarpLookupPrivilegeName(Value
,
2416 NTSTATUS WINAPI
LsarLookupPrivilegeDisplayName(
2417 LSAPR_HANDLE PolicyHandle
,
2418 PRPC_UNICODE_STRING Name
,
2419 USHORT ClientLanguage
,
2420 USHORT ClientSystemDefaultLanguage
,
2421 PRPC_UNICODE_STRING
*DisplayName
,
2422 USHORT
*LanguageReturned
)
2426 TRACE("LsarLookupPrivilegeDisplayName(%p, %p, %u, %u, %p, %p)\n",
2427 PolicyHandle
, Name
, ClientLanguage
, ClientSystemDefaultLanguage
, DisplayName
, LanguageReturned
);
2429 Status
= LsapValidateDbObject(PolicyHandle
,
2431 POLICY_LOOKUP_NAMES
,
2433 if (!NT_SUCCESS(Status
))
2435 ERR("Invalid handle\n");
2439 Status
= LsarpLookupPrivilegeDisplayName(Name
,
2441 ClientSystemDefaultLanguage
,
2450 NTSTATUS WINAPI
LsarDeleteObject(
2451 LSAPR_HANDLE
*ObjectHandle
)
2453 PLSA_DB_OBJECT DbObject
;
2456 TRACE("LsarDeleteObject(%p)\n", ObjectHandle
);
2458 if (ObjectHandle
== NULL
)
2459 return STATUS_INVALID_PARAMETER
;
2461 /* Validate the ObjectHandle */
2462 Status
= LsapValidateDbObject(*ObjectHandle
,
2466 if (!NT_SUCCESS(Status
))
2468 ERR("LsapValidateDbObject returned 0x%08lx\n", Status
);
2472 /* You cannot delete the policy object */
2473 if (DbObject
->ObjectType
== LsaDbPolicyObject
)
2474 return STATUS_INVALID_PARAMETER
;
2476 /* Delete the database object */
2477 Status
= LsapDeleteDbObject(DbObject
);
2478 if (!NT_SUCCESS(Status
))
2480 ERR("LsapDeleteDbObject returned 0x%08lx\n", Status
);
2484 /* Invalidate the object handle */
2485 *ObjectHandle
= NULL
;
2487 return STATUS_SUCCESS
;
2492 NTSTATUS WINAPI
LsarEnumerateAccountsWithUserRight(
2493 LSAPR_HANDLE PolicyHandle
,
2494 PRPC_UNICODE_STRING UserRight
,
2495 PLSAPR_ACCOUNT_ENUM_BUFFER EnumerationBuffer
)
2497 PLSA_DB_OBJECT PolicyObject
;
2498 ACCESS_MASK AccountRight
= 0;
2500 ULONG AccountKeyBufferSize
;
2501 PWSTR AccountKeyBuffer
= NULL
;
2502 HKEY AccountsKeyHandle
= NULL
;
2503 HKEY AccountKeyHandle
= NULL
;
2504 HKEY AttributeKeyHandle
;
2505 ACCESS_MASK SystemAccess
;
2506 PPRIVILEGE_SET PrivilegeSet
;
2507 PLSAPR_ACCOUNT_INFORMATION EnumBuffer
= NULL
, ReturnBuffer
;
2508 ULONG SubKeyCount
= 0;
2509 ULONG EnumIndex
, EnumCount
;
2514 TRACE("LsarEnumerateAccountsWithUserRights(%p %wZ %p)\n",
2515 PolicyHandle
, UserRight
, EnumerationBuffer
);
2517 /* Validate the privilege and account right names */
2518 if (UserRight
!= NULL
)
2520 Luid
= LsarpLookupPrivilegeValue(UserRight
);
2523 AccountRight
= LsapLookupAccountRightValue(UserRight
);
2524 if (AccountRight
== 0)
2525 return STATUS_NO_SUCH_PRIVILEGE
;
2529 if (EnumerationBuffer
== NULL
)
2530 return STATUS_INVALID_PARAMETER
;
2532 EnumerationBuffer
->EntriesRead
= 0;
2533 EnumerationBuffer
->Information
= NULL
;
2535 /* Validate the PolicyHandle */
2536 Status
= LsapValidateDbObject(PolicyHandle
,
2538 POLICY_LOOKUP_NAMES
| POLICY_VIEW_LOCAL_INFORMATION
,
2540 if (!NT_SUCCESS(Status
))
2542 ERR("LsapValidateDbObject returned 0x%08lx\n", Status
);
2546 Status
= LsapRegOpenKey(PolicyObject
->KeyHandle
,
2549 &AccountsKeyHandle
);
2550 if (!NT_SUCCESS(Status
))
2552 ERR("LsapRegOpenKey returned 0x%08lx\n", Status
);
2556 Status
= LsapRegQueryKeyInfo(AccountsKeyHandle
,
2558 &AccountKeyBufferSize
,
2560 if (!NT_SUCCESS(Status
))
2562 ERR("LsapRegOpenKey returned 0x%08lx\n", Status
);
2566 AccountKeyBufferSize
+= sizeof(WCHAR
);
2567 AccountKeyBuffer
= RtlAllocateHeap(RtlGetProcessHeap(), 0, AccountKeyBufferSize
);
2568 if (AccountKeyBuffer
== NULL
)
2570 return STATUS_INSUFFICIENT_RESOURCES
;
2573 EnumBuffer
= RtlAllocateHeap(RtlGetProcessHeap(),
2575 SubKeyCount
* sizeof(LSAPR_ACCOUNT_INFORMATION
));
2576 if (EnumBuffer
== NULL
)
2578 Status
= STATUS_INSUFFICIENT_RESOURCES
;
2588 Status
= LsapRegEnumerateSubKey(AccountsKeyHandle
,
2590 AccountKeyBufferSize
,
2592 if (!NT_SUCCESS(Status
))
2594 if (Status
== STATUS_NO_MORE_ENTRIES
)
2595 Status
= STATUS_SUCCESS
;
2599 TRACE("EnumIndex: %lu\n", EnumIndex
);
2600 TRACE("Account key name: %S\n", AccountKeyBuffer
);
2602 Status
= LsapRegOpenKey(AccountsKeyHandle
,
2606 if (NT_SUCCESS(Status
))
2608 if (Luid
!= NULL
|| AccountRight
!= 0)
2610 Status
= LsapRegOpenKey(AccountKeyHandle
,
2611 (Luid
!= NULL
) ? L
"Privilgs" : L
"ActSysAc",
2613 &AttributeKeyHandle
);
2614 if (NT_SUCCESS(Status
))
2619 LsapRegQueryValue(AttributeKeyHandle
,
2626 PrivilegeSet
= RtlAllocateHeap(RtlGetProcessHeap(), 0, Size
);
2629 if (LsapRegQueryValue(AttributeKeyHandle
,
2633 &Size
) == STATUS_SUCCESS
)
2635 for (i
= 0; i
< PrivilegeSet
->PrivilegeCount
; i
++)
2637 if (RtlEqualLuid(&(PrivilegeSet
->Privilege
[i
].Luid
), Luid
))
2639 TRACE("%S got the privilege!\n", AccountKeyBuffer
);
2646 RtlFreeHeap(RtlGetProcessHeap(), 0, PrivilegeSet
);
2650 else if (AccountRight
!= 0)
2653 Size
= sizeof(ACCESS_MASK
);
2654 LsapRegQueryValue(AttributeKeyHandle
,
2659 if (SystemAccess
& AccountRight
)
2661 TRACE("%S got the account right!\n", AccountKeyBuffer
);
2666 LsapRegCloseKey(AttributeKeyHandle
);
2671 /* enumerate all accounts */
2677 TRACE("Add account: %S\n", AccountKeyBuffer
);
2679 Status
= LsapRegOpenKey(AccountKeyHandle
,
2682 &AttributeKeyHandle
);
2683 if (NT_SUCCESS(Status
))
2686 LsapRegQueryValue(AttributeKeyHandle
,
2693 EnumBuffer
[EnumCount
].Sid
= midl_user_allocate(Size
);
2694 if (EnumBuffer
[EnumCount
].Sid
!= NULL
)
2696 Status
= LsapRegQueryValue(AttributeKeyHandle
,
2699 EnumBuffer
[EnumCount
].Sid
,
2701 if (NT_SUCCESS(Status
))
2707 TRACE("SampRegQueryValue returned %08lX\n", Status
);
2708 midl_user_free(EnumBuffer
[EnumCount
].Sid
);
2709 EnumBuffer
[EnumCount
].Sid
= NULL
;
2714 LsapRegCloseKey(AttributeKeyHandle
);
2718 LsapRegCloseKey(AccountKeyHandle
);
2724 TRACE("EnumCount: %lu\n", EnumCount
);
2726 if (NT_SUCCESS(Status
) && EnumCount
!= 0)
2728 ReturnBuffer
= midl_user_allocate(EnumCount
* sizeof(LSAPR_ACCOUNT_INFORMATION
));
2729 if (ReturnBuffer
== NULL
)
2731 Status
= STATUS_INSUFFICIENT_RESOURCES
;
2735 RtlCopyMemory(ReturnBuffer
,
2737 EnumCount
* sizeof(LSAPR_ACCOUNT_INFORMATION
));
2739 EnumerationBuffer
->EntriesRead
= EnumCount
;
2740 EnumerationBuffer
->Information
= ReturnBuffer
;
2744 if (EnumBuffer
!= NULL
)
2746 if (Status
!= STATUS_SUCCESS
)
2748 for (i
= 0; i
< EnumCount
; i
++)
2750 if (EnumBuffer
[i
].Sid
!= NULL
)
2751 midl_user_free(EnumBuffer
[i
].Sid
);
2755 RtlFreeHeap(RtlGetProcessHeap(), 0, EnumBuffer
);
2758 if (AccountKeyBuffer
!= NULL
)
2759 RtlFreeHeap(RtlGetProcessHeap(), 0, AccountKeyBuffer
);
2761 if (Status
== STATUS_SUCCESS
&& EnumCount
== 0)
2762 Status
= STATUS_NO_MORE_ENTRIES
;
2769 NTSTATUS WINAPI
LsarEnumerateAccountRights(
2770 LSAPR_HANDLE PolicyHandle
,
2771 PRPC_SID AccountSid
,
2772 PLSAPR_USER_RIGHT_SET UserRights
)
2774 LSAPR_HANDLE AccountHandle
;
2775 PLSAPR_PRIVILEGE_SET PrivilegeSet
= NULL
;
2776 PRPC_UNICODE_STRING RightsBuffer
= NULL
;
2777 PRPC_UNICODE_STRING PrivilegeString
;
2778 ACCESS_MASK SystemAccess
= 0;
2779 ULONG RightsCount
= 0;
2784 TRACE("LsarEnumerateAccountRights(%p %p %p)\n",
2785 PolicyHandle
, AccountSid
, UserRights
);
2787 /* Open the account */
2788 Status
= LsarOpenAccount(PolicyHandle
,
2792 if (!NT_SUCCESS(Status
))
2794 WARN("LsarOpenAccount returned 0x%08lx\n", Status
);
2798 /* Enumerate the privileges */
2799 Status
= LsarEnumeratePrivilegesAccount(AccountHandle
,
2801 if (!NT_SUCCESS(Status
) && Status
!= STATUS_OBJECT_NAME_NOT_FOUND
)
2803 WARN("LsarEnumeratePrivilegesAccount returned 0x%08lx\n", Status
);
2807 /* Get account rights */
2808 Status
= LsarGetSystemAccessAccount(AccountHandle
,
2810 if (!NT_SUCCESS(Status
) && Status
!= STATUS_OBJECT_NAME_NOT_FOUND
)
2812 WARN("LsarGetSystemAccessAccount returned 0x%08lx\n", Status
);
2816 RightsCount
= PrivilegeSet
->PrivilegeCount
;
2818 /* Count account rights */
2819 for (i
= 0; i
< sizeof(ACCESS_MASK
) * 8; i
++)
2821 if (SystemAccess
& (1 << i
))
2825 /* We are done if there are no rights to be enumerated */
2826 if (RightsCount
== 0)
2828 UserRights
->Entries
= 0;
2829 UserRights
->UserRights
= NULL
;
2830 Status
= STATUS_SUCCESS
;
2834 /* Allocate a buffer for the account rights */
2835 RightsBuffer
= MIDL_user_allocate(RightsCount
* sizeof(RPC_UNICODE_STRING
));
2836 if (RightsBuffer
== NULL
)
2838 Status
= STATUS_INSUFFICIENT_RESOURCES
;
2842 /* Copy the privileges into the buffer */
2846 for (i
= 0; i
< PrivilegeSet
->PrivilegeCount
; i
++)
2848 PrivilegeString
= NULL
;
2849 Status
= LsarLookupPrivilegeName(PolicyHandle
,
2850 (PLUID
)&PrivilegeSet
->Privilege
[i
].Luid
,
2852 if (!NT_SUCCESS(Status
))
2854 WARN("LsarLookupPrivilegeName returned 0x%08lx\n", Status
);
2858 RightsBuffer
[Index
].Length
= PrivilegeString
->Length
;
2859 RightsBuffer
[Index
].MaximumLength
= PrivilegeString
->MaximumLength
;
2860 RightsBuffer
[Index
].Buffer
= PrivilegeString
->Buffer
;
2862 MIDL_user_free(PrivilegeString
);
2867 /* Copy account rights into the buffer */
2868 for (i
= 0; i
< sizeof(ACCESS_MASK
) * 8; i
++)
2870 if (SystemAccess
& (1 << i
))
2872 Status
= LsapLookupAccountRightName(1 << i
,
2874 if (!NT_SUCCESS(Status
))
2876 WARN("LsarLookupAccountRightName returned 0x%08lx\n", Status
);
2880 RightsBuffer
[Index
].Length
= PrivilegeString
->Length
;
2881 RightsBuffer
[Index
].MaximumLength
= PrivilegeString
->MaximumLength
;
2882 RightsBuffer
[Index
].Buffer
= PrivilegeString
->Buffer
;
2884 MIDL_user_free(PrivilegeString
);
2889 UserRights
->Entries
= RightsCount
;
2890 UserRights
->UserRights
= (PRPC_UNICODE_STRING
)RightsBuffer
;
2893 if (!NT_SUCCESS(Status
))
2895 if (RightsBuffer
!= NULL
)
2897 for (Index
= 0; Index
< RightsCount
; Index
++)
2899 if (RightsBuffer
[Index
].Buffer
!= NULL
)
2900 MIDL_user_free(RightsBuffer
[Index
].Buffer
);
2903 MIDL_user_free(RightsBuffer
);
2907 if (PrivilegeSet
!= NULL
)
2908 MIDL_user_free(PrivilegeSet
);
2910 LsarClose(&AccountHandle
);
2917 NTSTATUS WINAPI
LsarAddAccountRights(
2918 LSAPR_HANDLE PolicyHandle
,
2919 PRPC_SID AccountSid
,
2920 PLSAPR_USER_RIGHT_SET UserRights
)
2922 PLSA_DB_OBJECT PolicyObject
;
2923 PLSA_DB_OBJECT AccountObject
= NULL
;
2924 ULONG ulNewPrivileges
= 0, ulNewRights
= 0;
2925 ACCESS_MASK SystemAccess
= 0;
2926 ULONG Size
, Value
, i
, j
;
2927 PPRIVILEGE_SET PrivilegeSet
= NULL
;
2928 ULONG PrivilegeSetBufferSize
= 0;
2929 ULONG PrivilegeCount
;
2934 TRACE("LsarAddAccountRights(%p %p %p)\n",
2935 PolicyHandle
, AccountSid
, UserRights
);
2937 /* Validate the AccountSid */
2938 if (!RtlValidSid(AccountSid
))
2939 return STATUS_INVALID_PARAMETER
;
2941 /* Validate the UserRights */
2942 if (UserRights
== NULL
)
2943 return STATUS_INVALID_PARAMETER
;
2945 /* Validate the privilege and account right names */
2946 for (i
= 0; i
< UserRights
->Entries
; i
++)
2948 if (LsarpLookupPrivilegeValue(&UserRights
->UserRights
[i
]) != NULL
)
2954 if (LsapLookupAccountRightValue(&UserRights
->UserRights
[i
]) == 0)
2955 return STATUS_NO_SUCH_PRIVILEGE
;
2961 TRACE("ulNewPrivileges: %lu\n", ulNewPrivileges
);
2962 TRACE("ulNewRights: %lu\n", ulNewRights
);
2964 /* Validate the PolicyHandle */
2965 Status
= LsapValidateDbObject(PolicyHandle
,
2967 POLICY_LOOKUP_NAMES
,
2969 if (!NT_SUCCESS(Status
))
2971 WARN("LsapValidateDbObject returned 0x%08lx\n", Status
);
2975 /* Open the account */
2976 Status
= LsarpOpenAccount(PolicyObject
,
2980 if (!NT_SUCCESS(Status
) && Status
!= STATUS_OBJECT_NAME_NOT_FOUND
)
2982 WARN("LsarpOpenAccount returned 0x%08lx\n", Status
);
2985 else if (Status
== STATUS_OBJECT_NAME_NOT_FOUND
)
2987 /* Create a new account if it does not yet exist */
2988 Status
= LsarpCreateAccount(PolicyObject
,
2992 if (!NT_SUCCESS(Status
))
2994 WARN("LsarpCreateAccount returned 0x%08lx\n", Status
);
2999 if (ulNewPrivileges
> 0)
3003 /* Get the size of the Privilgs attribute */
3004 Status
= LsapGetObjectAttribute(AccountObject
,
3008 if (!NT_SUCCESS(Status
) && Status
!= STATUS_OBJECT_NAME_NOT_FOUND
)
3011 /* Calculate the required privilege set buffer size */
3013 PrivilegeSetBufferSize
= sizeof(PRIVILEGE_SET
) +
3014 (ulNewPrivileges
- 1) * sizeof(LUID_AND_ATTRIBUTES
);
3016 PrivilegeSetBufferSize
= Size
+
3017 ulNewPrivileges
* sizeof(LUID_AND_ATTRIBUTES
);
3019 /* Allocate the privilege set buffer */
3020 PrivilegeSet
= RtlAllocateHeap(RtlGetProcessHeap(),
3022 PrivilegeSetBufferSize
);
3023 if (PrivilegeSet
== NULL
)
3024 return STATUS_NO_MEMORY
;
3026 /* Get the privilege set */
3029 Status
= LsapGetObjectAttribute(AccountObject
,
3033 if (!NT_SUCCESS(Status
))
3035 WARN("LsapGetObjectAttribute() failed (Status 0x%08lx)\n", Status
);
3040 PrivilegeCount
= PrivilegeSet
->PrivilegeCount
;
3041 TRACE("Privilege count: %lu\n", PrivilegeCount
);
3043 for (i
= 0; i
< UserRights
->Entries
; i
++)
3045 pLuid
= LsarpLookupPrivilegeValue(&UserRights
->UserRights
[i
]);
3050 for (j
= 0; j
< PrivilegeSet
->PrivilegeCount
; j
++)
3052 if (RtlEqualLuid(&(PrivilegeSet
->Privilege
[j
].Luid
), pLuid
))
3059 if (bFound
== FALSE
)
3061 /* Copy the new privilege */
3062 RtlCopyMemory(&(PrivilegeSet
->Privilege
[PrivilegeSet
->PrivilegeCount
]),
3065 PrivilegeSet
->PrivilegeCount
++;
3069 /* Store the extended privilege set */
3070 if (PrivilegeCount
!= PrivilegeSet
->PrivilegeCount
)
3072 Size
= sizeof(PRIVILEGE_SET
) +
3073 (PrivilegeSet
->PrivilegeCount
- 1) * sizeof(LUID_AND_ATTRIBUTES
);
3075 Status
= LsapSetObjectAttribute(AccountObject
,
3079 if (!NT_SUCCESS(Status
))
3081 WARN("LsapSetObjectAttribute() failed (Status 0x%08lx)\n", Status
);
3087 if (ulNewRights
> 0)
3089 Size
= sizeof(ACCESS_MASK
);
3091 /* Get the system access flags, if the attribute exists */
3092 Status
= LsapGetObjectAttribute(AccountObject
,
3096 if (!NT_SUCCESS(Status
) && Status
!= STATUS_OBJECT_NAME_NOT_FOUND
)
3099 /* Set the new access rights */
3100 for (i
= 0; i
< UserRights
->Entries
; i
++)
3102 Value
= LsapLookupAccountRightValue(&UserRights
->UserRights
[i
]);
3104 SystemAccess
|= Value
;
3107 /* Set the system access flags */
3108 Status
= LsapSetObjectAttribute(AccountObject
,
3111 sizeof(ACCESS_MASK
));
3115 if (PrivilegeSet
!= NULL
)
3116 RtlFreeHeap(RtlGetProcessHeap(), 0, PrivilegeSet
);
3118 if (AccountObject
!= NULL
)
3119 LsapCloseDbObject(AccountObject
);
3126 NTSTATUS WINAPI
LsarRemoveAccountRights(
3127 LSAPR_HANDLE PolicyHandle
,
3128 PRPC_SID AccountSid
,
3130 PLSAPR_USER_RIGHT_SET UserRights
)
3132 PLSA_DB_OBJECT PolicyObject
;
3133 PLSA_DB_OBJECT AccountObject
= NULL
;
3134 ULONG PrivilegesToRemove
= 0, RightsToRemove
= 0;
3135 ACCESS_MASK SystemAccess
= 0;
3136 ULONG Size
, Value
, i
, j
, Index
;
3137 PPRIVILEGE_SET PrivilegeSet
= NULL
;
3138 ULONG PrivilegeCount
;
3142 TRACE("LsarRemoveAccountRights(%p %p %lu %p)\n",
3143 PolicyHandle
, AccountSid
, AllRights
, UserRights
);
3145 /* Validate the AccountSid */
3146 if (!RtlValidSid(AccountSid
))
3147 return STATUS_INVALID_PARAMETER
;
3149 /* Validate the UserRights */
3150 if (UserRights
== NULL
)
3151 return STATUS_INVALID_PARAMETER
;
3153 /* Validate the privilege and account right names */
3154 for (i
= 0; i
< UserRights
->Entries
; i
++)
3156 if (LsarpLookupPrivilegeValue(&UserRights
->UserRights
[i
]) != NULL
)
3158 PrivilegesToRemove
++;
3162 if (LsapLookupAccountRightValue(&UserRights
->UserRights
[i
]) == 0)
3163 return STATUS_NO_SUCH_PRIVILEGE
;
3169 /* Validate the PolicyHandle */
3170 Status
= LsapValidateDbObject(PolicyHandle
,
3172 POLICY_LOOKUP_NAMES
,
3174 if (!NT_SUCCESS(Status
))
3176 ERR("LsapValidateDbObject returned 0x%08lx\n", Status
);
3180 /* Open the account */
3181 Status
= LsarpOpenAccount(PolicyObject
,
3185 if (!NT_SUCCESS(Status
) && Status
!= STATUS_OBJECT_NAME_NOT_FOUND
)
3187 ERR("LsarpOpenAccount returned 0x%08lx\n", Status
);
3191 if (AllRights
== FALSE
)
3193 /* Get the size of the Privilgs attribute */
3195 Status
= LsapGetObjectAttribute(AccountObject
,
3199 if (!NT_SUCCESS(Status
) && Status
!= STATUS_OBJECT_NAME_NOT_FOUND
)
3202 if ((Size
!= 0) && (PrivilegesToRemove
!= 0))
3204 /* Allocate the privilege set buffer */
3205 PrivilegeSet
= RtlAllocateHeap(RtlGetProcessHeap(),
3208 if (PrivilegeSet
== NULL
)
3209 return STATUS_NO_MEMORY
;
3211 /* Get the privilege set */
3212 Status
= LsapGetObjectAttribute(AccountObject
,
3216 if (!NT_SUCCESS(Status
))
3218 ERR("LsapGetObjectAttribute() failed (Status 0x%08lx)\n", Status
);
3222 PrivilegeCount
= PrivilegeSet
->PrivilegeCount
;
3224 for (i
= 0; i
< UserRights
->Entries
; i
++)
3226 pLuid
= LsarpLookupPrivilegeValue(&UserRights
->UserRights
[i
]);
3231 for (j
= 0; j
< PrivilegeSet
->PrivilegeCount
; j
++)
3233 if (RtlEqualLuid(&(PrivilegeSet
->Privilege
[j
].Luid
), pLuid
))
3242 /* Remove the privilege */
3243 if ((PrivilegeSet
->PrivilegeCount
> 1) &&
3244 (Index
< PrivilegeSet
->PrivilegeCount
- 1))
3245 RtlMoveMemory(&(PrivilegeSet
->Privilege
[Index
]),
3246 &(PrivilegeSet
->Privilege
[Index
+ 1]),
3247 (Index
- PrivilegeSet
->PrivilegeCount
- 1) * sizeof(LUID
));
3249 /* Wipe the last entry */
3250 RtlZeroMemory(&(PrivilegeSet
->Privilege
[PrivilegeSet
->PrivilegeCount
- 1]),
3253 PrivilegeSet
->PrivilegeCount
--;
3257 /* Store the extended privilege set */
3258 if (PrivilegeCount
!= PrivilegeSet
->PrivilegeCount
)
3260 Size
= sizeof(PRIVILEGE_SET
) +
3261 (PrivilegeSet
->PrivilegeCount
- 1) * sizeof(LUID_AND_ATTRIBUTES
);
3263 Status
= LsapSetObjectAttribute(AccountObject
,
3267 if (!NT_SUCCESS(Status
))
3269 ERR("LsapSetObjectAttribute() failed (Status 0x%08lx)\n", Status
);
3275 /* Get the system access flags, if the attribute exists */
3277 Status
= LsapGetObjectAttribute(AccountObject
,
3281 if (!NT_SUCCESS(Status
) && Status
!= STATUS_OBJECT_NAME_NOT_FOUND
)
3284 if ((Size
!= 0) && (RightsToRemove
!= 0))
3286 ERR("Rights: 0x%lx\n", SystemAccess
);
3288 /* Set the new access rights */
3289 for (i
= 0; i
< UserRights
->Entries
; i
++)
3291 Value
= LsapLookupAccountRightValue(&UserRights
->UserRights
[i
]);
3293 SystemAccess
&= ~Value
;
3295 ERR("New Rights: 0x%lx\n", SystemAccess
);
3297 /* Set the system access flags */
3298 Status
= LsapSetObjectAttribute(AccountObject
,
3301 sizeof(ACCESS_MASK
));
3309 if (PrivilegeSet
!= NULL
)
3310 RtlFreeHeap(RtlGetProcessHeap(), 0, PrivilegeSet
);
3312 if (AccountObject
!= NULL
)
3313 LsapCloseDbObject(AccountObject
);
3320 NTSTATUS WINAPI
LsarQueryTrustedDomainInfo(
3321 LSAPR_HANDLE PolicyHandle
,
3322 PRPC_SID TrustedDomainSid
,
3323 TRUSTED_INFORMATION_CLASS InformationClass
,
3324 PLSAPR_TRUSTED_DOMAIN_INFO
*TrustedDomainInformation
)
3326 /* FIXME: We are not running an AD yet */
3327 return STATUS_DIRECTORY_SERVICE_REQUIRED
;
3332 NTSTATUS WINAPI
LsarSetTrustedDomainInfo(
3333 LSAPR_HANDLE PolicyHandle
,
3334 PRPC_SID TrustedDomainSid
,
3335 TRUSTED_INFORMATION_CLASS InformationClass
,
3336 PLSAPR_TRUSTED_DOMAIN_INFO TrustedDomainInformation
)
3338 /* FIXME: We are not running an AD yet */
3339 return STATUS_DIRECTORY_SERVICE_REQUIRED
;
3344 NTSTATUS WINAPI
LsarDeleteTrustedDomain(
3345 LSAPR_HANDLE PolicyHandle
,
3346 PRPC_SID TrustedDomainSid
)
3348 /* FIXME: We are not running an AD yet */
3349 return STATUS_DIRECTORY_SERVICE_REQUIRED
;
3354 NTSTATUS WINAPI
LsarStorePrivateData(
3355 LSAPR_HANDLE PolicyHandle
,
3356 PRPC_UNICODE_STRING KeyName
,
3357 PLSAPR_CR_CIPHER_VALUE EncryptedData
)
3359 PLSA_DB_OBJECT PolicyObject
= NULL
;
3360 PLSA_DB_OBJECT SecretsObject
= NULL
;
3361 PLSA_DB_OBJECT SecretObject
= NULL
;
3364 ULONG ValueLength
= 0;
3367 TRACE("LsarStorePrivateData(%p %p %p)\n",
3368 PolicyHandle
, KeyName
, EncryptedData
);
3370 /* Validate the SecretHandle */
3371 Status
= LsapValidateDbObject(PolicyHandle
,
3373 POLICY_CREATE_SECRET
,
3375 if (!NT_SUCCESS(Status
))
3377 ERR("LsapValidateDbObject returned 0x%08lx\n", Status
);
3381 /* Open the 'Secrets' object */
3382 Status
= LsapOpenDbObject(PolicyObject
,
3387 PolicyObject
->Trusted
,
3389 if (!NT_SUCCESS(Status
))
3391 ERR("LsapOpenDbObject failed (Status 0x%08lx)\n", Status
);
3395 if (EncryptedData
== NULL
)
3397 /* Open the Secret object */
3398 Status
= LsapOpenDbObject(SecretsObject
,
3403 PolicyObject
->Trusted
,
3405 if (!NT_SUCCESS(Status
))
3407 ERR("LsapOpenDbObject failed (Status 0x%08lx)\n", Status
);
3411 /* Delete the secret */
3412 Status
= LsapDeleteDbObject(SecretObject
);
3413 if (NT_SUCCESS(Status
))
3414 SecretObject
= NULL
;
3418 /* Create the Secret object */
3419 Status
= LsapCreateDbObject(SecretsObject
,
3424 PolicyObject
->Trusted
,
3426 if (!NT_SUCCESS(Status
))
3428 ERR("LsapCreateDbObject failed (Status 0x%08lx)\n", Status
);
3432 /* FIXME: Decrypt data */
3433 Value
= EncryptedData
->Buffer
;
3434 ValueLength
= EncryptedData
->MaximumLength
;
3436 /* Get the current time */
3437 Status
= NtQuerySystemTime(&Time
);
3438 if (!NT_SUCCESS(Status
))
3440 ERR("NtQuerySystemTime failed (Status 0x%08lx)\n", Status
);
3444 /* Set the current value */
3445 Status
= LsapSetObjectAttribute(SecretObject
,
3449 if (!NT_SUCCESS(Status
))
3451 ERR("LsapSetObjectAttribute failed (Status 0x%08lx)\n", Status
);
3455 /* Set the current time */
3456 Status
= LsapSetObjectAttribute(SecretObject
,
3459 sizeof(LARGE_INTEGER
));
3460 if (!NT_SUCCESS(Status
))
3462 ERR("LsapSetObjectAttribute failed (Status 0x%08lx)\n", Status
);
3466 /* Get the current time */
3467 Status
= NtQuerySystemTime(&Time
);
3468 if (!NT_SUCCESS(Status
))
3470 ERR("NtQuerySystemTime failed (Status 0x%08lx)\n", Status
);
3474 /* Set the old value */
3475 Status
= LsapSetObjectAttribute(SecretObject
,
3479 if (!NT_SUCCESS(Status
))
3481 ERR("LsapSetObjectAttribute failed (Status 0x%08lx)\n", Status
);
3485 /* Set the old time */
3486 Status
= LsapSetObjectAttribute(SecretObject
,
3489 sizeof(LARGE_INTEGER
));
3490 if (!NT_SUCCESS(Status
))
3492 ERR("LsapSetObjectAttribute failed (Status 0x%08lx)\n", Status
);
3497 if (SecretObject
!= NULL
)
3498 LsapCloseDbObject(SecretObject
);
3500 if (SecretsObject
!= NULL
)
3501 LsapCloseDbObject(SecretsObject
);
3508 NTSTATUS WINAPI
LsarRetrievePrivateData(
3509 LSAPR_HANDLE PolicyHandle
,
3510 PRPC_UNICODE_STRING KeyName
,
3511 PLSAPR_CR_CIPHER_VALUE
*EncryptedData
)
3513 PLSA_DB_OBJECT PolicyObject
= NULL
;
3514 PLSA_DB_OBJECT SecretObject
= NULL
;
3515 PLSAPR_CR_CIPHER_VALUE EncCurrentValue
= NULL
;
3516 ULONG CurrentValueLength
= 0;
3517 PBYTE CurrentValue
= NULL
;
3520 TRACE("LsarRetrievePrivateData(%p %wZ %p)\n",
3521 PolicyHandle
, KeyName
, EncryptedData
);
3523 /* Validate the SecretHandle */
3524 Status
= LsapValidateDbObject(PolicyHandle
,
3526 POLICY_CREATE_SECRET
,
3528 if (!NT_SUCCESS(Status
))
3530 ERR("LsapValidateDbObject returned 0x%08lx\n", Status
);
3534 /* Open the secret object */
3535 Status
= LsapOpenDbObject(PolicyObject
,
3540 PolicyObject
->Trusted
,
3542 if (!NT_SUCCESS(Status
))
3544 ERR("LsapOpenDbObject failed (Status 0x%08lx)\n", Status
);
3548 /* Get the size of the current value */
3549 Status
= LsapGetObjectAttribute(SecretObject
,
3552 &CurrentValueLength
);
3553 if (!NT_SUCCESS(Status
))
3556 /* Allocate a buffer for the current value */
3557 CurrentValue
= midl_user_allocate(CurrentValueLength
);
3558 if (CurrentValue
== NULL
)
3560 Status
= STATUS_INSUFFICIENT_RESOURCES
;
3564 /* Get the current value */
3565 Status
= LsapGetObjectAttribute(SecretObject
,
3568 &CurrentValueLength
);
3569 if (!NT_SUCCESS(Status
))
3572 /* Allocate a buffer for the encrypted current value */
3573 EncCurrentValue
= midl_user_allocate(sizeof(LSAPR_CR_CIPHER_VALUE
) + CurrentValueLength
);
3574 if (EncCurrentValue
== NULL
)
3576 Status
= STATUS_INSUFFICIENT_RESOURCES
;
3580 /* FIXME: Encrypt the current value */
3581 EncCurrentValue
->Length
= (USHORT
)(CurrentValueLength
- sizeof(WCHAR
));
3582 EncCurrentValue
->MaximumLength
= (USHORT
)CurrentValueLength
;
3583 EncCurrentValue
->Buffer
= (PBYTE
)(EncCurrentValue
+ 1);
3584 RtlCopyMemory(EncCurrentValue
->Buffer
,
3586 CurrentValueLength
);
3589 if (NT_SUCCESS(Status
))
3591 if (EncryptedData
!= NULL
)
3592 *EncryptedData
= EncCurrentValue
;
3596 if (EncryptedData
!= NULL
)
3597 *EncryptedData
= NULL
;
3599 if (EncCurrentValue
!= NULL
)
3600 midl_user_free(EncCurrentValue
);
3603 if (SecretObject
!= NULL
)
3604 LsapCloseDbObject(SecretObject
);
3611 NTSTATUS WINAPI
LsarOpenPolicy2(
3613 PLSAPR_OBJECT_ATTRIBUTES ObjectAttributes
,
3614 ACCESS_MASK DesiredAccess
,
3615 LSAPR_HANDLE
*PolicyHandle
)
3617 return LsarOpenPolicy(SystemName
,
3625 NTSTATUS WINAPI
LsarGetUserName(
3627 PRPC_UNICODE_STRING
*UserName
,
3628 PRPC_UNICODE_STRING
*DomainName
)
3631 return STATUS_NOT_IMPLEMENTED
;
3636 NTSTATUS WINAPI
LsarQueryInformationPolicy2(
3637 LSAPR_HANDLE PolicyHandle
,
3638 POLICY_INFORMATION_CLASS InformationClass
,
3639 PLSAPR_POLICY_INFORMATION
*PolicyInformation
)
3641 return LsarQueryInformationPolicy(PolicyHandle
,
3648 NTSTATUS WINAPI
LsarSetInformationPolicy2(
3649 LSAPR_HANDLE PolicyHandle
,
3650 POLICY_INFORMATION_CLASS InformationClass
,
3651 PLSAPR_POLICY_INFORMATION PolicyInformation
)
3653 return LsarSetInformationPolicy(PolicyHandle
,
3660 NTSTATUS WINAPI
LsarQueryTrustedDomainInfoByName(
3661 LSAPR_HANDLE PolicyHandle
,
3662 PRPC_UNICODE_STRING TrustedDomainName
,
3663 POLICY_INFORMATION_CLASS InformationClass
,
3664 PLSAPR_TRUSTED_DOMAIN_INFO
*PolicyInformation
)
3666 /* FIXME: We are not running an AD yet */
3667 return STATUS_OBJECT_NAME_NOT_FOUND
;
3672 NTSTATUS WINAPI
LsarSetTrustedDomainInfoByName(
3673 LSAPR_HANDLE PolicyHandle
,
3674 PRPC_UNICODE_STRING TrustedDomainName
,
3675 POLICY_INFORMATION_CLASS InformationClass
,
3676 PLSAPR_TRUSTED_DOMAIN_INFO PolicyInformation
)
3678 /* FIXME: We are not running an AD yet */
3679 return STATUS_OBJECT_NAME_NOT_FOUND
;
3684 NTSTATUS WINAPI
LsarEnumerateTrustedDomainsEx(
3685 LSAPR_HANDLE PolicyHandle
,
3686 DWORD
*EnumerationContext
,
3687 PLSAPR_TRUSTED_ENUM_BUFFER_EX EnumerationBuffer
,
3688 DWORD PreferedMaximumLength
)
3690 /* FIXME: We are not running an AD yet */
3691 EnumerationBuffer
->EntriesRead
= 0;
3692 EnumerationBuffer
->EnumerationBuffer
= NULL
;
3693 return STATUS_NO_MORE_ENTRIES
;
3698 NTSTATUS WINAPI
LsarCreateTrustedDomainEx(
3699 LSAPR_HANDLE PolicyHandle
,
3700 PLSAPR_TRUSTED_DOMAIN_INFORMATION_EX TrustedDomainInformation
,
3701 PLSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION AuthentificationInformation
,
3702 ACCESS_MASK DesiredAccess
,
3703 LSAPR_HANDLE
*TrustedDomainHandle
)
3705 /* FIXME: We are not running an AD yet */
3706 return STATUS_DIRECTORY_SERVICE_REQUIRED
;
3711 NTSTATUS WINAPI
LsarSetPolicyReplicationHandle(
3712 PLSAPR_HANDLE PolicyHandle
)
3715 return STATUS_NOT_IMPLEMENTED
;
3720 NTSTATUS WINAPI
LsarQueryDomainInformationPolicy(
3721 LSAPR_HANDLE PolicyHandle
,
3722 POLICY_INFORMATION_CLASS InformationClass
,
3723 PLSAPR_POLICY_DOMAIN_INFORMATION
*PolicyInformation
)
3726 return STATUS_NOT_IMPLEMENTED
;
3731 NTSTATUS WINAPI
LsarSetDomainInformationPolicy(
3732 LSAPR_HANDLE PolicyHandle
,
3733 POLICY_INFORMATION_CLASS InformationClass
,
3734 PLSAPR_POLICY_DOMAIN_INFORMATION PolicyInformation
)
3737 return STATUS_NOT_IMPLEMENTED
;
3742 NTSTATUS WINAPI
LsarOpenTrustedDomainByName(
3743 LSAPR_HANDLE PolicyHandle
,
3744 PRPC_UNICODE_STRING TrustedDomainName
,
3745 ACCESS_MASK DesiredAccess
,
3746 LSAPR_HANDLE
*TrustedDomainHandle
)
3748 /* FIXME: We are not running an AD yet */
3749 return STATUS_OBJECT_NAME_NOT_FOUND
;
3754 NTSTATUS WINAPI
LsarTestCall(
3758 return STATUS_NOT_IMPLEMENTED
;
3763 NTSTATUS WINAPI
LsarLookupSids2(
3764 LSAPR_HANDLE PolicyHandle
,
3765 PLSAPR_SID_ENUM_BUFFER SidEnumBuffer
,
3766 PLSAPR_REFERENCED_DOMAIN_LIST
*ReferencedDomains
,
3767 PLSAPR_TRANSLATED_NAMES_EX TranslatedNames
,
3768 LSAP_LOOKUP_LEVEL LookupLevel
,
3770 DWORD LookupOptions
,
3771 DWORD ClientRevision
)
3775 TRACE("LsarLookupSids2(%p %p %p %p %d %p %lu %lu)\n",
3776 PolicyHandle
, SidEnumBuffer
, ReferencedDomains
, TranslatedNames
,
3777 LookupLevel
, MappedCount
, LookupOptions
, ClientRevision
);
3779 TranslatedNames
->Entries
= SidEnumBuffer
->Entries
;
3780 TranslatedNames
->Names
= NULL
;
3781 *ReferencedDomains
= NULL
;
3783 /* FIXME: Fail, if there is an invalid SID in the SidEnumBuffer */
3785 Status
= LsapLookupSids(SidEnumBuffer
,
3798 NTSTATUS WINAPI
LsarLookupNames2(
3799 LSAPR_HANDLE PolicyHandle
,
3801 PRPC_UNICODE_STRING Names
,
3802 PLSAPR_REFERENCED_DOMAIN_LIST
*ReferencedDomains
,
3803 PLSAPR_TRANSLATED_SIDS_EX TranslatedSids
,
3804 LSAP_LOOKUP_LEVEL LookupLevel
,
3806 DWORD LookupOptions
,
3807 DWORD ClientRevision
)
3809 LSAPR_TRANSLATED_SIDS_EX2 TranslatedSidsEx2
;
3813 TRACE("LsarLookupNames2(%p %lu %p %p %p %d %p %lu %lu)\n",
3814 PolicyHandle
, Count
, Names
, ReferencedDomains
, TranslatedSids
,
3815 LookupLevel
, MappedCount
, LookupOptions
, ClientRevision
);
3817 TranslatedSids
->Entries
= 0;
3818 TranslatedSids
->Sids
= NULL
;
3819 *ReferencedDomains
= NULL
;
3822 return STATUS_NONE_MAPPED
;
3824 TranslatedSidsEx2
.Entries
= 0;
3825 TranslatedSidsEx2
.Sids
= NULL
;
3827 Status
= LsapLookupNames(Count
,
3835 if (!NT_SUCCESS(Status
))
3838 TranslatedSids
->Entries
= TranslatedSidsEx2
.Entries
;
3839 TranslatedSids
->Sids
= MIDL_user_allocate(TranslatedSids
->Entries
* sizeof(LSA_TRANSLATED_SID
));
3840 if (TranslatedSids
->Sids
== NULL
)
3842 MIDL_user_free(TranslatedSidsEx2
.Sids
);
3843 MIDL_user_free(*ReferencedDomains
);
3844 *ReferencedDomains
= NULL
;
3845 return STATUS_INSUFFICIENT_RESOURCES
;
3848 for (i
= 0; i
< TranslatedSidsEx2
.Entries
; i
++)
3850 TranslatedSids
->Sids
[i
].Use
= TranslatedSidsEx2
.Sids
[i
].Use
;
3851 TranslatedSids
->Sids
[i
].RelativeId
= LsapGetRelativeIdFromSid(TranslatedSidsEx2
.Sids
[i
].Sid
);
3852 TranslatedSids
->Sids
[i
].DomainIndex
= TranslatedSidsEx2
.Sids
[i
].DomainIndex
;
3853 TranslatedSids
->Sids
[i
].Flags
= TranslatedSidsEx2
.Sids
[i
].Flags
;
3856 MIDL_user_free(TranslatedSidsEx2
.Sids
);
3858 return STATUS_SUCCESS
;
3863 NTSTATUS WINAPI
LsarCreateTrustedDomainEx2(
3864 LSAPR_HANDLE PolicyHandle
,
3865 PLSAPR_TRUSTED_DOMAIN_INFORMATION_EX TrustedDomainInformation
,
3866 PLSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION_INTERNAL AuthentificationInformation
,
3867 ACCESS_MASK DesiredAccess
,
3868 LSAPR_HANDLE
*TrustedDomainHandle
)
3870 /* FIXME: We are not running an AD yet */
3871 return STATUS_DIRECTORY_SERVICE_REQUIRED
;
3876 NTSTATUS WINAPI
CredrWrite(
3880 return STATUS_NOT_IMPLEMENTED
;
3885 NTSTATUS WINAPI
CredrRead(
3889 return STATUS_NOT_IMPLEMENTED
;
3894 NTSTATUS WINAPI
CredrEnumerate(
3898 return STATUS_NOT_IMPLEMENTED
;
3903 NTSTATUS WINAPI
CredrWriteDomainCredentials(
3907 return STATUS_NOT_IMPLEMENTED
;
3912 NTSTATUS WINAPI
CredrReadDomainCredentials(
3916 return STATUS_NOT_IMPLEMENTED
;
3930 return STATUS_NOT_IMPLEMENTED
;
3941 CREDPR_TARGET_INFORMATION
*TargetInformation
)
3944 return STATUS_NOT_IMPLEMENTED
;
3955 return STATUS_NOT_IMPLEMENTED
;
3960 NTSTATUS WINAPI
LsarLookupNames3(
3961 LSAPR_HANDLE PolicyHandle
,
3963 PRPC_UNICODE_STRING Names
,
3964 PLSAPR_REFERENCED_DOMAIN_LIST
*ReferencedDomains
,
3965 PLSAPR_TRANSLATED_SIDS_EX2 TranslatedSids
,
3966 LSAP_LOOKUP_LEVEL LookupLevel
,
3968 DWORD LookupOptions
,
3969 DWORD ClientRevision
)
3973 TRACE("LsarLookupNames3(%p %lu %p %p %p %d %p %lu %lu)\n",
3974 PolicyHandle
, Count
, Names
, ReferencedDomains
, TranslatedSids
,
3975 LookupLevel
, MappedCount
, LookupOptions
, ClientRevision
);
3977 TranslatedSids
->Entries
= 0;
3978 TranslatedSids
->Sids
= NULL
;
3979 *ReferencedDomains
= NULL
;
3982 return STATUS_NONE_MAPPED
;
3984 Status
= LsapLookupNames(Count
,
4000 CredrGetSessionTypes(
4002 DWORD MaximumPersistCount
,
4003 DWORD
*MaximumPersist
)
4006 return STATUS_NOT_IMPLEMENTED
;
4011 NTSTATUS WINAPI
LsarRegisterAuditEvent(
4015 return STATUS_NOT_IMPLEMENTED
;
4020 NTSTATUS WINAPI
LsarGenAuditEvent(
4024 return STATUS_NOT_IMPLEMENTED
;
4029 NTSTATUS WINAPI
LsarUnregisterAuditEvent(
4033 return STATUS_NOT_IMPLEMENTED
;
4038 NTSTATUS WINAPI
LsarQueryForestTrustInformation(
4039 LSAPR_HANDLE PolicyHandle
,
4040 PLSA_UNICODE_STRING TrustedDomainName
,
4041 LSA_FOREST_TRUST_RECORD_TYPE HighestRecordType
,
4042 PLSA_FOREST_TRUST_INFORMATION
*ForestTrustInfo
)
4045 return STATUS_NOT_IMPLEMENTED
;
4050 NTSTATUS WINAPI
LsarSetForestTrustInformation(
4051 LSAPR_HANDLE PolicyHandle
,
4052 PLSA_UNICODE_STRING TrustedDomainName
,
4053 LSA_FOREST_TRUST_RECORD_TYPE HighestRecordType
,
4054 PLSA_FOREST_TRUST_INFORMATION ForestTrustInfo
,
4056 PLSA_FOREST_TRUST_COLLISION_INFORMATION
*CollisionInfo
)
4059 return STATUS_NOT_IMPLEMENTED
;
4068 LPWSTR OldTargetName
,
4069 LPWSTR NewTargetName
,
4074 return STATUS_NOT_IMPLEMENTED
;
4079 NTSTATUS WINAPI
LsarLookupSids3(
4080 LSAPR_HANDLE PolicyHandle
,
4081 PLSAPR_SID_ENUM_BUFFER SidEnumBuffer
,
4082 PLSAPR_REFERENCED_DOMAIN_LIST
*ReferencedDomains
,
4083 PLSAPR_TRANSLATED_NAMES_EX TranslatedNames
,
4084 LSAP_LOOKUP_LEVEL LookupLevel
,
4086 DWORD LookupOptions
,
4087 DWORD ClientRevision
)
4091 TRACE("LsarLookupSids3(%p %p %p %p %d %p %lu %lu)\n",
4092 PolicyHandle
, SidEnumBuffer
, ReferencedDomains
, TranslatedNames
,
4093 LookupLevel
, MappedCount
, LookupOptions
, ClientRevision
);
4095 TranslatedNames
->Entries
= SidEnumBuffer
->Entries
;
4096 TranslatedNames
->Names
= NULL
;
4097 *ReferencedDomains
= NULL
;
4099 /* FIXME: Fail, if there is an invalid SID in the SidEnumBuffer */
4101 Status
= LsapLookupSids(SidEnumBuffer
,
4114 NTSTATUS WINAPI
LsarLookupNames4(
4117 PRPC_UNICODE_STRING Names
,
4118 PLSAPR_REFERENCED_DOMAIN_LIST
*ReferencedDomains
,
4119 PLSAPR_TRANSLATED_SIDS_EX2 TranslatedSids
,
4120 LSAP_LOOKUP_LEVEL LookupLevel
,
4122 DWORD LookupOptions
,
4123 DWORD ClientRevision
)
4127 TRACE("LsarLookupNames4(%p %lu %p %p %p %d %p %lu %lu)\n",
4128 RpcHandle
, Count
, Names
, ReferencedDomains
, TranslatedSids
,
4129 LookupLevel
, MappedCount
, LookupOptions
, ClientRevision
);
4131 TranslatedSids
->Entries
= 0;
4132 TranslatedSids
->Sids
= NULL
;
4133 *ReferencedDomains
= NULL
;
4136 return STATUS_NONE_MAPPED
;
4138 Status
= LsapLookupNames(Count
,
4152 NTSTATUS WINAPI
LsarOpenPolicySce(
4154 PLSAPR_OBJECT_ATTRIBUTES ObjectAttributes
,
4155 ACCESS_MASK DesiredAccess
,
4156 LSAPR_HANDLE
*PolicyHandle
)
4159 return STATUS_NOT_IMPLEMENTED
;
4164 NTSTATUS WINAPI
LsarAdtRegisterSecurityEventSource(
4168 return STATUS_NOT_IMPLEMENTED
;
4173 NTSTATUS WINAPI
LsarAdtUnregisterSecurityEventSource(
4177 return STATUS_NOT_IMPLEMENTED
;
4182 NTSTATUS WINAPI
LsarAdtReportSecurityEvent(
4186 return STATUS_NOT_IMPLEMENTED
;