2 * COPYRIGHT: See COPYING in the top level directory
3 * PROJECT: Local Security Authority (LSA) Server
4 * FILE: reactos/dll/win32/lsasrv/lsarpc.h
5 * PURPOSE: RPC interface functions
7 * PROGRAMMERS: Eric Kohl
12 /* GLOBALS *****************************************************************/
14 static RTL_CRITICAL_SECTION PolicyHandleTableLock
;
17 /* FUNCTIONS ***************************************************************/
20 LsarStartRpcServer(VOID
)
24 RtlInitializeCriticalSection(&PolicyHandleTableLock
);
26 TRACE("LsarStartRpcServer() called\n");
28 Status
= RpcServerUseProtseqEpW(L
"ncacn_np",
32 if (Status
!= RPC_S_OK
)
34 WARN("RpcServerUseProtseqEpW() failed (Status %lx)\n", Status
);
38 Status
= RpcServerRegisterIf(lsarpc_v0_0_s_ifspec
,
41 if (Status
!= RPC_S_OK
)
43 WARN("RpcServerRegisterIf() failed (Status %lx)\n", Status
);
49 Status
= RpcServerListen(1, 20, TRUE
);
50 if (Status
!= RPC_S_OK
)
52 WARN("RpcServerListen() failed (Status %lx)\n", Status
);
56 TRACE("LsarStartRpcServer() done\n");
60 void __RPC_USER
LSAPR_HANDLE_rundown(LSAPR_HANDLE hHandle
)
67 NTSTATUS WINAPI
LsarClose(
68 LSAPR_HANDLE
*ObjectHandle
)
70 PLSA_DB_OBJECT DbObject
;
71 NTSTATUS Status
= STATUS_SUCCESS
;
73 TRACE("0x%p\n", ObjectHandle
);
75 // RtlEnterCriticalSection(&PolicyHandleTableLock);
77 Status
= LsapValidateDbObject(*ObjectHandle
,
81 if (Status
== STATUS_SUCCESS
)
83 Status
= LsapCloseDbObject(DbObject
);
87 // RtlLeaveCriticalSection(&PolicyHandleTableLock);
94 NTSTATUS WINAPI
LsarDelete(
95 LSAPR_HANDLE ObjectHandle
)
97 return LsarDeleteObject(&ObjectHandle
);
102 NTSTATUS WINAPI
LsarEnumeratePrivileges(
103 LSAPR_HANDLE PolicyHandle
,
104 DWORD
*EnumerationContext
,
105 PLSAPR_PRIVILEGE_ENUM_BUFFER EnumerationBuffer
,
106 DWORD PreferedMaximumLength
)
108 PLSA_DB_OBJECT PolicyObject
;
111 TRACE("LsarEnumeratePrivileges(%p %p %p %lu)\n",
112 PolicyHandle
, EnumerationContext
, EnumerationBuffer
,
113 PreferedMaximumLength
);
115 Status
= LsapValidateDbObject(PolicyHandle
,
117 POLICY_VIEW_LOCAL_INFORMATION
,
119 if (!NT_SUCCESS(Status
))
122 if (EnumerationContext
== NULL
)
123 return STATUS_INVALID_PARAMETER
;
125 return LsarpEnumeratePrivileges(EnumerationContext
,
127 PreferedMaximumLength
);
132 NTSTATUS WINAPI
LsarQuerySecurityObject(
133 LSAPR_HANDLE ObjectHandle
,
134 SECURITY_INFORMATION SecurityInformation
,
135 PLSAPR_SR_SECURITY_DESCRIPTOR
*SecurityDescriptor
)
137 PLSA_DB_OBJECT DbObject
= NULL
;
138 PSECURITY_DESCRIPTOR RelativeSd
= NULL
;
139 PLSAPR_SR_SECURITY_DESCRIPTOR SdData
= NULL
;
140 ACCESS_MASK DesiredAccess
= 0;
141 ULONG RelativeSdSize
= 0;
144 if (SecurityDescriptor
== NULL
)
145 return STATUS_INVALID_PARAMETER
;
147 if ((SecurityInformation
& OWNER_SECURITY_INFORMATION
) ||
148 (SecurityInformation
& GROUP_SECURITY_INFORMATION
) ||
149 (SecurityInformation
& DACL_SECURITY_INFORMATION
))
150 DesiredAccess
|= READ_CONTROL
;
152 if (SecurityInformation
& SACL_SECURITY_INFORMATION
)
153 DesiredAccess
|= ACCESS_SYSTEM_SECURITY
;
155 /* Validate the ObjectHandle */
156 Status
= LsapValidateDbObject(ObjectHandle
,
160 if (!NT_SUCCESS(Status
))
163 /* Get the size of the SD */
164 Status
= LsapGetObjectAttribute(DbObject
,
168 if (!NT_SUCCESS(Status
))
171 /* Allocate a buffer for the SD */
172 RelativeSd
= MIDL_user_allocate(RelativeSdSize
);
173 if (RelativeSd
== NULL
)
174 return STATUS_INSUFFICIENT_RESOURCES
;
177 Status
= LsapGetObjectAttribute(DbObject
,
181 if (!NT_SUCCESS(Status
))
185 * FIXME: Invalidate the SD information that was not requested.
186 * (see SecurityInformation)
189 /* Allocate the SD data buffer */
190 SdData
= MIDL_user_allocate(sizeof(LSAPR_SR_SECURITY_DESCRIPTOR
));
193 Status
= STATUS_INSUFFICIENT_RESOURCES
;
197 /* Fill the SD data buffer and return it to the caller */
198 SdData
->Length
= RelativeSdSize
;
199 SdData
->SecurityDescriptor
= (PBYTE
)RelativeSd
;
201 *SecurityDescriptor
= SdData
;
204 if (!NT_SUCCESS(Status
))
206 if (RelativeSd
!= NULL
)
207 MIDL_user_free(RelativeSd
);
215 NTSTATUS WINAPI
LsarSetSecurityObject(
216 LSAPR_HANDLE ObjectHandle
,
217 SECURITY_INFORMATION SecurityInformation
,
218 PLSAPR_SR_SECURITY_DESCRIPTOR SecurityDescriptor
)
221 return STATUS_NOT_IMPLEMENTED
;
226 NTSTATUS WINAPI
LsarChangePassword(
228 PRPC_UNICODE_STRING String1
,
229 PRPC_UNICODE_STRING String2
,
230 PRPC_UNICODE_STRING String3
,
231 PRPC_UNICODE_STRING String4
,
232 PRPC_UNICODE_STRING String5
)
235 return STATUS_NOT_IMPLEMENTED
;
240 NTSTATUS WINAPI
LsarOpenPolicy(
242 PLSAPR_OBJECT_ATTRIBUTES ObjectAttributes
,
243 ACCESS_MASK DesiredAccess
,
244 LSAPR_HANDLE
*PolicyHandle
)
246 PLSA_DB_OBJECT PolicyObject
;
249 TRACE("LsarOpenPolicy called!\n");
251 RtlEnterCriticalSection(&PolicyHandleTableLock
);
253 Status
= LsapOpenDbObject(NULL
,
261 RtlLeaveCriticalSection(&PolicyHandleTableLock
);
263 if (NT_SUCCESS(Status
))
264 *PolicyHandle
= (LSAPR_HANDLE
)PolicyObject
;
266 TRACE("LsarOpenPolicy done!\n");
273 NTSTATUS WINAPI
LsarQueryInformationPolicy(
274 LSAPR_HANDLE PolicyHandle
,
275 POLICY_INFORMATION_CLASS InformationClass
,
276 PLSAPR_POLICY_INFORMATION
*PolicyInformation
)
278 PLSA_DB_OBJECT PolicyObject
;
279 ACCESS_MASK DesiredAccess
= 0;
282 TRACE("LsarQueryInformationPolicy(%p,0x%08x,%p)\n",
283 PolicyHandle
, InformationClass
, PolicyInformation
);
285 if (PolicyInformation
)
287 TRACE("*PolicyInformation %p\n", *PolicyInformation
);
290 switch (InformationClass
)
292 case PolicyAuditLogInformation
:
293 case PolicyAuditEventsInformation
:
294 case PolicyAuditFullQueryInformation
:
295 DesiredAccess
= POLICY_VIEW_AUDIT_INFORMATION
;
298 case PolicyPrimaryDomainInformation
:
299 case PolicyAccountDomainInformation
:
300 case PolicyLsaServerRoleInformation
:
301 case PolicyReplicaSourceInformation
:
302 case PolicyDefaultQuotaInformation
:
303 case PolicyModificationInformation
:
304 case PolicyDnsDomainInformation
:
305 case PolicyDnsDomainInformationInt
:
306 case PolicyLocalAccountDomainInformation
:
307 DesiredAccess
= POLICY_VIEW_LOCAL_INFORMATION
;
310 case PolicyPdAccountInformation
:
311 DesiredAccess
= POLICY_GET_PRIVATE_INFORMATION
;
315 ERR("Invalid InformationClass!\n");
316 return STATUS_INVALID_PARAMETER
;
319 Status
= LsapValidateDbObject(PolicyHandle
,
323 if (!NT_SUCCESS(Status
))
326 switch (InformationClass
)
328 case PolicyAuditLogInformation
: /* 1 */
329 Status
= LsarQueryAuditLog(PolicyObject
,
333 case PolicyAuditEventsInformation
: /* 2 */
334 Status
= LsarQueryAuditEvents(PolicyObject
,
338 case PolicyPrimaryDomainInformation
: /* 3 */
339 Status
= LsarQueryPrimaryDomain(PolicyObject
,
343 case PolicyPdAccountInformation
: /* 4 */
344 Status
= LsarQueryPdAccount(PolicyObject
,
348 case PolicyAccountDomainInformation
: /* 5 */
349 Status
= LsarQueryAccountDomain(PolicyObject
,
353 case PolicyLsaServerRoleInformation
: /* 6 */
354 Status
= LsarQueryServerRole(PolicyObject
,
358 case PolicyReplicaSourceInformation
: /* 7 */
359 Status
= LsarQueryReplicaSource(PolicyObject
,
363 case PolicyDefaultQuotaInformation
: /* 8 */
364 Status
= LsarQueryDefaultQuota(PolicyObject
,
368 case PolicyModificationInformation
: /* 9 */
369 Status
= LsarQueryModification(PolicyObject
,
373 case PolicyAuditFullQueryInformation
: /* 11 (0xB) */
374 Status
= LsarQueryAuditFull(PolicyObject
,
378 case PolicyDnsDomainInformation
: /* 12 (0xC) */
379 Status
= LsarQueryDnsDomain(PolicyObject
,
383 case PolicyDnsDomainInformationInt
: /* 13 (0xD) */
384 Status
= LsarQueryDnsDomainInt(PolicyObject
,
388 case PolicyLocalAccountDomainInformation
: /* 14 (0xE) */
389 Status
= LsarQueryLocalAccountDomain(PolicyObject
,
394 ERR("Invalid InformationClass!\n");
395 Status
= STATUS_INVALID_PARAMETER
;
403 NTSTATUS WINAPI
LsarSetInformationPolicy(
404 LSAPR_HANDLE PolicyHandle
,
405 POLICY_INFORMATION_CLASS InformationClass
,
406 PLSAPR_POLICY_INFORMATION PolicyInformation
)
408 PLSA_DB_OBJECT PolicyObject
;
409 ACCESS_MASK DesiredAccess
= 0;
412 TRACE("LsarSetInformationPolicy(%p,0x%08x,%p)\n",
413 PolicyHandle
, InformationClass
, PolicyInformation
);
415 if (PolicyInformation
)
417 TRACE("*PolicyInformation %p\n", *PolicyInformation
);
420 switch (InformationClass
)
422 case PolicyAuditLogInformation
:
423 case PolicyAuditFullSetInformation
:
424 DesiredAccess
= POLICY_AUDIT_LOG_ADMIN
;
427 case PolicyAuditEventsInformation
:
428 DesiredAccess
= POLICY_SET_AUDIT_REQUIREMENTS
;
431 case PolicyPrimaryDomainInformation
:
432 case PolicyAccountDomainInformation
:
433 case PolicyDnsDomainInformation
:
434 case PolicyDnsDomainInformationInt
:
435 case PolicyLocalAccountDomainInformation
:
436 DesiredAccess
= POLICY_TRUST_ADMIN
;
439 case PolicyLsaServerRoleInformation
:
440 case PolicyReplicaSourceInformation
:
441 DesiredAccess
= POLICY_SERVER_ADMIN
;
444 case PolicyDefaultQuotaInformation
:
445 DesiredAccess
= POLICY_SET_DEFAULT_QUOTA_LIMITS
;
449 ERR("Invalid InformationClass!\n");
450 return STATUS_INVALID_PARAMETER
;
453 Status
= LsapValidateDbObject(PolicyHandle
,
457 if (!NT_SUCCESS(Status
))
460 switch (InformationClass
)
462 case PolicyAuditLogInformation
: /* 1 */
463 Status
= LsarSetAuditLog(PolicyObject
,
464 (PPOLICY_AUDIT_LOG_INFO
)PolicyInformation
);
467 case PolicyAuditEventsInformation
: /* 2 */
468 Status
= LsarSetAuditEvents(PolicyObject
,
469 (PLSAPR_POLICY_AUDIT_EVENTS_INFO
)PolicyInformation
);
472 case PolicyPrimaryDomainInformation
: /* 3 */
473 Status
= LsarSetPrimaryDomain(PolicyObject
,
474 (PLSAPR_POLICY_PRIMARY_DOM_INFO
)PolicyInformation
);
477 case PolicyAccountDomainInformation
: /* 5 */
478 Status
= LsarSetAccountDomain(PolicyObject
,
479 (PLSAPR_POLICY_ACCOUNT_DOM_INFO
)PolicyInformation
);
482 case PolicyLsaServerRoleInformation
: /* 6 */
483 Status
= LsarSetServerRole(PolicyObject
,
484 (PPOLICY_LSA_SERVER_ROLE_INFO
)PolicyInformation
);
487 case PolicyReplicaSourceInformation
: /* 7 */
488 Status
= LsarSetReplicaSource(PolicyObject
,
489 (PPOLICY_LSA_REPLICA_SRCE_INFO
)PolicyInformation
);
492 case PolicyDefaultQuotaInformation
: /* 8 */
493 Status
= LsarSetDefaultQuota(PolicyObject
,
494 (PPOLICY_DEFAULT_QUOTA_INFO
)PolicyInformation
);
497 case PolicyModificationInformation
: /* 9 */
498 Status
= LsarSetModification(PolicyObject
,
499 (PPOLICY_MODIFICATION_INFO
)PolicyInformation
);
502 case PolicyAuditFullSetInformation
: /* 10 (0xA) */
503 Status
= LsarSetAuditFull(PolicyObject
,
504 (PPOLICY_AUDIT_FULL_QUERY_INFO
)PolicyInformation
);
507 case PolicyDnsDomainInformation
: /* 12 (0xC) */
508 Status
= LsarSetDnsDomain(PolicyObject
,
509 (PLSAPR_POLICY_DNS_DOMAIN_INFO
)PolicyInformation
);
512 case PolicyDnsDomainInformationInt
: /* 13 (0xD) */
513 Status
= LsarSetDnsDomainInt(PolicyObject
,
514 (PLSAPR_POLICY_DNS_DOMAIN_INFO
)PolicyInformation
);
517 case PolicyLocalAccountDomainInformation
: /* 14 (0xE) */
518 Status
= LsarSetLocalAccountDomain(PolicyObject
,
519 (PLSAPR_POLICY_ACCOUNT_DOM_INFO
)PolicyInformation
);
523 Status
= STATUS_INVALID_PARAMETER
;
532 NTSTATUS WINAPI
LsarClearAuditLog(
533 LSAPR_HANDLE ObjectHandle
)
536 return STATUS_NOT_IMPLEMENTED
;
541 NTSTATUS WINAPI
LsarCreateAccount(
542 LSAPR_HANDLE PolicyHandle
,
544 ACCESS_MASK DesiredAccess
,
545 LSAPR_HANDLE
*AccountHandle
)
547 PLSA_DB_OBJECT PolicyObject
;
548 PLSA_DB_OBJECT AccountObject
= NULL
;
549 LPWSTR SidString
= NULL
;
550 PSECURITY_DESCRIPTOR AccountSd
= NULL
;
552 NTSTATUS Status
= STATUS_SUCCESS
;
554 /* Validate the AccountSid */
555 if (!RtlValidSid(AccountSid
))
556 return STATUS_INVALID_PARAMETER
;
558 /* Validate the PolicyHandle */
559 Status
= LsapValidateDbObject(PolicyHandle
,
561 POLICY_CREATE_ACCOUNT
,
563 if (!NT_SUCCESS(Status
))
565 ERR("LsapValidateDbObject returned 0x%08lx\n", Status
);
569 /* Create SID string */
570 if (!ConvertSidToStringSid((PSID
)AccountSid
,
573 ERR("ConvertSidToStringSid failed\n");
574 Status
= STATUS_INVALID_PARAMETER
;
578 /* Create a security descriptor for the account */
579 Status
= LsapCreateAccountSd(&AccountSd
,
581 if (!NT_SUCCESS(Status
))
583 ERR("LsapCreateAccountSd returned 0x%08lx\n", Status
);
587 /* Create the Account object */
588 Status
= LsapCreateDbObject(PolicyObject
,
593 PolicyObject
->Trusted
,
595 if (!NT_SUCCESS(Status
))
597 ERR("LsapCreateDbObject failed (Status 0x%08lx)\n", Status
);
601 /* Set the Sid attribute */
602 Status
= LsapSetObjectAttribute(AccountObject
,
605 GetLengthSid(AccountSid
));
606 if (!NT_SUCCESS(Status
))
609 /* Set the SecDesc attribute */
610 Status
= LsapSetObjectAttribute(AccountObject
,
616 if (SidString
!= NULL
)
617 LocalFree(SidString
);
619 if (AccountSd
!= NULL
)
620 RtlFreeHeap(RtlGetProcessHeap(), 0, AccountSd
);
622 if (!NT_SUCCESS(Status
))
624 if (AccountObject
!= NULL
)
625 LsapCloseDbObject(AccountObject
);
629 *AccountHandle
= (LSAPR_HANDLE
)AccountObject
;
632 return STATUS_SUCCESS
;
637 NTSTATUS WINAPI
LsarEnumerateAccounts(
638 LSAPR_HANDLE PolicyHandle
,
639 DWORD
*EnumerationContext
,
640 PLSAPR_ACCOUNT_ENUM_BUFFER EnumerationBuffer
,
641 DWORD PreferedMaximumLength
)
643 LSAPR_ACCOUNT_ENUM_BUFFER EnumBuffer
= {0, NULL
};
644 PLSA_DB_OBJECT PolicyObject
= NULL
;
645 WCHAR AccountKeyName
[64];
646 HANDLE AccountsKeyHandle
= NULL
;
647 HANDLE AccountKeyHandle
;
651 ULONG RequiredLength
;
654 NTSTATUS Status
= STATUS_SUCCESS
;
656 TRACE("(%p %p %p %lu)\n", PolicyHandle
, EnumerationContext
,
657 EnumerationBuffer
, PreferedMaximumLength
);
659 if (EnumerationContext
== NULL
||
660 EnumerationBuffer
== NULL
)
661 return STATUS_INVALID_PARAMETER
;
663 EnumerationBuffer
->EntriesRead
= 0;
664 EnumerationBuffer
->Information
= NULL
;
666 /* Validate the PolicyHandle */
667 Status
= LsapValidateDbObject(PolicyHandle
,
669 POLICY_VIEW_LOCAL_INFORMATION
,
671 if (!NT_SUCCESS(Status
))
673 ERR("LsapValidateDbObject returned 0x%08lx\n", Status
);
677 Status
= LsapRegOpenKey(PolicyObject
->KeyHandle
,
681 if (!NT_SUCCESS(Status
))
684 EnumIndex
= *EnumerationContext
;
690 Status
= LsapRegEnumerateSubKey(AccountsKeyHandle
,
694 if (!NT_SUCCESS(Status
))
697 TRACE("EnumIndex: %lu\n", EnumIndex
);
698 TRACE("Account key name: %S\n", AccountKeyName
);
700 Status
= LsapRegOpenKey(AccountsKeyHandle
,
704 TRACE("LsapRegOpenKey returned %08lX\n", Status
);
705 if (NT_SUCCESS(Status
))
707 Status
= LsapRegOpenKey(AccountKeyHandle
,
711 TRACE("LsapRegOpenKey returned %08lX\n", Status
);
712 if (NT_SUCCESS(Status
))
715 Status
= LsapRegQueryValue(SidKeyHandle
,
720 TRACE("LsapRegQueryValue returned %08lX\n", Status
);
721 if (NT_SUCCESS(Status
))
723 TRACE("Data length: %lu\n", DataLength
);
725 if ((RequiredLength
+ DataLength
+ sizeof(LSAPR_ACCOUNT_INFORMATION
)) > PreferedMaximumLength
)
728 RequiredLength
+= (DataLength
+ sizeof(LSAPR_ACCOUNT_INFORMATION
));
732 LsapRegCloseKey(SidKeyHandle
);
735 LsapRegCloseKey(AccountKeyHandle
);
741 TRACE("EnumCount: %lu\n", EnumCount
);
742 TRACE("RequiredLength: %lu\n", RequiredLength
);
744 EnumBuffer
.EntriesRead
= EnumCount
;
745 EnumBuffer
.Information
= midl_user_allocate(EnumCount
* sizeof(LSAPR_ACCOUNT_INFORMATION
));
746 if (EnumBuffer
.Information
== NULL
)
748 Status
= STATUS_INSUFFICIENT_RESOURCES
;
752 EnumIndex
= *EnumerationContext
;
753 for (i
= 0; i
< EnumCount
; i
++, EnumIndex
++)
755 Status
= LsapRegEnumerateSubKey(AccountsKeyHandle
,
759 if (!NT_SUCCESS(Status
))
762 TRACE("EnumIndex: %lu\n", EnumIndex
);
763 TRACE("Account key name: %S\n", AccountKeyName
);
765 Status
= LsapRegOpenKey(AccountsKeyHandle
,
769 TRACE("LsapRegOpenKey returned %08lX\n", Status
);
770 if (NT_SUCCESS(Status
))
772 Status
= LsapRegOpenKey(AccountKeyHandle
,
776 TRACE("LsapRegOpenKey returned %08lX\n", Status
);
777 if (NT_SUCCESS(Status
))
780 Status
= LsapRegQueryValue(SidKeyHandle
,
785 TRACE("LsapRegQueryValue returned %08lX\n", Status
);
786 if (NT_SUCCESS(Status
))
788 EnumBuffer
.Information
[i
].Sid
= midl_user_allocate(DataLength
);
789 if (EnumBuffer
.Information
[i
].Sid
== NULL
)
791 LsapRegCloseKey(AccountKeyHandle
);
792 Status
= STATUS_INSUFFICIENT_RESOURCES
;
796 Status
= LsapRegQueryValue(SidKeyHandle
,
799 EnumBuffer
.Information
[i
].Sid
,
801 TRACE("SampRegQueryValue returned %08lX\n", Status
);
804 LsapRegCloseKey(SidKeyHandle
);
807 LsapRegCloseKey(AccountKeyHandle
);
809 if (!NT_SUCCESS(Status
))
814 if (NT_SUCCESS(Status
))
816 *EnumerationContext
+= EnumCount
;
817 EnumerationBuffer
->EntriesRead
= EnumBuffer
.EntriesRead
;
818 EnumerationBuffer
->Information
= EnumBuffer
.Information
;
822 if (!NT_SUCCESS(Status
))
824 if (EnumBuffer
.Information
)
826 for (i
= 0; i
< EnumBuffer
.EntriesRead
; i
++)
828 if (EnumBuffer
.Information
[i
].Sid
!= NULL
)
829 midl_user_free(EnumBuffer
.Information
[i
].Sid
);
832 midl_user_free(EnumBuffer
.Information
);
836 if (AccountsKeyHandle
!= NULL
)
837 LsapRegCloseKey(AccountsKeyHandle
);
844 NTSTATUS WINAPI
LsarCreateTrustedDomain(
845 LSAPR_HANDLE PolicyHandle
,
846 PLSAPR_TRUST_INFORMATION TrustedDomainInformation
,
847 ACCESS_MASK DesiredAccess
,
848 LSAPR_HANDLE
*TrustedDomainHandle
)
851 return STATUS_NOT_IMPLEMENTED
;
856 NTSTATUS WINAPI
LsarEnumerateTrustedDomains(
857 LSAPR_HANDLE PolicyHandle
,
858 DWORD
*EnumerationContext
,
859 PLSAPR_TRUSTED_ENUM_BUFFER EnumerationBuffer
,
860 DWORD PreferedMaximumLength
)
863 return STATUS_NOT_IMPLEMENTED
;
868 NTSTATUS WINAPI
LsarLookupNames(
869 LSAPR_HANDLE PolicyHandle
,
871 PRPC_UNICODE_STRING Names
,
872 PLSAPR_REFERENCED_DOMAIN_LIST
*ReferencedDomains
,
873 PLSAPR_TRANSLATED_SIDS TranslatedSids
,
874 LSAP_LOOKUP_LEVEL LookupLevel
,
877 LSAPR_TRANSLATED_SIDS_EX2 TranslatedSidsEx2
;
881 TRACE("(%p %lu %p %p %p %d %p)\n",
882 PolicyHandle
, Count
, Names
, ReferencedDomains
, TranslatedSids
,
883 LookupLevel
, MappedCount
);
885 TranslatedSids
->Entries
= 0;
886 TranslatedSids
->Sids
= NULL
;
887 *ReferencedDomains
= NULL
;
890 return STATUS_NONE_MAPPED
;
892 TranslatedSidsEx2
.Entries
= 0;
893 TranslatedSidsEx2
.Sids
= NULL
;
895 Status
= LsapLookupNames(Count
,
903 if (!NT_SUCCESS(Status
))
906 TranslatedSids
->Entries
= TranslatedSidsEx2
.Entries
;
907 TranslatedSids
->Sids
= MIDL_user_allocate(TranslatedSids
->Entries
* sizeof(LSA_TRANSLATED_SID
));
908 if (TranslatedSids
->Sids
== NULL
)
910 MIDL_user_free(TranslatedSidsEx2
.Sids
);
911 MIDL_user_free(*ReferencedDomains
);
912 *ReferencedDomains
= NULL
;
913 return STATUS_INSUFFICIENT_RESOURCES
;
916 for (i
= 0; i
< TranslatedSidsEx2
.Entries
; i
++)
918 TranslatedSids
->Sids
[i
].Use
= TranslatedSidsEx2
.Sids
[i
].Use
;
919 TranslatedSids
->Sids
[i
].RelativeId
= LsapGetRelativeIdFromSid(TranslatedSidsEx2
.Sids
[i
].Sid
);
920 TranslatedSids
->Sids
[i
].DomainIndex
= TranslatedSidsEx2
.Sids
[i
].DomainIndex
;
923 MIDL_user_free(TranslatedSidsEx2
.Sids
);
925 return STATUS_SUCCESS
;
930 NTSTATUS WINAPI
LsarLookupSids(
931 LSAPR_HANDLE PolicyHandle
,
932 PLSAPR_SID_ENUM_BUFFER SidEnumBuffer
,
933 PLSAPR_REFERENCED_DOMAIN_LIST
*ReferencedDomains
,
934 PLSAPR_TRANSLATED_NAMES TranslatedNames
,
935 LSAP_LOOKUP_LEVEL LookupLevel
,
938 LSAPR_TRANSLATED_NAMES_EX TranslatedNamesEx
;
942 TRACE("(%p %p %p %p %d %p)\n",
943 PolicyHandle
, SidEnumBuffer
, ReferencedDomains
, TranslatedNames
,
944 LookupLevel
, MappedCount
);
946 /* FIXME: Fail, if there is an invalid SID in the SidEnumBuffer */
948 TranslatedNames
->Entries
= SidEnumBuffer
->Entries
;
949 TranslatedNames
->Names
= NULL
;
950 *ReferencedDomains
= NULL
;
952 TranslatedNamesEx
.Entries
= SidEnumBuffer
->Entries
;
953 TranslatedNamesEx
.Names
= NULL
;
955 Status
= LsapLookupSids(SidEnumBuffer
,
962 if (!NT_SUCCESS(Status
))
965 TranslatedNames
->Entries
= SidEnumBuffer
->Entries
;
966 TranslatedNames
->Names
= MIDL_user_allocate(SidEnumBuffer
->Entries
* sizeof(LSAPR_TRANSLATED_NAME
));
967 if (TranslatedNames
->Names
== NULL
)
969 MIDL_user_free(TranslatedNamesEx
.Names
);
970 MIDL_user_free(*ReferencedDomains
);
971 *ReferencedDomains
= NULL
;
972 return STATUS_INSUFFICIENT_RESOURCES
;
975 for (i
= 0; i
< TranslatedNamesEx
.Entries
; i
++)
977 TranslatedNames
->Names
[i
].Use
= TranslatedNamesEx
.Names
[i
].Use
;
978 TranslatedNames
->Names
[i
].Name
.Length
= TranslatedNamesEx
.Names
[i
].Name
.Length
;
979 TranslatedNames
->Names
[i
].Name
.MaximumLength
= TranslatedNamesEx
.Names
[i
].Name
.MaximumLength
;
980 TranslatedNames
->Names
[i
].Name
.Buffer
= TranslatedNamesEx
.Names
[i
].Name
.Buffer
;
981 TranslatedNames
->Names
[i
].DomainIndex
= TranslatedNamesEx
.Names
[i
].DomainIndex
;
984 MIDL_user_free(TranslatedNamesEx
.Names
);
991 NTSTATUS WINAPI
LsarCreateSecret(
992 LSAPR_HANDLE PolicyHandle
,
993 PRPC_UNICODE_STRING SecretName
,
994 ACCESS_MASK DesiredAccess
,
995 LSAPR_HANDLE
*SecretHandle
)
997 PLSA_DB_OBJECT PolicyObject
;
998 PLSA_DB_OBJECT SecretObject
= NULL
;
1000 PSECURITY_DESCRIPTOR SecretSd
= NULL
;
1002 NTSTATUS Status
= STATUS_SUCCESS
;
1004 /* Validate the PolicyHandle */
1005 Status
= LsapValidateDbObject(PolicyHandle
,
1007 POLICY_CREATE_SECRET
,
1009 if (!NT_SUCCESS(Status
))
1011 ERR("LsapValidateDbObject returned 0x%08lx\n", Status
);
1015 /* Get the current time */
1016 Status
= NtQuerySystemTime(&Time
);
1017 if (!NT_SUCCESS(Status
))
1019 ERR("NtQuerySystemTime failed (Status 0x%08lx)\n", Status
);
1023 /* Create a security descriptor for the secret */
1024 Status
= LsapCreateSecretSd(&SecretSd
,
1026 if (!NT_SUCCESS(Status
))
1028 ERR("LsapCreateAccountSd returned 0x%08lx\n", Status
);
1032 /* Create the Secret object */
1033 Status
= LsapCreateDbObject(PolicyObject
,
1038 PolicyObject
->Trusted
,
1040 if (!NT_SUCCESS(Status
))
1042 ERR("LsapCreateDbObject failed (Status 0x%08lx)\n", Status
);
1046 /* Set the CurrentTime attribute */
1047 Status
= LsapSetObjectAttribute(SecretObject
,
1050 sizeof(LARGE_INTEGER
));
1051 if (!NT_SUCCESS(Status
))
1053 ERR("LsapSetObjectAttribute (CurrentTime) failed (Status 0x%08lx)\n", Status
);
1057 /* Set the OldTime attribute */
1058 Status
= LsapSetObjectAttribute(SecretObject
,
1061 sizeof(LARGE_INTEGER
));
1062 if (!NT_SUCCESS(Status
))
1064 ERR("LsapSetObjectAttribute (OldTime) failed (Status 0x%08lx)\n", Status
);
1068 /* Set the SecDesc attribute */
1069 Status
= LsapSetObjectAttribute(SecretObject
,
1075 if (SecretSd
!= NULL
)
1076 RtlFreeHeap(RtlGetProcessHeap(), 0, SecretSd
);
1078 if (!NT_SUCCESS(Status
))
1080 if (SecretObject
!= NULL
)
1081 LsapCloseDbObject(SecretObject
);
1085 *SecretHandle
= (LSAPR_HANDLE
)SecretObject
;
1088 return STATUS_SUCCESS
;
1093 NTSTATUS WINAPI
LsarOpenAccount(
1094 LSAPR_HANDLE PolicyHandle
,
1095 PRPC_SID AccountSid
,
1096 ACCESS_MASK DesiredAccess
,
1097 LSAPR_HANDLE
*AccountHandle
)
1099 PLSA_DB_OBJECT PolicyObject
;
1100 PLSA_DB_OBJECT AccountObject
= NULL
;
1101 LPWSTR SidString
= NULL
;
1102 NTSTATUS Status
= STATUS_SUCCESS
;
1104 /* Validate the AccountSid */
1105 if (!RtlValidSid(AccountSid
))
1106 return STATUS_INVALID_PARAMETER
;
1108 /* Validate the PolicyHandle */
1109 Status
= LsapValidateDbObject(PolicyHandle
,
1113 if (!NT_SUCCESS(Status
))
1115 ERR("LsapValidateDbObject returned 0x%08lx\n", Status
);
1119 /* Create SID string */
1120 if (!ConvertSidToStringSid((PSID
)AccountSid
,
1123 ERR("ConvertSidToStringSid failed\n");
1124 Status
= STATUS_INVALID_PARAMETER
;
1128 /* Create the Account object */
1129 Status
= LsapOpenDbObject(PolicyObject
,
1134 PolicyObject
->Trusted
,
1136 if (!NT_SUCCESS(Status
))
1138 ERR("LsapOpenDbObject failed (Status 0x%08lx)\n", Status
);
1142 /* Set the Sid attribute */
1143 Status
= LsapSetObjectAttribute(AccountObject
,
1146 GetLengthSid(AccountSid
));
1149 if (SidString
!= NULL
)
1150 LocalFree(SidString
);
1152 if (!NT_SUCCESS(Status
))
1154 if (AccountObject
!= NULL
)
1155 LsapCloseDbObject(AccountObject
);
1159 *AccountHandle
= (LSAPR_HANDLE
)AccountObject
;
1167 NTSTATUS WINAPI
LsarEnumeratePrivilegesAccount(
1168 LSAPR_HANDLE AccountHandle
,
1169 PLSAPR_PRIVILEGE_SET
*Privileges
)
1171 PLSA_DB_OBJECT AccountObject
;
1172 ULONG PrivilegeSetSize
= 0;
1173 PLSAPR_PRIVILEGE_SET PrivilegeSet
= NULL
;
1178 /* Validate the AccountHandle */
1179 Status
= LsapValidateDbObject(AccountHandle
,
1183 if (!NT_SUCCESS(Status
))
1185 ERR("LsapValidateDbObject returned 0x%08lx\n", Status
);
1189 /* Get the size of the privilege set */
1190 Status
= LsapGetObjectAttribute(AccountObject
,
1194 if (!NT_SUCCESS(Status
))
1197 /* Allocate a buffer for the privilege set */
1198 PrivilegeSet
= MIDL_user_allocate(PrivilegeSetSize
);
1199 if (PrivilegeSet
== NULL
)
1200 return STATUS_NO_MEMORY
;
1202 /* Get the privilege set */
1203 Status
= LsapGetObjectAttribute(AccountObject
,
1207 if (!NT_SUCCESS(Status
))
1209 MIDL_user_free(PrivilegeSet
);
1213 /* Return a pointer to the privilege set */
1214 *Privileges
= PrivilegeSet
;
1216 return STATUS_SUCCESS
;
1221 NTSTATUS WINAPI
LsarAddPrivilegesToAccount(
1222 LSAPR_HANDLE AccountHandle
,
1223 PLSAPR_PRIVILEGE_SET Privileges
)
1225 PLSA_DB_OBJECT AccountObject
;
1226 PPRIVILEGE_SET CurrentPrivileges
= NULL
;
1227 PPRIVILEGE_SET NewPrivileges
= NULL
;
1228 ULONG PrivilegeSetSize
= 0;
1229 ULONG PrivilegeCount
;
1234 /* Validate the AccountHandle */
1235 Status
= LsapValidateDbObject(AccountHandle
,
1237 ACCOUNT_ADJUST_PRIVILEGES
,
1239 if (!NT_SUCCESS(Status
))
1241 ERR("LsapValidateDbObject returned 0x%08lx\n", Status
);
1245 /* Get the size of the Privilgs attribute */
1246 Status
= LsapGetObjectAttribute(AccountObject
,
1250 if (!NT_SUCCESS(Status
) || PrivilegeSetSize
== 0)
1252 /* The Privilgs attribute does not exist */
1254 PrivilegeSetSize
= sizeof(PRIVILEGE_SET
) +
1255 (Privileges
->PrivilegeCount
- 1) * sizeof(LUID_AND_ATTRIBUTES
);
1256 Status
= LsapSetObjectAttribute(AccountObject
,
1263 /* The Privilgs attribute exists */
1265 /* Allocate memory for the stored privilege set */
1266 CurrentPrivileges
= MIDL_user_allocate(PrivilegeSetSize
);
1267 if (CurrentPrivileges
== NULL
)
1268 return STATUS_NO_MEMORY
;
1270 /* Get the current privilege set */
1271 Status
= LsapGetObjectAttribute(AccountObject
,
1275 if (!NT_SUCCESS(Status
))
1277 TRACE("LsapGetObjectAttribute() failed (Status 0x%08lx)\n", Status
);
1281 PrivilegeCount
= CurrentPrivileges
->PrivilegeCount
;
1282 TRACE("Current privilege count: %lu\n", PrivilegeCount
);
1284 /* Calculate the number privileges in the combined privilege set */
1285 for (i
= 0; i
< Privileges
->PrivilegeCount
; i
++)
1288 for (j
= 0; j
< CurrentPrivileges
->PrivilegeCount
; j
++)
1290 if (RtlEqualLuid(&(Privileges
->Privilege
[i
].Luid
),
1291 &(CurrentPrivileges
->Privilege
[i
].Luid
)))
1298 if (bFound
== FALSE
)
1300 TRACE("Found new privilege\n");
1304 TRACE("New privilege count: %lu\n", PrivilegeCount
);
1306 /* Calculate the size of the new privilege set and allocate it */
1307 PrivilegeSetSize
= sizeof(PRIVILEGE_SET
) +
1308 (PrivilegeCount
- 1) * sizeof(LUID_AND_ATTRIBUTES
);
1309 NewPrivileges
= MIDL_user_allocate(PrivilegeSetSize
);
1310 if (NewPrivileges
== NULL
)
1312 Status
= STATUS_NO_MEMORY
;
1316 /* Initialize the new privilege set */
1317 NewPrivileges
->PrivilegeCount
= PrivilegeCount
;
1318 NewPrivileges
->Control
= 0;
1320 /* Copy all privileges from the current privilege set */
1321 RtlCopyLuidAndAttributesArray(CurrentPrivileges
->PrivilegeCount
,
1322 &(CurrentPrivileges
->Privilege
[0]),
1323 &(NewPrivileges
->Privilege
[0]));
1325 /* Add new privileges to the new privilege set */
1326 PrivilegeCount
= CurrentPrivileges
->PrivilegeCount
;
1327 for (i
= 0; i
< Privileges
->PrivilegeCount
; i
++)
1330 for (j
= 0; j
< CurrentPrivileges
->PrivilegeCount
; j
++)
1332 if (RtlEqualLuid(&(Privileges
->Privilege
[i
].Luid
),
1333 &(CurrentPrivileges
->Privilege
[i
].Luid
)))
1335 /* Overwrite attributes if a matching privilege was found */
1336 NewPrivileges
->Privilege
[j
].Attributes
= Privileges
->Privilege
[i
].Attributes
;
1343 if (bFound
== FALSE
)
1345 /* Copy the new privilege */
1346 RtlCopyLuidAndAttributesArray(1,
1347 (PLUID_AND_ATTRIBUTES
)&(Privileges
->Privilege
[i
]),
1348 &(NewPrivileges
->Privilege
[PrivilegeCount
]));
1353 /* Set the new privilege set */
1354 Status
= LsapSetObjectAttribute(AccountObject
,
1361 if (CurrentPrivileges
!= NULL
)
1362 MIDL_user_free(CurrentPrivileges
);
1364 if (NewPrivileges
!= NULL
)
1365 MIDL_user_free(NewPrivileges
);
1372 NTSTATUS WINAPI
LsarRemovePrivilegesFromAccount(
1373 LSAPR_HANDLE AccountHandle
,
1375 PLSAPR_PRIVILEGE_SET Privileges
)
1377 PLSA_DB_OBJECT AccountObject
;
1378 PPRIVILEGE_SET CurrentPrivileges
= NULL
;
1379 PPRIVILEGE_SET NewPrivileges
= NULL
;
1380 ULONG PrivilegeSetSize
= 0;
1381 ULONG PrivilegeCount
;
1386 TRACE("(%p %u %p)\n", AccountHandle
, AllPrivileges
, Privileges
);
1389 if ((AllPrivileges
== FALSE
&& Privileges
== NULL
) ||
1390 (AllPrivileges
== TRUE
&& Privileges
!= NULL
))
1391 return STATUS_INVALID_PARAMETER
;
1393 /* Validate the AccountHandle */
1394 Status
= LsapValidateDbObject(AccountHandle
,
1396 ACCOUNT_ADJUST_PRIVILEGES
,
1398 if (!NT_SUCCESS(Status
))
1400 ERR("LsapValidateDbObject returned 0x%08lx\n", Status
);
1404 if (AllPrivileges
== TRUE
)
1406 /* Delete the Privilgs attribute */
1407 Status
= LsapDeleteObjectAttribute(AccountObject
,
1409 if (Status
== STATUS_OBJECT_NAME_NOT_FOUND
)
1410 Status
= STATUS_SUCCESS
;
1414 /* Get the size of the Privilgs attribute */
1415 Status
= LsapGetObjectAttribute(AccountObject
,
1419 if (!NT_SUCCESS(Status
))
1422 /* Succeed, if there is no privilege set to remove privileges from */
1423 if (PrivilegeSetSize
== 0)
1425 Status
= STATUS_SUCCESS
;
1429 /* Allocate memory for the stored privilege set */
1430 CurrentPrivileges
= MIDL_user_allocate(PrivilegeSetSize
);
1431 if (CurrentPrivileges
== NULL
)
1432 return STATUS_NO_MEMORY
;
1434 /* Get the current privilege set */
1435 Status
= LsapGetObjectAttribute(AccountObject
,
1439 if (!NT_SUCCESS(Status
))
1441 TRACE("LsapGetObjectAttribute() failed (Status 0x%08lx)\n", Status
);
1445 PrivilegeCount
= CurrentPrivileges
->PrivilegeCount
;
1446 TRACE("Current privilege count: %lu\n", PrivilegeCount
);
1448 /* Calculate the number of privileges in the new privilege set */
1449 for (i
= 0; i
< CurrentPrivileges
->PrivilegeCount
; i
++)
1451 for (j
= 0; j
< Privileges
->PrivilegeCount
; j
++)
1453 if (RtlEqualLuid(&(CurrentPrivileges
->Privilege
[i
].Luid
),
1454 &(Privileges
->Privilege
[j
].Luid
)))
1456 if (PrivilegeCount
> 0)
1461 TRACE("New privilege count: %lu\n", PrivilegeCount
);
1463 if (PrivilegeCount
== 0)
1465 /* Delete the Privilgs attribute */
1466 Status
= LsapDeleteObjectAttribute(AccountObject
,
1468 if (Status
== STATUS_OBJECT_NAME_NOT_FOUND
)
1469 Status
= STATUS_SUCCESS
;
1473 /* Calculate the size of the new privilege set and allocate it */
1474 PrivilegeSetSize
= sizeof(PRIVILEGE_SET
) +
1475 (PrivilegeCount
- 1) * sizeof(LUID_AND_ATTRIBUTES
);
1476 NewPrivileges
= MIDL_user_allocate(PrivilegeSetSize
);
1477 if (NewPrivileges
== NULL
)
1479 Status
= STATUS_NO_MEMORY
;
1483 /* Initialize the new privilege set */
1484 NewPrivileges
->PrivilegeCount
= PrivilegeCount
;
1485 NewPrivileges
->Control
= 0;
1487 /* Copy the privileges which are not to be removed */
1488 for (i
= 0, k
= 0; i
< CurrentPrivileges
->PrivilegeCount
; i
++)
1491 for (j
= 0; j
< Privileges
->PrivilegeCount
; j
++)
1493 if (RtlEqualLuid(&(CurrentPrivileges
->Privilege
[i
].Luid
),
1494 &(Privileges
->Privilege
[j
].Luid
)))
1498 if (bFound
== FALSE
)
1500 /* Copy the privilege */
1501 RtlCopyLuidAndAttributesArray(1,
1502 &(CurrentPrivileges
->Privilege
[i
]),
1503 &(NewPrivileges
->Privilege
[k
]));
1508 /* Set the new privilege set */
1509 Status
= LsapSetObjectAttribute(AccountObject
,
1517 if (CurrentPrivileges
!= NULL
)
1518 MIDL_user_free(CurrentPrivileges
);
1520 if (NewPrivileges
!= NULL
)
1521 MIDL_user_free(NewPrivileges
);
1528 NTSTATUS WINAPI
LsarGetQuotasForAccount(
1529 LSAPR_HANDLE AccountHandle
,
1530 PQUOTA_LIMITS QuotaLimits
)
1532 PLSA_DB_OBJECT AccountObject
;
1536 TRACE("(%p %p)\n", AccountHandle
, QuotaLimits
);
1538 /* Validate the account handle */
1539 Status
= LsapValidateDbObject(AccountHandle
,
1543 if (!NT_SUCCESS(Status
))
1545 ERR("Invalid handle (Status %lx)\n", Status
);
1549 /* Get the quota attribute */
1550 Status
= LsapGetObjectAttribute(AccountObject
,
1560 NTSTATUS WINAPI
LsarSetQuotasForAccount(
1561 LSAPR_HANDLE AccountHandle
,
1562 PQUOTA_LIMITS QuotaLimits
)
1564 PLSA_DB_OBJECT AccountObject
;
1565 QUOTA_LIMITS InternalQuotaLimits
;
1569 TRACE("(%p %p)\n", AccountHandle
, QuotaLimits
);
1571 /* Validate the account handle */
1572 Status
= LsapValidateDbObject(AccountHandle
,
1574 ACCOUNT_ADJUST_QUOTAS
,
1576 if (!NT_SUCCESS(Status
))
1578 ERR("Invalid handle (Status %lx)\n", Status
);
1582 /* Get the quota limits attribute */
1583 Size
= sizeof(QUOTA_LIMITS
);
1584 Status
= LsapGetObjectAttribute(AccountObject
,
1586 &InternalQuotaLimits
,
1588 if (!NT_SUCCESS(Status
))
1590 TRACE("LsapGetObjectAttribute() failed (Status 0x%08lx)\n", Status
);
1594 /* Update the quota limits */
1595 if (QuotaLimits
->PagedPoolLimit
!= 0)
1596 InternalQuotaLimits
.PagedPoolLimit
= QuotaLimits
->PagedPoolLimit
;
1598 if (QuotaLimits
->NonPagedPoolLimit
!= 0)
1599 InternalQuotaLimits
.NonPagedPoolLimit
= QuotaLimits
->NonPagedPoolLimit
;
1601 if (QuotaLimits
->MinimumWorkingSetSize
!= 0)
1602 InternalQuotaLimits
.MinimumWorkingSetSize
= QuotaLimits
->MinimumWorkingSetSize
;
1604 if (QuotaLimits
->MaximumWorkingSetSize
!= 0)
1605 InternalQuotaLimits
.MaximumWorkingSetSize
= QuotaLimits
->MaximumWorkingSetSize
;
1607 if (QuotaLimits
->PagefileLimit
!= 0)
1608 InternalQuotaLimits
.PagefileLimit
= QuotaLimits
->PagefileLimit
;
1610 /* Set the quota limits attribute */
1611 Status
= LsapSetObjectAttribute(AccountObject
,
1613 &InternalQuotaLimits
,
1614 sizeof(QUOTA_LIMITS
));
1621 NTSTATUS WINAPI
LsarGetSystemAccessAccount(
1622 LSAPR_HANDLE AccountHandle
,
1623 ACCESS_MASK
*SystemAccess
)
1625 PLSA_DB_OBJECT AccountObject
;
1629 /* Validate the account handle */
1630 Status
= LsapValidateDbObject(AccountHandle
,
1634 if (!NT_SUCCESS(Status
))
1636 ERR("Invalid handle (Status %lx)\n", Status
);
1640 /* Get the system access flags */
1641 Status
= LsapGetObjectAttribute(AccountObject
,
1651 NTSTATUS WINAPI
LsarSetSystemAccessAccount(
1652 LSAPR_HANDLE AccountHandle
,
1653 ACCESS_MASK SystemAccess
)
1655 PLSA_DB_OBJECT AccountObject
;
1658 /* Validate the account handle */
1659 Status
= LsapValidateDbObject(AccountHandle
,
1661 ACCOUNT_ADJUST_SYSTEM_ACCESS
,
1663 if (!NT_SUCCESS(Status
))
1665 ERR("Invalid handle (Status %lx)\n", Status
);
1669 /* Set the system access flags */
1670 Status
= LsapSetObjectAttribute(AccountObject
,
1673 sizeof(ACCESS_MASK
));
1680 NTSTATUS WINAPI
LsarOpenTrustedDomain(
1681 LSAPR_HANDLE PolicyHandle
,
1682 PRPC_SID TrustedDomainSid
,
1683 ACCESS_MASK DesiredAccess
,
1684 LSAPR_HANDLE
*TrustedDomainHandle
)
1687 return STATUS_NOT_IMPLEMENTED
;
1692 NTSTATUS WINAPI
LsarQueryInfoTrustedDomain(
1693 LSAPR_HANDLE TrustedDomainHandle
,
1694 TRUSTED_INFORMATION_CLASS InformationClass
,
1695 PLSAPR_TRUSTED_DOMAIN_INFO
*TrustedDomainInformation
)
1698 return STATUS_NOT_IMPLEMENTED
;
1703 NTSTATUS WINAPI
LsarSetInformationTrustedDomain(
1704 LSAPR_HANDLE TrustedDomainHandle
,
1705 TRUSTED_INFORMATION_CLASS InformationClass
,
1706 PLSAPR_TRUSTED_DOMAIN_INFO TrustedDomainInformation
)
1709 return STATUS_NOT_IMPLEMENTED
;
1714 NTSTATUS WINAPI
LsarOpenSecret(
1715 LSAPR_HANDLE PolicyHandle
,
1716 PRPC_UNICODE_STRING SecretName
,
1717 ACCESS_MASK DesiredAccess
,
1718 LSAPR_HANDLE
*SecretHandle
)
1720 PLSA_DB_OBJECT PolicyObject
;
1721 PLSA_DB_OBJECT SecretObject
= NULL
;
1722 NTSTATUS Status
= STATUS_SUCCESS
;
1724 /* Validate the PolicyHandle */
1725 Status
= LsapValidateDbObject(PolicyHandle
,
1729 if (!NT_SUCCESS(Status
))
1731 ERR("LsapValidateDbObject returned 0x%08lx\n", Status
);
1735 /* Create the secret object */
1736 Status
= LsapOpenDbObject(PolicyObject
,
1741 PolicyObject
->Trusted
,
1743 if (!NT_SUCCESS(Status
))
1745 ERR("LsapOpenDbObject failed (Status 0x%08lx)\n", Status
);
1750 if (!NT_SUCCESS(Status
))
1752 if (SecretObject
!= NULL
)
1753 LsapCloseDbObject(SecretObject
);
1757 *SecretHandle
= (LSAPR_HANDLE
)SecretObject
;
1765 NTSTATUS WINAPI
LsarSetSecret(
1766 LSAPR_HANDLE SecretHandle
,
1767 PLSAPR_CR_CIPHER_VALUE EncryptedCurrentValue
,
1768 PLSAPR_CR_CIPHER_VALUE EncryptedOldValue
)
1770 PLSA_DB_OBJECT SecretObject
;
1771 PBYTE CurrentValue
= NULL
;
1772 PBYTE OldValue
= NULL
;
1773 ULONG CurrentValueLength
= 0;
1774 ULONG OldValueLength
= 0;
1778 TRACE("LsarSetSecret(%p %p %p)\n", SecretHandle
,
1779 EncryptedCurrentValue
, EncryptedOldValue
);
1781 /* Validate the SecretHandle */
1782 Status
= LsapValidateDbObject(SecretHandle
,
1786 if (!NT_SUCCESS(Status
))
1788 ERR("LsapValidateDbObject returned 0x%08lx\n", Status
);
1792 if (EncryptedCurrentValue
!= NULL
)
1794 /* FIXME: Decrypt the current value */
1795 CurrentValue
= EncryptedCurrentValue
->Buffer
;
1796 CurrentValueLength
= EncryptedCurrentValue
->MaximumLength
;
1799 /* Set the current value */
1800 Status
= LsapSetObjectAttribute(SecretObject
,
1803 CurrentValueLength
);
1804 if (!NT_SUCCESS(Status
))
1806 ERR("LsapSetObjectAttribute failed (Status 0x%08lx)\n", Status
);
1810 /* Get the current time */
1811 Status
= NtQuerySystemTime(&Time
);
1812 if (!NT_SUCCESS(Status
))
1814 ERR("NtQuerySystemTime failed (Status 0x%08lx)\n", Status
);
1818 /* Set the current time */
1819 Status
= LsapSetObjectAttribute(SecretObject
,
1822 sizeof(LARGE_INTEGER
));
1823 if (!NT_SUCCESS(Status
))
1825 ERR("LsapSetObjectAttribute failed (Status 0x%08lx)\n", Status
);
1829 if (EncryptedOldValue
!= NULL
)
1831 /* FIXME: Decrypt the old value */
1832 OldValue
= EncryptedOldValue
->Buffer
;
1833 OldValueLength
= EncryptedOldValue
->MaximumLength
;
1836 /* Set the old value */
1837 Status
= LsapSetObjectAttribute(SecretObject
,
1841 if (!NT_SUCCESS(Status
))
1843 ERR("LsapSetObjectAttribute failed (Status 0x%08lx)\n", Status
);
1847 /* Set the old time */
1848 Status
= LsapSetObjectAttribute(SecretObject
,
1851 sizeof(LARGE_INTEGER
));
1852 if (!NT_SUCCESS(Status
))
1854 ERR("LsapSetObjectAttribute failed (Status 0x%08lx)\n", Status
);
1863 NTSTATUS WINAPI
LsarQuerySecret(
1864 LSAPR_HANDLE SecretHandle
,
1865 PLSAPR_CR_CIPHER_VALUE
*EncryptedCurrentValue
,
1866 PLARGE_INTEGER CurrentValueSetTime
,
1867 PLSAPR_CR_CIPHER_VALUE
*EncryptedOldValue
,
1868 PLARGE_INTEGER OldValueSetTime
)
1870 PLSA_DB_OBJECT SecretObject
;
1871 PLSAPR_CR_CIPHER_VALUE EncCurrentValue
= NULL
;
1872 PLSAPR_CR_CIPHER_VALUE EncOldValue
= NULL
;
1873 PBYTE CurrentValue
= NULL
;
1874 PBYTE OldValue
= NULL
;
1875 ULONG CurrentValueLength
= 0;
1876 ULONG OldValueLength
= 0;
1880 TRACE("LsarQuerySecret(%p %p %p %p %p)\n", SecretHandle
,
1881 EncryptedCurrentValue
, CurrentValueSetTime
,
1882 EncryptedOldValue
, OldValueSetTime
);
1884 /* Validate the SecretHandle */
1885 Status
= LsapValidateDbObject(SecretHandle
,
1889 if (!NT_SUCCESS(Status
))
1891 ERR("LsapValidateDbObject returned 0x%08lx\n", Status
);
1895 if (EncryptedCurrentValue
!= NULL
)
1897 CurrentValueLength
= 0;
1899 /* Get the size of the current value */
1900 Status
= LsapGetObjectAttribute(SecretObject
,
1903 &CurrentValueLength
);
1904 if (!NT_SUCCESS(Status
))
1907 /* Allocate a buffer for the current value */
1908 CurrentValue
= midl_user_allocate(CurrentValueLength
);
1909 if (CurrentValue
== NULL
)
1911 Status
= STATUS_INSUFFICIENT_RESOURCES
;
1915 /* Get the current value */
1916 Status
= LsapGetObjectAttribute(SecretObject
,
1919 &CurrentValueLength
);
1920 if (!NT_SUCCESS(Status
))
1923 /* Allocate a buffer for the encrypted current value */
1924 EncCurrentValue
= midl_user_allocate(sizeof(LSAPR_CR_CIPHER_VALUE
));
1925 if (EncCurrentValue
== NULL
)
1927 Status
= STATUS_INSUFFICIENT_RESOURCES
;
1931 /* FIXME: Encrypt the current value */
1932 EncCurrentValue
->Length
= (USHORT
)(CurrentValueLength
- sizeof(WCHAR
));
1933 EncCurrentValue
->MaximumLength
= (USHORT
)CurrentValueLength
;
1934 EncCurrentValue
->Buffer
= (PBYTE
)CurrentValue
;
1937 if (CurrentValueSetTime
!= NULL
)
1939 BufferSize
= sizeof(LARGE_INTEGER
);
1941 /* Get the current value time */
1942 Status
= LsapGetObjectAttribute(SecretObject
,
1944 (PBYTE
)CurrentValueSetTime
,
1946 if (!NT_SUCCESS(Status
))
1950 if (EncryptedOldValue
!= NULL
)
1954 /* Get the size of the old value */
1955 Status
= LsapGetObjectAttribute(SecretObject
,
1959 if (!NT_SUCCESS(Status
))
1962 /* Allocate a buffer for the old value */
1963 OldValue
= midl_user_allocate(OldValueLength
);
1964 if (OldValue
== NULL
)
1966 Status
= STATUS_INSUFFICIENT_RESOURCES
;
1970 /* Get the old value */
1971 Status
= LsapGetObjectAttribute(SecretObject
,
1975 if (!NT_SUCCESS(Status
))
1978 /* Allocate a buffer for the encrypted old value */
1979 EncOldValue
= midl_user_allocate(sizeof(LSAPR_CR_CIPHER_VALUE
) + OldValueLength
);
1980 if (EncOldValue
== NULL
)
1982 Status
= STATUS_INSUFFICIENT_RESOURCES
;
1986 /* FIXME: Encrypt the old value */
1987 EncOldValue
->Length
= (USHORT
)(OldValueLength
- sizeof(WCHAR
));
1988 EncOldValue
->MaximumLength
= (USHORT
)OldValueLength
;
1989 EncOldValue
->Buffer
= (PBYTE
)OldValue
;
1992 if (OldValueSetTime
!= NULL
)
1994 BufferSize
= sizeof(LARGE_INTEGER
);
1996 /* Get the old value time */
1997 Status
= LsapGetObjectAttribute(SecretObject
,
1999 (PBYTE
)OldValueSetTime
,
2001 if (!NT_SUCCESS(Status
))
2007 if (NT_SUCCESS(Status
))
2009 if (EncryptedCurrentValue
!= NULL
)
2010 *EncryptedCurrentValue
= EncCurrentValue
;
2012 if (EncryptedOldValue
!= NULL
)
2013 *EncryptedOldValue
= EncOldValue
;
2017 if (EncryptedCurrentValue
!= NULL
)
2018 *EncryptedCurrentValue
= NULL
;
2020 if (EncryptedOldValue
!= NULL
)
2021 *EncryptedOldValue
= NULL
;
2023 if (EncCurrentValue
!= NULL
)
2024 midl_user_free(EncCurrentValue
);
2026 if (EncOldValue
!= NULL
)
2027 midl_user_free(EncOldValue
);
2029 if (CurrentValue
!= NULL
)
2030 midl_user_free(CurrentValue
);
2032 if (OldValue
!= NULL
)
2033 midl_user_free(OldValue
);
2036 TRACE("LsarQuerySecret done (Status 0x%08lx)\n", Status
);
2043 NTSTATUS WINAPI
LsarLookupPrivilegeValue(
2044 LSAPR_HANDLE PolicyHandle
,
2045 PRPC_UNICODE_STRING Name
,
2050 TRACE("LsarLookupPrivilegeValue(%p, %wZ, %p)\n",
2051 PolicyHandle
, Name
, Value
);
2053 Status
= LsapValidateDbObject(PolicyHandle
,
2055 POLICY_LOOKUP_NAMES
,
2057 if (!NT_SUCCESS(Status
))
2059 ERR("Invalid handle (Status %lx)\n", Status
);
2063 TRACE("Privilege: %wZ\n", Name
);
2065 Status
= LsarpLookupPrivilegeValue(Name
,
2073 NTSTATUS WINAPI
LsarLookupPrivilegeName(
2074 LSAPR_HANDLE PolicyHandle
,
2076 PRPC_UNICODE_STRING
*Name
)
2080 TRACE("LsarLookupPrivilegeName(%p, %p, %p)\n",
2081 PolicyHandle
, Value
, Name
);
2083 Status
= LsapValidateDbObject(PolicyHandle
,
2085 POLICY_LOOKUP_NAMES
,
2087 if (!NT_SUCCESS(Status
))
2089 ERR("Invalid handle\n");
2093 Status
= LsarpLookupPrivilegeName(Value
,
2101 NTSTATUS WINAPI
LsarLookupPrivilegeDisplayName(
2102 LSAPR_HANDLE PolicyHandle
,
2103 PRPC_UNICODE_STRING Name
,
2104 USHORT ClientLanguage
,
2105 USHORT ClientSystemDefaultLanguage
,
2106 PRPC_UNICODE_STRING
*DisplayName
,
2107 USHORT
*LanguageReturned
)
2111 TRACE("LsarLookupPrivilegeDisplayName(%p, %p, %u, %u, %p, %p)\n",
2112 PolicyHandle
, Name
, ClientLanguage
, ClientSystemDefaultLanguage
, DisplayName
, LanguageReturned
);
2114 Status
= LsapValidateDbObject(PolicyHandle
,
2116 POLICY_LOOKUP_NAMES
,
2118 if (!NT_SUCCESS(Status
))
2120 ERR("Invalid handle\n");
2124 Status
= LsarpLookupPrivilegeDisplayName(Name
,
2126 ClientSystemDefaultLanguage
,
2135 NTSTATUS WINAPI
LsarDeleteObject(
2136 LSAPR_HANDLE
*ObjectHandle
)
2138 PLSA_DB_OBJECT DbObject
;
2141 TRACE("(%p)\n", ObjectHandle
);
2143 if (ObjectHandle
== NULL
)
2144 return STATUS_INVALID_PARAMETER
;
2146 /* Validate the ObjectHandle */
2147 Status
= LsapValidateDbObject(*ObjectHandle
,
2151 if (!NT_SUCCESS(Status
))
2153 ERR("LsapValidateDbObject returned 0x%08lx\n", Status
);
2157 /* You cannot delete the policy object */
2158 if (DbObject
->ObjectType
== LsaDbPolicyObject
)
2159 return STATUS_INVALID_PARAMETER
;
2161 /* Delete the database object */
2162 Status
= LsapDeleteDbObject(DbObject
);
2163 if (!NT_SUCCESS(Status
))
2165 ERR("LsapDeleteDbObject returned 0x%08lx\n", Status
);
2169 /* Invalidate the object handle */
2170 *ObjectHandle
= NULL
;
2172 return STATUS_SUCCESS
;
2177 NTSTATUS WINAPI
LsarEnumerateAccountsWithUserRight(
2178 LSAPR_HANDLE PolicyHandle
,
2179 PRPC_UNICODE_STRING UserRight
,
2180 PLSAPR_ACCOUNT_ENUM_BUFFER EnumerationBuffer
)
2183 return STATUS_NOT_IMPLEMENTED
;
2188 NTSTATUS WINAPI
LsarEnumerateAccountRights(
2189 LSAPR_HANDLE PolicyHandle
,
2190 PRPC_SID AccountSid
,
2191 PLSAPR_USER_RIGHT_SET UserRights
)
2193 LSAPR_HANDLE AccountHandle
;
2194 PLSAPR_PRIVILEGE_SET PrivilegeSet
= NULL
;
2195 PRPC_UNICODE_STRING RightsBuffer
= NULL
;
2196 PRPC_UNICODE_STRING PrivilegeString
;
2197 ACCESS_MASK SystemAccess
;
2198 ULONG RightsCount
= 0;
2203 TRACE("LsarEnumerateAccountRights(%p %p %p)\n",
2204 PolicyHandle
, AccountSid
, UserRights
);
2206 /* Open the account */
2207 Status
= LsarOpenAccount(PolicyHandle
,
2211 if (!NT_SUCCESS(Status
))
2213 ERR("LsarOpenAccount returned 0x%08lx\n", Status
);
2217 /* Enumerate the privileges */
2218 Status
= LsarEnumeratePrivilegesAccount(AccountHandle
,
2220 if (!NT_SUCCESS(Status
))
2222 ERR("LsarEnumeratePrivilegesAccount returned 0x%08lx\n", Status
);
2226 /* Get account rights */
2227 Status
= LsarGetSystemAccessAccount(AccountHandle
,
2229 if (!NT_SUCCESS(Status
))
2231 ERR("LsarGetSystemAccessAccount returned 0x%08lx\n", Status
);
2235 RightsCount
= PrivilegeSet
->PrivilegeCount
;
2237 /* Count account rights */
2238 for (i
= 0; i
< sizeof(ACCESS_MASK
) * 8; i
++)
2240 if (SystemAccess
& (1 << i
))
2244 /* We are done if there are no rights to be enumerated */
2245 if (RightsCount
== 0)
2247 UserRights
->Entries
= 0;
2248 UserRights
->UserRights
= NULL
;
2249 Status
= STATUS_SUCCESS
;
2253 /* Allocate a buffer for the account rights */
2254 RightsBuffer
= MIDL_user_allocate(RightsCount
* sizeof(RPC_UNICODE_STRING
));
2255 if (RightsBuffer
== NULL
)
2257 Status
= STATUS_INSUFFICIENT_RESOURCES
;
2261 /* Copy the privileges into the buffer */
2263 for (i
= 0; i
< PrivilegeSet
->PrivilegeCount
; i
++)
2265 PrivilegeString
= NULL
;
2266 Status
= LsarLookupPrivilegeName(PolicyHandle
,
2267 (PLUID
)&PrivilegeSet
->Privilege
[i
].Luid
,
2269 if (!NT_SUCCESS(Status
))
2272 RightsBuffer
[i
].Length
= PrivilegeString
->Length
;
2273 RightsBuffer
[i
].MaximumLength
= PrivilegeString
->MaximumLength
;
2274 RightsBuffer
[i
].Buffer
= PrivilegeString
->Buffer
;
2276 MIDL_user_free(PrivilegeString
);
2280 /* Copy account rights into the buffer */
2281 for (i
= 0; i
< sizeof(ACCESS_MASK
) * 8; i
++)
2283 if (SystemAccess
& (1 << i
))
2285 Status
= LsapLookupAccountRightName(1 << i
,
2287 if (!NT_SUCCESS(Status
))
2290 RightsBuffer
[i
].Length
= PrivilegeString
->Length
;
2291 RightsBuffer
[i
].MaximumLength
= PrivilegeString
->MaximumLength
;
2292 RightsBuffer
[i
].Buffer
= PrivilegeString
->Buffer
;
2294 MIDL_user_free(PrivilegeString
);
2299 UserRights
->Entries
= RightsCount
;
2300 UserRights
->UserRights
= (PRPC_UNICODE_STRING
)RightsBuffer
;
2303 if (!NT_SUCCESS(Status
))
2305 if (RightsBuffer
!= NULL
)
2307 for (RightsIndex
= 0; RightsIndex
< RightsCount
; RightsIndex
++)
2309 if (RightsBuffer
[RightsIndex
].Buffer
!= NULL
)
2310 MIDL_user_free(RightsBuffer
[RightsIndex
].Buffer
);
2313 MIDL_user_free(RightsBuffer
);
2317 if (PrivilegeSet
!= NULL
)
2318 MIDL_user_free(PrivilegeSet
);
2320 LsarClose(&AccountHandle
);
2327 NTSTATUS WINAPI
LsarAddAccountRights(
2328 LSAPR_HANDLE PolicyHandle
,
2329 PRPC_SID AccountSid
,
2330 PLSAPR_USER_RIGHT_SET UserRights
)
2333 return STATUS_NOT_IMPLEMENTED
;
2338 NTSTATUS WINAPI
LsarRemoveAccountRights(
2339 LSAPR_HANDLE PolicyHandle
,
2340 PRPC_SID AccountSid
,
2342 PLSAPR_USER_RIGHT_SET UserRights
)
2345 return STATUS_NOT_IMPLEMENTED
;
2350 NTSTATUS WINAPI
LsarQueryTrustedDomainInfo(
2351 LSAPR_HANDLE PolicyHandle
,
2352 PRPC_SID TrustedDomainSid
,
2353 TRUSTED_INFORMATION_CLASS InformationClass
,
2354 PLSAPR_TRUSTED_DOMAIN_INFO
*TrustedDomainInformation
)
2357 return STATUS_NOT_IMPLEMENTED
;
2362 NTSTATUS WINAPI
LsarSetTrustedDomainInfo(
2363 LSAPR_HANDLE PolicyHandle
,
2364 PRPC_SID TrustedDomainSid
,
2365 TRUSTED_INFORMATION_CLASS InformationClass
,
2366 PLSAPR_TRUSTED_DOMAIN_INFO TrustedDomainInformation
)
2369 return STATUS_NOT_IMPLEMENTED
;
2374 NTSTATUS WINAPI
LsarDeleteTrustedDomain(
2375 LSAPR_HANDLE PolicyHandle
,
2376 PRPC_SID TrustedDomainSid
)
2379 return STATUS_NOT_IMPLEMENTED
;
2384 NTSTATUS WINAPI
LsarStorePrivateData(
2385 LSAPR_HANDLE PolicyHandle
,
2386 PRPC_UNICODE_STRING KeyName
,
2387 PLSAPR_CR_CIPHER_VALUE EncryptedData
)
2389 PLSA_DB_OBJECT PolicyObject
= NULL
;
2390 PLSA_DB_OBJECT SecretsObject
= NULL
;
2391 PLSA_DB_OBJECT SecretObject
= NULL
;
2394 ULONG ValueLength
= 0;
2397 TRACE("LsarStorePrivateData(%p %p %p)\n",
2398 PolicyHandle
, KeyName
, EncryptedData
);
2400 /* Validate the SecretHandle */
2401 Status
= LsapValidateDbObject(PolicyHandle
,
2403 POLICY_CREATE_SECRET
,
2405 if (!NT_SUCCESS(Status
))
2407 ERR("LsapValidateDbObject returned 0x%08lx\n", Status
);
2411 /* Open the 'Secrets' object */
2412 Status
= LsapOpenDbObject(PolicyObject
,
2417 PolicyObject
->Trusted
,
2419 if (!NT_SUCCESS(Status
))
2421 ERR("LsapOpenDbObject failed (Status 0x%08lx)\n", Status
);
2425 if (EncryptedData
== NULL
)
2427 /* Open the Secret object */
2428 Status
= LsapOpenDbObject(SecretsObject
,
2433 PolicyObject
->Trusted
,
2435 if (!NT_SUCCESS(Status
))
2437 ERR("LsapOpenDbObject failed (Status 0x%08lx)\n", Status
);
2441 /* Delete the secret */
2442 Status
= LsapDeleteDbObject(SecretObject
);
2443 if (NT_SUCCESS(Status
))
2444 SecretObject
= NULL
;
2448 /* Create the Secret object */
2449 Status
= LsapCreateDbObject(SecretsObject
,
2454 PolicyObject
->Trusted
,
2456 if (!NT_SUCCESS(Status
))
2458 ERR("LsapCreateDbObject failed (Status 0x%08lx)\n", Status
);
2462 /* FIXME: Decrypt data */
2463 Value
= EncryptedData
->Buffer
;
2464 ValueLength
= EncryptedData
->MaximumLength
;
2466 /* Get the current time */
2467 Status
= NtQuerySystemTime(&Time
);
2468 if (!NT_SUCCESS(Status
))
2470 ERR("NtQuerySystemTime failed (Status 0x%08lx)\n", Status
);
2474 /* Set the current value */
2475 Status
= LsapSetObjectAttribute(SecretObject
,
2479 if (!NT_SUCCESS(Status
))
2481 ERR("LsapSetObjectAttribute failed (Status 0x%08lx)\n", Status
);
2485 /* Set the current time */
2486 Status
= LsapSetObjectAttribute(SecretObject
,
2489 sizeof(LARGE_INTEGER
));
2490 if (!NT_SUCCESS(Status
))
2492 ERR("LsapSetObjectAttribute failed (Status 0x%08lx)\n", Status
);
2496 /* Get the current time */
2497 Status
= NtQuerySystemTime(&Time
);
2498 if (!NT_SUCCESS(Status
))
2500 ERR("NtQuerySystemTime failed (Status 0x%08lx)\n", Status
);
2504 /* Set the old value */
2505 Status
= LsapSetObjectAttribute(SecretObject
,
2509 if (!NT_SUCCESS(Status
))
2511 ERR("LsapSetObjectAttribute failed (Status 0x%08lx)\n", Status
);
2515 /* Set the old time */
2516 Status
= LsapSetObjectAttribute(SecretObject
,
2519 sizeof(LARGE_INTEGER
));
2520 if (!NT_SUCCESS(Status
))
2522 ERR("LsapSetObjectAttribute failed (Status 0x%08lx)\n", Status
);
2527 if (SecretObject
!= NULL
)
2528 LsapCloseDbObject(SecretObject
);
2530 if (SecretsObject
!= NULL
)
2531 LsapCloseDbObject(SecretsObject
);
2538 NTSTATUS WINAPI
LsarRetrievePrivateData(
2539 LSAPR_HANDLE PolicyHandle
,
2540 PRPC_UNICODE_STRING KeyName
,
2541 PLSAPR_CR_CIPHER_VALUE
*EncryptedData
)
2543 PLSA_DB_OBJECT PolicyObject
= NULL
;
2544 PLSA_DB_OBJECT SecretObject
= NULL
;
2545 PLSAPR_CR_CIPHER_VALUE EncCurrentValue
= NULL
;
2546 ULONG CurrentValueLength
= 0;
2547 PBYTE CurrentValue
= NULL
;
2550 /* Validate the SecretHandle */
2551 Status
= LsapValidateDbObject(PolicyHandle
,
2553 POLICY_CREATE_SECRET
,
2555 if (!NT_SUCCESS(Status
))
2557 ERR("LsapValidateDbObject returned 0x%08lx\n", Status
);
2561 /* Open the secret object */
2562 Status
= LsapOpenDbObject(PolicyObject
,
2567 PolicyObject
->Trusted
,
2569 if (!NT_SUCCESS(Status
))
2571 ERR("LsapOpenDbObject failed (Status 0x%08lx)\n", Status
);
2575 /* Get the size of the current value */
2576 Status
= LsapGetObjectAttribute(SecretObject
,
2579 &CurrentValueLength
);
2580 if (!NT_SUCCESS(Status
))
2583 /* Allocate a buffer for the current value */
2584 CurrentValue
= midl_user_allocate(CurrentValueLength
);
2585 if (CurrentValue
== NULL
)
2587 Status
= STATUS_INSUFFICIENT_RESOURCES
;
2591 /* Get the current value */
2592 Status
= LsapGetObjectAttribute(SecretObject
,
2595 &CurrentValueLength
);
2596 if (!NT_SUCCESS(Status
))
2599 /* Allocate a buffer for the encrypted current value */
2600 EncCurrentValue
= midl_user_allocate(sizeof(LSAPR_CR_CIPHER_VALUE
) + CurrentValueLength
);
2601 if (EncCurrentValue
== NULL
)
2603 Status
= STATUS_INSUFFICIENT_RESOURCES
;
2607 /* FIXME: Encrypt the current value */
2608 EncCurrentValue
->Length
= (USHORT
)(CurrentValueLength
- sizeof(WCHAR
));
2609 EncCurrentValue
->MaximumLength
= (USHORT
)CurrentValueLength
;
2610 EncCurrentValue
->Buffer
= (PBYTE
)(EncCurrentValue
+ 1);
2611 RtlCopyMemory(EncCurrentValue
->Buffer
,
2613 CurrentValueLength
);
2616 if (NT_SUCCESS(Status
))
2618 if (EncryptedData
!= NULL
)
2619 *EncryptedData
= EncCurrentValue
;
2623 if (EncryptedData
!= NULL
)
2624 *EncryptedData
= NULL
;
2626 if (EncCurrentValue
!= NULL
)
2627 midl_user_free(EncCurrentValue
);
2629 if (SecretObject
!= NULL
)
2630 LsapCloseDbObject(SecretObject
);
2638 NTSTATUS WINAPI
LsarOpenPolicy2(
2640 PLSAPR_OBJECT_ATTRIBUTES ObjectAttributes
,
2641 ACCESS_MASK DesiredAccess
,
2642 LSAPR_HANDLE
*PolicyHandle
)
2644 return LsarOpenPolicy(SystemName
,
2652 NTSTATUS WINAPI
LsarGetUserName(
2654 PRPC_UNICODE_STRING
*UserName
,
2655 PRPC_UNICODE_STRING
*DomainName
)
2658 return STATUS_NOT_IMPLEMENTED
;
2663 NTSTATUS WINAPI
LsarQueryInformationPolicy2(
2664 LSAPR_HANDLE PolicyHandle
,
2665 POLICY_INFORMATION_CLASS InformationClass
,
2666 PLSAPR_POLICY_INFORMATION
*PolicyInformation
)
2668 return LsarQueryInformationPolicy(PolicyHandle
,
2675 NTSTATUS WINAPI
LsarSetInformationPolicy2(
2676 LSAPR_HANDLE PolicyHandle
,
2677 POLICY_INFORMATION_CLASS InformationClass
,
2678 PLSAPR_POLICY_INFORMATION PolicyInformation
)
2680 return LsarSetInformationPolicy(PolicyHandle
,
2687 NTSTATUS WINAPI
LsarQueryTrustedDomainInfoByName(
2688 LSAPR_HANDLE PolicyHandle
,
2689 PRPC_UNICODE_STRING TrustedDomainName
,
2690 POLICY_INFORMATION_CLASS InformationClass
,
2691 PLSAPR_TRUSTED_DOMAIN_INFO
*PolicyInformation
)
2694 return STATUS_NOT_IMPLEMENTED
;
2699 NTSTATUS WINAPI
LsarSetTrustedDomainInfoByName(
2700 LSAPR_HANDLE PolicyHandle
,
2701 PRPC_UNICODE_STRING TrustedDomainName
,
2702 POLICY_INFORMATION_CLASS InformationClass
,
2703 PLSAPR_TRUSTED_DOMAIN_INFO PolicyInformation
)
2706 return STATUS_NOT_IMPLEMENTED
;
2711 NTSTATUS WINAPI
LsarEnumerateTrustedDomainsEx(
2712 LSAPR_HANDLE PolicyHandle
,
2713 DWORD
*EnumerationContext
,
2714 PLSAPR_TRUSTED_ENUM_BUFFER_EX EnumerationBuffer
,
2715 DWORD PreferedMaximumLength
)
2718 return STATUS_NOT_IMPLEMENTED
;
2723 NTSTATUS WINAPI
LsarCreateTrustedDomainEx(
2724 LSAPR_HANDLE PolicyHandle
,
2725 PLSAPR_TRUSTED_DOMAIN_INFORMATION_EX TrustedDomainInformation
,
2726 PLSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION AuthentificationInformation
,
2727 ACCESS_MASK DesiredAccess
,
2728 LSAPR_HANDLE
*TrustedDomainHandle
)
2731 return STATUS_NOT_IMPLEMENTED
;
2736 NTSTATUS WINAPI
LsarSetPolicyReplicationHandle(
2737 PLSAPR_HANDLE PolicyHandle
)
2740 return STATUS_NOT_IMPLEMENTED
;
2745 NTSTATUS WINAPI
LsarQueryDomainInformationPolicy(
2746 LSAPR_HANDLE PolicyHandle
,
2747 POLICY_INFORMATION_CLASS InformationClass
,
2748 PLSAPR_POLICY_DOMAIN_INFORMATION
*PolicyInformation
)
2751 return STATUS_NOT_IMPLEMENTED
;
2756 NTSTATUS WINAPI
LsarSetDomainInformationPolicy(
2757 LSAPR_HANDLE PolicyHandle
,
2758 POLICY_INFORMATION_CLASS InformationClass
,
2759 PLSAPR_POLICY_DOMAIN_INFORMATION PolicyInformation
)
2762 return STATUS_NOT_IMPLEMENTED
;
2767 NTSTATUS WINAPI
LsarOpenTrustedDomainByName(
2768 LSAPR_HANDLE PolicyHandle
,
2769 PRPC_UNICODE_STRING TrustedDomainName
,
2770 ACCESS_MASK DesiredAccess
,
2771 LSAPR_HANDLE
*TrustedDomainHandle
)
2774 return STATUS_NOT_IMPLEMENTED
;
2779 NTSTATUS WINAPI
LsarTestCall(
2783 return STATUS_NOT_IMPLEMENTED
;
2788 NTSTATUS WINAPI
LsarLookupSids2(
2789 LSAPR_HANDLE PolicyHandle
,
2790 PLSAPR_SID_ENUM_BUFFER SidEnumBuffer
,
2791 PLSAPR_REFERENCED_DOMAIN_LIST
*ReferencedDomains
,
2792 PLSAPR_TRANSLATED_NAMES_EX TranslatedNames
,
2793 LSAP_LOOKUP_LEVEL LookupLevel
,
2795 DWORD LookupOptions
,
2796 DWORD ClientRevision
)
2800 TRACE("(%p %p %p %p %d %p %lu %lu)\n",
2801 PolicyHandle
, SidEnumBuffer
, ReferencedDomains
, TranslatedNames
,
2802 LookupLevel
, MappedCount
, LookupOptions
, ClientRevision
);
2804 TranslatedNames
->Entries
= SidEnumBuffer
->Entries
;
2805 TranslatedNames
->Names
= NULL
;
2806 *ReferencedDomains
= NULL
;
2808 /* FIXME: Fail, if there is an invalid SID in the SidEnumBuffer */
2810 Status
= LsapLookupSids(SidEnumBuffer
,
2823 NTSTATUS WINAPI
LsarLookupNames2(
2824 LSAPR_HANDLE PolicyHandle
,
2826 PRPC_UNICODE_STRING Names
,
2827 PLSAPR_REFERENCED_DOMAIN_LIST
*ReferencedDomains
,
2828 PLSAPR_TRANSLATED_SIDS_EX TranslatedSids
,
2829 LSAP_LOOKUP_LEVEL LookupLevel
,
2831 DWORD LookupOptions
,
2832 DWORD ClientRevision
)
2834 LSAPR_TRANSLATED_SIDS_EX2 TranslatedSidsEx2
;
2838 TRACE("(%p %lu %p %p %p %d %p %lu %lu)\n",
2839 PolicyHandle
, Count
, Names
, ReferencedDomains
, TranslatedSids
,
2840 LookupLevel
, MappedCount
, LookupOptions
, ClientRevision
);
2842 TranslatedSids
->Entries
= 0;
2843 TranslatedSids
->Sids
= NULL
;
2844 *ReferencedDomains
= NULL
;
2847 return STATUS_NONE_MAPPED
;
2849 TranslatedSidsEx2
.Entries
= 0;
2850 TranslatedSidsEx2
.Sids
= NULL
;
2852 Status
= LsapLookupNames(Count
,
2860 if (!NT_SUCCESS(Status
))
2863 TranslatedSids
->Entries
= TranslatedSidsEx2
.Entries
;
2864 TranslatedSids
->Sids
= MIDL_user_allocate(TranslatedSids
->Entries
* sizeof(LSA_TRANSLATED_SID
));
2865 if (TranslatedSids
->Sids
== NULL
)
2867 MIDL_user_free(TranslatedSidsEx2
.Sids
);
2868 MIDL_user_free(*ReferencedDomains
);
2869 *ReferencedDomains
= NULL
;
2870 return STATUS_INSUFFICIENT_RESOURCES
;
2873 for (i
= 0; i
< TranslatedSidsEx2
.Entries
; i
++)
2875 TranslatedSids
->Sids
[i
].Use
= TranslatedSidsEx2
.Sids
[i
].Use
;
2876 TranslatedSids
->Sids
[i
].RelativeId
= LsapGetRelativeIdFromSid(TranslatedSidsEx2
.Sids
[i
].Sid
);
2877 TranslatedSids
->Sids
[i
].DomainIndex
= TranslatedSidsEx2
.Sids
[i
].DomainIndex
;
2878 TranslatedSids
->Sids
[i
].Flags
= TranslatedSidsEx2
.Sids
[i
].Flags
;
2881 MIDL_user_free(TranslatedSidsEx2
.Sids
);
2883 return STATUS_SUCCESS
;
2888 NTSTATUS WINAPI
LsarCreateTrustedDomainEx2(
2889 LSAPR_HANDLE PolicyHandle
,
2890 PLSAPR_TRUSTED_DOMAIN_INFORMATION_EX TrustedDomainInformation
,
2891 PLSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION_INTERNAL AuthentificationInformation
,
2892 ACCESS_MASK DesiredAccess
,
2893 LSAPR_HANDLE
*TrustedDomainHandle
)
2896 return STATUS_NOT_IMPLEMENTED
;
2901 NTSTATUS WINAPI
CredrWrite(
2905 return STATUS_NOT_IMPLEMENTED
;
2910 NTSTATUS WINAPI
CredrRead(
2914 return STATUS_NOT_IMPLEMENTED
;
2919 NTSTATUS WINAPI
CredrEnumerate(
2923 return STATUS_NOT_IMPLEMENTED
;
2928 NTSTATUS WINAPI
CredrWriteDomainCredentials(
2932 return STATUS_NOT_IMPLEMENTED
;
2937 NTSTATUS WINAPI
CredrReadDomainCredentials(
2941 return STATUS_NOT_IMPLEMENTED
;
2946 NTSTATUS WINAPI
CredrDelete(
2950 return STATUS_NOT_IMPLEMENTED
;
2955 NTSTATUS WINAPI
CredrGetTargetInfo(
2959 return STATUS_NOT_IMPLEMENTED
;
2964 NTSTATUS WINAPI
CredrProfileLoaded(
2968 return STATUS_NOT_IMPLEMENTED
;
2973 NTSTATUS WINAPI
LsarLookupNames3(
2974 LSAPR_HANDLE PolicyHandle
,
2976 PRPC_UNICODE_STRING Names
,
2977 PLSAPR_REFERENCED_DOMAIN_LIST
*ReferencedDomains
,
2978 PLSAPR_TRANSLATED_SIDS_EX2 TranslatedSids
,
2979 LSAP_LOOKUP_LEVEL LookupLevel
,
2981 DWORD LookupOptions
,
2982 DWORD ClientRevision
)
2986 TRACE("(%p %lu %p %p %p %d %p %lu %lu)\n",
2987 PolicyHandle
, Count
, Names
, ReferencedDomains
, TranslatedSids
,
2988 LookupLevel
, MappedCount
, LookupOptions
, ClientRevision
);
2990 TranslatedSids
->Entries
= 0;
2991 TranslatedSids
->Sids
= NULL
;
2992 *ReferencedDomains
= NULL
;
2995 return STATUS_NONE_MAPPED
;
2997 Status
= LsapLookupNames(Count
,
3011 NTSTATUS WINAPI
CredrGetSessionTypes(
3015 return STATUS_NOT_IMPLEMENTED
;
3020 NTSTATUS WINAPI
LsarRegisterAuditEvent(
3024 return STATUS_NOT_IMPLEMENTED
;
3029 NTSTATUS WINAPI
LsarGenAuditEvent(
3033 return STATUS_NOT_IMPLEMENTED
;
3038 NTSTATUS WINAPI
LsarUnregisterAuditEvent(
3042 return STATUS_NOT_IMPLEMENTED
;
3047 NTSTATUS WINAPI
LsarQueryForestTrustInformation(
3048 LSAPR_HANDLE PolicyHandle
,
3049 PLSA_UNICODE_STRING TrustedDomainName
,
3050 LSA_FOREST_TRUST_RECORD_TYPE HighestRecordType
,
3051 PLSA_FOREST_TRUST_INFORMATION
*ForestTrustInfo
)
3054 return STATUS_NOT_IMPLEMENTED
;
3059 NTSTATUS WINAPI
LsarSetForestTrustInformation(
3060 LSAPR_HANDLE PolicyHandle
,
3061 PLSA_UNICODE_STRING TrustedDomainName
,
3062 LSA_FOREST_TRUST_RECORD_TYPE HighestRecordType
,
3063 PLSA_FOREST_TRUST_INFORMATION ForestTrustInfo
,
3065 PLSA_FOREST_TRUST_COLLISION_INFORMATION
*CollisionInfo
)
3068 return STATUS_NOT_IMPLEMENTED
;
3073 NTSTATUS WINAPI
CredrRename(
3077 return STATUS_NOT_IMPLEMENTED
;
3082 NTSTATUS WINAPI
LsarLookupSids3(
3083 LSAPR_HANDLE PolicyHandle
,
3084 PLSAPR_SID_ENUM_BUFFER SidEnumBuffer
,
3085 PLSAPR_REFERENCED_DOMAIN_LIST
*ReferencedDomains
,
3086 PLSAPR_TRANSLATED_NAMES_EX TranslatedNames
,
3087 LSAP_LOOKUP_LEVEL LookupLevel
,
3089 DWORD LookupOptions
,
3090 DWORD ClientRevision
)
3094 TRACE("(%p %p %p %p %d %p %lu %lu)\n",
3095 PolicyHandle
, SidEnumBuffer
, ReferencedDomains
, TranslatedNames
,
3096 LookupLevel
, MappedCount
, LookupOptions
, ClientRevision
);
3098 TranslatedNames
->Entries
= SidEnumBuffer
->Entries
;
3099 TranslatedNames
->Names
= NULL
;
3100 *ReferencedDomains
= NULL
;
3102 /* FIXME: Fail, if there is an invalid SID in the SidEnumBuffer */
3104 Status
= LsapLookupSids(SidEnumBuffer
,
3117 NTSTATUS WINAPI
LsarLookupNames4(
3120 PRPC_UNICODE_STRING Names
,
3121 PLSAPR_REFERENCED_DOMAIN_LIST
*ReferencedDomains
,
3122 PLSAPR_TRANSLATED_SIDS_EX2 TranslatedSids
,
3123 LSAP_LOOKUP_LEVEL LookupLevel
,
3125 DWORD LookupOptions
,
3126 DWORD ClientRevision
)
3130 TRACE("(%p %lu %p %p %p %d %p %lu %lu)\n",
3131 RpcHandle
, Count
, Names
, ReferencedDomains
, TranslatedSids
,
3132 LookupLevel
, MappedCount
, LookupOptions
, ClientRevision
);
3134 TranslatedSids
->Entries
= 0;
3135 TranslatedSids
->Sids
= NULL
;
3136 *ReferencedDomains
= NULL
;
3139 return STATUS_NONE_MAPPED
;
3141 Status
= LsapLookupNames(Count
,
3155 NTSTATUS WINAPI
LsarOpenPolicySce(
3157 PLSAPR_OBJECT_ATTRIBUTES ObjectAttributes
,
3158 ACCESS_MASK DesiredAccess
,
3159 LSAPR_HANDLE
*PolicyHandle
)
3162 return STATUS_NOT_IMPLEMENTED
;
3167 NTSTATUS WINAPI
LsarAdtRegisterSecurityEventSource(
3171 return STATUS_NOT_IMPLEMENTED
;
3176 NTSTATUS WINAPI
LsarAdtUnregisterSecurityEventSource(
3180 return STATUS_NOT_IMPLEMENTED
;
3185 NTSTATUS WINAPI
LsarAdtReportSecurityEvent(
3189 return STATUS_NOT_IMPLEMENTED
;