2 * COPYRIGHT: See COPYING in the top level directory
3 * PROJECT: Local Security Authority (LSA) Server
4 * FILE: reactos/dll/win32/lsasrv/lsarpc.h
5 * PURPOSE: RPC interface functions
7 * PROGRAMMERS: Eric Kohl
12 /* GLOBALS *****************************************************************/
14 static RTL_CRITICAL_SECTION PolicyHandleTableLock
;
18 LsapPolicyMapping
= {POLICY_READ
,
25 LsapAccountMapping
= {ACCOUNT_READ
,
32 LsapSecretMapping
= {SECRET_READ
,
37 /* FUNCTIONS ***************************************************************/
40 LsarStartRpcServer(VOID
)
44 RtlInitializeCriticalSection(&PolicyHandleTableLock
);
46 TRACE("LsarStartRpcServer() called\n");
48 Status
= RpcServerUseProtseqEpW(L
"ncacn_np",
52 if (Status
!= RPC_S_OK
)
54 WARN("RpcServerUseProtseqEpW() failed (Status %lx)\n", Status
);
58 Status
= RpcServerRegisterIf(lsarpc_v0_0_s_ifspec
,
61 if (Status
!= RPC_S_OK
)
63 WARN("RpcServerRegisterIf() failed (Status %lx)\n", Status
);
69 Status
= RpcServerListen(1, 20, TRUE
);
70 if (Status
!= RPC_S_OK
)
72 WARN("RpcServerListen() failed (Status %lx)\n", Status
);
76 TRACE("LsarStartRpcServer() done\n");
80 void __RPC_USER
LSAPR_HANDLE_rundown(LSAPR_HANDLE hHandle
)
87 NTSTATUS WINAPI
LsarClose(
88 LSAPR_HANDLE
*ObjectHandle
)
90 PLSA_DB_OBJECT DbObject
;
91 NTSTATUS Status
= STATUS_SUCCESS
;
93 TRACE("LsarClose(%p)\n", ObjectHandle
);
95 // RtlEnterCriticalSection(&PolicyHandleTableLock);
97 Status
= LsapValidateDbObject(*ObjectHandle
,
101 if (Status
== STATUS_SUCCESS
)
103 Status
= LsapCloseDbObject(DbObject
);
104 *ObjectHandle
= NULL
;
107 // RtlLeaveCriticalSection(&PolicyHandleTableLock);
114 NTSTATUS WINAPI
LsarDelete(
115 LSAPR_HANDLE ObjectHandle
)
117 TRACE("LsarDelete(%p)\n", ObjectHandle
);
119 return LsarDeleteObject(&ObjectHandle
);
124 NTSTATUS WINAPI
LsarEnumeratePrivileges(
125 LSAPR_HANDLE PolicyHandle
,
126 DWORD
*EnumerationContext
,
127 PLSAPR_PRIVILEGE_ENUM_BUFFER EnumerationBuffer
,
128 DWORD PreferedMaximumLength
)
130 PLSA_DB_OBJECT PolicyObject
;
133 TRACE("LsarEnumeratePrivileges(%p %p %p %lu)\n",
134 PolicyHandle
, EnumerationContext
, EnumerationBuffer
,
135 PreferedMaximumLength
);
137 Status
= LsapValidateDbObject(PolicyHandle
,
139 POLICY_VIEW_LOCAL_INFORMATION
,
141 if (!NT_SUCCESS(Status
))
144 if (EnumerationContext
== NULL
)
145 return STATUS_INVALID_PARAMETER
;
147 return LsarpEnumeratePrivileges(EnumerationContext
,
149 PreferedMaximumLength
);
154 NTSTATUS WINAPI
LsarQuerySecurityObject(
155 LSAPR_HANDLE ObjectHandle
,
156 SECURITY_INFORMATION SecurityInformation
,
157 PLSAPR_SR_SECURITY_DESCRIPTOR
*SecurityDescriptor
)
159 PLSA_DB_OBJECT DbObject
= NULL
;
160 PSECURITY_DESCRIPTOR RelativeSd
= NULL
;
161 PSECURITY_DESCRIPTOR ResultSd
= NULL
;
162 PLSAPR_SR_SECURITY_DESCRIPTOR SdData
= NULL
;
163 ACCESS_MASK DesiredAccess
= 0;
164 ULONG RelativeSdSize
= 0;
165 ULONG ResultSdSize
= 0;
168 TRACE("LsarQuerySecurityObject(%p %lx %p)\n",
169 ObjectHandle
, SecurityInformation
, SecurityDescriptor
);
171 if (SecurityDescriptor
== NULL
)
172 return STATUS_INVALID_PARAMETER
;
174 *SecurityDescriptor
= NULL
;
176 if ((SecurityInformation
& OWNER_SECURITY_INFORMATION
) ||
177 (SecurityInformation
& GROUP_SECURITY_INFORMATION
) ||
178 (SecurityInformation
& DACL_SECURITY_INFORMATION
))
179 DesiredAccess
|= READ_CONTROL
;
181 if (SecurityInformation
& SACL_SECURITY_INFORMATION
)
182 DesiredAccess
|= ACCESS_SYSTEM_SECURITY
;
184 /* Validate the ObjectHandle */
185 Status
= LsapValidateDbObject(ObjectHandle
,
189 if (!NT_SUCCESS(Status
))
192 /* Get the size of the SD */
193 Status
= LsapGetObjectAttribute(DbObject
,
197 if (!NT_SUCCESS(Status
))
200 /* Allocate a buffer for the SD */
201 RelativeSd
= MIDL_user_allocate(RelativeSdSize
);
202 if (RelativeSd
== NULL
)
203 return STATUS_INSUFFICIENT_RESOURCES
;
206 Status
= LsapGetObjectAttribute(DbObject
,
210 if (!NT_SUCCESS(Status
))
213 /* Invalidate the SD information that was not requested */
214 if (!(SecurityInformation
& OWNER_SECURITY_INFORMATION
))
215 ((PISECURITY_DESCRIPTOR
)RelativeSd
)->Owner
= NULL
;
217 if (!(SecurityInformation
& GROUP_SECURITY_INFORMATION
))
218 ((PISECURITY_DESCRIPTOR
)RelativeSd
)->Group
= NULL
;
220 if (!(SecurityInformation
& DACL_SECURITY_INFORMATION
))
221 ((PISECURITY_DESCRIPTOR
)RelativeSd
)->Control
&= ~SE_DACL_PRESENT
;
223 if (!(SecurityInformation
& SACL_SECURITY_INFORMATION
))
224 ((PISECURITY_DESCRIPTOR
)RelativeSd
)->Control
&= ~SE_SACL_PRESENT
;
226 /* Calculate the required SD size */
227 Status
= RtlMakeSelfRelativeSD(RelativeSd
,
230 if (Status
!= STATUS_BUFFER_TOO_SMALL
)
233 /* Allocate a buffer for the new SD */
234 ResultSd
= MIDL_user_allocate(ResultSdSize
);
235 if (ResultSd
== NULL
)
237 Status
= STATUS_INSUFFICIENT_RESOURCES
;
241 /* Build the new SD */
242 Status
= RtlMakeSelfRelativeSD(RelativeSd
,
245 if (!NT_SUCCESS(Status
))
248 /* Allocate the SD data buffer */
249 SdData
= MIDL_user_allocate(sizeof(LSAPR_SR_SECURITY_DESCRIPTOR
));
252 Status
= STATUS_INSUFFICIENT_RESOURCES
;
256 /* Fill the SD data buffer and return it to the caller */
257 SdData
->Length
= RelativeSdSize
;
258 SdData
->SecurityDescriptor
= (PBYTE
)ResultSd
;
260 *SecurityDescriptor
= SdData
;
263 if (!NT_SUCCESS(Status
))
265 if (ResultSd
!= NULL
)
266 MIDL_user_free(ResultSd
);
269 if (RelativeSd
!= NULL
)
270 MIDL_user_free(RelativeSd
);
277 NTSTATUS WINAPI
LsarSetSecurityObject(
278 LSAPR_HANDLE ObjectHandle
,
279 SECURITY_INFORMATION SecurityInformation
,
280 PLSAPR_SR_SECURITY_DESCRIPTOR SecurityDescriptor
)
282 PLSA_DB_OBJECT DbObject
= NULL
;
283 ACCESS_MASK DesiredAccess
= 0;
284 PSECURITY_DESCRIPTOR RelativeSd
= NULL
;
285 ULONG RelativeSdSize
= 0;
286 HANDLE TokenHandle
= NULL
;
287 PGENERIC_MAPPING Mapping
;
290 TRACE("LsarSetSecurityObject(%p %lx %p)\n",
291 ObjectHandle
, SecurityInformation
, SecurityDescriptor
);
293 if ((SecurityDescriptor
== NULL
) ||
294 (SecurityDescriptor
->SecurityDescriptor
== NULL
) ||
295 !RtlValidSecurityDescriptor((PSECURITY_DESCRIPTOR
)SecurityDescriptor
->SecurityDescriptor
))
296 return ERROR_INVALID_PARAMETER
;
298 if (SecurityInformation
== 0 ||
299 SecurityInformation
& ~(OWNER_SECURITY_INFORMATION
| GROUP_SECURITY_INFORMATION
300 | DACL_SECURITY_INFORMATION
| SACL_SECURITY_INFORMATION
))
301 return ERROR_INVALID_PARAMETER
;
303 if (SecurityInformation
& SACL_SECURITY_INFORMATION
)
304 DesiredAccess
|= ACCESS_SYSTEM_SECURITY
;
306 if (SecurityInformation
& DACL_SECURITY_INFORMATION
)
307 DesiredAccess
|= WRITE_DAC
;
309 if (SecurityInformation
& (OWNER_SECURITY_INFORMATION
| GROUP_SECURITY_INFORMATION
))
310 DesiredAccess
|= WRITE_OWNER
;
312 if ((SecurityInformation
& OWNER_SECURITY_INFORMATION
) &&
313 (((PISECURITY_DESCRIPTOR
)SecurityDescriptor
)->Owner
== NULL
))
314 return ERROR_INVALID_PARAMETER
;
316 if ((SecurityInformation
& GROUP_SECURITY_INFORMATION
) &&
317 (((PISECURITY_DESCRIPTOR
)SecurityDescriptor
)->Group
== NULL
))
318 return ERROR_INVALID_PARAMETER
;
320 /* Validate the ObjectHandle */
321 Status
= LsapValidateDbObject(ObjectHandle
,
325 if (!NT_SUCCESS(Status
))
327 ERR("LsapValidateDbObject failed (Status 0x%08lx)\n", Status
);
331 /* Get the mapping for the object type */
332 switch (DbObject
->ObjectType
)
334 case LsaDbPolicyObject
:
335 Mapping
= &LsapPolicyMapping
;
338 case LsaDbAccountObject
:
339 Mapping
= &LsapAccountMapping
;
342 // case LsaDbDomainObject:
343 // Mapping = &LsapDomainMapping;
346 case LsaDbSecretObject
:
347 Mapping
= &LsapSecretMapping
;
351 return STATUS_INVALID_HANDLE
;
354 /* Get the size of the SD */
355 Status
= LsapGetObjectAttribute(DbObject
,
359 if (!NT_SUCCESS(Status
))
362 /* Allocate a buffer for the SD */
363 RelativeSd
= RtlAllocateHeap(RtlGetProcessHeap(), 0, RelativeSdSize
);
364 if (RelativeSd
== NULL
)
365 return STATUS_INSUFFICIENT_RESOURCES
;
368 Status
= LsapGetObjectAttribute(DbObject
,
372 if (!NT_SUCCESS(Status
))
375 /* Get the clients token if we try to set the owner */
376 if (SecurityInformation
& OWNER_SECURITY_INFORMATION
)
378 Status
= I_RpcMapWin32Status(RpcImpersonateClient(NULL
));
379 if (!NT_SUCCESS(Status
))
381 ERR("RpcImpersonateClient returns 0x%08lx\n", Status
);
385 Status
= NtOpenThreadToken(NtCurrentThread(),
390 if (!NT_SUCCESS(Status
))
392 ERR("NtOpenThreadToken returns 0x%08lx\n", Status
);
397 /* Build the new security descriptor */
398 Status
= RtlSetSecurityObject(SecurityInformation
,
399 (PSECURITY_DESCRIPTOR
)SecurityDescriptor
->SecurityDescriptor
,
403 if (!NT_SUCCESS(Status
))
405 ERR("RtlSetSecurityObject failed (Status 0x%08lx)\n", Status
);
409 /* Set the modified SD */
410 Status
= LsapSetObjectAttribute(DbObject
,
413 RtlLengthSecurityDescriptor(RelativeSd
));
414 if (!NT_SUCCESS(Status
))
416 ERR("LsapSetObjectAttribute failed (Status 0x%08lx)\n", Status
);
420 if (TokenHandle
!= NULL
)
421 NtClose(TokenHandle
);
423 if (RelativeSd
!= NULL
)
424 RtlFreeHeap(RtlGetProcessHeap(), 0, RelativeSd
);
431 NTSTATUS WINAPI
LsarChangePassword(
433 PRPC_UNICODE_STRING String1
,
434 PRPC_UNICODE_STRING String2
,
435 PRPC_UNICODE_STRING String3
,
436 PRPC_UNICODE_STRING String4
,
437 PRPC_UNICODE_STRING String5
)
440 return STATUS_NOT_IMPLEMENTED
;
445 NTSTATUS WINAPI
LsarOpenPolicy(
447 PLSAPR_OBJECT_ATTRIBUTES ObjectAttributes
,
448 ACCESS_MASK DesiredAccess
,
449 LSAPR_HANDLE
*PolicyHandle
)
451 PLSA_DB_OBJECT PolicyObject
;
454 TRACE("LsarOpenPolicy(%S %p %lx %p)\n",
455 SystemName
, ObjectAttributes
, DesiredAccess
, PolicyHandle
);
457 RtlEnterCriticalSection(&PolicyHandleTableLock
);
459 Status
= LsapOpenDbObject(NULL
,
467 RtlLeaveCriticalSection(&PolicyHandleTableLock
);
469 if (NT_SUCCESS(Status
))
470 *PolicyHandle
= (LSAPR_HANDLE
)PolicyObject
;
472 TRACE("LsarOpenPolicy done!\n");
479 NTSTATUS WINAPI
LsarQueryInformationPolicy(
480 LSAPR_HANDLE PolicyHandle
,
481 POLICY_INFORMATION_CLASS InformationClass
,
482 PLSAPR_POLICY_INFORMATION
*PolicyInformation
)
484 PLSA_DB_OBJECT PolicyObject
;
485 ACCESS_MASK DesiredAccess
= 0;
488 TRACE("LsarQueryInformationPolicy(%p,0x%08x,%p)\n",
489 PolicyHandle
, InformationClass
, PolicyInformation
);
491 if (PolicyInformation
)
493 TRACE("*PolicyInformation %p\n", *PolicyInformation
);
496 switch (InformationClass
)
498 case PolicyAuditLogInformation
:
499 case PolicyAuditEventsInformation
:
500 case PolicyAuditFullQueryInformation
:
501 DesiredAccess
= POLICY_VIEW_AUDIT_INFORMATION
;
504 case PolicyPrimaryDomainInformation
:
505 case PolicyAccountDomainInformation
:
506 case PolicyLsaServerRoleInformation
:
507 case PolicyReplicaSourceInformation
:
508 case PolicyDefaultQuotaInformation
:
509 case PolicyModificationInformation
:
510 case PolicyDnsDomainInformation
:
511 case PolicyDnsDomainInformationInt
:
512 case PolicyLocalAccountDomainInformation
:
513 DesiredAccess
= POLICY_VIEW_LOCAL_INFORMATION
;
516 case PolicyPdAccountInformation
:
517 DesiredAccess
= POLICY_GET_PRIVATE_INFORMATION
;
521 ERR("Invalid InformationClass!\n");
522 return STATUS_INVALID_PARAMETER
;
525 Status
= LsapValidateDbObject(PolicyHandle
,
529 if (!NT_SUCCESS(Status
))
532 switch (InformationClass
)
534 case PolicyAuditLogInformation
: /* 1 */
535 Status
= LsarQueryAuditLog(PolicyObject
,
539 case PolicyAuditEventsInformation
: /* 2 */
540 Status
= LsarQueryAuditEvents(PolicyObject
,
544 case PolicyPrimaryDomainInformation
: /* 3 */
545 Status
= LsarQueryPrimaryDomain(PolicyObject
,
549 case PolicyPdAccountInformation
: /* 4 */
550 Status
= LsarQueryPdAccount(PolicyObject
,
554 case PolicyAccountDomainInformation
: /* 5 */
555 Status
= LsarQueryAccountDomain(PolicyObject
,
559 case PolicyLsaServerRoleInformation
: /* 6 */
560 Status
= LsarQueryServerRole(PolicyObject
,
564 case PolicyReplicaSourceInformation
: /* 7 */
565 Status
= LsarQueryReplicaSource(PolicyObject
,
569 case PolicyDefaultQuotaInformation
: /* 8 */
570 Status
= LsarQueryDefaultQuota(PolicyObject
,
574 case PolicyModificationInformation
: /* 9 */
575 Status
= LsarQueryModification(PolicyObject
,
579 case PolicyAuditFullQueryInformation
: /* 11 (0xB) */
580 Status
= LsarQueryAuditFull(PolicyObject
,
584 case PolicyDnsDomainInformation
: /* 12 (0xC) */
585 Status
= LsarQueryDnsDomain(PolicyObject
,
589 case PolicyDnsDomainInformationInt
: /* 13 (0xD) */
590 Status
= LsarQueryDnsDomainInt(PolicyObject
,
594 case PolicyLocalAccountDomainInformation
: /* 14 (0xE) */
595 Status
= LsarQueryLocalAccountDomain(PolicyObject
,
600 ERR("Invalid InformationClass!\n");
601 Status
= STATUS_INVALID_PARAMETER
;
609 NTSTATUS WINAPI
LsarSetInformationPolicy(
610 LSAPR_HANDLE PolicyHandle
,
611 POLICY_INFORMATION_CLASS InformationClass
,
612 PLSAPR_POLICY_INFORMATION PolicyInformation
)
614 PLSA_DB_OBJECT PolicyObject
;
615 ACCESS_MASK DesiredAccess
= 0;
618 TRACE("LsarSetInformationPolicy(%p,0x%08x,%p)\n",
619 PolicyHandle
, InformationClass
, PolicyInformation
);
621 if (PolicyInformation
)
623 TRACE("*PolicyInformation %p\n", *PolicyInformation
);
626 switch (InformationClass
)
628 case PolicyAuditLogInformation
:
629 case PolicyAuditFullSetInformation
:
630 DesiredAccess
= POLICY_AUDIT_LOG_ADMIN
;
633 case PolicyAuditEventsInformation
:
634 DesiredAccess
= POLICY_SET_AUDIT_REQUIREMENTS
;
637 case PolicyPrimaryDomainInformation
:
638 case PolicyAccountDomainInformation
:
639 case PolicyDnsDomainInformation
:
640 case PolicyDnsDomainInformationInt
:
641 case PolicyLocalAccountDomainInformation
:
642 DesiredAccess
= POLICY_TRUST_ADMIN
;
645 case PolicyLsaServerRoleInformation
:
646 case PolicyReplicaSourceInformation
:
647 DesiredAccess
= POLICY_SERVER_ADMIN
;
650 case PolicyDefaultQuotaInformation
:
651 DesiredAccess
= POLICY_SET_DEFAULT_QUOTA_LIMITS
;
655 ERR("Invalid InformationClass!\n");
656 return STATUS_INVALID_PARAMETER
;
659 Status
= LsapValidateDbObject(PolicyHandle
,
663 if (!NT_SUCCESS(Status
))
666 switch (InformationClass
)
668 case PolicyAuditLogInformation
: /* 1 */
669 Status
= LsarSetAuditLog(PolicyObject
,
670 (PPOLICY_AUDIT_LOG_INFO
)PolicyInformation
);
673 case PolicyAuditEventsInformation
: /* 2 */
674 Status
= LsarSetAuditEvents(PolicyObject
,
675 (PLSAPR_POLICY_AUDIT_EVENTS_INFO
)PolicyInformation
);
678 case PolicyPrimaryDomainInformation
: /* 3 */
679 Status
= LsarSetPrimaryDomain(PolicyObject
,
680 (PLSAPR_POLICY_PRIMARY_DOM_INFO
)PolicyInformation
);
683 case PolicyAccountDomainInformation
: /* 5 */
684 Status
= LsarSetAccountDomain(PolicyObject
,
685 (PLSAPR_POLICY_ACCOUNT_DOM_INFO
)PolicyInformation
);
688 case PolicyLsaServerRoleInformation
: /* 6 */
689 Status
= LsarSetServerRole(PolicyObject
,
690 (PPOLICY_LSA_SERVER_ROLE_INFO
)PolicyInformation
);
693 case PolicyReplicaSourceInformation
: /* 7 */
694 Status
= LsarSetReplicaSource(PolicyObject
,
695 (PPOLICY_LSA_REPLICA_SRCE_INFO
)PolicyInformation
);
698 case PolicyDefaultQuotaInformation
: /* 8 */
699 Status
= LsarSetDefaultQuota(PolicyObject
,
700 (PPOLICY_DEFAULT_QUOTA_INFO
)PolicyInformation
);
703 case PolicyModificationInformation
: /* 9 */
704 Status
= LsarSetModification(PolicyObject
,
705 (PPOLICY_MODIFICATION_INFO
)PolicyInformation
);
708 case PolicyAuditFullSetInformation
: /* 10 (0xA) */
709 Status
= LsarSetAuditFull(PolicyObject
,
710 (PPOLICY_AUDIT_FULL_QUERY_INFO
)PolicyInformation
);
713 case PolicyDnsDomainInformation
: /* 12 (0xC) */
714 Status
= LsarSetDnsDomain(PolicyObject
,
715 (PLSAPR_POLICY_DNS_DOMAIN_INFO
)PolicyInformation
);
718 case PolicyDnsDomainInformationInt
: /* 13 (0xD) */
719 Status
= LsarSetDnsDomainInt(PolicyObject
,
720 (PLSAPR_POLICY_DNS_DOMAIN_INFO
)PolicyInformation
);
723 case PolicyLocalAccountDomainInformation
: /* 14 (0xE) */
724 Status
= LsarSetLocalAccountDomain(PolicyObject
,
725 (PLSAPR_POLICY_ACCOUNT_DOM_INFO
)PolicyInformation
);
729 Status
= STATUS_INVALID_PARAMETER
;
738 NTSTATUS WINAPI
LsarClearAuditLog(
739 LSAPR_HANDLE ObjectHandle
)
742 return STATUS_NOT_IMPLEMENTED
;
748 PLSA_DB_OBJECT PolicyObject
,
750 ACCESS_MASK DesiredAccess
,
751 PLSA_DB_OBJECT
*AccountObject
)
753 LPWSTR SidString
= NULL
;
754 PSECURITY_DESCRIPTOR AccountSd
= NULL
;
756 NTSTATUS Status
= STATUS_SUCCESS
;
758 /* Create SID string */
759 if (!ConvertSidToStringSid((PSID
)AccountSid
,
762 ERR("ConvertSidToStringSid failed\n");
763 return STATUS_INVALID_PARAMETER
;
766 /* Create a security descriptor for the account */
767 Status
= LsapCreateAccountSd(&AccountSd
,
769 if (!NT_SUCCESS(Status
))
771 ERR("LsapCreateAccountSd returned 0x%08lx\n", Status
);
775 /* Create the Account object */
776 Status
= LsapCreateDbObject(PolicyObject
,
781 PolicyObject
->Trusted
,
783 if (!NT_SUCCESS(Status
))
785 ERR("LsapCreateDbObject failed (Status 0x%08lx)\n", Status
);
789 /* Set the Sid attribute */
790 Status
= LsapSetObjectAttribute(*AccountObject
,
793 GetLengthSid(AccountSid
));
794 if (!NT_SUCCESS(Status
))
797 /* Set the SecDesc attribute */
798 Status
= LsapSetObjectAttribute(*AccountObject
,
804 if (SidString
!= NULL
)
805 LocalFree(SidString
);
807 if (AccountSd
!= NULL
)
808 RtlFreeHeap(RtlGetProcessHeap(), 0, AccountSd
);
815 NTSTATUS WINAPI
LsarCreateAccount(
816 LSAPR_HANDLE PolicyHandle
,
818 ACCESS_MASK DesiredAccess
,
819 LSAPR_HANDLE
*AccountHandle
)
821 PLSA_DB_OBJECT PolicyObject
;
822 PLSA_DB_OBJECT AccountObject
= NULL
;
823 NTSTATUS Status
= STATUS_SUCCESS
;
825 TRACE("LsarCreateAccount(%p %p %lx %p)\n",
826 PolicyHandle
, AccountSid
, DesiredAccess
, AccountHandle
);
828 /* Validate the AccountSid */
829 if (!RtlValidSid(AccountSid
))
830 return STATUS_INVALID_PARAMETER
;
832 /* Validate the PolicyHandle */
833 Status
= LsapValidateDbObject(PolicyHandle
,
835 POLICY_CREATE_ACCOUNT
,
837 if (!NT_SUCCESS(Status
))
839 ERR("LsapValidateDbObject returned 0x%08lx\n", Status
);
844 Status
= LsarpCreateAccount(PolicyObject
,
848 if (NT_SUCCESS(Status
))
850 *AccountHandle
= (LSAPR_HANDLE
)AccountObject
;
858 NTSTATUS WINAPI
LsarEnumerateAccounts(
859 LSAPR_HANDLE PolicyHandle
,
860 DWORD
*EnumerationContext
,
861 PLSAPR_ACCOUNT_ENUM_BUFFER EnumerationBuffer
,
862 DWORD PreferedMaximumLength
)
864 LSAPR_ACCOUNT_ENUM_BUFFER EnumBuffer
= {0, NULL
};
865 PLSA_DB_OBJECT PolicyObject
= NULL
;
866 PWSTR AccountKeyBuffer
= NULL
;
867 HANDLE AccountsKeyHandle
= NULL
;
868 HANDLE AccountKeyHandle
;
870 ULONG AccountKeyBufferSize
;
873 ULONG RequiredLength
;
876 NTSTATUS Status
= STATUS_SUCCESS
;
878 TRACE("LsarEnumerateAccount(%p %p %p %lu)\n",
879 PolicyHandle
, EnumerationContext
, EnumerationBuffer
, PreferedMaximumLength
);
881 if (EnumerationContext
== NULL
||
882 EnumerationBuffer
== NULL
)
883 return STATUS_INVALID_PARAMETER
;
885 EnumerationBuffer
->EntriesRead
= 0;
886 EnumerationBuffer
->Information
= NULL
;
888 /* Validate the PolicyHandle */
889 Status
= LsapValidateDbObject(PolicyHandle
,
891 POLICY_VIEW_LOCAL_INFORMATION
,
893 if (!NT_SUCCESS(Status
))
895 ERR("LsapValidateDbObject returned 0x%08lx\n", Status
);
899 Status
= LsapRegOpenKey(PolicyObject
->KeyHandle
,
903 if (!NT_SUCCESS(Status
))
906 Status
= LsapRegQueryKeyInfo(AccountsKeyHandle
,
908 &AccountKeyBufferSize
,
910 if (!NT_SUCCESS(Status
))
912 ERR("LsapRegQueryKeyInfo returned 0x%08lx\n", Status
);
916 AccountKeyBufferSize
+= sizeof(WCHAR
);
917 AccountKeyBuffer
= RtlAllocateHeap(RtlGetProcessHeap(), 0, AccountKeyBufferSize
);
918 if (AccountKeyBuffer
== NULL
)
920 return STATUS_NO_MEMORY
;
923 EnumIndex
= *EnumerationContext
;
929 Status
= LsapRegEnumerateSubKey(AccountsKeyHandle
,
931 AccountKeyBufferSize
,
933 if (!NT_SUCCESS(Status
))
936 TRACE("EnumIndex: %lu\n", EnumIndex
);
937 TRACE("Account key name: %S\n", AccountKeyBuffer
);
939 Status
= LsapRegOpenKey(AccountsKeyHandle
,
943 TRACE("LsapRegOpenKey returned %08lX\n", Status
);
944 if (NT_SUCCESS(Status
))
946 Status
= LsapRegOpenKey(AccountKeyHandle
,
950 TRACE("LsapRegOpenKey returned %08lX\n", Status
);
951 if (NT_SUCCESS(Status
))
954 Status
= LsapRegQueryValue(SidKeyHandle
,
959 TRACE("LsapRegQueryValue returned %08lX\n", Status
);
960 if (NT_SUCCESS(Status
))
962 TRACE("Data length: %lu\n", DataLength
);
964 if ((RequiredLength
+ DataLength
+ sizeof(LSAPR_ACCOUNT_INFORMATION
)) > PreferedMaximumLength
)
967 RequiredLength
+= (DataLength
+ sizeof(LSAPR_ACCOUNT_INFORMATION
));
971 LsapRegCloseKey(SidKeyHandle
);
974 LsapRegCloseKey(AccountKeyHandle
);
980 TRACE("EnumCount: %lu\n", EnumCount
);
981 TRACE("RequiredLength: %lu\n", RequiredLength
);
983 EnumBuffer
.EntriesRead
= EnumCount
;
984 EnumBuffer
.Information
= midl_user_allocate(EnumCount
* sizeof(LSAPR_ACCOUNT_INFORMATION
));
985 if (EnumBuffer
.Information
== NULL
)
987 Status
= STATUS_INSUFFICIENT_RESOURCES
;
991 EnumIndex
= *EnumerationContext
;
992 for (i
= 0; i
< EnumCount
; i
++, EnumIndex
++)
994 Status
= LsapRegEnumerateSubKey(AccountsKeyHandle
,
996 AccountKeyBufferSize
,
998 if (!NT_SUCCESS(Status
))
1001 TRACE("EnumIndex: %lu\n", EnumIndex
);
1002 TRACE("Account key name: %S\n", AccountKeyBuffer
);
1004 Status
= LsapRegOpenKey(AccountsKeyHandle
,
1008 TRACE("LsapRegOpenKey returned %08lX\n", Status
);
1009 if (NT_SUCCESS(Status
))
1011 Status
= LsapRegOpenKey(AccountKeyHandle
,
1015 TRACE("LsapRegOpenKey returned %08lX\n", Status
);
1016 if (NT_SUCCESS(Status
))
1019 Status
= LsapRegQueryValue(SidKeyHandle
,
1024 TRACE("LsapRegQueryValue returned %08lX\n", Status
);
1025 if (NT_SUCCESS(Status
))
1027 EnumBuffer
.Information
[i
].Sid
= midl_user_allocate(DataLength
);
1028 if (EnumBuffer
.Information
[i
].Sid
== NULL
)
1030 LsapRegCloseKey(AccountKeyHandle
);
1031 Status
= STATUS_INSUFFICIENT_RESOURCES
;
1035 Status
= LsapRegQueryValue(SidKeyHandle
,
1038 EnumBuffer
.Information
[i
].Sid
,
1040 TRACE("SampRegQueryValue returned %08lX\n", Status
);
1043 LsapRegCloseKey(SidKeyHandle
);
1046 LsapRegCloseKey(AccountKeyHandle
);
1048 if (!NT_SUCCESS(Status
))
1053 if (NT_SUCCESS(Status
))
1055 *EnumerationContext
+= EnumCount
;
1056 EnumerationBuffer
->EntriesRead
= EnumBuffer
.EntriesRead
;
1057 EnumerationBuffer
->Information
= EnumBuffer
.Information
;
1061 if (!NT_SUCCESS(Status
))
1063 if (EnumBuffer
.Information
)
1065 for (i
= 0; i
< EnumBuffer
.EntriesRead
; i
++)
1067 if (EnumBuffer
.Information
[i
].Sid
!= NULL
)
1068 midl_user_free(EnumBuffer
.Information
[i
].Sid
);
1071 midl_user_free(EnumBuffer
.Information
);
1075 if (AccountKeyBuffer
!= NULL
)
1076 RtlFreeHeap(RtlGetProcessHeap(), 0, AccountKeyBuffer
);
1078 if (AccountsKeyHandle
!= NULL
)
1079 LsapRegCloseKey(AccountsKeyHandle
);
1086 NTSTATUS WINAPI
LsarCreateTrustedDomain(
1087 LSAPR_HANDLE PolicyHandle
,
1088 PLSAPR_TRUST_INFORMATION TrustedDomainInformation
,
1089 ACCESS_MASK DesiredAccess
,
1090 LSAPR_HANDLE
*TrustedDomainHandle
)
1092 /* FIXME: We are not running an AD yet */
1093 return STATUS_DIRECTORY_SERVICE_REQUIRED
;
1098 NTSTATUS WINAPI
LsarEnumerateTrustedDomains(
1099 LSAPR_HANDLE PolicyHandle
,
1100 DWORD
*EnumerationContext
,
1101 PLSAPR_TRUSTED_ENUM_BUFFER EnumerationBuffer
,
1102 DWORD PreferedMaximumLength
)
1104 /* FIXME: We are not running an AD yet */
1105 EnumerationBuffer
->EntriesRead
= 0;
1106 EnumerationBuffer
->Information
= NULL
;
1107 return STATUS_NO_MORE_ENTRIES
;
1112 NTSTATUS WINAPI
LsarLookupNames(
1113 LSAPR_HANDLE PolicyHandle
,
1115 PRPC_UNICODE_STRING Names
,
1116 PLSAPR_REFERENCED_DOMAIN_LIST
*ReferencedDomains
,
1117 PLSAPR_TRANSLATED_SIDS TranslatedSids
,
1118 LSAP_LOOKUP_LEVEL LookupLevel
,
1121 LSAPR_TRANSLATED_SIDS_EX2 TranslatedSidsEx2
;
1125 TRACE("LsarLookupNames(%p %lu %p %p %p %d %p)\n",
1126 PolicyHandle
, Count
, Names
, ReferencedDomains
, TranslatedSids
,
1127 LookupLevel
, MappedCount
);
1129 TranslatedSids
->Entries
= 0;
1130 TranslatedSids
->Sids
= NULL
;
1131 *ReferencedDomains
= NULL
;
1134 return STATUS_NONE_MAPPED
;
1136 TranslatedSidsEx2
.Entries
= 0;
1137 TranslatedSidsEx2
.Sids
= NULL
;
1139 Status
= LsapLookupNames(Count
,
1147 if (!NT_SUCCESS(Status
))
1150 TranslatedSids
->Entries
= TranslatedSidsEx2
.Entries
;
1151 TranslatedSids
->Sids
= MIDL_user_allocate(TranslatedSids
->Entries
* sizeof(LSA_TRANSLATED_SID
));
1152 if (TranslatedSids
->Sids
== NULL
)
1154 MIDL_user_free(TranslatedSidsEx2
.Sids
);
1155 MIDL_user_free(*ReferencedDomains
);
1156 *ReferencedDomains
= NULL
;
1157 return STATUS_INSUFFICIENT_RESOURCES
;
1160 for (i
= 0; i
< TranslatedSidsEx2
.Entries
; i
++)
1162 TranslatedSids
->Sids
[i
].Use
= TranslatedSidsEx2
.Sids
[i
].Use
;
1163 TranslatedSids
->Sids
[i
].RelativeId
= LsapGetRelativeIdFromSid(TranslatedSidsEx2
.Sids
[i
].Sid
);
1164 TranslatedSids
->Sids
[i
].DomainIndex
= TranslatedSidsEx2
.Sids
[i
].DomainIndex
;
1167 MIDL_user_free(TranslatedSidsEx2
.Sids
);
1169 return STATUS_SUCCESS
;
1174 NTSTATUS WINAPI
LsarLookupSids(
1175 LSAPR_HANDLE PolicyHandle
,
1176 PLSAPR_SID_ENUM_BUFFER SidEnumBuffer
,
1177 PLSAPR_REFERENCED_DOMAIN_LIST
*ReferencedDomains
,
1178 PLSAPR_TRANSLATED_NAMES TranslatedNames
,
1179 LSAP_LOOKUP_LEVEL LookupLevel
,
1182 LSAPR_TRANSLATED_NAMES_EX TranslatedNamesEx
;
1186 TRACE("LsarLookupSids(%p %p %p %p %d %p)\n",
1187 PolicyHandle
, SidEnumBuffer
, ReferencedDomains
, TranslatedNames
,
1188 LookupLevel
, MappedCount
);
1190 /* FIXME: Fail, if there is an invalid SID in the SidEnumBuffer */
1192 TranslatedNames
->Entries
= SidEnumBuffer
->Entries
;
1193 TranslatedNames
->Names
= NULL
;
1194 *ReferencedDomains
= NULL
;
1196 TranslatedNamesEx
.Entries
= SidEnumBuffer
->Entries
;
1197 TranslatedNamesEx
.Names
= NULL
;
1199 Status
= LsapLookupSids(SidEnumBuffer
,
1206 if (!NT_SUCCESS(Status
))
1209 TranslatedNames
->Entries
= SidEnumBuffer
->Entries
;
1210 TranslatedNames
->Names
= MIDL_user_allocate(SidEnumBuffer
->Entries
* sizeof(LSAPR_TRANSLATED_NAME
));
1211 if (TranslatedNames
->Names
== NULL
)
1213 MIDL_user_free(TranslatedNamesEx
.Names
);
1214 MIDL_user_free(*ReferencedDomains
);
1215 *ReferencedDomains
= NULL
;
1216 return STATUS_INSUFFICIENT_RESOURCES
;
1219 for (i
= 0; i
< TranslatedNamesEx
.Entries
; i
++)
1221 TranslatedNames
->Names
[i
].Use
= TranslatedNamesEx
.Names
[i
].Use
;
1222 TranslatedNames
->Names
[i
].Name
.Length
= TranslatedNamesEx
.Names
[i
].Name
.Length
;
1223 TranslatedNames
->Names
[i
].Name
.MaximumLength
= TranslatedNamesEx
.Names
[i
].Name
.MaximumLength
;
1224 TranslatedNames
->Names
[i
].Name
.Buffer
= TranslatedNamesEx
.Names
[i
].Name
.Buffer
;
1225 TranslatedNames
->Names
[i
].DomainIndex
= TranslatedNamesEx
.Names
[i
].DomainIndex
;
1228 MIDL_user_free(TranslatedNamesEx
.Names
);
1235 NTSTATUS WINAPI
LsarCreateSecret(
1236 LSAPR_HANDLE PolicyHandle
,
1237 PRPC_UNICODE_STRING SecretName
,
1238 ACCESS_MASK DesiredAccess
,
1239 LSAPR_HANDLE
*SecretHandle
)
1241 PLSA_DB_OBJECT PolicyObject
;
1242 PLSA_DB_OBJECT SecretObject
= NULL
;
1244 PSECURITY_DESCRIPTOR SecretSd
= NULL
;
1246 NTSTATUS Status
= STATUS_SUCCESS
;
1248 TRACE("LsarCreateSecret(%p %wZ %lx %p)\n",
1249 PolicyHandle
, SecretName
, DesiredAccess
, SecretHandle
);
1251 /* Validate the PolicyHandle */
1252 Status
= LsapValidateDbObject(PolicyHandle
,
1254 POLICY_CREATE_SECRET
,
1256 if (!NT_SUCCESS(Status
))
1258 ERR("LsapValidateDbObject returned 0x%08lx\n", Status
);
1262 /* Get the current time */
1263 Status
= NtQuerySystemTime(&Time
);
1264 if (!NT_SUCCESS(Status
))
1266 ERR("NtQuerySystemTime failed (Status 0x%08lx)\n", Status
);
1270 /* Create a security descriptor for the secret */
1271 Status
= LsapCreateSecretSd(&SecretSd
,
1273 if (!NT_SUCCESS(Status
))
1275 ERR("LsapCreateAccountSd returned 0x%08lx\n", Status
);
1279 /* Create the Secret object */
1280 Status
= LsapCreateDbObject(PolicyObject
,
1285 PolicyObject
->Trusted
,
1287 if (!NT_SUCCESS(Status
))
1289 ERR("LsapCreateDbObject failed (Status 0x%08lx)\n", Status
);
1293 /* Set the CurrentTime attribute */
1294 Status
= LsapSetObjectAttribute(SecretObject
,
1297 sizeof(LARGE_INTEGER
));
1298 if (!NT_SUCCESS(Status
))
1300 ERR("LsapSetObjectAttribute (CurrentTime) failed (Status 0x%08lx)\n", Status
);
1304 /* Set the OldTime attribute */
1305 Status
= LsapSetObjectAttribute(SecretObject
,
1308 sizeof(LARGE_INTEGER
));
1309 if (!NT_SUCCESS(Status
))
1311 ERR("LsapSetObjectAttribute (OldTime) failed (Status 0x%08lx)\n", Status
);
1315 /* Set the SecDesc attribute */
1316 Status
= LsapSetObjectAttribute(SecretObject
,
1322 if (SecretSd
!= NULL
)
1323 RtlFreeHeap(RtlGetProcessHeap(), 0, SecretSd
);
1325 if (!NT_SUCCESS(Status
))
1327 if (SecretObject
!= NULL
)
1328 LsapCloseDbObject(SecretObject
);
1332 *SecretHandle
= (LSAPR_HANDLE
)SecretObject
;
1335 return STATUS_SUCCESS
;
1342 IN PLSA_DB_OBJECT PolicyObject
,
1343 IN PRPC_SID AccountSid
,
1344 IN ACCESS_MASK DesiredAccess
,
1345 OUT PLSA_DB_OBJECT
*AccountObject
)
1347 LPWSTR SidString
= NULL
;
1348 NTSTATUS Status
= STATUS_SUCCESS
;
1350 /* Create SID string */
1351 if (!ConvertSidToStringSid((PSID
)AccountSid
,
1354 ERR("ConvertSidToStringSid failed\n");
1355 return STATUS_INVALID_PARAMETER
;
1358 /* Create the Account object */
1359 Status
= LsapOpenDbObject(PolicyObject
,
1364 PolicyObject
->Trusted
,
1366 if (!NT_SUCCESS(Status
))
1368 ERR("LsapOpenDbObject failed (Status 0x%08lx)\n", Status
);
1371 if (SidString
!= NULL
)
1372 LocalFree(SidString
);
1379 NTSTATUS WINAPI
LsarOpenAccount(
1380 LSAPR_HANDLE PolicyHandle
,
1381 PRPC_SID AccountSid
,
1382 ACCESS_MASK DesiredAccess
,
1383 LSAPR_HANDLE
*AccountHandle
)
1385 PLSA_DB_OBJECT PolicyObject
;
1388 TRACE("LsarOpenAccount(%p %p %lx %p)\n",
1389 PolicyHandle
, AccountSid
, DesiredAccess
, AccountHandle
);
1391 /* Validate the AccountSid */
1392 if (!RtlValidSid(AccountSid
))
1393 return STATUS_INVALID_PARAMETER
;
1395 /* Validate the PolicyHandle */
1396 Status
= LsapValidateDbObject(PolicyHandle
,
1400 if (!NT_SUCCESS(Status
))
1402 ERR("LsapValidateDbObject returned 0x%08lx\n", Status
);
1407 /* Open the Account object */
1408 return LsarpOpenAccount(PolicyObject
,
1411 (PLSA_DB_OBJECT
*)AccountHandle
);
1416 NTSTATUS WINAPI
LsarEnumeratePrivilegesAccount(
1417 LSAPR_HANDLE AccountHandle
,
1418 PLSAPR_PRIVILEGE_SET
*Privileges
)
1420 PLSA_DB_OBJECT AccountObject
;
1421 ULONG PrivilegeSetSize
= 0;
1422 PLSAPR_PRIVILEGE_SET PrivilegeSet
= NULL
;
1425 TRACE("LsarEnumeratePrivilegesAccount(%p %p)\n",
1426 AccountHandle
, Privileges
);
1430 /* Validate the AccountHandle */
1431 Status
= LsapValidateDbObject(AccountHandle
,
1435 if (!NT_SUCCESS(Status
))
1437 ERR("LsapValidateDbObject returned 0x%08lx\n", Status
);
1441 /* Get the size of the privilege set */
1442 Status
= LsapGetObjectAttribute(AccountObject
,
1446 if (!NT_SUCCESS(Status
))
1449 /* Allocate a buffer for the privilege set */
1450 PrivilegeSet
= MIDL_user_allocate(PrivilegeSetSize
);
1451 if (PrivilegeSet
== NULL
)
1452 return STATUS_NO_MEMORY
;
1454 /* Get the privilege set */
1455 Status
= LsapGetObjectAttribute(AccountObject
,
1459 if (!NT_SUCCESS(Status
))
1461 MIDL_user_free(PrivilegeSet
);
1465 /* Return a pointer to the privilege set */
1466 *Privileges
= PrivilegeSet
;
1468 return STATUS_SUCCESS
;
1473 NTSTATUS WINAPI
LsarAddPrivilegesToAccount(
1474 LSAPR_HANDLE AccountHandle
,
1475 PLSAPR_PRIVILEGE_SET Privileges
)
1477 PLSA_DB_OBJECT AccountObject
;
1478 PPRIVILEGE_SET CurrentPrivileges
= NULL
;
1479 PPRIVILEGE_SET NewPrivileges
= NULL
;
1480 ULONG PrivilegeSetSize
= 0;
1481 ULONG PrivilegeCount
;
1486 TRACE("LsarAddPrivilegesToAccount(%p %p)\n",
1487 AccountHandle
, Privileges
);
1489 /* Validate the AccountHandle */
1490 Status
= LsapValidateDbObject(AccountHandle
,
1492 ACCOUNT_ADJUST_PRIVILEGES
,
1494 if (!NT_SUCCESS(Status
))
1496 ERR("LsapValidateDbObject returned 0x%08lx\n", Status
);
1500 /* Get the size of the Privilgs attribute */
1501 Status
= LsapGetObjectAttribute(AccountObject
,
1505 if (!NT_SUCCESS(Status
) || PrivilegeSetSize
== 0)
1507 /* The Privilgs attribute does not exist */
1509 PrivilegeSetSize
= sizeof(PRIVILEGE_SET
) +
1510 (Privileges
->PrivilegeCount
- 1) * sizeof(LUID_AND_ATTRIBUTES
);
1511 Status
= LsapSetObjectAttribute(AccountObject
,
1518 /* The Privilgs attribute exists */
1520 /* Allocate memory for the stored privilege set */
1521 CurrentPrivileges
= MIDL_user_allocate(PrivilegeSetSize
);
1522 if (CurrentPrivileges
== NULL
)
1523 return STATUS_NO_MEMORY
;
1525 /* Get the current privilege set */
1526 Status
= LsapGetObjectAttribute(AccountObject
,
1530 if (!NT_SUCCESS(Status
))
1532 TRACE("LsapGetObjectAttribute() failed (Status 0x%08lx)\n", Status
);
1536 PrivilegeCount
= CurrentPrivileges
->PrivilegeCount
;
1537 TRACE("Current privilege count: %lu\n", PrivilegeCount
);
1539 /* Calculate the number of privileges in the combined privilege set */
1540 for (i
= 0; i
< Privileges
->PrivilegeCount
; i
++)
1543 for (j
= 0; j
< CurrentPrivileges
->PrivilegeCount
; j
++)
1545 if (RtlEqualLuid(&(Privileges
->Privilege
[i
].Luid
),
1546 &(CurrentPrivileges
->Privilege
[i
].Luid
)))
1553 if (bFound
== FALSE
)
1555 TRACE("Found new privilege\n");
1559 TRACE("New privilege count: %lu\n", PrivilegeCount
);
1561 /* Calculate the size of the new privilege set and allocate it */
1562 PrivilegeSetSize
= sizeof(PRIVILEGE_SET
) +
1563 (PrivilegeCount
- 1) * sizeof(LUID_AND_ATTRIBUTES
);
1564 NewPrivileges
= MIDL_user_allocate(PrivilegeSetSize
);
1565 if (NewPrivileges
== NULL
)
1567 Status
= STATUS_NO_MEMORY
;
1571 /* Initialize the new privilege set */
1572 NewPrivileges
->PrivilegeCount
= PrivilegeCount
;
1573 NewPrivileges
->Control
= 0;
1575 /* Copy all privileges from the current privilege set */
1576 RtlCopyLuidAndAttributesArray(CurrentPrivileges
->PrivilegeCount
,
1577 &(CurrentPrivileges
->Privilege
[0]),
1578 &(NewPrivileges
->Privilege
[0]));
1580 /* Add new privileges to the new privilege set */
1581 PrivilegeCount
= CurrentPrivileges
->PrivilegeCount
;
1582 for (i
= 0; i
< Privileges
->PrivilegeCount
; i
++)
1585 for (j
= 0; j
< CurrentPrivileges
->PrivilegeCount
; j
++)
1587 if (RtlEqualLuid(&(Privileges
->Privilege
[i
].Luid
),
1588 &(CurrentPrivileges
->Privilege
[i
].Luid
)))
1590 /* Overwrite attributes if a matching privilege was found */
1591 NewPrivileges
->Privilege
[j
].Attributes
= Privileges
->Privilege
[i
].Attributes
;
1598 if (bFound
== FALSE
)
1600 /* Copy the new privilege */
1601 RtlCopyLuidAndAttributesArray(1,
1602 (PLUID_AND_ATTRIBUTES
)&(Privileges
->Privilege
[i
]),
1603 &(NewPrivileges
->Privilege
[PrivilegeCount
]));
1608 /* Set the new privilege set */
1609 Status
= LsapSetObjectAttribute(AccountObject
,
1616 if (CurrentPrivileges
!= NULL
)
1617 MIDL_user_free(CurrentPrivileges
);
1619 if (NewPrivileges
!= NULL
)
1620 MIDL_user_free(NewPrivileges
);
1627 NTSTATUS WINAPI
LsarRemovePrivilegesFromAccount(
1628 LSAPR_HANDLE AccountHandle
,
1629 BOOLEAN AllPrivileges
,
1630 PLSAPR_PRIVILEGE_SET Privileges
)
1632 PLSA_DB_OBJECT AccountObject
;
1633 PPRIVILEGE_SET CurrentPrivileges
= NULL
;
1634 PPRIVILEGE_SET NewPrivileges
= NULL
;
1635 ULONG PrivilegeSetSize
= 0;
1636 ULONG PrivilegeCount
;
1641 TRACE("LsarRemovePrivilegesFromAccount(%p %u %p)\n",
1642 AccountHandle
, AllPrivileges
, Privileges
);
1645 if ((AllPrivileges
== FALSE
&& Privileges
== NULL
) ||
1646 (AllPrivileges
== TRUE
&& Privileges
!= NULL
))
1647 return STATUS_INVALID_PARAMETER
;
1649 /* Validate the AccountHandle */
1650 Status
= LsapValidateDbObject(AccountHandle
,
1652 ACCOUNT_ADJUST_PRIVILEGES
,
1654 if (!NT_SUCCESS(Status
))
1656 ERR("LsapValidateDbObject returned 0x%08lx\n", Status
);
1660 if (AllPrivileges
== TRUE
)
1662 /* Delete the Privilgs attribute */
1663 Status
= LsapDeleteObjectAttribute(AccountObject
,
1665 if (Status
== STATUS_OBJECT_NAME_NOT_FOUND
)
1666 Status
= STATUS_SUCCESS
;
1670 /* Get the size of the Privilgs attribute */
1671 Status
= LsapGetObjectAttribute(AccountObject
,
1675 if (!NT_SUCCESS(Status
))
1678 /* Succeed, if there is no privilege set to remove privileges from */
1679 if (PrivilegeSetSize
== 0)
1681 Status
= STATUS_SUCCESS
;
1685 /* Allocate memory for the stored privilege set */
1686 CurrentPrivileges
= MIDL_user_allocate(PrivilegeSetSize
);
1687 if (CurrentPrivileges
== NULL
)
1688 return STATUS_NO_MEMORY
;
1690 /* Get the current privilege set */
1691 Status
= LsapGetObjectAttribute(AccountObject
,
1695 if (!NT_SUCCESS(Status
))
1697 TRACE("LsapGetObjectAttribute() failed (Status 0x%08lx)\n", Status
);
1701 PrivilegeCount
= CurrentPrivileges
->PrivilegeCount
;
1702 TRACE("Current privilege count: %lu\n", PrivilegeCount
);
1704 /* Calculate the number of privileges in the new privilege set */
1705 for (i
= 0; i
< CurrentPrivileges
->PrivilegeCount
; i
++)
1707 for (j
= 0; j
< Privileges
->PrivilegeCount
; j
++)
1709 if (RtlEqualLuid(&(CurrentPrivileges
->Privilege
[i
].Luid
),
1710 &(Privileges
->Privilege
[j
].Luid
)))
1712 if (PrivilegeCount
> 0)
1717 TRACE("New privilege count: %lu\n", PrivilegeCount
);
1719 if (PrivilegeCount
== 0)
1721 /* Delete the Privilgs attribute */
1722 Status
= LsapDeleteObjectAttribute(AccountObject
,
1724 if (Status
== STATUS_OBJECT_NAME_NOT_FOUND
)
1725 Status
= STATUS_SUCCESS
;
1729 /* Calculate the size of the new privilege set and allocate it */
1730 PrivilegeSetSize
= sizeof(PRIVILEGE_SET
) +
1731 (PrivilegeCount
- 1) * sizeof(LUID_AND_ATTRIBUTES
);
1732 NewPrivileges
= MIDL_user_allocate(PrivilegeSetSize
);
1733 if (NewPrivileges
== NULL
)
1735 Status
= STATUS_NO_MEMORY
;
1739 /* Initialize the new privilege set */
1740 NewPrivileges
->PrivilegeCount
= PrivilegeCount
;
1741 NewPrivileges
->Control
= 0;
1743 /* Copy the privileges which are not to be removed */
1744 for (i
= 0, k
= 0; i
< CurrentPrivileges
->PrivilegeCount
; i
++)
1747 for (j
= 0; j
< Privileges
->PrivilegeCount
; j
++)
1749 if (RtlEqualLuid(&(CurrentPrivileges
->Privilege
[i
].Luid
),
1750 &(Privileges
->Privilege
[j
].Luid
)))
1754 if (bFound
== FALSE
)
1756 /* Copy the privilege */
1757 RtlCopyLuidAndAttributesArray(1,
1758 &(CurrentPrivileges
->Privilege
[i
]),
1759 &(NewPrivileges
->Privilege
[k
]));
1764 /* Set the new privilege set */
1765 Status
= LsapSetObjectAttribute(AccountObject
,
1773 if (CurrentPrivileges
!= NULL
)
1774 MIDL_user_free(CurrentPrivileges
);
1776 if (NewPrivileges
!= NULL
)
1777 MIDL_user_free(NewPrivileges
);
1784 NTSTATUS WINAPI
LsarGetQuotasForAccount(
1785 LSAPR_HANDLE AccountHandle
,
1786 PQUOTA_LIMITS QuotaLimits
)
1788 PLSA_DB_OBJECT AccountObject
;
1792 TRACE("LsarGetQuotasForAccount(%p %p)\n",
1793 AccountHandle
, QuotaLimits
);
1795 /* Validate the account handle */
1796 Status
= LsapValidateDbObject(AccountHandle
,
1800 if (!NT_SUCCESS(Status
))
1802 ERR("Invalid handle (Status %lx)\n", Status
);
1806 /* Get the quota attribute */
1807 Status
= LsapGetObjectAttribute(AccountObject
,
1817 NTSTATUS WINAPI
LsarSetQuotasForAccount(
1818 LSAPR_HANDLE AccountHandle
,
1819 PQUOTA_LIMITS QuotaLimits
)
1821 PLSA_DB_OBJECT AccountObject
;
1822 QUOTA_LIMITS InternalQuotaLimits
;
1826 TRACE("LsarSetQuotasForAccount(%p %p)\n",
1827 AccountHandle
, QuotaLimits
);
1829 /* Validate the account handle */
1830 Status
= LsapValidateDbObject(AccountHandle
,
1832 ACCOUNT_ADJUST_QUOTAS
,
1834 if (!NT_SUCCESS(Status
))
1836 ERR("Invalid handle (Status %lx)\n", Status
);
1840 /* Get the quota limits attribute */
1841 Size
= sizeof(QUOTA_LIMITS
);
1842 Status
= LsapGetObjectAttribute(AccountObject
,
1844 &InternalQuotaLimits
,
1846 if (!NT_SUCCESS(Status
))
1848 TRACE("LsapGetObjectAttribute() failed (Status 0x%08lx)\n", Status
);
1852 /* Update the quota limits */
1853 if (QuotaLimits
->PagedPoolLimit
!= 0)
1854 InternalQuotaLimits
.PagedPoolLimit
= QuotaLimits
->PagedPoolLimit
;
1856 if (QuotaLimits
->NonPagedPoolLimit
!= 0)
1857 InternalQuotaLimits
.NonPagedPoolLimit
= QuotaLimits
->NonPagedPoolLimit
;
1859 if (QuotaLimits
->MinimumWorkingSetSize
!= 0)
1860 InternalQuotaLimits
.MinimumWorkingSetSize
= QuotaLimits
->MinimumWorkingSetSize
;
1862 if (QuotaLimits
->MaximumWorkingSetSize
!= 0)
1863 InternalQuotaLimits
.MaximumWorkingSetSize
= QuotaLimits
->MaximumWorkingSetSize
;
1865 if (QuotaLimits
->PagefileLimit
!= 0)
1866 InternalQuotaLimits
.PagefileLimit
= QuotaLimits
->PagefileLimit
;
1868 /* Set the quota limits attribute */
1869 Status
= LsapSetObjectAttribute(AccountObject
,
1871 &InternalQuotaLimits
,
1872 sizeof(QUOTA_LIMITS
));
1879 NTSTATUS WINAPI
LsarGetSystemAccessAccount(
1880 LSAPR_HANDLE AccountHandle
,
1881 ACCESS_MASK
*SystemAccess
)
1883 PLSA_DB_OBJECT AccountObject
;
1884 ULONG Size
= sizeof(ACCESS_MASK
);
1887 TRACE("LsarGetSystemAccessAccount(%p %p)\n",
1888 AccountHandle
, SystemAccess
);
1890 /* Validate the account handle */
1891 Status
= LsapValidateDbObject(AccountHandle
,
1895 if (!NT_SUCCESS(Status
))
1897 ERR("Invalid handle (Status %lx)\n", Status
);
1901 /* Get the system access flags */
1902 Status
= LsapGetObjectAttribute(AccountObject
,
1912 NTSTATUS WINAPI
LsarSetSystemAccessAccount(
1913 LSAPR_HANDLE AccountHandle
,
1914 ACCESS_MASK SystemAccess
)
1916 PLSA_DB_OBJECT AccountObject
;
1919 TRACE("LsarSetSystemAccessAccount(%p %lx)\n",
1920 AccountHandle
, SystemAccess
);
1922 /* Validate the account handle */
1923 Status
= LsapValidateDbObject(AccountHandle
,
1925 ACCOUNT_ADJUST_SYSTEM_ACCESS
,
1927 if (!NT_SUCCESS(Status
))
1929 ERR("Invalid handle (Status %lx)\n", Status
);
1933 /* Set the system access flags */
1934 Status
= LsapSetObjectAttribute(AccountObject
,
1937 sizeof(ACCESS_MASK
));
1944 NTSTATUS WINAPI
LsarOpenTrustedDomain(
1945 LSAPR_HANDLE PolicyHandle
,
1946 PRPC_SID TrustedDomainSid
,
1947 ACCESS_MASK DesiredAccess
,
1948 LSAPR_HANDLE
*TrustedDomainHandle
)
1951 return STATUS_NOT_IMPLEMENTED
;
1956 NTSTATUS WINAPI
LsarQueryInfoTrustedDomain(
1957 LSAPR_HANDLE TrustedDomainHandle
,
1958 TRUSTED_INFORMATION_CLASS InformationClass
,
1959 PLSAPR_TRUSTED_DOMAIN_INFO
*TrustedDomainInformation
)
1962 return STATUS_NOT_IMPLEMENTED
;
1967 NTSTATUS WINAPI
LsarSetInformationTrustedDomain(
1968 LSAPR_HANDLE TrustedDomainHandle
,
1969 TRUSTED_INFORMATION_CLASS InformationClass
,
1970 PLSAPR_TRUSTED_DOMAIN_INFO TrustedDomainInformation
)
1973 return STATUS_NOT_IMPLEMENTED
;
1978 NTSTATUS WINAPI
LsarOpenSecret(
1979 LSAPR_HANDLE PolicyHandle
,
1980 PRPC_UNICODE_STRING SecretName
,
1981 ACCESS_MASK DesiredAccess
,
1982 LSAPR_HANDLE
*SecretHandle
)
1984 PLSA_DB_OBJECT PolicyObject
;
1985 PLSA_DB_OBJECT SecretObject
= NULL
;
1986 NTSTATUS Status
= STATUS_SUCCESS
;
1988 TRACE("LsarOpenSecret(%p %wZ %lx %p)\n",
1989 PolicyHandle
, SecretName
, DesiredAccess
, SecretHandle
);
1991 /* Validate the PolicyHandle */
1992 Status
= LsapValidateDbObject(PolicyHandle
,
1996 if (!NT_SUCCESS(Status
))
1998 ERR("LsapValidateDbObject returned 0x%08lx\n", Status
);
2002 /* Create the secret object */
2003 Status
= LsapOpenDbObject(PolicyObject
,
2008 PolicyObject
->Trusted
,
2010 if (!NT_SUCCESS(Status
))
2012 ERR("LsapOpenDbObject failed (Status 0x%08lx)\n", Status
);
2017 if (!NT_SUCCESS(Status
))
2019 if (SecretObject
!= NULL
)
2020 LsapCloseDbObject(SecretObject
);
2024 *SecretHandle
= (LSAPR_HANDLE
)SecretObject
;
2032 NTSTATUS WINAPI
LsarSetSecret(
2033 LSAPR_HANDLE SecretHandle
,
2034 PLSAPR_CR_CIPHER_VALUE EncryptedCurrentValue
,
2035 PLSAPR_CR_CIPHER_VALUE EncryptedOldValue
)
2037 PLSA_DB_OBJECT SecretObject
;
2038 PBYTE CurrentValue
= NULL
;
2039 PBYTE OldValue
= NULL
;
2040 ULONG CurrentValueLength
= 0;
2041 ULONG OldValueLength
= 0;
2045 TRACE("LsarSetSecret(%p %p %p)\n", SecretHandle
,
2046 EncryptedCurrentValue
, EncryptedOldValue
);
2048 /* Validate the SecretHandle */
2049 Status
= LsapValidateDbObject(SecretHandle
,
2053 if (!NT_SUCCESS(Status
))
2055 ERR("LsapValidateDbObject returned 0x%08lx\n", Status
);
2059 if (EncryptedCurrentValue
!= NULL
)
2061 /* FIXME: Decrypt the current value */
2062 CurrentValue
= EncryptedCurrentValue
->Buffer
;
2063 CurrentValueLength
= EncryptedCurrentValue
->MaximumLength
;
2066 /* Set the current value */
2067 Status
= LsapSetObjectAttribute(SecretObject
,
2070 CurrentValueLength
);
2071 if (!NT_SUCCESS(Status
))
2073 ERR("LsapSetObjectAttribute failed (Status 0x%08lx)\n", Status
);
2077 /* Get the current time */
2078 Status
= NtQuerySystemTime(&Time
);
2079 if (!NT_SUCCESS(Status
))
2081 ERR("NtQuerySystemTime failed (Status 0x%08lx)\n", Status
);
2085 /* Set the current time */
2086 Status
= LsapSetObjectAttribute(SecretObject
,
2089 sizeof(LARGE_INTEGER
));
2090 if (!NT_SUCCESS(Status
))
2092 ERR("LsapSetObjectAttribute failed (Status 0x%08lx)\n", Status
);
2096 if (EncryptedOldValue
!= NULL
)
2098 /* FIXME: Decrypt the old value */
2099 OldValue
= EncryptedOldValue
->Buffer
;
2100 OldValueLength
= EncryptedOldValue
->MaximumLength
;
2103 /* Set the old value */
2104 Status
= LsapSetObjectAttribute(SecretObject
,
2108 if (!NT_SUCCESS(Status
))
2110 ERR("LsapSetObjectAttribute failed (Status 0x%08lx)\n", Status
);
2114 /* Set the old time */
2115 Status
= LsapSetObjectAttribute(SecretObject
,
2118 sizeof(LARGE_INTEGER
));
2119 if (!NT_SUCCESS(Status
))
2121 ERR("LsapSetObjectAttribute failed (Status 0x%08lx)\n", Status
);
2130 NTSTATUS WINAPI
LsarQuerySecret(
2131 LSAPR_HANDLE SecretHandle
,
2132 PLSAPR_CR_CIPHER_VALUE
*EncryptedCurrentValue
,
2133 PLARGE_INTEGER CurrentValueSetTime
,
2134 PLSAPR_CR_CIPHER_VALUE
*EncryptedOldValue
,
2135 PLARGE_INTEGER OldValueSetTime
)
2137 PLSA_DB_OBJECT SecretObject
;
2138 PLSAPR_CR_CIPHER_VALUE EncCurrentValue
= NULL
;
2139 PLSAPR_CR_CIPHER_VALUE EncOldValue
= NULL
;
2140 PBYTE CurrentValue
= NULL
;
2141 PBYTE OldValue
= NULL
;
2142 ULONG CurrentValueLength
= 0;
2143 ULONG OldValueLength
= 0;
2147 TRACE("LsarQuerySecret(%p %p %p %p %p)\n", SecretHandle
,
2148 EncryptedCurrentValue
, CurrentValueSetTime
,
2149 EncryptedOldValue
, OldValueSetTime
);
2151 /* Validate the SecretHandle */
2152 Status
= LsapValidateDbObject(SecretHandle
,
2156 if (!NT_SUCCESS(Status
))
2158 ERR("LsapValidateDbObject returned 0x%08lx\n", Status
);
2162 if (EncryptedCurrentValue
!= NULL
)
2164 CurrentValueLength
= 0;
2166 /* Get the size of the current value */
2167 Status
= LsapGetObjectAttribute(SecretObject
,
2170 &CurrentValueLength
);
2171 if (!NT_SUCCESS(Status
))
2174 /* Allocate a buffer for the current value */
2175 CurrentValue
= midl_user_allocate(CurrentValueLength
);
2176 if (CurrentValue
== NULL
)
2178 Status
= STATUS_INSUFFICIENT_RESOURCES
;
2182 /* Get the current value */
2183 Status
= LsapGetObjectAttribute(SecretObject
,
2186 &CurrentValueLength
);
2187 if (!NT_SUCCESS(Status
))
2190 /* Allocate a buffer for the encrypted current value */
2191 EncCurrentValue
= midl_user_allocate(sizeof(LSAPR_CR_CIPHER_VALUE
));
2192 if (EncCurrentValue
== NULL
)
2194 Status
= STATUS_INSUFFICIENT_RESOURCES
;
2198 /* FIXME: Encrypt the current value */
2199 EncCurrentValue
->Length
= (USHORT
)(CurrentValueLength
- sizeof(WCHAR
));
2200 EncCurrentValue
->MaximumLength
= (USHORT
)CurrentValueLength
;
2201 EncCurrentValue
->Buffer
= (PBYTE
)CurrentValue
;
2204 if (CurrentValueSetTime
!= NULL
)
2206 BufferSize
= sizeof(LARGE_INTEGER
);
2208 /* Get the current value time */
2209 Status
= LsapGetObjectAttribute(SecretObject
,
2211 (PBYTE
)CurrentValueSetTime
,
2213 if (!NT_SUCCESS(Status
))
2217 if (EncryptedOldValue
!= NULL
)
2221 /* Get the size of the old value */
2222 Status
= LsapGetObjectAttribute(SecretObject
,
2226 if (!NT_SUCCESS(Status
))
2229 /* Allocate a buffer for the old value */
2230 OldValue
= midl_user_allocate(OldValueLength
);
2231 if (OldValue
== NULL
)
2233 Status
= STATUS_INSUFFICIENT_RESOURCES
;
2237 /* Get the old value */
2238 Status
= LsapGetObjectAttribute(SecretObject
,
2242 if (!NT_SUCCESS(Status
))
2245 /* Allocate a buffer for the encrypted old value */
2246 EncOldValue
= midl_user_allocate(sizeof(LSAPR_CR_CIPHER_VALUE
) + OldValueLength
);
2247 if (EncOldValue
== NULL
)
2249 Status
= STATUS_INSUFFICIENT_RESOURCES
;
2253 /* FIXME: Encrypt the old value */
2254 EncOldValue
->Length
= (USHORT
)(OldValueLength
- sizeof(WCHAR
));
2255 EncOldValue
->MaximumLength
= (USHORT
)OldValueLength
;
2256 EncOldValue
->Buffer
= (PBYTE
)OldValue
;
2259 if (OldValueSetTime
!= NULL
)
2261 BufferSize
= sizeof(LARGE_INTEGER
);
2263 /* Get the old value time */
2264 Status
= LsapGetObjectAttribute(SecretObject
,
2266 (PBYTE
)OldValueSetTime
,
2268 if (!NT_SUCCESS(Status
))
2274 if (NT_SUCCESS(Status
))
2276 if (EncryptedCurrentValue
!= NULL
)
2277 *EncryptedCurrentValue
= EncCurrentValue
;
2279 if (EncryptedOldValue
!= NULL
)
2280 *EncryptedOldValue
= EncOldValue
;
2284 if (EncryptedCurrentValue
!= NULL
)
2285 *EncryptedCurrentValue
= NULL
;
2287 if (EncryptedOldValue
!= NULL
)
2288 *EncryptedOldValue
= NULL
;
2290 if (EncCurrentValue
!= NULL
)
2291 midl_user_free(EncCurrentValue
);
2293 if (EncOldValue
!= NULL
)
2294 midl_user_free(EncOldValue
);
2296 if (CurrentValue
!= NULL
)
2297 midl_user_free(CurrentValue
);
2299 if (OldValue
!= NULL
)
2300 midl_user_free(OldValue
);
2303 TRACE("LsarQuerySecret done (Status 0x%08lx)\n", Status
);
2310 NTSTATUS WINAPI
LsarLookupPrivilegeValue(
2311 LSAPR_HANDLE PolicyHandle
,
2312 PRPC_UNICODE_STRING Name
,
2318 TRACE("LsarLookupPrivilegeValue(%p, %wZ, %p)\n",
2319 PolicyHandle
, Name
, Value
);
2321 Status
= LsapValidateDbObject(PolicyHandle
,
2323 POLICY_LOOKUP_NAMES
,
2325 if (!NT_SUCCESS(Status
))
2327 ERR("Invalid handle (Status %lx)\n", Status
);
2331 TRACE("Privilege: %wZ\n", Name
);
2333 pValue
= LsarpLookupPrivilegeValue(Name
);
2335 return STATUS_NO_SUCH_PRIVILEGE
;
2337 RtlCopyLuid(Value
, pValue
);
2339 return STATUS_SUCCESS
;
2344 NTSTATUS WINAPI
LsarLookupPrivilegeName(
2345 LSAPR_HANDLE PolicyHandle
,
2347 PRPC_UNICODE_STRING
*Name
)
2351 TRACE("LsarLookupPrivilegeName(%p, %p, %p)\n",
2352 PolicyHandle
, Value
, Name
);
2354 Status
= LsapValidateDbObject(PolicyHandle
,
2356 POLICY_LOOKUP_NAMES
,
2358 if (!NT_SUCCESS(Status
))
2360 ERR("Invalid handle\n");
2364 Status
= LsarpLookupPrivilegeName(Value
,
2372 NTSTATUS WINAPI
LsarLookupPrivilegeDisplayName(
2373 LSAPR_HANDLE PolicyHandle
,
2374 PRPC_UNICODE_STRING Name
,
2375 USHORT ClientLanguage
,
2376 USHORT ClientSystemDefaultLanguage
,
2377 PRPC_UNICODE_STRING
*DisplayName
,
2378 USHORT
*LanguageReturned
)
2382 TRACE("LsarLookupPrivilegeDisplayName(%p, %p, %u, %u, %p, %p)\n",
2383 PolicyHandle
, Name
, ClientLanguage
, ClientSystemDefaultLanguage
, DisplayName
, LanguageReturned
);
2385 Status
= LsapValidateDbObject(PolicyHandle
,
2387 POLICY_LOOKUP_NAMES
,
2389 if (!NT_SUCCESS(Status
))
2391 ERR("Invalid handle\n");
2395 Status
= LsarpLookupPrivilegeDisplayName(Name
,
2397 ClientSystemDefaultLanguage
,
2406 NTSTATUS WINAPI
LsarDeleteObject(
2407 LSAPR_HANDLE
*ObjectHandle
)
2409 PLSA_DB_OBJECT DbObject
;
2412 TRACE("LsarDeleteObject(%p)\n", ObjectHandle
);
2414 if (ObjectHandle
== NULL
)
2415 return STATUS_INVALID_PARAMETER
;
2417 /* Validate the ObjectHandle */
2418 Status
= LsapValidateDbObject(*ObjectHandle
,
2422 if (!NT_SUCCESS(Status
))
2424 ERR("LsapValidateDbObject returned 0x%08lx\n", Status
);
2428 /* You cannot delete the policy object */
2429 if (DbObject
->ObjectType
== LsaDbPolicyObject
)
2430 return STATUS_INVALID_PARAMETER
;
2432 /* Delete the database object */
2433 Status
= LsapDeleteDbObject(DbObject
);
2434 if (!NT_SUCCESS(Status
))
2436 ERR("LsapDeleteDbObject returned 0x%08lx\n", Status
);
2440 /* Invalidate the object handle */
2441 *ObjectHandle
= NULL
;
2443 return STATUS_SUCCESS
;
2448 NTSTATUS WINAPI
LsarEnumerateAccountsWithUserRight(
2449 LSAPR_HANDLE PolicyHandle
,
2450 PRPC_UNICODE_STRING UserRight
,
2451 PLSAPR_ACCOUNT_ENUM_BUFFER EnumerationBuffer
)
2453 PLSA_DB_OBJECT PolicyObject
;
2454 ACCESS_MASK AccountRight
= 0;
2456 ULONG AccountKeyBufferSize
;
2457 PWSTR AccountKeyBuffer
= NULL
;
2458 HKEY AccountsKeyHandle
= NULL
;
2459 HKEY AccountKeyHandle
= NULL
;
2460 HKEY AttributeKeyHandle
;
2461 ACCESS_MASK SystemAccess
;
2462 PPRIVILEGE_SET PrivilegeSet
;
2463 PLSAPR_ACCOUNT_INFORMATION EnumBuffer
= NULL
, ReturnBuffer
;
2464 ULONG SubKeyCount
= 0;
2465 ULONG EnumIndex
, EnumCount
;
2470 TRACE("LsarEnumerateAccountsWithUserRights(%p %wZ %p)\n",
2471 PolicyHandle
, UserRight
, EnumerationBuffer
);
2473 /* Validate the privilege and account right names */
2474 if (UserRight
!= NULL
)
2476 Luid
= LsarpLookupPrivilegeValue(UserRight
);
2479 AccountRight
= LsapLookupAccountRightValue(UserRight
);
2480 if (AccountRight
== 0)
2481 return STATUS_NO_SUCH_PRIVILEGE
;
2485 if (EnumerationBuffer
== NULL
)
2486 return STATUS_INVALID_PARAMETER
;
2488 EnumerationBuffer
->EntriesRead
= 0;
2489 EnumerationBuffer
->Information
= NULL
;
2491 /* Validate the PolicyHandle */
2492 Status
= LsapValidateDbObject(PolicyHandle
,
2494 POLICY_LOOKUP_NAMES
| POLICY_VIEW_LOCAL_INFORMATION
,
2496 if (!NT_SUCCESS(Status
))
2498 ERR("LsapValidateDbObject returned 0x%08lx\n", Status
);
2502 Status
= LsapRegOpenKey(PolicyObject
->KeyHandle
,
2505 &AccountsKeyHandle
);
2506 if (!NT_SUCCESS(Status
))
2508 ERR("LsapRegOpenKey returned 0x%08lx\n", Status
);
2512 Status
= LsapRegQueryKeyInfo(AccountsKeyHandle
,
2514 &AccountKeyBufferSize
,
2516 if (!NT_SUCCESS(Status
))
2518 ERR("LsapRegOpenKey returned 0x%08lx\n", Status
);
2522 AccountKeyBufferSize
+= sizeof(WCHAR
);
2523 AccountKeyBuffer
= RtlAllocateHeap(RtlGetProcessHeap(), 0, AccountKeyBufferSize
);
2524 if (AccountKeyBuffer
== NULL
)
2526 return STATUS_INSUFFICIENT_RESOURCES
;
2529 EnumBuffer
= RtlAllocateHeap(RtlGetProcessHeap(),
2531 SubKeyCount
* sizeof(LSAPR_ACCOUNT_INFORMATION
));
2532 if (EnumBuffer
== NULL
)
2534 Status
= STATUS_INSUFFICIENT_RESOURCES
;
2544 Status
= LsapRegEnumerateSubKey(AccountsKeyHandle
,
2546 AccountKeyBufferSize
,
2548 if (!NT_SUCCESS(Status
))
2550 if (Status
== STATUS_NO_MORE_ENTRIES
)
2551 Status
= STATUS_SUCCESS
;
2555 TRACE("EnumIndex: %lu\n", EnumIndex
);
2556 TRACE("Account key name: %S\n", AccountKeyBuffer
);
2558 Status
= LsapRegOpenKey(AccountsKeyHandle
,
2562 if (NT_SUCCESS(Status
))
2564 if (Luid
!= NULL
|| AccountRight
!= 0)
2566 Status
= LsapRegOpenKey(AccountKeyHandle
,
2567 (Luid
!= NULL
) ? L
"Privilgs" : L
"ActSysAc",
2569 &AttributeKeyHandle
);
2570 if (NT_SUCCESS(Status
))
2575 LsapRegQueryValue(AttributeKeyHandle
,
2582 PrivilegeSet
= RtlAllocateHeap(RtlGetProcessHeap(), 0, Size
);
2585 if (LsapRegQueryValue(AttributeKeyHandle
,
2589 &Size
) == STATUS_SUCCESS
)
2591 for (i
= 0; i
< PrivilegeSet
->PrivilegeCount
; i
++)
2593 if (RtlEqualLuid(&(PrivilegeSet
->Privilege
[i
].Luid
), Luid
))
2595 TRACE("%S got the privilege!\n", AccountKeyBuffer
);
2602 RtlFreeHeap(RtlGetProcessHeap(), 0, PrivilegeSet
);
2606 else if (AccountRight
!= 0)
2609 Size
= sizeof(ACCESS_MASK
);
2610 LsapRegQueryValue(AttributeKeyHandle
,
2615 if (SystemAccess
& AccountRight
)
2617 TRACE("%S got the account right!\n", AccountKeyBuffer
);
2622 LsapRegCloseKey(AttributeKeyHandle
);
2627 /* enumerate all accounts */
2633 TRACE("Add account: %S\n", AccountKeyBuffer
);
2635 Status
= LsapRegOpenKey(AccountKeyHandle
,
2638 &AttributeKeyHandle
);
2639 if (NT_SUCCESS(Status
))
2642 LsapRegQueryValue(AttributeKeyHandle
,
2649 EnumBuffer
[EnumCount
].Sid
= midl_user_allocate(Size
);
2650 if (EnumBuffer
[EnumCount
].Sid
!= NULL
)
2652 Status
= LsapRegQueryValue(AttributeKeyHandle
,
2655 EnumBuffer
[EnumCount
].Sid
,
2657 if (NT_SUCCESS(Status
))
2663 TRACE("SampRegQueryValue returned %08lX\n", Status
);
2664 midl_user_free(EnumBuffer
[EnumCount
].Sid
);
2665 EnumBuffer
[EnumCount
].Sid
= NULL
;
2670 LsapRegCloseKey(AttributeKeyHandle
);
2674 LsapRegCloseKey(AccountKeyHandle
);
2680 TRACE("EnumCount: %lu\n", EnumCount
);
2682 if (NT_SUCCESS(Status
) && EnumCount
!= 0)
2684 ReturnBuffer
= midl_user_allocate(EnumCount
* sizeof(LSAPR_ACCOUNT_INFORMATION
));
2685 if (ReturnBuffer
== NULL
)
2687 Status
= STATUS_INSUFFICIENT_RESOURCES
;
2691 RtlCopyMemory(ReturnBuffer
,
2693 EnumCount
* sizeof(LSAPR_ACCOUNT_INFORMATION
));
2695 EnumerationBuffer
->EntriesRead
= EnumCount
;
2696 EnumerationBuffer
->Information
= ReturnBuffer
;
2700 if (EnumBuffer
!= NULL
)
2702 if (Status
!= STATUS_SUCCESS
)
2704 for (i
= 0; i
< EnumCount
; i
++)
2706 if (EnumBuffer
[i
].Sid
!= NULL
)
2707 midl_user_free(EnumBuffer
[i
].Sid
);
2711 RtlFreeHeap(RtlGetProcessHeap(), 0, EnumBuffer
);
2714 if (AccountKeyBuffer
!= NULL
)
2715 RtlFreeHeap(RtlGetProcessHeap(), 0, AccountKeyBuffer
);
2717 if (Status
== STATUS_SUCCESS
&& EnumCount
== 0)
2718 Status
= STATUS_NO_MORE_ENTRIES
;
2725 NTSTATUS WINAPI
LsarEnumerateAccountRights(
2726 LSAPR_HANDLE PolicyHandle
,
2727 PRPC_SID AccountSid
,
2728 PLSAPR_USER_RIGHT_SET UserRights
)
2730 LSAPR_HANDLE AccountHandle
;
2731 PLSAPR_PRIVILEGE_SET PrivilegeSet
= NULL
;
2732 PRPC_UNICODE_STRING RightsBuffer
= NULL
;
2733 PRPC_UNICODE_STRING PrivilegeString
;
2734 ACCESS_MASK SystemAccess
= 0;
2735 ULONG RightsCount
= 0;
2740 TRACE("LsarEnumerateAccountRights(%p %p %p)\n",
2741 PolicyHandle
, AccountSid
, UserRights
);
2743 /* Open the account */
2744 Status
= LsarOpenAccount(PolicyHandle
,
2748 if (!NT_SUCCESS(Status
))
2750 WARN("LsarOpenAccount returned 0x%08lx\n", Status
);
2754 /* Enumerate the privileges */
2755 Status
= LsarEnumeratePrivilegesAccount(AccountHandle
,
2757 if (!NT_SUCCESS(Status
) && Status
!= STATUS_OBJECT_NAME_NOT_FOUND
)
2759 WARN("LsarEnumeratePrivilegesAccount returned 0x%08lx\n", Status
);
2763 /* Get account rights */
2764 Status
= LsarGetSystemAccessAccount(AccountHandle
,
2766 if (!NT_SUCCESS(Status
) && Status
!= STATUS_OBJECT_NAME_NOT_FOUND
)
2768 WARN("LsarGetSystemAccessAccount returned 0x%08lx\n", Status
);
2772 RightsCount
= PrivilegeSet
->PrivilegeCount
;
2774 /* Count account rights */
2775 for (i
= 0; i
< sizeof(ACCESS_MASK
) * 8; i
++)
2777 if (SystemAccess
& (1 << i
))
2781 /* We are done if there are no rights to be enumerated */
2782 if (RightsCount
== 0)
2784 UserRights
->Entries
= 0;
2785 UserRights
->UserRights
= NULL
;
2786 Status
= STATUS_SUCCESS
;
2790 /* Allocate a buffer for the account rights */
2791 RightsBuffer
= MIDL_user_allocate(RightsCount
* sizeof(RPC_UNICODE_STRING
));
2792 if (RightsBuffer
== NULL
)
2794 Status
= STATUS_INSUFFICIENT_RESOURCES
;
2798 /* Copy the privileges into the buffer */
2802 for (i
= 0; i
< PrivilegeSet
->PrivilegeCount
; i
++)
2804 PrivilegeString
= NULL
;
2805 Status
= LsarLookupPrivilegeName(PolicyHandle
,
2806 (PLUID
)&PrivilegeSet
->Privilege
[i
].Luid
,
2808 if (!NT_SUCCESS(Status
))
2810 WARN("LsarLookupPrivilegeName returned 0x%08lx\n", Status
);
2814 RightsBuffer
[Index
].Length
= PrivilegeString
->Length
;
2815 RightsBuffer
[Index
].MaximumLength
= PrivilegeString
->MaximumLength
;
2816 RightsBuffer
[Index
].Buffer
= PrivilegeString
->Buffer
;
2818 MIDL_user_free(PrivilegeString
);
2823 /* Copy account rights into the buffer */
2824 for (i
= 0; i
< sizeof(ACCESS_MASK
) * 8; i
++)
2826 if (SystemAccess
& (1 << i
))
2828 Status
= LsapLookupAccountRightName(1 << i
,
2830 if (!NT_SUCCESS(Status
))
2832 WARN("LsarLookupAccountRightName returned 0x%08lx\n", Status
);
2836 RightsBuffer
[Index
].Length
= PrivilegeString
->Length
;
2837 RightsBuffer
[Index
].MaximumLength
= PrivilegeString
->MaximumLength
;
2838 RightsBuffer
[Index
].Buffer
= PrivilegeString
->Buffer
;
2840 MIDL_user_free(PrivilegeString
);
2845 UserRights
->Entries
= RightsCount
;
2846 UserRights
->UserRights
= (PRPC_UNICODE_STRING
)RightsBuffer
;
2849 if (!NT_SUCCESS(Status
))
2851 if (RightsBuffer
!= NULL
)
2853 for (Index
= 0; Index
< RightsCount
; Index
++)
2855 if (RightsBuffer
[Index
].Buffer
!= NULL
)
2856 MIDL_user_free(RightsBuffer
[Index
].Buffer
);
2859 MIDL_user_free(RightsBuffer
);
2863 if (PrivilegeSet
!= NULL
)
2864 MIDL_user_free(PrivilegeSet
);
2866 LsarClose(&AccountHandle
);
2873 NTSTATUS WINAPI
LsarAddAccountRights(
2874 LSAPR_HANDLE PolicyHandle
,
2875 PRPC_SID AccountSid
,
2876 PLSAPR_USER_RIGHT_SET UserRights
)
2878 PLSA_DB_OBJECT PolicyObject
;
2879 PLSA_DB_OBJECT AccountObject
= NULL
;
2880 ULONG ulNewPrivileges
= 0, ulNewRights
= 0;
2881 ACCESS_MASK SystemAccess
= 0;
2882 ULONG Size
, Value
, i
, j
;
2883 PPRIVILEGE_SET PrivilegeSet
= NULL
;
2884 ULONG PrivilegeSetBufferSize
= 0;
2885 ULONG PrivilegeCount
;
2890 TRACE("LsarAddAccountRights(%p %p %p)\n",
2891 PolicyHandle
, AccountSid
, UserRights
);
2893 /* Validate the AccountSid */
2894 if (!RtlValidSid(AccountSid
))
2895 return STATUS_INVALID_PARAMETER
;
2897 /* Validate the UserRights */
2898 if (UserRights
== NULL
)
2899 return STATUS_INVALID_PARAMETER
;
2901 /* Validate the privilege and account right names */
2902 for (i
= 0; i
< UserRights
->Entries
; i
++)
2904 if (LsarpLookupPrivilegeValue(&UserRights
->UserRights
[i
]) != NULL
)
2910 if (LsapLookupAccountRightValue(&UserRights
->UserRights
[i
]) == 0)
2911 return STATUS_NO_SUCH_PRIVILEGE
;
2917 TRACE("ulNewPrivileges: %lu\n", ulNewPrivileges
);
2918 TRACE("ulNewRights: %lu\n", ulNewRights
);
2920 /* Validate the PolicyHandle */
2921 Status
= LsapValidateDbObject(PolicyHandle
,
2923 POLICY_LOOKUP_NAMES
,
2925 if (!NT_SUCCESS(Status
))
2927 WARN("LsapValidateDbObject returned 0x%08lx\n", Status
);
2931 /* Open the account */
2932 Status
= LsarpOpenAccount(PolicyObject
,
2936 if (!NT_SUCCESS(Status
) && Status
!= STATUS_OBJECT_NAME_NOT_FOUND
)
2938 WARN("LsarpOpenAccount returned 0x%08lx\n", Status
);
2941 else if (Status
== STATUS_OBJECT_NAME_NOT_FOUND
)
2943 /* Create a new account if it does not yet exist */
2944 Status
= LsarpCreateAccount(PolicyObject
,
2948 if (!NT_SUCCESS(Status
))
2950 WARN("LsarpCreateAccount returned 0x%08lx\n", Status
);
2955 if (ulNewPrivileges
> 0)
2959 /* Get the size of the Privilgs attribute */
2960 Status
= LsapGetObjectAttribute(AccountObject
,
2964 if (!NT_SUCCESS(Status
) && Status
!= STATUS_OBJECT_NAME_NOT_FOUND
)
2967 /* Calculate the required privilege set buffer size */
2969 PrivilegeSetBufferSize
= sizeof(PRIVILEGE_SET
) +
2970 (ulNewPrivileges
- 1) * sizeof(LUID_AND_ATTRIBUTES
);
2972 PrivilegeSetBufferSize
= Size
+
2973 ulNewPrivileges
* sizeof(LUID_AND_ATTRIBUTES
);
2975 /* Allocate the privilege set buffer */
2976 PrivilegeSet
= RtlAllocateHeap(RtlGetProcessHeap(),
2978 PrivilegeSetBufferSize
);
2979 if (PrivilegeSet
== NULL
)
2980 return STATUS_NO_MEMORY
;
2982 /* Get the privilege set */
2985 Status
= LsapGetObjectAttribute(AccountObject
,
2989 if (!NT_SUCCESS(Status
))
2991 WARN("LsapGetObjectAttribute() failed (Status 0x%08lx)\n", Status
);
2996 PrivilegeCount
= PrivilegeSet
->PrivilegeCount
;
2997 TRACE("Privilege count: %lu\n", PrivilegeCount
);
2999 for (i
= 0; i
< UserRights
->Entries
; i
++)
3001 pLuid
= LsarpLookupPrivilegeValue(&UserRights
->UserRights
[i
]);
3006 for (j
= 0; j
< PrivilegeSet
->PrivilegeCount
; j
++)
3008 if (RtlEqualLuid(&(PrivilegeSet
->Privilege
[j
].Luid
), pLuid
))
3015 if (bFound
== FALSE
)
3017 /* Copy the new privilege */
3018 RtlCopyMemory(&(PrivilegeSet
->Privilege
[PrivilegeSet
->PrivilegeCount
]),
3021 PrivilegeSet
->PrivilegeCount
++;
3025 /* Store the extended privilege set */
3026 if (PrivilegeCount
!= PrivilegeSet
->PrivilegeCount
)
3028 Size
= sizeof(PRIVILEGE_SET
) +
3029 (PrivilegeSet
->PrivilegeCount
- 1) * sizeof(LUID_AND_ATTRIBUTES
);
3031 Status
= LsapSetObjectAttribute(AccountObject
,
3035 if (!NT_SUCCESS(Status
))
3037 WARN("LsapSetObjectAttribute() failed (Status 0x%08lx)\n", Status
);
3043 if (ulNewRights
> 0)
3045 Size
= sizeof(ACCESS_MASK
);
3047 /* Get the system access flags, if the attribute exists */
3048 Status
= LsapGetObjectAttribute(AccountObject
,
3052 if (!NT_SUCCESS(Status
) && Status
!= STATUS_OBJECT_NAME_NOT_FOUND
)
3055 /* Set the new access rights */
3056 for (i
= 0; i
< UserRights
->Entries
; i
++)
3058 Value
= LsapLookupAccountRightValue(&UserRights
->UserRights
[i
]);
3060 SystemAccess
|= Value
;
3063 /* Set the system access flags */
3064 Status
= LsapSetObjectAttribute(AccountObject
,
3067 sizeof(ACCESS_MASK
));
3071 if (PrivilegeSet
!= NULL
)
3072 RtlFreeHeap(RtlGetProcessHeap(), 0, PrivilegeSet
);
3074 if (AccountObject
!= NULL
)
3075 LsapCloseDbObject(AccountObject
);
3082 NTSTATUS WINAPI
LsarRemoveAccountRights(
3083 LSAPR_HANDLE PolicyHandle
,
3084 PRPC_SID AccountSid
,
3086 PLSAPR_USER_RIGHT_SET UserRights
)
3088 PLSA_DB_OBJECT PolicyObject
;
3089 PLSA_DB_OBJECT AccountObject
= NULL
;
3090 ULONG PrivilegesToRemove
= 0, RightsToRemove
= 0;
3091 ACCESS_MASK SystemAccess
= 0;
3092 ULONG Size
, Value
, i
, j
, Index
;
3093 PPRIVILEGE_SET PrivilegeSet
= NULL
;
3094 ULONG PrivilegeCount
;
3098 TRACE("LsarRemoveAccountRights(%p %p %lu %p)\n",
3099 PolicyHandle
, AccountSid
, AllRights
, UserRights
);
3101 /* Validate the AccountSid */
3102 if (!RtlValidSid(AccountSid
))
3103 return STATUS_INVALID_PARAMETER
;
3105 /* Validate the UserRights */
3106 if (UserRights
== NULL
)
3107 return STATUS_INVALID_PARAMETER
;
3109 /* Validate the privilege and account right names */
3110 for (i
= 0; i
< UserRights
->Entries
; i
++)
3112 if (LsarpLookupPrivilegeValue(&UserRights
->UserRights
[i
]) != NULL
)
3114 PrivilegesToRemove
++;
3118 if (LsapLookupAccountRightValue(&UserRights
->UserRights
[i
]) == 0)
3119 return STATUS_NO_SUCH_PRIVILEGE
;
3125 /* Validate the PolicyHandle */
3126 Status
= LsapValidateDbObject(PolicyHandle
,
3128 POLICY_LOOKUP_NAMES
,
3130 if (!NT_SUCCESS(Status
))
3132 ERR("LsapValidateDbObject returned 0x%08lx\n", Status
);
3136 /* Open the account */
3137 Status
= LsarpOpenAccount(PolicyObject
,
3141 if (!NT_SUCCESS(Status
) && Status
!= STATUS_OBJECT_NAME_NOT_FOUND
)
3143 ERR("LsarpOpenAccount returned 0x%08lx\n", Status
);
3147 if (AllRights
== FALSE
)
3149 /* Get the size of the Privilgs attribute */
3151 Status
= LsapGetObjectAttribute(AccountObject
,
3155 if (!NT_SUCCESS(Status
) && Status
!= STATUS_OBJECT_NAME_NOT_FOUND
)
3158 if ((Size
!= 0) && (PrivilegesToRemove
!= 0))
3160 /* Allocate the privilege set buffer */
3161 PrivilegeSet
= RtlAllocateHeap(RtlGetProcessHeap(),
3164 if (PrivilegeSet
== NULL
)
3165 return STATUS_NO_MEMORY
;
3167 /* Get the privilege set */
3168 Status
= LsapGetObjectAttribute(AccountObject
,
3172 if (!NT_SUCCESS(Status
))
3174 ERR("LsapGetObjectAttribute() failed (Status 0x%08lx)\n", Status
);
3178 PrivilegeCount
= PrivilegeSet
->PrivilegeCount
;
3180 for (i
= 0; i
< UserRights
->Entries
; i
++)
3182 pLuid
= LsarpLookupPrivilegeValue(&UserRights
->UserRights
[i
]);
3187 for (j
= 0; j
< PrivilegeSet
->PrivilegeCount
; j
++)
3189 if (RtlEqualLuid(&(PrivilegeSet
->Privilege
[j
].Luid
), pLuid
))
3198 /* Remove the privilege */
3199 if ((PrivilegeSet
->PrivilegeCount
> 1) &&
3200 (Index
< PrivilegeSet
->PrivilegeCount
- 1))
3201 RtlMoveMemory(&(PrivilegeSet
->Privilege
[Index
]),
3202 &(PrivilegeSet
->Privilege
[Index
+ 1]),
3203 (Index
- PrivilegeSet
->PrivilegeCount
- 1) * sizeof(LUID
));
3205 /* Wipe the last entry */
3206 RtlZeroMemory(&(PrivilegeSet
->Privilege
[PrivilegeSet
->PrivilegeCount
- 1]),
3209 PrivilegeSet
->PrivilegeCount
--;
3213 /* Store the extended privilege set */
3214 if (PrivilegeCount
!= PrivilegeSet
->PrivilegeCount
)
3216 Size
= sizeof(PRIVILEGE_SET
) +
3217 (PrivilegeSet
->PrivilegeCount
- 1) * sizeof(LUID_AND_ATTRIBUTES
);
3219 Status
= LsapSetObjectAttribute(AccountObject
,
3223 if (!NT_SUCCESS(Status
))
3225 ERR("LsapSetObjectAttribute() failed (Status 0x%08lx)\n", Status
);
3231 /* Get the system access flags, if the attribute exists */
3233 Status
= LsapGetObjectAttribute(AccountObject
,
3237 if (!NT_SUCCESS(Status
) && Status
!= STATUS_OBJECT_NAME_NOT_FOUND
)
3240 if ((Size
!= 0) && (RightsToRemove
!= 0))
3242 ERR("Rights: 0x%lx\n", SystemAccess
);
3244 /* Set the new access rights */
3245 for (i
= 0; i
< UserRights
->Entries
; i
++)
3247 Value
= LsapLookupAccountRightValue(&UserRights
->UserRights
[i
]);
3249 SystemAccess
&= ~Value
;
3251 ERR("New Rights: 0x%lx\n", SystemAccess
);
3253 /* Set the system access flags */
3254 Status
= LsapSetObjectAttribute(AccountObject
,
3257 sizeof(ACCESS_MASK
));
3265 if (PrivilegeSet
!= NULL
)
3266 RtlFreeHeap(RtlGetProcessHeap(), 0, PrivilegeSet
);
3268 if (AccountObject
!= NULL
)
3269 LsapCloseDbObject(AccountObject
);
3276 NTSTATUS WINAPI
LsarQueryTrustedDomainInfo(
3277 LSAPR_HANDLE PolicyHandle
,
3278 PRPC_SID TrustedDomainSid
,
3279 TRUSTED_INFORMATION_CLASS InformationClass
,
3280 PLSAPR_TRUSTED_DOMAIN_INFO
*TrustedDomainInformation
)
3282 /* FIXME: We are not running an AD yet */
3283 return STATUS_DIRECTORY_SERVICE_REQUIRED
;
3288 NTSTATUS WINAPI
LsarSetTrustedDomainInfo(
3289 LSAPR_HANDLE PolicyHandle
,
3290 PRPC_SID TrustedDomainSid
,
3291 TRUSTED_INFORMATION_CLASS InformationClass
,
3292 PLSAPR_TRUSTED_DOMAIN_INFO TrustedDomainInformation
)
3294 /* FIXME: We are not running an AD yet */
3295 return STATUS_DIRECTORY_SERVICE_REQUIRED
;
3300 NTSTATUS WINAPI
LsarDeleteTrustedDomain(
3301 LSAPR_HANDLE PolicyHandle
,
3302 PRPC_SID TrustedDomainSid
)
3304 /* FIXME: We are not running an AD yet */
3305 return STATUS_DIRECTORY_SERVICE_REQUIRED
;
3310 NTSTATUS WINAPI
LsarStorePrivateData(
3311 LSAPR_HANDLE PolicyHandle
,
3312 PRPC_UNICODE_STRING KeyName
,
3313 PLSAPR_CR_CIPHER_VALUE EncryptedData
)
3315 PLSA_DB_OBJECT PolicyObject
= NULL
;
3316 PLSA_DB_OBJECT SecretsObject
= NULL
;
3317 PLSA_DB_OBJECT SecretObject
= NULL
;
3320 ULONG ValueLength
= 0;
3323 TRACE("LsarStorePrivateData(%p %p %p)\n",
3324 PolicyHandle
, KeyName
, EncryptedData
);
3326 /* Validate the SecretHandle */
3327 Status
= LsapValidateDbObject(PolicyHandle
,
3329 POLICY_CREATE_SECRET
,
3331 if (!NT_SUCCESS(Status
))
3333 ERR("LsapValidateDbObject returned 0x%08lx\n", Status
);
3337 /* Open the 'Secrets' object */
3338 Status
= LsapOpenDbObject(PolicyObject
,
3343 PolicyObject
->Trusted
,
3345 if (!NT_SUCCESS(Status
))
3347 ERR("LsapOpenDbObject failed (Status 0x%08lx)\n", Status
);
3351 if (EncryptedData
== NULL
)
3353 /* Open the Secret object */
3354 Status
= LsapOpenDbObject(SecretsObject
,
3359 PolicyObject
->Trusted
,
3361 if (!NT_SUCCESS(Status
))
3363 ERR("LsapOpenDbObject failed (Status 0x%08lx)\n", Status
);
3367 /* Delete the secret */
3368 Status
= LsapDeleteDbObject(SecretObject
);
3369 if (NT_SUCCESS(Status
))
3370 SecretObject
= NULL
;
3374 /* Create the Secret object */
3375 Status
= LsapCreateDbObject(SecretsObject
,
3380 PolicyObject
->Trusted
,
3382 if (!NT_SUCCESS(Status
))
3384 ERR("LsapCreateDbObject failed (Status 0x%08lx)\n", Status
);
3388 /* FIXME: Decrypt data */
3389 Value
= EncryptedData
->Buffer
;
3390 ValueLength
= EncryptedData
->MaximumLength
;
3392 /* Get the current time */
3393 Status
= NtQuerySystemTime(&Time
);
3394 if (!NT_SUCCESS(Status
))
3396 ERR("NtQuerySystemTime failed (Status 0x%08lx)\n", Status
);
3400 /* Set the current value */
3401 Status
= LsapSetObjectAttribute(SecretObject
,
3405 if (!NT_SUCCESS(Status
))
3407 ERR("LsapSetObjectAttribute failed (Status 0x%08lx)\n", Status
);
3411 /* Set the current time */
3412 Status
= LsapSetObjectAttribute(SecretObject
,
3415 sizeof(LARGE_INTEGER
));
3416 if (!NT_SUCCESS(Status
))
3418 ERR("LsapSetObjectAttribute failed (Status 0x%08lx)\n", Status
);
3422 /* Get the current time */
3423 Status
= NtQuerySystemTime(&Time
);
3424 if (!NT_SUCCESS(Status
))
3426 ERR("NtQuerySystemTime failed (Status 0x%08lx)\n", Status
);
3430 /* Set the old value */
3431 Status
= LsapSetObjectAttribute(SecretObject
,
3435 if (!NT_SUCCESS(Status
))
3437 ERR("LsapSetObjectAttribute failed (Status 0x%08lx)\n", Status
);
3441 /* Set the old time */
3442 Status
= LsapSetObjectAttribute(SecretObject
,
3445 sizeof(LARGE_INTEGER
));
3446 if (!NT_SUCCESS(Status
))
3448 ERR("LsapSetObjectAttribute failed (Status 0x%08lx)\n", Status
);
3453 if (SecretObject
!= NULL
)
3454 LsapCloseDbObject(SecretObject
);
3456 if (SecretsObject
!= NULL
)
3457 LsapCloseDbObject(SecretsObject
);
3464 NTSTATUS WINAPI
LsarRetrievePrivateData(
3465 LSAPR_HANDLE PolicyHandle
,
3466 PRPC_UNICODE_STRING KeyName
,
3467 PLSAPR_CR_CIPHER_VALUE
*EncryptedData
)
3469 PLSA_DB_OBJECT PolicyObject
= NULL
;
3470 PLSA_DB_OBJECT SecretObject
= NULL
;
3471 PLSAPR_CR_CIPHER_VALUE EncCurrentValue
= NULL
;
3472 ULONG CurrentValueLength
= 0;
3473 PBYTE CurrentValue
= NULL
;
3476 TRACE("LsarRetrievePrivateData(%p %wZ %p)\n",
3477 PolicyHandle
, KeyName
, EncryptedData
);
3479 /* Validate the SecretHandle */
3480 Status
= LsapValidateDbObject(PolicyHandle
,
3482 POLICY_CREATE_SECRET
,
3484 if (!NT_SUCCESS(Status
))
3486 ERR("LsapValidateDbObject returned 0x%08lx\n", Status
);
3490 /* Open the secret object */
3491 Status
= LsapOpenDbObject(PolicyObject
,
3496 PolicyObject
->Trusted
,
3498 if (!NT_SUCCESS(Status
))
3500 ERR("LsapOpenDbObject failed (Status 0x%08lx)\n", Status
);
3504 /* Get the size of the current value */
3505 Status
= LsapGetObjectAttribute(SecretObject
,
3508 &CurrentValueLength
);
3509 if (!NT_SUCCESS(Status
))
3512 /* Allocate a buffer for the current value */
3513 CurrentValue
= midl_user_allocate(CurrentValueLength
);
3514 if (CurrentValue
== NULL
)
3516 Status
= STATUS_INSUFFICIENT_RESOURCES
;
3520 /* Get the current value */
3521 Status
= LsapGetObjectAttribute(SecretObject
,
3524 &CurrentValueLength
);
3525 if (!NT_SUCCESS(Status
))
3528 /* Allocate a buffer for the encrypted current value */
3529 EncCurrentValue
= midl_user_allocate(sizeof(LSAPR_CR_CIPHER_VALUE
) + CurrentValueLength
);
3530 if (EncCurrentValue
== NULL
)
3532 Status
= STATUS_INSUFFICIENT_RESOURCES
;
3536 /* FIXME: Encrypt the current value */
3537 EncCurrentValue
->Length
= (USHORT
)(CurrentValueLength
- sizeof(WCHAR
));
3538 EncCurrentValue
->MaximumLength
= (USHORT
)CurrentValueLength
;
3539 EncCurrentValue
->Buffer
= (PBYTE
)(EncCurrentValue
+ 1);
3540 RtlCopyMemory(EncCurrentValue
->Buffer
,
3542 CurrentValueLength
);
3545 if (NT_SUCCESS(Status
))
3547 if (EncryptedData
!= NULL
)
3548 *EncryptedData
= EncCurrentValue
;
3552 if (EncryptedData
!= NULL
)
3553 *EncryptedData
= NULL
;
3555 if (EncCurrentValue
!= NULL
)
3556 midl_user_free(EncCurrentValue
);
3559 if (SecretObject
!= NULL
)
3560 LsapCloseDbObject(SecretObject
);
3567 NTSTATUS WINAPI
LsarOpenPolicy2(
3569 PLSAPR_OBJECT_ATTRIBUTES ObjectAttributes
,
3570 ACCESS_MASK DesiredAccess
,
3571 LSAPR_HANDLE
*PolicyHandle
)
3573 return LsarOpenPolicy(SystemName
,
3581 NTSTATUS WINAPI
LsarGetUserName(
3583 PRPC_UNICODE_STRING
*UserName
,
3584 PRPC_UNICODE_STRING
*DomainName
)
3587 return STATUS_NOT_IMPLEMENTED
;
3592 NTSTATUS WINAPI
LsarQueryInformationPolicy2(
3593 LSAPR_HANDLE PolicyHandle
,
3594 POLICY_INFORMATION_CLASS InformationClass
,
3595 PLSAPR_POLICY_INFORMATION
*PolicyInformation
)
3597 return LsarQueryInformationPolicy(PolicyHandle
,
3604 NTSTATUS WINAPI
LsarSetInformationPolicy2(
3605 LSAPR_HANDLE PolicyHandle
,
3606 POLICY_INFORMATION_CLASS InformationClass
,
3607 PLSAPR_POLICY_INFORMATION PolicyInformation
)
3609 return LsarSetInformationPolicy(PolicyHandle
,
3616 NTSTATUS WINAPI
LsarQueryTrustedDomainInfoByName(
3617 LSAPR_HANDLE PolicyHandle
,
3618 PRPC_UNICODE_STRING TrustedDomainName
,
3619 POLICY_INFORMATION_CLASS InformationClass
,
3620 PLSAPR_TRUSTED_DOMAIN_INFO
*PolicyInformation
)
3622 /* FIXME: We are not running an AD yet */
3623 return STATUS_OBJECT_NAME_NOT_FOUND
;
3628 NTSTATUS WINAPI
LsarSetTrustedDomainInfoByName(
3629 LSAPR_HANDLE PolicyHandle
,
3630 PRPC_UNICODE_STRING TrustedDomainName
,
3631 POLICY_INFORMATION_CLASS InformationClass
,
3632 PLSAPR_TRUSTED_DOMAIN_INFO PolicyInformation
)
3634 /* FIXME: We are not running an AD yet */
3635 return STATUS_OBJECT_NAME_NOT_FOUND
;
3640 NTSTATUS WINAPI
LsarEnumerateTrustedDomainsEx(
3641 LSAPR_HANDLE PolicyHandle
,
3642 DWORD
*EnumerationContext
,
3643 PLSAPR_TRUSTED_ENUM_BUFFER_EX EnumerationBuffer
,
3644 DWORD PreferedMaximumLength
)
3646 /* FIXME: We are not running an AD yet */
3647 EnumerationBuffer
->EntriesRead
= 0;
3648 EnumerationBuffer
->EnumerationBuffer
= NULL
;
3649 return STATUS_NO_MORE_ENTRIES
;
3654 NTSTATUS WINAPI
LsarCreateTrustedDomainEx(
3655 LSAPR_HANDLE PolicyHandle
,
3656 PLSAPR_TRUSTED_DOMAIN_INFORMATION_EX TrustedDomainInformation
,
3657 PLSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION AuthentificationInformation
,
3658 ACCESS_MASK DesiredAccess
,
3659 LSAPR_HANDLE
*TrustedDomainHandle
)
3661 /* FIXME: We are not running an AD yet */
3662 return STATUS_DIRECTORY_SERVICE_REQUIRED
;
3667 NTSTATUS WINAPI
LsarSetPolicyReplicationHandle(
3668 PLSAPR_HANDLE PolicyHandle
)
3671 return STATUS_NOT_IMPLEMENTED
;
3676 NTSTATUS WINAPI
LsarQueryDomainInformationPolicy(
3677 LSAPR_HANDLE PolicyHandle
,
3678 POLICY_INFORMATION_CLASS InformationClass
,
3679 PLSAPR_POLICY_DOMAIN_INFORMATION
*PolicyInformation
)
3682 return STATUS_NOT_IMPLEMENTED
;
3687 NTSTATUS WINAPI
LsarSetDomainInformationPolicy(
3688 LSAPR_HANDLE PolicyHandle
,
3689 POLICY_INFORMATION_CLASS InformationClass
,
3690 PLSAPR_POLICY_DOMAIN_INFORMATION PolicyInformation
)
3693 return STATUS_NOT_IMPLEMENTED
;
3698 NTSTATUS WINAPI
LsarOpenTrustedDomainByName(
3699 LSAPR_HANDLE PolicyHandle
,
3700 PRPC_UNICODE_STRING TrustedDomainName
,
3701 ACCESS_MASK DesiredAccess
,
3702 LSAPR_HANDLE
*TrustedDomainHandle
)
3704 /* FIXME: We are not running an AD yet */
3705 return STATUS_OBJECT_NAME_NOT_FOUND
;
3710 NTSTATUS WINAPI
LsarTestCall(
3714 return STATUS_NOT_IMPLEMENTED
;
3719 NTSTATUS WINAPI
LsarLookupSids2(
3720 LSAPR_HANDLE PolicyHandle
,
3721 PLSAPR_SID_ENUM_BUFFER SidEnumBuffer
,
3722 PLSAPR_REFERENCED_DOMAIN_LIST
*ReferencedDomains
,
3723 PLSAPR_TRANSLATED_NAMES_EX TranslatedNames
,
3724 LSAP_LOOKUP_LEVEL LookupLevel
,
3726 DWORD LookupOptions
,
3727 DWORD ClientRevision
)
3731 TRACE("LsarLookupSids2(%p %p %p %p %d %p %lu %lu)\n",
3732 PolicyHandle
, SidEnumBuffer
, ReferencedDomains
, TranslatedNames
,
3733 LookupLevel
, MappedCount
, LookupOptions
, ClientRevision
);
3735 TranslatedNames
->Entries
= SidEnumBuffer
->Entries
;
3736 TranslatedNames
->Names
= NULL
;
3737 *ReferencedDomains
= NULL
;
3739 /* FIXME: Fail, if there is an invalid SID in the SidEnumBuffer */
3741 Status
= LsapLookupSids(SidEnumBuffer
,
3754 NTSTATUS WINAPI
LsarLookupNames2(
3755 LSAPR_HANDLE PolicyHandle
,
3757 PRPC_UNICODE_STRING Names
,
3758 PLSAPR_REFERENCED_DOMAIN_LIST
*ReferencedDomains
,
3759 PLSAPR_TRANSLATED_SIDS_EX TranslatedSids
,
3760 LSAP_LOOKUP_LEVEL LookupLevel
,
3762 DWORD LookupOptions
,
3763 DWORD ClientRevision
)
3765 LSAPR_TRANSLATED_SIDS_EX2 TranslatedSidsEx2
;
3769 TRACE("LsarLookupNames2(%p %lu %p %p %p %d %p %lu %lu)\n",
3770 PolicyHandle
, Count
, Names
, ReferencedDomains
, TranslatedSids
,
3771 LookupLevel
, MappedCount
, LookupOptions
, ClientRevision
);
3773 TranslatedSids
->Entries
= 0;
3774 TranslatedSids
->Sids
= NULL
;
3775 *ReferencedDomains
= NULL
;
3778 return STATUS_NONE_MAPPED
;
3780 TranslatedSidsEx2
.Entries
= 0;
3781 TranslatedSidsEx2
.Sids
= NULL
;
3783 Status
= LsapLookupNames(Count
,
3791 if (!NT_SUCCESS(Status
))
3794 TranslatedSids
->Entries
= TranslatedSidsEx2
.Entries
;
3795 TranslatedSids
->Sids
= MIDL_user_allocate(TranslatedSids
->Entries
* sizeof(LSA_TRANSLATED_SID
));
3796 if (TranslatedSids
->Sids
== NULL
)
3798 MIDL_user_free(TranslatedSidsEx2
.Sids
);
3799 MIDL_user_free(*ReferencedDomains
);
3800 *ReferencedDomains
= NULL
;
3801 return STATUS_INSUFFICIENT_RESOURCES
;
3804 for (i
= 0; i
< TranslatedSidsEx2
.Entries
; i
++)
3806 TranslatedSids
->Sids
[i
].Use
= TranslatedSidsEx2
.Sids
[i
].Use
;
3807 TranslatedSids
->Sids
[i
].RelativeId
= LsapGetRelativeIdFromSid(TranslatedSidsEx2
.Sids
[i
].Sid
);
3808 TranslatedSids
->Sids
[i
].DomainIndex
= TranslatedSidsEx2
.Sids
[i
].DomainIndex
;
3809 TranslatedSids
->Sids
[i
].Flags
= TranslatedSidsEx2
.Sids
[i
].Flags
;
3812 MIDL_user_free(TranslatedSidsEx2
.Sids
);
3814 return STATUS_SUCCESS
;
3819 NTSTATUS WINAPI
LsarCreateTrustedDomainEx2(
3820 LSAPR_HANDLE PolicyHandle
,
3821 PLSAPR_TRUSTED_DOMAIN_INFORMATION_EX TrustedDomainInformation
,
3822 PLSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION_INTERNAL AuthentificationInformation
,
3823 ACCESS_MASK DesiredAccess
,
3824 LSAPR_HANDLE
*TrustedDomainHandle
)
3826 /* FIXME: We are not running an AD yet */
3827 return STATUS_DIRECTORY_SERVICE_REQUIRED
;
3832 NTSTATUS WINAPI
CredrWrite(
3836 return STATUS_NOT_IMPLEMENTED
;
3841 NTSTATUS WINAPI
CredrRead(
3845 return STATUS_NOT_IMPLEMENTED
;
3850 NTSTATUS WINAPI
CredrEnumerate(
3854 return STATUS_NOT_IMPLEMENTED
;
3859 NTSTATUS WINAPI
CredrWriteDomainCredentials(
3863 return STATUS_NOT_IMPLEMENTED
;
3868 NTSTATUS WINAPI
CredrReadDomainCredentials(
3872 return STATUS_NOT_IMPLEMENTED
;
3877 NTSTATUS WINAPI
CredrDelete(
3881 return STATUS_NOT_IMPLEMENTED
;
3886 NTSTATUS WINAPI
CredrGetTargetInfo(
3890 return STATUS_NOT_IMPLEMENTED
;
3895 NTSTATUS WINAPI
CredrProfileLoaded(
3899 return STATUS_NOT_IMPLEMENTED
;
3904 NTSTATUS WINAPI
LsarLookupNames3(
3905 LSAPR_HANDLE PolicyHandle
,
3907 PRPC_UNICODE_STRING Names
,
3908 PLSAPR_REFERENCED_DOMAIN_LIST
*ReferencedDomains
,
3909 PLSAPR_TRANSLATED_SIDS_EX2 TranslatedSids
,
3910 LSAP_LOOKUP_LEVEL LookupLevel
,
3912 DWORD LookupOptions
,
3913 DWORD ClientRevision
)
3917 TRACE("LsarLookupNames3(%p %lu %p %p %p %d %p %lu %lu)\n",
3918 PolicyHandle
, Count
, Names
, ReferencedDomains
, TranslatedSids
,
3919 LookupLevel
, MappedCount
, LookupOptions
, ClientRevision
);
3921 TranslatedSids
->Entries
= 0;
3922 TranslatedSids
->Sids
= NULL
;
3923 *ReferencedDomains
= NULL
;
3926 return STATUS_NONE_MAPPED
;
3928 Status
= LsapLookupNames(Count
,
3942 NTSTATUS WINAPI
CredrGetSessionTypes(
3946 return STATUS_NOT_IMPLEMENTED
;
3951 NTSTATUS WINAPI
LsarRegisterAuditEvent(
3955 return STATUS_NOT_IMPLEMENTED
;
3960 NTSTATUS WINAPI
LsarGenAuditEvent(
3964 return STATUS_NOT_IMPLEMENTED
;
3969 NTSTATUS WINAPI
LsarUnregisterAuditEvent(
3973 return STATUS_NOT_IMPLEMENTED
;
3978 NTSTATUS WINAPI
LsarQueryForestTrustInformation(
3979 LSAPR_HANDLE PolicyHandle
,
3980 PLSA_UNICODE_STRING TrustedDomainName
,
3981 LSA_FOREST_TRUST_RECORD_TYPE HighestRecordType
,
3982 PLSA_FOREST_TRUST_INFORMATION
*ForestTrustInfo
)
3985 return STATUS_NOT_IMPLEMENTED
;
3990 NTSTATUS WINAPI
LsarSetForestTrustInformation(
3991 LSAPR_HANDLE PolicyHandle
,
3992 PLSA_UNICODE_STRING TrustedDomainName
,
3993 LSA_FOREST_TRUST_RECORD_TYPE HighestRecordType
,
3994 PLSA_FOREST_TRUST_INFORMATION ForestTrustInfo
,
3996 PLSA_FOREST_TRUST_COLLISION_INFORMATION
*CollisionInfo
)
3999 return STATUS_NOT_IMPLEMENTED
;
4004 NTSTATUS WINAPI
CredrRename(
4008 return STATUS_NOT_IMPLEMENTED
;
4013 NTSTATUS WINAPI
LsarLookupSids3(
4014 LSAPR_HANDLE PolicyHandle
,
4015 PLSAPR_SID_ENUM_BUFFER SidEnumBuffer
,
4016 PLSAPR_REFERENCED_DOMAIN_LIST
*ReferencedDomains
,
4017 PLSAPR_TRANSLATED_NAMES_EX TranslatedNames
,
4018 LSAP_LOOKUP_LEVEL LookupLevel
,
4020 DWORD LookupOptions
,
4021 DWORD ClientRevision
)
4025 TRACE("LsarLookupSids3(%p %p %p %p %d %p %lu %lu)\n",
4026 PolicyHandle
, SidEnumBuffer
, ReferencedDomains
, TranslatedNames
,
4027 LookupLevel
, MappedCount
, LookupOptions
, ClientRevision
);
4029 TranslatedNames
->Entries
= SidEnumBuffer
->Entries
;
4030 TranslatedNames
->Names
= NULL
;
4031 *ReferencedDomains
= NULL
;
4033 /* FIXME: Fail, if there is an invalid SID in the SidEnumBuffer */
4035 Status
= LsapLookupSids(SidEnumBuffer
,
4048 NTSTATUS WINAPI
LsarLookupNames4(
4051 PRPC_UNICODE_STRING Names
,
4052 PLSAPR_REFERENCED_DOMAIN_LIST
*ReferencedDomains
,
4053 PLSAPR_TRANSLATED_SIDS_EX2 TranslatedSids
,
4054 LSAP_LOOKUP_LEVEL LookupLevel
,
4056 DWORD LookupOptions
,
4057 DWORD ClientRevision
)
4061 TRACE("LsarLookupNames4(%p %lu %p %p %p %d %p %lu %lu)\n",
4062 RpcHandle
, Count
, Names
, ReferencedDomains
, TranslatedSids
,
4063 LookupLevel
, MappedCount
, LookupOptions
, ClientRevision
);
4065 TranslatedSids
->Entries
= 0;
4066 TranslatedSids
->Sids
= NULL
;
4067 *ReferencedDomains
= NULL
;
4070 return STATUS_NONE_MAPPED
;
4072 Status
= LsapLookupNames(Count
,
4086 NTSTATUS WINAPI
LsarOpenPolicySce(
4088 PLSAPR_OBJECT_ATTRIBUTES ObjectAttributes
,
4089 ACCESS_MASK DesiredAccess
,
4090 LSAPR_HANDLE
*PolicyHandle
)
4093 return STATUS_NOT_IMPLEMENTED
;
4098 NTSTATUS WINAPI
LsarAdtRegisterSecurityEventSource(
4102 return STATUS_NOT_IMPLEMENTED
;
4107 NTSTATUS WINAPI
LsarAdtUnregisterSecurityEventSource(
4111 return STATUS_NOT_IMPLEMENTED
;
4116 NTSTATUS WINAPI
LsarAdtReportSecurityEvent(
4120 return STATUS_NOT_IMPLEMENTED
;