projects / reactos.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
[LSASRV]
[reactos.git] / reactos / dll / win32 / lsasrv / lsarpc.c
1 /*
2 * COPYRIGHT: See COPYING in the top level directory
3 * PROJECT: Local Security Authority (LSA) Server
4 * FILE: reactos/dll/win32/lsasrv/lsarpc.h
5 * PURPOSE: RPC interface functions
6 *
7 * PROGRAMMERS: Eric Kohl
8 */
9
10 #include "lsasrv.h"
11
12 /* GLOBALS *****************************************************************/
13
14 static RTL_CRITICAL_SECTION PolicyHandleTableLock;
15
16 static
17 GENERIC_MAPPING
18 LsapPolicyMapping = {POLICY_READ,
19 POLICY_WRITE,
20 POLICY_EXECUTE,
21 POLICY_ALL_ACCESS};
22
23 static
24 GENERIC_MAPPING
25 LsapAccountMapping = {ACCOUNT_READ,
26 ACCOUNT_WRITE,
27 ACCOUNT_EXECUTE,
28 ACCOUNT_ALL_ACCESS};
29
30 static
31 GENERIC_MAPPING
32 LsapSecretMapping = {SECRET_READ,
33 SECRET_WRITE,
34 SECRET_EXECUTE,
35 SECRET_ALL_ACCESS};
36
37 /* FUNCTIONS ***************************************************************/
38
39 VOID
40 LsarStartRpcServer(VOID)
41 {
42 RPC_STATUS Status;
43
44 RtlInitializeCriticalSection(&PolicyHandleTableLock);
45
46 TRACE("LsarStartRpcServer() called\n");
47
48 Status = RpcServerUseProtseqEpW(L"ncacn_np",
49 10,
50 L"\\pipe\\lsarpc",
51 NULL);
52 if (Status != RPC_S_OK)
53 {
54 WARN("RpcServerUseProtseqEpW() failed (Status %lx)\n", Status);
55 return;
56 }
57
58 Status = RpcServerRegisterIf(lsarpc_v0_0_s_ifspec,
59 NULL,
60 NULL);
61 if (Status != RPC_S_OK)
62 {
63 WARN("RpcServerRegisterIf() failed (Status %lx)\n", Status);
64 return;
65 }
66
67 DsSetupInit();
68
69 Status = RpcServerListen(1, 20, TRUE);
70 if (Status != RPC_S_OK)
71 {
72 WARN("RpcServerListen() failed (Status %lx)\n", Status);
73 return;
74 }
75
76 TRACE("LsarStartRpcServer() done\n");
77 }
78
79
80 void __RPC_USER LSAPR_HANDLE_rundown(LSAPR_HANDLE hHandle)
81 {
82
83 }
84
85
86 /* Function 0 */
87 NTSTATUS WINAPI LsarClose(
88 LSAPR_HANDLE *ObjectHandle)
89 {
90 PLSA_DB_OBJECT DbObject;
91 NTSTATUS Status = STATUS_SUCCESS;
92
93 TRACE("LsarClose(%p)\n", ObjectHandle);
94
95 // RtlEnterCriticalSection(&PolicyHandleTableLock);
96
97 Status = LsapValidateDbObject(*ObjectHandle,
98 LsaDbIgnoreObject,
99 0,
100 &DbObject);
101 if (Status == STATUS_SUCCESS)
102 {
103 Status = LsapCloseDbObject(DbObject);
104 *ObjectHandle = NULL;
105 }
106
107 // RtlLeaveCriticalSection(&PolicyHandleTableLock);
108
109 return Status;
110 }
111
112
113 /* Function 1 */
114 NTSTATUS WINAPI LsarDelete(
115 LSAPR_HANDLE ObjectHandle)
116 {
117 TRACE("LsarDelete(%p)\n", ObjectHandle);
118
119 return LsarDeleteObject(&ObjectHandle);
120 }
121
122
123 /* Function 2 */
124 NTSTATUS WINAPI LsarEnumeratePrivileges(
125 LSAPR_HANDLE PolicyHandle,
126 DWORD *EnumerationContext,
127 PLSAPR_PRIVILEGE_ENUM_BUFFER EnumerationBuffer,
128 DWORD PreferedMaximumLength)
129 {
130 PLSA_DB_OBJECT PolicyObject;
131 NTSTATUS Status;
132
133 TRACE("LsarEnumeratePrivileges(%p %p %p %lu)\n",
134 PolicyHandle, EnumerationContext, EnumerationBuffer,
135 PreferedMaximumLength);
136
137 Status = LsapValidateDbObject(PolicyHandle,
138 LsaDbPolicyObject,
139 POLICY_VIEW_LOCAL_INFORMATION,
140 &PolicyObject);
141 if (!NT_SUCCESS(Status))
142 return Status;
143
144 if (EnumerationContext == NULL)
145 return STATUS_INVALID_PARAMETER;
146
147 return LsarpEnumeratePrivileges(EnumerationContext,
148 EnumerationBuffer,
149 PreferedMaximumLength);
150 }
151
152
153 /* Function 3 */
154 NTSTATUS WINAPI LsarQuerySecurityObject(
155 LSAPR_HANDLE ObjectHandle,
156 SECURITY_INFORMATION SecurityInformation,
157 PLSAPR_SR_SECURITY_DESCRIPTOR *SecurityDescriptor)
158 {
159 PLSA_DB_OBJECT DbObject = NULL;
160 PSECURITY_DESCRIPTOR RelativeSd = NULL;
161 PSECURITY_DESCRIPTOR ResultSd = NULL;
162 PLSAPR_SR_SECURITY_DESCRIPTOR SdData = NULL;
163 ACCESS_MASK DesiredAccess = 0;
164 ULONG RelativeSdSize = 0;
165 ULONG ResultSdSize = 0;
166 NTSTATUS Status;
167
168 TRACE("LsarQuerySecurityObject(%p %lx %p)\n",
169 ObjectHandle, SecurityInformation, SecurityDescriptor);
170
171 if (SecurityDescriptor == NULL)
172 return STATUS_INVALID_PARAMETER;
173
174 *SecurityDescriptor = NULL;
175
176 if ((SecurityInformation & OWNER_SECURITY_INFORMATION) ||
177 (SecurityInformation & GROUP_SECURITY_INFORMATION) ||
178 (SecurityInformation & DACL_SECURITY_INFORMATION))
179 DesiredAccess |= READ_CONTROL;
180
181 if (SecurityInformation & SACL_SECURITY_INFORMATION)
182 DesiredAccess |= ACCESS_SYSTEM_SECURITY;
183
184 /* Validate the ObjectHandle */
185 Status = LsapValidateDbObject(ObjectHandle,
186 LsaDbIgnoreObject,
187 DesiredAccess,
188 &DbObject);
189 if (!NT_SUCCESS(Status))
190 return Status;
191
192 /* Get the size of the SD */
193 Status = LsapGetObjectAttribute(DbObject,
194 L"SecDesc",
195 NULL,
196 &RelativeSdSize);
197 if (!NT_SUCCESS(Status))
198 return Status;
199
200 /* Allocate a buffer for the SD */
201 RelativeSd = MIDL_user_allocate(RelativeSdSize);
202 if (RelativeSd == NULL)
203 return STATUS_INSUFFICIENT_RESOURCES;
204
205 /* Get the SD */
206 Status = LsapGetObjectAttribute(DbObject,
207 L"SecDesc",
208 RelativeSd,
209 &RelativeSdSize);
210 if (!NT_SUCCESS(Status))
211 goto done;
212
213 /* Invalidate the SD information that was not requested */
214 if (!(SecurityInformation & OWNER_SECURITY_INFORMATION))
215 ((PISECURITY_DESCRIPTOR)RelativeSd)->Owner = NULL;
216
217 if (!(SecurityInformation & GROUP_SECURITY_INFORMATION))
218 ((PISECURITY_DESCRIPTOR)RelativeSd)->Group = NULL;
219
220 if (!(SecurityInformation & DACL_SECURITY_INFORMATION))
221 ((PISECURITY_DESCRIPTOR)RelativeSd)->Control &= ~SE_DACL_PRESENT;
222
223 if (!(SecurityInformation & SACL_SECURITY_INFORMATION))
224 ((PISECURITY_DESCRIPTOR)RelativeSd)->Control &= ~SE_SACL_PRESENT;
225
226 /* Calculate the required SD size */
227 Status = RtlMakeSelfRelativeSD(RelativeSd,
228 NULL,
229 &ResultSdSize);
230 if (Status != STATUS_BUFFER_TOO_SMALL)
231 goto done;
232
233 /* Allocate a buffer for the new SD */
234 ResultSd = MIDL_user_allocate(ResultSdSize);
235 if (ResultSd == NULL)
236 {
237 Status = STATUS_INSUFFICIENT_RESOURCES;
238 goto done;
239 }
240
241 /* Build the new SD */
242 Status = RtlMakeSelfRelativeSD(RelativeSd,
243 ResultSd,
244 &ResultSdSize);
245 if (!NT_SUCCESS(Status))
246 goto done;
247
248 /* Allocate the SD data buffer */
249 SdData = MIDL_user_allocate(sizeof(LSAPR_SR_SECURITY_DESCRIPTOR));
250 if (SdData == NULL)
251 {
252 Status = STATUS_INSUFFICIENT_RESOURCES;
253 goto done;
254 }
255
256 /* Fill the SD data buffer and return it to the caller */
257 SdData->Length = RelativeSdSize;
258 SdData->SecurityDescriptor = (PBYTE)ResultSd;
259
260 *SecurityDescriptor = SdData;
261
262 done:
263 if (!NT_SUCCESS(Status))
264 {
265 if (ResultSd != NULL)
266 MIDL_user_free(ResultSd);
267 }
268
269 if (RelativeSd != NULL)
270 MIDL_user_free(RelativeSd);
271
272 return Status;
273 }
274
275
276 /* Function 4 */
277 NTSTATUS WINAPI LsarSetSecurityObject(
278 LSAPR_HANDLE ObjectHandle,
279 SECURITY_INFORMATION SecurityInformation,
280 PLSAPR_SR_SECURITY_DESCRIPTOR SecurityDescriptor)
281 {
282 PLSA_DB_OBJECT DbObject = NULL;
283 ACCESS_MASK DesiredAccess = 0;
284 PSECURITY_DESCRIPTOR RelativeSd = NULL;
285 ULONG RelativeSdSize = 0;
286 HANDLE TokenHandle = NULL;
287 PGENERIC_MAPPING Mapping;
288 NTSTATUS Status;
289
290 TRACE("LsarSetSecurityObject(%p %lx %p)\n",
291 ObjectHandle, SecurityInformation, SecurityDescriptor);
292
293 if ((SecurityDescriptor == NULL) ||
294 (SecurityDescriptor->SecurityDescriptor == NULL) ||
295 !RtlValidSecurityDescriptor((PSECURITY_DESCRIPTOR)SecurityDescriptor->SecurityDescriptor))
296 return ERROR_INVALID_PARAMETER;
297
298 if (SecurityInformation == 0 ||
299 SecurityInformation & ~(OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION
300 | DACL_SECURITY_INFORMATION | SACL_SECURITY_INFORMATION))
301 return ERROR_INVALID_PARAMETER;
302
303 if (SecurityInformation & SACL_SECURITY_INFORMATION)
304 DesiredAccess |= ACCESS_SYSTEM_SECURITY;
305
306 if (SecurityInformation & DACL_SECURITY_INFORMATION)
307 DesiredAccess |= WRITE_DAC;
308
309 if (SecurityInformation & (OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION))
310 DesiredAccess |= WRITE_OWNER;
311
312 if ((SecurityInformation & OWNER_SECURITY_INFORMATION) &&
313 (((PISECURITY_DESCRIPTOR)SecurityDescriptor)->Owner == NULL))
314 return ERROR_INVALID_PARAMETER;
315
316 if ((SecurityInformation & GROUP_SECURITY_INFORMATION) &&
317 (((PISECURITY_DESCRIPTOR)SecurityDescriptor)->Group == NULL))
318 return ERROR_INVALID_PARAMETER;
319
320 /* Validate the ObjectHandle */
321 Status = LsapValidateDbObject(ObjectHandle,
322 LsaDbIgnoreObject,
323 DesiredAccess,
324 &DbObject);
325 if (!NT_SUCCESS(Status))
326 {
327 ERR("LsapValidateDbObject failed (Status 0x%08lx)\n", Status);
328 return Status;
329 }
330
331 /* Get the mapping for the object type */
332 switch (DbObject->ObjectType)
333 {
334 case LsaDbPolicyObject:
335 Mapping = &LsapPolicyMapping;
336 break;
337
338 case LsaDbAccountObject:
339 Mapping = &LsapAccountMapping;
340 break;
341
342 // case LsaDbDomainObject:
343 // Mapping = &LsapDomainMapping;
344 // break;
345
346 case LsaDbSecretObject:
347 Mapping = &LsapSecretMapping;
348 break;
349
350 default:
351 return STATUS_INVALID_HANDLE;
352 }
353
354 /* Get the size of the SD */
355 Status = LsapGetObjectAttribute(DbObject,
356 L"SecDesc",
357 NULL,
358 &RelativeSdSize);
359 if (!NT_SUCCESS(Status))
360 return Status;
361
362 /* Allocate a buffer for the SD */
363 RelativeSd = RtlAllocateHeap(RtlGetProcessHeap(), 0, RelativeSdSize);
364 if (RelativeSd == NULL)
365 return STATUS_INSUFFICIENT_RESOURCES;
366
367 /* Get the SD */
368 Status = LsapGetObjectAttribute(DbObject,
369 L"SecDesc",
370 RelativeSd,
371 &RelativeSdSize);
372 if (!NT_SUCCESS(Status))
373 goto done;
374
375 /* Get the clients token if we try to set the owner */
376 if (SecurityInformation & OWNER_SECURITY_INFORMATION)
377 {
378 Status = I_RpcMapWin32Status(RpcImpersonateClient(NULL));
379 if (!NT_SUCCESS(Status))
380 {
381 ERR("RpcImpersonateClient returns 0x%08lx\n", Status);
382 goto done;
383 }
384
385 Status = NtOpenThreadToken(NtCurrentThread(),
386 TOKEN_QUERY,
387 TRUE,
388 &TokenHandle);
389 RpcRevertToSelf();
390 if (!NT_SUCCESS(Status))
391 {
392 ERR("NtOpenThreadToken returns 0x%08lx\n", Status);
393 goto done;
394 }
395 }
396
397 /* Build the new security descriptor */
398 Status = RtlSetSecurityObject(SecurityInformation,
399 (PSECURITY_DESCRIPTOR)SecurityDescriptor->SecurityDescriptor,
400 &RelativeSd,
401 Mapping,
402 TokenHandle);
403 if (!NT_SUCCESS(Status))
404 {
405 ERR("RtlSetSecurityObject failed (Status 0x%08lx)\n", Status);
406 goto done;
407 }
408
409 /* Set the modified SD */
410 Status = LsapSetObjectAttribute(DbObject,
411 L"SecDesc",
412 RelativeSd,
413 RtlLengthSecurityDescriptor(RelativeSd));
414 if (!NT_SUCCESS(Status))
415 {
416 ERR("LsapSetObjectAttribute failed (Status 0x%08lx)\n", Status);
417 }
418
419 done:
420 if (TokenHandle != NULL)
421 NtClose(TokenHandle);
422
423 if (RelativeSd != NULL)
424 RtlFreeHeap(RtlGetProcessHeap(), 0, RelativeSd);
425
426 return Status;
427 }
428
429
430 /* Function 5 */
431 NTSTATUS WINAPI LsarChangePassword(
432 handle_t IDL_handle,
433 PRPC_UNICODE_STRING String1,
434 PRPC_UNICODE_STRING String2,
435 PRPC_UNICODE_STRING String3,
436 PRPC_UNICODE_STRING String4,
437 PRPC_UNICODE_STRING String5)
438 {
439 /* Deprecated */
440 return STATUS_NOT_IMPLEMENTED;
441 }
442
443
444 /* Function 6 */
445 NTSTATUS WINAPI LsarOpenPolicy(
446 LPWSTR SystemName,
447 PLSAPR_OBJECT_ATTRIBUTES ObjectAttributes,
448 ACCESS_MASK DesiredAccess,
449 LSAPR_HANDLE *PolicyHandle)
450 {
451 PLSA_DB_OBJECT PolicyObject;
452 NTSTATUS Status;
453
454 TRACE("LsarOpenPolicy(%S %p %lx %p)\n",
455 SystemName, ObjectAttributes, DesiredAccess, PolicyHandle);
456
457 RtlEnterCriticalSection(&PolicyHandleTableLock);
458
459 Status = LsapOpenDbObject(NULL,
460 NULL,
461 L"Policy",
462 LsaDbPolicyObject,
463 DesiredAccess,
464 FALSE,
465 &PolicyObject);
466
467 RtlLeaveCriticalSection(&PolicyHandleTableLock);
468
469 if (NT_SUCCESS(Status))
470 *PolicyHandle = (LSAPR_HANDLE)PolicyObject;
471
472 TRACE("LsarOpenPolicy done!\n");
473
474 return Status;
475 }
476
477
478 /* Function 7 */
479 NTSTATUS WINAPI LsarQueryInformationPolicy(
480 LSAPR_HANDLE PolicyHandle,
481 POLICY_INFORMATION_CLASS InformationClass,
482 PLSAPR_POLICY_INFORMATION *PolicyInformation)
483 {
484 PLSA_DB_OBJECT PolicyObject;
485 ACCESS_MASK DesiredAccess = 0;
486 NTSTATUS Status;
487
488 TRACE("LsarQueryInformationPolicy(%p,0x%08x,%p)\n",
489 PolicyHandle, InformationClass, PolicyInformation);
490
491 if (PolicyInformation)
492 {
493 TRACE("*PolicyInformation %p\n", *PolicyInformation);
494 }
495
496 switch (InformationClass)
497 {
498 case PolicyAuditLogInformation:
499 case PolicyAuditEventsInformation:
500 case PolicyAuditFullQueryInformation:
501 DesiredAccess = POLICY_VIEW_AUDIT_INFORMATION;
502 break;
503
504 case PolicyPrimaryDomainInformation:
505 case PolicyAccountDomainInformation:
506 case PolicyLsaServerRoleInformation:
507 case PolicyReplicaSourceInformation:
508 case PolicyDefaultQuotaInformation:
509 case PolicyModificationInformation:
510 case PolicyDnsDomainInformation:
511 case PolicyDnsDomainInformationInt:
512 case PolicyLocalAccountDomainInformation:
513 DesiredAccess = POLICY_VIEW_LOCAL_INFORMATION;
514 break;
515
516 case PolicyPdAccountInformation:
517 DesiredAccess = POLICY_GET_PRIVATE_INFORMATION;
518 break;
519
520 default:
521 ERR("Invalid InformationClass!\n");
522 return STATUS_INVALID_PARAMETER;
523 }
524
525 Status = LsapValidateDbObject(PolicyHandle,
526 LsaDbPolicyObject,
527 DesiredAccess,
528 &PolicyObject);
529 if (!NT_SUCCESS(Status))
530 return Status;
531
532 switch (InformationClass)
533 {
534 case PolicyAuditLogInformation: /* 1 */
535 Status = LsarQueryAuditLog(PolicyObject,
536 PolicyInformation);
537 break;
538
539 case PolicyAuditEventsInformation: /* 2 */
540 Status = LsarQueryAuditEvents(PolicyObject,
541 PolicyInformation);
542 break;
543
544 case PolicyPrimaryDomainInformation: /* 3 */
545 Status = LsarQueryPrimaryDomain(PolicyObject,
546 PolicyInformation);
547 break;
548
549 case PolicyPdAccountInformation: /* 4 */
550 Status = LsarQueryPdAccount(PolicyObject,
551 PolicyInformation);
552 break;
553
554 case PolicyAccountDomainInformation: /* 5 */
555 Status = LsarQueryAccountDomain(PolicyObject,
556 PolicyInformation);
557 break;
558
559 case PolicyLsaServerRoleInformation: /* 6 */
560 Status = LsarQueryServerRole(PolicyObject,
561 PolicyInformation);
562 break;
563
564 case PolicyReplicaSourceInformation: /* 7 */
565 Status = LsarQueryReplicaSource(PolicyObject,
566 PolicyInformation);
567 break;
568
569 case PolicyDefaultQuotaInformation: /* 8 */
570 Status = LsarQueryDefaultQuota(PolicyObject,
571 PolicyInformation);
572 break;
573
574 case PolicyModificationInformation: /* 9 */
575 Status = LsarQueryModification(PolicyObject,
576 PolicyInformation);
577 break;
578
579 case PolicyAuditFullQueryInformation: /* 11 (0xB) */
580 Status = LsarQueryAuditFull(PolicyObject,
581 PolicyInformation);
582 break;
583
584 case PolicyDnsDomainInformation: /* 12 (0xC) */
585 Status = LsarQueryDnsDomain(PolicyObject,
586 PolicyInformation);
587 break;
588
589 case PolicyDnsDomainInformationInt: /* 13 (0xD) */
590 Status = LsarQueryDnsDomainInt(PolicyObject,
591 PolicyInformation);
592 break;
593
594 case PolicyLocalAccountDomainInformation: /* 14 (0xE) */
595 Status = LsarQueryLocalAccountDomain(PolicyObject,
596 PolicyInformation);
597 break;
598
599 default:
600 ERR("Invalid InformationClass!\n");
601 Status = STATUS_INVALID_PARAMETER;
602 }
603
604 return Status;
605 }
606
607
608 /* Function 8 */
609 NTSTATUS WINAPI LsarSetInformationPolicy(
610 LSAPR_HANDLE PolicyHandle,
611 POLICY_INFORMATION_CLASS InformationClass,
612 PLSAPR_POLICY_INFORMATION PolicyInformation)
613 {
614 PLSA_DB_OBJECT PolicyObject;
615 ACCESS_MASK DesiredAccess = 0;
616 NTSTATUS Status;
617
618 TRACE("LsarSetInformationPolicy(%p,0x%08x,%p)\n",
619 PolicyHandle, InformationClass, PolicyInformation);
620
621 if (PolicyInformation)
622 {
623 TRACE("*PolicyInformation %p\n", *PolicyInformation);
624 }
625
626 switch (InformationClass)
627 {
628 case PolicyAuditLogInformation:
629 case PolicyAuditFullSetInformation:
630 DesiredAccess = POLICY_AUDIT_LOG_ADMIN;
631 break;
632
633 case PolicyAuditEventsInformation:
634 DesiredAccess = POLICY_SET_AUDIT_REQUIREMENTS;
635 break;
636
637 case PolicyPrimaryDomainInformation:
638 case PolicyAccountDomainInformation:
639 case PolicyDnsDomainInformation:
640 case PolicyDnsDomainInformationInt:
641 case PolicyLocalAccountDomainInformation:
642 DesiredAccess = POLICY_TRUST_ADMIN;
643 break;
644
645 case PolicyLsaServerRoleInformation:
646 case PolicyReplicaSourceInformation:
647 DesiredAccess = POLICY_SERVER_ADMIN;
648 break;
649
650 case PolicyDefaultQuotaInformation:
651 DesiredAccess = POLICY_SET_DEFAULT_QUOTA_LIMITS;
652 break;
653
654 default:
655 ERR("Invalid InformationClass!\n");
656 return STATUS_INVALID_PARAMETER;
657 }
658
659 Status = LsapValidateDbObject(PolicyHandle,
660 LsaDbPolicyObject,
661 DesiredAccess,
662 &PolicyObject);
663 if (!NT_SUCCESS(Status))
664 return Status;
665
666 switch (InformationClass)
667 {
668 case PolicyAuditLogInformation: /* 1 */
669 Status = LsarSetAuditLog(PolicyObject,
670 (PPOLICY_AUDIT_LOG_INFO)PolicyInformation);
671 break;
672
673 case PolicyAuditEventsInformation: /* 2 */
674 Status = LsarSetAuditEvents(PolicyObject,
675 (PLSAPR_POLICY_AUDIT_EVENTS_INFO)PolicyInformation);
676 break;
677
678 case PolicyPrimaryDomainInformation: /* 3 */
679 Status = LsarSetPrimaryDomain(PolicyObject,
680 (PLSAPR_POLICY_PRIMARY_DOM_INFO)PolicyInformation);
681 break;
682
683 case PolicyAccountDomainInformation: /* 5 */
684 Status = LsarSetAccountDomain(PolicyObject,
685 (PLSAPR_POLICY_ACCOUNT_DOM_INFO)PolicyInformation);
686 break;
687
688 case PolicyLsaServerRoleInformation: /* 6 */
689 Status = LsarSetServerRole(PolicyObject,
690 (PPOLICY_LSA_SERVER_ROLE_INFO)PolicyInformation);
691 break;
692
693 case PolicyReplicaSourceInformation: /* 7 */
694 Status = LsarSetReplicaSource(PolicyObject,
695 (PPOLICY_LSA_REPLICA_SRCE_INFO)PolicyInformation);
696 break;
697
698 case PolicyDefaultQuotaInformation: /* 8 */
699 Status = LsarSetDefaultQuota(PolicyObject,
700 (PPOLICY_DEFAULT_QUOTA_INFO)PolicyInformation);
701 break;
702
703 case PolicyModificationInformation: /* 9 */
704 Status = LsarSetModification(PolicyObject,
705 (PPOLICY_MODIFICATION_INFO)PolicyInformation);
706 break;
707
708 case PolicyAuditFullSetInformation: /* 10 (0xA) */
709 Status = LsarSetAuditFull(PolicyObject,
710 (PPOLICY_AUDIT_FULL_QUERY_INFO)PolicyInformation);
711 break;
712
713 case PolicyDnsDomainInformation: /* 12 (0xC) */
714 Status = LsarSetDnsDomain(PolicyObject,
715 (PLSAPR_POLICY_DNS_DOMAIN_INFO)PolicyInformation);
716 break;
717
718 case PolicyDnsDomainInformationInt: /* 13 (0xD) */
719 Status = LsarSetDnsDomainInt(PolicyObject,
720 (PLSAPR_POLICY_DNS_DOMAIN_INFO)PolicyInformation);
721 break;
722
723 case PolicyLocalAccountDomainInformation: /* 14 (0xE) */
724 Status = LsarSetLocalAccountDomain(PolicyObject,
725 (PLSAPR_POLICY_ACCOUNT_DOM_INFO)PolicyInformation);
726 break;
727
728 default:
729 Status = STATUS_INVALID_PARAMETER;
730 break;
731 }
732
733 return Status;
734 }
735
736
737 /* Function 9 */
738 NTSTATUS WINAPI LsarClearAuditLog(
739 LSAPR_HANDLE ObjectHandle)
740 {
741 /* Deprecated */
742 return STATUS_NOT_IMPLEMENTED;
743 }
744
745
746 NTSTATUS
747 LsarpCreateAccount(
748 PLSA_DB_OBJECT PolicyObject,
749 PRPC_SID AccountSid,
750 ACCESS_MASK DesiredAccess,
751 PLSA_DB_OBJECT *AccountObject)
752 {
753 LPWSTR SidString = NULL;
754 PSECURITY_DESCRIPTOR AccountSd = NULL;
755 ULONG AccountSdSize;
756 NTSTATUS Status = STATUS_SUCCESS;
757
758 /* Create SID string */
759 if (!ConvertSidToStringSid((PSID)AccountSid,
760 &SidString))
761 {
762 ERR("ConvertSidToStringSid failed\n");
763 return STATUS_INVALID_PARAMETER;
764 }
765
766 /* Create a security descriptor for the account */
767 Status = LsapCreateAccountSd(&AccountSd,
768 &AccountSdSize);
769 if (!NT_SUCCESS(Status))
770 {
771 ERR("LsapCreateAccountSd returned 0x%08lx\n", Status);
772 goto done;
773 }
774
775 /* Create the Account object */
776 Status = LsapCreateDbObject(PolicyObject,
777 L"Accounts",
778 SidString,
779 LsaDbAccountObject,
780 DesiredAccess,
781 PolicyObject->Trusted,
782 AccountObject);
783 if (!NT_SUCCESS(Status))
784 {
785 ERR("LsapCreateDbObject failed (Status 0x%08lx)\n", Status);
786 goto done;
787 }
788
789 /* Set the Sid attribute */
790 Status = LsapSetObjectAttribute(*AccountObject,
791 L"Sid",
792 (PVOID)AccountSid,
793 GetLengthSid(AccountSid));
794 if (!NT_SUCCESS(Status))
795 goto done;
796
797 /* Set the SecDesc attribute */
798 Status = LsapSetObjectAttribute(*AccountObject,
799 L"SecDesc",
800 AccountSd,
801 AccountSdSize);
802
803 done:
804 if (SidString != NULL)
805 LocalFree(SidString);
806
807 if (AccountSd != NULL)
808 RtlFreeHeap(RtlGetProcessHeap(), 0, AccountSd);
809
810 return Status;
811 }
812
813
814 /* Function 10 */
815 NTSTATUS WINAPI LsarCreateAccount(
816 LSAPR_HANDLE PolicyHandle,
817 PRPC_SID AccountSid,
818 ACCESS_MASK DesiredAccess,
819 LSAPR_HANDLE *AccountHandle)
820 {
821 PLSA_DB_OBJECT PolicyObject;
822 PLSA_DB_OBJECT AccountObject = NULL;
823 NTSTATUS Status = STATUS_SUCCESS;
824
825 TRACE("LsarCreateAccount(%p %p %lx %p)\n",
826 PolicyHandle, AccountSid, DesiredAccess, AccountHandle);
827
828 /* Validate the AccountSid */
829 if (!RtlValidSid(AccountSid))
830 return STATUS_INVALID_PARAMETER;
831
832 /* Validate the PolicyHandle */
833 Status = LsapValidateDbObject(PolicyHandle,
834 LsaDbPolicyObject,
835 POLICY_CREATE_ACCOUNT,
836 &PolicyObject);
837 if (!NT_SUCCESS(Status))
838 {
839 ERR("LsapValidateDbObject returned 0x%08lx\n", Status);
840 return Status;
841 }
842
843
844 Status = LsarpCreateAccount(PolicyObject,
845 AccountSid,
846 DesiredAccess,
847 &AccountObject);
848 if (NT_SUCCESS(Status))
849 {
850 *AccountHandle = (LSAPR_HANDLE)AccountObject;
851 }
852
853 return Status;
854 }
855
856
857 /* Function 11 */
858 NTSTATUS WINAPI LsarEnumerateAccounts(
859 LSAPR_HANDLE PolicyHandle,
860 DWORD *EnumerationContext,
861 PLSAPR_ACCOUNT_ENUM_BUFFER EnumerationBuffer,
862 DWORD PreferedMaximumLength)
863 {
864 LSAPR_ACCOUNT_ENUM_BUFFER EnumBuffer = {0, NULL};
865 PLSA_DB_OBJECT PolicyObject = NULL;
866 PWSTR AccountKeyBuffer = NULL;
867 HANDLE AccountsKeyHandle = NULL;
868 HANDLE AccountKeyHandle;
869 HANDLE SidKeyHandle;
870 ULONG AccountKeyBufferSize;
871 ULONG EnumIndex;
872 ULONG EnumCount;
873 ULONG RequiredLength;
874 ULONG DataLength;
875 ULONG i;
876 NTSTATUS Status = STATUS_SUCCESS;
877
878 TRACE("LsarEnumerateAccount(%p %p %p %lu)\n",
879 PolicyHandle, EnumerationContext, EnumerationBuffer, PreferedMaximumLength);
880
881 if (EnumerationContext == NULL ||
882 EnumerationBuffer == NULL)
883 return STATUS_INVALID_PARAMETER;
884
885 EnumerationBuffer->EntriesRead = 0;
886 EnumerationBuffer->Information = NULL;
887
888 /* Validate the PolicyHandle */
889 Status = LsapValidateDbObject(PolicyHandle,
890 LsaDbPolicyObject,
891 POLICY_VIEW_LOCAL_INFORMATION,
892 &PolicyObject);
893 if (!NT_SUCCESS(Status))
894 {
895 ERR("LsapValidateDbObject returned 0x%08lx\n", Status);
896 return Status;
897 }
898
899 Status = LsapRegOpenKey(PolicyObject->KeyHandle,
900 L"Accounts",
901 KEY_READ,
902 &AccountsKeyHandle);
903 if (!NT_SUCCESS(Status))
904 return Status;
905
906 Status = LsapRegQueryKeyInfo(AccountsKeyHandle,
907 NULL,
908 &AccountKeyBufferSize,
909 NULL);
910 if (!NT_SUCCESS(Status))
911 {
912 ERR("LsapRegQueryKeyInfo returned 0x%08lx\n", Status);
913 return Status;
914 }
915
916 AccountKeyBufferSize += sizeof(WCHAR);
917 AccountKeyBuffer = RtlAllocateHeap(RtlGetProcessHeap(), 0, AccountKeyBufferSize);
918 if (AccountKeyBuffer == NULL)
919 {
920 return STATUS_NO_MEMORY;
921 }
922
923 EnumIndex = *EnumerationContext;
924 EnumCount = 0;
925 RequiredLength = 0;
926
927 while (TRUE)
928 {
929 Status = LsapRegEnumerateSubKey(AccountsKeyHandle,
930 EnumIndex,
931 AccountKeyBufferSize,
932 AccountKeyBuffer);
933 if (!NT_SUCCESS(Status))
934 break;
935
936 TRACE("EnumIndex: %lu\n", EnumIndex);
937 TRACE("Account key name: %S\n", AccountKeyBuffer);
938
939 Status = LsapRegOpenKey(AccountsKeyHandle,
940 AccountKeyBuffer,
941 KEY_READ,
942 &AccountKeyHandle);
943 TRACE("LsapRegOpenKey returned %08lX\n", Status);
944 if (NT_SUCCESS(Status))
945 {
946 Status = LsapRegOpenKey(AccountKeyHandle,
947 L"Sid",
948 KEY_READ,
949 &SidKeyHandle);
950 TRACE("LsapRegOpenKey returned %08lX\n", Status);
951 if (NT_SUCCESS(Status))
952 {
953 DataLength = 0;
954 Status = LsapRegQueryValue(SidKeyHandle,
955 NULL,
956 NULL,
957 NULL,
958 &DataLength);
959 TRACE("LsapRegQueryValue returned %08lX\n", Status);
960 if (NT_SUCCESS(Status))
961 {
962 TRACE("Data length: %lu\n", DataLength);
963
964 if ((RequiredLength + DataLength + sizeof(LSAPR_ACCOUNT_INFORMATION)) > PreferedMaximumLength)
965 break;
966
967 RequiredLength += (DataLength + sizeof(LSAPR_ACCOUNT_INFORMATION));
968 EnumCount++;
969 }
970
971 LsapRegCloseKey(SidKeyHandle);
972 }
973
974 LsapRegCloseKey(AccountKeyHandle);
975 }
976
977 EnumIndex++;
978 }
979
980 TRACE("EnumCount: %lu\n", EnumCount);
981 TRACE("RequiredLength: %lu\n", RequiredLength);
982
983 EnumBuffer.EntriesRead = EnumCount;
984 EnumBuffer.Information = midl_user_allocate(EnumCount * sizeof(LSAPR_ACCOUNT_INFORMATION));
985 if (EnumBuffer.Information == NULL)
986 {
987 Status = STATUS_INSUFFICIENT_RESOURCES;
988 goto done;
989 }
990
991 EnumIndex = *EnumerationContext;
992 for (i = 0; i < EnumCount; i++, EnumIndex++)
993 {
994 Status = LsapRegEnumerateSubKey(AccountsKeyHandle,
995 EnumIndex,
996 AccountKeyBufferSize,
997 AccountKeyBuffer);
998 if (!NT_SUCCESS(Status))
999 break;
1000
1001 TRACE("EnumIndex: %lu\n", EnumIndex);
1002 TRACE("Account key name: %S\n", AccountKeyBuffer);
1003
1004 Status = LsapRegOpenKey(AccountsKeyHandle,
1005 AccountKeyBuffer,
1006 KEY_READ,
1007 &AccountKeyHandle);
1008 TRACE("LsapRegOpenKey returned %08lX\n", Status);
1009 if (NT_SUCCESS(Status))
1010 {
1011 Status = LsapRegOpenKey(AccountKeyHandle,
1012 L"Sid",
1013 KEY_READ,
1014 &SidKeyHandle);
1015 TRACE("LsapRegOpenKey returned %08lX\n", Status);
1016 if (NT_SUCCESS(Status))
1017 {
1018 DataLength = 0;
1019 Status = LsapRegQueryValue(SidKeyHandle,
1020 NULL,
1021 NULL,
1022 NULL,
1023 &DataLength);
1024 TRACE("LsapRegQueryValue returned %08lX\n", Status);
1025 if (NT_SUCCESS(Status))
1026 {
1027 EnumBuffer.Information[i].Sid = midl_user_allocate(DataLength);
1028 if (EnumBuffer.Information[i].Sid == NULL)
1029 {
1030 LsapRegCloseKey(AccountKeyHandle);
1031 Status = STATUS_INSUFFICIENT_RESOURCES;
1032 goto done;
1033 }
1034
1035 Status = LsapRegQueryValue(SidKeyHandle,
1036 NULL,
1037 NULL,
1038 EnumBuffer.Information[i].Sid,
1039 &DataLength);
1040 TRACE("SampRegQueryValue returned %08lX\n", Status);
1041 }
1042
1043 LsapRegCloseKey(SidKeyHandle);
1044 }
1045
1046 LsapRegCloseKey(AccountKeyHandle);
1047
1048 if (!NT_SUCCESS(Status))
1049 goto done;
1050 }
1051 }
1052
1053 if (NT_SUCCESS(Status))
1054 {
1055 *EnumerationContext += EnumCount;
1056 EnumerationBuffer->EntriesRead = EnumBuffer.EntriesRead;
1057 EnumerationBuffer->Information = EnumBuffer.Information;
1058 }
1059
1060 done:
1061 if (!NT_SUCCESS(Status))
1062 {
1063 if (EnumBuffer.Information)
1064 {
1065 for (i = 0; i < EnumBuffer.EntriesRead; i++)
1066 {
1067 if (EnumBuffer.Information[i].Sid != NULL)
1068 midl_user_free(EnumBuffer.Information[i].Sid);
1069 }
1070
1071 midl_user_free(EnumBuffer.Information);
1072 }
1073 }
1074
1075 if (AccountKeyBuffer != NULL)
1076 RtlFreeHeap(RtlGetProcessHeap(), 0, AccountKeyBuffer);
1077
1078 if (AccountsKeyHandle != NULL)
1079 LsapRegCloseKey(AccountsKeyHandle);
1080
1081 return Status;
1082 }
1083
1084
1085 /* Function 12 */
1086 NTSTATUS WINAPI LsarCreateTrustedDomain(
1087 LSAPR_HANDLE PolicyHandle,
1088 PLSAPR_TRUST_INFORMATION TrustedDomainInformation,
1089 ACCESS_MASK DesiredAccess,
1090 LSAPR_HANDLE *TrustedDomainHandle)
1091 {
1092 /* FIXME: We are not running an AD yet */
1093 return STATUS_DIRECTORY_SERVICE_REQUIRED;
1094 }
1095
1096
1097 /* Function 13 */
1098 NTSTATUS WINAPI LsarEnumerateTrustedDomains(
1099 LSAPR_HANDLE PolicyHandle,
1100 DWORD *EnumerationContext,
1101 PLSAPR_TRUSTED_ENUM_BUFFER EnumerationBuffer,
1102 DWORD PreferedMaximumLength)
1103 {
1104 /* FIXME: We are not running an AD yet */
1105 EnumerationBuffer->EntriesRead = 0;
1106 EnumerationBuffer->Information = NULL;
1107 return STATUS_NO_MORE_ENTRIES;
1108 }
1109
1110
1111 /* Function 14 */
1112 NTSTATUS WINAPI LsarLookupNames(
1113 LSAPR_HANDLE PolicyHandle,
1114 DWORD Count,
1115 PRPC_UNICODE_STRING Names,
1116 PLSAPR_REFERENCED_DOMAIN_LIST *ReferencedDomains,
1117 PLSAPR_TRANSLATED_SIDS TranslatedSids,
1118 LSAP_LOOKUP_LEVEL LookupLevel,
1119 DWORD *MappedCount)
1120 {
1121 LSAPR_TRANSLATED_SIDS_EX2 TranslatedSidsEx2;
1122 ULONG i;
1123 NTSTATUS Status;
1124
1125 TRACE("LsarLookupNames(%p %lu %p %p %p %d %p)\n",
1126 PolicyHandle, Count, Names, ReferencedDomains, TranslatedSids,
1127 LookupLevel, MappedCount);
1128
1129 TranslatedSids->Entries = 0;
1130 TranslatedSids->Sids = NULL;
1131 *ReferencedDomains = NULL;
1132
1133 if (Count == 0)
1134 return STATUS_NONE_MAPPED;
1135
1136 TranslatedSidsEx2.Entries = 0;
1137 TranslatedSidsEx2.Sids = NULL;
1138
1139 Status = LsapLookupNames(Count,
1140 Names,
1141 ReferencedDomains,
1142 &TranslatedSidsEx2,
1143 LookupLevel,
1144 MappedCount,
1145 0,
1146 0);
1147 if (!NT_SUCCESS(Status))
1148 return Status;
1149
1150 TranslatedSids->Entries = TranslatedSidsEx2.Entries;
1151 TranslatedSids->Sids = MIDL_user_allocate(TranslatedSids->Entries * sizeof(LSA_TRANSLATED_SID));
1152 if (TranslatedSids->Sids == NULL)
1153 {
1154 MIDL_user_free(TranslatedSidsEx2.Sids);
1155 MIDL_user_free(*ReferencedDomains);
1156 *ReferencedDomains = NULL;
1157 return STATUS_INSUFFICIENT_RESOURCES;
1158 }
1159
1160 for (i = 0; i < TranslatedSidsEx2.Entries; i++)
1161 {
1162 TranslatedSids->Sids[i].Use = TranslatedSidsEx2.Sids[i].Use;
1163 TranslatedSids->Sids[i].RelativeId = LsapGetRelativeIdFromSid(TranslatedSidsEx2.Sids[i].Sid);
1164 TranslatedSids->Sids[i].DomainIndex = TranslatedSidsEx2.Sids[i].DomainIndex;
1165 }
1166
1167 MIDL_user_free(TranslatedSidsEx2.Sids);
1168
1169 return STATUS_SUCCESS;
1170 }
1171
1172
1173 /* Function 15 */
1174 NTSTATUS WINAPI LsarLookupSids(
1175 LSAPR_HANDLE PolicyHandle,
1176 PLSAPR_SID_ENUM_BUFFER SidEnumBuffer,
1177 PLSAPR_REFERENCED_DOMAIN_LIST *ReferencedDomains,
1178 PLSAPR_TRANSLATED_NAMES TranslatedNames,
1179 LSAP_LOOKUP_LEVEL LookupLevel,
1180 DWORD *MappedCount)
1181 {
1182 LSAPR_TRANSLATED_NAMES_EX TranslatedNamesEx;
1183 ULONG i;
1184 NTSTATUS Status;
1185
1186 TRACE("LsarLookupSids(%p %p %p %p %d %p)\n",
1187 PolicyHandle, SidEnumBuffer, ReferencedDomains, TranslatedNames,
1188 LookupLevel, MappedCount);
1189
1190 /* FIXME: Fail, if there is an invalid SID in the SidEnumBuffer */
1191
1192 TranslatedNames->Entries = SidEnumBuffer->Entries;
1193 TranslatedNames->Names = NULL;
1194 *ReferencedDomains = NULL;
1195
1196 TranslatedNamesEx.Entries = SidEnumBuffer->Entries;
1197 TranslatedNamesEx.Names = NULL;
1198
1199 Status = LsapLookupSids(SidEnumBuffer,
1200 ReferencedDomains,
1201 &TranslatedNamesEx,
1202 LookupLevel,
1203 MappedCount,
1204 0,
1205 0);
1206 if (!NT_SUCCESS(Status))
1207 return Status;
1208
1209 TranslatedNames->Entries = SidEnumBuffer->Entries;
1210 TranslatedNames->Names = MIDL_user_allocate(SidEnumBuffer->Entries * sizeof(LSAPR_TRANSLATED_NAME));
1211 if (TranslatedNames->Names == NULL)
1212 {
1213 MIDL_user_free(TranslatedNamesEx.Names);
1214 MIDL_user_free(*ReferencedDomains);
1215 *ReferencedDomains = NULL;
1216 return STATUS_INSUFFICIENT_RESOURCES;
1217 }
1218
1219 for (i = 0; i < TranslatedNamesEx.Entries; i++)
1220 {
1221 TranslatedNames->Names[i].Use = TranslatedNamesEx.Names[i].Use;
1222 TranslatedNames->Names[i].Name.Length = TranslatedNamesEx.Names[i].Name.Length;
1223 TranslatedNames->Names[i].Name.MaximumLength = TranslatedNamesEx.Names[i].Name.MaximumLength;
1224 TranslatedNames->Names[i].Name.Buffer = TranslatedNamesEx.Names[i].Name.Buffer;
1225 TranslatedNames->Names[i].DomainIndex = TranslatedNamesEx.Names[i].DomainIndex;
1226 }
1227
1228 MIDL_user_free(TranslatedNamesEx.Names);
1229
1230 return Status;
1231 }
1232
1233
1234 /* Function 16 */
1235 NTSTATUS WINAPI LsarCreateSecret(
1236 LSAPR_HANDLE PolicyHandle,
1237 PRPC_UNICODE_STRING SecretName,
1238 ACCESS_MASK DesiredAccess,
1239 LSAPR_HANDLE *SecretHandle)
1240 {
1241 PLSA_DB_OBJECT PolicyObject;
1242 PLSA_DB_OBJECT SecretObject = NULL;
1243 LARGE_INTEGER Time;
1244 PSECURITY_DESCRIPTOR SecretSd = NULL;
1245 ULONG SecretSdSize;
1246 NTSTATUS Status = STATUS_SUCCESS;
1247
1248 TRACE("LsarCreateSecret(%p %wZ %lx %p)\n",
1249 PolicyHandle, SecretName, DesiredAccess, SecretHandle);
1250
1251 /* Validate the PolicyHandle */
1252 Status = LsapValidateDbObject(PolicyHandle,
1253 LsaDbPolicyObject,
1254 POLICY_CREATE_SECRET,
1255 &PolicyObject);
1256 if (!NT_SUCCESS(Status))
1257 {
1258 ERR("LsapValidateDbObject returned 0x%08lx\n", Status);
1259 return Status;
1260 }
1261
1262 /* Get the current time */
1263 Status = NtQuerySystemTime(&Time);
1264 if (!NT_SUCCESS(Status))
1265 {
1266 ERR("NtQuerySystemTime failed (Status 0x%08lx)\n", Status);
1267 goto done;
1268 }
1269
1270 /* Create a security descriptor for the secret */
1271 Status = LsapCreateSecretSd(&SecretSd,
1272 &SecretSdSize);
1273 if (!NT_SUCCESS(Status))
1274 {
1275 ERR("LsapCreateAccountSd returned 0x%08lx\n", Status);
1276 return Status;
1277 }
1278
1279 /* Create the Secret object */
1280 Status = LsapCreateDbObject(PolicyObject,
1281 L"Secrets",
1282 SecretName->Buffer,
1283 LsaDbSecretObject,
1284 DesiredAccess,
1285 PolicyObject->Trusted,
1286 &SecretObject);
1287 if (!NT_SUCCESS(Status))
1288 {
1289 ERR("LsapCreateDbObject failed (Status 0x%08lx)\n", Status);
1290 goto done;
1291 }
1292
1293 /* Set the CurrentTime attribute */
1294 Status = LsapSetObjectAttribute(SecretObject,
1295 L"CurrentTime",
1296 (PVOID)&Time,
1297 sizeof(LARGE_INTEGER));
1298 if (!NT_SUCCESS(Status))
1299 {
1300 ERR("LsapSetObjectAttribute (CurrentTime) failed (Status 0x%08lx)\n", Status);
1301 goto done;
1302 }
1303
1304 /* Set the OldTime attribute */
1305 Status = LsapSetObjectAttribute(SecretObject,
1306 L"OldTime",
1307 (PVOID)&Time,
1308 sizeof(LARGE_INTEGER));
1309 if (!NT_SUCCESS(Status))
1310 {
1311 ERR("LsapSetObjectAttribute (OldTime) failed (Status 0x%08lx)\n", Status);
1312 goto done;
1313 }
1314
1315 /* Set the SecDesc attribute */
1316 Status = LsapSetObjectAttribute(SecretObject,
1317 L"SecDesc",
1318 SecretSd,
1319 SecretSdSize);
1320
1321 done:
1322 if (SecretSd != NULL)
1323 RtlFreeHeap(RtlGetProcessHeap(), 0, SecretSd);
1324
1325 if (!NT_SUCCESS(Status))
1326 {
1327 if (SecretObject != NULL)
1328 LsapCloseDbObject(SecretObject);
1329 }
1330 else
1331 {
1332 *SecretHandle = (LSAPR_HANDLE)SecretObject;
1333 }
1334
1335 return STATUS_SUCCESS;
1336 }
1337
1338
1339 static
1340 NTSTATUS
1341 LsarpOpenAccount(
1342 IN PLSA_DB_OBJECT PolicyObject,
1343 IN PRPC_SID AccountSid,
1344 IN ACCESS_MASK DesiredAccess,
1345 OUT PLSA_DB_OBJECT *AccountObject)
1346 {
1347 LPWSTR SidString = NULL;
1348 NTSTATUS Status = STATUS_SUCCESS;
1349
1350 /* Create SID string */
1351 if (!ConvertSidToStringSid((PSID)AccountSid,
1352 &SidString))
1353 {
1354 ERR("ConvertSidToStringSid failed\n");
1355 return STATUS_INVALID_PARAMETER;
1356 }
1357
1358 /* Create the Account object */
1359 Status = LsapOpenDbObject(PolicyObject,
1360 L"Accounts",
1361 SidString,
1362 LsaDbAccountObject,
1363 DesiredAccess,
1364 PolicyObject->Trusted,
1365 AccountObject);
1366 if (!NT_SUCCESS(Status))
1367 {
1368 ERR("LsapOpenDbObject failed (Status 0x%08lx)\n", Status);
1369 }
1370
1371 if (SidString != NULL)
1372 LocalFree(SidString);
1373
1374 return Status;
1375 }
1376
1377
1378 /* Function 17 */
1379 NTSTATUS WINAPI LsarOpenAccount(
1380 LSAPR_HANDLE PolicyHandle,
1381 PRPC_SID AccountSid,
1382 ACCESS_MASK DesiredAccess,
1383 LSAPR_HANDLE *AccountHandle)
1384 {
1385 PLSA_DB_OBJECT PolicyObject;
1386 NTSTATUS Status;
1387
1388 TRACE("LsarOpenAccount(%p %p %lx %p)\n",
1389 PolicyHandle, AccountSid, DesiredAccess, AccountHandle);
1390
1391 /* Validate the AccountSid */
1392 if (!RtlValidSid(AccountSid))
1393 return STATUS_INVALID_PARAMETER;
1394
1395 /* Validate the PolicyHandle */
1396 Status = LsapValidateDbObject(PolicyHandle,
1397 LsaDbPolicyObject,
1398 0,
1399 &PolicyObject);
1400 if (!NT_SUCCESS(Status))
1401 {
1402 ERR("LsapValidateDbObject returned 0x%08lx\n", Status);
1403 return Status;
1404 }
1405
1406
1407 /* Open the Account object */
1408 return LsarpOpenAccount(PolicyObject,
1409 AccountSid,
1410 DesiredAccess,
1411 (PLSA_DB_OBJECT *)AccountHandle);
1412 }
1413
1414
1415 /* Function 18 */
1416 NTSTATUS WINAPI LsarEnumeratePrivilegesAccount(
1417 LSAPR_HANDLE AccountHandle,
1418 PLSAPR_PRIVILEGE_SET *Privileges)
1419 {
1420 PLSA_DB_OBJECT AccountObject;
1421 ULONG PrivilegeSetSize = 0;
1422 PLSAPR_PRIVILEGE_SET PrivilegeSet = NULL;
1423 NTSTATUS Status;
1424
1425 TRACE("LsarEnumeratePrivilegesAccount(%p %p)\n",
1426 AccountHandle, Privileges);
1427
1428 *Privileges = NULL;
1429
1430 /* Validate the AccountHandle */
1431 Status = LsapValidateDbObject(AccountHandle,
1432 LsaDbAccountObject,
1433 ACCOUNT_VIEW,
1434 &AccountObject);
1435 if (!NT_SUCCESS(Status))
1436 {
1437 ERR("LsapValidateDbObject returned 0x%08lx\n", Status);
1438 return Status;
1439 }
1440
1441 /* Get the size of the privilege set */
1442 Status = LsapGetObjectAttribute(AccountObject,
1443 L"Privilgs",
1444 NULL,
1445 &PrivilegeSetSize);
1446 if (!NT_SUCCESS(Status))
1447 return Status;
1448
1449 /* Allocate a buffer for the privilege set */
1450 PrivilegeSet = MIDL_user_allocate(PrivilegeSetSize);
1451 if (PrivilegeSet == NULL)
1452 return STATUS_NO_MEMORY;
1453
1454 /* Get the privilege set */
1455 Status = LsapGetObjectAttribute(AccountObject,
1456 L"Privilgs",
1457 PrivilegeSet,
1458 &PrivilegeSetSize);
1459 if (!NT_SUCCESS(Status))
1460 {
1461 MIDL_user_free(PrivilegeSet);
1462 return Status;
1463 }
1464
1465 /* Return a pointer to the privilege set */
1466 *Privileges = PrivilegeSet;
1467
1468 return STATUS_SUCCESS;
1469 }
1470
1471
1472 /* Function 19 */
1473 NTSTATUS WINAPI LsarAddPrivilegesToAccount(
1474 LSAPR_HANDLE AccountHandle,
1475 PLSAPR_PRIVILEGE_SET Privileges)
1476 {
1477 PLSA_DB_OBJECT AccountObject;
1478 PPRIVILEGE_SET CurrentPrivileges = NULL;
1479 PPRIVILEGE_SET NewPrivileges = NULL;
1480 ULONG PrivilegeSetSize = 0;
1481 ULONG PrivilegeCount;
1482 ULONG i, j;
1483 BOOL bFound;
1484 NTSTATUS Status;
1485
1486 TRACE("LsarAddPrivilegesToAccount(%p %p)\n",
1487 AccountHandle, Privileges);
1488
1489 /* Validate the AccountHandle */
1490 Status = LsapValidateDbObject(AccountHandle,
1491 LsaDbAccountObject,
1492 ACCOUNT_ADJUST_PRIVILEGES,
1493 &AccountObject);
1494 if (!NT_SUCCESS(Status))
1495 {
1496 ERR("LsapValidateDbObject returned 0x%08lx\n", Status);
1497 return Status;
1498 }
1499
1500 /* Get the size of the Privilgs attribute */
1501 Status = LsapGetObjectAttribute(AccountObject,
1502 L"Privilgs",
1503 NULL,
1504 &PrivilegeSetSize);
1505 if (!NT_SUCCESS(Status) || PrivilegeSetSize == 0)
1506 {
1507 /* The Privilgs attribute does not exist */
1508
1509 PrivilegeSetSize = sizeof(PRIVILEGE_SET) +
1510 (Privileges->PrivilegeCount - 1) * sizeof(LUID_AND_ATTRIBUTES);
1511 Status = LsapSetObjectAttribute(AccountObject,
1512 L"Privilgs",
1513 Privileges,
1514 PrivilegeSetSize);
1515 }
1516 else
1517 {
1518 /* The Privilgs attribute exists */
1519
1520 /* Allocate memory for the stored privilege set */
1521 CurrentPrivileges = MIDL_user_allocate(PrivilegeSetSize);
1522 if (CurrentPrivileges == NULL)
1523 return STATUS_NO_MEMORY;
1524
1525 /* Get the current privilege set */
1526 Status = LsapGetObjectAttribute(AccountObject,
1527 L"Privilgs",
1528 CurrentPrivileges,
1529 &PrivilegeSetSize);
1530 if (!NT_SUCCESS(Status))
1531 {
1532 TRACE("LsapGetObjectAttribute() failed (Status 0x%08lx)\n", Status);
1533 goto done;
1534 }
1535
1536 PrivilegeCount = CurrentPrivileges->PrivilegeCount;
1537 TRACE("Current privilege count: %lu\n", PrivilegeCount);
1538
1539 /* Calculate the number of privileges in the combined privilege set */
1540 for (i = 0; i < Privileges->PrivilegeCount; i++)
1541 {
1542 bFound = FALSE;
1543 for (j = 0; j < CurrentPrivileges->PrivilegeCount; j++)
1544 {
1545 if (RtlEqualLuid(&(Privileges->Privilege[i].Luid),
1546 &(CurrentPrivileges->Privilege[i].Luid)))
1547 {
1548 bFound = TRUE;
1549 break;
1550 }
1551 }
1552
1553 if (bFound == FALSE)
1554 {
1555 TRACE("Found new privilege\n");
1556 PrivilegeCount++;
1557 }
1558 }
1559 TRACE("New privilege count: %lu\n", PrivilegeCount);
1560
1561 /* Calculate the size of the new privilege set and allocate it */
1562 PrivilegeSetSize = sizeof(PRIVILEGE_SET) +
1563 (PrivilegeCount - 1) * sizeof(LUID_AND_ATTRIBUTES);
1564 NewPrivileges = MIDL_user_allocate(PrivilegeSetSize);
1565 if (NewPrivileges == NULL)
1566 {
1567 Status = STATUS_NO_MEMORY;
1568 goto done;
1569 }
1570
1571 /* Initialize the new privilege set */
1572 NewPrivileges->PrivilegeCount = PrivilegeCount;
1573 NewPrivileges->Control = 0;
1574
1575 /* Copy all privileges from the current privilege set */
1576 RtlCopyLuidAndAttributesArray(CurrentPrivileges->PrivilegeCount,
1577 &(CurrentPrivileges->Privilege[0]),
1578 &(NewPrivileges->Privilege[0]));
1579
1580 /* Add new privileges to the new privilege set */
1581 PrivilegeCount = CurrentPrivileges->PrivilegeCount;
1582 for (i = 0; i < Privileges->PrivilegeCount; i++)
1583 {
1584 bFound = FALSE;
1585 for (j = 0; j < CurrentPrivileges->PrivilegeCount; j++)
1586 {
1587 if (RtlEqualLuid(&(Privileges->Privilege[i].Luid),
1588 &(CurrentPrivileges->Privilege[i].Luid)))
1589 {
1590 /* Overwrite attributes if a matching privilege was found */
1591 NewPrivileges->Privilege[j].Attributes = Privileges->Privilege[i].Attributes;
1592
1593 bFound = TRUE;
1594 break;
1595 }
1596 }
1597
1598 if (bFound == FALSE)
1599 {
1600 /* Copy the new privilege */
1601 RtlCopyLuidAndAttributesArray(1,
1602 (PLUID_AND_ATTRIBUTES)&(Privileges->Privilege[i]),
1603 &(NewPrivileges->Privilege[PrivilegeCount]));
1604 PrivilegeCount++;
1605 }
1606 }
1607
1608 /* Set the new privilege set */
1609 Status = LsapSetObjectAttribute(AccountObject,
1610 L"Privilgs",
1611 NewPrivileges,
1612 PrivilegeSetSize);
1613 }
1614
1615 done:
1616 if (CurrentPrivileges != NULL)
1617 MIDL_user_free(CurrentPrivileges);
1618
1619 if (NewPrivileges != NULL)
1620 MIDL_user_free(NewPrivileges);
1621
1622 return Status;
1623 }
1624
1625
1626 /* Function 20 */
1627 NTSTATUS WINAPI LsarRemovePrivilegesFromAccount(
1628 LSAPR_HANDLE AccountHandle,
1629 BOOLEAN AllPrivileges,
1630 PLSAPR_PRIVILEGE_SET Privileges)
1631 {
1632 PLSA_DB_OBJECT AccountObject;
1633 PPRIVILEGE_SET CurrentPrivileges = NULL;
1634 PPRIVILEGE_SET NewPrivileges = NULL;
1635 ULONG PrivilegeSetSize = 0;
1636 ULONG PrivilegeCount;
1637 ULONG i, j, k;
1638 BOOL bFound;
1639 NTSTATUS Status;
1640
1641 TRACE("LsarRemovePrivilegesFromAccount(%p %u %p)\n",
1642 AccountHandle, AllPrivileges, Privileges);
1643
1644 /* */
1645 if ((AllPrivileges == FALSE && Privileges == NULL) ||
1646 (AllPrivileges == TRUE && Privileges != NULL))
1647 return STATUS_INVALID_PARAMETER;
1648
1649 /* Validate the AccountHandle */
1650 Status = LsapValidateDbObject(AccountHandle,
1651 LsaDbAccountObject,
1652 ACCOUNT_ADJUST_PRIVILEGES,
1653 &AccountObject);
1654 if (!NT_SUCCESS(Status))
1655 {
1656 ERR("LsapValidateDbObject returned 0x%08lx\n", Status);
1657 return Status;
1658 }
1659
1660 if (AllPrivileges == TRUE)
1661 {
1662 /* Delete the Privilgs attribute */
1663 Status = LsapDeleteObjectAttribute(AccountObject,
1664 L"Privilgs");
1665 if (Status == STATUS_OBJECT_NAME_NOT_FOUND)
1666 Status = STATUS_SUCCESS;
1667 }
1668 else
1669 {
1670 /* Get the size of the Privilgs attribute */
1671 Status = LsapGetObjectAttribute(AccountObject,
1672 L"Privilgs",
1673 NULL,
1674 &PrivilegeSetSize);
1675 if (!NT_SUCCESS(Status))
1676 goto done;
1677
1678 /* Succeed, if there is no privilege set to remove privileges from */
1679 if (PrivilegeSetSize == 0)
1680 {
1681 Status = STATUS_SUCCESS;
1682 goto done;
1683 }
1684
1685 /* Allocate memory for the stored privilege set */
1686 CurrentPrivileges = MIDL_user_allocate(PrivilegeSetSize);
1687 if (CurrentPrivileges == NULL)
1688 return STATUS_NO_MEMORY;
1689
1690 /* Get the current privilege set */
1691 Status = LsapGetObjectAttribute(AccountObject,
1692 L"Privilgs",
1693 CurrentPrivileges,
1694 &PrivilegeSetSize);
1695 if (!NT_SUCCESS(Status))
1696 {
1697 TRACE("LsapGetObjectAttribute() failed (Status 0x%08lx)\n", Status);
1698 goto done;
1699 }
1700
1701 PrivilegeCount = CurrentPrivileges->PrivilegeCount;
1702 TRACE("Current privilege count: %lu\n", PrivilegeCount);
1703
1704 /* Calculate the number of privileges in the new privilege set */
1705 for (i = 0; i < CurrentPrivileges->PrivilegeCount; i++)
1706 {
1707 for (j = 0; j < Privileges->PrivilegeCount; j++)
1708 {
1709 if (RtlEqualLuid(&(CurrentPrivileges->Privilege[i].Luid),
1710 &(Privileges->Privilege[j].Luid)))
1711 {
1712 if (PrivilegeCount > 0)
1713 PrivilegeCount--;
1714 }
1715 }
1716 }
1717 TRACE("New privilege count: %lu\n", PrivilegeCount);
1718
1719 if (PrivilegeCount == 0)
1720 {
1721 /* Delete the Privilgs attribute */
1722 Status = LsapDeleteObjectAttribute(AccountObject,
1723 L"Privilgs");
1724 if (Status == STATUS_OBJECT_NAME_NOT_FOUND)
1725 Status = STATUS_SUCCESS;
1726 }
1727 else
1728 {
1729 /* Calculate the size of the new privilege set and allocate it */
1730 PrivilegeSetSize = sizeof(PRIVILEGE_SET) +
1731 (PrivilegeCount - 1) * sizeof(LUID_AND_ATTRIBUTES);
1732 NewPrivileges = MIDL_user_allocate(PrivilegeSetSize);
1733 if (NewPrivileges == NULL)
1734 {
1735 Status = STATUS_NO_MEMORY;
1736 goto done;
1737 }
1738
1739 /* Initialize the new privilege set */
1740 NewPrivileges->PrivilegeCount = PrivilegeCount;
1741 NewPrivileges->Control = 0;
1742
1743 /* Copy the privileges which are not to be removed */
1744 for (i = 0, k = 0; i < CurrentPrivileges->PrivilegeCount; i++)
1745 {
1746 bFound = FALSE;
1747 for (j = 0; j < Privileges->PrivilegeCount; j++)
1748 {
1749 if (RtlEqualLuid(&(CurrentPrivileges->Privilege[i].Luid),
1750 &(Privileges->Privilege[j].Luid)))
1751 bFound = TRUE;
1752 }
1753
1754 if (bFound == FALSE)
1755 {
1756 /* Copy the privilege */
1757 RtlCopyLuidAndAttributesArray(1,
1758 &(CurrentPrivileges->Privilege[i]),
1759 &(NewPrivileges->Privilege[k]));
1760 k++;
1761 }
1762 }
1763
1764 /* Set the new privilege set */
1765 Status = LsapSetObjectAttribute(AccountObject,
1766 L"Privilgs",
1767 NewPrivileges,
1768 PrivilegeSetSize);
1769 }
1770 }
1771
1772 done:
1773 if (CurrentPrivileges != NULL)
1774 MIDL_user_free(CurrentPrivileges);
1775
1776 if (NewPrivileges != NULL)
1777 MIDL_user_free(NewPrivileges);
1778
1779 return Status;
1780 }
1781
1782
1783 /* Function 21 */
1784 NTSTATUS WINAPI LsarGetQuotasForAccount(
1785 LSAPR_HANDLE AccountHandle,
1786 PQUOTA_LIMITS QuotaLimits)
1787 {
1788 PLSA_DB_OBJECT AccountObject;
1789 ULONG Size;
1790 NTSTATUS Status;
1791
1792 TRACE("LsarGetQuotasForAccount(%p %p)\n",
1793 AccountHandle, QuotaLimits);
1794
1795 /* Validate the account handle */
1796 Status = LsapValidateDbObject(AccountHandle,
1797 LsaDbAccountObject,
1798 ACCOUNT_VIEW,
1799 &AccountObject);
1800 if (!NT_SUCCESS(Status))
1801 {
1802 ERR("Invalid handle (Status %lx)\n", Status);
1803 return Status;
1804 }
1805
1806 /* Get the quota attribute */
1807 Status = LsapGetObjectAttribute(AccountObject,
1808 L"DefQuota",
1809 QuotaLimits,
1810 &Size);
1811
1812 return Status;
1813 }
1814
1815
1816 /* Function 22 */
1817 NTSTATUS WINAPI LsarSetQuotasForAccount(
1818 LSAPR_HANDLE AccountHandle,
1819 PQUOTA_LIMITS QuotaLimits)
1820 {
1821 PLSA_DB_OBJECT AccountObject;
1822 QUOTA_LIMITS InternalQuotaLimits;
1823 ULONG Size;
1824 NTSTATUS Status;
1825
1826 TRACE("LsarSetQuotasForAccount(%p %p)\n",
1827 AccountHandle, QuotaLimits);
1828
1829 /* Validate the account handle */
1830 Status = LsapValidateDbObject(AccountHandle,
1831 LsaDbAccountObject,
1832 ACCOUNT_ADJUST_QUOTAS,
1833 &AccountObject);
1834 if (!NT_SUCCESS(Status))
1835 {
1836 ERR("Invalid handle (Status %lx)\n", Status);
1837 return Status;
1838 }
1839
1840 /* Get the quota limits attribute */
1841 Size = sizeof(QUOTA_LIMITS);
1842 Status = LsapGetObjectAttribute(AccountObject,
1843 L"DefQuota",
1844 &InternalQuotaLimits,
1845 &Size);
1846 if (!NT_SUCCESS(Status))
1847 {
1848 TRACE("LsapGetObjectAttribute() failed (Status 0x%08lx)\n", Status);
1849 return Status;
1850 }
1851
1852 /* Update the quota limits */
1853 if (QuotaLimits->PagedPoolLimit != 0)
1854 InternalQuotaLimits.PagedPoolLimit = QuotaLimits->PagedPoolLimit;
1855
1856 if (QuotaLimits->NonPagedPoolLimit != 0)
1857 InternalQuotaLimits.NonPagedPoolLimit = QuotaLimits->NonPagedPoolLimit;
1858
1859 if (QuotaLimits->MinimumWorkingSetSize != 0)
1860 InternalQuotaLimits.MinimumWorkingSetSize = QuotaLimits->MinimumWorkingSetSize;
1861
1862 if (QuotaLimits->MaximumWorkingSetSize != 0)
1863 InternalQuotaLimits.MaximumWorkingSetSize = QuotaLimits->MaximumWorkingSetSize;
1864
1865 if (QuotaLimits->PagefileLimit != 0)
1866 InternalQuotaLimits.PagefileLimit = QuotaLimits->PagefileLimit;
1867
1868 /* Set the quota limits attribute */
1869 Status = LsapSetObjectAttribute(AccountObject,
1870 L"DefQuota",
1871 &InternalQuotaLimits,
1872 sizeof(QUOTA_LIMITS));
1873
1874 return Status;
1875 }
1876
1877
1878 /* Function 23 */
1879 NTSTATUS WINAPI LsarGetSystemAccessAccount(
1880 LSAPR_HANDLE AccountHandle,
1881 ACCESS_MASK *SystemAccess)
1882 {
1883 PLSA_DB_OBJECT AccountObject;
1884 ULONG Size = sizeof(ACCESS_MASK);
1885 NTSTATUS Status;
1886
1887 TRACE("LsarGetSystemAccessAccount(%p %p)\n",
1888 AccountHandle, SystemAccess);
1889
1890 /* Validate the account handle */
1891 Status = LsapValidateDbObject(AccountHandle,
1892 LsaDbAccountObject,
1893 ACCOUNT_VIEW,
1894 &AccountObject);
1895 if (!NT_SUCCESS(Status))
1896 {
1897 ERR("Invalid handle (Status %lx)\n", Status);
1898 return Status;
1899 }
1900
1901 /* Get the system access flags */
1902 Status = LsapGetObjectAttribute(AccountObject,
1903 L"ActSysAc",
1904 SystemAccess,
1905 &Size);
1906
1907 return Status;
1908 }
1909
1910
1911 /* Function 24 */
1912 NTSTATUS WINAPI LsarSetSystemAccessAccount(
1913 LSAPR_HANDLE AccountHandle,
1914 ACCESS_MASK SystemAccess)
1915 {
1916 PLSA_DB_OBJECT AccountObject;
1917 NTSTATUS Status;
1918
1919 TRACE("LsarSetSystemAccessAccount(%p %lx)\n",
1920 AccountHandle, SystemAccess);
1921
1922 /* Validate the account handle */
1923 Status = LsapValidateDbObject(AccountHandle,
1924 LsaDbAccountObject,
1925 ACCOUNT_ADJUST_SYSTEM_ACCESS,
1926 &AccountObject);
1927 if (!NT_SUCCESS(Status))
1928 {
1929 ERR("Invalid handle (Status %lx)\n", Status);
1930 return Status;
1931 }
1932
1933 /* Set the system access flags */
1934 Status = LsapSetObjectAttribute(AccountObject,
1935 L"ActSysAc",
1936 &SystemAccess,
1937 sizeof(ACCESS_MASK));
1938
1939 return Status;
1940 }
1941
1942
1943 /* Function 25 */
1944 NTSTATUS WINAPI LsarOpenTrustedDomain(
1945 LSAPR_HANDLE PolicyHandle,
1946 PRPC_SID TrustedDomainSid,
1947 ACCESS_MASK DesiredAccess,
1948 LSAPR_HANDLE *TrustedDomainHandle)
1949 {
1950 UNIMPLEMENTED;
1951 return STATUS_NOT_IMPLEMENTED;
1952 }
1953
1954
1955 /* Function 26 */
1956 NTSTATUS WINAPI LsarQueryInfoTrustedDomain(
1957 LSAPR_HANDLE TrustedDomainHandle,
1958 TRUSTED_INFORMATION_CLASS InformationClass,
1959 PLSAPR_TRUSTED_DOMAIN_INFO *TrustedDomainInformation)
1960 {
1961 UNIMPLEMENTED;
1962 return STATUS_NOT_IMPLEMENTED;
1963 }
1964
1965
1966 /* Function 27 */
1967 NTSTATUS WINAPI LsarSetInformationTrustedDomain(
1968 LSAPR_HANDLE TrustedDomainHandle,
1969 TRUSTED_INFORMATION_CLASS InformationClass,
1970 PLSAPR_TRUSTED_DOMAIN_INFO TrustedDomainInformation)
1971 {
1972 UNIMPLEMENTED;
1973 return STATUS_NOT_IMPLEMENTED;
1974 }
1975
1976
1977 /* Function 28 */
1978 NTSTATUS WINAPI LsarOpenSecret(
1979 LSAPR_HANDLE PolicyHandle,
1980 PRPC_UNICODE_STRING SecretName,
1981 ACCESS_MASK DesiredAccess,
1982 LSAPR_HANDLE *SecretHandle)
1983 {
1984 PLSA_DB_OBJECT PolicyObject;
1985 PLSA_DB_OBJECT SecretObject = NULL;
1986 NTSTATUS Status = STATUS_SUCCESS;
1987
1988 TRACE("LsarOpenSecret(%p %wZ %lx %p)\n",
1989 PolicyHandle, SecretName, DesiredAccess, SecretHandle);
1990
1991 /* Validate the PolicyHandle */
1992 Status = LsapValidateDbObject(PolicyHandle,
1993 LsaDbPolicyObject,
1994 0,
1995 &PolicyObject);
1996 if (!NT_SUCCESS(Status))
1997 {
1998 ERR("LsapValidateDbObject returned 0x%08lx\n", Status);
1999 return Status;
2000 }
2001
2002 /* Create the secret object */
2003 Status = LsapOpenDbObject(PolicyObject,
2004 L"Secrets",
2005 SecretName->Buffer,
2006 LsaDbSecretObject,
2007 DesiredAccess,
2008 PolicyObject->Trusted,
2009 &SecretObject);
2010 if (!NT_SUCCESS(Status))
2011 {
2012 ERR("LsapOpenDbObject failed (Status 0x%08lx)\n", Status);
2013 goto done;
2014 }
2015
2016 done:
2017 if (!NT_SUCCESS(Status))
2018 {
2019 if (SecretObject != NULL)
2020 LsapCloseDbObject(SecretObject);
2021 }
2022 else
2023 {
2024 *SecretHandle = (LSAPR_HANDLE)SecretObject;
2025 }
2026
2027 return Status;
2028 }
2029
2030
2031 /* Function 29 */
2032 NTSTATUS WINAPI LsarSetSecret(
2033 LSAPR_HANDLE SecretHandle,
2034 PLSAPR_CR_CIPHER_VALUE EncryptedCurrentValue,
2035 PLSAPR_CR_CIPHER_VALUE EncryptedOldValue)
2036 {
2037 PLSA_DB_OBJECT SecretObject;
2038 PBYTE CurrentValue = NULL;
2039 PBYTE OldValue = NULL;
2040 ULONG CurrentValueLength = 0;
2041 ULONG OldValueLength = 0;
2042 LARGE_INTEGER Time;
2043 NTSTATUS Status;
2044
2045 TRACE("LsarSetSecret(%p %p %p)\n", SecretHandle,
2046 EncryptedCurrentValue, EncryptedOldValue);
2047
2048 /* Validate the SecretHandle */
2049 Status = LsapValidateDbObject(SecretHandle,
2050 LsaDbSecretObject,
2051 SECRET_SET_VALUE,
2052 &SecretObject);
2053 if (!NT_SUCCESS(Status))
2054 {
2055 ERR("LsapValidateDbObject returned 0x%08lx\n", Status);
2056 return Status;
2057 }
2058
2059 if (EncryptedCurrentValue != NULL)
2060 {
2061 /* FIXME: Decrypt the current value */
2062 CurrentValue = EncryptedCurrentValue->Buffer;
2063 CurrentValueLength = EncryptedCurrentValue->MaximumLength;
2064 }
2065
2066 /* Set the current value */
2067 Status = LsapSetObjectAttribute(SecretObject,
2068 L"CurrentValue",
2069 CurrentValue,
2070 CurrentValueLength);
2071 if (!NT_SUCCESS(Status))
2072 {
2073 ERR("LsapSetObjectAttribute failed (Status 0x%08lx)\n", Status);
2074 goto done;
2075 }
2076
2077 /* Get the current time */
2078 Status = NtQuerySystemTime(&Time);
2079 if (!NT_SUCCESS(Status))
2080 {
2081 ERR("NtQuerySystemTime failed (Status 0x%08lx)\n", Status);
2082 goto done;
2083 }
2084
2085 /* Set the current time */
2086 Status = LsapSetObjectAttribute(SecretObject,
2087 L"CurrentTime",
2088 &Time,
2089 sizeof(LARGE_INTEGER));
2090 if (!NT_SUCCESS(Status))
2091 {
2092 ERR("LsapSetObjectAttribute failed (Status 0x%08lx)\n", Status);
2093 goto done;
2094 }
2095
2096 if (EncryptedOldValue != NULL)
2097 {
2098 /* FIXME: Decrypt the old value */
2099 OldValue = EncryptedOldValue->Buffer;
2100 OldValueLength = EncryptedOldValue->MaximumLength;
2101 }
2102
2103 /* Set the old value */
2104 Status = LsapSetObjectAttribute(SecretObject,
2105 L"OldValue",
2106 OldValue,
2107 OldValueLength);
2108 if (!NT_SUCCESS(Status))
2109 {
2110 ERR("LsapSetObjectAttribute failed (Status 0x%08lx)\n", Status);
2111 goto done;
2112 }
2113
2114 /* Set the old time */
2115 Status = LsapSetObjectAttribute(SecretObject,
2116 L"OldTime",
2117 &Time,
2118 sizeof(LARGE_INTEGER));
2119 if (!NT_SUCCESS(Status))
2120 {
2121 ERR("LsapSetObjectAttribute failed (Status 0x%08lx)\n", Status);
2122 }
2123
2124 done:
2125 return Status;
2126 }
2127
2128
2129 /* Function 30 */
2130 NTSTATUS WINAPI LsarQuerySecret(
2131 LSAPR_HANDLE SecretHandle,
2132 PLSAPR_CR_CIPHER_VALUE *EncryptedCurrentValue,
2133 PLARGE_INTEGER CurrentValueSetTime,
2134 PLSAPR_CR_CIPHER_VALUE *EncryptedOldValue,
2135 PLARGE_INTEGER OldValueSetTime)
2136 {
2137 PLSA_DB_OBJECT SecretObject;
2138 PLSAPR_CR_CIPHER_VALUE EncCurrentValue = NULL;
2139 PLSAPR_CR_CIPHER_VALUE EncOldValue = NULL;
2140 PBYTE CurrentValue = NULL;
2141 PBYTE OldValue = NULL;
2142 ULONG CurrentValueLength = 0;
2143 ULONG OldValueLength = 0;
2144 ULONG BufferSize;
2145 NTSTATUS Status;
2146
2147 TRACE("LsarQuerySecret(%p %p %p %p %p)\n", SecretHandle,
2148 EncryptedCurrentValue, CurrentValueSetTime,
2149 EncryptedOldValue, OldValueSetTime);
2150
2151 /* Validate the SecretHandle */
2152 Status = LsapValidateDbObject(SecretHandle,
2153 LsaDbSecretObject,
2154 SECRET_QUERY_VALUE,
2155 &SecretObject);
2156 if (!NT_SUCCESS(Status))
2157 {
2158 ERR("LsapValidateDbObject returned 0x%08lx\n", Status);
2159 return Status;
2160 }
2161
2162 if (EncryptedCurrentValue != NULL)
2163 {
2164 CurrentValueLength = 0;
2165
2166 /* Get the size of the current value */
2167 Status = LsapGetObjectAttribute(SecretObject,
2168 L"CurrentValue",
2169 NULL,
2170 &CurrentValueLength);
2171 if (!NT_SUCCESS(Status))
2172 goto done;
2173
2174 /* Allocate a buffer for the current value */
2175 CurrentValue = midl_user_allocate(CurrentValueLength);
2176 if (CurrentValue == NULL)
2177 {
2178 Status = STATUS_INSUFFICIENT_RESOURCES;
2179 goto done;
2180 }
2181
2182 /* Get the current value */
2183 Status = LsapGetObjectAttribute(SecretObject,
2184 L"CurrentValue",
2185 CurrentValue,
2186 &CurrentValueLength);
2187 if (!NT_SUCCESS(Status))
2188 goto done;
2189
2190 /* Allocate a buffer for the encrypted current value */
2191 EncCurrentValue = midl_user_allocate(sizeof(LSAPR_CR_CIPHER_VALUE));
2192 if (EncCurrentValue == NULL)
2193 {
2194 Status = STATUS_INSUFFICIENT_RESOURCES;
2195 goto done;
2196 }
2197
2198 /* FIXME: Encrypt the current value */
2199 EncCurrentValue->Length = (USHORT)(CurrentValueLength - sizeof(WCHAR));
2200 EncCurrentValue->MaximumLength = (USHORT)CurrentValueLength;
2201 EncCurrentValue->Buffer = (PBYTE)CurrentValue;
2202 }
2203
2204 if (CurrentValueSetTime != NULL)
2205 {
2206 BufferSize = sizeof(LARGE_INTEGER);
2207
2208 /* Get the current value time */
2209 Status = LsapGetObjectAttribute(SecretObject,
2210 L"CurrentTime",
2211 (PBYTE)CurrentValueSetTime,
2212 &BufferSize);
2213 if (!NT_SUCCESS(Status))
2214 goto done;
2215 }
2216
2217 if (EncryptedOldValue != NULL)
2218 {
2219 OldValueLength = 0;
2220
2221 /* Get the size of the old value */
2222 Status = LsapGetObjectAttribute(SecretObject,
2223 L"OldValue",
2224 NULL,
2225 &OldValueLength);
2226 if (!NT_SUCCESS(Status))
2227 goto done;
2228
2229 /* Allocate a buffer for the old value */
2230 OldValue = midl_user_allocate(OldValueLength);
2231 if (OldValue == NULL)
2232 {
2233 Status = STATUS_INSUFFICIENT_RESOURCES;
2234 goto done;
2235 }
2236
2237 /* Get the old value */
2238 Status = LsapGetObjectAttribute(SecretObject,
2239 L"OldValue",
2240 OldValue,
2241 &OldValueLength);
2242 if (!NT_SUCCESS(Status))
2243 goto done;
2244
2245 /* Allocate a buffer for the encrypted old value */
2246 EncOldValue = midl_user_allocate(sizeof(LSAPR_CR_CIPHER_VALUE) + OldValueLength);
2247 if (EncOldValue == NULL)
2248 {
2249 Status = STATUS_INSUFFICIENT_RESOURCES;
2250 goto done;
2251 }
2252
2253 /* FIXME: Encrypt the old value */
2254 EncOldValue->Length = (USHORT)(OldValueLength - sizeof(WCHAR));
2255 EncOldValue->MaximumLength = (USHORT)OldValueLength;
2256 EncOldValue->Buffer = (PBYTE)OldValue;
2257 }
2258
2259 if (OldValueSetTime != NULL)
2260 {
2261 BufferSize = sizeof(LARGE_INTEGER);
2262
2263 /* Get the old value time */
2264 Status = LsapGetObjectAttribute(SecretObject,
2265 L"OldTime",
2266 (PBYTE)OldValueSetTime,
2267 &BufferSize);
2268 if (!NT_SUCCESS(Status))
2269 goto done;
2270 }
2271
2272
2273 done:
2274 if (NT_SUCCESS(Status))
2275 {
2276 if (EncryptedCurrentValue != NULL)
2277 *EncryptedCurrentValue = EncCurrentValue;
2278
2279 if (EncryptedOldValue != NULL)
2280 *EncryptedOldValue = EncOldValue;
2281 }
2282 else
2283 {
2284 if (EncryptedCurrentValue != NULL)
2285 *EncryptedCurrentValue = NULL;
2286
2287 if (EncryptedOldValue != NULL)
2288 *EncryptedOldValue = NULL;
2289
2290 if (EncCurrentValue != NULL)
2291 midl_user_free(EncCurrentValue);
2292
2293 if (EncOldValue != NULL)
2294 midl_user_free(EncOldValue);
2295
2296 if (CurrentValue != NULL)
2297 midl_user_free(CurrentValue);
2298
2299 if (OldValue != NULL)
2300 midl_user_free(OldValue);
2301 }
2302
2303 TRACE("LsarQuerySecret done (Status 0x%08lx)\n", Status);
2304
2305 return Status;
2306 }
2307
2308
2309 /* Function 31 */
2310 NTSTATUS WINAPI LsarLookupPrivilegeValue(
2311 LSAPR_HANDLE PolicyHandle,
2312 PRPC_UNICODE_STRING Name,
2313 PLUID Value)
2314 {
2315 PLUID pValue;
2316 NTSTATUS Status;
2317
2318 TRACE("LsarLookupPrivilegeValue(%p, %wZ, %p)\n",
2319 PolicyHandle, Name, Value);
2320
2321 Status = LsapValidateDbObject(PolicyHandle,
2322 LsaDbPolicyObject,
2323 POLICY_LOOKUP_NAMES,
2324 NULL);
2325 if (!NT_SUCCESS(Status))
2326 {
2327 ERR("Invalid handle (Status %lx)\n", Status);
2328 return Status;
2329 }
2330
2331 TRACE("Privilege: %wZ\n", Name);
2332
2333 pValue = LsarpLookupPrivilegeValue(Name);
2334 if (pValue == NULL)
2335 return STATUS_NO_SUCH_PRIVILEGE;
2336
2337 RtlCopyLuid(Value, pValue);
2338
2339 return STATUS_SUCCESS;
2340 }
2341
2342
2343 /* Function 32 */
2344 NTSTATUS WINAPI LsarLookupPrivilegeName(
2345 LSAPR_HANDLE PolicyHandle,
2346 PLUID Value,
2347 PRPC_UNICODE_STRING *Name)
2348 {
2349 NTSTATUS Status;
2350
2351 TRACE("LsarLookupPrivilegeName(%p, %p, %p)\n",
2352 PolicyHandle, Value, Name);
2353
2354 Status = LsapValidateDbObject(PolicyHandle,
2355 LsaDbPolicyObject,
2356 POLICY_LOOKUP_NAMES,
2357 NULL);
2358 if (!NT_SUCCESS(Status))
2359 {
2360 ERR("Invalid handle\n");
2361 return Status;
2362 }
2363
2364 Status = LsarpLookupPrivilegeName(Value,
2365 Name);
2366
2367 return Status;
2368 }
2369
2370
2371 /* Function 33 */
2372 NTSTATUS WINAPI LsarLookupPrivilegeDisplayName(
2373 LSAPR_HANDLE PolicyHandle,
2374 PRPC_UNICODE_STRING Name,
2375 USHORT ClientLanguage,
2376 USHORT ClientSystemDefaultLanguage,
2377 PRPC_UNICODE_STRING *DisplayName,
2378 USHORT *LanguageReturned)
2379 {
2380 NTSTATUS Status;
2381
2382 TRACE("LsarLookupPrivilegeDisplayName(%p, %p, %u, %u, %p, %p)\n",
2383 PolicyHandle, Name, ClientLanguage, ClientSystemDefaultLanguage, DisplayName, LanguageReturned);
2384
2385 Status = LsapValidateDbObject(PolicyHandle,
2386 LsaDbPolicyObject,
2387 POLICY_LOOKUP_NAMES,
2388 NULL);
2389 if (!NT_SUCCESS(Status))
2390 {
2391 ERR("Invalid handle\n");
2392 return Status;
2393 }
2394
2395 Status = LsarpLookupPrivilegeDisplayName(Name,
2396 ClientLanguage,
2397 ClientSystemDefaultLanguage,
2398 DisplayName,
2399 LanguageReturned);
2400
2401 return Status;
2402 }
2403
2404
2405 /* Function 34 */
2406 NTSTATUS WINAPI LsarDeleteObject(
2407 LSAPR_HANDLE *ObjectHandle)
2408 {
2409 PLSA_DB_OBJECT DbObject;
2410 NTSTATUS Status;
2411
2412 TRACE("LsarDeleteObject(%p)\n", ObjectHandle);
2413
2414 if (ObjectHandle == NULL)
2415 return STATUS_INVALID_PARAMETER;
2416
2417 /* Validate the ObjectHandle */
2418 Status = LsapValidateDbObject(*ObjectHandle,
2419 LsaDbIgnoreObject,
2420 DELETE,
2421 &DbObject);
2422 if (!NT_SUCCESS(Status))
2423 {
2424 ERR("LsapValidateDbObject returned 0x%08lx\n", Status);
2425 return Status;
2426 }
2427
2428 /* You cannot delete the policy object */
2429 if (DbObject->ObjectType == LsaDbPolicyObject)
2430 return STATUS_INVALID_PARAMETER;
2431
2432 /* Delete the database object */
2433 Status = LsapDeleteDbObject(DbObject);
2434 if (!NT_SUCCESS(Status))
2435 {
2436 ERR("LsapDeleteDbObject returned 0x%08lx\n", Status);
2437 return Status;
2438 }
2439
2440 /* Invalidate the object handle */
2441 *ObjectHandle = NULL;
2442
2443 return STATUS_SUCCESS;
2444 }
2445
2446
2447 /* Function 35 */
2448 NTSTATUS WINAPI LsarEnumerateAccountsWithUserRight(
2449 LSAPR_HANDLE PolicyHandle,
2450 PRPC_UNICODE_STRING UserRight,
2451 PLSAPR_ACCOUNT_ENUM_BUFFER EnumerationBuffer)
2452 {
2453 PLSA_DB_OBJECT PolicyObject;
2454 ACCESS_MASK AccountRight = 0;
2455 PLUID Luid = NULL;
2456 ULONG AccountKeyBufferSize;
2457 PWSTR AccountKeyBuffer = NULL;
2458 HKEY AccountsKeyHandle = NULL;
2459 HKEY AccountKeyHandle = NULL;
2460 HKEY AttributeKeyHandle;
2461 ACCESS_MASK SystemAccess;
2462 PPRIVILEGE_SET PrivilegeSet;
2463 PLSAPR_ACCOUNT_INFORMATION EnumBuffer = NULL, ReturnBuffer;
2464 ULONG SubKeyCount = 0;
2465 ULONG EnumIndex, EnumCount;
2466 ULONG Size, i;
2467 BOOL Found;
2468 NTSTATUS Status;
2469
2470 TRACE("LsarEnumerateAccountsWithUserRights(%p %wZ %p)\n",
2471 PolicyHandle, UserRight, EnumerationBuffer);
2472
2473 /* Validate the privilege and account right names */
2474 if (UserRight != NULL)
2475 {
2476 Luid = LsarpLookupPrivilegeValue(UserRight);
2477 if (Luid == NULL)
2478 {
2479 AccountRight = LsapLookupAccountRightValue(UserRight);
2480 if (AccountRight == 0)
2481 return STATUS_NO_SUCH_PRIVILEGE;
2482 }
2483 }
2484
2485 if (EnumerationBuffer == NULL)
2486 return STATUS_INVALID_PARAMETER;
2487
2488 EnumerationBuffer->EntriesRead = 0;
2489 EnumerationBuffer->Information = NULL;
2490
2491 /* Validate the PolicyHandle */
2492 Status = LsapValidateDbObject(PolicyHandle,
2493 LsaDbPolicyObject,
2494 POLICY_LOOKUP_NAMES | POLICY_VIEW_LOCAL_INFORMATION,
2495 &PolicyObject);
2496 if (!NT_SUCCESS(Status))
2497 {
2498 ERR("LsapValidateDbObject returned 0x%08lx\n", Status);
2499 return Status;
2500 }
2501
2502 Status = LsapRegOpenKey(PolicyObject->KeyHandle,
2503 L"Accounts",
2504 KEY_READ,
2505 &AccountsKeyHandle);
2506 if (!NT_SUCCESS(Status))
2507 {
2508 ERR("LsapRegOpenKey returned 0x%08lx\n", Status);
2509 return Status;
2510 }
2511
2512 Status = LsapRegQueryKeyInfo(AccountsKeyHandle,
2513 &SubKeyCount,
2514 &AccountKeyBufferSize,
2515 NULL);
2516 if (!NT_SUCCESS(Status))
2517 {
2518 ERR("LsapRegOpenKey returned 0x%08lx\n", Status);
2519 return Status;
2520 }
2521
2522 AccountKeyBufferSize += sizeof(WCHAR);
2523 AccountKeyBuffer = RtlAllocateHeap(RtlGetProcessHeap(), 0, AccountKeyBufferSize);
2524 if (AccountKeyBuffer == NULL)
2525 {
2526 return STATUS_INSUFFICIENT_RESOURCES;
2527 }
2528
2529 EnumBuffer = RtlAllocateHeap(RtlGetProcessHeap(),
2530 HEAP_ZERO_MEMORY,
2531 SubKeyCount * sizeof(LSAPR_ACCOUNT_INFORMATION));
2532 if (EnumBuffer == NULL)
2533 {
2534 Status = STATUS_INSUFFICIENT_RESOURCES;
2535 goto done;
2536 }
2537
2538 EnumCount = 0;
2539 EnumIndex = 0;
2540 while (TRUE)
2541 {
2542 Found = FALSE;
2543
2544 Status = LsapRegEnumerateSubKey(AccountsKeyHandle,
2545 EnumIndex,
2546 AccountKeyBufferSize,
2547 AccountKeyBuffer);
2548 if (!NT_SUCCESS(Status))
2549 {
2550 if (Status == STATUS_NO_MORE_ENTRIES)
2551 Status = STATUS_SUCCESS;
2552 break;
2553 }
2554
2555 TRACE("EnumIndex: %lu\n", EnumIndex);
2556 TRACE("Account key name: %S\n", AccountKeyBuffer);
2557
2558 Status = LsapRegOpenKey(AccountsKeyHandle,
2559 AccountKeyBuffer,
2560 KEY_READ,
2561 &AccountKeyHandle);
2562 if (NT_SUCCESS(Status))
2563 {
2564 if (Luid != NULL || AccountRight != 0)
2565 {
2566 Status = LsapRegOpenKey(AccountKeyHandle,
2567 (Luid != NULL) ? L"Privilgs" : L"ActSysAc",
2568 KEY_READ,
2569 &AttributeKeyHandle);
2570 if (NT_SUCCESS(Status))
2571 {
2572 if (Luid != NULL)
2573 {
2574 Size = 0;
2575 LsapRegQueryValue(AttributeKeyHandle,
2576 NULL,
2577 NULL,
2578 NULL,
2579 &Size);
2580 if (Size != 0)
2581 {
2582 PrivilegeSet = RtlAllocateHeap(RtlGetProcessHeap(), 0, Size);
2583 if (PrivilegeSet)
2584 {
2585 if (LsapRegQueryValue(AttributeKeyHandle,
2586 NULL,
2587 NULL,
2588 PrivilegeSet,
2589 &Size) == STATUS_SUCCESS)
2590 {
2591 for (i = 0; i < PrivilegeSet->PrivilegeCount; i++)
2592 {
2593 if (RtlEqualLuid(&(PrivilegeSet->Privilege[i].Luid), Luid))
2594 {
2595 TRACE("%S got the privilege!\n", AccountKeyBuffer);
2596 Found = TRUE;
2597 break;
2598 }
2599 }
2600 }
2601
2602 RtlFreeHeap(RtlGetProcessHeap(), 0, PrivilegeSet);
2603 }
2604 }
2605 }
2606 else if (AccountRight != 0)
2607 {
2608 SystemAccess = 0;
2609 Size = sizeof(ACCESS_MASK);
2610 LsapRegQueryValue(AttributeKeyHandle,
2611 NULL,
2612 NULL,
2613 &SystemAccess,
2614 &Size);
2615 if (SystemAccess & AccountRight)
2616 {
2617 TRACE("%S got the account right!\n", AccountKeyBuffer);
2618 Found = TRUE;
2619 }
2620 }
2621
2622 LsapRegCloseKey(AttributeKeyHandle);
2623 }
2624 }
2625 else
2626 {
2627 /* enumerate all accounts */
2628 Found = TRUE;
2629 }
2630
2631 if (Found == TRUE)
2632 {
2633 TRACE("Add account: %S\n", AccountKeyBuffer);
2634
2635 Status = LsapRegOpenKey(AccountKeyHandle,
2636 L"Sid",
2637 KEY_READ,
2638 &AttributeKeyHandle);
2639 if (NT_SUCCESS(Status))
2640 {
2641 Size = 0;
2642 LsapRegQueryValue(AttributeKeyHandle,
2643 NULL,
2644 NULL,
2645 NULL,
2646 &Size);
2647 if (Size != 0)
2648 {
2649 EnumBuffer[EnumCount].Sid = midl_user_allocate(Size);
2650 if (EnumBuffer[EnumCount].Sid != NULL)
2651 {
2652 Status = LsapRegQueryValue(AttributeKeyHandle,
2653 NULL,
2654 NULL,
2655 EnumBuffer[EnumCount].Sid,
2656 &Size);
2657 if (NT_SUCCESS(Status))
2658 {
2659 EnumCount++;
2660 }
2661 else
2662 {
2663 TRACE("SampRegQueryValue returned %08lX\n", Status);
2664 midl_user_free(EnumBuffer[EnumCount].Sid);
2665 EnumBuffer[EnumCount].Sid = NULL;
2666 }
2667 }
2668 }
2669
2670 LsapRegCloseKey(AttributeKeyHandle);
2671 }
2672 }
2673
2674 LsapRegCloseKey(AccountKeyHandle);
2675 }
2676
2677 EnumIndex++;
2678 }
2679
2680 TRACE("EnumCount: %lu\n", EnumCount);
2681
2682 if (NT_SUCCESS(Status) && EnumCount != 0)
2683 {
2684 ReturnBuffer = midl_user_allocate(EnumCount * sizeof(LSAPR_ACCOUNT_INFORMATION));
2685 if (ReturnBuffer == NULL)
2686 {
2687 Status = STATUS_INSUFFICIENT_RESOURCES;
2688 goto done;
2689 }
2690
2691 RtlCopyMemory(ReturnBuffer,
2692 EnumBuffer,
2693 EnumCount * sizeof(LSAPR_ACCOUNT_INFORMATION));
2694
2695 EnumerationBuffer->EntriesRead = EnumCount;
2696 EnumerationBuffer->Information = ReturnBuffer;
2697 }
2698
2699 done:
2700 if (EnumBuffer != NULL)
2701 {
2702 if (Status != STATUS_SUCCESS)
2703 {
2704 for (i = 0; i < EnumCount; i++)
2705 {
2706 if (EnumBuffer[i].Sid != NULL)
2707 midl_user_free(EnumBuffer[i].Sid);
2708 }
2709 }
2710
2711 RtlFreeHeap(RtlGetProcessHeap(), 0, EnumBuffer);
2712 }
2713
2714 if (AccountKeyBuffer != NULL)
2715 RtlFreeHeap(RtlGetProcessHeap(), 0, AccountKeyBuffer);
2716
2717 if (Status == STATUS_SUCCESS && EnumCount == 0)
2718 Status = STATUS_NO_MORE_ENTRIES;
2719
2720 return Status;
2721 }
2722
2723
2724 /* Function 36 */
2725 NTSTATUS WINAPI LsarEnumerateAccountRights(
2726 LSAPR_HANDLE PolicyHandle,
2727 PRPC_SID AccountSid,
2728 PLSAPR_USER_RIGHT_SET UserRights)
2729 {
2730 LSAPR_HANDLE AccountHandle;
2731 PLSAPR_PRIVILEGE_SET PrivilegeSet = NULL;
2732 PRPC_UNICODE_STRING RightsBuffer = NULL;
2733 PRPC_UNICODE_STRING PrivilegeString;
2734 ACCESS_MASK SystemAccess = 0;
2735 ULONG RightsCount = 0;
2736 ULONG Index;
2737 ULONG i;
2738 NTSTATUS Status;
2739
2740 TRACE("LsarEnumerateAccountRights(%p %p %p)\n",
2741 PolicyHandle, AccountSid, UserRights);
2742
2743 /* Open the account */
2744 Status = LsarOpenAccount(PolicyHandle,
2745 AccountSid,
2746 ACCOUNT_VIEW,
2747 &AccountHandle);
2748 if (!NT_SUCCESS(Status))
2749 {
2750 WARN("LsarOpenAccount returned 0x%08lx\n", Status);
2751 return Status;
2752 }
2753
2754 /* Enumerate the privileges */
2755 Status = LsarEnumeratePrivilegesAccount(AccountHandle,
2756 &PrivilegeSet);
2757 if (!NT_SUCCESS(Status) && Status != STATUS_OBJECT_NAME_NOT_FOUND)
2758 {
2759 WARN("LsarEnumeratePrivilegesAccount returned 0x%08lx\n", Status);
2760 goto done;
2761 }
2762
2763 /* Get account rights */
2764 Status = LsarGetSystemAccessAccount(AccountHandle,
2765 &SystemAccess);
2766 if (!NT_SUCCESS(Status) && Status != STATUS_OBJECT_NAME_NOT_FOUND)
2767 {
2768 WARN("LsarGetSystemAccessAccount returned 0x%08lx\n", Status);
2769 goto done;
2770 }
2771
2772 RightsCount = PrivilegeSet->PrivilegeCount;
2773
2774 /* Count account rights */
2775 for (i = 0; i < sizeof(ACCESS_MASK) * 8; i++)
2776 {
2777 if (SystemAccess & (1 << i))
2778 RightsCount++;
2779 }
2780
2781 /* We are done if there are no rights to be enumerated */
2782 if (RightsCount == 0)
2783 {
2784 UserRights->Entries = 0;
2785 UserRights->UserRights = NULL;
2786 Status = STATUS_SUCCESS;
2787 goto done;
2788 }
2789
2790 /* Allocate a buffer for the account rights */
2791 RightsBuffer = MIDL_user_allocate(RightsCount * sizeof(RPC_UNICODE_STRING));
2792 if (RightsBuffer == NULL)
2793 {
2794 Status = STATUS_INSUFFICIENT_RESOURCES;
2795 goto done;
2796 }
2797
2798 /* Copy the privileges into the buffer */
2799 Index = 0;
2800 if (PrivilegeSet)
2801 {
2802 for (i = 0; i < PrivilegeSet->PrivilegeCount; i++)
2803 {
2804 PrivilegeString = NULL;
2805 Status = LsarLookupPrivilegeName(PolicyHandle,
2806 (PLUID)&PrivilegeSet->Privilege[i].Luid,
2807 &PrivilegeString);
2808 if (!NT_SUCCESS(Status))
2809 {
2810 WARN("LsarLookupPrivilegeName returned 0x%08lx\n", Status);
2811 goto done;
2812 }
2813
2814 RightsBuffer[Index].Length = PrivilegeString->Length;
2815 RightsBuffer[Index].MaximumLength = PrivilegeString->MaximumLength;
2816 RightsBuffer[Index].Buffer = PrivilegeString->Buffer;
2817
2818 MIDL_user_free(PrivilegeString);
2819 Index++;
2820 }
2821 }
2822
2823 /* Copy account rights into the buffer */
2824 for (i = 0; i < sizeof(ACCESS_MASK) * 8; i++)
2825 {
2826 if (SystemAccess & (1 << i))
2827 {
2828 Status = LsapLookupAccountRightName(1 << i,
2829 &PrivilegeString);
2830 if (!NT_SUCCESS(Status))
2831 {
2832 WARN("LsarLookupAccountRightName returned 0x%08lx\n", Status);
2833 goto done;
2834 }
2835
2836 RightsBuffer[Index].Length = PrivilegeString->Length;
2837 RightsBuffer[Index].MaximumLength = PrivilegeString->MaximumLength;
2838 RightsBuffer[Index].Buffer = PrivilegeString->Buffer;
2839
2840 MIDL_user_free(PrivilegeString);
2841 Index++;
2842 }
2843 }
2844
2845 UserRights->Entries = RightsCount;
2846 UserRights->UserRights = (PRPC_UNICODE_STRING)RightsBuffer;
2847
2848 done:
2849 if (!NT_SUCCESS(Status))
2850 {
2851 if (RightsBuffer != NULL)
2852 {
2853 for (Index = 0; Index < RightsCount; Index++)
2854 {
2855 if (RightsBuffer[Index].Buffer != NULL)
2856 MIDL_user_free(RightsBuffer[Index].Buffer);
2857 }
2858
2859 MIDL_user_free(RightsBuffer);
2860 }
2861 }
2862
2863 if (PrivilegeSet != NULL)
2864 MIDL_user_free(PrivilegeSet);
2865
2866 LsarClose(&AccountHandle);
2867
2868 return Status;
2869 }
2870
2871
2872 /* Function 37 */
2873 NTSTATUS WINAPI LsarAddAccountRights(
2874 LSAPR_HANDLE PolicyHandle,
2875 PRPC_SID AccountSid,
2876 PLSAPR_USER_RIGHT_SET UserRights)
2877 {
2878 PLSA_DB_OBJECT PolicyObject;
2879 PLSA_DB_OBJECT AccountObject = NULL;
2880 ULONG ulNewPrivileges = 0, ulNewRights = 0;
2881 ACCESS_MASK SystemAccess = 0;
2882 ULONG Size, Value, i, j;
2883 PPRIVILEGE_SET PrivilegeSet = NULL;
2884 ULONG PrivilegeSetBufferSize = 0;
2885 ULONG PrivilegeCount;
2886 BOOLEAN bFound;
2887 PLUID pLuid;
2888 NTSTATUS Status;
2889
2890 TRACE("LsarAddAccountRights(%p %p %p)\n",
2891 PolicyHandle, AccountSid, UserRights);
2892
2893 /* Validate the AccountSid */
2894 if (!RtlValidSid(AccountSid))
2895 return STATUS_INVALID_PARAMETER;
2896
2897 /* Validate the UserRights */
2898 if (UserRights == NULL)
2899 return STATUS_INVALID_PARAMETER;
2900
2901 /* Validate the privilege and account right names */
2902 for (i = 0; i < UserRights->Entries; i++)
2903 {
2904 if (LsarpLookupPrivilegeValue(&UserRights->UserRights[i]) != NULL)
2905 {
2906 ulNewPrivileges++;
2907 }
2908 else
2909 {
2910 if (LsapLookupAccountRightValue(&UserRights->UserRights[i]) == 0)
2911 return STATUS_NO_SUCH_PRIVILEGE;
2912
2913 ulNewRights++;
2914 }
2915 }
2916
2917 TRACE("ulNewPrivileges: %lu\n", ulNewPrivileges);
2918 TRACE("ulNewRights: %lu\n", ulNewRights);
2919
2920 /* Validate the PolicyHandle */
2921 Status = LsapValidateDbObject(PolicyHandle,
2922 LsaDbPolicyObject,
2923 POLICY_LOOKUP_NAMES,
2924 &PolicyObject);
2925 if (!NT_SUCCESS(Status))
2926 {
2927 WARN("LsapValidateDbObject returned 0x%08lx\n", Status);
2928 return Status;
2929 }
2930
2931 /* Open the account */
2932 Status = LsarpOpenAccount(PolicyObject,
2933 AccountSid,
2934 0,
2935 &AccountObject);
2936 if (!NT_SUCCESS(Status) && Status != STATUS_OBJECT_NAME_NOT_FOUND)
2937 {
2938 WARN("LsarpOpenAccount returned 0x%08lx\n", Status);
2939 goto done;
2940 }
2941 else if (Status == STATUS_OBJECT_NAME_NOT_FOUND)
2942 {
2943 /* Create a new account if it does not yet exist */
2944 Status = LsarpCreateAccount(PolicyObject,
2945 AccountSid,
2946 0,
2947 &AccountObject);
2948 if (!NT_SUCCESS(Status))
2949 {
2950 WARN("LsarpCreateAccount returned 0x%08lx\n", Status);
2951 goto done;
2952 }
2953 }
2954
2955 if (ulNewPrivileges > 0)
2956 {
2957 Size = 0;
2958
2959 /* Get the size of the Privilgs attribute */
2960 Status = LsapGetObjectAttribute(AccountObject,
2961 L"Privilgs",
2962 NULL,
2963 &Size);
2964 if (!NT_SUCCESS(Status) && Status != STATUS_OBJECT_NAME_NOT_FOUND)
2965 goto done;
2966
2967 /* Calculate the required privilege set buffer size */
2968 if (Size == 0)
2969 PrivilegeSetBufferSize = sizeof(PRIVILEGE_SET) +
2970 (ulNewPrivileges - 1) * sizeof(LUID_AND_ATTRIBUTES);
2971 else
2972 PrivilegeSetBufferSize = Size +
2973 ulNewPrivileges * sizeof(LUID_AND_ATTRIBUTES);
2974
2975 /* Allocate the privilege set buffer */
2976 PrivilegeSet = RtlAllocateHeap(RtlGetProcessHeap(),
2977 HEAP_ZERO_MEMORY,
2978 PrivilegeSetBufferSize);
2979 if (PrivilegeSet == NULL)
2980 return STATUS_NO_MEMORY;
2981
2982 /* Get the privilege set */
2983 if (Size != 0)
2984 {
2985 Status = LsapGetObjectAttribute(AccountObject,
2986 L"Privilgs",
2987 PrivilegeSet,
2988 &Size);
2989 if (!NT_SUCCESS(Status))
2990 {
2991 WARN("LsapGetObjectAttribute() failed (Status 0x%08lx)\n", Status);
2992 goto done;
2993 }
2994 }
2995
2996 PrivilegeCount = PrivilegeSet->PrivilegeCount;
2997 TRACE("Privilege count: %lu\n", PrivilegeCount);
2998
2999 for (i = 0; i < UserRights->Entries; i++)
3000 {
3001 pLuid = LsarpLookupPrivilegeValue(&UserRights->UserRights[i]);
3002 if (pLuid == NULL)
3003 continue;
3004
3005 bFound = FALSE;
3006 for (j = 0; j < PrivilegeSet->PrivilegeCount; j++)
3007 {
3008 if (RtlEqualLuid(&(PrivilegeSet->Privilege[j].Luid), pLuid))
3009 {
3010 bFound = TRUE;
3011 break;
3012 }
3013 }
3014
3015 if (bFound == FALSE)
3016 {
3017 /* Copy the new privilege */
3018 RtlCopyMemory(&(PrivilegeSet->Privilege[PrivilegeSet->PrivilegeCount]),
3019 pLuid,
3020 sizeof(LUID));
3021 PrivilegeSet->PrivilegeCount++;
3022 }
3023 }
3024
3025 /* Store the extended privilege set */
3026 if (PrivilegeCount != PrivilegeSet->PrivilegeCount)
3027 {
3028 Size = sizeof(PRIVILEGE_SET) +
3029 (PrivilegeSet->PrivilegeCount - 1) * sizeof(LUID_AND_ATTRIBUTES);
3030
3031 Status = LsapSetObjectAttribute(AccountObject,
3032 L"Privilgs",
3033 PrivilegeSet,
3034 Size);
3035 if (!NT_SUCCESS(Status))
3036 {
3037 WARN("LsapSetObjectAttribute() failed (Status 0x%08lx)\n", Status);
3038 goto done;
3039 }
3040 }
3041 }
3042
3043 if (ulNewRights > 0)
3044 {
3045 Size = sizeof(ACCESS_MASK);
3046
3047 /* Get the system access flags, if the attribute exists */
3048 Status = LsapGetObjectAttribute(AccountObject,
3049 L"ActSysAc",
3050 &SystemAccess,
3051 &Size);
3052 if (!NT_SUCCESS(Status) && Status != STATUS_OBJECT_NAME_NOT_FOUND)
3053 goto done;
3054
3055 /* Set the new access rights */
3056 for (i = 0; i < UserRights->Entries; i++)
3057 {
3058 Value = LsapLookupAccountRightValue(&UserRights->UserRights[i]);
3059 if (Value != 0)
3060 SystemAccess |= Value;
3061 }
3062
3063 /* Set the system access flags */
3064 Status = LsapSetObjectAttribute(AccountObject,
3065 L"ActSysAc",
3066 &SystemAccess,
3067 sizeof(ACCESS_MASK));
3068 }
3069
3070 done:
3071 if (PrivilegeSet != NULL)
3072 RtlFreeHeap(RtlGetProcessHeap(), 0, PrivilegeSet);
3073
3074 if (AccountObject != NULL)
3075 LsapCloseDbObject(AccountObject);
3076
3077 return Status;
3078 }
3079
3080
3081 /* Function 38 */
3082 NTSTATUS WINAPI LsarRemoveAccountRights(
3083 LSAPR_HANDLE PolicyHandle,
3084 PRPC_SID AccountSid,
3085 BOOLEAN AllRights,
3086 PLSAPR_USER_RIGHT_SET UserRights)
3087 {
3088 PLSA_DB_OBJECT PolicyObject;
3089 PLSA_DB_OBJECT AccountObject = NULL;
3090 ULONG PrivilegesToRemove = 0, RightsToRemove = 0;
3091 ACCESS_MASK SystemAccess = 0;
3092 ULONG Size, Value, i, j, Index;
3093 PPRIVILEGE_SET PrivilegeSet = NULL;
3094 ULONG PrivilegeCount;
3095 PLUID pLuid;
3096 NTSTATUS Status;
3097
3098 TRACE("LsarRemoveAccountRights(%p %p %lu %p)\n",
3099 PolicyHandle, AccountSid, AllRights, UserRights);
3100
3101 /* Validate the AccountSid */
3102 if (!RtlValidSid(AccountSid))
3103 return STATUS_INVALID_PARAMETER;
3104
3105 /* Validate the UserRights */
3106 if (UserRights == NULL)
3107 return STATUS_INVALID_PARAMETER;
3108
3109 /* Validate the privilege and account right names */
3110 for (i = 0; i < UserRights->Entries; i++)
3111 {
3112 if (LsarpLookupPrivilegeValue(&UserRights->UserRights[i]) != NULL)
3113 {
3114 PrivilegesToRemove++;
3115 }
3116 else
3117 {
3118 if (LsapLookupAccountRightValue(&UserRights->UserRights[i]) == 0)
3119 return STATUS_NO_SUCH_PRIVILEGE;
3120
3121 RightsToRemove++;
3122 }
3123 }
3124
3125 /* Validate the PolicyHandle */
3126 Status = LsapValidateDbObject(PolicyHandle,
3127 LsaDbPolicyObject,
3128 POLICY_LOOKUP_NAMES,
3129 &PolicyObject);
3130 if (!NT_SUCCESS(Status))
3131 {
3132 ERR("LsapValidateDbObject returned 0x%08lx\n", Status);
3133 return Status;
3134 }
3135
3136 /* Open the account */
3137 Status = LsarpOpenAccount(PolicyObject,
3138 AccountSid,
3139 0,
3140 &AccountObject);
3141 if (!NT_SUCCESS(Status) && Status != STATUS_OBJECT_NAME_NOT_FOUND)
3142 {
3143 ERR("LsarpOpenAccount returned 0x%08lx\n", Status);
3144 goto done;
3145 }
3146
3147 if (AllRights == FALSE)
3148 {
3149 /* Get the size of the Privilgs attribute */
3150 Size = 0;
3151 Status = LsapGetObjectAttribute(AccountObject,
3152 L"Privilgs",
3153 NULL,
3154 &Size);
3155 if (!NT_SUCCESS(Status) && Status != STATUS_OBJECT_NAME_NOT_FOUND)
3156 goto done;
3157
3158 if ((Size != 0) && (PrivilegesToRemove != 0))
3159 {
3160 /* Allocate the privilege set buffer */
3161 PrivilegeSet = RtlAllocateHeap(RtlGetProcessHeap(),
3162 HEAP_ZERO_MEMORY,
3163 Size);
3164 if (PrivilegeSet == NULL)
3165 return STATUS_NO_MEMORY;
3166
3167 /* Get the privilege set */
3168 Status = LsapGetObjectAttribute(AccountObject,
3169 L"Privilgs",
3170 PrivilegeSet,
3171 &Size);
3172 if (!NT_SUCCESS(Status))
3173 {
3174 ERR("LsapGetObjectAttribute() failed (Status 0x%08lx)\n", Status);
3175 goto done;
3176 }
3177
3178 PrivilegeCount = PrivilegeSet->PrivilegeCount;
3179
3180 for (i = 0; i < UserRights->Entries; i++)
3181 {
3182 pLuid = LsarpLookupPrivilegeValue(&UserRights->UserRights[i]);
3183 if (pLuid == NULL)
3184 continue;
3185
3186 Index = -1;
3187 for (j = 0; j < PrivilegeSet->PrivilegeCount; j++)
3188 {
3189 if (RtlEqualLuid(&(PrivilegeSet->Privilege[j].Luid), pLuid))
3190 {
3191 Index = j;
3192 break;
3193 }
3194 }
3195
3196 if (Index != -1)
3197 {
3198 /* Remove the privilege */
3199 if ((PrivilegeSet->PrivilegeCount > 1) &&
3200 (Index < PrivilegeSet->PrivilegeCount - 1))
3201 RtlMoveMemory(&(PrivilegeSet->Privilege[Index]),
3202 &(PrivilegeSet->Privilege[Index + 1]),
3203 (Index - PrivilegeSet->PrivilegeCount - 1) * sizeof(LUID));
3204
3205 /* Wipe the last entry */
3206 RtlZeroMemory(&(PrivilegeSet->Privilege[PrivilegeSet->PrivilegeCount - 1]),
3207 sizeof(LUID));
3208
3209 PrivilegeSet->PrivilegeCount--;
3210 }
3211 }
3212
3213 /* Store the extended privilege set */
3214 if (PrivilegeCount != PrivilegeSet->PrivilegeCount)
3215 {
3216 Size = sizeof(PRIVILEGE_SET) +
3217 (PrivilegeSet->PrivilegeCount - 1) * sizeof(LUID_AND_ATTRIBUTES);
3218
3219 Status = LsapSetObjectAttribute(AccountObject,
3220 L"Privilgs",
3221 PrivilegeSet,
3222 Size);
3223 if (!NT_SUCCESS(Status))
3224 {
3225 ERR("LsapSetObjectAttribute() failed (Status 0x%08lx)\n", Status);
3226 goto done;
3227 }
3228 }
3229 }
3230
3231 /* Get the system access flags, if the attribute exists */
3232 Size = 0;
3233 Status = LsapGetObjectAttribute(AccountObject,
3234 L"ActSysAc",
3235 &SystemAccess,
3236 &Size);
3237 if (!NT_SUCCESS(Status) && Status != STATUS_OBJECT_NAME_NOT_FOUND)
3238 goto done;
3239
3240 if ((Size != 0) && (RightsToRemove != 0))
3241 {
3242 ERR("Rights: 0x%lx\n", SystemAccess);
3243
3244 /* Set the new access rights */
3245 for (i = 0; i < UserRights->Entries; i++)
3246 {
3247 Value = LsapLookupAccountRightValue(&UserRights->UserRights[i]);
3248 if (Value != 0)
3249 SystemAccess &= ~Value;
3250 }
3251 ERR("New Rights: 0x%lx\n", SystemAccess);
3252
3253 /* Set the system access flags */
3254 Status = LsapSetObjectAttribute(AccountObject,
3255 L"ActSysAc",
3256 &SystemAccess,
3257 sizeof(ACCESS_MASK));
3258 }
3259 }
3260 else
3261 {
3262 }
3263
3264 done:
3265 if (PrivilegeSet != NULL)
3266 RtlFreeHeap(RtlGetProcessHeap(), 0, PrivilegeSet);
3267
3268 if (AccountObject != NULL)
3269 LsapCloseDbObject(AccountObject);
3270
3271 return Status;
3272 }
3273
3274
3275 /* Function 39 */
3276 NTSTATUS WINAPI LsarQueryTrustedDomainInfo(
3277 LSAPR_HANDLE PolicyHandle,
3278 PRPC_SID TrustedDomainSid,
3279 TRUSTED_INFORMATION_CLASS InformationClass,
3280 PLSAPR_TRUSTED_DOMAIN_INFO *TrustedDomainInformation)
3281 {
3282 /* FIXME: We are not running an AD yet */
3283 return STATUS_DIRECTORY_SERVICE_REQUIRED;
3284 }
3285
3286
3287 /* Function 40 */
3288 NTSTATUS WINAPI LsarSetTrustedDomainInfo(
3289 LSAPR_HANDLE PolicyHandle,
3290 PRPC_SID TrustedDomainSid,
3291 TRUSTED_INFORMATION_CLASS InformationClass,
3292 PLSAPR_TRUSTED_DOMAIN_INFO TrustedDomainInformation)
3293 {
3294 /* FIXME: We are not running an AD yet */
3295 return STATUS_DIRECTORY_SERVICE_REQUIRED;
3296 }
3297
3298
3299 /* Function 41 */
3300 NTSTATUS WINAPI LsarDeleteTrustedDomain(
3301 LSAPR_HANDLE PolicyHandle,
3302 PRPC_SID TrustedDomainSid)
3303 {
3304 /* FIXME: We are not running an AD yet */
3305 return STATUS_DIRECTORY_SERVICE_REQUIRED;
3306 }
3307
3308
3309 /* Function 42 */
3310 NTSTATUS WINAPI LsarStorePrivateData(
3311 LSAPR_HANDLE PolicyHandle,
3312 PRPC_UNICODE_STRING KeyName,
3313 PLSAPR_CR_CIPHER_VALUE EncryptedData)
3314 {
3315 PLSA_DB_OBJECT PolicyObject = NULL;
3316 PLSA_DB_OBJECT SecretsObject = NULL;
3317 PLSA_DB_OBJECT SecretObject = NULL;
3318 LARGE_INTEGER Time;
3319 PBYTE Value = NULL;
3320 ULONG ValueLength = 0;
3321 NTSTATUS Status;
3322
3323 TRACE("LsarStorePrivateData(%p %p %p)\n",
3324 PolicyHandle, KeyName, EncryptedData);
3325
3326 /* Validate the SecretHandle */
3327 Status = LsapValidateDbObject(PolicyHandle,
3328 LsaDbPolicyObject,
3329 POLICY_CREATE_SECRET,
3330 &PolicyObject);
3331 if (!NT_SUCCESS(Status))
3332 {
3333 ERR("LsapValidateDbObject returned 0x%08lx\n", Status);
3334 return Status;
3335 }
3336
3337 /* Open the 'Secrets' object */
3338 Status = LsapOpenDbObject(PolicyObject,
3339 NULL,
3340 L"Secrets",
3341 LsaDbIgnoreObject,
3342 0,
3343 PolicyObject->Trusted,
3344 &SecretsObject);
3345 if (!NT_SUCCESS(Status))
3346 {
3347 ERR("LsapOpenDbObject failed (Status 0x%08lx)\n", Status);
3348 goto done;
3349 }
3350
3351 if (EncryptedData == NULL)
3352 {
3353 /* Open the Secret object */
3354 Status = LsapOpenDbObject(SecretsObject,
3355 NULL,
3356 KeyName->Buffer,
3357 LsaDbSecretObject,
3358 0,
3359 PolicyObject->Trusted,
3360 &SecretObject);
3361 if (!NT_SUCCESS(Status))
3362 {
3363 ERR("LsapOpenDbObject failed (Status 0x%08lx)\n", Status);
3364 goto done;
3365 }
3366
3367 /* Delete the secret */
3368 Status = LsapDeleteDbObject(SecretObject);
3369 if (NT_SUCCESS(Status))
3370 SecretObject = NULL;
3371 }
3372 else
3373 {
3374 /* Create the Secret object */
3375 Status = LsapCreateDbObject(SecretsObject,
3376 NULL,
3377 KeyName->Buffer,
3378 LsaDbSecretObject,
3379 0,
3380 PolicyObject->Trusted,
3381 &SecretObject);
3382 if (!NT_SUCCESS(Status))
3383 {
3384 ERR("LsapCreateDbObject failed (Status 0x%08lx)\n", Status);
3385 goto done;
3386 }
3387
3388 /* FIXME: Decrypt data */
3389 Value = EncryptedData->Buffer;
3390 ValueLength = EncryptedData->MaximumLength;
3391
3392 /* Get the current time */
3393 Status = NtQuerySystemTime(&Time);
3394 if (!NT_SUCCESS(Status))
3395 {
3396 ERR("NtQuerySystemTime failed (Status 0x%08lx)\n", Status);
3397 goto done;
3398 }
3399
3400 /* Set the current value */
3401 Status = LsapSetObjectAttribute(SecretObject,
3402 L"CurrentValue",
3403 Value,
3404 ValueLength);
3405 if (!NT_SUCCESS(Status))
3406 {
3407 ERR("LsapSetObjectAttribute failed (Status 0x%08lx)\n", Status);
3408 goto done;
3409 }
3410
3411 /* Set the current time */
3412 Status = LsapSetObjectAttribute(SecretObject,
3413 L"CurrentTime",
3414 &Time,
3415 sizeof(LARGE_INTEGER));
3416 if (!NT_SUCCESS(Status))
3417 {
3418 ERR("LsapSetObjectAttribute failed (Status 0x%08lx)\n", Status);
3419 goto done;
3420 }
3421
3422 /* Get the current time */
3423 Status = NtQuerySystemTime(&Time);
3424 if (!NT_SUCCESS(Status))
3425 {
3426 ERR("NtQuerySystemTime failed (Status 0x%08lx)\n", Status);
3427 goto done;
3428 }
3429
3430 /* Set the old value */
3431 Status = LsapSetObjectAttribute(SecretObject,
3432 L"OldValue",
3433 NULL,
3434 0);
3435 if (!NT_SUCCESS(Status))
3436 {
3437 ERR("LsapSetObjectAttribute failed (Status 0x%08lx)\n", Status);
3438 goto done;
3439 }
3440
3441 /* Set the old time */
3442 Status = LsapSetObjectAttribute(SecretObject,
3443 L"OldTime",
3444 &Time,
3445 sizeof(LARGE_INTEGER));
3446 if (!NT_SUCCESS(Status))
3447 {
3448 ERR("LsapSetObjectAttribute failed (Status 0x%08lx)\n", Status);
3449 }
3450 }
3451
3452 done:
3453 if (SecretObject != NULL)
3454 LsapCloseDbObject(SecretObject);
3455
3456 if (SecretsObject != NULL)
3457 LsapCloseDbObject(SecretsObject);
3458
3459 return Status;
3460 }
3461
3462
3463 /* Function 43 */
3464 NTSTATUS WINAPI LsarRetrievePrivateData(
3465 LSAPR_HANDLE PolicyHandle,
3466 PRPC_UNICODE_STRING KeyName,
3467 PLSAPR_CR_CIPHER_VALUE *EncryptedData)
3468 {
3469 PLSA_DB_OBJECT PolicyObject = NULL;
3470 PLSA_DB_OBJECT SecretObject = NULL;
3471 PLSAPR_CR_CIPHER_VALUE EncCurrentValue = NULL;
3472 ULONG CurrentValueLength = 0;
3473 PBYTE CurrentValue = NULL;
3474 NTSTATUS Status;
3475
3476 TRACE("LsarRetrievePrivateData(%p %wZ %p)\n",
3477 PolicyHandle, KeyName, EncryptedData);
3478
3479 /* Validate the SecretHandle */
3480 Status = LsapValidateDbObject(PolicyHandle,
3481 LsaDbPolicyObject,
3482 POLICY_CREATE_SECRET,
3483 &PolicyObject);
3484 if (!NT_SUCCESS(Status))
3485 {
3486 ERR("LsapValidateDbObject returned 0x%08lx\n", Status);
3487 return Status;
3488 }
3489
3490 /* Open the secret object */
3491 Status = LsapOpenDbObject(PolicyObject,
3492 L"Secrets",
3493 KeyName->Buffer,
3494 LsaDbSecretObject,
3495 0,
3496 PolicyObject->Trusted,
3497 &SecretObject);
3498 if (!NT_SUCCESS(Status))
3499 {
3500 ERR("LsapOpenDbObject failed (Status 0x%08lx)\n", Status);
3501 goto done;
3502 }
3503
3504 /* Get the size of the current value */
3505 Status = LsapGetObjectAttribute(SecretObject,
3506 L"CurrentValue",
3507 NULL,
3508 &CurrentValueLength);
3509 if (!NT_SUCCESS(Status))
3510 goto done;
3511
3512 /* Allocate a buffer for the current value */
3513 CurrentValue = midl_user_allocate(CurrentValueLength);
3514 if (CurrentValue == NULL)
3515 {
3516 Status = STATUS_INSUFFICIENT_RESOURCES;
3517 goto done;
3518 }
3519
3520 /* Get the current value */
3521 Status = LsapGetObjectAttribute(SecretObject,
3522 L"CurrentValue",
3523 CurrentValue,
3524 &CurrentValueLength);
3525 if (!NT_SUCCESS(Status))
3526 goto done;
3527
3528 /* Allocate a buffer for the encrypted current value */
3529 EncCurrentValue = midl_user_allocate(sizeof(LSAPR_CR_CIPHER_VALUE) + CurrentValueLength);
3530 if (EncCurrentValue == NULL)
3531 {
3532 Status = STATUS_INSUFFICIENT_RESOURCES;
3533 goto done;
3534 }
3535
3536 /* FIXME: Encrypt the current value */
3537 EncCurrentValue->Length = (USHORT)(CurrentValueLength - sizeof(WCHAR));
3538 EncCurrentValue->MaximumLength = (USHORT)CurrentValueLength;
3539 EncCurrentValue->Buffer = (PBYTE)(EncCurrentValue + 1);
3540 RtlCopyMemory(EncCurrentValue->Buffer,
3541 CurrentValue,
3542 CurrentValueLength);
3543
3544 done:
3545 if (NT_SUCCESS(Status))
3546 {
3547 if (EncryptedData != NULL)
3548 *EncryptedData = EncCurrentValue;
3549 }
3550 else
3551 {
3552 if (EncryptedData != NULL)
3553 *EncryptedData = NULL;
3554
3555 if (EncCurrentValue != NULL)
3556 midl_user_free(EncCurrentValue);
3557 }
3558
3559 if (SecretObject != NULL)
3560 LsapCloseDbObject(SecretObject);
3561
3562 return Status;
3563 }
3564
3565
3566 /* Function 44 */
3567 NTSTATUS WINAPI LsarOpenPolicy2(
3568 LPWSTR SystemName,
3569 PLSAPR_OBJECT_ATTRIBUTES ObjectAttributes,
3570 ACCESS_MASK DesiredAccess,
3571 LSAPR_HANDLE *PolicyHandle)
3572 {
3573 return LsarOpenPolicy(SystemName,
3574 ObjectAttributes,
3575 DesiredAccess,
3576 PolicyHandle);
3577 }
3578
3579
3580 /* Function 45 */
3581 NTSTATUS WINAPI LsarGetUserName(
3582 LPWSTR SystemName,
3583 PRPC_UNICODE_STRING *UserName,
3584 PRPC_UNICODE_STRING *DomainName)
3585 {
3586 UNIMPLEMENTED;
3587 return STATUS_NOT_IMPLEMENTED;
3588 }
3589
3590
3591 /* Function 46 */
3592 NTSTATUS WINAPI LsarQueryInformationPolicy2(
3593 LSAPR_HANDLE PolicyHandle,
3594 POLICY_INFORMATION_CLASS InformationClass,
3595 PLSAPR_POLICY_INFORMATION *PolicyInformation)
3596 {
3597 return LsarQueryInformationPolicy(PolicyHandle,
3598 InformationClass,
3599 PolicyInformation);
3600 }
3601
3602
3603 /* Function 47 */
3604 NTSTATUS WINAPI LsarSetInformationPolicy2(
3605 LSAPR_HANDLE PolicyHandle,
3606 POLICY_INFORMATION_CLASS InformationClass,
3607 PLSAPR_POLICY_INFORMATION PolicyInformation)
3608 {
3609 return LsarSetInformationPolicy(PolicyHandle,
3610 InformationClass,
3611 PolicyInformation);
3612 }
3613
3614
3615 /* Function 48 */
3616 NTSTATUS WINAPI LsarQueryTrustedDomainInfoByName(
3617 LSAPR_HANDLE PolicyHandle,
3618 PRPC_UNICODE_STRING TrustedDomainName,
3619 POLICY_INFORMATION_CLASS InformationClass,
3620 PLSAPR_TRUSTED_DOMAIN_INFO *PolicyInformation)
3621 {
3622 /* FIXME: We are not running an AD yet */
3623 return STATUS_OBJECT_NAME_NOT_FOUND;
3624 }
3625
3626
3627 /* Function 49 */
3628 NTSTATUS WINAPI LsarSetTrustedDomainInfoByName(
3629 LSAPR_HANDLE PolicyHandle,
3630 PRPC_UNICODE_STRING TrustedDomainName,
3631 POLICY_INFORMATION_CLASS InformationClass,
3632 PLSAPR_TRUSTED_DOMAIN_INFO PolicyInformation)
3633 {
3634 /* FIXME: We are not running an AD yet */
3635 return STATUS_OBJECT_NAME_NOT_FOUND;
3636 }
3637
3638
3639 /* Function 50 */
3640 NTSTATUS WINAPI LsarEnumerateTrustedDomainsEx(
3641 LSAPR_HANDLE PolicyHandle,
3642 DWORD *EnumerationContext,
3643 PLSAPR_TRUSTED_ENUM_BUFFER_EX EnumerationBuffer,
3644 DWORD PreferedMaximumLength)
3645 {
3646 /* FIXME: We are not running an AD yet */
3647 EnumerationBuffer->EntriesRead = 0;
3648 EnumerationBuffer->EnumerationBuffer = NULL;
3649 return STATUS_NO_MORE_ENTRIES;
3650 }
3651
3652
3653 /* Function 51 */
3654 NTSTATUS WINAPI LsarCreateTrustedDomainEx(
3655 LSAPR_HANDLE PolicyHandle,
3656 PLSAPR_TRUSTED_DOMAIN_INFORMATION_EX TrustedDomainInformation,
3657 PLSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION AuthentificationInformation,
3658 ACCESS_MASK DesiredAccess,
3659 LSAPR_HANDLE *TrustedDomainHandle)
3660 {
3661 /* FIXME: We are not running an AD yet */
3662 return STATUS_DIRECTORY_SERVICE_REQUIRED;
3663 }
3664
3665
3666 /* Function 52 */
3667 NTSTATUS WINAPI LsarSetPolicyReplicationHandle(
3668 PLSAPR_HANDLE PolicyHandle)
3669 {
3670 /* Deprecated */
3671 return STATUS_NOT_IMPLEMENTED;
3672 }
3673
3674
3675 /* Function 53 */
3676 NTSTATUS WINAPI LsarQueryDomainInformationPolicy(
3677 LSAPR_HANDLE PolicyHandle,
3678 POLICY_INFORMATION_CLASS InformationClass,
3679 PLSAPR_POLICY_DOMAIN_INFORMATION *PolicyInformation)
3680 {
3681 UNIMPLEMENTED;
3682 return STATUS_NOT_IMPLEMENTED;
3683 }
3684
3685
3686 /* Function 54 */
3687 NTSTATUS WINAPI LsarSetDomainInformationPolicy(
3688 LSAPR_HANDLE PolicyHandle,
3689 POLICY_INFORMATION_CLASS InformationClass,
3690 PLSAPR_POLICY_DOMAIN_INFORMATION PolicyInformation)
3691 {
3692 UNIMPLEMENTED;
3693 return STATUS_NOT_IMPLEMENTED;
3694 }
3695
3696
3697 /* Function 55 */
3698 NTSTATUS WINAPI LsarOpenTrustedDomainByName(
3699 LSAPR_HANDLE PolicyHandle,
3700 PRPC_UNICODE_STRING TrustedDomainName,
3701 ACCESS_MASK DesiredAccess,
3702 LSAPR_HANDLE *TrustedDomainHandle)
3703 {
3704 /* FIXME: We are not running an AD yet */
3705 return STATUS_OBJECT_NAME_NOT_FOUND;
3706 }
3707
3708
3709 /* Function 56 */
3710 NTSTATUS WINAPI LsarTestCall(
3711 handle_t hBinding)
3712 {
3713 UNIMPLEMENTED;
3714 return STATUS_NOT_IMPLEMENTED;
3715 }
3716
3717
3718 /* Function 57 */
3719 NTSTATUS WINAPI LsarLookupSids2(
3720 LSAPR_HANDLE PolicyHandle,
3721 PLSAPR_SID_ENUM_BUFFER SidEnumBuffer,
3722 PLSAPR_REFERENCED_DOMAIN_LIST *ReferencedDomains,
3723 PLSAPR_TRANSLATED_NAMES_EX TranslatedNames,
3724 LSAP_LOOKUP_LEVEL LookupLevel,
3725 DWORD *MappedCount,
3726 DWORD LookupOptions,
3727 DWORD ClientRevision)
3728 {
3729 NTSTATUS Status;
3730
3731 TRACE("LsarLookupSids2(%p %p %p %p %d %p %lu %lu)\n",
3732 PolicyHandle, SidEnumBuffer, ReferencedDomains, TranslatedNames,
3733 LookupLevel, MappedCount, LookupOptions, ClientRevision);
3734
3735 TranslatedNames->Entries = SidEnumBuffer->Entries;
3736 TranslatedNames->Names = NULL;
3737 *ReferencedDomains = NULL;
3738
3739 /* FIXME: Fail, if there is an invalid SID in the SidEnumBuffer */
3740
3741 Status = LsapLookupSids(SidEnumBuffer,
3742 ReferencedDomains,
3743 TranslatedNames,
3744 LookupLevel,
3745 MappedCount,
3746 LookupOptions,
3747 ClientRevision);
3748
3749 return Status;
3750 }
3751
3752
3753 /* Function 58 */
3754 NTSTATUS WINAPI LsarLookupNames2(
3755 LSAPR_HANDLE PolicyHandle,
3756 DWORD Count,
3757 PRPC_UNICODE_STRING Names,
3758 PLSAPR_REFERENCED_DOMAIN_LIST *ReferencedDomains,
3759 PLSAPR_TRANSLATED_SIDS_EX TranslatedSids,
3760 LSAP_LOOKUP_LEVEL LookupLevel,
3761 DWORD *MappedCount,
3762 DWORD LookupOptions,
3763 DWORD ClientRevision)
3764 {
3765 LSAPR_TRANSLATED_SIDS_EX2 TranslatedSidsEx2;
3766 ULONG i;
3767 NTSTATUS Status;
3768
3769 TRACE("LsarLookupNames2(%p %lu %p %p %p %d %p %lu %lu)\n",
3770 PolicyHandle, Count, Names, ReferencedDomains, TranslatedSids,
3771 LookupLevel, MappedCount, LookupOptions, ClientRevision);
3772
3773 TranslatedSids->Entries = 0;
3774 TranslatedSids->Sids = NULL;
3775 *ReferencedDomains = NULL;
3776
3777 if (Count == 0)
3778 return STATUS_NONE_MAPPED;
3779
3780 TranslatedSidsEx2.Entries = 0;
3781 TranslatedSidsEx2.Sids = NULL;
3782
3783 Status = LsapLookupNames(Count,
3784 Names,
3785 ReferencedDomains,
3786 &TranslatedSidsEx2,
3787 LookupLevel,
3788 MappedCount,
3789 LookupOptions,
3790 ClientRevision);
3791 if (!NT_SUCCESS(Status))
3792 return Status;
3793
3794 TranslatedSids->Entries = TranslatedSidsEx2.Entries;
3795 TranslatedSids->Sids = MIDL_user_allocate(TranslatedSids->Entries * sizeof(LSA_TRANSLATED_SID));
3796 if (TranslatedSids->Sids == NULL)
3797 {
3798 MIDL_user_free(TranslatedSidsEx2.Sids);
3799 MIDL_user_free(*ReferencedDomains);
3800 *ReferencedDomains = NULL;
3801 return STATUS_INSUFFICIENT_RESOURCES;
3802 }
3803
3804 for (i = 0; i < TranslatedSidsEx2.Entries; i++)
3805 {
3806 TranslatedSids->Sids[i].Use = TranslatedSidsEx2.Sids[i].Use;
3807 TranslatedSids->Sids[i].RelativeId = LsapGetRelativeIdFromSid(TranslatedSidsEx2.Sids[i].Sid);
3808 TranslatedSids->Sids[i].DomainIndex = TranslatedSidsEx2.Sids[i].DomainIndex;
3809 TranslatedSids->Sids[i].Flags = TranslatedSidsEx2.Sids[i].Flags;
3810 }
3811
3812 MIDL_user_free(TranslatedSidsEx2.Sids);
3813
3814 return STATUS_SUCCESS;
3815 }
3816
3817
3818 /* Function 59 */
3819 NTSTATUS WINAPI LsarCreateTrustedDomainEx2(
3820 LSAPR_HANDLE PolicyHandle,
3821 PLSAPR_TRUSTED_DOMAIN_INFORMATION_EX TrustedDomainInformation,
3822 PLSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION_INTERNAL AuthentificationInformation,
3823 ACCESS_MASK DesiredAccess,
3824 LSAPR_HANDLE *TrustedDomainHandle)
3825 {
3826 /* FIXME: We are not running an AD yet */
3827 return STATUS_DIRECTORY_SERVICE_REQUIRED;
3828 }
3829
3830
3831 /* Function 60 */
3832 NTSTATUS WINAPI CredrWrite(
3833 handle_t hBinding)
3834 {
3835 UNIMPLEMENTED;
3836 return STATUS_NOT_IMPLEMENTED;
3837 }
3838
3839
3840 /* Function 61 */
3841 NTSTATUS WINAPI CredrRead(
3842 handle_t hBinding)
3843 {
3844 UNIMPLEMENTED;
3845 return STATUS_NOT_IMPLEMENTED;
3846 }
3847
3848
3849 /* Function 62 */
3850 NTSTATUS WINAPI CredrEnumerate(
3851 handle_t hBinding)
3852 {
3853 UNIMPLEMENTED;
3854 return STATUS_NOT_IMPLEMENTED;
3855 }
3856
3857
3858 /* Function 63 */
3859 NTSTATUS WINAPI CredrWriteDomainCredentials(
3860 handle_t hBinding)
3861 {
3862 UNIMPLEMENTED;
3863 return STATUS_NOT_IMPLEMENTED;
3864 }
3865
3866
3867 /* Function 64 */
3868 NTSTATUS WINAPI CredrReadDomainCredentials(
3869 handle_t hBinding)
3870 {
3871 UNIMPLEMENTED;
3872 return STATUS_NOT_IMPLEMENTED;
3873 }
3874
3875
3876 /* Function 65 */
3877 NTSTATUS WINAPI CredrDelete(
3878 handle_t hBinding)
3879 {
3880 UNIMPLEMENTED;
3881 return STATUS_NOT_IMPLEMENTED;
3882 }
3883
3884
3885 /* Function 66 */
3886 NTSTATUS WINAPI CredrGetTargetInfo(
3887 handle_t hBinding)
3888 {
3889 UNIMPLEMENTED;
3890 return STATUS_NOT_IMPLEMENTED;
3891 }
3892
3893
3894 /* Function 67 */
3895 NTSTATUS WINAPI CredrProfileLoaded(
3896 handle_t hBinding)
3897 {
3898 UNIMPLEMENTED;
3899 return STATUS_NOT_IMPLEMENTED;
3900 }
3901
3902
3903 /* Function 68 */
3904 NTSTATUS WINAPI LsarLookupNames3(
3905 LSAPR_HANDLE PolicyHandle,
3906 DWORD Count,
3907 PRPC_UNICODE_STRING Names,
3908 PLSAPR_REFERENCED_DOMAIN_LIST *ReferencedDomains,
3909 PLSAPR_TRANSLATED_SIDS_EX2 TranslatedSids,
3910 LSAP_LOOKUP_LEVEL LookupLevel,
3911 DWORD *MappedCount,
3912 DWORD LookupOptions,
3913 DWORD ClientRevision)
3914 {
3915 NTSTATUS Status;
3916
3917 TRACE("LsarLookupNames3(%p %lu %p %p %p %d %p %lu %lu)\n",
3918 PolicyHandle, Count, Names, ReferencedDomains, TranslatedSids,
3919 LookupLevel, MappedCount, LookupOptions, ClientRevision);
3920
3921 TranslatedSids->Entries = 0;
3922 TranslatedSids->Sids = NULL;
3923 *ReferencedDomains = NULL;
3924
3925 if (Count == 0)
3926 return STATUS_NONE_MAPPED;
3927
3928 Status = LsapLookupNames(Count,
3929 Names,
3930 ReferencedDomains,
3931 TranslatedSids,
3932 LookupLevel,
3933 MappedCount,
3934 LookupOptions,
3935 ClientRevision);
3936
3937 return Status;
3938 }
3939
3940
3941 /* Function 69 */
3942 NTSTATUS WINAPI CredrGetSessionTypes(
3943 handle_t hBinding)
3944 {
3945 UNIMPLEMENTED;
3946 return STATUS_NOT_IMPLEMENTED;
3947 }
3948
3949
3950 /* Function 70 */
3951 NTSTATUS WINAPI LsarRegisterAuditEvent(
3952 handle_t hBinding)
3953 {
3954 UNIMPLEMENTED;
3955 return STATUS_NOT_IMPLEMENTED;
3956 }
3957
3958
3959 /* Function 71 */
3960 NTSTATUS WINAPI LsarGenAuditEvent(
3961 handle_t hBinding)
3962 {
3963 UNIMPLEMENTED;
3964 return STATUS_NOT_IMPLEMENTED;
3965 }
3966
3967
3968 /* Function 72 */
3969 NTSTATUS WINAPI LsarUnregisterAuditEvent(
3970 handle_t hBinding)
3971 {
3972 UNIMPLEMENTED;
3973 return STATUS_NOT_IMPLEMENTED;
3974 }
3975
3976
3977 /* Function 73 */
3978 NTSTATUS WINAPI LsarQueryForestTrustInformation(
3979 LSAPR_HANDLE PolicyHandle,
3980 PLSA_UNICODE_STRING TrustedDomainName,
3981 LSA_FOREST_TRUST_RECORD_TYPE HighestRecordType,
3982 PLSA_FOREST_TRUST_INFORMATION *ForestTrustInfo)
3983 {
3984 UNIMPLEMENTED;
3985 return STATUS_NOT_IMPLEMENTED;
3986 }
3987
3988
3989 /* Function 74 */
3990 NTSTATUS WINAPI LsarSetForestTrustInformation(
3991 LSAPR_HANDLE PolicyHandle,
3992 PLSA_UNICODE_STRING TrustedDomainName,
3993 LSA_FOREST_TRUST_RECORD_TYPE HighestRecordType,
3994 PLSA_FOREST_TRUST_INFORMATION ForestTrustInfo,
3995 BOOLEAN CheckOnly,
3996 PLSA_FOREST_TRUST_COLLISION_INFORMATION *CollisionInfo)
3997 {
3998 UNIMPLEMENTED;
3999 return STATUS_NOT_IMPLEMENTED;
4000 }
4001
4002
4003 /* Function 75 */
4004 NTSTATUS WINAPI CredrRename(
4005 handle_t hBinding)
4006 {
4007 UNIMPLEMENTED;
4008 return STATUS_NOT_IMPLEMENTED;
4009 }
4010
4011
4012 /* Function 76 */
4013 NTSTATUS WINAPI LsarLookupSids3(
4014 LSAPR_HANDLE PolicyHandle,
4015 PLSAPR_SID_ENUM_BUFFER SidEnumBuffer,
4016 PLSAPR_REFERENCED_DOMAIN_LIST *ReferencedDomains,
4017 PLSAPR_TRANSLATED_NAMES_EX TranslatedNames,
4018 LSAP_LOOKUP_LEVEL LookupLevel,
4019 DWORD *MappedCount,
4020 DWORD LookupOptions,
4021 DWORD ClientRevision)
4022 {
4023 NTSTATUS Status;
4024
4025 TRACE("LsarLookupSids3(%p %p %p %p %d %p %lu %lu)\n",
4026 PolicyHandle, SidEnumBuffer, ReferencedDomains, TranslatedNames,
4027 LookupLevel, MappedCount, LookupOptions, ClientRevision);
4028
4029 TranslatedNames->Entries = SidEnumBuffer->Entries;
4030 TranslatedNames->Names = NULL;
4031 *ReferencedDomains = NULL;
4032
4033 /* FIXME: Fail, if there is an invalid SID in the SidEnumBuffer */
4034
4035 Status = LsapLookupSids(SidEnumBuffer,
4036 ReferencedDomains,
4037 TranslatedNames,
4038 LookupLevel,
4039 MappedCount,
4040 LookupOptions,
4041 ClientRevision);
4042
4043 return Status;
4044 }
4045
4046
4047 /* Function 77 */
4048 NTSTATUS WINAPI LsarLookupNames4(
4049 handle_t RpcHandle,
4050 DWORD Count,
4051 PRPC_UNICODE_STRING Names,
4052 PLSAPR_REFERENCED_DOMAIN_LIST *ReferencedDomains,
4053 PLSAPR_TRANSLATED_SIDS_EX2 TranslatedSids,
4054 LSAP_LOOKUP_LEVEL LookupLevel,
4055 DWORD *MappedCount,
4056 DWORD LookupOptions,
4057 DWORD ClientRevision)
4058 {
4059 NTSTATUS Status;
4060
4061 TRACE("LsarLookupNames4(%p %lu %p %p %p %d %p %lu %lu)\n",
4062 RpcHandle, Count, Names, ReferencedDomains, TranslatedSids,
4063 LookupLevel, MappedCount, LookupOptions, ClientRevision);
4064
4065 TranslatedSids->Entries = 0;
4066 TranslatedSids->Sids = NULL;
4067 *ReferencedDomains = NULL;
4068
4069 if (Count == 0)
4070 return STATUS_NONE_MAPPED;
4071
4072 Status = LsapLookupNames(Count,
4073 Names,
4074 ReferencedDomains,
4075 TranslatedSids,
4076 LookupLevel,
4077 MappedCount,
4078 LookupOptions,
4079 ClientRevision);
4080
4081 return Status;
4082 }
4083
4084
4085 /* Function 78 */
4086 NTSTATUS WINAPI LsarOpenPolicySce(
4087 LPWSTR SystemName,
4088 PLSAPR_OBJECT_ATTRIBUTES ObjectAttributes,
4089 ACCESS_MASK DesiredAccess,
4090 LSAPR_HANDLE *PolicyHandle)
4091 {
4092 UNIMPLEMENTED;
4093 return STATUS_NOT_IMPLEMENTED;
4094 }
4095
4096
4097 /* Function 79 */
4098 NTSTATUS WINAPI LsarAdtRegisterSecurityEventSource(
4099 handle_t hBinding)
4100 {
4101 UNIMPLEMENTED;
4102 return STATUS_NOT_IMPLEMENTED;
4103 }
4104
4105
4106 /* Function 80 */
4107 NTSTATUS WINAPI LsarAdtUnregisterSecurityEventSource(
4108 handle_t hBinding)
4109 {
4110 UNIMPLEMENTED;
4111 return STATUS_NOT_IMPLEMENTED;
4112 }
4113
4114
4115 /* Function 81 */
4116 NTSTATUS WINAPI LsarAdtReportSecurityEvent(
4117 handle_t hBinding)
4118 {
4119 UNIMPLEMENTED;
4120 return STATUS_NOT_IMPLEMENTED;
4121 }
4122
4123 /* EOF */
A free Windows-compatible Operating System