GUID DnsDomainGuid;
PLSA_DB_OBJECT PolicyObject = NULL;
PSID AccountDomainSid = NULL;
+ PSECURITY_DESCRIPTOR PolicySd = NULL;
+ ULONG PolicySdSize = 0;
ULONG AuditEventsCount;
ULONG AuditEventsSize;
ULONG i;
AuditEventsCount = AuditCategoryAccountLogon - AuditCategorySystem + 1;
AuditEventsSize = sizeof(LSAP_POLICY_AUDIT_EVENTS_DATA) + AuditEventsCount * sizeof(DWORD);
AuditEventsInfo = RtlAllocateHeap(RtlGetProcessHeap(),
- 0,
+ HEAP_ZERO_MEMORY,
AuditEventsSize);
if (AuditEventsInfo == NULL)
return STATUS_INSUFFICIENT_RESOURCES;
if (!NT_SUCCESS(Status))
goto done;
+ Status = LsapCreatePolicySd(&PolicySd,
+ &PolicySdSize);
+ if (!NT_SUCCESS(Status))
+ goto done;
+
/* Open the 'Policy' object */
Status = LsapOpenDbObject(NULL,
NULL,
L"Policy",
LsaDbPolicyObject,
0,
+ TRUE,
&PolicyObject);
if (!NT_SUCCESS(Status))
goto done;
&DnsDomainGuid,
sizeof(GUID));
+ /* Set the Sceurity Descriptor */
+ LsapSetObjectAttribute(PolicyObject,
+ L"SecDesc",
+ PolicySd,
+ PolicySdSize);
+
done:
if (AuditEventsInfo != NULL)
RtlFreeHeap(RtlGetProcessHeap(), 0, AuditEventsInfo);
if (AccountDomainSid != NULL)
RtlFreeSid(AccountDomainSid);
+ if (PolicySd != NULL)
+ RtlFreeHeap(RtlGetProcessHeap(), 0, PolicySd);
+
return Status;
}
L"Policy",
LsaDbPolicyObject,
0,
+ TRUE,
&PolicyObject);
if (!NT_SUCCESS(Status))
goto done;
IN LPWSTR ObjectName,
IN LSA_DB_OBJECT_TYPE ObjectType,
IN ACCESS_MASK DesiredAccess,
+ IN BOOLEAN Trusted,
OUT PLSA_DB_OBJECT *DbObject)
{
PLSA_DB_OBJECT NewObject;
NewObject->Access = DesiredAccess;
NewObject->KeyHandle = ObjectKeyHandle;
NewObject->ParentObject = ParentObject;
+ NewObject->Trusted = Trusted;
if (ParentObject != NULL)
ParentObject->RefCount++;
IN LPWSTR ObjectName,
IN LSA_DB_OBJECT_TYPE ObjectType,
IN ACCESS_MASK DesiredAccess,
+ IN BOOLEAN Trusted,
OUT PLSA_DB_OBJECT *DbObject)
{
PLSA_DB_OBJECT NewObject;
NewObject->Access = DesiredAccess;
NewObject->KeyHandle = ObjectKeyHandle;
NewObject->ParentObject = ParentObject;
+ NewObject->Trusted = Trusted;
if (ParentObject != NULL)
ParentObject->RefCount++;
}
+NTSTATUS
+LsapDeleteDbObject(IN PLSA_DB_OBJECT DbObject)
+{
+ PLSA_DB_OBJECT ParentObject = NULL;
+ WCHAR KeyName[64];
+ ULONG Index;
+ NTSTATUS Status = STATUS_SUCCESS;
+
+ DbObject->RefCount--;
+
+ if (DbObject->RefCount > 0)
+ return STATUS_SUCCESS;
+
+ if (DbObject->KeyHandle != NULL)
+ {
+ Index = 0;
+
+ while (TRUE)
+ {
+ Status = LsapRegEnumerateSubKey(DbObject->KeyHandle,
+ Index,
+ 64 * sizeof(WCHAR),
+ KeyName);
+ if (!NT_SUCCESS(Status))
+ break;
+
+ TRACE("Index: %lu\n", Index);
+ TRACE("Key name: %S\n", KeyName);
+
+ Status = LsapRegDeleteSubKey(DbObject->KeyHandle,
+ KeyName);
+ if (!NT_SUCCESS(Status))
+ break;
+ }
+
+ if (Status == STATUS_NO_MORE_ENTRIES)
+ Status = STATUS_SUCCESS;
+
+ LsapRegDeleteKey(DbObject->KeyHandle);
+
+ NtClose(DbObject->KeyHandle);
+ }
+
+ if (DbObject->ParentObject != NULL)
+ ParentObject = DbObject->ParentObject;
+
+ RtlFreeHeap(RtlGetProcessHeap(), 0, DbObject);
+
+ if (ParentObject != NULL)
+ {
+ ParentObject->RefCount--;
+
+ if (ParentObject->RefCount == 0)
+ Status = LsapCloseDbObject(ParentObject);
+ }
+
+ return Status;
+}
+
+
NTSTATUS
LsapSetObjectAttribute(PLSA_DB_OBJECT DbObject,
LPWSTR AttributeName,
return Status;
}
+
+NTSTATUS
+LsapDeleteObjectAttribute(PLSA_DB_OBJECT DbObject,
+ LPWSTR AttributeName)
+{
+ return LsapRegDeleteSubKey(DbObject->KeyHandle,
+ AttributeName);
+}
+
/* EOF */