NTSTATUS WINAPI LsarDelete(
LSAPR_HANDLE ObjectHandle)
{
- /* Deprecated */
- return STATUS_NOT_SUPPORTED;
+ return LsarDeleteObject(&ObjectHandle);
}
L"Policy",
LsaDbPolicyObject,
DesiredAccess,
+ FALSE,
&PolicyObject);
RtlLeaveCriticalSection(&PolicyHandleTableLock);
SidString,
LsaDbAccountObject,
DesiredAccess,
+ PolicyObject->Trusted,
&AccountObject);
if (!NT_SUCCESS(Status))
{
SecretName->Buffer,
LsaDbSecretObject,
DesiredAccess,
+ PolicyObject->Trusted,
&SecretObject);
if (!NT_SUCCESS(Status))
{
SidString,
LsaDbAccountObject,
DesiredAccess,
+ PolicyObject->Trusted,
&AccountObject);
if (!NT_SUCCESS(Status))
{
return Status;
}
+ /* Get the size of the Privilgs attribute */
Status = LsapGetObjectAttribute(AccountObject,
L"Privilgs",
NULL,
}
}
- /* Set the new priivliege set */
+ /* Set the new privilege set */
Status = LsapSetObjectAttribute(AccountObject,
L"Privilgs",
NewPrivileges,
BOOL AllPrivileges,
PLSAPR_PRIVILEGE_SET Privileges)
{
- UNIMPLEMENTED;
- return STATUS_NOT_IMPLEMENTED;
+ PLSA_DB_OBJECT AccountObject;
+ PPRIVILEGE_SET CurrentPrivileges = NULL;
+ PPRIVILEGE_SET NewPrivileges = NULL;
+ ULONG PrivilegeSetSize = 0;
+ ULONG PrivilegeCount;
+ ULONG i, j, k;
+ BOOL bFound;
+ NTSTATUS Status;
+
+ TRACE("(%p %u %p)\n", AccountHandle, AllPrivileges, Privileges);
+
+ /* */
+ if ((AllPrivileges == FALSE && Privileges == NULL) ||
+ (AllPrivileges == TRUE && Privileges != NULL))
+ return STATUS_INVALID_PARAMETER;
+
+ /* Validate the AccountHandle */
+ Status = LsapValidateDbObject(AccountHandle,
+ LsaDbAccountObject,
+ ACCOUNT_ADJUST_PRIVILEGES,
+ &AccountObject);
+ if (!NT_SUCCESS(Status))
+ {
+ ERR("LsapValidateDbObject returned 0x%08lx\n", Status);
+ return Status;
+ }
+
+ if (AllPrivileges == TRUE)
+ {
+ /* Delete the Privilgs attribute */
+ Status = LsapDeleteObjectAttribute(AccountObject,
+ L"Privilgs");
+ if (Status == STATUS_OBJECT_NAME_NOT_FOUND)
+ Status = STATUS_SUCCESS;
+ }
+ else
+ {
+ /* Get the size of the Privilgs attribute */
+ Status = LsapGetObjectAttribute(AccountObject,
+ L"Privilgs",
+ NULL,
+ &PrivilegeSetSize);
+ if (!NT_SUCCESS(Status))
+ goto done;
+
+ /* Succeed, if there is no privilege set to remove privileges from */
+ if (PrivilegeSetSize == 0)
+ {
+ Status = STATUS_SUCCESS;
+ goto done;
+ }
+
+ /* Allocate memory for the stored privilege set */
+ CurrentPrivileges = MIDL_user_allocate(PrivilegeSetSize);
+ if (CurrentPrivileges == NULL)
+ return STATUS_NO_MEMORY;
+
+ /* Get the current privilege set */
+ Status = LsapGetObjectAttribute(AccountObject,
+ L"Privilgs",
+ CurrentPrivileges,
+ &PrivilegeSetSize);
+ if (!NT_SUCCESS(Status))
+ {
+ TRACE("LsapGetObjectAttribute() failed (Status 0x%08lx)\n", Status);
+ goto done;
+ }
+
+ PrivilegeCount = CurrentPrivileges->PrivilegeCount;
+ TRACE("Current privilege count: %lu\n", PrivilegeCount);
+
+ /* Calculate the number of privileges in the new privilege set */
+ for (i = 0; i < CurrentPrivileges->PrivilegeCount; i++)
+ {
+ for (j = 0; j < Privileges->PrivilegeCount; j++)
+ {
+ if (RtlEqualLuid(&(CurrentPrivileges->Privilege[i].Luid),
+ &(Privileges->Privilege[j].Luid)))
+ {
+ if (PrivilegeCount > 0)
+ PrivilegeCount--;
+ }
+ }
+ }
+ TRACE("New privilege count: %lu\n", PrivilegeCount);
+
+ if (PrivilegeCount == 0)
+ {
+ /* Delete the Privilgs attribute */
+ Status = LsapDeleteObjectAttribute(AccountObject,
+ L"Privilgs");
+ if (Status == STATUS_OBJECT_NAME_NOT_FOUND)
+ Status = STATUS_SUCCESS;
+ }
+ else
+ {
+ /* Calculate the size of the new privilege set and allocate it */
+ PrivilegeSetSize = sizeof(PRIVILEGE_SET) +
+ (PrivilegeCount - 1) * sizeof(LUID_AND_ATTRIBUTES);
+ NewPrivileges = MIDL_user_allocate(PrivilegeSetSize);
+ if (NewPrivileges == NULL)
+ {
+ Status = STATUS_NO_MEMORY;
+ goto done;
+ }
+
+ /* Initialize the new privilege set */
+ NewPrivileges->PrivilegeCount = PrivilegeCount;
+ NewPrivileges->Control = 0;
+
+ /* Copy the privileges which are not to be removed */
+ for (i = 0, k = 0; i < CurrentPrivileges->PrivilegeCount; i++)
+ {
+ bFound = FALSE;
+ for (j = 0; j < Privileges->PrivilegeCount; j++)
+ {
+ if (RtlEqualLuid(&(CurrentPrivileges->Privilege[i].Luid),
+ &(Privileges->Privilege[j].Luid)))
+ bFound = TRUE;
+ }
+
+ if (bFound == FALSE)
+ {
+ /* Copy the privilege */
+ RtlCopyLuidAndAttributesArray(1,
+ &(CurrentPrivileges->Privilege[i]),
+ &(NewPrivileges->Privilege[k]));
+ k++;
+ }
+ }
+
+ /* Set the new privilege set */
+ Status = LsapSetObjectAttribute(AccountObject,
+ L"Privilgs",
+ NewPrivileges,
+ PrivilegeSetSize);
+ }
+ }
+
+done:
+ if (CurrentPrivileges != NULL)
+ MIDL_user_free(CurrentPrivileges);
+
+ if (NewPrivileges != NULL)
+ MIDL_user_free(NewPrivileges);
+
+ return Status;
}
LSAPR_HANDLE AccountHandle,
PQUOTA_LIMITS QuotaLimits)
{
- UNIMPLEMENTED;
- return STATUS_NOT_IMPLEMENTED;
+ PLSA_DB_OBJECT AccountObject;
+ ULONG Size;
+ NTSTATUS Status;
+
+ TRACE("(%p %p)\n", AccountHandle, QuotaLimits);
+
+ /* Validate the account handle */
+ Status = LsapValidateDbObject(AccountHandle,
+ LsaDbAccountObject,
+ ACCOUNT_VIEW,
+ &AccountObject);
+ if (!NT_SUCCESS(Status))
+ {
+ ERR("Invalid handle (Status %lx)\n", Status);
+ return Status;
+ }
+
+ /* Get the quota attribute */
+ Status = LsapGetObjectAttribute(AccountObject,
+ L"DefQuota",
+ QuotaLimits,
+ &Size);
+
+ return Status;
}
LSAPR_HANDLE AccountHandle,
PQUOTA_LIMITS QuotaLimits)
{
- UNIMPLEMENTED;
- return STATUS_NOT_IMPLEMENTED;
+ PLSA_DB_OBJECT AccountObject;
+ QUOTA_LIMITS InternalQuotaLimits;
+ ULONG Size;
+ NTSTATUS Status;
+
+ TRACE("(%p %p)\n", AccountHandle, QuotaLimits);
+
+ /* Validate the account handle */
+ Status = LsapValidateDbObject(AccountHandle,
+ LsaDbAccountObject,
+ ACCOUNT_ADJUST_QUOTAS,
+ &AccountObject);
+ if (!NT_SUCCESS(Status))
+ {
+ ERR("Invalid handle (Status %lx)\n", Status);
+ return Status;
+ }
+
+ /* Get the quota limits attribute */
+ Size = sizeof(QUOTA_LIMITS);
+ Status = LsapGetObjectAttribute(AccountObject,
+ L"DefQuota",
+ &InternalQuotaLimits,
+ &Size);
+ if (!NT_SUCCESS(Status))
+ {
+ TRACE("LsapGetObjectAttribute() failed (Status 0x%08lx)\n", Status);
+ return Status;
+ }
+
+ /* Update the quota limits */
+ if (QuotaLimits->PagedPoolLimit != 0)
+ InternalQuotaLimits.PagedPoolLimit = QuotaLimits->PagedPoolLimit;
+
+ if (QuotaLimits->NonPagedPoolLimit != 0)
+ InternalQuotaLimits.NonPagedPoolLimit = QuotaLimits->NonPagedPoolLimit;
+
+ if (QuotaLimits->MinimumWorkingSetSize != 0)
+ InternalQuotaLimits.MinimumWorkingSetSize = QuotaLimits->MinimumWorkingSetSize;
+
+ if (QuotaLimits->MaximumWorkingSetSize != 0)
+ InternalQuotaLimits.MaximumWorkingSetSize = QuotaLimits->MaximumWorkingSetSize;
+
+ if (QuotaLimits->PagefileLimit != 0)
+ InternalQuotaLimits.PagefileLimit = QuotaLimits->PagefileLimit;
+
+ /* Set the quota limits attribute */
+ Status = LsapSetObjectAttribute(AccountObject,
+ L"DefQuota",
+ &InternalQuotaLimits,
+ sizeof(QUOTA_LIMITS));
+
+ return Status;
}
SecretName->Buffer,
LsaDbSecretObject,
DesiredAccess,
+ PolicyObject->Trusted,
&SecretObject);
if (!NT_SUCCESS(Status))
{
TRACE("Privilege: %wZ\n", Name);
- Status = LsarpLookupPrivilegeValue((PUNICODE_STRING)Name,
+ Status = LsarpLookupPrivilegeValue(Name,
Value);
return Status;
return Status;
}
- Status = LsarpLookupPrivilegeName(Value, (PUNICODE_STRING*)Name);
+ Status = LsarpLookupPrivilegeName(Value,
+ Name);
return Status;
}
NTSTATUS WINAPI LsarDeleteObject(
LSAPR_HANDLE *ObjectHandle)
{
- UNIMPLEMENTED;
- return STATUS_NOT_IMPLEMENTED;
+ PLSA_DB_OBJECT DbObject;
+ NTSTATUS Status;
+
+ TRACE("(%p)\n", ObjectHandle);
+
+ if (ObjectHandle == NULL)
+ return STATUS_INVALID_PARAMETER;
+
+ /* Validate the ObjectHandle */
+ Status = LsapValidateDbObject(*ObjectHandle,
+ LsaDbIgnoreObject,
+ DELETE,
+ &DbObject);
+ if (!NT_SUCCESS(Status))
+ {
+ ERR("LsapValidateDbObject returned 0x%08lx\n", Status);
+ return Status;
+ }
+
+ /* You cannot delete the policy object */
+ if (DbObject->ObjectType == LsaDbPolicyObject)
+ return STATUS_INVALID_PARAMETER;
+
+ /* Delete the database object */
+ Status = LsapDeleteDbObject(DbObject);
+ if (!NT_SUCCESS(Status))
+ {
+ ERR("LsapDeleteDbObject returned 0x%08lx\n", Status);
+ return Status;
+ }
+
+ /* Invalidate the object handle */
+ *ObjectHandle = NULL;
+
+ return STATUS_SUCCESS;
}
PLSAPR_PRIVILEGE_SET PrivilegeSet = NULL;
PRPC_UNICODE_STRING RightsBuffer = NULL;
PRPC_UNICODE_STRING PrivilegeString;
+ ACCESS_MASK SystemAccess;
ULONG RightsCount;
ULONG RightsIndex;
- ULONG PrivIndex;
+ ULONG i;
NTSTATUS Status;
TRACE("LsarEnumerateAccountRights(%p %p %p)\n",
goto done;
}
- /* FIXME: Get account rights */
-
+ /* Get account rights */
+ Status = LsarGetSystemAccessAccount(AccountHandle,
+ &SystemAccess);
+ if (!NT_SUCCESS(Status))
+ {
+ ERR("LsarGetSystemAccessAccount returned 0x%08lx\n", Status);
+ goto done;
+ }
RightsCount = PrivilegeSet->PrivilegeCount;
- /* FIXME: Count account rights */
-
+ /* Count account rights */
+ for (i = 0; i < sizeof(ACCESS_MASK) * 8; i++)
+ {
+ if (SystemAccess & (1 << i))
+ RightsCount++;
+ }
/* We are done if there are no rights to be enumerated */
if (RightsCount == 0)
/* Copy the privileges into the buffer */
RightsIndex = 0;
- for (PrivIndex = 0; PrivIndex < PrivilegeSet->PrivilegeCount; PrivIndex++)
+ for (i = 0; i < PrivilegeSet->PrivilegeCount; i++)
{
PrivilegeString = NULL;
Status = LsarLookupPrivilegeName(PolicyHandle,
- (PLUID)&PrivilegeSet->Privilege[PrivIndex].Luid,
- (PRPC_UNICODE_STRING *)&PrivilegeString);
+ (PLUID)&PrivilegeSet->Privilege[i].Luid,
+ &PrivilegeString);
if (!NT_SUCCESS(Status))
goto done;
- RightsBuffer[RightsIndex].Length = PrivilegeString->Length;
- RightsBuffer[RightsIndex].MaximumLength = PrivilegeString->MaximumLength;
- RightsBuffer[RightsIndex].Buffer = PrivilegeString->Buffer;
+ RightsBuffer[i].Length = PrivilegeString->Length;
+ RightsBuffer[i].MaximumLength = PrivilegeString->MaximumLength;
+ RightsBuffer[i].Buffer = PrivilegeString->Buffer;
MIDL_user_free(PrivilegeString);
RightsIndex++;
}
- /* FIXME: Copy account rights into the buffer */
+ /* Copy account rights into the buffer */
+ for (i = 0; i < sizeof(ACCESS_MASK) * 8; i++)
+ {
+ if (SystemAccess & (1 << i))
+ {
+ Status = LsapLookupAccountRightName(1 << i,
+ &PrivilegeString);
+ if (!NT_SUCCESS(Status))
+ goto done;
+
+ RightsBuffer[i].Length = PrivilegeString->Length;
+ RightsBuffer[i].MaximumLength = PrivilegeString->MaximumLength;
+ RightsBuffer[i].Buffer = PrivilegeString->Buffer;
+ MIDL_user_free(PrivilegeString);
+ RightsIndex++;
+ }
+ }
UserRights->Entries = RightsCount;
UserRights->UserRights = (PRPC_UNICODE_STRING)RightsBuffer;
ACCESS_MASK DesiredAccess,
LSAPR_HANDLE *PolicyHandle)
{
- UNIMPLEMENTED;
- return STATUS_NOT_IMPLEMENTED;
+ return LsarOpenPolicy(SystemName,
+ ObjectAttributes,
+ DesiredAccess,
+ PolicyHandle);
}
return STATUS_NOT_IMPLEMENTED;
}
-
-/* Function 82 */
-NTSTATUS WINAPI CredrFindBestCredential(
- handle_t hBinding)
-{
- UNIMPLEMENTED;
- return STATUS_NOT_IMPLEMENTED;
-}
-
-
-/* Function 83 */
-NTSTATUS WINAPI LsarSetAuditPolicy(
- handle_t hBinding)
-{
- UNIMPLEMENTED;
- return STATUS_NOT_IMPLEMENTED;
-}
-
-
-/* Function 84 */
-NTSTATUS WINAPI LsarQueryAuditPolicy(
- handle_t hBinding)
-{
- UNIMPLEMENTED;
- return STATUS_NOT_IMPLEMENTED;
-}
-
-
-/* Function 85 */
-NTSTATUS WINAPI LsarEnumerateAuditPolicy(
- handle_t hBinding)
-{
- UNIMPLEMENTED;
- return STATUS_NOT_IMPLEMENTED;
-}
-
-
-/* Function 86 */
-NTSTATUS WINAPI LsarEnumerateAuditCategories(
- handle_t hBinding)
-{
- UNIMPLEMENTED;
- return STATUS_NOT_IMPLEMENTED;
-}
-
-
-/* Function 87 */
-NTSTATUS WINAPI LsarEnumerateAuditSubCategories(
- handle_t hBinding)
-{
- UNIMPLEMENTED;
- return STATUS_NOT_IMPLEMENTED;
-}
-
-
-/* Function 88 */
-NTSTATUS WINAPI LsarLookupAuditCategoryName(
- handle_t hBinding)
-{
- UNIMPLEMENTED;
- return STATUS_NOT_IMPLEMENTED;
-}
-
-
-/* Function 89 */
-NTSTATUS WINAPI LsarLookupAuditSubCategoryName(
- handle_t hBinding)
-{
- UNIMPLEMENTED;
- return STATUS_NOT_IMPLEMENTED;
-}
-
-
-/* Function 90 */
-NTSTATUS WINAPI LsarSetAuditSecurity(
- handle_t hBinding)
-{
- UNIMPLEMENTED;
- return STATUS_NOT_IMPLEMENTED;
-}
-
-
-/* Function 91 */
-NTSTATUS WINAPI LsarQueryAuditSecurity(
- handle_t hBinding)
-{
- UNIMPLEMENTED;
- return STATUS_NOT_IMPLEMENTED;
-}
-
-
-/* Function 92 */
-NTSTATUS WINAPI CredReadByTokenHandle(
- handle_t hBinding)
-{
- UNIMPLEMENTED;
- return STATUS_NOT_IMPLEMENTED;
-}
-
-
-/* Function 93 */
-NTSTATUS WINAPI CredrRestoreCredentials(
- handle_t hBinding)
-{
- UNIMPLEMENTED;
- return STATUS_NOT_IMPLEMENTED;
-}
-
-
-/* Function 94 */
-NTSTATUS WINAPI CredrBackupCredentials(
- handle_t hBinding)
-{
- UNIMPLEMENTED;
- return STATUS_NOT_IMPLEMENTED;
-}
-
/* EOF */