* PROGRAMMERS: Eric Kohl
*/
-/* INCLUDES ******************************************************************/
-
#include "samsrv.h"
-WINE_DEFAULT_DEBUG_CHANNEL(samsrv);
-
/* GLOBALS *******************************************************************/
static SID_IDENTIFIER_AUTHORITY NtSidAuthority = {SECURITY_NT_AUTHORITY};
TRACE("SamrConnect(%p %p %lx)\n",
ServerName, ServerHandle, DesiredAccess);
+ RtlAcquireResourceShared(&SampResource,
+ TRUE);
+
/* Map generic access rights */
RtlMapGenericMask(&DesiredAccess,
&ServerMapping);
if (NT_SUCCESS(Status))
*ServerHandle = (SAMPR_HANDLE)ServerObject;
+ RtlReleaseResource(&SampResource);
+
TRACE("SamrConnect done (Status 0x%08lx)\n", Status);
return Status;
TRACE("SamrCloseHandle(%p)\n", SamHandle);
+ RtlAcquireResourceShared(&SampResource,
+ TRUE);
+
Status = SampValidateDbObject(*SamHandle,
SamDbIgnoreObject,
0,
*SamHandle = NULL;
}
+ RtlReleaseResource(&SampResource);
+
TRACE("SamrCloseHandle done (Status 0x%08lx)\n", Status);
return Status;
IN SECURITY_INFORMATION SecurityInformation,
OUT PSAMPR_SR_SECURITY_DESCRIPTOR *SecurityDescriptor)
{
- UNIMPLEMENTED;
- return STATUS_NOT_IMPLEMENTED;
+ PSAM_DB_OBJECT SamObject;
+ PSAMPR_SR_SECURITY_DESCRIPTOR SamSD = NULL;
+ PSECURITY_DESCRIPTOR SdBuffer = NULL;
+ ACCESS_MASK DesiredAccess = 0;
+ ULONG Length = 0;
+ NTSTATUS Status;
+
+ TRACE("(%p %lx %p)\n",
+ ObjectHandle, SecurityInformation, SecurityDescriptor);
+
+ *SecurityDescriptor = NULL;
+
+ RtlAcquireResourceShared(&SampResource,
+ TRUE);
+
+ if (SecurityInformation & (DACL_SECURITY_INFORMATION |
+ OWNER_SECURITY_INFORMATION |
+ GROUP_SECURITY_INFORMATION))
+ DesiredAccess |= READ_CONTROL;
+
+ if (SecurityInformation & SACL_SECURITY_INFORMATION)
+ DesiredAccess |= ACCESS_SYSTEM_SECURITY;
+
+ /* Validate the server handle */
+ Status = SampValidateDbObject(ObjectHandle,
+ SamDbIgnoreObject,
+ DesiredAccess,
+ &SamObject);
+ if (!NT_SUCCESS(Status))
+ goto done;
+
+ SamSD = midl_user_allocate(sizeof(SAMPR_SR_SECURITY_DESCRIPTOR));
+ if (SamSD == NULL)
+ {
+ Status = STATUS_INSUFFICIENT_RESOURCES;
+ goto done;
+ }
+
+ Status = SampGetObjectAttribute(SamObject,
+ L"SecDesc",
+ NULL,
+ NULL,
+ &Length);
+ if (!NT_SUCCESS(Status) && Status != STATUS_BUFFER_OVERFLOW)
+ {
+ TRACE("Status 0x%08lx\n", Status);
+ goto done;
+ }
+
+ TRACE("SD Length: %lu\n", Length);
+
+ SdBuffer = midl_user_allocate(Length);
+ if (SdBuffer == NULL)
+ {
+ Status = STATUS_INSUFFICIENT_RESOURCES;
+ goto done;
+ }
+
+ Status = SampGetObjectAttribute(SamObject,
+ L"SecDesc",
+ NULL,
+ SdBuffer,
+ &Length);
+ if (!NT_SUCCESS(Status))
+ {
+ TRACE("Status 0x%08lx\n", Status);
+ goto done;
+ }
+
+ /* FIXME: Use SecurityInformation to return only the requested information */
+
+ SamSD->Length = Length;
+ SamSD->SecurityDescriptor = SdBuffer;
+
+done:
+ RtlReleaseResource(&SampResource);
+
+ if (NT_SUCCESS(Status))
+ {
+ *SecurityDescriptor = SamSD;
+ }
+ else
+ {
+ if (SdBuffer != NULL)
+ midl_user_free(SdBuffer);
+
+ if (SamSD != NULL)
+ midl_user_free(SamSD);
+ }
+
+ return Status;
}
TRACE("(%p)\n", ServerHandle);
+ RtlAcquireResourceShared(&SampResource,
+ TRUE);
+
/* Validate the server handle */
Status = SampValidateDbObject(ServerHandle,
SamDbServerObject,
SAM_SERVER_SHUTDOWN,
&ServerObject);
+
+ RtlReleaseResource(&SampResource);
+
if (!NT_SUCCESS(Status))
return Status;
TRACE("SamrLookupDomainInSamServer(%p %p %p)\n",
ServerHandle, Name, DomainId);
+ RtlAcquireResourceShared(&SampResource,
+ TRUE);
+
/* Validate the server handle */
Status = SampValidateDbObject(ServerHandle,
SamDbServerObject,
SAM_SERVER_LOOKUP_DOMAIN,
&ServerObject);
if (!NT_SUCCESS(Status))
- return Status;
+ goto done;
*DomainId = NULL;
KEY_READ,
&DomainsKeyHandle);
if (!NT_SUCCESS(Status))
- return Status;
+ goto done;
Index = 0;
while (Found == FALSE)
}
}
- NtClose(DomainKeyHandle);
+ SampRegCloseKey(&DomainKeyHandle);
}
Index++;
}
- NtClose(DomainsKeyHandle);
+done:
+ SampRegCloseKey(&DomainKeyHandle);
+ SampRegCloseKey(&DomainsKeyHandle);
+
+ RtlReleaseResource(&SampResource);
return Status;
}
{
PSAM_DB_OBJECT ServerObject;
WCHAR DomainKeyName[64];
- HANDLE DomainsKeyHandle;
- HANDLE DomainKeyHandle;
+ HANDLE DomainsKeyHandle = NULL;
+ HANDLE DomainKeyHandle = NULL;
ULONG EnumIndex;
ULONG EnumCount;
ULONG RequiredLength;
ServerHandle, EnumerationContext, Buffer, PreferedMaximumLength,
CountReturned);
+ RtlAcquireResourceShared(&SampResource,
+ TRUE);
+
/* Validate the server handle */
Status = SampValidateDbObject(ServerHandle,
SamDbServerObject,
SAM_SERVER_ENUMERATE_DOMAINS,
&ServerObject);
if (!NT_SUCCESS(Status))
- return Status;
+ goto done;
Status = SampRegOpenKey(ServerObject->KeyHandle,
L"Domains",
KEY_READ,
&DomainsKeyHandle);
if (!NT_SUCCESS(Status))
- return Status;
+ goto done;
EnumIndex = *EnumerationContext;
EnumCount = 0;
EnumCount++;
}
- NtClose(DomainKeyHandle);
+ SampRegCloseKey(&DomainKeyHandle);
}
EnumIndex++;
EnumBuffer->Buffer[i].Name.Buffer = midl_user_allocate(DataLength);
if (EnumBuffer->Buffer[i].Name.Buffer == NULL)
{
- NtClose(DomainKeyHandle);
+ SampRegCloseKey(&DomainKeyHandle);
Status = STATUS_INSUFFICIENT_RESOURCES;
goto done;
}
}
}
- NtClose(DomainKeyHandle);
+ SampRegCloseKey(&DomainKeyHandle);
if (!NT_SUCCESS(Status))
goto done;
}
done:
+ SampRegCloseKey(&DomainKeyHandle);
+ SampRegCloseKey(&DomainsKeyHandle);
+
if (!NT_SUCCESS(Status))
{
*EnumerationContext = 0;
}
}
- NtClose(DomainsKeyHandle);
+ RtlReleaseResource(&SampResource);
return Status;
}
RtlMapGenericMask(&DesiredAccess,
&DomainMapping);
+ RtlAcquireResourceShared(&SampResource,
+ TRUE);
+
/* Validate the server handle */
Status = SampValidateDbObject(ServerHandle,
SamDbServerObject,
if (NT_SUCCESS(Status))
*DomainHandle = (SAMPR_HANDLE)DomainObject;
+ RtlReleaseResource(&SampResource);
+
TRACE("SamrOpenDomain done (Status 0x%08lx)\n", Status);
return Status;
Status = SampRegQueryKeyInfo(NamesKeyHandle,
NULL,
Count);
-done:
- if (NamesKeyHandle != NULL)
- SampRegCloseKey(NamesKeyHandle);
- if (AccountKeyHandle != NULL)
- SampRegCloseKey(AccountKeyHandle);
+done:
+ SampRegCloseKey(&NamesKeyHandle);
+ SampRegCloseKey(&AccountKeyHandle);
return Status;
}
return STATUS_INVALID_INFO_CLASS;
}
+ RtlAcquireResourceShared(&SampResource,
+ TRUE);
+
/* Validate the server handle */
Status = SampValidateDbObject(DomainHandle,
SamDbDomainObject,
DesiredAccess,
&DomainObject);
if (!NT_SUCCESS(Status))
- return Status;
+ goto done;
switch (DomainInformationClass)
{
Status = STATUS_NOT_IMPLEMENTED;
}
+done:
+ RtlReleaseResource(&SampResource);
+
return Status;
}
return STATUS_INVALID_INFO_CLASS;
}
+ RtlAcquireResourceExclusive(&SampResource,
+ TRUE);
+
/* Validate the server handle */
Status = SampValidateDbObject(DomainHandle,
SamDbDomainObject,
DesiredAccess,
&DomainObject);
if (!NT_SUCCESS(Status))
- return Status;
+ goto done;
switch (DomainInformationClass)
{
break;
case DomainOemInformation:
- Status = SampSetObjectAttribute(DomainObject,
- L"OemInformation",
- REG_SZ,
- DomainInformation->Oem.OemInformation.Buffer,
- DomainInformation->Oem.OemInformation.Length + sizeof(WCHAR));
+ Status = SampSetObjectAttributeString(DomainObject,
+ L"OemInformation",
+ &DomainInformation->Oem.OemInformation);
break;
case DomainNameInformation:
- Status = SampSetObjectAttribute(DomainObject,
- L"Name",
- REG_SZ,
- DomainInformation->Name.DomainName.Buffer,
- DomainInformation->Name.DomainName.Length + sizeof(WCHAR));
+ Status = SampSetObjectAttributeString(DomainObject,
+ L"Name",
+ &DomainInformation->Name.DomainName);
break;
case DomainReplicationInformation:
- Status = SampSetObjectAttribute(DomainObject,
- L"ReplicaSourceNodeName",
- REG_SZ,
- DomainInformation->Replication.ReplicaSourceNodeName.Buffer,
- DomainInformation->Replication.ReplicaSourceNodeName.Length + sizeof(WCHAR));
+ Status = SampSetObjectAttributeString(DomainObject,
+ L"ReplicaSourceNodeName",
+ &DomainInformation->Replication.ReplicaSourceNodeName);
break;
case DomainServerRoleInformation:
Status = STATUS_NOT_IMPLEMENTED;
}
+done:
+ RtlReleaseResource(&SampResource);
+
return Status;
}
OUT SAMPR_HANDLE *GroupHandle,
OUT unsigned long *RelativeId)
{
- UNICODE_STRING EmptyString = RTL_CONSTANT_STRING(L"");
SAM_DOMAIN_FIXED_DATA FixedDomainData;
SAM_GROUP_FIXED_DATA FixedGroupData;
PSAM_DB_OBJECT DomainObject;
PSAM_DB_OBJECT GroupObject;
+ PSECURITY_DESCRIPTOR Sd = NULL;
+ ULONG SdSize = 0;
ULONG ulSize;
ULONG ulRid;
WCHAR szRid[9];
RtlMapGenericMask(&DesiredAccess,
&GroupMapping);
+ RtlAcquireResourceExclusive(&SampResource,
+ TRUE);
+
/* Validate the domain handle */
Status = SampValidateDbObject(DomainHandle,
SamDbDomainObject,
if (!NT_SUCCESS(Status))
{
TRACE("failed with status 0x%08lx\n", Status);
- return Status;
+ goto done;
+ }
+
+ /* Check the group account name */
+ Status = SampCheckAccountName(Name, 256);
+ if (!NT_SUCCESS(Status))
+ {
+ TRACE("SampCheckAccountName failed (Status 0x%08lx)\n", Status);
+ goto done;
}
/* Check if the group name already exists in the domain */
{
TRACE("Group name \'%S\' already exists in domain (Status 0x%08lx)\n",
Name->Buffer, Status);
- return Status;
+ goto done;
+ }
+
+ /* Create the security descriptor */
+ Status = SampCreateGroupSD(&Sd,
+ &SdSize);
+ if (!NT_SUCCESS(Status))
+ {
+ TRACE("SampCreateGroupSD failed (Status 0x%08lx)\n", Status);
+ goto done;
}
/* Get the fixed domain attributes */
if (!NT_SUCCESS(Status))
{
TRACE("failed with status 0x%08lx\n", Status);
- return Status;
+ goto done;
}
/* Increment the NextRid attribute */
/* Store the fixed domain attributes */
Status = SampSetObjectAttribute(DomainObject,
- L"F",
- REG_BINARY,
- &FixedDomainData,
- ulSize);
+ L"F",
+ REG_BINARY,
+ &FixedDomainData,
+ ulSize);
if (!NT_SUCCESS(Status))
{
TRACE("failed with status 0x%08lx\n", Status);
- return Status;
+ goto done;
}
TRACE("RID: %lx\n", ulRid);
if (!NT_SUCCESS(Status))
{
TRACE("failed with status 0x%08lx\n", Status);
- return Status;
+ goto done;
}
/* Add the account name of the user object */
if (!NT_SUCCESS(Status))
{
TRACE("failed with status 0x%08lx\n", Status);
- return Status;
+ goto done;
}
/* Initialize fixed user data */
memset(&FixedGroupData, 0, sizeof(SAM_GROUP_FIXED_DATA));
FixedGroupData.Version = 1;
-
FixedGroupData.GroupId = ulRid;
/* Set fixed user data attribute */
if (!NT_SUCCESS(Status))
{
TRACE("failed with status 0x%08lx\n", Status);
- return Status;
+ goto done;
}
/* Set the Name attribute */
- Status = SampSetObjectAttribute(GroupObject,
- L"Name",
- REG_SZ,
- (LPVOID)Name->Buffer,
- Name->MaximumLength);
+ Status = SampSetObjectAttributeString(GroupObject,
+ L"Name",
+ Name);
if (!NT_SUCCESS(Status))
{
TRACE("failed with status 0x%08lx\n", Status);
- return Status;
+ goto done;
}
/* Set the AdminComment attribute */
+ Status = SampSetObjectAttributeString(GroupObject,
+ L"AdminComment",
+ NULL);
+ if (!NT_SUCCESS(Status))
+ {
+ TRACE("failed with status 0x%08lx\n", Status);
+ goto done;
+ }
+
+ /* Set the SecDesc attribute*/
Status = SampSetObjectAttribute(GroupObject,
- L"AdminComment",
- REG_SZ,
- EmptyString.Buffer,
- EmptyString.MaximumLength);
+ L"SecDesc",
+ REG_BINARY,
+ Sd,
+ SdSize);
if (!NT_SUCCESS(Status))
{
TRACE("failed with status 0x%08lx\n", Status);
- return Status;
+ goto done;
}
if (NT_SUCCESS(Status))
*RelativeId = ulRid;
}
+done:
+ if (Sd != NULL)
+ RtlFreeHeap(RtlGetProcessHeap(), 0, Sd);
+
+ RtlReleaseResource(&SampResource);
+
TRACE("returns with status 0x%08lx\n", Status);
return Status;
DomainHandle, EnumerationContext, Buffer,
PreferedMaximumLength, CountReturned);
+ RtlAcquireResourceShared(&SampResource,
+ TRUE);
+
/* Validate the domain handle */
Status = SampValidateDbObject(DomainHandle,
SamDbDomainObject,
DOMAIN_LIST_ACCOUNTS,
&DomainObject);
if (!NT_SUCCESS(Status))
- return Status;
+ goto done;
Status = SampRegOpenKey(DomainObject->KeyHandle,
L"Groups",
KEY_READ,
&GroupsKeyHandle);
if (!NT_SUCCESS(Status))
- return Status;
+ goto done;
Status = SampRegOpenKey(GroupsKeyHandle,
L"Names",
}
}
- if (NamesKeyHandle != NULL)
- SampRegCloseKey(NamesKeyHandle);
-
- if (GroupsKeyHandle != NULL)
- SampRegCloseKey(GroupsKeyHandle);
+ SampRegCloseKey(&NamesKeyHandle);
+ SampRegCloseKey(&GroupsKeyHandle);
if ((Status == STATUS_SUCCESS) && (MoreEntries == TRUE))
Status = STATUS_MORE_ENTRIES;
+ RtlReleaseResource(&SampResource);
+
return Status;
}
OUT SAMPR_HANDLE *UserHandle,
OUT unsigned long *RelativeId)
{
- UNICODE_STRING EmptyString = RTL_CONSTANT_STRING(L"");
SAM_DOMAIN_FIXED_DATA FixedDomainData;
SAM_USER_FIXED_DATA FixedUserData;
PSAM_DB_OBJECT DomainObject;
ULONG ulSize;
ULONG ulRid;
WCHAR szRid[9];
+ PSECURITY_DESCRIPTOR Sd = NULL;
+ ULONG SdSize = 0;
+ PSID UserSid = NULL;
NTSTATUS Status;
TRACE("SamrCreateUserInDomain(%p %p %lx %p %p)\n",
RtlMapGenericMask(&DesiredAccess,
&UserMapping);
+ RtlAcquireResourceExclusive(&SampResource,
+ TRUE);
+
/* Validate the domain handle */
Status = SampValidateDbObject(DomainHandle,
SamDbDomainObject,
if (!NT_SUCCESS(Status))
{
TRACE("failed with status 0x%08lx\n", Status);
- return Status;
+ goto done;
+ }
+
+ /* Check the user account name */
+ Status = SampCheckAccountName(Name, 20);
+ if (!NT_SUCCESS(Status))
+ {
+ TRACE("SampCheckAccountName failed (Status 0x%08lx)\n", Status);
+ goto done;
}
/* Check if the user name already exists in the domain */
{
TRACE("User name \'%S\' already exists in domain (Status 0x%08lx)\n",
Name->Buffer, Status);
- return Status;
+ goto done;
}
/* Get the fixed domain attributes */
if (!NT_SUCCESS(Status))
{
TRACE("failed with status 0x%08lx\n", Status);
- return Status;
+ goto done;
}
/* Increment the NextRid attribute */
ulRid = FixedDomainData.NextRid;
FixedDomainData.NextRid++;
+ TRACE("RID: %lx\n", ulRid);
+
+ /* Create the user SID */
+ Status = SampCreateAccountSid(DomainObject,
+ ulRid,
+ &UserSid);
+ if (!NT_SUCCESS(Status))
+ {
+ TRACE("SampCreateAccountSid failed (Status 0x%08lx)\n", Status);
+ goto done;
+ }
+
+ /* Create the security descriptor */
+ Status = SampCreateUserSD(UserSid,
+ &Sd,
+ &SdSize);
+ if (!NT_SUCCESS(Status))
+ {
+ TRACE("SampCreateUserSD failed (Status 0x%08lx)\n", Status);
+ goto done;
+ }
+
/* Store the fixed domain attributes */
Status = SampSetObjectAttribute(DomainObject,
L"F",
if (!NT_SUCCESS(Status))
{
TRACE("failed with status 0x%08lx\n", Status);
- return Status;
+ goto done;
}
- TRACE("RID: %lx\n", ulRid);
-
/* Convert the RID into a string (hex) */
swprintf(szRid, L"%08lX", ulRid);
if (!NT_SUCCESS(Status))
{
TRACE("failed with status 0x%08lx\n", Status);
- return Status;
+ goto done;
}
/* Add the account name for the user object */
if (!NT_SUCCESS(Status))
{
TRACE("failed with status 0x%08lx\n", Status);
- return Status;
+ goto done;
}
/* Initialize fixed user data */
if (!NT_SUCCESS(Status))
{
TRACE("failed with status 0x%08lx\n", Status);
- return Status;
+ goto done;
}
/* Set the Name attribute */
- Status = SampSetObjectAttribute(UserObject,
- L"Name",
- REG_SZ,
- (LPVOID)Name->Buffer,
- Name->MaximumLength);
+ Status = SampSetObjectAttributeString(UserObject,
+ L"Name",
+ Name);
if (!NT_SUCCESS(Status))
{
TRACE("failed with status 0x%08lx\n", Status);
- return Status;
+ goto done;
}
/* Set the FullName attribute */
- Status = SampSetObjectAttribute(UserObject,
- L"FullName",
- REG_SZ,
- EmptyString.Buffer,
- EmptyString.MaximumLength);
+ Status = SampSetObjectAttributeString(UserObject,
+ L"FullName",
+ NULL);
if (!NT_SUCCESS(Status))
{
TRACE("failed with status 0x%08lx\n", Status);
- return Status;
+ goto done;
}
/* Set the HomeDirectory attribute */
- Status = SampSetObjectAttribute(UserObject,
- L"HomeDirectory",
- REG_SZ,
- EmptyString.Buffer,
- EmptyString.MaximumLength);
+ Status = SampSetObjectAttributeString(UserObject,
+ L"HomeDirectory",
+ NULL);
if (!NT_SUCCESS(Status))
{
TRACE("failed with status 0x%08lx\n", Status);
- return Status;
+ goto done;
}
/* Set the HomeDirectoryDrive attribute */
- Status = SampSetObjectAttribute(UserObject,
- L"HomeDirectoryDrive",
- REG_SZ,
- EmptyString.Buffer,
- EmptyString.MaximumLength);
+ Status = SampSetObjectAttributeString(UserObject,
+ L"HomeDirectoryDrive",
+ NULL);
if (!NT_SUCCESS(Status))
{
TRACE("failed with status 0x%08lx\n", Status);
- return Status;
+ goto done;
}
/* Set the ScriptPath attribute */
- Status = SampSetObjectAttribute(UserObject,
- L"ScriptPath",
- REG_SZ,
- EmptyString.Buffer,
- EmptyString.MaximumLength);
+ Status = SampSetObjectAttributeString(UserObject,
+ L"ScriptPath",
+ NULL);
if (!NT_SUCCESS(Status))
{
TRACE("failed with status 0x%08lx\n", Status);
- return Status;
+ goto done;
}
/* Set the ProfilePath attribute */
- Status = SampSetObjectAttribute(UserObject,
- L"ProfilePath",
- REG_SZ,
- EmptyString.Buffer,
- EmptyString.MaximumLength);
+ Status = SampSetObjectAttributeString(UserObject,
+ L"ProfilePath",
+ NULL);
if (!NT_SUCCESS(Status))
{
TRACE("failed with status 0x%08lx\n", Status);
- return Status;
+ goto done;
}
/* Set the AdminComment attribute */
- Status = SampSetObjectAttribute(UserObject,
- L"AdminComment",
- REG_SZ,
- EmptyString.Buffer,
- EmptyString.MaximumLength);
+ Status = SampSetObjectAttributeString(UserObject,
+ L"AdminComment",
+ NULL);
if (!NT_SUCCESS(Status))
{
TRACE("failed with status 0x%08lx\n", Status);
- return Status;
+ goto done;
}
/* Set the UserComment attribute */
- Status = SampSetObjectAttribute(UserObject,
- L"UserComment",
- REG_SZ,
- EmptyString.Buffer,
- EmptyString.MaximumLength);
+ Status = SampSetObjectAttributeString(UserObject,
+ L"UserComment",
+ NULL);
if (!NT_SUCCESS(Status))
{
TRACE("failed with status 0x%08lx\n", Status);
- return Status;
+ goto done;
}
/* Set the WorkStations attribute */
- Status = SampSetObjectAttribute(UserObject,
- L"WorkStations",
- REG_SZ,
- EmptyString.Buffer,
- EmptyString.MaximumLength);
+ Status = SampSetObjectAttributeString(UserObject,
+ L"WorkStations",
+ NULL);
if (!NT_SUCCESS(Status))
{
TRACE("failed with status 0x%08lx\n", Status);
- return Status;
+ goto done;
}
/* Set the Parameters attribute */
- Status = SampSetObjectAttribute(UserObject,
- L"Parameters",
- REG_SZ,
- EmptyString.Buffer,
- EmptyString.MaximumLength);
+ Status = SampSetObjectAttributeString(UserObject,
+ L"Parameters",
+ NULL);
if (!NT_SUCCESS(Status))
{
TRACE("failed with status 0x%08lx\n", Status);
- return Status;
+ goto done;
}
/* Set LogonHours attribute*/
if (!NT_SUCCESS(Status))
{
TRACE("failed with status 0x%08lx\n", Status);
- return Status;
+ goto done;
}
/* Set Groups attribute*/
if (!NT_SUCCESS(Status))
{
TRACE("failed with status 0x%08lx\n", Status);
- return Status;
+ goto done;
}
/* Set LMPwd attribute*/
if (!NT_SUCCESS(Status))
{
TRACE("failed with status 0x%08lx\n", Status);
- return Status;
+ goto done;
}
/* Set NTPwd attribute*/
if (!NT_SUCCESS(Status))
{
TRACE("failed with status 0x%08lx\n", Status);
- return Status;
+ goto done;
}
/* Set LMPwdHistory attribute*/
if (!NT_SUCCESS(Status))
{
TRACE("failed with status 0x%08lx\n", Status);
- return Status;
+ goto done;
}
/* Set NTPwdHistory attribute*/
if (!NT_SUCCESS(Status))
{
TRACE("failed with status 0x%08lx\n", Status);
- return Status;
+ goto done;
+ }
+
+ /* Set the PrivateData attribute */
+ Status = SampSetObjectAttributeString(UserObject,
+ L"PrivateData",
+ NULL);
+ if (!NT_SUCCESS(Status))
+ {
+ TRACE("failed with status 0x%08lx\n", Status);
+ goto done;
}
- /* FIXME: Set SecDesc attribute*/
+ /* Set the SecDesc attribute*/
+ Status = SampSetObjectAttribute(UserObject,
+ L"SecDesc",
+ REG_BINARY,
+ Sd,
+ SdSize);
+ if (!NT_SUCCESS(Status))
+ {
+ TRACE("failed with status 0x%08lx\n", Status);
+ goto done;
+ }
if (NT_SUCCESS(Status))
{
*RelativeId = ulRid;
}
+done:
+ if (Sd != NULL)
+ RtlFreeHeap(RtlGetProcessHeap(), 0, Sd);
+
+ if (UserSid != NULL)
+ RtlFreeHeap(RtlGetProcessHeap(), 0, UserSid);
+
+ RtlReleaseResource(&SampResource);
+
TRACE("returns with status 0x%08lx\n", Status);
return Status;
DomainHandle, EnumerationContext, UserAccountControl, Buffer,
PreferedMaximumLength, CountReturned);
+ RtlAcquireResourceShared(&SampResource,
+ TRUE);
+
/* Validate the domain handle */
Status = SampValidateDbObject(DomainHandle,
SamDbDomainObject,
DOMAIN_LIST_ACCOUNTS,
&DomainObject);
if (!NT_SUCCESS(Status))
- return Status;
+ goto done;
Status = SampRegOpenKey(DomainObject->KeyHandle,
L"Users",
KEY_READ,
&UsersKeyHandle);
if (!NT_SUCCESS(Status))
- return Status;
+ goto done;
Status = SampRegOpenKey(UsersKeyHandle,
L"Names",
}
}
- if (NamesKeyHandle != NULL)
- SampRegCloseKey(NamesKeyHandle);
-
- if (UsersKeyHandle != NULL)
- SampRegCloseKey(UsersKeyHandle);
+ SampRegCloseKey(&NamesKeyHandle);
+ SampRegCloseKey(&UsersKeyHandle);
if ((Status == STATUS_SUCCESS) && (MoreEntries == TRUE))
Status = STATUS_MORE_ENTRIES;
+ RtlReleaseResource(&SampResource);
+
return Status;
}
SAM_DOMAIN_FIXED_DATA FixedDomainData;
PSAM_DB_OBJECT DomainObject;
PSAM_DB_OBJECT AliasObject;
- UNICODE_STRING EmptyString = RTL_CONSTANT_STRING(L"");
+ PSECURITY_DESCRIPTOR Sd = NULL;
+ ULONG SdSize = 0;
ULONG ulSize;
ULONG ulRid;
WCHAR szRid[9];
RtlMapGenericMask(&DesiredAccess,
&AliasMapping);
+ RtlAcquireResourceExclusive(&SampResource,
+ TRUE);
+
/* Validate the domain handle */
Status = SampValidateDbObject(DomainHandle,
SamDbDomainObject,
if (!NT_SUCCESS(Status))
{
TRACE("failed with status 0x%08lx\n", Status);
- return Status;
+ goto done;
+ }
+
+ /* Check the alias acoount name */
+ Status = SampCheckAccountName(AccountName, 256);
+ if (!NT_SUCCESS(Status))
+ {
+ TRACE("SampCheckAccountName failed (Status 0x%08lx)\n", Status);
+ goto done;
}
/* Check if the alias name already exists in the domain */
{
TRACE("Alias name \'%S\' already exists in domain (Status 0x%08lx)\n",
AccountName->Buffer, Status);
- return Status;
+ goto done;
+ }
+
+ /* Create the security descriptor */
+ Status = SampCreateAliasSD(&Sd,
+ &SdSize);
+ if (!NT_SUCCESS(Status))
+ {
+ TRACE("SampCreateAliasSD failed (Status 0x%08lx)\n", Status);
+ goto done;
}
/* Get the fixed domain attributes */
if (!NT_SUCCESS(Status))
{
TRACE("failed with status 0x%08lx\n", Status);
- return Status;
+ goto done;
}
/* Increment the NextRid attribute */
if (!NT_SUCCESS(Status))
{
TRACE("failed with status 0x%08lx\n", Status);
- return Status;
+ goto done;
}
TRACE("RID: %lx\n", ulRid);
if (!NT_SUCCESS(Status))
{
TRACE("failed with status 0x%08lx\n", Status);
- return Status;
+ goto done;
}
/* Add the account name for the alias object */
if (!NT_SUCCESS(Status))
{
TRACE("failed with status 0x%08lx\n", Status);
- return Status;
+ goto done;
}
/* Set the Name attribute */
- Status = SampSetObjectAttribute(AliasObject,
- L"Name",
- REG_SZ,
- (LPVOID)AccountName->Buffer,
- AccountName->MaximumLength);
+ Status = SampSetObjectAttributeString(AliasObject,
+ L"Name",
+ AccountName);
if (!NT_SUCCESS(Status))
{
TRACE("failed with status 0x%08lx\n", Status);
- return Status;
+ goto done;
}
/* Set the Description attribute */
+ Status = SampSetObjectAttributeString(AliasObject,
+ L"Description",
+ NULL);
+ if (!NT_SUCCESS(Status))
+ {
+ TRACE("failed with status 0x%08lx\n", Status);
+ goto done;
+ }
+
+ /* Set the SecDesc attribute*/
Status = SampSetObjectAttribute(AliasObject,
- L"Description",
- REG_SZ,
- EmptyString.Buffer,
- EmptyString.MaximumLength);
+ L"SecDesc",
+ REG_BINARY,
+ Sd,
+ SdSize);
if (!NT_SUCCESS(Status))
{
TRACE("failed with status 0x%08lx\n", Status);
- return Status;
+ goto done;
}
if (NT_SUCCESS(Status))
*RelativeId = ulRid;
}
+done:
+ if (Sd != NULL)
+ RtlFreeHeap(RtlGetProcessHeap(), 0, Sd);
+
+ RtlReleaseResource(&SampResource);
+
TRACE("returns with status 0x%08lx\n", Status);
return Status;
DomainHandle, EnumerationContext, Buffer,
PreferedMaximumLength, CountReturned);
+ RtlAcquireResourceShared(&SampResource,
+ TRUE);
+
/* Validate the domain handle */
Status = SampValidateDbObject(DomainHandle,
SamDbDomainObject,
DOMAIN_LIST_ACCOUNTS,
&DomainObject);
if (!NT_SUCCESS(Status))
- return Status;
+ goto done;
Status = SampRegOpenKey(DomainObject->KeyHandle,
L"Aliases",
KEY_READ,
&AliasesKeyHandle);
if (!NT_SUCCESS(Status))
- return Status;
+ goto done;
Status = SampRegOpenKey(AliasesKeyHandle,
L"Names",
}
}
- if (NamesKeyHandle != NULL)
- SampRegCloseKey(NamesKeyHandle);
-
- if (AliasesKeyHandle != NULL)
- SampRegCloseKey(AliasesKeyHandle);
+ SampRegCloseKey(&NamesKeyHandle);
+ SampRegCloseKey(&AliasesKeyHandle);
if ((Status == STATUS_SUCCESS) && (MoreEntries == TRUE))
Status = STATUS_MORE_ENTRIES;
+ RtlReleaseResource(&SampResource);
+
return Status;
}
ULONG ValueCount;
ULONG DataLength;
ULONG i, j;
+ ULONG RidIndex;
NTSTATUS Status;
WCHAR NameBuffer[9];
TRACE("SamrGetAliasMembership(%p %p %p)\n",
DomainHandle, SidArray, Membership);
+ RtlAcquireResourceShared(&SampResource,
+ TRUE);
+
/* Validate the domain handle */
Status = SampValidateDbObject(DomainHandle,
SamDbDomainObject,
DOMAIN_GET_ALIAS_MEMBERSHIP,
&DomainObject);
if (!NT_SUCCESS(Status))
- return Status;
+ goto done;
Status = SampRegOpenKey(DomainObject->KeyHandle,
L"Aliases",
MaxSidCount += ValueCount;
}
- NtClose(MemberKeyHandle);
+ SampRegCloseKey(&MemberKeyHandle);
}
if (Status == STATUS_OBJECT_NAME_NOT_FOUND)
goto done;
}
+ RidIndex = 0;
for (i = 0; i < SidArray->Count; i++)
{
ConvertSidToStringSid(SidArray->Sids[i].SidPointer, &MemberSidString);
NULL);
if (NT_SUCCESS(Status))
{
- RidArray[j] = wcstoul(NameBuffer, NULL, 16);
+ /* FIXME: Do not return each RID more than once. */
+ RidArray[RidIndex] = wcstoul(NameBuffer, NULL, 16);
+ RidIndex++;
}
}
}
- NtClose(MemberKeyHandle);
+ SampRegCloseKey(&MemberKeyHandle);
}
LocalFree(MemberSidString);
}
done:
+ SampRegCloseKey(&MembersKeyHandle);
+ SampRegCloseKey(&AliasesKeyHandle);
+
if (NT_SUCCESS(Status))
{
Membership->Count = MaxSidCount;
midl_user_free(RidArray);
}
- if (MembersKeyHandle != NULL)
- NtClose(MembersKeyHandle);
-
- if (MembersKeyHandle != NULL)
- NtClose(MembersKeyHandle);
-
- if (AliasesKeyHandle != NULL)
- NtClose(AliasesKeyHandle);
+ RtlReleaseResource(&SampResource);
return Status;
}
OUT PSAMPR_ULONG_ARRAY Use)
{
PSAM_DB_OBJECT DomainObject;
- HANDLE AccountsKeyHandle;
- HANDLE NamesKeyHandle;
+ HANDLE AccountsKeyHandle = NULL;
+ HANDLE NamesKeyHandle = NULL;
ULONG MappedCount = 0;
ULONG DataLength;
ULONG i;
TRACE("SamrLookupNamesInDomain(%p %lu %p %p %p)\n",
DomainHandle, Count, Names, RelativeIds, Use);
+ RtlAcquireResourceShared(&SampResource,
+ TRUE);
+
/* Validate the domain handle */
Status = SampValidateDbObject(DomainHandle,
SamDbDomainObject,
if (!NT_SUCCESS(Status))
{
TRACE("failed with status 0x%08lx\n", Status);
- return Status;
+ goto done;
}
RelativeIds->Count = 0;
Use->Count = 0;
if (Count == 0)
- return STATUS_SUCCESS;
+ {
+ Status = STATUS_SUCCESS;
+ goto done;
+ }
/* Allocate the relative IDs array */
RelativeIds->Element = midl_user_allocate(Count * sizeof(ULONG));
&RelativeId,
&DataLength);
- SampRegCloseKey(NamesKeyHandle);
+ SampRegCloseKey(&NamesKeyHandle);
}
- SampRegCloseKey(AccountsKeyHandle);
+ SampRegCloseKey(&AccountsKeyHandle);
}
if (!NT_SUCCESS(Status) && Status != STATUS_OBJECT_NAME_NOT_FOUND)
&RelativeId,
&DataLength);
- SampRegCloseKey(NamesKeyHandle);
+ SampRegCloseKey(&NamesKeyHandle);
}
- SampRegCloseKey(AccountsKeyHandle);
+ SampRegCloseKey(&AccountsKeyHandle);
}
if (!NT_SUCCESS(Status) && Status != STATUS_OBJECT_NAME_NOT_FOUND)
&RelativeId,
&DataLength);
- SampRegCloseKey(NamesKeyHandle);
+ SampRegCloseKey(&NamesKeyHandle);
}
- SampRegCloseKey(AccountsKeyHandle);
+ SampRegCloseKey(&AccountsKeyHandle);
}
if (!NT_SUCCESS(Status) && Status != STATUS_OBJECT_NAME_NOT_FOUND)
Use->Count = 0;
}
+ RtlReleaseResource(&SampResource);
+
TRACE("Returned Status %lx\n", Status);
return Status;
{
PSAM_DB_OBJECT DomainObject;
WCHAR RidString[9];
- HANDLE AccountsKeyHandle;
- HANDLE AccountKeyHandle;
+ HANDLE AccountsKeyHandle = NULL;
+ HANDLE AccountKeyHandle = NULL;
ULONG MappedCount = 0;
ULONG DataLength;
ULONG i;
TRACE("SamrLookupIdsInDomain(%p %lu %p %p %p)\n",
DomainHandle, Count, RelativeIds, Names, Use);
+ RtlAcquireResourceShared(&SampResource,
+ TRUE);
+
/* Validate the domain handle */
Status = SampValidateDbObject(DomainHandle,
SamDbDomainObject,
if (!NT_SUCCESS(Status))
{
TRACE("failed with status 0x%08lx\n", Status);
- return Status;
+ goto done;
}
Names->Count = 0;
Use->Count = 0;
if (Count == 0)
- return STATUS_SUCCESS;
+ {
+ Status = STATUS_SUCCESS;
+ goto done;
+ }
/* Allocate the names array */
- Names->Element = midl_user_allocate(Count * sizeof(ULONG));
+ Names->Element = midl_user_allocate(Count * sizeof(*Names->Element));
if (Names->Element == NULL)
{
Status = STATUS_INSUFFICIENT_RESOURCES;
}
/* Allocate the use array */
- Use->Element = midl_user_allocate(Count * sizeof(ULONG));
+ Use->Element = midl_user_allocate(Count * sizeof(*Use->Element));
if (Use->Element == NULL)
{
Status = STATUS_INSUFFICIENT_RESOURCES;
}
}
- SampRegCloseKey(AccountKeyHandle);
+ SampRegCloseKey(&AccountKeyHandle);
}
- SampRegCloseKey(AccountsKeyHandle);
+ SampRegCloseKey(&AccountsKeyHandle);
}
if (!NT_SUCCESS(Status) && Status != STATUS_OBJECT_NAME_NOT_FOUND)
}
}
- SampRegCloseKey(AccountKeyHandle);
+ SampRegCloseKey(&AccountKeyHandle);
}
- SampRegCloseKey(AccountsKeyHandle);
+ SampRegCloseKey(&AccountsKeyHandle);
}
if (!NT_SUCCESS(Status) && Status != STATUS_OBJECT_NAME_NOT_FOUND)
}
}
- SampRegCloseKey(AccountKeyHandle);
+ SampRegCloseKey(&AccountKeyHandle);
}
- SampRegCloseKey(AccountsKeyHandle);
+ SampRegCloseKey(&AccountsKeyHandle);
}
if (!NT_SUCCESS(Status) && Status != STATUS_OBJECT_NAME_NOT_FOUND)
Use->Count = 0;
}
+ RtlReleaseResource(&SampResource);
+
return Status;
}
RtlMapGenericMask(&DesiredAccess,
&GroupMapping);
+ RtlAcquireResourceShared(&SampResource,
+ TRUE);
+
/* Validate the domain handle */
Status = SampValidateDbObject(DomainHandle,
SamDbDomainObject,
if (!NT_SUCCESS(Status))
{
TRACE("failed with status 0x%08lx\n", Status);
- return Status;
+ goto done;
}
/* Convert the RID into a string (hex) */
if (!NT_SUCCESS(Status))
{
TRACE("failed with status 0x%08lx\n", Status);
- return Status;
+ goto done;
}
*GroupHandle = (SAMPR_HANDLE)GroupObject;
- return STATUS_SUCCESS;
+done:
+ RtlReleaseResource(&SampResource);
+
+ return Status;
}
TRACE("SamrQueryInformationGroup(%p %lu %p)\n",
GroupHandle, GroupInformationClass, Buffer);
+ RtlAcquireResourceShared(&SampResource,
+ TRUE);
+
/* Validate the group handle */
Status = SampValidateDbObject(GroupHandle,
SamDbGroupObject,
GROUP_READ_INFORMATION,
&GroupObject);
if (!NT_SUCCESS(Status))
- return Status;
+ goto done;
switch (GroupInformationClass)
{
break;
}
+done:
+ RtlReleaseResource(&SampResource);
+
return Status;
}
goto done;
}
+ /* Check the new account name */
+ Status = SampCheckAccountName(&Buffer->Name.Name, 256);
+ if (!NT_SUCCESS(Status))
+ {
+ TRACE("SampCheckAccountName failed (Status 0x%08lx)\n", Status);
+ return Status;
+ }
+
NewGroupName.Length = Buffer->Name.Name.Length;
NewGroupName.MaximumLength = Buffer->Name.Name.MaximumLength;
NewGroupName.Buffer = Buffer->Name.Name.Buffer;
goto done;
}
- Status = SampSetObjectAttribute(GroupObject,
- L"Name",
- REG_SZ,
- NewGroupName.Buffer,
- NewGroupName.Length + sizeof(WCHAR));
+ Status = SampSetObjectAttributeString(GroupObject,
+ L"Name",
+ (PRPC_UNICODE_STRING)&NewGroupName);
if (!NT_SUCCESS(Status))
{
TRACE("SampSetObjectAttribute failed (Status 0x%08lx)\n", Status);
TRACE("SamrSetInformationGroup(%p %lu %p)\n",
GroupHandle, GroupInformationClass, Buffer);
+ RtlAcquireResourceExclusive(&SampResource,
+ TRUE);
+
/* Validate the group handle */
Status = SampValidateDbObject(GroupHandle,
SamDbGroupObject,
GROUP_WRITE_ACCOUNT,
&GroupObject);
if (!NT_SUCCESS(Status))
- return Status;
+ goto done;
switch (GroupInformationClass)
{
break;
case GroupAdminCommentInformation:
- Status = SampSetObjectAttribute(GroupObject,
- L"Description",
- REG_SZ,
- Buffer->AdminComment.AdminComment.Buffer,
- Buffer->AdminComment.AdminComment.Length + sizeof(WCHAR));
+ Status = SampSetObjectAttributeString(GroupObject,
+ L"Description",
+ &Buffer->AdminComment.AdminComment);
break;
default:
break;
}
+done:
+ RtlReleaseResource(&SampResource);
+
return Status;
}
TRACE("(%p %lu %lx)\n",
GroupHandle, MemberId, Attributes);
+ RtlAcquireResourceExclusive(&SampResource,
+ TRUE);
+
/* Validate the group handle */
Status = SampValidateDbObject(GroupHandle,
SamDbGroupObject,
GROUP_ADD_MEMBER,
&GroupObject);
if (!NT_SUCCESS(Status))
- return Status;
+ goto done;
/* Open the user object in the same domain */
Status = SampOpenUserObject(GroupObject->ParentObject,
if (UserObject)
SampCloseDbObject(UserObject);
+ RtlReleaseResource(&SampResource);
+
return Status;
}
-/* Function 21 */
+/* Function 23 */
NTSTATUS
NTAPI
SamrDeleteGroup(IN OUT SAMPR_HANDLE *GroupHandle)
TRACE("(%p)\n", GroupHandle);
+ RtlAcquireResourceExclusive(&SampResource,
+ TRUE);
+
/* Validate the group handle */
Status = SampValidateDbObject(*GroupHandle,
SamDbGroupObject,
if (!NT_SUCCESS(Status))
{
TRACE("SampValidateDbObject() failed (Status 0x%08lx)\n", Status);
- return Status;
+ goto done;
}
/* Fail, if the group is built-in */
if (GroupObject->RelativeId < 1000)
{
TRACE("You can not delete a special account!\n");
- return STATUS_SPECIAL_ACCOUNT;
+ Status = STATUS_SPECIAL_ACCOUNT;
+ goto done;
}
/* Get the length of the Members attribute */
if (Length != 0)
{
TRACE("There are still members in the group!\n");
- return STATUS_MEMBER_IN_GROUP;
+ Status = STATUS_MEMBER_IN_GROUP;
+ goto done;
}
/* FIXME: Remove the group from all aliases */
if (!NT_SUCCESS(Status))
{
TRACE("SampDeleteAccountDbObject() failed (Status 0x%08lx)\n", Status);
- return Status;
+ goto done;
}
/* Invalidate the handle */
*GroupHandle = NULL;
- return STATUS_SUCCESS;
+done:
+ RtlReleaseResource(&SampResource);
+
+ return Status;
}
TRACE("(%p %lu)\n",
GroupHandle, MemberId);
+ RtlAcquireResourceExclusive(&SampResource,
+ TRUE);
+
/* Validate the group handle */
Status = SampValidateDbObject(GroupHandle,
SamDbGroupObject,
GROUP_REMOVE_MEMBER,
&GroupObject);
if (!NT_SUCCESS(Status))
- return Status;
+ goto done;
/* Open the user object in the same domain */
Status = SampOpenUserObject(GroupObject->ParentObject,
if (UserObject)
SampCloseDbObject(UserObject);
+ RtlReleaseResource(&SampResource);
+
return Status;
}
ULONG i;
NTSTATUS Status;
+ RtlAcquireResourceShared(&SampResource,
+ TRUE);
+
/* Validate the group handle */
Status = SampValidateDbObject(GroupHandle,
SamDbGroupObject,
GROUP_LIST_MEMBERS,
&GroupObject);
if (!NT_SUCCESS(Status))
- return Status;
+ goto done;
MembersBuffer = midl_user_allocate(sizeof(SAMPR_GET_MEMBERS_BUFFER));
if (MembersBuffer == NULL)
- return STATUS_INSUFFICIENT_RESOURCES;
+ {
+ Status = STATUS_INSUFFICIENT_RESOURCES;
+ goto done;
+ }
SampGetObjectAttribute(GroupObject,
L"Members",
*Members = MembersBuffer;
- return STATUS_SUCCESS;
+ Status = STATUS_SUCCESS;
+ goto done;
}
MembersBuffer->Members = midl_user_allocate(Length);
}
}
+ RtlReleaseResource(&SampResource);
+
return Status;
}
PSAM_DB_OBJECT GroupObject;
NTSTATUS Status;
+ RtlAcquireResourceExclusive(&SampResource,
+ TRUE);
+
/* Validate the group handle */
Status = SampValidateDbObject(GroupHandle,
SamDbGroupObject,
if (!NT_SUCCESS(Status))
{
TRACE("SampValidateDbObject failed with status 0x%08lx\n", Status);
- return Status;
+ goto done;
}
Status = SampSetUserGroupAttributes(GroupObject->ParentObject,
TRACE("SampSetUserGroupAttributes failed with status 0x%08lx\n", Status);
}
+done:
+ RtlReleaseResource(&SampResource);
+
return Status;
}
RtlMapGenericMask(&DesiredAccess,
&AliasMapping);
+ RtlAcquireResourceShared(&SampResource,
+ TRUE);
+
/* Validate the domain handle */
Status = SampValidateDbObject(DomainHandle,
SamDbDomainObject,
if (!NT_SUCCESS(Status))
{
TRACE("failed with status 0x%08lx\n", Status);
- return Status;
+ goto done;
}
/* Convert the RID into a string (hex) */
if (!NT_SUCCESS(Status))
{
TRACE("failed with status 0x%08lx\n", Status);
- return Status;
+ goto done;
}
*AliasHandle = (SAMPR_HANDLE)AliasObject;
- return STATUS_SUCCESS;
+done:
+ RtlReleaseResource(&SampResource);
+
+ return Status;
}
*Buffer = InfoBuffer;
done:
- if (MembersKeyHandle != NULL)
- SampRegCloseKey(MembersKeyHandle);
+ SampRegCloseKey(&MembersKeyHandle);
if (!NT_SUCCESS(Status))
{
TRACE("SamrQueryInformationAlias(%p %lu %p)\n",
AliasHandle, AliasInformationClass, Buffer);
+ RtlAcquireResourceShared(&SampResource,
+ TRUE);
+
/* Validate the alias handle */
Status = SampValidateDbObject(AliasHandle,
SamDbAliasObject,
ALIAS_READ_INFORMATION,
&AliasObject);
if (!NT_SUCCESS(Status))
- return Status;
+ goto done;
switch (AliasInformationClass)
{
break;
}
+done:
+ RtlReleaseResource(&SampResource);
+
return Status;
}
goto done;
}
+ /* Check the new account name */
+ Status = SampCheckAccountName(&Buffer->Name.Name, 256);
+ if (!NT_SUCCESS(Status))
+ {
+ TRACE("SampCheckAccountName failed (Status 0x%08lx)\n", Status);
+ return Status;
+ }
+
NewAliasName.Length = Buffer->Name.Name.Length;
NewAliasName.MaximumLength = Buffer->Name.Name.MaximumLength;
NewAliasName.Buffer = Buffer->Name.Name.Buffer;
goto done;
}
- Status = SampSetObjectAttribute(AliasObject,
- L"Name",
- REG_SZ,
- NewAliasName.Buffer,
- NewAliasName.Length + sizeof(WCHAR));
+ Status = SampSetObjectAttributeString(AliasObject,
+ L"Name",
+ (PRPC_UNICODE_STRING)&NewAliasName);
if (!NT_SUCCESS(Status))
{
TRACE("SampSetObjectAttribute failed (Status 0x%08lx)\n", Status);
TRACE("SamrSetInformationAlias(%p %lu %p)\n",
AliasHandle, AliasInformationClass, Buffer);
+ RtlAcquireResourceExclusive(&SampResource,
+ TRUE);
+
/* Validate the alias handle */
Status = SampValidateDbObject(AliasHandle,
SamDbAliasObject,
ALIAS_WRITE_ACCOUNT,
&AliasObject);
if (!NT_SUCCESS(Status))
- return Status;
+ goto done;
switch (AliasInformationClass)
{
break;
case AliasAdminCommentInformation:
- Status = SampSetObjectAttribute(AliasObject,
- L"Description",
- REG_SZ,
- Buffer->AdminComment.AdminComment.Buffer,
- Buffer->AdminComment.AdminComment.Length + sizeof(WCHAR));
+ Status = SampSetObjectAttributeString(AliasObject,
+ L"Description",
+ &Buffer->AdminComment.AdminComment);
break;
default:
break;
}
+done:
+ RtlReleaseResource(&SampResource);
+
return Status;
}
PSAM_DB_OBJECT AliasObject;
NTSTATUS Status;
+ RtlAcquireResourceExclusive(&SampResource,
+ TRUE);
+
/* Validate the alias handle */
Status = SampValidateDbObject(*AliasHandle,
SamDbAliasObject,
if (!NT_SUCCESS(Status))
{
TRACE("SampValidateDbObject failed (Status 0x%08lx)\n", Status);
- return Status;
+ goto done;
}
/* Fail, if the alias is built-in */
if (AliasObject->RelativeId < 1000)
{
TRACE("You can not delete a special account!\n");
- return STATUS_SPECIAL_ACCOUNT;
+ Status = STATUS_SPECIAL_ACCOUNT;
+ goto done;
}
- /* FIXME: Remove all members from the alias */
+ /* Remove all members from the alias */
+ Status = SampRemoveAllMembersFromAlias(AliasObject);
+ if (!NT_SUCCESS(Status))
+ {
+ TRACE("SampRemoveAllMembersFromAlias() failed (Status 0x%08lx)\n", Status);
+ goto done;
+ }
/* Delete the alias from the database */
Status = SampDeleteAccountDbObject(AliasObject);
if (!NT_SUCCESS(Status))
{
TRACE("SampDeleteAccountDbObject() failed (Status 0x%08lx)\n", Status);
- return Status;
+ goto done;
}
/* Invalidate the handle */
*AliasHandle = NULL;
+done:
+ RtlReleaseResource(&SampResource);
+
return Status;
}
TRACE("(%p %p)\n", AliasHandle, MemberId);
+ RtlAcquireResourceExclusive(&SampResource,
+ TRUE);
+
/* Validate the alias handle */
Status = SampValidateDbObject(AliasHandle,
SamDbAliasObject,
if (!NT_SUCCESS(Status))
{
TRACE("failed with status 0x%08lx\n", Status);
- return Status;
+ goto done;
}
Status = SampAddMemberToAlias(AliasObject,
TRACE("failed with status 0x%08lx\n", Status);
}
+done:
+ RtlReleaseResource(&SampResource);
+
return Status;
}
TRACE("(%p %p)\n", AliasHandle, MemberId);
+ RtlAcquireResourceExclusive(&SampResource,
+ TRUE);
+
/* Validate the alias handle */
Status = SampValidateDbObject(AliasHandle,
SamDbAliasObject,
if (!NT_SUCCESS(Status))
{
TRACE("failed with status 0x%08lx\n", Status);
- return Status;
+ goto done;
}
Status = SampRemoveMemberFromAlias(AliasObject,
TRACE("failed with status 0x%08lx\n", Status);
}
+done:
+ RtlReleaseResource(&SampResource);
+
return Status;
}
OUT PSAMPR_PSID_ARRAY_OUT Members)
{
PSAM_DB_OBJECT AliasObject;
- HANDLE MembersKeyHandle = NULL;
PSAMPR_SID_INFORMATION MemberArray = NULL;
- ULONG ValueCount = 0;
- ULONG DataLength;
+ ULONG MemberCount = 0;
ULONG Index;
NTSTATUS Status;
TRACE("SamrGetMembersInAlias(%p %p %p)\n",
AliasHandle, Members);
+ RtlAcquireResourceShared(&SampResource,
+ TRUE);
+
/* Validate the alias handle */
Status = SampValidateDbObject(AliasHandle,
SamDbAliasObject,
if (!NT_SUCCESS(Status))
{
ERR("failed with status 0x%08lx\n", Status);
- return Status;
- }
-
- /* Open the members key of the alias objct */
- Status = SampRegOpenKey(AliasObject->KeyHandle,
- L"Members",
- KEY_READ,
- &MembersKeyHandle);
- if (!NT_SUCCESS(Status))
- {
- ERR("SampRegOpenKey failed with status 0x%08lx\n", Status);
- return Status;
- }
-
- /* Get the number of members */
- Status = SampRegQueryKeyInfo(MembersKeyHandle,
- NULL,
- &ValueCount);
- if (!NT_SUCCESS(Status))
- {
- ERR("SampRegQueryKeyInfo failed with status 0x%08lx\n", Status);
- goto done;
- }
-
- /* Allocate the member array */
- MemberArray = midl_user_allocate(ValueCount * sizeof(SAMPR_SID_INFORMATION));
- if (MemberArray == NULL)
- {
- Status = STATUS_INSUFFICIENT_RESOURCES;
goto done;
}
- /* Enumerate the members */
- Index = 0;
- while (TRUE)
- {
- /* Get the size of the next SID */
- DataLength = 0;
- Status = SampRegEnumerateValue(MembersKeyHandle,
- Index,
- NULL,
- NULL,
- NULL,
- NULL,
- &DataLength);
- if (!NT_SUCCESS(Status))
- {
- if (Status == STATUS_NO_MORE_ENTRIES)
- Status = STATUS_SUCCESS;
- break;
- }
-
- /* Allocate a buffer for the SID */
- MemberArray[Index].SidPointer = midl_user_allocate(DataLength);
- if (MemberArray[Index].SidPointer == NULL)
- {
- Status = STATUS_INSUFFICIENT_RESOURCES;
- goto done;
- }
-
- /* Read the SID into the buffer */
- Status = SampRegEnumerateValue(MembersKeyHandle,
- Index,
- NULL,
- NULL,
- NULL,
- (PVOID)MemberArray[Index].SidPointer,
- &DataLength);
- if (!NT_SUCCESS(Status))
- {
- goto done;
- }
-
- Index++;
- }
+ Status = SampGetMembersInAlias(AliasObject,
+ &MemberCount,
+ &MemberArray);
/* Return the number of members and the member array */
if (NT_SUCCESS(Status))
{
- Members->Count = ValueCount;
+ Members->Count = MemberCount;
Members->Sids = MemberArray;
}
{
if (MemberArray != NULL)
{
- for (Index = 0; Index < ValueCount; Index++)
+ for (Index = 0; Index < MemberCount; Index++)
{
if (MemberArray[Index].SidPointer != NULL)
midl_user_free(MemberArray[Index].SidPointer);
}
}
- /* Close the members key */
- if (MembersKeyHandle != NULL)
- SampRegCloseKey(MembersKeyHandle);
+ RtlReleaseResource(&SampResource);
return Status;
}
RtlMapGenericMask(&DesiredAccess,
&UserMapping);
+ RtlAcquireResourceShared(&SampResource,
+ TRUE);
+
/* Validate the domain handle */
Status = SampValidateDbObject(DomainHandle,
SamDbDomainObject,
if (!NT_SUCCESS(Status))
{
TRACE("failed with status 0x%08lx\n", Status);
- return Status;
+ goto done;
}
/* Convert the RID into a string (hex) */
if (!NT_SUCCESS(Status))
{
TRACE("failed with status 0x%08lx\n", Status);
- return Status;
+ goto done;
}
*UserHandle = (SAMPR_HANDLE)UserObject;
- return STATUS_SUCCESS;
+done:
+ RtlReleaseResource(&SampResource);
+
+ return Status;
}
TRACE("(%p)\n", UserHandle);
+ RtlAcquireResourceExclusive(&SampResource,
+ TRUE);
+
/* Validate the user handle */
Status = SampValidateDbObject(*UserHandle,
SamDbUserObject,
if (!NT_SUCCESS(Status))
{
TRACE("SampValidateDbObject() failed (Status 0x%08lx)\n", Status);
- return Status;
+ goto done;
}
/* Fail, if the user is built-in */
if (UserObject->RelativeId < 1000)
{
TRACE("You can not delete a special account!\n");
- return STATUS_SPECIAL_ACCOUNT;
+ Status = STATUS_SPECIAL_ACCOUNT;
+ goto done;
}
- /* FIXME: Remove the user from all groups */
+ /* Remove the user from all groups */
+ Status = SampRemoveUserFromAllGroups(UserObject);
+ if (!NT_SUCCESS(Status))
+ {
+ TRACE("SampRemoveUserFromAllGroups() failed (Status 0x%08lx)\n", Status);
+ goto done;
+ }
- /* FIXME: Remove the user from all aliases */
+ /* Remove the user from all aliases */
+ Status = SampRemoveUserFromAllAliases(UserObject);
+ if (!NT_SUCCESS(Status))
+ {
+ TRACE("SampRemoveUserFromAllAliases() failed (Status 0x%08lx)\n", Status);
+ goto done;
+ }
/* Delete the user from the database */
Status = SampDeleteAccountDbObject(UserObject);
if (!NT_SUCCESS(Status))
{
TRACE("SampDeleteAccountDbObject() failed (Status 0x%08lx)\n", Status);
- return Status;
+ goto done;
}
/* Invalidate the handle */
*UserHandle = NULL;
- return STATUS_SUCCESS;
+done:
+ RtlReleaseResource(&SampResource);
+
+ return Status;
}
if (InfoBuffer == NULL)
return STATUS_INSUFFICIENT_RESOURCES;
+ InfoBuffer->Internal1.LmPasswordPresent = FALSE;
+ InfoBuffer->Internal1.NtPasswordPresent = FALSE;
+
/* Get the NT password */
Length = 0;
SampGetObjectAttribute(UserObject,
&Length);
if (!NT_SUCCESS(Status))
goto done;
+
+ if (memcmp(&InfoBuffer->Internal1.EncryptedNtOwfPassword,
+ &EmptyNtHash,
+ sizeof(ENCRYPTED_NT_OWF_PASSWORD)))
+ InfoBuffer->Internal1.NtPasswordPresent = TRUE;
}
- InfoBuffer->Internal1.NtPasswordPresent = (Length == sizeof(ENCRYPTED_NT_OWF_PASSWORD));
/* Get the LM password */
Length = 0;
&Length);
if (!NT_SUCCESS(Status))
goto done;
- }
- InfoBuffer->Internal1.LmPasswordPresent = (Length == sizeof(ENCRYPTED_LM_OWF_PASSWORD));
+ if (memcmp(&InfoBuffer->Internal1.EncryptedLmOwfPassword,
+ &EmptyLmHash,
+ sizeof(ENCRYPTED_LM_OWF_PASSWORD)))
+ InfoBuffer->Internal1.LmPasswordPresent = TRUE;
+ }
InfoBuffer->Internal1.PasswordExpired = FALSE;
if (!NT_SUCCESS(Status))
goto done;
- if (UserObject->Access & USER_READ_GENERAL)
+ /* Set the fields to be returned */
+ if (UserObject->Trusted)
+ {
+ InfoBuffer->All.WhichFields = USER_ALL_READ_GENERAL_MASK |
+ USER_ALL_READ_LOGON_MASK |
+ USER_ALL_READ_ACCOUNT_MASK |
+ USER_ALL_READ_PREFERENCES_MASK |
+ USER_ALL_READ_TRUSTED_MASK;
+ }
+ else
+ {
+ InfoBuffer->All.WhichFields = 0;
+
+ if (UserObject->Access & USER_READ_GENERAL)
+ InfoBuffer->All.WhichFields |= USER_ALL_READ_GENERAL_MASK;
+
+ if (UserObject->Access & USER_READ_LOGON)
+ InfoBuffer->All.WhichFields |= USER_ALL_READ_LOGON_MASK;
+
+ if (UserObject->Access & USER_READ_ACCOUNT)
+ InfoBuffer->All.WhichFields |= USER_ALL_READ_ACCOUNT_MASK;
+
+ if (UserObject->Access & USER_READ_PREFERENCES)
+ InfoBuffer->All.WhichFields |= USER_ALL_READ_PREFERENCES_MASK;
+ }
+
+ /* Fail, if no fields are to be returned */
+ if (InfoBuffer->All.WhichFields == 0)
+ {
+ Status = STATUS_ACCESS_DENIED;
+ goto done;
+ }
+
+ /* Get the UserName attribute */
+ if (InfoBuffer->All.WhichFields & USER_ALL_USERNAME)
{
- /* Get the Name string */
Status = SampGetObjectAttributeString(UserObject,
L"Name",
&InfoBuffer->All.UserName);
TRACE("Status 0x%08lx\n", Status);
goto done;
}
+ }
- /* Get the FullName string */
+ /* Get the FullName attribute */
+ if (InfoBuffer->All.WhichFields & USER_ALL_FULLNAME)
+ {
Status = SampGetObjectAttributeString(UserObject,
L"FullName",
&InfoBuffer->All.FullName);
TRACE("Status 0x%08lx\n", Status);
goto done;
}
+ }
- /* Get the user ID*/
+ /* Get the UserId attribute */
+ if (InfoBuffer->All.WhichFields & USER_ALL_USERID)
+ {
InfoBuffer->All.UserId = FixedData.UserId;
+ }
- /* Get the primary group ID */
+ /* Get the PrimaryGroupId attribute */
+ if (InfoBuffer->All.WhichFields & USER_ALL_PRIMARYGROUPID)
+ {
InfoBuffer->All.PrimaryGroupId = FixedData.PrimaryGroupId;
+ }
- /* Get the AdminComment string */
+ /* Get the AdminComment attribute */
+ if (InfoBuffer->All.WhichFields & USER_ALL_ADMINCOMMENT)
+ {
Status = SampGetObjectAttributeString(UserObject,
L"AdminComment",
&InfoBuffer->All.AdminComment);
TRACE("Status 0x%08lx\n", Status);
goto done;
}
+ }
- /* Get the UserComment string */
+ /* Get the UserComment attribute */
+ if (InfoBuffer->All.WhichFields & USER_ALL_USERCOMMENT)
+ {
Status = SampGetObjectAttributeString(UserObject,
L"UserComment",
&InfoBuffer->All.UserComment);
TRACE("Status 0x%08lx\n", Status);
goto done;
}
-
- InfoBuffer->All.WhichFields |= USER_ALL_READ_GENERAL_MASK;
-// USER_ALL_USERNAME |
-// USER_ALL_FULLNAME |
-// USER_ALL_USERID |
-// USER_ALL_PRIMARYGROUPID |
-// USER_ALL_ADMINCOMMENT |
-// USER_ALL_USERCOMMENT;
}
- if (UserObject->Access & USER_READ_LOGON)
+ /* Get the HomeDirectory attribute */
+ if (InfoBuffer->All.WhichFields & USER_ALL_HOMEDIRECTORY)
{
- /* Get the HomeDirectory string */
Status = SampGetObjectAttributeString(UserObject,
L"HomeDirectory",
&InfoBuffer->All.HomeDirectory);
TRACE("Status 0x%08lx\n", Status);
goto done;
}
+ }
- /* Get the HomeDirectoryDrive string */
+ /* Get the HomeDirectoryDrive attribute */
+ if (InfoBuffer->All.WhichFields & USER_ALL_HOMEDIRECTORYDRIVE)
+ {
Status = SampGetObjectAttributeString(UserObject,
L"HomeDirectoryDrive",
&InfoBuffer->Home.HomeDirectoryDrive);
TRACE("Status 0x%08lx\n", Status);
goto done;
}
+ }
- /* Get the ScriptPath string */
+ /* Get the ScriptPath attribute */
+ if (InfoBuffer->All.WhichFields & USER_ALL_SCRIPTPATH)
+ {
Status = SampGetObjectAttributeString(UserObject,
L"ScriptPath",
&InfoBuffer->All.ScriptPath);
TRACE("Status 0x%08lx\n", Status);
goto done;
}
+ }
- /* Get the ProfilePath string */
+ /* Get the ProfilePath attribute */
+ if (InfoBuffer->All.WhichFields & USER_ALL_PROFILEPATH)
+ {
Status = SampGetObjectAttributeString(UserObject,
L"ProfilePath",
&InfoBuffer->All.ProfilePath);
TRACE("Status 0x%08lx\n", Status);
goto done;
}
+ }
- /* Get the WorkStations string */
+ /* Get the WorkStations attribute */
+ if (InfoBuffer->All.WhichFields & USER_ALL_WORKSTATIONS)
+ {
Status = SampGetObjectAttributeString(UserObject,
L"WorkStations",
&InfoBuffer->All.WorkStations);
TRACE("Status 0x%08lx\n", Status);
goto done;
}
+ }
- /* Get the LogonHours attribute */
+ /* Get the LastLogon attribute */
+ if (InfoBuffer->All.WhichFields & USER_ALL_LASTLOGON)
+ {
+ InfoBuffer->All.LastLogon.LowPart = FixedData.LastLogon.LowPart;
+ InfoBuffer->All.LastLogon.HighPart = FixedData.LastLogon.HighPart;
+ }
+
+ /* Get the LastLogoff attribute */
+ if (InfoBuffer->All.WhichFields & USER_ALL_LASTLOGOFF)
+ {
+ InfoBuffer->All.LastLogoff.LowPart = FixedData.LastLogoff.LowPart;
+ InfoBuffer->All.LastLogoff.HighPart = FixedData.LastLogoff.HighPart;
+ }
+
+ /* Get the LogonHours attribute */
+ if (InfoBuffer->All.WhichFields & USER_ALL_LOGONHOURS)
+ {
Status = SampGetLogonHoursAttrbute(UserObject,
&InfoBuffer->All.LogonHours);
if (!NT_SUCCESS(Status))
TRACE("Status 0x%08lx\n", Status);
goto done;
}
+ }
- InfoBuffer->All.LastLogon.LowPart = FixedData.LastLogon.LowPart;
- InfoBuffer->All.LastLogon.HighPart = FixedData.LastLogon.HighPart;
-
- InfoBuffer->All.LastLogoff.LowPart = FixedData.LastLogoff.LowPart;
- InfoBuffer->All.LastLogoff.HighPart = FixedData.LastLogoff.HighPart;
-
+ /* Get the BadPasswordCount attribute */
+ if (InfoBuffer->All.WhichFields & USER_ALL_BADPASSWORDCOUNT)
+ {
InfoBuffer->All.BadPasswordCount = FixedData.BadPasswordCount;
+ }
+ /* Get the LogonCount attribute */
+ if (InfoBuffer->All.WhichFields & USER_ALL_LOGONCOUNT)
+ {
InfoBuffer->All.LogonCount = FixedData.LogonCount;
+ }
+ /* Get the PasswordCanChange attribute */
+ if (InfoBuffer->All.WhichFields & USER_ALL_PASSWORDCANCHANGE)
+ {
PasswordCanChange = SampAddRelativeTimeToTime(FixedData.PasswordLastSet,
DomainFixedData.MinPasswordAge);
InfoBuffer->All.PasswordCanChange.LowPart = PasswordCanChange.LowPart;
InfoBuffer->All.PasswordCanChange.HighPart = PasswordCanChange.HighPart;
+ }
+ /* Get the PasswordMustChange attribute */
+ if (InfoBuffer->All.WhichFields & USER_ALL_PASSWORDMUSTCHANGE)
+ {
PasswordMustChange = SampAddRelativeTimeToTime(FixedData.PasswordLastSet,
DomainFixedData.MaxPasswordAge);
InfoBuffer->All.PasswordMustChange.LowPart = PasswordMustChange.LowPart;
InfoBuffer->All.PasswordMustChange.HighPart = PasswordMustChange.HighPart;
+ }
- InfoBuffer->All. WhichFields |= USER_ALL_READ_LOGON_MASK;
-/*
- USER_ALL_HOMEDIRECTORY |
- USER_ALL_HOMEDIRECTORYDRIVE |
- USER_ALL_SCRIPTPATH |
- USER_ALL_PROFILEPATH |
- USER_ALL_WORKSTATIONS |
- USER_ALL_LASTLOGON |
- USER_ALL_LASTLOGOFF |
- USER_ALL_LOGONHOURS |
- USER_ALL_BADPASSWORDCOUNT |
- USER_ALL_LOGONCOUNT;
- USER_ALL_PASSWORDCANCHANGE |
- USER_ALL_PASSWORDMUSTCHANGE;
-*/
- }
-
- if (UserObject->Access & USER_READ_ACCOUNT)
+ /* Get the PasswordLastSet attribute */
+ if (InfoBuffer->All.WhichFields & USER_ALL_PASSWORDLASTSET)
{
InfoBuffer->All.PasswordLastSet.LowPart = FixedData.PasswordLastSet.LowPart;
InfoBuffer->All.PasswordLastSet.HighPart = FixedData.PasswordLastSet.HighPart;
+ }
+ /* Get the AccountExpires attribute */
+ if (InfoBuffer->All.WhichFields & USER_ALL_ACCOUNTEXPIRES)
+ {
InfoBuffer->All.AccountExpires.LowPart = FixedData.AccountExpires.LowPart;
InfoBuffer->All.AccountExpires.HighPart = FixedData.AccountExpires.HighPart;
+ }
+ /* Get the UserAccountControl attribute */
+ if (InfoBuffer->All.WhichFields & USER_ALL_USERACCOUNTCONTROL)
+ {
InfoBuffer->All.UserAccountControl = FixedData.UserAccountControl;
+ }
- /* Get the Parameters string */
+ /* Get the Parameters attribute */
+ if (InfoBuffer->All.WhichFields & USER_ALL_PARAMETERS)
+ {
Status = SampGetObjectAttributeString(UserObject,
L"Parameters",
&InfoBuffer->All.Parameters);
TRACE("Status 0x%08lx\n", Status);
goto done;
}
-
- InfoBuffer->All. WhichFields |= USER_ALL_READ_ACCOUNT_MASK;
-// USER_ALL_PASSWORDLASTSET |
-// USER_ALL_ACCOUNTEXPIRES |
-// USER_ALL_USERACCOUNTCONTROL |
-// USER_ALL_PARAMETERS;
}
- if (UserObject->Access & USER_READ_PREFERENCES)
+ /* Get the CountryCode attribute */
+ if (InfoBuffer->All.WhichFields & USER_ALL_COUNTRYCODE)
{
InfoBuffer->All.CountryCode = FixedData.CountryCode;
+ }
+ /* Get the CodePage attribute */
+ if (InfoBuffer->All.WhichFields & USER_ALL_CODEPAGE)
+ {
InfoBuffer->All.CodePage = FixedData.CodePage;
+ }
+
+ /* Get the LmPassword and NtPassword attributes */
+ if (InfoBuffer->All.WhichFields & (USER_ALL_NTPASSWORDPRESENT | USER_ALL_LMPASSWORDPRESENT))
+ {
+ InfoBuffer->All.LmPasswordPresent = FALSE;
+ InfoBuffer->All.NtPasswordPresent = FALSE;
- InfoBuffer->All. WhichFields |= USER_ALL_READ_PREFERENCES_MASK;
-// USER_ALL_COUNTRYCODE |
-// USER_ALL_CODEPAGE;
+ /* Get the NT password */
+ Length = 0;
+ SampGetObjectAttribute(UserObject,
+ L"NTPwd",
+ NULL,
+ NULL,
+ &Length);
+
+ if (Length == sizeof(ENCRYPTED_NT_OWF_PASSWORD))
+ {
+ InfoBuffer->All.NtOwfPassword.Buffer = midl_user_allocate(sizeof(ENCRYPTED_NT_OWF_PASSWORD));
+ if (InfoBuffer->All.NtOwfPassword.Buffer == NULL)
+ {
+ Status = STATUS_INSUFFICIENT_RESOURCES;
+ goto done;
+ }
+
+ InfoBuffer->All.NtOwfPassword.Length = sizeof(ENCRYPTED_NT_OWF_PASSWORD);
+ InfoBuffer->All.NtOwfPassword.MaximumLength = sizeof(ENCRYPTED_NT_OWF_PASSWORD);
+
+ Status = SampGetObjectAttribute(UserObject,
+ L"NTPwd",
+ NULL,
+ (PVOID)InfoBuffer->All.NtOwfPassword.Buffer,
+ &Length);
+ if (!NT_SUCCESS(Status))
+ goto done;
+
+ if (memcmp(InfoBuffer->All.NtOwfPassword.Buffer,
+ &EmptyNtHash,
+ sizeof(ENCRYPTED_NT_OWF_PASSWORD)))
+ InfoBuffer->All.NtPasswordPresent = TRUE;
+ }
+
+ /* Get the LM password */
+ Length = 0;
+ SampGetObjectAttribute(UserObject,
+ L"LMPwd",
+ NULL,
+ NULL,
+ &Length);
+
+ if (Length == sizeof(ENCRYPTED_LM_OWF_PASSWORD))
+ {
+ InfoBuffer->All.LmOwfPassword.Buffer = midl_user_allocate(sizeof(ENCRYPTED_LM_OWF_PASSWORD));
+ if (InfoBuffer->All.LmOwfPassword.Buffer == NULL)
+ {
+ Status = STATUS_INSUFFICIENT_RESOURCES;
+ goto done;
+ }
+
+ InfoBuffer->All.LmOwfPassword.Length = sizeof(ENCRYPTED_LM_OWF_PASSWORD);
+ InfoBuffer->All.LmOwfPassword.MaximumLength = sizeof(ENCRYPTED_LM_OWF_PASSWORD);
+
+ Status = SampGetObjectAttribute(UserObject,
+ L"LMPwd",
+ NULL,
+ (PVOID)InfoBuffer->All.LmOwfPassword.Buffer,
+ &Length);
+ if (!NT_SUCCESS(Status))
+ goto done;
+
+ if (memcmp(InfoBuffer->All.LmOwfPassword.Buffer,
+ &EmptyLmHash,
+ sizeof(ENCRYPTED_LM_OWF_PASSWORD)))
+ InfoBuffer->All.LmPasswordPresent = TRUE;
+ }
+ }
+
+ if (InfoBuffer->All.WhichFields & USER_ALL_PRIVATEDATA)
+ {
+ Status = SampGetObjectAttributeString(UserObject,
+ L"PrivateData",
+ &InfoBuffer->All.PrivateData);
+ if (!NT_SUCCESS(Status))
+ {
+ TRACE("Status 0x%08lx\n", Status);
+ goto done;
+ }
+ }
+
+ if (InfoBuffer->All.WhichFields & USER_ALL_PASSWORDEXPIRED)
+ {
+ /* FIXME */
+ }
+
+ if (InfoBuffer->All.WhichFields & USER_ALL_SECURITYDESCRIPTOR)
+ {
+ Length = 0;
+ SampGetObjectAttribute(UserObject,
+ L"SecDesc",
+ NULL,
+ NULL,
+ &Length);
+
+ if (Length > 0)
+ {
+ InfoBuffer->All.SecurityDescriptor.SecurityDescriptor = midl_user_allocate(Length);
+ if (InfoBuffer->All.SecurityDescriptor.SecurityDescriptor == NULL)
+ {
+ Status = STATUS_INSUFFICIENT_RESOURCES;
+ goto done;
+ }
+
+ InfoBuffer->All.SecurityDescriptor.Length = Length;
+
+ Status = SampGetObjectAttribute(UserObject,
+ L"SecDesc",
+ NULL,
+ (PVOID)InfoBuffer->All.SecurityDescriptor.SecurityDescriptor,
+ &Length);
+ if (!NT_SUCCESS(Status))
+ goto done;
+ }
}
*Buffer = InfoBuffer;
if (InfoBuffer->All.Parameters.Buffer != NULL)
midl_user_free(InfoBuffer->All.Parameters.Buffer);
+ if (InfoBuffer->All.LmOwfPassword.Buffer != NULL)
+ midl_user_free(InfoBuffer->All.LmOwfPassword.Buffer);
+
+ if (InfoBuffer->All.NtOwfPassword.Buffer != NULL)
+ midl_user_free(InfoBuffer->All.NtOwfPassword.Buffer);
+
+ if (InfoBuffer->All.PrivateData.Buffer != NULL)
+ midl_user_free(InfoBuffer->All.PrivateData.Buffer);
+
+ if (InfoBuffer->All.SecurityDescriptor.SecurityDescriptor != NULL)
+ midl_user_free(InfoBuffer->All.SecurityDescriptor.SecurityDescriptor);
+
midl_user_free(InfoBuffer);
}
}
return STATUS_INVALID_INFO_CLASS;
}
+ RtlAcquireResourceShared(&SampResource,
+ TRUE);
+
/* Validate the domain handle */
Status = SampValidateDbObject(UserHandle,
SamDbUserObject,
if (!NT_SUCCESS(Status))
{
TRACE("failed with status 0x%08lx\n", Status);
- return Status;
+ goto done;
}
switch (UserInformationClass)
Status = STATUS_INVALID_INFO_CLASS;
}
+done:
+ RtlReleaseResource(&SampResource);
+
return Status;
}
UNICODE_STRING OldUserName = {0, 0, NULL};
NTSTATUS Status;
+ /* Check the account name */
+ Status = SampCheckAccountName(NewUserName, 20);
+ if (!NT_SUCCESS(Status))
+ {
+ TRACE("SampCheckAccountName failed (Status 0x%08lx)\n", Status);
+ return Status;
+ }
+
Status = SampGetObjectAttributeString(UserObject,
L"Name",
(PRPC_UNICODE_STRING)&OldUserName);
goto done;
}
- Status = SampSetObjectAttribute(UserObject,
- L"Name",
- REG_SZ,
- NewUserName->Buffer,
- NewUserName->Length + sizeof(WCHAR));
+ Status = SampSetObjectAttributeString(UserObject,
+ L"Name",
+ NewUserName);
if (!NT_SUCCESS(Status))
{
TRACE("SampSetObjectAttribute failed (Status 0x%08lx)\n", Status);
if (!NT_SUCCESS(Status))
goto done;
- Status = SampSetObjectAttribute(UserObject,
- L"FullName",
- REG_SZ,
- Buffer->General.FullName.Buffer,
- Buffer->General.FullName.MaximumLength);
+ Status = SampSetObjectAttributeString(UserObject,
+ L"FullName",
+ &Buffer->General.FullName);
if (!NT_SUCCESS(Status))
goto done;
- Status = SampSetObjectAttribute(UserObject,
- L"AdminComment",
- REG_SZ,
- Buffer->General.AdminComment.Buffer,
- Buffer->General.AdminComment.MaximumLength);
+ Status = SampSetObjectAttributeString(UserObject,
+ L"AdminComment",
+ &Buffer->General.AdminComment);
if (!NT_SUCCESS(Status))
goto done;
- Status = SampSetObjectAttribute(UserObject,
- L"UserComment",
- REG_SZ,
- Buffer->General.UserComment.Buffer,
- Buffer->General.UserComment.MaximumLength);
+ Status = SampSetObjectAttributeString(UserObject,
+ L"UserComment",
+ &Buffer->General.UserComment);
done:
return Status;
if (!NT_SUCCESS(Status))
goto done;
- Status = SampSetObjectAttribute(UserObject,
- L"UserComment",
- REG_SZ,
- Buffer->Preferences.UserComment.Buffer,
- Buffer->Preferences.UserComment.MaximumLength);
+ Status = SampSetObjectAttributeString(UserObject,
+ L"UserComment",
+ &Buffer->Preferences.UserComment);
done:
return Status;
if (Buffer->Internal1.PasswordExpired)
{
- /* The pasword was last set ages ago */
+ /* The password was last set ages ago */
FixedData.PasswordLastSet.LowPart = 0;
FixedData.PasswordLastSet.HighPart = 0;
}
else
{
- /* The pasword was last set right now */
+ /* The password was last set right now */
Status = NtQuerySystemTime(&FixedData.PasswordLastSet);
if (!NT_SUCCESS(Status))
goto done;
SAM_USER_FIXED_DATA FixedData;
ULONG Length = 0;
ULONG WhichFields;
+ PENCRYPTED_NT_OWF_PASSWORD NtPassword = NULL;
+ PENCRYPTED_LM_OWF_PASSWORD LmPassword = NULL;
+ BOOLEAN NtPasswordPresent = FALSE;
+ BOOLEAN LmPasswordPresent = FALSE;
+ BOOLEAN WriteFixedData = FALSE;
NTSTATUS Status = STATUS_SUCCESS;
WhichFields = Buffer->All.WhichFields;
+ /* Get the fixed size attributes */
+ Length = sizeof(SAM_USER_FIXED_DATA);
+ Status = SampGetObjectAttribute(UserObject,
+ L"F",
+ NULL,
+ (PVOID)&FixedData,
+ &Length);
+ if (!NT_SUCCESS(Status))
+ goto done;
+
if (WhichFields & USER_ALL_USERNAME)
{
Status = SampSetUserName(UserObject,
if (WhichFields & USER_ALL_FULLNAME)
{
- Status = SampSetObjectAttribute(UserObject,
- L"FullName",
- REG_SZ,
- Buffer->All.FullName.Buffer,
- Buffer->All.FullName.MaximumLength);
+ Status = SampSetObjectAttributeString(UserObject,
+ L"FullName",
+ &Buffer->All.FullName);
if (!NT_SUCCESS(Status))
goto done;
}
if (WhichFields & USER_ALL_ADMINCOMMENT)
{
- Status = SampSetObjectAttribute(UserObject,
- L"AdminComment",
- REG_SZ,
- Buffer->All.AdminComment.Buffer,
- Buffer->All.AdminComment.MaximumLength);
+ Status = SampSetObjectAttributeString(UserObject,
+ L"AdminComment",
+ &Buffer->All.AdminComment);
if (!NT_SUCCESS(Status))
goto done;
}
if (WhichFields & USER_ALL_USERCOMMENT)
{
- Status = SampSetObjectAttribute(UserObject,
- L"UserComment",
- REG_SZ,
- Buffer->All.UserComment.Buffer,
- Buffer->All.UserComment.MaximumLength);
+ Status = SampSetObjectAttributeString(UserObject,
+ L"UserComment",
+ &Buffer->All.UserComment);
if (!NT_SUCCESS(Status))
goto done;
}
if (WhichFields & USER_ALL_HOMEDIRECTORY)
{
- Status = SampSetObjectAttribute(UserObject,
- L"HomeDirectory",
- REG_SZ,
- Buffer->All.HomeDirectory.Buffer,
- Buffer->All.HomeDirectory.MaximumLength);
+ Status = SampSetObjectAttributeString(UserObject,
+ L"HomeDirectory",
+ &Buffer->All.HomeDirectory);
if (!NT_SUCCESS(Status))
goto done;
}
if (WhichFields & USER_ALL_HOMEDIRECTORYDRIVE)
{
- Status = SampSetObjectAttribute(UserObject,
- L"HomeDirectoryDrive",
- REG_SZ,
- Buffer->All.HomeDirectoryDrive.Buffer,
- Buffer->All.HomeDirectoryDrive.MaximumLength);
+ Status = SampSetObjectAttributeString(UserObject,
+ L"HomeDirectoryDrive",
+ &Buffer->All.HomeDirectoryDrive);
if (!NT_SUCCESS(Status))
goto done;
}
if (WhichFields & USER_ALL_SCRIPTPATH)
{
- Status = SampSetObjectAttribute(UserObject,
- L"ScriptPath",
- REG_SZ,
- Buffer->All.ScriptPath.Buffer,
- Buffer->All.ScriptPath.MaximumLength);
+ Status = SampSetObjectAttributeString(UserObject,
+ L"ScriptPath",
+ &Buffer->All.ScriptPath);
if (!NT_SUCCESS(Status))
goto done;
}
if (WhichFields & USER_ALL_PROFILEPATH)
{
- Status = SampSetObjectAttribute(UserObject,
- L"ProfilePath",
- REG_SZ,
- Buffer->All.ProfilePath.Buffer,
- Buffer->All.ProfilePath.MaximumLength);
+ Status = SampSetObjectAttributeString(UserObject,
+ L"ProfilePath",
+ &Buffer->All.ProfilePath);
if (!NT_SUCCESS(Status))
goto done;
}
if (WhichFields & USER_ALL_WORKSTATIONS)
{
- Status = SampSetObjectAttribute(UserObject,
- L"WorkStations",
- REG_SZ,
- Buffer->All.WorkStations.Buffer,
- Buffer->All.WorkStations.MaximumLength);
+ Status = SampSetObjectAttributeString(UserObject,
+ L"WorkStations",
+ &Buffer->All.WorkStations);
if (!NT_SUCCESS(Status))
goto done;
}
if (WhichFields & USER_ALL_PARAMETERS)
{
- Status = SampSetObjectAttribute(UserObject,
- L"Parameters",
- REG_SZ,
- Buffer->All.Parameters.Buffer,
- Buffer->All.Parameters.MaximumLength);
+ Status = SampSetObjectAttributeString(UserObject,
+ L"Parameters",
+ &Buffer->All.Parameters);
if (!NT_SUCCESS(Status))
goto done;
}
goto done;
}
- if (WhichFields & (USER_ALL_PRIMARYGROUPID |
- USER_ALL_ACCOUNTEXPIRES |
- USER_ALL_USERACCOUNTCONTROL |
- USER_ALL_COUNTRYCODE |
- USER_ALL_CODEPAGE))
+ if (WhichFields & USER_ALL_PRIMARYGROUPID)
{
- Length = sizeof(SAM_USER_FIXED_DATA);
- Status = SampGetObjectAttribute(UserObject,
- L"F",
- NULL,
- (PVOID)&FixedData,
- &Length);
+ FixedData.PrimaryGroupId = Buffer->All.PrimaryGroupId;
+ WriteFixedData = TRUE;
+ }
+
+ if (WhichFields & USER_ALL_ACCOUNTEXPIRES)
+ {
+ FixedData.AccountExpires.LowPart = Buffer->All.AccountExpires.LowPart;
+ FixedData.AccountExpires.HighPart = Buffer->All.AccountExpires.HighPart;
+ WriteFixedData = TRUE;
+ }
+
+ if (WhichFields & USER_ALL_USERACCOUNTCONTROL)
+ {
+ FixedData.UserAccountControl = Buffer->All.UserAccountControl;
+ WriteFixedData = TRUE;
+ }
+
+ if (WhichFields & USER_ALL_COUNTRYCODE)
+ {
+ FixedData.CountryCode = Buffer->All.CountryCode;
+ WriteFixedData = TRUE;
+ }
+
+ if (WhichFields & USER_ALL_CODEPAGE)
+ {
+ FixedData.CodePage = Buffer->All.CodePage;
+ WriteFixedData = TRUE;
+ }
+
+ if (WhichFields & (USER_ALL_NTPASSWORDPRESENT |
+ USER_ALL_LMPASSWORDPRESENT))
+ {
+ if (WhichFields & USER_ALL_NTPASSWORDPRESENT)
+ {
+ NtPassword = (PENCRYPTED_NT_OWF_PASSWORD)Buffer->All.NtOwfPassword.Buffer;
+ NtPasswordPresent = Buffer->All.NtPasswordPresent;
+ }
+
+ if (WhichFields & USER_ALL_LMPASSWORDPRESENT)
+ {
+ LmPassword = (PENCRYPTED_LM_OWF_PASSWORD)Buffer->All.LmOwfPassword.Buffer;
+ LmPasswordPresent = Buffer->All.LmPasswordPresent;
+ }
+
+ Status = SampSetUserPassword(UserObject,
+ NtPassword,
+ NtPasswordPresent,
+ LmPassword,
+ LmPasswordPresent);
if (!NT_SUCCESS(Status))
goto done;
- if (WhichFields & USER_ALL_PRIMARYGROUPID)
- FixedData.PrimaryGroupId = Buffer->All.PrimaryGroupId;
+ /* The password has just been set */
+ Status = NtQuerySystemTime(&FixedData.PasswordLastSet);
+ if (!NT_SUCCESS(Status))
+ goto done;
+
+ WriteFixedData = TRUE;
+ }
+
+ if (WhichFields & USER_ALL_PRIVATEDATA)
+ {
+ Status = SampSetObjectAttributeString(UserObject,
+ L"PrivateData",
+ &Buffer->All.PrivateData);
+ if (!NT_SUCCESS(Status))
+ goto done;
+ }
- if (WhichFields & USER_ALL_ACCOUNTEXPIRES)
+ if (WhichFields & USER_ALL_PASSWORDEXPIRED)
+ {
+ if (Buffer->All.PasswordExpired)
{
- FixedData.AccountExpires.LowPart = Buffer->All.AccountExpires.LowPart;
- FixedData.AccountExpires.HighPart = Buffer->All.AccountExpires.HighPart;
+ /* The pasword was last set ages ago */
+ FixedData.PasswordLastSet.LowPart = 0;
+ FixedData.PasswordLastSet.HighPart = 0;
+ }
+ else
+ {
+ /* The pasword was last set right now */
+ Status = NtQuerySystemTime(&FixedData.PasswordLastSet);
+ if (!NT_SUCCESS(Status))
+ goto done;
}
- if (WhichFields & USER_ALL_USERACCOUNTCONTROL)
- FixedData.UserAccountControl = Buffer->All.UserAccountControl;
-
- if (WhichFields & USER_ALL_COUNTRYCODE)
- FixedData.CountryCode = Buffer->Preferences.CountryCode;
+ WriteFixedData = TRUE;
+ }
- if (WhichFields & USER_ALL_CODEPAGE)
- FixedData.CodePage = Buffer->Preferences.CodePage;
+ if (WhichFields & USER_ALL_SECURITYDESCRIPTOR)
+ {
+ Status = SampSetObjectAttribute(UserObject,
+ L"SecDesc",
+ REG_BINARY,
+ Buffer->All.SecurityDescriptor.SecurityDescriptor,
+ Buffer->All.SecurityDescriptor.Length);
+ }
+ if (WriteFixedData == TRUE)
+ {
Status = SampSetObjectAttribute(UserObject,
L"F",
REG_BINARY,
goto done;
}
-/*
-FIXME:
- USER_ALL_NTPASSWORDPRESENT
- USER_ALL_LMPASSWORDPRESENT
- USER_ALL_PASSWORDEXPIRED
-*/
-
done:
-
return Status;
}
return STATUS_INVALID_INFO_CLASS;
}
+ RtlAcquireResourceExclusive(&SampResource,
+ TRUE);
+
/* Validate the domain handle */
Status = SampValidateDbObject(UserHandle,
SamDbUserObject,
if (!NT_SUCCESS(Status))
{
TRACE("failed with status 0x%08lx\n", Status);
- return Status;
+ goto done;
}
switch (UserInformationClass)
if (!NT_SUCCESS(Status))
break;
- Status = SampSetObjectAttribute(UserObject,
- L"FullName",
- REG_SZ,
- Buffer->Name.FullName.Buffer,
- Buffer->Name.FullName.MaximumLength);
+ Status = SampSetObjectAttributeString(UserObject,
+ L"FullName",
+ &Buffer->Name.FullName);
break;
case UserAccountNameInformation:
break;
case UserFullNameInformation:
- Status = SampSetObjectAttribute(UserObject,
- L"FullName",
- REG_SZ,
- Buffer->FullName.FullName.Buffer,
- Buffer->FullName.FullName.MaximumLength);
+ Status = SampSetObjectAttributeString(UserObject,
+ L"FullName",
+ &Buffer->FullName.FullName);
break;
case UserPrimaryGroupInformation:
break;
case UserHomeInformation:
- Status = SampSetObjectAttribute(UserObject,
- L"HomeDirectory",
- REG_SZ,
- Buffer->Home.HomeDirectory.Buffer,
- Buffer->Home.HomeDirectory.MaximumLength);
+ Status = SampSetObjectAttributeString(UserObject,
+ L"HomeDirectory",
+ &Buffer->Home.HomeDirectory);
if (!NT_SUCCESS(Status))
break;
- Status = SampSetObjectAttribute(UserObject,
- L"HomeDirectoryDrive",
- REG_SZ,
- Buffer->Home.HomeDirectoryDrive.Buffer,
- Buffer->Home.HomeDirectoryDrive.MaximumLength);
+ Status = SampSetObjectAttributeString(UserObject,
+ L"HomeDirectoryDrive",
+ &Buffer->Home.HomeDirectoryDrive);
break;
case UserScriptInformation:
- Status = SampSetObjectAttribute(UserObject,
- L"ScriptPath",
- REG_SZ,
- Buffer->Script.ScriptPath.Buffer,
- Buffer->Script.ScriptPath.MaximumLength);
+ Status = SampSetObjectAttributeString(UserObject,
+ L"ScriptPath",
+ &Buffer->Script.ScriptPath);
break;
case UserProfileInformation:
- Status = SampSetObjectAttribute(UserObject,
- L"ProfilePath",
- REG_SZ,
- Buffer->Profile.ProfilePath.Buffer,
- Buffer->Profile.ProfilePath.MaximumLength);
+ Status = SampSetObjectAttributeString(UserObject,
+ L"ProfilePath",
+ &Buffer->Profile.ProfilePath);
break;
case UserAdminCommentInformation:
- Status = SampSetObjectAttribute(UserObject,
- L"AdminComment",
- REG_SZ,
- Buffer->AdminComment.AdminComment.Buffer,
- Buffer->AdminComment.AdminComment.MaximumLength);
+ Status = SampSetObjectAttributeString(UserObject,
+ L"AdminComment",
+ &Buffer->AdminComment.AdminComment);
break;
case UserWorkStationsInformation:
- Status = SampSetObjectAttribute(UserObject,
- L"WorkStations",
- REG_SZ,
- Buffer->WorkStations.WorkStations.Buffer,
- Buffer->WorkStations.WorkStations.MaximumLength);
+ Status = SampSetObjectAttributeString(UserObject,
+ L"WorkStations",
+ &Buffer->WorkStations.WorkStations);
break;
case UserSetPasswordInformation:
TRACE("Password: %S\n", Buffer->SetPassword.Password.Buffer);
TRACE("PasswordExpired: %d\n", Buffer->SetPassword.PasswordExpired);
- Status = SampSetObjectAttribute(UserObject,
- L"Password",
- REG_SZ,
- Buffer->SetPassword.Password.Buffer,
- Buffer->SetPassword.Password.MaximumLength);
+ Status = SampSetObjectAttributeString(UserObject,
+ L"Password",
+ &Buffer->SetPassword.Password);
break;
case UserControlInformation:
break;
case UserParametersInformation:
- Status = SampSetObjectAttribute(UserObject,
- L"Parameters",
- REG_SZ,
- Buffer->Parameters.Parameters.Buffer,
- Buffer->Parameters.Parameters.MaximumLength);
+ Status = SampSetObjectAttributeString(UserObject,
+ L"Parameters",
+ &Buffer->Parameters.Parameters);
break;
case UserAllInformation:
Status = STATUS_INVALID_INFO_CLASS;
}
+done:
+ RtlReleaseResource(&SampResource);
+
return Status;
}
{
ENCRYPTED_LM_OWF_PASSWORD StoredLmPassword;
ENCRYPTED_NT_OWF_PASSWORD StoredNtPassword;
- PENCRYPTED_LM_OWF_PASSWORD OldLmPassword;
- PENCRYPTED_LM_OWF_PASSWORD NewLmPassword;
- PENCRYPTED_NT_OWF_PASSWORD OldNtPassword;
- PENCRYPTED_NT_OWF_PASSWORD NewNtPassword;
+ ENCRYPTED_LM_OWF_PASSWORD OldLmPassword;
+ ENCRYPTED_LM_OWF_PASSWORD NewLmPassword;
+ ENCRYPTED_NT_OWF_PASSWORD OldNtPassword;
+ ENCRYPTED_NT_OWF_PASSWORD NewNtPassword;
+ BOOLEAN StoredLmPresent = FALSE;
+ BOOLEAN StoredNtPresent = FALSE;
+ BOOLEAN StoredLmEmpty = TRUE;
+ BOOLEAN StoredNtEmpty = TRUE;
PSAM_DB_OBJECT UserObject;
ULONG Length;
+ SAM_USER_FIXED_DATA UserFixedData;
+ SAM_DOMAIN_FIXED_DATA DomainFixedData;
+ LARGE_INTEGER SystemTime;
NTSTATUS Status;
TRACE("(%p %u %p %p %u %p %p %u %p %u %p)\n",
NtPresent, OldNtEncryptedWithNewNt, NewNtEncryptedWithOldNt, NtCrossEncryptionPresent,
NewNtEncryptedWithNewLm, LmCrossEncryptionPresent, NewLmEncryptedWithNewNt);
+ RtlAcquireResourceExclusive(&SampResource,
+ TRUE);
+
/* Validate the user handle */
Status = SampValidateDbObject(UserHandle,
SamDbUserObject,
if (!NT_SUCCESS(Status))
{
TRACE("SampValidateDbObject failed with status 0x%08lx\n", Status);
- return Status;
+ goto done;
+ }
+
+ /* Get the current time */
+ Status = NtQuerySystemTime(&SystemTime);
+ if (!NT_SUCCESS(Status))
+ {
+ TRACE("NtQuerySystemTime failed (Status 0x%08lx)\n", Status);
+ goto done;
}
/* Retrieve the LM password */
NULL,
&StoredLmPassword,
&Length);
- if (!NT_SUCCESS(Status))
+ if (NT_SUCCESS(Status))
{
-
+ if (Length == sizeof(ENCRYPTED_LM_OWF_PASSWORD))
+ {
+ StoredLmPresent = TRUE;
+ if (!RtlEqualMemory(&StoredLmPassword,
+ &EmptyLmHash,
+ sizeof(ENCRYPTED_LM_OWF_PASSWORD)))
+ StoredLmEmpty = FALSE;
+ }
}
/* Retrieve the NT password */
NULL,
&StoredNtPassword,
&Length);
+ if (NT_SUCCESS(Status))
+ {
+ if (Length == sizeof(ENCRYPTED_NT_OWF_PASSWORD))
+ {
+ StoredNtPresent = TRUE;
+ if (!RtlEqualMemory(&StoredNtPassword,
+ &EmptyNtHash,
+ sizeof(ENCRYPTED_NT_OWF_PASSWORD)))
+ StoredNtEmpty = FALSE;
+ }
+ }
+
+ /* Retrieve the fixed size user data */
+ Length = sizeof(SAM_USER_FIXED_DATA);
+ Status = SampGetObjectAttribute(UserObject,
+ L"F",
+ NULL,
+ &UserFixedData,
+ &Length);
if (!NT_SUCCESS(Status))
{
+ TRACE("SampGetObjectAttribute failed to retrieve the fixed user data (Status 0x%08lx)\n", Status);
+ goto done;
+ }
+ /* Check if we can change the password at this time */
+ if ((StoredNtEmpty == FALSE) || (StoredNtEmpty == FALSE))
+ {
+ /* Get fixed domain data */
+ Length = sizeof(SAM_DOMAIN_FIXED_DATA);
+ Status = SampGetObjectAttribute(UserObject->ParentObject,
+ L"F",
+ NULL,
+ &DomainFixedData,
+ &Length);
+ if (!NT_SUCCESS(Status))
+ {
+ TRACE("SampGetObjectAttribute failed to retrieve the fixed domain data (Status 0x%08lx)\n", Status);
+ goto done;
+ }
+
+ if (DomainFixedData.MinPasswordAge.QuadPart > 0)
+ {
+ if (SystemTime.QuadPart < (UserFixedData.PasswordLastSet.QuadPart + DomainFixedData.MinPasswordAge.QuadPart))
+ {
+ Status = STATUS_ACCOUNT_RESTRICTION;
+ goto done;
+ }
+ }
}
- /* FIXME: Decrypt passwords */
- OldLmPassword = OldLmEncryptedWithNewLm;
- NewLmPassword = NewLmEncryptedWithOldLm;
- OldNtPassword = OldNtEncryptedWithNewNt;
- NewNtPassword = NewNtEncryptedWithOldNt;
+ /* Decrypt the LM passwords, if present */
+ if (LmPresent)
+ {
+ Status = SystemFunction013((const BYTE *)NewLmEncryptedWithOldLm,
+ (const BYTE *)&StoredLmPassword,
+ (LPBYTE)&NewLmPassword);
+ if (!NT_SUCCESS(Status))
+ {
+ TRACE("SystemFunction013 failed (Status 0x%08lx)\n", Status);
+ goto done;
+ }
+
+ Status = SystemFunction013((const BYTE *)OldLmEncryptedWithNewLm,
+ (const BYTE *)&NewLmPassword,
+ (LPBYTE)&OldLmPassword);
+ if (!NT_SUCCESS(Status))
+ {
+ TRACE("SystemFunction013 failed (Status 0x%08lx)\n", Status);
+ goto done;
+ }
+ }
+
+ /* Decrypt the NT passwords, if present */
+ if (NtPresent)
+ {
+ Status = SystemFunction013((const BYTE *)NewNtEncryptedWithOldNt,
+ (const BYTE *)&StoredNtPassword,
+ (LPBYTE)&NewNtPassword);
+ if (!NT_SUCCESS(Status))
+ {
+ TRACE("SystemFunction013 failed (Status 0x%08lx)\n", Status);
+ goto done;
+ }
+
+ Status = SystemFunction013((const BYTE *)OldNtEncryptedWithNewNt,
+ (const BYTE *)&NewNtPassword,
+ (LPBYTE)&OldNtPassword);
+ if (!NT_SUCCESS(Status))
+ {
+ TRACE("SystemFunction013 failed (Status 0x%08lx)\n", Status);
+ goto done;
+ }
+ }
/* Check if the old passwords match the stored ones */
if (NtPresent)
if (LmPresent)
{
if (!RtlEqualMemory(&StoredLmPassword,
- OldLmPassword,
+ &OldLmPassword,
sizeof(ENCRYPTED_LM_OWF_PASSWORD)))
{
TRACE("Old LM Password does not match!\n");
else
{
if (!RtlEqualMemory(&StoredNtPassword,
- OldNtPassword,
+ &OldNtPassword,
sizeof(ENCRYPTED_LM_OWF_PASSWORD)))
{
TRACE("Old NT Password does not match!\n");
else
{
if (!RtlEqualMemory(&StoredNtPassword,
- OldNtPassword,
+ &OldNtPassword,
sizeof(ENCRYPTED_LM_OWF_PASSWORD)))
{
TRACE("Old NT Password does not match!\n");
if (LmPresent)
{
if (!RtlEqualMemory(&StoredLmPassword,
- OldLmPassword,
+ &OldLmPassword,
sizeof(ENCRYPTED_LM_OWF_PASSWORD)))
{
TRACE("Old LM Password does not match!\n");
}
}
- /* Store the new LM password */
+ /* Store the new password hashes */
if (NT_SUCCESS(Status))
{
- if (LmPresent)
+ Status = SampSetUserPassword(UserObject,
+ &NewNtPassword,
+ NtPresent,
+ &NewLmPassword,
+ LmPresent);
+ if (NT_SUCCESS(Status))
{
- Length = sizeof(ENCRYPTED_LM_OWF_PASSWORD);
- Status = SampSetObjectAttribute(UserObject,
- L"LMPwd",
- REG_BINARY,
- NewLmPassword,
- Length);
- if (!NT_SUCCESS(Status))
- {
- goto done;
- }
- }
+ /* Update PasswordLastSet */
+ UserFixedData.PasswordLastSet.QuadPart = SystemTime.QuadPart;
- /* Store the new NT password */
- if (NtPresent)
- {
- Length = sizeof(ENCRYPTED_NT_OWF_PASSWORD);
+ /* Set the fixed size user data */
+ Length = sizeof(SAM_USER_FIXED_DATA);
Status = SampSetObjectAttribute(UserObject,
- L"NTPwd",
+ L"F",
REG_BINARY,
- NewNtPassword,
+ &UserFixedData,
Length);
- if (!NT_SUCCESS(Status))
- {
- goto done;
- }
}
}
+ if (Status == STATUS_WRONG_PASSWORD)
+ {
+ /* Update BadPasswordCount and LastBadPasswordTime */
+ UserFixedData.BadPasswordCount++;
+ UserFixedData.LastBadPasswordTime.QuadPart = SystemTime.QuadPart;
+
+ /* Set the fixed size user data */
+ Length = sizeof(SAM_USER_FIXED_DATA);
+ Status = SampSetObjectAttribute(UserObject,
+ L"F",
+ REG_BINARY,
+ &UserFixedData,
+ Length);
+ }
done:
+ RtlReleaseResource(&SampResource);
+
return Status;
}
TRACE("SamrGetGroupsForUser(%p %p)\n",
UserHandle, Groups);
+ RtlAcquireResourceShared(&SampResource,
+ TRUE);
+
/* Validate the user handle */
Status = SampValidateDbObject(UserHandle,
SamDbUserObject,
if (!NT_SUCCESS(Status))
{
TRACE("SampValidateDbObject failed with status 0x%08lx\n", Status);
- return Status;
+ goto done;
}
/* Allocate the groups buffer */
GroupsBuffer = midl_user_allocate(sizeof(SAMPR_GET_GROUPS_BUFFER));
if (GroupsBuffer == NULL)
- return STATUS_INSUFFICIENT_RESOURCES;
+ {
+ Status = STATUS_INSUFFICIENT_RESOURCES;
+ goto done;
+ }
/*
* Get the size of the Groups attribute.
*Groups = GroupsBuffer;
- return STATUS_SUCCESS;
+ Status = STATUS_SUCCESS;
+ goto done;
}
/* Allocate a buffer for the Groups attribute */
}
}
+ RtlReleaseResource(&SampResource);
+
return Status;
}
TRACE("(%p %p)\n",
UserHandle, PasswordInformation);
+ RtlAcquireResourceShared(&SampResource,
+ TRUE);
+
/* Validate the user handle */
Status = SampValidateDbObject(UserHandle,
SamDbUserObject,
if (!NT_SUCCESS(Status))
{
TRACE("SampValidateDbObject failed with status 0x%08lx\n", Status);
- return Status;
+ goto done;
}
/* Validate the domain object */
if (!NT_SUCCESS(Status))
{
TRACE("SampValidateDbObject failed with status 0x%08lx\n", Status);
- return Status;
+ goto done;
}
/* Get fixed user data */
if (!NT_SUCCESS(Status))
{
TRACE("SampGetObjectAttribute failed with status 0x%08lx\n", Status);
- return Status;
+ goto done;
}
if ((UserObject->RelativeId == DOMAIN_USER_RID_KRBTGT) ||
if (!NT_SUCCESS(Status))
{
TRACE("SampGetObjectAttribute failed with status 0x%08lx\n", Status);
- return Status;
+ goto done;
}
PasswordInformation->MinPasswordLength = DomainFixedData.MinPasswordLength;
PasswordInformation->PasswordProperties = DomainFixedData.PasswordProperties;
}
+done:
+ RtlReleaseResource(&SampResource);
+
return STATUS_SUCCESS;
}
TRACE("(%p %p)\n",
DomainHandle, MemberSid);
+ RtlAcquireResourceExclusive(&SampResource,
+ TRUE);
+
/* Validate the domain object */
Status = SampValidateDbObject(DomainHandle,
SamDbDomainObject,
if (!NT_SUCCESS(Status))
{
TRACE("SampValidateDbObject failed with status 0x%08lx\n", Status);
- return Status;
+ goto done;
}
/* Retrieve the RID from the MemberSID */
if (!NT_SUCCESS(Status))
{
TRACE("SampGetRidFromSid failed with status 0x%08lx\n", Status);
- return Status;
+ goto done;
}
/* Fail, if the RID represents a special account */
if (Rid < 1000)
{
TRACE("Cannot remove a special account (RID: %lu)\n", Rid);
- return STATUS_SPECIAL_ACCOUNT;
+ Status = STATUS_SPECIAL_ACCOUNT;
+ goto done;
}
/* Remove the member from all aliases in the domain */
TRACE("SampRemoveMemberFromAllAliases failed with status 0x%08lx\n", Status);
}
+done:
+ RtlReleaseResource(&SampResource);
+
return Status;
}
OUT unsigned long *GrantedAccess,
OUT unsigned long *RelativeId)
{
- UNICODE_STRING EmptyString = RTL_CONSTANT_STRING(L"");
SAM_DOMAIN_FIXED_DATA FixedDomainData;
SAM_USER_FIXED_DATA FixedUserData;
PSAM_DB_OBJECT DomainObject;
ULONG ulSize;
ULONG ulRid;
WCHAR szRid[9];
+ PSECURITY_DESCRIPTOR Sd = NULL;
+ ULONG SdSize = 0;
+ PSID UserSid = NULL;
NTSTATUS Status;
TRACE("SamrCreateUserInDomain(%p %p %lx %p %p)\n",
RtlMapGenericMask(&DesiredAccess,
&UserMapping);
+ RtlAcquireResourceExclusive(&SampResource,
+ TRUE);
+
/* Validate the domain handle */
Status = SampValidateDbObject(DomainHandle,
SamDbDomainObject,
if (!NT_SUCCESS(Status))
{
TRACE("failed with status 0x%08lx\n", Status);
- return Status;
+ goto done;
+ }
+
+ /* Check the user account name */
+ Status = SampCheckAccountName(Name, 20);
+ if (!NT_SUCCESS(Status))
+ {
+ TRACE("SampCheckAccountName failed (Status 0x%08lx)\n", Status);
+ goto done;
}
/* Check if the user name already exists in the domain */
{
TRACE("User name \'%S\' already exists in domain (Status 0x%08lx)\n",
Name->Buffer, Status);
- return Status;
+ goto done;
}
/* Get the fixed domain attributes */
if (!NT_SUCCESS(Status))
{
TRACE("failed with status 0x%08lx\n", Status);
- return Status;
+ goto done;
}
/* Increment the NextRid attribute */
ulRid = FixedDomainData.NextRid;
FixedDomainData.NextRid++;
+ TRACE("RID: %lx\n", ulRid);
+
+ /* Create the user SID */
+ Status = SampCreateAccountSid(DomainObject,
+ ulRid,
+ &UserSid);
+ if (!NT_SUCCESS(Status))
+ {
+ TRACE("SampCreateAccountSid failed (Status 0x%08lx)\n", Status);
+ goto done;
+ }
+
+ /* Create the security descriptor */
+ Status = SampCreateUserSD(UserSid,
+ &Sd,
+ &SdSize);
+ if (!NT_SUCCESS(Status))
+ {
+ TRACE("SampCreateUserSD failed (Status 0x%08lx)\n", Status);
+ goto done;
+ }
+
/* Store the fixed domain attributes */
Status = SampSetObjectAttribute(DomainObject,
L"F",
if (!NT_SUCCESS(Status))
{
TRACE("failed with status 0x%08lx\n", Status);
- return Status;
+ goto done;
}
- TRACE("RID: %lx\n", ulRid);
-
/* Convert the RID into a string (hex) */
swprintf(szRid, L"%08lX", ulRid);
if (!NT_SUCCESS(Status))
{
TRACE("failed with status 0x%08lx\n", Status);
- return Status;
+ goto done;
}
/* Add the account name for the user object */
if (!NT_SUCCESS(Status))
{
TRACE("failed with status 0x%08lx\n", Status);
- return Status;
+ goto done;
}
/* Initialize fixed user data */
if (!NT_SUCCESS(Status))
{
TRACE("failed with status 0x%08lx\n", Status);
- return Status;
+ goto done;
}
/* Set the Name attribute */
- Status = SampSetObjectAttribute(UserObject,
- L"Name",
- REG_SZ,
- (LPVOID)Name->Buffer,
- Name->MaximumLength);
+ Status = SampSetObjectAttributeString(UserObject,
+ L"Name",
+ Name);
if (!NT_SUCCESS(Status))
{
TRACE("failed with status 0x%08lx\n", Status);
- return Status;
+ goto done;
}
/* Set the FullName attribute */
- Status = SampSetObjectAttribute(UserObject,
- L"FullName",
- REG_SZ,
- EmptyString.Buffer,
- EmptyString.MaximumLength);
+ Status = SampSetObjectAttributeString(UserObject,
+ L"FullName",
+ NULL);
if (!NT_SUCCESS(Status))
{
TRACE("failed with status 0x%08lx\n", Status);
- return Status;
+ goto done;
}
/* Set the HomeDirectory attribute */
- Status = SampSetObjectAttribute(UserObject,
- L"HomeDirectory",
- REG_SZ,
- EmptyString.Buffer,
- EmptyString.MaximumLength);
+ Status = SampSetObjectAttributeString(UserObject,
+ L"HomeDirectory",
+ NULL);
if (!NT_SUCCESS(Status))
{
TRACE("failed with status 0x%08lx\n", Status);
- return Status;
+ goto done;
}
/* Set the HomeDirectoryDrive attribute */
- Status = SampSetObjectAttribute(UserObject,
- L"HomeDirectoryDrive",
- REG_SZ,
- EmptyString.Buffer,
- EmptyString.MaximumLength);
+ Status = SampSetObjectAttributeString(UserObject,
+ L"HomeDirectoryDrive",
+ NULL);
if (!NT_SUCCESS(Status))
{
TRACE("failed with status 0x%08lx\n", Status);
- return Status;
+ goto done;
}
/* Set the ScriptPath attribute */
- Status = SampSetObjectAttribute(UserObject,
- L"ScriptPath",
- REG_SZ,
- EmptyString.Buffer,
- EmptyString.MaximumLength);
+ Status = SampSetObjectAttributeString(UserObject,
+ L"ScriptPath",
+ NULL);
if (!NT_SUCCESS(Status))
{
TRACE("failed with status 0x%08lx\n", Status);
- return Status;
+ goto done;
}
/* Set the ProfilePath attribute */
- Status = SampSetObjectAttribute(UserObject,
- L"ProfilePath",
- REG_SZ,
- EmptyString.Buffer,
- EmptyString.MaximumLength);
+ Status = SampSetObjectAttributeString(UserObject,
+ L"ProfilePath",
+ NULL);
if (!NT_SUCCESS(Status))
{
TRACE("failed with status 0x%08lx\n", Status);
- return Status;
+ goto done;
}
/* Set the AdminComment attribute */
- Status = SampSetObjectAttribute(UserObject,
- L"AdminComment",
- REG_SZ,
- EmptyString.Buffer,
- EmptyString.MaximumLength);
+ Status = SampSetObjectAttributeString(UserObject,
+ L"AdminComment",
+ NULL);
if (!NT_SUCCESS(Status))
{
TRACE("failed with status 0x%08lx\n", Status);
- return Status;
+ goto done;
}
/* Set the UserComment attribute */
- Status = SampSetObjectAttribute(UserObject,
- L"UserComment",
- REG_SZ,
- EmptyString.Buffer,
- EmptyString.MaximumLength);
+ Status = SampSetObjectAttributeString(UserObject,
+ L"UserComment",
+ NULL);
if (!NT_SUCCESS(Status))
{
TRACE("failed with status 0x%08lx\n", Status);
- return Status;
+ goto done;
}
/* Set the WorkStations attribute */
- Status = SampSetObjectAttribute(UserObject,
- L"WorkStations",
- REG_SZ,
- EmptyString.Buffer,
- EmptyString.MaximumLength);
+ Status = SampSetObjectAttributeString(UserObject,
+ L"WorkStations",
+ NULL);
if (!NT_SUCCESS(Status))
{
TRACE("failed with status 0x%08lx\n", Status);
- return Status;
+ goto done;
}
/* Set the Parameters attribute */
- Status = SampSetObjectAttribute(UserObject,
- L"Parameters",
- REG_SZ,
- EmptyString.Buffer,
- EmptyString.MaximumLength);
+ Status = SampSetObjectAttributeString(UserObject,
+ L"Parameters",
+ NULL);
if (!NT_SUCCESS(Status))
{
TRACE("failed with status 0x%08lx\n", Status);
- return Status;
+ goto done;
}
/* Set LogonHours attribute*/
if (!NT_SUCCESS(Status))
{
TRACE("failed with status 0x%08lx\n", Status);
- return Status;
+ goto done;
}
/* Set Groups attribute*/
if (!NT_SUCCESS(Status))
{
TRACE("failed with status 0x%08lx\n", Status);
- return Status;
+ goto done;
}
/* Set LMPwd attribute*/
if (!NT_SUCCESS(Status))
{
TRACE("failed with status 0x%08lx\n", Status);
- return Status;
+ goto done;
}
/* Set NTPwd attribute*/
if (!NT_SUCCESS(Status))
{
TRACE("failed with status 0x%08lx\n", Status);
- return Status;
+ goto done;
}
/* Set LMPwdHistory attribute*/
if (!NT_SUCCESS(Status))
{
TRACE("failed with status 0x%08lx\n", Status);
- return Status;
+ goto done;
}
/* Set NTPwdHistory attribute*/
if (!NT_SUCCESS(Status))
{
TRACE("failed with status 0x%08lx\n", Status);
- return Status;
+ goto done;
+ }
+
+ /* Set the PrivateData attribute */
+ Status = SampSetObjectAttributeString(UserObject,
+ L"PrivateData",
+ NULL);
+ if (!NT_SUCCESS(Status))
+ {
+ TRACE("failed with status 0x%08lx\n", Status);
+ goto done;
}
- /* FIXME: Set SecDesc attribute*/
+ /* Set the SecDesc attribute*/
+ Status = SampSetObjectAttribute(UserObject,
+ L"SecDesc",
+ REG_BINARY,
+ Sd,
+ SdSize);
+ if (!NT_SUCCESS(Status))
+ {
+ TRACE("failed with status 0x%08lx\n", Status);
+ goto done;
+ }
if (NT_SUCCESS(Status))
{
*GrantedAccess = UserObject->Access;
}
+done:
+ if (Sd != NULL)
+ RtlFreeHeap(RtlGetProcessHeap(), 0, Sd);
+
+ if (UserSid != NULL)
+ RtlFreeHeap(RtlGetProcessHeap(), 0, UserSid);
+
+ RtlReleaseResource(&SampResource);
+
TRACE("returns with status 0x%08lx\n", Status);
return Status;