[ADVAPI32/LSASRV]
authorEric Kohl <eric.kohl@reactos.org>
Fri, 15 Oct 2010 21:28:42 +0000 (21:28 +0000)
committerEric Kohl <eric.kohl@reactos.org>
Fri, 15 Oct 2010 21:28:42 +0000 (21:28 +0000)
- Prepare LsapValidateDbHandle for access checks.
- Move the functionality of LsaQueryInformationPolicy (advapi32.dll) into the new function LsarQueryInformationPolicy (lsasrv.dll).
- Remove dead code from advapi32.dll.

svn path=/trunk/; revision=49161

reactos/dll/win32/advapi32/sec/lsa.c
reactos/dll/win32/lsasrv/lsarpc.c

index 90a257b..6839aa3 100644 (file)
 
 WINE_DEFAULT_DEBUG_CHANNEL(advapi);
 
-/* imported from wine 1.1.14 */
-static void* ADVAPI_GetDomainName(unsigned sz, unsigned ofs)
-{
-    HKEY key;
-    LONG ret;
-    BYTE* ptr = NULL;
-    UNICODE_STRING* ustr;
-
-    static const WCHAR wVNETSUP[] = {
-        'S','y','s','t','e','m','\\',
-        'C','u','r','r','e','n','t','C','o','n','t','r','o','l','S','e','t','\\',
-        'S','e','r','v','i','c','e','s','\\',
-        'V','x','D','\\','V','N','E','T','S','U','P','\0'};
-
-    ret = RegOpenKeyExW(HKEY_LOCAL_MACHINE, wVNETSUP, 0, KEY_READ, &key);
-    if (ret == ERROR_SUCCESS)
-    {
-        DWORD size = 0;
-        static const WCHAR wg[] = { 'W','o','r','k','g','r','o','u','p',0 };
-
-        ret = RegQueryValueExW(key, wg, NULL, NULL, NULL, &size);
-        if (ret == ERROR_MORE_DATA || ret == ERROR_SUCCESS)
-        {
-            ptr = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, sz + size);
-            if (!ptr) return NULL;
-            ustr = (UNICODE_STRING*)(ptr + ofs);
-            ustr->MaximumLength = size;
-            ustr->Buffer = (WCHAR*)(ptr + sz);
-            ret = RegQueryValueExW(key, wg, NULL, NULL, (LPBYTE)ustr->Buffer, &size);
-            if (ret != ERROR_SUCCESS)
-            {
-                HeapFree(GetProcessHeap(), 0, ptr);
-                ptr = NULL;
-            }   
-            else ustr->Length = size - sizeof(WCHAR);
-        }
-        RegCloseKey(key);
-    }
-    if (!ptr)
-    {
-        static const WCHAR wDomain[] = {'D','O','M','A','I','N','\0'};
-        ptr = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY,
-                        sz + sizeof(wDomain));
-        if (!ptr) return NULL;
-        ustr = (UNICODE_STRING*)(ptr + ofs);
-        ustr->MaximumLength = sizeof(wDomain);
-        ustr->Buffer = (WCHAR*)(ptr + sz);
-        ustr->Length = sizeof(wDomain) - sizeof(WCHAR);
-        memcpy(ustr->Buffer, wDomain, sizeof(wDomain));
-    }
-    return ptr;
-}
-
 
 static BOOL LsapIsLocalComputer(PLSA_UNICODE_STRING ServerName)
 {
@@ -647,103 +594,37 @@ LsaQueryForestTrustInformation(
 }
 
 /*
- * @unimplemented
+ * @implemented
  */
 NTSTATUS WINAPI
 LsaQueryInformationPolicy(LSA_HANDLE PolicyHandle,
               POLICY_INFORMATION_CLASS InformationClass,
               PVOID *Buffer)
 {
+    PLSAPR_POLICY_INFORMATION PolicyInformation = NULL;
+    NTSTATUS Status;
+
     TRACE("(%p,0x%08x,%p)\n", PolicyHandle, InformationClass, Buffer);
 
-    if(!Buffer) return STATUS_INVALID_PARAMETER;
-    switch (InformationClass)
+    RpcTryExcept
     {
-        case PolicyAuditEventsInformation: /* 2 */
-        {
-            PPOLICY_AUDIT_EVENTS_INFO p = RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY,
-                                                    sizeof(POLICY_AUDIT_EVENTS_INFO));
-            p->AuditingMode = FALSE; /* no auditing */
-            *Buffer = p;
-        }
-        break;
-        case PolicyPrimaryDomainInformation: /* 3 */
-        {
-            /* Only the domain name is valid for the local computer.
-             * All other fields are zero.
-             */
-            PPOLICY_PRIMARY_DOMAIN_INFO pinfo;
-
-            pinfo = ADVAPI_GetDomainName(sizeof(*pinfo), offsetof(POLICY_PRIMARY_DOMAIN_INFO, Name));
-
-            TRACE("setting domain to %s\n", debugstr_w(pinfo->Name.Buffer));
-
-            *Buffer = pinfo;
-        }
-        case PolicyAccountDomainInformation: /* 5 */
-        {
-            struct di
-            {
-                POLICY_ACCOUNT_DOMAIN_INFO info;
-                SID sid;
-                DWORD padding[3];
-                WCHAR domain[MAX_COMPUTERNAME_LENGTH + 1];
-            };
-
-            DWORD dwSize = MAX_COMPUTERNAME_LENGTH + 1;
-            struct di * xdi = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(*xdi));
-
-            xdi->info.DomainName.MaximumLength = dwSize * sizeof(WCHAR);
-            xdi->info.DomainName.Buffer = xdi->domain;
-            if (GetComputerNameW(xdi->info.DomainName.Buffer, &dwSize))
-                xdi->info.DomainName.Length = dwSize * sizeof(WCHAR);
-
-            TRACE("setting name to %s\n", debugstr_w(xdi->info.DomainName.Buffer));
-
-            xdi->info.DomainSid = &xdi->sid;
-
-            /* read the computer SID from the registry */
-            if (!ADVAPI_GetComputerSid(&xdi->sid))
-            {
-                HeapFree(GetProcessHeap(), 0, xdi);
-
-                WARN("Computer SID not found\n");
-
-                return STATUS_UNSUCCESSFUL;
-            }
-
-            *Buffer = xdi;
-        }
-        break;
-        case  PolicyDnsDomainInformation:      /* 12 (0xc) */
-        {
-            /* Only the domain name is valid for the local computer.
-             * All other fields are zero.
-             */
-            PPOLICY_DNS_DOMAIN_INFO pinfo;
+        Status = LsarQueryInformationPolicy((LSAPR_HANDLE)PolicyHandle,
+                                            InformationClass,
+                                            &PolicyInformation);
+        *Buffer = PolicyInformation;
+    }
+    RpcExcept(EXCEPTION_EXECUTE_HANDLER)
+    {
+        if (PolicyInformation != NULL)
+            MIDL_user_free(PolicyInformation);
 
-            pinfo = ADVAPI_GetDomainName(sizeof(*pinfo), offsetof(POLICY_DNS_DOMAIN_INFO, Name));
+        Status = I_RpcMapWin32Status(RpcExceptionCode());
+    }
+    RpcEndExcept;
 
-            TRACE("setting domain to %s\n", debugstr_w(pinfo->Name.Buffer));
+    TRACE("Done (Status: 0x%08x)\n", Status);
 
-            *Buffer = pinfo;
-        }
-        break;
-        case PolicyAuditLogInformation:
-        case PolicyPdAccountInformation:
-        case PolicyLsaServerRoleInformation:
-        case PolicyReplicaSourceInformation:
-        case PolicyDefaultQuotaInformation:
-        case PolicyModificationInformation:
-        case PolicyAuditFullSetInformation:
-        case PolicyAuditFullQueryInformation:
-        case PolicyEfsInformation:
-        {
-            FIXME("category not implemented\n");
-            return STATUS_UNSUCCESSFUL;
-        }
-    }
-    return STATUS_SUCCESS;
+    return Status;
 }
 
 /*
index 6100e07..5fe3809 100644 (file)
@@ -60,9 +60,10 @@ LsapCreateDbHandle(LSA_DB_HANDLE_TYPE HandleType,
 }
 
 
-static BOOL
+static NTSTATUS
 LsapValidateDbHandle(LSAPR_HANDLE Handle,
-                     LSA_DB_HANDLE_TYPE HandleType)
+                     LSA_DB_HANDLE_TYPE HandleType,
+                     ACCESS_MASK GrantedAccess)
 {
     PLSA_DB_HANDLE DbHandle = (PLSA_DB_HANDLE)Handle;
     BOOL bValid = FALSE;
@@ -83,8 +84,15 @@ LsapValidateDbHandle(LSAPR_HANDLE Handle,
     }
     _SEH2_END;
 
+    if (bValid == FALSE)
+        return STATUS_INVALID_HANDLE;
+
+    if (GrantedAccess != 0)
+    {
+        /* FIXME: Check for granted access rights */
+    }
 
-    return bValid;
+    return STATUS_SUCCESS;
 }
 
 
@@ -145,13 +153,15 @@ NTSTATUS LsarClose(
 
 //    RtlEnterCriticalSection(&PolicyHandleTableLock);
 
-    if (LsapValidateDbHandle(*ObjectHandle, LsaDbIgnoreHandle))
+    Status = LsapValidateDbHandle(*ObjectHandle,
+                                  LsaDbIgnoreHandle,
+                                  0);
+
+    if (Status == STATUS_SUCCESS)
     {
         RtlFreeHeap(RtlGetProcessHeap(), 0, *ObjectHandle);
         *ObjectHandle = NULL;
     }
-    else
-        Status = STATUS_INVALID_HANDLE;
 
 //    RtlLeaveCriticalSection(&PolicyHandleTableLock);
 
@@ -248,8 +258,148 @@ NTSTATUS LsarQueryInformationPolicy(
     POLICY_INFORMATION_CLASS InformationClass,
     PLSAPR_POLICY_INFORMATION *PolicyInformation)
 {
-    UNIMPLEMENTED;
-    return STATUS_NOT_IMPLEMENTED;
+    NTSTATUS Status;
+
+    TRACE("LsarQueryInformationPolicy(%p,0x%08x,%p)\n",
+          PolicyHandle, InformationClass, PolicyInformation);
+
+    if (PolicyInformation)
+    {
+        TRACE("*PolicyInformation %p\n", *PolicyInformation);
+    }
+
+    Status = LsapValidateDbHandle(PolicyHandle,
+                                  LsaDbPolicyHandle,
+                                  0); /* FIXME */
+    if (!NT_SUCCESS(Status))
+        return Status;
+
+    switch (InformationClass)
+    {
+        case PolicyAuditEventsInformation: /* 2 */
+        {
+            PLSAPR_POLICY_AUDIT_EVENTS_INFO p = MIDL_user_allocate(sizeof(LSAPR_POLICY_AUDIT_EVENTS_INFO));
+            if (p == NULL)
+                return STATUS_INSUFFICIENT_RESOURCES;
+
+            p->AuditingMode = FALSE; /* no auditing */
+            p->EventAuditingOptions = NULL;
+            p->MaximumAuditEventCount = 0;
+
+            *PolicyInformation = (PLSAPR_POLICY_INFORMATION)p;
+        }
+        break;
+
+        case PolicyPrimaryDomainInformation: /* 3 */
+        {
+            PLSAPR_POLICY_PRIMARY_DOM_INFO p = MIDL_user_allocate(sizeof(LSAPR_POLICY_PRIMARY_DOM_INFO));
+            if (p == NULL)
+                return STATUS_INSUFFICIENT_RESOURCES;
+
+            p->Name.Length = 0;
+            p->Name.MaximumLength = 0;
+            p->Name.Buffer = NULL;
+#if 0
+            p->Name.Length = wcslen(L"COMPUTERNAME");
+            p->Name.MaximumLength = p->Name.Length + sizeof(WCHAR);
+            p->Name.Buffer = MIDL_user_allocate(p->Name.MaximumLength);
+            if (p->Name.Buffer == NULL)
+            {
+                MIDL_user_free(p);
+                return STATUS_INSUFFICIENT_RESOURCES;
+            }
+
+            wcscpy(p->Name.Buffer, L"COMPUTERNAME");
+#endif
+
+            p->Sid = NULL; /* no domain, no workgroup */
+
+            *PolicyInformation = (PLSAPR_POLICY_INFORMATION)p;
+        }
+        break;
+
+        case PolicyAccountDomainInformation: /* 5 */
+        {
+            PLSAPR_POLICY_ACCOUNT_DOM_INFO p = MIDL_user_allocate(sizeof(LSAPR_POLICY_ACCOUNT_DOM_INFO));
+            if (p == NULL)
+                return STATUS_INSUFFICIENT_RESOURCES;
+
+            p->DomainName.Length = 0;
+            p->DomainName.MaximumLength = 0;
+            p->DomainName.Buffer = NULL;
+#if 0
+            p->DomainName.Length = wcslen(L"COMPUTERNAME");
+            p->DomainName.MaximumLength = p->DomainName.Length + sizeof(WCHAR);
+            p->DomainName.Buffer = MIDL_user_allocate(p->DomainName.MaximumLength);
+            if (p->DomainName.Buffer == NULL)
+            {
+                MIDL_user_free(p);
+                return STATUS_INSUFFICIENT_RESOURCES;
+            }
+
+            wcscpy(p->DomainName.Buffer, L"COMPUTERNAME");
+#endif
+
+            p->Sid = NULL; /* no domain, no workgroup */
+
+            *PolicyInformation = (PLSAPR_POLICY_INFORMATION)p;
+        }
+        break;
+
+        case  PolicyDnsDomainInformation:      /* 12 (0xc) */
+        {
+            PLSAPR_POLICY_DNS_DOMAIN_INFO p = MIDL_user_allocate(sizeof(LSAPR_POLICY_DNS_DOMAIN_INFO));
+            if (p == NULL)
+                return STATUS_INSUFFICIENT_RESOURCES;
+
+            p->Name.Length = 0;
+            p->Name.MaximumLength = 0;
+            p->Name.Buffer = NULL;
+#if 0
+            p->Name.Length = wcslen(L"COMPUTERNAME");
+            p->Name.MaximumLength = p->Name.Length + sizeof(WCHAR);
+            p->Name.Buffer = MIDL_user_allocate(p->Name.MaximumLength);
+            if (p->Name.Buffer == NULL)
+            {
+                MIDL_user_free(p);
+                return STATUS_INSUFFICIENT_RESOURCES;
+            }
+
+            wcscpy(p->Name.Buffer, L"COMPUTERNAME");
+#endif
+
+            p->DnsDomainName.Length = 0;
+            p->DnsDomainName.MaximumLength = 0;
+            p->DnsDomainName.Buffer = NULL;
+
+            p->DnsForestName.Length = 0;
+            p->DnsForestName.MaximumLength = 0;
+            p->DnsForestName.Buffer = 0;
+
+            memset(&p->DomainGuid, 0, sizeof(GUID));
+
+            p->Sid = NULL; /* no domain, no workgroup */
+
+            *PolicyInformation = (PLSAPR_POLICY_INFORMATION)p;
+        }
+        break;
+
+        case PolicyAuditLogInformation:
+        case PolicyPdAccountInformation:
+        case PolicyLsaServerRoleInformation:
+        case PolicyReplicaSourceInformation:
+        case PolicyDefaultQuotaInformation:
+        case PolicyModificationInformation:
+        case PolicyAuditFullSetInformation:
+        case PolicyAuditFullQueryInformation:
+        case PolicyEfsInformation:
+        {
+            FIXME("category not implemented\n");
+            return STATUS_UNSUCCESSFUL;
+        }
+    }
+
+    return STATUS_SUCCESS;
 }
 
 
@@ -688,10 +838,13 @@ NTSTATUS LsarLookupPrivilegeValue(
     TRACE("LsarLookupPrivilegeValue(%p, %wZ, %p)\n",
           PolicyHandle, Name, Value);
 
-    if (!LsapValidateDbHandle(PolicyHandle, LsaDbPolicyHandle))
+    Status = LsapValidateDbHandle(PolicyHandle,
+                                  LsaDbPolicyHandle,
+                                  0); /* FIXME */
+    if (!NT_SUCCESS(Status))
     {
-        ERR("Invalid handle\n");
-        return STATUS_INVALID_HANDLE;
+        ERR("Invalid handle (Status %lx)\n", Status);
+        return Status;
     }
 
     TRACE("Privilege: %wZ\n", Name);
@@ -714,10 +867,13 @@ NTSTATUS LsarLookupPrivilegeName(
     TRACE("LsarLookupPrivilegeName(%p, %p, %p)\n",
           PolicyHandle, Value, Name);
 
-    if (!LsapValidateDbHandle(PolicyHandle, LsaDbPolicyHandle))
+    Status = LsapValidateDbHandle(PolicyHandle,
+                                  LsaDbPolicyHandle,
+                                  0); /* FIXME */
+    if (!NT_SUCCESS(Status))
     {
         ERR("Invalid handle\n");
-        return STATUS_INVALID_HANDLE;
+        return Status;
     }
 
     Status = LsarpLookupPrivilegeName(Value, (PUNICODE_STRING*)Name);
@@ -766,10 +922,15 @@ NTSTATUS LsarEnmuerateAccountRights(
     PRPC_SID AccountSid,
     PLSAPR_USER_RIGHT_SET UserRights)
 {
+    NTSTATUS Status;
+
     FIXME("(%p,%p,%p) stub\n", PolicyHandle, AccountSid, UserRights);
 
-    if (!LsapValidateDbHandle(PolicyHandle, LsaDbPolicyHandle))
-        return STATUS_INVALID_HANDLE;
+    Status = LsapValidateDbHandle(PolicyHandle,
+                                  LsaDbPolicyHandle,
+                                  0); /* FIXME */
+    if (!NT_SUCCESS(Status))
+        return Status;
 
     UserRights->Entries = 0;
     UserRights->UserRights = NULL;