[LSASRV]
authorEric Kohl <eric.kohl@reactos.org>
Sun, 25 Nov 2012 13:47:07 +0000 (13:47 +0000)
committerEric Kohl <eric.kohl@reactos.org>
Sun, 25 Nov 2012 13:47:07 +0000 (13:47 +0000)
- Add enumeration of user rights to LsarEnumerateAccountRights.
- Use RPC_UNICODE_STRING instead of UNICODE_STRING in the privilege lookup code.

svn path=/trunk/; revision=57767

reactos/dll/win32/lsasrv/lsarpc.c
reactos/dll/win32/lsasrv/lsasrv.h
reactos/dll/win32/lsasrv/privileges.c

index e82fda0..0d91ee0 100644 (file)
@@ -1915,7 +1915,7 @@ NTSTATUS WINAPI LsarLookupPrivilegeValue(
 
     TRACE("Privilege: %wZ\n", Name);
 
-    Status = LsarpLookupPrivilegeValue((PUNICODE_STRING)Name,
+    Status = LsarpLookupPrivilegeValue(Name,
                                        Value);
 
     return Status;
@@ -1944,7 +1944,7 @@ NTSTATUS WINAPI LsarLookupPrivilegeName(
     }
 
     Status = LsarpLookupPrivilegeName(Value,
-                                      (PUNICODE_STRING*)Name);
+                                      Name);
 
     return Status;
 }
@@ -1994,9 +1994,10 @@ NTSTATUS WINAPI LsarEnumerateAccountRights(
     PLSAPR_PRIVILEGE_SET PrivilegeSet = NULL;
     PRPC_UNICODE_STRING RightsBuffer = NULL;
     PRPC_UNICODE_STRING PrivilegeString;
+    ACCESS_MASK SystemAccess;
     ULONG RightsCount;
     ULONG RightsIndex;
-    ULONG PrivIndex;
+    ULONG i;
     NTSTATUS Status;
 
     TRACE("LsarEnumerateAccountRights(%p %p %p)\n",
@@ -2022,13 +2023,23 @@ NTSTATUS WINAPI LsarEnumerateAccountRights(
         goto done;
     }
 
-    /* FIXME: Get account rights */
-
+    /* Get account rights */
+    Status = LsarGetSystemAccessAccount(AccountHandle,
+                                        &SystemAccess);
+    if (!NT_SUCCESS(Status))
+    {
+        ERR("LsarGetSystemAccessAccount returned 0x%08lx\n", Status);
+        goto done;
+    }
 
     RightsCount = PrivilegeSet->PrivilegeCount;
 
-    /* FIXME: Count account rights */
-
+    /* Count account rights */
+    for (i = 0; i < sizeof(ACCESS_MASK) * 8; i++)
+    {
+        if (SystemAccess & (1 << i))
+            RightsCount++;
+    }
 
     /* We are done if there are no rights to be enumerated */
     if (RightsCount == 0)
@@ -2049,25 +2060,41 @@ NTSTATUS WINAPI LsarEnumerateAccountRights(
 
     /* Copy the privileges into the buffer */
     RightsIndex = 0;
-    for (PrivIndex = 0; PrivIndex < PrivilegeSet->PrivilegeCount; PrivIndex++)
+    for (i = 0; i < PrivilegeSet->PrivilegeCount; i++)
     {
         PrivilegeString = NULL;
         Status = LsarLookupPrivilegeName(PolicyHandle,
-                                         (PLUID)&PrivilegeSet->Privilege[PrivIndex].Luid,
-                                         (PRPC_UNICODE_STRING *)&PrivilegeString);
+                                         (PLUID)&PrivilegeSet->Privilege[i].Luid,
+                                         &PrivilegeString);
         if (!NT_SUCCESS(Status))
             goto done;
 
-        RightsBuffer[RightsIndex].Length = PrivilegeString->Length;
-        RightsBuffer[RightsIndex].MaximumLength = PrivilegeString->MaximumLength;
-        RightsBuffer[RightsIndex].Buffer = PrivilegeString->Buffer;
+        RightsBuffer[i].Length = PrivilegeString->Length;
+        RightsBuffer[i].MaximumLength = PrivilegeString->MaximumLength;
+        RightsBuffer[i].Buffer = PrivilegeString->Buffer;
 
         MIDL_user_free(PrivilegeString);
         RightsIndex++;
     }
 
-    /* FIXME: Copy account rights into the buffer */
+    /* Copy account rights into the buffer */
+    for (i = 0; i < sizeof(ACCESS_MASK) * 8; i++)
+    {
+        if (SystemAccess & (1 << i))
+        {
+            Status = LsapLookupAccountRightName(1 << i,
+                                                &PrivilegeString);
+            if (!NT_SUCCESS(Status))
+                goto done;
+
+            RightsBuffer[i].Length = PrivilegeString->Length;
+            RightsBuffer[i].MaximumLength = PrivilegeString->MaximumLength;
+            RightsBuffer[i].Buffer = PrivilegeString->Buffer;
 
+            MIDL_user_free(PrivilegeString);
+            RightsIndex++;
+        }
+    }
 
     UserRights->Entries = RightsCount;
     UserRights->UserRights = (PRPC_UNICODE_STRING)RightsBuffer;
index f4eba9f..e818244 100644 (file)
@@ -252,10 +252,10 @@ LsarSetLocalAccountDomain(PLSA_DB_OBJECT PolicyObject,
 /* privileges.c */
 NTSTATUS
 LsarpLookupPrivilegeName(PLUID Value,
-                         PUNICODE_STRING *Name);
+                         PRPC_UNICODE_STRING *Name);
 
 NTSTATUS
-LsarpLookupPrivilegeValue(PUNICODE_STRING Name,
+LsarpLookupPrivilegeValue(PRPC_UNICODE_STRING Name,
                           PLUID Value);
 
 NTSTATUS
@@ -263,6 +263,10 @@ LsarpEnumeratePrivileges(DWORD *EnumerationContext,
                          PLSAPR_PRIVILEGE_ENUM_BUFFER EnumerationBuffer,
                          DWORD PreferedMaximumLength);
 
+NTSTATUS
+LsapLookupAccountRightName(ULONG RightValue,
+                           PRPC_UNICODE_STRING *Name);
+
 /* registry.h */
 NTSTATUS
 LsapRegCloseKey(IN HANDLE KeyHandle);
index d2d21e7..6b9cff9 100644 (file)
@@ -18,6 +18,12 @@ typedef struct
     LPCWSTR Name;
 } PRIVILEGE_DATA;
 
+typedef struct
+{
+    ULONG Flag;
+    LPCWSTR Name;
+} RIGHT_DATA;
+
 
 /* GLOBALS *****************************************************************/
 
@@ -54,14 +60,28 @@ static const PRIVILEGE_DATA WellKnownPrivileges[] =
     {{SE_CREATE_GLOBAL_PRIVILEGE, 0}, SE_CREATE_GLOBAL_NAME}
 };
 
+static const RIGHT_DATA WellKnownRights[] =
+{
+    {SECURITY_ACCESS_INTERACTIVE_LOGON, SE_INTERACTIVE_LOGON_NAME},
+    {SECURITY_ACCESS_NETWORK_LOGON, SE_NETWORK_LOGON_NAME},
+    {SECURITY_ACCESS_BATCH_LOGON, SE_BATCH_LOGON_NAME},
+    {SECURITY_ACCESS_SERVICE_LOGON, SE_SERVICE_LOGON_NAME},
+    {SECURITY_ACCESS_DENY_INTERACTIVE_LOGON, SE_DENY_INTERACTIVE_LOGON_NAME},
+    {SECURITY_ACCESS_DENY_NETWORK_LOGON, SE_DENY_NETWORK_LOGON_NAME},
+    {SECURITY_ACCESS_DENY_BATCH_LOGON, SE_DENY_BATCH_LOGON_NAME},
+    {SECURITY_ACCESS_DENY_SERVICE_LOGON, SE_DENY_SERVICE_LOGON_NAME},
+    {SECURITY_ACCESS_REMOTE_INTERACTIVE_LOGON, SE_REMOTE_INTERACTIVE_LOGON_NAME},
+    {SECURITY_ACCESS_DENY_REMOTE_INTERACTIVE_LOGON, SE_DENY_REMOTE_INTERACTIVE_LOGON_NAME}
+};
+
 
 /* FUNCTIONS ***************************************************************/
 
 NTSTATUS
 LsarpLookupPrivilegeName(PLUID Value,
-                         PUNICODE_STRING *Name)
+                         PRPC_UNICODE_STRING *Name)
 {
-    PUNICODE_STRING NameBuffer;
+    PRPC_UNICODE_STRING NameBuffer;
     ULONG Priv;
 
     if (Value->HighPart != 0 ||
@@ -76,7 +96,7 @@ LsarpLookupPrivilegeName(PLUID Value,
         if (Value->LowPart == WellKnownPrivileges[Priv].Luid.LowPart &&
             Value->HighPart == WellKnownPrivileges[Priv].Luid.HighPart)
         {
-            NameBuffer = MIDL_user_allocate(sizeof(UNICODE_STRING));
+            NameBuffer = MIDL_user_allocate(sizeof(RPC_UNICODE_STRING));
             if (NameBuffer == NULL)
                 return STATUS_NO_MEMORY;
 
@@ -103,7 +123,7 @@ LsarpLookupPrivilegeName(PLUID Value,
 
 
 NTSTATUS
-LsarpLookupPrivilegeValue(PUNICODE_STRING Name,
+LsarpLookupPrivilegeValue(PRPC_UNICODE_STRING Name,
                           PLUID Value)
 {
     ULONG Priv;
@@ -218,4 +238,43 @@ done:
         Status = STATUS_MORE_ENTRIES;
 
     return Status;
-}
\ No newline at end of file
+}
+
+
+NTSTATUS
+LsapLookupAccountRightName(ULONG RightValue,
+                           PRPC_UNICODE_STRING *Name)
+{
+    PRPC_UNICODE_STRING NameBuffer;
+    ULONG i;
+
+    for (i = 0; i < sizeof(WellKnownRights) / sizeof(WellKnownRights[0]); i++)
+    {
+        if (WellKnownRights[i].Flag == RightValue)
+        {
+            NameBuffer = MIDL_user_allocate(sizeof(RPC_UNICODE_STRING));
+            if (NameBuffer == NULL)
+                return STATUS_NO_MEMORY;
+
+            NameBuffer->Length = wcslen(WellKnownRights[i].Name) * sizeof(WCHAR);
+            NameBuffer->MaximumLength = NameBuffer->Length + sizeof(WCHAR);
+
+            NameBuffer->Buffer = MIDL_user_allocate(NameBuffer->MaximumLength);
+            if (NameBuffer == NULL)
+            {
+                MIDL_user_free(NameBuffer);
+                return STATUS_INSUFFICIENT_RESOURCES;
+            }
+
+            wcscpy(NameBuffer->Buffer, WellKnownRights[i].Name);
+
+            *Name = NameBuffer;
+
+            return STATUS_SUCCESS;
+        }
+    }
+
+    return STATUS_NO_SUCH_PRIVILEGE;
+}
+
+/* EOF */