- Add enumeration of user rights to LsarEnumerateAccountRights.
- Use RPC_UNICODE_STRING instead of UNICODE_STRING in the privilege lookup code.
svn path=/trunk/; revision=57767
TRACE("Privilege: %wZ\n", Name);
- Status = LsarpLookupPrivilegeValue((PUNICODE_STRING)Name,
+ Status = LsarpLookupPrivilegeValue(Name,
Value);
return Status;
}
Status = LsarpLookupPrivilegeName(Value,
- (PUNICODE_STRING*)Name);
+ Name);
return Status;
}
PLSAPR_PRIVILEGE_SET PrivilegeSet = NULL;
PRPC_UNICODE_STRING RightsBuffer = NULL;
PRPC_UNICODE_STRING PrivilegeString;
+ ACCESS_MASK SystemAccess;
ULONG RightsCount;
ULONG RightsIndex;
- ULONG PrivIndex;
+ ULONG i;
NTSTATUS Status;
TRACE("LsarEnumerateAccountRights(%p %p %p)\n",
goto done;
}
- /* FIXME: Get account rights */
-
+ /* Get account rights */
+ Status = LsarGetSystemAccessAccount(AccountHandle,
+ &SystemAccess);
+ if (!NT_SUCCESS(Status))
+ {
+ ERR("LsarGetSystemAccessAccount returned 0x%08lx\n", Status);
+ goto done;
+ }
RightsCount = PrivilegeSet->PrivilegeCount;
- /* FIXME: Count account rights */
-
+ /* Count account rights */
+ for (i = 0; i < sizeof(ACCESS_MASK) * 8; i++)
+ {
+ if (SystemAccess & (1 << i))
+ RightsCount++;
+ }
/* We are done if there are no rights to be enumerated */
if (RightsCount == 0)
/* Copy the privileges into the buffer */
RightsIndex = 0;
- for (PrivIndex = 0; PrivIndex < PrivilegeSet->PrivilegeCount; PrivIndex++)
+ for (i = 0; i < PrivilegeSet->PrivilegeCount; i++)
{
PrivilegeString = NULL;
Status = LsarLookupPrivilegeName(PolicyHandle,
- (PLUID)&PrivilegeSet->Privilege[PrivIndex].Luid,
- (PRPC_UNICODE_STRING *)&PrivilegeString);
+ (PLUID)&PrivilegeSet->Privilege[i].Luid,
+ &PrivilegeString);
if (!NT_SUCCESS(Status))
goto done;
- RightsBuffer[RightsIndex].Length = PrivilegeString->Length;
- RightsBuffer[RightsIndex].MaximumLength = PrivilegeString->MaximumLength;
- RightsBuffer[RightsIndex].Buffer = PrivilegeString->Buffer;
+ RightsBuffer[i].Length = PrivilegeString->Length;
+ RightsBuffer[i].MaximumLength = PrivilegeString->MaximumLength;
+ RightsBuffer[i].Buffer = PrivilegeString->Buffer;
MIDL_user_free(PrivilegeString);
RightsIndex++;
}
- /* FIXME: Copy account rights into the buffer */
+ /* Copy account rights into the buffer */
+ for (i = 0; i < sizeof(ACCESS_MASK) * 8; i++)
+ {
+ if (SystemAccess & (1 << i))
+ {
+ Status = LsapLookupAccountRightName(1 << i,
+ &PrivilegeString);
+ if (!NT_SUCCESS(Status))
+ goto done;
+
+ RightsBuffer[i].Length = PrivilegeString->Length;
+ RightsBuffer[i].MaximumLength = PrivilegeString->MaximumLength;
+ RightsBuffer[i].Buffer = PrivilegeString->Buffer;
+ MIDL_user_free(PrivilegeString);
+ RightsIndex++;
+ }
+ }
UserRights->Entries = RightsCount;
UserRights->UserRights = (PRPC_UNICODE_STRING)RightsBuffer;
/* privileges.c */
NTSTATUS
LsarpLookupPrivilegeName(PLUID Value,
- PUNICODE_STRING *Name);
+ PRPC_UNICODE_STRING *Name);
NTSTATUS
-LsarpLookupPrivilegeValue(PUNICODE_STRING Name,
+LsarpLookupPrivilegeValue(PRPC_UNICODE_STRING Name,
PLUID Value);
NTSTATUS
PLSAPR_PRIVILEGE_ENUM_BUFFER EnumerationBuffer,
DWORD PreferedMaximumLength);
+NTSTATUS
+LsapLookupAccountRightName(ULONG RightValue,
+ PRPC_UNICODE_STRING *Name);
+
/* registry.h */
NTSTATUS
LsapRegCloseKey(IN HANDLE KeyHandle);
LPCWSTR Name;
} PRIVILEGE_DATA;
+typedef struct
+{
+ ULONG Flag;
+ LPCWSTR Name;
+} RIGHT_DATA;
+
/* GLOBALS *****************************************************************/
{{SE_CREATE_GLOBAL_PRIVILEGE, 0}, SE_CREATE_GLOBAL_NAME}
};
+static const RIGHT_DATA WellKnownRights[] =
+{
+ {SECURITY_ACCESS_INTERACTIVE_LOGON, SE_INTERACTIVE_LOGON_NAME},
+ {SECURITY_ACCESS_NETWORK_LOGON, SE_NETWORK_LOGON_NAME},
+ {SECURITY_ACCESS_BATCH_LOGON, SE_BATCH_LOGON_NAME},
+ {SECURITY_ACCESS_SERVICE_LOGON, SE_SERVICE_LOGON_NAME},
+ {SECURITY_ACCESS_DENY_INTERACTIVE_LOGON, SE_DENY_INTERACTIVE_LOGON_NAME},
+ {SECURITY_ACCESS_DENY_NETWORK_LOGON, SE_DENY_NETWORK_LOGON_NAME},
+ {SECURITY_ACCESS_DENY_BATCH_LOGON, SE_DENY_BATCH_LOGON_NAME},
+ {SECURITY_ACCESS_DENY_SERVICE_LOGON, SE_DENY_SERVICE_LOGON_NAME},
+ {SECURITY_ACCESS_REMOTE_INTERACTIVE_LOGON, SE_REMOTE_INTERACTIVE_LOGON_NAME},
+ {SECURITY_ACCESS_DENY_REMOTE_INTERACTIVE_LOGON, SE_DENY_REMOTE_INTERACTIVE_LOGON_NAME}
+};
+
/* FUNCTIONS ***************************************************************/
NTSTATUS
LsarpLookupPrivilegeName(PLUID Value,
- PUNICODE_STRING *Name)
+ PRPC_UNICODE_STRING *Name)
{
- PUNICODE_STRING NameBuffer;
+ PRPC_UNICODE_STRING NameBuffer;
ULONG Priv;
if (Value->HighPart != 0 ||
if (Value->LowPart == WellKnownPrivileges[Priv].Luid.LowPart &&
Value->HighPart == WellKnownPrivileges[Priv].Luid.HighPart)
{
- NameBuffer = MIDL_user_allocate(sizeof(UNICODE_STRING));
+ NameBuffer = MIDL_user_allocate(sizeof(RPC_UNICODE_STRING));
if (NameBuffer == NULL)
return STATUS_NO_MEMORY;
NTSTATUS
-LsarpLookupPrivilegeValue(PUNICODE_STRING Name,
+LsarpLookupPrivilegeValue(PRPC_UNICODE_STRING Name,
PLUID Value)
{
ULONG Priv;
Status = STATUS_MORE_ENTRIES;
return Status;
-}
\ No newline at end of file
+}
+
+
+NTSTATUS
+LsapLookupAccountRightName(ULONG RightValue,
+ PRPC_UNICODE_STRING *Name)
+{
+ PRPC_UNICODE_STRING NameBuffer;
+ ULONG i;
+
+ for (i = 0; i < sizeof(WellKnownRights) / sizeof(WellKnownRights[0]); i++)
+ {
+ if (WellKnownRights[i].Flag == RightValue)
+ {
+ NameBuffer = MIDL_user_allocate(sizeof(RPC_UNICODE_STRING));
+ if (NameBuffer == NULL)
+ return STATUS_NO_MEMORY;
+
+ NameBuffer->Length = wcslen(WellKnownRights[i].Name) * sizeof(WCHAR);
+ NameBuffer->MaximumLength = NameBuffer->Length + sizeof(WCHAR);
+
+ NameBuffer->Buffer = MIDL_user_allocate(NameBuffer->MaximumLength);
+ if (NameBuffer == NULL)
+ {
+ MIDL_user_free(NameBuffer);
+ return STATUS_INSUFFICIENT_RESOURCES;
+ }
+
+ wcscpy(NameBuffer->Buffer, WellKnownRights[i].Name);
+
+ *Name = NameBuffer;
+
+ return STATUS_SUCCESS;
+ }
+ }
+
+ return STATUS_NO_SUCH_PRIVILEGE;
+}
+
+/* EOF */