[LSASRV]
authorEric Kohl <eric.kohl@reactos.org>
Sun, 6 May 2012 09:57:31 +0000 (09:57 +0000)
committerEric Kohl <eric.kohl@reactos.org>
Sun, 6 May 2012 09:57:31 +0000 (09:57 +0000)
- Clean up the LSA database APIs.
- Fix database object reference counting.

svn path=/trunk/; revision=56524

reactos/dll/win32/lsasrv/database.c
reactos/dll/win32/lsasrv/lsarpc.c
reactos/dll/win32/lsasrv/lsasrv.h
reactos/dll/win32/lsasrv/policy.c

index ef41062..c7b770c 100644 (file)
@@ -202,40 +202,40 @@ Done:
 static NTSTATUS
 LsapCreateDatabaseObjects(VOID)
 {
-    PLSA_DB_OBJECT DbObject = NULL;
+    PLSA_DB_OBJECT PolicyObject;
+    NTSTATUS Status;
 
     /* Open the 'Policy' object */
-    DbObject = (PLSA_DB_OBJECT)LsapCreateDbObject(NULL,
-                                L"Policy",
-                                TRUE,
-                                LsaDbPolicyObject,
-                                0);
-    if (DbObject != NULL)
-    {
-        LsapSetObjectAttribute(DbObject,
-                               L"PolPrDmN",
-                               NULL,
-                               0);
+    Status = LsapOpenDbObject(NULL,
+                              L"Policy",
+                              LsaDbPolicyObject,
+                              0,
+                              &PolicyObject);
+    if (!NT_SUCCESS(Status))
+        return Status;
 
-        LsapSetObjectAttribute(DbObject,
-                               L"PolPrDmS",
-                               NULL,
-                               0);
+    LsapSetObjectAttribute(PolicyObject,
+                           L"PolPrDmN",
+                           NULL,
+                           0);
 
-        LsapSetObjectAttribute(DbObject,
-                               L"PolAcDmN",
-                               NULL,
-                               0);
+    LsapSetObjectAttribute(PolicyObject,
+                           L"PolPrDmS",
+                           NULL,
+                           0);
 
-        LsapSetObjectAttribute(DbObject,
-                               L"PolAcDmS",
-                               NULL,
-                               0);
+    LsapSetObjectAttribute(PolicyObject,
+                           L"PolAcDmN",
+                           NULL,
+                           0);
 
+    LsapSetObjectAttribute(PolicyObject,
+                           L"PolAcDmS",
+                           NULL,
+                           0);
 
-        /* Close the 'Policy' object */
-        LsapCloseDbObject((LSAPR_HANDLE)DbObject);
-    }
+    /* Close the 'Policy' object */
+    LsapCloseDbObject(PolicyObject);
 
     return STATUS_SUCCESS;
 }
@@ -294,25 +294,27 @@ LsapInitDatabase(VOID)
 }
 
 
-LSAPR_HANDLE
-LsapCreateDbObject(LSAPR_HANDLE ParentHandle,
-                   LPWSTR ObjectName,
-                   BOOLEAN Open,
-                   LSA_DB_OBJECT_TYPE ObjectType,
-                   ACCESS_MASK DesiredAccess)
+NTSTATUS
+LsapCreateDbObject(IN PLSA_DB_OBJECT ParentObject,
+                   IN LPWSTR ObjectName,
+                   IN LSA_DB_OBJECT_TYPE ObjectType,
+                   IN ACCESS_MASK DesiredAccess,
+                   OUT PLSA_DB_OBJECT *DbObject)
 {
-    PLSA_DB_OBJECT ParentObject = (PLSA_DB_OBJECT)ParentHandle;
-    PLSA_DB_OBJECT DbObject;
+    PLSA_DB_OBJECT NewObject;
     OBJECT_ATTRIBUTES ObjectAttributes;
     UNICODE_STRING KeyName;
     HANDLE ParentKeyHandle;
     HANDLE ObjectKeyHandle;
     NTSTATUS Status;
 
-    if (ParentHandle != NULL)
-        ParentKeyHandle = ParentObject->KeyHandle;
-    else
+    if (DbObject == NULL)
+        return STATUS_INVALID_PARAMETER;
+
+    if (ParentObject == NULL)
         ParentKeyHandle = SecurityKeyHandle;
+    else
+        ParentKeyHandle = ParentObject->KeyHandle;
 
     RtlInitUnicodeString(&KeyName,
                          ObjectName);
@@ -323,65 +325,122 @@ LsapCreateDbObject(LSAPR_HANDLE ParentHandle,
                                ParentKeyHandle,
                                NULL);
 
-    if (Open == TRUE)
+    Status = NtCreateKey(&ObjectKeyHandle,
+                         KEY_ALL_ACCESS,
+                         &ObjectAttributes,
+                         0,
+                         NULL,
+                         0,
+                         NULL);
+    if (!NT_SUCCESS(Status))
     {
-        Status = NtOpenKey(&ObjectKeyHandle,
-                           KEY_ALL_ACCESS,
-                           &ObjectAttributes);
+        return Status;
     }
-    else
+
+    NewObject = RtlAllocateHeap(RtlGetProcessHeap(),
+                                0,
+                                sizeof(LSA_DB_OBJECT));
+    if (NewObject == NULL)
     {
-        Status = NtCreateKey(&ObjectKeyHandle,
-                             KEY_ALL_ACCESS,
-                             &ObjectAttributes,
-                             0,
-                             NULL,
-                             0,
-                             NULL);
+        NtClose(ObjectKeyHandle);
+        return STATUS_NO_MEMORY;
     }
 
+    NewObject->Signature = LSAP_DB_SIGNATURE;
+    NewObject->RefCount = 1;
+    NewObject->ObjectType = ObjectType;
+    NewObject->Access = DesiredAccess;
+    NewObject->KeyHandle = ObjectKeyHandle;
+    NewObject->ParentObject = ParentObject;
+
+    if (ParentObject != NULL)
+        ParentObject->RefCount++;
+
+    *DbObject = NewObject;
+
+    return STATUS_SUCCESS;
+}
+
+
+NTSTATUS
+LsapOpenDbObject(IN PLSA_DB_OBJECT ParentObject,
+                 IN LPWSTR ObjectName,
+                 IN LSA_DB_OBJECT_TYPE ObjectType,
+                 IN ACCESS_MASK DesiredAccess,
+                 OUT PLSA_DB_OBJECT *DbObject)
+{
+    PLSA_DB_OBJECT NewObject;
+    OBJECT_ATTRIBUTES ObjectAttributes;
+    UNICODE_STRING KeyName;
+    HANDLE ParentKeyHandle;
+    HANDLE ObjectKeyHandle;
+    NTSTATUS Status;
+
+    if (DbObject == NULL)
+        return STATUS_INVALID_PARAMETER;
+
+    if (ParentObject == NULL)
+        ParentKeyHandle = SecurityKeyHandle;
+    else
+        ParentKeyHandle = ParentObject->KeyHandle;
+
+    RtlInitUnicodeString(&KeyName,
+                         ObjectName);
+
+    InitializeObjectAttributes(&ObjectAttributes,
+                               &KeyName,
+                               OBJ_CASE_INSENSITIVE,
+                               ParentKeyHandle,
+                               NULL);
+
+    Status = NtOpenKey(&ObjectKeyHandle,
+                       KEY_ALL_ACCESS,
+                       &ObjectAttributes);
     if (!NT_SUCCESS(Status))
     {
-        return NULL;
+        return Status;
     }
 
-    DbObject = (PLSA_DB_OBJECT)RtlAllocateHeap(RtlGetProcessHeap(),
-                                               0,
-                                               sizeof(LSA_DB_OBJECT));
-    if (DbObject == NULL)
+    NewObject = RtlAllocateHeap(RtlGetProcessHeap(),
+                                  0,
+                                  sizeof(LSA_DB_OBJECT));
+    if (NewObject == NULL)
     {
         NtClose(ObjectKeyHandle);
-        return NULL;
+        return STATUS_NO_MEMORY;
     }
 
-    DbObject->Signature = LSAP_DB_SIGNATURE;
-    DbObject->RefCount = 0;
-    DbObject->ObjectType = ObjectType;
-    DbObject->Access = DesiredAccess;
-    DbObject->KeyHandle = ObjectKeyHandle;
-    DbObject->ParentObject = ParentObject;
+    NewObject->Signature = LSAP_DB_SIGNATURE;
+    NewObject->RefCount = 1;
+    NewObject->ObjectType = ObjectType;
+    NewObject->Access = DesiredAccess;
+    NewObject->KeyHandle = ObjectKeyHandle;
+    NewObject->ParentObject = ParentObject;
 
     if (ParentObject != NULL)
         ParentObject->RefCount++;
 
-    return (LSAPR_HANDLE)DbObject;
+    *DbObject = NewObject;
+
+    return STATUS_SUCCESS;
 }
 
 
 NTSTATUS
 LsapValidateDbObject(LSAPR_HANDLE Handle,
                      LSA_DB_OBJECT_TYPE ObjectType,
-                     ACCESS_MASK GrantedAccess)
+                     ACCESS_MASK DesiredAccess,
+                     PLSA_DB_OBJECT *DbObject)
 {
-    PLSA_DB_OBJECT DbObject = (PLSA_DB_OBJECT)Handle;
+    PLSA_DB_OBJECT LocalObject = (PLSA_DB_OBJECT)Handle;
     BOOLEAN bValid = FALSE;
 
     _SEH2_TRY
     {
-        if (DbObject->Signature == LSAP_DB_SIGNATURE)
+        if (LocalObject->Signature == LSAP_DB_SIGNATURE)
         {
             if ((ObjectType == LsaDbIgnoreObject) ||
-                (DbObject->ObjectType == ObjectType))
+                (LocalObject->ObjectType == ObjectType))
                 bValid = TRUE;
         }
     }
@@ -394,32 +453,52 @@ LsapValidateDbObject(LSAPR_HANDLE Handle,
     if (bValid == FALSE)
         return STATUS_INVALID_HANDLE;
 
-    if (GrantedAccess != 0)
+    if (DesiredAccess != 0)
     {
-        /* FIXME: Check for granted access rights */
+        /* Check for granted access rights */
+        if ((LocalObject->Access & DesiredAccess) != DesiredAccess)
+        {
+            ERR("LsapValidateDbObject access check failed %08lx  %08lx\n",
+                LocalObject->Access, DesiredAccess);
+            return STATUS_ACCESS_DENIED;
+        }
     }
 
+    if (DbObject != NULL)
+        *DbObject = LocalObject;
+
     return STATUS_SUCCESS;
 }
 
 
 NTSTATUS
-LsapCloseDbObject(LSAPR_HANDLE Handle)
+LsapCloseDbObject(PLSA_DB_OBJECT DbObject)
 {
-    PLSA_DB_OBJECT DbObject = (PLSA_DB_OBJECT)Handle;
+    PLSA_DB_OBJECT ParentObject = NULL;
+    NTSTATUS Status = STATUS_SUCCESS;
 
-    if (DbObject->RefCount != 0)
-        return STATUS_UNSUCCESSFUL;
+    DbObject->RefCount--;
 
-    if (DbObject->ParentObject != NULL)
-        DbObject->ParentObject->RefCount--;
+    if (DbObject->RefCount > 0)
+        return STATUS_SUCCESS;
 
     if (DbObject->KeyHandle != NULL)
         NtClose(DbObject->KeyHandle);
 
+    if (DbObject->ParentObject != NULL)
+        ParentObject = DbObject->ParentObject;
+
     RtlFreeHeap(RtlGetProcessHeap(), 0, DbObject);
 
-    return STATUS_SUCCESS;
+    if (ParentObject != NULL)
+    {
+        ParentObject->RefCount--;
+
+        if (ParentObject->RefCount == 0)
+            Status = LsapCloseDbObject(ParentObject);
+    }
+
+    return Status;
 }
 
 
index 2fe2d66..3cbd3c9 100644 (file)
@@ -69,6 +69,7 @@ void __RPC_USER LSAPR_HANDLE_rundown(LSAPR_HANDLE hHandle)
 NTSTATUS WINAPI LsarClose(
     LSAPR_HANDLE *ObjectHandle)
 {
+    PLSA_DB_OBJECT DbObject;
     NTSTATUS Status = STATUS_SUCCESS;
 
     TRACE("0x%p\n", ObjectHandle);
@@ -77,10 +78,11 @@ NTSTATUS WINAPI LsarClose(
 
     Status = LsapValidateDbObject(*ObjectHandle,
                                   LsaDbIgnoreObject,
-                                  0);
+                                  0,
+                                  &DbObject);
     if (Status == STATUS_SUCCESS)
     {
-        Status = LsapCloseDbObject(*ObjectHandle);
+        Status = LsapCloseDbObject(DbObject);
         *ObjectHandle = NULL;
     }
 
@@ -154,22 +156,24 @@ NTSTATUS WINAPI LsarOpenPolicy(
     ACCESS_MASK DesiredAccess,
     LSAPR_HANDLE *PolicyHandle)
 {
-    NTSTATUS Status = STATUS_SUCCESS;
+    PLSA_DB_OBJECT PolicyObject;
+    NTSTATUS Status;
 
     TRACE("LsarOpenPolicy called!\n");
 
     RtlEnterCriticalSection(&PolicyHandleTableLock);
 
-    *PolicyHandle = LsapCreateDbObject(NULL,
-                                       L"Policy",
-                                       TRUE,
-                                       LsaDbPolicyObject,
-                                       DesiredAccess);
-    if (*PolicyHandle == NULL)
-        Status = STATUS_INSUFFICIENT_RESOURCES;
+    Status = LsapOpenDbObject(NULL,
+                              L"Policy",
+                              LsaDbPolicyObject,
+                              DesiredAccess,
+                              &PolicyObject);
 
     RtlLeaveCriticalSection(&PolicyHandleTableLock);
 
+    if (NT_SUCCESS(Status))
+        *PolicyHandle = (LSAPR_HANDLE)PolicyObject;
+
     TRACE("LsarOpenPolicy done!\n");
 
     return Status;
@@ -182,6 +186,7 @@ NTSTATUS WINAPI LsarQueryInformationPolicy(
     POLICY_INFORMATION_CLASS InformationClass,
     PLSAPR_POLICY_INFORMATION *PolicyInformation)
 {
+    PLSA_DB_OBJECT DbObject;
     NTSTATUS Status;
 
     TRACE("LsarQueryInformationPolicy(%p,0x%08x,%p)\n",
@@ -194,7 +199,8 @@ NTSTATUS WINAPI LsarQueryInformationPolicy(
 
     Status = LsapValidateDbObject(PolicyHandle,
                                   LsaDbPolicyObject,
-                                  0); /* FIXME */
+                                  0, /* FIXME */
+                                  &DbObject);
     if (!NT_SUCCESS(Status))
         return Status;
 
@@ -244,6 +250,7 @@ NTSTATUS WINAPI LsarSetInformationPolicy(
     POLICY_INFORMATION_CLASS InformationClass,
     PLSAPR_POLICY_INFORMATION PolicyInformation)
 {
+    PLSA_DB_OBJECT DbObject;
     NTSTATUS Status;
 
     TRACE("LsarSetInformationPolicy(%p,0x%08x,%p)\n",
@@ -256,7 +263,8 @@ NTSTATUS WINAPI LsarSetInformationPolicy(
 
     Status = LsapValidateDbObject(PolicyHandle,
                                   LsaDbPolicyObject,
-                                  0); /* FIXME */
+                                  0, /* FIXME */
+                                  &DbObject);
     if (!NT_SUCCESS(Status))
         return Status;
 
@@ -310,15 +318,17 @@ NTSTATUS WINAPI LsarCreateAccount(
     ACCESS_MASK DesiredAccess,
     LSAPR_HANDLE *AccountHandle)
 {
-    LSAPR_HANDLE AccountsHandle;
-    LSAPR_HANDLE Account;
-    LPWSTR SidString;
-    NTSTATUS Status;
+    PLSA_DB_OBJECT PolicyObject;
+    PLSA_DB_OBJECT AccountsObject = NULL;
+    PLSA_DB_OBJECT AccountObject = NULL;
+    LPWSTR SidString = NULL;
+    NTSTATUS Status = STATUS_SUCCESS;
 
     /* Validate the PolicyHandle */
     Status = LsapValidateDbObject(PolicyHandle,
                                   LsaDbPolicyObject,
-                                  POLICY_CREATE_ACCOUNT);
+                                  POLICY_CREATE_ACCOUNT,
+                                  &PolicyObject);
     if (!NT_SUCCESS(Status))
     {
         ERR("LsapValidateDbObject returned 0x%08lx\n", Status);
@@ -326,15 +336,15 @@ NTSTATUS WINAPI LsarCreateAccount(
     }
 
     /* Open the Accounts object */
-    AccountsHandle = LsapCreateDbObject(PolicyHandle,
-                                        L"Accounts",
-                                        TRUE,
-                                        LsaDbContainerObject,
-                                        0);
-    if (AccountsHandle == NULL)
+    Status = LsapOpenDbObject(PolicyObject,
+                              L"Accounts",
+                              LsaDbContainerObject,
+                              0,
+                              &AccountsObject);
+    if (!NT_SUCCESS(Status))
     {
-        ERR("LsapCreateDbObject (Accounts) failed\n");
-        return STATUS_UNSUCCESSFUL;
+        ERR("LsapCreateDbObject (Accounts) failed (Status 0x%08lx)\n", Status);
+        goto done;
     }
 
     /* Create SID string */
@@ -342,31 +352,44 @@ NTSTATUS WINAPI LsarCreateAccount(
                                &SidString))
     {
         ERR("ConvertSidToStringSid failed\n");
-        return STATUS_UNSUCCESSFUL;
+        Status = STATUS_INVALID_PARAMETER;
+        goto done;
     }
 
     /* Create the Account object */
-    Account = LsapCreateDbObject(AccountsHandle,
-                                 SidString,
-                                 FALSE,
-                                 LsaDbAccountObject,
-                                 DesiredAccess);
-    if (Account != NULL)
+    Status = LsapCreateDbObject(AccountsObject,
+                                SidString,
+                                LsaDbAccountObject,
+                                DesiredAccess,
+                                &AccountObject);
+    if (!NT_SUCCESS(Status))
     {
-        /* Set the Sid attribute */
-        Status = LsapSetObjectAttribute((PLSA_DB_OBJECT)Account,
-                                        L"Sid",
-                                        (PVOID)AccountSid,
-                                        GetLengthSid(AccountSid));
-        if (NT_SUCCESS(Status))
-        {
-            *AccountHandle = Account;
-        }
+        ERR("LsapCreateDbObject (Account) failed (Status 0x%08lx)\n", Status);
+        goto done;
     }
 
-    LocalFree(SidString);
+    /* Set the Sid attribute */
+    Status = LsapSetObjectAttribute(AccountObject,
+                                    L"Sid",
+                                    (PVOID)AccountSid,
+                                    GetLengthSid(AccountSid));
+
+done:
+    if (SidString != NULL)
+        LocalFree(SidString);
+
+    if (!NT_SUCCESS(Status))
+    {
+        if (AccountObject != NULL)
+            LsapCloseDbObject(AccountObject);
+    }
+    else
+    {
+        *AccountHandle = (LSAPR_HANDLE)AccountObject;
+    }
 
-    LsapCloseDbObject(AccountsHandle);
+    if (AccountsObject != NULL)
+        LsapCloseDbObject(AccountsObject);
 
     return STATUS_SUCCESS;
 }
@@ -777,7 +800,8 @@ NTSTATUS WINAPI LsarLookupPrivilegeValue(
 
     Status = LsapValidateDbObject(PolicyHandle,
                                   LsaDbPolicyObject,
-                                  0); /* FIXME */
+                                  0, /* FIXME */
+                                  NULL);
     if (!NT_SUCCESS(Status))
     {
         ERR("Invalid handle (Status %lx)\n", Status);
@@ -806,7 +830,8 @@ NTSTATUS WINAPI LsarLookupPrivilegeName(
 
     Status = LsapValidateDbObject(PolicyHandle,
                                   LsaDbPolicyObject,
-                                  0); /* FIXME */
+                                  0, /* FIXME */
+                                  NULL);
     if (!NT_SUCCESS(Status))
     {
         ERR("Invalid handle\n");
@@ -859,13 +884,15 @@ NTSTATUS WINAPI LsarEnmuerateAccountRights(
     PRPC_SID AccountSid,
     PLSAPR_USER_RIGHT_SET UserRights)
 {
+    PLSA_DB_OBJECT PolicyObject;
     NTSTATUS Status;
 
     FIXME("(%p,%p,%p) stub\n", PolicyHandle, AccountSid, UserRights);
 
     Status = LsapValidateDbObject(PolicyHandle,
                                   LsaDbPolicyObject,
-                                  0); /* FIXME */
+                                  0, /* FIXME */
+                                  &PolicyObject);
     if (!NT_SUCCESS(Status))
         return Status;
 
index 3e17f36..efed11c 100644 (file)
@@ -59,20 +59,28 @@ StartAuthenticationPort(VOID);
 NTSTATUS
 LsapInitDatabase(VOID);
 
-LSAPR_HANDLE
-LsapCreateDbObject(LSAPR_HANDLE ParentHandle,
-                   LPWSTR ObjectName,
-                   BOOLEAN Open,
-                   LSA_DB_OBJECT_TYPE HandleType,
-                   ACCESS_MASK DesiredAccess);
+NTSTATUS
+LsapCreateDbObject(IN PLSA_DB_OBJECT ParentObject,
+                   IN LPWSTR ObjectName,
+                   IN LSA_DB_OBJECT_TYPE HandleType,
+                   IN ACCESS_MASK DesiredAccess,
+                   OUT PLSA_DB_OBJECT *DbObject);
+
+NTSTATUS
+LsapOpenDbObject(IN PLSA_DB_OBJECT ParentObject,
+                 IN LPWSTR ObjectName,
+                 IN LSA_DB_OBJECT_TYPE ObjectType,
+                 IN ACCESS_MASK DesiredAccess,
+                 OUT PLSA_DB_OBJECT *DbObject);
 
 NTSTATUS
-LsapValidateDbObject(LSAPR_HANDLE Handle,
-                     LSA_DB_OBJECT_TYPE HandleType,
-                     ACCESS_MASK GrantedAccess);
+LsapValidateDbObject(IN LSAPR_HANDLE Handle,
+                     IN LSA_DB_OBJECT_TYPE HandleType,
+                     IN ACCESS_MASK GrantedAccess,
+                     OUT PLSA_DB_OBJECT *DbObject);
 
 NTSTATUS
-LsapCloseDbObject(LSAPR_HANDLE Handle);
+LsapCloseDbObject(IN PLSA_DB_OBJECT DbObject);
 
 NTSTATUS
 LsapGetObjectAttribute(PLSA_DB_OBJECT DbObject,
@@ -92,31 +100,31 @@ LsarStartRpcServer(VOID);
 
 /* policy.c */
 NTSTATUS
-LsarQueryAuditEvents(LSAPR_HANDLE PolicyHandle,
+LsarQueryAuditEvents(PLSA_DB_OBJECT PolicyObject,
                      PLSAPR_POLICY_INFORMATION *PolicyInformation);
 
 NTSTATUS
-LsarQueryPrimaryDomain(LSAPR_HANDLE PolicyHandle,
+LsarQueryPrimaryDomain(PLSA_DB_OBJECT PolicyObject,
                        PLSAPR_POLICY_INFORMATION *PolicyInformation);
 
 NTSTATUS
-LsarQueryAccountDomain(LSAPR_HANDLE PolicyHandle,
+LsarQueryAccountDomain(PLSA_DB_OBJECT PolicyObject,
                        PLSAPR_POLICY_INFORMATION *PolicyInformation);
 
 NTSTATUS
-LsarQueryDnsDomain(LSAPR_HANDLE PolicyHandle,
+LsarQueryDnsDomain(PLSA_DB_OBJECT PolicyObject,
                    PLSAPR_POLICY_INFORMATION *PolicyInformation);
 
 NTSTATUS
-LsarSetPrimaryDomain(LSAPR_HANDLE PolicyObject,
+LsarSetPrimaryDomain(PLSA_DB_OBJECT PolicyObject,
                      PLSAPR_POLICY_PRIMARY_DOM_INFO Info);
 
 NTSTATUS
-LsarSetAccountDomain(LSAPR_HANDLE PolicyObject,
+LsarSetAccountDomain(PLSA_DB_OBJECT PolicyObject,
                      PLSAPR_POLICY_ACCOUNT_DOM_INFO Info);
 
 NTSTATUS
-LsarSetDnsDomain(LSAPR_HANDLE PolicyObject,
+LsarSetDnsDomain(PLSA_DB_OBJECT PolicyObject,
                  PLSAPR_POLICY_DNS_DOMAIN_INFO Info);
 
 /* privileges.c */
index 384dc6e..ecece84 100644 (file)
@@ -16,7 +16,7 @@ WINE_DEFAULT_DEBUG_CHANNEL(lsasrv);
 /* FUNCTIONS ***************************************************************/
 
 NTSTATUS
-LsarSetPrimaryDomain(LSAPR_HANDLE PolicyHandle,
+LsarSetPrimaryDomain(PLSA_DB_OBJECT PolicyObject,
                      PLSAPR_POLICY_PRIMARY_DOM_INFO Info)
 {
     PUNICODE_STRING Buffer;
@@ -24,7 +24,7 @@ LsarSetPrimaryDomain(LSAPR_HANDLE PolicyHandle,
     NTSTATUS Status;
     LPWSTR Ptr;
 
-    TRACE("LsarSetPrimaryDomain(%p, %p)\n", PolicyHandle, Info);
+    TRACE("LsarSetPrimaryDomain(%p, %p)\n", PolicyObject, Info);
 
     Length = sizeof(UNICODE_STRING) + Info->Name.MaximumLength;
     Buffer = RtlAllocateHeap(RtlGetProcessHeap(),
@@ -39,9 +39,10 @@ LsarSetPrimaryDomain(LSAPR_HANDLE PolicyHandle,
     Ptr = (LPWSTR)((ULONG_PTR)Buffer + sizeof(UNICODE_STRING));
     memcpy(Ptr, Info->Name.Buffer, Info->Name.MaximumLength);
 
-    Status = LsapSetObjectAttribute((PLSA_DB_OBJECT)PolicyHandle,
+    Status = LsapSetObjectAttribute(PolicyObject,
                                     L"PolPrDmN",
-                                    Buffer, Length);
+                                    Buffer,
+                                    Length);
 
     RtlFreeHeap(RtlGetProcessHeap(), 0, Buffer);
 
@@ -52,7 +53,7 @@ LsarSetPrimaryDomain(LSAPR_HANDLE PolicyHandle,
     if (Info->Sid != NULL)
         Length = RtlLengthSid(Info->Sid);
 
-    Status = LsapSetObjectAttribute((PLSA_DB_OBJECT)PolicyHandle,
+    Status = LsapSetObjectAttribute(PolicyObject,
                                     L"PolPrDmS",
                                     (LPBYTE)Info->Sid,
                                     Length);
@@ -62,7 +63,7 @@ LsarSetPrimaryDomain(LSAPR_HANDLE PolicyHandle,
 
 
 NTSTATUS
-LsarSetAccountDomain(LSAPR_HANDLE PolicyHandle,
+LsarSetAccountDomain(PLSA_DB_OBJECT PolicyObject,
                      PLSAPR_POLICY_ACCOUNT_DOM_INFO Info)
 {
     PUNICODE_STRING Buffer;
@@ -70,7 +71,7 @@ LsarSetAccountDomain(LSAPR_HANDLE PolicyHandle,
     NTSTATUS Status;
     LPWSTR Ptr;
 
-    TRACE("LsarSetAccountDomain(%p, %p)\n", PolicyHandle, Info);
+    TRACE("LsarSetAccountDomain(%p, %p)\n", PolicyObject, Info);
 
     Length = sizeof(UNICODE_STRING) + Info->DomainName.MaximumLength;
     Buffer = RtlAllocateHeap(RtlGetProcessHeap(),
@@ -85,9 +86,10 @@ LsarSetAccountDomain(LSAPR_HANDLE PolicyHandle,
     Ptr = (LPWSTR)((ULONG_PTR)Buffer + sizeof(UNICODE_STRING));
     memcpy(Ptr, Info->DomainName.Buffer, Info->DomainName.MaximumLength);
 
-    Status = LsapSetObjectAttribute((PLSA_DB_OBJECT)PolicyHandle,
+    Status = LsapSetObjectAttribute(PolicyObject,
                                     L"PolAcDmN",
-                                    Buffer, Length);
+                                    Buffer,
+                                    Length);
 
     RtlFreeHeap(RtlGetProcessHeap(), 0, Buffer);
 
@@ -98,7 +100,7 @@ LsarSetAccountDomain(LSAPR_HANDLE PolicyHandle,
     if (Info->Sid != NULL)
         Length = RtlLengthSid(Info->Sid);
 
-    Status = LsapSetObjectAttribute((PLSA_DB_OBJECT)PolicyHandle,
+    Status = LsapSetObjectAttribute(PolicyObject,
                                     L"PolAcDmS",
                                     (LPBYTE)Info->Sid,
                                     Length);
@@ -108,7 +110,7 @@ LsarSetAccountDomain(LSAPR_HANDLE PolicyHandle,
 
 
 NTSTATUS
-LsarSetDnsDomain(LSAPR_HANDLE PolicyHandle,
+LsarSetDnsDomain(PLSA_DB_OBJECT PolicyObject,
                  PLSAPR_POLICY_DNS_DOMAIN_INFO Info)
 {
 
@@ -117,7 +119,7 @@ LsarSetDnsDomain(LSAPR_HANDLE PolicyHandle,
 
 
 NTSTATUS
-LsarQueryAuditEvents(LSAPR_HANDLE PolicyHandle,
+LsarQueryAuditEvents(PLSA_DB_OBJECT PolicyObject,
                      PLSAPR_POLICY_INFORMATION *PolicyInformation)
 {
     PLSAPR_POLICY_AUDIT_EVENTS_INFO p = NULL;
@@ -137,7 +139,7 @@ LsarQueryAuditEvents(LSAPR_HANDLE PolicyHandle,
 
 
 NTSTATUS
-LsarQueryPrimaryDomain(LSAPR_HANDLE PolicyHandle,
+LsarQueryPrimaryDomain(PLSA_DB_OBJECT PolicyObject,
                        PLSAPR_POLICY_INFORMATION *PolicyInformation)
 {
     PLSAPR_POLICY_PRIMARY_DOM_INFO p = NULL;
@@ -153,7 +155,7 @@ LsarQueryPrimaryDomain(LSAPR_HANDLE PolicyHandle,
 
     /* Domain Name */
     AttributeSize = 0;
-    Status = LsapGetObjectAttribute((PLSA_DB_OBJECT)PolicyHandle,
+    Status = LsapGetObjectAttribute(PolicyObject,
                                     L"PolPrDmN",
                                     NULL,
                                     &AttributeSize);
@@ -171,7 +173,7 @@ LsarQueryPrimaryDomain(LSAPR_HANDLE PolicyHandle,
             goto Done;
         }
 
-        Status = LsapGetObjectAttribute((PLSA_DB_OBJECT)PolicyHandle,
+        Status = LsapGetObjectAttribute(PolicyObject,
                                         L"PolPrDmN",
                                         DomainName,
                                         &AttributeSize);
@@ -201,7 +203,7 @@ LsarQueryPrimaryDomain(LSAPR_HANDLE PolicyHandle,
 
     /* Domain SID */
     AttributeSize = 0;
-    Status = LsapGetObjectAttribute((PLSA_DB_OBJECT)PolicyHandle,
+    Status = LsapGetObjectAttribute(PolicyObject,
                                     L"PolPrDmS",
                                     NULL,
                                     &AttributeSize);
@@ -219,7 +221,7 @@ LsarQueryPrimaryDomain(LSAPR_HANDLE PolicyHandle,
             goto Done;
         }
 
-        Status = LsapGetObjectAttribute((PLSA_DB_OBJECT)PolicyHandle,
+        Status = LsapGetObjectAttribute(PolicyObject,
                                         L"PolPrDmS",
                                         p->Sid,
                                         &AttributeSize);
@@ -247,7 +249,7 @@ Done:
 
 
 NTSTATUS
-LsarQueryAccountDomain(LSAPR_HANDLE PolicyHandle,
+LsarQueryAccountDomain(PLSA_DB_OBJECT PolicyObject,
                        PLSAPR_POLICY_INFORMATION *PolicyInformation)
 {
     PLSAPR_POLICY_ACCOUNT_DOM_INFO p = NULL;
@@ -262,7 +264,7 @@ LsarQueryAccountDomain(LSAPR_HANDLE PolicyHandle,
         return STATUS_INSUFFICIENT_RESOURCES;
 
     /* Domain Name */
-    Status = LsapGetObjectAttribute((PLSA_DB_OBJECT)PolicyHandle,
+    Status = LsapGetObjectAttribute(PolicyObject,
                                     L"PolAcDmN",
                                     NULL,
                                     &AttributeSize);
@@ -280,7 +282,7 @@ LsarQueryAccountDomain(LSAPR_HANDLE PolicyHandle,
             goto Done;
         }
 
-        Status = LsapGetObjectAttribute((PLSA_DB_OBJECT)PolicyHandle,
+        Status = LsapGetObjectAttribute(PolicyObject,
                                         L"PolAcDmN",
                                         DomainName,
                                         &AttributeSize);
@@ -310,7 +312,7 @@ LsarQueryAccountDomain(LSAPR_HANDLE PolicyHandle,
 
     /* Domain SID */
     AttributeSize = 0;
-    Status = LsapGetObjectAttribute((PLSA_DB_OBJECT)PolicyHandle,
+    Status = LsapGetObjectAttribute(PolicyObject,
                                     L"PolAcDmS",
                                     NULL,
                                     &AttributeSize);
@@ -328,7 +330,7 @@ LsarQueryAccountDomain(LSAPR_HANDLE PolicyHandle,
             goto Done;
         }
 
-        Status = LsapGetObjectAttribute((PLSA_DB_OBJECT)PolicyHandle,
+        Status = LsapGetObjectAttribute(PolicyObject,
                                         L"PolAcDmS",
                                         p->Sid,
                                         &AttributeSize);
@@ -356,7 +358,7 @@ Done:
 
 
 NTSTATUS
-LsarQueryDnsDomain(LSAPR_HANDLE PolicyHandle,
+LsarQueryDnsDomain(PLSA_DB_OBJECT PolicyObject,
                    PLSAPR_POLICY_INFORMATION *PolicyInformation)
 {
     PLSAPR_POLICY_DNS_DOMAIN_INFO p = NULL;