From: Eric Kohl Date: Wed, 26 Sep 2012 16:15:29 +0000 (+0000) Subject: [LSASRV] X-Git-Tag: backups/ros-csrss@57560~164 X-Git-Url: https://git.reactos.org/?p=reactos.git;a=commitdiff_plain;h=c7dbcac228935f9da82d2f83820b7c39747102c0;hp=2e2e4fca4e511d8b23eb1065f9f027a0635e28de [LSASRV] - Implement most missing information classes of LsarQueryInformationPolicy. - Add initialization code for new attributes of the policy object. - Implement LsarQueryInformationPolicy2 and LsarSetInformationPolicy2. svn path=/trunk/; revision=57391 --- diff --git a/reactos/dll/win32/lsasrv/database.c b/reactos/dll/win32/lsasrv/database.c index 268074a91d0..b5d4fc707aa 100644 --- a/reactos/dll/win32/lsasrv/database.c +++ b/reactos/dll/win32/lsasrv/database.c @@ -226,9 +226,17 @@ LsapCreateRandomDomainSid(OUT PSID *Sid) static NTSTATUS LsapCreateDatabaseObjects(VOID) { + PLSAP_POLICY_AUDIT_EVENTS_DATA AuditEventsInfo = NULL; POLICY_DEFAULT_QUOTA_INFO QuotaInfo; + POLICY_MODIFICATION_INFO ModificationInfo; + POLICY_AUDIT_FULL_QUERY_INFO AuditFullInfo = {FALSE, FALSE}; + POLICY_AUDIT_LOG_INFO AuditLogInfo; + PLSA_DB_OBJECT PolicyObject = NULL; PSID AccountDomainSid = NULL; + ULONG AuditEventsCount; + ULONG AuditEventsSize; + ULONG i; NTSTATUS Status; /* Initialize the default quota limits */ @@ -239,10 +247,35 @@ LsapCreateDatabaseObjects(VOID) QuotaInfo.QuotaLimits.PagefileLimit = 0; QuotaInfo.QuotaLimits.TimeLimit.QuadPart = 0; + /* Initialize the audit log attribute */ + AuditLogInfo.AuditLogPercentFull = 0; + AuditLogInfo.MaximumLogSize = 0; // DWORD + AuditLogInfo.AuditRetentionPeriod.QuadPart = 0; // LARGE_INTEGER + AuditLogInfo.AuditLogFullShutdownInProgress = 0; // BYTE + AuditLogInfo.TimeToShutdown.QuadPart = 0; // LARGE_INTEGER + AuditLogInfo.NextAuditRecordId = 0; // DWORD + + AuditEventsCount = AuditCategoryAccountLogon - AuditCategorySystem + 1; + AuditEventsSize = sizeof(LSAP_POLICY_AUDIT_EVENTS_DATA) + AuditEventsCount * sizeof(DWORD); + AuditEventsInfo = RtlAllocateHeap(RtlGetProcessHeap(), + 0, + AuditEventsSize); + if (AuditEventsInfo == NULL) + return STATUS_INSUFFICIENT_RESOURCES; + + AuditEventsInfo->AuditingMode = FALSE; + AuditEventsInfo->MaximumAuditEventCount = AuditEventsCount; + for (i = 0; i < AuditEventsCount; i++) + AuditEventsInfo->AuditEvents[i] = 0; + + /* Initialize the modification attribute */ + ModificationInfo.ModifiedId.QuadPart = 0; + NtQuerySystemTime(&ModificationInfo.DatabaseCreationTime); + /* Create a random domain SID */ Status = LsapCreateRandomDomainSid(&AccountDomainSid); if (!NT_SUCCESS(Status)) - return Status; + goto done; /* Open the 'Policy' object */ Status = LsapOpenDbObject(NULL, @@ -279,7 +312,34 @@ LsapCreateDatabaseObjects(VOID) &QuotaInfo, sizeof(POLICY_DEFAULT_QUOTA_INFO)); + /* Set the modification attribute */ + LsapSetObjectAttribute(PolicyObject, + L"PolMod", + &ModificationInfo, + sizeof(POLICY_MODIFICATION_INFO)); + + /* Set the audit full attribute */ + LsapSetObjectAttribute(PolicyObject, + L"PolAdtFl", + &AuditFullInfo, + sizeof(POLICY_AUDIT_FULL_QUERY_INFO)); + + /* Set the audit log attribute */ + LsapSetObjectAttribute(PolicyObject, + L"PolAdtLg", + &AuditLogInfo, + sizeof(POLICY_AUDIT_LOG_INFO)); + + /* Set the audit events attribute */ + LsapSetObjectAttribute(PolicyObject, + L"PolAdtEv", + &AuditEventsInfo, + AuditEventsSize); + done: + if (AuditEventsInfo != NULL) + RtlFreeHeap(RtlGetProcessHeap(), 0, AuditEventsInfo); + if (PolicyObject != NULL) LsapCloseDbObject(PolicyObject); diff --git a/reactos/dll/win32/lsasrv/lsarpc.c b/reactos/dll/win32/lsasrv/lsarpc.c index 4f255bc10e2..9ec67ee8202 100644 --- a/reactos/dll/win32/lsasrv/lsarpc.c +++ b/reactos/dll/win32/lsasrv/lsarpc.c @@ -222,7 +222,6 @@ NTSTATUS WINAPI LsarQueryInformationPolicy( DesiredAccess = POLICY_GET_PRIVATE_INFORMATION; break; - case PolicyLastEntry: default: ERR("Invalid InformationClass!\n"); return STATUS_INVALID_PARAMETER; @@ -237,6 +236,10 @@ NTSTATUS WINAPI LsarQueryInformationPolicy( switch (InformationClass) { + case PolicyAuditLogInformation: /* 1 */ + Status = LsarQueryAuditLog(PolicyHandle, + PolicyInformation); + case PolicyAuditEventsInformation: /* 2 */ Status = LsarQueryAuditEvents(PolicyHandle, PolicyInformation); @@ -247,35 +250,54 @@ NTSTATUS WINAPI LsarQueryInformationPolicy( PolicyInformation); break; + case PolicyPdAccountInformation: /* 4 */ + Status = LsarQueryPdAccount(PolicyHandle, + PolicyInformation); + case PolicyAccountDomainInformation: /* 5 */ Status = LsarQueryAccountDomain(PolicyHandle, PolicyInformation); break; - case PolicyDefaultQuotaInformation: /* 8 */ + case PolicyLsaServerRoleInformation: /* 6 */ + Status = LsarQueryServerRole(PolicyHandle, + PolicyInformation); + break; + + case PolicyReplicaSourceInformation: /* 7 */ + Status = LsarQueryReplicaSource(PolicyHandle, + PolicyInformation); + + case PolicyDefaultQuotaInformation: /* 8 */ Status = LsarQueryDefaultQuota(PolicyHandle, PolicyInformation); break; - case PolicyDnsDomainInformation: /* 12 (0xc) */ + case PolicyModificationInformation: /* 9 */ + Status = LsarQueryModification(PolicyHandle, + PolicyInformation); + break; + + case PolicyAuditFullQueryInformation: /* 11 (0xB) */ + Status = LsarQueryAuditFull(PolicyHandle, + PolicyInformation); + break; + + case PolicyDnsDomainInformation: /* 12 (0xC) */ Status = LsarQueryDnsDomain(PolicyHandle, PolicyInformation); break; - case PolicyAuditLogInformation: - case PolicyPdAccountInformation: - case PolicyLsaServerRoleInformation: - case PolicyReplicaSourceInformation: - case PolicyModificationInformation: - case PolicyAuditFullSetInformation: - case PolicyAuditFullQueryInformation: - case PolicyDnsDomainInformationInt: - case PolicyLocalAccountDomainInformation: - FIXME("Information class not implemented\n"); - Status = STATUS_UNSUCCESSFUL; + case PolicyDnsDomainInformationInt: /* 13 (0xD) */ + Status = LsarQueryDnsDomainInt(PolicyHandle, + PolicyInformation); + break; + + case PolicyLocalAccountDomainInformation: /* 14 (0xE) */ + Status = LsarQueryLocalAccountDomain(PolicyHandle, + PolicyInformation); break; - case PolicyLastEntry: default: ERR("Invalid InformationClass!\n"); Status = STATUS_INVALID_PARAMETER; @@ -316,6 +338,9 @@ NTSTATUS WINAPI LsarSetInformationPolicy( case PolicyPrimaryDomainInformation: case PolicyAccountDomainInformation: + case PolicyDnsDomainInformation: + case PolicyDnsDomainInformationInt: + case PolicyLocalAccountDomainInformation: DesiredAccess = POLICY_TRUST_ADMIN; break; @@ -1761,10 +1786,11 @@ NTSTATUS WINAPI LsarGetUserName( NTSTATUS WINAPI LsarQueryInformationPolicy2( LSAPR_HANDLE PolicyHandle, POLICY_INFORMATION_CLASS InformationClass, - unsigned long *PolicyInformation) + PLSAPR_POLICY_INFORMATION *PolicyInformation) { - UNIMPLEMENTED; - return STATUS_NOT_IMPLEMENTED; + return LsarQueryInformationPolicy(PolicyHandle, + InformationClass, + PolicyInformation); } @@ -1772,10 +1798,11 @@ NTSTATUS WINAPI LsarQueryInformationPolicy2( NTSTATUS WINAPI LsarSetInformationPolicy2( LSAPR_HANDLE PolicyHandle, POLICY_INFORMATION_CLASS InformationClass, - unsigned long PolicyInformation) + PLSAPR_POLICY_INFORMATION PolicyInformation) { - UNIMPLEMENTED; - return STATUS_NOT_IMPLEMENTED; + return LsarSetInformationPolicy(PolicyHandle, + InformationClass, + PolicyInformation); } diff --git a/reactos/dll/win32/lsasrv/lsasrv.h b/reactos/dll/win32/lsasrv/lsasrv.h index 126d5cb7c36..1f387ac6a6b 100644 --- a/reactos/dll/win32/lsasrv/lsasrv.h +++ b/reactos/dll/win32/lsasrv/lsasrv.h @@ -53,6 +53,14 @@ typedef struct _LSA_DB_OBJECT #define LSAP_DB_SIGNATURE 0x12345678 +typedef struct _LSAP_POLICY_AUDIT_EVENTS_DATA +{ + BOOLEAN AuditingMode; + DWORD MaximumAuditEventCount; + DWORD AuditEvents[0]; +} LSAP_POLICY_AUDIT_EVENTS_DATA, *PLSAP_POLICY_AUDIT_EVENTS_DATA; + + /* authport.c */ NTSTATUS StartAuthenticationPort(VOID); @@ -101,6 +109,10 @@ VOID LsarStartRpcServer(VOID); /* policy.c */ +NTSTATUS +LsarQueryAuditLog(PLSA_DB_OBJECT PolicyObject, + PLSAPR_POLICY_INFORMATION *PolicyInformation); + NTSTATUS LsarQueryAuditEvents(PLSA_DB_OBJECT PolicyObject, PLSAPR_POLICY_INFORMATION *PolicyInformation); @@ -109,18 +121,46 @@ NTSTATUS LsarQueryPrimaryDomain(PLSA_DB_OBJECT PolicyObject, PLSAPR_POLICY_INFORMATION *PolicyInformation); +NTSTATUS +LsarQueryPdAccount(PLSA_DB_OBJECT PolicyObject, + PLSAPR_POLICY_INFORMATION *PolicyInformation); + NTSTATUS LsarQueryAccountDomain(PLSA_DB_OBJECT PolicyObject, PLSAPR_POLICY_INFORMATION *PolicyInformation); +NTSTATUS +LsarQueryServerRole(PLSA_DB_OBJECT PolicyObject, + PLSAPR_POLICY_INFORMATION *PolicyInformation); + +NTSTATUS +LsarQueryReplicaSource(PLSA_DB_OBJECT PolicyObject, + PLSAPR_POLICY_INFORMATION *PolicyInformation); + NTSTATUS LsarQueryDefaultQuota(PLSA_DB_OBJECT PolicyObject, PLSAPR_POLICY_INFORMATION *PolicyInformation); +NTSTATUS +LsarQueryModification(PLSA_DB_OBJECT PolicyObject, + PLSAPR_POLICY_INFORMATION *PolicyInformation); + +NTSTATUS +LsarQueryAuditFull(PLSA_DB_OBJECT PolicyObject, + PLSAPR_POLICY_INFORMATION *PolicyInformation); + NTSTATUS LsarQueryDnsDomain(PLSA_DB_OBJECT PolicyObject, PLSAPR_POLICY_INFORMATION *PolicyInformation); +NTSTATUS +LsarQueryDnsDomainInt(PLSA_DB_OBJECT PolicyObject, + PLSAPR_POLICY_INFORMATION *PolicyInformation); + +NTSTATUS +LsarQueryLocalAccountDomain(PLSA_DB_OBJECT PolicyObject, + PLSAPR_POLICY_INFORMATION *PolicyInformation); + NTSTATUS LsarSetPrimaryDomain(PLSA_DB_OBJECT PolicyObject, PLSAPR_POLICY_PRIMARY_DOM_INFO Info); diff --git a/reactos/dll/win32/lsasrv/policy.c b/reactos/dll/win32/lsasrv/policy.c index b8bad2e89df..24cc3cabfbb 100644 --- a/reactos/dll/win32/lsasrv/policy.c +++ b/reactos/dll/win32/lsasrv/policy.c @@ -118,22 +118,107 @@ LsarSetDnsDomain(PLSA_DB_OBJECT PolicyObject, } +NTSTATUS +LsarQueryAuditLog(PLSA_DB_OBJECT PolicyObject, + PLSAPR_POLICY_INFORMATION *PolicyInformation) +{ + PPOLICY_AUDIT_LOG_INFO AuditLogInfo = NULL; + ULONG AttributeSize; + NTSTATUS Status; + + *PolicyInformation = NULL; + + AttributeSize = sizeof(POLICY_AUDIT_LOG_INFO); + AuditLogInfo = MIDL_user_allocate(AttributeSize); + if (AuditLogInfo == NULL) + return STATUS_INSUFFICIENT_RESOURCES; + + Status = LsapGetObjectAttribute(PolicyObject, + L"PolAdtLg", + AuditLogInfo, + &AttributeSize); + if (!NT_SUCCESS(Status)) + { + MIDL_user_free(AuditLogInfo); + } + else + { + *PolicyInformation = (PLSAPR_POLICY_INFORMATION)AuditLogInfo; + } + + return Status; +} + + NTSTATUS LsarQueryAuditEvents(PLSA_DB_OBJECT PolicyObject, PLSAPR_POLICY_INFORMATION *PolicyInformation) { + PLSAP_POLICY_AUDIT_EVENTS_DATA AuditData = NULL; PLSAPR_POLICY_AUDIT_EVENTS_INFO p = NULL; + ULONG AttributeSize; + NTSTATUS Status = STATUS_SUCCESS; - p = MIDL_user_allocate(sizeof(LSAPR_POLICY_AUDIT_EVENTS_INFO)); - if (p == NULL) - return STATUS_INSUFFICIENT_RESOURCES; + *PolicyInformation = NULL; + + AttributeSize = 0; + Status = LsapGetObjectAttribute(PolicyObject, + L"PolAdtEv", + NULL, + &AttributeSize); + if (!NT_SUCCESS(Status)) + return Status; + + if (AttributeSize > 0) + { + AuditData = MIDL_user_allocate(AttributeSize); + if (AuditData == NULL) + return STATUS_INSUFFICIENT_RESOURCES; + + Status = LsapGetObjectAttribute(PolicyObject, + L"PolAdtEv", + AuditData, + &AttributeSize); + if (!NT_SUCCESS(Status)) + goto done; + + p = MIDL_user_allocate(sizeof(LSAPR_POLICY_AUDIT_EVENTS_INFO)); + if (p == NULL) + { + Status = STATUS_INSUFFICIENT_RESOURCES; + goto done; + } + + p->AuditingMode = AuditData->AuditingMode; + p->MaximumAuditEventCount = AuditData->MaximumAuditEventCount; - p->AuditingMode = FALSE; /* no auditing */ - p->EventAuditingOptions = NULL; - p->MaximumAuditEventCount = 0; + p->EventAuditingOptions = MIDL_user_allocate(AuditData->MaximumAuditEventCount * sizeof(DWORD)); + if (p->EventAuditingOptions == NULL) + { + Status = STATUS_INSUFFICIENT_RESOURCES; + goto done; + } + + memcpy(p->EventAuditingOptions, + &(AuditData->AuditEvents[0]), + AuditData->MaximumAuditEventCount * sizeof(DWORD)); + } *PolicyInformation = (PLSAPR_POLICY_INFORMATION)p; +done: + if (!NT_SUCCESS(Status)) + { + if (p->EventAuditingOptions != NULL) + MIDL_user_free(p->EventAuditingOptions); + + if (p != NULL) + MIDL_user_free(p); + } + + if (AuditData != NULL) + MIDL_user_free(AuditData); + return STATUS_SUCCESS; } @@ -248,6 +333,28 @@ Done: } +NTSTATUS +LsarQueryPdAccount(PLSA_DB_OBJECT PolicyObject, + PLSAPR_POLICY_INFORMATION *PolicyInformation) +{ + PLSAPR_POLICY_PD_ACCOUNT_INFO PdAccountInfo = NULL; + + *PolicyInformation = NULL; + + PdAccountInfo = MIDL_user_allocate(sizeof(LSAPR_POLICY_PD_ACCOUNT_INFO)); + if (PdAccountInfo == NULL) + return STATUS_INSUFFICIENT_RESOURCES; + + PdAccountInfo->Name.Length = 0; + PdAccountInfo->Name.MaximumLength = 0; + PdAccountInfo->Name.Buffer = NULL; + + *PolicyInformation = (PLSAPR_POLICY_INFORMATION)PdAccountInfo; + + return STATUS_SUCCESS; +} + + NTSTATUS LsarQueryAccountDomain(PLSA_DB_OBJECT PolicyObject, PLSAPR_POLICY_INFORMATION *PolicyInformation) @@ -357,6 +464,44 @@ Done: } +NTSTATUS +LsarQueryServerRole(PLSA_DB_OBJECT PolicyObject, + PLSAPR_POLICY_INFORMATION *PolicyInformation) +{ + PPOLICY_LSA_SERVER_ROLE_INFO ServerRoleInfo = NULL; + ULONG AttributeSize; + NTSTATUS Status; + + *PolicyInformation = NULL; + + AttributeSize = sizeof(POLICY_LSA_SERVER_ROLE_INFO); + ServerRoleInfo = MIDL_user_allocate(AttributeSize); + if (ServerRoleInfo == NULL) + return STATUS_INSUFFICIENT_RESOURCES; + + Status = LsapGetObjectAttribute(PolicyObject, + L"PolSrvRo", + ServerRoleInfo, + &AttributeSize); + if (Status == STATUS_OBJECT_NAME_NOT_FOUND) + { + ServerRoleInfo->LsaServerRole = PolicyServerRolePrimary; + Status = STATUS_SUCCESS; + } + + if (!NT_SUCCESS(Status)) + { + MIDL_user_free(ServerRoleInfo); + } + else + { + *PolicyInformation = (PLSAPR_POLICY_INFORMATION)ServerRoleInfo; + } + + return Status; +} + + NTSTATUS LsarQueryDefaultQuota(PLSA_DB_OBJECT PolicyObject, PLSAPR_POLICY_INFORMATION *PolicyInformation) @@ -389,6 +534,79 @@ LsarQueryDefaultQuota(PLSA_DB_OBJECT PolicyObject, } +NTSTATUS +LsarQueryReplicaSource(PLSA_DB_OBJECT PolicyObject, + PLSAPR_POLICY_INFORMATION *PolicyInformation) +{ + *PolicyInformation = NULL; + return STATUS_NOT_IMPLEMENTED; +} + + +NTSTATUS +LsarQueryModification(PLSA_DB_OBJECT PolicyObject, + PLSAPR_POLICY_INFORMATION *PolicyInformation) +{ + PPOLICY_MODIFICATION_INFO Info = NULL; + ULONG AttributeSize; + NTSTATUS Status; + + *PolicyInformation = NULL; + + AttributeSize = sizeof(POLICY_MODIFICATION_INFO); + Info = MIDL_user_allocate(AttributeSize); + if (Info == NULL) + return STATUS_INSUFFICIENT_RESOURCES; + + Status = LsapGetObjectAttribute(PolicyObject, + L"PolMod", + Info, + &AttributeSize); + if (!NT_SUCCESS(Status)) + { + MIDL_user_free(Info); + } + else + { + *PolicyInformation = (PLSAPR_POLICY_INFORMATION)Info; + } + + return Status; +} + + +NTSTATUS +LsarQueryAuditFull(PLSA_DB_OBJECT PolicyObject, + PLSAPR_POLICY_INFORMATION *PolicyInformation) +{ + PPOLICY_AUDIT_FULL_QUERY_INFO AuditFullInfo = NULL; + ULONG AttributeSize; + NTSTATUS Status; + + *PolicyInformation = NULL; + + AttributeSize = sizeof(POLICY_AUDIT_FULL_QUERY_INFO); + AuditFullInfo = MIDL_user_allocate(AttributeSize); + if (AuditFullInfo == NULL) + return STATUS_INSUFFICIENT_RESOURCES; + + Status = LsapGetObjectAttribute(PolicyObject, + L"PolAdtFl", + AuditFullInfo, + &AttributeSize); + if (!NT_SUCCESS(Status)) + { + MIDL_user_free(AuditFullInfo); + } + else + { + *PolicyInformation = (PLSAPR_POLICY_INFORMATION)AuditFullInfo; + } + + return Status; +} + + NTSTATUS LsarQueryDnsDomain(PLSA_DB_OBJECT PolicyObject, PLSAPR_POLICY_INFORMATION *PolicyInformation) @@ -432,4 +650,22 @@ LsarQueryDnsDomain(PLSA_DB_OBJECT PolicyObject, return STATUS_SUCCESS; } + +NTSTATUS +LsarQueryDnsDomainInt(PLSA_DB_OBJECT PolicyObject, + PLSAPR_POLICY_INFORMATION *PolicyInformation) +{ + *PolicyInformation = NULL; + return STATUS_NOT_IMPLEMENTED; +} + + +NTSTATUS +LsarQueryLocalAccountDomain(PLSA_DB_OBJECT PolicyObject, + PLSAPR_POLICY_INFORMATION *PolicyInformation) +{ + *PolicyInformation = NULL; + return STATUS_NOT_IMPLEMENTED; +} + /* EOF */ diff --git a/reactos/include/reactos/idl/lsa.idl b/reactos/include/reactos/idl/lsa.idl index 453bde89337..3edc645c2c7 100644 --- a/reactos/include/reactos/idl/lsa.idl +++ b/reactos/include/reactos/idl/lsa.idl @@ -240,14 +240,14 @@ typedef struct _POLICY_AUDIT_LOG_INFO { DWORD AuditLogPercentFull; DWORD MaximumLogSize; LARGE_INTEGER AuditRetentionPeriod; - BYTE AuditLogFullShutdownInProgress; + BOOLEAN AuditLogFullShutdownInProgress; LARGE_INTEGER TimeToShutdown; DWORD NextAuditRecordId; } POLICY_AUDIT_LOG_INFO, *PPOLICY_AUDIT_LOG_INFO; cpp_quote("#endif") typedef struct _LSAPR_POLICY_AUDIT_EVENTS_INFO { - BYTE AuditingMode; + BOOLEAN AuditingMode; [size_is(MaximumAuditEventCount)] DWORD *EventAuditingOptions; DWORD MaximumAuditEventCount; } LSAPR_POLICY_AUDIT_EVENTS_INFO, *PLSAPR_POLICY_AUDIT_EVENTS_INFO; @@ -889,15 +889,13 @@ cpp_quote("#if _WIN32_WINNT >= 0x0500") NTSTATUS __stdcall LsarQueryInformationPolicy2( [in] LSAPR_HANDLE PolicyHandle, [in] POLICY_INFORMATION_CLASS InformationClass, - [out] unsigned long *PolicyInformation); - /* FIXME: should be [out, switch_is(InformationClass)] PLSAPR_POLICY_INFORMATION *PolicyInformation); */ + [out, switch_is(InformationClass)] PLSAPR_POLICY_INFORMATION *PolicyInformation); /* Function 47 */ NTSTATUS __stdcall LsarSetInformationPolicy2( [in] LSAPR_HANDLE PolicyHandle, [in] POLICY_INFORMATION_CLASS InformationClass, - [in] unsigned long PolicyInformation); - /* FIXME: should be [in, switch_is(InformationClass)] PLSAPR_POLICY_INFORMATION PolicyInformation); */ + [in, switch_is(InformationClass)] PLSAPR_POLICY_INFORMATION PolicyInformation); /* Function 48 */ NTSTATUS __stdcall LsarQueryTrustedDomainInfoByName(