ReactOS  0.4.14-dev-114-gc8cbd56
database.c File Reference
#include "lsasrv.h"
Include dependency graph for database.c:

Go to the source code of this file.

Functions

static NTSTATUS LsapOpenServiceKey (VOID)
 
static BOOLEAN LsapIsDatabaseInstalled (VOID)
 
static NTSTATUS LsapCreateDatabaseKeys (VOID)
 
static NTSTATUS LsapCreateRandomDomainSid (OUT PSID *Sid)
 
static NTSTATUS LsapCreateDatabaseObjects (VOID)
 
static NTSTATUS LsapUpdateDatabase (VOID)
 
static NTSTATUS LsapGetDomainInfo (VOID)
 
NTSTATUS LsapInitDatabase (VOID)
 
NTSTATUS LsapCreateDbObject (IN PLSA_DB_OBJECT ParentObject, IN LPWSTR ContainerName, IN LPWSTR ObjectName, IN LSA_DB_OBJECT_TYPE ObjectType, IN ACCESS_MASK DesiredAccess, IN BOOLEAN Trusted, OUT PLSA_DB_OBJECT *DbObject)
 
NTSTATUS LsapOpenDbObject (IN PLSA_DB_OBJECT ParentObject, IN LPWSTR ContainerName, IN LPWSTR ObjectName, IN LSA_DB_OBJECT_TYPE ObjectType, IN ACCESS_MASK DesiredAccess, IN BOOLEAN Trusted, OUT PLSA_DB_OBJECT *DbObject)
 
NTSTATUS LsapValidateDbObject (LSAPR_HANDLE Handle, LSA_DB_OBJECT_TYPE ObjectType, ACCESS_MASK DesiredAccess, PLSA_DB_OBJECT *DbObject)
 
NTSTATUS LsapCloseDbObject (PLSA_DB_OBJECT DbObject)
 
NTSTATUS LsapDeleteDbObject (IN PLSA_DB_OBJECT DbObject)
 
NTSTATUS LsapSetObjectAttribute (PLSA_DB_OBJECT DbObject, LPWSTR AttributeName, LPVOID AttributeData, ULONG AttributeSize)
 
NTSTATUS LsapGetObjectAttribute (PLSA_DB_OBJECT DbObject, LPWSTR AttributeName, LPVOID AttributeData, PULONG AttributeSize)
 
NTSTATUS LsapDeleteObjectAttribute (PLSA_DB_OBJECT DbObject, LPWSTR AttributeName)
 

Variables

static HANDLE SecurityKeyHandle = NULL
 
SID_IDENTIFIER_AUTHORITY NullSidAuthority = {SECURITY_NULL_SID_AUTHORITY}
 
SID_IDENTIFIER_AUTHORITY WorldSidAuthority = {SECURITY_WORLD_SID_AUTHORITY}
 
SID_IDENTIFIER_AUTHORITY LocalSidAuthority = {SECURITY_LOCAL_SID_AUTHORITY}
 
SID_IDENTIFIER_AUTHORITY CreatorSidAuthority = {SECURITY_CREATOR_SID_AUTHORITY}
 
SID_IDENTIFIER_AUTHORITY NtAuthority = {SECURITY_NT_AUTHORITY}
 
PSID BuiltinDomainSid = NULL
 
PSID AccountDomainSid = NULL
 
UNICODE_STRING BuiltinDomainName = {0, 0, NULL}
 
UNICODE_STRING AccountDomainName = {0, 0, NULL}
 

Function Documentation

◆ LsapCloseDbObject()

NTSTATUS LsapCloseDbObject ( PLSA_DB_OBJECT  DbObject)

Definition at line 868 of file database.c.

869 {
870  PLSA_DB_OBJECT ParentObject = NULL;
872 
873  DbObject->RefCount--;
874 
875  if (DbObject->RefCount > 0)
876  return STATUS_SUCCESS;
877 
878  if (DbObject->KeyHandle != NULL)
879  NtClose(DbObject->KeyHandle);
880 
881  if (DbObject->ParentObject != NULL)
882  ParentObject = DbObject->ParentObject;
883 
884  RtlFreeHeap(RtlGetProcessHeap(), 0, DbObject);
885 
886  if (ParentObject != NULL)
887  {
888  ParentObject->RefCount--;
889 
890  if (ParentObject->RefCount == 0)
891  Status = LsapCloseDbObject(ParentObject);
892  }
893 
894  return Status;
895 }
LONG NTSTATUS
Definition: precomp.h:26
struct _LSA_DB_OBJECT * ParentObject
Definition: lsasrv.h:64
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
Definition: heap.c:606
NTSTATUS LsapCloseDbObject(PLSA_DB_OBJECT DbObject)
Definition: database.c:868
HANDLE KeyHandle
Definition: lsasrv.h:62
smooth NULL
Definition: ftsmooth.c:416
ULONG RefCount
Definition: lsasrv.h:60
NTSTATUS NTAPI NtClose(IN HANDLE Handle)
Definition: obhandle.c:3399
Status
Definition: gdiplustypes.h:24
return STATUS_SUCCESS
Definition: btrfs.c:2966

Referenced by LsapCreateDatabaseObjects(), LsapDeleteDbObject(), LsapGetDomainInfo(), LsarAddAccountRights(), LsarClose(), LsarCreateSecret(), LsarOpenSecret(), LsarRemoveAccountRights(), LsarRetrievePrivateData(), and LsarStorePrivateData().

◆ LsapCreateDatabaseKeys()

static NTSTATUS LsapCreateDatabaseKeys ( VOID  )
static

Definition at line 85 of file database.c.

86 {
89  HANDLE PolicyKeyHandle = NULL;
90  HANDLE AccountsKeyHandle = NULL;
91  HANDLE DomainsKeyHandle = NULL;
92  HANDLE SecretsKeyHandle = NULL;
94 
95  TRACE("LsapInstallDatabase()\n");
96 
97  /* Create the 'Policy' key */
99  L"Policy");
100 
102  &KeyName,
105  NULL);
106 
107  Status = NtCreateKey(&PolicyKeyHandle,
110  0,
111  NULL,
112  0,
113  NULL);
114  if (!NT_SUCCESS(Status))
115  {
116  ERR("Failed to create the 'Policy' key (Status: 0x%08lx)\n", Status);
117  goto Done;
118  }
119 
120  /* Create the 'Accounts' key */
122  L"Accounts");
123 
125  &KeyName,
127  PolicyKeyHandle,
128  NULL);
129 
130  Status = NtCreateKey(&AccountsKeyHandle,
133  0,
134  NULL,
135  0,
136  NULL);
137  if (!NT_SUCCESS(Status))
138  {
139  ERR("Failed to create the 'Accounts' key (Status: 0x%08lx)\n", Status);
140  goto Done;
141  }
142 
143  /* Create the 'Domains' key */
145  L"Domains");
146 
148  &KeyName,
150  PolicyKeyHandle,
151  NULL);
152 
153  Status = NtCreateKey(&DomainsKeyHandle,
156  0,
157  NULL,
158  0,
159  NULL);
160  if (!NT_SUCCESS(Status))
161  {
162  ERR("Failed to create the 'Domains' key (Status: 0x%08lx)\n", Status);
163  goto Done;
164  }
165 
166  /* Create the 'Secrets' key */
168  L"Secrets");
169 
171  &KeyName,
173  PolicyKeyHandle,
174  NULL);
175 
176  Status = NtCreateKey(&SecretsKeyHandle,
179  0,
180  NULL,
181  0,
182  NULL);
183  if (!NT_SUCCESS(Status))
184  {
185  ERR("Failed to create the 'Secrets' key (Status: 0x%08lx)\n", Status);
186  goto Done;
187  }
188 
189 Done:
190  if (SecretsKeyHandle != NULL)
191  NtClose(SecretsKeyHandle);
192 
193  if (DomainsKeyHandle != NULL)
194  NtClose(DomainsKeyHandle);
195 
196  if (AccountsKeyHandle != NULL)
197  NtClose(AccountsKeyHandle);
198 
199  if (PolicyKeyHandle != NULL)
200  NtClose(PolicyKeyHandle);
201 
202  TRACE("LsapInstallDatabase() done (Status: 0x%08lx)\n", Status);
203 
204  return Status;
205 }
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
_Must_inspect_result_ _Out_ PNDIS_STATUS _In_ NDIS_HANDLE _In_ ULONG _Out_ PNDIS_STRING KeyName
Definition: ndis.h:4711
NTSTATUS NTAPI NtCreateKey(OUT PHANDLE KeyHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN ULONG TitleIndex, IN PUNICODE_STRING Class OPTIONAL, IN ULONG CreateOptions, OUT PULONG Disposition OPTIONAL)
Definition: ntapi.c:240
LONG NTSTATUS
Definition: precomp.h:26
smooth NULL
Definition: ftsmooth.c:416
#define TRACE(s)
Definition: solgame.cpp:4
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
NTSTATUS NTAPI NtClose(IN HANDLE Handle)
Definition: obhandle.c:3399
#define OBJ_CASE_INSENSITIVE
Definition: winternl.h:228
static const WCHAR L[]
Definition: oid.c:1250
static HANDLE SecurityKeyHandle
Definition: database.c:13
Status
Definition: gdiplustypes.h:24
#define ERR(fmt,...)
Definition: debug.h:109
#define KEY_ALL_ACCESS
Definition: nt_native.h:1041
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
#define InitializeObjectAttributes(p, n, a, r, s)
Definition: reg.c:106
return STATUS_SUCCESS
Definition: btrfs.c:2966

Referenced by LsapInitDatabase().

◆ LsapCreateDatabaseObjects()

static NTSTATUS LsapCreateDatabaseObjects ( VOID  )
static

Definition at line 232 of file database.c.

233 {
234  PLSAP_POLICY_AUDIT_EVENTS_DATA AuditEventsInfo = NULL;
235  POLICY_DEFAULT_QUOTA_INFO QuotaInfo;
236  POLICY_MODIFICATION_INFO ModificationInfo;
237  POLICY_AUDIT_FULL_QUERY_INFO AuditFullInfo = {FALSE, FALSE};
238  POLICY_AUDIT_LOG_INFO AuditLogInfo;
239  GUID DnsDomainGuid;
240  PLSA_DB_OBJECT PolicyObject = NULL;
242  PSECURITY_DESCRIPTOR PolicySd = NULL;
243  ULONG PolicySdSize = 0;
244  ULONG i;
246 
247  /* Initialize the default quota limits */
248  QuotaInfo.QuotaLimits.PagedPoolLimit = 0x2000000;
249  QuotaInfo.QuotaLimits.NonPagedPoolLimit = 0x100000;
250  QuotaInfo.QuotaLimits.MinimumWorkingSetSize = 0x10000;
251  QuotaInfo.QuotaLimits.MaximumWorkingSetSize = 0xF000000;
252  QuotaInfo.QuotaLimits.PagefileLimit = 0;
253  QuotaInfo.QuotaLimits.TimeLimit.QuadPart = 0;
254 
255  /* Initialize the audit log attribute */
256  AuditLogInfo.AuditLogPercentFull = 0;
257  AuditLogInfo.MaximumLogSize = 0; // DWORD
258  AuditLogInfo.AuditRetentionPeriod.QuadPart = 0; // LARGE_INTEGER
259  AuditLogInfo.AuditLogFullShutdownInProgress = 0; // BYTE
260  AuditLogInfo.TimeToShutdown.QuadPart = 0; // LARGE_INTEGER
261  AuditLogInfo.NextAuditRecordId = 0; // DWORD
262 
263  /* Initialize the Audit Events attribute */
264  AuditEventsInfo = RtlAllocateHeap(RtlGetProcessHeap(),
267  if (AuditEventsInfo == NULL)
269 
270  AuditEventsInfo->AuditingMode = FALSE;
272  for (i = 0; i < POLICY_AUDIT_EVENT_TYPE_COUNT; i++)
273  AuditEventsInfo->AuditEvents[i] = 0;
274 
275  /* Initialize the DNS Domain GUID attribute */
276  RtlZeroMemory(&DnsDomainGuid, sizeof(DnsDomainGuid));
277 
278  /* Initialize the modification attribute */
279  ModificationInfo.ModifiedId.QuadPart = 0;
280  NtQuerySystemTime(&ModificationInfo.DatabaseCreationTime);
281 
282  /* Create a random domain SID */
284  if (!NT_SUCCESS(Status))
285  goto done;
286 
287  Status = LsapCreatePolicySd(&PolicySd, &PolicySdSize);
288  if (!NT_SUCCESS(Status))
289  goto done;
290 
291  /* Open the 'Policy' object */
293  NULL,
294  L"Policy",
296  0,
297  TRUE,
298  &PolicyObject);
299  if (!NT_SUCCESS(Status))
300  goto done;
301 
302  /* Set the Primary Domain Name attribute */
303  LsapSetObjectAttribute(PolicyObject,
304  L"PolPrDmN",
305  NULL,
306  0);
307 
308  /* Set the Primary Domain SID attribute */
309  LsapSetObjectAttribute(PolicyObject,
310  L"PolPrDmS",
311  NULL,
312  0);
313 
314  /* Set the Account Domain Name attribute */
315  LsapSetObjectAttribute(PolicyObject,
316  L"PolAcDmN",
317  NULL,
318  0);
319 
320  /* Set the Account Domain SID attribute */
321  LsapSetObjectAttribute(PolicyObject,
322  L"PolAcDmS",
325 
326  /* Set the default quota limits attribute */
327  LsapSetObjectAttribute(PolicyObject,
328  L"DefQuota",
329  &QuotaInfo,
330  sizeof(QuotaInfo));
331 
332  /* Set the modification attribute */
333  LsapSetObjectAttribute(PolicyObject,
334  L"PolMod",
335  &ModificationInfo,
336  sizeof(ModificationInfo));
337 
338  /* Set the audit full attribute */
339  LsapSetObjectAttribute(PolicyObject,
340  L"PolAdtFl",
341  &AuditFullInfo,
342  sizeof(AuditFullInfo));
343 
344  /* Set the audit log attribute */
345  LsapSetObjectAttribute(PolicyObject,
346  L"PolAdtLg",
347  &AuditLogInfo,
348  sizeof(AuditLogInfo));
349 
350  /* Set the audit events attribute */
351  LsapSetObjectAttribute(PolicyObject,
352  L"PolAdtEv",
353  AuditEventsInfo,
354  sizeof(*AuditEventsInfo));
355 
356  /* Set the DNS Domain Name attribute */
357  LsapSetObjectAttribute(PolicyObject,
358  L"PolDnDDN",
359  NULL,
360  0);
361 
362  /* Set the DNS Forest Name attribute */
363  LsapSetObjectAttribute(PolicyObject,
364  L"PolDnTrN",
365  NULL,
366  0);
367 
368  /* Set the DNS Domain GUID attribute */
369  LsapSetObjectAttribute(PolicyObject,
370  L"PolDnDmG",
371  &DnsDomainGuid,
372  sizeof(DnsDomainGuid));
373 
374  /* Set the Security Descriptor */
375  LsapSetObjectAttribute(PolicyObject,
376  L"SecDesc",
377  PolicySd,
378  PolicySdSize);
379 
380 done:
381  if (AuditEventsInfo != NULL)
382  RtlFreeHeap(RtlGetProcessHeap(), 0, AuditEventsInfo);
383 
384  if (PolicyObject != NULL)
385  LsapCloseDbObject(PolicyObject);
386 
387  if (AccountDomainSid != NULL)
389 
390  if (PolicySd != NULL)
391  RtlFreeHeap(RtlGetProcessHeap(), 0, PolicySd);
392 
393  return Status;
394 }
LARGE_INTEGER TimeLimit
Definition: lsa.idl:292
NTSTATUS LsapOpenDbObject(IN PLSA_DB_OBJECT ParentObject, IN LPWSTR ContainerName, IN LPWSTR ObjectName, IN LSA_DB_OBJECT_TYPE ObjectType, IN ACCESS_MASK DesiredAccess, IN BOOLEAN Trusted, OUT PLSA_DB_OBJECT *DbObject)
Definition: database.c:710
INT64 NonPagedPoolLimit
Definition: lsa.idl:288
#define TRUE
Definition: types.h:120
NTSTATUS LsapSetObjectAttribute(PLSA_DB_OBJECT DbObject, LPWSTR AttributeName, LPVOID AttributeData, ULONG AttributeSize)
Definition: database.c:959
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
INT64 PagefileLimit
Definition: lsa.idl:291
NTSYSAPI PVOID NTAPI RtlFreeSid(_In_ _Post_invalid_ PSID Sid)
LONG NTSTATUS
Definition: precomp.h:26
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
Definition: heap.c:606
static NTSTATUS LsapCreateRandomDomainSid(OUT PSID *Sid)
Definition: database.c:209
DWORD AuditEvents[POLICY_AUDIT_EVENT_TYPE_COUNT]
Definition: lsasrv.h:73
NTSTATUS LsapCloseDbObject(PLSA_DB_OBJECT DbObject)
Definition: database.c:868
QUOTA_LIMITS QuotaLimits
Definition: ntsecapi.h:588
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
NTSTATUS LsapCreatePolicySd(PSECURITY_DESCRIPTOR *PolicySd, PULONG PolicySdSize)
Definition: security.c:14
INT64 PagedPoolLimit
Definition: lsa.idl:287
smooth NULL
Definition: ftsmooth.c:416
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
Definition: sid.c:150
PVOID NTAPI RtlAllocateHeap(IN PVOID HeapHandle, IN ULONG Flags, IN SIZE_T Size)
Definition: heap.c:588
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
LARGE_INTEGER TimeToShutdown
Definition: ntsecapi.h:554
BOOLEAN AuditLogFullShutdownInProgress
Definition: ntsecapi.h:553
static const WCHAR L[]
Definition: oid.c:1250
LARGE_INTEGER ModifiedId
Definition: ntsecapi.h:591
INT64 MinimumWorkingSetSize
Definition: lsa.idl:289
Status
Definition: gdiplustypes.h:24
LARGE_INTEGER AuditRetentionPeriod
Definition: ntsecapi.h:552
#define HEAP_ZERO_MEMORY
Definition: compat.h:123
INT64 MaximumWorkingSetSize
Definition: lsa.idl:290
LARGE_INTEGER DatabaseCreationTime
Definition: ntsecapi.h:592
unsigned int ULONG
Definition: retypes.h:1
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:261
NTSTATUS NTAPI NtQuerySystemTime(OUT PLARGE_INTEGER SystemTime)
Definition: time.c:417
PSID AccountDomainSid
Definition: database.c:22
LONGLONG QuadPart
Definition: typedefs.h:112
#define POLICY_AUDIT_EVENT_TYPE_COUNT
Definition: lsasrv.h:69

Referenced by LsapInitDatabase().

◆ LsapCreateDbObject()

NTSTATUS LsapCreateDbObject ( IN PLSA_DB_OBJECT  ParentObject,
IN LPWSTR  ContainerName,
IN LPWSTR  ObjectName,
IN LSA_DB_OBJECT_TYPE  ObjectType,
IN ACCESS_MASK  DesiredAccess,
IN BOOLEAN  Trusted,
OUT PLSA_DB_OBJECT DbObject 
)

Definition at line 590 of file database.c.

597 {
601  HANDLE ParentKeyHandle;
602  HANDLE ContainerKeyHandle = NULL;
603  HANDLE ObjectKeyHandle = NULL;
605 
606  if (DbObject == NULL)
608 
609  if (ParentObject == NULL)
610  ParentKeyHandle = SecurityKeyHandle;
611  else
612  ParentKeyHandle = ParentObject->KeyHandle;
613 
614  if (ContainerName != NULL)
615  {
616  /* Open the container key */
618  ContainerName);
619 
621  &KeyName,
623  ParentKeyHandle,
624  NULL);
625 
626  Status = NtOpenKey(&ContainerKeyHandle,
629  if (!NT_SUCCESS(Status))
630  {
631  return Status;
632  }
633 
634  /* Open the object key */
636  ObjectName);
637 
639  &KeyName,
641  ContainerKeyHandle,
642  NULL);
643 
644  Status = NtCreateKey(&ObjectKeyHandle,
647  0,
648  NULL,
649  0,
650  NULL);
651 
652  NtClose(ContainerKeyHandle);
653 
654  if (!NT_SUCCESS(Status))
655  {
656  return Status;
657  }
658  }
659  else
660  {
662  ObjectName);
663 
665  &KeyName,
667  ParentKeyHandle,
668  NULL);
669 
670  Status = NtCreateKey(&ObjectKeyHandle,
673  0,
674  NULL,
675  0,
676  NULL);
677  if (!NT_SUCCESS(Status))
678  {
679  return Status;
680  }
681  }
682 
683  NewObject = RtlAllocateHeap(RtlGetProcessHeap(),
684  0,
685  sizeof(LSA_DB_OBJECT));
686  if (NewObject == NULL)
687  {
688  NtClose(ObjectKeyHandle);
689  return STATUS_NO_MEMORY;
690  }
691 
692  NewObject->Signature = LSAP_DB_SIGNATURE;
693  NewObject->RefCount = 1;
694  NewObject->ObjectType = ObjectType;
695  NewObject->Access = DesiredAccess;
696  NewObject->KeyHandle = ObjectKeyHandle;
697  NewObject->ParentObject = ParentObject;
698  NewObject->Trusted = Trusted;
699 
700  if (ParentObject != NULL)
701  ParentObject->RefCount++;
702 
703  *DbObject = NewObject;
704 
705  return STATUS_SUCCESS;
706 }
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
ObjectType
Definition: metafile.c:80
_Must_inspect_result_ _Out_ PNDIS_STATUS _In_ NDIS_HANDLE _In_ ULONG _Out_ PNDIS_STRING KeyName
Definition: ndis.h:4711
NTSTATUS NTAPI NtCreateKey(OUT PHANDLE KeyHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN ULONG TitleIndex, IN PUNICODE_STRING Class OPTIONAL, IN ULONG CreateOptions, OUT PULONG Disposition OPTIONAL)
Definition: ntapi.c:240
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
LONG NTSTATUS
Definition: precomp.h:26
_In_ PVOID _Out_opt_ PULONG_PTR _Outptr_opt_ PCUNICODE_STRING * ObjectName
Definition: cmfuncs.h:62
smooth NULL
Definition: ftsmooth.c:416
PVOID NTAPI RtlAllocateHeap(IN PVOID HeapHandle, IN ULONG Flags, IN SIZE_T Size)
Definition: heap.c:588
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
NTSTATUS NTAPI NtClose(IN HANDLE Handle)
Definition: obhandle.c:3399
#define OBJ_CASE_INSENSITIVE
Definition: winternl.h:228
static HANDLE SecurityKeyHandle
Definition: database.c:13
Status
Definition: gdiplustypes.h:24
#define LSAP_DB_SIGNATURE
Definition: lsasrv.h:67
#define KEY_ALL_ACCESS
Definition: nt_native.h:1041
_In_ PIO_STACK_LOCATION _Inout_ PFILE_OBJECT _Inout_ PVCB _Outptr_result_maybenull_ PDCB _In_ PDCB _In_ PDIRENT _In_ ULONG _In_ ULONG _In_ PUNICODE_STRING _In_ PACCESS_MASK DesiredAccess
Definition: create.c:4157
#define STATUS_NO_MEMORY
Definition: ntstatus.h:246
NTSYSAPI NTSTATUS NTAPI NtOpenKey(OUT PHANDLE KeyHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes)
Definition: ntapi.c:336
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
#define InitializeObjectAttributes(p, n, a, r, s)
Definition: reg.c:106
_Inout_opt_ PACCESS_STATE _In_opt_ ACCESS_MASK _In_ ULONG _Out_opt_ PVOID * NewObject
Definition: obfuncs.h:71
return STATUS_SUCCESS
Definition: btrfs.c:2966

Referenced by LsarCreateSecret(), LsarpCreateAccount(), and LsarStorePrivateData().

◆ LsapCreateRandomDomainSid()

static NTSTATUS LsapCreateRandomDomainSid ( OUT PSID Sid)
static

Definition at line 209 of file database.c.

210 {
211  LARGE_INTEGER SystemTime;
212  PULONG Seed;
213 
214  NtQuerySystemTime(&SystemTime);
215  Seed = &SystemTime.u.LowPart;
216 
218  4,
220  RtlUniform(Seed),
221  RtlUniform(Seed),
222  RtlUniform(Seed),
227  Sid);
228 }
NTSYSAPI NTSTATUS NTAPI RtlAllocateAndInitializeSid(IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, IN UCHAR SubAuthorityCount, IN ULONG SubAuthority0, IN ULONG SubAuthority1, IN ULONG SubAuthority2, IN ULONG SubAuthority3, IN ULONG SubAuthority4, IN ULONG SubAuthority5, IN ULONG SubAuthority6, IN ULONG SubAuthority7, OUT PSID *Sid)
Definition: sid.c:290
NTSYSAPI ULONG NTAPI RtlUniform(_In_ PULONG Seed)
struct _LARGE_INTEGER::@2205 u
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1104
#define SECURITY_NULL_RID
Definition: setypes.h:512
unsigned int * PULONG
Definition: retypes.h:1
NTSTATUS NTAPI NtQuerySystemTime(OUT PLARGE_INTEGER SystemTime)
Definition: time.c:417
#define SECURITY_NT_NON_UNIQUE
Definition: setypes.h:549
SID_IDENTIFIER_AUTHORITY NtAuthority
Definition: database.c:19

Referenced by LsapCreateDatabaseObjects().

◆ LsapDeleteDbObject()

NTSTATUS LsapDeleteDbObject ( IN PLSA_DB_OBJECT  DbObject)

Definition at line 899 of file database.c.

900 {
901  PLSA_DB_OBJECT ParentObject = NULL;
902  WCHAR KeyName[64];
903  ULONG Index;
905 
906  DbObject->RefCount--;
907 
908  if (DbObject->RefCount > 0)
909  return STATUS_SUCCESS;
910 
911  if (DbObject->KeyHandle != NULL)
912  {
913  Index = 0;
914 
915  while (TRUE)
916  {
917  Status = LsapRegEnumerateSubKey(DbObject->KeyHandle,
918  Index,
919  sizeof(KeyName),
920  KeyName);
921  if (!NT_SUCCESS(Status))
922  break;
923 
924  TRACE("Index: %lu\n", Index);
925  TRACE("Key name: %S\n", KeyName);
926 
927  Status = LsapRegDeleteSubKey(DbObject->KeyHandle,
928  KeyName);
929  if (!NT_SUCCESS(Status))
930  break;
931  }
932 
935 
936  LsapRegDeleteKey(DbObject->KeyHandle);
937 
938  NtClose(DbObject->KeyHandle);
939  }
940 
941  if (DbObject->ParentObject != NULL)
942  ParentObject = DbObject->ParentObject;
943 
944  RtlFreeHeap(RtlGetProcessHeap(), 0, DbObject);
945 
946  if (ParentObject != NULL)
947  {
948  ParentObject->RefCount--;
949 
950  if (ParentObject->RefCount == 0)
951  Status = LsapCloseDbObject(ParentObject);
952  }
953 
954  return Status;
955 }
NTSTATUS LsapRegDeleteSubKey(IN HANDLE ParentKeyHandle, IN LPCWSTR KeyName)
Definition: registry.c:59
_Must_inspect_result_ _Out_ PNDIS_STATUS _In_ NDIS_HANDLE _In_ ULONG _Out_ PNDIS_STRING KeyName
Definition: ndis.h:4711
#define TRUE
Definition: types.h:120
#define STATUS_NO_MORE_ENTRIES
Definition: ntstatus.h:193
LONG NTSTATUS
Definition: precomp.h:26
struct _LSA_DB_OBJECT * ParentObject
Definition: lsasrv.h:64
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
Definition: heap.c:606
NTSTATUS LsapRegDeleteKey(IN HANDLE KeyHandle)
Definition: registry.c:89
NTSTATUS LsapCloseDbObject(PLSA_DB_OBJECT DbObject)
Definition: database.c:868
smooth NULL
Definition: ftsmooth.c:416
#define TRACE(s)
Definition: solgame.cpp:4
__wchar_t WCHAR
Definition: xmlstorage.h:180
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
static const UCHAR Index[8]
Definition: usbohci.c:18
ULONG RefCount
Definition: lsasrv.h:60
NTSTATUS NTAPI NtClose(IN HANDLE Handle)
Definition: obhandle.c:3399
Status
Definition: gdiplustypes.h:24
unsigned int ULONG
Definition: retypes.h:1
return STATUS_SUCCESS
Definition: btrfs.c:2966
NTSTATUS LsapRegEnumerateSubKey(IN HANDLE KeyHandle, IN ULONG Index, IN ULONG Length, OUT LPWSTR Buffer)
Definition: registry.c:96

Referenced by LsarDeleteObject(), and LsarStorePrivateData().

◆ LsapDeleteObjectAttribute()

NTSTATUS LsapDeleteObjectAttribute ( PLSA_DB_OBJECT  DbObject,
LPWSTR  AttributeName 
)

Definition at line 1080 of file database.c.

1082 {
1083  return LsapRegDeleteSubKey(DbObject->KeyHandle,
1084  AttributeName);
1085 }
NTSTATUS LsapRegDeleteSubKey(IN HANDLE ParentKeyHandle, IN LPCWSTR KeyName)
Definition: registry.c:59
HANDLE KeyHandle
Definition: lsasrv.h:62

Referenced by LsarRemovePrivilegesFromAccount().

◆ LsapGetDomainInfo()

static NTSTATUS LsapGetDomainInfo ( VOID  )
static

Definition at line 405 of file database.c.

406 {
407  PLSA_DB_OBJECT PolicyObject = NULL;
408  PUNICODE_STRING DomainName = NULL;
409  ULONG AttributeSize;
410  LPWSTR SidString = NULL;
412 
413  /* Get the built-in domain SID and name */
415  1,
417  0, 0, 0, 0, 0, 0, 0,
419  if (!NT_SUCCESS(Status))
420  return Status;
421 
422 
424  L"BUILTIN");
425 
426  /* Open the 'Policy' object */
428  NULL,
429  L"Policy",
431  0,
432  TRUE,
433  &PolicyObject);
434  if (!NT_SUCCESS(Status))
435  goto done;
436 
437  /* Get the account domain SID */
438  AttributeSize = 0;
439  Status = LsapGetObjectAttribute(PolicyObject,
440  L"PolAcDmS",
441  NULL,
442  &AttributeSize);
443  if (!NT_SUCCESS(Status))
444  goto done;
445 
446  if (AttributeSize > 0)
447  {
448  AccountDomainSid = RtlAllocateHeap(RtlGetProcessHeap(),
450  AttributeSize);
451  if (AccountDomainSid == NULL)
452  {
454  goto done;
455  }
456 
457  Status = LsapGetObjectAttribute(PolicyObject,
458  L"PolAcDmS",
460  &AttributeSize);
461  if (!NT_SUCCESS(Status))
462  goto done;
463  }
464 
465  /* Get the account domain name */
466  AttributeSize = 0;
467  Status = LsapGetObjectAttribute(PolicyObject,
468  L"PolAcDmN",
469  NULL,
470  &AttributeSize);
471  if (!NT_SUCCESS(Status))
472  goto done;
473 
474  if (AttributeSize > 0)
475  {
476  DomainName = RtlAllocateHeap(RtlGetProcessHeap(),
478  AttributeSize);
479  if (DomainName == NULL)
480  {
482  goto done;
483  }
484 
485  Status = LsapGetObjectAttribute(PolicyObject,
486  L"PolAcDmN",
487  DomainName,
488  &AttributeSize);
489  if (!NT_SUCCESS(Status))
490  goto done;
491 
492  DomainName->Buffer = (LPWSTR)((ULONG_PTR)DomainName + (ULONG_PTR)DomainName->Buffer);
493 
494  AccountDomainName.Length = DomainName->Length;
495  AccountDomainName.MaximumLength = DomainName->Length + sizeof(WCHAR);
496  AccountDomainName.Buffer = RtlAllocateHeap(RtlGetProcessHeap(),
500  {
501  ERR("Failed to allocate the account domain name buffer\n");
503  goto done;
504  }
505 
507  DomainName->Buffer,
508  DomainName->Length);
509  }
510 
512  TRACE("Builtin Domain SID: %S\n", SidString);
513  LocalFree(SidString);
514  SidString = NULL;
515 
516  TRACE("Builtin Domain Name: %wZ\n", &BuiltinDomainName);
517 
519  TRACE("Account Domain SID: %S\n", SidString);
520  LocalFree(SidString);
521  SidString = NULL;
522 
523  TRACE("Account Domain Name: %wZ\n", &AccountDomainName);
524 
525 done:
526  if (DomainName != NULL)
527  RtlFreeHeap(RtlGetProcessHeap(), 0, DomainName);
528 
529  if (PolicyObject != NULL)
530  LsapCloseDbObject(PolicyObject);
531 
532  return Status;
533 }
NTSTATUS LsapOpenDbObject(IN PLSA_DB_OBJECT ParentObject, IN LPWSTR ContainerName, IN LPWSTR ObjectName, IN LSA_DB_OBJECT_TYPE ObjectType, IN ACCESS_MASK DesiredAccess, IN BOOLEAN Trusted, OUT PLSA_DB_OBJECT *DbObject)
Definition: database.c:710
#define TRUE
Definition: types.h:120
NTSYSAPI VOID NTAPI RtlCopyMemory(VOID UNALIGNED *Destination, CONST VOID UNALIGNED *Source, ULONG Length)
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
USHORT MaximumLength
Definition: env_spec_w32.h:370
LONG NTSTATUS
Definition: precomp.h:26
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
Definition: heap.c:606
BOOL WINAPI ConvertSidToStringSidW(PSID Sid, LPWSTR *StringSid)
Definition: security.c:3259
NTSYSAPI NTSTATUS NTAPI RtlAllocateAndInitializeSid(IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, IN UCHAR SubAuthorityCount, IN ULONG SubAuthority0, IN ULONG SubAuthority1, IN ULONG SubAuthority2, IN ULONG SubAuthority3, IN ULONG SubAuthority4, IN ULONG SubAuthority5, IN ULONG SubAuthority6, IN ULONG SubAuthority7, OUT PSID *Sid)
Definition: sid.c:290
UNICODE_STRING AccountDomainName
Definition: database.c:24
NTSTATUS LsapCloseDbObject(PLSA_DB_OBJECT DbObject)
Definition: database.c:868
uint32_t ULONG_PTR
Definition: typedefs.h:63
PSID BuiltinDomainSid
Definition: database.c:21
smooth NULL
Definition: ftsmooth.c:416
PVOID NTAPI RtlAllocateHeap(IN PVOID HeapHandle, IN ULONG Flags, IN SIZE_T Size)
Definition: heap.c:588
#define TRACE(s)
Definition: solgame.cpp:4
#define SECURITY_BUILTIN_DOMAIN_RID
Definition: setypes.h:553
__wchar_t WCHAR
Definition: xmlstorage.h:180
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
UNICODE_STRING BuiltinDomainName
Definition: database.c:23
static const WCHAR L[]
Definition: oid.c:1250
Status
Definition: gdiplustypes.h:24
#define ERR(fmt,...)
Definition: debug.h:109
HLOCAL NTAPI LocalFree(HLOCAL hMem)
Definition: heapmem.c:1577
#define HEAP_ZERO_MEMORY
Definition: compat.h:123
unsigned int ULONG
Definition: retypes.h:1
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
#define ULONG_PTR
Definition: config.h:101
PSID AccountDomainSid
Definition: database.c:22
WCHAR * LPWSTR
Definition: xmlstorage.h:184
NTSTATUS LsapGetObjectAttribute(PLSA_DB_OBJECT DbObject, LPWSTR AttributeName, LPVOID AttributeData, PULONG AttributeSize)
Definition: database.c:1010
SID_IDENTIFIER_AUTHORITY NtAuthority
Definition: database.c:19

Referenced by LsapInitDatabase().

◆ LsapGetObjectAttribute()

NTSTATUS LsapGetObjectAttribute ( PLSA_DB_OBJECT  DbObject,
LPWSTR  AttributeName,
LPVOID  AttributeData,
PULONG  AttributeSize 
)

Definition at line 1010 of file database.c.

1014 {
1017  HANDLE AttributeKey;
1018  ULONG ValueSize;
1019  NTSTATUS Status;
1020 
1022  AttributeName);
1023 
1025  &KeyName,
1027  DbObject->KeyHandle,
1028  NULL);
1029 
1030  Status = NtOpenKey(&AttributeKey,
1032  &ObjectAttributes);
1033  if (!NT_SUCCESS(Status))
1034  {
1035  return Status;
1036  }
1037 
1038  ValueSize = *AttributeSize;
1039  Status = RtlpNtQueryValueKey(AttributeKey,
1040  NULL,
1041  NULL,
1042  &ValueSize,
1043  0);
1045  {
1046  goto Done;
1047  }
1048 
1049  if (AttributeData == NULL || *AttributeSize == 0)
1050  {
1051  *AttributeSize = ValueSize;
1053  goto Done;
1054  }
1055  else if (*AttributeSize < ValueSize)
1056  {
1057  *AttributeSize = ValueSize;
1059  goto Done;
1060  }
1061 
1062  Status = RtlpNtQueryValueKey(AttributeKey,
1063  NULL,
1064  AttributeData,
1065  &ValueSize,
1066  0);
1067  if (NT_SUCCESS(Status))
1068  {
1069  *AttributeSize = ValueSize;
1070  }
1071 
1072 Done:
1073  NtClose(AttributeKey);
1074 
1075  return Status;
1076 }
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
_Must_inspect_result_ _Out_ PNDIS_STATUS _In_ NDIS_HANDLE _In_ ULONG _Out_ PNDIS_STRING KeyName
Definition: ndis.h:4711
LONG NTSTATUS
Definition: precomp.h:26
HANDLE KeyHandle
Definition: lsasrv.h:62
smooth NULL
Definition: ftsmooth.c:416
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
NTSTATUS NTAPI NtClose(IN HANDLE Handle)
Definition: obhandle.c:3399
#define OBJ_CASE_INSENSITIVE
Definition: winternl.h:228
NTSTATUS NTAPI RtlpNtQueryValueKey(IN HANDLE KeyHandle, OUT PULONG Type OPTIONAL, OUT PVOID Data OPTIONAL, IN OUT PULONG DataLength OPTIONAL, IN ULONG Unused)
Definition: registry.c:933
Status
Definition: gdiplustypes.h:24
#define STATUS_BUFFER_OVERFLOW
Definition: shellext.h:61
#define KEY_QUERY_VALUE
Definition: nt_native.h:1016
NTSYSAPI NTSTATUS NTAPI NtOpenKey(OUT PHANDLE KeyHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes)
Definition: ntapi.c:336
unsigned int ULONG
Definition: retypes.h:1
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
#define InitializeObjectAttributes(p, n, a, r, s)
Definition: reg.c:106
return STATUS_SUCCESS
Definition: btrfs.c:2966

Referenced by LsapGetDomainInfo(), LsarAddAccountRights(), LsarAddPrivilegesToAccount(), LsarEnumeratePrivilegesAccount(), LsarGetQuotasForAccount(), LsarGetSystemAccessAccount(), LsarQueryAccountDomain(), LsarQueryAuditEvents(), LsarQueryAuditFull(), LsarQueryAuditLog(), LsarQueryDefaultQuota(), LsarQueryDnsDomain(), LsarQueryModification(), LsarQueryPrimaryDomain(), LsarQuerySecret(), LsarQuerySecurityObject(), LsarQueryServerRole(), LsarRemoveAccountRights(), LsarRemovePrivilegesFromAccount(), LsarRetrievePrivateData(), LsarSetAuditFull(), LsarSetQuotasForAccount(), and LsarSetSecurityObject().

◆ LsapInitDatabase()

NTSTATUS LsapInitDatabase ( VOID  )

Definition at line 537 of file database.c.

538 {
540 
541  TRACE("LsapInitDatabase()\n");
542 
544  if (!NT_SUCCESS(Status))
545  {
546  ERR("Failed to open the service key (Status: 0x%08lx)\n", Status);
547  return Status;
548  }
549 
551  {
553  if (!NT_SUCCESS(Status))
554  {
555  ERR("Failed to create the LSA database keys (Status: 0x%08lx)\n", Status);
556  return Status;
557  }
558 
560  if (!NT_SUCCESS(Status))
561  {
562  ERR("Failed to create the LSA database objects (Status: 0x%08lx)\n", Status);
563  return Status;
564  }
565  }
566  else
567  {
569  if (!NT_SUCCESS(Status))
570  {
571  ERR("Failed to update the LSA database (Status: 0x%08lx)\n", Status);
572  return Status;
573  }
574  }
575 
577  if (!NT_SUCCESS(Status))
578  {
579  ERR("Failed to get the domain information (Status: 0x%08lx)\n", Status);
580  return Status;
581  }
582 
583  TRACE("LsapInitDatabase() done\n");
584 
585  return STATUS_SUCCESS;
586 }
static BOOLEAN LsapIsDatabaseInstalled(VOID)
Definition: database.c:55
LONG NTSTATUS
Definition: precomp.h:26
static NTSTATUS LsapOpenServiceKey(VOID)
Definition: database.c:30
static NTSTATUS LsapGetDomainInfo(VOID)
Definition: database.c:405
static NTSTATUS LsapCreateDatabaseObjects(VOID)
Definition: database.c:232
static NTSTATUS LsapUpdateDatabase(VOID)
Definition: database.c:398
#define TRACE(s)
Definition: solgame.cpp:4
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
Status
Definition: gdiplustypes.h:24
#define ERR(fmt,...)
Definition: debug.h:109
static NTSTATUS LsapCreateDatabaseKeys(VOID)
Definition: database.c:85
return STATUS_SUCCESS
Definition: btrfs.c:2966

Referenced by LsapInitLsa().

◆ LsapIsDatabaseInstalled()

static BOOLEAN LsapIsDatabaseInstalled ( VOID  )
static

Definition at line 55 of file database.c.

56 {
61 
63  L"Policy");
64 
66  &KeyName,
69  NULL);
70 
72  KEY_READ,
74  0);
75  if (!NT_SUCCESS(Status))
76  return FALSE;
77 
79 
80  return TRUE;
81 }
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
_Must_inspect_result_ _Out_ PNDIS_STATUS _In_ NDIS_HANDLE _In_ ULONG _Out_ PNDIS_STRING KeyName
Definition: ndis.h:4711
#define TRUE
Definition: types.h:120
_Must_inspect_result_ _Out_ PNDIS_STATUS _In_ NDIS_HANDLE _In_ ULONG _Out_ PNDIS_STRING _Out_ PNDIS_HANDLE KeyHandle
Definition: ndis.h:4711
#define KEY_READ
Definition: nt_native.h:1023
LONG NTSTATUS
Definition: precomp.h:26
smooth NULL
Definition: ftsmooth.c:416
NTSTATUS NTAPI RtlpNtOpenKey(OUT HANDLE KeyHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN ULONG Unused)
Definition: registry.c:912
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
NTSTATUS NTAPI NtClose(IN HANDLE Handle)
Definition: obhandle.c:3399
#define OBJ_CASE_INSENSITIVE
Definition: winternl.h:228
static const WCHAR L[]
Definition: oid.c:1250
static HANDLE SecurityKeyHandle
Definition: database.c:13
Status
Definition: gdiplustypes.h:24
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
#define InitializeObjectAttributes(p, n, a, r, s)
Definition: reg.c:106

Referenced by LsapInitDatabase().

◆ LsapOpenDbObject()

NTSTATUS LsapOpenDbObject ( IN PLSA_DB_OBJECT  ParentObject,
IN LPWSTR  ContainerName,
IN LPWSTR  ObjectName,
IN LSA_DB_OBJECT_TYPE  ObjectType,
IN ACCESS_MASK  DesiredAccess,
IN BOOLEAN  Trusted,
OUT PLSA_DB_OBJECT DbObject 
)

Definition at line 710 of file database.c.

717 {
721  HANDLE ParentKeyHandle;
722  HANDLE ContainerKeyHandle = NULL;
723  HANDLE ObjectKeyHandle = NULL;
725 
726  if (DbObject == NULL)
728 
729  if (ParentObject == NULL)
730  ParentKeyHandle = SecurityKeyHandle;
731  else
732  ParentKeyHandle = ParentObject->KeyHandle;
733 
734  if (ContainerName != NULL)
735  {
736  /* Open the container key */
738  ContainerName);
739 
741  &KeyName,
743  ParentKeyHandle,
744  NULL);
745 
746  Status = NtOpenKey(&ContainerKeyHandle,
749  if (!NT_SUCCESS(Status))
750  {
751  return Status;
752  }
753 
754  /* Open the object key */
756  ObjectName);
757 
759  &KeyName,
761  ContainerKeyHandle,
762  NULL);
763 
764  Status = NtOpenKey(&ObjectKeyHandle,
767 
768  NtClose(ContainerKeyHandle);
769 
770  if (!NT_SUCCESS(Status))
771  {
772  return Status;
773  }
774  }
775  else
776  {
777  /* Open the object key */
779  ObjectName);
780 
782  &KeyName,
784  ParentKeyHandle,
785  NULL);
786 
787  Status = NtOpenKey(&ObjectKeyHandle,
790  if (!NT_SUCCESS(Status))
791  {
792  return Status;
793  }
794  }
795 
796  NewObject = RtlAllocateHeap(RtlGetProcessHeap(),
797  0,
798  sizeof(LSA_DB_OBJECT));
799  if (NewObject == NULL)
800  {
801  NtClose(ObjectKeyHandle);
802  return STATUS_NO_MEMORY;
803  }
804 
805  NewObject->Signature = LSAP_DB_SIGNATURE;
806  NewObject->RefCount = 1;
807  NewObject->ObjectType = ObjectType;
808  NewObject->Access = DesiredAccess;
809  NewObject->KeyHandle = ObjectKeyHandle;
810  NewObject->ParentObject = ParentObject;
811  NewObject->Trusted = Trusted;
812 
813  if (ParentObject != NULL)
814  ParentObject->RefCount++;
815 
816  *DbObject = NewObject;
817 
818  return STATUS_SUCCESS;
819 }
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
ObjectType
Definition: metafile.c:80
_Must_inspect_result_ _Out_ PNDIS_STATUS _In_ NDIS_HANDLE _In_ ULONG _Out_ PNDIS_STRING KeyName
Definition: ndis.h:4711
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
LONG NTSTATUS
Definition: precomp.h:26
_In_ PVOID _Out_opt_ PULONG_PTR _Outptr_opt_ PCUNICODE_STRING * ObjectName
Definition: cmfuncs.h:62
smooth NULL
Definition: ftsmooth.c:416
PVOID NTAPI RtlAllocateHeap(IN PVOID HeapHandle, IN ULONG Flags, IN SIZE_T Size)
Definition: heap.c:588
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
NTSTATUS NTAPI NtClose(IN HANDLE Handle)
Definition: obhandle.c:3399
#define OBJ_CASE_INSENSITIVE
Definition: winternl.h:228
static HANDLE SecurityKeyHandle
Definition: database.c:13
Status
Definition: gdiplustypes.h:24
#define LSAP_DB_SIGNATURE
Definition: lsasrv.h:67
#define KEY_ALL_ACCESS
Definition: nt_native.h:1041
_In_ PIO_STACK_LOCATION _Inout_ PFILE_OBJECT _Inout_ PVCB _Outptr_result_maybenull_ PDCB _In_ PDCB _In_ PDIRENT _In_ ULONG _In_ ULONG _In_ PUNICODE_STRING _In_ PACCESS_MASK DesiredAccess
Definition: create.c:4157
#define STATUS_NO_MEMORY
Definition: ntstatus.h:246
NTSYSAPI NTSTATUS NTAPI NtOpenKey(OUT PHANDLE KeyHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes)
Definition: ntapi.c:336
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
#define InitializeObjectAttributes(p, n, a, r, s)
Definition: reg.c:106
_Inout_opt_ PACCESS_STATE _In_opt_ ACCESS_MASK _In_ ULONG _Out_opt_ PVOID * NewObject
Definition: obfuncs.h:71
return STATUS_SUCCESS
Definition: btrfs.c:2966

Referenced by LsaIOpenPolicyTrusted(), LsapCreateDatabaseObjects(), LsapGetDomainInfo(), LsarOpenPolicy(), LsarOpenSecret(), LsarpOpenAccount(), LsarRetrievePrivateData(), and LsarStorePrivateData().

◆ LsapOpenServiceKey()

static NTSTATUS LsapOpenServiceKey ( VOID  )
static

Definition at line 30 of file database.c.

31 {
35 
37  L"\\Registry\\Machine\\SECURITY");
38 
40  &KeyName,
42  NULL,
43  NULL);
44 
48  0);
49 
50  return Status;
51 }
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
_Must_inspect_result_ _Out_ PNDIS_STATUS _In_ NDIS_HANDLE _In_ ULONG _Out_ PNDIS_STRING KeyName
Definition: ndis.h:4711
#define KEY_READ
Definition: nt_native.h:1023
LONG NTSTATUS
Definition: precomp.h:26
smooth NULL
Definition: ftsmooth.c:416
NTSTATUS NTAPI RtlpNtOpenKey(OUT HANDLE KeyHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN ULONG Unused)
Definition: registry.c:912
#define OBJ_CASE_INSENSITIVE
Definition: winternl.h:228
static const WCHAR L[]
Definition: oid.c:1250
static HANDLE SecurityKeyHandle
Definition: database.c:13
Status
Definition: gdiplustypes.h:24
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
#define InitializeObjectAttributes(p, n, a, r, s)
Definition: reg.c:106
#define KEY_CREATE_SUB_KEY
Definition: nt_native.h:1018
#define KEY_ENUMERATE_SUB_KEYS
Definition: nt_native.h:1019

Referenced by LsapInitDatabase().

◆ LsapSetObjectAttribute()

NTSTATUS LsapSetObjectAttribute ( PLSA_DB_OBJECT  DbObject,
LPWSTR  AttributeName,
LPVOID  AttributeData,
ULONG  AttributeSize 
)

Definition at line 959 of file database.c.

963 {
966  HANDLE AttributeKey;
968 
970  AttributeName);
971 
973  &KeyName,
975  DbObject->KeyHandle,
976  NULL);
977 
978  Status = NtCreateKey(&AttributeKey,
981  0,
982  NULL,
984  NULL);
985  if (!NT_SUCCESS(Status))
986  {
987  ERR("NtCreateKey failed for '%S' with status 0x%lx\n",
988  AttributeName, Status);
989  return Status;
990  }
991 
992  Status = RtlpNtSetValueKey(AttributeKey,
993  REG_NONE,
995  AttributeSize);
996 
997  NtClose(AttributeKey);
998 
999  if (!NT_SUCCESS(Status))
1000  {
1001  ERR("RtlpNtSetValueKey failed for '%S' with status 0x%lx\n",
1002  AttributeName, Status);
1003  }
1004 
1005  return Status;
1006 }
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
_Must_inspect_result_ _Out_ PNDIS_STATUS _In_ NDIS_HANDLE _In_ ULONG _Out_ PNDIS_STRING KeyName
Definition: ndis.h:4711
NTSTATUS NTAPI NtCreateKey(OUT PHANDLE KeyHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN ULONG TitleIndex, IN PUNICODE_STRING Class OPTIONAL, IN ULONG CreateOptions, OUT PULONG Disposition OPTIONAL)
Definition: ntapi.c:240
#define KEY_SET_VALUE
Definition: nt_native.h:1017
LONG NTSTATUS
Definition: precomp.h:26
HANDLE KeyHandle
Definition: lsasrv.h:62
smooth NULL
Definition: ftsmooth.c:416
#define REG_OPTION_NON_VOLATILE
Definition: nt_native.h:1057
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
NTSTATUS NTAPI NtClose(IN HANDLE Handle)
Definition: obhandle.c:3399
#define OBJ_CASE_INSENSITIVE
Definition: winternl.h:228
Status
Definition: gdiplustypes.h:24
#define ERR(fmt,...)
Definition: debug.h:109
NTSTATUS NTAPI RtlpNtSetValueKey(IN HANDLE KeyHandle, IN ULONG Type, IN PVOID Data, IN ULONG DataLength)
Definition: registry.c:988
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
#define InitializeObjectAttributes(p, n, a, r, s)
Definition: reg.c:106
#define REG_NONE
Definition: nt_native.h:1492

Referenced by LsapCreateDatabaseObjects(), LsarAddAccountRights(), LsarAddPrivilegesToAccount(), LsarCreateSecret(), LsarpCreateAccount(), LsarRemoveAccountRights(), LsarRemovePrivilegesFromAccount(), LsarSetAccountDomain(), LsarSetAuditEvents(), LsarSetAuditFull(), LsarSetAuditLog(), LsarSetDefaultQuota(), LsarSetModification(), LsarSetPrimaryDomain(), LsarSetQuotasForAccount(), LsarSetSecret(), LsarSetSecurityObject(), LsarSetServerRole(), LsarSetSystemAccessAccount(), and LsarStorePrivateData().

◆ LsapUpdateDatabase()

static NTSTATUS LsapUpdateDatabase ( VOID  )
static

Definition at line 398 of file database.c.

399 {
400  return STATUS_SUCCESS;
401 }
return STATUS_SUCCESS
Definition: btrfs.c:2966

Referenced by LsapInitDatabase().

◆ LsapValidateDbObject()

NTSTATUS LsapValidateDbObject ( LSAPR_HANDLE  Handle,
LSA_DB_OBJECT_TYPE  ObjectType,
ACCESS_MASK  DesiredAccess,
PLSA_DB_OBJECT DbObject 
)

Definition at line 823 of file database.c.

827 {
828  PLSA_DB_OBJECT LocalObject = (PLSA_DB_OBJECT)Handle;
829  BOOLEAN bValid = FALSE;
830 
831  _SEH2_TRY
832  {
833  if (LocalObject->Signature == LSAP_DB_SIGNATURE)
834  {
835  if ((ObjectType == LsaDbIgnoreObject) ||
836  (LocalObject->ObjectType == ObjectType))
837  bValid = TRUE;
838  }
839  }
841  {
842  bValid = FALSE;
843  }
844  _SEH2_END;
845 
846  if (bValid == FALSE)
847  return STATUS_INVALID_HANDLE;
848 
849  if (DesiredAccess != 0)
850  {
851  /* Check for granted access rights */
852  if ((LocalObject->Access & DesiredAccess) != DesiredAccess)
853  {
854  ERR("LsapValidateDbObject access check failed %08lx %08lx\n",
855  LocalObject->Access, DesiredAccess);
856  return STATUS_ACCESS_DENIED;
857  }
858  }
859 
860  if (DbObject != NULL)
861  *DbObject = LocalObject;
862 
863  return STATUS_SUCCESS;
864 }
ACCESS_MASK Access
Definition: lsasrv.h:61
ObjectType
Definition: metafile.c:80
#define TRUE
Definition: types.h:120
LSA_DB_OBJECT_TYPE ObjectType
Definition: lsasrv.h:59
#define STATUS_INVALID_HANDLE
Definition: ntstatus.h:231
_SEH2_TRY
Definition: create.c:4250
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
unsigned char BOOLEAN
smooth NULL
Definition: ftsmooth.c:416
_In_ HANDLE Handle
Definition: extypes.h:390
#define STATUS_ACCESS_DENIED
Definition: udferr_usr.h:145
ULONG Signature
Definition: lsasrv.h:58
#define ERR(fmt,...)
Definition: debug.h:109
#define LSAP_DB_SIGNATURE
Definition: lsasrv.h:67
_SEH2_END
Definition: create.c:4424
_In_ PIO_STACK_LOCATION _Inout_ PFILE_OBJECT _Inout_ PVCB _Outptr_result_maybenull_ PDCB _In_ PDCB _In_ PDIRENT _In_ ULONG _In_ ULONG _In_ PUNICODE_STRING _In_ PACCESS_MASK DesiredAccess
Definition: create.c:4157
struct _LSA_DB_OBJECT * PLSA_DB_OBJECT
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:6
return STATUS_SUCCESS
Definition: btrfs.c:2966

Referenced by LsarAddAccountRights(), LsarAddPrivilegesToAccount(), LsarClose(), LsarCreateAccount(), LsarCreateSecret(), LsarDeleteObject(), LsarEnumerateAccounts(), LsarEnumerateAccountsWithUserRight(), LsarEnumeratePrivileges(), LsarEnumeratePrivilegesAccount(), LsarGetQuotasForAccount(), LsarGetSystemAccessAccount(), LsarLookupPrivilegeDisplayName(), LsarLookupPrivilegeName(), LsarLookupPrivilegeValue(), LsarOpenAccount(), LsarOpenSecret(), LsarQueryInformationPolicy(), LsarQuerySecret(), LsarQuerySecurityObject(), LsarRemoveAccountRights(), LsarRemovePrivilegesFromAccount(), LsarRetrievePrivateData(), LsarSetInformationPolicy(), LsarSetQuotasForAccount(), LsarSetSecret(), LsarSetSecurityObject(), LsarSetSystemAccessAccount(), and LsarStorePrivateData().

Variable Documentation

◆ AccountDomainName

◆ AccountDomainSid

◆ BuiltinDomainName

◆ BuiltinDomainSid

PSID BuiltinDomainSid = NULL

Definition at line 21 of file database.c.

Referenced by LsapGetDomainInfo().

◆ CreatorSidAuthority

Definition at line 18 of file database.c.

Referenced by LsapInitSids().

◆ LocalSidAuthority

Definition at line 17 of file database.c.

Referenced by LsapInitSids().

◆ NtAuthority

◆ NullSidAuthority

Definition at line 15 of file database.c.

Referenced by LsapInitSids().

◆ SecurityKeyHandle

HANDLE SecurityKeyHandle = NULL
static

◆ WorldSidAuthority