ReactOS  0.4.15-dev-2721-g5912c11
database.c File Reference
#include "lsasrv.h"
#include <pseh/pseh2.h>
Include dependency graph for database.c:

Go to the source code of this file.

Functions

static NTSTATUS LsapOpenServiceKey (VOID)
 
static BOOLEAN LsapIsDatabaseInstalled (VOID)
 
static NTSTATUS LsapCreateDatabaseKeys (VOID)
 
static NTSTATUS LsapCreateRandomDomainSid (OUT PSID *Sid)
 
static NTSTATUS LsapCreateDatabaseObjects (VOID)
 
static NTSTATUS LsapUpdateDatabase (VOID)
 
static NTSTATUS LsapGetDomainInfo (VOID)
 
NTSTATUS LsapInitDatabase (VOID)
 
NTSTATUS LsapCreateDbObject (IN PLSA_DB_OBJECT ParentObject, IN LPWSTR ContainerName, IN LPWSTR ObjectName, IN LSA_DB_OBJECT_TYPE ObjectType, IN ACCESS_MASK DesiredAccess, IN BOOLEAN Trusted, OUT PLSA_DB_OBJECT *DbObject)
 
NTSTATUS LsapOpenDbObject (IN PLSA_DB_OBJECT ParentObject, IN LPWSTR ContainerName, IN LPWSTR ObjectName, IN LSA_DB_OBJECT_TYPE ObjectType, IN ACCESS_MASK DesiredAccess, IN BOOLEAN Trusted, OUT PLSA_DB_OBJECT *DbObject)
 
NTSTATUS LsapValidateDbObject (LSAPR_HANDLE Handle, LSA_DB_OBJECT_TYPE ObjectType, ACCESS_MASK DesiredAccess, PLSA_DB_OBJECT *DbObject)
 
NTSTATUS LsapCloseDbObject (PLSA_DB_OBJECT DbObject)
 
NTSTATUS LsapDeleteDbObject (IN PLSA_DB_OBJECT DbObject)
 
NTSTATUS LsapSetObjectAttribute (PLSA_DB_OBJECT DbObject, LPWSTR AttributeName, LPVOID AttributeData, ULONG AttributeSize)
 
NTSTATUS LsapGetObjectAttribute (PLSA_DB_OBJECT DbObject, LPWSTR AttributeName, LPVOID AttributeData, PULONG AttributeSize)
 
NTSTATUS LsapDeleteObjectAttribute (PLSA_DB_OBJECT DbObject, LPWSTR AttributeName)
 

Variables

static HANDLE SecurityKeyHandle = NULL
 
SID_IDENTIFIER_AUTHORITY NullSidAuthority = {SECURITY_NULL_SID_AUTHORITY}
 
SID_IDENTIFIER_AUTHORITY WorldSidAuthority = {SECURITY_WORLD_SID_AUTHORITY}
 
SID_IDENTIFIER_AUTHORITY LocalSidAuthority = {SECURITY_LOCAL_SID_AUTHORITY}
 
SID_IDENTIFIER_AUTHORITY CreatorSidAuthority = {SECURITY_CREATOR_SID_AUTHORITY}
 
SID_IDENTIFIER_AUTHORITY NtAuthority = {SECURITY_NT_AUTHORITY}
 
PSID BuiltinDomainSid = NULL
 
PSID AccountDomainSid = NULL
 
UNICODE_STRING BuiltinDomainName = {0, 0, NULL}
 
UNICODE_STRING AccountDomainName = {0, 0, NULL}
 

Function Documentation

◆ LsapCloseDbObject()

NTSTATUS LsapCloseDbObject ( PLSA_DB_OBJECT  DbObject)

Definition at line 870 of file database.c.

871 {
872  PLSA_DB_OBJECT ParentObject = NULL;
874 
875  DbObject->RefCount--;
876 
877  if (DbObject->RefCount > 0)
878  return STATUS_SUCCESS;
879 
880  if (DbObject->KeyHandle != NULL)
881  NtClose(DbObject->KeyHandle);
882 
883  if (DbObject->ParentObject != NULL)
884  ParentObject = DbObject->ParentObject;
885 
886  RtlFreeHeap(RtlGetProcessHeap(), 0, DbObject);
887 
888  if (ParentObject != NULL)
889  {
890  ParentObject->RefCount--;
891 
892  if (ParentObject->RefCount == 0)
893  Status = LsapCloseDbObject(ParentObject);
894  }
895 
896  return Status;
897 }
LONG NTSTATUS
Definition: precomp.h:26
struct _LSA_DB_OBJECT * ParentObject
Definition: lsasrv.h:64
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
Definition: heap.c:606
NTSTATUS LsapCloseDbObject(PLSA_DB_OBJECT DbObject)
Definition: database.c:870
HANDLE KeyHandle
Definition: lsasrv.h:62
Status
Definition: gdiplustypes.h:24
ULONG RefCount
Definition: lsasrv.h:60
NTSTATUS NTAPI NtClose(IN HANDLE Handle)
Definition: obhandle.c:3398
#define NULL
Definition: types.h:112
#define STATUS_SUCCESS
Definition: shellext.h:65

Referenced by LsapCreateDatabaseObjects(), LsapDeleteDbObject(), LsapGetDomainInfo(), LsarAddAccountRights(), LsarClose(), LsarCreateSecret(), LsarOpenSecret(), LsarRemoveAccountRights(), LsarRetrievePrivateData(), and LsarStorePrivateData().

◆ LsapCreateDatabaseKeys()

static NTSTATUS LsapCreateDatabaseKeys ( VOID  )
static

Definition at line 87 of file database.c.

88 {
91  HANDLE PolicyKeyHandle = NULL;
92  HANDLE AccountsKeyHandle = NULL;
93  HANDLE DomainsKeyHandle = NULL;
94  HANDLE SecretsKeyHandle = NULL;
96 
97  TRACE("LsapInstallDatabase()\n");
98 
99  /* Create the 'Policy' key */
101  L"Policy");
102 
104  &KeyName,
107  NULL);
108 
109  Status = NtCreateKey(&PolicyKeyHandle,
112  0,
113  NULL,
114  0,
115  NULL);
116  if (!NT_SUCCESS(Status))
117  {
118  ERR("Failed to create the 'Policy' key (Status: 0x%08lx)\n", Status);
119  goto Done;
120  }
121 
122  /* Create the 'Accounts' key */
124  L"Accounts");
125 
127  &KeyName,
129  PolicyKeyHandle,
130  NULL);
131 
132  Status = NtCreateKey(&AccountsKeyHandle,
135  0,
136  NULL,
137  0,
138  NULL);
139  if (!NT_SUCCESS(Status))
140  {
141  ERR("Failed to create the 'Accounts' key (Status: 0x%08lx)\n", Status);
142  goto Done;
143  }
144 
145  /* Create the 'Domains' key */
147  L"Domains");
148 
150  &KeyName,
152  PolicyKeyHandle,
153  NULL);
154 
155  Status = NtCreateKey(&DomainsKeyHandle,
158  0,
159  NULL,
160  0,
161  NULL);
162  if (!NT_SUCCESS(Status))
163  {
164  ERR("Failed to create the 'Domains' key (Status: 0x%08lx)\n", Status);
165  goto Done;
166  }
167 
168  /* Create the 'Secrets' key */
170  L"Secrets");
171 
173  &KeyName,
175  PolicyKeyHandle,
176  NULL);
177 
178  Status = NtCreateKey(&SecretsKeyHandle,
181  0,
182  NULL,
183  0,
184  NULL);
185  if (!NT_SUCCESS(Status))
186  {
187  ERR("Failed to create the 'Secrets' key (Status: 0x%08lx)\n", Status);
188  goto Done;
189  }
190 
191 Done:
192  if (SecretsKeyHandle != NULL)
193  NtClose(SecretsKeyHandle);
194 
195  if (DomainsKeyHandle != NULL)
196  NtClose(DomainsKeyHandle);
197 
198  if (AccountsKeyHandle != NULL)
199  NtClose(AccountsKeyHandle);
200 
201  if (PolicyKeyHandle != NULL)
202  NtClose(PolicyKeyHandle);
203 
204  TRACE("LsapInstallDatabase() done (Status: 0x%08lx)\n", Status);
205 
206  return Status;
207 }
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
NTSTATUS NTAPI NtCreateKey(OUT PHANDLE KeyHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN ULONG TitleIndex, IN PUNICODE_STRING Class OPTIONAL, IN ULONG CreateOptions, OUT PULONG Disposition OPTIONAL)
Definition: ntapi.c:240
#define OBJ_CASE_INSENSITIVE
Definition: winternl.h:228
LONG NTSTATUS
Definition: precomp.h:26
_Must_inspect_result_ _In_ WDFDEVICE _In_ PCUNICODE_STRING KeyName
Definition: wdfdevice.h:2697
Status
Definition: gdiplustypes.h:24
#define TRACE(s)
Definition: solgame.cpp:4
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
NTSTATUS NTAPI NtClose(IN HANDLE Handle)
Definition: obhandle.c:3398
static const WCHAR L[]
Definition: oid.c:1250
static HANDLE SecurityKeyHandle
Definition: database.c:15
#define ERR(fmt,...)
Definition: debug.h:110
#define KEY_ALL_ACCESS
Definition: nt_native.h:1041
#define NULL
Definition: types.h:112
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
#define InitializeObjectAttributes(p, n, a, r, s)
Definition: reg.c:106
#define STATUS_SUCCESS
Definition: shellext.h:65

Referenced by LsapInitDatabase().

◆ LsapCreateDatabaseObjects()

static NTSTATUS LsapCreateDatabaseObjects ( VOID  )
static

Definition at line 234 of file database.c.

235 {
236  PLSAP_POLICY_AUDIT_EVENTS_DATA AuditEventsInfo = NULL;
237  POLICY_DEFAULT_QUOTA_INFO QuotaInfo;
238  POLICY_MODIFICATION_INFO ModificationInfo;
239  POLICY_AUDIT_FULL_QUERY_INFO AuditFullInfo = {FALSE, FALSE};
240  POLICY_AUDIT_LOG_INFO AuditLogInfo;
241  GUID DnsDomainGuid;
242  PLSA_DB_OBJECT PolicyObject = NULL;
244  PSECURITY_DESCRIPTOR PolicySd = NULL;
245  ULONG PolicySdSize = 0;
246  ULONG i;
248 
249  /* Initialize the default quota limits */
250  QuotaInfo.QuotaLimits.PagedPoolLimit = 0x2000000;
251  QuotaInfo.QuotaLimits.NonPagedPoolLimit = 0x100000;
252  QuotaInfo.QuotaLimits.MinimumWorkingSetSize = 0x10000;
253  QuotaInfo.QuotaLimits.MaximumWorkingSetSize = 0xF000000;
254  QuotaInfo.QuotaLimits.PagefileLimit = 0;
255  QuotaInfo.QuotaLimits.TimeLimit.QuadPart = 0;
256 
257  /* Initialize the audit log attribute */
258  AuditLogInfo.AuditLogPercentFull = 0;
259  AuditLogInfo.MaximumLogSize = 0; // DWORD
260  AuditLogInfo.AuditRetentionPeriod.QuadPart = 0; // LARGE_INTEGER
261  AuditLogInfo.AuditLogFullShutdownInProgress = 0; // BYTE
262  AuditLogInfo.TimeToShutdown.QuadPart = 0; // LARGE_INTEGER
263  AuditLogInfo.NextAuditRecordId = 0; // DWORD
264 
265  /* Initialize the Audit Events attribute */
266  AuditEventsInfo = RtlAllocateHeap(RtlGetProcessHeap(),
269  if (AuditEventsInfo == NULL)
271 
272  AuditEventsInfo->AuditingMode = FALSE;
274  for (i = 0; i < POLICY_AUDIT_EVENT_TYPE_COUNT; i++)
275  AuditEventsInfo->AuditEvents[i] = 0;
276 
277  /* Initialize the DNS Domain GUID attribute */
278  RtlZeroMemory(&DnsDomainGuid, sizeof(DnsDomainGuid));
279 
280  /* Initialize the modification attribute */
281  ModificationInfo.ModifiedId.QuadPart = 0;
282  NtQuerySystemTime(&ModificationInfo.DatabaseCreationTime);
283 
284  /* Create a random domain SID */
286  if (!NT_SUCCESS(Status))
287  goto done;
288 
289  Status = LsapCreatePolicySd(&PolicySd, &PolicySdSize);
290  if (!NT_SUCCESS(Status))
291  goto done;
292 
293  /* Open the 'Policy' object */
295  NULL,
296  L"Policy",
298  0,
299  TRUE,
300  &PolicyObject);
301  if (!NT_SUCCESS(Status))
302  goto done;
303 
304  /* Set the Primary Domain Name attribute */
305  LsapSetObjectAttribute(PolicyObject,
306  L"PolPrDmN",
307  NULL,
308  0);
309 
310  /* Set the Primary Domain SID attribute */
311  LsapSetObjectAttribute(PolicyObject,
312  L"PolPrDmS",
313  NULL,
314  0);
315 
316  /* Set the Account Domain Name attribute */
317  LsapSetObjectAttribute(PolicyObject,
318  L"PolAcDmN",
319  NULL,
320  0);
321 
322  /* Set the Account Domain SID attribute */
323  LsapSetObjectAttribute(PolicyObject,
324  L"PolAcDmS",
327 
328  /* Set the default quota limits attribute */
329  LsapSetObjectAttribute(PolicyObject,
330  L"DefQuota",
331  &QuotaInfo,
332  sizeof(QuotaInfo));
333 
334  /* Set the modification attribute */
335  LsapSetObjectAttribute(PolicyObject,
336  L"PolMod",
337  &ModificationInfo,
338  sizeof(ModificationInfo));
339 
340  /* Set the audit full attribute */
341  LsapSetObjectAttribute(PolicyObject,
342  L"PolAdtFl",
343  &AuditFullInfo,
344  sizeof(AuditFullInfo));
345 
346  /* Set the audit log attribute */
347  LsapSetObjectAttribute(PolicyObject,
348  L"PolAdtLg",
349  &AuditLogInfo,
350  sizeof(AuditLogInfo));
351 
352  /* Set the audit events attribute */
353  LsapSetObjectAttribute(PolicyObject,
354  L"PolAdtEv",
355  AuditEventsInfo,
356  sizeof(*AuditEventsInfo));
357 
358  /* Set the DNS Domain Name attribute */
359  LsapSetObjectAttribute(PolicyObject,
360  L"PolDnDDN",
361  NULL,
362  0);
363 
364  /* Set the DNS Forest Name attribute */
365  LsapSetObjectAttribute(PolicyObject,
366  L"PolDnTrN",
367  NULL,
368  0);
369 
370  /* Set the DNS Domain GUID attribute */
371  LsapSetObjectAttribute(PolicyObject,
372  L"PolDnDmG",
373  &DnsDomainGuid,
374  sizeof(DnsDomainGuid));
375 
376  /* Set the Security Descriptor */
377  LsapSetObjectAttribute(PolicyObject,
378  L"SecDesc",
379  PolicySd,
380  PolicySdSize);
381 
382 done:
383  if (AuditEventsInfo != NULL)
384  RtlFreeHeap(RtlGetProcessHeap(), 0, AuditEventsInfo);
385 
386  if (PolicyObject != NULL)
387  LsapCloseDbObject(PolicyObject);
388 
389  if (AccountDomainSid != NULL)
391 
392  if (PolicySd != NULL)
393  RtlFreeHeap(RtlGetProcessHeap(), 0, PolicySd);
394 
395  return Status;
396 }
LARGE_INTEGER TimeLimit
Definition: lsa.idl:292
NTSTATUS LsapOpenDbObject(IN PLSA_DB_OBJECT ParentObject, IN LPWSTR ContainerName, IN LPWSTR ObjectName, IN LSA_DB_OBJECT_TYPE ObjectType, IN ACCESS_MASK DesiredAccess, IN BOOLEAN Trusted, OUT PLSA_DB_OBJECT *DbObject)
Definition: database.c:712
INT64 NonPagedPoolLimit
Definition: lsa.idl:288
NTSTATUS LsapSetObjectAttribute(PLSA_DB_OBJECT DbObject, LPWSTR AttributeName, LPVOID AttributeData, ULONG AttributeSize)
Definition: database.c:961
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
INT64 PagefileLimit
Definition: lsa.idl:291
#define TRUE
Definition: types.h:120
NTSYSAPI PVOID NTAPI RtlFreeSid(_In_ _Post_invalid_ PSID Sid)
LONG NTSTATUS
Definition: precomp.h:26
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
Definition: heap.c:606
static NTSTATUS LsapCreateRandomDomainSid(OUT PSID *Sid)
Definition: database.c:211
DWORD AuditEvents[POLICY_AUDIT_EVENT_TYPE_COUNT]
Definition: lsasrv.h:73
NTSTATUS LsapCloseDbObject(PLSA_DB_OBJECT DbObject)
Definition: database.c:870
QUOTA_LIMITS QuotaLimits
Definition: ntsecapi.h:591
#define FALSE
Definition: types.h:117
NTSTATUS LsapCreatePolicySd(PSECURITY_DESCRIPTOR *PolicySd, PULONG PolicySdSize)
Definition: security.c:14
INT64 PagedPoolLimit
Definition: lsa.idl:287
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
Definition: sid.c:150
PVOID NTAPI RtlAllocateHeap(IN PVOID HeapHandle, IN ULONG Flags, IN SIZE_T Size)
Definition: heap.c:588
Status
Definition: gdiplustypes.h:24
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
LARGE_INTEGER TimeToShutdown
Definition: ntsecapi.h:557
BOOLEAN AuditLogFullShutdownInProgress
Definition: ntsecapi.h:556
static const WCHAR L[]
Definition: oid.c:1250
LARGE_INTEGER ModifiedId
Definition: ntsecapi.h:594
INT64 MinimumWorkingSetSize
Definition: lsa.idl:289
LARGE_INTEGER AuditRetentionPeriod
Definition: ntsecapi.h:555
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
#define NULL
Definition: types.h:112
#define HEAP_ZERO_MEMORY
Definition: compat.h:134
INT64 MaximumWorkingSetSize
Definition: lsa.idl:290
LARGE_INTEGER DatabaseCreationTime
Definition: ntsecapi.h:595
unsigned int ULONG
Definition: retypes.h:1
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:262
NTSTATUS NTAPI NtQuerySystemTime(OUT PLARGE_INTEGER SystemTime)
Definition: time.c:472
PSID AccountDomainSid
Definition: database.c:24
LONGLONG QuadPart
Definition: typedefs.h:114
#define POLICY_AUDIT_EVENT_TYPE_COUNT
Definition: lsasrv.h:69

Referenced by LsapInitDatabase().

◆ LsapCreateDbObject()

NTSTATUS LsapCreateDbObject ( IN PLSA_DB_OBJECT  ParentObject,
IN LPWSTR  ContainerName,
IN LPWSTR  ObjectName,
IN LSA_DB_OBJECT_TYPE  ObjectType,
IN ACCESS_MASK  DesiredAccess,
IN BOOLEAN  Trusted,
OUT PLSA_DB_OBJECT DbObject 
)

Definition at line 592 of file database.c.

599 {
603  HANDLE ParentKeyHandle;
604  HANDLE ContainerKeyHandle = NULL;
605  HANDLE ObjectKeyHandle = NULL;
607 
608  if (DbObject == NULL)
610 
611  if (ParentObject == NULL)
612  ParentKeyHandle = SecurityKeyHandle;
613  else
614  ParentKeyHandle = ParentObject->KeyHandle;
615 
616  if (ContainerName != NULL)
617  {
618  /* Open the container key */
620  ContainerName);
621 
623  &KeyName,
625  ParentKeyHandle,
626  NULL);
627 
628  Status = NtOpenKey(&ContainerKeyHandle,
631  if (!NT_SUCCESS(Status))
632  {
633  return Status;
634  }
635 
636  /* Open the object key */
638  ObjectName);
639 
641  &KeyName,
643  ContainerKeyHandle,
644  NULL);
645 
646  Status = NtCreateKey(&ObjectKeyHandle,
649  0,
650  NULL,
651  0,
652  NULL);
653 
654  NtClose(ContainerKeyHandle);
655 
656  if (!NT_SUCCESS(Status))
657  {
658  return Status;
659  }
660  }
661  else
662  {
664  ObjectName);
665 
667  &KeyName,
669  ParentKeyHandle,
670  NULL);
671 
672  Status = NtCreateKey(&ObjectKeyHandle,
675  0,
676  NULL,
677  0,
678  NULL);
679  if (!NT_SUCCESS(Status))
680  {
681  return Status;
682  }
683  }
684 
685  NewObject = RtlAllocateHeap(RtlGetProcessHeap(),
686  0,
687  sizeof(LSA_DB_OBJECT));
688  if (NewObject == NULL)
689  {
690  NtClose(ObjectKeyHandle);
691  return STATUS_NO_MEMORY;
692  }
693 
694  NewObject->Signature = LSAP_DB_SIGNATURE;
695  NewObject->RefCount = 1;
696  NewObject->ObjectType = ObjectType;
697  NewObject->Access = DesiredAccess;
698  NewObject->KeyHandle = ObjectKeyHandle;
699  NewObject->ParentObject = ParentObject;
700  NewObject->Trusted = Trusted;
701 
702  if (ParentObject != NULL)
703  ParentObject->RefCount++;
704 
705  *DbObject = NewObject;
706 
707  return STATUS_SUCCESS;
708 }
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
ObjectType
Definition: metafile.c:80
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
NTSTATUS NTAPI NtCreateKey(OUT PHANDLE KeyHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN ULONG TitleIndex, IN PUNICODE_STRING Class OPTIONAL, IN ULONG CreateOptions, OUT PULONG Disposition OPTIONAL)
Definition: ntapi.c:240
#define OBJ_CASE_INSENSITIVE
Definition: winternl.h:228
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
LONG NTSTATUS
Definition: precomp.h:26
_In_ PVOID _Out_opt_ PULONG_PTR _Outptr_opt_ PCUNICODE_STRING * ObjectName
Definition: cmfuncs.h:62
_Must_inspect_result_ _In_ WDFDEVICE _In_ PCUNICODE_STRING KeyName
Definition: wdfdevice.h:2697
PVOID NTAPI RtlAllocateHeap(IN PVOID HeapHandle, IN ULONG Flags, IN SIZE_T Size)
Definition: heap.c:588
Status
Definition: gdiplustypes.h:24
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
NTSTATUS NTAPI NtClose(IN HANDLE Handle)
Definition: obhandle.c:3398
static HANDLE SecurityKeyHandle
Definition: database.c:15
#define LSAP_DB_SIGNATURE
Definition: lsasrv.h:67
#define KEY_ALL_ACCESS
Definition: nt_native.h:1041
#define STATUS_NO_MEMORY
Definition: ntstatus.h:260
#define NULL
Definition: types.h:112
NTSYSAPI NTSTATUS NTAPI NtOpenKey(OUT PHANDLE KeyHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes)
Definition: ntapi.c:336
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
#define InitializeObjectAttributes(p, n, a, r, s)
Definition: reg.c:106
#define STATUS_SUCCESS
Definition: shellext.h:65
_Inout_opt_ PACCESS_STATE _In_opt_ ACCESS_MASK _In_ ULONG _Out_opt_ PVOID * NewObject
Definition: obfuncs.h:71

Referenced by LsarCreateSecret(), LsarpCreateAccount(), and LsarStorePrivateData().

◆ LsapCreateRandomDomainSid()

static NTSTATUS LsapCreateRandomDomainSid ( OUT PSID Sid)
static

Definition at line 211 of file database.c.

212 {
213  LARGE_INTEGER SystemTime;
214  PULONG Seed;
215 
216  NtQuerySystemTime(&SystemTime);
217  Seed = &SystemTime.u.LowPart;
218 
220  4,
222  RtlUniform(Seed),
223  RtlUniform(Seed),
224  RtlUniform(Seed),
229  Sid);
230 }
NTSYSAPI NTSTATUS NTAPI RtlAllocateAndInitializeSid(IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, IN UCHAR SubAuthorityCount, IN ULONG SubAuthority0, IN ULONG SubAuthority1, IN ULONG SubAuthority2, IN ULONG SubAuthority3, IN ULONG SubAuthority4, IN ULONG SubAuthority5, IN ULONG SubAuthority6, IN ULONG SubAuthority7, OUT PSID *Sid)
Definition: sid.c:290
NTSYSAPI ULONG NTAPI RtlUniform(_In_ PULONG Seed)
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1103
#define SECURITY_NULL_RID
Definition: setypes.h:512
struct _LARGE_INTEGER::@2276 u
unsigned int * PULONG
Definition: retypes.h:1
NTSTATUS NTAPI NtQuerySystemTime(OUT PLARGE_INTEGER SystemTime)
Definition: time.c:472
#define SECURITY_NT_NON_UNIQUE
Definition: setypes.h:549
SID_IDENTIFIER_AUTHORITY NtAuthority
Definition: database.c:21

Referenced by LsapCreateDatabaseObjects().

◆ LsapDeleteDbObject()

NTSTATUS LsapDeleteDbObject ( IN PLSA_DB_OBJECT  DbObject)

Definition at line 901 of file database.c.

902 {
903  PLSA_DB_OBJECT ParentObject = NULL;
904  WCHAR KeyName[64];
905  ULONG Index;
907 
908  DbObject->RefCount--;
909 
910  if (DbObject->RefCount > 0)
911  return STATUS_SUCCESS;
912 
913  if (DbObject->KeyHandle != NULL)
914  {
915  Index = 0;
916 
917  while (TRUE)
918  {
919  Status = LsapRegEnumerateSubKey(DbObject->KeyHandle,
920  Index,
921  sizeof(KeyName),
922  KeyName);
923  if (!NT_SUCCESS(Status))
924  break;
925 
926  TRACE("Index: %lu\n", Index);
927  TRACE("Key name: %S\n", KeyName);
928 
929  Status = LsapRegDeleteSubKey(DbObject->KeyHandle,
930  KeyName);
931  if (!NT_SUCCESS(Status))
932  break;
933  }
934 
937 
938  LsapRegDeleteKey(DbObject->KeyHandle);
939 
940  NtClose(DbObject->KeyHandle);
941  }
942 
943  if (DbObject->ParentObject != NULL)
944  ParentObject = DbObject->ParentObject;
945 
946  RtlFreeHeap(RtlGetProcessHeap(), 0, DbObject);
947 
948  if (ParentObject != NULL)
949  {
950  ParentObject->RefCount--;
951 
952  if (ParentObject->RefCount == 0)
953  Status = LsapCloseDbObject(ParentObject);
954  }
955 
956  return Status;
957 }
NTSTATUS LsapRegDeleteSubKey(IN HANDLE ParentKeyHandle, IN LPCWSTR KeyName)
Definition: registry.c:59
#define STATUS_NO_MORE_ENTRIES
Definition: ntstatus.h:205
#define TRUE
Definition: types.h:120
LONG NTSTATUS
Definition: precomp.h:26
struct _LSA_DB_OBJECT * ParentObject
Definition: lsasrv.h:64
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
Definition: heap.c:606
NTSTATUS LsapRegDeleteKey(IN HANDLE KeyHandle)
Definition: registry.c:89
NTSTATUS LsapCloseDbObject(PLSA_DB_OBJECT DbObject)
Definition: database.c:870
_Must_inspect_result_ _In_ WDFDEVICE _In_ PCUNICODE_STRING KeyName
Definition: wdfdevice.h:2697
Status
Definition: gdiplustypes.h:24
#define TRACE(s)
Definition: solgame.cpp:4
__wchar_t WCHAR
Definition: xmlstorage.h:180
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
_In_ WDFCOLLECTION _In_ ULONG Index
ULONG RefCount
Definition: lsasrv.h:60
NTSTATUS NTAPI NtClose(IN HANDLE Handle)
Definition: obhandle.c:3398
#define NULL
Definition: types.h:112
unsigned int ULONG
Definition: retypes.h:1
#define STATUS_SUCCESS
Definition: shellext.h:65
NTSTATUS LsapRegEnumerateSubKey(IN HANDLE KeyHandle, IN ULONG Index, IN ULONG Length, OUT LPWSTR Buffer)
Definition: registry.c:96

Referenced by LsarDeleteObject(), and LsarStorePrivateData().

◆ LsapDeleteObjectAttribute()

NTSTATUS LsapDeleteObjectAttribute ( PLSA_DB_OBJECT  DbObject,
LPWSTR  AttributeName 
)

Definition at line 1082 of file database.c.

1084 {
1085  return LsapRegDeleteSubKey(DbObject->KeyHandle,
1086  AttributeName);
1087 }
NTSTATUS LsapRegDeleteSubKey(IN HANDLE ParentKeyHandle, IN LPCWSTR KeyName)
Definition: registry.c:59
HANDLE KeyHandle
Definition: lsasrv.h:62

Referenced by LsarRemovePrivilegesFromAccount().

◆ LsapGetDomainInfo()

static NTSTATUS LsapGetDomainInfo ( VOID  )
static

Definition at line 407 of file database.c.

408 {
409  PLSA_DB_OBJECT PolicyObject = NULL;
410  PUNICODE_STRING DomainName = NULL;
411  ULONG AttributeSize;
412  LPWSTR SidString = NULL;
414 
415  /* Get the built-in domain SID and name */
417  1,
419  0, 0, 0, 0, 0, 0, 0,
421  if (!NT_SUCCESS(Status))
422  return Status;
423 
424 
426  L"BUILTIN");
427 
428  /* Open the 'Policy' object */
430  NULL,
431  L"Policy",
433  0,
434  TRUE,
435  &PolicyObject);
436  if (!NT_SUCCESS(Status))
437  goto done;
438 
439  /* Get the account domain SID */
440  AttributeSize = 0;
441  Status = LsapGetObjectAttribute(PolicyObject,
442  L"PolAcDmS",
443  NULL,
444  &AttributeSize);
445  if (!NT_SUCCESS(Status))
446  goto done;
447 
448  if (AttributeSize > 0)
449  {
450  AccountDomainSid = RtlAllocateHeap(RtlGetProcessHeap(),
452  AttributeSize);
453  if (AccountDomainSid == NULL)
454  {
456  goto done;
457  }
458 
459  Status = LsapGetObjectAttribute(PolicyObject,
460  L"PolAcDmS",
462  &AttributeSize);
463  if (!NT_SUCCESS(Status))
464  goto done;
465  }
466 
467  /* Get the account domain name */
468  AttributeSize = 0;
469  Status = LsapGetObjectAttribute(PolicyObject,
470  L"PolAcDmN",
471  NULL,
472  &AttributeSize);
473  if (!NT_SUCCESS(Status))
474  goto done;
475 
476  if (AttributeSize > 0)
477  {
478  DomainName = RtlAllocateHeap(RtlGetProcessHeap(),
480  AttributeSize);
481  if (DomainName == NULL)
482  {
484  goto done;
485  }
486 
487  Status = LsapGetObjectAttribute(PolicyObject,
488  L"PolAcDmN",
489  DomainName,
490  &AttributeSize);
491  if (!NT_SUCCESS(Status))
492  goto done;
493 
494  DomainName->Buffer = (LPWSTR)((ULONG_PTR)DomainName + (ULONG_PTR)DomainName->Buffer);
495 
496  AccountDomainName.Length = DomainName->Length;
497  AccountDomainName.MaximumLength = DomainName->Length + sizeof(WCHAR);
498  AccountDomainName.Buffer = RtlAllocateHeap(RtlGetProcessHeap(),
502  {
503  ERR("Failed to allocate the account domain name buffer\n");
505  goto done;
506  }
507 
509  DomainName->Buffer,
510  DomainName->Length);
511  }
512 
514  TRACE("Builtin Domain SID: %S\n", SidString);
515  LocalFree(SidString);
516  SidString = NULL;
517 
518  TRACE("Builtin Domain Name: %wZ\n", &BuiltinDomainName);
519 
521  TRACE("Account Domain SID: %S\n", SidString);
522  LocalFree(SidString);
523  SidString = NULL;
524 
525  TRACE("Account Domain Name: %wZ\n", &AccountDomainName);
526 
527 done:
528  if (DomainName != NULL)
529  RtlFreeHeap(RtlGetProcessHeap(), 0, DomainName);
530 
531  if (PolicyObject != NULL)
532  LsapCloseDbObject(PolicyObject);
533 
534  return Status;
535 }
NTSTATUS LsapOpenDbObject(IN PLSA_DB_OBJECT ParentObject, IN LPWSTR ContainerName, IN LPWSTR ObjectName, IN LSA_DB_OBJECT_TYPE ObjectType, IN ACCESS_MASK DesiredAccess, IN BOOLEAN Trusted, OUT PLSA_DB_OBJECT *DbObject)
Definition: database.c:712
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
USHORT MaximumLength
Definition: env_spec_w32.h:370
#define TRUE
Definition: types.h:120
LONG NTSTATUS
Definition: precomp.h:26
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
Definition: heap.c:606
BOOL WINAPI ConvertSidToStringSidW(PSID Sid, LPWSTR *StringSid)
Definition: security.c:3259
NTSYSAPI NTSTATUS NTAPI RtlAllocateAndInitializeSid(IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, IN UCHAR SubAuthorityCount, IN ULONG SubAuthority0, IN ULONG SubAuthority1, IN ULONG SubAuthority2, IN ULONG SubAuthority3, IN ULONG SubAuthority4, IN ULONG SubAuthority5, IN ULONG SubAuthority6, IN ULONG SubAuthority7, OUT PSID *Sid)
Definition: sid.c:290
UNICODE_STRING AccountDomainName
Definition: database.c:26
NTSTATUS LsapCloseDbObject(PLSA_DB_OBJECT DbObject)
Definition: database.c:870
uint32_t ULONG_PTR
Definition: typedefs.h:65
PSID BuiltinDomainSid
Definition: database.c:23
PVOID NTAPI RtlAllocateHeap(IN PVOID HeapHandle, IN ULONG Flags, IN SIZE_T Size)
Definition: heap.c:588
Status
Definition: gdiplustypes.h:24
#define TRACE(s)
Definition: solgame.cpp:4
#define SECURITY_BUILTIN_DOMAIN_RID
Definition: setypes.h:553
__wchar_t WCHAR
Definition: xmlstorage.h:180
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
UNICODE_STRING BuiltinDomainName
Definition: database.c:25
static const WCHAR L[]
Definition: oid.c:1250
#define ERR(fmt,...)
Definition: debug.h:110
HLOCAL NTAPI LocalFree(HLOCAL hMem)
Definition: heapmem.c:1577
#define NULL
Definition: types.h:112
#define HEAP_ZERO_MEMORY
Definition: compat.h:134
unsigned int ULONG
Definition: retypes.h:1
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
#define ULONG_PTR
Definition: config.h:101
PSID AccountDomainSid
Definition: database.c:24
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
WCHAR * LPWSTR
Definition: xmlstorage.h:184
NTSTATUS LsapGetObjectAttribute(PLSA_DB_OBJECT DbObject, LPWSTR AttributeName, LPVOID AttributeData, PULONG AttributeSize)
Definition: database.c:1012
SID_IDENTIFIER_AUTHORITY NtAuthority
Definition: database.c:21

Referenced by LsapInitDatabase().

◆ LsapGetObjectAttribute()

NTSTATUS LsapGetObjectAttribute ( PLSA_DB_OBJECT  DbObject,
LPWSTR  AttributeName,
LPVOID  AttributeData,
PULONG  AttributeSize 
)

Definition at line 1012 of file database.c.

1016 {
1019  HANDLE AttributeKey;
1020  ULONG ValueSize;
1021  NTSTATUS Status;
1022 
1024  AttributeName);
1025 
1027  &KeyName,
1029  DbObject->KeyHandle,
1030  NULL);
1031 
1032  Status = NtOpenKey(&AttributeKey,
1034  &ObjectAttributes);
1035  if (!NT_SUCCESS(Status))
1036  {
1037  return Status;
1038  }
1039 
1040  ValueSize = *AttributeSize;
1041  Status = RtlpNtQueryValueKey(AttributeKey,
1042  NULL,
1043  NULL,
1044  &ValueSize,
1045  0);
1047  {
1048  goto Done;
1049  }
1050 
1051  if (AttributeData == NULL || *AttributeSize == 0)
1052  {
1053  *AttributeSize = ValueSize;
1055  goto Done;
1056  }
1057  else if (*AttributeSize < ValueSize)
1058  {
1059  *AttributeSize = ValueSize;
1061  goto Done;
1062  }
1063 
1064  Status = RtlpNtQueryValueKey(AttributeKey,
1065  NULL,
1066  AttributeData,
1067  &ValueSize,
1068  0);
1069  if (NT_SUCCESS(Status))
1070  {
1071  *AttributeSize = ValueSize;
1072  }
1073 
1074 Done:
1075  NtClose(AttributeKey);
1076 
1077  return Status;
1078 }
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
#define OBJ_CASE_INSENSITIVE
Definition: winternl.h:228
LONG NTSTATUS
Definition: precomp.h:26
HANDLE KeyHandle
Definition: lsasrv.h:62
_Must_inspect_result_ _In_ WDFDEVICE _In_ PCUNICODE_STRING KeyName
Definition: wdfdevice.h:2697
Status
Definition: gdiplustypes.h:24
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
NTSTATUS NTAPI NtClose(IN HANDLE Handle)
Definition: obhandle.c:3398
NTSTATUS NTAPI RtlpNtQueryValueKey(IN HANDLE KeyHandle, OUT PULONG Type OPTIONAL, OUT PVOID Data OPTIONAL, IN OUT PULONG DataLength OPTIONAL, IN ULONG Unused)
Definition: registry.c:933
#define STATUS_BUFFER_OVERFLOW
Definition: shellext.h:66
#define KEY_QUERY_VALUE
Definition: nt_native.h:1016
#define NULL
Definition: types.h:112
NTSYSAPI NTSTATUS NTAPI NtOpenKey(OUT PHANDLE KeyHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes)
Definition: ntapi.c:336
unsigned int ULONG
Definition: retypes.h:1
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
#define InitializeObjectAttributes(p, n, a, r, s)
Definition: reg.c:106
#define STATUS_SUCCESS
Definition: shellext.h:65

Referenced by LsapGetDomainInfo(), LsarAddAccountRights(), LsarAddPrivilegesToAccount(), LsarEnumeratePrivilegesAccount(), LsarGetQuotasForAccount(), LsarGetSystemAccessAccount(), LsarQueryAccountDomain(), LsarQueryAuditEvents(), LsarQueryAuditFull(), LsarQueryAuditLog(), LsarQueryDefaultQuota(), LsarQueryDnsDomain(), LsarQueryModification(), LsarQueryPrimaryDomain(), LsarQuerySecret(), LsarQuerySecurityObject(), LsarQueryServerRole(), LsarRemoveAccountRights(), LsarRemovePrivilegesFromAccount(), LsarRetrievePrivateData(), LsarSetAuditFull(), LsarSetQuotasForAccount(), and LsarSetSecurityObject().

◆ LsapInitDatabase()

NTSTATUS LsapInitDatabase ( VOID  )

Definition at line 539 of file database.c.

540 {
542 
543  TRACE("LsapInitDatabase()\n");
544 
546  if (!NT_SUCCESS(Status))
547  {
548  ERR("Failed to open the service key (Status: 0x%08lx)\n", Status);
549  return Status;
550  }
551 
553  {
555  if (!NT_SUCCESS(Status))
556  {
557  ERR("Failed to create the LSA database keys (Status: 0x%08lx)\n", Status);
558  return Status;
559  }
560 
562  if (!NT_SUCCESS(Status))
563  {
564  ERR("Failed to create the LSA database objects (Status: 0x%08lx)\n", Status);
565  return Status;
566  }
567  }
568  else
569  {
571  if (!NT_SUCCESS(Status))
572  {
573  ERR("Failed to update the LSA database (Status: 0x%08lx)\n", Status);
574  return Status;
575  }
576  }
577 
579  if (!NT_SUCCESS(Status))
580  {
581  ERR("Failed to get the domain information (Status: 0x%08lx)\n", Status);
582  return Status;
583  }
584 
585  TRACE("LsapInitDatabase() done\n");
586 
587  return STATUS_SUCCESS;
588 }
static BOOLEAN LsapIsDatabaseInstalled(VOID)
Definition: database.c:57
LONG NTSTATUS
Definition: precomp.h:26
static NTSTATUS LsapOpenServiceKey(VOID)
Definition: database.c:32
static NTSTATUS LsapGetDomainInfo(VOID)
Definition: database.c:407
static NTSTATUS LsapCreateDatabaseObjects(VOID)
Definition: database.c:234
static NTSTATUS LsapUpdateDatabase(VOID)
Definition: database.c:400
Status
Definition: gdiplustypes.h:24
#define TRACE(s)
Definition: solgame.cpp:4
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define ERR(fmt,...)
Definition: debug.h:110
static NTSTATUS LsapCreateDatabaseKeys(VOID)
Definition: database.c:87
#define STATUS_SUCCESS
Definition: shellext.h:65

Referenced by LsapInitLsa().

◆ LsapIsDatabaseInstalled()

static BOOLEAN LsapIsDatabaseInstalled ( VOID  )
static

Definition at line 57 of file database.c.

58 {
63 
65  L"Policy");
66 
68  &KeyName,
71  NULL);
72 
74  KEY_READ,
76  0);
77  if (!NT_SUCCESS(Status))
78  return FALSE;
79 
81 
82  return TRUE;
83 }
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
#define OBJ_CASE_INSENSITIVE
Definition: winternl.h:228
_Must_inspect_result_ _Out_ PNDIS_STATUS _In_ NDIS_HANDLE _In_ ULONG _Out_ PNDIS_STRING _Out_ PNDIS_HANDLE KeyHandle
Definition: ndis.h:4711
#define KEY_READ
Definition: nt_native.h:1023
#define TRUE
Definition: types.h:120
LONG NTSTATUS
Definition: precomp.h:26
#define FALSE
Definition: types.h:117
_Must_inspect_result_ _In_ WDFDEVICE _In_ PCUNICODE_STRING KeyName
Definition: wdfdevice.h:2697
NTSTATUS NTAPI RtlpNtOpenKey(OUT HANDLE KeyHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN ULONG Unused)
Definition: registry.c:912
Status
Definition: gdiplustypes.h:24
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
NTSTATUS NTAPI NtClose(IN HANDLE Handle)
Definition: obhandle.c:3398
static const WCHAR L[]
Definition: oid.c:1250
static HANDLE SecurityKeyHandle
Definition: database.c:15
#define NULL
Definition: types.h:112
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
#define InitializeObjectAttributes(p, n, a, r, s)
Definition: reg.c:106

Referenced by LsapInitDatabase().

◆ LsapOpenDbObject()

NTSTATUS LsapOpenDbObject ( IN PLSA_DB_OBJECT  ParentObject,
IN LPWSTR  ContainerName,
IN LPWSTR  ObjectName,
IN LSA_DB_OBJECT_TYPE  ObjectType,
IN ACCESS_MASK  DesiredAccess,
IN BOOLEAN  Trusted,
OUT PLSA_DB_OBJECT DbObject 
)

Definition at line 712 of file database.c.

719 {
723  HANDLE ParentKeyHandle;
724  HANDLE ContainerKeyHandle = NULL;
725  HANDLE ObjectKeyHandle = NULL;
727 
728  if (DbObject == NULL)
730 
731  if (ParentObject == NULL)
732  ParentKeyHandle = SecurityKeyHandle;
733  else
734  ParentKeyHandle = ParentObject->KeyHandle;
735 
736  if (ContainerName != NULL)
737  {
738  /* Open the container key */
740  ContainerName);
741 
743  &KeyName,
745  ParentKeyHandle,
746  NULL);
747 
748  Status = NtOpenKey(&ContainerKeyHandle,
751  if (!NT_SUCCESS(Status))
752  {
753  return Status;
754  }
755 
756  /* Open the object key */
758  ObjectName);
759 
761  &KeyName,
763  ContainerKeyHandle,
764  NULL);
765 
766  Status = NtOpenKey(&ObjectKeyHandle,
769 
770  NtClose(ContainerKeyHandle);
771 
772  if (!NT_SUCCESS(Status))
773  {
774  return Status;
775  }
776  }
777  else
778  {
779  /* Open the object key */
781  ObjectName);
782 
784  &KeyName,
786  ParentKeyHandle,
787  NULL);
788 
789  Status = NtOpenKey(&ObjectKeyHandle,
792  if (!NT_SUCCESS(Status))
793  {
794  return Status;
795  }
796  }
797 
798  NewObject = RtlAllocateHeap(RtlGetProcessHeap(),
799  0,
800  sizeof(LSA_DB_OBJECT));
801  if (NewObject == NULL)
802  {
803  NtClose(ObjectKeyHandle);
804  return STATUS_NO_MEMORY;
805  }
806 
807  NewObject->Signature = LSAP_DB_SIGNATURE;
808  NewObject->RefCount = 1;
809  NewObject->ObjectType = ObjectType;
810  NewObject->Access = DesiredAccess;
811  NewObject->KeyHandle = ObjectKeyHandle;
812  NewObject->ParentObject = ParentObject;
813  NewObject->Trusted = Trusted;
814 
815  if (ParentObject != NULL)
816  ParentObject->RefCount++;
817 
818  *DbObject = NewObject;
819 
820  return STATUS_SUCCESS;
821 }
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
ObjectType
Definition: metafile.c:80
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
#define OBJ_CASE_INSENSITIVE
Definition: winternl.h:228
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
LONG NTSTATUS
Definition: precomp.h:26
_In_ PVOID _Out_opt_ PULONG_PTR _Outptr_opt_ PCUNICODE_STRING * ObjectName
Definition: cmfuncs.h:62
_Must_inspect_result_ _In_ WDFDEVICE _In_ PCUNICODE_STRING KeyName
Definition: wdfdevice.h:2697
PVOID NTAPI RtlAllocateHeap(IN PVOID HeapHandle, IN ULONG Flags, IN SIZE_T Size)
Definition: heap.c:588
Status
Definition: gdiplustypes.h:24
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
NTSTATUS NTAPI NtClose(IN HANDLE Handle)
Definition: obhandle.c:3398
static HANDLE SecurityKeyHandle
Definition: database.c:15
#define LSAP_DB_SIGNATURE
Definition: lsasrv.h:67
#define KEY_ALL_ACCESS
Definition: nt_native.h:1041
#define STATUS_NO_MEMORY
Definition: ntstatus.h:260
#define NULL
Definition: types.h:112
NTSYSAPI NTSTATUS NTAPI NtOpenKey(OUT PHANDLE KeyHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes)
Definition: ntapi.c:336
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
#define InitializeObjectAttributes(p, n, a, r, s)
Definition: reg.c:106
#define STATUS_SUCCESS
Definition: shellext.h:65
_Inout_opt_ PACCESS_STATE _In_opt_ ACCESS_MASK _In_ ULONG _Out_opt_ PVOID * NewObject
Definition: obfuncs.h:71

Referenced by LsaIOpenPolicyTrusted(), LsapCreateDatabaseObjects(), LsapGetDomainInfo(), LsarOpenPolicy(), LsarOpenSecret(), LsarpOpenAccount(), LsarRetrievePrivateData(), and LsarStorePrivateData().

◆ LsapOpenServiceKey()

static NTSTATUS LsapOpenServiceKey ( VOID  )
static

Definition at line 32 of file database.c.

33 {
37 
39  L"\\Registry\\Machine\\SECURITY");
40 
42  &KeyName,
44  NULL,
45  NULL);
46 
50  0);
51 
52  return Status;
53 }
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
#define OBJ_CASE_INSENSITIVE
Definition: winternl.h:228
#define KEY_READ
Definition: nt_native.h:1023
LONG NTSTATUS
Definition: precomp.h:26
_Must_inspect_result_ _In_ WDFDEVICE _In_ PCUNICODE_STRING KeyName
Definition: wdfdevice.h:2697
NTSTATUS NTAPI RtlpNtOpenKey(OUT HANDLE KeyHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN ULONG Unused)
Definition: registry.c:912
Status
Definition: gdiplustypes.h:24
static const WCHAR L[]
Definition: oid.c:1250
static HANDLE SecurityKeyHandle
Definition: database.c:15
#define NULL
Definition: types.h:112
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
#define InitializeObjectAttributes(p, n, a, r, s)
Definition: reg.c:106
#define KEY_CREATE_SUB_KEY
Definition: nt_native.h:1018
#define KEY_ENUMERATE_SUB_KEYS
Definition: nt_native.h:1019

Referenced by LsapInitDatabase().

◆ LsapSetObjectAttribute()

NTSTATUS LsapSetObjectAttribute ( PLSA_DB_OBJECT  DbObject,
LPWSTR  AttributeName,
LPVOID  AttributeData,
ULONG  AttributeSize 
)

Definition at line 961 of file database.c.

965 {
968  HANDLE AttributeKey;
970 
972  AttributeName);
973 
975  &KeyName,
977  DbObject->KeyHandle,
978  NULL);
979 
980  Status = NtCreateKey(&AttributeKey,
983  0,
984  NULL,
986  NULL);
987  if (!NT_SUCCESS(Status))
988  {
989  ERR("NtCreateKey failed for '%S' with status 0x%lx\n",
990  AttributeName, Status);
991  return Status;
992  }
993 
994  Status = RtlpNtSetValueKey(AttributeKey,
995  REG_NONE,
997  AttributeSize);
998 
999  NtClose(AttributeKey);
1000 
1001  if (!NT_SUCCESS(Status))
1002  {
1003  ERR("RtlpNtSetValueKey failed for '%S' with status 0x%lx\n",
1004  AttributeName, Status);
1005  }
1006 
1007  return Status;
1008 }
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
NTSTATUS NTAPI NtCreateKey(OUT PHANDLE KeyHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN ULONG TitleIndex, IN PUNICODE_STRING Class OPTIONAL, IN ULONG CreateOptions, OUT PULONG Disposition OPTIONAL)
Definition: ntapi.c:240
#define KEY_SET_VALUE
Definition: nt_native.h:1017
#define OBJ_CASE_INSENSITIVE
Definition: winternl.h:228
LONG NTSTATUS
Definition: precomp.h:26
HANDLE KeyHandle
Definition: lsasrv.h:62
_Must_inspect_result_ _In_ WDFDEVICE _In_ PCUNICODE_STRING KeyName
Definition: wdfdevice.h:2697
Status
Definition: gdiplustypes.h:24
#define REG_OPTION_NON_VOLATILE
Definition: nt_native.h:1057
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
NTSTATUS NTAPI NtClose(IN HANDLE Handle)
Definition: obhandle.c:3398
#define ERR(fmt,...)
Definition: debug.h:110
NTSTATUS NTAPI RtlpNtSetValueKey(IN HANDLE KeyHandle, IN ULONG Type, IN PVOID Data, IN ULONG DataLength)
Definition: registry.c:988
#define NULL
Definition: types.h:112
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
#define InitializeObjectAttributes(p, n, a, r, s)
Definition: reg.c:106
#define REG_NONE
Definition: nt_native.h:1492

Referenced by LsapCreateDatabaseObjects(), LsarAddAccountRights(), LsarAddPrivilegesToAccount(), LsarCreateSecret(), LsarpCreateAccount(), LsarRemoveAccountRights(), LsarRemovePrivilegesFromAccount(), LsarSetAccountDomain(), LsarSetAuditEvents(), LsarSetAuditFull(), LsarSetAuditLog(), LsarSetDefaultQuota(), LsarSetModification(), LsarSetPrimaryDomain(), LsarSetQuotasForAccount(), LsarSetSecret(), LsarSetSecurityObject(), LsarSetServerRole(), LsarSetSystemAccessAccount(), and LsarStorePrivateData().

◆ LsapUpdateDatabase()

static NTSTATUS LsapUpdateDatabase ( VOID  )
static

Definition at line 400 of file database.c.

401 {
402  return STATUS_SUCCESS;
403 }
#define STATUS_SUCCESS
Definition: shellext.h:65

Referenced by LsapInitDatabase().

◆ LsapValidateDbObject()

NTSTATUS LsapValidateDbObject ( LSAPR_HANDLE  Handle,
LSA_DB_OBJECT_TYPE  ObjectType,
ACCESS_MASK  DesiredAccess,
PLSA_DB_OBJECT DbObject 
)

Definition at line 825 of file database.c.

829 {
830  PLSA_DB_OBJECT LocalObject = (PLSA_DB_OBJECT)Handle;
831  BOOLEAN bValid = FALSE;
832 
833  _SEH2_TRY
834  {
835  if (LocalObject->Signature == LSAP_DB_SIGNATURE)
836  {
837  if ((ObjectType == LsaDbIgnoreObject) ||
838  (LocalObject->ObjectType == ObjectType))
839  bValid = TRUE;
840  }
841  }
843  {
844  bValid = FALSE;
845  }
846  _SEH2_END;
847 
848  if (bValid == FALSE)
849  return STATUS_INVALID_HANDLE;
850 
851  if (DesiredAccess != 0)
852  {
853  /* Check for granted access rights */
854  if ((LocalObject->Access & DesiredAccess) != DesiredAccess)
855  {
856  ERR("LsapValidateDbObject access check failed %08lx %08lx\n",
857  LocalObject->Access, DesiredAccess);
858  return STATUS_ACCESS_DENIED;
859  }
860  }
861 
862  if (DbObject != NULL)
863  *DbObject = LocalObject;
864 
865  return STATUS_SUCCESS;
866 }
ACCESS_MASK Access
Definition: lsasrv.h:61
ObjectType
Definition: metafile.c:80
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
#define TRUE
Definition: types.h:120
LSA_DB_OBJECT_TYPE ObjectType
Definition: lsasrv.h:59
#define STATUS_INVALID_HANDLE
Definition: ntstatus.h:245
_SEH2_TRY
Definition: create.c:4226
#define FALSE
Definition: types.h:117
unsigned char BOOLEAN
#define EXCEPTION_EXECUTE_HANDLER
Definition: excpt.h:85
#define STATUS_ACCESS_DENIED
Definition: udferr_usr.h:145
ULONG Signature
Definition: lsasrv.h:58
#define ERR(fmt,...)
Definition: debug.h:110
#define LSAP_DB_SIGNATURE
Definition: lsasrv.h:67
_SEH2_END
Definition: create.c:4400
#define NULL
Definition: types.h:112
_In_ HANDLE Handle
Definition: extypes.h:390
struct _LSA_DB_OBJECT * PLSA_DB_OBJECT
#define _SEH2_EXCEPT(...)
Definition: pseh2_64.h:40
#define STATUS_SUCCESS
Definition: shellext.h:65

Referenced by LsarAddAccountRights(), LsarAddPrivilegesToAccount(), LsarClose(), LsarCreateAccount(), LsarCreateSecret(), LsarDeleteObject(), LsarEnumerateAccounts(), LsarEnumerateAccountsWithUserRight(), LsarEnumeratePrivileges(), LsarEnumeratePrivilegesAccount(), LsarGetQuotasForAccount(), LsarGetSystemAccessAccount(), LsarLookupPrivilegeDisplayName(), LsarLookupPrivilegeName(), LsarLookupPrivilegeValue(), LsarOpenAccount(), LsarOpenSecret(), LsarQueryInformationPolicy(), LsarQuerySecret(), LsarQuerySecurityObject(), LsarRemoveAccountRights(), LsarRemovePrivilegesFromAccount(), LsarRetrievePrivateData(), LsarSetInformationPolicy(), LsarSetQuotasForAccount(), LsarSetSecret(), LsarSetSecurityObject(), LsarSetSystemAccessAccount(), and LsarStorePrivateData().

Variable Documentation

◆ AccountDomainName

◆ AccountDomainSid

◆ BuiltinDomainName

◆ BuiltinDomainSid

PSID BuiltinDomainSid = NULL

Definition at line 23 of file database.c.

Referenced by LsapGetDomainInfo().

◆ CreatorSidAuthority

Definition at line 20 of file database.c.

Referenced by LsapInitSids().

◆ LocalSidAuthority

Definition at line 19 of file database.c.

Referenced by LsapInitSids().

◆ NtAuthority

◆ NullSidAuthority

Definition at line 17 of file database.c.

Referenced by LsapInitSids().

◆ SecurityKeyHandle

HANDLE SecurityKeyHandle = NULL
static

◆ WorldSidAuthority