ReactOS 0.4.16-dev-109-gf4cb10f
privileges.c File Reference
#include "lsasrv.h"
#include "resources.h"
Include dependency graph for privileges.c:

Go to the source code of this file.

Classes

struct  PRIVILEGE_DATA
 
struct  RIGHT_DATA
 

Functions

NTSTATUS LsarpLookupPrivilegeName (PLUID Value, PRPC_UNICODE_STRING *Name)
 
NTSTATUS LsarpLookupPrivilegeDisplayName (PRPC_UNICODE_STRING Name, USHORT ClientLanguage, USHORT ClientSystemDefaultLanguage, PRPC_UNICODE_STRING *DisplayName, USHORT *LanguageReturned)
 
PLUID LsarpLookupPrivilegeValue (IN PRPC_UNICODE_STRING Name)
 
NTSTATUS LsarpEnumeratePrivileges (DWORD *EnumerationContext, PLSAPR_PRIVILEGE_ENUM_BUFFER EnumerationBuffer, DWORD PreferedMaximumLength)
 
NTSTATUS LsapLookupAccountRightName (ULONG RightValue, PRPC_UNICODE_STRING *Name)
 
ACCESS_MASK LsapLookupAccountRightValue (IN PRPC_UNICODE_STRING Name)
 

Variables

static const PRIVILEGE_DATA WellKnownPrivileges []
 
static const RIGHT_DATA WellKnownRights []
 

Function Documentation

◆ LsapLookupAccountRightName()

NTSTATUS LsapLookupAccountRightName ( ULONG  RightValue,
PRPC_UNICODE_STRING Name 
)

Definition at line 343 of file privileges.c.

345{
346 PRPC_UNICODE_STRING NameBuffer;
347 ULONG i;
348
349 for (i = 0; i < ARRAYSIZE(WellKnownRights); i++)
350 {
351 if (WellKnownRights[i].Flag == RightValue)
352 {
353 NameBuffer = MIDL_user_allocate(sizeof(RPC_UNICODE_STRING));
354 if (NameBuffer == NULL)
355 return STATUS_NO_MEMORY;
356
357 NameBuffer->Length = (USHORT)wcslen(WellKnownRights[i].Name) * sizeof(WCHAR);
358 NameBuffer->MaximumLength = NameBuffer->Length + sizeof(WCHAR);
359
360 NameBuffer->Buffer = MIDL_user_allocate(NameBuffer->MaximumLength);
361 if (NameBuffer->Buffer == NULL)
362 {
363 MIDL_user_free(NameBuffer);
365 }
366
367 wcscpy(NameBuffer->Buffer, WellKnownRights[i].Name);
368
369 *Name = NameBuffer;
370
371 return STATUS_SUCCESS;
372 }
373 }
374
376}
#define NULL
Definition: types.h:112
#define ARRAYSIZE(array)
Definition: filtermapper.c:47
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
_CRTIMP size_t __cdecl wcslen(_In_z_ const wchar_t *_Str)
void *__RPC_USER MIDL_user_allocate(SIZE_T size)
Definition: irotp.c:371
void __RPC_USER MIDL_user_free(void *p)
Definition: irotp.c:376
#define STATUS_NO_SUCH_PRIVILEGE
Definition: ntstatus.h:332
#define STATUS_NO_MEMORY
Definition: ntstatus.h:260
unsigned short USHORT
Definition: pedump.c:61
static const RIGHT_DATA WellKnownRights[]
Definition: privileges.c:62
_CRTIMP wchar_t *__cdecl wcscpy(_Out_writes_z_(_String_length_(_Source)+1) wchar_t *_Dest, _In_z_ const wchar_t *_Source)
#define STATUS_SUCCESS
Definition: shellext.h:65
Definition: xml2sdb.h:80
LPCWSTR Name
Definition: privileges.c:23
unsigned short Length
Definition: msv1_0.h:22
unsigned short MaximumLength
Definition: msv1_0.h:23
wchar_t * Buffer
Definition: msv1_0.h:24
uint32_t ULONG
Definition: typedefs.h:59
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
__wchar_t WCHAR
Definition: xmlstorage.h:180

Referenced by LsarEnumerateAccountRights().

◆ LsapLookupAccountRightValue()

ACCESS_MASK LsapLookupAccountRightValue ( IN PRPC_UNICODE_STRING  Name)

Definition at line 380 of file privileges.c.

382{
383 ULONG i;
384
385 if (Name->Length == 0 || Name->Buffer == NULL)
386 return 0;
387
388 for (i = 0; i < ARRAYSIZE(WellKnownRights); i++)
389 {
390 if (_wcsicmp(Name->Buffer, WellKnownRights[i].Name) == 0)
391 return WellKnownRights[i].Flag;
392 }
393
394 return 0;
395}
_Check_return_ _CRTIMP int __cdecl _wcsicmp(_In_z_ const wchar_t *_Str1, _In_z_ const wchar_t *_Str2)

Referenced by LsarAddAccountRights(), LsarEnumerateAccountsWithUserRight(), and LsarRemoveAccountRights().

◆ LsarpEnumeratePrivileges()

NTSTATUS LsarpEnumeratePrivileges ( DWORD EnumerationContext,
PLSAPR_PRIVILEGE_ENUM_BUFFER  EnumerationBuffer,
DWORD  PreferedMaximumLength 
)

Definition at line 246 of file privileges.c.

249{
251 ULONG EnumIndex;
252 ULONG EnumCount = 0;
254 ULONG i;
255 BOOLEAN MoreEntries = FALSE;
257
258 EnumIndex = *EnumerationContext;
259
260 for (; EnumIndex < ARRAYSIZE(WellKnownPrivileges); EnumIndex++)
261 {
262 TRACE("EnumIndex: %lu\n", EnumIndex);
263 TRACE("Privilege Name: %S\n", WellKnownPrivileges[EnumIndex].Name);
264 TRACE("Name Length: %lu\n", wcslen(WellKnownPrivileges[EnumIndex].Name));
265
266 if ((RequiredLength +
267 wcslen(WellKnownPrivileges[EnumIndex].Name) * sizeof(WCHAR) +
268 sizeof(UNICODE_NULL) +
269 sizeof(LSAPR_POLICY_PRIVILEGE_DEF)) > PreferedMaximumLength)
270 {
271 MoreEntries = TRUE;
272 break;
273 }
274
275 RequiredLength += (wcslen(WellKnownPrivileges[EnumIndex].Name) * sizeof(WCHAR) +
276 sizeof(UNICODE_NULL) + sizeof(LSAPR_POLICY_PRIVILEGE_DEF));
277 EnumCount++;
278 }
279
280 TRACE("EnumCount: %lu\n", EnumCount);
281 TRACE("RequiredLength: %lu\n", RequiredLength);
282
283 if (EnumCount == 0)
284 goto done;
285
287 if (Privileges == NULL)
288 {
290 goto done;
291 }
292
293 EnumIndex = *EnumerationContext;
294
295 for (i = 0; i < EnumCount; i++, EnumIndex++)
296 {
297 Privileges[i].LocalValue = WellKnownPrivileges[EnumIndex].Luid;
298
299 Privileges[i].Name.Length = (USHORT)wcslen(WellKnownPrivileges[EnumIndex].Name) * sizeof(WCHAR);
300 Privileges[i].Name.MaximumLength = (USHORT)Privileges[i].Name.Length + sizeof(UNICODE_NULL);
301
302 Privileges[i].Name.Buffer = MIDL_user_allocate(Privileges[i].Name.MaximumLength);
303 if (Privileges[i].Name.Buffer == NULL)
304 {
306 goto done;
307 }
308
309 memcpy(Privileges[i].Name.Buffer,
310 WellKnownPrivileges[EnumIndex].Name,
311 Privileges[i].Name.Length);
312 }
313
314done:
315 if (NT_SUCCESS(Status))
316 {
317 EnumerationBuffer->Entries = EnumCount;
318 EnumerationBuffer->Privileges = Privileges;
319 *EnumerationContext += EnumCount;
320 }
321 else
322 {
323 if (Privileges != NULL)
324 {
325 for (i = 0; i < EnumCount; i++)
326 {
327 if (Privileges[i].Name.Buffer != NULL)
329 }
330
332 }
333 }
334
335 if ((Status == STATUS_SUCCESS) && (MoreEntries != FALSE))
337
338 return Status;
339}
unsigned char BOOLEAN
LONG NTSTATUS
Definition: precomp.h:26
#define TRUE
Definition: types.h:120
#define FALSE
Definition: types.h:117
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:33
Status
Definition: gdiplustypes.h:25
struct _LSAPR_POLICY_PRIVILEGE_DEF LSAPR_POLICY_PRIVILEGE_DEF
#define memcpy(s1, s2, n)
Definition: mkisofs.h:878
#define UNICODE_NULL
static const PRIVILEGE_DATA WellKnownPrivileges[]
Definition: privileges.c:29
#define TRACE(s)
Definition: solgame.cpp:4
LPCWSTR Name
Definition: privileges.c:16
PLSAPR_POLICY_PRIVILEGE_DEF Privileges
Definition: lsa.idl:88
#define STATUS_MORE_ENTRIES
Definition: udferr_usr.h:124
_In_ ULONG _Out_opt_ PULONG RequiredLength
Definition: wmifuncs.h:30
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:17

Referenced by LsarEnumeratePrivileges().

◆ LsarpLookupPrivilegeDisplayName()

NTSTATUS LsarpLookupPrivilegeDisplayName ( PRPC_UNICODE_STRING  Name,
USHORT  ClientLanguage,
USHORT  ClientSystemDefaultLanguage,
PRPC_UNICODE_STRING DisplayName,
USHORT LanguageReturned 
)

Definition at line 125 of file privileges.c.

130{
131 PRPC_UNICODE_STRING DisplayNameBuffer;
133 ULONG Index;
135
136 TRACE("LsarpLookupPrivilegeDisplayName(%p 0x%04hu 0x%04hu %p %p)\n",
137 Name, ClientLanguage, ClientSystemDefaultLanguage, DisplayName, LanguageReturned);
138
139 if (Name->Length == 0 || Name->Buffer == NULL)
141
142 hInstance = GetModuleHandleW(L"lsasrv.dll");
143
145 {
146 if (_wcsicmp(Name->Buffer, WellKnownPrivileges[Index].Name) == 0)
147 {
148 TRACE("Index: %u\n", Index);
151 ClientLanguage);
152 if (nLength != 0)
153 {
154 DisplayNameBuffer = MIDL_user_allocate(sizeof(RPC_UNICODE_STRING));
155 if (DisplayNameBuffer == NULL)
156 return STATUS_NO_MEMORY;
157
158 DisplayNameBuffer->Length = nLength * sizeof(WCHAR);
159 DisplayNameBuffer->MaximumLength = DisplayNameBuffer->Length + sizeof(WCHAR);
160
161 DisplayNameBuffer->Buffer = MIDL_user_allocate(DisplayNameBuffer->MaximumLength);
162 if (DisplayNameBuffer->Buffer == NULL)
163 {
164 MIDL_user_free(DisplayNameBuffer);
165 return STATUS_NO_MEMORY;
166 }
167
170 ClientLanguage,
171 DisplayNameBuffer->Buffer,
172 nLength);
173
174 *DisplayName = DisplayNameBuffer;
175 *LanguageReturned = ClientLanguage;
176 }
177 else
178 {
181 ClientSystemDefaultLanguage);
182 if (nLength != 0)
183 {
184 DisplayNameBuffer = MIDL_user_allocate(sizeof(RPC_UNICODE_STRING));
185 if (DisplayNameBuffer == NULL)
186 return STATUS_NO_MEMORY;
187
188 DisplayNameBuffer->Length = nLength * sizeof(WCHAR);
189 DisplayNameBuffer->MaximumLength = DisplayNameBuffer->Length + sizeof(WCHAR);
190
191 DisplayNameBuffer->Buffer = MIDL_user_allocate(DisplayNameBuffer->MaximumLength);
192 if (DisplayNameBuffer->Buffer == NULL)
193 {
194 MIDL_user_free(DisplayNameBuffer);
195 return STATUS_NO_MEMORY;
196 }
197
200 ClientSystemDefaultLanguage,
201 DisplayNameBuffer->Buffer,
202 nLength);
203
204 *DisplayName = DisplayNameBuffer;
205 *LanguageReturned = ClientSystemDefaultLanguage;
206 }
207 else
208 {
210#if 0
213 0x409);
214#endif
215 }
216 }
217
218 return STATUS_SUCCESS;
219 }
220 }
221
223}
HINSTANCE hInstance
Definition: charmap.c:19
HMODULE WINAPI GetModuleHandleW(LPCWSTR lpModuleName)
Definition: loader.c:838
INT LsapLoadStringEx(_In_ HINSTANCE hInstance, _In_ UINT uId, _In_ USHORT usLanguage, _Out_ LPWSTR lpBuffer, _Out_ INT nBufferMax)
Definition: utils.c:99
INT LsapGetResourceStringLengthEx(_In_ HINSTANCE hInstance, _In_ UINT uId, _In_ USHORT usLanguage)
Definition: utils.c:64
#define IDS_CREATE_TOKEN_PRIVILEGE
Definition: resources.h:53
unsigned int UINT
Definition: ndis.h:50
#define L(x)
Definition: ntvdm.h:50
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
_In_ WDFCOLLECTION _In_ ULONG Index
_In_ DWORD nLength
Definition: wincon.h:473

Referenced by LsarLookupPrivilegeDisplayName().

◆ LsarpLookupPrivilegeName()

NTSTATUS LsarpLookupPrivilegeName ( PLUID  Value,
PRPC_UNICODE_STRING Name 
)

Definition at line 80 of file privileges.c.

82{
83 PRPC_UNICODE_STRING NameBuffer;
84 ULONG Priv;
85
86 if (Value->HighPart != 0 ||
89 {
91 }
92
93 for (Priv = 0; Priv < ARRAYSIZE(WellKnownPrivileges); Priv++)
94 {
95 if (Value->LowPart == WellKnownPrivileges[Priv].Luid.LowPart &&
96 Value->HighPart == WellKnownPrivileges[Priv].Luid.HighPart)
97 {
98 NameBuffer = MIDL_user_allocate(sizeof(RPC_UNICODE_STRING));
99 if (NameBuffer == NULL)
100 return STATUS_NO_MEMORY;
101
102 NameBuffer->Length = (USHORT)wcslen(WellKnownPrivileges[Priv].Name) * sizeof(WCHAR);
103 NameBuffer->MaximumLength = NameBuffer->Length + sizeof(WCHAR);
104
105 NameBuffer->Buffer = MIDL_user_allocate(NameBuffer->MaximumLength);
106 if (NameBuffer->Buffer == NULL)
107 {
108 MIDL_user_free(NameBuffer);
109 return STATUS_NO_MEMORY;
110 }
111
112 wcscpy(NameBuffer->Buffer, WellKnownPrivileges[Priv].Name);
113
114 *Name = NameBuffer;
115
116 return STATUS_SUCCESS;
117 }
118 }
119
121}
#define SE_MIN_WELL_KNOWN_PRIVILEGE
Definition: security.c:655
#define SE_MAX_WELL_KNOWN_PRIVILEGE
Definition: security.c:685
LONG HighPart
DWORD LowPart
_Must_inspect_result_ _In_ WDFKEY _In_ PCUNICODE_STRING _Out_opt_ PUSHORT _Inout_opt_ PUNICODE_STRING Value
Definition: wdfregistry.h:413

Referenced by LsarLookupPrivilegeName().

◆ LsarpLookupPrivilegeValue()

PLUID LsarpLookupPrivilegeValue ( IN PRPC_UNICODE_STRING  Name)

Definition at line 227 of file privileges.c.

229{
230 ULONG Priv;
231
232 if (Name->Length == 0 || Name->Buffer == NULL)
233 return NULL;
234
235 for (Priv = 0; Priv < ARRAYSIZE(WellKnownPrivileges); Priv++)
236 {
237 if (_wcsicmp(Name->Buffer, WellKnownPrivileges[Priv].Name) == 0)
238 return (PLUID)&(WellKnownPrivileges[Priv].Luid);
239 }
240
241 return NULL;
242}

Referenced by LsarAddAccountRights(), LsarEnumerateAccountsWithUserRight(), LsarLookupPrivilegeValue(), and LsarRemoveAccountRights().

Variable Documentation

◆ WellKnownPrivileges

◆ WellKnownRights

const RIGHT_DATA WellKnownRights[]
static
Initial value:
=
{
}
#define SECURITY_ACCESS_DENY_REMOTE_INTERACTIVE_LOGON
Definition: ntlsa.h:58
#define SECURITY_ACCESS_REMOTE_INTERACTIVE_LOGON
Definition: ntlsa.h:57
#define SECURITY_ACCESS_DENY_INTERACTIVE_LOGON
Definition: ntlsa.h:53
#define SECURITY_ACCESS_INTERACTIVE_LOGON
Definition: ntlsa.h:48
#define SECURITY_ACCESS_NETWORK_LOGON
Definition: ntlsa.h:49
#define SECURITY_ACCESS_DENY_SERVICE_LOGON
Definition: ntlsa.h:56
#define SECURITY_ACCESS_DENY_BATCH_LOGON
Definition: ntlsa.h:55
#define SECURITY_ACCESS_SERVICE_LOGON
Definition: ntlsa.h:51
#define SECURITY_ACCESS_BATCH_LOGON
Definition: ntlsa.h:50
#define SECURITY_ACCESS_DENY_NETWORK_LOGON
Definition: ntlsa.h:54
#define SE_DENY_INTERACTIVE_LOGON_NAME
Definition: ntsecapi.h:108
#define SE_REMOTE_INTERACTIVE_LOGON_NAME
Definition: ntsecapi.h:112
#define SE_INTERACTIVE_LOGON_NAME
Definition: ntsecapi.h:104
#define SE_NETWORK_LOGON_NAME
Definition: ntsecapi.h:105
#define SE_DENY_BATCH_LOGON_NAME
Definition: ntsecapi.h:110
#define SE_DENY_REMOTE_INTERACTIVE_LOGON_NAME
Definition: ntsecapi.h:113
#define SE_DENY_SERVICE_LOGON_NAME
Definition: ntsecapi.h:111
#define SE_SERVICE_LOGON_NAME
Definition: ntsecapi.h:107
#define SE_DENY_NETWORK_LOGON_NAME
Definition: ntsecapi.h:109
#define SE_BATCH_LOGON_NAME
Definition: ntsecapi.h:106

Definition at line 62 of file privileges.c.

Referenced by LsapLookupAccountRightName(), and LsapLookupAccountRightValue().