ReactOS 0.4.15-dev-8241-g63935f8
lsarpc.c File Reference
#include "lsasrv.h"
Include dependency graph for lsarpc.c:

Go to the source code of this file.

Functions

NTSTATUS LsarStartRpcServer (VOID)
 
void __RPC_USER LSAPR_HANDLE_rundown (LSAPR_HANDLE hHandle)
 
NTSTATUS WINAPI LsarClose (LSAPR_HANDLE *ObjectHandle)
 
NTSTATUS WINAPI LsarDelete (LSAPR_HANDLE ObjectHandle)
 
NTSTATUS WINAPI LsarEnumeratePrivileges (LSAPR_HANDLE PolicyHandle, DWORD *EnumerationContext, PLSAPR_PRIVILEGE_ENUM_BUFFER EnumerationBuffer, DWORD PreferedMaximumLength)
 
NTSTATUS WINAPI LsarQuerySecurityObject (LSAPR_HANDLE ObjectHandle, SECURITY_INFORMATION SecurityInformation, PLSAPR_SR_SECURITY_DESCRIPTOR *SecurityDescriptor)
 
NTSTATUS WINAPI LsarSetSecurityObject (LSAPR_HANDLE ObjectHandle, SECURITY_INFORMATION SecurityInformation, PLSAPR_SR_SECURITY_DESCRIPTOR SecurityDescriptor)
 
NTSTATUS WINAPI LsarChangePassword (handle_t IDL_handle, PRPC_UNICODE_STRING String1, PRPC_UNICODE_STRING String2, PRPC_UNICODE_STRING String3, PRPC_UNICODE_STRING String4, PRPC_UNICODE_STRING String5)
 
NTSTATUS WINAPI LsarOpenPolicy (LPWSTR SystemName, PLSAPR_OBJECT_ATTRIBUTES ObjectAttributes, ACCESS_MASK DesiredAccess, LSAPR_HANDLE *PolicyHandle)
 
NTSTATUS WINAPI LsarQueryInformationPolicy (LSAPR_HANDLE PolicyHandle, POLICY_INFORMATION_CLASS InformationClass, PLSAPR_POLICY_INFORMATION *PolicyInformation)
 
NTSTATUS WINAPI LsarSetInformationPolicy (LSAPR_HANDLE PolicyHandle, POLICY_INFORMATION_CLASS InformationClass, PLSAPR_POLICY_INFORMATION PolicyInformation)
 
NTSTATUS WINAPI LsarClearAuditLog (LSAPR_HANDLE ObjectHandle)
 
NTSTATUS LsarpCreateAccount (PLSA_DB_OBJECT PolicyObject, PRPC_SID AccountSid, ACCESS_MASK DesiredAccess, PLSA_DB_OBJECT *AccountObject)
 
NTSTATUS WINAPI LsarCreateAccount (LSAPR_HANDLE PolicyHandle, PRPC_SID AccountSid, ACCESS_MASK DesiredAccess, LSAPR_HANDLE *AccountHandle)
 
NTSTATUS WINAPI LsarEnumerateAccounts (LSAPR_HANDLE PolicyHandle, DWORD *EnumerationContext, PLSAPR_ACCOUNT_ENUM_BUFFER EnumerationBuffer, DWORD PreferedMaximumLength)
 
NTSTATUS WINAPI LsarCreateTrustedDomain (LSAPR_HANDLE PolicyHandle, PLSAPR_TRUST_INFORMATION TrustedDomainInformation, ACCESS_MASK DesiredAccess, LSAPR_HANDLE *TrustedDomainHandle)
 
NTSTATUS WINAPI LsarEnumerateTrustedDomains (LSAPR_HANDLE PolicyHandle, DWORD *EnumerationContext, PLSAPR_TRUSTED_ENUM_BUFFER EnumerationBuffer, DWORD PreferedMaximumLength)
 
NTSTATUS WINAPI LsarLookupNames (LSAPR_HANDLE PolicyHandle, DWORD Count, PRPC_UNICODE_STRING Names, PLSAPR_REFERENCED_DOMAIN_LIST *ReferencedDomains, PLSAPR_TRANSLATED_SIDS TranslatedSids, LSAP_LOOKUP_LEVEL LookupLevel, DWORD *MappedCount)
 
NTSTATUS WINAPI LsarLookupSids (LSAPR_HANDLE PolicyHandle, PLSAPR_SID_ENUM_BUFFER SidEnumBuffer, PLSAPR_REFERENCED_DOMAIN_LIST *ReferencedDomains, PLSAPR_TRANSLATED_NAMES TranslatedNames, LSAP_LOOKUP_LEVEL LookupLevel, DWORD *MappedCount)
 
NTSTATUS WINAPI LsarCreateSecret (LSAPR_HANDLE PolicyHandle, PRPC_UNICODE_STRING SecretName, ACCESS_MASK DesiredAccess, LSAPR_HANDLE *SecretHandle)
 
static NTSTATUS LsarpOpenAccount (IN PLSA_DB_OBJECT PolicyObject, IN PRPC_SID AccountSid, IN ACCESS_MASK DesiredAccess, OUT PLSA_DB_OBJECT *AccountObject)
 
NTSTATUS WINAPI LsarOpenAccount (LSAPR_HANDLE PolicyHandle, PRPC_SID AccountSid, ACCESS_MASK DesiredAccess, LSAPR_HANDLE *AccountHandle)
 
NTSTATUS WINAPI LsarEnumeratePrivilegesAccount (LSAPR_HANDLE AccountHandle, PLSAPR_PRIVILEGE_SET *Privileges)
 
NTSTATUS WINAPI LsarAddPrivilegesToAccount (LSAPR_HANDLE AccountHandle, PLSAPR_PRIVILEGE_SET Privileges)
 
NTSTATUS WINAPI LsarRemovePrivilegesFromAccount (LSAPR_HANDLE AccountHandle, BOOLEAN AllPrivileges, PLSAPR_PRIVILEGE_SET Privileges)
 
NTSTATUS WINAPI LsarGetQuotasForAccount (LSAPR_HANDLE AccountHandle, PQUOTA_LIMITS QuotaLimits)
 
NTSTATUS WINAPI LsarSetQuotasForAccount (LSAPR_HANDLE AccountHandle, PQUOTA_LIMITS QuotaLimits)
 
NTSTATUS WINAPI LsarGetSystemAccessAccount (LSAPR_HANDLE AccountHandle, ACCESS_MASK *SystemAccess)
 
NTSTATUS WINAPI LsarSetSystemAccessAccount (LSAPR_HANDLE AccountHandle, ACCESS_MASK SystemAccess)
 
NTSTATUS WINAPI LsarOpenTrustedDomain (LSAPR_HANDLE PolicyHandle, PRPC_SID TrustedDomainSid, ACCESS_MASK DesiredAccess, LSAPR_HANDLE *TrustedDomainHandle)
 
NTSTATUS WINAPI LsarQueryInfoTrustedDomain (LSAPR_HANDLE TrustedDomainHandle, TRUSTED_INFORMATION_CLASS InformationClass, PLSAPR_TRUSTED_DOMAIN_INFO *TrustedDomainInformation)
 
NTSTATUS WINAPI LsarSetInformationTrustedDomain (LSAPR_HANDLE TrustedDomainHandle, TRUSTED_INFORMATION_CLASS InformationClass, PLSAPR_TRUSTED_DOMAIN_INFO TrustedDomainInformation)
 
NTSTATUS WINAPI LsarOpenSecret (LSAPR_HANDLE PolicyHandle, PRPC_UNICODE_STRING SecretName, ACCESS_MASK DesiredAccess, LSAPR_HANDLE *SecretHandle)
 
NTSTATUS WINAPI LsarSetSecret (LSAPR_HANDLE SecretHandle, PLSAPR_CR_CIPHER_VALUE EncryptedCurrentValue, PLSAPR_CR_CIPHER_VALUE EncryptedOldValue)
 
NTSTATUS WINAPI LsarQuerySecret (LSAPR_HANDLE SecretHandle, PLSAPR_CR_CIPHER_VALUE *EncryptedCurrentValue, PLARGE_INTEGER CurrentValueSetTime, PLSAPR_CR_CIPHER_VALUE *EncryptedOldValue, PLARGE_INTEGER OldValueSetTime)
 
NTSTATUS WINAPI LsarLookupPrivilegeValue (LSAPR_HANDLE PolicyHandle, PRPC_UNICODE_STRING Name, PLUID Value)
 
NTSTATUS WINAPI LsarLookupPrivilegeName (LSAPR_HANDLE PolicyHandle, PLUID Value, PRPC_UNICODE_STRING *Name)
 
NTSTATUS WINAPI LsarLookupPrivilegeDisplayName (LSAPR_HANDLE PolicyHandle, PRPC_UNICODE_STRING Name, USHORT ClientLanguage, USHORT ClientSystemDefaultLanguage, PRPC_UNICODE_STRING *DisplayName, USHORT *LanguageReturned)
 
NTSTATUS WINAPI LsarDeleteObject (LSAPR_HANDLE *ObjectHandle)
 
NTSTATUS WINAPI LsarEnumerateAccountsWithUserRight (LSAPR_HANDLE PolicyHandle, PRPC_UNICODE_STRING UserRight, PLSAPR_ACCOUNT_ENUM_BUFFER EnumerationBuffer)
 
NTSTATUS WINAPI LsarEnumerateAccountRights (LSAPR_HANDLE PolicyHandle, PRPC_SID AccountSid, PLSAPR_USER_RIGHT_SET UserRights)
 
NTSTATUS WINAPI LsarAddAccountRights (LSAPR_HANDLE PolicyHandle, PRPC_SID AccountSid, PLSAPR_USER_RIGHT_SET UserRights)
 
NTSTATUS WINAPI LsarRemoveAccountRights (LSAPR_HANDLE PolicyHandle, PRPC_SID AccountSid, BOOLEAN AllRights, PLSAPR_USER_RIGHT_SET UserRights)
 
NTSTATUS WINAPI LsarQueryTrustedDomainInfo (LSAPR_HANDLE PolicyHandle, PRPC_SID TrustedDomainSid, TRUSTED_INFORMATION_CLASS InformationClass, PLSAPR_TRUSTED_DOMAIN_INFO *TrustedDomainInformation)
 
NTSTATUS WINAPI LsarSetTrustedDomainInfo (LSAPR_HANDLE PolicyHandle, PRPC_SID TrustedDomainSid, TRUSTED_INFORMATION_CLASS InformationClass, PLSAPR_TRUSTED_DOMAIN_INFO TrustedDomainInformation)
 
NTSTATUS WINAPI LsarDeleteTrustedDomain (LSAPR_HANDLE PolicyHandle, PRPC_SID TrustedDomainSid)
 
NTSTATUS WINAPI LsarStorePrivateData (LSAPR_HANDLE PolicyHandle, PRPC_UNICODE_STRING KeyName, PLSAPR_CR_CIPHER_VALUE EncryptedData)
 
NTSTATUS WINAPI LsarRetrievePrivateData (LSAPR_HANDLE PolicyHandle, PRPC_UNICODE_STRING KeyName, PLSAPR_CR_CIPHER_VALUE *EncryptedData)
 
NTSTATUS WINAPI LsarOpenPolicy2 (LPWSTR SystemName, PLSAPR_OBJECT_ATTRIBUTES ObjectAttributes, ACCESS_MASK DesiredAccess, LSAPR_HANDLE *PolicyHandle)
 
NTSTATUS WINAPI LsarGetUserName (LPWSTR SystemName, PRPC_UNICODE_STRING *UserName, PRPC_UNICODE_STRING *DomainName)
 
NTSTATUS WINAPI LsarQueryInformationPolicy2 (LSAPR_HANDLE PolicyHandle, POLICY_INFORMATION_CLASS InformationClass, PLSAPR_POLICY_INFORMATION *PolicyInformation)
 
NTSTATUS WINAPI LsarSetInformationPolicy2 (LSAPR_HANDLE PolicyHandle, POLICY_INFORMATION_CLASS InformationClass, PLSAPR_POLICY_INFORMATION PolicyInformation)
 
NTSTATUS WINAPI LsarQueryTrustedDomainInfoByName (LSAPR_HANDLE PolicyHandle, PRPC_UNICODE_STRING TrustedDomainName, POLICY_INFORMATION_CLASS InformationClass, PLSAPR_TRUSTED_DOMAIN_INFO *PolicyInformation)
 
NTSTATUS WINAPI LsarSetTrustedDomainInfoByName (LSAPR_HANDLE PolicyHandle, PRPC_UNICODE_STRING TrustedDomainName, POLICY_INFORMATION_CLASS InformationClass, PLSAPR_TRUSTED_DOMAIN_INFO PolicyInformation)
 
NTSTATUS WINAPI LsarEnumerateTrustedDomainsEx (LSAPR_HANDLE PolicyHandle, DWORD *EnumerationContext, PLSAPR_TRUSTED_ENUM_BUFFER_EX EnumerationBuffer, DWORD PreferedMaximumLength)
 
NTSTATUS WINAPI LsarCreateTrustedDomainEx (LSAPR_HANDLE PolicyHandle, PLSAPR_TRUSTED_DOMAIN_INFORMATION_EX TrustedDomainInformation, PLSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION AuthentificationInformation, ACCESS_MASK DesiredAccess, LSAPR_HANDLE *TrustedDomainHandle)
 
NTSTATUS WINAPI LsarSetPolicyReplicationHandle (PLSAPR_HANDLE PolicyHandle)
 
NTSTATUS WINAPI LsarQueryDomainInformationPolicy (LSAPR_HANDLE PolicyHandle, POLICY_INFORMATION_CLASS InformationClass, PLSAPR_POLICY_DOMAIN_INFORMATION *PolicyInformation)
 
NTSTATUS WINAPI LsarSetDomainInformationPolicy (LSAPR_HANDLE PolicyHandle, POLICY_INFORMATION_CLASS InformationClass, PLSAPR_POLICY_DOMAIN_INFORMATION PolicyInformation)
 
NTSTATUS WINAPI LsarOpenTrustedDomainByName (LSAPR_HANDLE PolicyHandle, PRPC_UNICODE_STRING TrustedDomainName, ACCESS_MASK DesiredAccess, LSAPR_HANDLE *TrustedDomainHandle)
 
NTSTATUS WINAPI LsarTestCall (handle_t hBinding)
 
NTSTATUS WINAPI LsarLookupSids2 (LSAPR_HANDLE PolicyHandle, PLSAPR_SID_ENUM_BUFFER SidEnumBuffer, PLSAPR_REFERENCED_DOMAIN_LIST *ReferencedDomains, PLSAPR_TRANSLATED_NAMES_EX TranslatedNames, LSAP_LOOKUP_LEVEL LookupLevel, DWORD *MappedCount, DWORD LookupOptions, DWORD ClientRevision)
 
NTSTATUS WINAPI LsarLookupNames2 (LSAPR_HANDLE PolicyHandle, DWORD Count, PRPC_UNICODE_STRING Names, PLSAPR_REFERENCED_DOMAIN_LIST *ReferencedDomains, PLSAPR_TRANSLATED_SIDS_EX TranslatedSids, LSAP_LOOKUP_LEVEL LookupLevel, DWORD *MappedCount, DWORD LookupOptions, DWORD ClientRevision)
 
NTSTATUS WINAPI LsarCreateTrustedDomainEx2 (LSAPR_HANDLE PolicyHandle, PLSAPR_TRUSTED_DOMAIN_INFORMATION_EX TrustedDomainInformation, PLSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION_INTERNAL AuthentificationInformation, ACCESS_MASK DesiredAccess, LSAPR_HANDLE *TrustedDomainHandle)
 
NTSTATUS WINAPI CredrWrite (PLSAPR_SERVER_NAME SystemName)
 
NTSTATUS WINAPI CredrRead (PLSAPR_SERVER_NAME SystemName)
 
NTSTATUS WINAPI CredrEnumerate (PLSAPR_SERVER_NAME SystemName)
 
NTSTATUS WINAPI CredrWriteDomainCredentials (PLSAPR_SERVER_NAME SystemName)
 
NTSTATUS WINAPI CredrReadDomainCredentials (PLSAPR_SERVER_NAME SystemName)
 
NTSTATUS WINAPI CredrDelete (PLSAPR_SERVER_NAME SystemName, LPWSTR TargetName, DWORD Type, DWORD Flags)
 
NTSTATUS WINAPI CredrGetTargetInfo (PLSAPR_SERVER_NAME SystemName, LPWSTR TargetName, DWORD Flags, CREDPR_TARGET_INFORMATION *TargetInformation)
 
NTSTATUS WINAPI CredrProfileLoaded (PLSAPR_SERVER_NAME SystemName)
 
NTSTATUS WINAPI LsarLookupNames3 (LSAPR_HANDLE PolicyHandle, DWORD Count, PRPC_UNICODE_STRING Names, PLSAPR_REFERENCED_DOMAIN_LIST *ReferencedDomains, PLSAPR_TRANSLATED_SIDS_EX2 TranslatedSids, LSAP_LOOKUP_LEVEL LookupLevel, DWORD *MappedCount, DWORD LookupOptions, DWORD ClientRevision)
 
NTSTATUS WINAPI CredrGetSessionTypes (PLSAPR_SERVER_NAME SystemName, DWORD MaximumPersistCount, DWORD *MaximumPersist)
 
NTSTATUS WINAPI LsarRegisterAuditEvent (handle_t hBinding)
 
NTSTATUS WINAPI LsarGenAuditEvent (handle_t hBinding)
 
NTSTATUS WINAPI LsarUnregisterAuditEvent (handle_t hBinding)
 
NTSTATUS WINAPI LsarQueryForestTrustInformation (LSAPR_HANDLE PolicyHandle, PLSA_UNICODE_STRING TrustedDomainName, LSA_FOREST_TRUST_RECORD_TYPE HighestRecordType, PLSA_FOREST_TRUST_INFORMATION *ForestTrustInfo)
 
NTSTATUS WINAPI LsarSetForestTrustInformation (LSAPR_HANDLE PolicyHandle, PLSA_UNICODE_STRING TrustedDomainName, LSA_FOREST_TRUST_RECORD_TYPE HighestRecordType, PLSA_FOREST_TRUST_INFORMATION ForestTrustInfo, BOOLEAN CheckOnly, PLSA_FOREST_TRUST_COLLISION_INFORMATION *CollisionInfo)
 
NTSTATUS WINAPI CredrRename (PLSAPR_SERVER_NAME SystemName, LPWSTR OldTargetName, LPWSTR NewTargetName, DWORD Type, DWORD Flags)
 
NTSTATUS WINAPI LsarLookupSids3 (LSAPR_HANDLE PolicyHandle, PLSAPR_SID_ENUM_BUFFER SidEnumBuffer, PLSAPR_REFERENCED_DOMAIN_LIST *ReferencedDomains, PLSAPR_TRANSLATED_NAMES_EX TranslatedNames, LSAP_LOOKUP_LEVEL LookupLevel, DWORD *MappedCount, DWORD LookupOptions, DWORD ClientRevision)
 
NTSTATUS WINAPI LsarLookupNames4 (handle_t RpcHandle, DWORD Count, PRPC_UNICODE_STRING Names, PLSAPR_REFERENCED_DOMAIN_LIST *ReferencedDomains, PLSAPR_TRANSLATED_SIDS_EX2 TranslatedSids, LSAP_LOOKUP_LEVEL LookupLevel, DWORD *MappedCount, DWORD LookupOptions, DWORD ClientRevision)
 
NTSTATUS WINAPI LsarOpenPolicySce (LPWSTR SystemName, PLSAPR_OBJECT_ATTRIBUTES ObjectAttributes, ACCESS_MASK DesiredAccess, LSAPR_HANDLE *PolicyHandle)
 
NTSTATUS WINAPI LsarAdtRegisterSecurityEventSource (handle_t hBinding)
 
NTSTATUS WINAPI LsarAdtUnregisterSecurityEventSource (handle_t hBinding)
 
NTSTATUS WINAPI LsarAdtReportSecurityEvent (handle_t hBinding)
 

Variables

static RTL_CRITICAL_SECTION PolicyHandleTableLock
 
static GENERIC_MAPPING LsapPolicyMapping
 
static GENERIC_MAPPING LsapAccountMapping
 
static GENERIC_MAPPING LsapSecretMapping
 

Function Documentation

◆ CredrDelete()

NTSTATUS WINAPI CredrDelete ( PLSAPR_SERVER_NAME  SystemName,
LPWSTR  TargetName,
DWORD  Type,
DWORD  Flags 
)

Definition at line 4099 of file lsarpc.c.

4104{
4107}
#define UNIMPLEMENTED
Definition: debug.h:118
#define STATUS_NOT_IMPLEMENTED
Definition: ntstatus.h:239

◆ CredrEnumerate()

NTSTATUS WINAPI CredrEnumerate ( PLSAPR_SERVER_NAME  SystemName)

Definition at line 4066 of file lsarpc.c.

4068{
4071}

◆ CredrGetSessionTypes()

NTSTATUS WINAPI CredrGetSessionTypes ( PLSAPR_SERVER_NAME  SystemName,
DWORD  MaximumPersistCount,
DWORD MaximumPersist 
)

Definition at line 4178 of file lsarpc.c.

4182{
4185}

◆ CredrGetTargetInfo()

NTSTATUS WINAPI CredrGetTargetInfo ( PLSAPR_SERVER_NAME  SystemName,
LPWSTR  TargetName,
DWORD  Flags,
CREDPR_TARGET_INFORMATION TargetInformation 
)

Definition at line 4113 of file lsarpc.c.

4118{
4121}

◆ CredrProfileLoaded()

NTSTATUS WINAPI CredrProfileLoaded ( PLSAPR_SERVER_NAME  SystemName)

Definition at line 4127 of file lsarpc.c.

4129{
4132}

◆ CredrRead()

NTSTATUS WINAPI CredrRead ( PLSAPR_SERVER_NAME  SystemName)

Definition at line 4055 of file lsarpc.c.

4057{
4060}

◆ CredrReadDomainCredentials()

NTSTATUS WINAPI CredrReadDomainCredentials ( PLSAPR_SERVER_NAME  SystemName)

Definition at line 4088 of file lsarpc.c.

4090{
4093}

◆ CredrRename()

NTSTATUS WINAPI CredrRename ( PLSAPR_SERVER_NAME  SystemName,
LPWSTR  OldTargetName,
LPWSTR  NewTargetName,
DWORD  Type,
DWORD  Flags 
)

Definition at line 4254 of file lsarpc.c.

4260{
4263}

◆ CredrWrite()

NTSTATUS WINAPI CredrWrite ( PLSAPR_SERVER_NAME  SystemName)

Definition at line 4044 of file lsarpc.c.

4046{
4049}

◆ CredrWriteDomainCredentials()

NTSTATUS WINAPI CredrWriteDomainCredentials ( PLSAPR_SERVER_NAME  SystemName)

Definition at line 4077 of file lsarpc.c.

4079{
4082}

◆ LSAPR_HANDLE_rundown()

void __RPC_USER LSAPR_HANDLE_rundown ( LSAPR_HANDLE  hHandle)

Definition at line 116 of file lsarpc.c.

118{
119}

◆ LsarAddAccountRights()

NTSTATUS WINAPI LsarAddAccountRights ( LSAPR_HANDLE  PolicyHandle,
PRPC_SID  AccountSid,
PLSAPR_USER_RIGHT_SET  UserRights 
)

Definition at line 3003 of file lsarpc.c.

3007{
3008 PLSA_DB_OBJECT PolicyObject;
3009 PLSA_DB_OBJECT AccountObject = NULL;
3010 ULONG ulNewPrivileges = 0, ulNewRights = 0;
3011 ACCESS_MASK SystemAccess = 0;
3012 ULONG Size, Value, i, j;
3013 PPRIVILEGE_SET PrivilegeSet = NULL;
3014 ULONG PrivilegeSetBufferSize = 0;
3015 ULONG PrivilegeCount;
3016 BOOLEAN bFound;
3017 PLUID pLuid;
3019
3020 TRACE("LsarAddAccountRights(%p %p %p)\n",
3021 PolicyHandle, AccountSid, UserRights);
3022
3023 /* Validate the AccountSid */
3024 if (!RtlValidSid(AccountSid))
3026
3027 /* Validate the UserRights */
3028 if (UserRights == NULL)
3030
3031 /* Validate the privilege and account right names */
3032 for (i = 0; i < UserRights->Entries; i++)
3033 {
3034 if (LsarpLookupPrivilegeValue(&UserRights->UserRights[i]) != NULL)
3035 {
3036 ulNewPrivileges++;
3037 }
3038 else
3039 {
3040 if (LsapLookupAccountRightValue(&UserRights->UserRights[i]) == 0)
3042
3043 ulNewRights++;
3044 }
3045 }
3046
3047 TRACE("ulNewPrivileges: %lu\n", ulNewPrivileges);
3048 TRACE("ulNewRights: %lu\n", ulNewRights);
3049
3050 /* Validate the PolicyHandle */
3051 Status = LsapValidateDbObject(PolicyHandle,
3054 &PolicyObject);
3055 if (!NT_SUCCESS(Status))
3056 {
3057 WARN("LsapValidateDbObject returned 0x%08lx\n", Status);
3058 return Status;
3059 }
3060
3061 /* Open the account */
3062 Status = LsarpOpenAccount(PolicyObject,
3063 AccountSid,
3064 0,
3065 &AccountObject);
3067 {
3068 WARN("LsarpOpenAccount returned 0x%08lx\n", Status);
3069 goto done;
3070 }
3072 {
3073 /* Create a new account if it does not yet exist */
3074 Status = LsarpCreateAccount(PolicyObject,
3075 AccountSid,
3076 0,
3077 &AccountObject);
3078 if (!NT_SUCCESS(Status))
3079 {
3080 WARN("LsarpCreateAccount returned 0x%08lx\n", Status);
3081 goto done;
3082 }
3083 }
3084
3085 if (ulNewPrivileges > 0)
3086 {
3087 Size = 0;
3088
3089 /* Get the size of the Privilgs attribute */
3090 Status = LsapGetObjectAttribute(AccountObject,
3091 L"Privilgs",
3092 NULL,
3093 &Size);
3095 goto done;
3096
3097 /* Calculate the required privilege set buffer size */
3098 if (Size == 0)
3099 PrivilegeSetBufferSize = sizeof(PRIVILEGE_SET) +
3100 (ulNewPrivileges - 1) * sizeof(LUID_AND_ATTRIBUTES);
3101 else
3102 PrivilegeSetBufferSize = Size +
3103 ulNewPrivileges * sizeof(LUID_AND_ATTRIBUTES);
3104
3105 /* Allocate the privilege set buffer */
3106 PrivilegeSet = RtlAllocateHeap(RtlGetProcessHeap(),
3108 PrivilegeSetBufferSize);
3109 if (PrivilegeSet == NULL)
3110 return STATUS_NO_MEMORY;
3111
3112 /* Get the privilege set */
3113 if (Size != 0)
3114 {
3115 Status = LsapGetObjectAttribute(AccountObject,
3116 L"Privilgs",
3117 PrivilegeSet,
3118 &Size);
3119 if (!NT_SUCCESS(Status))
3120 {
3121 WARN("LsapGetObjectAttribute() failed (Status 0x%08lx)\n", Status);
3122 goto done;
3123 }
3124 }
3125
3126 PrivilegeCount = PrivilegeSet->PrivilegeCount;
3127 TRACE("Privilege count: %lu\n", PrivilegeCount);
3128
3129 for (i = 0; i < UserRights->Entries; i++)
3130 {
3131 pLuid = LsarpLookupPrivilegeValue(&UserRights->UserRights[i]);
3132 if (pLuid == NULL)
3133 continue;
3134
3135 bFound = FALSE;
3136 for (j = 0; j < PrivilegeSet->PrivilegeCount; j++)
3137 {
3138 if (RtlEqualLuid(&(PrivilegeSet->Privilege[j].Luid), pLuid))
3139 {
3140 bFound = TRUE;
3141 break;
3142 }
3143 }
3144
3145 if (bFound == FALSE)
3146 {
3147 /* Copy the new privilege */
3148 RtlCopyMemory(&(PrivilegeSet->Privilege[PrivilegeSet->PrivilegeCount]),
3149 pLuid,
3150 sizeof(LUID));
3151 PrivilegeSet->PrivilegeCount++;
3152 }
3153 }
3154
3155 /* Store the extended privilege set */
3156 if (PrivilegeCount != PrivilegeSet->PrivilegeCount)
3157 {
3158 Size = sizeof(PRIVILEGE_SET) +
3159 (PrivilegeSet->PrivilegeCount - 1) * sizeof(LUID_AND_ATTRIBUTES);
3160
3161 Status = LsapSetObjectAttribute(AccountObject,
3162 L"Privilgs",
3163 PrivilegeSet,
3164 Size);
3165 if (!NT_SUCCESS(Status))
3166 {
3167 WARN("LsapSetObjectAttribute() failed (Status 0x%08lx)\n", Status);
3168 goto done;
3169 }
3170 }
3171 }
3172
3173 if (ulNewRights > 0)
3174 {
3175 Size = sizeof(ACCESS_MASK);
3176
3177 /* Get the system access flags, if the attribute exists */
3178 Status = LsapGetObjectAttribute(AccountObject,
3179 L"ActSysAc",
3180 &SystemAccess,
3181 &Size);
3183 goto done;
3184
3185 /* Set the new access rights */
3186 for (i = 0; i < UserRights->Entries; i++)
3187 {
3189 if (Value != 0)
3190 SystemAccess |= Value;
3191 }
3192
3193 /* Set the system access flags */
3194 Status = LsapSetObjectAttribute(AccountObject,
3195 L"ActSysAc",
3196 &SystemAccess,
3197 sizeof(ACCESS_MASK));
3198 }
3199
3200done:
3201 if (PrivilegeSet != NULL)
3202 RtlFreeHeap(RtlGetProcessHeap(), 0, PrivilegeSet);
3203
3204 if (AccountObject != NULL)
3205 LsapCloseDbObject(AccountObject);
3206
3207 return Status;
3208}
unsigned char BOOLEAN
LONG NTSTATUS
Definition: precomp.h:26
#define WARN(fmt,...)
Definition: debug.h:115
PVOID NTAPI RtlAllocateHeap(IN PVOID HeapHandle, IN ULONG Flags, IN SIZE_T Size)
Definition: heap.c:590
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
Definition: heap.c:608
#define NULL
Definition: types.h:112
#define TRUE
Definition: types.h:120
#define FALSE
Definition: types.h:117
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define HEAP_ZERO_MEMORY
Definition: compat.h:134
NTSTATUS LsapCloseDbObject(PLSA_DB_OBJECT DbObject)
Definition: database.c:870
NTSTATUS LsapValidateDbObject(LSAPR_HANDLE Handle, LSA_DB_OBJECT_TYPE ObjectType, ACCESS_MASK DesiredAccess, PLSA_DB_OBJECT *DbObject)
Definition: database.c:825
NTSTATUS LsapGetObjectAttribute(PLSA_DB_OBJECT DbObject, LPWSTR AttributeName, LPVOID AttributeData, PULONG AttributeSize)
Definition: database.c:1012
NTSTATUS LsapSetObjectAttribute(PLSA_DB_OBJECT DbObject, LPWSTR AttributeName, LPVOID AttributeData, ULONG AttributeSize)
Definition: database.c:961
PLUID LsarpLookupPrivilegeValue(IN PRPC_UNICODE_STRING Name)
Definition: privileges.c:227
ACCESS_MASK LsapLookupAccountRightValue(IN PRPC_UNICODE_STRING Name)
Definition: privileges.c:380
@ LsaDbPolicyObject
Definition: lsasrv.h:50
Status
Definition: gdiplustypes.h:25
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint GLint GLint j
Definition: glfuncs.h:250
NTSTATUS LsarpCreateAccount(PLSA_DB_OBJECT PolicyObject, PRPC_SID AccountSid, ACCESS_MASK DesiredAccess, PLSA_DB_OBJECT *AccountObject)
Definition: lsarpc.c:813
static NTSTATUS LsarpOpenAccount(IN PLSA_DB_OBJECT PolicyObject, IN PRPC_SID AccountSid, IN ACCESS_MASK DesiredAccess, OUT PLSA_DB_OBJECT *AccountObject)
Definition: lsarpc.c:1425
NTSYSAPI BOOLEAN NTAPI RtlValidSid(IN PSID Sid)
Definition: sid.c:21
ULONG ACCESS_MASK
Definition: nt_native.h:40
#define POLICY_LOOKUP_NAMES
Definition: ntsecapi.h:72
#define STATUS_NO_SUCH_PRIVILEGE
Definition: ntstatus.h:332
#define STATUS_NO_MEMORY
Definition: ntstatus.h:260
#define L(x)
Definition: ntvdm.h:50
#define TRACE(s)
Definition: solgame.cpp:4
PRPC_UNICODE_STRING UserRights
Definition: lsa.idl:393
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
uint32_t ULONG
Definition: typedefs.h:59
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
#define STATUS_OBJECT_NAME_NOT_FOUND
Definition: udferr_usr.h:149
_Must_inspect_result_ _In_ WDFDEVICE _In_ PWDF_DEVICE_PROPERTY_DATA _In_ DEVPROPTYPE _In_ ULONG Size
Definition: wdfdevice.h:4533
_Must_inspect_result_ _In_ WDFKEY _In_ PCUNICODE_STRING _Out_opt_ PUSHORT _Inout_opt_ PUNICODE_STRING Value
Definition: wdfregistry.h:413
#define RtlEqualLuid(Luid1, Luid2)
Definition: rtlfuncs.h:301
struct _LUID_AND_ATTRIBUTES LUID_AND_ATTRIBUTES
struct _PRIVILEGE_SET PRIVILEGE_SET

Referenced by LsaAddAccountRights().

◆ LsarAddPrivilegesToAccount()

NTSTATUS WINAPI LsarAddPrivilegesToAccount ( LSAPR_HANDLE  AccountHandle,
PLSAPR_PRIVILEGE_SET  Privileges 
)

Definition at line 1563 of file lsarpc.c.

1566{
1567 PLSA_DB_OBJECT AccountObject;
1568 PPRIVILEGE_SET CurrentPrivileges = NULL;
1569 PPRIVILEGE_SET NewPrivileges = NULL;
1570 ULONG PrivilegeSetSize = 0;
1571 ULONG PrivilegeCount;
1572 ULONG i, j;
1573 BOOL bFound;
1575
1576 TRACE("LsarAddPrivilegesToAccount(%p %p)\n",
1577 AccountHandle, Privileges);
1578
1579 /* Validate the AccountHandle */
1580 Status = LsapValidateDbObject(AccountHandle,
1583 &AccountObject);
1584 if (!NT_SUCCESS(Status))
1585 {
1586 ERR("LsapValidateDbObject returned 0x%08lx\n", Status);
1587 return Status;
1588 }
1589
1590 /* Get the size of the Privilgs attribute */
1591 Status = LsapGetObjectAttribute(AccountObject,
1592 L"Privilgs",
1593 NULL,
1594 &PrivilegeSetSize);
1595 if (!NT_SUCCESS(Status) || PrivilegeSetSize == 0)
1596 {
1597 /* The Privilgs attribute does not exist */
1598
1599 PrivilegeSetSize = sizeof(PRIVILEGE_SET) +
1600 (Privileges->PrivilegeCount - 1) * sizeof(LUID_AND_ATTRIBUTES);
1601 Status = LsapSetObjectAttribute(AccountObject,
1602 L"Privilgs",
1603 Privileges,
1604 PrivilegeSetSize);
1605 }
1606 else
1607 {
1608 /* The Privilgs attribute exists */
1609
1610 /* Allocate memory for the stored privilege set */
1611 CurrentPrivileges = MIDL_user_allocate(PrivilegeSetSize);
1612 if (CurrentPrivileges == NULL)
1613 return STATUS_NO_MEMORY;
1614
1615 /* Get the current privilege set */
1616 Status = LsapGetObjectAttribute(AccountObject,
1617 L"Privilgs",
1618 CurrentPrivileges,
1619 &PrivilegeSetSize);
1620 if (!NT_SUCCESS(Status))
1621 {
1622 TRACE("LsapGetObjectAttribute() failed (Status 0x%08lx)\n", Status);
1623 goto done;
1624 }
1625
1626 PrivilegeCount = CurrentPrivileges->PrivilegeCount;
1627 TRACE("Current privilege count: %lu\n", PrivilegeCount);
1628
1629 /* Calculate the number of privileges in the combined privilege set */
1630 for (i = 0; i < Privileges->PrivilegeCount; i++)
1631 {
1632 bFound = FALSE;
1633 for (j = 0; j < CurrentPrivileges->PrivilegeCount; j++)
1634 {
1635 if (RtlEqualLuid(&(Privileges->Privilege[i].Luid),
1636 &(CurrentPrivileges->Privilege[i].Luid)))
1637 {
1638 bFound = TRUE;
1639 break;
1640 }
1641 }
1642
1643 if (bFound == FALSE)
1644 {
1645 TRACE("Found new privilege\n");
1646 PrivilegeCount++;
1647 }
1648 }
1649 TRACE("New privilege count: %lu\n", PrivilegeCount);
1650
1651 /* Calculate the size of the new privilege set and allocate it */
1652 PrivilegeSetSize = sizeof(PRIVILEGE_SET) +
1653 (PrivilegeCount - 1) * sizeof(LUID_AND_ATTRIBUTES);
1654 NewPrivileges = MIDL_user_allocate(PrivilegeSetSize);
1655 if (NewPrivileges == NULL)
1656 {
1658 goto done;
1659 }
1660
1661 /* Initialize the new privilege set */
1662 NewPrivileges->PrivilegeCount = PrivilegeCount;
1663 NewPrivileges->Control = 0;
1664
1665 /* Copy all privileges from the current privilege set */
1667 &(CurrentPrivileges->Privilege[0]),
1668 &(NewPrivileges->Privilege[0]));
1669
1670 /* Add new privileges to the new privilege set */
1671 PrivilegeCount = CurrentPrivileges->PrivilegeCount;
1672 for (i = 0; i < Privileges->PrivilegeCount; i++)
1673 {
1674 bFound = FALSE;
1675 for (j = 0; j < CurrentPrivileges->PrivilegeCount; j++)
1676 {
1677 if (RtlEqualLuid(&(Privileges->Privilege[i].Luid),
1678 &(CurrentPrivileges->Privilege[i].Luid)))
1679 {
1680 /* Overwrite attributes if a matching privilege was found */
1681 NewPrivileges->Privilege[j].Attributes = Privileges->Privilege[i].Attributes;
1682
1683 bFound = TRUE;
1684 break;
1685 }
1686 }
1687
1688 if (bFound == FALSE)
1689 {
1690 /* Copy the new privilege */
1692 (PLUID_AND_ATTRIBUTES)&(Privileges->Privilege[i]),
1693 &(NewPrivileges->Privilege[PrivilegeCount]));
1694 PrivilegeCount++;
1695 }
1696 }
1697
1698 /* Set the new privilege set */
1699 Status = LsapSetObjectAttribute(AccountObject,
1700 L"Privilgs",
1701 NewPrivileges,
1702 PrivilegeSetSize);
1703 }
1704
1705done:
1706 if (CurrentPrivileges != NULL)
1707 MIDL_user_free(CurrentPrivileges);
1708
1709 if (NewPrivileges != NULL)
1710 MIDL_user_free(NewPrivileges);
1711
1712 return Status;
1713}
#define ERR(fmt,...)
Definition: debug.h:113
@ LsaDbAccountObject
Definition: lsasrv.h:51
unsigned int BOOL
Definition: ntddk_ex.h:94
void *__RPC_USER MIDL_user_allocate(SIZE_T size)
Definition: irotp.c:371
void __RPC_USER MIDL_user_free(void *p)
Definition: irotp.c:376
NTSYSAPI VOID NTAPI RtlCopyLuidAndAttributesArray(ULONG Count, PLUID_AND_ATTRIBUTES Src, PLUID_AND_ATTRIBUTES Dest)
Definition: luid.c:33
#define ACCOUNT_ADJUST_PRIVILEGES
Definition: ntlsa.h:29
LUID_AND_ATTRIBUTES Privilege[ANYSIZE_ARRAY]
Definition: setypes.h:88
$ULONG Control
Definition: setypes.h:87
$ULONG PrivilegeCount
Definition: setypes.h:86
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:17

Referenced by LsaAddPrivilegesToAccount().

◆ LsarAdtRegisterSecurityEventSource()

NTSTATUS WINAPI LsarAdtRegisterSecurityEventSource ( handle_t  hBinding)

Definition at line 4360 of file lsarpc.c.

4362{
4365}

◆ LsarAdtReportSecurityEvent()

NTSTATUS WINAPI LsarAdtReportSecurityEvent ( handle_t  hBinding)

Definition at line 4382 of file lsarpc.c.

4384{
4387}

◆ LsarAdtUnregisterSecurityEventSource()

NTSTATUS WINAPI LsarAdtUnregisterSecurityEventSource ( handle_t  hBinding)

Definition at line 4371 of file lsarpc.c.

4373{
4376}

◆ LsarChangePassword()

NTSTATUS WINAPI LsarChangePassword ( handle_t  IDL_handle,
PRPC_UNICODE_STRING  String1,
PRPC_UNICODE_STRING  String2,
PRPC_UNICODE_STRING  String3,
PRPC_UNICODE_STRING  String4,
PRPC_UNICODE_STRING  String5 
)

Definition at line 479 of file lsarpc.c.

486{
487 /* Deprecated */
489}

◆ LsarClearAuditLog()

NTSTATUS WINAPI LsarClearAuditLog ( LSAPR_HANDLE  ObjectHandle)

Definition at line 804 of file lsarpc.c.

806{
807 /* Deprecated */
809}

Referenced by LsaClearAuditLog().

◆ LsarClose()

NTSTATUS WINAPI LsarClose ( LSAPR_HANDLE ObjectHandle)

Definition at line 125 of file lsarpc.c.

127{
128 PLSA_DB_OBJECT DbObject;
130
131 TRACE("LsarClose(%p)\n", ObjectHandle);
132
133// RtlEnterCriticalSection(&PolicyHandleTableLock);
134
135 Status = LsapValidateDbObject(*ObjectHandle,
137 0,
138 &DbObject);
139 if (Status == STATUS_SUCCESS)
140 {
141 Status = LsapCloseDbObject(DbObject);
142 *ObjectHandle = NULL;
143 }
144
145// RtlLeaveCriticalSection(&PolicyHandleTableLock);
146
147 return Status;
148}
@ LsaDbIgnoreObject
Definition: lsasrv.h:49
#define STATUS_SUCCESS
Definition: shellext.h:65

Referenced by DsRolepGetBasicInfo(), GetAccountDomainSid(), LsaClose(), LsapSetPrivileges(), and LsarEnumerateAccountRights().

◆ LsarCreateAccount()

NTSTATUS WINAPI LsarCreateAccount ( LSAPR_HANDLE  PolicyHandle,
PRPC_SID  AccountSid,
ACCESS_MASK  DesiredAccess,
LSAPR_HANDLE AccountHandle 
)

Definition at line 883 of file lsarpc.c.

888{
889 PLSA_DB_OBJECT PolicyObject;
890 PLSA_DB_OBJECT AccountObject = NULL;
892
893 TRACE("LsarCreateAccount(%p %p %lx %p)\n",
894 PolicyHandle, AccountSid, DesiredAccess, AccountHandle);
895
896 /* Validate the AccountSid */
897 if (!RtlValidSid(AccountSid))
899
900 /* Validate the PolicyHandle */
901 Status = LsapValidateDbObject(PolicyHandle,
904 &PolicyObject);
905 if (!NT_SUCCESS(Status))
906 {
907 ERR("LsapValidateDbObject returned 0x%08lx\n", Status);
908 return Status;
909 }
910
911
912 Status = LsarpCreateAccount(PolicyObject,
913 AccountSid,
915 &AccountObject);
916 if (NT_SUCCESS(Status))
917 {
918 *AccountHandle = (LSAPR_HANDLE)AccountObject;
919 }
920
921 return Status;
922}
PVOID LSAPR_HANDLE
Definition: msv1_0.h:229
#define POLICY_CREATE_ACCOUNT
Definition: ntsecapi.h:65
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2658

Referenced by LsaCreateAccount().

◆ LsarCreateSecret()

NTSTATUS WINAPI LsarCreateSecret ( LSAPR_HANDLE  PolicyHandle,
PRPC_UNICODE_STRING  SecretName,
ACCESS_MASK  DesiredAccess,
LSAPR_HANDLE SecretHandle 
)

Definition at line 1319 of file lsarpc.c.

1324{
1325 PLSA_DB_OBJECT PolicyObject;
1326 PLSA_DB_OBJECT SecretObject = NULL;
1328 PSECURITY_DESCRIPTOR SecretSd = NULL;
1329 ULONG SecretSdSize;
1331
1332 TRACE("LsarCreateSecret(%p %wZ %lx %p)\n",
1333 PolicyHandle, SecretName, DesiredAccess, SecretHandle);
1334
1335 /* Validate the PolicyHandle */
1336 Status = LsapValidateDbObject(PolicyHandle,
1339 &PolicyObject);
1340 if (!NT_SUCCESS(Status))
1341 {
1342 ERR("LsapValidateDbObject returned 0x%08lx\n", Status);
1343 return Status;
1344 }
1345
1346 /* Get the current time */
1348 if (!NT_SUCCESS(Status))
1349 {
1350 ERR("NtQuerySystemTime failed (Status 0x%08lx)\n", Status);
1351 goto done;
1352 }
1353
1354 /* Create a security descriptor for the secret */
1355 Status = LsapCreateSecretSd(&SecretSd,
1356 &SecretSdSize);
1357 if (!NT_SUCCESS(Status))
1358 {
1359 ERR("LsapCreateAccountSd returned 0x%08lx\n", Status);
1360 return Status;
1361 }
1362
1363 /* Create the Secret object */
1364 Status = LsapCreateDbObject(PolicyObject,
1365 L"Secrets",
1366 SecretName->Buffer,
1369 PolicyObject->Trusted,
1370 &SecretObject);
1371 if (!NT_SUCCESS(Status))
1372 {
1373 ERR("LsapCreateDbObject failed (Status 0x%08lx)\n", Status);
1374 goto done;
1375 }
1376
1377 /* Set the CurrentTime attribute */
1378 Status = LsapSetObjectAttribute(SecretObject,
1379 L"CurrentTime",
1380 (PVOID)&Time,
1381 sizeof(LARGE_INTEGER));
1382 if (!NT_SUCCESS(Status))
1383 {
1384 ERR("LsapSetObjectAttribute (CurrentTime) failed (Status 0x%08lx)\n", Status);
1385 goto done;
1386 }
1387
1388 /* Set the OldTime attribute */
1389 Status = LsapSetObjectAttribute(SecretObject,
1390 L"OldTime",
1391 (PVOID)&Time,
1392 sizeof(LARGE_INTEGER));
1393 if (!NT_SUCCESS(Status))
1394 {
1395 ERR("LsapSetObjectAttribute (OldTime) failed (Status 0x%08lx)\n", Status);
1396 goto done;
1397 }
1398
1399 /* Set the SecDesc attribute */
1400 Status = LsapSetObjectAttribute(SecretObject,
1401 L"SecDesc",
1402 SecretSd,
1403 SecretSdSize);
1404
1405done:
1406 if (SecretSd != NULL)
1407 RtlFreeHeap(RtlGetProcessHeap(), 0, SecretSd);
1408
1409 if (!NT_SUCCESS(Status))
1410 {
1411 if (SecretObject != NULL)
1412 LsapCloseDbObject(SecretObject);
1413 }
1414 else
1415 {
1416 *SecretHandle = (LSAPR_HANDLE)SecretObject;
1417 }
1418
1419 return STATUS_SUCCESS;
1420}
NTSTATUS LsapCreateDbObject(IN PLSA_DB_OBJECT ParentObject, IN LPWSTR ContainerName, IN LPWSTR ObjectName, IN LSA_DB_OBJECT_TYPE ObjectType, IN ACCESS_MASK DesiredAccess, IN BOOLEAN Trusted, OUT PLSA_DB_OBJECT *DbObject)
Definition: database.c:592
@ LsaDbSecretObject
Definition: lsasrv.h:53
NTSTATUS LsapCreateSecretSd(PSECURITY_DESCRIPTOR *SecretSd, PULONG SecretSdSize)
Definition: security.c:436
static PLARGE_INTEGER Time
Definition: time.c:105
NTSTATUS NTAPI NtQuerySystemTime(OUT PLARGE_INTEGER SystemTime)
Definition: time.c:569
#define POLICY_CREATE_SECRET
Definition: ntsecapi.h:66
BOOLEAN Trusted
Definition: lsasrv.h:63
wchar_t * Buffer
Definition: msv1_0.h:24

Referenced by LsaCreateSecret().

◆ LsarCreateTrustedDomain()

NTSTATUS WINAPI LsarCreateTrustedDomain ( LSAPR_HANDLE  PolicyHandle,
PLSAPR_TRUST_INFORMATION  TrustedDomainInformation,
ACCESS_MASK  DesiredAccess,
LSAPR_HANDLE TrustedDomainHandle 
)

Definition at line 1158 of file lsarpc.c.

1163{
1164 /* Fail, if we are not a domain controller */
1167
1170}
@ NtProductLanManNt
Definition: shellpath.c:65
NT_PRODUCT_TYPE LsapProductType
Definition: lsasrv.c:13
#define STATUS_DIRECTORY_SERVICE_REQUIRED
Definition: ntstatus.h:804

Referenced by LsaCreateTrustedDomain().

◆ LsarCreateTrustedDomainEx()

NTSTATUS WINAPI LsarCreateTrustedDomainEx ( LSAPR_HANDLE  PolicyHandle,
PLSAPR_TRUSTED_DOMAIN_INFORMATION_EX  TrustedDomainInformation,
PLSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION  AuthentificationInformation,
ACCESS_MASK  DesiredAccess,
LSAPR_HANDLE TrustedDomainHandle 
)

Definition at line 3836 of file lsarpc.c.

3842{
3843 /* Fail, if we are not a domain controller */
3846
3849}

◆ LsarCreateTrustedDomainEx2()

NTSTATUS WINAPI LsarCreateTrustedDomainEx2 ( LSAPR_HANDLE  PolicyHandle,
PLSAPR_TRUSTED_DOMAIN_INFORMATION_EX  TrustedDomainInformation,
PLSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION_INTERNAL  AuthentificationInformation,
ACCESS_MASK  DesiredAccess,
LSAPR_HANDLE TrustedDomainHandle 
)

Definition at line 4025 of file lsarpc.c.

4031{
4032 /* Fail, if we are not a domain controller */
4035
4038}

Referenced by LsaCreateTrustedDomainEx().

◆ LsarDelete()

NTSTATUS WINAPI LsarDelete ( LSAPR_HANDLE  ObjectHandle)

Definition at line 154 of file lsarpc.c.

156{
157 TRACE("LsarDelete(%p)\n", ObjectHandle);
158
159 return LsarDeleteObject(&ObjectHandle);
160}
NTSTATUS WINAPI LsarDeleteObject(LSAPR_HANDLE *ObjectHandle)
Definition: lsarpc.c:2530

Referenced by LsaDelete().

◆ LsarDeleteObject()

NTSTATUS WINAPI LsarDeleteObject ( LSAPR_HANDLE ObjectHandle)

Definition at line 2530 of file lsarpc.c.

2532{
2533 PLSA_DB_OBJECT DbObject;
2535
2536 TRACE("LsarDeleteObject(%p)\n", ObjectHandle);
2537
2538 if (ObjectHandle == NULL)
2540
2541 /* Validate the ObjectHandle */
2542 Status = LsapValidateDbObject(*ObjectHandle,
2544 DELETE,
2545 &DbObject);
2546 if (!NT_SUCCESS(Status))
2547 {
2548 ERR("LsapValidateDbObject returned 0x%08lx\n", Status);
2549 return Status;
2550 }
2551
2552 /* You cannot delete the policy object */
2553 if (DbObject->ObjectType == LsaDbPolicyObject)
2555
2556 /* Delete the database object */
2557 Status = LsapDeleteDbObject(DbObject);
2558 if (!NT_SUCCESS(Status))
2559 {
2560 ERR("LsapDeleteDbObject returned 0x%08lx\n", Status);
2561 return Status;
2562 }
2563
2564 /* Invalidate the object handle */
2565 *ObjectHandle = NULL;
2566
2567 return STATUS_SUCCESS;
2568}
NTSTATUS LsapDeleteDbObject(IN PLSA_DB_OBJECT DbObject)
Definition: database.c:901
#define DELETE
Definition: nt_native.h:57
LSA_DB_OBJECT_TYPE ObjectType
Definition: lsasrv.h:59

Referenced by LsarDelete().

◆ LsarDeleteTrustedDomain()

NTSTATUS WINAPI LsarDeleteTrustedDomain ( LSAPR_HANDLE  PolicyHandle,
PRPC_SID  TrustedDomainSid 
)

Definition at line 3446 of file lsarpc.c.

3449{
3450 /* Fail, if we are not a domain controller */
3453
3456}

Referenced by LsaDeleteTrustedDomain().

◆ LsarEnumerateAccountRights()

NTSTATUS WINAPI LsarEnumerateAccountRights ( LSAPR_HANDLE  PolicyHandle,
PRPC_SID  AccountSid,
PLSAPR_USER_RIGHT_SET  UserRights 
)

Definition at line 2853 of file lsarpc.c.

2857{
2858 LSAPR_HANDLE AccountHandle;
2859 PLSAPR_PRIVILEGE_SET PrivilegeSet = NULL;
2860 PRPC_UNICODE_STRING RightsBuffer = NULL;
2861 PRPC_UNICODE_STRING PrivilegeString;
2862 ACCESS_MASK SystemAccess = 0;
2863 ULONG RightsCount = 0;
2864 ULONG Index;
2865 ULONG i;
2867
2868 TRACE("LsarEnumerateAccountRights(%p %p %p)\n",
2869 PolicyHandle, AccountSid, UserRights);
2870
2871 /* Open the account */
2872 Status = LsarOpenAccount(PolicyHandle,
2873 AccountSid,
2875 &AccountHandle);
2876 if (!NT_SUCCESS(Status))
2877 {
2878 WARN("LsarOpenAccount returned 0x%08lx\n", Status);
2879 return Status;
2880 }
2881
2882 /* Enumerate the privileges */
2883 Status = LsarEnumeratePrivilegesAccount(AccountHandle,
2884 &PrivilegeSet);
2886 {
2887 WARN("LsarEnumeratePrivilegesAccount returned 0x%08lx\n", Status);
2888 goto done;
2889 }
2890
2891 /* Get account rights */
2892 Status = LsarGetSystemAccessAccount(AccountHandle,
2893 &SystemAccess);
2895 {
2896 WARN("LsarGetSystemAccessAccount returned 0x%08lx\n", Status);
2897 goto done;
2898 }
2899
2900 RightsCount = PrivilegeSet->PrivilegeCount;
2901
2902 /* Count account rights */
2903 for (i = 0; i < sizeof(ACCESS_MASK) * 8; i++)
2904 {
2905 if (SystemAccess & (1 << i))
2906 RightsCount++;
2907 }
2908
2909 /* We are done if there are no rights to be enumerated */
2910 if (RightsCount == 0)
2911 {
2912 UserRights->Entries = 0;
2913 UserRights->UserRights = NULL;
2915 goto done;
2916 }
2917
2918 /* Allocate a buffer for the account rights */
2919 RightsBuffer = MIDL_user_allocate(RightsCount * sizeof(RPC_UNICODE_STRING));
2920 if (RightsBuffer == NULL)
2921 {
2923 goto done;
2924 }
2925
2926 /* Copy the privileges into the buffer */
2927 Index = 0;
2928 if (PrivilegeSet)
2929 {
2930 for (i = 0; i < PrivilegeSet->PrivilegeCount; i++)
2931 {
2932 PrivilegeString = NULL;
2933 Status = LsarLookupPrivilegeName(PolicyHandle,
2934 (PLUID)&PrivilegeSet->Privilege[i].Luid,
2935 &PrivilegeString);
2936 if (!NT_SUCCESS(Status))
2937 {
2938 WARN("LsarLookupPrivilegeName returned 0x%08lx\n", Status);
2939 goto done;
2940 }
2941
2942 RightsBuffer[Index].Length = PrivilegeString->Length;
2943 RightsBuffer[Index].MaximumLength = PrivilegeString->MaximumLength;
2944 RightsBuffer[Index].Buffer = PrivilegeString->Buffer;
2945
2946 MIDL_user_free(PrivilegeString);
2947 Index++;
2948 }
2949 }
2950
2951 /* Copy account rights into the buffer */
2952 for (i = 0; i < sizeof(ACCESS_MASK) * 8; i++)
2953 {
2954 if (SystemAccess & (1 << i))
2955 {
2957 &PrivilegeString);
2958 if (!NT_SUCCESS(Status))
2959 {
2960 WARN("LsarLookupAccountRightName returned 0x%08lx\n", Status);
2961 goto done;
2962 }
2963
2964 RightsBuffer[Index].Length = PrivilegeString->Length;
2965 RightsBuffer[Index].MaximumLength = PrivilegeString->MaximumLength;
2966 RightsBuffer[Index].Buffer = PrivilegeString->Buffer;
2967
2968 MIDL_user_free(PrivilegeString);
2969 Index++;
2970 }
2971 }
2972
2973 UserRights->Entries = RightsCount;
2974 UserRights->UserRights = (PRPC_UNICODE_STRING)RightsBuffer;
2975
2976done:
2977 if (!NT_SUCCESS(Status))
2978 {
2979 if (RightsBuffer != NULL)
2980 {
2981 for (Index = 0; Index < RightsCount; Index++)
2982 {
2983 if (RightsBuffer[Index].Buffer != NULL)
2984 MIDL_user_free(RightsBuffer[Index].Buffer);
2985 }
2986
2987 MIDL_user_free(RightsBuffer);
2988 }
2989 }
2990
2991 if (PrivilegeSet != NULL)
2992 MIDL_user_free(PrivilegeSet);
2993
2994 LsarClose(&AccountHandle);
2995
2996 return Status;
2997}
Definition: bufpool.h:45
NTSTATUS LsapLookupAccountRightName(ULONG RightValue, PRPC_UNICODE_STRING *Name)
Definition: privileges.c:343
NTSTATUS WINAPI LsarOpenAccount(LSAPR_HANDLE PolicyHandle, PRPC_SID AccountSid, ACCESS_MASK DesiredAccess, LSAPR_HANDLE *AccountHandle)
Definition: lsarpc.c:1465
NTSTATUS WINAPI LsarLookupPrivilegeName(LSAPR_HANDLE PolicyHandle, PLUID Value, PRPC_UNICODE_STRING *Name)
Definition: lsarpc.c:2464
NTSTATUS WINAPI LsarEnumeratePrivilegesAccount(LSAPR_HANDLE AccountHandle, PLSAPR_PRIVILEGE_SET *Privileges)
Definition: lsarpc.c:1504
NTSTATUS WINAPI LsarClose(LSAPR_HANDLE *ObjectHandle)
Definition: lsarpc.c:125
NTSTATUS WINAPI LsarGetSystemAccessAccount(LSAPR_HANDLE AccountHandle, ACCESS_MASK *SystemAccess)
Definition: lsarpc.c:1977
struct _RPC_UNICODE_STRING * PRPC_UNICODE_STRING
#define ACCOUNT_VIEW
Definition: ntlsa.h:28
DWORD PrivilegeCount
Definition: lsa.idl:526
LSAPR_LUID_AND_ATTRIBUTES Privilege[*]
Definition: lsa.idl:528
unsigned short Length
Definition: msv1_0.h:22
unsigned short MaximumLength
Definition: msv1_0.h:23
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
_In_ WDFCOLLECTION _In_ ULONG Index

Referenced by LsaEnumerateAccountRights().

◆ LsarEnumerateAccounts()

NTSTATUS WINAPI LsarEnumerateAccounts ( LSAPR_HANDLE  PolicyHandle,
DWORD EnumerationContext,
PLSAPR_ACCOUNT_ENUM_BUFFER  EnumerationBuffer,
DWORD  PreferedMaximumLength 
)

Definition at line 928 of file lsarpc.c.

933{
934 LSAPR_ACCOUNT_ENUM_BUFFER EnumBuffer = {0, NULL};
935 PLSA_DB_OBJECT PolicyObject = NULL;
936 PWSTR AccountKeyBuffer = NULL;
937 HANDLE AccountsKeyHandle = NULL;
938 HANDLE AccountKeyHandle;
939 HANDLE SidKeyHandle;
940 ULONG AccountKeyBufferSize;
941 ULONG EnumIndex;
942 ULONG EnumCount;
945 ULONG i;
947
948 TRACE("LsarEnumerateAccount(%p %p %p %lu)\n",
949 PolicyHandle, EnumerationContext, EnumerationBuffer, PreferedMaximumLength);
950
951 if (EnumerationContext == NULL ||
952 EnumerationBuffer == NULL)
954
955 EnumerationBuffer->EntriesRead = 0;
956 EnumerationBuffer->Information = NULL;
957
958 /* Validate the PolicyHandle */
959 Status = LsapValidateDbObject(PolicyHandle,
962 &PolicyObject);
963 if (!NT_SUCCESS(Status))
964 {
965 ERR("LsapValidateDbObject returned 0x%08lx\n", Status);
966 return Status;
967 }
968
969 Status = LsapRegOpenKey(PolicyObject->KeyHandle,
970 L"Accounts",
971 KEY_READ,
972 &AccountsKeyHandle);
973 if (!NT_SUCCESS(Status))
974 return Status;
975
976 Status = LsapRegQueryKeyInfo(AccountsKeyHandle,
977 NULL,
978 &AccountKeyBufferSize,
979 NULL);
980 if (!NT_SUCCESS(Status))
981 {
982 ERR("LsapRegQueryKeyInfo returned 0x%08lx\n", Status);
983 return Status;
984 }
985
986 AccountKeyBufferSize += sizeof(WCHAR);
987 AccountKeyBuffer = RtlAllocateHeap(RtlGetProcessHeap(), 0, AccountKeyBufferSize);
988 if (AccountKeyBuffer == NULL)
989 {
990 return STATUS_NO_MEMORY;
991 }
992
993 EnumIndex = *EnumerationContext;
994 EnumCount = 0;
995 RequiredLength = 0;
996
997 while (TRUE)
998 {
999 Status = LsapRegEnumerateSubKey(AccountsKeyHandle,
1000 EnumIndex,
1001 AccountKeyBufferSize,
1002 AccountKeyBuffer);
1003 if (!NT_SUCCESS(Status))
1004 break;
1005
1006 TRACE("EnumIndex: %lu\n", EnumIndex);
1007 TRACE("Account key name: %S\n", AccountKeyBuffer);
1008
1009 Status = LsapRegOpenKey(AccountsKeyHandle,
1010 AccountKeyBuffer,
1011 KEY_READ,
1012 &AccountKeyHandle);
1013 TRACE("LsapRegOpenKey returned %08lX\n", Status);
1014 if (NT_SUCCESS(Status))
1015 {
1016 Status = LsapRegOpenKey(AccountKeyHandle,
1017 L"Sid",
1018 KEY_READ,
1019 &SidKeyHandle);
1020 TRACE("LsapRegOpenKey returned %08lX\n", Status);
1021 if (NT_SUCCESS(Status))
1022 {
1023 DataLength = 0;
1024 Status = LsapRegQueryValue(SidKeyHandle,
1025 NULL,
1026 NULL,
1027 NULL,
1028 &DataLength);
1029 TRACE("LsapRegQueryValue returned %08lX\n", Status);
1030 if (NT_SUCCESS(Status))
1031 {
1032 TRACE("Data length: %lu\n", DataLength);
1033
1034 if ((RequiredLength + DataLength + sizeof(LSAPR_ACCOUNT_INFORMATION)) > PreferedMaximumLength)
1035 break;
1036
1038 EnumCount++;
1039 }
1040
1041 LsapRegCloseKey(SidKeyHandle);
1042 }
1043
1044 LsapRegCloseKey(AccountKeyHandle);
1045 }
1046
1047 EnumIndex++;
1048 }
1049
1050 TRACE("EnumCount: %lu\n", EnumCount);
1051 TRACE("RequiredLength: %lu\n", RequiredLength);
1052
1053 EnumBuffer.EntriesRead = EnumCount;
1054 EnumBuffer.Information = midl_user_allocate(EnumCount * sizeof(LSAPR_ACCOUNT_INFORMATION));
1055 if (EnumBuffer.Information == NULL)
1056 {
1058 goto done;
1059 }
1060
1061 EnumIndex = *EnumerationContext;
1062 for (i = 0; i < EnumCount; i++, EnumIndex++)
1063 {
1064 Status = LsapRegEnumerateSubKey(AccountsKeyHandle,
1065 EnumIndex,
1066 AccountKeyBufferSize,
1067 AccountKeyBuffer);
1068 if (!NT_SUCCESS(Status))
1069 break;
1070
1071 TRACE("EnumIndex: %lu\n", EnumIndex);
1072 TRACE("Account key name: %S\n", AccountKeyBuffer);
1073
1074 Status = LsapRegOpenKey(AccountsKeyHandle,
1075 AccountKeyBuffer,
1076 KEY_READ,
1077 &AccountKeyHandle);
1078 TRACE("LsapRegOpenKey returned %08lX\n", Status);
1079 if (NT_SUCCESS(Status))
1080 {
1081 Status = LsapRegOpenKey(AccountKeyHandle,
1082 L"Sid",
1083 KEY_READ,
1084 &SidKeyHandle);
1085 TRACE("LsapRegOpenKey returned %08lX\n", Status);
1086 if (NT_SUCCESS(Status))
1087 {
1088 DataLength = 0;
1089 Status = LsapRegQueryValue(SidKeyHandle,
1090 NULL,
1091 NULL,
1092 NULL,
1093 &DataLength);
1094 TRACE("LsapRegQueryValue returned %08lX\n", Status);
1095 if (NT_SUCCESS(Status))
1096 {
1098 if (EnumBuffer.Information[i].Sid == NULL)
1099 {
1100 LsapRegCloseKey(AccountKeyHandle);
1102 goto done;
1103 }
1104
1105 Status = LsapRegQueryValue(SidKeyHandle,
1106 NULL,
1107 NULL,
1108 EnumBuffer.Information[i].Sid,
1109 &DataLength);
1110 TRACE("SampRegQueryValue returned %08lX\n", Status);
1111 }
1112
1113 LsapRegCloseKey(SidKeyHandle);
1114 }
1115
1116 LsapRegCloseKey(AccountKeyHandle);
1117
1118 if (!NT_SUCCESS(Status))
1119 goto done;
1120 }
1121 }
1122
1123 if (NT_SUCCESS(Status))
1124 {
1125 *EnumerationContext += EnumCount;
1126 EnumerationBuffer->EntriesRead = EnumBuffer.EntriesRead;
1127 EnumerationBuffer->Information = EnumBuffer.Information;
1128 }
1129
1130done:
1131 if (!NT_SUCCESS(Status))
1132 {
1133 if (EnumBuffer.Information)
1134 {
1135 for (i = 0; i < EnumBuffer.EntriesRead; i++)
1136 {
1137 if (EnumBuffer.Information[i].Sid != NULL)
1138 midl_user_free(EnumBuffer.Information[i].Sid);
1139 }
1140
1141 midl_user_free(EnumBuffer.Information);
1142 }
1143 }
1144
1145 if (AccountKeyBuffer != NULL)
1146 RtlFreeHeap(RtlGetProcessHeap(), 0, AccountKeyBuffer);
1147
1148 if (AccountsKeyHandle != NULL)
1149 LsapRegCloseKey(AccountsKeyHandle);
1150
1151 return Status;
1152}
_In_ ULONG _In_opt_ WDFREQUEST _In_opt_ PVOID _In_ size_t _In_ PVOID _In_ size_t _Out_ size_t * DataLength
Definition: cdrom.h:1444
NTSTATUS LsapRegQueryKeyInfo(IN HANDLE KeyHandle, OUT PULONG SubKeyCount, OUT PULONG MaxSubKeyNameLength, OUT PULONG ValueCount)
Definition: registry.c:176
NTSTATUS LsapRegOpenKey(IN HANDLE ParentKeyHandle, IN LPCWSTR KeyName, IN ACCESS_MASK DesiredAccess, OUT HANDLE KeyHandle)
Definition: registry.c:153
NTSTATUS LsapRegCloseKey(IN HANDLE KeyHandle)
Definition: registry.c:23
NTSTATUS LsapRegQueryValue(IN HANDLE KeyHandle, IN LPWSTR ValueName, OUT PULONG Type OPTIONAL, OUT LPVOID Data OPTIONAL, IN OUT PULONG DataLength OPTIONAL)
Definition: registry.c:331
NTSTATUS LsapRegEnumerateSubKey(IN HANDLE KeyHandle, IN ULONG Index, IN ULONG Length, OUT LPWSTR Buffer)
Definition: registry.c:96
struct _LSAPR_ACCOUNT_INFORMATION LSAPR_ACCOUNT_INFORMATION
#define KEY_READ
Definition: nt_native.h:1023
#define POLICY_VIEW_LOCAL_INFORMATION
Definition: ntsecapi.h:61
#define midl_user_free
Definition: rpc.h:45
#define midl_user_allocate
Definition: rpc.h:44
PLSAPR_ACCOUNT_INFORMATION Information
Definition: lsa.idl:97
HANDLE KeyHandle
Definition: lsasrv.h:62
uint16_t * PWSTR
Definition: typedefs.h:56
_In_ ULONG _Out_opt_ PULONG RequiredLength
Definition: wmifuncs.h:30
__wchar_t WCHAR
Definition: xmlstorage.h:180

Referenced by LsaEnumerateAccounts().

◆ LsarEnumerateAccountsWithUserRight()

NTSTATUS WINAPI LsarEnumerateAccountsWithUserRight ( LSAPR_HANDLE  PolicyHandle,
PRPC_UNICODE_STRING  UserRight,
PLSAPR_ACCOUNT_ENUM_BUFFER  EnumerationBuffer 
)

Definition at line 2574 of file lsarpc.c.

2578{
2579 PLSA_DB_OBJECT PolicyObject;
2580 ACCESS_MASK AccountRight = 0;
2581 PLUID Luid = NULL;
2582 ULONG AccountKeyBufferSize;
2583 PWSTR AccountKeyBuffer = NULL;
2584 HKEY AccountsKeyHandle = NULL;
2585 HKEY AccountKeyHandle = NULL;
2586 HKEY AttributeKeyHandle;
2587 ACCESS_MASK SystemAccess;
2588 PPRIVILEGE_SET PrivilegeSet;
2589 PLSAPR_ACCOUNT_INFORMATION EnumBuffer = NULL, ReturnBuffer;
2590 ULONG SubKeyCount = 0;
2591 ULONG EnumIndex, EnumCount;
2592 ULONG Size, i;
2593 BOOL Found;
2595
2596 TRACE("LsarEnumerateAccountsWithUserRights(%p %wZ %p)\n",
2597 PolicyHandle, UserRight, EnumerationBuffer);
2598
2599 /* Validate the privilege and account right names */
2600 if (UserRight != NULL)
2601 {
2602 Luid = LsarpLookupPrivilegeValue(UserRight);
2603 if (Luid == NULL)
2604 {
2605 AccountRight = LsapLookupAccountRightValue(UserRight);
2606 if (AccountRight == 0)
2608 }
2609 }
2610
2611 if (EnumerationBuffer == NULL)
2613
2614 EnumerationBuffer->EntriesRead = 0;
2615 EnumerationBuffer->Information = NULL;
2616
2617 /* Validate the PolicyHandle */
2618 Status = LsapValidateDbObject(PolicyHandle,
2621 &PolicyObject);
2622 if (!NT_SUCCESS(Status))
2623 {
2624 ERR("LsapValidateDbObject returned 0x%08lx\n", Status);
2625 return Status;
2626 }
2627
2628 Status = LsapRegOpenKey(PolicyObject->KeyHandle,
2629 L"Accounts",
2630 KEY_READ,
2631 &AccountsKeyHandle);
2632 if (!NT_SUCCESS(Status))
2633 {
2634 ERR("LsapRegOpenKey returned 0x%08lx\n", Status);
2635 return Status;
2636 }
2637
2638 Status = LsapRegQueryKeyInfo(AccountsKeyHandle,
2639 &SubKeyCount,
2640 &AccountKeyBufferSize,
2641 NULL);
2642 if (!NT_SUCCESS(Status))
2643 {
2644 ERR("LsapRegOpenKey returned 0x%08lx\n", Status);
2645 return Status;
2646 }
2647
2648 AccountKeyBufferSize += sizeof(WCHAR);
2649 AccountKeyBuffer = RtlAllocateHeap(RtlGetProcessHeap(), 0, AccountKeyBufferSize);
2650 if (AccountKeyBuffer == NULL)
2651 {
2653 }
2654
2655 EnumBuffer = RtlAllocateHeap(RtlGetProcessHeap(),
2657 SubKeyCount * sizeof(LSAPR_ACCOUNT_INFORMATION));
2658 if (EnumBuffer == NULL)
2659 {
2661 goto done;
2662 }
2663
2664 EnumCount = 0;
2665 EnumIndex = 0;
2666 while (TRUE)
2667 {
2668 Found = FALSE;
2669
2670 Status = LsapRegEnumerateSubKey(AccountsKeyHandle,
2671 EnumIndex,
2672 AccountKeyBufferSize,
2673 AccountKeyBuffer);
2674 if (!NT_SUCCESS(Status))
2675 {
2678 break;
2679 }
2680
2681 TRACE("EnumIndex: %lu\n", EnumIndex);
2682 TRACE("Account key name: %S\n", AccountKeyBuffer);
2683
2684 Status = LsapRegOpenKey(AccountsKeyHandle,
2685 AccountKeyBuffer,
2686 KEY_READ,
2687 &AccountKeyHandle);
2688 if (NT_SUCCESS(Status))
2689 {
2690 if (Luid != NULL || AccountRight != 0)
2691 {
2692 Status = LsapRegOpenKey(AccountKeyHandle,
2693 (Luid != NULL) ? L"Privilgs" : L"ActSysAc",
2694 KEY_READ,
2695 &AttributeKeyHandle);
2696 if (NT_SUCCESS(Status))
2697 {
2698 if (Luid != NULL)
2699 {
2700 Size = 0;
2701 LsapRegQueryValue(AttributeKeyHandle,
2702 NULL,
2703 NULL,
2704 NULL,
2705 &Size);
2706 if (Size != 0)
2707 {
2708 PrivilegeSet = RtlAllocateHeap(RtlGetProcessHeap(), 0, Size);
2709 if (PrivilegeSet)
2710 {
2711 if (LsapRegQueryValue(AttributeKeyHandle,
2712 NULL,
2713 NULL,
2714 PrivilegeSet,
2715 &Size) == STATUS_SUCCESS)
2716 {
2717 for (i = 0; i < PrivilegeSet->PrivilegeCount; i++)
2718 {
2719 if (RtlEqualLuid(&(PrivilegeSet->Privilege[i].Luid), Luid))
2720 {
2721 TRACE("%S got the privilege!\n", AccountKeyBuffer);
2722 Found = TRUE;
2723 break;
2724 }
2725 }
2726 }
2727
2728 RtlFreeHeap(RtlGetProcessHeap(), 0, PrivilegeSet);
2729 }
2730 }
2731 }
2732 else if (AccountRight != 0)
2733 {
2734 SystemAccess = 0;
2735 Size = sizeof(ACCESS_MASK);
2736 LsapRegQueryValue(AttributeKeyHandle,
2737 NULL,
2738 NULL,
2739 &SystemAccess,
2740 &Size);
2741 if (SystemAccess & AccountRight)
2742 {
2743 TRACE("%S got the account right!\n", AccountKeyBuffer);
2744 Found = TRUE;
2745 }
2746 }
2747
2748 LsapRegCloseKey(AttributeKeyHandle);
2749 }
2750 }
2751 else
2752 {
2753 /* enumerate all accounts */
2754 Found = TRUE;
2755 }
2756
2757 if (Found == TRUE)
2758 {
2759 TRACE("Add account: %S\n", AccountKeyBuffer);
2760
2761 Status = LsapRegOpenKey(AccountKeyHandle,
2762 L"Sid",
2763 KEY_READ,
2764 &AttributeKeyHandle);
2765 if (NT_SUCCESS(Status))
2766 {
2767 Size = 0;
2768 LsapRegQueryValue(AttributeKeyHandle,
2769 NULL,
2770 NULL,
2771 NULL,
2772 &Size);
2773 if (Size != 0)
2774 {
2775 EnumBuffer[EnumCount].Sid = midl_user_allocate(Size);
2776 if (EnumBuffer[EnumCount].Sid != NULL)
2777 {
2778 Status = LsapRegQueryValue(AttributeKeyHandle,
2779 NULL,
2780 NULL,
2781 EnumBuffer[EnumCount].Sid,
2782 &Size);
2783 if (NT_SUCCESS(Status))
2784 {
2785 EnumCount++;
2786 }
2787 else
2788 {
2789 TRACE("SampRegQueryValue returned %08lX\n", Status);
2790 midl_user_free(EnumBuffer[EnumCount].Sid);
2791 EnumBuffer[EnumCount].Sid = NULL;
2792 }
2793 }
2794 }
2795
2796 LsapRegCloseKey(AttributeKeyHandle);
2797 }
2798 }
2799
2800 LsapRegCloseKey(AccountKeyHandle);
2801 }
2802
2803 EnumIndex++;
2804 }
2805
2806 TRACE("EnumCount: %lu\n", EnumCount);
2807
2808 if (NT_SUCCESS(Status) && EnumCount != 0)
2809 {
2810 ReturnBuffer = midl_user_allocate(EnumCount * sizeof(LSAPR_ACCOUNT_INFORMATION));
2811 if (ReturnBuffer == NULL)
2812 {
2814 goto done;
2815 }
2816
2817 RtlCopyMemory(ReturnBuffer,
2818 EnumBuffer,
2819 EnumCount * sizeof(LSAPR_ACCOUNT_INFORMATION));
2820
2821 EnumerationBuffer->EntriesRead = EnumCount;
2822 EnumerationBuffer->Information = ReturnBuffer;
2823 }
2824
2825done:
2826 if (EnumBuffer != NULL)
2827 {
2828 if (Status != STATUS_SUCCESS)
2829 {
2830 for (i = 0; i < EnumCount; i++)
2831 {
2832 if (EnumBuffer[i].Sid != NULL)
2833 midl_user_free(EnumBuffer[i].Sid);
2834 }
2835 }
2836
2837 RtlFreeHeap(RtlGetProcessHeap(), 0, EnumBuffer);
2838 }
2839
2840 if (AccountKeyBuffer != NULL)
2841 RtlFreeHeap(RtlGetProcessHeap(), 0, AccountKeyBuffer);
2842
2843 if (Status == STATUS_SUCCESS && EnumCount == 0)
2845
2846 return Status;
2847}
return Found
Definition: dirsup.c:1270
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1133
#define STATUS_NO_MORE_ENTRIES
Definition: ntstatus.h:205

Referenced by LsaEnumerateAccountsWithUserRight().

◆ LsarEnumeratePrivileges()

NTSTATUS WINAPI LsarEnumeratePrivileges ( LSAPR_HANDLE  PolicyHandle,
DWORD EnumerationContext,
PLSAPR_PRIVILEGE_ENUM_BUFFER  EnumerationBuffer,
DWORD  PreferedMaximumLength 
)

Definition at line 166 of file lsarpc.c.

171{
172 PLSA_DB_OBJECT PolicyObject;
174
175 TRACE("LsarEnumeratePrivileges(%p %p %p %lu)\n",
176 PolicyHandle, EnumerationContext, EnumerationBuffer,
177 PreferedMaximumLength);
178
179 Status = LsapValidateDbObject(PolicyHandle,
182 &PolicyObject);
183 if (!NT_SUCCESS(Status))
184 return Status;
185
186 if (EnumerationContext == NULL)
188
189 return LsarpEnumeratePrivileges(EnumerationContext,
190 EnumerationBuffer,
191 PreferedMaximumLength);
192}
NTSTATUS LsarpEnumeratePrivileges(DWORD *EnumerationContext, PLSAPR_PRIVILEGE_ENUM_BUFFER EnumerationBuffer, DWORD PreferedMaximumLength)
Definition: privileges.c:246

Referenced by LsaEnumeratePrivileges().

◆ LsarEnumeratePrivilegesAccount()

NTSTATUS WINAPI LsarEnumeratePrivilegesAccount ( LSAPR_HANDLE  AccountHandle,
PLSAPR_PRIVILEGE_SET Privileges 
)

Definition at line 1504 of file lsarpc.c.

1507{
1508 PLSA_DB_OBJECT AccountObject;
1509 ULONG PrivilegeSetSize = 0;
1510 PLSAPR_PRIVILEGE_SET PrivilegeSet = NULL;
1512
1513 TRACE("LsarEnumeratePrivilegesAccount(%p %p)\n",
1514 AccountHandle, Privileges);
1515
1516 *Privileges = NULL;
1517
1518 /* Validate the AccountHandle */
1519 Status = LsapValidateDbObject(AccountHandle,
1522 &AccountObject);
1523 if (!NT_SUCCESS(Status))
1524 {
1525 ERR("LsapValidateDbObject returned 0x%08lx\n", Status);
1526 return Status;
1527 }
1528
1529 /* Get the size of the privilege set */
1530 Status = LsapGetObjectAttribute(AccountObject,
1531 L"Privilgs",
1532 NULL,
1533 &PrivilegeSetSize);
1534 if (!NT_SUCCESS(Status))
1535 return Status;
1536
1537 /* Allocate a buffer for the privilege set */
1538 PrivilegeSet = MIDL_user_allocate(PrivilegeSetSize);
1539 if (PrivilegeSet == NULL)
1540 return STATUS_NO_MEMORY;
1541
1542 /* Get the privilege set */
1543 Status = LsapGetObjectAttribute(AccountObject,
1544 L"Privilgs",
1545 PrivilegeSet,
1546 &PrivilegeSetSize);
1547 if (!NT_SUCCESS(Status))
1548 {
1549 MIDL_user_free(PrivilegeSet);
1550 return Status;
1551 }
1552
1553 /* Return a pointer to the privilege set */
1554 *Privileges = PrivilegeSet;
1555
1556 return STATUS_SUCCESS;
1557}

Referenced by LsaEnumeratePrivilegesOfAccount(), LsapSetPrivileges(), and LsarEnumerateAccountRights().

◆ LsarEnumerateTrustedDomains()

NTSTATUS WINAPI LsarEnumerateTrustedDomains ( LSAPR_HANDLE  PolicyHandle,
DWORD EnumerationContext,
PLSAPR_TRUSTED_ENUM_BUFFER  EnumerationBuffer,
DWORD  PreferedMaximumLength 
)

Definition at line 1176 of file lsarpc.c.

1181{
1182 /* FIXME: We are not running an AD yet */
1183 EnumerationBuffer->EntriesRead = 0;
1184 EnumerationBuffer->Information = NULL;
1186}
PLSAPR_TRUST_INFORMATION Information
Definition: lsa.idl:344

Referenced by LsaEnumerateTrustedDomains().

◆ LsarEnumerateTrustedDomainsEx()

NTSTATUS WINAPI LsarEnumerateTrustedDomainsEx ( LSAPR_HANDLE  PolicyHandle,
DWORD EnumerationContext,
PLSAPR_TRUSTED_ENUM_BUFFER_EX  EnumerationBuffer,
DWORD  PreferedMaximumLength 
)

Definition at line 3816 of file lsarpc.c.

3821{
3822 /* Fail, if we are not a domain controller */
3825
3826 /* FIXME: We are not running an AD yet */
3827 EnumerationBuffer->EntriesRead = 0;
3828 EnumerationBuffer->EnumerationBuffer = NULL;
3830}
PLSAPR_TRUSTED_DOMAIN_INFORMATION_EX EnumerationBuffer
Definition: lsa.idl:442

Referenced by LsaEnumerateTrustedDomainsEx().

◆ LsarGenAuditEvent()

NTSTATUS WINAPI LsarGenAuditEvent ( handle_t  hBinding)

Definition at line 4202 of file lsarpc.c.

4204{
4207}

◆ LsarGetQuotasForAccount()

NTSTATUS WINAPI LsarGetQuotasForAccount ( LSAPR_HANDLE  AccountHandle,
PQUOTA_LIMITS  QuotaLimits 
)

Definition at line 1878 of file lsarpc.c.

1881{
1882 PLSA_DB_OBJECT AccountObject;
1883 ULONG Size;
1885
1886 TRACE("LsarGetQuotasForAccount(%p %p)\n",
1887 AccountHandle, QuotaLimits);
1888
1889 /* Validate the account handle */
1890 Status = LsapValidateDbObject(AccountHandle,
1893 &AccountObject);
1894 if (!NT_SUCCESS(Status))
1895 {
1896 ERR("Invalid handle (Status %lx)\n", Status);
1897 return Status;
1898 }
1899
1900 /* Get the quota attribute */
1901 Status = LsapGetObjectAttribute(AccountObject,
1902 L"DefQuota",
1903 QuotaLimits,
1904 &Size);
1905
1906 return Status;
1907}

Referenced by LsaGetQuotasForAccount().

◆ LsarGetSystemAccessAccount()

NTSTATUS WINAPI LsarGetSystemAccessAccount ( LSAPR_HANDLE  AccountHandle,
ACCESS_MASK SystemAccess 
)

Definition at line 1977 of file lsarpc.c.

1980{
1981 PLSA_DB_OBJECT AccountObject;
1982 ULONG Size = sizeof(ACCESS_MASK);
1984
1985 TRACE("LsarGetSystemAccessAccount(%p %p)\n",
1986 AccountHandle, SystemAccess);
1987
1988 /* Validate the account handle */
1989 Status = LsapValidateDbObject(AccountHandle,
1992 &AccountObject);
1993 if (!NT_SUCCESS(Status))
1994 {
1995 ERR("Invalid handle (Status %lx)\n", Status);
1996 return Status;
1997 }
1998
1999 /* Get the system access flags */
2000 Status = LsapGetObjectAttribute(AccountObject,
2001 L"ActSysAc",
2002 SystemAccess,
2003 &Size);
2004
2005 return Status;
2006}

Referenced by LsaGetSystemAccessAccount(), and LsarEnumerateAccountRights().

◆ LsarGetUserName()

NTSTATUS WINAPI LsarGetUserName ( LPWSTR  SystemName,
PRPC_UNICODE_STRING UserName,
PRPC_UNICODE_STRING DomainName 
)

Definition at line 3739 of file lsarpc.c.

3743{
3746}

Referenced by LsaGetRemoteUserName(), and LsaGetUserName().

◆ LsarLookupNames()

NTSTATUS WINAPI LsarLookupNames ( LSAPR_HANDLE  PolicyHandle,
DWORD  Count,
PRPC_UNICODE_STRING  Names,
PLSAPR_REFERENCED_DOMAIN_LIST ReferencedDomains,
PLSAPR_TRANSLATED_SIDS  TranslatedSids,
LSAP_LOOKUP_LEVEL  LookupLevel,
DWORD MappedCount 
)

Definition at line 1192 of file lsarpc.c.

1200{
1201 LSAPR_TRANSLATED_SIDS_EX2 TranslatedSidsEx2;
1202 ULONG i;
1204
1205 TRACE("LsarLookupNames(%p %lu %p %p %p %d %p)\n",
1206 PolicyHandle, Count, Names, ReferencedDomains, TranslatedSids,
1207 LookupLevel, MappedCount);
1208
1209 TranslatedSids->Entries = 0;
1210 TranslatedSids->Sids = NULL;
1211 *ReferencedDomains = NULL;
1212
1213 if (Count == 0)
1214 return STATUS_NONE_MAPPED;
1215
1216 TranslatedSidsEx2.Entries = 0;
1217 TranslatedSidsEx2.Sids = NULL;
1218
1220 Names,
1221 ReferencedDomains,
1222 &TranslatedSidsEx2,
1223 LookupLevel,
1224 MappedCount,
1225 0,
1226 0);
1227 if (!NT_SUCCESS(Status))
1228 return Status;
1229
1230 TranslatedSids->Entries = TranslatedSidsEx2.Entries;
1231 TranslatedSids->Sids = MIDL_user_allocate(TranslatedSids->Entries * sizeof(LSA_TRANSLATED_SID));
1232 if (TranslatedSids->Sids == NULL)
1233 {
1234 MIDL_user_free(TranslatedSidsEx2.Sids);
1235 MIDL_user_free(*ReferencedDomains);
1236 *ReferencedDomains = NULL;
1238 }
1239
1240 for (i = 0; i < TranslatedSidsEx2.Entries; i++)
1241 {
1242 TranslatedSids->Sids[i].Use = TranslatedSidsEx2.Sids[i].Use;
1243 TranslatedSids->Sids[i].RelativeId = LsapGetRelativeIdFromSid(TranslatedSidsEx2.Sids[i].Sid);
1244 TranslatedSids->Sids[i].DomainIndex = TranslatedSidsEx2.Sids[i].DomainIndex;
1245 }
1246
1247 MIDL_user_free(TranslatedSidsEx2.Sids);
1248
1249 return STATUS_SUCCESS;
1250}
PWSTR Names[]
ULONG LsapGetRelativeIdFromSid(PSID Sid_)
Definition: lookup.c:1038
NTSTATUS LsapLookupNames(DWORD Count, PRPC_UNICODE_STRING Names, PLSAPR_REFERENCED_DOMAIN_LIST *ReferencedDomains, PLSAPR_TRANSLATED_SIDS_EX2 TranslatedSids, LSAP_LOOKUP_LEVEL LookupLevel, DWORD *MappedCount, DWORD LookupOptions, DWORD ClientRevision)
Definition: lookup.c:1813
int Count
Definition: noreturn.cpp:7
#define STATUS_NONE_MAPPED
Definition: ntstatus.h:351
PLSAPR_TRANSLATED_SID_EX2 Sids
Definition: lsa.idl:210
PLSA_TRANSLATED_SID Sids
Definition: lsa.idl:144
SID_NAME_USE Use
Definition: lsa.idl:202
SID_NAME_USE Use
Definition: ntsecapi.h:411

Referenced by LsaLookupNames().

◆ LsarLookupNames2()

NTSTATUS WINAPI LsarLookupNames2 ( LSAPR_HANDLE  PolicyHandle,
DWORD  Count,
PRPC_UNICODE_STRING  Names,
PLSAPR_REFERENCED_DOMAIN_LIST ReferencedDomains,
PLSAPR_TRANSLATED_SIDS_EX  TranslatedSids,
LSAP_LOOKUP_LEVEL  LookupLevel,
DWORD MappedCount,
DWORD  LookupOptions,
DWORD  ClientRevision 
)

Definition at line 3958 of file lsarpc.c.

3968{
3969 LSAPR_TRANSLATED_SIDS_EX2 TranslatedSidsEx2;
3970 ULONG i;
3972
3973 TRACE("LsarLookupNames2(%p %lu %p %p %p %d %p %lu %lu)\n",
3974 PolicyHandle, Count, Names, ReferencedDomains, TranslatedSids,
3975 LookupLevel, MappedCount, LookupOptions, ClientRevision);
3976
3977 TranslatedSids->Entries = 0;
3978 TranslatedSids->Sids = NULL;
3979 *ReferencedDomains = NULL;
3980
3981 if (Count == 0)
3982 return STATUS_NONE_MAPPED;
3983
3984 TranslatedSidsEx2.Entries = 0;
3985 TranslatedSidsEx2.Sids = NULL;
3986
3988 Names,
3989 ReferencedDomains,
3990 &TranslatedSidsEx2,
3991 LookupLevel,
3992 MappedCount,
3993 LookupOptions,
3994 ClientRevision);
3995 if (!NT_SUCCESS(Status))
3996 return Status;
3997
3998 TranslatedSids->Entries = TranslatedSidsEx2.Entries;
3999 TranslatedSids->Sids = MIDL_user_allocate(TranslatedSids->Entries * sizeof(LSA_TRANSLATED_SID));
4000 if (TranslatedSids->Sids == NULL)
4001 {
4002 MIDL_user_free(TranslatedSidsEx2.Sids);
4003 MIDL_user_free(*ReferencedDomains);
4004 *ReferencedDomains = NULL;
4006 }
4007
4008 for (i = 0; i < TranslatedSidsEx2.Entries; i++)
4009 {
4010 TranslatedSids->Sids[i].Use = TranslatedSidsEx2.Sids[i].Use;
4011 TranslatedSids->Sids[i].RelativeId = LsapGetRelativeIdFromSid(TranslatedSidsEx2.Sids[i].Sid);
4012 TranslatedSids->Sids[i].DomainIndex = TranslatedSidsEx2.Sids[i].DomainIndex;
4013 TranslatedSids->Sids[i].Flags = TranslatedSidsEx2.Sids[i].Flags;
4014 }
4015
4016 MIDL_user_free(TranslatedSidsEx2.Sids);
4017
4018 return STATUS_SUCCESS;
4019}
PLSAPR_TRANSLATED_SID_EX Sids
Definition: lsa.idl:198
SID_NAME_USE Use
Definition: lsa.idl:190

◆ LsarLookupNames3()

NTSTATUS WINAPI LsarLookupNames3 ( LSAPR_HANDLE  PolicyHandle,
DWORD  Count,
PRPC_UNICODE_STRING  Names,
PLSAPR_REFERENCED_DOMAIN_LIST ReferencedDomains,
PLSAPR_TRANSLATED_SIDS_EX2  TranslatedSids,
LSAP_LOOKUP_LEVEL  LookupLevel,
DWORD MappedCount,
DWORD  LookupOptions,
DWORD  ClientRevision 
)

Definition at line 4138 of file lsarpc.c.

4148{
4150
4151 TRACE("LsarLookupNames3(%p %lu %p %p %p %d %p %lu %lu)\n",
4152 PolicyHandle, Count, Names, ReferencedDomains, TranslatedSids,
4153 LookupLevel, MappedCount, LookupOptions, ClientRevision);
4154
4155 TranslatedSids->Entries = 0;
4156 TranslatedSids->Sids = NULL;
4157 *ReferencedDomains = NULL;
4158
4159 if (Count == 0)
4160 return STATUS_NONE_MAPPED;
4161
4163 Names,
4164 ReferencedDomains,
4165 TranslatedSids,
4166 LookupLevel,
4167 MappedCount,
4168 LookupOptions,
4169 ClientRevision);
4170
4171 return Status;
4172}

Referenced by LsaLookupNames2().

◆ LsarLookupNames4()

NTSTATUS WINAPI LsarLookupNames4 ( handle_t  RpcHandle,
DWORD  Count,
PRPC_UNICODE_STRING  Names,
PLSAPR_REFERENCED_DOMAIN_LIST ReferencedDomains,
PLSAPR_TRANSLATED_SIDS_EX2  TranslatedSids,
LSAP_LOOKUP_LEVEL  LookupLevel,
DWORD MappedCount,
DWORD  LookupOptions,
DWORD  ClientRevision 
)

Definition at line 4306 of file lsarpc.c.

4316{
4318
4319 TRACE("LsarLookupNames4(%p %lu %p %p %p %d %p %lu %lu)\n",
4320 RpcHandle, Count, Names, ReferencedDomains, TranslatedSids,
4321 LookupLevel, MappedCount, LookupOptions, ClientRevision);
4322
4323 TranslatedSids->Entries = 0;
4324 TranslatedSids->Sids = NULL;
4325 *ReferencedDomains = NULL;
4326
4327 if (Count == 0)
4328 return STATUS_NONE_MAPPED;
4329
4331 Names,
4332 ReferencedDomains,
4333 TranslatedSids,
4334 LookupLevel,
4335 MappedCount,
4336 LookupOptions,
4337 ClientRevision);
4338
4339 return Status;
4340}

◆ LsarLookupPrivilegeDisplayName()

NTSTATUS WINAPI LsarLookupPrivilegeDisplayName ( LSAPR_HANDLE  PolicyHandle,
PRPC_UNICODE_STRING  Name,
USHORT  ClientLanguage,
USHORT  ClientSystemDefaultLanguage,
PRPC_UNICODE_STRING DisplayName,
USHORT LanguageReturned 
)

Definition at line 2494 of file lsarpc.c.

2501{
2503
2504 TRACE("LsarLookupPrivilegeDisplayName(%p, %p, %u, %u, %p, %p)\n",
2505 PolicyHandle, Name, ClientLanguage, ClientSystemDefaultLanguage, DisplayName, LanguageReturned);
2506
2507 Status = LsapValidateDbObject(PolicyHandle,
2510 NULL);
2511 if (!NT_SUCCESS(Status))
2512 {
2513 ERR("Invalid handle\n");
2514 return Status;
2515 }
2516
2518 ClientLanguage,
2519 ClientSystemDefaultLanguage,
2520 DisplayName,
2521 LanguageReturned);
2522
2523 return Status;
2524}
NTSTATUS LsarpLookupPrivilegeDisplayName(PRPC_UNICODE_STRING Name, USHORT ClientLanguage, USHORT ClientSystemDefaultLanguage, PRPC_UNICODE_STRING *DisplayName, USHORT *LanguageReturned)
Definition: privileges.c:125

Referenced by LsaLookupPrivilegeDisplayName().

◆ LsarLookupPrivilegeName()

NTSTATUS WINAPI LsarLookupPrivilegeName ( LSAPR_HANDLE  PolicyHandle,
PLUID  Value,
PRPC_UNICODE_STRING Name 
)

Definition at line 2464 of file lsarpc.c.

2468{
2470
2471 TRACE("LsarLookupPrivilegeName(%p, %p, %p)\n",
2472 PolicyHandle, Value, Name);
2473
2474 Status = LsapValidateDbObject(PolicyHandle,
2477 NULL);
2478 if (!NT_SUCCESS(Status))
2479 {
2480 ERR("Invalid handle\n");
2481 return Status;
2482 }
2483
2485 Name);
2486
2487 return Status;
2488}
NTSTATUS LsarpLookupPrivilegeName(PLUID Value, PRPC_UNICODE_STRING *Name)
Definition: privileges.c:80

Referenced by LsaLookupPrivilegeName(), and LsarEnumerateAccountRights().

◆ LsarLookupPrivilegeValue()

NTSTATUS WINAPI LsarLookupPrivilegeValue ( LSAPR_HANDLE  PolicyHandle,
PRPC_UNICODE_STRING  Name,
PLUID  Value 
)

Definition at line 2428 of file lsarpc.c.

2432{
2433 PLUID pValue;
2435
2436 TRACE("LsarLookupPrivilegeValue(%p, %wZ, %p)\n",
2437 PolicyHandle, Name, Value);
2438
2439 Status = LsapValidateDbObject(PolicyHandle,
2442 NULL);
2443 if (!NT_SUCCESS(Status))
2444 {
2445 ERR("Invalid handle (Status %lx)\n", Status);
2446 return Status;
2447 }
2448
2449 TRACE("Privilege: %wZ\n", Name);
2450
2452 if (pValue == NULL)
2454
2456
2457 return STATUS_SUCCESS;
2458}
PWCHAR pValue
NTSYSAPI void WINAPI RtlCopyLuid(PLUID, const LUID *)

Referenced by LsaLookupPrivilegeValue().

◆ LsarLookupSids()

NTSTATUS WINAPI LsarLookupSids ( LSAPR_HANDLE  PolicyHandle,
PLSAPR_SID_ENUM_BUFFER  SidEnumBuffer,
PLSAPR_REFERENCED_DOMAIN_LIST ReferencedDomains,
PLSAPR_TRANSLATED_NAMES  TranslatedNames,
LSAP_LOOKUP_LEVEL  LookupLevel,
DWORD MappedCount 
)

Definition at line 1256 of file lsarpc.c.

1263{
1264 LSAPR_TRANSLATED_NAMES_EX TranslatedNamesEx;
1265 ULONG i;
1267
1268 TRACE("LsarLookupSids(%p %p %p %p %d %p)\n",
1269 PolicyHandle, SidEnumBuffer, ReferencedDomains, TranslatedNames,
1270 LookupLevel, MappedCount);
1271
1272 /* FIXME: Fail, if there is an invalid SID in the SidEnumBuffer */
1273
1274 TranslatedNames->Entries = SidEnumBuffer->Entries;
1275 TranslatedNames->Names = NULL;
1276 *ReferencedDomains = NULL;
1277
1278 TranslatedNamesEx.Entries = SidEnumBuffer->Entries;
1279 TranslatedNamesEx.Names = NULL;
1280
1281 Status = LsapLookupSids(SidEnumBuffer,
1282 ReferencedDomains,
1283 &TranslatedNamesEx,
1284 LookupLevel,
1285 MappedCount,
1286 0,
1287 0);
1288 if (!NT_SUCCESS(Status))
1289 return Status;
1290
1291 TranslatedNames->Entries = SidEnumBuffer->Entries;
1292 TranslatedNames->Names = MIDL_user_allocate(SidEnumBuffer->Entries * sizeof(LSAPR_TRANSLATED_NAME));
1293 if (TranslatedNames->Names == NULL)
1294 {
1295 MIDL_user_free(TranslatedNamesEx.Names);
1296 MIDL_user_free(*ReferencedDomains);
1297 *ReferencedDomains = NULL;
1299 }
1300
1301 for (i = 0; i < TranslatedNamesEx.Entries; i++)
1302 {
1303 TranslatedNames->Names[i].Use = TranslatedNamesEx.Names[i].Use;
1304 TranslatedNames->Names[i].Name.Length = TranslatedNamesEx.Names[i].Name.Length;
1305 TranslatedNames->Names[i].Name.MaximumLength = TranslatedNamesEx.Names[i].Name.MaximumLength;
1306 TranslatedNames->Names[i].Name.Buffer = TranslatedNamesEx.Names[i].Name.Buffer;
1307 TranslatedNames->Names[i].DomainIndex = TranslatedNamesEx.Names[i].DomainIndex;
1308 }
1309
1310 MIDL_user_free(TranslatedNamesEx.Names);
1311
1312 return Status;
1313}
NTSTATUS LsapLookupSids(PLSAPR_SID_ENUM_BUFFER SidEnumBuffer, PLSAPR_REFERENCED_DOMAIN_LIST *ReferencedDomains, PLSAPR_TRANSLATED_NAMES_EX TranslatedNames, LSAP_LOOKUP_LEVEL LookupLevel, DWORD *MappedCount, DWORD LookupOptions, DWORD ClientRevision)
Definition: lookup.c:2412
PLSAPR_TRANSLATED_NAME_EX Names
Definition: lsa.idl:186
PLSAPR_TRANSLATED_NAME Names
Definition: lsa.idl:174
SID_NAME_USE Use
Definition: lsa.idl:178
RPC_UNICODE_STRING Name
Definition: lsa.idl:179
SID_NAME_USE Use
Definition: lsa.idl:167
RPC_UNICODE_STRING Name
Definition: lsa.idl:168

Referenced by LsaLookupSids().

◆ LsarLookupSids2()

NTSTATUS WINAPI LsarLookupSids2 ( LSAPR_HANDLE  PolicyHandle,
PLSAPR_SID_ENUM_BUFFER  SidEnumBuffer,
PLSAPR_REFERENCED_DOMAIN_LIST ReferencedDomains,
PLSAPR_TRANSLATED_NAMES_EX  TranslatedNames,
LSAP_LOOKUP_LEVEL  LookupLevel,
DWORD MappedCount,
DWORD  LookupOptions,
DWORD  ClientRevision 
)

Definition at line 3921 of file lsarpc.c.

3930{
3932
3933 TRACE("LsarLookupSids2(%p %p %p %p %d %p %lu %lu)\n",
3934 PolicyHandle, SidEnumBuffer, ReferencedDomains, TranslatedNames,
3935 LookupLevel, MappedCount, LookupOptions, ClientRevision);
3936
3937 TranslatedNames->Entries = SidEnumBuffer->Entries;
3938 TranslatedNames->Names = NULL;
3939 *ReferencedDomains = NULL;
3940
3941 /* FIXME: Fail, if there is an invalid SID in the SidEnumBuffer */
3942
3943 Status = LsapLookupSids(SidEnumBuffer,
3944 ReferencedDomains,
3945 TranslatedNames,
3946 LookupLevel,
3947 MappedCount,
3948 LookupOptions,
3949 ClientRevision);
3950
3951 return Status;
3952}

◆ LsarLookupSids3()

NTSTATUS WINAPI LsarLookupSids3 ( LSAPR_HANDLE  PolicyHandle,
PLSAPR_SID_ENUM_BUFFER  SidEnumBuffer,
PLSAPR_REFERENCED_DOMAIN_LIST ReferencedDomains,
PLSAPR_TRANSLATED_NAMES_EX  TranslatedNames,
LSAP_LOOKUP_LEVEL  LookupLevel,
DWORD MappedCount,
DWORD  LookupOptions,
DWORD  ClientRevision 
)

Definition at line 4269 of file lsarpc.c.

4278{
4280
4281 TRACE("LsarLookupSids3(%p %p %p %p %d %p %lu %lu)\n",
4282 PolicyHandle, SidEnumBuffer, ReferencedDomains, TranslatedNames,
4283 LookupLevel, MappedCount, LookupOptions, ClientRevision);
4284
4285 TranslatedNames->Entries = SidEnumBuffer->Entries;
4286 TranslatedNames->Names = NULL;
4287 *ReferencedDomains = NULL;
4288
4289 /* FIXME: Fail, if there is an invalid SID in the SidEnumBuffer */
4290
4291 Status = LsapLookupSids(SidEnumBuffer,
4292 ReferencedDomains,
4293 TranslatedNames,
4294 LookupLevel,
4295 MappedCount,
4296 LookupOptions,
4297 ClientRevision);
4298
4299 return Status;
4300}

◆ LsarOpenAccount()

NTSTATUS WINAPI LsarOpenAccount ( LSAPR_HANDLE  PolicyHandle,
PRPC_SID  AccountSid,
ACCESS_MASK  DesiredAccess,
LSAPR_HANDLE AccountHandle 
)

Definition at line 1465 of file lsarpc.c.

1470{
1471 PLSA_DB_OBJECT PolicyObject;
1473
1474 TRACE("LsarOpenAccount(%p %p %lx %p)\n",
1475 PolicyHandle, AccountSid, DesiredAccess, AccountHandle);
1476
1477 /* Validate the AccountSid */
1478 if (!RtlValidSid(AccountSid))
1480
1481 /* Validate the PolicyHandle */
1482 Status = LsapValidateDbObject(PolicyHandle,
1484 0,
1485 &PolicyObject);
1486 if (!NT_SUCCESS(Status))
1487 {
1488 ERR("LsapValidateDbObject returned 0x%08lx\n", Status);
1489 return Status;
1490 }
1491
1492
1493 /* Open the Account object */
1494 return LsarpOpenAccount(PolicyObject,
1495 AccountSid,
1497 (PLSA_DB_OBJECT *)AccountHandle);
1498}

Referenced by LsaOpenAccount(), LsapSetPrivileges(), and LsarEnumerateAccountRights().

◆ LsarOpenPolicy()

NTSTATUS WINAPI LsarOpenPolicy ( LPWSTR  SystemName,
PLSAPR_OBJECT_ATTRIBUTES  ObjectAttributes,
ACCESS_MASK  DesiredAccess,
LSAPR_HANDLE PolicyHandle 
)

Definition at line 495 of file lsarpc.c.

500{
501 PLSA_DB_OBJECT PolicyObject;
503
504 TRACE("LsarOpenPolicy(%S %p %lx %p)\n",
505 SystemName, ObjectAttributes, DesiredAccess, PolicyHandle);
506
508
510 NULL,
511 L"Policy",
514 FALSE,
515 &PolicyObject);
516
518
519 if (NT_SUCCESS(Status))
520 *PolicyHandle = (LSAPR_HANDLE)PolicyObject;
521
522 TRACE("LsarOpenPolicy done!\n");
523
524 return Status;
525}
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:36
NTSTATUS LsapOpenDbObject(IN PLSA_DB_OBJECT ParentObject, IN LPWSTR ContainerName, IN LPWSTR ObjectName, IN LSA_DB_OBJECT_TYPE ObjectType, IN ACCESS_MASK DesiredAccess, IN BOOLEAN Trusted, OUT PLSA_DB_OBJECT *DbObject)
Definition: database.c:712
static RTL_CRITICAL_SECTION PolicyHandleTableLock
Definition: lsarpc.c:14
NTSYSAPI NTSTATUS NTAPI RtlEnterCriticalSection(_In_ PRTL_CRITICAL_SECTION CriticalSection)
NTSYSAPI NTSTATUS NTAPI RtlLeaveCriticalSection(_In_ PRTL_CRITICAL_SECTION CriticalSection)

Referenced by DsRolepGetBasicInfo(), LsaOpenPolicy(), LsapSetPrivileges(), and LsarOpenPolicy2().

◆ LsarOpenPolicy2()

NTSTATUS WINAPI LsarOpenPolicy2 ( LPWSTR  SystemName,
PLSAPR_OBJECT_ATTRIBUTES  ObjectAttributes,
ACCESS_MASK  DesiredAccess,
LSAPR_HANDLE PolicyHandle 
)

Definition at line 3723 of file lsarpc.c.

3728{
3729 return LsarOpenPolicy(SystemName,
3732 PolicyHandle);
3733}
NTSTATUS WINAPI LsarOpenPolicy(LPWSTR SystemName, PLSAPR_OBJECT_ATTRIBUTES ObjectAttributes, ACCESS_MASK DesiredAccess, LSAPR_HANDLE *PolicyHandle)
Definition: lsarpc.c:495

◆ LsarOpenPolicySce()

NTSTATUS WINAPI LsarOpenPolicySce ( LPWSTR  SystemName,
PLSAPR_OBJECT_ATTRIBUTES  ObjectAttributes,
ACCESS_MASK  DesiredAccess,
LSAPR_HANDLE PolicyHandle 
)

Definition at line 4346 of file lsarpc.c.

4351{
4354}

Referenced by LsaOpenPolicySce().

◆ LsarOpenSecret()

NTSTATUS WINAPI LsarOpenSecret ( LSAPR_HANDLE  PolicyHandle,
PRPC_UNICODE_STRING  SecretName,
ACCESS_MASK  DesiredAccess,
LSAPR_HANDLE SecretHandle 
)

Definition at line 2090 of file lsarpc.c.

2095{
2096 PLSA_DB_OBJECT PolicyObject;
2097 PLSA_DB_OBJECT SecretObject = NULL;
2099
2100 TRACE("LsarOpenSecret(%p %wZ %lx %p)\n",
2101 PolicyHandle, SecretName, DesiredAccess, SecretHandle);
2102
2103 /* Validate the PolicyHandle */
2104 Status = LsapValidateDbObject(PolicyHandle,
2106 0,
2107 &PolicyObject);
2108 if (!NT_SUCCESS(Status))
2109 {
2110 ERR("LsapValidateDbObject returned 0x%08lx\n", Status);
2111 return Status;
2112 }
2113
2114 /* Create the secret object */
2115 Status = LsapOpenDbObject(PolicyObject,
2116 L"Secrets",
2117 SecretName->Buffer,
2120 PolicyObject->Trusted,
2121 &SecretObject);
2122 if (!NT_SUCCESS(Status))
2123 {
2124 ERR("LsapOpenDbObject failed (Status 0x%08lx)\n", Status);
2125 goto done;
2126 }
2127
2128done:
2129 if (!NT_SUCCESS(Status))
2130 {
2131 if (SecretObject != NULL)
2132 LsapCloseDbObject(SecretObject);
2133 }
2134 else
2135 {
2136 *SecretHandle = (LSAPR_HANDLE)SecretObject;
2137 }
2138
2139 return Status;
2140}

Referenced by LsaOpenSecret().

◆ LsarOpenTrustedDomain()

NTSTATUS WINAPI LsarOpenTrustedDomain ( LSAPR_HANDLE  PolicyHandle,
PRPC_SID  TrustedDomainSid,
ACCESS_MASK  DesiredAccess,
LSAPR_HANDLE TrustedDomainHandle 
)

Definition at line 2046 of file lsarpc.c.

2051{
2052 /* Fail, if we are not a domain controller */
2055
2058}

Referenced by LsaOpenTrustedDomain().

◆ LsarOpenTrustedDomainByName()

NTSTATUS WINAPI LsarOpenTrustedDomainByName ( LSAPR_HANDLE  PolicyHandle,
PRPC_UNICODE_STRING  TrustedDomainName,
ACCESS_MASK  DesiredAccess,
LSAPR_HANDLE TrustedDomainHandle 
)

Definition at line 3892 of file lsarpc.c.

3897{
3898 /* Fail, if we are not a domain controller */
3901
3904}

Referenced by LsaOpenTrustedDomainByName().

◆ LsarpCreateAccount()

NTSTATUS LsarpCreateAccount ( PLSA_DB_OBJECT  PolicyObject,
PRPC_SID  AccountSid,
ACCESS_MASK  DesiredAccess,
PLSA_DB_OBJECT AccountObject 
)

Definition at line 813 of file lsarpc.c.

818{
819 LPWSTR SidString = NULL;
820 PSECURITY_DESCRIPTOR AccountSd = NULL;
821 ULONG AccountSdSize;
823
824 /* Create SID string */
825 if (!ConvertSidToStringSid((PSID)AccountSid,
826 &SidString))
827 {
828 ERR("ConvertSidToStringSid failed\n");
830 }
831
832 /* Create a security descriptor for the account */
833 Status = LsapCreateAccountSd(&AccountSd,
834 &AccountSdSize);
835 if (!NT_SUCCESS(Status))
836 {
837 ERR("LsapCreateAccountSd returned 0x%08lx\n", Status);
838 goto done;
839 }
840
841 /* Create the Account object */
842 Status = LsapCreateDbObject(PolicyObject,
843 L"Accounts",
844 SidString,
847 PolicyObject->Trusted,
848 AccountObject);
849 if (!NT_SUCCESS(Status))
850 {
851 ERR("LsapCreateDbObject failed (Status 0x%08lx)\n", Status);
852 goto done;
853 }
854
855 /* Set the Sid attribute */
856 Status = LsapSetObjectAttribute(*AccountObject,
857 L"Sid",
858 (PVOID)AccountSid,
859 GetLengthSid(AccountSid));
860 if (!NT_SUCCESS(Status))
861 goto done;
862
863 /* Set the SecDesc attribute */
864 Status = LsapSetObjectAttribute(*AccountObject,
865 L"SecDesc",
866 AccountSd,
867 AccountSdSize);
868
869done:
870 if (SidString != NULL)
871 LocalFree(SidString);
872
873 if (AccountSd != NULL)
874 RtlFreeHeap(RtlGetProcessHeap(), 0, AccountSd);
875
876 return Status;
877}
DWORD WINAPI GetLengthSid(PSID pSid)
Definition: security.c:919
NTSTATUS LsapCreateAccountSd(PSECURITY_DESCRIPTOR *AccountSd, PULONG AccountSdSize)
Definition: security.c:268
HLOCAL NTAPI LocalFree(HLOCAL hMem)
Definition: heapmem.c:1594
#define ConvertSidToStringSid
Definition: sddl.h:160
WCHAR * LPWSTR
Definition: xmlstorage.h:184

Referenced by LsarAddAccountRights(), and LsarCreateAccount().

◆ LsarpOpenAccount()

static NTSTATUS LsarpOpenAccount ( IN PLSA_DB_OBJECT  PolicyObject,
IN PRPC_SID  AccountSid,
IN ACCESS_MASK  DesiredAccess,
OUT PLSA_DB_OBJECT AccountObject 
)
static

Definition at line 1425 of file lsarpc.c.

1430{
1431 LPWSTR SidString = NULL;
1433
1434 /* Create SID string */
1435 if (!ConvertSidToStringSid((PSID)AccountSid,
1436 &SidString))
1437 {
1438 ERR("ConvertSidToStringSid failed\n");
1440 }
1441
1442 /* Create the Account object */
1443 Status = LsapOpenDbObject(PolicyObject,
1444 L"Accounts",
1445 SidString,
1448 PolicyObject->Trusted,
1449 AccountObject);
1450 if (!NT_SUCCESS(Status))
1451 {
1452 ERR("LsapOpenDbObject(Accounts/%S) failed (Status 0x%08lx)\n", SidString, Status);
1453 }
1454
1455 if (SidString != NULL)
1456 LocalFree(SidString);
1457
1458 return Status;
1459}

Referenced by LsarAddAccountRights(), LsarOpenAccount(), and LsarRemoveAccountRights().

◆ LsarQueryDomainInformationPolicy()

NTSTATUS WINAPI LsarQueryDomainInformationPolicy ( LSAPR_HANDLE  PolicyHandle,
POLICY_INFORMATION_CLASS  InformationClass,
PLSAPR_POLICY_DOMAIN_INFORMATION PolicyInformation 
)

Definition at line 3866 of file lsarpc.c.

3870{
3873}

Referenced by LsaQueryDomainInformationPolicy().

◆ LsarQueryForestTrustInformation()

NTSTATUS WINAPI LsarQueryForestTrustInformation ( LSAPR_HANDLE  PolicyHandle,
PLSA_UNICODE_STRING  TrustedDomainName,
LSA_FOREST_TRUST_RECORD_TYPE  HighestRecordType,
PLSA_FOREST_TRUST_INFORMATION ForestTrustInfo 
)

Definition at line 4224 of file lsarpc.c.

4229{
4232}

Referenced by LsaQueryForestTrustInformation().

◆ LsarQueryInformationPolicy()

NTSTATUS WINAPI LsarQueryInformationPolicy ( LSAPR_HANDLE  PolicyHandle,
POLICY_INFORMATION_CLASS  InformationClass,
PLSAPR_POLICY_INFORMATION PolicyInformation 
)

Definition at line 531 of file lsarpc.c.

535{
536 PLSA_DB_OBJECT PolicyObject;
539
540 TRACE("LsarQueryInformationPolicy(%p,0x%08x,%p)\n",
541 PolicyHandle, InformationClass, PolicyInformation);
542
543 if (PolicyInformation)
544 {
545 TRACE("*PolicyInformation %p\n", *PolicyInformation);
546 }
547
548 switch (InformationClass)
549 {
554 break;
555
566 break;
567
570 break;
571
572 default:
573 ERR("Invalid InformationClass!\n");
575 }
576
577 Status = LsapValidateDbObject(PolicyHandle,
580 &PolicyObject);
581 if (!NT_SUCCESS(Status))
582 return Status;
583
584 switch (InformationClass)
585 {
586 case PolicyAuditLogInformation: /* 1 */
587 Status = LsarQueryAuditLog(PolicyObject,
588 PolicyInformation);
589 break;
590
591 case PolicyAuditEventsInformation: /* 2 */
592 Status = LsarQueryAuditEvents(PolicyObject,
593 PolicyInformation);
594 break;
595
597 Status = LsarQueryPrimaryDomain(PolicyObject,
598 PolicyInformation);
599 break;
600
601 case PolicyPdAccountInformation: /* 4 */
602 Status = LsarQueryPdAccount(PolicyObject,
603 PolicyInformation);
604 break;
605
607 Status = LsarQueryAccountDomain(PolicyObject,
608 PolicyInformation);
609 break;
610
612 Status = LsarQueryServerRole(PolicyObject,
613 PolicyInformation);
614 break;
615
617 Status = LsarQueryReplicaSource(PolicyObject,
618 PolicyInformation);
619 break;
620
622 Status = LsarQueryDefaultQuota(PolicyObject,
623 PolicyInformation);
624 break;
625
627 Status = LsarQueryModification(PolicyObject,
628 PolicyInformation);
629 break;
630
631 case PolicyAuditFullQueryInformation: /* 11 (0xB) */
632 Status = LsarQueryAuditFull(PolicyObject,
633 PolicyInformation);
634 break;
635
636 case PolicyDnsDomainInformation: /* 12 (0xC) */
637 Status = LsarQueryDnsDomain(PolicyObject,
638 PolicyInformation);
639 break;
640
641 case PolicyDnsDomainInformationInt: /* 13 (0xD) */
642 Status = LsarQueryDnsDomainInt(PolicyObject,
643 PolicyInformation);
644 break;
645
646 case PolicyLocalAccountDomainInformation: /* 14 (0xE) */
647 Status = LsarQueryLocalAccountDomain(PolicyObject,
648 PolicyInformation);
649 break;
650
651 default:
652 ERR("Invalid InformationClass!\n");
654 }
655
656 return Status;
657}
NTSTATUS LsarQueryDnsDomainInt(PLSA_DB_OBJECT PolicyObject, PLSAPR_POLICY_INFORMATION *PolicyInformation)
Definition: policy.c:759
NTSTATUS LsarQueryAuditEvents(PLSA_DB_OBJECT PolicyObject, PLSAPR_POLICY_INFORMATION *PolicyInformation)
Definition: policy.c:70
NTSTATUS LsarQueryLocalAccountDomain(PLSA_DB_OBJECT PolicyObject, PLSAPR_POLICY_INFORMATION *PolicyInformation)
Definition: policy.c:769
NTSTATUS LsarQueryPrimaryDomain(PLSA_DB_OBJECT PolicyObject, PLSAPR_POLICY_INFORMATION *PolicyInformation)
Definition: policy.c:157
NTSTATUS LsarQueryReplicaSource(PLSA_DB_OBJECT PolicyObject, PLSAPR_POLICY_INFORMATION *PolicyInformation)
Definition: policy.c:436
NTSTATUS LsarQueryDnsDomain(PLSA_DB_OBJECT PolicyObject, PLSAPR_POLICY_INFORMATION *PolicyInformation)
Definition: policy.c:542
NTSTATUS LsarQueryAccountDomain(PLSA_DB_OBJECT PolicyObject, PLSAPR_POLICY_INFORMATION *PolicyInformation)
Definition: policy.c:289
NTSTATUS LsarQueryAuditFull(PLSA_DB_OBJECT PolicyObject, PLSAPR_POLICY_INFORMATION *PolicyInformation)
Definition: policy.c:510
NTSTATUS LsarQueryServerRole(PLSA_DB_OBJECT PolicyObject, PLSAPR_POLICY_INFORMATION *PolicyInformation)
Definition: policy.c:398
NTSTATUS LsarQueryModification(PLSA_DB_OBJECT PolicyObject, PLSAPR_POLICY_INFORMATION *PolicyInformation)
Definition: policy.c:478
NTSTATUS LsarQueryAuditLog(PLSA_DB_OBJECT PolicyObject, PLSAPR_POLICY_INFORMATION *PolicyInformation)
Definition: policy.c:38
NTSTATUS LsarQueryDefaultQuota(PLSA_DB_OBJECT PolicyObject, PLSAPR_POLICY_INFORMATION *PolicyInformation)
Definition: policy.c:446
NTSTATUS LsarQueryPdAccount(PLSA_DB_OBJECT PolicyObject, PLSAPR_POLICY_INFORMATION *PolicyInformation)
Definition: policy.c:267
_In_ FILTER_INFORMATION_CLASS InformationClass
Definition: fltkernel.h:1713
#define POLICY_GET_PRIVATE_INFORMATION
Definition: ntsecapi.h:63
@ PolicyModificationInformation
Definition: ntsecapi.h:251
@ PolicyAuditEventsInformation
Definition: ntsecapi.h:244
@ PolicyDnsDomainInformationInt
Definition: ntsecapi.h:255
@ PolicyDefaultQuotaInformation
Definition: ntsecapi.h:250
@ PolicyReplicaSourceInformation
Definition: ntsecapi.h:249
@ PolicyLsaServerRoleInformation
Definition: ntsecapi.h:248
@ PolicyDnsDomainInformation
Definition: ntsecapi.h:254
@ PolicyPrimaryDomainInformation
Definition: ntsecapi.h:245
@ PolicyAuditLogInformation
Definition: ntsecapi.h:243
@ PolicyAuditFullQueryInformation
Definition: ntsecapi.h:253
@ PolicyLocalAccountDomainInformation
Definition: ntsecapi.h:256
@ PolicyPdAccountInformation
Definition: ntsecapi.h:246
@ PolicyAccountDomainInformation
Definition: ntsecapi.h:247
#define POLICY_VIEW_AUDIT_INFORMATION
Definition: ntsecapi.h:62

Referenced by DsRolepGetBasicInfo(), GetAccountDomainSid(), LsaQueryInformationPolicy(), and LsarQueryInformationPolicy2().

◆ LsarQueryInformationPolicy2()

NTSTATUS WINAPI LsarQueryInformationPolicy2 ( LSAPR_HANDLE  PolicyHandle,
POLICY_INFORMATION_CLASS  InformationClass,
PLSAPR_POLICY_INFORMATION PolicyInformation 
)

Definition at line 3752 of file lsarpc.c.

3756{
3757 return LsarQueryInformationPolicy(PolicyHandle,
3759 PolicyInformation);
3760}
NTSTATUS WINAPI LsarQueryInformationPolicy(LSAPR_HANDLE PolicyHandle, POLICY_INFORMATION_CLASS InformationClass, PLSAPR_POLICY_INFORMATION *PolicyInformation)
Definition: lsarpc.c:531

◆ LsarQueryInfoTrustedDomain()

NTSTATUS WINAPI LsarQueryInfoTrustedDomain ( LSAPR_HANDLE  TrustedDomainHandle,
TRUSTED_INFORMATION_CLASS  InformationClass,
PLSAPR_TRUSTED_DOMAIN_INFO TrustedDomainInformation 
)

Definition at line 2064 of file lsarpc.c.

2068{
2071}

Referenced by LsaQueryInfoTrustedDomain().

◆ LsarQuerySecret()

NTSTATUS WINAPI LsarQuerySecret ( LSAPR_HANDLE  SecretHandle,
PLSAPR_CR_CIPHER_VALUE EncryptedCurrentValue,
PLARGE_INTEGER  CurrentValueSetTime,
PLSAPR_CR_CIPHER_VALUE EncryptedOldValue,
PLARGE_INTEGER  OldValueSetTime 
)

Definition at line 2246 of file lsarpc.c.

2252{
2253 PLSA_DB_OBJECT SecretObject;
2254 PLSAPR_CR_CIPHER_VALUE EncCurrentValue = NULL;
2255 PLSAPR_CR_CIPHER_VALUE EncOldValue = NULL;
2256 PBYTE CurrentValue = NULL;
2257 PBYTE OldValue = NULL;
2258 ULONG CurrentValueLength = 0;
2259 ULONG OldValueLength = 0;
2262
2263 TRACE("LsarQuerySecret(%p %p %p %p %p)\n", SecretHandle,
2264 EncryptedCurrentValue, CurrentValueSetTime,
2265 EncryptedOldValue, OldValueSetTime);
2266
2267 /* Validate the SecretHandle */
2268 Status = LsapValidateDbObject(SecretHandle,
2271 &SecretObject);
2272 if (!NT_SUCCESS(Status))
2273 {
2274 ERR("LsapValidateDbObject returned 0x%08lx\n", Status);
2275 return Status;
2276 }
2277
2278 if (EncryptedCurrentValue != NULL)
2279 {
2280 CurrentValueLength = 0;
2281
2282 /* Get the size of the current value */
2283 Status = LsapGetObjectAttribute(SecretObject,
2284 L"CurrentValue",
2285 NULL,
2286 &CurrentValueLength);
2287 if (!NT_SUCCESS(Status))
2288 goto done;
2289
2290 /* Allocate a buffer for the current value */
2291 CurrentValue = midl_user_allocate(CurrentValueLength);
2292 if (CurrentValue == NULL)
2293 {
2295 goto done;
2296 }
2297
2298 /* Get the current value */
2299 Status = LsapGetObjectAttribute(SecretObject,
2300 L"CurrentValue",
2301 CurrentValue,
2302 &CurrentValueLength);
2303 if (!NT_SUCCESS(Status))
2304 goto done;
2305
2306 /* Allocate a buffer for the encrypted current value */
2307 EncCurrentValue = midl_user_allocate(sizeof(LSAPR_CR_CIPHER_VALUE));
2308 if (EncCurrentValue == NULL)
2309 {
2311 goto done;
2312 }
2313
2314 /* FIXME: Encrypt the current value */
2315 EncCurrentValue->Length = (USHORT)(CurrentValueLength - sizeof(WCHAR));
2316 EncCurrentValue->MaximumLength = (USHORT)CurrentValueLength;
2317 EncCurrentValue->Buffer = (PBYTE)CurrentValue;
2318 }
2319
2320 if (CurrentValueSetTime != NULL)
2321 {
2322 BufferSize = sizeof(LARGE_INTEGER);
2323
2324 /* Get the current value time */
2325 Status = LsapGetObjectAttribute(SecretObject,
2326 L"CurrentTime",
2327 (PBYTE)CurrentValueSetTime,
2328 &BufferSize);
2329 if (!NT_SUCCESS(Status))
2330 goto done;
2331 }
2332
2333 if (EncryptedOldValue != NULL)
2334 {
2335 OldValueLength = 0;
2336
2337 /* Get the size of the old value */
2338 Status = LsapGetObjectAttribute(SecretObject,
2339 L"OldValue",
2340 NULL,
2341 &OldValueLength);
2342 if (!NT_SUCCESS(Status))
2343 goto done;
2344
2345 /* Allocate a buffer for the old value */
2346 OldValue = midl_user_allocate(OldValueLength);
2347 if (OldValue == NULL)
2348 {
2350 goto done;
2351 }
2352
2353 /* Get the old value */
2354 Status = LsapGetObjectAttribute(SecretObject,
2355 L"OldValue",
2356 OldValue,
2357 &OldValueLength);
2358 if (!NT_SUCCESS(Status))
2359 goto done;
2360
2361 /* Allocate a buffer for the encrypted old value */
2362 EncOldValue = midl_user_allocate(sizeof(LSAPR_CR_CIPHER_VALUE) + OldValueLength);
2363 if (EncOldValue == NULL)
2364 {
2366 goto done;
2367 }
2368
2369 /* FIXME: Encrypt the old value */
2370 EncOldValue->Length = (USHORT)(OldValueLength - sizeof(WCHAR));
2371 EncOldValue->MaximumLength = (USHORT)OldValueLength;
2372 EncOldValue->Buffer = (PBYTE)OldValue;
2373 }
2374
2375 if (OldValueSetTime != NULL)
2376 {
2377 BufferSize = sizeof(LARGE_INTEGER);
2378
2379 /* Get the old value time */
2380 Status = LsapGetObjectAttribute(SecretObject,
2381 L"OldTime",
2382 (PBYTE)OldValueSetTime,
2383 &BufferSize);
2384 if (!NT_SUCCESS(Status))
2385 goto done;
2386 }
2387
2388
2389done:
2390 if (NT_SUCCESS(Status))
2391 {
2392 if (EncryptedCurrentValue != NULL)
2393 *EncryptedCurrentValue = EncCurrentValue;
2394
2395 if (EncryptedOldValue != NULL)
2396 *EncryptedOldValue = EncOldValue;
2397 }
2398 else
2399 {
2400 if (EncryptedCurrentValue != NULL)
2401 *EncryptedCurrentValue = NULL;
2402
2403 if (EncryptedOldValue != NULL)
2404 *EncryptedOldValue = NULL;
2405
2406 if (EncCurrentValue != NULL)
2407 midl_user_free(EncCurrentValue);
2408
2409 if (EncOldValue != NULL)
2410 midl_user_free(EncOldValue);
2411
2412 if (CurrentValue != NULL)
2413 midl_user_free(CurrentValue);
2414
2415 if (OldValue != NULL)
2416 midl_user_free(OldValue);
2417 }
2418
2419 TRACE("LsarQuerySecret done (Status 0x%08lx)\n", Status);
2420
2421 return Status;
2422}
#define BufferSize
Definition: mmc.h:75
#define SECRET_QUERY_VALUE
Definition: ntlsa.h:39
BYTE * PBYTE
Definition: pedump.c:66
unsigned short USHORT
Definition: pedump.c:61
union _LARGE_INTEGER LARGE_INTEGER
_In_ WDFMEMORY _Out_opt_ size_t * BufferSize
Definition: wdfmemory.h:254

Referenced by LsaQuerySecret().

◆ LsarQuerySecurityObject()

NTSTATUS WINAPI LsarQuerySecurityObject ( LSAPR_HANDLE  ObjectHandle,
SECURITY_INFORMATION  SecurityInformation,
PLSAPR_SR_SECURITY_DESCRIPTOR SecurityDescriptor 
)

Definition at line 198 of file lsarpc.c.

202{
203 PLSA_DB_OBJECT DbObject = NULL;
205 PSECURITY_DESCRIPTOR ResultSd = NULL;
208 ULONG RelativeSdSize = 0;
209 ULONG ResultSdSize = 0;
211
212 TRACE("LsarQuerySecurityObject(%p %lx %p)\n",
214
217
219
224
227
228 /* Validate the ObjectHandle */
229 Status = LsapValidateDbObject(ObjectHandle,
232 &DbObject);
233 if (!NT_SUCCESS(Status))
234 return Status;
235
236 /* Get the size of the SD */
238 L"SecDesc",
239 NULL,
240 &RelativeSdSize);
241 if (!NT_SUCCESS(Status))
242 return Status;
243
244 /* Allocate a buffer for the SD */
245 RelativeSd = MIDL_user_allocate(RelativeSdSize);
246 if (RelativeSd == NULL)
248
249 /* Get the SD */
251 L"SecDesc",
252 RelativeSd,
253 &RelativeSdSize);
254 if (!NT_SUCCESS(Status))
255 goto done;
256
257 /* Invalidate the SD information that was not requested */
259 RelativeSd->Owner = 0;
260
262 RelativeSd->Group = 0;
263
265 RelativeSd->Control &= ~SE_DACL_PRESENT;
266
268 RelativeSd->Control &= ~SE_SACL_PRESENT;
269
270 /* Calculate the required SD size */
271 Status = RtlMakeSelfRelativeSD(RelativeSd,
272 NULL,
273 &ResultSdSize);
275 goto done;
276
277 /* Allocate a buffer for the new SD */
278 ResultSd = MIDL_user_allocate(ResultSdSize);
279 if (ResultSd == NULL)
280 {
282 goto done;
283 }
284
285 /* Build the new SD */
286 Status = RtlMakeSelfRelativeSD(RelativeSd,
287 ResultSd,
288 &ResultSdSize);
289 if (!NT_SUCCESS(Status))
290 goto done;
291
292 /* Allocate the SD data buffer */
294 if (SdData == NULL)
295 {
297 goto done;
298 }
299
300 /* Fill the SD data buffer and return it to the caller */
301 SdData->Length = ResultSdSize;
302 SdData->SecurityDescriptor = (PBYTE)ResultSd;
303
304 *SecurityDescriptor = SdData;
305
306done:
307 if (!NT_SUCCESS(Status))
308 {
309 if (ResultSd != NULL)
310 MIDL_user_free(ResultSd);
311 }
312
313 if (RelativeSd != NULL)
314 MIDL_user_free(RelativeSd);
315
316 return Status;
317}
_Must_inspect_result_ _In_ PFILE_OBJECT _In_ SECURITY_INFORMATION SecurityInformation
Definition: fltkernel.h:1340
NTSYSAPI NTSTATUS NTAPI RtlMakeSelfRelativeSD(_In_ PSECURITY_DESCRIPTOR AbsoluteSD, _Out_ PSECURITY_DESCRIPTOR SelfRelativeSD, _Inout_ PULONG BufferLength)
#define ACCESS_SYSTEM_SECURITY
Definition: nt_native.h:77
#define READ_CONTROL
Definition: nt_native.h:58
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:69
SECURITY_DESCRIPTOR_CONTROL Control
Definition: setypes.h:839
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:191
#define DACL_SECURITY_INFORMATION
Definition: setypes.h:125
#define OWNER_SECURITY_INFORMATION
Definition: setypes.h:123
#define GROUP_SECURITY_INFORMATION
Definition: setypes.h:124
#define SACL_SECURITY_INFORMATION
Definition: setypes.h:126

Referenced by LsaQuerySecurityObject().

◆ LsarQueryTrustedDomainInfo()

NTSTATUS WINAPI LsarQueryTrustedDomainInfo ( LSAPR_HANDLE  PolicyHandle,
PRPC_SID  TrustedDomainSid,
TRUSTED_INFORMATION_CLASS  InformationClass,
PLSAPR_TRUSTED_DOMAIN_INFO TrustedDomainInformation 
)

Definition at line 3410 of file lsarpc.c.

3415{
3416 /* Fail, if we are not a domain controller */
3419
3422}

Referenced by LsaQueryTrustedDomainInfo().

◆ LsarQueryTrustedDomainInfoByName()

NTSTATUS WINAPI LsarQueryTrustedDomainInfoByName ( LSAPR_HANDLE  PolicyHandle,
PRPC_UNICODE_STRING  TrustedDomainName,
POLICY_INFORMATION_CLASS  InformationClass,
PLSAPR_TRUSTED_DOMAIN_INFO PolicyInformation 
)

Definition at line 3780 of file lsarpc.c.

3785{
3786 /* Fail, if we are not a domain controller */
3789
3790 /* FIXME: We are not running an AD yet */
3792}

Referenced by LsaQueryTrustedDomainInfoByName().

◆ LsarRegisterAuditEvent()

NTSTATUS WINAPI LsarRegisterAuditEvent ( handle_t  hBinding)

Definition at line 4191 of file lsarpc.c.

4193{
4196}

◆ LsarRemoveAccountRights()

NTSTATUS WINAPI LsarRemoveAccountRights ( LSAPR_HANDLE  PolicyHandle,
PRPC_SID  AccountSid,
BOOLEAN  AllRights,
PLSAPR_USER_RIGHT_SET  UserRights 
)

Definition at line 3214 of file lsarpc.c.

3219{
3220 PLSA_DB_OBJECT PolicyObject;
3221 PLSA_DB_OBJECT AccountObject = NULL;
3222 ULONG PrivilegesToRemove = 0, RightsToRemove = 0;
3223 ACCESS_MASK SystemAccess = 0;
3224 ULONG Size, Value, i, j, Index;
3225 PPRIVILEGE_SET PrivilegeSet = NULL;
3226 ULONG PrivilegeCount;
3227 PLUID pLuid;
3229
3230 TRACE("LsarRemoveAccountRights(%p %p %lu %p)\n",
3231 PolicyHandle, AccountSid, AllRights, UserRights);
3232
3233 /* Validate the AccountSid */
3234 if (!RtlValidSid(AccountSid))
3236
3237 /* Validate the UserRights */
3238 if (UserRights == NULL)
3240
3241 /* Validate the privilege and account right names */
3242 for (i = 0; i < UserRights->Entries; i++)
3243 {
3244 if (LsarpLookupPrivilegeValue(&UserRights->UserRights[i]) != NULL)
3245 {
3246 PrivilegesToRemove++;
3247 }
3248 else
3249 {
3250 if (LsapLookupAccountRightValue(&UserRights->UserRights[i]) == 0)
3252
3253 RightsToRemove++;
3254 }
3255 }
3256
3257 /* Validate the PolicyHandle */
3258 Status = LsapValidateDbObject(PolicyHandle,
3261 &PolicyObject);
3262 if (!NT_SUCCESS(Status))
3263 {
3264 ERR("LsapValidateDbObject returned 0x%08lx\n", Status);
3265 return Status;
3266 }
3267
3268 /* Open the account */
3269 Status = LsarpOpenAccount(PolicyObject,
3270 AccountSid,
3271 0,
3272 &AccountObject);
3274 {
3275 ERR("LsarpOpenAccount returned 0x%08lx\n", Status);
3276 goto done;
3277 }
3278
3279 if (AllRights == FALSE)
3280 {
3281 /* Get the size of the Privilgs attribute */
3282 Size = 0;
3283 Status = LsapGetObjectAttribute(AccountObject,
3284 L"Privilgs",
3285 NULL,
3286 &Size);
3288 goto done;
3289
3290 if ((Size != 0) && (PrivilegesToRemove != 0))
3291 {
3292 /* Allocate the privilege set buffer */
3293 PrivilegeSet = RtlAllocateHeap(RtlGetProcessHeap(),
3295 Size);
3296 if (PrivilegeSet == NULL)
3297 return STATUS_NO_MEMORY;
3298
3299 /* Get the privilege set */
3300 Status = LsapGetObjectAttribute(AccountObject,
3301 L"Privilgs",
3302 PrivilegeSet,
3303 &Size);
3304 if (!NT_SUCCESS(Status))
3305 {
3306 ERR("LsapGetObjectAttribute() failed (Status 0x%08lx)\n", Status);
3307 goto done;
3308 }
3309
3310 PrivilegeCount = PrivilegeSet->PrivilegeCount;
3311
3312 for (i = 0; i < UserRights->Entries; i++)
3313 {
3314 pLuid = LsarpLookupPrivilegeValue(&UserRights->UserRights[i]);
3315 if (pLuid == NULL)
3316 continue;
3317
3318 Index = -1;
3319 for (j = 0; j < PrivilegeSet->PrivilegeCount; j++)
3320 {
3321 if (RtlEqualLuid(&(PrivilegeSet->Privilege[j].Luid), pLuid))
3322 {
3323 Index = j;
3324 break;
3325 }
3326 }
3327
3328 if (Index != -1)
3329 {
3330 /* Remove the privilege */
3331 if ((PrivilegeSet->PrivilegeCount > 1) &&
3332 (Index < PrivilegeSet->PrivilegeCount - 1))
3333 RtlMoveMemory(&(PrivilegeSet->Privilege[Index]),
3334 &(PrivilegeSet->Privilege[Index + 1]),
3335 (Index - PrivilegeSet->PrivilegeCount - 1) * sizeof(LUID));
3336
3337 /* Wipe the last entry */
3338 RtlZeroMemory(&(PrivilegeSet->Privilege[PrivilegeSet->PrivilegeCount - 1]),
3339 sizeof(LUID));
3340
3341 PrivilegeSet->PrivilegeCount--;
3342 }
3343 }
3344
3345 /* Store the extended privilege set */
3346 if (PrivilegeCount != PrivilegeSet->PrivilegeCount)
3347 {
3348 Size = sizeof(PRIVILEGE_SET) +
3349 (PrivilegeSet->PrivilegeCount - 1) * sizeof(LUID_AND_ATTRIBUTES);
3350
3351 Status = LsapSetObjectAttribute(AccountObject,
3352 L"Privilgs",
3353 PrivilegeSet,
3354 Size);
3355 if (!NT_SUCCESS(Status))
3356 {
3357 ERR("LsapSetObjectAttribute() failed (Status 0x%08lx)\n", Status);
3358 goto done;
3359 }
3360 }
3361 }
3362
3363 /* Get the system access flags, if the attribute exists */
3364 Size = 0;
3365 Status = LsapGetObjectAttribute(AccountObject,
3366 L"ActSysAc",
3367 &SystemAccess,
3368 &Size);
3370 goto done;
3371
3372 if ((Size != 0) && (RightsToRemove != 0))
3373 {
3374 ERR("Rights: 0x%lx\n", SystemAccess);
3375
3376 /* Set the new access rights */
3377 for (i = 0; i < UserRights->Entries; i++)
3378 {
3380 if (Value != 0)
3381 SystemAccess &= ~Value;
3382 }
3383 ERR("New Rights: 0x%lx\n", SystemAccess);
3384
3385 /* Set the system access flags */
3386 Status = LsapSetObjectAttribute(AccountObject,
3387 L"ActSysAc",
3388 &SystemAccess,
3389 sizeof(ACCESS_MASK));
3390 }
3391 }
3392 else
3393 {
3394 }
3395
3396done:
3397 if (PrivilegeSet != NULL)
3398 RtlFreeHeap(RtlGetProcessHeap(), 0, PrivilegeSet);
3399
3400 if (AccountObject != NULL)
3401 LsapCloseDbObject(AccountObject);
3402
3403 return Status;
3404}
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:262
#define RtlMoveMemory(Destination, Source, Length)
Definition: typedefs.h:264

Referenced by LsaRemoveAccountRights().

◆ LsarRemovePrivilegesFromAccount()

NTSTATUS WINAPI LsarRemovePrivilegesFromAccount ( LSAPR_HANDLE  AccountHandle,
BOOLEAN  AllPrivileges,
PLSAPR_PRIVILEGE_SET  Privileges 
)

Definition at line 1719 of file lsarpc.c.

1723{
1724 PLSA_DB_OBJECT AccountObject;
1725 PPRIVILEGE_SET CurrentPrivileges = NULL;
1726 PPRIVILEGE_SET NewPrivileges = NULL;
1727 ULONG PrivilegeSetSize = 0;
1728 ULONG PrivilegeCount;
1729 ULONG i, j, k;
1730 BOOL bFound;
1732
1733 TRACE("LsarRemovePrivilegesFromAccount(%p %u %p)\n",
1734 AccountHandle, AllPrivileges, Privileges);
1735
1736 /* */
1737 if (((AllPrivileges == FALSE) && (Privileges == NULL)) ||
1738 ((AllPrivileges != FALSE) && (Privileges != NULL)))
1740
1741 /* Validate the AccountHandle */
1742 Status = LsapValidateDbObject(AccountHandle,
1745 &AccountObject);
1746 if (!NT_SUCCESS(Status))
1747 {
1748 ERR("LsapValidateDbObject returned 0x%08lx\n", Status);
1749 return Status;
1750 }
1751
1752 if (AllPrivileges != FALSE)
1753 {
1754 /* Delete the Privilgs attribute */
1755 Status = LsapDeleteObjectAttribute(AccountObject,
1756 L"Privilgs");
1759 }
1760 else
1761 {
1762 /* Get the size of the Privilgs attribute */
1763 Status = LsapGetObjectAttribute(AccountObject,
1764 L"Privilgs",
1765 NULL,
1766 &PrivilegeSetSize);
1767 if (!NT_SUCCESS(Status))
1768 goto done;
1769
1770 /* Succeed, if there is no privilege set to remove privileges from */
1771 if (PrivilegeSetSize == 0)
1772 {
1774 goto done;
1775 }
1776
1777 /* Allocate memory for the stored privilege set */
1778 CurrentPrivileges = MIDL_user_allocate(PrivilegeSetSize);
1779 if (CurrentPrivileges == NULL)
1780 return STATUS_NO_MEMORY;
1781
1782 /* Get the current privilege set */
1783 Status = LsapGetObjectAttribute(AccountObject,
1784 L"Privilgs",
1785 CurrentPrivileges,
1786 &PrivilegeSetSize);
1787 if (!NT_SUCCESS(Status))
1788 {
1789 TRACE("LsapGetObjectAttribute() failed (Status 0x%08lx)\n", Status);
1790 goto done;
1791 }
1792
1793 PrivilegeCount = CurrentPrivileges->PrivilegeCount;
1794 TRACE("Current privilege count: %lu\n", PrivilegeCount);
1795
1796 /* Calculate the number of privileges in the new privilege set */
1797 for (i = 0; i < CurrentPrivileges->PrivilegeCount; i++)
1798 {
1799 for (j = 0; j < Privileges->PrivilegeCount; j++)
1800 {
1801 if (RtlEqualLuid(&(CurrentPrivileges->Privilege[i].Luid),
1802 &(Privileges->Privilege[j].Luid)))
1803 {
1804 if (PrivilegeCount > 0)
1805 PrivilegeCount--;
1806 }
1807 }
1808 }
1809 TRACE("New privilege count: %lu\n", PrivilegeCount);
1810
1811 if (PrivilegeCount == 0)
1812 {
1813 /* Delete the Privilgs attribute */
1814 Status = LsapDeleteObjectAttribute(AccountObject,
1815 L"Privilgs");
1818 }
1819 else
1820 {
1821 /* Calculate the size of the new privilege set and allocate it */
1822 PrivilegeSetSize = sizeof(PRIVILEGE_SET) +
1823 (PrivilegeCount - 1) * sizeof(LUID_AND_ATTRIBUTES);
1824 NewPrivileges = MIDL_user_allocate(PrivilegeSetSize);
1825 if (NewPrivileges == NULL)
1826 {
1828 goto done;
1829 }
1830
1831 /* Initialize the new privilege set */
1832 NewPrivileges->PrivilegeCount = PrivilegeCount;
1833 NewPrivileges->Control = 0;
1834
1835 /* Copy the privileges which are not to be removed */
1836 for (i = 0, k = 0; i < CurrentPrivileges->PrivilegeCount; i++)
1837 {
1838 bFound = FALSE;
1839 for (j = 0; j < Privileges->PrivilegeCount; j++)
1840 {
1841 if (RtlEqualLuid(&(CurrentPrivileges->Privilege[i].Luid),
1842 &(Privileges->Privilege[j].Luid)))
1843 bFound = TRUE;
1844 }
1845
1846 if (bFound == FALSE)
1847 {
1848 /* Copy the privilege */
1850 &(CurrentPrivileges->Privilege[i]),
1851 &(NewPrivileges->Privilege[k]));
1852 k++;
1853 }
1854 }
1855
1856 /* Set the new privilege set */
1857 Status = LsapSetObjectAttribute(AccountObject,
1858 L"Privilgs",
1859 NewPrivileges,
1860 PrivilegeSetSize);
1861 }
1862 }
1863
1864done:
1865 if (CurrentPrivileges != NULL)
1866 MIDL_user_free(CurrentPrivileges);
1867
1868 if (NewPrivileges != NULL)
1869 MIDL_user_free(NewPrivileges);
1870
1871 return Status;
1872}
NTSTATUS LsapDeleteObjectAttribute(PLSA_DB_OBJECT DbObject, LPWSTR AttributeName)
Definition: database.c:1082
int k
Definition: mpi.c:3369

Referenced by LsaRemovePrivilegesFromAccount().

◆ LsarRetrievePrivateData()

NTSTATUS WINAPI LsarRetrievePrivateData ( LSAPR_HANDLE  PolicyHandle,
PRPC_UNICODE_STRING  KeyName,
PLSAPR_CR_CIPHER_VALUE EncryptedData 
)

Definition at line 3618 of file lsarpc.c.

3622{
3623 PLSA_DB_OBJECT PolicyObject = NULL;
3624 PLSA_DB_OBJECT SecretObject = NULL;
3625 PLSAPR_CR_CIPHER_VALUE EncCurrentValue = NULL;
3626 ULONG CurrentValueLength = 0;
3627 PBYTE CurrentValue = NULL;
3629
3630 TRACE("LsarRetrievePrivateData(%p %wZ %p)\n",
3631 PolicyHandle, KeyName, EncryptedData);
3632
3633 /* Validate the SecretHandle */
3634 Status = LsapValidateDbObject(PolicyHandle,
3637 &PolicyObject);
3638 if (!NT_SUCCESS(Status))
3639 {
3640 ERR("LsapValidateDbObject returned 0x%08lx\n", Status);
3641 return Status;
3642 }
3643
3644 /* Open the secret object */
3645 Status = LsapOpenDbObject(PolicyObject,
3646 L"Secrets",
3647 KeyName->Buffer,
3649 0,
3650 PolicyObject->Trusted,
3651 &SecretObject);
3652 if (!NT_SUCCESS(Status))
3653 {
3654 ERR("LsapOpenDbObject failed (Status 0x%08lx)\n", Status);
3655 goto done;
3656 }
3657
3658 /* Get the size of the current value */
3659 Status = LsapGetObjectAttribute(SecretObject,
3660 L"CurrentValue",
3661 NULL,
3662 &CurrentValueLength);
3663 if (!NT_SUCCESS(Status))
3664 goto done;
3665
3666 /* Allocate a buffer for the current value */
3667 CurrentValue = midl_user_allocate(CurrentValueLength);
3668 if (CurrentValue == NULL)
3669 {
3671 goto done;
3672 }
3673
3674 /* Get the current value */
3675 Status = LsapGetObjectAttribute(SecretObject,
3676 L"CurrentValue",
3677 CurrentValue,
3678 &CurrentValueLength);
3679 if (!NT_SUCCESS(Status))
3680 goto done;
3681
3682 /* Allocate a buffer for the encrypted current value */
3683 EncCurrentValue = midl_user_allocate(sizeof(LSAPR_CR_CIPHER_VALUE) + CurrentValueLength);
3684 if (EncCurrentValue == NULL)
3685 {
3687 goto done;
3688 }
3689
3690 /* FIXME: Encrypt the current value */
3691 EncCurrentValue->Length = (USHORT)(CurrentValueLength - sizeof(WCHAR));
3692 EncCurrentValue->MaximumLength = (USHORT)CurrentValueLength;
3693 EncCurrentValue->Buffer = (PBYTE)(EncCurrentValue + 1);
3694 RtlCopyMemory(EncCurrentValue->Buffer,
3695 CurrentValue,
3696 CurrentValueLength);
3697
3698done:
3699 if (NT_SUCCESS(Status))
3700 {
3701 if (EncryptedData != NULL)
3702 *EncryptedData = EncCurrentValue;
3703 }
3704 else
3705 {
3706 if (EncryptedData != NULL)
3707 *EncryptedData = NULL;
3708
3709 if (EncCurrentValue != NULL)
3710 midl_user_free(EncCurrentValue);
3711 }
3712
3713 if (SecretObject != NULL)
3714 LsapCloseDbObject(SecretObject);
3715
3716 return Status;
3717}
_Must_inspect_result_ _In_ WDFDEVICE _In_ PCUNICODE_STRING KeyName
Definition: wdfdevice.h:2699

Referenced by LsaRetrievePrivateData().

◆ LsarSetDomainInformationPolicy()

NTSTATUS WINAPI LsarSetDomainInformationPolicy ( LSAPR_HANDLE  PolicyHandle,
POLICY_INFORMATION_CLASS  InformationClass,
PLSAPR_POLICY_DOMAIN_INFORMATION  PolicyInformation 
)

Definition at line 3879 of file lsarpc.c.

3883{
3886}

Referenced by LsaSetDomainInformationPolicy().

◆ LsarSetForestTrustInformation()

NTSTATUS WINAPI LsarSetForestTrustInformation ( LSAPR_HANDLE  PolicyHandle,
PLSA_UNICODE_STRING  TrustedDomainName,
LSA_FOREST_TRUST_RECORD_TYPE  HighestRecordType,
PLSA_FOREST_TRUST_INFORMATION  ForestTrustInfo,
BOOLEAN  CheckOnly,
PLSA_FOREST_TRUST_COLLISION_INFORMATION CollisionInfo 
)

Definition at line 4238 of file lsarpc.c.

4245{
4248}

Referenced by LsaSetForestTrustInformation().

◆ LsarSetInformationPolicy()

NTSTATUS WINAPI LsarSetInformationPolicy ( LSAPR_HANDLE  PolicyHandle,
POLICY_INFORMATION_CLASS  InformationClass,
PLSAPR_POLICY_INFORMATION  PolicyInformation 
)

Definition at line 663 of file lsarpc.c.

667{
668 PLSA_DB_OBJECT PolicyObject;
671
672 TRACE("LsarSetInformationPolicy(%p,0x%08x,%p)\n",
673 PolicyHandle, InformationClass, PolicyInformation);
674
675 if (PolicyInformation)
676 {
677 TRACE("*PolicyInformation %p\n", *PolicyInformation);
678 }
679
680 switch (InformationClass)
681 {
685 break;
686
689 break;
690
697 break;
698
702 break;
703
706 break;
707
708 default:
709 ERR("Invalid InformationClass!\n");
711 }
712
713 Status = LsapValidateDbObject(PolicyHandle,
716 &PolicyObject);
717 if (!NT_SUCCESS(Status))
718 return Status;
719
720 switch (InformationClass)
721 {
722 case PolicyAuditLogInformation: /* 1 */
723 Status = LsarSetAuditLog(PolicyObject,
724 (PPOLICY_AUDIT_LOG_INFO)PolicyInformation);
725 break;
726
727 case PolicyAuditEventsInformation: /* 2 */
728 Status = LsarSetAuditEvents(PolicyObject,
729 (PLSAPR_POLICY_AUDIT_EVENTS_INFO)PolicyInformation);
730 if (NT_SUCCESS(Status))
732 break;
733
735 Status = LsarSetPrimaryDomain(PolicyObject,
736 (PLSAPR_POLICY_PRIMARY_DOM_INFO)PolicyInformation);
737 if (NT_SUCCESS(Status))
739 break;
740
742 Status = LsarSetAccountDomain(PolicyObject,
743 (PLSAPR_POLICY_ACCOUNT_DOM_INFO)PolicyInformation);
744 if (NT_SUCCESS(Status))
746 break;
747
749 Status = LsarSetServerRole(PolicyObject,
750 (PPOLICY_LSA_SERVER_ROLE_INFO)PolicyInformation);
751 if (NT_SUCCESS(Status))
753 break;
754
756 Status = LsarSetReplicaSource(PolicyObject,
757 (PPOLICY_LSA_REPLICA_SRCE_INFO)PolicyInformation);
758 break;
759
761 Status = LsarSetDefaultQuota(PolicyObject,
762 (PPOLICY_DEFAULT_QUOTA_INFO)PolicyInformation);
763 break;
764
766 Status = LsarSetModification(PolicyObject,
767 (PPOLICY_MODIFICATION_INFO)PolicyInformation);
768 break;
769
770 case PolicyAuditFullSetInformation: /* 10 (0xA) */
771 Status = LsarSetAuditFull(PolicyObject,
772 (PPOLICY_AUDIT_FULL_QUERY_INFO)PolicyInformation);
773 break;
774
775 case PolicyDnsDomainInformation: /* 12 (0xC) */
776 Status = LsarSetDnsDomain(PolicyObject,
777 (PLSAPR_POLICY_DNS_DOMAIN_INFO)PolicyInformation);
778 if (NT_SUCCESS(Status))
780 break;
781
782 case PolicyDnsDomainInformationInt: /* 13 (0xD) */
783 Status = LsarSetDnsDomainInt(PolicyObject,
784 (PLSAPR_POLICY_DNS_DOMAIN_INFO)PolicyInformation);
785 break;
786
787 case PolicyLocalAccountDomainInformation: /* 14 (0xE) */
788 Status = LsarSetLocalAccountDomain(PolicyObject,
789 (PLSAPR_POLICY_ACCOUNT_DOM_INFO)PolicyInformation);
790 break;
791
792 default:
794 break;
795 }
796
797 return Status;
798}
NTSTATUS LsarSetAccountDomain(PLSA_DB_OBJECT PolicyObject, PLSAPR_POLICY_ACCOUNT_DOM_INFO Info)
Definition: policy.c:876
NTSTATUS LsarSetReplicaSource(PLSA_DB_OBJECT PolicyObject, PPOLICY_LSA_REPLICA_SRCE_INFO Info)
Definition: policy.c:936
NTSTATUS LsarSetDnsDomainInt(PLSA_DB_OBJECT PolicyObject, PLSAPR_POLICY_DNS_DOMAIN_INFO Info)
Definition: policy.c:1017
NTSTATUS LsarSetAuditEvents(PLSA_DB_OBJECT PolicyObject, PLSAPR_POLICY_AUDIT_EVENTS_INFO Info)
Definition: policy.c:792
NTSTATUS LsarSetDefaultQuota(PLSA_DB_OBJECT PolicyObject, PPOLICY_DEFAULT_QUOTA_INFO Info)
Definition: policy.c:945
NTSTATUS LsarSetPrimaryDomain(PLSA_DB_OBJECT PolicyObject, PLSAPR_POLICY_PRIMARY_DOM_INFO Info)
Definition: policy.c:829
NTSTATUS LsarSetDnsDomain(PLSA_DB_OBJECT PolicyObject, PLSAPR_POLICY_DNS_DOMAIN_INFO Info)
Definition: policy.c:1008
NTSTATUS LsarSetAuditLog(PLSA_DB_OBJECT PolicyObject, PPOLICY_AUDIT_LOG_INFO Info)
Definition: policy.c:779
NTSTATUS LsarSetAuditFull(PLSA_DB_OBJECT PolicyObject, PPOLICY_AUDIT_FULL_QUERY_INFO Info)
Definition: policy.c:971
NTSTATUS LsarSetLocalAccountDomain(PLSA_DB_OBJECT PolicyObject, PLSAPR_POLICY_ACCOUNT_DOM_INFO Info)
Definition: policy.c:1026
VOID LsapNotifyPolicyChange(POLICY_NOTIFICATION_INFORMATION_CLASS InformationClass)
Definition: notify.c:188
NTSTATUS LsarSetModification(PLSA_DB_OBJECT PolicyObject, PPOLICY_MODIFICATION_INFO Info)
Definition: policy.c:958
NTSTATUS LsarSetServerRole(PLSA_DB_OBJECT PolicyObject, PPOLICY_LSA_SERVER_ROLE_INFO Info)
Definition: policy.c:923
@ PolicyAuditFullSetInformation
Definition: ntsecapi.h:252
#define POLICY_SERVER_ADMIN
Definition: ntsecapi.h:71
#define POLICY_TRUST_ADMIN
Definition: ntsecapi.h:64
@ PolicyNotifyAuditEventsInformation
Definition: ntsecapi.h:280
@ PolicyNotifyAccountDomainInformation
Definition: ntsecapi.h:281
@ PolicyNotifyDnsDomainInformation
Definition: ntsecapi.h:283
@ PolicyNotifyServerRoleInformation
Definition: ntsecapi.h:282
#define POLICY_SET_DEFAULT_QUOTA_LIMITS
Definition: ntsecapi.h:68
#define POLICY_AUDIT_LOG_ADMIN
Definition: ntsecapi.h:70
#define POLICY_SET_AUDIT_REQUIREMENTS
Definition: ntsecapi.h:69

Referenced by LsarSetInformationPolicy2(), and LsaSetInformationPolicy().

◆ LsarSetInformationPolicy2()

NTSTATUS WINAPI LsarSetInformationPolicy2 ( LSAPR_HANDLE  PolicyHandle,
POLICY_INFORMATION_CLASS  InformationClass,
PLSAPR_POLICY_INFORMATION  PolicyInformation 
)

Definition at line 3766 of file lsarpc.c.

3770{
3771 return LsarSetInformationPolicy(PolicyHandle,
3773 PolicyInformation);
3774}
NTSTATUS WINAPI LsarSetInformationPolicy(LSAPR_HANDLE PolicyHandle, POLICY_INFORMATION_CLASS InformationClass, PLSAPR_POLICY_INFORMATION PolicyInformation)
Definition: lsarpc.c:663

◆ LsarSetInformationTrustedDomain()

NTSTATUS WINAPI LsarSetInformationTrustedDomain ( LSAPR_HANDLE  TrustedDomainHandle,
TRUSTED_INFORMATION_CLASS  InformationClass,
PLSAPR_TRUSTED_DOMAIN_INFO  TrustedDomainInformation 
)

Definition at line 2077 of file lsarpc.c.

2081{
2084}

◆ LsarSetPolicyReplicationHandle()

NTSTATUS WINAPI LsarSetPolicyReplicationHandle ( PLSAPR_HANDLE  PolicyHandle)

Definition at line 3855 of file lsarpc.c.

3857{
3858 /* Deprecated */
3860}

◆ LsarSetQuotasForAccount()

NTSTATUS WINAPI LsarSetQuotasForAccount ( LSAPR_HANDLE  AccountHandle,
PQUOTA_LIMITS  QuotaLimits 
)

Definition at line 1913 of file lsarpc.c.

1916{
1917 PLSA_DB_OBJECT AccountObject;
1918 QUOTA_LIMITS InternalQuotaLimits;
1919 ULONG Size;
1921
1922 TRACE("LsarSetQuotasForAccount(%p %p)\n",
1923 AccountHandle, QuotaLimits);
1924
1925 /* Validate the account handle */
1926 Status = LsapValidateDbObject(AccountHandle,
1929 &AccountObject);
1930 if (!NT_SUCCESS(Status))
1931 {
1932 ERR("Invalid handle (Status %lx)\n", Status);
1933 return Status;
1934 }
1935
1936 /* Get the quota limits attribute */
1937 Size = sizeof(QUOTA_LIMITS);
1938 Status = LsapGetObjectAttribute(AccountObject,
1939 L"DefQuota",
1940 &InternalQuotaLimits,
1941 &Size);
1942 if (!NT_SUCCESS(Status))
1943 {
1944 TRACE("LsapGetObjectAttribute() failed (Status 0x%08lx)\n", Status);
1945 return Status;
1946 }
1947
1948 /* Update the quota limits */
1949 if (QuotaLimits->PagedPoolLimit != 0)
1950 InternalQuotaLimits.PagedPoolLimit = QuotaLimits->PagedPoolLimit;
1951
1952 if (QuotaLimits->NonPagedPoolLimit != 0)
1953 InternalQuotaLimits.NonPagedPoolLimit = QuotaLimits->NonPagedPoolLimit;
1954
1955 if (QuotaLimits->MinimumWorkingSetSize != 0)
1956 InternalQuotaLimits.MinimumWorkingSetSize = QuotaLimits->MinimumWorkingSetSize;
1957
1958 if (QuotaLimits->MaximumWorkingSetSize != 0)
1959 InternalQuotaLimits.MaximumWorkingSetSize = QuotaLimits->MaximumWorkingSetSize;
1960
1961 if (QuotaLimits->PagefileLimit != 0)
1962 InternalQuotaLimits.PagefileLimit = QuotaLimits->PagefileLimit;
1963
1964 /* Set the quota limits attribute */
1965 Status = LsapSetObjectAttribute(AccountObject,
1966 L"DefQuota",
1967 &InternalQuotaLimits,
1968 sizeof(QUOTA_LIMITS));
1969
1970 return Status;
1971}
struct _QUOTA_LIMITS QUOTA_LIMITS
#define ACCOUNT_ADJUST_QUOTAS
Definition: ntlsa.h:30
INT64 MaximumWorkingSetSize
Definition: lsa.idl:290
INT64 NonPagedPoolLimit
Definition: lsa.idl:288
INT64 MinimumWorkingSetSize
Definition: lsa.idl:289
INT64 PagefileLimit
Definition: lsa.idl:291
INT64 PagedPoolLimit
Definition: lsa.idl:287

Referenced by LsaSetQuotasForAccount().

◆ LsarSetSecret()

NTSTATUS WINAPI LsarSetSecret ( LSAPR_HANDLE  SecretHandle,
PLSAPR_CR_CIPHER_VALUE  EncryptedCurrentValue,
PLSAPR_CR_CIPHER_VALUE  EncryptedOldValue 
)

Definition at line 2146 of file lsarpc.c.

2150{
2151 PLSA_DB_OBJECT SecretObject;
2152 PBYTE CurrentValue = NULL;
2153 PBYTE OldValue = NULL;
2154 ULONG CurrentValueLength = 0;
2155 ULONG OldValueLength = 0;
2158
2159 TRACE("LsarSetSecret(%p %p %p)\n", SecretHandle,
2160 EncryptedCurrentValue, EncryptedOldValue);
2161
2162 /* Validate the SecretHandle */
2163 Status = LsapValidateDbObject(SecretHandle,
2166 &SecretObject);
2167 if (!NT_SUCCESS(Status))
2168 {
2169 ERR("LsapValidateDbObject returned 0x%08lx\n", Status);
2170 return Status;
2171 }
2172
2173 if (EncryptedCurrentValue != NULL)
2174 {
2175 /* FIXME: Decrypt the current value */
2176 CurrentValue = EncryptedCurrentValue->Buffer;
2177 CurrentValueLength = EncryptedCurrentValue->MaximumLength;
2178 }
2179
2180 /* Set the current value */
2181 Status = LsapSetObjectAttribute(SecretObject,
2182 L"CurrentValue",
2183 CurrentValue,
2184 CurrentValueLength);
2185 if (!NT_SUCCESS(Status))
2186 {
2187 ERR("LsapSetObjectAttribute failed (Status 0x%08lx)\n", Status);
2188 goto done;
2189 }
2190
2191 /* Get the current time */
2193 if (!NT_SUCCESS(Status))
2194 {
2195 ERR("NtQuerySystemTime failed (Status 0x%08lx)\n", Status);
2196 goto done;
2197 }
2198
2199 /* Set the current time */
2200 Status = LsapSetObjectAttribute(SecretObject,
2201 L"CurrentTime",
2202 &Time,
2203 sizeof(LARGE_INTEGER));
2204 if (!NT_SUCCESS(Status))
2205 {
2206 ERR("LsapSetObjectAttribute failed (Status 0x%08lx)\n", Status);
2207 goto done;
2208 }
2209
2210 if (EncryptedOldValue != NULL)
2211 {
2212 /* FIXME: Decrypt the old value */
2213 OldValue = EncryptedOldValue->Buffer;
2214 OldValueLength = EncryptedOldValue->MaximumLength;
2215 }
2216
2217 /* Set the old value */
2218 Status = LsapSetObjectAttribute(SecretObject,
2219 L"OldValue",
2220 OldValue,
2221 OldValueLength);
2222 if (!NT_SUCCESS(Status))
2223 {
2224 ERR("LsapSetObjectAttribute failed (Status 0x%08lx)\n", Status);
2225 goto done;
2226 }
2227
2228 /* Set the old time */
2229 Status = LsapSetObjectAttribute(SecretObject,
2230 L"OldTime",
2231 &Time,
2232 sizeof(LARGE_INTEGER));
2233 if (!NT_SUCCESS(Status))
2234 {
2235 ERR("LsapSetObjectAttribute failed (Status 0x%08lx)\n", Status);
2236 }
2237
2238done:
2239 return Status;
2240}
#define SECRET_SET_VALUE
Definition: ntlsa.h:38

Referenced by LsaSetSecret().

◆ LsarSetSecurityObject()

NTSTATUS WINAPI LsarSetSecurityObject ( LSAPR_HANDLE  ObjectHandle,
SECURITY_INFORMATION  SecurityInformation,
PLSAPR_SR_SECURITY_DESCRIPTOR  SecurityDescriptor 
)

Definition at line 323 of file lsarpc.c.

327{
328 PLSA_DB_OBJECT DbObject = NULL;
330 PSECURITY_DESCRIPTOR RelativeSd = NULL;
331 ULONG RelativeSdSize = 0;
335
336 TRACE("LsarSetSecurityObject(%p %lx %p)\n",
338
339 if ((SecurityDescriptor == NULL) ||
340 (SecurityDescriptor->SecurityDescriptor == NULL) ||
343
344 if (SecurityInformation == 0 ||
348
351
354
357
361
365
366 /* Validate the ObjectHandle */
367 Status = LsapValidateDbObject(ObjectHandle,
370 &DbObject);
371 if (!NT_SUCCESS(Status))
372 {
373 ERR("LsapValidateDbObject failed (Status 0x%08lx)\n", Status);
374 return Status;
375 }
376
377 /* Get the mapping for the object type */
378 switch (DbObject->ObjectType)
379 {
382 break;
383
386 break;
387
388// case LsaDbDomainObject:
389// Mapping = &LsapDomainMapping;
390// break;
391
394 break;
395
396 default:
398 }
399
400 /* Get the size of the SD */
402 L"SecDesc",
403 NULL,
404 &RelativeSdSize);
405 if (!NT_SUCCESS(Status))
406 return Status;
407
408 /* Allocate a buffer for the SD */
409 RelativeSd = RtlAllocateHeap(RtlGetProcessHeap(), 0, RelativeSdSize);
410 if (RelativeSd == NULL)
412
413 /* Get the SD */
415 L"SecDesc",
416 RelativeSd,
417 &RelativeSdSize);
418 if (!NT_SUCCESS(Status))
419 goto done;
420
421 /* Get the clients token if we try to set the owner */
423 {
425 if (!NT_SUCCESS(Status))
426 {
427 ERR("RpcImpersonateClient returns 0x%08lx\n", Status);
428 goto done;
429 }
430
433 TRUE,
434 &TokenHandle);
436 if (!NT_SUCCESS(Status))
437 {
438 ERR("NtOpenThreadToken returns 0x%08lx\n", Status);
439 goto done;
440 }
441 }
442
443 /* Build the new security descriptor */
445 (PSECURITY_DESCRIPTOR)SecurityDescriptor->SecurityDescriptor,
446 &RelativeSd,
447 Mapping,
449 if (!NT_SUCCESS(Status))
450 {
451 ERR("RtlSetSecurityObject failed (Status 0x%08lx)\n", Status);
452 goto done;
453 }
454
455 /* Set the modified SD */
457 L"SecDesc",
458 RelativeSd,
459 RtlLengthSecurityDescriptor(RelativeSd));
460 if (!NT_SUCCESS(Status))
461 {
462 ERR("LsapSetObjectAttribute failed (Status 0x%08lx)\n", Status);
463 }
464
465done:
466 if (TokenHandle != NULL)
468
469 if (RelativeSd != NULL)
470 RtlFreeHeap(RtlGetProcessHeap(), 0, RelativeSd);
471
472 return Status;
473}
#define ERROR_INVALID_PARAMETER
Definition: compat.h:101
static PVOID Mapping[EMS_PHYSICAL_PAGES]
Definition: emsdrv.c:41
NTSYSAPI ULONG WINAPI RtlLengthSecurityDescriptor(PSECURITY_DESCRIPTOR)
static GENERIC_MAPPING LsapSecretMapping
Definition: lsarpc.c:32
static GENERIC_MAPPING LsapAccountMapping
Definition: lsarpc.c:25
static GENERIC_MAPPING LsapPolicyMapping
Definition: lsarpc.c:18
_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE TokenHandle
Definition: psfuncs.h:726
NTSYSAPI NTSTATUS NTAPI RtlSetSecurityObject(_In_ SECURITY_INFORMATION SecurityInformation, _In_ PSECURITY_DESCRIPTOR ModificationDescriptor, _Out_ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, _In_ PGENERIC_MAPPING GenericMapping, _In_ HANDLE Token)
_In_opt_ PSID Group
Definition: rtlfuncs.h:1646
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID Owner
Definition: rtlfuncs.h:1597
NTSYSAPI BOOLEAN NTAPI RtlValidSecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptor)
Definition: sd.c:1054
#define WRITE_DAC
Definition: nt_native.h:59
NTSTATUS NTAPI NtClose(IN HANDLE Handle)
Definition: obhandle.c:3402
#define WRITE_OWNER
Definition: nt_native.h:60
NTSTATUS NTAPI NtOpenThreadToken(_In_ HANDLE ThreadHandle, _In_ ACCESS_MASK DesiredAccess, _In_ BOOLEAN OpenAsSelf, _Out_ PHANDLE TokenHandle)
Opens a token that is tied to a thread handle.
Definition: token.c:2474
#define STATUS_INVALID_HANDLE
Definition: ntstatus.h:245
RPC_STATUS WINAPI RpcRevertToSelf(void)
Definition: rpc_binding.c:1463
RPC_STATUS WINAPI RpcImpersonateClient(RPC_BINDING_HANDLE BindingHandle)
Definition: rpc_binding.c:1056
LONG WINAPI I_RpcMapWin32Status(RPC_STATUS status)
Definition: rpcrt4_main.c:740
#define TOKEN_QUERY
Definition: setypes.h:928
#define NtCurrentThread()

Referenced by LsaSetSecurityObject().

◆ LsarSetSystemAccessAccount()

NTSTATUS WINAPI LsarSetSystemAccessAccount ( LSAPR_HANDLE  AccountHandle,
ACCESS_MASK  SystemAccess 
)

Definition at line 2012 of file lsarpc.c.

2015{
2016 PLSA_DB_OBJECT AccountObject;
2018
2019 TRACE("LsarSetSystemAccessAccount(%p %lx)\n",
2020 AccountHandle, SystemAccess);
2021
2022 /* Validate the account handle */
2023 Status = LsapValidateDbObject(AccountHandle,
2026 &AccountObject);
2027 if (!NT_SUCCESS(Status))
2028 {
2029 ERR("Invalid handle (Status %lx)\n", Status);
2030 return Status;
2031 }
2032
2033 /* Set the system access flags */
2034 Status = LsapSetObjectAttribute(AccountObject,
2035 L"ActSysAc",
2036 &SystemAccess,
2037 sizeof(ACCESS_MASK));
2038
2039 return Status;
2040}
#define ACCOUNT_ADJUST_SYSTEM_ACCESS
Definition: ntlsa.h:31

Referenced by LsaSetSystemAccessAccount().

◆ LsarSetTrustedDomainInfo()

NTSTATUS WINAPI LsarSetTrustedDomainInfo ( LSAPR_HANDLE  PolicyHandle,
PRPC_SID  TrustedDomainSid,
TRUSTED_INFORMATION_CLASS  InformationClass,
PLSAPR_TRUSTED_DOMAIN_INFO  TrustedDomainInformation 
)

Definition at line 3428 of file lsarpc.c.

3433{
3434 /* Fail, if we are not a domain controller */
3437
3440}

◆ LsarSetTrustedDomainInfoByName()

NTSTATUS WINAPI LsarSetTrustedDomainInfoByName ( LSAPR_HANDLE  PolicyHandle,
PRPC_UNICODE_STRING  TrustedDomainName,
POLICY_INFORMATION_CLASS  InformationClass,
PLSAPR_TRUSTED_DOMAIN_INFO  PolicyInformation 
)

Definition at line 3798 of file lsarpc.c.

3803{
3804 /* Fail, if we are not a domain controller */
3807
3808 /* FIXME: We are not running an AD yet */