ReactOS  0.4.11-dev-721-g95bc44e
lsarpc.c
Go to the documentation of this file.
1 /*
2  * COPYRIGHT: See COPYING in the top level directory
3  * PROJECT: Local Security Authority (LSA) Server
4  * FILE: reactos/dll/win32/lsasrv/lsarpc.h
5  * PURPOSE: RPC interface functions
6  *
7  * PROGRAMMERS: Eric Kohl
8  */
9 
10 #include "lsasrv.h"
11 
12 /* GLOBALS *****************************************************************/
13 
15 
16 static
22 
23 static
29 
30 static
36 
37 /* FUNCTIONS ***************************************************************/
38 
41 {
43  DWORD dwError;
44  HANDLE hEvent;
45 
46  RtlInitializeCriticalSection(&PolicyHandleTableLock);
47 
48  TRACE("LsarStartRpcServer() called\n");
49 
50  Status = RpcServerUseProtseqEpW(L"ncacn_np",
52  L"\\pipe\\lsarpc",
53  NULL);
54  if (Status != RPC_S_OK)
55  {
56  WARN("RpcServerUseProtseqEpW() failed (Status %lx)\n", Status);
57  return I_RpcMapWin32Status(Status);
58  }
59 
60  Status = RpcServerRegisterIf(lsarpc_v0_0_s_ifspec,
61  NULL,
62  NULL);
63  if (Status != RPC_S_OK)
64  {
65  WARN("RpcServerRegisterIf() failed (Status %lx)\n", Status);
66  return I_RpcMapWin32Status(Status);
67  }
68 
69  DsSetupInit();
70 
71  Status = RpcServerListen(1, 20, TRUE);
72  if (Status != RPC_S_OK)
73  {
74  WARN("RpcServerListen() failed (Status %lx)\n", Status);
75  return I_RpcMapWin32Status(Status);
76  }
77 
78  /* Notify the service manager */
79  TRACE("Creating notification event!\n");
80  hEvent = CreateEventW(NULL,
81  TRUE,
82  FALSE,
83  L"LSA_RPC_SERVER_ACTIVE");
84  if (hEvent == NULL)
85  {
86  dwError = GetLastError();
87  TRACE("Failed to create or open the notification event (Error %lu)\n", dwError);
88 #if 0
89  if (dwError == ERROR_ALREADY_EXISTS)
90  {
91  hEvent = OpenEventW(GENERIC_WRITE,
92  FALSE,
93  L"LSA_RPC_SERVER_ACTIVE");
94  if (hEvent == NULL)
95  {
96  ERR("Could not open the notification event (Error %lu)\n", GetLastError());
97  return STATUS_UNSUCCESSFUL;
98  }
99  }
100 #endif
101  return STATUS_UNSUCCESSFUL;
102  }
103 
104  TRACE("Set notification event!\n");
105  SetEvent(hEvent);
106 
107  /* NOTE: Do not close the event handle, as it must remain alive! */
108 
109  TRACE("LsarStartRpcServer() done\n");
110  return STATUS_SUCCESS;
111 }
112 
113 
114 void
117  LSAPR_HANDLE hHandle)
118 {
119 }
120 
121 
122 /* Function 0 */
123 NTSTATUS
124 WINAPI
126  LSAPR_HANDLE *ObjectHandle)
127 {
128  PLSA_DB_OBJECT DbObject;
130 
131  TRACE("LsarClose(%p)\n", ObjectHandle);
132 
133 // RtlEnterCriticalSection(&PolicyHandleTableLock);
134 
135  Status = LsapValidateDbObject(*ObjectHandle,
137  0,
138  &DbObject);
139  if (Status == STATUS_SUCCESS)
140  {
141  Status = LsapCloseDbObject(DbObject);
142  *ObjectHandle = NULL;
143  }
144 
145 // RtlLeaveCriticalSection(&PolicyHandleTableLock);
146 
147  return Status;
148 }
149 
150 
151 /* Function 1 */
152 NTSTATUS
153 WINAPI
155  LSAPR_HANDLE ObjectHandle)
156 {
157  TRACE("LsarDelete(%p)\n", ObjectHandle);
158 
159  return LsarDeleteObject(&ObjectHandle);
160 }
161 
162 
163 /* Function 2 */
164 NTSTATUS
165 WINAPI
167  LSAPR_HANDLE PolicyHandle,
168  DWORD *EnumerationContext,
169  PLSAPR_PRIVILEGE_ENUM_BUFFER EnumerationBuffer,
170  DWORD PreferedMaximumLength)
171 {
172  PLSA_DB_OBJECT PolicyObject;
174 
175  TRACE("LsarEnumeratePrivileges(%p %p %p %lu)\n",
176  PolicyHandle, EnumerationContext, EnumerationBuffer,
177  PreferedMaximumLength);
178 
179  Status = LsapValidateDbObject(PolicyHandle,
182  &PolicyObject);
183  if (!NT_SUCCESS(Status))
184  return Status;
185 
186  if (EnumerationContext == NULL)
188 
189  return LsarpEnumeratePrivileges(EnumerationContext,
190  EnumerationBuffer,
191  PreferedMaximumLength);
192 }
193 
194 
195 /* Function 3 */
196 NTSTATUS
197 WINAPI
199  LSAPR_HANDLE ObjectHandle,
202 {
203  PLSA_DB_OBJECT DbObject = NULL;
204  PSECURITY_DESCRIPTOR RelativeSd = NULL;
205  PSECURITY_DESCRIPTOR ResultSd = NULL;
208  ULONG RelativeSdSize = 0;
209  ULONG ResultSdSize = 0;
211 
212  TRACE("LsarQuerySecurityObject(%p %lx %p)\n",
213  ObjectHandle, SecurityInformation, SecurityDescriptor);
214 
215  if (SecurityDescriptor == NULL)
217 
218  *SecurityDescriptor = NULL;
219 
220  if ((SecurityInformation & OWNER_SECURITY_INFORMATION) ||
221  (SecurityInformation & GROUP_SECURITY_INFORMATION) ||
222  (SecurityInformation & DACL_SECURITY_INFORMATION))
223  DesiredAccess |= READ_CONTROL;
224 
225  if (SecurityInformation & SACL_SECURITY_INFORMATION)
226  DesiredAccess |= ACCESS_SYSTEM_SECURITY;
227 
228  /* Validate the ObjectHandle */
229  Status = LsapValidateDbObject(ObjectHandle,
231  DesiredAccess,
232  &DbObject);
233  if (!NT_SUCCESS(Status))
234  return Status;
235 
236  /* Get the size of the SD */
237  Status = LsapGetObjectAttribute(DbObject,
238  L"SecDesc",
239  NULL,
240  &RelativeSdSize);
241  if (!NT_SUCCESS(Status))
242  return Status;
243 
244  /* Allocate a buffer for the SD */
245  RelativeSd = MIDL_user_allocate(RelativeSdSize);
246  if (RelativeSd == NULL)
248 
249  /* Get the SD */
250  Status = LsapGetObjectAttribute(DbObject,
251  L"SecDesc",
252  RelativeSd,
253  &RelativeSdSize);
254  if (!NT_SUCCESS(Status))
255  goto done;
256 
257  /* Invalidate the SD information that was not requested */
258  if (!(SecurityInformation & OWNER_SECURITY_INFORMATION))
259  ((PISECURITY_DESCRIPTOR)RelativeSd)->Owner = NULL;
260 
261  if (!(SecurityInformation & GROUP_SECURITY_INFORMATION))
262  ((PISECURITY_DESCRIPTOR)RelativeSd)->Group = NULL;
263 
264  if (!(SecurityInformation & DACL_SECURITY_INFORMATION))
265  ((PISECURITY_DESCRIPTOR)RelativeSd)->Control &= ~SE_DACL_PRESENT;
266 
267  if (!(SecurityInformation & SACL_SECURITY_INFORMATION))
268  ((PISECURITY_DESCRIPTOR)RelativeSd)->Control &= ~SE_SACL_PRESENT;
269 
270  /* Calculate the required SD size */
271  Status = RtlMakeSelfRelativeSD(RelativeSd,
272  NULL,
273  &ResultSdSize);
274  if (Status != STATUS_BUFFER_TOO_SMALL)
275  goto done;
276 
277  /* Allocate a buffer for the new SD */
278  ResultSd = MIDL_user_allocate(ResultSdSize);
279  if (ResultSd == NULL)
280  {
282  goto done;
283  }
284 
285  /* Build the new SD */
286  Status = RtlMakeSelfRelativeSD(RelativeSd,
287  ResultSd,
288  &ResultSdSize);
289  if (!NT_SUCCESS(Status))
290  goto done;
291 
292  /* Allocate the SD data buffer */
294  if (SdData == NULL)
295  {
297  goto done;
298  }
299 
300  /* Fill the SD data buffer and return it to the caller */
301  SdData->Length = RelativeSdSize;
302  SdData->SecurityDescriptor = (PBYTE)ResultSd;
303 
304  *SecurityDescriptor = SdData;
305 
306 done:
307  if (!NT_SUCCESS(Status))
308  {
309  if (ResultSd != NULL)
310  MIDL_user_free(ResultSd);
311  }
312 
313  if (RelativeSd != NULL)
314  MIDL_user_free(RelativeSd);
315 
316  return Status;
317 }
318 
319 
320 /* Function 4 */
321 NTSTATUS
322 WINAPI
324  LSAPR_HANDLE ObjectHandle,
327 {
328  PLSA_DB_OBJECT DbObject = NULL;
330  PSECURITY_DESCRIPTOR RelativeSd = NULL;
331  ULONG RelativeSdSize = 0;
335 
336  TRACE("LsarSetSecurityObject(%p %lx %p)\n",
337  ObjectHandle, SecurityInformation, SecurityDescriptor);
338 
339  if ((SecurityDescriptor == NULL) ||
340  (SecurityDescriptor->SecurityDescriptor == NULL) ||
343 
344  if (SecurityInformation == 0 ||
348 
349  if (SecurityInformation & SACL_SECURITY_INFORMATION)
350  DesiredAccess |= ACCESS_SYSTEM_SECURITY;
351 
352  if (SecurityInformation & DACL_SECURITY_INFORMATION)
353  DesiredAccess |= WRITE_DAC;
354 
355  if (SecurityInformation & (OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION))
356  DesiredAccess |= WRITE_OWNER;
357 
358  if ((SecurityInformation & OWNER_SECURITY_INFORMATION) &&
359  (((PISECURITY_DESCRIPTOR)SecurityDescriptor)->Owner == NULL))
361 
362  if ((SecurityInformation & GROUP_SECURITY_INFORMATION) &&
363  (((PISECURITY_DESCRIPTOR)SecurityDescriptor)->Group == NULL))
365 
366  /* Validate the ObjectHandle */
367  Status = LsapValidateDbObject(ObjectHandle,
369  DesiredAccess,
370  &DbObject);
371  if (!NT_SUCCESS(Status))
372  {
373  ERR("LsapValidateDbObject failed (Status 0x%08lx)\n", Status);
374  return Status;
375  }
376 
377  /* Get the mapping for the object type */
378  switch (DbObject->ObjectType)
379  {
380  case LsaDbPolicyObject:
381  Mapping = &LsapPolicyMapping;
382  break;
383 
384  case LsaDbAccountObject:
385  Mapping = &LsapAccountMapping;
386  break;
387 
388 // case LsaDbDomainObject:
389 // Mapping = &LsapDomainMapping;
390 // break;
391 
392  case LsaDbSecretObject:
393  Mapping = &LsapSecretMapping;
394  break;
395 
396  default:
397  return STATUS_INVALID_HANDLE;
398  }
399 
400  /* Get the size of the SD */
401  Status = LsapGetObjectAttribute(DbObject,
402  L"SecDesc",
403  NULL,
404  &RelativeSdSize);
405  if (!NT_SUCCESS(Status))
406  return Status;
407 
408  /* Allocate a buffer for the SD */
409  RelativeSd = RtlAllocateHeap(RtlGetProcessHeap(), 0, RelativeSdSize);
410  if (RelativeSd == NULL)
412 
413  /* Get the SD */
414  Status = LsapGetObjectAttribute(DbObject,
415  L"SecDesc",
416  RelativeSd,
417  &RelativeSdSize);
418  if (!NT_SUCCESS(Status))
419  goto done;
420 
421  /* Get the clients token if we try to set the owner */
422  if (SecurityInformation & OWNER_SECURITY_INFORMATION)
423  {
425  if (!NT_SUCCESS(Status))
426  {
427  ERR("RpcImpersonateClient returns 0x%08lx\n", Status);
428  goto done;
429  }
430 
432  TOKEN_QUERY,
433  TRUE,
434  &TokenHandle);
435  RpcRevertToSelf();
436  if (!NT_SUCCESS(Status))
437  {
438  ERR("NtOpenThreadToken returns 0x%08lx\n", Status);
439  goto done;
440  }
441  }
442 
443  /* Build the new security descriptor */
444  Status = RtlSetSecurityObject(SecurityInformation,
445  (PSECURITY_DESCRIPTOR)SecurityDescriptor->SecurityDescriptor,
446  &RelativeSd,
447  Mapping,
448  TokenHandle);
449  if (!NT_SUCCESS(Status))
450  {
451  ERR("RtlSetSecurityObject failed (Status 0x%08lx)\n", Status);
452  goto done;
453  }
454 
455  /* Set the modified SD */
456  Status = LsapSetObjectAttribute(DbObject,
457  L"SecDesc",
458  RelativeSd,
459  RtlLengthSecurityDescriptor(RelativeSd));
460  if (!NT_SUCCESS(Status))
461  {
462  ERR("LsapSetObjectAttribute failed (Status 0x%08lx)\n", Status);
463  }
464 
465 done:
466  if (TokenHandle != NULL)
467  NtClose(TokenHandle);
468 
469  if (RelativeSd != NULL)
470  RtlFreeHeap(RtlGetProcessHeap(), 0, RelativeSd);
471 
472  return Status;
473 }
474 
475 
476 /* Function 5 */
477 NTSTATUS
478 WINAPI
480  handle_t IDL_handle,
481  PRPC_UNICODE_STRING String1,
483  PRPC_UNICODE_STRING String3,
484  PRPC_UNICODE_STRING String4,
485  PRPC_UNICODE_STRING String5)
486 {
487  /* Deprecated */
488  return STATUS_NOT_IMPLEMENTED;
489 }
490 
491 
492 /* Function 6 */
493 NTSTATUS
494 WINAPI
496  LPWSTR SystemName,
499  LSAPR_HANDLE *PolicyHandle)
500 {
501  PLSA_DB_OBJECT PolicyObject;
503 
504  TRACE("LsarOpenPolicy(%S %p %lx %p)\n",
505  SystemName, ObjectAttributes, DesiredAccess, PolicyHandle);
506 
507  RtlEnterCriticalSection(&PolicyHandleTableLock);
508 
509  Status = LsapOpenDbObject(NULL,
510  NULL,
511  L"Policy",
513  DesiredAccess,
514  FALSE,
515  &PolicyObject);
516 
517  RtlLeaveCriticalSection(&PolicyHandleTableLock);
518 
519  if (NT_SUCCESS(Status))
520  *PolicyHandle = (LSAPR_HANDLE)PolicyObject;
521 
522  TRACE("LsarOpenPolicy done!\n");
523 
524  return Status;
525 }
526 
527 
528 /* Function 7 */
529 NTSTATUS
530 WINAPI
532  LSAPR_HANDLE PolicyHandle,
534  PLSAPR_POLICY_INFORMATION *PolicyInformation)
535 {
536  PLSA_DB_OBJECT PolicyObject;
539 
540  TRACE("LsarQueryInformationPolicy(%p,0x%08x,%p)\n",
541  PolicyHandle, InformationClass, PolicyInformation);
542 
543  if (PolicyInformation)
544  {
545  TRACE("*PolicyInformation %p\n", *PolicyInformation);
546  }
547 
548  switch (InformationClass)
549  {
553  DesiredAccess = POLICY_VIEW_AUDIT_INFORMATION;
554  break;
555 
565  DesiredAccess = POLICY_VIEW_LOCAL_INFORMATION;
566  break;
567 
569  DesiredAccess = POLICY_GET_PRIVATE_INFORMATION;
570  break;
571 
572  default:
573  ERR("Invalid InformationClass!\n");
575  }
576 
577  Status = LsapValidateDbObject(PolicyHandle,
579  DesiredAccess,
580  &PolicyObject);
581  if (!NT_SUCCESS(Status))
582  return Status;
583 
584  switch (InformationClass)
585  {
586  case PolicyAuditLogInformation: /* 1 */
587  Status = LsarQueryAuditLog(PolicyObject,
588  PolicyInformation);
589  break;
590 
591  case PolicyAuditEventsInformation: /* 2 */
592  Status = LsarQueryAuditEvents(PolicyObject,
593  PolicyInformation);
594  break;
595 
596  case PolicyPrimaryDomainInformation: /* 3 */
597  Status = LsarQueryPrimaryDomain(PolicyObject,
598  PolicyInformation);
599  break;
600 
601  case PolicyPdAccountInformation: /* 4 */
602  Status = LsarQueryPdAccount(PolicyObject,
603  PolicyInformation);
604  break;
605 
606  case PolicyAccountDomainInformation: /* 5 */
607  Status = LsarQueryAccountDomain(PolicyObject,
608  PolicyInformation);
609  break;
610 
611  case PolicyLsaServerRoleInformation: /* 6 */
612  Status = LsarQueryServerRole(PolicyObject,
613  PolicyInformation);
614  break;
615 
616  case PolicyReplicaSourceInformation: /* 7 */
617  Status = LsarQueryReplicaSource(PolicyObject,
618  PolicyInformation);
619  break;
620 
621  case PolicyDefaultQuotaInformation: /* 8 */
622  Status = LsarQueryDefaultQuota(PolicyObject,
623  PolicyInformation);
624  break;
625 
626  case PolicyModificationInformation: /* 9 */
627  Status = LsarQueryModification(PolicyObject,
628  PolicyInformation);
629  break;
630 
631  case PolicyAuditFullQueryInformation: /* 11 (0xB) */
632  Status = LsarQueryAuditFull(PolicyObject,
633  PolicyInformation);
634  break;
635 
636  case PolicyDnsDomainInformation: /* 12 (0xC) */
637  Status = LsarQueryDnsDomain(PolicyObject,
638  PolicyInformation);
639  break;
640 
641  case PolicyDnsDomainInformationInt: /* 13 (0xD) */
642  Status = LsarQueryDnsDomainInt(PolicyObject,
643  PolicyInformation);
644  break;
645 
646  case PolicyLocalAccountDomainInformation: /* 14 (0xE) */
647  Status = LsarQueryLocalAccountDomain(PolicyObject,
648  PolicyInformation);
649  break;
650 
651  default:
652  ERR("Invalid InformationClass!\n");
653  Status = STATUS_INVALID_PARAMETER;
654  }
655 
656  return Status;
657 }
658 
659 
660 /* Function 8 */
661 NTSTATUS
662 WINAPI
664  LSAPR_HANDLE PolicyHandle,
666  PLSAPR_POLICY_INFORMATION PolicyInformation)
667 {
668  PLSA_DB_OBJECT PolicyObject;
671 
672  TRACE("LsarSetInformationPolicy(%p,0x%08x,%p)\n",
673  PolicyHandle, InformationClass, PolicyInformation);
674 
675  if (PolicyInformation)
676  {
677  TRACE("*PolicyInformation %p\n", *PolicyInformation);
678  }
679 
680  switch (InformationClass)
681  {
684  DesiredAccess = POLICY_AUDIT_LOG_ADMIN;
685  break;
686 
688  DesiredAccess = POLICY_SET_AUDIT_REQUIREMENTS;
689  break;
690 
696  DesiredAccess = POLICY_TRUST_ADMIN;
697  break;
698 
701  DesiredAccess = POLICY_SERVER_ADMIN;
702  break;
703 
705  DesiredAccess = POLICY_SET_DEFAULT_QUOTA_LIMITS;
706  break;
707 
708  default:
709  ERR("Invalid InformationClass!\n");
711  }
712 
713  Status = LsapValidateDbObject(PolicyHandle,
715  DesiredAccess,
716  &PolicyObject);
717  if (!NT_SUCCESS(Status))
718  return Status;
719 
720  switch (InformationClass)
721  {
722  case PolicyAuditLogInformation: /* 1 */
723  Status = LsarSetAuditLog(PolicyObject,
724  (PPOLICY_AUDIT_LOG_INFO)PolicyInformation);
725  break;
726 
727  case PolicyAuditEventsInformation: /* 2 */
728  Status = LsarSetAuditEvents(PolicyObject,
729  (PLSAPR_POLICY_AUDIT_EVENTS_INFO)PolicyInformation);
730  if (NT_SUCCESS(Status))
732  break;
733 
734  case PolicyPrimaryDomainInformation: /* 3 */
735  Status = LsarSetPrimaryDomain(PolicyObject,
736  (PLSAPR_POLICY_PRIMARY_DOM_INFO)PolicyInformation);
737  if (NT_SUCCESS(Status))
739  break;
740 
741  case PolicyAccountDomainInformation: /* 5 */
742  Status = LsarSetAccountDomain(PolicyObject,
743  (PLSAPR_POLICY_ACCOUNT_DOM_INFO)PolicyInformation);
744  if (NT_SUCCESS(Status))
746  break;
747 
748  case PolicyLsaServerRoleInformation: /* 6 */
749  Status = LsarSetServerRole(PolicyObject,
750  (PPOLICY_LSA_SERVER_ROLE_INFO)PolicyInformation);
751  if (NT_SUCCESS(Status))
753  break;
754 
755  case PolicyReplicaSourceInformation: /* 7 */
756  Status = LsarSetReplicaSource(PolicyObject,
757  (PPOLICY_LSA_REPLICA_SRCE_INFO)PolicyInformation);
758  break;
759 
760  case PolicyDefaultQuotaInformation: /* 8 */
761  Status = LsarSetDefaultQuota(PolicyObject,
762  (PPOLICY_DEFAULT_QUOTA_INFO)PolicyInformation);
763  break;
764 
765  case PolicyModificationInformation: /* 9 */
766  Status = LsarSetModification(PolicyObject,
767  (PPOLICY_MODIFICATION_INFO)PolicyInformation);
768  break;
769 
770  case PolicyAuditFullSetInformation: /* 10 (0xA) */
771  Status = LsarSetAuditFull(PolicyObject,
772  (PPOLICY_AUDIT_FULL_QUERY_INFO)PolicyInformation);
773  break;
774 
775  case PolicyDnsDomainInformation: /* 12 (0xC) */
776  Status = LsarSetDnsDomain(PolicyObject,
777  (PLSAPR_POLICY_DNS_DOMAIN_INFO)PolicyInformation);
778  if (NT_SUCCESS(Status))
780  break;
781 
782  case PolicyDnsDomainInformationInt: /* 13 (0xD) */
783  Status = LsarSetDnsDomainInt(PolicyObject,
784  (PLSAPR_POLICY_DNS_DOMAIN_INFO)PolicyInformation);
785  break;
786 
787  case PolicyLocalAccountDomainInformation: /* 14 (0xE) */
788  Status = LsarSetLocalAccountDomain(PolicyObject,
789  (PLSAPR_POLICY_ACCOUNT_DOM_INFO)PolicyInformation);
790  break;
791 
792  default:
793  Status = STATUS_INVALID_PARAMETER;
794  break;
795  }
796 
797  return Status;
798 }
799 
800 
801 /* Function 9 */
802 NTSTATUS
803 WINAPI
805  LSAPR_HANDLE ObjectHandle)
806 {
807  /* Deprecated */
808  return STATUS_NOT_IMPLEMENTED;
809 }
810 
811 
812 NTSTATUS
814  PLSA_DB_OBJECT PolicyObject,
815  PRPC_SID AccountSid,
817  PLSA_DB_OBJECT *AccountObject)
818 {
819  LPWSTR SidString = NULL;
820  PSECURITY_DESCRIPTOR AccountSd = NULL;
821  ULONG AccountSdSize;
823 
824  /* Create SID string */
825  if (!ConvertSidToStringSid((PSID)AccountSid,
826  &SidString))
827  {
828  ERR("ConvertSidToStringSid failed\n");
830  }
831 
832  /* Create a security descriptor for the account */
833  Status = LsapCreateAccountSd(&AccountSd,
834  &AccountSdSize);
835  if (!NT_SUCCESS(Status))
836  {
837  ERR("LsapCreateAccountSd returned 0x%08lx\n", Status);
838  goto done;
839  }
840 
841  /* Create the Account object */
842  Status = LsapCreateDbObject(PolicyObject,
843  L"Accounts",
844  SidString,
846  DesiredAccess,
847  PolicyObject->Trusted,
848  AccountObject);
849  if (!NT_SUCCESS(Status))
850  {
851  ERR("LsapCreateDbObject failed (Status 0x%08lx)\n", Status);
852  goto done;
853  }
854 
855  /* Set the Sid attribute */
856  Status = LsapSetObjectAttribute(*AccountObject,
857  L"Sid",
858  (PVOID)AccountSid,
859  GetLengthSid(AccountSid));
860  if (!NT_SUCCESS(Status))
861  goto done;
862 
863  /* Set the SecDesc attribute */
864  Status = LsapSetObjectAttribute(*AccountObject,
865  L"SecDesc",
866  AccountSd,
867  AccountSdSize);
868 
869 done:
870  if (SidString != NULL)
871  LocalFree(SidString);
872 
873  if (AccountSd != NULL)
874  RtlFreeHeap(RtlGetProcessHeap(), 0, AccountSd);
875 
876  return Status;
877 }
878 
879 
880 /* Function 10 */
881 NTSTATUS
882 WINAPI
884  LSAPR_HANDLE PolicyHandle,
885  PRPC_SID AccountSid,
887  LSAPR_HANDLE *AccountHandle)
888 {
889  PLSA_DB_OBJECT PolicyObject;
890  PLSA_DB_OBJECT AccountObject = NULL;
892 
893  TRACE("LsarCreateAccount(%p %p %lx %p)\n",
894  PolicyHandle, AccountSid, DesiredAccess, AccountHandle);
895 
896  /* Validate the AccountSid */
897  if (!RtlValidSid(AccountSid))
899 
900  /* Validate the PolicyHandle */
901  Status = LsapValidateDbObject(PolicyHandle,
904  &PolicyObject);
905  if (!NT_SUCCESS(Status))
906  {
907  ERR("LsapValidateDbObject returned 0x%08lx\n", Status);
908  return Status;
909  }
910 
911 
912  Status = LsarpCreateAccount(PolicyObject,
913  AccountSid,
914  DesiredAccess,
915  &AccountObject);
916  if (NT_SUCCESS(Status))
917  {
918  *AccountHandle = (LSAPR_HANDLE)AccountObject;
919  }
920 
921  return Status;
922 }
923 
924 
925 /* Function 11 */
926 NTSTATUS
927 WINAPI
929  LSAPR_HANDLE PolicyHandle,
930  DWORD *EnumerationContext,
931  PLSAPR_ACCOUNT_ENUM_BUFFER EnumerationBuffer,
932  DWORD PreferedMaximumLength)
933 {
934  LSAPR_ACCOUNT_ENUM_BUFFER EnumBuffer = {0, NULL};
935  PLSA_DB_OBJECT PolicyObject = NULL;
936  PWSTR AccountKeyBuffer = NULL;
937  HANDLE AccountsKeyHandle = NULL;
938  HANDLE AccountKeyHandle;
939  HANDLE SidKeyHandle;
940  ULONG AccountKeyBufferSize;
941  ULONG EnumIndex;
942  ULONG EnumCount;
945  ULONG i;
947 
948  TRACE("LsarEnumerateAccount(%p %p %p %lu)\n",
949  PolicyHandle, EnumerationContext, EnumerationBuffer, PreferedMaximumLength);
950 
951  if (EnumerationContext == NULL ||
952  EnumerationBuffer == NULL)
954 
955  EnumerationBuffer->EntriesRead = 0;
956  EnumerationBuffer->Information = NULL;
957 
958  /* Validate the PolicyHandle */
959  Status = LsapValidateDbObject(PolicyHandle,
962  &PolicyObject);
963  if (!NT_SUCCESS(Status))
964  {
965  ERR("LsapValidateDbObject returned 0x%08lx\n", Status);
966  return Status;
967  }
968 
969  Status = LsapRegOpenKey(PolicyObject->KeyHandle,
970  L"Accounts",
971  KEY_READ,
972  &AccountsKeyHandle);
973  if (!NT_SUCCESS(Status))
974  return Status;
975 
976  Status = LsapRegQueryKeyInfo(AccountsKeyHandle,
977  NULL,
978  &AccountKeyBufferSize,
979  NULL);
980  if (!NT_SUCCESS(Status))
981  {
982  ERR("LsapRegQueryKeyInfo returned 0x%08lx\n", Status);
983  return Status;
984  }
985 
986  AccountKeyBufferSize += sizeof(WCHAR);
987  AccountKeyBuffer = RtlAllocateHeap(RtlGetProcessHeap(), 0, AccountKeyBufferSize);
988  if (AccountKeyBuffer == NULL)
989  {
990  return STATUS_NO_MEMORY;
991  }
992 
993  EnumIndex = *EnumerationContext;
994  EnumCount = 0;
995  RequiredLength = 0;
996 
997  while (TRUE)
998  {
999  Status = LsapRegEnumerateSubKey(AccountsKeyHandle,
1000  EnumIndex,
1001  AccountKeyBufferSize,
1002  AccountKeyBuffer);
1003  if (!NT_SUCCESS(Status))
1004  break;
1005 
1006  TRACE("EnumIndex: %lu\n", EnumIndex);
1007  TRACE("Account key name: %S\n", AccountKeyBuffer);
1008 
1009  Status = LsapRegOpenKey(AccountsKeyHandle,
1010  AccountKeyBuffer,
1011  KEY_READ,
1012  &AccountKeyHandle);
1013  TRACE("LsapRegOpenKey returned %08lX\n", Status);
1014  if (NT_SUCCESS(Status))
1015  {
1016  Status = LsapRegOpenKey(AccountKeyHandle,
1017  L"Sid",
1018  KEY_READ,
1019  &SidKeyHandle);
1020  TRACE("LsapRegOpenKey returned %08lX\n", Status);
1021  if (NT_SUCCESS(Status))
1022  {
1023  DataLength = 0;
1024  Status = LsapRegQueryValue(SidKeyHandle,
1025  NULL,
1026  NULL,
1027  NULL,
1028  &DataLength);
1029  TRACE("LsapRegQueryValue returned %08lX\n", Status);
1030  if (NT_SUCCESS(Status))
1031  {
1032  TRACE("Data length: %lu\n", DataLength);
1033 
1034  if ((RequiredLength + DataLength + sizeof(LSAPR_ACCOUNT_INFORMATION)) > PreferedMaximumLength)
1035  break;
1036 
1037  RequiredLength += (DataLength + sizeof(LSAPR_ACCOUNT_INFORMATION));
1038  EnumCount++;
1039  }
1040 
1041  LsapRegCloseKey(SidKeyHandle);
1042  }
1043 
1044  LsapRegCloseKey(AccountKeyHandle);
1045  }
1046 
1047  EnumIndex++;
1048  }
1049 
1050  TRACE("EnumCount: %lu\n", EnumCount);
1051  TRACE("RequiredLength: %lu\n", RequiredLength);
1052 
1053  EnumBuffer.EntriesRead = EnumCount;
1054  EnumBuffer.Information = midl_user_allocate(EnumCount * sizeof(LSAPR_ACCOUNT_INFORMATION));
1055  if (EnumBuffer.Information == NULL)
1056  {
1058  goto done;
1059  }
1060 
1061  EnumIndex = *EnumerationContext;
1062  for (i = 0; i < EnumCount; i++, EnumIndex++)
1063  {
1064  Status = LsapRegEnumerateSubKey(AccountsKeyHandle,
1065  EnumIndex,
1066  AccountKeyBufferSize,
1067  AccountKeyBuffer);
1068  if (!NT_SUCCESS(Status))
1069  break;
1070 
1071  TRACE("EnumIndex: %lu\n", EnumIndex);
1072  TRACE("Account key name: %S\n", AccountKeyBuffer);
1073 
1074  Status = LsapRegOpenKey(AccountsKeyHandle,
1075  AccountKeyBuffer,
1076  KEY_READ,
1077  &AccountKeyHandle);
1078  TRACE("LsapRegOpenKey returned %08lX\n", Status);
1079  if (NT_SUCCESS(Status))
1080  {
1081  Status = LsapRegOpenKey(AccountKeyHandle,
1082  L"Sid",
1083  KEY_READ,
1084  &SidKeyHandle);
1085  TRACE("LsapRegOpenKey returned %08lX\n", Status);
1086  if (NT_SUCCESS(Status))
1087  {
1088  DataLength = 0;
1089  Status = LsapRegQueryValue(SidKeyHandle,
1090  NULL,
1091  NULL,
1092  NULL,
1093  &DataLength);
1094  TRACE("LsapRegQueryValue returned %08lX\n", Status);
1095  if (NT_SUCCESS(Status))
1096  {
1097  EnumBuffer.Information[i].Sid = midl_user_allocate(DataLength);
1098  if (EnumBuffer.Information[i].Sid == NULL)
1099  {
1100  LsapRegCloseKey(AccountKeyHandle);
1102  goto done;
1103  }
1104 
1105  Status = LsapRegQueryValue(SidKeyHandle,
1106  NULL,
1107  NULL,
1108  EnumBuffer.Information[i].Sid,
1109  &DataLength);
1110  TRACE("SampRegQueryValue returned %08lX\n", Status);
1111  }
1112 
1113  LsapRegCloseKey(SidKeyHandle);
1114  }
1115 
1116  LsapRegCloseKey(AccountKeyHandle);
1117 
1118  if (!NT_SUCCESS(Status))
1119  goto done;
1120  }
1121  }
1122 
1123  if (NT_SUCCESS(Status))
1124  {
1125  *EnumerationContext += EnumCount;
1126  EnumerationBuffer->EntriesRead = EnumBuffer.EntriesRead;
1127  EnumerationBuffer->Information = EnumBuffer.Information;
1128  }
1129 
1130 done:
1131  if (!NT_SUCCESS(Status))
1132  {
1133  if (EnumBuffer.Information)
1134  {
1135  for (i = 0; i < EnumBuffer.EntriesRead; i++)
1136  {
1137  if (EnumBuffer.Information[i].Sid != NULL)
1138  midl_user_free(EnumBuffer.Information[i].Sid);
1139  }
1140 
1141  midl_user_free(EnumBuffer.Information);
1142  }
1143  }
1144 
1145  if (AccountKeyBuffer != NULL)
1146  RtlFreeHeap(RtlGetProcessHeap(), 0, AccountKeyBuffer);
1147 
1148  if (AccountsKeyHandle != NULL)
1149  LsapRegCloseKey(AccountsKeyHandle);
1150 
1151  return Status;
1152 }
1153 
1154 
1155 /* Function 12 */
1156 NTSTATUS
1157 WINAPI
1159  LSAPR_HANDLE PolicyHandle,
1160  PLSAPR_TRUST_INFORMATION TrustedDomainInformation,
1162  LSAPR_HANDLE *TrustedDomainHandle)
1163 {
1164  /* Fail, if we are not a domain controller */
1167 
1168  UNIMPLEMENTED;
1169  return STATUS_NOT_IMPLEMENTED;
1170 }
1171 
1172 
1173 /* Function 13 */
1174 NTSTATUS
1175 WINAPI
1177  LSAPR_HANDLE PolicyHandle,
1178  DWORD *EnumerationContext,
1179  PLSAPR_TRUSTED_ENUM_BUFFER EnumerationBuffer,
1180  DWORD PreferedMaximumLength)
1181 {
1182  /* FIXME: We are not running an AD yet */
1183  EnumerationBuffer->EntriesRead = 0;
1184  EnumerationBuffer->Information = NULL;
1185  return STATUS_NO_MORE_ENTRIES;
1186 }
1187 
1188 
1189 /* Function 14 */
1190 NTSTATUS
1191 WINAPI
1193  LSAPR_HANDLE PolicyHandle,
1194  DWORD Count,
1196  PLSAPR_REFERENCED_DOMAIN_LIST *ReferencedDomains,
1197  PLSAPR_TRANSLATED_SIDS TranslatedSids,
1198  LSAP_LOOKUP_LEVEL LookupLevel,
1199  DWORD *MappedCount)
1200 {
1201  LSAPR_TRANSLATED_SIDS_EX2 TranslatedSidsEx2;
1202  ULONG i;
1203  NTSTATUS Status;
1204 
1205  TRACE("LsarLookupNames(%p %lu %p %p %p %d %p)\n",
1206  PolicyHandle, Count, Names, ReferencedDomains, TranslatedSids,
1207  LookupLevel, MappedCount);
1208 
1209  TranslatedSids->Entries = 0;
1210  TranslatedSids->Sids = NULL;
1211  *ReferencedDomains = NULL;
1212 
1213  if (Count == 0)
1214  return STATUS_NONE_MAPPED;
1215 
1216  TranslatedSidsEx2.Entries = 0;
1217  TranslatedSidsEx2.Sids = NULL;
1218 
1219  Status = LsapLookupNames(Count,
1220  Names,
1221  ReferencedDomains,
1222  &TranslatedSidsEx2,
1223  LookupLevel,
1224  MappedCount,
1225  0,
1226  0);
1227  if (!NT_SUCCESS(Status))
1228  return Status;
1229 
1230  TranslatedSids->Entries = TranslatedSidsEx2.Entries;
1231  TranslatedSids->Sids = MIDL_user_allocate(TranslatedSids->Entries * sizeof(LSA_TRANSLATED_SID));
1232  if (TranslatedSids->Sids == NULL)
1233  {
1234  MIDL_user_free(TranslatedSidsEx2.Sids);
1235  MIDL_user_free(*ReferencedDomains);
1236  *ReferencedDomains = NULL;
1238  }
1239 
1240  for (i = 0; i < TranslatedSidsEx2.Entries; i++)
1241  {
1242  TranslatedSids->Sids[i].Use = TranslatedSidsEx2.Sids[i].Use;
1243  TranslatedSids->Sids[i].RelativeId = LsapGetRelativeIdFromSid(TranslatedSidsEx2.Sids[i].Sid);
1244  TranslatedSids->Sids[i].DomainIndex = TranslatedSidsEx2.Sids[i].DomainIndex;
1245  }
1246 
1247  MIDL_user_free(TranslatedSidsEx2.Sids);
1248 
1249  return STATUS_SUCCESS;
1250 }
1251 
1252 
1253 /* Function 15 */
1254 NTSTATUS
1255 WINAPI
1257  LSAPR_HANDLE PolicyHandle,
1258  PLSAPR_SID_ENUM_BUFFER SidEnumBuffer,
1259  PLSAPR_REFERENCED_DOMAIN_LIST *ReferencedDomains,
1260  PLSAPR_TRANSLATED_NAMES TranslatedNames,
1261  LSAP_LOOKUP_LEVEL LookupLevel,
1262  DWORD *MappedCount)
1263 {
1264  LSAPR_TRANSLATED_NAMES_EX TranslatedNamesEx;
1265  ULONG i;
1266  NTSTATUS Status;
1267 
1268  TRACE("LsarLookupSids(%p %p %p %p %d %p)\n",
1269  PolicyHandle, SidEnumBuffer, ReferencedDomains, TranslatedNames,
1270  LookupLevel, MappedCount);
1271 
1272  /* FIXME: Fail, if there is an invalid SID in the SidEnumBuffer */
1273 
1274  TranslatedNames->Entries = SidEnumBuffer->Entries;
1275  TranslatedNames->Names = NULL;
1276  *ReferencedDomains = NULL;
1277 
1278  TranslatedNamesEx.Entries = SidEnumBuffer->Entries;
1279  TranslatedNamesEx.Names = NULL;
1280 
1281  Status = LsapLookupSids(SidEnumBuffer,
1282  ReferencedDomains,
1283  &TranslatedNamesEx,
1284  LookupLevel,
1285  MappedCount,
1286  0,
1287  0);
1288  if (!NT_SUCCESS(Status))
1289  return Status;
1290 
1291  TranslatedNames->Entries = SidEnumBuffer->Entries;
1292  TranslatedNames->Names = MIDL_user_allocate(SidEnumBuffer->Entries * sizeof(LSAPR_TRANSLATED_NAME));
1293  if (TranslatedNames->Names == NULL)
1294  {
1295  MIDL_user_free(TranslatedNamesEx.Names);
1296  MIDL_user_free(*ReferencedDomains);
1297  *ReferencedDomains = NULL;
1299  }
1300 
1301  for (i = 0; i < TranslatedNamesEx.Entries; i++)
1302  {
1303  TranslatedNames->Names[i].Use = TranslatedNamesEx.Names[i].Use;
1304  TranslatedNames->Names[i].Name.Length = TranslatedNamesEx.Names[i].Name.Length;
1305  TranslatedNames->Names[i].Name.MaximumLength = TranslatedNamesEx.Names[i].Name.MaximumLength;
1306  TranslatedNames->Names[i].Name.Buffer = TranslatedNamesEx.Names[i].Name.Buffer;
1307  TranslatedNames->Names[i].DomainIndex = TranslatedNamesEx.Names[i].DomainIndex;
1308  }
1309 
1310  MIDL_user_free(TranslatedNamesEx.Names);
1311 
1312  return Status;
1313 }
1314 
1315 
1316 /* Function 16 */
1317 NTSTATUS
1318 WINAPI
1320  LSAPR_HANDLE PolicyHandle,
1321  PRPC_UNICODE_STRING SecretName,
1323  LSAPR_HANDLE *SecretHandle)
1324 {
1325  PLSA_DB_OBJECT PolicyObject;
1326  PLSA_DB_OBJECT SecretObject = NULL;
1328  PSECURITY_DESCRIPTOR SecretSd = NULL;
1329  ULONG SecretSdSize;
1331 
1332  TRACE("LsarCreateSecret(%p %wZ %lx %p)\n",
1333  PolicyHandle, SecretName, DesiredAccess, SecretHandle);
1334 
1335  /* Validate the PolicyHandle */
1336  Status = LsapValidateDbObject(PolicyHandle,
1339  &PolicyObject);
1340  if (!NT_SUCCESS(Status))
1341  {
1342  ERR("LsapValidateDbObject returned 0x%08lx\n", Status);
1343  return Status;
1344  }
1345 
1346  /* Get the current time */
1347  Status = NtQuerySystemTime(&Time);
1348  if (!NT_SUCCESS(Status))
1349  {
1350  ERR("NtQuerySystemTime failed (Status 0x%08lx)\n", Status);
1351  goto done;
1352  }
1353 
1354  /* Create a security descriptor for the secret */
1355  Status = LsapCreateSecretSd(&SecretSd,
1356  &SecretSdSize);
1357  if (!NT_SUCCESS(Status))
1358  {
1359  ERR("LsapCreateAccountSd returned 0x%08lx\n", Status);
1360  return Status;
1361  }
1362 
1363  /* Create the Secret object */
1364  Status = LsapCreateDbObject(PolicyObject,
1365  L"Secrets",
1366  SecretName->Buffer,
1368  DesiredAccess,
1369  PolicyObject->Trusted,
1370  &SecretObject);
1371  if (!NT_SUCCESS(Status))
1372  {
1373  ERR("LsapCreateDbObject failed (Status 0x%08lx)\n", Status);
1374  goto done;
1375  }
1376 
1377  /* Set the CurrentTime attribute */
1378  Status = LsapSetObjectAttribute(SecretObject,
1379  L"CurrentTime",
1380  (PVOID)&Time,
1381  sizeof(LARGE_INTEGER));
1382  if (!NT_SUCCESS(Status))
1383  {
1384  ERR("LsapSetObjectAttribute (CurrentTime) failed (Status 0x%08lx)\n", Status);
1385  goto done;
1386  }
1387 
1388  /* Set the OldTime attribute */
1389  Status = LsapSetObjectAttribute(SecretObject,
1390  L"OldTime",
1391  (PVOID)&Time,
1392  sizeof(LARGE_INTEGER));
1393  if (!NT_SUCCESS(Status))
1394  {
1395  ERR("LsapSetObjectAttribute (OldTime) failed (Status 0x%08lx)\n", Status);
1396  goto done;
1397  }
1398 
1399  /* Set the SecDesc attribute */
1400  Status = LsapSetObjectAttribute(SecretObject,
1401  L"SecDesc",
1402  SecretSd,
1403  SecretSdSize);
1404 
1405 done:
1406  if (SecretSd != NULL)
1407  RtlFreeHeap(RtlGetProcessHeap(), 0, SecretSd);
1408 
1409  if (!NT_SUCCESS(Status))
1410  {
1411  if (SecretObject != NULL)
1412  LsapCloseDbObject(SecretObject);
1413  }
1414  else
1415  {
1416  *SecretHandle = (LSAPR_HANDLE)SecretObject;
1417  }
1418 
1419  return STATUS_SUCCESS;
1420 }
1421 
1422 
1423 static
1424 NTSTATUS
1426  IN PLSA_DB_OBJECT PolicyObject,
1427  IN PRPC_SID AccountSid,
1429  OUT PLSA_DB_OBJECT *AccountObject)
1430 {
1431  LPWSTR SidString = NULL;
1433 
1434  /* Create SID string */
1435  if (!ConvertSidToStringSid((PSID)AccountSid,
1436  &SidString))
1437  {
1438  ERR("ConvertSidToStringSid failed\n");
1439  return STATUS_INVALID_PARAMETER;
1440  }
1441 
1442  /* Create the Account object */
1443  Status = LsapOpenDbObject(PolicyObject,
1444  L"Accounts",
1445  SidString,
1447  DesiredAccess,
1448  PolicyObject->Trusted,
1449  AccountObject);
1450  if (!NT_SUCCESS(Status))
1451  {
1452  ERR("LsapOpenDbObject(Accounts/%S) failed (Status 0x%08lx)\n", SidString, Status);
1453  }
1454 
1455  if (SidString != NULL)
1456  LocalFree(SidString);
1457 
1458  return Status;
1459 }
1460 
1461 
1462 /* Function 17 */
1463 NTSTATUS
1464 WINAPI
1466  LSAPR_HANDLE PolicyHandle,
1467  PRPC_SID AccountSid,
1469  LSAPR_HANDLE *AccountHandle)
1470 {
1471  PLSA_DB_OBJECT PolicyObject;
1472  NTSTATUS Status;
1473 
1474  TRACE("LsarOpenAccount(%p %p %lx %p)\n",
1475  PolicyHandle, AccountSid, DesiredAccess, AccountHandle);
1476 
1477  /* Validate the AccountSid */
1478  if (!RtlValidSid(AccountSid))
1479  return STATUS_INVALID_PARAMETER;
1480 
1481  /* Validate the PolicyHandle */
1482  Status = LsapValidateDbObject(PolicyHandle,
1484  0,
1485  &PolicyObject);
1486  if (!NT_SUCCESS(Status))
1487  {
1488  ERR("LsapValidateDbObject returned 0x%08lx\n", Status);
1489  return Status;
1490  }
1491 
1492 
1493  /* Open the Account object */
1494  return LsarpOpenAccount(PolicyObject,
1495  AccountSid,
1496  DesiredAccess,
1497  (PLSA_DB_OBJECT *)AccountHandle);
1498 }
1499 
1500 
1501 /* Function 18 */
1502 NTSTATUS
1503 WINAPI
1505  LSAPR_HANDLE AccountHandle,
1507 {
1508  PLSA_DB_OBJECT AccountObject;
1509  ULONG PrivilegeSetSize = 0;
1510  PLSAPR_PRIVILEGE_SET PrivilegeSet = NULL;
1511  NTSTATUS Status;
1512 
1513  TRACE("LsarEnumeratePrivilegesAccount(%p %p)\n",
1514  AccountHandle, Privileges);
1515 
1516  *Privileges = NULL;
1517 
1518  /* Validate the AccountHandle */
1519  Status = LsapValidateDbObject(AccountHandle,
1521  ACCOUNT_VIEW,
1522  &AccountObject);
1523  if (!NT_SUCCESS(Status))
1524  {
1525  ERR("LsapValidateDbObject returned 0x%08lx\n", Status);
1526  return Status;
1527  }
1528 
1529  /* Get the size of the privilege set */
1530  Status = LsapGetObjectAttribute(AccountObject,
1531  L"Privilgs",
1532  NULL,
1533  &PrivilegeSetSize);
1534  if (!NT_SUCCESS(Status))
1535  return Status;
1536 
1537  /* Allocate a buffer for the privilege set */
1538  PrivilegeSet = MIDL_user_allocate(PrivilegeSetSize);
1539  if (PrivilegeSet == NULL)
1540  return STATUS_NO_MEMORY;
1541 
1542  /* Get the privilege set */
1543  Status = LsapGetObjectAttribute(AccountObject,
1544  L"Privilgs",
1545  PrivilegeSet,
1546  &PrivilegeSetSize);
1547  if (!NT_SUCCESS(Status))
1548  {
1549  MIDL_user_free(PrivilegeSet);
1550  return Status;
1551  }
1552 
1553  /* Return a pointer to the privilege set */
1554  *Privileges = PrivilegeSet;
1555 
1556  return STATUS_SUCCESS;
1557 }
1558 
1559 
1560 /* Function 19 */
1561 NTSTATUS
1562 WINAPI
1564  LSAPR_HANDLE AccountHandle,
1566 {
1567  PLSA_DB_OBJECT AccountObject;
1568  PPRIVILEGE_SET CurrentPrivileges = NULL;
1569  PPRIVILEGE_SET NewPrivileges = NULL;
1570  ULONG PrivilegeSetSize = 0;
1571  ULONG PrivilegeCount;
1572  ULONG i, j;
1573  BOOL bFound;
1574  NTSTATUS Status;
1575 
1576  TRACE("LsarAddPrivilegesToAccount(%p %p)\n",
1577  AccountHandle, Privileges);
1578 
1579  /* Validate the AccountHandle */
1580  Status = LsapValidateDbObject(AccountHandle,
1583  &AccountObject);
1584  if (!NT_SUCCESS(Status))
1585  {
1586  ERR("LsapValidateDbObject returned 0x%08lx\n", Status);
1587  return Status;
1588  }
1589 
1590  /* Get the size of the Privilgs attribute */
1591  Status = LsapGetObjectAttribute(AccountObject,
1592  L"Privilgs",
1593  NULL,
1594  &PrivilegeSetSize);
1595  if (!NT_SUCCESS(Status) || PrivilegeSetSize == 0)
1596  {
1597  /* The Privilgs attribute does not exist */
1598 
1599  PrivilegeSetSize = sizeof(PRIVILEGE_SET) +
1600  (Privileges->PrivilegeCount - 1) * sizeof(LUID_AND_ATTRIBUTES);
1601  Status = LsapSetObjectAttribute(AccountObject,
1602  L"Privilgs",
1603  Privileges,
1604  PrivilegeSetSize);
1605  }
1606  else
1607  {
1608  /* The Privilgs attribute exists */
1609 
1610  /* Allocate memory for the stored privilege set */
1611  CurrentPrivileges = MIDL_user_allocate(PrivilegeSetSize);
1612  if (CurrentPrivileges == NULL)
1613  return STATUS_NO_MEMORY;
1614 
1615  /* Get the current privilege set */
1616  Status = LsapGetObjectAttribute(AccountObject,
1617  L"Privilgs",
1618  CurrentPrivileges,
1619  &PrivilegeSetSize);
1620  if (!NT_SUCCESS(Status))
1621  {
1622  TRACE("LsapGetObjectAttribute() failed (Status 0x%08lx)\n", Status);
1623  goto done;
1624  }
1625 
1626  PrivilegeCount = CurrentPrivileges->PrivilegeCount;
1627  TRACE("Current privilege count: %lu\n", PrivilegeCount);
1628 
1629  /* Calculate the number of privileges in the combined privilege set */
1630  for (i = 0; i < Privileges->PrivilegeCount; i++)
1631  {
1632  bFound = FALSE;
1633  for (j = 0; j < CurrentPrivileges->PrivilegeCount; j++)
1634  {
1635  if (RtlEqualLuid(&(Privileges->Privilege[i].Luid),
1636  &(CurrentPrivileges->Privilege[i].Luid)))
1637  {
1638  bFound = TRUE;
1639  break;
1640  }
1641  }
1642 
1643  if (bFound == FALSE)
1644  {
1645  TRACE("Found new privilege\n");
1646  PrivilegeCount++;
1647  }
1648  }
1649  TRACE("New privilege count: %lu\n", PrivilegeCount);
1650 
1651  /* Calculate the size of the new privilege set and allocate it */
1652  PrivilegeSetSize = sizeof(PRIVILEGE_SET) +
1653  (PrivilegeCount - 1) * sizeof(LUID_AND_ATTRIBUTES);
1654  NewPrivileges = MIDL_user_allocate(PrivilegeSetSize);
1655  if (NewPrivileges == NULL)
1656  {
1657  Status = STATUS_NO_MEMORY;
1658  goto done;
1659  }
1660 
1661  /* Initialize the new privilege set */
1662  NewPrivileges->PrivilegeCount = PrivilegeCount;
1663  NewPrivileges->Control = 0;
1664 
1665  /* Copy all privileges from the current privilege set */
1666  RtlCopyLuidAndAttributesArray(CurrentPrivileges->PrivilegeCount,
1667  &(CurrentPrivileges->Privilege[0]),
1668  &(NewPrivileges->Privilege[0]));
1669 
1670  /* Add new privileges to the new privilege set */
1671  PrivilegeCount = CurrentPrivileges->PrivilegeCount;
1672  for (i = 0; i < Privileges->PrivilegeCount; i++)
1673  {
1674  bFound = FALSE;
1675  for (j = 0; j < CurrentPrivileges->PrivilegeCount; j++)
1676  {
1677  if (RtlEqualLuid(&(Privileges->Privilege[i].Luid),
1678  &(CurrentPrivileges->Privilege[i].Luid)))
1679  {
1680  /* Overwrite attributes if a matching privilege was found */
1681  NewPrivileges->Privilege[j].Attributes = Privileges->Privilege[i].Attributes;
1682 
1683  bFound = TRUE;
1684  break;
1685  }
1686  }
1687 
1688  if (bFound == FALSE)
1689  {
1690  /* Copy the new privilege */
1692  (PLUID_AND_ATTRIBUTES)&(Privileges->Privilege[i]),
1693  &(NewPrivileges->Privilege[PrivilegeCount]));
1694  PrivilegeCount++;
1695  }
1696  }
1697 
1698  /* Set the new privilege set */
1699  Status = LsapSetObjectAttribute(AccountObject,
1700  L"Privilgs",
1701  NewPrivileges,
1702  PrivilegeSetSize);
1703  }
1704 
1705 done:
1706  if (CurrentPrivileges != NULL)
1707  MIDL_user_free(CurrentPrivileges);
1708 
1709  if (NewPrivileges != NULL)
1710  MIDL_user_free(NewPrivileges);
1711 
1712  return Status;
1713 }
1714 
1715 
1716 /* Function 20 */
1717 NTSTATUS
1718 WINAPI
1720  LSAPR_HANDLE AccountHandle,
1721  BOOLEAN AllPrivileges,
1723 {
1724  PLSA_DB_OBJECT AccountObject;
1725  PPRIVILEGE_SET CurrentPrivileges = NULL;
1726  PPRIVILEGE_SET NewPrivileges = NULL;
1727  ULONG PrivilegeSetSize = 0;
1728  ULONG PrivilegeCount;
1729  ULONG i, j, k;
1730  BOOL bFound;
1731  NTSTATUS Status;
1732 
1733  TRACE("LsarRemovePrivilegesFromAccount(%p %u %p)\n",
1734  AccountHandle, AllPrivileges, Privileges);
1735 
1736  /* */
1737  if (((AllPrivileges == FALSE) && (Privileges == NULL)) ||
1738  ((AllPrivileges != FALSE) && (Privileges != NULL)))
1739  return STATUS_INVALID_PARAMETER;
1740 
1741  /* Validate the AccountHandle */
1742  Status = LsapValidateDbObject(AccountHandle,
1745  &AccountObject);
1746  if (!NT_SUCCESS(Status))
1747  {
1748  ERR("LsapValidateDbObject returned 0x%08lx\n", Status);
1749  return Status;
1750  }
1751 
1752  if (AllPrivileges != FALSE)
1753  {
1754  /* Delete the Privilgs attribute */
1755  Status = LsapDeleteObjectAttribute(AccountObject,
1756  L"Privilgs");
1757  if (Status == STATUS_OBJECT_NAME_NOT_FOUND)
1758  Status = STATUS_SUCCESS;
1759  }
1760  else
1761  {
1762  /* Get the size of the Privilgs attribute */
1763  Status = LsapGetObjectAttribute(AccountObject,
1764  L"Privilgs",
1765  NULL,
1766  &PrivilegeSetSize);
1767  if (!NT_SUCCESS(Status))
1768  goto done;
1769 
1770  /* Succeed, if there is no privilege set to remove privileges from */
1771  if (PrivilegeSetSize == 0)
1772  {
1773  Status = STATUS_SUCCESS;
1774  goto done;
1775  }
1776 
1777  /* Allocate memory for the stored privilege set */
1778  CurrentPrivileges = MIDL_user_allocate(PrivilegeSetSize);
1779  if (CurrentPrivileges == NULL)
1780  return STATUS_NO_MEMORY;
1781 
1782  /* Get the current privilege set */
1783  Status = LsapGetObjectAttribute(AccountObject,
1784  L"Privilgs",
1785  CurrentPrivileges,
1786  &PrivilegeSetSize);
1787  if (!NT_SUCCESS(Status))
1788  {
1789  TRACE("LsapGetObjectAttribute() failed (Status 0x%08lx)\n", Status);
1790  goto done;
1791  }
1792 
1793  PrivilegeCount = CurrentPrivileges->PrivilegeCount;
1794  TRACE("Current privilege count: %lu\n", PrivilegeCount);
1795 
1796  /* Calculate the number of privileges in the new privilege set */
1797  for (i = 0; i < CurrentPrivileges->PrivilegeCount; i++)
1798  {
1799  for (j = 0; j < Privileges->PrivilegeCount; j++)
1800  {
1801  if (RtlEqualLuid(&(CurrentPrivileges->Privilege[i].Luid),
1802  &(Privileges->Privilege[j].Luid)))
1803  {
1804  if (PrivilegeCount > 0)
1805  PrivilegeCount--;
1806  }
1807  }
1808  }
1809  TRACE("New privilege count: %lu\n", PrivilegeCount);
1810 
1811  if (PrivilegeCount == 0)
1812  {
1813  /* Delete the Privilgs attribute */
1814  Status = LsapDeleteObjectAttribute(AccountObject,
1815  L"Privilgs");
1816  if (Status == STATUS_OBJECT_NAME_NOT_FOUND)
1817  Status = STATUS_SUCCESS;
1818  }
1819  else
1820  {
1821  /* Calculate the size of the new privilege set and allocate it */
1822  PrivilegeSetSize = sizeof(PRIVILEGE_SET) +
1823  (PrivilegeCount - 1) * sizeof(LUID_AND_ATTRIBUTES);
1824  NewPrivileges = MIDL_user_allocate(PrivilegeSetSize);
1825  if (NewPrivileges == NULL)
1826  {
1827  Status = STATUS_NO_MEMORY;
1828  goto done;
1829  }
1830 
1831  /* Initialize the new privilege set */
1832  NewPrivileges->PrivilegeCount = PrivilegeCount;
1833  NewPrivileges->Control = 0;
1834 
1835  /* Copy the privileges which are not to be removed */
1836  for (i = 0, k = 0; i < CurrentPrivileges->PrivilegeCount; i++)
1837  {
1838  bFound = FALSE;
1839  for (j = 0; j < Privileges->PrivilegeCount; j++)
1840  {
1841  if (RtlEqualLuid(&(CurrentPrivileges->Privilege[i].Luid),
1842  &(Privileges->Privilege[j].Luid)))
1843  bFound = TRUE;
1844  }
1845 
1846  if (bFound == FALSE)
1847  {
1848  /* Copy the privilege */
1850  &(CurrentPrivileges->Privilege[i]),
1851  &(NewPrivileges->Privilege[k]));
1852  k++;
1853  }
1854  }
1855 
1856  /* Set the new privilege set */
1857  Status = LsapSetObjectAttribute(AccountObject,
1858  L"Privilgs",
1859  NewPrivileges,
1860  PrivilegeSetSize);
1861  }
1862  }
1863 
1864 done:
1865  if (CurrentPrivileges != NULL)
1866  MIDL_user_free(CurrentPrivileges);
1867 
1868  if (NewPrivileges != NULL)
1869  MIDL_user_free(NewPrivileges);
1870 
1871  return Status;
1872 }
1873 
1874 
1875 /* Function 21 */
1876 NTSTATUS
1877 WINAPI
1879  LSAPR_HANDLE AccountHandle,
1880  PQUOTA_LIMITS QuotaLimits)
1881 {
1882  PLSA_DB_OBJECT AccountObject;
1883  ULONG Size;
1884  NTSTATUS Status;
1885 
1886  TRACE("LsarGetQuotasForAccount(%p %p)\n",
1887  AccountHandle, QuotaLimits);
1888 
1889  /* Validate the account handle */
1890  Status = LsapValidateDbObject(AccountHandle,
1892  ACCOUNT_VIEW,
1893  &AccountObject);
1894  if (!NT_SUCCESS(Status))
1895  {
1896  ERR("Invalid handle (Status %lx)\n", Status);
1897  return Status;
1898  }
1899 
1900  /* Get the quota attribute */
1901  Status = LsapGetObjectAttribute(AccountObject,
1902  L"DefQuota",
1903  QuotaLimits,
1904  &Size);
1905 
1906  return Status;
1907 }
1908 
1909 
1910 /* Function 22 */
1911 NTSTATUS
1912 WINAPI
1914  LSAPR_HANDLE AccountHandle,
1915  PQUOTA_LIMITS QuotaLimits)
1916 {
1917  PLSA_DB_OBJECT AccountObject;
1918  QUOTA_LIMITS InternalQuotaLimits;
1919  ULONG Size;
1920  NTSTATUS Status;
1921 
1922  TRACE("LsarSetQuotasForAccount(%p %p)\n",
1923  AccountHandle, QuotaLimits);
1924 
1925  /* Validate the account handle */
1926  Status = LsapValidateDbObject(AccountHandle,
1929  &AccountObject);
1930  if (!NT_SUCCESS(Status))
1931  {
1932  ERR("Invalid handle (Status %lx)\n", Status);
1933  return Status;
1934  }
1935 
1936  /* Get the quota limits attribute */
1937  Size = sizeof(QUOTA_LIMITS);
1938  Status = LsapGetObjectAttribute(AccountObject,
1939  L"DefQuota",
1940  &InternalQuotaLimits,
1941  &Size);
1942  if (!NT_SUCCESS(Status))
1943  {
1944  TRACE("LsapGetObjectAttribute() failed (Status 0x%08lx)\n", Status);
1945  return Status;
1946  }
1947 
1948  /* Update the quota limits */
1949  if (QuotaLimits->PagedPoolLimit != 0)
1950  InternalQuotaLimits.PagedPoolLimit = QuotaLimits->PagedPoolLimit;
1951 
1952  if (QuotaLimits->NonPagedPoolLimit != 0)
1953  InternalQuotaLimits.NonPagedPoolLimit = QuotaLimits->NonPagedPoolLimit;
1954 
1955  if (QuotaLimits->MinimumWorkingSetSize != 0)
1956  InternalQuotaLimits.MinimumWorkingSetSize = QuotaLimits->MinimumWorkingSetSize;
1957 
1958  if (QuotaLimits->MaximumWorkingSetSize != 0)
1959  InternalQuotaLimits.MaximumWorkingSetSize = QuotaLimits->MaximumWorkingSetSize;
1960 
1961  if (QuotaLimits->PagefileLimit != 0)
1962  InternalQuotaLimits.PagefileLimit = QuotaLimits->PagefileLimit;
1963 
1964  /* Set the quota limits attribute */
1965  Status = LsapSetObjectAttribute(AccountObject,
1966  L"DefQuota",
1967  &InternalQuotaLimits,
1968  sizeof(QUOTA_LIMITS));
1969 
1970  return Status;
1971 }
1972 
1973 
1974 /* Function 23 */
1975 NTSTATUS
1976 WINAPI
1978  LSAPR_HANDLE AccountHandle,
1979  ACCESS_MASK *SystemAccess)
1980 {
1981  PLSA_DB_OBJECT AccountObject;
1982  ULONG Size = sizeof(ACCESS_MASK);
1983  NTSTATUS Status;
1984 
1985  TRACE("LsarGetSystemAccessAccount(%p %p)\n",
1986  AccountHandle, SystemAccess);
1987 
1988  /* Validate the account handle */
1989  Status = LsapValidateDbObject(AccountHandle,
1991  ACCOUNT_VIEW,
1992  &AccountObject);
1993  if (!NT_SUCCESS(Status))
1994  {
1995  ERR("Invalid handle (Status %lx)\n", Status);
1996  return Status;
1997  }
1998 
1999  /* Get the system access flags */
2000  Status = LsapGetObjectAttribute(AccountObject,
2001  L"ActSysAc",
2002  SystemAccess,
2003  &Size);
2004 
2005  return Status;
2006 }
2007 
2008 
2009 /* Function 24 */
2010 NTSTATUS
2011 WINAPI
2013  LSAPR_HANDLE AccountHandle,
2014  ACCESS_MASK SystemAccess)
2015 {
2016  PLSA_DB_OBJECT AccountObject;
2017  NTSTATUS Status;
2018 
2019  TRACE("LsarSetSystemAccessAccount(%p %lx)\n",
2020  AccountHandle, SystemAccess);
2021 
2022  /* Validate the account handle */
2023  Status = LsapValidateDbObject(AccountHandle,
2026  &AccountObject);
2027  if (!NT_SUCCESS(Status))
2028  {
2029  ERR("Invalid handle (Status %lx)\n", Status);
2030  return Status;
2031  }
2032 
2033  /* Set the system access flags */
2034  Status = LsapSetObjectAttribute(AccountObject,
2035  L"ActSysAc",
2036  &SystemAccess,
2037  sizeof(ACCESS_MASK));
2038 
2039  return Status;
2040 }
2041 
2042 
2043 /* Function 25 */
2044 NTSTATUS
2045 WINAPI
2047  LSAPR_HANDLE PolicyHandle,
2048  PRPC_SID TrustedDomainSid,
2050  LSAPR_HANDLE *TrustedDomainHandle)
2051 {
2052  /* Fail, if we are not a domain controller */
2055 
2056  UNIMPLEMENTED;
2057  return STATUS_NOT_IMPLEMENTED;
2058 }
2059 
2060 
2061 /* Function 26 */
2062 NTSTATUS
2063 WINAPI
2065  LSAPR_HANDLE TrustedDomainHandle,
2067  PLSAPR_TRUSTED_DOMAIN_INFO *TrustedDomainInformation)
2068 {
2069  UNIMPLEMENTED;
2070  return STATUS_NOT_IMPLEMENTED;
2071 }
2072 
2073 
2074 /* Function 27 */
2075 NTSTATUS
2076 WINAPI
2078  LSAPR_HANDLE TrustedDomainHandle,
2080  PLSAPR_TRUSTED_DOMAIN_INFO TrustedDomainInformation)
2081 {
2082  UNIMPLEMENTED;
2083  return STATUS_NOT_IMPLEMENTED;
2084 }
2085 
2086 
2087 /* Function 28 */
2088 NTSTATUS
2089 WINAPI
2091  LSAPR_HANDLE PolicyHandle,
2092  PRPC_UNICODE_STRING SecretName,
2094  LSAPR_HANDLE *SecretHandle)
2095 {
2096  PLSA_DB_OBJECT PolicyObject;
2097  PLSA_DB_OBJECT SecretObject = NULL;
2099 
2100  TRACE("LsarOpenSecret(%p %wZ %lx %p)\n",
2101  PolicyHandle, SecretName, DesiredAccess, SecretHandle);
2102 
2103  /* Validate the PolicyHandle */
2104  Status = LsapValidateDbObject(PolicyHandle,
2106  0,
2107  &PolicyObject);
2108  if (!NT_SUCCESS(Status))
2109  {
2110  ERR("LsapValidateDbObject returned 0x%08lx\n", Status);
2111  return Status;
2112  }
2113 
2114  /* Create the secret object */
2115  Status = LsapOpenDbObject(PolicyObject,
2116  L"Secrets",
2117  SecretName->Buffer,
2119  DesiredAccess,
2120  PolicyObject->Trusted,
2121  &SecretObject);
2122  if (!NT_SUCCESS(Status))
2123  {
2124  ERR("LsapOpenDbObject failed (Status 0x%08lx)\n", Status);
2125  goto done;
2126  }
2127 
2128 done:
2129  if (!NT_SUCCESS(Status))
2130  {
2131  if (SecretObject != NULL)
2132  LsapCloseDbObject(SecretObject);
2133  }
2134  else
2135  {
2136  *SecretHandle = (LSAPR_HANDLE)SecretObject;
2137  }
2138 
2139  return Status;
2140 }
2141 
2142 
2143 /* Function 29 */
2144 NTSTATUS
2145 WINAPI
2147  LSAPR_HANDLE SecretHandle,
2148  PLSAPR_CR_CIPHER_VALUE EncryptedCurrentValue,
2149  PLSAPR_CR_CIPHER_VALUE EncryptedOldValue)
2150 {
2151  PLSA_DB_OBJECT SecretObject;
2152  PBYTE CurrentValue = NULL;
2153  PBYTE OldValue = NULL;
2154  ULONG CurrentValueLength = 0;
2155  ULONG OldValueLength = 0;
2157  NTSTATUS Status;
2158 
2159  TRACE("LsarSetSecret(%p %p %p)\n", SecretHandle,
2160  EncryptedCurrentValue, EncryptedOldValue);
2161 
2162  /* Validate the SecretHandle */
2163  Status = LsapValidateDbObject(SecretHandle,
2166  &SecretObject);
2167  if (!NT_SUCCESS(Status))
2168  {
2169  ERR("LsapValidateDbObject returned 0x%08lx\n", Status);
2170  return Status;
2171  }
2172 
2173  if (EncryptedCurrentValue != NULL)
2174  {
2175  /* FIXME: Decrypt the current value */
2176  CurrentValue = EncryptedCurrentValue->Buffer;
2177  CurrentValueLength = EncryptedCurrentValue->MaximumLength;
2178  }
2179 
2180  /* Set the current value */
2181  Status = LsapSetObjectAttribute(SecretObject,
2182  L"CurrentValue",
2183  CurrentValue,
2184  CurrentValueLength);
2185  if (!NT_SUCCESS(Status))
2186  {
2187  ERR("LsapSetObjectAttribute failed (Status 0x%08lx)\n", Status);
2188  goto done;
2189  }
2190 
2191  /* Get the current time */
2192  Status = NtQuerySystemTime(&Time);
2193  if (!NT_SUCCESS(Status))
2194  {
2195  ERR("NtQuerySystemTime failed (Status 0x%08lx)\n", Status);
2196  goto done;
2197  }
2198 
2199  /* Set the current time */
2200  Status = LsapSetObjectAttribute(SecretObject,
2201  L"CurrentTime",
2202  &Time,
2203  sizeof(LARGE_INTEGER));
2204  if (!NT_SUCCESS(Status))
2205  {
2206  ERR("LsapSetObjectAttribute failed (Status 0x%08lx)\n", Status);
2207  goto done;
2208  }
2209 
2210  if (EncryptedOldValue != NULL)
2211  {
2212  /* FIXME: Decrypt the old value */
2213  OldValue = EncryptedOldValue->Buffer;
2214  OldValueLength = EncryptedOldValue->MaximumLength;
2215  }
2216 
2217  /* Set the old value */
2218  Status = LsapSetObjectAttribute(SecretObject,
2219  L"OldValue",
2220  OldValue,
2221  OldValueLength);
2222  if (!NT_SUCCESS(Status))
2223  {
2224  ERR("LsapSetObjectAttribute failed (Status 0x%08lx)\n", Status);
2225  goto done;
2226  }
2227 
2228  /* Set the old time */
2229  Status = LsapSetObjectAttribute(SecretObject,
2230  L"OldTime",
2231  &Time,
2232  sizeof(LARGE_INTEGER));
2233  if (!NT_SUCCESS(Status))
2234  {
2235  ERR("LsapSetObjectAttribute failed (Status 0x%08lx)\n", Status);
2236  }
2237 
2238 done:
2239  return Status;
2240 }
2241 
2242 
2243 /* Function 30 */
2244 NTSTATUS
2245 WINAPI
2247  LSAPR_HANDLE SecretHandle,
2248  PLSAPR_CR_CIPHER_VALUE *EncryptedCurrentValue,
2249  PLARGE_INTEGER CurrentValueSetTime,
2250  PLSAPR_CR_CIPHER_VALUE *EncryptedOldValue,
2251  PLARGE_INTEGER OldValueSetTime)
2252 {
2253  PLSA_DB_OBJECT SecretObject;
2254  PLSAPR_CR_CIPHER_VALUE EncCurrentValue = NULL;
2255  PLSAPR_CR_CIPHER_VALUE EncOldValue = NULL;
2256  PBYTE CurrentValue = NULL;
2257  PBYTE OldValue = NULL;
2258  ULONG CurrentValueLength = 0;
2259  ULONG OldValueLength = 0;
2260  ULONG BufferSize;
2261  NTSTATUS Status;
2262 
2263  TRACE("LsarQuerySecret(%p %p %p %p %p)\n", SecretHandle,
2264  EncryptedCurrentValue, CurrentValueSetTime,
2265  EncryptedOldValue, OldValueSetTime);
2266 
2267  /* Validate the SecretHandle */
2268  Status = LsapValidateDbObject(SecretHandle,
2271  &SecretObject);
2272  if (!NT_SUCCESS(Status))
2273  {
2274  ERR("LsapValidateDbObject returned 0x%08lx\n", Status);
2275  return Status;
2276  }
2277 
2278  if (EncryptedCurrentValue != NULL)
2279  {
2280  CurrentValueLength = 0;
2281 
2282  /* Get the size of the current value */
2283  Status = LsapGetObjectAttribute(SecretObject,
2284  L"CurrentValue",
2285  NULL,
2286  &CurrentValueLength);
2287  if (!NT_SUCCESS(Status))
2288  goto done;
2289 
2290  /* Allocate a buffer for the current value */
2291  CurrentValue = midl_user_allocate(CurrentValueLength);
2292  if (CurrentValue == NULL)
2293  {
2295  goto done;
2296  }
2297 
2298  /* Get the current value */
2299  Status = LsapGetObjectAttribute(SecretObject,
2300  L"CurrentValue",
2301  CurrentValue,
2302  &CurrentValueLength);
2303  if (!NT_SUCCESS(Status))
2304  goto done;
2305 
2306  /* Allocate a buffer for the encrypted current value */
2307  EncCurrentValue = midl_user_allocate(sizeof(LSAPR_CR_CIPHER_VALUE));
2308  if (EncCurrentValue == NULL)
2309  {
2311  goto done;
2312  }
2313 
2314  /* FIXME: Encrypt the current value */
2315  EncCurrentValue->Length = (USHORT)(CurrentValueLength - sizeof(WCHAR));
2316  EncCurrentValue->MaximumLength = (USHORT)CurrentValueLength;
2317  EncCurrentValue->Buffer = (PBYTE)CurrentValue;
2318  }
2319 
2320  if (CurrentValueSetTime != NULL)
2321  {
2322  BufferSize = sizeof(LARGE_INTEGER);
2323 
2324  /* Get the current value time */
2325  Status = LsapGetObjectAttribute(SecretObject,
2326  L"CurrentTime",
2327  (PBYTE)CurrentValueSetTime,
2328  &BufferSize);
2329  if (!NT_SUCCESS(Status))
2330  goto done;
2331  }
2332 
2333  if (EncryptedOldValue != NULL)
2334  {
2335  OldValueLength = 0;
2336 
2337  /* Get the size of the old value */
2338  Status = LsapGetObjectAttribute(SecretObject,
2339  L"OldValue",
2340  NULL,
2341  &OldValueLength);
2342  if (!NT_SUCCESS(Status))
2343  goto done;
2344 
2345  /* Allocate a buffer for the old value */
2346  OldValue = midl_user_allocate(OldValueLength);
2347  if (OldValue == NULL)
2348  {
2350  goto done;
2351  }
2352 
2353  /* Get the old value */
2354  Status = LsapGetObjectAttribute(SecretObject,
2355  L"OldValue",
2356  OldValue,
2357  &OldValueLength);
2358  if (!NT_SUCCESS(Status))
2359  goto done;
2360 
2361  /* Allocate a buffer for the encrypted old value */
2362  EncOldValue = midl_user_allocate(sizeof(LSAPR_CR_CIPHER_VALUE) + OldValueLength);
2363  if (EncOldValue == NULL)
2364  {
2366  goto done;
2367  }
2368 
2369  /* FIXME: Encrypt the old value */
2370  EncOldValue->Length = (USHORT)(OldValueLength - sizeof(WCHAR));
2371  EncOldValue->MaximumLength = (USHORT)OldValueLength;
2372  EncOldValue->Buffer = (PBYTE)OldValue;
2373  }
2374 
2375  if (OldValueSetTime != NULL)
2376  {
2377  BufferSize = sizeof(LARGE_INTEGER);
2378 
2379  /* Get the old value time */
2380  Status = LsapGetObjectAttribute(SecretObject,
2381  L"OldTime",
2382  (PBYTE)OldValueSetTime,
2383  &BufferSize);
2384  if (!NT_SUCCESS(Status))
2385  goto done;
2386  }
2387 
2388 
2389 done:
2390  if (NT_SUCCESS(Status))
2391  {
2392  if (EncryptedCurrentValue != NULL)
2393  *EncryptedCurrentValue = EncCurrentValue;
2394 
2395  if (EncryptedOldValue != NULL)
2396  *EncryptedOldValue = EncOldValue;
2397  }
2398  else
2399  {
2400  if (EncryptedCurrentValue != NULL)
2401  *EncryptedCurrentValue = NULL;
2402 
2403  if (EncryptedOldValue != NULL)
2404  *EncryptedOldValue = NULL;
2405 
2406  if (EncCurrentValue != NULL)
2407  midl_user_free(EncCurrentValue);
2408 
2409  if (EncOldValue != NULL)
2410  midl_user_free(EncOldValue);
2411 
2412  if (CurrentValue != NULL)
2413  midl_user_free(CurrentValue);
2414 
2415  if (OldValue != NULL)
2416  midl_user_free(OldValue);
2417  }
2418 
2419  TRACE("LsarQuerySecret done (Status 0x%08lx)\n", Status);
2420 
2421  return Status;
2422 }
2423 
2424 
2425 /* Function 31 */
2426 NTSTATUS
2427 WINAPI
2429  LSAPR_HANDLE PolicyHandle,
2431  PLUID Value)
2432 {
2433  PLUID pValue;
2434  NTSTATUS Status;
2435 
2436  TRACE("LsarLookupPrivilegeValue(%p, %wZ, %p)\n",
2437  PolicyHandle, Name, Value);
2438 
2439  Status = LsapValidateDbObject(PolicyHandle,
2442  NULL);
2443  if (!NT_SUCCESS(Status))
2444  {
2445  ERR("Invalid handle (Status %lx)\n", Status);
2446  return Status;
2447  }
2448 
2449  TRACE("Privilege: %wZ\n", Name);
2450 
2451  pValue = LsarpLookupPrivilegeValue(Name);
2452  if (pValue == NULL)
2453  return STATUS_NO_SUCH_PRIVILEGE;
2454 
2455  RtlCopyLuid(Value, pValue);
2456 
2457  return STATUS_SUCCESS;
2458 }
2459 
2460 
2461 /* Function 32 */
2462 NTSTATUS
2463 WINAPI
2465  LSAPR_HANDLE PolicyHandle,
2466  PLUID Value,
2468 {
2469  NTSTATUS Status;
2470 
2471  TRACE("LsarLookupPrivilegeName(%p, %p, %p)\n",
2472  PolicyHandle, Value, Name);
2473 
2474  Status = LsapValidateDbObject(PolicyHandle,
2477  NULL);
2478  if (!NT_SUCCESS(Status))
2479  {
2480  ERR("Invalid handle\n");
2481  return Status;
2482  }
2483 
2484  Status = LsarpLookupPrivilegeName(Value,
2485  Name);
2486 
2487  return Status;
2488 }
2489 
2490 
2491 /* Function 33 */
2492 NTSTATUS
2493 WINAPI
2495  LSAPR_HANDLE PolicyHandle,
2497  USHORT ClientLanguage,
2498  USHORT ClientSystemDefaultLanguage,
2499  PRPC_UNICODE_STRING *DisplayName,
2500  USHORT *LanguageReturned)
2501 {
2502  NTSTATUS Status;
2503 
2504  TRACE("LsarLookupPrivilegeDisplayName(%p, %p, %u, %u, %p, %p)\n",
2505  PolicyHandle, Name, ClientLanguage, ClientSystemDefaultLanguage, DisplayName, LanguageReturned);
2506 
2507  Status = LsapValidateDbObject(PolicyHandle,
2510  NULL);
2511  if (!NT_SUCCESS(Status))
2512  {
2513  ERR("Invalid handle\n");
2514  return Status;
2515  }
2516 
2517  Status = LsarpLookupPrivilegeDisplayName(Name,
2518  ClientLanguage,
2519  ClientSystemDefaultLanguage,
2520  DisplayName,
2521  LanguageReturned);
2522 
2523  return Status;
2524 }
2525 
2526 
2527 /* Function 34 */
2528 NTSTATUS
2529 WINAPI
2531  LSAPR_HANDLE *ObjectHandle)
2532 {
2533  PLSA_DB_OBJECT DbObject;
2534  NTSTATUS Status;
2535 
2536  TRACE("LsarDeleteObject(%p)\n", ObjectHandle);
2537 
2538  if (ObjectHandle == NULL)
2539  return STATUS_INVALID_PARAMETER;
2540 
2541  /* Validate the ObjectHandle */
2542  Status = LsapValidateDbObject(*ObjectHandle,
2544  DELETE,
2545  &DbObject);
2546  if (!NT_SUCCESS(Status))
2547  {
2548  ERR("LsapValidateDbObject returned 0x%08lx\n", Status);
2549  return Status;
2550  }
2551 
2552  /* You cannot delete the policy object */
2553  if (DbObject->ObjectType == LsaDbPolicyObject)
2554  return STATUS_INVALID_PARAMETER;
2555 
2556  /* Delete the database object */
2557  Status = LsapDeleteDbObject(DbObject);
2558  if (!NT_SUCCESS(Status))
2559  {
2560  ERR("LsapDeleteDbObject returned 0x%08lx\n", Status);
2561  return Status;
2562  }
2563 
2564  /* Invalidate the object handle */
2565  *ObjectHandle = NULL;
2566 
2567  return STATUS_SUCCESS;
2568 }
2569 
2570 
2571 /* Function 35 */
2572 NTSTATUS
2573 WINAPI
2575  LSAPR_HANDLE PolicyHandle,
2576  PRPC_UNICODE_STRING UserRight,
2577  PLSAPR_ACCOUNT_ENUM_BUFFER EnumerationBuffer)
2578 {
2579  PLSA_DB_OBJECT PolicyObject;
2580  ACCESS_MASK AccountRight = 0;
2581  PLUID Luid = NULL;
2582  ULONG AccountKeyBufferSize;
2583  PWSTR AccountKeyBuffer = NULL;
2584  HKEY AccountsKeyHandle = NULL;
2585  HKEY AccountKeyHandle = NULL;
2586  HKEY AttributeKeyHandle;
2587  ACCESS_MASK SystemAccess;
2588  PPRIVILEGE_SET PrivilegeSet;
2589  PLSAPR_ACCOUNT_INFORMATION EnumBuffer = NULL, ReturnBuffer;
2590  ULONG SubKeyCount = 0;
2591  ULONG EnumIndex, EnumCount;
2592  ULONG Size, i;
2593  BOOL Found;
2594  NTSTATUS Status;
2595 
2596  TRACE("LsarEnumerateAccountsWithUserRights(%p %wZ %p)\n",
2597  PolicyHandle, UserRight, EnumerationBuffer);
2598 
2599  /* Validate the privilege and account right names */
2600  if (UserRight != NULL)
2601  {
2602  Luid = LsarpLookupPrivilegeValue(UserRight);
2603  if (Luid == NULL)
2604  {
2605  AccountRight = LsapLookupAccountRightValue(UserRight);
2606  if (AccountRight == 0)
2607  return STATUS_NO_SUCH_PRIVILEGE;
2608  }
2609  }
2610 
2611  if (EnumerationBuffer == NULL)
2612  return STATUS_INVALID_PARAMETER;
2613 
2614  EnumerationBuffer->EntriesRead = 0;
2615  EnumerationBuffer->Information = NULL;
2616 
2617  /* Validate the PolicyHandle */
2618  Status = LsapValidateDbObject(PolicyHandle,
2621  &PolicyObject);
2622  if (!NT_SUCCESS(Status))
2623  {
2624  ERR("LsapValidateDbObject returned 0x%08lx\n", Status);
2625  return Status;
2626  }
2627 
2628  Status = LsapRegOpenKey(PolicyObject->KeyHandle,
2629  L"Accounts",
2630  KEY_READ,
2631  &AccountsKeyHandle);
2632  if (!NT_SUCCESS(Status))
2633  {
2634  ERR("LsapRegOpenKey returned 0x%08lx\n", Status);
2635  return Status;
2636  }
2637 
2638  Status = LsapRegQueryKeyInfo(AccountsKeyHandle,
2639  &SubKeyCount,
2640  &AccountKeyBufferSize,
2641  NULL);
2642  if (!NT_SUCCESS(Status))
2643  {
2644  ERR("LsapRegOpenKey returned 0x%08lx\n", Status);
2645  return Status;
2646  }
2647 
2648  AccountKeyBufferSize += sizeof(WCHAR);
2649  AccountKeyBuffer = RtlAllocateHeap(RtlGetProcessHeap(), 0, AccountKeyBufferSize);
2650  if (AccountKeyBuffer == NULL)
2651  {
2653  }
2654 
2655  EnumBuffer = RtlAllocateHeap(RtlGetProcessHeap(),
2657  SubKeyCount * sizeof(LSAPR_ACCOUNT_INFORMATION));
2658  if (EnumBuffer == NULL)
2659  {
2661  goto done;
2662  }
2663 
2664  EnumCount = 0;
2665  EnumIndex = 0;
2666  while (TRUE)
2667  {
2668  Found = FALSE;
2669 
2670  Status = LsapRegEnumerateSubKey(AccountsKeyHandle,
2671  EnumIndex,
2672  AccountKeyBufferSize,
2673  AccountKeyBuffer);
2674  if (!NT_SUCCESS(Status))
2675  {
2676  if (Status == STATUS_NO_MORE_ENTRIES)
2677  Status = STATUS_SUCCESS;
2678  break;
2679  }
2680 
2681  TRACE("EnumIndex: %lu\n", EnumIndex);
2682  TRACE("Account key name: %S\n", AccountKeyBuffer);
2683 
2684  Status = LsapRegOpenKey(AccountsKeyHandle,
2685  AccountKeyBuffer,
2686  KEY_READ,
2687  &AccountKeyHandle);
2688  if (NT_SUCCESS(Status))
2689  {
2690  if (Luid != NULL || AccountRight != 0)
2691  {
2692  Status = LsapRegOpenKey(AccountKeyHandle,
2693  (Luid != NULL) ? L"Privilgs" : L"ActSysAc",
2694  KEY_READ,
2695  &AttributeKeyHandle);
2696  if (NT_SUCCESS(Status))
2697  {
2698  if (Luid != NULL)
2699  {
2700  Size = 0;
2701  LsapRegQueryValue(AttributeKeyHandle,
2702  NULL,
2703  NULL,
2704  NULL,
2705  &Size);
2706  if (Size != 0)
2707  {
2708  PrivilegeSet = RtlAllocateHeap(RtlGetProcessHeap(), 0, Size);
2709  if (PrivilegeSet)
2710  {
2711  if (LsapRegQueryValue(AttributeKeyHandle,
2712  NULL,
2713  NULL,
2714  PrivilegeSet,
2715  &Size) == STATUS_SUCCESS)
2716  {
2717  for (i = 0; i < PrivilegeSet->PrivilegeCount; i++)
2718  {
2719  if (RtlEqualLuid(&(PrivilegeSet->Privilege[i].Luid), Luid))
2720  {
2721  TRACE("%S got the privilege!\n", AccountKeyBuffer);
2722  Found = TRUE;
2723  break;
2724  }
2725  }
2726  }
2727 
2728  RtlFreeHeap(RtlGetProcessHeap(), 0, PrivilegeSet);
2729  }
2730  }
2731  }
2732  else if (AccountRight != 0)
2733  {
2734  SystemAccess = 0;
2735  Size = sizeof(ACCESS_MASK);
2736  LsapRegQueryValue(AttributeKeyHandle,
2737  NULL,
2738  NULL,
2739  &SystemAccess,
2740  &Size);
2741  if (SystemAccess & AccountRight)
2742  {
2743  TRACE("%S got the account right!\n", AccountKeyBuffer);
2744  Found = TRUE;
2745  }
2746  }
2747 
2748  LsapRegCloseKey(AttributeKeyHandle);
2749  }
2750  }
2751  else
2752  {
2753  /* enumerate all accounts */
2754  Found = TRUE;
2755  }
2756 
2757  if (Found == TRUE)
2758  {
2759  TRACE("Add account: %S\n", AccountKeyBuffer);
2760 
2761  Status = LsapRegOpenKey(AccountKeyHandle,
2762  L"Sid",
2763  KEY_READ,
2764  &AttributeKeyHandle);
2765  if (NT_SUCCESS(Status))
2766  {
2767  Size = 0;
2768  LsapRegQueryValue(AttributeKeyHandle,
2769  NULL,
2770  NULL,
2771  NULL,
2772  &Size);
2773  if (Size != 0)
2774  {
2775  EnumBuffer[EnumCount].Sid = midl_user_allocate(Size);
2776  if (EnumBuffer[EnumCount].Sid != NULL)
2777  {
2778  Status = LsapRegQueryValue(AttributeKeyHandle,
2779  NULL,
2780  NULL,
2781  EnumBuffer[EnumCount].Sid,
2782  &Size);
2783  if (NT_SUCCESS(Status))
2784  {
2785  EnumCount++;
2786  }
2787  else
2788  {
2789  TRACE("SampRegQueryValue returned %08lX\n", Status);
2790  midl_user_free(EnumBuffer[EnumCount].Sid);
2791  EnumBuffer[EnumCount].Sid = NULL;
2792  }
2793  }
2794  }
2795 
2796  LsapRegCloseKey(AttributeKeyHandle);
2797  }
2798  }
2799 
2800  LsapRegCloseKey(AccountKeyHandle);
2801  }
2802 
2803  EnumIndex++;
2804  }
2805 
2806  TRACE("EnumCount: %lu\n", EnumCount);
2807 
2808  if (NT_SUCCESS(Status) && EnumCount != 0)
2809  {
2810  ReturnBuffer = midl_user_allocate(EnumCount * sizeof(LSAPR_ACCOUNT_INFORMATION));
2811  if (ReturnBuffer == NULL)
2812  {
2814  goto done;
2815  }
2816 
2817  RtlCopyMemory(ReturnBuffer,
2818  EnumBuffer,
2819  EnumCount * sizeof(LSAPR_ACCOUNT_INFORMATION));
2820 
2821  EnumerationBuffer->EntriesRead = EnumCount;
2822  EnumerationBuffer->Information = ReturnBuffer;
2823  }
2824 
2825 done:
2826  if (EnumBuffer != NULL)
2827  {
2828  if (Status != STATUS_SUCCESS)
2829  {
2830  for (i = 0; i < EnumCount; i++)
2831  {
2832  if (EnumBuffer[i].Sid != NULL)
2833  midl_user_free(EnumBuffer[i].Sid);
2834  }
2835  }
2836 
2837  RtlFreeHeap(RtlGetProcessHeap(), 0, EnumBuffer);
2838  }
2839 
2840  if (AccountKeyBuffer != NULL)
2841  RtlFreeHeap(RtlGetProcessHeap(), 0, AccountKeyBuffer);
2842 
2843  if (Status == STATUS_SUCCESS && EnumCount == 0)
2844  Status = STATUS_NO_MORE_ENTRIES;
2845 
2846  return Status;
2847 }
2848 
2849 
2850 /* Function 36 */
2851 NTSTATUS
2852 WINAPI
2854  LSAPR_HANDLE PolicyHandle,
2855  PRPC_SID AccountSid,
2856  PLSAPR_USER_RIGHT_SET UserRights)
2857 {
2858  LSAPR_HANDLE AccountHandle;
2859  PLSAPR_PRIVILEGE_SET PrivilegeSet = NULL;
2860  PRPC_UNICODE_STRING RightsBuffer = NULL;
2861  PRPC_UNICODE_STRING PrivilegeString;
2862  ACCESS_MASK SystemAccess = 0;
2863  ULONG RightsCount = 0;
2864  ULONG Index;
2865  ULONG i;
2866  NTSTATUS Status;
2867 
2868  TRACE("LsarEnumerateAccountRights(%p %p %p)\n",
2869  PolicyHandle, AccountSid, UserRights);
2870 
2871  /* Open the account */
2872  Status = LsarOpenAccount(PolicyHandle,
2873  AccountSid,
2874  ACCOUNT_VIEW,
2875  &AccountHandle);
2876  if (!NT_SUCCESS(Status))
2877  {
2878  WARN("LsarOpenAccount returned 0x%08lx\n", Status);
2879  return Status;
2880  }
2881 
2882  /* Enumerate the privileges */
2883  Status = LsarEnumeratePrivilegesAccount(AccountHandle,
2884  &PrivilegeSet);
2885  if (!NT_SUCCESS(Status) && Status != STATUS_OBJECT_NAME_NOT_FOUND)
2886  {
2887  WARN("LsarEnumeratePrivilegesAccount returned 0x%08lx\n", Status);
2888  goto done;
2889  }
2890 
2891  /* Get account rights */
2892  Status = LsarGetSystemAccessAccount(AccountHandle,
2893  &SystemAccess);
2894  if (!NT_SUCCESS(Status) && Status != STATUS_OBJECT_NAME_NOT_FOUND)
2895  {
2896  WARN("LsarGetSystemAccessAccount returned 0x%08lx\n", Status);
2897  goto done;
2898  }
2899 
2900  RightsCount = PrivilegeSet->PrivilegeCount;
2901 
2902  /* Count account rights */
2903  for (i = 0; i < sizeof(ACCESS_MASK) * 8; i++)
2904  {
2905  if (SystemAccess & (1 << i))
2906  RightsCount++;
2907  }
2908 
2909  /* We are done if there are no rights to be enumerated */
2910  if (RightsCount == 0)
2911  {
2912  UserRights->Entries = 0;
2913  UserRights->UserRights = NULL;
2914  Status = STATUS_SUCCESS;
2915  goto done;
2916  }
2917 
2918  /* Allocate a buffer for the account rights */
2919  RightsBuffer = MIDL_user_allocate(RightsCount * sizeof(RPC_UNICODE_STRING));
2920  if (RightsBuffer == NULL)
2921  {
2923  goto done;
2924  }
2925 
2926  /* Copy the privileges into the buffer */
2927  Index = 0;
2928  if (PrivilegeSet)
2929  {
2930  for (i = 0; i < PrivilegeSet->PrivilegeCount; i++)
2931  {
2932  PrivilegeString = NULL;
2933  Status = LsarLookupPrivilegeName(PolicyHandle,
2934  (PLUID)&PrivilegeSet->Privilege[i].Luid,
2935  &PrivilegeString);
2936  if (!NT_SUCCESS(Status))
2937  {
2938  WARN("LsarLookupPrivilegeName returned 0x%08lx\n", Status);
2939  goto done;
2940  }
2941 
2942  RightsBuffer[Index].Length = PrivilegeString->Length;
2943  RightsBuffer[Index].MaximumLength = PrivilegeString->MaximumLength;
2944  RightsBuffer[Index].Buffer = PrivilegeString->Buffer;
2945 
2946  MIDL_user_free(PrivilegeString);
2947  Index++;
2948  }
2949  }
2950 
2951  /* Copy account rights into the buffer */
2952  for (i = 0; i < sizeof(ACCESS_MASK) * 8; i++)
2953  {
2954  if (SystemAccess & (1 << i))
2955  {
2956  Status = LsapLookupAccountRightName(1 << i,
2957  &PrivilegeString);
2958  if (!NT_SUCCESS(Status))
2959  {
2960  WARN("LsarLookupAccountRightName returned 0x%08lx\n", Status);
2961  goto done;
2962  }
2963 
2964  RightsBuffer[Index].Length = PrivilegeString->Length;
2965  RightsBuffer[Index].MaximumLength = PrivilegeString->MaximumLength;
2966  RightsBuffer[Index].Buffer = PrivilegeString->Buffer;
2967 
2968  MIDL_user_free(PrivilegeString);
2969  Index++;
2970  }
2971  }
2972 
2973  UserRights->Entries = RightsCount;
2974  UserRights->UserRights = (PRPC_UNICODE_STRING)RightsBuffer;
2975 
2976 done:
2977  if (!NT_SUCCESS(Status))
2978  {
2979  if (RightsBuffer != NULL)
2980  {
2981  for (Index = 0; Index < RightsCount; Index++)
2982  {
2983  if (RightsBuffer[Index].Buffer != NULL)
2984  MIDL_user_free(RightsBuffer[Index].Buffer);
2985  }
2986 
2987  MIDL_user_free(RightsBuffer);
2988  }
2989  }
2990 
2991  if (PrivilegeSet != NULL)
2992  MIDL_user_free(PrivilegeSet);
2993 
2994  LsarClose(&AccountHandle);
2995 
2996  return Status;
2997 }
2998 
2999 
3000 /* Function 37 */
3001 NTSTATUS
3002 WINAPI
3004  LSAPR_HANDLE PolicyHandle,
3005  PRPC_SID AccountSid,
3006  PLSAPR_USER_RIGHT_SET UserRights)
3007 {
3008  PLSA_DB_OBJECT PolicyObject;
3009  PLSA_DB_OBJECT AccountObject = NULL;
3010  ULONG ulNewPrivileges = 0, ulNewRights = 0;
3011  ACCESS_MASK SystemAccess = 0;
3012  ULONG Size, Value, i, j;
3013  PPRIVILEGE_SET PrivilegeSet = NULL;
3014  ULONG PrivilegeSetBufferSize = 0;
3015  ULONG PrivilegeCount;
3016  BOOLEAN bFound;
3017  PLUID pLuid;
3018  NTSTATUS Status;
3019 
3020  TRACE("LsarAddAccountRights(%p %p %p)\n",
3021  PolicyHandle, AccountSid, UserRights);
3022 
3023  /* Validate the AccountSid */
3024  if (!RtlValidSid(AccountSid))
3025  return STATUS_INVALID_PARAMETER;
3026 
3027  /* Validate the UserRights */
3028  if (UserRights == NULL)
3029  return STATUS_INVALID_PARAMETER;
3030 
3031  /* Validate the privilege and account right names */
3032  for (i = 0; i < UserRights->Entries; i++)
3033  {
3034  if (LsarpLookupPrivilegeValue(&UserRights->UserRights[i]) != NULL)
3035  {
3036  ulNewPrivileges++;
3037  }
3038  else
3039  {
3040  if (LsapLookupAccountRightValue(&UserRights->UserRights[i]) == 0)
3041  return STATUS_NO_SUCH_PRIVILEGE;
3042 
3043  ulNewRights++;
3044  }
3045  }
3046 
3047  TRACE("ulNewPrivileges: %lu\n", ulNewPrivileges);
3048  TRACE("ulNewRights: %lu\n", ulNewRights);
3049 
3050  /* Validate the PolicyHandle */
3051  Status = LsapValidateDbObject(PolicyHandle,
3054  &PolicyObject);
3055  if (!NT_SUCCESS(Status))
3056  {
3057  WARN("LsapValidateDbObject returned 0x%08lx\n", Status);
3058  return Status;
3059  }
3060 
3061  /* Open the account */
3062  Status = LsarpOpenAccount(PolicyObject,
3063  AccountSid,
3064  0,
3065  &AccountObject);
3066  if (!NT_SUCCESS(Status) && Status != STATUS_OBJECT_NAME_NOT_FOUND)
3067  {
3068  WARN("LsarpOpenAccount returned 0x%08lx\n", Status);
3069  goto done;
3070  }
3071  else if (Status == STATUS_OBJECT_NAME_NOT_FOUND)
3072  {
3073  /* Create a new account if it does not yet exist */
3074  Status = LsarpCreateAccount(PolicyObject,
3075  AccountSid,
3076  0,
3077  &AccountObject);
3078  if (!NT_SUCCESS(Status))
3079  {
3080  WARN("LsarpCreateAccount returned 0x%08lx\n", Status);
3081  goto done;
3082  }
3083  }
3084 
3085  if (ulNewPrivileges > 0)
3086  {
3087  Size = 0;
3088 
3089  /* Get the size of the Privilgs attribute */
3090  Status = LsapGetObjectAttribute(AccountObject,
3091  L"Privilgs",
3092  NULL,
3093  &Size);
3094  if (!NT_SUCCESS(Status) && Status != STATUS_OBJECT_NAME_NOT_FOUND)
3095  goto done;
3096 
3097  /* Calculate the required privilege set buffer size */
3098  if (Size == 0)
3099  PrivilegeSetBufferSize = sizeof(PRIVILEGE_SET) +
3100  (ulNewPrivileges - 1) * sizeof(LUID_AND_ATTRIBUTES);
3101  else
3102  PrivilegeSetBufferSize = Size +
3103  ulNewPrivileges * sizeof(LUID_AND_ATTRIBUTES);
3104 
3105  /* Allocate the privilege set buffer */
3106  PrivilegeSet = RtlAllocateHeap(RtlGetProcessHeap(),
3108  PrivilegeSetBufferSize);
3109  if (PrivilegeSet == NULL)
3110  return STATUS_NO_MEMORY;
3111 
3112  /* Get the privilege set */
3113  if (Size != 0)
3114  {
3115  Status = LsapGetObjectAttribute(AccountObject,
3116  L"Privilgs",
3117  PrivilegeSet,
3118  &Size);
3119  if (!NT_SUCCESS(Status))
3120  {
3121  WARN("LsapGetObjectAttribute() failed (Status 0x%08lx)\n", Status);
3122  goto done;
3123  }
3124  }
3125 
3126  PrivilegeCount = PrivilegeSet->PrivilegeCount;
3127  TRACE("Privilege count: %lu\n", PrivilegeCount);
3128 
3129  for (i = 0; i < UserRights->Entries; i++)
3130  {
3131  pLuid = LsarpLookupPrivilegeValue(&UserRights->UserRights[i]);
3132  if (pLuid == NULL)
3133  continue;
3134 
3135  bFound = FALSE;
3136  for (j = 0; j < PrivilegeSet->PrivilegeCount; j++)
3137  {
3138  if (RtlEqualLuid(&(PrivilegeSet->Privilege[j].Luid), pLuid))
3139  {
3140  bFound = TRUE;
3141  break;
3142  }
3143  }
3144 
3145  if (bFound == FALSE)
3146  {
3147  /* Copy the new privilege */
3148  RtlCopyMemory(&(PrivilegeSet->Privilege[PrivilegeSet->PrivilegeCount]),
3149  pLuid,
3150  sizeof(LUID));
3151  PrivilegeSet->PrivilegeCount++;
3152  }
3153  }
3154 
3155  /* Store the extended privilege set */
3156  if (PrivilegeCount != PrivilegeSet->PrivilegeCount)
3157  {
3158  Size = sizeof(PRIVILEGE_SET) +
3159  (PrivilegeSet->PrivilegeCount - 1) * sizeof(LUID_AND_ATTRIBUTES);
3160 
3161  Status = LsapSetObjectAttribute(AccountObject,
3162  L"Privilgs",
3163  PrivilegeSet,
3164  Size);
3165  if (!NT_SUCCESS(Status))
3166  {
3167  WARN("LsapSetObjectAttribute() failed (Status 0x%08lx)\n", Status);
3168  goto done;
3169  }
3170  }
3171  }
3172 
3173  if (ulNewRights > 0)
3174  {
3175  Size = sizeof(ACCESS_MASK);
3176 
3177  /* Get the system access flags, if the attribute exists */
3178  Status = LsapGetObjectAttribute(AccountObject,
3179  L"ActSysAc",
3180  &SystemAccess,
3181  &Size);
3182  if (!NT_SUCCESS(Status) && Status != STATUS_OBJECT_NAME_NOT_FOUND)
3183  goto done;
3184 
3185  /* Set the new access rights */
3186  for (i = 0; i < UserRights->Entries; i++)
3187  {
3188  Value = LsapLookupAccountRightValue(&UserRights->UserRights[i]);
3189  if (Value != 0)
3190  SystemAccess |= Value;
3191  }
3192 
3193  /* Set the system access flags */
3194  Status = LsapSetObjectAttribute(AccountObject,
3195  L"ActSysAc",
3196  &SystemAccess,
3197  sizeof(ACCESS_MASK));
3198  }
3199 
3200 done:
3201  if (PrivilegeSet != NULL)
3202  RtlFreeHeap(RtlGetProcessHeap(), 0, PrivilegeSet);
3203 
3204  if (AccountObject != NULL)
3205  LsapCloseDbObject(AccountObject);
3206 
3207  return Status;
3208 }
3209 
3210 
3211 /* Function 38 */
3212 NTSTATUS
3213 WINAPI
3215  LSAPR_HANDLE PolicyHandle,
3216  PRPC_SID AccountSid,
3217  BOOLEAN AllRights,
3218  PLSAPR_USER_RIGHT_SET UserRights)
3219 {
3220  PLSA_DB_OBJECT PolicyObject;
3221  PLSA_DB_OBJECT AccountObject = NULL;
3222  ULONG PrivilegesToRemove = 0, RightsToRemove = 0;
3223  ACCESS_MASK SystemAccess = 0;
3224  ULONG Size, Value, i, j, Index;
3225  PPRIVILEGE_SET PrivilegeSet = NULL;
3226  ULONG PrivilegeCount;
3227  PLUID pLuid;
3228  NTSTATUS Status;
3229 
3230  TRACE("LsarRemoveAccountRights(%p %p %lu %p)\n",
3231  PolicyHandle, AccountSid, AllRights, UserRights);
3232 
3233  /* Validate the AccountSid */
3234  if (!RtlValidSid(AccountSid))
3235  return STATUS_INVALID_PARAMETER;
3236 
3237  /* Validate the UserRights */
3238  if (UserRights == NULL)
3239  return STATUS_INVALID_PARAMETER;
3240 
3241  /* Validate the privilege and account right names */
3242  for (i = 0; i < UserRights->Entries; i++)
3243  {
3244  if (LsarpLookupPrivilegeValue(&UserRights->UserRights[i]) != NULL)
3245  {
3246  PrivilegesToRemove++;
3247  }
3248  else
3249  {
3250  if (LsapLookupAccountRightValue(&UserRights->UserRights[i]) == 0)
3251  return STATUS_NO_SUCH_PRIVILEGE;
3252 
3253  RightsToRemove++;
3254  }
3255  }
3256 
3257  /* Validate the PolicyHandle */
3258  Status = LsapValidateDbObject(PolicyHandle,
3261  &PolicyObject);
3262  if (!NT_SUCCESS(Status))
3263  {
3264  ERR("LsapValidateDbObject returned 0x%08lx\n", Status);
3265  return Status;
3266  }
3267 
3268  /* Open the account */
3269  Status = LsarpOpenAccount(PolicyObject,
3270  AccountSid,
3271  0,
3272  &AccountObject);
3273  if (!NT_SUCCESS(Status) && Status != STATUS_OBJECT_NAME_NOT_FOUND)
3274  {
3275  ERR("LsarpOpenAccount returned 0x%08lx\n", Status);
3276  goto done;
3277  }
3278 
3279  if (AllRights == FALSE)
3280  {
3281  /* Get the size of the Privilgs attribute */
3282  Size = 0;
3283  Status = LsapGetObjectAttribute(AccountObject,
3284  L"Privilgs",
3285  NULL,
3286  &Size);
3287  if (!NT_SUCCESS(Status) && Status != STATUS_OBJECT_NAME_NOT_FOUND)
3288  goto done;
3289 
3290  if ((Size != 0) && (PrivilegesToRemove != 0))
3291  {
3292  /* Allocate the privilege set buffer */
3293  PrivilegeSet = RtlAllocateHeap(RtlGetProcessHeap(),
3295  Size);
3296  if (PrivilegeSet == NULL)
3297  return STATUS_NO_MEMORY;
3298 
3299  /* Get the privilege set */
3300  Status = LsapGetObjectAttribute(AccountObject,
3301  L"Privilgs",
3302  PrivilegeSet,
3303  &Size);
3304  if (!NT_SUCCESS(Status))
3305  {
3306  ERR("LsapGetObjectAttribute() failed (Status 0x%08lx)\n", Status);
3307  goto done;
3308  }
3309 
3310  PrivilegeCount = PrivilegeSet->PrivilegeCount;
3311 
3312  for (i = 0; i < UserRights->Entries; i++)
3313  {
3314  pLuid = LsarpLookupPrivilegeValue(&UserRights->UserRights[i]);
3315  if (pLuid == NULL)
3316  continue;
3317 
3318  Index = -1;
3319  for (j = 0; j < PrivilegeSet->PrivilegeCount; j++)
3320  {
3321  if (RtlEqualLuid(&(PrivilegeSet->Privilege[j].Luid), pLuid))
3322  {
3323  Index = j;
3324  break;
3325  }
3326  }
3327 
3328  if (Index != -1)
3329  {
3330  /* Remove the privilege */
3331  if ((PrivilegeSet->PrivilegeCount > 1) &&
3332  (Index < PrivilegeSet->PrivilegeCount - 1))
3333  RtlMoveMemory(&(PrivilegeSet->Privilege[Index]),
3334  &(PrivilegeSet->Privilege[Index + 1]),
3335  (Index - PrivilegeSet->PrivilegeCount - 1) * sizeof(LUID));
3336 
3337  /* Wipe the last entry */
3338  RtlZeroMemory(&(PrivilegeSet->Privilege[PrivilegeSet->PrivilegeCount - 1]),
3339  sizeof(LUID));
3340 
3341  PrivilegeSet->PrivilegeCount--;
3342  }
3343  }
3344 
3345  /* Store the extended privilege set */
3346  if (PrivilegeCount != PrivilegeSet->PrivilegeCount)
3347  {
3348  Size = sizeof(PRIVILEGE_SET) +
3349  (PrivilegeSet->PrivilegeCount - 1) * sizeof(LUID_AND_ATTRIBUTES);
3350 
3351  Status = LsapSetObjectAttribute(AccountObject,
3352  L"Privilgs",
3353  PrivilegeSet,
3354  Size);
3355  if (!NT_SUCCESS(Status))
3356  {
3357  ERR("LsapSetObjectAttribute() failed (Status 0x%08lx)\n", Status);
3358  goto done;
3359  }
3360  }
3361  }
3362 
3363  /* Get the system access flags, if the attribute exists */
3364  Size = 0;
3365  Status = LsapGetObjectAttribute(AccountObject,
3366  L"ActSysAc",
3367  &SystemAccess,
3368  &Size);
3369  if (!NT_SUCCESS(Status) && Status != STATUS_OBJECT_NAME_NOT_FOUND)
3370  goto done;
3371 
3372  if ((Size != 0) && (RightsToRemove != 0))
3373  {
3374  ERR("Rights: 0x%lx\n", SystemAccess);
3375 
3376  /* Set the new access rights */
3377  for (i = 0; i < UserRights->Entries; i++)
3378  {
3379  Value = LsapLookupAccountRightValue(&UserRights->UserRights[i]);
3380  if (Value != 0)
3381  SystemAccess &= ~Value;
3382  }
3383  ERR("New Rights: 0x%lx\n", SystemAccess);
3384 
3385  /* Set the system access flags */
3386  Status = LsapSetObjectAttribute(AccountObject,
3387  L"ActSysAc",
3388  &SystemAccess,
3389  sizeof(ACCESS_MASK));
3390  }
3391  }
3392  else
3393  {
3394  }
3395 
3396 done:
3397  if (PrivilegeSet != NULL)
3398  RtlFreeHeap(RtlGetProcessHeap(), 0, PrivilegeSet);
3399 
3400  if (AccountObject != NULL)
3401  LsapCloseDbObject(AccountObject);
3402 
3403  return Status;
3404 }
3405 
3406 
3407 /* Function 39 */
3408 NTSTATUS
3409 WINAPI
3411  LSAPR_HANDLE PolicyHandle,
3412  PRPC_SID TrustedDomainSid,
3414  PLSAPR_TRUSTED_DOMAIN_INFO *TrustedDomainInformation)
3415 {
3416  /* Fail, if we are not a domain controller */
3419 
3420  UNIMPLEMENTED;
3421  return STATUS_NOT_IMPLEMENTED;
3422 }
3423 
3424 
3425 /* Function 40 */
3426 NTSTATUS
3427 WINAPI
3429  LSAPR_HANDLE PolicyHandle,
3430  PRPC_SID TrustedDomainSid,
3432  PLSAPR_TRUSTED_DOMAIN_INFO TrustedDomainInformation)
3433 {
3434  /* Fail, if we are not a domain controller */
3437 
3438  UNIMPLEMENTED;
3439  return STATUS_NOT_IMPLEMENTED;
3440 }
3441 
3442 
3443 /* Function 41 */
3444 NTSTATUS
3445 WINAPI
3447  LSAPR_HANDLE PolicyHandle,
3448  PRPC_SID TrustedDomainSid)
3449 {
3450  /* Fail, if we are not a domain controller */
3453 
3454  UNIMPLEMENTED;
3455  return STATUS_NOT_IMPLEMENTED;
3456 }
3457 
3458 
3459 /* Function 42 */
3460 NTSTATUS
3461 WINAPI
3463  LSAPR_HANDLE PolicyHandle,
3465  PLSAPR_CR_CIPHER_VALUE EncryptedData)
3466 {
3467  PLSA_DB_OBJECT PolicyObject = NULL;
3468  PLSA_DB_OBJECT SecretsObject = NULL;
3469  PLSA_DB_OBJECT SecretObject = NULL;
3471  PBYTE Value = NULL;
3472  ULONG ValueLength = 0;
3473  NTSTATUS Status;
3474 
3475  TRACE("LsarStorePrivateData(%p %p %p)\n",
3476  PolicyHandle, KeyName, EncryptedData);
3477 
3478  /* Validate the SecretHandle */
3479  Status = LsapValidateDbObject(PolicyHandle,
3482  &PolicyObject);
3483  if (!NT_SUCCESS(Status))
3484  {
3485  ERR("LsapValidateDbObject returned 0x%08lx\n", Status);
3486  return Status;
3487  }
3488 
3489  /* Open the 'Secrets' object */
3490  Status = LsapOpenDbObject(PolicyObject,
3491  NULL,
3492  L"Secrets",
3494  0,
3495  PolicyObject->Trusted,
3496  &SecretsObject);
3497  if (!NT_SUCCESS(Status))
3498  {
3499  ERR("LsapOpenDbObject failed (Status 0x%08lx)\n", Status);
3500  goto done;
3501  }
3502 
3503  if (EncryptedData == NULL)
3504  {
3505  /* Open the Secret object */
3506  Status = LsapOpenDbObject(SecretsObject,
3507  NULL,
3508  KeyName->Buffer,
3510  0,
3511  PolicyObject->Trusted,
3512  &SecretObject);
3513  if (!NT_SUCCESS(Status))
3514  {
3515  ERR("LsapOpenDbObject failed (Status 0x%08lx)\n", Status);
3516  goto done;
3517  }
3518 
3519  /* Delete the secret */
3520  Status = LsapDeleteDbObject(SecretObject);
3521  if (NT_SUCCESS(Status))
3522  SecretObject = NULL;
3523  }
3524  else
3525  {
3526  /* Create the Secret object */
3527  Status = LsapCreateDbObject(SecretsObject,
3528  NULL,
3529  KeyName->Buffer,
3531  0,
3532  PolicyObject->Trusted,
3533  &SecretObject);
3534  if (!NT_SUCCESS(Status))
3535  {
3536  ERR("LsapCreateDbObject failed (Status 0x%08lx)\n", Status);
3537  goto done;
3538  }
3539 
3540  /* FIXME: Decrypt data */
3541  Value = EncryptedData->Buffer;
3542  ValueLength = EncryptedData->MaximumLength;
3543 
3544  /* Get the current time */
3545  Status = NtQuerySystemTime(&Time);
3546  if (!NT_SUCCESS(Status))
3547  {
3548  ERR("NtQuerySystemTime failed (Status 0x%08lx)\n", Status);
3549  goto done;
3550  }
3551 
3552  /* Set the current value */
3553  Status = LsapSetObjectAttribute(SecretObject,
3554  L"CurrentValue",
3555  Value,
3556  ValueLength);
3557  if (!NT_SUCCESS(Status))
3558  {
3559  ERR("LsapSetObjectAttribute failed (Status 0x%08lx)\n", Status);
3560  goto done;
3561  }
3562 
3563  /* Set the current time */
3564  Status = LsapSetObjectAttribute(SecretObject,
3565  L"CurrentTime",
3566  &Time,
3567  sizeof(LARGE_INTEGER));
3568  if (!NT_SUCCESS(Status))
3569  {
3570  ERR("LsapSetObjectAttribute failed (Status 0x%08lx)\n", Status);
3571  goto done;
3572  }
3573 
3574  /* Get the current time */
3575  Status = NtQuerySystemTime(&Time);
3576  if (!NT_SUCCESS(Status))
3577  {
3578  ERR("NtQuerySystemTime failed (Status 0x%08lx)\n", Status);
3579  goto done;
3580  }
3581 
3582  /* Set the old value */
3583  Status = LsapSetObjectAttribute(SecretObject,
3584  L"OldValue",
3585  NULL,
3586  0);
3587  if (!NT_SUCCESS(Status))
3588  {
3589  ERR("LsapSetObjectAttribute failed (Status 0x%08lx)\n", Status);
3590  goto done;
3591  }
3592 
3593  /* Set the old time */
3594  Status = LsapSetObjectAttribute(SecretObject,
3595  L"OldTime",
3596  &Time,
3597  sizeof(LARGE_INTEGER));
3598  if (!NT_SUCCESS(Status))
3599  {
3600  ERR("LsapSetObjectAttribute failed (Status 0x%08lx)\n", Status);
3601  }
3602  }
3603 
3604 done:
3605  if (SecretObject != NULL)
3606  LsapCloseDbObject(SecretObject);
3607 
3608  if (SecretsObject != NULL)
3609  LsapCloseDbObject(SecretsObject);
3610 
3611  return Status;
3612 }
3613 
3614 
3615 /* Function 43 */
3616 NTSTATUS
3617 WINAPI
3619  LSAPR_HANDLE PolicyHandle,
3621  PLSAPR_CR_CIPHER_VALUE *EncryptedData)
3622 {
3623  PLSA_DB_OBJECT PolicyObject = NULL;
3624  PLSA_DB_OBJECT SecretObject = NULL;
3625  PLSAPR_CR_CIPHER_VALUE EncCurrentValue = NULL;
3626  ULONG CurrentValueLength = 0;
3627  PBYTE CurrentValue = NULL;
3628  NTSTATUS Status;
3629 
3630  TRACE("LsarRetrievePrivateData(%p %wZ %p)\n",
3631  PolicyHandle, KeyName, EncryptedData);
3632 
3633  /* Validate the SecretHandle */
3634  Status = LsapValidateDbObject(PolicyHandle,
3637  &PolicyObject);
3638  if (!NT_SUCCESS(Status))
3639  {
3640  ERR("LsapValidateDbObject returned 0x%08lx\n", Status);
3641  return Status;
3642  }
3643 
3644  /* Open the secret object */
3645  Status = LsapOpenDbObject(PolicyObject,
3646  L"Secrets",
3647  KeyName->Buffer,
3649  0,
3650  PolicyObject->Trusted,
3651  &SecretObject);
3652  if (!NT_SUCCESS(Status))
3653  {
3654  ERR("LsapOpenDbObject failed (Status 0x%08lx)\n", Status);
3655  goto done;
3656  }
3657 
3658  /* Get the size of the current value */
3659  Status = LsapGetObjectAttribute(SecretObject,
3660  L"CurrentValue",
3661  NULL,
3662  &CurrentValueLength);
3663  if (!NT_SUCCESS(Status))
3664  goto done;
3665 
3666  /* Allocate a buffer for the current value */
3667  CurrentValue = midl_user_allocate(CurrentValueLength);
3668  if (CurrentValue == NULL)
3669  {
3671  goto done;
3672  }
3673 
3674  /* Get the current value */
3675  Status = LsapGetObjectAttribute(SecretObject,
3676  L"CurrentValue",
3677  CurrentValue,
3678  &CurrentValueLength);
3679  if (!NT_SUCCESS(Status))
3680  goto done;
3681 
3682  /* Allocate a buffer for the encrypted current value */
3683  EncCurrentValue = midl_user_allocate(sizeof(LSAPR_CR_CIPHER_VALUE) + CurrentValueLength);
3684  if (EncCurrentValue == NULL)
3685  {
3687  goto done;
3688  }
3689 
3690  /* FIXME: Encrypt the current value */
3691  EncCurrentValue->Length = (USHORT)(CurrentValueLength - sizeof(WCHAR));
3692  EncCurrentValue->MaximumLength = (USHORT)CurrentValueLength;
3693  EncCurrentValue->Buffer = (PBYTE)(EncCurrentValue + 1);
3694  RtlCopyMemory(EncCurrentValue->Buffer,
3695  CurrentValue,
3696  CurrentValueLength);
3697 
3698 done:
3699  if (NT_SUCCESS(Status))
3700  {
3701  if (EncryptedData != NULL)
3702  *EncryptedData = EncCurrentValue;
3703  }
3704  else
3705  {
3706  if (EncryptedData != NULL)
3707  *EncryptedData = NULL;
3708 
3709  if (EncCurrentValue != NULL)
3710  midl_user_free(EncCurrentValue);
3711  }
3712 
3713  if (SecretObject != NULL)
3714  LsapCloseDbObject(SecretObject);
3715 
3716  return Status;
3717 }
3718 
3719 
3720 /* Function 44 */
3721 NTSTATUS
3722 WINAPI
3724  LPWSTR SystemName,
3727  LSAPR_HANDLE *PolicyHandle)
3728 {
3729  return LsarOpenPolicy(SystemName,
3730  ObjectAttributes,
3731  DesiredAccess,
3732  PolicyHandle);
3733 }
3734 
3735 
3736 /* Function 45 */
3737 NTSTATUS
3738 WINAPI
3740  LPWSTR SystemName,
3741  PRPC_UNICODE_STRING *UserName,
3742  PRPC_UNICODE_STRING *DomainName)
3743 {
3744  UNIMPLEMENTED;
3745  return STATUS_NOT_IMPLEMENTED;
3746 }
3747 
3748 
3749 /* Function 46 */
3750 NTSTATUS
3751 WINAPI
3753  LSAPR_HANDLE PolicyHandle,
3755  PLSAPR_POLICY_INFORMATION *PolicyInformation)
3756 {
3757  return LsarQueryInformationPolicy(PolicyHandle,
3758  InformationClass,
3759  PolicyInformation);
3760 }
3761 
3762 
3763 /* Function 47 */
3764 NTSTATUS
3765 WINAPI
3767  LSAPR_HANDLE PolicyHandle,
3769  PLSAPR_POLICY_INFORMATION PolicyInformation)
3770 {
3771  return LsarSetInformationPolicy(PolicyHandle,
3772  InformationClass,
3773  PolicyInformation);
3774 }
3775 
3776 
3777 /* Function 48 */
3778 NTSTATUS
3779 WINAPI
3781  LSAPR_HANDLE PolicyHandle,
3782  PRPC_UNICODE_STRING TrustedDomainName,
3784  PLSAPR_TRUSTED_DOMAIN_INFO *PolicyInformation)
3785 {
3786  /* Fail, if we are not a domain controller */
3789 
3790  /* FIXME: We are not running an AD yet */
3792 }
3793 
3794 
3795 /* Function 49 */
3796 NTSTATUS
3797 WINAPI
3799  LSAPR_HANDLE PolicyHandle,
3800  PRPC_UNICODE_STRING TrustedDomainName,
3802  PLSAPR_TRUSTED_DOMAIN_INFO PolicyInformation)
3803 {
3804  /* Fail, if we are not a domain controller */
3807 
3808  /* FIXME: We are not running an AD yet */
3810 }
3811 
3812 
3813 /* Function 50 */
3814 NTSTATUS
3815 WINAPI
3817  LSAPR_HANDLE PolicyHandle,
3818  DWORD *EnumerationContext,
3819  PLSAPR_TRUSTED_ENUM_BUFFER_EX EnumerationBuffer,
3820  DWORD PreferedMaximumLength)
3821 {
3822  /* Fail, if we are not a domain controller */
3825 
3826  /* FIXME: We are not running an AD yet */
3827  EnumerationBuffer->EntriesRead = 0;
3828  EnumerationBuffer->EnumerationBuffer = NULL;
3829  return STATUS_NO_MORE_ENTRIES;
3830 }
3831 
3832 
3833 /* Function 51 */
3834 NTSTATUS
3835 WINAPI
3837  LSAPR_HANDLE PolicyHandle,
3838  PLSAPR_TRUSTED_DOMAIN_INFORMATION_EX TrustedDomainInformation,
3839  PLSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION AuthentificationInformation,
3841  LSAPR_HANDLE *TrustedDomainHandle)
3842 {
3843  /* Fail, if we are not a domain controller */
3846 
3847  UNIMPLEMENTED;
3848  return STATUS_NOT_IMPLEMENTED;
3849 }
3850 
3851 
3852 /* Function 52 */
3853 NTSTATUS
3854 WINAPI
3856  PLSAPR_HANDLE PolicyHandle)
3857 {
3858  /* Deprecated */
3859  return STATUS_NOT_IMPLEMENTED;
3860 }
3861 
3862 
3863 /* Function 53 */
3864 NTSTATUS
3865 WINAPI
3867  LSAPR_HANDLE PolicyHandle,
3869  PLSAPR_POLICY_DOMAIN_INFORMATION *PolicyInformation)
3870 {
3871  UNIMPLEMENTED;
3872  return STATUS_NOT_IMPLEMENTED;
3873 }
3874 
3875 
3876 /* Function 54 */
3877 NTSTATUS
3878 WINAPI
3880  LSAPR_HANDLE PolicyHandle,
3882  PLSAPR_POLICY_DOMAIN_INFORMATION PolicyInformation)
3883 {
3884  UNIMPLEMENTED;
3885  return STATUS_NOT_IMPLEMENTED;
3886 }
3887 
3888 
3889 /* Function 55 */
3890 NTSTATUS
3891 WINAPI
3893  LSAPR_HANDLE PolicyHandle,
3894  PRPC_UNICODE_STRING TrustedDomainName,
3896  LSAPR_HANDLE *TrustedDomainHandle)
3897 {
3898  /* Fail, if we are not a domain controller */
3901 
3902  UNIMPLEMENTED;
3903  return STATUS_NOT_IMPLEMENTED;
3904 }
3905 
3906 
3907 /* Function 56 */
3908 NTSTATUS
3909 WINAPI
3912 {
3913  UNIMPLEMENTED;
3914  return STATUS_NOT_IMPLEMENTED;
3915 }
3916 
3917 
3918 /* Function 57 */
3919 NTSTATUS
3920 WINAPI
3922  LSAPR_HANDLE PolicyHandle,
3923  PLSAPR_SID_ENUM_BUFFER SidEnumBuffer,
3924  PLSAPR_REFERENCED_DOMAIN_LIST *ReferencedDomains,
3925  PLSAPR_TRANSLATED_NAMES_EX TranslatedNames,
3926  LSAP_LOOKUP_LEVEL LookupLevel,
3927  DWORD *MappedCount,
3928  DWORD LookupOptions,
3929  DWORD ClientRevision)
3930 {
3931  NTSTATUS Status;
3932 
3933  TRACE("LsarLookupSids2(%p %p %p %p %d %p %lu %lu)\n",
3934  PolicyHandle, SidEnumBuffer, ReferencedDomains, TranslatedNames,
3935  LookupLevel, MappedCount, LookupOptions, ClientRevision);
3936 
3937  TranslatedNames->Entries = SidEnumBuffer->Entries;
3938  TranslatedNames->Names = NULL;
3939  *ReferencedDomains = NULL;
3940 
3941  /* FIXME: Fail, if there is an invalid SID in the SidEnumBuffer */
3942 
3943  Status = LsapLookupSids(SidEnumBuffer,
3944  ReferencedDomains,
3945  TranslatedNames,
3946  LookupLevel,
3947  MappedCount,
3948  LookupOptions,
3949  ClientRevision);
3950 
3951  return Status;
3952 }
3953 
3954 
3955 /* Function 58 */
3956 NTSTATUS
3957 WINAPI
3959  LSAPR_HANDLE PolicyHandle,
3960  DWORD Count,
3962  PLSAPR_REFERENCED_DOMAIN_LIST *ReferencedDomains,
3963  PLSAPR_TRANSLATED_SIDS_EX TranslatedSids,
3964  LSAP_LOOKUP_LEVEL LookupLevel,
3965  DWORD *MappedCount,
3966  DWORD LookupOptions,
3967  DWORD ClientRevision)
3968 {
3969  LSAPR_TRANSLATED_SIDS_EX2 TranslatedSidsEx2;
3970  ULONG i;
3971  NTSTATUS Status;
3972 
3973  TRACE("LsarLookupNames2(%p %lu %p %p %p %d %p %lu %lu)\n",
3974  PolicyHandle, Count, Names, ReferencedDomains, TranslatedSids,
3975  LookupLevel, MappedCount, LookupOptions, ClientRevision);
3976 
3977  TranslatedSids->Entries = 0;
3978  TranslatedSids->Sids = NULL;
3979  *ReferencedDomains = NULL;
3980 
3981  if (Count == 0)
3982  return STATUS_NONE_MAPPED;
3983 
3984  TranslatedSidsEx2.Entries = 0;
3985  TranslatedSidsEx2.Sids = NULL;
3986 
3987  Status = LsapLookupNames(Count,
3988  Names,
3989  ReferencedDomains,
3990  &TranslatedSidsEx2,
3991  LookupLevel,
3992  MappedCount,
3993  LookupOptions,
3994  ClientRevision);
3995  if (!NT_SUCCESS(Status))
3996  return Status;
3997 
3998  TranslatedSids->Entries = TranslatedSidsEx2.Entries;
3999  TranslatedSids->Sids = MIDL_user_allocate(TranslatedSids->Entries * sizeof(LSA_TRANSLATED_SID));
4000  if (TranslatedSids->Sids == NULL)
4001  {
4002  MIDL_user_free(TranslatedSidsEx2.Sids);
4003  MIDL_user_free(*ReferencedDomains);
4004  *ReferencedDomains = NULL;
4006  }
4007 
4008  for (i = 0; i < TranslatedSidsEx2.Entries; i++)
4009  {
4010  TranslatedSids->Sids[i].Use = TranslatedSidsEx2.Sids[i].Use;
4011  TranslatedSids->Sids[i].RelativeId = LsapGetRelativeIdFromSid(TranslatedSidsEx2.Sids[i].Sid);
4012  TranslatedSids->Sids[i].DomainIndex = TranslatedSidsEx2.Sids[i].DomainIndex;
4013  TranslatedSids->Sids[i].Flags = TranslatedSidsEx2.Sids[i].Flags;
4014  }
4015 
4016  MIDL_user_free(TranslatedSidsEx2.Sids);
4017 
4018  return STATUS_SUCCESS;
4019 }
4020 
4021 
4022 /* Function 59 */
4023 NTSTATUS
4024 WINAPI
4026  LSAPR_HANDLE PolicyHandle,
4027  PLSAPR_TRUSTED_DOMAIN_INFORMATION_EX TrustedDomainInformation,
4028  PLSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION_INTERNAL AuthentificationInformation,
4030  LSAPR_HANDLE *TrustedDomainHandle)
4031 {
4032  /* Fail, if we are not a domain controller */
4035 
4036  UNIMPLEMENTED;
4037  return STATUS_NOT_IMPLEMENTED;
4038 }
4039 
4040 
4041 /* Function 60 */
4042 NTSTATUS
4043 WINAPI
4045  PLSAPR_SERVER_NAME SystemName)
4046 {
4047  UNIMPLEMENTED;
4048  return STATUS_NOT_IMPLEMENTED;
4049 }
4050 
4051 
4052 /* Function 61 */
4053 NTSTATUS
4054 WINAPI
4056  PLSAPR_SERVER_NAME SystemName)
4057 {
4058  UNIMPLEMENTED;
4059  return STATUS_NOT_IMPLEMENTED;
4060 }
4061 
4062 
4063 /* Function 62 */
4064 NTSTATUS
4065 WINAPI
4067  PLSAPR_SERVER_NAME SystemName)
4068 {
4069  UNIMPLEMENTED;
4070  return STATUS_NOT_IMPLEMENTED;
4071 }
4072 
4073 
4074 /* Function 63 */
4075 NTSTATUS
4076 WINAPI
4078  PLSAPR_SERVER_NAME SystemName)
4079 {
4080  UNIMPLEMENTED;
4081  return STATUS_NOT_IMPLEMENTED;
4082 }
4083 
4084 
4085 /* Function 64 */
4086 NTSTATUS
4087 WINAPI
4089  PLSAPR_SERVER_NAME SystemName)
4090 {
4091  UNIMPLEMENTED;
4092  return STATUS_NOT_IMPLEMENTED;
4093 }
4094 
4095 
4096 /* Function 65 */
4097 NTSTATUS
4098 WINAPI
4100  PLSAPR_SERVER_NAME SystemName,
4102  DWORD Type,
4103  DWORD Flags)
4104 {
4105  UNIMPLEMENTED;
4106  return STATUS_NOT_IMPLEMENTED;
4107 }
4108 
4109 
4110 /* Function 66 */
4111 NTSTATUS
4112 WINAPI
4114  PLSAPR_SERVER_NAME SystemName,
4116  DWORD Flags,
4117  CREDPR_TARGET_INFORMATION *TargetInformation)
4118 {
4119  UNIMPLEMENTED;
4120  return STATUS_NOT_IMPLEMENTED;
4121 }
4122 
4123 
4124 /* Function 67 */
4125 NTSTATUS
4126 WINAPI
4128  PLSAPR_SERVER_NAME SystemName)
4129 {
4130  UNIMPLEMENTED;
4131  return STATUS_NOT_IMPLEMENTED;
4132 }
4133 
4134 
4135 /* Function 68 */
4136 NTSTATUS
4137 WINAPI
4139  LSAPR_HANDLE PolicyHandle,
4140  DWORD Count,
4142  PLSAPR_REFERENCED_DOMAIN_LIST *ReferencedDomains,
4143  PLSAPR_TRANSLATED_SIDS_EX2 TranslatedSids,
4144  LSAP_LOOKUP_LEVEL LookupLevel,
4145  DWORD *MappedCount,
4146  DWORD LookupOptions,
4147  DWORD ClientRevision)
4148 {
4149  NTSTATUS Status;
4150 
4151  TRACE("LsarLookupNames3(%p %lu %p %p %p %d %p %lu %lu)\n",
4152  PolicyHandle, Count, Names, ReferencedDomains, TranslatedSids,
4153  LookupLevel, MappedCount, LookupOptions, ClientRevision);
4154 
4155  TranslatedSids->Entries = 0;
4156  TranslatedSids->Sids = NULL;
4157  *ReferencedDomains = NULL;
4158 
4159  if (Count == 0)
4160  return STATUS_NONE_MAPPED;
4161 
4162  Status = LsapLookupNames(Count,
4163  Names,
4164  ReferencedDomains,
4165  TranslatedSids,
4166  LookupLevel,
4167  MappedCount,
4168  LookupOptions,
4169  ClientRevision);
4170 
4171  return Status;
4172 }
4173 
4174 
4175 /* Function 69 */
4176 NTSTATUS
4177 WINAPI
4179  PLSAPR_SERVER_NAME SystemName,
4180  DWORD MaximumPersistCount,
4181  DWORD *MaximumPersist)
4182 {
4183  UNIMPLEMENTED;
4184  return STATUS_NOT_IMPLEMENTED;
4185 }
4186 
4187 
4188 /* Function 70 */
4189 NTSTATUS
4190 WINAPI
4193 {
4194  UNIMPLEMENTED;
4195  return STATUS_NOT_IMPLEMENTED;
4196 }
4197 
4198 
4199 /* Function 71 */
4200 NTSTATUS
4201 WINAPI
4204 {
4205  UNIMPLEMENTED;
4206  return STATUS_NOT_IMPLEMENTED;
4207 }
4208 
4209 
4210 /* Function 72 */
4211 NTSTATUS
4212 WINAPI
4215 {
4216  UNIMPLEMENTED;
4217  return STATUS_NOT_IMPLEMENTED;
4218 }
4219 
4220 
4221 /* Function 73 */
4222 NTSTATUS
4223 WINAPI
4225  LSAPR_HANDLE PolicyHandle,
4226  PLSA_UNICODE_STRING TrustedDomainName,
4227  LSA_FOREST_TRUST_RECORD_TYPE HighestRecordType,
4228  PLSA_FOREST_TRUST_INFORMATION *ForestTrustInfo)
4229 {
4230  UNIMPLEMENTED;
4231  return STATUS_NOT_IMPLEMENTED;
4232 }
4233 
4234 
4235 /* Function 74 */
4236 NTSTATUS
4237 WINAPI
4239  LSAPR_HANDLE PolicyHandle,
4240  PLSA_UNICODE_STRING TrustedDomainName,
4241  LSA_FOREST_TRUST_RECORD_TYPE HighestRecordType,
4242  PLSA_FOREST_TRUST_INFORMATION ForestTrustInfo,
4243  BOOLEAN CheckOnly,
4245 {
4246  UNIMPLEMENTED;
4247  return STATUS_NOT_IMPLEMENTED;
4248 }
4249 
4250 
4251 /* Function 75 */
4252 NTSTATUS
4253 WINAPI
4255  PLSAPR_SERVER_NAME SystemName,
4256  LPWSTR OldTargetName,
4257  LPWSTR NewTargetName,
4258  DWORD Type,
4259  DWORD Flags)
4260 {
4261  UNIMPLEMENTED;
4262  return STATUS_NOT_IMPLEMENTED;
4263 }
4264 
4265 
4266 /* Function 76 */
4267 NTSTATUS
4268 WINAPI
4270  LSAPR_HANDLE PolicyHandle,
4271  PLSAPR_SID_ENUM_BUFFER SidEnumBuffer,
4272  PLSAPR_REFERENCED_DOMAIN_LIST *ReferencedDomains,
4273  PLSAPR_TRANSLATED_NAMES_EX TranslatedNames,
4274  LSAP_LOOKUP_LEVEL LookupLevel,
4275  DWORD *MappedCount,
4276  DWORD LookupOptions,
4277  DWORD ClientRevision)
4278 {
4279  NTSTATUS Status;
4280 
4281  TRACE("LsarLookupSids3(%p %p %p %p %d %p %lu %lu)\n",
4282  PolicyHandle, SidEnumBuffer, ReferencedDomains, TranslatedNames,
4283  LookupLevel, MappedCount, LookupOptions, ClientRevision);
4284 
4285  TranslatedNames->Entries = SidEnumBuffer->Entries;
4286  TranslatedNames->Names = NULL;
4287  *ReferencedDomains = NULL;
4288 
4289  /* FIXME: Fail, if there is an invalid SID in the SidEnumBuffer */
4290 
4291  Status = LsapLookupSids(SidEnumBuffer,
4292  ReferencedDomains,
4293  TranslatedNames,
4294  LookupLevel,
4295  MappedCount,
4296  LookupOptions,
4297  ClientRevision);
4298 
4299  return Status;
4300 }
4301 
4302 
4303 /* Function 77 */
4304 NTSTATUS
4305 WINAPI
4307  handle_t RpcHandle,
4308  DWORD Count,
4310  PLSAPR_REFERENCED_DOMAIN_LIST *ReferencedDomains,
4311  PLSAPR_TRANSLATED_SIDS_EX2 TranslatedSids,
4312  LSAP_LOOKUP_LEVEL LookupLevel,
4313  DWORD *MappedCount,
4314  DWORD LookupOptions,
4315  DWORD ClientRevision)
4316 {
4317  NTSTATUS Status;
4318 
4319  TRACE("LsarLookupNames4(%p %lu %p %p %p %d %p %lu %lu)\n",
4320  RpcHandle, Count, Names, ReferencedDomains, TranslatedSids,
4321  LookupLevel, MappedCount, LookupOptions, ClientRevision);
4322 
4323  TranslatedSids->Entries = 0;
4324  TranslatedSids->Sids = NULL;
4325  *ReferencedDomains = NULL;
4326 
4327  if (Count == 0)
4328  return STATUS_NONE_MAPPED;
4329 
4330  Status = LsapLookupNames(Count,
4331  Names,
4332  ReferencedDomains,
4333  TranslatedSids,
4334  LookupLevel,
4335  MappedCount,
4336  LookupOptions,
4337  ClientRevision);
4338 
4339  return Status;
4340 }
4341 
4342 
4343 /* Function 78 */
4344 NTSTATUS
4345 WINAPI
4347  LPWSTR SystemName,
4350  LSAPR_HANDLE *PolicyHandle)
4351 {
4352  UNIMPLEMENTED;
4353  return STATUS_NOT_IMPLEMENTED;
4354 }
4355 
4356 
4357 /* Function 79 */
4358 NTSTATUS
4359 WINAPI
4362 {
4363  UNIMPLEMENTED;
4364  return STATUS_NOT_IMPLEMENTED;
4365 }
4366 
4367 
4368 /* Function 80 */
4369 NTSTATUS
4370 WINAPI
4373 {
4374  UNIMPLEMENTED;
4375  return STATUS_NOT_IMPLEMENTED;
4376 }
4377 
4378 
4379 /* Function 81 */
4380 NTSTATUS
4381 WINAPI
4384 {
4385  UNIMPLEMENTED;
4386  return STATUS_NOT_IMPLEMENTED;
4387 }
4388 
4389 /* EOF */
NTSTATUS WINAPI LsarLookupNames3(LSAPR_HANDLE PolicyHandle, DWORD Count, PRPC_UNICODE_STRING Names, PLSAPR_REFERENCED_DOMAIN_LIST *ReferencedDomains, PLSAPR_TRANSLATED_SIDS_EX2 TranslatedSids, LSAP_LOOKUP_LEVEL LookupLevel, DWORD *MappedCount, DWORD LookupOptions, DWORD ClientRevision)
Definition: lsarpc.c:4138
DWORD *typedef PVOID
Definition: winlogon.h:61
#define ERROR_INVALID_PARAMETER
Definition: compat.h:91
NTSTATUS LsarQueryModification(PLSA_DB_OBJECT PolicyObject, PLSAPR_POLICY_INFORMATION *PolicyInformation)
Definition: policy.c:478
NTSTATUS LsapOpenDbObject(IN PLSA_DB_OBJECT ParentObject, IN LPWSTR ContainerName, IN LPWSTR ObjectName, IN LSA_DB_OBJECT_TYPE ObjectType, IN ACCESS_MASK DesiredAccess, IN BOOLEAN Trusted, OUT PLSA_DB_OBJECT *DbObject)
Definition: database.c:710
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
NTSYSAPI BOOLEAN NTAPI RtlValidSecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptor)
Definition: sd.c:1055
_Must_inspect_result_ _Out_ PNDIS_STATUS _In_ NDIS_HANDLE _In_ ULONG _Out_ PNDIS_STRING KeyName
Definition: ndis.h:4693
NTSTATUS WINAPI LsarSetForestTrustInformation(LSAPR_HANDLE PolicyHandle, PLSA_UNICODE_STRING TrustedDomainName, LSA_FOREST_TRUST_RECORD_TYPE HighestRecordType, PLSA_FOREST_TRUST_INFORMATION ForestTrustInfo, BOOLEAN CheckOnly, PLSA_FOREST_TRUST_COLLISION_INFORMATION *CollisionInfo)
Definition: lsarpc.c:4238
NTSTATUS WINAPI LsarQueryInfoTrustedDomain(LSAPR_HANDLE TrustedDomainHandle, TRUSTED_INFORMATION_CLASS InformationClass, PLSAPR_TRUSTED_DOMAIN_INFO *TrustedDomainInformation)
Definition: lsarpc.c:2064
INT64 NonPagedPoolLimit
Definition: lsa.idl:288
#define IN
Definition: typedefs.h:38
#define SE_SACL_PRESENT
Definition: setypes.h:769
NTSTATUS WINAPI CredrDelete(PLSAPR_SERVER_NAME SystemName, LPWSTR TargetName, DWORD Type, DWORD Flags)
Definition: lsarpc.c:4099
PWSTR Names[NAMES_COUNT]
#define midl_user_free
Definition: rpc.h:45
NTSTATUS WINAPI LsarOpenTrustedDomainByName(LSAPR_HANDLE PolicyHandle, PRPC_UNICODE_STRING TrustedDomainName, ACCESS_MASK DesiredAccess, LSAPR_HANDLE *TrustedDomainHandle)
Definition: lsarpc.c:3892
GLenum GLclampf GLint GLenum GLuint GLenum GLenum GLsizei GLenum const GLvoid GLfloat GLfloat GLfloat GLfloat GLclampd GLint GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean GLboolean GLboolean GLboolean GLint GLenum GLsizei const GLvoid GLenum GLint GLenum GLint GLint GLsizei GLint GLenum GLint GLint GLint GLint GLsizei GLenum GLsizei const GLuint GLboolean GLenum GLenum GLint GLsizei GLenum GLsizei GLenum const GLvoid GLboolean const GLboolean GLenum const GLdouble const GLfloat const GLdouble const GLfloat GLenum GLint GLint GLint GLint GLint GLint j
Definition: glfuncs.h:98
#define TRUE
Definition: types.h:120
NTSYSAPI VOID NTAPI RtlCopyMemory(VOID UNALIGNED *Destination, CONST VOID UNALIGNED *Source, ULONG Length)
NTSTATUS LsapSetObjectAttribute(PLSA_DB_OBJECT DbObject, LPWSTR AttributeName, LPVOID AttributeData, ULONG AttributeSize)
Definition: database.c:959
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
enum _LSA_FOREST_TRUST_RECORD_TYPE LSA_FOREST_TRUST_RECORD_TYPE
INT64 PagefileLimit
Definition: lsa.idl:291
NTSTATUS WINAPI LsarEnumeratePrivileges(LSAPR_HANDLE PolicyHandle, DWORD *EnumerationContext, PLSAPR_PRIVILEGE_ENUM_BUFFER EnumerationBuffer, DWORD PreferedMaximumLength)
Definition: lsarpc.c:166
NTSTATUS WINAPI LsarQueryDomainInformationPolicy(LSAPR_HANDLE PolicyHandle, POLICY_INFORMATION_CLASS InformationClass, PLSAPR_POLICY_DOMAIN_INFORMATION *PolicyInformation)
Definition: lsarpc.c:3866
Type
Definition: Type.h:6
struct _PRIVILEGE_SET PRIVILEGE_SET
#define STATUS_NO_MORE_ENTRIES
Definition: ntstatus.h:193
NTSTATUS LsapDeleteDbObject(IN PLSA_DB_OBJECT DbObject)
Definition: database.c:899
NTSTATUS LsapRegQueryKeyInfo(IN HANDLE KeyHandle, OUT PULONG SubKeyCount, OUT PULONG MaxSubKeyNameLength, OUT PULONG ValueCount)
Definition: registry.c:176
#define ACCESS_SYSTEM_SECURITY
Definition: nt_native.h:77
LPWSTR PLSAPR_SERVER_NAME
Definition: lsa.idl:7
NTSTATUS WINAPI LsarSetPolicyReplicationHandle(PLSAPR_HANDLE PolicyHandle)
Definition: lsarpc.c:3855
#define STATUS_NOT_IMPLEMENTED
Definition: ntstatus.h:225
handle_t hBinding
Definition: ctx_c.c:54
#define SECRET_SET_VALUE
Definition: ntlsa.h:38
NTSTATUS LsarpEnumeratePrivileges(DWORD *EnumerationContext, PLSAPR_PRIVILEGE_ENUM_BUFFER EnumerationBuffer, DWORD PreferedMaximumLength)
Definition: privileges.c:246
NTSTATUS LsarQueryDefaultQuota(PLSA_DB_OBJECT PolicyObject, PLSAPR_POLICY_INFORMATION *PolicyInformation)
Definition: policy.c:446
#define SECRET_QUERY_VALUE
Definition: ntlsa.h:39
#define KEY_READ
Definition: nt_native.h:1023
ACCESS_MASK LsapLookupAccountRightValue(IN PRPC_UNICODE_STRING Name)
Definition: privileges.c:380
_In_ USHORT _In_ ULONG _In_ PSOCKADDR _In_ PSOCKADDR _Reserved_ ULONG _In_opt_ PVOID _In_opt_ const WSK_CLIENT_CONNECTION_DISPATCH _In_opt_ PEPROCESS _In_opt_ PETHREAD _In_opt_ PSECURITY_DESCRIPTOR SecurityDescriptor
Definition: wsk.h:182
#define midl_user_allocate
Definition: rpc.h:44
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
__wchar_t WCHAR
Definition: xmlstorage.h:180
NTSTATUS WINAPI LsarRegisterAuditEvent(handle_t hBinding)
Definition: lsarpc.c:4191
NTSTATUS WINAPI LsarSetSecret(LSAPR_HANDLE SecretHandle, PLSAPR_CR_CIPHER_VALUE EncryptedCurrentValue, PLSAPR_CR_CIPHER_VALUE EncryptedOldValue)
Definition: lsarpc.c:2146
#define POLICY_VIEW_LOCAL_INFORMATION
Definition: ntsecapi.h:61
NTSTATUS WINAPI LsarOpenPolicy2(LPWSTR SystemName, PLSAPR_OBJECT_ATTRIBUTES ObjectAttributes, ACCESS_MASK DesiredAccess, LSAPR_HANDLE *PolicyHandle)
Definition: lsarpc.c:3723
NTSTATUS WINAPI LsarAdtUnregisterSecurityEventSource(handle_t hBinding)
Definition: lsarpc.c:4371
SID_NAME_USE Use
Definition: lsa.idl:167
_In_opt_ PSID Group
Definition: rtlfuncs.h:1606
static PVOID Mapping[EMS_PHYSICAL_PAGES]
Definition: emsdrv.c:41
#define WARN(fmt,...)
Definition: debug.h:111
PLSAPR_TRUSTED_DOMAIN_INFORMATION_EX EnumerationBuffer
Definition: lsa.idl:442
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
Definition: heap.c:603
SID_NAME_USE Use
Definition: ntsecapi.h:408
LSAPR_HANDLE * PLSAPR_HANDLE
Definition: lsa.idl:10
#define NtCurrentThread()
struct _LUID_AND_ATTRIBUTES LUID_AND_ATTRIBUTES
PVOID *typedef PWSTR
Definition: winlogon.h:66
NTSTATUS LsarQueryAuditEvents(PLSA_DB_OBJECT PolicyObject, PLSAPR_POLICY_INFORMATION *PolicyInformation)
Definition: policy.c:70
#define ACCOUNT_ALL_ACCESS
Definition: ntlsa.h:33
NTSTATUS WINAPI LsarRemovePrivilegesFromAccount(LSAPR_HANDLE AccountHandle, BOOLEAN AllPrivileges, PLSAPR_PRIVILEGE_SET Privileges)
Definition: lsarpc.c:1719
NTSTATUS LsarSetReplicaSource(PLSA_DB_OBJECT PolicyObject, PPOLICY_LSA_REPLICA_SRCE_INFO Info)
Definition: policy.c:936
LSA_DB_OBJECT_TYPE ObjectType
Definition: lsasrv.h:58
NTSYSAPI NTSTATUS NTAPI RtlEnterCriticalSection(_In_ PRTL_CRITICAL_SECTION CriticalSection)
NTSTATUS WINAPI LsarSetSystemAccessAccount(LSAPR_HANDLE AccountHandle, ACCESS_MASK SystemAccess)
Definition: lsarpc.c:2012
NTSTATUS LsarpLookupPrivilegeName(PLUID Value, PRPC_UNICODE_STRING *Name)
Definition: privileges.c:80
NTSTATUS WINAPI LsarSetInformationTrustedDomain(LSAPR_HANDLE TrustedDomainHandle, TRUSTED_INFORMATION_CLASS InformationClass, PLSAPR_TRUSTED_DOMAIN_INFO TrustedDomainInformation)
Definition: lsarpc.c:2077
static GENERIC_MAPPING LsapAccountMapping
Definition: lsarpc.c:25
BOOL WINAPI DECLSPEC_HOTPATCH SetEvent(IN HANDLE hEvent)
Definition: synch.c:679
DWORD WINAPI GetLastError(VOID)
Definition: except.c:1059
_Inout_ __drv_aliasesMem PSLIST_ENTRY _Inout_ PSLIST_ENTRY _In_ ULONG Count
Definition: exfuncs.h:1015
NTSTATUS WINAPI CredrProfileLoaded(PLSAPR_SERVER_NAME SystemName)
Definition: lsarpc.c:4127
NTSTATUS LsarSetAuditEvents(PLSA_DB_OBJECT PolicyObject, PLSAPR_POLICY_AUDIT_EVENTS_INFO Info)
Definition: policy.c:792
#define GROUP_SECURITY_INFORMATION
Definition: setypes.h:124
RPC_UNICODE_STRING Name
Definition: lsa.idl:168
NTSTATUS WINAPI LsarSetTrustedDomainInfoByName(LSAPR_HANDLE PolicyHandle, PRPC_UNICODE_STRING TrustedDomainName, POLICY_INFORMATION_CLASS InformationClass, PLSAPR_TRUSTED_DOMAIN_INFO PolicyInformation)
Definition: lsarpc.c:3798
$ULONG Control
Definition: setypes.h:87
#define WRITE_OWNER
Definition: nt_native.h:60
NTSTATUS WINAPI LsarEnumeratePrivilegesAccount(LSAPR_HANDLE AccountHandle, PLSAPR_PRIVILEGE_SET *Privileges)
Definition: lsarpc.c:1504
#define SE_DACL_PRESENT
Definition: setypes.h:767
NTSTATUS WINAPI CredrRename(PLSAPR_SERVER_NAME SystemName, LPWSTR OldTargetName, LPWSTR NewTargetName, DWORD Type, DWORD Flags)
Definition: lsarpc.c:4254
#define WCHAR
Definition: msvc.h:43
NTSYSAPI NTSTATUS NTAPI RtlSetSecurityObject(_In_ SECURITY_INFORMATION SecurityInformation, _In_ PSECURITY_DESCRIPTOR ModificationDescriptor, _Out_ PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, _In_ PGENERIC_MAPPING GenericMapping, _In_ HANDLE Token)
NTSTATUS WINAPI CredrWrite(PLSAPR_SERVER_NAME SystemName)
Definition: lsarpc.c:4044
NTSTATUS WINAPI LsarOpenSecret(LSAPR_HANDLE PolicyHandle, PRPC_UNICODE_STRING SecretName, ACCESS_MASK DesiredAccess, LSAPR_HANDLE *SecretHandle)
Definition: lsarpc.c:2090
NTSYSAPI void WINAPI RtlCopyLuid(PLUID, const LUID *)
#define BufferSize
Definition: acefiex.h:377
NTSTATUS WINAPI LsarEnumerateAccountRights(LSAPR_HANDLE PolicyHandle, PRPC_SID AccountSid, PLSAPR_USER_RIGHT_SET UserRights)
Definition: lsarpc.c:2853
NTSTATUS LsapRegCloseKey(IN HANDLE KeyHandle)
Definition: registry.c:23
DWORD DWORD
Definition: winlogon.h:84
PLSAPR_TRANSLATED_NAME_EX Names
Definition: lsa.idl:186
NTSTATUS WINAPI LsarAdtReportSecurityEvent(handle_t hBinding)
Definition: lsarpc.c:4382
#define STATUS_INVALID_HANDLE
Definition: ntstatus.h:231
NTSTATUS WINAPI LsarGetUserName(LPWSTR SystemName, PRPC_UNICODE_STRING *UserName, PRPC_UNICODE_STRING *DomainName)
Definition: lsarpc.c:3739
PLSA_TRANSLATED_SID Sids
Definition: lsa.idl:144
NTSTATUS WINAPI LsarCreateTrustedDomain(LSAPR_HANDLE PolicyHandle, PLSAPR_TRUST_INFORMATION TrustedDomainInformation, ACCESS_MASK DesiredAccess, LSAPR_HANDLE *TrustedDomainHandle)
Definition: lsarpc.c:1158
HANDLE WINAPI DECLSPEC_HOTPATCH CreateEventW(IN LPSECURITY_ATTRIBUTES lpEventAttributes OPTIONAL, IN BOOL bManualReset, IN BOOL bInitialState, IN LPCWSTR lpName OPTIONAL)
Definition: synch.c:597
#define RtlMoveMemory(Destination, Source, Length)
Definition: typedefs.h:263
#define STATUS_BUFFER_TOO_SMALL
Definition: shellext.h:52
#define STATUS_NONE_MAPPED
Definition: ntstatus.h:337
NTSTATUS LsapCloseDbObject(PLSA_DB_OBJECT DbObject)
Definition: database.c:868
HANDLE WINAPI DECLSPEC_HOTPATCH OpenEventW(IN DWORD dwDesiredAccess, IN BOOL bInheritHandle, IN LPCWSTR lpName)
Definition: synch.c:628
static HANDLE hEvent
Definition: comm.c:54
BOOLEAN Trusted
Definition: lsasrv.h:62
NTSTATUS LsarQueryDnsDomain(PLSA_DB_OBJECT PolicyObject, PLSAPR_POLICY_INFORMATION *PolicyInformation)
Definition: policy.c:542
VOID LsapNotifyPolicyChange(POLICY_NOTIFICATION_INFORMATION_CLASS InformationClass)
Definition: notify.c:112
#define ACCOUNT_VIEW
Definition: ntlsa.h:28
struct _QUOTA_LIMITS QUOTA_LIMITS
NTSTATUS LsarSetDefaultQuota(PLSA_DB_OBJECT PolicyObject, PPOLICY_DEFAULT_QUOTA_INFO Info)
Definition: policy.c:945
enum _LSAP_LOOKUP_LEVEL LSAP_LOOKUP_LEVEL
NTSTATUS LsapLookupNames(DWORD Count, PRPC_UNICODE_STRING Names, PLSAPR_REFERENCED_DOMAIN_LIST *ReferencedDomains, PLSAPR_TRANSLATED_SIDS_EX2 TranslatedSids, LSAP_LOOKUP_LEVEL LookupLevel, DWORD *MappedCount, DWORD LookupOptions, DWORD ClientRevision)
Definition: lookup.c:1753
long RPC_STATUS
Definition: rpc.h:52
_Must_inspect_result_ _In_ ULONG Flags
Definition: wsk.h:170
NT_PRODUCT_TYPE LsapProductType
Definition: lsasrv.c:13
GLenum GLclampf GLint i
Definition: glfuncs.h:14
NTSTATUS WINAPI LsarAdtRegisterSecurityEventSource(handle_t hBinding)
Definition: lsarpc.c:4360
NTSTATUS LsarSetAccountDomain(PLSA_DB_OBJECT PolicyObject, PLSAPR_POLICY_ACCOUNT_DOM_INFO Info)
Definition: policy.c:876
#define FALSE
Definition: types.h:117
NTSTATUS LsapLookupSids(PLSAPR_SID_ENUM_BUFFER SidEnumBuffer, PLSAPR_REFERENCED_DOMAIN_LIST *ReferencedDomains, PLSAPR_TRANSLATED_NAMES_EX TranslatedNames, LSAP_LOOKUP_LEVEL LookupLevel, DWORD *MappedCount, DWORD LookupOptions, DWORD ClientRevision)
Definition: lookup.c:2339
NTSTATUS WINAPI LsarAddAccountRights(LSAPR_HANDLE PolicyHandle, PRPC_SID AccountSid, PLSAPR_USER_RIGHT_SET UserRights)
Definition: lsarpc.c:3003
NTSTATUS WINAPI LsarQuerySecret(LSAPR_HANDLE SecretHandle, PLSAPR_CR_CIPHER_VALUE *EncryptedCurrentValue, PLARGE_INTEGER CurrentValueSetTime, PLSAPR_CR_CIPHER_VALUE *EncryptedOldValue, PLARGE_INTEGER OldValueSetTime)
Definition: lsarpc.c:2246
#define RtlEqualLuid(Luid1, Luid2)
Definition: rtlfuncs.h:301
PLSAPR_TRANSLATED_SID_EX Sids
Definition: lsa.idl:198
DWORD SECURITY_INFORMATION
Definition: ms-dtyp.idl:311
NTSYSAPI NTSTATUS NTAPI RtlLeaveCriticalSection(_In_ PRTL_CRITICAL_SECTION CriticalSection)
HANDLE KeyHandle
Definition: lsasrv.h:61
NTSYSAPI VOID NTAPI RtlCopyLuidAndAttributesArray(ULONG Count, PLUID_AND_ATTRIBUTES Src, PLUID_AND_ATTRIBUTES Dest)
Definition: luid.c:33
#define ACCOUNT_EXECUTE
Definition: ntlsa.h:36
INT64 PagedPoolLimit
Definition: lsa.idl:287
PVOID LSAPR_HANDLE
Definition: msv1_0.h:260
RPC_STATUS WINAPI RpcServerListen(UINT MinimumCallThreads, UINT MaxCalls, UINT DontWait)
Definition: rpc_server.c:1527
#define GENERIC_WRITE
Definition: nt_native.h:90
NTSTATUS WINAPI LsarLookupNames2(LSAPR_HANDLE PolicyHandle, DWORD Count, PRPC_UNICODE_STRING Names, PLSAPR_REFERENCED_DOMAIN_LIST *ReferencedDomains, PLSAPR_TRANSLATED_SIDS_EX TranslatedSids, LSAP_LOOKUP_LEVEL LookupLevel, DWORD *MappedCount, DWORD LookupOptions, DWORD ClientRevision)
Definition: lsarpc.c:3958
void __RPC_USER LSAPR_HANDLE_rundown(LSAPR_HANDLE hHandle)
Definition: lsarpc.c:116
NTSTATUS WINAPI LsarUnregisterAuditEvent(handle_t hBinding)
Definition: lsarpc.c:4213
NTSTATUS WINAPI LsarAddPrivilegesToAccount(LSAPR_HANDLE AccountHandle, PLSAPR_PRIVILEGE_SET Privileges)
Definition: lsarpc.c:1563
NTSTATUS WINAPI LsarCreateSecret(LSAPR_HANDLE PolicyHandle, PRPC_UNICODE_STRING SecretName, ACCESS_MASK DesiredAccess, LSAPR_HANDLE *SecretHandle)
Definition: lsarpc.c:1319
#define POLICY_VIEW_AUDIT_INFORMATION
Definition: ntsecapi.h:62
NTSTATUS LsarQueryAccountDomain(PLSA_DB_OBJECT PolicyObject, PLSAPR_POLICY_INFORMATION *PolicyInformation)
Definition: policy.c:289
#define POLICY_AUDIT_LOG_ADMIN
Definition: ntsecapi.h:70
#define POLICY_SET_DEFAULT_QUOTA_LIMITS
Definition: ntsecapi.h:68
NTSTATUS WINAPI LsarSetSecurityObject(LSAPR_HANDLE ObjectHandle, SECURITY_INFORMATION SecurityInformation, PLSAPR_SR_SECURITY_DESCRIPTOR SecurityDescriptor)
Definition: lsarpc.c:323
NTSTATUS LsarpCreateAccount(PLSA_DB_OBJECT PolicyObject, PRPC_SID AccountSid, ACCESS_MASK DesiredAccess, PLSA_DB_OBJECT *AccountObject)
Definition: lsarpc.c:813
smooth NULL
Definition: ftsmooth.c:416
NTSTATUS WINAPI LsarCreateAccount(LSAPR_HANDLE PolicyHandle, PRPC_SID AccountSid, ACCESS_MASK DesiredAccess, LSAPR_HANDLE *AccountHandle)
Definition: lsarpc.c:883
NTSTATUS WINAPI LsarOpenTrustedDomain(LSAPR_HANDLE PolicyHandle, PRPC_SID TrustedDomainSid, ACCESS_MASK DesiredAccess, LSAPR_HANDLE *TrustedDomainHandle)
Definition: lsarpc.c:2046
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1104
NTSTATUS WINAPI LsarGetQuotasForAccount(LSAPR_HANDLE AccountHandle, PQUOTA_LIMITS QuotaLimits)
Definition: lsarpc.c:1878
_Must_inspect_result_ _In_ PFILE_OBJECT _In_ SECURITY_INFORMATION SecurityInformation
Definition: fltkernel.h:1339
_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE TokenHandle
Definition: psfuncs.h:715
Definition: bufpool.h:45
NTSTATUS LsarStartRpcServer(VOID)
Definition: lsarpc.c:40
#define POLICY_SET_AUDIT_REQUIREMENTS
Definition: ntsecapi.h:69
return Found
Definition: dirsup.c:1270
NTSTATUS WINAPI LsarQueryInformationPolicy2(LSAPR_HANDLE PolicyHandle, POLICY_INFORMATION_CLASS InformationClass, PLSAPR_POLICY_INFORMATION *PolicyInformation)
Definition: lsarpc.c:3752
NTSYSAPI BOOLEAN NTAPI RtlValidSid(IN PSID Sid)
Definition: sid.c:21
#define __RPC_USER
Definition: rpc.h:65
NTSTATUS WINAPI LsarOpenAccount(LSAPR_HANDLE PolicyHandle, PRPC_SID AccountSid, ACCESS_MASK DesiredAccess, LSAPR_HANDLE *AccountHandle)
Definition: lsarpc.c:1465
NTSTATUS WINAPI LsarRetrievePrivateData(LSAPR_HANDLE PolicyHandle, PRPC_UNICODE_STRING KeyName, PLSAPR_CR_CIPHER_VALUE *EncryptedData)
Definition: lsarpc.c:3618
NTSTATUS WINAPI LsarDelete(LSAPR_HANDLE ObjectHandle)
Definition: lsarpc.c:154
RPC_STATUS WINAPI RpcRevertToSelf(void)
Definition: rpc_binding.c:1460
PLUID LsarpLookupPrivilegeValue(IN PRPC_UNICODE_STRING Name)
Definition: privileges.c:227
NTSTATUS LsapCreateAccountSd(PSECURITY_DESCRIPTOR *AccountSd, PULONG AccountSdSize)
Definition: security.c:268
$ULONG PrivilegeCount
Definition: setypes.h:86
LSAPR_LUID_AND_ATTRIBUTES Privilege[*]
Definition: lsa.idl:528
UINTN Size
Definition: acefiex.h:555
PVOID NTAPI RtlAllocateHeap(IN PVOID HeapHandle, IN ULONG Flags, IN SIZE_T Size)
Definition: heap.c:585
SID_NAME_USE Use
Definition: lsa.idl:190
NTSTATUS WINAPI LsarSetQuotasForAccount(LSAPR_HANDLE AccountHandle, PQUOTA_LIMITS QuotaLimits)
Definition: lsarpc.c:1913
#define POLICY_LOOKUP_NAMES
Definition: ntsecapi.h:72
NTSTATUS LsarSetPrimaryDomain(PLSA_DB_OBJECT PolicyObject, PLSAPR_POLICY_PRIMARY_DOM_INFO Info)
Definition: policy.c:829
NTSTATUS WINAPI LsarQueryInformationPolicy(LSAPR_HANDLE PolicyHandle, POLICY_INFORMATION_CLASS InformationClass, PLSAPR_POLICY_INFORMATION *PolicyInformation)
Definition: lsarpc.c:531
NTSTATUS LsarQueryServerRole(PLSA_DB_OBJECT PolicyObject, PLSAPR_POLICY_INFORMATION *PolicyInformation)
Definition: policy.c:398
NTSTATUS WINAPI CredrReadDomainCredentials(PLSAPR_SERVER_NAME SystemName)
Definition: lsarpc.c:4088
unsigned char BOOLEAN
NTSTATUS WINAPI LsarChangePassword(handle_t IDL_handle, PRPC_UNICODE_STRING String1, PRPC_UNICODE_STRING String2, PRPC_UNICODE_STRING String3, PRPC_UNICODE_STRING String4, PRPC_UNICODE_STRING String5)
Definition: lsarpc.c:479
NTSTATUS WINAPI LsarLookupSids(LSAPR_HANDLE PolicyHandle, PLSAPR_SID_ENUM_BUFFER SidEnumBuffer, PLSAPR_REFERENCED_DOMAIN_LIST *ReferencedDomains, PLSAPR_TRANSLATED_NAMES TranslatedNames, LSAP_LOOKUP_LEVEL LookupLevel, DWORD *MappedCount)
Definition: lsarpc.c:1256
#define TRACE(s)
Definition: solgame.cpp:4
#define SECRET_ALL_ACCESS
Definition: ntlsa.h:41
unsigned int BOOL
Definition: ntddk_ex.h:94
LONG NTSTATUS
Definition: precomp.h:26
#define TOKEN_QUERY
Definition: setypes.h:874
PLSAPR_TRANSLATED_NAME Names
Definition: lsa.idl:174
enum _TRUSTED_INFORMATION_CLASS TRUSTED_INFORMATION_CLASS
NTSYSAPI NTSTATUS NTAPI RtlInitializeCriticalSection(_In_ PRTL_CRITICAL_SECTION CriticalSection)
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:24
#define ACCOUNT_WRITE
Definition: ntlsa.h:35
DWORD WINAPI GetLengthSid(PSID pSid)
Definition: security.c:794
PLSAPR_TRANSLATED_SID_EX2 Sids
Definition: lsa.idl:210
struct _LSAPR_ACCOUNT_INFORMATION LSAPR_ACCOUNT_INFORMATION
HANDLE HKEY
Definition: registry.h:24
#define ConvertSidToStringSid
Definition: sddl.h:160
NTSTATUS WINAPI LsarLookupNames(LSAPR_HANDLE PolicyHandle, DWORD Count, PRPC_UNICODE_STRING Names, PLSAPR_REFERENCED_DOMAIN_LIST *ReferencedDomains, PLSAPR_TRANSLATED_SIDS TranslatedSids, LSAP_LOOKUP_LEVEL LookupLevel, DWORD *MappedCount)
Definition: lsarpc.c:1192
NTSTATUS LsarQueryAuditLog(PLSA_DB_OBJECT PolicyObject, PLSAPR_POLICY_INFORMATION *PolicyInformation)
Definition: policy.c:38
NTSTATUS WINAPI LsarQueryTrustedDomainInfo(LSAPR_HANDLE PolicyHandle, PRPC_SID TrustedDomainSid, TRUSTED_INFORMATION_CLASS InformationClass, PLSAPR_TRUSTED_DOMAIN_INFO *TrustedDomainInformation)
Definition: lsarpc.c:3410
#define POLICY_TRUST_ADMIN
Definition: ntsecapi.h:64
DWORD PrivilegeCount
Definition: lsa.idl:526
#define STATUS_NO_SUCH_PRIVILEGE
Definition: ntstatus.h:318
NTSTATUS WINAPI LsarEnumerateTrustedDomainsEx(LSAPR_HANDLE PolicyHandle, DWORD *EnumerationContext, PLSAPR_TRUSTED_ENUM_BUFFER_EX EnumerationBuffer, DWORD PreferedMaximumLength)
Definition: lsarpc.c:3816
NTSTATUS WINAPI LsarEnumerateTrustedDomains(LSAPR_HANDLE PolicyHandle, DWORD *EnumerationContext, PLSAPR_TRUSTED_ENUM_BUFFER EnumerationBuffer, DWORD PreferedMaximumLength)
Definition: lsarpc.c:1176
enum _POLICY_INFORMATION_CLASS POLICY_INFORMATION_CLASS
static const UCHAR Index[8]
Definition: usbohci.c:18
ULONG LsapGetRelativeIdFromSid(PSID Sid_)
Definition: lookup.c:978
#define SACL_SECURITY_INFORMATION
Definition: setypes.h:126
#define WRITE_DAC
Definition: nt_native.h:59
NTSTATUS LsarSetLocalAccountDomain(PLSA_DB_OBJECT PolicyObject, PLSAPR_POLICY_ACCOUNT_DOM_INFO Info)
Definition: policy.c:1026
RPC_UNICODE_STRING Name
Definition: lsa.idl:179
RPC_STATUS WINAPI RpcServerRegisterIf(RPC_IF_HANDLE IfSpec, UUID *MgrTypeUuid, RPC_MGR_EPV *MgrEpv)
Definition: rpc_server.c:1123
NTSTATUS WINAPI CredrRead(PLSAPR_SERVER_NAME SystemName)
Definition: lsarpc.c:4055
NTSTATUS WINAPI LsarDeleteTrustedDomain(LSAPR_HANDLE PolicyHandle, PRPC_SID TrustedDomainSid)
Definition: lsarpc.c:3446
NTSTATUS WINAPI LsarLookupSids3(LSAPR_HANDLE PolicyHandle, PLSAPR_SID_ENUM_BUFFER SidEnumBuffer, PLSAPR_REFERENCED_DOMAIN_LIST *ReferencedDomains, PLSAPR_TRANSLATED_NAMES_EX TranslatedNames, LSAP_LOOKUP_LEVEL LookupLevel, DWORD *MappedCount, DWORD LookupOptions, DWORD ClientRevision)
Definition: lsarpc.c:4269
#define ACCOUNT_READ
Definition: ntlsa.h:34
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:13
NTSTATUS NTAPI NtClose(IN HANDLE Handle)
Definition: obhandle.c:3393
NTSTATUS LsarSetModification(PLSA_DB_OBJECT PolicyObject, PPOLICY_MODIFICATION_INFO Info)
Definition: policy.c:958
#define READ_CONTROL
Definition: nt_native.h:58
NTSTATUS WINAPI LsarClose(LSAPR_HANDLE *ObjectHandle)
Definition: lsarpc.c:125
#define STATUS_UNSUCCESSFUL
Definition: udferr_usr.h:132
NTSTATUS LsarQueryLocalAccountDomain(PLSA_DB_OBJECT PolicyObject, PLSAPR_POLICY_INFORMATION *PolicyInformation)
Definition: policy.c:769
_In_ PUNICODE_STRING Name
Definition: mrx.h:218
NTSTATUS WINAPI LsarSetDomainInformationPolicy(LSAPR_HANDLE PolicyHandle, POLICY_INFORMATION_CLASS InformationClass, PLSAPR_POLICY_DOMAIN_INFORMATION PolicyInformation)
Definition: lsarpc.c:3879
NTSTATUS WINAPI LsarLookupPrivilegeName(LSAPR_HANDLE PolicyHandle, PLUID Value, PRPC_UNICODE_STRING *Name)
Definition: lsarpc.c:2464
SID_NAME_USE Use
Definition: lsa.idl:202
union _LARGE_INTEGER LARGE_INTEGER
NTSTATUS WINAPI LsarGenAuditEvent(handle_t hBinding)
Definition: lsarpc.c:4202
static const WCHAR L[]
Definition: oid.c:1087
_In_ GUID _In_ PVOID _In_ ULONG ValueLength
Definition: hubbusif.h:311
NTSTATUS LsarSetServerRole(PLSA_DB_OBJECT PolicyObject, PPOLICY_LSA_SERVER_ROLE_INFO Info)
Definition: policy.c:923
NTSTATUS WINAPI LsarQuerySecurityObject(LSAPR_HANDLE ObjectHandle, SECURITY_INFORMATION SecurityInformation, PLSAPR_SR_SECURITY_DESCRIPTOR *SecurityDescriptor)
Definition: lsarpc.c:198
WCHAR TargetName[256]
Definition: arping.c:27
#define ACCOUNT_ADJUST_SYSTEM_ACCESS
Definition: ntlsa.h:31
unsigned short Length
Definition: msv1_0.h:53
NTSTATUS LsarSetAuditFull(PLSA_DB_OBJECT PolicyObject, PPOLICY_AUDIT_FULL_QUERY_INFO Info)
Definition: policy.c:971
#define STATUS_DIRECTORY_SERVICE_REQUIRED
Definition: ntstatus.h:790
#define WINAPI
Definition: msvc.h:20
INT64 MinimumWorkingSetSize
Definition: lsa.idl:289
UINTN UINT8 Value
Definition: acefiex.h:751
NTSTATUS LsapRegOpenKey(IN HANDLE ParentKeyHandle, IN LPCWSTR KeyName, IN ACCESS_MASK DesiredAccess, OUT HANDLE KeyHandle)
Definition: registry.c:153
static const WCHAR Control[]
Definition: interface.c:27
#define ACCOUNT_ADJUST_QUOTAS
Definition: ntlsa.h:30
NTSTATUS WINAPI LsarSetTrustedDomainInfo(LSAPR_HANDLE PolicyHandle, PRPC_SID TrustedDomainSid, TRUSTED_INFORMATION_CLASS InformationClass, PLSAPR_TRUSTED_DOMAIN_INFO TrustedDomainInformation)
Definition: lsarpc.c:3428
Status
Definition: gdiplustypes.h:24
NTSTATUS LsapLookupAccountRightName(ULONG RightValue, PRPC_UNICODE_STRING *Name)
Definition: privileges.c:343
RPC_STATUS WINAPI RpcServerUseProtseqEpW(RPC_WSTR Protseq, UINT MaxCalls, RPC_WSTR Endpoint, LPVOID SecurityDescriptor)
Definition: rpc_server.c:934
NTSTATUS LsarQueryReplicaSource(PLSA_DB_OBJECT PolicyObject, PLSAPR_POLICY_INFORMATION *PolicyInformation)
Definition: policy.c:436
#define ERR(fmt,...)
Definition: debug.h:109
NTSTATUS WINAPI LsarRemoveAccountRights(LSAPR_HANDLE PolicyHandle, PRPC_SID AccountSid, BOOLEAN AllRights, PLSAPR_USER_RIGHT_SET UserRights)
Definition: lsarpc.c:3214
NTSTATUS LsarQueryPdAccount(PLSA_DB_OBJECT PolicyObject, PLSAPR_POLICY_INFORMATION *PolicyInformation)
Definition: policy.c:267
VOID DsSetupInit(VOID)
Definition: dssetup.c:22
NTSTATUS LsarSetAuditLog(PLSA_DB_OBJECT PolicyObject, PPOLICY_AUDIT_LOG_INFO Info)
Definition: policy.c:779
NTSTATUS WINAPI LsarQueryTrustedDomainInfoByName(LSAPR_HANDLE PolicyHandle, PRPC_UNICODE_STRING TrustedDomainName, POLICY_INFORMATION_CLASS InformationClass, PLSAPR_TRUSTED_DOMAIN_INFO *PolicyInformation)
Definition: lsarpc.c:3780
PLSAPR_TRUST_INFORMATION Information
Definition: lsa.idl:344
DWORD *typedef HANDLE
Definition: winlogon.h:61
NTSTATUS LsapRegQueryValue(IN HANDLE KeyHandle, IN LPWSTR ValueName, OUT PULONG Type OPTIONAL, OUT LPVOID Data OPTIONAL, IN OUT PULONG DataLength OPTIONAL)
NTSTATUS LsarQueryPrimaryDomain(PLSA_DB_OBJECT PolicyObject, PLSAPR_POLICY_INFORMATION *PolicyInformation)
Definition: policy.c:157
#define POLICY_EXECUTE
Definition: ntsecapi.h:76
#define STATUS_OBJECT_NAME_NOT_FOUND
Definition: udferr_usr.h:149
NTSTATUS WINAPI LsarOpenPolicySce(LPWSTR SystemName, PLSAPR_OBJECT_ATTRIBUTES ObjectAttributes, ACCESS_MASK DesiredAccess, LSAPR_HANDLE *PolicyHandle)
Definition: lsarpc.c:4346
unsigned short USHORT
Definition: pedump.c:61
NTSTATUS WINAPI LsarCreateTrustedDomainEx(LSAPR_HANDLE PolicyHandle, PLSAPR_TRUSTED_DOMAIN_INFORMATION_EX TrustedDomainInformation, PLSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION AuthentificationInformation, ACCESS_MASK DesiredAccess, LSAPR_HANDLE *TrustedDomainHandle)
Definition: lsarpc.c:3836
NTSTATUS WINAPI LsarEnumerateAccounts(LSAPR_HANDLE PolicyHandle, DWORD *EnumerationContext, PLSAPR_ACCOUNT_ENUM_BUFFER EnumerationBuffer, DWORD PreferedMaximumLength)
Definition: lsarpc.c:928
_In_ ULONG _Out_opt_ PULONG RequiredLength
Definition: wmifuncs.h:29
HLOCAL NTAPI LocalFree(HLOCAL hMem)
Definition: heapmem.c:1577
NTSTATUS LsapValidateDbObject(LSAPR_HANDLE Handle, LSA_DB_OBJECT_TYPE ObjectType, ACCESS_MASK DesiredAccess, PLSA_DB_OBJECT *DbObject)
Definition: database.c:823
NTSTATUS WINAPI CredrGetTargetInfo(PLSAPR_SERVER_NAME SystemName, LPWSTR TargetName, DWORD Flags, CREDPR_TARGET_INFORMATION *TargetInformation)
Definition: lsarpc.c:4113
_In_ PIO_STACK_LOCATION _Inout_ PFILE_OBJECT _Inout_ PVCB _Outptr_result_maybenull_ PDCB _In_ PDCB _In_ PDIRENT _In_ ULONG _In_ ULONG _In_ PUNICODE_STRING _In_ PACCESS_MASK DesiredAccess
Definition: create.c:4157
SID_NAME_USE Use
Definition: lsa.idl:178
#define STATUS_NO_MEMORY
Definition: ntstatus.h:246
static RTL_CRITICAL_SECTION PolicyHandleTableLock
Definition: lsarpc.c:14
#define RPC_C_PROTSEQ_MAX_REQS_DEFAULT
Definition: rpcdce.h:123
#define OWNER_SECURITY_INFORMATION
Definition: setypes.h:123
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID Owner
Definition: rtlfuncs.h:1557
NTSYSAPI ULONG WINAPI RtlLengthSecurityDescriptor(PSECURITY_DESCRIPTOR)
RPC_STATUS WINAPI RpcImpersonateClient(RPC_BINDING_HANDLE BindingHandle)
Definition: rpc_binding.c:1053
NTSTATUS WINAPI LsarLookupSids2(LSAPR_HANDLE PolicyHandle, PLSAPR_SID_ENUM_BUFFER SidEnumBuffer, PLSAPR_REFERENCED_DOMAIN_LIST *ReferencedDomains, PLSAPR_TRANSLATED_NAMES_EX TranslatedNames, LSAP_LOOKUP_LEVEL LookupLevel, DWORD *MappedCount, DWORD LookupOptions, DWORD ClientRevision)
Definition: lsarpc.c:3921
static GENERIC_MAPPING LsapPolicyMapping
Definition: lsarpc.c:18
NTSTATUS WINAPI LsarStorePrivateData(LSAPR_HANDLE PolicyHandle, PRPC_UNICODE_STRING KeyName, PLSAPR_CR_CIPHER_VALUE EncryptedData)
Definition: lsarpc.c:3462
NTSTATUS WINAPI LsarCreateTrustedDomainEx2(LSAPR_HANDLE PolicyHandle, PLSAPR_TRUSTED_DOMAIN_INFORMATION_EX TrustedDomainInformation, PLSAPR_TRUSTED_DOMAIN_AUTH_INFORMATION_INTERNAL AuthentificationInformation, ACCESS_MASK DesiredAccess, LSAPR_HANDLE *TrustedDomainHandle)
Definition: lsarpc.c:4025
NTSTATUS WINAPI LsarOpenPolicy(LPWSTR SystemName, PLSAPR_OBJECT_ATTRIBUTES ObjectAttributes, ACCESS_MASK DesiredAccess, LSAPR_HANDLE *PolicyHandle)
Definition: lsarpc.c:495
NTSTATUS LsarQueryAuditFull(PLSA_DB_OBJECT PolicyObject, PLSAPR_POLICY_INFORMATION *PolicyInformation)
Definition: policy.c:510
#define HEAP_ZERO_MEMORY
Definition: compat.h:123
#define POLICY_ALL_ACCESS
Definition: ntsecapi.h:77
NTSTATUS WINAPI LsarLookupNames4(handle_t RpcHandle, DWORD Count, PRPC_UNICODE_STRING Names, PLSAPR_REFERENCED_DOMAIN_LIST *ReferencedDomains, PLSAPR_TRANSLATED_SIDS_EX2 TranslatedSids, LSAP_LOOKUP_LEVEL LookupLevel, DWORD *MappedCount, DWORD LookupOptions, DWORD ClientRevision)
Definition: lsarpc.c:4306
INT64 MaximumWorkingSetSize
Definition: lsa.idl:290
#define SECRET_WRITE
Definition: ntlsa.h:43
NTSTATUS LsarSetDnsDomain(PLSA_DB_OBJECT PolicyObject, PLSAPR_POLICY_DNS_DOMAIN_INFO Info)
Definition: policy.c:1008
NTSTATUS LsarSetDnsDomainInt(PLSA_DB_OBJECT PolicyObject, PLSAPR_POLICY_DNS_DOMAIN_INFO Info)
Definition: policy.c:1017
NTSTATUS WINAPI LsarTestCall(handle_t hBinding)
Definition: lsarpc.c:3910
static GENERIC_MAPPING LsapSecretMapping
Definition: lsarpc.c:32
PLSAPR_ACCOUNT_INFORMATION Information
Definition: lsa.idl:97
NTSTATUS LsapDeleteObjectAttribute(PLSA_DB_OBJECT DbObject, LPWSTR AttributeName)
Definition: database.c:1080
_In_ const STRING * String2
Definition: rtlfuncs.h:2245
NTSTATUS NTAPI NtOpenThreadToken(IN HANDLE ThreadHandle, IN ACCESS_MASK DesiredAccess, IN BOOLEAN OpenAsSelf, OUT PHANDLE TokenHandle)
Definition: token.c:3858
NTSTATUS WINAPI CredrEnumerate(PLSAPR_SERVER_NAME SystemName)
Definition: lsarpc.c:4066
LUID_AND_ATTRIBUTES Privilege[ANYSIZE_ARRAY]
Definition: setypes.h:88
#define OUT
Definition: typedefs.h:39
NTSTATUS WINAPI CredrWriteDomainCredentials(PLSAPR_SERVER_NAME SystemName)
Definition: lsarpc.c:4077
NTSTATUS LsarQueryDnsDomainInt(PLSA_DB_OBJECT PolicyObject, PLSAPR_POLICY_INFORMATION *PolicyInformation)
Definition: policy.c:759
NTSTATUS WINAPI LsarLookupPrivilegeDisplayName(LSAPR_HANDLE PolicyHandle, PRPC_UNICODE_STRING Name, USHORT ClientLanguage, USHORT ClientSystemDefaultLanguage, PRPC_UNICODE_STRING *DisplayName, USHORT *LanguageReturned)
Definition: lsarpc.c:2494
struct _RPC_UNICODE_STRING * PRPC_UNICODE_STRING
#define POLICY_CREATE_SECRET
Definition: ntsecapi.h:66
unsigned int ULONG
Definition: retypes.h:1
#define UNIMPLEMENTED
Definition: debug.h:114
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:261
#define POLICY_GET_PRIVATE_INFORMATION
Definition: ntsecapi.h:63
#define POLICY_READ
Definition: ntsecapi.h:74
NTSTATUS NTAPI NtQuerySystemTime(OUT PLARGE_INTEGER SystemTime)
Definition: time.c:417
#define POLICY_SERVER_ADMIN
Definition: ntsecapi.h:71
void *__RPC_USER MIDL_user_allocate(SIZE_T size)
Definition: irotp.c:371
NTSTATUS LsapCreateSecretSd(PSECURITY_DESCRIPTOR *SecretSd, PULONG SecretSdSize)
Definition: security.c:436
NTSTATUS WINAPI CredrGetSessionTypes(PLSAPR_SERVER_NAME SystemName, DWORD MaximumPersistCount, DWORD *MaximumPersist)
Definition: lsarpc.c:4178
#define ERROR_ALREADY_EXISTS
Definition: disk.h:80
#define ACCOUNT_ADJUST_PRIVILEGES
Definition: ntlsa.h:29
_In_ FILTER_INFORMATION_CLASS InformationClass
Definition: fltkernel.h:1714
NTSTATUS LsapCreateDbObject(IN PLSA_DB_OBJECT ParentObject, IN LPWSTR ContainerName, IN LPWSTR ObjectName, IN LSA_DB_OBJECT_TYPE ObjectType, IN ACCESS_MASK DesiredAccess, IN BOOLEAN Trusted, OUT PLSA_DB_OBJECT *DbObject)
Definition: database.c:590
_Must_inspect_result_ _Out_writes_to_ DataLength PHIDP_DATA _Inout_ PULONG DataLength
Definition: hidpi.h:333
#define POLICY_WRITE
Definition: ntsecapi.h:75
return STATUS_SUCCESS
Definition: btrfs.c:2710
void __RPC_USER MIDL_user_free(void *p)
Definition: irotp.c:376
NTSTATUS WINAPI LsarGetSystemAccessAccount(LSAPR_HANDLE AccountHandle, ACCESS_MASK *SystemAccess)
Definition: lsarpc.c:1977
#define POLICY_CREATE_ACCOUNT
Definition: ntsecapi.h:65
static NTSTATUS LsarpOpenAccount(IN PLSA_DB_OBJECT PolicyObject, IN PRPC_SID AccountSid, IN ACCESS_MASK DesiredAccess, OUT PLSA_DB_OBJECT *AccountObject)
Definition: lsarpc.c:1425
NTSYSAPI NTSTATUS NTAPI RtlMakeSelfRelativeSD(_In_ PSECURITY_DESCRIPTOR AbsoluteSD, _Out_ PSECURITY_DESCRIPTOR SelfRelativeSD, _Inout_ PULONG BufferLength)
WCHAR * LPWSTR
Definition: xmlstorage.h:184
NTSTATUS LsapGetObjectAttribute(PLSA_DB_OBJECT DbObject, LPWSTR AttributeName, LPVOID AttributeData, PULONG AttributeSize)
Definition: database.c:1010
NTSTATUS WINAPI LsarEnumerateAccountsWithUserRight(LSAPR_HANDLE PolicyHandle, PRPC_UNICODE_STRING UserRight, PLSAPR_ACCOUNT_ENUM_BUFFER EnumerationBuffer)
Definition: lsarpc.c:2574
BYTE * PBYTE
Definition: pedump.c:66
int k
Definition: mpi.c:3369
NTSTATUS WINAPI LsarSetInformationPolicy(LSAPR_HANDLE PolicyHandle, POLICY_INFORMATION_CLASS InformationClass, PLSAPR_POLICY_INFORMATION PolicyInformation)
Definition: lsarpc.c:663
PRPC_UNICODE_STRING UserRights
Definition: lsa.idl:393
ULONG ACCESS_MASK
Definition: nt_native.h:40
NTSTATUS LsapRegEnumerateSubKey(IN HANDLE KeyHandle, IN ULONG Index, IN ULONG Length, OUT LPWSTR Buffer)
Definition: registry.c:96
static PLARGE_INTEGER Time
Definition: time.c:105
NTSTATUS WINAPI LsarQueryForestTrustInformation(LSAPR_HANDLE PolicyHandle, PLSA_UNICODE_STRING TrustedDomainName, LSA_FOREST_TRUST_RECORD_TYPE HighestRecordType, PLSA_FOREST_TRUST_INFORMATION *ForestTrustInfo)
Definition: lsarpc.c:4224
#define DACL_SECURITY_INFORMATION
Definition: setypes.h:125
#define SECRET_READ
Definition: ntlsa.h:42
NTSTATUS WINAPI LsarClearAuditLog(LSAPR_HANDLE ObjectHandle)
Definition: lsarpc.c:804
NTSTATUS WINAPI LsarSetInformationPolicy2(LSAPR_HANDLE PolicyHandle, POLICY_INFORMATION_CLASS InformationClass, PLSAPR_POLICY_INFORMATION PolicyInformation)
Definition: lsarpc.c:3766
NTSTATUS WINAPI LsarDeleteObject(LSAPR_HANDLE *ObjectHandle)
Definition: lsarpc.c:2530
unsigned short MaximumLength
Definition: msv1_0.h:54
#define SECRET_EXECUTE
Definition: ntlsa.h:44
#define RPC_S_OK
Definition: rpcnterr.h:22
NTSTATUS LsarpLookupPrivilegeDisplayName(PRPC_UNICODE_STRING Name, USHORT ClientLanguage, USHORT ClientSystemDefaultLanguage, PRPC_UNICODE_STRING *DisplayName, USHORT *LanguageReturned)
Definition: privileges.c:125
#define DELETE
Definition: nt_native.h:57
struct _SECURITY_DESCRIPTOR * PISECURITY_DESCRIPTOR
wchar_t * Buffer
Definition: msv1_0.h:55
NTSTATUS WINAPI LsarLookupPrivilegeValue(LSAPR_HANDLE PolicyHandle, PRPC_UNICODE_STRING Name, PLUID Value)
Definition: lsarpc.c:2428
LONG WINAPI I_RpcMapWin32Status(RPC_STATUS status)
Definition: rpcrt4_main.c:741