Author: ekohl Date: Sun Nov 25 13:47:07 2012 New Revision: 57767
URL: http://svn.reactos.org/svn/reactos?rev=57767&view=rev Log: [LSASRV] - Add enumeration of user rights to LsarEnumerateAccountRights. - Use RPC_UNICODE_STRING instead of UNICODE_STRING in the privilege lookup code.
Modified: trunk/reactos/dll/win32/lsasrv/lsarpc.c trunk/reactos/dll/win32/lsasrv/lsasrv.h trunk/reactos/dll/win32/lsasrv/privileges.c
Modified: trunk/reactos/dll/win32/lsasrv/lsarpc.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/lsasrv/lsarpc.c?r... ============================================================================== --- trunk/reactos/dll/win32/lsasrv/lsarpc.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/lsasrv/lsarpc.c [iso-8859-1] Sun Nov 25 13:47:07 2012 @@ -1915,7 +1915,7 @@
TRACE("Privilege: %wZ\n", Name);
- Status = LsarpLookupPrivilegeValue((PUNICODE_STRING)Name, + Status = LsarpLookupPrivilegeValue(Name, Value);
return Status; @@ -1944,7 +1944,7 @@ }
Status = LsarpLookupPrivilegeName(Value, - (PUNICODE_STRING*)Name); + Name);
return Status; } @@ -1994,9 +1994,10 @@ PLSAPR_PRIVILEGE_SET PrivilegeSet = NULL; PRPC_UNICODE_STRING RightsBuffer = NULL; PRPC_UNICODE_STRING PrivilegeString; + ACCESS_MASK SystemAccess; ULONG RightsCount; ULONG RightsIndex; - ULONG PrivIndex; + ULONG i; NTSTATUS Status;
TRACE("LsarEnumerateAccountRights(%p %p %p)\n", @@ -2022,13 +2023,23 @@ goto done; }
- /* FIXME: Get account rights */ - + /* Get account rights */ + Status = LsarGetSystemAccessAccount(AccountHandle, + &SystemAccess); + if (!NT_SUCCESS(Status)) + { + ERR("LsarGetSystemAccessAccount returned 0x%08lx\n", Status); + goto done; + }
RightsCount = PrivilegeSet->PrivilegeCount;
- /* FIXME: Count account rights */ - + /* Count account rights */ + for (i = 0; i < sizeof(ACCESS_MASK) * 8; i++) + { + if (SystemAccess & (1 << i)) + RightsCount++; + }
/* We are done if there are no rights to be enumerated */ if (RightsCount == 0) @@ -2049,25 +2060,41 @@
/* Copy the privileges into the buffer */ RightsIndex = 0; - for (PrivIndex = 0; PrivIndex < PrivilegeSet->PrivilegeCount; PrivIndex++) + for (i = 0; i < PrivilegeSet->PrivilegeCount; i++) { PrivilegeString = NULL; Status = LsarLookupPrivilegeName(PolicyHandle, - (PLUID)&PrivilegeSet->Privilege[PrivIndex].Luid, - (PRPC_UNICODE_STRING *)&PrivilegeString); + (PLUID)&PrivilegeSet->Privilege[i].Luid, + &PrivilegeString); if (!NT_SUCCESS(Status)) goto done;
- RightsBuffer[RightsIndex].Length = PrivilegeString->Length; - RightsBuffer[RightsIndex].MaximumLength = PrivilegeString->MaximumLength; - RightsBuffer[RightsIndex].Buffer = PrivilegeString->Buffer; + RightsBuffer[i].Length = PrivilegeString->Length; + RightsBuffer[i].MaximumLength = PrivilegeString->MaximumLength; + RightsBuffer[i].Buffer = PrivilegeString->Buffer;
MIDL_user_free(PrivilegeString); RightsIndex++; }
- /* FIXME: Copy account rights into the buffer */ - + /* Copy account rights into the buffer */ + for (i = 0; i < sizeof(ACCESS_MASK) * 8; i++) + { + if (SystemAccess & (1 << i)) + { + Status = LsapLookupAccountRightName(1 << i, + &PrivilegeString); + if (!NT_SUCCESS(Status)) + goto done; + + RightsBuffer[i].Length = PrivilegeString->Length; + RightsBuffer[i].MaximumLength = PrivilegeString->MaximumLength; + RightsBuffer[i].Buffer = PrivilegeString->Buffer; + + MIDL_user_free(PrivilegeString); + RightsIndex++; + } + }
UserRights->Entries = RightsCount; UserRights->UserRights = (PRPC_UNICODE_STRING)RightsBuffer;
Modified: trunk/reactos/dll/win32/lsasrv/lsasrv.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/lsasrv/lsasrv.h?r... ============================================================================== --- trunk/reactos/dll/win32/lsasrv/lsasrv.h [iso-8859-1] (original) +++ trunk/reactos/dll/win32/lsasrv/lsasrv.h [iso-8859-1] Sun Nov 25 13:47:07 2012 @@ -252,16 +252,20 @@ /* privileges.c */ NTSTATUS LsarpLookupPrivilegeName(PLUID Value, - PUNICODE_STRING *Name); - -NTSTATUS -LsarpLookupPrivilegeValue(PUNICODE_STRING Name, + PRPC_UNICODE_STRING *Name); + +NTSTATUS +LsarpLookupPrivilegeValue(PRPC_UNICODE_STRING Name, PLUID Value);
NTSTATUS LsarpEnumeratePrivileges(DWORD *EnumerationContext, PLSAPR_PRIVILEGE_ENUM_BUFFER EnumerationBuffer, DWORD PreferedMaximumLength); + +NTSTATUS +LsapLookupAccountRightName(ULONG RightValue, + PRPC_UNICODE_STRING *Name);
/* registry.h */ NTSTATUS
Modified: trunk/reactos/dll/win32/lsasrv/privileges.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/lsasrv/privileges... ============================================================================== --- trunk/reactos/dll/win32/lsasrv/privileges.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/lsasrv/privileges.c [iso-8859-1] Sun Nov 25 13:47:07 2012 @@ -17,6 +17,12 @@ LUID Luid; LPCWSTR Name; } PRIVILEGE_DATA; + +typedef struct +{ + ULONG Flag; + LPCWSTR Name; +} RIGHT_DATA;
/* GLOBALS *****************************************************************/ @@ -54,14 +60,28 @@ {{SE_CREATE_GLOBAL_PRIVILEGE, 0}, SE_CREATE_GLOBAL_NAME} };
+static const RIGHT_DATA WellKnownRights[] = +{ + {SECURITY_ACCESS_INTERACTIVE_LOGON, SE_INTERACTIVE_LOGON_NAME}, + {SECURITY_ACCESS_NETWORK_LOGON, SE_NETWORK_LOGON_NAME}, + {SECURITY_ACCESS_BATCH_LOGON, SE_BATCH_LOGON_NAME}, + {SECURITY_ACCESS_SERVICE_LOGON, SE_SERVICE_LOGON_NAME}, + {SECURITY_ACCESS_DENY_INTERACTIVE_LOGON, SE_DENY_INTERACTIVE_LOGON_NAME}, + {SECURITY_ACCESS_DENY_NETWORK_LOGON, SE_DENY_NETWORK_LOGON_NAME}, + {SECURITY_ACCESS_DENY_BATCH_LOGON, SE_DENY_BATCH_LOGON_NAME}, + {SECURITY_ACCESS_DENY_SERVICE_LOGON, SE_DENY_SERVICE_LOGON_NAME}, + {SECURITY_ACCESS_REMOTE_INTERACTIVE_LOGON, SE_REMOTE_INTERACTIVE_LOGON_NAME}, + {SECURITY_ACCESS_DENY_REMOTE_INTERACTIVE_LOGON, SE_DENY_REMOTE_INTERACTIVE_LOGON_NAME} +}; +
/* FUNCTIONS ***************************************************************/
NTSTATUS LsarpLookupPrivilegeName(PLUID Value, - PUNICODE_STRING *Name) -{ - PUNICODE_STRING NameBuffer; + PRPC_UNICODE_STRING *Name) +{ + PRPC_UNICODE_STRING NameBuffer; ULONG Priv;
if (Value->HighPart != 0 || @@ -76,7 +96,7 @@ if (Value->LowPart == WellKnownPrivileges[Priv].Luid.LowPart && Value->HighPart == WellKnownPrivileges[Priv].Luid.HighPart) { - NameBuffer = MIDL_user_allocate(sizeof(UNICODE_STRING)); + NameBuffer = MIDL_user_allocate(sizeof(RPC_UNICODE_STRING)); if (NameBuffer == NULL) return STATUS_NO_MEMORY;
@@ -103,7 +123,7 @@
NTSTATUS -LsarpLookupPrivilegeValue(PUNICODE_STRING Name, +LsarpLookupPrivilegeValue(PRPC_UNICODE_STRING Name, PLUID Value) { ULONG Priv; @@ -218,4 +238,43 @@ Status = STATUS_MORE_ENTRIES;
return Status; -} +} + + +NTSTATUS +LsapLookupAccountRightName(ULONG RightValue, + PRPC_UNICODE_STRING *Name) +{ + PRPC_UNICODE_STRING NameBuffer; + ULONG i; + + for (i = 0; i < sizeof(WellKnownRights) / sizeof(WellKnownRights[0]); i++) + { + if (WellKnownRights[i].Flag == RightValue) + { + NameBuffer = MIDL_user_allocate(sizeof(RPC_UNICODE_STRING)); + if (NameBuffer == NULL) + return STATUS_NO_MEMORY; + + NameBuffer->Length = wcslen(WellKnownRights[i].Name) * sizeof(WCHAR); + NameBuffer->MaximumLength = NameBuffer->Length + sizeof(WCHAR); + + NameBuffer->Buffer = MIDL_user_allocate(NameBuffer->MaximumLength); + if (NameBuffer == NULL) + { + MIDL_user_free(NameBuffer); + return STATUS_INSUFFICIENT_RESOURCES; + } + + wcscpy(NameBuffer->Buffer, WellKnownRights[i].Name); + + *Name = NameBuffer; + + return STATUS_SUCCESS; + } + } + + return STATUS_NO_SUCH_PRIVILEGE; +} + +/* EOF */