25 Aug
2012
25 Aug
'12
3:40 p.m.
Author: ekohl
Date: Sat Aug 25 15:40:06 2012
New Revision: 57158
URL: http://svn.reactos.org/svn/reactos?rev=57158&view=rev
Log:
[ADVAPI32/LSASRV]
- Implement LsaCreateSecret/LsarCreateSecret, LsaOpenSecret/LsarOpenSecret,
LsaGetSystemAccessAccount/ LsarGetSystemAccessAccount and LsarSetSystemAccessAccount
- Improve some TRACE messages.
Modified:
trunk/reactos/dll/win32/advapi32/advapi32.spec
trunk/reactos/dll/win32/advapi32/sec/lsa.c
trunk/reactos/dll/win32/lsasrv/lsarpc.c
trunk/reactos/include/psdk/ntsecapi.h
Modified: trunk/reactos/dll/win32/advapi32/advapi32.spec
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/advapi32/advapi3…
==============================================================================
--- trunk/reactos/dll/win32/advapi32/advapi32.spec [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/advapi32/advapi32.spec [iso-8859-1] Sat Aug 25 15:40:06 2012
@@ -349,7 +349,7 @@
@ stub LsaClearAuditLog
@ stdcall LsaClose(ptr)
@ stdcall LsaCreateAccount(ptr ptr long ptr)
-@ stub LsaCreateSecret
+@ stdcall LsaCreateSecret(ptr ptr long ptr)
@ stdcall LsaCreateTrustedDomain(ptr ptr long ptr)
@ stdcall LsaCreateTrustedDomainEx(ptr ptr ptr long ptr)
@ stdcall LsaDelete(ptr)
@@ -364,7 +364,7 @@
@ stdcall LsaFreeMemory(ptr)
@ stub LsaGetQuotasForAccount
@ stub LsaGetRemoteUserName
-@ stub LsaGetSystemAccessAccount
+@ stdcall LsaGetSystemAccessAccount(ptr ptr)
@ stdcall LsaGetUserName(ptr ptr)
@ stub LsaICLookupNames
@ stub LsaICLookupNamesWithCreds
@@ -380,7 +380,7 @@
@ stdcall LsaOpenAccount(ptr ptr long ptr)
@ stdcall LsaOpenPolicy(ptr ptr long ptr)
@ stub LsaOpenPolicySce
-@ stub LsaOpenSecret
+@ stdcall LsaOpenSecret(ptr ptr long ptr)
@ stub LsaOpenTrustedDomain
@ stdcall LsaOpenTrustedDomainByName(ptr ptr long ptr)
@ stdcall LsaQueryDomainInformationPolicy(ptr long ptr)
Modified: trunk/reactos/dll/win32/advapi32/sec/lsa.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/advapi32/sec/lsa…
==============================================================================
--- trunk/reactos/dll/win32/advapi32/sec/lsa.c [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/advapi32/sec/lsa.c [iso-8859-1] Sat Aug 25 15:40:06 2012
@@ -152,7 +152,8 @@
LSAPR_USER_RIGHT_SET UserRightSet;
NTSTATUS Status;
- TRACE("(%p,%p,%p,0x%08x) stub\n", PolicyHandle, AccountSid, UserRights,
CountOfRights);
+ TRACE("LsaAddAccountRights(%p %p %p 0x%08x)\n",
+ PolicyHandle, AccountSid, UserRights, CountOfRights);
UserRightSet.Entries = CountOfRights;
UserRightSet.UserRights = (PRPC_UNICODE_STRING)UserRights;
@@ -184,7 +185,8 @@
{
NTSTATUS Status;
- TRACE("(%p,%p) stub\n", AccountHandle, PrivilegeSet);
+ TRACE("LsaAddPrivilegesToAccount(%p %p)\n",
+ AccountHandle, PrivilegeSet);
RpcTryExcept
{
@@ -213,7 +215,8 @@
{
NTSTATUS Status;
- TRACE("(%p,%p,0x%08x,%p)\n", PolicyHandle, AccountSid, DesiredAccess,
AccountHandle);
+ TRACE("LsaCreateAccount(%p %p 0x%08x %p)\n",
+ PolicyHandle, AccountSid, DesiredAccess, AccountHandle);
RpcTryExcept
{
@@ -221,6 +224,38 @@
AccountSid,
DesiredAccess,
AccountHandle);
+ }
+ RpcExcept(EXCEPTION_EXECUTE_HANDLER)
+ {
+ Status = I_RpcMapWin32Status(RpcExceptionCode());
+ }
+ RpcEndExcept;
+
+ return Status;
+}
+
+
+/*
+ * @implemented
+ */
+NTSTATUS
+WINAPI
+LsaCreateSecret(IN LSA_HANDLE PolicyHandle,
+ IN PLSA_UNICODE_STRING SecretName,
+ IN ACCESS_MASK DesiredAccess,
+ OUT PLSA_HANDLE SecretHandle)
+{
+ NTSTATUS Status;
+
+ TRACE("LsaCreateSecret(%p %p 0x%08lx %p)\n",
+ PolicyHandle, SecretName, DesiredAccess, SecretHandle);
+
+ RpcTryExcept
+ {
+ Status = LsarCreateSecret((LSAPR_HANDLE)PolicyHandle,
+ (PRPC_UNICODE_STRING)SecretName,
+ DesiredAccess,
+ SecretHandle);
}
RpcExcept(EXCEPTION_EXECUTE_HANDLER)
{
@@ -441,6 +476,33 @@
{
TRACE("(%p)\n", Buffer);
return RtlFreeHeap(RtlGetProcessHeap(), 0, Buffer);
+}
+
+
+/*
+ * @implemented
+ */
+NTSTATUS
+WINAPI
+LsaGetSystemAccessAccount(IN LSA_HANDLE AccountHandle,
+ OUT PULONG SystemAccess)
+{
+ NTSTATUS Status;
+
+ TRACE("(%p,%p)\n", AccountHandle, SystemAccess);
+
+ RpcTryExcept
+ {
+ Status = LsarGetSystemAccessAccount((LSAPR_HANDLE)AccountHandle,
+ (ACCESS_MASK *)SystemAccess);
+ }
+ RpcExcept(EXCEPTION_EXECUTE_HANDLER)
+ {
+ Status = I_RpcMapWin32Status(RpcExceptionCode());
+ }
+ RpcEndExcept;
+
+ return Status;
}
@@ -770,6 +832,39 @@
}
+NTSTATUS
+WINAPI
+LsaOpenSecret(IN LSA_HANDLE PolicyHandle,
+ IN PLSA_UNICODE_STRING SecretName,
+ IN ACCESS_MASK DesiredAccess,
+ OUT PLSA_HANDLE SecretHandle)
+{
+ NTSTATUS Status;
+
+ TRACE("LsaOpenSecret(%p %p 0x%08x %p)\n",
+ PolicyHandle, SecretName, DesiredAccess, SecretHandle);
+
+ RpcTryExcept
+ {
+ *SecretHandle = NULL;
+
+ Status = LsarOpenSecret((LSAPR_HANDLE)PolicyHandle,
+ (PRPC_UNICODE_STRING)SecretName,
+ DesiredAccess,
+ SecretHandle);
+ }
+ RpcExcept(EXCEPTION_EXECUTE_HANDLER)
+ {
+ Status = I_RpcMapWin32Status(RpcExceptionCode());
+ }
+ RpcEndExcept;
+
+ TRACE("LsaOpenSecret() done (Status: 0x%08lx)\n", Status);
+
+ return Status;
+}
+
+
/*
* @implemented
*/
Modified: trunk/reactos/dll/win32/lsasrv/lsarpc.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/lsasrv/lsarpc.c?…
==============================================================================
--- trunk/reactos/dll/win32/lsasrv/lsarpc.c [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/lsasrv/lsarpc.c [iso-8859-1] Sat Aug 25 15:40:06 2012
@@ -11,14 +11,15 @@
#include "lsasrv.h"
+WINE_DEFAULT_DEBUG_CHANNEL(lsasrv);
+
+
+/* GLOBALS *****************************************************************/
static RTL_CRITICAL_SECTION PolicyHandleTableLock;
-WINE_DEFAULT_DEBUG_CHANNEL(lsasrv);
-
/* FUNCTIONS ***************************************************************/
-
VOID
LsarStartRpcServer(VOID)
@@ -629,8 +630,87 @@
ACCESS_MASK DesiredAccess,
LSAPR_HANDLE *SecretHandle)
{
- UNIMPLEMENTED;
- return STATUS_NOT_IMPLEMENTED;
+ PLSA_DB_OBJECT PolicyObject;
+ PLSA_DB_OBJECT SecretsObject = NULL;
+ PLSA_DB_OBJECT SecretObject = NULL;
+ LARGE_INTEGER Time;
+ NTSTATUS Status = STATUS_SUCCESS;
+
+ /* Validate the PolicyHandle */
+ Status = LsapValidateDbObject(PolicyHandle,
+ LsaDbPolicyObject,
+ POLICY_CREATE_SECRET,
+ &PolicyObject);
+ if (!NT_SUCCESS(Status))
+ {
+ ERR("LsapValidateDbObject returned 0x%08lx\n", Status);
+ return Status;
+ }
+
+ /* Open the Secrets object */
+ Status = LsapOpenDbObject(PolicyObject,
+ L"Secrets",
+ LsaDbContainerObject,
+ 0,
+ &SecretsObject);
+ if (!NT_SUCCESS(Status))
+ {
+ ERR("LsapCreateDbObject (Secrets) failed (Status 0x%08lx)\n", Status);
+ goto done;
+ }
+
+ /* Get the current time */
+ Status = NtQuerySystemTime(&Time);
+ if (!NT_SUCCESS(Status))
+ {
+ ERR("NtQuerySystemTime failed (Status 0x%08lx)\n", Status);
+ goto done;
+ }
+
+ /* Create the Secret object */
+ Status = LsapCreateDbObject(SecretsObject,
+ SecretName->Buffer,
+ LsaDbSecretObject,
+ DesiredAccess,
+ &SecretObject);
+ if (!NT_SUCCESS(Status))
+ {
+ ERR("LsapCreateDbObject (Secret) failed (Status 0x%08lx)\n", Status);
+ goto done;
+ }
+
+ /* Set the CurrentTime attribute */
+ Status = LsapSetObjectAttribute(SecretObject,
+ L"CurrentTime",
+ (PVOID)&Time,
+ sizeof(LARGE_INTEGER));
+ if (!NT_SUCCESS(Status))
+ {
+ ERR("LsapSetObjectAttribute (CurrentTime) failed (Status 0x%08lx)\n",
Status);
+ goto done;
+ }
+
+ /* Set the OldTime attribute */
+ Status = LsapSetObjectAttribute(SecretObject,
+ L"OldTime",
+ (PVOID)&Time,
+ sizeof(LARGE_INTEGER));
+
+done:
+ if (!NT_SUCCESS(Status))
+ {
+ if (SecretObject != NULL)
+ LsapCloseDbObject(SecretObject);
+ }
+ else
+ {
+ *SecretHandle = (LSAPR_HANDLE)SecretObject;
+ }
+
+ if (SecretsObject != NULL)
+ LsapCloseDbObject(SecretsObject);
+
+ return STATUS_SUCCESS;
}
@@ -958,8 +1038,28 @@
LSAPR_HANDLE AccountHandle,
ACCESS_MASK *SystemAccess)
{
- UNIMPLEMENTED;
- return STATUS_NOT_IMPLEMENTED;
+ PLSA_DB_OBJECT AccountObject;
+ ULONG Size;
+ NTSTATUS Status;
+
+ /* Validate the account handle */
+ Status = LsapValidateDbObject(AccountHandle,
+ LsaDbAccountObject,
+ ACCOUNT_VIEW,
+ &AccountObject);
+ if (!NT_SUCCESS(Status))
+ {
+ ERR("Invalid handle (Status %lx)\n", Status);
+ return Status;
+ }
+
+ /* Get the system access flags */
+ Status = LsapGetObjectAttribute(AccountObject,
+ L"ActSysAc",
+ SystemAccess,
+ &Size);
+
+ return Status;
}
@@ -968,8 +1068,27 @@
LSAPR_HANDLE AccountHandle,
ACCESS_MASK SystemAccess)
{
- UNIMPLEMENTED;
- return STATUS_NOT_IMPLEMENTED;
+ PLSA_DB_OBJECT AccountObject;
+ NTSTATUS Status;
+
+ /* Validate the account handle */
+ Status = LsapValidateDbObject(AccountHandle,
+ LsaDbAccountObject,
+ ACCOUNT_ADJUST_SYSTEM_ACCESS,
+ &AccountObject);
+ if (!NT_SUCCESS(Status))
+ {
+ ERR("Invalid handle (Status %lx)\n", Status);
+ return Status;
+ }
+
+ /* Set the system access flags */
+ Status = LsapSetObjectAttribute(AccountObject,
+ L"ActSysAc",
+ &SystemAccess,
+ sizeof(ACCESS_MASK));
+
+ return Status;
}
@@ -1014,8 +1133,61 @@
ACCESS_MASK DesiredAccess,
LSAPR_HANDLE *SecretHandle)
{
- UNIMPLEMENTED;
- return STATUS_NOT_IMPLEMENTED;
+ PLSA_DB_OBJECT PolicyObject;
+ PLSA_DB_OBJECT SecretsObject = NULL;
+ PLSA_DB_OBJECT SecretObject = NULL;
+ NTSTATUS Status = STATUS_SUCCESS;
+
+ /* Validate the PolicyHandle */
+ Status = LsapValidateDbObject(PolicyHandle,
+ LsaDbPolicyObject,
+ POLICY_CREATE_SECRET,
+ &PolicyObject);
+ if (!NT_SUCCESS(Status))
+ {
+ ERR("LsapValidateDbObject returned 0x%08lx\n", Status);
+ return Status;
+ }
+
+ /* Open the Secrets object */
+ Status = LsapOpenDbObject(PolicyObject,
+ L"Secrets",
+ LsaDbContainerObject,
+ 0,
+ &SecretsObject);
+ if (!NT_SUCCESS(Status))
+ {
+ ERR("LsapCreateDbObject (Secrets) failed (Status 0x%08lx)\n", Status);
+ goto done;
+ }
+
+ /* Create the secret object */
+ Status = LsapOpenDbObject(SecretsObject,
+ SecretName->Buffer,
+ LsaDbSecretObject,
+ DesiredAccess,
+ &SecretObject);
+ if (!NT_SUCCESS(Status))
+ {
+ ERR("LsapOpenDbObject (Secret) failed (Status 0x%08lx)\n", Status);
+ goto done;
+ }
+
+done:
+ if (!NT_SUCCESS(Status))
+ {
+ if (SecretObject != NULL)
+ LsapCloseDbObject(SecretObject);
+ }
+ else
+ {
+ *SecretHandle = (LSAPR_HANDLE)SecretObject;
+ }
+
+ if (SecretsObject != NULL)
+ LsapCloseDbObject(SecretsObject);
+
+ return STATUS_SUCCESS;
}
@@ -1147,7 +1319,7 @@
Status = LsapValidateDbObject(PolicyHandle,
LsaDbPolicyObject,
- 0, /* FIXME */
+ ACCOUNT_VIEW,
&PolicyObject);
if (!NT_SUCCESS(Status))
return Status;
Modified: trunk/reactos/include/psdk/ntsecapi.h
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/include/psdk/ntsecapi.h?re…
==============================================================================
--- trunk/reactos/include/psdk/ntsecapi.h [iso-8859-1] (original)
+++ trunk/reactos/include/psdk/ntsecapi.h [iso-8859-1] Sat Aug 25 15:40:06 2012
@@ -679,6 +679,7 @@
NTSTATUS NTAPI LsaClose(LSA_HANDLE);
NTSTATUS NTAPI LsaConnectUntrusted(PHANDLE);
NTSTATUS NTAPI LsaCreateAccount(LSA_HANDLE, PSID, ACCESS_MASK, PLSA_HANDLE);
+NTSTATUS NTAPI LsaCreateSecret(LSA_HANDLE, PLSA_UNICODE_STRING, ACCESS_MASK,
PLSA_HANDLE);
NTSTATUS NTAPI LsaCreateTrustedDomain(LSA_HANDLE, PLSA_TRUST_INFORMATION,
ACCESS_MASK, PLSA_HANDLE);
NTSTATUS NTAPI LsaCreateTrustedDomainEx(LSA_HANDLE, PTRUSTED_DOMAIN_INFORMATION_EX,
@@ -695,6 +696,7 @@
PVOID*,ULONG,PULONG);
NTSTATUS NTAPI LsaFreeMemory(PVOID);
NTSTATUS NTAPI LsaFreeReturnBuffer(PVOID);
+NTSTATUS NTAPI LsaGetSystemAccessAccount(LSA_HANDLE, PULONG);
NTSTATUS NTAPI LsaLogonUser(HANDLE,PLSA_STRING,SECURITY_LOGON_TYPE,ULONG,PVOID,
ULONG,PTOKEN_GROUPS,PTOKEN_SOURCE,PVOID*,PULONG,
PLUID,PHANDLE,PQUOTA_LIMITS,PNTSTATUS);
@@ -711,6 +713,7 @@
NTSTATUS NTAPI LsaOpenAccount(LSA_HANDLE, PSID, ACCESS_MASK, PLSA_HANDLE);
NTSTATUS NTAPI LsaOpenPolicy(PLSA_UNICODE_STRING,PLSA_OBJECT_ATTRIBUTES,
ACCESS_MASK,PLSA_HANDLE);
+NTSTATUS NTAPI LsaOpenSecret(LSA_HANDLE, PLSA_UNICODE_STRING, ACCESS_MASK, PLSA_HANDLE);
NTSTATUS NTAPI LsaOpenTrustedDomainByName(LSA_HANDLE, PLSA_UNICODE_STRING,
ACCESS_MASK, PLSA_HANDLE);
NTSTATUS NTAPI LsaQueryDomainInformationPolicy(LSA_HANDLE,
@@ -732,6 +735,7 @@
NTSTATUS NTAPI LsaSetInformationPolicy(LSA_HANDLE,POLICY_INFORMATION_CLASS, PVOID);
NTSTATUS NTAPI LsaSetLocalInformationPolicy(LSA_HANDLE,
POLICY_LOCAL_INFORMATION_CLASS,PVOID);
+NTSTATUS NTAPI LsaSetSystemAccessAccount(LSA_HANDLE, ULONG);
NTSTATUS NTAPI LsaSetTrustedDomainInformation(LSA_HANDLE,PSID,
TRUSTED_INFORMATION_CLASS,PVOID);
NTSTATUS NTAPI LsaSetTrustedDomainInfoByName(LSA_HANDLE,PLSA_UNICODE_STRING,