Author: ekohl Date: Sun Nov 25 13:47:07 2012 New Revision: 57767 URL: http://svn.reactos.org/svn/reactos?rev=57767&view=rev Log: [LSASRV] - Add enumeration of user rights to LsarEnumerateAccountRights. - Use RPC_UNICODE_STRING instead of UNICODE_STRING in the privilege lookup code. Modified: trunk/reactos/dll/win32/lsasrv/lsarpc.c trunk/reactos/dll/win32/lsasrv/lsasrv.h trunk/reactos/dll/win32/lsasrv/privileges.c Modified: trunk/reactos/dll/win32/lsasrv/lsarpc.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/lsasrv/lsarpc.c?… ============================================================================== --- trunk/reactos/dll/win32/lsasrv/lsarpc.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/lsasrv/lsarpc.c [iso-8859-1] Sun Nov 25 13:47:07 2012 @@ -1915,7 +1915,7 @@ TRACE("Privilege: %wZ\n", Name); - Status = LsarpLookupPrivilegeValue((PUNICODE_STRING)Name, + Status = LsarpLookupPrivilegeValue(Name, Value); return Status; @@ -1944,7 +1944,7 @@ } Status = LsarpLookupPrivilegeName(Value, - (PUNICODE_STRING*)Name); + Name); return Status; } @@ -1994,9 +1994,10 @@ PLSAPR_PRIVILEGE_SET PrivilegeSet = NULL; PRPC_UNICODE_STRING RightsBuffer = NULL; PRPC_UNICODE_STRING PrivilegeString; + ACCESS_MASK SystemAccess; ULONG RightsCount; ULONG RightsIndex; - ULONG PrivIndex; + ULONG i; NTSTATUS Status; TRACE("LsarEnumerateAccountRights(%p %p %p)\n", @@ -2022,13 +2023,23 @@ goto done; } - /* FIXME: Get account rights */ - + /* Get account rights */ + Status = LsarGetSystemAccessAccount(AccountHandle, + &SystemAccess); + if (!NT_SUCCESS(Status)) + { + ERR("LsarGetSystemAccessAccount returned 0x%08lx\n", Status); + goto done; + } RightsCount = PrivilegeSet->PrivilegeCount; - /* FIXME: Count account rights */ - + /* Count account rights */ + for (i = 0; i < sizeof(ACCESS_MASK) * 8; i++) + { + if (SystemAccess & (1 << i)) + RightsCount++; + } /* We are done if there are no rights to be enumerated */ if (RightsCount == 0) @@ -2049,25 +2060,41 @@ /* Copy the privileges into the buffer */ RightsIndex = 0; - for (PrivIndex = 0; PrivIndex < PrivilegeSet->PrivilegeCount; PrivIndex++) + for (i = 0; i < PrivilegeSet->PrivilegeCount; i++) { PrivilegeString = NULL; Status = LsarLookupPrivilegeName(PolicyHandle, - (PLUID)&PrivilegeSet->Privilege[PrivIndex].Luid, - (PRPC_UNICODE_STRING *)&PrivilegeString); + (PLUID)&PrivilegeSet->Privilege[i].Luid, + &PrivilegeString); if (!NT_SUCCESS(Status)) goto done; - RightsBuffer[RightsIndex].Length = PrivilegeString->Length; - RightsBuffer[RightsIndex].MaximumLength = PrivilegeString->MaximumLength; - RightsBuffer[RightsIndex].Buffer = PrivilegeString->Buffer; + RightsBuffer[i].Length = PrivilegeString->Length; + RightsBuffer[i].MaximumLength = PrivilegeString->MaximumLength; + RightsBuffer[i].Buffer = PrivilegeString->Buffer; MIDL_user_free(PrivilegeString); RightsIndex++; } - /* FIXME: Copy account rights into the buffer */ - + /* Copy account rights into the buffer */ + for (i = 0; i < sizeof(ACCESS_MASK) * 8; i++) + { + if (SystemAccess & (1 << i)) + { + Status = LsapLookupAccountRightName(1 << i, + &PrivilegeString); + if (!NT_SUCCESS(Status)) + goto done; + + RightsBuffer[i].Length = PrivilegeString->Length; + RightsBuffer[i].MaximumLength = PrivilegeString->MaximumLength; + RightsBuffer[i].Buffer = PrivilegeString->Buffer; + + MIDL_user_free(PrivilegeString); + RightsIndex++; + } + } UserRights->Entries = RightsCount; UserRights->UserRights = (PRPC_UNICODE_STRING)RightsBuffer; Modified: trunk/reactos/dll/win32/lsasrv/lsasrv.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/lsasrv/lsasrv.h?… ============================================================================== --- trunk/reactos/dll/win32/lsasrv/lsasrv.h [iso-8859-1] (original) +++ trunk/reactos/dll/win32/lsasrv/lsasrv.h [iso-8859-1] Sun Nov 25 13:47:07 2012 @@ -252,16 +252,20 @@ /* privileges.c */ NTSTATUS LsarpLookupPrivilegeName(PLUID Value, - PUNICODE_STRING *Name); - -NTSTATUS -LsarpLookupPrivilegeValue(PUNICODE_STRING Name, + PRPC_UNICODE_STRING *Name); + +NTSTATUS +LsarpLookupPrivilegeValue(PRPC_UNICODE_STRING Name, PLUID Value); NTSTATUS LsarpEnumeratePrivileges(DWORD *EnumerationContext, PLSAPR_PRIVILEGE_ENUM_BUFFER EnumerationBuffer, DWORD PreferedMaximumLength); + +NTSTATUS +LsapLookupAccountRightName(ULONG RightValue, + PRPC_UNICODE_STRING *Name); /* registry.h */ NTSTATUS Modified: trunk/reactos/dll/win32/lsasrv/privileges.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/lsasrv/privilege… ============================================================================== --- trunk/reactos/dll/win32/lsasrv/privileges.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/lsasrv/privileges.c [iso-8859-1] Sun Nov 25 13:47:07 2012 @@ -17,6 +17,12 @@ LUID Luid; LPCWSTR Name; } PRIVILEGE_DATA; + +typedef struct +{ + ULONG Flag; + LPCWSTR Name; +} RIGHT_DATA; /* GLOBALS *****************************************************************/ @@ -54,14 +60,28 @@ {{SE_CREATE_GLOBAL_PRIVILEGE, 0}, SE_CREATE_GLOBAL_NAME} }; +static const RIGHT_DATA WellKnownRights[] = +{ + {SECURITY_ACCESS_INTERACTIVE_LOGON, SE_INTERACTIVE_LOGON_NAME}, + {SECURITY_ACCESS_NETWORK_LOGON, SE_NETWORK_LOGON_NAME}, + {SECURITY_ACCESS_BATCH_LOGON, SE_BATCH_LOGON_NAME}, + {SECURITY_ACCESS_SERVICE_LOGON, SE_SERVICE_LOGON_NAME}, + {SECURITY_ACCESS_DENY_INTERACTIVE_LOGON, SE_DENY_INTERACTIVE_LOGON_NAME}, + {SECURITY_ACCESS_DENY_NETWORK_LOGON, SE_DENY_NETWORK_LOGON_NAME}, + {SECURITY_ACCESS_DENY_BATCH_LOGON, SE_DENY_BATCH_LOGON_NAME}, + {SECURITY_ACCESS_DENY_SERVICE_LOGON, SE_DENY_SERVICE_LOGON_NAME}, + {SECURITY_ACCESS_REMOTE_INTERACTIVE_LOGON, SE_REMOTE_INTERACTIVE_LOGON_NAME}, + {SECURITY_ACCESS_DENY_REMOTE_INTERACTIVE_LOGON, SE_DENY_REMOTE_INTERACTIVE_LOGON_NAME} +}; + /* FUNCTIONS ***************************************************************/ NTSTATUS LsarpLookupPrivilegeName(PLUID Value, - PUNICODE_STRING *Name) -{ - PUNICODE_STRING NameBuffer; + PRPC_UNICODE_STRING *Name) +{ + PRPC_UNICODE_STRING NameBuffer; ULONG Priv; if (Value->HighPart != 0 || @@ -76,7 +96,7 @@ if (Value->LowPart == WellKnownPrivileges[Priv].Luid.LowPart && Value->HighPart == WellKnownPrivileges[Priv].Luid.HighPart) { - NameBuffer = MIDL_user_allocate(sizeof(UNICODE_STRING)); + NameBuffer = MIDL_user_allocate(sizeof(RPC_UNICODE_STRING)); if (NameBuffer == NULL) return STATUS_NO_MEMORY; @@ -103,7 +123,7 @@ NTSTATUS -LsarpLookupPrivilegeValue(PUNICODE_STRING Name, +LsarpLookupPrivilegeValue(PRPC_UNICODE_STRING Name, PLUID Value) { ULONG Priv; @@ -218,4 +238,43 @@ Status = STATUS_MORE_ENTRIES; return Status; -} +} + + +NTSTATUS +LsapLookupAccountRightName(ULONG RightValue, + PRPC_UNICODE_STRING *Name) +{ + PRPC_UNICODE_STRING NameBuffer; + ULONG i; + + for (i = 0; i < sizeof(WellKnownRights) / sizeof(WellKnownRights[0]); i++) + { + if (WellKnownRights[i].Flag == RightValue) + { + NameBuffer = MIDL_user_allocate(sizeof(RPC_UNICODE_STRING)); + if (NameBuffer == NULL) + return STATUS_NO_MEMORY; + + NameBuffer->Length = wcslen(WellKnownRights[i].Name) * sizeof(WCHAR); + NameBuffer->MaximumLength = NameBuffer->Length + sizeof(WCHAR); + + NameBuffer->Buffer = MIDL_user_allocate(NameBuffer->MaximumLength); + if (NameBuffer == NULL) + { + MIDL_user_free(NameBuffer); + return STATUS_INSUFFICIENT_RESOURCES; + } + + wcscpy(NameBuffer->Buffer, WellKnownRights[i].Name); + + *Name = NameBuffer; + + return STATUS_SUCCESS; + } + } + + return STATUS_NO_SUCH_PRIVILEGE; +} + +/* EOF */