[ekohl] 47934: [ADVAPI32/LSASRV] - Implement LookupPrivilegeValueW and LsaLookupPrivilegeValue. - Move lookup code from LookupPrivilegeValueW to LsarLookupPrivilegeValue. - Ros-diffs

3 Jul 2010

Author: ekohl
Date: Sat Jul  3 22:51:44 2010
New Revision: 47934
URL: http://svn.reactos.org/svn/reactos?rev=47934&view=rev
Log:
[ADVAPI32/LSASRV]
- Implement LookupPrivilegeValueW and LsaLookupPrivilegeValue.
- Move lookup code from LookupPrivilegeValueW to LsarLookupPrivilegeValue.
Modified:
    trunk/reactos/dll/win32/advapi32/advapi32.spec
    trunk/reactos/dll/win32/advapi32/sec/lsa.c
    trunk/reactos/dll/win32/advapi32/sec/misc.c
    trunk/reactos/dll/win32/lsasrv/lsarpc.c
    trunk/reactos/include/psdk/ntsecapi.h
Modified: trunk/reactos/dll/win32/advapi32/advapi32.spec
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/advapi32/advapi32...
==============================================================================

--- trunk/reactos/dll/win32/advapi32/advapi32.spec [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/advapi32/advapi32.spec [iso-8859-1] Sat Jul  3 22:51:44 2010
@@ -374,7 +374,7 @@
 @ stdcall LsaLookupNames2(ptr long long ptr ptr ptr)
 @ stub LsaLookupPrivilegeDisplayName
 @ stub LsaLookupPrivilegeName
-@ stub LsaLookupPrivilegeValue
+@ stdcall LsaLookupPrivilegeValue(ptr ptr ptr)
 @ stdcall LsaLookupSids(ptr long ptr ptr ptr)
 @ stdcall LsaNtStatusToWinError(long)
 @ stub LsaOpenAccount
Modified: trunk/reactos/dll/win32/advapi32/sec/lsa.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/advapi32/sec/lsa....
==============================================================================
--- trunk/reactos/dll/win32/advapi32/sec/lsa.c [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/advapi32/sec/lsa.c [iso-8859-1] Sat Jul  3 22:51:44 2010
@@ -397,6 +397,37 @@
 }
/*
+ * @implemented
+ */
+NTSTATUS
+WINAPI
+LsaLookupPrivilegeValue(IN LSA_HANDLE PolicyHandle,
+                        IN PLSA_UNICODE_STRING Name,
+                        OUT PLUID Value)
+{
+    LUID Luid;
+    NTSTATUS Status;
+
+    FIXME("(%p,%p,%p) stub\n", PolicyHandle, Name, Value);
+
+    RpcTryExcept
+    {
+        Status = LsarLookupPrivilegeValue(PolicyHandle,
+                                          (PRPC_UNICODE_STRING)Name,
+                                          &Luid);
+        if (Status == STATUS_SUCCESS)
+            *Value = Luid;
+    }
+    RpcExcept(EXCEPTION_EXECUTE_HANDLER)
+    {
+        Status = I_RpcMapWin32Status(RpcExceptionCode());
+    }
+    RpcEndExcept;
+
+    return Status;
+}
+
+/*
  * @unimplemented
  */
 NTSTATUS
Modified: trunk/reactos/dll/win32/advapi32/sec/misc.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/advapi32/sec/misc...
==============================================================================
--- trunk/reactos/dll/win32/advapi32/sec/misc.c [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/advapi32/sec/misc.c [iso-8859-1] Sat Jul  3 22:51:44 2010
@@ -1409,81 +1409,51 @@
/**********************************************************************
- * LookupPrivilegeValueW				EXPORTED
- *
- * @unimplemented
- */
-BOOL
-WINAPI
-LookupPrivilegeValueW(LPCWSTR SystemName,
-                      LPCWSTR PrivName,
-                      PLUID Luid)
-{
-  static const WCHAR * const DefaultPrivNames[] =
-    {
-      L"SeCreateTokenPrivilege",
-      L"SeAssignPrimaryTokenPrivilege",
-      L"SeLockMemoryPrivilege",
-      L"SeIncreaseQuotaPrivilege",
-      L"SeMachineAccountPrivilege",
-      L"SeTcbPrivilege",
-      L"SeSecurityPrivilege",
-      L"SeTakeOwnershipPrivilege",
-      L"SeLoadDriverPrivilege",
-      L"SeSystemProfilePrivilege",
-      L"SeSystemtimePrivilege",
-      L"SeProfileSingleProcessPrivilege",
-      L"SeIncreaseBasePriorityPrivilege",
-      L"SeCreatePagefilePrivilege",
-      L"SeCreatePermanentPrivilege",
-      L"SeBackupPrivilege",
-      L"SeRestorePrivilege",
-      L"SeShutdownPrivilege",
-      L"SeDebugPrivilege",
-      L"SeAuditPrivilege",
-      L"SeSystemEnvironmentPrivilege",
-      L"SeChangeNotifyPrivilege",
-      L"SeRemoteShutdownPrivilege",
-      L"SeUndockPrivilege",
-      L"SeSyncAgentPrivilege",
-      L"SeEnableDelegationPrivilege",
-      L"SeManageVolumePrivilege",
-      L"SeImpersonatePrivilege",
-      L"SeCreateGlobalPrivilege"
-    };
-  unsigned Priv;
-
-  if (!ADVAPI_IsLocalComputer(SystemName))
-    {
-        SetLastError(RPC_S_SERVER_UNAVAILABLE);
-        return FALSE;
-    }
-  if (!PrivName)
-    {
-        SetLastError(ERROR_NO_SUCH_PRIVILEGE);
-        return FALSE;
-    }
-
-  if (NULL != SystemName && L'\0' != *SystemName)
-    {
-      FIXME("LookupPrivilegeValueW: not implemented for remote system\n");
-      SetLastError(ERROR_CALL_NOT_IMPLEMENTED);
-      return FALSE;
-    }
-
-  for (Priv = 0; Priv < sizeof(DefaultPrivNames) / sizeof(DefaultPrivNames[0]); Priv++)
-    {
-      if (0 == _wcsicmp(PrivName, DefaultPrivNames[Priv]))
-        {
-          Luid->LowPart = Priv + SE_MIN_WELL_KNOWN_PRIVILEGE;
-          Luid->HighPart = 0;
-          return TRUE;
-        }
-    }
-
-  WARN("LookupPrivilegeValueW: no such privilege %S\n", PrivName);
-  SetLastError(ERROR_NO_SUCH_PRIVILEGE);
-  return FALSE;
+ * LookupPrivilegeValueW
+ *
+ * @implemented
+ */
+BOOL
+WINAPI
+LookupPrivilegeValueW(LPCWSTR lpSystemName,
+                      LPCWSTR lpPrivilegeName,
+                      PLUID lpLuid)
+{
+    LSA_OBJECT_ATTRIBUTES ObjectAttributes = {0};
+    LSA_UNICODE_STRING SystemName;
+    LSA_UNICODE_STRING PrivilegeName;
+    LSA_HANDLE PolicyHandle = NULL;
+    NTSTATUS Status;
+
+    RtlInitUnicodeString(&SystemName,
+                         lpSystemName);
+
+    Status = LsaOpenPolicy(lpSystemName ? &SystemName : NULL,
+                           &ObjectAttributes,
+                           POLICY_LOOKUP_NAMES,
+                           &PolicyHandle);
+    if (!NT_SUCCESS(Status))
+    {
+        SetLastError(LsaNtStatusToWinError(Status));
+        return FALSE;
+    }
+
+    RtlInitUnicodeString(&PrivilegeName,
+                         lpPrivilegeName);
+
+    Status = LsaLookupPrivilegeValue(PolicyHandle,
+                                     &PrivilegeName,
+                                     lpLuid);
+
+    LsaClose(PolicyHandle);
+
+    if (!NT_SUCCESS(Status))
+    {
+        SetLastError(LsaNtStatusToWinError(Status));
+        return FALSE;
+    }
+
+    return TRUE;
 }
Modified: trunk/reactos/dll/win32/lsasrv/lsarpc.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/lsasrv/lsarpc.c?r...
==============================================================================
--- trunk/reactos/dll/win32/lsasrv/lsarpc.c [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/lsasrv/lsarpc.c [iso-8859-1] Sat Jul  3 22:51:44 2010
@@ -10,12 +10,19 @@
#include <wine/debug.h>
+typedef enum _LSA_DB_HANDLE_TYPE
+{
+    LsaDbIgnoreHandle,
+    LsaDbPolicyHandle,
+    LsaDbAccountHandle
+} LSA_DB_HANDLE_TYPE, *PLSA_DB_HANDLE_TYPE;
+
 typedef struct _LSA_DB_HANDLE
 {
     ULONG Signature;
-    ULONG Type;
+    LSA_DB_HANDLE_TYPE HandleType;
     LONG RefCount;
-    ACCESS_MASK AccessGranted;
+    ACCESS_MASK Access;
 } LSA_DB_HANDLE, *PLSA_DB_HANDLE;
#define LSAP_DB_SIGNATURE 0x12345678
@@ -28,7 +35,8 @@
 /* FUNCTIONS ***************************************************************/
static LSAPR_HANDLE
-LsapCreateDbHandle(ULONG Type)
+LsapCreateDbHandle(LSA_DB_HANDLE_TYPE HandleType,
+                   ACCESS_MASK DesiredAccess)
 {
     PLSA_DB_HANDLE DbHandle;
@@ -41,7 +49,8 @@
     {
         DbHandle->Signature = LSAP_DB_SIGNATURE;
         DbHandle->RefCount = 1;
-        DbHandle->Type = Type;
+        DbHandle->HandleType = HandleType;
+        DbHandle->Access = DesiredAccess;
     }
//    RtlLeaveCriticalSection(&PolicyHandleTableLock);
@@ -51,7 +60,8 @@
static BOOL
-LsapValidateDbHandle(LSAPR_HANDLE Handle)
+LsapValidateDbHandle(LSAPR_HANDLE Handle,
+                     LSA_DB_HANDLE_TYPE HandleType)
 {
     PLSA_DB_HANDLE DbHandle = (PLSA_DB_HANDLE)Handle;
     BOOL bValid = FALSE;
@@ -59,7 +69,12 @@
     _SEH2_TRY
     {
         if (DbHandle->Signature == LSAP_DB_SIGNATURE)
-            bValid = TRUE;
+        {
+            if (HandleType == LsaDbIgnoreHandle)
+                bValid = TRUE;
+            else if (DbHandle->HandleType == HandleType)
+                bValid = TRUE;
+        }
     }
     _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
     {
@@ -81,7 +96,7 @@
RtlInitializeCriticalSection(&PolicyHandleTableLock);
-    TRACE("LsarStartRpcServer() called");
+    TRACE("LsarStartRpcServer() called\n");
Status = RpcServerUseProtseqEpW(L"ncacn_np",
                                     10,
@@ -129,7 +144,7 @@
//    RtlEnterCriticalSection(&PolicyHandleTableLock);
-    if (LsapValidateDbHandle(*ObjectHandle))
+    if (LsapValidateDbHandle(*ObjectHandle, LsaDbIgnoreHandle))
     {
         RtlFreeHeap(RtlGetProcessHeap(), 0, *ObjectHandle);
         *ObjectHandle = NULL;
@@ -213,7 +228,8 @@
RtlEnterCriticalSection(&PolicyHandleTableLock);
-    *PolicyHandle = LsapCreateDbHandle(0);
+    *PolicyHandle = LsapCreateDbHandle(LsaDbPolicyHandle,
+                                       DesiredAccess);
     if (*PolicyHandle == NULL)
         Status = STATUS_INSUFFICIENT_RESOURCES;
@@ -504,8 +520,63 @@
     PRPC_UNICODE_STRING Name,
     PLUID Value)
 {
-    UNIMPLEMENTED;
-    return STATUS_NOT_IMPLEMENTED;
+    static const WCHAR * const DefaultPrivNames[] =
+    {
+      L"SeCreateTokenPrivilege",
+      L"SeAssignPrimaryTokenPrivilege",
+      L"SeLockMemoryPrivilege",
+      L"SeIncreaseQuotaPrivilege",
+      L"SeMachineAccountPrivilege",
+      L"SeTcbPrivilege",
+      L"SeSecurityPrivilege",
+      L"SeTakeOwnershipPrivilege",
+      L"SeLoadDriverPrivilege",
+      L"SeSystemProfilePrivilege",
+      L"SeSystemtimePrivilege",
+      L"SeProfileSingleProcessPrivilege",
+      L"SeIncreaseBasePriorityPrivilege",
+      L"SeCreatePagefilePrivilege",
+      L"SeCreatePermanentPrivilege",
+      L"SeBackupPrivilege",
+      L"SeRestorePrivilege",
+      L"SeShutdownPrivilege",
+      L"SeDebugPrivilege",
+      L"SeAuditPrivilege",
+      L"SeSystemEnvironmentPrivilege",
+      L"SeChangeNotifyPrivilege",
+      L"SeRemoteShutdownPrivilege",
+      L"SeUndockPrivilege",
+      L"SeSyncAgentPrivilege",
+      L"SeEnableDelegationPrivilege",
+      L"SeManageVolumePrivilege",
+      L"SeImpersonatePrivilege",
+      L"SeCreateGlobalPrivilege"
+    };
+    ULONG Priv;
+
+
+    TRACE("LsarLookupPrivilegeValue(%p, %wZ, %p)\n",
+          PolicyHandle, Name, Value);
+
+    if (!LsapValidateDbHandle(PolicyHandle, LsaDbPolicyHandle))
+    {
+        ERR("Invalid handle\n");
+        return STATUS_INVALID_HANDLE;
+    }
+
+    for (Priv = 0; Priv < sizeof(DefaultPrivNames) / sizeof(DefaultPrivNames[0]); Priv++)
+    {
+        if (0 == _wcsicmp(Name->Buffer, DefaultPrivNames[Priv]))
+        {
+            Value->LowPart = Priv + SE_MIN_WELL_KNOWN_PRIVILEGE;
+            Value->HighPart = 0;
+            return STATUS_SUCCESS;
+        }
+    }
+
+    WARN("LsarLookupPrivilegeValue: no such privilege %wZ\n", Name);
+
+    return STATUS_NO_SUCH_PRIVILEGE;
 }
@@ -562,7 +633,7 @@
 {
     FIXME("(%p,%p,%p) stub\n", PolicyHandle, AccountSid, UserRights);
-    if (!LsapValidateDbHandle(PolicyHandle))
+    if (!LsapValidateDbHandle(PolicyHandle, LsaDbPolicyHandle))
         return STATUS_INVALID_HANDLE;
UserRights->Entries = 0;
Modified: trunk/reactos/include/psdk/ntsecapi.h
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/include/psdk/ntsecapi.h?rev...
==============================================================================
--- trunk/reactos/include/psdk/ntsecapi.h [iso-8859-1] (original)
+++ trunk/reactos/include/psdk/ntsecapi.h [iso-8859-1] Sat Jul  3 22:51:44 2010
@@ -698,6 +698,7 @@
                             PLSA_REFERENCED_DOMAIN_LIST*,PLSA_TRANSLATED_SID*);
 NTSTATUS NTAPI LsaLookupNames2(LSA_HANDLE,ULONG,ULONG,PLSA_UNICODE_STRING,
                             PLSA_REFERENCED_DOMAIN_LIST*,PLSA_TRANSLATED_SID2*);
+NTSTATUS NTAPI LsaLookupPrivilegeValue(LSA_HANDLE, PLSA_UNICODE_STRING, PLUID);
 NTSTATUS NTAPI LsaLookupSids(LSA_HANDLE,ULONG,PSID*,
                             PLSA_REFERENCED_DOMAIN_LIST*,PLSA_TRANSLATED_NAME*);
 ULONG NTAPI LsaNtStatusToWinError(NTSTATUS);

    