Author: ekohl Date: Sat Jul 3 22:51:44 2010 New Revision: 47934 URL: http://svn.reactos.org/svn/reactos?rev=47934&view=rev Log: [ADVAPI32/LSASRV] - Implement LookupPrivilegeValueW and LsaLookupPrivilegeValue. - Move lookup code from LookupPrivilegeValueW to LsarLookupPrivilegeValue. Modified: trunk/reactos/dll/win32/advapi32/advapi32.spec trunk/reactos/dll/win32/advapi32/sec/lsa.c trunk/reactos/dll/win32/advapi32/sec/misc.c trunk/reactos/dll/win32/lsasrv/lsarpc.c trunk/reactos/include/psdk/ntsecapi.h Modified: trunk/reactos/dll/win32/advapi32/advapi32.spec URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/advapi32/advapi3… ============================================================================== --- trunk/reactos/dll/win32/advapi32/advapi32.spec [iso-8859-1] (original) +++ trunk/reactos/dll/win32/advapi32/advapi32.spec [iso-8859-1] Sat Jul 3 22:51:44 2010 @@ -374,7 +374,7 @@ @ stdcall LsaLookupNames2(ptr long long ptr ptr ptr) @ stub LsaLookupPrivilegeDisplayName @ stub LsaLookupPrivilegeName -@ stub LsaLookupPrivilegeValue +@ stdcall LsaLookupPrivilegeValue(ptr ptr ptr) @ stdcall LsaLookupSids(ptr long ptr ptr ptr) @ stdcall LsaNtStatusToWinError(long) @ stub LsaOpenAccount Modified: trunk/reactos/dll/win32/advapi32/sec/lsa.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/advapi32/sec/lsa… ============================================================================== --- trunk/reactos/dll/win32/advapi32/sec/lsa.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/advapi32/sec/lsa.c [iso-8859-1] Sat Jul 3 22:51:44 2010 @@ -397,6 +397,37 @@ } /* + * @implemented + */ +NTSTATUS +WINAPI +LsaLookupPrivilegeValue(IN LSA_HANDLE PolicyHandle, + IN PLSA_UNICODE_STRING Name, + OUT PLUID Value) +{ + LUID Luid; + NTSTATUS Status; + + FIXME("(%p,%p,%p) stub\n", PolicyHandle, Name, Value); + + RpcTryExcept + { + Status = LsarLookupPrivilegeValue(PolicyHandle, + (PRPC_UNICODE_STRING)Name, + &Luid); + if (Status == STATUS_SUCCESS) + *Value = Luid; + } + RpcExcept(EXCEPTION_EXECUTE_HANDLER) + { + Status = I_RpcMapWin32Status(RpcExceptionCode()); + } + RpcEndExcept; + + return Status; +} + +/* * @unimplemented */ NTSTATUS Modified: trunk/reactos/dll/win32/advapi32/sec/misc.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/advapi32/sec/mis… ============================================================================== --- trunk/reactos/dll/win32/advapi32/sec/misc.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/advapi32/sec/misc.c [iso-8859-1] Sat Jul 3 22:51:44 2010 @@ -1409,81 +1409,51 @@ /********************************************************************** - * LookupPrivilegeValueW EXPORTED - * - * @unimplemented - */ -BOOL -WINAPI -LookupPrivilegeValueW(LPCWSTR SystemName, - LPCWSTR PrivName, - PLUID Luid) -{ - static const WCHAR * const DefaultPrivNames[] = - { - L"SeCreateTokenPrivilege", - L"SeAssignPrimaryTokenPrivilege", - L"SeLockMemoryPrivilege", - L"SeIncreaseQuotaPrivilege", - L"SeMachineAccountPrivilege", - L"SeTcbPrivilege", - L"SeSecurityPrivilege", - L"SeTakeOwnershipPrivilege", - L"SeLoadDriverPrivilege", - L"SeSystemProfilePrivilege", - L"SeSystemtimePrivilege", - L"SeProfileSingleProcessPrivilege", - L"SeIncreaseBasePriorityPrivilege", - L"SeCreatePagefilePrivilege", - L"SeCreatePermanentPrivilege", - L"SeBackupPrivilege", - L"SeRestorePrivilege", - L"SeShutdownPrivilege", - L"SeDebugPrivilege", - L"SeAuditPrivilege", - L"SeSystemEnvironmentPrivilege", - L"SeChangeNotifyPrivilege", - L"SeRemoteShutdownPrivilege", - L"SeUndockPrivilege", - L"SeSyncAgentPrivilege", - L"SeEnableDelegationPrivilege", - L"SeManageVolumePrivilege", - L"SeImpersonatePrivilege", - L"SeCreateGlobalPrivilege" - }; - unsigned Priv; - - if (!ADVAPI_IsLocalComputer(SystemName)) - { - SetLastError(RPC_S_SERVER_UNAVAILABLE); - return FALSE; - } - if (!PrivName) - { - SetLastError(ERROR_NO_SUCH_PRIVILEGE); - return FALSE; - } - - if (NULL != SystemName && L'\0' != *SystemName) - { - FIXME("LookupPrivilegeValueW: not implemented for remote system\n"); - SetLastError(ERROR_CALL_NOT_IMPLEMENTED); - return FALSE; - } - - for (Priv = 0; Priv < sizeof(DefaultPrivNames) / sizeof(DefaultPrivNames[0]); Priv++) - { - if (0 == _wcsicmp(PrivName, DefaultPrivNames[Priv])) - { - Luid->LowPart = Priv + SE_MIN_WELL_KNOWN_PRIVILEGE; - Luid->HighPart = 0; - return TRUE; - } - } - - WARN("LookupPrivilegeValueW: no such privilege %S\n", PrivName); - SetLastError(ERROR_NO_SUCH_PRIVILEGE); - return FALSE; + * LookupPrivilegeValueW + * + * @implemented + */ +BOOL +WINAPI +LookupPrivilegeValueW(LPCWSTR lpSystemName, + LPCWSTR lpPrivilegeName, + PLUID lpLuid) +{ + LSA_OBJECT_ATTRIBUTES ObjectAttributes = {0}; + LSA_UNICODE_STRING SystemName; + LSA_UNICODE_STRING PrivilegeName; + LSA_HANDLE PolicyHandle = NULL; + NTSTATUS Status; + + RtlInitUnicodeString(&SystemName, + lpSystemName); + + Status = LsaOpenPolicy(lpSystemName ? &SystemName : NULL, + &ObjectAttributes, + POLICY_LOOKUP_NAMES, + &PolicyHandle); + if (!NT_SUCCESS(Status)) + { + SetLastError(LsaNtStatusToWinError(Status)); + return FALSE; + } + + RtlInitUnicodeString(&PrivilegeName, + lpPrivilegeName); + + Status = LsaLookupPrivilegeValue(PolicyHandle, + &PrivilegeName, + lpLuid); + + LsaClose(PolicyHandle); + + if (!NT_SUCCESS(Status)) + { + SetLastError(LsaNtStatusToWinError(Status)); + return FALSE; + } + + return TRUE; } Modified: trunk/reactos/dll/win32/lsasrv/lsarpc.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/lsasrv/lsarpc.c?… ============================================================================== --- trunk/reactos/dll/win32/lsasrv/lsarpc.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/lsasrv/lsarpc.c [iso-8859-1] Sat Jul 3 22:51:44 2010 @@ -10,12 +10,19 @@ #include <wine/debug.h> +typedef enum _LSA_DB_HANDLE_TYPE +{ + LsaDbIgnoreHandle, + LsaDbPolicyHandle, + LsaDbAccountHandle +} LSA_DB_HANDLE_TYPE, *PLSA_DB_HANDLE_TYPE; + typedef struct _LSA_DB_HANDLE { ULONG Signature; - ULONG Type; + LSA_DB_HANDLE_TYPE HandleType; LONG RefCount; - ACCESS_MASK AccessGranted; + ACCESS_MASK Access; } LSA_DB_HANDLE, *PLSA_DB_HANDLE; #define LSAP_DB_SIGNATURE 0x12345678 @@ -28,7 +35,8 @@ /* FUNCTIONS ***************************************************************/ static LSAPR_HANDLE -LsapCreateDbHandle(ULONG Type) +LsapCreateDbHandle(LSA_DB_HANDLE_TYPE HandleType, + ACCESS_MASK DesiredAccess) { PLSA_DB_HANDLE DbHandle; @@ -41,7 +49,8 @@ { DbHandle->Signature = LSAP_DB_SIGNATURE; DbHandle->RefCount = 1; - DbHandle->Type = Type; + DbHandle->HandleType = HandleType; + DbHandle->Access = DesiredAccess; } // RtlLeaveCriticalSection(&PolicyHandleTableLock); @@ -51,7 +60,8 @@ static BOOL -LsapValidateDbHandle(LSAPR_HANDLE Handle) +LsapValidateDbHandle(LSAPR_HANDLE Handle, + LSA_DB_HANDLE_TYPE HandleType) { PLSA_DB_HANDLE DbHandle = (PLSA_DB_HANDLE)Handle; BOOL bValid = FALSE; @@ -59,7 +69,12 @@ _SEH2_TRY { if (DbHandle->Signature == LSAP_DB_SIGNATURE) - bValid = TRUE; + { + if (HandleType == LsaDbIgnoreHandle) + bValid = TRUE; + else if (DbHandle->HandleType == HandleType) + bValid = TRUE; + } } _SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER) { @@ -81,7 +96,7 @@ RtlInitializeCriticalSection(&PolicyHandleTableLock); - TRACE("LsarStartRpcServer() called"); + TRACE("LsarStartRpcServer() called\n"); Status = RpcServerUseProtseqEpW(L"ncacn_np", 10, @@ -129,7 +144,7 @@ // RtlEnterCriticalSection(&PolicyHandleTableLock); - if (LsapValidateDbHandle(*ObjectHandle)) + if (LsapValidateDbHandle(*ObjectHandle, LsaDbIgnoreHandle)) { RtlFreeHeap(RtlGetProcessHeap(), 0, *ObjectHandle); *ObjectHandle = NULL; @@ -213,7 +228,8 @@ RtlEnterCriticalSection(&PolicyHandleTableLock); - *PolicyHandle = LsapCreateDbHandle(0); + *PolicyHandle = LsapCreateDbHandle(LsaDbPolicyHandle, + DesiredAccess); if (*PolicyHandle == NULL) Status = STATUS_INSUFFICIENT_RESOURCES; @@ -504,8 +520,63 @@ PRPC_UNICODE_STRING Name, PLUID Value) { - UNIMPLEMENTED; - return STATUS_NOT_IMPLEMENTED; + static const WCHAR * const DefaultPrivNames[] = + { + L"SeCreateTokenPrivilege", + L"SeAssignPrimaryTokenPrivilege", + L"SeLockMemoryPrivilege", + L"SeIncreaseQuotaPrivilege", + L"SeMachineAccountPrivilege", + L"SeTcbPrivilege", + L"SeSecurityPrivilege", + L"SeTakeOwnershipPrivilege", + L"SeLoadDriverPrivilege", + L"SeSystemProfilePrivilege", + L"SeSystemtimePrivilege", + L"SeProfileSingleProcessPrivilege", + L"SeIncreaseBasePriorityPrivilege", + L"SeCreatePagefilePrivilege", + L"SeCreatePermanentPrivilege", + L"SeBackupPrivilege", + L"SeRestorePrivilege", + L"SeShutdownPrivilege", + L"SeDebugPrivilege", + L"SeAuditPrivilege", + L"SeSystemEnvironmentPrivilege", + L"SeChangeNotifyPrivilege", + L"SeRemoteShutdownPrivilege", + L"SeUndockPrivilege", + L"SeSyncAgentPrivilege", + L"SeEnableDelegationPrivilege", + L"SeManageVolumePrivilege", + L"SeImpersonatePrivilege", + L"SeCreateGlobalPrivilege" + }; + ULONG Priv; + + + TRACE("LsarLookupPrivilegeValue(%p, %wZ, %p)\n", + PolicyHandle, Name, Value); + + if (!LsapValidateDbHandle(PolicyHandle, LsaDbPolicyHandle)) + { + ERR("Invalid handle\n"); + return STATUS_INVALID_HANDLE; + } + + for (Priv = 0; Priv < sizeof(DefaultPrivNames) / sizeof(DefaultPrivNames[0]); Priv++) + { + if (0 == _wcsicmp(Name->Buffer, DefaultPrivNames[Priv])) + { + Value->LowPart = Priv + SE_MIN_WELL_KNOWN_PRIVILEGE; + Value->HighPart = 0; + return STATUS_SUCCESS; + } + } + + WARN("LsarLookupPrivilegeValue: no such privilege %wZ\n", Name); + + return STATUS_NO_SUCH_PRIVILEGE; } @@ -562,7 +633,7 @@ { FIXME("(%p,%p,%p) stub\n", PolicyHandle, AccountSid, UserRights); - if (!LsapValidateDbHandle(PolicyHandle)) + if (!LsapValidateDbHandle(PolicyHandle, LsaDbPolicyHandle)) return STATUS_INVALID_HANDLE; UserRights->Entries = 0; Modified: trunk/reactos/include/psdk/ntsecapi.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/include/psdk/ntsecapi.h?re… ============================================================================== --- trunk/reactos/include/psdk/ntsecapi.h [iso-8859-1] (original) +++ trunk/reactos/include/psdk/ntsecapi.h [iso-8859-1] Sat Jul 3 22:51:44 2010 @@ -698,6 +698,7 @@ PLSA_REFERENCED_DOMAIN_LIST*,PLSA_TRANSLATED_SID*); NTSTATUS NTAPI LsaLookupNames2(LSA_HANDLE,ULONG,ULONG,PLSA_UNICODE_STRING, PLSA_REFERENCED_DOMAIN_LIST*,PLSA_TRANSLATED_SID2*); +NTSTATUS NTAPI LsaLookupPrivilegeValue(LSA_HANDLE, PLSA_UNICODE_STRING, PLUID); NTSTATUS NTAPI LsaLookupSids(LSA_HANDLE,ULONG,PSID*, PLSA_REFERENCED_DOMAIN_LIST*,PLSA_TRANSLATED_NAME*); ULONG NTAPI LsaNtStatusToWinError(NTSTATUS);