[ekohl] 57167: [ADVAPI32/LSASRV] - Implement LsaSetSeceret/LsarSetSecret (secret values are not encrypted yet) and LsaSetSystemAccessAccount. - Improve some TRACE messages.
Author: ekohl Date: Sun Aug 26 14:05:27 2012 New Revision: 57167
URL: http://svn.reactos.org/svn/reactos?rev=57167&view=rev Log: [ADVAPI32/LSASRV] - Implement LsaSetSeceret/LsarSetSecret (secret values are not encrypted yet) and LsaSetSystemAccessAccount. - Improve some TRACE messages.
Modified: trunk/reactos/dll/win32/advapi32/advapi32.spec trunk/reactos/dll/win32/advapi32/sec/lsa.c trunk/reactos/dll/win32/lsasrv/lsarpc.c trunk/reactos/include/psdk/ntlsa.h trunk/reactos/include/psdk/ntsecapi.h trunk/reactos/include/reactos/idl/lsa.idl
Modified: trunk/reactos/dll/win32/advapi32/advapi32.spec URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/advapi32/advapi32... ============================================================================== --- trunk/reactos/dll/win32/advapi32/advapi32.spec [iso-8859-1] (original) +++ trunk/reactos/dll/win32/advapi32/advapi32.spec [iso-8859-1] Sun Aug 26 14:05:27 2012 @@ -402,7 +402,7 @@ @ stub LsaSetQuotasForAccount @ stdcall LsaSetSecret(ptr ptr ptr) @ stub LsaSetSecurityObject -@ stub LsaSetSystemAccessAccount +@ stdcall LsaSetSystemAccessAccount(ptr long) @ stdcall LsaSetTrustedDomainInfoByName(ptr ptr long ptr) @ stdcall LsaSetTrustedDomainInformation(ptr ptr long ptr) @ stdcall LsaStorePrivateData(ptr ptr ptr)
Modified: trunk/reactos/dll/win32/advapi32/sec/lsa.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/advapi32/sec/lsa.... ============================================================================== --- trunk/reactos/dll/win32/advapi32/sec/lsa.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/advapi32/sec/lsa.c [iso-8859-1] Sun Aug 26 14:05:27 2012 @@ -1027,7 +1027,8 @@ { LSAPR_USER_RIGHT_SET UserRightSet;
- TRACE("(%p,%p,%d,%p,0x%08x) stub\n", PolicyHandle, AccountSid, AllRights, UserRights, CountOfRights); + TRACE("LsaRemoveAccountRights(%p %p %d %p 0x%08x) stub\n", + PolicyHandle, AccountSid, AllRights, UserRights, CountOfRights);
UserRightSet.Entries = CountOfRights; UserRightSet.UserRights = (PRPC_UNICODE_STRING)UserRights; @@ -1089,7 +1090,8 @@ { NTSTATUS Status;
- TRACE("(%p,0x%08x,%p)\n", PolicyHandle, InformationClass, Buffer); + TRACE("LsaSetInformationPolicy(%p 0x%08x %p)\n", + PolicyHandle, InformationClass, Buffer);
RpcTryExcept { @@ -1108,17 +1110,106 @@
/* - * @unimplemented - */ -NTSTATUS WINAPI LsaSetSecret( - IN LSA_HANDLE SecretHandle, - IN PLSA_UNICODE_STRING EncryptedCurrentValue, - IN PLSA_UNICODE_STRING EncryptedOldValue) -{ - FIXME("(%p,%p,%p) stub\n", SecretHandle, EncryptedCurrentValue, - EncryptedOldValue); - return STATUS_SUCCESS; -} + * @implemented + */ +NTSTATUS +WINAPI +LsaSetSecret(IN LSA_HANDLE SecretHandle, + IN PLSA_UNICODE_STRING CurrentValue OPTIONAL, + IN PLSA_UNICODE_STRING OldValue OPTIONAL) +{ + PLSAPR_CR_CIPHER_VALUE EncryptedCurrentValue = NULL; + PLSAPR_CR_CIPHER_VALUE EncryptedOldValue = NULL; + SIZE_T BufferSize; + NTSTATUS Status; + + TRACE("LsaSetSecret(%p,%p,%p)\n", + SecretHandle, EncryptedCurrentValue, EncryptedOldValue); + + if (CurrentValue != NULL) + { + BufferSize = sizeof(LSAPR_CR_CIPHER_VALUE) + CurrentValue->MaximumLength; + EncryptedCurrentValue = midl_user_allocate(BufferSize); + if (EncryptedCurrentValue == NULL) + { + Status = STATUS_INSUFFICIENT_RESOURCES; + goto done; + } + + EncryptedCurrentValue->Length = CurrentValue->Length; + EncryptedCurrentValue->MaximumLength = CurrentValue->MaximumLength; + EncryptedCurrentValue->Buffer = (BYTE *)(EncryptedCurrentValue + 1); + if (EncryptedCurrentValue->Buffer != NULL) + memcpy(EncryptedCurrentValue->Buffer, CurrentValue->Buffer, CurrentValue->Length); + } + + if (OldValue != NULL) + { + BufferSize = sizeof(LSAPR_CR_CIPHER_VALUE) + OldValue->MaximumLength; + EncryptedOldValue = midl_user_allocate(BufferSize); + if (EncryptedOldValue == NULL) + { + Status = STATUS_INSUFFICIENT_RESOURCES; + goto done; + } + + EncryptedOldValue->Length = OldValue->Length; + EncryptedOldValue->MaximumLength = OldValue->MaximumLength; + EncryptedOldValue->Buffer = (BYTE*)(EncryptedOldValue + 1); + if (EncryptedOldValue->Buffer != NULL) + memcpy(EncryptedOldValue->Buffer, OldValue->Buffer, OldValue->Length); + } + + RpcTryExcept + { + Status = LsarSetSecret((LSAPR_HANDLE)SecretHandle, + EncryptedCurrentValue, + EncryptedOldValue); + } + RpcExcept(EXCEPTION_EXECUTE_HANDLER) + { + Status = I_RpcMapWin32Status(RpcExceptionCode()); + } + RpcEndExcept; + +done: + if (EncryptedCurrentValue != NULL) + midl_user_free(EncryptedCurrentValue); + + if (EncryptedOldValue != NULL) + midl_user_free(EncryptedOldValue); + + return Status; +} + + +/* + * @implemented + */ +NTSTATUS +WINAPI +LsaSetSystemAccessAccount(IN LSA_HANDLE AccountHandle, + IN ULONG SystemAccess) +{ + NTSTATUS Status; + + TRACE("LsaSetSystemAccessAccount(%p 0x%lx)\n", + AccountHandle, SystemAccess); + + RpcTryExcept + { + Status = LsarSetSystemAccessAccount((LSAPR_HANDLE)AccountHandle, + SystemAccess); + } + RpcExcept(EXCEPTION_EXECUTE_HANDLER) + { + Status = I_RpcMapWin32Status(RpcExceptionCode()); + } + RpcEndExcept; + + return Status; +} +
/* * @unimplemented
Modified: trunk/reactos/dll/win32/lsasrv/lsarpc.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/lsasrv/lsarpc.c?r... ============================================================================== --- trunk/reactos/dll/win32/lsasrv/lsarpc.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/lsasrv/lsarpc.c [iso-8859-1] Sun Aug 26 14:05:27 2012 @@ -1193,12 +1193,96 @@
/* Function 29 */ NTSTATUS WINAPI LsarSetSecret( - LSAPR_HANDLE *SecretHandle, + LSAPR_HANDLE SecretHandle, PLSAPR_CR_CIPHER_VALUE EncryptedCurrentValue, PLSAPR_CR_CIPHER_VALUE EncryptedOldValue) { - UNIMPLEMENTED; - return STATUS_NOT_IMPLEMENTED; + PLSA_DB_OBJECT SecretObject; + PBYTE CurrentValue = NULL; + PBYTE OldValue = NULL; + ULONG CurrentValueLength = 0; + ULONG OldValueLength = 0; + LARGE_INTEGER Time; + NTSTATUS Status; + + /* Validate the SecretHandle */ + Status = LsapValidateDbObject(SecretHandle, + LsaDbSecretObject, + SECRET_SET_VALUE, + &SecretObject); + if (!NT_SUCCESS(Status)) + { + ERR("LsapValidateDbObject returned 0x%08lx\n", Status); + return Status; + } + + if (EncryptedCurrentValue != NULL) + { + /* FIXME: Decrypt the current value */ + CurrentValue = EncryptedCurrentValue->Buffer; + CurrentValueLength = EncryptedCurrentValue->MaximumLength; + } + + /* Set the current value */ + Status = LsapSetObjectAttribute(SecretObject, + L"CurrentValue", + CurrentValue, + CurrentValueLength); + if (!NT_SUCCESS(Status)) + { + ERR("LsapSetObjectAttribute failed (Status 0x%08lx)\n", Status); + goto done; + } + + /* Get the current time */ + Status = NtQuerySystemTime(&Time); + if (!NT_SUCCESS(Status)) + { + ERR("NtQuerySystemTime failed (Status 0x%08lx)\n", Status); + goto done; + } + + /* Set the current time */ + Status = LsapSetObjectAttribute(SecretObject, + L"CurrentTime", + &Time, + sizeof(LARGE_INTEGER)); + if (!NT_SUCCESS(Status)) + { + ERR("LsapSetObjectAttribute failed (Status 0x%08lx)\n", Status); + goto done; + } + + if (EncryptedOldValue != NULL) + { + /* FIXME: Decrypt the old value */ + OldValue = EncryptedOldValue->Buffer; + OldValueLength = EncryptedOldValue->MaximumLength; + } + + /* Set the old value */ + Status = LsapSetObjectAttribute(SecretObject, + L"OldValue", + OldValue, + OldValueLength); + if (!NT_SUCCESS(Status)) + { + ERR("LsapSetObjectAttribute failed (Status 0x%08lx)\n", Status); + goto done; + } + + /* Set the old time */ + Status = LsapSetObjectAttribute(SecretObject, + L"OldTime", + &Time, + sizeof(LARGE_INTEGER)); + if (!NT_SUCCESS(Status)) + { + ERR("LsapSetObjectAttribute failed (Status 0x%08lx)\n", Status); + } + +done: + return Status; }
Modified: trunk/reactos/include/psdk/ntlsa.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/include/psdk/ntlsa.h?rev=57... ============================================================================== --- trunk/reactos/include/psdk/ntlsa.h [iso-8859-1] (original) +++ trunk/reactos/include/psdk/ntlsa.h [iso-8859-1] Sun Aug 26 14:05:27 2012 @@ -30,6 +30,8 @@ #define ACCOUNT_ADJUST_QUOTAS 4 #define ACCOUNT_ADJUST_SYSTEM_ACCESS 8
+#define SECRET_SET_VALUE 1 +#define SECRET_QUERY_VALUE 2
#ifdef __cplusplus
Modified: trunk/reactos/include/psdk/ntsecapi.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/include/psdk/ntsecapi.h?rev... ============================================================================== --- trunk/reactos/include/psdk/ntsecapi.h [iso-8859-1] (original) +++ trunk/reactos/include/psdk/ntsecapi.h [iso-8859-1] Sun Aug 26 14:05:27 2012 @@ -735,6 +735,7 @@ NTSTATUS NTAPI LsaSetInformationPolicy(LSA_HANDLE,POLICY_INFORMATION_CLASS, PVOID); NTSTATUS NTAPI LsaSetLocalInformationPolicy(LSA_HANDLE, POLICY_LOCAL_INFORMATION_CLASS,PVOID); +NTSTATUS NTAPI LsaSetSecret(LSA_HANDLE, PLSA_UNICODE_STRING, PLSA_UNICODE_STRING); NTSTATUS NTAPI LsaSetSystemAccessAccount(LSA_HANDLE, ULONG); NTSTATUS NTAPI LsaSetTrustedDomainInformation(LSA_HANDLE,PSID, TRUSTED_INFORMATION_CLASS,PVOID);
Modified: trunk/reactos/include/reactos/idl/lsa.idl URL: http://svn.reactos.org/svn/reactos/trunk/reactos/include/reactos/idl/lsa.idl... ============================================================================== --- trunk/reactos/include/reactos/idl/lsa.idl [iso-8859-1] (original) +++ trunk/reactos/include/reactos/idl/lsa.idl [iso-8859-1] Sun Aug 26 14:05:27 2012 @@ -775,7 +775,7 @@
/* Function 29 */ NTSTATUS __stdcall LsarSetSecret( - [in] LSAPR_HANDLE *SecretHandle, + [in] LSAPR_HANDLE SecretHandle, [in, unique] PLSAPR_CR_CIPHER_VALUE EncryptedCurrentValue, [in, unique] PLSAPR_CR_CIPHER_VALUE EncryptedOldValue);
-
ekohl@svn.reactos.org