[ekohl] 56594: [PSDK/LSASRV] - Add new ntlsa.h file to the PSDK. - LsarAddPrivilegesToAccount: Implement the ability to add new privileges to an existing privilege set. - Ros-diffs

17 May 2012

Author: ekohl
Date: Thu May 17 12:02:50 2012
New Revision: 56594

URL: http://svn.reactos.org/svn/reactos?rev=56594&view=rev
Log:
[PSDK/LSASRV]
- Add new ntlsa.h file to the PSDK.
- LsarAddPrivilegesToAccount: Implement the ability to add new privileges to an existing
privilege set.

Added:
    trunk/reactos/include/psdk/ntlsa.h   (with props)
Modified:
    trunk/reactos/dll/win32/lsasrv/lsarpc.c
    trunk/reactos/dll/win32/lsasrv/lsasrv.h

Modified: trunk/reactos/dll/win32/lsasrv/lsarpc.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/lsasrv/lsarpc.c?…
==============================================================================

--- trunk/reactos/dll/win32/lsasrv/lsarpc.c [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/lsasrv/lsarpc.c [iso-8859-1] Thu May 17 12:02:50 2012
@@ -733,7 +733,7 @@
     /* Validate the AccountHandle */
     Status = LsapValidateDbObject(AccountHandle,
                                   LsaDbAccountObject,
-                                  0,
+                                  ACCOUNT_VIEW,
                                   &AccountObject);
     if (!NT_SUCCESS(Status))
     {
@@ -778,13 +778,18 @@
     PLSAPR_PRIVILEGE_SET Privileges)
 {
     PLSA_DB_OBJECT AccountObject;
+    PPRIVILEGE_SET CurrentPrivileges = NULL;
+    PPRIVILEGE_SET NewPrivileges = NULL;
     ULONG PrivilegeSetSize = 0;
+    ULONG PrivilegeCount;
+    ULONG i, j;
+    BOOL bFound;
     NTSTATUS Status;
 
     /* Validate the AccountHandle */
     Status = LsapValidateDbObject(AccountHandle,
                                   LsaDbAccountObject,
-                                  0,
+                                  ACCOUNT_ADJUST_PRIVILEGES,
                                   &AccountObject);
     if (!NT_SUCCESS(Status))
     {
@@ -811,8 +816,107 @@
     {
         /* The Privilgs attribute exists */
 
-        Status = STATUS_NOT_IMPLEMENTED;
-    }
+        /* Allocate memory for the stored privilege set */
+        CurrentPrivileges = MIDL_user_allocate(PrivilegeSetSize);
+        if (CurrentPrivileges == NULL)
+            return STATUS_NO_MEMORY;
+
+        /* Get the current privilege set */
+        Status = LsapGetObjectAttribute(AccountObject,
+                                        L"Privilgs",
+                                        CurrentPrivileges,
+                                        &PrivilegeSetSize);
+        if (!NT_SUCCESS(Status))
+        {
+            TRACE("LsapGetObjectAttribute() failed (Status 0x%08lx)\n",
Status);
+            goto done;
+        }
+
+        PrivilegeCount = CurrentPrivileges->PrivilegeCount;
+        TRACE("Current privilege count: %lu\n", PrivilegeCount);
+
+        /* Calculate the number privileges in the combined privilege set */
+        for (i = 0; i < Privileges->PrivilegeCount; i++)
+        {
+            bFound = FALSE;
+            for (j = 0; j < CurrentPrivileges->PrivilegeCount; j++)
+            {
+                if (RtlEqualLuid(&(Privileges->Privilege[i].Luid),
+                                 &(CurrentPrivileges->Privilege[i].Luid)))
+                {
+                    bFound = TRUE;
+                    break;
+                }
+            }
+
+            if (bFound == FALSE)
+            {
+                TRACE("Found new privilege\n");
+                PrivilegeCount++;
+            }
+        }
+        TRACE("New privilege count: %lu\n", PrivilegeCount);
+
+        /* Calculate the size of the new privilege set and allocate it */
+        PrivilegeSetSize = sizeof(PRIVILEGE_SET) +
+                           (PrivilegeCount - 1) * sizeof(LUID_AND_ATTRIBUTES);
+        NewPrivileges = MIDL_user_allocate(PrivilegeSetSize);
+        if (NewPrivileges == NULL)
+        {
+            Status = STATUS_NO_MEMORY;
+            goto done;
+        }
+
+        /* Initialize the new privilege set */
+        NewPrivileges->PrivilegeCount = PrivilegeCount;
+        NewPrivileges->Control = 0;
+
+        /* Copy all privileges from the current privilege set */
+        RtlCopyLuidAndAttributesArray(CurrentPrivileges->PrivilegeCount,
+                                      &(CurrentPrivileges->Privilege[0]),
+                                      &(NewPrivileges->Privilege[0]));
+
+        /* Add new privileges to the new privilege set */
+        PrivilegeCount = CurrentPrivileges->PrivilegeCount;
+        for (i = 0; i < Privileges->PrivilegeCount; i++)
+        {
+            bFound = FALSE;
+            for (j = 0; j < CurrentPrivileges->PrivilegeCount; j++)
+            {
+                if (RtlEqualLuid(&(Privileges->Privilege[i].Luid),
+                                 &(CurrentPrivileges->Privilege[i].Luid)))
+                {
+                    /* Overwrite attributes if a matching privilege was found */
+                    NewPrivileges->Privilege[j].Attributes =
Privileges->Privilege[i].Attributes;
+
+                    bFound = TRUE;
+                    break;
+                }
+            }
+
+            if (bFound == FALSE)
+            {
+                /* Copy the new privilege */
+                RtlCopyLuidAndAttributesArray(1,
+                                             
(PLUID_AND_ATTRIBUTES)&(Privileges->Privilege[i]),
+                                             
&(NewPrivileges->Privilege[PrivilegeCount]));
+                PrivilegeCount++;
+            }
+        }
+
+        /* Set the new priivliege set */
+        Status = LsapSetObjectAttribute(AccountObject,
+                                        L"Privilgs",
+                                        NewPrivileges,
+                                        PrivilegeSetSize);
+    }
+
+done:
+    if (CurrentPrivileges != NULL)
+        MIDL_user_free(CurrentPrivileges);
+
+    if (NewPrivileges != NULL)
+        MIDL_user_free(NewPrivileges);
 
     return Status;
 }

Modified: trunk/reactos/dll/win32/lsasrv/lsasrv.h
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/lsasrv/lsasrv.h?…
==============================================================================
--- trunk/reactos/dll/win32/lsasrv/lsasrv.h [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/lsasrv/lsasrv.h [iso-8859-1] Thu May 17 12:02:50 2012
@@ -17,6 +17,7 @@
 #include <ndk/rtlfuncs.h>
 #include <ndk/setypes.h>
 
+#include <ntlsa.h>
 #include <ntsecapi.h>
 #include <sddl.h>
 

Added: trunk/reactos/include/psdk/ntlsa.h
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/include/psdk/ntlsa.h?rev=5…
==============================================================================
--- trunk/reactos/include/psdk/ntlsa.h (added)
+++ trunk/reactos/include/psdk/ntlsa.h [iso-8859-1] Thu May 17 12:02:50 2012
@@ -1,0 +1,40 @@
+/*
+ * ntlsa.h
+ *
+ * This file is part of the ReactOS PSDK package.
+ *
+ * Contributors:
+ *   Created by Eric Kohl.
+ *
+ * THIS SOFTWARE IS NOT COPYRIGHTED
+ *
+ * This source code is offered for use in the public domain. You may
+ * use, modify or distribute it freely.
+ *
+ * This code is distributed in the hope that it will be useful but
+ * WITHOUT ANY WARRANTY. ALL WARRANTIES, EXPRESS OR IMPLIED ARE HEREBY
+ * DISCLAIMED. This includes but is not limited to warranties of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+ *
+ */
+
+#ifndef _NTLSA_
+#define _NTLSA_
+
+#ifdef __cplusplus
+extern "C" {
+#endif
+
+#define ACCOUNT_VIEW 1
+#define ACCOUNT_ADJUST_PRIVILEGES 2
+#define ACCOUNT_ADJUST_QUOTAS 4
+#define ACCOUNT_ADJUST_SYSTEM_ACCESS 8
+
+
+
+#ifdef __cplusplus
+}
+#endif
+
+
+#endif /* _NTLSA_ */

Propchange: trunk/reactos/include/psdk/ntlsa.h
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: trunk/reactos/include/psdk/ntlsa.h
------------------------------------------------------------------------------
    svn:keywords = author date id revision



    