Author: ekohl Date: Sun May 6 20:57:21 2012 New Revision: 56527

URL: http://svn.reactos.org/svn/reactos?rev=56527&view=rev Log: [ADVAPI32/LSASRV] - Implement LsaEnumeratePrivilegesOfAccount and LsarEnumeratePrivilegesAccount. - Implement parts of LsarAddPrivilegesToAccount.

Modified: trunk/reactos/dll/win32/advapi32/advapi32.spec trunk/reactos/dll/win32/advapi32/sec/lsa.c trunk/reactos/dll/win32/lsasrv/lsarpc.c trunk/reactos/include/psdk/ntsecapi.h

Modified: trunk/reactos/dll/win32/advapi32/advapi32.spec URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/advapi32/advapi32... ============================================================================== --- trunk/reactos/dll/win32/advapi32/advapi32.spec [iso-8859-1] (original) +++ trunk/reactos/dll/win32/advapi32/advapi32.spec [iso-8859-1] Sun May 6 20:57:21 2012 @@ -358,7 +358,7 @@ @ stub LsaEnumerateAccounts @ stdcall LsaEnumerateAccountsWithUserRight(ptr ptr ptr ptr) @ stub LsaEnumeratePrivileges -@ stub LsaEnumeratePrivilegesOfAccount +@ stdcall LsaEnumeratePrivilegesOfAccount(ptr ptr) @ stdcall LsaEnumerateTrustedDomains(ptr ptr ptr long ptr) @ stdcall LsaEnumerateTrustedDomainsEx(ptr ptr ptr long ptr) @ stdcall LsaFreeMemory(ptr)

Modified: trunk/reactos/dll/win32/advapi32/sec/lsa.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/advapi32/sec/lsa.... ============================================================================== --- trunk/reactos/dll/win32/advapi32/sec/lsa.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/advapi32/sec/lsa.c [iso-8859-1] Sun May 6 20:57:21 2012 @@ -366,6 +366,34 @@ return STATUS_NO_MORE_ENTRIES; }

+ +/* + * @implemented + */ +NTSTATUS +WINAPI +LsaEnumeratePrivilegesOfAccount(IN LSA_HANDLE AccountHandle, + OUT PPRIVILEGE_SET *Privileges) +{ + NTSTATUS Status; + + TRACE("(%p,%p) stub\n", AccountHandle, Privileges); + + RpcTryExcept + { + Status = LsarEnumeratePrivilegesAccount((LSAPR_HANDLE)AccountHandle, + (LSAPR_PRIVILEGE_SET **)Privileges); + } + RpcExcept(EXCEPTION_EXECUTE_HANDLER) + { + Status = I_RpcMapWin32Status(RpcExceptionCode()); + } + RpcEndExcept; + + return Status; +} + + /* * @unimplemented */ @@ -380,7 +408,7 @@ { FIXME("(%p,%p,%p,0x%08x,%p) stub\n", PolicyHandle, EnumerationContext, Buffer, PreferedMaximumLength, CountReturned); - + if (CountReturned) *CountReturned = 0; return STATUS_SUCCESS; }

Modified: trunk/reactos/dll/win32/lsasrv/lsarpc.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/lsasrv/lsarpc.c?r... ============================================================================== --- trunk/reactos/dll/win32/lsasrv/lsarpc.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/lsasrv/lsarpc.c [iso-8859-1] Sun May 6 20:57:21 2012 @@ -723,8 +723,52 @@ LSAPR_HANDLE AccountHandle, PLSAPR_PRIVILEGE_SET *Privileges) { - UNIMPLEMENTED; - return STATUS_NOT_IMPLEMENTED; + PLSA_DB_OBJECT AccountObject; + ULONG PrivilegeSetSize = 0; + PLSAPR_PRIVILEGE_SET PrivilegeSet = NULL; + NTSTATUS Status; + + *Privileges = NULL; + + /* Validate the AccountHandle */ + Status = LsapValidateDbObject(AccountHandle, + LsaDbAccountObject, + 0, + &AccountObject); + if (!NT_SUCCESS(Status)) + { + ERR("LsapValidateDbObject returned 0x%08lx\n", Status); + return Status; + } + + /* Get the size of the privilege set */ + Status = LsapGetObjectAttribute(AccountObject, + L"Privilgs", + NULL, + &PrivilegeSetSize); + if (!NT_SUCCESS(Status)) + return Status; + + /* Allocate a buffer for the privilege set */ + PrivilegeSet = MIDL_user_allocate(PrivilegeSetSize); + if (PrivilegeSet == NULL) + return STATUS_NO_MEMORY; + + /* Get the privilege set */ + Status = LsapGetObjectAttribute(AccountObject, + L"Privilgs", + PrivilegeSet, + &PrivilegeSetSize); + if (!NT_SUCCESS(Status)) + { + MIDL_user_free(PrivilegeSet); + return Status; + } + + /* Return a pointer to the privilege set */ + *Privileges = PrivilegeSet; + + return STATUS_SUCCESS; }

@@ -733,8 +777,44 @@ LSAPR_HANDLE AccountHandle, PLSAPR_PRIVILEGE_SET Privileges) { - UNIMPLEMENTED; - return STATUS_NOT_IMPLEMENTED; + PLSA_DB_OBJECT AccountObject; + ULONG PrivilegeSetSize = 0; + NTSTATUS Status; + + /* Validate the AccountHandle */ + Status = LsapValidateDbObject(AccountHandle, + LsaDbAccountObject, + 0, + &AccountObject); + if (!NT_SUCCESS(Status)) + { + ERR("LsapValidateDbObject returned 0x%08lx\n", Status); + return Status; + } + + Status = LsapGetObjectAttribute(AccountObject, + L"Privilgs", + NULL, + &PrivilegeSetSize); + if (!NT_SUCCESS(Status) || PrivilegeSetSize == 0) + { + /* The Privilgs attribute does not exist */ + + PrivilegeSetSize = sizeof(PRIVILEGE_SET) + + (Privileges->PrivilegeCount - 1) * sizeof(LUID_AND_ATTRIBUTES); + Status = LsapSetObjectAttribute(AccountObject, + L"Privilgs", + Privileges, + PrivilegeSetSize); + } + else + { + /* The Privilgs attribute exists */ + + Status = STATUS_NOT_IMPLEMENTED; + } + + return Status; }

Modified: trunk/reactos/include/psdk/ntsecapi.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/include/psdk/ntsecapi.h?rev... ============================================================================== --- trunk/reactos/include/psdk/ntsecapi.h [iso-8859-1] (original) +++ trunk/reactos/include/psdk/ntsecapi.h [iso-8859-1] Sun May 6 20:57:21 2012 @@ -688,6 +688,7 @@ NTSTATUS NTAPI LsaEnumerateAccountRights(LSA_HANDLE,PSID,PLSA_UNICODE_STRING*,PULONG); NTSTATUS NTAPI LsaEnumerateAccountsWithUserRight(LSA_HANDLE,PLSA_UNICODE_STRING, PVOID*,PULONG); +NTSTATUS NTAPI LsaEnumeratePrivilegesOfAccount(LSA_HANDLE, PPRIVILEGE_SET*); NTSTATUS NTAPI LsaEnumerateTrustedDomains(LSA_HANDLE,PLSA_ENUMERATION_HANDLE, PVOID*,ULONG,PULONG); NTSTATUS NTAPI LsaEnumerateTrustedDomainsEx(LSA_HANDLE,PLSA_ENUMERATION_HANDLE,