Author: ekohl Date: Fri Oct 15 21:28:42 2010 New Revision: 49161 URL: http://svn.reactos.org/svn/reactos?rev=49161&view=rev Log: [ADVAPI32/LSASRV] - Prepare LsapValidateDbHandle for access checks. - Move the functionality of LsaQueryInformationPolicy (advapi32.dll) into the new function LsarQueryInformationPolicy (lsasrv.dll). - Remove dead code from advapi32.dll. Modified: trunk/reactos/dll/win32/advapi32/sec/lsa.c trunk/reactos/dll/win32/lsasrv/lsarpc.c Modified: trunk/reactos/dll/win32/advapi32/sec/lsa.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/advapi32/sec/lsa… ============================================================================== --- trunk/reactos/dll/win32/advapi32/sec/lsa.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/advapi32/sec/lsa.c [iso-8859-1] Fri Oct 15 21:28:42 2010 @@ -16,59 +16,6 @@ WINE_DEFAULT_DEBUG_CHANNEL(advapi); -/* imported from wine 1.1.14 */ -static void* ADVAPI_GetDomainName(unsigned sz, unsigned ofs) -{ - HKEY key; - LONG ret; - BYTE* ptr = NULL; - UNICODE_STRING* ustr; - - static const WCHAR wVNETSUP[] = { - 'S','y','s','t','e','m','\\', - 'C','u','r','r','e','n','t','C','o','n','t','r','o','l','S','e','t','\\', - 'S','e','r','v','i','c','e','s','\\', - 'V','x','D','\\','V','N','E','T','S','U','P','\0'}; - - ret = RegOpenKeyExW(HKEY_LOCAL_MACHINE, wVNETSUP, 0, KEY_READ, &key); - if (ret == ERROR_SUCCESS) - { - DWORD size = 0; - static const WCHAR wg[] = { 'W','o','r','k','g','r','o','u','p',0 }; - - ret = RegQueryValueExW(key, wg, NULL, NULL, NULL, &size); - if (ret == ERROR_MORE_DATA || ret == ERROR_SUCCESS) - { - ptr = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, sz + size); - if (!ptr) return NULL; - ustr = (UNICODE_STRING*)(ptr + ofs); - ustr->MaximumLength = size; - ustr->Buffer = (WCHAR*)(ptr + sz); - ret = RegQueryValueExW(key, wg, NULL, NULL, (LPBYTE)ustr->Buffer, &size); - if (ret != ERROR_SUCCESS) - { - HeapFree(GetProcessHeap(), 0, ptr); - ptr = NULL; - } - else ustr->Length = size - sizeof(WCHAR); - } - RegCloseKey(key); - } - if (!ptr) - { - static const WCHAR wDomain[] = {'D','O','M','A','I','N','\0'}; - ptr = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, - sz + sizeof(wDomain)); - if (!ptr) return NULL; - ustr = (UNICODE_STRING*)(ptr + ofs); - ustr->MaximumLength = sizeof(wDomain); - ustr->Buffer = (WCHAR*)(ptr + sz); - ustr->Length = sizeof(wDomain) - sizeof(WCHAR); - memcpy(ustr->Buffer, wDomain, sizeof(wDomain)); - } - return ptr; -} - static BOOL LsapIsLocalComputer(PLSA_UNICODE_STRING ServerName) { @@ -647,103 +594,37 @@ } /* - * @unimplemented + * @implemented */ NTSTATUS WINAPI LsaQueryInformationPolicy(LSA_HANDLE PolicyHandle, POLICY_INFORMATION_CLASS InformationClass, PVOID *Buffer) { + PLSAPR_POLICY_INFORMATION PolicyInformation = NULL; + NTSTATUS Status; + TRACE("(%p,0x%08x,%p)\n", PolicyHandle, InformationClass, Buffer); - if(!Buffer) return STATUS_INVALID_PARAMETER; - switch (InformationClass) - { - case PolicyAuditEventsInformation: /* 2 */ - { - PPOLICY_AUDIT_EVENTS_INFO p = RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, - sizeof(POLICY_AUDIT_EVENTS_INFO)); - p->AuditingMode = FALSE; /* no auditing */ - *Buffer = p; - } - break; - case PolicyPrimaryDomainInformation: /* 3 */ - { - /* Only the domain name is valid for the local computer. - * All other fields are zero. - */ - PPOLICY_PRIMARY_DOMAIN_INFO pinfo; - - pinfo = ADVAPI_GetDomainName(sizeof(*pinfo), offsetof(POLICY_PRIMARY_DOMAIN_INFO, Name)); - - TRACE("setting domain to %s\n", debugstr_w(pinfo->Name.Buffer)); - - *Buffer = pinfo; - } - case PolicyAccountDomainInformation: /* 5 */ - { - struct di - { - POLICY_ACCOUNT_DOMAIN_INFO info; - SID sid; - DWORD padding[3]; - WCHAR domain[MAX_COMPUTERNAME_LENGTH + 1]; - }; - - DWORD dwSize = MAX_COMPUTERNAME_LENGTH + 1; - struct di * xdi = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(*xdi)); - - xdi->info.DomainName.MaximumLength = dwSize * sizeof(WCHAR); - xdi->info.DomainName.Buffer = xdi->domain; - if (GetComputerNameW(xdi->info.DomainName.Buffer, &dwSize)) - xdi->info.DomainName.Length = dwSize * sizeof(WCHAR); - - TRACE("setting name to %s\n", debugstr_w(xdi->info.DomainName.Buffer)); - - xdi->info.DomainSid = &xdi->sid; - - /* read the computer SID from the registry */ - if (!ADVAPI_GetComputerSid(&xdi->sid)) - { - HeapFree(GetProcessHeap(), 0, xdi); - - WARN("Computer SID not found\n"); - - return STATUS_UNSUCCESSFUL; - } - - *Buffer = xdi; - } - break; - case PolicyDnsDomainInformation: /* 12 (0xc) */ - { - /* Only the domain name is valid for the local computer. - * All other fields are zero. - */ - PPOLICY_DNS_DOMAIN_INFO pinfo; - - pinfo = ADVAPI_GetDomainName(sizeof(*pinfo), offsetof(POLICY_DNS_DOMAIN_INFO, Name)); - - TRACE("setting domain to %s\n", debugstr_w(pinfo->Name.Buffer)); - - *Buffer = pinfo; - } - break; - case PolicyAuditLogInformation: - case PolicyPdAccountInformation: - case PolicyLsaServerRoleInformation: - case PolicyReplicaSourceInformation: - case PolicyDefaultQuotaInformation: - case PolicyModificationInformation: - case PolicyAuditFullSetInformation: - case PolicyAuditFullQueryInformation: - case PolicyEfsInformation: - { - FIXME("category not implemented\n"); - return STATUS_UNSUCCESSFUL; - } - } - return STATUS_SUCCESS; + RpcTryExcept + { + Status = LsarQueryInformationPolicy((LSAPR_HANDLE)PolicyHandle, + InformationClass, + &PolicyInformation); + *Buffer = PolicyInformation; + } + RpcExcept(EXCEPTION_EXECUTE_HANDLER) + { + if (PolicyInformation != NULL) + MIDL_user_free(PolicyInformation); + + Status = I_RpcMapWin32Status(RpcExceptionCode()); + } + RpcEndExcept; + + TRACE("Done (Status: 0x%08x)\n", Status); + + return Status; } /* Modified: trunk/reactos/dll/win32/lsasrv/lsarpc.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/lsasrv/lsarpc.c?… ============================================================================== --- trunk/reactos/dll/win32/lsasrv/lsarpc.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/lsasrv/lsarpc.c [iso-8859-1] Fri Oct 15 21:28:42 2010 @@ -60,9 +60,10 @@ } -static BOOL +static NTSTATUS LsapValidateDbHandle(LSAPR_HANDLE Handle, - LSA_DB_HANDLE_TYPE HandleType) + LSA_DB_HANDLE_TYPE HandleType, + ACCESS_MASK GrantedAccess) { PLSA_DB_HANDLE DbHandle = (PLSA_DB_HANDLE)Handle; BOOL bValid = FALSE; @@ -83,8 +84,15 @@ } _SEH2_END; - - return bValid; + if (bValid == FALSE) + return STATUS_INVALID_HANDLE; + + if (GrantedAccess != 0) + { + /* FIXME: Check for granted access rights */ + } + + return STATUS_SUCCESS; } @@ -145,13 +153,15 @@ // RtlEnterCriticalSection(&PolicyHandleTableLock); - if (LsapValidateDbHandle(*ObjectHandle, LsaDbIgnoreHandle)) + Status = LsapValidateDbHandle(*ObjectHandle, + LsaDbIgnoreHandle, + 0); + + if (Status == STATUS_SUCCESS) { RtlFreeHeap(RtlGetProcessHeap(), 0, *ObjectHandle); *ObjectHandle = NULL; } - else - Status = STATUS_INVALID_HANDLE; // RtlLeaveCriticalSection(&PolicyHandleTableLock); @@ -248,8 +258,148 @@ POLICY_INFORMATION_CLASS InformationClass, PLSAPR_POLICY_INFORMATION *PolicyInformation) { - UNIMPLEMENTED; - return STATUS_NOT_IMPLEMENTED; + NTSTATUS Status; + + TRACE("LsarQueryInformationPolicy(%p,0x%08x,%p)\n", + PolicyHandle, InformationClass, PolicyInformation); + + if (PolicyInformation) + { + TRACE("*PolicyInformation %p\n", *PolicyInformation); + } + + Status = LsapValidateDbHandle(PolicyHandle, + LsaDbPolicyHandle, + 0); /* FIXME */ + if (!NT_SUCCESS(Status)) + return Status; + + switch (InformationClass) + { + case PolicyAuditEventsInformation: /* 2 */ + { + PLSAPR_POLICY_AUDIT_EVENTS_INFO p = MIDL_user_allocate(sizeof(LSAPR_POLICY_AUDIT_EVENTS_INFO)); + if (p == NULL) + return STATUS_INSUFFICIENT_RESOURCES; + + p->AuditingMode = FALSE; /* no auditing */ + p->EventAuditingOptions = NULL; + p->MaximumAuditEventCount = 0; + + *PolicyInformation = (PLSAPR_POLICY_INFORMATION)p; + } + break; + + case PolicyPrimaryDomainInformation: /* 3 */ + { + PLSAPR_POLICY_PRIMARY_DOM_INFO p = MIDL_user_allocate(sizeof(LSAPR_POLICY_PRIMARY_DOM_INFO)); + if (p == NULL) + return STATUS_INSUFFICIENT_RESOURCES; + + p->Name.Length = 0; + p->Name.MaximumLength = 0; + p->Name.Buffer = NULL; +#if 0 + p->Name.Length = wcslen(L"COMPUTERNAME"); + p->Name.MaximumLength = p->Name.Length + sizeof(WCHAR); + p->Name.Buffer = MIDL_user_allocate(p->Name.MaximumLength); + if (p->Name.Buffer == NULL) + { + MIDL_user_free(p); + return STATUS_INSUFFICIENT_RESOURCES; + } + + wcscpy(p->Name.Buffer, L"COMPUTERNAME"); +#endif + + p->Sid = NULL; /* no domain, no workgroup */ + + *PolicyInformation = (PLSAPR_POLICY_INFORMATION)p; + } + break; + + case PolicyAccountDomainInformation: /* 5 */ + { + PLSAPR_POLICY_ACCOUNT_DOM_INFO p = MIDL_user_allocate(sizeof(LSAPR_POLICY_ACCOUNT_DOM_INFO)); + if (p == NULL) + return STATUS_INSUFFICIENT_RESOURCES; + + p->DomainName.Length = 0; + p->DomainName.MaximumLength = 0; + p->DomainName.Buffer = NULL; +#if 0 + p->DomainName.Length = wcslen(L"COMPUTERNAME"); + p->DomainName.MaximumLength = p->DomainName.Length + sizeof(WCHAR); + p->DomainName.Buffer = MIDL_user_allocate(p->DomainName.MaximumLength); + if (p->DomainName.Buffer == NULL) + { + MIDL_user_free(p); + return STATUS_INSUFFICIENT_RESOURCES; + } + + wcscpy(p->DomainName.Buffer, L"COMPUTERNAME"); +#endif + + p->Sid = NULL; /* no domain, no workgroup */ + + *PolicyInformation = (PLSAPR_POLICY_INFORMATION)p; + } + break; + + case PolicyDnsDomainInformation: /* 12 (0xc) */ + { + PLSAPR_POLICY_DNS_DOMAIN_INFO p = MIDL_user_allocate(sizeof(LSAPR_POLICY_DNS_DOMAIN_INFO)); + if (p == NULL) + return STATUS_INSUFFICIENT_RESOURCES; + + p->Name.Length = 0; + p->Name.MaximumLength = 0; + p->Name.Buffer = NULL; +#if 0 + p->Name.Length = wcslen(L"COMPUTERNAME"); + p->Name.MaximumLength = p->Name.Length + sizeof(WCHAR); + p->Name.Buffer = MIDL_user_allocate(p->Name.MaximumLength); + if (p->Name.Buffer == NULL) + { + MIDL_user_free(p); + return STATUS_INSUFFICIENT_RESOURCES; + } + + wcscpy(p->Name.Buffer, L"COMPUTERNAME"); +#endif + + p->DnsDomainName.Length = 0; + p->DnsDomainName.MaximumLength = 0; + p->DnsDomainName.Buffer = NULL; + + p->DnsForestName.Length = 0; + p->DnsForestName.MaximumLength = 0; + p->DnsForestName.Buffer = 0; + + memset(&p->DomainGuid, 0, sizeof(GUID)); + + p->Sid = NULL; /* no domain, no workgroup */ + + *PolicyInformation = (PLSAPR_POLICY_INFORMATION)p; + } + break; + + case PolicyAuditLogInformation: + case PolicyPdAccountInformation: + case PolicyLsaServerRoleInformation: + case PolicyReplicaSourceInformation: + case PolicyDefaultQuotaInformation: + case PolicyModificationInformation: + case PolicyAuditFullSetInformation: + case PolicyAuditFullQueryInformation: + case PolicyEfsInformation: + { + FIXME("category not implemented\n"); + return STATUS_UNSUCCESSFUL; + } + } + + return STATUS_SUCCESS; } @@ -688,10 +838,13 @@ TRACE("LsarLookupPrivilegeValue(%p, %wZ, %p)\n", PolicyHandle, Name, Value); - if (!LsapValidateDbHandle(PolicyHandle, LsaDbPolicyHandle)) - { - ERR("Invalid handle\n"); - return STATUS_INVALID_HANDLE; + Status = LsapValidateDbHandle(PolicyHandle, + LsaDbPolicyHandle, + 0); /* FIXME */ + if (!NT_SUCCESS(Status)) + { + ERR("Invalid handle (Status %lx)\n", Status); + return Status; } TRACE("Privilege: %wZ\n", Name); @@ -714,10 +867,13 @@ TRACE("LsarLookupPrivilegeName(%p, %p, %p)\n", PolicyHandle, Value, Name); - if (!LsapValidateDbHandle(PolicyHandle, LsaDbPolicyHandle)) + Status = LsapValidateDbHandle(PolicyHandle, + LsaDbPolicyHandle, + 0); /* FIXME */ + if (!NT_SUCCESS(Status)) { ERR("Invalid handle\n"); - return STATUS_INVALID_HANDLE; + return Status; } Status = LsarpLookupPrivilegeName(Value, (PUNICODE_STRING*)Name); @@ -766,10 +922,15 @@ PRPC_SID AccountSid, PLSAPR_USER_RIGHT_SET UserRights) { + NTSTATUS Status; + FIXME("(%p,%p,%p) stub\n", PolicyHandle, AccountSid, UserRights); - if (!LsapValidateDbHandle(PolicyHandle, LsaDbPolicyHandle)) - return STATUS_INVALID_HANDLE; + Status = LsapValidateDbHandle(PolicyHandle, + LsaDbPolicyHandle, + 0); /* FIXME */ + if (!NT_SUCCESS(Status)) + return Status; UserRights->Entries = 0; UserRights->UserRights = NULL;