NTSTATUS LsarSetAuditEvents(PLSA_DB_OBJECT PolicyObject, PLSAPR_POLICY_AUDIT_EVENTS_INFO Info) { PLSAP_POLICY_AUDIT_EVENTS_DATA AuditData = NULL; ULONG AttributeSize; NTSTATUS Status = STATUS_SUCCESS; TRACE("(%p %p)\n", PolicyObject, Info); AttributeSize = sizeof(LSAP_POLICY_AUDIT_EVENTS_DATA) + Info->MaximumAuditEventCount * sizeof(DWORD); AuditData = RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, AttributeSize); if (AuditData == NULL) return STATUS_INSUFFICIENT_RESOURCES; AuditData->AuditingMode = Info->AuditingMode; AuditData->MaximumAuditEventCount = Info->MaximumAuditEventCount; memcpy(&(AuditData->AuditEvents[0]), Info->EventAuditingOptions, Info->MaximumAuditEventCount * sizeof(DWORD)); Status = LsapSetObjectAttribute(PolicyObject, L"PolAdtEv", AuditData, AttributeSize); RtlFreeHeap(RtlGetProcessHeap(), 0, AuditData); return Status; }
NTSTATUS LsarSetAuditFull(PLSA_DB_OBJECT PolicyObject, PPOLICY_AUDIT_FULL_QUERY_INFO Info) { PPOLICY_AUDIT_FULL_QUERY_INFO AuditFullInfo = NULL; ULONG AttributeSize; NTSTATUS Status; TRACE("(%p %p)\n", PolicyObject, Info); AttributeSize = sizeof(POLICY_AUDIT_FULL_QUERY_INFO); AuditFullInfo = MIDL_user_allocate(AttributeSize); if (AuditFullInfo == NULL) return STATUS_INSUFFICIENT_RESOURCES; Status = LsapGetObjectAttribute(PolicyObject, L"PolAdtFl", AuditFullInfo, &AttributeSize); if (!NT_SUCCESS(Status)) goto done; AuditFullInfo->ShutDownOnFull = Info->ShutDownOnFull; Status = LsapSetObjectAttribute(PolicyObject, L"PolAdtFl", AuditFullInfo, AttributeSize); done: if (AuditFullInfo != NULL) MIDL_user_free(AuditFullInfo); return Status; }
NTSTATUS LsarSetAccountDomain(PLSA_DB_OBJECT PolicyObject, PLSAPR_POLICY_ACCOUNT_DOM_INFO Info) { PUNICODE_STRING Buffer; ULONG Length = 0; NTSTATUS Status; LPWSTR Ptr; TRACE("(%p %p)\n", PolicyObject, Info); Length = sizeof(UNICODE_STRING) + Info->DomainName.MaximumLength; Buffer = RtlAllocateHeap(RtlGetProcessHeap(), 0, Length); if (Buffer == NULL) return STATUS_INSUFFICIENT_RESOURCES; Buffer->Length = Info->DomainName.Length; Buffer->MaximumLength = Info->DomainName.MaximumLength; Buffer->Buffer = (LPWSTR)sizeof(UNICODE_STRING); Ptr = (LPWSTR)((ULONG_PTR)Buffer + sizeof(UNICODE_STRING)); memcpy(Ptr, Info->DomainName.Buffer, Info->DomainName.MaximumLength); Status = LsapSetObjectAttribute(PolicyObject, L"PolAcDmN", Buffer, Length); RtlFreeHeap(RtlGetProcessHeap(), 0, Buffer); if (!NT_SUCCESS(Status)) return Status; Length = 0; if (Info->Sid != NULL) Length = RtlLengthSid(Info->Sid); Status = LsapSetObjectAttribute(PolicyObject, L"PolAcDmS", (LPBYTE)Info->Sid, Length); return Status; }
NTSTATUS LsarSetModification(PLSA_DB_OBJECT PolicyObject, PPOLICY_MODIFICATION_INFO Info) { TRACE("(%p %p)\n", PolicyObject, Info); return LsapSetObjectAttribute(PolicyObject, L"PolMod", Info, sizeof(POLICY_MODIFICATION_INFO)); }
NTSTATUS LsarSetDefaultQuota(PLSA_DB_OBJECT PolicyObject, PPOLICY_DEFAULT_QUOTA_INFO Info) { TRACE("(%p %p)\n", PolicyObject, Info); return LsapSetObjectAttribute(PolicyObject, L"DefQuota", Info, sizeof(POLICY_DEFAULT_QUOTA_INFO)); }
NTSTATUS LsarSetServerRole(PLSA_DB_OBJECT PolicyObject, PPOLICY_LSA_SERVER_ROLE_INFO Info) { TRACE("(%p %p)\n", PolicyObject, Info); return LsapSetObjectAttribute(PolicyObject, L"PolSrvRo", Info, sizeof(POLICY_LSA_SERVER_ROLE_INFO)); }
NTSTATUS LsarSetAuditLog(PLSA_DB_OBJECT PolicyObject, PPOLICY_AUDIT_LOG_INFO Info) { TRACE("(%p %p)\n", PolicyObject, Info); return LsapSetObjectAttribute(PolicyObject, L"PolAdtLg", Info, sizeof(POLICY_AUDIT_LOG_INFO)); }
static NTSTATUS LsapCreateDatabaseObjects(VOID) { PLSAP_POLICY_AUDIT_EVENTS_DATA AuditEventsInfo = NULL; POLICY_DEFAULT_QUOTA_INFO QuotaInfo; POLICY_MODIFICATION_INFO ModificationInfo; POLICY_AUDIT_FULL_QUERY_INFO AuditFullInfo = {FALSE, FALSE}; POLICY_AUDIT_LOG_INFO AuditLogInfo; GUID DnsDomainGuid; PLSA_DB_OBJECT PolicyObject = NULL; PSID AccountDomainSid = NULL; PSECURITY_DESCRIPTOR PolicySd = NULL; ULONG PolicySdSize = 0; ULONG AuditEventsCount; ULONG AuditEventsSize; ULONG i; NTSTATUS Status; /* Initialize the default quota limits */ QuotaInfo.QuotaLimits.PagedPoolLimit = 0x2000000; QuotaInfo.QuotaLimits.NonPagedPoolLimit = 0x100000; QuotaInfo.QuotaLimits.MinimumWorkingSetSize = 0x10000; QuotaInfo.QuotaLimits.MaximumWorkingSetSize = 0xF000000; QuotaInfo.QuotaLimits.PagefileLimit = 0; QuotaInfo.QuotaLimits.TimeLimit.QuadPart = 0; /* Initialize the audit log attribute */ AuditLogInfo.AuditLogPercentFull = 0; AuditLogInfo.MaximumLogSize = 0; // DWORD AuditLogInfo.AuditRetentionPeriod.QuadPart = 0; // LARGE_INTEGER AuditLogInfo.AuditLogFullShutdownInProgress = 0; // BYTE AuditLogInfo.TimeToShutdown.QuadPart = 0; // LARGE_INTEGER AuditLogInfo.NextAuditRecordId = 0; // DWORD /* Initialize the Audit Events attribute */ AuditEventsCount = AuditCategoryAccountLogon - AuditCategorySystem + 1; AuditEventsSize = sizeof(LSAP_POLICY_AUDIT_EVENTS_DATA) + AuditEventsCount * sizeof(DWORD); AuditEventsInfo = RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, AuditEventsSize); if (AuditEventsInfo == NULL) return STATUS_INSUFFICIENT_RESOURCES; AuditEventsInfo->AuditingMode = FALSE; AuditEventsInfo->MaximumAuditEventCount = AuditEventsCount; for (i = 0; i < AuditEventsCount; i++) AuditEventsInfo->AuditEvents[i] = 0; /* Initialize the DNS Domain GUID attribute */ memset(&DnsDomainGuid, 0, sizeof(GUID)); /* Initialize the modification attribute */ ModificationInfo.ModifiedId.QuadPart = 0; NtQuerySystemTime(&ModificationInfo.DatabaseCreationTime); /* Create a random domain SID */ Status = LsapCreateRandomDomainSid(&AccountDomainSid); if (!NT_SUCCESS(Status)) goto done; Status = LsapCreatePolicySd(&PolicySd, &PolicySdSize); if (!NT_SUCCESS(Status)) goto done; /* Open the 'Policy' object */ Status = LsapOpenDbObject(NULL, NULL, L"Policy", LsaDbPolicyObject, 0, TRUE, &PolicyObject); if (!NT_SUCCESS(Status)) goto done; LsapSetObjectAttribute(PolicyObject, L"PolPrDmN", NULL, 0); LsapSetObjectAttribute(PolicyObject, L"PolPrDmS", NULL, 0); LsapSetObjectAttribute(PolicyObject, L"PolAcDmN", NULL, 0); LsapSetObjectAttribute(PolicyObject, L"PolAcDmS", AccountDomainSid, RtlLengthSid(AccountDomainSid)); /* Set the default quota limits attribute */ LsapSetObjectAttribute(PolicyObject, L"DefQuota", &QuotaInfo, sizeof(POLICY_DEFAULT_QUOTA_INFO)); /* Set the modification attribute */ LsapSetObjectAttribute(PolicyObject, L"PolMod", &ModificationInfo, sizeof(POLICY_MODIFICATION_INFO)); /* Set the audit full attribute */ LsapSetObjectAttribute(PolicyObject, L"PolAdtFl", &AuditFullInfo, sizeof(POLICY_AUDIT_FULL_QUERY_INFO)); /* Set the audit log attribute */ LsapSetObjectAttribute(PolicyObject, L"PolAdtLg", &AuditLogInfo, sizeof(POLICY_AUDIT_LOG_INFO)); /* Set the audit events attribute */ LsapSetObjectAttribute(PolicyObject, L"PolAdtEv", AuditEventsInfo, AuditEventsSize); /* Set the DNS Domain Name attribute */ LsapSetObjectAttribute(PolicyObject, L"PolDnDDN", NULL, 0); /* Set the DNS Forest Name attribute */ LsapSetObjectAttribute(PolicyObject, L"PolDnTrN", NULL, 0); /* Set the DNS Domain GUID attribute */ LsapSetObjectAttribute(PolicyObject, L"PolDnDmG", &DnsDomainGuid, sizeof(GUID)); /* Set the Sceurity Descriptor */ LsapSetObjectAttribute(PolicyObject, L"SecDesc", PolicySd, PolicySdSize); done: if (AuditEventsInfo != NULL) RtlFreeHeap(RtlGetProcessHeap(), 0, AuditEventsInfo); if (PolicyObject != NULL) LsapCloseDbObject(PolicyObject); if (AccountDomainSid != NULL) RtlFreeSid(AccountDomainSid); if (PolicySd != NULL) RtlFreeHeap(RtlGetProcessHeap(), 0, PolicySd); return Status; }