Beispiel #1
0
/*
 * @implemented
 */
NTSTATUS
WINAPI
LsaLookupPrivilegeValue(IN LSA_HANDLE PolicyHandle,
                        IN PLSA_UNICODE_STRING Name,
                        OUT PLUID Value)
{
    LUID Luid;
    NTSTATUS Status;

    TRACE("(%p,%p,%p)\n", PolicyHandle, Name, Value);

    RpcTryExcept
    {
        Status = LsarLookupPrivilegeValue(PolicyHandle,
                                          (PRPC_UNICODE_STRING)Name,
                                          &Luid);
        if (Status == STATUS_SUCCESS)
            *Value = Luid;
    }
    RpcExcept(EXCEPTION_EXECUTE_HANDLER)
    {
        Status = I_RpcMapWin32Status(RpcExceptionCode());
    }
    RpcEndExcept;

    return Status;
}
Beispiel #2
0
static
NTSTATUS
BuildTokenPrivileges(PTOKEN_PRIVILEGES *TokenPrivileges)
{
    /* FIXME shouldn't use hard-coded list of privileges */
    static struct
    {
      LPCWSTR PrivName;
      DWORD Attributes;
    }
    DefaultPrivs[] =
    {
      { L"SeMachineAccountPrivilege", 0 },
      { L"SeSecurityPrivilege", 0 },
      { L"SeTakeOwnershipPrivilege", 0 },
      { L"SeLoadDriverPrivilege", 0 },
      { L"SeSystemProfilePrivilege", 0 },
      { L"SeSystemtimePrivilege", 0 },
      { L"SeProfileSingleProcessPrivilege", 0 },
      { L"SeIncreaseBasePriorityPrivilege", 0 },
      { L"SeCreatePagefilePrivilege", 0 },
      { L"SeBackupPrivilege", 0 },
      { L"SeRestorePrivilege", 0 },
      { L"SeShutdownPrivilege", 0 },
      { L"SeDebugPrivilege", 0 },
      { L"SeSystemEnvironmentPrivilege", 0 },
      { L"SeChangeNotifyPrivilege", SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
      { L"SeRemoteShutdownPrivilege", 0 },
      { L"SeUndockPrivilege", 0 },
      { L"SeEnableDelegationPrivilege", 0 },
      { L"SeImpersonatePrivilege", SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
      { L"SeCreateGlobalPrivilege", SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT }
    };
    PTOKEN_PRIVILEGES Privileges = NULL;
    ULONG i;
    RPC_UNICODE_STRING PrivilegeName;
    LSAPR_HANDLE PolicyHandle = NULL;
    NTSTATUS Status = STATUS_SUCCESS;

    Status = LsaIOpenPolicyTrusted(&PolicyHandle);
    if (!NT_SUCCESS(Status))
    {
        goto done;
    }

    /* Allocate and initialize token privileges */
    Privileges = DispatchTable.AllocateLsaHeap(sizeof(TOKEN_PRIVILEGES) +
                                               sizeof(DefaultPrivs) / sizeof(DefaultPrivs[0]) *
                                               sizeof(LUID_AND_ATTRIBUTES));
    if (Privileges == NULL)
    {
        Status = STATUS_INSUFFICIENT_RESOURCES;
        goto done;
    }

    Privileges->PrivilegeCount = 0;
    for (i = 0; i < sizeof(DefaultPrivs) / sizeof(DefaultPrivs[0]); i++)
    {
        PrivilegeName.Length = wcslen(DefaultPrivs[i].PrivName) * sizeof(WCHAR);
        PrivilegeName.MaximumLength = PrivilegeName.Length + sizeof(WCHAR);
        PrivilegeName.Buffer = (LPWSTR)DefaultPrivs[i].PrivName;

        Status = LsarLookupPrivilegeValue(PolicyHandle,
                                          &PrivilegeName,
                                          &Privileges->Privileges[Privileges->PrivilegeCount].Luid);
        if (!NT_SUCCESS(Status))
        {
            WARN("Can't set privilege %S\n", DefaultPrivs[i].PrivName);
        }
        else
        {
            Privileges->Privileges[Privileges->PrivilegeCount].Attributes = DefaultPrivs[i].Attributes;
            Privileges->PrivilegeCount++;
        }
    }

    *TokenPrivileges = Privileges;

done:
    if (PolicyHandle != NULL)
        LsarClose(PolicyHandle);

    return Status;
}