static
NTSTATUS
GetAccountDomainSid(PRPC_SID *Sid)
{
LSAPR_HANDLE PolicyHandle = NULL;
PLSAPR_POLICY_INFORMATION PolicyInfo = NULL;
ULONG Length = 0;
NTSTATUS Status;
Status = LsaIOpenPolicyTrusted(&PolicyHandle);
if (!NT_SUCCESS(Status))
{
TRACE("LsaIOpenPolicyTrusted() failed (Status 0x%08lx)\n", Status);
return Status;
}
Status = LsarQueryInformationPolicy(PolicyHandle,
PolicyAccountDomainInformation,
&PolicyInfo);
if (!NT_SUCCESS(Status))
{
TRACE("LsarQueryInformationPolicy() failed (Status 0x%08lx)\n", Status);
goto done;
}
Length = RtlLengthSid(PolicyInfo->PolicyAccountDomainInfo.Sid);
*Sid = RtlAllocateHeap(RtlGetProcessHeap(), 0, Length);
if (*Sid == NULL)
{
ERR("Failed to allocate SID\n");
Status = STATUS_INSUFFICIENT_RESOURCES;
goto done;
}
memcpy(*Sid, PolicyInfo->PolicyAccountDomainInfo.Sid, Length);
done:
if (PolicyInfo != NULL)
LsaIFree_LSAPR_POLICY_INFORMATION(PolicyAccountDomainInformation,
PolicyInfo);
if (PolicyHandle != NULL)
LsarClose(&PolicyHandle);
return Status;
}
/*
* @implemented
*/
NTSTATUS
WINAPI
LsaClose(IN LSA_HANDLE ObjectHandle)
{
NTSTATUS Status;
TRACE("LsaClose(0x%p) called\n", ObjectHandle);
RpcTryExcept
{
Status = LsarClose((PLSAPR_HANDLE)&ObjectHandle);
}
RpcExcept(EXCEPTION_EXECUTE_HANDLER)
{
Status = I_RpcMapWin32Status(RpcExceptionCode());
}
RpcEndExcept;
return Status;
}
NTSTATUS
NlCloseChangeLog(
VOID
)
/*++
Routine Description:
Frees any resources consumed by NlInitChangeLog.
Arguments:
NONE
Return Value:
NT Status code
--*/
{
if ( (NlGlobalChangeLogDesc.FileHandle == INVALID_HANDLE_VALUE) &&
(NlGlobalChangeLogRole == ChangeLogPrimary) ) {
//
// try to save change log cache one last time.
//
(VOID)NlCreateChangeLogFile( &NlGlobalChangeLogDesc );
}
if ( NlGlobalChangeLogDesc.FileHandle != INVALID_HANDLE_VALUE ) {
CloseHandle( NlGlobalChangeLogDesc.FileHandle );
NlGlobalChangeLogDesc.FileHandle = INVALID_HANDLE_VALUE;
}
NlGlobalChangeLogFilePrefix[0] = L'\0';
if ( NlGlobalChangeLogDesc.Buffer != NULL ) {
NetpMemoryFree( NlGlobalChangeLogDesc.Buffer );
NlGlobalChangeLogDesc.Buffer = NULL;
}
if ( NlGlobalChWorkerBuiltinDomainSid != NULL ) {
RtlFreeSid( NlGlobalChWorkerBuiltinDomainSid );
NlGlobalChWorkerBuiltinDomainSid = NULL;
}
if ( NlGlobalChWorkerSamDomainSid != NULL ) {
NetpMemoryFree( NlGlobalChWorkerSamDomainSid );
NlGlobalChWorkerSamDomainSid = NULL;
}
if ( NlGlobalChangeLogEvent != NULL ) {
(VOID) CloseHandle(NlGlobalChangeLogEvent);
NlGlobalChangeLogEvent = NULL;
}
if ( NlGlobalChangeLogWorkerQueueEvent != NULL ) {
(VOID) CloseHandle(NlGlobalChangeLogWorkerQueueEvent);
NlGlobalChangeLogWorkerQueueEvent = NULL;
}
//
// if worker thread running, stop it.
//
NlStopChangeLogWorker();
LOCK_CHANGELOG();
NlAssert( IsListEmpty( &NlGlobalChangeLogNotifications ) );
NlAssert( IsListEmpty( &NlGlobalChangeLogWorkerQueue ) );
UNLOCK_CHANGELOG();
NlGlobalChangeLogWorkInit = FALSE;
//
// close all handles
//
if ( NlGlobalChWorkerSamServerHandle != NULL ) {
(VOID)SamrCloseHandle( &NlGlobalChWorkerSamServerHandle);
}
if ( NlGlobalChWorkerPolicyHandle != NULL ) {
(VOID)LsarClose( &NlGlobalChWorkerPolicyHandle);
}
if ( NlGlobalChWorkerSamDBHandle != NULL ) {
(VOID)SamrCloseHandle( &NlGlobalChWorkerSamDBHandle);
}
if ( NlGlobalChWorkerBuiltinDBHandle != NULL ) {
(VOID)SamrCloseHandle( &NlGlobalChWorkerBuiltinDBHandle);
}
DeleteCriticalSection( &NlGlobalChangeLogCritSect );
#if DBG
DeleteCriticalSection( &NlGlobalLogFileCritSect );
#endif // DBG
return STATUS_SUCCESS;
}
static
NTSTATUS
BuildTokenPrivileges(PTOKEN_PRIVILEGES *TokenPrivileges)
{
/* FIXME shouldn't use hard-coded list of privileges */
static struct
{
LPCWSTR PrivName;
DWORD Attributes;
}
DefaultPrivs[] =
{
{ L"SeMachineAccountPrivilege", 0 },
{ L"SeSecurityPrivilege", 0 },
{ L"SeTakeOwnershipPrivilege", 0 },
{ L"SeLoadDriverPrivilege", 0 },
{ L"SeSystemProfilePrivilege", 0 },
{ L"SeSystemtimePrivilege", 0 },
{ L"SeProfileSingleProcessPrivilege", 0 },
{ L"SeIncreaseBasePriorityPrivilege", 0 },
{ L"SeCreatePagefilePrivilege", 0 },
{ L"SeBackupPrivilege", 0 },
{ L"SeRestorePrivilege", 0 },
{ L"SeShutdownPrivilege", 0 },
{ L"SeDebugPrivilege", 0 },
{ L"SeSystemEnvironmentPrivilege", 0 },
{ L"SeChangeNotifyPrivilege", SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
{ L"SeRemoteShutdownPrivilege", 0 },
{ L"SeUndockPrivilege", 0 },
{ L"SeEnableDelegationPrivilege", 0 },
{ L"SeImpersonatePrivilege", SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
{ L"SeCreateGlobalPrivilege", SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT }
};
PTOKEN_PRIVILEGES Privileges = NULL;
ULONG i;
RPC_UNICODE_STRING PrivilegeName;
LSAPR_HANDLE PolicyHandle = NULL;
NTSTATUS Status = STATUS_SUCCESS;
Status = LsaIOpenPolicyTrusted(&PolicyHandle);
if (!NT_SUCCESS(Status))
{
goto done;
}
/* Allocate and initialize token privileges */
Privileges = DispatchTable.AllocateLsaHeap(sizeof(TOKEN_PRIVILEGES) +
sizeof(DefaultPrivs) / sizeof(DefaultPrivs[0]) *
sizeof(LUID_AND_ATTRIBUTES));
if (Privileges == NULL)
{
Status = STATUS_INSUFFICIENT_RESOURCES;
goto done;
}
Privileges->PrivilegeCount = 0;
for (i = 0; i < sizeof(DefaultPrivs) / sizeof(DefaultPrivs[0]); i++)
{
PrivilegeName.Length = wcslen(DefaultPrivs[i].PrivName) * sizeof(WCHAR);
PrivilegeName.MaximumLength = PrivilegeName.Length + sizeof(WCHAR);
PrivilegeName.Buffer = (LPWSTR)DefaultPrivs[i].PrivName;
Status = LsarLookupPrivilegeValue(PolicyHandle,
&PrivilegeName,
&Privileges->Privileges[Privileges->PrivilegeCount].Luid);
if (!NT_SUCCESS(Status))
{
WARN("Can't set privilege %S\n", DefaultPrivs[i].PrivName);
}
else
{
Privileges->Privileges[Privileges->PrivilegeCount].Attributes = DefaultPrivs[i].Attributes;
Privileges->PrivilegeCount++;
}
}
*TokenPrivileges = Privileges;
done:
if (PolicyHandle != NULL)
LsarClose(PolicyHandle);
return Status;
}
