static NTSTATUS GetAccountDomainSid(PRPC_SID *Sid) { LSAPR_HANDLE PolicyHandle = NULL; PLSAPR_POLICY_INFORMATION PolicyInfo = NULL; ULONG Length = 0; NTSTATUS Status; Status = LsaIOpenPolicyTrusted(&PolicyHandle); if (!NT_SUCCESS(Status)) { TRACE("LsaIOpenPolicyTrusted() failed (Status 0x%08lx)\n", Status); return Status; } Status = LsarQueryInformationPolicy(PolicyHandle, PolicyAccountDomainInformation, &PolicyInfo); if (!NT_SUCCESS(Status)) { TRACE("LsarQueryInformationPolicy() failed (Status 0x%08lx)\n", Status); goto done; } Length = RtlLengthSid(PolicyInfo->PolicyAccountDomainInfo.Sid); *Sid = RtlAllocateHeap(RtlGetProcessHeap(), 0, Length); if (*Sid == NULL) { ERR("Failed to allocate SID\n"); Status = STATUS_INSUFFICIENT_RESOURCES; goto done; } memcpy(*Sid, PolicyInfo->PolicyAccountDomainInfo.Sid, Length); done: if (PolicyInfo != NULL) LsaIFree_LSAPR_POLICY_INFORMATION(PolicyAccountDomainInformation, PolicyInfo); if (PolicyHandle != NULL) LsarClose(&PolicyHandle); return Status; }
/* * @implemented */ NTSTATUS WINAPI LsaClose(IN LSA_HANDLE ObjectHandle) { NTSTATUS Status; TRACE("LsaClose(0x%p) called\n", ObjectHandle); RpcTryExcept { Status = LsarClose((PLSAPR_HANDLE)&ObjectHandle); } RpcExcept(EXCEPTION_EXECUTE_HANDLER) { Status = I_RpcMapWin32Status(RpcExceptionCode()); } RpcEndExcept; return Status; }
NTSTATUS NlCloseChangeLog( VOID ) /*++ Routine Description: Frees any resources consumed by NlInitChangeLog. Arguments: NONE Return Value: NT Status code --*/ { if ( (NlGlobalChangeLogDesc.FileHandle == INVALID_HANDLE_VALUE) && (NlGlobalChangeLogRole == ChangeLogPrimary) ) { // // try to save change log cache one last time. // (VOID)NlCreateChangeLogFile( &NlGlobalChangeLogDesc ); } if ( NlGlobalChangeLogDesc.FileHandle != INVALID_HANDLE_VALUE ) { CloseHandle( NlGlobalChangeLogDesc.FileHandle ); NlGlobalChangeLogDesc.FileHandle = INVALID_HANDLE_VALUE; } NlGlobalChangeLogFilePrefix[0] = L'\0'; if ( NlGlobalChangeLogDesc.Buffer != NULL ) { NetpMemoryFree( NlGlobalChangeLogDesc.Buffer ); NlGlobalChangeLogDesc.Buffer = NULL; } if ( NlGlobalChWorkerBuiltinDomainSid != NULL ) { RtlFreeSid( NlGlobalChWorkerBuiltinDomainSid ); NlGlobalChWorkerBuiltinDomainSid = NULL; } if ( NlGlobalChWorkerSamDomainSid != NULL ) { NetpMemoryFree( NlGlobalChWorkerSamDomainSid ); NlGlobalChWorkerSamDomainSid = NULL; } if ( NlGlobalChangeLogEvent != NULL ) { (VOID) CloseHandle(NlGlobalChangeLogEvent); NlGlobalChangeLogEvent = NULL; } if ( NlGlobalChangeLogWorkerQueueEvent != NULL ) { (VOID) CloseHandle(NlGlobalChangeLogWorkerQueueEvent); NlGlobalChangeLogWorkerQueueEvent = NULL; } // // if worker thread running, stop it. // NlStopChangeLogWorker(); LOCK_CHANGELOG(); NlAssert( IsListEmpty( &NlGlobalChangeLogNotifications ) ); NlAssert( IsListEmpty( &NlGlobalChangeLogWorkerQueue ) ); UNLOCK_CHANGELOG(); NlGlobalChangeLogWorkInit = FALSE; // // close all handles // if ( NlGlobalChWorkerSamServerHandle != NULL ) { (VOID)SamrCloseHandle( &NlGlobalChWorkerSamServerHandle); } if ( NlGlobalChWorkerPolicyHandle != NULL ) { (VOID)LsarClose( &NlGlobalChWorkerPolicyHandle); } if ( NlGlobalChWorkerSamDBHandle != NULL ) { (VOID)SamrCloseHandle( &NlGlobalChWorkerSamDBHandle); } if ( NlGlobalChWorkerBuiltinDBHandle != NULL ) { (VOID)SamrCloseHandle( &NlGlobalChWorkerBuiltinDBHandle); } DeleteCriticalSection( &NlGlobalChangeLogCritSect ); #if DBG DeleteCriticalSection( &NlGlobalLogFileCritSect ); #endif // DBG return STATUS_SUCCESS; }
static NTSTATUS BuildTokenPrivileges(PTOKEN_PRIVILEGES *TokenPrivileges) { /* FIXME shouldn't use hard-coded list of privileges */ static struct { LPCWSTR PrivName; DWORD Attributes; } DefaultPrivs[] = { { L"SeMachineAccountPrivilege", 0 }, { L"SeSecurityPrivilege", 0 }, { L"SeTakeOwnershipPrivilege", 0 }, { L"SeLoadDriverPrivilege", 0 }, { L"SeSystemProfilePrivilege", 0 }, { L"SeSystemtimePrivilege", 0 }, { L"SeProfileSingleProcessPrivilege", 0 }, { L"SeIncreaseBasePriorityPrivilege", 0 }, { L"SeCreatePagefilePrivilege", 0 }, { L"SeBackupPrivilege", 0 }, { L"SeRestorePrivilege", 0 }, { L"SeShutdownPrivilege", 0 }, { L"SeDebugPrivilege", 0 }, { L"SeSystemEnvironmentPrivilege", 0 }, { L"SeChangeNotifyPrivilege", SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT }, { L"SeRemoteShutdownPrivilege", 0 }, { L"SeUndockPrivilege", 0 }, { L"SeEnableDelegationPrivilege", 0 }, { L"SeImpersonatePrivilege", SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT }, { L"SeCreateGlobalPrivilege", SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT } }; PTOKEN_PRIVILEGES Privileges = NULL; ULONG i; RPC_UNICODE_STRING PrivilegeName; LSAPR_HANDLE PolicyHandle = NULL; NTSTATUS Status = STATUS_SUCCESS; Status = LsaIOpenPolicyTrusted(&PolicyHandle); if (!NT_SUCCESS(Status)) { goto done; } /* Allocate and initialize token privileges */ Privileges = DispatchTable.AllocateLsaHeap(sizeof(TOKEN_PRIVILEGES) + sizeof(DefaultPrivs) / sizeof(DefaultPrivs[0]) * sizeof(LUID_AND_ATTRIBUTES)); if (Privileges == NULL) { Status = STATUS_INSUFFICIENT_RESOURCES; goto done; } Privileges->PrivilegeCount = 0; for (i = 0; i < sizeof(DefaultPrivs) / sizeof(DefaultPrivs[0]); i++) { PrivilegeName.Length = wcslen(DefaultPrivs[i].PrivName) * sizeof(WCHAR); PrivilegeName.MaximumLength = PrivilegeName.Length + sizeof(WCHAR); PrivilegeName.Buffer = (LPWSTR)DefaultPrivs[i].PrivName; Status = LsarLookupPrivilegeValue(PolicyHandle, &PrivilegeName, &Privileges->Privileges[Privileges->PrivilegeCount].Luid); if (!NT_SUCCESS(Status)) { WARN("Can't set privilege %S\n", DefaultPrivs[i].PrivName); } else { Privileges->Privileges[Privileges->PrivilegeCount].Attributes = DefaultPrivs[i].Attributes; Privileges->PrivilegeCount++; } } *TokenPrivileges = Privileges; done: if (PolicyHandle != NULL) LsarClose(PolicyHandle); return Status; }