NTSTATUS
LsarSetAuditEvents(PLSA_DB_OBJECT PolicyObject,
PLSAPR_POLICY_AUDIT_EVENTS_INFO Info)
{
PLSAP_POLICY_AUDIT_EVENTS_DATA AuditData = NULL;
ULONG AttributeSize;
NTSTATUS Status = STATUS_SUCCESS;
TRACE("(%p %p)\n", PolicyObject, Info);
AttributeSize = sizeof(LSAP_POLICY_AUDIT_EVENTS_DATA) +
Info->MaximumAuditEventCount * sizeof(DWORD);
AuditData = RtlAllocateHeap(RtlGetProcessHeap(),
HEAP_ZERO_MEMORY,
AttributeSize);
if (AuditData == NULL)
return STATUS_INSUFFICIENT_RESOURCES;
AuditData->AuditingMode = Info->AuditingMode;
AuditData->MaximumAuditEventCount = Info->MaximumAuditEventCount;
memcpy(&(AuditData->AuditEvents[0]),
Info->EventAuditingOptions,
Info->MaximumAuditEventCount * sizeof(DWORD));
Status = LsapSetObjectAttribute(PolicyObject,
L"PolAdtEv",
AuditData,
AttributeSize);
RtlFreeHeap(RtlGetProcessHeap(), 0, AuditData);
return Status;
}
NTSTATUS
LsarSetAuditFull(PLSA_DB_OBJECT PolicyObject,
PPOLICY_AUDIT_FULL_QUERY_INFO Info)
{
PPOLICY_AUDIT_FULL_QUERY_INFO AuditFullInfo = NULL;
ULONG AttributeSize;
NTSTATUS Status;
TRACE("(%p %p)\n", PolicyObject, Info);
AttributeSize = sizeof(POLICY_AUDIT_FULL_QUERY_INFO);
AuditFullInfo = MIDL_user_allocate(AttributeSize);
if (AuditFullInfo == NULL)
return STATUS_INSUFFICIENT_RESOURCES;
Status = LsapGetObjectAttribute(PolicyObject,
L"PolAdtFl",
AuditFullInfo,
&AttributeSize);
if (!NT_SUCCESS(Status))
goto done;
AuditFullInfo->ShutDownOnFull = Info->ShutDownOnFull;
Status = LsapSetObjectAttribute(PolicyObject,
L"PolAdtFl",
AuditFullInfo,
AttributeSize);
done:
if (AuditFullInfo != NULL)
MIDL_user_free(AuditFullInfo);
return Status;
}
NTSTATUS
LsarSetAccountDomain(PLSA_DB_OBJECT PolicyObject,
PLSAPR_POLICY_ACCOUNT_DOM_INFO Info)
{
PUNICODE_STRING Buffer;
ULONG Length = 0;
NTSTATUS Status;
LPWSTR Ptr;
TRACE("(%p %p)\n", PolicyObject, Info);
Length = sizeof(UNICODE_STRING) + Info->DomainName.MaximumLength;
Buffer = RtlAllocateHeap(RtlGetProcessHeap(),
0,
Length);
if (Buffer == NULL)
return STATUS_INSUFFICIENT_RESOURCES;
Buffer->Length = Info->DomainName.Length;
Buffer->MaximumLength = Info->DomainName.MaximumLength;
Buffer->Buffer = (LPWSTR)sizeof(UNICODE_STRING);
Ptr = (LPWSTR)((ULONG_PTR)Buffer + sizeof(UNICODE_STRING));
memcpy(Ptr, Info->DomainName.Buffer, Info->DomainName.MaximumLength);
Status = LsapSetObjectAttribute(PolicyObject,
L"PolAcDmN",
Buffer,
Length);
RtlFreeHeap(RtlGetProcessHeap(), 0, Buffer);
if (!NT_SUCCESS(Status))
return Status;
Length = 0;
if (Info->Sid != NULL)
Length = RtlLengthSid(Info->Sid);
Status = LsapSetObjectAttribute(PolicyObject,
L"PolAcDmS",
(LPBYTE)Info->Sid,
Length);
return Status;
}
NTSTATUS
LsarSetModification(PLSA_DB_OBJECT PolicyObject,
PPOLICY_MODIFICATION_INFO Info)
{
TRACE("(%p %p)\n", PolicyObject, Info);
return LsapSetObjectAttribute(PolicyObject,
L"PolMod",
Info,
sizeof(POLICY_MODIFICATION_INFO));
}
NTSTATUS
LsarSetDefaultQuota(PLSA_DB_OBJECT PolicyObject,
PPOLICY_DEFAULT_QUOTA_INFO Info)
{
TRACE("(%p %p)\n", PolicyObject, Info);
return LsapSetObjectAttribute(PolicyObject,
L"DefQuota",
Info,
sizeof(POLICY_DEFAULT_QUOTA_INFO));
}
NTSTATUS
LsarSetServerRole(PLSA_DB_OBJECT PolicyObject,
PPOLICY_LSA_SERVER_ROLE_INFO Info)
{
TRACE("(%p %p)\n", PolicyObject, Info);
return LsapSetObjectAttribute(PolicyObject,
L"PolSrvRo",
Info,
sizeof(POLICY_LSA_SERVER_ROLE_INFO));
}
NTSTATUS
LsarSetAuditLog(PLSA_DB_OBJECT PolicyObject,
PPOLICY_AUDIT_LOG_INFO Info)
{
TRACE("(%p %p)\n", PolicyObject, Info);
return LsapSetObjectAttribute(PolicyObject,
L"PolAdtLg",
Info,
sizeof(POLICY_AUDIT_LOG_INFO));
}
static NTSTATUS
LsapCreateDatabaseObjects(VOID)
{
PLSAP_POLICY_AUDIT_EVENTS_DATA AuditEventsInfo = NULL;
POLICY_DEFAULT_QUOTA_INFO QuotaInfo;
POLICY_MODIFICATION_INFO ModificationInfo;
POLICY_AUDIT_FULL_QUERY_INFO AuditFullInfo = {FALSE, FALSE};
POLICY_AUDIT_LOG_INFO AuditLogInfo;
GUID DnsDomainGuid;
PLSA_DB_OBJECT PolicyObject = NULL;
PSID AccountDomainSid = NULL;
PSECURITY_DESCRIPTOR PolicySd = NULL;
ULONG PolicySdSize = 0;
ULONG AuditEventsCount;
ULONG AuditEventsSize;
ULONG i;
NTSTATUS Status;
/* Initialize the default quota limits */
QuotaInfo.QuotaLimits.PagedPoolLimit = 0x2000000;
QuotaInfo.QuotaLimits.NonPagedPoolLimit = 0x100000;
QuotaInfo.QuotaLimits.MinimumWorkingSetSize = 0x10000;
QuotaInfo.QuotaLimits.MaximumWorkingSetSize = 0xF000000;
QuotaInfo.QuotaLimits.PagefileLimit = 0;
QuotaInfo.QuotaLimits.TimeLimit.QuadPart = 0;
/* Initialize the audit log attribute */
AuditLogInfo.AuditLogPercentFull = 0;
AuditLogInfo.MaximumLogSize = 0; // DWORD
AuditLogInfo.AuditRetentionPeriod.QuadPart = 0; // LARGE_INTEGER
AuditLogInfo.AuditLogFullShutdownInProgress = 0; // BYTE
AuditLogInfo.TimeToShutdown.QuadPart = 0; // LARGE_INTEGER
AuditLogInfo.NextAuditRecordId = 0; // DWORD
/* Initialize the Audit Events attribute */
AuditEventsCount = AuditCategoryAccountLogon - AuditCategorySystem + 1;
AuditEventsSize = sizeof(LSAP_POLICY_AUDIT_EVENTS_DATA) + AuditEventsCount * sizeof(DWORD);
AuditEventsInfo = RtlAllocateHeap(RtlGetProcessHeap(),
HEAP_ZERO_MEMORY,
AuditEventsSize);
if (AuditEventsInfo == NULL)
return STATUS_INSUFFICIENT_RESOURCES;
AuditEventsInfo->AuditingMode = FALSE;
AuditEventsInfo->MaximumAuditEventCount = AuditEventsCount;
for (i = 0; i < AuditEventsCount; i++)
AuditEventsInfo->AuditEvents[i] = 0;
/* Initialize the DNS Domain GUID attribute */
memset(&DnsDomainGuid, 0, sizeof(GUID));
/* Initialize the modification attribute */
ModificationInfo.ModifiedId.QuadPart = 0;
NtQuerySystemTime(&ModificationInfo.DatabaseCreationTime);
/* Create a random domain SID */
Status = LsapCreateRandomDomainSid(&AccountDomainSid);
if (!NT_SUCCESS(Status))
goto done;
Status = LsapCreatePolicySd(&PolicySd, &PolicySdSize);
if (!NT_SUCCESS(Status))
goto done;
/* Open the 'Policy' object */
Status = LsapOpenDbObject(NULL,
NULL,
L"Policy",
LsaDbPolicyObject,
0,
TRUE,
&PolicyObject);
if (!NT_SUCCESS(Status))
goto done;
LsapSetObjectAttribute(PolicyObject,
L"PolPrDmN",
NULL,
0);
LsapSetObjectAttribute(PolicyObject,
L"PolPrDmS",
NULL,
0);
LsapSetObjectAttribute(PolicyObject,
L"PolAcDmN",
NULL,
0);
LsapSetObjectAttribute(PolicyObject,
L"PolAcDmS",
AccountDomainSid,
RtlLengthSid(AccountDomainSid));
/* Set the default quota limits attribute */
LsapSetObjectAttribute(PolicyObject,
L"DefQuota",
&QuotaInfo,
sizeof(POLICY_DEFAULT_QUOTA_INFO));
/* Set the modification attribute */
LsapSetObjectAttribute(PolicyObject,
L"PolMod",
&ModificationInfo,
sizeof(POLICY_MODIFICATION_INFO));
/* Set the audit full attribute */
LsapSetObjectAttribute(PolicyObject,
L"PolAdtFl",
&AuditFullInfo,
sizeof(POLICY_AUDIT_FULL_QUERY_INFO));
/* Set the audit log attribute */
LsapSetObjectAttribute(PolicyObject,
L"PolAdtLg",
&AuditLogInfo,
sizeof(POLICY_AUDIT_LOG_INFO));
/* Set the audit events attribute */
LsapSetObjectAttribute(PolicyObject,
L"PolAdtEv",
AuditEventsInfo,
AuditEventsSize);
/* Set the DNS Domain Name attribute */
LsapSetObjectAttribute(PolicyObject,
L"PolDnDDN",
NULL,
0);
/* Set the DNS Forest Name attribute */
LsapSetObjectAttribute(PolicyObject,
L"PolDnTrN",
NULL,
0);
/* Set the DNS Domain GUID attribute */
LsapSetObjectAttribute(PolicyObject,
L"PolDnDmG",
&DnsDomainGuid,
sizeof(GUID));
/* Set the Sceurity Descriptor */
LsapSetObjectAttribute(PolicyObject,
L"SecDesc",
PolicySd,
PolicySdSize);
done:
if (AuditEventsInfo != NULL)
RtlFreeHeap(RtlGetProcessHeap(), 0, AuditEventsInfo);
if (PolicyObject != NULL)
LsapCloseDbObject(PolicyObject);
if (AccountDomainSid != NULL)
RtlFreeSid(AccountDomainSid);
if (PolicySd != NULL)
RtlFreeHeap(RtlGetProcessHeap(), 0, PolicySd);
return Status;
}
