archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-server-2003/termsrv/winsta/server/regnw.c

747 lines
20 KiB
Raw Permalink Normal View History

commiting as it is
4 years ago
  2. /*************************************************************************
  3. *
  4. * nw.c
  5. *
  6. * Netware security support
  7. *
  8. * Copyright Microsoft Corporation, 1998
  9. *
  10. *
  11. *************************************************************************/
  13. /*
  14. * Includes
  15. */
  16. #include "precomp.h"
  17. #pragma hdrstop
  18. #include <ntlsa.h>
  20. #include <rpc.h>
  23. #if DBG
  24. ULONG
  25. DbgPrint(
  26. PCH Format,
  27. ...
  28. );
  29. #define DBGPRINT(x) DbgPrint x
  30. #if DBGTRACE
  31. #define TRACE0(x) DbgPrint x
  32. #define TRACE1(x) DbgPrint x
  33. #else
  34. #define TRACE0(x)
  35. #define TRACE1(x)
  36. #endif
  37. #else
  38. #define DBGPRINT(x)
  39. #define TRACE0(x)
  40. #define TRACE1(x)
  41. #endif
  44. /*
  45. * This is the prefix for the secret object name.
  46. */
  47. #define CITRIX_NW_SECRET_NAME L"CTX_NW_INFO_"
  50. /*=============================================================================
  51. == Public functions
  52. =============================================================================*/
  56. /*=============================================================================
  57. == Functions Used
  58. =============================================================================*/
  59. NTSTATUS CreateSecretInLsa(
  60. PWCHAR pSecretName,
  61. PWCHAR pSecretData
  62. );
  64. NTSTATUS
  65. QuerySecretInLsa(
  66. PWCHAR pSecretName,
  67. PWCHAR pSecretData,
  68. DWORD ByteCount
  69. );
  71. BOOL
  72. IsCallerSystem( VOID );
  74. BOOL
  75. IsCallerAdmin( VOID );
  77. BOOL
  78. TestUserForAdmin( VOID );
  82. NTSTATUS
  83. IsZeroterminateStringA(
  84. PBYTE pString,
  85. DWORD dwLength
  86. );
  90. NTSTATUS
  91. IsZeroterminateStringW(
  92. PWCHAR pwString,
  93. DWORD dwLength
  94. ) ;
  95. /*=============================================================================
  96. == Global data
  97. =============================================================================*/
  100. /*******************************************************************************
  101. *
  102. * RpcServerNWLogonSetAdmin (UNICODE)
  103. *
  104. * Creates or updates the specified server's NWLogon Domain Administrator
  105. * UserID and Password in the SAM secret objects of the specified server.
  106. *
  107. * The caller must be ADMIN.
  108. *
  109. * ENTRY:
  110. * pServerName (input)
  111. * Server to store info for. This server is typically a domain controller.
  112. *
  113. * pNWLogon (input)
  114. * Pointer to a NWLOGONADMIN structure containing specified server's
  115. * domain admin and password.
  116. *
  117. * EXIT:
  118. * ERROR_SUCCESS - no error
  119. * ERROR_INSUFFICIENT_BUFFER - pUserConfig buffer too small
  120. * otherwise: the error code
  121. *
  122. ******************************************************************************/
  124. BOOLEAN
  125. RpcServerNWLogonSetAdmin(
  126. HANDLE hServer,
  127. DWORD *pResult,
  128. PWCHAR pServerName,
  129. DWORD ServerNameSize,
  130. PNWLOGONADMIN pNWLogon,
  131. DWORD ByteCount
  132. )
  133. {
  134. DWORD Size;
  135. DWORD Result;
  136. PWCHAR pDomain;
  137. UINT LocalFlag;
  138. PWCHAR pSecretName;
  139. RPC_STATUS RpcStatus;
  140. WCHAR UserPass[ USERNAME_LENGTH + PASSWORD_LENGTH + DOMAIN_LENGTH + 3 ];
  142. if(!hServer)
  143. {
  144. *pResult = STATUS_UNSUCCESSFUL;
  145. return( FALSE );
  146. }
  148. // Do minimal buffer validation
  150. if (pNWLogon == NULL ) {
  151. *pResult = STATUS_INVALID_USER_BUFFER;
  152. return FALSE;
  153. }
  155. if (ByteCount < sizeof(NWLOGONADMIN))
  156. {
  157. *pResult = STATUS_INVALID_USER_BUFFER;
  158. return FALSE;
  159. }
  161. if( pServerName == NULL ) {
  162. DBGPRINT(("NWLogonSetAdmin: No ServerName\n"));
  163. *pResult = (ULONG)STATUS_INVALID_PARAMETER;
  164. return( FALSE );
  165. }
  167. *pResult = IsZeroterminateStringW(pServerName, ServerNameSize );
  169. if (*pResult != STATUS_SUCCESS) {
  170. return FALSE;
  171. }
  174. pNWLogon->Username[USERNAME_LENGTH] = (WCHAR) 0;
  175. pNWLogon->Password[PASSWORD_LENGTH] = (WCHAR) 0;
  176. pNWLogon->Domain[DOMAIN_LENGTH] = (WCHAR) 0;
  178. //
  179. // Only a SYSTEM mode caller (IE: Winlogon) is allowed
  180. // to query this value.
  181. //
  182. RpcStatus = RpcImpersonateClient( NULL );
  183. if( RpcStatus != RPC_S_OK ) {
  184. DBGPRINT(("RpcServerNWLogonSetAdmin: Not impersonating! RpcStatus 0x%x\n",RpcStatus));
  185. *pResult = (ULONG)STATUS_CANNOT_IMPERSONATE;
  186. return( FALSE );
  187. }
  189. //
  190. // Inquire if local RPC call
  191. //
  192. RpcStatus = I_RpcBindingIsClientLocal(
  193. 0, // Active RPC call we are servicing
  194. &LocalFlag
  195. );
  197. if( RpcStatus != RPC_S_OK ) {
  198. DBGPRINT(("NWLogonSetAdmin Could not query local client RpcStatus 0x%x\n",RpcStatus));
  199. RpcRevertToSelf();
  200. *pResult = (ULONG)STATUS_ACCESS_DENIED;
  201. return( FALSE );
  202. }
  204. if( !LocalFlag ) {
  205. DBGPRINT(("NWLogonSetAdmin Not a local client call\n"));
  206. RpcRevertToSelf();
  207. *pResult = (ULONG)STATUS_ACCESS_DENIED;
  208. return( FALSE );
  209. }
  211. if( !IsCallerAdmin() ) {
  212. RpcRevertToSelf();
  213. DBGPRINT(("RpcServerNWLogonSetAdmin: Caller Not SYSTEM\n"));
  214. *pResult = (ULONG)STATUS_ACCESS_DENIED;
  215. return( FALSE );
  216. }
  218. RpcRevertToSelf();
  221. if( ByteCount < sizeof(NWLOGONADMIN) ) {
  222. DBGPRINT(("NWLogonSetAdmin: Bad size %d\n",ByteCount));
  223. *pResult = (ULONG)STATUS_INFO_LENGTH_MISMATCH;
  224. return( FALSE );
  225. }
  227. // check for username, and if there is one then encrypt username and pw
  229. TRACE0(("NWLogonSetAdmin: UserName %ws\n",pNWLogon->Username));
  231. // concatenate the username, password, and domain together
  232. wcscpy(UserPass, pNWLogon->Username);
  233. wcscat(UserPass, L"/");
  234. wcscat(UserPass, pNWLogon->Password);
  235. wcscat(UserPass, L"/");
  237. // Skip over any \\ backslashes (if a machine name was passed in)
  238. pDomain = pNWLogon->Domain;
  239. while (*pDomain == L'\\') {
  240. pDomain++;
  241. }
  242. wcscat(UserPass, pDomain);
  244. //
  245. // Build the secret name from the server name.
  246. //
  247. // This is because each domain will have a different entry.
  248. //
  250. // Skip over any \\ backslashes (if a machine name was passed in)
  251. while (*pServerName == L'\\') {
  252. pServerName++;
  253. }
  254. Size = wcslen(pServerName) + 1;
  255. Size *= sizeof(WCHAR);
  256. Size += sizeof(CITRIX_NW_SECRET_NAME);
  258. pSecretName = MemAlloc( Size );
  259. if( pSecretName == NULL ) {
  260. DBGPRINT(("NWLogonSetAdmin: No memory\n"));
  261. *pResult = (ULONG)STATUS_NO_MEMORY;
  262. return( FALSE );
  263. }
  265. wcscpy(pSecretName, CITRIX_NW_SECRET_NAME );
  266. wcscat(pSecretName, pServerName );
  268. // check for username, and if there is one then encrypt username and pw
  269. if ( wcslen( pNWLogon->Username ) ) {
  270. // store encrypted username
  271. Result = CreateSecretInLsa( pSecretName, UserPass );
  272. } else {
  273. // If there wasn't a username, clear this secret object.
  274. Result = CreateSecretInLsa( pSecretName, L"");
  275. DBGPRINT(("TERMSRV: RpcServerNWLogonSetAdmin: UserName not supplied\n"));
  276. }
  277. MemFree( pSecretName );
  279. *pResult = Result;
  280. return( Result == STATUS_SUCCESS );
  281. }
  284. /*******************************************************************************
  285. *
  286. * RpcServerQueryNWLogonAdmin
  287. *
  288. * Query NWLOGONADMIN structure from the SAM Secret object on the given
  289. * WinFrame server.
  290. *
  291. * The caller must be SYSTEM context, IE: WinLogon.
  292. *
  293. * ENTRY:
  294. * hServer (input)
  295. * Rpc handle
  296. *
  297. * pServerName (input)
  298. * Server to store info for. This server is typically a domain controller.
  299. *
  300. * pNWLogon (output)
  301. * pointer to NWLOGONADMIN structure
  302. *
  303. * EXIT:
  304. * nothing
  305. *
  306. ******************************************************************************/
  308. BOOLEAN
  309. RpcServerNWLogonQueryAdmin(
  310. HANDLE hServer,
  311. DWORD *pResult,
  312. PWCHAR pServerName,
  313. DWORD ServerNameSize,
  314. PNWLOGONADMIN pNWLogon,
  315. DWORD ByteCount
  316. )
  317. {
  318. PWCHAR pwch;
  319. DWORD Size;
  320. ULONG ulcsep;
  321. UINT LocalFlag;
  322. NTSTATUS Status;
  323. PWCHAR pSecretName;
  324. RPC_STATUS RpcStatus;
  325. WCHAR encString[ USERNAME_LENGTH + PASSWORD_LENGTH + DOMAIN_LENGTH + 3 ];
  326. BOOLEAN SystemCaller = FALSE;
  328. if(!hServer)
  329. {
  330. *pResult = STATUS_UNSUCCESSFUL;
  331. return( FALSE );
  332. }
  334. // Do minimal buffer validation
  336. if (pNWLogon == NULL) {
  337. *pResult = STATUS_INVALID_USER_BUFFER;
  338. return FALSE;
  339. }
  341. if( ByteCount < sizeof(NWLOGONADMIN) ) {
  342. DBGPRINT(("NWLogonQueryAdmin: Bad size %d\n",ByteCount));
  343. *pResult = (ULONG)STATUS_INFO_LENGTH_MISMATCH;
  344. return( FALSE );
  345. }
  347. if( pServerName == NULL ) {
  348. DBGPRINT(("NWLogonQueryAdmin: No ServerName\n"));
  349. *pResult = (ULONG)STATUS_INVALID_PARAMETER;
  350. return( FALSE );
  351. }
  353. *pResult = IsZeroterminateStringW(pServerName, ServerNameSize );
  355. if (*pResult != STATUS_SUCCESS) {
  356. return FALSE;
  357. }
  360. pNWLogon->Username[USERNAME_LENGTH] = (WCHAR) 0;
  361. pNWLogon->Password[PASSWORD_LENGTH] = (WCHAR) 0;
  362. pNWLogon->Domain[DOMAIN_LENGTH] = (WCHAR) 0;
  364. //
  368. //
  369. // Only a SYSTEM mode caller (IE: Winlogon) is allowed
  370. // to query this value.
  371. //
  372. RpcStatus = RpcImpersonateClient( NULL );
  373. if( RpcStatus != RPC_S_OK ) {
  374. DBGPRINT(("RpcServerNWLogonQueryAdmin: Not impersonating! RpcStatus 0x%x\n",RpcStatus));
  375. *pResult = (ULONG)STATUS_CANNOT_IMPERSONATE;
  376. return( FALSE );
  377. }
  379. //
  380. // Inquire if local RPC call
  381. //
  382. RpcStatus = I_RpcBindingIsClientLocal(
  383. 0, // Active RPC call we are servicing
  384. &LocalFlag
  385. );
  387. if( RpcStatus != RPC_S_OK ) {
  388. DBGPRINT(("NWLogonQueryAdmin Could not query local client RpcStatus 0x%x\n",RpcStatus));
  389. RpcRevertToSelf();
  390. *pResult = (ULONG)STATUS_ACCESS_DENIED;
  391. return( FALSE );
  392. }
  394. if( !LocalFlag ) {
  395. DBGPRINT(("NWLogonQueryAdmin Not a local client call\n"));
  396. RpcRevertToSelf();
  397. *pResult = (ULONG)STATUS_ACCESS_DENIED;
  398. return( FALSE );
  399. }
  401. /* find out who is calling us system has complete access, admin can't get password, user is kicked out */
  402. if( IsCallerSystem() ) {
  403. SystemCaller = TRUE;
  404. }
  405. if( !TestUserForAdmin() && (SystemCaller != TRUE) ) {
  406. RpcRevertToSelf();
  407. DBGPRINT(("RpcServerNWLogonQueryAdmin: Caller Not SYSTEM or Admin\n"));
  408. *pResult = (ULONG)STATUS_ACCESS_DENIED;
  409. return( FALSE );
  410. }
  412. RpcRevertToSelf();
  415. //
  416. // Build the secret name from the server name.
  417. //
  418. // This is because each domain will have a different entry.
  419. //
  421. // Skip over any \\ backslashes (if a machine name was passed in)
  422. while (*pServerName == L'\\') {
  423. pServerName++;
  424. }
  425. Size = wcslen(pServerName) + 1;
  426. Size *= sizeof(WCHAR);
  427. Size += sizeof(CITRIX_NW_SECRET_NAME);
  429. pSecretName = MemAlloc( Size );
  430. if( pSecretName == NULL ) {
  431. DBGPRINT(("NWLogonSetAdmin: No memory\n"));
  432. *pResult = (ULONG)STATUS_NO_MEMORY;
  433. return( FALSE );
  434. }
  436. wcscpy(pSecretName, CITRIX_NW_SECRET_NAME );
  437. wcscat(pSecretName, pServerName );
  439. Status = QuerySecretInLsa(
  440. pSecretName,
  441. encString,
  442. sizeof(encString)
  443. );
  445. MemFree( pSecretName );
  447. if( !NT_SUCCESS(Status) ) {
  448. *pResult = Status;
  449. DBGPRINT(("NWLogonQueryAdmin: Error 0x%x querying secret object\n",Status));
  450. return( FALSE );
  451. }
  453. // check for username/password if there is one then decrypt it
  454. if ( wcslen( encString ) ) {
  456. // Change the '/' seperator to null
  457. pwch = &encString[0];
  458. ulcsep = 0;
  459. while (pwch && *pwch) {
  460. pwch = wcschr(pwch, L'/');
  461. if (pwch) {
  462. *pwch = L'\0';
  463. pwch++;
  464. ulcsep++;
  465. }
  466. }
  468. // get clear text username
  469. wcscpy( pNWLogon->Username, &encString[0] );
  471. if (ulcsep >= 1) {
  472. // Skip to the password
  473. pwch = &encString[0] + wcslen(&encString[0]) + 1;
  475. if( SystemCaller == TRUE ){
  476. // get clear text password
  477. wcscpy( pNWLogon->Password, pwch);
  478. } else {
  479. *pNWLogon->Password = L'\0';
  480. }
  482. } else {
  483. *pNWLogon->Password = L'\0';
  484. }
  485. if (ulcsep >= 2) {
  486. // Skip to the domain string
  487. pwch = pwch + wcslen(pwch) + 1;
  489. // get clear text domain
  490. wcscpy( pNWLogon->Domain, pwch);
  491. } else {
  492. *pNWLogon->Domain = L'\0';
  493. }
  495. *pResult = STATUS_SUCCESS;
  496. return( TRUE );
  497. }
  498. else {
  499. DBGPRINT(("RpcServerNWLogonQueryAdmin: zero length data\n"));
  501. // set to username and password to NULL strings
  502. pNWLogon->Password[0] = L'\0';
  503. pNWLogon->Username[0] = L'\0';
  504. pNWLogon->Domain[0] = L'\0';
  506. *pResult = STATUS_SUCCESS;
  507. return( TRUE );
  508. }
  509. }
  511. /*******************************************************************************
  512. *
  513. * CreateSecretInLsa
  514. *
  515. * Create the secret object in the LSA to keep it from prying eyes.
  516. *
  517. * NOTE: There is no need to encode the data since it is RSA encrypted
  518. * by the LSA secret routines.
  519. *
  520. * ENTRY:
  521. * pSecretName (input)
  522. * Secret name to create.
  523. *
  524. * pSecretData (input)
  525. * Data to store in secret
  526. *
  527. * EXIT:
  528. * NTSTATUS
  529. *
  530. ******************************************************************************/
  532. NTSTATUS
  533. CreateSecretInLsa(
  534. PWCHAR pSecretName,
  535. PWCHAR pSecretData
  536. )
  537. {
  538. NTSTATUS Status;
  539. OBJECT_ATTRIBUTES ObjectAttributes;
  540. SECURITY_QUALITY_OF_SERVICE SecurityQualityOfService;
  541. LSA_HANDLE PolicyHandle;
  542. UNICODE_STRING SecretName;
  543. UNICODE_STRING SecretValue;
  544. LSA_HANDLE SecretHandle;
  545. ACCESS_MASK DesiredAccess;
  547. if( pSecretName == NULL ) {
  548. DBGPRINT(("CreateSecretInLsa: NULL SecretName\n"));
  549. return( STATUS_INVALID_PARAMETER );
  550. }
  552. SecurityQualityOfService.Length = sizeof(SECURITY_QUALITY_OF_SERVICE);
  553. SecurityQualityOfService.ImpersonationLevel = SecurityImpersonation;
  554. SecurityQualityOfService.ContextTrackingMode = SECURITY_DYNAMIC_TRACKING;
  555. SecurityQualityOfService.EffectiveOnly = FALSE;
  557. InitializeObjectAttributes(
  558. &ObjectAttributes,
  559. NULL,
  560. 0L,
  561. NULL,
  562. NULL
  563. );
  565. ObjectAttributes.SecurityQualityOfService = &SecurityQualityOfService;
  567. Status = LsaOpenPolicy(
  568. NULL, // SystemName (Local)
  569. &ObjectAttributes,
  570. GENERIC_ALL,
  571. &PolicyHandle
  572. );
  574. if( !NT_SUCCESS(Status) ) {
  575. DBGPRINT(("Error 0x%x Opening Policy\n",Status));
  576. return( Status );
  577. }
  579. RtlInitUnicodeString( &SecretName, pSecretName );
  581. DesiredAccess = GENERIC_ALL;
  583. Status = LsaCreateSecret(
  584. PolicyHandle,
  585. &SecretName,
  586. DesiredAccess,
  587. &SecretHandle
  588. );
  590. // Its OK if the name already exits, we will set a new value or delete
  591. if( Status == STATUS_OBJECT_NAME_COLLISION ) {
  592. TRACE0(("CreateSecretInLsa: Existing Entry, Opening\n"));
  593. Status = LsaOpenSecret(
  594. PolicyHandle,
  595. &SecretName,
  596. DesiredAccess,
  597. &SecretHandle
  598. );
  599. }
  601. if( !NT_SUCCESS(Status) ) {
  602. DBGPRINT(("Error 0x%x Creating Secret\n",Status));
  604. /* makarp; Close Policy Handle in case of LsaCreateSecrete, LsaopenSecret failures. #182787 */
  605. LsaClose( PolicyHandle );
  606. return( Status );
  607. }
  609. TRACE0(("CreateSecretInLsa: Status 0x%x\n",Status));
  611. if ( wcslen(pSecretData) != 0 ){
  612. RtlInitUnicodeString( &SecretValue, pSecretData );
  614. Status = LsaSetSecret( SecretHandle, &SecretValue, NULL );
  616. TRACE0(("CreateSecretInLsa: LsaSetSecret Status 0x%x\n",Status));
  618. LsaClose(SecretHandle);
  619. }
  620. else{
  621. Status = LsaDelete(SecretHandle);
  622. }
  624. LsaClose( PolicyHandle );
  626. return( Status );
  627. }
  629. /*******************************************************************************
  630. *
  631. * QuerySecretInLsa
  632. *
  633. * Query the secret object in the LSA.
  634. *
  635. * ENTRY:
  636. * pSecretName (input)
  637. * Secret name to create.
  638. *
  639. * pSecretData (output)
  640. * Buffer to store secret data.
  641. *
  642. * ByteCount (input)
  643. * Maximum size of buffer to store result.
  644. *
  645. * EXIT:
  646. * NTSTATUS
  647. *
  648. ******************************************************************************/
  650. NTSTATUS
  651. QuerySecretInLsa(
  652. PWCHAR pSecretName,
  653. PWCHAR pSecretData,
  654. DWORD ByteCount
  655. )
  656. {
  657. NTSTATUS Status;
  658. OBJECT_ATTRIBUTES ObjectAttributes;
  659. SECURITY_QUALITY_OF_SERVICE SecurityQualityOfService;
  660. LSA_HANDLE PolicyHandle;
  661. UNICODE_STRING SecretName;
  662. LSA_HANDLE SecretHandle;
  663. ACCESS_MASK DesiredAccess;
  664. LARGE_INTEGER CurrentTime;
  665. PUNICODE_STRING pCurrentValue = NULL;
  667. SecurityQualityOfService.Length = sizeof(SECURITY_QUALITY_OF_SERVICE);
  668. SecurityQualityOfService.ImpersonationLevel = SecurityImpersonation;
  669. SecurityQualityOfService.ContextTrackingMode = SECURITY_DYNAMIC_TRACKING;
  670. SecurityQualityOfService.EffectiveOnly = FALSE;
  672. InitializeObjectAttributes(
  673. &ObjectAttributes,
  674. NULL,
  675. 0L,
  676. NULL,
  677. NULL
  678. );
  680. ObjectAttributes.SecurityQualityOfService = &SecurityQualityOfService;
  682. Status = LsaOpenPolicy(
  683. NULL, // SystemName (Local)
  684. &ObjectAttributes,
  685. GENERIC_ALL,
  686. &PolicyHandle
  687. );
  689. if( !NT_SUCCESS(Status) ) {
  690. DBGPRINT(("Error 0x%x Opening Policy\n",Status));
  691. return( Status );
  692. }
  694. RtlInitUnicodeString( &SecretName, pSecretName );
  696. DesiredAccess = GENERIC_ALL;
  698. Status = LsaOpenSecret(
  699. PolicyHandle,
  700. &SecretName,
  701. DesiredAccess,
  702. &SecretHandle
  703. );
  705. if( !NT_SUCCESS(Status) ) {
  707. /* makarp; Close Policy Handle in case of LsaopenSecret failures. #182787 */
  708. LsaClose( PolicyHandle );
  710. return( Status );
  711. }
  713. Status = LsaQuerySecret(
  714. SecretHandle,
  715. &pCurrentValue,
  716. &CurrentTime,
  717. NULL,
  718. NULL
  719. );
  721. TRACE0(("QuerySecretInLsa: Status 0x%x\n",Status));
  723. if( NT_SUCCESS(Status) ) {
  724. if (pCurrentValue != NULL) {
  725. if( (pCurrentValue->Length+sizeof(WCHAR)) > ByteCount ) {
  726. Status = STATUS_INFO_LENGTH_MISMATCH;
  727. }
  728. else {
  729. RtlMoveMemory( pSecretData, pCurrentValue->Buffer, pCurrentValue->Length );
  730. pSecretData[pCurrentValue->Length/sizeof(WCHAR)] = 0;
  731. }
  732. LsaFreeMemory( pCurrentValue );
  733. } else {
  734. pSecretData[0] = (WCHAR) 0;
  735. }
  737. }
  739. LsaClose(SecretHandle);
  741. LsaClose( PolicyHandle );
  743. TRACE0(("QuerySecretInLsa: Final Status 0x%x\n",Status));
  745. return( Status );
  746. }