archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
3.3 GiB
Tree: 5c6fe3db62
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c6fe3db62'
${ noResults }
windows-server-2003/ds/netapi/svcdlls/logonsrv/server/lsarepl.c

1142 lines
27 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (c) 1987-1996 Microsoft Corporation
  5. Module Name:
  7. lsarepl.c
  9. Abstract:
  11. Low level LSA Replication functions.
  13. Author:
  15. 06-Apr-1992 (madana)
  16. Created for LSA replication.
  18. Environment:
  20. User mode only.
  21. Contains NT-specific code.
  22. Requires ANSI C extensions: slash-slash comments, long external names.
  24. Revision History:
  26. --*/
  28. //
  29. // Common include files.
  30. //
  32. #include "logonsrv.h" // Include files common to entire service
  33. #pragma hdrstop
  35. #include "lsarepl.h"
  38. NTSTATUS
  39. NlPackLsaPolicy(
  40. IN OUT PNETLOGON_DELTA_ENUM Delta,
  41. IN PDB_INFO DBInfo,
  42. IN LPDWORD BufferSize )
  43. /*++
  45. Routine Description:
  47. Pack a description of the LSA policy info into the specified buffer.
  49. Arguments:
  51. Delta: pointer to the delta structure where the new delta will
  52. be returned.
  54. DBInfo: pointer to the database info structure.
  56. BufferSize: size of MIDL buffer that is consumed for this delta is
  57. returned here.
  59. Return Value:
  61. NT status code.
  63. --*/
  64. {
  65. NTSTATUS Status;
  66. ULONG i;
  68. PLSAPR_SR_SECURITY_DESCRIPTOR SecurityDescriptor = NULL;
  70. PLSAPR_POLICY_INFORMATION PolicyAuditLogInfo = NULL;
  71. PLSAPR_POLICY_INFORMATION PolicyAuditEventsInfo = NULL;
  72. PLSAPR_POLICY_INFORMATION PolicyPrimaryDomainInfo = NULL;
  73. PLSAPR_POLICY_INFORMATION PolicyDefaultQuotaInfo = NULL;
  74. PLSAPR_POLICY_INFORMATION PolicyModificationInfo = NULL;
  76. PNETLOGON_DELTA_POLICY DeltaPolicy = NULL;
  78. DEFPACKTIMER;
  79. DEFLSATIMER;
  81. INITPACKTIMER;
  82. INITLSATIMER;
  84. STARTPACKTIMER;
  86. NlPrint((NL_SYNC_MORE, "Packing Policy Object\n"));
  88. *BufferSize = 0;
  90. Delta->DeltaType = AddOrChangeLsaPolicy;
  91. Delta->DeltaUnion.DeltaPolicy = NULL;
  93. QUERY_LSA_SECOBJ_INFO(DBInfo->DBHandle);
  95. STARTLSATIMER;
  97. Status = LsarQueryInformationPolicy(
  98. DBInfo->DBHandle,
  99. PolicyAuditLogInformation,
  100. &PolicyAuditLogInfo);
  102. STOPLSATIMER;
  104. if (!NT_SUCCESS(Status)) {
  105. PolicyAuditLogInfo = NULL;
  106. goto Cleanup;
  107. }
  109. STARTLSATIMER;
  111. Status = LsarQueryInformationPolicy(
  112. DBInfo->DBHandle,
  113. PolicyAuditEventsInformation,
  114. &PolicyAuditEventsInfo);
  116. STOPLSATIMER;
  118. if (!NT_SUCCESS(Status)) {
  119. PolicyAuditEventsInfo = NULL;
  120. goto Cleanup;
  121. }
  123. STARTLSATIMER;
  125. Status = LsarQueryInformationPolicy(
  126. DBInfo->DBHandle,
  127. PolicyPrimaryDomainInformation,
  128. &PolicyPrimaryDomainInfo);
  130. STOPLSATIMER;
  132. if (!NT_SUCCESS(Status)) {
  133. PolicyPrimaryDomainInfo = NULL;
  134. goto Cleanup;
  135. }
  138. STARTLSATIMER;
  140. Status = LsarQueryInformationPolicy(
  141. DBInfo->DBHandle,
  142. PolicyDefaultQuotaInformation,
  143. &PolicyDefaultQuotaInfo);
  145. STOPLSATIMER;
  147. if (!NT_SUCCESS(Status)) {
  148. PolicyDefaultQuotaInfo = NULL;
  149. goto Cleanup;
  150. }
  152. STARTLSATIMER;
  154. Status = LsarQueryInformationPolicy(
  155. DBInfo->DBHandle,
  156. PolicyModificationInformation,
  157. &PolicyModificationInfo);
  159. STOPLSATIMER;
  161. if (!NT_SUCCESS(Status)) {
  162. PolicyModificationInfo = NULL;
  163. goto Cleanup;
  164. }
  166. //
  167. // Fill in the delta structure
  168. //
  170. //
  171. // copy SID info (There is only one policy database. It has no SID).
  172. //
  174. Delta->DeltaID.Sid = NULL;
  176. //
  177. // allocate delta buffer
  178. //
  180. DeltaPolicy = (PNETLOGON_DELTA_POLICY)
  181. MIDL_user_allocate( sizeof(NETLOGON_DELTA_POLICY) );
  183. if( DeltaPolicy == NULL ) {
  185. Status = STATUS_NO_MEMORY;
  186. goto Cleanup;
  187. }
  189. //
  190. // wipe off the buffer so that cleanup will not be in fault.
  191. //
  193. RtlZeroMemory( DeltaPolicy, sizeof(NETLOGON_DELTA_POLICY) );
  194. // INIT_PLACE_HOLDER(DeltaPolicy);
  196. Delta->DeltaUnion.DeltaPolicy = DeltaPolicy;
  197. *BufferSize += sizeof(NETLOGON_DELTA_POLICY);
  199. DeltaPolicy->MaximumLogSize =
  200. PolicyAuditLogInfo->PolicyAuditLogInfo.MaximumLogSize;
  201. DeltaPolicy->AuditRetentionPeriod;
  202. PolicyAuditLogInfo->PolicyAuditLogInfo.AuditRetentionPeriod;
  204. DeltaPolicy->AuditingMode =
  205. PolicyAuditEventsInfo->
  206. PolicyAuditEventsInfo.AuditingMode;
  207. DeltaPolicy->MaximumAuditEventCount =
  208. PolicyAuditEventsInfo->
  209. PolicyAuditEventsInfo.MaximumAuditEventCount;
  211. *BufferSize += NlCopyData(
  212. (LPBYTE *)&(PolicyAuditEventsInfo->
  213. PolicyAuditEventsInfo.EventAuditingOptions),
  214. (LPBYTE *)&(DeltaPolicy->EventAuditingOptions),
  215. (DeltaPolicy->MaximumAuditEventCount + 1) *
  216. sizeof(ULONG));
  218. // Tell the BDC to 'set' these bits and not just 'or' them in to the current ones
  219. for ( i=0; i<DeltaPolicy->MaximumAuditEventCount; i++ ) {
  220. DeltaPolicy->EventAuditingOptions[i] |= POLICY_AUDIT_EVENT_NONE;
  221. }
  223. //
  224. // sanitity check, EventAuditingOptions size is ULONG size.
  225. //
  227. NlAssert(sizeof(*(PolicyAuditEventsInfo->
  228. PolicyAuditEventsInfo.EventAuditingOptions)) ==
  229. sizeof(ULONG) );
  231. *BufferSize += NlCopyUnicodeString(
  232. (PUNICODE_STRING)&PolicyPrimaryDomainInfo->
  233. PolicyPrimaryDomainInfo.Name,
  234. &DeltaPolicy->PrimaryDomainName );
  236. *BufferSize += NlCopyData(
  237. (LPBYTE *)&(PolicyPrimaryDomainInfo->
  238. PolicyPrimaryDomainInfo.Sid),
  239. (LPBYTE *)&(DeltaPolicy->PrimaryDomainSid),
  240. RtlLengthSid((PSID)(PolicyPrimaryDomainInfo->
  241. PolicyPrimaryDomainInfo.Sid) ));
  243. DeltaPolicy->QuotaLimits.PagedPoolLimit =
  244. (ULONG)PolicyDefaultQuotaInfo->PolicyDefaultQuotaInfo.QuotaLimits.PagedPoolLimit;
  245. DeltaPolicy->QuotaLimits.NonPagedPoolLimit =
  246. (ULONG)PolicyDefaultQuotaInfo->PolicyDefaultQuotaInfo.QuotaLimits.NonPagedPoolLimit;
  247. DeltaPolicy->QuotaLimits.MinimumWorkingSetSize =
  248. (ULONG)PolicyDefaultQuotaInfo->PolicyDefaultQuotaInfo.QuotaLimits.MinimumWorkingSetSize;
  249. DeltaPolicy->QuotaLimits.MaximumWorkingSetSize =
  250. (ULONG)PolicyDefaultQuotaInfo->PolicyDefaultQuotaInfo.QuotaLimits.MaximumWorkingSetSize;
  251. DeltaPolicy->QuotaLimits.PagefileLimit =
  252. (ULONG)PolicyDefaultQuotaInfo->PolicyDefaultQuotaInfo.QuotaLimits.PagefileLimit;
  254. NEW_TO_OLD_LARGE_INTEGER(
  255. PolicyDefaultQuotaInfo->PolicyDefaultQuotaInfo.QuotaLimits.TimeLimit,
  256. DeltaPolicy->QuotaLimits.TimeLimit );
  258. NEW_TO_OLD_LARGE_INTEGER(
  259. PolicyModificationInfo->PolicyModificationInfo.ModifiedId,
  260. DeltaPolicy->ModifiedId );
  262. NEW_TO_OLD_LARGE_INTEGER(
  263. PolicyModificationInfo->PolicyModificationInfo.DatabaseCreationTime,
  264. DeltaPolicy->DatabaseCreationTime );
  267. DELTA_SECOBJ_INFO(DeltaPolicy);
  270. //
  271. // All Done
  272. //
  274. Status = STATUS_SUCCESS;
  276. Cleanup:
  278. STARTLSATIMER;
  280. if ( SecurityDescriptor != NULL ) {
  281. LsaIFree_LSAPR_SR_SECURITY_DESCRIPTOR( SecurityDescriptor );
  282. }
  284. if ( PolicyAuditLogInfo != NULL ) {
  285. LsaIFree_LSAPR_POLICY_INFORMATION(
  286. PolicyAuditLogInformation,
  287. PolicyAuditLogInfo );
  288. }
  290. if ( PolicyAuditEventsInfo != NULL ) {
  291. LsaIFree_LSAPR_POLICY_INFORMATION(
  292. PolicyAuditEventsInformation,
  293. PolicyAuditEventsInfo );
  294. }
  296. if ( PolicyPrimaryDomainInfo != NULL ) {
  297. LsaIFree_LSAPR_POLICY_INFORMATION(
  298. PolicyPrimaryDomainInformation,
  299. PolicyPrimaryDomainInfo );
  300. }
  302. if ( PolicyDefaultQuotaInfo != NULL ) {
  303. LsaIFree_LSAPR_POLICY_INFORMATION(
  304. PolicyDefaultQuotaInformation,
  305. PolicyDefaultQuotaInfo );
  306. }
  308. if ( PolicyModificationInfo != NULL ) {
  309. LsaIFree_LSAPR_POLICY_INFORMATION(
  310. PolicyModificationInformation,
  311. PolicyModificationInfo );
  312. }
  314. STOPLSATIMER;
  316. if( !NT_SUCCESS(Status) ) {
  317. NlFreeDBDelta( Delta );
  318. *BufferSize = 0;
  319. }
  322. STOPPACKTIMER;
  324. NlPrint((NL_REPL_OBJ_TIME,"Time taken to pack POLICY object:\n"));
  325. PRINTPACKTIMER;
  326. PRINTLSATIMER;
  328. return(Status);
  329. }
  332. NTSTATUS
  333. NlPackLsaTDomain(
  334. IN PSID Sid,
  335. IN OUT PNETLOGON_DELTA_ENUM Delta,
  336. IN PDB_INFO DBInfo,
  337. IN LPDWORD BufferSize )
  338. /*++
  340. Routine Description:
  342. Pack a description of the specified trusted domain info into the
  343. specified buffer.
  345. Arguments:
  347. Sid - The SID of the trusted domain.
  349. Delta: pointer to the delta structure where the new delta will
  350. be returned.
  352. DBInfo: pointer to the database info structure.
  354. BufferSize: size of MIDL buffer that is consumed for this delta is
  355. returned here.
  357. Return Value:
  359. NT status code.
  361. --*/
  362. {
  363. NTSTATUS Status;
  365. LSAPR_HANDLE TrustedDomainHandle = NULL;
  366. PLSAPR_TRUSTED_DOMAIN_INFO TrustedDomainNameInfo = NULL;
  367. PLSAPR_TRUSTED_DOMAIN_INFO TrustedPosixOffsetInfo = NULL;
  369. PLSAPR_SR_SECURITY_DESCRIPTOR SecurityDescriptor = NULL;
  371. PNETLOGON_DELTA_TRUSTED_DOMAINS DeltaTDomain = NULL;
  373. DWORD i;
  374. DWORD Entries;
  375. DWORD Size = 0;
  376. PLSAPR_UNICODE_STRING UnicodeControllerName;
  378. DEFPACKTIMER;
  379. DEFLSATIMER;
  381. INITPACKTIMER;
  382. INITLSATIMER;
  384. STARTPACKTIMER;
  386. NlPrint((NL_SYNC_MORE, "Packing Trusted Domain Object\n"));
  388. *BufferSize = 0;
  390. Delta->DeltaType = AddOrChangeLsaTDomain;
  391. Delta->DeltaID.Sid = NULL;
  392. Delta->DeltaUnion.DeltaTDomains = NULL;
  394. //
  395. // open trusted domain
  396. //
  398. STARTLSATIMER;
  400. Status = LsarOpenTrustedDomain(
  401. DBInfo->DBHandle,
  402. (PLSAPR_SID)Sid,
  403. 0,
  404. &TrustedDomainHandle );
  406. STOPLSATIMER;
  408. if (!NT_SUCCESS(Status)) {
  409. TrustedDomainHandle = NULL;
  410. goto Cleanup;
  411. }
  413. QUERY_LSA_SECOBJ_INFO(TrustedDomainHandle);
  415. STARTLSATIMER;
  417. Status = LsarQueryInfoTrustedDomain(
  418. TrustedDomainHandle,
  419. TrustedDomainNameInformation,
  420. &TrustedDomainNameInfo );
  422. STOPLSATIMER;
  424. if (!NT_SUCCESS(Status)) {
  425. TrustedDomainNameInfo = NULL;
  426. goto Cleanup;
  427. }
  429. NlPrint((NL_SYNC_MORE,
  430. "\t Trusted Domain Object name %wZ\n",
  431. (PUNICODE_STRING)&TrustedDomainNameInfo->
  432. TrustedDomainNameInfo.Name ));
  434. STARTLSATIMER;
  436. Status = LsarQueryInfoTrustedDomain(
  437. TrustedDomainHandle,
  438. TrustedPosixOffsetInformation,
  439. &TrustedPosixOffsetInfo );
  441. STOPLSATIMER;
  443. if (!NT_SUCCESS(Status)) {
  444. TrustedPosixOffsetInfo = NULL;
  445. goto Cleanup;
  446. }
  448. //
  449. // Fill in the delta structure
  450. //
  452. //
  453. // copy SID info
  454. //
  456. Delta->DeltaID.Sid = MIDL_user_allocate( RtlLengthSid(Sid) );
  459. if( Delta->DeltaID.Sid == NULL ) {
  461. Status = STATUS_NO_MEMORY;
  462. goto Cleanup;
  463. }
  465. RtlCopyMemory( Delta->DeltaID.Sid, Sid, RtlLengthSid(Sid) );
  467. //
  468. // allocate delta buffer
  469. //
  471. DeltaTDomain = (PNETLOGON_DELTA_TRUSTED_DOMAINS)
  472. MIDL_user_allocate( sizeof(NETLOGON_DELTA_TRUSTED_DOMAINS) );
  474. if( DeltaTDomain == NULL ) {
  476. Status = STATUS_NO_MEMORY;
  477. goto Cleanup;
  478. }
  480. //
  481. // wipe off the buffer so that cleanup will not be in fault.
  482. //
  484. RtlZeroMemory( DeltaTDomain, sizeof(NETLOGON_DELTA_TRUSTED_DOMAINS) );
  485. // INIT_PLACE_HOLDER(DeltaTDomain);
  487. Delta->DeltaUnion.DeltaTDomains = DeltaTDomain;
  488. *BufferSize += sizeof(NETLOGON_DELTA_TRUSTED_DOMAINS);
  490. *BufferSize += NlCopyUnicodeString(
  491. (PUNICODE_STRING)&TrustedDomainNameInfo->
  492. TrustedDomainNameInfo.Name,
  493. &DeltaTDomain->DomainName );
  495. DELTA_SECOBJ_INFO(DeltaTDomain);
  497. //
  498. // send Posix Offset info across using place holder.
  499. //
  501. DeltaTDomain->DummyLong1 =
  502. TrustedPosixOffsetInfo->TrustedPosixOffsetInfo.Offset;
  504. //
  505. // All Done
  506. //
  508. Status = STATUS_SUCCESS;
  510. Cleanup:
  512. STARTLSATIMER;
  514. if ( TrustedDomainHandle != NULL ) {
  515. LsarClose( &TrustedDomainHandle );
  516. }
  518. if ( SecurityDescriptor != NULL ) {
  519. LsaIFree_LSAPR_SR_SECURITY_DESCRIPTOR( SecurityDescriptor );
  520. }
  522. if ( TrustedDomainNameInfo != NULL ) {
  523. LsaIFree_LSAPR_TRUSTED_DOMAIN_INFO(
  524. TrustedDomainNameInformation,
  525. TrustedDomainNameInfo );
  526. }
  528. if ( TrustedPosixOffsetInfo != NULL ) {
  529. LsaIFree_LSAPR_TRUSTED_DOMAIN_INFO(
  530. TrustedPosixOffsetInformation,
  531. TrustedPosixOffsetInfo );
  532. }
  534. STOPLSATIMER;
  536. if( !NT_SUCCESS(Status) ) {
  537. NlFreeDBDelta( Delta );
  538. *BufferSize = 0;
  539. }
  541. STOPPACKTIMER;
  543. NlPrint((NL_REPL_OBJ_TIME,"Time taken to pack TDOMAIN object:\n"));
  544. PRINTPACKTIMER;
  545. PRINTLSATIMER;
  547. return(Status);
  548. }
  551. NTSTATUS
  552. NlPackLsaAccount(
  553. IN PSID Sid,
  554. IN OUT PNETLOGON_DELTA_ENUM Delta,
  555. IN PDB_INFO DBInfo,
  556. IN LPDWORD BufferSize,
  557. IN PSESSION_INFO SessionInfo
  558. )
  559. /*++
  561. Routine Description:
  563. Pack a description of the specified LSA account info into the
  564. specified buffer.
  566. Arguments:
  568. Sid - The SID of the LSA account.
  570. Delta: pointer to the delta structure where the new delta will
  571. be returned.
  573. DBInfo: pointer to the database info structure.
  575. BufferSize: size of MIDL buffer that is consumed for this delta is
  576. returned here.
  578. SessionInfo: Info describing BDC that's calling us
  580. Return Value:
  582. NT status code.
  584. --*/
  585. {
  586. NTSTATUS Status;
  588. PLSAPR_SR_SECURITY_DESCRIPTOR SecurityDescriptor = NULL;
  590. PNETLOGON_DELTA_ACCOUNTS DeltaAccount = NULL;
  591. LSAPR_HANDLE AccountHandle = NULL;
  593. PLSAPR_PRIVILEGE_SET Privileges = NULL;
  594. ULONG SystemAccessFlags;
  596. PULONG PrivilegeAttributes;
  597. PUNICODE_STRING PrivilegeNames;
  598. LUID MachineAccountPrivilegeLuid;
  599. DWORD CopiedPrivilegeCount;
  601. DWORD i;
  602. DWORD Size;
  604. DEFPACKTIMER;
  605. DEFLSATIMER;
  607. INITPACKTIMER;
  608. INITLSATIMER;
  610. STARTPACKTIMER;
  612. NlPrint((NL_SYNC_MORE, "Packing Lsa Account Object\n"));
  614. *BufferSize = 0;
  615. MachineAccountPrivilegeLuid = RtlConvertLongToLuid(SE_MACHINE_ACCOUNT_PRIVILEGE);
  617. Delta->DeltaType = AddOrChangeLsaAccount;
  618. Delta->DeltaID.Sid = NULL;
  619. Delta->DeltaUnion.DeltaAccounts = NULL;
  621. //
  622. // open lsa account
  623. //
  625. STARTLSATIMER;
  627. Status = LsarOpenAccount(
  628. DBInfo->DBHandle,
  629. (PLSAPR_SID)Sid,
  630. 0,
  631. &AccountHandle );
  633. STOPLSATIMER;
  635. if (!NT_SUCCESS(Status)) {
  636. AccountHandle = NULL;
  637. goto Cleanup;
  638. }
  640. QUERY_LSA_SECOBJ_INFO(AccountHandle);
  642. STARTLSATIMER;
  644. Status = LsarEnumeratePrivilegesAccount(
  645. AccountHandle,
  646. &Privileges );
  648. STOPLSATIMER;
  650. if (!NT_SUCCESS(Status)) {
  651. Privileges = NULL;
  652. goto Cleanup;
  653. }
  655. STARTLSATIMER;
  657. Status = LsarGetSystemAccessAccount(
  658. AccountHandle,
  659. &SystemAccessFlags );
  661. STOPLSATIMER;
  663. if (!NT_SUCCESS(Status)) {
  664. goto Cleanup;
  665. }
  667. //
  668. // Fill in the delta structure
  669. //
  671. //
  672. // copy SID info
  673. //
  675. Delta->DeltaID.Sid = MIDL_user_allocate( RtlLengthSid(Sid) );
  678. if( Delta->DeltaID.Sid == NULL ) {
  680. Status = STATUS_NO_MEMORY;
  681. goto Cleanup;
  682. }
  684. RtlCopyMemory( Delta->DeltaID.Sid, Sid, RtlLengthSid(Sid) );
  686. //
  687. // allocate delta buffer
  688. //
  690. DeltaAccount = (PNETLOGON_DELTA_ACCOUNTS)
  691. MIDL_user_allocate( sizeof(NETLOGON_DELTA_ACCOUNTS) );
  693. if( DeltaAccount == NULL ) {
  695. Status = STATUS_NO_MEMORY;
  696. goto Cleanup;
  697. }
  699. //
  700. // wipe off the buffer so that cleanup will not be in fault.
  701. //
  703. RtlZeroMemory( DeltaAccount, sizeof(NETLOGON_DELTA_ACCOUNTS) );
  704. // INIT_PLACE_HOLDER(DeltaAccount);
  706. Delta->DeltaUnion.DeltaAccounts = DeltaAccount;
  707. *BufferSize += sizeof(NETLOGON_DELTA_ACCOUNTS);
  709. DeltaAccount->PrivilegeControl = Privileges->Control;
  711. DeltaAccount->PrivilegeEntries = 0;
  712. DeltaAccount->PrivilegeAttributes = NULL;
  713. DeltaAccount->PrivilegeNames = NULL;
  715. Size = Privileges->PrivilegeCount * sizeof(ULONG);
  717. PrivilegeAttributes = MIDL_user_allocate( Size );
  719. if( PrivilegeAttributes == NULL ) {
  721. Status = STATUS_NO_MEMORY;
  722. goto Cleanup;
  723. }
  725. DeltaAccount->PrivilegeAttributes = PrivilegeAttributes;
  726. *BufferSize += Size;
  728. Size = Privileges->PrivilegeCount * sizeof(UNICODE_STRING);
  730. PrivilegeNames = MIDL_user_allocate( Size );
  732. if( PrivilegeNames == NULL ) {
  734. Status = STATUS_NO_MEMORY;
  735. goto Cleanup;
  736. }
  738. DeltaAccount->PrivilegeNames = PrivilegeNames;
  739. *BufferSize += Size;
  741. //
  742. // now fill up Privilege Attributes and Names
  743. //
  745. CopiedPrivilegeCount = 0;
  746. for( i = 0; i < Privileges->PrivilegeCount; i++ ) {
  748. //
  749. // Don't replicate SeMachineAccount privilege to NT 3.1. It can't handle it.
  750. // (Use the SUPPORTS_ACCOUNT_LOCKOUT bit so we don't have to consume
  751. // another bit.)
  752. //
  753. if ( (SessionInfo->NegotiatedFlags & NETLOGON_SUPPORTS_ACCOUNT_LOCKOUT) ||
  754. (!RtlEqualLuid((PLUID)(&Privileges->Privilege[i].Luid),
  755. &MachineAccountPrivilegeLuid ))) {
  757. PLSAPR_UNICODE_STRING PrivName = NULL;
  759. *PrivilegeAttributes = Privileges->Privilege[i].Attributes;
  762. //
  763. // convert LUID to Name
  764. //
  766. STARTLSATIMER;
  768. Status = LsarLookupPrivilegeName(
  769. DBInfo->DBHandle,
  770. (PLUID)&Privileges->Privilege[i].Luid,
  771. &PrivName );
  773. STOPLSATIMER;
  775. if (!NT_SUCCESS(Status)) {
  776. goto Cleanup;
  777. }
  779. *BufferSize += NlCopyUnicodeString(
  780. (PUNICODE_STRING)PrivName,
  781. PrivilegeNames );
  783. LsaIFree_LSAPR_UNICODE_STRING( PrivName );
  784. CopiedPrivilegeCount ++;
  785. PrivilegeAttributes++;
  786. PrivilegeNames++;
  787. } else {
  788. NlPrint((NL_SYNC_MORE,
  789. "NlPackLsaAccount: ignored privilege %ld %ld\n",
  790. (PLUID) LongToPtr( (&Privileges->Privilege[i].Luid)->HighPart ),
  791. (PLUID) ULongToPtr( (&Privileges->Privilege[i].Luid)->LowPart ) ));
  792. }
  793. }
  794. DeltaAccount->PrivilegeEntries = CopiedPrivilegeCount;
  796. //
  797. // Send only those bits that NT4.0 BDC understands.
  798. // Otherwise, it will choke on it.
  799. //
  800. DeltaAccount->SystemAccessFlags = SystemAccessFlags & POLICY_MODE_ALL_NT4;
  802. DELTA_SECOBJ_INFO(DeltaAccount);
  804. //
  805. // All Done
  806. //
  808. Status = STATUS_SUCCESS;
  810. Cleanup:
  812. STARTLSATIMER;
  814. if ( AccountHandle != NULL ) {
  815. LsarClose( &AccountHandle );
  816. }
  818. if ( SecurityDescriptor != NULL ) {
  819. LsaIFree_LSAPR_SR_SECURITY_DESCRIPTOR( SecurityDescriptor );
  820. }
  822. if ( Privileges != NULL ) {
  823. LsaIFree_LSAPR_PRIVILEGE_SET( Privileges );
  824. }
  826. STOPLSATIMER;
  828. if( !NT_SUCCESS(Status) ) {
  829. NlFreeDBDelta( Delta );
  830. *BufferSize = 0;
  831. }
  833. STOPPACKTIMER;
  835. NlPrint((NL_REPL_OBJ_TIME,"Time taken to pack LSAACCOUNT object:\n"));
  836. PRINTPACKTIMER;
  837. PRINTLSATIMER;
  839. return(Status);
  841. }
  845. NTSTATUS
  846. NlPackLsaSecret(
  847. IN PUNICODE_STRING Name,
  848. IN OUT PNETLOGON_DELTA_ENUM Delta,
  849. IN PDB_INFO DBInfo,
  850. IN LPDWORD BufferSize,
  851. IN PSESSION_INFO SessionInfo
  852. )
  853. /*++
  855. Routine Description:
  857. Pack a description of the specified LSA secret info into the
  858. specified buffer.
  860. Arguments:
  862. Name - Name of the secret.
  864. Delta: pointer to the delta structure where the new delta will
  865. be returned.
  867. DBInfo: pointer to the database info structure.
  869. BufferSize: size of MIDL buffer that is consumed for this delta is
  870. returned here.
  872. SessionInfo: Information shared between BDC and PDC
  874. Return Value:
  876. NT status code.
  878. --*/
  879. {
  880. NTSTATUS Status;
  882. PLSAPR_SR_SECURITY_DESCRIPTOR SecurityDescriptor = NULL;
  884. LSAPR_HANDLE SecretHandle = NULL;
  886. PNETLOGON_DELTA_SECRET DeltaSecret = NULL;
  888. PLSAPR_CR_CIPHER_VALUE CurrentValue = NULL;
  889. PLSAPR_CR_CIPHER_VALUE OldValue = NULL;
  890. LARGE_INTEGER CurrentValueSetTime;
  891. LARGE_INTEGER OldValueSetTime;
  893. DEFPACKTIMER;
  894. DEFLSATIMER;
  896. INITPACKTIMER;
  897. INITLSATIMER;
  899. STARTPACKTIMER;
  901. NlPrint((NL_SYNC_MORE, "Packing Secret Object: %wZ\n", Name));
  903. //
  904. // we should be packing only GLOBAL secrets
  905. //
  907. NlAssert(
  908. (Name->Length / sizeof(WCHAR) >
  909. LSA_GLOBAL_SECRET_PREFIX_LENGTH ) &&
  910. (_wcsnicmp( Name->Buffer,
  911. LSA_GLOBAL_SECRET_PREFIX,
  912. LSA_GLOBAL_SECRET_PREFIX_LENGTH ) == 0) );
  914. *BufferSize = 0;
  916. Delta->DeltaType = AddOrChangeLsaSecret;
  917. Delta->DeltaID.Name = NULL;
  918. Delta->DeltaUnion.DeltaPolicy = NULL;
  920. //
  921. // open lsa account
  922. //
  924. STARTLSATIMER;
  926. Status = LsarOpenSecret(
  927. DBInfo->DBHandle,
  928. (PLSAPR_UNICODE_STRING)Name,
  929. 0,
  930. &SecretHandle );
  932. STOPLSATIMER;
  934. if (!NT_SUCCESS(Status)) {
  935. SecretHandle = NULL;
  936. goto Cleanup;
  937. }
  939. QUERY_LSA_SECOBJ_INFO(SecretHandle);
  941. STARTLSATIMER;
  943. Status = LsarQuerySecret(
  944. SecretHandle,
  945. &CurrentValue,
  946. &CurrentValueSetTime,
  947. &OldValue,
  948. &OldValueSetTime );
  950. STOPLSATIMER;
  952. if (!NT_SUCCESS(Status)) {
  953. CurrentValue = NULL;
  954. OldValue = NULL;
  955. goto Cleanup;
  956. }
  958. //
  959. // Fill in the delta structure
  960. //
  962. //
  963. // copy ID field
  964. //
  966. Delta->DeltaID.Name =
  967. MIDL_user_allocate( Name->Length + sizeof(WCHAR) );
  969. if( Delta->DeltaID.Name == NULL ) {
  971. Status = STATUS_NO_MEMORY;
  972. goto Cleanup;
  973. }
  975. wcsncpy( Delta->DeltaID.Name,
  976. Name->Buffer,
  977. Name->Length / sizeof(WCHAR) );
  979. //
  980. // terminate string
  981. //
  983. Delta->DeltaID.Name[ Name->Length / sizeof(WCHAR) ] = L'\0';
  986. DeltaSecret = (PNETLOGON_DELTA_SECRET)
  987. MIDL_user_allocate( sizeof(NETLOGON_DELTA_SECRET) );
  989. if( DeltaSecret == NULL ) {
  990. Status = STATUS_NO_MEMORY;
  991. goto Cleanup;
  992. }
  994. //
  995. // wipe off the buffer so that cleanup will not be in fault.
  996. //
  998. RtlZeroMemory( DeltaSecret, sizeof(NETLOGON_DELTA_SECRET) );
  999. // INIT_PLACE_HOLDER(DeltaSecret);
  1001. Delta->DeltaUnion.DeltaSecret = DeltaSecret;
  1002. *BufferSize += sizeof(NETLOGON_DELTA_SECRET);
  1004. NEW_TO_OLD_LARGE_INTEGER(
  1005. CurrentValueSetTime,
  1006. DeltaSecret->CurrentValueSetTime );
  1008. NEW_TO_OLD_LARGE_INTEGER(
  1009. OldValueSetTime,
  1010. DeltaSecret->OldValueSetTime );
  1012. if( CurrentValue != NULL && CurrentValue->Buffer != NULL && CurrentValue->Length != 0) {
  1014. //
  1015. // Copy the secret into an allocated buffer and encrypt it in place.
  1016. // Don't use the LSA's buffer since it a ALLOCATE_ALL_NODES.
  1017. //
  1019. DeltaSecret->CurrentValue.Buffer =
  1020. MIDL_user_allocate( CurrentValue->Length );
  1022. if( DeltaSecret->CurrentValue.Buffer == NULL ) {
  1023. Status = STATUS_NO_MEMORY;
  1024. goto Cleanup;
  1025. }
  1027. DeltaSecret->CurrentValue.Length =
  1028. DeltaSecret->CurrentValue.MaximumLength = CurrentValue->Length;
  1029. RtlCopyMemory( DeltaSecret->CurrentValue.Buffer,
  1030. CurrentValue->Buffer,
  1031. CurrentValue->Length );
  1034. //
  1035. // secret values are encrypted using session keys.
  1036. //
  1038. Status = NlEncryptSensitiveData(
  1039. (PCRYPT_BUFFER) &DeltaSecret->CurrentValue,
  1040. SessionInfo );
  1042. if (!NT_SUCCESS(Status)) {
  1043. goto Cleanup;
  1044. }
  1046. } else {
  1048. DeltaSecret->CurrentValue.Length = 0;
  1049. DeltaSecret->CurrentValue.MaximumLength = 0;
  1050. DeltaSecret->CurrentValue.Buffer = NULL;
  1051. }
  1053. *BufferSize += DeltaSecret->CurrentValue.MaximumLength;
  1055. if( OldValue != NULL && OldValue->Buffer != NULL && OldValue->Length != 0 ) {
  1057. //
  1058. // Copy the secret into an allocated buffer and encrypt it in place.
  1059. // Don't use the LSA's buffer since it a ALLOCATE_ALL_NODES.
  1060. //
  1062. DeltaSecret->OldValue.Buffer =
  1063. MIDL_user_allocate( OldValue->Length );
  1065. if( DeltaSecret->OldValue.Buffer == NULL ) {
  1066. Status = STATUS_NO_MEMORY;
  1067. goto Cleanup;
  1068. }
  1070. DeltaSecret->OldValue.Length =
  1071. DeltaSecret->OldValue.MaximumLength = OldValue->Length;
  1072. RtlCopyMemory( DeltaSecret->OldValue.Buffer,
  1073. OldValue->Buffer,
  1074. OldValue->Length );
  1077. //
  1078. // secret values are encrypted using session keys.
  1079. //
  1081. Status = NlEncryptSensitiveData(
  1082. (PCRYPT_BUFFER) &DeltaSecret->OldValue,
  1083. SessionInfo );
  1085. if (!NT_SUCCESS(Status)) {
  1086. goto Cleanup;
  1087. }
  1089. } else {
  1091. DeltaSecret->OldValue.Length = 0;
  1092. DeltaSecret->OldValue.MaximumLength = 0;
  1093. DeltaSecret->OldValue.Buffer = NULL;
  1094. }
  1096. *BufferSize += DeltaSecret->OldValue.MaximumLength;
  1098. DELTA_SECOBJ_INFO(DeltaSecret);
  1100. //
  1101. // All Done
  1102. //
  1104. Status = STATUS_SUCCESS;
  1106. Cleanup:
  1108. STARTLSATIMER;
  1110. if ( SecretHandle != NULL ) {
  1111. LsarClose( &SecretHandle );
  1112. }
  1114. if ( SecurityDescriptor != NULL ) {
  1115. LsaIFree_LSAPR_SR_SECURITY_DESCRIPTOR( SecurityDescriptor );
  1116. }
  1118. if( CurrentValue != NULL ) {
  1119. LsaIFree_LSAPR_CR_CIPHER_VALUE( CurrentValue );
  1120. }
  1122. if( OldValue != NULL ) {
  1123. LsaIFree_LSAPR_CR_CIPHER_VALUE( OldValue );
  1124. }
  1126. STOPLSATIMER;
  1128. if( !NT_SUCCESS(Status) ) {
  1129. NlFreeDBDelta( Delta );
  1130. *BufferSize = 0;
  1131. }
  1133. STOPPACKTIMER;
  1135. NlPrint((NL_REPL_OBJ_TIME,"Time taken to pack SECRET object:\n"));
  1136. PRINTPACKTIMER;
  1137. PRINTLSATIMER;
  1139. return(Status);
  1141. }