archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 5c6fe3db62
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c6fe3db62'
${ noResults }
windows-server-2003/ds/security/base/lsa/server/dspolicy/dbnotify.c

729 lines
18 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (c) 1997 Microsoft Corporation
  5. Module Name:
  7. dbnotify.c
  9. Abstract:
  11. Implemntation of the LSA routines for notifying in processes callers when data changes
  13. Author:
  15. Mac McLain (MacM) May 22, 1997
  17. Environment:
  19. User Mode
  21. Revision History:
  23. --*/
  24. #include <lsapch2.h>
  25. #include <dbp.h>
  27. //
  28. // Global notification list
  29. //
  30. LSAP_POLICY_NOTIFICATION_LIST LsaPolicyChangeNotificationList[ PolicyNotifyMachineAccountPasswordInformation + 1 ];
  31. SAFE_RESOURCE LsaPolicyChangeNotificationLock;
  33. #define LSAP_NOTIFY_MAXIMUM_PER_CLASS 1000
  35. //
  36. // Local prototypes
  37. //
  38. DWORD
  39. WINAPI LsapNotifyChangeNotificationThread(
  40. LPVOID Parameter
  41. );
  44. NTSTATUS
  45. LsapInitializeNotifiyList(
  46. VOID
  47. )
  48. /*++
  50. Routine Description:
  52. Intializes the list of policy notification lists
  55. Arguments:
  57. VOID
  60. Return Value:
  62. VOID
  64. --*/
  65. {
  66. ULONG i;
  67. NTSTATUS Status ;
  69. for ( i = 0;
  70. i < sizeof( LsaPolicyChangeNotificationList ) / sizeof( LSAP_POLICY_NOTIFICATION_LIST );
  71. i++ ) {
  73. InitializeListHead( &( LsaPolicyChangeNotificationList[ i ].List ) );
  74. LsaPolicyChangeNotificationList[ i ].Callbacks = 0;
  75. }
  77. try
  78. {
  79. SafeInitializeResource( &LsaPolicyChangeNotificationLock, ( DWORD )POLICY_CHANGE_NOTIFICATION_LOCK_ENUM );
  80. Status = STATUS_SUCCESS ;
  81. }
  82. except ( EXCEPTION_EXECUTE_HANDLER )
  83. {
  84. Status = GetExceptionCode();
  85. }
  87. return Status ;
  88. }
  91. NTSTATUS
  92. LsapNotifyAddCallbackToList(
  93. IN PLSAP_POLICY_NOTIFICATION_LIST List,
  94. IN OPTIONAL pfLsaPolicyChangeNotificationCallback Callback,
  95. IN OPTIONAL HANDLE NotificationEvent,
  96. IN OPTIONAL ULONG OwnerProcess,
  97. IN OPTIONAL HANDLE OwnerEvent
  98. )
  99. /*++
  101. Routine Description:
  103. This function inserts a new callback node into the existing list.
  105. Arguments:
  107. List -- Existing list
  109. Callback -- Callback function pointer. Can be NULL if NotificationEvent is provided
  111. NotificationEvent - Handle to an event to be signalled for notification. Can be NULL if
  112. Callback is provided.
  115. Return Value:
  117. STATUS_SUCCESS -- Success
  119. STATUS_INSUFFICIENT_RESOURCES -- A memory allocation failed.
  121. --*/
  122. {
  123. NTSTATUS Status = STATUS_SUCCESS;
  124. PLSAP_POLICY_NOTIFICATION_ENTRY NewEntry = NULL;
  126. NewEntry = LsapAllocateLsaHeap( sizeof( LSAP_POLICY_NOTIFICATION_ENTRY ) );
  128. if ( !NewEntry ) {
  130. return STATUS_INSUFFICIENT_RESOURCES;
  131. }
  133. if ( !SafeAcquireResourceExclusive( &LsaPolicyChangeNotificationLock, TRUE ) ) {
  135. LsapFreeLsaHeap( NewEntry );
  136. return( STATUS_UNSUCCESSFUL );
  137. }
  139. if ( List->Callbacks < LSAP_NOTIFY_MAXIMUM_PER_CLASS ) {
  141. InsertTailList( &List->List, &NewEntry->List );
  143. NewEntry->NotificationCallback = Callback;
  144. NewEntry->NotificationEvent = NotificationEvent;
  145. NewEntry->HandleInvalid = FALSE;
  146. NewEntry->OwnerProcess = OwnerProcess;
  147. NewEntry->OwnerEvent = OwnerEvent;
  149. List->Callbacks++;
  150. }
  152. SafeReleaseResource( &LsaPolicyChangeNotificationLock );
  154. return( Status );
  155. }
  158. NTSTATUS
  159. LsapNotifyRemoveCallbackFromList(
  160. IN PLSAP_POLICY_NOTIFICATION_LIST List,
  161. IN OPTIONAL pfLsaPolicyChangeNotificationCallback Callback,
  162. IN OPTIONAL ULONG OwnerProcess,
  163. IN OPTIONAL HANDLE OwnerEvent
  164. )
  165. /*++
  167. Routine Description:
  169. This function inserts a new callback node into the existing list.
  171. Arguments:
  173. List -- Existing list
  175. Callback -- Callback function pointer. Can be NULL if a notification event is provided
  177. NotificationEvent -- Notification event handle to be revomed. Can be NULL if a callback
  178. is provided
  181. Return Value:
  183. STATUS_SUCCESS -- Success
  185. STATUS_NOT_FOUND -- The supplied callback was not found in the specified list
  187. --*/
  188. {
  189. NTSTATUS Status = STATUS_NOT_FOUND;
  190. ULONG i;
  191. PLSAP_POLICY_NOTIFICATION_ENTRY Entry;
  193. if ( !SafeAcquireResourceExclusive( &LsaPolicyChangeNotificationLock, TRUE ) ) {
  195. return( STATUS_UNSUCCESSFUL );
  196. }
  198. Entry = (PLSAP_POLICY_NOTIFICATION_ENTRY)List->List.Flink;
  200. for ( i = 0; i < List->Callbacks; i++ ) {
  202. if ( Entry->NotificationCallback == Callback &&
  203. Entry->OwnerProcess == OwnerProcess &&
  204. Entry->OwnerEvent == OwnerEvent ) {
  206. List->Callbacks--;
  207. RemoveEntryList( &Entry->List );
  209. if ( Entry->NotificationEvent != NULL &&
  210. Entry->NotificationEvent != INVALID_HANDLE_VALUE ) {
  212. NtClose( Entry->NotificationEvent );
  213. }
  215. LsapFreeLsaHeap( Entry );
  216. Status = STATUS_SUCCESS;
  217. break;
  218. }
  220. Entry = (PLSAP_POLICY_NOTIFICATION_ENTRY)Entry->List.Flink;
  221. }
  223. SafeReleaseResource( &LsaPolicyChangeNotificationLock );
  225. return( Status );
  226. }
  229. NTSTATUS
  230. LsaINotifyChangeNotification(
  231. IN POLICY_NOTIFICATION_INFORMATION_CLASS InfoClass
  232. )
  233. /*++
  235. Routine Description:
  237. This function processes a notification list by making the appropriate
  238. callback calls when a policy object has changed
  240. Arguments:
  242. InfoClass -- Policy information that has changed
  245. Return Value:
  247. STATUS_SUCCESS -- Success
  249. STATUS_UNSUCCESSFUL -- Failed to lock the list for access
  251. --*/
  252. {
  253. NTSTATUS Status = STATUS_SUCCESS;
  255. ASSERT( InfoClass <=
  256. sizeof( LsaPolicyChangeNotificationList ) / sizeof( LSAP_POLICY_NOTIFICATION_LIST ) );
  258. if ( LsaIRegisterNotification( LsapNotifyChangeNotificationThread,
  259. ( PVOID ) InfoClass,
  260. NOTIFIER_TYPE_IMMEDIATE,
  261. 0,
  262. NOTIFIER_FLAG_ONE_SHOT,
  263. 0,
  264. 0 ) == NULL ) {
  266. Status = STATUS_INSUFFICIENT_RESOURCES;
  267. }
  269. return( Status );
  270. }
  273. DWORD
  274. WINAPI
  275. LsapNotifyChangeNotificationThread(
  276. LPVOID Parameter
  277. )
  278. /*++
  280. Routine Description:
  282. This function processes a notification list by making the appropriate
  283. callback calls when a policy object has changed
  285. Arguments:
  287. Parameter -- Policy information that has changed
  290. Return Value:
  292. STATUS_SUCCESS -- Success
  294. STATUS_UNSUCCESSFUL -- Failed to lock the list for access
  296. --*/
  297. {
  298. NTSTATUS Status = STATUS_SUCCESS;
  300. ULONG i;
  301. POLICY_NOTIFICATION_INFORMATION_CLASS InfoClass =
  302. ( POLICY_NOTIFICATION_INFORMATION_CLASS ) ( ( ULONG_PTR ) Parameter );
  303. PLSAP_POLICY_NOTIFICATION_ENTRY Entry;
  305. ASSERT( InfoClass <=
  306. sizeof( LsaPolicyChangeNotificationList ) / sizeof( LSAP_POLICY_NOTIFICATION_LIST ) );
  308. if ( !SafeAcquireResourceShared( &LsaPolicyChangeNotificationLock, TRUE ) ) {
  310. return STATUS_UNSUCCESSFUL;
  311. }
  313. Entry = (PLSAP_POLICY_NOTIFICATION_ENTRY)LsaPolicyChangeNotificationList[ InfoClass ].List.Flink;
  315. for ( i = 0; i < LsaPolicyChangeNotificationList[ InfoClass ].Callbacks; i++ ) {
  317. ASSERT( Entry->NotificationCallback || Entry->NotificationEvent );
  319. if ( Entry->NotificationCallback ) {
  321. (*Entry->NotificationCallback)( InfoClass );
  323. } else if ( Entry->NotificationEvent ) {
  325. if ( !Entry->HandleInvalid ) {
  327. Status = NtSetEvent( Entry->NotificationEvent, NULL );
  329. if ( Status == STATUS_INVALID_HANDLE ) {
  331. Entry->HandleInvalid = TRUE;
  332. }
  333. }
  335. } else {
  337. LsapDsDebugOut(( DEB_ERROR,
  338. "NULL callback found for info level %lu\n",
  339. InfoClass ));
  340. }
  342. Entry = (PLSAP_POLICY_NOTIFICATION_ENTRY)Entry->List.Flink;
  343. }
  345. SafeReleaseResource( &LsaPolicyChangeNotificationLock );
  347. return( Status );
  348. }
  351. NTSTATUS
  352. LsaIRegisterPolicyChangeNotificationCallback(
  353. IN pfLsaPolicyChangeNotificationCallback Callback,
  354. IN POLICY_NOTIFICATION_INFORMATION_CLASS MonitorInfoClass
  355. )
  356. /*++
  358. Routine Description:
  360. This function registers a callback with the Lsa server such that a change to the
  361. specified policy items results in the callback being called. These callbacks are
  362. informational only, such that a client must return instantly, not doing an Lsa
  363. calls in their callback.
  365. Multiple callbacks can be specified for the same policy information.
  367. Arguments:
  369. Callback -- Callback function pointer.
  371. MonitorInfoClass -- Policy information to watch for
  374. Return Value:
  376. STATUS_SUCCESS -- Success
  378. STATUS_INVALID_PARAMETER -- A bad callback pointer was specified
  380. STATUS_UNSUCCESSFUL -- Failed to lock the list for access
  382. --*/
  383. {
  384. NTSTATUS Status = STATUS_SUCCESS;
  386. if ( !Callback ) {
  388. return STATUS_INVALID_PARAMETER;
  389. }
  391. if ( !SafeAcquireResourceExclusive( &LsaPolicyChangeNotificationLock, TRUE ) ) {
  393. return STATUS_UNSUCCESSFUL;
  394. }
  396. ASSERT( MonitorInfoClass <=
  397. sizeof( LsaPolicyChangeNotificationList ) /
  398. sizeof( LSAP_POLICY_NOTIFICATION_LIST ) );
  400. Status = LsapNotifyAddCallbackToList(
  401. &LsaPolicyChangeNotificationList[ MonitorInfoClass ],
  402. Callback,
  403. NULL, 0, NULL );
  405. LsapDsDebugOut(( DEB_NOTIFY,
  406. "Insertion of callback 0x%lx for %lu returned 0x%lx\n",
  407. Callback,
  408. MonitorInfoClass,
  409. Status ));
  411. SafeReleaseResource( &LsaPolicyChangeNotificationLock );
  413. return( Status );
  414. }
  417. NTSTATUS
  418. LsaIUnregisterPolicyChangeNotificationCallback(
  419. IN pfLsaPolicyChangeNotificationCallback Callback,
  420. IN POLICY_NOTIFICATION_INFORMATION_CLASS MonitorInfoClass
  421. )
  422. /*++
  424. Routine Description:
  426. This function unregisters a callback from the Lsa server such that a change to the
  427. specified policy items do not result in a call to the client callback function.
  429. Arguments:
  431. Callback -- Callback function pointer to remove.
  433. MonitorInfoClass -- Policy information to remove the callback for
  436. Return Value:
  438. STATUS_SUCCESS -- Success
  440. STATUS_INVALID_PARAMETER -- A bad callback pointer was specified
  442. STATUS_UNSUCCESSFUL -- Failed to lock the list for access
  444. --*/
  445. {
  446. NTSTATUS Status = STATUS_SUCCESS;
  448. if ( !Callback ) {
  450. return STATUS_INVALID_PARAMETER;
  451. }
  453. if ( !SafeAcquireResourceExclusive( &LsaPolicyChangeNotificationLock, TRUE ) ) {
  455. return STATUS_UNSUCCESSFUL;
  456. }
  458. Status = LsapNotifyRemoveCallbackFromList(
  459. &LsaPolicyChangeNotificationList[ MonitorInfoClass ],
  460. Callback,
  461. 0, NULL );
  463. LsapDsDebugOut(( DEB_NOTIFY,
  464. "Removal of callback 0x%lx for %lu returned 0x%lx\n",
  465. Callback,
  466. MonitorInfoClass,
  467. Status ));
  469. SafeReleaseResource( &LsaPolicyChangeNotificationLock );
  471. return( Status );
  472. }
  475. NTSTATUS
  476. LsaIUnregisterAllPolicyChangeNotificationCallback(
  477. IN pfLsaPolicyChangeNotificationCallback Callback
  478. )
  479. /*++
  481. Routine Description:
  483. This function unregisters the specified callback function from all associated policy.
  484. This function is the equivalent of calling LsaIUnregisterPolicyChangeNotificationCallback
  485. for each InfoClass that was being watched.
  487. Arguments:
  489. Callback -- Callback function pointer to remove.
  491. Return Value:
  493. STATUS_SUCCESS -- Success
  495. STATUS_INVALID_PARAMETER -- A bad callback pointer was specified
  497. STATUS_UNSUCCESSFUL -- Failed to lock the list for access
  499. STATUS_NOT_FOUND -- No matching entries were found
  501. --*/
  502. {
  503. NTSTATUS Status = STATUS_SUCCESS;
  504. ULONG i, Removed = 0;
  506. if ( !Callback ) {
  508. return STATUS_INVALID_PARAMETER;
  509. }
  511. if ( !SafeAcquireResourceExclusive( &LsaPolicyChangeNotificationLock, TRUE ) ) {
  513. return STATUS_UNSUCCESSFUL;
  514. }
  516. Removed = 0;
  518. for ( i = 0;
  519. i < sizeof( LsaPolicyChangeNotificationList ) /
  520. sizeof( LSAP_POLICY_NOTIFICATION_LIST ) && NT_SUCCESS( Status );
  521. i++ ) {
  523. Status = LsapNotifyRemoveCallbackFromList(
  524. &LsaPolicyChangeNotificationList[ i ],
  525. Callback,
  526. 0, NULL );
  528. LsapDsDebugOut(( DEB_NOTIFY,
  529. "Removal of callback 0x%lx for %lu returned 0x%lx\n",
  530. Callback,
  531. i,
  532. Status ));
  534. if ( Status == STATUS_NOT_FOUND ) {
  536. Status = STATUS_SUCCESS;
  538. } else if ( Status == STATUS_SUCCESS ) {
  540. Removed++;
  541. }
  542. }
  544. SafeReleaseResource( &LsaPolicyChangeNotificationLock );
  546. //
  547. // Make sure we removed at least one
  548. //
  550. if ( NT_SUCCESS( Status ) ) {
  552. if ( Removed == 0 ) {
  554. Status = STATUS_NOT_FOUND;
  555. }
  556. }
  558. return( Status );
  559. }
  562. NTSTATUS
  563. LsapNotifyProcessNotificationEvent(
  564. IN POLICY_NOTIFICATION_INFORMATION_CLASS InformationClass,
  565. IN HANDLE NotificationEvent,
  566. IN ULONG OwnerProcess,
  567. IN HANDLE OwnerEventHandle,
  568. IN BOOLEAN Register
  569. )
  570. /*++
  572. Routine Description:
  574. This function registers / unregisters the specified Notification event handle for the
  575. specified information class
  577. Arguments:
  579. InformationClass -- Information class to add/remove the notification for
  581. NotificationEvent -- Event handle to register/deregister
  583. Register -- If TRUE, the event is being registered. If FALSE, it is unregistered
  585. Return Value:
  587. STATUS_SUCCESS -- Success
  589. STATUS_INVALID_HANDLE -- A bad event handle was specified
  591. STATUS_ACCESS_DENIED -- The opened policy handle does not have the requried permissions
  593. STATUS_INSUFFICIENT_RESOURCES -- A memory allocation failed
  595. STATUS_INVALID_INFO_CLASS -- An invalid information class was provided.
  597. --*/
  598. {
  599. NTSTATUS Status = STATUS_SUCCESS;
  600. LSAP_DB_OBJECT_INFORMATION ObjectInformation;
  601. POBJECT_TYPE_INFORMATION ObjTypeInfo = NULL;
  602. ULONG Length = 0, ReturnLength = 0;
  603. UNICODE_STRING EventString;
  604. LSAPR_HANDLE PolicyHandle = NULL;
  605. OBJECT_ATTRIBUTES ObjectAttributes;
  607. //
  608. // Make sure we are given a valid info class
  609. //
  610. if ( InformationClass < PolicyNotifyAuditEventsInformation ||
  611. InformationClass > PolicyNotifyMachineAccountPasswordInformation ) {
  613. return( STATUS_INVALID_INFO_CLASS );
  614. }
  616. //
  617. // Make sure the caller has the proper privileges.
  618. //
  619. // We're already impersonating our caller so LsapDbOpenPolicy doesn't need to.
  620. //
  622. InitializeObjectAttributes(
  623. &ObjectAttributes,
  624. NULL,
  625. 0L,
  626. NULL,
  627. NULL );
  629. Status = LsapDbOpenPolicy(
  630. NULL,
  631. (PLSAPR_OBJECT_ATTRIBUTES) &ObjectAttributes,
  632. POLICY_NOTIFICATION,
  633. LSAP_DB_USE_LPC_IMPERSONATE,
  634. &PolicyHandle,
  635. FALSE ); // Not a trusted client
  637. if ( NT_SUCCESS( Status ) && Register ) {
  639. if ( NotificationEvent == NULL ||
  640. NotificationEvent == INVALID_HANDLE_VALUE ) {
  642. Status = STATUS_INVALID_HANDLE;
  643. }
  644. }
  646. if ( NT_SUCCESS( Status ) && Register ) {
  648. //
  649. // Verify that the handle is one for an Event
  650. //
  651. Status = NtQueryObject( NotificationEvent,
  652. ObjectTypeInformation,
  653. ObjTypeInfo,
  654. Length,
  655. &ReturnLength );
  657. if ( Status == STATUS_INFO_LENGTH_MISMATCH ) {
  659. ObjTypeInfo = LsapAllocateLsaHeap( ReturnLength );
  661. if ( ObjTypeInfo == NULL ) {
  663. Status = STATUS_INSUFFICIENT_RESOURCES;
  665. } else {
  667. Length = ReturnLength;
  668. Status = NtQueryObject( NotificationEvent,
  669. ObjectTypeInformation,
  670. ObjTypeInfo,
  671. Length,
  672. &ReturnLength );
  674. if ( NT_SUCCESS( Status ) ) {
  676. //
  677. // See if it's actually an event
  678. //
  679. RtlInitUnicodeString( &EventString, L"Event" );
  680. if ( !RtlEqualUnicodeString( &EventString, &ObjTypeInfo->TypeName, FALSE ) ) {
  682. Status = STATUS_INVALID_HANDLE;
  683. }
  685. }
  687. LsapFreeLsaHeap( ObjTypeInfo );
  688. }
  690. } else if ( Status == STATUS_SUCCESS ) {
  692. LsapDsDebugOut(( DEB_ERROR, "NtQueryObject returned success on a NULL buffer\n" ));
  693. Status = STATUS_UNSUCCESSFUL;
  694. }
  695. }
  697. //
  698. // Now, add or remove the information from the list
  699. //
  701. if ( NT_SUCCESS( Status ) ) {
  703. if ( Register ) {
  705. Status = LsapNotifyAddCallbackToList(
  706. &LsaPolicyChangeNotificationList[ InformationClass ],
  707. NULL,
  708. NotificationEvent,
  709. OwnerProcess,
  710. OwnerEventHandle );
  712. } else {
  714. Status = LsapNotifyRemoveCallbackFromList(
  715. &LsaPolicyChangeNotificationList[ InformationClass ],
  716. NULL,
  717. OwnerProcess,
  718. OwnerEventHandle );
  720. }
  721. }
  723. if ( PolicyHandle != NULL ) {
  725. LsapCloseHandle( &PolicyHandle, Status );
  726. }
  728. return( Status );
  729. }