DWORD LsaGetCurrentDirectoryPath( PSTR* ppszPath ) { DWORD dwError = 0; CHAR szBuf[PATH_MAX+1]; PSTR pszPath = NULL; if (getcwd(szBuf, PATH_MAX) == NULL) { dwError = LwMapErrnoToLwError(errno); BAIL_ON_LSA_ERROR(dwError); } dwError = LwAllocateString(szBuf, &pszPath); BAIL_ON_LSA_ERROR(dwError); *ppszPath = pszPath; return dwError; error: if (pszPath) { LwFreeString(pszPath); } return dwError; }
VOID LwTaskFreeCreds( PLW_TASK_CREDS pCreds /* IN OUT */ ) { if (pCreds->pKrb5Creds != NULL) { LwIoDeleteCreds(pCreds->pKrb5Creds); } if (pCreds->pszRestoreCache) { LwKrb5SetDefaultCachePath(pCreds->pszRestoreCache, NULL); LwFreeString(pCreds->pszRestoreCache); } if (pCreds->ctx != NULL) { if (pCreds->cc != NULL) { krb5_cc_destroy(pCreds->ctx, pCreds->cc); } krb5_free_context(pCreds->ctx); } LwFreeMemory(pCreds); }
void LwFreeNullTerminatedStringArray( PSTR * ppStringArray ) { PSTR* ppTmp = ppStringArray; while (ppTmp && *ppTmp) { LwFreeString(*ppTmp); ppTmp++; } LwFreeMemory(ppStringArray); }
static int FreeDomainControllerEx( IN void *p ) { struct wbcDomainControllerInfoEx *pController = (struct wbcDomainControllerInfoEx *)p; if (!pController) { return 0; } if (pController->dc_unc) { LwFreeString((char *) pController->dc_unc); } if (pController->dc_address) { LwFreeString((char *) pController->dc_address); } LW_SAFE_FREE_MEMORY(pController->domain_guid); if (pController->domain_name) { LwFreeString((char *) pController->domain_name); } if (pController->forest_name) { LwFreeString((char *) pController->forest_name); } if (pController->dc_site_name) { LwFreeString((char *) pController->dc_site_name); } if (pController->client_site_name) { LwFreeString((char *) pController->client_site_name); } return 0; }
VOID UpFreeString(PSTR pszStr) { LwFreeString(pszStr); }
VOID FreeUserAttributes( PGPUSER_AD_ATTRS pUserADAttrs ) { if (pUserADAttrs) { if (pUserADAttrs->pszDisplayName) LwFreeString(pUserADAttrs->pszDisplayName); if (pUserADAttrs->pszFirstName) LwFreeString(pUserADAttrs->pszFirstName); if (pUserADAttrs->pszLastName) LwFreeString(pUserADAttrs->pszLastName); if (pUserADAttrs->pszADDomain) LwFreeString(pUserADAttrs->pszADDomain); if (pUserADAttrs->pszKerberosPrincipal) LwFreeString(pUserADAttrs->pszKerberosPrincipal); if (pUserADAttrs->pszEMailAddress) LwFreeString(pUserADAttrs->pszEMailAddress); if (pUserADAttrs->pszMSExchHomeServerName) LwFreeString(pUserADAttrs->pszMSExchHomeServerName); if (pUserADAttrs->pszMSExchHomeMDB) LwFreeString(pUserADAttrs->pszMSExchHomeMDB); if (pUserADAttrs->pszTelephoneNumber) LwFreeString(pUserADAttrs->pszTelephoneNumber); if (pUserADAttrs->pszFaxTelephoneNumber) LwFreeString(pUserADAttrs->pszFaxTelephoneNumber); if (pUserADAttrs->pszMobileTelephoneNumber) LwFreeString(pUserADAttrs->pszMobileTelephoneNumber); if (pUserADAttrs->pszStreetAddress) LwFreeString(pUserADAttrs->pszStreetAddress); if (pUserADAttrs->pszPostOfficeBox) LwFreeString(pUserADAttrs->pszPostOfficeBox); if (pUserADAttrs->pszCity) LwFreeString(pUserADAttrs->pszCity); if (pUserADAttrs->pszState) LwFreeString(pUserADAttrs->pszState); if (pUserADAttrs->pszPostalCode) LwFreeString(pUserADAttrs->pszPostalCode); if (pUserADAttrs->pszCountry) LwFreeString(pUserADAttrs->pszCountry); if (pUserADAttrs->pszTitle) LwFreeString(pUserADAttrs->pszTitle); if (pUserADAttrs->pszCompany) LwFreeString(pUserADAttrs->pszCompany); if (pUserADAttrs->pszDepartment) LwFreeString(pUserADAttrs->pszDepartment); if (pUserADAttrs->pszHomeDirectory) LwFreeString(pUserADAttrs->pszHomeDirectory); if (pUserADAttrs->pszHomeDrive) LwFreeString(pUserADAttrs->pszHomeDrive); if (pUserADAttrs->pszPasswordLastSet) LwFreeString(pUserADAttrs->pszPasswordLastSet); if (pUserADAttrs->pszUserAccountControl) LwFreeString(pUserADAttrs->pszUserAccountControl); if (pUserADAttrs->pszMaxMinutesUntilChangePassword) LwFreeString(pUserADAttrs->pszMaxMinutesUntilChangePassword); if (pUserADAttrs->pszMinMinutesUntilChangePassword) LwFreeString(pUserADAttrs->pszMinMinutesUntilChangePassword); if (pUserADAttrs->pszMaxFailedLoginAttempts) LwFreeString(pUserADAttrs->pszMaxFailedLoginAttempts); if (pUserADAttrs->pszAllowedPasswordHistory) LwFreeString(pUserADAttrs->pszAllowedPasswordHistory); if (pUserADAttrs->pszMinCharsAllowedInPassword) LwFreeString(pUserADAttrs->pszMinCharsAllowedInPassword); LwFreeMemory(pUserADAttrs); } }
DWORD GetUserAttributes( HANDLE hDirectory, PSTR pszUserSID, PSTR pszDomainName, PGPUSER_AD_ATTRS * ppUserADAttrs ) { DWORD dwError = MAC_AD_ERROR_SUCCESS; PSTR pszDirectoryRoot = NULL; PSTR szAttributeList[] = {"*", NULL}; CHAR szQuery[1024]; LDAPMessage *pUserMessage = NULL; LDAPMessage *pDomainMessage = NULL; long lCount = 0; PGPUSER_AD_ATTRS pUserADAttrs = NULL; dwError = ADUConvertDomainToDN(pszDomainName, &pszDirectoryRoot); BAIL_ON_MAC_ERROR(dwError); sprintf(szQuery, "(objectsid=%s)", pszUserSID); dwError = LwLdapDirectorySearch( hDirectory, pszDirectoryRoot, LDAP_SCOPE_SUBTREE, szQuery, szAttributeList, &pUserMessage); BAIL_ON_MAC_ERROR(dwError); dwError = LwLdapCountEntries( hDirectory, pUserMessage, &lCount ); BAIL_ON_MAC_ERROR(dwError); if (lCount < 0) { dwError = MAC_AD_ERROR_INVALID_NAME; } else if (lCount == 0) { dwError = MAC_AD_ERROR_INVALID_NAME; } else if (lCount > 1) { dwError = MAC_AD_ERROR_INVALID_NAME; } BAIL_ON_MAC_ERROR(dwError); dwError = LwLdapDirectorySearch( hDirectory, pszDirectoryRoot, LDAP_SCOPE_BASE, "(objectClass=*)", szAttributeList, &pDomainMessage); BAIL_ON_MAC_ERROR(dwError); dwError = LwLdapCountEntries( hDirectory, pDomainMessage, &lCount ); BAIL_ON_MAC_ERROR(dwError); if (lCount < 0) { dwError = MAC_AD_ERROR_INVALID_NAME; } else if (lCount == 0) { dwError = MAC_AD_ERROR_INVALID_NAME; } else if (lCount > 1) { dwError = MAC_AD_ERROR_INVALID_NAME; } BAIL_ON_MAC_ERROR(dwError); dwError = LwAllocateMemory(sizeof(GPUSER_AD_ATTRS), (PVOID *) &pUserADAttrs); BAIL_ON_MAC_ERROR(dwError); dwError = LwAllocateString(pszDomainName, &pUserADAttrs->pszADDomain); BAIL_ON_MAC_ERROR(dwError); dwError = LwLdapGetString(hDirectory, pUserMessage, "displayName", &pUserADAttrs->pszDisplayName); if (dwError == LW_ERROR_INVALID_LDAP_ATTR_VALUE) { dwError = MAC_AD_ERROR_SUCCESS; } BAIL_ON_MAC_ERROR(dwError); dwError = LwLdapGetString(hDirectory, pUserMessage, "givenName", &pUserADAttrs->pszFirstName); if (dwError == LW_ERROR_INVALID_LDAP_ATTR_VALUE) { dwError = MAC_AD_ERROR_SUCCESS; } BAIL_ON_MAC_ERROR(dwError); dwError = LwLdapGetString(hDirectory, pUserMessage, "sn", &pUserADAttrs->pszLastName); if (dwError == LW_ERROR_INVALID_LDAP_ATTR_VALUE) { dwError = MAC_AD_ERROR_SUCCESS; } BAIL_ON_MAC_ERROR(dwError); dwError = LwLdapGetString(hDirectory, pUserMessage, "userPrincipalName", &pUserADAttrs->pszKerberosPrincipal); if (dwError == LW_ERROR_INVALID_LDAP_ATTR_VALUE) { dwError = MAC_AD_ERROR_SUCCESS; } BAIL_ON_MAC_ERROR(dwError); dwError = LwLdapGetString(hDirectory, pUserMessage, "mail", &pUserADAttrs->pszEMailAddress); if (dwError == LW_ERROR_INVALID_LDAP_ATTR_VALUE) { dwError = MAC_AD_ERROR_SUCCESS; } BAIL_ON_MAC_ERROR(dwError); dwError = LwLdapGetString(hDirectory, pUserMessage, "msExchHomeServerName", &pUserADAttrs->pszMSExchHomeServerName); if (dwError == LW_ERROR_INVALID_LDAP_ATTR_VALUE) { dwError = MAC_AD_ERROR_SUCCESS; } BAIL_ON_MAC_ERROR(dwError); dwError = LwLdapGetString(hDirectory, pUserMessage, "homeMDB", &pUserADAttrs->pszMSExchHomeMDB); if (dwError == LW_ERROR_INVALID_LDAP_ATTR_VALUE) { dwError = MAC_AD_ERROR_SUCCESS; } BAIL_ON_MAC_ERROR(dwError); dwError = LwLdapGetString(hDirectory, pUserMessage, "telephoneNumber", &pUserADAttrs->pszTelephoneNumber); if (dwError == LW_ERROR_INVALID_LDAP_ATTR_VALUE) { dwError = MAC_AD_ERROR_SUCCESS; } BAIL_ON_MAC_ERROR(dwError); dwError = LwLdapGetString(hDirectory, pUserMessage, "facsimileTelephoneNumber", &pUserADAttrs->pszFaxTelephoneNumber); if (dwError == LW_ERROR_INVALID_LDAP_ATTR_VALUE) { dwError = MAC_AD_ERROR_SUCCESS; } BAIL_ON_MAC_ERROR(dwError); dwError = LwLdapGetString(hDirectory, pUserMessage, "mobile", &pUserADAttrs->pszMobileTelephoneNumber); if (dwError == LW_ERROR_INVALID_LDAP_ATTR_VALUE) { dwError = MAC_AD_ERROR_SUCCESS; } BAIL_ON_MAC_ERROR(dwError); dwError = LwLdapGetString(hDirectory, pUserMessage, "streetAddress", &pUserADAttrs->pszStreetAddress); if (dwError == LW_ERROR_INVALID_LDAP_ATTR_VALUE) { dwError = MAC_AD_ERROR_SUCCESS; } BAIL_ON_MAC_ERROR(dwError); dwError = LwLdapGetString(hDirectory, pUserMessage, "postOfficeBox", &pUserADAttrs->pszPostOfficeBox); if (dwError == LW_ERROR_INVALID_LDAP_ATTR_VALUE) { dwError = MAC_AD_ERROR_SUCCESS; } BAIL_ON_MAC_ERROR(dwError); dwError = LwLdapGetString(hDirectory, pUserMessage, "l", &pUserADAttrs->pszCity); if (dwError == LW_ERROR_INVALID_LDAP_ATTR_VALUE) { dwError = MAC_AD_ERROR_SUCCESS; } BAIL_ON_MAC_ERROR(dwError); dwError = LwLdapGetString(hDirectory, pUserMessage, "st", &pUserADAttrs->pszState); if (dwError == LW_ERROR_INVALID_LDAP_ATTR_VALUE) { dwError = MAC_AD_ERROR_SUCCESS; } BAIL_ON_MAC_ERROR(dwError); dwError = LwLdapGetString(hDirectory, pUserMessage, "postalCode", &pUserADAttrs->pszPostalCode); if (dwError == LW_ERROR_INVALID_LDAP_ATTR_VALUE) { dwError = MAC_AD_ERROR_SUCCESS; } BAIL_ON_MAC_ERROR(dwError); dwError = LwLdapGetString(hDirectory, pUserMessage, "co", &pUserADAttrs->pszCountry); if (dwError == LW_ERROR_INVALID_LDAP_ATTR_VALUE) { dwError = MAC_AD_ERROR_SUCCESS; } BAIL_ON_MAC_ERROR(dwError); dwError = LwLdapGetString(hDirectory, pUserMessage, "title", &pUserADAttrs->pszTitle); if (dwError == LW_ERROR_INVALID_LDAP_ATTR_VALUE) { dwError = MAC_AD_ERROR_SUCCESS; } BAIL_ON_MAC_ERROR(dwError); dwError = LwLdapGetString(hDirectory, pUserMessage, "company", &pUserADAttrs->pszCompany); if (dwError == LW_ERROR_INVALID_LDAP_ATTR_VALUE) { dwError = MAC_AD_ERROR_SUCCESS; } BAIL_ON_MAC_ERROR(dwError); dwError = LwLdapGetString(hDirectory, pUserMessage, "department", &pUserADAttrs->pszDepartment); if (dwError == LW_ERROR_INVALID_LDAP_ATTR_VALUE) { dwError = MAC_AD_ERROR_SUCCESS; } BAIL_ON_MAC_ERROR(dwError); dwError = LwLdapGetString(hDirectory, pUserMessage, "homeDirectory", &pUserADAttrs->pszHomeDirectory); if (dwError == LW_ERROR_INVALID_LDAP_ATTR_VALUE) { dwError = MAC_AD_ERROR_SUCCESS; } BAIL_ON_MAC_ERROR(dwError); dwError = LwLdapGetString(hDirectory, pUserMessage, "homeDrive", &pUserADAttrs->pszHomeDrive); if (dwError == LW_ERROR_INVALID_LDAP_ATTR_VALUE) { dwError = MAC_AD_ERROR_SUCCESS; } BAIL_ON_MAC_ERROR(dwError); dwError = LwLdapGetString(hDirectory, pUserMessage, "pwdLastSet", &pUserADAttrs->pszPasswordLastSet); if (dwError == LW_ERROR_INVALID_LDAP_ATTR_VALUE) { dwError = MAC_AD_ERROR_SUCCESS; } BAIL_ON_MAC_ERROR(dwError); dwError = LwLdapGetString(hDirectory, pUserMessage, "userAccountControl", &pUserADAttrs->pszUserAccountControl); if (dwError == LW_ERROR_INVALID_LDAP_ATTR_VALUE) { dwError = MAC_AD_ERROR_SUCCESS; } BAIL_ON_MAC_ERROR(dwError); /* The settings below are found on the domain container for the user */ dwError = LwLdapGetString(hDirectory, pDomainMessage, "maxPwdAge", &pUserADAttrs->pszMaxMinutesUntilChangePassword); if (dwError == LW_ERROR_INVALID_LDAP_ATTR_VALUE) { dwError = MAC_AD_ERROR_SUCCESS; } BAIL_ON_MAC_ERROR(dwError); dwError = LwLdapGetString(hDirectory, pDomainMessage, "minPwdAge", &pUserADAttrs->pszMinMinutesUntilChangePassword); if (dwError == LW_ERROR_INVALID_LDAP_ATTR_VALUE) { dwError = MAC_AD_ERROR_SUCCESS; } BAIL_ON_MAC_ERROR(dwError); dwError = LwLdapGetString(hDirectory, pDomainMessage, "lockoutThreshhold", &pUserADAttrs->pszMaxFailedLoginAttempts); if (dwError == LW_ERROR_INVALID_LDAP_ATTR_VALUE) { dwError = MAC_AD_ERROR_SUCCESS; } BAIL_ON_MAC_ERROR(dwError); dwError = LwLdapGetString(hDirectory, pDomainMessage, "pwdHistoryLength", &pUserADAttrs->pszAllowedPasswordHistory); if (dwError == LW_ERROR_INVALID_LDAP_ATTR_VALUE) { dwError = MAC_AD_ERROR_SUCCESS; } BAIL_ON_MAC_ERROR(dwError); dwError = LwLdapGetString(hDirectory, pDomainMessage, "minPwdLength", &pUserADAttrs->pszMinCharsAllowedInPassword); if (dwError == LW_ERROR_INVALID_LDAP_ATTR_VALUE) { dwError = MAC_AD_ERROR_SUCCESS; } BAIL_ON_MAC_ERROR(dwError); *ppUserADAttrs = pUserADAttrs; pUserADAttrs = NULL; error: FreeUserAttributes(pUserADAttrs); if (pszDirectoryRoot) { LwFreeString(pszDirectoryRoot); } if (pUserMessage) { ldap_msgfree(pUserMessage); } if (pDomainMessage) { ldap_msgfree(pDomainMessage); } return dwError; }
DWORD ADUKrb5GetUserCachePathAndSID( PCSTR pszUserUPN, PSTR* ppszCachePath, PSTR* ppszHomeDirPath, PSTR* ppszSID, uid_t* pUid ) { DWORD dwError = 0; char szPath[PATH_MAX]; PSTR pszCachePath = NULL; PSTR pszHomeDirPath = NULL; PSTR pszSID = NULL; HANDLE hLsaConnection = (HANDLE) NULL; PLSA_USER_INFO_0 pUserInfo_0 = NULL; dwError = LsaOpenServer(&hLsaConnection); BAIL_ON_MAC_ERROR(dwError); dwError = LsaFindUserByName(hLsaConnection, pszUserUPN, 0, (PVOID*) &pUserInfo_0); BAIL_ON_MAC_ERROR(dwError); memset(szPath, 0, sizeof(szPath)); sprintf(szPath, "FILE:/tmp/krb5cc_%ld",(long)pUserInfo_0->uid); dwError = LwAllocateString(szPath, &pszCachePath); BAIL_ON_MAC_ERROR(dwError); dwError = LwAllocateString(pUserInfo_0->pszSid, &pszSID); BAIL_ON_MAC_ERROR(dwError); dwError = LwAllocateString(pUserInfo_0->pszHomedir, &pszHomeDirPath); BAIL_ON_MAC_ERROR(dwError); if (ppszCachePath) { *ppszCachePath = pszCachePath; pszCachePath = NULL; } if (ppszSID) { *ppszSID = pszSID; pszSID = NULL; } if (ppszHomeDirPath) { *ppszHomeDirPath = pszHomeDirPath; pszHomeDirPath = NULL; } if (pUid) { *pUid = pUserInfo_0->uid; } cleanup: if (pszCachePath) LwFreeString(pszCachePath); if (pszSID) LwFreeString(pszSID); if (pszHomeDirPath) LwFreeString(pszHomeDirPath); if (pUserInfo_0) LsaFreeUserInfo(0, pUserInfo_0); if (hLsaConnection != (HANDLE)NULL) LsaCloseServer(hLsaConnection); return dwError; error: if (ppszCachePath) *ppszCachePath = NULL; if (ppszSID) *ppszSID = NULL; if (ppszHomeDirPath) *ppszHomeDirPath = NULL; if (pUid) *pUid = -1; goto cleanup; }