static
DWORD
KtLdapBind(
LDAP **ppLd,
PCSTR pszDc
)
{
const int version = LDAP_VERSION3;
DWORD dwError = ERROR_SUCCESS;
int lderr = 0;
PSTR pszUrl = NULL;
LDAP *pLd = NULL;
dwError = LwAllocateStringPrintf(&pszUrl,
"ldap://%s",
pszDc);
BAIL_ON_LSA_ERROR(dwError);
lderr = ldap_initialize(&pLd,
pszUrl);
BAIL_ON_LDAP_ERROR(lderr);
lderr = ldap_set_option(pLd,
LDAP_OPT_PROTOCOL_VERSION,
&version);
BAIL_ON_LDAP_ERROR(lderr);
lderr = ldap_set_option(pLd,
LDAP_OPT_REFERRALS,
LDAP_OPT_OFF);
BAIL_ON_LDAP_ERROR(lderr);
dwError = LwLdapBindDirectorySasl(pLd, pszDc, FALSE);
BAIL_ON_LSA_ERROR(dwError);
*ppLd = pLd;
cleanup:
LW_SAFE_FREE_MEMORY(pszUrl);
if (dwError == ERROR_SUCCESS &&
lderr != LDAP_SUCCESS)
{
dwError = LwMapLdapErrorToLwError(lderr);
}
return dwError;
error:
if (pLd)
{
ldap_memfree(pLd);
}
*ppLd = NULL;
goto cleanup;
}
DWORD
KtLdapGetSaltingPrincipalA(
PCSTR pszDcName,
PCSTR pszBaseDn,
PCSTR pszMachAcctName,
PSTR *ppszSalt
)
{
PCSTR pszUpnAttr = "userPrincipalName";
PCSTR pszSamAcctAttr = "sAMAccountName";
DWORD dwError = ERROR_SUCCESS;
LDAP *pLd = NULL;
PSTR pszFilter = NULL;
PSTR pszUpn = NULL;
/* Bind to directory service on the DC */
dwError = KtLdapBind(&pLd, pszDcName);
BAIL_ON_LSA_ERROR(dwError);
/* Prepare ldap query filter */
dwError = LwAllocateStringPrintf(&pszFilter,
"(%s=%s)",
pszSamAcctAttr,
pszMachAcctName);
BAIL_ON_LSA_ERROR(dwError);
/* Look for key version number attribute */
dwError = KtLdapQuery(pLd,
pszBaseDn,
LDAP_SCOPE_SUBTREE,
pszFilter,
pszUpnAttr,
&pszUpn);
BAIL_ON_LSA_ERROR(dwError);
*ppszSalt = pszUpn;
cleanup:
/* Close connection to the directory */
if (pLd)
{
KtLdapUnbind(pLd);
}
LW_SAFE_FREE_MEMORY(pszFilter);
return dwError;
error:
LW_SAFE_FREE_MEMORY(pszUpn);
*ppszSalt = NULL;
goto cleanup;
}
DWORD
LwpsLegacyGetJoinedDomainTrustEnumerationWaitTime(
IN PLWPS_LEGACY_STATE pContext,
IN OPTIONAL PCSTR pszDomainName,
OUT PDWORD* ppdwTrustEnumerationWaitSeconds,
OUT PDWORD* ppdwTrustEnumerationWaitEnabled
)
{
DWORD dwError = 0;
int EE = 0;
PSTR pszRegistryPath = NULL;
PVOID dwValue = NULL;
PVOID dwValue1 = NULL;
REG_DATA_TYPE readType = 0;
DWORD dwValueSize = 0;
DWORD dwValueSize1 = 0;
if (pszDomainName)
{
dwError = LwAllocateStringPrintf(
&pszRegistryPath,
"%s\\%s",
PSTOREDB_REGISTRY_AD_KEY,
pszDomainName);
GOTO_CLEANUP_ON_WINERROR_EE(dwError, EE);
dwError = RegUtilGetValue(
pContext->hReg,
HKEY_THIS_MACHINE,
pszRegistryPath,
NULL,
PSTOREDB_REGISTRY_TRUSTENUMERATIONWAIT_VALUE,
&readType,
&dwValue,
&dwValueSize);
GOTO_CLEANUP_ON_WINERROR_EE(dwError, EE);
dwError = RegUtilGetValue(
pContext->hReg,
HKEY_THIS_MACHINE,
pszRegistryPath,
NULL,
PSTOREDB_REGISTRY_TRUSTENUMERATIONWAITSECONDS_VALUE,
&readType,
&dwValue1,
&dwValueSize1);
GOTO_CLEANUP_ON_WINERROR_EE(dwError, EE);
*ppdwTrustEnumerationWaitSeconds = (PDWORD) dwValue1;
*ppdwTrustEnumerationWaitEnabled = (PDWORD) dwValue;
}
cleanup:
LW_SAFE_FREE_MEMORY(pszRegistryPath);
LSA_PSTORE_LOG_LEAVE_ERROR_EE(dwError, EE);
return dwError;
}
static
DWORD
CleanupUsername(
IN PCSTR pszDomain,
IN OUT PSTR* ppszUsername
)
{
DWORD dwError = 0;
PSTR pszOldUsername = *ppszUsername;
PSTR pszNewUsername = NULL;
// Fix up username and prompt for password, if needed.
if (pszOldUsername)
{
PSTR at = NULL;
if (strchr(pszOldUsername, '\\'))
{
fprintf(stderr,
"The USERNAME (%s) is not allowed to contain a backslash.\n",
pszOldUsername);
exit(1);
}
at = strchr(pszOldUsername, '@');
if (at)
{
LwStrToUpper(at);
}
else
{
dwError = LwAllocateStringPrintf(
&pszNewUsername,
"%s@%s",
pszOldUsername,
pszDomain);
GOTO_CLEANUP_ON_WINERROR(dwError);
}
}
cleanup:
if (dwError)
{
LW_SAFE_FREE_MEMORY(pszNewUsername);
}
if (pszNewUsername)
{
LW_SAFE_FREE_MEMORY(*ppszUsername);
*ppszUsername = pszNewUsername;
}
return dwError;
}
DWORD
LwpsLegacyDeletePassword(
IN PLWPS_LEGACY_STATE pContext,
IN PCSTR pszDomainName
)
{
DWORD dwError = 0;
int EE = 0;
PSTR pszRegistryPath = NULL;
DWORD dwSubKeysCount = 0;
DWORD dwValuesCount = 0;
dwError = LwAllocateStringPrintf(
&pszRegistryPath,
"%s\\%s",
PSTOREDB_REGISTRY_AD_KEY,
pszDomainName);
GOTO_CLEANUP_ON_WINERROR_EE(dwError, EE);
RegUtilDeleteTree(
pContext->hReg,
NULL,
pszRegistryPath,
PSTOREDB_REGISTRY_PSTORE_SUBKEY);
// TODO-What if there is an error?
/* Delete domain key only if empty */
dwError = RegUtilGetKeyObjectCounts(
pContext->hReg,
HKEY_THIS_MACHINE,
pszRegistryPath,
NULL,
&dwSubKeysCount,
&dwValuesCount);
if (dwError)
{
dwError = 0;
}
else if (!dwSubKeysCount && !dwValuesCount)
{
RegUtilDeleteKey(
pContext->hReg,
HKEY_THIS_MACHINE,
pszRegistryPath,
NULL);
// TODO-What if there is an error?
}
cleanup:
LW_SAFE_FREE_MEMORY(pszRegistryPath);
LSA_PSTORE_LOG_LEAVE_ERROR_EE(dwError, EE);
return dwError;
}
DWORD
LwKrb5InitializeCredentials(
IN PCSTR pszUserPrincipalName,
IN PCSTR pszPassword,
IN PCSTR pszCachePath,
OUT OPTIONAL PDWORD pdwGoodUntilTime
)
{
DWORD dwError = LW_ERROR_SUCCESS;
DWORD dwGoodUntilTime = 0;
PSTR pszTempCachePath = NULL;
if (!pszCachePath)
{
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_LW_ERROR(dwError);
}
if (!strncmp(pszCachePath, "FILE:", sizeof("FILE:") - 1))
{
dwError = LwAllocateStringPrintf(&pszTempCachePath, "%s.new",
pszCachePath);
BAIL_ON_LW_ERROR(dwError);
}
dwError = LwKrb5GetTgt(
pszUserPrincipalName,
pszPassword,
pszTempCachePath ? pszTempCachePath : pszCachePath,
&dwGoodUntilTime);
BAIL_ON_LW_ERROR(dwError);
if (pszTempCachePath)
{
dwError = LwMoveFile(pszTempCachePath + sizeof("FILE:") - 1,
pszCachePath + sizeof("FILE:") - 1);
BAIL_ON_LW_ERROR(dwError);
}
error:
if (dwError)
{
dwGoodUntilTime = 0;
}
LW_SAFE_FREE_STRING(pszTempCachePath);
if (pdwGoodUntilTime)
{
*pdwGoodUntilTime = dwGoodUntilTime;
}
return dwError;
}
DWORD
ADUSMBGetFolder(
PSTR pszDomainName,
PSTR pszSourceFolder,
PSTR pszDestFolder
)
{
DWORD dwError = MAC_AD_ERROR_SUCCESS;
PSTR pszFQSrcPath = NULL;
PSTR pszDCHostname = NULL;
if (IsNullOrEmptyString(pszDomainName) ||
IsNullOrEmptyString(pszSourceFolder) ||
IsNullOrEmptyString(pszDestFolder))
{
dwError = MAC_AD_ERROR_INVALID_PARAMETER;
BAIL_ON_MAC_ERROR(dwError);
}
dwError = GetPreferredDCAddress(
pszDomainName,
&pszDCHostname);
BAIL_ON_MAC_ERROR(dwError);
dwError = LwCreateDirectory(
pszDestFolder,
S_IRUSR|S_IWUSR|S_IXUSR|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH);
BAIL_ON_MAC_ERROR(dwError);
dwError = LwAllocateStringPrintf(
&pszFQSrcPath,
"//%s/sysvol/%s",
pszDCHostname,
*pszSourceFolder == '/' ? pszSourceFolder+1 : pszSourceFolder);
BAIL_ON_MAC_ERROR(dwError);
LOG("Calling ADUSMBGetFolder(Src:%s, Dest:%s)", pszFQSrcPath, pszDestFolder);
dwError = ADUCopyDirFromRemote(
pszFQSrcPath,
pszDestFolder);
BAIL_ON_MAC_ERROR(dwError);
cleanup:
LW_SAFE_FREE_STRING( pszFQSrcPath );
LW_SAFE_FREE_STRING(pszDCHostname);
return dwError;
error:
goto cleanup;
}
DWORD
LsaSELinuxManageHomeDir(
PCSTR pszHomeDir
)
{
DWORD dwError = 0;
PCSTR pszSemanageFormat = "semanage fcontext -a -e /home %s";
PSTR pszRootHomeDir = NULL;
PSTR pszSemanageExecute = NULL;
int systemresult = 0;
dwError = LsaGetDirectoryFromPath(pszHomeDir, &pszRootHomeDir);
BAIL_ON_LSA_ERROR(dwError);
if (LW_IS_NULL_OR_EMPTY_STR(pszRootHomeDir))
{
dwError = LW_ERROR_INVALID_PREFIX_PATH;
BAIL_ON_LSA_ERROR(dwError);
}
if (pszRootHomeDir[0] != '/')
{
dwError = LW_ERROR_INVALID_PREFIX_PATH;
BAIL_ON_LSA_ERROR(dwError);
}
if (pszRootHomeDir[1] == '\0')
{
dwError = LW_ERROR_INVALID_PREFIX_PATH;
BAIL_ON_LSA_ERROR(dwError);
}
dwError = LwAllocateStringPrintf(
&pszSemanageExecute,
pszSemanageFormat,
pszRootHomeDir);
BAIL_ON_LSA_ERROR(dwError);
systemresult = system(pszSemanageExecute);
if (systemresult < 0)
{
dwError = LwMapErrnoToLwError(errno);
BAIL_ON_LSA_ERROR(dwError);
}
cleanup:
LW_SAFE_FREE_STRING(pszRootHomeDir);
LW_SAFE_FREE_STRING(pszSemanageExecute);
return dwError;
error:
goto cleanup;
}
DWORD
LWNetGetErrorMessageForLoggingEvent(
DWORD dwErrCode,
PSTR* ppszErrorMsg
)
{
DWORD dwErrorBufferSize = 0;
DWORD dwError = 0;
DWORD dwLen = 0;
PSTR pszErrorMsg = NULL;
PSTR pszErrorBuffer = NULL;
dwErrorBufferSize = LwGetErrorString(dwErrCode, NULL, 0);
if (!dwErrorBufferSize)
goto cleanup;
dwError = LWNetAllocateMemory(
dwErrorBufferSize,
(PVOID*)&pszErrorBuffer);
BAIL_ON_LWNET_ERROR(dwError);
dwLen = LwGetErrorString(dwErrCode, pszErrorBuffer, dwErrorBufferSize);
if ((dwLen == dwErrorBufferSize) && !IsNullOrEmptyString(pszErrorBuffer))
{
dwError = LwAllocateStringPrintf(
&pszErrorMsg,
"Error: %s [error code: %d]",
pszErrorBuffer,
dwErrCode);
BAIL_ON_LWNET_ERROR(dwError);
}
*ppszErrorMsg = pszErrorMsg;
cleanup:
LWNET_SAFE_FREE_STRING(pszErrorBuffer);
return dwError;
error:
LWNET_SAFE_FREE_STRING(pszErrorMsg);
*ppszErrorMsg = NULL;
goto cleanup;
}
DWORD
InstallLwiCompat(
PCSTR pSmbdPath
)
{
DWORD error = 0;
PSTR pSambaDir = NULL;
PSTR pLwiCompat = NULL;
PCSTR pLikewiseLwiCompat = LIBDIR "/" LWICOMPAT_FILENAME;
error = GetIdmapDir(
pSmbdPath,
&pSambaDir);
BAIL_ON_LSA_ERROR(error);
error = LwAllocateStringPrintf(
&pLwiCompat,
"%s/%s",
pSambaDir,
LWICOMPAT_FILENAME
);
BAIL_ON_LSA_ERROR(error);
if (unlink(pLwiCompat) < 0)
{
if (errno != ENOENT)
{
error = LwMapErrnoToLwError(errno);
BAIL_ON_LSA_ERROR(error);
}
}
if (symlink(pLikewiseLwiCompat, pLwiCompat) < 0)
{
error = LwMapErrnoToLwError(errno);
if (error == ERROR_FILE_NOT_FOUND)
{
LW_RTL_LOG_ERROR("Cannot access idmap directory %s. Please ensure you have winbind installed", pSambaDir);
}
BAIL_ON_LSA_ERROR(error);
}
LW_RTL_LOG_INFO("Linked idmapper %s to %s", pLwiCompat, pLikewiseLwiCompat);
cleanup:
LW_SAFE_FREE_STRING(pSambaDir);
LW_SAFE_FREE_STRING(pLwiCompat);
return error;
}
DWORD
SamDbIncrementSequenceNumber_inlock(
PSAM_DIRECTORY_CONTEXT pDirectoryContext
)
{
DWORD dwError = ERROR_SUCCESS;
PCSTR pszQueryTemplate = "UPDATE " SAM_DB_OBJECTS_TABLE \
" SET " SAM_DB_COL_SEQUENCE_NUMBER \
" = " SAM_DB_COL_SEQUENCE_NUMBER " + 1 " \
" WHERE " SAM_DB_COL_OBJECT_CLASS " = %u";
PSTR pszQuery = NULL;
sqlite3_stmt *pSqlStatement = NULL;
dwError = LwAllocateStringPrintf(&pszQuery,
pszQueryTemplate,
SAMDB_OBJECT_CLASS_DOMAIN);
BAIL_ON_SAMDB_ERROR(dwError);
dwError = sqlite3_prepare_v2(
pDirectoryContext->pDbContext->pDbHandle,
pszQuery,
-1,
&pSqlStatement,
NULL);
BAIL_ON_SAMDB_SQLITE_ERROR_DB(
dwError,
pDirectoryContext->pDbContext->pDbHandle);
dwError = sqlite3_step(pSqlStatement);
if (dwError == SQLITE_DONE)
{
dwError = ERROR_SUCCESS;
}
BAIL_ON_SAMDB_SQLITE_ERROR_STMT(dwError, pSqlStatement);
cleanup:
if (pSqlStatement)
{
sqlite3_finalize(pSqlStatement);
}
DIRECTORY_FREE_MEMORY(pszQuery);
return dwError;
error:
goto cleanup;
}
VOID
LWNetSrvLogProcessStoppedEvent(
DWORD dwExitCode
)
{
DWORD dwError = 0;
PSTR pszDescription = NULL;
PSTR pszData = NULL;
dwError = LwAllocateStringPrintf(
&pszDescription,
"The Likewise site manager service was stopped");
BAIL_ON_LWNET_ERROR(dwError);
dwError = LWNetGetErrorMessageForLoggingEvent(
dwExitCode,
&pszData);
BAIL_ON_LWNET_ERROR(dwError);
if (dwExitCode)
{
LWNetSrvLogErrorEvent(
LWNET_EVENT_ERROR_SERVICE_STOPPED,
SERVICE_EVENT_CATEGORY,
pszDescription,
pszData);
}
else
{
LWNetSrvLogInformationEvent(
LWNET_EVENT_INFO_SERVICE_STOPPED,
SERVICE_EVENT_CATEGORY,
pszDescription,
pszData);
}
cleanup:
LWNET_SAFE_FREE_STRING(pszDescription);
LWNET_SAFE_FREE_STRING(pszData);
return;
error:
goto cleanup;
}
DWORD
LwKrb5SetProcessDefaultCachePath(
PCSTR pszCachePath
)
{
DWORD dwError = 0;
PSTR pszEnvironmentEntry = NULL;
static volatile PSTR pszSavedEnvironmentEntry = NULL;
static pthread_mutex_t lock = PTHREAD_MUTEX_INITIALIZER;
BOOLEAN bLocked = FALSE;
dwError = pthread_mutex_lock(&lock);
if (dwError)
{
dwError = LwMapErrnoToLwError(dwError);
BAIL_ON_LW_ERROR(dwError);
}
bLocked = TRUE;
dwError = LwAllocateStringPrintf(&pszEnvironmentEntry,
"KRB5CCNAME=%s",
pszCachePath);
BAIL_ON_LW_ERROR(dwError);
/*
* putenv requires that the buffer not be free'd.
*/
if (putenv(pszEnvironmentEntry) < 0)
{
dwError = LwMapErrnoToLwError(errno);
BAIL_ON_LW_ERROR(dwError);
}
LW_SAFE_FREE_STRING(pszSavedEnvironmentEntry);
pszSavedEnvironmentEntry = pszEnvironmentEntry;
pszEnvironmentEntry = NULL;
error:
LW_SAFE_FREE_STRING(pszEnvironmentEntry);
if (bLocked)
{
pthread_mutex_unlock(&lock);
}
return dwError;
}
DWORD
ADUSMBGetFile(
PSTR pszDomainName,
PSTR pszSourcePath,
PSTR pszDestPath
)
{
DWORD dwError = MAC_AD_ERROR_SUCCESS;
PSTR pszFQSrcPath = NULL;
PSTR pszDCHostname = NULL;
if (IsNullOrEmptyString(pszDomainName) ||
IsNullOrEmptyString(pszSourcePath) ||
IsNullOrEmptyString(pszDestPath))
{
dwError = MAC_AD_ERROR_INVALID_PARAMETER;
BAIL_ON_MAC_ERROR(dwError);
}
dwError = GetPreferredDCAddress(
pszDomainName,
&pszDCHostname);
BAIL_ON_MAC_ERROR(dwError);
dwError = LwAllocateStringPrintf(
&pszFQSrcPath,
"//%s/sysvol/%s",
pszDCHostname,
*pszSourcePath == '/' ? pszSourcePath+1 : pszSourcePath);
BAIL_ON_MAC_ERROR(dwError);
LOG("Calling ADUCopyFileFromRemote(Src:%s, Dest:%s)", pszFQSrcPath, pszDestPath);
dwError = ADUCopyFileFromRemote(pszFQSrcPath, pszDestPath);
BAIL_ON_MAC_ERROR(dwError);
cleanup:
LW_SAFE_FREE_STRING(pszFQSrcPath);
LW_SAFE_FREE_STRING(pszDCHostname);
return dwError;
error:
goto cleanup;
}
DWORD
LwCLdapOpenDirectory(
IN PCSTR pszServerName,
OUT PHANDLE phDirectory
)
{
DWORD dwError = LW_ERROR_SUCCESS;
LDAP * ld = NULL;
PLW_LDAP_DIRECTORY_CONTEXT pDirectory = NULL;
int rc = LDAP_VERSION3;
PSTR pszURL = NULL;
LW_BAIL_ON_INVALID_STRING(pszServerName);
dwError = LwAllocateStringPrintf(&pszURL, "cldap://%s",
pszServerName);
BAIL_ON_LW_ERROR(dwError);
dwError = ldap_initialize(&ld, pszURL);
BAIL_ON_LDAP_ERROR(dwError);
dwError = ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &rc);
BAIL_ON_LDAP_ERROR(dwError);
dwError = ldap_set_option(ld, LDAP_OPT_REFERRALS, (void *)LDAP_OPT_OFF);
BAIL_ON_LDAP_ERROR(dwError);
dwError = LwAllocateMemory(sizeof(*pDirectory), OUT_PPVOID(&pDirectory));
BAIL_ON_LW_ERROR(dwError);
pDirectory->ld = ld;
error:
LW_SAFE_FREE_STRING(pszURL);
if (dwError)
{
if (pDirectory)
{
LwLdapCloseDirectory(pDirectory);
pDirectory = NULL;
}
}
*phDirectory = (HANDLE)pDirectory;
return dwError;
}
LSASS_API
DWORD
LsaAdRemoveGroupByIdFromCache(
IN HANDLE hLsaConnection,
IN OPTIONAL PCSTR pszDomainName,
IN gid_t gid
)
{
DWORD dwError = 0;
PSTR pszTargetProvider = NULL;
if (geteuid() != 0)
{
dwError = LW_ERROR_ACCESS_DENIED;
BAIL_ON_LSA_ERROR(dwError);
}
if (pszDomainName)
{
dwError = LwAllocateStringPrintf(
&pszTargetProvider,
"%s:%s",
LSA_PROVIDER_TAG_AD,
pszDomainName);
BAIL_ON_LSA_ERROR(dwError);
}
dwError = LsaProviderIoControl(
hLsaConnection,
pszTargetProvider ? pszTargetProvider : LSA_PROVIDER_TAG_AD,
LSA_AD_IO_REMOVEGROUPBYIDCACHE,
sizeof(gid),
&gid,
NULL,
NULL);
BAIL_ON_LSA_ERROR(dwError);
cleanup:
LW_SAFE_FREE_STRING(pszTargetProvider);
return dwError;
error:
goto cleanup;
}
VOID
LsaSrvLogProcessStoppedEvent(
DWORD dwExitCode
)
{
DWORD dwError = 0;
PSTR pszDescription = NULL;
PSTR pszData = NULL;
dwError = LwAllocateStringPrintf(
&pszDescription,
"The authentication service was stopped");
BAIL_ON_LSA_ERROR(dwError);
dwError = LsaGetErrorMessageForLoggingEvent(
dwExitCode,
&pszData);
BAIL_ON_LSA_ERROR(dwError);
if (dwExitCode)
{
LsaSrvLogServiceFailureEvent(
LSASS_EVENT_ERROR_SERVICE_STOPPED,
SERVICE_EVENT_CATEGORY,
pszDescription,
pszData);
}
else
{
LsaSrvLogServiceSuccessEvent(
LSASS_EVENT_INFO_SERVICE_STOPPED,
SERVICE_EVENT_CATEGORY,
pszDescription,
pszData);
}
cleanup:
LW_SAFE_FREE_STRING(pszDescription);
LW_SAFE_FREE_STRING(pszData);
return;
error:
goto cleanup;
}
DWORD
LwpsLegacySetJoinedDomainTrustEnumerationWaitTime(
IN PLWPS_LEGACY_STATE pContext,
IN OPTIONAL PCSTR pszDomainName
)
{
DWORD dwError = 0;
int EE = 0;
PSTR pszRegistryPath = NULL;
DWORD dwValue = 0;
if (pszDomainName)
{
dwError = LwAllocateStringPrintf(
&pszRegistryPath,
"%s\\%s",
PSTOREDB_REGISTRY_AD_KEY,
pszDomainName);
GOTO_CLEANUP_ON_WINERROR_EE(dwError, EE);
dwError = RegUtilSetValue(
pContext->hReg,
HKEY_THIS_MACHINE,
pszRegistryPath,
NULL,
PSTOREDB_REGISTRY_TRUSTENUMERATIONWAIT_VALUE,
REG_DWORD,
(PVOID)&dwValue,
sizeof(dwValue));
GOTO_CLEANUP_ON_WINERROR_EE(dwError, EE);
dwError = RegUtilSetValue(
pContext->hReg,
HKEY_THIS_MACHINE,
pszRegistryPath,
NULL,
PSTOREDB_REGISTRY_TRUSTENUMERATIONWAITSECONDS_VALUE,
REG_DWORD,
(PVOID)&dwValue,
sizeof(dwValue));
GOTO_CLEANUP_ON_WINERROR_EE(dwError, EE);
}
cleanup:
LSA_PSTORE_LOG_LEAVE_ERROR_EE(dwError, EE);
return dwError;
}
static
DWORD
GetErrorMessage(
DWORD dwErrCode,
PSTR* ppszErrorMsg)
{
DWORD dwError = 0;
DWORD dwErrorBufferSize = 0;
DWORD dwLen = 0;
PSTR pszErrorMsg = NULL;
PSTR pszErrorBuffer = NULL;
dwErrorBufferSize = LwGetErrorString(dwErrCode, NULL, 0);
if(!dwErrorBufferSize)
goto cleanup;
dwError = LwAllocateMemory(
dwErrorBufferSize,
OUT_PPVOID(&pszErrorBuffer));
BAIL_ON_UP_ERROR(dwError);
dwLen = LwGetErrorString(dwErrCode, pszErrorBuffer, dwErrorBufferSize);
if ((dwLen == dwErrorBufferSize) && !LW_IS_NULL_OR_EMPTY_STR(pszErrorBuffer))
{
dwError = LwAllocateStringPrintf(
&pszErrorMsg,
"Error: %s [error code: %d]", pszErrorBuffer,
dwErrCode);
BAIL_ON_UP_ERROR(dwError);
}
*ppszErrorMsg = pszErrorMsg;
cleanup:
LW_SAFE_FREE_MEMORY(pszErrorBuffer);
return dwError;
error:
LW_SAFE_FREE_STRING(pszErrorMsg);
*ppszErrorMsg = NULL;
goto cleanup;
}
VOID
EVTLogConfigReload(
VOID
)
{
DWORD dwError = 0;
PSTR pszDescription = NULL;
dwError = LwAllocateStringPrintf(
&pszDescription,
" Current config settings are...\r\n" \
" Max Disk Usage : %d\r\n" \
" Max Number Of Events: %d\r\n" \
" Max Event Lifespan: %d\r\n" \
" Remove Events As Needed: %s\r\n" \
" Register TCP/IP RPC endpoints: %s\r\n" \
" Allow Read To : %s\r\n" \
" Allow Write To : %s\r\n" \
" Allow Delete To : %s\r\n",
gServerInfo.dwMaxLogSize,
gServerInfo.dwMaxRecords,
gServerInfo.dwMaxAge,
gServerInfo.bRemoveAsNeeded? "true" : "false",
gServerInfo.bRegisterTcpIp ? "true" : "false",
gServerInfo.pszAllowReadTo ?
gServerInfo.pszAllowReadTo: "",
gServerInfo.pszAllowWriteTo ?
gServerInfo.pszAllowWriteTo: "",
gServerInfo.pszAllowDeleteTo ?
gServerInfo.pszAllowDeleteTo: "");
BAIL_ON_EVT_ERROR(dwError);
EVT_LOG_INFO("%s", pszDescription);
cleanup:
LW_SAFE_FREE_STRING(pszDescription);
return;
error:
goto cleanup;
}
/**
* Get current NT time.
* The resulting string is dynamically allocated. Must be freed.
*
* @return NT time.
*/
PSTR GetCurrentNtTime()
{
DWORD dwError = 0;
time_t utime = 0;
UINT64 result = 0;
PSTR resultStr = NULL;
utime = time(NULL);
result = (utime + 11644473600LL) * 10000000LL;
dwError = LwAllocateStringPrintf(&resultStr, "%lld", result);
if(dwError) {
return NULL;
}
return resultStr;
}
static
DWORD
LsaAdBatchMarshalUnprovisionedGroup(
IN PAD_PROVIDER_DATA pProviderData,
IN OUT PLSA_AD_BATCH_ITEM_GROUP_INFO pGroupInfo,
IN PCSTR pszDnsDomainName,
IN PCSTR pszNetbiosDomainName,
IN PCSTR pszSamAccountName,
IN PCSTR pszSid
)
{
DWORD dwError = 0;
DWORD dwId = 0;
PSTR pszNT4Name = NULL;
dwError = LwAllocateStringPrintf(
&pszNT4Name,
"%s\\%s",
pszNetbiosDomainName,
pszSamAccountName);
BAIL_ON_LSA_ERROR(dwError);
// gid, alias
dwError = ADUnprovPlugin_QueryByReal(
pProviderData,
FALSE,
pszNT4Name,
pszSid,
&pGroupInfo->pszAlias,
&dwId);
BAIL_ON_LSA_ERROR(dwError);
pGroupInfo->gid = (gid_t)dwId;
cleanup:
LW_SAFE_FREE_STRING(pszNT4Name);
return dwError;
error:
goto cleanup;
}
DWORD
LwGssGetErrorMessage(
OUT PSTR* ppszErrorMessage,
IN OPTIONAL PCSTR pszGssFunction,
IN OM_uint32 MajorStatus,
IN OM_uint32 MinorStatus
)
{
DWORD dwError = 0;
PSTR pszErrorMessage = NULL;
PSTR pszMajorMessage = NULL;
PSTR pszMinorMessage = NULL;
dwError = LwGssGetSingleErrorMessage(&pszMajorMessage, MajorStatus, TRUE);
BAIL_ON_LW_ERROR(dwError);
dwError = LwGssGetSingleErrorMessage(&pszMinorMessage, MinorStatus, FALSE);
BAIL_ON_LW_ERROR(dwError);
dwError = LwAllocateStringPrintf(&pszErrorMessage,
"GSS API error calling %s(): "
"majorStatus = 0x%08x (%s), "
"minorStatus = 0x%08x (%s)",
pszGssFunction,
MajorStatus, pszMajorMessage,
MinorStatus, pszMinorMessage);
BAIL_ON_LW_ERROR(dwError);
error:
if (dwError)
{
LW_SAFE_FREE_STRING(pszErrorMessage);
}
LW_SAFE_FREE_STRING(pszMajorMessage);
LW_SAFE_FREE_STRING(pszMinorMessage);
*ppszErrorMessage = pszErrorMessage;
return dwError;
}
DWORD
UninstallLwiCompat(
PCSTR pSmbdPath
)
{
DWORD error = 0;
PSTR pSambaDir = NULL;
PSTR pLwiCompat = NULL;
error = GetIdmapDir(
pSmbdPath,
&pSambaDir);
BAIL_ON_LSA_ERROR(error);
error = LwAllocateStringPrintf(
&pLwiCompat,
"%s/%s",
pSambaDir,
LWICOMPAT_FILENAME
);
BAIL_ON_LSA_ERROR(error);
if (unlink(pLwiCompat) < 0)
{
if (errno != ENOENT)
{
error = LwMapErrnoToLwError(errno);
BAIL_ON_LSA_ERROR(error);
}
}
LW_RTL_LOG_INFO("Unlinked idmapper %s", pLwiCompat);
cleanup:
LW_SAFE_FREE_STRING(pSambaDir);
LW_SAFE_FREE_STRING(pLwiCompat);
return error;
}
VOID
LWNetSrvLogProcessFailureEvent(
DWORD dwErrCode
)
{
DWORD dwError = 0;
PSTR pszDescription = NULL;
PSTR pszData = NULL;
dwError = LwAllocateStringPrintf(
&pszDescription,
"The Likewise site manager service stopped running due to an error");
BAIL_ON_LWNET_ERROR(dwError);
dwError = LWNetGetErrorMessageForLoggingEvent(
dwErrCode,
&pszData);
BAIL_ON_LWNET_ERROR(dwError);
LWNetSrvLogErrorEvent(
LWNET_EVENT_ERROR_SERVICE_START_FAILURE,
SERVICE_EVENT_CATEGORY,
pszDescription,
pszData);
cleanup:
LWNET_SAFE_FREE_STRING(pszDescription);
LWNET_SAFE_FREE_STRING(pszData);
return;
error:
goto cleanup;
}
VOID
LsaSrvLogProcessFailureEvent(
DWORD dwErrCode
)
{
DWORD dwError = 0;
PSTR pszDescription = NULL;
PSTR pszData = NULL;
dwError = LwAllocateStringPrintf(
&pszDescription,
"The authentication service stopped running due to an error");
BAIL_ON_LSA_ERROR(dwError);
dwError = LsaGetErrorMessageForLoggingEvent(
dwErrCode,
&pszData);
BAIL_ON_LSA_ERROR(dwError);
LsaSrvLogServiceFailureEvent(
LSASS_EVENT_ERROR_SERVICE_START_FAILURE,
SERVICE_EVENT_CATEGORY,
pszDescription,
pszData);
cleanup:
LW_SAFE_FREE_STRING(pszDescription);
LW_SAFE_FREE_STRING(pszData);
return;
error:
goto cleanup;
}
DWORD
ADGetDomainQualifiedString(
PCSTR pszNetBIOSDomainName,
PCSTR pszName,
PSTR* ppszQualifiedName
)
{
DWORD dwError = 0;
PSTR pszQualifiedName = NULL;
dwError = LwAllocateStringPrintf(
&pszQualifiedName,
"%s%c%s",
pszNetBIOSDomainName,
LsaSrvDomainSeparator(),
pszName);
BAIL_ON_LSA_ERROR(dwError);
LwStrnToUpper(pszQualifiedName, strlen(pszNetBIOSDomainName));
LwStrToLower(pszQualifiedName + strlen(pszNetBIOSDomainName) + 1);
*ppszQualifiedName = pszQualifiedName;
cleanup:
return dwError;
error:
*ppszQualifiedName = NULL;
LW_SAFE_FREE_STRING(pszQualifiedName);
goto cleanup;
}
DWORD
UmnSrvReadUser(
PCSTR pParentKey,
PCSTR pName,
PUSER_MONITOR_PASSWD pResult
)
{
DWORD dwError = 0;
PSTR pUserPath = NULL;
LWREG_CONFIG_ITEM userLayout[] =
{
{
"pw_name",
FALSE,
LwRegTypeString,
0,
-1,
NULL,
&pResult->pw_name,
NULL
},
{
"pw_passwd",
FALSE,
LwRegTypeString,
0,
-1,
NULL,
&pResult->pw_passwd,
NULL
},
{
"pw_uid",
FALSE,
LwRegTypeDword,
0,
-1,
NULL,
&pResult->pw_uid,
NULL
},
{
"pw_gid",
FALSE,
LwRegTypeDword,
0,
-1,
NULL,
&pResult->pw_gid,
NULL
},
{
"pw_gecos",
FALSE,
LwRegTypeString,
0,
-1,
NULL,
&pResult->pw_gecos,
NULL
},
{
"pw_dir",
FALSE,
LwRegTypeString,
0,
-1,
NULL,
&pResult->pw_dir,
NULL
},
{
"pw_shell",
FALSE,
LwRegTypeString,
0,
-1,
NULL,
&pResult->pw_shell,
NULL
},
{
"pDisplayName",
FALSE,
LwRegTypeString,
0,
-1,
NULL,
&pResult->pDisplayName,
NULL
},
{
"LastUpdated",
FALSE,
LwRegTypeDword,
0,
-1,
NULL,
&pResult->LastUpdated,
NULL
},
};
UMN_LOG_VERBOSE("Reading previous values for user '%s'",
pName);
dwError = LwAllocateStringPrintf(
&pUserPath,
"Services\\" SERVICE_NAME "\\Parameters\\%s\\%s",
pParentKey,
pName);
BAIL_ON_UMN_ERROR(dwError);
dwError = LwRegProcessConfig(
pUserPath,
NULL,
userLayout,
sizeof(userLayout)/sizeof(userLayout[0]));
BAIL_ON_UMN_ERROR(dwError);
cleanup:
LW_SAFE_FREE_STRING(pUserPath);
return dwError;
error:
goto cleanup;
}
static
DWORD
LsaSrvAuthProviderAllocateProviderList(
PLSA_AUTH_PROVIDER *ppProviderList
)
{
DWORD dwError = 0;
PSTR pszLoadOrder = NULL; // Multistring
PCSTR pszProvider = NULL;
PSTR pszProviderKey = NULL;
PLSA_AUTH_PROVIDER pProvider = NULL;
PLSA_AUTH_PROVIDER pProviderList = NULL;
dwError = LsaSrvAuthProviderRegGetLoadOrder(&pszLoadOrder);
BAIL_ON_LSA_ERROR(dwError);
if (!pszLoadOrder)
{
/* We should only get here if there is some problem with the
* registry -- can't access it, the key isn't there, ...
* -- so we will try a default set of providers.
*/
LSA_LOG_ERROR("Problem accessing provider configuration in registry. Trying compiled defaults [ActiveDirectory, Local].");
dwError = LsaSrvAllocateProvider(
LSA_PROVIDER_TAG_AD,
LSA_PROVIDER_PATH_AD,
&pProvider);
BAIL_ON_LSA_ERROR(dwError);
if (pProvider)
{
LsaSrvAppendAuthProviderList(&pProviderList, pProvider);
pProvider = NULL;
}
dwError = LsaSrvAllocateProvider(
LSA_PROVIDER_TAG_LOCAL,
LSA_PROVIDER_PATH_LOCAL,
&pProvider);
BAIL_ON_LSA_ERROR(dwError);
if (pProvider)
{
LsaSrvAppendAuthProviderList(&pProviderList, pProvider);
pProvider = NULL;
}
}
else
{
pszProvider = pszLoadOrder;
while ( pszProvider != NULL && *pszProvider != '\0' )
{
dwError = LwAllocateStringPrintf(
&pszProviderKey,
"Services\\lsass\\Parameters\\Providers\\%s",
pszProvider);
BAIL_ON_LSA_ERROR(dwError);
dwError = LsaSrvAuthLoadProvider(
pszProvider,
pszProviderKey,
&pProvider);
BAIL_ON_LSA_ERROR(dwError);
if (pProvider)
{
LsaSrvAppendAuthProviderList(&pProviderList, pProvider);
pProvider = NULL;
}
LW_SAFE_FREE_STRING(pszProviderKey);
pszProvider = pszProvider + strlen(pszProvider) + 1;
}
}
cleanup:
*ppProviderList = pProviderList;
LW_SAFE_FREE_MEMORY(pszLoadOrder);
LW_SAFE_FREE_STRING(pszProviderKey);
return dwError;
error:
LsaSrvFreeAuthProviderList(pProviderList);
pProviderList = NULL;
goto cleanup;
}
DWORD
AD_ReadRegistry(
IN OPTIONAL PCSTR pszDomainName,
OUT PLSA_AD_CONFIG pConfig
)
{
DWORD dwError = 0;
PSTR pszDomainKey = NULL;
PSTR pszDomainPolicyKey = NULL;
PSTR pszUmask = NULL;
PSTR pszUnresolvedMemberList = NULL;
DWORD dwMachinePasswordSyncLifetime = 0;
PSTR pszExcludeTrustsListMultiString = NULL;
PSTR pszIncludeTrustsListMultiString = NULL;
LSA_AD_CONFIG StagingConfig;
const PCSTR CellSupport[] = {
"unprovisioned"
};
const PCSTR CacheBackend[] =
{
"sqlite",
"memory"
};
LWREG_CONFIG_ITEM ADConfigDescription[] =
{
{
"HomeDirUmask",
TRUE,
LwRegTypeString,
0,
MAXDWORD,
NULL,
&pszUmask,
NULL
},
{
"RequireMembershipOf",
TRUE,
LwRegTypeMultiString,
0,
MAXDWORD,
NULL,
&pszUnresolvedMemberList,
NULL
},
{
"LoginShellTemplate",
TRUE,
LwRegTypeString,
0,
MAXDWORD,
NULL,
&StagingConfig.pszShell,
NULL
},
{
"HomeDirTemplate",
TRUE,
LwRegTypeString,
0,
MAXDWORD,
NULL,
&StagingConfig.pszHomedirTemplate,
NULL
},
{
"RemoteHomeDirTemplate",
TRUE,
LwRegTypeString,
0,
MAXDWORD,
NULL,
&StagingConfig.pszRemoteHomeDirTemplate,
NULL
},
{
"UserDomainPrefix",
TRUE,
LwRegTypeString,
0,
MAXDWORD,
NULL,
&StagingConfig.pszUserDomainPrefix
},
{
"MachinePasswordLifespan",
TRUE,
LwRegTypeDword,
0, /* Valid range is 0 or [AD_MACHINE_PASSWORD_SYNC_MINIMUM_SECS,*/
MAXDWORD, /* AD_MACHINE_PASSWORD_SYNC_MAXIMUM_SECS] */
NULL,
&dwMachinePasswordSyncLifetime,
NULL
},
{
"CacheEntryExpiry",
TRUE,
LwRegTypeDword,
AD_CACHE_ENTRY_EXPIRY_MINIMUM_SECS,
AD_CACHE_ENTRY_EXPIRY_MAXIMUM_SECS,
NULL,
&StagingConfig.dwCacheEntryExpirySecs,
NULL
},
{
"MemoryCacheSizeCap",
TRUE,
LwRegTypeDword,
0,
MAXDWORD,
NULL,
&StagingConfig.dwCacheSizeCap,
NULL
},
{
"LdapSignAndSeal",
TRUE,
LwRegTypeBoolean,
0,
MAXDWORD,
NULL,
&StagingConfig.bLDAPSignAndSeal,
NULL
},
{
"AssumeDefaultDomain",
TRUE,
LwRegTypeBoolean,
0,
MAXDWORD,
NULL,
&StagingConfig.bAssumeDefaultDomain,
NULL
},
{
"SyncSystemTime",
TRUE,
LwRegTypeBoolean,
0,
MAXDWORD,
NULL,
&StagingConfig.bSyncSystemTime,
NULL
},
{
"LogNetworkConnectionEvents",
TRUE,
LwRegTypeBoolean,
0,
MAXDWORD,
NULL,
&StagingConfig.bShouldLogNetworkConnectionEvents,
NULL
},
{
"CreateK5Login",
TRUE,
LwRegTypeBoolean,
0,
MAXDWORD,
NULL,
&StagingConfig.bCreateK5Login,
NULL
},
{
"CreateHomeDir",
TRUE,
LwRegTypeBoolean,
0,
-1,
NULL,
&StagingConfig.bCreateHomeDir,
NULL
},
{
"SkeletonDirs",
TRUE,
LwRegTypeString,
0,
MAXDWORD,
NULL,
&StagingConfig.pszSkelDirs,
NULL
},
{
"HomeDirPrefix",
TRUE,
LwRegTypeString,
0,
MAXDWORD,
NULL,
&StagingConfig.pszHomedirPrefix,
NULL
},
{
"RefreshUserCredentials",
TRUE,
LwRegTypeBoolean,
0,
MAXDWORD,
NULL,
&StagingConfig.bRefreshUserCreds,
NULL
},
{
"TrimUserMembership",
TRUE,
LwRegTypeBoolean,
0,
MAXDWORD,
NULL,
&StagingConfig.bTrimUserMembershipEnabled,
NULL
},
{
"CellSupport",
TRUE,
LwRegTypeEnum,
AD_CELL_SUPPORT_UNPROVISIONED,
AD_CELL_SUPPORT_UNPROVISIONED,
CellSupport,
&StagingConfig.CellSupport,
NULL
},
{
"CacheType",
TRUE,
LwRegTypeEnum,
AD_CACHE_SQLITE,
AD_CACHE_IN_MEMORY,
CacheBackend,
&StagingConfig.CacheBackend,
NULL
},
{
"NssGroupMembersQueryCacheOnly",
TRUE,
LwRegTypeBoolean,
0,
MAXDWORD,
NULL,
&StagingConfig.bNssGroupMembersCacheOnlyEnabled,
NULL
},
{
"NssUserMembershipQueryCacheOnly",
TRUE,
LwRegTypeBoolean,
0,
MAXDWORD,
NULL,
&StagingConfig.bNssUserMembershipCacheOnlyEnabled,
NULL
},
{
"NssEnumerationEnabled",
TRUE,
LwRegTypeBoolean,
0,
MAXDWORD,
NULL,
&StagingConfig.bNssEnumerationEnabled,
NULL
},
{
"DomainManagerCheckDomainOnlineInterval",
TRUE,
LwRegTypeDword,
0,
MAXDWORD,
NULL,
&StagingConfig.DomainManager.dwCheckDomainOnlineSeconds,
NULL
},
{
"DomainManagerUnknownDomainCacheTimeout",
TRUE,
LwRegTypeDword,
0,
MAXDWORD,
NULL,
&StagingConfig.DomainManager.dwUnknownDomainCacheTimeoutSeconds,
NULL
},
{
"DomainManagerIgnoreAllTrusts",
TRUE,
LwRegTypeBoolean,
0,
MAXDWORD,
NULL,
&StagingConfig.DomainManager.bIgnoreAllTrusts,
NULL
},
{
"DomainManagerExcludeTrustsList",
TRUE,
LwRegTypeMultiString,
0,
MAXDWORD,
NULL,
&pszExcludeTrustsListMultiString,
NULL
},
{
"DomainManagerIncludeTrustsList",
TRUE,
LwRegTypeMultiString,
0,
MAXDWORD,
NULL,
&pszIncludeTrustsListMultiString,
NULL
},
{
"IgnoreUserNameList",
TRUE,
LwRegTypeMultiString,
0,
MAXDWORD,
NULL,
&StagingConfig.pszaIgnoreUserNameList,
NULL
},
{
"IgnoreGroupNameList",
TRUE,
LwRegTypeMultiString,
0,
MAXDWORD,
NULL,
&StagingConfig.pszaIgnoreGroupNameList,
NULL
},
{
"MultiTenancyEnabled",
TRUE,
LwRegTypeBoolean,
0,
MAXDWORD,
NULL,
&StagingConfig.bMultiTenancyEnabled,
NULL
},
{
"AddDomainToLocalGroupsEnabled",
TRUE,
LwRegTypeBoolean,
0,
MAXDWORD,
NULL,
&StagingConfig.bAddDomainToLocalGroupsEnabled,
NULL
}
};
LWREG_CONFIG_ITEM LsaConfigDescription[] =
{
{
"EnableEventlog",
TRUE,
LwRegTypeBoolean,
0,
MAXDWORD,
NULL,
&StagingConfig.bEnableEventLog,
NULL
}
};
dwError = AD_InitializeConfig(&StagingConfig);
BAIL_ON_LSA_ERROR(dwError);
dwMachinePasswordSyncLifetime = AD_MACHINE_PASSWORD_SYNC_DEFAULT_SECS;
dwError = RegProcessConfig(
AD_PROVIDER_REGKEY,
AD_PROVIDER_POLICY_REGKEY,
ADConfigDescription,
sizeof(ADConfigDescription)/sizeof(ADConfigDescription[0]));
BAIL_ON_LSA_ERROR(dwError);
if (pszDomainName)
{
dwError = LwAllocateStringPrintf(
&pszDomainKey,
"%s\\%s",
AD_PROVIDER_DOMAINJOIN_REGKEY,
pszDomainName);
BAIL_ON_LSA_ERROR(dwError);
dwError = LwAllocateStringPrintf(
&pszDomainPolicyKey,
"%s\\%s",
AD_PROVIDER_POLICY_DOMAINJOIN_REGKEY,
pszDomainName);
BAIL_ON_LSA_ERROR(dwError);
dwError = RegProcessConfig(
pszDomainKey,
pszDomainPolicyKey,
ADConfigDescription,
sizeof(ADConfigDescription)/sizeof(ADConfigDescription[0]));
BAIL_ON_LSA_ERROR(dwError);
}
dwError = RegProcessConfig(
"Services\\lsass\\Parameters",
"Policy\\Services\\lsass\\Parameters",
LsaConfigDescription,
sizeof(LsaConfigDescription)/sizeof(LsaConfigDescription[0]));
BAIL_ON_LSA_ERROR(dwError);
AD_SetConfig_Umask(
&StagingConfig,
"HomeDirUmask",
pszUmask);
AD_SetConfig_RequireMembershipOf(
&StagingConfig,
"RequireMembershipOf",
pszUnresolvedMemberList);
AD_SetConfig_MachinePasswordLifespan(
&StagingConfig,
"MachinePasswordLifespan",
dwMachinePasswordSyncLifetime);
AD_SetConfig_DomainManager_TrustExceptionList(
&StagingConfig,
(StagingConfig.DomainManager.bIgnoreAllTrusts ?
pszIncludeTrustsListMultiString :
pszExcludeTrustsListMultiString));
AD_TransferConfigContents(&StagingConfig, pConfig);
cleanup:
LW_SAFE_FREE_STRING(pszDomainKey);
LW_SAFE_FREE_STRING(pszDomainPolicyKey);
LW_SAFE_FREE_STRING(pszUmask);
LW_SAFE_FREE_STRING(pszUnresolvedMemberList);
LW_SAFE_FREE_STRING(pszExcludeTrustsListMultiString);
LW_SAFE_FREE_STRING(pszIncludeTrustsListMultiString);
AD_FreeConfigContents(&StagingConfig);
return dwError;
error:
AD_FreeConfigContents(pConfig);
goto cleanup;
}
