Ejemplo n.º 1
0
static
DWORD
WkssAllocateNetrWkstaUserInfo1(
    OUT PVOID                      pOut,
    IN OUT PDWORD                  pdwOffset,
    IN OUT PDWORD                  pdwSpaceLeft,
    IN  PNETR_WKSTA_USER_INFO_1    pIn,
    IN OUT PDWORD                  pdwSize
    )
{
    DWORD dwError = ERROR_SUCCESS;
    NTSTATUS ntStatus = STATUS_SUCCESS;
    PVOID pBuffer = pOut;

    BAIL_ON_INVALID_PTR(pdwOffset, ntStatus);
    BAIL_ON_INVALID_PTR(pIn, ntStatus);
    BAIL_ON_INVALID_PTR(pdwSize, ntStatus);

    LWBUF_ALLOC_WC16STR(pBuffer, pIn->wkui1_username);
    LWBUF_ALLOC_WC16STR(pBuffer, pIn->wkui1_logon_domain);
    LWBUF_ALLOC_WC16STR(pBuffer, pIn->wkui1_oth_domains);
    LWBUF_ALLOC_WC16STR(pBuffer, pIn->wkui1_logon_server);

cleanup:
    if (ntStatus == STATUS_SUCCESS &&
        dwError != ERROR_SUCCESS)
    {
        ntStatus = LwWin32ErrorToNtStatus(dwError);
    }

    return dwError;

error:
    goto cleanup;
}
Ejemplo n.º 2
0
static
NTSTATUS
NetrAllocateSidAttr(
    OUT NetrSidAttr  *pOut,
    IN OUT PDWORD     pdwOffset,
    IN OUT PDWORD     pdwSpaceLeft,
    IN  NetrSidAttr  *pIn,
    IN OUT PDWORD     pdwSize
    )
{
    NTSTATUS ntStatus = STATUS_SUCCESS;
    DWORD dwError = ERROR_SUCCESS;
    PVOID pBuffer = pOut;

    BAIL_ON_INVALID_PTR(pdwOffset, ntStatus);
    BAIL_ON_INVALID_PTR(pIn, ntStatus);
    BAIL_ON_INVALID_PTR(pdwSize, ntStatus);
    
    LWBUF_ALLOC_PSID(pBuffer, pIn->sid);
    LWBUF_ALLOC_DWORD(pBuffer, pIn->attribute);
    LWBUF_ALIGN(pdwOffset, pdwSize, pdwSpaceLeft);

cleanup:
    if (ntStatus == STATUS_SUCCESS &&
        dwError != ERROR_SUCCESS)
    {
        ntStatus = LwWin32ErrorToNtStatus(dwError);
    }

    return ntStatus;

error:
    goto cleanup;
}
Ejemplo n.º 3
0
static
NTSTATUS
LsaAllocateDomainInfo(
    OUT PVOID          pBuffer,
    IN OUT PDWORD      pdwOffset,
    IN OUT PDWORD      pdwSpaceLeft,
    IN LsaDomainInfo  *pIn,
    IN OUT PDWORD      pdwSize
    )
{
    NTSTATUS ntStatus = STATUS_SUCCESS;
    DWORD dwError = ERROR_SUCCESS;

    LWBUF_ALLOC_UNICODE_STRING(pBuffer, (PUNICODE_STRING)&pIn->name);
    LWBUF_ALLOC_PSID(pBuffer, pIn->sid);

cleanup:
    if (ntStatus == STATUS_SUCCESS &&
        dwError != ERROR_SUCCESS)
    {
        ntStatus = LwWin32ErrorToNtStatus(dwError);
    }

    return ntStatus;

error:
    goto cleanup;
}
Ejemplo n.º 4
0
NTSTATUS
SrvsSvcmStart(
    PLW_SVCM_INSTANCE pInstance,
    ULONG ArgCount,
    PWSTR* pArgs,
    ULONG FdCount,
    int* pFds
    )
{
    DWORD err = ERROR_SUCCESS;

    err = SrvsInitialiseConfig(&gpSrvsServerInfo->config);
    BAIL_ON_SRVSVC_ERROR(err);

    err = SrvSvcReadConfigSettings(&gpSrvsServerInfo->config);
    BAIL_ON_SRVSVC_ERROR(err);

    err = SrvSvcInitSecurity();
    BAIL_ON_SRVSVC_ERROR(err);

    err = SrvSvcRpcInitialize();
    BAIL_ON_SRVSVC_ERROR(err);

    err = SrvSvcDSNotify();
    BAIL_ON_SRVSVC_ERROR(err);

    err = SrvSvcSMNotify();
    BAIL_ON_SRVSVC_ERROR(err);

error:
    return LwWin32ErrorToNtStatus(err);
}
Ejemplo n.º 5
0
NTSTATUS
LWNetSvcmStart(
    PLW_SVCM_INSTANCE pInstance,
    ULONG ArgCount,
    PWSTR* ppArgs,
    ULONG FdCount,
    int* pFds
    )
{
    DWORD dwError = 0;

    dwError = LWNetSrvSetDefaults();
    BAIL_ON_LWNET_ERROR(dwError);

    dwError = LWNetSrvInitialize();
    BAIL_ON_LWNET_ERROR(dwError);

    dwError = LWNetSrvStartListenThread();
    BAIL_ON_LWNET_ERROR(dwError);

    // Post service started event to eventlog
    LWNetSrvLogProcessStartedEvent();

cleanup:

    return LwWin32ErrorToNtStatus(dwError);

error:

    goto cleanup;
}
Ejemplo n.º 6
0
static
NTSTATUS
NetrAllocateRidWithAttribute(
    OUT PRID_WITH_ATTRIBUTE  pOut,
    IN OUT PDWORD            pdwOffset,
    IN OUT PDWORD            pdwSpaceLeft,
    IN  PRID_WITH_ATTRIBUTE  pRids,
    IN OUT PDWORD            pdwSize
    )
{
    NTSTATUS ntStatus = STATUS_SUCCESS;
    DWORD dwError = ERROR_SUCCESS;
    PVOID pBuffer = pOut;

    BAIL_ON_INVALID_PTR(pdwOffset, ntStatus);
    BAIL_ON_INVALID_PTR(pRids, ntStatus);
    BAIL_ON_INVALID_PTR(pdwSize, ntStatus);

    LWBUF_ALLOC_DWORD(pBuffer, pRids->dwRid);
    LWBUF_ALLOC_DWORD(pBuffer, pRids->dwAttributes);

cleanup:
    if (ntStatus == STATUS_SUCCESS &&
        dwError != ERROR_SUCCESS)
    {
        ntStatus = LwWin32ErrorToNtStatus(dwError);
    }

    return ntStatus;

error:
    goto cleanup;
}
Ejemplo n.º 7
0
NTSTATUS
EVTSvcmStart(
    PLW_SVCM_INSTANCE pInstance,
    ULONG ArgCount,
    PWSTR* ppArgs,
    ULONG FdCount,
    int* pFds
    )
{
    DWORD dwError = 0;
    BOOLEAN bRegisterTcpIp = TRUE;

    dwError = EVTSetServerDefaults();
    BAIL_ON_EVT_ERROR(dwError);

    dwError = LwEvtDbCreateDB(gServerInfo.bReplaceDB);
    BAIL_ON_EVT_ERROR(dwError);

    if (gServerInfo.bReplaceDB) {
        goto cleanup;
    }

    dwError = EVTReadEventLogConfigSettings();
    if (dwError != 0)
    {
        EVT_LOG_ERROR("Failed to read eventlog configuration.  Error code: [%u]\n", dwError);
        dwError = 0;
    }

    dwError = EVTGetRegisterTcpIp(&bRegisterTcpIp);
    BAIL_ON_EVT_ERROR(dwError);

    dwError = LwEvtDbInitEventDatabase();
    BAIL_ON_EVT_ERROR(dwError);

    dwError = LwmEvtSrvStartListenThread();
    BAIL_ON_EVT_ERROR(dwError);

    dwError = EVTRegisterInterface();
    BAIL_ON_EVT_ERROR(dwError);

    if (bRegisterTcpIp)
    {
        dwError = LwMapErrnoToLwError(dcethread_create(
                                      &gNetworkThread,
                                      NULL,
                                      EVTNetworkThread,
                                      &gbExitNow));
        BAIL_ON_EVT_ERROR(dwError);

        gbRegisteredTcpIp = TRUE;
    }

cleanup:
    return LwWin32ErrorToNtStatus(dwError);

error:
    goto cleanup;
}
Ejemplo n.º 8
0
static
NTSTATUS
LsaSrvQueryAccountSecurity(
    PLSAR_ACCOUNT_CONTEXT pAccountContext,
    SECURITY_INFORMATION SecurityInformation,
    PSECURITY_DESCRIPTOR_RELATIVE *ppSecurityDescRelative,
    PDWORD pSecurityDescRelativeSize
    )
{
    NTSTATUS ntStatus = STATUS_SUCCESS;
    DWORD err = ERROR_SUCCESS;
    PSECURITY_DESCRIPTOR_RELATIVE pSecDescRelative = NULL;
    DWORD secDescRelativeSize = 0;
    PSECURITY_DESCRIPTOR_RELATIVE pSecurityDescRelative = NULL;

    err = LsaSrvPrivsGetAccountSecurity(
                        NULL,
                        pAccountContext->pPolicyCtx->pUserToken,
                        pAccountContext->pAccountContext,
                        SecurityInformation,
                        &pSecDescRelative,
                        &secDescRelativeSize);
    BAIL_ON_LSA_ERROR(err);

    ntStatus = LsaSrvAllocateMemory(
                        OUT_PPVOID(&pSecurityDescRelative),
                        secDescRelativeSize);
    BAIL_ON_NT_STATUS(ntStatus);

    memcpy(pSecurityDescRelative,
           pSecDescRelative,
           secDescRelativeSize);

    *ppSecurityDescRelative    = pSecurityDescRelative;
    *pSecurityDescRelativeSize = secDescRelativeSize;

error:
    if (err || ntStatus)
    {
        if (pSecurityDescRelative)
        {
            LsaSrvFreeMemory(pSecurityDescRelative);
        }

        *ppSecurityDescRelative    = NULL;
        *pSecurityDescRelativeSize = 0;
    }

    LW_SAFE_FREE_MEMORY(pSecDescRelative);

    if (ntStatus == STATUS_SUCCESS &&
        err != ERROR_SUCCESS)
    {
        ntStatus = LwWin32ErrorToNtStatus(err);
    }

    return ntStatus;
}
Ejemplo n.º 9
0
NTSTATUS
LsaSrvInitUnicodeStringEx(
    PUNICODE_STRING pOut,
    PCWSTR pwszIn
    )
{
    NTSTATUS ntStatus = STATUS_SUCCESS;
    DWORD dwError = ERROR_SUCCESS;
    size_t sLen = 0;
    size_t sSize = 0;

    BAIL_ON_INVALID_POINTER(pOut);

    if (pwszIn)
    {
        dwError = LwWc16sLen(pwszIn, &sLen);
        BAIL_ON_LSA_ERROR(dwError);

        sSize = (sLen + 1) * sizeof(WCHAR);

        ntStatus = LsaSrvAllocateMemory(OUT_PPVOID(&pOut->Buffer),
                                        sSize);
        BAIL_ON_NTSTATUS_ERROR(ntStatus);

        memcpy(pOut->Buffer, pwszIn, sLen * sizeof(WCHAR));
    }
    else
    {
        pOut->Buffer = NULL;
    }

    pOut->MaximumLength = sSize;
    pOut->Length        = sLen * sizeof(WCHAR);

cleanup:
    if (ntStatus == STATUS_SUCCESS &&
        dwError != ERROR_SUCCESS)
    {
        ntStatus = LwWin32ErrorToNtStatus(dwError);
    }

    return ntStatus;

error:
    if (pOut->Buffer)
    {
        LsaSrvFreeMemory(pOut->Buffer);
        pOut->Buffer = NULL;
    }

    pOut->MaximumLength = 0;
    pOut->Length        = 0;

    goto cleanup;
}
Ejemplo n.º 10
0
NTSTATUS
LsaAllocateTranslatedSids3(
    OUT TranslatedSid3       *pOut,
    IN OUT PDWORD             pdwOffset,
    IN OUT PDWORD             pdwSpaceLeft,
    IN  TranslatedSidArray3  *pIn,
    IN OUT PDWORD             pdwSize
    )
{
    NTSTATUS ntStatus = STATUS_SUCCESS;
    DWORD dwError = ERROR_SUCCESS;
    PVOID pBuffer = pOut;
    DWORD iTransSid = 0;

    BAIL_ON_INVALID_PTR(pdwOffset, ntStatus);
    BAIL_ON_INVALID_PTR(pIn, ntStatus);
    BAIL_ON_INVALID_PTR(pdwSize, ntStatus);

    for (iTransSid = 0; iTransSid < pIn->count; iTransSid++)
    {
        LWBUF_ALLOC_WORD(pBuffer, pIn->sids[iTransSid].type);
        LWBUF_ALIGN_PTR(pdwOffset, pdwSize, pdwSpaceLeft);

        if (pIn->sids[iTransSid].sid)
        {
            LWBUF_ALLOC_PSID(pBuffer, pIn->sids[iTransSid].sid);
        }
        else if (pIn->sids[iTransSid].type == SID_TYPE_DOMAIN ||
                 pIn->sids[iTransSid].type == SID_TYPE_INVALID ||
                 pIn->sids[iTransSid].type == SID_TYPE_UNKNOWN)
        {
            LWBUF_ALLOC_PSID(pBuffer, NULL);
        }
        else
        {
            ntStatus = STATUS_INVALID_SID;
            BAIL_ON_NT_STATUS(ntStatus);
        }

        LWBUF_ALLOC_DWORD(pBuffer, pIn->sids[iTransSid].index);
        LWBUF_ALLOC_DWORD(pBuffer, pIn->sids[iTransSid].unknown1);
    }

cleanup:
    if (ntStatus == STATUS_SUCCESS &&
        dwError != ERROR_SUCCESS)
    {
        ntStatus = LwWin32ErrorToNtStatus(dwError);
    }

    return ntStatus;

error:
    goto cleanup;
}
Ejemplo n.º 11
0
NTSTATUS
LsaSvcmStart(
    PLW_SVCM_INSTANCE pInstance,
    ULONG ArgCount,
    PWSTR* ppArgs,
    ULONG FdCount,
    int* pFds
    )
{
    DWORD dwError = 0;

    dwError = LsaSrvSetDefaults();
    BAIL_ON_LSA_ERROR(dwError);

    dwError = LsaInitTracing_r();
    BAIL_ON_LSA_ERROR(dwError);

    // Test system to see if dependent configuration tasks are completed prior to starting our process.
    dwError = LsaSrvStartupPreCheck();
    BAIL_ON_LSA_ERROR(dwError);

#ifdef ENABLE_EVENTLOG
    dwError = LsaSrvStartEventLoggingThread();
    BAIL_ON_LSA_ERROR(dwError);
#endif

    /* Start NTLM IPC server before we initialize providers
       because the providers might end up attempting to use
       NTLM via gss-api */
    dwError = NtlmSrvStartListenThread();
    BAIL_ON_LSA_ERROR(dwError);

    dwError = LsaSrvInitialize();
    BAIL_ON_LSA_ERROR(dwError);

    dwError = LsaSrvStartListenThread();
    BAIL_ON_LSA_ERROR(dwError);

    if(LsaSrvEventlogEnabled())
    {
        LsaSrvLogProcessStartedEvent();
    }

cleanup:

    return LwWin32ErrorToNtStatus(dwError);

error:

    goto cleanup;
}
Ejemplo n.º 12
0
NTSTATUS
EVTSvcmStop(
    PLW_SVCM_INSTANCE pInstance
    )
{
    DWORD dwError = 0;

    EVT_LOG_INFO("Eventlog Service exiting...");

    gbExitNow = TRUE;

    if (gbRegisteredTcpIp)
    {
        dwError = EVTUnregisterAllEndpoints();
        BAIL_ON_EVT_ERROR(dwError);

        dwError = EVTStopListen();
        BAIL_ON_EVT_ERROR(dwError);
    }

    dwError = LwmEvtSrvStopListenThread();
    BAIL_ON_EVT_ERROR(dwError);

    if (gbRegisteredTcpIp)
    {
        dwError = LwMapErrnoToLwError(dcethread_interrupt(gNetworkThread));
        BAIL_ON_EVT_ERROR(dwError);

        dwError = LwMapErrnoToLwError(dcethread_join(gNetworkThread, NULL));
        BAIL_ON_EVT_ERROR(dwError);
    }

 cleanup:

    LwEvtDbShutdownEventDatabase();

    EVTSetConfigDefaults();
    EVTFreeSecurityDescriptor(gServerInfo.pAccess);
    gServerInfo.pAccess = NULL;

    return LwWin32ErrorToNtStatus(dwError);

error:

    EVT_LOG_ERROR("Eventlog exiting due to error [code:%d]", dwError);

    goto cleanup;
}
Ejemplo n.º 13
0
NTSTATUS
NetrAllocateDomainTrusts(
    OUT NetrDomainTrust      *pOut,
    IN OUT PDWORD             pdwOffset,
    IN OUT PDWORD             pdwSpaceLeft,
    IN  NetrDomainTrustList  *pIn,
    IN OUT PDWORD             pdwSize
    )
{
    NTSTATUS ntStatus = STATUS_SUCCESS;
    DWORD dwError = ERROR_SUCCESS;
    PVOID pBuffer = pOut;
    UINT32 i = 0;

    BAIL_ON_INVALID_PTR(pdwOffset, ntStatus);
    BAIL_ON_INVALID_PTR(pIn, ntStatus);
    BAIL_ON_INVALID_PTR(pdwSize, ntStatus);

    for (i = 0; i < pIn->count; i++)
    {
        LWBUF_ALLOC_PWSTR(pBuffer, pIn->array[i].netbios_name);
        LWBUF_ALLOC_PWSTR(pBuffer, pIn->array[i].dns_name);
        LWBUF_ALLOC_DWORD(pBuffer, pIn->array[i].trust_flags);
        LWBUF_ALLOC_DWORD(pBuffer, pIn->array[i].parent_index);
        LWBUF_ALLOC_WORD(pBuffer, pIn->array[i].trust_type);
        LWBUF_ALIGN_TYPE(pdwOffset, pdwSize, pdwSpaceLeft, DWORD);
        LWBUF_ALLOC_DWORD(pBuffer, pIn->array[i].trust_attrs);
        LWBUF_ALLOC_PSID(pBuffer, pIn->array[i].sid);
        LWBUF_ALLOC_BLOB(pBuffer,
                         sizeof(pIn->array[i].guid),
                         &(pIn->array[i].guid));
    }

cleanup:
    if (ntStatus == STATUS_SUCCESS &&
        dwError != ERROR_SUCCESS)
    {
        ntStatus = LwWin32ErrorToNtStatus(dwError);
    }

    return ntStatus;

error:
    goto cleanup;
}
Ejemplo n.º 14
0
NTSTATUS
SamrSrvConnect(
    /* [in] */  handle_t        hBinding,
    /* [in] */  PCWSTR          pwszSystemName,
    /* [in] */  DWORD           dwAccessMask,
    /* [out] */ CONNECT_HANDLE *hConn
    )
{
    const DWORD dwConnectVersion = 2;

    NTSTATUS ntStatus = STATUS_SUCCESS;
    DWORD dwError = 0;
    PCONNECT_CONTEXT pConnCtx = NULL;

    ntStatus = SamrSrvConnectInternal(hBinding,
                                      pwszSystemName,
                                      dwAccessMask,
                                      dwConnectVersion,
                                      0,
                                      NULL,
                                      NULL,
                                      NULL,
                                      &pConnCtx);
    BAIL_ON_NTSTATUS_ERROR(ntStatus);

    *hConn = (CONNECT_HANDLE)pConnCtx;

cleanup:
    if (ntStatus == STATUS_SUCCESS &&
        dwError != ERROR_SUCCESS)
    {
        ntStatus = LwWin32ErrorToNtStatus(dwError);
    }

    return ntStatus;

error:
    if (pConnCtx)
    {
        SamrSrvConnectContextFree(pConnCtx);
    }

    *hConn = NULL;
    goto cleanup;
}
Ejemplo n.º 15
0
static
NTSTATUS
LsaSrvInitNpAuthInfo(
    IN  rpc_transport_info_handle_t hTransportInfo,
    OUT PPOLICY_CONTEXT             pPolCtx
    )
{
    NTSTATUS ntStatus = STATUS_SUCCESS;
    DWORD dwError = ERROR_SUCCESS;
    PUCHAR pucSessionKey = NULL;
    unsigned16 SessionKeyLen = 0;
    PBYTE pSessionKey = NULL;
    DWORD dwSessionKeyLen = 0;

    rpc_smb_transport_info_inq_session_key(
                                   hTransportInfo,
                                   (unsigned char**)&pucSessionKey,
                                   &SessionKeyLen);

    dwSessionKeyLen = SessionKeyLen;
    if (dwSessionKeyLen)
    {
        dwError = LwAllocateMemory(dwSessionKeyLen,
                                   OUT_PPVOID(&pSessionKey));
        BAIL_ON_LSA_ERROR(dwError);

        memcpy(pSessionKey, pucSessionKey, dwSessionKeyLen);
    }

    pPolCtx->pSessionKey     = pSessionKey;
    pPolCtx->dwSessionKeyLen = dwSessionKeyLen;

cleanup:
    if (ntStatus == STATUS_SUCCESS &&
        dwError != ERROR_SUCCESS)
    {
        ntStatus = LwWin32ErrorToNtStatus(dwError);
    }

    return ntStatus;

error:
    goto cleanup;
}
Ejemplo n.º 16
0
static
NTSTATUS
LsaSrvAccountContextDelete(
    PLSAR_ACCOUNT_CONTEXT pAccountCtx
    )
{
    NTSTATUS ntStatus = STATUS_SUCCESS;
    DWORD err = ERROR_SUCCESS;

    err = LsaSrvPrivsMarkAccountDeleted(pAccountCtx->pAccountContext);
    if (err)
    {
        ntStatus = LwWin32ErrorToNtStatus(err);
    }

    LsaSrvAccountContextFree(pAccountCtx);

    return ntStatus;
}
Ejemplo n.º 17
0
NTSTATUS
LsaLsaErrorToNtStatus(
    IN DWORD LsaError
    )
{
    switch (LsaError)
    {
        case LW_ERROR_SUCCESS:
            return STATUS_SUCCESS;
        case LW_ERROR_OUT_OF_MEMORY:
            return STATUS_INSUFFICIENT_RESOURCES;
        case LW_ERROR_INVALID_SID:
            return STATUS_INVALID_SID;
        default:
        {
            NTSTATUS status = LwWin32ErrorToNtStatus(LsaError);
            return (status != (NTSTATUS)-1) ? status : STATUS_UNSUCCESSFUL;
        }
    }
}
Ejemplo n.º 18
0
NTSTATUS
LsaAllocateTranslatedNames(
    OUT TranslatedName       *pOut,
    IN OUT PDWORD             pdwOffset,
    IN OUT PDWORD             pdwSpaceLeft,
    IN  TranslatedNameArray  *pIn,
    IN OUT PDWORD             pdwSize
    )
{
    NTSTATUS ntStatus = STATUS_SUCCESS;
    DWORD dwError = ERROR_SUCCESS;
    PVOID pBuffer = pOut;
    DWORD iTransName = 0;

    BAIL_ON_INVALID_PTR(pdwOffset, ntStatus);
    BAIL_ON_INVALID_PTR(pIn, ntStatus);
    BAIL_ON_INVALID_PTR(pdwSize, ntStatus);

    for (iTransName = 0; iTransName < pIn->count; iTransName++)
    {
        LWBUF_ALIGN(pdwOffset, pdwSize, pdwSpaceLeft);
        LWBUF_ALLOC_WORD(pBuffer, pIn->names[iTransName].type);
        LWBUF_ALIGN_PTR(pdwOffset, pdwSize, pdwSpaceLeft);
        LWBUF_ALLOC_UNICODE_STRING(
                             pBuffer,
                             (PUNICODE_STRING)&pIn->names[iTransName].name);
        LWBUF_ALLOC_DWORD(pBuffer, pIn->names[iTransName].sid_index);
    }

cleanup:
    if (ntStatus == STATUS_SUCCESS &&
        dwError != ERROR_SUCCESS)
    {
        ntStatus = LwWin32ErrorToNtStatus(dwError);
    }

    return ntStatus;

error:
    goto cleanup;
}
Ejemplo n.º 19
0
static
NTSTATUS
NetrAllocateDomainTrustInfo(
    OUT NetrDomainTrustInfo *pOut,
    IN OUT PDWORD            pdwOffset,
    IN OUT PDWORD            pdwSpaceLeft,
    IN  NetrDomainTrustInfo *pIn,
    IN OUT PDWORD            pdwSize
    )
{
    NTSTATUS ntStatus = STATUS_SUCCESS;
    DWORD dwError = ERROR_SUCCESS;
    NetrDomainTrustInfo *pBuffer = pOut;

    BAIL_ON_INVALID_PTR(pdwOffset, ntStatus);
    BAIL_ON_INVALID_PTR(pIn, ntStatus);
    BAIL_ON_INVALID_PTR(pdwSize, ntStatus);

    LWBUF_ALIGN(pdwOffset, pdwSize, pdwSpaceLeft);

    LWBUF_ALLOC_UNICODE_STRING(pBuffer,
                               (PUNICODE_STRING)&pIn->domain_name);
    LWBUF_ALLOC_UNICODE_STRING(pBuffer,
                               (PUNICODE_STRING)&pIn->full_domain_name);
    LWBUF_ALLOC_UNICODE_STRING(pBuffer,
                               (PUNICODE_STRING)&pIn->forest);
    LWBUF_ALLOC_BLOB(pBuffer, sizeof(pIn->guid), &pIn->guid);
    LWBUF_ALLOC_PSID(pBuffer, pIn->sid);

cleanup:
    if (ntStatus == STATUS_SUCCESS &&
        dwError != ERROR_SUCCESS)
    {
        ntStatus = LwWin32ErrorToNtStatus(dwError);
    }

    return ntStatus;

error:
    goto cleanup;
}
Ejemplo n.º 20
0
static
NTSTATUS
NetrAllocateSamInfo6(
    OUT NetrSamInfo6  *pOut,
    IN OUT PDWORD      pdwOffset,
    IN OUT PDWORD      pdwSpaceLeft,
    IN  NetrSamInfo6  *pIn,
    IN OUT PDWORD      pdwSize
    )
{
    NTSTATUS ntStatus = STATUS_SUCCESS;
    DWORD dwError = ERROR_SUCCESS;
    PVOID pBuffer = pOut;

    BAIL_ON_INVALID_PTR(pdwOffset, ntStatus);
    BAIL_ON_INVALID_PTR(pIn, ntStatus);
    BAIL_ON_INVALID_PTR(pdwSize, ntStatus);

    ntStatus = NetrAllocateSamInfo3((NetrSamInfo3*)pBuffer,
                                    pdwOffset,
                                    pdwSpaceLeft,
                                    (NetrSamInfo3*)pIn,
                                    pdwSize);
    BAIL_ON_NT_STATUS(ntStatus);

    LWBUF_ALLOC_UNICODE_STRING(pBuffer, (PUNICODE_STRING)&pIn->forest);
    LWBUF_ALLOC_UNICODE_STRING(pBuffer, (PUNICODE_STRING)&pIn->principal);
    LWBUF_ALLOC_BLOB(pBuffer, sizeof(pIn->unknown), pIn->unknown);

cleanup:
    if (ntStatus == STATUS_SUCCESS &&
        dwError != ERROR_SUCCESS)
    {
        ntStatus = LwWin32ErrorToNtStatus(dwError);
    }

    return ntStatus;

error:
    goto cleanup;
}
Ejemplo n.º 21
0
NTSTATUS
LsaAllocateTranslatedSids2(
    OUT TranslatedSid2       *pOut,
    IN OUT PDWORD             pdwOffset,
    IN OUT PDWORD             pdwSpaceLeft,
    IN  TranslatedSidArray2  *pIn,
    IN OUT PDWORD             pdwSize
    )
{
    NTSTATUS ntStatus = STATUS_SUCCESS;
    DWORD dwError = ERROR_SUCCESS;
    PVOID pBuffer = pOut;
    DWORD iTransSid = 0;

    BAIL_ON_INVALID_PTR(pdwOffset, ntStatus);
    BAIL_ON_INVALID_PTR(pIn, ntStatus);
    BAIL_ON_INVALID_PTR(pdwSize, ntStatus);

    for (iTransSid = 0; iTransSid < pIn->count; iTransSid++)
    {
        LWBUF_ALLOC_WORD(pBuffer, pIn->sids[iTransSid].type);
        LWBUF_ALIGN_TYPE(pdwOffset, pdwSize, pdwSpaceLeft, DWORD);
        LWBUF_ALLOC_DWORD(pBuffer, pIn->sids[iTransSid].rid);
        LWBUF_ALLOC_DWORD(pBuffer, pIn->sids[iTransSid].index);
        LWBUF_ALLOC_DWORD(pBuffer, pIn->sids[iTransSid].unknown1);
    }

cleanup:
    if (ntStatus == STATUS_SUCCESS &&
        dwError != ERROR_SUCCESS)
    {
        ntStatus = LwWin32ErrorToNtStatus(dwError);
    }

    return ntStatus;

error:
    goto cleanup;
}
Ejemplo n.º 22
0
NTSTATUS
NetrAllocateDcNameInfo(
    OUT DsrDcNameInfo  *pOut,
    IN OUT PDWORD       pdwOffset,
    IN OUT PDWORD       pdwSpaceLeft,
    IN  DsrDcNameInfo  *pIn,
    IN OUT PDWORD       pdwSize
    )
{
    NTSTATUS ntStatus = STATUS_SUCCESS;
    DWORD dwError = ERROR_SUCCESS;
    DsrDcNameInfo *pBuffer = pOut;

    BAIL_ON_INVALID_PTR(pdwOffset, ntStatus);
    BAIL_ON_INVALID_PTR(pIn, ntStatus);
    BAIL_ON_INVALID_PTR(pdwSize, ntStatus);

    LWBUF_ALLOC_PWSTR(pBuffer, pIn->dc_name);
    LWBUF_ALLOC_PWSTR(pBuffer, pIn->dc_address);
    LWBUF_ALLOC_WORD(pBuffer, pIn->address_type);
    LWBUF_ALLOC_BLOB(pBuffer, sizeof(pIn->domain_guid), &pIn->domain_guid);
    LWBUF_ALLOC_PWSTR(pBuffer, pIn->domain_name);
    LWBUF_ALLOC_PWSTR(pBuffer, pIn->forest_name);
    LWBUF_ALLOC_DWORD(pBuffer, pIn->flags);
    LWBUF_ALLOC_PWSTR(pBuffer, pIn->dc_site_name);
    LWBUF_ALLOC_PWSTR(pBuffer, pIn->cli_site_name);

cleanup:
    if (ntStatus == STATUS_SUCCESS &&
        dwError != ERROR_SUCCESS)
    {
        ntStatus = LwWin32ErrorToNtStatus(dwError);
    }

    return ntStatus;

error:
    goto cleanup;
}
NTSTATUS
LsaSrvAddPrivilegesToAccount(
    /* [in] */ handle_t hBinding,
    /* [in] */ LSAR_ACCOUNT_HANDLE hAccount,
    /* [in] */ PPRIVILEGE_SET pPrivileges
    )
{
    NTSTATUS ntStatus = STATUS_SUCCESS;
    DWORD err = ERROR_SUCCESS;
    PLSAR_ACCOUNT_CONTEXT pAccountCtx = (PLSAR_ACCOUNT_CONTEXT)hAccount;
    PPOLICY_CONTEXT pPolicyCtx = NULL;

    BAIL_ON_INVALID_PTR(hAccount);
    BAIL_ON_INVALID_PTR(pPrivileges);

    if (pAccountCtx->Type != LsaContextAccount)
    {
        ntStatus = STATUS_INVALID_HANDLE;
        BAIL_ON_NT_STATUS(ntStatus);
    }

    pPolicyCtx = pAccountCtx->pPolicyCtx;

    err = LsaSrvPrivsAddPrivilegesToAccount(
                        NULL,
                        pPolicyCtx->pUserToken,
                        pAccountCtx->pAccountContext,
                        pPrivileges);
    BAIL_ON_LSA_ERROR(err);

error:
    if (ntStatus == STATUS_SUCCESS &&
        err != ERROR_SUCCESS)
    {
        ntStatus = LwWin32ErrorToNtStatus(err);
    }

    return ntStatus;
}
Ejemplo n.º 24
0
NTSTATUS
LsaAllocateAccountRightNames(
    OUT PWSTR               *pOut,
    IN OUT PDWORD            pdwOffset,
    IN OUT PDWORD            pdwSpaceLeft,
    IN PLSA_ACCOUNT_RIGHTS   pIn,
    IN OUT PDWORD            pdwSize
    )
{
    NTSTATUS ntStatus = STATUS_SUCCESS;
    DWORD dwError = ERROR_SUCCESS;
    PVOID pBuffer = pOut;
    DWORD iName = 0;

    BAIL_ON_INVALID_PTR(pdwOffset, ntStatus);
    BAIL_ON_INVALID_PTR(pIn, ntStatus);
    BAIL_ON_INVALID_PTR(pdwSize, ntStatus);

    for (iName = 0; iName < pIn->NumAccountRights; iName++)
    {
        LWBUF_ALIGN(pdwOffset, pdwSize, pdwSpaceLeft);
        LWBUF_ALLOC_WC16STR_FROM_UNICODE_STRING(
                                   pBuffer,
                                   &pIn->pAccountRight[iName]);
    }

cleanup:
    if (ntStatus == STATUS_SUCCESS &&
        dwError != ERROR_SUCCESS)
    {
        ntStatus = LwWin32ErrorToNtStatus(dwError);
    }

    return ntStatus;

error:
    goto cleanup;
}
Ejemplo n.º 25
0
NTSTATUS
LsaAllocatePrivilegeValues(
    OUT PWSTR                     *pOut,
    IN OUT PDWORD                  pdwOffset,
    IN OUT PDWORD                  pdwSpaceLeft,
    IN PLSA_PRIVILEGE_ENUM_BUFFER  pIn,
    IN OUT PDWORD                  pdwSize
    )
{
    NTSTATUS ntStatus = STATUS_SUCCESS;
    DWORD dwError = ERROR_SUCCESS;
    PVOID pBuffer = pOut;
    DWORD iName = 0;

    BAIL_ON_INVALID_PTR(pdwOffset, ntStatus);
    BAIL_ON_INVALID_PTR(pIn, ntStatus);
    BAIL_ON_INVALID_PTR(pdwSize, ntStatus);

    for (iName = 0; iName < pIn->NumPrivileges; iName++)
    {
        LWBUF_ALIGN(pdwOffset, pdwSize, pdwSpaceLeft);
        LWBUF_ALLOC_WC16STR_FROM_UNICODE_STRING(
                                   pBuffer,
                                   &pIn->pPrivilege[iName].Name);
    }

cleanup:
    if (ntStatus == STATUS_SUCCESS &&
        dwError != ERROR_SUCCESS)
    {
        ntStatus = LwWin32ErrorToNtStatus(dwError);
    }

    return ntStatus;

error:
    goto cleanup;
}
Ejemplo n.º 26
0
NTSTATUS
LsaSvcmRefresh(
    PLW_SVCM_INSTANCE pInstance
    )
{
    DWORD dwError = 0;
    HANDLE hServer = NULL;

    LSA_LOG_VERBOSE("Refreshing configuration");

    dwError = LsaSrvOpenServer(
                getuid(),
                getgid(),
                getpid(),
                &hServer);
    BAIL_ON_LSA_ERROR(dwError);

    dwError = LsaSrvRefreshConfiguration(hServer);
    BAIL_ON_LSA_ERROR(dwError);

    LSA_LOG_INFO("Refreshed configuration successfully");

cleanup:

    if (hServer != NULL)
    {
        LsaSrvCloseServer(hServer);
    }

    return LwWin32ErrorToNtStatus(dwError);

error:

    LSA_LOG_ERROR("Failed to refresh configuration. [Error code:%u]", dwError);

    goto cleanup;
}
Ejemplo n.º 27
0
NTSTATUS
LsaAllocateSids(
    OUT PSID                    *pOut,
    IN OUT PDWORD                pdwOffset,
    IN OUT PDWORD                pdwSpaceLeft,
    IN PLSA_ACCOUNT_ENUM_BUFFER  pIn,
    IN OUT PDWORD                pdwSize
    )
{
    NTSTATUS ntStatus = STATUS_SUCCESS;
    DWORD dwError = ERROR_SUCCESS;
    PVOID pBuffer = pOut;
    DWORD iSid = 0;

    BAIL_ON_INVALID_PTR(pdwOffset, ntStatus);
    BAIL_ON_INVALID_PTR(pIn, ntStatus);
    BAIL_ON_INVALID_PTR(pdwSize, ntStatus);

    for (iSid = 0; iSid < pIn->NumAccounts; iSid++)
    {
        LWBUF_ALIGN(pdwOffset, pdwSize, pdwSpaceLeft);
        LWBUF_ALLOC_PSID(pBuffer, pIn->pAccount[iSid].pSid);
    }

cleanup:
    if (ntStatus == STATUS_SUCCESS &&
        dwError != ERROR_SUCCESS)
    {
        ntStatus = LwWin32ErrorToNtStatus(dwError);
    }

    return ntStatus;

error:
    goto cleanup;
}
Ejemplo n.º 28
0
BOOLEAN
CreateRpcBinding(
    PVOID            *phBinding,
    RPC_BINDING_TYPE  eBindingType,
    PCWSTR            pwszHostname,
    PCWSTR            pwszBinding,
    PCREDENTIALS      pCredentials
    )
{
    PCSTR pszNtlmsspAuth = "ntlmssp";
    PCSTR pszSign = "sign";
    PCSTR pszSeal = "seal";

    BOOLEAN bRet = TRUE;
    NTSTATUS ntStatus = STATUS_SUCCESS;
    DWORD dwError = ERROR_SUCCESS;
    unsigned32 rpcStatus = RPC_S_OK;
    LSA_BINDING hBinding = NULL;
    LW_PIO_CREDS pIoCreds = NULL;
    PWSTR pwszBindingString = NULL;
    size_t sBindingStringLen = 0;
    PSTR pszBindingString = NULL;
    PSTR *ppszOptions = NULL;
    DWORD iOpt = 0;
    DWORD i = 0;
    DWORD dwNumValidOptions = 0;
    unsigned32 AuthType = 0;
    unsigned32 ProtectionLevel = 0;
    SEC_WINNT_AUTH_IDENTITY *pNtlmSspAuthInfo = NULL;
    PVOID pAuthInfo = NULL;
    unsigned char *pszUuid = NULL;
    unsigned char *pszProtSeq = NULL;
    unsigned char *pszNetworkAddr = NULL;
    unsigned char *pszEndpoint = NULL;
    unsigned char *pszOptions = NULL;
    PSTR pszHostname = NULL;

    if (phBinding == NULL)
    {
        ntStatus = STATUS_INVALID_PARAMETER;
        BAIL_ON_NT_STATUS(ntStatus);
    }

    if (pwszBinding)
    {
        dwError = LwAllocateWc16String(&pwszBindingString,
                                       pwszBinding);
        BAIL_ON_WIN_ERROR(dwError);

        dwError = LwWc16sLen(pwszBindingString, &sBindingStringLen);
        BAIL_ON_WIN_ERROR(dwError);

        dwError = LwWc16sToMbs(pwszBindingString,
                               &pszBindingString);
        BAIL_ON_WIN_ERROR(dwError);

        ppszOptions = get_string_list(pszBindingString, ':');
        if (ppszOptions == NULL)
        {
            ntStatus = STATUS_INVALID_PARAMETER;
            BAIL_ON_NT_STATUS(ntStatus);
        }

        /*
         * Find and identify valid options
         */
        while (ppszOptions[iOpt])
        {
            if (!strcasecmp(pszNtlmsspAuth, ppszOptions[iOpt]))
            {
                AuthType = rpc_c_authn_winnt;
                dwNumValidOptions++;
            }
            else if (!strcasecmp(pszSign, ppszOptions[iOpt]))
            {
                ProtectionLevel = rpc_c_authn_level_pkt_integrity;
                dwNumValidOptions++;
            }
            else if (!strcasecmp(pszSeal, ppszOptions[iOpt]))
            {
                ProtectionLevel = rpc_c_authn_level_pkt_privacy;
                dwNumValidOptions++;
            }

            iOpt++;
        }
    }

    /*
     * Cut off the options from the binding string so it can
     * be passed to rpc routines
     */
    if (dwNumValidOptions > 0)
    {
        i = sBindingStringLen;
        while (dwNumValidOptions &&
               pwszBindingString[--i])
        {
            if (pwszBindingString[i] == (WCHAR)':')
            {
                dwNumValidOptions--;
            }
        }

        pwszBindingString[i] = (WCHAR)'\0';
        pszBindingString[i] = '\0';
    }

    ntStatus = LwIoGetActiveCreds(NULL, &pIoCreds);
    BAIL_ON_NT_STATUS(ntStatus);

    if (pwszBindingString)
    {
        ntStatus = RpcInitBindingFromBindingString(
                                         (handle_t*)&hBinding,
                                         pwszBindingString,
                                         pIoCreds);
    }
    else
    {
        switch (eBindingType)
        {
        case RPC_LSA_BINDING:
            ntStatus = LsaInitBindingDefault(&hBinding,
                                             pwszHostname,
                                             pIoCreds);
            break;

        case RPC_SAMR_BINDING:
            ntStatus = SamrInitBindingDefault(&hBinding,
                                              pwszHostname,
                                              pIoCreds);
            break;

        case RPC_NETLOGON_BINDING:
            ntStatus = NetrInitBindingDefault(&hBinding,
                                              pwszHostname,
                                              pIoCreds);
            break;

        case RPC_DSSETUP_BINDING:
            ntStatus = DsrInitBindingDefault(&hBinding,
                                             pwszHostname,
                                             pIoCreds);
            break;

        case RPC_WKSSVC_BINDING:
            ntStatus = WkssInitBindingDefault(&hBinding,
                                              pwszHostname,
                                              pIoCreds);
            break;

        default:
            ntStatus = STATUS_NOT_IMPLEMENTED;
            break;
        }
    }
    BAIL_ON_NT_STATUS(ntStatus);

    switch (AuthType)
    {
    case rpc_c_authn_winnt:
        dwError = LwAllocateMemory(sizeof(*pNtlmSspAuthInfo),
                                   OUT_PPVOID(&pNtlmSspAuthInfo));
        BAIL_ON_WIN_ERROR(dwError);

        if (pCredentials->Ntlm.pwszDomain)
        {
            dwError = LwWc16sToMbs(pCredentials->Ntlm.pwszDomain,
                                   &pNtlmSspAuthInfo->Domain);
            BAIL_ON_WIN_ERROR(dwError);

            pNtlmSspAuthInfo->DomainLength = strlen(pNtlmSspAuthInfo->Domain);
        }

        dwError = LwWc16sToMbs(pCredentials->Ntlm.pwszUsername,
                               &pNtlmSspAuthInfo->User);
        BAIL_ON_WIN_ERROR(dwError);

        pNtlmSspAuthInfo->UserLength = strlen(pNtlmSspAuthInfo->User);

        dwError = LwWc16sToMbs(pCredentials->Ntlm.pwszPassword,
                               &pNtlmSspAuthInfo->Password);
        BAIL_ON_WIN_ERROR(dwError);

        pNtlmSspAuthInfo->PasswordLength = strlen(pNtlmSspAuthInfo->Password);

        pAuthInfo = (PVOID)pNtlmSspAuthInfo;
        break;

    default:
        pAuthInfo = NULL;
        break;
    }

    if (pwszHostname)
    {
        dwError = LwWc16sToMbs(pwszHostname,
                               &pszHostname);
        BAIL_ON_WIN_ERROR(dwError);
    }
    else
    {
        rpc_string_binding_parse((unsigned char*)pszBindingString,
                                 &pszUuid,
                                 &pszProtSeq,
                                 &pszNetworkAddr,
                                 &pszEndpoint,
                                 &pszOptions,
                                 &rpcStatus);
        if (rpcStatus)
        {
            ntStatus = LwRpcStatusToNtStatus(rpcStatus);
            BAIL_ON_NT_STATUS(ntStatus);
        }

        dwError = LwAllocateString((PSTR)pszNetworkAddr,
                                   &pszHostname);
        BAIL_ON_WIN_ERROR(dwError);
    }

    if (AuthType)
    {
        rpc_binding_set_auth_info(hBinding,
                                  (unsigned char*)pszHostname,
                                  ProtectionLevel,
                                  AuthType,
                                  (rpc_auth_identity_handle_t)pAuthInfo,
                                  rpc_c_authz_name, /* authz_protocol */
                                  &rpcStatus);
        if (rpcStatus)
        {
            ntStatus = LwRpcStatusToNtStatus(rpcStatus);
            BAIL_ON_NT_STATUS(ntStatus);
        }
    }

    *phBinding = hBinding;

cleanup:
    if (pIoCreds)
    {
        LwIoDeleteCreds(pIoCreds);
    }

    LW_SAFE_FREE_MEMORY(pwszBindingString);
    LW_SAFE_FREE_MEMORY(pszBindingString);
    LW_SAFE_FREE_MEMORY(pszHostname);

    rpc_string_free(&pszUuid, &rpcStatus);
    rpc_string_free(&pszProtSeq, &rpcStatus);
    rpc_string_free(&pszNetworkAddr, &rpcStatus);
    rpc_string_free(&pszEndpoint, &rpcStatus);
    rpc_string_free(&pszOptions, &rpcStatus);

    if (ppszOptions)
    {
        free_string_list(ppszOptions);
    }

    if (ntStatus == STATUS_SUCCESS &&
        dwError != ERROR_SUCCESS)
    {
        ntStatus = LwWin32ErrorToNtStatus(dwError);
    }

    if (ntStatus != STATUS_SUCCESS)
    {
        bRet = FALSE;
    }

    return bRet;

error:
    *phBinding = NULL;
    bRet       = FALSE;

    goto cleanup;
}
Ejemplo n.º 29
0
NTSTATUS
SamrCreateDomAlias(
    IN  SAMR_BINDING    hBinding,
    IN  DOMAIN_HANDLE   hDomain,
    IN  PWSTR           pwszAliasName,
    IN  UINT32          AccessMask,
    OUT ACCOUNT_HANDLE *phAlias,
    OUT PUINT32         pRid
    )
{
    NTSTATUS ntStatus = STATUS_SUCCESS;
    DWORD dwError = ERROR_SUCCESS;
    UNICODE_STRING AliasName = {0};
    ACCOUNT_HANDLE hAlias = NULL;
    UINT32 Rid = 0;

    BAIL_ON_INVALID_PTR(hBinding, ntStatus);
    BAIL_ON_INVALID_PTR(hDomain, ntStatus);
    BAIL_ON_INVALID_PTR(pwszAliasName, ntStatus);
    BAIL_ON_INVALID_PTR(phAlias, ntStatus);
    BAIL_ON_INVALID_PTR(pRid, ntStatus);

    dwError = LwAllocateUnicodeStringFromWc16String(
                                    &AliasName,
                                    pwszAliasName);
    BAIL_ON_WIN_ERROR(dwError);

    DCERPC_CALL(ntStatus, cli_SamrCreateDomAlias((handle_t)hBinding,
                                                 hDomain,
                                                 &AliasName,
                                                 AccessMask,
                                                 &hAlias,
                                                 &Rid));
    BAIL_ON_NT_STATUS(ntStatus);

    *phAlias = hAlias;
    *pRid    = Rid;

cleanup:
    LwFreeUnicodeString(&AliasName);

    if (ntStatus == STATUS_SUCCESS &&
        dwError != ERROR_SUCCESS)
    {
        ntStatus = LwWin32ErrorToNtStatus(dwError);
    }

    return ntStatus;

error:
    if (phAlias)
    {
        *phAlias = NULL;
    }

    if (pRid)
    {
        *pRid = 0;
    }

    goto cleanup;
}
Ejemplo n.º 30
0
NTSTATUS
LsaSrvGetSystemCreds(
    OUT LW_PIO_CREDS *ppCreds
    )
{
    NTSTATUS ntStatus = STATUS_SUCCESS;
    DWORD dwError = ERROR_SUCCESS;
    LW_PIO_CREDS pCreds = NULL;
    PSTR pszMachinePrincipal = NULL;
    PSTR pszCachePath = NULL;
    PLSA_MACHINE_ACCOUNT_INFO_A pAccountInfo = NULL;

    dwError = LsaSrvProviderGetMachineAccountInfoA(
                  LSA_PROVIDER_TAG_AD,
                  NULL,
                  &pAccountInfo);
    BAIL_ON_LSA_ERROR(dwError);

    dwError = LwAllocateStringPrintf(
                    &pszMachinePrincipal,
                    "%s@%s",
                    pAccountInfo->SamAccountName,
                    pAccountInfo->DnsDomainName);
    BAIL_ON_LSA_ERROR(dwError);

    dwError = LwAllocateStringPrintf(
                    &pszCachePath,
                    "%s.%s",
                    LSASS_KRB5_CACHE_PATH,
                    pAccountInfo->DnsDomainName);
    BAIL_ON_LSA_ERROR(dwError);

    dwError = LwIoCreateKrb5CredsA(
                    pszMachinePrincipal,
                    pszCachePath,
                    &pCreds);
    BAIL_ON_LSA_ERROR(dwError);

    *ppCreds = pCreds;

cleanup:
    LW_SAFE_FREE_STRING(pszMachinePrincipal);
    LW_SAFE_FREE_STRING(pszCachePath);

    LsaSrvFreeMachineAccountInfoA(pAccountInfo);

    if (ntStatus == STATUS_SUCCESS &&
        dwError != ERROR_SUCCESS)
    {
        ntStatus = LwWin32ErrorToNtStatus(dwError);
    }

    return ntStatus;

error:
    if (pCreds)
    {
        LwIoDeleteCreds(pCreds);
    }

    *ppCreds = NULL;
    goto cleanup;
}