static
DWORD
MapSidToName(
HANDLE hLsa,
PSID pSid,
PWSTR* ppwszName
)
{
DWORD dwError = 0;
PSTR pszSid = NULL;
LSA_QUERY_LIST QueryList;
PLSA_SECURITY_OBJECT* ppObjects = NULL;
dwError = LwNtStatusToWin32Error(
RtlAllocateCStringFromSid(&pszSid, pSid));
BAIL_ON_SRVSVC_ERROR(dwError);
QueryList.ppszStrings = (PCSTR*) &pszSid;
dwError = LsaFindObjects(
hLsa,
NULL,
0,
LSA_OBJECT_TYPE_UNDEFINED,
LSA_QUERY_TYPE_BY_SID,
1,
QueryList,
&ppObjects);
BAIL_ON_SRVSVC_ERROR(dwError);
if (ppObjects[0] == NULL)
{
dwError = LW_ERROR_NO_SUCH_OBJECT;
BAIL_ON_SRVSVC_ERROR(dwError);
}
dwError = LwNtStatusToWin32Error(
LwRtlWC16StringAllocatePrintfW(
ppwszName,
L"%s\\%s",
ppObjects[0]->pszNetbiosDomainName,
ppObjects[0]->pszSamAccountName));
BAIL_ON_SRVSVC_ERROR(dwError);
cleanup:
LsaFreeSecurityObjectList(1, ppObjects);
LW_SAFE_FREE_STRING(pszSid);
return dwError;
error:
*ppwszName = NULL;
goto cleanup;
}
ULONG
VmDirAllocateCStringFromSid(
PSTR* ppszStringSid,
PSID pSid
)
{
return LwNtStatusToWin32Error(
RtlAllocateCStringFromSid(ppszStringSid,pSid));
}
static
DWORD
NtlmGetLocalGuestAccountSid(
OUT PSTR* ppszGuestSid
)
{
DWORD dwError = LW_ERROR_SUCCESS;
NTSTATUS ntStatus = STATUS_SUCCESS;
PLW_MAP_SECURITY_CONTEXT pContext = NULL;
PSID pGuestSid = NULL;
PSTR pszGuestSid = NULL;
ntStatus = LwMapSecurityCreateContext(&pContext);
dwError = LwNtStatusToWin32Error(ntStatus);
BAIL_ON_LSA_ERROR(dwError);
ntStatus = LwMapSecurityGetLocalGuestAccountSid(pContext, &pGuestSid);
dwError = LwNtStatusToWin32Error(ntStatus);
BAIL_ON_LSA_ERROR(dwError);
ntStatus = RtlAllocateCStringFromSid(&pszGuestSid, pGuestSid);
dwError = LwNtStatusToWin32Error(ntStatus);
BAIL_ON_LSA_ERROR(dwError);
cleanup:
if (pContext && pGuestSid)
{
LwMapSecurityFreeSid(pContext, &pGuestSid);
}
LwMapSecurityFreeContext(&pContext);
*ppszGuestSid = pszGuestSid;
return dwError;
error:
LW_SAFE_FREE_STRING(pszGuestSid);
goto cleanup;
}
NTSTATUS
RtlAllocateAnsiStringFromSid(
OUT PANSI_STRING StringSid,
IN PSID Sid
)
{
NTSTATUS status = STATUS_SUCCESS;
PSTR resultBuffer = NULL;
ANSI_STRING result = { 0 };
if (!StringSid)
{
status = STATUS_INVALID_PARAMETER;
GOTO_CLEANUP();
}
status = RtlAllocateCStringFromSid(&resultBuffer, Sid);
GOTO_CLEANUP_ON_STATUS(status);
status = RtlAnsiStringInitEx(&result, resultBuffer);
GOTO_CLEANUP_ON_STATUS(status);
resultBuffer = NULL;
status = STATUS_SUCCESS;
cleanup:
if (!NT_SUCCESS(status))
{
RtlAnsiStringFree(&result);
}
RTL_FREE(&resultBuffer);
if (StringSid)
{
*StringSid = result;
}
return status;
}
NTSTATUS
RtlAllocateWC16StringFromSid(
OUT PWSTR* StringSid,
IN PSID Sid
)
{
NTSTATUS status = STATUS_SUCCESS;
PWSTR result = NULL;
PSTR convertString = NULL;
if (!StringSid)
{
status = STATUS_INVALID_PARAMETER;
GOTO_CLEANUP();
}
status = RtlAllocateCStringFromSid(&convertString, Sid);
GOTO_CLEANUP_ON_STATUS(status);
status = RtlWC16StringAllocateFromCString(&result, convertString);
GOTO_CLEANUP_ON_STATUS(status);
cleanup:
if (!NT_SUCCESS(status))
{
RTL_FREE(&result);
}
RTL_FREE(&convertString);
if (StringSid)
{
*StringSid = result;
}
return status;
}
static
DWORD
test_access_token(
PCSTR pszUpn)
{
PTOKEN_USER pUser = NULL;
PTOKEN_GROUPS pGroups = NULL;
PACCESS_TOKEN pAccessToken = NULL;
PSTR pszUserSid = NULL;
PSTR pszGroupSid = NULL;
PLW_MAP_SECURITY_CONTEXT pMapSecurityContext = NULL;
DWORD ulBufLen = 0;
DWORD dwError = 0;
DWORD dwIndex = 0;
dwError = LwMapSecurityCreateContext(&pMapSecurityContext);
BAIL_ON_VMDIR_ERROR(dwError);
printf("Creating access token for UPN: %s\n", pszUpn);
dwError = LwMapSecurityCreateAccessTokenFromCStringUsername(
pMapSecurityContext,
&pAccessToken,
pszUpn);
BAIL_ON_VMDIR_ERROR(dwError);
// get user sid
dwError = RtlQueryAccessTokenInformation(
pAccessToken,
TokenUser,
NULL,
0,
&ulBufLen);
dwError = LwNtStatusToWin32Error(dwError);
BAIL_ON_VMDIR_ERROR(dwError != ERROR_INSUFFICIENT_BUFFER);
pUser = RtlMemoryAllocate(ulBufLen, TRUE);
if (!pUser)
{
dwError = ERROR_NOT_ENOUGH_MEMORY;
BAIL_ON_VMDIR_ERROR(dwError);
}
dwError = RtlQueryAccessTokenInformation(
pAccessToken,
TokenUser,
pUser,
ulBufLen,
&ulBufLen);
dwError = LwNtStatusToWin32Error(dwError);
BAIL_ON_VMDIR_ERROR(dwError);
dwError = RtlAllocateCStringFromSid(
&pszUserSid,
pUser->User.Sid);
BAIL_ON_VMDIR_ERROR(dwError);
printf("User SID: %s\n", pszUserSid);
dwError = RtlQueryAccessTokenInformation(
pAccessToken,
TokenGroups,
NULL,
0,
&ulBufLen);
dwError = LwNtStatusToWin32Error(dwError);
BAIL_ON_VMDIR_ERROR(dwError != ERROR_INSUFFICIENT_BUFFER);
pGroups = RtlMemoryAllocate(ulBufLen, TRUE);
if (!pGroups)
{
dwError = ERROR_NOT_ENOUGH_MEMORY;
BAIL_ON_VMDIR_ERROR(dwError);
}
dwError = RtlQueryAccessTokenInformation(
pAccessToken,
TokenGroups,
pGroups,
ulBufLen,
&ulBufLen);
dwError = LwNtStatusToWin32Error(dwError);
BAIL_ON_VMDIR_ERROR(dwError);
for (dwIndex = 0; dwIndex < pGroups->GroupCount; dwIndex++)
{
dwError = RtlAllocateCStringFromSid(
&pszGroupSid,
pGroups->Groups[dwIndex].Sid);
BAIL_ON_VMDIR_ERROR(dwError);
printf("Group SID: %s\n", pszGroupSid);
}
cleanup:
if (pMapSecurityContext)
{
LwMapSecurityFreeContext(&pMapSecurityContext);
}
if (pAccessToken)
{
RtlReleaseAccessToken(&pAccessToken);
}
if (pszUserSid)
{
RtlMemoryFree(pszUserSid);
}
if (pGroups)
{
RtlMemoryFree(pGroups);
}
if (pUser)
{
RtlMemoryFree(pUser);
}
return dwError;
error:
goto cleanup;
}
static
DWORD
ProcessEnumerateAccountUserRights(
IN PRPC_PARAMETERS pRpcParams,
IN PSTR AccountName
)
{
DWORD err = ERROR_SUCCESS;
NTSTATUS ntStatus = STATUS_SUCCESS;
LSA_BINDING hLsa = NULL;
LW_PIO_CREDS pCreds = NULL;
WCHAR wszSysName[] = {'\\', '\\', '\0'};
DWORD policyAccessMask = LSA_ACCESS_LOOKUP_NAMES_SIDS |
LSA_ACCESS_VIEW_POLICY_INFO;
POLICY_HANDLE hPolicy = NULL;
PSID pAccountSid = NULL;
PSTR pszSid = NULL;
PWSTR *pAccountRights = NULL;
DWORD numAccountRights = 0;
DWORD i = 0;
PSTR pszAccountRight = NULL;
err = CreateRpcCredentials(pRpcParams,
&pCreds);
BAIL_ON_LSA_ERROR(err);
err = CreateLsaRpcBinding(pRpcParams,
pCreds,
&hLsa);
BAIL_ON_LSA_ERROR(err);
ntStatus = LsaOpenPolicy2(hLsa,
wszSysName,
NULL,
policyAccessMask,
&hPolicy);
BAIL_ON_NT_STATUS(ntStatus);
err = ResolveAccountNameToSid(
hLsa,
AccountName,
&pAccountSid);
BAIL_ON_LSA_ERROR(err);
ntStatus = RtlAllocateCStringFromSid(
&pszSid,
pAccountSid);
BAIL_ON_NT_STATUS(ntStatus);
fprintf(stdout, "%s Account Rights\n:"
"=================================================="
"==============================\n", AccountName);
ntStatus = LsaEnumAccountRights(
hLsa,
hPolicy,
pAccountSid,
&pAccountRights,
&numAccountRights);
BAIL_ON_NT_STATUS(ntStatus);
for (i = 0; i < numAccountRights; i++)
{
err = LwWc16sToMbs(pAccountRights[i],
&pszAccountRight);
BAIL_ON_LSA_ERROR(err);
fprintf(stdout, "%s\n", pszAccountRight);
LW_SAFE_FREE_MEMORY(pszAccountRight);
}
error:
if (ntStatus || err)
{
PCSTR errName = LwNtStatusToName(ntStatus);
PCSTR errDescription = LwNtStatusToDescription(ntStatus);
if (ntStatus)
{
errName = LwNtStatusToName(ntStatus);
errDescription = LwNtStatusToDescription(ntStatus);
}
else
{
errName = LwWin32ErrorToName(err);
errDescription = LwWin32ErrorToDescription(err);
}
fprintf(stderr, "Error: %s (%s)\n",
LSA_SAFE_LOG_STRING(errName),
LSA_SAFE_LOG_STRING(errDescription));
}
if (hPolicy)
{
LsaClose(hLsa, hPolicy);
}
if (hLsa)
{
LsaFreeBinding(&hLsa);
}
if (pCreds)
{
LwIoDeleteCreds(pCreds);
}
if (pAccountRights)
{
LsaRpcFreeMemory(pAccountRights);
}
LW_SAFE_FREE_MEMORY(pszAccountRight);
if (err == ERROR_SUCCESS &&
ntStatus != STATUS_SUCCESS)
{
err = LwNtStatusToWin32Error(ntStatus);
}
return err;
}
static
DWORD
ProcessEnumerateAccounts(
IN PRPC_PARAMETERS pRpcParams,
IN PSTR UserRightName
)
{
DWORD err = ERROR_SUCCESS;
NTSTATUS ntStatus = STATUS_SUCCESS;
LSA_BINDING hLsa = NULL;
LW_PIO_CREDS pCreds = NULL;
WCHAR wszSysName[] = {'\\', '\\', '\0'};
DWORD policyAccessMask = LSA_ACCESS_LOOKUP_NAMES_SIDS |
LSA_ACCESS_VIEW_POLICY_INFO;
POLICY_HANDLE hPolicy = NULL;
PWSTR pwszUserRightName = NULL;
DWORD resume = 0;
PSID *ppSids = NULL;
DWORD numSids = 0;
DWORD prefMaxSize = 64;
DWORD i = 0;
SID_ARRAY sids = {0};
RefDomainList *pDomList = NULL;
TranslatedName *pTransNames = NULL;
DWORD count = 0;
PSTR pszAccountSid = NULL;
PSTR pszAccountDomain = NULL;
PSTR pszAccountName = NULL;
BOOLEAN moreEntries = FALSE;
err = CreateRpcCredentials(pRpcParams,
&pCreds);
BAIL_ON_LSA_ERROR(err);
err = CreateLsaRpcBinding(pRpcParams,
pCreds,
&hLsa);
BAIL_ON_LSA_ERROR(err);
ntStatus = LsaOpenPolicy2(hLsa,
wszSysName,
NULL,
policyAccessMask,
&hPolicy);
BAIL_ON_NT_STATUS(ntStatus);
fprintf(stdout,
"LSA Accounts");
do
{
moreEntries = FALSE;
if (UserRightName)
{
fprintf(stdout, " with AccountRight = %s:\n", UserRightName);
fprintf(stdout,
"=================================================="
"==============================\n");
err = LwMbsToWc16s(UserRightName,
&pwszUserRightName);
BAIL_ON_LSA_ERROR(err);
ntStatus = LsaEnumAccountsWithUserRight(
hLsa,
hPolicy,
pwszUserRightName,
&ppSids,
&numSids);
BAIL_ON_NT_STATUS(ntStatus);
}
else
{
fprintf(stdout, ":\n");
fprintf(stdout,
"=================================================="
"==============================\n");
ntStatus = LsaEnumAccounts(hLsa,
hPolicy,
&resume,
&ppSids,
&numSids,
prefMaxSize);
if (ntStatus == STATUS_MORE_ENTRIES)
{
ntStatus = STATUS_SUCCESS;
moreEntries = TRUE;
}
else if (ntStatus != STATUS_SUCCESS)
{
BAIL_ON_NT_STATUS(ntStatus);
}
}
err = LwAllocateMemory(
sizeof(sids.pSids[0]) * numSids,
OUT_PPVOID(&sids.pSids));
BAIL_ON_LSA_ERROR(err);
sids.dwNumSids = numSids;
for (i = 0; i < sids.dwNumSids; i++)
{
sids.pSids[i].pSid = ppSids[i];
}
ntStatus = LsaLookupSids(hLsa,
hPolicy,
&sids,
&pDomList,
&pTransNames,
LSA_LOOKUP_NAMES_ALL,
&count);
if (ntStatus == STATUS_SOME_NOT_MAPPED ||
ntStatus == STATUS_NONE_MAPPED)
{
ntStatus = STATUS_SUCCESS;
}
else if (ntStatus != STATUS_SUCCESS)
{
BAIL_ON_NT_STATUS(ntStatus);
}
for (i = 0; i < sids.dwNumSids; i++)
{
DWORD domainIndex = 0;
ntStatus = RtlAllocateCStringFromSid(
&pszAccountSid,
sids.pSids[i].pSid);
BAIL_ON_NT_STATUS(ntStatus);
if (pTransNames[i].type == SID_TYPE_USER ||
pTransNames[i].type == SID_TYPE_DOM_GRP ||
pTransNames[i].type == SID_TYPE_DOMAIN ||
pTransNames[i].type == SID_TYPE_ALIAS ||
pTransNames[i].type == SID_TYPE_WKN_GRP)
{
ntStatus = RtlCStringAllocateFromUnicodeString(
&pszAccountName,
&pTransNames[i].name);
BAIL_ON_NT_STATUS(ntStatus);
domainIndex = pTransNames[i].sid_index;
ntStatus = RtlCStringAllocateFromUnicodeString(
&pszAccountDomain,
&pDomList->domains[domainIndex].name);
BAIL_ON_NT_STATUS(ntStatus);
}
if (pszAccountSid)
{
fprintf(stdout, "%s ", pszAccountSid);
}
if (pszAccountDomain && pszAccountName)
{
fprintf(stdout, "(%s\\%s)", pszAccountDomain, pszAccountName);
}
else if (pszAccountDomain && !pszAccountName)
{
fprintf(stdout, "(%s\\)", pszAccountDomain);
}
else if (!pszAccountDomain && pszAccountName)
{
fprintf(stdout, "(%s)", pszAccountName);
}
else
{
fprintf(stdout, "(unknown)");
}
fprintf(stdout, "\n");
RTL_FREE(&pszAccountSid);
RTL_FREE(&pszAccountDomain);
RTL_FREE(&pszAccountName);
}
if (pTransNames)
{
LsaRpcFreeMemory(pTransNames);
pTransNames = NULL;
}
if (pDomList)
{
LsaRpcFreeMemory(pDomList);
pDomList = NULL;
}
if (ppSids)
{
LsaRpcFreeMemory(ppSids);
ppSids = NULL;
}
LW_SAFE_FREE_MEMORY(sids.pSids);
} while (moreEntries && ntStatus == STATUS_SUCCESS);
error:
if (ntStatus || err)
{
PCSTR errName = LwNtStatusToName(ntStatus);
PCSTR errDescription = LwNtStatusToDescription(ntStatus);
if (ntStatus)
{
errName = LwNtStatusToName(ntStatus);
errDescription = LwNtStatusToDescription(ntStatus);
}
else
{
errName = LwWin32ErrorToName(err);
errDescription = LwWin32ErrorToDescription(err);
}
fprintf(stderr, "Error: %s (%s)\n",
LSA_SAFE_LOG_STRING(errName),
LSA_SAFE_LOG_STRING(errDescription));
}
if (hPolicy)
{
LsaClose(hLsa, hPolicy);
}
if (hLsa)
{
LsaFreeBinding(&hLsa);
}
if (pCreds)
{
LwIoDeleteCreds(pCreds);
}
LW_SAFE_FREE_MEMORY(pwszUserRightName);
RTL_FREE(&pszAccountSid);
RTL_FREE(&pszAccountDomain);
RTL_FREE(&pszAccountName);
if (pTransNames)
{
LsaRpcFreeMemory(pTransNames);
}
if (pDomList)
{
LsaRpcFreeMemory(pDomList);
}
if (ppSids)
{
LsaRpcFreeMemory(ppSids);
}
LW_SAFE_FREE_MEMORY(sids.pSids);
if (err == ERROR_SUCCESS &&
ntStatus != STATUS_SUCCESS)
{
err = LwNtStatusToWin32Error(ntStatus);
}
return err;
}
