NTSTATUS
LsaInitBindingDefault(
OUT PLSA_BINDING phBinding,
IN PCWSTR pwszHostname,
IN PIO_CREDS pCreds
)
{
NTSTATUS ntStatus = STATUS_SUCCESS;
DWORD dwError = ERROR_SUCCESS;
PSTR pszHostname = NULL;
if (pwszHostname)
{
dwError = LwWc16sToMbs(pwszHostname, &pszHostname);
BAIL_ON_WIN_ERROR(dwError);
}
ntStatus = LsaInitBindingDefaultA(phBinding,
pszHostname,
pCreds);
BAIL_ON_NT_STATUS(ntStatus);
cleanup:
LW_SAFE_FREE_MEMORY(pszHostname);
return ntStatus;
error:
goto cleanup;
}
void
LsaNssClearState(
PVOID pState
)
{
PLSA_NSS_STATE pNssState = (PLSA_NSS_STATE)pState;
LSA_LOG_PAM_DEBUG("Clearing LAM state");
if (pNssState != NULL)
{
LW_SAFE_FREE_MEMORY(pNssState->pLastGroup);
LW_SAFE_FREE_MEMORY(pNssState->pLastUser);
LW_SAFE_FREE_STRING(pNssState->pszRegistryName);
}
}
void
LsaNssFreeLastGroup(
VOID
)
{
LW_SAFE_FREE_MEMORY(gNssState.pLastGroup);
}
static
DWORD
LsaUnjoinDomain(
IN PCWSTR pwszDnsDomainName,
IN PCWSTR pwszMachineSamAccountName,
IN OPTIONAL PCWSTR pwszUserName,
IN OPTIONAL PCWSTR pwszUserDomain,
IN OPTIONAL PCWSTR pwszUserPassword,
IN DWORD dwUnjoinFlags
)
{
DWORD dwError = ERROR_SUCCESS;
NTSTATUS ntStatus = STATUS_SUCCESS;
PWSTR pwszDCName = NULL;
PIO_CREDS pCreds = NULL;
dwError = LsaGetRwDcName(pwszDnsDomainName,
FALSE,
&pwszDCName);
BAIL_ON_LSA_ERROR(dwError);
/* disable the account only if requested */
if (dwUnjoinFlags & LSAJOIN_ACCT_DELETE)
{
if (pwszUserName && pwszUserPassword)
{
ntStatus = LwIoCreatePlainCredsW(pwszUserName,
pwszUserDomain,
pwszUserPassword,
&pCreds);
dwError = LwNtStatusToWin32Error(ntStatus);
BAIL_ON_LSA_ERROR(dwError);
}
else
{
ntStatus = LwIoGetActiveCreds(NULL,
&pCreds);
dwError = LwNtStatusToWin32Error(ntStatus);
BAIL_ON_LSA_ERROR(dwError);
}
ntStatus = LsaDisableMachineAccount(pwszDCName,
pCreds,
pwszMachineSamAccountName);
dwError = LwNtStatusToWin32Error(ntStatus);
BAIL_ON_LSA_ERROR(dwError);
}
error:
LSA_ASSERT(!ntStatus || dwError);
LW_SAFE_FREE_MEMORY(pwszDCName);
if (pCreds)
{
LwIoDeleteCreds(pCreds);
}
return dwError;
}
VOID
LwSmFreeLogTarget(
PSTR pszTarget
)
{
LW_SAFE_FREE_MEMORY(pszTarget);
}
VOID
LsaFreeStatus(
PLSASTATUS pLsaStatus
)
{
DWORD iCount = 0;
for (iCount = 0; iCount < pLsaStatus->dwCount; iCount++)
{
PLSA_AUTH_PROVIDER_STATUS pStatus =
&pLsaStatus->pAuthProviderStatusList[iCount];
LW_SAFE_FREE_STRING(pStatus->pszId);
LW_SAFE_FREE_STRING(pStatus->pszDomain);
LW_SAFE_FREE_STRING(pStatus->pszForest);
LW_SAFE_FREE_STRING(pStatus->pszSite);
LW_SAFE_FREE_STRING(pStatus->pszCell);
if (pStatus->pTrustedDomainInfoArray)
{
LsaFreeDomainInfoArray(
pStatus->dwNumTrustedDomains,
pStatus->pTrustedDomainInfoArray);
}
}
LW_SAFE_FREE_MEMORY(pLsaStatus->pAuthProviderStatusList);
LwFreeMemory(pLsaStatus);
}
void
ADCacheSafeFreeGroupMembership(
PLSA_GROUP_MEMBERSHIP* ppMembership)
{
ADCacheFreeGroupMembershipContents(*ppMembership);
LW_SAFE_FREE_MEMORY(*ppMembership);
}
extern OSStatus
AuthorizationPluginCreate(
const AuthorizationCallbacks *pAuthCallbacks,
AuthorizationPluginRef *ppPlugin,
const AuthorizationPluginInterface **ppPluginInterface
)
{
LW_AUTH_PLUGIN *pPlugin = NULL;
OSStatus osStatus = noErr;
DWORD dwError = LW_ERROR_SUCCESS;
LwRtlLogSetCallback(LogCallback, NULL);
dwError = AUTH_PLUGIN_ALLOCATE(pPlugin);
BAIL_ON_LSA_ERROR(dwError);
pPlugin->pAuthCallbacks = pAuthCallbacks;
*ppPlugin = pPlugin;
*ppPluginInterface = &gPluginInterface;
cleanup:
return osStatus;
error:
LW_SAFE_FREE_MEMORY(pPlugin);
/*
* The documentation says all errors should return
* errAuthorizationInternal.
*/
osStatus = errAuthorizationInternal;
goto cleanup;
}
static
DWORD
Del(
int argc,
char** ppszArgv
)
{
DWORD dwError = 0;
PWSTR pwszShareName = NULL;
dwError = LwMbsToWc16s(ppszArgv[1], &pwszShareName);
BAIL_ON_SRVSVC_ERROR(dwError);
dwError = NetShareDel(
gState.pwszServerName,
pwszShareName,
0);
BAIL_ON_SRVSVC_ERROR(dwError);
cleanup:
LW_SAFE_FREE_MEMORY(pwszShareName);
return dwError;
error:
goto cleanup;
}
static
DWORD
LwSmQueryServiceDependencyClosureHelper(
LW_SERVICE_HANDLE hHandle,
PWSTR** pppwszServiceList
)
{
DWORD dwError = 0;
PLW_SERVICE_INFO pInfo = NULL;
LW_SERVICE_HANDLE hDepHandle = NULL;
PWSTR pwszDepName = NULL;
size_t i = 0;
dwError = LwSmQueryServiceInfo(hHandle, &pInfo);
BAIL_ON_ERROR(dwError);
for (i = 0; pInfo->ppwszDependencies[i]; i++)
{
dwError = LwSmAcquireServiceHandle(pInfo->ppwszDependencies[i], &hDepHandle);
BAIL_ON_ERROR(dwError);
dwError = LwSmQueryServiceDependencyClosureHelper(hDepHandle, pppwszServiceList);
BAIL_ON_ERROR(dwError);
if (!LwSmStringListContains(*pppwszServiceList, pInfo->ppwszDependencies[i]))
{
dwError = LwAllocateWc16String(&pwszDepName, pInfo->ppwszDependencies[i]);
BAIL_ON_ERROR(dwError);
dwError = LwSmStringListAppend(pppwszServiceList, pwszDepName);
BAIL_ON_ERROR(dwError);
pwszDepName = NULL;
}
LwSmReleaseServiceHandle(hDepHandle);
hDepHandle = NULL;
}
cleanup:
LW_SAFE_FREE_MEMORY(pwszDepName);
if (pInfo)
{
LwSmCommonFreeServiceInfo(pInfo);
}
if (hDepHandle)
{
LwSmReleaseServiceHandle(hDepHandle);
}
return dwError;
error:
goto cleanup;
}
static OSStatus
AuthPluginDestroy(
IN AuthorizationPluginRef pPluginRef
)
{
LW_SAFE_FREE_MEMORY(pPluginRef);
return noErr;
}
VOID
AD_FreeConfigMemberInList(
PVOID pItem,
PVOID pUserData
)
{
LW_SAFE_FREE_MEMORY(pItem);
}
/**
* Delete AD user.
*
* @param appContext Application context reference.
* @param userNameC User name.
* @return 0 on success; error code on failure.
*/
DWORD
AdtNetUserDelete(
IN AppContextTP appContext,
IN PSTR userNameC
)
{
DWORD dwError = ERROR_SUCCESS;
PWSTR hostName = NULL;
PWSTR userName = NULL;
PSTR userNameN = NULL;
dwError = NormalizeUserName(userNameC, appContext->workConn->domainName, &userNameN);
ADT_BAIL_ON_ERROR_NP(dwError);
dwError = LwMbsToWc16s((PCSTR) (appContext->workConn->serverName), &hostName);
ADT_BAIL_ON_ALLOC_FAILURE_NP(!dwError);
dwError = LwMbsToWc16s((PCSTR) userNameN, &userName);
ADT_BAIL_ON_ALLOC_FAILURE_NP(!dwError);
PrintStderr(appContext, LogLevelTrace, "%s: Deleting user %s ...\n",
appContext->actionName, userNameN);
/* Perform the delete operation. */
if(!appContext->gopts.isReadOnly) {
dwError = NetUserDel((PCWSTR) hostName, (PCWSTR) userName);
}
if (dwError) {
dwError += ADT_WIN_ERR_BASE;
ADT_BAIL_ON_ERROR_NP(dwError);
}
PrintStderr(appContext, LogLevelTrace, "%s: Done deleting user %s\n",
appContext->actionName, userNameN);
cleanup:
LW_SAFE_FREE_MEMORY(hostName);
LW_SAFE_FREE_MEMORY(userName);
LW_SAFE_FREE_MEMORY(userNameN);
return dwError;
error:
goto cleanup;
}
static
NTSTATUS
LsaSrvQueryAccountSecurity(
PLSAR_ACCOUNT_CONTEXT pAccountContext,
SECURITY_INFORMATION SecurityInformation,
PSECURITY_DESCRIPTOR_RELATIVE *ppSecurityDescRelative,
PDWORD pSecurityDescRelativeSize
)
{
NTSTATUS ntStatus = STATUS_SUCCESS;
DWORD err = ERROR_SUCCESS;
PSECURITY_DESCRIPTOR_RELATIVE pSecDescRelative = NULL;
DWORD secDescRelativeSize = 0;
PSECURITY_DESCRIPTOR_RELATIVE pSecurityDescRelative = NULL;
err = LsaSrvPrivsGetAccountSecurity(
NULL,
pAccountContext->pPolicyCtx->pUserToken,
pAccountContext->pAccountContext,
SecurityInformation,
&pSecDescRelative,
&secDescRelativeSize);
BAIL_ON_LSA_ERROR(err);
ntStatus = LsaSrvAllocateMemory(
OUT_PPVOID(&pSecurityDescRelative),
secDescRelativeSize);
BAIL_ON_NT_STATUS(ntStatus);
memcpy(pSecurityDescRelative,
pSecDescRelative,
secDescRelativeSize);
*ppSecurityDescRelative = pSecurityDescRelative;
*pSecurityDescRelativeSize = secDescRelativeSize;
error:
if (err || ntStatus)
{
if (pSecurityDescRelative)
{
LsaSrvFreeMemory(pSecurityDescRelative);
}
*ppSecurityDescRelative = NULL;
*pSecurityDescRelativeSize = 0;
}
LW_SAFE_FREE_MEMORY(pSecDescRelative);
if (ntStatus == STATUS_SUCCESS &&
err != ERROR_SUCCESS)
{
ntStatus = LwWin32ErrorToNtStatus(err);
}
return ntStatus;
}
static
DWORD
KtLdapBind(
LDAP **ppLd,
PCSTR pszDc
)
{
const int version = LDAP_VERSION3;
DWORD dwError = ERROR_SUCCESS;
int lderr = 0;
PSTR pszUrl = NULL;
LDAP *pLd = NULL;
dwError = LwAllocateStringPrintf(&pszUrl,
"ldap://%s",
pszDc);
BAIL_ON_LSA_ERROR(dwError);
lderr = ldap_initialize(&pLd,
pszUrl);
BAIL_ON_LDAP_ERROR(lderr);
lderr = ldap_set_option(pLd,
LDAP_OPT_PROTOCOL_VERSION,
&version);
BAIL_ON_LDAP_ERROR(lderr);
lderr = ldap_set_option(pLd,
LDAP_OPT_REFERRALS,
LDAP_OPT_OFF);
BAIL_ON_LDAP_ERROR(lderr);
dwError = LwLdapBindDirectorySasl(pLd, pszDc, FALSE);
BAIL_ON_LSA_ERROR(dwError);
*ppLd = pLd;
cleanup:
LW_SAFE_FREE_MEMORY(pszUrl);
if (dwError == ERROR_SUCCESS &&
lderr != LDAP_SUCCESS)
{
dwError = LwMapLdapErrorToLwError(lderr);
}
return dwError;
error:
if (pLd)
{
ldap_memfree(pLd);
}
*ppLd = NULL;
goto cleanup;
}
/**
* Add AD local group with default properties.
*
* @param appContext Application context reference.
* @param aliasNameC Group name.
* @return 0 on success; error code on failure.
*/
DWORD
AdtNetGroupAdd(
IN AppContextTP appContext,
IN PSTR aliasNameC
)
{
DWORD dwError = ERROR_SUCCESS;
LOCALGROUP_INFO_0 Info = { 0 };
DWORD parmError = 0;
PWSTR hostName = NULL;
PWSTR aliasName = NULL;
dwError = LwMbsToWc16s((PCSTR) (appContext->workConn->serverName), &hostName);
ADT_BAIL_ON_ALLOC_FAILURE_NP(!dwError);
dwError = LwMbsToWc16s((PCSTR) aliasNameC, &aliasName);
ADT_BAIL_ON_ALLOC_FAILURE_NP(!dwError);
Info.lgrpi0_name = aliasName;
PrintStderr(appContext, LogLevelTrace, "%s: Adding group %s ...\n",
appContext->actionName, aliasNameC);
/* Perform the delete operation. */
if(!appContext->gopts.isReadOnly) {
dwError = NetLocalGroupAdd((PCWSTR) hostName, 0, (PVOID) &Info, &parmError);
}
if (dwError) {
dwError += ADT_WIN_ERR_BASE;
ADT_BAIL_ON_ERROR_NP(dwError);
}
PrintStderr(appContext, LogLevelTrace, "%s: Done adding group %s\n",
appContext->actionName, aliasNameC);
cleanup:
LW_SAFE_FREE_MEMORY(hostName);
LW_SAFE_FREE_MEMORY(aliasName);
return dwError;
error:
goto cleanup;
}
VOID
ADProviderFreeProviderData(
IN OUT PAD_PROVIDER_DATA pData
)
{
ADProviderFreeCellList(pData->pCellList);
LW_SAFE_FREE_MEMORY(pData);
}
void
ADCacheFreePasswordVerifier(
IN OUT PLSA_PASSWORD_VERIFIER pVerifier
)
{
LW_SAFE_FREE_STRING(pVerifier->pszObjectSid);
LW_SECURE_FREE_STRING(pVerifier->pszPasswordVerifier);
LW_SAFE_FREE_MEMORY(pVerifier);
}
DWORD
LsaNssAllocateGroupFromInfo0(
PLSA_GROUP_INFO_0 pInfo,
struct group** ppResult
)
{
DWORD dwError = LW_ERROR_SUCCESS;
// Do not free directly. Free pStartMem instead on error
struct group* pResult = NULL;
void *pStartMem = NULL;
// Do not free
PBYTE pMem = NULL;
size_t sRequiredSize = 0;
size_t sLen = 0;
sRequiredSize += sizeof(struct group);
sRequiredSize += strlen(pInfo->pszName) + 1;
sRequiredSize += 2;
dwError = LwAllocateMemory(
sRequiredSize,
&pStartMem);
BAIL_ON_LSA_ERROR(dwError);
pMem = pStartMem;
pResult = (struct group *)pMem;
pMem += sizeof(struct group);
pResult->gr_mem = NULL;
sLen = strlen(pInfo->pszName);
pResult->gr_name = (char *)pMem;
memcpy(pResult->gr_name, pInfo->pszName, sLen + 1);
pMem += sLen + 1;
sLen = 1;
pResult->gr_passwd = (char *)pMem;
memcpy(pResult->gr_passwd, "*", sLen + 1);
pMem += sLen + 1;
pResult->gr_gid = pInfo->gid;
assert(pMem == pStartMem + sRequiredSize);
*ppResult = pResult;
cleanup:
return dwError;
error:
*ppResult = NULL;
LW_SAFE_FREE_MEMORY(pStartMem);
goto cleanup;
}
static
VOID
LsaAdBatchBuilderGenericFreeValueContext(
IN PVOID pCallbackContext,
IN OUT PVOID* ppFreeValueContext
)
{
LW_SAFE_FREE_MEMORY(*ppFreeValueContext);
}
DWORD
LwpsLegacyGetJoinedDomainTrustEnumerationWaitTime(
IN PLWPS_LEGACY_STATE pContext,
IN OPTIONAL PCSTR pszDomainName,
OUT PDWORD* ppdwTrustEnumerationWaitSeconds,
OUT PDWORD* ppdwTrustEnumerationWaitEnabled
)
{
DWORD dwError = 0;
int EE = 0;
PSTR pszRegistryPath = NULL;
PVOID dwValue = NULL;
PVOID dwValue1 = NULL;
REG_DATA_TYPE readType = 0;
DWORD dwValueSize = 0;
DWORD dwValueSize1 = 0;
if (pszDomainName)
{
dwError = LwAllocateStringPrintf(
&pszRegistryPath,
"%s\\%s",
PSTOREDB_REGISTRY_AD_KEY,
pszDomainName);
GOTO_CLEANUP_ON_WINERROR_EE(dwError, EE);
dwError = RegUtilGetValue(
pContext->hReg,
HKEY_THIS_MACHINE,
pszRegistryPath,
NULL,
PSTOREDB_REGISTRY_TRUSTENUMERATIONWAIT_VALUE,
&readType,
&dwValue,
&dwValueSize);
GOTO_CLEANUP_ON_WINERROR_EE(dwError, EE);
dwError = RegUtilGetValue(
pContext->hReg,
HKEY_THIS_MACHINE,
pszRegistryPath,
NULL,
PSTOREDB_REGISTRY_TRUSTENUMERATIONWAITSECONDS_VALUE,
&readType,
&dwValue1,
&dwValueSize1);
GOTO_CLEANUP_ON_WINERROR_EE(dwError, EE);
*ppdwTrustEnumerationWaitSeconds = (PDWORD) dwValue1;
*ppdwTrustEnumerationWaitEnabled = (PDWORD) dwValue;
}
cleanup:
LW_SAFE_FREE_MEMORY(pszRegistryPath);
LSA_PSTORE_LOG_LEAVE_ERROR_EE(dwError, EE);
return dwError;
}
static
VOID
FreeStringArray(
DWORD dwCount,
PWSTR* ppwszArray
)
{
DWORD dwIndex = 0;
if (ppwszArray)
{
for (dwIndex = 0; dwIndex < dwCount; dwIndex++)
{
LW_SAFE_FREE_MEMORY(ppwszArray[dwIndex]);
}
LW_SAFE_FREE_MEMORY(ppwszArray);
}
}
VOID
EVTFreeSecurityDescriptor(
PSECURITY_DESCRIPTOR_ABSOLUTE pSecDesc
)
{
PSID pOwnerSid = NULL;
BOOLEAN bOwnerDefaulted = FALSE;
PSID pPrimaryGroupSid = NULL;
BOOLEAN bPrimaryGroupDefaulted = FALSE;
PACL pDacl = NULL;
BOOLEAN bDaclPresent = FALSE;
BOOLEAN bDaclDefaulted = FALSE;
PACL pSacl = NULL;
BOOLEAN bSaclPresent = FALSE;
BOOLEAN bSaclDefaulted = FALSE;
if (pSecDesc)
{
RtlGetOwnerSecurityDescriptor(pSecDesc,
&pOwnerSid,
&bOwnerDefaulted);
LW_SAFE_FREE_MEMORY(pOwnerSid);
RtlGetGroupSecurityDescriptor(pSecDesc,
&pPrimaryGroupSid,
&bPrimaryGroupDefaulted);
LW_SAFE_FREE_MEMORY(pPrimaryGroupSid);
RtlGetDaclSecurityDescriptor(pSecDesc,
&bDaclPresent,
&pDacl,
&bDaclDefaulted);
LW_SAFE_FREE_MEMORY(pDacl);
RtlGetSaclSecurityDescriptor(pSecDesc,
&bSaclPresent,
&pSacl,
&bSaclDefaulted);
LW_SAFE_FREE_MEMORY(pSacl);
LW_SAFE_FREE_MEMORY(pSecDesc);
}
}
VOID
UmnSrvFreeConfig(
PUMN_SRV_API_CONFIG pConfig
)
{
if (pConfig)
{
LW_SAFE_FREE_MEMORY(pConfig);
}
}
static
DWORD
LwSmStatus(
int argc,
char** pArgv,
int* pRet
)
{
DWORD dwError = 0;
PWSTR pwszServiceName = NULL;
LW_SERVICE_HANDLE hHandle = NULL;
LW_SERVICE_STATUS status = {0};
dwError = LwMbsToWc16s(pArgv[1], &pwszServiceName);
BAIL_ON_ERROR(dwError);
dwError = LwSmAcquireServiceHandle(pwszServiceName, &hHandle);
BAIL_ON_ERROR(dwError);
dwError = LwSmQueryServiceStatus(hHandle, &status);
BAIL_ON_ERROR(dwError);
if (!gState.bQuiet)
{
switch (status.state)
{
case LW_SERVICE_STATE_RUNNING:
printf("%s (%s: %li)\n",
LwSmStateToString(status.state),
LwSmHomeToString(status.home),
(long) status.pid);
break;
default:
printf("%s\n", LwSmStateToString(status.state));
break;
}
}
*pRet = status.state;
cleanup:
LW_SAFE_FREE_MEMORY(pwszServiceName);
if (hHandle)
{
LwSmReleaseServiceHandle(hHandle);
}
return dwError;
error:
goto cleanup;
}
DWORD
LwpsLegacyDeletePassword(
IN PLWPS_LEGACY_STATE pContext,
IN PCSTR pszDomainName
)
{
DWORD dwError = 0;
int EE = 0;
PSTR pszRegistryPath = NULL;
DWORD dwSubKeysCount = 0;
DWORD dwValuesCount = 0;
dwError = LwAllocateStringPrintf(
&pszRegistryPath,
"%s\\%s",
PSTOREDB_REGISTRY_AD_KEY,
pszDomainName);
GOTO_CLEANUP_ON_WINERROR_EE(dwError, EE);
RegUtilDeleteTree(
pContext->hReg,
NULL,
pszRegistryPath,
PSTOREDB_REGISTRY_PSTORE_SUBKEY);
// TODO-What if there is an error?
/* Delete domain key only if empty */
dwError = RegUtilGetKeyObjectCounts(
pContext->hReg,
HKEY_THIS_MACHINE,
pszRegistryPath,
NULL,
&dwSubKeysCount,
&dwValuesCount);
if (dwError)
{
dwError = 0;
}
else if (!dwSubKeysCount && !dwValuesCount)
{
RegUtilDeleteKey(
pContext->hReg,
HKEY_THIS_MACHINE,
pszRegistryPath,
NULL);
// TODO-What if there is an error?
}
cleanup:
LW_SAFE_FREE_MEMORY(pszRegistryPath);
LSA_PSTORE_LOG_LEAVE_ERROR_EE(dwError, EE);
return dwError;
}
DWORD
LsaNssFillMemberList(
PLSA_GROUP_INFO_1 pInfo,
PSTR* ppResult
)
{
DWORD dwError = LW_ERROR_SUCCESS;
size_t sIndex = 0;
size_t sRequiredMem = 0;
PSTR pszListStart = NULL;
// Do not free
PSTR pszPos = NULL;
sRequiredMem = 1;
for (sIndex = 0; pInfo->ppszMembers[sIndex]; sIndex++)
{
sRequiredMem += strlen(pInfo->ppszMembers[sIndex]) + 1;
}
if (sIndex == 0)
{
sRequiredMem++;
}
dwError = LwAllocateMemory(
sRequiredMem,
(PVOID*)&pszListStart);
BAIL_ON_LSA_ERROR(dwError);
pszPos = pszListStart;
for (sIndex = 0; pInfo->ppszMembers[sIndex]; sIndex++)
{
strcpy(pszPos, pInfo->ppszMembers[sIndex]);
pszPos += strlen(pszPos) + 1;
}
if (sIndex == 0)
{
*pszPos++ = 0;
}
*pszPos++ = 0;
assert(pszPos == pszListStart + sRequiredMem);
*ppResult = pszListStart;
cleanup:
return dwError;
error:
*ppResult = NULL;
LW_SAFE_FREE_MEMORY(pszListStart);
goto cleanup;
}
VOID
LsaPcacheDestroy(
IN LSA_MACHINEPWD_CACHE_HANDLE pPcache
)
{
if (pPcache)
{
if (pPcache->pStateLock)
{
pthread_rwlock_destroy(pPcache->pStateLock);
}
LsaPcachepReleaseEntry(pPcache->pEntry);
LW_SAFE_FREE_STRING(pPcache->pszDomainName);
LW_SAFE_FREE_MEMORY(pPcache->pwszDomainName);
LW_SAFE_FREE_MEMORY(pPcache);
}
return;
}
NTSTATUS
LsaEnumPrivilegesAccount(
IN LSA_BINDING hBinding,
IN LSAR_ACCOUNT_HANDLE hAccount,
OUT PPRIVILEGE_SET *ppPrivileges
)
{
NTSTATUS ntStatus = STATUS_SUCCESS;
size_t privilegesSize = 0;
PPRIVILEGE_SET pPrivs = NULL;
PPRIVILEGE_SET pPrivileges = NULL;
BAIL_ON_INVALID_PTR(hBinding, ntStatus);
BAIL_ON_INVALID_PTR(hAccount, ntStatus);
BAIL_ON_INVALID_PTR(ppPrivileges, ntStatus);
DCERPC_CALL(ntStatus, cli_LsaEnumPrivilegesAccount(
(handle_t)hBinding,
hAccount,
&pPrivs));
BAIL_ON_NT_STATUS(ntStatus);
privilegesSize = RtlLengthPrivilegeSet(pPrivs);
ntStatus = LsaRpcAllocateMemory(
OUT_PPVOID(&pPrivileges),
privilegesSize);
BAIL_ON_NT_STATUS(ntStatus);
ntStatus = RtlCopyPrivilegeSet(
privilegesSize,
pPrivileges,
pPrivs);
BAIL_ON_NT_STATUS(ntStatus);
*ppPrivileges = pPrivileges;
error:
if (ntStatus)
{
if (ppPrivileges)
{
LW_SAFE_FREE_MEMORY(pPrivileges);
*ppPrivileges = NULL;
}
}
if (pPrivs)
{
LsaFreeStubPrivilegeSet(pPrivs);
}
return ntStatus;
}
static
DWORD
Add(
int argc,
char** ppszArgv
)
{
static const DWORD dwLevel = 502;
DWORD dwError = 0;
SHARE_INFO_502 shareInfo = {0};
DWORD dwParmErr = 0;
PSECURITY_DESCRIPTOR_RELATIVE pSecDesc = NULL;
DWORD dwSecDescSize = 0;
dwError = ParseShareArgs(
argc,
ppszArgv);
BAIL_ON_SRVSVC_ERROR(dwError);
dwError = ConstructSecurityDescriptor(
gState.dwAllowUserCount,
gState.ppwszAllowUsers,
gState.dwDenyUserCount,
gState.ppwszDenyUsers,
gState.bReadOnly && !gState.bReadWrite,
&pSecDesc,
&dwSecDescSize);
BAIL_ON_SRVSVC_ERROR(dwError);
shareInfo.shi502_type = 0; // SHARE_SERVICE_DISK_SHARE
shareInfo.shi502_netname = gState.pwszName ? gState.pwszName : gState.pwszTarget;
shareInfo.shi502_remark = gState.pwszComment;
shareInfo.shi502_path = gState.pwszPath;
shareInfo.shi502_reserved = dwSecDescSize;
shareInfo.shi502_security_descriptor = (PBYTE) pSecDesc;
dwError = NetShareAdd(
gState.pwszServerName,
dwLevel,
&shareInfo,
&dwParmErr);
BAIL_ON_SRVSVC_ERROR(dwError);
cleanup:
LW_SAFE_FREE_MEMORY(pSecDesc);
return dwError;
error:
goto cleanup;
}