wbcErr
wbcDomainInfo(
IN const char *domain,
OUT struct wbcDomainInfo **info
)
{
wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
DWORD dwErr = LW_ERROR_INTERNAL;
HANDLE hLsa = (HANDLE)NULL;
PLSASTATUS pLsaStatus = NULL;
struct wbcDomainInfo *pWbcDomInfo = NULL;
PLSA_TRUSTED_DOMAIN_INFO pLsaDomInfo = NULL;
PLSA_AUTH_PROVIDER_STATUS pADProvStatus = NULL;
int i = 0;
/* Sanity check */
BAIL_ON_NULL_PTR_PARAM(domain, dwErr);
BAIL_ON_NULL_PTR_PARAM(info, dwErr);
/* Work */
dwErr = LsaOpenServer(&hLsa);
BAIL_ON_LSA_ERR(dwErr);
dwErr = LsaGetStatus(hLsa, &pLsaStatus);
BAIL_ON_LSA_ERR(dwErr);
/* Find the AD provider entry */
for (i=0; i<pLsaStatus->dwCount; i++)
{
if (strcmp(pLsaStatus->pAuthProviderStatusList[i].pszId,
LSA_PROVIDER_TAG_AD) == 0)
{
pADProvStatus = &pLsaStatus->pAuthProviderStatusList[i];
break;
}
}
if (pADProvStatus == NULL)
{
dwErr = LW_ERROR_NO_SUCH_DOMAIN;
BAIL_ON_LSA_ERR(dwErr);
}
/* Find the requested domain */
for (i=0; i<pADProvStatus->dwNumTrustedDomains; i++)
{
PLSA_TRUSTED_DOMAIN_INFO pCursorDomInfo = NULL;
pCursorDomInfo = &pADProvStatus->pTrustedDomainInfoArray[i];
if (StrEqual(pCursorDomInfo->pszDnsDomain, domain) ||
StrEqual(pCursorDomInfo->pszNetbiosDomain, domain))
{
pLsaDomInfo = pCursorDomInfo;
break;
}
}
if (pLsaDomInfo == NULL)
{
dwErr = LW_ERROR_NO_SUCH_DOMAIN;
BAIL_ON_LSA_ERR(dwErr);
}
/* Fill in the domain info */
pWbcDomInfo = _wbc_malloc_zero(
sizeof(struct wbcDomainInfo),
FreeWbcDomainInfo);
BAIL_ON_NULL_PTR(pWbcDomInfo, dwErr);
dwErr = FillDomainInfo(pWbcDomInfo, pLsaDomInfo);
BAIL_ON_LSA_ERR(dwErr);
*info = pWbcDomInfo;
pWbcDomInfo = NULL;
cleanup:
if (pLsaStatus)
{
LsaFreeStatus(pLsaStatus);
}
if (hLsa != (HANDLE)NULL) {
LsaCloseServer(hLsa);
}
_WBC_FREE(pWbcDomInfo);
wbc_status = map_error_to_wbc_status(dwErr);
return wbc_status;
}
DWORD
UmnSrvUpdateADAccounts(
HANDLE hLsass,
PLW_EVENTLOG_CONNECTION pEventlog,
HANDLE hReg,
HKEY hParameters,
long long PreviousRun,
long long Now
)
{
DWORD dwError = 0;
PSTR pMemberList = NULL;
PCSTR pIter = NULL;
PSTR pMember = NULL;
PLW_HASH_TABLE pUsers = NULL;
LWREG_CONFIG_ITEM ADConfigDescription[] =
{
{
"RequireMembershipOf",
TRUE,
LwRegTypeMultiString,
0,
MAXDWORD,
NULL,
&pMemberList,
NULL
},
};
PLSASTATUS pLsaStatus = NULL;
// Do not free
PSTR pDomain = NULL;
// Do not free
PSTR pCell = NULL;
PLSA_SECURITY_OBJECT pAllUsers = NULL;
DWORD i = 0;
dwError = LwHashCreate(
100,
LwHashStringCompare,
LwHashStringHash,
UmnSrvHashFreeObjectValue,
NULL,
&pUsers);
BAIL_ON_UMN_ERROR(dwError);
dwError = RegProcessConfig(
AD_PROVIDER_REGKEY,
AD_PROVIDER_POLICY_REGKEY,
ADConfigDescription,
sizeof(ADConfigDescription)/sizeof(ADConfigDescription[0]));
BAIL_ON_UMN_ERROR(dwError);
if (pMemberList && pMemberList[0])
{
pIter = pMemberList;
while (*pIter != 0)
{
dwError = LwStrDupOrNull(
pIter,
&pMember);
BAIL_ON_UMN_ERROR(dwError);
LwStripWhitespace(
pMember,
TRUE,
TRUE);
dwError = UmnSrvAddUsersFromMembership(
hLsass,
pUsers,
pMember);
BAIL_ON_UMN_ERROR(dwError);
pIter += strlen(pIter) + 1;
}
}
else
{
dwError = LsaGetStatus2(
hLsass,
NULL,
&pLsaStatus);
BAIL_ON_UMN_ERROR(dwError);
for (i = 0; i < pLsaStatus->dwCount; i++)
{
if (pLsaStatus->pAuthProviderStatusList[i].pszDomain)
{
pDomain = pLsaStatus->pAuthProviderStatusList[i].pszDomain;
}
if (pLsaStatus->pAuthProviderStatusList[i].pszCell)
{
pCell = pLsaStatus->pAuthProviderStatusList[i].pszCell;
}
}
if (pDomain || pCell)
{
dwError = LwAllocateMemory(
sizeof(*pAllUsers),
(PVOID*)&pAllUsers);
BAIL_ON_UMN_ERROR(dwError);
dwError = LwAllocateString(
"S-INVALID",
&pAllUsers->pszObjectSid);
BAIL_ON_UMN_ERROR(dwError);
pAllUsers->enabled = TRUE;
pAllUsers->bIsLocal = FALSE;
dwError = LwAllocateString(
"AllDomains",
&pAllUsers->pszNetbiosDomainName);
BAIL_ON_UMN_ERROR(dwError);
dwError = LwAllocateString(
"AllUsers",
&pAllUsers->pszSamAccountName);
BAIL_ON_UMN_ERROR(dwError);
pAllUsers->type = LSA_OBJECT_TYPE_USER;
dwError = LwAllocateString(
"S-INVALID",
&pAllUsers->userInfo.pszPrimaryGroupSid);
BAIL_ON_UMN_ERROR(dwError);
dwError = LwAllocateString(
"All Users",
&pAllUsers->userInfo.pszUnixName);
BAIL_ON_UMN_ERROR(dwError);
dwError = LwAllocateString(
"All Users",
&pAllUsers->userInfo.pszGecos);
BAIL_ON_UMN_ERROR(dwError);
dwError = LwAllocateString(
"",
&pAllUsers->userInfo.pszShell);
BAIL_ON_UMN_ERROR(dwError);
dwError = LwAllocateString(
"",
&pAllUsers->userInfo.pszHomedir);
BAIL_ON_UMN_ERROR(dwError);
if (pCell)
{
dwError = LwAllocateStringPrintf(
&pAllUsers->userInfo.pszDisplayName,
"All Users in cell %s",
pCell);
BAIL_ON_UMN_ERROR(dwError);
}
else
{
dwError = LwAllocateStringPrintf(
&pAllUsers->userInfo.pszDisplayName,
"All Users accessible from domain %s",
pDomain);
BAIL_ON_UMN_ERROR(dwError);
}
dwError = LwHashSetValue(
pUsers,
pAllUsers->pszObjectSid,
pAllUsers);
BAIL_ON_UMN_ERROR(dwError);
pAllUsers = NULL;
}
}
dwError = UmnSrvUpdateADAccountsByHash(
hLsass,
pEventlog,
hReg,
hParameters,
pUsers,
PreviousRun,
Now);
BAIL_ON_UMN_ERROR(dwError);
cleanup:
if (pLsaStatus)
{
LsaFreeStatus(pLsaStatus);
}
LW_SAFE_FREE_STRING(pMemberList);
LW_SAFE_FREE_STRING(pMember);
LwHashSafeFree(&pUsers);
if (pAllUsers)
{
LsaFreeSecurityObject(pAllUsers);
}
return dwError;
error:
goto cleanup;
}
DWORD
LsaSrvGetStatus(
HANDLE hServer,
PCSTR pszTargetProvider,
PLSASTATUS* ppLsaStatus
)
{
DWORD dwError = 0;
BOOLEAN bInLock = FALSE;
PLSA_AUTH_PROVIDER pProvider = NULL;
DWORD dwProviderCount = 0;
DWORD iCount = 0;
DWORD dwStatusIndex = 0;
HANDLE hProvider = (HANDLE)NULL;
PLSASTATUS pLsaStatus = NULL;
PLSA_AUTH_PROVIDER_STATUS pProviderOwnedStatus = NULL;
BOOLEAN bFoundProvider = FALSE;
PSTR pszTargetProviderName = NULL;
PSTR pszTargetInstance = NULL;
BAIL_ON_INVALID_POINTER(ppLsaStatus);
dwError = LwAllocateMemory(
sizeof(LSASTATUS),
(PVOID*)&pLsaStatus);
BAIL_ON_LSA_ERROR(dwError);
pLsaStatus->dwUptime = (DWORD)difftime(time(NULL), gServerStartTime);
dwError = LsaSrvGetLsassVersion(
&pLsaStatus->lsassVersion);
BAIL_ON_LSA_ERROR(dwError);
dwError = LsaReadVersionFile(
&pLsaStatus->productVersion);
BAIL_ON_LSA_ERROR(dwError);
if (pszTargetProvider)
{
dwError = LsaSrvGetTargetElements(
pszTargetProvider,
&pszTargetProviderName,
&pszTargetInstance);
BAIL_ON_LSA_ERROR(dwError);
}
ENTER_AUTH_PROVIDER_LIST_READER_LOCK(bInLock);
if (pszTargetProviderName)
{
dwProviderCount = 1;
}
else
{
dwProviderCount = LsaGetNumberOfProviders_inlock();
}
if (!dwProviderCount)
{
goto done;
}
dwError = LwAllocateMemory(
dwProviderCount * sizeof(LSA_AUTH_PROVIDER_STATUS),
(PVOID*)&pLsaStatus->pAuthProviderStatusList);
BAIL_ON_LSA_ERROR(dwError);
pLsaStatus->dwCount = dwProviderCount;
dwError = LW_ERROR_NOT_HANDLED;
for (pProvider = gpAuthProviderList, iCount = 0, dwStatusIndex = 0;
pProvider;
pProvider = pProvider->pNext, iCount++)
{
PLSA_AUTH_PROVIDER_STATUS pAuthProviderStatus = NULL;
if (pszTargetProviderName)
{
if (!strcmp(pszTargetProviderName, pProvider->pszName))
{
bFoundProvider = TRUE;
}
else
{
continue;
}
}
dwError = LsaSrvOpenProvider(
hServer,
pProvider,
pszTargetInstance,
&hProvider);
BAIL_ON_LSA_ERROR(dwError);
pAuthProviderStatus = &pLsaStatus->pAuthProviderStatusList[dwStatusIndex++];
dwError = LwAllocateString(
pProvider->pszName,
&pAuthProviderStatus->pszId);
BAIL_ON_LSA_ERROR(dwError);
dwError = pProvider->pFnTable->pfnGetStatus(
hProvider,
&pProviderOwnedStatus);
if (dwError == LW_ERROR_NOT_HANDLED)
{
dwError = 0;
}
else
{
BAIL_ON_LSA_ERROR(dwError);
dwError = LsaSrvCopyProviderStatus(
pProviderOwnedStatus,
pAuthProviderStatus);
BAIL_ON_LSA_ERROR(dwError);
pProvider->pFnTable->pfnFreeStatus(
pProviderOwnedStatus);
pProviderOwnedStatus = NULL;
}
LsaSrvCloseProvider(pProvider, hProvider);
hProvider = (HANDLE)NULL;
}
if (pszTargetProviderName && !bFoundProvider)
{
dwError = LW_ERROR_INVALID_AUTH_PROVIDER;
BAIL_ON_LSA_ERROR(dwError);
}
done:
*ppLsaStatus = pLsaStatus;
cleanup:
LW_SAFE_FREE_STRING(pszTargetProviderName);
LW_SAFE_FREE_STRING(pszTargetInstance);
if (pProvider != NULL && pProviderOwnedStatus)
{
pProvider->pFnTable->pfnFreeStatus(
pProviderOwnedStatus);
}
if (hProvider != NULL)
{
LsaSrvCloseProvider(pProvider, hProvider);
}
LEAVE_AUTH_PROVIDER_LIST_READER_LOCK(bInLock);
return dwError;
error:
LSA_LOG_ERROR_API_FAILED(hServer, dwError, "get lsass status");
if (ppLsaStatus)
{
*ppLsaStatus = NULL;
}
if (pLsaStatus)
{
LsaFreeStatus(pLsaStatus);
}
goto cleanup;
}
