wbcErr wbcDomainInfo( IN const char *domain, OUT struct wbcDomainInfo **info ) { wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE; DWORD dwErr = LW_ERROR_INTERNAL; HANDLE hLsa = (HANDLE)NULL; PLSASTATUS pLsaStatus = NULL; struct wbcDomainInfo *pWbcDomInfo = NULL; PLSA_TRUSTED_DOMAIN_INFO pLsaDomInfo = NULL; PLSA_AUTH_PROVIDER_STATUS pADProvStatus = NULL; int i = 0; /* Sanity check */ BAIL_ON_NULL_PTR_PARAM(domain, dwErr); BAIL_ON_NULL_PTR_PARAM(info, dwErr); /* Work */ dwErr = LsaOpenServer(&hLsa); BAIL_ON_LSA_ERR(dwErr); dwErr = LsaGetStatus(hLsa, &pLsaStatus); BAIL_ON_LSA_ERR(dwErr); /* Find the AD provider entry */ for (i=0; i<pLsaStatus->dwCount; i++) { if (strcmp(pLsaStatus->pAuthProviderStatusList[i].pszId, LSA_PROVIDER_TAG_AD) == 0) { pADProvStatus = &pLsaStatus->pAuthProviderStatusList[i]; break; } } if (pADProvStatus == NULL) { dwErr = LW_ERROR_NO_SUCH_DOMAIN; BAIL_ON_LSA_ERR(dwErr); } /* Find the requested domain */ for (i=0; i<pADProvStatus->dwNumTrustedDomains; i++) { PLSA_TRUSTED_DOMAIN_INFO pCursorDomInfo = NULL; pCursorDomInfo = &pADProvStatus->pTrustedDomainInfoArray[i]; if (StrEqual(pCursorDomInfo->pszDnsDomain, domain) || StrEqual(pCursorDomInfo->pszNetbiosDomain, domain)) { pLsaDomInfo = pCursorDomInfo; break; } } if (pLsaDomInfo == NULL) { dwErr = LW_ERROR_NO_SUCH_DOMAIN; BAIL_ON_LSA_ERR(dwErr); } /* Fill in the domain info */ pWbcDomInfo = _wbc_malloc_zero( sizeof(struct wbcDomainInfo), FreeWbcDomainInfo); BAIL_ON_NULL_PTR(pWbcDomInfo, dwErr); dwErr = FillDomainInfo(pWbcDomInfo, pLsaDomInfo); BAIL_ON_LSA_ERR(dwErr); *info = pWbcDomInfo; pWbcDomInfo = NULL; cleanup: if (pLsaStatus) { LsaFreeStatus(pLsaStatus); } if (hLsa != (HANDLE)NULL) { LsaCloseServer(hLsa); } _WBC_FREE(pWbcDomInfo); wbc_status = map_error_to_wbc_status(dwErr); return wbc_status; }
DWORD UmnSrvUpdateADAccounts( HANDLE hLsass, PLW_EVENTLOG_CONNECTION pEventlog, HANDLE hReg, HKEY hParameters, long long PreviousRun, long long Now ) { DWORD dwError = 0; PSTR pMemberList = NULL; PCSTR pIter = NULL; PSTR pMember = NULL; PLW_HASH_TABLE pUsers = NULL; LWREG_CONFIG_ITEM ADConfigDescription[] = { { "RequireMembershipOf", TRUE, LwRegTypeMultiString, 0, MAXDWORD, NULL, &pMemberList, NULL }, }; PLSASTATUS pLsaStatus = NULL; // Do not free PSTR pDomain = NULL; // Do not free PSTR pCell = NULL; PLSA_SECURITY_OBJECT pAllUsers = NULL; DWORD i = 0; dwError = LwHashCreate( 100, LwHashStringCompare, LwHashStringHash, UmnSrvHashFreeObjectValue, NULL, &pUsers); BAIL_ON_UMN_ERROR(dwError); dwError = RegProcessConfig( AD_PROVIDER_REGKEY, AD_PROVIDER_POLICY_REGKEY, ADConfigDescription, sizeof(ADConfigDescription)/sizeof(ADConfigDescription[0])); BAIL_ON_UMN_ERROR(dwError); if (pMemberList && pMemberList[0]) { pIter = pMemberList; while (*pIter != 0) { dwError = LwStrDupOrNull( pIter, &pMember); BAIL_ON_UMN_ERROR(dwError); LwStripWhitespace( pMember, TRUE, TRUE); dwError = UmnSrvAddUsersFromMembership( hLsass, pUsers, pMember); BAIL_ON_UMN_ERROR(dwError); pIter += strlen(pIter) + 1; } } else { dwError = LsaGetStatus2( hLsass, NULL, &pLsaStatus); BAIL_ON_UMN_ERROR(dwError); for (i = 0; i < pLsaStatus->dwCount; i++) { if (pLsaStatus->pAuthProviderStatusList[i].pszDomain) { pDomain = pLsaStatus->pAuthProviderStatusList[i].pszDomain; } if (pLsaStatus->pAuthProviderStatusList[i].pszCell) { pCell = pLsaStatus->pAuthProviderStatusList[i].pszCell; } } if (pDomain || pCell) { dwError = LwAllocateMemory( sizeof(*pAllUsers), (PVOID*)&pAllUsers); BAIL_ON_UMN_ERROR(dwError); dwError = LwAllocateString( "S-INVALID", &pAllUsers->pszObjectSid); BAIL_ON_UMN_ERROR(dwError); pAllUsers->enabled = TRUE; pAllUsers->bIsLocal = FALSE; dwError = LwAllocateString( "AllDomains", &pAllUsers->pszNetbiosDomainName); BAIL_ON_UMN_ERROR(dwError); dwError = LwAllocateString( "AllUsers", &pAllUsers->pszSamAccountName); BAIL_ON_UMN_ERROR(dwError); pAllUsers->type = LSA_OBJECT_TYPE_USER; dwError = LwAllocateString( "S-INVALID", &pAllUsers->userInfo.pszPrimaryGroupSid); BAIL_ON_UMN_ERROR(dwError); dwError = LwAllocateString( "All Users", &pAllUsers->userInfo.pszUnixName); BAIL_ON_UMN_ERROR(dwError); dwError = LwAllocateString( "All Users", &pAllUsers->userInfo.pszGecos); BAIL_ON_UMN_ERROR(dwError); dwError = LwAllocateString( "", &pAllUsers->userInfo.pszShell); BAIL_ON_UMN_ERROR(dwError); dwError = LwAllocateString( "", &pAllUsers->userInfo.pszHomedir); BAIL_ON_UMN_ERROR(dwError); if (pCell) { dwError = LwAllocateStringPrintf( &pAllUsers->userInfo.pszDisplayName, "All Users in cell %s", pCell); BAIL_ON_UMN_ERROR(dwError); } else { dwError = LwAllocateStringPrintf( &pAllUsers->userInfo.pszDisplayName, "All Users accessible from domain %s", pDomain); BAIL_ON_UMN_ERROR(dwError); } dwError = LwHashSetValue( pUsers, pAllUsers->pszObjectSid, pAllUsers); BAIL_ON_UMN_ERROR(dwError); pAllUsers = NULL; } } dwError = UmnSrvUpdateADAccountsByHash( hLsass, pEventlog, hReg, hParameters, pUsers, PreviousRun, Now); BAIL_ON_UMN_ERROR(dwError); cleanup: if (pLsaStatus) { LsaFreeStatus(pLsaStatus); } LW_SAFE_FREE_STRING(pMemberList); LW_SAFE_FREE_STRING(pMember); LwHashSafeFree(&pUsers); if (pAllUsers) { LsaFreeSecurityObject(pAllUsers); } return dwError; error: goto cleanup; }
DWORD LsaSrvGetStatus( HANDLE hServer, PCSTR pszTargetProvider, PLSASTATUS* ppLsaStatus ) { DWORD dwError = 0; BOOLEAN bInLock = FALSE; PLSA_AUTH_PROVIDER pProvider = NULL; DWORD dwProviderCount = 0; DWORD iCount = 0; DWORD dwStatusIndex = 0; HANDLE hProvider = (HANDLE)NULL; PLSASTATUS pLsaStatus = NULL; PLSA_AUTH_PROVIDER_STATUS pProviderOwnedStatus = NULL; BOOLEAN bFoundProvider = FALSE; PSTR pszTargetProviderName = NULL; PSTR pszTargetInstance = NULL; BAIL_ON_INVALID_POINTER(ppLsaStatus); dwError = LwAllocateMemory( sizeof(LSASTATUS), (PVOID*)&pLsaStatus); BAIL_ON_LSA_ERROR(dwError); pLsaStatus->dwUptime = (DWORD)difftime(time(NULL), gServerStartTime); dwError = LsaSrvGetLsassVersion( &pLsaStatus->lsassVersion); BAIL_ON_LSA_ERROR(dwError); dwError = LsaReadVersionFile( &pLsaStatus->productVersion); BAIL_ON_LSA_ERROR(dwError); if (pszTargetProvider) { dwError = LsaSrvGetTargetElements( pszTargetProvider, &pszTargetProviderName, &pszTargetInstance); BAIL_ON_LSA_ERROR(dwError); } ENTER_AUTH_PROVIDER_LIST_READER_LOCK(bInLock); if (pszTargetProviderName) { dwProviderCount = 1; } else { dwProviderCount = LsaGetNumberOfProviders_inlock(); } if (!dwProviderCount) { goto done; } dwError = LwAllocateMemory( dwProviderCount * sizeof(LSA_AUTH_PROVIDER_STATUS), (PVOID*)&pLsaStatus->pAuthProviderStatusList); BAIL_ON_LSA_ERROR(dwError); pLsaStatus->dwCount = dwProviderCount; dwError = LW_ERROR_NOT_HANDLED; for (pProvider = gpAuthProviderList, iCount = 0, dwStatusIndex = 0; pProvider; pProvider = pProvider->pNext, iCount++) { PLSA_AUTH_PROVIDER_STATUS pAuthProviderStatus = NULL; if (pszTargetProviderName) { if (!strcmp(pszTargetProviderName, pProvider->pszName)) { bFoundProvider = TRUE; } else { continue; } } dwError = LsaSrvOpenProvider( hServer, pProvider, pszTargetInstance, &hProvider); BAIL_ON_LSA_ERROR(dwError); pAuthProviderStatus = &pLsaStatus->pAuthProviderStatusList[dwStatusIndex++]; dwError = LwAllocateString( pProvider->pszName, &pAuthProviderStatus->pszId); BAIL_ON_LSA_ERROR(dwError); dwError = pProvider->pFnTable->pfnGetStatus( hProvider, &pProviderOwnedStatus); if (dwError == LW_ERROR_NOT_HANDLED) { dwError = 0; } else { BAIL_ON_LSA_ERROR(dwError); dwError = LsaSrvCopyProviderStatus( pProviderOwnedStatus, pAuthProviderStatus); BAIL_ON_LSA_ERROR(dwError); pProvider->pFnTable->pfnFreeStatus( pProviderOwnedStatus); pProviderOwnedStatus = NULL; } LsaSrvCloseProvider(pProvider, hProvider); hProvider = (HANDLE)NULL; } if (pszTargetProviderName && !bFoundProvider) { dwError = LW_ERROR_INVALID_AUTH_PROVIDER; BAIL_ON_LSA_ERROR(dwError); } done: *ppLsaStatus = pLsaStatus; cleanup: LW_SAFE_FREE_STRING(pszTargetProviderName); LW_SAFE_FREE_STRING(pszTargetInstance); if (pProvider != NULL && pProviderOwnedStatus) { pProvider->pFnTable->pfnFreeStatus( pProviderOwnedStatus); } if (hProvider != NULL) { LsaSrvCloseProvider(pProvider, hProvider); } LEAVE_AUTH_PROVIDER_LIST_READER_LOCK(bInLock); return dwError; error: LSA_LOG_ERROR_API_FAILED(hServer, dwError, "get lsass status"); if (ppLsaStatus) { *ppLsaStatus = NULL; } if (pLsaStatus) { LsaFreeStatus(pLsaStatus); } goto cleanup; }