static
DWORD
ProcessGetAccountSystemAccessRights(
IN PRPC_PARAMETERS pRpcParams,
IN PSTR pszAccountName
)
{
DWORD err = ERROR_SUCCESS;
NTSTATUS ntStatus = STATUS_SUCCESS;
LSA_BINDING hLsa = NULL;
LW_PIO_CREDS pCreds = NULL;
PSID pAccountSid = NULL;
WCHAR wszSysName[] = {'\\', '\\', '\0'};
DWORD policyAccessMask = LSA_ACCESS_LOOKUP_NAMES_SIDS |
LSA_ACCESS_CREATE_PRIVILEGE |
LSA_ACCESS_CREATE_SPECIAL_ACCOUNTS;
POLICY_HANDLE hPolicy = NULL;
DWORD accountAccessMask = LSA_ACCOUNT_VIEW;
LSAR_ACCOUNT_HANDLE hAccount = NULL;
DWORD systemAccess = 0;
err = CreateRpcCredentials(pRpcParams,
&pCreds);
BAIL_ON_LSA_ERROR(err);
err = CreateLsaRpcBinding(pRpcParams,
pCreds,
&hLsa);
BAIL_ON_LSA_ERROR(err);
err = ResolveAccountNameToSid(
hLsa,
pszAccountName,
&pAccountSid);
BAIL_ON_LSA_ERROR(err);
ntStatus = LsaOpenPolicy2(hLsa,
wszSysName,
NULL,
policyAccessMask,
&hPolicy);
BAIL_ON_NT_STATUS(ntStatus);
ntStatus = LsaOpenAccount(hLsa,
hPolicy,
pAccountSid,
accountAccessMask,
&hAccount);
BAIL_ON_NT_STATUS(ntStatus);
ntStatus = LsaGetSystemAccessAccount(
hLsa,
hAccount,
&systemAccess);
BAIL_ON_NT_STATUS(ntStatus);
fprintf(stdout,
"Account: %s:\n"
"=================================================================="
"==============\n", pszAccountName);
fprintf(stdout, "System Access Rights 0x%08x\n", systemAccess);
error:
if (ntStatus || err)
{
PCSTR errName = LwNtStatusToName(ntStatus);
PCSTR errDescription = LwNtStatusToDescription(ntStatus);
if (ntStatus)
{
errName = LwNtStatusToName(ntStatus);
errDescription = LwNtStatusToDescription(ntStatus);
}
else
{
errName = LwWin32ErrorToName(err);
errDescription = LwWin32ErrorToDescription(err);
}
fprintf(stderr, "Error: %s (%s)\n",
LSA_SAFE_LOG_STRING(errName),
LSA_SAFE_LOG_STRING(errDescription));
}
if (hAccount)
{
LsaClose(hLsa, hAccount);
}
if (hPolicy)
{
LsaClose(hLsa, hPolicy);
}
if (hLsa)
{
LsaFreeBinding(&hLsa);
}
if (pCreds)
{
LwIoDeleteCreds(pCreds);
}
RTL_FREE(&pAccountSid);
if (err == ERROR_SUCCESS &&
ntStatus != STATUS_SUCCESS)
{
err = LwNtStatusToWin32Error(ntStatus);
}
return err;
}
static
VOID
InstallPrivileges(VOID)
{
HINF hSecurityInf = INVALID_HANDLE_VALUE;
LSA_OBJECT_ATTRIBUTES ObjectAttributes;
WCHAR szPrivilegeString[256];
WCHAR szSidString[256];
INFCONTEXT InfContext;
DWORD i;
PRIVILEGE_SET PrivilegeSet;
PSID AccountSid;
NTSTATUS Status;
LSA_HANDLE PolicyHandle = NULL;
LSA_HANDLE AccountHandle;
DPRINT("InstallPrivileges()\n");
hSecurityInf = SetupOpenInfFileW(L"defltws.inf", //szNameBuffer,
NULL,
INF_STYLE_WIN4,
NULL);
if (hSecurityInf == INVALID_HANDLE_VALUE)
{
DPRINT1("SetupOpenInfFileW failed\n");
return;
}
memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES));
Status = LsaOpenPolicy(NULL,
&ObjectAttributes,
POLICY_CREATE_ACCOUNT,
&PolicyHandle);
if (!NT_SUCCESS(Status))
{
DPRINT1("LsaOpenPolicy failed (Status %08lx)\n", Status);
goto done;
}
if (!SetupFindFirstLineW(hSecurityInf,
L"Privilege Rights",
NULL,
&InfContext))
{
DPRINT1("SetupFindfirstLineW failed\n");
goto done;
}
PrivilegeSet.PrivilegeCount = 1;
PrivilegeSet.Control = 0;
do
{
/* Retrieve the privilege name */
if (!SetupGetStringFieldW(&InfContext,
0,
szPrivilegeString,
256,
NULL))
{
DPRINT1("SetupGetStringFieldW() failed\n");
goto done;
}
DPRINT("Privilege: %S\n", szPrivilegeString);
if (!LookupPrivilegeValueW(NULL,
szPrivilegeString,
&(PrivilegeSet.Privilege[0].Luid)))
{
DPRINT1("LookupPrivilegeNameW() failed\n");
goto done;
}
PrivilegeSet.Privilege[0].Attributes = 0;
for (i = 0; i < SetupGetFieldCount(&InfContext); i++)
{
if (!SetupGetStringFieldW(&InfContext,
i + 1,
szSidString,
256,
NULL))
{
DPRINT1("SetupGetStringFieldW() failed\n");
goto done;
}
DPRINT("SID: %S\n", szSidString);
ConvertStringSidToSid(szSidString, &AccountSid);
Status = LsaOpenAccount(PolicyHandle,
AccountSid,
ACCOUNT_VIEW | ACCOUNT_ADJUST_PRIVILEGES,
&AccountHandle);
if (NT_SUCCESS(Status))
{
Status = LsaAddPrivilegesToAccount(AccountHandle,
&PrivilegeSet);
if (!NT_SUCCESS(Status))
{
DPRINT1("LsaAddPrivilegesToAccount() failed (Status %08lx)\n", Status);
}
LsaClose(AccountHandle);
}
LocalFree(AccountSid);
}
}
while (SetupFindNextLine(&InfContext, &InfContext));
done:
if (PolicyHandle != NULL)
LsaClose(PolicyHandle);
if (hSecurityInf != INVALID_HANDLE_VALUE)
SetupCloseInfFile(hSecurityInf);
}
static
DWORD
ProcessDeleteAccount(
IN PRPC_PARAMETERS pRpcParams,
IN PSTR AccountName
)
{
DWORD err = ERROR_SUCCESS;
NTSTATUS ntStatus = STATUS_SUCCESS;
LSA_BINDING hLsa = NULL;
LW_PIO_CREDS pCreds = NULL;
WCHAR wszSysName[] = {'\\', '\\', '\0'};
DWORD policyAccessMask = LSA_ACCESS_LOOKUP_NAMES_SIDS |
LSA_ACCESS_VIEW_POLICY_INFO;
DWORD accountAccessMask = DELETE;
POLICY_HANDLE hPolicy = NULL;
LSAR_ACCOUNT_HANDLE hAccount = NULL;
PSID pAccountSid = NULL;
err = CreateRpcCredentials(pRpcParams,
&pCreds);
BAIL_ON_LSA_ERROR(err);
err = CreateLsaRpcBinding(pRpcParams,
pCreds,
&hLsa);
BAIL_ON_LSA_ERROR(err);
ntStatus = LsaOpenPolicy2(hLsa,
wszSysName,
NULL,
policyAccessMask,
&hPolicy);
BAIL_ON_NT_STATUS(ntStatus);
err = ResolveAccountNameToSid(
hLsa,
AccountName,
&pAccountSid);
BAIL_ON_LSA_ERROR(err);
ntStatus = LsaOpenAccount(
hLsa,
hPolicy,
pAccountSid,
accountAccessMask,
&hAccount);
BAIL_ON_NT_STATUS(ntStatus);
ntStatus = LsaRpcDeleteObject(
hLsa,
hAccount);
BAIL_ON_NT_STATUS(ntStatus);
error:
if (ntStatus || err)
{
PCSTR errName = LwNtStatusToName(ntStatus);
PCSTR errDescription = LwNtStatusToDescription(ntStatus);
if (ntStatus)
{
errName = LwNtStatusToName(ntStatus);
errDescription = LwNtStatusToDescription(ntStatus);
}
else
{
errName = LwWin32ErrorToName(err);
errDescription = LwWin32ErrorToDescription(err);
}
fprintf(stderr, "Error: %s (%s)\n",
LSA_SAFE_LOG_STRING(errName),
LSA_SAFE_LOG_STRING(errDescription));
}
if (hPolicy)
{
LsaClose(hLsa, hPolicy);
}
if (hLsa)
{
LsaFreeBinding(&hLsa);
}
if (pCreds)
{
LwIoDeleteCreds(pCreds);
}
if (err == ERROR_SUCCESS &&
ntStatus != STATUS_SUCCESS)
{
err = LwNtStatusToWin32Error(ntStatus);
}
return err;
}
