static DWORD KtLdapBind( LDAP **ppLd, PCSTR pszDc ) { const int version = LDAP_VERSION3; DWORD dwError = ERROR_SUCCESS; int lderr = 0; PSTR pszUrl = NULL; LDAP *pLd = NULL; dwError = LwAllocateStringPrintf(&pszUrl, "ldap://%s", pszDc); BAIL_ON_LSA_ERROR(dwError); lderr = ldap_initialize(&pLd, pszUrl); BAIL_ON_LDAP_ERROR(lderr); lderr = ldap_set_option(pLd, LDAP_OPT_PROTOCOL_VERSION, &version); BAIL_ON_LDAP_ERROR(lderr); lderr = ldap_set_option(pLd, LDAP_OPT_REFERRALS, LDAP_OPT_OFF); BAIL_ON_LDAP_ERROR(lderr); dwError = LwLdapBindDirectorySasl(pLd, pszDc, FALSE); BAIL_ON_LSA_ERROR(dwError); *ppLd = pLd; cleanup: LW_SAFE_FREE_MEMORY(pszUrl); if (dwError == ERROR_SUCCESS && lderr != LDAP_SUCCESS) { dwError = LwMapLdapErrorToLwError(lderr); } return dwError; error: if (pLd) { ldap_memfree(pLd); } *ppLd = NULL; goto cleanup; }
DWORD KtLdapGetSaltingPrincipalA( PCSTR pszDcName, PCSTR pszBaseDn, PCSTR pszMachAcctName, PSTR *ppszSalt ) { PCSTR pszUpnAttr = "userPrincipalName"; PCSTR pszSamAcctAttr = "sAMAccountName"; DWORD dwError = ERROR_SUCCESS; LDAP *pLd = NULL; PSTR pszFilter = NULL; PSTR pszUpn = NULL; /* Bind to directory service on the DC */ dwError = KtLdapBind(&pLd, pszDcName); BAIL_ON_LSA_ERROR(dwError); /* Prepare ldap query filter */ dwError = LwAllocateStringPrintf(&pszFilter, "(%s=%s)", pszSamAcctAttr, pszMachAcctName); BAIL_ON_LSA_ERROR(dwError); /* Look for key version number attribute */ dwError = KtLdapQuery(pLd, pszBaseDn, LDAP_SCOPE_SUBTREE, pszFilter, pszUpnAttr, &pszUpn); BAIL_ON_LSA_ERROR(dwError); *ppszSalt = pszUpn; cleanup: /* Close connection to the directory */ if (pLd) { KtLdapUnbind(pLd); } LW_SAFE_FREE_MEMORY(pszFilter); return dwError; error: LW_SAFE_FREE_MEMORY(pszUpn); *ppszSalt = NULL; goto cleanup; }
DWORD LwpsLegacyGetJoinedDomainTrustEnumerationWaitTime( IN PLWPS_LEGACY_STATE pContext, IN OPTIONAL PCSTR pszDomainName, OUT PDWORD* ppdwTrustEnumerationWaitSeconds, OUT PDWORD* ppdwTrustEnumerationWaitEnabled ) { DWORD dwError = 0; int EE = 0; PSTR pszRegistryPath = NULL; PVOID dwValue = NULL; PVOID dwValue1 = NULL; REG_DATA_TYPE readType = 0; DWORD dwValueSize = 0; DWORD dwValueSize1 = 0; if (pszDomainName) { dwError = LwAllocateStringPrintf( &pszRegistryPath, "%s\\%s", PSTOREDB_REGISTRY_AD_KEY, pszDomainName); GOTO_CLEANUP_ON_WINERROR_EE(dwError, EE); dwError = RegUtilGetValue( pContext->hReg, HKEY_THIS_MACHINE, pszRegistryPath, NULL, PSTOREDB_REGISTRY_TRUSTENUMERATIONWAIT_VALUE, &readType, &dwValue, &dwValueSize); GOTO_CLEANUP_ON_WINERROR_EE(dwError, EE); dwError = RegUtilGetValue( pContext->hReg, HKEY_THIS_MACHINE, pszRegistryPath, NULL, PSTOREDB_REGISTRY_TRUSTENUMERATIONWAITSECONDS_VALUE, &readType, &dwValue1, &dwValueSize1); GOTO_CLEANUP_ON_WINERROR_EE(dwError, EE); *ppdwTrustEnumerationWaitSeconds = (PDWORD) dwValue1; *ppdwTrustEnumerationWaitEnabled = (PDWORD) dwValue; } cleanup: LW_SAFE_FREE_MEMORY(pszRegistryPath); LSA_PSTORE_LOG_LEAVE_ERROR_EE(dwError, EE); return dwError; }
static DWORD CleanupUsername( IN PCSTR pszDomain, IN OUT PSTR* ppszUsername ) { DWORD dwError = 0; PSTR pszOldUsername = *ppszUsername; PSTR pszNewUsername = NULL; // Fix up username and prompt for password, if needed. if (pszOldUsername) { PSTR at = NULL; if (strchr(pszOldUsername, '\\')) { fprintf(stderr, "The USERNAME (%s) is not allowed to contain a backslash.\n", pszOldUsername); exit(1); } at = strchr(pszOldUsername, '@'); if (at) { LwStrToUpper(at); } else { dwError = LwAllocateStringPrintf( &pszNewUsername, "%s@%s", pszOldUsername, pszDomain); GOTO_CLEANUP_ON_WINERROR(dwError); } } cleanup: if (dwError) { LW_SAFE_FREE_MEMORY(pszNewUsername); } if (pszNewUsername) { LW_SAFE_FREE_MEMORY(*ppszUsername); *ppszUsername = pszNewUsername; } return dwError; }
DWORD LwpsLegacyDeletePassword( IN PLWPS_LEGACY_STATE pContext, IN PCSTR pszDomainName ) { DWORD dwError = 0; int EE = 0; PSTR pszRegistryPath = NULL; DWORD dwSubKeysCount = 0; DWORD dwValuesCount = 0; dwError = LwAllocateStringPrintf( &pszRegistryPath, "%s\\%s", PSTOREDB_REGISTRY_AD_KEY, pszDomainName); GOTO_CLEANUP_ON_WINERROR_EE(dwError, EE); RegUtilDeleteTree( pContext->hReg, NULL, pszRegistryPath, PSTOREDB_REGISTRY_PSTORE_SUBKEY); // TODO-What if there is an error? /* Delete domain key only if empty */ dwError = RegUtilGetKeyObjectCounts( pContext->hReg, HKEY_THIS_MACHINE, pszRegistryPath, NULL, &dwSubKeysCount, &dwValuesCount); if (dwError) { dwError = 0; } else if (!dwSubKeysCount && !dwValuesCount) { RegUtilDeleteKey( pContext->hReg, HKEY_THIS_MACHINE, pszRegistryPath, NULL); // TODO-What if there is an error? } cleanup: LW_SAFE_FREE_MEMORY(pszRegistryPath); LSA_PSTORE_LOG_LEAVE_ERROR_EE(dwError, EE); return dwError; }
DWORD LwKrb5InitializeCredentials( IN PCSTR pszUserPrincipalName, IN PCSTR pszPassword, IN PCSTR pszCachePath, OUT OPTIONAL PDWORD pdwGoodUntilTime ) { DWORD dwError = LW_ERROR_SUCCESS; DWORD dwGoodUntilTime = 0; PSTR pszTempCachePath = NULL; if (!pszCachePath) { dwError = ERROR_INVALID_PARAMETER; BAIL_ON_LW_ERROR(dwError); } if (!strncmp(pszCachePath, "FILE:", sizeof("FILE:") - 1)) { dwError = LwAllocateStringPrintf(&pszTempCachePath, "%s.new", pszCachePath); BAIL_ON_LW_ERROR(dwError); } dwError = LwKrb5GetTgt( pszUserPrincipalName, pszPassword, pszTempCachePath ? pszTempCachePath : pszCachePath, &dwGoodUntilTime); BAIL_ON_LW_ERROR(dwError); if (pszTempCachePath) { dwError = LwMoveFile(pszTempCachePath + sizeof("FILE:") - 1, pszCachePath + sizeof("FILE:") - 1); BAIL_ON_LW_ERROR(dwError); } error: if (dwError) { dwGoodUntilTime = 0; } LW_SAFE_FREE_STRING(pszTempCachePath); if (pdwGoodUntilTime) { *pdwGoodUntilTime = dwGoodUntilTime; } return dwError; }
DWORD ADUSMBGetFolder( PSTR pszDomainName, PSTR pszSourceFolder, PSTR pszDestFolder ) { DWORD dwError = MAC_AD_ERROR_SUCCESS; PSTR pszFQSrcPath = NULL; PSTR pszDCHostname = NULL; if (IsNullOrEmptyString(pszDomainName) || IsNullOrEmptyString(pszSourceFolder) || IsNullOrEmptyString(pszDestFolder)) { dwError = MAC_AD_ERROR_INVALID_PARAMETER; BAIL_ON_MAC_ERROR(dwError); } dwError = GetPreferredDCAddress( pszDomainName, &pszDCHostname); BAIL_ON_MAC_ERROR(dwError); dwError = LwCreateDirectory( pszDestFolder, S_IRUSR|S_IWUSR|S_IXUSR|S_IRGRP|S_IXGRP|S_IROTH|S_IXOTH); BAIL_ON_MAC_ERROR(dwError); dwError = LwAllocateStringPrintf( &pszFQSrcPath, "//%s/sysvol/%s", pszDCHostname, *pszSourceFolder == '/' ? pszSourceFolder+1 : pszSourceFolder); BAIL_ON_MAC_ERROR(dwError); LOG("Calling ADUSMBGetFolder(Src:%s, Dest:%s)", pszFQSrcPath, pszDestFolder); dwError = ADUCopyDirFromRemote( pszFQSrcPath, pszDestFolder); BAIL_ON_MAC_ERROR(dwError); cleanup: LW_SAFE_FREE_STRING( pszFQSrcPath ); LW_SAFE_FREE_STRING(pszDCHostname); return dwError; error: goto cleanup; }
DWORD LsaSELinuxManageHomeDir( PCSTR pszHomeDir ) { DWORD dwError = 0; PCSTR pszSemanageFormat = "semanage fcontext -a -e /home %s"; PSTR pszRootHomeDir = NULL; PSTR pszSemanageExecute = NULL; int systemresult = 0; dwError = LsaGetDirectoryFromPath(pszHomeDir, &pszRootHomeDir); BAIL_ON_LSA_ERROR(dwError); if (LW_IS_NULL_OR_EMPTY_STR(pszRootHomeDir)) { dwError = LW_ERROR_INVALID_PREFIX_PATH; BAIL_ON_LSA_ERROR(dwError); } if (pszRootHomeDir[0] != '/') { dwError = LW_ERROR_INVALID_PREFIX_PATH; BAIL_ON_LSA_ERROR(dwError); } if (pszRootHomeDir[1] == '\0') { dwError = LW_ERROR_INVALID_PREFIX_PATH; BAIL_ON_LSA_ERROR(dwError); } dwError = LwAllocateStringPrintf( &pszSemanageExecute, pszSemanageFormat, pszRootHomeDir); BAIL_ON_LSA_ERROR(dwError); systemresult = system(pszSemanageExecute); if (systemresult < 0) { dwError = LwMapErrnoToLwError(errno); BAIL_ON_LSA_ERROR(dwError); } cleanup: LW_SAFE_FREE_STRING(pszRootHomeDir); LW_SAFE_FREE_STRING(pszSemanageExecute); return dwError; error: goto cleanup; }
DWORD LWNetGetErrorMessageForLoggingEvent( DWORD dwErrCode, PSTR* ppszErrorMsg ) { DWORD dwErrorBufferSize = 0; DWORD dwError = 0; DWORD dwLen = 0; PSTR pszErrorMsg = NULL; PSTR pszErrorBuffer = NULL; dwErrorBufferSize = LwGetErrorString(dwErrCode, NULL, 0); if (!dwErrorBufferSize) goto cleanup; dwError = LWNetAllocateMemory( dwErrorBufferSize, (PVOID*)&pszErrorBuffer); BAIL_ON_LWNET_ERROR(dwError); dwLen = LwGetErrorString(dwErrCode, pszErrorBuffer, dwErrorBufferSize); if ((dwLen == dwErrorBufferSize) && !IsNullOrEmptyString(pszErrorBuffer)) { dwError = LwAllocateStringPrintf( &pszErrorMsg, "Error: %s [error code: %d]", pszErrorBuffer, dwErrCode); BAIL_ON_LWNET_ERROR(dwError); } *ppszErrorMsg = pszErrorMsg; cleanup: LWNET_SAFE_FREE_STRING(pszErrorBuffer); return dwError; error: LWNET_SAFE_FREE_STRING(pszErrorMsg); *ppszErrorMsg = NULL; goto cleanup; }
DWORD InstallLwiCompat( PCSTR pSmbdPath ) { DWORD error = 0; PSTR pSambaDir = NULL; PSTR pLwiCompat = NULL; PCSTR pLikewiseLwiCompat = LIBDIR "/" LWICOMPAT_FILENAME; error = GetIdmapDir( pSmbdPath, &pSambaDir); BAIL_ON_LSA_ERROR(error); error = LwAllocateStringPrintf( &pLwiCompat, "%s/%s", pSambaDir, LWICOMPAT_FILENAME ); BAIL_ON_LSA_ERROR(error); if (unlink(pLwiCompat) < 0) { if (errno != ENOENT) { error = LwMapErrnoToLwError(errno); BAIL_ON_LSA_ERROR(error); } } if (symlink(pLikewiseLwiCompat, pLwiCompat) < 0) { error = LwMapErrnoToLwError(errno); if (error == ERROR_FILE_NOT_FOUND) { LW_RTL_LOG_ERROR("Cannot access idmap directory %s. Please ensure you have winbind installed", pSambaDir); } BAIL_ON_LSA_ERROR(error); } LW_RTL_LOG_INFO("Linked idmapper %s to %s", pLwiCompat, pLikewiseLwiCompat); cleanup: LW_SAFE_FREE_STRING(pSambaDir); LW_SAFE_FREE_STRING(pLwiCompat); return error; }
DWORD SamDbIncrementSequenceNumber_inlock( PSAM_DIRECTORY_CONTEXT pDirectoryContext ) { DWORD dwError = ERROR_SUCCESS; PCSTR pszQueryTemplate = "UPDATE " SAM_DB_OBJECTS_TABLE \ " SET " SAM_DB_COL_SEQUENCE_NUMBER \ " = " SAM_DB_COL_SEQUENCE_NUMBER " + 1 " \ " WHERE " SAM_DB_COL_OBJECT_CLASS " = %u"; PSTR pszQuery = NULL; sqlite3_stmt *pSqlStatement = NULL; dwError = LwAllocateStringPrintf(&pszQuery, pszQueryTemplate, SAMDB_OBJECT_CLASS_DOMAIN); BAIL_ON_SAMDB_ERROR(dwError); dwError = sqlite3_prepare_v2( pDirectoryContext->pDbContext->pDbHandle, pszQuery, -1, &pSqlStatement, NULL); BAIL_ON_SAMDB_SQLITE_ERROR_DB( dwError, pDirectoryContext->pDbContext->pDbHandle); dwError = sqlite3_step(pSqlStatement); if (dwError == SQLITE_DONE) { dwError = ERROR_SUCCESS; } BAIL_ON_SAMDB_SQLITE_ERROR_STMT(dwError, pSqlStatement); cleanup: if (pSqlStatement) { sqlite3_finalize(pSqlStatement); } DIRECTORY_FREE_MEMORY(pszQuery); return dwError; error: goto cleanup; }
VOID LWNetSrvLogProcessStoppedEvent( DWORD dwExitCode ) { DWORD dwError = 0; PSTR pszDescription = NULL; PSTR pszData = NULL; dwError = LwAllocateStringPrintf( &pszDescription, "The Likewise site manager service was stopped"); BAIL_ON_LWNET_ERROR(dwError); dwError = LWNetGetErrorMessageForLoggingEvent( dwExitCode, &pszData); BAIL_ON_LWNET_ERROR(dwError); if (dwExitCode) { LWNetSrvLogErrorEvent( LWNET_EVENT_ERROR_SERVICE_STOPPED, SERVICE_EVENT_CATEGORY, pszDescription, pszData); } else { LWNetSrvLogInformationEvent( LWNET_EVENT_INFO_SERVICE_STOPPED, SERVICE_EVENT_CATEGORY, pszDescription, pszData); } cleanup: LWNET_SAFE_FREE_STRING(pszDescription); LWNET_SAFE_FREE_STRING(pszData); return; error: goto cleanup; }
DWORD LwKrb5SetProcessDefaultCachePath( PCSTR pszCachePath ) { DWORD dwError = 0; PSTR pszEnvironmentEntry = NULL; static volatile PSTR pszSavedEnvironmentEntry = NULL; static pthread_mutex_t lock = PTHREAD_MUTEX_INITIALIZER; BOOLEAN bLocked = FALSE; dwError = pthread_mutex_lock(&lock); if (dwError) { dwError = LwMapErrnoToLwError(dwError); BAIL_ON_LW_ERROR(dwError); } bLocked = TRUE; dwError = LwAllocateStringPrintf(&pszEnvironmentEntry, "KRB5CCNAME=%s", pszCachePath); BAIL_ON_LW_ERROR(dwError); /* * putenv requires that the buffer not be free'd. */ if (putenv(pszEnvironmentEntry) < 0) { dwError = LwMapErrnoToLwError(errno); BAIL_ON_LW_ERROR(dwError); } LW_SAFE_FREE_STRING(pszSavedEnvironmentEntry); pszSavedEnvironmentEntry = pszEnvironmentEntry; pszEnvironmentEntry = NULL; error: LW_SAFE_FREE_STRING(pszEnvironmentEntry); if (bLocked) { pthread_mutex_unlock(&lock); } return dwError; }
DWORD ADUSMBGetFile( PSTR pszDomainName, PSTR pszSourcePath, PSTR pszDestPath ) { DWORD dwError = MAC_AD_ERROR_SUCCESS; PSTR pszFQSrcPath = NULL; PSTR pszDCHostname = NULL; if (IsNullOrEmptyString(pszDomainName) || IsNullOrEmptyString(pszSourcePath) || IsNullOrEmptyString(pszDestPath)) { dwError = MAC_AD_ERROR_INVALID_PARAMETER; BAIL_ON_MAC_ERROR(dwError); } dwError = GetPreferredDCAddress( pszDomainName, &pszDCHostname); BAIL_ON_MAC_ERROR(dwError); dwError = LwAllocateStringPrintf( &pszFQSrcPath, "//%s/sysvol/%s", pszDCHostname, *pszSourcePath == '/' ? pszSourcePath+1 : pszSourcePath); BAIL_ON_MAC_ERROR(dwError); LOG("Calling ADUCopyFileFromRemote(Src:%s, Dest:%s)", pszFQSrcPath, pszDestPath); dwError = ADUCopyFileFromRemote(pszFQSrcPath, pszDestPath); BAIL_ON_MAC_ERROR(dwError); cleanup: LW_SAFE_FREE_STRING(pszFQSrcPath); LW_SAFE_FREE_STRING(pszDCHostname); return dwError; error: goto cleanup; }
DWORD LwCLdapOpenDirectory( IN PCSTR pszServerName, OUT PHANDLE phDirectory ) { DWORD dwError = LW_ERROR_SUCCESS; LDAP * ld = NULL; PLW_LDAP_DIRECTORY_CONTEXT pDirectory = NULL; int rc = LDAP_VERSION3; PSTR pszURL = NULL; LW_BAIL_ON_INVALID_STRING(pszServerName); dwError = LwAllocateStringPrintf(&pszURL, "cldap://%s", pszServerName); BAIL_ON_LW_ERROR(dwError); dwError = ldap_initialize(&ld, pszURL); BAIL_ON_LDAP_ERROR(dwError); dwError = ldap_set_option(ld, LDAP_OPT_PROTOCOL_VERSION, &rc); BAIL_ON_LDAP_ERROR(dwError); dwError = ldap_set_option(ld, LDAP_OPT_REFERRALS, (void *)LDAP_OPT_OFF); BAIL_ON_LDAP_ERROR(dwError); dwError = LwAllocateMemory(sizeof(*pDirectory), OUT_PPVOID(&pDirectory)); BAIL_ON_LW_ERROR(dwError); pDirectory->ld = ld; error: LW_SAFE_FREE_STRING(pszURL); if (dwError) { if (pDirectory) { LwLdapCloseDirectory(pDirectory); pDirectory = NULL; } } *phDirectory = (HANDLE)pDirectory; return dwError; }
LSASS_API DWORD LsaAdRemoveGroupByIdFromCache( IN HANDLE hLsaConnection, IN OPTIONAL PCSTR pszDomainName, IN gid_t gid ) { DWORD dwError = 0; PSTR pszTargetProvider = NULL; if (geteuid() != 0) { dwError = LW_ERROR_ACCESS_DENIED; BAIL_ON_LSA_ERROR(dwError); } if (pszDomainName) { dwError = LwAllocateStringPrintf( &pszTargetProvider, "%s:%s", LSA_PROVIDER_TAG_AD, pszDomainName); BAIL_ON_LSA_ERROR(dwError); } dwError = LsaProviderIoControl( hLsaConnection, pszTargetProvider ? pszTargetProvider : LSA_PROVIDER_TAG_AD, LSA_AD_IO_REMOVEGROUPBYIDCACHE, sizeof(gid), &gid, NULL, NULL); BAIL_ON_LSA_ERROR(dwError); cleanup: LW_SAFE_FREE_STRING(pszTargetProvider); return dwError; error: goto cleanup; }
VOID LsaSrvLogProcessStoppedEvent( DWORD dwExitCode ) { DWORD dwError = 0; PSTR pszDescription = NULL; PSTR pszData = NULL; dwError = LwAllocateStringPrintf( &pszDescription, "The authentication service was stopped"); BAIL_ON_LSA_ERROR(dwError); dwError = LsaGetErrorMessageForLoggingEvent( dwExitCode, &pszData); BAIL_ON_LSA_ERROR(dwError); if (dwExitCode) { LsaSrvLogServiceFailureEvent( LSASS_EVENT_ERROR_SERVICE_STOPPED, SERVICE_EVENT_CATEGORY, pszDescription, pszData); } else { LsaSrvLogServiceSuccessEvent( LSASS_EVENT_INFO_SERVICE_STOPPED, SERVICE_EVENT_CATEGORY, pszDescription, pszData); } cleanup: LW_SAFE_FREE_STRING(pszDescription); LW_SAFE_FREE_STRING(pszData); return; error: goto cleanup; }
DWORD LwpsLegacySetJoinedDomainTrustEnumerationWaitTime( IN PLWPS_LEGACY_STATE pContext, IN OPTIONAL PCSTR pszDomainName ) { DWORD dwError = 0; int EE = 0; PSTR pszRegistryPath = NULL; DWORD dwValue = 0; if (pszDomainName) { dwError = LwAllocateStringPrintf( &pszRegistryPath, "%s\\%s", PSTOREDB_REGISTRY_AD_KEY, pszDomainName); GOTO_CLEANUP_ON_WINERROR_EE(dwError, EE); dwError = RegUtilSetValue( pContext->hReg, HKEY_THIS_MACHINE, pszRegistryPath, NULL, PSTOREDB_REGISTRY_TRUSTENUMERATIONWAIT_VALUE, REG_DWORD, (PVOID)&dwValue, sizeof(dwValue)); GOTO_CLEANUP_ON_WINERROR_EE(dwError, EE); dwError = RegUtilSetValue( pContext->hReg, HKEY_THIS_MACHINE, pszRegistryPath, NULL, PSTOREDB_REGISTRY_TRUSTENUMERATIONWAITSECONDS_VALUE, REG_DWORD, (PVOID)&dwValue, sizeof(dwValue)); GOTO_CLEANUP_ON_WINERROR_EE(dwError, EE); } cleanup: LSA_PSTORE_LOG_LEAVE_ERROR_EE(dwError, EE); return dwError; }
static DWORD GetErrorMessage( DWORD dwErrCode, PSTR* ppszErrorMsg) { DWORD dwError = 0; DWORD dwErrorBufferSize = 0; DWORD dwLen = 0; PSTR pszErrorMsg = NULL; PSTR pszErrorBuffer = NULL; dwErrorBufferSize = LwGetErrorString(dwErrCode, NULL, 0); if(!dwErrorBufferSize) goto cleanup; dwError = LwAllocateMemory( dwErrorBufferSize, OUT_PPVOID(&pszErrorBuffer)); BAIL_ON_UP_ERROR(dwError); dwLen = LwGetErrorString(dwErrCode, pszErrorBuffer, dwErrorBufferSize); if ((dwLen == dwErrorBufferSize) && !LW_IS_NULL_OR_EMPTY_STR(pszErrorBuffer)) { dwError = LwAllocateStringPrintf( &pszErrorMsg, "Error: %s [error code: %d]", pszErrorBuffer, dwErrCode); BAIL_ON_UP_ERROR(dwError); } *ppszErrorMsg = pszErrorMsg; cleanup: LW_SAFE_FREE_MEMORY(pszErrorBuffer); return dwError; error: LW_SAFE_FREE_STRING(pszErrorMsg); *ppszErrorMsg = NULL; goto cleanup; }
VOID EVTLogConfigReload( VOID ) { DWORD dwError = 0; PSTR pszDescription = NULL; dwError = LwAllocateStringPrintf( &pszDescription, " Current config settings are...\r\n" \ " Max Disk Usage : %d\r\n" \ " Max Number Of Events: %d\r\n" \ " Max Event Lifespan: %d\r\n" \ " Remove Events As Needed: %s\r\n" \ " Register TCP/IP RPC endpoints: %s\r\n" \ " Allow Read To : %s\r\n" \ " Allow Write To : %s\r\n" \ " Allow Delete To : %s\r\n", gServerInfo.dwMaxLogSize, gServerInfo.dwMaxRecords, gServerInfo.dwMaxAge, gServerInfo.bRemoveAsNeeded? "true" : "false", gServerInfo.bRegisterTcpIp ? "true" : "false", gServerInfo.pszAllowReadTo ? gServerInfo.pszAllowReadTo: "", gServerInfo.pszAllowWriteTo ? gServerInfo.pszAllowWriteTo: "", gServerInfo.pszAllowDeleteTo ? gServerInfo.pszAllowDeleteTo: ""); BAIL_ON_EVT_ERROR(dwError); EVT_LOG_INFO("%s", pszDescription); cleanup: LW_SAFE_FREE_STRING(pszDescription); return; error: goto cleanup; }
/** * Get current NT time. * The resulting string is dynamically allocated. Must be freed. * * @return NT time. */ PSTR GetCurrentNtTime() { DWORD dwError = 0; time_t utime = 0; UINT64 result = 0; PSTR resultStr = NULL; utime = time(NULL); result = (utime + 11644473600LL) * 10000000LL; dwError = LwAllocateStringPrintf(&resultStr, "%lld", result); if(dwError) { return NULL; } return resultStr; }
static DWORD LsaAdBatchMarshalUnprovisionedGroup( IN PAD_PROVIDER_DATA pProviderData, IN OUT PLSA_AD_BATCH_ITEM_GROUP_INFO pGroupInfo, IN PCSTR pszDnsDomainName, IN PCSTR pszNetbiosDomainName, IN PCSTR pszSamAccountName, IN PCSTR pszSid ) { DWORD dwError = 0; DWORD dwId = 0; PSTR pszNT4Name = NULL; dwError = LwAllocateStringPrintf( &pszNT4Name, "%s\\%s", pszNetbiosDomainName, pszSamAccountName); BAIL_ON_LSA_ERROR(dwError); // gid, alias dwError = ADUnprovPlugin_QueryByReal( pProviderData, FALSE, pszNT4Name, pszSid, &pGroupInfo->pszAlias, &dwId); BAIL_ON_LSA_ERROR(dwError); pGroupInfo->gid = (gid_t)dwId; cleanup: LW_SAFE_FREE_STRING(pszNT4Name); return dwError; error: goto cleanup; }
DWORD LwGssGetErrorMessage( OUT PSTR* ppszErrorMessage, IN OPTIONAL PCSTR pszGssFunction, IN OM_uint32 MajorStatus, IN OM_uint32 MinorStatus ) { DWORD dwError = 0; PSTR pszErrorMessage = NULL; PSTR pszMajorMessage = NULL; PSTR pszMinorMessage = NULL; dwError = LwGssGetSingleErrorMessage(&pszMajorMessage, MajorStatus, TRUE); BAIL_ON_LW_ERROR(dwError); dwError = LwGssGetSingleErrorMessage(&pszMinorMessage, MinorStatus, FALSE); BAIL_ON_LW_ERROR(dwError); dwError = LwAllocateStringPrintf(&pszErrorMessage, "GSS API error calling %s(): " "majorStatus = 0x%08x (%s), " "minorStatus = 0x%08x (%s)", pszGssFunction, MajorStatus, pszMajorMessage, MinorStatus, pszMinorMessage); BAIL_ON_LW_ERROR(dwError); error: if (dwError) { LW_SAFE_FREE_STRING(pszErrorMessage); } LW_SAFE_FREE_STRING(pszMajorMessage); LW_SAFE_FREE_STRING(pszMinorMessage); *ppszErrorMessage = pszErrorMessage; return dwError; }
DWORD UninstallLwiCompat( PCSTR pSmbdPath ) { DWORD error = 0; PSTR pSambaDir = NULL; PSTR pLwiCompat = NULL; error = GetIdmapDir( pSmbdPath, &pSambaDir); BAIL_ON_LSA_ERROR(error); error = LwAllocateStringPrintf( &pLwiCompat, "%s/%s", pSambaDir, LWICOMPAT_FILENAME ); BAIL_ON_LSA_ERROR(error); if (unlink(pLwiCompat) < 0) { if (errno != ENOENT) { error = LwMapErrnoToLwError(errno); BAIL_ON_LSA_ERROR(error); } } LW_RTL_LOG_INFO("Unlinked idmapper %s", pLwiCompat); cleanup: LW_SAFE_FREE_STRING(pSambaDir); LW_SAFE_FREE_STRING(pLwiCompat); return error; }
VOID LWNetSrvLogProcessFailureEvent( DWORD dwErrCode ) { DWORD dwError = 0; PSTR pszDescription = NULL; PSTR pszData = NULL; dwError = LwAllocateStringPrintf( &pszDescription, "The Likewise site manager service stopped running due to an error"); BAIL_ON_LWNET_ERROR(dwError); dwError = LWNetGetErrorMessageForLoggingEvent( dwErrCode, &pszData); BAIL_ON_LWNET_ERROR(dwError); LWNetSrvLogErrorEvent( LWNET_EVENT_ERROR_SERVICE_START_FAILURE, SERVICE_EVENT_CATEGORY, pszDescription, pszData); cleanup: LWNET_SAFE_FREE_STRING(pszDescription); LWNET_SAFE_FREE_STRING(pszData); return; error: goto cleanup; }
VOID LsaSrvLogProcessFailureEvent( DWORD dwErrCode ) { DWORD dwError = 0; PSTR pszDescription = NULL; PSTR pszData = NULL; dwError = LwAllocateStringPrintf( &pszDescription, "The authentication service stopped running due to an error"); BAIL_ON_LSA_ERROR(dwError); dwError = LsaGetErrorMessageForLoggingEvent( dwErrCode, &pszData); BAIL_ON_LSA_ERROR(dwError); LsaSrvLogServiceFailureEvent( LSASS_EVENT_ERROR_SERVICE_START_FAILURE, SERVICE_EVENT_CATEGORY, pszDescription, pszData); cleanup: LW_SAFE_FREE_STRING(pszDescription); LW_SAFE_FREE_STRING(pszData); return; error: goto cleanup; }
DWORD ADGetDomainQualifiedString( PCSTR pszNetBIOSDomainName, PCSTR pszName, PSTR* ppszQualifiedName ) { DWORD dwError = 0; PSTR pszQualifiedName = NULL; dwError = LwAllocateStringPrintf( &pszQualifiedName, "%s%c%s", pszNetBIOSDomainName, LsaSrvDomainSeparator(), pszName); BAIL_ON_LSA_ERROR(dwError); LwStrnToUpper(pszQualifiedName, strlen(pszNetBIOSDomainName)); LwStrToLower(pszQualifiedName + strlen(pszNetBIOSDomainName) + 1); *ppszQualifiedName = pszQualifiedName; cleanup: return dwError; error: *ppszQualifiedName = NULL; LW_SAFE_FREE_STRING(pszQualifiedName); goto cleanup; }
DWORD UmnSrvReadUser( PCSTR pParentKey, PCSTR pName, PUSER_MONITOR_PASSWD pResult ) { DWORD dwError = 0; PSTR pUserPath = NULL; LWREG_CONFIG_ITEM userLayout[] = { { "pw_name", FALSE, LwRegTypeString, 0, -1, NULL, &pResult->pw_name, NULL }, { "pw_passwd", FALSE, LwRegTypeString, 0, -1, NULL, &pResult->pw_passwd, NULL }, { "pw_uid", FALSE, LwRegTypeDword, 0, -1, NULL, &pResult->pw_uid, NULL }, { "pw_gid", FALSE, LwRegTypeDword, 0, -1, NULL, &pResult->pw_gid, NULL }, { "pw_gecos", FALSE, LwRegTypeString, 0, -1, NULL, &pResult->pw_gecos, NULL }, { "pw_dir", FALSE, LwRegTypeString, 0, -1, NULL, &pResult->pw_dir, NULL }, { "pw_shell", FALSE, LwRegTypeString, 0, -1, NULL, &pResult->pw_shell, NULL }, { "pDisplayName", FALSE, LwRegTypeString, 0, -1, NULL, &pResult->pDisplayName, NULL }, { "LastUpdated", FALSE, LwRegTypeDword, 0, -1, NULL, &pResult->LastUpdated, NULL }, }; UMN_LOG_VERBOSE("Reading previous values for user '%s'", pName); dwError = LwAllocateStringPrintf( &pUserPath, "Services\\" SERVICE_NAME "\\Parameters\\%s\\%s", pParentKey, pName); BAIL_ON_UMN_ERROR(dwError); dwError = LwRegProcessConfig( pUserPath, NULL, userLayout, sizeof(userLayout)/sizeof(userLayout[0])); BAIL_ON_UMN_ERROR(dwError); cleanup: LW_SAFE_FREE_STRING(pUserPath); return dwError; error: goto cleanup; }
static DWORD LsaSrvAuthProviderAllocateProviderList( PLSA_AUTH_PROVIDER *ppProviderList ) { DWORD dwError = 0; PSTR pszLoadOrder = NULL; // Multistring PCSTR pszProvider = NULL; PSTR pszProviderKey = NULL; PLSA_AUTH_PROVIDER pProvider = NULL; PLSA_AUTH_PROVIDER pProviderList = NULL; dwError = LsaSrvAuthProviderRegGetLoadOrder(&pszLoadOrder); BAIL_ON_LSA_ERROR(dwError); if (!pszLoadOrder) { /* We should only get here if there is some problem with the * registry -- can't access it, the key isn't there, ... * -- so we will try a default set of providers. */ LSA_LOG_ERROR("Problem accessing provider configuration in registry. Trying compiled defaults [ActiveDirectory, Local]."); dwError = LsaSrvAllocateProvider( LSA_PROVIDER_TAG_AD, LSA_PROVIDER_PATH_AD, &pProvider); BAIL_ON_LSA_ERROR(dwError); if (pProvider) { LsaSrvAppendAuthProviderList(&pProviderList, pProvider); pProvider = NULL; } dwError = LsaSrvAllocateProvider( LSA_PROVIDER_TAG_LOCAL, LSA_PROVIDER_PATH_LOCAL, &pProvider); BAIL_ON_LSA_ERROR(dwError); if (pProvider) { LsaSrvAppendAuthProviderList(&pProviderList, pProvider); pProvider = NULL; } } else { pszProvider = pszLoadOrder; while ( pszProvider != NULL && *pszProvider != '\0' ) { dwError = LwAllocateStringPrintf( &pszProviderKey, "Services\\lsass\\Parameters\\Providers\\%s", pszProvider); BAIL_ON_LSA_ERROR(dwError); dwError = LsaSrvAuthLoadProvider( pszProvider, pszProviderKey, &pProvider); BAIL_ON_LSA_ERROR(dwError); if (pProvider) { LsaSrvAppendAuthProviderList(&pProviderList, pProvider); pProvider = NULL; } LW_SAFE_FREE_STRING(pszProviderKey); pszProvider = pszProvider + strlen(pszProvider) + 1; } } cleanup: *ppProviderList = pProviderList; LW_SAFE_FREE_MEMORY(pszLoadOrder); LW_SAFE_FREE_STRING(pszProviderKey); return dwError; error: LsaSrvFreeAuthProviderList(pProviderList); pProviderList = NULL; goto cleanup; }
DWORD AD_ReadRegistry( IN OPTIONAL PCSTR pszDomainName, OUT PLSA_AD_CONFIG pConfig ) { DWORD dwError = 0; PSTR pszDomainKey = NULL; PSTR pszDomainPolicyKey = NULL; PSTR pszUmask = NULL; PSTR pszUnresolvedMemberList = NULL; DWORD dwMachinePasswordSyncLifetime = 0; PSTR pszExcludeTrustsListMultiString = NULL; PSTR pszIncludeTrustsListMultiString = NULL; LSA_AD_CONFIG StagingConfig; const PCSTR CellSupport[] = { "unprovisioned" }; const PCSTR CacheBackend[] = { "sqlite", "memory" }; LWREG_CONFIG_ITEM ADConfigDescription[] = { { "HomeDirUmask", TRUE, LwRegTypeString, 0, MAXDWORD, NULL, &pszUmask, NULL }, { "RequireMembershipOf", TRUE, LwRegTypeMultiString, 0, MAXDWORD, NULL, &pszUnresolvedMemberList, NULL }, { "LoginShellTemplate", TRUE, LwRegTypeString, 0, MAXDWORD, NULL, &StagingConfig.pszShell, NULL }, { "HomeDirTemplate", TRUE, LwRegTypeString, 0, MAXDWORD, NULL, &StagingConfig.pszHomedirTemplate, NULL }, { "RemoteHomeDirTemplate", TRUE, LwRegTypeString, 0, MAXDWORD, NULL, &StagingConfig.pszRemoteHomeDirTemplate, NULL }, { "UserDomainPrefix", TRUE, LwRegTypeString, 0, MAXDWORD, NULL, &StagingConfig.pszUserDomainPrefix }, { "MachinePasswordLifespan", TRUE, LwRegTypeDword, 0, /* Valid range is 0 or [AD_MACHINE_PASSWORD_SYNC_MINIMUM_SECS,*/ MAXDWORD, /* AD_MACHINE_PASSWORD_SYNC_MAXIMUM_SECS] */ NULL, &dwMachinePasswordSyncLifetime, NULL }, { "CacheEntryExpiry", TRUE, LwRegTypeDword, AD_CACHE_ENTRY_EXPIRY_MINIMUM_SECS, AD_CACHE_ENTRY_EXPIRY_MAXIMUM_SECS, NULL, &StagingConfig.dwCacheEntryExpirySecs, NULL }, { "MemoryCacheSizeCap", TRUE, LwRegTypeDword, 0, MAXDWORD, NULL, &StagingConfig.dwCacheSizeCap, NULL }, { "LdapSignAndSeal", TRUE, LwRegTypeBoolean, 0, MAXDWORD, NULL, &StagingConfig.bLDAPSignAndSeal, NULL }, { "AssumeDefaultDomain", TRUE, LwRegTypeBoolean, 0, MAXDWORD, NULL, &StagingConfig.bAssumeDefaultDomain, NULL }, { "SyncSystemTime", TRUE, LwRegTypeBoolean, 0, MAXDWORD, NULL, &StagingConfig.bSyncSystemTime, NULL }, { "LogNetworkConnectionEvents", TRUE, LwRegTypeBoolean, 0, MAXDWORD, NULL, &StagingConfig.bShouldLogNetworkConnectionEvents, NULL }, { "CreateK5Login", TRUE, LwRegTypeBoolean, 0, MAXDWORD, NULL, &StagingConfig.bCreateK5Login, NULL }, { "CreateHomeDir", TRUE, LwRegTypeBoolean, 0, -1, NULL, &StagingConfig.bCreateHomeDir, NULL }, { "SkeletonDirs", TRUE, LwRegTypeString, 0, MAXDWORD, NULL, &StagingConfig.pszSkelDirs, NULL }, { "HomeDirPrefix", TRUE, LwRegTypeString, 0, MAXDWORD, NULL, &StagingConfig.pszHomedirPrefix, NULL }, { "RefreshUserCredentials", TRUE, LwRegTypeBoolean, 0, MAXDWORD, NULL, &StagingConfig.bRefreshUserCreds, NULL }, { "TrimUserMembership", TRUE, LwRegTypeBoolean, 0, MAXDWORD, NULL, &StagingConfig.bTrimUserMembershipEnabled, NULL }, { "CellSupport", TRUE, LwRegTypeEnum, AD_CELL_SUPPORT_UNPROVISIONED, AD_CELL_SUPPORT_UNPROVISIONED, CellSupport, &StagingConfig.CellSupport, NULL }, { "CacheType", TRUE, LwRegTypeEnum, AD_CACHE_SQLITE, AD_CACHE_IN_MEMORY, CacheBackend, &StagingConfig.CacheBackend, NULL }, { "NssGroupMembersQueryCacheOnly", TRUE, LwRegTypeBoolean, 0, MAXDWORD, NULL, &StagingConfig.bNssGroupMembersCacheOnlyEnabled, NULL }, { "NssUserMembershipQueryCacheOnly", TRUE, LwRegTypeBoolean, 0, MAXDWORD, NULL, &StagingConfig.bNssUserMembershipCacheOnlyEnabled, NULL }, { "NssEnumerationEnabled", TRUE, LwRegTypeBoolean, 0, MAXDWORD, NULL, &StagingConfig.bNssEnumerationEnabled, NULL }, { "DomainManagerCheckDomainOnlineInterval", TRUE, LwRegTypeDword, 0, MAXDWORD, NULL, &StagingConfig.DomainManager.dwCheckDomainOnlineSeconds, NULL }, { "DomainManagerUnknownDomainCacheTimeout", TRUE, LwRegTypeDword, 0, MAXDWORD, NULL, &StagingConfig.DomainManager.dwUnknownDomainCacheTimeoutSeconds, NULL }, { "DomainManagerIgnoreAllTrusts", TRUE, LwRegTypeBoolean, 0, MAXDWORD, NULL, &StagingConfig.DomainManager.bIgnoreAllTrusts, NULL }, { "DomainManagerExcludeTrustsList", TRUE, LwRegTypeMultiString, 0, MAXDWORD, NULL, &pszExcludeTrustsListMultiString, NULL }, { "DomainManagerIncludeTrustsList", TRUE, LwRegTypeMultiString, 0, MAXDWORD, NULL, &pszIncludeTrustsListMultiString, NULL }, { "IgnoreUserNameList", TRUE, LwRegTypeMultiString, 0, MAXDWORD, NULL, &StagingConfig.pszaIgnoreUserNameList, NULL }, { "IgnoreGroupNameList", TRUE, LwRegTypeMultiString, 0, MAXDWORD, NULL, &StagingConfig.pszaIgnoreGroupNameList, NULL }, { "MultiTenancyEnabled", TRUE, LwRegTypeBoolean, 0, MAXDWORD, NULL, &StagingConfig.bMultiTenancyEnabled, NULL }, { "AddDomainToLocalGroupsEnabled", TRUE, LwRegTypeBoolean, 0, MAXDWORD, NULL, &StagingConfig.bAddDomainToLocalGroupsEnabled, NULL } }; LWREG_CONFIG_ITEM LsaConfigDescription[] = { { "EnableEventlog", TRUE, LwRegTypeBoolean, 0, MAXDWORD, NULL, &StagingConfig.bEnableEventLog, NULL } }; dwError = AD_InitializeConfig(&StagingConfig); BAIL_ON_LSA_ERROR(dwError); dwMachinePasswordSyncLifetime = AD_MACHINE_PASSWORD_SYNC_DEFAULT_SECS; dwError = RegProcessConfig( AD_PROVIDER_REGKEY, AD_PROVIDER_POLICY_REGKEY, ADConfigDescription, sizeof(ADConfigDescription)/sizeof(ADConfigDescription[0])); BAIL_ON_LSA_ERROR(dwError); if (pszDomainName) { dwError = LwAllocateStringPrintf( &pszDomainKey, "%s\\%s", AD_PROVIDER_DOMAINJOIN_REGKEY, pszDomainName); BAIL_ON_LSA_ERROR(dwError); dwError = LwAllocateStringPrintf( &pszDomainPolicyKey, "%s\\%s", AD_PROVIDER_POLICY_DOMAINJOIN_REGKEY, pszDomainName); BAIL_ON_LSA_ERROR(dwError); dwError = RegProcessConfig( pszDomainKey, pszDomainPolicyKey, ADConfigDescription, sizeof(ADConfigDescription)/sizeof(ADConfigDescription[0])); BAIL_ON_LSA_ERROR(dwError); } dwError = RegProcessConfig( "Services\\lsass\\Parameters", "Policy\\Services\\lsass\\Parameters", LsaConfigDescription, sizeof(LsaConfigDescription)/sizeof(LsaConfigDescription[0])); BAIL_ON_LSA_ERROR(dwError); AD_SetConfig_Umask( &StagingConfig, "HomeDirUmask", pszUmask); AD_SetConfig_RequireMembershipOf( &StagingConfig, "RequireMembershipOf", pszUnresolvedMemberList); AD_SetConfig_MachinePasswordLifespan( &StagingConfig, "MachinePasswordLifespan", dwMachinePasswordSyncLifetime); AD_SetConfig_DomainManager_TrustExceptionList( &StagingConfig, (StagingConfig.DomainManager.bIgnoreAllTrusts ? pszIncludeTrustsListMultiString : pszExcludeTrustsListMultiString)); AD_TransferConfigContents(&StagingConfig, pConfig); cleanup: LW_SAFE_FREE_STRING(pszDomainKey); LW_SAFE_FREE_STRING(pszDomainPolicyKey); LW_SAFE_FREE_STRING(pszUmask); LW_SAFE_FREE_STRING(pszUnresolvedMemberList); LW_SAFE_FREE_STRING(pszExcludeTrustsListMultiString); LW_SAFE_FREE_STRING(pszIncludeTrustsListMultiString); AD_FreeConfigContents(&StagingConfig); return dwError; error: AD_FreeConfigContents(pConfig); goto cleanup; }