/****************************************************************************
add all the privileges to a privilege array
****************************************************************************/
NTSTATUS add_all_privilege(PRIVILEGE_SET *priv_set)
{
NTSTATUS result = NT_STATUS_OK;
LUID_ATTR set;
set.attr = 0;
set.luid.high = 0;
/* TODO: set a proper list of privileges */
set.luid.low = SE_PRIV_ADD_USERS;
result = add_privilege(priv_set, set);
NTSTATUS_CHECK(result, done, "add_all_privilege", "add_privilege");
set.luid.low = SE_PRIV_ADD_MACHINES;
result = add_privilege(priv_set, set);
NTSTATUS_CHECK(result, done, "add_all_privilege", "add_privilege");
set.luid.low = SE_PRIV_PRINT_OPERATOR;
result = add_privilege(priv_set, set);
NTSTATUS_CHECK(result, done, "add_all_privilege", "add_privilege");
return result;
}
/**
* @brief
* main - the entry point in pbs_account_win.c
*
* @param[in] argc - argument count
* @param[in] argv - argument variables.
* @param[in] env - environment values.
*
* @return int
* @retval 0 : success
* @retval !=0 : error code
*/
main(int argc, char *argv[])
{
SID *sa_sid = NULL; /* service account SID */
char sa_name[PBS_MAXHOSTNAME+UNLEN+2] = {'\0'}; /* service account name */
/* domain\user\0 */
int ret_val = 0;
int c_opt = 0;
int s_opt = 0;
int a_opt = 0;
int p_opt = 0;
int R_opt = 0;
int U_opt = 0;
int instid_opt = 0;
char service_bin_path[MAXPATHLEN+1] = {'\0'};
char service_name[MAXPATHLEN+1] = {'\0'};
int i = 0;
char outputfile[MAXPATHLEN+1] = {'\0'};
char instanceName[MAXPATHLEN+1] = {'\0'};
int output_fd = -1;
struct passwd *pw = NULL;
char *p = NULL;
winsock_init();
/*test for real deal or just version and exit*/
execution_mode(argc, argv);
strcpy(exec_unamef, getlogin_full());
strcpy(exec_dname, ".");
if ((p=strchr(exec_unamef, '\\'))) {
*p = '\0';
strcpy(exec_dname, exec_unamef);
*p = '\\';
}
strcpy(sa_password, "");
strcpy(outputfile, "");
/* with no option, check only if service account exists */
if (argc == 1) {
int in_domain_environment = 0;
char dname[PBS_MAXHOSTNAME+1] = {'\0'};
char dctrl[PBS_MAXHOSTNAME+1] = {'\0'};
wchar_t unamew[UNLEN+1] = {'\0'};
wchar_t dctrlw[PBS_MAXHOSTNAME+1] = {'\0'};
USER_INFO_0 *ui1_ptr = NULL;
NET_API_STATUS netst = 0;
/* figure out the domain controller hostname (dctrl) */
/* in domain environment, */
/* domain name (dname) != domain controller hostname */
/* in standalone environment, */
/* domain name (dname) == domain controller hostname */
in_domain_environment = GetComputerDomainName(dname);
strcpy(dctrl, dname);
if (in_domain_environment) {
char dname_a[PBS_MAXHOSTNAME+1];
get_dcinfo(dname, dname_a, dctrl);
}
/* convert strings to "wide" format */
mbstowcs(unamew, service_accountname, UNLEN+1);
mbstowcs(dctrlw, dctrl, PBS_MAXHOSTNAME+1);
netst = wrap_NetUserGetInfo(dctrlw, unamew, 1,
(LPBYTE *)&ui1_ptr);
if (strlen(winlog_buffer) > 0) {
fprintf(stderr, "%s\n", winlog_buffer);
}
if (netst == NERR_UserNotFound) {
fprintf(stderr, "%s not found!\n", service_accountname);
if (in_domain_environment &&
stricmp(exec_dname, dname) != 0) {
fprintf(stderr,
"But no privilege to create service account %s\\%s!\n",
dname, service_accountname);
ret_val=2;
} else {
ret_val=1;
}
} else if ((netst == ERROR_ACCESS_DENIED) ||
(netst == ERROR_LOGON_FAILURE)) {
fprintf(stderr,
"no privilege to obtain info for service account %s\\%s!\n",
dname, service_accountname);
ret_val= 2;
} else {
fprintf(stderr, "service account is %s\\%s!\n",
dname, service_accountname);
ret_val = 0;
}
if (ui1_ptr != NULL)
NetApiBufferFree(ui1_ptr);
goto end_pbs_account;
}
i = 1;
while (i < argc) {
if (strcmp(argv[i], "-c") == 0) {
c_opt = 1;
i++;
} else if (strcmp(argv[i], "--ci") == 0) {
c_opt = 1;
for_info_only = 1;
i++;
} else if (strcmp(argv[i], "-s") == 0) {
s_opt = 1;
i++;
} else if (strcmp(argv[i], "-a") == 0) {
if ((argv[i+1] == NULL) || (argv[i+1][0] == '-')) {
fprintf(stderr, "No service account name argument supplied!\n");
usage(argv[0]);
exit(1);
}
a_opt = 1;
strcpy(service_accountname, argv[i+1]);
i+=2;
} else if (strcmp(argv[i], "-p") == 0) {
if ((argv[i+1] == NULL) || (argv[i+1][0] == '-')) {
fprintf(stderr, "No password argument supplied!\n");
usage(argv[0]);
exit(1);
}
p_opt = 1;
strcpy(sa_password, argv[i+1]);
cache_usertoken_and_homedir(service_accountname, NULL, 0,
read_sa_password, (char*)service_accountname,
decrypt_sa_password, 1);
i+=2;
} else if (strcmp(argv[i], "--reg") == 0) {
if ((argv[i+1] == NULL) || (argv[i+1][0] == '-')) {
fprintf(stderr, "No service binary path given\n");
usage(argv[0]);
exit(1);
}
R_opt = 1;
strcpy(service_bin_path, argv[i+1]);
i+=2;
} else if (strcmp(argv[i], "--unreg") == 0) {
if ((argv[i+1] == NULL) || (argv[i+1][0] == '-')) {
fprintf(stderr, "No service binary path given\n");
usage(argv[0]);
exit(1);
}
U_opt = 1;
strcpy(service_bin_path, argv[i+1]);
i+=2;
} else if (strcmp(argv[i], "-o") == 0) {
if ((argv[i+1] == NULL) || (argv[i+1][0] == '-')) {
fprintf(stderr, "No output path argument supplied!\n");
usage(argv[0]);
exit(1);
}
p_opt = 1;
strcpy(outputfile, argv[i+1]);
i+=2;
} else if (strncmp(argv[i], "--instid", strlen("--instid")) == 0) {
if ((argv[i+1] == NULL) || (argv[i+1][0] == '-')) {
fprintf(stderr, "No instance id supplied!\n");
usage(argv[0]);
exit(1);
}
instid_opt = 1;
strncpy(instanceName, argv[i+1], MAXPATHLEN);
i+=2;
} else {
fprintf(stderr, "Unknown option %s\n", argv[i]);
usage(argv[0]);
exit(1);
}
}
if (strlen(outputfile) > 0) {
if ((output_fd=open(outputfile, O_RDWR|O_CREAT, 0600)) != -1) {
_dup2(output_fd, 1); /* put stdout in file */
_dup2(output_fd, 2); /* put stderr in file */
}
}
/* prompt for password if not supplied with -p */
if ((c_opt || R_opt) && (strcmp(sa_password, "") == 0)) {
prompt_to_get_password(sa_password);
cache_usertoken_and_homedir(service_accountname, NULL, 0,
read_sa_password, (char *)service_accountname,
decrypt_sa_password, 1);
}
/* Need to get service_name */
if (R_opt || U_opt) {
char *p = NULL;
int k = 0;
strcpy(service_name, service_bin_path);
if ((p=strrchr(service_bin_path, '\\'))) {
strcpy(service_name, p+1);
}
if ((p=strrchr(service_name, '.'))) {/*remove .exe portion*/
*p = '\0';
}
/* translate from lower-case to upper-case */
for (k=0; k < strlen(service_name); k++) {
service_name[k] = toupper(service_name[k]);
}
if (instid_opt) {
strcat_s(service_name, MAXPATHLEN, "_");
strcat_s(service_name, MAXPATHLEN, instanceName);
}
}
if (c_opt) {
if (add_service_account(sa_password) == 0) {
ret_val = 3;
goto end_pbs_account;
}
}
if (s_opt || R_opt) { /* need service account name */
sa_sid = getusersid2(service_accountname, sa_name);
if (sa_sid == NULL) {
fprintf(stderr, "%s not found!\n", service_accountname);
ret_val= 1;
goto end_pbs_account;
}
if (!isAdminPrivilege(service_accountname)) {
fprintf(stderr, "%s is not ADMIN! - %s\n",
service_accountname, winlog_buffer);
ret_val = 2;
goto end_pbs_account;
}
}
if (s_opt) {
int r1, r2, r3, r4;
printf("Setting the following privileges to %s:\n", sa_name);
r1 = add_privilege(sa_sid, SE_CREATE_TOKEN_NAME);
r2 = add_privilege(sa_sid, SE_ASSIGNPRIMARYTOKEN_NAME);
r3 = add_privilege(sa_sid, SE_SERVICE_LOGON_NAME);
r4 = add_privilege(sa_sid, SE_TCB_NAME);
if ((r1 != 0) || (r2 != 0) || (r3 != 0) || (r4 != 0)) {
ret_val = 4;
goto end_pbs_account;
}
}
if (R_opt) {
ret_val = register_scm(__TEXT(service_name), service_bin_path,
sa_name, sa_password);
}
if (U_opt) {
ret_val = unregister_scm(__TEXT(service_name));
}
end_pbs_account:
if (sa_sid != NULL)
LocalFree(sa_sid);
if (strlen(sa_password) > 0)
memset((char *)sa_password, 0, strlen(sa_password));
if (output_fd != -1)
(void)close(output_fd);
exit(ret_val);
}
