static DWORD WkssAllocateNetrWkstaUserInfo1( OUT PVOID pOut, IN OUT PDWORD pdwOffset, IN OUT PDWORD pdwSpaceLeft, IN PNETR_WKSTA_USER_INFO_1 pIn, IN OUT PDWORD pdwSize ) { DWORD dwError = ERROR_SUCCESS; NTSTATUS ntStatus = STATUS_SUCCESS; PVOID pBuffer = pOut; BAIL_ON_INVALID_PTR(pdwOffset, ntStatus); BAIL_ON_INVALID_PTR(pIn, ntStatus); BAIL_ON_INVALID_PTR(pdwSize, ntStatus); LWBUF_ALLOC_WC16STR(pBuffer, pIn->wkui1_username); LWBUF_ALLOC_WC16STR(pBuffer, pIn->wkui1_logon_domain); LWBUF_ALLOC_WC16STR(pBuffer, pIn->wkui1_oth_domains); LWBUF_ALLOC_WC16STR(pBuffer, pIn->wkui1_logon_server); cleanup: if (ntStatus == STATUS_SUCCESS && dwError != ERROR_SUCCESS) { ntStatus = LwWin32ErrorToNtStatus(dwError); } return dwError; error: goto cleanup; }
static NTSTATUS NetrAllocateSidAttr( OUT NetrSidAttr *pOut, IN OUT PDWORD pdwOffset, IN OUT PDWORD pdwSpaceLeft, IN NetrSidAttr *pIn, IN OUT PDWORD pdwSize ) { NTSTATUS ntStatus = STATUS_SUCCESS; DWORD dwError = ERROR_SUCCESS; PVOID pBuffer = pOut; BAIL_ON_INVALID_PTR(pdwOffset, ntStatus); BAIL_ON_INVALID_PTR(pIn, ntStatus); BAIL_ON_INVALID_PTR(pdwSize, ntStatus); LWBUF_ALLOC_PSID(pBuffer, pIn->sid); LWBUF_ALLOC_DWORD(pBuffer, pIn->attribute); LWBUF_ALIGN(pdwOffset, pdwSize, pdwSpaceLeft); cleanup: if (ntStatus == STATUS_SUCCESS && dwError != ERROR_SUCCESS) { ntStatus = LwWin32ErrorToNtStatus(dwError); } return ntStatus; error: goto cleanup; }
static NTSTATUS LsaAllocateDomainInfo( OUT PVOID pBuffer, IN OUT PDWORD pdwOffset, IN OUT PDWORD pdwSpaceLeft, IN LsaDomainInfo *pIn, IN OUT PDWORD pdwSize ) { NTSTATUS ntStatus = STATUS_SUCCESS; DWORD dwError = ERROR_SUCCESS; LWBUF_ALLOC_UNICODE_STRING(pBuffer, (PUNICODE_STRING)&pIn->name); LWBUF_ALLOC_PSID(pBuffer, pIn->sid); cleanup: if (ntStatus == STATUS_SUCCESS && dwError != ERROR_SUCCESS) { ntStatus = LwWin32ErrorToNtStatus(dwError); } return ntStatus; error: goto cleanup; }
NTSTATUS SrvsSvcmStart( PLW_SVCM_INSTANCE pInstance, ULONG ArgCount, PWSTR* pArgs, ULONG FdCount, int* pFds ) { DWORD err = ERROR_SUCCESS; err = SrvsInitialiseConfig(&gpSrvsServerInfo->config); BAIL_ON_SRVSVC_ERROR(err); err = SrvSvcReadConfigSettings(&gpSrvsServerInfo->config); BAIL_ON_SRVSVC_ERROR(err); err = SrvSvcInitSecurity(); BAIL_ON_SRVSVC_ERROR(err); err = SrvSvcRpcInitialize(); BAIL_ON_SRVSVC_ERROR(err); err = SrvSvcDSNotify(); BAIL_ON_SRVSVC_ERROR(err); err = SrvSvcSMNotify(); BAIL_ON_SRVSVC_ERROR(err); error: return LwWin32ErrorToNtStatus(err); }
NTSTATUS LWNetSvcmStart( PLW_SVCM_INSTANCE pInstance, ULONG ArgCount, PWSTR* ppArgs, ULONG FdCount, int* pFds ) { DWORD dwError = 0; dwError = LWNetSrvSetDefaults(); BAIL_ON_LWNET_ERROR(dwError); dwError = LWNetSrvInitialize(); BAIL_ON_LWNET_ERROR(dwError); dwError = LWNetSrvStartListenThread(); BAIL_ON_LWNET_ERROR(dwError); // Post service started event to eventlog LWNetSrvLogProcessStartedEvent(); cleanup: return LwWin32ErrorToNtStatus(dwError); error: goto cleanup; }
static NTSTATUS NetrAllocateRidWithAttribute( OUT PRID_WITH_ATTRIBUTE pOut, IN OUT PDWORD pdwOffset, IN OUT PDWORD pdwSpaceLeft, IN PRID_WITH_ATTRIBUTE pRids, IN OUT PDWORD pdwSize ) { NTSTATUS ntStatus = STATUS_SUCCESS; DWORD dwError = ERROR_SUCCESS; PVOID pBuffer = pOut; BAIL_ON_INVALID_PTR(pdwOffset, ntStatus); BAIL_ON_INVALID_PTR(pRids, ntStatus); BAIL_ON_INVALID_PTR(pdwSize, ntStatus); LWBUF_ALLOC_DWORD(pBuffer, pRids->dwRid); LWBUF_ALLOC_DWORD(pBuffer, pRids->dwAttributes); cleanup: if (ntStatus == STATUS_SUCCESS && dwError != ERROR_SUCCESS) { ntStatus = LwWin32ErrorToNtStatus(dwError); } return ntStatus; error: goto cleanup; }
NTSTATUS EVTSvcmStart( PLW_SVCM_INSTANCE pInstance, ULONG ArgCount, PWSTR* ppArgs, ULONG FdCount, int* pFds ) { DWORD dwError = 0; BOOLEAN bRegisterTcpIp = TRUE; dwError = EVTSetServerDefaults(); BAIL_ON_EVT_ERROR(dwError); dwError = LwEvtDbCreateDB(gServerInfo.bReplaceDB); BAIL_ON_EVT_ERROR(dwError); if (gServerInfo.bReplaceDB) { goto cleanup; } dwError = EVTReadEventLogConfigSettings(); if (dwError != 0) { EVT_LOG_ERROR("Failed to read eventlog configuration. Error code: [%u]\n", dwError); dwError = 0; } dwError = EVTGetRegisterTcpIp(&bRegisterTcpIp); BAIL_ON_EVT_ERROR(dwError); dwError = LwEvtDbInitEventDatabase(); BAIL_ON_EVT_ERROR(dwError); dwError = LwmEvtSrvStartListenThread(); BAIL_ON_EVT_ERROR(dwError); dwError = EVTRegisterInterface(); BAIL_ON_EVT_ERROR(dwError); if (bRegisterTcpIp) { dwError = LwMapErrnoToLwError(dcethread_create( &gNetworkThread, NULL, EVTNetworkThread, &gbExitNow)); BAIL_ON_EVT_ERROR(dwError); gbRegisteredTcpIp = TRUE; } cleanup: return LwWin32ErrorToNtStatus(dwError); error: goto cleanup; }
static NTSTATUS LsaSrvQueryAccountSecurity( PLSAR_ACCOUNT_CONTEXT pAccountContext, SECURITY_INFORMATION SecurityInformation, PSECURITY_DESCRIPTOR_RELATIVE *ppSecurityDescRelative, PDWORD pSecurityDescRelativeSize ) { NTSTATUS ntStatus = STATUS_SUCCESS; DWORD err = ERROR_SUCCESS; PSECURITY_DESCRIPTOR_RELATIVE pSecDescRelative = NULL; DWORD secDescRelativeSize = 0; PSECURITY_DESCRIPTOR_RELATIVE pSecurityDescRelative = NULL; err = LsaSrvPrivsGetAccountSecurity( NULL, pAccountContext->pPolicyCtx->pUserToken, pAccountContext->pAccountContext, SecurityInformation, &pSecDescRelative, &secDescRelativeSize); BAIL_ON_LSA_ERROR(err); ntStatus = LsaSrvAllocateMemory( OUT_PPVOID(&pSecurityDescRelative), secDescRelativeSize); BAIL_ON_NT_STATUS(ntStatus); memcpy(pSecurityDescRelative, pSecDescRelative, secDescRelativeSize); *ppSecurityDescRelative = pSecurityDescRelative; *pSecurityDescRelativeSize = secDescRelativeSize; error: if (err || ntStatus) { if (pSecurityDescRelative) { LsaSrvFreeMemory(pSecurityDescRelative); } *ppSecurityDescRelative = NULL; *pSecurityDescRelativeSize = 0; } LW_SAFE_FREE_MEMORY(pSecDescRelative); if (ntStatus == STATUS_SUCCESS && err != ERROR_SUCCESS) { ntStatus = LwWin32ErrorToNtStatus(err); } return ntStatus; }
NTSTATUS LsaSrvInitUnicodeStringEx( PUNICODE_STRING pOut, PCWSTR pwszIn ) { NTSTATUS ntStatus = STATUS_SUCCESS; DWORD dwError = ERROR_SUCCESS; size_t sLen = 0; size_t sSize = 0; BAIL_ON_INVALID_POINTER(pOut); if (pwszIn) { dwError = LwWc16sLen(pwszIn, &sLen); BAIL_ON_LSA_ERROR(dwError); sSize = (sLen + 1) * sizeof(WCHAR); ntStatus = LsaSrvAllocateMemory(OUT_PPVOID(&pOut->Buffer), sSize); BAIL_ON_NTSTATUS_ERROR(ntStatus); memcpy(pOut->Buffer, pwszIn, sLen * sizeof(WCHAR)); } else { pOut->Buffer = NULL; } pOut->MaximumLength = sSize; pOut->Length = sLen * sizeof(WCHAR); cleanup: if (ntStatus == STATUS_SUCCESS && dwError != ERROR_SUCCESS) { ntStatus = LwWin32ErrorToNtStatus(dwError); } return ntStatus; error: if (pOut->Buffer) { LsaSrvFreeMemory(pOut->Buffer); pOut->Buffer = NULL; } pOut->MaximumLength = 0; pOut->Length = 0; goto cleanup; }
NTSTATUS LsaAllocateTranslatedSids3( OUT TranslatedSid3 *pOut, IN OUT PDWORD pdwOffset, IN OUT PDWORD pdwSpaceLeft, IN TranslatedSidArray3 *pIn, IN OUT PDWORD pdwSize ) { NTSTATUS ntStatus = STATUS_SUCCESS; DWORD dwError = ERROR_SUCCESS; PVOID pBuffer = pOut; DWORD iTransSid = 0; BAIL_ON_INVALID_PTR(pdwOffset, ntStatus); BAIL_ON_INVALID_PTR(pIn, ntStatus); BAIL_ON_INVALID_PTR(pdwSize, ntStatus); for (iTransSid = 0; iTransSid < pIn->count; iTransSid++) { LWBUF_ALLOC_WORD(pBuffer, pIn->sids[iTransSid].type); LWBUF_ALIGN_PTR(pdwOffset, pdwSize, pdwSpaceLeft); if (pIn->sids[iTransSid].sid) { LWBUF_ALLOC_PSID(pBuffer, pIn->sids[iTransSid].sid); } else if (pIn->sids[iTransSid].type == SID_TYPE_DOMAIN || pIn->sids[iTransSid].type == SID_TYPE_INVALID || pIn->sids[iTransSid].type == SID_TYPE_UNKNOWN) { LWBUF_ALLOC_PSID(pBuffer, NULL); } else { ntStatus = STATUS_INVALID_SID; BAIL_ON_NT_STATUS(ntStatus); } LWBUF_ALLOC_DWORD(pBuffer, pIn->sids[iTransSid].index); LWBUF_ALLOC_DWORD(pBuffer, pIn->sids[iTransSid].unknown1); } cleanup: if (ntStatus == STATUS_SUCCESS && dwError != ERROR_SUCCESS) { ntStatus = LwWin32ErrorToNtStatus(dwError); } return ntStatus; error: goto cleanup; }
NTSTATUS LsaSvcmStart( PLW_SVCM_INSTANCE pInstance, ULONG ArgCount, PWSTR* ppArgs, ULONG FdCount, int* pFds ) { DWORD dwError = 0; dwError = LsaSrvSetDefaults(); BAIL_ON_LSA_ERROR(dwError); dwError = LsaInitTracing_r(); BAIL_ON_LSA_ERROR(dwError); // Test system to see if dependent configuration tasks are completed prior to starting our process. dwError = LsaSrvStartupPreCheck(); BAIL_ON_LSA_ERROR(dwError); #ifdef ENABLE_EVENTLOG dwError = LsaSrvStartEventLoggingThread(); BAIL_ON_LSA_ERROR(dwError); #endif /* Start NTLM IPC server before we initialize providers because the providers might end up attempting to use NTLM via gss-api */ dwError = NtlmSrvStartListenThread(); BAIL_ON_LSA_ERROR(dwError); dwError = LsaSrvInitialize(); BAIL_ON_LSA_ERROR(dwError); dwError = LsaSrvStartListenThread(); BAIL_ON_LSA_ERROR(dwError); if(LsaSrvEventlogEnabled()) { LsaSrvLogProcessStartedEvent(); } cleanup: return LwWin32ErrorToNtStatus(dwError); error: goto cleanup; }
NTSTATUS EVTSvcmStop( PLW_SVCM_INSTANCE pInstance ) { DWORD dwError = 0; EVT_LOG_INFO("Eventlog Service exiting..."); gbExitNow = TRUE; if (gbRegisteredTcpIp) { dwError = EVTUnregisterAllEndpoints(); BAIL_ON_EVT_ERROR(dwError); dwError = EVTStopListen(); BAIL_ON_EVT_ERROR(dwError); } dwError = LwmEvtSrvStopListenThread(); BAIL_ON_EVT_ERROR(dwError); if (gbRegisteredTcpIp) { dwError = LwMapErrnoToLwError(dcethread_interrupt(gNetworkThread)); BAIL_ON_EVT_ERROR(dwError); dwError = LwMapErrnoToLwError(dcethread_join(gNetworkThread, NULL)); BAIL_ON_EVT_ERROR(dwError); } cleanup: LwEvtDbShutdownEventDatabase(); EVTSetConfigDefaults(); EVTFreeSecurityDescriptor(gServerInfo.pAccess); gServerInfo.pAccess = NULL; return LwWin32ErrorToNtStatus(dwError); error: EVT_LOG_ERROR("Eventlog exiting due to error [code:%d]", dwError); goto cleanup; }
NTSTATUS NetrAllocateDomainTrusts( OUT NetrDomainTrust *pOut, IN OUT PDWORD pdwOffset, IN OUT PDWORD pdwSpaceLeft, IN NetrDomainTrustList *pIn, IN OUT PDWORD pdwSize ) { NTSTATUS ntStatus = STATUS_SUCCESS; DWORD dwError = ERROR_SUCCESS; PVOID pBuffer = pOut; UINT32 i = 0; BAIL_ON_INVALID_PTR(pdwOffset, ntStatus); BAIL_ON_INVALID_PTR(pIn, ntStatus); BAIL_ON_INVALID_PTR(pdwSize, ntStatus); for (i = 0; i < pIn->count; i++) { LWBUF_ALLOC_PWSTR(pBuffer, pIn->array[i].netbios_name); LWBUF_ALLOC_PWSTR(pBuffer, pIn->array[i].dns_name); LWBUF_ALLOC_DWORD(pBuffer, pIn->array[i].trust_flags); LWBUF_ALLOC_DWORD(pBuffer, pIn->array[i].parent_index); LWBUF_ALLOC_WORD(pBuffer, pIn->array[i].trust_type); LWBUF_ALIGN_TYPE(pdwOffset, pdwSize, pdwSpaceLeft, DWORD); LWBUF_ALLOC_DWORD(pBuffer, pIn->array[i].trust_attrs); LWBUF_ALLOC_PSID(pBuffer, pIn->array[i].sid); LWBUF_ALLOC_BLOB(pBuffer, sizeof(pIn->array[i].guid), &(pIn->array[i].guid)); } cleanup: if (ntStatus == STATUS_SUCCESS && dwError != ERROR_SUCCESS) { ntStatus = LwWin32ErrorToNtStatus(dwError); } return ntStatus; error: goto cleanup; }
NTSTATUS SamrSrvConnect( /* [in] */ handle_t hBinding, /* [in] */ PCWSTR pwszSystemName, /* [in] */ DWORD dwAccessMask, /* [out] */ CONNECT_HANDLE *hConn ) { const DWORD dwConnectVersion = 2; NTSTATUS ntStatus = STATUS_SUCCESS; DWORD dwError = 0; PCONNECT_CONTEXT pConnCtx = NULL; ntStatus = SamrSrvConnectInternal(hBinding, pwszSystemName, dwAccessMask, dwConnectVersion, 0, NULL, NULL, NULL, &pConnCtx); BAIL_ON_NTSTATUS_ERROR(ntStatus); *hConn = (CONNECT_HANDLE)pConnCtx; cleanup: if (ntStatus == STATUS_SUCCESS && dwError != ERROR_SUCCESS) { ntStatus = LwWin32ErrorToNtStatus(dwError); } return ntStatus; error: if (pConnCtx) { SamrSrvConnectContextFree(pConnCtx); } *hConn = NULL; goto cleanup; }
static NTSTATUS LsaSrvInitNpAuthInfo( IN rpc_transport_info_handle_t hTransportInfo, OUT PPOLICY_CONTEXT pPolCtx ) { NTSTATUS ntStatus = STATUS_SUCCESS; DWORD dwError = ERROR_SUCCESS; PUCHAR pucSessionKey = NULL; unsigned16 SessionKeyLen = 0; PBYTE pSessionKey = NULL; DWORD dwSessionKeyLen = 0; rpc_smb_transport_info_inq_session_key( hTransportInfo, (unsigned char**)&pucSessionKey, &SessionKeyLen); dwSessionKeyLen = SessionKeyLen; if (dwSessionKeyLen) { dwError = LwAllocateMemory(dwSessionKeyLen, OUT_PPVOID(&pSessionKey)); BAIL_ON_LSA_ERROR(dwError); memcpy(pSessionKey, pucSessionKey, dwSessionKeyLen); } pPolCtx->pSessionKey = pSessionKey; pPolCtx->dwSessionKeyLen = dwSessionKeyLen; cleanup: if (ntStatus == STATUS_SUCCESS && dwError != ERROR_SUCCESS) { ntStatus = LwWin32ErrorToNtStatus(dwError); } return ntStatus; error: goto cleanup; }
static NTSTATUS LsaSrvAccountContextDelete( PLSAR_ACCOUNT_CONTEXT pAccountCtx ) { NTSTATUS ntStatus = STATUS_SUCCESS; DWORD err = ERROR_SUCCESS; err = LsaSrvPrivsMarkAccountDeleted(pAccountCtx->pAccountContext); if (err) { ntStatus = LwWin32ErrorToNtStatus(err); } LsaSrvAccountContextFree(pAccountCtx); return ntStatus; }
NTSTATUS LsaLsaErrorToNtStatus( IN DWORD LsaError ) { switch (LsaError) { case LW_ERROR_SUCCESS: return STATUS_SUCCESS; case LW_ERROR_OUT_OF_MEMORY: return STATUS_INSUFFICIENT_RESOURCES; case LW_ERROR_INVALID_SID: return STATUS_INVALID_SID; default: { NTSTATUS status = LwWin32ErrorToNtStatus(LsaError); return (status != (NTSTATUS)-1) ? status : STATUS_UNSUCCESSFUL; } } }
NTSTATUS LsaAllocateTranslatedNames( OUT TranslatedName *pOut, IN OUT PDWORD pdwOffset, IN OUT PDWORD pdwSpaceLeft, IN TranslatedNameArray *pIn, IN OUT PDWORD pdwSize ) { NTSTATUS ntStatus = STATUS_SUCCESS; DWORD dwError = ERROR_SUCCESS; PVOID pBuffer = pOut; DWORD iTransName = 0; BAIL_ON_INVALID_PTR(pdwOffset, ntStatus); BAIL_ON_INVALID_PTR(pIn, ntStatus); BAIL_ON_INVALID_PTR(pdwSize, ntStatus); for (iTransName = 0; iTransName < pIn->count; iTransName++) { LWBUF_ALIGN(pdwOffset, pdwSize, pdwSpaceLeft); LWBUF_ALLOC_WORD(pBuffer, pIn->names[iTransName].type); LWBUF_ALIGN_PTR(pdwOffset, pdwSize, pdwSpaceLeft); LWBUF_ALLOC_UNICODE_STRING( pBuffer, (PUNICODE_STRING)&pIn->names[iTransName].name); LWBUF_ALLOC_DWORD(pBuffer, pIn->names[iTransName].sid_index); } cleanup: if (ntStatus == STATUS_SUCCESS && dwError != ERROR_SUCCESS) { ntStatus = LwWin32ErrorToNtStatus(dwError); } return ntStatus; error: goto cleanup; }
static NTSTATUS NetrAllocateDomainTrustInfo( OUT NetrDomainTrustInfo *pOut, IN OUT PDWORD pdwOffset, IN OUT PDWORD pdwSpaceLeft, IN NetrDomainTrustInfo *pIn, IN OUT PDWORD pdwSize ) { NTSTATUS ntStatus = STATUS_SUCCESS; DWORD dwError = ERROR_SUCCESS; NetrDomainTrustInfo *pBuffer = pOut; BAIL_ON_INVALID_PTR(pdwOffset, ntStatus); BAIL_ON_INVALID_PTR(pIn, ntStatus); BAIL_ON_INVALID_PTR(pdwSize, ntStatus); LWBUF_ALIGN(pdwOffset, pdwSize, pdwSpaceLeft); LWBUF_ALLOC_UNICODE_STRING(pBuffer, (PUNICODE_STRING)&pIn->domain_name); LWBUF_ALLOC_UNICODE_STRING(pBuffer, (PUNICODE_STRING)&pIn->full_domain_name); LWBUF_ALLOC_UNICODE_STRING(pBuffer, (PUNICODE_STRING)&pIn->forest); LWBUF_ALLOC_BLOB(pBuffer, sizeof(pIn->guid), &pIn->guid); LWBUF_ALLOC_PSID(pBuffer, pIn->sid); cleanup: if (ntStatus == STATUS_SUCCESS && dwError != ERROR_SUCCESS) { ntStatus = LwWin32ErrorToNtStatus(dwError); } return ntStatus; error: goto cleanup; }
static NTSTATUS NetrAllocateSamInfo6( OUT NetrSamInfo6 *pOut, IN OUT PDWORD pdwOffset, IN OUT PDWORD pdwSpaceLeft, IN NetrSamInfo6 *pIn, IN OUT PDWORD pdwSize ) { NTSTATUS ntStatus = STATUS_SUCCESS; DWORD dwError = ERROR_SUCCESS; PVOID pBuffer = pOut; BAIL_ON_INVALID_PTR(pdwOffset, ntStatus); BAIL_ON_INVALID_PTR(pIn, ntStatus); BAIL_ON_INVALID_PTR(pdwSize, ntStatus); ntStatus = NetrAllocateSamInfo3((NetrSamInfo3*)pBuffer, pdwOffset, pdwSpaceLeft, (NetrSamInfo3*)pIn, pdwSize); BAIL_ON_NT_STATUS(ntStatus); LWBUF_ALLOC_UNICODE_STRING(pBuffer, (PUNICODE_STRING)&pIn->forest); LWBUF_ALLOC_UNICODE_STRING(pBuffer, (PUNICODE_STRING)&pIn->principal); LWBUF_ALLOC_BLOB(pBuffer, sizeof(pIn->unknown), pIn->unknown); cleanup: if (ntStatus == STATUS_SUCCESS && dwError != ERROR_SUCCESS) { ntStatus = LwWin32ErrorToNtStatus(dwError); } return ntStatus; error: goto cleanup; }
NTSTATUS LsaAllocateTranslatedSids2( OUT TranslatedSid2 *pOut, IN OUT PDWORD pdwOffset, IN OUT PDWORD pdwSpaceLeft, IN TranslatedSidArray2 *pIn, IN OUT PDWORD pdwSize ) { NTSTATUS ntStatus = STATUS_SUCCESS; DWORD dwError = ERROR_SUCCESS; PVOID pBuffer = pOut; DWORD iTransSid = 0; BAIL_ON_INVALID_PTR(pdwOffset, ntStatus); BAIL_ON_INVALID_PTR(pIn, ntStatus); BAIL_ON_INVALID_PTR(pdwSize, ntStatus); for (iTransSid = 0; iTransSid < pIn->count; iTransSid++) { LWBUF_ALLOC_WORD(pBuffer, pIn->sids[iTransSid].type); LWBUF_ALIGN_TYPE(pdwOffset, pdwSize, pdwSpaceLeft, DWORD); LWBUF_ALLOC_DWORD(pBuffer, pIn->sids[iTransSid].rid); LWBUF_ALLOC_DWORD(pBuffer, pIn->sids[iTransSid].index); LWBUF_ALLOC_DWORD(pBuffer, pIn->sids[iTransSid].unknown1); } cleanup: if (ntStatus == STATUS_SUCCESS && dwError != ERROR_SUCCESS) { ntStatus = LwWin32ErrorToNtStatus(dwError); } return ntStatus; error: goto cleanup; }
NTSTATUS NetrAllocateDcNameInfo( OUT DsrDcNameInfo *pOut, IN OUT PDWORD pdwOffset, IN OUT PDWORD pdwSpaceLeft, IN DsrDcNameInfo *pIn, IN OUT PDWORD pdwSize ) { NTSTATUS ntStatus = STATUS_SUCCESS; DWORD dwError = ERROR_SUCCESS; DsrDcNameInfo *pBuffer = pOut; BAIL_ON_INVALID_PTR(pdwOffset, ntStatus); BAIL_ON_INVALID_PTR(pIn, ntStatus); BAIL_ON_INVALID_PTR(pdwSize, ntStatus); LWBUF_ALLOC_PWSTR(pBuffer, pIn->dc_name); LWBUF_ALLOC_PWSTR(pBuffer, pIn->dc_address); LWBUF_ALLOC_WORD(pBuffer, pIn->address_type); LWBUF_ALLOC_BLOB(pBuffer, sizeof(pIn->domain_guid), &pIn->domain_guid); LWBUF_ALLOC_PWSTR(pBuffer, pIn->domain_name); LWBUF_ALLOC_PWSTR(pBuffer, pIn->forest_name); LWBUF_ALLOC_DWORD(pBuffer, pIn->flags); LWBUF_ALLOC_PWSTR(pBuffer, pIn->dc_site_name); LWBUF_ALLOC_PWSTR(pBuffer, pIn->cli_site_name); cleanup: if (ntStatus == STATUS_SUCCESS && dwError != ERROR_SUCCESS) { ntStatus = LwWin32ErrorToNtStatus(dwError); } return ntStatus; error: goto cleanup; }
NTSTATUS LsaSrvAddPrivilegesToAccount( /* [in] */ handle_t hBinding, /* [in] */ LSAR_ACCOUNT_HANDLE hAccount, /* [in] */ PPRIVILEGE_SET pPrivileges ) { NTSTATUS ntStatus = STATUS_SUCCESS; DWORD err = ERROR_SUCCESS; PLSAR_ACCOUNT_CONTEXT pAccountCtx = (PLSAR_ACCOUNT_CONTEXT)hAccount; PPOLICY_CONTEXT pPolicyCtx = NULL; BAIL_ON_INVALID_PTR(hAccount); BAIL_ON_INVALID_PTR(pPrivileges); if (pAccountCtx->Type != LsaContextAccount) { ntStatus = STATUS_INVALID_HANDLE; BAIL_ON_NT_STATUS(ntStatus); } pPolicyCtx = pAccountCtx->pPolicyCtx; err = LsaSrvPrivsAddPrivilegesToAccount( NULL, pPolicyCtx->pUserToken, pAccountCtx->pAccountContext, pPrivileges); BAIL_ON_LSA_ERROR(err); error: if (ntStatus == STATUS_SUCCESS && err != ERROR_SUCCESS) { ntStatus = LwWin32ErrorToNtStatus(err); } return ntStatus; }
NTSTATUS LsaAllocateAccountRightNames( OUT PWSTR *pOut, IN OUT PDWORD pdwOffset, IN OUT PDWORD pdwSpaceLeft, IN PLSA_ACCOUNT_RIGHTS pIn, IN OUT PDWORD pdwSize ) { NTSTATUS ntStatus = STATUS_SUCCESS; DWORD dwError = ERROR_SUCCESS; PVOID pBuffer = pOut; DWORD iName = 0; BAIL_ON_INVALID_PTR(pdwOffset, ntStatus); BAIL_ON_INVALID_PTR(pIn, ntStatus); BAIL_ON_INVALID_PTR(pdwSize, ntStatus); for (iName = 0; iName < pIn->NumAccountRights; iName++) { LWBUF_ALIGN(pdwOffset, pdwSize, pdwSpaceLeft); LWBUF_ALLOC_WC16STR_FROM_UNICODE_STRING( pBuffer, &pIn->pAccountRight[iName]); } cleanup: if (ntStatus == STATUS_SUCCESS && dwError != ERROR_SUCCESS) { ntStatus = LwWin32ErrorToNtStatus(dwError); } return ntStatus; error: goto cleanup; }
NTSTATUS LsaAllocatePrivilegeValues( OUT PWSTR *pOut, IN OUT PDWORD pdwOffset, IN OUT PDWORD pdwSpaceLeft, IN PLSA_PRIVILEGE_ENUM_BUFFER pIn, IN OUT PDWORD pdwSize ) { NTSTATUS ntStatus = STATUS_SUCCESS; DWORD dwError = ERROR_SUCCESS; PVOID pBuffer = pOut; DWORD iName = 0; BAIL_ON_INVALID_PTR(pdwOffset, ntStatus); BAIL_ON_INVALID_PTR(pIn, ntStatus); BAIL_ON_INVALID_PTR(pdwSize, ntStatus); for (iName = 0; iName < pIn->NumPrivileges; iName++) { LWBUF_ALIGN(pdwOffset, pdwSize, pdwSpaceLeft); LWBUF_ALLOC_WC16STR_FROM_UNICODE_STRING( pBuffer, &pIn->pPrivilege[iName].Name); } cleanup: if (ntStatus == STATUS_SUCCESS && dwError != ERROR_SUCCESS) { ntStatus = LwWin32ErrorToNtStatus(dwError); } return ntStatus; error: goto cleanup; }
NTSTATUS LsaSvcmRefresh( PLW_SVCM_INSTANCE pInstance ) { DWORD dwError = 0; HANDLE hServer = NULL; LSA_LOG_VERBOSE("Refreshing configuration"); dwError = LsaSrvOpenServer( getuid(), getgid(), getpid(), &hServer); BAIL_ON_LSA_ERROR(dwError); dwError = LsaSrvRefreshConfiguration(hServer); BAIL_ON_LSA_ERROR(dwError); LSA_LOG_INFO("Refreshed configuration successfully"); cleanup: if (hServer != NULL) { LsaSrvCloseServer(hServer); } return LwWin32ErrorToNtStatus(dwError); error: LSA_LOG_ERROR("Failed to refresh configuration. [Error code:%u]", dwError); goto cleanup; }
NTSTATUS LsaAllocateSids( OUT PSID *pOut, IN OUT PDWORD pdwOffset, IN OUT PDWORD pdwSpaceLeft, IN PLSA_ACCOUNT_ENUM_BUFFER pIn, IN OUT PDWORD pdwSize ) { NTSTATUS ntStatus = STATUS_SUCCESS; DWORD dwError = ERROR_SUCCESS; PVOID pBuffer = pOut; DWORD iSid = 0; BAIL_ON_INVALID_PTR(pdwOffset, ntStatus); BAIL_ON_INVALID_PTR(pIn, ntStatus); BAIL_ON_INVALID_PTR(pdwSize, ntStatus); for (iSid = 0; iSid < pIn->NumAccounts; iSid++) { LWBUF_ALIGN(pdwOffset, pdwSize, pdwSpaceLeft); LWBUF_ALLOC_PSID(pBuffer, pIn->pAccount[iSid].pSid); } cleanup: if (ntStatus == STATUS_SUCCESS && dwError != ERROR_SUCCESS) { ntStatus = LwWin32ErrorToNtStatus(dwError); } return ntStatus; error: goto cleanup; }
BOOLEAN CreateRpcBinding( PVOID *phBinding, RPC_BINDING_TYPE eBindingType, PCWSTR pwszHostname, PCWSTR pwszBinding, PCREDENTIALS pCredentials ) { PCSTR pszNtlmsspAuth = "ntlmssp"; PCSTR pszSign = "sign"; PCSTR pszSeal = "seal"; BOOLEAN bRet = TRUE; NTSTATUS ntStatus = STATUS_SUCCESS; DWORD dwError = ERROR_SUCCESS; unsigned32 rpcStatus = RPC_S_OK; LSA_BINDING hBinding = NULL; LW_PIO_CREDS pIoCreds = NULL; PWSTR pwszBindingString = NULL; size_t sBindingStringLen = 0; PSTR pszBindingString = NULL; PSTR *ppszOptions = NULL; DWORD iOpt = 0; DWORD i = 0; DWORD dwNumValidOptions = 0; unsigned32 AuthType = 0; unsigned32 ProtectionLevel = 0; SEC_WINNT_AUTH_IDENTITY *pNtlmSspAuthInfo = NULL; PVOID pAuthInfo = NULL; unsigned char *pszUuid = NULL; unsigned char *pszProtSeq = NULL; unsigned char *pszNetworkAddr = NULL; unsigned char *pszEndpoint = NULL; unsigned char *pszOptions = NULL; PSTR pszHostname = NULL; if (phBinding == NULL) { ntStatus = STATUS_INVALID_PARAMETER; BAIL_ON_NT_STATUS(ntStatus); } if (pwszBinding) { dwError = LwAllocateWc16String(&pwszBindingString, pwszBinding); BAIL_ON_WIN_ERROR(dwError); dwError = LwWc16sLen(pwszBindingString, &sBindingStringLen); BAIL_ON_WIN_ERROR(dwError); dwError = LwWc16sToMbs(pwszBindingString, &pszBindingString); BAIL_ON_WIN_ERROR(dwError); ppszOptions = get_string_list(pszBindingString, ':'); if (ppszOptions == NULL) { ntStatus = STATUS_INVALID_PARAMETER; BAIL_ON_NT_STATUS(ntStatus); } /* * Find and identify valid options */ while (ppszOptions[iOpt]) { if (!strcasecmp(pszNtlmsspAuth, ppszOptions[iOpt])) { AuthType = rpc_c_authn_winnt; dwNumValidOptions++; } else if (!strcasecmp(pszSign, ppszOptions[iOpt])) { ProtectionLevel = rpc_c_authn_level_pkt_integrity; dwNumValidOptions++; } else if (!strcasecmp(pszSeal, ppszOptions[iOpt])) { ProtectionLevel = rpc_c_authn_level_pkt_privacy; dwNumValidOptions++; } iOpt++; } } /* * Cut off the options from the binding string so it can * be passed to rpc routines */ if (dwNumValidOptions > 0) { i = sBindingStringLen; while (dwNumValidOptions && pwszBindingString[--i]) { if (pwszBindingString[i] == (WCHAR)':') { dwNumValidOptions--; } } pwszBindingString[i] = (WCHAR)'\0'; pszBindingString[i] = '\0'; } ntStatus = LwIoGetActiveCreds(NULL, &pIoCreds); BAIL_ON_NT_STATUS(ntStatus); if (pwszBindingString) { ntStatus = RpcInitBindingFromBindingString( (handle_t*)&hBinding, pwszBindingString, pIoCreds); } else { switch (eBindingType) { case RPC_LSA_BINDING: ntStatus = LsaInitBindingDefault(&hBinding, pwszHostname, pIoCreds); break; case RPC_SAMR_BINDING: ntStatus = SamrInitBindingDefault(&hBinding, pwszHostname, pIoCreds); break; case RPC_NETLOGON_BINDING: ntStatus = NetrInitBindingDefault(&hBinding, pwszHostname, pIoCreds); break; case RPC_DSSETUP_BINDING: ntStatus = DsrInitBindingDefault(&hBinding, pwszHostname, pIoCreds); break; case RPC_WKSSVC_BINDING: ntStatus = WkssInitBindingDefault(&hBinding, pwszHostname, pIoCreds); break; default: ntStatus = STATUS_NOT_IMPLEMENTED; break; } } BAIL_ON_NT_STATUS(ntStatus); switch (AuthType) { case rpc_c_authn_winnt: dwError = LwAllocateMemory(sizeof(*pNtlmSspAuthInfo), OUT_PPVOID(&pNtlmSspAuthInfo)); BAIL_ON_WIN_ERROR(dwError); if (pCredentials->Ntlm.pwszDomain) { dwError = LwWc16sToMbs(pCredentials->Ntlm.pwszDomain, &pNtlmSspAuthInfo->Domain); BAIL_ON_WIN_ERROR(dwError); pNtlmSspAuthInfo->DomainLength = strlen(pNtlmSspAuthInfo->Domain); } dwError = LwWc16sToMbs(pCredentials->Ntlm.pwszUsername, &pNtlmSspAuthInfo->User); BAIL_ON_WIN_ERROR(dwError); pNtlmSspAuthInfo->UserLength = strlen(pNtlmSspAuthInfo->User); dwError = LwWc16sToMbs(pCredentials->Ntlm.pwszPassword, &pNtlmSspAuthInfo->Password); BAIL_ON_WIN_ERROR(dwError); pNtlmSspAuthInfo->PasswordLength = strlen(pNtlmSspAuthInfo->Password); pAuthInfo = (PVOID)pNtlmSspAuthInfo; break; default: pAuthInfo = NULL; break; } if (pwszHostname) { dwError = LwWc16sToMbs(pwszHostname, &pszHostname); BAIL_ON_WIN_ERROR(dwError); } else { rpc_string_binding_parse((unsigned char*)pszBindingString, &pszUuid, &pszProtSeq, &pszNetworkAddr, &pszEndpoint, &pszOptions, &rpcStatus); if (rpcStatus) { ntStatus = LwRpcStatusToNtStatus(rpcStatus); BAIL_ON_NT_STATUS(ntStatus); } dwError = LwAllocateString((PSTR)pszNetworkAddr, &pszHostname); BAIL_ON_WIN_ERROR(dwError); } if (AuthType) { rpc_binding_set_auth_info(hBinding, (unsigned char*)pszHostname, ProtectionLevel, AuthType, (rpc_auth_identity_handle_t)pAuthInfo, rpc_c_authz_name, /* authz_protocol */ &rpcStatus); if (rpcStatus) { ntStatus = LwRpcStatusToNtStatus(rpcStatus); BAIL_ON_NT_STATUS(ntStatus); } } *phBinding = hBinding; cleanup: if (pIoCreds) { LwIoDeleteCreds(pIoCreds); } LW_SAFE_FREE_MEMORY(pwszBindingString); LW_SAFE_FREE_MEMORY(pszBindingString); LW_SAFE_FREE_MEMORY(pszHostname); rpc_string_free(&pszUuid, &rpcStatus); rpc_string_free(&pszProtSeq, &rpcStatus); rpc_string_free(&pszNetworkAddr, &rpcStatus); rpc_string_free(&pszEndpoint, &rpcStatus); rpc_string_free(&pszOptions, &rpcStatus); if (ppszOptions) { free_string_list(ppszOptions); } if (ntStatus == STATUS_SUCCESS && dwError != ERROR_SUCCESS) { ntStatus = LwWin32ErrorToNtStatus(dwError); } if (ntStatus != STATUS_SUCCESS) { bRet = FALSE; } return bRet; error: *phBinding = NULL; bRet = FALSE; goto cleanup; }
NTSTATUS SamrCreateDomAlias( IN SAMR_BINDING hBinding, IN DOMAIN_HANDLE hDomain, IN PWSTR pwszAliasName, IN UINT32 AccessMask, OUT ACCOUNT_HANDLE *phAlias, OUT PUINT32 pRid ) { NTSTATUS ntStatus = STATUS_SUCCESS; DWORD dwError = ERROR_SUCCESS; UNICODE_STRING AliasName = {0}; ACCOUNT_HANDLE hAlias = NULL; UINT32 Rid = 0; BAIL_ON_INVALID_PTR(hBinding, ntStatus); BAIL_ON_INVALID_PTR(hDomain, ntStatus); BAIL_ON_INVALID_PTR(pwszAliasName, ntStatus); BAIL_ON_INVALID_PTR(phAlias, ntStatus); BAIL_ON_INVALID_PTR(pRid, ntStatus); dwError = LwAllocateUnicodeStringFromWc16String( &AliasName, pwszAliasName); BAIL_ON_WIN_ERROR(dwError); DCERPC_CALL(ntStatus, cli_SamrCreateDomAlias((handle_t)hBinding, hDomain, &AliasName, AccessMask, &hAlias, &Rid)); BAIL_ON_NT_STATUS(ntStatus); *phAlias = hAlias; *pRid = Rid; cleanup: LwFreeUnicodeString(&AliasName); if (ntStatus == STATUS_SUCCESS && dwError != ERROR_SUCCESS) { ntStatus = LwWin32ErrorToNtStatus(dwError); } return ntStatus; error: if (phAlias) { *phAlias = NULL; } if (pRid) { *pRid = 0; } goto cleanup; }
NTSTATUS LsaSrvGetSystemCreds( OUT LW_PIO_CREDS *ppCreds ) { NTSTATUS ntStatus = STATUS_SUCCESS; DWORD dwError = ERROR_SUCCESS; LW_PIO_CREDS pCreds = NULL; PSTR pszMachinePrincipal = NULL; PSTR pszCachePath = NULL; PLSA_MACHINE_ACCOUNT_INFO_A pAccountInfo = NULL; dwError = LsaSrvProviderGetMachineAccountInfoA( LSA_PROVIDER_TAG_AD, NULL, &pAccountInfo); BAIL_ON_LSA_ERROR(dwError); dwError = LwAllocateStringPrintf( &pszMachinePrincipal, "%s@%s", pAccountInfo->SamAccountName, pAccountInfo->DnsDomainName); BAIL_ON_LSA_ERROR(dwError); dwError = LwAllocateStringPrintf( &pszCachePath, "%s.%s", LSASS_KRB5_CACHE_PATH, pAccountInfo->DnsDomainName); BAIL_ON_LSA_ERROR(dwError); dwError = LwIoCreateKrb5CredsA( pszMachinePrincipal, pszCachePath, &pCreds); BAIL_ON_LSA_ERROR(dwError); *ppCreds = pCreds; cleanup: LW_SAFE_FREE_STRING(pszMachinePrincipal); LW_SAFE_FREE_STRING(pszCachePath); LsaSrvFreeMachineAccountInfoA(pAccountInfo); if (ntStatus == STATUS_SUCCESS && dwError != ERROR_SUCCESS) { ntStatus = LwWin32ErrorToNtStatus(dwError); } return ntStatus; error: if (pCreds) { LwIoDeleteCreds(pCreds); } *ppCreds = NULL; goto cleanup; }