DWORD
VmAuthsvcConfigSetAdminCredentials(
PCSTR pszUserDN,
PCSTR pszPassword
)
{
DWORD dwError = 0;
PCSTR pszParamsKeyPath = VMAUTHSVC_CONFIG_PARAMETER_KEY_PATH;
PCSTR pszValueAdminDN = VMAUTHSVC_REG_KEY_ADMIN_DN;
PCSTR pszCredsKeyPath = VMAUTHSVC_CONFIG_CREDS_KEY_PATH;
PCSTR pszValueAdminPassword = VMAUTHSVC_REG_KEY_ADMIN_PASSWD;
HANDLE hConnection = NULL;
if (IsNullOrEmptyString(pszUserDN) || !pszPassword)
{
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMAUTHSVC_ERROR(dwError);
}
dwError = RegOpenServer(&hConnection);
BAIL_ON_VMAUTHSVC_ERROR(dwError);
dwError = RegUtilSetValue(
hConnection,
HKEY_THIS_MACHINE,
pszParamsKeyPath,
NULL,
pszValueAdminDN,
REG_SZ,
(PVOID)pszUserDN,
VmAuthsvcStringLenA(pszUserDN));
BAIL_ON_VMAUTHSVC_ERROR(dwError);
dwError = RegUtilSetValue(
hConnection,
HKEY_THIS_MACHINE,
pszCredsKeyPath,
NULL,
pszValueAdminPassword,
REG_SZ,
(PVOID)pszPassword,
VmAuthsvcStringLenA(pszPassword));
BAIL_ON_VMAUTHSVC_ERROR(dwError);
error:
if (hConnection)
{
RegCloseServer(hConnection);
}
return dwError;
}
DWORD
LwCASetRegKeyValue(
PCSTR pszConfigParamKeyPath,
PCSTR pszKey,
PSTR pszValue,
size_t valueLen
)
{
DWORD dwError = 0;
if (IsNullOrEmptyString(pszConfigParamKeyPath) || IsNullOrEmptyString(pszKey))
{
dwError = LWCA_ERROR_INVALID_PARAMETER;
BAIL_ON_LWCA_ERROR(dwError);
}
dwError = RegUtilSetValue(
NULL,
HKEY_THIS_MACHINE,
pszConfigParamKeyPath,
NULL,
pszKey,
REG_SZ,
(PVOID)pszValue,
valueLen);
BAIL_ON_LWCA_ERROR(dwError);
cleanup:
return dwError;
error:
goto cleanup;
}
DWORD
LwpsLegacySetJoinedDomainTrustEnumerationWaitTime(
IN PLWPS_LEGACY_STATE pContext,
IN OPTIONAL PCSTR pszDomainName
)
{
DWORD dwError = 0;
int EE = 0;
PSTR pszRegistryPath = NULL;
DWORD dwValue = 0;
if (pszDomainName)
{
dwError = LwAllocateStringPrintf(
&pszRegistryPath,
"%s\\%s",
PSTOREDB_REGISTRY_AD_KEY,
pszDomainName);
GOTO_CLEANUP_ON_WINERROR_EE(dwError, EE);
dwError = RegUtilSetValue(
pContext->hReg,
HKEY_THIS_MACHINE,
pszRegistryPath,
NULL,
PSTOREDB_REGISTRY_TRUSTENUMERATIONWAIT_VALUE,
REG_DWORD,
(PVOID)&dwValue,
sizeof(dwValue));
GOTO_CLEANUP_ON_WINERROR_EE(dwError, EE);
dwError = RegUtilSetValue(
pContext->hReg,
HKEY_THIS_MACHINE,
pszRegistryPath,
NULL,
PSTOREDB_REGISTRY_TRUSTENUMERATIONWAITSECONDS_VALUE,
REG_DWORD,
(PVOID)&dwValue,
sizeof(dwValue));
GOTO_CLEANUP_ON_WINERROR_EE(dwError, EE);
}
cleanup:
LSA_PSTORE_LOG_LEAVE_ERROR_EE(dwError, EE);
return dwError;
}
DWORD
VmDirConfigSetDefaultSiteandLduGuid(
PCSTR pszDefaultSiteGuid,
PCSTR pszDefaultLduGuid
)
#ifndef _WIN32
{
DWORD dwError = 0;
if (IsNullOrEmptyString(pszDefaultSiteGuid) || IsNullOrEmptyString(pszDefaultLduGuid))
{
dwError = ERROR_INVALID_PARAMETER;
BAIL_ON_VMDIR_ERROR(dwError);
}
dwError = RegUtilSetValue(
NULL,
HKEY_THIS_MACHINE,
VMDIR_CONFIG_PARAMETER_KEY_PATH,
NULL,
VMDIR_REG_KEY_SITE_GUID,
REG_SZ,
(PVOID)pszDefaultSiteGuid,
VmDirStringLenA(pszDefaultSiteGuid)+1);
BAIL_ON_VMDIR_ERROR(dwError);
dwError = RegUtilSetValue(
NULL,
HKEY_THIS_MACHINE,
VMDIR_CONFIG_PARAMETER_KEY_PATH,
NULL,
VMDIR_REG_KEY_LDU_GUID,
REG_SZ,
(PVOID)pszDefaultLduGuid,
VmDirStringLenA(pszDefaultLduGuid)+1);
BAIL_ON_VMDIR_ERROR(dwError);
cleanup:
return dwError;
error:
VmDirLog(LDAP_DEBUG_ANY, "VmDirConfigSetDefaultSiteandLduGuid failed with error (%u)", dwError);
goto cleanup;
}
DWORD
LwpsLegacySetDefaultJoinedDomain(
IN PLWPS_LEGACY_STATE pContext,
IN OPTIONAL PCSTR pszDomainName
)
{
DWORD dwError = 0;
int EE = 0;
if (pszDomainName)
{
dwError = LwpsLegacyReadPassword(
pContext,
pszDomainName,
NULL);
GOTO_CLEANUP_ON_WINERROR_EE(dwError, EE);
dwError = RegUtilAddKey(
pContext->hReg,
HKEY_THIS_MACHINE,
PSTOREDB_REGISTRY_AD_KEY,
NULL);
GOTO_CLEANUP_ON_WINERROR_EE(dwError, EE);
dwError = RegUtilSetValue(
pContext->hReg,
HKEY_THIS_MACHINE,
PSTOREDB_REGISTRY_AD_KEY,
NULL,
PSTOREDB_REGISTRY_DEFAULT_VALUE,
REG_SZ,
(PVOID)pszDomainName,
pszDomainName ? strlen(pszDomainName) : 0);
GOTO_CLEANUP_ON_WINERROR_EE(dwError, EE);
}
else
{
dwError = RegUtilDeleteValue(
pContext->hReg,
HKEY_THIS_MACHINE,
PSTOREDB_REGISTRY_AD_KEY,
NULL,
PSTOREDB_REGISTRY_DEFAULT_VALUE);
GOTO_CLEANUP_ON_WINERROR_EE(dwError, EE);
}
cleanup:
LSA_PSTORE_LOG_LEAVE_ERROR_EE(dwError, EE);
return dwError;
}
DWORD
DeletePassword(
PCSTR pSmbdPath
)
{
DWORD error = 0;
PLSA_PSTORE_PLUGIN_DISPATCH pDispatch = NULL;
PLSA_PSTORE_PLUGIN_CONTEXT pContext = NULL;
PSTR pSecretsPath = NULL;
LW_HANDLE hLsa = NULL;
PLSA_MACHINE_ACCOUNT_INFO_A pAccountInfo = NULL;
HANDLE hReg = NULL;
error = LwRegOpenServer(&hReg);
BAIL_ON_LSA_ERROR(error);
// Even though this was set during the install process, we'll try setting
// it again. This way if the user calls uninstall without calling install
// first, they won't get an error.
error = GetSecretsPath(
pSmbdPath,
&pSecretsPath);
BAIL_ON_LSA_ERROR(error);
error = LsaOpenServer(
&hLsa);
if (error)
{
LW_RTL_LOG_ERROR("Unable to contact lsassd");
}
BAIL_ON_LSA_ERROR(error);
error = LsaAdGetMachineAccountInfo(
hLsa,
NULL,
&pAccountInfo);
BAIL_ON_LSA_ERROR(error);
error = RegUtilAddKey(
hReg,
LSA_PSTORE_REG_ROOT_KEY_PATH,
NULL,
LSA_PSTORE_REG_ROOT_KEY_RELATIVE_PATH_PLUGINS "\\" PLUGIN_NAME);
BAIL_ON_LSA_ERROR(error);
error = RegUtilSetValue(
hReg,
LSA_PSTORE_REG_ROOT_KEY_PATH,
NULL,
LSA_PSTORE_REG_ROOT_KEY_RELATIVE_PATH_PLUGINS "\\" PLUGIN_NAME,
"SecretsPath",
REG_SZ,
pSecretsPath,
strlen(pSecretsPath));
BAIL_ON_LSA_ERROR(error);
error = RemoveSambaLoadPath(hReg);
BAIL_ON_LSA_ERROR(error);
error = LsaPstorePluginInitializeContext(
LSA_PSTORE_PLUGIN_VERSION,
PLUGIN_NAME,
&pDispatch,
&pContext);
BAIL_ON_LSA_ERROR(error);
error = pDispatch->DeletePasswordInfoA(
pContext,
pAccountInfo);
BAIL_ON_LSA_ERROR(error);
cleanup:
if (pContext)
{
pDispatch->Cleanup(pContext);
}
if (hReg != NULL)
{
LwRegCloseServer(hReg);
}
if (hLsa != NULL)
{
LsaCloseServer(hLsa);
}
if (pAccountInfo != NULL)
{
LsaAdFreeMachineAccountInfo(pAccountInfo);
}
return error;
}
DWORD
SynchronizePassword(
PCSTR pSmbdPath
)
{
DWORD error = 0;
PSTR pSecretsPath = NULL;
LW_HANDLE hLsa = NULL;
PLSA_MACHINE_PASSWORD_INFO_A pPasswordInfo = NULL;
PLSA_PSTORE_PLUGIN_DISPATCH pDispatch = NULL;
PLSA_PSTORE_PLUGIN_CONTEXT pContext = NULL;
HANDLE hReg = NULL;
error = LwRegOpenServer(&hReg);
BAIL_ON_LSA_ERROR(error);
error = GetSecretsPath(
pSmbdPath,
&pSecretsPath);
BAIL_ON_LSA_ERROR(error);
error = RegUtilAddKey(
hReg,
LSA_PSTORE_REG_ROOT_KEY_PATH,
NULL,
LSA_PSTORE_REG_ROOT_KEY_RELATIVE_PATH_PLUGINS "\\" PLUGIN_NAME);
BAIL_ON_LSA_ERROR(error);
error = RegUtilSetValue(
hReg,
LSA_PSTORE_REG_ROOT_KEY_PATH,
NULL,
LSA_PSTORE_REG_ROOT_KEY_RELATIVE_PATH_PLUGINS "\\" PLUGIN_NAME,
"SecretsPath",
REG_SZ,
pSecretsPath,
strlen(pSecretsPath));
BAIL_ON_LSA_ERROR(error);
error = RegUtilSetValue(
hReg,
HKEY_THIS_MACHINE,
NULL,
LSA_PSTORE_REG_ROOT_KEY_RELATIVE_PATH_PLUGINS "\\" PLUGIN_NAME,
"Path",
REG_SZ,
PLUGIN_PATH,
strlen(PLUGIN_PATH));
BAIL_ON_LSA_ERROR(error);
error = AddSambaLoadPath(hReg);
BAIL_ON_LSA_ERROR(error);
error = LsaOpenServer(
&hLsa);
if (error)
{
LW_RTL_LOG_ERROR("Unable to contact lsassd");
}
BAIL_ON_LSA_ERROR(error);
error = LsaAdGetMachinePasswordInfo(
hLsa,
NULL,
&pPasswordInfo);
if (error == NERR_SetupNotJoined)
{
LW_RTL_LOG_ERROR("Unable to write machine password in secrets.tdb because PowerBroker Identity Services is not joined. The password will be written to secrets.tdb on the next successful join attempt");
error = 0;
}
else
{
BAIL_ON_LSA_ERROR(error);
error = LsaPstorePluginInitializeContext(
LSA_PSTORE_PLUGIN_VERSION,
PLUGIN_NAME,
&pDispatch,
&pContext);
BAIL_ON_LSA_ERROR(error);
error = pDispatch->SetPasswordInfoA(
pContext,
pPasswordInfo);
BAIL_ON_LSA_ERROR(error);
}
cleanup:
LW_SAFE_FREE_STRING(pSecretsPath);
if (hLsa != NULL)
{
LsaCloseServer(hLsa);
}
if (hReg != NULL)
{
LwRegCloseServer(hReg);
}
if (pPasswordInfo != NULL)
{
LsaAdFreeMachinePasswordInfo(pPasswordInfo);
}
if (pContext)
{
pDispatch->Cleanup(pContext);
}
return error;
}
