NTSTATUS
RtlAllocateUnicodeStringFromSid(
OUT PUNICODE_STRING StringSid,
IN PSID Sid
)
{
NTSTATUS status = STATUS_SUCCESS;
PWSTR resultBuffer = NULL;
UNICODE_STRING result = { 0 };
if (!StringSid)
{
status = STATUS_INVALID_PARAMETER;
GOTO_CLEANUP();
}
status = RtlAllocateWC16StringFromSid(&resultBuffer, Sid);
GOTO_CLEANUP_ON_STATUS(status);
status = RtlUnicodeStringInitEx(&result, resultBuffer);
GOTO_CLEANUP_ON_STATUS(status);
resultBuffer = NULL;
status = STATUS_SUCCESS;
cleanup:
if (!NT_SUCCESS(status))
{
RtlUnicodeStringFree(&result);
}
RTL_FREE(&resultBuffer);
if (StringSid)
{
*StringSid = result;
}
return status;
}
NTSTATUS
SamrSrvDeleteAliasMember(
handle_t IDL_handle,
ACCOUNT_HANDLE hAlias,
PSID pSid
)
{
const wchar_t wszFilterFmt[] = L"%ws='%ws'";
NTSTATUS ntStatus = STATUS_SUCCESS;
DWORD dwError = ERROR_SUCCESS;
PACCOUNT_CONTEXT pAcctCtx = NULL;
PDOMAIN_CONTEXT pDomCtx = NULL;
PCONNECT_CONTEXT pConnCtx = NULL;
PWSTR pwszGroupDn = NULL;
PWSTR pwszSid = NULL;
size_t sSidStrLen = 0;
HANDLE hDirectory = NULL;
PWSTR pwszBaseDn = NULL;
WCHAR wszAttrDn[] = DS_ATTR_DISTINGUISHED_NAME;
WCHAR wszAttrObjectClass[] = DS_ATTR_OBJECT_CLASS;
WCHAR wszAttrObjectSid[] = DS_ATTR_OBJECT_SID;
DWORD dwScope = 0;
DWORD dwFilterLen = 0;
PWSTR pwszFilter = NULL;
PDIRECTORY_ENTRY pEntry = NULL;
DWORD dwEntriesNum = 0;
PWSTR wszAttributes[] = {
wszAttrDn,
wszAttrObjectClass,
NULL
};
pAcctCtx = (PACCOUNT_CONTEXT)hAlias;
if (pAcctCtx == NULL || pAcctCtx->Type != SamrContextAccount)
{
ntStatus = STATUS_INVALID_HANDLE;
BAIL_ON_NTSTATUS_ERROR(ntStatus);
}
if (!(pAcctCtx->dwAccessGranted & ALIAS_ACCESS_REMOVE_MEMBER))
{
ntStatus = STATUS_ACCESS_DENIED;
BAIL_ON_NTSTATUS_ERROR(ntStatus);
}
pDomCtx = pAcctCtx->pDomCtx;
pConnCtx = pDomCtx->pConnCtx;
hDirectory = pConnCtx->hDirectory;
pwszGroupDn = pAcctCtx->pwszDn;
ntStatus = RtlAllocateWC16StringFromSid(&pwszSid,
pSid);
BAIL_ON_NTSTATUS_ERROR(ntStatus);
dwError = LwWc16sLen(pwszSid, &sSidStrLen);
BAIL_ON_LSA_ERROR(dwError);
dwFilterLen = ((sizeof(wszAttrObjectClass)/sizeof(WCHAR) - 1)) +
sSidStrLen +
(sizeof(wszFilterFmt)/sizeof(wszFilterFmt[0]));
dwError = LwAllocateMemory(sizeof(WCHAR) * dwFilterLen,
OUT_PPVOID(&pwszFilter));
BAIL_ON_LSA_ERROR(dwError);
if (sw16printfw(pwszFilter, dwFilterLen, wszFilterFmt,
wszAttrObjectSid, pwszSid) < 0)
{
ntStatus = LwErrnoToNtStatus(errno);
BAIL_ON_NTSTATUS_ERROR(ntStatus);
}
dwError = DirectorySearch(hDirectory,
pwszBaseDn,
dwScope,
pwszFilter,
wszAttributes,
FALSE,
&pEntry,
&dwEntriesNum);
BAIL_ON_LSA_ERROR(dwError);
if (dwEntriesNum > 1)
{
ntStatus = STATUS_INTERNAL_ERROR;
}
else if (dwEntriesNum == 0)
{
ntStatus = STATUS_NO_SUCH_MEMBER;
}
BAIL_ON_NTSTATUS_ERROR(ntStatus);
dwError = DirectoryRemoveFromGroup(hDirectory,
pwszGroupDn,
pEntry);
BAIL_ON_LSA_ERROR(dwError);
cleanup:
if (pEntry)
{
DirectoryFreeEntries(pEntry, dwEntriesNum);
}
LW_SAFE_FREE_MEMORY(pwszFilter);
RTL_FREE(&pwszSid);
if (ntStatus == STATUS_SUCCESS &&
dwError != ERROR_SUCCESS)
{
ntStatus = LwWin32ErrorToNtStatus(dwError);
}
return ntStatus;
error:
goto cleanup;
}
