NTSTATUS NetOpenUser( PNET_CONN pConn, PCWSTR pwszUsername, DWORD dwAccessMask, ACCOUNT_HANDLE *phUser, PDWORD pdwRid ) { const DWORD dwNumUsers = 1; NTSTATUS status = STATUS_SUCCESS; WINERROR err = ERROR_SUCCESS; SAMR_BINDING hSamrBinding = NULL; DOMAIN_HANDLE hDomain = NULL; ACCOUNT_HANDLE hUser = NULL; PWSTR ppwszUsernames[1] = {0}; PDWORD pdwRids = NULL; PDWORD pdwTypes = NULL; BAIL_ON_INVALID_PTR(pConn, err); BAIL_ON_INVALID_PTR(pwszUsername, err); BAIL_ON_INVALID_PTR(phUser, err); BAIL_ON_INVALID_PTR(pdwRid, err); hSamrBinding = pConn->Rpc.Samr.hBinding; hDomain = pConn->Rpc.Samr.hDomain; err = LwAllocateWc16String(&ppwszUsernames[0], pwszUsername); BAIL_ON_WIN_ERROR(err); status = SamrLookupNames(hSamrBinding, hDomain, dwNumUsers, ppwszUsernames, &pdwRids, &pdwTypes, NULL); BAIL_ON_NT_STATUS(status); status = SamrOpenUser(hSamrBinding, hDomain, dwAccessMask, pdwRids[0], &hUser); BAIL_ON_NT_STATUS(status); *pdwRid = pdwRids[0]; *phUser = hUser; cleanup: if (pdwRids) { SamrFreeMemory(pdwRids); } if (pdwTypes) { SamrFreeMemory(pdwTypes); } LW_SAFE_FREE_MEMORY(ppwszUsernames[0]); return status; error: *pdwRid = 0; *phUser = NULL; goto cleanup; }
static NTSTATUS LsaDisableMachineAccount( IN PCWSTR pwszDCName, IN LW_PIO_CREDS pCreds, IN PCWSTR pwszMachineAccountName ) { const DWORD dwConnAccess = SAMR_ACCESS_OPEN_DOMAIN | SAMR_ACCESS_ENUM_DOMAINS; const DWORD dwDomainAccess = DOMAIN_ACCESS_ENUM_ACCOUNTS | DOMAIN_ACCESS_OPEN_ACCOUNT | DOMAIN_ACCESS_LOOKUP_INFO_2; const DWORD dwUserAccess = USER_ACCESS_GET_ATTRIBUTES | USER_ACCESS_SET_ATTRIBUTES | USER_ACCESS_SET_PASSWORD; NTSTATUS ntStatus = STATUS_SUCCESS; SAMR_BINDING hSamrBinding = NULL; CONNECT_HANDLE hConnect = NULL; PSID pBuiltinSid = NULL; DWORD dwResume = 0; DWORD dwSize = 256; PWSTR *ppwszDomainNames = NULL; DWORD i = 0; DWORD dwNumEntries = 0; PSID pSid = NULL; PSID pDomainSid = NULL; DOMAIN_HANDLE hDomain = NULL; PDWORD pdwRids = NULL; PDWORD pdwTypes = NULL; ACCOUNT_HANDLE hUser = NULL; DWORD dwLevel = 0; UserInfo *pInfo = NULL; DWORD dwFlagsDisable = 0; UserInfo Info; memset(&Info, 0, sizeof(Info)); ntStatus = SamrInitBindingDefault(&hSamrBinding, pwszDCName, pCreds); BAIL_ON_NT_STATUS(ntStatus); ntStatus = SamrConnect2(hSamrBinding, pwszDCName, dwConnAccess, &hConnect); BAIL_ON_NT_STATUS(ntStatus); ntStatus = RtlAllocateWellKnownSid( WinBuiltinDomainSid, NULL, &pBuiltinSid); BAIL_ON_NT_STATUS(ntStatus); do { ntStatus = SamrEnumDomains(hSamrBinding, hConnect, &dwResume, dwSize, &ppwszDomainNames, &dwNumEntries); BAIL_ON_NT_STATUS(ntStatus); if (ntStatus != STATUS_SUCCESS && ntStatus != STATUS_MORE_ENTRIES) { BAIL_ON_NT_STATUS(ntStatus); } for (i = 0; pDomainSid == NULL && i < dwNumEntries; i++) { ntStatus = SamrLookupDomain(hSamrBinding, hConnect, ppwszDomainNames[i], &pSid); BAIL_ON_NT_STATUS(ntStatus); if (!RtlEqualSid(pSid, pBuiltinSid)) { ntStatus = RtlDuplicateSid(&pDomainSid, pSid); BAIL_ON_NT_STATUS(ntStatus); } SamrFreeMemory(pSid); pSid = NULL; } if (ppwszDomainNames) { SamrFreeMemory(ppwszDomainNames); ppwszDomainNames = NULL; } } while (ntStatus == STATUS_MORE_ENTRIES); ntStatus = SamrOpenDomain(hSamrBinding, hConnect, dwDomainAccess, pDomainSid, &hDomain); BAIL_ON_NT_STATUS(ntStatus); ntStatus = SamrLookupNames(hSamrBinding, hDomain, 1, (PWSTR*)&pwszMachineAccountName, &pdwRids, &pdwTypes, NULL); if (ntStatus == STATUS_NONE_MAPPED) { BAIL_ON_LSA_ERROR(NERR_SetupAlreadyJoined); } ntStatus = SamrOpenUser(hSamrBinding, hDomain, dwUserAccess, pdwRids[0], &hUser); BAIL_ON_NT_STATUS(ntStatus); dwLevel = 16; ntStatus = SamrQueryUserInfo(hSamrBinding, hUser, dwLevel, &pInfo); BAIL_ON_NT_STATUS(ntStatus); dwFlagsDisable = pInfo->info16.account_flags | ACB_DISABLED; Info.info16.account_flags = dwFlagsDisable; ntStatus = SamrSetUserInfo2(hSamrBinding, hUser, dwLevel, &Info); BAIL_ON_NT_STATUS(ntStatus); cleanup: if (hSamrBinding && hUser) { SamrClose(hSamrBinding, hUser); } if (hSamrBinding && hDomain) { SamrClose(hSamrBinding, hDomain); } if (hSamrBinding && hConnect) { SamrClose(hSamrBinding, hConnect); } if (hSamrBinding) { SamrFreeBinding(&hSamrBinding); } if (pInfo) { SamrFreeMemory(pInfo); } if (pdwRids) { SamrFreeMemory(pdwRids); } if (pdwTypes) { SamrFreeMemory(pdwTypes); } if (ppwszDomainNames) { SamrFreeMemory(ppwszDomainNames); } RTL_FREE(&pBuiltinSid); RTL_FREE(&pDomainSid); return ntStatus; error: goto cleanup; }
NTSTATUS NetOpenAlias( PNET_CONN pConn, PCWSTR pwszAliasname, DWORD dwAccessMask, ACCOUNT_HANDLE *phAlias, PDWORD pdwRid ) { const DWORD dwNumAliases = 1; NTSTATUS status = STATUS_SUCCESS; WINERROR err = ERROR_SUCCESS; SAMR_BINDING hSamrBinding = NULL; DOMAIN_HANDLE hDomains[2] = {0}; DOMAIN_HANDLE hDomain = NULL; ACCOUNT_HANDLE hAlias = NULL; PWSTR ppwszAliasnames[1] = {0}; PDWORD pdwRids = NULL; PDWORD pdwTypes = NULL; DWORD dwAliasRid = 0; DWORD i = 0; BAIL_ON_INVALID_PTR(pConn, err); BAIL_ON_INVALID_PTR(pwszAliasname, err); BAIL_ON_INVALID_PTR(phAlias, err); BAIL_ON_INVALID_PTR(pdwRid, err); hSamrBinding = pConn->Rpc.Samr.hBinding; hDomains[0] = pConn->Rpc.Samr.hDomain; hDomains[1] = pConn->Rpc.Samr.hBuiltin; err = LwAllocateWc16String(&ppwszAliasnames[0], pwszAliasname); BAIL_ON_WIN_ERROR(err); /* * Try to look for alias in host domain first, then in builtin */ for (i = 0; i < sizeof(hDomains)/sizeof(hDomains[0]); i++) { status = SamrLookupNames(hSamrBinding, hDomains[i], dwNumAliases, ppwszAliasnames, (PUINT32*)&pdwRids, (PUINT32*)&pdwTypes, NULL); if (status == STATUS_SUCCESS) { /* * Alias has been found in one of domains so pass * that domain handle further down */ hDomain = hDomains[i]; dwAliasRid = pdwRids[0]; break; } else if (status == STATUS_NONE_MAPPED) { if (pdwRids) { SamrFreeMemory((void*)pdwRids); pdwRids = NULL; } if (pdwTypes) { SamrFreeMemory((void*)pdwTypes); pdwTypes = NULL; } continue; } /* Catch other possible errors */ BAIL_ON_NT_STATUS(status); } /* Allow to open alias only if a valid one has been found */ BAIL_ON_NT_STATUS(status); status = SamrOpenAlias(hSamrBinding, hDomain, dwAccessMask, dwAliasRid, &hAlias); BAIL_ON_NT_STATUS(status); *pdwRid = dwAliasRid; *phAlias = hAlias; cleanup: LW_SAFE_FREE_MEMORY(ppwszAliasnames[0]); if (pdwRids) { SamrFreeMemory((void*)pdwRids); } if (pdwTypes) { SamrFreeMemory((void*)pdwTypes); } return status; error: *pdwRid = 0; *phAlias = NULL; goto cleanup; }