DWORD RegLexAppendChar( PREGLEX_ITEM lexHandle, CHAR inC) { DWORD dwError = 0; PVOID pNewMemory = NULL; DWORD newValueSize = 0; BAIL_ON_INVALID_HANDLE(lexHandle); if (lexHandle->curToken.valueCursor >= lexHandle->curToken.valueSize) { newValueSize = lexHandle->curToken.valueSize * 2; dwError = RegReallocMemory( lexHandle->curToken.pszValue, &pNewMemory, newValueSize + 1); /* Extra byte for string termination */ BAIL_ON_REG_ERROR(dwError); lexHandle->curToken.pszValue = pNewMemory; lexHandle->curToken.valueSize = newValueSize; } /* Append current character to string */ lexHandle->curToken.pszValue[lexHandle->curToken.valueCursor] = inC; lexHandle->curToken.valueCursor++; lexHandle->curToken.pszValue[lexHandle->curToken.valueCursor] = '\0'; cleanup: return dwError; error: LWREG_SAFE_FREE_MEMORY(pNewMemory); goto cleanup; }
DWORD RegLexGetAttribute( PREGLEX_ITEM pLexHandle, PDWORD pValueSize, PSTR *ppszTokenValue) { DWORD dwError = 0; BAIL_ON_INVALID_HANDLE(pLexHandle); BAIL_ON_INVALID_HANDLE(pValueSize); BAIL_ON_INVALID_HANDLE(ppszTokenValue); *ppszTokenValue = pLexHandle->curToken.pszValue; *pValueSize = pLexHandle->curToken.valueCursor; cleanup: return dwError; error: goto cleanup; }
LSASS_API DWORD LsaDeleteGroupByName( HANDLE hLsaConnection, PCSTR pszName ) { DWORD dwError = 0; PVOID pGroupInfo = NULL; DWORD dwGroupInfoLevel = 0; if (geteuid() != 0) { dwError = LW_ERROR_ACCESS_DENIED; BAIL_ON_LSA_ERROR(dwError); } BAIL_ON_INVALID_HANDLE(hLsaConnection); BAIL_ON_INVALID_STRING(pszName); dwError = LsaValidateGroupName(pszName); BAIL_ON_LSA_ERROR(dwError); dwError = LsaFindGroupByName( hLsaConnection, pszName, 0, dwGroupInfoLevel, &pGroupInfo); BAIL_ON_LSA_ERROR(dwError); dwError = LsaDeleteGroupById( hLsaConnection, ((PLSA_GROUP_INFO_0)pGroupInfo)->gid); BAIL_ON_LSA_ERROR(dwError); cleanup: if (pGroupInfo) { LsaFreeGroupInfo(dwGroupInfoLevel, pGroupInfo); } return dwError; error: goto cleanup; }
DWORD RegLexGetLineNumber( PREGLEX_ITEM pLexHandle, PDWORD pLineNum) { DWORD dwError = 0; BAIL_ON_INVALID_HANDLE(pLexHandle); *pLineNum = pLexHandle->curToken.lineNum + 1; cleanup: return dwError; error: goto cleanup; }
DWORD RegLexResetToken( PREGLEX_ITEM lexHandle) { DWORD dwError = 0; BAIL_ON_INVALID_HANDLE(lexHandle); lexHandle->state = (REGLEX_STATE)REGLEX_FIRST; lexHandle->tokenDataType = REGLEX_FIRST; lexHandle->isToken = FALSE; LWREG_SAFE_FREE_MEMORY(lexHandle->curToken.pszValue); memset(&lexHandle->curToken, 0, sizeof(lexHandle->curToken)); lexHandle->prevToken.pszValue = NULL; cleanup: return dwError; error: goto cleanup; }
DWORD RegLexUnGetToken(PREGLEX_ITEM lexHandle) { DWORD dwError = 0; BAIL_ON_INVALID_HANDLE(lexHandle); if (lexHandle->prevToken.token) { if (lexHandle->prevToken.pszValue) { LWREG_SAFE_FREE_MEMORY(lexHandle->prevToken.pszValue); } } lexHandle->prevToken = lexHandle->curToken; cleanup: return dwError; error: goto cleanup; }
DWORD LocalDirFindObjectByGenericName( HANDLE hProvider, IN LSA_FIND_FLAGS FindFlags, IN LSA_OBJECT_TYPE ObjectType, PCSTR pszName, PLSA_SECURITY_OBJECT* ppObject ) { DWORD dwError = 0; PLSA_SECURITY_OBJECT* ppObjects = NULL; LSA_QUERY_LIST QueryList; LSA_QUERY_TYPE QueryType = 0; PLSA_LOGIN_NAME_INFO pLoginInfo = NULL; BAIL_ON_INVALID_HANDLE(hProvider); dwError = LsaSrvCrackDomainQualifiedName( pszName, &pLoginInfo); BAIL_ON_LSA_ERROR(dwError); switch (pLoginInfo->nameType) { case NameType_NT4: QueryType = LSA_QUERY_TYPE_BY_NT4; break; case NameType_UPN: QueryType = LSA_QUERY_TYPE_BY_UPN; break; case NameType_Alias: QueryType = LSA_QUERY_TYPE_BY_ALIAS; break; default: dwError = LW_ERROR_INTERNAL; BAIL_ON_LSA_ERROR(dwError); } QueryList.ppszStrings = &pszName; dwError = LocalFindObjects( hProvider, FindFlags, ObjectType, QueryType, 1, QueryList, &ppObjects); BAIL_ON_LSA_ERROR(dwError); if (ppObjects[0] == NULL) { switch (ObjectType) { case LSA_OBJECT_TYPE_USER: dwError = LW_ERROR_NO_SUCH_USER; break; case LSA_OBJECT_TYPE_GROUP: dwError = LW_ERROR_NO_SUCH_GROUP; break; default: dwError = LW_ERROR_NO_SUCH_OBJECT; } BAIL_ON_LSA_ERROR(dwError); } *ppObject = ppObjects[0]; ppObjects[0] = NULL; cleanup: if (pLoginInfo) { LsaSrvFreeNameInfo(pLoginInfo); } LsaUtilFreeSecurityObjectList(1, ppObjects); return dwError; error: goto cleanup; }
DWORD RegLexGetToken( HANDLE ioHandle, PREGLEX_ITEM lexHandle, PREGLEX_TOKEN pRetToken, PBOOLEAN pEof) { DWORD dwError = 0; CHAR inC = 0; BOOLEAN eof = FALSE; BAIL_ON_INVALID_HANDLE(ioHandle); BAIL_ON_INVALID_HANDLE(lexHandle); BAIL_ON_INVALID_HANDLE(pRetToken); *pRetToken = REGLEX_FIRST; if (lexHandle->isToken && lexHandle->curToken.token != REGLEX_HEXPAIR && lexHandle->curToken.token != REGLEX_REG_BINARY) { if ( lexHandle->curToken.token == REGLEX_REG_DWORD) { lexHandle->state = (REGLEX_STATE)REGLEX_FIRST; } lexHandle->isToken = FALSE; lexHandle->curToken.token = REGLEX_FIRST; lexHandle->curToken.valueCursor = 0; } /* Return pushed back token, if one is present */ if (lexHandle->prevToken.token != REGLEX_FIRST) { lexHandle->curToken = lexHandle->prevToken; lexHandle->prevToken.token = REGLEX_FIRST; *pRetToken = lexHandle->curToken.token; return dwError; } if (lexHandle->state == REGLEX_STATE_INIT || lexHandle->curToken.token == REGLEX_HEXPAIR || lexHandle->curToken.token == REGLEX_HEXPAIR_END) { lexHandle->curToken.valueCursor = 0; } if (!lexHandle->curToken.pszValue) { /* Extra byte for string termination */ LWREG_SAFE_FREE_MEMORY(lexHandle->curToken.pszValue); dwError = RegAllocateMemory(REGLEX_DEFAULT_SZ_LEN + 1, (LW_PVOID) &lexHandle->curToken.pszValue); BAIL_ON_REG_ERROR(dwError); lexHandle->curToken.valueCursor = 0; lexHandle->curToken.valueSize = REGLEX_DEFAULT_SZ_LEN; } do { lexHandle->isToken = FALSE; dwError = RegIOGetChar(ioHandle, &inC, &eof); if (eof) { if (lexHandle->curToken.token != REGLEX_FIRST && lexHandle->curToken.valueCursor > 0) { lexHandle->isToken = TRUE; *pRetToken = lexHandle->curToken.token; } else { if (lexHandle->state == REGLEX_STATE_IN_QUOTE) { dwError = LWREG_ERROR_UNEXPECTED_TOKEN; } else if (lexHandle->state == REGLEX_STATE_IN_KEY) { lexHandle->isToken = TRUE; lexHandle->curToken.token = REGLEX_REG_KEY; lexHandle->state = REGLEX_STATE_INIT; *pRetToken = lexHandle->curToken.token; *pEof = 0; break; } *pEof = eof; } break; } dwError = lexHandle->parseFuncArray[REGLEX_CHAR_INDEX(inC)]( lexHandle, ioHandle, inC); BAIL_ON_REG_ERROR(dwError); if (lexHandle->isToken) { *pRetToken = lexHandle->curToken.token; break; } } while (dwError == ERROR_SUCCESS); cleanup: return dwError; error: goto cleanup; }
DWORD LocalCheckIsAdministrator( HANDLE hProvider, PBOOLEAN pbIsAdmin ) { DWORD dwError = 0; PLOCAL_PROVIDER_CONTEXT pContext = (PLOCAL_PROVIDER_CONTEXT)hProvider; BOOLEAN bIsAdmin = FALSE; BOOLEAN bInLock = FALSE; BAIL_ON_INVALID_HANDLE(hProvider); pthread_mutex_lock(&pContext->mutex); bInLock = TRUE; switch (pContext->localAdminState) { case LOCAL_ADMIN_STATE_NOT_DETERMINED: dwError = LocalDirCheckIfAdministrator( hProvider, pContext->uid, &bIsAdmin); BAIL_ON_LSA_ERROR(dwError); pContext->localAdminState = (bIsAdmin ? LOCAL_ADMIN_STATE_IS_ADMIN : LOCAL_ADMIN_STATE_IS_NOT_ADMIN); break; case LOCAL_ADMIN_STATE_IS_ADMIN: bIsAdmin = TRUE; break; case LOCAL_ADMIN_STATE_IS_NOT_ADMIN: bIsAdmin = FALSE; break; } *pbIsAdmin = bIsAdmin; cleanup: if (bInLock) { pthread_mutex_unlock(&pContext->mutex); } return dwError; error: *pbIsAdmin = FALSE; goto cleanup; }
LSASS_API DWORD LsaGetGidsForUserByName( HANDLE hLsaConnection, PCSTR pszUserName, PDWORD pdwGroupFound, gid_t** ppGidResults ) { DWORD dwError = 0; PVOID pUserInfo = NULL; DWORD dwUserInfoLevel = 0; static const DWORD dwGroupInfoLevel = 0; DWORD dwGroupFound = 0; gid_t* pGidResult = NULL; PVOID* ppGroupInfoList = NULL; DWORD iGroup = 0; BAIL_ON_INVALID_HANDLE(hLsaConnection); BAIL_ON_INVALID_STRING(pszUserName); BAIL_ON_INVALID_POINTER(ppGidResults); dwError = LsaValidateUserName(pszUserName); BAIL_ON_LSA_ERROR(dwError); dwError = LsaFindUserByName( hLsaConnection, pszUserName, dwUserInfoLevel, &pUserInfo); BAIL_ON_LSA_ERROR(dwError); dwError = LsaGetGroupsForUserById( hLsaConnection, ((PLSA_USER_INFO_0)pUserInfo)->uid, LSA_FIND_FLAGS_NSS, dwGroupInfoLevel, &dwGroupFound, &ppGroupInfoList); BAIL_ON_LSA_ERROR(dwError); dwError = LwAllocateMemory( sizeof(gid_t) * dwGroupFound, (PVOID*)&pGidResult); BAIL_ON_LSA_ERROR(dwError); for (iGroup = 0; iGroup < dwGroupFound; iGroup++) { *(pGidResult+iGroup) = ((PLSA_GROUP_INFO_0)(*(ppGroupInfoList+iGroup)))->gid; } *ppGidResults = pGidResult; *pdwGroupFound = dwGroupFound; cleanup: if (pUserInfo) { LsaFreeUserInfo(dwUserInfoLevel, pUserInfo); } if (ppGroupInfoList) { LsaFreeGroupInfoList(dwGroupInfoLevel, (PVOID*)ppGroupInfoList, dwGroupFound); } return dwError; error: *ppGidResults = NULL; *pdwGroupFound = 0; goto cleanup; }
LSASS_API DWORD LsaFindGroupById( HANDLE hLsaConnection, gid_t gid, LSA_FIND_FLAGS FindFlags, DWORD dwGroupInfoLevel, PVOID* ppGroupInfo ) { DWORD dwError = 0; PVOID pGroupInfo = NULL; LSA_QUERY_LIST QueryList; LSA_QUERY_ITEM QueryItem; DWORD dwObjectCount = 1; PLSA_SECURITY_OBJECT* ppObjects = NULL; PLSA_SECURITY_OBJECT pGroup = NULL; DWORD dwGid = (DWORD) gid; BAIL_ON_INVALID_HANDLE(hLsaConnection); dwError = LsaValidateGroupInfoLevel(dwGroupInfoLevel); BAIL_ON_LSA_ERROR(dwError); BAIL_ON_INVALID_POINTER(ppGroupInfo); switch (dwGroupInfoLevel) { case 1: /* Fast path */ QueryItem.dwId = dwGid; dwError = LsaFindGroupAndExpandedMembers( hLsaConnection, NULL, FindFlags, LSA_QUERY_TYPE_BY_UNIX_ID, QueryItem, &pGroup, &dwObjectCount, &ppObjects); BAIL_ON_LSA_ERROR(dwError); dwError = LsaMarshalGroupInfo1( hLsaConnection, FindFlags, pGroup, dwObjectCount, ppObjects, dwGroupInfoLevel, &pGroupInfo); BAIL_ON_LSA_ERROR(dwError); break; default: QueryList.pdwIds = &dwGid; dwError = LsaFindObjects( hLsaConnection, NULL, FindFlags, LSA_OBJECT_TYPE_GROUP, LSA_QUERY_TYPE_BY_UNIX_ID, 1, QueryList, &ppObjects); BAIL_ON_LSA_ERROR(dwError); if (ppObjects[0] == NULL) { dwError = LW_ERROR_NO_SUCH_GROUP; BAIL_ON_LSA_ERROR(dwError); } dwError = LsaMarshalGroupInfo( hLsaConnection, FindFlags, ppObjects[0], dwGroupInfoLevel, &pGroupInfo); BAIL_ON_LSA_ERROR(dwError); } error: if (ppGroupInfo) { *ppGroupInfo = pGroupInfo; } if (pGroup) { LsaFreeSecurityObject(pGroup); } if (ppObjects) { LsaFreeSecurityObjectList(dwObjectCount, ppObjects); } return dwError; }