DWORD
LsaSrvProviderServicesDomain(
IN PCSTR pszProvider,
IN PCSTR pszDomainName,
OUT PBOOLEAN pbServicesDomain
)
{
DWORD dwError = 0;
BOOLEAN bInLock = FALSE;
PLSA_AUTH_PROVIDER pProvider = NULL;
BOOLEAN bServicesDomain = FALSE;
ENTER_AUTH_PROVIDER_LIST_READER_LOCK(bInLock);
dwError = LsaSrvFindProviderByName(pszProvider, &pProvider);
BAIL_ON_LSA_ERROR(dwError);
dwError = pProvider->pFnTable->pfnServicesDomain(
pszDomainName,
&bServicesDomain);
BAIL_ON_LSA_ERROR(dwError);
cleanup:
LEAVE_AUTH_PROVIDER_LIST_READER_LOCK(bInLock);
*pbServicesDomain = bServicesDomain;
return dwError;
error:
bServicesDomain = FALSE;
goto cleanup;
}
DWORD
LsaSrvProviderGetMachinePasswordInfoW(
IN PCSTR pszProvider,
IN OPTIONAL PCSTR DnsDomainName,
OUT PLSA_MACHINE_PASSWORD_INFO_W* ppPasswordInfo
)
{
DWORD dwError = 0;
BOOLEAN bInLock = FALSE;
PLSA_AUTH_PROVIDER pProvider = NULL;
PLSA_MACHINE_PASSWORD_INFO_W pPasswordInfo = NULL;
ENTER_AUTH_PROVIDER_LIST_READER_LOCK(bInLock);
dwError = LsaSrvFindProviderByName(pszProvider, &pProvider);
BAIL_ON_LSA_ERROR(dwError);
if (!pProvider->pFnTable->pfnGetMachinePasswordInfoW)
{
dwError = LW_ERROR_NOT_HANDLED;
BAIL_ON_LSA_ERROR(dwError);
}
dwError = pProvider->pFnTable->pfnGetMachinePasswordInfoW(
DnsDomainName,
&pPasswordInfo);
BAIL_ON_LSA_ERROR(dwError);
error:
if (dwError)
{
if (pPasswordInfo)
{
LsaSrvFreeMachinePasswordInfoW(pPasswordInfo);
pPasswordInfo = NULL;
}
}
LEAVE_AUTH_PROVIDER_LIST_READER_LOCK(bInLock);
*ppPasswordInfo = pPasswordInfo;
return dwError;
}
DWORD
LsaSrvProviderIoControl(
IN HANDLE hServer,
IN PCSTR pszProvider,
IN DWORD dwIoControlCode,
IN DWORD dwInputBufferSize,
IN PVOID pInputBuffer,
OUT DWORD* pdwOutputBufferSize,
OUT PVOID* ppOutputBuffer
)
{
DWORD dwError = 0;
PLSA_AUTH_PROVIDER pProvider = NULL;
BOOLEAN bInLock = FALSE;
PLSA_SRV_API_STATE pServerState = (PLSA_SRV_API_STATE)hServer;
HANDLE hProvider = (HANDLE)NULL;
PSTR pszTargetProviderName = NULL;
PSTR pszTargetInstance = NULL;
dwError = LsaSrvGetTargetElements(
pszProvider,
&pszTargetProviderName,
&pszTargetInstance);
BAIL_ON_LSA_ERROR(dwError);
ENTER_AUTH_PROVIDER_LIST_READER_LOCK(bInLock);
for (pProvider = gpAuthProviderList;
pProvider;
pProvider = pProvider->pNext)
{
if ( !strcmp(pProvider->pszId, pszTargetProviderName) )
{
dwError = LsaSrvOpenProvider(
hServer,
pProvider,
pszTargetInstance,
&hProvider);
BAIL_ON_LSA_ERROR(dwError);
dwError = pProvider->pFnTable->pfnProviderIoControl(
hProvider,
pServerState->peerUID,
pServerState->peerGID,
dwIoControlCode,
dwInputBufferSize,
pInputBuffer,
pdwOutputBufferSize,
ppOutputBuffer);
BAIL_ON_LSA_ERROR(dwError);
break;
}
}
if (pProvider == NULL)
{
dwError = LW_ERROR_NOT_HANDLED;
}
BAIL_ON_LSA_ERROR(dwError);
cleanup:
LW_SAFE_FREE_STRING(pszTargetProviderName);
LW_SAFE_FREE_STRING(pszTargetInstance);
if (hProvider != (HANDLE)NULL) {
LsaSrvCloseProvider(pProvider, hProvider);
}
LEAVE_AUTH_PROVIDER_LIST_READER_LOCK(bInLock);
return(dwError);
error:
LSA_LOG_ERROR_API_FAILED(hServer, dwError,
"run provider specific request (request code = %u, provider = '%s')",
dwIoControlCode, LSA_SAFE_LOG_STRING(pszTargetProviderName));
*pdwOutputBufferSize = 0;
*ppOutputBuffer = NULL;
goto cleanup;
}
DWORD
LsaSrvFindNSSArtefactByKey(
HANDLE hServer,
PCSTR pszKeyName,
PCSTR pszMapName,
LSA_NIS_MAP_QUERY_FLAGS dwFlags,
DWORD dwMapInfoLevel,
PVOID* ppNSSArtefactInfo
)
{
DWORD dwError = 0;
DWORD dwTraceFlags[] = {LSA_TRACE_FLAG_USER_GROUP_QUERIES};
PLSA_AUTH_PROVIDER pProvider = NULL;
BOOLEAN bInLock = FALSE;
HANDLE hProvider = (HANDLE)NULL;
LSA_TRACE_BEGIN_FUNCTION(dwTraceFlags, sizeof(dwTraceFlags)/sizeof(dwTraceFlags[0]));
if (LW_IS_NULL_OR_EMPTY_STR(pszKeyName))
{
dwError = LW_ERROR_INVALID_NSS_KEY_NAME;
BAIL_ON_LSA_ERROR(dwError);
}
if (LW_IS_NULL_OR_EMPTY_STR(pszMapName))
{
dwError = LW_ERROR_INVALID_NSS_MAP_NAME;
BAIL_ON_LSA_ERROR(dwError);
}
if (!dwFlags)
{
dwError = LW_ERROR_INVALID_PARAMETER;
BAIL_ON_LSA_ERROR(dwError);
}
ENTER_AUTH_PROVIDER_LIST_READER_LOCK(bInLock);
dwError = LW_ERROR_NOT_HANDLED;
for (pProvider = gpAuthProviderList; pProvider; pProvider = pProvider->pNext)
{
dwError = LsaSrvOpenProvider(
hServer,
pProvider,
NULL,
&hProvider);
BAIL_ON_LSA_ERROR(dwError);
dwError = pProvider->pFnTable->pfnLookupNSSArtefactByKey(
hProvider,
pszKeyName,
pszMapName,
dwMapInfoLevel,
dwFlags,
ppNSSArtefactInfo);
if (!dwError) {
break;
}
else if ((dwError == LW_ERROR_NOT_HANDLED) ||
(dwError == LW_ERROR_NO_SUCH_NSS_KEY) ||
(dwError == LW_ERROR_NO_SUCH_NSS_MAP)) {
LsaSrvCloseProvider(pProvider, hProvider);
hProvider = (HANDLE)NULL;
continue;
} else {
BAIL_ON_LSA_ERROR(dwError);
}
}
cleanup:
if (hProvider != (HANDLE)NULL) {
LsaSrvCloseProvider(pProvider, hProvider);
}
LEAVE_AUTH_PROVIDER_LIST_READER_LOCK(bInLock);
LSA_TRACE_END_FUNCTION(dwTraceFlags, sizeof(dwTraceFlags)/sizeof(dwTraceFlags[0]));
return(dwError);
error:
LSA_LOG_ERROR_API_FAILED(
hServer,
dwError,
"find NIS Artefact by key (map = '%s', key = '%s')",
LSA_SAFE_LOG_STRING(pszMapName),
LSA_SAFE_LOG_STRING(pszKeyName));
*ppNSSArtefactInfo = NULL;
goto cleanup;
}
DWORD
LsaSrvGetStatus(
HANDLE hServer,
PCSTR pszTargetProvider,
PLSASTATUS* ppLsaStatus
)
{
DWORD dwError = 0;
BOOLEAN bInLock = FALSE;
PLSA_AUTH_PROVIDER pProvider = NULL;
DWORD dwProviderCount = 0;
DWORD iCount = 0;
DWORD dwStatusIndex = 0;
HANDLE hProvider = (HANDLE)NULL;
PLSASTATUS pLsaStatus = NULL;
PLSA_AUTH_PROVIDER_STATUS pProviderOwnedStatus = NULL;
BOOLEAN bFoundProvider = FALSE;
PSTR pszTargetProviderName = NULL;
PSTR pszTargetInstance = NULL;
BAIL_ON_INVALID_POINTER(ppLsaStatus);
dwError = LwAllocateMemory(
sizeof(LSASTATUS),
(PVOID*)&pLsaStatus);
BAIL_ON_LSA_ERROR(dwError);
pLsaStatus->dwUptime = (DWORD)difftime(time(NULL), gServerStartTime);
dwError = LsaSrvGetLsassVersion(
&pLsaStatus->lsassVersion);
BAIL_ON_LSA_ERROR(dwError);
dwError = LsaReadVersionFile(
&pLsaStatus->productVersion);
BAIL_ON_LSA_ERROR(dwError);
if (pszTargetProvider)
{
dwError = LsaSrvGetTargetElements(
pszTargetProvider,
&pszTargetProviderName,
&pszTargetInstance);
BAIL_ON_LSA_ERROR(dwError);
}
ENTER_AUTH_PROVIDER_LIST_READER_LOCK(bInLock);
if (pszTargetProviderName)
{
dwProviderCount = 1;
}
else
{
dwProviderCount = LsaGetNumberOfProviders_inlock();
}
if (!dwProviderCount)
{
goto done;
}
dwError = LwAllocateMemory(
dwProviderCount * sizeof(LSA_AUTH_PROVIDER_STATUS),
(PVOID*)&pLsaStatus->pAuthProviderStatusList);
BAIL_ON_LSA_ERROR(dwError);
pLsaStatus->dwCount = dwProviderCount;
dwError = LW_ERROR_NOT_HANDLED;
for (pProvider = gpAuthProviderList, iCount = 0, dwStatusIndex = 0;
pProvider;
pProvider = pProvider->pNext, iCount++)
{
PLSA_AUTH_PROVIDER_STATUS pAuthProviderStatus = NULL;
if (pszTargetProviderName)
{
if (!strcmp(pszTargetProviderName, pProvider->pszName))
{
bFoundProvider = TRUE;
}
else
{
continue;
}
}
dwError = LsaSrvOpenProvider(
hServer,
pProvider,
pszTargetInstance,
&hProvider);
BAIL_ON_LSA_ERROR(dwError);
pAuthProviderStatus = &pLsaStatus->pAuthProviderStatusList[dwStatusIndex++];
dwError = LwAllocateString(
pProvider->pszName,
&pAuthProviderStatus->pszId);
BAIL_ON_LSA_ERROR(dwError);
dwError = pProvider->pFnTable->pfnGetStatus(
hProvider,
&pProviderOwnedStatus);
if (dwError == LW_ERROR_NOT_HANDLED)
{
dwError = 0;
}
else
{
BAIL_ON_LSA_ERROR(dwError);
dwError = LsaSrvCopyProviderStatus(
pProviderOwnedStatus,
pAuthProviderStatus);
BAIL_ON_LSA_ERROR(dwError);
pProvider->pFnTable->pfnFreeStatus(
pProviderOwnedStatus);
pProviderOwnedStatus = NULL;
}
LsaSrvCloseProvider(pProvider, hProvider);
hProvider = (HANDLE)NULL;
}
if (pszTargetProviderName && !bFoundProvider)
{
dwError = LW_ERROR_INVALID_AUTH_PROVIDER;
BAIL_ON_LSA_ERROR(dwError);
}
done:
*ppLsaStatus = pLsaStatus;
cleanup:
LW_SAFE_FREE_STRING(pszTargetProviderName);
LW_SAFE_FREE_STRING(pszTargetInstance);
if (pProvider != NULL && pProviderOwnedStatus)
{
pProvider->pFnTable->pfnFreeStatus(
pProviderOwnedStatus);
}
if (hProvider != NULL)
{
LsaSrvCloseProvider(pProvider, hProvider);
}
LEAVE_AUTH_PROVIDER_LIST_READER_LOCK(bInLock);
return dwError;
error:
LSA_LOG_ERROR_API_FAILED(hServer, dwError, "get lsass status");
if (ppLsaStatus)
{
*ppLsaStatus = NULL;
}
if (pLsaStatus)
{
LsaFreeStatus(pLsaStatus);
}
goto cleanup;
}
DWORD
LsaSrvRefreshConfiguration(
HANDLE hServer
)
{
DWORD dwError = 0;
BOOLEAN bInLock = FALSE;
PLSA_AUTH_PROVIDER pProvider = NULL;
HANDLE hProvider = (HANDLE)NULL;
PLSA_SRV_API_STATE pServerState = (PLSA_SRV_API_STATE)hServer;
BOOLEAN bUnlockConfigLock = FALSE;
LSA_SRV_API_CONFIG apiConfig;
if (pServerState->peerUID)
{
dwError = LW_ERROR_ACCESS_DENIED;
BAIL_ON_LSA_ERROR(dwError);
}
dwError = LsaSrvApiInitConfig(&apiConfig);
BAIL_ON_LSA_ERROR(dwError);
dwError = LsaSrvApiReadRegistry(&apiConfig);
BAIL_ON_LSA_ERROR(dwError);
pthread_mutex_lock(&gAPIConfigLock);
bUnlockConfigLock = TRUE;
dwError = LsaSrvApiTransferConfigContents(
&apiConfig,
&gAPIConfig);
BAIL_ON_LSA_ERROR(dwError);
pthread_mutex_unlock(&gAPIConfigLock);
bUnlockConfigLock = FALSE;
ENTER_AUTH_PROVIDER_LIST_READER_LOCK(bInLock);
dwError = LW_ERROR_NOT_HANDLED;
for (pProvider = gpAuthProviderList;
pProvider;
pProvider = pProvider->pNext)
{
dwError = LsaSrvOpenProvider(
hServer,
pProvider,
NULL,
&hProvider);
BAIL_ON_LSA_ERROR(dwError);
dwError = pProvider->pFnTable->pfnRefreshConfiguration(
hProvider);
if (dwError)
{
LSA_LOG_ERROR("Refreshing provider %s failed.",
pProvider->pszName ? pProvider->pszName : "");
dwError = 0;
}
LsaSrvCloseProvider(pProvider, hProvider);
hProvider = (HANDLE)NULL;
}
cleanup:
if (hProvider != (HANDLE)NULL) {
LsaSrvCloseProvider(pProvider, hProvider);
}
LEAVE_AUTH_PROVIDER_LIST_READER_LOCK(bInLock);
LsaSrvApiFreeConfigContents(&apiConfig);
if (bUnlockConfigLock)
{
pthread_mutex_unlock(&gAPIConfigLock);
}
return(dwError);
error:
LSA_LOG_ERROR_API_FAILED(hServer, dwError, "refresh configuration");
goto cleanup;
}
