int isDomainMember(wchar_t *wszDomain)
{
PPOLICY_PRIMARY_DOMAIN_INFO ppdiDomainInfo=NULL;
PPOLICY_DNS_DOMAIN_INFO pddiDomainInfo=NULL;
LSA_HANDLE PolicyHandle;
NTSTATUS status;
BOOL retval = FALSE;
*wszDomain = '\0';
// open the policy object for the local system
status = OpenPolicy(
NULL
, GENERIC_READ | POLICY_VIEW_LOCAL_INFORMATION
, &PolicyHandle
);
// You have a handle to the policy object. Now, get the
// domain information using LsaQueryInformationPolicy.
if ( !status )
{
/* Based on patch by Valdas Sevelis. Call PolicyDnsDomainInformation first
as Win2K Advanced server is broken w/PolicyPrimaryDomainInformation */
status = LsaQueryInformationPolicy(
PolicyHandle,
PolicyDnsDomainInformation,
(void**)&pddiDomainInfo);
if(!status)
{
retval = pddiDomainInfo->Sid != 0;
if(wszDomain && retval)
{
wcsncpy(wszDomain,pddiDomainInfo->Name.Buffer,pddiDomainInfo->Name.Length/sizeof(wchar_t));
wszDomain[pddiDomainInfo->Name.Length/sizeof(wchar_t)]='\0';
}
LsaFreeMemory( (LPVOID)pddiDomainInfo );
}
else
{
status = LsaQueryInformationPolicy(
PolicyHandle,
PolicyPrimaryDomainInformation,
(void**)&ppdiDomainInfo);
if(!status)
{
retval = ppdiDomainInfo->Sid != 0;
if(wszDomain && retval)
{
wcsncpy(wszDomain,ppdiDomainInfo->Name.Buffer,ppdiDomainInfo->Name.Length/sizeof(wchar_t));
wszDomain[ppdiDomainInfo->Name.Length/sizeof(wchar_t)]='\0';
}
LsaFreeMemory( (LPVOID)ppdiDomainInfo );
}
}
}
// Clean up all the memory buffers created by the LSA calls
LsaClose(PolicyHandle);
return retval;
}
NTSTATUS
SetAuditEvent(
LSA_HANDLE PolicyHandle,
POLICY_AUDIT_EVENT_TYPE EventType,
POLICY_AUDIT_EVENT_OPTIONS EventOption
)
{
PPOLICY_AUDIT_EVENTS_INFO pae;
NTSTATUS Status;
DWORD i; // index into EventAuditingOptions
//
// obtain AuditEvents
//
Status = LsaQueryInformationPolicy(
PolicyHandle,
PolicyAuditEventsInformation,
&pae
);
if(Status != STATUS_SUCCESS) return Status;
//
// insure we were passed a valid EventType and EventOption
//
if((ULONG)EventType > pae->MaximumAuditEventCount ||
(!EventOption & POLICY_AUDIT_EVENT_MASK) ) {
LsaFreeMemory(pae);
return STATUS_INVALID_PARAMETER;
}
//
// set all auditevents to the unchanged status...
//
for(i = 0 ; i < pae->MaximumAuditEventCount ; i++) {
pae->EventAuditingOptions[i] = POLICY_AUDIT_EVENT_UNCHANGED;
}
//
// ...and update only the specified EventType
//
pae->EventAuditingOptions[EventType] = EventOption;
//
// set the new AuditEvents
//
Status = LsaSetInformationPolicy(
PolicyHandle,
PolicyAuditEventsInformation,
pae
);
//
// free allocated memory
//
LsaFreeMemory(pae);
return Status;
}
NTSTATUS
LsarQueryInformationPolicy(
IN LSAPR_HANDLE PolicyHandle,
IN POLICY_INFORMATION_CLASS InfoClass,
OUT PLSAPR_POLICY_INFORMATION *Buffer
)
{
return( LsaQueryInformationPolicy( PolicyHandle,
InfoClass,
Buffer ) );
}
BOOL kull_m_net_getCurrentDomainInfo(PPOLICY_DNS_DOMAIN_INFO * pDomainInfo)
{
BOOL status = FALSE;
LSA_HANDLE hLSA;
LSA_OBJECT_ATTRIBUTES oaLsa = {0};
if(NT_SUCCESS(LsaOpenPolicy(NULL, &oaLsa, POLICY_VIEW_LOCAL_INFORMATION, &hLSA)))
{
status = NT_SUCCESS(LsaQueryInformationPolicy(hLSA, PolicyDnsDomainInformation, (PVOID *) pDomainInfo));
LsaClose(hLSA);
}
return status;
}
NTSTATUS
SetAuditMode(
LSA_HANDLE PolicyHandle,
BOOL bEnable
)
{
PPOLICY_AUDIT_EVENTS_INFO AuditEvents;
NTSTATUS Status;
DWORD i;
//
// obtain current AuditEvents
//
Status = LsaQueryInformationPolicy(
PolicyHandle,
PolicyAuditEventsInformation,
&AuditEvents
);
if(Status != STATUS_SUCCESS) return Status;
//
// update the relevant member
//
AuditEvents->AuditingMode = bEnable;
//
// set all auditevents to the unchanged status...
//
for(i = 0 ; i < AuditEvents->MaximumAuditEventCount ; i++) {
AuditEvents->EventAuditingOptions[i] = POLICY_AUDIT_EVENT_UNCHANGED;
}
//
// set the new auditing mode (enabled or disabled)
//
Status = LsaSetInformationPolicy(
PolicyHandle,
PolicyAuditEventsInformation,
AuditEvents
);
LsaFreeMemory(AuditEvents);
return Status;
}
NTSTATUS
DisplayAudit(
LSA_HANDLE PolicyHandle
)
{
PPOLICY_AUDIT_EVENTS_INFO AuditEvents;
NTSTATUS Status;
DWORD i; // index into EventAuditingOptions
//
// obtain AuditEvents
//
Status = LsaQueryInformationPolicy(
PolicyHandle,
PolicyAuditEventsInformation,
&AuditEvents
);
if(Status != STATUS_SUCCESS) return Status;
//
// successfully obtained AuditEventsInformation. Now display.
//
if(AuditEvents->AuditingMode) {
printf("Auditing Enabled\n");
} else {
printf("Auditing Disabled\n");
}
for(i = 0 ; i < AuditEvents->MaximumAuditEventCount ; i++) {
DisplayAuditEventOption(i, AuditEvents->EventAuditingOptions[i]);
}
//
// free allocated memory
//
LsaFreeMemory(AuditEvents);
return Status;
}
static int ondata_no_sid(struct lm_sam_s *This, PUNICODE_STRING uname, HASH hash, NTSTATUS *result){
LSA_HANDLE h_policy;
LSA_OBJECT_ATTRIBUTES objattr;
POLICY_ACCOUNT_DOMAIN_INFO *pdomain_info;
NTSTATUS status;
char dname[64];
memset(&objattr, 0, sizeof(objattr));
objattr.Length = sizeof(objattr);
if((status = LsaOpenPolicy(NULL, &objattr, POLICY_VIEW_LOCAL_INFORMATION, &h_policy)) != STATUS_SUCCESS){
DOUTST2("LsaOpenPolicy", status);
*result = status;
return 0;
}
if((status = LsaQueryInformationPolicy(h_policy, PolicyAccountDomainInformation, &pdomain_info)) != STATUS_SUCCESS){
DOUTST2("LsaQueryInformationPolicy", status);
LsaClose(h_policy);
*result = status;
return 0;
}
if(unicode2ansi(pdomain_info->DomainName.Buffer, pdomain_info->DomainName.Length, dname, sizeof(dname)) == 0){
strcpy(dname, "<unknown>");
}
dout(va("Current domain is %s.\n", dname));
This->lsa_policy_info_buffer = pdomain_info;
This->domain_sid = pdomain_info->DomainSid;
// delegate processing to no_sam state
This->state = &state_no_sam;
return This->state->data(This, uname, hash, result);
}
NTSTATUS
LsapGetAccountDomainInfo(
PPOLICY_ACCOUNT_DOMAIN_INFO *PolicyAccountDomainInfo
)
/*++
Routine Description:
This routine retrieves ACCOUNT domain information from the LSA
policy database.
Arguments:
PolicyAccountDomainInfo - Receives a pointer to a
POLICY_ACCOUNT_DOMAIN_INFO structure containing the account
domain info.
Return Value:
STATUS_SUCCESS - Succeeded.
Other status values that may be returned from:
LsaOpenPolicy()
LsaQueryInformationPolicy()
--*/
{
NTSTATUS Status, IgnoreStatus;
LSA_HANDLE PolicyHandle;
OBJECT_ATTRIBUTES PolicyObjectAttributes;
//
// Open the policy database
//
InitializeObjectAttributes( &PolicyObjectAttributes,
NULL, // Name
0, // Attributes
NULL, // Root
NULL ); // Security Descriptor
Status = LsaOpenPolicy( NULL,
&PolicyObjectAttributes,
POLICY_VIEW_LOCAL_INFORMATION,
&PolicyHandle );
if ( NT_SUCCESS(Status) ) {
//
// Query the account domain information
//
Status = LsaQueryInformationPolicy( PolicyHandle,
PolicyAccountDomainInformation,
(PVOID *) PolicyAccountDomainInfo );
#if DBG
if ( NT_SUCCESS(Status) ) {
ASSERT( (*PolicyAccountDomainInfo) != NULL );
ASSERT( (*PolicyAccountDomainInfo)->DomainSid != NULL );
}
#endif // DBG
IgnoreStatus = LsaClose( PolicyHandle );
ASSERT(NT_SUCCESS(IgnoreStatus));
}
return(Status);
}
NTSTATUS
SetAdministratorPassword(LPCWSTR Password)
{
PPOLICY_ACCOUNT_DOMAIN_INFO OrigInfo = NULL;
PUSER_ACCOUNT_NAME_INFORMATION AccountNameInfo = NULL;
USER_SET_PASSWORD_INFORMATION PasswordInfo;
LSA_OBJECT_ATTRIBUTES ObjectAttributes;
LSA_HANDLE PolicyHandle = NULL;
SAM_HANDLE ServerHandle = NULL;
SAM_HANDLE DomainHandle = NULL;
SAM_HANDLE UserHandle = NULL;
NTSTATUS Status;
DPRINT1("SYSSETUP: SetAdministratorPassword(%S)\n", Password);
memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES));
ObjectAttributes.Length = sizeof(LSA_OBJECT_ATTRIBUTES);
Status = LsaOpenPolicy(NULL,
&ObjectAttributes,
POLICY_VIEW_LOCAL_INFORMATION | POLICY_TRUST_ADMIN,
&PolicyHandle);
if (Status != STATUS_SUCCESS)
{
DPRINT1("LsaOpenPolicy() failed (Status: 0x%08lx)\n", Status);
return Status;
}
Status = LsaQueryInformationPolicy(PolicyHandle,
PolicyAccountDomainInformation,
(PVOID *)&OrigInfo);
if (!NT_SUCCESS(Status))
{
DPRINT1("LsaQueryInformationPolicy() failed (Status: 0x%08lx)\n", Status);
goto done;
}
Status = SamConnect(NULL,
&ServerHandle,
SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN,
NULL);
if (!NT_SUCCESS(Status))
{
DPRINT1("SamConnect() failed (Status: 0x%08lx)\n", Status);
goto done;
}
Status = SamOpenDomain(ServerHandle,
DOMAIN_LOOKUP,
OrigInfo->DomainSid,
&DomainHandle);
if (!NT_SUCCESS(Status))
{
DPRINT1("SamOpenDomain() failed (Status: 0x%08lx)\n", Status);
goto done;
}
Status = SamOpenUser(DomainHandle,
USER_FORCE_PASSWORD_CHANGE | USER_READ_GENERAL,
DOMAIN_USER_RID_ADMIN,
&UserHandle);
if (!NT_SUCCESS(Status))
{
DPRINT1("SamOpenUser() failed (Status %08lx)\n", Status);
goto done;
}
RtlInitUnicodeString(&PasswordInfo.Password, Password);
PasswordInfo.PasswordExpired = FALSE;
Status = SamSetInformationUser(UserHandle,
UserSetPasswordInformation,
(PVOID)&PasswordInfo);
if (!NT_SUCCESS(Status))
{
DPRINT1("SamSetInformationUser() failed (Status %08lx)\n", Status);
goto done;
}
Status = SamQueryInformationUser(UserHandle,
UserAccountNameInformation,
(PVOID*)&AccountNameInfo);
if (!NT_SUCCESS(Status))
{
DPRINT1("SamSetInformationUser() failed (Status %08lx)\n", Status);
goto done;
}
AdminInfo.Name = RtlAllocateHeap(RtlGetProcessHeap(),
HEAP_ZERO_MEMORY,
AccountNameInfo->UserName.Length + sizeof(WCHAR));
if (AdminInfo.Name != NULL)
RtlCopyMemory(AdminInfo.Name,
AccountNameInfo->UserName.Buffer,
AccountNameInfo->UserName.Length);
AdminInfo.Domain = RtlAllocateHeap(RtlGetProcessHeap(),
HEAP_ZERO_MEMORY,
OrigInfo->DomainName.Length + sizeof(WCHAR));
if (AdminInfo.Domain != NULL)
RtlCopyMemory(AdminInfo.Domain,
OrigInfo->DomainName.Buffer,
OrigInfo->DomainName.Length);
AdminInfo.Password = RtlAllocateHeap(RtlGetProcessHeap(),
0,
(wcslen(Password) + 1) * sizeof(WCHAR));
if (AdminInfo.Password != NULL)
wcscpy(AdminInfo.Password, Password);
DPRINT("Administrator Name: %S\n", AdminInfo.Name);
DPRINT("Administrator Domain: %S\n", AdminInfo.Domain);
DPRINT("Administrator Password: %S\n", AdminInfo.Password);
done:
if (AccountNameInfo != NULL)
SamFreeMemory(AccountNameInfo);
if (OrigInfo != NULL)
LsaFreeMemory(OrigInfo);
if (PolicyHandle != NULL)
LsaClose(PolicyHandle);
if (UserHandle != NULL)
SamCloseHandle(UserHandle);
if (DomainHandle != NULL)
SamCloseHandle(DomainHandle);
if (ServerHandle != NULL)
SamCloseHandle(ServerHandle);
DPRINT1("SYSSETUP: SetAdministratorPassword() done (Status %08lx)\n", Status);
return Status;
}
NTSTATUS
SetAccountDomain(LPCWSTR DomainName,
PSID DomainSid)
{
PPOLICY_ACCOUNT_DOMAIN_INFO OrigInfo = NULL;
POLICY_ACCOUNT_DOMAIN_INFO Info;
LSA_OBJECT_ATTRIBUTES ObjectAttributes;
LSA_HANDLE PolicyHandle;
SAM_HANDLE ServerHandle = NULL;
SAM_HANDLE DomainHandle = NULL;
DOMAIN_NAME_INFORMATION DomainNameInfo;
NTSTATUS Status;
DPRINT1("SYSSETUP: SetAccountDomain\n");
memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES));
ObjectAttributes.Length = sizeof(LSA_OBJECT_ATTRIBUTES);
Status = LsaOpenPolicy(NULL,
&ObjectAttributes,
POLICY_VIEW_LOCAL_INFORMATION | POLICY_TRUST_ADMIN,
&PolicyHandle);
if (Status != STATUS_SUCCESS)
{
DPRINT("LsaOpenPolicy failed (Status: 0x%08lx)\n", Status);
return Status;
}
Status = LsaQueryInformationPolicy(PolicyHandle,
PolicyAccountDomainInformation,
(PVOID *)&OrigInfo);
if (Status == STATUS_SUCCESS && OrigInfo != NULL)
{
if (DomainName == NULL)
{
Info.DomainName.Buffer = OrigInfo->DomainName.Buffer;
Info.DomainName.Length = OrigInfo->DomainName.Length;
Info.DomainName.MaximumLength = OrigInfo->DomainName.MaximumLength;
}
else
{
Info.DomainName.Buffer = (LPWSTR)DomainName;
Info.DomainName.Length = wcslen(DomainName) * sizeof(WCHAR);
Info.DomainName.MaximumLength = Info.DomainName.Length + sizeof(WCHAR);
}
if (DomainSid == NULL)
Info.DomainSid = OrigInfo->DomainSid;
else
Info.DomainSid = DomainSid;
}
else
{
Info.DomainName.Buffer = (LPWSTR)DomainName;
Info.DomainName.Length = wcslen(DomainName) * sizeof(WCHAR);
Info.DomainName.MaximumLength = Info.DomainName.Length + sizeof(WCHAR);
Info.DomainSid = DomainSid;
}
Status = LsaSetInformationPolicy(PolicyHandle,
PolicyAccountDomainInformation,
(PVOID)&Info);
if (Status != STATUS_SUCCESS)
{
DPRINT("LsaSetInformationPolicy failed (Status: 0x%08lx)\n", Status);
}
if (OrigInfo != NULL)
LsaFreeMemory(OrigInfo);
LsaClose(PolicyHandle);
DomainNameInfo.DomainName.Length = wcslen(DomainName) * sizeof(WCHAR);
DomainNameInfo.DomainName.MaximumLength = (wcslen(DomainName) + 1) * sizeof(WCHAR);
DomainNameInfo.DomainName.Buffer = (LPWSTR)DomainName;
Status = SamConnect(NULL,
&ServerHandle,
SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN,
NULL);
if (NT_SUCCESS(Status))
{
Status = SamOpenDomain(ServerHandle,
DOMAIN_WRITE_OTHER_PARAMETERS,
Info.DomainSid,
&DomainHandle);
if (NT_SUCCESS(Status))
{
Status = SamSetInformationDomain(DomainHandle,
DomainNameInformation,
(PVOID)&DomainNameInfo);
if (!NT_SUCCESS(Status))
{
DPRINT1("SamSetInformationDomain failed (Status: 0x%08lx)\n", Status);
}
SamCloseHandle(DomainHandle);
}
else
{
DPRINT1("SamOpenDomain failed (Status: 0x%08lx)\n", Status);
}
SamCloseHandle(ServerHandle);
}
return Status;
}
/************************************************************
* DsRoleGetPrimaryDomainInformation (NETAPI32.@)
*
* PARAMS
* lpServer [I] Pointer to UNICODE string with ComputerName
* InfoLevel [I] Type of data to retrieve
* Buffer [O] Pointer to to the requested data
*
* RETURNS
*
* NOTES
* When lpServer is NULL, use the local computer
*/
DWORD WINAPI DsRoleGetPrimaryDomainInformation(
LPCWSTR lpServer, DSROLE_PRIMARY_DOMAIN_INFO_LEVEL InfoLevel,
PBYTE* Buffer)
{
DWORD ret;
FIXME("(%p, %d, %p) stub\n", lpServer, InfoLevel, Buffer);
/* Check some input parameters */
if (!Buffer) return ERROR_INVALID_PARAMETER;
if ((InfoLevel < DsRolePrimaryDomainInfoBasic) || (InfoLevel > DsRoleOperationState)) return ERROR_INVALID_PARAMETER;
*Buffer = NULL;
switch (InfoLevel)
{
case DsRolePrimaryDomainInfoBasic:
{
LSA_OBJECT_ATTRIBUTES ObjectAttributes;
LSA_HANDLE PolicyHandle;
PPOLICY_ACCOUNT_DOMAIN_INFO DomainInfo;
NTSTATUS NtStatus;
int logon_domain_sz;
DWORD size;
PDSROLE_PRIMARY_DOMAIN_INFO_BASIC basic;
ZeroMemory(&ObjectAttributes, sizeof(ObjectAttributes));
NtStatus = LsaOpenPolicy(NULL, &ObjectAttributes,
POLICY_VIEW_LOCAL_INFORMATION, &PolicyHandle);
if (NtStatus != STATUS_SUCCESS)
{
TRACE("LsaOpenPolicyFailed with NT status %x\n",
LsaNtStatusToWinError(NtStatus));
return ERROR_OUTOFMEMORY;
}
LsaQueryInformationPolicy(PolicyHandle,
PolicyAccountDomainInformation, (PVOID*)&DomainInfo);
logon_domain_sz = lstrlenW(DomainInfo->DomainName.Buffer) + 1;
LsaClose(PolicyHandle);
size = sizeof(DSROLE_PRIMARY_DOMAIN_INFO_BASIC) +
logon_domain_sz * sizeof(WCHAR);
basic = HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, size);
if (basic)
{
basic->MachineRole = DsRole_RoleStandaloneWorkstation;
basic->DomainNameFlat = (LPWSTR)((LPBYTE)basic +
sizeof(DSROLE_PRIMARY_DOMAIN_INFO_BASIC));
lstrcpyW(basic->DomainNameFlat, DomainInfo->DomainName.Buffer);
ret = ERROR_SUCCESS;
}
else
ret = ERROR_OUTOFMEMORY;
*Buffer = (PBYTE)basic;
LsaFreeMemory(DomainInfo);
}
break;
default:
ret = ERROR_CALL_NOT_IMPLEMENTED;
}
return ret;
}
/* Hack */
static
NTSTATUS
SetPrimaryDomain(LPCWSTR DomainName,
PSID DomainSid)
{
PPOLICY_PRIMARY_DOMAIN_INFO OrigInfo = NULL;
POLICY_PRIMARY_DOMAIN_INFO Info;
LSA_OBJECT_ATTRIBUTES ObjectAttributes;
LSA_HANDLE PolicyHandle;
NTSTATUS Status;
DPRINT1("SYSSETUP: SetPrimaryDomain()\n");
memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES));
ObjectAttributes.Length = sizeof(LSA_OBJECT_ATTRIBUTES);
Status = LsaOpenPolicy(NULL,
&ObjectAttributes,
POLICY_VIEW_LOCAL_INFORMATION | POLICY_TRUST_ADMIN,
&PolicyHandle);
if (Status != STATUS_SUCCESS)
{
DPRINT("LsaOpenPolicy failed (Status: 0x%08lx)\n", Status);
return Status;
}
Status = LsaQueryInformationPolicy(PolicyHandle,
PolicyPrimaryDomainInformation,
(PVOID *)&OrigInfo);
if (Status == STATUS_SUCCESS && OrigInfo != NULL)
{
if (DomainName == NULL)
{
Info.Name.Buffer = OrigInfo->Name.Buffer;
Info.Name.Length = OrigInfo->Name.Length;
Info.Name.MaximumLength = OrigInfo->Name.MaximumLength;
}
else
{
Info.Name.Buffer = (LPWSTR)DomainName;
Info.Name.Length = wcslen(DomainName) * sizeof(WCHAR);
Info.Name.MaximumLength = Info.Name.Length + sizeof(WCHAR);
}
if (DomainSid == NULL)
Info.Sid = OrigInfo->Sid;
else
Info.Sid = DomainSid;
}
else
{
Info.Name.Buffer = (LPWSTR)DomainName;
Info.Name.Length = wcslen(DomainName) * sizeof(WCHAR);
Info.Name.MaximumLength = Info.Name.Length + sizeof(WCHAR);
Info.Sid = DomainSid;
}
Status = LsaSetInformationPolicy(PolicyHandle,
PolicyPrimaryDomainInformation,
(PVOID)&Info);
if (Status != STATUS_SUCCESS)
{
DPRINT("LsaSetInformationPolicy failed (Status: 0x%08lx)\n", Status);
}
if (OrigInfo != NULL)
LsaFreeMemory(OrigInfo);
LsaClose(PolicyHandle);
return Status;
}
static void test_lsa(void)
{
NTSTATUS status;
LSA_HANDLE handle;
LSA_OBJECT_ATTRIBUTES object_attributes;
ZeroMemory(&object_attributes, sizeof(object_attributes));
object_attributes.Length = sizeof(object_attributes);
status = LsaOpenPolicy( NULL, &object_attributes, POLICY_ALL_ACCESS, &handle);
ok(status == STATUS_SUCCESS || status == STATUS_ACCESS_DENIED,
"LsaOpenPolicy(POLICY_ALL_ACCESS) returned 0x%08x\n", status);
/* try a more restricted access mask if necessary */
if (status == STATUS_ACCESS_DENIED) {
trace("LsaOpenPolicy(POLICY_ALL_ACCESS) failed, trying POLICY_VIEW_LOCAL_INFORMATION|POLICY_LOOKUP_NAMES\n");
status = LsaOpenPolicy( NULL, &object_attributes, POLICY_VIEW_LOCAL_INFORMATION|POLICY_LOOKUP_NAMES, &handle);
ok(status == STATUS_SUCCESS, "LsaOpenPolicy(POLICY_VIEW_LOCAL_INFORMATION|POLICY_LOOKUP_NAMES) returned 0x%08x\n", status);
}
if (status == STATUS_SUCCESS) {
PPOLICY_AUDIT_EVENTS_INFO audit_events_info;
PPOLICY_PRIMARY_DOMAIN_INFO primary_domain_info;
PPOLICY_ACCOUNT_DOMAIN_INFO account_domain_info;
PPOLICY_DNS_DOMAIN_INFO dns_domain_info;
HANDLE token;
BOOL ret;
status = LsaQueryInformationPolicy(handle, PolicyAuditEventsInformation, (void **)&audit_events_info);
if (status == STATUS_ACCESS_DENIED)
skip("Not enough rights to retrieve PolicyAuditEventsInformation\n");
else
ok(status == STATUS_SUCCESS, "LsaQueryInformationPolicy(PolicyAuditEventsInformation) failed, returned 0x%08x\n", status);
if (status == STATUS_SUCCESS)
LsaFreeMemory(audit_events_info);
status = LsaQueryInformationPolicy(handle, PolicyPrimaryDomainInformation, (void **)&primary_domain_info);
ok(status == STATUS_SUCCESS, "LsaQueryInformationPolicy(PolicyPrimaryDomainInformation) failed, returned 0x%08x\n", status);
if (status == STATUS_SUCCESS) {
if (primary_domain_info->Sid) {
LPSTR strsid;
if (ConvertSidToStringSidA(primary_domain_info->Sid, &strsid))
{
if (primary_domain_info->Name.Buffer) {
LPSTR name = NULL;
UINT len;
len = WideCharToMultiByte( CP_ACP, 0, primary_domain_info->Name.Buffer, -1, NULL, 0, NULL, NULL );
name = LocalAlloc( 0, len );
WideCharToMultiByte( CP_ACP, 0, primary_domain_info->Name.Buffer, -1, name, len, NULL, NULL );
trace(" name: %s sid: %s\n", name, strsid);
LocalFree( name );
} else
trace(" name: NULL sid: %s\n", strsid);
LocalFree( strsid );
}
else
trace("invalid sid\n");
}
else
trace("Running on a standalone system.\n");
LsaFreeMemory(primary_domain_info);
}
status = LsaQueryInformationPolicy(handle, PolicyAccountDomainInformation, (void **)&account_domain_info);
ok(status == STATUS_SUCCESS, "LsaQueryInformationPolicy(PolicyAccountDomainInformation) failed, returned 0x%08x\n", status);
if (status == STATUS_SUCCESS)
LsaFreeMemory(account_domain_info);
/* This isn't supported in NT4 */
status = LsaQueryInformationPolicy(handle, PolicyDnsDomainInformation, (void **)&dns_domain_info);
ok(status == STATUS_SUCCESS || status == STATUS_INVALID_PARAMETER,
"LsaQueryInformationPolicy(PolicyDnsDomainInformation) failed, returned 0x%08x\n", status);
if (status == STATUS_SUCCESS) {
if (dns_domain_info->Sid || !IsEqualGUID(&dns_domain_info->DomainGuid, &GUID_NULL)) {
LPSTR strsid = NULL;
LPSTR name = NULL;
LPSTR domain = NULL;
LPSTR forest = NULL;
LPSTR guidstr = NULL;
WCHAR guidstrW[64];
UINT len;
guidstrW[0] = '\0';
ConvertSidToStringSidA(dns_domain_info->Sid, &strsid);
StringFromGUID2(&dns_domain_info->DomainGuid, guidstrW, ARRAY_SIZE(guidstrW));
len = WideCharToMultiByte( CP_ACP, 0, guidstrW, -1, NULL, 0, NULL, NULL );
guidstr = LocalAlloc( 0, len );
WideCharToMultiByte( CP_ACP, 0, guidstrW, -1, guidstr, len, NULL, NULL );
if (dns_domain_info->Name.Buffer) {
len = WideCharToMultiByte( CP_ACP, 0, dns_domain_info->Name.Buffer, -1, NULL, 0, NULL, NULL );
name = LocalAlloc( 0, len );
WideCharToMultiByte( CP_ACP, 0, dns_domain_info->Name.Buffer, -1, name, len, NULL, NULL );
}
if (dns_domain_info->DnsDomainName.Buffer) {
len = WideCharToMultiByte( CP_ACP, 0, dns_domain_info->DnsDomainName.Buffer, -1, NULL, 0, NULL, NULL );
domain = LocalAlloc( 0, len );
WideCharToMultiByte( CP_ACP, 0, dns_domain_info->DnsDomainName.Buffer, -1, domain, len, NULL, NULL );
}
if (dns_domain_info->DnsForestName.Buffer) {
len = WideCharToMultiByte( CP_ACP, 0, dns_domain_info->DnsForestName.Buffer, -1, NULL, 0, NULL, NULL );
forest = LocalAlloc( 0, len );
WideCharToMultiByte( CP_ACP, 0, dns_domain_info->DnsForestName.Buffer, -1, forest, len, NULL, NULL );
}
trace(" name: %s domain: %s forest: %s guid: %s sid: %s\n",
name ? name : "NULL", domain ? domain : "NULL",
forest ? forest : "NULL", guidstr, strsid ? strsid : "NULL");
LocalFree( name );
LocalFree( forest );
LocalFree( domain );
LocalFree( guidstr );
LocalFree( strsid );
}
else
trace("Running on a standalone system.\n");
LsaFreeMemory(dns_domain_info);
}
/* We need a valid SID to pass to LsaEnumerateAccountRights */
ret = OpenProcessToken( GetCurrentProcess(), TOKEN_QUERY, &token );
ok(ret, "Unable to obtain process token, error %u\n", GetLastError( ));
if (ret) {
char buffer[64];
DWORD len;
TOKEN_USER *token_user = (TOKEN_USER *) buffer;
ret = GetTokenInformation( token, TokenUser, (LPVOID) token_user, sizeof(buffer), &len );
ok(ret || GetLastError( ) == ERROR_INSUFFICIENT_BUFFER, "Unable to obtain token information, error %u\n", GetLastError( ));
if (! ret && GetLastError( ) == ERROR_INSUFFICIENT_BUFFER) {
trace("Resizing buffer to %u.\n", len);
token_user = LocalAlloc( 0, len );
if (token_user != NULL)
ret = GetTokenInformation( token, TokenUser, (LPVOID) token_user, len, &len );
}
if (ret) {
PLSA_UNICODE_STRING rights;
ULONG rights_count;
rights = (PLSA_UNICODE_STRING) 0xdeadbeaf;
rights_count = 0xcafecafe;
status = LsaEnumerateAccountRights(handle, token_user->User.Sid, &rights, &rights_count);
ok(status == STATUS_SUCCESS || status == STATUS_OBJECT_NAME_NOT_FOUND, "Unexpected status 0x%x\n", status);
if (status == STATUS_SUCCESS)
LsaFreeMemory( rights );
else
ok(rights == NULL && rights_count == 0, "Expected rights and rights_count to be set to 0 on failure\n");
}
if (token_user != NULL && token_user != (TOKEN_USER *) buffer)
LocalFree( token_user );
CloseHandle( token );
}
status = LsaClose(handle);
ok(status == STATUS_SUCCESS, "LsaClose() failed, returned 0x%08x\n", status);
}
}
/******************************************************************************
* NetUserModalsGet (NETAPI32.@)
*
* Retrieves global information for all users and global groups in the security
* database.
*
* PARAMS
* szServer [I] Specifies the DNS or the NetBIOS name of the remote server
* on which the function is to execute.
* level [I] Information level of the data.
* 0 Return global passwords parameters. bufptr points to a
* USER_MODALS_INFO_0 struct.
* 1 Return logon server and domain controller information. bufptr
* points to a USER_MODALS_INFO_1 struct.
* 2 Return domain name and identifier. bufptr points to a
* USER_MODALS_INFO_2 struct.
* 3 Return lockout information. bufptr points to a USER_MODALS_INFO_3
* struct.
* pbuffer [I] Buffer that receives the data.
*
* RETURNS
* Success: NERR_Success.
* Failure:
* ERROR_ACCESS_DENIED - the user does not have access to the info.
* NERR_InvalidComputer - computer name is invalid.
*/
NET_API_STATUS WINAPI NetUserModalsGet(
LPCWSTR szServer, DWORD level, LPBYTE *pbuffer)
{
TRACE("(%s %d %p)\n", debugstr_w(szServer), level, pbuffer);
switch (level)
{
case 0:
/* return global passwords parameters */
FIXME("level 0 not implemented!\n");
*pbuffer = NULL;
return NERR_InternalError;
case 1:
/* return logon server and domain controller info */
FIXME("level 1 not implemented!\n");
*pbuffer = NULL;
return NERR_InternalError;
case 2:
{
/* return domain name and identifier */
PUSER_MODALS_INFO_2 umi;
LSA_HANDLE policyHandle;
LSA_OBJECT_ATTRIBUTES objectAttributes;
PPOLICY_ACCOUNT_DOMAIN_INFO domainInfo;
NTSTATUS ntStatus;
PSID domainIdentifier = NULL;
int domainNameLen, domainIdLen;
ZeroMemory(&objectAttributes, sizeof(objectAttributes));
objectAttributes.Length = sizeof(objectAttributes);
ntStatus = LsaOpenPolicy(NULL, &objectAttributes,
POLICY_VIEW_LOCAL_INFORMATION,
&policyHandle);
if (ntStatus != STATUS_SUCCESS)
{
WARN("LsaOpenPolicy failed with NT status %x\n",
LsaNtStatusToWinError(ntStatus));
return ntStatus;
}
ntStatus = LsaQueryInformationPolicy(policyHandle,
PolicyAccountDomainInformation,
(PVOID *)&domainInfo);
if (ntStatus != STATUS_SUCCESS)
{
WARN("LsaQueryInformationPolicy failed with NT status %x\n",
LsaNtStatusToWinError(ntStatus));
LsaClose(policyHandle);
return ntStatus;
}
domainIdentifier = domainInfo->DomainSid;
domainIdLen = (domainIdentifier) ? GetLengthSid(domainIdentifier) : 0;
domainNameLen = lstrlenW(domainInfo->DomainName.Buffer) + 1;
LsaClose(policyHandle);
ntStatus = NetApiBufferAllocate(sizeof(USER_MODALS_INFO_2) +
domainIdLen +
domainNameLen * sizeof(WCHAR),
(LPVOID *)pbuffer);
if (ntStatus != NERR_Success)
{
WARN("NetApiBufferAllocate() failed\n");
LsaFreeMemory(domainInfo);
return ntStatus;
}
umi = (USER_MODALS_INFO_2 *) *pbuffer;
umi->usrmod2_domain_id = (domainIdLen > 0) ? (*pbuffer + sizeof(USER_MODALS_INFO_2)) : NULL;
umi->usrmod2_domain_name = (LPWSTR)(*pbuffer +
sizeof(USER_MODALS_INFO_2) + domainIdLen);
lstrcpynW(umi->usrmod2_domain_name,
domainInfo->DomainName.Buffer,
domainNameLen);
if (domainIdLen > 0)
CopySid(GetLengthSid(domainIdentifier), umi->usrmod2_domain_id,
domainIdentifier);
LsaFreeMemory(domainInfo);
break;
}
case 3:
/* return lockout information */
FIXME("level 3 not implemented!\n");
*pbuffer = NULL;
return NERR_InternalError;
default:
TRACE("Invalid level %d is specified\n", level);
*pbuffer = NULL;
return ERROR_INVALID_LEVEL;
}
return NERR_Success;
}
int _CRTAPI1
main(
IN int argc,
IN char ** argv
)
/*++
Routine Description:
Drive the password changing.
Arguments:
argc - the number of command-line arguments.
argv - an array of pointers to the arguments.
Return Value:
Exit status
--*/
{
NTSTATUS Status;
MSV1_0_CHANGEPASSWORD_REQUEST Request;
PMSV1_0_CHANGEPASSWORD_RESPONSE ReturnBuffer;
ULONG ReturnBufferSize;
NTSTATUS ProtocolStatus;
OBJECT_ATTRIBUTES LSAObjectAttributes;
UNICODE_STRING LocalComputerName = { 0, 0, NULL };
PPOLICY_PRIMARY_DOMAIN_INFO PrimaryDomainInfo = NULL;
if ( argc < 5 ) {
fprintf( stderr,
"Usage: pwdtest DomainName UserName OldPassword NewPassword\n" );
return(1);
}
//
// Set up MSV1_0.dll environment.
//
MspHeap = RtlProcessHeap();
Status = NlInitialize();
if ( !NT_SUCCESS( Status ) ) {
printf("pwdtest: NlInitialize failed, status %x\n", Status);
return(1);
}
Lsa.AllocateClientBuffer = LsapAllocateClientBuffer;
Lsa.FreeClientBuffer = LsapFreeClientBuffer;
Lsa.CopyToClientBuffer = LsapCopyToClientBuffer;
//
// Open the LSA policy database in case change password needs it
//
InitializeObjectAttributes( &LSAObjectAttributes,
NULL, // Name
0, // Attributes
NULL, // Root
NULL ); // Security Descriptor
Status = LsaOpenPolicy( &LocalComputerName,
&LSAObjectAttributes,
POLICY_VIEW_LOCAL_INFORMATION,
&NlpPolicyHandle );
if( !NT_SUCCESS(Status) ) {
printf("pwdtest: LsaOpenPolicy failed, status %x\n", Status);
return(1);
}
//
// Get the name of our domain.
//
Status = LsaQueryInformationPolicy(
NlpPolicyHandle,
PolicyPrimaryDomainInformation,
(PVOID *) &PrimaryDomainInfo );
if( !NT_SUCCESS(Status) ) {
KdPrint(("pwdtest: LsaQueryInformationPolicy failed, status %x\n",
Status));
return(1);
}
NlpSamDomainName = PrimaryDomainInfo->Name;
//
// Build the request message
//
Request.MessageType = MsV1_0ChangePassword;
RtlCreateUnicodeStringFromAsciiz( &Request.DomainName, argv[1] );
RtlCreateUnicodeStringFromAsciiz( &Request.AccountName, argv[2] );
RtlCreateUnicodeStringFromAsciiz( &Request.OldPassword, argv[3] );
RtlCreateUnicodeStringFromAsciiz( &Request.NewPassword, argv[4] );
Status = MspLm20ChangePassword( NULL,
&Request,
&Request,
0x7FFFFFFF,
(PVOID *) &ReturnBuffer,
&ReturnBufferSize,
&ProtocolStatus );
printf( "Status = 0x%lx 0x%lx\n", Status, ProtocolStatus );
if ( ProtocolStatus == STATUS_CANT_DISABLE_MANDATORY ) {
printf( "Are you running as SYSTEM?\n" );
}
if ( ReturnBufferSize != 0 ) {
printf( "PasswordInfoValid %ld\n", ReturnBuffer->PasswordInfoValid );
if ( ReturnBuffer->PasswordInfoValid ) {
printf( "Min length: %ld PasswordHistory: %ld Prop 0x%lx\n",
ReturnBuffer->DomainPasswordInfo.MinPasswordLength,
ReturnBuffer->DomainPasswordInfo.PasswordHistoryLength,
ReturnBuffer->DomainPasswordInfo.PasswordProperties );
}
}
return 0;
}
BOOL
NTIsPDC(
LPTSTR ServerName
)
/*++
Routine Description:
Arguments:
Return Value:
None.
--*/
{
static TCHAR Serv[MAX_COMPUTERNAME_LENGTH + 3];
UNICODE_STRING us;
NTSTATUS ret;
OBJECT_ATTRIBUTES oa;
ACCESS_MASK am;
SECURITY_QUALITY_OF_SERVICE qos;
LSA_HANDLE hLSA;
PPOLICY_LSA_SERVER_ROLE_INFO pvBuffer;
BOOL IsPDC = FALSE;
if (ServerName[0] == TEXT('\\'))
lstrcpy(Serv, ServerName);
else
wsprintf(Serv, TEXT("\\\\%s"), ServerName);
// Set up unicode string structure
us.Length = lstrlen(Serv) * sizeof(TCHAR);
us.MaximumLength = us.Length + sizeof(TCHAR);
us.Buffer = Serv;
// only need read access
am = POLICY_READ | POLICY_VIEW_LOCAL_INFORMATION;
// set up quality of service
qos.Length = sizeof(SECURITY_QUALITY_OF_SERVICE);
qos.ImpersonationLevel = SecurityImpersonation;
qos.ContextTrackingMode = SECURITY_DYNAMIC_TRACKING;
qos.EffectiveOnly = FALSE;
// Macro sets everything except security field
InitializeObjectAttributes( &oa, NULL, 0L, NULL, NULL );
oa.SecurityQualityOfService = &qos;
ret = LsaOpenPolicy(&us, &oa, am, &hLSA);
if (!ret) {
ret = LsaQueryInformationPolicy(hLSA, PolicyLsaServerRoleInformation, (PVOID *) &pvBuffer);
LsaClose(hLSA);
if ((!ret) && (pvBuffer != NULL)) {
if (pvBuffer->LsaServerRole == PolicyServerRolePrimary)
IsPDC = TRUE;
LsaFreeMemory((PVOID) pvBuffer);
}
}
return IsPDC;
} // NTIsPDC
