static
DWORD
VmAfdAllocateSidFromUid(
uid_t uid,
PSID *ppSid)
{
DWORD dwError = 0;
NTSTATUS ntStatus = 0;
PSID pSid = NULL;
PSTR pszSid = NULL;
dwError = VmAfdAllocateStringPrintf(
&pszSid,
"S-1-22-1-%d", /* Unix uid SID string */
uid);
BAIL_ON_VMAFD_ERROR(dwError);
ntStatus = RtlAllocateSidFromCString(
&pSid,
pszSid);
dwError = LwNtStatusToWin32Error(ntStatus);
BAIL_ON_VMAFD_ERROR(dwError);
*ppSid = pSid;
cleanup:
VMAFD_SAFE_FREE_STRINGA(pszSid);
return dwError;
error:
goto cleanup;
}
/*
* Converts array of sid strings to array of sids
*/
static
PSID* create_sid_list(char **strlist)
{
int list_len = 0;
PSID* sid_list = NULL;
int i = 0;
if (strlist == NULL) return NULL;
/* count the elements (including terminating zero) */
while (strlist[list_len++]);
/* allocate the wchar16_t strings array */
sid_list = (PSID*) malloc(sizeof(PSID) * list_len);
if (sid_list == NULL) return NULL;
memset((void*)sid_list, 0, sizeof(PSID) * list_len);
/* copy mbs strings to wchar16_t strings */
for (i = 0; strlist[i] && i < list_len; i++) {
RtlAllocateSidFromCString(&sid_list[i], strlist[i]);
if (sid_list[i] == NULL) {
i--;
while (i >= 0) {
RTL_FREE(&sid_list[i--]);
}
free(sid_list);
return NULL;
}
}
return sid_list;
}
ULONG
VmDirAllocateSidFromCString(
PCSTR pszSidString,
PSID* ppSid
)
{
return LwNtStatusToWin32Error(
RtlAllocateSidFromCString(ppSid,
(PCSTR)pszSidString));
}
static
DWORD
MapNameToSid(
HANDLE hLsa,
PCWSTR pwszName,
PSID* ppSid
)
{
DWORD dwError = 0;
PSTR pszName = NULL;
LSA_QUERY_LIST QueryList;
PLSA_SECURITY_OBJECT* ppObjects = NULL;
dwError = LwWc16sToMbs(pwszName, &pszName);
BAIL_ON_SRVSVC_ERROR(dwError);
QueryList.ppszStrings = (PCSTR*) &pszName;
dwError = LsaFindObjects(
hLsa,
NULL,
0,
LSA_OBJECT_TYPE_UNDEFINED,
LSA_QUERY_TYPE_BY_NAME,
1,
QueryList,
&ppObjects);
BAIL_ON_SRVSVC_ERROR(dwError);
if (ppObjects[0] == NULL)
{
dwError = LW_ERROR_NO_SUCH_OBJECT;
BAIL_ON_SRVSVC_ERROR(dwError);
}
dwError = LwNtStatusToWin32Error(
RtlAllocateSidFromCString(ppSid, ppObjects[0]->pszObjectSid));
BAIL_ON_SRVSVC_ERROR(dwError);
cleanup:
LsaFreeSecurityObjectList(1, ppObjects);
LW_SAFE_FREE_STRING(pszName);
return dwError;
error:
*ppSid = NULL;
goto cleanup;
}
static
NTSTATUS
LwIoFuseCreateAccessTokenForOther(
PACCESS_TOKEN* ppOtherToken
)
{
NTSTATUS status = STATUS_SUCCESS;
PACCESS_TOKEN pOtherToken = NULL;
TOKEN_USER user = {{0}};
TOKEN_OWNER owner = {0};
TOKEN_GROUPS groups = {0};
TOKEN_PRIVILEGES privileges = {0};
TOKEN_PRIMARY_GROUP primaryGroup = {0};
TOKEN_DEFAULT_DACL dacl = {0};
status = RtlAllocateSidFromCString(
&user.User.Sid,
"S-1-1-0");
BAIL_ON_NT_STATUS(status);
status = RtlCreateAccessToken(
&pOtherToken,
&user,
&groups,
&privileges,
&owner,
&primaryGroup,
&dacl,
NULL);
BAIL_ON_NT_STATUS(status);
*ppOtherToken = pOtherToken;
cleanup:
RTL_FREE(&user.User.Sid);
return status;
error:
*ppOtherToken = NULL;
if (pOtherToken)
{
RtlReleaseAccessToken(&pOtherToken);
}
goto cleanup;
}
static
DWORD
VmAfdAllocateSidFromCString(
PSID *ppSid,
PSTR pszSid)
{
DWORD dwError = 0;
NTSTATUS ntStatus = 0;
ntStatus = RtlAllocateSidFromCString(
ppSid,
pszSid);
dwError = LwNtStatusToWin32Error(ntStatus);
return dwError;
}
static
DWORD
ValidateParameters(
PCSTR pszSid
)
{
DWORD dwError = 0;
NTSTATUS ntStatus = STATUS_SUCCESS;
PSID pSid = NULL;
BAIL_ON_INVALID_STRING(pszSid);
ntStatus = RtlAllocateSidFromCString(&pSid,
pszSid);
if (ntStatus != STATUS_SUCCESS)
{
dwError = LW_ERROR_INVALID_PARAMETER;
BAIL_ON_LSA_ERROR(dwError);
}
if (RtlValidSid(pSid) &&
pSid->SubAuthorityCount != 4)
{
dwError = LW_ERROR_INVALID_PARAMETER;
BAIL_ON_LSA_ERROR(dwError);
}
cleanup:
if (pSid)
{
RTL_FREE(&pSid);
}
return dwError;
error:
goto cleanup;
}
DWORD
LocalMarshalAttrToSid(
PDIRECTORY_ENTRY pEntry,
PWSTR pwszAttrName,
PSID *ppSid
)
{
DWORD dwError = 0;
NTSTATUS ntStatus = 0;
PDIRECTORY_ATTRIBUTE pAttr = NULL;
PATTRIBUTE_VALUE pAttrValue = NULL;
PSID pSid = NULL;
DWORD dwSidSize = 0;
PSID pRetSid = NULL;
BAIL_ON_INVALID_POINTER(pEntry);
dwError = LocalFindAttribute(
pEntry,
pwszAttrName,
&pAttr);
BAIL_ON_LSA_ERROR(dwError);
if (pAttr->ulNumValues > 1)
{
dwError = LW_ERROR_DATA_ERROR;
}
else if (pAttr->ulNumValues == 0)
{
dwError = LW_ERROR_NO_ATTRIBUTE_VALUE;
}
else
{
pAttrValue = &pAttr->pValues[0];
if (pAttrValue->Type == DIRECTORY_ATTR_TYPE_UNICODE_STRING)
{
ntStatus = RtlAllocateSidFromWC16String(
&pSid,
pAttrValue->data.pwszStringValue);
BAIL_ON_NT_STATUS(ntStatus);
}
else if (pAttrValue->Type == DIRECTORY_ATTR_TYPE_ANSI_STRING)
{
ntStatus = RtlAllocateSidFromCString(
&pSid,
pAttrValue->data.pszStringValue);
BAIL_ON_NT_STATUS(ntStatus);
}
else
{
dwError = LW_ERROR_INVALID_ATTRIBUTE_VALUE;
}
}
BAIL_ON_LSA_ERROR(dwError);
dwSidSize = RtlLengthSid(pSid);
dwError = LwAllocateMemory(
dwSidSize,
OUT_PPVOID(&pRetSid));
BAIL_ON_LSA_ERROR(dwError);
ntStatus = RtlCopySid(
dwSidSize,
pRetSid,
pSid);
BAIL_ON_NT_STATUS(ntStatus);
*ppSid = pRetSid;
cleanup:
RTL_FREE(&pSid);
if (dwError == ERROR_SUCCESS &&
ntStatus != STATUS_SUCCESS)
{
dwError = LwNtStatusToWin32Error(ntStatus);
}
return dwError;
error:
LW_SAFE_FREE_MEMORY(pRetSid);
*ppSid = NULL;
goto cleanup;
}
enum param_err fetch_value(
PPARAMETER pParams,
int count,
const char *key,
enum param_type type,
void *val,
const void *def
)
{
const char *value;
NTSTATUS status;
char **valstr, **defstr;
char *valchar, *defchar;
wchar16_t **valw16str;
wchar16_t ***valw16str_list;
int *valint, *defint;
unsigned int *valuint, *defuint;
PSID* valsid = NULL;
PSID** valsid_list = NULL;
char **strlist = NULL;
enum param_err ret = perr_success;
int i = 0;
if (pParams && !key) return perr_nullptr_passed;
if (!val) return perr_invalid_out_param;
value = find_value(pParams, count, key);
if (!value && !def) return perr_not_found;
switch (type) {
case pt_string:
valstr = (char**)val;
defstr = (char**)def;
*valstr = (value) ? strdup(value) : strdup(*defstr);
break;
case pt_w16string:
valw16str = (wchar16_t**)val;
defstr = (char**)def;
*valw16str = (value) ? ambstowc16s(value) : ambstowc16s(*defstr);
break;
case pt_w16string_list:
valw16str_list = (wchar16_t***)val;
defstr = (char**)def;
strlist = (value) ? get_value_list(value) : get_value_list(*defstr);
*valw16str_list = create_wc16str_list(strlist);
if (*valw16str_list == NULL) ret = perr_invalid_out_param;
break;
case pt_char:
valchar = (char*)val;
defchar = (char*)def;
*valchar = (value) ? value[0] : *defchar;
break;
case pt_int32:
valint = (int*)val;
defint = (int*)def;
*valint = (value) ? atoi(value) : *defint;
break;
case pt_uint32:
valuint = (unsigned int*)val;
defuint = (unsigned int*)def;
*valuint = (unsigned int)((value) ? atol(value) : *defuint);
break;
case pt_sid:
valsid = (PSID*)val;
defstr = (char**)def;
status = RtlAllocateSidFromCString(valsid,
((value) ? (const char*)value : *defstr));
if (status != STATUS_SUCCESS) ret = perr_invalid_out_param;
break;
case pt_sid_list:
valsid_list = (PSID**)val;
defstr = (char**)def;
strlist = get_value_list((value) ? (const char*)value : *defstr);
*valsid_list = create_sid_list(strlist);
if (*valsid_list == NULL) ret = perr_invalid_out_param;
break;
default:
ret = perr_unknown_type;
break;
}
if (strlist) {
i = 0;
while (strlist[i]) {
free(strlist[i++]);
}
free(strlist);
}
return ret;
}
