DWORD LsaSrvProviderServicesDomain( IN PCSTR pszProvider, IN PCSTR pszDomainName, OUT PBOOLEAN pbServicesDomain ) { DWORD dwError = 0; BOOLEAN bInLock = FALSE; PLSA_AUTH_PROVIDER pProvider = NULL; BOOLEAN bServicesDomain = FALSE; ENTER_AUTH_PROVIDER_LIST_READER_LOCK(bInLock); dwError = LsaSrvFindProviderByName(pszProvider, &pProvider); BAIL_ON_LSA_ERROR(dwError); dwError = pProvider->pFnTable->pfnServicesDomain( pszDomainName, &bServicesDomain); BAIL_ON_LSA_ERROR(dwError); cleanup: LEAVE_AUTH_PROVIDER_LIST_READER_LOCK(bInLock); *pbServicesDomain = bServicesDomain; return dwError; error: bServicesDomain = FALSE; goto cleanup; }
DWORD LsaSrvProviderGetMachinePasswordInfoW( IN PCSTR pszProvider, IN OPTIONAL PCSTR DnsDomainName, OUT PLSA_MACHINE_PASSWORD_INFO_W* ppPasswordInfo ) { DWORD dwError = 0; BOOLEAN bInLock = FALSE; PLSA_AUTH_PROVIDER pProvider = NULL; PLSA_MACHINE_PASSWORD_INFO_W pPasswordInfo = NULL; ENTER_AUTH_PROVIDER_LIST_READER_LOCK(bInLock); dwError = LsaSrvFindProviderByName(pszProvider, &pProvider); BAIL_ON_LSA_ERROR(dwError); if (!pProvider->pFnTable->pfnGetMachinePasswordInfoW) { dwError = LW_ERROR_NOT_HANDLED; BAIL_ON_LSA_ERROR(dwError); } dwError = pProvider->pFnTable->pfnGetMachinePasswordInfoW( DnsDomainName, &pPasswordInfo); BAIL_ON_LSA_ERROR(dwError); error: if (dwError) { if (pPasswordInfo) { LsaSrvFreeMachinePasswordInfoW(pPasswordInfo); pPasswordInfo = NULL; } } LEAVE_AUTH_PROVIDER_LIST_READER_LOCK(bInLock); *ppPasswordInfo = pPasswordInfo; return dwError; }
DWORD LsaSrvProviderIoControl( IN HANDLE hServer, IN PCSTR pszProvider, IN DWORD dwIoControlCode, IN DWORD dwInputBufferSize, IN PVOID pInputBuffer, OUT DWORD* pdwOutputBufferSize, OUT PVOID* ppOutputBuffer ) { DWORD dwError = 0; PLSA_AUTH_PROVIDER pProvider = NULL; BOOLEAN bInLock = FALSE; PLSA_SRV_API_STATE pServerState = (PLSA_SRV_API_STATE)hServer; HANDLE hProvider = (HANDLE)NULL; PSTR pszTargetProviderName = NULL; PSTR pszTargetInstance = NULL; dwError = LsaSrvGetTargetElements( pszProvider, &pszTargetProviderName, &pszTargetInstance); BAIL_ON_LSA_ERROR(dwError); ENTER_AUTH_PROVIDER_LIST_READER_LOCK(bInLock); for (pProvider = gpAuthProviderList; pProvider; pProvider = pProvider->pNext) { if ( !strcmp(pProvider->pszId, pszTargetProviderName) ) { dwError = LsaSrvOpenProvider( hServer, pProvider, pszTargetInstance, &hProvider); BAIL_ON_LSA_ERROR(dwError); dwError = pProvider->pFnTable->pfnProviderIoControl( hProvider, pServerState->peerUID, pServerState->peerGID, dwIoControlCode, dwInputBufferSize, pInputBuffer, pdwOutputBufferSize, ppOutputBuffer); BAIL_ON_LSA_ERROR(dwError); break; } } if (pProvider == NULL) { dwError = LW_ERROR_NOT_HANDLED; } BAIL_ON_LSA_ERROR(dwError); cleanup: LW_SAFE_FREE_STRING(pszTargetProviderName); LW_SAFE_FREE_STRING(pszTargetInstance); if (hProvider != (HANDLE)NULL) { LsaSrvCloseProvider(pProvider, hProvider); } LEAVE_AUTH_PROVIDER_LIST_READER_LOCK(bInLock); return(dwError); error: LSA_LOG_ERROR_API_FAILED(hServer, dwError, "run provider specific request (request code = %u, provider = '%s')", dwIoControlCode, LSA_SAFE_LOG_STRING(pszTargetProviderName)); *pdwOutputBufferSize = 0; *ppOutputBuffer = NULL; goto cleanup; }
DWORD LsaSrvFindNSSArtefactByKey( HANDLE hServer, PCSTR pszKeyName, PCSTR pszMapName, LSA_NIS_MAP_QUERY_FLAGS dwFlags, DWORD dwMapInfoLevel, PVOID* ppNSSArtefactInfo ) { DWORD dwError = 0; DWORD dwTraceFlags[] = {LSA_TRACE_FLAG_USER_GROUP_QUERIES}; PLSA_AUTH_PROVIDER pProvider = NULL; BOOLEAN bInLock = FALSE; HANDLE hProvider = (HANDLE)NULL; LSA_TRACE_BEGIN_FUNCTION(dwTraceFlags, sizeof(dwTraceFlags)/sizeof(dwTraceFlags[0])); if (LW_IS_NULL_OR_EMPTY_STR(pszKeyName)) { dwError = LW_ERROR_INVALID_NSS_KEY_NAME; BAIL_ON_LSA_ERROR(dwError); } if (LW_IS_NULL_OR_EMPTY_STR(pszMapName)) { dwError = LW_ERROR_INVALID_NSS_MAP_NAME; BAIL_ON_LSA_ERROR(dwError); } if (!dwFlags) { dwError = LW_ERROR_INVALID_PARAMETER; BAIL_ON_LSA_ERROR(dwError); } ENTER_AUTH_PROVIDER_LIST_READER_LOCK(bInLock); dwError = LW_ERROR_NOT_HANDLED; for (pProvider = gpAuthProviderList; pProvider; pProvider = pProvider->pNext) { dwError = LsaSrvOpenProvider( hServer, pProvider, NULL, &hProvider); BAIL_ON_LSA_ERROR(dwError); dwError = pProvider->pFnTable->pfnLookupNSSArtefactByKey( hProvider, pszKeyName, pszMapName, dwMapInfoLevel, dwFlags, ppNSSArtefactInfo); if (!dwError) { break; } else if ((dwError == LW_ERROR_NOT_HANDLED) || (dwError == LW_ERROR_NO_SUCH_NSS_KEY) || (dwError == LW_ERROR_NO_SUCH_NSS_MAP)) { LsaSrvCloseProvider(pProvider, hProvider); hProvider = (HANDLE)NULL; continue; } else { BAIL_ON_LSA_ERROR(dwError); } } cleanup: if (hProvider != (HANDLE)NULL) { LsaSrvCloseProvider(pProvider, hProvider); } LEAVE_AUTH_PROVIDER_LIST_READER_LOCK(bInLock); LSA_TRACE_END_FUNCTION(dwTraceFlags, sizeof(dwTraceFlags)/sizeof(dwTraceFlags[0])); return(dwError); error: LSA_LOG_ERROR_API_FAILED( hServer, dwError, "find NIS Artefact by key (map = '%s', key = '%s')", LSA_SAFE_LOG_STRING(pszMapName), LSA_SAFE_LOG_STRING(pszKeyName)); *ppNSSArtefactInfo = NULL; goto cleanup; }
DWORD LsaSrvGetStatus( HANDLE hServer, PCSTR pszTargetProvider, PLSASTATUS* ppLsaStatus ) { DWORD dwError = 0; BOOLEAN bInLock = FALSE; PLSA_AUTH_PROVIDER pProvider = NULL; DWORD dwProviderCount = 0; DWORD iCount = 0; DWORD dwStatusIndex = 0; HANDLE hProvider = (HANDLE)NULL; PLSASTATUS pLsaStatus = NULL; PLSA_AUTH_PROVIDER_STATUS pProviderOwnedStatus = NULL; BOOLEAN bFoundProvider = FALSE; PSTR pszTargetProviderName = NULL; PSTR pszTargetInstance = NULL; BAIL_ON_INVALID_POINTER(ppLsaStatus); dwError = LwAllocateMemory( sizeof(LSASTATUS), (PVOID*)&pLsaStatus); BAIL_ON_LSA_ERROR(dwError); pLsaStatus->dwUptime = (DWORD)difftime(time(NULL), gServerStartTime); dwError = LsaSrvGetLsassVersion( &pLsaStatus->lsassVersion); BAIL_ON_LSA_ERROR(dwError); dwError = LsaReadVersionFile( &pLsaStatus->productVersion); BAIL_ON_LSA_ERROR(dwError); if (pszTargetProvider) { dwError = LsaSrvGetTargetElements( pszTargetProvider, &pszTargetProviderName, &pszTargetInstance); BAIL_ON_LSA_ERROR(dwError); } ENTER_AUTH_PROVIDER_LIST_READER_LOCK(bInLock); if (pszTargetProviderName) { dwProviderCount = 1; } else { dwProviderCount = LsaGetNumberOfProviders_inlock(); } if (!dwProviderCount) { goto done; } dwError = LwAllocateMemory( dwProviderCount * sizeof(LSA_AUTH_PROVIDER_STATUS), (PVOID*)&pLsaStatus->pAuthProviderStatusList); BAIL_ON_LSA_ERROR(dwError); pLsaStatus->dwCount = dwProviderCount; dwError = LW_ERROR_NOT_HANDLED; for (pProvider = gpAuthProviderList, iCount = 0, dwStatusIndex = 0; pProvider; pProvider = pProvider->pNext, iCount++) { PLSA_AUTH_PROVIDER_STATUS pAuthProviderStatus = NULL; if (pszTargetProviderName) { if (!strcmp(pszTargetProviderName, pProvider->pszName)) { bFoundProvider = TRUE; } else { continue; } } dwError = LsaSrvOpenProvider( hServer, pProvider, pszTargetInstance, &hProvider); BAIL_ON_LSA_ERROR(dwError); pAuthProviderStatus = &pLsaStatus->pAuthProviderStatusList[dwStatusIndex++]; dwError = LwAllocateString( pProvider->pszName, &pAuthProviderStatus->pszId); BAIL_ON_LSA_ERROR(dwError); dwError = pProvider->pFnTable->pfnGetStatus( hProvider, &pProviderOwnedStatus); if (dwError == LW_ERROR_NOT_HANDLED) { dwError = 0; } else { BAIL_ON_LSA_ERROR(dwError); dwError = LsaSrvCopyProviderStatus( pProviderOwnedStatus, pAuthProviderStatus); BAIL_ON_LSA_ERROR(dwError); pProvider->pFnTable->pfnFreeStatus( pProviderOwnedStatus); pProviderOwnedStatus = NULL; } LsaSrvCloseProvider(pProvider, hProvider); hProvider = (HANDLE)NULL; } if (pszTargetProviderName && !bFoundProvider) { dwError = LW_ERROR_INVALID_AUTH_PROVIDER; BAIL_ON_LSA_ERROR(dwError); } done: *ppLsaStatus = pLsaStatus; cleanup: LW_SAFE_FREE_STRING(pszTargetProviderName); LW_SAFE_FREE_STRING(pszTargetInstance); if (pProvider != NULL && pProviderOwnedStatus) { pProvider->pFnTable->pfnFreeStatus( pProviderOwnedStatus); } if (hProvider != NULL) { LsaSrvCloseProvider(pProvider, hProvider); } LEAVE_AUTH_PROVIDER_LIST_READER_LOCK(bInLock); return dwError; error: LSA_LOG_ERROR_API_FAILED(hServer, dwError, "get lsass status"); if (ppLsaStatus) { *ppLsaStatus = NULL; } if (pLsaStatus) { LsaFreeStatus(pLsaStatus); } goto cleanup; }
DWORD LsaSrvRefreshConfiguration( HANDLE hServer ) { DWORD dwError = 0; BOOLEAN bInLock = FALSE; PLSA_AUTH_PROVIDER pProvider = NULL; HANDLE hProvider = (HANDLE)NULL; PLSA_SRV_API_STATE pServerState = (PLSA_SRV_API_STATE)hServer; BOOLEAN bUnlockConfigLock = FALSE; LSA_SRV_API_CONFIG apiConfig; if (pServerState->peerUID) { dwError = LW_ERROR_ACCESS_DENIED; BAIL_ON_LSA_ERROR(dwError); } dwError = LsaSrvApiInitConfig(&apiConfig); BAIL_ON_LSA_ERROR(dwError); dwError = LsaSrvApiReadRegistry(&apiConfig); BAIL_ON_LSA_ERROR(dwError); pthread_mutex_lock(&gAPIConfigLock); bUnlockConfigLock = TRUE; dwError = LsaSrvApiTransferConfigContents( &apiConfig, &gAPIConfig); BAIL_ON_LSA_ERROR(dwError); pthread_mutex_unlock(&gAPIConfigLock); bUnlockConfigLock = FALSE; ENTER_AUTH_PROVIDER_LIST_READER_LOCK(bInLock); dwError = LW_ERROR_NOT_HANDLED; for (pProvider = gpAuthProviderList; pProvider; pProvider = pProvider->pNext) { dwError = LsaSrvOpenProvider( hServer, pProvider, NULL, &hProvider); BAIL_ON_LSA_ERROR(dwError); dwError = pProvider->pFnTable->pfnRefreshConfiguration( hProvider); if (dwError) { LSA_LOG_ERROR("Refreshing provider %s failed.", pProvider->pszName ? pProvider->pszName : ""); dwError = 0; } LsaSrvCloseProvider(pProvider, hProvider); hProvider = (HANDLE)NULL; } cleanup: if (hProvider != (HANDLE)NULL) { LsaSrvCloseProvider(pProvider, hProvider); } LEAVE_AUTH_PROVIDER_LIST_READER_LOCK(bInLock); LsaSrvApiFreeConfigContents(&apiConfig); if (bUnlockConfigLock) { pthread_mutex_unlock(&gAPIConfigLock); } return(dwError); error: LSA_LOG_ERROR_API_FAILED(hServer, dwError, "refresh configuration"); goto cleanup; }