DWORD
LocalCfgIsEventlogEnabled(
PBOOLEAN pbValue
)
{
DWORD dwError = 0;
BOOLEAN bResult = FALSE;
BOOLEAN bInLock = FALSE;
LOCAL_RDLOCK_RWLOCK(bInLock, &gLPGlobals.rwlock);
bResult = gLPGlobals.cfg.bEnableEventLog;
LOCAL_UNLOCK_RWLOCK(bInLock, &gLPGlobals.rwlock);
*pbValue = bResult;
return dwError;
}
DWORD
LocalCfgGetMinPwdLength(
PDWORD pdwMinPwdLength
)
{
DWORD dwError = 0;
DWORD dwMinPwdLength = 0;
BOOLEAN bInLock = FALSE;
LOCAL_RDLOCK_RWLOCK(bInLock, &gLPGlobals.rwlock);
dwMinPwdLength = gLPGlobals.dwMinPwdLength;
LOCAL_UNLOCK_RWLOCK(bInLock, &gLPGlobals.rwlock);
*pdwMinPwdLength = dwMinPwdLength;
return dwError;
}
DWORD
LocalCfgGetPasswordChangeWarningTime(
PLONG64 pllPasswdChangeWarningTime
)
{
DWORD dwError = 0;
LONG64 llPasswdChangeWarningTime = 0;
BOOLEAN bInLock = FALSE;
LOCAL_RDLOCK_RWLOCK(bInLock, &gLPGlobals.rwlock);
llPasswdChangeWarningTime = gLPGlobals.llPwdChangeTime;
LOCAL_UNLOCK_RWLOCK(bInLock, &gLPGlobals.rwlock);
*pllPasswdChangeWarningTime = llPasswdChangeWarningTime;
return dwError;
}
DWORD
LocalCfgGetMaxPasswordAge(
PLONG64 pllMaxPwdAge
)
{
DWORD dwError = 0;
LONG64 llMaxPwdAge = 0;
BOOLEAN bInLock = FALSE;
LOCAL_RDLOCK_RWLOCK(bInLock, &gLPGlobals.rwlock);
llMaxPwdAge = gLPGlobals.llMaxPwdAge;
LOCAL_UNLOCK_RWLOCK(bInLock, &gLPGlobals.rwlock);
*pllMaxPwdAge = llMaxPwdAge;
return dwError;
}
static
DWORD
LocalDirFindObjectsInternal(
IN HANDLE hProvider,
IN LSA_FIND_FLAGS FindFlags,
IN OPTIONAL LSA_OBJECT_TYPE ObjectType,
IN LSA_QUERY_TYPE QueryType,
IN DWORD dwCount,
IN LSA_QUERY_LIST QueryList,
IN OUT PLSA_SECURITY_OBJECT* ppObjects
)
{
DWORD dwError = 0;
PLOCAL_PROVIDER_CONTEXT pContext = (PLOCAL_PROVIDER_CONTEXT)hProvider;
static WCHAR wszAttrNameObjectClass[] = LOCAL_DIR_ATTR_OBJECT_CLASS;
static WCHAR wszAttrNameUID[] = LOCAL_DIR_ATTR_UID;
static WCHAR wszAttrNameGID[] = LOCAL_DIR_ATTR_GID;
static WCHAR wszAttrNamePrimaryGroup[] = LOCAL_DIR_ATTR_PRIMARY_GROUP;
static WCHAR wszAttrNameSamAccountName[] = LOCAL_DIR_ATTR_SAM_ACCOUNT_NAME;
static WCHAR wszAttrNamePassword[] = LOCAL_DIR_ATTR_PASSWORD;
static WCHAR wszAttrNameGecos[] = LOCAL_DIR_ATTR_GECOS;
static WCHAR wszAttrNameShell[] = LOCAL_DIR_ATTR_SHELL;
static WCHAR wszAttrNameHomedir[] = LOCAL_DIR_ATTR_HOME_DIR;
static WCHAR wszAttrNameUPN[] = LOCAL_DIR_ATTR_USER_PRINCIPAL_NAME;
static WCHAR wszAttrNameObjectSID[] = LOCAL_DIR_ATTR_OBJECT_SID;
static WCHAR wszAttrNameDN[] = LOCAL_DIR_ATTR_DISTINGUISHED_NAME;
static WCHAR wszAttrNameNetBIOSDomain[] = LOCAL_DIR_ATTR_NETBIOS_NAME;
static WCHAR wszAttrNameUserInfoFlags[] = LOCAL_DIR_ATTR_ACCOUNT_FLAGS;
static WCHAR wszAttrNameAccountExpiry[] = LOCAL_DIR_ATTR_ACCOUNT_EXPIRY;
static WCHAR wszAttrNamePasswdLastSet[] = LOCAL_DIR_ATTR_PASSWORD_LAST_SET;
static WCHAR wszAttrNameNTHash[] = LOCAL_DIR_ATTR_NT_HASH;
static WCHAR wszAttrNameLMHash[] = LOCAL_DIR_ATTR_LM_HASH;
static PWSTR wszAttrs[] =
{
wszAttrNameObjectClass,
wszAttrNameUID,
wszAttrNameGID,
wszAttrNamePrimaryGroup,
wszAttrNameSamAccountName,
wszAttrNamePassword,
wszAttrNameGecos,
wszAttrNameShell,
wszAttrNameHomedir,
wszAttrNameUPN,
wszAttrNameObjectSID,
wszAttrNameDN,
wszAttrNameNetBIOSDomain,
wszAttrNameUserInfoFlags,
wszAttrNameAccountExpiry,
wszAttrNamePasswdLastSet,
wszAttrNameNTHash,
wszAttrNameLMHash,
NULL
};
PDIRECTORY_ENTRY pEntries = NULL;
PDIRECTORY_ENTRY pEntry = NULL;
DWORD dwNumEntries = 0;
PCSTR pszFilterTemplateQualified =
LOCAL_DB_DIR_ATTR_NETBIOS_NAME " = %Q" \
" AND " LOCAL_DB_DIR_ATTR_SAM_ACCOUNT_NAME " = %Q%s";
PCSTR pszFilterTemplateString = "%s = %Q%s";
PCSTR pszFilterTemplateDword = "%s = %u%s";
PCSTR pszFilterTemplateType = " AND " LOCAL_DB_DIR_ATTR_OBJECT_CLASS " = %u";
PCSTR pszFilterTemplateUserOrGroup = " AND (" \
LOCAL_DB_DIR_ATTR_OBJECT_CLASS " = %u OR " \
LOCAL_DB_DIR_ATTR_OBJECT_CLASS " = %u)";
PCSTR pszFilterBy = NULL;
PSTR pszFilterType = NULL;
PWSTR pwszFilter = NULL;
DWORD dwObjectClass = LOCAL_OBJECT_CLASS_UNKNOWN;
DWORD dwIndex = 0;
PLSA_LOGIN_NAME_INFO pLoginInfo = NULL;
BOOLEAN bLocked = FALSE;
BOOLEAN bFoundInvalidObject = FALSE;
/* FIXME: support generic queries */
switch (ObjectType)
{
case LSA_OBJECT_TYPE_UNDEFINED:
dwObjectClass = LOCAL_OBJECT_CLASS_UNKNOWN;
break;
case LSA_OBJECT_TYPE_USER:
dwObjectClass = LOCAL_OBJECT_CLASS_USER;
break;
case LSA_OBJECT_TYPE_GROUP:
dwObjectClass = LOCAL_OBJECT_CLASS_GROUP;
break;
default:
dwError = LW_ERROR_INVALID_PARAMETER;
BAIL_ON_LSA_ERROR(dwError);
}
switch (QueryType)
{
case LSA_QUERY_TYPE_BY_DN:
pszFilterBy = LOCAL_DB_DIR_ATTR_DISTINGUISHED_NAME;
break;
case LSA_QUERY_TYPE_BY_SID:
pszFilterBy = LOCAL_DB_DIR_ATTR_OBJECT_SID;
break;
case LSA_QUERY_TYPE_BY_NT4:
case LSA_QUERY_TYPE_BY_ALIAS:
break;
case LSA_QUERY_TYPE_BY_UPN:
pszFilterBy = LOCAL_DB_DIR_ATTR_USER_PRINCIPAL_NAME;
break;
case LSA_QUERY_TYPE_BY_UNIX_ID:
if (dwObjectClass == LOCAL_OBJECT_CLASS_USER)
{
pszFilterBy = LOCAL_DB_DIR_ATTR_UID;
}
else
{
pszFilterBy = LOCAL_DB_DIR_ATTR_GID;
}
break;
default:
dwError = LW_ERROR_INVALID_PARAMETER;
BAIL_ON_LSA_ERROR(dwError);
}
if (dwObjectClass == LOCAL_OBJECT_CLASS_UNKNOWN)
{
dwError = LwAllocateStringPrintf(
&pszFilterType,
pszFilterTemplateUserOrGroup,
LOCAL_OBJECT_CLASS_USER,
LOCAL_OBJECT_CLASS_GROUP);
BAIL_ON_LSA_ERROR(dwError);
}
else
{
dwError = LwAllocateStringPrintf(
&pszFilterType,
pszFilterTemplateType,
dwObjectClass);
BAIL_ON_LSA_ERROR(dwError);
}
for (dwIndex = 0; dwIndex < dwCount; dwIndex++)
{
bFoundInvalidObject = FALSE;
switch (QueryType)
{
case LSA_QUERY_TYPE_BY_ALIAS:
case LSA_QUERY_TYPE_BY_NT4:
dwError = LsaSrvCrackDomainQualifiedName(
QueryList.ppszStrings[dwIndex],
&pLoginInfo);
BAIL_ON_LSA_ERROR(dwError);
if (!pLoginInfo->pszDomain)
{
LOCAL_RDLOCK_RWLOCK(bLocked, &gLPGlobals.rwlock);
dwError = LwAllocateString(
gLPGlobals.pszNetBIOSName,
&pLoginInfo->pszDomain);
BAIL_ON_LSA_ERROR(dwError);
LOCAL_UNLOCK_RWLOCK(bLocked, &gLPGlobals.rwlock);
}
dwError = DirectoryAllocateWC16StringFilterPrintf(
&pwszFilter,
pszFilterTemplateQualified,
pLoginInfo->pszDomain,
pLoginInfo->pszName,
pszFilterType ? pszFilterType : "");
BAIL_ON_LSA_ERROR(dwError);
break;
case LSA_QUERY_TYPE_BY_DN:
case LSA_QUERY_TYPE_BY_SID:
case LSA_QUERY_TYPE_BY_UPN:
dwError = DirectoryAllocateWC16StringFilterPrintf(
&pwszFilter,
pszFilterTemplateString,
pszFilterBy,
QueryList.ppszStrings[dwIndex],
pszFilterType ? pszFilterType : "");
BAIL_ON_LSA_ERROR(dwError);
break;
case LSA_QUERY_TYPE_BY_UNIX_ID:
dwError = DirectoryAllocateWC16StringFilterPrintf(
&pwszFilter,
pszFilterTemplateDword,
pszFilterBy,
QueryList.pdwIds[dwIndex],
pszFilterType ? pszFilterType : "");
BAIL_ON_LSA_ERROR(dwError);
break;
default:
dwError = LW_ERROR_INVALID_PARAMETER;
BAIL_ON_LSA_ERROR(dwError);
}
dwError = DirectorySearch(
pContext->hDirectory,
NULL,
0,
pwszFilter,
wszAttrs,
FALSE,
&pEntries,
&dwNumEntries);
BAIL_ON_LSA_ERROR(dwError);
if (dwNumEntries > 1)
{
dwError = LW_ERROR_DATA_ERROR;
BAIL_ON_LSA_ERROR(dwError);
}
else if (dwNumEntries == 1)
{
pEntry = &pEntries[0];
dwError = LocalMarshalEntryToSecurityObject(
pEntry,
&ppObjects[dwIndex]);
if (dwError)
{
if (dwError == LW_ERROR_NO_SUCH_OBJECT)
{
bFoundInvalidObject = TRUE;
dwError = 0;
}
else
{
BAIL_ON_LSA_ERROR(dwError);
}
}
else
{
dwError = LocalDirResolveUserObjectPrimaryGroupSid(
hProvider,
ppObjects[dwIndex]);
BAIL_ON_LSA_ERROR(dwError);
}
}
if ((dwNumEntries == 0 || bFoundInvalidObject) && QueryType == LSA_QUERY_TYPE_BY_UPN)
{
/* UPN lookup might fail because the UPN is generated, so try
again as an NT4 lookup */
LSA_QUERY_LIST Single;
Single.ppszStrings = &QueryList.ppszStrings[dwIndex];
dwError = LocalDirFindObjectsInternal(
hProvider,
FindFlags,
ObjectType,
LSA_QUERY_TYPE_BY_NT4,
1,
Single,
&ppObjects[dwIndex]);
BAIL_ON_LSA_ERROR(dwError);
}
LW_SAFE_FREE_MEMORY(pwszFilter);
if (pEntries)
{
DirectoryFreeEntries(pEntries, dwNumEntries);
pEntries = NULL;
}
if (pLoginInfo)
{
LsaSrvFreeNameInfo(pLoginInfo);
pLoginInfo = NULL;
}
}
cleanup:
LOCAL_UNLOCK_RWLOCK(bLocked, &gLPGlobals.rwlock);
LW_SAFE_FREE_STRING(pszFilterType);
LW_SAFE_FREE_MEMORY(pwszFilter);
if (pEntries)
{
DirectoryFreeEntries(pEntries, dwNumEntries);
}
if (pLoginInfo)
{
LsaSrvFreeNameInfo(pLoginInfo);
}
return dwError;
error:
goto cleanup;
}