DWORD
LsaSrvGetMetrics(
HANDLE hServer,
DWORD dwInfoLevel,
PVOID* ppMetricPack
)
{
DWORD dwError = 0;
PVOID pMetricPack = NULL;
BAIL_ON_INVALID_POINTER(ppMetricPack);
switch(dwInfoLevel)
{
case 0:
dwError = LsaSrvGetMetrics_0(
&pMetricPack);
break;
case 1:
dwError = LsaSrvGetMetrics_1(
&pMetricPack);
break;
default:
dwError = LW_ERROR_INVALID_METRIC_INFO_LEVEL;
break;
}
BAIL_ON_LSA_ERROR(dwError);
*ppMetricPack = pMetricPack;
cleanup:
return dwError;
error:
LSA_LOG_ERROR_API_FAILED(hServer, dwError, "get metrics (level=%u)", dwInfoLevel);
*ppMetricPack = NULL;
LW_SAFE_FREE_MEMORY(pMetricPack);
goto cleanup;
}
DWORD
LsaSrvBeginEnumNSSArtefacts(
HANDLE hServer,
PCSTR pszMapName,
LSA_NIS_MAP_QUERY_FLAGS dwFlags,
DWORD dwNSSArtefactInfoLevel,
DWORD dwMaxNumNSSArtefacts,
PHANDLE phState
)
{
DWORD dwError = 0;
DWORD dwTraceFlags[] = {LSA_TRACE_FLAG_USER_GROUP_QUERIES};
PLSA_SRV_ENUM_STATE pEnumState = NULL;
LSA_TRACE_BEGIN_FUNCTION(dwTraceFlags, sizeof(dwTraceFlags)/sizeof(dwTraceFlags[0]));
dwError = LsaSrvCreateNSSArtefactEnumState(
hServer,
pszMapName,
dwFlags,
dwNSSArtefactInfoLevel,
dwMaxNumNSSArtefacts,
&pEnumState);
BAIL_ON_LSA_ERROR(dwError);
*phState = pEnumState;
cleanup:
LSA_TRACE_END_FUNCTION(dwTraceFlags, sizeof(dwTraceFlags)/sizeof(dwTraceFlags[0]));
return dwError;
error:
LSA_LOG_ERROR_API_FAILED(
hServer,
dwError,
"start enumerating NIS Artefacts (map = '%s')",
LSA_SAFE_LOG_STRING(pszMapName));
goto cleanup;
}
DWORD
LsaSrvProviderIoControl(
IN HANDLE hServer,
IN PCSTR pszProvider,
IN DWORD dwIoControlCode,
IN DWORD dwInputBufferSize,
IN PVOID pInputBuffer,
OUT DWORD* pdwOutputBufferSize,
OUT PVOID* ppOutputBuffer
)
{
DWORD dwError = 0;
PLSA_AUTH_PROVIDER pProvider = NULL;
BOOLEAN bInLock = FALSE;
PLSA_SRV_API_STATE pServerState = (PLSA_SRV_API_STATE)hServer;
HANDLE hProvider = (HANDLE)NULL;
PSTR pszTargetProviderName = NULL;
PSTR pszTargetInstance = NULL;
dwError = LsaSrvGetTargetElements(
pszProvider,
&pszTargetProviderName,
&pszTargetInstance);
BAIL_ON_LSA_ERROR(dwError);
ENTER_AUTH_PROVIDER_LIST_READER_LOCK(bInLock);
for (pProvider = gpAuthProviderList;
pProvider;
pProvider = pProvider->pNext)
{
if ( !strcmp(pProvider->pszId, pszTargetProviderName) )
{
dwError = LsaSrvOpenProvider(
hServer,
pProvider,
pszTargetInstance,
&hProvider);
BAIL_ON_LSA_ERROR(dwError);
dwError = pProvider->pFnTable->pfnProviderIoControl(
hProvider,
pServerState->peerUID,
pServerState->peerGID,
dwIoControlCode,
dwInputBufferSize,
pInputBuffer,
pdwOutputBufferSize,
ppOutputBuffer);
BAIL_ON_LSA_ERROR(dwError);
break;
}
}
if (pProvider == NULL)
{
dwError = LW_ERROR_NOT_HANDLED;
}
BAIL_ON_LSA_ERROR(dwError);
cleanup:
LW_SAFE_FREE_STRING(pszTargetProviderName);
LW_SAFE_FREE_STRING(pszTargetInstance);
if (hProvider != (HANDLE)NULL) {
LsaSrvCloseProvider(pProvider, hProvider);
}
LEAVE_AUTH_PROVIDER_LIST_READER_LOCK(bInLock);
return(dwError);
error:
LSA_LOG_ERROR_API_FAILED(hServer, dwError,
"run provider specific request (request code = %u, provider = '%s')",
dwIoControlCode, LSA_SAFE_LOG_STRING(pszTargetProviderName));
*pdwOutputBufferSize = 0;
*ppOutputBuffer = NULL;
goto cleanup;
}
DWORD
LsaSrvFindNSSArtefactByKey(
HANDLE hServer,
PCSTR pszKeyName,
PCSTR pszMapName,
LSA_NIS_MAP_QUERY_FLAGS dwFlags,
DWORD dwMapInfoLevel,
PVOID* ppNSSArtefactInfo
)
{
DWORD dwError = 0;
DWORD dwTraceFlags[] = {LSA_TRACE_FLAG_USER_GROUP_QUERIES};
PLSA_AUTH_PROVIDER pProvider = NULL;
BOOLEAN bInLock = FALSE;
HANDLE hProvider = (HANDLE)NULL;
LSA_TRACE_BEGIN_FUNCTION(dwTraceFlags, sizeof(dwTraceFlags)/sizeof(dwTraceFlags[0]));
if (LW_IS_NULL_OR_EMPTY_STR(pszKeyName))
{
dwError = LW_ERROR_INVALID_NSS_KEY_NAME;
BAIL_ON_LSA_ERROR(dwError);
}
if (LW_IS_NULL_OR_EMPTY_STR(pszMapName))
{
dwError = LW_ERROR_INVALID_NSS_MAP_NAME;
BAIL_ON_LSA_ERROR(dwError);
}
if (!dwFlags)
{
dwError = LW_ERROR_INVALID_PARAMETER;
BAIL_ON_LSA_ERROR(dwError);
}
ENTER_AUTH_PROVIDER_LIST_READER_LOCK(bInLock);
dwError = LW_ERROR_NOT_HANDLED;
for (pProvider = gpAuthProviderList; pProvider; pProvider = pProvider->pNext)
{
dwError = LsaSrvOpenProvider(
hServer,
pProvider,
NULL,
&hProvider);
BAIL_ON_LSA_ERROR(dwError);
dwError = pProvider->pFnTable->pfnLookupNSSArtefactByKey(
hProvider,
pszKeyName,
pszMapName,
dwMapInfoLevel,
dwFlags,
ppNSSArtefactInfo);
if (!dwError) {
break;
}
else if ((dwError == LW_ERROR_NOT_HANDLED) ||
(dwError == LW_ERROR_NO_SUCH_NSS_KEY) ||
(dwError == LW_ERROR_NO_SUCH_NSS_MAP)) {
LsaSrvCloseProvider(pProvider, hProvider);
hProvider = (HANDLE)NULL;
continue;
} else {
BAIL_ON_LSA_ERROR(dwError);
}
}
cleanup:
if (hProvider != (HANDLE)NULL) {
LsaSrvCloseProvider(pProvider, hProvider);
}
LEAVE_AUTH_PROVIDER_LIST_READER_LOCK(bInLock);
LSA_TRACE_END_FUNCTION(dwTraceFlags, sizeof(dwTraceFlags)/sizeof(dwTraceFlags[0]));
return(dwError);
error:
LSA_LOG_ERROR_API_FAILED(
hServer,
dwError,
"find NIS Artefact by key (map = '%s', key = '%s')",
LSA_SAFE_LOG_STRING(pszMapName),
LSA_SAFE_LOG_STRING(pszKeyName));
*ppNSSArtefactInfo = NULL;
goto cleanup;
}
DWORD
LsaSrvEnumNSSArtefacts(
HANDLE hServer,
HANDLE hState,
PDWORD pdwNSSArtefactInfoLevel,
PVOID** pppNSSArtefactInfoList,
PDWORD pdwNumNSSArtefactsFound
)
{
DWORD dwError = 0;
DWORD dwTraceFlags[] = {LSA_TRACE_FLAG_USER_GROUP_QUERIES};
PLSA_SRV_ENUM_STATE pEnumState = hState;
PVOID* ppNSSArtefactInfoList_accumulate = NULL;
DWORD dwTotalNumNSSArtefactsFound = 0;
PVOID* ppNSSArtefactInfoList = NULL;
DWORD dwNumNSSArtefactsFound = 0;
DWORD dwNumNSSArtefactsRemaining = 0;
DWORD dwNSSArtefactInfoLevel = 0;
LSA_TRACE_BEGIN_FUNCTION(dwTraceFlags, sizeof(dwTraceFlags)/sizeof(dwTraceFlags[0]));
dwNSSArtefactInfoLevel = pEnumState->dwInfoLevel;
dwNumNSSArtefactsRemaining = pEnumState->dwNumMaxRecords;
while (dwNumNSSArtefactsRemaining &&
pEnumState->pCurProviderState)
{
PLSA_SRV_PROVIDER_STATE pProviderState = pEnumState->pCurProviderState;
PLSA_AUTH_PROVIDER pProvider = pProviderState->pProvider;
HANDLE hProvider = pProviderState->hProvider;
HANDLE hResume = pProviderState->hResume;
dwNumNSSArtefactsFound = 0;
dwError = pProvider->pFnTable->pfnEnumNSSArtefacts(
hProvider,
hResume,
dwNumNSSArtefactsRemaining,
&dwNumNSSArtefactsFound,
&ppNSSArtefactInfoList);
if (dwError) {
if (dwError != LW_ERROR_NO_MORE_NSS_ARTEFACTS) {
BAIL_ON_LSA_ERROR(dwError);
}
}
dwNumNSSArtefactsRemaining -= dwNumNSSArtefactsFound;
if (dwNumNSSArtefactsRemaining) {
pEnumState->pCurProviderState = pEnumState->pCurProviderState->pNext;
if (dwError == LW_ERROR_NO_MORE_NSS_ARTEFACTS){
dwError = 0;
}
}
dwError = LsaAppendAndFreePtrs(
&dwTotalNumNSSArtefactsFound,
&ppNSSArtefactInfoList_accumulate,
&dwNumNSSArtefactsFound,
&ppNSSArtefactInfoList);
BAIL_ON_LSA_ERROR(dwError);
}
*pdwNSSArtefactInfoLevel = dwNSSArtefactInfoLevel;
*pppNSSArtefactInfoList = ppNSSArtefactInfoList_accumulate;
*pdwNumNSSArtefactsFound = dwTotalNumNSSArtefactsFound;
cleanup:
LSA_TRACE_END_FUNCTION(dwTraceFlags, sizeof(dwTraceFlags)/sizeof(dwTraceFlags[0]));
return(dwError);
error:
LSA_LOG_ERROR_API_FAILED(
hServer,
dwError,
"continue enumerating NIS Artefacts");
*pdwNSSArtefactInfoLevel = 0;
*pppNSSArtefactInfoList = NULL;
*pdwNumNSSArtefactsFound = 0;
if (ppNSSArtefactInfoList) {
LsaFreeNSSArtefactInfoList(dwNSSArtefactInfoLevel, ppNSSArtefactInfoList, dwNumNSSArtefactsFound);
}
if (ppNSSArtefactInfoList_accumulate) {
LsaFreeNSSArtefactInfoList(dwNSSArtefactInfoLevel, ppNSSArtefactInfoList_accumulate, dwTotalNumNSSArtefactsFound);
}
goto cleanup;
}
DWORD
LsaSrvGetStatus(
HANDLE hServer,
PCSTR pszTargetProvider,
PLSASTATUS* ppLsaStatus
)
{
DWORD dwError = 0;
BOOLEAN bInLock = FALSE;
PLSA_AUTH_PROVIDER pProvider = NULL;
DWORD dwProviderCount = 0;
DWORD iCount = 0;
DWORD dwStatusIndex = 0;
HANDLE hProvider = (HANDLE)NULL;
PLSASTATUS pLsaStatus = NULL;
PLSA_AUTH_PROVIDER_STATUS pProviderOwnedStatus = NULL;
BOOLEAN bFoundProvider = FALSE;
PSTR pszTargetProviderName = NULL;
PSTR pszTargetInstance = NULL;
BAIL_ON_INVALID_POINTER(ppLsaStatus);
dwError = LwAllocateMemory(
sizeof(LSASTATUS),
(PVOID*)&pLsaStatus);
BAIL_ON_LSA_ERROR(dwError);
pLsaStatus->dwUptime = (DWORD)difftime(time(NULL), gServerStartTime);
dwError = LsaSrvGetLsassVersion(
&pLsaStatus->lsassVersion);
BAIL_ON_LSA_ERROR(dwError);
dwError = LsaReadVersionFile(
&pLsaStatus->productVersion);
BAIL_ON_LSA_ERROR(dwError);
if (pszTargetProvider)
{
dwError = LsaSrvGetTargetElements(
pszTargetProvider,
&pszTargetProviderName,
&pszTargetInstance);
BAIL_ON_LSA_ERROR(dwError);
}
ENTER_AUTH_PROVIDER_LIST_READER_LOCK(bInLock);
if (pszTargetProviderName)
{
dwProviderCount = 1;
}
else
{
dwProviderCount = LsaGetNumberOfProviders_inlock();
}
if (!dwProviderCount)
{
goto done;
}
dwError = LwAllocateMemory(
dwProviderCount * sizeof(LSA_AUTH_PROVIDER_STATUS),
(PVOID*)&pLsaStatus->pAuthProviderStatusList);
BAIL_ON_LSA_ERROR(dwError);
pLsaStatus->dwCount = dwProviderCount;
dwError = LW_ERROR_NOT_HANDLED;
for (pProvider = gpAuthProviderList, iCount = 0, dwStatusIndex = 0;
pProvider;
pProvider = pProvider->pNext, iCount++)
{
PLSA_AUTH_PROVIDER_STATUS pAuthProviderStatus = NULL;
if (pszTargetProviderName)
{
if (!strcmp(pszTargetProviderName, pProvider->pszName))
{
bFoundProvider = TRUE;
}
else
{
continue;
}
}
dwError = LsaSrvOpenProvider(
hServer,
pProvider,
pszTargetInstance,
&hProvider);
BAIL_ON_LSA_ERROR(dwError);
pAuthProviderStatus = &pLsaStatus->pAuthProviderStatusList[dwStatusIndex++];
dwError = LwAllocateString(
pProvider->pszName,
&pAuthProviderStatus->pszId);
BAIL_ON_LSA_ERROR(dwError);
dwError = pProvider->pFnTable->pfnGetStatus(
hProvider,
&pProviderOwnedStatus);
if (dwError == LW_ERROR_NOT_HANDLED)
{
dwError = 0;
}
else
{
BAIL_ON_LSA_ERROR(dwError);
dwError = LsaSrvCopyProviderStatus(
pProviderOwnedStatus,
pAuthProviderStatus);
BAIL_ON_LSA_ERROR(dwError);
pProvider->pFnTable->pfnFreeStatus(
pProviderOwnedStatus);
pProviderOwnedStatus = NULL;
}
LsaSrvCloseProvider(pProvider, hProvider);
hProvider = (HANDLE)NULL;
}
if (pszTargetProviderName && !bFoundProvider)
{
dwError = LW_ERROR_INVALID_AUTH_PROVIDER;
BAIL_ON_LSA_ERROR(dwError);
}
done:
*ppLsaStatus = pLsaStatus;
cleanup:
LW_SAFE_FREE_STRING(pszTargetProviderName);
LW_SAFE_FREE_STRING(pszTargetInstance);
if (pProvider != NULL && pProviderOwnedStatus)
{
pProvider->pFnTable->pfnFreeStatus(
pProviderOwnedStatus);
}
if (hProvider != NULL)
{
LsaSrvCloseProvider(pProvider, hProvider);
}
LEAVE_AUTH_PROVIDER_LIST_READER_LOCK(bInLock);
return dwError;
error:
LSA_LOG_ERROR_API_FAILED(hServer, dwError, "get lsass status");
if (ppLsaStatus)
{
*ppLsaStatus = NULL;
}
if (pLsaStatus)
{
LsaFreeStatus(pLsaStatus);
}
goto cleanup;
}
DWORD
LsaSrvRefreshConfiguration(
HANDLE hServer
)
{
DWORD dwError = 0;
BOOLEAN bInLock = FALSE;
PLSA_AUTH_PROVIDER pProvider = NULL;
HANDLE hProvider = (HANDLE)NULL;
PLSA_SRV_API_STATE pServerState = (PLSA_SRV_API_STATE)hServer;
BOOLEAN bUnlockConfigLock = FALSE;
LSA_SRV_API_CONFIG apiConfig;
if (pServerState->peerUID)
{
dwError = LW_ERROR_ACCESS_DENIED;
BAIL_ON_LSA_ERROR(dwError);
}
dwError = LsaSrvApiInitConfig(&apiConfig);
BAIL_ON_LSA_ERROR(dwError);
dwError = LsaSrvApiReadRegistry(&apiConfig);
BAIL_ON_LSA_ERROR(dwError);
pthread_mutex_lock(&gAPIConfigLock);
bUnlockConfigLock = TRUE;
dwError = LsaSrvApiTransferConfigContents(
&apiConfig,
&gAPIConfig);
BAIL_ON_LSA_ERROR(dwError);
pthread_mutex_unlock(&gAPIConfigLock);
bUnlockConfigLock = FALSE;
ENTER_AUTH_PROVIDER_LIST_READER_LOCK(bInLock);
dwError = LW_ERROR_NOT_HANDLED;
for (pProvider = gpAuthProviderList;
pProvider;
pProvider = pProvider->pNext)
{
dwError = LsaSrvOpenProvider(
hServer,
pProvider,
NULL,
&hProvider);
BAIL_ON_LSA_ERROR(dwError);
dwError = pProvider->pFnTable->pfnRefreshConfiguration(
hProvider);
if (dwError)
{
LSA_LOG_ERROR("Refreshing provider %s failed.",
pProvider->pszName ? pProvider->pszName : "");
dwError = 0;
}
LsaSrvCloseProvider(pProvider, hProvider);
hProvider = (HANDLE)NULL;
}
cleanup:
if (hProvider != (HANDLE)NULL) {
LsaSrvCloseProvider(pProvider, hProvider);
}
LEAVE_AUTH_PROVIDER_LIST_READER_LOCK(bInLock);
LsaSrvApiFreeConfigContents(&apiConfig);
if (bUnlockConfigLock)
{
pthread_mutex_unlock(&gAPIConfigLock);
}
return(dwError);
error:
LSA_LOG_ERROR_API_FAILED(hServer, dwError, "refresh configuration");
goto cleanup;
}
