VOID LsaImplFreeMachinePasswordInfoContentsW( IN OUT PLSA_MACHINE_PASSWORD_INFO_W pPasswordInfo ) { LsaImplFreeMachineAccountInfoContentsW(&pPasswordInfo->Account); LW_SECURE_FREE_WSTRING(pPasswordInfo->Password); }
DWORD GetMachinePassword( OUT OPTIONAL PWSTR* ppwszDnsDomainName, OUT OPTIONAL PWSTR* ppwszMachineSamAccountName, OUT OPTIONAL PWSTR* ppwszMachinePassword, OUT OPTIONAL PWSTR* ppwszComputerName ) { DWORD dwError = 0; PWSTR pwszDnsDomainName = NULL; PWSTR pwszMachineSamAccountName = NULL; PWSTR pwszMachinePassword = NULL; PWSTR pwszComputerName = NULL; HANDLE hLsaConnection = NULL; PLSA_MACHINE_PASSWORD_INFO_A pPasswordInfo = NULL; dwError = LsaOpenServer(&hLsaConnection); BAIL_ON_WIN_ERROR(dwError); dwError = LsaAdGetMachinePasswordInfo(hLsaConnection, NULL, &pPasswordInfo); BAIL_ON_WIN_ERROR(dwError); if (ppwszDnsDomainName) { dwError = LwMbsToWc16s(pPasswordInfo->Account.DnsDomainName, &pwszDnsDomainName); BAIL_ON_WIN_ERROR(dwError); } if (ppwszMachineSamAccountName) { dwError = LwMbsToWc16s(pPasswordInfo->Account.SamAccountName, &pwszMachineSamAccountName); BAIL_ON_WIN_ERROR(dwError); } if (ppwszMachinePassword) { dwError = LwMbsToWc16s(pPasswordInfo->Password, &pwszMachinePassword); BAIL_ON_WIN_ERROR(dwError); } if (ppwszComputerName) { dwError = LwMbsToWc16s(pPasswordInfo->Account.SamAccountName, &pwszComputerName); BAIL_ON_WIN_ERROR(dwError); // Remove $ from account name pwszComputerName[wc16slen(pwszComputerName) - 1] = 0; } error: if (dwError) { LW_SAFE_FREE_MEMORY(pwszDnsDomainName); LW_SAFE_FREE_MEMORY(pwszMachineSamAccountName); LW_SECURE_FREE_WSTRING(pwszMachinePassword); LW_SAFE_FREE_MEMORY(pwszComputerName); } if (hLsaConnection) { LsaCloseServer(hLsaConnection); } if (pPasswordInfo) { LsaAdFreeMachinePasswordInfo(pPasswordInfo); } if (ppwszDnsDomainName) { *ppwszDnsDomainName = pwszDnsDomainName; } if (ppwszMachineSamAccountName) { *ppwszMachineSamAccountName = pwszMachineSamAccountName; } if (ppwszMachinePassword) { *ppwszMachinePassword = pwszMachinePassword; } if (ppwszComputerName) { *ppwszComputerName = pwszComputerName; } return dwError; }
WINERROR NetrSrvUnjoinDomain2( /* [in] */ handle_t hBinding, /* [in] */ PWSTR pwszServerName, /* [in] */ PWSTR pwszAccountName, /* [in] */ PENC_JOIN_PASSWORD_BUFFER pPassword, /* [in] */ DWORD dwUnjoinFlags ) { const DWORD dwRequiredAccessRights = WKSSVC_ACCESS_JOIN_DOMAIN; DWORD dwError = ERROR_SUCCESS; NTSTATUS ntStatus = STATUS_SUCCESS; WKSS_SRV_CONTEXT SrvCtx = {0}; PSECURITY_DESCRIPTOR_ABSOLUTE pSecDesc = gpWkssSecDesc; GENERIC_MAPPING GenericMapping = {0}; DWORD dwAccessGranted = 0; PWSTR pwszPassword = NULL; size_t sPasswordLen = 0; PSTR pszUsername = NULL; PSTR pszPassword = NULL; LSA_AD_IPC_LEAVE_DOMAIN_REQ Request = {0}; HANDLE hServer = NULL; LWMsgDataContext *pDataCtx = NULL; size_t sInputBlobSize = 0; PVOID pInputBlob = NULL; DWORD dwOutputBlobSize = 0; PVOID pOutputBlob = NULL; dwError = WkssSrvInitAuthInfo(hBinding, &SrvCtx); BAIL_ON_LSA_ERROR(dwError); if (!RtlAccessCheck(pSecDesc, SrvCtx.pUserToken, dwRequiredAccessRights, 0, &GenericMapping, &dwAccessGranted, &ntStatus)) { BAIL_ON_NT_STATUS(ntStatus); } dwError = WkssSrvDecryptPasswordBlob(&SrvCtx, pPassword, NULL, 0, &pwszPassword); BAIL_ON_LSA_ERROR(dwError); dwError = LwWc16sLen(pwszPassword, &sPasswordLen); BAIL_ON_LSA_ERROR(dwError); dwError = LwWc16sToMbs(pwszAccountName, &pszUsername); BAIL_ON_LSA_ERROR(dwError); dwError = LwWc16sToMbs(pwszPassword, &pszPassword); BAIL_ON_LSA_ERROR(dwError); Request.pszUsername = pszUsername; Request.pszPassword = pszPassword; if (dwUnjoinFlags & NETSETUP_ACCT_DELETE) { Request.dwFlags |= LSA_NET_LEAVE_DOMAIN_ACCT_DELETE; } dwError = MAP_LWMSG_ERROR(lwmsg_data_context_new(NULL, &pDataCtx)); BAIL_ON_LSA_ERROR(dwError); dwError = MAP_LWMSG_ERROR(lwmsg_data_marshal_flat_alloc( pDataCtx, LsaAdIPCGetLeaveDomainReqSpec(), &Request, &pInputBlob, &sInputBlobSize)); BAIL_ON_LSA_ERROR(dwError); dwError = LsaSrvOpenServer(geteuid(), getegid(), getpid(), &hServer); BAIL_ON_LSA_ERROR(dwError); dwError = LsaSrvProviderIoControl(hServer, LSA_PROVIDER_TAG_AD, LSA_AD_IO_LEAVEDOMAIN, sInputBlobSize, pInputBlob, &dwOutputBlobSize, &pOutputBlob); BAIL_ON_LSA_ERROR(dwError); cleanup: if (hServer) { LsaSrvCloseServer(hServer); } if (pDataCtx) { lwmsg_data_context_delete(pDataCtx); } WkssSrvFreeAuthInfo(&SrvCtx); LW_SECURE_FREE_STRING(pszPassword); LW_SECURE_FREE_WSTRING(pwszPassword); LW_SECURE_FREE_MEMORY(pInputBlob, sInputBlobSize); LW_SAFE_FREE_MEMORY(pszUsername); return (WINERROR)dwError; error: goto cleanup; }
static DWORD TestNetlogonSamLogonInteractiveEx( PTEST pTest, PCWSTR pwszHostname, PCWSTR pwszBindingString, PCREDENTIALS pCreds, PPARAMETER pOptions, DWORD dwOptcount ) { PCSTR pszDefComputer = "TestWks4"; PCSTR pszDefMachpass = "******"; const DWORD dwDefLogonLevel = 0; const DWORD dwDefValidationLevel = 2; BOOLEAN bRet = TRUE; DWORD dwError = ERROR_SUCCESS; NETR_BINDING hNetr = NULL; NETR_BINDING hSchn = NULL; enum param_err perr = perr_success; NetrCredentials NetlogonCreds = {0}; NetrValidationInfo **ppSamLogonInfo = NULL; PSTR pszComputer = NULL; PSTR pszMachpass = NULL; PWSTR pwszComputer = NULL; PWSTR pwszMachAcct = NULL; PWSTR pwszMachpass = NULL; PWSTR pwszServer = NULL; PWSTR pwszDomain = NULL; PWSTR pwszDnsDomain = NULL; PWSTR pwszUsername = NULL; PWSTR pwszPassword = NULL; DWORD dwLogonLevel = 0; DWORD dwValidationLevel = 0; DWORD pDefaultLogonLevels[] = { 1, 3, 4}; DWORD numLogonLevels = (sizeof(pDefaultLogonLevels) /sizeof(pDefaultLogonLevels[0])); PDWORD pLogonLevels = NULL; DWORD pDefaultValidationLevels[] = { 2, 3, 6 }; DWORD numValidationLevels = (sizeof(pDefaultValidationLevels) /sizeof(pDefaultValidationLevels[0])); PDWORD pValidationLevels = NULL; DWORD iLogonLevel = 0; DWORD iValidationLevel = 0; TESTINFO(pTest, pwszHostname); perr = fetch_value(pOptions, dwOptcount, "computer", pt_w16string, &pwszComputer, &pszDefComputer); if (!perr_is_ok(perr)) perr_fail(perr); perr = fetch_value(pOptions, dwOptcount, "machpass", pt_w16string, &pwszMachpass, &pszDefMachpass); if (!perr_is_ok(perr)) perr_fail(perr); perr = fetch_value(pOptions, dwOptcount, "server", pt_w16string, &pwszServer, NULL); if (perr_is_err(perr)) perr_fail(perr); perr = fetch_value(pOptions, dwOptcount, "domain", pt_w16string, &pwszDomain, NULL); if (perr_is_err(perr)) perr_fail(perr); perr = fetch_value(pOptions, dwOptcount, "dnsdomain", pt_w16string, &pwszDnsDomain, NULL); if (perr_is_err(perr)) perr_fail(perr); perr = fetch_value(pOptions, dwOptcount, "username", pt_w16string, &pwszUsername, NULL); if (!perr_is_ok(perr)) perr_fail(perr); perr = fetch_value(pOptions, dwOptcount, "password", pt_w16string, &pwszPassword, NULL); if (!perr_is_ok(perr)) perr_fail(perr); perr = fetch_value(pOptions, dwOptcount, "logon_level", pt_uint32, &dwLogonLevel, &dwDefLogonLevel); if (!perr_is_ok(perr)) perr_fail(perr); perr = fetch_value(pOptions, dwOptcount, "validation_level", pt_uint32, &dwValidationLevel, &dwDefValidationLevel); if (!perr_is_ok(perr)) perr_fail(perr); dwError = LwWc16sToMbs(pwszComputer, &pszComputer); BAIL_ON_WIN_ERROR(dwError); dwError = LwWc16sToMbs(pwszMachpass, &pszMachpass); BAIL_ON_WIN_ERROR(dwError); if (strcmp(pszComputer, pszDefComputer) == 0 && strcmp(pszMachpass, pszDefMachpass) == 0) { LW_SAFE_FREE_MEMORY(pwszComputer); LW_SAFE_FREE_MEMORY(pwszMachpass); dwError = GetMachinePassword( &pwszDnsDomain, &pwszDomain, &pwszMachAcct, &pwszMachpass, &pwszComputer); BAIL_ON_WIN_ERROR(dwError); } PARAM_INFO("computer", pt_w16string, pwszComputer); PARAM_INFO("machpass", pt_w16string, pwszMachpass); PARAM_INFO("server", pt_w16string, pwszServer); PARAM_INFO("domain", pt_w16string, pwszDomain); PARAM_INFO("dnsdomain", pt_w16string, pwszDnsDomain); PARAM_INFO("username", pt_w16string, pwszUsername); PARAM_INFO("password", pt_w16string, pwszPassword); PARAM_INFO("logon_level", pt_int32, &dwLogonLevel); PARAM_INFO("validation_level", pt_int32, &dwValidationLevel); bRet &= CreateRpcBinding(OUT_PPVOID(&hNetr), RPC_NETLOGON_BINDING, pwszHostname, pwszBindingString, pCreds); bRet &= CallOpenSchannel(hNetr, pwszMachAcct, pwszHostname, pwszServer, pwszDomain, pwszDnsDomain, pwszComputer, pwszMachpass, &NetlogonCreds, &hSchn); if (hSchn == NULL) { bRet = FALSE; goto done; } if (dwLogonLevel) { pLogonLevels = &dwLogonLevel; numLogonLevels = 1; } else { pLogonLevels = pDefaultLogonLevels; } if (dwValidationLevel) { pValidationLevels = &dwValidationLevel; numValidationLevels = 1; } else { pValidationLevels = pDefaultValidationLevels; } for (iLogonLevel = 0; iLogonLevel < numLogonLevels; iLogonLevel++) { bRet &= CallNetrSamLogonInteractiveEx( hSchn, &NetlogonCreds, pwszServer, pwszDomain, pwszComputer, pwszUsername, pwszPassword, pLogonLevels[iLogonLevel], pValidationLevels, numValidationLevels, &ppSamLogonInfo); if (bRet) { bRet &= TestValidateSamLogonInfo(&ppSamLogonInfo, 1); for (iValidationLevel = 0; ppSamLogonInfo && iValidationLevel <= 6; iValidationLevel++) { if (ppSamLogonInfo[iValidationLevel]) { NetrFreeMemory(ppSamLogonInfo[iValidationLevel]); ppSamLogonInfo[iValidationLevel] = NULL; } } } } bRet &= CallCloseSchannel(hSchn); done: error: for (iValidationLevel = 0; ppSamLogonInfo && iValidationLevel <= 6; iValidationLevel++) { if (ppSamLogonInfo[iValidationLevel]) { NetrFreeMemory(ppSamLogonInfo[iValidationLevel]); ppSamLogonInfo[iValidationLevel] = NULL; } } NetrFreeBinding(&hNetr); LW_SAFE_FREE_MEMORY(pwszMachAcct); LW_SECURE_FREE_WSTRING(pwszMachpass); LW_SAFE_FREE_MEMORY(pwszComputer); LW_SAFE_FREE_MEMORY(pwszServer); LW_SAFE_FREE_MEMORY(pwszDomain); LW_SAFE_FREE_MEMORY(pwszUsername); LW_SAFE_FREE_MEMORY(pwszPassword); LW_SAFE_FREE_MEMORY(pszComputer); LW_SAFE_FREE_MEMORY(pszMachpass); return (int)bRet; }