static
NTSTATUS
RegSrvIpcCheckPermissions(
LWMsgSecurityToken* token,
uid_t* puid,
gid_t* pgid
)
{
NTSTATUS status = 0;
uid_t euid;
gid_t egid;
if (strcmp(lwmsg_security_token_get_type(token), "local"))
{
REG_LOG_WARNING("Unsupported authentication type");
status = STATUS_UNHANDLED_EXCEPTION;
BAIL_ON_NT_STATUS(status);
}
status = MAP_LWMSG_ERROR(lwmsg_local_token_get_eid(token, &euid, &egid));
BAIL_ON_NT_STATUS(status);
REG_LOG_VERBOSE("Permission granted for (uid = %i, gid = %i) to open RegIpcServer",
(int) euid,
(int) egid);
*puid = euid;
*pgid = egid;
error:
return status;
}
DWORD
LWNetSrvStopListenThread(
void
)
{
DWORD dwError = 0;
if (gpServer)
{
dwError = MAP_LWMSG_ERROR(lwmsg_peer_stop_listen(gpServer));
BAIL_ON_LWNET_ERROR(dwError);
}
error:
if (gpServer)
{
lwmsg_peer_delete(gpServer);
gpServer = NULL;
}
if (gpProtocol)
{
lwmsg_protocol_delete(gpProtocol);
gpProtocol = NULL;
}
return dwError;
}
DWORD
LsaGetTraceFlag(
HANDLE hLsaConnection,
DWORD dwTraceFlag,
PLSA_TRACE_INFO* ppTraceFlag
)
{
DWORD dwError = 0;
PLSA_CLIENT_CONNECTION_CONTEXT pContext =
(PLSA_CLIENT_CONNECTION_CONTEXT)hLsaConnection;
PLSA_TRACE_INFO_LIST pResult = NULL;
PLSA_IPC_ERROR pError = NULL;
LWMsgMessage request = LWMSG_MESSAGE_INITIALIZER;
LWMsgMessage response = LWMSG_MESSAGE_INITIALIZER;
request.tag = LSA_Q_GET_TRACE_INFO;
request.object = &dwTraceFlag;
dwError = MAP_LWMSG_ERROR(lwmsg_assoc_send_message_transact(
pContext->pAssoc,
&request,
&response));
BAIL_ON_LSA_ERROR(dwError);
switch (response.tag)
{
case LSA_R_GET_TRACE_INFO_SUCCESS:
pResult = (PLSA_TRACE_INFO_LIST) response.object;
if (pResult->dwNumFlags != 1)
{
dwError = LW_ERROR_INTERNAL;
BAIL_ON_LSA_ERROR(dwError);
}
*ppTraceFlag = pResult->pTraceInfoArray;
pResult->pTraceInfoArray = NULL;
pResult->dwNumFlags = 0;
break;
case LSA_R_GET_TRACE_INFO_FAILURE:
pError = (PLSA_IPC_ERROR) response.object;
dwError = pError->dwError;
BAIL_ON_LSA_ERROR(dwError);
break;
default:
dwError = LW_ERROR_UNEXPECTED_MESSAGE;
BAIL_ON_LSA_ERROR(dwError);
}
cleanup:
return dwError;
error:
if (response.object)
{
lwmsg_assoc_free_message(pContext->pAssoc, &response);
}
goto cleanup;
}
DWORD
LsaEnumTraceFlags(
HANDLE hLsaConnection,
PLSA_TRACE_INFO* ppTraceFlagArray,
PDWORD pdwNumFlags
)
{
DWORD dwError = 0;
PLSA_CLIENT_CONNECTION_CONTEXT pContext =
(PLSA_CLIENT_CONNECTION_CONTEXT)hLsaConnection;
// Do not free pResultList and pError
PLSA_TRACE_INFO_LIST pResultList = NULL;
PLSA_IPC_ERROR pError = NULL;
LWMsgMessage request = LWMSG_MESSAGE_INITIALIZER;
LWMsgMessage response = LWMSG_MESSAGE_INITIALIZER;
request.tag = LSA_Q_ENUM_TRACE_INFO;
request.object = NULL;
dwError = MAP_LWMSG_ERROR(lwmsg_assoc_send_message_transact(
pContext->pAssoc,
&request,
&response));
BAIL_ON_LSA_ERROR(dwError);
switch (response.tag)
{
case LSA_R_ENUM_TRACE_INFO_SUCCESS:
pResultList = (PLSA_TRACE_INFO_LIST)response.object;
*ppTraceFlagArray = pResultList->pTraceInfoArray;
pResultList->pTraceInfoArray = NULL;
*pdwNumFlags = pResultList->dwNumFlags;
pResultList->dwNumFlags = 0;
break;
case LSA_R_ENUM_TRACE_INFO_FAILURE:
pError = (PLSA_IPC_ERROR) response.object;
dwError = pError->dwError;
BAIL_ON_LSA_ERROR(dwError);
break;
default:
dwError = LW_ERROR_UNEXPECTED_MESSAGE;
BAIL_ON_LSA_ERROR(dwError);
}
cleanup:
if (response.object)
{
lwmsg_assoc_free_message(pContext->pAssoc, &response);
}
return dwError;
error:
*pdwNumFlags = 0;
*ppTraceFlagArray = NULL;
goto cleanup;
}
static
NTSTATUS
RegSrvIpcGetHandleData(
LWMsgCall* pCall,
LWMsgHandle* pHandle,
HKEY* phKey
)
{
LWMsgSession* pSession = lwmsg_call_get_session(pCall);
return MAP_LWMSG_ERROR(lwmsg_session_get_handle_data(pSession, pHandle, OUT_PPVOID(phKey)));
}
DWORD
LsaSetTraceFlags(
HANDLE hLsaConnection,
PLSA_TRACE_INFO pTraceFlagArray,
DWORD dwNumFlags
)
{
DWORD dwError = 0;
PLSA_CLIENT_CONNECTION_CONTEXT pContext =
(PLSA_CLIENT_CONNECTION_CONTEXT)hLsaConnection;
LSA_IPC_SET_TRACE_INFO_REQ setTraceinfoReq;
PLSA_IPC_ERROR pError = NULL;
LWMsgMessage request = LWMSG_MESSAGE_INITIALIZER;
LWMsgMessage response = LWMSG_MESSAGE_INITIALIZER;
setTraceinfoReq.dwNumFlags = dwNumFlags;
setTraceinfoReq.pTraceFlagArray = pTraceFlagArray;
request.tag = LSA_Q_SET_TRACE_INFO;
request.object = &setTraceinfoReq;
dwError = MAP_LWMSG_ERROR(lwmsg_assoc_send_message_transact(
pContext->pAssoc,
&request,
&response));
BAIL_ON_LSA_ERROR(dwError);
switch (response.tag)
{
case LSA_R_SET_TRACE_INFO_SUCCESS:
// response.object == NULL
break;
case LSA_R_SET_TRACE_INFO_FAILURE:
pError = (PLSA_IPC_ERROR) response.object;
dwError = pError->dwError;
BAIL_ON_LSA_ERROR(dwError);
break;
default:
dwError = LW_ERROR_UNEXPECTED_MESSAGE;
BAIL_ON_LSA_ERROR(dwError);
}
cleanup:
return dwError;
error:
if (response.object)
{
lwmsg_assoc_free_message(pContext->pAssoc, &response);
}
goto cleanup;
}
DWORD
LwmEvtGetRecordCount(
PLW_EVT_CLIENT_CONNECTION_CONTEXT pConn,
IN PCWSTR pSqlFilter,
OUT PDWORD pNumMatched
)
{
DWORD dwError = 0;
PEVT_IPC_GENERIC_ERROR pError = NULL;
LWMsgParams in = LWMSG_PARAMS_INITIALIZER;
LWMsgParams out = LWMSG_PARAMS_INITIALIZER;
LWMsgCall* pCall = NULL;
dwError = LwmEvtAcquireCall(pConn, &pCall);
BAIL_ON_EVT_ERROR(dwError);
in.tag = EVT_Q_GET_RECORD_COUNT;
in.data = (PVOID)pSqlFilter;
dwError = MAP_LWMSG_ERROR(lwmsg_call_dispatch(pCall, &in, &out, NULL, NULL));
BAIL_ON_EVT_ERROR(dwError);
switch (out.tag)
{
case EVT_R_GET_RECORD_COUNT:
*pNumMatched = *(PDWORD)out.data;
break;
case EVT_R_GENERIC_ERROR:
pError = (PEVT_IPC_GENERIC_ERROR) out.data;
dwError = pError->Error;
BAIL_ON_EVT_ERROR(dwError);
break;
default:
dwError = LW_ERROR_INTERNAL;
BAIL_ON_EVT_ERROR(dwError);
}
cleanup:
if (pCall)
{
lwmsg_call_destroy_params(pCall, &out);
lwmsg_call_release(pCall);
}
return dwError;
error:
if (pNumMatched)
{
*pNumMatched = 0;
}
goto cleanup;
}
DWORD
LsaGetStatus2(
HANDLE hLsaConnection,
PCSTR pszTargetProvider,
PLSASTATUS* ppLsaStatus
)
{
DWORD dwError = 0;
PLSA_CLIENT_CONNECTION_CONTEXT pContext =
(PLSA_CLIENT_CONNECTION_CONTEXT)hLsaConnection;
PLSA_IPC_ERROR pError = NULL;
LWMsgMessage request = LWMSG_MESSAGE_INITIALIZER;
LWMsgMessage response = LWMSG_MESSAGE_INITIALIZER;
request.tag = LSA_Q_GET_STATUS;
request.object = (PVOID)pszTargetProvider;
dwError = MAP_LWMSG_ERROR(lwmsg_assoc_send_message_transact(
pContext->pAssoc,
&request,
&response));
BAIL_ON_LSA_ERROR(dwError);
switch (response.tag)
{
case LSA_R_GET_STATUS_SUCCESS:
*ppLsaStatus = (PLSASTATUS)response.object;
break;
case LSA_R_GET_STATUS_FAILURE:
pError = (PLSA_IPC_ERROR) response.object;
dwError = pError->dwError;
BAIL_ON_LSA_ERROR(dwError);
break;
default:
dwError = LW_ERROR_UNEXPECTED_MESSAGE;
BAIL_ON_LSA_ERROR(dwError);
}
cleanup:
return dwError;
error:
if (response.object)
{
lwmsg_assoc_free_message(pContext->pAssoc, &response);
}
*ppLsaStatus = NULL;
goto cleanup;
}
DWORD
LwmEvtWriteRecords(
PLW_EVT_CLIENT_CONNECTION_CONTEXT pConn,
IN DWORD Count,
IN PLW_EVENTLOG_RECORD pRecords
)
{
DWORD dwError = 0;
PEVT_IPC_GENERIC_ERROR pError = NULL;
EVT_IPC_RECORD_ARRAY req = { 0 };
LWMsgParams in = LWMSG_PARAMS_INITIALIZER;
LWMsgParams out = LWMSG_PARAMS_INITIALIZER;
LWMsgCall* pCall = NULL;
dwError = LwmEvtAcquireCall(pConn, &pCall);
BAIL_ON_EVT_ERROR(dwError);
req.Count = Count;
req.pRecords = pRecords;
in.tag = EVT_Q_WRITE_RECORDS;
in.data = &req;
dwError = MAP_LWMSG_ERROR(lwmsg_call_dispatch(pCall, &in, &out, NULL, NULL));
BAIL_ON_EVT_ERROR(dwError);
switch (out.tag)
{
case EVT_R_GENERIC_SUCCESS:
break;
case EVT_R_GENERIC_ERROR:
pError = (PEVT_IPC_GENERIC_ERROR) out.data;
dwError = pError->Error;
BAIL_ON_EVT_ERROR(dwError);
break;
default:
dwError = LW_ERROR_INTERNAL;
BAIL_ON_EVT_ERROR(dwError);
}
cleanup:
if (pCall)
{
lwmsg_call_destroy_params(pCall, &out);
lwmsg_call_release(pCall);
}
return dwError;
error:
goto cleanup;
}
LSASS_API
DWORD
LsaGetPamConfig(
IN HANDLE hLsaConnection,
OUT PLSA_PAM_CONFIG *ppPamConfig
)
{
DWORD dwError = 0;
PLSA_CLIENT_CONNECTION_CONTEXT pContext =
(PLSA_CLIENT_CONNECTION_CONTEXT)hLsaConnection;
PLSA_IPC_ERROR pError = NULL;
LWMsgMessage request = LWMSG_MESSAGE_INITIALIZER;
LWMsgMessage response = LWMSG_MESSAGE_INITIALIZER;
request.tag = LSA_Q_GET_PAM_CONFIG;
request.object = NULL;
dwError = MAP_LWMSG_ERROR(lwmsg_assoc_send_message_transact(
pContext->pAssoc,
&request,
&response));
BAIL_ON_LSA_ERROR(dwError);
switch (response.tag)
{
case LSA_R_GET_PAM_CONFIG_SUCCESS:
*ppPamConfig = (PLSA_PAM_CONFIG) response.object;
break;
case LSA_R_GET_PAM_CONFIG_FAILURE:
pError = (PLSA_IPC_ERROR) response.object;
dwError = pError->dwError;
BAIL_ON_LSA_ERROR(dwError);
break;
default:
dwError = LW_ERROR_UNEXPECTED_MESSAGE;
BAIL_ON_LSA_ERROR(dwError);
}
cleanup:
return dwError;
error:
if (response.object)
{
lwmsg_assoc_free_message(pContext->pAssoc, &response);
}
goto cleanup;
}
DWORD
LwmEvtAcquireCall(
HANDLE hConnection,
LWMsgCall** ppCall
)
{
DWORD dwError = 0;
PLW_EVT_CLIENT_CONNECTION_CONTEXT pContext = hConnection;
dwError = MAP_LWMSG_ERROR(lwmsg_peer_acquire_call(pContext->pClient, ppCall));
BAIL_ON_EVT_ERROR(dwError);
error:
return dwError;
}
static
NTSTATUS
RegSrvIpcUnregisterHandle(
LWMsgCall* pCall,
PVOID pHandle
)
{
NTSTATUS status = 0;
LWMsgSession* pSession = lwmsg_call_get_session(pCall);
status = MAP_LWMSG_ERROR(lwmsg_session_unregister_handle(pSession, pHandle));
BAIL_ON_NT_STATUS(status);
error:
return status;
}
VOID
LwmEvtOpenServerOnce(
VOID
)
{
DWORD dwError = 0;
dwError = MAP_LWMSG_ERROR(lwmsg_protocol_new(NULL, &gContext.pProtocol));
BAIL_ON_EVT_ERROR(dwError);
dwError = MAP_LWMSG_ERROR(lwmsg_protocol_add_protocol_spec(gContext.pProtocol, LwEvtIPCGetProtocolSpec()));
BAIL_ON_EVT_ERROR(dwError);
dwError = MAP_LWMSG_ERROR(lwmsg_peer_new(NULL, gContext.pProtocol, &gContext.pClient));
BAIL_ON_EVT_ERROR(dwError);
dwError = MAP_LWMSG_ERROR(lwmsg_peer_add_connect_endpoint(
gContext.pClient,
LWMSG_ENDPOINT_DIRECT,
"eventlog"));
BAIL_ON_EVT_ERROR(dwError);
dwError = MAP_LWMSG_ERROR(lwmsg_peer_add_connect_endpoint(
gContext.pClient,
LWMSG_ENDPOINT_LOCAL,
CACHEDIR "/" EVT_SERVER_FILENAME));
BAIL_ON_EVT_ERROR(dwError);
dwError = MAP_LWMSG_ERROR(lwmsg_peer_connect(gContext.pClient, &gContext.pSession));
BAIL_ON_EVT_ERROR(dwError);
cleanup:
gdwOnceError = dwError;
return;
error:
if (gContext.pClient)
{
lwmsg_peer_delete(gContext.pClient);
gContext.pClient = NULL;
}
if (gContext.pProtocol)
{
lwmsg_protocol_delete(gContext.pProtocol);
gContext.pProtocol = NULL;
}
goto cleanup;
}
LWMsgStatus
LwmEvtSrvConstructSession(
LWMsgSecurityToken* pToken,
void* pData,
void** ppSessionData
)
{
DWORD dwError = 0;
PLWMSG_LW_EVENTLOG_CONNECTION pConn = NULL;
uid_t uid = 0;
gid_t gid = 0;
if (strcmp(lwmsg_security_token_get_type(pToken), "local"))
{
EVT_LOG_WARNING("Unsupported authentication type");
dwError = ERROR_NOT_SUPPORTED;
BAIL_ON_EVT_ERROR(dwError);
}
dwError = LwAllocateMemory(
sizeof(*pConn),
(PVOID*)&pConn);
BAIL_ON_EVT_ERROR(dwError);
dwError = MAP_LWMSG_ERROR(lwmsg_local_token_get_eid(
pToken,
&uid,
&gid));
BAIL_ON_EVT_ERROR(dwError);
pConn->Uid = uid;
pConn->Gid = gid;
*ppSessionData = pConn;
cleanup:
return MAP_LW_ERROR_IPC(dwError);
error:
LW_SAFE_FREE_MEMORY(pConn);
*ppSessionData = NULL;
goto cleanup;
}
static
NTSTATUS
RegSrvIpcRegisterHandle(
LWMsgCall* pCall,
PCSTR pszHandleType,
PVOID pData,
LWMsgHandleCleanupFunction pfnCleanup,
LWMsgHandle** ppHandle
)
{
NTSTATUS status = 0;
LWMsgSession* pSession = lwmsg_call_get_session(pCall);
status = MAP_LWMSG_ERROR(lwmsg_session_register_handle(pSession, pszHandleType, pData, pfnCleanup, ppHandle));
BAIL_ON_NT_STATUS(status);
error:
return status;
}
static
NTSTATUS
RegSrvIpcGetHandleData(
LWMsgCall* pCall,
LWMsgHandle* pHandle,
HKEY* phKey
)
{
LWMsgSession* pSession = lwmsg_call_get_session(pCall);
LWMsgStatus status = lwmsg_session_get_handle_data(pSession, pHandle, OUT_PPVOID(phKey));
if (status == LWMSG_STATUS_INVALID_HANDLE)
{
return STATUS_INVALID_HANDLE;
}
else
{
return MAP_LWMSG_ERROR(status);
}
}
DWORD
RegSrvStopListenThread(
void
)
{
DWORD dwError = 0;
if (gpServer)
{
dwError = MAP_LWMSG_ERROR(lwmsg_server_stop(gpServer));
BAIL_ON_REG_ERROR(dwError);
}
error:
if (gpServer)
{
lwmsg_server_delete(gpServer);
gpServer = NULL;
}
return dwError;
}
WINERROR
NetrSrvUnjoinDomain2(
/* [in] */ handle_t hBinding,
/* [in] */ PWSTR pwszServerName,
/* [in] */ PWSTR pwszAccountName,
/* [in] */ PENC_JOIN_PASSWORD_BUFFER pPassword,
/* [in] */ DWORD dwUnjoinFlags
)
{
const DWORD dwRequiredAccessRights = WKSSVC_ACCESS_JOIN_DOMAIN;
DWORD dwError = ERROR_SUCCESS;
NTSTATUS ntStatus = STATUS_SUCCESS;
WKSS_SRV_CONTEXT SrvCtx = {0};
PSECURITY_DESCRIPTOR_ABSOLUTE pSecDesc = gpWkssSecDesc;
GENERIC_MAPPING GenericMapping = {0};
DWORD dwAccessGranted = 0;
PWSTR pwszPassword = NULL;
size_t sPasswordLen = 0;
PSTR pszUsername = NULL;
PSTR pszPassword = NULL;
LSA_AD_IPC_LEAVE_DOMAIN_REQ Request = {0};
HANDLE hServer = NULL;
LWMsgDataContext *pDataCtx = NULL;
size_t sInputBlobSize = 0;
PVOID pInputBlob = NULL;
DWORD dwOutputBlobSize = 0;
PVOID pOutputBlob = NULL;
dwError = WkssSrvInitAuthInfo(hBinding,
&SrvCtx);
BAIL_ON_LSA_ERROR(dwError);
if (!RtlAccessCheck(pSecDesc,
SrvCtx.pUserToken,
dwRequiredAccessRights,
0,
&GenericMapping,
&dwAccessGranted,
&ntStatus))
{
BAIL_ON_NT_STATUS(ntStatus);
}
dwError = WkssSrvDecryptPasswordBlob(&SrvCtx,
pPassword,
NULL,
0,
&pwszPassword);
BAIL_ON_LSA_ERROR(dwError);
dwError = LwWc16sLen(pwszPassword, &sPasswordLen);
BAIL_ON_LSA_ERROR(dwError);
dwError = LwWc16sToMbs(pwszAccountName, &pszUsername);
BAIL_ON_LSA_ERROR(dwError);
dwError = LwWc16sToMbs(pwszPassword, &pszPassword);
BAIL_ON_LSA_ERROR(dwError);
Request.pszUsername = pszUsername;
Request.pszPassword = pszPassword;
if (dwUnjoinFlags & NETSETUP_ACCT_DELETE)
{
Request.dwFlags |= LSA_NET_LEAVE_DOMAIN_ACCT_DELETE;
}
dwError = MAP_LWMSG_ERROR(lwmsg_data_context_new(NULL, &pDataCtx));
BAIL_ON_LSA_ERROR(dwError);
dwError = MAP_LWMSG_ERROR(lwmsg_data_marshal_flat_alloc(
pDataCtx,
LsaAdIPCGetLeaveDomainReqSpec(),
&Request,
&pInputBlob,
&sInputBlobSize));
BAIL_ON_LSA_ERROR(dwError);
dwError = LsaSrvOpenServer(geteuid(),
getegid(),
getpid(),
&hServer);
BAIL_ON_LSA_ERROR(dwError);
dwError = LsaSrvProviderIoControl(hServer,
LSA_PROVIDER_TAG_AD,
LSA_AD_IO_LEAVEDOMAIN,
sInputBlobSize,
pInputBlob,
&dwOutputBlobSize,
&pOutputBlob);
BAIL_ON_LSA_ERROR(dwError);
cleanup:
if (hServer)
{
LsaSrvCloseServer(hServer);
}
if (pDataCtx)
{
lwmsg_data_context_delete(pDataCtx);
}
WkssSrvFreeAuthInfo(&SrvCtx);
LW_SECURE_FREE_STRING(pszPassword);
LW_SECURE_FREE_WSTRING(pwszPassword);
LW_SECURE_FREE_MEMORY(pInputBlob, sInputBlobSize);
LW_SAFE_FREE_MEMORY(pszUsername);
return (WINERROR)dwError;
error:
goto cleanup;
}
DWORD
LwmEvtReadRecords(
PLW_EVT_CLIENT_CONNECTION_CONTEXT pConn,
IN DWORD MaxResults,
IN PCWSTR pSqlFilter,
OUT PDWORD pCount,
OUT PLW_EVENTLOG_RECORD* ppRecords
)
{
DWORD dwError = 0;
PEVT_IPC_GENERIC_ERROR pError = NULL;
EVT_IPC_READ_RECORDS_REQ req = { 0 };
PEVT_IPC_RECORD_ARRAY pRes = NULL;
LWMsgParams in = LWMSG_PARAMS_INITIALIZER;
LWMsgParams out = LWMSG_PARAMS_INITIALIZER;
LWMsgCall* pCall = NULL;
dwError = LwmEvtAcquireCall(pConn, &pCall);
BAIL_ON_EVT_ERROR(dwError);
req.MaxResults = MaxResults;
req.pFilter = pSqlFilter;
in.tag = EVT_Q_READ_RECORDS;
in.data = &req;
dwError = MAP_LWMSG_ERROR(lwmsg_call_dispatch(pCall, &in, &out, NULL, NULL));
BAIL_ON_EVT_ERROR(dwError);
switch (out.tag)
{
case EVT_R_READ_RECORDS:
pRes = (PEVT_IPC_RECORD_ARRAY)out.data;
*pCount = pRes->Count;
*ppRecords = pRes->pRecords;
pRes->Count = 0;
pRes->pRecords = NULL;
break;
case EVT_R_GENERIC_ERROR:
pError = (PEVT_IPC_GENERIC_ERROR) out.data;
dwError = pError->Error;
BAIL_ON_EVT_ERROR(dwError);
break;
default:
dwError = LW_ERROR_INTERNAL;
BAIL_ON_EVT_ERROR(dwError);
}
cleanup:
if (pCall)
{
lwmsg_call_destroy_params(pCall, &out);
lwmsg_call_release(pCall);
}
return dwError;
error:
*pCount = 0;
*ppRecords = NULL;
goto cleanup;
}
LSASS_API
DWORD
LsaAdEnumGroupsFromCache(
IN HANDLE hLsaConnection,
IN OPTIONAL PCSTR pszDomainName,
IN PSTR* ppszResume,
IN DWORD dwMaxNumGroups,
OUT PDWORD pdwGroupsFound,
OUT PLSA_SECURITY_OBJECT** pppObjects
)
{
DWORD dwError = 0;
PSTR pszTargetProvider = NULL;
DWORD dwOutputBufferSize = 0;
PVOID pOutputBuffer = NULL;
PVOID pBlob = NULL;
size_t BlobSize = 0;
LWMsgContext* context = NULL;
LWMsgDataContext* pDataContext = NULL;
LSA_AD_IPC_ENUM_GROUPS_FROM_CACHE_REQ request;
PLSA_AD_IPC_ENUM_GROUPS_FROM_CACHE_RESP response = NULL;
memset(&request, 0, sizeof(request));
if (geteuid() != 0)
{
dwError = LW_ERROR_ACCESS_DENIED;
BAIL_ON_LSA_ERROR(dwError);
}
if (pszDomainName)
{
dwError = LwAllocateStringPrintf(
&pszTargetProvider,
"%s:%s",
LSA_PROVIDER_TAG_AD,
pszDomainName);
BAIL_ON_LSA_ERROR(dwError);
}
// marshal the request
request.pszResume = *ppszResume;
request.dwMaxNumGroups = dwMaxNumGroups;
dwError = MAP_LWMSG_ERROR(lwmsg_context_new(NULL, &context));
BAIL_ON_LSA_ERROR(dwError);
dwError = MAP_LWMSG_ERROR(lwmsg_data_context_new(context, &pDataContext));
BAIL_ON_LSA_ERROR(dwError);
dwError = MAP_LWMSG_ERROR(lwmsg_data_marshal_flat_alloc(
pDataContext,
LsaAdIPCGetEnumGroupsFromCacheReqSpec(),
&request,
&pBlob,
&BlobSize));
BAIL_ON_LSA_ERROR(dwError);
dwError = LsaProviderIoControl(
hLsaConnection,
pszTargetProvider ? pszTargetProvider : LSA_PROVIDER_TAG_AD,
LSA_AD_IO_ENUMGROUPSCACHE,
BlobSize,
pBlob,
&dwOutputBufferSize,
&pOutputBuffer);
BAIL_ON_LSA_ERROR(dwError);
dwError = MAP_LWMSG_ERROR(lwmsg_data_unmarshal_flat(
pDataContext,
LsaAdIPCGetEnumGroupsFromCacheRespSpec(),
pOutputBuffer,
dwOutputBufferSize,
(PVOID*)&response));
BAIL_ON_LSA_ERROR(dwError);
*pdwGroupsFound = response->dwNumGroups;
*pppObjects = response->ppObjects;
response->ppObjects = NULL;
if ( *ppszResume )
{
LwFreeMemory(*ppszResume);
*ppszResume = NULL;
}
*ppszResume = response->pszResume;
response->pszResume = NULL;
cleanup:
if ( response )
{
lwmsg_data_free_graph(
pDataContext,
LsaAdIPCGetEnumGroupsFromCacheRespSpec(),
response);
}
if (pDataContext)
{
lwmsg_data_context_delete(pDataContext);
}
if ( context )
{
lwmsg_context_delete(context);
}
if ( pBlob )
{
LwFreeMemory(pBlob);
}
if ( pOutputBuffer )
{
LwFreeMemory(pOutputBuffer);
}
LW_SAFE_FREE_STRING(pszTargetProvider);
return dwError;
error:
if ( *ppszResume )
{
LwFreeMemory(*ppszResume);
*ppszResume = NULL;
}
*pdwGroupsFound = 0;
*pppObjects = NULL;
goto cleanup;
}
DWORD
AD_IoctlGetMachineAccount(
IN HANDLE hProvider,
IN DWORD dwInputBufferSize,
IN PVOID pInputBuffer,
OUT DWORD* pdwOutputBufferSize,
OUT PVOID* ppOutputBuffer
)
{
DWORD dwError = 0;
PVOID pOutputBuffer = NULL;
size_t outputBufferSize = 0;
LWMsgContext* pContext = NULL;
LWMsgDataContext* pDataContext = NULL;
PSTR pszDnsDomainName = NULL;
PLSA_MACHINE_ACCOUNT_INFO_A pAccountInfo = NULL;
//
// Everyone can call this, so no access check.
//
//
// Do request
//
dwError = MAP_LWMSG_ERROR(lwmsg_context_new(NULL, &pContext));
BAIL_ON_LSA_ERROR(dwError);
LsaAdIPCSetMemoryFunctions(pContext);
dwError = MAP_LWMSG_ERROR(lwmsg_data_context_new(pContext, &pDataContext));
BAIL_ON_LSA_ERROR(dwError);
dwError = MAP_LWMSG_ERROR(lwmsg_data_unmarshal_flat(
pDataContext,
LsaAdIPCGetStringSpec(),
pInputBuffer,
dwInputBufferSize,
OUT_PPVOID(&pszDnsDomainName)));
BAIL_ON_LSA_ERROR(dwError);
dwError = AD_GetMachineAccountInfoA(pszDnsDomainName, &pAccountInfo);
BAIL_ON_LSA_ERROR(dwError);
dwError = MAP_LWMSG_ERROR(lwmsg_data_marshal_flat_alloc(
pDataContext,
LsaAdIPCGetMachineAccountInfoSpec(),
pAccountInfo,
&pOutputBuffer,
&outputBufferSize));
BAIL_ON_LSA_ERROR(dwError);
error:
if (dwError)
{
if (pOutputBuffer)
{
LwFreeMemory(pOutputBuffer);
}
pOutputBuffer = NULL;
outputBufferSize = 0;
}
LW_SAFE_FREE_STRING(pszDnsDomainName);
if (pAccountInfo)
{
LsaSrvFreeMachineAccountInfoA(pAccountInfo);
}
if (pDataContext)
{
lwmsg_data_context_delete(pDataContext);
}
if (pContext)
{
lwmsg_context_delete(pContext);
}
*pdwOutputBufferSize = (DWORD) outputBufferSize;
*ppOutputBuffer = pOutputBuffer;
return dwError;
}
DWORD
AD_IoctlGetComputerDn(
IN HANDLE hProvider,
IN DWORD dwInputBufferSize,
IN PVOID pInputBuffer,
OUT DWORD* pdwOutputBufferSize,
OUT PVOID* ppOutputBuffer
)
{
DWORD dwError = 0;
PVOID pOutputBuffer = NULL;
size_t outputBufferSize = 0;
PAD_PROVIDER_CONTEXT pProviderContext = (PAD_PROVIDER_CONTEXT)hProvider;
LWMsgContext* pContext = NULL;
LWMsgDataContext* pDataContext = NULL;
PSTR pszDnsDomainName = NULL;
PSTR pszComputerDn = NULL;
//
// Do access check
//
if (pProviderContext->uid)
{
dwError = LW_ERROR_ACCESS_DENIED;
BAIL_ON_LSA_ERROR(dwError);
}
//
// Do request
//
dwError = MAP_LWMSG_ERROR(lwmsg_context_new(NULL, &pContext));
BAIL_ON_LSA_ERROR(dwError);
LsaAdIPCSetMemoryFunctions(pContext);
dwError = MAP_LWMSG_ERROR(lwmsg_data_context_new(pContext, &pDataContext));
BAIL_ON_LSA_ERROR(dwError);
dwError = MAP_LWMSG_ERROR(lwmsg_data_unmarshal_flat(
pDataContext,
LsaAdIPCGetStringSpec(),
pInputBuffer,
dwInputBufferSize,
OUT_PPVOID(&pszDnsDomainName)));
BAIL_ON_LSA_ERROR(dwError);
dwError = AD_GetComputerDn(pszDnsDomainName, &pszComputerDn);
BAIL_ON_LSA_ERROR(dwError);
dwError = MAP_LWMSG_ERROR(lwmsg_data_marshal_flat_alloc(
pDataContext,
LsaAdIPCGetStringSpec(),
pszComputerDn,
&pOutputBuffer,
&outputBufferSize));
BAIL_ON_LSA_ERROR(dwError);
error:
if (dwError)
{
if (pOutputBuffer)
{
LwFreeMemory(pOutputBuffer);
}
pOutputBuffer = NULL;
outputBufferSize = 0;
}
LW_SAFE_FREE_STRING(pszDnsDomainName);
LW_SAFE_FREE_STRING(pszComputerDn);
if (pDataContext)
{
lwmsg_data_context_delete(pDataContext);
}
if (pContext)
{
lwmsg_context_delete(pContext);
}
*pdwOutputBufferSize = (DWORD) outputBufferSize;
*ppOutputBuffer = pOutputBuffer;
return dwError;
}
DWORD
RegSrvStartListenThread(
void
)
{
PSTR pszCachePath = NULL;
PSTR pszCommPath = NULL;
BOOLEAN bDirExists = FALSE;
DWORD dwError = 0;
static LWMsgTime idleTimeout = {30, 0};
dwError = RegSrvGetCachePath(&pszCachePath);
BAIL_ON_REG_ERROR(dwError);
dwError = RegCheckDirectoryExists(pszCachePath, &bDirExists);
BAIL_ON_REG_ERROR(dwError);
if (!bDirExists)
{
// Directory should be RWX for root and accessible to all
// (so they can see the socket.
mode_t mode = S_IRWXU | S_IRGRP| S_IXGRP | S_IROTH | S_IXOTH;
dwError = RegCreateDirectory(pszCachePath, mode);
BAIL_ON_REG_ERROR(dwError);
}
dwError = LwRtlCStringAllocatePrintf(&pszCommPath, "%s/%s",
pszCachePath, REG_SERVER_FILENAME);
BAIL_ON_REG_ERROR(dwError);
dwError = MAP_LWMSG_ERROR(lwmsg_context_new(NULL, &gpContext));
BAIL_ON_REG_ERROR(dwError);
lwmsg_context_set_log_function(gpContext, RegSrvLogIpc, NULL);
/* Set up IPC protocol object */
dwError = MAP_LWMSG_ERROR(lwmsg_protocol_new(gpContext, &gpProtocol));
BAIL_ON_REG_ERROR(dwError);
dwError = MAP_LWMSG_ERROR(lwmsg_protocol_add_protocol_spec(
gpProtocol,
RegIPCGetProtocolSpec()));
BAIL_ON_REG_ERROR(dwError);
/* Set up IPC server object */
dwError = MAP_LWMSG_ERROR(lwmsg_peer_new(gpContext, gpProtocol, &gpServer));
BAIL_ON_REG_ERROR(dwError);
dwError = MAP_LWMSG_ERROR(lwmsg_peer_add_dispatch_spec(
gpServer,
RegSrvGetDispatchSpec()));
BAIL_ON_REG_ERROR(dwError);
dwError = MAP_LWMSG_ERROR(lwmsg_peer_add_listen_endpoint(
gpServer,
LWMSG_ENDPOINT_DIRECT,
"lwreg",
0));
BAIL_ON_REG_ERROR(dwError);
dwError = MAP_LWMSG_ERROR(lwmsg_peer_add_listen_endpoint(
gpServer,
LWMSG_ENDPOINT_LOCAL,
pszCommPath,
0666));
BAIL_ON_REG_ERROR(dwError);
dwError = MAP_LWMSG_ERROR(lwmsg_peer_set_max_listen_clients(
gpServer,
MAX_CLIENTS));
BAIL_ON_REG_ERROR(dwError);
dwError = MAP_LWMSG_ERROR(lwmsg_peer_set_max_listen_backlog(
gpServer,
REG_MAX(5, MAX_CLIENTS / 4)));
BAIL_ON_REG_ERROR(dwError);
dwError = MAP_LWMSG_ERROR(lwmsg_peer_set_timeout(
gpServer,
LWMSG_TIMEOUT_IDLE,
&idleTimeout));
BAIL_ON_REG_ERROR(dwError);
dwError = MAP_LWMSG_ERROR(lwmsg_peer_set_listen_session_functions(
gpServer,
RegSrvIpcConstructSession,
RegSrvIpcDestructSession,
NULL));
BAIL_ON_REG_ERROR(dwError);
dwError = MAP_LWMSG_ERROR(lwmsg_peer_start_listen(gpServer));
error:
LWREG_SAFE_FREE_STRING(pszCachePath);
LWREG_SAFE_FREE_STRING(pszCommPath);
if (dwError)
{
if (gpServer)
{
lwmsg_peer_stop_listen(gpServer);
lwmsg_peer_delete(gpServer);
gpServer = NULL;
}
}
return dwError;
}
DWORD
LWNetSrvStartListenThread(
void
)
{
PSTR pszCachePath = NULL;
PSTR pszCommPath = NULL;
BOOLEAN bDirExists = FALSE;
DWORD dwError = 0;
dwError = LWNetSrvGetCachePath(&pszCachePath);
BAIL_ON_LWNET_ERROR(dwError);
dwError = LwCheckFileTypeExists(
pszCachePath,
LWFILE_DIRECTORY,
&bDirExists);
BAIL_ON_LWNET_ERROR(dwError);
if (!bDirExists)
{
// Directory should be RWX for root and accessible to all
// (so they can see the socket.
mode_t mode = S_IRWXU | S_IRGRP| S_IXGRP | S_IROTH | S_IXOTH;
dwError = LwCreateDirectory(pszCachePath, mode);
BAIL_ON_LWNET_ERROR(dwError);
}
dwError = LwAllocateStringPrintf(&pszCommPath, "%s/%s",
pszCachePath, LWNET_SERVER_FILENAME);
BAIL_ON_LWNET_ERROR(dwError);
dwError = MAP_LWMSG_ERROR(lwmsg_context_new(NULL, &gpContext));
BAIL_ON_LWNET_ERROR(dwError);
lwmsg_context_set_log_function(gpContext, LWNetSrvLogIpc, NULL);
/* Set up IPC protocol object */
dwError = MAP_LWMSG_ERROR(lwmsg_protocol_new(gpContext, &gpProtocol));
BAIL_ON_LWNET_ERROR(dwError);
dwError = MAP_LWMSG_ERROR(lwmsg_protocol_add_protocol_spec(
gpProtocol,
LWNetIPCGetProtocolSpec()));
BAIL_ON_LWNET_ERROR(dwError);
/* Set up IPC server object */
dwError = MAP_LWMSG_ERROR(lwmsg_peer_new(gpContext, gpProtocol, &gpServer));
BAIL_ON_LWNET_ERROR(dwError);
dwError = MAP_LWMSG_ERROR(lwmsg_peer_add_dispatch_spec(
gpServer,
LWNetSrvGetDispatchSpec()));
BAIL_ON_LWNET_ERROR(dwError);
dwError = MAP_LWMSG_ERROR(lwmsg_peer_add_listen_endpoint(
gpServer,
LWMSG_ENDPOINT_DIRECT,
"netlogon",
0));
BAIL_ON_LWNET_ERROR(dwError);
dwError = MAP_LWMSG_ERROR(lwmsg_peer_add_listen_endpoint(
gpServer,
LWMSG_ENDPOINT_LOCAL,
pszCommPath,
0666));
BAIL_ON_LWNET_ERROR(dwError);
dwError = MAP_LWMSG_ERROR(lwmsg_peer_start_listen(gpServer));
error:
LWNET_SAFE_FREE_STRING(pszCachePath);
LWNET_SAFE_FREE_STRING(pszCommPath);
if (dwError)
{
if (gpServer)
{
lwmsg_peer_stop_listen(gpServer);
lwmsg_peer_delete(gpServer);
gpServer = NULL;
}
}
return dwError;
}