static
DWORD
ProcessGetAccountSystemAccessRights(
IN PRPC_PARAMETERS pRpcParams,
IN PSTR pszAccountName
)
{
DWORD err = ERROR_SUCCESS;
NTSTATUS ntStatus = STATUS_SUCCESS;
LSA_BINDING hLsa = NULL;
LW_PIO_CREDS pCreds = NULL;
PSID pAccountSid = NULL;
WCHAR wszSysName[] = {'\\', '\\', '\0'};
DWORD policyAccessMask = LSA_ACCESS_LOOKUP_NAMES_SIDS |
LSA_ACCESS_CREATE_PRIVILEGE |
LSA_ACCESS_CREATE_SPECIAL_ACCOUNTS;
POLICY_HANDLE hPolicy = NULL;
DWORD accountAccessMask = LSA_ACCOUNT_VIEW;
LSAR_ACCOUNT_HANDLE hAccount = NULL;
DWORD systemAccess = 0;
err = CreateRpcCredentials(pRpcParams,
&pCreds);
BAIL_ON_LSA_ERROR(err);
err = CreateLsaRpcBinding(pRpcParams,
pCreds,
&hLsa);
BAIL_ON_LSA_ERROR(err);
err = ResolveAccountNameToSid(
hLsa,
pszAccountName,
&pAccountSid);
BAIL_ON_LSA_ERROR(err);
ntStatus = LsaOpenPolicy2(hLsa,
wszSysName,
NULL,
policyAccessMask,
&hPolicy);
BAIL_ON_NT_STATUS(ntStatus);
ntStatus = LsaOpenAccount(hLsa,
hPolicy,
pAccountSid,
accountAccessMask,
&hAccount);
BAIL_ON_NT_STATUS(ntStatus);
ntStatus = LsaGetSystemAccessAccount(
hLsa,
hAccount,
&systemAccess);
BAIL_ON_NT_STATUS(ntStatus);
fprintf(stdout,
"Account: %s:\n"
"=================================================================="
"==============\n", pszAccountName);
fprintf(stdout, "System Access Rights 0x%08x\n", systemAccess);
error:
if (ntStatus || err)
{
PCSTR errName = LwNtStatusToName(ntStatus);
PCSTR errDescription = LwNtStatusToDescription(ntStatus);
if (ntStatus)
{
errName = LwNtStatusToName(ntStatus);
errDescription = LwNtStatusToDescription(ntStatus);
}
else
{
errName = LwWin32ErrorToName(err);
errDescription = LwWin32ErrorToDescription(err);
}
fprintf(stderr, "Error: %s (%s)\n",
LSA_SAFE_LOG_STRING(errName),
LSA_SAFE_LOG_STRING(errDescription));
}
if (hAccount)
{
LsaClose(hLsa, hAccount);
}
if (hPolicy)
{
LsaClose(hLsa, hPolicy);
}
if (hLsa)
{
LsaFreeBinding(&hLsa);
}
if (pCreds)
{
LwIoDeleteCreds(pCreds);
}
RTL_FREE(&pAccountSid);
if (err == ERROR_SUCCESS &&
ntStatus != STATUS_SUCCESS)
{
err = LwNtStatusToWin32Error(ntStatus);
}
return err;
}
static
DWORD
ProcessAddRemoveAccountRights(
IN PRPC_PARAMETERS pRpcParams,
IN BOOLEAN Add,
IN PSTR AccountRights,
IN BOOLEAN RemoveAll,
IN PSTR AccountName
)
{
DWORD err = ERROR_SUCCESS;
NTSTATUS ntStatus = STATUS_SUCCESS;
LSA_BINDING hLsa = NULL;
LW_PIO_CREDS pCreds = NULL;
WCHAR wszSysName[] = {'\\', '\\', '\0'};
DWORD policyAccessMask = LSA_ACCESS_LOOKUP_NAMES_SIDS |
LSA_ACCESS_CREATE_SPECIAL_ACCOUNTS;
POLICY_HANDLE hPolicy = NULL;
PSID pAccountSid = NULL;
PSTR *ppszAccountRightNames = NULL;
DWORD numAccountRightNames = 0;
PWSTR *ppwszAccountRightNames = NULL;
DWORD i = 0;
err = CreateRpcCredentials(pRpcParams,
&pCreds);
BAIL_ON_LSA_ERROR(err);
err = CreateLsaRpcBinding(pRpcParams,
pCreds,
&hLsa);
BAIL_ON_LSA_ERROR(err);
ntStatus = LsaOpenPolicy2(hLsa,
wszSysName,
NULL,
policyAccessMask,
&hPolicy);
BAIL_ON_NT_STATUS(ntStatus);
err = ResolveAccountNameToSid(
hLsa,
AccountName,
&pAccountSid);
BAIL_ON_LSA_ERROR(err);
if (AccountRights)
{
err = GetStringListFromString(
AccountRights,
SEPARATOR_CHAR,
&ppszAccountRightNames,
&numAccountRightNames);
BAIL_ON_LSA_ERROR(err);
err = LwAllocateMemory(
sizeof(ppwszAccountRightNames[0]) * numAccountRightNames,
OUT_PPVOID(&ppwszAccountRightNames));
BAIL_ON_LSA_ERROR(err);
for (i = 0; i < numAccountRightNames; i++)
{
err = LwMbsToWc16s(ppszAccountRightNames[i],
&ppwszAccountRightNames[i]);
BAIL_ON_LSA_ERROR(err);
}
}
if (Add)
{
ntStatus = LsaAddAccountRights(
hLsa,
hPolicy,
pAccountSid,
ppwszAccountRightNames,
numAccountRightNames);
BAIL_ON_NT_STATUS(ntStatus);
fprintf(stdout, "Successfully added account rights to %s\n", AccountName);
}
else
{
ntStatus = LsaRemoveAccountRights(
hLsa,
hPolicy,
pAccountSid,
RemoveAll,
ppwszAccountRightNames,
numAccountRightNames);
BAIL_ON_NT_STATUS(ntStatus);
fprintf(stdout, "Successfully removed account rights from %s\n", AccountName);
}
error:
if (ntStatus || err)
{
PCSTR errName = LwNtStatusToName(ntStatus);
PCSTR errDescription = LwNtStatusToDescription(ntStatus);
if (ntStatus)
{
errName = LwNtStatusToName(ntStatus);
errDescription = LwNtStatusToDescription(ntStatus);
}
else
{
errName = LwWin32ErrorToName(err);
errDescription = LwWin32ErrorToDescription(err);
}
fprintf(stderr, "Error: %s (%s)\n",
LSA_SAFE_LOG_STRING(errName),
LSA_SAFE_LOG_STRING(errDescription));
}
if (hPolicy)
{
LsaClose(hLsa, hPolicy);
}
if (hLsa)
{
LsaFreeBinding(&hLsa);
}
if (pCreds)
{
LwIoDeleteCreds(pCreds);
}
for (i = 0; i < numAccountRightNames; i++)
{
LW_SAFE_FREE_MEMORY(ppwszAccountRightNames[i]);
LW_SAFE_FREE_MEMORY(ppszAccountRightNames[i]);
}
LW_SAFE_FREE_MEMORY(ppwszAccountRightNames);
LW_SAFE_FREE_MEMORY(ppszAccountRightNames);
if (err == ERROR_SUCCESS &&
ntStatus != STATUS_SUCCESS)
{
err = LwNtStatusToWin32Error(ntStatus);
}
return err;
}
static
DWORD
ProcessDeleteAccount(
IN PRPC_PARAMETERS pRpcParams,
IN PSTR AccountName
)
{
DWORD err = ERROR_SUCCESS;
NTSTATUS ntStatus = STATUS_SUCCESS;
LSA_BINDING hLsa = NULL;
LW_PIO_CREDS pCreds = NULL;
WCHAR wszSysName[] = {'\\', '\\', '\0'};
DWORD policyAccessMask = LSA_ACCESS_LOOKUP_NAMES_SIDS |
LSA_ACCESS_VIEW_POLICY_INFO;
DWORD accountAccessMask = DELETE;
POLICY_HANDLE hPolicy = NULL;
LSAR_ACCOUNT_HANDLE hAccount = NULL;
PSID pAccountSid = NULL;
err = CreateRpcCredentials(pRpcParams,
&pCreds);
BAIL_ON_LSA_ERROR(err);
err = CreateLsaRpcBinding(pRpcParams,
pCreds,
&hLsa);
BAIL_ON_LSA_ERROR(err);
ntStatus = LsaOpenPolicy2(hLsa,
wszSysName,
NULL,
policyAccessMask,
&hPolicy);
BAIL_ON_NT_STATUS(ntStatus);
err = ResolveAccountNameToSid(
hLsa,
AccountName,
&pAccountSid);
BAIL_ON_LSA_ERROR(err);
ntStatus = LsaOpenAccount(
hLsa,
hPolicy,
pAccountSid,
accountAccessMask,
&hAccount);
BAIL_ON_NT_STATUS(ntStatus);
ntStatus = LsaRpcDeleteObject(
hLsa,
hAccount);
BAIL_ON_NT_STATUS(ntStatus);
error:
if (ntStatus || err)
{
PCSTR errName = LwNtStatusToName(ntStatus);
PCSTR errDescription = LwNtStatusToDescription(ntStatus);
if (ntStatus)
{
errName = LwNtStatusToName(ntStatus);
errDescription = LwNtStatusToDescription(ntStatus);
}
else
{
errName = LwWin32ErrorToName(err);
errDescription = LwWin32ErrorToDescription(err);
}
fprintf(stderr, "Error: %s (%s)\n",
LSA_SAFE_LOG_STRING(errName),
LSA_SAFE_LOG_STRING(errDescription));
}
if (hPolicy)
{
LsaClose(hLsa, hPolicy);
}
if (hLsa)
{
LsaFreeBinding(&hLsa);
}
if (pCreds)
{
LwIoDeleteCreds(pCreds);
}
if (err == ERROR_SUCCESS &&
ntStatus != STATUS_SUCCESS)
{
err = LwNtStatusToWin32Error(ntStatus);
}
return err;
}
static
DWORD
ProcessEnumerateAccountUserRights(
IN PRPC_PARAMETERS pRpcParams,
IN PSTR AccountName
)
{
DWORD err = ERROR_SUCCESS;
NTSTATUS ntStatus = STATUS_SUCCESS;
LSA_BINDING hLsa = NULL;
LW_PIO_CREDS pCreds = NULL;
WCHAR wszSysName[] = {'\\', '\\', '\0'};
DWORD policyAccessMask = LSA_ACCESS_LOOKUP_NAMES_SIDS |
LSA_ACCESS_VIEW_POLICY_INFO;
POLICY_HANDLE hPolicy = NULL;
PSID pAccountSid = NULL;
PSTR pszSid = NULL;
PWSTR *pAccountRights = NULL;
DWORD numAccountRights = 0;
DWORD i = 0;
PSTR pszAccountRight = NULL;
err = CreateRpcCredentials(pRpcParams,
&pCreds);
BAIL_ON_LSA_ERROR(err);
err = CreateLsaRpcBinding(pRpcParams,
pCreds,
&hLsa);
BAIL_ON_LSA_ERROR(err);
ntStatus = LsaOpenPolicy2(hLsa,
wszSysName,
NULL,
policyAccessMask,
&hPolicy);
BAIL_ON_NT_STATUS(ntStatus);
err = ResolveAccountNameToSid(
hLsa,
AccountName,
&pAccountSid);
BAIL_ON_LSA_ERROR(err);
ntStatus = RtlAllocateCStringFromSid(
&pszSid,
pAccountSid);
BAIL_ON_NT_STATUS(ntStatus);
fprintf(stdout, "%s Account Rights\n:"
"=================================================="
"==============================\n", AccountName);
ntStatus = LsaEnumAccountRights(
hLsa,
hPolicy,
pAccountSid,
&pAccountRights,
&numAccountRights);
BAIL_ON_NT_STATUS(ntStatus);
for (i = 0; i < numAccountRights; i++)
{
err = LwWc16sToMbs(pAccountRights[i],
&pszAccountRight);
BAIL_ON_LSA_ERROR(err);
fprintf(stdout, "%s\n", pszAccountRight);
LW_SAFE_FREE_MEMORY(pszAccountRight);
}
error:
if (ntStatus || err)
{
PCSTR errName = LwNtStatusToName(ntStatus);
PCSTR errDescription = LwNtStatusToDescription(ntStatus);
if (ntStatus)
{
errName = LwNtStatusToName(ntStatus);
errDescription = LwNtStatusToDescription(ntStatus);
}
else
{
errName = LwWin32ErrorToName(err);
errDescription = LwWin32ErrorToDescription(err);
}
fprintf(stderr, "Error: %s (%s)\n",
LSA_SAFE_LOG_STRING(errName),
LSA_SAFE_LOG_STRING(errDescription));
}
if (hPolicy)
{
LsaClose(hLsa, hPolicy);
}
if (hLsa)
{
LsaFreeBinding(&hLsa);
}
if (pCreds)
{
LwIoDeleteCreds(pCreds);
}
if (pAccountRights)
{
LsaRpcFreeMemory(pAccountRights);
}
LW_SAFE_FREE_MEMORY(pszAccountRight);
if (err == ERROR_SUCCESS &&
ntStatus != STATUS_SUCCESS)
{
err = LwNtStatusToWin32Error(ntStatus);
}
return err;
}
