DWORD
GetMachinePassword(
OUT OPTIONAL PWSTR* ppwszDnsDomainName,
OUT OPTIONAL PWSTR* ppwszMachineSamAccountName,
OUT OPTIONAL PWSTR* ppwszMachinePassword,
OUT OPTIONAL PWSTR* ppwszComputerName
)
{
DWORD dwError = 0;
PWSTR pwszDnsDomainName = NULL;
PWSTR pwszMachineSamAccountName = NULL;
PWSTR pwszMachinePassword = NULL;
PWSTR pwszComputerName = NULL;
HANDLE hLsaConnection = NULL;
PLSA_MACHINE_PASSWORD_INFO_A pPasswordInfo = NULL;
dwError = LsaOpenServer(&hLsaConnection);
BAIL_ON_WIN_ERROR(dwError);
dwError = LsaAdGetMachinePasswordInfo(hLsaConnection,
NULL,
&pPasswordInfo);
BAIL_ON_WIN_ERROR(dwError);
if (ppwszDnsDomainName)
{
dwError = LwMbsToWc16s(pPasswordInfo->Account.DnsDomainName,
&pwszDnsDomainName);
BAIL_ON_WIN_ERROR(dwError);
}
if (ppwszMachineSamAccountName)
{
dwError = LwMbsToWc16s(pPasswordInfo->Account.SamAccountName,
&pwszMachineSamAccountName);
BAIL_ON_WIN_ERROR(dwError);
}
if (ppwszMachinePassword)
{
dwError = LwMbsToWc16s(pPasswordInfo->Password,
&pwszMachinePassword);
BAIL_ON_WIN_ERROR(dwError);
}
if (ppwszComputerName)
{
dwError = LwMbsToWc16s(pPasswordInfo->Account.SamAccountName,
&pwszComputerName);
BAIL_ON_WIN_ERROR(dwError);
// Remove $ from account name
pwszComputerName[wc16slen(pwszComputerName) - 1] = 0;
}
error:
if (dwError)
{
LW_SAFE_FREE_MEMORY(pwszDnsDomainName);
LW_SAFE_FREE_MEMORY(pwszMachineSamAccountName);
LW_SECURE_FREE_WSTRING(pwszMachinePassword);
LW_SAFE_FREE_MEMORY(pwszComputerName);
}
if (hLsaConnection)
{
LsaCloseServer(hLsaConnection);
}
if (pPasswordInfo)
{
LsaAdFreeMachinePasswordInfo(pPasswordInfo);
}
if (ppwszDnsDomainName)
{
*ppwszDnsDomainName = pwszDnsDomainName;
}
if (ppwszMachineSamAccountName)
{
*ppwszMachineSamAccountName = pwszMachineSamAccountName;
}
if (ppwszMachinePassword)
{
*ppwszMachinePassword = pwszMachinePassword;
}
if (ppwszComputerName)
{
*ppwszComputerName = pwszComputerName;
}
return dwError;
}
DWORD
SynchronizePassword(
PCSTR pSmbdPath
)
{
DWORD error = 0;
PSTR pSecretsPath = NULL;
LW_HANDLE hLsa = NULL;
PLSA_MACHINE_PASSWORD_INFO_A pPasswordInfo = NULL;
PLSA_PSTORE_PLUGIN_DISPATCH pDispatch = NULL;
PLSA_PSTORE_PLUGIN_CONTEXT pContext = NULL;
HANDLE hReg = NULL;
error = LwRegOpenServer(&hReg);
BAIL_ON_LSA_ERROR(error);
error = GetSecretsPath(
pSmbdPath,
&pSecretsPath);
BAIL_ON_LSA_ERROR(error);
error = RegUtilAddKey(
hReg,
LSA_PSTORE_REG_ROOT_KEY_PATH,
NULL,
LSA_PSTORE_REG_ROOT_KEY_RELATIVE_PATH_PLUGINS "\\" PLUGIN_NAME);
BAIL_ON_LSA_ERROR(error);
error = RegUtilSetValue(
hReg,
LSA_PSTORE_REG_ROOT_KEY_PATH,
NULL,
LSA_PSTORE_REG_ROOT_KEY_RELATIVE_PATH_PLUGINS "\\" PLUGIN_NAME,
"SecretsPath",
REG_SZ,
pSecretsPath,
strlen(pSecretsPath));
BAIL_ON_LSA_ERROR(error);
error = RegUtilSetValue(
hReg,
HKEY_THIS_MACHINE,
NULL,
LSA_PSTORE_REG_ROOT_KEY_RELATIVE_PATH_PLUGINS "\\" PLUGIN_NAME,
"Path",
REG_SZ,
PLUGIN_PATH,
strlen(PLUGIN_PATH));
BAIL_ON_LSA_ERROR(error);
error = AddSambaLoadPath(hReg);
BAIL_ON_LSA_ERROR(error);
error = LsaOpenServer(
&hLsa);
if (error)
{
LW_RTL_LOG_ERROR("Unable to contact lsassd");
}
BAIL_ON_LSA_ERROR(error);
error = LsaAdGetMachinePasswordInfo(
hLsa,
NULL,
&pPasswordInfo);
if (error == NERR_SetupNotJoined)
{
LW_RTL_LOG_ERROR("Unable to write machine password in secrets.tdb because PowerBroker Identity Services is not joined. The password will be written to secrets.tdb on the next successful join attempt");
error = 0;
}
else
{
BAIL_ON_LSA_ERROR(error);
error = LsaPstorePluginInitializeContext(
LSA_PSTORE_PLUGIN_VERSION,
PLUGIN_NAME,
&pDispatch,
&pContext);
BAIL_ON_LSA_ERROR(error);
error = pDispatch->SetPasswordInfoA(
pContext,
pPasswordInfo);
BAIL_ON_LSA_ERROR(error);
}
cleanup:
LW_SAFE_FREE_STRING(pSecretsPath);
if (hLsa != NULL)
{
LsaCloseServer(hLsa);
}
if (hReg != NULL)
{
LwRegCloseServer(hReg);
}
if (pPasswordInfo != NULL)
{
LsaAdFreeMachinePasswordInfo(pPasswordInfo);
}
if (pContext)
{
pDispatch->Cleanup(pContext);
}
return error;
}
