DWORD GetMachinePassword( OUT OPTIONAL PWSTR* ppwszDnsDomainName, OUT OPTIONAL PWSTR* ppwszMachineSamAccountName, OUT OPTIONAL PWSTR* ppwszMachinePassword, OUT OPTIONAL PWSTR* ppwszComputerName ) { DWORD dwError = 0; PWSTR pwszDnsDomainName = NULL; PWSTR pwszMachineSamAccountName = NULL; PWSTR pwszMachinePassword = NULL; PWSTR pwszComputerName = NULL; HANDLE hLsaConnection = NULL; PLSA_MACHINE_PASSWORD_INFO_A pPasswordInfo = NULL; dwError = LsaOpenServer(&hLsaConnection); BAIL_ON_WIN_ERROR(dwError); dwError = LsaAdGetMachinePasswordInfo(hLsaConnection, NULL, &pPasswordInfo); BAIL_ON_WIN_ERROR(dwError); if (ppwszDnsDomainName) { dwError = LwMbsToWc16s(pPasswordInfo->Account.DnsDomainName, &pwszDnsDomainName); BAIL_ON_WIN_ERROR(dwError); } if (ppwszMachineSamAccountName) { dwError = LwMbsToWc16s(pPasswordInfo->Account.SamAccountName, &pwszMachineSamAccountName); BAIL_ON_WIN_ERROR(dwError); } if (ppwszMachinePassword) { dwError = LwMbsToWc16s(pPasswordInfo->Password, &pwszMachinePassword); BAIL_ON_WIN_ERROR(dwError); } if (ppwszComputerName) { dwError = LwMbsToWc16s(pPasswordInfo->Account.SamAccountName, &pwszComputerName); BAIL_ON_WIN_ERROR(dwError); // Remove $ from account name pwszComputerName[wc16slen(pwszComputerName) - 1] = 0; } error: if (dwError) { LW_SAFE_FREE_MEMORY(pwszDnsDomainName); LW_SAFE_FREE_MEMORY(pwszMachineSamAccountName); LW_SECURE_FREE_WSTRING(pwszMachinePassword); LW_SAFE_FREE_MEMORY(pwszComputerName); } if (hLsaConnection) { LsaCloseServer(hLsaConnection); } if (pPasswordInfo) { LsaAdFreeMachinePasswordInfo(pPasswordInfo); } if (ppwszDnsDomainName) { *ppwszDnsDomainName = pwszDnsDomainName; } if (ppwszMachineSamAccountName) { *ppwszMachineSamAccountName = pwszMachineSamAccountName; } if (ppwszMachinePassword) { *ppwszMachinePassword = pwszMachinePassword; } if (ppwszComputerName) { *ppwszComputerName = pwszComputerName; } return dwError; }
DWORD SynchronizePassword( PCSTR pSmbdPath ) { DWORD error = 0; PSTR pSecretsPath = NULL; LW_HANDLE hLsa = NULL; PLSA_MACHINE_PASSWORD_INFO_A pPasswordInfo = NULL; PLSA_PSTORE_PLUGIN_DISPATCH pDispatch = NULL; PLSA_PSTORE_PLUGIN_CONTEXT pContext = NULL; HANDLE hReg = NULL; error = LwRegOpenServer(&hReg); BAIL_ON_LSA_ERROR(error); error = GetSecretsPath( pSmbdPath, &pSecretsPath); BAIL_ON_LSA_ERROR(error); error = RegUtilAddKey( hReg, LSA_PSTORE_REG_ROOT_KEY_PATH, NULL, LSA_PSTORE_REG_ROOT_KEY_RELATIVE_PATH_PLUGINS "\\" PLUGIN_NAME); BAIL_ON_LSA_ERROR(error); error = RegUtilSetValue( hReg, LSA_PSTORE_REG_ROOT_KEY_PATH, NULL, LSA_PSTORE_REG_ROOT_KEY_RELATIVE_PATH_PLUGINS "\\" PLUGIN_NAME, "SecretsPath", REG_SZ, pSecretsPath, strlen(pSecretsPath)); BAIL_ON_LSA_ERROR(error); error = RegUtilSetValue( hReg, HKEY_THIS_MACHINE, NULL, LSA_PSTORE_REG_ROOT_KEY_RELATIVE_PATH_PLUGINS "\\" PLUGIN_NAME, "Path", REG_SZ, PLUGIN_PATH, strlen(PLUGIN_PATH)); BAIL_ON_LSA_ERROR(error); error = AddSambaLoadPath(hReg); BAIL_ON_LSA_ERROR(error); error = LsaOpenServer( &hLsa); if (error) { LW_RTL_LOG_ERROR("Unable to contact lsassd"); } BAIL_ON_LSA_ERROR(error); error = LsaAdGetMachinePasswordInfo( hLsa, NULL, &pPasswordInfo); if (error == NERR_SetupNotJoined) { LW_RTL_LOG_ERROR("Unable to write machine password in secrets.tdb because PowerBroker Identity Services is not joined. The password will be written to secrets.tdb on the next successful join attempt"); error = 0; } else { BAIL_ON_LSA_ERROR(error); error = LsaPstorePluginInitializeContext( LSA_PSTORE_PLUGIN_VERSION, PLUGIN_NAME, &pDispatch, &pContext); BAIL_ON_LSA_ERROR(error); error = pDispatch->SetPasswordInfoA( pContext, pPasswordInfo); BAIL_ON_LSA_ERROR(error); } cleanup: LW_SAFE_FREE_STRING(pSecretsPath); if (hLsa != NULL) { LsaCloseServer(hLsa); } if (hReg != NULL) { LwRegCloseServer(hReg); } if (pPasswordInfo != NULL) { LsaAdFreeMachinePasswordInfo(pPasswordInfo); } if (pContext) { pDispatch->Cleanup(pContext); } return error; }