static DWORD ProcessGetAccountSystemAccessRights( IN PRPC_PARAMETERS pRpcParams, IN PSTR pszAccountName ) { DWORD err = ERROR_SUCCESS; NTSTATUS ntStatus = STATUS_SUCCESS; LSA_BINDING hLsa = NULL; LW_PIO_CREDS pCreds = NULL; PSID pAccountSid = NULL; WCHAR wszSysName[] = {'\\', '\\', '\0'}; DWORD policyAccessMask = LSA_ACCESS_LOOKUP_NAMES_SIDS | LSA_ACCESS_CREATE_PRIVILEGE | LSA_ACCESS_CREATE_SPECIAL_ACCOUNTS; POLICY_HANDLE hPolicy = NULL; DWORD accountAccessMask = LSA_ACCOUNT_VIEW; LSAR_ACCOUNT_HANDLE hAccount = NULL; DWORD systemAccess = 0; err = CreateRpcCredentials(pRpcParams, &pCreds); BAIL_ON_LSA_ERROR(err); err = CreateLsaRpcBinding(pRpcParams, pCreds, &hLsa); BAIL_ON_LSA_ERROR(err); err = ResolveAccountNameToSid( hLsa, pszAccountName, &pAccountSid); BAIL_ON_LSA_ERROR(err); ntStatus = LsaOpenPolicy2(hLsa, wszSysName, NULL, policyAccessMask, &hPolicy); BAIL_ON_NT_STATUS(ntStatus); ntStatus = LsaOpenAccount(hLsa, hPolicy, pAccountSid, accountAccessMask, &hAccount); BAIL_ON_NT_STATUS(ntStatus); ntStatus = LsaGetSystemAccessAccount( hLsa, hAccount, &systemAccess); BAIL_ON_NT_STATUS(ntStatus); fprintf(stdout, "Account: %s:\n" "==================================================================" "==============\n", pszAccountName); fprintf(stdout, "System Access Rights 0x%08x\n", systemAccess); error: if (ntStatus || err) { PCSTR errName = LwNtStatusToName(ntStatus); PCSTR errDescription = LwNtStatusToDescription(ntStatus); if (ntStatus) { errName = LwNtStatusToName(ntStatus); errDescription = LwNtStatusToDescription(ntStatus); } else { errName = LwWin32ErrorToName(err); errDescription = LwWin32ErrorToDescription(err); } fprintf(stderr, "Error: %s (%s)\n", LSA_SAFE_LOG_STRING(errName), LSA_SAFE_LOG_STRING(errDescription)); } if (hAccount) { LsaClose(hLsa, hAccount); } if (hPolicy) { LsaClose(hLsa, hPolicy); } if (hLsa) { LsaFreeBinding(&hLsa); } if (pCreds) { LwIoDeleteCreds(pCreds); } RTL_FREE(&pAccountSid); if (err == ERROR_SUCCESS && ntStatus != STATUS_SUCCESS) { err = LwNtStatusToWin32Error(ntStatus); } return err; }
static VOID InstallPrivileges(VOID) { HINF hSecurityInf = INVALID_HANDLE_VALUE; LSA_OBJECT_ATTRIBUTES ObjectAttributes; WCHAR szPrivilegeString[256]; WCHAR szSidString[256]; INFCONTEXT InfContext; DWORD i; PRIVILEGE_SET PrivilegeSet; PSID AccountSid; NTSTATUS Status; LSA_HANDLE PolicyHandle = NULL; LSA_HANDLE AccountHandle; DPRINT("InstallPrivileges()\n"); hSecurityInf = SetupOpenInfFileW(L"defltws.inf", //szNameBuffer, NULL, INF_STYLE_WIN4, NULL); if (hSecurityInf == INVALID_HANDLE_VALUE) { DPRINT1("SetupOpenInfFileW failed\n"); return; } memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES)); Status = LsaOpenPolicy(NULL, &ObjectAttributes, POLICY_CREATE_ACCOUNT, &PolicyHandle); if (!NT_SUCCESS(Status)) { DPRINT1("LsaOpenPolicy failed (Status %08lx)\n", Status); goto done; } if (!SetupFindFirstLineW(hSecurityInf, L"Privilege Rights", NULL, &InfContext)) { DPRINT1("SetupFindfirstLineW failed\n"); goto done; } PrivilegeSet.PrivilegeCount = 1; PrivilegeSet.Control = 0; do { /* Retrieve the privilege name */ if (!SetupGetStringFieldW(&InfContext, 0, szPrivilegeString, 256, NULL)) { DPRINT1("SetupGetStringFieldW() failed\n"); goto done; } DPRINT("Privilege: %S\n", szPrivilegeString); if (!LookupPrivilegeValueW(NULL, szPrivilegeString, &(PrivilegeSet.Privilege[0].Luid))) { DPRINT1("LookupPrivilegeNameW() failed\n"); goto done; } PrivilegeSet.Privilege[0].Attributes = 0; for (i = 0; i < SetupGetFieldCount(&InfContext); i++) { if (!SetupGetStringFieldW(&InfContext, i + 1, szSidString, 256, NULL)) { DPRINT1("SetupGetStringFieldW() failed\n"); goto done; } DPRINT("SID: %S\n", szSidString); ConvertStringSidToSid(szSidString, &AccountSid); Status = LsaOpenAccount(PolicyHandle, AccountSid, ACCOUNT_VIEW | ACCOUNT_ADJUST_PRIVILEGES, &AccountHandle); if (NT_SUCCESS(Status)) { Status = LsaAddPrivilegesToAccount(AccountHandle, &PrivilegeSet); if (!NT_SUCCESS(Status)) { DPRINT1("LsaAddPrivilegesToAccount() failed (Status %08lx)\n", Status); } LsaClose(AccountHandle); } LocalFree(AccountSid); } } while (SetupFindNextLine(&InfContext, &InfContext)); done: if (PolicyHandle != NULL) LsaClose(PolicyHandle); if (hSecurityInf != INVALID_HANDLE_VALUE) SetupCloseInfFile(hSecurityInf); }
static DWORD ProcessDeleteAccount( IN PRPC_PARAMETERS pRpcParams, IN PSTR AccountName ) { DWORD err = ERROR_SUCCESS; NTSTATUS ntStatus = STATUS_SUCCESS; LSA_BINDING hLsa = NULL; LW_PIO_CREDS pCreds = NULL; WCHAR wszSysName[] = {'\\', '\\', '\0'}; DWORD policyAccessMask = LSA_ACCESS_LOOKUP_NAMES_SIDS | LSA_ACCESS_VIEW_POLICY_INFO; DWORD accountAccessMask = DELETE; POLICY_HANDLE hPolicy = NULL; LSAR_ACCOUNT_HANDLE hAccount = NULL; PSID pAccountSid = NULL; err = CreateRpcCredentials(pRpcParams, &pCreds); BAIL_ON_LSA_ERROR(err); err = CreateLsaRpcBinding(pRpcParams, pCreds, &hLsa); BAIL_ON_LSA_ERROR(err); ntStatus = LsaOpenPolicy2(hLsa, wszSysName, NULL, policyAccessMask, &hPolicy); BAIL_ON_NT_STATUS(ntStatus); err = ResolveAccountNameToSid( hLsa, AccountName, &pAccountSid); BAIL_ON_LSA_ERROR(err); ntStatus = LsaOpenAccount( hLsa, hPolicy, pAccountSid, accountAccessMask, &hAccount); BAIL_ON_NT_STATUS(ntStatus); ntStatus = LsaRpcDeleteObject( hLsa, hAccount); BAIL_ON_NT_STATUS(ntStatus); error: if (ntStatus || err) { PCSTR errName = LwNtStatusToName(ntStatus); PCSTR errDescription = LwNtStatusToDescription(ntStatus); if (ntStatus) { errName = LwNtStatusToName(ntStatus); errDescription = LwNtStatusToDescription(ntStatus); } else { errName = LwWin32ErrorToName(err); errDescription = LwWin32ErrorToDescription(err); } fprintf(stderr, "Error: %s (%s)\n", LSA_SAFE_LOG_STRING(errName), LSA_SAFE_LOG_STRING(errDescription)); } if (hPolicy) { LsaClose(hLsa, hPolicy); } if (hLsa) { LsaFreeBinding(&hLsa); } if (pCreds) { LwIoDeleteCreds(pCreds); } if (err == ERROR_SUCCESS && ntStatus != STATUS_SUCCESS) { err = LwNtStatusToWin32Error(ntStatus); } return err; }