DWORD
LsaGetCurrentDirectoryPath(
PSTR* ppszPath
)
{
DWORD dwError = 0;
CHAR szBuf[PATH_MAX+1];
PSTR pszPath = NULL;
if (getcwd(szBuf, PATH_MAX) == NULL) {
dwError = LwMapErrnoToLwError(errno);
BAIL_ON_LSA_ERROR(dwError);
}
dwError = LwAllocateString(szBuf, &pszPath);
BAIL_ON_LSA_ERROR(dwError);
*ppszPath = pszPath;
return dwError;
error:
if (pszPath) {
LwFreeString(pszPath);
}
return dwError;
}
VOID
LwTaskFreeCreds(
PLW_TASK_CREDS pCreds /* IN OUT */
)
{
if (pCreds->pKrb5Creds != NULL)
{
LwIoDeleteCreds(pCreds->pKrb5Creds);
}
if (pCreds->pszRestoreCache)
{
LwKrb5SetDefaultCachePath(pCreds->pszRestoreCache, NULL);
LwFreeString(pCreds->pszRestoreCache);
}
if (pCreds->ctx != NULL)
{
if (pCreds->cc != NULL)
{
krb5_cc_destroy(pCreds->ctx, pCreds->cc);
}
krb5_free_context(pCreds->ctx);
}
LwFreeMemory(pCreds);
}
void
LwFreeNullTerminatedStringArray(
PSTR * ppStringArray
)
{
PSTR* ppTmp = ppStringArray;
while (ppTmp && *ppTmp) {
LwFreeString(*ppTmp);
ppTmp++;
}
LwFreeMemory(ppStringArray);
}
static
int
FreeDomainControllerEx(
IN void *p
)
{
struct wbcDomainControllerInfoEx *pController =
(struct wbcDomainControllerInfoEx *)p;
if (!pController)
{
return 0;
}
if (pController->dc_unc)
{
LwFreeString((char *) pController->dc_unc);
}
if (pController->dc_address)
{
LwFreeString((char *) pController->dc_address);
}
LW_SAFE_FREE_MEMORY(pController->domain_guid);
if (pController->domain_name)
{
LwFreeString((char *) pController->domain_name);
}
if (pController->forest_name)
{
LwFreeString((char *) pController->forest_name);
}
if (pController->dc_site_name)
{
LwFreeString((char *) pController->dc_site_name);
}
if (pController->client_site_name)
{
LwFreeString((char *) pController->client_site_name);
}
return 0;
}
VOID
UpFreeString(PSTR pszStr)
{
LwFreeString(pszStr);
}
VOID
FreeUserAttributes(
PGPUSER_AD_ATTRS pUserADAttrs
)
{
if (pUserADAttrs)
{
if (pUserADAttrs->pszDisplayName)
LwFreeString(pUserADAttrs->pszDisplayName);
if (pUserADAttrs->pszFirstName)
LwFreeString(pUserADAttrs->pszFirstName);
if (pUserADAttrs->pszLastName)
LwFreeString(pUserADAttrs->pszLastName);
if (pUserADAttrs->pszADDomain)
LwFreeString(pUserADAttrs->pszADDomain);
if (pUserADAttrs->pszKerberosPrincipal)
LwFreeString(pUserADAttrs->pszKerberosPrincipal);
if (pUserADAttrs->pszEMailAddress)
LwFreeString(pUserADAttrs->pszEMailAddress);
if (pUserADAttrs->pszMSExchHomeServerName)
LwFreeString(pUserADAttrs->pszMSExchHomeServerName);
if (pUserADAttrs->pszMSExchHomeMDB)
LwFreeString(pUserADAttrs->pszMSExchHomeMDB);
if (pUserADAttrs->pszTelephoneNumber)
LwFreeString(pUserADAttrs->pszTelephoneNumber);
if (pUserADAttrs->pszFaxTelephoneNumber)
LwFreeString(pUserADAttrs->pszFaxTelephoneNumber);
if (pUserADAttrs->pszMobileTelephoneNumber)
LwFreeString(pUserADAttrs->pszMobileTelephoneNumber);
if (pUserADAttrs->pszStreetAddress)
LwFreeString(pUserADAttrs->pszStreetAddress);
if (pUserADAttrs->pszPostOfficeBox)
LwFreeString(pUserADAttrs->pszPostOfficeBox);
if (pUserADAttrs->pszCity)
LwFreeString(pUserADAttrs->pszCity);
if (pUserADAttrs->pszState)
LwFreeString(pUserADAttrs->pszState);
if (pUserADAttrs->pszPostalCode)
LwFreeString(pUserADAttrs->pszPostalCode);
if (pUserADAttrs->pszCountry)
LwFreeString(pUserADAttrs->pszCountry);
if (pUserADAttrs->pszTitle)
LwFreeString(pUserADAttrs->pszTitle);
if (pUserADAttrs->pszCompany)
LwFreeString(pUserADAttrs->pszCompany);
if (pUserADAttrs->pszDepartment)
LwFreeString(pUserADAttrs->pszDepartment);
if (pUserADAttrs->pszHomeDirectory)
LwFreeString(pUserADAttrs->pszHomeDirectory);
if (pUserADAttrs->pszHomeDrive)
LwFreeString(pUserADAttrs->pszHomeDrive);
if (pUserADAttrs->pszPasswordLastSet)
LwFreeString(pUserADAttrs->pszPasswordLastSet);
if (pUserADAttrs->pszUserAccountControl)
LwFreeString(pUserADAttrs->pszUserAccountControl);
if (pUserADAttrs->pszMaxMinutesUntilChangePassword)
LwFreeString(pUserADAttrs->pszMaxMinutesUntilChangePassword);
if (pUserADAttrs->pszMinMinutesUntilChangePassword)
LwFreeString(pUserADAttrs->pszMinMinutesUntilChangePassword);
if (pUserADAttrs->pszMaxFailedLoginAttempts)
LwFreeString(pUserADAttrs->pszMaxFailedLoginAttempts);
if (pUserADAttrs->pszAllowedPasswordHistory)
LwFreeString(pUserADAttrs->pszAllowedPasswordHistory);
if (pUserADAttrs->pszMinCharsAllowedInPassword)
LwFreeString(pUserADAttrs->pszMinCharsAllowedInPassword);
LwFreeMemory(pUserADAttrs);
}
}
DWORD
GetUserAttributes(
HANDLE hDirectory,
PSTR pszUserSID,
PSTR pszDomainName,
PGPUSER_AD_ATTRS * ppUserADAttrs
)
{
DWORD dwError = MAC_AD_ERROR_SUCCESS;
PSTR pszDirectoryRoot = NULL;
PSTR szAttributeList[] = {"*", NULL};
CHAR szQuery[1024];
LDAPMessage *pUserMessage = NULL;
LDAPMessage *pDomainMessage = NULL;
long lCount = 0;
PGPUSER_AD_ATTRS pUserADAttrs = NULL;
dwError = ADUConvertDomainToDN(pszDomainName, &pszDirectoryRoot);
BAIL_ON_MAC_ERROR(dwError);
sprintf(szQuery, "(objectsid=%s)", pszUserSID);
dwError = LwLdapDirectorySearch(
hDirectory,
pszDirectoryRoot,
LDAP_SCOPE_SUBTREE,
szQuery,
szAttributeList,
&pUserMessage);
BAIL_ON_MAC_ERROR(dwError);
dwError = LwLdapCountEntries(
hDirectory,
pUserMessage,
&lCount
);
BAIL_ON_MAC_ERROR(dwError);
if (lCount < 0) {
dwError = MAC_AD_ERROR_INVALID_NAME;
} else if (lCount == 0) {
dwError = MAC_AD_ERROR_INVALID_NAME;
} else if (lCount > 1) {
dwError = MAC_AD_ERROR_INVALID_NAME;
}
BAIL_ON_MAC_ERROR(dwError);
dwError = LwLdapDirectorySearch(
hDirectory,
pszDirectoryRoot,
LDAP_SCOPE_BASE,
"(objectClass=*)",
szAttributeList,
&pDomainMessage);
BAIL_ON_MAC_ERROR(dwError);
dwError = LwLdapCountEntries(
hDirectory,
pDomainMessage,
&lCount
);
BAIL_ON_MAC_ERROR(dwError);
if (lCount < 0) {
dwError = MAC_AD_ERROR_INVALID_NAME;
} else if (lCount == 0) {
dwError = MAC_AD_ERROR_INVALID_NAME;
} else if (lCount > 1) {
dwError = MAC_AD_ERROR_INVALID_NAME;
}
BAIL_ON_MAC_ERROR(dwError);
dwError = LwAllocateMemory(sizeof(GPUSER_AD_ATTRS), (PVOID *) &pUserADAttrs);
BAIL_ON_MAC_ERROR(dwError);
dwError = LwAllocateString(pszDomainName, &pUserADAttrs->pszADDomain);
BAIL_ON_MAC_ERROR(dwError);
dwError = LwLdapGetString(hDirectory,
pUserMessage,
"displayName",
&pUserADAttrs->pszDisplayName);
if (dwError == LW_ERROR_INVALID_LDAP_ATTR_VALUE)
{
dwError = MAC_AD_ERROR_SUCCESS;
}
BAIL_ON_MAC_ERROR(dwError);
dwError = LwLdapGetString(hDirectory,
pUserMessage,
"givenName",
&pUserADAttrs->pszFirstName);
if (dwError == LW_ERROR_INVALID_LDAP_ATTR_VALUE)
{
dwError = MAC_AD_ERROR_SUCCESS;
}
BAIL_ON_MAC_ERROR(dwError);
dwError = LwLdapGetString(hDirectory,
pUserMessage,
"sn",
&pUserADAttrs->pszLastName);
if (dwError == LW_ERROR_INVALID_LDAP_ATTR_VALUE)
{
dwError = MAC_AD_ERROR_SUCCESS;
}
BAIL_ON_MAC_ERROR(dwError);
dwError = LwLdapGetString(hDirectory,
pUserMessage,
"userPrincipalName",
&pUserADAttrs->pszKerberosPrincipal);
if (dwError == LW_ERROR_INVALID_LDAP_ATTR_VALUE)
{
dwError = MAC_AD_ERROR_SUCCESS;
}
BAIL_ON_MAC_ERROR(dwError);
dwError = LwLdapGetString(hDirectory,
pUserMessage,
"mail",
&pUserADAttrs->pszEMailAddress);
if (dwError == LW_ERROR_INVALID_LDAP_ATTR_VALUE)
{
dwError = MAC_AD_ERROR_SUCCESS;
}
BAIL_ON_MAC_ERROR(dwError);
dwError = LwLdapGetString(hDirectory,
pUserMessage,
"msExchHomeServerName",
&pUserADAttrs->pszMSExchHomeServerName);
if (dwError == LW_ERROR_INVALID_LDAP_ATTR_VALUE)
{
dwError = MAC_AD_ERROR_SUCCESS;
}
BAIL_ON_MAC_ERROR(dwError);
dwError = LwLdapGetString(hDirectory,
pUserMessage,
"homeMDB",
&pUserADAttrs->pszMSExchHomeMDB);
if (dwError == LW_ERROR_INVALID_LDAP_ATTR_VALUE)
{
dwError = MAC_AD_ERROR_SUCCESS;
}
BAIL_ON_MAC_ERROR(dwError);
dwError = LwLdapGetString(hDirectory,
pUserMessage,
"telephoneNumber",
&pUserADAttrs->pszTelephoneNumber);
if (dwError == LW_ERROR_INVALID_LDAP_ATTR_VALUE)
{
dwError = MAC_AD_ERROR_SUCCESS;
}
BAIL_ON_MAC_ERROR(dwError);
dwError = LwLdapGetString(hDirectory,
pUserMessage,
"facsimileTelephoneNumber",
&pUserADAttrs->pszFaxTelephoneNumber);
if (dwError == LW_ERROR_INVALID_LDAP_ATTR_VALUE)
{
dwError = MAC_AD_ERROR_SUCCESS;
}
BAIL_ON_MAC_ERROR(dwError);
dwError = LwLdapGetString(hDirectory,
pUserMessage,
"mobile",
&pUserADAttrs->pszMobileTelephoneNumber);
if (dwError == LW_ERROR_INVALID_LDAP_ATTR_VALUE)
{
dwError = MAC_AD_ERROR_SUCCESS;
}
BAIL_ON_MAC_ERROR(dwError);
dwError = LwLdapGetString(hDirectory,
pUserMessage,
"streetAddress",
&pUserADAttrs->pszStreetAddress);
if (dwError == LW_ERROR_INVALID_LDAP_ATTR_VALUE)
{
dwError = MAC_AD_ERROR_SUCCESS;
}
BAIL_ON_MAC_ERROR(dwError);
dwError = LwLdapGetString(hDirectory,
pUserMessage,
"postOfficeBox",
&pUserADAttrs->pszPostOfficeBox);
if (dwError == LW_ERROR_INVALID_LDAP_ATTR_VALUE)
{
dwError = MAC_AD_ERROR_SUCCESS;
}
BAIL_ON_MAC_ERROR(dwError);
dwError = LwLdapGetString(hDirectory,
pUserMessage,
"l",
&pUserADAttrs->pszCity);
if (dwError == LW_ERROR_INVALID_LDAP_ATTR_VALUE)
{
dwError = MAC_AD_ERROR_SUCCESS;
}
BAIL_ON_MAC_ERROR(dwError);
dwError = LwLdapGetString(hDirectory,
pUserMessage,
"st",
&pUserADAttrs->pszState);
if (dwError == LW_ERROR_INVALID_LDAP_ATTR_VALUE)
{
dwError = MAC_AD_ERROR_SUCCESS;
}
BAIL_ON_MAC_ERROR(dwError);
dwError = LwLdapGetString(hDirectory,
pUserMessage,
"postalCode",
&pUserADAttrs->pszPostalCode);
if (dwError == LW_ERROR_INVALID_LDAP_ATTR_VALUE)
{
dwError = MAC_AD_ERROR_SUCCESS;
}
BAIL_ON_MAC_ERROR(dwError);
dwError = LwLdapGetString(hDirectory,
pUserMessage,
"co",
&pUserADAttrs->pszCountry);
if (dwError == LW_ERROR_INVALID_LDAP_ATTR_VALUE)
{
dwError = MAC_AD_ERROR_SUCCESS;
}
BAIL_ON_MAC_ERROR(dwError);
dwError = LwLdapGetString(hDirectory,
pUserMessage,
"title",
&pUserADAttrs->pszTitle);
if (dwError == LW_ERROR_INVALID_LDAP_ATTR_VALUE)
{
dwError = MAC_AD_ERROR_SUCCESS;
}
BAIL_ON_MAC_ERROR(dwError);
dwError = LwLdapGetString(hDirectory,
pUserMessage,
"company",
&pUserADAttrs->pszCompany);
if (dwError == LW_ERROR_INVALID_LDAP_ATTR_VALUE)
{
dwError = MAC_AD_ERROR_SUCCESS;
}
BAIL_ON_MAC_ERROR(dwError);
dwError = LwLdapGetString(hDirectory,
pUserMessage,
"department",
&pUserADAttrs->pszDepartment);
if (dwError == LW_ERROR_INVALID_LDAP_ATTR_VALUE)
{
dwError = MAC_AD_ERROR_SUCCESS;
}
BAIL_ON_MAC_ERROR(dwError);
dwError = LwLdapGetString(hDirectory,
pUserMessage,
"homeDirectory",
&pUserADAttrs->pszHomeDirectory);
if (dwError == LW_ERROR_INVALID_LDAP_ATTR_VALUE)
{
dwError = MAC_AD_ERROR_SUCCESS;
}
BAIL_ON_MAC_ERROR(dwError);
dwError = LwLdapGetString(hDirectory,
pUserMessage,
"homeDrive",
&pUserADAttrs->pszHomeDrive);
if (dwError == LW_ERROR_INVALID_LDAP_ATTR_VALUE)
{
dwError = MAC_AD_ERROR_SUCCESS;
}
BAIL_ON_MAC_ERROR(dwError);
dwError = LwLdapGetString(hDirectory,
pUserMessage,
"pwdLastSet",
&pUserADAttrs->pszPasswordLastSet);
if (dwError == LW_ERROR_INVALID_LDAP_ATTR_VALUE)
{
dwError = MAC_AD_ERROR_SUCCESS;
}
BAIL_ON_MAC_ERROR(dwError);
dwError = LwLdapGetString(hDirectory,
pUserMessage,
"userAccountControl",
&pUserADAttrs->pszUserAccountControl);
if (dwError == LW_ERROR_INVALID_LDAP_ATTR_VALUE)
{
dwError = MAC_AD_ERROR_SUCCESS;
}
BAIL_ON_MAC_ERROR(dwError);
/* The settings below are found on the domain container for the user */
dwError = LwLdapGetString(hDirectory,
pDomainMessage,
"maxPwdAge",
&pUserADAttrs->pszMaxMinutesUntilChangePassword);
if (dwError == LW_ERROR_INVALID_LDAP_ATTR_VALUE)
{
dwError = MAC_AD_ERROR_SUCCESS;
}
BAIL_ON_MAC_ERROR(dwError);
dwError = LwLdapGetString(hDirectory,
pDomainMessage,
"minPwdAge",
&pUserADAttrs->pszMinMinutesUntilChangePassword);
if (dwError == LW_ERROR_INVALID_LDAP_ATTR_VALUE)
{
dwError = MAC_AD_ERROR_SUCCESS;
}
BAIL_ON_MAC_ERROR(dwError);
dwError = LwLdapGetString(hDirectory,
pDomainMessage,
"lockoutThreshhold",
&pUserADAttrs->pszMaxFailedLoginAttempts);
if (dwError == LW_ERROR_INVALID_LDAP_ATTR_VALUE)
{
dwError = MAC_AD_ERROR_SUCCESS;
}
BAIL_ON_MAC_ERROR(dwError);
dwError = LwLdapGetString(hDirectory,
pDomainMessage,
"pwdHistoryLength",
&pUserADAttrs->pszAllowedPasswordHistory);
if (dwError == LW_ERROR_INVALID_LDAP_ATTR_VALUE)
{
dwError = MAC_AD_ERROR_SUCCESS;
}
BAIL_ON_MAC_ERROR(dwError);
dwError = LwLdapGetString(hDirectory,
pDomainMessage,
"minPwdLength",
&pUserADAttrs->pszMinCharsAllowedInPassword);
if (dwError == LW_ERROR_INVALID_LDAP_ATTR_VALUE)
{
dwError = MAC_AD_ERROR_SUCCESS;
}
BAIL_ON_MAC_ERROR(dwError);
*ppUserADAttrs = pUserADAttrs;
pUserADAttrs = NULL;
error:
FreeUserAttributes(pUserADAttrs);
if (pszDirectoryRoot) {
LwFreeString(pszDirectoryRoot);
}
if (pUserMessage) {
ldap_msgfree(pUserMessage);
}
if (pDomainMessage) {
ldap_msgfree(pDomainMessage);
}
return dwError;
}
DWORD
ADUKrb5GetUserCachePathAndSID(
PCSTR pszUserUPN,
PSTR* ppszCachePath,
PSTR* ppszHomeDirPath,
PSTR* ppszSID,
uid_t* pUid
)
{
DWORD dwError = 0;
char szPath[PATH_MAX];
PSTR pszCachePath = NULL;
PSTR pszHomeDirPath = NULL;
PSTR pszSID = NULL;
HANDLE hLsaConnection = (HANDLE) NULL;
PLSA_USER_INFO_0 pUserInfo_0 = NULL;
dwError = LsaOpenServer(&hLsaConnection);
BAIL_ON_MAC_ERROR(dwError);
dwError = LsaFindUserByName(hLsaConnection, pszUserUPN, 0, (PVOID*) &pUserInfo_0);
BAIL_ON_MAC_ERROR(dwError);
memset(szPath, 0, sizeof(szPath));
sprintf(szPath, "FILE:/tmp/krb5cc_%ld",(long)pUserInfo_0->uid);
dwError = LwAllocateString(szPath, &pszCachePath);
BAIL_ON_MAC_ERROR(dwError);
dwError = LwAllocateString(pUserInfo_0->pszSid, &pszSID);
BAIL_ON_MAC_ERROR(dwError);
dwError = LwAllocateString(pUserInfo_0->pszHomedir, &pszHomeDirPath);
BAIL_ON_MAC_ERROR(dwError);
if (ppszCachePath)
{
*ppszCachePath = pszCachePath;
pszCachePath = NULL;
}
if (ppszSID)
{
*ppszSID = pszSID;
pszSID = NULL;
}
if (ppszHomeDirPath)
{
*ppszHomeDirPath = pszHomeDirPath;
pszHomeDirPath = NULL;
}
if (pUid)
{
*pUid = pUserInfo_0->uid;
}
cleanup:
if (pszCachePath)
LwFreeString(pszCachePath);
if (pszSID)
LwFreeString(pszSID);
if (pszHomeDirPath)
LwFreeString(pszHomeDirPath);
if (pUserInfo_0)
LsaFreeUserInfo(0, pUserInfo_0);
if (hLsaConnection != (HANDLE)NULL)
LsaCloseServer(hLsaConnection);
return dwError;
error:
if (ppszCachePath)
*ppszCachePath = NULL;
if (ppszSID)
*ppszSID = NULL;
if (ppszHomeDirPath)
*ppszHomeDirPath = NULL;
if (pUid)
*pUid = -1;
goto cleanup;
}
