DWORD RegLexAppendChar(
PREGLEX_ITEM lexHandle,
CHAR inC)
{
DWORD dwError = 0;
PVOID pNewMemory = NULL;
DWORD newValueSize = 0;
BAIL_ON_INVALID_HANDLE(lexHandle);
if (lexHandle->curToken.valueCursor >= lexHandle->curToken.valueSize)
{
newValueSize = lexHandle->curToken.valueSize * 2;
dwError = RegReallocMemory(
lexHandle->curToken.pszValue,
&pNewMemory,
newValueSize + 1); /* Extra byte for string termination */
BAIL_ON_REG_ERROR(dwError);
lexHandle->curToken.pszValue = pNewMemory;
lexHandle->curToken.valueSize = newValueSize;
}
/* Append current character to string */
lexHandle->curToken.pszValue[lexHandle->curToken.valueCursor] = inC;
lexHandle->curToken.valueCursor++;
lexHandle->curToken.pszValue[lexHandle->curToken.valueCursor] = '\0';
cleanup:
return dwError;
error:
LWREG_SAFE_FREE_MEMORY(pNewMemory);
goto cleanup;
}
DWORD
RegLexGetAttribute(
PREGLEX_ITEM pLexHandle,
PDWORD pValueSize,
PSTR *ppszTokenValue)
{
DWORD dwError = 0;
BAIL_ON_INVALID_HANDLE(pLexHandle);
BAIL_ON_INVALID_HANDLE(pValueSize);
BAIL_ON_INVALID_HANDLE(ppszTokenValue);
*ppszTokenValue = pLexHandle->curToken.pszValue;
*pValueSize = pLexHandle->curToken.valueCursor;
cleanup:
return dwError;
error:
goto cleanup;
}
LSASS_API
DWORD
LsaDeleteGroupByName(
HANDLE hLsaConnection,
PCSTR pszName
)
{
DWORD dwError = 0;
PVOID pGroupInfo = NULL;
DWORD dwGroupInfoLevel = 0;
if (geteuid() != 0)
{
dwError = LW_ERROR_ACCESS_DENIED;
BAIL_ON_LSA_ERROR(dwError);
}
BAIL_ON_INVALID_HANDLE(hLsaConnection);
BAIL_ON_INVALID_STRING(pszName);
dwError = LsaValidateGroupName(pszName);
BAIL_ON_LSA_ERROR(dwError);
dwError = LsaFindGroupByName(
hLsaConnection,
pszName,
0,
dwGroupInfoLevel,
&pGroupInfo);
BAIL_ON_LSA_ERROR(dwError);
dwError = LsaDeleteGroupById(
hLsaConnection,
((PLSA_GROUP_INFO_0)pGroupInfo)->gid);
BAIL_ON_LSA_ERROR(dwError);
cleanup:
if (pGroupInfo) {
LsaFreeGroupInfo(dwGroupInfoLevel, pGroupInfo);
}
return dwError;
error:
goto cleanup;
}
DWORD
RegLexGetLineNumber(
PREGLEX_ITEM pLexHandle,
PDWORD pLineNum)
{
DWORD dwError = 0;
BAIL_ON_INVALID_HANDLE(pLexHandle);
*pLineNum = pLexHandle->curToken.lineNum + 1;
cleanup:
return dwError;
error:
goto cleanup;
}
DWORD
RegLexResetToken(
PREGLEX_ITEM lexHandle)
{
DWORD dwError = 0;
BAIL_ON_INVALID_HANDLE(lexHandle);
lexHandle->state = (REGLEX_STATE)REGLEX_FIRST;
lexHandle->tokenDataType = REGLEX_FIRST;
lexHandle->isToken = FALSE;
LWREG_SAFE_FREE_MEMORY(lexHandle->curToken.pszValue);
memset(&lexHandle->curToken, 0, sizeof(lexHandle->curToken));
lexHandle->prevToken.pszValue = NULL;
cleanup:
return dwError;
error:
goto cleanup;
}
DWORD
RegLexUnGetToken(PREGLEX_ITEM lexHandle)
{
DWORD dwError = 0;
BAIL_ON_INVALID_HANDLE(lexHandle);
if (lexHandle->prevToken.token)
{
if (lexHandle->prevToken.pszValue)
{
LWREG_SAFE_FREE_MEMORY(lexHandle->prevToken.pszValue);
}
}
lexHandle->prevToken = lexHandle->curToken;
cleanup:
return dwError;
error:
goto cleanup;
}
DWORD
LocalDirFindObjectByGenericName(
HANDLE hProvider,
IN LSA_FIND_FLAGS FindFlags,
IN LSA_OBJECT_TYPE ObjectType,
PCSTR pszName,
PLSA_SECURITY_OBJECT* ppObject
)
{
DWORD dwError = 0;
PLSA_SECURITY_OBJECT* ppObjects = NULL;
LSA_QUERY_LIST QueryList;
LSA_QUERY_TYPE QueryType = 0;
PLSA_LOGIN_NAME_INFO pLoginInfo = NULL;
BAIL_ON_INVALID_HANDLE(hProvider);
dwError = LsaSrvCrackDomainQualifiedName(
pszName,
&pLoginInfo);
BAIL_ON_LSA_ERROR(dwError);
switch (pLoginInfo->nameType)
{
case NameType_NT4:
QueryType = LSA_QUERY_TYPE_BY_NT4;
break;
case NameType_UPN:
QueryType = LSA_QUERY_TYPE_BY_UPN;
break;
case NameType_Alias:
QueryType = LSA_QUERY_TYPE_BY_ALIAS;
break;
default:
dwError = LW_ERROR_INTERNAL;
BAIL_ON_LSA_ERROR(dwError);
}
QueryList.ppszStrings = &pszName;
dwError = LocalFindObjects(
hProvider,
FindFlags,
ObjectType,
QueryType,
1,
QueryList,
&ppObjects);
BAIL_ON_LSA_ERROR(dwError);
if (ppObjects[0] == NULL)
{
switch (ObjectType)
{
case LSA_OBJECT_TYPE_USER:
dwError = LW_ERROR_NO_SUCH_USER;
break;
case LSA_OBJECT_TYPE_GROUP:
dwError = LW_ERROR_NO_SUCH_GROUP;
break;
default:
dwError = LW_ERROR_NO_SUCH_OBJECT;
}
BAIL_ON_LSA_ERROR(dwError);
}
*ppObject = ppObjects[0];
ppObjects[0] = NULL;
cleanup:
if (pLoginInfo)
{
LsaSrvFreeNameInfo(pLoginInfo);
}
LsaUtilFreeSecurityObjectList(1, ppObjects);
return dwError;
error:
goto cleanup;
}
DWORD
RegLexGetToken(
HANDLE ioHandle,
PREGLEX_ITEM lexHandle,
PREGLEX_TOKEN pRetToken,
PBOOLEAN pEof)
{
DWORD dwError = 0;
CHAR inC = 0;
BOOLEAN eof = FALSE;
BAIL_ON_INVALID_HANDLE(ioHandle);
BAIL_ON_INVALID_HANDLE(lexHandle);
BAIL_ON_INVALID_HANDLE(pRetToken);
*pRetToken = REGLEX_FIRST;
if (lexHandle->isToken &&
lexHandle->curToken.token != REGLEX_HEXPAIR &&
lexHandle->curToken.token != REGLEX_REG_BINARY)
{
if ( lexHandle->curToken.token == REGLEX_REG_DWORD)
{
lexHandle->state = (REGLEX_STATE)REGLEX_FIRST;
}
lexHandle->isToken = FALSE;
lexHandle->curToken.token = REGLEX_FIRST;
lexHandle->curToken.valueCursor = 0;
}
/* Return pushed back token, if one is present */
if (lexHandle->prevToken.token != REGLEX_FIRST)
{
lexHandle->curToken = lexHandle->prevToken;
lexHandle->prevToken.token = REGLEX_FIRST;
*pRetToken = lexHandle->curToken.token;
return dwError;
}
if (lexHandle->state == REGLEX_STATE_INIT ||
lexHandle->curToken.token == REGLEX_HEXPAIR ||
lexHandle->curToken.token == REGLEX_HEXPAIR_END)
{
lexHandle->curToken.valueCursor = 0;
}
if (!lexHandle->curToken.pszValue)
{ /* Extra byte for string termination */
LWREG_SAFE_FREE_MEMORY(lexHandle->curToken.pszValue);
dwError = RegAllocateMemory(REGLEX_DEFAULT_SZ_LEN + 1,
(LW_PVOID) &lexHandle->curToken.pszValue);
BAIL_ON_REG_ERROR(dwError);
lexHandle->curToken.valueCursor = 0;
lexHandle->curToken.valueSize = REGLEX_DEFAULT_SZ_LEN;
}
do
{
lexHandle->isToken = FALSE;
dwError = RegIOGetChar(ioHandle, &inC, &eof);
if (eof)
{
if (lexHandle->curToken.token != REGLEX_FIRST &&
lexHandle->curToken.valueCursor > 0)
{
lexHandle->isToken = TRUE;
*pRetToken = lexHandle->curToken.token;
}
else
{
if (lexHandle->state == REGLEX_STATE_IN_QUOTE)
{
dwError = LWREG_ERROR_UNEXPECTED_TOKEN;
}
else if (lexHandle->state == REGLEX_STATE_IN_KEY)
{
lexHandle->isToken = TRUE;
lexHandle->curToken.token = REGLEX_REG_KEY;
lexHandle->state = REGLEX_STATE_INIT;
*pRetToken = lexHandle->curToken.token;
*pEof = 0;
break;
}
*pEof = eof;
}
break;
}
dwError = lexHandle->parseFuncArray[REGLEX_CHAR_INDEX(inC)](
lexHandle,
ioHandle,
inC);
BAIL_ON_REG_ERROR(dwError);
if (lexHandle->isToken)
{
*pRetToken = lexHandle->curToken.token;
break;
}
}
while (dwError == ERROR_SUCCESS);
cleanup:
return dwError;
error:
goto cleanup;
}
DWORD
LocalCheckIsAdministrator(
HANDLE hProvider,
PBOOLEAN pbIsAdmin
)
{
DWORD dwError = 0;
PLOCAL_PROVIDER_CONTEXT pContext = (PLOCAL_PROVIDER_CONTEXT)hProvider;
BOOLEAN bIsAdmin = FALSE;
BOOLEAN bInLock = FALSE;
BAIL_ON_INVALID_HANDLE(hProvider);
pthread_mutex_lock(&pContext->mutex);
bInLock = TRUE;
switch (pContext->localAdminState)
{
case LOCAL_ADMIN_STATE_NOT_DETERMINED:
dwError = LocalDirCheckIfAdministrator(
hProvider,
pContext->uid,
&bIsAdmin);
BAIL_ON_LSA_ERROR(dwError);
pContext->localAdminState = (bIsAdmin ? LOCAL_ADMIN_STATE_IS_ADMIN :
LOCAL_ADMIN_STATE_IS_NOT_ADMIN);
break;
case LOCAL_ADMIN_STATE_IS_ADMIN:
bIsAdmin = TRUE;
break;
case LOCAL_ADMIN_STATE_IS_NOT_ADMIN:
bIsAdmin = FALSE;
break;
}
*pbIsAdmin = bIsAdmin;
cleanup:
if (bInLock)
{
pthread_mutex_unlock(&pContext->mutex);
}
return dwError;
error:
*pbIsAdmin = FALSE;
goto cleanup;
}
LSASS_API
DWORD
LsaGetGidsForUserByName(
HANDLE hLsaConnection,
PCSTR pszUserName,
PDWORD pdwGroupFound,
gid_t** ppGidResults
)
{
DWORD dwError = 0;
PVOID pUserInfo = NULL;
DWORD dwUserInfoLevel = 0;
static const DWORD dwGroupInfoLevel = 0;
DWORD dwGroupFound = 0;
gid_t* pGidResult = NULL;
PVOID* ppGroupInfoList = NULL;
DWORD iGroup = 0;
BAIL_ON_INVALID_HANDLE(hLsaConnection);
BAIL_ON_INVALID_STRING(pszUserName);
BAIL_ON_INVALID_POINTER(ppGidResults);
dwError = LsaValidateUserName(pszUserName);
BAIL_ON_LSA_ERROR(dwError);
dwError = LsaFindUserByName(
hLsaConnection,
pszUserName,
dwUserInfoLevel,
&pUserInfo);
BAIL_ON_LSA_ERROR(dwError);
dwError = LsaGetGroupsForUserById(
hLsaConnection,
((PLSA_USER_INFO_0)pUserInfo)->uid,
LSA_FIND_FLAGS_NSS,
dwGroupInfoLevel,
&dwGroupFound,
&ppGroupInfoList);
BAIL_ON_LSA_ERROR(dwError);
dwError = LwAllocateMemory(
sizeof(gid_t) * dwGroupFound,
(PVOID*)&pGidResult);
BAIL_ON_LSA_ERROR(dwError);
for (iGroup = 0; iGroup < dwGroupFound; iGroup++)
{
*(pGidResult+iGroup) = ((PLSA_GROUP_INFO_0)(*(ppGroupInfoList+iGroup)))->gid;
}
*ppGidResults = pGidResult;
*pdwGroupFound = dwGroupFound;
cleanup:
if (pUserInfo) {
LsaFreeUserInfo(dwUserInfoLevel, pUserInfo);
}
if (ppGroupInfoList) {
LsaFreeGroupInfoList(dwGroupInfoLevel, (PVOID*)ppGroupInfoList, dwGroupFound);
}
return dwError;
error:
*ppGidResults = NULL;
*pdwGroupFound = 0;
goto cleanup;
}
LSASS_API
DWORD
LsaFindGroupById(
HANDLE hLsaConnection,
gid_t gid,
LSA_FIND_FLAGS FindFlags,
DWORD dwGroupInfoLevel,
PVOID* ppGroupInfo
)
{
DWORD dwError = 0;
PVOID pGroupInfo = NULL;
LSA_QUERY_LIST QueryList;
LSA_QUERY_ITEM QueryItem;
DWORD dwObjectCount = 1;
PLSA_SECURITY_OBJECT* ppObjects = NULL;
PLSA_SECURITY_OBJECT pGroup = NULL;
DWORD dwGid = (DWORD) gid;
BAIL_ON_INVALID_HANDLE(hLsaConnection);
dwError = LsaValidateGroupInfoLevel(dwGroupInfoLevel);
BAIL_ON_LSA_ERROR(dwError);
BAIL_ON_INVALID_POINTER(ppGroupInfo);
switch (dwGroupInfoLevel)
{
case 1:
/* Fast path */
QueryItem.dwId = dwGid;
dwError = LsaFindGroupAndExpandedMembers(
hLsaConnection,
NULL,
FindFlags,
LSA_QUERY_TYPE_BY_UNIX_ID,
QueryItem,
&pGroup,
&dwObjectCount,
&ppObjects);
BAIL_ON_LSA_ERROR(dwError);
dwError = LsaMarshalGroupInfo1(
hLsaConnection,
FindFlags,
pGroup,
dwObjectCount,
ppObjects,
dwGroupInfoLevel,
&pGroupInfo);
BAIL_ON_LSA_ERROR(dwError);
break;
default:
QueryList.pdwIds = &dwGid;
dwError = LsaFindObjects(
hLsaConnection,
NULL,
FindFlags,
LSA_OBJECT_TYPE_GROUP,
LSA_QUERY_TYPE_BY_UNIX_ID,
1,
QueryList,
&ppObjects);
BAIL_ON_LSA_ERROR(dwError);
if (ppObjects[0] == NULL)
{
dwError = LW_ERROR_NO_SUCH_GROUP;
BAIL_ON_LSA_ERROR(dwError);
}
dwError = LsaMarshalGroupInfo(
hLsaConnection,
FindFlags,
ppObjects[0],
dwGroupInfoLevel,
&pGroupInfo);
BAIL_ON_LSA_ERROR(dwError);
}
error:
if (ppGroupInfo)
{
*ppGroupInfo = pGroupInfo;
}
if (pGroup)
{
LsaFreeSecurityObject(pGroup);
}
if (ppObjects)
{
LsaFreeSecurityObjectList(dwObjectCount, ppObjects);
}
return dwError;
}
