VOID
FreeRpcBinding(
PVOID *phBinding,
RPC_BINDING_TYPE eBindingType
)
{
unsigned32 rpcStatus = RPC_S_OK;
PVOID hBinding = NULL;
if (phBinding) return;
hBinding = *phBinding;
switch (eBindingType)
{
case RPC_LSA_BINDING:
LsaFreeBinding(hBinding);
break;
case RPC_SAMR_BINDING:
SamrFreeBinding(hBinding);
break;
case RPC_NETLOGON_BINDING:
NetrFreeBinding(hBinding);
break;
case RPC_DSSETUP_BINDING:
DsrFreeBinding(hBinding);
break;
case RPC_WKSSVC_BINDING:
WkssFreeBinding(hBinding);
break;
default:
if (phBinding && *phBinding)
{
rpc_binding_free((handle_t*)phBinding, &rpcStatus);
}
break;
}
*phBinding = NULL;
}
static
DWORD
ProcessGetAccountSystemAccessRights(
IN PRPC_PARAMETERS pRpcParams,
IN PSTR pszAccountName
)
{
DWORD err = ERROR_SUCCESS;
NTSTATUS ntStatus = STATUS_SUCCESS;
LSA_BINDING hLsa = NULL;
LW_PIO_CREDS pCreds = NULL;
PSID pAccountSid = NULL;
WCHAR wszSysName[] = {'\\', '\\', '\0'};
DWORD policyAccessMask = LSA_ACCESS_LOOKUP_NAMES_SIDS |
LSA_ACCESS_CREATE_PRIVILEGE |
LSA_ACCESS_CREATE_SPECIAL_ACCOUNTS;
POLICY_HANDLE hPolicy = NULL;
DWORD accountAccessMask = LSA_ACCOUNT_VIEW;
LSAR_ACCOUNT_HANDLE hAccount = NULL;
DWORD systemAccess = 0;
err = CreateRpcCredentials(pRpcParams,
&pCreds);
BAIL_ON_LSA_ERROR(err);
err = CreateLsaRpcBinding(pRpcParams,
pCreds,
&hLsa);
BAIL_ON_LSA_ERROR(err);
err = ResolveAccountNameToSid(
hLsa,
pszAccountName,
&pAccountSid);
BAIL_ON_LSA_ERROR(err);
ntStatus = LsaOpenPolicy2(hLsa,
wszSysName,
NULL,
policyAccessMask,
&hPolicy);
BAIL_ON_NT_STATUS(ntStatus);
ntStatus = LsaOpenAccount(hLsa,
hPolicy,
pAccountSid,
accountAccessMask,
&hAccount);
BAIL_ON_NT_STATUS(ntStatus);
ntStatus = LsaGetSystemAccessAccount(
hLsa,
hAccount,
&systemAccess);
BAIL_ON_NT_STATUS(ntStatus);
fprintf(stdout,
"Account: %s:\n"
"=================================================================="
"==============\n", pszAccountName);
fprintf(stdout, "System Access Rights 0x%08x\n", systemAccess);
error:
if (ntStatus || err)
{
PCSTR errName = LwNtStatusToName(ntStatus);
PCSTR errDescription = LwNtStatusToDescription(ntStatus);
if (ntStatus)
{
errName = LwNtStatusToName(ntStatus);
errDescription = LwNtStatusToDescription(ntStatus);
}
else
{
errName = LwWin32ErrorToName(err);
errDescription = LwWin32ErrorToDescription(err);
}
fprintf(stderr, "Error: %s (%s)\n",
LSA_SAFE_LOG_STRING(errName),
LSA_SAFE_LOG_STRING(errDescription));
}
if (hAccount)
{
LsaClose(hLsa, hAccount);
}
if (hPolicy)
{
LsaClose(hLsa, hPolicy);
}
if (hLsa)
{
LsaFreeBinding(&hLsa);
}
if (pCreds)
{
LwIoDeleteCreds(pCreds);
}
RTL_FREE(&pAccountSid);
if (err == ERROR_SUCCESS &&
ntStatus != STATUS_SUCCESS)
{
err = LwNtStatusToWin32Error(ntStatus);
}
return err;
}
static
DWORD
ProcessDeleteAccount(
IN PRPC_PARAMETERS pRpcParams,
IN PSTR AccountName
)
{
DWORD err = ERROR_SUCCESS;
NTSTATUS ntStatus = STATUS_SUCCESS;
LSA_BINDING hLsa = NULL;
LW_PIO_CREDS pCreds = NULL;
WCHAR wszSysName[] = {'\\', '\\', '\0'};
DWORD policyAccessMask = LSA_ACCESS_LOOKUP_NAMES_SIDS |
LSA_ACCESS_VIEW_POLICY_INFO;
DWORD accountAccessMask = DELETE;
POLICY_HANDLE hPolicy = NULL;
LSAR_ACCOUNT_HANDLE hAccount = NULL;
PSID pAccountSid = NULL;
err = CreateRpcCredentials(pRpcParams,
&pCreds);
BAIL_ON_LSA_ERROR(err);
err = CreateLsaRpcBinding(pRpcParams,
pCreds,
&hLsa);
BAIL_ON_LSA_ERROR(err);
ntStatus = LsaOpenPolicy2(hLsa,
wszSysName,
NULL,
policyAccessMask,
&hPolicy);
BAIL_ON_NT_STATUS(ntStatus);
err = ResolveAccountNameToSid(
hLsa,
AccountName,
&pAccountSid);
BAIL_ON_LSA_ERROR(err);
ntStatus = LsaOpenAccount(
hLsa,
hPolicy,
pAccountSid,
accountAccessMask,
&hAccount);
BAIL_ON_NT_STATUS(ntStatus);
ntStatus = LsaRpcDeleteObject(
hLsa,
hAccount);
BAIL_ON_NT_STATUS(ntStatus);
error:
if (ntStatus || err)
{
PCSTR errName = LwNtStatusToName(ntStatus);
PCSTR errDescription = LwNtStatusToDescription(ntStatus);
if (ntStatus)
{
errName = LwNtStatusToName(ntStatus);
errDescription = LwNtStatusToDescription(ntStatus);
}
else
{
errName = LwWin32ErrorToName(err);
errDescription = LwWin32ErrorToDescription(err);
}
fprintf(stderr, "Error: %s (%s)\n",
LSA_SAFE_LOG_STRING(errName),
LSA_SAFE_LOG_STRING(errDescription));
}
if (hPolicy)
{
LsaClose(hLsa, hPolicy);
}
if (hLsa)
{
LsaFreeBinding(&hLsa);
}
if (pCreds)
{
LwIoDeleteCreds(pCreds);
}
if (err == ERROR_SUCCESS &&
ntStatus != STATUS_SUCCESS)
{
err = LwNtStatusToWin32Error(ntStatus);
}
return err;
}
static
DWORD
ProcessAddRemoveAccountRights(
IN PRPC_PARAMETERS pRpcParams,
IN BOOLEAN Add,
IN PSTR AccountRights,
IN BOOLEAN RemoveAll,
IN PSTR AccountName
)
{
DWORD err = ERROR_SUCCESS;
NTSTATUS ntStatus = STATUS_SUCCESS;
LSA_BINDING hLsa = NULL;
LW_PIO_CREDS pCreds = NULL;
WCHAR wszSysName[] = {'\\', '\\', '\0'};
DWORD policyAccessMask = LSA_ACCESS_LOOKUP_NAMES_SIDS |
LSA_ACCESS_CREATE_SPECIAL_ACCOUNTS;
POLICY_HANDLE hPolicy = NULL;
PSID pAccountSid = NULL;
PSTR *ppszAccountRightNames = NULL;
DWORD numAccountRightNames = 0;
PWSTR *ppwszAccountRightNames = NULL;
DWORD i = 0;
err = CreateRpcCredentials(pRpcParams,
&pCreds);
BAIL_ON_LSA_ERROR(err);
err = CreateLsaRpcBinding(pRpcParams,
pCreds,
&hLsa);
BAIL_ON_LSA_ERROR(err);
ntStatus = LsaOpenPolicy2(hLsa,
wszSysName,
NULL,
policyAccessMask,
&hPolicy);
BAIL_ON_NT_STATUS(ntStatus);
err = ResolveAccountNameToSid(
hLsa,
AccountName,
&pAccountSid);
BAIL_ON_LSA_ERROR(err);
if (AccountRights)
{
err = GetStringListFromString(
AccountRights,
SEPARATOR_CHAR,
&ppszAccountRightNames,
&numAccountRightNames);
BAIL_ON_LSA_ERROR(err);
err = LwAllocateMemory(
sizeof(ppwszAccountRightNames[0]) * numAccountRightNames,
OUT_PPVOID(&ppwszAccountRightNames));
BAIL_ON_LSA_ERROR(err);
for (i = 0; i < numAccountRightNames; i++)
{
err = LwMbsToWc16s(ppszAccountRightNames[i],
&ppwszAccountRightNames[i]);
BAIL_ON_LSA_ERROR(err);
}
}
if (Add)
{
ntStatus = LsaAddAccountRights(
hLsa,
hPolicy,
pAccountSid,
ppwszAccountRightNames,
numAccountRightNames);
BAIL_ON_NT_STATUS(ntStatus);
fprintf(stdout, "Successfully added account rights to %s\n", AccountName);
}
else
{
ntStatus = LsaRemoveAccountRights(
hLsa,
hPolicy,
pAccountSid,
RemoveAll,
ppwszAccountRightNames,
numAccountRightNames);
BAIL_ON_NT_STATUS(ntStatus);
fprintf(stdout, "Successfully removed account rights from %s\n", AccountName);
}
error:
if (ntStatus || err)
{
PCSTR errName = LwNtStatusToName(ntStatus);
PCSTR errDescription = LwNtStatusToDescription(ntStatus);
if (ntStatus)
{
errName = LwNtStatusToName(ntStatus);
errDescription = LwNtStatusToDescription(ntStatus);
}
else
{
errName = LwWin32ErrorToName(err);
errDescription = LwWin32ErrorToDescription(err);
}
fprintf(stderr, "Error: %s (%s)\n",
LSA_SAFE_LOG_STRING(errName),
LSA_SAFE_LOG_STRING(errDescription));
}
if (hPolicy)
{
LsaClose(hLsa, hPolicy);
}
if (hLsa)
{
LsaFreeBinding(&hLsa);
}
if (pCreds)
{
LwIoDeleteCreds(pCreds);
}
for (i = 0; i < numAccountRightNames; i++)
{
LW_SAFE_FREE_MEMORY(ppwszAccountRightNames[i]);
LW_SAFE_FREE_MEMORY(ppszAccountRightNames[i]);
}
LW_SAFE_FREE_MEMORY(ppwszAccountRightNames);
LW_SAFE_FREE_MEMORY(ppszAccountRightNames);
if (err == ERROR_SUCCESS &&
ntStatus != STATUS_SUCCESS)
{
err = LwNtStatusToWin32Error(ntStatus);
}
return err;
}
static
DWORD
ProcessEnumerateAccountUserRights(
IN PRPC_PARAMETERS pRpcParams,
IN PSTR AccountName
)
{
DWORD err = ERROR_SUCCESS;
NTSTATUS ntStatus = STATUS_SUCCESS;
LSA_BINDING hLsa = NULL;
LW_PIO_CREDS pCreds = NULL;
WCHAR wszSysName[] = {'\\', '\\', '\0'};
DWORD policyAccessMask = LSA_ACCESS_LOOKUP_NAMES_SIDS |
LSA_ACCESS_VIEW_POLICY_INFO;
POLICY_HANDLE hPolicy = NULL;
PSID pAccountSid = NULL;
PSTR pszSid = NULL;
PWSTR *pAccountRights = NULL;
DWORD numAccountRights = 0;
DWORD i = 0;
PSTR pszAccountRight = NULL;
err = CreateRpcCredentials(pRpcParams,
&pCreds);
BAIL_ON_LSA_ERROR(err);
err = CreateLsaRpcBinding(pRpcParams,
pCreds,
&hLsa);
BAIL_ON_LSA_ERROR(err);
ntStatus = LsaOpenPolicy2(hLsa,
wszSysName,
NULL,
policyAccessMask,
&hPolicy);
BAIL_ON_NT_STATUS(ntStatus);
err = ResolveAccountNameToSid(
hLsa,
AccountName,
&pAccountSid);
BAIL_ON_LSA_ERROR(err);
ntStatus = RtlAllocateCStringFromSid(
&pszSid,
pAccountSid);
BAIL_ON_NT_STATUS(ntStatus);
fprintf(stdout, "%s Account Rights\n:"
"=================================================="
"==============================\n", AccountName);
ntStatus = LsaEnumAccountRights(
hLsa,
hPolicy,
pAccountSid,
&pAccountRights,
&numAccountRights);
BAIL_ON_NT_STATUS(ntStatus);
for (i = 0; i < numAccountRights; i++)
{
err = LwWc16sToMbs(pAccountRights[i],
&pszAccountRight);
BAIL_ON_LSA_ERROR(err);
fprintf(stdout, "%s\n", pszAccountRight);
LW_SAFE_FREE_MEMORY(pszAccountRight);
}
error:
if (ntStatus || err)
{
PCSTR errName = LwNtStatusToName(ntStatus);
PCSTR errDescription = LwNtStatusToDescription(ntStatus);
if (ntStatus)
{
errName = LwNtStatusToName(ntStatus);
errDescription = LwNtStatusToDescription(ntStatus);
}
else
{
errName = LwWin32ErrorToName(err);
errDescription = LwWin32ErrorToDescription(err);
}
fprintf(stderr, "Error: %s (%s)\n",
LSA_SAFE_LOG_STRING(errName),
LSA_SAFE_LOG_STRING(errDescription));
}
if (hPolicy)
{
LsaClose(hLsa, hPolicy);
}
if (hLsa)
{
LsaFreeBinding(&hLsa);
}
if (pCreds)
{
LwIoDeleteCreds(pCreds);
}
if (pAccountRights)
{
LsaRpcFreeMemory(pAccountRights);
}
LW_SAFE_FREE_MEMORY(pszAccountRight);
if (err == ERROR_SUCCESS &&
ntStatus != STATUS_SUCCESS)
{
err = LwNtStatusToWin32Error(ntStatus);
}
return err;
}
static
DWORD
ProcessEnumerateAccounts(
IN PRPC_PARAMETERS pRpcParams,
IN PSTR UserRightName
)
{
DWORD err = ERROR_SUCCESS;
NTSTATUS ntStatus = STATUS_SUCCESS;
LSA_BINDING hLsa = NULL;
LW_PIO_CREDS pCreds = NULL;
WCHAR wszSysName[] = {'\\', '\\', '\0'};
DWORD policyAccessMask = LSA_ACCESS_LOOKUP_NAMES_SIDS |
LSA_ACCESS_VIEW_POLICY_INFO;
POLICY_HANDLE hPolicy = NULL;
PWSTR pwszUserRightName = NULL;
DWORD resume = 0;
PSID *ppSids = NULL;
DWORD numSids = 0;
DWORD prefMaxSize = 64;
DWORD i = 0;
SID_ARRAY sids = {0};
RefDomainList *pDomList = NULL;
TranslatedName *pTransNames = NULL;
DWORD count = 0;
PSTR pszAccountSid = NULL;
PSTR pszAccountDomain = NULL;
PSTR pszAccountName = NULL;
BOOLEAN moreEntries = FALSE;
err = CreateRpcCredentials(pRpcParams,
&pCreds);
BAIL_ON_LSA_ERROR(err);
err = CreateLsaRpcBinding(pRpcParams,
pCreds,
&hLsa);
BAIL_ON_LSA_ERROR(err);
ntStatus = LsaOpenPolicy2(hLsa,
wszSysName,
NULL,
policyAccessMask,
&hPolicy);
BAIL_ON_NT_STATUS(ntStatus);
fprintf(stdout,
"LSA Accounts");
do
{
moreEntries = FALSE;
if (UserRightName)
{
fprintf(stdout, " with AccountRight = %s:\n", UserRightName);
fprintf(stdout,
"=================================================="
"==============================\n");
err = LwMbsToWc16s(UserRightName,
&pwszUserRightName);
BAIL_ON_LSA_ERROR(err);
ntStatus = LsaEnumAccountsWithUserRight(
hLsa,
hPolicy,
pwszUserRightName,
&ppSids,
&numSids);
BAIL_ON_NT_STATUS(ntStatus);
}
else
{
fprintf(stdout, ":\n");
fprintf(stdout,
"=================================================="
"==============================\n");
ntStatus = LsaEnumAccounts(hLsa,
hPolicy,
&resume,
&ppSids,
&numSids,
prefMaxSize);
if (ntStatus == STATUS_MORE_ENTRIES)
{
ntStatus = STATUS_SUCCESS;
moreEntries = TRUE;
}
else if (ntStatus != STATUS_SUCCESS)
{
BAIL_ON_NT_STATUS(ntStatus);
}
}
err = LwAllocateMemory(
sizeof(sids.pSids[0]) * numSids,
OUT_PPVOID(&sids.pSids));
BAIL_ON_LSA_ERROR(err);
sids.dwNumSids = numSids;
for (i = 0; i < sids.dwNumSids; i++)
{
sids.pSids[i].pSid = ppSids[i];
}
ntStatus = LsaLookupSids(hLsa,
hPolicy,
&sids,
&pDomList,
&pTransNames,
LSA_LOOKUP_NAMES_ALL,
&count);
if (ntStatus == STATUS_SOME_NOT_MAPPED ||
ntStatus == STATUS_NONE_MAPPED)
{
ntStatus = STATUS_SUCCESS;
}
else if (ntStatus != STATUS_SUCCESS)
{
BAIL_ON_NT_STATUS(ntStatus);
}
for (i = 0; i < sids.dwNumSids; i++)
{
DWORD domainIndex = 0;
ntStatus = RtlAllocateCStringFromSid(
&pszAccountSid,
sids.pSids[i].pSid);
BAIL_ON_NT_STATUS(ntStatus);
if (pTransNames[i].type == SID_TYPE_USER ||
pTransNames[i].type == SID_TYPE_DOM_GRP ||
pTransNames[i].type == SID_TYPE_DOMAIN ||
pTransNames[i].type == SID_TYPE_ALIAS ||
pTransNames[i].type == SID_TYPE_WKN_GRP)
{
ntStatus = RtlCStringAllocateFromUnicodeString(
&pszAccountName,
&pTransNames[i].name);
BAIL_ON_NT_STATUS(ntStatus);
domainIndex = pTransNames[i].sid_index;
ntStatus = RtlCStringAllocateFromUnicodeString(
&pszAccountDomain,
&pDomList->domains[domainIndex].name);
BAIL_ON_NT_STATUS(ntStatus);
}
if (pszAccountSid)
{
fprintf(stdout, "%s ", pszAccountSid);
}
if (pszAccountDomain && pszAccountName)
{
fprintf(stdout, "(%s\\%s)", pszAccountDomain, pszAccountName);
}
else if (pszAccountDomain && !pszAccountName)
{
fprintf(stdout, "(%s\\)", pszAccountDomain);
}
else if (!pszAccountDomain && pszAccountName)
{
fprintf(stdout, "(%s)", pszAccountName);
}
else
{
fprintf(stdout, "(unknown)");
}
fprintf(stdout, "\n");
RTL_FREE(&pszAccountSid);
RTL_FREE(&pszAccountDomain);
RTL_FREE(&pszAccountName);
}
if (pTransNames)
{
LsaRpcFreeMemory(pTransNames);
pTransNames = NULL;
}
if (pDomList)
{
LsaRpcFreeMemory(pDomList);
pDomList = NULL;
}
if (ppSids)
{
LsaRpcFreeMemory(ppSids);
ppSids = NULL;
}
LW_SAFE_FREE_MEMORY(sids.pSids);
} while (moreEntries && ntStatus == STATUS_SUCCESS);
error:
if (ntStatus || err)
{
PCSTR errName = LwNtStatusToName(ntStatus);
PCSTR errDescription = LwNtStatusToDescription(ntStatus);
if (ntStatus)
{
errName = LwNtStatusToName(ntStatus);
errDescription = LwNtStatusToDescription(ntStatus);
}
else
{
errName = LwWin32ErrorToName(err);
errDescription = LwWin32ErrorToDescription(err);
}
fprintf(stderr, "Error: %s (%s)\n",
LSA_SAFE_LOG_STRING(errName),
LSA_SAFE_LOG_STRING(errDescription));
}
if (hPolicy)
{
LsaClose(hLsa, hPolicy);
}
if (hLsa)
{
LsaFreeBinding(&hLsa);
}
if (pCreds)
{
LwIoDeleteCreds(pCreds);
}
LW_SAFE_FREE_MEMORY(pwszUserRightName);
RTL_FREE(&pszAccountSid);
RTL_FREE(&pszAccountDomain);
RTL_FREE(&pszAccountName);
if (pTransNames)
{
LsaRpcFreeMemory(pTransNames);
}
if (pDomList)
{
LsaRpcFreeMemory(pDomList);
}
if (ppSids)
{
LsaRpcFreeMemory(ppSids);
}
LW_SAFE_FREE_MEMORY(sids.pSids);
if (err == ERROR_SUCCESS &&
ntStatus != STATUS_SUCCESS)
{
err = LwNtStatusToWin32Error(ntStatus);
}
return err;
}