static
DWORD
LsaAdBatchMarshalUserInfoFixLocalWindowsHomeFolder(
IN PLSA_AD_PROVIDER_STATE pState,
IN OUT PSTR* ppszLocalWindowsHomeFolder,
IN PCSTR pszNetbiosDomainName,
IN PCSTR pszSamAccountName
)
{
DWORD dwError = 0;
PSTR pszLocalWindowsHomeFolder = *ppszLocalWindowsHomeFolder;
PSTR pszNewLocalWindowsHomeFolder = NULL;
if (LW_IS_NULL_OR_EMPTY_STR(pszLocalWindowsHomeFolder))
{
dwError = AD_GetUnprovisionedModeRemoteHomeDirTemplate(
pState,
&pszLocalWindowsHomeFolder);
BAIL_ON_LSA_ERROR(dwError);
}
if (pszLocalWindowsHomeFolder == NULL)
{
dwError = LwAllocateString("", &pszLocalWindowsHomeFolder);
BAIL_ON_LSA_ERROR(dwError);
}
else if (strstr(pszLocalWindowsHomeFolder, "%"))
{
dwError = AD_BuildHomeDirFromTemplate(
pState,
pszLocalWindowsHomeFolder,
pszNetbiosDomainName,
pszSamAccountName,
&pszNewLocalWindowsHomeFolder);
if (dwError)
{
// If we encounter a problem with fixing up the shell, leave the user object with the actual
// value stored in AD and log the problem.
LSA_LOG_INFO("While processing information for user (%s), an invalid remote homedir value was detected (homedir: '%s')",
LSA_SAFE_LOG_STRING(pszSamAccountName),
LSA_SAFE_LOG_STRING(pszLocalWindowsHomeFolder));
dwError = 0;
goto cleanup;
}
LW_SAFE_FREE_STRING(pszLocalWindowsHomeFolder);
LSA_XFER_STRING(pszNewLocalWindowsHomeFolder, pszLocalWindowsHomeFolder);
}
LwStrCharReplace(pszLocalWindowsHomeFolder, ' ', '_');
cleanup:
*ppszLocalWindowsHomeFolder = pszLocalWindowsHomeFolder;
return dwError;
error:
goto cleanup;
}
DWORD
LsaSrvStartupPreCheck(
VOID
)
{
DWORD dwError = 0;
#ifdef __LWI_DARWIN__
PSTR pszHostname = NULL;
int iter = 0;
// Make sure that the local hostname has been setup by the system
for (iter = 0; iter < STARTUP_PRE_CHECK_WAIT; iter++)
{
LW_SAFE_FREE_STRING(pszHostname);
dwError = LsaDnsGetHostInfo(&pszHostname);
BAIL_ON_LSA_ERROR(dwError);
if (!strcasecmp(pszHostname, "localhost"))
{
sleep(10);
}
else
{
/* Hostname now looks correct */
LSA_LOG_INFO("LSA Process start up check for hostname complete [hostname:%s]", pszHostname);
break;
}
}
if (iter >= STARTUP_PRE_CHECK_WAIT)
{
dwError = LW_ERROR_FAILED_STARTUP_PREREQUISITE_CHECK;
LSA_LOG_ERROR("LSA start up pre-check failed to get updated hostname after %u seconds of waiting [Code:%u]",
STARTUP_PRE_CHECK_WAIT*10,
dwError);
BAIL_ON_LSA_ERROR(dwError);
}
// Now that we are running, we need to flush the DirectoryService process of any negative cache entries
dwError = LsaSrvFlushSystemCache();
BAIL_ON_LSA_ERROR(dwError);
error:
LW_SAFE_FREE_STRING(pszHostname);
#endif
return dwError;
}
NTSTATUS
LsaSvcmStop(
PLW_SVCM_INSTANCE pInstance
)
{
LsaSrvStopListenThread();
NtlmSrvStopListenThread();
LsaSrvApiShutdown();
NtlmClientIpcShutdown();
LSA_LOG_INFO("LSA Service exiting...");
#ifdef ENABLE_EVENTLOG
LsaSrvStopEventLoggingThread();
#endif
LsaShutdownTracing_r();
return STATUS_SUCCESS;
}
DWORD
LsaAdBatchMarshalUserInfoAccountExpires(
IN UINT64 AccountExpires,
IN OUT PLSA_SECURITY_OBJECT_USER_INFO pObjectUserInfo,
IN PCSTR pszSamAccountName
)
{
DWORD dwError = 0;
if (AccountExpires == 0LL ||
AccountExpires == 9223372036854775807LL)
{
// This means the account will never expire.
pObjectUserInfo->bAccountExpired = FALSE;
}
else
{
// in 100ns units:
UINT64 currentNtTime = 0;
dwError = ADGetCurrentNtTime(¤tNtTime);
if (dwError)
{
LSA_LOG_INFO("While processing information for user (%s), lsass was unable to determine if the account is expired. Defaulting to not expired.", pszSamAccountName);
dwError = 0;
pObjectUserInfo->bAccountExpired = FALSE;
goto error;
}
if (currentNtTime <= AccountExpires)
{
pObjectUserInfo->bAccountExpired = FALSE;
}
else
{
pObjectUserInfo->bAccountExpired = TRUE;
}
}
cleanup:
return dwError;
error:
goto cleanup;
}
static
DWORD
LsaStopRpcSrv(
PLSA_RPC_SERVER pRpc
)
{
DWORD dwError = 0;
dwError = pRpc->pfnTable->pfnStop();
if (dwError) {
LSA_LOG_ERROR("Couldn't stop %s rpc server (error: %u)",
pRpc->pszName, dwError);
} else {
LSA_LOG_INFO("%s rpc server successfully stopped",
pRpc->pszName);
}
return dwError;
}
DWORD
LsaAdBatchMarshalUserInfoPasswordExpires(
IN UINT64 PasswordExpires,
IN OUT PLSA_SECURITY_OBJECT_USER_INFO pObjectUserInfo,
IN PCSTR pszSamAccountName
)
{
DWORD dwError = 0;
UINT64 currentNtTime = 0;
dwError = ADGetCurrentNtTime(¤tNtTime);
if (dwError)
{
LSA_LOG_INFO("While processing information for user (%s), lsass was unable to determine if the need to prompt to change user password is required. Defaulting to no.", pszSamAccountName);
dwError = 0;
pObjectUserInfo->bPromptPasswordChange = FALSE;
goto error;
}
// ISSUE-2008/11/18-dalmeida -- The number of days
// should be a setting.
if (PasswordExpires != 0 &&
(currentNtTime >= PasswordExpires ||
(PasswordExpires - currentNtTime) / (10000000LL * 24*60*60) <= 14))
{
//The password will expire in 14 days or less
pObjectUserInfo->bPromptPasswordChange = TRUE;
}
else
{
pObjectUserInfo->bPromptPasswordChange = FALSE;
}
cleanup:
return dwError;
error:
goto cleanup;
}
NTSTATUS
LsaSvcmRefresh(
PLW_SVCM_INSTANCE pInstance
)
{
DWORD dwError = 0;
HANDLE hServer = NULL;
LSA_LOG_VERBOSE("Refreshing configuration");
dwError = LsaSrvOpenServer(
getuid(),
getgid(),
getpid(),
&hServer);
BAIL_ON_LSA_ERROR(dwError);
dwError = LsaSrvRefreshConfiguration(hServer);
BAIL_ON_LSA_ERROR(dwError);
LSA_LOG_INFO("Refreshed configuration successfully");
cleanup:
if (hServer != NULL)
{
LsaSrvCloseServer(hServer);
}
return LwWin32ErrorToNtStatus(dwError);
error:
LSA_LOG_ERROR("Failed to refresh configuration. [Error code:%u]", dwError);
goto cleanup;
}