static
DWORD
DoLeaveDomain(
IN PCSTR pszDomain,
IN OPTIONAL PCSTR pszUsername,
IN OPTIONAL PCSTR pszPassword,
IN LSA_NET_JOIN_FLAGS JoinFlags
)
{
HANDLE hLsa = NULL;
DWORD dwError = 0;
PCSTR pszUseDomain = IsSetFlag(JoinFlags, LSA_NET_JOIN_DOMAIN_MULTIPLE) ? pszDomain : NULL;
assert(pszDomain);
printf("Leaving AD Domain: %s\n", pszDomain);
dwError = LsaOpenServer(&hLsa);
GOTO_CLEANUP_ON_WINERROR(dwError);
dwError = LsaAdLeaveDomain2(hLsa, pszUsername, pszPassword, pszUseDomain, JoinFlags);
GOTO_CLEANUP_ON_WINERROR(dwError);
printf("SUCCESS\n");
cleanup:
if (hLsa)
{
LsaCloseServer(hLsa);
}
return dwError;
}
static
DWORD
SetMachineSid(
PSTR pszSid
)
{
DWORD dwError = 0;
HANDLE hLsaConnection = NULL;
BAIL_ON_INVALID_STRING(pszSid);
dwError = LsaOpenServer(&hLsaConnection);
BAIL_ON_LSA_ERROR(dwError);
dwError = LsaSetMachineSid(hLsaConnection,
pszSid);
BAIL_ON_LSA_ERROR(dwError);
fprintf(stdout, "Successfully set machine SID to %s\n", pszSid);
cleanup:
if (hLsaConnection != (HANDLE)NULL) {
LsaCloseServer(hLsaConnection);
}
return dwError;
error:
goto cleanup;
}
DWORD
DJSetComputerNameEx(
PCSTR pszComputerName
)
{
DWORD dwError = 0;
LWException *exc = NULL;
HANDLE hLsaConnection = NULL;
LW_TRY(&exc, DJSetComputerName(pszComputerName, NULL, &LW_EXC));
LW_CLEANUP_CTERR(&exc, LsaOpenServer(&hLsaConnection));
LW_CLEANUP_CTERR(&exc, LsaSetMachineName(hLsaConnection, pszComputerName));
cleanup:
if (hLsaConnection)
{
LsaCloseServer(hLsaConnection);
}
if (!LW_IS_OK(exc))
{
dwError = exc->code;
LWHandle(&exc);
}
return dwError;
}
wbcErr wbcInterfaceDetails(struct wbcInterfaceDetails **details)
{
DWORD dwErr = LW_ERROR_INTERNAL;
wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
HANDLE hLsa = NULL;
PLSA_MACHINE_ACCOUNT_INFO_A pAccountInfo = NULL;
size_t hostnameLen = 0;
BAIL_ON_NULL_PTR_PARAM(details, dwErr);
/* Find our domain */
dwErr = LsaOpenServer(&hLsa);
BAIL_ON_LSA_ERR(dwErr);
dwErr = LsaAdGetMachineAccountInfo(hLsa, NULL, &pAccountInfo);
BAIL_ON_LSA_ERR(dwErr);
*details = _wbc_malloc(sizeof(struct wbcInterfaceDetails),
FreeInterfaceDetails);
BAIL_ON_NULL_PTR(*details, dwErr);
(*details)->interface_version = LSA_WBC_INTERFACE_VERSION;
(*details)->winbind_version = LSA_WBC_WINBIND_VERSION;
(*details)->winbind_separator = '\\';
(*details)->netbios_name = _wbc_strdup(pAccountInfo->SamAccountName);
BAIL_ON_NULL_PTR((*details)->netbios_name, dwErr);
// Strip off the trailing dollar sign
hostnameLen = strlen((*details)->netbios_name);
if (hostnameLen > 0 && (*details)->netbios_name[hostnameLen - 1] == '$')
{
((char *)(*details)->netbios_name)[hostnameLen - 1] = 0;
}
(*details)->netbios_domain = _wbc_strdup(pAccountInfo->NetbiosDomainName);
BAIL_ON_NULL_PTR((*details)->netbios_domain, dwErr);
(*details)->dns_domain = _wbc_strdup(pAccountInfo->DnsDomainName);
BAIL_ON_NULL_PTR((*details)->dns_domain, dwErr);
cleanup:
if (pAccountInfo)
{
LsaAdFreeMachineAccountInfo(pAccountInfo);
}
if (hLsa)
{
LsaCloseServer(hLsa);
}
wbc_status = map_error_to_wbc_status(dwErr);
return wbc_status;
}
DWORD
Lwt_LsaTestLocalProvider(
HANDLE hLsaConnection
)
{
DWORD dwError = LW_ERROR_SUCCESS;
char szGroup[10]="";
char szUser[10] = "";
GetRandomName(szGroup, szUser, 8);
dwError = LsaOpenServer(&hLsaConnection);
BAIL_ON_TEST_BROKE(dwError);
dwError = TestAddGroup( hLsaConnection, szGroup);
BAIL_ON_TEST_BROKE(dwError);
// dwError = TestEnumGroups( hLsaConnection, szGroup);
// BAIL_ON_TEST_BROKE(dwError);
dwError = TestDelGroup( hLsaConnection, szGroup);
BAIL_ON_TEST_BROKE(dwError);
dwError = TestAddUser( hLsaConnection, szUser);
BAIL_ON_TEST_BROKE(dwError);
// dwError = TestEnumUsers( hLsaConnection, szUser);
// BAIL_ON_TEST_BROKE(dwError);
dwError = TestDelUser( hLsaConnection, szUser);
BAIL_ON_TEST_BROKE(dwError);
cleanup:
if (hLsaConnection != (HANDLE)NULL)
{
LsaCloseServer(hLsaConnection);
}
return dwError;
error:
goto cleanup;
}
static
DWORD
GetCurrentDomain(
OUT PSTR* ppszDnsDomainName
)
{
DWORD dwError = 0;
HANDLE hLsa = NULL;
PLSA_MACHINE_ACCOUNT_INFO_A pAccountInfo = NULL;
PSTR pszDnsDomainName = NULL;
dwError = LsaOpenServer(&hLsa);
GOTO_CLEANUP_ON_WINERROR(dwError);
dwError = LsaAdGetMachineAccountInfo(hLsa, NULL, &pAccountInfo);
GOTO_CLEANUP_ON_WINERROR(dwError);
dwError = LwAllocateString(
pAccountInfo->DnsDomainName,
&pszDnsDomainName);
GOTO_CLEANUP_ON_WINERROR(dwError);
cleanup:
if (dwError)
{
LW_SAFE_FREE_MEMORY(pszDnsDomainName);
}
if (hLsa)
{
LsaCloseServer(hLsa);
}
if (pAccountInfo)
{
LsaAdFreeMachineAccountInfo(pAccountInfo);
}
*ppszDnsDomainName = pszDnsDomainName;
return dwError;
}
wbcErr wbcPing(void)
{
HANDLE hLsa = (HANDLE)NULL;
DWORD dwErr = LW_ERROR_INTERNAL;
wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
/* Just open and close an LsaServerHandle */
dwErr = LsaOpenServer(&hLsa);
BAIL_ON_LSA_ERR(dwErr);
dwErr = LsaCloseServer(hLsa);
hLsa = (HANDLE)NULL;
BAIL_ON_LSA_ERR(dwErr);
cleanup:
wbc_status = map_error_to_wbc_status(dwErr);
return wbc_status;
}
DWORD
LsaNssCommonCloseConnection(
PLSA_NSS_CACHED_HANDLE pConnection
)
{
DWORD dwError = 0;
if (pConnection->hLsaConnection != (HANDLE)NULL)
{
pid_t myPid = getpid();
if (myPid == pConnection->owner)
{
dwError = LsaCloseServer(pConnection->hLsaConnection);
}
else
{
// Drop the connection
dwError = LsaDropServer(pConnection->hLsaConnection);
}
pConnection->hLsaConnection = NULL;
}
return dwError;
}
DWORD
Lwt_LsaTestTeardown(
HANDLE *phLsaConnection,
PTESTDATA *ppTestData
)
{
if ( ppTestData && *ppTestData != NULL )
{
PTESTDATA pTestData = *ppTestData;
if ( pTestData->pUserIface)
{
DestroyUserInfo(pTestData->pUserIface);
LW_SAFE_FREE_MEMORY(pTestData->pUserIface);
}
if (pTestData->pGroupIface)
{
DestroyGroupInfo(pTestData->pGroupIface);
LW_SAFE_FREE_MEMORY(pTestData->pGroupIface);
}
LW_SAFE_FREE_MEMORY(pTestData);
*ppTestData = NULL;
}
if ( phLsaConnection && *phLsaConnection != (HANDLE)NULL)
{
LsaCloseServer(*phLsaConnection);
*phLsaConnection = NULL;
}
LwtShutdownLogging();
return LW_ERROR_SUCCESS;
}
int
main(
int argc,
char* argv[]
)
{
DWORD dwError = 0;
HANDLE hLsaConnection = (HANDLE)NULL;
UINT64 llSuccess = 0;
UINT64 llFailed = 0;
UINT64 llIter = 0;
PCSTR pszLoginName = "";
PCSTR pszPassword = "";
PSTR pszMessage = NULL;
if (argc < 3)
{
fprintf(stdout, "Usage: test_authstress <login id> <password>\n");
exit(1);
}
pszLoginName = argv[1];
pszPassword = argv[2];
dwError = LsaOpenServer(&hLsaConnection);
BAIL_ON_STRESS_ERROR(dwError);
while (1) {
llIter += 1;
dwError = LsaAuthenticateUser(
hLsaConnection,
pszLoginName,
pszPassword,
&pszMessage);
if (pszMessage)
{
fprintf(stdout,
"%s\n",
pszMessage);
}
LW_SAFE_FREE_STRING(pszMessage);
if ( dwError == 0 )
{
llSuccess += 1;
}
else
{
llFailed += 1;
}
if ( ( llIter % 10 ) == 0)
{
fprintf(stdout,
"success [ %llu ] failure [ %llu ] \n",
(unsigned long long)llSuccess,
(unsigned long long)llFailed);
}
sleep(1);
}
cleanup:
if (hLsaConnection != (HANDLE)NULL) {
LsaCloseServer(hLsaConnection);
}
return (dwError);
error:
goto cleanup;
}
int
ad_cache_main(
int argc,
char* argv[]
)
{
DWORD dwError = 0;
HANDLE hLsaConnection = (HANDLE)NULL;
size_t dwErrorBufferSize = 0;
BOOLEAN bPrintOrigError = TRUE;
PSTR pszOperation = "complete operation";
DWORD dwAction = ACTION_NONE;
PSTR pszDomainName = NULL;
PSTR pszName = NULL;
uid_t uid = 0;
gid_t gid = 0;
bool bForceOfflineDelete;
DWORD dwBatchSize = 10;
if (argc < 2 ||
(strcmp(argv[1], "--help") == 0) ||
(strcmp(argv[1], "-h") == 0))
{
ShowUsage(GetProgramName(argv[0]));
exit(0);
}
if (geteuid() != 0) {
fprintf(stderr, "This program requires super-user privileges.\n");
dwError = LW_ERROR_ACCESS_DENIED;
BAIL_ON_LSA_ERROR(dwError);
}
dwError = ParseArgs(
argc,
argv,
&dwAction,
&pszDomainName,
&pszName,
&uid,
&gid,
&bForceOfflineDelete,
&dwBatchSize);
BAIL_ON_LSA_ERROR(dwError);
dwError = LsaOpenServer(&hLsaConnection);
BAIL_ON_LSA_ERROR(dwError);
switch (dwAction)
{
case ACTION_DELETE_ALL:
pszOperation = "empty cache";
dwError = LsaAdEmptyCache(
hLsaConnection,
pszDomainName,
bForceOfflineDelete);
BAIL_ON_LSA_ERROR(dwError);
fprintf(stdout, "The cache has been emptied successfully.\n");
break;
case ACTION_DELETE_USER:
pszOperation = "delete user";
if ( pszName )
{
dwError = LsaAdRemoveUserByNameFromCache(
hLsaConnection,
pszDomainName,
pszName);
BAIL_ON_LSA_ERROR(dwError);
}
else
{
dwError = LsaAdRemoveUserByIdFromCache(
hLsaConnection,
pszDomainName,
uid);
BAIL_ON_LSA_ERROR(dwError);
}
fprintf(stdout, "The user has been deleted from the cache successfully.\n");
break;
case ACTION_DELETE_GROUP:
pszOperation = "delete group";
if ( pszName )
{
dwError = LsaAdRemoveGroupByNameFromCache(
hLsaConnection,
pszDomainName,
pszName);
BAIL_ON_LSA_ERROR(dwError);
}
else
{
dwError = LsaAdRemoveGroupByIdFromCache(
hLsaConnection,
pszDomainName,
gid);
BAIL_ON_LSA_ERROR(dwError);
}
fprintf(stdout, "The group has been deleted from the cache successfully.\n");
break;
case ACTION_ENUM_USERS:
pszOperation = "enumerate users";
dwError = EnumerateUsers(
hLsaConnection,
pszDomainName,
dwBatchSize);
BAIL_ON_LSA_ERROR(dwError);
break;
case ACTION_ENUM_GROUPS:
pszOperation = "enumerate groups";
dwError = EnumerateGroups(
hLsaConnection,
pszDomainName,
dwBatchSize);
BAIL_ON_LSA_ERROR(dwError);
break;
}
cleanup:
if (hLsaConnection != (HANDLE)NULL) {
LsaCloseServer(hLsaConnection);
}
return dwError;
error:
dwError = MapErrorCode(dwError);
dwErrorBufferSize = LwGetErrorString(dwError, NULL, 0);
if (dwErrorBufferSize > 0)
{
DWORD dwError2 = 0;
PSTR pszErrorBuffer = NULL;
dwError2 = LwAllocateMemory(
dwErrorBufferSize,
(PVOID*)&pszErrorBuffer);
if (!dwError2)
{
DWORD dwLen = LwGetErrorString(dwError, pszErrorBuffer, dwErrorBufferSize);
if ((dwLen == dwErrorBufferSize) && !LW_IS_NULL_OR_EMPTY_STR(pszErrorBuffer))
{
fprintf(stderr,
"Failed to %s. Error code %u (%s).\n%s\n",
pszOperation,
dwError,
LW_PRINTF_STRING(LwWin32ExtErrorToName(dwError)),
pszErrorBuffer);
bPrintOrigError = FALSE;
}
}
LW_SAFE_FREE_STRING(pszErrorBuffer);
}
if (bPrintOrigError)
{
fprintf(stderr,
"Failed to %s. Error code %u (%s).\n",
pszOperation,
dwError,
LW_PRINTF_STRING(LwWin32ExtErrorToName(dwError)));
}
goto cleanup;
}
int
set_log_level_main(
int argc,
char* argv[]
)
{
DWORD dwError = 0;
LsaLogLevel logLevel = LSA_LOG_LEVEL_ERROR;
HANDLE hLsaConnection = (HANDLE)NULL;
PLSA_LOG_INFO pLogInfo = NULL;
size_t dwErrorBufferSize = 0;
BOOLEAN bPrintOrigError = TRUE;
if (geteuid() != 0) {
fprintf(stderr, "This program requires super-user privileges.\n");
dwError = LW_ERROR_ACCESS_DENIED;
BAIL_ON_LSA_ERROR(dwError);
}
dwError = ParseArgs(argc, argv, &logLevel);
BAIL_ON_LSA_ERROR(dwError);
dwError = LsaOpenServer(&hLsaConnection);
BAIL_ON_LSA_ERROR(dwError);
dwError = LsaSetLogLevel(
hLsaConnection,
logLevel);
BAIL_ON_LSA_ERROR(dwError);
fprintf(stdout, "The log level was set successfully\n\n");
dwError = LsaGetLogInfo(
hLsaConnection,
&pLogInfo);
BAIL_ON_LSA_ERROR(dwError);
dwError = PrintLogInfo(pLogInfo);
BAIL_ON_LSA_ERROR(dwError);
cleanup:
if (pLogInfo)
{
LsaFreeLogInfo(pLogInfo);
}
if (hLsaConnection != (HANDLE)NULL) {
LsaCloseServer(hLsaConnection);
}
return (dwError);
error:
dwError = MapErrorCode(dwError);
dwErrorBufferSize = LwGetErrorString(dwError, NULL, 0);
if (dwErrorBufferSize > 0)
{
DWORD dwError2 = 0;
PSTR pszErrorBuffer = NULL;
dwError2 = LwAllocateMemory(
dwErrorBufferSize,
(PVOID*)&pszErrorBuffer);
if (!dwError2)
{
DWORD dwLen = LwGetErrorString(dwError, pszErrorBuffer, dwErrorBufferSize);
if ((dwLen == dwErrorBufferSize) && !LW_IS_NULL_OR_EMPTY_STR(pszErrorBuffer))
{
fprintf(stderr,
"Failed to set log level. Error code %u (%s).\n%s\n",
dwError,
LW_PRINTF_STRING(LwWin32ExtErrorToName(dwError)),
pszErrorBuffer);
bPrintOrigError = FALSE;
}
}
LW_SAFE_FREE_STRING(pszErrorBuffer);
}
if (bPrintOrigError)
{
fprintf(stderr,
"Failed to set log level. Error code %u (%s).\n",
dwError,
LW_PRINTF_STRING(LwWin32ExtErrorToName(dwError)));
}
goto cleanup;
}
DWORD
SynchronizePassword(
PCSTR pSmbdPath
)
{
DWORD error = 0;
PSTR pSecretsPath = NULL;
LW_HANDLE hLsa = NULL;
PLSA_MACHINE_PASSWORD_INFO_A pPasswordInfo = NULL;
PLSA_PSTORE_PLUGIN_DISPATCH pDispatch = NULL;
PLSA_PSTORE_PLUGIN_CONTEXT pContext = NULL;
HANDLE hReg = NULL;
error = LwRegOpenServer(&hReg);
BAIL_ON_LSA_ERROR(error);
error = GetSecretsPath(
pSmbdPath,
&pSecretsPath);
BAIL_ON_LSA_ERROR(error);
error = RegUtilAddKey(
hReg,
LSA_PSTORE_REG_ROOT_KEY_PATH,
NULL,
LSA_PSTORE_REG_ROOT_KEY_RELATIVE_PATH_PLUGINS "\\" PLUGIN_NAME);
BAIL_ON_LSA_ERROR(error);
error = RegUtilSetValue(
hReg,
LSA_PSTORE_REG_ROOT_KEY_PATH,
NULL,
LSA_PSTORE_REG_ROOT_KEY_RELATIVE_PATH_PLUGINS "\\" PLUGIN_NAME,
"SecretsPath",
REG_SZ,
pSecretsPath,
strlen(pSecretsPath));
BAIL_ON_LSA_ERROR(error);
error = RegUtilSetValue(
hReg,
HKEY_THIS_MACHINE,
NULL,
LSA_PSTORE_REG_ROOT_KEY_RELATIVE_PATH_PLUGINS "\\" PLUGIN_NAME,
"Path",
REG_SZ,
PLUGIN_PATH,
strlen(PLUGIN_PATH));
BAIL_ON_LSA_ERROR(error);
error = AddSambaLoadPath(hReg);
BAIL_ON_LSA_ERROR(error);
error = LsaOpenServer(
&hLsa);
if (error)
{
LW_RTL_LOG_ERROR("Unable to contact lsassd");
}
BAIL_ON_LSA_ERROR(error);
error = LsaAdGetMachinePasswordInfo(
hLsa,
NULL,
&pPasswordInfo);
if (error == NERR_SetupNotJoined)
{
LW_RTL_LOG_ERROR("Unable to write machine password in secrets.tdb because PowerBroker Identity Services is not joined. The password will be written to secrets.tdb on the next successful join attempt");
error = 0;
}
else
{
BAIL_ON_LSA_ERROR(error);
error = LsaPstorePluginInitializeContext(
LSA_PSTORE_PLUGIN_VERSION,
PLUGIN_NAME,
&pDispatch,
&pContext);
BAIL_ON_LSA_ERROR(error);
error = pDispatch->SetPasswordInfoA(
pContext,
pPasswordInfo);
BAIL_ON_LSA_ERROR(error);
}
cleanup:
LW_SAFE_FREE_STRING(pSecretsPath);
if (hLsa != NULL)
{
LsaCloseServer(hLsa);
}
if (hReg != NULL)
{
LwRegCloseServer(hReg);
}
if (pPasswordInfo != NULL)
{
LsaAdFreeMachinePasswordInfo(pPasswordInfo);
}
if (pContext)
{
pDispatch->Cleanup(pContext);
}
return error;
}
int
enum_users_main(
int argc,
char* argv[]
)
{
DWORD dwError = 0;
DWORD dwUserInfoLevel = 0;
DWORD dwBatchSize = 10;
HANDLE hLsaConnection = (HANDLE)NULL;
HANDLE hResume = (HANDLE)NULL;
PVOID* ppUserInfoList = NULL;
DWORD dwNumUsersFound = 0;
DWORD dwTotalUsersFound = 0;
size_t dwErrorBufferSize = 0;
BOOLEAN bPrintOrigError = TRUE;
BOOLEAN bCheckUserInList = FALSE;
dwError = ParseArgs(argc, argv, &dwUserInfoLevel, &dwBatchSize, &bCheckUserInList);
BAIL_ON_LSA_ERROR(dwError);
dwError = LsaOpenServer(&hLsaConnection);
BAIL_ON_LSA_ERROR(dwError);
dwError = LsaBeginEnumUsers(
hLsaConnection,
dwUserInfoLevel,
dwBatchSize,
0,
&hResume);
BAIL_ON_LSA_ERROR(dwError);
do
{
DWORD iUser = 0;
if (ppUserInfoList) {
LsaFreeUserInfoList(dwUserInfoLevel, ppUserInfoList, dwNumUsersFound);
ppUserInfoList = NULL;
}
dwError = LsaEnumUsers(
hLsaConnection,
hResume,
&dwNumUsersFound,
&ppUserInfoList);
BAIL_ON_LSA_ERROR(dwError);
if (!dwNumUsersFound) {
break;
}
dwTotalUsersFound+=dwNumUsersFound;
for (iUser = 0; iUser < dwNumUsersFound; iUser++)
{
BOOLEAN bAllowedLogon = TRUE;
PVOID pUserInfo = *(ppUserInfoList + iUser);
if (bCheckUserInList)
{
dwError = LsaCheckUserInList(
hLsaConnection,
((PLSA_USER_INFO_0)pUserInfo)->pszName,
NULL);
if (dwError)
{
bAllowedLogon = FALSE;
}
}
switch(dwUserInfoLevel)
{
case 0:
PrintUserInfo_0((PLSA_USER_INFO_0)pUserInfo,
bCheckUserInList,
bAllowedLogon);
break;
case 1:
PrintUserInfo_1((PLSA_USER_INFO_1)pUserInfo,
bCheckUserInList,
bAllowedLogon);
break;
case 2:
PrintUserInfo_2((PLSA_USER_INFO_2)pUserInfo,
bCheckUserInList,
bAllowedLogon);
break;
default:
fprintf(stderr,
"Error: Invalid user info level %u\n",
dwUserInfoLevel);
break;
}
}
} while (dwNumUsersFound);
fprintf(stdout, "TotalNumUsersFound: %u\n", dwTotalUsersFound);
cleanup:
if (ppUserInfoList) {
LsaFreeUserInfoList(dwUserInfoLevel, ppUserInfoList, dwNumUsersFound);
}
if ((hResume != (HANDLE)NULL) &&
(hLsaConnection != (HANDLE)NULL)) {
LsaEndEnumUsers(hLsaConnection, hResume);
}
if (hLsaConnection != (HANDLE)NULL) {
LsaCloseServer(hLsaConnection);
}
return (dwError);
error:
dwError = MapErrorCode(dwError);
dwErrorBufferSize = LwGetErrorString(dwError, NULL, 0);
if (dwErrorBufferSize > 0)
{
DWORD dwError2 = 0;
PSTR pszErrorBuffer = NULL;
dwError2 = LwAllocateMemory(
dwErrorBufferSize,
(PVOID*)&pszErrorBuffer);
if (!dwError2)
{
DWORD dwLen = LwGetErrorString(dwError, pszErrorBuffer, dwErrorBufferSize);
if ((dwLen == dwErrorBufferSize) && !LW_IS_NULL_OR_EMPTY_STR(pszErrorBuffer))
{
fprintf(stderr, "Failed to enumerate users. Error code %u (%s).\n"
"%s\n",
dwError, LW_PRINTF_STRING(LwWin32ExtErrorToName(dwError)),
pszErrorBuffer);
bPrintOrigError = FALSE;
}
if (dwError == ERROR_INVALID_DATA)
{
fprintf(stderr, "The users list has changed while enumerating. "
"Try again.\n");
}
}
LW_SAFE_FREE_STRING(pszErrorBuffer);
}
if (bPrintOrigError)
{
fprintf(stderr, "Failed to enumerate users. Error code %u (%s).\n",
dwError, LW_PRINTF_STRING(LwWin32ExtErrorToName(dwError)));
}
goto cleanup;
}
int
pam_sm_close_session(
pam_handle_t* pamh,
int flags,
int argc,
const char** argv
)
{
DWORD dwError = 0;
PPAMCONTEXT pPamContext = NULL;
PSTR pszLoginId = NULL;
HANDLE hLsaConnection = (HANDLE)NULL;
PLSA_PAM_CONFIG pConfig = NULL;
dwError = LsaPamGetConfig(&pConfig);
BAIL_ON_LSA_ERROR(dwError);
LsaPamSetLogLevel(pConfig->dwLogLevel);
LSA_LOG_PAM_DEBUG("pam_sm_close_session::begin");
dwError = LsaPamGetContext(
pamh,
flags,
argc,
argv,
&pPamContext);
BAIL_ON_LSA_ERROR(dwError);
dwError = LsaPamGetLoginId(
pamh,
pPamContext,
&pszLoginId,
FALSE);
BAIL_ON_LSA_ERROR(dwError);
if (pszLoginId == NULL)
{
dwError = LW_ERROR_NO_SUCH_USER;
BAIL_ON_LSA_ERROR(dwError);
}
if (LsaShouldIgnoreUser(pszLoginId))
{
LSA_LOG_PAM_DEBUG("By passing lsassd for local account");
dwError = LW_ERROR_NOT_HANDLED;
BAIL_ON_LSA_ERROR(dwError);
}
dwError = LsaOpenServer(&hLsaConnection);
BAIL_ON_LSA_ERROR(dwError);
dwError = LsaCloseSession(
hLsaConnection,
pszLoginId);
BAIL_ON_LSA_ERROR(dwError);
dwError = LsaPamNotifyUserLogoff(
pszLoginId);
if (dwError == LW_ERROR_LOAD_LIBRARY_FAILED ||
dwError == LW_ERROR_LOOKUP_SYMBOL_FAILED )
{
dwError = 0;
}
BAIL_ON_LSA_ERROR(dwError);
cleanup:
if (hLsaConnection != (HANDLE)NULL) {
LsaCloseServer(hLsaConnection);
}
if (pConfig)
{
LsaPamFreeConfig(pConfig);
}
LW_SAFE_FREE_STRING(pszLoginId);
LSA_LOG_PAM_DEBUG("pam_sm_close_session::end");
return LsaPamOpenPamFilterCloseSession(
LsaPamMapErrorCode(dwError, pPamContext));
error:
if ((dwError == LW_ERROR_NO_SUCH_USER) || (dwError == LW_ERROR_NOT_HANDLED))
{
LSA_LOG_PAM_WARNING("pam_sm_close_session error [error code:%u]", dwError);
}
else
{
LSA_LOG_PAM_ERROR("pam_sm_close_session error [error code:%u]", dwError);
}
goto cleanup;
}
int
get_metrics_main(
int argc,
char* argv[]
)
{
DWORD dwError = 0;
DWORD dwInfoLevel = 0;
PVOID pMetricPack = NULL;
HANDLE hLsaConnection = (HANDLE)NULL;
size_t dwErrorBufferSize = 0;
BOOLEAN bPrintOrigError = TRUE;
ParseArgs(argc, argv, &dwInfoLevel);
dwError = LsaOpenServer(&hLsaConnection);
BAIL_ON_LSA_ERROR(dwError);
dwError = LsaGetMetrics(
hLsaConnection,
dwInfoLevel,
&pMetricPack);
BAIL_ON_LSA_ERROR(dwError);
switch (dwInfoLevel)
{
case 0:
PrintMetricPack_0(
(PLSA_METRIC_PACK_0)pMetricPack);
break;
case 1:
PrintMetricPack_1(
(PLSA_METRIC_PACK_1)pMetricPack);
break;
}
cleanup:
LW_SAFE_FREE_MEMORY(pMetricPack);
if (hLsaConnection != (HANDLE)NULL) {
LsaCloseServer(hLsaConnection);
}
return (dwError);
error:
dwError = MapErrorCode(dwError);
dwErrorBufferSize = LwGetErrorString(dwError, NULL, 0);
if (dwErrorBufferSize > 0)
{
DWORD dwError2 = 0;
PSTR pszErrorBuffer = NULL;
dwError2 = LwAllocateMemory(
dwErrorBufferSize,
(PVOID*)&pszErrorBuffer);
if (!dwError2)
{
DWORD dwLen = LwGetErrorString(dwError, pszErrorBuffer, dwErrorBufferSize);
if ((dwLen == dwErrorBufferSize) && !LW_IS_NULL_OR_EMPTY_STR(pszErrorBuffer))
{
fprintf(
stderr,
"Failed to query metrics from LSA service. Error code %u (%s).\n%s\n",
dwError,
LW_PRINTF_STRING(LwWin32ExtErrorToName(dwError)),
pszErrorBuffer);
bPrintOrigError = FALSE;
}
}
LW_SAFE_FREE_STRING(pszErrorBuffer);
}
if (bPrintOrigError)
{
fprintf(
stderr,
"Failed to query metrics from LSA service. Error code %u (%s).\n",
dwError,
LW_PRINTF_STRING(LwWin32ExtErrorToName(dwError)));
}
goto cleanup;
}
static
DWORD
IDMKrbDetermineJoinState(
PIDM_KRB_CONTEXT pKrbContext
)
{
DWORD dwError = 0;
DWORD dwCleanupError = 0;
HANDLE hLsa = NULL;
PLSA_MACHINE_ACCOUNT_INFO_A pAcctInfo = NULL;
PSTR pszAccount = NULL;
PSTR pszDomain = NULL;
BOOLEAN bLocked = FALSE;
dwError = LsaOpenServer(&hLsa);
BAIL_ON_ERROR(dwError);
dwError = LsaAdGetMachineAccountInfo(hLsa, NULL, &pAcctInfo);
BAIL_ON_ERROR(dwError);
dwError = IDMAllocateStringA(
pAcctInfo->DnsDomainName,
&pszDomain);
BAIL_ON_ERROR(dwError);
dwError = IDMAllocateStringA(
pAcctInfo->SamAccountName,
&pszAccount);
BAIL_ON_ERROR(dwError);
IDM_RWMUTEX_LOCK_EXCLUSIVE(&pKrbContext->mutex_rw, bLocked, dwError);
BAIL_ON_ERROR(dwError);
if (pKrbContext->state == IDM_KRB_CONTEXT_STATE_INITIAL)
{
IDM_SAFE_FREE_MEMORY(pKrbContext->pszAccount);
pKrbContext->pszAccount = pszAccount;
pszAccount = NULL;
IDM_SAFE_FREE_MEMORY(pKrbContext->pszDomain);
pKrbContext->pszDomain = pszDomain;
pszDomain = NULL;
pKrbContext->expiryTime = 0;
pKrbContext->state = IDM_KRB_CONTEXT_STATE_JOINED;
}
cleanup:
IDM_RWMUTEX_UNLOCK(&pKrbContext->mutex_rw, bLocked, dwCleanupError);
IDM_SAFE_FREE_MEMORY(pszAccount);
IDM_SAFE_FREE_MEMORY(pszDomain);
if (pAcctInfo)
{
LsaAdFreeMachineAccountInfo(pAcctInfo);
}
if (hLsa)
{
LsaCloseServer(hLsa);
}
if(!dwError)
{
dwError = dwCleanupError;
}
return dwError;
error:
dwError = ERROR_NOT_JOINED;
goto cleanup;
}
static
DWORD
EnumObjects(
VOID
)
{
DWORD dwError = 0;
HANDLE hLsa = NULL;
HANDLE hEnum = NULL;
PLSA_SECURITY_OBJECT* ppObjects = NULL;
const DWORD dwMaxCount = 512;
DWORD dwCount = 0;
DWORD dwIndex = 0;
DWORD dwTotalIndex = 0;
dwError = LsaOpenServer(&hLsa);
BAIL_ON_LSA_ERROR(dwError);
dwError = LsaOpenEnumObjects(
hLsa,
gState.pszTargetProvider,
&hEnum,
gState.FindFlags,
gState.ObjectType,
gState.pszDomainName);
BAIL_ON_LSA_ERROR(dwError);
for (dwTotalIndex = 0;;)
{
dwError = LsaEnumObjects(
hLsa,
hEnum,
dwMaxCount,
&dwCount,
&ppObjects);
if (dwError == ERROR_NO_MORE_ITEMS)
{
dwError = 0;
break;
}
BAIL_ON_LSA_ERROR(dwError);
for (dwIndex = 0; dwIndex < dwCount; dwIndex++, dwTotalIndex++)
{
if (ppObjects[dwIndex])
{
PrintSecurityObject(ppObjects[dwIndex], dwTotalIndex, 0, FALSE);
printf("\n");
}
}
if (ppObjects)
{
LsaFreeSecurityObjectList(dwCount, ppObjects);
}
}
cleanup:
if (ppObjects)
{
LsaFreeSecurityObjectList(dwCount, ppObjects);
}
if (hEnum)
{
LsaCloseEnum(hLsa, hEnum);
}
if (hLsa)
{
LsaCloseServer(hLsa);
}
return dwError;
error:
goto cleanup;
}
void
DJManageDaemons(
BOOLEAN bStart,
LWException **exc
)
{
BOOLEAN bFileExists = TRUE;
FILE* fp = NULL;
LWException *innerExc = NULL;
int i;
PLSA_LOG_INFO pLogInfo = NULL;
BOOLEAN bLsassContacted = FALSE;
DWORD dwError = 0;
LW_HANDLE hLsa = NULL;
LW_CLEANUP_CTERR(exc, CTCheckFileExists(PWGRD, &bFileExists));
if(bFileExists)
{
//Shutdown pwgr (a nscd-like daemon) on HP-UX because it only handles
//usernames up to 8 characters in length.
LW_TRY(exc, DJStartStopDaemon("pwgr", FALSE, &LW_EXC));
LW_CLEANUP_CTERR(exc, CTRunSedOnFile(PWGRD, PWGRD, FALSE, "s/=1/=0/"));
}
if(bStart)
{
// Set registry value for gpagentd to autostart.
dwError = SetBooleanRegistryValue("Services\\gpagent", "Autostart", TRUE);
// Trigger gpagentd start
dwError = DJStartService("gpagent");
// Make sure lsass is responding
bLsassContacted = FALSE;
for (i = 0; !bLsassContacted && i < 30; i++)
{
DJ_LOG_INFO("Trying to contact lsassd");
if (hLsa)
{
LsaCloseServer(hLsa);
hLsa = NULL;
}
dwError = LsaOpenServer(&hLsa);
if (dwError == ERROR_FILE_NOT_FOUND ||
dwError == LW_ERROR_ERRNO_ECONNREFUSED)
{
DJ_LOG_INFO("Failed with %d", dwError);
dwError = 0;
sleep(1);
continue;
}
LW_CLEANUP_CTERR(exc, dwError);
LW_CLEANUP_CTERR(exc, LsaGetLogInfo(hLsa, &pLogInfo));
bLsassContacted = TRUE;
}
if (!bLsassContacted)
{
LW_RAISE_EX(exc, ERROR_SERVICE_NOT_ACTIVE, "Unable to reach lsassd", "The lsass daemon could not be reached for 30 seconds after trying to start it. Please verify it is running.");
goto cleanup;
}
}
else
{
dwError = SetBooleanRegistryValue("Services\\gpagent", "Autostart", FALSE);
dwError = DJStopService("gpagent");
}
cleanup:
CTSafeCloseFile(&fp);
if (pLogInfo)
{
LsaFreeLogInfo(pLogInfo);
}
if (hLsa)
{
LsaCloseServer(hLsa);
}
LW_HANDLE(&innerExc);
}
DWORD
Lwt_LsaTestSetup(
int argc,
char *argv[],
HANDLE *phLsaConnection,
PTESTDATA *ppTestData
)
{
DWORD dwError = LW_ERROR_SUCCESS;
HANDLE hLsaConnection = NULL;
PSTR pszUsersFilename = NULL;
PSTR pszGroupsFilename = NULL;
PSTR pszInvalidFileName = NULL;
PSTR pszLogFilename = NULL;
int nLogLevel = 0;
int nAppend = 0;
PLWTDATAIFACE pLwtUserIface = NULL;
PLWTDATAIFACE pLwtGroupIface = NULL;
PLWTDATAIFACE pLwtInvalidDataIface = NULL;
DWORD dwMaxGroup = 0;
DWORD dwMaxUser = 0;
DWORD dwMaxInvalidDataSet = 0;
int nDataFormat = -1; /* Update it from the config file */
PLWTCSV pGroupInfo = NULL;
PTESTDATA pTestData = NULL;
ParseArgs(
argc,
argv,
&pszUsersFilename,
&pszGroupsFilename,
&pszInvalidFileName,
&pszLogFilename,
&nLogLevel,
&nAppend);
nDataFormat = LWT_DATA_CSV; /* FIXME -- hardcoding to CSV. */
dwError = LsaOpenServer(&hLsaConnection);
BAIL_ON_LWT_ERROR(dwError);
if(nDataFormat == LWT_DATA_CSV)
{
if ( !IsNullOrEmpty(pszUsersFilename) )
{
dwError = Csv_LoadInterface(&pLwtUserIface);
BAIL(dwError);
dwError = InitialiseUserInfo(pszUsersFilename, &pLwtUserIface, &dwMaxUser);
BAIL(dwError);
}
if ( !IsNullOrEmpty(pszGroupsFilename))
{
dwError = Csv_LoadInterface(&pLwtGroupIface);
BAIL(dwError);
dwError = InitializeGroupInfo(pszGroupsFilename, &pLwtGroupIface, &dwMaxGroup);
BAIL(dwError);
}
if ( !IsNullOrEmpty(pszInvalidFileName) )
{
dwError = Csv_LoadInterface(&pLwtInvalidDataIface);
BAIL(dwError);
dwError = InitialiseInvalidDataSet(pszInvalidFileName, &pLwtInvalidDataIface, &dwMaxInvalidDataSet);
BAIL(dwError);
}
}
else if (nDataFormat == LWT_DATA_LDIF)
{
if ( !IsNullOrEmpty(pszUsersFilename) )
{
dwError = Ldif_LoadInterface(&pLwtUserIface);
BAIL(dwError);
InitialiseUserInfo(pszUsersFilename, &pLwtUserIface, &dwMaxUser);
BAIL(dwError);
}
if ( !IsNullOrEmpty(pszGroupsFilename))
{
dwError = Ldif_LoadInterface(&pLwtGroupIface);
BAIL(dwError);
dwError = InitializeGroupInfo(
pszGroupsFilename,
&pLwtGroupIface,
&dwMaxGroup);
BAIL(dwError);
}
}
else
{
dwError = LW_ERROR_DATA_ERROR;
BAIL(dwError);
}
dwError = LwtInitLogging(pszLogFilename, nAppend, nLogLevel);
BAIL(dwError);
dwError = LwAllocateMemory(sizeof(TESTDATA), (PVOID)&pTestData);
BAIL_ON_LWT_ERROR(dwError);
cleanup:
LW_SAFE_FREE_STRING(pszUsersFilename);
LW_SAFE_FREE_STRING(pszGroupsFilename);
if ( pTestData )
{
pTestData->pUserIface = pLwtUserIface;
pTestData->pGroupIface = pLwtGroupIface;
pTestData->pInvalidDataIface = pLwtInvalidDataIface;
pTestData->dwNumGroups = dwMaxGroup;
pTestData->dwNumUsers = dwMaxUser;
pTestData->dwNumInvalidDataSet = dwMaxInvalidDataSet;
}
*phLsaConnection = hLsaConnection;
*ppTestData = pTestData;
return dwError;
error:
if(pGroupInfo)
{
DestroyGroupInfo(pLwtGroupIface);
pGroupInfo = NULL;
}
if ( hLsaConnection != (HANDLE)NULL)
{
LsaCloseServer(hLsaConnection);
hLsaConnection = NULL;
}
LW_SAFE_FREE_MEMORY(pTestData);
LwtShutdownLogging();
goto cleanup;
}
static
DWORD
QueryMemberOf(
VOID
)
{
DWORD dwError = 0;
HANDLE hLsa = NULL;
DWORD dwIndex = 0;
PLSA_SECURITY_OBJECT* ppObjects = NULL;
PSTR pszSid = NULL;
PSTR* ppszSids = NULL;
DWORD dwSidCount = 0;
DWORD dwGroupSidCount = 0;
PSTR* ppszGroupSids = NULL;
dwError = LsaOpenServer(&hLsa);
BAIL_ON_LSA_ERROR(dwError);
dwError = LwAllocateMemory(sizeof(*ppszSids) * gState.dwCount, OUT_PPVOID(&ppszSids));
BAIL_ON_LSA_ERROR(dwError);
for (dwIndex = 0; dwIndex < gState.dwCount; dwIndex++)
{
dwError = ResolveSid(hLsa, gState.QueryType, gState.QueryList, dwIndex, &pszSid);
BAIL_ON_LSA_ERROR(dwError);
if (!pszSid)
{
switch(gState.QueryType)
{
case LSA_QUERY_TYPE_BY_UNIX_ID:
printf("Not found: %lu\n\n", (unsigned long) gState.QueryList.pdwIds[dwIndex]);
if (gState.dwCount == 1)
{
dwError = LW_ERROR_NO_SUCH_OBJECT;
BAIL_ON_LSA_ERROR(dwError);
}
break;
default:
printf("Not found: %s\n\n", gState.QueryList.ppszStrings[dwIndex]);
if (gState.dwCount == 1)
{
dwError = LW_ERROR_NO_SUCH_OBJECT;
BAIL_ON_LSA_ERROR(dwError);
}
break;
}
}
else
{
ppszSids[dwSidCount++] = pszSid;
pszSid = NULL;
}
}
dwError = LsaQueryMemberOf(
hLsa,
gState.pszTargetProvider,
gState.FindFlags,
dwSidCount,
ppszSids,
&dwGroupSidCount,
&ppszGroupSids);
BAIL_ON_LSA_ERROR(dwError);
dwError = ResolveGroups(hLsa, dwGroupSidCount, ppszGroupSids, &ppObjects);
BAIL_ON_LSA_ERROR(dwError);
for (dwIndex = 0; dwIndex < dwGroupSidCount; dwIndex++)
{
if (ppObjects[dwIndex])
{
PrintSecurityObject(ppObjects[dwIndex], dwIndex, dwGroupSidCount, gState.bPBOutputMode);
if (!gState.bPBOutputMode)
{
printf("\n");
}
}
else
{
printf("Unresolvable SID [%u of %u] (%s)\n\n",
dwIndex + 1, dwGroupSidCount, ppszGroupSids[dwIndex]);
}
}
cleanup:
LW_SAFE_FREE_MEMORY(pszSid);
if (ppszGroupSids)
{
LsaFreeSidList(dwGroupSidCount, ppszGroupSids);
}
if (ppszSids)
{
LsaFreeSidList(dwSidCount, ppszSids);
}
if (hLsa)
{
LsaCloseServer(hLsa);
}
if (ppObjects)
{
LsaFreeSecurityObjectList(dwGroupSidCount, ppObjects);
}
return dwError;
error:
goto cleanup;
}
wbcErr
wbcDomainInfo(
IN const char *domain,
OUT struct wbcDomainInfo **info
)
{
wbcErr wbc_status = WBC_ERR_UNKNOWN_FAILURE;
DWORD dwErr = LW_ERROR_INTERNAL;
HANDLE hLsa = (HANDLE)NULL;
PLSASTATUS pLsaStatus = NULL;
struct wbcDomainInfo *pWbcDomInfo = NULL;
PLSA_TRUSTED_DOMAIN_INFO pLsaDomInfo = NULL;
PLSA_AUTH_PROVIDER_STATUS pADProvStatus = NULL;
int i = 0;
/* Sanity check */
BAIL_ON_NULL_PTR_PARAM(domain, dwErr);
BAIL_ON_NULL_PTR_PARAM(info, dwErr);
/* Work */
dwErr = LsaOpenServer(&hLsa);
BAIL_ON_LSA_ERR(dwErr);
dwErr = LsaGetStatus(hLsa, &pLsaStatus);
BAIL_ON_LSA_ERR(dwErr);
/* Find the AD provider entry */
for (i=0; i<pLsaStatus->dwCount; i++)
{
if (strcmp(pLsaStatus->pAuthProviderStatusList[i].pszId,
LSA_PROVIDER_TAG_AD) == 0)
{
pADProvStatus = &pLsaStatus->pAuthProviderStatusList[i];
break;
}
}
if (pADProvStatus == NULL)
{
dwErr = LW_ERROR_NO_SUCH_DOMAIN;
BAIL_ON_LSA_ERR(dwErr);
}
/* Find the requested domain */
for (i=0; i<pADProvStatus->dwNumTrustedDomains; i++)
{
PLSA_TRUSTED_DOMAIN_INFO pCursorDomInfo = NULL;
pCursorDomInfo = &pADProvStatus->pTrustedDomainInfoArray[i];
if (StrEqual(pCursorDomInfo->pszDnsDomain, domain) ||
StrEqual(pCursorDomInfo->pszNetbiosDomain, domain))
{
pLsaDomInfo = pCursorDomInfo;
break;
}
}
if (pLsaDomInfo == NULL)
{
dwErr = LW_ERROR_NO_SUCH_DOMAIN;
BAIL_ON_LSA_ERR(dwErr);
}
/* Fill in the domain info */
pWbcDomInfo = _wbc_malloc_zero(
sizeof(struct wbcDomainInfo),
FreeWbcDomainInfo);
BAIL_ON_NULL_PTR(pWbcDomInfo, dwErr);
dwErr = FillDomainInfo(pWbcDomInfo, pLsaDomInfo);
BAIL_ON_LSA_ERR(dwErr);
*info = pWbcDomInfo;
pWbcDomInfo = NULL;
cleanup:
if (pLsaStatus)
{
LsaFreeStatus(pLsaStatus);
}
if (hLsa != (HANDLE)NULL) {
LsaCloseServer(hLsa);
}
_WBC_FREE(pWbcDomInfo);
wbc_status = map_error_to_wbc_status(dwErr);
return wbc_status;
}
static
DWORD
DoJoinDomain(
IN PCSTR pszDomain,
IN PCSTR pszUsername,
IN PCSTR pszPassword,
IN PCSTR pszMachineName,
IN PCSTR pszDnsSuffix,
IN OPTIONAL PCSTR pszOu,
IN PCSTR pszOsName,
IN PCSTR pszOsVersion,
IN PCSTR pszOsServicePack,
IN LSA_NET_JOIN_FLAGS JoinFlags
)
{
DWORD dwError = 0;
HANDLE hLsa = NULL;
PSTR pszCurrentDomain = NULL;
assert(pszDomain);
assert(pszUsername);
assert(pszPassword);
assert(pszMachineName);
assert(pszDnsSuffix);
assert(pszOsName);
assert(pszOsVersion);
assert(pszOsServicePack);
printf("Joining to AD Domain: %s\n"
"With Computer DNS Name: %s.%s\n\n",
pszDomain,
pszMachineName,
pszDnsSuffix);
dwError = LsaOpenServer(&hLsa);
GOTO_CLEANUP_ON_WINERROR(dwError);
dwError = LsaAdJoinDomain(
hLsa,
pszMachineName,
pszDnsSuffix,
pszDomain,
pszOu,
pszUsername,
pszPassword,
pszOsName,
pszOsVersion,
pszOsServicePack,
JoinFlags);
GOTO_CLEANUP_ON_WINERROR(dwError);
printf("SUCCESS!\n");
dwError = GetCurrentDomain(&pszCurrentDomain);
GOTO_CLEANUP_ON_WINERROR(dwError);
printf("Your computer is now joined to '%s'\n", pszCurrentDomain);
cleanup:
if (hLsa)
{
LsaCloseServer(hLsa);
}
LW_SAFE_FREE_MEMORY(pszCurrentDomain);
return dwError;
}
static
DWORD
ConstructSecurityDescriptor(
DWORD dwAllowUserCount,
PWSTR* ppwszAllowUsers,
DWORD dwDenyUserCount,
PWSTR* ppwszDenyUsers,
BOOLEAN bReadOnly,
PSECURITY_DESCRIPTOR_RELATIVE* ppRelative,
PDWORD pdwRelativeSize
)
{
DWORD dwError = 0;
PSECURITY_DESCRIPTOR_ABSOLUTE pAbsolute = NULL;
PSECURITY_DESCRIPTOR_RELATIVE pRelative = NULL;
union
{
SID sid;
BYTE buffer[SID_MAX_SIZE];
} Owner;
union
{
SID sid;
BYTE buffer[SID_MAX_SIZE];
} Group;
ULONG OwnerSidSize = sizeof(Owner.buffer);
ULONG GroupSidSize = sizeof(Group.buffer);
DWORD dwDaclSize = 0;
PACL pDacl = NULL;
DWORD dwIndex = 0;
PSID pSid = NULL;
ULONG ulRelativeSize = 0;
HANDLE hLsa = NULL;
ACCESS_MASK mask = bReadOnly ?
(FILE_GENERIC_READ|FILE_GENERIC_EXECUTE) :
FILE_ALL_ACCESS;
dwError = LsaOpenServer(&hLsa);
BAIL_ON_LTNET_ERROR(dwError);
dwError = LwNtStatusToWin32Error(
RtlCreateWellKnownSid(
WinBuiltinAdministratorsSid,
NULL,
&Owner.sid,
&OwnerSidSize));
BAIL_ON_LTNET_ERROR(dwError);
dwError = LwNtStatusToWin32Error(
RtlCreateWellKnownSid(
WinBuiltinPowerUsersSid,
NULL,
&Group.sid,
&GroupSidSize));
BAIL_ON_LTNET_ERROR(dwError);
dwDaclSize = ACL_HEADER_SIZE +
dwAllowUserCount * (sizeof(ACCESS_ALLOWED_ACE) + SID_MAX_SIZE) +
dwDenyUserCount * (sizeof(ACCESS_DENIED_ACE) + SID_MAX_SIZE) +
RtlLengthSid(&Owner.sid) + RtlLengthSid(&Group.sid);
dwError = LwNetAllocateMemory(
dwDaclSize,
OUT_PPVOID(&pDacl));
BAIL_ON_LTNET_ERROR(dwError);
dwError = LwNtStatusToWin32Error(
RtlCreateAcl(pDacl, dwDaclSize, ACL_REVISION));
BAIL_ON_LTNET_ERROR(dwError);
for (dwIndex = 0; dwIndex < dwDenyUserCount; dwIndex++)
{
dwError = MapNameToSid(hLsa, ppwszDenyUsers[dwIndex], &pSid);
if (dwError != LW_ERROR_SUCCESS)
{
dwError = MapBuiltinNameToSid(&pSid, ppwszDenyUsers[dwIndex]);
}
BAIL_ON_LTNET_ERROR(dwError);
dwError = LwNtStatusToWin32Error(
RtlAddAccessDeniedAceEx(
pDacl,
ACL_REVISION,
0,
FILE_ALL_ACCESS,
pSid));
BAIL_ON_LTNET_ERROR(dwError);
RTL_FREE(&pSid);
}
for (dwIndex = 0; dwIndex < dwAllowUserCount; dwIndex++)
{
dwError = MapNameToSid(hLsa, ppwszAllowUsers[dwIndex], &pSid);
if (dwError != LW_ERROR_SUCCESS)
{
dwError = MapBuiltinNameToSid(&pSid, ppwszAllowUsers[dwIndex]);
}
BAIL_ON_LTNET_ERROR(dwError);
dwError = LwNtStatusToWin32Error(
RtlAddAccessAllowedAceEx(
pDacl,
ACL_REVISION,
0,
mask,
pSid));
BAIL_ON_LTNET_ERROR(dwError);
RTL_FREE(&pSid);
}
dwError = LwNetAllocateMemory(
SECURITY_DESCRIPTOR_ABSOLUTE_MIN_SIZE,
OUT_PPVOID(&pAbsolute));
BAIL_ON_LTNET_ERROR(dwError);
dwError = LwNtStatusToWin32Error(
RtlCreateSecurityDescriptorAbsolute(
pAbsolute,
SECURITY_DESCRIPTOR_REVISION));
BAIL_ON_LTNET_ERROR(dwError);
dwError = LwNtStatusToWin32Error(
RtlSetOwnerSecurityDescriptor(
pAbsolute,
&Owner.sid,
FALSE));
BAIL_ON_LTNET_ERROR(dwError);
dwError = LwNtStatusToWin32Error(
RtlSetGroupSecurityDescriptor(
pAbsolute,
&Group.sid,
FALSE));
BAIL_ON_LTNET_ERROR(dwError);
dwError = LwNtStatusToWin32Error(
RtlSetDaclSecurityDescriptor(
pAbsolute,
TRUE,
pDacl,
FALSE));
BAIL_ON_LTNET_ERROR(dwError);
RtlAbsoluteToSelfRelativeSD(
pAbsolute,
NULL,
&ulRelativeSize);
dwError = LwNetAllocateMemory(ulRelativeSize, OUT_PPVOID(&pRelative));
BAIL_ON_LTNET_ERROR(dwError);
dwError = LwNtStatusToWin32Error(
RtlAbsoluteToSelfRelativeSD(
pAbsolute,
pRelative,
&ulRelativeSize));
BAIL_ON_LTNET_ERROR(dwError);
*ppRelative = pRelative;
*pdwRelativeSize = ulRelativeSize;
cleanup:
if (hLsa)
{
LsaCloseServer(hLsa);
}
LTNET_SAFE_FREE_MEMORY(pSid);
LTNET_SAFE_FREE_MEMORY(pDacl);
LTNET_SAFE_FREE_MEMORY(pAbsolute);
return dwError;
error:
*ppRelative = NULL;
*pdwRelativeSize = 0;
LTNET_SAFE_FREE_MEMORY(pRelative);
goto cleanup;
}
int
list_groups_for_user_main(
int argc,
char* argv[]
)
{
DWORD dwError = 0;
HANDLE hLsaConnection = (HANDLE)NULL;
PCSTR pszUserName = NULL;
DWORD dwNumGroups = 0;
DWORD iGroup = 0;
LSA_FIND_FLAGS FindFlags = 0;
DWORD dwGroupInfoLevel = 0;
PVOID* ppGroupInfoList = NULL;
DWORD dwId = 0;
BOOLEAN bShowSid = FALSE;
size_t dwErrorBufferSize = 0;
BOOLEAN bPrintOrigError = TRUE;
ParseArgs(argc, argv, &pszUserName, &dwId, &bShowSid);
if (pszUserName)
{
dwError = LsaValidateUserName(pszUserName);
BAIL_ON_LSA_ERROR(dwError);
}
dwError = LsaOpenServer(&hLsaConnection);
BAIL_ON_LSA_ERROR(dwError);
if (pszUserName)
{
dwError = LsaGetGroupsForUserByName(
hLsaConnection,
pszUserName,
FindFlags,
dwGroupInfoLevel,
&dwNumGroups,
&ppGroupInfoList);
BAIL_ON_LSA_ERROR(dwError);
}
else
{
dwError = LsaGetGroupsForUserById(
hLsaConnection,
dwId,
FindFlags,
dwGroupInfoLevel,
&dwNumGroups,
&ppGroupInfoList);
BAIL_ON_LSA_ERROR(dwError);
}
if (pszUserName)
{
printf("Number of groups found for user '%s' : %u\n", pszUserName, dwNumGroups);
}
else
{
printf("Number of groups found for uid %u : %u\n", dwId, dwNumGroups);
}
switch(dwGroupInfoLevel)
{
case 0:
for (iGroup = 0; iGroup < dwNumGroups; iGroup++)
{
PLSA_GROUP_INFO_0* pGroupInfoList = (PLSA_GROUP_INFO_0*)ppGroupInfoList;
if (bShowSid)
{
fprintf(stdout,
"Group[%u of %u] name = %s (gid = %u, sid = %s)\n",
iGroup+1,
dwNumGroups,
pGroupInfoList[iGroup]->pszName,
(unsigned int) pGroupInfoList[iGroup]->gid,
pGroupInfoList[iGroup]->pszSid);
}
else
{
fprintf(stdout,
"Group[%u of %u] name = %s (gid = %u)\n",
iGroup+1,
dwNumGroups,
pGroupInfoList[iGroup]->pszName,
(unsigned int) pGroupInfoList[iGroup]->gid);
}
}
break;
default:
dwError = LW_ERROR_UNSUPPORTED_GROUP_LEVEL;
BAIL_ON_LSA_ERROR(dwError);
break;
}
cleanup:
if (ppGroupInfoList)
{
LsaFreeGroupInfoList(dwGroupInfoLevel, ppGroupInfoList, dwNumGroups);
}
if (hLsaConnection)
{
LsaCloseServer(hLsaConnection);
}
return (dwError);
error:
dwError = MapErrorCode(dwError);
dwErrorBufferSize = LwGetErrorString(dwError, NULL, 0);
if (dwErrorBufferSize > 0)
{
DWORD dwError2 = 0;
PSTR pszErrorBuffer = NULL;
dwError2 = LwAllocateMemory(
dwErrorBufferSize,
(PVOID*)&pszErrorBuffer);
if (!dwError2)
{
DWORD dwLen = LwGetErrorString(dwError, pszErrorBuffer, dwErrorBufferSize);
if ((dwLen == dwErrorBufferSize) && !LW_IS_NULL_OR_EMPTY_STR(pszErrorBuffer))
{
if (pszUserName)
{
fprintf(
stderr,
"Failed to find groups for user '%s'. Error code %u (%s).\n%s\n",
pszUserName,
dwError,
LW_PRINTF_STRING(LwWin32ExtErrorToName(dwError)),
pszErrorBuffer);
}
else
{
fprintf(
stderr,
"Failed to find groups for uid %u. Error code %u (%s).\n%s\n",
dwId,
dwError,
LW_PRINTF_STRING(LwWin32ExtErrorToName(dwError)),
pszErrorBuffer);
}
bPrintOrigError = FALSE;
}
}
LW_SAFE_FREE_STRING(pszErrorBuffer);
}
if (bPrintOrigError)
{
if (pszUserName)
{
fprintf(
stderr,
"Failed to find groups for user '%s'. Error code %u (%s).\n",
pszUserName,
dwError,
LW_PRINTF_STRING(LwWin32ExtErrorToName(dwError)));
}
else
{
fprintf(
stderr,
"Failed to find groups for uid %u. Error code %u (%s).\n",
dwId,
dwError,
LW_PRINTF_STRING(LwWin32ExtErrorToName(dwError)));
}
}
goto cleanup;
}
static
DWORD
DeconstructSecurityDescriptor(
DWORD dwLength,
PSECURITY_DESCRIPTOR_RELATIVE pRelative,
PDWORD pdwAllowUserCount,
PWSTR** pppwszAllowUsers,
PDWORD pdwDenyUserCount,
PWSTR** pppwszDenyUsers,
PBOOLEAN pbReadOnly
)
{
NTSTATUS status = STATUS_SUCCESS;
DWORD dwError = 0;
ULONG ulSize = 0;
ULONG ulDaclSize = 0;
ULONG ulSaclSize = 0;
ULONG ulOwnerSize = 0;
ULONG ulGroupSize = 0;
PSID pOwner = NULL;
PSID pGroup = NULL;
PACL pSacl = NULL;
PSECURITY_DESCRIPTOR_ABSOLUTE pAbsolute = NULL;
PACL pDacl = NULL;
ULONG ulIndex = 0;
PVOID pAce = NULL;
PACCESS_ALLOWED_ACE pAllow = NULL;
PACCESS_DENIED_ACE pDeny = NULL;
DWORD dwAllowUserCount = 0;
PWSTR* ppwszAllowUsers = NULL;
DWORD dwDenyUserCount = 0;
PWSTR* ppwszDenyUsers = NULL;
PSID pSid = NULL;
PWSTR pwszUser = NULL;
HANDLE hLsa = NULL;
ACCESS_MASK leastMask = FILE_ALL_ACCESS;
dwError = LsaOpenServer(&hLsa);
BAIL_ON_LTNET_ERROR(dwError);
status = RtlSelfRelativeToAbsoluteSD(
pRelative,
pAbsolute,
&ulSize,
pDacl,
&ulDaclSize,
pSacl,
&ulSaclSize,
pOwner,
&ulOwnerSize,
pGroup,
&ulGroupSize);
if (status != STATUS_BUFFER_TOO_SMALL)
{
dwError = LwNtStatusToWin32Error(status);
BAIL_ON_LTNET_ERROR(dwError);
}
dwError = LwNetAllocateMemory(ulSize, OUT_PPVOID(&pAbsolute));
BAIL_ON_LTNET_ERROR(dwError);
if (ulDaclSize)
{
dwError = LwNetAllocateMemory(ulDaclSize, OUT_PPVOID(&pDacl));
BAIL_ON_LTNET_ERROR(dwError);
}
if (ulSaclSize)
{
dwError = LwNetAllocateMemory(ulSaclSize, OUT_PPVOID(&pSacl));
BAIL_ON_LTNET_ERROR(dwError);
}
if (ulOwnerSize)
{
dwError = LwNetAllocateMemory(ulOwnerSize, OUT_PPVOID(&pOwner));
BAIL_ON_LTNET_ERROR(dwError);
}
if (ulGroupSize)
{
dwError = LwNetAllocateMemory(ulGroupSize, OUT_PPVOID(&pGroup));
BAIL_ON_LTNET_ERROR(dwError);
}
dwError = LwNtStatusToWin32Error(
RtlSelfRelativeToAbsoluteSD(
pRelative,
pAbsolute,
&ulSize,
pDacl,
&ulDaclSize,
pSacl,
&ulSaclSize,
pOwner,
&ulOwnerSize,
pGroup,
&ulGroupSize));
BAIL_ON_LTNET_ERROR(dwError);
if (pDacl)
{
for (ulIndex = 0; ulIndex < RtlGetAclAceCount(pDacl); ulIndex++)
{
RtlGetAce(pDacl, ulIndex, &pAce);
switch(((PACE_HEADER) pAce)->AceType)
{
case ACCESS_ALLOWED_ACE_TYPE:
pAllow = pAce;
pSid = (PSID) &pAllow->SidStart;
if ((pAllow->Mask & FILE_GENERIC_READ) == FILE_GENERIC_READ)
{
dwError = MapSidToName(hLsa, pSid, &pwszUser);
if (dwError != LW_ERROR_SUCCESS)
{
dwError = MapBuiltinSidToName(&pwszUser, pSid);
}
BAIL_ON_LTNET_ERROR(dwError);
dwError = LwNetAppendStringArray(
&dwAllowUserCount,
&ppwszAllowUsers,
pwszUser);
BAIL_ON_LTNET_ERROR(dwError);
pwszUser = NULL;
leastMask &= pAllow->Mask;
}
break;
case ACCESS_DENIED_ACE_TYPE:
pDeny = pAce;
pSid = (PSID) &pDeny->SidStart;
if ((pDeny->Mask & FILE_GENERIC_READ) == FILE_GENERIC_READ)
{
dwError = MapSidToName(hLsa, pSid, &pwszUser);
if (dwError != LW_ERROR_SUCCESS)
{
dwError = MapBuiltinSidToName(&pwszUser, pSid);
}
BAIL_ON_LTNET_ERROR(dwError);
dwError = LwNetAppendStringArray(
&dwDenyUserCount,
&ppwszDenyUsers,
pwszUser);
BAIL_ON_LTNET_ERROR(dwError);
pwszUser = NULL;
}
break;
default:
break;
}
}
}
*pppwszAllowUsers = ppwszAllowUsers;
*pdwAllowUserCount = dwAllowUserCount;
*pppwszDenyUsers = ppwszDenyUsers;
*pdwDenyUserCount = dwDenyUserCount;
*pbReadOnly = !((leastMask & FILE_GENERIC_WRITE) == FILE_GENERIC_WRITE);
cleanup:
if (hLsa)
{
LsaCloseServer(hLsa);
}
LTNET_SAFE_FREE_MEMORY(pSacl);
LTNET_SAFE_FREE_MEMORY(pOwner);
LTNET_SAFE_FREE_MEMORY(pGroup);
LTNET_SAFE_FREE_MEMORY(pwszUser);
LTNET_SAFE_FREE_MEMORY(pDacl);
LTNET_SAFE_FREE_MEMORY(pAbsolute);
return dwError;
error:
*pppwszAllowUsers = NULL;
*pdwAllowUserCount = 0;
*pppwszDenyUsers = NULL;
*pdwDenyUserCount = 0;
goto cleanup;
}
int
pam_sm_open_session(
pam_handle_t* pamh,
int flags,
int argc,
const char** argv
)
{
DWORD dwError = 0;
PPAMCONTEXT pPamContext = NULL;
HANDLE hLsaConnection = (HANDLE)NULL;
PSTR pszLoginId = NULL;
PLSA_PAM_CONFIG pConfig = NULL;
#ifdef HAVE_PAM_PUTENV
PSTR pszSmartCardReader = NULL;
PSTR pszSmartCardReaderEnv = NULL;
#endif /* HAVE_PAM_PUTENV */
LSA_LOG_PAM_DEBUG("pam_sm_open_session::begin");
dwError = LsaPamGetConfig(&pConfig);
BAIL_ON_LSA_ERROR(dwError);
LsaPamSetLogLevel(pConfig->dwLogLevel);
dwError = LsaPamGetContext(
pamh,
flags,
argc,
argv,
&pPamContext);
BAIL_ON_LSA_ERROR(dwError);
dwError = LsaPamGetLoginId(
pamh,
pPamContext,
&pszLoginId,
TRUE);
BAIL_ON_LSA_ERROR(dwError);
#ifdef HAVE_PAM_PUTENV
dwError = pam_get_data(
pamh,
PAM_LSASS_SMART_CARD_READER,
(PAM_GET_DATA_TYPE)&pszSmartCardReader);
/* pszSmartCardReader will be freed when the module is closed. */
if (dwError == PAM_SUCCESS && pszSmartCardReader != NULL)
{
dwError = LwAllocateStringPrintf(
&pszSmartCardReaderEnv,
"LW_SMART_CARD_READER=%s",
pszSmartCardReader);
BAIL_ON_LSA_ERROR(dwError);
dwError = pam_putenv(
pamh,
pszSmartCardReaderEnv);
BAIL_ON_LSA_ERROR(dwError);
}
#endif /* HAVE_PAM_PUTENV */
if (LsaShouldIgnoreUser(pszLoginId))
{
LSA_LOG_PAM_DEBUG("By passing lsassd for local account");
dwError = LW_ERROR_NOT_HANDLED;
BAIL_ON_LSA_ERROR(dwError);
}
dwError = LsaOpenServer(&hLsaConnection);
BAIL_ON_LSA_ERROR(dwError);
dwError = LsaOpenSession(
hLsaConnection,
pszLoginId);
BAIL_ON_LSA_ERROR(dwError);
if (pPamContext &&
pConfig->bLsaPamDisplayMOTD)
{
dwError = LsaPamDisplayMOTD(
pamh,
pPamContext);
BAIL_ON_LSA_ERROR(dwError);
}
if (pPamContext &&
pPamContext->bOnlineLogon)
{
dwError = LsaPamNotifyUserLogon(
pszLoginId);
if (dwError == LW_ERROR_LOAD_LIBRARY_FAILED ||
dwError == LW_ERROR_LOOKUP_SYMBOL_FAILED )
{
dwError = 0;
}
BAIL_ON_LSA_ERROR(dwError);
}
cleanup:
if (hLsaConnection != (HANDLE)NULL) {
LsaCloseServer(hLsaConnection);
}
if (pConfig)
{
LsaPamFreeConfig(pConfig);
}
LW_SAFE_FREE_STRING(pszLoginId);
#ifdef HAVE_PAM_PUTENV
LW_SAFE_FREE_STRING(pszSmartCardReaderEnv);
#endif /* HAVE_PAM_PUTENV */
LSA_LOG_PAM_DEBUG("pam_sm_open_session::end");
return LsaPamOpenPamFilterOpenSession(
LsaPamMapErrorCode(dwError, pPamContext));
error:
if ((dwError == LW_ERROR_NO_SUCH_USER) || (dwError == LW_ERROR_NOT_HANDLED))
{
LSA_LOG_PAM_WARNING("pam_sm_open_session failed [login:%s][error code: %u]",
LSA_SAFE_LOG_STRING(pszLoginId),
dwError);
}
else
{
LSA_LOG_PAM_ERROR("pam_sm_open_session failed [login:%s][error code: %u]",
LSA_SAFE_LOG_STRING(pszLoginId),
dwError);
}
goto cleanup;
}
static
DWORD
AddGroup(
PCSTR pszGid,
PCSTR pszGroup
)
{
DWORD dwError = 0;
HANDLE hLsaConnection = (HANDLE)NULL;
PSTR pszError = NULL;
DWORD dwGroupInfoLevel = 1;
PLSA_GROUP_INFO_1 pGroupInfo = NULL;
dwError = BuildGroupInfo(
(LW_IS_NULL_OR_EMPTY_STR(pszGid) ? 0 : (gid_t)atoi(pszGid)),
pszGroup,
&pGroupInfo
);
BAIL_ON_LSA_ERROR(dwError);
dwError = LsaOpenServer(&hLsaConnection);
BAIL_ON_LSA_ERROR(dwError);
dwError = LsaAddGroup(
hLsaConnection,
pGroupInfo,
dwGroupInfoLevel);
BAIL_ON_LSA_ERROR(dwError);
cleanup:
LW_SAFE_FREE_STRING(pszError);
if (hLsaConnection != (HANDLE)NULL) {
LsaCloseServer(hLsaConnection);
}
if (pGroupInfo) {
LsaFreeGroupInfo(dwGroupInfoLevel, pGroupInfo);
}
return dwError;
error:
switch(dwError)
{
case LW_ERROR_GROUP_EXISTS:
{
fprintf(stderr, "Error: Attempt to add a duplicate group\n");
break;
}
default:
{
if (!LW_IS_NULL_OR_EMPTY_STR(pszError)) {
fprintf(stderr, "Error: %s\n", pszError);
} else {
fprintf(stderr,
"Error: Failed to add group. code [%u]\n",
dwError);
}
break;
}
}
goto cleanup;
}
DWORD
GetMachinePassword(
OUT OPTIONAL PWSTR* ppwszDnsDomainName,
OUT OPTIONAL PWSTR* ppwszMachineSamAccountName,
OUT OPTIONAL PWSTR* ppwszMachinePassword,
OUT OPTIONAL PWSTR* ppwszComputerName
)
{
DWORD dwError = 0;
PWSTR pwszDnsDomainName = NULL;
PWSTR pwszMachineSamAccountName = NULL;
PWSTR pwszMachinePassword = NULL;
PWSTR pwszComputerName = NULL;
HANDLE hLsaConnection = NULL;
PLSA_MACHINE_PASSWORD_INFO_A pPasswordInfo = NULL;
dwError = LsaOpenServer(&hLsaConnection);
BAIL_ON_WIN_ERROR(dwError);
dwError = LsaAdGetMachinePasswordInfo(hLsaConnection,
NULL,
&pPasswordInfo);
BAIL_ON_WIN_ERROR(dwError);
if (ppwszDnsDomainName)
{
dwError = LwMbsToWc16s(pPasswordInfo->Account.DnsDomainName,
&pwszDnsDomainName);
BAIL_ON_WIN_ERROR(dwError);
}
if (ppwszMachineSamAccountName)
{
dwError = LwMbsToWc16s(pPasswordInfo->Account.SamAccountName,
&pwszMachineSamAccountName);
BAIL_ON_WIN_ERROR(dwError);
}
if (ppwszMachinePassword)
{
dwError = LwMbsToWc16s(pPasswordInfo->Password,
&pwszMachinePassword);
BAIL_ON_WIN_ERROR(dwError);
}
if (ppwszComputerName)
{
dwError = LwMbsToWc16s(pPasswordInfo->Account.SamAccountName,
&pwszComputerName);
BAIL_ON_WIN_ERROR(dwError);
// Remove $ from account name
pwszComputerName[wc16slen(pwszComputerName) - 1] = 0;
}
error:
if (dwError)
{
LW_SAFE_FREE_MEMORY(pwszDnsDomainName);
LW_SAFE_FREE_MEMORY(pwszMachineSamAccountName);
LW_SECURE_FREE_WSTRING(pwszMachinePassword);
LW_SAFE_FREE_MEMORY(pwszComputerName);
}
if (hLsaConnection)
{
LsaCloseServer(hLsaConnection);
}
if (pPasswordInfo)
{
LsaAdFreeMachinePasswordInfo(pPasswordInfo);
}
if (ppwszDnsDomainName)
{
*ppwszDnsDomainName = pwszDnsDomainName;
}
if (ppwszMachineSamAccountName)
{
*ppwszMachineSamAccountName = pwszMachineSamAccountName;
}
if (ppwszMachinePassword)
{
*ppwszMachinePassword = pwszMachinePassword;
}
if (ppwszComputerName)
{
*ppwszComputerName = pwszComputerName;
}
return dwError;
}
DWORD
DeletePassword(
PCSTR pSmbdPath
)
{
DWORD error = 0;
PLSA_PSTORE_PLUGIN_DISPATCH pDispatch = NULL;
PLSA_PSTORE_PLUGIN_CONTEXT pContext = NULL;
PSTR pSecretsPath = NULL;
LW_HANDLE hLsa = NULL;
PLSA_MACHINE_ACCOUNT_INFO_A pAccountInfo = NULL;
HANDLE hReg = NULL;
error = LwRegOpenServer(&hReg);
BAIL_ON_LSA_ERROR(error);
// Even though this was set during the install process, we'll try setting
// it again. This way if the user calls uninstall without calling install
// first, they won't get an error.
error = GetSecretsPath(
pSmbdPath,
&pSecretsPath);
BAIL_ON_LSA_ERROR(error);
error = LsaOpenServer(
&hLsa);
if (error)
{
LW_RTL_LOG_ERROR("Unable to contact lsassd");
}
BAIL_ON_LSA_ERROR(error);
error = LsaAdGetMachineAccountInfo(
hLsa,
NULL,
&pAccountInfo);
BAIL_ON_LSA_ERROR(error);
error = RegUtilAddKey(
hReg,
LSA_PSTORE_REG_ROOT_KEY_PATH,
NULL,
LSA_PSTORE_REG_ROOT_KEY_RELATIVE_PATH_PLUGINS "\\" PLUGIN_NAME);
BAIL_ON_LSA_ERROR(error);
error = RegUtilSetValue(
hReg,
LSA_PSTORE_REG_ROOT_KEY_PATH,
NULL,
LSA_PSTORE_REG_ROOT_KEY_RELATIVE_PATH_PLUGINS "\\" PLUGIN_NAME,
"SecretsPath",
REG_SZ,
pSecretsPath,
strlen(pSecretsPath));
BAIL_ON_LSA_ERROR(error);
error = RemoveSambaLoadPath(hReg);
BAIL_ON_LSA_ERROR(error);
error = LsaPstorePluginInitializeContext(
LSA_PSTORE_PLUGIN_VERSION,
PLUGIN_NAME,
&pDispatch,
&pContext);
BAIL_ON_LSA_ERROR(error);
error = pDispatch->DeletePasswordInfoA(
pContext,
pAccountInfo);
BAIL_ON_LSA_ERROR(error);
cleanup:
if (pContext)
{
pDispatch->Cleanup(pContext);
}
if (hReg != NULL)
{
LwRegCloseServer(hReg);
}
if (hLsa != NULL)
{
LsaCloseServer(hLsa);
}
if (pAccountInfo != NULL)
{
LsaAdFreeMachineAccountInfo(pAccountInfo);
}
return error;
}