static VOID VmDirRegConfigHandleClose( PVMDIR_CONFIG_CONNECTION_HANDLE pCfgHandle ) { #ifndef _WIN32 if (pCfgHandle->hConnection) { if (pCfgHandle->hKey) { DWORD dwError = RegCloseKey( pCfgHandle->hConnection, pCfgHandle->hKey); if (dwError != 0) { // Do not bail, best effort to cleanup. VmDirLog( LDAP_DEBUG_ANY, "RegCloseKey failed, Error code: (%u)(%s)", dwError, VDIR_SAFE_STRING(LwWin32ErrorToName(dwError))); } } RegCloseServer(pCfgHandle->hConnection); } #else if (pCfgHandle->hKey) { RegCloseKey(pCfgHandle->hKey); } #endif VMDIR_SAFE_FREE_MEMORY(pCfgHandle); }
static VOID VmAuthsvcRegConfigHandleClose( PVMAUTHSVC_CONFIG_CONNECTION_HANDLE pCfgHandle ) { if (pCfgHandle->hConnection) { if (pCfgHandle->hKey) { DWORD dwError = RegCloseKey( pCfgHandle->hConnection, pCfgHandle->hKey); if (dwError != 0) { // Do not bail, best effort to cleanup. VmAuthsvcLog( VMAUTHSVC_DEBUG_ANY, "RegCloseKey failed, Error code: (%u)(%s)", dwError, VMAUTHSVC_SAFE_STRING(LwWin32ErrorToName(dwError))); } } RegCloseServer(pCfgHandle->hConnection); } VMAUTHSVC_SAFE_FREE_MEMORY(pCfgHandle); }
static PCSTR RegWin32ExtErrorToName( LW_WINERROR winerr ) { PCSTR pszError = LwWin32ErrorToName(winerr); if (!pszError) { pszError = RegErrorToName(winerr); } return pszError; }
int main( int argc, char *argv[] ) { enum { UNSET, SHOW_HELP, CHECK_VERSION, INSTALL, UNINSTALL } mode = UNSET; PCSTR pSmbdPath = NULL; PSTR pFoundSmbdPath = NULL; DWORD error = 0; DWORD argIndex = 0; LW_RTL_LOG_LEVEL logLevel = LW_RTL_LOG_LEVEL_ERROR; PCSTR pErrorSymbol = NULL; PSTR pVersion = NULL; BOOLEAN smbdExists = FALSE; BOOLEAN force = FALSE; for (argIndex = 1; argIndex < argc; argIndex++) { if (!strcmp(argv[argIndex], "--check-version")) { if (mode == UNSET) { mode = CHECK_VERSION; } else { mode = SHOW_HELP; } } else if (!strcmp(argv[argIndex], "--install")) { if (mode == UNSET) { mode = INSTALL; } else { mode = SHOW_HELP; } } else if (!strcmp(argv[argIndex], "--uninstall")) { if (mode == UNSET) { mode = UNINSTALL; } else { mode = SHOW_HELP; } } else if (!strcmp(argv[argIndex], "--force")) { if (mode == INSTALL || mode== UNINSTALL) { force = TRUE; } else { mode = SHOW_HELP; } } else if (!strcmp(argv[argIndex], "--loglevel")) { argIndex++; if (argIndex >= argc) { error = ERROR_INVALID_PARAMETER; BAIL_ON_LSA_ERROR(error); } if (!strcmp(argv[argIndex], "error")) { logLevel = LW_RTL_LOG_LEVEL_ERROR; } else if (!strcmp(argv[argIndex], "warning")) { logLevel = LW_RTL_LOG_LEVEL_WARNING; } else if (!strcmp(argv[argIndex], "info")) { logLevel = LW_RTL_LOG_LEVEL_INFO; } else if (!strcmp(argv[argIndex], "verbose")) { logLevel = LW_RTL_LOG_LEVEL_VERBOSE; } else if (!strcmp(argv[argIndex], "debug")) { logLevel = LW_RTL_LOG_LEVEL_DEBUG; } else { error = ERROR_INVALID_PARAMETER; BAIL_ON_LSA_ERROR(error); } } else if (argIndex == argc - 1) { pSmbdPath = argv[argIndex]; } else { mode = SHOW_HELP; } } if (mode == UNSET || mode == SHOW_HELP) { ShowUsage(argv[0]); goto cleanup; } LwRtlLogSetCallback(LogCallback, NULL); LwRtlLogSetLevel(logLevel); if (pSmbdPath == NULL) { PCSTR pSearchPath = "/usr/sbin:/usr/local/sbin:/usr/local/samba/sbin:/opt/csw/samba/sbin:/opt/sfw/samba/sbin:/opt/csw/bin:/usr/local/bin"; error = FindFileInPath( "smbd", pSearchPath, &pFoundSmbdPath); if (error == ERROR_FILE_NOT_FOUND) { LW_RTL_LOG_ERROR("The smbd file could not be automatically found on your system. The search path was '%s'. Pass the correct location as the last argument to this program.", pSearchPath); } BAIL_ON_LSA_ERROR(error); pSmbdPath = pFoundSmbdPath; } error = LwCheckFileTypeExists( pSmbdPath, LWFILE_REGULAR, &smbdExists); BAIL_ON_LSA_ERROR(error); if (!smbdExists) { error = LwCheckFileTypeExists( pSmbdPath, LWFILE_SYMLINK, &smbdExists); BAIL_ON_LSA_ERROR(error); } if (!smbdExists) { LW_RTL_LOG_ERROR("Smbd file not found at path '%s'", pSmbdPath); } error = CheckSambaVersion(pSmbdPath, &pVersion); if (force == FALSE) { BAIL_ON_LSA_ERROR(error); } if (mode == CHECK_VERSION) { fprintf(stderr, "Samba version supported\n"); } else if (mode == INSTALL) { if (geteuid() != 0) { fprintf(stderr, "Please use the root account to install the Samba interop libraries\n"); goto cleanup; } error = InstallWbclient(pSmbdPath); BAIL_ON_LSA_ERROR(error); if (pVersion && strncmp(pVersion, "3.0.", sizeof("3.0.") - 1) == 0) { // Only Samba 3.0.x needs this error = InstallLwiCompat(pSmbdPath); BAIL_ON_LSA_ERROR(error); } error = SynchronizePassword( pSmbdPath); BAIL_ON_LSA_ERROR(error); fprintf(stderr, "Install successful\n"); } else if (mode == UNINSTALL) { if (geteuid() != 0) { fprintf(stderr, "Please use the root account to uninstall the Samba interop libraries\n"); goto cleanup; } error = UninstallWbclient(pSmbdPath); BAIL_ON_LSA_ERROR(error); error = UninstallLwiCompat(pSmbdPath); BAIL_ON_LSA_ERROR(error); error = DeletePassword( pSmbdPath); BAIL_ON_LSA_ERROR(error); fprintf(stderr, "Uninstall successful\n"); } else { fprintf(stderr, "Uninstall mode not implemented\n"); error = ERROR_INVALID_PARAMETER; BAIL_ON_LSA_ERROR(error); } cleanup: LW_SAFE_FREE_STRING(pFoundSmbdPath); LW_SAFE_FREE_STRING(pVersion); if (error) { pErrorSymbol = LwWin32ErrorToName(error); if (pErrorSymbol != NULL) { fprintf(stderr, "Error: %s\n", pErrorSymbol); } else { fprintf(stderr, "Unknown error\n"); } } return error; }
static DWORD ProcessGetAccountSystemAccessRights( IN PRPC_PARAMETERS pRpcParams, IN PSTR pszAccountName ) { DWORD err = ERROR_SUCCESS; NTSTATUS ntStatus = STATUS_SUCCESS; LSA_BINDING hLsa = NULL; LW_PIO_CREDS pCreds = NULL; PSID pAccountSid = NULL; WCHAR wszSysName[] = {'\\', '\\', '\0'}; DWORD policyAccessMask = LSA_ACCESS_LOOKUP_NAMES_SIDS | LSA_ACCESS_CREATE_PRIVILEGE | LSA_ACCESS_CREATE_SPECIAL_ACCOUNTS; POLICY_HANDLE hPolicy = NULL; DWORD accountAccessMask = LSA_ACCOUNT_VIEW; LSAR_ACCOUNT_HANDLE hAccount = NULL; DWORD systemAccess = 0; err = CreateRpcCredentials(pRpcParams, &pCreds); BAIL_ON_LSA_ERROR(err); err = CreateLsaRpcBinding(pRpcParams, pCreds, &hLsa); BAIL_ON_LSA_ERROR(err); err = ResolveAccountNameToSid( hLsa, pszAccountName, &pAccountSid); BAIL_ON_LSA_ERROR(err); ntStatus = LsaOpenPolicy2(hLsa, wszSysName, NULL, policyAccessMask, &hPolicy); BAIL_ON_NT_STATUS(ntStatus); ntStatus = LsaOpenAccount(hLsa, hPolicy, pAccountSid, accountAccessMask, &hAccount); BAIL_ON_NT_STATUS(ntStatus); ntStatus = LsaGetSystemAccessAccount( hLsa, hAccount, &systemAccess); BAIL_ON_NT_STATUS(ntStatus); fprintf(stdout, "Account: %s:\n" "==================================================================" "==============\n", pszAccountName); fprintf(stdout, "System Access Rights 0x%08x\n", systemAccess); error: if (ntStatus || err) { PCSTR errName = LwNtStatusToName(ntStatus); PCSTR errDescription = LwNtStatusToDescription(ntStatus); if (ntStatus) { errName = LwNtStatusToName(ntStatus); errDescription = LwNtStatusToDescription(ntStatus); } else { errName = LwWin32ErrorToName(err); errDescription = LwWin32ErrorToDescription(err); } fprintf(stderr, "Error: %s (%s)\n", LSA_SAFE_LOG_STRING(errName), LSA_SAFE_LOG_STRING(errDescription)); } if (hAccount) { LsaClose(hLsa, hAccount); } if (hPolicy) { LsaClose(hLsa, hPolicy); } if (hLsa) { LsaFreeBinding(&hLsa); } if (pCreds) { LwIoDeleteCreds(pCreds); } RTL_FREE(&pAccountSid); if (err == ERROR_SUCCESS && ntStatus != STATUS_SUCCESS) { err = LwNtStatusToWin32Error(ntStatus); } return err; }
int main( int argc, char *argv[] ) { enum { UNSET, SHOW_HELP, CHECK_VERSION, INSTALL, UNINSTALL } mode = UNSET; PCSTR pSmbdPath = NULL; PSTR pFoundSmbdPath = NULL; DWORD error = 0; DWORD argIndex = 0; LW_RTL_LOG_LEVEL logLevel = LW_RTL_LOG_LEVEL_ERROR; PCSTR pErrorSymbol = NULL; for (argIndex = 1; argIndex < argc; argIndex++) { if (!strcmp(argv[argIndex], "--check-version")) { if (mode == UNSET) { mode = CHECK_VERSION; } else { mode = SHOW_HELP; } } else if (!strcmp(argv[argIndex], "--install")) { if (mode == UNSET) { mode = INSTALL; } else { mode = SHOW_HELP; } } else if (!strcmp(argv[argIndex], "--uninstall")) { if (mode == UNSET) { mode = UNINSTALL; } else { mode = SHOW_HELP; } } else if (!strcmp(argv[argIndex], "--loglevel")) { argIndex++; if (argIndex >= argc) { error = ERROR_INVALID_PARAMETER; BAIL_ON_LSA_ERROR(error); } if (!strcmp(argv[argIndex], "error")) { logLevel = LW_RTL_LOG_LEVEL_ERROR; } else if (!strcmp(argv[argIndex], "warning")) { logLevel = LW_RTL_LOG_LEVEL_WARNING; } else if (!strcmp(argv[argIndex], "info")) { logLevel = LW_RTL_LOG_LEVEL_INFO; } else if (!strcmp(argv[argIndex], "verbose")) { logLevel = LW_RTL_LOG_LEVEL_VERBOSE; } else if (!strcmp(argv[argIndex], "debug")) { logLevel = LW_RTL_LOG_LEVEL_DEBUG; } else { error = ERROR_INVALID_PARAMETER; BAIL_ON_LSA_ERROR(error); } } else if (argIndex == argc - 1) { pSmbdPath = argv[2]; } else { mode = SHOW_HELP; } } if (mode == UNSET || mode == SHOW_HELP) { ShowUsage(argv[0]); goto cleanup; } LwRtlLogSetCallback(LogCallback, NULL); LwRtlLogSetLevel(logLevel); if (pSmbdPath == NULL) { error = FindFileInPath( "smbd", "/usr/sbin", &pFoundSmbdPath); BAIL_ON_LSA_ERROR(error); pSmbdPath = pFoundSmbdPath; } error = CheckSambaVersion(pSmbdPath); BAIL_ON_LSA_ERROR(error); if (mode == CHECK_VERSION) { fprintf(stderr, "Samba version supported\n"); } else if (mode == INSTALL) { error = InstallWbclient(pSmbdPath); BAIL_ON_LSA_ERROR(error); error = InstallLwiCompat(pSmbdPath); BAIL_ON_LSA_ERROR(error); error = SynchronizePassword( pSmbdPath); BAIL_ON_LSA_ERROR(error); fprintf(stderr, "Install successful\n"); } else if (mode == UNINSTALL) { error = UninstallWbclient(pSmbdPath); BAIL_ON_LSA_ERROR(error); error = UninstallLwiCompat(pSmbdPath); BAIL_ON_LSA_ERROR(error); error = DeletePassword( pSmbdPath); BAIL_ON_LSA_ERROR(error); fprintf(stderr, "Uninstall successful\n"); } else { fprintf(stderr, "Uninstall mode not implemented\n"); error = ERROR_INVALID_PARAMETER; BAIL_ON_LSA_ERROR(error); } cleanup: LW_SAFE_FREE_STRING(pFoundSmbdPath); if (error) { pErrorSymbol = LwWin32ErrorToName(error); if (pErrorSymbol != NULL) { fprintf(stderr, "Error: %s\n", pErrorSymbol); } else { fprintf(stderr, "Unknown error\n"); } } return error; }
static DWORD ProcessDeleteAccount( IN PRPC_PARAMETERS pRpcParams, IN PSTR AccountName ) { DWORD err = ERROR_SUCCESS; NTSTATUS ntStatus = STATUS_SUCCESS; LSA_BINDING hLsa = NULL; LW_PIO_CREDS pCreds = NULL; WCHAR wszSysName[] = {'\\', '\\', '\0'}; DWORD policyAccessMask = LSA_ACCESS_LOOKUP_NAMES_SIDS | LSA_ACCESS_VIEW_POLICY_INFO; DWORD accountAccessMask = DELETE; POLICY_HANDLE hPolicy = NULL; LSAR_ACCOUNT_HANDLE hAccount = NULL; PSID pAccountSid = NULL; err = CreateRpcCredentials(pRpcParams, &pCreds); BAIL_ON_LSA_ERROR(err); err = CreateLsaRpcBinding(pRpcParams, pCreds, &hLsa); BAIL_ON_LSA_ERROR(err); ntStatus = LsaOpenPolicy2(hLsa, wszSysName, NULL, policyAccessMask, &hPolicy); BAIL_ON_NT_STATUS(ntStatus); err = ResolveAccountNameToSid( hLsa, AccountName, &pAccountSid); BAIL_ON_LSA_ERROR(err); ntStatus = LsaOpenAccount( hLsa, hPolicy, pAccountSid, accountAccessMask, &hAccount); BAIL_ON_NT_STATUS(ntStatus); ntStatus = LsaRpcDeleteObject( hLsa, hAccount); BAIL_ON_NT_STATUS(ntStatus); error: if (ntStatus || err) { PCSTR errName = LwNtStatusToName(ntStatus); PCSTR errDescription = LwNtStatusToDescription(ntStatus); if (ntStatus) { errName = LwNtStatusToName(ntStatus); errDescription = LwNtStatusToDescription(ntStatus); } else { errName = LwWin32ErrorToName(err); errDescription = LwWin32ErrorToDescription(err); } fprintf(stderr, "Error: %s (%s)\n", LSA_SAFE_LOG_STRING(errName), LSA_SAFE_LOG_STRING(errDescription)); } if (hPolicy) { LsaClose(hLsa, hPolicy); } if (hLsa) { LsaFreeBinding(&hLsa); } if (pCreds) { LwIoDeleteCreds(pCreds); } if (err == ERROR_SUCCESS && ntStatus != STATUS_SUCCESS) { err = LwNtStatusToWin32Error(ntStatus); } return err; }
static DWORD ProcessAddRemoveAccountRights( IN PRPC_PARAMETERS pRpcParams, IN BOOLEAN Add, IN PSTR AccountRights, IN BOOLEAN RemoveAll, IN PSTR AccountName ) { DWORD err = ERROR_SUCCESS; NTSTATUS ntStatus = STATUS_SUCCESS; LSA_BINDING hLsa = NULL; LW_PIO_CREDS pCreds = NULL; WCHAR wszSysName[] = {'\\', '\\', '\0'}; DWORD policyAccessMask = LSA_ACCESS_LOOKUP_NAMES_SIDS | LSA_ACCESS_CREATE_SPECIAL_ACCOUNTS; POLICY_HANDLE hPolicy = NULL; PSID pAccountSid = NULL; PSTR *ppszAccountRightNames = NULL; DWORD numAccountRightNames = 0; PWSTR *ppwszAccountRightNames = NULL; DWORD i = 0; err = CreateRpcCredentials(pRpcParams, &pCreds); BAIL_ON_LSA_ERROR(err); err = CreateLsaRpcBinding(pRpcParams, pCreds, &hLsa); BAIL_ON_LSA_ERROR(err); ntStatus = LsaOpenPolicy2(hLsa, wszSysName, NULL, policyAccessMask, &hPolicy); BAIL_ON_NT_STATUS(ntStatus); err = ResolveAccountNameToSid( hLsa, AccountName, &pAccountSid); BAIL_ON_LSA_ERROR(err); if (AccountRights) { err = GetStringListFromString( AccountRights, SEPARATOR_CHAR, &ppszAccountRightNames, &numAccountRightNames); BAIL_ON_LSA_ERROR(err); err = LwAllocateMemory( sizeof(ppwszAccountRightNames[0]) * numAccountRightNames, OUT_PPVOID(&ppwszAccountRightNames)); BAIL_ON_LSA_ERROR(err); for (i = 0; i < numAccountRightNames; i++) { err = LwMbsToWc16s(ppszAccountRightNames[i], &ppwszAccountRightNames[i]); BAIL_ON_LSA_ERROR(err); } } if (Add) { ntStatus = LsaAddAccountRights( hLsa, hPolicy, pAccountSid, ppwszAccountRightNames, numAccountRightNames); BAIL_ON_NT_STATUS(ntStatus); fprintf(stdout, "Successfully added account rights to %s\n", AccountName); } else { ntStatus = LsaRemoveAccountRights( hLsa, hPolicy, pAccountSid, RemoveAll, ppwszAccountRightNames, numAccountRightNames); BAIL_ON_NT_STATUS(ntStatus); fprintf(stdout, "Successfully removed account rights from %s\n", AccountName); } error: if (ntStatus || err) { PCSTR errName = LwNtStatusToName(ntStatus); PCSTR errDescription = LwNtStatusToDescription(ntStatus); if (ntStatus) { errName = LwNtStatusToName(ntStatus); errDescription = LwNtStatusToDescription(ntStatus); } else { errName = LwWin32ErrorToName(err); errDescription = LwWin32ErrorToDescription(err); } fprintf(stderr, "Error: %s (%s)\n", LSA_SAFE_LOG_STRING(errName), LSA_SAFE_LOG_STRING(errDescription)); } if (hPolicy) { LsaClose(hLsa, hPolicy); } if (hLsa) { LsaFreeBinding(&hLsa); } if (pCreds) { LwIoDeleteCreds(pCreds); } for (i = 0; i < numAccountRightNames; i++) { LW_SAFE_FREE_MEMORY(ppwszAccountRightNames[i]); LW_SAFE_FREE_MEMORY(ppszAccountRightNames[i]); } LW_SAFE_FREE_MEMORY(ppwszAccountRightNames); LW_SAFE_FREE_MEMORY(ppszAccountRightNames); if (err == ERROR_SUCCESS && ntStatus != STATUS_SUCCESS) { err = LwNtStatusToWin32Error(ntStatus); } return err; }
static DWORD ProcessEnumerateAccountUserRights( IN PRPC_PARAMETERS pRpcParams, IN PSTR AccountName ) { DWORD err = ERROR_SUCCESS; NTSTATUS ntStatus = STATUS_SUCCESS; LSA_BINDING hLsa = NULL; LW_PIO_CREDS pCreds = NULL; WCHAR wszSysName[] = {'\\', '\\', '\0'}; DWORD policyAccessMask = LSA_ACCESS_LOOKUP_NAMES_SIDS | LSA_ACCESS_VIEW_POLICY_INFO; POLICY_HANDLE hPolicy = NULL; PSID pAccountSid = NULL; PSTR pszSid = NULL; PWSTR *pAccountRights = NULL; DWORD numAccountRights = 0; DWORD i = 0; PSTR pszAccountRight = NULL; err = CreateRpcCredentials(pRpcParams, &pCreds); BAIL_ON_LSA_ERROR(err); err = CreateLsaRpcBinding(pRpcParams, pCreds, &hLsa); BAIL_ON_LSA_ERROR(err); ntStatus = LsaOpenPolicy2(hLsa, wszSysName, NULL, policyAccessMask, &hPolicy); BAIL_ON_NT_STATUS(ntStatus); err = ResolveAccountNameToSid( hLsa, AccountName, &pAccountSid); BAIL_ON_LSA_ERROR(err); ntStatus = RtlAllocateCStringFromSid( &pszSid, pAccountSid); BAIL_ON_NT_STATUS(ntStatus); fprintf(stdout, "%s Account Rights\n:" "==================================================" "==============================\n", AccountName); ntStatus = LsaEnumAccountRights( hLsa, hPolicy, pAccountSid, &pAccountRights, &numAccountRights); BAIL_ON_NT_STATUS(ntStatus); for (i = 0; i < numAccountRights; i++) { err = LwWc16sToMbs(pAccountRights[i], &pszAccountRight); BAIL_ON_LSA_ERROR(err); fprintf(stdout, "%s\n", pszAccountRight); LW_SAFE_FREE_MEMORY(pszAccountRight); } error: if (ntStatus || err) { PCSTR errName = LwNtStatusToName(ntStatus); PCSTR errDescription = LwNtStatusToDescription(ntStatus); if (ntStatus) { errName = LwNtStatusToName(ntStatus); errDescription = LwNtStatusToDescription(ntStatus); } else { errName = LwWin32ErrorToName(err); errDescription = LwWin32ErrorToDescription(err); } fprintf(stderr, "Error: %s (%s)\n", LSA_SAFE_LOG_STRING(errName), LSA_SAFE_LOG_STRING(errDescription)); } if (hPolicy) { LsaClose(hLsa, hPolicy); } if (hLsa) { LsaFreeBinding(&hLsa); } if (pCreds) { LwIoDeleteCreds(pCreds); } if (pAccountRights) { LsaRpcFreeMemory(pAccountRights); } LW_SAFE_FREE_MEMORY(pszAccountRight); if (err == ERROR_SUCCESS && ntStatus != STATUS_SUCCESS) { err = LwNtStatusToWin32Error(ntStatus); } return err; }
static DWORD ProcessEnumerateAccounts( IN PRPC_PARAMETERS pRpcParams, IN PSTR UserRightName ) { DWORD err = ERROR_SUCCESS; NTSTATUS ntStatus = STATUS_SUCCESS; LSA_BINDING hLsa = NULL; LW_PIO_CREDS pCreds = NULL; WCHAR wszSysName[] = {'\\', '\\', '\0'}; DWORD policyAccessMask = LSA_ACCESS_LOOKUP_NAMES_SIDS | LSA_ACCESS_VIEW_POLICY_INFO; POLICY_HANDLE hPolicy = NULL; PWSTR pwszUserRightName = NULL; DWORD resume = 0; PSID *ppSids = NULL; DWORD numSids = 0; DWORD prefMaxSize = 64; DWORD i = 0; SID_ARRAY sids = {0}; RefDomainList *pDomList = NULL; TranslatedName *pTransNames = NULL; DWORD count = 0; PSTR pszAccountSid = NULL; PSTR pszAccountDomain = NULL; PSTR pszAccountName = NULL; BOOLEAN moreEntries = FALSE; err = CreateRpcCredentials(pRpcParams, &pCreds); BAIL_ON_LSA_ERROR(err); err = CreateLsaRpcBinding(pRpcParams, pCreds, &hLsa); BAIL_ON_LSA_ERROR(err); ntStatus = LsaOpenPolicy2(hLsa, wszSysName, NULL, policyAccessMask, &hPolicy); BAIL_ON_NT_STATUS(ntStatus); fprintf(stdout, "LSA Accounts"); do { moreEntries = FALSE; if (UserRightName) { fprintf(stdout, " with AccountRight = %s:\n", UserRightName); fprintf(stdout, "==================================================" "==============================\n"); err = LwMbsToWc16s(UserRightName, &pwszUserRightName); BAIL_ON_LSA_ERROR(err); ntStatus = LsaEnumAccountsWithUserRight( hLsa, hPolicy, pwszUserRightName, &ppSids, &numSids); BAIL_ON_NT_STATUS(ntStatus); } else { fprintf(stdout, ":\n"); fprintf(stdout, "==================================================" "==============================\n"); ntStatus = LsaEnumAccounts(hLsa, hPolicy, &resume, &ppSids, &numSids, prefMaxSize); if (ntStatus == STATUS_MORE_ENTRIES) { ntStatus = STATUS_SUCCESS; moreEntries = TRUE; } else if (ntStatus != STATUS_SUCCESS) { BAIL_ON_NT_STATUS(ntStatus); } } err = LwAllocateMemory( sizeof(sids.pSids[0]) * numSids, OUT_PPVOID(&sids.pSids)); BAIL_ON_LSA_ERROR(err); sids.dwNumSids = numSids; for (i = 0; i < sids.dwNumSids; i++) { sids.pSids[i].pSid = ppSids[i]; } ntStatus = LsaLookupSids(hLsa, hPolicy, &sids, &pDomList, &pTransNames, LSA_LOOKUP_NAMES_ALL, &count); if (ntStatus == STATUS_SOME_NOT_MAPPED || ntStatus == STATUS_NONE_MAPPED) { ntStatus = STATUS_SUCCESS; } else if (ntStatus != STATUS_SUCCESS) { BAIL_ON_NT_STATUS(ntStatus); } for (i = 0; i < sids.dwNumSids; i++) { DWORD domainIndex = 0; ntStatus = RtlAllocateCStringFromSid( &pszAccountSid, sids.pSids[i].pSid); BAIL_ON_NT_STATUS(ntStatus); if (pTransNames[i].type == SID_TYPE_USER || pTransNames[i].type == SID_TYPE_DOM_GRP || pTransNames[i].type == SID_TYPE_DOMAIN || pTransNames[i].type == SID_TYPE_ALIAS || pTransNames[i].type == SID_TYPE_WKN_GRP) { ntStatus = RtlCStringAllocateFromUnicodeString( &pszAccountName, &pTransNames[i].name); BAIL_ON_NT_STATUS(ntStatus); domainIndex = pTransNames[i].sid_index; ntStatus = RtlCStringAllocateFromUnicodeString( &pszAccountDomain, &pDomList->domains[domainIndex].name); BAIL_ON_NT_STATUS(ntStatus); } if (pszAccountSid) { fprintf(stdout, "%s ", pszAccountSid); } if (pszAccountDomain && pszAccountName) { fprintf(stdout, "(%s\\%s)", pszAccountDomain, pszAccountName); } else if (pszAccountDomain && !pszAccountName) { fprintf(stdout, "(%s\\)", pszAccountDomain); } else if (!pszAccountDomain && pszAccountName) { fprintf(stdout, "(%s)", pszAccountName); } else { fprintf(stdout, "(unknown)"); } fprintf(stdout, "\n"); RTL_FREE(&pszAccountSid); RTL_FREE(&pszAccountDomain); RTL_FREE(&pszAccountName); } if (pTransNames) { LsaRpcFreeMemory(pTransNames); pTransNames = NULL; } if (pDomList) { LsaRpcFreeMemory(pDomList); pDomList = NULL; } if (ppSids) { LsaRpcFreeMemory(ppSids); ppSids = NULL; } LW_SAFE_FREE_MEMORY(sids.pSids); } while (moreEntries && ntStatus == STATUS_SUCCESS); error: if (ntStatus || err) { PCSTR errName = LwNtStatusToName(ntStatus); PCSTR errDescription = LwNtStatusToDescription(ntStatus); if (ntStatus) { errName = LwNtStatusToName(ntStatus); errDescription = LwNtStatusToDescription(ntStatus); } else { errName = LwWin32ErrorToName(err); errDescription = LwWin32ErrorToDescription(err); } fprintf(stderr, "Error: %s (%s)\n", LSA_SAFE_LOG_STRING(errName), LSA_SAFE_LOG_STRING(errDescription)); } if (hPolicy) { LsaClose(hLsa, hPolicy); } if (hLsa) { LsaFreeBinding(&hLsa); } if (pCreds) { LwIoDeleteCreds(pCreds); } LW_SAFE_FREE_MEMORY(pwszUserRightName); RTL_FREE(&pszAccountSid); RTL_FREE(&pszAccountDomain); RTL_FREE(&pszAccountName); if (pTransNames) { LsaRpcFreeMemory(pTransNames); } if (pDomList) { LsaRpcFreeMemory(pDomList); } if (ppSids) { LsaRpcFreeMemory(ppSids); } LW_SAFE_FREE_MEMORY(sids.pSids); if (err == ERROR_SUCCESS && ntStatus != STATUS_SUCCESS) { err = LwNtStatusToWin32Error(ntStatus); } return err; }