示例#1
0
static
NTSTATUS
AllocateCStringFileSpec(
    PSTR *ppszPattern,
    PIO_MATCH_FILE_SPEC pFileSpec
    )
{
    NTSTATUS ntError = STATUS_INSUFFICIENT_RESOURCES;


    if (pFileSpec == NULL)
    {
        ntError = RtlCStringDuplicate(ppszPattern, "*");
        BAIL_ON_NT_STATUS(ntError);

        goto cleanup;
    }

    ntError = RtlCStringAllocateFromUnicodeString(ppszPattern,
                                                  &pFileSpec->Pattern);
    BAIL_ON_NT_STATUS(ntError);

cleanup:
    return ntError;

error:
    goto cleanup;
}
示例#2
0
文件: account.c 项目: borland667/pbis
static
DWORD
ProcessEnumerateAccounts(
    IN PRPC_PARAMETERS pRpcParams,
    IN PSTR UserRightName
    )
{
    DWORD err = ERROR_SUCCESS;
    NTSTATUS ntStatus = STATUS_SUCCESS;
    LSA_BINDING hLsa = NULL;
    LW_PIO_CREDS pCreds = NULL;
    WCHAR wszSysName[] = {'\\', '\\', '\0'};
    DWORD policyAccessMask = LSA_ACCESS_LOOKUP_NAMES_SIDS |
                             LSA_ACCESS_VIEW_POLICY_INFO;
    POLICY_HANDLE hPolicy = NULL;
    PWSTR pwszUserRightName = NULL;
    DWORD resume = 0;
    PSID *ppSids = NULL;
    DWORD numSids = 0;
    DWORD prefMaxSize = 64;
    DWORD i = 0;
    SID_ARRAY sids = {0};
    RefDomainList *pDomList = NULL;
    TranslatedName *pTransNames = NULL;
    DWORD count = 0;
    PSTR pszAccountSid = NULL;
    PSTR pszAccountDomain = NULL;
    PSTR pszAccountName = NULL;
    BOOLEAN moreEntries = FALSE;
    
    err = CreateRpcCredentials(pRpcParams,
                               &pCreds);
    BAIL_ON_LSA_ERROR(err);

    err = CreateLsaRpcBinding(pRpcParams,
                              pCreds,
                              &hLsa);
    BAIL_ON_LSA_ERROR(err);

    ntStatus = LsaOpenPolicy2(hLsa,
                              wszSysName,
                              NULL,
                              policyAccessMask,
                              &hPolicy);
    BAIL_ON_NT_STATUS(ntStatus);

    fprintf(stdout,
            "LSA Accounts");

    do
    {
        moreEntries = FALSE;

        if (UserRightName)
        {
            fprintf(stdout, " with AccountRight = %s:\n", UserRightName);
            fprintf(stdout,
                    "=================================================="
                    "==============================\n");

            err = LwMbsToWc16s(UserRightName,
                               &pwszUserRightName);
            BAIL_ON_LSA_ERROR(err);

            ntStatus = LsaEnumAccountsWithUserRight(
                                       hLsa,
                                       hPolicy,
                                       pwszUserRightName,
                                       &ppSids,
                                       &numSids);
            BAIL_ON_NT_STATUS(ntStatus);
        }
        else
        {
            fprintf(stdout, ":\n");
            fprintf(stdout,
                    "=================================================="
                    "==============================\n");

            ntStatus = LsaEnumAccounts(hLsa,
                                       hPolicy,
                                       &resume,
                                       &ppSids,
                                       &numSids,
                                       prefMaxSize);
            if (ntStatus == STATUS_MORE_ENTRIES)
            {
                ntStatus = STATUS_SUCCESS;
                moreEntries = TRUE;
            }
            else if (ntStatus != STATUS_SUCCESS)
            {
                BAIL_ON_NT_STATUS(ntStatus);
            }
        }

        err = LwAllocateMemory(
                       sizeof(sids.pSids[0]) * numSids,
                       OUT_PPVOID(&sids.pSids));
        BAIL_ON_LSA_ERROR(err);

        sids.dwNumSids = numSids;

        for (i = 0; i < sids.dwNumSids; i++)
        {
            sids.pSids[i].pSid = ppSids[i];
        }

        ntStatus = LsaLookupSids(hLsa,
                                 hPolicy,
                                 &sids,
                                 &pDomList,
                                 &pTransNames,
                                 LSA_LOOKUP_NAMES_ALL,
                                 &count);
        if (ntStatus == STATUS_SOME_NOT_MAPPED ||
            ntStatus == STATUS_NONE_MAPPED)
        {
            ntStatus = STATUS_SUCCESS;
        }
        else if (ntStatus != STATUS_SUCCESS)
        {
            BAIL_ON_NT_STATUS(ntStatus);
        }

        for (i = 0; i < sids.dwNumSids; i++)
        {
            DWORD domainIndex = 0;

            ntStatus = RtlAllocateCStringFromSid(
                                 &pszAccountSid,
                                 sids.pSids[i].pSid);
            BAIL_ON_NT_STATUS(ntStatus);

            if (pTransNames[i].type == SID_TYPE_USER ||
                pTransNames[i].type == SID_TYPE_DOM_GRP ||
                pTransNames[i].type == SID_TYPE_DOMAIN ||
                pTransNames[i].type == SID_TYPE_ALIAS ||
                pTransNames[i].type == SID_TYPE_WKN_GRP)
            {
                ntStatus = RtlCStringAllocateFromUnicodeString(
                                     &pszAccountName,
                                     &pTransNames[i].name);
                BAIL_ON_NT_STATUS(ntStatus);

                domainIndex = pTransNames[i].sid_index;

                ntStatus = RtlCStringAllocateFromUnicodeString(
                                      &pszAccountDomain,
                                      &pDomList->domains[domainIndex].name);
                BAIL_ON_NT_STATUS(ntStatus);
            }

            if (pszAccountSid)
            {
                fprintf(stdout, "%s ", pszAccountSid);
            }

            if (pszAccountDomain && pszAccountName)
            {
                fprintf(stdout, "(%s\\%s)", pszAccountDomain, pszAccountName);
            }
            else if (pszAccountDomain && !pszAccountName)
            {
                fprintf(stdout, "(%s\\)", pszAccountDomain);
            }
            else if (!pszAccountDomain && pszAccountName)
            {
                fprintf(stdout, "(%s)", pszAccountName);
            }
            else
            {
                fprintf(stdout, "(unknown)");
            }

            fprintf(stdout, "\n");

            RTL_FREE(&pszAccountSid);
            RTL_FREE(&pszAccountDomain);
            RTL_FREE(&pszAccountName);

        }

        if (pTransNames)
        {
            LsaRpcFreeMemory(pTransNames);
            pTransNames = NULL;
        }

        if (pDomList)
        {
            LsaRpcFreeMemory(pDomList);
            pDomList = NULL;
        }

        if (ppSids)
        {
            LsaRpcFreeMemory(ppSids);
            ppSids = NULL;
        }

        LW_SAFE_FREE_MEMORY(sids.pSids);

    } while (moreEntries && ntStatus == STATUS_SUCCESS);

error:
    if (ntStatus || err)
    {
        PCSTR errName = LwNtStatusToName(ntStatus);
        PCSTR errDescription = LwNtStatusToDescription(ntStatus);

        if (ntStatus)
        {
            errName = LwNtStatusToName(ntStatus);
            errDescription = LwNtStatusToDescription(ntStatus);
        }
        else
        {
            errName = LwWin32ErrorToName(err);
            errDescription = LwWin32ErrorToDescription(err);
        }

        fprintf(stderr, "Error: %s (%s)\n",
                LSA_SAFE_LOG_STRING(errName),
                LSA_SAFE_LOG_STRING(errDescription));
    }

    if (hPolicy)
    {
        LsaClose(hLsa, hPolicy);
    }

    if (hLsa)
    {
        LsaFreeBinding(&hLsa);
    }

    if (pCreds)
    {
        LwIoDeleteCreds(pCreds);
    }

    LW_SAFE_FREE_MEMORY(pwszUserRightName);
    RTL_FREE(&pszAccountSid);
    RTL_FREE(&pszAccountDomain);
    RTL_FREE(&pszAccountName);

    if (pTransNames)
    {
        LsaRpcFreeMemory(pTransNames);
    }

    if (pDomList)
    {
        LsaRpcFreeMemory(pDomList);
    }

    if (ppSids)
    {
        LsaRpcFreeMemory(ppSids);
    }

    LW_SAFE_FREE_MEMORY(sids.pSids);

    if (err == ERROR_SUCCESS &&
        ntStatus != STATUS_SUCCESS)
    {
        err = LwNtStatusToWin32Error(ntStatus);
    }

    return err;
}