archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8 Commits
1 Branch
0 Tags
2.0 GiB
Tree: 744f0b4006
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '744f0b4006'
${ noResults }
windows-xp/Source/XPSP1/NT/admin/admt/enumtrst/lsautils.cpp

547 lines
13 KiB
Raw Normal View History

Add source files
4 years ago
  1. /*---------------------------------------------------------------------------
  2. File: LSAUtils.cpp
  4. Comments: Code to change the domain membership of a workstation.
  7. This file also contains some general helper functions, such as:
  9. GetDomainDCName
  10. EstablishNullSession
  11. EstablishSession
  12. EstablishShare // connects to a share
  13. InitLsaString
  14. GetDomainSid
  17. (c) Copyright 1999, Mission Critical Software, Inc., All Rights Reserved
  18. Proprietary and confidential to Mission Critical Software, Inc.
  20. REVISION LOG ENTRY
  21. Revision By: Christy Boles
  22. Revised on 02/03/99 12:37:51
  24. ---------------------------------------------------------------------------
  25. */
  27. //
  29. #include "stdafx.h"
  31. #ifndef UNICODE
  32. #define UNICODE
  33. #define _UNICODE
  34. #endif
  36. #include <lm.h> // for NetXxx API
  38. #include <stdio.h>
  40. #include "LSAUtils.h"
  41. #include "ErrDct.hpp"
  42. #include "ResStr.h"
  45. #define RTN_OK 0
  46. #define RTN_USAGE 1
  47. #define RTN_ERROR 13
  49. extern TErrorDct err;
  52. BOOL
  53. GetDomainDCName(
  54. LPWSTR Domain, // in - domain name
  55. LPWSTR * pPrimaryDC // out- PDC name (must be freed with NetApiBufferFree)
  56. )
  57. {
  58. NET_API_STATUS nas;
  60. //
  61. // get the name of the Primary Domain Controller
  62. //
  63. // we're using NetGetDCName instead of DsGetDCName so this can work on NT 3.51
  65. nas = NetGetDCName(NULL, Domain, (LPBYTE *)pPrimaryDC);
  67. if(nas != NERR_Success)
  68. {
  69. SetLastError(nas);
  70. return FALSE;
  71. }
  73. return TRUE;
  74. }
  76. BOOL
  77. EstablishNullSession(
  78. LPCWSTR Server, // in - server name
  79. BOOL bEstablish // in - TRUE=establish, FALSE=disconnect
  80. )
  81. {
  82. return EstablishSession(Server,L"",L"",L"",bEstablish);
  83. }
  85. BOOL
  86. EstablishSession(
  87. LPCWSTR Server, // in - server name
  88. LPWSTR Domain, // in - domain name for user credentials
  89. LPWSTR UserName, // in - username for credentials to use
  90. LPWSTR Password, // in - password for credentials
  91. BOOL bEstablish // in - TRUE=establish, FALSE=disconnect
  92. )
  93. {
  94. LPCWSTR szIpc = L"\\IPC$";
  95. WCHAR RemoteResource[UNCLEN + 5 + 1]; // UNC len + \IPC$ + NULL
  96. DWORD cchServer;
  97. NET_API_STATUS nas;
  99. //
  100. // do not allow NULL or empty server name
  101. //
  102. if(Server == NULL || *Server == L'\0')
  103. {
  104. SetLastError(ERROR_INVALID_COMPUTERNAME);
  105. return FALSE;
  106. }
  108. cchServer = lstrlenW( Server );
  110. if( Server[0] != L'\\' && Server[1] != L'\\')
  111. {
  113. //
  114. // prepend slashes and NULL terminate
  115. //
  116. RemoteResource[0] = L'\\';
  117. RemoteResource[1] = L'\\';
  118. RemoteResource[2] = L'\0';
  119. }
  120. else
  121. {
  122. cchServer -= 2; // drop slashes from count
  124. RemoteResource[0] = L'\0';
  125. }
  127. if(cchServer > CNLEN)
  128. {
  129. SetLastError(ERROR_INVALID_COMPUTERNAME);
  130. return FALSE;
  131. }
  133. if(lstrcatW(RemoteResource, Server) == NULL)
  134. {
  135. return FALSE;
  136. }
  137. if(lstrcatW(RemoteResource, szIpc) == NULL)
  138. {
  139. return FALSE;
  140. }
  142. //
  143. // disconnect or connect to the resource, based on bEstablish
  144. //
  145. if(bEstablish)
  146. {
  147. USE_INFO_2 ui2;
  148. DWORD errParm;
  150. ZeroMemory(&ui2, sizeof(ui2));
  152. ui2.ui2_local = NULL;
  153. ui2.ui2_remote = RemoteResource;
  154. ui2.ui2_asg_type = USE_IPC;
  155. ui2.ui2_domainname = Domain;
  156. ui2.ui2_username = UserName;
  157. ui2.ui2_password = Password;
  159. nas = NetUseAdd(NULL, 2, (LPBYTE)&ui2, &errParm);
  160. }
  161. else
  162. {
  163. nas = NetUseDel(NULL, RemoteResource, 0);
  164. }
  166. if( nas == NERR_Success )
  167. {
  168. return TRUE; // indicate success
  169. }
  170. SetLastError(nas);
  171. return FALSE;
  172. }
  174. BOOL
  175. EstablishShare(
  176. LPCWSTR Server, // in - server name
  177. LPWSTR Share, // in - share name
  178. LPWSTR Domain, // in - domain name for credentials to connect with
  179. LPWSTR UserName, // in - user name to connect as
  180. LPWSTR Password, // in - password for username
  181. BOOL bEstablish // in - TRUE=connect, FALSE=disconnect
  182. )
  183. {
  184. WCHAR RemoteResource[MAX_PATH];
  185. DWORD cchServer;
  186. NET_API_STATUS nas;
  188. //
  189. // do not allow NULL or empty server name
  190. //
  191. if(Server == NULL || *Server == L'\0')
  192. {
  193. SetLastError(ERROR_INVALID_COMPUTERNAME);
  194. return FALSE;
  195. }
  197. cchServer = lstrlenW( Server );
  199. if( Server[0] != L'\\' && Server[1] != L'\\')
  200. {
  202. //
  203. // prepend slashes and NULL terminate
  204. //
  205. RemoteResource[0] = L'\\';
  206. RemoteResource[1] = L'\\';
  207. RemoteResource[2] = L'\0';
  208. }
  209. else
  210. {
  211. cchServer -= 2; // drop slashes from count
  213. RemoteResource[0] = L'\0';
  214. }
  216. if(cchServer > CNLEN)
  217. {
  218. SetLastError(ERROR_INVALID_COMPUTERNAME);
  219. return FALSE;
  220. }
  222. if(lstrcatW(RemoteResource, Server) == NULL)
  223. {
  224. return FALSE;
  225. }
  226. if(lstrcatW(RemoteResource, Share) == NULL)
  227. {
  228. return FALSE;
  229. }
  231. //
  232. // disconnect or connect to the resource, based on bEstablish
  233. //
  234. if(bEstablish)
  235. {
  236. USE_INFO_2 ui2;
  237. DWORD errParm;
  239. ZeroMemory(&ui2, sizeof(ui2));
  241. ui2.ui2_local = NULL;
  242. ui2.ui2_remote = RemoteResource;
  243. ui2.ui2_asg_type = USE_DISKDEV;
  244. ui2.ui2_domainname = Domain;
  245. ui2.ui2_username = UserName;
  246. ui2.ui2_password = Password;
  248. nas = NetUseAdd(NULL, 2, (LPBYTE)&ui2, &errParm);
  249. }
  250. else
  251. {
  252. nas = NetUseDel(NULL, RemoteResource, 0);
  253. }
  255. if( nas == NERR_Success )
  256. {
  257. return TRUE; // indicate success
  258. }
  259. SetLastError(nas);
  260. return FALSE;
  261. }
  265. void
  266. InitLsaString(
  267. PLSA_UNICODE_STRING LsaString, // i/o- pointer to LSA string to initialize
  268. LPWSTR String // in - value to initialize LSA string to
  269. )
  270. {
  271. DWORD StringLength;
  273. if( String == NULL )
  274. {
  275. LsaString->Buffer = NULL;
  276. LsaString->Length = 0;
  277. LsaString->MaximumLength = 0;
  278. }
  279. else
  280. {
  281. StringLength = lstrlenW(String);
  282. LsaString->Buffer = String;
  283. LsaString->Length = (USHORT) StringLength * sizeof(WCHAR);
  284. LsaString->MaximumLength = (USHORT) (StringLength + 1) * sizeof(WCHAR);
  285. }
  286. }
  288. BOOL
  289. GetDomainSid(
  290. LPWSTR PrimaryDC, // in - domain controller of domain to acquire Sid
  291. PSID * pDomainSid // out- points to allocated Sid on success
  292. )
  293. {
  294. NET_API_STATUS nas;
  295. PUSER_MODALS_INFO_2 umi2 = NULL;
  296. DWORD dwSidSize;
  297. BOOL bSuccess = FALSE; // assume this function will fail
  299. *pDomainSid = NULL; // invalidate pointer
  301. __try {
  303. //
  304. // obtain the domain Sid from the PDC
  305. //
  306. nas = NetUserModalsGet(PrimaryDC, 2, (LPBYTE *)&umi2);
  308. if(nas != NERR_Success) __leave;
  309. //
  310. // if the Sid is valid, obtain the size of the Sid
  311. //
  312. if(!IsValidSid(umi2->usrmod2_domain_id)) __leave;
  314. dwSidSize = GetLengthSid(umi2->usrmod2_domain_id);
  316. //
  317. // allocate storage and copy the Sid
  318. //
  319. *pDomainSid = LocalAlloc(LPTR, dwSidSize);
  321. if(*pDomainSid == NULL) __leave;
  323. if(!CopySid(dwSidSize, *pDomainSid, umi2->usrmod2_domain_id)) __leave;
  325. bSuccess = TRUE; // indicate success
  327. } // try
  329. __finally
  330. {
  332. if(umi2 != NULL)
  333. {
  334. NetApiBufferFree(umi2);
  335. }
  337. if(!bSuccess)
  338. {
  339. //
  340. // if the function failed, free memory and indicate result code
  341. //
  343. if(*pDomainSid != NULL)
  344. {
  345. FreeSid(*pDomainSid);
  346. *pDomainSid = NULL;
  347. }
  349. if( nas != NERR_Success )
  350. {
  351. SetLastError(nas);
  352. }
  353. }
  355. } // finally
  357. return bSuccess;
  358. }
  360. NTSTATUS
  361. OpenPolicy(
  362. LPWSTR ComputerName, // in - computer name
  363. DWORD DesiredAccess, // in - access rights needed for policy
  364. PLSA_HANDLE PolicyHandle // out- LSA handle
  365. )
  366. {
  367. LSA_OBJECT_ATTRIBUTES ObjectAttributes;
  368. LSA_UNICODE_STRING ComputerString;
  369. PLSA_UNICODE_STRING Computer = NULL;
  370. LPWSTR NewComputerName;
  372. NewComputerName = (WCHAR*)LocalAlloc(LPTR,
  373. (MAX_COMPUTERNAME_LENGTH+3)*sizeof(WCHAR));
  375. //
  376. // Prepend some backslashes to the computer name so that
  377. // this will work on NT 3.51
  378. //
  379. lstrcpy(NewComputerName,L"\\\\");
  380. lstrcat(NewComputerName,ComputerName);
  382. lstrcpy(NewComputerName,ComputerName);
  384. //
  385. // Always initialize the object attributes to all zeroes
  386. //
  387. ZeroMemory(&ObjectAttributes, sizeof(ObjectAttributes));
  389. if(ComputerName != NULL)
  390. {
  391. //
  392. // Make a LSA_UNICODE_STRING out of the LPWSTR passed in
  393. //
  394. InitLsaString(&ComputerString, NewComputerName);
  396. Computer = &ComputerString;
  397. }
  399. //
  400. // Attempt to open the policy
  401. //
  402. return LsaOpenPolicy(Computer,&ObjectAttributes,DesiredAccess,PolicyHandle);
  403. }
  405. /*++
  406. This function sets the Primary Domain for the workstation.
  408. To join the workstation to a Workgroup, ppdi.Name should be the name of
  409. the Workgroup and ppdi.Sid should be NULL.
  411. --*/
  412. NTSTATUS
  413. SetPrimaryDomain(
  414. LSA_HANDLE PolicyHandle, // in -policy handle for computer
  415. PSID DomainSid, // in - sid for new domain
  416. LPWSTR TrustedDomainName // in - name of new domain
  417. )
  418. {
  419. POLICY_PRIMARY_DOMAIN_INFO ppdi;
  421. InitLsaString(&ppdi.Name, TrustedDomainName);
  423. ppdi.Sid = DomainSid;
  425. return LsaSetInformationPolicy(PolicyHandle,PolicyPrimaryDomainInformation,&ppdi);
  426. }
  429. // This function removes the information from the domain the computer used to
  430. // be a member of
  431. void
  432. QueryWorkstationTrustedDomainInfo(
  433. LSA_HANDLE PolicyHandle, // in - policy handle for computer
  434. PSID DomainSid, // in - SID for new domain the computer is member of
  435. BOOL bNoChange // in - flag indicating whether to write changes
  436. )
  437. {
  438. // This function is not currently used.
  439. NTSTATUS Status;
  440. LSA_ENUMERATION_HANDLE h = 0;
  441. LSA_TRUST_INFORMATION * ti = NULL;
  442. ULONG count;
  444. Status = LsaEnumerateTrustedDomains(PolicyHandle,&h,(void**)&ti,50000,&count);
  446. if ( Status == STATUS_SUCCESS )
  447. {
  448. for ( UINT i = 0 ; i < count ; i++ )
  449. {
  450. if ( !bNoChange && !EqualSid(DomainSid,ti[i].Sid) )
  451. {
  452. // Remove the old trust
  453. Status = LsaDeleteTrustedDomain(PolicyHandle,ti[i].Sid);
  455. if ( Status != STATUS_SUCCESS )
  456. {
  458. }
  459. }
  460. }
  461. LsaFreeMemory(ti);
  462. }
  463. else
  464. {
  466. }
  467. }
  470. /*++
  471. This function manipulates the trust associated with the supplied
  472. DomainSid.
  474. If the domain trust does not exist, it is created with the
  475. specified password. In this case, the supplied PolicyHandle must
  476. have been opened with POLICY_TRUST_ADMIN and POLICY_CREATE_SECRET
  477. access to the policy object.
  479. --*/
  480. NTSTATUS
  481. SetWorkstationTrustedDomainInfo(
  482. LSA_HANDLE PolicyHandle, // in - policy handle
  483. PSID DomainSid, // in - Sid of domain to manipulate
  484. LPWSTR TrustedDomainName, // in - trusted domain name to add/update
  485. LPWSTR Password, // in - new trust password for trusted domain
  486. LPWSTR errOut // out- error text if function fails
  487. )
  488. {
  489. LSA_UNICODE_STRING LsaPassword;
  490. LSA_UNICODE_STRING KeyName;
  491. LSA_UNICODE_STRING LsaDomainName;
  492. DWORD cchDomainName; // number of chars in TrustedDomainName
  493. NTSTATUS Status;
  495. InitLsaString(&LsaDomainName, TrustedDomainName);
  497. //
  498. // ...convert TrustedDomainName to uppercase...
  499. //
  500. cchDomainName = LsaDomainName.Length / sizeof(WCHAR);
  502. while(cchDomainName--)
  503. {
  504. LsaDomainName.Buffer[cchDomainName] = towupper(LsaDomainName.Buffer[cchDomainName]);
  505. }
  507. //
  508. // ...create the trusted domain object
  509. //
  510. Status = LsaSetTrustedDomainInformation(
  511. PolicyHandle,
  512. DomainSid,
  513. TrustedDomainNameInformation,
  514. &LsaDomainName
  515. );
  517. if(Status == STATUS_OBJECT_NAME_COLLISION)
  518. {
  519. //printf("LsaSetTrustedDomainInformation: Name Collision (ok)\n");
  520. }
  521. else if (Status != STATUS_SUCCESS)
  522. {
  523. err.SysMsgWrite(ErrE,LsaNtStatusToWinError(Status),DCT_MSG_LSA_OPERATION_FAILED_SD,L"LsaSetTrustedDomainInformation", Status);
  524. return RTN_ERROR;
  525. }
  527. InitLsaString(&KeyName, L"$MACHINE.ACC");
  528. InitLsaString(&LsaPassword, Password);
  530. //
  531. // Set the machine password
  532. //
  533. Status = LsaStorePrivateData(
  534. PolicyHandle,
  535. &KeyName,
  536. &LsaPassword
  537. );
  539. if(Status != STATUS_SUCCESS)
  540. {
  541. err.SysMsgWrite(ErrE,LsaNtStatusToWinError(Status),DCT_MSG_LSA_OPERATION_FAILED_SD,L"LsaStorePrivateData", Status);
  542. return RTN_ERROR;
  543. }
  545. return STATUS_SUCCESS;
  547. }