archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7 Commits
1 Branch
0 Tags
2.0 GiB
Tree: 9769ad7c3d
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '9769ad7c3d'
${ noResults }
windows-xp/Source/XPSP1/NT/admin/admt/common/commonlib/lsautils.cpp

577 lines
14 KiB
Raw Normal View History

Add source files
4 years ago
  1. /*---------------------------------------------------------------------------
  2. File: LSAUtils.cpp
  4. Comments: Code to change the domain membership of a workstation.
  7. This file also contains some general helper functions, such as:
  9. GetDomainDCName
  10. EstablishNullSession
  11. EstablishSession
  12. EstablishShare // connects to a share
  13. InitLsaString
  14. GetDomainSid
  17. (c) Copyright 1999, Mission Critical Software, Inc., All Rights Reserved
  18. Proprietary and confidential to Mission Critical Software, Inc.
  20. REVISION LOG ENTRY
  21. Revision By: Christy Boles
  22. Revised on 02/03/99 12:37:51
  24. ---------------------------------------------------------------------------
  25. */
  27. //
  29. //#include "stdafx.h"
  30. #include <windows.h>
  31. #include <process.h>
  33. #ifndef UNICODE
  34. #define UNICODE
  35. #define _UNICODE
  36. #endif
  38. #include <lm.h> // for NetXxx API
  40. #include <stdio.h>
  42. #include "LSAUtils.h"
  43. #include "ErrDct.hpp"
  44. #include "ResStr.h"
  47. #define RTN_OK 0
  48. #define RTN_USAGE 1
  49. #define RTN_ERROR 13
  51. extern TErrorDct err;
  54. BOOL
  55. GetDomainDCName(
  56. LPWSTR Domain, // in - domain name
  57. LPWSTR * pPrimaryDC // out- PDC name (must be freed with NetApiBufferFree)
  58. )
  59. {
  60. NET_API_STATUS nas;
  62. //
  63. // get the name of the Primary Domain Controller
  64. //
  65. // we're using NetGetDCName instead of DsGetDCName so this can work on NT 3.51
  67. nas = NetGetDCName(NULL, Domain, (LPBYTE *)pPrimaryDC);
  69. if(nas != NERR_Success)
  70. {
  71. SetLastError(nas);
  72. return FALSE;
  73. }
  75. return TRUE;
  76. }
  78. BOOL
  79. EstablishNullSession(
  80. LPCWSTR Server, // in - server name
  81. BOOL bEstablish // in - TRUE=establish, FALSE=disconnect
  82. )
  83. {
  84. return EstablishSession(Server,L"",L"",L"",bEstablish);
  85. }
  87. BOOL
  88. EstablishSession(
  89. LPCWSTR Server, // in - server name
  90. LPWSTR Domain, // in - domain name for user credentials
  91. LPWSTR UserName, // in - username for credentials to use
  92. LPWSTR Password, // in - password for credentials
  93. BOOL bEstablish // in - TRUE=establish, FALSE=disconnect
  94. )
  95. {
  96. LPCWSTR szIpc = L"\\IPC$";
  97. WCHAR RemoteResource[UNCLEN + 5 + 1]; // UNC len + \IPC$ + NULL
  98. DWORD cchServer;
  99. NET_API_STATUS nas;
  101. //
  102. // do not allow NULL or empty server name
  103. //
  104. if(Server == NULL || *Server == L'\0')
  105. {
  106. SetLastError(ERROR_INVALID_COMPUTERNAME);
  107. return FALSE;
  108. }
  110. cchServer = lstrlenW( Server );
  112. if( Server[0] != L'\\' && Server[1] != L'\\')
  113. {
  115. //
  116. // prepend slashes and NULL terminate
  117. //
  118. RemoteResource[0] = L'\\';
  119. RemoteResource[1] = L'\\';
  120. RemoteResource[2] = L'\0';
  121. }
  122. else
  123. {
  124. cchServer -= 2; // drop slashes from count
  126. RemoteResource[0] = L'\0';
  127. }
  129. if(cchServer > CNLEN)
  130. {
  131. SetLastError(ERROR_INVALID_COMPUTERNAME);
  132. return FALSE;
  133. }
  135. if(lstrcatW(RemoteResource, Server) == NULL)
  136. {
  137. return FALSE;
  138. }
  139. if(lstrcatW(RemoteResource, szIpc) == NULL)
  140. {
  141. return FALSE;
  142. }
  144. //
  145. // disconnect or connect to the resource, based on bEstablish
  146. //
  147. if(bEstablish)
  148. {
  149. USE_INFO_2 ui2;
  150. DWORD errParm;
  152. ZeroMemory(&ui2, sizeof(ui2));
  154. ui2.ui2_local = NULL;
  155. ui2.ui2_remote = RemoteResource;
  156. ui2.ui2_asg_type = USE_IPC;
  157. ui2.ui2_domainname = Domain;
  158. ui2.ui2_username = UserName;
  159. ui2.ui2_password = Password;
  161. // try establishing session for one minute
  162. // if computer is not accepting any more connections
  164. for (int i = 0; i < (60000 / 5000); i++)
  165. {
  166. nas = NetUseAdd(NULL, 2, (LPBYTE)&ui2, &errParm);
  168. if (nas != ERROR_REQ_NOT_ACCEP)
  169. {
  170. break;
  171. }
  173. Sleep(5000);
  174. }
  175. }
  176. else
  177. {
  178. nas = NetUseDel(NULL, RemoteResource, 0);
  179. }
  181. if( nas == NERR_Success )
  182. {
  183. return TRUE; // indicate success
  184. }
  185. SetLastError(nas);
  186. return FALSE;
  187. }
  189. BOOL
  190. EstablishShare(
  191. LPCWSTR Server, // in - server name
  192. LPWSTR Share, // in - share name
  193. LPWSTR Domain, // in - domain name for credentials to connect with
  194. LPWSTR UserName, // in - user name to connect as
  195. LPWSTR Password, // in - password for username
  196. BOOL bEstablish // in - TRUE=connect, FALSE=disconnect
  197. )
  198. {
  199. WCHAR RemoteResource[MAX_PATH];
  200. DWORD cchServer;
  201. NET_API_STATUS nas;
  203. //
  204. // do not allow NULL or empty server name
  205. //
  206. if(Server == NULL || *Server == L'\0')
  207. {
  208. SetLastError(ERROR_INVALID_COMPUTERNAME);
  209. return FALSE;
  210. }
  212. cchServer = lstrlenW( Server );
  214. if( Server[0] != L'\\' && Server[1] != L'\\')
  215. {
  217. //
  218. // prepend slashes and NULL terminate
  219. //
  220. RemoteResource[0] = L'\\';
  221. RemoteResource[1] = L'\\';
  222. RemoteResource[2] = L'\0';
  223. }
  224. else
  225. {
  226. cchServer -= 2; // drop slashes from count
  228. RemoteResource[0] = L'\0';
  229. }
  231. if(cchServer > CNLEN)
  232. {
  233. SetLastError(ERROR_INVALID_COMPUTERNAME);
  234. return FALSE;
  235. }
  237. if(lstrcatW(RemoteResource, Server) == NULL)
  238. {
  239. return FALSE;
  240. }
  241. if(lstrcatW(RemoteResource, Share) == NULL)
  242. {
  243. return FALSE;
  244. }
  246. //
  247. // disconnect or connect to the resource, based on bEstablish
  248. //
  249. if(bEstablish)
  250. {
  251. USE_INFO_2 ui2;
  252. DWORD errParm;
  254. ZeroMemory(&ui2, sizeof(ui2));
  256. ui2.ui2_local = NULL;
  257. ui2.ui2_remote = RemoteResource;
  258. ui2.ui2_asg_type = USE_DISKDEV;
  259. ui2.ui2_domainname = Domain;
  260. ui2.ui2_username = UserName;
  261. ui2.ui2_password = Password;
  263. // try establishing session for one minute
  264. // if computer is not accepting any more connections
  266. for (int i = 0; i < (60000 / 5000); i++)
  267. {
  268. nas = NetUseAdd(NULL, 2, (LPBYTE)&ui2, &errParm);
  270. if (nas != ERROR_REQ_NOT_ACCEP)
  271. {
  272. break;
  273. }
  275. Sleep(5000);
  276. }
  277. }
  278. else
  279. {
  280. nas = NetUseDel(NULL, RemoteResource, 0);
  281. }
  283. if( nas == NERR_Success )
  284. {
  285. return TRUE; // indicate success
  286. }
  287. SetLastError(nas);
  288. return FALSE;
  289. }
  293. void
  294. InitLsaString(
  295. PLSA_UNICODE_STRING LsaString, // i/o- pointer to LSA string to initialize
  296. LPWSTR String // in - value to initialize LSA string to
  297. )
  298. {
  299. DWORD StringLength;
  301. if( String == NULL )
  302. {
  303. LsaString->Buffer = NULL;
  304. LsaString->Length = 0;
  305. LsaString->MaximumLength = 0;
  306. }
  307. else
  308. {
  309. StringLength = lstrlenW(String);
  310. LsaString->Buffer = String;
  311. LsaString->Length = (USHORT) StringLength * sizeof(WCHAR);
  312. LsaString->MaximumLength = (USHORT) (StringLength + 1) * sizeof(WCHAR);
  313. }
  314. }
  316. BOOL
  317. GetDomainSid(
  318. LPWSTR PrimaryDC, // in - domain controller of domain to acquire Sid
  319. PSID * pDomainSid // out- points to allocated Sid on success
  320. )
  321. {
  322. NET_API_STATUS nas;
  323. PUSER_MODALS_INFO_2 umi2 = NULL;
  324. DWORD dwSidSize;
  325. BOOL bSuccess = FALSE; // assume this function will fail
  327. *pDomainSid = NULL; // invalidate pointer
  329. __try {
  331. //
  332. // obtain the domain Sid from the PDC
  333. //
  334. nas = NetUserModalsGet(PrimaryDC, 2, (LPBYTE *)&umi2);
  336. if(nas != NERR_Success) __leave;
  337. //
  338. // if the Sid is valid, obtain the size of the Sid
  339. //
  340. if(!IsValidSid(umi2->usrmod2_domain_id)) __leave;
  342. dwSidSize = GetLengthSid(umi2->usrmod2_domain_id);
  344. //
  345. // allocate storage and copy the Sid
  346. //
  347. *pDomainSid = LocalAlloc(LPTR, dwSidSize);
  349. if(*pDomainSid == NULL) __leave;
  351. if(!CopySid(dwSidSize, *pDomainSid, umi2->usrmod2_domain_id)) __leave;
  353. bSuccess = TRUE; // indicate success
  355. } // try
  357. __finally
  358. {
  360. if(umi2 != NULL)
  361. {
  362. NetApiBufferFree(umi2);
  363. }
  365. if(!bSuccess)
  366. {
  367. //
  368. // if the function failed, free memory and indicate result code
  369. //
  371. if(*pDomainSid != NULL)
  372. {
  373. FreeSid(*pDomainSid);
  374. *pDomainSid = NULL;
  375. }
  377. if( nas != NERR_Success )
  378. {
  379. SetLastError(nas);
  380. }
  381. }
  383. } // finally
  385. return bSuccess;
  386. }
  388. NTSTATUS
  389. OpenPolicy(
  390. LPWSTR ComputerName, // in - computer name
  391. DWORD DesiredAccess, // in - access rights needed for policy
  392. PLSA_HANDLE PolicyHandle // out- LSA handle
  393. )
  394. {
  395. LSA_OBJECT_ATTRIBUTES ObjectAttributes;
  396. LSA_UNICODE_STRING ComputerString;
  397. PLSA_UNICODE_STRING Computer = NULL;
  398. LPWSTR NewComputerName;
  400. NewComputerName = (WCHAR*)LocalAlloc(LPTR,
  401. (MAX_COMPUTERNAME_LENGTH+3)*sizeof(WCHAR));
  402. if (!NewComputerName)
  403. return STATUS_NO_MEMORY;
  405. //
  406. // Prepend some backslashes to the computer name so that
  407. // this will work on NT 3.51
  408. //
  409. lstrcpy(NewComputerName,L"\\\\");
  410. lstrcat(NewComputerName,ComputerName);
  412. lstrcpy(NewComputerName,ComputerName);
  414. //
  415. // Always initialize the object attributes to all zeroes
  416. //
  417. ZeroMemory(&ObjectAttributes, sizeof(ObjectAttributes));
  419. if(ComputerName != NULL)
  420. {
  421. //
  422. // Make a LSA_UNICODE_STRING out of the LPWSTR passed in
  423. //
  424. InitLsaString(&ComputerString, NewComputerName);
  426. Computer = &ComputerString;
  427. }
  429. //
  430. // Attempt to open the policy
  431. //
  432. return LsaOpenPolicy(Computer,&ObjectAttributes,DesiredAccess,PolicyHandle);
  433. }
  435. /*++
  436. This function sets the Primary Domain for the workstation.
  438. To join the workstation to a Workgroup, ppdi.Name should be the name of
  439. the Workgroup and ppdi.Sid should be NULL.
  441. --*/
  442. NTSTATUS
  443. SetPrimaryDomain(
  444. LSA_HANDLE PolicyHandle, // in -policy handle for computer
  445. PSID DomainSid, // in - sid for new domain
  446. LPWSTR TrustedDomainName // in - name of new domain
  447. )
  448. {
  449. POLICY_PRIMARY_DOMAIN_INFO ppdi;
  451. InitLsaString(&ppdi.Name, TrustedDomainName);
  453. ppdi.Sid = DomainSid;
  455. return LsaSetInformationPolicy(PolicyHandle,PolicyPrimaryDomainInformation,&ppdi);
  456. }
  459. // This function removes the information from the domain the computer used to
  460. // be a member of
  461. void
  462. QueryWorkstationTrustedDomainInfo(
  463. LSA_HANDLE PolicyHandle, // in - policy handle for computer
  464. PSID DomainSid, // in - SID for new domain the computer is member of
  465. BOOL bNoChange // in - flag indicating whether to write changes
  466. )
  467. {
  468. // This function is not currently used.
  469. NTSTATUS Status;
  470. LSA_ENUMERATION_HANDLE h = 0;
  471. LSA_TRUST_INFORMATION * ti = NULL;
  472. ULONG count;
  474. Status = LsaEnumerateTrustedDomains(PolicyHandle,&h,(void**)&ti,50000,&count);
  476. if ( Status == STATUS_SUCCESS )
  477. {
  478. for ( UINT i = 0 ; i < count ; i++ )
  479. {
  480. if ( !bNoChange && !EqualSid(DomainSid,ti[i].Sid) )
  481. {
  482. // Remove the old trust
  483. Status = LsaDeleteTrustedDomain(PolicyHandle,ti[i].Sid);
  485. if ( Status != STATUS_SUCCESS )
  486. {
  488. }
  489. }
  490. }
  491. LsaFreeMemory(ti);
  492. }
  493. else
  494. {
  496. }
  497. }
  500. /*++
  501. This function manipulates the trust associated with the supplied
  502. DomainSid.
  504. If the domain trust does not exist, it is created with the
  505. specified password. In this case, the supplied PolicyHandle must
  506. have been opened with POLICY_TRUST_ADMIN and POLICY_CREATE_SECRET
  507. access to the policy object.
  509. --*/
  510. NTSTATUS
  511. SetWorkstationTrustedDomainInfo(
  512. LSA_HANDLE PolicyHandle, // in - policy handle
  513. PSID DomainSid, // in - Sid of domain to manipulate
  514. LPWSTR TrustedDomainName, // in - trusted domain name to add/update
  515. LPWSTR Password, // in - new trust password for trusted domain
  516. LPWSTR errOut // out- error text if function fails
  517. )
  518. {
  519. LSA_UNICODE_STRING LsaPassword;
  520. LSA_UNICODE_STRING KeyName;
  521. LSA_UNICODE_STRING LsaDomainName;
  522. DWORD cchDomainName; // number of chars in TrustedDomainName
  523. NTSTATUS Status;
  525. InitLsaString(&LsaDomainName, TrustedDomainName);
  527. //
  528. // ...convert TrustedDomainName to uppercase...
  529. //
  530. cchDomainName = LsaDomainName.Length / sizeof(WCHAR);
  532. while(cchDomainName--)
  533. {
  534. LsaDomainName.Buffer[cchDomainName] = towupper(LsaDomainName.Buffer[cchDomainName]);
  535. }
  537. //
  538. // ...create the trusted domain object
  539. //
  540. Status = LsaSetTrustedDomainInformation(
  541. PolicyHandle,
  542. DomainSid,
  543. TrustedDomainNameInformation,
  544. &LsaDomainName
  545. );
  547. if(Status == STATUS_OBJECT_NAME_COLLISION)
  548. {
  549. //printf("LsaSetTrustedDomainInformation: Name Collision (ok)\n");
  550. }
  551. else if (Status != STATUS_SUCCESS)
  552. {
  553. err.SysMsgWrite(ErrE,LsaNtStatusToWinError(Status),DCT_MSG_LSA_OPERATION_FAILED_SD,L"LsaSetTrustedDomainInformation", Status);
  554. return RTN_ERROR;
  555. }
  557. InitLsaString(&KeyName, L"$MACHINE.ACC");
  558. InitLsaString(&LsaPassword, Password);
  560. //
  561. // Set the machine password
  562. //
  563. Status = LsaStorePrivateData(
  564. PolicyHandle,
  565. &KeyName,
  566. &LsaPassword
  567. );
  569. if(Status != STATUS_SUCCESS)
  570. {
  571. err.SysMsgWrite(ErrE,LsaNtStatusToWinError(Status),DCT_MSG_LSA_OPERATION_FAILED_SD,L"LsaStorePrivateData", Status);
  572. return RTN_ERROR;
  573. }
  575. return STATUS_SUCCESS;
  577. }