archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
0 Tags
2.0 GiB
Tree: daad8a087a
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'daad8a087a'
${ noResults }
windows-xp/Source/XPSP1/NT/ds/security/gina/msgina/lsa.c

263 lines
6.6 KiB
Raw Normal View History

Add source files
4 years ago
  2. /****************************************************************************
  4. PROGRAM: LSA.C
  6. PURPOSE: Utility routines that access the LSA.
  8. ****************************************************************************/
  10. #include "msgina.h"
  14. // #define DEBUG_LSA
  16. #ifdef DEBUG_LSA
  17. #define VerbosePrint(s) WLPrint(s)
  18. #else
  19. #define VerbosePrint(s)
  20. #endif
  22. NTSTATUS NtStatusGPDEx = 0;
  24. /***************************************************************************\
  25. * GetPrimaryDomainEx
  26. *
  27. * Purpose : Returns the primary domain name for authentication
  28. *
  29. * Returns : TRUE if primary domain exists and returned, otherwise FALSE
  30. *
  31. * The primary domain name should be freed using RtlFreeUnicodeString().
  32. * The primary domain sid should be freed using Free()
  33. *
  34. * History:
  35. * 02-13-92 Davidc Created.
  36. \***************************************************************************/
  37. BOOL
  38. GetPrimaryDomainEx(
  39. PUNICODE_STRING PrimaryDomainName OPTIONAL,
  40. PUNICODE_STRING PrimaryDomainDnsName OPTIONAL,
  41. PSID *PrimaryDomainSid OPTIONAL,
  42. PBOOL SidPresent OPTIONAL
  43. )
  44. {
  45. NTSTATUS IgnoreStatus;
  46. OBJECT_ATTRIBUTES ObjectAttributes;
  47. LSA_HANDLE LsaHandle;
  48. SECURITY_QUALITY_OF_SERVICE SecurityQualityOfService;
  49. PPOLICY_DNS_DOMAIN_INFO DnsDomainInfo;
  50. BOOL PrimaryDomainPresent = FALSE;
  51. DWORD dwRetry = 10;
  53. //
  54. // Set up the Security Quality Of Service
  55. //
  57. SecurityQualityOfService.Length = sizeof(SECURITY_QUALITY_OF_SERVICE);
  58. SecurityQualityOfService.ImpersonationLevel = SecurityImpersonation;
  59. SecurityQualityOfService.ContextTrackingMode = SECURITY_DYNAMIC_TRACKING;
  60. SecurityQualityOfService.EffectiveOnly = FALSE;
  62. //
  63. // Set up the object attributes to open the Lsa policy object
  64. //
  66. InitializeObjectAttributes(&ObjectAttributes,
  67. NULL,
  68. 0L,
  69. (HANDLE)NULL,
  70. NULL);
  71. ObjectAttributes.SecurityQualityOfService = &SecurityQualityOfService;
  73. //
  74. // Open the local LSA policy object
  75. //
  76. Retry:
  77. NtStatusGPDEx = LsaOpenPolicy( NULL,
  78. &ObjectAttributes,
  79. POLICY_VIEW_LOCAL_INFORMATION,
  80. &LsaHandle
  81. );
  83. if (!NT_SUCCESS(NtStatusGPDEx)) {
  84. DebugLog((DEB_ERROR, "Failed to open local LsaPolicyObject, Status = 0x%lx\n", NtStatusGPDEx));
  85. if ((NtStatusGPDEx == RPC_NT_SERVER_TOO_BUSY) && (--dwRetry))
  86. {
  87. Sleep(100);
  88. goto Retry; // Likely to be too soon to call Lsa
  89. }
  90. return(FALSE);
  91. }
  93. //
  94. // Get the primary domain info
  95. //
  96. NtStatusGPDEx = LsaQueryInformationPolicy(LsaHandle,
  97. PolicyDnsDomainInformation,
  98. (PVOID *)&DnsDomainInfo);
  99. if (!NT_SUCCESS(NtStatusGPDEx)) {
  100. DebugLog((DEB_ERROR, "Failed to query primary domain from Lsa, Status = 0x%lx\n", NtStatusGPDEx));
  102. IgnoreStatus = LsaClose(LsaHandle);
  103. ASSERT(NT_SUCCESS(IgnoreStatus));
  105. return(FALSE);
  106. }
  108. //
  109. // Copy the primary domain name into the return string
  110. //
  112. if ( SidPresent )
  113. {
  114. *SidPresent = ( DnsDomainInfo->Sid != NULL );
  115. }
  117. if (DnsDomainInfo->Sid != NULL) {
  119. PrimaryDomainPresent = TRUE;
  121. if (PrimaryDomainName)
  122. {
  124. if (DuplicateUnicodeString(PrimaryDomainName, &(DnsDomainInfo->Name))) {
  126. if (PrimaryDomainSid != NULL) {
  128. ULONG SidLength = RtlLengthSid(DnsDomainInfo->Sid);
  130. *PrimaryDomainSid = Alloc(SidLength);
  131. if (*PrimaryDomainSid != NULL) {
  133. NtStatusGPDEx = RtlCopySid(SidLength, *PrimaryDomainSid, DnsDomainInfo->Sid);
  134. ASSERT(NT_SUCCESS(NtStatusGPDEx));
  136. } else {
  137. RtlFreeUnicodeString(PrimaryDomainName);
  138. PrimaryDomainPresent = FALSE;
  139. }
  140. }
  142. } else {
  143. PrimaryDomainPresent = FALSE;
  144. }
  145. }
  146. } else if (DnsDomainInfo->DnsDomainName.Length != 0) {
  147. PrimaryDomainPresent = TRUE;
  148. if (PrimaryDomainName) {
  149. if (DuplicateUnicodeString(
  150. PrimaryDomainName,
  151. &DnsDomainInfo->DnsDomainName)) {
  153. ASSERT(!ARGUMENT_PRESENT(PrimaryDomainSid));
  155. } else {
  156. PrimaryDomainPresent = FALSE;
  157. }
  159. }
  160. }
  162. if ( ( DnsDomainInfo->DnsDomainName.Length != 0 ) &&
  163. ( PrimaryDomainDnsName != NULL ) )
  164. {
  165. DuplicateUnicodeString( PrimaryDomainDnsName,
  166. &DnsDomainInfo->DnsDomainName );
  167. }
  169. //
  170. // We're finished with the Lsa
  171. //
  173. IgnoreStatus = LsaFreeMemory(DnsDomainInfo);
  174. ASSERT(NT_SUCCESS(IgnoreStatus));
  176. IgnoreStatus = LsaClose(LsaHandle);
  177. ASSERT(NT_SUCCESS(IgnoreStatus));
  180. return(PrimaryDomainPresent);
  181. }
  184. //
  185. // Since this isn't going to change without a reboot, we can easily cache the info
  186. //
  187. BOOL
  188. IsMachineDomainMember(
  189. VOID
  190. )
  191. {
  192. static BOOL s_bIsDomainMember = FALSE;
  193. static BOOL s_bDomainCached = FALSE;
  195. if (!s_bDomainCached)
  196. {
  197. s_bIsDomainMember = GetPrimaryDomainEx(NULL, NULL, NULL, NULL);
  198. if (NT_SUCCESS(NtStatusGPDEx))
  199. s_bDomainCached = TRUE;
  200. }
  202. return s_bIsDomainMember;
  203. }
  205. ULONG
  206. GetMaxPasswordAge(
  207. LPWSTR Domain,
  208. PULONG MaxAge
  209. )
  210. {
  211. DWORD Error;
  212. PUSER_MODALS_INFO_0 Modals;
  213. WCHAR ComputerName[ CNLEN+2 ];
  214. ULONG Length ;
  215. PDOMAIN_CONTROLLER_INFO DcInfo ;
  216. PWSTR DcNameBuffer ;
  218. Length = CNLEN + 2;
  220. GetComputerName( ComputerName, &Length );
  222. if (_wcsicmp( ComputerName, Domain ) == 0 )
  223. {
  224. DcNameBuffer = NULL ;
  225. DcInfo = NULL ;
  226. }
  227. else
  228. {
  230. Error = DsGetDcName( NULL,
  231. Domain,
  232. NULL,
  233. NULL,
  234. 0,
  235. &DcInfo );
  237. if ( Error )
  238. {
  239. return Error ;
  240. }
  242. DcNameBuffer = DcInfo->DomainControllerAddress ;
  243. }
  245. Error = NetUserModalsGet( DcNameBuffer,
  246. 0,
  247. (PUCHAR *) &Modals );
  249. if ( Error == 0 )
  250. {
  251. *MaxAge = Modals->usrmod0_max_passwd_age ;
  253. NetApiBufferFree( Modals );
  254. }
  256. if ( DcInfo )
  257. {
  258. NetApiBufferFree( DcInfo );
  259. }
  261. return Error ;
  263. }