Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

2096 lines
64 KiB

/*++
Copyright (c) 1999 Microsoft Corporation
Module Name:
cluspw.c
Abstract:
cluster password utility. Co-ordinates changing the cluster service domain
account password on all nodes in the cluster and updating the LSA's local
password cache
This implementation currently assumes that the domain of the service
account and the cluster node's domain are the same (which is bad). If the
two domains are different, this will affect whether the secure channel is
reset (no point in resetting the channel if the password domain is
different from the machine domain). This configuration increases the risk
of the cluster falling apart since we're dependent upon the secure channel
of node's DC to be pointed at the PDC of the account domain which seems
pretty unlikely.
In order to make this work reliably, we have to force replication of the
password to eliminate the race between password replication and netlogon
resetting the secure channel to a DC that doesn't have the updated
password. Using kerberos for intra-cluster comm would help in this
respect.
Author:
Charlie Wickham (charlwi) 22-Jul-1999
Environment:
User mode
Revision History:
--*/
#define UNICODE 1
#define _UNICODE 1
#define CMDWINDOW
#include <windows.h>
#include <lmcons.h>
#include <lmapibuf.h>
#include <lmaccess.h>
#include <windns.h>
#include <stdio.h>
#include <stdlib.h>
#if (_WIN32_WINNT > 0x4FF)
#include <dsgetdc.h>
#endif
#include <clusapi.h>
#include <resapi.h>
#include "cluspw.h"
//
// struct for each node in the cluster.
//
typedef struct _CLUSTER_NODE_DATA {
struct _CLUSTER_NODE_DATA * NextNode;
WCHAR NodeName[ DNS_MAX_NAME_BUFFER_LENGTH ];
HNODE NodeHandle;
CLUSTER_NODE_STATE NodeState;
SC_HANDLE ClussvcHandle; // handle to SCM clussvc entry on this node
SC_HANDLE PasswordHandle; // handle to password utility service
DWORD ServiceState;
} CLUSTER_NODE_DATA, *PCLUSTER_NODE_DATA;
#if 0
//
// used to build property lists for setting group and resource command and
// private properties
//
typedef struct _FAILOVER_PARAMBLOCK {
DWORD FailoverThresholdValue;
}
FAILOVER_PARAMBLOCK, *PFAILOVER_PARAMBLOCK;
typedef struct _RESOURCE_COMMONPROPS {
DWORD RestartAction;
} RESOURCE_COMMONPROPS, *PRESOURCE_COMMONPROPS;
typedef struct _RESOURCE_PRIVATEPROPS {
LPWSTR CommandLine;
LPWSTR CurrentDirectory;
DWORD InteractWithDesktop;
} RESOURCE_PRIVATEPROPS, *PRESOURCE_PRIVATEPROPS;
#endif
PCHAR ClusterNodeState[] = {
"Up",
"Down",
"Paused",
"Joining"
};
/* Globals */
HCLUSTER ClusterHandle;
PCLUSTER_NODE_DATA NodeList;
LPWSTR DomainName;
LPWSTR UserName;
HGROUP PWGroup; // cluster password group
HRESOURCE PWResource; // cluster password resource
WCHAR NodeName[ MAX_COMPUTERNAME_LENGTH + 1 ];
HANDLE PipeHandle;
//
// cmd line args
//
BOOL AttemptRecovery;
BOOL Unattended;
DWORD StartingPhase = 1;
BOOL QuietOutput;
BOOL VerboseOutput;
BOOL RefreshCache;
LPWSTR NewPassword;
LPWSTR OldPassword;
LPWSTR ClusterName;
BOOL RunInCmdWindow;
LPWSTR ResultPipeName;
VOID
PrintMsg(
MSG_SEVERITY Severity,
LPSTR FormatString,
...
)
/*++
Routine Description:
print out the message based on the serverity of the error and the setting
of QuietOutput
Arguments:
Severity - indicates importance level of msg
FormatMessage - pointer to ANSI format string
other args as appropriate
Return Value:
None
--*/
{
PIPE_RESULT_MSG resultMsg;
va_list ArgList;
va_start(ArgList, FormatString);
switch ( Severity ) {
case MsgSeverityFatal:
_vsnprintf( resultMsg.MsgBuf, sizeof( resultMsg.MsgBuf ), FormatString, ArgList );
break;
case MsgSeverityInfo:
if ( !QuietOutput ) {
_vsnprintf( resultMsg.MsgBuf, sizeof( resultMsg.MsgBuf ), FormatString, ArgList );
}
else {
resultMsg.MsgBuf[0] = 0;
}
break;
case MsgSeverityVerbose:
if ( !QuietOutput && VerboseOutput ) {
_vsnprintf( resultMsg.MsgBuf, sizeof( resultMsg.MsgBuf ), FormatString, ArgList );
}
else {
resultMsg.MsgBuf[0] = 0;
}
break;
}
va_end(ArgList);
if ( resultMsg.MsgBuf[0] != 0 ) {
if ( RefreshCache && PipeHandle != INVALID_HANDLE_VALUE ) {
BOOL success;
DWORD bytesWritten;
DWORD status;
resultMsg.MsgType = MsgTypeString;
resultMsg.Severity = Severity;
wcscpy( resultMsg.NodeName, NodeName );
success = WriteFile(PipeHandle,
&resultMsg,
sizeof( resultMsg ),
&bytesWritten,
NULL);
if ( !success ) {
status = GetLastError();
printf("WriteFile failed in PrintMsg - %d\n", status );
printf("%s\n", resultMsg.MsgBuf );
}
if ( RunInCmdWindow ) {
printf( resultMsg.MsgBuf );
}
}
else {
printf( resultMsg.MsgBuf );
}
}
} // PrintMsg
DWORD
RefreshPasswordCaches(
VOID
)
/*++
Routine Description:
Start the password service on each node
Arguments:
None
Return Value:
None
--*/
{
PCLUSTER_NODE_DATA nodeData;
BOOL success;
DWORD status = ERROR_SUCCESS;
WCHAR resultPipeName[ MAX_PATH ] = L"\\\\";
DWORD pipeNameSize = (sizeof(resultPipeName) / sizeof( WCHAR )) - 2;
DWORD argCount;
LPWSTR argVector[ 6 ];
SERVICE_STATUS_PROCESS serviceStatus;
DWORD bytesNeeded;
BOOL continueToPoll;
//
// get our physical netbios name to include on the cmd line arg
//
#if (_WIN32_WINNT > 0x4FF)
success = GetComputerNameEx(ComputerNamePhysicalNetBIOS,
&resultPipeName[2],
&pipeNameSize);
#else
success = GetComputerName( &resultPipeName[2], &pipeNameSize);
#endif
wcscat( resultPipeName, L"\\pipe\\cluspw" );
//
// loop through the cluster nodes
//
nodeData = NodeList;
while ( nodeData != NULL ) {
if ( nodeData->NodeState == ClusterNodeUp ) {
PrintMsg(MsgSeverityVerbose,
"Starting password service on node %ws\n",
nodeData->NodeName);
argCount = 0;
if ( VerboseOutput ) {
argVector[ argCount++ ] = L"-v";
}
argVector[ argCount++ ] = L"-z";
argVector[ argCount++ ] = DomainName;
argVector[ argCount++ ] = UserName;
argVector[ argCount++ ] = NewPassword;
argVector[ argCount++ ] = resultPipeName;
success = StartService(nodeData->PasswordHandle,
argCount,
argVector);
if ( !success ) {
PrintMsg(MsgSeverityInfo,
"Failed to start password service on node %ws - %d\n",
nodeData->NodeName,
GetLastError());
}
nodeData->ServiceState = SERVICE_START_PENDING;
}
nodeData = nodeData->NextNode;
}
#if 0
// this code is of dubious use since we get back access denied on the
// QuerySeviceStatusEx calls. This would follow since the password utility
// has probably already updated the caches, potentially invalidating the
// credentials we're using to run the client portion of the utility.
//
// periodically poll the node list, waiting for each service invocation to
// finish
do {
Sleep( 1000 );
nodeData = NodeList;
continueToPoll = FALSE;
while ( nodeData != NULL ) {
if ( nodeData->NodeState == ClusterNodeUp && nodeData->ServiceState != SERVICE_STOPPED ) {
if ( QueryServiceStatusEx(nodeData->PasswordHandle,
SC_STATUS_PROCESS_INFO,
(LPBYTE)&serviceStatus,
sizeof(serviceStatus),
&bytesNeeded ) )
{
PrintMsg(MsgSeverityInfo,
"Password service state on %ws is %u\n",
nodeData->NodeName,
serviceStatus.dwCurrentState);
nodeData->ServiceState = serviceStatus.dwCurrentState;
if ( serviceStatus.dwCurrentState != SERVICE_STOPPED ) {
continueToPoll = TRUE;
}
} else {
status = GetLastError();
PrintMsg(MsgSeverityInfo,
"Query Service Status failed for node %ws - %u.\n",
nodeData->NodeName,
status );
}
}
nodeData = nodeData->NextNode;
}
} while ( continueToPoll );
#endif
return status;
} // RefreshPasswordCaches
DWORD
ChangePasswordWithSCMs(
VOID
)
/*++
Routine Description:
Change the password with each SCM
Arguments:
None
Return Value:
None
--*/
{
PCLUSTER_NODE_DATA nodeData;
BOOL success;
DWORD status = ERROR_SUCCESS;
nodeData = NodeList;
while ( nodeData != NULL ) {
PrintMsg(MsgSeverityVerbose,
"Changing SCM password on node %ws\n",
nodeData->NodeName);
success = ChangeServiceConfig(nodeData->ClussvcHandle,
SERVICE_NO_CHANGE,
SERVICE_NO_CHANGE,
SERVICE_NO_CHANGE,
NULL,
NULL,
NULL,
NULL,
NULL,
NewPassword,
NULL);
if ( !success ) {
status = GetLastError();
PrintMsg(MsgSeverityFatal,
"Problem changing password with node %ws's service controller. error %d\n",
nodeData->NodeName, status);
break;
}
nodeData = nodeData->NextNode;
}
return status;
} // ChangePasswordWithSCMs
#if 0
DWORD
CreatePasswordGroup(
VOID
)
/*++
Routine Description:
Create a new group with a generic app resource to run cluspw on each node.
Arguments:
None
Return Value:
ERROR_SUCCESS if all went ok
--*/
{
DWORD status;
FAILOVER_PARAMBLOCK failoverBlock;
RESUTIL_PROPERTY_ITEM failoverPropTable[] = {
{ L"FailoverThreshold", NULL, CLUSPROP_FORMAT_DWORD, 0, 0, 0, 0,
FIELD_OFFSET( FAILOVER_PARAMBLOCK, FailoverThresholdValue ) },
{ 0 }
};
DWORD bytesReturned;
DWORD bytesRequired;
PWGroup = CreateClusterGroup( ClusterHandle, PASSWORD_GROUP_NAME );
if ( PWGroup == NULL && GetLastError() == ERROR_OBJECT_ALREADY_EXISTS ) {
//
// try to open the existing group
//
PrintMsg(MsgSeverityVerbose, "Opening existing pw group\n");
PWGroup = OpenClusterGroup( ClusterHandle, PASSWORD_GROUP_NAME );
}
if ( PWGroup != NULL ) {
PVOID failoverPropList = NULL;
DWORD failoverPropListSize = 0;
//
// set failover threshold to zero. first call gets size needed to hold
// prop list
//
failoverBlock.FailoverThresholdValue = 0;
status = ResUtilPropertyListFromParameterBlock(failoverPropTable,
NULL,
&failoverPropListSize,
(LPBYTE) &failoverBlock,
&bytesReturned,
&bytesRequired );
if ( status == ERROR_MORE_DATA ) {
failoverPropListSize = bytesRequired;
failoverPropList = HeapAlloc( GetProcessHeap(), HEAP_ZERO_MEMORY, failoverPropListSize );
status = ResUtilPropertyListFromParameterBlock(failoverPropTable,
failoverPropList,
&failoverPropListSize,
(LPBYTE) &failoverBlock,
&bytesReturned,
&bytesRequired );
if ( status != ERROR_SUCCESS ) {
PrintMsg(MsgSeverityFatal,
"Couldn't create property list to set Failover Threshold. error %d\n",
status);
return status;
}
}
else if ( status != ERROR_SUCCESS ) {
PrintMsg(MsgSeverityFatal,
"Couldn't determine size of property list for Failover Threshold. error %d\n",
status);
return status;
}
PrintMsg(MsgSeverityVerbose, "Setting FailoverThreshold property\n");
status = ClusterGroupControl(PWGroup,
NULL,
CLUSCTL_GROUP_SET_COMMON_PROPERTIES,
failoverPropList,
failoverPropListSize,
NULL,
0,
NULL);
HeapFree( GetProcessHeap(), 0, failoverPropList );
if ( status == ERROR_SUCCESS ) {
//
// now create the generic app resource in the group
//
PWResource = CreateClusterResource(PWGroup,
PASSWORD_RESOURCE_NAME,
L"Generic Application",
0);
if ( PWResource == NULL && GetLastError() == ERROR_OBJECT_ALREADY_EXISTS ) {
PrintMsg(MsgSeverityVerbose, "Opening existing pw resource\n");
PWResource = OpenClusterResource(ClusterHandle,
PASSWORD_RESOURCE_NAME);
}
if ( PWResource != NULL ) {
RESOURCE_COMMONPROPS commonProps;
RESUTIL_PROPERTY_ITEM commonPropTable[] = {
{ L"RestartAction", NULL, CLUSPROP_FORMAT_DWORD, 0, 0, 0, 0,
FIELD_OFFSET( RESOURCE_COMMONPROPS, RestartAction ) },
{ 0 }
};
PVOID propList = NULL;
DWORD propListSize = 0;
//
// set the common props
//
commonProps.RestartAction = ClusterResourceDontRestart;
status = ResUtilPropertyListFromParameterBlock(commonPropTable,
NULL,
&propListSize,
(LPBYTE) &commonProps,
&bytesReturned,
&bytesRequired );
if ( status == ERROR_MORE_DATA ) {
propList = HeapAlloc( GetProcessHeap(), 0, bytesRequired );
propListSize = bytesRequired;
status = ResUtilPropertyListFromParameterBlock(commonPropTable,
propList,
&propListSize,
(LPBYTE) &commonProps,
&bytesReturned,
&bytesRequired );
if ( status != ERROR_SUCCESS ) {
PrintMsg(MsgSeverityFatal,
"Couldn't create property list to set Restart Action. error %d\n",
status);
return status;
}
}
else if ( status != ERROR_SUCCESS ) {
PrintMsg(MsgSeverityFatal,
"Couldn't determine size of property list for Restart Action. error %d\n",
status);
return status;
}
PrintMsg(MsgSeverityVerbose, "Setting RestartAction property\n");
status = ClusterResourceControl(PWResource,
NULL,
CLUSCTL_RESOURCE_SET_COMMON_PROPERTIES,
propList,
propListSize,
NULL,
0,
NULL);
HeapFree( GetProcessHeap(), 0, propList );
}
else {
status = GetLastError();
PrintMsg(MsgSeverityFatal,
"Couldn't create Generic Application resource for "
"password utility. error %d\n",
status);
}
}
else {
PrintMsg(MsgSeverityFatal,
"Couldn't set failover threshold for password group. error %d\n",
status);
}
}
else {
status = GetLastError();
PrintMsg(MsgSeverityFatal,
"Couldn't create group for password utility. error %d\n",
status);
}
return status;
} // CreatePasswordGroup
#endif
DWORD
CopyNodeApplication(
VOID
)
/*++
Routine Description:
for each node that has a valid SCM handle, copy the password cache update
program to \\node\admin$\cluster. This corresponds to the node's area
represented by the SystemRoot env. var.
Arguments:
None
Return Value:
None
--*/
{
PCLUSTER_NODE_DATA nodeData;
WCHAR destFile[ MAX_PATH ];
WCHAR cluspwFile[ MAX_PATH ];
BOOL success;
DWORD status = ERROR_SUCCESS;
DWORD byteCount;
PrintMsg(MsgSeverityInfo, "Copying cache refresh utility to cluster nodes\n");
byteCount = GetModuleFileName( NULL, cluspwFile, sizeof( cluspwFile ));
if ( byteCount == 0 ) {
PrintMsg(MsgSeverityFatal, "Unable to determine cluspw's file path\n");
return ERROR_FILE_NOT_FOUND;
}
nodeData = NodeList;
while ( nodeData != NULL ) {
if ( nodeData->NodeState == ClusterNodeUp ) {
wsprintf( destFile, L"\\\\%ws\\admin$\\" CLUWPW_SERVICE_BINARY_NAME, nodeData->NodeName );
PrintMsg(MsgSeverityVerbose, "Copying %ws to %ws\n", cluspwFile, destFile);
success = CopyFile( cluspwFile, destFile, FALSE );
if ( !success ) {
status = GetLastError();
PrintMsg(MsgSeverityFatal,
"Problem copying %ws to %ws. error %d\n",
cluspwFile, destFile, status);
break;
}
}
nodeData = nodeData->NextNode;
}
return status;
} // CopyNodeApplication
DWORD
CheckDCAvailability(
VOID
)
/*++
Routine Description:
using DomainName, try to contact the DC to make sure the password change
can happen
Arguments:
None
Return Value:
ERROR_SUCCESS if everything worked
--*/
{
DWORD status;
PCLUSTER_NODE_DATA nodeData;
#if (_WIN32_WINNT > 0x4FF)
PDOMAIN_CONTROLLER_INFO domainInfo;
#else
PBYTE pdcName;
#endif
WCHAR secureChannel[ MAX_PATH ];
PWSTR newSecureChannel = secureChannel;
DWORD pdcNameLength;
DWORD scNameLength;
DWORD nameLength;
PrintMsg(MsgSeverityInfo, "Checking on Domain controller availability\n");
#if (_WIN32_WINNT > 0x4FF)
PrintMsg(MsgSeverityVerbose,
"Calling DsGetDcName for domain %ws\n",
DomainName);
//
// get the PDC for this domain. The password change is handled by this node.
//
status = DsGetDcName(NULL,
DomainName,
NULL, // no guid
NULL, // no sitename
DS_PDC_REQUIRED | DS_IS_FLAT_NAME,
&domainInfo);
if ( status == ERROR_NO_SUCH_DOMAIN ) {
PrintMsg(MsgSeverityVerbose,
"Calling DsGetDcName again with force rediscovery\n");
//
// try again this time specifying the rediscovery flag.
//
status = DsGetDcName(NULL,
DomainName,
NULL, // no guid
NULL, // no sitename
DS_FORCE_REDISCOVERY | DS_PDC_REQUIRED | DS_IS_FLAT_NAME,
&domainInfo);
}
#else
PrintMsg(MsgSeverityVerbose,
"Calling NetGetDCName for domain %ws on node %ws\n",
DomainName, nodeData->NodeName);
status = NetGetDCName(NodeList->NodeName,
DomainName,
&pdcName);
#endif
if ( status != ERROR_SUCCESS ) {
PrintMsg(MsgSeverityFatal,
"Trouble contacting domain controller for %ws. error %d\n",
DomainName, status);
}
//
// change the secure channels of the cluster nodes to point to the PDC.
//
secureChannel[0] = UNICODE_NULL;
wcscpy( secureChannel, DomainName );
wcscat( secureChannel, L"\\" );
wcscat( secureChannel, &domainInfo->DomainControllerName[2] );
wcscat( secureChannel, L"." );
wcscat( secureChannel, domainInfo->DnsForestName );
pdcNameLength = wcslen( &domainInfo->DomainControllerName[2] ) +
sizeof( L'.') +
wcslen( domainInfo->DnsForestName );
nodeData = NodeList;
while ( nodeData != NULL ) {
PNETLOGON_INFO_2 netlogonInfo2;
//
// query for the secure channel
//
status = I_NetLogonControl2(nodeData->NodeName,
NETLOGON_CONTROL_TC_QUERY,
2,
(LPBYTE)&DomainName,
(LPBYTE *)&netlogonInfo2 );
if ( status != ERROR_SUCCESS ) {
PrintMsg(MsgSeverityFatal,
"Couldn't query for secure channel. error %u\n",
status);
break;
}
scNameLength = wcslen( netlogonInfo2->netlog2_trusted_dc_name );
nameLength = scNameLength <= pdcNameLength ? scNameLength : pdcNameLength;
if ( _wcsnicmp(domainInfo->DomainControllerName,
netlogonInfo2->netlog2_trusted_dc_name,
nameLength) != 0 )
{
PrintMsg(MsgSeverityInfo,
"Changing secure channel for node %ws from %ws to %ws\n",
nodeData->NodeName,
netlogonInfo2->netlog2_trusted_dc_name,
domainInfo->DomainControllerName);
status = I_NetLogonControl2(nodeData->NodeName,
NETLOGON_CONTROL_REDISCOVER,
2,
(LPBYTE)&newSecureChannel,
(LPBYTE *)&netlogonInfo2 );
if ( status != ERROR_SUCCESS ) {
PrintMsg(MsgSeverityFatal,
"Couldn't set secure channel to %ws. error %u\n",
newSecureChannel, status);
break;
}
}
nodeData = nodeData->NextNode;
}
#if (_WIN32_WINNT > 0x4FF)
NetApiBufferFree( domainInfo );
#else
NetApiBufferFree( pdcName );
#endif
return status;
} // CheckDCAvailability
DWORD
GetClusterServiceData(
LPWSTR NodeName,
PCLUSTER_NODE_DATA NodeData
)
/*++
Routine Description:
Get a handle the SCM on the specified node and look up the cluster service
account info if we don't have it already
Arguments:
NodeName - node to connect to
NodeData - database entry for this node
Return Value:
ERROR_SUCCESS if ok
--*/
{
SC_HANDLE scmHandle;
DWORD status = ERROR_SUCCESS;
//
// get a handle to the SCM on this node
//
scmHandle = OpenSCManager( NodeName, NULL, GENERIC_WRITE );
if ( scmHandle != NULL ) {
SC_HANDLE svcHandle;
PrintMsg(MsgSeverityVerbose, " got SCM Handle\n");
//
// get the domain of the cluster service account
//
NodeData->ClussvcHandle = OpenService(scmHandle,
L"clussvc",
GENERIC_WRITE |
SERVICE_QUERY_CONFIG |
SERVICE_CHANGE_CONFIG);
if ( NodeData->ClussvcHandle != NULL ) {
PrintMsg(MsgSeverityVerbose, " got SCM cluster service Handle\n");
if ( DomainName == NULL ) {
LPQUERY_SERVICE_CONFIG serviceConfig;
DWORD bytesNeeded;
BOOL success;
PrintMsg(MsgSeverityVerbose, " Getting domain name\n");
//
// query with no buffer to get the size
//
success = QueryServiceConfig(NodeData->ClussvcHandle,
NULL,
0,
&bytesNeeded);
if ( !success ) {
status = GetLastError();
if ( status == ERROR_INSUFFICIENT_BUFFER ) {
serviceConfig = HeapAlloc( GetProcessHeap(), 0, bytesNeeded );
if ( serviceConfig == NULL ) {
PrintMsg(MsgSeverityFatal,
"Cannot allocate memory for service config data\n");
return GetLastError();
}
if ( QueryServiceConfig(NodeData->ClussvcHandle,
serviceConfig,
bytesNeeded,
&bytesNeeded))
{
PWCHAR slash;
PrintMsg(MsgSeverityVerbose,
" domain account = %ws\n",
serviceConfig->lpServiceStartName);
DomainName = serviceConfig->lpServiceStartName;
slash = wcschr( DomainName, L'\\' );
if ( slash == NULL ) {
PrintMsg(MsgSeverityFatal,
"Can't find backslash separator in domain account string\n");
return ERROR_INVALID_PARAMETER;
}
*slash = UNICODE_NULL;
UserName = slash + 1;
}
//
// we don't free serviceConfig since the global var DomainName
// is pointing into it some where. yucky but effective
//
}
else {
PrintMsg(MsgSeverityFatal,
"Unable to obtain domain name for cluster "
"service account. error %d\n",
status);
}
}
else {
PrintMsg(MsgSeverityFatal,
"QueryServiceConfig should have failed but didn't!\n");
status = ERROR_INVALID_PARAMETER;
}
}
//
// now create an entry for the password utility on this node. try
// opening first just in case we didn't clean up from the last time.
//
if ( NodeData->NodeState == ClusterNodeUp ) {
NodeData->PasswordHandle = OpenService(scmHandle,
CLUSPW_SERVICE_NAME,
SERVICE_START | DELETE);
if ( NodeData->PasswordHandle == NULL ) {
status = GetLastError();
if ( status == ERROR_SERVICE_DOES_NOT_EXIST ) {
DWORD serviceType;
WCHAR serviceAccount[512];
serviceType = SERVICE_WIN32_OWN_PROCESS;
if ( RunInCmdWindow ) {
serviceType |= SERVICE_INTERACTIVE_PROCESS;
}
wcscpy( serviceAccount, DomainName );
wcscat( serviceAccount, L"\\" );
wcscat( serviceAccount, UserName );
NodeData->PasswordHandle = CreateService(
scmHandle,
CLUSPW_SERVICE_NAME,
CLUSPW_DISPLAY_NAME,
SERVICE_START | DELETE,
serviceType,
SERVICE_DEMAND_START,
SERVICE_ERROR_IGNORE,
L"%windir%\\" CLUWPW_SERVICE_BINARY_NAME,
NULL, // name of load ordering group
NULL, // receives tag identifier
NULL, // array of dependency names
NULL, // service account name
NULL // account password
);
}
}
if ( NodeData->PasswordHandle == NULL ) {
status = GetLastError();
PrintMsg(MsgSeverityFatal,
"Unable to open/create password service with service controller on "
"node %ws. error %d\n",
NodeName, status);
} else {
PrintMsg(MsgSeverityVerbose, " created password service\n");
status = ERROR_SUCCESS;
}
//
// call ChangeServiceConfig to set wait hint and the like
//
}
}
else {
status = GetLastError();
PrintMsg(MsgSeverityFatal,
"Unable to open cluster service with service controller on "
"node %ws. error %d\n",
NodeName, status);
}
CloseServiceHandle( scmHandle );
}
else {
status = GetLastError();
PrintMsg(MsgSeverityFatal,
"Unable to connect to service controller on node %ws. error %d\n",
NodeName, status);
}
return status;
} // GetClusterServiceData
DWORD
BuildNodeList(
VOID
)
/*++
Routine Description:
open the cluster, get the names and states of the nodes in the cluster,
and then open service controller handles to the cluster service on these
nodes. create the password utility service on each node
Arguments:
None
Return Value:
ERROR_SUCCESS if everything just peachy
--*/
{
DWORD status = ERROR_SUCCESS;
PrintMsg(MsgSeverityInfo, "Opening cluster %ws\n", ClusterName );
ClusterHandle = OpenCluster( ClusterName );
if ( ClusterHandle != NULL ) {
HCLUSENUM nodeEnum;
CLUSTERVERSIONINFO clusterInfo;
DWORD size = 0;
//
// check that there are no NT4 nodes in the cluster. We're not
// prepared to deal with that just yet.
//
clusterInfo.dwVersionInfoSize = sizeof( CLUSTERVERSIONINFO );
status = GetClusterInformation( ClusterHandle, NULL, &size, &clusterInfo );
if ( status != ERROR_SUCCESS ) {
PrintMsg(MsgSeverityFatal,
"Failed to get cluster information: error %d\n",
status);
return status;
}
if ( CLUSTER_GET_MAJOR_VERSION( clusterInfo.dwClusterHighestVersion ) < NT5_MAJOR_VERSION ) {
PrintMsg(MsgSeverityFatal, "All cluster nodes must be running Windows 2000 or later\n");
return ERROR_CLUSTER_INCOMPATIBLE_VERSIONS;
}
//
// enum the nodes in the cluster
//
nodeEnum = ClusterOpenEnum( ClusterHandle, CLUSTER_ENUM_NODE );
if ( nodeEnum != NULL ) {
DWORD enumIndex;
DWORD objType;
WCHAR nodeName[ MAX_COMPUTERNAME_LENGTH+1 ];
DWORD nodeNameSize;
for ( enumIndex = 0; ; enumIndex++ ) {
nodeNameSize = sizeof( nodeName );
status = ClusterEnum(nodeEnum, enumIndex, &objType, nodeName, &nodeNameSize );
if ( status == ERROR_SUCCESS ) {
PCLUSTER_NODE_DATA nodeData;
PrintMsg(MsgSeverityVerbose,
"Enum = %d, Name = %ws\n",
enumIndex, nodeName);
//
// found a node. allocate space for node data, push it
// onto the list of nodes, get its state in the
// cluster. get a SCM handle to the cluster service.
//
nodeData = HeapAlloc( GetProcessHeap(), HEAP_ZERO_MEMORY, sizeof( CLUSTER_NODE_DATA ));
if ( nodeData == NULL ) {
PrintMsg(MsgSeverityFatal,
"Cannot allocate memory for node data\n");
status = GetLastError();
break;
}
nodeData->NextNode = NodeList;
NodeList = nodeData;
wcscpy( nodeData->NodeName, nodeName );
nodeData->NodeHandle = OpenClusterNode( ClusterHandle, nodeName );
if ( nodeData->NodeHandle == NULL ) {
status = GetLastError();
PrintMsg(MsgSeverityFatal,
"Cannot get handle to cluster on node %ws. error %d\n",
nodeName,
status);
break;
}
nodeData->NodeState = GetClusterNodeState( nodeData->NodeHandle );
if ( nodeData->NodeState == ClusterNodeStateUnknown ) {
status = GetLastError();
PrintMsg(MsgSeverityInfo,
"Cannot determine state of cluster service on node %ws. error %d",
nodeName,
status);
break;
}
else if ( nodeData->NodeState <= ClusterNodeJoining ) {
PrintMsg(MsgSeverityVerbose,
" state = %s\n",
ClusterNodeState [nodeData->NodeState] );
}
PrintMsg(MsgSeverityInfo,
"Node %ws is %s\n",
nodeName,
ClusterNodeState [nodeData->NodeState]);
if ( nodeData->NodeState == ClusterNodePaused ) {
PrintMsg(MsgSeverityFatal,
"No node can be in the paused state\n");
status = ERROR_CLUSTER_NODE_PAUSED;
break;
}
status = GetClusterServiceData(nodeName, nodeData);
if ( status != ERROR_SUCCESS ) {
break;
}
}
else if ( status == ERROR_NO_MORE_ITEMS ) {
status = ERROR_SUCCESS;
break;
}
else {
PrintMsg(MsgSeverityFatal,
"Failed to obtain list of nodes in cluster: error %d\n",
status);
break;
}
}
ClusterCloseEnum( nodeEnum );
}
else {
status = GetLastError();
PrintMsg(MsgSeverityFatal,
"Failed to get node enum handle: error %d\n",
status);
}
}
else {
status = GetLastError();
PrintMsg(MsgSeverityFatal, "OpenCluster failed: error %d\n", status);
}
return status;
} // BuildNodeList
DWORD
BuildEveryoneSD(
PSECURITY_DESCRIPTOR * SD,
ULONG * SizeSD
)
/*++
Routine Description:
Build a security descriptor to control access to
the cluster API
Modified permissions in ACEs in order to augment cluster security
administration.
Arguments:
SD - Returns a pointer to the created security descriptor. This
should be freed by the caller.
SizeSD - Returns the size in bytes of the security descriptor
Return Value:
ERROR_SUCCESS if successful
Win32 error code otherwise
--*/
{
DWORD Status;
HANDLE Token;
PACL pAcl = NULL;
DWORD cbDaclSize;
PSECURITY_DESCRIPTOR psd;
PSECURITY_DESCRIPTOR NewSD;
BYTE SDBuffer[SECURITY_DESCRIPTOR_MIN_LENGTH];
PACCESS_ALLOWED_ACE pAce;
PSID pOwnerSid = NULL;
PSID pSystemSid = NULL;
PSID pServiceSid = NULL;
PULONG pSubAuthority;
SID_IDENTIFIER_AUTHORITY siaNtAuthority = SECURITY_NT_AUTHORITY;
ULONG NewSDLen;
psd = (PSECURITY_DESCRIPTOR) SDBuffer;
//
// allocate and init the SYSTEM sid
//
if ( !AllocateAndInitializeSid( &siaNtAuthority,
1,
SECURITY_LOCAL_SYSTEM_RID,
0, 0, 0, 0, 0, 0, 0,
&pSystemSid ) ) {
Status = GetLastError();
goto error_exit;
}
pOwnerSid = pSystemSid;
//
// Set up the DACL that will allow admins all access.
// It should be large enough to hold 3 ACEs and their SIDs
//
cbDaclSize = ( 3 * sizeof( ACCESS_ALLOWED_ACE ) ) +
GetLengthSid( pSystemSid );
pAcl = (PACL) HeapAlloc( GetProcessHeap(), 0, cbDaclSize );
if ( pAcl == NULL ) {
Status = ERROR_NOT_ENOUGH_MEMORY;
goto error_exit;
}
InitializeSecurityDescriptor( psd, SECURITY_DESCRIPTOR_REVISION );
InitializeAcl( pAcl, cbDaclSize, ACL_REVISION );
//
// Add the ACE for the SYSTEM account to the DACL
//
if ( !AddAccessAllowedAce( pAcl,
ACL_REVISION,
GENERIC_READ | GENERIC_WRITE,
pSystemSid ) ) {
Status = GetLastError();
goto error_exit;
}
if ( !GetAce( pAcl, 0, (PVOID *) &pAce ) ) {
Status = GetLastError();
goto error_exit;
}
pAce->Header.AceFlags |= CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE;
if ( !SetSecurityDescriptorDacl( psd, TRUE, pAcl, FALSE ) ) {
Status = GetLastError();
goto error_exit;
}
if ( !SetSecurityDescriptorOwner( psd, pOwnerSid, FALSE ) ) {
Status = GetLastError();
goto error_exit;
}
if ( !SetSecurityDescriptorGroup( psd, pOwnerSid, FALSE ) ) {
Status = GetLastError();
goto error_exit;
}
if ( !SetSecurityDescriptorSacl( psd, TRUE, NULL, FALSE ) ) {
Status = GetLastError();
goto error_exit;
}
NewSDLen = 0 ;
if ( !MakeSelfRelativeSD( psd, NULL, &NewSDLen ) ) {
Status = GetLastError();
if ( Status != ERROR_INSUFFICIENT_BUFFER ) { // Duh, we're trying to find out how big the buffer should be?
goto error_exit;
}
}
NewSD = HeapAlloc( GetProcessHeap(), 0, NewSDLen );
if ( NewSD ) {
if ( !MakeSelfRelativeSD( psd, NewSD, &NewSDLen ) ) {
Status = GetLastError();
goto error_exit;
}
Status = ERROR_SUCCESS;
*SD = NewSD;
*SizeSD = NewSDLen;
} else {
Status = ERROR_NOT_ENOUGH_MEMORY;
}
error_exit:
if ( pSystemSid != NULL ) {
FreeSid( pSystemSid );
}
if ( pAcl != NULL ) {
HeapFree( GetProcessHeap(), 0, pAcl );
}
return( Status );
} // *** BuildEveryoneSD
DWORD WINAPI
ResultPipeThread(
LPVOID Param
)
/*++
Routine Description:
Description
Arguments:
None
Return Value:
None
--*/
{
HANDLE PipeHandle;
DWORD status = ERROR_SUCCESS;
HANDLE okToGoEvent = Param;
PIPE_RESULT_MSG resultMsg;
BOOL success;
BOOL connected;
DWORD bytesRead;
#if 0
PSECURITY_DESCRIPTOR everyoneSD;
SECURITY_ATTRIBUTES secAttrib;
DWORD sdSize;
status = BuildEveryoneSD( &everyoneSD, &sdSize );
secAttrib.nLength = sizeof( secAttrib );
secAttrib.lpSecurityDescriptor = everyoneSD;
secAttrib.bInheritHandle = FALSE;
#endif
PipeHandle = CreateNamedPipe(L"\\\\.\\pipe\\cluspw",
PIPE_ACCESS_DUPLEX,
PIPE_TYPE_MESSAGE | PIPE_READMODE_MESSAGE,
1, // one instance
0,
3 * sizeof(PIPE_RESULT_MSG),
NMPWAIT_USE_DEFAULT_WAIT,
NULL /*&secAttrib*/ );
#if 0
HeapFree( GetProcessHeap(), 0, everyoneSD );
#endif
if ( PipeHandle != INVALID_HANDLE_VALUE ) {
//
// signal it is ok for the main thread to continue
//
SetEvent( okToGoEvent );
do {
connected = ConnectNamedPipe(PipeHandle, NULL) ?
TRUE : (GetLastError() == ERROR_PIPE_CONNECTED);
if ( !connected ) {
status = GetLastError();
PrintMsg(MsgSeverityFatal,
"Client failed to connect to result pipe. error %d\n",
status);
return status;
}
success = ReadFile(PipeHandle,
&resultMsg,
sizeof( resultMsg ),
&bytesRead,
NULL);
if ( !success ) {
status = GetLastError();
PrintMsg(MsgSeverityFatal,
"Failed to read from result pipe. error %d\n",
status);
DisconnectNamedPipe( PipeHandle );
continue;
}
switch ( resultMsg.MsgType ) {
case MsgTypeString:
PrintMsg(resultMsg.Severity,
"%ws: %hs",
resultMsg.NodeName,
resultMsg.MsgBuf);
break;
case MsgTypeFinalStatus:
PrintMsg(MsgSeverityInfo,
"Node %ws returned a status of %u.\n",
resultMsg.NodeName,
resultMsg.Status);
DisconnectNamedPipe( PipeHandle );
break;
default:
PrintMsg(MsgSeverityFatal,
"Received message with invalid type from node %ws\n",
resultMsg.NodeName);
}
} while (TRUE );
}
else {
status = GetLastError();
PrintMsg(MsgSeverityFatal,
"Unable to create pipe for reporting results. error %d\n",
status);
}
return status;
} // ResultPipeThread
DWORD
ParseArgs(
INT argc,
WCHAR *argv[]
)
/*++
Routine Description:
Description
Arguments:
None
Return Value:
None
--*/
{
INT i;
DWORD status = ERROR_SUCCESS;
DWORD argCount = argc - 1; // skip program name
for ( i=1; i<argc; i++ ) {
if ( argv[i][0] == '/' || argv[i][0] == '-' ) {
switch ( towupper(argv[i][1]) ) {
#ifdef CMDWINDOW
case 'C':
RunInCmdWindow = TRUE;
break;
#endif
case 'U':
Unattended = TRUE;
break;
case 'P':
if ( _wcsnicmp( argv[i]+1, L"phase", 5 ) == 0 ) {
wchar_t * numStart;
numStart = wcspbrk( argv[i], L"0123456789" );
if ( numStart != NULL ) {
StartingPhase = _wtoi( numStart );
}
else {
++i;
StartingPhase = _wtoi( argv[i] );
}
if ( StartingPhase < 1 || StartingPhase > 3 ) {
PrintMsg( MsgSeverityFatal,
"StartingPhase must be between 1 and 3, inclusive\n" );
return ERROR_INVALID_PARAMETER;
}
}
else {
printf("Unknown option: %ws\n", argv[i]);
return ERROR_INVALID_PARAMETER;
}
break;
case 'Z':
RefreshCache = TRUE;
break;
case 'R':
AttemptRecovery = TRUE;
break;
case 'Q':
QuietOutput = TRUE;
break;
case 'V':
VerboseOutput = TRUE;
break;
default:
printf("Unknown option: %ws\n", argv[i]);
return ERROR_INVALID_PARAMETER;
}
}
else if ( RefreshCache ) {
if ( argCount > 4 ) {
PrintMsg(MsgSeverityFatal,
"Not enough args specified for password cache refresh\n");
return ERROR_INVALID_PARAMETER;
}
DomainName = argv[i];
UserName = argv[i+1];
NewPassword = argv[i+2];
ResultPipeName = argv[i+3];
break;
}
else if ( ClusterName == NULL ) {
//
// accept dot as the cluster on this node
//
if ( argv[i][0] != L'.' ) {
ClusterName = argv[i];
}
}
else if ( OldPassword == NULL ) {
OldPassword = argv[i];
}
else if ( NewPassword == NULL ) {
NewPassword = argv[i];
}
else {
printf("Too many arguments specified\n");
status = ERROR_INVALID_PARAMETER;
break;
}
--argCount;
}
PrintMsg(MsgSeverityVerbose,
"Unattend = %s, Quiet = %s, Phase = %d, Verbose = %s, Refresh = %s\n",
TrueOrFalse( Unattended ),
TrueOrFalse( QuietOutput ),
StartingPhase,
TrueOrFalse( VerboseOutput ),
TrueOrFalse( RefreshCache ));
PrintMsg(MsgSeverityVerbose,
"Recovery = %s\n",
TrueOrFalse( AttemptRecovery ));
PrintMsg(MsgSeverityVerbose,
"Cluster Name = %ws, Old Password = %ws, New Password = %ws\n",
ClusterName, OldPassword, NewPassword);
PrintMsg(MsgSeverityVerbose,
"Domain = %ws, User = %ws, ResultPipe = %ws\n",
DomainName, UserName, ResultPipeName);
//
// validate that we got we need for based on the starting phase
//
if ( RefreshCache ) {
if ( NewPassword == NULL ) {
PrintMsg(MsgSeverityFatal, "Missing password argument for -z\n" );
status = ERROR_INVALID_PARAMETER;
}
}
else if ( StartingPhase == 1 ) {
LPSTR Msg;
if ( ClusterName == NULL ) {
Msg = "Cluster Name argument is missing\n";
}
else if ( OldPassword == NULL ) {
Msg = "Old password argument is missing\n";
}
else if ( NewPassword == NULL) {
Msg = "New password argument is missing\n";
}
else {
Msg = NULL;
}
if ( Msg != NULL ) {
PrintMsg(MsgSeverityFatal, Msg );
status = ERROR_INVALID_PARAMETER;
}
}
if ( QuietOutput && VerboseOutput ) {
PrintMsg(MsgSeverityFatal, "Quiet and verbose options are mutally exclusive\n");
status = ERROR_INVALID_PARAMETER;
}
return status;
} // ParseArgs
VOID
PrintUsage(
VOID
)
/*++
Routine Description:
print the help msg
Arguments:
None
Return Value:
None
--*/
{
printf("\n");
printf("cluspw [/quiet] [/verbose] [/phase#] <cluster name> <old password> <new password>\n");
printf(" /quiet - quiet mode; only print errors\n");
printf(" /verbose - verbose mode; extra info\n");
printf(" /phase - starting phase: 1, 2, or 3. Default is 1\n");
printf(" Phase 1: set the password at the DC\n");
printf(" Phase 2: update the password caches on each cluster node\n");
printf(" Phase 3: update the password with each node's service controller\n");
} // PrintUsage
VOID
CleanUp(
VOID
)
/*++
Routine Description:
remove the turds we left around
Arguments:
None
Return Value:
None
--*/
{
PCLUSTER_NODE_DATA nodeData;
WCHAR destFile[ MAX_PATH ];
DWORD status;
CLUSTER_RESOURCE_STATE resState;
BOOL bSuccess;
//
// cleanup the broker program if it was copied to the node.
//
nodeData = NodeList;
while ( nodeData != NULL ) {
if ( nodeData->ClussvcHandle != NULL ) {
if ( nodeData->NodeState == ClusterNodeUp && StartingPhase < 3 ) {
wsprintf( destFile, L"\\\\%ws\\admin$\\" CLUWPW_SERVICE_BINARY_NAME, nodeData->NodeName );
PrintMsg(MsgSeverityVerbose, "Deleting %ws\n", destFile);
DeleteFile( destFile );
}
if ( nodeData->PasswordHandle != NULL ) {
bSuccess = DeleteService( nodeData->PasswordHandle );
if ( !bSuccess ) {
PrintMsg(MsgSeverityInfo,
"Unable to delete cluster password service entry on %ws - status %d\n",
nodeData->NodeName,
GetLastError());
}
CloseServiceHandle( nodeData->PasswordHandle );
}
CloseServiceHandle( nodeData->ClussvcHandle );
}
if ( nodeData->NodeHandle != NULL ) {
CloseClusterNode( nodeData->NodeHandle );
}
nodeData = nodeData->NextNode;
}
if ( ClusterHandle != NULL ) {
CloseCluster( ClusterHandle );
}
} // CleanUp
int __cdecl
wmain(
int argc,
WCHAR *argv[]
)
/*++
Routine Description:
main routine for utility
Arguments:
standard command line args
Return Value:
0 if it worked successfully
--*/
{
DWORD status;
DWORD waitStatus;
NET_API_STATUS netStatus;
HANDLE pipeThread;
HANDLE okToGoEvent;
DWORD threadId;
HANDLE handleArray[2];
PWCHAR invokedAs;
//
// checked to see how we were invoked.
//
invokedAs = wcsrchr( argv[0], L'\\' );
if ( invokedAs == NULL ) {
invokedAs = argv[0];
} else {
++invokedAs;
}
if ( argc == 1 ) {
if ( _wcsicmp( invokedAs, CLUWPW_SERVICE_BINARY_NAME ) == 0 ) {
ServiceStartup();
} else {
PrintUsage();
return ERROR_INVALID_PARAMETER;
}
}
else {
status = ParseArgs( argc, argv );
if ( status != ERROR_SUCCESS ) {
PrintUsage();
return status;
}
//
// create an event for the result pipe thread to signal that is it
// ready to receive msgs
//
okToGoEvent = CreateEvent(NULL, // no security
FALSE, // auto-reset
FALSE, // not signalled
NULL); // no name
if ( okToGoEvent == NULL ) {
status = GetLastError();
PrintMsg(MsgSeverityFatal, "Couldn't create \"Ok to go\" event. error %d\n",
status);
return status;
}
//
// create a thread for the routine that creates a named pipe used by the
// clients to report their status
//
pipeThread = CreateThread(NULL,
0,
ResultPipeThread,
okToGoEvent,
0,
&threadId);
if ( pipeThread == NULL ) {
status = GetLastError();
PrintMsg(MsgSeverityFatal, "Couldn't create thread for result pipe. error %d\n",
status);
return status;
}
//
// now wait for one to be signalled. If it's the event, then all is
// well. Otherwise, our pipe thread died.
//
handleArray[0] = pipeThread;
handleArray[1] = okToGoEvent;
status = WaitForMultipleObjects( 2, handleArray, FALSE, INFINITE );
if (( status - WAIT_OBJECT_0 ) == 0 ) {
goto error_exit;
}
//
// find all the nodes in the specified cluster and build up a database
// (among other things) about them
//
status = BuildNodeList();
if ( status != ERROR_SUCCESS ) {
return status;
}
status = CheckDCAvailability();
if ( status != ERROR_SUCCESS ) {
return status;
}
if ( StartingPhase != 3 ) {
status = CopyNodeApplication();
if ( status != ERROR_SUCCESS ) {
goto error_exit;
}
#if 0
status = CreatePasswordGroup();
if ( status != ERROR_SUCCESS ) {
goto error_exit;
}
#endif
}
switch ( StartingPhase ) {
case 1:
//
// change password at DC
//
PrintMsg(MsgSeverityInfo, "Phase 1: Changing password at DC\n");
netStatus = NetUserChangePassword(DomainName,
UserName,
OldPassword,
NewPassword);
if ( netStatus != ERROR_SUCCESS ) {
PrintMsg(MsgSeverityFatal,
"Couldn't change the password at the domain controller. error %d\n",
netStatus);
goto error_exit;
}
case 2:
//
// run the broker to change the password cache. we have to
// continue if the broker failed since the p/w has been changed at
// the DC. If the cluster falls apart, we still need to reset the
// SCM's p/w so it can restart
//
PrintMsg(MsgSeverityInfo,
"Phase 2: Refreshing password cache on each cluster node.\n");
RefreshPasswordCaches();
case 3:
PrintMsg(MsgSeverityInfo,
"Phase 3: Updating password with Service Controller on each cluster node.\n");
status = ChangePasswordWithSCMs();
}
error_exit:
//
// see if the pipe handle was signalled and report its status
//
waitStatus = WaitForSingleObject( pipeThread, 0 );
if ( waitStatus == WAIT_OBJECT_0 ) {
GetExitCodeThread( pipeThread, &status );
}
CleanUp();
}
return status;
} // wmain
#if 0
//
// old version that tried to use genapp resources. Keeping this code around
// since it shows how to use prop lists
//
DWORD
RefreshPasswordCaches(
VOID
)
/*++
Routine Description:
Start our service on each node
Arguments:
None
Return Value:
None
--*/
{
PCLUSTER_NODE_DATA nodeData;
BOOL success;
DWORD status;
CLUSTER_RESOURCE_STATE resState;
PVOID propList = NULL;
DWORD propListSize = 0;
WCHAR cmdBuff[ 512 ];
RESOURCE_PRIVATEPROPS privateProps;
RESUTIL_PROPERTY_ITEM privatePropTable[] = {
{ L"CommandLine", NULL, CLUSPROP_FORMAT_SZ, 0, 0, 0, 0,
FIELD_OFFSET( RESOURCE_PRIVATEPROPS, CommandLine ) },
{ L"CurrentDirectory", NULL, CLUSPROP_FORMAT_SZ, 0, 0, 0, 0,
FIELD_OFFSET( RESOURCE_PRIVATEPROPS, CurrentDirectory ) },
{ L"InteractWithDesktop", NULL, CLUSPROP_FORMAT_DWORD, 0, 0, 0, 0,
FIELD_OFFSET( RESOURCE_PRIVATEPROPS, InteractWithDesktop ) },
{ 0 }
};
DWORD bytesReturned;
DWORD bytesRequired;
WCHAR resultPipeName[ MAX_PATH ] = L"\\\\";
DWORD pipeNameSize = (sizeof(resultPipeName) / sizeof( WCHAR )) - 2;
//
// get our physical netbios name to include on the cmd line arg
//
#if (_WIN32_WINNT > 0x4FF)
success = GetComputerNameEx(ComputerNamePhysicalNetBIOS,
&resultPipeName[2],
&pipeNameSize);
#else
success = GetComputerName( &resultPipeName[2], &pipeNameSize);
#endif
wcscat( resultPipeName, L"\\pipe\\cluspw" );
//
// loop through the cluster nodes
//
nodeData = NodeList;
while ( nodeData != NULL ) {
if ( nodeData->NodeState == ClusterNodeUp ) {
PrintMsg(MsgSeverityVerbose,
"Moving PW Group to node %ws\n",
nodeData->NodeName);
status = MoveClusterGroup( PWGroup, nodeData->NodeHandle );
if ( status != ERROR_SUCCESS ) {
PrintMsg(MsgSeverityFatal,
"Problem moving Password group to node %ws. error %d\n",
nodeData->NodeName, status);
break;
}
//
// set the private props for our resource. The app is copied to
// the admin$ share on each node which is on the default path that
// is given to all users.
//
wsprintf(cmdBuff,
L"%wscluspw.exe %ws-z %ws %ws %ws %ws",
RunInCmdWindow ? L"cmd /k " : L"",
nodeData->NodeName,
VerboseOutput ? L"-v " : L"",
DomainName,
UserName,
NewPassword,
resultPipeName);
privateProps.InteractWithDesktop = RunInCmdWindow;
privateProps.CommandLine = cmdBuff;
PrintMsg(MsgSeverityVerbose, "cmd line: %ws\n", cmdBuff );
privateProps.CurrentDirectory = L".";
propListSize = 0;
status = ResUtilPropertyListFromParameterBlock(privatePropTable,
NULL,
&propListSize,
(LPBYTE) &privateProps,
&bytesReturned,
&bytesRequired );
if ( status == ERROR_MORE_DATA ) {
propList = HeapAlloc( GetProcessHeap(), 0, bytesRequired );
propListSize = bytesRequired;
status = ResUtilPropertyListFromParameterBlock(privatePropTable,
propList,
&propListSize,
(LPBYTE) &privateProps,
&bytesReturned,
&bytesRequired );
if ( status != ERROR_SUCCESS ) {
PrintMsg(MsgSeverityFatal,
"Couldn't create property list to set Generic App properties. error %d\n",
status);
return status;
}
}
else if ( status != ERROR_SUCCESS ) {
PrintMsg(MsgSeverityFatal,
"Couldn't determine size of property list for Generic App properties. error %d\n",
status);
return status;
}
PrintMsg(MsgSeverityVerbose, "Setting GenApp properties\n");
status = ClusterResourceControl(PWResource,
NULL,
CLUSCTL_RESOURCE_SET_PRIVATE_PROPERTIES,
propList,
propListSize,
NULL,
0,
NULL);
HeapFree( GetProcessHeap(), 0, propList );
status = OnlineClusterResource( PWResource );
if ( status == ERROR_IO_PENDING || status == ERROR_SUCCESS ) {
//
// wait until the resource has finished running
//
do {
Sleep( 250 );
resState = GetClusterResourceState(PWResource, NULL, NULL, NULL, NULL);
if ( resState == ClusterResourceFailed || resState == ClusterResourceOffline ) {
break;
}
} while ( TRUE );
status = ERROR_SUCCESS;
}
else {
PrintMsg(MsgSeverityFatal,
"Problem bringing Password resource online on node %ws. error %d\n",
nodeData->NodeName, status);
break;
}
}
nodeData = nodeData->NextNode;
}
return status;
} // RefreshPasswordCaches
#endif
/* end cluspw.c */