Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

1553 lines
58 KiB

#include "stdafx.h"
#include "svc.h"
#include "setuser.h"
#include "dcomperm.h"
#ifndef _CHICAGO_
int GetGuestUserName_SlowWay(LPWSTR lpGuestUsrName)
{
LPWSTR ServerName = NULL; // default to local machine
DWORD Level = 1; // to retrieve info of all local and global normal user accounts
DWORD Index = 0;
DWORD EntriesRequested = 5;
DWORD PreferredMaxLength = 1024;
DWORD ReturnedEntryCount = 0;
PVOID SortedBuffer = NULL;
NET_DISPLAY_USER *p = NULL;
DWORD i=0;
int err = 0;
BOOL fStatus = TRUE;
while (fStatus)
{
iisDebugOut((LOG_TYPE_TRACE_WIN32_API, _T("NETAPI32.dll:NetQueryDisplayInformation().Start.")));
err = NetQueryDisplayInformation(ServerName, Level, Index, EntriesRequested, PreferredMaxLength, &ReturnedEntryCount, &SortedBuffer);
iisDebugOut((LOG_TYPE_TRACE_WIN32_API, _T("NETAPI32.dll:NetQueryDisplayInformation().End.")));
if (err == NERR_Success)
fStatus = FALSE;
if (err == NERR_Success || err == ERROR_MORE_DATA)
{
p = (NET_DISPLAY_USER *)SortedBuffer;
i = 0;
while (i < ReturnedEntryCount && (p[i].usri1_user_id != DOMAIN_USER_RID_GUEST))
i++;
if (i == ReturnedEntryCount)
{
if (err == ERROR_MORE_DATA)
{ // need to get more entries
Index = p[i-1].usri1_next_index;
}
}
else
{
wcscpy(lpGuestUsrName, p[i].usri1_name);
fStatus = FALSE;
}
}
iisDebugOut((LOG_TYPE_TRACE_WIN32_API, _T("NETAPI32.dll:NetApiBufferFree().Start.")));
NetApiBufferFree(SortedBuffer);
iisDebugOut((LOG_TYPE_TRACE_WIN32_API, _T("NETAPI32.dll:NetApiBufferFree().End.")));
}
return 0;
}
int GetGuestGrpName(LPTSTR lpGuestGrpName)
{
LPCTSTR ServerName = NULL; // local machine
DWORD cbName = UNLEN+1;
TCHAR ReferencedDomainName[200];
DWORD cbReferencedDomainName = sizeof(ReferencedDomainName);
SID_NAME_USE sidNameUse = SidTypeUser;
SID_IDENTIFIER_AUTHORITY NtAuthority = SECURITY_NT_AUTHORITY;
PSID GuestsSid = NULL;
AllocateAndInitializeSid(&NtAuthority, 2, SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_GUESTS,0,0,0,0,0,0, &GuestsSid);
LookupAccountSid(ServerName, GuestsSid, lpGuestGrpName, &cbName, ReferencedDomainName, &cbReferencedDomainName, &sidNameUse);
if (GuestsSid)
FreeSid(GuestsSid);
return 0;
}
void InitLsaString(PLSA_UNICODE_STRING LsaString,LPWSTR String)
{
DWORD StringLength;
if (String == NULL)
{
LsaString->Buffer = NULL;
LsaString->Length = 0;
LsaString->MaximumLength = 0;
return;
}
StringLength = wcslen(String);
LsaString->Buffer = String;
LsaString->Length = (USHORT) StringLength * sizeof(WCHAR);
LsaString->MaximumLength=(USHORT)(StringLength+1) * sizeof(WCHAR);
}
DWORD OpenPolicy(LPTSTR ServerName,DWORD DesiredAccess,PLSA_HANDLE PolicyHandle)
{
DWORD Error;
LSA_OBJECT_ATTRIBUTES ObjectAttributes;
LSA_UNICODE_STRING ServerString;
PLSA_UNICODE_STRING Server = NULL;
SECURITY_QUALITY_OF_SERVICE QualityOfService;
QualityOfService.Length = sizeof(SECURITY_QUALITY_OF_SERVICE);
QualityOfService.ImpersonationLevel = SecurityImpersonation;
QualityOfService.ContextTrackingMode = SECURITY_DYNAMIC_TRACKING;
QualityOfService.EffectiveOnly = FALSE;
//
// The two fields that must be set are length and the quality of service.
//
ObjectAttributes.Length = sizeof(LSA_OBJECT_ATTRIBUTES);
ObjectAttributes.RootDirectory = NULL;
ObjectAttributes.ObjectName = NULL;
ObjectAttributes.Attributes = 0;
ObjectAttributes.SecurityDescriptor = NULL;
ObjectAttributes.SecurityQualityOfService = &QualityOfService;
if (ServerName != NULL)
{
//
// Make a LSA_UNICODE_STRING out of the LPWSTR passed in
//
InitLsaString(&ServerString,ServerName);
Server = &ServerString;
}
//
// Attempt to open the policy for all access
//
Error = LsaOpenPolicy(Server,&ObjectAttributes,DesiredAccess,PolicyHandle);
return(Error);
}
INT RegisterAccountToLocalGroup(LPCTSTR szAccountName, LPCTSTR szLocalGroupName, BOOL fAction)
{
iisDebugOut((LOG_TYPE_TRACE_WIN32_API, _T("RegisterAccountToLocalGroup:Action=%d,Account=%s\n"), fAction, szAccountName));
int err;
// get the sid of szAccountName
PSID pSID = NULL;
BOOL bWellKnownSID = FALSE;
err = GetPrincipalSID ((LPTSTR)szAccountName, &pSID, &bWellKnownSID);
if (err != ERROR_SUCCESS)
{
iisDebugOut((LOG_TYPE_ERROR, _T("RegisterAccountToLocalGroup:GetPrincipalSID:fAction=%d, Account=%s, Group=%s, err=%d.\n"), fAction, szAccountName, szLocalGroupName, err));
return (err);
}
// Get the localized LocalGroupName
TCHAR szLocalizedLocalGroupName[GNLEN + 1];
if (_tcsicmp(szLocalGroupName, _T("Guests")) == 0)
{
GetGuestGrpName(szLocalizedLocalGroupName);
}
else
{
_tcscpy(szLocalizedLocalGroupName, szLocalGroupName);
}
// transfer szLocalGroupName to WCHAR
WCHAR wszLocalGroupName[_MAX_PATH];
#if defined(UNICODE) || defined(_UNICODE)
_tcscpy(wszLocalGroupName, szLocalizedLocalGroupName);
#else
MultiByteToWideChar( CP_ACP, 0, szLocalizedLocalGroupName, -1, wszLocalGroupName, _MAX_PATH);
#endif
LOCALGROUP_MEMBERS_INFO_0 buf;
buf.lgrmi0_sid = pSID;
if (fAction)
{
iisDebugOut((LOG_TYPE_TRACE_WIN32_API, _T("NETAPI32.dll:NetLocalGroupAddMembers().Start.")));
err = NetLocalGroupAddMembers(NULL, wszLocalGroupName, 0, (LPBYTE)&buf, 1);
iisDebugOut((LOG_TYPE_TRACE_WIN32_API, _T("NETAPI32.dll:NetLocalGroupAddMembers().End.")));
}
else
{
iisDebugOut((LOG_TYPE_TRACE_WIN32_API, _T("NETAPI32.dll:NetLocalGroupDelMembers().Start.")));
err = NetLocalGroupDelMembers(NULL, wszLocalGroupName, 0, (LPBYTE)&buf, 1);
iisDebugOut((LOG_TYPE_TRACE_WIN32_API, _T("NETAPI32.dll:NetLocalGroupDelMembers().End.")));
}
iisDebugOut((LOG_TYPE_TRACE, _T("RegisterAccountToLocalGroup:fAction=%d, Account=%s, Group=%s, err=%d.\n"), fAction, szAccountName, szLocalGroupName, err));
if (pSID)
{
if (bWellKnownSID)
FreeSid (pSID);
else
free (pSID);
}
return (err);
}
INT RegisterAccountUserRights(LPCTSTR szAccountName, BOOL fAction, BOOL fSpecicaliwamaccount)
{
iisDebugOut((LOG_TYPE_TRACE, _T("RegisterAccountUserRights:Action=%d,Account=%s,iwam=%d\n"), fAction, szAccountName,fSpecicaliwamaccount));
int err;
// get the sid of szAccountName
PSID pSID = NULL;
BOOL bWellKnownSID = FALSE;
err = GetPrincipalSID ((LPTSTR)szAccountName, &pSID, &bWellKnownSID);
if (err != ERROR_SUCCESS)
{
iisDebugOut((LOG_TYPE_ERROR, _T("RegisterAccountUserRights:GetPrincipalSID:fAction=%d, Account=%s, err=%d.\n"), fAction, szAccountName, err));
return (err);
}
LSA_UNICODE_STRING UserRightString;
LSA_HANDLE PolicyHandle = NULL;
err = OpenPolicy(NULL, POLICY_ALL_ACCESS,&PolicyHandle);
if ( err == NERR_Success )
{
if (fAction)
{
// defined in ntsecapi.h and ntlsa.h
//#define SE_INTERACTIVE_LOGON_NAME TEXT("SeInteractiveLogonRight")
//#define SE_NETWORK_LOGON_NAME TEXT("SeNetworkLogonRight")
//#define SE_BATCH_LOGON_NAME TEXT("SeBatchLogonRight")
//#define SE_SERVICE_LOGON_NAME TEXT("SeServiceLogonRight")
// Defined in winnt.h
//#define SE_CREATE_TOKEN_NAME TEXT("SeCreateTokenPrivilege")
//#define SE_ASSIGNPRIMARYTOKEN_NAME TEXT("SeAssignPrimaryTokenPrivilege")
//#define SE_LOCK_MEMORY_NAME TEXT("SeLockMemoryPrivilege")
//#define SE_INCREASE_QUOTA_NAME TEXT("SeIncreaseQuotaPrivilege")
//#define SE_UNSOLICITED_INPUT_NAME TEXT("SeUnsolicitedInputPrivilege")
//#define SE_MACHINE_ACCOUNT_NAME TEXT("SeMachineAccountPrivilege")
//#define SE_TCB_NAME TEXT("SeTcbPrivilege")
//#define SE_SECURITY_NAME TEXT("SeSecurityPrivilege")
//#define SE_TAKE_OWNERSHIP_NAME TEXT("SeTakeOwnershipPrivilege")
//#define SE_LOAD_DRIVER_NAME TEXT("SeLoadDriverPrivilege")
//#define SE_SYSTEM_PROFILE_NAME TEXT("SeSystemProfilePrivilege")
//#define SE_SYSTEMTIME_NAME TEXT("SeSystemtimePrivilege")
//#define SE_PROF_SINGLE_PROCESS_NAME TEXT("SeProfileSingleProcessPrivilege")
//#define SE_INC_BASE_PRIORITY_NAME TEXT("SeIncreaseBasePriorityPrivilege")
//#define SE_CREATE_PAGEFILE_NAME TEXT("SeCreatePagefilePrivilege")
//#define SE_CREATE_PERMANENT_NAME TEXT("SeCreatePermanentPrivilege")
//#define SE_BACKUP_NAME TEXT("SeBackupPrivilege")
//#define SE_RESTORE_NAME TEXT("SeRestorePrivilege")
//#define SE_SHUTDOWN_NAME TEXT("SeShutdownPrivilege")
//#define SE_DEBUG_NAME TEXT("SeDebugPrivilege")
//#define SE_AUDIT_NAME TEXT("SeAuditPrivilege")
//#define SE_SYSTEM_ENVIRONMENT_NAME TEXT("SeSystemEnvironmentPrivilege")
//#define SE_CHANGE_NOTIFY_NAME TEXT("SeChangeNotifyPrivilege")
//#define SE_REMOTE_SHUTDOWN_NAME TEXT("SeRemoteShutdownPrivilege")
//#define SE_UNDOCK_NAME TEXT("SeUndockPrivilege")
//#define SE_SYNC_AGENT_NAME TEXT("SeSyncAgentPrivilege")
//#define SE_ENABLE_DELEGATION_NAME TEXT("SeEnableDelegationPrivilege")
if (fSpecicaliwamaccount)
{
InitLsaString(&UserRightString, SE_NETWORK_LOGON_NAME);
err = LsaAddAccountRights(PolicyHandle, pSID, &UserRightString, 1);
if (err != STATUS_SUCCESS){iisDebugOut((LOG_TYPE_WARN, _T("RegisterAccountUserRights:LsaAddAccountRights FAILED. err=0x%x\n"), err));}
// For NT5 -- the Iwam account will not have a ton of priveleges like was first decided.
// for security reasons it was trimmed.
InitLsaString(&UserRightString, SE_BATCH_LOGON_NAME);
err = LsaAddAccountRights(PolicyHandle, pSID, &UserRightString, 1);
if (err != STATUS_SUCCESS){iisDebugOut((LOG_TYPE_WARN, _T("RegisterAccountUserRights:LsaAddAccountRights FAILED. err=0x%x\n"), err));}
// For NT51 (Whistler)
// iwam should have additional rights, per bug277113 "SeAssignPrimaryTokenPrivilege","SeIncreaseQuotaPrivilege"
InitLsaString(&UserRightString, SE_ASSIGNPRIMARYTOKEN_NAME);
err = LsaAddAccountRights(PolicyHandle, pSID, &UserRightString, 1);
if (err != STATUS_SUCCESS){iisDebugOut((LOG_TYPE_WARN, _T("RegisterAccountUserRights:LsaAddAccountRights FAILED. err=0x%x\n"), err));}
InitLsaString(&UserRightString, SE_INCREASE_QUOTA_NAME);
err = LsaAddAccountRights(PolicyHandle, pSID, &UserRightString, 1);
if (err != STATUS_SUCCESS){iisDebugOut((LOG_TYPE_WARN, _T("RegisterAccountUserRights:LsaAddAccountRights FAILED. err=0x%x\n"), err));}
/* Old stuff that was taken out post NT5 Beta3
// Per Bug 291206 - IWAM account should not have the "log on locally" right, as it currently does
// So make sure it is not there -- since this is a potential security hole!
InitLsaString(&UserRightString, SE_INTERACTIVE_LOGON_NAME);
err = LsaRemoveAccountRights(PolicyHandle, pSID, FALSE, &UserRightString,1);
if (err != STATUS_SUCCESS){iisDebugOut((LOG_TYPE_WARN, _T("RegisterAccountUserRights:LsaAddAccountRights FAILED. err=0x%x\n"), err));}
// stuff for nt5 Beta3
InitLsaString(&UserRightString, SE_TCB_NAME);
err = LsaAddAccountRights(PolicyHandle, pSID, &UserRightString, 1);
if (err != STATUS_SUCCESS){iisDebugOut((LOG_TYPE_WARN, _T("RegisterAccountUserRights:LsaAddAccountRights FAILED. err=0x%x\n"), err));}
InitLsaString(&UserRightString, SE_CREATE_PAGEFILE_NAME);
err = LsaAddAccountRights(PolicyHandle, pSID, &UserRightString, 1);
if (err != STATUS_SUCCESS){iisDebugOut((LOG_TYPE_WARN, _T("RegisterAccountUserRights:LsaAddAccountRights FAILED. err=0x%x\n"), err));}
InitLsaString(&UserRightString, SE_CREATE_TOKEN_NAME);
err = LsaAddAccountRights(PolicyHandle, pSID, &UserRightString, 1);
if (err != STATUS_SUCCESS){iisDebugOut((LOG_TYPE_WARN, _T("RegisterAccountUserRights:LsaAddAccountRights FAILED. err=0x%x\n"), err));}
InitLsaString(&UserRightString, SE_CREATE_PERMANENT_NAME);
err = LsaAddAccountRights(PolicyHandle, pSID, &UserRightString, 1);
if (err != STATUS_SUCCESS){iisDebugOut((LOG_TYPE_WARN, _T("RegisterAccountUserRights:LsaAddAccountRights FAILED. err=0x%x\n"), err));}
InitLsaString(&UserRightString, SE_DEBUG_NAME);
err = LsaAddAccountRights(PolicyHandle, pSID, &UserRightString, 1);
if (err != STATUS_SUCCESS){iisDebugOut((LOG_TYPE_WARN, _T("RegisterAccountUserRights:LsaAddAccountRights FAILED. err=0x%x\n"), err));}
InitLsaString(&UserRightString, SE_AUDIT_NAME);
err = LsaAddAccountRights(PolicyHandle, pSID, &UserRightString, 1);
if (err != STATUS_SUCCESS){iisDebugOut((LOG_TYPE_WARN, _T("RegisterAccountUserRights:LsaAddAccountRights FAILED. err=0x%x\n"), err));}
InitLsaString(&UserRightString, SE_INCREASE_QUOTA_NAME);
err = LsaAddAccountRights(PolicyHandle, pSID, &UserRightString, 1);
if (err != STATUS_SUCCESS){iisDebugOut((LOG_TYPE_WARN, _T("RegisterAccountUserRights:LsaAddAccountRights FAILED. err=0x%x\n"), err));}
InitLsaString(&UserRightString, SE_INC_BASE_PRIORITY_NAME);
err = LsaAddAccountRights(PolicyHandle, pSID, &UserRightString, 1);
if (err != STATUS_SUCCESS){iisDebugOut((LOG_TYPE_WARN, _T("RegisterAccountUserRights:LsaAddAccountRights FAILED. err=0x%x\n"), err));}
InitLsaString(&UserRightString, SE_LOAD_DRIVER_NAME);
err = LsaAddAccountRights(PolicyHandle, pSID, &UserRightString, 1);
if (err != STATUS_SUCCESS){iisDebugOut((LOG_TYPE_WARN, _T("RegisterAccountUserRights:LsaAddAccountRights FAILED. err=0x%x\n"), err));}
InitLsaString(&UserRightString, SE_LOCK_MEMORY_NAME);
err = LsaAddAccountRights(PolicyHandle, pSID, &UserRightString, 1);
if (err != STATUS_SUCCESS){iisDebugOut((LOG_TYPE_WARN, _T("RegisterAccountUserRights:LsaAddAccountRights FAILED. err=0x%x\n"), err));}
InitLsaString(&UserRightString, SE_SYSTEM_ENVIRONMENT_NAME);
err = LsaAddAccountRights(PolicyHandle, pSID, &UserRightString, 1);
if (err != STATUS_SUCCESS){iisDebugOut((LOG_TYPE_WARN, _T("RegisterAccountUserRights:LsaAddAccountRights FAILED. err=0x%x\n"), err));}
InitLsaString(&UserRightString, SE_PROF_SINGLE_PROCESS_NAME);
err = LsaAddAccountRights(PolicyHandle, pSID, &UserRightString, 1);
if (err != STATUS_SUCCESS){iisDebugOut((LOG_TYPE_WARN, _T("RegisterAccountUserRights:LsaAddAccountRights FAILED. err=0x%x\n"), err));}
InitLsaString(&UserRightString, SE_ASSIGNPRIMARYTOKEN_NAME);
err = LsaAddAccountRights(PolicyHandle, pSID, &UserRightString, 1);
if (err != STATUS_SUCCESS){iisDebugOut((LOG_TYPE_WARN, _T("RegisterAccountUserRights:LsaAddAccountRights FAILED. err=0x%x\n"), err));}
*/
}
else
{
InitLsaString(&UserRightString, SE_INTERACTIVE_LOGON_NAME);
err = LsaAddAccountRights(PolicyHandle, pSID, &UserRightString, 1);
if (err != STATUS_SUCCESS){iisDebugOut((LOG_TYPE_WARN, _T("RegisterAccountUserRights:LsaAddAccountRights FAILED. err=0x%x\n"), err));}
InitLsaString(&UserRightString, SE_NETWORK_LOGON_NAME);
err = LsaAddAccountRights(PolicyHandle, pSID, &UserRightString, 1);
if (err != STATUS_SUCCESS){iisDebugOut((LOG_TYPE_WARN, _T("RegisterAccountUserRights:LsaAddAccountRights FAILED. err=0x%x\n"), err));}
InitLsaString(&UserRightString, SE_BATCH_LOGON_NAME);
err = LsaAddAccountRights(PolicyHandle, pSID, &UserRightString, 1);
if (err != STATUS_SUCCESS){iisDebugOut((LOG_TYPE_WARN, _T("RegisterAccountUserRights:LsaAddAccountRights FAILED. err=0x%x\n"), err));}
}
}
else
{
InitLsaString(&UserRightString, SE_INTERACTIVE_LOGON_NAME);
err = LsaRemoveAccountRights(PolicyHandle, pSID, FALSE, &UserRightString,1);
InitLsaString(&UserRightString, SE_NETWORK_LOGON_NAME);
err = LsaRemoveAccountRights(PolicyHandle, pSID, FALSE, &UserRightString,1);
InitLsaString(&UserRightString, SE_BATCH_LOGON_NAME);
err = LsaRemoveAccountRights(PolicyHandle, pSID, FALSE, &UserRightString,1);
InitLsaString(&UserRightString, SE_ASSIGNPRIMARYTOKEN_NAME);
err = LsaRemoveAccountRights(PolicyHandle, pSID, FALSE, &UserRightString,1);
InitLsaString(&UserRightString, SE_INCREASE_QUOTA_NAME);
err = LsaRemoveAccountRights(PolicyHandle, pSID, FALSE, &UserRightString,1);
/* Old stuff that was taken out post NT5 Beta3
// if special iwam account or not, let's remove these rights from the iusr or iwam user
InitLsaString(&UserRightString, SE_TCB_NAME);
err = LsaRemoveAccountRights(PolicyHandle, pSID, FALSE, &UserRightString,1);
InitLsaString(&UserRightString, SE_CREATE_PAGEFILE_NAME);
err = LsaRemoveAccountRights(PolicyHandle, pSID, FALSE, &UserRightString,1);
InitLsaString(&UserRightString, SE_CREATE_TOKEN_NAME);
err = LsaRemoveAccountRights(PolicyHandle, pSID, FALSE, &UserRightString,1);
InitLsaString(&UserRightString, SE_CREATE_PERMANENT_NAME);
err = LsaRemoveAccountRights(PolicyHandle, pSID, FALSE, &UserRightString,1);
InitLsaString(&UserRightString, SE_DEBUG_NAME);
err = LsaRemoveAccountRights(PolicyHandle, pSID, FALSE, &UserRightString,1);
InitLsaString(&UserRightString, SE_AUDIT_NAME);
err = LsaRemoveAccountRights(PolicyHandle, pSID, FALSE, &UserRightString,1);
InitLsaString(&UserRightString, SE_INCREASE_QUOTA_NAME);
err = LsaRemoveAccountRights(PolicyHandle, pSID, FALSE, &UserRightString,1);
InitLsaString(&UserRightString, SE_INC_BASE_PRIORITY_NAME);
err = LsaRemoveAccountRights(PolicyHandle, pSID, FALSE, &UserRightString,1);
InitLsaString(&UserRightString, SE_LOAD_DRIVER_NAME);
err = LsaRemoveAccountRights(PolicyHandle, pSID, FALSE, &UserRightString,1);
InitLsaString(&UserRightString, SE_LOCK_MEMORY_NAME);
err = LsaRemoveAccountRights(PolicyHandle, pSID, FALSE, &UserRightString,1);
InitLsaString(&UserRightString, SE_SYSTEM_ENVIRONMENT_NAME);
err = LsaRemoveAccountRights(PolicyHandle, pSID, FALSE, &UserRightString,1);
InitLsaString(&UserRightString, SE_PROF_SINGLE_PROCESS_NAME);
err = LsaRemoveAccountRights(PolicyHandle, pSID, FALSE, &UserRightString,1);
InitLsaString(&UserRightString, SE_ASSIGNPRIMARYTOKEN_NAME);
err = LsaRemoveAccountRights(PolicyHandle, pSID, FALSE, &UserRightString,1);
*/
}
LsaClose(PolicyHandle);
}
else
{
iisDebugOut((LOG_TYPE_TRACE, _T("RegisterAccountUserRights:Action=%d,Account=%s,iwam=%d,err=0x%x\n"), fAction, szAccountName,fSpecicaliwamaccount,err));
}
if (pSID)
{
if (bWellKnownSID)
FreeSid (pSID);
else
free (pSID);
}
if (err)
{
iisDebugOut((LOG_TYPE_TRACE, _T("RegisterAccountUserRights:Action=%d,Account=%s,iwam=%d,err=0x%x\n"), fAction, szAccountName,fSpecicaliwamaccount,err));
}
return (err);
}
BOOL IsUserExist( LPWSTR strUsername )
{
BYTE *pBuffer;
INT err = NERR_Success;
do
{
WCHAR *pMachineName = NULL;
iisDebugOut((LOG_TYPE_TRACE_WIN32_API, _T("NETAPI32.dll:NetServerGetInfo().Start.")));
err = NetServerGetInfo( NULL, 101, &pBuffer );
iisDebugOut((LOG_TYPE_TRACE_WIN32_API, _T("NETAPI32.dll:NetServerGetInfo().End.")));
// make sure we are not backup docmain first
if (err != NERR_Success )
{
// if this call returns that the service is not running, then let's just assume that the user does exist!!!!
if (err == NERR_ServerNotStarted)
{
// Try to start the server service.
err = InetStartService(_T("LanmanServer"));
if (err == 0 || err == ERROR_SERVICE_ALREADY_RUNNING)
{
iisDebugOut((LOG_TYPE_TRACE_WIN32_API, _T("NETAPI32.dll:NetServerGetInfo().Start.")));
err = NetServerGetInfo( NULL, 101, &pBuffer );
iisDebugOut((LOG_TYPE_TRACE_WIN32_API, _T("NETAPI32.dll:NetServerGetInfo().End.")));
if (err != NERR_Success )
{
if (err == NERR_ServerNotStarted)
{
iisDebugOut((LOG_TYPE_WARN, _T("NetServerGetInfo:failed.The Server service is not started. assume that %s exists.err=0x%x.\n"),strUsername,err));
err = NERR_Success;
}
}
}
else
{
iisDebugOut((LOG_TYPE_ERROR, _T("NetServerGetInfo:failed.The Server service is not started. assume that %s exists.err=0x%x.\n"),strUsername,err));
err = NERR_Success;
}
}
else
{
iisDebugOut((LOG_TYPE_ERROR, _T("NetServerGetInfo:failed.Do not call this on PDC or BDC takes too long.This must be a PDC or BDC.err=0x%x.\n"),err));
}
break;
}
LPSERVER_INFO_101 pInfo = (LPSERVER_INFO_101)pBuffer;
if (( pInfo->sv101_type & SV_TYPE_DOMAIN_BAKCTRL ) != 0 )
{
iisDebugOut((LOG_TYPE_TRACE_WIN32_API, _T("NETAPI32.dll:NetGetDCName().Start.")));
NetGetDCName( NULL, NULL, (LPBYTE*)&pMachineName );
iisDebugOut((LOG_TYPE_TRACE_WIN32_API, _T("NETAPI32.dll:NetGetDCName().End.")));
}
iisDebugOut((LOG_TYPE_TRACE_WIN32_API, _T("NETAPI32.dll:NetApiBufferFree().Start.")));
NetApiBufferFree( pBuffer );
iisDebugOut((LOG_TYPE_TRACE_WIN32_API, _T("NETAPI32.dll:NetApiBufferFree().End.")));
if (pMachineName){iisDebugOut((LOG_TYPE_TRACE_WIN32_API, _T("NetUserGetInfo:[%s\\%s].Start.\n"),pMachineName,strUsername));}
else{iisDebugOut((LOG_TYPE_TRACE_WIN32_API, _T("NetUserGetInfo:[(null)\\%s].Start.\n"),strUsername));}
iisDebugOut((LOG_TYPE_TRACE_WIN32_API, _T("NETAPI32.dll:NetUserGetInfo().Start.")));
err = NetUserGetInfo( pMachineName, strUsername, 3, &pBuffer );
iisDebugOut((LOG_TYPE_TRACE_WIN32_API, _T("NETAPI32.dll:NetUserGetInfo().End.")));
if (pMachineName){iisDebugOut((LOG_TYPE_TRACE_WIN32_API, _T("NetUserGetInfo:[%s\\%s].End.Ret=0x%x.\n"),pMachineName,strUsername,err));}
else{iisDebugOut((LOG_TYPE_TRACE_WIN32_API, _T("NetUserGetInfo:[(null)\\%s].End.\n"),strUsername));}
if ( err == NERR_Success )
{
iisDebugOut((LOG_TYPE_TRACE_WIN32_API, _T("NETAPI32.dll:NetApiBufferFree().Start.")));
NetApiBufferFree( pBuffer );
iisDebugOut((LOG_TYPE_TRACE_WIN32_API, _T("NETAPI32.dll:NetApiBufferFree().End.")));
}
if ( pMachineName != NULL )
{
iisDebugOut((LOG_TYPE_TRACE_WIN32_API, _T("NETAPI32.dll:NetApiBufferFree().Start.")));
NetApiBufferFree( pMachineName );
iisDebugOut((LOG_TYPE_TRACE_WIN32_API, _T("NETAPI32.dll:NetApiBufferFree().End.")));
}
} while (FALSE);
return(err == NERR_Success );
}
//
// Create InternetGuest Account
//
INT CreateUser( LPCTSTR szUsername, LPCTSTR szPassword, LPCTSTR szComment, LPCTSTR szFullName, BOOL fiWamUser,INT *NewlyCreated)
{
iisDebugOut((LOG_TYPE_TRACE, _T("CreateUser: %s\n"), szUsername));
INT iTheUserAlreadyExists = FALSE;
INT err = NERR_Success;
INT iTheUserIsMissingARight = FALSE;
BYTE *pBuffer;
WCHAR defGuest[UNLEN+1];
TCHAR defGuestGroup[GNLEN+1];
WCHAR wchGuestGroup[GNLEN+1];
WCHAR wchUsername[UNLEN+1];
WCHAR wchPassword[LM20_PWLEN+1];
WCHAR *pMachineName = NULL;
*NewlyCreated = 0;
iisDebugOut((LOG_TYPE_TRACE_WIN32_API, _T("GetGuestUserName:Start.\n")));
GetGuestUserName(defGuest);
iisDebugOut((LOG_TYPE_TRACE_WIN32_API, _T("GetGuestUserName:End.\n")));
iisDebugOut((LOG_TYPE_TRACE_WIN32_API, _T("GetGuestGrpName:Start.\n")));
GetGuestGrpName(defGuestGroup);
iisDebugOut((LOG_TYPE_TRACE_WIN32_API, _T("GetGuestGrpName:End.\n")));
iisDebugOut((LOG_TYPE_TRACE, _T("defGuest=%s, defGuestGroup=%s\n"), defGuest, defGuestGroup));
memset((PVOID)wchUsername, 0, sizeof(wchUsername));
memset((PVOID)wchPassword, 0, sizeof(wchPassword));
#if defined(UNICODE) || defined(_UNICODE)
wcsncpy(wchGuestGroup, defGuestGroup, GNLEN);
wcsncpy(wchUsername, szUsername, UNLEN);
wcsncpy(wchPassword, szPassword, LM20_PWLEN);
#else
MultiByteToWideChar(CP_ACP, 0, (LPCSTR)defGuestGroup, -1, (LPWSTR)wchGuestGroup, GNLEN);
MultiByteToWideChar(CP_ACP, 0, (LPCSTR)szUsername, -1, (LPWSTR)wchUsername, UNLEN);
MultiByteToWideChar(CP_ACP, 0, (LPCSTR)szPassword, -1, (LPWSTR)wchPassword, LM20_PWLEN);
#endif
iisDebugOut((LOG_TYPE_TRACE, _T("NETAPI32.dll:NetUserGetInfo:(%s) Start.\n"),defGuest));
err = NetUserGetInfo( NULL, defGuest, 3, &pBuffer );
iisDebugOut((LOG_TYPE_TRACE, _T("NETAPI32.dll:NetUserGetInfo:(%s) End.Ret=0x%x.\n"),defGuest,err));
if ( err == NERR_Success )
{
do
{
WCHAR wchComment[MAXCOMMENTSZ+1];
WCHAR wchFullName[UNLEN+1];
memset((PVOID)wchComment, 0, sizeof(wchComment));
memset((PVOID)wchFullName, 0, sizeof(wchFullName));
#if defined(UNICODE) || defined(_UNICODE)
wcsncpy(wchComment, szComment, MAXCOMMENTSZ);
wcsncpy(wchFullName, szFullName, UNLEN);
#else
MultiByteToWideChar(CP_ACP, 0, (LPCSTR)szComment, -1, (LPWSTR)wchComment, MAXCOMMENTSZ);
MultiByteToWideChar(CP_ACP, 0, (LPCSTR)szFullName, -1, (LPWSTR)wchFullName, UNLEN);
#endif
USER_INFO_3 *lpui3 = (USER_INFO_3 *)pBuffer;
lpui3->usri3_name = wchUsername;
lpui3->usri3_password = wchPassword;
lpui3->usri3_flags &= ~ UF_ACCOUNTDISABLE;
lpui3->usri3_flags |= UF_DONT_EXPIRE_PASSWD;
lpui3->usri3_acct_expires = TIMEQ_FOREVER;
lpui3->usri3_comment = wchComment;
lpui3->usri3_usr_comment = wchComment;
lpui3->usri3_full_name = wchFullName;
lpui3->usri3_primary_group_id = DOMAIN_GROUP_RID_USERS;
DWORD parm_err;
iisDebugOut((LOG_TYPE_TRACE, _T("NETAPI32.dll:NetUserAdd():Start.\n")));
err = NetUserAdd( NULL, 3, pBuffer, &parm_err );
iisDebugOut((LOG_TYPE_TRACE, _T("NETAPI32.dll:NetUserAdd():End.Ret=0x%x.\n"),err));
if ( err == NERR_NotPrimary )
{
// it is a backup dc
iisDebugOut((LOG_TYPE_TRACE, _T("NETAPI32.dll:NetGetDCName():Start.\n")));
err = NetGetDCName( NULL, NULL, (LPBYTE *)&pMachineName );
iisDebugOut((LOG_TYPE_TRACE, _T("NETAPI32.dll:NetGetDCName():End.Ret=0x%x\n"),err));
if (err != NERR_Success)
{
MyMessageBox(NULL, _T("CreateUser:NetGetDCName"), err, MB_OK | MB_SETFOREGROUND);
break;
}
else
{
iisDebugOut((LOG_TYPE_TRACE, _T("NETAPI32.dll:NetUserAdd().Start.")));
err = NetUserAdd( pMachineName, 3, pBuffer, &parm_err );
iisDebugOut((LOG_TYPE_TRACE, _T("NETAPI32.dll:NetUserAdd().End.")));
}
}
else if ( err == NERR_UserExists )
{
iTheUserAlreadyExists = TRUE;
iisDebugOut((LOG_TYPE_TRACE, _T("CreateUser:User Already exists. reusing.")));
// see if we can just change the password.
if (TRUE == ChangeUserPassword((LPTSTR) szUsername, (LPTSTR) szPassword))
{
err = NERR_Success;
}
}
if ( err != NERR_Success )
{
MyMessageBox(NULL, _T("CreateUser:NetUserAdd"), err, MB_OK | MB_SETFOREGROUND);
break;
}
} while (FALSE);
if ( pMachineName != NULL )
{
iisDebugOut((LOG_TYPE_TRACE_WIN32_API, _T("NETAPI32.dll:NetApiBufferFree().Start.")));
NetApiBufferFree( pMachineName );
iisDebugOut((LOG_TYPE_TRACE_WIN32_API, _T("NETAPI32.dll:NetApiBufferFree().End.")));
}
iisDebugOut((LOG_TYPE_TRACE_WIN32_API, _T("NETAPI32.dll:NetApiBufferFree().Start.")));
NetApiBufferFree( pBuffer );
iisDebugOut((LOG_TYPE_TRACE_WIN32_API, _T("NETAPI32.dll:NetApiBufferFree().End.")));
}
if ( err == NERR_Success )
{
if (iTheUserAlreadyExists)
{
// if the user already exists, then
// don't change any rights or the group that its in leave it alone.
TCHAR PrivilegeName[256];
iTheUserIsMissingARight = FALSE;
//#define SE_INTERACTIVE_LOGON_NAME TEXT("SeInteractiveLogonRight")
//#define SE_NETWORK_LOGON_NAME TEXT("SeNetworkLogonRight")
//#define SE_BATCH_LOGON_NAME TEXT("SeBatchLogonRight")
_tcscpy(PrivilegeName, _T("SeNetworkLogonRight"));
if (FALSE == DoesUserHaveThisRight(szUsername, PrivilegeName))
{
iTheUserIsMissingARight = TRUE;
}
else
{
_tcscpy(PrivilegeName, _T("SeBatchLogonRight"));
if (FALSE == DoesUserHaveThisRight(szUsername, PrivilegeName))
{
iTheUserIsMissingARight = TRUE;
}
else
{
if (fiWamUser)
{
// make sure the iwam user has these additional rights
// AssignPrimaryToken and IncreaseQuota privileges
_tcscpy(PrivilegeName, _T("SeAssignPrimaryTokenPrivilege"));
if (FALSE == DoesUserHaveThisRight(szUsername, PrivilegeName))
{
iTheUserIsMissingARight = TRUE;
}
else
{
_tcscpy(PrivilegeName, _T("SeIncreaseQuotaPrivilege"));
if (FALSE == DoesUserHaveThisRight(szUsername, PrivilegeName))
{
iTheUserIsMissingARight = TRUE;
}
}
}
else
{
// make sure the iusr user has these additional rights
_tcscpy(PrivilegeName, _T("SeInteractiveLogonRight"));
if (FALSE == DoesUserHaveThisRight(szUsername, PrivilegeName))
{
iTheUserIsMissingARight = TRUE;
}
}
}
}
// nope, we have to make sure that our iusr\iwam user has at least these
// rights, because otherwise it won't work bug#361833
if (iTheUserIsMissingARight == TRUE)
{
iisDebugOut((LOG_TYPE_TRACE, _T("Missing user right[%s]:resetting it."),PrivilegeName));
RegisterAccountUserRights(szUsername, TRUE, fiWamUser);
}
// if its the the iwam user, then make sure they are not part of the Guests Group by removing them
if (fiWamUser)
{
RegisterAccountToLocalGroup(szUsername, _T("Guests"), FALSE);
}
}
else
{
// User was successfully newly created
*NewlyCreated = 1;
// add it to the guests group
// (but don't do it for the iwam user)
if (!fiWamUser)
{
RegisterAccountToLocalGroup(szUsername, _T("Guests"), TRUE);
}
// add certain user rights to this account
RegisterAccountUserRights(szUsername, TRUE, fiWamUser);
}
}
if (TRUE == iTheUserAlreadyExists)
{*NewlyCreated = 2;}
return err;
}
INT DeleteGuestUser(LPCTSTR szUsername, INT *UserWasDeleted)
{
iisDebugOut((LOG_TYPE_TRACE, _T("DeleteGuestUser:%s\n"), szUsername));
INT err = NERR_Success;
BYTE *pBuffer;
*UserWasDeleted = 0;
WCHAR wchUsername[UNLEN+1];
#if defined(UNICODE) || defined(_UNICODE)
wcsncpy(wchUsername, szUsername, UNLEN);
#else
MultiByteToWideChar(CP_ACP, 0, (LPCSTR)szUsername, -1, (LPWSTR)wchUsername, UNLEN);
#endif
if (FALSE == IsUserExist(wchUsername))
{
*UserWasDeleted = 1;
iisDebugOut((LOG_TYPE_TRACE, _T("DeleteGuestUser return. %s doesn't exist.\n"), szUsername));
return err;
}
// remove it from the guests group
RegisterAccountToLocalGroup(szUsername, _T("Guests"), FALSE);
// remove certain user rights of this account
RegisterAccountUserRights(szUsername, FALSE, TRUE);
do
{
WCHAR *pMachine = NULL;
// make sure we are not backup docmain first
iisDebugOut((LOG_TYPE_TRACE, _T("NetServerGetInfo:Start.\n")));
iisDebugOut((LOG_TYPE_TRACE_WIN32_API, _T("NETAPI32.dll:NetServerGetInfo().Start.")));
err = NetServerGetInfo( NULL, 101, &pBuffer );
iisDebugOut((LOG_TYPE_TRACE_WIN32_API, _T("NETAPI32.dll:NetServerGetInfo().End.")));
if (err != NERR_Success )
{
iisDebugOut((LOG_TYPE_ERROR, _T("NetServerGetInfo:failed.err=0x%x.\n"),err));
break;
}
iisDebugOut((LOG_TYPE_TRACE, _T("NetServerGetInfo:End.\n")));
LPSERVER_INFO_101 pInfo = (LPSERVER_INFO_101)pBuffer;
if (( pInfo->sv101_type & SV_TYPE_DOMAIN_BAKCTRL ) != 0 )
{
iisDebugOut((LOG_TYPE_TRACE, _T("NETAPI32.dll:NetGetDCName():Start.\n")));
NetGetDCName( NULL, NULL, (LPBYTE *)&pMachine);
iisDebugOut((LOG_TYPE_TRACE, _T("NETAPI32.dll:NetGetDCName():End.\n")));
}
iisDebugOut((LOG_TYPE_TRACE_WIN32_API, _T("NETAPI32.dll:NetApiBufferFree().Start.")));
NetApiBufferFree( pBuffer );
iisDebugOut((LOG_TYPE_TRACE_WIN32_API, _T("NETAPI32.dll:NetApiBufferFree().End.")));
iisDebugOut((LOG_TYPE_TRACE, _T("NetUserDel:Start.\n")));
iisDebugOut((LOG_TYPE_TRACE_WIN32_API, _T("NETAPI32.dll:NetUserDel().Start.")));
INT err = ::NetUserDel( pMachine, wchUsername );
iisDebugOut((LOG_TYPE_TRACE_WIN32_API, _T("NETAPI32.dll:NetUserDel().End.")));
iisDebugOut((LOG_TYPE_TRACE, _T("NetUserDel:End.Ret=0x%x.\n"),err));
if (err == NERR_Success)
{
*UserWasDeleted = 1;
}
if ( pMachine != NULL )
{
iisDebugOut((LOG_TYPE_TRACE_WIN32_API, _T("NETAPI32.dll:NetApiBufferFree().Start.")));
NetApiBufferFree( pMachine );
iisDebugOut((LOG_TYPE_TRACE_WIN32_API, _T("NETAPI32.dll:NetApiBufferFree().End.")));
}
} while(FALSE);
iisDebugOut((LOG_TYPE_TRACE, _T("DeleteGuestUser:%s. End. Return 0x%x\n"), szUsername, err));
return err;
}
BOOL GuestAccEnabled()
{
BOOL fEnabled = FALSE;
INT err = NERR_Success;
BYTE *pBuffer;
WCHAR defGuest[UNLEN+1];
GetGuestUserName(defGuest);
iisDebugOut((LOG_TYPE_TRACE, _T("NETAPI32.dll:NetUserGetInfo:Start.\n")));
err = NetUserGetInfo( NULL, defGuest, 3, &pBuffer );
iisDebugOut((LOG_TYPE_TRACE, _T("NETAPI32.dll:NetUserGetInfo:End.Ret=0x%x.\n"),err));
if ( err == NERR_Success )
{
USER_INFO_3 *lpui3 = (USER_INFO_3 *)pBuffer;
fEnabled = ( lpui3->usri3_flags & UF_ACCOUNTDISABLE ) == 0;
}
return fEnabled;
}
NET_API_STATUS
NetpNtStatusToApiStatus (
IN NTSTATUS NtStatus
)
/*++
Routine Description:
This function takes an NT status code and maps it to the appropriate
LAN Man error code.
Arguments:
NtStatus - Supplies the NT status.
Return Value:
Returns the appropriate LAN Man error code for the NT status.
--*/
{
NET_API_STATUS error;
//
// A small optimization for the most common case.
//
if ( NtStatus == STATUS_SUCCESS ) {
return NERR_Success;
}
switch ( NtStatus ) {
case STATUS_BUFFER_TOO_SMALL :
return NERR_BufTooSmall;
case STATUS_FILES_OPEN :
return NERR_OpenFiles;
case STATUS_CONNECTION_IN_USE :
return NERR_DevInUse;
case STATUS_INVALID_LOGON_HOURS :
return NERR_InvalidLogonHours;
case STATUS_INVALID_WORKSTATION :
return NERR_InvalidWorkstation;
case STATUS_PASSWORD_EXPIRED :
return NERR_PasswordExpired;
case STATUS_ACCOUNT_EXPIRED :
return NERR_AccountExpired;
case STATUS_REDIRECTOR_NOT_STARTED :
return NERR_NetNotStarted;
case STATUS_GROUP_EXISTS:
return NERR_GroupExists;
case STATUS_INTERNAL_DB_CORRUPTION:
return NERR_InvalidDatabase;
case STATUS_INVALID_ACCOUNT_NAME:
return NERR_BadUsername;
case STATUS_INVALID_DOMAIN_ROLE:
case STATUS_INVALID_SERVER_STATE:
case STATUS_BACKUP_CONTROLLER:
return NERR_NotPrimary;
case STATUS_INVALID_DOMAIN_STATE:
return NERR_ACFNotLoaded;
case STATUS_MEMBER_IN_GROUP:
return NERR_UserInGroup;
case STATUS_MEMBER_NOT_IN_GROUP:
return NERR_UserNotInGroup;
case STATUS_NONE_MAPPED:
case STATUS_NO_SUCH_GROUP:
return NERR_GroupNotFound;
case STATUS_SPECIAL_GROUP:
case STATUS_MEMBERS_PRIMARY_GROUP:
return NERR_SpeGroupOp;
case STATUS_USER_EXISTS:
return NERR_UserExists;
case STATUS_NO_SUCH_USER:
return NERR_UserNotFound;
case STATUS_PRIVILEGE_NOT_HELD:
return ERROR_ACCESS_DENIED;
case STATUS_LOGON_SERVER_CONFLICT:
return NERR_LogonServerConflict;
case STATUS_TIME_DIFFERENCE_AT_DC:
return NERR_TimeDiffAtDC;
case STATUS_SYNCHRONIZATION_REQUIRED:
return NERR_SyncRequired;
case STATUS_WRONG_PASSWORD_CORE:
return NERR_BadPasswordCore;
case STATUS_DOMAIN_CONTROLLER_NOT_FOUND:
return NERR_DCNotFound;
case STATUS_PASSWORD_RESTRICTION:
return NERR_PasswordTooShort;
case STATUS_ALREADY_DISCONNECTED:
return NERR_Success;
default:
//
// Use the system routine to do the mapping to ERROR_ codes.
//
#ifndef WIN32_CHICAGO
error = RtlNtStatusToDosError( NtStatus );
if ( error != (NET_API_STATUS)NtStatus ) {
return error;
}
#endif // WIN32_CHICAGO
//
// Could not map the NT status to anything appropriate.
// Write this to the eventlog file
//
return NERR_InternalError;
}
} // NetpNtStatusToApiStatus
NET_API_STATUS
UaspGetDomainId(
IN LPCWSTR ServerName OPTIONAL,
OUT PSAM_HANDLE SamServerHandle OPTIONAL,
OUT PPOLICY_ACCOUNT_DOMAIN_INFO * AccountDomainInfo
)
/*++
Routine Description:
Return a domain ID of the account domain of a server.
Arguments:
ServerName - A pointer to a string containing the name of the
Domain Controller (DC) to query. A NULL pointer
or string specifies the local machine.
SamServerHandle - Returns the SAM connection handle if the caller wants it.
DomainId - Receives a pointer to the domain ID.
Caller must deallocate buffer using NetpMemoryFree.
Return Value:
Error code for the operation.
--*/
{
NET_API_STATUS NetStatus;
NTSTATUS Status;
SAM_HANDLE LocalSamHandle = NULL;
ACCESS_MASK LSADesiredAccess;
LSA_HANDLE LSAPolicyHandle = NULL;
OBJECT_ATTRIBUTES LSAObjectAttributes;
UNICODE_STRING ServerNameString;
//
// Connect to the SAM server
//
RtlInitUnicodeString( &ServerNameString, ServerName );
Status = SamConnect(
&ServerNameString,
&LocalSamHandle,
SAM_SERVER_LOOKUP_DOMAIN,
NULL);
if ( !NT_SUCCESS(Status))
{
LocalSamHandle = NULL;
NetStatus = NetpNtStatusToApiStatus( Status );
iisDebugOut((LOG_TYPE_TRACE_WIN32_API, _T("UaspGetDomainId: Cannot connect to Sam. err=0x%x\n"),NetStatus));
goto Cleanup;
}
//
// Open LSA to read account domain info.
//
if ( AccountDomainInfo != NULL) {
//
// set desired access mask.
//
LSADesiredAccess = POLICY_VIEW_LOCAL_INFORMATION;
InitializeObjectAttributes( &LSAObjectAttributes,
NULL, // Name
0, // Attributes
NULL, // Root
NULL ); // Security Descriptor
Status = LsaOpenPolicy( &ServerNameString,
&LSAObjectAttributes,
LSADesiredAccess,
&LSAPolicyHandle );
if( !NT_SUCCESS(Status) ) {
NetStatus = NetpNtStatusToApiStatus( Status );
iisDebugOut((LOG_TYPE_TRACE_WIN32_API, _T("UaspGetDomainId: Cannot open LSA Policy %lX\n"),NetStatus));
goto Cleanup;
}
//
// now read account domain info from LSA.
//
Status = LsaQueryInformationPolicy(
LSAPolicyHandle,
PolicyAccountDomainInformation,
(PVOID *) AccountDomainInfo );
if( !NT_SUCCESS(Status) ) {
NetStatus = NetpNtStatusToApiStatus( Status );
iisDebugOut((LOG_TYPE_TRACE_WIN32_API, _T("UaspGetDomainId: Cannot read LSA.Err=0x%x.\n"),NetStatus));
goto Cleanup;
}
}
//
// Return the SAM connection handle to the caller if he wants it.
// Otherwise, disconnect from SAM.
//
if ( ARGUMENT_PRESENT( SamServerHandle ) ) {
*SamServerHandle = LocalSamHandle;
LocalSamHandle = NULL;
}
NetStatus = NERR_Success;
//
// Cleanup locally used resources
//
Cleanup:
if ( LocalSamHandle != NULL ) {
(VOID) SamCloseHandle( LocalSamHandle );
}
if( LSAPolicyHandle != NULL ) {
LsaClose( LSAPolicyHandle );
}
return NetStatus;
} // UaspGetDomainId
NET_API_STATUS
SampCreateFullSid(
IN PSID DomainSid,
IN ULONG Rid,
OUT PSID *AccountSid
)
/*++
Routine Description:
This function creates a domain account sid given a domain sid and
the relative id of the account within the domain.
The returned Sid may be freed with LocalFree.
--*/
{
NET_API_STATUS NetStatus;
NTSTATUS IgnoreStatus;
UCHAR AccountSubAuthorityCount;
ULONG AccountSidLength;
PULONG RidLocation;
//
// Calculate the size of the new sid
//
AccountSubAuthorityCount = *RtlSubAuthorityCountSid(DomainSid) + (UCHAR)1;
AccountSidLength = RtlLengthRequiredSid(AccountSubAuthorityCount);
//
// Allocate space for the account sid
//
*AccountSid = LocalAlloc(LMEM_ZEROINIT,AccountSidLength);
if (*AccountSid == NULL)
{
NetStatus = ERROR_NOT_ENOUGH_MEMORY;
}
else
{
//
// Copy the domain sid into the first part of the account sid
//
IgnoreStatus = RtlCopySid(AccountSidLength, *AccountSid, DomainSid);
ASSERT(NT_SUCCESS(IgnoreStatus));
//
// Increment the account sid sub-authority count
//
*RtlSubAuthorityCountSid(*AccountSid) = AccountSubAuthorityCount;
//
// Add the rid as the final sub-authority
//
RidLocation = RtlSubAuthoritySid(*AccountSid, AccountSubAuthorityCount-1);
*RidLocation = Rid;
//iisDebugOut((LOG_TYPE_TRACE_WIN32_API, _T("AccountSid=0x%x"),*AccountSid));
NetStatus = NERR_Success;
}
return(NetStatus);
}
int GetGuestUserNameForDomain_FastWay(LPTSTR szDomainToLookUp,LPTSTR lpGuestUsrName)
{
iisDebugOut((LOG_TYPE_TRACE_WIN32_API, _T("GetGuestUserNameForDomain_FastWay.start.domain=%s\n"),szDomainToLookUp));
int iReturn = FALSE;
NET_API_STATUS NetStatus;
// for UaspGetDomainId()
SAM_HANDLE SamServerHandle = NULL;
PPOLICY_ACCOUNT_DOMAIN_INFO pAccountDomainInfo;
PSID pAccountSid = NULL;
PSID pDomainSid = NULL;
// for LookupAccountSid()
SID_NAME_USE sidNameUse = SidTypeUser;
SID_IDENTIFIER_AUTHORITY NtAuthority = SECURITY_NT_AUTHORITY;
TCHAR szUserName[UNLEN+1];
DWORD cbName = UNLEN+1;
// must be big enough to hold something bigger than DNLen since LookupAccountSid may returnn something really big.
TCHAR szReferencedDomainName[200];
DWORD cbReferencedDomainName = sizeof(szReferencedDomainName);
ASSERT(lpGuestUsrName);
// make sure not to return back gobble-d-gook
_tcscpy(lpGuestUsrName, _T(""));
//
// Get the Sid for the specified Domain
//
// szDomainToLookUp=NULL for local machine
NetStatus = UaspGetDomainId( szDomainToLookUp,&SamServerHandle,&pAccountDomainInfo );
if ( NetStatus != NERR_Success )
{
iisDebugOut((LOG_TYPE_TRACE_WIN32_API, _T("GetGuestUserNameForDomain:UaspGetDomainId failed.ret=0x%x."),NetStatus));
goto GetGuestUserNameForDomain_FastWay_Exit;
}
pDomainSid = pAccountDomainInfo->DomainSid;
//
// Use the Domain Sid and the well known Guest RID to create the Real Guest Sid
//
// Well-known users ...
// DOMAIN_USER_RID_ADMIN (0x000001F4L)
// DOMAIN_USER_RID_GUEST (0x000001F5L)
NetStatus = NERR_InternalError;
NetStatus = SampCreateFullSid(pDomainSid, DOMAIN_USER_RID_GUEST, &pAccountSid);
if ( NetStatus != NERR_Success )
{
iisDebugOut((LOG_TYPE_TRACE_WIN32_API, _T("GetGuestUserNameForDomain:SampCreateFullSid failed.ret=0x%x."),NetStatus));
goto GetGuestUserNameForDomain_FastWay_Exit;
}
//
// Check if the SID is valid
//
if (0 == IsValidSid(pAccountSid))
{
DWORD dwErr = GetLastError();
iisDebugOut((LOG_TYPE_TRACE_WIN32_API, _T("GetGuestUserNameForDomain:IsValidSid FAILED. GetLastError()= 0x%x\n"), dwErr));
goto GetGuestUserNameForDomain_FastWay_Exit;
}
//
// Retrieve the UserName for the specified SID
//
_tcscpy(szUserName, _T(""));
_tcscpy(szReferencedDomainName, _T(""));
// szDomainToLookUp=NULL for local machine
if (!LookupAccountSid(szDomainToLookUp, pAccountSid, szUserName, &cbName, szReferencedDomainName, &cbReferencedDomainName, &sidNameUse))
{
DWORD dwErr = GetLastError();
iisDebugOut((LOG_TYPE_TRACE_WIN32_API, _T("GetGuestUserNameForDomain:LookupAccountSid FAILED. GetLastError()= 0x%x\n"), dwErr));
goto GetGuestUserNameForDomain_FastWay_Exit;
}
//iisDebugOut((LOG_TYPE_TRACE, _T("GetGuestUserNameForDomain:szDomainToLookUp=%s\n"),szDomainToLookUp));
//iisDebugOut((LOG_TYPE_TRACE, _T("GetGuestUserNameForDomain:pAccountSid=0x%x\n"),pAccountSid));
//iisDebugOut((LOG_TYPE_TRACE, _T("GetGuestUserNameForDomain:szUserName=%s\n"),szUserName));
//iisDebugOut((LOG_TYPE_TRACE, _T("GetGuestUserNameForDomain:szReferencedDomainName=%s\n"),szReferencedDomainName));
// Return the guest user name that we got.
_tcscpy(lpGuestUsrName, szUserName);
// Wow, after all that, we must have succeeded
iReturn = TRUE;
GetGuestUserNameForDomain_FastWay_Exit:
// Free the Domain info if we got some
if (pAccountDomainInfo) {NetpMemoryFree(pAccountDomainInfo);}
// Free the sid if we had allocated one
if (pAccountSid) {LocalFree(pAccountSid);}
iisDebugOut((LOG_TYPE_TRACE, _T("GetGuestUserNameForDomain_FastWay.end.domain=%s.ret=%d.\n"),szDomainToLookUp,iReturn));
return iReturn;
}
void GetGuestUserName(LPTSTR lpOutGuestUsrName)
{
// try to retrieve the guest username the fast way
// meaning = lookup the domain sid, and the well known guest rid, to get the guest sid.
// then look it up. The reason for this function is that on large domains with mega users
// the account can be quickly looked up.
TCHAR szGuestUsrName[UNLEN+1];
LPTSTR pszComputerName = NULL;
if (!GetGuestUserNameForDomain_FastWay(pszComputerName,szGuestUsrName))
{
iisDebugOut((LOG_TYPE_WARN, _T("GetGuestUserNameForDomain_FastWay:Did not succeed use slow way. WARNING.")));
// if the fast way failed for some reason, then let's do it
// the slow way, since this way always used to work, only on large domains (1 mil users)
// it could take 24hrs (since this function actually enumerates thru the domain)
GetGuestUserName_SlowWay(szGuestUsrName);
}
// Return back the username
_tcscpy(lpOutGuestUsrName,szGuestUsrName);
return;
}
int ChangeUserPassword(IN LPTSTR szUserName, IN LPTSTR szNewPassword)
{
int iReturn = TRUE;
USER_INFO_1003 pi1003;
NET_API_STATUS nas;
TCHAR szRawComputerName[CNLEN + 10];
DWORD dwLen = CNLEN + 10;
TCHAR szComputerName[CNLEN + 10];
TCHAR szCopyOfUserName[UNLEN+10];
TCHAR szTempFullUserName[(CNLEN + 10) + (DNLEN+1)];
LPTSTR pch = NULL;
_tcscpy(szCopyOfUserName, szUserName);
//iisDebugOut((LOG_TYPE_TRACE_WIN32_API, _T("ChangeUserPassword().Start.name=%s,pass=%s"),szCopyOfUserName,szNewPassword));
iisDebugOut((LOG_TYPE_TRACE_WIN32_API, _T("ChangeUserPassword().Start.name=%s"),szCopyOfUserName));
if ( !GetComputerName( szRawComputerName, &dwLen ))
{goto ChangeUserPassword_Exit;}
// Make a copy to be sure not to move the pointer around.
_tcscpy(szTempFullUserName, szCopyOfUserName);
// Check if there is a "\" in there.
pch = _tcschr(szTempFullUserName, _T('\\'));
if (pch)
{
// szCopyOfUserName should now go from something like this:
// mycomputer\myuser
// to this myuser
_tcscpy(szCopyOfUserName,pch+1);
// trim off the '\' character to leave just the domain\computername so we can check against it.
*pch = _T('\0');
// compare the szTempFullUserName with the local computername.
if (0 == _tcsicmp(szRawComputerName, szTempFullUserName))
{
// the computername\username has a hardcoded computername in it.
// lets try to get only the username
// look szCopyOfusername is already set
}
else
{
// the local computer machine name
// and the specified username are different, so get out
// and don't even try to change this user\password since
// it's probably a domain\username
// return true -- saying that we did in fact change the passoword.
// we really didn't but we can't
iReturn = TRUE;
goto ChangeUserPassword_Exit;
}
}
// Make sure the computername has a \\ in front of it
if ( szRawComputerName[0] != _T('\\') )
{_tcscpy(szComputerName,_T("\\\\"));}
_tcscat(szComputerName,szRawComputerName);
//
// administrative over-ride of existing password
//
// by this time szCopyOfUserName
// should not look like mycomputername\username but it should look like username.
pi1003.usri1003_password = szNewPassword;
nas = NetUserSetInfo(
szComputerName, // computer name
szCopyOfUserName, // username
1003, // info level
(LPBYTE)&pi1003, // new info
NULL
);
if(nas != NERR_Success)
{
iReturn = FALSE;
goto ChangeUserPassword_Exit;
}
ChangeUserPassword_Exit:
iisDebugOut((LOG_TYPE_TRACE_WIN32_API, _T("ChangeUserPassword().End.Ret=%d"),iReturn));
return iReturn;
}
BOOL DoesUserHaveThisRight(LPCTSTR szAccountName, LPTSTR PrivilegeName)
{
iisDebugOut((LOG_TYPE_TRACE, _T("DoesUserHaveBasicRights:Account=%s\n"), szAccountName));
int err;
BOOL fEnabled = FALSE;
NTSTATUS status;
LSA_UNICODE_STRING UserRightString;
// Create a LSA_UNICODE_STRING for the privilege name.
InitLsaString(&UserRightString, PrivilegeName);
// get the sid of szAccountName
PSID pSID = NULL;
BOOL bWellKnownSID = FALSE;
err = GetPrincipalSID ((LPTSTR)szAccountName, &pSID, &bWellKnownSID);
if (err != ERROR_SUCCESS)
{
iisDebugOut((LOG_TYPE_ERROR, _T("DoesUserHaveBasicRights:GetPrincipalSID:Account=%s, err=%d.\n"), szAccountName, err));
return (err);
}
LSA_HANDLE PolicyHandle = NULL;
err = OpenPolicy(NULL, POLICY_ALL_ACCESS,&PolicyHandle);
if ( err == NERR_Success )
{
UINT i;
LSA_UNICODE_STRING *rgUserRights = NULL;
ULONG cRights;
status = LsaEnumerateAccountRights(
PolicyHandle,
pSID,
&rgUserRights,
&cRights);
if (status==STATUS_OBJECT_NAME_NOT_FOUND)
{
// no rights/privileges for this account
fEnabled = FALSE;
}
else if (!NT_SUCCESS(status))
{
iisDebugOut((LOG_TYPE_ERROR, _T("DoesUserHaveBasicRights:GetPrincipalSID:Failed to enumerate rights: status 0x%08lx\n"), status));
goto DoesUserHaveBasicRights_Exit;
}
for(i=0; i < cRights; i++)
{
if ( RtlEqualUnicodeString(&rgUserRights[i],&UserRightString,FALSE) )
{
fEnabled = TRUE;
break;
}
}
if (rgUserRights) {LsaFreeMemory(rgUserRights);}
}
DoesUserHaveBasicRights_Exit:
if (PolicyHandle){LsaClose(PolicyHandle);}
if (pSID)
{
if (bWellKnownSID){FreeSid (pSID);}
else{free (pSID);}
}
return (fEnabled);
}
HRESULT CreateGroup(LPTSTR szGroupName, LPCTSTR szGroupComment, int iAction)
{
HRESULT hr = S_OK;
NET_API_STATUS dwRes;
LOCALGROUP_INFO_1 MyLocalGroup;
WCHAR wszLocalGroupName[_MAX_PATH];
WCHAR wszLocalGroupComment[_MAX_PATH];
memset(&MyLocalGroup, 0, sizeof(MyLocalGroup));
#if defined(UNICODE) || defined(_UNICODE)
_tcscpy(wszLocalGroupName, szGroupName);
_tcscpy(wszLocalGroupComment, szGroupComment);
#else
MultiByteToWideChar( CP_ACP, 0, szGroupName, -1, wszLocalGroupName, _MAX_PATH);
MultiByteToWideChar( CP_ACP, 0, szGroupComment, -1, wszLocalGroupComment, _MAX_PATH);
#endif
MyLocalGroup.lgrpi1_name = (LPWSTR)szGroupName;
MyLocalGroup.lgrpi1_comment = (LPWSTR)szGroupComment;
if (iAction)
{
dwRes = ::NetLocalGroupAdd( NULL, 1, (LPBYTE)&MyLocalGroup, NULL );
if(dwRes != NERR_Success &&
dwRes != NERR_GroupExists &&
dwRes != ERROR_ALIAS_EXISTS )
{
hr = HRESULT_FROM_WIN32(dwRes);
}
}
else
{
dwRes = ::NetLocalGroupDel( NULL, wszLocalGroupName);
if(dwRes != NERR_Success &&
dwRes != NERR_GroupNotFound &&
dwRes != ERROR_NO_SUCH_ALIAS )
{
hr = HRESULT_FROM_WIN32(dwRes);
}
}
return hr;
}
int CreateGroupDC(LPTSTR szGroupName, LPCTSTR szGroupComment)
{
int iReturn = FALSE;
GROUP_INFO_1 GI1;
ULONG BadParm;
WCHAR * pMachineName = NULL;
ULONG ulErr = ERROR_SUCCESS;
WCHAR wszLocalGroupName[_MAX_PATH];
WCHAR wszLocalGroupComment[_MAX_PATH];
memset(&GI1, 0, sizeof(GROUP_INFO_1));
#if defined(UNICODE) || defined(_UNICODE)
_tcscpy(wszLocalGroupName, szGroupName);
_tcscpy(wszLocalGroupComment, szGroupComment);
#else
MultiByteToWideChar( CP_ACP, 0, szGroupName, -1, wszLocalGroupName, _MAX_PATH);
MultiByteToWideChar( CP_ACP, 0, szGroupComment, -1, wszLocalGroupComment, _MAX_PATH);
#endif
GI1.grpi1_name = wszLocalGroupName;
GI1.grpi1_comment = wszLocalGroupComment;
iisDebugOut((LOG_TYPE_TRACE, _T("CreateGroup:NetGroupAdd\n")));
ulErr = NetGroupAdd(NULL,1,(PBYTE)&GI1,&BadParm);
iisDebugOut((LOG_TYPE_TRACE, _T("CreateGroup:NetGroupAdd,ret=0x%x\n"),ulErr));
switch (ulErr)
{
case NERR_Success:
iisDebugOut((LOG_TYPE_TRACE, _T("CreateGroup:NetGroupAdd,success\n"),ulErr));
iReturn = TRUE;
break;
case NERR_GroupExists:
iReturn = TRUE;
break;
case NERR_InvalidComputer:
iReturn = FALSE;
break;
case NERR_NotPrimary:
{
// it is a backup dc
int err;
iisDebugOut((LOG_TYPE_TRACE, _T("NETAPI32.dll:NetGetDCName():Start.\n")));
err = NetGetDCName( NULL, NULL, (LPBYTE *)&pMachineName );
iisDebugOut((LOG_TYPE_TRACE, _T("NETAPI32.dll:NetGetDCName():End.Ret=0x%x\n"),err));
if (err != NERR_Success)
{
MyMessageBox(NULL, _T("CreateUser:NetGetDCName"), err, MB_OK | MB_SETFOREGROUND);
}
else
{
iisDebugOut((LOG_TYPE_TRACE, _T("NETAPI32.dll:NetGroupAdd().Start.")));
ulErr = NetGroupAdd(pMachineName,1,(PBYTE)&GI1,&BadParm);
iisDebugOut((LOG_TYPE_TRACE, _T("NETAPI32.dll:NetGroupAdd().End.")));
if (NERR_Success == ulErr || NERR_GroupExists == ulErr)
{
iReturn = TRUE;
}
}
}
break;
case ERROR_ACCESS_DENIED:
iReturn = FALSE;
break;
default:
iReturn = FALSE;
break;
}
return iReturn;
}
#endif //_CHICAGO_