Microsoft/NT4
Microsoft/NT4
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
ce47f986d8
NT4/private/newsam/server/utility.c
Microsoft ce47f986d8 First commit
2020-09-30 17:12:29 +02:00

6936 lines
182 KiB
C
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

/*++
Copyright (c) 1990 Microsoft Corporation
Module Name:
utility.c
Abstract:
This file contains utility services used by several other SAM files.
Author:
Jim Kelly (JimK) 4-July-1991
Environment:
User Mode - Win32
Revision History:
--*/
///////////////////////////////////////////////////////////////////////////////
// //
// Includes //
// //
///////////////////////////////////////////////////////////////////////////////
#include <samsrvp.h>
#include <ntlsa.h>
#include <nlrepl.h>
///////////////////////////////////////////////////////////////////////////////
// //
// private service prototypes //
// //
///////////////////////////////////////////////////////////////////////////////
#define VERBOSE_FLUSH 0
#if VERBOSE_FLUSH
#define VerbosePrint(s) KdPrint(s)
#else
#define VerbosePrint(s)
#endif
NTSTATUS
SampRefreshRegistry(
VOID
);
///////////////////////////////////////////////////////////////////////////////
// //
// Database/registry access lock services //
// //
///////////////////////////////////////////////////////////////////////////////
VOID
SampAcquireReadLock(
VOID
)
/*++
Routine Description:
This routine obtains read access to the SAM data structures and
backing store.
Despite its apparent implications, read access is an exclusive access.
This is to support the model set up in which global variables are used
to track the "current" domain. In the future, if performance warrants,
a read lock could imply shared access to SAM data structures.
The primary implication of a read lock at this time is that no
changes to the SAM database will be made which require a backing
store update.
Arguments:
None.
Return Value:
None.
--*/
{
BOOLEAN Success;
//
// Before changing this to a non-exclusive lock, the display information
// module must be changed to use a separate locking mechanism. Davidc 5/12/92
//
Success = RtlAcquireResourceExclusive( &SampLock, TRUE );
ASSERT(Success);
//
// Allow LSA a chance to perform an integrity check
//
LsaIHealthCheck( LsaIHealthSamJustLocked );
return;
}
VOID
SampReleaseReadLock(
VOID
)
/*++
Routine Description:
This routine releases shared read access to the SAM data structures and
backing store.
Arguments:
None.
Return Value:
None.
--*/
{
//
// Allow LSA a chance to perform an integrity check
//
LsaIHealthCheck( LsaIHealthSamAboutToFree );
SampTransactionWithinDomain = FALSE;
RtlReleaseResource( &SampLock );
return;
}
NTSTATUS
SampAcquireWriteLock(
VOID
)
/*++
Routine Description:
This routine acquires exclusive access to the SAM data structures and
backing store.
This access is needed to perform a write operation.
This routine also initiates a new transaction for the write operation.
NOTE: It is not acceptable to acquire this lock recursively. An
attempt to do so will fail.
Arguments:
None.
Return Value:
STATUS_SUCCESS - Indicates the write lock was acquired and the transaction
was successfully started.
Other values may be returned as a result of failure to initiate the
transaction. These include any values returned by RtlStartRXact().
--*/
{
NTSTATUS NtStatus;
(VOID)RtlAcquireResourceExclusive( &SampLock, TRUE );
SampTransactionWithinDomain = FALSE;
NtStatus = RtlStartRXact( SampRXactContext );
if (NT_SUCCESS(NtStatus)) {
//
// Allow LSA a chance to perform an integrity check
//
LsaIHealthCheck( LsaIHealthSamJustLocked );
return(NtStatus);
}
//
// If the transaction failed, release the lock.
//
(VOID)RtlReleaseResource( &SampLock );
DbgPrint("SAM: StartRxact failed, status = 0x%lx\n", NtStatus);
return(NtStatus);
}
VOID
SampSetTransactionDomain(
IN ULONG DomainIndex
)
/*++
Routine Description:
This routine sets a domain for a transaction. This must be done
if any domain-specific information is to be modified during a transaction.
In this case, the domain modification count will be updated upon commit.
This causes the UnmodifiedFixed information for the specified domain to
be copied to the CurrentFixed field for the in-memory representation of
that domain.
Arguments:
DomainIndex - Index of the domain within which this transaction
will occur.
Return Value:
STATUS_SUCCESS - Indicates the write lock was acquired and the transaction
was successfully started.
Other values may be returned as a result of failure to initiate the
transaction. These include any values returned by RtlStartRXact().
--*/
{
ASSERT(SampTransactionWithinDomain == FALSE);
SampTransactionWithinDomain = TRUE;
SampTransactionDomainIndex = DomainIndex;
SampDefinedDomains[SampTransactionDomainIndex].CurrentFixed =
SampDefinedDomains[SampTransactionDomainIndex].UnmodifiedFixed;
return;
}
NTSTATUS
SampFlushThread(
IN PVOID ThreadParameter
)
/*++
Routine Description:
This thread is created when SAM's registry tree is changed.
It will sleep for a while, and if no other changes occur,
flush the changes to disk. If other changes keep occurring,
it will wait for a certain amount of time and then flush
anyway.
After flushing, the thread will wait a while longer. If no
other changes occur, it will exit.
Note that if any errors occur, this thread will simply exit
without flushing. The mainline code should create another thread,
and hopefully it will be luckier. Unfortunately, the error is lost
since there's nobody to give it to that will be able to do anything
about it.
Arguments:
ThreadParameter - not used.
Return Value:
None.
--*/
{
TIME minDelayTime, maxDelayTime, exitDelayTime;
LARGE_INTEGER startedWaitLoop;
LARGE_INTEGER currentTime;
NTSTATUS NtStatus;
BOOLEAN Finished = FALSE;
UNREFERENCED_PARAMETER( ThreadParameter );
NtQuerySystemTime( &startedWaitLoop );
//
// It would be more efficient to use constants here, but for now
// we'll recalculate the times each time we start the thread
// so that somebody playing with us can change the global
// time variables to affect performance.
//
minDelayTime.QuadPart = -1000 * 1000 * 10 *
((LONGLONG)SampFlushThreadMinWaitSeconds);
maxDelayTime.QuadPart = -1000 * 1000 * 10 *
((LONGLONG)SampFlushThreadMaxWaitSeconds);
exitDelayTime.QuadPart = -1000 * 1000 * 10 *
((LONGLONG)SampFlushThreadExitDelaySeconds);
do {
VerbosePrint(("SAM: Flush thread sleeping\n"));
NtDelayExecution( FALSE, &minDelayTime );
VerbosePrint(("SAM: Flush thread woke up\n"));
NtStatus = SampAcquireWriteLock();
if ( NT_SUCCESS( NtStatus ) ) {
#ifdef SAMP_DBG_CONTEXT_TRACKING
SampDumpContexts();
#endif
NtQuerySystemTime( &currentTime );
if ( LastUnflushedChange.QuadPart == SampHasNeverTime.QuadPart ) {
LARGE_INTEGER exitBecauseNoWorkRecentlyTime;
//
// No changes to flush. See if we should stick around.
//
exitBecauseNoWorkRecentlyTime = SampAddDeltaTime(
startedWaitLoop,
exitDelayTime
);
if ( exitBecauseNoWorkRecentlyTime.QuadPart < currentTime.QuadPart ) {
//
// We've waited for changes long enough; note that
// the thread is exiting.
//
FlushThreadCreated = FALSE;
Finished = TRUE;
}
} else {
LARGE_INTEGER noRecentChangesTime;
LARGE_INTEGER tooLongSinceFlushTime;
//
// There are changes to flush. See if it's time to do so.
//
noRecentChangesTime = SampAddDeltaTime(
LastUnflushedChange,
minDelayTime
);
tooLongSinceFlushTime = SampAddDeltaTime(
startedWaitLoop,
maxDelayTime
);
if ( (noRecentChangesTime.QuadPart < currentTime.QuadPart) ||
(tooLongSinceFlushTime.QuadPart < currentTime.QuadPart) ) {
//
// Min time has passed since last change, or Max time
// has passed since last flush. Let's flush.
//
NtStatus = NtFlushKey( SampKey );
#if SAMP_DIAGNOSTICS
if (!NT_SUCCESS(NtStatus)) {
SampDiagPrint( DISPLAY_STORAGE_FAIL,
("SAM: Failed to flush RXact (0x%lx)\n",
NtStatus) );
IF_SAMP_GLOBAL( BREAK_ON_STORAGE_FAIL ) {
ASSERT(NT_SUCCESS(NtStatus)); // See following comment
}
}
#endif //SAMP_DIAGNOSTICS
//
// Under normal conditions, we would have an
// ASSERT(NT_SUCCESS(NtStatus)) here. However,
// Because system shutdown can occur while we
// are waiting to flush, we have a race condition.
// When shutdown is made, another thread will be
// notified and perform a flush. That leaves this
// flush to potentially occur after the registry
// has been notified of system shutdown - which
// causes and error to be returned. Unfortunately,
// the error is REGISTRY_IO_FAILED - a great help.
//
// Despite this, we will only exit this loop only
// if we have success. This may cause us to enter
// into another wait and attempt another hive flush
// during shutdown, but the wait should never finish
// (unless shutdown takes more than 30 seconds). In
// other error situations though, we want to keep
// trying the flush until we succeed. Jim Kelly
//
if ( NT_SUCCESS(NtStatus) ) {
LastUnflushedChange = SampHasNeverTime;
NtQuerySystemTime( &startedWaitLoop );
FlushThreadCreated = FALSE;
Finished = TRUE;
}
}
}
SampReleaseWriteLock( FALSE );
} else {
DbgPrint("SAM: Thread failed to get write lock, status = 0x%lx\n", NtStatus);
FlushThreadCreated = FALSE;
Finished = TRUE;
}
} while ( !Finished );
return( STATUS_SUCCESS );
}
NTSTATUS
SampCommitChanges(
)
/*++
Routine Description:
Thie service commits any changes made to the backstore while exclusive
access was held.
If the operation was within a domain (which would have been indicated
via the SampSetTransactionDomain() api), then the CurrentFixed field for
that domain is added to the transaction before the transaction is
committed.
NOTE: Write operations within a domain do not have to worry about
updating the modified count for that domain. This routine
will automatically increment the ModifiedCount for a domain
when a commit is requested within that domain.
NOTE: When this routine returns any transaction will have either been
committed or aborted. i.e. there will be no transaction in progress.
Arguments:
None.
Return Value:
STATUS_SUCCESS - Indicates the transaction was successfully commited.
Other values may be returned as a result of commital failure.
--*/
{
NTSTATUS NtStatus, IgnoreStatus;
BOOLEAN DomainInfoChanged = FALSE;
BOOLEAN AbortDone = FALSE;
NtStatus = STATUS_SUCCESS;
//
// If this transaction was within a domain then we have to:
//
// (1) Update the ModifiedCount of that domain,
//
// (2) Write out the CurrentFixed field for that
// domain (using RtlAddActionToRXact(), so that it
// is part of the current transaction).
//
// (3) Commit the RXACT.
//
// (4) If the commit is successful, then update the
// in-memory copy of the un-modified fixed-length data.
//
// Otherwise, we just do the commit.
//
if (SampTransactionWithinDomain == TRUE) {
if (SampDefinedDomains[SampTransactionDomainIndex].CurrentFixed.ServerRole
!= DomainServerRoleBackup) {
//
// Don't update the modified count on backup controllers;
// the replicator will explicitly set the modified count.
//
SampDefinedDomains[SampTransactionDomainIndex].CurrentFixed.ModifiedCount.QuadPart =
SampDefinedDomains[SampTransactionDomainIndex].CurrentFixed.ModifiedCount.QuadPart +
1;
DomainInfoChanged = TRUE;
} else {
//
// See if the domain information changed - if it did, we
// need to add the change to the RXACT.
//
if ( RtlCompareMemory(
&SampDefinedDomains[SampTransactionDomainIndex].CurrentFixed,
&SampDefinedDomains[SampTransactionDomainIndex].UnmodifiedFixed,
sizeof(SAMP_V1_0A_FIXED_LENGTH_DOMAIN) ) !=
sizeof( SAMP_V1_0A_FIXED_LENGTH_DOMAIN) ) {
DomainInfoChanged = TRUE;
}
}
if ( DomainInfoChanged ) {
//
// The domain object's fixed information has changed, so set
// the changes in the domain object's private data.
//
NtStatus = SampSetFixedAttributes(
SampDefinedDomains[SampTransactionDomainIndex].
Context,
&SampDefinedDomains[SampTransactionDomainIndex].
CurrentFixed
);
if ( NT_SUCCESS( NtStatus ) ) {
//
// Normally when we dereference the context,
// SampStoreObjectAttributes() is called to add the
// latest change to the RXACT. But that won't happen
// for the domain object's change since this is the
// commit code, so we have to flush it by hand here.
//
NtStatus = SampStoreObjectAttributes(
SampDefinedDomains[SampTransactionDomainIndex].Context,
TRUE // Use the existing key handle
);
}
}
}
//
// If we still have no errors, try to commit the whole mess
//
if ( NT_SUCCESS(NtStatus) ) {
if ( ( !FlushImmediately ) && ( !FlushThreadCreated ) ) {
HANDLE Thread;
DWORD Ignore;
//
// If we can't create the flush thread, ignore error and
// just flush by hand below.
//
Thread = CreateThread(
NULL,
0L,
(LPTHREAD_START_ROUTINE)SampFlushThread,
NULL,
0L,
&Ignore
);
if ( Thread != NULL ) {
FlushThreadCreated = TRUE;
VerbosePrint(("Flush thread created, handle = 0x%lx\n", Thread));
CloseHandle(Thread);
}
}
NtStatus = RtlApplyRXactNoFlush( SampRXactContext );
#if SAMP_DIAGNOSTICS
if (!NT_SUCCESS(NtStatus)) {
SampDiagPrint( DISPLAY_STORAGE_FAIL,
("SAM: Failed to apply RXact without flush (0x%lx)\n",
NtStatus) );
IF_SAMP_GLOBAL( BREAK_ON_STORAGE_FAIL ) {
ASSERT(NT_SUCCESS(NtStatus));
}
}
#endif //SAMP_DIAGNOSTICS
if ( NT_SUCCESS(NtStatus) ) {
if ( ( FlushImmediately ) || ( !FlushThreadCreated ) ) {
NtStatus = NtFlushKey( SampKey );
#if SAMP_DIAGNOSTICS
if (!NT_SUCCESS(NtStatus)) {
SampDiagPrint( DISPLAY_STORAGE_FAIL,
("SAM: Failed to flush RXact (0x%lx)\n",
NtStatus) );
IF_SAMP_GLOBAL( BREAK_ON_STORAGE_FAIL ) {
ASSERT(NT_SUCCESS(NtStatus));
}
}
#endif //SAMP_DIAGNOSTICS
if ( NT_SUCCESS( NtStatus ) ) {
FlushImmediately = FALSE;
LastUnflushedChange = SampHasNeverTime;
}
} else {
NtQuerySystemTime( &LastUnflushedChange );
}
//
// Commit successful, set our unmodified to now be the current...
//
if (NT_SUCCESS(NtStatus)) {
if (SampTransactionWithinDomain == TRUE) {
SampDefinedDomains[SampTransactionDomainIndex].UnmodifiedFixed =
SampDefinedDomains[SampTransactionDomainIndex].CurrentFixed;
}
}
} else {
KdPrint(("SAM: Failed to commit changes to registry, status = 0x%lx\n", NtStatus));
KdPrint(("SAM: Restoring database to earlier consistent state\n"));
//
// Add an entry to the event log
//
SampWriteEventLog(
EVENTLOG_ERROR_TYPE,
0, // Category
SAMMSG_COMMIT_FAILED,
NULL, // User Sid
0, // Num strings
sizeof(NTSTATUS), // Data size
NULL, // String array
(PVOID)&NtStatus // Data
);
//
// The Rxact commital failed. We don't know how many registry
// writes were done for this transaction. We can't guarantee
// to successfully back them out anyway so all we can do is
// back out all changes since the last flush. When this is done
// we'll be back to a consistent database state although recent
// apis that were reported as succeeding will be 'undone'.
//
IgnoreStatus = SampRefreshRegistry();
if (!NT_SUCCESS(IgnoreStatus)) {
//
// This is very serious. We failed to revert to a previous
// database state and we can't proceed.
// Shutdown SAM operations.
//
SampServiceState = SampServiceTerminating;
KdPrint(("SAM: Failed to refresh registry, SAM has shutdown\n"));
//
// Add an entry to the event log
//
SampWriteEventLog(
EVENTLOG_ERROR_TYPE,
0, // Category
SAMMSG_REFRESH_FAILED,
NULL, // User Sid
0, // Num strings
sizeof(NTSTATUS), // Data size
NULL, // String array
(PVOID)&IgnoreStatus // Data
);
}
//
// Now all open contexts are invalid (contain invalid registry
// handles). The in memory registry handles have been
// re-opened so any new contexts should work ok.
//
//
// All unflushed changes have just been erased.
// There is nothing to flush
//
// If the refresh failed it is important to prevent any further
// registry flushes until the system is rebooted
//
FlushImmediately = FALSE;
LastUnflushedChange = SampHasNeverTime;
//
// The refresh effectively aborted the transaction
//
AbortDone = TRUE;
}
}
//
// Always abort the transaction on failure
//
if ( !NT_SUCCESS(NtStatus) && !AbortDone) {
NtStatus = RtlAbortRXact( SampRXactContext );
ASSERT(NT_SUCCESS(NtStatus));
}
return( NtStatus );
}
NTSTATUS
SampRefreshRegistry(
VOID
)
/*++
Routine Description:
This routine backs out all unflushed changes in the registry.
This operation invalidates any open handles to the SAM hive.
Global handles that we keep around are closed and re-opened by
this routine. The net result of this call will be that the database
is taken back to a previous consistent state. All open SAM contexts
are invalidated since they have invalid registry handles in them.
Arguments:
STATUS_SUCCESS : Operation completed successfully
Failure returns: We are in deep trouble. Normal operations can
not be resumed. SAM should be shutdown.
Return Value:
None
--*/
{
NTSTATUS NtStatus;
NTSTATUS IgnoreStatus;
HANDLE HiveKey;
BOOLEAN WasEnabled;
OBJECT_ATTRIBUTES ObjectAttributes;
UNICODE_STRING String;
ULONG i;
//
// Get a key handle to the root of the SAM hive
//
RtlInitUnicodeString( &String, L"\\Registry\\Machine\\SAM" );
InitializeObjectAttributes(
&ObjectAttributes,
&String,
OBJ_CASE_INSENSITIVE,
0,
NULL
);
NtStatus = RtlpNtOpenKey(
&HiveKey,
KEY_QUERY_VALUE,
&ObjectAttributes,
0
);
if (!NT_SUCCESS(NtStatus)) {
KdPrint(("SAM: Failed to open SAM hive root key for refresh, status = 0x%lx\n", NtStatus));
return(NtStatus);
}
//
// Enable restore privilege in preparation for the refresh
//
NtStatus = RtlAdjustPrivilege(SE_RESTORE_PRIVILEGE, TRUE, FALSE, &WasEnabled);
if (!NT_SUCCESS(NtStatus)) {
KdPrint(("SAM: Failed to enable restore privilege to refresh registry, status = 0x%lx\n", NtStatus));
IgnoreStatus = NtClose(HiveKey);
ASSERT(NT_SUCCESS(IgnoreStatus));
return(NtStatus);
}
//
// Refresh the SAM hive
// This should not fail unless there is volatile storage in the
// hive or we don't have TCB privilege
//
NtStatus = NtRestoreKey(HiveKey, NULL, REG_REFRESH_HIVE);
IgnoreStatus = RtlAdjustPrivilege(SE_RESTORE_PRIVILEGE, WasEnabled, FALSE, &WasEnabled);
ASSERT(NT_SUCCESS(IgnoreStatus));
IgnoreStatus = NtClose(HiveKey);
ASSERT(NT_SUCCESS(IgnoreStatus));
if (!NT_SUCCESS(NtStatus)) {
KdPrint(("SAM: Failed to refresh registry, status = 0x%lx\n", NtStatus));
return(NtStatus);
}
//
// Now close the registry handles we keep in memory at all times
// This effectively closes all server and domain context keys
// since they are shared.
//
NtStatus = NtClose(SampKey);
ASSERT(NT_SUCCESS(NtStatus));
SampKey = INVALID_HANDLE_VALUE;
for (i = 0; i<SampDefinedDomainsCount; i++ ) {
NtStatus = NtClose(SampDefinedDomains[i].Context->RootKey);
ASSERT(NT_SUCCESS(NtStatus));
SampDefinedDomains[i].Context->RootKey = INVALID_HANDLE_VALUE;
}
//
// Mark all domain and server context handles as invalid since they've
// now been closed
//
SampInvalidateContextListKeys(&SampContextListHead, FALSE);
//
// Re-open the SAM root key
//
RtlInitUnicodeString( &String, L"\\Registry\\Machine\\Security\\SAM" );
InitializeObjectAttributes(
&ObjectAttributes,
&String,
OBJ_CASE_INSENSITIVE,
0,
NULL
);
NtStatus = RtlpNtOpenKey(
&SampKey,
(KEY_READ | KEY_WRITE),
&ObjectAttributes,
0
);
if (!NT_SUCCESS(NtStatus)) {
KdPrint(("SAM: Failed to re-open SAM root key after registry refresh, status = 0x%lx\n", NtStatus));
ASSERT(FALSE);
return(NtStatus);
}
//
// Re-initialize the in-memory domain contexts
// Each domain will re-initialize it's open user/group/alias contexts
//
for (i = 0; i<SampDefinedDomainsCount; i++ ) {
NtStatus = SampReInitializeSingleDomain(i);
if (!NT_SUCCESS(NtStatus)) {
KdPrint(("SAM: Failed to re-initialize domain %d context after registry refresh, status = 0x%lx\n", i, NtStatus));
return(NtStatus);
}
}
//
// Cleanup the current transcation context
// (It would be nice if there were a RtlDeleteRXactContext())
//
// Note we don't have to close the rootregistrykey in the
// xact context since it was SampKey which we've already closed.
//
NtStatus = RtlAbortRXact( SampRXactContext );
ASSERT(NT_SUCCESS(NtStatus));
NtStatus = NtClose(SampRXactContext->RXactKey);
ASSERT(NT_SUCCESS(NtStatus));
//
// Re-initialize the transaction context.
// We don't expect there to be a partially commited transaction
// since we're reverting to a previously consistent and committed
// database.
//
NtStatus = RtlInitializeRXact( SampKey, FALSE, &SampRXactContext );
if (!NT_SUCCESS(NtStatus)) {
KdPrint(("SAM: Failed to re-initialize rxact context registry refresh, status = 0x%lx\n", NtStatus));
return(NtStatus);
}
ASSERT(NtStatus != STATUS_UNKNOWN_REVISION);
ASSERT(NtStatus != STATUS_RXACT_STATE_CREATED);
ASSERT(NtStatus != STATUS_RXACT_COMMIT_NECESSARY);
ASSERT(NtStatus != STATUS_RXACT_INVALID_STATE);
return(STATUS_SUCCESS);
}
NTSTATUS
SampReleaseWriteLock(
IN BOOLEAN Commit
)
/*++
Routine Description:
This routine releases exclusive access to the SAM data structures and
backing store.
If any changes were made to the backstore while exclusive access
was held, then this service commits those changes. Otherwise, the
transaction started when exclusive access was obtained is rolled back.
If the operation was within a domain (which would have been indicated
via the SampSetTransactionDomain() api), then the CurrentFixed field for
that domain is added to the transaction before the transaction is
committed.
NOTE: Write operations within a domain do not have to worry about
updating the modified count for that domain. This routine
will automatically increment the ModifiedCount for a domain
when a commit is requested within that domain.
Arguments:
Commit - A boolean value indicating whether modifications need to be
committed in the backing store. A value of TRUE indicates the
transaction should be committed. A value of FALSE indicates the
transaction should be aborted (rolled-back).
Return Value:
STATUS_SUCCESS - Indicates the write lock was released and the transaction
was successfully commited or rolled back.
Other values may be returned as a result of failure to commit or
roll-back the transaction. These include any values returned by
RtlApplyRXact() or RtlAbortRXact(). In the case of a commit, it
may also represent errors returned by RtlAddActionToRXact().
--*/
{
NTSTATUS NtStatus;
//
// Commit or rollback the transaction based upon the Commit parameter...
//
if (Commit == TRUE) {
NtStatus = SampCommitChanges();
} else {
NtStatus = RtlAbortRXact( SampRXactContext );
ASSERT(NT_SUCCESS(NtStatus));
}
SampTransactionWithinDomain = FALSE;
//
// Allow LSA a chance to perform an integrity check
//
LsaIHealthCheck( LsaIHealthSamAboutToFree );
//
// And free the lock...
//
(VOID)RtlReleaseResource( &SampLock );
return(NtStatus);
}
NTSTATUS
SampCommitAndRetainWriteLock(
VOID
)
/*++
Routine Description:
This routine attempts to commit all changes made so far. The write-lock
is held for the duration of the commit and is retained by the caller upon
return.
The transaction domain is left intact as well.
NOTE: Write operations within a domain do not have to worry about
updating the modified count for that domain. This routine
will automatically increment the ModifiedCount for a domain
when a commit is requested within that domain.
Arguments:
None.
Return Value:
STATUS_SUCCESS - Indicates the transaction was successfully commited.
Other values may be returned as a result of failure to commit or
roll-back the transaction. These include any values returned by
RtlApplyRXact() or RtlAddActionToRXact().
--*/
{
NTSTATUS NtStatus;
NTSTATUS TempStatus;
NtStatus = SampCommitChanges();
//
// Start another transaction, since we're retaining the write lock.
// Note we do this even if the commit failed so that cleanup code
// won't get confused by the lack of a transaction.
//
TempStatus = RtlStartRXact( SampRXactContext );
ASSERT(NT_SUCCESS(TempStatus));
//
// Return the worst status
//
if (NT_SUCCESS(NtStatus)) {
NtStatus = TempStatus;
}
return(NtStatus);
}
///////////////////////////////////////////////////////////////////////////////
// //
// Unicode registry key manipulation services //
// //
///////////////////////////////////////////////////////////////////////////////
NTSTATUS
SampRetrieveStringFromRegistry(
IN HANDLE ParentKey,
IN PUNICODE_STRING SubKeyName,
OUT PUNICODE_STRING Body
)
/*++
Routine Description:
This routine retrieves a unicode string buffer from the specified registry
sub-key and sets the output parameter "Body" to be that unicode string.
If the specified sub-key does not exist, then a null string will be
returned.
The string buffer is returned in a block of memory which the caller is
responsible for deallocating (using MIDL_user_free).
Arguments:
ParentKey - Key to the parent registry key of the registry key
containing the unicode string. For example, to retrieve
the unicode string for a key called ALPHA\BETA\GAMMA, this
is the key to ALPHA\BETA.
SubKeyName - The name of the sub-key whose value contains
a unicode string to retrieve. This field should not begin with
a back-slash (\). For example, to retrieve the unicode string
for a key called ALPHA\BETA\GAMMA, the name specified by this
field would be "BETA".
Body - The address of a UNICODE_STRING whose fields are to be filled
in with the information retrieved from the sub-key. The Buffer
field of this argument will be set to point to an allocated buffer
containing the unicode string characters.
Return Value:
STATUS_SUCCESS - The string was retrieved successfully.
STATUS_INSUFFICIENT_RESOURCES - Memory could not be allocated for the
string to be returned in.
Other errors as may be returned by:
NtOpenKey()
NtQueryInformationKey()
--*/
{
NTSTATUS NtStatus, IgnoreStatus;
OBJECT_ATTRIBUTES ObjectAttributes;
HANDLE SubKeyHandle;
ULONG IgnoreKeyType, KeyValueLength;
LARGE_INTEGER IgnoreLastWriteTime;
ASSERT(Body != NULL);
//
// Get a handle to the sub-key ...
//
InitializeObjectAttributes(
&ObjectAttributes,
SubKeyName,
OBJ_CASE_INSENSITIVE,
ParentKey,
NULL
);
NtStatus = RtlpNtOpenKey(
&SubKeyHandle,
(KEY_READ),
&ObjectAttributes,
0
);
if (!NT_SUCCESS(NtStatus)) {
//
// Couldn't open the sub-key
// If it is OBJECT_NAME_NOT_FOUND, then build a null string
// to return. Otherwise, return nothing.
//
if (NtStatus == STATUS_OBJECT_NAME_NOT_FOUND) {
Body->Buffer = MIDL_user_allocate( sizeof(UNICODE_NULL) );
if (Body->Buffer == NULL) {
return(STATUS_INSUFFICIENT_RESOURCES);
}
Body->Length = 0;
Body->MaximumLength = sizeof(UNICODE_NULL);
Body->Buffer[0] = 0;
return( STATUS_SUCCESS );
} else {
return(NtStatus);
}
}
//
// Get the length of the unicode string
// We expect one of two things to come back here:
//
// 1) STATUS_BUFFER_OVERFLOW - In which case the KeyValueLength
// contains the length of the string.
//
// 2) STATUS_SUCCESS - In which case there is no string out there
// and we need to build an empty string for return.
//
KeyValueLength = 0;
NtStatus = RtlpNtQueryValueKey(
SubKeyHandle,
&IgnoreKeyType,
NULL,
&KeyValueLength,
&IgnoreLastWriteTime
);
if (NT_SUCCESS(NtStatus)) {
KeyValueLength = 0;
Body->Buffer = MIDL_user_allocate( KeyValueLength + sizeof(WCHAR) ); // Length of null string
if (Body->Buffer == NULL) {
IgnoreStatus = NtClose( SubKeyHandle );
ASSERT(NT_SUCCESS(IgnoreStatus));
return(STATUS_INSUFFICIENT_RESOURCES);
}
Body->Buffer[0] = 0;
} else {
if (NtStatus == STATUS_BUFFER_OVERFLOW) {
Body->Buffer = MIDL_user_allocate( KeyValueLength + sizeof(WCHAR) );
if (Body->Buffer == NULL) {
IgnoreStatus = NtClose( SubKeyHandle );
ASSERT(NT_SUCCESS(IgnoreStatus));
return(STATUS_INSUFFICIENT_RESOURCES);
}
NtStatus = RtlpNtQueryValueKey(
SubKeyHandle,
&IgnoreKeyType,
Body->Buffer,
&KeyValueLength,
&IgnoreLastWriteTime
);
} else {
IgnoreStatus = NtClose( SubKeyHandle );
ASSERT(NT_SUCCESS(IgnoreStatus));
return(NtStatus);
}
}
if (!NT_SUCCESS(NtStatus)) {
MIDL_user_free( Body->Buffer );
IgnoreStatus = NtClose( SubKeyHandle );
ASSERT(NT_SUCCESS(IgnoreStatus));
return(NtStatus);
}
Body->Length = (USHORT)(KeyValueLength);
Body->MaximumLength = (USHORT)(KeyValueLength) + (USHORT)sizeof(WCHAR);
UnicodeTerminate(Body);
IgnoreStatus = NtClose( SubKeyHandle );
ASSERT(NT_SUCCESS(IgnoreStatus));
return( STATUS_SUCCESS );
}
NTSTATUS
SampPutStringToRegistry(
IN BOOLEAN RelativeToDomain,
IN PUNICODE_STRING SubKeyName,
IN PUNICODE_STRING Body
)
/*++
Routine Description:
This routine puts a unicode string into the specified registry
sub-key.
If the specified sub-key does not exist, then it is created.
NOTE: The string is assigned via the RXACT mechanism. Therefore,
it won't actually reside in the registry key until a commit
is performed.
Arguments:
RelativeToDomain - This boolean indicates whether or not the name
of the sub-key provide via the SubKeyName parameter is relative
to the current domain or to the top of the SAM registry tree.
If the name is relative to the current domain, then this value
is set to TRUE. Otherwise this value is set to FALSE.
SubKeyName - The name of the sub-key to be assigned the unicode string.
This field should not begin with a back-slash (\). For example,
to put a unicode string into a key called ALPHA\BETA\GAMMA, the
name specified by this field would be "BETA".
Body - The address of a UNICODE_STRING to be placed in the registry.
Return Value:
STATUS_SUCCESS - The string was added to the RXACT transaction
successfully.
STATUS_INSUFFICIENT_RESOURCES - There was not enough heap memory
or other limited resource available to fullfil the request.
Other errors as may be returned by:
RtlAddActionToRXact()
--*/
{
NTSTATUS NtStatus;
UNICODE_STRING KeyName;
//
// Need to build up the name of the key from the root of the RXACT
// registry key. That is the root of the SAM registry database
// in our case. If RelativeToDomain is FALSE, then the name passed
// is already relative to the SAM registry database root.
//
if (RelativeToDomain == TRUE) {
NtStatus = SampBuildDomainSubKeyName(
&KeyName,
SubKeyName
);
if (!NT_SUCCESS(NtStatus)) {
SampFreeUnicodeString( &KeyName );
return(NtStatus);
}
} else {
KeyName = (*SubKeyName);
}
NtStatus = RtlAddActionToRXact(
SampRXactContext,
RtlRXactOperationSetValue,
&KeyName,
0, // No KeyValueType
Body->Buffer,
Body->Length
);
//
// free the KeyName buffer if necessary
//
if (RelativeToDomain) {
SampFreeUnicodeString( &KeyName );
}
return( STATUS_SUCCESS );
}
///////////////////////////////////////////////////////////////////////////////
// //
// Unicode String related services - These use MIDL_user_allocate and //
// MIDL_user_free so that the resultant strings can be given to the //
// RPC runtime. //
// //
///////////////////////////////////////////////////////////////////////////////
NTSTATUS
SampInitUnicodeString(
IN OUT PUNICODE_STRING String,
IN USHORT MaximumLength
)
/*++
Routine Description:
This routine initializes a unicode string to have zero length and
no initial buffer.
All allocation for this string will be done using MIDL_user_allocate.
Arguments:
String - The address of a unicode string to initialize.
MaximumLength - The maximum length (in bytes) the string will need
to grow to. The buffer associated with the string is allocated
to be this size. Don't forget to allow 2 bytes for null termination.
Return Value:
STATUS_SUCCESS - Successful completion.
--*/
{
String->Length = 0;
String->MaximumLength = MaximumLength;
String->Buffer = MIDL_user_allocate(MaximumLength);
if (String->Buffer != NULL) {
String->Buffer[0] = 0;
return(STATUS_SUCCESS);
} else {
return(STATUS_INSUFFICIENT_RESOURCES);
}
}
NTSTATUS
SampAppendUnicodeString(
IN OUT PUNICODE_STRING Target,
IN PUNICODE_STRING StringToAdd
)
/*++
Routine Description:
This routine appends the string pointed to by StringToAdd to the
string pointed to by Target. The contents of Target are replaced
by the result.
All allocation for this string will be done using MIDL_user_allocate.
Any deallocations will be done using MIDL_user_free.
Arguments:
Target - The address of a unicode string to initialize to be appended to.
StringToAdd - The address of a unicode string to be added to the
end of Target.
Return Value:
STATUS_SUCCESS - Successful completion.
STATUS_INSUFFICIENT_RESOURCES - There was not sufficient heap to fullfil
the requested operation.
--*/
{
USHORT TotalLength;
PWSTR NewBuffer;
TotalLength = Target->Length + StringToAdd->Length + (USHORT)(sizeof(UNICODE_NULL));
//
// If there isn't room in the target to append the new string,
// allocate a buffer that is large enough and move the current
// target into it.
//
if (TotalLength > Target->MaximumLength) {
NewBuffer = MIDL_user_allocate( (ULONG)TotalLength );
if (NewBuffer == NULL) {
return(STATUS_INSUFFICIENT_RESOURCES);
}
RtlCopyMemory( NewBuffer, Target->Buffer, (ULONG)(Target->Length) );
MIDL_user_free( Target->Buffer );
Target->Buffer = NewBuffer;
Target->MaximumLength = TotalLength;
} else {
NewBuffer = Target->Buffer;
}
//
// There's now room in the target to append the string.
//
(PCHAR)NewBuffer += Target->Length;
RtlCopyMemory( NewBuffer, StringToAdd->Buffer, (ULONG)(StringToAdd->Length) );
Target->Length = TotalLength - (USHORT)(sizeof(UNICODE_NULL));
//
// Null terminate the resultant string
//
UnicodeTerminate(Target);
return(STATUS_SUCCESS);
}
VOID
SampFreeUnicodeString(
IN PUNICODE_STRING String
)
/*++
Routine Description:
This routine frees the buffer associated with a unicode string
(using MIDL_user_free()).
Arguments:
Target - The address of a unicode string to free.
Return Value:
None.
--*/
{
if (String->Buffer != NULL) {
MIDL_user_free( String->Buffer );
}
return;
}
VOID
SampFreeOemString(
IN POEM_STRING String
)
/*++
Routine Description:
This routine frees the buffer associated with an OEM string
(using MIDL_user_free()).
Arguments:
Target - The address of an OEM string to free.
Return Value:
None.
--*/
{
if (String->Buffer != NULL) {
MIDL_user_free( String->Buffer );
}
return;
}
NTSTATUS
SampBuildDomainSubKeyName(
OUT PUNICODE_STRING KeyName,
IN PUNICODE_STRING SubKeyName OPTIONAL
)
/*++
Routine Description:
This routine builds a unicode string name of the string passed
via the SubKeyName argument. The resultant name is relative to
the root of the SAM root registry key.
Note: THIS ROUTINE REFERENCES THE CURRENT TRANSACTION DOMAIN
(ESTABLISHED USING SampSetTransactioDomain()). THIS
SERVICE MAY ONLY BE CALLED AFTER SampSetTransactionDomain()
AND BEFORE SampReleaseWriteLock().
The name built up is comprized of three components:
1) The constant named domain parent key name ("DOMAINS").
2) A backslash
3) The name of the current transaction domain.
(optionally)
4) A backslash
5) The name of the domain's sub-key (specified by the SubKeyName
argument).
For example, if the current domain is called "MY_DOMAIN", then
the relative name of the sub-key named "FRAMITZ" is :
"DOMAINS\MY_DOMAIN\FRAMITZ"
All allocation for this string will be done using MIDL_user_allocate.
Any deallocations will be done using MIDL_user_free.
Arguments:
KeyName - The address of a unicode string whose buffer is to be filled
in with the full name of the registry key. If successfully created,
this string must be released with SampFreeUnicodeString() when no
longer needed.
SubKeyName - (optional) The name of the domain sub-key. If this parameter
is not provided, then only the domain's name is produced.
This string is not modified.
Return Value:
--*/
{
NTSTATUS NtStatus;
USHORT TotalLength, SubKeyNameLength;
ASSERT(SampTransactionWithinDomain == TRUE);
//
// Initialize a string large enough to hold the name
//
if (ARGUMENT_PRESENT(SubKeyName)) {
SubKeyNameLength = SampBackSlash.Length + SubKeyName->Length;
} else {
SubKeyNameLength = 0;
}
TotalLength = SampNameDomains.Length +
SampBackSlash.Length +
SampDefinedDomains[SampTransactionDomainIndex].InternalName.Length +
SubKeyNameLength +
(USHORT)(sizeof(UNICODE_NULL)); // for null terminator
NtStatus = SampInitUnicodeString( KeyName, TotalLength );
if (!NT_SUCCESS(NtStatus)) {
return(NtStatus);
}
//
// "DOMAINS"
//
NtStatus = SampAppendUnicodeString( KeyName, &SampNameDomains);
if (!NT_SUCCESS(NtStatus)) {
SampFreeUnicodeString( KeyName );
return(NtStatus);
}
//
// "DOMAINS\"
//
NtStatus = SampAppendUnicodeString( KeyName, &SampBackSlash );
if (!NT_SUCCESS(NtStatus)) {
SampFreeUnicodeString( KeyName );
return(NtStatus);
}
//
// "DOMAINS\(domain name)"
//
NtStatus = SampAppendUnicodeString(
KeyName,
&SampDefinedDomains[SampTransactionDomainIndex].InternalName
);
if (!NT_SUCCESS(NtStatus)) {
SampFreeUnicodeString( KeyName );
return(NtStatus);
}
if (ARGUMENT_PRESENT(SubKeyName)) {
//
// "DOMAINS\(domain name)\"
//
NtStatus = SampAppendUnicodeString( KeyName, &SampBackSlash );
if (!NT_SUCCESS(NtStatus)) {
SampFreeUnicodeString( KeyName );
return(NtStatus);
}
//
// "DOMAINS\(domain name)\(sub key name)"
//
NtStatus = SampAppendUnicodeString( KeyName, SubKeyName );
if (!NT_SUCCESS(NtStatus)) {
SampFreeUnicodeString( KeyName );
return(NtStatus);
}
}
return(NtStatus);
}
NTSTATUS
SampBuildAccountKeyName(
IN SAMP_OBJECT_TYPE ObjectType,
OUT PUNICODE_STRING AccountKeyName,
IN PUNICODE_STRING AccountName OPTIONAL
)
/*++
Routine Description:
This routine builds the name of either a group or user registry key.
The name produced is relative to the SAM root and will be the name of
key whose name is the name of the account.
Note: THIS ROUTINE REFERENCES THE CURRENT TRANSACTION DOMAIN
(ESTABLISHED USING SampSetTransactioDomain()). THIS
SERVICE MAY ONLY BE CALLED AFTER SampSetTransactionDomain()
AND BEFORE SampReleaseWriteLock().
The name built up is comprized of the following components:
1) The constant named domain parent key name ("DOMAINS").
2) A backslash
3) The name of the current transaction domain.
4) A backslash
5) The constant name of the group or user registry key
("GROUPS" or "USERS").
6) A backslash
7) The constant name of the registry key containing the
account names ("NAMES").
and, if the AccountName is specified,
8) A backslash
9) The account name specified by the AccountName argument.
For example, given a AccountName of "XYZ_GROUP" and the current domain
is "ALPHA_DOMAIN", this would yield a resultant AccountKeyName of
"DOMAINS\ALPHA_DOMAIN\GROUPS\NAMES\XYZ_GROUP".
All allocation for this string will be done using MIDL_user_allocate.
Any deallocations will be done using MIDL_user_free.
Arguments:
ObjectType - Indicates whether the account is a user or group account.
AccountKeyName - The address of a unicode string whose buffer is to be
filled in with the full name of the registry key. If successfully
created, this string must be released with SampFreeUnicodeString()
when no longer needed.
AccountName - The name of the account. This string is not
modified.
Return Value:
STATUS_SUCCESS - The name has been built.
STATUS_INVALID_ACCOUNT_NAME - The name specified is not legitimate.
--*/
{
NTSTATUS NtStatus;
USHORT TotalLength, AccountNameLength;
PUNICODE_STRING AccountTypeKeyName;
PUNICODE_STRING NamesSubKeyName;
ASSERT(SampTransactionWithinDomain == TRUE);
ASSERT( (ObjectType == SampGroupObjectType) ||
(ObjectType == SampAliasObjectType) ||
(ObjectType == SampUserObjectType) );
//
// If an account name was provided, then it must meet certain
// criteria.
//
if (ARGUMENT_PRESENT(AccountName)) {
if (
//
// Length must be legitimate
//
(AccountName->Length == 0) ||
(AccountName->Length > AccountName->MaximumLength) ||
//
// Buffer pointer is available
//
(AccountName->Buffer == NULL)
) {
return(STATUS_INVALID_ACCOUNT_NAME);
}
}
switch (ObjectType) {
case SampGroupObjectType:
AccountTypeKeyName = &SampNameDomainGroups;
NamesSubKeyName = &SampNameDomainGroupsNames;
break;
case SampAliasObjectType:
AccountTypeKeyName = &SampNameDomainAliases;
NamesSubKeyName = &SampNameDomainAliasesNames;
break;
case SampUserObjectType:
AccountTypeKeyName = &SampNameDomainUsers;
NamesSubKeyName = &SampNameDomainUsersNames;
break;
}
//
// Allocate a buffer large enough to hold the entire name.
// Only count the account name if it is passed.
//
AccountNameLength = 0;
if (ARGUMENT_PRESENT(AccountName)) {
AccountNameLength = AccountName->Length + SampBackSlash.Length;
}
TotalLength = SampNameDomains.Length +
SampBackSlash.Length +
SampDefinedDomains[SampTransactionDomainIndex].InternalName.Length +
SampBackSlash.Length +
AccountTypeKeyName->Length +
SampBackSlash.Length +
NamesSubKeyName->Length +
AccountNameLength +
(USHORT)(sizeof(UNICODE_NULL)); // for null terminator
NtStatus = SampInitUnicodeString( AccountKeyName, TotalLength );
if (NT_SUCCESS(NtStatus)) {
//
// "DOMAINS"
//
NtStatus = SampAppendUnicodeString( AccountKeyName, &SampNameDomains);
if (NT_SUCCESS(NtStatus)) {
//
// "DOMAINS\"
//
NtStatus = SampAppendUnicodeString( AccountKeyName, &SampBackSlash );
if (NT_SUCCESS(NtStatus)) {
//
// "DOMAINS\(domain name)"
//
NtStatus = SampAppendUnicodeString(
AccountKeyName,
&SampDefinedDomains[SampTransactionDomainIndex].InternalName
);
if (NT_SUCCESS(NtStatus)) {
//
// "DOMAINS\(domain name)\"
//
NtStatus = SampAppendUnicodeString( AccountKeyName, &SampBackSlash );
if (NT_SUCCESS(NtStatus)) {
//
// "DOMAINS\(domain name)\GROUPS"
// or
// "DOMAINS\(domain name)\USERS"
//
NtStatus = SampAppendUnicodeString( AccountKeyName, AccountTypeKeyName );
if (NT_SUCCESS(NtStatus)) {
//
// "DOMAINS\(domain name)\GROUPS\"
// or
// "DOMAINS\(domain name)\USERS\"
//
NtStatus = SampAppendUnicodeString( AccountKeyName, &SampBackSlash );
if (NT_SUCCESS(NtStatus)) {
//
// "DOMAINS\(domain name)\GROUPS\NAMES"
// or
// "DOMAINS\(domain name)\USERS\NAMES"
//
NtStatus = SampAppendUnicodeString( AccountKeyName, NamesSubKeyName );
if (NT_SUCCESS(NtStatus) && ARGUMENT_PRESENT(AccountName)) {
//
// "DOMAINS\(domain name)\GROUPS\NAMES\"
// or
// "DOMAINS\(domain name)\USERS\NAMES\"
//
NtStatus = SampAppendUnicodeString( AccountKeyName, &SampBackSlash );
if (NT_SUCCESS(NtStatus)) {
//
// "DOMAINS\(domain name)\GROUPS\(account name)"
// or
// "DOMAINS\(domain name)\USERS\(account name)"
//
NtStatus = SampAppendUnicodeString( AccountKeyName, AccountName );
}
}
}
}
}
}
}
}
}
return(NtStatus);
}
NTSTATUS
SampBuildAccountSubKeyName(
IN SAMP_OBJECT_TYPE ObjectType,
OUT PUNICODE_STRING AccountKeyName,
IN ULONG AccountRid,
IN PUNICODE_STRING SubKeyName OPTIONAL
)
/*++
Routine Description:
This routine builds the name of a key for one of the fields of either
a user or a group.
The name produced is relative to the SAM root.
Note: THIS ROUTINE REFERENCES THE CURRENT TRANSACTION DOMAIN
(ESTABLISHED USING SampSetTransactioDomain()). THIS
SERVICE MAY ONLY BE CALLED AFTER SampSetTransactionDomain()
AND BEFORE SampReleaseWriteLock().
The name built up is comprized of the following components:
1) The constant named domain parent key name ("DOMAINS").
2) A backslash
3) The name of the current transaction domain.
4) A backslash
5) The constant name of the group or user registry key
("Groups" or "Users").
6) A unicode representation of the reltive ID of the account
and if the optional SubKeyName is provided:
7) A backslash
8) the sub key's name.
4) The account name specified by the AccountName argument.
For example, given a AccountRid of 3187, a SubKeyName of "AdminComment"
and the current domain is "ALPHA_DOMAIN", this would yield a resultant
AccountKeyName of:
"DOMAINS\ALPHA_DOMAIN\GROUPS\00003187\AdminComment".
All allocation for this string will be done using MIDL_user_allocate.
Any deallocations will be done using MIDL_user_free.
Arguments:
ObjectType - Indicates whether the account is a user or group account.
AccountKeyName - The address of a unicode string whose buffer is to be
filled in with the full name of the registry key. If successfully
created, this string must be released with SampFreeUnicodeString()
when no longer needed.
AccountName - The name of the account. This string is not
modified.
Return Value:
--*/
{
NTSTATUS NtStatus;
USHORT TotalLength, SubKeyNameLength;
PUNICODE_STRING AccountTypeKeyName;
UNICODE_STRING RidNameU;
ASSERT(SampTransactionWithinDomain == TRUE);
ASSERT( (ObjectType == SampGroupObjectType) ||
(ObjectType == SampAliasObjectType) ||
(ObjectType == SampUserObjectType) );
switch (ObjectType) {
case SampGroupObjectType:
AccountTypeKeyName = &SampNameDomainGroups;
break;
case SampAliasObjectType:
AccountTypeKeyName = &SampNameDomainAliases;
break;
case SampUserObjectType:
AccountTypeKeyName = &SampNameDomainUsers;
break;
}
//
// Determine how much space will be needed in the resultant name
// buffer to allow for the sub-key-name.
//
if (ARGUMENT_PRESENT(SubKeyName)) {
SubKeyNameLength = SubKeyName->Length + SampBackSlash.Length;
} else {
SubKeyNameLength = 0;
}
//
// Convert the account Rid to Unicode.
//
NtStatus = SampRtlConvertUlongToUnicodeString(
AccountRid,
16,
8,
TRUE,
&RidNameU
);
if (NT_SUCCESS(NtStatus)) {
//
// allocate a buffer large enough to hold the entire name
//
TotalLength = SampNameDomains.Length +
SampBackSlash.Length +
SampDefinedDomains[SampTransactionDomainIndex].InternalName.Length +
SampBackSlash.Length +
AccountTypeKeyName->Length +
RidNameU.Length +
SubKeyNameLength +
(USHORT)(sizeof(UNICODE_NULL)); // for null terminator
NtStatus = SampInitUnicodeString( AccountKeyName, TotalLength );
if (NT_SUCCESS(NtStatus)) {
//
// "DOMAINS"
//
NtStatus = SampAppendUnicodeString( AccountKeyName, &SampNameDomains);
if (NT_SUCCESS(NtStatus)) {
//
// "DOMAINS\"
//
NtStatus = SampAppendUnicodeString( AccountKeyName, &SampBackSlash );
if (NT_SUCCESS(NtStatus)) {
//
// "DOMAINS\(domain name)"
//
NtStatus = SampAppendUnicodeString(
AccountKeyName,
&SampDefinedDomains[SampTransactionDomainIndex].InternalName
);
if (NT_SUCCESS(NtStatus)) {
//
// "DOMAINS\(domain name)\"
//
NtStatus = SampAppendUnicodeString( AccountKeyName, &SampBackSlash );
if (NT_SUCCESS(NtStatus)) {
//
// "DOMAINS\(domain name)\GROUPS"
// or
// "DOMAINS\(domain name)\USERS"
//
NtStatus = SampAppendUnicodeString( AccountKeyName, AccountTypeKeyName );
if (NT_SUCCESS(NtStatus)) {
//
// "DOMAINS\(domain name)\GROUPS\"
// or
// "DOMAINS\(domain name)\USERS\"
//
NtStatus = SampAppendUnicodeString( AccountKeyName, &SampBackSlash );
if (NT_SUCCESS(NtStatus)) {
//
// "DOMAINS\(domain name)\GROUPS\(rid)"
// or
// "DOMAINS\(domain name)\USERS\(rid)"
//
NtStatus = SampAppendUnicodeString( AccountKeyName, &RidNameU );
if (NT_SUCCESS(NtStatus) && ARGUMENT_PRESENT(SubKeyName)) {
//
// "DOMAINS\(domain name)\GROUPS\(rid)\"
// or
// "DOMAINS\(domain name)\USERS\(rid)\"
//
NtStatus = SampAppendUnicodeString( AccountKeyName, &SampBackSlash );
if (NT_SUCCESS(NtStatus)) {
//
// "DOMAINS\(domain name)\GROUPS\(rid)\(sub-key-name)"
// or
// "DOMAINS\(domain name)\USERS\(rid)\(sub-key-name)"
//
NtStatus = SampAppendUnicodeString( AccountKeyName, SubKeyName );
}
}
}
}
}
}
}
}
}
MIDL_user_free(RidNameU.Buffer);
}
return(NtStatus);
}
NTSTATUS
SampBuildAliasMembersKeyName(
IN PSID AccountSid,
OUT PUNICODE_STRING DomainKeyName,
OUT PUNICODE_STRING AccountKeyName
)
/*++
Routine Description:
This routine builds the name of a key for the alias membership for an
arbitrary account sid. Also produced is the name of the key for the
domain of the account. This is the account key name without the last
account rid component.
The names produced is relative to the SAM root.
Note: THIS ROUTINE REFERENCES THE CURRENT TRANSACTION DOMAIN
(ESTABLISHED USING SampSetTransactioDomain()). THIS
SERVICE MAY ONLY BE CALLED AFTER SampSetTransactionDomain()
AND BEFORE SampReleaseWriteLock().
The names built up are comprised of the following components:
1) The constant named domain parent key name ("DOMAINS").
2) A backslash
3) The name of the current transaction domain.
4) A backslash
5) The constant name of the alias registry key ("Aliases").
6) A backslash
7) The constant name of the alias members registry key ("Members").
8) A backslash
9) A unicode representation of the SID of the account domain
and for the AccountKeyName only
10) A backslash
11) A unicode representation of the RID of the account
For example, given a Account Sid of 1-2-3-3187
and the current domain is "ALPHA_DOMAIN",
this would yield a resultant AcccountKeyName of:
"DOMAINS\ALPHA_DOMAIN\ALIASES\MEMBERS\1-2-3\00003187".
and a DomainKeyName of:
"DOMAINS\ALPHA_DOMAIN\ALIASES\MEMBERS\1-2-3".
All allocation for these strings will be done using MIDL_user_allocate.
Any deallocations will be done using MIDL_user_free.
Arguments:
AccountSid - The account whose alias membership in the current domain
is to be determined.
DomainKeyName - The address of a unicode string whose
buffer is to be filled in with the full name of the domain registry key.
If successfully created, this string must be released with
SampFreeUnicodeString() when no longer needed.
AccountKeyName - The address of a unicode string whose
buffer is to be filled in with the full name of the account registry key.
If successfully created, this string must be released with
SampFreeUnicodeString() when no longer needed.
Return Value:
STATUS_SUCCESS - the domain and account key names are valid.
STATUS_INVALID_SID - the AccountSid is not valid. AccountSids must have
a sub-authority count > 0
--*/
{
NTSTATUS NtStatus;
USHORT DomainTotalLength;
USHORT AccountTotalLength;
UNICODE_STRING DomainNameU, TempStringU;
UNICODE_STRING RidNameU;
PSID DomainSid = NULL;
ULONG AccountRid;
ULONG AccountSubAuthorities;
DomainNameU.Buffer = TempStringU.Buffer = RidNameU.Buffer = NULL;
ASSERT(SampTransactionWithinDomain == TRUE);
ASSERT(AccountSid != NULL);
ASSERT(DomainKeyName != NULL);
ASSERT(AccountKeyName != NULL);
//
// Split the account sid into domain sid and account rid
//
AccountSubAuthorities = (ULONG)*RtlSubAuthorityCountSid(AccountSid);
//
// Check for at least one sub-authority
//
if (AccountSubAuthorities < 1) {
return (STATUS_INVALID_SID);
}
//
// Allocate space for the domain sid
//
DomainSid = MIDL_user_allocate(RtlLengthSid(AccountSid));
NtStatus = STATUS_INSUFFICIENT_RESOURCES;
if (DomainSid == NULL) {
return(NtStatus);
}
//
// Initialize the domain sid
//
NtStatus = RtlCopySid(RtlLengthSid(AccountSid), DomainSid, AccountSid);
ASSERT(NT_SUCCESS(NtStatus));
*RtlSubAuthorityCountSid(DomainSid) = (UCHAR)(AccountSubAuthorities - 1);
//
// Initialize the account rid
//
AccountRid = *RtlSubAuthoritySid(AccountSid, AccountSubAuthorities - 1);
//
// Convert the domain sid into a registry key name string
//
NtStatus = RtlConvertSidToUnicodeString( &DomainNameU, DomainSid, TRUE);
if (!NT_SUCCESS(NtStatus)) {
DomainNameU.Buffer = NULL;
goto BuildAliasMembersKeyNameError;
}
//
// Convert the account rid into a registry key name string with
// leading zeros.
//
NtStatus = SampRtlConvertUlongToUnicodeString(
AccountRid,
16,
8,
TRUE,
&RidNameU
);
if (!NT_SUCCESS(NtStatus)) {
goto BuildAliasMembersKeyNameError;
}
if (NT_SUCCESS(NtStatus)) {
//
// allocate a buffer large enough to hold the entire name
//
DomainTotalLength =
SampNameDomains.Length +
SampBackSlash.Length +
SampDefinedDomains[SampTransactionDomainIndex].InternalName.Length +
SampBackSlash.Length +
SampNameDomainAliases.Length +
SampBackSlash.Length +
SampNameDomainAliasesMembers.Length +
SampBackSlash.Length +
DomainNameU.Length +
(USHORT)(sizeof(UNICODE_NULL)); // for null terminator
AccountTotalLength = DomainTotalLength +
SampBackSlash.Length +
RidNameU.Length;
//
// First build the domain key name
//
NtStatus = SampInitUnicodeString( DomainKeyName, DomainTotalLength );
if (NT_SUCCESS(NtStatus)) {
NtStatus = SampInitUnicodeString( AccountKeyName, AccountTotalLength );
if (!NT_SUCCESS(NtStatus)) {
SampFreeUnicodeString(DomainKeyName);
} else {
//
// "DOMAINS"
//
NtStatus = SampAppendUnicodeString( DomainKeyName, &SampNameDomains);
ASSERT(NT_SUCCESS(NtStatus));
//
// "DOMAINS\"
//
NtStatus = SampAppendUnicodeString( DomainKeyName, &SampBackSlash );
ASSERT(NT_SUCCESS(NtStatus));
//
// "DOMAINS\(domain name)"
//
NtStatus = SampAppendUnicodeString(
DomainKeyName,
&SampDefinedDomains[SampTransactionDomainIndex].InternalName
);
ASSERT(NT_SUCCESS(NtStatus));
//
// "DOMAINS\(domain name)\"
//
NtStatus = SampAppendUnicodeString( DomainKeyName, &SampBackSlash );
ASSERT(NT_SUCCESS(NtStatus));
//
// "DOMAINS\(domain name)\ALIASES"
//
NtStatus = SampAppendUnicodeString( DomainKeyName, &SampNameDomainAliases);
ASSERT(NT_SUCCESS(NtStatus));
//
// "DOMAINS\(domain name)\ALIASES\"
//
NtStatus = SampAppendUnicodeString( DomainKeyName, &SampBackSlash );
ASSERT(NT_SUCCESS(NtStatus));
//
// "DOMAINS\(domain name)\ALIASES\MEMBERS"
//
NtStatus = SampAppendUnicodeString( DomainKeyName, &SampNameDomainAliasesMembers);
ASSERT(NT_SUCCESS(NtStatus));
//
// "DOMAINS\(domain name)\ALIASES\MEMBERS\"
//
NtStatus = SampAppendUnicodeString( DomainKeyName, &SampBackSlash );
ASSERT(NT_SUCCESS(NtStatus));
//
// "DOMAINS\(domain name)\ALIASES\MEMBERS\(DomainSid)"
//
NtStatus = SampAppendUnicodeString( DomainKeyName, &DomainNameU );
ASSERT(NT_SUCCESS(NtStatus));
//
// Now build the account name by copying the domain name
// and suffixing the account Rid
//
RtlCopyUnicodeString(AccountKeyName, DomainKeyName);
ASSERT(AccountKeyName->Length = DomainKeyName->Length);
//
// "DOMAINS\(domain name)\ALIASES\MEMBERS\(DomainSid)\"
//
NtStatus = SampAppendUnicodeString( AccountKeyName, &SampBackSlash );
ASSERT(NT_SUCCESS(NtStatus));
//
// "DOMAINS\(domain name)\ALIASES\MEMBERS\(DomainSid)\(AccountRid)"
//
NtStatus = SampAppendUnicodeString( AccountKeyName, &RidNameU );
ASSERT(NT_SUCCESS(NtStatus));
}
}
MIDL_user_free(RidNameU.Buffer);
}
BuildAliasMembersKeyNameFinish:
//
// If necessary, free memory allocated for the DomainSid.
//
if (DomainSid != NULL) {
MIDL_user_free(DomainSid);
DomainSid = NULL;
}
if ( DomainNameU.Buffer != NULL ) {
RtlFreeUnicodeString( &DomainNameU );
}
return(NtStatus);
BuildAliasMembersKeyNameError:
goto BuildAliasMembersKeyNameFinish;
}
NTSTATUS
SampValidateNewAccountName(
PUNICODE_STRING NewAccountName
)
/*++
Routine Description:
This routine validates a new user, alias or group account name.
This routine:
1) Validates that the name is properly constructed.
2) Is not already in use as a user, alias or group account name
in any of the local SAM domains.
Arguments:
Name - The address of a unicode string containing the name to be
looked for.
Return Value:
STATUS_SUCCESS - The new account name is valid, and not yet in use.
STATUS_ALIAS_EXISTS - The account name is already in use as a
alias account name.
STATUS_GROUP_EXISTS - The account name is already in use as a
group account name.
STATUS_USER_EXISTS - The account name is already in use as a user
account name.
--*/
{
NTSTATUS NtStatus;
SID_NAME_USE Use;
ULONG Rid;
ULONG DomainIndex, CurrentTransactionDomainIndex;
//
// Save the current transaction domain indicator
//
CurrentTransactionDomainIndex = SampTransactionDomainIndex;
//
// Lookup the account in each of the local SAM domains
//
NtStatus = STATUS_SUCCESS;
for (DomainIndex = 0;
( (DomainIndex < SampDefinedDomainsCount) && NT_SUCCESS(NtStatus) );
DomainIndex++) {
SampTransactionWithinDomain = FALSE;
SampSetTransactionDomain( DomainIndex );
NtStatus = SampLookupAccountRid(
SampUnknownObjectType,
NewAccountName,
STATUS_NO_SUCH_USER,
&Rid,
&Use
);
if (!NT_SUCCESS(NtStatus)) {
//
// The only error allowed is that the account was not found.
// Convert this to success, and continue searching SAM domains.
// Propagate any other error.
//
if (NtStatus != STATUS_NO_SUCH_USER) {
break;
}
NtStatus = STATUS_SUCCESS;
} else {
//
// An account with the given Rid already exists. Return status
// indicating the type of the conflicting account.
//
switch (Use) {
case SidTypeUser:
NtStatus = STATUS_USER_EXISTS;
break;
case SidTypeGroup:
NtStatus = STATUS_GROUP_EXISTS;
break;
case SidTypeDomain:
NtStatus = STATUS_DOMAIN_EXISTS;
break;
case SidTypeAlias:
NtStatus = STATUS_ALIAS_EXISTS;
break;
case SidTypeWellKnownGroup:
NtStatus = STATUS_GROUP_EXISTS;
break;
case SidTypeDeletedAccount:
NtStatus = STATUS_INVALID_PARAMETER;
break;
case SidTypeInvalid:
NtStatus = STATUS_INVALID_PARAMETER;
break;
default:
NtStatus = STATUS_INTERNAL_DB_CORRUPTION;
break;
}
}
}
//
// Restore the Current Transaction Domain
//
SampTransactionWithinDomain = FALSE;
SampSetTransactionDomain( CurrentTransactionDomainIndex );
return(NtStatus);
}
NTSTATUS
SampValidateAccountNameChange(
IN PUNICODE_STRING NewAccountName,
IN PUNICODE_STRING OldAccountName
)
/*++
Routine Description:
This routine validates a user, group or alias account name that is
to be set on an account. This routine:
1) Returns success if the name is the same as the existing name,
except with a different case
1) Otherwise calls SampValidateNewAccountName to verify that the
name is properly constructed and is not already in use as a
user, alias or group account name.
Arguments:
NewAccountName - The address of a unicode string containing the new
name.
OldAccountName - The address of a unicode string containing the old
name.
Return Value:
STATUS_SUCCESS - The account's name may be changed to the new
account name
STATUS_ALIAS_EXISTS - The account name is already in use as a
alias account name.
STATUS_GROUP_EXISTS - The account name is already in use as a
group account name.
STATUS_USER_EXISTS - The account name is already in use as a user
account name.
--*/
{
//
// Compare the old and new names without regard for case. If they
// are the same, return success because the name was checked when we
// first added it; we don't care about case changes.
//
if ( 0 == RtlCompareUnicodeString(
NewAccountName,
OldAccountName,
TRUE ) ) {
return( STATUS_SUCCESS );
}
//
// Not just a case change; this is a different name. Validate it as
// any new name.
//
return( SampValidateNewAccountName( NewAccountName ) );
}
NTSTATUS
SampRetrieveAccountCounts(
OUT PULONG UserCount,
OUT PULONG GroupCount,
OUT PULONG AliasCount
)
/*++
Routine Description:
This routine retrieve the number of user and group accounts in a domain.
Note: THIS ROUTINE REFERENCES THE CURRENT TRANSACTION DOMAIN
(ESTABLISHED USING SampSetTransactioDomain()). THIS
SERVICE MAY ONLY BE CALLED AFTER SampSetTransactionDomain()
AND BEFORE SampReleaseReadLock().
Arguments:
UserCount - Receives the number of user accounts in the domain.
GroupCount - Receives the number of group accounts in the domain.
AliasCount - Receives the number of alias accounts in the domain.
Return Value:
STATUS_SUCCESS - The values have been retrieved.
STATUS_INSUFFICIENT_RESOURCES - Not enough memory could be allocated
to perform the requested operation.
Other values are unexpected errors. These may originate from
internal calls to:
NtOpenKey()
NtQueryInformationKey()
--*/
{
NTSTATUS NtStatus, IgnoreStatus;
UNICODE_STRING KeyName;
PUNICODE_STRING AccountTypeKeyName;
OBJECT_ATTRIBUTES ObjectAttributes;
HANDLE AccountHandle;
ULONG KeyValueLength;
LARGE_INTEGER IgnoreLastWriteTime;
ASSERT(SampTransactionWithinDomain == TRUE);
//
// Get the user count first
//
AccountTypeKeyName = &SampNameDomainUsers;
NtStatus = SampBuildDomainSubKeyName( &KeyName, AccountTypeKeyName );
if (NT_SUCCESS(NtStatus)) {
//
// Open this key and get its current value
//
InitializeObjectAttributes(
&ObjectAttributes,
&KeyName,
OBJ_CASE_INSENSITIVE,
SampKey,
NULL
);
NtStatus = RtlpNtOpenKey(
&AccountHandle,
(KEY_READ),
&ObjectAttributes,
0
);
if (NT_SUCCESS(NtStatus)) {
//
// The count is stored as the KeyValueType
//
KeyValueLength = 0;
NtStatus = RtlpNtQueryValueKey(
AccountHandle,
UserCount,
NULL,
&KeyValueLength,
&IgnoreLastWriteTime
);
IgnoreStatus = NtClose( AccountHandle );
ASSERT( NT_SUCCESS(IgnoreStatus) );
}
SampFreeUnicodeString( &KeyName );
if (!NT_SUCCESS(NtStatus)) {
return(NtStatus);
}
}
//
// Now get the group count
//
AccountTypeKeyName = &SampNameDomainGroups;
NtStatus = SampBuildDomainSubKeyName( &KeyName, AccountTypeKeyName );
if (NT_SUCCESS(NtStatus)) {
//
// Open this key and get its current value
//
InitializeObjectAttributes(
&ObjectAttributes,
&KeyName,
OBJ_CASE_INSENSITIVE,
SampKey,
NULL
);
NtStatus = RtlpNtOpenKey(
&AccountHandle,
(KEY_READ),
&ObjectAttributes,
0
);
if (NT_SUCCESS(NtStatus)) {
//
// The count is stored as the KeyValueType
//
KeyValueLength = 0;
NtStatus = RtlpNtQueryValueKey(
AccountHandle,
GroupCount,
NULL,
&KeyValueLength,
&IgnoreLastWriteTime
);
IgnoreStatus = NtClose( AccountHandle );
ASSERT( NT_SUCCESS(IgnoreStatus) );
}
SampFreeUnicodeString( &KeyName );
if (!NT_SUCCESS(NtStatus)) {
return(NtStatus);
}
}
//
// Now get the alias count
//
AccountTypeKeyName = &SampNameDomainAliases;
NtStatus = SampBuildDomainSubKeyName( &KeyName, AccountTypeKeyName );
if (NT_SUCCESS(NtStatus)) {
//
// Open this key and get its current value
//
InitializeObjectAttributes(
&ObjectAttributes,
&KeyName,
OBJ_CASE_INSENSITIVE,
SampKey,
NULL
);
NtStatus = RtlpNtOpenKey(
&AccountHandle,
(KEY_READ),
&ObjectAttributes,
0
);
if (NT_SUCCESS(NtStatus)) {
//
// The count is stored as the KeyValueType
//
KeyValueLength = 0;
NtStatus = RtlpNtQueryValueKey(
AccountHandle,
AliasCount,
NULL,
&KeyValueLength,
&IgnoreLastWriteTime
);
IgnoreStatus = NtClose( AccountHandle );
ASSERT( NT_SUCCESS(IgnoreStatus) );
}
SampFreeUnicodeString( &KeyName );
}
return( NtStatus );
}
NTSTATUS
SampAdjustAccountCount(
IN SAMP_OBJECT_TYPE ObjectType,
IN BOOLEAN Increment
)
/*++
Routine Description:
This routine increments or decrements the count of either
users or groups in a domain.
Note: THIS ROUTINE REFERENCES THE CURRENT TRANSACTION DOMAIN
(ESTABLISHED USING SampSetTransactioDomain()). THIS
SERVICE MAY ONLY BE CALLED AFTER SampSetTransactionDomain()
AND BEFORE SampReleaseWriteLock().
Arguments:
ObjectType - Indicates whether the account is a user or group account.
Increment - a BOOLEAN value indicating whether the user or group
count is to be incremented or decremented. A value of TRUE
will cause the count to be incremented. A value of FALSE will
cause the value to be decremented.
Return Value:
STATUS_SUCCESS - The value has been adjusted and the new value added
to the current RXACT transaction.
STATUS_INSUFFICIENT_RESOURCES - Not enough memory could be allocated
to perform the requested operation.
Other values are unexpected errors. These may originate from
internal calls to:
NtOpenKey()
NtQueryInformationKey()
RtlAddActionToRXact()
--*/
{
NTSTATUS NtStatus, IgnoreStatus;
UNICODE_STRING KeyName;
PUNICODE_STRING AccountTypeKeyName;
OBJECT_ATTRIBUTES ObjectAttributes;
HANDLE AccountHandle;
ULONG Count, KeyValueLength;
LARGE_INTEGER IgnoreLastWriteTime;
ASSERT(SampTransactionWithinDomain == TRUE);
ASSERT( (ObjectType == SampGroupObjectType) ||
(ObjectType == SampAliasObjectType) ||
(ObjectType == SampUserObjectType) );
//
// Build the name of the key whose count is to be incremented or
// decremented.
//
switch (ObjectType) {
case SampGroupObjectType:
AccountTypeKeyName = &SampNameDomainGroups;
break;
case SampAliasObjectType:
AccountTypeKeyName = &SampNameDomainAliases;
break;
case SampUserObjectType:
AccountTypeKeyName = &SampNameDomainUsers;
break;
}
NtStatus = SampBuildDomainSubKeyName( &KeyName, AccountTypeKeyName );
if (NT_SUCCESS(NtStatus)) {
//
// Open this key and get its current value
//
InitializeObjectAttributes(
&ObjectAttributes,
&KeyName,
OBJ_CASE_INSENSITIVE,
SampKey,
NULL
);
NtStatus = RtlpNtOpenKey(
&AccountHandle,
(KEY_READ),
&ObjectAttributes,
0
);
if (NT_SUCCESS(NtStatus)) {
//
// The count is stored as the KeyValueType
//
KeyValueLength = 0;
NtStatus = RtlpNtQueryValueKey(
AccountHandle,
&Count,
NULL,
&KeyValueLength,
&IgnoreLastWriteTime
);
if (NT_SUCCESS(NtStatus)) {
if (Increment == TRUE) {
Count += 1;
} else {
ASSERT( Count != 0 );
Count -= 1;
}
NtStatus = RtlAddActionToRXact(
SampRXactContext,
RtlRXactOperationSetValue,
&KeyName,
Count,
NULL,
0
);
}
IgnoreStatus = NtClose( AccountHandle );
ASSERT( NT_SUCCESS(IgnoreStatus) );
}
SampFreeUnicodeString( &KeyName );
}
return( STATUS_SUCCESS );
}
NTSTATUS
SampEnumerateAccountNamesCommon(
IN SAMPR_HANDLE DomainHandle,
IN SAMP_OBJECT_TYPE ObjectType,
IN OUT PSAM_ENUMERATE_HANDLE EnumerationContext,
OUT PSAMPR_ENUMERATION_BUFFER *Buffer,
IN ULONG PreferedMaximumLength,
IN ULONG Filter,
OUT PULONG CountReturned
)
/*++
Routine Description:
This routine enumerates names of either user, group or alias accounts.
This routine is intended to directly support
SamrEnumerateGroupsInDomain(),
SamrEnumerateAliasesInDomain() and
SamrEnumerateUsersInDomain().
This routine performs database locking, and context lookup (including
access validation).
All allocation for OUT parameters will be done using MIDL_user_allocate.
Arguments:
DomainHandle - The domain handle whose users or groups are to be enumerated.
ObjectType - Indicates whether users or groups are to be enumerated.
EnumerationContext - API specific handle to allow multiple calls. The
caller should return this value in successive calls to retrieve
additional information.
Buffer - Receives a pointer to the buffer containing the
requested information. The information returned is
structured as an array of SAM_ENUMERATION_INFORMATION data
structures. When this information is no longer needed, the
buffer must be freed using SamFreeMemory().
PreferedMaximumLength - Prefered maximum length of returned data
(in 8-bit bytes). This is not a hard upper limit, but serves
as a guide to the server. Due to data conversion between
systems with different natural data sizes, the actual amount
of data returned may be greater than this value.
Filter - if ObjectType is users, the users can optionally be filtered
by setting this field with bits from the AccountControlField that
must match. Otherwise ignored.
CountReturned - Receives the number of entries returned.
Return Value:
STATUS_SUCCESS - The Service completed successfully, and there
are no additional entries. Entries may or may not have been
returned from this call. The CountReturned parameter indicates
whether any were.
STATUS_MORE_ENTRIES - There are more entries which may be obtained
using successive calls to this API. This is a successful return.
STATUS_ACCESS_DENIED - Caller does not have access to request the data.
STATUS_INVALID_HANDLE - The handle passed is invalid.
--*/
{
NTSTATUS NtStatus;
NTSTATUS IgnoreStatus;
PSAMP_OBJECT Context;
SAMP_OBJECT_TYPE FoundType;
ACCESS_MASK DesiredAccess;
ASSERT( (ObjectType == SampGroupObjectType) ||
(ObjectType == SampAliasObjectType) ||
(ObjectType == SampUserObjectType) );
//
// Make sure we understand what RPC is doing for (to) us.
//
ASSERT (DomainHandle != NULL);
ASSERT (EnumerationContext != NULL);
ASSERT ( Buffer != NULL);
ASSERT ((*Buffer) == NULL);
ASSERT (CountReturned != NULL);
//
// Establish type-specific information
//
DesiredAccess = DOMAIN_LIST_ACCOUNTS;
SampAcquireReadLock();
//
// Validate type of, and access to object.
//
Context = (PSAMP_OBJECT)DomainHandle;
NtStatus = SampLookupContext(
Context,
DesiredAccess,
SampDomainObjectType,
&FoundType
);
if (NT_SUCCESS(NtStatus)) {
//
// Call our private worker routine
//
NtStatus = SampEnumerateAccountNames(
ObjectType,
EnumerationContext,
Buffer,
PreferedMaximumLength,
Filter,
CountReturned,
Context->TrustedClient
);
//
// De-reference the object, discarding changes
//
IgnoreStatus = SampDeReferenceContext( Context, FALSE );
ASSERT(NT_SUCCESS(IgnoreStatus));
}
//
// Free the read lock
//
SampReleaseReadLock();
return(NtStatus);
}
NTSTATUS
SampEnumerateAccountNames(
IN SAMP_OBJECT_TYPE ObjectType,
IN OUT PSAM_ENUMERATE_HANDLE EnumerationContext,
OUT PSAMPR_ENUMERATION_BUFFER *Buffer,
IN ULONG PreferedMaximumLength,
IN ULONG Filter,
OUT PULONG CountReturned,
IN BOOLEAN TrustedClient
)
/*++
Routine Description:
This is the worker routine used to enumerate user, group or alias accounts
Note: THIS ROUTINE REFERENCES THE CURRENT TRANSACTION DOMAIN
(ESTABLISHED USING SampSetTransactioDomain()). THIS
SERVICE MAY ONLY BE CALLED AFTER SampSetTransactionDomain()
AND BEFORE SampReleaseReadLock().
All allocation for OUT parameters will be done using MIDL_user_allocate.
Arguments:
ObjectType - Indicates whether users or groups are to be enumerated.
EnumerationContext - API specific handle to allow multiple calls. The
caller should return this value in successive calls to retrieve
additional information.
Buffer - Receives a pointer to the buffer containing the
requested information. The information returned is
structured as an array of SAM_ENUMERATION_INFORMATION data
structures. When this information is no longer needed, the
buffer must be freed using SamFreeMemory().
PreferedMaximumLength - Prefered maximum length of returned data
(in 8-bit bytes). This is not a hard upper limit, but serves
as a guide to the server. Due to data conversion between
systems with different natural data sizes, the actual amount
of data returned may be greater than this value.
Filter - if ObjectType is users, the users can optionally be filtered
by setting this field with bits from the AccountControlField that
must match. Otherwise ignored.
CountReturned - Receives the number of entries returned.
TrustedClient - says whether the caller is trusted or not. If so,
we'll ignore the SAMP_MAXIMUM_MEMORY_TO_USE restriction on data
returns.
Return Value:
STATUS_SUCCESS - The Service completed successfully, and there
are no additional entries. Entries may or may not have been
returned from this call. The CountReturned parameter indicates
whether any were.
STATUS_MORE_ENTRIES - There are more entries which may be obtained
using successive calls to this API. This is a successful return.
STATUS_ACCESS_DENIED - Caller does not have access to request the data.
--*/
{
SAMP_V1_0A_FIXED_LENGTH_USER UserV1aFixed;
NTSTATUS NtStatus, TmpStatus;
OBJECT_ATTRIBUTES ObjectAttributes;
HANDLE TempHandle = NULL;
ULONG i, NamesToReturn, MaxMemoryToUse;
ULONG TotalLength,NewTotalLength;
PSAMP_OBJECT UserContext = NULL;
PSAMP_ENUMERATION_ELEMENT SampHead = NULL,
NextEntry = NULL,
NewEntry = NULL,
SampTail = NULL;
BOOLEAN MoreNames;
BOOLEAN LengthLimitReached = FALSE;
BOOLEAN FilteredName;
PSAMPR_RID_ENUMERATION ArrayBuffer = NULL;
ULONG ArrayBufferLength;
LARGE_INTEGER IgnoreLastWriteTime;
UNICODE_STRING AccountNamesKey;
SID_NAME_USE IgnoreUse;
//
// Open the registry key containing the account names
//
NtStatus = SampBuildAccountKeyName(
ObjectType,
&AccountNamesKey,
NULL
);
if ( NT_SUCCESS(NtStatus) ) {
//
// Now try to open this registry key so we can enumerate its
// sub-keys
//
InitializeObjectAttributes(
&ObjectAttributes,
&AccountNamesKey,
OBJ_CASE_INSENSITIVE,
SampKey,
NULL
);
NtStatus = RtlpNtOpenKey(
&TempHandle,
(KEY_READ),
&ObjectAttributes,
0
);
if (NT_SUCCESS(NtStatus)) {
//
// Read names until we have exceeded the preferred maximum
// length or we run out of names.
//
NamesToReturn = 0;
SampHead = NULL;
SampTail = NULL;
MoreNames = TRUE;
NewTotalLength = 0;
TotalLength = 0;
if ( TrustedClient ) {
//
// We place no restrictions on the amount of memory used
// by a trusted client. Rely on their
// PreferedMaximumLength to limit us instead.
//
MaxMemoryToUse = 0xffffffff;
} else {
MaxMemoryToUse = SAMP_MAXIMUM_MEMORY_TO_USE;
}
while (MoreNames) {
UNICODE_STRING SubKeyName;
USHORT LengthRequired;
//
// Try reading with a DEFAULT length buffer first.
//
LengthRequired = 32;
NewTotalLength = TotalLength +
sizeof(UNICODE_STRING) +
LengthRequired;
//
// Stop if SAM or user specified length limit reached
//
if ( ( (TotalLength != 0) &&
(NewTotalLength >= PreferedMaximumLength) ) ||
( NewTotalLength > MaxMemoryToUse )
) {
NtStatus = STATUS_SUCCESS;
break; // Out of while loop, MoreNames = TRUE
}
NtStatus = SampInitUnicodeString(&SubKeyName, LengthRequired);
if (!NT_SUCCESS(NtStatus)) {
break; // Out of while loop
}
NtStatus = RtlpNtEnumerateSubKey(
TempHandle,
&SubKeyName,
*EnumerationContext,
&IgnoreLastWriteTime
);
if (NtStatus == STATUS_BUFFER_OVERFLOW) {
//
// The subkey name is longer than our default size,
// Free the old buffer.
// Allocate the correct size buffer and read it again.
//
SampFreeUnicodeString(&SubKeyName);
LengthRequired = SubKeyName.Length;
NewTotalLength = TotalLength +
sizeof(UNICODE_STRING) +
LengthRequired;
//
// Stop if SAM or user specified length limit reached
//
if ( ( (TotalLength != 0) &&
(NewTotalLength >= PreferedMaximumLength) ) ||
( NewTotalLength > MaxMemoryToUse )
) {
NtStatus = STATUS_SUCCESS;
break; // Out of while loop, MoreNames = TRUE
}
//
// Try reading the name again, we should be successful.
//
NtStatus = SampInitUnicodeString(&SubKeyName, LengthRequired);
if (!NT_SUCCESS(NtStatus)) {
break; // Out of while loop
}
NtStatus = RtlpNtEnumerateSubKey(
TempHandle,
&SubKeyName,
*EnumerationContext,
&IgnoreLastWriteTime
);
}
//
// Free up our buffer if we failed to read the key data
//
if (!NT_SUCCESS(NtStatus)) {
SampFreeUnicodeString(&SubKeyName);
//
// Map a no-more-entries status to success
//
if (NtStatus == STATUS_NO_MORE_ENTRIES) {
MoreNames = FALSE;
NtStatus = STATUS_SUCCESS;
}
break; // Out of while loop
}
//
// We've allocated the subkey and read the data into it
// Stuff it in an enumeration element.
//
NewEntry = MIDL_user_allocate(sizeof(SAMP_ENUMERATION_ELEMENT));
if (NewEntry == NULL) {
NtStatus = STATUS_INSUFFICIENT_RESOURCES;
} else {
*(PUNICODE_STRING)&NewEntry->Entry.Name = SubKeyName;
//
// Now get the Rid value of this named
// account. We must be able to get the
// name or we have an internal database
// corruption.
//
NtStatus = SampLookupAccountRid(
ObjectType,
(PUNICODE_STRING)&NewEntry->Entry.Name,
STATUS_INTERNAL_DB_CORRUPTION,
&NewEntry->Entry.RelativeId,
&IgnoreUse
);
ASSERT(NtStatus != STATUS_INTERNAL_DB_CORRUPTION);
if (NT_SUCCESS(NtStatus)) {
FilteredName = TRUE;
if ( ( ObjectType == SampUserObjectType ) &&
( Filter != 0 ) ) {
//
// We only want to return users with a
// UserAccountControl field that matches
// the filter passed in. Check here.
//
NtStatus = SampCreateAccountContext(
SampUserObjectType,
NewEntry->Entry.RelativeId,
TRUE, // Trusted client
TRUE, // Account exists
&UserContext
);
if ( NT_SUCCESS( NtStatus ) ) {
NtStatus = SampRetrieveUserV1aFixed(
UserContext,
&UserV1aFixed
);
if ( NT_SUCCESS( NtStatus ) ) {
if ( ( UserV1aFixed.UserAccountControl &
Filter ) == 0 ) {
FilteredName = FALSE;
SampFreeUnicodeString( &SubKeyName );
}
}
SampDeleteContext( UserContext );
}
}
*EnumerationContext += 1;
if ( NT_SUCCESS( NtStatus ) && ( FilteredName ) ) {
NamesToReturn += 1;
TotalLength = TotalLength + (ULONG)
NewEntry->Entry.Name.MaximumLength;
NewEntry->Next = NULL;
if( SampHead == NULL ) {
ASSERT( SampTail == NULL );
SampHead = SampTail = NewEntry;
}
else {
//
// add this new entry to the list end.
//
SampTail->Next = NewEntry;
SampTail = NewEntry;
}
} else {
//
// Entry was filtered out, or error getting
// filter information.
//
MIDL_user_free( NewEntry );
}
} else {
//
// Error looking up the RID
//
MIDL_user_free( NewEntry );
}
}
//
// Free up our subkey name
//
if (!NT_SUCCESS(NtStatus)) {
SampFreeUnicodeString(&SubKeyName);
break; // Out of whle loop
}
} // while
TmpStatus = NtClose( TempHandle );
ASSERT( NT_SUCCESS(TmpStatus) );
}
SampFreeUnicodeString( &AccountNamesKey );
}
if ( NT_SUCCESS(NtStatus) ) {
//
// If we are returning the last of the names, then change our
// enumeration context so that it starts at the beginning again.
//
if (!( (NtStatus == STATUS_SUCCESS) && (MoreNames == FALSE))) {
NtStatus = STATUS_MORE_ENTRIES;
}
//
// Set the number of names being returned
//
(*CountReturned) = NamesToReturn;
//
// Build a return buffer containing an array of the
// SAM_ENUMERATION_INFORMATIONs pointed to by another
// buffer containing the number of elements in that
// array.
//
(*Buffer) = MIDL_user_allocate( sizeof(SAMPR_ENUMERATION_BUFFER) );
if ( (*Buffer) == NULL) {
NtStatus = STATUS_INSUFFICIENT_RESOURCES;
} else {
(*Buffer)->EntriesRead = (*CountReturned);
ArrayBufferLength = sizeof( SAM_RID_ENUMERATION ) *
(*CountReturned);
ArrayBuffer = MIDL_user_allocate( ArrayBufferLength );
(*Buffer)->Buffer = ArrayBuffer;
if ( ArrayBuffer == NULL) {
NtStatus = STATUS_INSUFFICIENT_RESOURCES;
MIDL_user_free( (*Buffer) );
} else {
//
// Walk the list of return entries, copying
// them into the return buffer
//
NextEntry = SampHead;
i = 0;
while (NextEntry != NULL) {
NewEntry = NextEntry;
NextEntry = NewEntry->Next;
ArrayBuffer[i] = NewEntry->Entry;
i += 1;
MIDL_user_free( NewEntry );
}
}
}
}
if ( !NT_SUCCESS(NtStatus) ) {
//
// Free the memory we've allocated
//
NextEntry = SampHead;
while (NextEntry != NULL) {
NewEntry = NextEntry;
NextEntry = NewEntry->Next;
if (NewEntry->Entry.Name.Buffer != NULL ) MIDL_user_free( NewEntry->Entry.Name.Buffer );
MIDL_user_free( NewEntry );
}
(*EnumerationContext) = 0;
(*CountReturned) = 0;
(*Buffer) = NULL;
}
return(NtStatus);
}
NTSTATUS
SampLookupAccountRid(
IN SAMP_OBJECT_TYPE ObjectType,
IN PUNICODE_STRING Name,
IN NTSTATUS NotFoundStatus,
OUT PULONG Rid,
OUT PSID_NAME_USE Use
)
/*++
Routine Description:
Arguments:
ObjectType - Indicates whether the name is a user, group or unknown
type of object.
Name - The name of the account being looked up.
NotFoundStatus - Receives a status value to be returned if no name is
found.
Rid - Receives the relative ID of account with the specified name.
Use - Receives an indication of the type of account.
Return Value:
STATUS_SUCCESS - The Service completed successfully.
(NotFoundStatus) - No name by the specified name and type could be
found. This value is passed to this routine.
Other values that may be returned by:
SampBuildAccountKeyName()
NtOpenKey()
NtQueryValueKey()
--*/
{
NTSTATUS NtStatus, TmpStatus;
UNICODE_STRING KeyName;
OBJECT_ATTRIBUTES ObjectAttributes;
HANDLE TempHandle;
ULONG KeyValueLength;
LARGE_INTEGER IgnoreLastWriteTime;
if ( (ObjectType == SampGroupObjectType ) ||
(ObjectType == SampUnknownObjectType) ) {
//
// Search the groups for a match
//
NtStatus = SampBuildAccountKeyName(
SampGroupObjectType,
&KeyName,
Name
);
if (!NT_SUCCESS(NtStatus)) {
return(NtStatus);
}
InitializeObjectAttributes(
&ObjectAttributes,
&KeyName,
OBJ_CASE_INSENSITIVE,
SampKey,
NULL
);
NtStatus = RtlpNtOpenKey(
&TempHandle,
(KEY_READ),
&ObjectAttributes,
0
);
SampFreeUnicodeString( &KeyName );
if (NT_SUCCESS(NtStatus)) {
(*Use) = SidTypeGroup;
KeyValueLength = 0;
NtStatus = RtlpNtQueryValueKey(
TempHandle,
Rid,
NULL,
&KeyValueLength,
&IgnoreLastWriteTime
);
TmpStatus = NtClose( TempHandle );
ASSERT( NT_SUCCESS(TmpStatus) );
return( NtStatus );
}
}
//
// No group (or not group type)
// Try an alias if appropriate
//
if ( (ObjectType == SampAliasObjectType ) ||
(ObjectType == SampUnknownObjectType) ) {
//
// Search the aliases for a match
//
NtStatus = SampBuildAccountKeyName(
SampAliasObjectType,
&KeyName,
Name
);
if (!NT_SUCCESS(NtStatus)) {
return(NtStatus);
}
InitializeObjectAttributes(
&ObjectAttributes,
&KeyName,
OBJ_CASE_INSENSITIVE,
SampKey,
NULL
);
NtStatus = RtlpNtOpenKey(
&TempHandle,
(KEY_READ),
&ObjectAttributes,
0
);
SampFreeUnicodeString( &KeyName );
if (NT_SUCCESS(NtStatus)) {
(*Use) = SidTypeAlias;
KeyValueLength = 0;
NtStatus = RtlpNtQueryValueKey(
TempHandle,
Rid,
NULL,
&KeyValueLength,
&IgnoreLastWriteTime
);
TmpStatus = NtClose( TempHandle );
ASSERT( NT_SUCCESS(TmpStatus) );
return( NtStatus );
}
}
//
// No group (or not group type) nor alias (or not alias type)
// Try a user if appropriate
//
if ( (ObjectType == SampUserObjectType ) ||
(ObjectType == SampUnknownObjectType) ) {
//
// Search the Users for a match
//
NtStatus = SampBuildAccountKeyName(
SampUserObjectType,
&KeyName,
Name
);
if (!NT_SUCCESS(NtStatus)) {
return(NtStatus);
}
InitializeObjectAttributes(
&ObjectAttributes,
&KeyName,
OBJ_CASE_INSENSITIVE,
SampKey,
NULL
);
NtStatus = RtlpNtOpenKey(
&TempHandle,
(KEY_READ),
&ObjectAttributes,
0
);
SampFreeUnicodeString( &KeyName );
if (NT_SUCCESS(NtStatus)) {
(*Use) = SidTypeUser;
KeyValueLength = 0;
NtStatus = RtlpNtQueryValueKey(
TempHandle,
Rid,
NULL,
&KeyValueLength,
&IgnoreLastWriteTime
);
TmpStatus = NtClose( TempHandle );
ASSERT( NT_SUCCESS(TmpStatus) );
return( NtStatus );
}
}
if (NtStatus == STATUS_OBJECT_NAME_NOT_FOUND) {
NtStatus = NotFoundStatus;
}
return(NtStatus);
}
NTSTATUS
SampLookupAccountName(
IN ULONG Rid,
OUT PUNICODE_STRING Name OPTIONAL,
OUT PSAMP_OBJECT_TYPE ObjectType
)
/*++
Routine Description:
Looks up the specified rid in the current transaction domain.
Returns its name and account type.
Arguments:
Rid - The relative ID of account
Name - Receives the name of the account if ObjectType != UnknownObjectType
The name buffer can be freed using MIDL_user_free
ObjectType - Receives the type of account this rid represents
SampUnknownObjectType - the account doesn't exist
SampUserObjectType
SampGroupObjectType
SampAliasObjectType
Return Value:
STATUS_SUCCESS - The Service completed successfully, object type contains
the type of object this rid represents.
Other values that may be returned by:
SampBuildAccountKeyName()
NtOpenKey()
NtQueryValueKey()
--*/
{
NTSTATUS NtStatus;
PSAMP_OBJECT AccountContext;
//
// Search the groups for a match
//
NtStatus = SampCreateAccountContext(
SampGroupObjectType,
Rid,
TRUE, // Trusted client
TRUE, // Account exists
&AccountContext
);
if (NT_SUCCESS(NtStatus)) {
*ObjectType = SampGroupObjectType;
if (ARGUMENT_PRESENT(Name)) {
NtStatus = SampGetUnicodeStringAttribute(
AccountContext,
SAMP_GROUP_NAME,
TRUE, // Make copy
Name
);
}
SampDeleteContext(AccountContext);
return (NtStatus);
}
//
// Search the aliases for a match
//
NtStatus = SampCreateAccountContext(
SampAliasObjectType,
Rid,
TRUE, // Trusted client
TRUE, // Account exists
&AccountContext
);
if (NT_SUCCESS(NtStatus)) {
*ObjectType = SampAliasObjectType;
if (ARGUMENT_PRESENT(Name)) {
NtStatus = SampGetUnicodeStringAttribute(
AccountContext,
SAMP_ALIAS_NAME,
TRUE, // Make copy
Name
);
}
SampDeleteContext(AccountContext);
return (NtStatus);
}
//
// Search the users for a match
//
NtStatus = SampCreateAccountContext(
SampUserObjectType,
Rid,
TRUE, // Trusted client
TRUE, // Account exists
&AccountContext
);
if (NT_SUCCESS(NtStatus)) {
*ObjectType = SampUserObjectType;
if (ARGUMENT_PRESENT(Name)) {
NtStatus = SampGetUnicodeStringAttribute(
AccountContext,
SAMP_USER_ACCOUNT_NAME,
TRUE, // Make copy
Name
);
}
SampDeleteContext(AccountContext);
return (NtStatus);
}
//
// This account doesn't exist
//
*ObjectType = SampUnknownObjectType;
return(STATUS_SUCCESS);
}
NTSTATUS
SampOpenAccount(
IN SAMP_OBJECT_TYPE ObjectType,
IN SAMPR_HANDLE DomainHandle,
IN ACCESS_MASK DesiredAccess,
IN ULONG AccountId,
IN BOOLEAN WriteLockHeld,
OUT SAMPR_HANDLE *AccountHandle
)
/*++
Routine Description:
This API opens an existing user, group or alias account in the account database.
The account is specified by a ID value that is relative to the SID of the
domain. The operations that will be performed on the group must be
declared at this time.
This call returns a handle to the newly opened account that may be
used for successive operations on the account. This handle may be
closed with the SamCloseHandle API.
Parameters:
DomainHandle - A domain handle returned from a previous call to
SamOpenDomain.
DesiredAccess - Is an access mask indicating which access types
are desired to the account. These access types are reconciled
with the Discretionary Access Control list of the account to
determine whether the accesses will be granted or denied.
GroupId - Specifies the relative ID value of the user or group to be
opened.
GroupHandle - Receives a handle referencing the newly opened
user or group. This handle will be required in successive calls to
operate on the account.
WriteLockHeld - if TRUE, the caller holds SAM's SampLock for WRITE
access, so this routine does not have to obtain it.
Return Values:
STATUS_SUCCESS - The account was successfully opened.
STATUS_ACCESS_DENIED - Caller does not have the appropriate
access to complete the operation.
STATUS_NO_SUCH_GROUP - The specified group does not exist.
STATUS_NO_SUCH_USER - The specified user does not exist.
STATUS_NO_SUCH_ALIAS - The specified alias does not exist.
STATUS_INVALID_HANDLE - The domain handle passed is invalid.
--*/
{
NTSTATUS NtStatus;
NTSTATUS IgnoreStatus;
PSAMP_OBJECT DomainContext, NewContext;
SAMP_OBJECT_TYPE FoundType;
//
// Grab a read lock, if a lock isn't already held.
//
if ( !WriteLockHeld ) {
SampAcquireReadLock();
}
//
// Validate type of, and access to domain object.
//
DomainContext = (PSAMP_OBJECT)DomainHandle;
NtStatus = SampLookupContext(
DomainContext,
DOMAIN_LOOKUP, // DesiredAccess
SampDomainObjectType, // ExpectedType
&FoundType
);
if (NT_SUCCESS(NtStatus)) {
//
// Try to create a context for the account.
//
NtStatus = SampCreateAccountContext(
ObjectType,
AccountId,
DomainContext->TrustedClient,
TRUE, // Account exists
&NewContext
);
if (NT_SUCCESS(NtStatus)) {
//
// Reference the object for the validation
//
SampReferenceContext(NewContext);
//
// Validate the caller's access.
//
NtStatus = SampValidateObjectAccess(
NewContext, //Context
DesiredAccess, //DesiredAccess
FALSE //ObjectCreation
);
//
// Dereference object, discarding any changes
//
IgnoreStatus = SampDeReferenceContext(NewContext, FALSE);
ASSERT(NT_SUCCESS(IgnoreStatus));
//
// Clean up the new context if we didn't succeed.
//
if (!NT_SUCCESS(NtStatus)) {
SampDeleteContext( NewContext );
}
}
//
// De-reference the object, discarding changes
//
IgnoreStatus = SampDeReferenceContext( DomainContext, FALSE );
ASSERT(NT_SUCCESS(IgnoreStatus));
}
//
// Return the account handle
//
if (!NT_SUCCESS(NtStatus)) {
(*AccountHandle) = 0;
} else {
(*AccountHandle) = NewContext;
}
//
// Free the lock, if we obtained it.
//
if ( !WriteLockHeld ) {
SampReleaseReadLock();
}
return(NtStatus);
}
NTSTATUS
SampCreateAccountContext(
IN SAMP_OBJECT_TYPE ObjectType,
IN ULONG AccountId,
IN BOOLEAN TrustedClient,
IN BOOLEAN AccountExists,
OUT PSAMP_OBJECT *AccountContext
)
/*++
Routine Description:
This API creates a context for an account object. (User group or alias).
If the account exists flag is specified, an attempt is made to open
the object in the database and this api fails if it doesn't exist.
If AccountExists = FALSE, this routine setups up the context such that
data can be written into the context and the object will be created
when they are committed.
The account is specified by a ID value that is relative to the SID of the
current transaction domain.
This call returns a context handle for the newly opened account.
This handle may be closed with the SampDeleteContext API.
No access check is performed by this function.
Note: THIS ROUTINE REFERENCES THE CURRENT TRANSACTION DOMAIN
(ESTABLISHED USING SampSetTransactioDomain()). THIS
SERVICE MAY ONLY BE CALLED AFTER SampSetTransactionDomain()
AND BEFORE SampReleaseReadLock().
Parameters:
ObjectType - the type of object to open
AccountId - the id of the account in the current transaction domain
TrustedClient - TRUE if client is trusted - i.e. server side process.
AccountExists - specifies whether the account already exists.
AccountContext - Receives context pointer referencing the newly opened account.
Return Values:
STATUS_SUCCESS - The account was successfully opened.
STATUS_NO_SUCH_GROUP - The specified group does not exist.
STATUS_NO_SUCH_USER - The specified user does not exist.
STATUS_NO_SUCH_ALIAS - The specified alias does not exist.
--*/
{
NTSTATUS NtStatus, NotFoundStatus;
OBJECT_ATTRIBUTES ObjectAttributes;
PSAMP_OBJECT NewContext;
//
// Establish type-specific information
//
ASSERT( (ObjectType == SampGroupObjectType) ||
(ObjectType == SampAliasObjectType) ||
(ObjectType == SampUserObjectType) );
switch (ObjectType) {
case SampGroupObjectType:
NotFoundStatus = STATUS_NO_SUCH_GROUP;
break;
case SampAliasObjectType:
NotFoundStatus = STATUS_NO_SUCH_ALIAS;
break;
case SampUserObjectType:
NotFoundStatus = STATUS_NO_SUCH_USER;
break;
}
//
// Try to create a context for the account.
//
NewContext = SampCreateContext(
ObjectType,
TrustedClient
);
if (NewContext != NULL) {
//
// Set the account's rid
//
switch (ObjectType) {
case SampGroupObjectType:
NewContext->TypeBody.Group.Rid = AccountId;
break;
case SampAliasObjectType:
NewContext->TypeBody.Alias.Rid = AccountId;
break;
case SampUserObjectType:
NewContext->TypeBody.User.Rid = AccountId;
break;
}
//
// Create the specified acocunt's root key name
// and store it in the context.
// This name remains around until the context is deleted.
//
NtStatus = SampBuildAccountSubKeyName(
ObjectType,
&NewContext->RootName,
AccountId,
NULL // Don't give a sub-key name
);
if (NT_SUCCESS(NtStatus)) {
//
// If the account should exist, try and open the root key
// to the object - fail if it doesn't exist.
//
if (AccountExists) {
InitializeObjectAttributes(
&ObjectAttributes,
&NewContext->RootName,
OBJ_CASE_INSENSITIVE,
SampKey,
NULL
);
NtStatus = RtlpNtOpenKey(
&NewContext->RootKey,
(KEY_READ | KEY_WRITE),
&ObjectAttributes,
0
);
if ( !NT_SUCCESS(NtStatus) ) {
NewContext->RootKey = INVALID_HANDLE_VALUE;
NtStatus = NotFoundStatus;
}
}
} else {
RtlInitUnicodeString(&NewContext->RootName, NULL);
}
//
// Clean up the account context if we failed
//
if (!NT_SUCCESS(NtStatus)) {
SampDeleteContext( NewContext );
NewContext = NULL;
}
} else {
NtStatus = STATUS_INSUFFICIENT_RESOURCES;
}
//
// Return the context pointer
//
*AccountContext = NewContext;
return(NtStatus);
}
NTSTATUS
SampIsAccountBuiltIn(
IN ULONG Rid
)
/*++
Routine Description:
This routine checks to see if a specified account name is a well-known
(built-in) account. Some restrictions apply to such accounts, such as
they can not be deleted or renamed.
Parameters:
Rid - The RID of the account.
Return Values:
STATUS_SUCCESS - The account is not a well-known (restricted) account.
STATUS_SPECIAL_ACCOUNT - Indicates the account is a restricted
account. This is an error status, based upon the assumption that
this service will primarily be utilized to determine if an
operation may allowed on an account.
--*/
{
if (Rid < SAMP_RESTRICTED_ACCOUNT_COUNT) {
return(STATUS_SPECIAL_ACCOUNT);
} else {
return(STATUS_SUCCESS);
}
}
NTSTATUS
SampCreateFullSid(
IN PSID DomainSid,
IN ULONG Rid,
OUT PSID *AccountSid
)
/*++
Routine Description:
This function creates a domain account sid given a domain sid and
the relative id of the account within the domain.
The returned Sid may be freed with MIDL_user_free.
Arguments:
None.
Return Value:
STATUS_SUCCESS
--*/
{
NTSTATUS NtStatus, IgnoreStatus;
UCHAR AccountSubAuthorityCount;
ULONG AccountSidLength;
PULONG RidLocation;
//
// Calculate the size of the new sid
//
AccountSubAuthorityCount = *RtlSubAuthorityCountSid(DomainSid) + (UCHAR)1;
AccountSidLength = RtlLengthRequiredSid(AccountSubAuthorityCount);
//
// Allocate space for the account sid
//
*AccountSid = MIDL_user_allocate(AccountSidLength);
if (*AccountSid == NULL) {
NtStatus = STATUS_INSUFFICIENT_RESOURCES;
} else {
//
// Copy the domain sid into the first part of the account sid
//
IgnoreStatus = RtlCopySid(AccountSidLength, *AccountSid, DomainSid);
ASSERT(NT_SUCCESS(IgnoreStatus));
//
// Increment the account sid sub-authority count
//
*RtlSubAuthorityCountSid(*AccountSid) = AccountSubAuthorityCount;
//
// Add the rid as the final sub-authority
//
RidLocation = RtlSubAuthoritySid(*AccountSid, AccountSubAuthorityCount-1);
*RidLocation = Rid;
NtStatus = STATUS_SUCCESS;
}
return(NtStatus);
}
NTSTATUS
SampCreateAccountSid(
IN PSAMP_OBJECT AccountContext,
OUT PSID *AccountSid
)
/*++
Routine Description:
This function creates the sid for an account object.
The returned Sid may be freed with MIDL_user_free.
Arguments:
None.
Return Value:
STATUS_SUCCESS
--*/
{
NTSTATUS NtStatus;
PSID DomainSid;
ULONG AccountRid;
//
// Get the Sid for the domain this object is in
//
DomainSid = SampDefinedDomains[AccountContext->DomainIndex].Sid;
//
// Get the account Rid
//
switch (AccountContext->ObjectType) {
case SampGroupObjectType:
AccountRid = AccountContext->TypeBody.Group.Rid;
break;
case SampAliasObjectType:
AccountRid = AccountContext->TypeBody.Alias.Rid;
break;
case SampUserObjectType:
AccountRid = AccountContext->TypeBody.User.Rid;
break;
default:
ASSERT(FALSE);
}
//
// Build a full sid from the domain sid and the account rid
//
NtStatus = SampCreateFullSid(DomainSid, AccountRid, AccountSid);
return(NtStatus);
}
VOID
SampNotifyNetlogonOfDelta(
IN SECURITY_DB_DELTA_TYPE DeltaType,
IN SECURITY_DB_OBJECT_TYPE ObjectType,
IN ULONG ObjectRid,
IN PUNICODE_STRING ObjectName,
IN DWORD ReplicateImmediately,
IN PSAM_DELTA_DATA DeltaData OPTIONAL
)
/*++
Routine Description:
This routine is called after any change is made to the SAM database
on a PDC. It will pass the parameters, along with the database type
and ModifiedCount to I_NetNotifyDelta() so that Netlogon will know
that the database has been changed.
This routine MUST be called with SAM's write lock held; however, any
changes must have already been committed to disk. That is, call
SampCommitAndRetainWriteLock() first, then this routine, then
SampReleaseWriteLock().
Arguments:
DeltaType - Type of modification that has been made on the object.
ObjectType - Type of object that has been modified.
ObjectRid - The relative ID of the object that has been modified.
This parameter is valid only when the object type specified is
either SecurityDbObjectSamUser, SecurityDbObjectSamGroup or
SecurityDbObjectSamAlias otherwise this parameter is set to
zero.
ObjectName - The old name of the object when the object type specified
is either SecurityDbObjectSamUser, SecurityDbObjectSamGroup or
SecurityDbObjectSamAlias and the delta type is SecurityDbRename
otherwise this parameter is set to zero.
ReplicateImmediately - TRUE if the change should be immediately
replicated to all BDCs. A password change should set the flag
TRUE.
DeltaData - pointer to delta-type specific structure to be passed
- to netlogon.
Return Value:
None.
--*/
{
//
// Only make the call if this is not a backup domain controller.
//
if ( SampDefinedDomains[SampTransactionDomainIndex].CurrentFixed.ServerRole
!= DomainServerRoleBackup ) {
I_NetNotifyDelta(
SecurityDbSam,
SampDefinedDomains[SampTransactionDomainIndex].CurrentFixed.ModifiedCount,
DeltaType,
ObjectType,
ObjectRid,
SampDefinedDomains[SampTransactionDomainIndex].Sid,
ObjectName,
ReplicateImmediately,
DeltaData
);
//
// Let any notification packages know about the delta.
//
SampDeltaChangeNotify(
SampDefinedDomains[SampTransactionDomainIndex].Sid,
DeltaType,
ObjectType,
ObjectRid,
ObjectName,
&SampDefinedDomains[SampTransactionDomainIndex].CurrentFixed.ModifiedCount,
DeltaData
);
}
}
NTSTATUS
SampSplitSid(
IN PSID AccountSid,
IN OUT PSID *DomainSid,
OUT ULONG *Rid
)
/*++
Routine Description:
This function splits a sid into its domain sid and rid. The caller
can either provide a memory buffer for the returned DomainSid, or
request that one be allocated. If the caller provides a buffer, the buffer
is assumed to be of sufficient size. If allocated on the caller's behalf,
the buffer must be freed when no longer required via MIDL_user_free.
Arguments:
AccountSid - Specifies the Sid to be split. The Sid is assumed to be
syntactically valid. Sids with zero subauthorities cannot be split.
DomainSid - Pointer to location containing either NULL or a pointer to
a buffer in which the Domain Sid will be returned. If NULL is
specified, memory will be allocated on behalf of the caller.
Return Value:
NTSTATUS - Standard Nt Result Code
STATUS_SUCCESS - The call completed successfully.
STATUS_INSUFFICIENT_RESOURCES - Insufficient system resources,
such as memory, to complete the call successfully.
STATUS_INVALID_SID - The Sid is has a subauthority count of 0.
--*/
{
NTSTATUS NtStatus;
UCHAR AccountSubAuthorityCount;
ULONG AccountSidLength;
//
// Calculate the size of the domain sid
//
AccountSubAuthorityCount = *RtlSubAuthorityCountSid(AccountSid);
if (AccountSubAuthorityCount < 1) {
NtStatus = STATUS_INVALID_SID;
goto SplitSidError;
}
AccountSidLength = RtlLengthSid(AccountSid);
//
// If no buffer is required for the Domain Sid, we have to allocate one.
//
if (*DomainSid == NULL) {
//
// Allocate space for the domain sid (allocate the same size as the
// account sid so we can use RtlCopySid)
//
*DomainSid = MIDL_user_allocate(AccountSidLength);
if (*DomainSid == NULL) {
NtStatus = STATUS_INSUFFICIENT_RESOURCES;
goto SplitSidError;
}
}
//
// Copy the Account sid into the Domain sid
//
RtlMoveMemory(*DomainSid, AccountSid, AccountSidLength);
//
// Decrement the domain sid sub-authority count
//
(*RtlSubAuthorityCountSid(*DomainSid))--;
//
// Copy the rid out of the account sid
//
*Rid = *RtlSubAuthoritySid(AccountSid, AccountSubAuthorityCount-1);
NtStatus = STATUS_SUCCESS;
SplitSidFinish:
return(NtStatus);
SplitSidError:
goto SplitSidFinish;
}
NTSTATUS
SampDuplicateUnicodeString(
IN PUNICODE_STRING OutString,
IN PUNICODE_STRING InString
)
/*++
Routine Description:
This routine allocates memory for a new OutString and copies the
InString string to it.
Parameters:
OutString - A pointer to a destination unicode string
InString - A pointer to an unicode string to be copied
Return Values:
None.
--*/
{
ASSERT( OutString != NULL );
ASSERT( InString != NULL );
if ( InString->Length > 0 ) {
OutString->Buffer = MIDL_user_allocate( InString->Length );
if (OutString->Buffer == NULL) {
return(STATUS_INSUFFICIENT_RESOURCES);
}
OutString->MaximumLength = InString->Length;
RtlCopyUnicodeString(OutString, InString);
} else {
RtlInitUnicodeString(OutString, NULL);
}
return(STATUS_SUCCESS);
}
NTSTATUS
SampUnicodeToOemString(
IN POEM_STRING OutString,
IN PUNICODE_STRING InString
)
/*++
Routine Description:
This routine allocates memory for a new OutString and copies the
InString string to it, converting to OEM string in the process.
Parameters:
OutString - A pointer to a destination OEM string.
InString - A pointer to a unicode string to be copied
Return Values:
None.
--*/
{
ULONG
OemLength,
Index;
NTSTATUS
NtStatus;
ASSERT( OutString != NULL );
ASSERT( InString != NULL );
if ( InString->Length > 0 ) {
OemLength = RtlUnicodeStringToOemSize(InString);
if ( OemLength > MAXUSHORT ) {
return STATUS_INVALID_PARAMETER_2;
}
OutString->Length = (USHORT)(OemLength - 1);
OutString->MaximumLength = (USHORT)OemLength;
OutString->Buffer = MIDL_user_allocate(OemLength);
if ( !OutString->Buffer ) {
return STATUS_NO_MEMORY;
}
NtStatus = RtlUnicodeToOemN(
OutString->Buffer,
OutString->Length,
&Index,
InString->Buffer,
InString->Length
);
if (!NT_SUCCESS(NtStatus)) {
MIDL_user_free(OutString->Buffer);
return NtStatus;
}
OutString->Buffer[Index] = '\0';
} else {
RtlInitString(OutString, NULL);
}
return(STATUS_SUCCESS);
}
NTSTATUS
SampChangeAccountOperatorAccessToMember(
IN PRPC_SID MemberSid,
IN SAMP_MEMBERSHIP_DELTA ChangingToAdmin,
IN SAMP_MEMBERSHIP_DELTA ChangingToOperator
)
/*++
Routine Description:
This routine is called when a member is added to or removed from an
ADMIN alias. If the member is from the BUILTIN or ACCOUNT domain,
it will change the ACL(s) of the member to allow or disallow access
by account operators if necessary.
This must be called BEFORE the member is actually added to the
alias, and AFTER the member is actually removed from the alias to
avoid security holes in the event that we are unable to complete the
entire task.
When this routine is called, the transaction domain is alredy set
to that of the alias. Note, however, that the member might be in a
different domain, so the transaction domain may be adjusted in this
routine.
THIS SERVICE MUST BE CALLED WITH THE SampLock HELD FOR WRITE ACCESS.
Arguments:
MemberSid - The full ID of the member being added to/ deleted from
an ADMIN alias.
ChangingToAdmin - AddToAdmin if Member is being added to an ADMIN alias,
RemoveFromAdmin if it's being removed.
ChangingToOperator - AddToAdmin if Member is being added to an OPERATOR
alias, RemoveFromAdmin if it's being removed.
Return Value:
STATUS_SUCCESS - either the ACL(s) was modified, or it didn't need
to be.
--*/
{
SAMP_V1_0A_FIXED_LENGTH_GROUP GroupV1Fixed;
PSID MemberDomainSid = NULL;
PULONG UsersInGroup = NULL;
NTSTATUS NtStatus;
ULONG MemberRid;
ULONG OldTransactionDomainIndex = SampDefinedDomainsCount;
ULONG NumberOfUsersInGroup;
ULONG i;
ULONG MemberDomainIndex;
SAMP_OBJECT_TYPE MemberType;
PSECURITY_DESCRIPTOR SecurityDescriptor;
PSECURITY_DESCRIPTOR OldDescriptor;
ULONG SecurityDescriptorLength;
ULONG Revision;
ASSERT( SampTransactionWithinDomain );
//
// See if the SID is from one of the local domains (BUILTIN or ACCOUNT).
// If it's not, we don't have to worry about modifying ACLs.
//
NtStatus = SampSplitSid( MemberSid, &MemberDomainSid, &MemberRid );
if ( !NT_SUCCESS( NtStatus ) ) {
return( NtStatus );
}
for ( MemberDomainIndex = 0;
MemberDomainIndex < SampDefinedDomainsCount;
MemberDomainIndex++ ) {
if ( RtlEqualSid(
MemberDomainSid,
SampDefinedDomains[MemberDomainIndex].Sid ) ) {
break;
}
}
if ( MemberDomainIndex < SampDefinedDomainsCount ) {
//
// The member is from one of the local domains. MemberDomainIndex
// indexes that domain. First, check to see if the alias and member
// are in the same domain.
//
if ( MemberDomainIndex != SampTransactionDomainIndex ) {
//
// The transaction domain is set to that of the alias, but
// we need to set it to that of the member while we modify
// the member.
//
SampTransactionWithinDomain = FALSE;
OldTransactionDomainIndex = SampTransactionDomainIndex;
SampSetTransactionDomain( MemberDomainIndex );
}
//
// Now we need to change the member ACL(s), IF the member is being
// added to an admin alias for the first time. Find out whether
// the member is a user or a group, and attack accordingly.
//
NtStatus = SampLookupAccountName(
MemberRid,
NULL,
&MemberType
);
if (NT_SUCCESS(NtStatus)) {
switch (MemberType) {
case SampUserObjectType: {
NtStatus = SampChangeOperatorAccessToUser(
MemberRid,
ChangingToAdmin,
ChangingToOperator
);
break;
}
case SampGroupObjectType: {
PSAMP_OBJECT GroupContext;
//
// Change ACL for every user in this group.
// First get group member list.
//
//
// Try to create a context for the account.
//
NtStatus = SampCreateAccountContext(
SampGroupObjectType,
MemberRid,
TRUE, // Trusted client
TRUE, // Account exists
&GroupContext
);
if (NT_SUCCESS(NtStatus)) {
//
// Now set a flag in the group itself,
// so that when users are added and removed
// in the future it is known whether this
// group is in an ADMIN alias or not.
//
NtStatus = SampRetrieveGroupV1Fixed(
GroupContext,
&GroupV1Fixed
);
if ( NT_SUCCESS( NtStatus ) ) {
ULONG OldAdminStatus = 0;
ULONG NewAdminStatus;
SAMP_MEMBERSHIP_DELTA AdminChange = NoChange;
SAMP_MEMBERSHIP_DELTA OperatorChange = NoChange;
if (GroupV1Fixed.AdminCount != 0 ) {
OldAdminStatus++;
}
if (GroupV1Fixed.OperatorCount != 0) {
OldAdminStatus++;
}
NewAdminStatus = OldAdminStatus;
//
// Update the admin count. If we added one and the
// count is now 1, then the group became administrative.
// If we subtracted one and the count is zero,
// then the group lost its administrive membership.
//
if (ChangingToAdmin == AddToAdmin) {
if (++GroupV1Fixed.AdminCount == 1) {
NewAdminStatus++;
AdminChange = AddToAdmin;
}
} else if (ChangingToAdmin == RemoveFromAdmin) {
//
// For removing an admin count, we need to make
// sure there is at least one. In the upgrade
// case there may not be, since prior versions
// of NT only had a boolean.
//
if (GroupV1Fixed.AdminCount > 0) {
if (--GroupV1Fixed.AdminCount == 0) {
NewAdminStatus --;
AdminChange = RemoveFromAdmin;
}
}
}
//
// Update the operator count
//
if (ChangingToOperator == AddToAdmin) {
if (++GroupV1Fixed.OperatorCount == 1) {
NewAdminStatus++;
OperatorChange = AddToAdmin;
}
} else if (ChangingToOperator == RemoveFromAdmin) {
//
// For removing an Operator count, we need to make
// sure there is at least one. In the upgrade
// case there may not be, since prior versions
// of NT only had a boolean.
//
if (GroupV1Fixed.OperatorCount > 0) {
if (--GroupV1Fixed.OperatorCount == 0) {
NewAdminStatus --;
OperatorChange = RemoveFromAdmin;
}
}
}
NtStatus = SampReplaceGroupV1Fixed(
GroupContext,
&GroupV1Fixed
);
//
// If the status of the group changed,
// modify the security descriptor to
// prevent account operators from adding
// anybody to this group
//
if ( NT_SUCCESS( NtStatus ) &&
((NewAdminStatus != 0) != (OldAdminStatus != 0)) ) {
//
// Get the old security descriptor so we can
// modify it.
//
NtStatus = SampGetAccessAttribute(
GroupContext,
SAMP_GROUP_SECURITY_DESCRIPTOR,
FALSE, // don't make copy
&Revision,
&OldDescriptor
);
if (NT_SUCCESS(NtStatus)) {
NtStatus = SampModifyAccountSecurity(
SampGroupObjectType,
(BOOLEAN) ((NewAdminStatus != 0) ? TRUE : FALSE),
OldDescriptor,
&SecurityDescriptor,
&SecurityDescriptorLength
);
if ( NT_SUCCESS( NtStatus ) ) {
//
// Write the new security descriptor into the object
//
NtStatus = SampSetAccessAttribute(
GroupContext,
SAMP_GROUP_SECURITY_DESCRIPTOR,
SecurityDescriptor,
SecurityDescriptorLength
);
RtlDeleteSecurityObject( &SecurityDescriptor );
}
}
}
//
// Update all the members of this group so that
// their security descriptors are changed.
//
if ( NT_SUCCESS( NtStatus ) &&
( (AdminChange != NoChange) ||
(OperatorChange != NoChange) ) ) {
NtStatus = SampRetrieveGroupMembers(
GroupContext,
&NumberOfUsersInGroup,
&UsersInGroup
);
if ( NT_SUCCESS( NtStatus ) ) {
for ( i = 0; i < NumberOfUsersInGroup; i++ ) {
NtStatus = SampChangeOperatorAccessToUser(
UsersInGroup[i],
AdminChange,
OperatorChange
);
if ( !( NT_SUCCESS( NtStatus ) ) ) {
break;
}
}
MIDL_user_free( UsersInGroup );
}
}
if (NT_SUCCESS(NtStatus)) {
//
// Add the modified group to the current transaction
// Don't use the open key handle since we'll be deleting the context.
//
NtStatus = SampStoreObjectAttributes(GroupContext, FALSE);
}
}
//
// Clean up the group context
//
SampDeleteContext(GroupContext);
}
break;
}
default: {
//
// A bad RID from a domain other than the domain
// current at the time of the call could slip through
// to this point. Return error.
//
//
// If the account is in a different domain than the alias,
// don't report an error if we're removing the member and
// the member no longer exists.
//
// Possibly caused by deleting the object before deleting
// the membership in the alias.
//
//
// Now that this function is called during upgrade, we
// can't fail if the account no longer exists. It is
// not really so bad to add a non-existant member to
// and alias so return success.
//
NtStatus = STATUS_SUCCESS;
}
}
}
if ( OldTransactionDomainIndex != SampDefinedDomainsCount ) {
//
// The transaction domain should be set to that of the alias, but
// we switched it above to that of the member while we modified
// the member. Now we need to switch it back.
//
SampTransactionWithinDomain = FALSE;
SampSetTransactionDomain( OldTransactionDomainIndex );
}
}
MIDL_user_free( MemberDomainSid );
return( NtStatus );
}
NTSTATUS
SampChangeOperatorAccessToUser(
IN ULONG UserRid,
IN SAMP_MEMBERSHIP_DELTA ChangingToAdmin,
IN SAMP_MEMBERSHIP_DELTA ChangingToOperator
)
/*++
Routine Description:
This routine adjusts the user's AdminCount field as appropriate, and
if the user is being removed from it's last ADMIN alias or added to
its first ADMIN alias, the ACL is adjusted to allow/disallow access
by account operators as appropriate.
This routine will also increment or decrement the domain's admin count,
if this operation changes that.
NOTE:
This routine is similar to SampChangeOperatorAccessToUser2().
This routine should be used in cases where a user context does NOT
already exist (and won't later on). You must be careful not to
create two contexts, since they will be independently applied back
to the registry, and the last one there will win.
THIS SERVICE MUST BE CALLED WITH THE SampLock HELD FOR WRITE ACCESS.
Arguments:
UserRid - The transaction-domain-relative ID of the user that is
being added to or removed from an ADMIN alias.
ChangingToAdmin - AddToAdmin if Member is being added to an ADMIN alias,
RemoveFromAdmin if it's being removed.
ChangingToOperator - AddToAdmin if Member is being added to an OPERATOR
alias, RemoveFromAdmin if it's being removed.
Return Value:
STATUS_SUCCESS - either the ACL was modified, or it didn't need
to be.
--*/
{
SAMP_V1_0A_FIXED_LENGTH_USER UserV1aFixed;
NTSTATUS NtStatus;
PSAMP_OBJECT UserContext;
PSECURITY_DESCRIPTOR SecurityDescriptor;
ULONG SecurityDescriptorLength;
//
// Get the user's fixed data, and adjust the AdminCount.
//
NtStatus = SampCreateAccountContext(
SampUserObjectType,
UserRid,
TRUE, // Trusted client
TRUE, // Account exists
&UserContext
);
if ( NT_SUCCESS( NtStatus ) ) {
NtStatus = SampRetrieveUserV1aFixed(
UserContext,
&UserV1aFixed
);
if ( NT_SUCCESS( NtStatus ) ) {
NtStatus = SampChangeOperatorAccessToUser2(
UserContext,
&UserV1aFixed,
ChangingToAdmin,
ChangingToOperator
);
if ( NT_SUCCESS( NtStatus ) ) {
//
// If we've succeeded (at changing the admin count, and
// the ACL if necessary) then write out the new admin
// count.
//
NtStatus = SampReplaceUserV1aFixed(
UserContext,
&UserV1aFixed
);
}
}
if (NT_SUCCESS(NtStatus)) {
//
// Add the modified user context to the current transaction
// Don't use the open key handle since we'll be deleting the context.
//
NtStatus = SampStoreObjectAttributes(UserContext, FALSE);
}
//
// Clean up account context
//
SampDeleteContext(UserContext);
}
if ( ( !NT_SUCCESS( NtStatus ) ) &&
(( ChangingToAdmin == RemoveFromAdmin ) ||
( ChangingToOperator == RemoveFromAdmin )) &&
( NtStatus != STATUS_SPECIAL_ACCOUNT ) ) {
//
// When an account is *removed* from admin groups, we can
// ignore errors from this routine. This routine is just
// making the account accessible to account operators, but
// it's no big deal if that doesn't work. The administrator
// can still get at it, so we should proceed with the calling
// operation.
//
// Obviously, we can't ignore errors if we're being added
// to an admin group, because that could be a security hole.
//
// Also, we want to make sure that the Administrator is
// never removed, so we DO propogate STATUS_SPECIAL_ACCOUNT.
//
NtStatus = STATUS_SUCCESS;
}
return( NtStatus );
}
NTSTATUS
SampChangeOperatorAccessToUser2(
IN PSAMP_OBJECT UserContext,
IN PSAMP_V1_0A_FIXED_LENGTH_USER V1aFixed,
IN SAMP_MEMBERSHIP_DELTA AddingToAdmin,
IN SAMP_MEMBERSHIP_DELTA AddingToOperator
)
/*++
Routine Description:
This routine adjusts the user's AdminCount field as appropriate, and
if the user is being removed from it's last ADMIN alias or added to
its first ADMIN alias, the ACL is adjusted to allow/disallow access
by account operators as appropriate.
This routine will also increment or decrement the domain's admin count,
if this operation changes that.
NOTE:
This routine is similar to SampAccountOperatorAccessToUser().
This routine should be used in cases where a user account context
already exists. You must be careful not to create two contexts,
since they will be independently applied back to the registry, and
the last one there will win.
THIS SERVICE MUST BE CALLED WITH THE SampLock HELD FOR WRITE ACCESS.
Arguments:
UserContext - Context of user whose access is to be updated.
V1aFixed - Pointer to the V1aFixed length data for the user.
The caller of this routine must ensure that this value is
stored back out to disk on successful completion of this
routine.
AddingToAdmin - AddToAdmin if Member is being added to an ADMIN alias,
RemoveFromAdmin if it's being removed.
AddingToOperator - AddToAdmin if Member is being added to an OPERATOR
alias, RemoveFromAdmin if it's being removed.
Return Value:
STATUS_SUCCESS - either the ACL(s) was modified, or it didn't need
to be.
--*/
{
NTSTATUS NtStatus;
PSECURITY_DESCRIPTOR OldDescriptor;
PSECURITY_DESCRIPTOR SecurityDescriptor;
ULONG SecurityDescriptorLength;
ULONG OldAdminStatus = 0, NewAdminStatus = 0;
ULONG Revision;
//
// Compute whether we are an admin now. From that we will figure
// out how many times we were may not an admin to tell if we need
// to update the security descriptor.
//
if (V1aFixed->AdminCount != 0) {
OldAdminStatus++;
}
if (V1aFixed->OperatorCount != 0) {
OldAdminStatus++;
}
NewAdminStatus = OldAdminStatus;
if ( AddingToAdmin == AddToAdmin ) {
V1aFixed->AdminCount++;
NewAdminStatus++;
SampDiagPrint( DISPLAY_ADMIN_CHANGES,
("SAM DIAG: Incrementing admin count for user %d\n"
" New admin count: %d\n",
V1aFixed->UserId, V1aFixed->AdminCount ) );
} else if (AddingToAdmin == RemoveFromAdmin) {
V1aFixed->AdminCount--;
if (V1aFixed->AdminCount == 0) {
NewAdminStatus--;
}
SampDiagPrint( DISPLAY_ADMIN_CHANGES,
("SAM DIAG: Decrementing admin count for user %d\n"
" New admin count: %d\n",
V1aFixed->UserId, V1aFixed->AdminCount ) );
if ( V1aFixed->AdminCount == 0 ) {
//
// Don't allow the Administrator account to lose
// administrative power.
//
if ( V1aFixed->UserId == DOMAIN_USER_RID_ADMIN ) {
NtStatus = STATUS_SPECIAL_ACCOUNT;
}
}
}
if ( AddingToOperator == AddToAdmin ) {
V1aFixed->OperatorCount++;
NewAdminStatus++;
SampDiagPrint( DISPLAY_ADMIN_CHANGES,
("SAM DIAG: Incrementing operator count for user %d\n"
" New admin count: %d\n",
V1aFixed->UserId, V1aFixed->OperatorCount ) );
} else if (AddingToOperator == RemoveFromAdmin) {
//
// Only decrement if the count is > 0, since in the upgrade case
// this field we start out zero.
//
if (V1aFixed->OperatorCount > 0) {
V1aFixed->OperatorCount--;
if (V1aFixed->OperatorCount == 0) {
NewAdminStatus--;
}
}
SampDiagPrint( DISPLAY_ADMIN_CHANGES,
("SAM DIAG: Decrementing operator count for user %d\n"
" New admin count: %d\n",
V1aFixed->UserId, V1aFixed->OperatorCount ) );
}
if (NT_SUCCESS(NtStatus)) {
if ( ( NewAdminStatus != 0 ) != ( OldAdminStatus != 0 ) ) {
//
// User's admin status is changing. We must change the
// ACL.
//
#ifdef SAMP_DIAGNOSTICS
if (AddingToAdmin) {
SampDiagPrint( DISPLAY_ADMIN_CHANGES,
("SAM DIAG: Protecting user %d as ADMIN account\n",
V1aFixed->UserId ) );
} else {
SampDiagPrint( DISPLAY_ADMIN_CHANGES,
("SAM DIAG: Protecting user %d as non-admin account\n",
V1aFixed->UserId ) );
}
#endif // SAMP_DIAGNOSTICS
//
// Get the old security descriptor so we can
// modify it.
//
NtStatus = SampGetAccessAttribute(
UserContext,
SAMP_USER_SECURITY_DESCRIPTOR,
FALSE, // don't make copy
&Revision,
&OldDescriptor
);
if (NT_SUCCESS(NtStatus)) {
NtStatus = SampModifyAccountSecurity(
SampUserObjectType,
(BOOLEAN) ((NewAdminStatus != 0) ? TRUE : FALSE),
OldDescriptor,
&SecurityDescriptor,
&SecurityDescriptorLength
);
}
if ( NT_SUCCESS( NtStatus ) ) {
//
// Write the new security descriptor into the object
//
NtStatus = SampSetAccessAttribute(
UserContext,
SAMP_USER_SECURITY_DESCRIPTOR,
SecurityDescriptor,
SecurityDescriptorLength
);
RtlDeleteSecurityObject( &SecurityDescriptor );
}
}
}
if ( NT_SUCCESS( NtStatus ) ) {
//
// Save the fixed-length attributes
//
NtStatus = SampReplaceUserV1aFixed(
UserContext,
V1aFixed
);
}
if ( ( !NT_SUCCESS( NtStatus ) ) &&
( AddingToAdmin != AddToAdmin ) &&
( NtStatus != STATUS_SPECIAL_ACCOUNT ) ) {
//
// When an account is *removed* from admin groups, we can
// ignore errors from this routine. This routine is just
// making the account accessible to account operators, but
// it's no big deal if that doesn't work. The administrator
// can still get at it, so we should proceed with the calling
// operation.
//
// Obviously, we can't ignore errors if we're being added
// to an admin group, because that could be a security hole.
//
// Also, we want to make sure that the Administrator is
// never removed, so we DO propogate STATUS_SPECIAL_ACCOUNT.
//
NtStatus = STATUS_SUCCESS;
}
return( NtStatus );
}
///////////////////////////////////////////////////////////////////////////////
// //
// Services Private to this process //
// //
///////////////////////////////////////////////////////////////////////////////
NTSTATUS
SamINotifyDelta (
IN SAMPR_HANDLE DomainHandle,
IN SECURITY_DB_DELTA_TYPE DeltaType,
IN SECURITY_DB_OBJECT_TYPE ObjectType,
IN ULONG ObjectRid,
IN PUNICODE_STRING ObjectName,
IN DWORD ReplicateImmediately,
IN PSAM_DELTA_DATA DeltaData OPTIONAL
)
/*++
Routine Description:
Performs a change to some 'virtual' data in a domain. This is used by
netlogon to get the domain modification count updated for cases where
fields stored in the database replicated to a down-level machine have
changed. These fields don't exist in the NT SAM database but netlogon
needs to keep the SAM database and the down-level database modification
counts in sync.
Arguments:
DomainHandle - The handle of an opened domain to operate on.
All other parameters match those in I_NetNotifyDelta.
Return Value:
STATUS_SUCCESS - Domain modification count updated successfully.
--*/
{
NTSTATUS NtStatus, IgnoreStatus;
PSAMP_OBJECT DomainContext;
SAMP_OBJECT_TYPE FoundType;
NtStatus = SampAcquireWriteLock();
if (!NT_SUCCESS(NtStatus)) {
return(NtStatus);
}
//
// Validate type of, and access to object.
//
DomainContext = (PSAMP_OBJECT)DomainHandle;
NtStatus = SampLookupContext(
DomainContext,
DOMAIN_ALL_ACCESS, // Trusted client should succeed
SampDomainObjectType, // ExpectedType
&FoundType
);
if (NT_SUCCESS(NtStatus)) {
//
// Dump the context - don't save the non-existent changes
//
NtStatus = SampDeReferenceContext( DomainContext, FALSE );
}
//
// Commit changes, if successful, and notify Netlogon of changes.
//
if ( NT_SUCCESS(NtStatus) ) {
//
// This will increment domain count and write it out
//
NtStatus = SampCommitAndRetainWriteLock();
if ( NT_SUCCESS( NtStatus ) ) {
SampNotifyNetlogonOfDelta(
DeltaType,
ObjectType,
ObjectRid,
ObjectName,
ReplicateImmediately,
DeltaData
);
}
}
IgnoreStatus = SampReleaseWriteLock( FALSE );
ASSERT(NT_SUCCESS(IgnoreStatus));
return(NtStatus);
}
NTSTATUS
SamISetAuditingInformation(
IN PPOLICY_AUDIT_EVENTS_INFO PolicyAuditEventsInfo
)
/*++
Routine Description:
This function sets Policy Audit Event Info relevant to SAM Auditing
Arguments:
PolicyAuditEventsInfo - Pointer to structure containing the
current Audit Events Information. SAM extracts values of
relevance.
Return Value:
NTSTATUS - Standard Nt Result Code
STATUS_SUCCESSFUL - The call completed successfully.
STATUS_UNSUCCESSFUL - The call was not successful because the
SAM lock was not acquired.
--*/
{
NTSTATUS NtStatus;
//
// Acquire the SAM Database Write Lock.
//
NtStatus = SampAcquireWriteLock();
if (NT_SUCCESS(NtStatus)) {
//
// Set boolean if Auditing is on for Account Management
//
SampSetAuditingInformation( PolicyAuditEventsInfo );
//
// Release the SAM Database Write Lock. No need to commit
// the database transaction as there are no entries in the
// transaction log.
//
NtStatus = SampReleaseWriteLock( FALSE );
}
return(NtStatus);
}
NTSTATUS
SampRtlConvertUlongToUnicodeString(
IN ULONG Value,
IN ULONG Base OPTIONAL,
IN ULONG DigitCount,
IN BOOLEAN AllocateDestinationString,
OUT PUNICODE_STRING UnicodeString
)
/*++
Routine Description:
This function converts an unsigned long integer a Unicode String.
The string contains leading zeros and is Unicode-NULL terminated.
Memory for the output buffer can optionally be allocated by the routine.
NOTE: This routine may be eligible for inclusion in the Rtl library
(possibly after modification). It is modeled on
RtlIntegerToUnicodeString
Arguments:
Value - The unsigned long value to be converted.
Base - Specifies the radix that the converted string is to be
converted to.
DigitCount - Specifies the number of digits, including leading zeros
required for the result.
AllocateDestinationString - Specifies whether memory of the string
buffer is to be allocated by this routine. If TRUE is specified,
memory will be allocated via MIDL_user_allocate(). When this memory
is no longer required, it must be freed via MIDL_user_free. If
FALSE is specified, the string will be appended to the output
at the point marked by the Length field onwards.
UnicodeString - Pointer to UNICODE_STRING structure which will receive
the output string. The Length field will be set equal to the
number of bytes occupied by the string (excluding NULL terminator).
If memory for the destination string is being allocated by
the routine, the MaximumLength field will be set equal to the
length of the string in bytes including the null terminator.
Return Values:
NTSTATUS - Standard Nt Result Code.
STATUS_SUCCESS - The call completed successfully.
STATUS_NO_MEMORY - Insufficient memory for the output string buffer.
STATUS_BUFFER_OVERFLOW - Buffer supplied is too small to contain the
output null-terminated string.
STATUS_INVALID_PARAMETER_MIX - One or more parameters are
invalid in combination.
- The specified Relative Id is too large to fit when converted
into an integer with DigitCount digits.
STATUS_INVALID_PARAMETER - One or more parameters are invalid.
- DigitCount specifies too large a number of digits.
--*/
{
NTSTATUS NtStatus;
UNICODE_STRING TempStringU, NumericStringU, OutputUnicodeStringU;
USHORT OutputLengthAvailable, OutputLengthRequired, LeadingZerosLength;
OutputUnicodeStringU = *UnicodeString;
TempStringU.Buffer = NULL;
if (AllocateDestinationString) {
OutputUnicodeStringU.Buffer = NULL;
}
//
// Verify that the maximum number of digits rquested has not been
// exceeded.
//
if (DigitCount > SAMP_MAXIMUM_ACCOUNT_RID_DIGITS) {
goto ConvertUlongToUnicodeStringError;
}
OutputLengthRequired = (USHORT)((DigitCount + 1) * sizeof(WCHAR));
//
// Allocate the Destination String Buffer if requested
//
if (AllocateDestinationString) {
NtStatus = STATUS_NO_MEMORY;
OutputUnicodeStringU.MaximumLength = OutputLengthRequired;
OutputUnicodeStringU.Length = (USHORT) 0;
OutputUnicodeStringU.Buffer = MIDL_user_allocate(
OutputUnicodeStringU.MaximumLength
);
if (OutputUnicodeStringU.Buffer == NULL) {
goto ConvertUlongToUnicodeStringError;
}
}
//
// Compute the length available in the output string and compare it with
// the length required.
//
OutputLengthAvailable = OutputUnicodeStringU.MaximumLength -
OutputUnicodeStringU.Length;
NtStatus = STATUS_BUFFER_OVERFLOW;
if (OutputLengthRequired > OutputLengthAvailable) {
goto ConvertUlongToUnicodeStringError;
}
//
// Create a Unicode String with capacity equal to the required
// converted Rid Length
//
TempStringU.MaximumLength = OutputLengthRequired;
TempStringU.Buffer = MIDL_user_allocate( TempStringU.MaximumLength );
NtStatus = STATUS_NO_MEMORY;
if (TempStringU.Buffer == NULL) {
goto ConvertUlongToUnicodeStringError;
}
//
// Convert the unsigned long value to a hexadecimal Unicode String.
//
NtStatus = RtlIntegerToUnicodeString( Value, Base, &TempStringU );
if (!NT_SUCCESS(NtStatus)) {
goto ConvertUlongToUnicodeStringError;
}
//
// Prepend the requisite number of Unicode Zeros.
//
LeadingZerosLength = OutputLengthRequired - sizeof(WCHAR) - TempStringU.Length;
if (LeadingZerosLength > 0) {
RtlInitUnicodeString( &NumericStringU, L"00000000000000000000000000000000" );
RtlCopyMemory(
((PUCHAR)OutputUnicodeStringU.Buffer) + OutputUnicodeStringU.Length,
NumericStringU.Buffer,
LeadingZerosLength
);
OutputUnicodeStringU.Length += LeadingZerosLength;
}
//
// Append the converted string
//
RtlAppendUnicodeStringToString( &OutputUnicodeStringU, &TempStringU);
*UnicodeString = OutputUnicodeStringU;
NtStatus = STATUS_SUCCESS;
ConvertUlongToUnicodeStringFinish:
if (TempStringU.Buffer != NULL) {
MIDL_user_free( TempStringU.Buffer);
}
return(NtStatus);
ConvertUlongToUnicodeStringError:
if (AllocateDestinationString) {
if (OutputUnicodeStringU.Buffer != NULL) {
MIDL_user_free( OutputUnicodeStringU.Buffer);
}
}
goto ConvertUlongToUnicodeStringFinish;
}
NTSTATUS
SampRtlWellKnownPrivilegeCheck(
BOOLEAN ImpersonateClient,
IN ULONG PrivilegeId,
IN OPTIONAL PCLIENT_ID ClientId
)
/*++
Routine Description:
This function checks if the given well known privilege is enabled for an
impersonated client or for the current process.
Arguments:
ImpersonateClient - If TRUE, impersonate the client. If FALSE, don't
impersonate the client (we may already be doing so).
PrivilegeId - Specifies the well known Privilege Id
ClientId - Specifies the client process/thread Id. If already
impersonating the client, or impersonation is requested, this
parameter should be omitted.
Return Value:
NTSTATUS - Standard Nt Result Code
STATUS_SUCCESS - The call completed successfully and the client
is either trusted or has the necessary privilege enabled.
--*/
{
NTSTATUS Status, SecondaryStatus;
BOOLEAN PrivilegeHeld = FALSE;
HANDLE ClientThread = NULL, ClientProcess = NULL, ClientToken = NULL;
OBJECT_ATTRIBUTES NullAttributes;
PRIVILEGE_SET Privilege;
BOOLEAN ClientImpersonatedHere = FALSE;
InitializeObjectAttributes( &NullAttributes, NULL, 0, NULL, NULL );
//
// If requested, impersonate the client.
//
if (ImpersonateClient) {
Status = I_RpcMapWin32Status(RpcImpersonateClient( NULL ));
if ( !NT_SUCCESS(Status) ) {
goto WellKnownPrivilegeCheckError;
}
ClientImpersonatedHere = TRUE;
}
//
// If a client process other than ourself has been specified , open it
// for query information access.
//
if (ARGUMENT_PRESENT(ClientId)) {
if (ClientId->UniqueProcess != NtCurrentProcess()) {
Status = NtOpenProcess(
&ClientProcess,
PROCESS_QUERY_INFORMATION, // To open primary token
&NullAttributes,
ClientId
);
if ( !NT_SUCCESS(Status) ) {
goto WellKnownPrivilegeCheckError;
}
} else {
ClientProcess = NtCurrentProcess();
}
}
//
// If a client thread other than ourself has been specified , open it
// for query information access.
//
if (ARGUMENT_PRESENT(ClientId)) {
if (ClientId->UniqueThread != NtCurrentThread()) {
Status = NtOpenThread(
&ClientThread,
THREAD_QUERY_INFORMATION,
&NullAttributes,
ClientId
);
if ( !NT_SUCCESS(Status) ) {
goto WellKnownPrivilegeCheckError;
}
} else {
ClientThread = NtCurrentThread();
}
} else {
ClientThread = NtCurrentThread();
}
//
// Open the specified or current thread's impersonation token (if any).
//
Status = NtOpenThreadToken(
ClientThread,
TOKEN_QUERY,
TRUE,
&ClientToken
);
//
// Make sure that we did not get any error in opening the impersonation
// token other than that the token doesn't exist.
//
if ( !NT_SUCCESS(Status) ) {
if ( Status != STATUS_NO_TOKEN ) {
goto WellKnownPrivilegeCheckError;
}
//
// The thread isn't impersonating...open the process's token.
// A process Id must have been specified in the ClientId information
// in this case.
//
if (ClientProcess == NULL) {
Status = STATUS_INVALID_PARAMETER;
goto WellKnownPrivilegeCheckError;
}
Status = NtOpenProcessToken(
ClientProcess,
TOKEN_QUERY,
&ClientToken
);
//
// Make sure we succeeded in opening the token
//
if ( !NT_SUCCESS(Status) ) {
goto WellKnownPrivilegeCheckError;
}
}
//
// OK, we have a token open. Now check for the privilege to execute this
// service.
//
Privilege.PrivilegeCount = 1;
Privilege.Control = PRIVILEGE_SET_ALL_NECESSARY;
Privilege.Privilege[0].Luid = RtlConvertLongToLuid(PrivilegeId);
Privilege.Privilege[0].Attributes = 0;
Status = NtPrivilegeCheck(
ClientToken,
&Privilege,
&PrivilegeHeld
);
if (!NT_SUCCESS(Status)) {
goto WellKnownPrivilegeCheckError;
}
//
// Generate any necessary audits
//
SecondaryStatus = NtPrivilegedServiceAuditAlarm (
&SampSamSubsystem,
&SampSamSubsystem,
ClientToken,
&Privilege,
PrivilegeHeld
);
// ASSERT( NT_SUCCESS(SecondaryStatus) );
if ( !PrivilegeHeld ) {
Status = STATUS_PRIVILEGE_NOT_HELD;
goto WellKnownPrivilegeCheckError;
}
WellKnownPrivilegeCheckFinish:
//
// If we impersonated the client, revert to ourself.
//
if (ClientImpersonatedHere) {
SecondaryStatus = I_RpcMapWin32Status(RpcRevertToSelf());
}
//
// If necessary, close the client Process.
//
if ((ARGUMENT_PRESENT(ClientId)) &&
(ClientId->UniqueProcess != NtCurrentProcess()) &&
(ClientProcess != NULL)) {
SecondaryStatus = NtClose( ClientProcess );
ASSERT(NT_SUCCESS(SecondaryStatus));
ClientProcess = NULL;
}
//
// If necessary, close the client token.
//
if (ClientToken != NULL) {
SecondaryStatus = NtClose( ClientToken );
ASSERT(NT_SUCCESS(SecondaryStatus));
ClientToken = NULL;
}
//
// If necessary, close the client thread
//
if ((ARGUMENT_PRESENT(ClientId)) &&
(ClientId->UniqueThread != NtCurrentThread()) &&
(ClientThread != NULL)) {
SecondaryStatus = NtClose( ClientThread );
ASSERT(NT_SUCCESS(SecondaryStatus));
ClientThread = NULL;
}
return(Status);
WellKnownPrivilegeCheckError:
goto WellKnownPrivilegeCheckFinish;
}
VOID
SampWriteEventLog (
IN USHORT EventType,
IN USHORT EventCategory OPTIONAL,
IN ULONG EventID,
IN PSID UserSid OPTIONAL,
IN USHORT NumStrings,
IN ULONG DataSize,
IN PUNICODE_STRING *Strings OPTIONAL,
IN PVOID Data OPTIONAL
)
/*++
Routine Description:
Routine that adds an entry to the event log
Arguments:
EventType - Type of event.
EventCategory - EventCategory
EventID - event log ID.
UserSid - SID of user involved.
NumStrings - Number of strings in Strings array
DataSize - Number of bytes in Data buffer
Strings - Array of unicode strings
Data - Pointer to data buffer
Return Value:
None.
--*/
{
NTSTATUS NtStatus;
UNICODE_STRING Source;
HANDLE LogHandle;
RtlInitUnicodeString(&Source, L"SAM");
//
// Open the log
//
NtStatus = ElfRegisterEventSourceW (
NULL, // Server
&Source,
&LogHandle
);
if (!NT_SUCCESS(NtStatus)) {
KdPrint(("SAM: Failed to registry event source with event log, status = 0x%lx\n", NtStatus));
return;
}
//
// Write out the event
//
NtStatus = ElfReportEventW (
LogHandle,
EventType,
EventCategory,
EventID,
UserSid,
NumStrings,
DataSize,
Strings,
Data,
0, // Flags
NULL, // Record Number
NULL // Time written
);
if (!NT_SUCCESS(NtStatus)) {
KdPrint(("SAM: Failed to report event to event log, status = 0x%lx\n", NtStatus));
}
//
// Close the event log
//
NtStatus = ElfDeregisterEventSource (LogHandle);
if (!NT_SUCCESS(NtStatus)) {
KdPrint(("SAM: Failed to de-register event source with event log, status = 0x%lx\n", NtStatus));
}
}
BOOL
SampShutdownNotification(
DWORD dwCtrlType
)
/*++
Routine Description:
This routine is called by the system when system shutdown is occuring.
It causes the SAM registry to be flushed if necessary.
Arguments:
Return Value:
FALSE - to allow any other shutdown routines in this process to
also be called.
--*/
{
NTSTATUS
NtStatus;
if (dwCtrlType == CTRL_SHUTDOWN_EVENT) {
//
// Don't wait for the flush thread to wake up.
// Flush the registry now if necessary ...
//
NtStatus = SampAcquireWriteLock();
ASSERT( NT_SUCCESS(NtStatus) ); //Nothing we can do if this fails
if ( NT_SUCCESS( NtStatus ) ) {
//
// This flush use to be done only if FlushThreadCreated
// was true. However, we seem to have a race condition
// at setup that causes an initial replication to be
// lost (resulting in an additional replication).
// Until we resolve this problem, always flush on
// shutdown.
//
NtStatus = NtFlushKey( SampKey );
if (!NT_SUCCESS( NtStatus )) {
DbgPrint("NtFlushKey failed, Status = %X\n",NtStatus);
// ASSERT( NT_SUCCESS(NtStatus) );
}
SampReleaseWriteLock( FALSE );
}
}
return(FALSE);
}
NTSTATUS
SampGetAccountDomainInfo(
PPOLICY_ACCOUNT_DOMAIN_INFO *PolicyAccountDomainInfo
)
/*++
Routine Description:
This routine retrieves ACCOUNT domain information from the LSA
policy database.
Arguments:
PolicyAccountDomainInfo - Receives a pointer to a
POLICY_ACCOUNT_DOMAIN_INFO structure containing the account
domain info.
Return Value:
STATUS_SUCCESS - Succeeded.
Other status values that may be returned from:
LsarQueryInformationPolicy()
--*/
{
NTSTATUS
NtStatus,
IgnoreStatus;
LSAPR_HANDLE
PolicyHandle;
NtStatus = LsaIOpenPolicyTrusted( &PolicyHandle );
if (NT_SUCCESS(NtStatus)) {
//
// Query the account domain information
//
NtStatus = LsarQueryInformationPolicy(
PolicyHandle,
PolicyAccountDomainInformation,
(PLSAPR_POLICY_INFORMATION *)PolicyAccountDomainInfo
);
if (NT_SUCCESS(NtStatus)) {
if ( (*PolicyAccountDomainInfo)->DomainSid == NULL ) {
NtStatus = STATUS_INVALID_SID;
}
}
IgnoreStatus = LsarClose( &PolicyHandle );
ASSERT(NT_SUCCESS(IgnoreStatus));
}
#if DBG
if ( NT_SUCCESS(NtStatus) ) {
ASSERT( (*PolicyAccountDomainInfo) != NULL );
ASSERT( (*PolicyAccountDomainInfo)->DomainName.Buffer != NULL );
}
#endif //DBG
return(NtStatus);
}
Reference in New Issue View Git Blame Copy Permalink