/*++
DCOM Permission Configuration Sample
Copyright (c) 1996, Microsoft Corporation. All rights reserved.
Module Name:
srvcmgmt.cpp
Abstract:
Routines to manage RunAs and Service settings for DCOM servers
Author:
Michael Nelson
Environment:
Windows NT
--*/
#include <windows.h>
#include <stdio.h>
#include <conio.h>
#include <tchar.h>
#include "ntsecapi.h"
#include "dcomperm.h"
DWORD GetRunAsPassword (
LPTSTR AppID,
LPTSTR Password
)
{
LSA_OBJECT_ATTRIBUTES objectAttributes;
HANDLE policyHandle = NULL;
LSA_UNICODE_STRING lsaKeyString;
PLSA_UNICODE_STRING lsaPasswordString;
WCHAR key [4 + GUIDSTR_MAX + 1];
WCHAR wideAppID [GUIDSTR_MAX + 1];
ULONG returnValue;
#ifndef UNICODE
STR2UNI (wideAppID, AppID);
#else
lstrcpy (wideAppID, AppID);
#endif
wcscpy (key, L"SCM:");
wcscat (key, wideAppID);
lsaKeyString.Length = (USHORT) ((wcslen (key) + 1) * sizeof (WCHAR));
lsaKeyString.MaximumLength = (GUIDSTR_MAX + 5) * sizeof (WCHAR);
lsaKeyString.Buffer = key;
//
// Open the local security policy
//
memset (&objectAttributes, 0x00, sizeof (LSA_OBJECT_ATTRIBUTES));
objectAttributes.Length = sizeof (LSA_OBJECT_ATTRIBUTES);
returnValue = LsaOpenPolicy (NULL,
&objectAttributes,
POLICY_GET_PRIVATE_INFORMATION,
&policyHandle);
if (returnValue != ERROR_SUCCESS)
return returnValue;
//
// Read the user's password
//
returnValue = LsaRetrievePrivateData (policyHandle,
&lsaKeyString,
&lsaPasswordString);
if (returnValue != ERROR_SUCCESS)
{
LsaClose (policyHandle);
return returnValue;
}
LsaClose (policyHandle);
#ifndef UNICODE
UNI2STR (Password, lsaPasswordString->Buffer);
#else
wcscpy (Password, lsaPasswordString->Buffer);
#endif
return ERROR_SUCCESS;
}
DWORD SetRunAsPassword (
LPTSTR AppID,
LPTSTR Principal,
LPTSTR Password
)
{
LSA_OBJECT_ATTRIBUTES objectAttributes;
HANDLE policyHandle = NULL;
LSA_UNICODE_STRING lsaKeyString;
LSA_UNICODE_STRING lsaPasswordString;
WCHAR key [4 + GUIDSTR_MAX + 1];
WCHAR wideAppID [GUIDSTR_MAX + 1];
WCHAR widePassword [256];
DWORD returnValue;
#ifndef UNICODE
STR2UNI (wideAppID, AppID);
STR2UNI (widePassword, Password);
#else
wcscpy (wideAppID, AppID);
wcscpy (widePassword, Password);
#endif
wcscpy (key, L"SCM:");
wcscat (key, wideAppID);
lsaKeyString.Length = (USHORT) ((wcslen (key) + 1) * sizeof (WCHAR));
lsaKeyString.MaximumLength = (GUIDSTR_MAX + 5) * sizeof (WCHAR);
lsaKeyString.Buffer = key;
lsaPasswordString.Length = (USHORT) ((wcslen (widePassword) + 1) * sizeof (WCHAR));
lsaPasswordString.Buffer = widePassword;
lsaPasswordString.MaximumLength = lsaPasswordString.Length;
//
// Open the local security policy
//
memset (&objectAttributes, 0x00, sizeof (LSA_OBJECT_ATTRIBUTES));
objectAttributes.Length = sizeof (LSA_OBJECT_ATTRIBUTES);
returnValue = LsaOpenPolicy (NULL,
&objectAttributes,
POLICY_CREATE_SECRET,
&policyHandle);
if (returnValue != ERROR_SUCCESS)
return returnValue;
//
// Store the user's password
//
returnValue = LsaStorePrivateData (policyHandle,
&lsaKeyString,
&lsaPasswordString);
if (returnValue != ERROR_SUCCESS)
{
LsaClose (policyHandle);
return returnValue;
}
LsaClose (policyHandle);
returnValue = SetAccountRights (Principal, TEXT("SeBatchLogonRight"));
if (returnValue != ERROR_SUCCESS)
return returnValue;
return ERROR_SUCCESS;
}
DWORD
SetAccountRights (
LPTSTR User,
LPTSTR Privilege
)
{
LSA_HANDLE policyHandle;
LSA_OBJECT_ATTRIBUTES objectAttributes;
PSID principalSID;
LSA_UNICODE_STRING lsaPrivilegeString;
WCHAR widePrivilege [256];
#ifdef _UNICODE
lstrcpy (widePrivilege, Privilege);
#else
STR2UNI (widePrivilege, Privilege);
#endif
memset (&objectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES));
if (LsaOpenPolicy (NULL,
&objectAttributes,
POLICY_CREATE_ACCOUNT | POLICY_LOOKUP_NAMES,
&policyHandle) != ERROR_SUCCESS)
{
return GetLastError();
}
GetPrincipalSID (User, &principalSID);
lsaPrivilegeString.Length = (USHORT) (wcslen (widePrivilege) * sizeof (WCHAR));
lsaPrivilegeString.MaximumLength = (USHORT) (lsaPrivilegeString.Length + sizeof (WCHAR));
lsaPrivilegeString.Buffer = widePrivilege;
if (LsaAddAccountRights (policyHandle,
principalSID,
&lsaPrivilegeString,
1) != ERROR_SUCCESS)
{
free (principalSID);
LsaClose (policyHandle);
return GetLastError();
}
free (principalSID);
LsaClose (policyHandle);
return ERROR_SUCCESS;
}