SRVCMGMT.CPP

/*++ 

DCOM Permission Configuration Sample
Copyright (c) 1996, Microsoft Corporation. All rights reserved.

Module Name:

srvcmgmt.cpp

Abstract:

Routines to manage RunAs and Service settings for DCOM servers

Author:

Michael Nelson

Environment:

Windows NT

--*/

#include <windows.h>
#include <stdio.h>
#include <conio.h>
#include <tchar.h>
#include "ntsecapi.h"
#include "dcomperm.h"

DWORD GetRunAsPassword (
LPTSTR AppID,
LPTSTR Password
)
{
LSA_OBJECT_ATTRIBUTES objectAttributes;
HANDLE policyHandle = NULL;
LSA_UNICODE_STRING lsaKeyString;
PLSA_UNICODE_STRING lsaPasswordString;
WCHAR key [4 + GUIDSTR_MAX + 1];
WCHAR wideAppID [GUIDSTR_MAX + 1];
ULONG returnValue;

#ifndef UNICODE
STR2UNI (wideAppID, AppID);
#else
lstrcpy (wideAppID, AppID);
#endif

wcscpy (key, L"SCM:");
wcscat (key, wideAppID);

lsaKeyString.Length = (USHORT) ((wcslen (key) + 1) * sizeof (WCHAR));
lsaKeyString.MaximumLength = (GUIDSTR_MAX + 5) * sizeof (WCHAR);
lsaKeyString.Buffer = key;

//
// Open the local security policy
//

memset (&objectAttributes, 0x00, sizeof (LSA_OBJECT_ATTRIBUTES));
objectAttributes.Length = sizeof (LSA_OBJECT_ATTRIBUTES);

returnValue = LsaOpenPolicy (NULL,
&objectAttributes,
POLICY_GET_PRIVATE_INFORMATION,
&policyHandle);

if (returnValue != ERROR_SUCCESS)
return returnValue;

//
// Read the user's password
//

returnValue = LsaRetrievePrivateData (policyHandle,
&lsaKeyString,
&lsaPasswordString);

if (returnValue != ERROR_SUCCESS)
{
LsaClose (policyHandle);
return returnValue;
}

LsaClose (policyHandle);

#ifndef UNICODE
UNI2STR (Password, lsaPasswordString->Buffer);
#else
wcscpy (Password, lsaPasswordString->Buffer);
#endif

return ERROR_SUCCESS;
}

DWORD SetRunAsPassword (
LPTSTR AppID,
LPTSTR Principal,
LPTSTR Password
)
{
LSA_OBJECT_ATTRIBUTES objectAttributes;
HANDLE policyHandle = NULL;
LSA_UNICODE_STRING lsaKeyString;
LSA_UNICODE_STRING lsaPasswordString;
WCHAR key [4 + GUIDSTR_MAX + 1];
WCHAR wideAppID [GUIDSTR_MAX + 1];
WCHAR widePassword [256];
DWORD returnValue;

#ifndef UNICODE
STR2UNI (wideAppID, AppID);
STR2UNI (widePassword, Password);
#else
wcscpy (wideAppID, AppID);
wcscpy (widePassword, Password);
#endif

wcscpy (key, L"SCM:");
wcscat (key, wideAppID);

lsaKeyString.Length = (USHORT) ((wcslen (key) + 1) * sizeof (WCHAR));
lsaKeyString.MaximumLength = (GUIDSTR_MAX + 5) * sizeof (WCHAR);
lsaKeyString.Buffer = key;

lsaPasswordString.Length = (USHORT) ((wcslen (widePassword) + 1) * sizeof (WCHAR));
lsaPasswordString.Buffer = widePassword;
lsaPasswordString.MaximumLength = lsaPasswordString.Length;

//
// Open the local security policy
//

memset (&objectAttributes, 0x00, sizeof (LSA_OBJECT_ATTRIBUTES));
objectAttributes.Length = sizeof (LSA_OBJECT_ATTRIBUTES);

returnValue = LsaOpenPolicy (NULL,
&objectAttributes,
POLICY_CREATE_SECRET,
&policyHandle);

if (returnValue != ERROR_SUCCESS)
return returnValue;

//
// Store the user's password
//

returnValue = LsaStorePrivateData (policyHandle,
&lsaKeyString,
&lsaPasswordString);

if (returnValue != ERROR_SUCCESS)
{
LsaClose (policyHandle);
return returnValue;
}

LsaClose (policyHandle);

returnValue = SetAccountRights (Principal, TEXT("SeBatchLogonRight"));
if (returnValue != ERROR_SUCCESS)
return returnValue;

return ERROR_SUCCESS;
}

DWORD
SetAccountRights (
LPTSTR User,
LPTSTR Privilege
)
{
LSA_HANDLE policyHandle;
LSA_OBJECT_ATTRIBUTES objectAttributes;
PSID principalSID;
LSA_UNICODE_STRING lsaPrivilegeString;
WCHAR widePrivilege [256];

#ifdef _UNICODE
lstrcpy (widePrivilege, Privilege);
#else
STR2UNI (widePrivilege, Privilege);
#endif

memset (&objectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES));
if (LsaOpenPolicy (NULL,
&objectAttributes,
POLICY_CREATE_ACCOUNT | POLICY_LOOKUP_NAMES,
&policyHandle) != ERROR_SUCCESS)
{
return GetLastError();
}

GetPrincipalSID (User, &principalSID);

lsaPrivilegeString.Length = (USHORT) (wcslen (widePrivilege) * sizeof (WCHAR));
lsaPrivilegeString.MaximumLength = (USHORT) (lsaPrivilegeString.Length + sizeof (WCHAR));
lsaPrivilegeString.Buffer = widePrivilege;

if (LsaAddAccountRights (policyHandle,
principalSID,
&lsaPrivilegeString,
1) != ERROR_SUCCESS)
{
free (principalSID);
LsaClose (policyHandle);
return GetLastError();
}

free (principalSID);
LsaClose (policyHandle);

return ERROR_SUCCESS;
}