winsup/cygwin/setlsapwd.cc

   1 /* setlsapwd.cc: Set LSA private data password for current user.
   2
   3 This file is part of Cygwin.
   4
   5 This software is a copyrighted work licensed under the terms of the
   6 Cygwin license.  Please consult the file "CYGWIN_LICENSE" for
   7 details. */
   8
   9 #include "winsup.h"
  10 #include "shared_info.h"
  11 #include "cygerrno.h"
  12 #include "path.h"
  13 #include "fhandler.h"
  14 #include "dtable.h"
  15 #include "cygheap.h"
  16 #include "security.h"
  17 #include "cygserver_setpwd.h"
  18 #include "ntdll.h"
  19 #include <ntsecapi.h>
  20 #include <stdlib.h>
  21 #include <wchar.h>
  22
  23 /*
  24  * client_request_setpwd Constructor
  25  */
  26
  27 client_request_setpwd::client_request_setpwd (PUNICODE_STRING passwd)
  28   : client_request (CYGSERVER_REQUEST_SETPWD, &_parameters, sizeof (_parameters))
  29 {
  30   memset (_parameters.in.passwd, 0, sizeof _parameters.in.passwd);
  31   if (passwd->Length > 0 && passwd->Length < 256 * sizeof (WCHAR))
  32     wcpncpy (_parameters.in.passwd, passwd->Buffer, 255);
  33
  34   msglen (sizeof (_parameters.in));
  35 }
  36
  37 unsigned long
  38 setlsapwd (const char *passwd, const char *username)
  39 {
  40   unsigned long ret = (unsigned long) -1;
  41   HANDLE lsa;
  42   WCHAR sid[128];
  43   WCHAR key_name[128 + wcslen (CYGWIN_LSA_KEY_PREFIX)];
  44   PWCHAR data_buf = NULL;
  45   UNICODE_STRING key;
  46   UNICODE_STRING data;
  47
  48   if (username)
  49     {
  50       cygsid psid;
  51       struct passwd *pw = internal_getpwnam (username);
  52
  53       if (!pw || !psid.getfrompw (pw))
  54         {
  55           set_errno (ENOENT);
  56           return ret;
  57         }
  58       wcpcpy (wcpcpy (key_name, CYGWIN_LSA_KEY_PREFIX), psid.string (sid));
  59     }
  60   else
  61     wcpcpy (wcpcpy (key_name, CYGWIN_LSA_KEY_PREFIX),
  62             cygheap->user.get_windows_id (sid));
  63   RtlInitUnicodeString (&key, key_name);
  64   if (!passwd || ! *passwd
  65       || sys_mbstowcs_alloc (&data_buf, HEAP_NOTHEAP, passwd))
  66     {
  67       memset (&data, 0, sizeof data);
  68       if (data_buf)
  69         RtlInitUnicodeString (&data, data_buf);
  70       /* First try it locally.  Works for admin accounts. */
  71       if ((lsa = lsa_open_policy (NULL, POLICY_CREATE_SECRET)))
  72         {
  73           NTSTATUS status = LsaStorePrivateData (lsa, &key,
  74                                                  data.Length ? &data : NULL);
  75           /* Success or we're trying to remove a password entry which doesn't
  76              exist. */
  77           if (NT_SUCCESS (status)
  78               || (data.Length == 0 && status == STATUS_OBJECT_NAME_NOT_FOUND))
  79             ret = 0;
  80           else
  81             __seterrno_from_nt_status (status);
  82           lsa_close_policy (lsa);
  83         }
  84       else if (ret && !username)
  85         {
  86           client_request_setpwd request (&data);
  87           if (request.make_request () == -1 || request.error_code ())
  88             set_errno (request.error_code ());
  89           else
  90             ret = 0;
  91         }
  92       if (data_buf)
  93         {
  94           RtlSecureZeroMemory (data.Buffer, data.Length);
  95           free (data_buf);
  96         }
  97     }
  98   return ret;
  99 }