- if (str_equiv(qsc->lpServiceStartName, NSSM_LOCALSYSTEM_ACCOUNT)) return 0;\r
-\r
- size_t len = _tcslen(qsc->lpServiceStartName);\r
- *username = (TCHAR *) HeapAlloc(GetProcessHeap(), 0, (len + 1) * sizeof(TCHAR));\r
- if (! *username) {\r
- print_message(stderr, NSSM_MESSAGE_OUT_OF_MEMORY, _T("username"), _T("get_service_username()"));\r
- return 2;\r
- }\r
-\r
- memmove(*username, qsc->lpServiceStartName, (len + 1) * sizeof(TCHAR));\r
- *usernamelen = len;\r
-\r
- return 0;\r
-}\r
-\r
-int grant_logon_as_service(const TCHAR *username) {\r
- if (! username) return 0;\r
- if (str_equiv(username, NSSM_LOCALSYSTEM_ACCOUNT)) return 0;\r
-\r
- /* Open Policy object. */\r
- LSA_OBJECT_ATTRIBUTES attributes;\r
- ZeroMemory(&attributes, sizeof(attributes));\r
-\r
- LSA_HANDLE policy;\r
-\r
- NTSTATUS status = LsaOpenPolicy(0, &attributes, POLICY_ALL_ACCESS, &policy);\r
- if (status) {\r
- print_message(stderr, NSSM_MESSAGE_LSAOPENPOLICY_FAILED, error_string(LsaNtStatusToWinError(status)));\r
- return 1;\r
- }\r
-\r
- /* Look up SID for the account. */\r
- LSA_UNICODE_STRING lsa_username;\r
-#ifdef UNICODE\r
- lsa_username.Buffer = (wchar_t *) username;\r
- lsa_username.Length = (unsigned short) _tcslen(username) * sizeof(TCHAR);\r
- lsa_username.MaximumLength = lsa_username.Length + sizeof(TCHAR);\r
-#else\r
- size_t buflen;\r
- mbstowcs_s(&buflen, NULL, 0, username, _TRUNCATE);\r
- lsa_username.MaximumLength = (unsigned short) buflen * sizeof(wchar_t);\r
- lsa_username.Length = lsa_username.MaximumLength - sizeof(wchar_t);\r
- lsa_username.Buffer = (wchar_t *) HeapAlloc(GetProcessHeap(), 0, lsa_username.MaximumLength);\r
- if (lsa_username.Buffer) mbstowcs_s(&buflen, lsa_username.Buffer, lsa_username.MaximumLength, username, _TRUNCATE);\r
- else {\r
- LsaClose(policy);\r
- print_message(stderr, NSSM_MESSAGE_OUT_OF_MEMORY, _T("LSA_UNICODE_STRING"), _T("grant_logon_as_service()"));\r
- return 2;\r
- }\r
-#endif\r
-\r
- LSA_REFERENCED_DOMAIN_LIST *translated_domains;\r
- LSA_TRANSLATED_SID *translated_sid;\r
- status = LsaLookupNames(policy, 1, &lsa_username, &translated_domains, &translated_sid);\r
-#ifndef UNICODE\r
- HeapFree(GetProcessHeap(), 0, lsa_username.Buffer);\r
-#endif\r
- if (status) {\r
- LsaFreeMemory(translated_domains);\r
- LsaFreeMemory(translated_sid);\r
- LsaClose(policy);\r
- print_message(stderr, NSSM_MESSAGE_LSALOOKUPNAMES_FAILED, username, error_string(LsaNtStatusToWinError(status)));\r
- return 3;\r
- }\r
-\r
- if (translated_sid->Use != SidTypeUser) {\r
- LsaFreeMemory(translated_domains);\r
- LsaFreeMemory(translated_sid);\r
- LsaClose(policy);\r
- print_message(stderr, NSSM_GUI_INVALID_USERNAME, username);\r
- return 4;\r
- }\r
-\r
- LSA_TRUST_INFORMATION *trust = &translated_domains->Domains[translated_sid->DomainIndex];\r
- if (! trust || ! IsValidSid(trust->Sid)) {\r
- LsaFreeMemory(translated_domains);\r
- LsaFreeMemory(translated_sid);\r
- LsaClose(policy);\r
- print_message(stderr, NSSM_GUI_INVALID_USERNAME, username);\r
- return 4;\r
- }\r