git://git.iain.cx/iain / nssm.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Use close_handle().
[nssm.git] / account.cpp
diff --git a/account.cpp b/account.cpp
index 96120ac..cb7fcdb 100644 (file)
--- a/account.cpp
+++ b/account.cpp
@@ -66,32 +66,20 @@ int username_sid(const TCHAR *username, SID **sid, LSA_HANDLE *policy) {
   }\r
 \r
   LSA_UNICODE_STRING lsa_username;\r
-#ifdef UNICODE\r
-  lsa_username.Buffer = (wchar_t *) expanded;\r
-  lsa_username.Length = (unsigned short) _tcslen(expanded) * sizeof(TCHAR);\r
-  lsa_username.MaximumLength = lsa_username.Length + sizeof(TCHAR);\r
-#else\r
-  size_t buflen;\r
-  mbstowcs_s(&buflen, NULL, 0, expanded, _TRUNCATE);\r
-  lsa_username.MaximumLength = (unsigned short) buflen * sizeof(wchar_t);\r
-  lsa_username.Length = lsa_username.MaximumLength - sizeof(wchar_t);\r
-  lsa_username.Buffer = (wchar_t *) HeapAlloc(GetProcessHeap(), 0, lsa_username.MaximumLength);\r
-  if (lsa_username.Buffer) mbstowcs_s(&buflen, lsa_username.Buffer, lsa_username.MaximumLength, expanded, _TRUNCATE);\r
-  else {\r
+  int ret = to_utf16(expanded, &lsa_username.Buffer, (unsigned long *) &lsa_username.Length);\r
+  HeapFree(GetProcessHeap(), 0, expanded);\r
+  if (ret) {\r
     if (policy == &handle) LsaClose(handle);\r
-    HeapFree(GetProcessHeap(), 0, expanded);\r
     print_message(stderr, NSSM_MESSAGE_OUT_OF_MEMORY, _T("LSA_UNICODE_STRING"), _T("username_sid()"));\r
     return 4;\r
   }\r
-#endif\r
+  lsa_username.Length *= sizeof(wchar_t);\r
+  lsa_username.MaximumLength = lsa_username.Length + sizeof(wchar_t);\r
 \r
   LSA_REFERENCED_DOMAIN_LIST *translated_domains;\r
   LSA_TRANSLATED_SID *translated_sid;\r
   NTSTATUS status = LsaLookupNames(*policy, 1, &lsa_username, &translated_domains, &translated_sid);\r
-#ifndef UNICODE\r
   HeapFree(GetProcessHeap(), 0, lsa_username.Buffer);\r
-#endif\r
-  HeapFree(GetProcessHeap(), 0, expanded);\r
   if (policy == &handle) LsaClose(handle);\r
   if (status != STATUS_SUCCESS) {\r
     LsaFreeMemory(translated_domains);\r
@@ -101,10 +89,12 @@ int username_sid(const TCHAR *username, SID **sid, LSA_HANDLE *policy) {
   }\r
 \r
   if (translated_sid->Use != SidTypeUser && translated_sid->Use != SidTypeWellKnownGroup) {\r
-    LsaFreeMemory(translated_domains);\r
-    LsaFreeMemory(translated_sid);\r
-    print_message(stderr, NSSM_GUI_INVALID_USERNAME, username);\r
-    return 6;\r
+    if (translated_sid->Use != SidTypeUnknown || _tcsnicmp(NSSM_VIRTUAL_SERVICE_ACCOUNT_DOMAIN _T("\\"), username, _tcslen(NSSM_VIRTUAL_SERVICE_ACCOUNT_DOMAIN) + 1)) {\r
+      LsaFreeMemory(translated_domains);\r
+      LsaFreeMemory(translated_sid);\r
+      print_message(stderr, NSSM_GUI_INVALID_USERNAME, username);\r
+      return 6;\r
+    }\r
   }\r
 \r
   LSA_TRUST_INFORMATION *trust = &translated_domains->Domains[translated_sid->DomainIndex];\r
@@ -143,7 +133,7 @@ int username_sid(const TCHAR *username, SID **sid, LSA_HANDLE *policy) {
     else *sub = translated_sid->RelativeId;\r
   }\r
 \r
-  int ret = 0;\r
+  ret = 0;\r
   if (translated_sid->Use == SidTypeWellKnownGroup && ! well_known_sid(*sid)) {\r
     print_message(stderr, NSSM_GUI_INVALID_USERNAME, username);\r
     ret = 10;\r
@@ -194,21 +184,14 @@ int canonicalise_username(const TCHAR *username, TCHAR **canon) {
   memmove((char *) lsa_canon.Buffer + trust->Name.Length, L"\\", sizeof(wchar_t));\r
   memmove((char *) lsa_canon.Buffer + trust->Name.Length + sizeof(wchar_t), translated_name->Name.Buffer, translated_name->Name.Length);\r
 \r
-#ifdef UNICODE\r
-  *canon = lsa_canon.Buffer;\r
-#else\r
-  size_t buflen;\r
-  wcstombs_s(&buflen, NULL, 0, lsa_canon.Buffer, _TRUNCATE);\r
-  *canon = (TCHAR *) HeapAlloc(GetProcessHeap(), 0, buflen);\r
-  if (! *canon) {\r
+  unsigned long canonlen;\r
+  if (from_utf16(lsa_canon.Buffer, canon, &canonlen)) {\r
     LsaFreeMemory(translated_domains);\r
     LsaFreeMemory(translated_name);\r
     print_message(stderr, NSSM_MESSAGE_OUT_OF_MEMORY, _T("canon"), _T("username_sid"));\r
     return 10;\r
   }\r
-  wcstombs_s(&buflen, *canon, buflen, lsa_canon.Buffer, _TRUNCATE);\r
   HeapFree(GetProcessHeap(), 0, lsa_canon.Buffer);\r
-#endif\r
 \r
   LsaFreeMemory(translated_domains);\r
   LsaFreeMemory(translated_name);\r
@@ -251,6 +234,31 @@ int is_localsystem(const TCHAR *username) {
   return ret;\r
 }\r
 \r
+/* Build the virtual account name. */\r
+TCHAR *virtual_account(const TCHAR *service_name) {\r
+  size_t len = _tcslen(NSSM_VIRTUAL_SERVICE_ACCOUNT_DOMAIN) + _tcslen(service_name) + 2;\r
+  TCHAR *name = (TCHAR *) HeapAlloc(GetProcessHeap(), 0, len * sizeof(TCHAR));\r
+  if (! name) {\r
+    print_message(stderr, NSSM_MESSAGE_OUT_OF_MEMORY, _T("name"), _T("virtual_account"));\r
+    return 0;\r
+  }\r
+\r
+  _sntprintf_s(name, len, _TRUNCATE, _T("%s\\%s"), NSSM_VIRTUAL_SERVICE_ACCOUNT_DOMAIN, service_name);\r
+  return name;\r
+}\r
+\r
+/* Does the username represent a virtual account for the service? */\r
+int is_virtual_account(const TCHAR *service_name, const TCHAR *username) {\r
+  if (! imports.IsWellKnownSid) return 0;\r
+  if (! service_name) return 0;\r
+  if (! username) return 0;\r
+\r
+  TCHAR *canon = virtual_account(service_name);\r
+  int ret = str_equiv(canon, username);\r
+  HeapFree(GetProcessHeap(), 0, canon);\r
+  return ret;\r
+}\r
+\r
 /*\r
   Get well-known alias for LocalSystem and friends.\r
   Returns a pointer to a static string.  DO NOT try to free it.\r
The Non-Sucking Service Manager