archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-server-2003/admin/admt/common/commonlib/verifyconfiguration.cpp

111 lines
3.3 KiB
Raw Permalink Normal View History

commiting as it is
4 years ago
  1. #include <Windows.h>
  2. #include "VerifyConfiguration.h"
  4. #include <crtdbg.h>
  5. #define SECURITY_WIN32
  6. #include <Security.h>
  7. #include "AdsiHelpers.h"
  9. #pragma comment(lib, "secur32.lib")
  12. //-----------------------------------------------------------------------------
  13. // IsCallerDelegatable Function
  14. //
  15. // Synopsis
  16. // If an intra-forest move operation is being performed then verify that the
  17. // calling user's account has not been marked as sensitive and therefore
  18. // cannot be delegated. As the move operation is performed on the domain
  19. // controller which has the RID master role in the source domain it is
  20. // necessary to delegate the user's security context.
  21. //
  22. // Arguments
  23. // bDelegatable - this out parameter is set to true if the account is
  24. // delegatable otherwise it is set to false
  25. //
  26. // Return Value
  27. // The return value is a HRESULT. S_OK is returned if successful.
  28. //-----------------------------------------------------------------------------
  30. HRESULT __stdcall IsCallerDelegatable(bool& bDelegatable)
  31. {
  32. HRESULT hr = S_OK;
  34. bDelegatable = true;
  36. //
  37. // Retrieve distinguished name of caller.
  38. //
  40. ULONG cchCallerDn = 0;
  42. if (GetUserNameEx(NameFullyQualifiedDN, NULL, &cchCallerDn) == FALSE)
  43. {
  44. DWORD dwError = GetLastError();
  46. if ((dwError == ERROR_SUCCESS) || (dwError == ERROR_MORE_DATA))
  47. {
  48. PTSTR pszCallerDn = new _TCHAR[cchCallerDn];
  50. if (pszCallerDn)
  51. {
  52. if (GetUserNameEx(NameFullyQualifiedDN, pszCallerDn, &cchCallerDn))
  53. {
  54. //
  55. // Retrieve user account control attribute for user and check
  56. // whether the 'not delegated' flag is set. If this flag is set
  57. // then the user's account has been marked as sensitive and
  58. // therefore cannot be delegated.
  59. //
  61. try
  62. {
  63. tstring strADsPath = _T("LDAP://");
  64. strADsPath += pszCallerDn;
  66. CDirectoryObject user(strADsPath.c_str());
  68. user.AddAttribute(ATTRIBUTE_USER_ACCOUNT_CONTROL);
  69. user.GetAttributes();
  71. DWORD dwUserAccountControl = (DWORD)(long) user.GetAttributeValue(ATTRIBUTE_USER_ACCOUNT_CONTROL);
  73. if (dwUserAccountControl & ADS_UF_NOT_DELEGATED)
  74. {
  75. bDelegatable = false;
  76. }
  77. }
  78. catch (std::exception& e)
  79. {
  80. hr = E_FAIL;
  81. }
  82. catch (_com_error& ce)
  83. {
  84. hr = ce.Error();
  85. }
  86. }
  87. else
  88. {
  89. dwError = GetLastError();
  90. hr = HRESULT_FROM_WIN32(dwError);
  91. }
  93. delete [] pszCallerDn;
  94. }
  95. else
  96. {
  97. hr = E_OUTOFMEMORY;
  98. }
  99. }
  100. else
  101. {
  102. hr = HRESULT_FROM_WIN32(dwError);
  103. }
  104. }
  105. else
  106. {
  107. _ASSERT(FALSE);
  108. }
  110. return hr;
  111. }