archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
4.9 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-server-2003/admin/dcpromo/exe/credentialspage.cpp

709 lines
16 KiB
Raw Permalink Normal View History

commiting as it is
4 years ago
  1. // Copyright (c) 1997-1999 Microsoft Corporation
  2. //
  3. // get credentials page
  4. //
  5. // 12-22-97 sburns
  9. #include "headers.hxx"
  10. #include "page.hpp"
  11. #include "CredentialsPage.hpp"
  12. #include "resource.h"
  13. #include "state.hpp"
  14. #include "ds.hpp"
  15. #include "CredentialUiHelpers.hpp"
  16. #include "common.hpp"
  17. #include <DiagnoseDcNotFound.hpp>
  21. CredentialsPage::CredentialsPage()
  22. :
  23. DCPromoWizardPage(
  24. IDD_GET_CREDENTIALS,
  25. IDS_CREDENTIALS_PAGE_TITLE,
  26. IDS_CREDENTIALS_PAGE_SUBTITLE),
  27. readAnswerfile(false),
  28. hwndCred(0),
  29. lastWizardButtonsState(PSWIZB_BACK)
  30. {
  31. LOG_CTOR(CredentialsPage);
  33. CredUIInitControls();
  34. }
  38. CredentialsPage::~CredentialsPage()
  39. {
  40. LOG_DTOR(CredentialsPage);
  41. }
  45. void
  46. CredentialsPage::OnInit()
  47. {
  48. LOG_FUNCTION(CredentialsPage::OnInit);
  50. Win::Edit_LimitText(
  51. Win::GetDlgItem(hwnd, IDC_DOMAIN),
  52. Dns::MAX_NAME_LENGTH);
  53. }
  57. void
  58. CredentialsPage::Enable()
  59. {
  60. // LOG_FUNCTION(CredentialsPage::Enable);
  62. DWORD nextState =
  63. PSWIZB_BACK
  64. | (( !CredUi::GetUsername(Win::GetDlgItem(hwnd, IDC_CRED)).empty()
  65. && !Win::GetTrimmedDlgItemText(hwnd, IDC_DOMAIN).empty() )
  66. ? PSWIZB_NEXT : 0);
  68. // only set the buttons when the state changes to prevent button
  69. // flicker when the user is typing in the user name field
  70. // NTRAID#NTBUG9-504441-2001/12/07-sburns
  72. if (nextState != lastWizardButtonsState)
  73. {
  74. Win::PropSheet_SetWizButtons(
  75. Win::GetParent(hwnd),
  76. nextState);
  77. lastWizardButtonsState = nextState;
  78. }
  79. }
  83. bool
  84. CredentialsPage::OnCommand(
  85. HWND /* windowFrom */ ,
  86. unsigned controlIDFrom,
  87. unsigned code)
  88. {
  89. // LOG_FUNCTION(CredentialsPage::OnCommand);
  91. switch (controlIDFrom)
  92. {
  93. case IDC_CRED:
  94. {
  95. if (code == CRN_USERNAMECHANGE)
  96. {
  97. SetChanged(controlIDFrom);
  98. Enable();
  99. return true;
  100. }
  101. break;
  102. }
  103. case IDC_DOMAIN:
  104. {
  105. if (code == EN_CHANGE)
  106. {
  107. SetChanged(controlIDFrom);
  109. Enable();
  110. return true;
  111. }
  112. break;
  113. }
  114. default:
  115. {
  116. // do nothing
  117. break;
  118. }
  119. }
  121. return false;
  122. }
  126. bool
  127. CredentialsPage::ShouldSkipPage()
  128. {
  129. LOG_FUNCTION(CredentialsPage::ShouldSkipPage);
  131. State& state = State::GetInstance();
  132. State::Operation oper = state.GetOperation();
  134. bool result = false;
  136. switch (oper)
  137. {
  138. case State::FOREST:
  139. {
  140. // never need credentials for new forest.
  142. result = true;
  143. break;
  144. }
  145. case State::DEMOTE:
  146. {
  147. // The demote page should circumvent this page if necessary, so if
  148. // we make it here, don't skip the page.
  150. break;
  151. }
  152. case State::ABORT_BDC_UPGRADE:
  153. case State::REPLICA:
  154. case State::TREE:
  155. case State::CHILD:
  156. {
  157. break;
  158. }
  159. case State::NONE:
  160. default:
  161. {
  162. ASSERT(false);
  163. break;
  164. }
  165. }
  167. return result;
  168. }
  172. int
  173. CredentialsPage::DetermineNextPage()
  174. {
  175. LOG_FUNCTION(CredentialsPage::DetermineNextPage);
  177. State& state = State::GetInstance();
  179. int id = IDD_PATHS;
  180. switch (state.GetOperation())
  181. {
  182. case State::DEMOTE:
  183. case State::ABORT_BDC_UPGRADE:
  184. {
  185. id = IDD_ADMIN_PASSWORD;
  186. break;
  187. }
  188. case State::FOREST:
  189. {
  190. id = IDD_NEW_FOREST;
  191. break;
  192. }
  193. case State::REPLICA:
  194. {
  195. if (state.GetRunContext() == State::BDC_UPGRADE)
  196. {
  197. id = IDD_PATHS;
  198. }
  199. else
  200. {
  201. id = IDD_REPLICA;
  202. }
  203. break;
  204. }
  205. case State::TREE:
  206. {
  207. id = IDD_NEW_TREE;
  208. break;
  209. }
  210. case State::CHILD:
  211. {
  212. id = IDD_NEW_CHILD;
  213. break;
  214. }
  215. case State::NONE:
  216. default:
  217. {
  218. ASSERT(false);
  219. break;
  220. }
  221. }
  223. return id;
  224. }
  228. String
  229. GetMessage()
  230. {
  231. String message;
  232. State& state = State::GetInstance();
  234. switch (state.GetOperation())
  235. {
  236. case State::ABORT_BDC_UPGRADE:
  237. {
  238. message = String::load(IDS_ABORT_BDC_UPGRADE_CREDENTIALS);
  239. break;
  240. }
  241. case State::TREE:
  242. case State::CHILD:
  243. case State::REPLICA:
  244. {
  245. message = String::load(IDS_PROMOTION_CREDENTIALS);
  246. break;
  247. }
  248. case State::DEMOTE:
  249. {
  250. // 318736 demote requires enterprise admin credentials -- for
  251. // root and child domains alike.
  253. message =
  254. String::format(
  255. IDS_ROOT_DOMAIN_CREDENTIALS,
  256. state.GetComputer().GetForestDnsName().c_str());
  257. break;
  258. }
  259. case State::FOREST:
  260. {
  261. // do nothing, the page will be skipped.
  263. break;
  264. }
  265. case State::NONE:
  266. default:
  267. {
  268. ASSERT(false);
  269. break;
  270. }
  271. }
  273. return message;
  274. }
  278. String
  279. DefaultUserDomainName()
  280. {
  281. String d;
  282. State& state = State::GetInstance();
  283. const Computer& computer = state.GetComputer();
  285. switch (state.GetOperation())
  286. {
  287. case State::ABORT_BDC_UPGRADE:
  288. {
  289. // NTRAID#NTBUG9-469647-2001/09/21-sburns
  291. d = computer.GetDomainNetbiosName();
  292. break;
  293. }
  294. case State::FOREST:
  295. {
  296. // do nothing
  298. break;
  299. }
  300. case State::DEMOTE: // 301361
  301. case State::TREE:
  302. {
  303. d = computer.GetForestDnsName();
  304. break;
  305. }
  306. case State::CHILD:
  307. {
  308. d = computer.GetDomainDnsName();
  309. break;
  310. }
  311. case State::REPLICA:
  312. {
  313. d = computer.GetDomainDnsName();
  314. if (d.empty() && state.ReplicateFromMedia())
  315. {
  316. d = state.GetReplicaDomainDNSName();
  317. }
  318. break;
  319. }
  320. case State::NONE:
  321. default:
  322. {
  323. ASSERT(false);
  324. break;
  325. }
  326. }
  328. return d;
  329. }
  333. bool
  334. AreSmartCardsAllowed()
  335. {
  336. LOG_FUNCTION(AreSmartCardsAllowed);
  338. bool result = false;
  340. // Only use the smartcard flag when the machine is joined to a domain. On a
  341. // standalone machine, the smartcard won't have access to any domain
  342. // authority to authenticate it.
  343. // NTRAID#NTBUG9-287538-2001/01/23-sburns
  345. State& state = State::GetInstance();
  346. Computer& computer = state.GetComputer();
  348. if (
  349. computer.IsJoinedToDomain()
  351. // can only use smartcards on replica promotions
  352. // NTRAID#NTBUG9-311150-2001/02/19-sburns
  354. && state.GetOperation() == State::REPLICA)
  355. {
  356. result = true;
  357. }
  359. LOG_BOOL(result);
  361. return result;
  362. }
  366. void
  367. CredentialsPage::CreateCredentialControl()
  368. {
  369. LOG_FUNCTION(CredentialsPage::CreateCredentialControl);
  371. HWND hwndPlaceholder = Win::GetDlgItem(hwnd, IDC_CRED_PLACEHOLDER);
  373. // Idea: Destroy the existing cred control, create a new one in the
  374. // same place as the placeholder
  376. RECT placeholderRect;
  377. Win::GetWindowRect(hwndPlaceholder, placeholderRect);
  379. // Don't use ScreenToClient: it's not BiDi-smart.
  380. // Win::ScreenToClient(hwnd, placeholderRect);
  381. // NTRAID#NTBUG9-524054-2003/01/20-sburns
  383. ::MapWindowPoints(HWND_DESKTOP, hwnd, (LPPOINT) &placeholderRect, 2);
  386. if (hwndCred)
  387. {
  388. Win::DestroyWindow(hwndCred);
  389. hwndCred = 0;
  390. }
  392. Win::CreateWindowEx(
  393. 0,
  394. L"SysCredential",
  395. L"",
  396. WS_CHILD | WS_VISIBLE | WS_TABSTOP | 0x30, // 0x50010030,
  397. placeholderRect.left,
  398. placeholderRect.top,
  399. placeholderRect.right - placeholderRect.left,
  400. placeholderRect.bottom - placeholderRect.top,
  401. hwnd,
  402. (HMENU) IDC_CRED,
  403. 0,
  404. hwndCred);
  406. Win::SetWindowPos(
  407. hwndCred,
  408. HWND_TOP,
  409. 0,0,0,0,
  410. SWP_NOMOVE | SWP_NOSIZE | SWP_NOOWNERZORDER | SWP_NOSENDCHANGING);
  412. DWORD flags = CRS_NORMAL | CRS_USERNAMES;
  413. if (AreSmartCardsAllowed())
  414. {
  415. flags |= CRS_SMARTCARDS;
  416. }
  417. Credential_InitStyle(hwndCred, flags);
  419. Credential_SetUserNameMaxChars(hwndCred, DS::MAX_USER_NAME_LENGTH);
  420. Credential_SetPasswordMaxChars(hwndCred, DS::MAX_PASSWORD_LENGTH);
  421. }
  425. bool
  426. CredentialsPage::OnSetActive()
  427. {
  428. LOG_FUNCTION(CredentialsPage::OnSetActive);
  430. Win::WaitCursor cursor;
  432. CreateCredentialControl();
  434. State& state = State::GetInstance();
  435. Wizard& wiz = GetWizard();
  437. if (ShouldSkipPage())
  438. {
  439. LOG(L"skipping CredentialsPage");
  441. if (wiz.IsBacktracking())
  442. {
  443. // backup once again
  445. wiz.Backtrack(hwnd);
  446. }
  447. else
  448. {
  449. wiz.SetNextPageID(hwnd, DetermineNextPage());
  450. }
  452. return true;
  453. }
  455. if (!readAnswerfile && state.UsingAnswerFile())
  456. {
  457. CredUi::SetUsername(
  458. hwndCred,
  459. state.GetAnswerFileOption(AnswerFile::OPTION_USERNAME));
  460. CredUi::SetPassword(
  461. hwndCred,
  462. state.GetEncryptedAnswerFileOption(AnswerFile::OPTION_PASSWORD));
  464. String domain =
  465. state.GetAnswerFileOption(AnswerFile::OPTION_USER_DOMAIN);
  467. if (domain.empty())
  468. {
  469. domain = DefaultUserDomainName();
  470. }
  471. Win::SetDlgItemText(
  472. hwnd,
  473. IDC_DOMAIN,
  474. domain);
  476. readAnswerfile = true;
  477. }
  478. else
  479. {
  480. // use the credentials last entered (for browsing, etc.)
  482. // Only set the state of the control if we're not allowing smartcards.
  483. // If we set the username, and the name actually corresponds to a
  484. // smartcard cert, then setting the name will cause the control to
  485. // attempt to match that name to a cert on the card in the reader. That
  486. // causes the control to appear frozen for awhile. Instead of setting
  487. // the username, the user will have to re-select the card or re-type
  488. // the username.
  489. // NTRAID#NTBUG9-499120-2001/11/28-sburns
  491. if (!AreSmartCardsAllowed())
  492. {
  493. CredUi::SetUsername(hwndCred, state.GetUsername());
  494. CredUi::SetPassword(hwndCred, state.GetPassword());
  495. }
  497. Win::SetDlgItemText(hwnd, IDC_DOMAIN, state.GetUserDomainName());
  498. }
  500. if (state.RunHiddenUnattended())
  501. {
  502. int nextPage = CredentialsPage::Validate();
  503. if (nextPage != -1)
  504. {
  505. wiz.SetNextPageID(hwnd, nextPage);
  506. return true;
  507. }
  508. else
  509. {
  510. state.ClearHiddenWhileUnattended();
  511. }
  512. }
  514. Win::PropSheet_SetWizButtons(
  515. Win::GetParent(hwnd),
  516. PSWIZB_BACK);
  518. // cause the button state to be re-evaluated on page activation
  519. // NTRAID#NTBUG9-509806-2002/01/03-sburns
  521. lastWizardButtonsState = 0;
  522. Enable();
  524. Win::SetDlgItemText(hwnd, IDC_MESSAGE, GetMessage());
  526. if (Win::GetTrimmedDlgItemText(hwnd, IDC_DOMAIN).empty())
  527. {
  528. // supply a default domain if none already present
  530. Win::SetDlgItemText(hwnd, IDC_DOMAIN, DefaultUserDomainName());
  531. }
  533. return true;
  534. }
  538. int
  539. CredentialsPage::Validate()
  540. {
  541. LOG_FUNCTION(CredentialsPage::Validate);
  543. int nextPage = -1;
  545. do
  546. {
  547. if (
  548. !WasChanged(IDC_CRED)
  549. && !WasChanged(IDC_DOMAIN))
  550. {
  551. // nothing changed => nothing to validate
  553. nextPage = DetermineNextPage();
  554. break;
  555. }
  557. State& state = State::GetInstance();
  559. String username = CredUi::GetUsername(hwndCred);
  561. if (username.empty())
  562. {
  563. popup.Gripe(hwnd, IDC_CRED, IDS_MUST_ENTER_USERNAME);
  564. break;
  565. }
  567. String domain = Win::GetTrimmedDlgItemText(hwnd, IDC_DOMAIN);
  568. if (domain.empty())
  569. {
  570. popup.Gripe(hwnd, IDC_DOMAIN, IDS_MUST_ENTER_USER_DOMAIN);
  571. break;
  572. }
  574. Win::WaitCursor cursor;
  576. // the domain must be an NT 5 domain: no user of a downlevel domain
  577. // could perform operations in an NT 5 forest. We get the forest name
  578. // of the domain ('cause that may be useful for the new tree scenario)
  579. // as a means of validating the domain name. If the domain does not
  580. // exist, or is not an NT5 domain, then this call will fail.
  582. String forest = GetForestName(domain);
  583. if (forest.empty())
  584. {
  585. ShowDcNotFoundErrorDialog(
  586. hwnd,
  587. IDC_DOMAIN,
  588. domain,
  589. String::load(IDS_WIZARD_TITLE),
  590. String::format(IDS_DC_NOT_FOUND, domain.c_str()),
  591. false);
  592. break;
  593. }
  595. if (state.GetOperation() == State::TREE)
  596. {
  597. // For the new tree case, we need to validate the forest name (a dns
  598. // domain name) by ensuring that we can find a writable DS DC in that
  599. // domain. The user may have supplied a netbios domain name, and it
  600. // is possible that the domain's DNS registration is broken. Since
  601. // we will use the forest name as the parent domain name in the call
  602. // to DsRoleDcAsDc, we need to make sure we can find DCs with that
  603. // name. 122886
  605. DOMAIN_CONTROLLER_INFO* info = 0;
  606. HRESULT hr =
  607. MyDsGetDcName(
  608. 0,
  609. forest,
  611. // force discovery to ensure that we don't pick up a cached
  612. // entry for a domain that may no longer exist, writeable
  613. // and DS because we happen to know that's what the
  614. // DsRoleDcAsDc API will require.
  616. DS_FORCE_REDISCOVERY
  617. | DS_WRITABLE_REQUIRED
  618. | DS_DIRECTORY_SERVICE_REQUIRED,
  619. info);
  620. if (FAILED(hr) || !info)
  621. {
  622. ShowDcNotFoundErrorDialog(
  623. hwnd,
  624. IDC_DOMAIN,
  625. forest,
  626. String::load(IDS_WIZARD_TITLE),
  627. String::format(IDS_DC_FOR_ROOT_NOT_FOUND, forest.c_str()),
  629. // we know the name can't be netbios: forest names are always
  630. // DNS names
  632. true);
  633. break;
  634. }
  636. ::NetApiBufferFree(info);
  637. }
  639. state.SetUserForestName(forest);
  641. // set these now so we can read the domain topology
  643. state.SetUsername(username);
  644. state.SetPassword(CredUi::GetPassword(hwndCred));
  645. state.SetUserDomainName(domain);
  647. // cache the domain topology: this is used to validate new tree,
  648. // child, and replica domain names in later pages. It's also a
  649. // pretty good validation of the credentials.
  651. HRESULT hr = state.ReadDomains();
  652. if (FAILED(hr))
  653. {
  654. if ( hr == Win32ToHresult(ERROR_NO_SUCH_DOMAIN)
  655. || hr == Win32ToHresult(ERROR_DOMAIN_CONTROLLER_NOT_FOUND))
  656. {
  657. // this could happen, I suppose, but it seems very unlikely
  658. // since ReadDomains calls DsGetDcName in the same fashion that
  659. // all the preceeding calls do, and would catch this problem.
  661. ShowDcNotFoundErrorDialog(
  662. hwnd,
  663. IDC_DOMAIN,
  664. domain,
  665. String::load(IDS_WIZARD_TITLE),
  666. String::format(IDS_DC_NOT_FOUND, domain.c_str()),
  667. false);
  668. break;
  669. }
  670. else if (hr == Win32ToHresult(RPC_S_SERVER_UNAVAILABLE))
  671. {
  672. // One way to hit this is change the IP address(es) of the DC(s),
  673. // but not update their DNS registrations. Thus, DNS points to the
  674. // wrong address. I would have thought that DsGetDcName would
  675. // account for that, but whatever....
  676. // NTRAID#NTBUG9-494232-2001/11/21-sburns
  678. popup.Gripe(
  679. hwnd,
  680. IDC_DOMAIN,
  681. hr,
  682. String::format(IDS_UNABLE_TO_READ_FOREST_WITH_LINK));
  683. break;
  684. }
  686. popup.Gripe(
  687. hwnd,
  688. IDC_DOMAIN,
  689. hr,
  690. String::format(IDS_UNABLE_TO_READ_FOREST));
  691. break;
  692. }
  694. // valid
  696. ClearChanges();
  698. nextPage = DetermineNextPage();
  699. }
  700. while (0);
  702. return nextPage;
  703. }