archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-server-2003/ds/security/services/ca/certclib/dstest.cpp

432 lines
10 KiB
Raw Permalink Normal View History

commiting as it is
4 years ago
  1. //+--------------------------------------------------------------------------
  2. //
  3. // Microsoft Windows
  4. // Copyright (C) Microsoft Corporation, 1996 - 1999
  5. //
  6. // File: dstest.cpp
  7. //
  8. // Contents: DS ping test
  9. //
  10. // History: 13-Mar-98 mattt created
  11. //
  12. //---------------------------------------------------------------------------
  14. #include "pch.cpp"
  16. #pragma hdrstop
  18. #include <winldap.h>
  19. #include <ntldap.h>
  20. #include <dsrole.h>
  21. #include <dsgetdc.h>
  23. #include <lmaccess.h>
  24. #include <lmapibuf.h>
  25. #include <cainfop.h>
  26. #include "csldap.h"
  28. #define __dwFILE__ __dwFILE_CERTCLIB_DSTEST_CPP__
  31. #define DS_RETEST_SECONDS 15
  33. HRESULT
  34. myDoesDSExist(
  35. IN BOOL fRetry)
  36. {
  37. HRESULT hr = S_OK;
  39. static BOOL s_fKnowDSExists = FALSE;
  40. static HRESULT s_hrDSExists = HRESULT_FROM_WIN32(ERROR_NO_SUCH_DOMAIN);
  41. static FILETIME s_ftNextTest = {0,0};
  43. if (s_fKnowDSExists && (s_hrDSExists != S_OK) && fRetry)
  44. // s_fKnowDSExists = FALSE; // force a retry
  45. {
  46. FILETIME ftCurrent;
  47. GetSystemTimeAsFileTime(&ftCurrent);
  49. // if Compare is < 0 (next < current), force retest
  50. if (0 > CompareFileTime(&s_ftNextTest, &ftCurrent))
  51. s_fKnowDSExists = FALSE;
  52. }
  54. if (!s_fKnowDSExists)
  55. {
  56. FILETIME ftCurrentNew;
  57. GetSystemTimeAsFileTime(&ftCurrentNew);
  59. // set NEXT in 100ns increments
  61. ((LARGE_INTEGER *) &s_ftNextTest)->QuadPart =
  62. ((LARGE_INTEGER *) &ftCurrentNew)->QuadPart +
  63. (__int64) (CVT_BASE * CVT_SECONDS) * DS_RETEST_SECONDS;
  65. // NetApi32 is delay loaded, so wrap to catch problems when it's not available
  66. __try
  67. {
  68. DOMAIN_CONTROLLER_INFO *pDCI;
  69. DSROLE_PRIMARY_DOMAIN_INFO_BASIC *pDsRole;
  71. // ensure we're not standalone
  72. pDsRole = NULL;
  73. hr = DsRoleGetPrimaryDomainInformation( // Delayload wrapped
  74. NULL,
  75. DsRolePrimaryDomainInfoBasic,
  76. (BYTE **) &pDsRole);
  78. _PrintIfError(hr, "DsRoleGetPrimaryDomainInformation");
  79. if (S_OK == hr &&
  80. (pDsRole->MachineRole == DsRole_RoleStandaloneServer ||
  81. pDsRole->MachineRole == DsRole_RoleStandaloneWorkstation))
  82. {
  83. hr = HRESULT_FROM_WIN32(ERROR_NO_SUCH_DOMAIN);
  84. _PrintError(hr, "DsRoleGetPrimaryDomainInformation(no domain)");
  85. }
  87. if (NULL != pDsRole)
  88. {
  89. DsRoleFreeMemory(pDsRole); // Delayload wrapped
  90. }
  91. if (S_OK == hr)
  92. {
  93. // not standalone; return info on our DS
  95. pDCI = NULL;
  96. hr = DsGetDcName( // Delayload wrapped
  97. NULL,
  98. NULL,
  99. NULL,
  100. NULL,
  101. DS_DIRECTORY_SERVICE_PREFERRED,
  102. &pDCI);
  103. _PrintIfError(hr, "DsGetDcName");
  105. if (S_OK == hr && 0 == (pDCI->Flags & DS_DS_FLAG))
  106. {
  107. hr = HRESULT_FROM_WIN32(ERROR_CANT_ACCESS_DOMAIN_INFO);
  108. _PrintError(hr, "DsGetDcName(no domain info)");
  109. }
  110. if (NULL != pDCI)
  111. {
  112. NetApiBufferFree(pDCI); // Delayload wrapped
  113. }
  114. }
  115. s_fKnowDSExists = TRUE;
  116. }
  117. __except(hr = myHEXCEPTIONCODE(), EXCEPTION_EXECUTE_HANDLER)
  118. {
  119. }
  121. // else just allow users without netapi flounder with timeouts
  122. // if ds not available...
  124. s_hrDSExists = myHError(hr);
  125. _PrintIfError2(
  126. s_hrDSExists,
  127. "DsRoleGetPrimaryDomainInformation/DsGetDcName",
  128. HRESULT_FROM_WIN32(ERROR_NETWORK_UNREACHABLE));
  129. }
  130. return(s_hrDSExists);
  131. }
  134. HRESULT
  135. myRobustLdapBind(
  136. OUT LDAP **ppldap,
  137. IN BOOL dwFlags) // RLBF_* -- must be BOOL to preserve signature
  138. {
  139. DWORD dwFlags1 = 0;
  141. // for backward compatibility, TRUE implies RLBF_REQUIRE_GC
  143. CSASSERT(TRUE == RLBF_TRUE);
  144. if (RLBF_TRUE & dwFlags)
  145. {
  146. dwFlags |= RLBF_REQUIRE_GC;
  147. dwFlags &= ~RLBF_TRUE;
  148. dwFlags1 |= RLBF_TRUE;
  149. }
  150. return(myRobustLdapBindEx(
  151. dwFlags1, // dwFlags1
  152. dwFlags, // dwFlags2
  153. LDAP_VERSION2,
  154. NULL,
  155. ppldap,
  156. NULL));
  157. }
  160. HRESULT
  161. DCSupportsSigning(
  162. IN LDAP *pld,
  163. OUT BOOL *pfSigningSupported)
  164. {
  165. HRESULT hr;
  166. LDAPMessage *pSearchResult = NULL;
  167. LDAPMessage *pEntry;
  168. LDAP_TIMEVAL timeval;
  169. WCHAR **rgpwszValues;
  170. WCHAR *apwszAttrArray[2];
  171. WCHAR *pwszSupportedCapabilities = LDAP_OPATT_SUPPORTED_CAPABILITIES_W;
  173. *pfSigningSupported = FALSE;
  175. // Query for the ldap server oerational attributes to obtain the default
  176. // naming context.
  178. apwszAttrArray[0] = pwszSupportedCapabilities;
  179. apwszAttrArray[1] = NULL; // this is the sentinel
  181. timeval.tv_sec = csecLDAPTIMEOUT;
  182. timeval.tv_usec = 0;
  184. hr = ldap_search_st(
  185. pld,
  186. NULL, // base
  187. LDAP_SCOPE_BASE,
  188. L"objectClass=*",
  189. apwszAttrArray,
  190. FALSE, // attrsonly
  191. &timeval,
  192. &pSearchResult);
  193. hr = myHLdapError(pld, hr, NULL);
  194. _JumpIfError(hr, error, "ldap_search_st");
  196. pEntry = ldap_first_entry(pld, pSearchResult);
  197. if (NULL == pEntry)
  198. {
  199. hr = myHLdapLastError(pld, NULL);
  200. _JumpError(hr, error, "ldap_first_entry");
  201. }
  203. rgpwszValues = ldap_get_values(pld, pEntry, pwszSupportedCapabilities);
  204. if (NULL != rgpwszValues)
  205. {
  206. DWORD i;
  208. for (i = 0; NULL != rgpwszValues[i]; i++)
  209. {
  210. if (0 == wcscmp(
  211. rgpwszValues[i],
  212. LDAP_CAP_ACTIVE_DIRECTORY_LDAP_INTEG_OID_W))
  213. {
  214. *pfSigningSupported = TRUE;
  215. break;
  216. }
  217. }
  218. ldap_value_free(rgpwszValues);
  219. }
  220. hr = S_OK;
  222. error:
  223. if (NULL != pSearchResult)
  224. {
  225. ldap_msgfree(pSearchResult);
  226. }
  227. return(hr);
  228. }
  231. HRESULT
  232. myRobustLdapBindEx(
  233. IN BOOL dwFlags1, // TRUE --> RLBF_REQUIRE_GC -- both Flags must be BOOL
  234. IN BOOL dwFlags2, // RLBF_* -- TRUE --> RLBF_ATTEMPT_REDISCOVER
  235. IN ULONG uVersion,
  236. OPTIONAL IN WCHAR const *pwszDomainName,
  237. OUT LDAP **ppldap,
  238. OPTIONAL OUT WCHAR **ppwszForestDNSName)
  239. {
  240. HRESULT hr;
  241. BOOL fGC;
  242. BOOL fRediscover;
  243. ULONG ldaperr;
  244. DWORD GetDSNameFlags;
  245. LDAP *pld = NULL;
  246. DWORD LDAPFlags = myGetLDAPFlags();
  248. if (RLBF_TRUE & dwFlags1)
  249. {
  250. dwFlags2 |= RLBF_REQUIRE_GC;
  251. }
  252. if (RLBF_TRUE & dwFlags2)
  253. {
  254. dwFlags2 |= RLBF_ATTEMPT_REDISCOVER;
  255. }
  256. fGC = (RLBF_REQUIRE_GC & dwFlags2)? TRUE : FALSE;
  257. fRediscover = (RLBF_ATTEMPT_REDISCOVER & dwFlags2)? TRUE : FALSE;
  259. GetDSNameFlags = DS_RETURN_DNS_NAME;
  260. if (fGC)
  261. {
  262. GetDSNameFlags |= DS_GC_SERVER_REQUIRED;
  263. }
  265. // bind to ds
  267. while (TRUE)
  268. {
  270. if (NULL != pld)
  271. {
  272. ldap_unbind(pld);
  273. }
  275. pld = ldap_init(
  276. const_cast<WCHAR *>(pwszDomainName),
  277. (LDAPF_SSLENABLE & LDAPFlags)?
  278. (fGC? LDAP_SSL_GC_PORT : LDAP_SSL_PORT) :
  279. (fGC? LDAP_GC_PORT : LDAP_PORT));
  280. if (NULL == pld)
  281. {
  282. hr = myHLdapLastError(NULL, NULL);
  283. if (!fRediscover)
  284. {
  285. _PrintError2(hr, "ldap_init", hr);
  286. fRediscover = TRUE;
  287. continue;
  288. }
  289. _JumpError(hr, error, "ldap_init");
  290. }
  292. if (fRediscover)
  293. {
  294. GetDSNameFlags |= DS_FORCE_REDISCOVERY;
  295. }
  296. ldaperr = ldap_set_option(
  297. pld,
  298. LDAP_OPT_GETDSNAME_FLAGS,
  299. (VOID *) &GetDSNameFlags);
  300. if (LDAP_SUCCESS != ldaperr)
  301. {
  302. hr = myHLdapError(pld, ldaperr, NULL);
  303. if (!fRediscover)
  304. {
  305. _PrintError2(hr, "ldap_set_option", hr);
  306. fRediscover = TRUE;
  307. continue;
  308. }
  309. _JumpError(hr, error, "ldap_set_option");
  310. }
  312. // if uVersion is 0, turn on TCP_KEEPALIVE
  314. if (0 == uVersion)
  315. {
  316. ldaperr = ldap_set_option(pld, LDAP_OPT_TCP_KEEPALIVE, LDAP_OPT_ON);
  317. if (LDAP_SUCCESS != ldaperr)
  318. {
  319. hr = myHLdapError(pld, ldaperr, NULL);
  320. if (!fRediscover)
  321. {
  322. _PrintError2(hr, "ldap_set_option", hr);
  323. fRediscover = TRUE;
  324. continue;
  325. }
  326. _JumpError2(hr, error, "ldap_set_option", hr);
  327. }
  329. // set the uVersion to LDAP_VERSION3
  331. uVersion = LDAP_VERSION3;
  332. }
  335. // set the client version. No need to set LDAP_VERSION2 since
  336. // this is the default
  338. if (LDAP_VERSION2 != uVersion)
  339. {
  340. ldaperr = ldap_set_option(pld, LDAP_OPT_VERSION, &uVersion);
  341. if (LDAP_SUCCESS != ldaperr)
  342. {
  343. hr = myHLdapError(pld, ldaperr, NULL);
  344. if (!fRediscover)
  345. {
  346. _PrintError2(hr, "ldap_set_option", hr);
  347. fRediscover = TRUE;
  348. continue;
  349. }
  350. _JumpError(hr, error, "ldap_set_option");
  351. }
  352. }
  354. if (0 == (LDAPF_SIGNDISABLE & LDAPFlags) && IsWhistler())
  355. {
  356. BOOL fSigningSupported = TRUE;
  358. // if caller requires the related DS bug fix...
  360. if (RLBF_REQUIRE_LDAP_INTEG & dwFlags2)
  361. {
  362. hr = DCSupportsSigning(pld, &fSigningSupported);
  363. _JumpIfError(hr, error, "DCSupportsSigning");
  364. }
  365. if (fSigningSupported)
  366. {
  367. ldaperr = ldap_set_option(pld, LDAP_OPT_SIGN, LDAP_OPT_ON);
  368. if (LDAP_SUCCESS != ldaperr)
  369. {
  370. hr = myHLdapError2(pld, ldaperr, LDAP_PARAM_ERROR, NULL);
  371. if (!fRediscover)
  372. {
  373. _PrintError2(hr, "ldap_set_option", hr);
  374. fRediscover = TRUE;
  375. continue;
  376. }
  377. _JumpError(hr, error, "ldap_set_option");
  378. }
  379. }
  380. else
  381. if (0 == (LDAPF_SSLENABLE & LDAPFlags) &&
  382. (RLBF_REQUIRE_SECURE_LDAP & dwFlags2))
  383. {
  384. hr = CERTSRV_E_DOWNLEVEL_DC_SSL_OR_UPGRADE;
  385. _JumpError(hr, error, "server missing required service pack");
  386. }
  387. }
  389. ldaperr = ldap_bind_s(pld, NULL, NULL, LDAP_AUTH_NEGOTIATE);
  390. if (LDAP_SUCCESS != ldaperr)
  391. {
  392. hr = myHLdapError(pld, ldaperr, NULL);
  393. if (!fRediscover)
  394. {
  395. _PrintError2(hr, "ldap_bind_s", hr);
  396. fRediscover = TRUE;
  397. continue;
  398. }
  399. _JumpError(hr, error, "ldap_bind_s");
  400. }
  402. if (NULL != ppwszForestDNSName)
  403. {
  404. WCHAR *pwszDomainControllerName;
  406. hr = myLdapGetDSHostName(pld, &pwszDomainControllerName);
  407. if (S_OK != hr)
  408. {
  409. if (!fRediscover)
  410. {
  411. _PrintError2(hr, "myLdapGetDSHostName", hr);
  412. fRediscover = TRUE;
  413. continue;
  414. }
  415. _JumpError(hr, error, "myLdapGetDSHostName");
  416. }
  417. hr = myDupString(pwszDomainControllerName, ppwszForestDNSName);
  418. _JumpIfError(hr, error, "myDupString");
  419. }
  420. break;
  421. }
  422. *ppldap = pld;
  423. pld = NULL;
  424. hr = S_OK;
  426. error:
  427. if (NULL != pld)
  428. {
  429. ldap_unbind(pld);
  430. }
  431. return(hr);
  432. }