archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-server-2003/sdktools/debuggers/oca/dbgportal/privacy/authentication.asp

473 lines
14 KiB
Raw Permalink Normal View History

commiting as it is
4 years ago
  1. <%@ Language=VBScript %>
  2. <% Option Explicit %>
  3. <%
  4. dim szEmail, szServerEmail, szServerDomain, szOrigURL, szReason
  5. dim fBadEmail, fBadCheck, fAgreeCheck, fBadReason, fLimited
  7. dim objConn, objCmd, dwResult
  9. Response.Buffer=false
  10. Response.CacheControl="no-cache"
  11. Response.AddHeader "Pragma", "no-cache"
  12. Response.Expires=-1
  15. %>
  17. <!-- #include file="util.asp"-->
  18. <!-- #include file="AccessUtil.asp"-->
  19. <!-- #include file="MailUtil.asp"-->
  21. <%
  23. Sub AddAuthenticationLevel(szEmail, szDomain, wAccessLevel)
  24. dim objConn, objRec, szSQL, dwUserID, dwUserAccessLevelID
  25. dim objCmd, res, dwResult
  27. dwUserID = 0
  28. 'Response.Write("Connection: " + szConnectionAuthorization + "<BR>")
  29. set objConn = Server.CreateObject("ADODB.CONNECTION")
  30. 'objConn.Open szConnectionAuthorization, OCA_RW_UID, OCA_RW_PWD
  31. objConn.Open szConnectionAuthorization
  32. set objCmd = Server.CreateObject("ADODB.COMMAND")
  33. objCmd.ActiveConnection = objConn
  34. objCmd.CommandType = &H0004
  35. objCmd.CommandText = "OcaAddUserAndLevel"
  36. objCmd.Parameters.Append objCmd.CreateParameter ("RETURN_VALUE", 3, &H0004)
  37. objCmd.Parameters.Append objCmd.CreateParameter ("@User",200,&H0001,50,szEmail)
  38. objCmd.Parameters.Append objCmd.CreateParameter ("@Domain",200,&H0001,50,szDomain)
  39. objCmd.Parameters.Append objCmd.CreateParameter ("@CurrTime",200,&H0001,50,CStr(Now()))
  40. objCmd.Parameters.Append objCmd.CreateParameter ("@Level",3,&H0001,,wAccessLevel)
  41. 'Response.Write("User: " & szEmail & " domain: " & szDomain & " access: " & wAccessLevel )
  42. objCmd.Execute
  44. dwResult = CLng(objCmd.Parameters("RETURN_VALUE"))
  46. set objCmd = nothing
  47. objConn.Close
  49. set objConn = nothing
  51. if dwResult = 0 then
  52. Response.Write "<html><body>Error #1 validating user information.: " & dwResult
  53. Response.End
  55. end if
  57. End Sub
  59. Function AddUserForApproval(ApprovalTypeID, szEmail, szDomain, szReason)
  60. dim objConn, objRec, szSQL, dwUserID, dwUserAccessLevelID
  61. dim objCmd, res, dwResult
  63. set objConn = Server.CreateObject("ADODB.CONNECTION")
  64. 'objConn.Open szConnectionAuthorization, OCA_RW_UID, OCA_RW_PWD
  65. objConn.Open szConnectionAuthorization
  67. set objCmd = Server.CreateObject("ADODB.COMMAND")
  68. objCmd.ActiveConnection = objConn
  69. objCmd.CommandType = &H0004
  70. objCmd.CommandText = "OcaAddUserForApproval"
  71. objCmd.Parameters.Append objCmd.CreateParameter ("RETURN_VALUE", 3, &H0004)
  72. objCmd.Parameters.Append objCmd.CreateParameter ("@ApprovalType",3,&H0001,,ApprovalTypeID)
  73. objCmd.Parameters.Append objCmd.CreateParameter ("@User",200,&H0001,50,szEmail)
  74. objCmd.Parameters.Append objCmd.CreateParameter ("@Domain",200,&H0001,50,szDomain)
  75. objCmd.Parameters.Append objCmd.CreateParameter ("@Reason",200,&H0001,255,szReason)
  77. objCmd.Execute
  79. dwResult = CLng(objCmd.Parameters("RETURN_VALUE"))
  81. set objCmd = nothing
  82. objConn.Close
  84. set objConn = nothing
  86. if dwResult = -1 then
  87. Response.Write "<html><body>Error #2 validating user information."
  88. Response.End
  89. end if
  91. AddUserForApproval = dwResult
  93. End Function
  95. Function FLimitedUser(szEmail, szDomain)
  96. Dim szEmailT, szDomainT
  98. FLimitedUser=False
  99. exit function
  102. szEmailT = CStr(szEmail)
  103. szDomainT = CStr(szDomain)
  105. if Len(szEmailT) = 0 or Len(szDomainT) = 0 then
  106. FLimitedUser = False
  107. exit function
  108. end if
  110. if (Len(szEmailT) >=3) then
  111. if Mid(szEmailT, 2, 1) = "-" then
  112. FLimitedUser = True
  113. Exit Function
  114. end if
  115. end if
  117. if StrComp(szDomainT, "redmond", vbTextCompare) <> 0 And StrComp(szDomainT, "ntdev", vbTextCompare) <> 0 And _
  118. StrComp(szDomainT, "northamerica", vbTextCompare) <> 0 then
  119. FLimitedUser = True
  120. exit function
  121. end if
  123. FLimitedUser = False
  125. End Function
  127. Sub DoRedirect
  129. if (szOrigURL <> "") then
  130. Response.Redirect szOrigURL
  131. end if
  133. Response.Redirect "../dbgportalv2.asp"
  134. Response.End
  136. End Sub
  138. Sub DoNoAccess
  139. Response.Write "<html><body>"
  140. Response.Write "Access to this website has been denied. If you have questions concerning this, please E-mail "
  141. Response.Write "<a href='mailto:dwappr'>dwappr</a>."
  142. Response.End
  143. End Sub
  145. Function EmailListFromAccessLevelID(AccessLevelID)
  146. dim objConn, objRec, szSQL, dwUserID, dwUserAccessLevelID
  147. dim fFirst, szEmail, cCount
  149. fFirst = True
  151. set objConn = Server.CreateObject("ADODB.CONNECTION")
  152. set objRec = Server.CreateObject("ADODB.RECORDSET")
  154. 'objConn.Open szConnectionAuthorization, OCA_RO_UID, OCA_RO_PWD
  155. objConn.Open szConnectionAuthorization
  156. objConn.CommandTimeout = 600
  158. szSQL = "SELECT UserAlias FROM OcaAuthorizedUsers INNER JOIN OcaUserAccessLevels ON OcaAuthorizedUsers.UserID = OcaUserAccessLevels.UserID WHERE AccessLevelID = " & AccessLevelID
  160. set objRec = objConn.Execute (szSQL)
  162. szEmail = ""
  164. cCount = 0
  166. if not objRec.EOF then
  167. do until objRec.EOF
  168. cCount = cCount + 1
  169. if cCount > 10 then
  171. Response.Write "Mail overflow error!"
  172. Response.End
  173. end if
  175. if Not fFirst then
  176. szEmail = szEmail & ","
  177. else
  178. fFirst = False
  179. end if
  181. szEmail = szEmail & objRec("UserAlias") & "@microsoft.com"
  183. objRec.MoveNext
  184. Loop
  185. end if
  187. objRec.Close
  188. set objRec = nothing
  190. objConn.Close
  191. set objConn = nothing
  193. EmailListFromAccessLevelID = szEmail
  195. End Function
  197. Sub FindReplace(szString, szFind, szReplace)
  198. dim iPos, cchFind, szResult, cchString
  200. cchFind = Len(szFind)
  202. Do While (true)
  203. iPos = Instr(szString, szFind)
  204. if iPos = 0 then
  206. exit sub
  207. end if
  208. cchString = Len(szString)
  209. if iPos = 1 then
  210. szResult = ""
  211. else
  212. szResult = Left(szString, iPos - 1)
  213. end if
  214. szResult = szResult & szReplace
  215. if (iPos + cchFind - 1) <> cchString then
  216. szResult = szResult & Right(szString, 1+(cchString - (iPos + cchFind)))
  217. end if
  218. szString = szResult
  220. loop
  221. End Sub
  223. Sub DoApproval
  224. Response.Write "<html><head><title>Website Access Request</title></head><body>"
  225. Response.Write "Your request for website access was previously submitted, but has not been approved yet. You will receive an E-mail when it is approved.<p>If it has been more than 24-hours and you have not heard from us, please E-mail "
  226. Response.Write "<a href='mailto:dwappr'>dwappr</a>."
  227. Response.End
  229. End Sub
  231. Sub SendApprovalMail(dwUserID, AccessLevelID, szEmail, szDomain, szReason)
  232. dim szBody, szTo
  233. Const ForReading = 1, ForWriting = 2, ForAppending = 3
  234. Dim fs, f, szFilename
  236. szFilename = Server.MapPath("\") & "\ApproverEmail.htm"
  237. Set fs = CreateObject("Scripting.FileSystemObject")
  238. Set f = fs.OpenTextFile(szFilename, ForReading,False,0)
  239. szBody = f.ReadAll
  240. f.Close
  241. set f=nothing
  242. set fs = nothing
  244. FindReplace szBody, "%domainalias%", szDomain & "\" & szEmail
  245. FindReplace szBody, "%approveurl%", "http://watson/UserLevels.asp?UserID=" & dwUserID
  246. FindReplace szBody, "%requestuser%", szEmail
  247. FindReplace szBody, "%reason%", szReason
  249. szTo = EmailListFromAccessLevelID(AccessLevelID)
  251. if Not FSendMail("[email protected]", szTo, "Request for Watson Access", szBody, 15) then
  252. Response.Write "<html><body>"
  253. Response.Write "An error has occured while processing your request. Please E-mail "
  254. Response.Write "<a href='mailto:dwappr'>dwappr</a>."
  255. Response.End
  257. end if
  259. Response.Write "<html><head><title>Website Access Request</title></head><body>"
  260. Response.Write "Your request for website access has been submitted and you will receive an E-mail when it is approved.<p>If you don't hear from us within 24-hours, please E-mail "
  261. Response.Write "<a href='mailto:dwappr'>dwappr</a>."
  262. Response.End
  264. End Sub
  266. Sub ProcessApproval(szEmail, szDomain, szReason)
  268. dim dwUserID
  269. dim szReasonLimited
  271. szReasonLimited = szReason
  272. if Len(szReasonLimited) > 255 then
  273. szReasonLimited = Left(szReasonLimited, 255)
  274. end if
  276. dwUserID = AddUserForApproval(constApprovalTypeWebsiteAccess, szEmail, szDomain, szReasonLimited)
  278. 'SendApprovalMail dwUserID, constAccessApproveNonStd, szEmail, szDomain, szReasonLimited
  280. End Sub
  282. szEmail = ""
  283. szReason = ""
  284. fBadReason = False
  285. fAgreeCheck = False
  286. szOrigURL = CStr(Request("Orig"))
  288. if CStr(Request.QueryString ) <> "" then
  289. szOrigURL = Request.QueryString
  290. end if
  292. //Response.Write "<BR> qyer: " & Request.QueryString
  293. //Response.Write "<BR> queyrstring: " & Request.QueryString( "OrigForm" )
  294. //Response.Write ("<BR><BR>SZOrigurl: " & szOrigURL )
  296. EmailDomainFromLogon szServerEmail, szServerDomain
  297. fLimited = FLimitedUser(szServerEmail, szServerDomain)
  299. set objConn = Server.CreateObject("ADODB.CONNECTION")
  300. 'objConn.Open szConnectionAuthorization, OCA_RO_UID, OCA_RO_PWD
  301. 'objConn.Open "Driver=SQL Server;Server=TKOffDWSql02;DATABASE=Authorization;uid=ocasqlrw;pwd=FT126USW"
  302. objConn.Open szConnectionAuthorization
  304. set objCmd = Server.CreateObject("ADODB.COMMAND")
  305. objCmd.ActiveConnection = objConn
  306. objCmd.CommandType = &H0004
  307. objCmd.CommandText = "OcaCheckUserAccessApprovals"
  308. objCmd.Parameters.Append objCmd.CreateParameter ("RETURN_VALUE", 3, &H0004)
  309. objCmd.Parameters.Append objCmd.CreateParameter ("@User",200,&H0001,50,szServerEmail)
  310. objCmd.Parameters.Append objCmd.CreateParameter ("@Domain",200,&H0001,50,szServerDomain)
  311. objCmd.Parameters.Append objCmd.CreateParameter ("@Level",3,&H0001,,constAccessAuthorized)
  312. objCmd.Parameters.Append objCmd.CreateParameter ("@ApprovalTypeID",3,&H0001,,constApprovalTypeWebsiteAccess )
  314. objCmd.Execute
  316. dwResult = CLng(objCmd.Parameters("RETURN_VALUE"))
  318. set objCmd = nothing
  319. objConn.Close
  321. set objConn = nothing
  323. if dwResult = 1 then
  324. Session("Authenticated") = "Yes"
  325. DoRedirect
  326. end if
  328. if dwResult = 2 then
  329. DoNoAccess
  330. end if
  332. if dwResult = 3 then
  333. DoApproval
  334. end if
  336. if (Request("Authentication") = "seen") then
  337. if Request.Form("chkAgree") <> "ON" then
  338. fBadCheck = True
  339. else
  340. fAgreeCheck = True
  341. end if
  342. szEmail = CStr(Request.Form("txtEmail"))
  344. if StrComp(szServerEmail, szEmail, vbTextCompare) <> 0 or szServerEmail = "" then
  345. fBadEmail = True
  346. end if
  348. if fLimited then
  349. szReason = CStr(Request.Form("txtReason"))
  350. if Len(szReason) = 0 then
  351. fBadReason = True
  352. end if
  353. end if
  355. if Not fBadEmail and Not fBadCheck and not fBadReason then
  357. if Not fLimited then
  359. Session("Authenticated") = "Yes"
  360. AddAuthenticationLevel szServerEmail, szServerDomain, constAccessAuthorized
  362. DoRedirect
  364. else
  366. AddAuthenticationLevel szServerEmail, szServerDomain, constAccessAuthorized
  368. ProcessApproval szServerEmail, szServerDomain, szReason
  370. end if
  371. end if
  373. end if
  375. %>
  377. <HTML><HEAD><TITLE>OCA Debug Portal Website Access</TITLE>
  379. <link rel="stylesheet" type="text/css" href="CallTree.css"/>
  380. <script language="javascript">
  381. function checkInput()
  382. {
  383. if (document.all.item("txtReason").value.length <= 255)
  384. Authentication_Form.submit();
  385. else
  386. {
  387. alert("The text in your reason is too long. Please limit your reason to 255 characters.");
  388. }
  389. }
  390. function checkReasonLength(inObj)
  391. {
  392. if (inObj.value.length <= 255)
  393. document.all.item("idReasonLength").style.display = "none";
  394. else
  395. document.all.item("idReasonLength").style.display = "";
  396. }
  398. </script>
  399. </HEAD>
  400. <BODY bgcolor=#eeeeee>
  402. <form name="Authentication_Form" href="Authentication.asp" method=post
  403. <% if fLimited then %>
  404. onSubmit="checkInput();return(false)"
  406. <% end if %>
  407. >
  408. <input type=hidden name="Authentication" value="seen">
  409. <input type=hidden name="Orig" value="<% =Server.HTMLEncode(szOrigURL) %>">
  410. <h1><font face="Verdana" style="font-size: 16pt">Private Customer Data</font></h1>
  411. <P align=left><B><FONT color=red face="Arial">Before entering this website, you must read and understand the
  412. <a href="http://watson.microsoft.com/dw/1033/dcp.asp">data collection policy</a></FONT></B></P>
  413. <H2><font style="font-size: 14pt; font-style: italic" face="Verdana">Summary</font></H2>
  414. <P><font face="Tahoma" size="2">The purpose of the Online Crash Analyses error reporting is to collect data and use it to
  415. improve Microsoft products. You cannot use OCA data for purposes other than
  416. finding and fixing bugs. </font>
  417. <ul>
  418. <LI><font face="Tahoma" size="2">If you discover information that identifies a customer, you may not
  419. contact that customer. (Except Microsoft employees and users who have
  420. explicitly agreed to be contacted.) </font>
  421. <LI><font face="Tahoma" size="2">If you want to work with an outside company to fix a problem you must talk
  422. to the <A href="mailto:blueteam">OCA</A> team first.</font></LI>
  423. </ul>
  424. <P><font face="Tahoma" size="2">Please understand that by accessing this data you are bound to the
  425. <a href="http://handbook/default.asp?contentpage=/f/guidelines13.asp">NDA</a> that you signed.</font></P>
  427. <% if fLimited then %>
  429. <H2><font style="font-size: 14pt; font-style: italic" face="Verdana">Request Access</font></H2>
  430. <p><font face="Tahoma" size="2">Please briefly describe why you need access to data
  431. on this website.&nbsp; You will be contacted by email when your request is
  432. approved.</font></P>
  433. <p style="margin-bottom: 0"><font face="Tahoma" size="2">I need to access Watson because:</font>
  434. </p>
  435. <textarea rows="3" name="txtReason" cols="47" onafterupdate="checkReasonLength(this)" onchange="checkReasonLength(this)" onkeyup="checkReasonLength(this)"><% =szReason %></textarea>
  436. <span id="idReasonLength" style="display:none"><font color=red>&lt;-- The text in your reason is too long. Please limit your reason to 255 characters.</font></span>
  437. <%
  438. if fBadReason then
  439. Response.Write "<font color=red>&lt;-- You need to specify a reason before submitting this request.</font>"
  440. end if
  441. %>
  442. </p>
  444. <% end if %>
  446. <P><font face="Tahoma"><font size="3">
  447. <INPUT type=checkbox name=chkAgree value="ON" <% if fAgreeCheck then %>checked<%end if %>></font><font size="2"> I have read and understand the <A
  448. href="http://watson.microsoft.com/dw/1033/dcp.asp">data collection
  449. policy</A>.</font></font>
  450. <%
  451. if fBadCheck then
  452. Response.Write "<font color=red>&lt;-- You need to read and understand the data collection policy.</font>"
  453. end if
  454. %>
  456. </P>
  458. <P><font face="Tahoma"><font size="2">Email alias:&nbsp; </font><font size="3">
  459. <INPUT name=txtEmail size="20" value="<% =szEmail %>"></font></font>
  460. <%
  461. if fBadEmail then
  462. Response.Write "<font color=red>&lt;-- Incorrect E-mail alias. For example, if your E-mail is [email protected], enter just <b><i>johndoe</i></b>.</font>"
  463. end if
  464. %>
  465. </P>
  466. <font face="Arial"><INPUT type=submit value=Submit>
  467. </font>
  468. </form>
  470. <font face="Tahoma" size="2">If you encounter problems when using this web page, please E-mail <a href="mailto:[email protected]">[email protected]</a>.</font>
  472. </BODY>
  473. </HTML>