archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 5c6fe3db62
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c6fe3db62'
${ noResults }
windows-server-2003/admin/admt/workobj/arutil.cpp

407 lines
12 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /*---------------------------------------------------------------------------
  2. File: ARUtil.cpp
  4. Comments: Helper functions and command-line parsing for Account Replicator
  6. (c) Copyright 1995-1998, Mission Critical Software, Inc., All Rights Reserved
  7. Proprietary and confidential to Mission Critical Software, Inc.
  9. REVISION LOG ENTRY
  10. Revision By: Christy Boles
  11. Revised on 6/23/98 4:26:54 PM
  13. ---------------------------------------------------------------------------
  14. */
  16. #include "StdAfx.h"
  18. #include <stdlib.h>
  19. #include <stdio.h>
  20. #include <string.h>
  21. #include <ctype.h>
  23. #define INCL_NETUSER
  24. #define INCL_NETGROUP
  25. #define INCL_NETERRORS
  26. #include <lm.h>
  28. #include "Mcs.h"
  29. #include "Common.hpp"
  30. #include "TNode.hpp"
  31. #include "UString.hpp"
  33. #include "ErrDct.hpp"
  35. //#import "\bin\McsDctWorkerObjects.tlb"
  36. //#import "WorkObj.tlb" //#imported via ARUtil.hpp below
  38. #include "UserCopy.hpp"
  39. #include "ARUtil.hpp"
  40. #include "PWGen.hpp"
  41. #include "ResStr.h"
  42. #include <TxtSid.h>
  45. extern TErrorDct err;
  46. bool bAllowReplicateOnSelf;
  48. extern PSID srcSid; // SID of source domain
  50. /***************************************************************************************************
  51. CompVal: used as a compare function for TANode trees
  53. It compares a UNICODE string, with the name field in the node
  55. Return Values:
  56. 0 tn->acct_name == actname
  57. 1 tn->acct_name < actname
  58. -1 tn->acct_name > actname
  60. /***************************************************************************************************/
  62. int
  63. CompVal(
  64. const TNode * tn, //in -tree node
  65. const void * actname //in -name to look for
  66. )
  67. {
  69. LPWSTR str1 = ((TANode *)tn)->GetName();
  70. LPWSTR str2 = (LPWSTR) actname;
  72. return UStrICmp(str1,str2);
  73. }
  74. /***************************************************************************************************/
  75. /* CompNode: used as a compare function for TANode Trees
  77. It compares the name fields of TANodes
  79. Return Values:
  80. 0 t1->acct_name == t2->acct_name
  81. 1 t1->acct_name > t2->acct_name
  82. -1 t1->acct_name < t2->acct_name
  84. Error Handling:
  85. if given bad inputs, CompN displays an error message and returns 0
  86. /***************************************************************************************************/
  88. int
  89. CompNode(
  90. const TNode * v1, //in -first node to compare
  91. const TNode * v2 //in -second node to compare
  92. )
  93. {
  95. TANode * t1 = (TANode *)v1;
  96. TANode * t2 = (TANode *)v2;
  98. return UStrICmp(t1->GetName(),t2->GetName());
  99. }
  102. int
  103. CompareSid(
  104. PSID const sid1, // in - first SID to compare
  105. PSID const sid2 // in - second SID to compare
  106. )
  107. {
  108. DWORD len1,
  109. len2;
  110. int retval = 0;
  112. len1 = GetLengthSid(sid1);
  113. len2 = GetLengthSid(sid2);
  115. if ( len1 < len2 )
  116. {
  117. retval = -1;
  118. }
  119. if ( len1 > len2 )
  120. {
  121. retval = 1;
  122. }
  123. if ( len1 == len2 )
  124. {
  125. retval = memcmp(sid1,sid2,len1);
  126. }
  128. return retval;
  129. }
  132. int
  133. CompSid(
  134. const TNode * v1, // in -first node to compare
  135. const TNode * v2 // in -second node to compare
  136. )
  137. {
  138. TANode * t1 = (TANode *)v1;
  139. TANode * t2 = (TANode *)v2;
  141. return CompareSid(t1->GetSid(),t2->GetSid());
  142. }
  144. int
  145. CompSidVal(
  146. const TNode * tn, // in -node to compare
  147. const void * pVal // in -value to compare
  148. )
  149. {
  150. TANode * node = (TANode *)tn;
  151. PSID pSid = (PSID)pVal;
  153. return CompareSid(node->GetSid(),pSid);
  154. }
  157. BOOL // ret-TRUE if the password is successfully generated
  158. PasswordGenerate(
  159. Options const * options, // in -includes PW Generating options
  160. WCHAR * password, // out -buffer for generated password
  161. DWORD dwPWBufferLength, // in -DIM length of password buffer
  162. BOOL isAdminAccount // in -Whether to use the Admin rules
  163. )
  164. {
  165. DWORD rc = 0;
  166. DWORD dwMinUC; // minimum upper case chars
  167. DWORD dwMinLC; // minimum lower case chars
  168. DWORD dwMinDigit; // minimum numeric digits
  169. DWORD dwMinSpecial; // minimum special chars
  170. DWORD dwMaxConsecutiveAlpha; // maximum consecutive alpha chars
  171. DWORD dwMinLength; // minimum length
  172. WCHAR eaPassword[PWLEN+1]; // EA generated password
  173. DWORD dwEaBufferLength = DIM(eaPassword);// DIM length of newPassword
  175. // default values, if not enforcing PW strength through EA or MS DLL
  176. dwMinUC = 0;
  177. dwMinLC = 0;
  178. dwMinDigit = 1; // if no enforcement, require one digit (this is what the GUI does)
  179. dwMinSpecial = 0;
  180. dwMaxConsecutiveAlpha = 0;
  181. dwMinLength = options->minPwdLength;
  184. // Get password enforcement rules, if in effect
  185. dwMinUC = options->policyInfo.minUpper;
  186. dwMinLC = options->policyInfo.minLower;
  187. dwMinDigit = options->policyInfo.minDigits;
  188. dwMinSpecial = options->policyInfo.minSpecial;
  189. dwMaxConsecutiveAlpha = options->policyInfo.maxConsecutiveAlpha;
  191. rc = EaPasswordGenerate(dwMinUC,dwMinLC,dwMinDigit,dwMinSpecial,
  192. dwMaxConsecutiveAlpha,dwMinLength,eaPassword,dwEaBufferLength);
  194. if ( ! rc )
  195. {
  196. UStrCpy(password,eaPassword,dwPWBufferLength);
  197. }
  198. else
  199. {
  200. if ( dwPWBufferLength )
  201. password[0] = 0;
  202. }
  204. return rc;
  205. }
  208. PSID
  209. GetWellKnownSid(
  210. DWORD wellKnownAccount, // in - constant defined in this file, representing well-known account
  211. Options * opt, // in - migration options
  212. BOOL bTarget // in - flag, whether to use source or target domain information
  213. )
  214. {
  215. PSID pSid = NULL;
  216. PUCHAR numsubs = NULL;
  217. DWORD * rid = NULL;
  218. BOOL error = FALSE;
  219. DWORD rc;
  220. DWORD wellKnownRid = wellKnownAccount;
  221. BOOL bNeedToBuildDomainSid = FALSE;
  224. SID_IDENTIFIER_AUTHORITY sia = SECURITY_NT_AUTHORITY;
  225. SID_IDENTIFIER_AUTHORITY creatorIA = SECURITY_CREATOR_SID_AUTHORITY;
  227. //
  228. // Sid is the same regardless of machine, since the well-known
  229. // BUILTIN domain is referenced.
  230. //
  231. switch ( wellKnownAccount )
  232. {
  233. case CREATOR_OWNER:
  234. if( ! AllocateAndInitializeSid(
  235. &creatorIA,
  236. 2,
  237. SECURITY_BUILTIN_DOMAIN_RID,
  238. SECURITY_CREATOR_OWNER_RID,
  239. 0, 0, 0, 0, 0, 0,
  240. &pSid
  241. ))
  242. {
  243. err.SysMsgWrite(ErrE,GetLastError(),DCT_MSG_INITIALIZE_SID_FAILED_D,GetLastError());
  244. }
  245. break;
  246. case ADMINISTRATORS:
  247. if( ! AllocateAndInitializeSid(
  248. &sia,
  249. 2,
  250. SECURITY_BUILTIN_DOMAIN_RID,
  251. DOMAIN_ALIAS_RID_ADMINS,
  252. 0, 0, 0, 0, 0, 0,
  253. &pSid
  254. ))
  255. {
  256. err.SysMsgWrite(ErrE,GetLastError(),DCT_MSG_INITIALIZE_SID_FAILED_D,GetLastError());
  257. }
  258. break;
  259. case ACCOUNT_OPERATORS:
  260. if( ! AllocateAndInitializeSid(
  261. &sia,
  262. 2,
  263. SECURITY_BUILTIN_DOMAIN_RID,
  264. DOMAIN_ALIAS_RID_ACCOUNT_OPS,
  265. 0, 0, 0, 0, 0, 0,
  266. &pSid
  267. ))
  268. {
  269. err.SysMsgWrite(ErrE,GetLastError(),DCT_MSG_INITIALIZE_SID_FAILED_D,GetLastError());
  270. }
  271. break;
  272. case BACKUP_OPERATORS:
  273. if( ! AllocateAndInitializeSid(
  274. &sia,
  275. 2,
  276. SECURITY_BUILTIN_DOMAIN_RID,
  277. DOMAIN_ALIAS_RID_BACKUP_OPS,
  278. 0, 0, 0, 0, 0, 0,
  279. &pSid
  280. ))
  281. {
  282. err.SysMsgWrite(ErrE,GetLastError(),DCT_MSG_INITIALIZE_SID_FAILED_D,GetLastError());
  283. }
  284. break;
  285. case DOMAIN_ADMINS:
  286. wellKnownRid = DOMAIN_GROUP_RID_ADMINS;
  287. bNeedToBuildDomainSid = TRUE;
  288. break;
  289. case DOMAIN_USERS:
  290. wellKnownRid = DOMAIN_GROUP_RID_USERS;
  291. bNeedToBuildDomainSid = TRUE;
  292. break;
  293. case DOMAIN_CONTROLLERS:
  294. wellKnownRid = DOMAIN_GROUP_RID_CONTROLLERS;
  295. bNeedToBuildDomainSid = TRUE;
  296. break;
  297. case DOMAIN_COMPUTERS:
  298. wellKnownRid = DOMAIN_GROUP_RID_COMPUTERS;
  299. bNeedToBuildDomainSid = TRUE;
  300. break;
  301. default:
  302. wellKnownRid = wellKnownAccount;
  303. bNeedToBuildDomainSid = TRUE;
  304. break;
  305. }
  307. if ( bNeedToBuildDomainSid )
  308. {
  309. // For the default case we can return a SID by using the wellKnownAccount parameter as a RID
  310. // this one is based on the sid for the domain
  311. // Get the domain SID
  312. USER_MODALS_INFO_2 * uinf = NULL;
  313. MCSASSERT(opt);
  314. srcSid = bTarget ? opt->tgtSid : opt->srcSid;
  315. if ( ! srcSid )
  316. {
  317. rc = NetUserModalsGet(bTarget ? opt->tgtComp :opt->srcComp,2,(LPBYTE*)&uinf);
  318. if ( rc )
  319. {
  320. err.SysMsgWrite(ErrE,rc,DCT_MSG_NO_DOMAIN_SID_SD,bTarget ? opt->tgtDomain :opt->srcDomain,rc );
  321. error = TRUE;
  322. srcSid = NULL;
  323. }
  324. else
  325. {
  326. srcSid = uinf->usrmod2_domain_id;
  327. // make a copy of the SID to keep in the Options structure for next time
  328. PSID temp = LocalAlloc(LPTR,GetLengthSid(srcSid));
  330. memcpy(temp,srcSid,GetLengthSid(srcSid));
  332. if ( bTarget )
  333. opt->tgtSid = temp;
  334. else
  335. opt->srcSid = temp;
  336. NetApiBufferFree(uinf);
  337. srcSid = temp;
  338. }
  339. }
  340. if ( srcSid )
  341. {
  342. numsubs = GetSidSubAuthorityCount(srcSid);
  343. if (! AllocateAndInitializeSid(
  344. &sia,
  345. (*numsubs)+1,
  346. 0,0,0,0,0,0,0,0,
  347. &pSid) )
  348. {
  349. err.SysMsgWrite(ErrE,GetLastError(),DCT_MSG_INITIALIZE_SID_FAILED_D,GetLastError());
  350. }
  351. if ( ! CopySid(GetLengthSid(srcSid), pSid, srcSid) )
  352. {
  353. err.SysMsgWrite(ErrE,GetLastError(),DCT_MSG_COPY_SID_FAILED_D,GetLastError());
  354. }
  355. // reset number of subauthorities in pSid, since we just overwrote it with information from srcSid
  356. numsubs = GetSidSubAuthorityCount(pSid);
  357. (*numsubs)++;
  358. rid = GetSidSubAuthority(pSid,(*numsubs)-1);
  359. *rid = wellKnownRid;
  361. }
  362. }
  363. if ( error )
  364. {
  365. LocalFree(pSid);
  366. pSid = NULL;
  367. }
  368. return pSid;
  369. }
  372. //---------------------------------------------------------------------------
  373. // GenerateSidAsString Function
  374. //
  375. // Synopsis
  376. // Generate a SID in string format from specifed domain and given RID.
  377. //
  378. // Arguments
  379. // IN pOptions - account replicator options structure
  380. // IN bTarget - specifies whether to use the target domain or source domain
  381. // IN dwRid - specified RID
  382. //
  383. // Return
  384. // The generated SID as a string if successfull or an empty string if not.
  385. //---------------------------------------------------------------------------
  387. _bstr_t __stdcall GenerateSidAsString(Options* pOptions, BOOL bTarget, DWORD dwRid)
  388. {
  389. _bstr_t strSid;
  391. PSID pSid = GetWellKnownSid(dwRid, pOptions, bTarget);
  393. if (pSid)
  394. {
  395. WCHAR szSid[LEN_Path];
  396. DWORD cchSid = DIM(szSid);
  398. if (GetTextualSid(pSid, szSid, &cchSid))
  399. {
  400. strSid = szSid;
  401. }
  403. FreeSid(pSid);
  404. }
  406. return strSid;
  407. }