archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 5c6fe3db62
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c6fe3db62'
${ noResults }
windows-server-2003/ds/security/tools/ksetup/mapuser.cxx

264 lines
6.0 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /*++
  3. MAPUSER.CXX
  5. Copyright (C) 1999 Microsoft Corporation, all rights reserved.
  7. DESCRIPTION: code for MapUser()
  9. Created, May 21, 1999 by DavidCHR.
  11. --*/
  13. #include "everything.hxx"
  15. extern "C" {
  16. #include <malloc.h> // alloca
  17. #include "..\keytab2\keytab\ldlib\delegtools.h"
  18. }
  20. static CHAR AltSecId[] = "AltSecurityIdentities";
  21. static CHAR AltSecPrefix[] = "KERBEROS:";
  22. static CHAR PreQuery[] = "(objectClass=user)"; /* For performance
  23. reasons, we should
  24. query an indexed type */
  26. NTSTATUS
  27. MapUserInDirectory( IN LPWSTR Principal,
  28. IN OPTIONAL LPWSTR Account ) {
  30. LPSTR Attributes[] = { NULL }; // request no attributes
  31. PCHAR PrincValues[] = { NULL, NULL };
  32. LDAPModA TheMod = { LDAP_MOD_DELETE,
  33. AltSecId,
  34. PrincValues };
  35. PLDAPModA Mods[] = { &TheMod, NULL };
  36. CHAR SearchBuffer [ UNLEN + 100 ]; /* The most we could have to
  37. search for is UNLEN (for either
  38. the principalname or the
  39. accountname) + 100 for the
  40. semantics of the query */
  41. NTSTATUS ret = STATUS_INTERNAL_ERROR;
  42. LPSTR ObjectDn;
  43. ULONG lderr;
  45. if ( ( lstrcmpW( Principal, L"*" ) == 0 ) ||
  46. ( Account && ( lstrcmpW( Account, L"*" ) == 0 ) ) ) {
  48. printf( "Wildcard account mappings are not supported"
  49. " at the domain level.\n" );
  51. return STATUS_NOT_SUPPORTED;
  53. }
  55. if ( ConnectedToDsa() ) {
  57. if ( Account ) { // changing the attribute -- search for the account
  59. wsprintfA( SearchBuffer,
  60. "(& %hs (samAccountName=%ws))",
  61. PreQuery,
  62. Account );
  64. } else { // deleting the attribute -- search for the attr
  66. wsprintfA( SearchBuffer,
  67. "(& %hs (%hs=%hs%ws))",
  68. PreQuery,
  69. AltSecId,
  70. AltSecPrefix,
  71. Principal );
  73. }
  75. if ( LdapSearchForUniqueDnA( GlobalLdap,
  76. SearchBuffer,
  77. Attributes,
  78. &ObjectDn,
  79. NULL ) ) {
  81. PrincValues[ 0 ] = (PCHAR)malloc( lstrlenW( Principal ) + 30 );
  82. if ( !PrincValues[ 0 ] ) {
  84. return STATUS_NO_MEMORY; /* NOTE: 73954: This leaks, but the
  85. app terminates immediately afterwards,
  86. so we don't actually care. */
  88. }
  90. wsprintfA( PrincValues[ 0 ],
  91. "%hs%ws",
  92. AltSecPrefix,
  93. Principal );
  96. if ( Account ) {
  98. TheMod.mod_op = LDAP_MOD_ADD;
  100. } else {
  102. TheMod.mod_op = LDAP_MOD_DELETE;
  104. }
  106. lderr = ldap_modify_sA( GlobalLdap,
  107. ObjectDn,
  108. Mods );
  110. // special-case output here:
  112. switch( lderr ) {
  114. case LDAP_SUCCESS:
  116. printf( "Mapping %hs successfully.\n",
  117. Account ? "created" : "deleted" );
  119. ret = STATUS_SUCCESS;
  120. break;
  122. default:
  124. printf( "Failed to %hs %hs on %hs; error 0x%x.\n",
  125. Account ? "set" : "delete",
  126. AltSecId,
  127. ObjectDn,
  128. lderr );
  130. ret = STATUS_UNSUCCESSFUL;
  132. break;
  134. }
  136. free( ObjectDn );
  137. free( PrincValues[0] );
  139. } else {
  141. printf( "Could not locate the account mapping in the directory.\n" );
  143. }
  145. }
  147. return ret;
  148. }
  151. NTSTATUS
  152. MapUserInRegistry( IN LPWSTR Principal,
  153. IN OPTIONAL LPWSTR Account ) {
  155. DWORD RegErr;
  156. HKEY KerbHandle = NULL;
  157. HKEY UserListHandle = NULL;
  158. DWORD Disposition;
  160. RegErr = OpenKerberosKey(&KerbHandle);
  161. if (RegErr)
  162. {
  163. goto Cleanup;
  164. }
  166. RegErr = RegCreateKeyEx(
  167. KerbHandle,
  168. L"UserList",
  169. 0,
  170. NULL,
  171. 0, // no options
  172. KEY_CREATE_SUB_KEY | KEY_SET_VALUE,
  173. NULL,
  174. &UserListHandle,
  175. &Disposition
  176. );
  177. if (RegErr)
  178. {
  179. printf("Failed to create UserList key: %d\n",RegErr);
  180. goto Cleanup;
  181. }
  183. if ( Account && Account[0] ) {
  185. RegErr = RegSetValueEx( UserListHandle,
  186. Principal,
  187. 0,
  188. REG_SZ,
  189. (PBYTE) Account,
  190. (wcslen(Account) + 1) * sizeof(WCHAR)
  191. );
  193. if (RegErr)
  194. {
  195. printf("Failed to set name mapping value: %d\n",RegErr);
  196. goto Cleanup;
  197. }
  199. } else {
  201. /* if no second parameter was supplied,
  202. delete the mapping. */
  204. RegErr = RegDeleteValue( UserListHandle,
  205. Principal );
  207. switch( RegErr ) {
  209. case ERROR_PATH_NOT_FOUND:
  210. case ERROR_FILE_NOT_FOUND:
  212. RegErr = ERROR_SUCCESS;
  213. // fallthrough to success case
  215. case ERROR_SUCCESS:
  216. break;
  218. default:
  220. printf( "Failed to delete mapping for %ws: error 0x%x.\n",
  221. Principal,
  222. RegErr );
  224. goto Cleanup;
  226. }
  227. }
  229. Cleanup:
  230. if (KerbHandle)
  231. {
  232. RegCloseKey(KerbHandle);
  233. }
  234. if (UserListHandle)
  235. {
  236. RegCloseKey(UserListHandle);
  237. }
  238. if (RegErr)
  239. {
  240. return(STATUS_UNSUCCESSFUL);
  241. }
  242. return(STATUS_SUCCESS);
  244. }
  247. NTSTATUS
  248. MapUser( IN LPWSTR * Parameters ) {
  250. //
  251. // Mapuser needs at least one none-empty argument
  252. //
  254. if (!Parameters[ 0 ] || !*Parameters[ 0 ])
  255. {
  256. return STATUS_INVALID_PARAMETER;
  257. }
  259. return ( GlobalDomainSetting ?
  260. MapUserInDirectory :
  261. MapUserInRegistry )( Parameters[ 0 ],
  262. Parameters[ 1 ] );
  264. }