archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
4.9 GiB
Tree: 5c6fe3db62
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c6fe3db62'
${ noResults }
windows-server-2003/net/ias/providers/ntuser/ldap/iasntds.cpp

317 lines
6.9 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. ///////////////////////////////////////////////////////////////////////////////
  2. //
  3. // FILE
  4. //
  5. // iasntds.cpp
  6. //
  7. // SYNOPSIS
  8. //
  9. // Defines global objects and functions for the IAS NTDS API.
  10. //
  11. // MODIFICATION HISTORY
  12. //
  13. // 05/11/1998 Original version.
  14. // 07/13/1998 Clean up header file dependencies.
  15. // 08/25/1998 Added IASNtdsQueryUserAttributes.
  16. // 09/02/1998 Added 'scope' parameter to IASNtdsQueryUserAttributes.
  17. // 03/10/1999 Added IASNtdsIsNativeModeDomain.
  18. // 03/23/1999 Retry failed searches.
  19. // 05/11/1999 Ask for at least one attribute or else you get them all.
  20. // 09/14/1999 Move SEARCH_TIMEOUT to LDAPConnection.
  21. //
  22. ///////////////////////////////////////////////////////////////////////////////
  24. #include <ias.h>
  25. #include <iasntds.h>
  27. #include <ldapcxn.h>
  28. #include <ntcache.h>
  30. namespace
  31. {
  32. // Global object caches.
  33. NTCache theDomains;
  35. // Initialization reference count.
  36. LONG refCount = 0;
  37. }
  39. DWORD
  40. WINAPI
  41. IASNtdsInitialize( VOID )
  42. {
  43. IASGlobalLockSentry sentry;
  45. ++refCount;
  47. return NO_ERROR;
  49. }
  51. VOID
  52. WINAPI
  53. IASNtdsUninitialize( VOID )
  54. {
  55. IASGlobalLockSentry sentry;
  57. if (--refCount == 0)
  58. {
  59. theDomains.clear();
  60. }
  61. }
  63. BOOL
  64. WINAPI
  65. IASNtdsIsNativeModeDomain(
  66. IN PCWSTR domain
  67. )
  68. {
  69. return theDomains.getMode(domain) == NTDomain::MODE_NATIVE;
  70. }
  72. //////////
  73. // Retrieve a single entry from the DS. Handles all clean-up on failure.
  74. //////////
  75. DWORD
  76. WINAPI
  77. GetSingleEntry(
  78. LDAPConnection* cxn,
  79. PWCHAR base,
  80. ULONG scope,
  81. PWCHAR filter,
  82. PWCHAR attrs[],
  83. LDAPMessage **res
  84. ) throw ()
  85. {
  86. //////////
  87. // Perform the search.
  88. //////////
  90. ULONG error = ldap_search_ext_sW(
  91. *cxn,
  92. base,
  93. scope,
  94. filter,
  95. attrs,
  96. FALSE,
  97. NULL,
  98. NULL,
  99. &LDAPConnection::SEARCH_TIMEOUT,
  100. 0,
  101. res
  102. );
  104. //////////
  105. // Process the results.
  106. //////////
  108. if (error != LDAP_SUCCESS && error != LDAP_PARTIAL_RESULTS)
  109. {
  110. cxn->TraceFailure("ldap_search_ext_sW", error);
  111. cxn->disable();
  112. error = LdapMapErrorToWin32(error);
  113. }
  114. else if ((*res)->lm_returncode != LDAP_SUCCESS)
  115. {
  116. error = LdapMapErrorToWin32((*res)->lm_returncode);
  117. cxn->TraceFailure("ldap_search_ext_sW", (*res)->lm_returncode);
  118. }
  119. else if (ldap_count_entries(*cxn, *res) != 1)
  120. {
  121. error = ERROR_NO_SUCH_USER;
  122. }
  123. else
  124. {
  125. return NO_ERROR;
  126. }
  128. //////////
  129. // The search failed, so clean-up.
  130. //////////
  132. if (*res != NULL)
  133. {
  134. ldap_msgfree(*res);
  135. *res = NULL;
  136. }
  138. return error;
  139. }
  141. //////////
  142. // Constants used for building LDAP search filters.
  143. //////////
  144. const WCHAR USER_FILTER_PREFIX[] = L"(sAMAccountName=";
  145. const WCHAR USER_FILTER_SUFFIX[] = L")";
  146. const size_t MAX_USERNAME_LENGTH = 256;
  147. const size_t USER_FILTER_LENGTH = sizeof(USER_FILTER_PREFIX)/sizeof(WCHAR) +
  148. MAX_USERNAME_LENGTH +
  149. sizeof(USER_FILTER_SUFFIX)/sizeof(WCHAR);
  151. //////////
  152. // Empty attribute list.
  153. //////////
  154. PWCHAR NO_ATTRS[] = { L"cn", NULL };
  156. DWORD
  157. WINAPI
  158. QueryUserAttributesOnce(
  159. IN PCWSTR domainName,
  160. IN PCWSTR username,
  161. IN ULONG scope,
  162. IN PWCHAR attrs[],
  163. OUT PIAS_NTDS_RESULT result
  164. )
  165. {
  166. //////////
  167. // Retrieve a connection to the domain.
  168. //////////
  170. CComPtr<LDAPConnection> cxn;
  171. DWORD error = theDomains.getConnection(domainName, &cxn);
  173. switch (error)
  174. {
  175. case NO_ERROR:
  176. {
  177. IASTracePrintf("Sending LDAP search to %s.", cxn->getHost());
  178. break;
  179. }
  181. case ERROR_DS_NOT_INSTALLED:
  182. {
  183. IASTracePrintf("DS not installed for domain %S.", domainName);
  184. return error;
  185. }
  187. default:
  188. {
  189. IASTracePrintf("Could not open an LDAP connection to domain %S.",
  190. domainName);
  191. IASTraceFailure("NTDomain::getConnection", error);
  192. return error;
  193. }
  194. }
  196. //////////
  197. // Initialize the search filter.
  198. //////////
  200. WCHAR searchFilter[USER_FILTER_LENGTH];
  201. wcscpy (searchFilter, USER_FILTER_PREFIX);
  202. wcsncat(searchFilter, username, MAX_USERNAME_LENGTH);
  203. wcscat (searchFilter, USER_FILTER_SUFFIX);
  205. //////////
  206. // Query the DS. If scope == LDAP_SCOPE_BASE, then we won't retrieve the
  207. // actual attributes yet.
  208. //////////
  210. LDAPMessage* res;
  211. error = GetSingleEntry(
  212. cxn,
  213. const_cast<PWCHAR>(cxn->getBase()),
  214. LDAP_SCOPE_SUBTREE,
  215. searchFilter,
  216. (scope == LDAP_SCOPE_BASE ? NO_ATTRS : attrs),
  217. &res
  218. );
  220. if (error == NO_ERROR && scope == LDAP_SCOPE_BASE)
  221. {
  222. // All we care about is the user's DN.
  223. PWCHAR dn = ldap_get_dnW(*cxn, ldap_first_entry(*cxn, res));
  224. ldap_msgfree(res);
  226. // Now get the actual attributes.
  227. error = GetSingleEntry(
  228. cxn,
  229. dn,
  230. LDAP_SCOPE_BASE,
  231. L"(objectclass=*)",
  232. attrs,
  233. &res
  234. );
  236. ldap_memfree(dn);
  237. }
  239. if (error == NO_ERROR)
  240. {
  241. LDAPConnection* rawCxn = cxn;
  242. rawCxn->AddRef();
  243. result->cxn = rawCxn;
  244. result->msg = res;
  245. }
  247. return error;
  248. }
  250. DWORD
  251. WINAPI
  252. IASNtdsQueryUserAttributes(
  253. IN PCWSTR domainName,
  254. IN PCWSTR username,
  255. IN ULONG scope,
  256. IN PWCHAR attrs[],
  257. OUT PIAS_NTDS_RESULT result
  258. )
  259. {
  260. if (result == 0)
  261. {
  262. return ERROR_INVALID_PARAMETER;
  263. }
  265. result->cxn = 0;
  266. result->msg = 0;
  268. DWORD retval = QueryUserAttributesOnce(
  269. domainName,
  270. username,
  271. scope,
  272. attrs,
  273. result
  274. );
  276. switch (retval)
  277. {
  278. case NO_ERROR:
  279. case ERROR_DS_NOT_INSTALLED:
  280. case ERROR_NO_SUCH_USER:
  281. case ERROR_ACCESS_DENIED:
  282. return retval;
  283. }
  285. IASTraceString("Retrying LDAP search.");
  287. return QueryUserAttributesOnce(
  288. domainName,
  289. username,
  290. scope,
  291. attrs,
  292. result
  293. );
  294. }
  297. VOID
  298. WINAPI
  299. IASNtdsFreeResult(
  300. PIAS_NTDS_RESULT result
  301. )
  302. {
  303. if (result != 0)
  304. {
  305. if (result->cxn != 0)
  306. {
  307. static_cast<LDAPConnection*>(result->cxn)->Release();
  308. result->cxn = 0;
  309. }
  311. if (result->msg != 0)
  312. {
  313. ldap_msgfree(result->msg);
  314. result->msg = 0;
  315. }
  316. }
  317. }