archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 7b07a90fc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7b07a90fc1'
${ noResults }
windows-server-2003/admin/admt/moveobj/mover.cpp

740 lines
21 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. // Mover.cpp : Implementation of CMoveObjApp and DLL registration.
  3. #include "stdafx.h"
  4. #include <stdio.h>
  5. #include <basetsd.h>
  6. #include <ntdsapi.h>
  7. #include "MoveObj.h"
  8. #include "Mover.h"
  9. #include "UString.hpp"
  10. #include "EaLen.hpp"
  12. #include "ErrDct.hpp"
  13. #include "TReg.hpp"
  14. #include "ResStr.h"
  15. #include "LSAUtils.h"
  17. #include "winldap.h" // use the platform SDK version of winldap.h, which is in the project directory
  21. #define SECURITY_WIN32 1 // Needed for sspi.h
  23. #include <sspi.h> // Needed for ISC_REQ_DELEGATE
  26. #define LDAP_SERVER_CROSSDOM_MOVE_TARGET_OID "1.2.840.113556.1.4.521"
  27. #define LDAP_SERVER_CROSSDOM_MOVE_TARGET_OID_W L"1.2.840.113556.1.4.521"
  30. TErrorDct err;
  31. TErrorDct errLogMain;
  32. StringLoader gString;
  34. BOOL // ret- whether to perform trace logging to a file
  35. MoverTraceLogging(
  36. WCHAR * filename // out- filename to use for trace logging
  37. )
  38. {
  39. DWORD rc = 0;
  40. BOOL bFound = FALSE;
  41. TRegKey key;
  42. WCHAR fnW[MAX_PATH];
  44. rc = key.OpenRead(GET_STRING(IDS_HKLM_DomainAdmin_Key),(HKEY)HKEY_LOCAL_MACHINE);
  45. if ( ! rc )
  46. {
  47. rc = key.ValueGetStr(L"MoveObjectLog",fnW,MAX_PATH);
  48. if ( ! rc )
  49. {
  50. if ( *fnW )
  51. {
  52. bFound = TRUE;
  53. UStrCpy(filename,fnW);
  54. }
  55. else
  56. {
  57. filename[0] = 0;
  58. }
  59. }
  60. }
  61. return bFound && filename[0];
  62. }
  65. // In the following function we are sending in the logFilename in the tgtCredDomain argument.
  66. // This is done since this is always called with a null value in the ADMT code. To be safe we
  67. // will check if the account value is null then we will treat this as a log file otherwise
  68. // we will need to treat this as credentials.
  69. STDMETHODIMP
  70. CMover::Connect(
  71. BSTR sourceComp, // in - source domain computer to connect to
  72. BSTR targetDSA, // in - target domain computer to connect to
  73. BSTR srcCredDomain, // in - credentials to use for source domain
  74. BSTR srcCredAccount, // in - credentials to use for source domain
  75. BSTR srcCredPassword, // in - credentials to use for source domain
  76. BSTR tgtCredDomain, // in - credentials to use for target domain
  77. BSTR tgtCredAccount, // in - credentials to use for target domain
  78. BSTR tgtCredPassword // in - credentials to use for target domain
  79. )
  80. {
  82. DWORD rc = 0;
  83. LONG value = 0;
  84. ULONG flags = 0;
  85. ULONG result = 0;
  86. SEC_WINNT_AUTH_IDENTITY srcCred;
  87. SEC_WINNT_AUTH_IDENTITY tgtCred;
  88. BOOL bUseSrcCred = FALSE;
  89. BOOL bUseTgtCred = FALSE;
  90. BOOL bSrcGood = FALSE;
  91. WCHAR * logFileMain;
  93. // strip off leading \\ if present
  94. if ( sourceComp && sourceComp[0] == L'\\' )
  95. {
  96. UStrCpy(m_sourceDSA,sourceComp + 2);
  97. }
  98. else
  99. {
  100. UStrCpy(m_sourceDSA,sourceComp);
  101. }
  102. if ( targetDSA && targetDSA[0] == L'\\' )
  103. {
  104. UStrCpy(m_targetDSA,targetDSA + 2);
  105. }
  106. else
  107. {
  108. UStrCpy(m_targetDSA,targetDSA);
  109. }
  111. // set up credentials structure to use for bind, if needed
  112. if ( srcCredDomain && *srcCredDomain && srcCredAccount && *srcCredAccount )
  113. {
  114. srcCred.User = srcCredAccount;
  115. srcCred.Domain = srcCredDomain;
  116. srcCred.Password = NULL;
  117. srcCred.UserLength = UStrLen(srcCred.User);
  118. srcCred.Flags = SEC_WINNT_AUTH_IDENTITY_UNICODE;
  119. srcCred.DomainLength = UStrLen(srcCred.Domain);
  120. srcCred.PasswordLength = 0;
  121. bUseSrcCred = TRUE;
  122. }
  124. if ( tgtCredAccount && *tgtCredAccount )
  125. {
  126. tgtCred.User = tgtCredAccount;
  127. tgtCred.Domain = tgtCredDomain;
  128. tgtCred.Password = NULL;
  129. tgtCred.UserLength = UStrLen(tgtCred.User);
  130. tgtCred.Flags = SEC_WINNT_AUTH_IDENTITY_UNICODE;
  131. tgtCred.DomainLength = UStrLen(tgtCred.Domain);
  132. tgtCred.PasswordLength = 0;
  133. bUseTgtCred = TRUE;
  134. }
  135. else if ( tgtCredDomain && *tgtCredDomain )
  136. {
  137. logFileMain = tgtCredDomain;
  138. if (*logFileMain)
  139. {
  140. errLogMain.LogOpen(logFileMain, 1);
  141. }
  142. }
  144. // Open LDAP connections to the source and target computers
  147. // first, connect to the source computer
  148. WCHAR logFile[LEN_Path];
  150. if ( MoverTraceLogging(logFile) )
  151. {
  152. err.LogOpen(logFile,1);
  153. }
  154. err.DbgMsgWrite(0,L"\n\nMoveObject::Connect(%ls,%ls)",m_sourceDSA,m_targetDSA);
  156. // m_srcLD = ldap_openW(m_sourceDSA, LDAP_PORT);
  157. //replace ldap_open(servername,..) with ldap_init and set LDAP_OPT_AREC_EXCLUSIVE
  158. //flag so that the following ldap calls (i.e. ldap_bind) will not need to
  159. //unnecessarily query for the domain controller
  160. m_srcLD = ldap_initW(m_sourceDSA, LDAP_PORT);
  162. if ( m_srcLD == NULL )
  163. {
  164. value = LdapGetLastError();
  165. if (value == LDAP_SUCCESS )
  166. {
  167. rc = ERROR_CONNECTION_REFUSED;
  168. }
  169. else
  170. {
  171. rc = LdapMapErrorToWin32(result);
  172. }
  173. errLogMain.SysMsgWrite(ErrE, rc, DCT_MSG_CONNECT_ERROR_SOURCE_SD, (WCHAR*)m_sourceDSA, rc);
  174. }
  176. if ( m_srcLD )
  177. {
  178. //set LDAP_OPT_AREC_EXCLUSIVE flag so that the following calls tp
  179. //ldap_open will not need to unnecessarily query for the domain controller
  180. flags = PtrToUlong(LDAP_OPT_ON);
  181. ldap_set_option(m_srcLD, LDAP_OPT_AREC_EXCLUSIVE, &flags);
  183. err.DbgMsgWrite(0,L"Setting source options");
  184. flags = 0;
  185. // set the delegation flag for the source handle
  186. result = ldap_get_option(m_srcLD, LDAP_OPT_SSPI_FLAGS,&flags);
  188. if ( result )
  189. {
  190. rc = LdapMapErrorToWin32(result);
  191. }
  192. else
  193. {
  194. flags |= ISC_REQ_DELEGATE;
  197. result = ldap_set_option(m_srcLD,LDAP_OPT_SSPI_FLAGS, &flags);
  198. if ( result )
  199. {
  200. rc = LdapMapErrorToWin32(result);
  201. }
  202. }
  203. }
  205. if ( ! rc )
  206. {
  207. err.DbgMsgWrite(0,L"Binding to source");
  208. // try to bind to the source LDAP server
  209. if( bUseSrcCred )
  210. {
  211. WCHAR szPassword[LEN_Password];
  213. DWORD dwPasswordError = RetrievePassword(srcCredPassword, szPassword, sizeof(szPassword) / sizeof(szPassword[0]));
  215. if (dwPasswordError == ERROR_SUCCESS)
  216. {
  217. srcCred.Password = szPassword;
  218. srcCred.PasswordLength = UStrLen(szPassword);
  220. result = ldap_bind_s(m_srcLD,NULL,(WCHAR*)&srcCred, LDAP_AUTH_SSPI);
  222. srcCred.Password = NULL;
  223. srcCred.PasswordLength = 0;
  225. SecureZeroMemory(szPassword, sizeof(szPassword));
  227. if (result)
  228. {
  229. rc = LdapMapErrorToWin32(result);
  230. }
  231. }
  232. }
  233. else
  234. {
  235. result = ldap_bind_s(m_srcLD,NULL,NULL, LDAP_AUTH_SSPI);
  237. if (result)
  238. {
  239. rc = LdapMapErrorToWin32(result);
  240. }
  241. }
  243. if (rc == ERROR_SUCCESS)
  244. {
  245. bSrcGood = TRUE;
  246. }
  247. }
  249. if ( ! rc )
  250. {
  251. err.DbgMsgWrite(0,L"Connecting to target");
  252. // now try to connect to the target server
  253. // m_tgtLD = ldap_openW(m_targetDSA, LDAP_PORT);
  254. //replace ldap_open(servername,..) with ldap_init and set LDAP_OPT_AREC_EXCLUSIVE
  255. //flag so that the following ldap calls (i.e. ldap_bind) will not need to
  256. //unnecessarily query for the domain controller
  257. m_tgtLD = ldap_initW(m_targetDSA, LDAP_PORT);
  259. if ( m_tgtLD == NULL )
  260. {
  261. value = LdapGetLastError();
  262. if (value == LDAP_SUCCESS )
  263. {
  264. rc = ERROR_CONNECTION_REFUSED;
  265. }
  266. else
  267. {
  268. rc = LdapMapErrorToWin32(result);
  269. }
  270. errLogMain.SysMsgWrite(ErrE, rc, DCT_MSG_CONNECT_ERROR_TARGET_SD, (WCHAR*)m_targetDSA, rc);
  271. }
  273. if ( m_tgtLD )
  274. {
  275. //set LDAP_OPT_AREC_EXCLUSIVE flag so that the following calls tp
  276. //ldap_open will not need to unnecessarily query for the domain controller
  277. flags = PtrToUlong(LDAP_OPT_ON);
  278. ldap_set_option(m_tgtLD, LDAP_OPT_AREC_EXCLUSIVE, &flags);
  280. err.DbgMsgWrite(0,L"Setting target options.");
  281. flags = 0;
  283. result = ldap_get_option(m_tgtLD,LDAP_OPT_REFERRALS,&flags);
  284. if ( result )
  285. {
  286. rc = LdapMapErrorToWin32(result);
  287. }
  288. else
  289. {
  290. flags = PtrToUlong(LDAP_OPT_OFF);
  291. result = ldap_set_option(m_tgtLD,LDAP_OPT_REFERRALS,&flags);
  293. if ( result )
  294. {
  295. rc = LdapMapErrorToWin32(result);
  296. }
  297. }
  298. if ( ! rc )
  299. {
  300. err.DbgMsgWrite(0,L"Binding to target.");
  301. if ( bUseTgtCred )
  302. {
  303. WCHAR szPassword[LEN_Password];
  305. DWORD dwPasswordError = RetrievePassword(tgtCredPassword, szPassword, sizeof(szPassword) / sizeof(szPassword[0]));
  307. if (dwPasswordError == ERROR_SUCCESS)
  308. {
  309. srcCred.Password = szPassword;
  310. srcCred.PasswordLength = UStrLen(szPassword);
  312. result = ldap_bind_s(m_tgtLD,NULL,(PWCHAR)&tgtCred,LDAP_AUTH_SSPI);
  314. srcCred.Password = NULL;
  315. srcCred.PasswordLength = 0;
  317. SecureZeroMemory(szPassword, sizeof(szPassword));
  319. if (result)
  320. {
  321. rc = LdapMapErrorToWin32(result);
  322. }
  323. }
  324. }
  325. else
  326. {
  327. result = ldap_bind_s(m_tgtLD,NULL,NULL,LDAP_AUTH_SSPI);
  329. if (result)
  330. {
  331. rc = LdapMapErrorToWin32(result);
  332. }
  333. }
  335. if ( rc )
  336. {
  337. err.DbgMsgWrite(0,L"Bind to target failed,rc=%ld, ldapRC=0x%lx",rc,result);
  338. }
  339. else
  340. {
  341. err.DbgMsgWrite(0,L"Everything succeeded.");
  342. }
  343. }
  344. }
  346. }
  347. if ( bSrcGood )
  348. {
  349. rc = 0;
  350. }
  351. if ( rc )
  352. {
  353. // if failure, clean up any sessions we may have opened
  354. Close();
  355. }
  357. err.LogClose();
  359. if ( logFileMain && *logFileMain )
  360. {
  361. errLogMain.LogClose();
  362. }
  364. if ( SUCCEEDED(rc))
  365. return HRESULT_FROM_WIN32(rc);
  366. else
  367. return rc;
  368. }
  370. STDMETHODIMP CMover::Close()
  371. {
  372. // close any open connections
  373. if ( m_srcLD )
  374. {
  375. ldap_unbind_s(m_srcLD);
  376. m_srcLD = NULL;
  377. }
  379. if ( m_tgtLD )
  380. {
  381. ldap_unbind_s(m_tgtLD);
  382. m_tgtLD = NULL;
  383. }
  385. return S_OK;
  386. }
  388. char * MakeNarrowString(PWCHAR strInput)
  389. {
  390. char * strResult = NULL;
  391. ULONG len = 0;
  393. if ( strInput )
  394. {
  395. len = WideCharToMultiByte(CP_UTF8,
  396. 0,
  397. strInput,
  398. wcslen(strInput),
  399. NULL,
  400. 0,
  401. NULL,
  402. NULL);
  404. strResult = (PCHAR)malloc(len + 1);
  406. if ( strResult )
  407. {
  408. WideCharToMultiByte(CP_UTF8,
  409. 0,
  410. strInput,
  411. wcslen(strInput),
  412. strResult,
  413. len,
  414. NULL,
  415. NULL);
  416. // make sure the resulting string is null terminated
  417. strResult[len] = 0;
  418. }
  419. }
  421. return strResult;
  422. }
  424. void StripDN(WCHAR * str)
  425. {
  426. int curr=0,i=0;
  428. for ( curr=0,i=0; str[i] ; i++ )
  429. {
  430. if ( str[i] == L'\\' && str[i+1] == L'/' )
  431. {
  432. continue;
  433. }
  434. str[curr] = str[i];
  435. curr++;
  436. }
  437. str[curr] = 0;
  438. }
  440. STDMETHODIMP CMover::MoveObject(BSTR sourcePath, BSTR targetRDN, BSTR targetOUPath )
  441. {
  442. WCHAR sTargetContainer[LEN_Path];
  443. WCHAR sSourceDN[LEN_Path];
  444. WCHAR sTargetRDN[LEN_Path];
  445. WCHAR sTargetDSA[LEN_Path];
  446. char * pTgtDSA = NULL;
  447. WCHAR const * prefix = L"LDAP://";
  448. HRESULT hr = S_OK;
  449. WCHAR logFile[LEN_Path];
  452. // set up the arguments needed to call the interdomain move operation
  453. UStrCpy(sTargetDSA,m_targetDSA);
  454. pTgtDSA = MakeNarrowString(sTargetDSA);
  457. // the source path and target OuPath are provided in the LDAP:// format
  459. // get the target container, target DN, and source DN in canonical LDAP format
  461. if ( !UStrICmp(targetOUPath,prefix,UStrLen(prefix)) )
  462. {
  463. WCHAR * start = wcschr(targetOUPath+UStrLen(prefix) + 1,L'/');
  464. if ( start )
  465. {
  466. UStrCpy(sTargetContainer,start + 1);
  467. }
  468. else
  469. {
  470. // error!
  471. hr = E_INVALIDARG;
  472. }
  473. }
  474. else
  475. {
  476. // error!
  477. hr = E_INVALIDARG;
  478. }
  480. if ( !UStrICmp(sourcePath,prefix,UStrLen(prefix)) )
  481. {
  482. WCHAR * start = wcschr(sourcePath+UStrLen(prefix)+1,L'/');
  483. if ( start )
  484. {
  485. UStrCpy(sSourceDN,start+1);
  486. UStrCpy(sTargetRDN,start + 1);
  487. WCHAR * temp = wcschr(sTargetRDN,L',');
  488. if ( temp )
  489. {
  490. (*temp) = 0;
  491. }
  492. }
  493. else
  494. {
  495. // error!
  496. hr = E_INVALIDARG;
  497. }
  498. }
  499. else
  500. {
  501. // error!
  502. hr = E_INVALIDARG;
  503. }
  506. if ( MoverTraceLogging(logFile) )
  507. {
  508. err.LogOpen(logFile,1);
  509. }
  512. if (hr != S_OK)
  513. {
  514. err.DbgMsgWrite(0,L"Bad path parameter to MoveObject, hr=%ld",hr);
  515. err.LogClose();
  516. free(pTgtDSA);
  518. return hr;
  519. }
  521. StripDN(sSourceDN);
  522. StripDN(sTargetRDN);
  523. StripDN(sTargetContainer);
  525. berval Value;
  526. Value.bv_val = pTgtDSA;
  527. Value.bv_len = (pTgtDSA != NULL) ? strlen(pTgtDSA) : 0;
  529. LDAPControl ServerControl;
  530. LDAPControl * ServerControls[2];
  531. LDAPControl * ClientControls = NULL;
  533. ServerControl.ldctl_oid = LDAP_SERVER_CROSSDOM_MOVE_TARGET_OID_W;
  534. ServerControl.ldctl_value = Value;
  535. ServerControl.ldctl_iscritical = TRUE;
  537. ServerControls[0] = NULL;
  538. ServerControls[0] = &ServerControl;
  539. ServerControls[1] = NULL;
  541. /*
  542. DstDSA = dns name of dc
  543. Dn = distinguished name of object to be moved
  544. NewRdn = relative distinguished name of object
  545. NewParent = distinguished name of new parent container
  546. ServerControls= specify the LDAP operational control for cross domain move
  547. */
  548. DWORD ldaprc = ldap_rename_ext_s(m_srcLD,
  549. sSourceDN,
  550. targetRDN,
  551. sTargetContainer,
  552. TRUE,
  553. ServerControls,
  554. &ClientControls
  555. );
  557. DWORD winrc = 0;
  558. ULONG error;
  559. ULONG result;
  561. if ( ldaprc )
  562. {
  564. result = ldap_get_option(m_srcLD, LDAP_OPT_SERVER_EXT_ERROR,&error);
  565. if (! result )
  566. {
  567. winrc = error;
  568. }
  569. else
  570. {
  571. err.DbgMsgWrite(0,L"Failed to get extended error, result=%ld",result);
  572. winrc = LdapMapErrorToWin32(ldaprc);
  573. }
  575. }
  578. err.DbgMsgWrite(0,L"\nMoveObject(sSourceDN=%ls\n,sTargetRDN=%ls\n,sTargetContainer=%ls\n,pTargetDSA=%S) rc=%ld,ldapRC=%ld",
  579. sSourceDN,targetRDN,sTargetContainer,pTgtDSA,winrc,ldaprc);
  581. err.LogClose();
  583. free(pTgtDSA);
  585. if ( SUCCEEDED(winrc))
  586. return HRESULT_FROM_WIN32(winrc);
  587. else
  588. return winrc;
  589. }
  594. STDMETHODIMP CMover::CheckMove(BSTR sourcePath, BSTR targetRDN, BSTR targetOUPath )
  595. {
  596. WCHAR sTargetContainer[LEN_Path];
  597. WCHAR sSourceDN[LEN_Path];
  598. WCHAR sTargetRDN[LEN_Path];
  599. WCHAR sTargetDSA[LEN_Path];
  600. char * pTgtDSA = NULL;
  601. WCHAR const * prefix = L"LDAP://";
  602. HRESULT hr = S_OK;
  603. WCHAR logFile[LEN_Path];
  606. // set up the arguments needed to call the interdomain move operation
  607. UStrCpy(sTargetDSA,m_targetDSA);
  608. pTgtDSA = MakeNarrowString(sTargetDSA);
  611. // the source path and target OuPath are provided in the LDAP:// format
  613. // get the target container, target DN, and source DN in canonical LDAP format
  615. if ( !UStrICmp(targetOUPath,prefix,UStrLen(prefix)) )
  616. {
  617. WCHAR * start = wcschr(targetOUPath+UStrLen(prefix) + 1,L'/');
  618. if ( start )
  619. {
  620. UStrCpy(sTargetContainer,start + 1);
  621. }
  622. else
  623. {
  624. // error!
  625. hr = E_INVALIDARG;
  626. }
  627. }
  628. else
  629. {
  630. // error!
  631. hr = E_INVALIDARG;
  632. }
  634. if ( !UStrICmp(sourcePath,prefix,UStrLen(prefix)) )
  635. {
  636. WCHAR * start = wcschr(sourcePath+UStrLen(prefix)+1,L'/');
  637. if ( start )
  638. {
  639. UStrCpy(sSourceDN,start+1);
  640. UStrCpy(sTargetRDN,start + 1);
  641. WCHAR * temp = wcschr(sTargetRDN,L',');
  642. if ( temp )
  643. {
  644. (*temp) = 0;
  645. }
  646. }
  647. else
  648. {
  649. // error!
  650. hr = E_INVALIDARG;
  651. }
  652. }
  653. else
  654. {
  655. // error!
  656. hr = E_INVALIDARG;
  657. }
  659. if ( MoverTraceLogging(logFile) )
  660. {
  661. err.LogOpen(logFile,1);
  662. }
  664. if (hr != S_OK)
  665. {
  666. err.DbgMsgWrite(0,L"Bad path parameter to CheckMove, hr=%ld",hr);
  667. err.LogClose();
  668. free(pTgtDSA);
  670. return hr;
  671. }
  674. StripDN(sSourceDN);
  675. StripDN(sTargetRDN);
  676. StripDN(sTargetContainer);
  678. berval Value;
  679. // this call will just do the source domain checks, so pass in NULL for the target domain
  680. Value.bv_val = NULL;
  681. Value.bv_len = 0;
  683. LDAPControl ServerControl;
  684. LDAPControl * ServerControls[2];
  685. LDAPControl * ClientControls = NULL;
  687. ServerControl.ldctl_oid = LDAP_SERVER_CROSSDOM_MOVE_TARGET_OID_W;
  688. ServerControl.ldctl_value = Value;
  689. ServerControl.ldctl_iscritical = TRUE;
  691. ServerControls[0] = NULL;
  692. ServerControls[0] = &ServerControl;
  693. ServerControls[1] = NULL;
  695. /*
  696. DstDSA = dns name of dc
  697. Dn = distinguished name of object to be moved
  698. NewRdn = relative distinguished name of object
  699. NewParent = distinguished name of new parent container
  700. ServerControls= specify the LDAP operational control for cross domain move
  701. */
  702. DWORD ldaprc = ldap_rename_ext_s(m_srcLD,
  703. sSourceDN,
  704. targetRDN,
  705. sTargetContainer,
  706. TRUE,
  707. ServerControls,
  708. &ClientControls
  709. );
  711. DWORD winrc = 0;
  712. ULONG error;
  713. ULONG result;
  715. if ( ldaprc )
  716. {
  717. result = ldap_get_option(m_srcLD, LDAP_OPT_SERVER_EXT_ERROR,&error);
  718. if (! result )
  719. {
  720. winrc = error;
  721. }
  722. else
  723. {
  724. err.DbgMsgWrite(0,L"Failed to get extended error, result=%ld",result);
  725. winrc = LdapMapErrorToWin32(ldaprc);
  726. }
  727. }
  729. err.DbgMsgWrite(0,L"\nMoveObject(sSourceDN=%ls\n,sTargetRDN=%ls\n,sTargetContainer=%ls\n,pTargetDSA=%S) rc=%ld,ldapRC=%ld,result=%ld",
  730. sSourceDN,targetRDN,sTargetContainer,pTgtDSA,winrc,ldaprc,result);
  732. err.LogClose();
  734. free(pTgtDSA);
  736. if ( SUCCEEDED(winrc))
  737. return HRESULT_FROM_WIN32(winrc);
  738. else
  739. return winrc;
  740. }