archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 7b07a90fc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7b07a90fc1'
${ noResults }
windows-server-2003/admin/admt/workobj/exchange.cpp

344 lines
12 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. #include "stdafx.h"
  3. #include "exchange.hpp"
  5. #include "common.hpp"
  6. #include "err.hpp"
  7. #include "ErrDct.hpp"
  8. #include "UString.hpp"
  10. #include "sidcache.hpp"
  11. #include "sd.hpp"
  12. #include "SecObj.hpp"
  13. #include "exldap.h"
  15. #include "Mcs.h"
  16. #include "folders.h"
  17. #include "treg.hpp"
  19. using namespace nsFolders;
  21. extern TErrorDct err;
  23. #define NOT_PT_ERROR(x) ( PROP_TYPE(x.ulPropTag) != PT_ERROR )
  25. #define LDAP_PortNumber_DN_Part L"/cn=Protocols/cn=LDAP"
  26. #define ATT_OBJ_CLASS L"Obj-Class"
  27. #define ATT_DIST_NAME L"Obj-Dist-Name"
  28. #define ATT_LDAP_PORT L"Port-Number"
  29. #define LDAP_USE_SITE_VALUES L"Use-Site-Values"
  32. TGlobalDirectory::TGlobalDirectory()
  33. {
  34. m_stat = NULL;
  35. }
  37. TGlobalDirectory::~TGlobalDirectory()
  38. {
  39. }
  41. #define NDX_SID 3
  42. #define NDX_SD 4
  44. void
  45. TGlobalDirectory::GetSiteNameForServer(
  46. WCHAR const * server, // in - name of exchange server to use
  47. CLdapEnum * e, // in - LDAP connection to use for query
  48. WCHAR * siteName // out- distinguished name of exchange site for server
  49. )
  50. {
  51. WCHAR * atts[6] = { L"distinguishedName", L"rdn",NULL };
  52. WCHAR query[200];
  53. DWORD rc;
  54. WCHAR ** values = NULL;
  55. siteName[0] = 0;
  57. swprintf(query,L"(&(objectClass=computer)(rdn=%ls))",server);
  58. rc = e->Open(query,L"",2,100,3,atts);
  59. // there should be only one server with this name
  60. if (! rc )
  61. rc = e->Next(&values);
  62. if (! rc )
  63. {
  64. if ( !UStrICmp(values[1],server) )
  65. {
  66. WCHAR serverPrefix[LEN_Path];
  67. _snwprintf(serverPrefix,DIM(serverPrefix),L"cn=%ls,cn=Servers,cn=Configuration,",values[1]);
  68. serverPrefix[DIM(serverPrefix) - 1] = L'\0';
  69. if ( ! UStrICmp(values[0],serverPrefix,UStrLen(serverPrefix)) )
  70. {
  71. UStrCpy(siteName,values[0] + UStrLen(serverPrefix),LEN_Path);
  72. }
  73. else
  74. {
  75. err.MsgWrite(ErrE,DCT_MSG_GENERIC_S,values[0]);
  76. }
  77. }
  78. else
  79. {
  80. err.MsgWrite(ErrE,DCT_MSG_LDAP_CALL_FAILED_SD,server,ERROR_NOT_FOUND);
  81. }
  82. e->FreeData(values);
  83. }
  84. else
  85. {
  86. err.SysMsgWrite(ErrE,e->m_connection.LdapMapErrorToWin32(rc),DCT_MSG_LDAP_CALL_FAILED_SD,server,rc);
  87. }
  89. }
  92. BOOL
  93. TGlobalDirectory::DoLdapTranslation(
  94. WCHAR * server,
  95. WCHAR * domain,
  96. WCHAR * user,
  97. WCHAR * password,
  98. SecurityTranslatorArgs * args,
  99. WCHAR * basept,
  100. WCHAR * query
  101. )
  102. {
  103. CLdapEnum e;
  104. WCHAR * atts[6] = { L"distinguishedName", L"rdn", L"cn", L"Assoc-NT-Account",L"NT-Security-Descriptor",NULL };
  105. WCHAR ** values = NULL;
  106. DWORD ldapPort, sslPort;
  107. GetLDAPPort(&ldapPort, &sslPort);
  108. ULONG pageSize = 100;
  109. WCHAR basepoint[LEN_Path] = L"";
  111. e.m_connection.SetCredentials(domain,user,password);
  113. BOOL sslEnabled = FALSE;
  114. SetLastError(0);
  115. // try SSL port first
  116. DWORD rc = e.InitSSLConnection(server,&sslEnabled,sslPort);
  118. if (rc || sslEnabled == FALSE)
  119. {
  120. WCHAR* serverName = (server == NULL) ? L"" : server;
  121. if (rc == 0)
  122. err.MsgWrite(ErrW, DCT_MSG_CANNOT_ESTABLISH_SSL_CONNECTION_WITH_EXCHANGE_SERVER_WITHOUT_RC_SD, serverName, sslPort);
  123. else
  124. err.SysMsgWrite(ErrW, rc, DCT_MSG_CANNOT_ESTABLISH_SSL_CONNECTION_WITH_EXCHANGE_SERVER_WITH_RC_SDD, serverName, sslPort,rc);
  125. err.MsgWrite(ErrI, DCT_MSG_USE_REGULAR_PORT_DS, ldapPort, serverName);
  126. rc = e.InitConnection(server, ldapPort);
  127. }
  129. BOOL anychange = FALSE;
  130. BOOL verbose = args->LogVerbose();
  131. BOOL bUseMapFile = args->UsingMapFile();
  134. if (! rc )
  135. {
  136. if ( ! basept )
  137. {
  138. GetSiteNameForServer(server,&e,basepoint);
  139. }
  140. else
  141. {
  142. // use the user-specified basepoint
  143. safecopy(basepoint,basept);
  144. }
  145. if ( query )
  146. {
  147. rc = e.Open(query,basepoint,2,pageSize,5,atts);
  148. }
  149. else
  150. {
  151. rc = e.Open(L"(objectClass=*)",basepoint,2,pageSize,5,atts);
  152. }
  153. if ( ! rc )
  154. {
  155. do
  156. {
  157. rc = e.Next(&values);
  158. anychange = FALSE;
  159. if (! rc )
  160. {
  161. if ( args->Cache()->IsCancelled() )
  162. {
  163. err.MsgWrite(0,DCT_MSG_OPERATION_ABORTED);
  164. return FALSE;
  165. }
  166. if ( m_stat )
  167. {
  168. m_stat->DisplayPath(values[0]);
  169. m_stat->IncrementExamined(mailbox);
  170. }
  172. // update the Assoc-NT-Account, if any
  173. if ( values[NDX_SID] && *values[NDX_SID] )
  174. {
  175. // convert the SID to a binary value and look it up in the cache
  176. BYTE pSid[500];
  178. if ( e.m_connection.StringToBytes(values[NDX_SID],pSid) )
  179. {
  181. // check if the sid is one we need to change
  182. //TRACE (_T("DisplayName = %s "),pUserProperties[0].Value.lpszW);
  183. PSID newSid = 0;
  184. TAcctNode * node;
  186. if ( IsValidSid(pSid) )
  187. {
  188. if (!bUseMapFile)
  189. node = args->Cache()->Lookup(pSid);
  190. else
  191. node = args->Cache()->LookupWODomain(pSid);
  192. if ( m_stat )
  193. {
  194. m_stat->IncrementOwnerExamined();
  195. if ( verbose )
  196. err.MsgWrite(0,DCT_MSG_EXAMINED_S,values[0]);
  197. }
  198. if ( node == (TAcctNode*)-1 && m_stat )
  199. m_stat->IncrementOwnerNoTarget();
  201. if ( node && (node != (TAcctNode *)-1) && node->IsValidOnTgt() )
  202. {
  203. if (!bUseMapFile)
  204. newSid = args->Cache()->GetTgtSid(node);
  205. else
  206. newSid = args->Cache()->GetTgtSidWODomain(node);
  207. }
  208. else
  209. {
  210. newSid = NULL;
  211. m_stat->IncrementOwnerNoTarget();
  212. }
  213. }
  214. else
  215. {
  216. newSid = NULL;
  217. }
  218. if ( newSid )
  219. {
  220. //TRACE (_T("needs to be translated\n"));
  221. MCSASSERT ( IsValidSid(newSid) );
  222. WCHAR newSidStr[1000];
  224. if ( e.m_connection.BytesToString((BYTE*)newSid,newSidStr,GetLengthSid(newSid)) )
  225. {
  226. if ( !args->NoChange() )
  227. {
  228. rc = e.m_connection.UpdateSimpleStringValue(values[0],atts[NDX_SID],newSidStr);
  230. if ( rc )
  231. {
  232. err.SysMsgWrite(ErrE,rc,DCT_MSG_UPDATE_ACCOUNT_FAILED_D, rc);
  233. }
  234. else
  235. anychange = TRUE;
  236. }
  237. if ( anychange && m_stat )
  238. {
  239. m_stat->IncrementOwnerChange(node,mailbox,NULL);
  240. }
  242. }
  243. }
  244. }
  246. }
  248. // this variable determines whether we should continue mailbox translation
  249. DWORD dwContinueRC = ERROR_SUCCESS;
  251. // Update the NT-Security-Descriptor, if any
  252. // however, we do not try to roll back if anything wrong happens in this part
  253. if ( values[NDX_SD] && *values[NDX_SD] )
  254. {
  255. // convert the SID to a binary value and look it up in the cache
  256. BYTE * pSD = new BYTE[UStrLen(values[NDX_SD])];
  257. if (!pSD)
  258. dwContinueRC = ERROR_OUTOFMEMORY;
  260. if ( dwContinueRC == ERROR_SUCCESS && e.m_connection.StringToBytes(values[NDX_SD],pSD) )
  261. {
  262. TMapiSD tMailbox((SECURITY_DESCRIPTOR *)pSD);
  263. if ( tMailbox.HasSecurity() )
  264. {
  265. TSD * pSD = tMailbox.GetSecurity();
  267. bool changes = tMailbox.ResolveSDInternal(args->Cache(),m_stat,verbose,args->TranslationMode(),mailbox, bUseMapFile);
  269. if ( changes )
  270. {
  271. SECURITY_DESCRIPTOR * pRelSD = (SECURITY_DESCRIPTOR *)pSD->MakeRelSD();
  272. if (pRelSD == NULL)
  273. dwContinueRC = ERROR_OUTOFMEMORY;
  275. if ( dwContinueRC == ERROR_SUCCESS && ! args->NoChange() )
  276. {
  277. DWORD dwSDLength = GetSecurityDescriptorLength(pRelSD);
  279. WCHAR * pSDString = new WCHAR[1 + dwSDLength * 2];
  280. if (!pSDString)
  281. dwContinueRC = ERROR_OUTOFMEMORY;
  283. if ( dwContinueRC == ERROR_SUCCESS && e.m_connection.BytesToString((BYTE*)pRelSD,pSDString,dwSDLength) )
  284. {
  285. rc = e.m_connection.UpdateSimpleStringValue(values[0],atts[NDX_SD],pSDString);
  286. if ( rc )
  287. {
  288. err.SysMsgWrite(ErrE,rc,DCT_MSG_RECIP_SD_WRITE_FAILED_SD,values[0],rc);
  289. if ( rc == ERROR_INVALID_PARAMETER )
  290. {
  291. // this error occurs when the security descriptor is too large
  292. // don't abort in this case
  293. rc = 0;
  294. }
  295. }
  296. else
  297. anychange = TRUE;
  299. }
  300. delete [] pSDString;
  301. }
  303. if (pRelSD)
  304. free(pRelSD);
  305. }
  306. }
  307. }
  308. delete [] pSD;
  309. }
  311. if ( anychange && m_stat )
  312. {
  313. m_stat->IncrementChanged(mailbox);
  314. err.MsgWrite(0, DCT_MSG_MAILBOX_HAS_BEEN_UPDATED_S, values[0]);
  315. }
  317. if (dwContinueRC != ERROR_SUCCESS)
  318. {
  319. if (anychange)
  320. err.SysMsgWrite(ErrE,dwContinueRC,DCT_MSG_MAILBOX_TRANSLATION_ABORTED_WITH_UPDATE_SD,values[0],dwContinueRC);
  321. else
  322. err.SysMsgWrite(ErrE,dwContinueRC,DCT_MSG_MAILBOX_TRANSLATION_ABORTED_SD,values[0],dwContinueRC);
  323. e.FreeData(values);
  324. return FALSE;
  325. }
  327. e.FreeData(values);
  329. }
  331. } while ( ! rc );
  332. }
  333. if ( rc && (rc != LDAP_COMPARE_FALSE) && (rc != ERROR_NOT_FOUND) )
  334. {
  335. err.SysMsgWrite(ErrE,e.m_connection.LdapMapErrorToWin32(rc),DCT_MSG_LDAP_CALL_FAILED_SD,server,rc);
  336. }
  337. }
  338. else
  339. {
  340. err.SysMsgWrite(ErrE,rc,DCT_MSG_CANNOT_CONNECT_TO_EXCHANGE_SERVER_SSD,server,domain,user,rc);
  341. }
  343. return rc;
  344. }