archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 7b07a90fc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7b07a90fc1'
${ noResults }
windows-server-2003/admin/dcpromo/exe/nondomainnc.cpp

470 lines
12 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. // Copyright (C) 2000 Microsoft Corporation
  2. //
  3. // Non-domain Naming Context checking code
  4. //
  5. // 13 July 2000 sburns, from code supplied by jeffparh
  9. #include "headers.hxx"
  10. #include "state.hpp"
  11. #include "resource.h"
  12. #include "NonDomainNc.hpp"
  16. #ifdef LOGGING_BUILD
  17. #define LOG_LDAP(msg, ldap) LOG(msg); LOG(String::format(L"LDAP error %1!ld!", (ldap)))
  18. #else
  19. #define LOG_LDAP(msg, ldap)
  20. #endif
  24. HRESULT
  25. LdapToHresult(int ldapError)
  26. {
  27. // CODEWORK: I'm told that ldap_get_option for LDAP_OPT_SERVER_ERROR or
  28. // LDAP_OPT_SERVER_EXT_ERROR (or perhaps LDAP_OPT_ERROR_STRING?) will give
  29. // an error result with "higher fidelity"
  31. return Win32ToHresult(::LdapMapErrorToWin32(ldapError));
  32. }
  36. // provided by jeffparh
  38. DWORD
  39. IsLastReplicaOfNC(
  40. IN LDAP * hld,
  41. IN LPWSTR pszConfigNC,
  42. IN LPWSTR pszNC,
  43. IN LPWSTR pszNtdsDsaDN,
  44. OUT BOOL * pfIsLastReplica
  45. )
  46. /*++
  48. Routine Description:
  50. Determine whether any DSAs other than that with DN pszNtdsDsaDN hold
  51. replicas of a particular NC.
  53. Arguments:
  55. hld (IN) - LDAP handle to execute search with.
  57. pszConfigNC (IN) - DN of the config NC. Used as a base for the search.
  59. pszNC (IN) - NC for which to check for other replicas.
  61. pszNtdsDsaDN (IN) - DN of the DSA object known to currently have a replica
  62. of the NC. We are specifically looking for replicas *other than* this
  63. one.
  65. pfIsLastReplica (OUT) - On successful return, TRUE iff no DSAs hold replicas
  66. of pszNC other than that with DN pszNtdsDsaDN.
  68. Return Values:
  70. Win error.
  72. --*/
  73. {
  74. LOG_FUNCTION2(IsLastReplicaOfNC, pszNC ? pszNC : L"(null)");
  75. ASSERT(hld);
  76. ASSERT(pszConfigNC);
  77. ASSERT(pszNC);
  78. ASSERT(pszNtdsDsaDN);
  79. ASSERT(pfIsLastReplica);
  81. if (
  82. !hld
  83. || !pszConfigNC
  84. || !pszNC
  85. || !pszNtdsDsaDN
  86. || !pfIsLastReplica)
  87. {
  88. return ERROR_INVALID_PARAMETER;
  89. }
  91. // Just checking for existence -- don't really want any attributes
  92. // returned.
  94. static LPWSTR rgpszDsaAttrsToRead[] = {
  95. L"__invalid_attribute_name__",
  96. NULL
  97. };
  99. // FUTURE-2002/03/22-BrettSh - NO_DOT_NET_BETA3_COMPAT_NEEDED - When
  100. // we don't need to be compat with Beta3, we can change this section:
  101. // (|(msDS-HasMasterNCs=%ls)(hasMasterNCs=%ls))
  102. // to:
  103. // (msDS-HasMasterNCs=%ls)
  104. static WCHAR szFilterFormat[]
  105. = L"(&(objectCategory=ntdsDsa)(|(msDS-HasMasterNCs=%ls)(hasMasterNCs=%ls))(!(distinguishedName=%ls)))";
  107. *pfIsLastReplica = TRUE;
  109. int ldStatus = 0;
  110. DWORD err = 0;
  111. LDAPMessage * pDsaResults = NULL;
  112. LDAPMessage * pDsaEntry = NULL;
  113. size_t cchFilter;
  114. PWSTR pszFilter;
  115. LDAP_TIMEVAL lTimeout = {3*60, 0}; // three minutes
  117. do
  118. {
  119. cchFilter = sizeof(szFilterFormat) / sizeof(*szFilterFormat)
  121. // ISSUE-2002/02/27-sburns if the swprintf below is replaced with
  122. // String::format, then these wcslen calls can be eliminated.
  124. + wcslen(pszNtdsDsaDN)
  125. + wcslen(pszNC)
  126. + wcslen(pszNC);
  128. pszFilter = (PWSTR) new BYTE[sizeof(WCHAR) * cchFilter];
  130. // ISSUE-2002/02/27-sburns should use strsafe function here, or
  131. // String::format
  133. swprintf(pszFilter, szFilterFormat, pszNC, pszNC, pszNtdsDsaDN);
  135. // Search config NC for any ntdsDsa object that hosts this NC other
  136. // than that with dn pszNtdsDsaDN. Note that we cap the search at one
  137. // returned object -- we're not really trying to enumerate, just
  138. // checking for existence.
  140. ldStatus = ldap_search_ext_sW(hld, pszConfigNC, LDAP_SCOPE_SUBTREE,
  141. pszFilter, rgpszDsaAttrsToRead, 0,
  142. NULL, NULL, &lTimeout, 1, &pDsaResults);
  143. if (pDsaResults)
  144. {
  145. // Ignore any error (such as LDAP_SIZELIMIT_EXCEEDED) when the
  146. // search returns results.
  148. ldStatus = 0;
  150. pDsaEntry = ldap_first_entry(hld, pDsaResults);
  152. *pfIsLastReplica = (NULL == pDsaEntry);
  153. } else if (ldStatus)
  154. {
  155. // Search failed and returned no results.
  157. LOG_LDAP(L"Config NC search failed", ldStatus);
  158. break;
  159. } else
  160. {
  161. // No error, no results. This shouldn't happen.
  163. LOG("ldap_search_ext_sW returned no results and no error!");
  164. ASSERT(false);
  165. }
  166. }
  167. while (0);
  169. if (NULL != pDsaResults) {
  170. ldap_msgfree(pDsaResults);
  171. }
  173. if (pszFilter)
  174. {
  175. delete[] pszFilter;
  176. }
  178. if (!err && ldStatus) {
  179. err = LdapMapErrorToWin32(ldStatus);
  180. }
  182. return err;
  183. }
  187. // S_OK if this machine (the localhost) is the last replica of at least one
  188. // non-domain NC, S_FALSE if not, or error otherwise. If S_OK, then the
  189. // StringList will contain the DNs of the non domain NCs for which this
  190. // machine is the last replica.
  191. //
  192. // based on code from jeffparh
  193. //
  194. // hld (IN) - LDAP handle bound to DSA to evaluate.
  195. //
  196. // result (OUT) - string list to receive DNs of the non-domain NCs.
  198. HRESULT
  199. IsLastNdncReplica(LDAP* hld, StringList& result)
  200. {
  201. LOG_FUNCTION(IsLastNdncReplica);
  202. ASSERT(hld);
  203. ASSERT(result.empty());
  205. HRESULT hr = S_FALSE;
  206. LDAPMessage* rootResults = 0;
  207. PWSTR* configNc = 0;
  208. PWSTR* schemaNc = 0;
  209. PWSTR* domainNc = 0;
  210. PWSTR* masterNcs = 0;
  211. PWSTR* ntdsDsaDn = 0;
  213. do
  214. {
  215. // Gather basic rootDSE info.
  217. static PWSTR ROOT_ATTRS_TO_READ[] =
  218. {
  219. LDAP_OPATT_NAMING_CONTEXTS_W,
  220. LDAP_OPATT_DEFAULT_NAMING_CONTEXT_W,
  221. LDAP_OPATT_CONFIG_NAMING_CONTEXT_W,
  222. LDAP_OPATT_SCHEMA_NAMING_CONTEXT_W,
  223. LDAP_OPATT_DS_SERVICE_NAME_W,
  224. 0
  225. };
  227. LOG(L"Calling ldap_search_s");
  229. int ldStatus =
  230. ldap_search_sW(
  231. hld,
  232. 0,
  233. LDAP_SCOPE_BASE,
  234. L"(objectClass=*)",
  235. ROOT_ATTRS_TO_READ,
  236. 0,
  237. &rootResults);
  238. if (ldStatus)
  239. {
  240. LOG_LDAP(L"RootDSE search failed", ldStatus);
  241. hr = LdapToHresult(ldStatus);
  242. break;
  243. }
  245. configNc = ldap_get_valuesW(hld, rootResults, LDAP_OPATT_CONFIG_NAMING_CONTEXT_W);
  246. schemaNc = ldap_get_valuesW(hld, rootResults, LDAP_OPATT_SCHEMA_NAMING_CONTEXT_W);
  247. domainNc = ldap_get_valuesW(hld, rootResults, LDAP_OPATT_DEFAULT_NAMING_CONTEXT_W);
  248. masterNcs = ldap_get_valuesW(hld, rootResults, LDAP_OPATT_NAMING_CONTEXTS_W);
  249. ntdsDsaDn = ldap_get_valuesW(hld, rootResults, LDAP_OPATT_DS_SERVICE_NAME_W);
  251. if (
  252. (0 == configNc)
  253. || (0 == schemaNc)
  254. || (0 == domainNc)
  255. || (0 == masterNcs)
  256. || (0 == ntdsDsaDn))
  257. {
  258. LOG(L"Can't find key rootDSE attributes!");
  260. hr = Win32ToHresult(ERROR_DS_UNAVAILABLE);
  261. break;
  262. }
  264. // There is only one value for each of these attributes...
  266. ASSERT(1 == ldap_count_valuesW(configNc));
  267. ASSERT(1 == ldap_count_valuesW(schemaNc));
  268. ASSERT(1 == ldap_count_valuesW(domainNc));
  269. ASSERT(1 == ldap_count_valuesW(ntdsDsaDn));
  271. DWORD masterNcCount = ldap_count_valuesW(masterNcs);
  273. LOG(String::format(L"masterNcCount = %1!d!", masterNcCount));
  275. // '3' => 1 nc for config, 1 nc for schema, 1 nc for this DC's own
  276. // domain.
  278. if (masterNcCount <= 3)
  279. {
  280. // DSA holds no master NCs other than config, schema, and its own
  281. // domain. Thus, it is not the last replica of any NDNC.
  283. LOG(L"This dsa holds no master NCs other than config, schema, and domain");
  285. ASSERT(3 == masterNcCount);
  286. ASSERT(0 == ldStatus);
  287. ASSERT(hr == S_FALSE);
  289. break;
  290. }
  292. // Loop through non-config/schema/domain NCs to determine those for
  293. // which the DSA is the last replica.
  295. for (int i = 0; 0 != masterNcs[i]; ++i)
  296. {
  297. PWSTR nc = masterNcs[i];
  299. LOG(L"Evaluating " + String(nc));
  301. ASSERT(nc);
  302. ASSERT(configNc);
  303. ASSERT(*configNc);
  304. ASSERT(schemaNc);
  305. ASSERT(*schemaNc);
  306. ASSERT(domainNc);
  307. ASSERT(*domainNc);
  309. if (
  311. // REVIEWED-2002/02/27-sburns we're properly checking these
  312. // strings for null in the for loop test and in a check above
  313. // (in addition to the ASSERTs)
  315. (0 != wcscmp(nc, *configNc))
  316. && (0 != wcscmp(nc, *schemaNc))
  317. && (0 != wcscmp(nc, *domainNc)))
  318. {
  319. // A non-config/schema/domain NC.
  321. LOG(L"Calling IsLastReplicaOfNC on " + String(nc));
  323. BOOL isLastReplica = FALSE;
  324. DWORD err =
  325. IsLastReplicaOfNC(
  326. hld,
  327. *configNc,
  328. nc,
  329. *ntdsDsaDn,
  330. &isLastReplica);
  331. if (err)
  332. {
  333. LOG(L"IsLastReplicaOfNC() failed");
  335. hr = Win32ToHresult(err);
  336. break;
  337. }
  339. if (isLastReplica)
  340. {
  341. // This DSA is indeed the last replica of this particular
  342. // NC. Return the DN of this NC to our caller.
  344. LOG(L"last replica of " + String(nc));
  346. result.push_back(nc);
  347. }
  348. else
  349. {
  350. LOG(L"not last replica of " + String(nc));
  351. }
  352. }
  353. }
  355. // If we broke out of the prior loop with an error, jump out to the
  356. // cleanup section.
  358. BREAK_ON_FAILED_HRESULT(hr);
  360. hr = result.size() > 0 ? S_OK : S_FALSE;
  361. }
  362. while (0);
  364. if (rootResults)
  365. {
  366. ldap_msgfree(rootResults);
  367. }
  369. if (0 != configNc)
  370. {
  371. ldap_value_freeW(configNc);
  372. }
  374. if (0 != schemaNc)
  375. {
  376. ldap_value_freeW(schemaNc);
  377. }
  379. if (0 != domainNc)
  380. {
  381. ldap_value_freeW(domainNc);
  382. }
  384. if (0 != masterNcs)
  385. {
  386. ldap_value_freeW(masterNcs);
  387. }
  389. if (0 != ntdsDsaDn)
  390. {
  391. ldap_value_freeW(ntdsDsaDn);
  392. }
  394. #ifdef LOGGING_BUILD
  395. LOG_HRESULT(hr);
  397. for (
  398. StringList::iterator i = result.begin();
  399. i != result.end();
  400. ++i)
  401. {
  402. LOG(*i);
  403. }
  404. #endif
  406. return hr;
  407. }
  411. // S_OK if this machine (the localhost) is the last replica of at least one
  412. // non-domain NC, S_FALSE if not, or error otherwise.
  413. //
  414. // result - If S_OK is returned, receives the DNs of the non domain NCs for
  415. // which this machine is the last replica. Should be empty on entry.
  417. HRESULT
  418. IsLastNonDomainNamingContextReplica(StringList& result)
  419. {
  420. LOG_FUNCTION(IsLastNonDomainNamingContextReplica);
  421. ASSERT(result.empty());
  423. result.clear();
  425. HRESULT hr = S_FALSE;
  426. LDAP* hld = 0;
  428. do
  429. {
  430. // Connect to target DSA.
  432. LOG(L"Calling ldap_open");
  434. hld = ldap_openW(L"localhost", LDAP_PORT);
  435. if (!hld)
  436. {
  437. LOG("Cannot open LDAP connection to localhost");
  438. hr = Win32ToHresult(ERROR_DS_UNAVAILABLE);
  439. break;
  440. }
  442. // Bind using logged-in user's credentials.
  444. int ldStatus = ldap_bind_s(hld, 0, 0, LDAP_AUTH_NEGOTIATE);
  445. if (ldStatus)
  446. {
  447. LOG_LDAP(L"LDAP bind failed", ldStatus);
  449. hr = LdapToHresult(ldStatus);
  450. break;
  451. }
  453. // go do the real work
  455. hr = IsLastNdncReplica(hld, result);
  456. }
  457. while (0);
  459. if (hld)
  460. {
  461. ldap_unbind(hld);
  462. }
  464. LOG_HRESULT(hr);
  466. return hr;
  467. }