archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 7b07a90fc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7b07a90fc1'
${ noResults }
windows-server-2003/ds/adsi/nds/cuar.cxx

602 lines
14 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. //---------------------------------------------------------------------------
  2. //
  3. // Microsoft Windows
  4. // Copyright (C) Microsoft Corporation, 1992 - 1995
  5. //
  6. // File: cuar.cxx
  7. //
  8. // Contents: Account Restrictions Propset for the User object
  9. //
  10. // History: 11-1-95 krishnag Created.
  11. // 8-5-96 ramv Modified to be consistent with spec
  12. //
  13. // PROPERTY_RW(AccountDisabled, boolean, 1) I
  14. // PROPERTY_RW(AccountExpirationDate, DATE, 2) I
  15. // PROPERTY_RW(GraceLoginsAllowed, long, 5) NI
  16. // PROPERTY_RW(GraceLoginsRemaining, long, 6) NI
  17. // PROPERTY_RW(IsAccountLocked, boolean, 7) I
  18. // PROPERTY_RW(IsAdmin, boolean, 8) I
  19. // PROPERTY_RW(LoginHours, VARIANT, 9) I
  20. // PROPERTY_RW(LoginWorkstations, VARIANT, 10) I
  21. // PROPERTY_RW(MaxLogins, long, 11) I
  22. // PROPERTY_RW(MaxStorage, long, 12) I
  23. // PROPERTY_RW(PasswordExpirationDate, DATE, 13) I
  24. // PROPERTY_RW(PasswordRequired, boolean, 14) I
  25. // PROPERTY_RW(RequireUniquePassword,boolean, 15) I
  26. //
  27. //
  28. //----------------------------------------------------------------------------
  29. #include "nds.hxx"
  30. #pragma hdrstop
  33. // Class CNDSUser
  35. STDMETHODIMP
  36. CNDSUser::get_AccountDisabled(THIS_ VARIANT_BOOL FAR* retval)
  37. {
  38. GET_PROPERTY_VARIANT_BOOL((IADsUser *)this, AccountDisabled);
  39. }
  41. STDMETHODIMP
  42. CNDSUser::put_AccountDisabled(THIS_ VARIANT_BOOL fAccountDisabled)
  43. {
  44. PUT_PROPERTY_VARIANT_BOOL((IADsUser *)this, AccountDisabled);
  45. }
  48. STDMETHODIMP
  49. CNDSUser::get_AccountExpirationDate(THIS_ DATE FAR* retval)
  50. {
  51. GET_PROPERTY_DATE((IADsUser *)this, AccountExpirationDate);
  52. }
  54. STDMETHODIMP
  55. CNDSUser::put_AccountExpirationDate(THIS_ DATE daAccountExpirationDate)
  56. {
  57. PUT_PROPERTY_DATE((IADsUser *)this, AccountExpirationDate);
  58. }
  60. STDMETHODIMP
  61. CNDSUser::get_GraceLoginsAllowed(THIS_ long FAR* retval)
  62. {
  63. GET_PROPERTY_LONG((IADsUser *)this, GraceLoginsAllowed);
  64. }
  67. STDMETHODIMP
  68. CNDSUser::put_GraceLoginsAllowed(THIS_ long lGraceLoginsAllowed)
  69. {
  70. PUT_PROPERTY_LONG((IADsUser *)this, GraceLoginsAllowed);
  71. }
  73. STDMETHODIMP
  74. CNDSUser::get_GraceLoginsRemaining(THIS_ long FAR* retval)
  75. {
  76. GET_PROPERTY_LONG((IADsUser *)this, GraceLoginsRemaining);
  77. }
  79. STDMETHODIMP
  80. CNDSUser::put_GraceLoginsRemaining(THIS_ long lGraceLoginsRemaining)
  81. {
  82. PUT_PROPERTY_LONG((IADsUser *)this, GraceLoginsRemaining);
  83. }
  85. STDMETHODIMP
  86. CNDSUser::get_IsAccountLocked(THIS_ VARIANT_BOOL FAR* retval)
  87. {
  88. HRESULT hr;
  89. hr = get_VARIANT_BOOL_Property(
  90. (IADs *)this,
  91. TEXT("Locked By Intruder"),
  92. retval
  93. );
  94. RRETURN_EXP_IF_ERR(hr);
  95. }
  97. STDMETHODIMP
  98. CNDSUser::put_IsAccountLocked(THIS_ VARIANT_BOOL fIsAccountLocked)
  99. {
  100. HRESULT hr;
  101. hr = put_VARIANT_BOOL_Property(
  102. (IADs *)this,
  103. TEXT("Locked By Intruder"),
  104. fIsAccountLocked
  105. );
  106. RRETURN_EXP_IF_ERR(hr);
  107. }
  109. STDMETHODIMP
  110. CNDSUser::get_LoginHours(THIS_ VARIANT FAR* retval)
  111. {
  112. GET_PROPERTY_VARIANT((IADsUser *)this,LoginHours);
  113. }
  115. STDMETHODIMP
  116. CNDSUser::put_LoginHours(THIS_ VARIANT vLoginHours)
  117. {
  118. PUT_PROPERTY_VARIANT((IADsUser *)this,LoginHours);
  119. }
  121. STDMETHODIMP
  122. CNDSUser::get_LoginWorkstations(THIS_ VARIANT FAR* retval)
  123. {
  124. GET_PROPERTY_VARIANT((IADsUser *)this,LoginWorkstations);
  125. }
  128. STDMETHODIMP
  129. CNDSUser::put_LoginWorkstations(THIS_ VARIANT vLoginWorkstations)
  130. {
  131. PUT_PROPERTY_VARIANT((IADsUser *)this,LoginWorkstations);
  132. }
  134. STDMETHODIMP
  135. CNDSUser::get_MaxLogins(THIS_ long FAR* retval)
  136. {
  137. GET_PROPERTY_LONG((IADsUser *)this, MaxLogins);
  138. }
  140. STDMETHODIMP
  141. CNDSUser::put_MaxLogins(THIS_ long lMaxLogins)
  142. {
  143. PUT_PROPERTY_LONG((IADsUser *)this, MaxLogins);
  144. }
  146. STDMETHODIMP
  147. CNDSUser::get_MaxStorage(THIS_ long FAR* retval)
  148. {
  149. GET_PROPERTY_LONG((IADsUser *)this, MaxStorage);
  150. }
  153. STDMETHODIMP
  154. CNDSUser::put_MaxStorage(THIS_ long lMaxStorage)
  155. {
  156. PUT_PROPERTY_LONG((IADsUser *)this, MaxStorage);
  157. }
  159. STDMETHODIMP
  160. CNDSUser::get_PasswordExpirationDate(THIS_ DATE FAR* retval)
  161. {
  162. GET_PROPERTY_DATE((IADsUser *)this, PasswordExpirationDate);
  163. }
  165. STDMETHODIMP
  166. CNDSUser::put_PasswordExpirationDate(THIS_ DATE daPasswordExpirationDate)
  167. {
  168. PUT_PROPERTY_DATE((IADsUser *)this, PasswordExpirationDate);
  169. }
  171. STDMETHODIMP
  172. CNDSUser::get_PasswordRequired(THIS_ VARIANT_BOOL FAR* retval)
  173. {
  174. GET_PROPERTY_VARIANT_BOOL((IADsUser *)this, PasswordRequired);
  175. }
  177. STDMETHODIMP
  178. CNDSUser::put_PasswordRequired(THIS_ VARIANT_BOOL fPasswordRequired)
  179. {
  180. PUT_PROPERTY_VARIANT_BOOL((IADsUser *)this, PasswordRequired);
  181. }
  183. STDMETHODIMP
  184. CNDSUser::get_PasswordMinimumLength(THIS_ LONG FAR* retval)
  185. {
  186. GET_PROPERTY_LONG((IADsUser *)this, PasswordMinimumLength);
  187. }
  189. STDMETHODIMP
  190. CNDSUser::put_PasswordMinimumLength(THIS_ LONG lPasswordMinimumLength)
  191. {
  192. PUT_PROPERTY_LONG((IADsUser *)this, PasswordMinimumLength);
  193. }
  195. STDMETHODIMP
  196. CNDSUser::get_RequireUniquePassword(THIS_ VARIANT_BOOL FAR* retval)
  197. {
  198. GET_PROPERTY_VARIANT_BOOL((IADsUser *)this, RequireUniquePassword);
  199. }
  201. STDMETHODIMP
  202. CNDSUser::put_RequireUniquePassword(THIS_ VARIANT_BOOL fRequireUniquePassword)
  203. {
  204. PUT_PROPERTY_VARIANT_BOOL((IADsUser *)this, RequireUniquePassword);
  205. }
  207. STDMETHODIMP
  208. CNDSUser::ChangePassword(
  209. THIS_ BSTR bstrOldPassword,
  210. BSTR bstrNewPassword
  211. )
  212. {
  213. HANDLE hObject = NULL;
  214. LPWSTR pszNDSPathName = NULL;
  215. DWORD dwStatus;
  216. HRESULT hr = S_OK;
  217. BSTR bstrADsPath = NULL;
  219. hr = _pADs->get_ADsPath(
  220. &bstrADsPath
  221. );
  222. BAIL_ON_FAILURE(hr);
  225. hr = BuildNDSPathFromADsPath(
  226. bstrADsPath,
  227. &pszNDSPathName
  228. );
  229. BAIL_ON_FAILURE(hr);
  231. dwStatus = ADsNwNdsOpenObject(
  232. pszNDSPathName,
  233. _Credentials,
  234. &hObject,
  235. NULL,
  236. NULL,
  237. NULL,
  238. NULL
  239. );
  241. CHECK_AND_SET_EXTENDED_ERROR(dwStatus, hr);
  243. dwStatus = NwNdsChangeUserPassword(
  244. hObject,
  245. bstrOldPassword,
  246. bstrNewPassword
  247. );
  249. CHECK_AND_SET_EXTENDED_ERROR(dwStatus, hr);
  250. error:
  252. if (hObject) {
  253. dwStatus = NwNdsCloseObject(hObject);
  254. }
  256. if (bstrADsPath) {
  257. ADsFreeString(bstrADsPath);
  258. }
  260. if (pszNDSPathName) {
  261. FreeADsStr(pszNDSPathName);
  262. }
  264. RRETURN_EXP_IF_ERR(hr);
  265. }
  268. HRESULT
  269. NWApiSetUserPassword(
  270. NWCONN_HANDLE hConn,
  271. DWORD dwUserObjID,
  272. LPWSTR pszUserName,
  273. LPWSTR pszPassword
  274. );
  276. HRESULT
  277. BuildUserNameFromADsPath(
  278. LPWSTR pszADsPath,
  279. LPWSTR szUserName
  280. );
  283. #define NW_MAX_PASSWORD_LEN 256
  286. STDMETHODIMP
  287. CNDSUser::SetPassword(THIS_ BSTR NewPassword)
  288. {
  289. HANDLE hObject = NULL;
  290. LPWSTR pszNDSPathName = NULL;
  291. DWORD dwStatus;
  292. HRESULT hr = S_OK;
  293. BSTR bstrADsPath = NULL;
  294. WCHAR szUserName[NDS_MAX_NAME_CHARS+1];
  295. WCHAR szPasswordCopy[NW_MAX_PASSWORD_LEN + 1];
  296. DWORD dwObjID;
  297. NWCONN_HANDLE hConn = NULL;
  299. if (wcslen(NewPassword) > NW_MAX_PASSWORD_LEN) {
  300. hr = E_INVALIDARG;
  301. BAIL_ON_FAILURE(hr);
  302. }
  304. wcscpy(szPasswordCopy, NewPassword);
  305. hr = ChangePassword(L"", szPasswordCopy);
  307. if (!FAILED(hr)) {
  308. SecureZeroMemory(szPasswordCopy, sizeof(szPasswordCopy));
  309. return hr;
  310. }
  312. hr = _pADs->get_ADsPath(
  313. &bstrADsPath
  314. );
  315. BAIL_ON_FAILURE(hr);
  318. hr = BuildNDSPathFromADsPath(
  319. bstrADsPath,
  320. &pszNDSPathName
  321. );
  322. BAIL_ON_FAILURE(hr);
  324. hr = BuildUserNameFromADsPath(
  325. bstrADsPath,
  326. szUserName
  327. );
  328. BAIL_ON_FAILURE(hr);
  330. dwStatus = ADsNwNdsOpenObject(
  331. pszNDSPathName,
  332. _Credentials,
  333. &hObject,
  334. NULL,
  335. NULL,
  336. NULL,
  337. NULL
  338. );
  340. CHECK_AND_SET_EXTENDED_ERROR(dwStatus, hr);
  343. dwObjID = NwNdsGetObjectId(hObject);
  344. hConn = NwNdsObjectHandleToConnHandle(hObject);
  346. if (hConn == NULL) {
  347. hr = HRESULT_FROM_WIN32(GetLastError());
  348. BAIL_ON_FAILURE(hr);
  349. }
  351. hr = NWApiSetUserPassword(
  352. hConn,
  353. dwObjID,
  354. szUserName,
  355. szPasswordCopy
  356. );
  358. NwNdsConnHandleFree(hConn);
  361. error:
  363. SecureZeroMemory(szPasswordCopy, sizeof(szPasswordCopy));
  365. if (hObject) {
  366. dwStatus = NwNdsCloseObject(hObject);
  367. }
  369. if (bstrADsPath) {
  370. ADsFreeString(bstrADsPath);
  371. }
  373. if (pszNDSPathName) {
  374. FreeADsStr(pszNDSPathName);
  375. }
  377. RRETURN_EXP_IF_ERR(hr);
  378. }
  383. HRESULT
  384. NWApiSetUserPassword(
  385. NWCONN_HANDLE hConn,
  386. DWORD dwUserObjID,
  387. LPWSTR pszUserName,
  388. LPWSTR pszPassword
  389. )
  390. {
  391. CHAR szOemUserName[NDS_MAX_NAME_CHARS + 1];
  392. CHAR szOemPassword[NW_MAX_PASSWORD_LEN + 1];
  393. CHAR Buffer[128];
  394. DWORD rc, err = 0;
  395. HRESULT hr = S_OK;
  396. NTSTATUS NtStatus;
  397. UCHAR ChallengeKey[8];
  398. UCHAR ucMoreFlag;
  399. UCHAR ucPropFlag;
  401. if ( !pszUserName ||
  402. !pszPassword ) {
  404. hr = E_INVALIDARG ;
  405. BAIL_ON_FAILURE(hr);
  406. }
  408. //
  409. // Convert UNICODE into OEM representation required by NW APIs.
  410. //
  412. rc = WideCharToMultiByte(
  413. CP_OEMCP,
  414. 0,
  415. pszUserName,
  416. -1,
  417. szOemUserName,
  418. sizeof(szOemUserName),
  419. NULL,
  420. NULL) ;
  422. if (rc == 0) {
  424. err = GetLastError() ;
  425. hr = HRESULT_FROM_WIN32(err);
  426. BAIL_ON_FAILURE(hr);
  428. }
  430. _wcsupr(pszPassword) ;
  431. rc = WideCharToMultiByte(
  432. CP_OEMCP,
  433. 0,
  434. pszPassword,
  435. -1,
  436. szOemPassword,
  437. sizeof(szOemPassword),
  438. NULL,
  439. NULL) ;
  441. if (rc == 0) {
  443. err = GetLastError() ;
  444. hr = HRESULT_FROM_WIN32(err);
  445. BAIL_ON_FAILURE(hr);
  447. }
  450. //
  451. // Get challenge key.
  452. //
  454. NtStatus = NWPGetChallengeKey(
  455. hConn,
  456. ChallengeKey
  457. );
  459. if (!NT_SUCCESS(NtStatus)) {
  461. err = ERROR_UNEXP_NET_ERR ;
  462. }
  465. if (!err) {
  467. //
  468. // The old password and object ID make up the 17-byte Vold. This is used
  469. // later to form the 17-byte Vc for changing password on the server.
  470. //
  472. UCHAR ValidationKey[8];
  473. UCHAR NewKeyedPassword[17];
  475. EncryptChangePassword(
  476. (PUCHAR) "",
  477. (PUCHAR) szOemPassword,
  478. dwUserObjID,
  479. ChallengeKey,
  480. ValidationKey,
  481. NewKeyedPassword
  482. );
  484. NtStatus = NWPChangeObjectPasswordEncrypted(
  485. hConn,
  486. szOemUserName,
  487. OT_USER,
  488. ValidationKey,
  489. NewKeyedPassword
  490. );
  492. if (!NT_SUCCESS(NtStatus)) {
  494. err = ERROR_NOT_SUPPORTED;
  495. }
  497. SecureZeroMemory(ValidationKey, sizeof(ValidationKey));
  498. SecureZeroMemory(NewKeyedPassword, sizeof(NewKeyedPassword));
  500. }
  502. //
  503. // Return.
  504. //
  506. hr = HRESULT_FROM_WIN32(err);
  509. error:
  510. SecureZeroMemory(szOemPassword, sizeof(szOemPassword));
  511. RRETURN(hr);
  512. }
  515. //+---------------------------------------------------------------------------
  516. // Function: Extract user name from ADs path
  517. //
  518. // Synopsis: This call attempts to extract a username from a NDS style
  519. // ADs path. The last component is assumed to be the username.
  520. //
  521. // Arguments: [LPTSTR szBuffer]
  522. // [LPVOID *ppObject]
  523. //
  524. // Returns: HRESULT
  525. //
  526. // Modifies: -
  527. //
  528. // History: 11-3-95 krishnag Created.
  529. //
  530. //----------------------------------------------------------------------------
  531. HRESULT
  532. BuildUserNameFromADsPath(
  533. LPWSTR pszADsPath,
  534. LPWSTR szUserName
  535. )
  536. {
  537. OBJECTINFO ObjectInfo;
  538. POBJECTINFO pObjectInfo = &ObjectInfo;
  540. LPWSTR pszSrcComp = NULL;
  541. LPWSTR pszSrcValue = NULL;
  543. DWORD dwNumComponents = 0;
  545. HRESULT hr = S_OK;
  547. CLexer Lexer(pszADsPath);
  549. memset(pObjectInfo, 0, sizeof(OBJECTINFO));
  551. hr = ADsObject(&Lexer, pObjectInfo);
  552. BAIL_ON_FAILURE(hr);
  554. dwNumComponents = pObjectInfo->NumComponents ;
  556. if (dwNumComponents) {
  558. //
  559. // take the last value
  560. //
  561. pszSrcComp = pObjectInfo->ComponentArray[dwNumComponents-1].szComponent;
  562. pszSrcValue = pObjectInfo->ComponentArray[dwNumComponents-1].szValue;
  564. if (pszSrcComp && pszSrcValue) {
  566. //
  567. // You have a CN = "MyUserName"
  568. // Then copy the szValue as your UserName
  569. //
  571. wcscpy(szUserName, pszSrcValue);
  573. }
  574. else if (pszSrcComp) {
  576. //
  577. // Simply MyUserName. For example: path
  578. // is "NDS://marsdev/mars/dev/MyUserName)"
  579. //
  581. wcscpy(szUserName, pszSrcComp);
  583. }
  584. }
  587. error:
  589. //
  590. // Clean up the parser object
  591. //
  593. FreeObjectInfo(pObjectInfo);
  595. RRETURN(hr);
  596. }