archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 827363a95b
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '827363a95b'
${ noResults }
windows-server-2003/ds/adsi/ldapc/ldpcache.cxx

776 lines
17 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. #include "ldapc.hxx"
  2. #pragma hdrstop
  4. ADS_LDP BindCache ;
  5. DWORD BindCacheCount = 0 ;
  6. CRITICAL_SECTION BindCacheCritSect ;
  7. LUID ReservedLuid = { 0, 0 } ;
  9. //
  10. // Wait for 1000ms * 60 * minutes
  11. //
  12. #define RETIRE_HANDLE (1000 * 60 * 5)
  13. //
  14. // Return the LUID for current credentials. Note we only use LUID. In theory
  15. // it may be better to use SourceName as well as identifier but the former
  16. // doesnt seem to always return the same string.
  17. //
  18. DWORD BindCacheGetLuid(LUID *Luid, LUID *ModifiedId)
  19. {
  20. HANDLE TokenHandle = NULL ;
  21. TOKEN_STATISTICS TokenInformation ;
  22. DWORD ReturnLength ;
  25. //
  26. // Try thread first. If fail, try process.
  27. //
  28. if (!OpenThreadToken(
  29. GetCurrentThread(),
  30. TOKEN_QUERY,
  31. TRUE,
  32. &TokenHandle)) {
  34. if (!OpenProcessToken(
  35. GetCurrentProcess(),
  36. TOKEN_QUERY,
  37. &TokenHandle)) {
  39. return(GetLastError()) ;
  40. }
  41. }
  43. //
  44. // Get the TokenSource info.
  45. //
  46. if (!GetTokenInformation(
  47. TokenHandle,
  48. TokenStatistics,
  49. &TokenInformation,
  50. sizeof(TokenInformation),
  51. &ReturnLength)) {
  53. CloseHandle(TokenHandle) ;
  54. return(GetLastError()) ;
  55. }
  57. *Luid = TokenInformation.AuthenticationId ;
  58. *ModifiedId = TokenInformation.ModifiedId;
  60. CloseHandle(TokenHandle) ;
  61. return(NO_ERROR) ;
  62. }
  64. //
  65. // Initializes a cache entry
  66. //
  67. DWORD BindCacheAllocEntry(ADS_LDP **ppCacheEntry)
  68. {
  70. ADS_LDP *pCacheEntry ;
  72. *ppCacheEntry = NULL ;
  74. if (!(pCacheEntry = (PADS_LDP)AllocADsMem(sizeof(ADS_LDP)))) {
  76. return(GetLastError()) ;
  77. }
  79. pCacheEntry->RefCount = 0;
  80. pCacheEntry->Flags = 0;
  81. pCacheEntry->List.Flink = NULL ;
  82. pCacheEntry->List.Blink = NULL ;
  84. pCacheEntry->ReferralEntries = NULL ;
  85. pCacheEntry->nReferralEntries = 0 ;
  86. pCacheEntry->fKeepAround = FALSE;
  88. *ppCacheEntry = pCacheEntry ;
  89. return NO_ERROR ;
  90. }
  92. //
  93. // Invalidates a cache entry so it will not be used.
  94. //
  95. VOID BindCacheInvalidateEntry(ADS_LDP *pCacheEntry)
  96. {
  97. pCacheEntry->Flags |= LDP_CACHE_INVALID ;
  98. }
  101. //
  102. // !!!WARNING!!! Make sure you hold the bindcache critsect
  103. // when calling this function.
  104. //
  105. VOID CommonRemoveEntry(ADS_LDP *pCacheEntry, LIST_ENTRY *DeleteReferralList)
  106. {
  108. for (DWORD i=0; i < pCacheEntry->nReferralEntries; i++) {
  110. if (BindCacheDerefHelper( pCacheEntry->ReferralEntries[i], DeleteReferralList) == 0 ) {
  111. InsertTailList( DeleteReferralList, &(pCacheEntry->ReferralEntries[i])->ReferralList );
  112. }
  113. }
  116. //
  117. // Cleanup the entry
  118. //
  119. //
  121. --BindCacheCount ;
  123. (void) FreeADsMem(pCacheEntry->Server) ;
  124. pCacheEntry->Server = NULL ;
  126. delete pCacheEntry->pCredentials;
  127. pCacheEntry->pCredentials = NULL;
  129. if (pCacheEntry->ReferralEntries) {
  130. FreeADsMem(pCacheEntry->ReferralEntries);
  131. }
  133. RemoveEntryList(&pCacheEntry->List) ;
  135. return;
  136. }
  138. #if 0
  139. VOID BindCacheCleanTimedOutEntries()
  140. {
  141. DWORD dwCurrTick = 0;
  142. DWORD dwLastTick = 0;
  143. BOOL fRemoved = FALSE;
  144. ADS_LDP *ldRemove = NULL;
  146. ENTER_BIND_CRITSECT();
  148. PADS_LDP pEntry = (PADS_LDP) BindCache.List.Flink ;
  150. //
  151. // Loop thru looking for match. A match is defined as:
  152. // servername & LUID matches, and it is NOT invalid.
  153. //
  154. while (pEntry != &BindCache) {
  156. //
  157. // See if this one is keepAround entry that is old
  158. //
  159. if (pEntry->RefCount == 0) {
  161. ADsAssert(pEntry->fKeepAround);
  163. //
  164. // GetCurrent tick and see if we need to del the entry
  165. //
  166. dwCurrTick = GetTickCount();
  167. dwLastTick = pEntry->dwLastUsed;
  169. if ((dwLastTick == 0)
  170. || ((dwLastTick <= dwCurrTick)
  171. && ((dwCurrTick - dwLastTick) > RETIRE_HANDLE))
  172. || ((dwLastTick > dwCurrTick)
  173. && ((dwCurrTick + (((DWORD)(-1)) - dwLastTick))
  174. > RETIRE_HANDLE)))
  175. {
  177. //
  178. // Entry needs to be removed.
  179. //
  180. CommonRemoveEntry(pEntry);
  181. fRemoved = TRUE;
  182. }
  183. } // refCount == 0
  185. if (fRemoved) {
  186. LdapUnbind(pEntry);
  187. ldRemove = pEntry;
  188. }
  190. pEntry = (PADS_LDP)pEntry->List.Flink ;
  192. if (ldRemove) {
  193. FreeADsMem(ldRemove);
  194. ldRemove = NULL;
  195. }
  196. }
  198. LEAVE_BIND_CRITSECT();
  199. return;
  200. }
  201. #endif
  203. //
  204. // Lookup an entry in the cache. Does not take into account timeouts.
  205. // Increments ref count if found.
  206. //
  207. PADS_LDP
  208. BindCacheLookup(
  209. LPWSTR Address,
  210. LUID Luid,
  211. LUID ModifiedId,
  212. CCredentials& Credentials,
  213. DWORD dwPort
  214. )
  215. {
  216. DWORD i ;
  217. BOOLEAN fLUIDMatch;
  219. ENTER_BIND_CRITSECT() ;
  221. PADS_LDP pEntry = (PADS_LDP) BindCache.List.Flink ;
  223. //
  224. // Loop thru looking for match. A match is defined as:
  225. // servername & LUID matches, and it is NOT invalid.
  226. //
  227. while (pEntry != &BindCache) {
  229. if ((pEntry->Server != NULL) &&
  230. !(pEntry->Flags & LDP_CACHE_INVALID) &&
  231. (_wcsicmp(pEntry->Server, Address) == 0) &&
  232. pEntry->PortNumber == dwPort) {
  235. //
  236. // If either credential (the cached one or the user-supplied
  237. // one) is default, we must test to make sure thread token
  238. // is identical before re-using
  239. //
  241. fLUIDMatch = FALSE;
  243. if (!AreCredentialsExplicit(pEntry->pCredentials) ||
  244. !AreCredentialsExplicit(&Credentials)) {
  246. if ((memcmp(&Luid,&(pEntry->Luid),sizeof(Luid))==0) &&
  247. ((memcmp(&ModifiedId, &(pEntry->ModifiedId), sizeof(Luid)) == 0) ||
  248. (memcmp(&ModifiedId, &ReservedLuid, sizeof(Luid)) == 0))) {
  250. // tokens match
  251. fLUIDMatch = TRUE;
  252. }
  253. }
  254. else {
  255. // both are explicit credentials --> skip the test
  256. fLUIDMatch = TRUE;
  257. }
  259. if (fLUIDMatch) {
  261. if ((*(pEntry->pCredentials) == Credentials) ||
  262. CanCredentialsBeReused(pEntry->pCredentials, &Credentials))
  263. {
  264. ++pEntry->RefCount ;
  266. LEAVE_BIND_CRITSECT() ;
  267. return(pEntry) ;
  268. }
  270. }
  271. }
  273. pEntry = (PADS_LDP)pEntry->List.Flink ;
  274. }
  276. LEAVE_BIND_CRITSECT() ;
  277. //
  278. // Before we leave clean out stale entries
  279. //
  280. //BindCacheCleanTimedOutEntries();
  282. return NULL ;
  283. }
  286. //
  287. // Checks if credentials are explicit (both username and password
  288. // are non-NULL)
  289. //
  290. BOOL
  291. AreCredentialsExplicit(
  292. CCredentials *pCredentials
  293. )
  294. {
  295. PWSTR pszUser = NULL;
  296. PWSTR pszPwd = NULL;
  297. HRESULT hr;
  298. BOOL rc = FALSE;
  300. hr = pCredentials->GetUserName(&pszUser);
  301. BAIL_ON_FAILURE(hr);
  303. hr = pCredentials->GetPassword(&pszPwd);
  304. BAIL_ON_FAILURE(hr);
  306. if (pszPwd && (pszPwd[0] != L'\0') && pszUser && (pszUser[0] != L'\0')) {
  307. rc = TRUE;
  308. }
  310. error:
  312. if (pszUser)
  313. {
  314. FreeADsStr(pszUser);
  315. }
  317. if (pszPwd)
  318. {
  319. SecureZeroMemory(pszPwd, wcslen(pszPwd)*sizeof(WCHAR));
  320. FreeADsStr(pszPwd);
  321. }
  323. return rc;
  324. }
  327. //
  328. // Check if credentials can be reused. They can be reused if username and
  329. // non-ignored auth flags match and incoming credentials thesame password.
  330. // Ignored auth flags are those defined by
  331. // BIND_CACHE_IGNORED_FLAGS as not to be used in considering whether to
  332. // reuse a connection.
  333. //
  335. BOOL
  336. CanCredentialsBeReused(
  337. CCredentials *pCachedCreds,
  338. CCredentials *pIncomingCreds
  339. )
  340. {
  341. PWSTR pszIncomingUser = NULL;
  342. PWSTR pszIncomingPwd = NULL;
  343. PWSTR pszCachedUser = NULL;
  344. PWSTR pszCachedPwd = NULL;
  345. HRESULT hr;
  346. BOOL rc = FALSE;
  348. //
  349. // Test that the non-ignored auth flags match.
  350. // We need to be smart and reuse the credentials based on the flags.
  351. //
  352. if ( (~BIND_CACHE_IGNORED_FLAGS & pCachedCreds->GetAuthFlags()) !=
  353. (~BIND_CACHE_IGNORED_FLAGS & pIncomingCreds->GetAuthFlags()))
  354. {
  355. return FALSE;
  356. }
  359. //
  360. // Get the user names
  361. //
  362. hr = pCachedCreds->GetUserName(&pszCachedUser);
  363. BAIL_ON_FAILURE(hr);
  365. hr = pIncomingCreds->GetUserName(&pszIncomingUser);
  366. BAIL_ON_FAILURE(hr);
  369. //
  370. // Get the password
  371. //
  372. hr = pIncomingCreds->GetPassword(&pszIncomingPwd);
  373. BAIL_ON_FAILURE(hr);
  375. hr = pCachedCreds->GetPassword(&pszCachedPwd);
  376. BAIL_ON_FAILURE(hr);
  378. //
  379. // Only when both username and password match, will we reuse the connection handle
  380. //
  382. if (((pszCachedUser && pszIncomingUser &&
  383. wcscmp(pszCachedUser, pszIncomingUser) == 0) ||
  384. (!pszCachedUser && !pszIncomingUser))
  385. &&
  386. ((pszCachedPwd && pszIncomingPwd &&
  387. wcscmp(pszCachedPwd, pszIncomingPwd) == 0) ||
  388. (!pszCachedPwd && !pszIncomingPwd)))
  389. {
  390. rc = TRUE;
  391. }
  393. error:
  394. if (pszCachedUser)
  395. {
  396. FreeADsStr(pszCachedUser);
  397. }
  398. if (pszIncomingUser)
  399. {
  400. FreeADsStr(pszIncomingUser);
  401. }
  402. if (pszCachedPwd)
  403. {
  404. SecureZeroMemory(pszCachedPwd, wcslen(pszCachedPwd)*sizeof(WCHAR));
  405. FreeADsStr(pszCachedPwd);
  406. }
  407. if (pszIncomingPwd)
  408. {
  409. SecureZeroMemory(pszIncomingPwd, wcslen(pszIncomingPwd)*sizeof(WCHAR));
  410. FreeADsStr(pszIncomingPwd);
  411. }
  413. return rc;
  414. }
  416. //
  417. // Lookup an entry in the cache based on the Ldap Handle
  418. // DOES NOT Increment ref count
  419. //
  420. PADS_LDP
  421. GetCacheEntry(PLDAP pLdap)
  422. {
  424. ENTER_BIND_CRITSECT() ;
  427. PADS_LDP pEntry = (PADS_LDP) BindCache.List.Flink ;
  429. //
  430. // Loop thru looking for match. A match is defined as:
  431. // servername & LUID matches, and it is NOT invalid.
  432. //
  433. while (pEntry != &BindCache) {
  435. if (pEntry->LdapHandle == pLdap) {
  437. LEAVE_BIND_CRITSECT() ;
  438. return(pEntry) ;
  439. }
  441. pEntry = (PADS_LDP)pEntry->List.Flink ;
  442. }
  444. LEAVE_BIND_CRITSECT() ;
  445. return NULL ;
  446. }
  450. //
  451. // Add entry to cache
  452. //
  453. DWORD
  454. BindCacheAdd(
  455. LPWSTR Address,
  456. LUID Luid,
  457. LUID ModifiedId,
  458. CCredentials& Credentials,
  459. DWORD dwPort,
  460. PADS_LDP pCacheEntry)
  461. {
  463. ENTER_BIND_CRITSECT() ;
  467. if (BindCacheCount > MAX_BIND_CACHE_SIZE) {
  469. //
  470. // If exceed limit, just dont put in cache. Since we leave the
  471. // RefCount & the Links unset, the deref will simply note that
  472. // this entry is not in cache and allow it to be freed.
  473. //
  474. // We limit cache so that if someone leaks handles we dont over
  475. // time end up traversing this huge linked list.
  476. //
  477. LEAVE_BIND_CRITSECT() ;
  478. return(NO_ERROR) ;
  479. }
  481. LPWSTR pServer = (LPWSTR) AllocADsMem(
  482. (wcslen(Address)+1)*sizeof(WCHAR)) ;
  484. if (!pServer) {
  486. LEAVE_BIND_CRITSECT() ;
  487. return(GetLastError()) ;
  488. }
  490. CCredentials * pCredentials = new CCredentials(Credentials);
  492. if (!pCredentials) {
  494. FreeADsMem(pServer);
  496. LEAVE_BIND_CRITSECT();
  497. return(GetLastError());
  498. }
  502. //
  503. // setup the data
  504. //
  505. wcscpy(pServer,Address) ;
  509. pCacheEntry->pCredentials = pCredentials;
  510. pCacheEntry->PortNumber = dwPort;
  511. pCacheEntry->Server = pServer ;
  512. pCacheEntry->RefCount = 1 ;
  513. pCacheEntry->Luid = Luid ;
  514. pCacheEntry->ModifiedId = ModifiedId;
  518. //
  519. // insert into list
  520. //
  521. InsertHeadList(&BindCache.List, &pCacheEntry->List) ;
  522. ++BindCacheCount ;
  523. LEAVE_BIND_CRITSECT() ;
  525. return NO_ERROR ;
  526. }
  528. //
  529. // Bump up the reference count of the particular cache entry
  530. // Returns the final ref count or zero if not there.
  531. //
  532. BOOL BindCacheAddRef(ADS_LDP *pCacheEntry)
  533. {
  535. DWORD dwCount = 0;
  537. ENTER_BIND_CRITSECT() ;
  539. if ((pCacheEntry->List.Flink == NULL) &&
  540. (pCacheEntry->List.Blink == NULL) &&
  541. (pCacheEntry->RefCount == NULL)) {
  543. //
  544. // this is one of them entries that has no LUID.
  545. // ie. it never got into the cache.
  546. //
  547. LEAVE_BIND_CRITSECT() ;
  548. return(0) ;
  549. }
  551. ADsAssert(pCacheEntry->List.Flink) ;
  552. ADsAssert(pCacheEntry->RefCount > 0) ;
  554. pCacheEntry->RefCount++ ;
  556. //
  557. // Save info onto stack variable as we are going
  558. // to leave the critsect before we exit.
  559. //
  560. dwCount = pCacheEntry->RefCount;
  562. LEAVE_BIND_CRITSECT() ;
  564. return(dwCount) ;
  565. }
  567. //
  568. // Adds a referral entry of pNewEntry to pPrimaryEntry. Increments the reference
  569. // count of pPrimaryEntry if succesful.
  570. //
  572. BOOL
  573. AddReferralLink(
  574. PADS_LDP pPrimaryEntry,
  575. PADS_LDP pNewEntry
  576. )
  577. {
  578. ENTER_BIND_CRITSECT() ;
  580. if (!pPrimaryEntry) {
  581. goto error;
  582. }
  583. if (!pPrimaryEntry->ReferralEntries) {
  584. pPrimaryEntry->ReferralEntries = (PADS_LDP *) AllocADsMem(
  585. sizeof(PADS_LDP) * MAX_REFERRAL_ENTRIES);
  587. if (!pPrimaryEntry->ReferralEntries) {
  588. goto error;
  589. }
  590. pPrimaryEntry->nReferralEntries = 0;
  591. }
  593. if (pPrimaryEntry->nReferralEntries >= MAX_REFERRAL_ENTRIES) {
  594. //
  595. // We won't remember more than this
  596. //
  597. goto error;
  598. }
  600. pPrimaryEntry->ReferralEntries[pPrimaryEntry->nReferralEntries] = pNewEntry;
  602. if (!BindCacheAddRef(pNewEntry)) {
  603. goto error;
  604. }
  606. pPrimaryEntry->nReferralEntries++;
  607. LEAVE_BIND_CRITSECT() ;
  608. return TRUE;
  610. error:
  611. LEAVE_BIND_CRITSECT();
  612. return FALSE;
  614. }
  616. DWORD BindCacheDeref(ADS_LDP *pCacheEntry)
  617. {
  619. DWORD dwCount = 0;
  620. LIST_ENTRY DeleteReferralList;
  621. PLIST_ENTRY pEntry;
  622. PADS_LDP EntryInfo;
  624. InitializeListHead(&DeleteReferralList);
  627. dwCount = BindCacheDerefHelper(pCacheEntry, &DeleteReferralList);
  630. // Delete the cached entries
  631. //
  633. while (!IsListEmpty (&DeleteReferralList)) {
  635. pEntry = RemoveHeadList (&DeleteReferralList);
  636. EntryInfo = CONTAINING_RECORD (pEntry, ADS_LDP, ReferralList);
  639. LdapUnbind(EntryInfo);
  641. FreeADsMem(EntryInfo);
  643. }
  645. return dwCount;
  647. }
  649. //
  650. // Dereference an entry in the cache. Removes if ref count is zero.
  651. // Returns the final ref count or zero if not there. If zero, caller
  652. // should close the handle.
  653. //
  654. DWORD BindCacheDerefHelper(ADS_LDP *pCacheEntry, LIST_ENTRY * DeleteReferralList)
  655. {
  657. DWORD dwCount=0;
  659. ENTER_BIND_CRITSECT() ;
  661. if ((pCacheEntry->List.Flink == NULL) &&
  662. (pCacheEntry->List.Blink == NULL) &&
  663. (pCacheEntry->RefCount == NULL)) {
  665. //
  666. // this is one of them entries that has no LUID.
  667. // ie. it never got into the cache.
  668. //
  669. LEAVE_BIND_CRITSECT() ;
  670. return(0) ;
  671. }
  673. ADsAssert(pCacheEntry->List.Flink) ;
  674. ADsAssert(pCacheEntry->RefCount > 0) ;
  676. //
  677. // Dereference by one. If result is non zero, just return.
  678. //
  679. --pCacheEntry->RefCount ;
  681. if (pCacheEntry->RefCount) {
  683. //
  684. // Use a stack variable for this value as
  685. // we call return outside the critsect.
  686. //
  687. dwCount = pCacheEntry->RefCount;
  689. LEAVE_BIND_CRITSECT() ;
  691. return(dwCount);
  692. }
  694. //
  695. // Before clearing the entry away verify that
  696. // we do not need to KeepAround this one.
  697. //
  698. if (pCacheEntry->fKeepAround) {
  699. //
  700. // Set the timer on this entry and leave.
  701. //
  702. pCacheEntry->dwLastUsed = GetTickCount();
  703. LEAVE_BIND_CRITSECT() ;
  705. }
  706. else {
  708. //
  709. // Now that this entry is going away, deref all the referred entries.
  710. //
  711. CommonRemoveEntry(pCacheEntry, DeleteReferralList);
  712. LEAVE_BIND_CRITSECT() ;
  716. }
  719. //
  720. // Look for any other entries that need to be cleaned out
  721. //
  722. //BindCacheCleanTimedOutEntries();
  724. return 0 ;
  725. }
  728. VOID
  729. BindCacheInit(
  730. VOID
  731. )
  732. {
  733. InitializeListHead(&BindCache.List) ;
  734. }
  736. VOID
  737. BindCacheCleanup(
  738. VOID
  739. )
  740. {
  741. PADS_LDP pEntry = (PADS_LDP) BindCache.List.Flink ;
  743. while (pEntry != &BindCache) {
  745. PADS_LDP pNext = (PADS_LDP) pEntry->List.Flink;
  747. (void) FreeADsMem(pEntry->Server) ;
  749. pEntry->Server = NULL ;
  751. if (pEntry->ReferralEntries) {
  752. FreeADsMem(pEntry->ReferralEntries);
  753. }
  755. RemoveEntryList(&pEntry->List) ;
  757. pEntry = pNext;
  758. }
  760. }
  762. //
  763. // Mark handle so that we keep it even after the object count
  764. // has hit zero and remove only after a x mins of zero count.
  765. //
  766. HRESULT
  767. LdapcKeepHandleAround(ADS_LDP *ld)
  768. {
  770. ADsAssert(ld);
  772. ld->fKeepAround = TRUE;
  774. return S_OK;
  775. }