archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 827363a95b
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '827363a95b'
${ noResults }
windows-server-2003/ds/security/tools/keytab2/keytab/ldlib/secprinc.c

308 lines
6.7 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /*++
  3. SECPRINC.C
  5. Code for setting security principal data in the DS--
  6. specifically, the UPN, SPN, and AltSecurityIdentity
  8. Copyright (C) 1998 Microsoft Corporation, all rights reserved.
  10. Created, Jun 18, 1998 by DavidCHR.
  12. CONTENTS: SetStringProperty
  13. FindUser
  14. SetUserData
  16. --*/
  18. #include "master.h"
  19. #include "keytab.h"
  21. #include <winldap.h>
  22. #include <malloc.h>
  23. #include "secprinc.h"
  24. #include "delegtools.h"
  26. extern BOOL /* delegation.c */
  27. LdapFindAttributeInMessageA( IN PLDAP pLdap,
  28. IN PLDAPMessage pMessage,
  29. IN LPSTR PropertyName,
  30. OUT OPTIONAL PULONG pcbData,
  31. OUT OPTIONAL PVOID *ppvData );
  33. /*****************************************************************
  34. NAME: ConnectToDsa
  36. connects to the DSA, binds, and searches for the base DN.
  38. TAKES: nothing
  39. RETURNS: TRUE ( and a pLdap and wide-string baseDn ) on success
  40. FALSE and a stderr message on failure.
  41. CALLED BY:
  42. FREE WITH: BaseDN should be freed with free(),
  43. the ldap handle should be closed with ldap_unbind.
  45. *****************************************************************/
  48. BOOL
  49. ConnectToDsa( OUT PLDAP *ppLdap,
  50. OUT LPSTR *BaseDN ) { // free with free()
  52. PLDAP pLdap;
  53. BOOL ret = FALSE;
  54. ULONG lderr;
  56. pLdap = ldap_open( NULL, LDAP_PORT );
  58. if ( pLdap ) {
  60. lderr = ldap_bind_s( pLdap, NULL, NULL, LDAP_AUTH_SSPI );
  62. if ( lderr == LDAP_SUCCESS ) {
  64. LPSTR Context = "defaultNamingContext";
  65. LPSTR Attributes[] = { Context, NULL };
  66. PLDAPMessage pMessage, pEntry;
  67. LPSTR *pValue;
  69. // now, guess the DSA Base:
  71. lderr = ldap_search_sA( pLdap,
  72. NULL,
  73. LDAP_SCOPE_BASE,
  74. "objectClass=*",
  75. Attributes,
  76. FALSE, // just return attributes
  77. &pMessage );
  79. if ( lderr == LDAP_SUCCESS ) {
  81. pEntry = ldap_first_entry( pLdap, pMessage );
  83. if ( pEntry ) {
  85. pValue = ldap_get_valuesA( pLdap, pEntry, Context );
  87. if ( pValue ) {
  89. ULONG size;
  91. size = ldap_count_valuesA( pValue );
  93. if ( 1 == size ) {
  95. LPSTR dn;
  96. size = ( lstrlenA( *pValue ) +1 /*null*/) * sizeof( WCHAR );
  98. dn = (LPSTR) malloc( size );
  100. if ( dn ) {
  102. memcpy( dn, *pValue, size );
  104. *BaseDN = dn;
  105. *ppLdap = pLdap;
  106. ret = TRUE;
  108. } else fprintf( stderr,
  109. "failed to malloc to duplicate \"%s\".\n",
  110. *pValue );
  112. } else fprintf( stderr,
  113. "too many values (expected one, got %ld) for"
  114. " %s.\n",
  115. size,
  116. Context );
  118. ldap_value_freeA( pValue );
  120. } else fprintf( stderr,
  121. "ldap_get_values failed: 0x%x.\n",
  122. GetLastError() );
  124. } else fprintf( stderr,
  125. "ldap_first_entry failed: 0x%x.\n",
  126. GetLastError() );
  128. ldap_msgfree( pMessage );
  130. } else fprintf( stderr,
  131. "ldap_search failed (0x%x). "
  132. "Couldn't search for base DN.\n",
  133. lderr );
  135. if ( !ret ) ldap_unbind_s( pLdap );
  137. } else fprintf( stderr,
  138. "Failed to bind to DSA: 0x%x.\n",
  139. lderr );
  141. // there is no ldap_disconnect.
  143. } else fprintf( stderr,
  144. "Failed to contact DSA: 0x%x.\n",
  145. GetLastError() );
  147. return ret;
  149. }
  151. /*++**************************************************************
  152. NAME: SetStringProperty
  154. sets the given property of the given object to the given string
  156. MODIFIES: object's property value
  158. TAKES: pLdap -- ldap connection handle
  159. Dn -- FQDN of the object whose property is munged
  160. PropertyName -- property to modify
  161. Property -- value to put in the property
  162. Operation -- set / add / delete, etc.
  165. RETURNS: TRUE when the function succeeds.
  166. FALSE otherwise.
  167. LASTERROR: set
  169. LOGGING: on failure
  170. CREATED: Jan 22, 1999
  171. LOCKING: none
  172. CALLED BY: anyone
  173. FREE WITH: n/a -- no resources are returned
  175. **************************************************************--*/
  177. BOOL
  178. SetStringProperty( IN PLDAP pLdap,
  179. IN LPSTR Dn,
  180. IN LPSTR PropertyName,
  181. IN LPSTR Property,
  182. IN ULONG Operation ) {
  184. LPSTR Vals[] = { Property, NULL };
  185. LDAPModA Mod = { Operation,
  186. PropertyName,
  187. Vals };
  188. PLDAPModA Mods[] = { &Mod, NULL };
  189. ULONG lderr;
  192. lderr = ldap_modify_sA( pLdap,
  193. Dn,
  194. Mods );
  196. if ( lderr == LDAP_SUCCESS ) {
  198. return TRUE;
  200. } else {
  202. fprintf( stderr,
  203. "Failed to set property \"%hs\" to \"%hs\" on Dn \"%hs\": "
  204. "0x%x.\n",
  206. PropertyName,
  207. Property,
  208. Dn,
  209. lderr );
  211. SetLastError( lderr );
  213. }
  215. return FALSE;
  217. }
  219. /*++**************************************************************
  220. NAME: FindUser
  222. searches the DS for the given user.
  224. MODIFIES: pDn -- returned DN for that user.
  225. puacflags -- receives the user's AccountControl flags
  227. TAKES: pLdap -- LDAP handle
  228. UserName -- user samaccountname for which to search
  230. RETURNS: TRUE when the function succeeds.
  231. FALSE otherwise.
  232. LASTERROR: not explicitly set
  233. LOGGING: on failure
  234. CREATED: Jan 22, 1999
  235. LOCKING: none
  236. CALLED BY: anyone
  237. FREE WITH: free the dn with ldap_memfree
  239. **************************************************************--*/
  241. BOOL
  242. FindUser( IN PLDAP pLdap,
  243. IN LPSTR UserName,
  244. OUT PULONG puacFlags,
  245. OUT LPSTR *pDn ) {
  247. LPSTR Query;
  248. BOOL ret = FALSE;
  249. LPSTR Attributes[] = { "userAccountControl",
  250. NULL }; // what attributes to fetch; none
  251. PLDAPMessage pMessage = NULL;
  252. LPSTR StringUac;
  254. Query = (LPSTR) malloc( lstrlenA( UserName ) + 100 ); // arbitrary
  256. if ( Query ) {
  258. wsprintfA( Query,
  259. "(& (objectClass=person) (samaccountname=%hs))",
  260. UserName );
  262. if( LdapSearchForUniqueDnA( pLdap,
  263. Query,
  264. Attributes,
  265. pDn,
  266. &pMessage ) ) {
  268. if ( LdapFindAttributeInMessageA( pLdap,
  269. pMessage,
  270. Attributes[ 0 ],
  271. NULL, // length doesn't matter
  272. &StringUac ) ) {
  274. *puacFlags = strtoul( StringUac,
  275. NULL,
  276. 0 );
  278. } else {
  280. /* Signal the caller that we don't know the uacflags. */
  281. *puacFlags = 0;
  283. }
  285. ret = TRUE;
  287. } else {
  289. fprintf( stderr,
  290. "Failed to locate user \"%hs\".\n",
  291. Query );
  293. }
  295. if ( pMessage ) ldap_msgfree( pMessage );
  296. free( Query );
  298. } else {
  300. fprintf( stderr,
  301. "allocation failed building query for LDAP search.\n" );
  303. }
  305. return ret;
  306. }