archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3 Commits
1 Branch
0 Tags
4.9 GiB
Tree: 827363a95b
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '827363a95b'
${ noResults }
windows-server-2003/net/ias/providers/ntuser/ldap/ntdomain.cpp

368 lines
8.5 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. ///////////////////////////////////////////////////////////////////////////////
  2. //
  3. // FILE
  4. //
  5. // ntdomain.cpp
  6. //
  7. // SYNOPSIS
  8. //
  9. // Defines the clas NTDomain.
  10. //
  11. // MODIFICATION HISTORY
  12. //
  13. // 05/07/1998 Original version.
  14. // 06/23/1998 Changes to DCLocator. Use ntldap constants.
  15. // 07/13/1998 Clean up header file dependencies.
  16. // 02/18/1999 Connect by DNS name not address.
  17. // 03/10/1999 Cache mixed-mode and native-mode connections.
  18. // 03/12/1999 Do not perform I/O from constructor.
  19. // 04/14/1999 Specify domain and server when opening a connection.
  20. // 09/14/1999 Always specify timeout for LDAP searches.
  21. //
  22. ///////////////////////////////////////////////////////////////////////////////
  24. #include <ias.h>
  25. #include <iasutil.h>
  26. #include <iaslsa.h>
  27. #include <iasntds.h>
  29. #include <lm.h>
  31. #include <ldapcxn.h>
  32. #include <limits.h>
  33. #include <ntdomain.h>
  35. //////////
  36. // Attributes of interest.
  37. //////////
  38. const WCHAR NT_MIXED_DOMAIN[] = L"nTMixedDomain";
  40. //////////
  41. // Default search filter.
  42. //////////
  43. const WCHAR ANY_OBJECT[] = L"(objectclass=*)";
  45. //////////
  46. // Domain attributes that we need.
  47. //////////
  48. const PCWSTR DOMAIN_ATTRS[] = {
  49. NT_MIXED_DOMAIN,
  50. NULL
  51. };
  53. //////////
  54. // Utility function for getting the current system time as a 64-bit integer.
  55. //////////
  56. inline DWORDLONG GetSystemTimeAsDWORDLONG() throw ()
  57. {
  58. ULARGE_INTEGER ft;
  59. GetSystemTimeAsFileTime((LPFILETIME)&ft);
  60. return ft.QuadPart;
  61. }
  63. //////////
  64. // Number of 100 nsec intervals in one second.
  65. //////////
  66. const DWORDLONG ONE_SECOND = 10000000ui64;
  68. //////////
  69. // Defaults for poll interval and retry interval.
  70. //////////
  71. DWORDLONG NTDomain::pollInterval = 60 * 60 * ONE_SECOND;
  72. DWORDLONG NTDomain::retryInterval = 1 * 60 * ONE_SECOND;
  74. inline NTDomain::NTDomain(PWSTR domainName)
  75. : refCount(1),
  76. name(domainName),
  77. mode(MODE_UNKNOWN),
  78. connection(NULL),
  79. status(NO_ERROR),
  80. expiry(0)
  81. { }
  83. inline NTDomain::~NTDomain()
  84. {
  85. if (connection) { connection->Release(); }
  86. delete[] name;
  87. }
  89. inline BOOL NTDomain::isExpired() throw ()
  90. {
  91. return GetSystemTimeAsDWORDLONG() >= expiry;
  92. }
  94. inline BOOL NTDomain::isConnected() throw ()
  95. {
  96. if (connection && connection->isDisabled())
  97. {
  98. closeConnection();
  99. }
  101. return connection != NULL;
  102. }
  104. void NTDomain::Release() throw ()
  105. {
  106. if (!InterlockedDecrement(&refCount))
  107. {
  108. delete this;
  109. }
  110. }
  112. DWORD NTDomain::getConnection(LDAPConnection** cxn) throw ()
  113. {
  114. Lock();
  116. // Is it time to try for a new connection ?
  117. if (!isConnected() && isExpired())
  118. {
  119. findServer();
  120. }
  122. // Return the current connection ...
  123. if (*cxn = connection) { (*cxn)->AddRef(); }
  125. // ... and status to the caller.
  126. DWORD retval = status;
  128. Unlock();
  130. return retval;
  131. }
  133. NTDomain::Mode NTDomain::getMode() throw ()
  134. {
  135. Lock();
  137. if (isExpired())
  138. {
  139. if (isConnected())
  140. {
  141. readDomainMode();
  142. }
  143. else
  144. {
  145. findServer();
  146. }
  147. }
  149. Mode retval = mode;
  151. Unlock();
  153. return retval;
  154. }
  156. NTDomain* NTDomain::createInstance(PCWSTR name) throw ()
  157. {
  158. // We copy the domain name here, so that we don't have to throw an
  159. // exception from the constructor.
  160. PWSTR nameCopy = ias_wcsdup(name);
  162. if (!nameCopy) { return NULL; }
  164. return new (std::nothrow) NTDomain(nameCopy);
  165. }
  167. void NTDomain::openConnection(
  168. PCWSTR domain,
  169. PCWSTR server
  170. ) throw ()
  171. {
  172. closeConnection();
  174. IASTracePrintf("Opening LDAP connection to %S.", server);
  176. status = LDAPConnection::createInstance(
  177. domain,
  178. server,
  179. &connection
  180. );
  181. if (status == ERROR_ACCESS_DENIED)
  182. {
  183. IASTraceString("Access denied -- purging Kerberos ticket cache.");
  185. IASPurgeTicketCache();
  187. IASTracePrintf("Retrying LDAP connection to %S.", server);
  189. status = LDAPConnection::createInstance(
  190. domain,
  191. server,
  192. &connection
  193. );
  194. }
  196. if (status == NO_ERROR) { readDomainMode(); }
  198. if (status == NO_ERROR)
  199. {
  200. IASTraceString("LDAP connect succeeded.");
  201. }
  202. else
  203. {
  204. IASTraceFailure("LDAP connect", status);
  205. }
  206. }
  208. void NTDomain::closeConnection() throw ()
  209. {
  210. if (connection)
  211. {
  212. connection->Release();
  213. connection = NULL;
  214. }
  215. expiry = 0;
  216. }
  218. void NTDomain::findServer() throw ()
  219. {
  220. // First try to get a DC from the cache.
  221. PDOMAIN_CONTROLLER_INFO dci1 = NULL;
  222. status = IASGetDcName(
  223. name,
  224. DS_DIRECTORY_SERVICE_PREFERRED,
  225. &dci1
  226. );
  227. if (status == NO_ERROR)
  228. {
  229. if (dci1->Flags & DS_DS_FLAG)
  230. {
  231. openConnection(
  232. dci1->DomainName,
  233. dci1->DomainControllerName + 2
  234. );
  235. }
  236. else
  237. {
  238. // No DS. We'll treat this as if IASGetDcName failed.
  239. NetApiBufferFree(dci1);
  240. dci1 = NULL;
  241. status = ERROR_DS_NOT_INSTALLED;
  242. }
  243. }
  245. // If the cached DC failed, try again with the force flag.
  246. if (status != NO_ERROR)
  247. {
  248. PDOMAIN_CONTROLLER_INFO dci2;
  249. DWORD err = IASGetDcName(
  250. name,
  251. DS_DIRECTORY_SERVICE_PREFERRED |
  252. DS_FORCE_REDISCOVERY,
  253. &dci2
  254. );
  255. if (err == NO_ERROR)
  256. {
  257. if (dci2->Flags & DS_DS_FLAG)
  258. {
  259. // Don't bother connecting unless this is a different DC than we
  260. // tried above.
  261. if (!dci1 ||
  262. wcscmp(
  263. dci1->DomainControllerName,
  264. dci2->DomainControllerName
  265. ))
  266. {
  267. openConnection(
  268. dci2->DomainName,
  269. dci2->DomainControllerName + 2
  270. );
  271. }
  272. }
  273. else
  274. {
  275. status = ERROR_DS_NOT_INSTALLED;
  276. }
  278. NetApiBufferFree(dci2);
  279. }
  280. else
  281. {
  282. status = err;
  283. }
  284. }
  286. NetApiBufferFree(dci1);
  288. /////////
  289. // Process the result of our 'find'.
  290. /////////
  292. if (status == ERROR_DS_NOT_INSTALLED)
  293. {
  294. mode = MODE_NT4;
  295. expiry = GetSystemTimeAsDWORDLONG() + pollInterval;
  296. }
  297. else if (status != NO_ERROR)
  298. {
  299. expiry = GetSystemTimeAsDWORDLONG() + retryInterval;
  300. }
  301. else if (mode == MODE_NATIVE)
  302. {
  303. expiry = _UI64_MAX;
  304. }
  305. else
  306. {
  307. // mode == MODE_MIXED
  308. expiry = GetSystemTimeAsDWORDLONG() + pollInterval;
  309. }
  310. }
  312. void NTDomain::readDomainMode() throw ()
  313. {
  314. LDAPMessage* res = NULL;
  315. ULONG ldapError = ldap_search_ext_sW(
  316. *connection,
  317. const_cast<PWCHAR>(connection->getBase()),
  318. LDAP_SCOPE_BASE,
  319. const_cast<PWCHAR>(ANY_OBJECT),
  320. const_cast<PWCHAR*>(DOMAIN_ATTRS),
  321. 0,
  322. NULL,
  323. NULL,
  324. &LDAPConnection::SEARCH_TIMEOUT,
  325. 0,
  326. &res
  327. );
  329. // We have to check two error codes.
  330. if (ldapError == LDAP_SUCCESS)
  331. {
  332. ldapError = res->lm_returncode;
  333. }
  335. if (ldapError == LDAP_SUCCESS)
  336. {
  337. PWCHAR* vals = ldap_get_valuesW(
  338. *connection,
  339. ldap_first_entry(*connection, res),
  340. const_cast<PWCHAR>(NT_MIXED_DOMAIN)
  341. );
  343. if (vals && *vals)
  344. {
  345. mode = wcstoul(*vals, NULL, 10) ? MODE_MIXED : MODE_NATIVE;
  346. }
  347. else
  348. {
  349. status = ERROR_ACCESS_DENIED;
  350. }
  352. ldap_value_freeW(vals);
  353. }
  354. else
  355. {
  356. status = LdapMapErrorToWin32(ldapError);
  357. connection->TraceFailure("ldap_get_valuesW",
  358. ldapError
  359. );
  360. }
  362. ldap_msgfree(res);
  364. if (status != NO_ERROR)
  365. {
  366. closeConnection();
  367. }
  368. }