archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 827363a95b
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '827363a95b'
${ noResults }
windows-server-2003/net/ias/providers/ntuser/names/namemapper.cpp

305 lines
8.6 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. ///////////////////////////////////////////////////////////////////////////////
  2. //
  3. // Copyright (c) Microsoft Corp. All rights reserved.
  4. //
  5. // FILE
  6. //
  7. // namemapper.cpp
  8. //
  9. // SYNOPSIS
  10. //
  11. // This file defines the class NameMapper.
  12. //
  13. ///////////////////////////////////////////////////////////////////////////////
  14. #include "ias.h"
  15. #include "iaslsa.h"
  16. #include "samutil.h"
  17. #include "namemapper.h"
  18. #include "cracker.h"
  19. #include "identityhelper.h"
  20. #include "iastlutl.h"
  21. #include "ntdsapip.h"
  23. NameCracker NameMapper::cracker;
  24. IdentityHelper NameMapper::identityHelper;
  27. STDMETHODIMP NameMapper::Initialize() const throw()
  28. {
  29. DWORD error = IASLsaInitialize();
  30. if (error) { return HRESULT_FROM_WIN32(error); }
  32. return identityHelper.initialize();
  33. }
  36. STDMETHODIMP NameMapper::Shutdown() const throw()
  37. {
  38. IASLsaUninitialize();
  39. return S_OK;
  40. }
  43. IASREQUESTSTATUS NameMapper::onSyncRequest(IRequest* pRequest) throw ()
  44. {
  45. // This is function scope, so it can be freed in the catch block.
  46. PDS_NAME_RESULTW result = NULL;
  47. wchar_t identity[254];
  48. wchar_t* pIdentity = identity;
  49. HRESULT hr = S_OK;
  51. try
  52. {
  53. size_t identitySize = sizeof(identity);
  54. IASRequest request(pRequest);
  55. bool identityRetrieved = identityHelper.getIdentity(request,
  56. pIdentity,
  57. identitySize);
  59. if (!identityRetrieved)
  60. {
  61. // allocate a big enough buffer and use it
  62. pIdentity = new wchar_t[identitySize];
  63. identityRetrieved = identityHelper.getIdentity(request,
  64. pIdentity,
  65. identitySize);
  66. if (!identityRetrieved)
  67. {
  68. IASTraceString("Error: no user identity found");
  69. _com_issue_error(IAS_PROXY_MALFORMED_RESPONSE);
  70. }
  71. }
  73. // Allocate an attribute to hold the NT4 Account Name.
  74. IASAttribute nt4Name(true);
  75. nt4Name->dwId = IAS_ATTRIBUTE_NT4_ACCOUNT_NAME;
  77. DS_NAME_FORMAT formatOffered = DS_UNKNOWN_NAME;
  79. // If it already contains a backslash
  80. // then use as is.
  81. PWCHAR delim = wcschr(identity, L'\\');
  82. if (delim)
  83. {
  84. if (IASGetRole() == IAS_ROLE_STANDALONE ||
  85. IASGetProductType() == IAS_PRODUCT_WORKSTATION)
  86. {
  87. // Strip out the domain.
  88. *delim = L'\0';
  90. // Make sure this is a local user.
  91. if (!IASIsDomainLocal(identity))
  92. {
  93. IASTraceString("Non-local users are not allowed -- rejecting.");
  94. _com_issue_error(IAS_LOCAL_USERS_ONLY);
  95. }
  97. // Restore the delimiter.
  98. *delim = L'\\';
  99. }
  101. IASTraceString("Username is already an NT4 account name.");
  103. nt4Name.setString(identity);
  104. }
  105. else if (isCrackable(identity, formatOffered) &&
  106. (IASGetRole() != IAS_ROLE_STANDALONE))
  107. {
  108. // identity seems to be crackable and IAS is not a standalone machine.
  109. // (either a domain member or a domain controller)
  110. mapName(identity, nt4Name, formatOffered, 0);
  111. }
  112. else
  113. {
  114. // Assume no domain was specified and use the default domain
  115. IASTraceString("Prepending default domain.");
  116. nt4Name->Value.String.pszWide = prependDefaultDomain(identity);
  117. nt4Name->Value.String.pszAnsi = NULL;
  118. nt4Name->Value.itType = IASTYPE_STRING;
  119. }
  121. // Convert the domain name to uppercase.
  122. delim = wcschr(nt4Name->Value.String.pszWide, L'\\');
  123. *delim = L'\0';
  124. _wcsupr(nt4Name->Value.String.pszWide);
  125. *delim = L'\\';
  127. nt4Name.store(request);
  129. // For now, we'll use this as the FQDN as well.
  130. IASStoreFQUserName(
  131. request,
  132. DS_NT4_ACCOUNT_NAME,
  133. nt4Name->Value.String.pszWide
  134. );
  136. IASTracePrintf("SAM-Account-Name is \"%S\".",
  137. nt4Name->Value.String.pszWide);
  138. }
  139. catch (const _com_error& ce)
  140. {
  141. IASTraceExcept();
  142. hr = ce.Error();
  143. }
  145. if (pIdentity != identity)
  146. {
  147. delete[] pIdentity;
  148. }
  150. if (result)
  151. {
  152. cracker.freeNameResult(result);
  153. }
  155. if ( FAILED(hr) || ((hr != S_OK) && (hr < 0x0000ffff)) )
  156. {
  157. // IAS reason code: the reason code will be used
  158. // or error code: will map to internal error
  159. return IASProcessFailure(pRequest, hr);
  160. }
  161. else
  162. {
  163. // S_OK
  164. return IAS_REQUEST_STATUS_HANDLED;
  165. }
  166. }
  169. PWSTR NameMapper::prependDefaultDomain(PCWSTR username)
  170. {
  171. IASTraceString("NameMapper::prependDefaultDomain");
  173. _ASSERT(username != NULL);
  175. // Figure out how long everything is.
  176. PCWSTR domain = IASGetDefaultDomain();
  177. ULONG domainLen = wcslen(domain);
  178. ULONG usernameLen = wcslen(username) + 1;
  180. // Allocate the needed memory.
  181. ULONG needed = domainLen + usernameLen + 1;
  182. PWSTR retval = (PWSTR)CoTaskMemAlloc(needed * sizeof(WCHAR));
  183. if (!retval) { _com_issue_error(E_OUTOFMEMORY); }
  185. // Set up the cursor used for packing the strings.
  186. PWSTR dst = retval;
  188. // Copy in the domain name.
  189. memcpy(dst, domain, domainLen * sizeof(WCHAR));
  190. dst += domainLen;
  192. // Add the delimiter.
  193. *dst++ = L'\\';
  195. // Copy in the username.
  196. // Note: usernameLen includes the null-terminator.
  197. memcpy(dst, username, usernameLen * sizeof(WCHAR));
  199. return retval;
  200. }
  203. //////////
  204. // Determines whether an identity can be cracked through DsCrackNames and which
  205. // name format should be offered if it is crackable.
  206. //////////
  207. bool NameMapper::isCrackable(
  208. const wchar_t* szIdentity,
  209. DS_NAME_FORMAT& format
  210. ) const throw ()
  211. {
  212. format = DS_UNKNOWN_NAME;
  214. if (wcschr(szIdentity, L'@') != 0)
  215. {
  216. if (allowAltSecId)
  217. {
  218. format = static_cast<DS_NAME_FORMAT>(
  219. DS_USER_PRINCIPAL_NAME_AND_ALTSECID
  220. );
  221. }
  223. return true;
  224. }
  226. return (wcschr(szIdentity, L'=') != 0) || // DS_FQDN_1779_NAME
  227. (wcschr(szIdentity, L'/') != 0); // DS_CANONICAL_NAME
  228. }
  232. void NameMapper::mapName(
  233. const wchar_t* identity,
  234. IASAttribute& nt4Name,
  235. DS_NAME_FORMAT formatOffered,
  236. const wchar_t* suffix
  237. )
  238. {
  239. _ASSERT(identity != NULL);
  240. _ASSERT(nt4Name != NULL);
  241. _ASSERT(*nt4Name != NULL);
  243. PDS_NAME_RESULTW result = NULL;
  245. HRESULT hr = S_OK;
  247. do
  248. {
  249. // call cracker
  250. DWORD dwErr = cracker.crackNames(
  251. DS_NAME_FLAG_EVAL_AT_DC,
  252. formatOffered,
  253. DS_NT4_ACCOUNT_NAME,
  254. identity,
  255. suffix,
  256. &result
  257. );
  259. if (dwErr != NO_ERROR)
  260. {
  261. IASTraceFailure("DsCrackNames", dwErr);
  262. hr = IAS_GLOBAL_CATALOG_UNAVAILABLE;
  263. break;
  264. }
  266. if (result->rItems->status == DS_NAME_NO_ERROR)
  267. {
  268. IASTraceString("Successfully cracked username.");
  270. // DsCrackNames returned an NT4 Account Name, so use it.
  271. nt4Name.setString(result->rItems->pName);
  272. }
  273. else
  274. {
  275. // GC could not crack the name
  276. if (formatOffered != DS_SID_OR_SID_HISTORY_NAME)
  277. {
  278. // Not using SID: try to append the default domain to the identity
  279. IASTraceString("Global Catalog could not crack username; "
  280. "prepending default domain.");
  281. // If it can't be cracked we'll assume that it's a flat
  282. // username with some weird characters.
  283. nt4Name->Value.String.pszWide = prependDefaultDomain(identity);
  284. nt4Name->Value.String.pszAnsi = NULL;
  285. nt4Name->Value.itType = IASTYPE_STRING;
  287. }
  288. else
  289. {
  290. // using SID. nothing else can be done.
  291. IASTracePrintf("Global Catalog could not crack username. Error %x",
  292. result->rItems->status);
  293. hr = IAS_NO_SUCH_USER;
  294. }
  295. }
  296. }
  297. while(false);
  299. cracker.freeNameResult(result);
  301. if ( FAILED(hr) || ((hr != S_OK) && (hr < 0x0000ffff)))
  302. {
  303. _com_issue_error(hr);
  304. }
  305. }