archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3 Commits
1 Branch
0 Tags
4.9 GiB
Tree: 827363a95b
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '827363a95b'
${ noResults }
windows-server-2003/net/ias/providers/ntuser/peruser/rasuser.cpp

194 lines
5.0 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. ///////////////////////////////////////////////////////////////////////////////
  2. //
  3. // Copyright (c) Microsoft Corporation
  4. //
  5. // SYNOPSIS
  6. //
  7. // Defines the class RasUser.
  8. //
  9. ///////////////////////////////////////////////////////////////////////////////
  11. #include <ias.h>
  12. #include <iastlutl.h>
  14. #define IASSAMAPI
  16. #include <iaslsa.h>
  17. #include <iasntds.h>
  18. #include <iasparms.h>
  20. #include <sdoias.h>
  22. #include <rasuser.h>
  23. #include <userschema.h>
  25. //////////
  26. // Attributes that should be retrieved for each user.
  27. //////////
  28. const PCWSTR USER_PARMS[] =
  29. {
  30. L"userParameters",
  31. NULL
  32. };
  34. HRESULT RasUser::initialize() throw ()
  35. {
  36. //////////
  37. // Let's get everything that could fail out of the way first.
  38. //////////
  40. PIASATTRIBUTE attrs[3];
  41. DWORD error = IASAttributeAlloc(3, attrs);
  42. if (error) { return HRESULT_FROM_WIN32(error); }
  44. //////////
  45. // Initialize the dial-in bit attributes.
  46. //////////
  48. attrs[0]->dwId = IAS_ATTRIBUTE_ALLOW_DIALIN;
  49. attrs[0]->Value.itType = IASTYPE_BOOLEAN;
  50. attrs[0]->Value.Boolean = TRUE;
  51. attrs[1]->dwFlags = 0;
  52. allowAccess.attach(attrs[0], false);
  54. attrs[1]->dwId = IAS_ATTRIBUTE_ALLOW_DIALIN;
  55. attrs[1]->Value.itType = IASTYPE_BOOLEAN;
  56. attrs[1]->Value.Boolean = FALSE;
  57. attrs[1]->dwFlags = 0;
  58. denyAccess.attach(attrs[1], false);
  60. attrs[2]->dwId = RADIUS_ATTRIBUTE_SERVICE_TYPE;
  61. attrs[2]->Value.itType = IASTYPE_ENUM;
  62. attrs[2]->Value.Enumerator = 4;
  63. attrs[2]->dwFlags = IAS_INCLUDE_IN_ACCEPT;
  64. callbackFramed.attach(attrs[2], false);
  66. return S_OK;
  67. }
  69. void RasUser::finalize() throw ()
  70. {
  71. allowAccess.release();
  72. denyAccess.release();
  73. callbackFramed.release();
  74. }
  76. IASREQUESTSTATUS RasUser::processUser(
  77. IASRequest& request,
  78. PCWSTR domainName,
  79. PCWSTR username
  80. )
  81. {
  82. IASTraceString("Using downlevel dial-in parameters.");
  84. DWORD error;
  85. RAS_USER_0 ru0;
  87. // Try using LDAP first since it's fastest.
  88. IASNtdsResult result;
  89. error = IASNtdsQueryUserAttributes(
  90. domainName,
  91. username,
  92. LDAP_SCOPE_SUBTREE,
  93. const_cast<PWCHAR*>(USER_PARMS),
  94. &result
  95. );
  96. if (error == NO_ERROR)
  97. {
  98. // Retrieve the connection for this message.
  99. LDAP* ld = ldap_conn_from_msg(NULL, result.msg);
  101. LDAPMessage* entry = ldap_first_entry(ld, result.msg);
  102. if (entry)
  103. {
  104. // Store the user's DN.
  105. PWCHAR dn = ldap_get_dnW(ld, entry);
  106. IASStoreFQUserName(request, DS_FQDN_1779_NAME, dn);
  107. ldap_memfree(dn);
  109. // There is at most one attribute.
  110. PWCHAR *str = ldap_get_valuesW(
  111. ld,
  112. entry,
  113. const_cast<PWCHAR>(USER_PARMS[0])
  114. );
  116. // It's okay if we didn't get anything, the API can handle NULL
  117. // UserParameters.
  118. error = IASParmsQueryRasUser0((str ? *str : NULL), &ru0);
  120. ldap_value_freeW(str);
  121. }
  122. else
  123. {
  124. error = ERROR_NO_SUCH_USER;
  125. }
  126. }
  127. else if (error == ERROR_DS_NOT_INSTALLED)
  128. {
  129. // No DS, so fall back to SAM APIs.
  130. error = IASGetRASUserInfo(username, domainName, &ru0);
  131. }
  133. if (error)
  134. {
  135. IASTraceFailure("Per-user attribute retrieval", error);
  137. HRESULT hr = IASMapWin32Error(error, IAS_SERVER_UNAVAILABLE);
  139. return IASProcessFailure(request, hr);
  140. }
  142. // Used for injecting single attributes.
  143. ATTRIBUTEPOSITION pos, *first, *last;
  144. first = &pos;
  145. last = first + 1;
  147. //////////
  148. // Insert the always present Allow-Dialin attribute.
  149. //////////
  151. if ((ru0.bfPrivilege & RASPRIV_DialinPrivilege) == 0)
  152. {
  153. first->pAttribute = denyAccess;
  154. }
  155. else
  156. {
  157. first->pAttribute = allowAccess;
  158. }
  160. IASTraceString("Inserting attribute msNPAllowDialin.");
  161. OverwriteAttribute(request, first, last);
  163. //////////
  164. // Insert the "Callback Framed" service type if callback is allowed.
  165. //////////
  167. if ((ru0.bfPrivilege & RASPRIV_CallbackType) != RASPRIV_NoCallback)
  168. {
  169. first->pAttribute = callbackFramed;
  171. IASTraceString("Inserting attribute msRADIUSServiceType.");
  172. OverwriteAttribute(request, first, last);
  173. }
  175. //////////
  176. // Insert the Callback-Number if present.
  177. //////////
  179. if (ru0.bfPrivilege & RASPRIV_AdminSetCallback)
  180. {
  181. IASAttribute callback(true);
  182. callback->dwId = RADIUS_ATTRIBUTE_CALLBACK_NUMBER;
  183. callback.setOctetString(ru0.wszPhoneNumber);
  184. callback.setFlag(IAS_INCLUDE_IN_ACCEPT);
  186. first->pAttribute = callback;
  188. IASTraceString("Inserting attribute msRADIUSCallbackNumber.");
  189. OverwriteAttribute(request, first, last);
  190. }
  192. IASTraceString("Successfully retrieved per-user attributes.");
  193. return IAS_REQUEST_STATUS_HANDLED;
  194. }