Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

995 lines
40 KiB

//+-------------------------------------------------------------------------
//
// Microsoft Windows
// Copyright (C) Microsoft Corporation, 1992 - 1999
//
// File: dsUtil.h
//
// Contents: Utility functions for working with Active Directory
//
// History: 05-Sep-2000 JeffJon Created
//
//
//--------------------------------------------------------------------------
#ifndef _DSUTIL_H_
#define _DSUTIL_H_
// Define a symbol for the bit in the options flag on a NTDSDSA object
// that determines if the server is a global catalog
#define SERVER_IS_GC_BIT 0x1
#include <Ntdsapi.h>
#include <Sddl.h>
//+--------------------------------------------------------------------------
//
// Class: CDSCmdCredentialObject
//
// Purpose: Object for maintaining username and an encrypted password
//
// History: 6-Sep-2000 JeffJon Created
//
//---------------------------------------------------------------------------
class CDSCmdCredentialObject
{
public :
//
// Constructor
//
CDSCmdCredentialObject();
//
// Destructor
//
~CDSCmdCredentialObject();
//
// Public accessor methods
//
PCWSTR GetUsername() const { return m_sbstrUsername; }
HRESULT SetUsername(PCWSTR pszUsername);
HRESULT GetPassword(PWSTR *ppszPassword) const;
HRESULT SetPassword(PCWSTR pszPassword);
HRESULT SetEncryptedPassword(DATA_BLOB* pEncryptedPasswordDataBlob);
bool UsingCredentials() const { return m_bUsingCredentials; }
void SetUsingCredentials(const bool bUseCred) { m_bUsingCredentials = bUseCred; }
private :
//
// Private data members
//
CComBSTR m_sbstrUsername;
DATA_BLOB m_EncryptedPasswordDataBlob;
bool m_bUsingCredentials;
};
typedef enum
{
DSCMD_LDAP_PROVIDER = 0,
DSCMD_GC_PROVIDER
} DSCMD_PROVIDER_TYPE;
//+--------------------------------------------------------------------------
//
// Class: CDSCmdBasePathsInfo
//
// Purpose: Object for storing and retrieving the paths for the well
// known naming contexts
//
// History: 6-Sep-2000 JeffJon Created
//
//---------------------------------------------------------------------------
class CDSCmdBasePathsInfo
{
public:
//
// Constructor
//
CDSCmdBasePathsInfo();
//
// Destructor
//
~CDSCmdBasePathsInfo();
//
// Public accessor methods
//
HRESULT InitializeFromName(const CDSCmdCredentialObject& refCredentialObject,
PCWSTR pszServerOrDomain,
bool bServerName = false);
bool IsInitialized() const { return m_bInitialized; }
CComBSTR GetProviderAndServerName() const { return m_sbstrProviderAndServerName; }
CComBSTR GetGCProvider() const { return m_sbstrGCProvider; }
CComBSTR GetServerName() const { return m_sbstrServerName; }
CComBSTR GetAbstractSchemaPath() const { return m_sbstrAbstractSchemaPath; }
IADs* GetRootDSE() const { return m_spRootDSE; }
CComBSTR GetConfigurationNamingContext() const;
CComBSTR GetSchemaNamingContext() const;
CComBSTR GetDefaultNamingContext() const;
//
// Other helpful methods
//
void ComposePathFromDN(PCWSTR pszDN,
CComBSTR& refsbstrPath,
DSCMD_PROVIDER_TYPE nProviderType = DSCMD_LDAP_PROVIDER) const;
HRESULT GetDomainMode(const CDSCmdCredentialObject& refCredObject,
bool& bMixedMode) const;
private:
//
// Private data members
//
bool m_bInitialized;
CComBSTR m_sbstrProviderAndServerName;
CComBSTR m_sbstrGCProvider;
CComBSTR m_sbstrServerName;
CComBSTR m_sbstrAbstractSchemaPath;
mutable bool m_bModeInitialized;
mutable bool m_bDomainMode;
mutable CComBSTR m_sbstrConfigNamingContext;
mutable CComBSTR m_sbstrSchemaNamingContext;
mutable CComBSTR m_sbstrDefaultNamingContext;
CComPtr<IADs> m_spRootDSE;
};
//////////////////////////////////////////////////////////////////////////////////////
//+--------------------------------------------------------------------------
//
// Function: DSCmdOpenObject
//
// Synopsis: A wrapper around ADsOpenObject
//
// Arguments: [refCredentialObject - IN] : a reference to a credential management object
// [pszPath - IN] : a pointer to a NULL terminated wide character
// string that contains the ADSI path of the
// object to connect to
// [refIID - IN] : the interface ID of the interface to return
// [ppObject - OUT] : a pointer which is to receive the interface pointer
// [bBindToServer - IN] : true if the path contains a server name,
// false otherwise
//
// Returns: HRESULT : S_OK if everything succeeded
// Anything else is a failure code from an ADSI call
//
// History: 06-Sep-2000 JeffJon Created
//
//---------------------------------------------------------------------------
HRESULT DSCmdOpenObject(const CDSCmdCredentialObject& refCredentialObject,
PCWSTR pszPath,
REFIID refIID,
void** ppObject,
bool bBindToServer);
//+--------------------------------------------------------------------------
//
// Function: GetErrorMessage
//
// Synopsis: Retrieves the error message associated with the HRESULT by
// using FormatMessage
//
// Arguments: [hr - IN] : HRESULT for which the error
// message is to be retrieved
// [sbstrErrorMessage - OUT] : Receives the error message
//
// Returns: bool : true if the message was formatted properly
// false otherwise
//
// History: 11-Sep-2000 JeffJon Created
//
//---------------------------------------------------------------------------
bool GetErrorMessage(HRESULT hr, CComBSTR& sbstrErrorMessage);
//+--------------------------------------------------------------------------
//
// Function: DisplayErrorMessage
//
// Synopsis: Displays the error message retrieved from GetErrorMessage
// to stderr. If GetErrorMessage fails, it displays the error
// code of the HRESULT
//
// Arguments: [pszCommand - IN]: the name of the command line executable
// [pszName - IN] : the name passed in as the target of the operation
// [hr - IN] : HRESULT for which the error
// message is to be retrieved
// [pszMessage - IN]: string of an additional message to be displayed
// at the end
//
// Returns: bool : true if the message was formatted and displayed properly
// false otherwise
//
// History: 11-Sep-2000 JeffJon Created
//
//---------------------------------------------------------------------------
bool DisplayErrorMessage(PCWSTR pszCommand,
PCWSTR pszName,
HRESULT hr,
PCWSTR pszMessage = NULL);
//+--------------------------------------------------------------------------
//
// Function: DisplayErrorMessage
//
// Synopsis: Displays the error message retrieved from GetErrorMessage
// to stderr. If GetErrorMessage fails, it displays the error
// code of the HRESULT
//
// Arguments: [pszCommand - IN]: the name of the command line executable
// [pszName - IN] : the name passed in as the target of the operation
// [hr - IN] : HRESULT for which the error
// message is to be retrieved
// [nStringID - IN] : Resource ID an additional message to be displayed
// at the end
//
// Returns: bool : true if the message was formatted and displayed properly
// false otherwise
//
// History: 11-Sep-2000 JeffJon Created
//
//---------------------------------------------------------------------------
bool DisplayErrorMessage(PCWSTR pszCommand,
PCWSTR pszName,
HRESULT hr,
UINT nStringID);
//+--------------------------------------------------------------------------
//
// Function: DisplaySuccessMessage
//
// Synopsis: Displays a success message for the command
//
// Arguments: [pszCommand - IN]: the name of the command line executable
// [pszName - IN] : the name passed in as the target of the operation
//
// Returns: bool : true if the message was formatted and displayed properly
// false otherwise
//
// History: 11-Sep-2000 JeffJon Created
//
//---------------------------------------------------------------------------
bool DisplaySuccessMessage(PCWSTR pszCommand,
PCWSTR pszName);
//+--------------------------------------------------------------------------
//
// Function: WriteStringIDToStandardOut
//
// Synopsis: Loads the String Resource and displays on Standardout
//
// Arguments: nStringID : Resource ID
// Returns: bool : true if the message was formatted and displayed properly
// false otherwise
//
// History: 11-Sep-2000 hiteshr Created
//
//---------------------------------------------------------------------------
bool WriteStringIDToStandardOut(UINT nStringID);
//+--------------------------------------------------------------------------
//
// Function: WriteStringIDToStandardErr
//
// Synopsis: Loads the String Resource and displays on StandardErr
//
// Arguments: nStringID : Resource ID
// Returns: bool : true if the message was formatted and displayed properly
// false otherwise
//
// History: 14-June-2001 hiteshr Created
//
//---------------------------------------------------------------------------
bool WriteStringIDToStandardErr(UINT nStringID);
/////////////////////////////////////////////////////////////////////////////////////////
//
// Forward declarations
//
struct _DSAttributeTableEntry;
//+--------------------------------------------------------------------------
//
// Struct: _DSObjectTableEntry
//
// Purpose: Definition of a table entry that describes what attributes
// are exposed on an specific object class
//
// History: 6-Sep-2000 JeffJon Created
//
//---------------------------------------------------------------------------
typedef struct _DSObjectTableEntry
{
//
// The objectClass of the object to be created or modified
//
PCWSTR pszObjectClass;
//
// The command line string used to determine the object class
// This is not always identical to pszObjectClass
//
PCWSTR pszCommandLineObjectType;
//
// The table to merge with the common switches for the parser
//
ARG_RECORD* pParserTable;
//
// The ID of the Usage help text for this
//
UINT* nUsageID;
//
// A count of the number of attributes in the table above
//
DWORD dwAttributeCount;
//
// A pointer to a table of attributes that can be modified or set on this class
//
_DSAttributeTableEntry** pAttributeTable;
// Some sort of creation function
} DSOBJECTTABLEENTRY, *PDSOBJECTTABLEENTRY;
//+-------------------------------------------------------------------------
//
// Type: PATTRIBUTEEVALFUNC
//
// Synopsis: The definition of a function that prepares the command line
// string value to be set in the DS.
//
// Note: *ppAttr should be set to NULL if this function does not need
// to create a new unique ADS_ATTR_INFO structure in the array
// to be set on the object. For instance, there are many bits
// in the user account control that are represented by different
// command line flags but we really only need one entry for the
// userAccountControl attribute.
//
// Returns: S_OK if the pAttr members were successfully set.
// S_FALSE if the function failed but displayed its own error message.
// If the return value is S_FALSE then the function should call
// SetLastError() with the error code.
// Otherwise the pAttr info will not be used when making
// the modifications to the object and an error will be reported
//
// History: 08-Sep-2000 JeffJon Created
//
//---------------------------------------------------------------------------
typedef HRESULT (*PATTRIBUTEEVALFUNC)(PCWSTR pszPath,
const CDSCmdBasePathsInfo& refBasePathsInfo,
const CDSCmdCredentialObject& refCredentialObject,
const PDSOBJECTTABLEENTRY pObjectEntry,
const ARG_RECORD& argRecord,
DWORD dwAttributeIdx,
PADS_ATTR_INFO* ppAttr);
//+--------------------------------------------------------------------------
//
// Flags for the _DSAttributeDescription and _DSAttributeTableEntry
// struct dwFlags field
//
//---------------------------------------------------------------------------
#define DS_ATTRIBUTE_DIRTY 0x00000001
#define DS_ATTRIBUTE_READ 0x00000002
#define DS_ATTRIBUTE_ONCREATE 0x00000004
#define DS_ATTRIBUTE_POSTCREATE 0x00000008
#define DS_ATTRIBUTE_REQUIRED 0x00000010
#define DS_ATTRIBUTE_NOT_REUSABLE 0x00000020
//+--------------------------------------------------------------------------
//
// Struct: _DSAttributeDescription
//
// Purpose: Definition of a table entry that describes an attribute
// This was split out from _DSAttributeTableEntry so that
// more than one entry could point to the same attribute.
// For instance, the userAccountControl bits are separate
// command line flags but all use the same attribute. This
// way we only need to read the attribute once and set it once.
//
// History: 13-Sep-2000 JeffJon Created
//
//---------------------------------------------------------------------------
typedef struct _DSAttributeDescription
{
//
// The ADS_ATTR_INFO struct that defines how this attribute will be set
//
ADS_ATTR_INFO adsAttrInfo;
//
// Flags that are used to determine how and when the attribute can be set,
// if the adsAttrInfo has been retrieved and/or set.
// For instance, group membership can only be set after the user object is
// created
//
DWORD dwFlags;
} DSATTRIBUTEDESCRIPTION, *PDSATTRIBUTEDESCRIPTION;
//+--------------------------------------------------------------------------
//
// Struct: _DSAttributeTableEntry
//
// Purpose: Definition of a table entry that describes an attribute
//
// History: 6-Sep-2000 JeffJon Created
//
//---------------------------------------------------------------------------
typedef struct _DSAttributeTableEntry
{
//
// The name of the attribute
//
PWSTR pszName;
//
// The unique identifier for this attribute that cooresponds to
// the command line switch
//
UINT nAttributeID;
//
// Flags that represent when this attribute can be set in relation to
// the objects creation
//
DWORD dwFlags;
//
// Pointer to the description of the attribute
//
PDSATTRIBUTEDESCRIPTION pAttrDesc;
//
// A function that can evaluate the value string passed in and make
// it ready for setting on the object
//
PATTRIBUTEEVALFUNC pEvalFunc;
//
// Undefined data that is static and specific for the entry
//
void* pVoid;
} DSATTRIBUTETABLEENTRY, *PDSATTRIBUTETABLEENTRY;
//+--------------------------------------------------------------------------
//
// Function: ReadGroupType
//
// Synopsis: Reads the group type from the group specified by the given DN
//
// Arguments: [pszDN - IN] : pointer to a string containing the DN
// to the object being modified
// [refBasePathsInfo - IN] : reference to an instance of the
// CDSCmdBasePathsInfo class
// [refCredentialObject - IN] : reference to an instance of the
// CDSCmdCredentialObject class
// [plType - OUT] : returns the currect group type
//
// Returns: HRESULT : S_OK if everything succeeded
// Otherwise an ADSI failure code
//
// History: 18-Sep-2000 JeffJon Created
//
//---------------------------------------------------------------------------
HRESULT ReadGroupType(PCWSTR pszDN,
const CDSCmdBasePathsInfo& refBasePathsInfo,
const CDSCmdCredentialObject& refCredentialObject,
long* plType);
//+--------------------------------------------------------------------------
// Function to be used in the attribute table for evaluating the command line
// strings
//---------------------------------------------------------------------------
HRESULT FillAttrInfoFromObjectEntry(PCWSTR pszDN,
const CDSCmdBasePathsInfo& refBasePathsInfo,
const CDSCmdCredentialObject& refCredentialObject,
const PDSOBJECTTABLEENTRY pObjectEntry,
const ARG_RECORD& argRecord,
DWORD dwAttributeIdx,
PADS_ATTR_INFO* ppAttr);
HRESULT ResetUserPassword(PCWSTR pszDN,
const CDSCmdBasePathsInfo& refBasePathsInfo,
const CDSCmdCredentialObject& refCredentialObject,
const PDSOBJECTTABLEENTRY pObjectEntry,
const ARG_RECORD& argRecord,
DWORD dwAttributeIdx,
PADS_ATTR_INFO* ppAttr);
HRESULT ResetComputerAccount(PCWSTR pszDN,
const CDSCmdBasePathsInfo& refBasePathsInfo,
const CDSCmdCredentialObject& refCredentialObject,
const PDSOBJECTTABLEENTRY pObjectEntry,
const ARG_RECORD& argRecord,
DWORD dwAttributeIdx,
PADS_ATTR_INFO* ppAttr);
HRESULT PasswordNotRequired(PCWSTR pszDN,
const CDSCmdBasePathsInfo& refBasePathsInfo,
const CDSCmdCredentialObject& refCredentialObject,
const PDSOBJECTTABLEENTRY pObjectEntry,
const ARG_RECORD& argRecord,
DWORD dwAttributeIdx,
PADS_ATTR_INFO* ppAttr);
HRESULT DisableAccount(PCWSTR pszDN,
const CDSCmdBasePathsInfo& refBasePathsInfo,
const CDSCmdCredentialObject& refCredentialObject,
const PDSOBJECTTABLEENTRY pObjectEntry,
const ARG_RECORD& argRecord,
DWORD dwAttributeIdx,
PADS_ATTR_INFO* ppAttr);
HRESULT SetMustChangePwd(PCWSTR pszDN,
const CDSCmdBasePathsInfo& refBasePathsInfo,
const CDSCmdCredentialObject& refCredentialObject,
const PDSOBJECTTABLEENTRY pObjectEntry,
const ARG_RECORD& argRecord,
DWORD dwAttributeIdx,
PADS_ATTR_INFO* ppAttr);
HRESULT ChangeMustChangePwd(PCWSTR pszDN,
const CDSCmdBasePathsInfo& refBasePathsInfo,
const CDSCmdCredentialObject& refCredentialObject,
const PDSOBJECTTABLEENTRY pObjectEntry,
const ARG_RECORD& argRecord,
DWORD dwAttributeIdx,
PADS_ATTR_INFO* ppAttr);
HRESULT PwdNeverExpires(PCWSTR pszDN,
const CDSCmdBasePathsInfo& refBasePathsInfo,
const CDSCmdCredentialObject& refCredentialObject,
const PDSOBJECTTABLEENTRY pObjectEntry,
const ARG_RECORD& argRecord,
DWORD dwAttributeIdx,
PADS_ATTR_INFO* ppAttr);
HRESULT ReversiblePwd(PCWSTR pszDN,
const CDSCmdBasePathsInfo& refBasePathsInfo,
const CDSCmdCredentialObject& refCredentialObject,
const PDSOBJECTTABLEENTRY pObjectEntry,
const ARG_RECORD& argRecord,
DWORD dwAttributeIdx,
PADS_ATTR_INFO* ppAttr);
HRESULT AccountExpires(PCWSTR pszDN,
const CDSCmdBasePathsInfo& refBasePathsInfo,
const CDSCmdCredentialObject& refCredentialObject,
const PDSOBJECTTABLEENTRY pObjectEntry,
const ARG_RECORD& argRecord,
DWORD dwAttributeIdx,
PADS_ATTR_INFO* ppAttr);
HRESULT SetCanChangePassword(PCWSTR pszDN,
const CDSCmdBasePathsInfo& refBasePathsInfo,
const CDSCmdCredentialObject& refCredentialObject,
const PDSOBJECTTABLEENTRY pObjectEntry,
const ARG_RECORD& argRecord,
DWORD dwAttributeIdx,
PADS_ATTR_INFO* ppAttr);
HRESULT ChangeCanChangePassword(PCWSTR pszDN,
const CDSCmdBasePathsInfo& refBasePathsInfo,
const CDSCmdCredentialObject& refCredentialObject,
const PDSOBJECTTABLEENTRY pObjectEntry,
const ARG_RECORD& argRecord,
DWORD dwAttributeIdx,
PADS_ATTR_INFO* ppAttr);
HRESULT SetGroupScope(PCWSTR pszDN,
const CDSCmdBasePathsInfo& refBasePathsInfo,
const CDSCmdCredentialObject& refCredentialObject,
const PDSOBJECTTABLEENTRY pObjectEntry,
const ARG_RECORD& argRecord,
DWORD dwAttributeIdx,
PADS_ATTR_INFO* ppAttr);
HRESULT ChangeGroupScope(PCWSTR pszDN,
const CDSCmdBasePathsInfo& refBasePathsInfo,
const CDSCmdCredentialObject& refCredentialObject,
const PDSOBJECTTABLEENTRY pObjectEntry,
const ARG_RECORD& argRecord,
DWORD dwAttributeIdx,
PADS_ATTR_INFO* ppAttr);
HRESULT SetGroupSecurity(PCWSTR pszDN,
const CDSCmdBasePathsInfo& refBasePathsInfo,
const CDSCmdCredentialObject& refCredentialObject,
const PDSOBJECTTABLEENTRY pObjectEntry,
const ARG_RECORD& argRecord,
DWORD dwAttributeIdx,
PADS_ATTR_INFO* ppAttr);
HRESULT ChangeGroupSecurity(PCWSTR pszDN,
const CDSCmdBasePathsInfo& refBasePathsInfo,
const CDSCmdCredentialObject& refCredentialObject,
const PDSOBJECTTABLEENTRY pObjectEntry,
const ARG_RECORD& argRecord,
DWORD dwAttributeIdx,
PADS_ATTR_INFO* ppAttr);
HRESULT ModifyGroupMembers(PCWSTR pszDN,
const CDSCmdBasePathsInfo& refBasePathsInfo,
const CDSCmdCredentialObject& refCredentialObject,
const PDSOBJECTTABLEENTRY pObjectEntry,
const ARG_RECORD& argRecord,
DWORD dwAttributeIdx,
PADS_ATTR_INFO* ppAttr);
HRESULT RemoveGroupMembers(PCWSTR pszDN,
const CDSCmdBasePathsInfo& refBasePathsInfo,
const CDSCmdCredentialObject& refCredentialObject,
const PDSOBJECTTABLEENTRY pObjectEntry,
const ARG_RECORD& argRecord,
DWORD dwAttributeIdx,
PADS_ATTR_INFO* ppAttr);
HRESULT MakeMemberOf(PCWSTR pszDN,
const CDSCmdBasePathsInfo& refBasePathsInfo,
const CDSCmdCredentialObject& refCredentialObject,
const PDSOBJECTTABLEENTRY pObjectEntry,
const ARG_RECORD& argRecord,
DWORD dwAttributeIdx,
PADS_ATTR_INFO* ppAttr);
HRESULT BuildComputerSAMName(PCWSTR pszDN,
const CDSCmdBasePathsInfo& refBasePathsInfo,
const CDSCmdCredentialObject& refCredentialObject,
const PDSOBJECTTABLEENTRY pObjectEntry,
const ARG_RECORD& argRecord,
DWORD dwAttributeIdx,
PADS_ATTR_INFO* ppAttr);
HRESULT BuildGroupSAMName(PCWSTR pszDN,
const CDSCmdBasePathsInfo& refBasePathsInfo,
const CDSCmdCredentialObject& refCredentialObject,
const PDSOBJECTTABLEENTRY pObjectEntry,
const ARG_RECORD& argRecord,
DWORD dwAttributeIdx,
PADS_ATTR_INFO* ppAttr);
HRESULT BuildUserSAMName(PCWSTR pszDN,
const CDSCmdBasePathsInfo& refBasePathsInfo,
const CDSCmdCredentialObject& refCredentialObject,
const PDSOBJECTTABLEENTRY pObjectEntry,
const ARG_RECORD& argRecord,
DWORD dwAttributeIdx,
PADS_ATTR_INFO* ppAttr);
HRESULT FillAttrInfoFromObjectEntryExpandUsername(PCWSTR pszDN,
const CDSCmdBasePathsInfo& refBasePathsInfo,
const CDSCmdCredentialObject& refCredentialObject,
const PDSOBJECTTABLEENTRY pObjectEntry,
const ARG_RECORD& argRecord,
DWORD dwAttributeIdx,
PADS_ATTR_INFO* ppAttr);
HRESULT SetComputerAccountType(PCWSTR pszDN,
const CDSCmdBasePathsInfo& refBasePathsInfo,
const CDSCmdCredentialObject& refCredentialObject,
const PDSOBJECTTABLEENTRY pObjectEntry,
const ARG_RECORD& argRecord,
DWORD dwAttributeIdx,
PADS_ATTR_INFO* ppAttr);
HRESULT SetIsGC(PCWSTR pszDN,
const CDSCmdBasePathsInfo& refBasePathsInfo,
const CDSCmdCredentialObject& refCredentialObject,
const PDSOBJECTTABLEENTRY pObjectEntry,
const ARG_RECORD& argRecord,
DWORD dwAttributeIdx,
PADS_ATTR_INFO* ppAttr);
HRESULT SetAccountEntry(PCWSTR pszDN,
const CDSCmdBasePathsInfo& refBasePathsInfo,
const CDSCmdCredentialObject& refCredentialObject,
const PDSOBJECTTABLEENTRY pObjectEntry,
const ARG_RECORD& argRecord,
DWORD dwAttributeIdx,
PADS_ATTR_INFO* ppAttr);
//+--------------------------------------------------------------------------
//
// Function: EvaluateMustChangePassword
//
// Synopsis:
//
// Arguments: [pszDN - IN] : DN of the object to check
// [refBasePathsInfo - IN] : reference to the base paths info
// [refCredentialObject - IN] : reference to the credential manangement object
// [bMustChangePassword - OUT] : true if the user must change their
// password at next logon, false otherwise
//
// Returns: HRESULT : S_OK if everything succeeded
// Otherwise an ADSI failure code
//
// History: 27-Oct-2000 JeffJon Created
//
//---------------------------------------------------------------------------
HRESULT EvaluateMustChangePassword(PCWSTR pszDN,
const CDSCmdBasePathsInfo& refBasePathsInfo,
const CDSCmdCredentialObject& refCredentialObject,
bool& bMustChangePassword);
//+--------------------------------------------------------------------------
//
// Function: EvaluateCanChangePasswordAces
//
// Synopsis: Looks for explicit entries in the ACL to see if the user can
// change their password
//
// Arguments: [pszDN - IN] : DN of the object to check
// [refBasePathsInfo - IN] : reference to the base paths info
// [refCredentialObject - IN] : reference to the credential manangement object
// [bCanChangePassword - OUT] : false if there are explicit entries
// that keep the user from changing their
// password. true otherwise.
//
// Returns: HRESULT : S_OK if everything succeeded
// Otherwise an ADSI failure code
//
// History: 27-Oct-2000 JeffJon Created
//
//---------------------------------------------------------------------------
HRESULT EvaluateCanChangePasswordAces(PCWSTR pszDN,
const CDSCmdBasePathsInfo& refBasePathsInfo,
const CDSCmdCredentialObject& refCredentialObject,
bool& bCanChangePassword);
//+--------------------------------------------------------------------------
//
// Enumeration: FSMO_TYPE
//
// Synopsis: The types of FSMO owners
//
//---------------------------------------------------------------------------
enum FSMO_TYPE
{
SCHEMA_FSMO,
RID_POOL_FSMO,
PDC_FSMO,
INFRASTUCTURE_FSMO,
DOMAIN_NAMING_FSMO,
};
//+--------------------------------------------------------------------------
//
// Function: BindToFSMOHolder
//
// Synopsis: Binds to the appropriate object which can be used to find a
// particular FSMO owner
//
// Arguments: [refBasePathsInfo - IN] : reference to the base paths info object
// [refCredObject - IN] : reference to the credential management object
// [fsmoType - IN] : type of the FSMO we are searching for
// [refspIADs - OUT] : interface to the object that will be
// used to start a search for the FSMO owner
//
// Returns: HRESULT : S_OK if everything succeeded
// Otherwise an ADSI failure code
//
// History: 13-Dec-2000 JeffJon Created
//
//---------------------------------------------------------------------------
HRESULT BindToFSMOHolder(IN const CDSCmdBasePathsInfo& refBasePathsInfo,
IN const CDSCmdCredentialObject& refCredObject,
IN FSMO_TYPE fsmoType,
OUT CComPtr<IADs>& refspIADs);
//+--------------------------------------------------------------------------
//
// Function: FindFSMOOwner
//
// Synopsis:
//
// Arguments: [refBasePathsInfo - IN] : reference to the base paths info object
// [refCredObject - IN] : reference to the credential management object
// [fsmoType - IN] : type of the FSMO we are searching for
// [refspIADs - OUT] : interface to the object that will be
// used to start a search for the FSMO owner
//
// Returns: HRESULT : S_OK if everything succeeded
// Otherwise an ADSI failure code
//
// History: 13-Dec-2000 JeffJon Created
//
//---------------------------------------------------------------------------
HRESULT FindFSMOOwner(IN const CDSCmdBasePathsInfo& refBasePathsInfo,
IN const CDSCmdCredentialObject& refCredObject,
IN FSMO_TYPE fsmoType,
OUT CComBSTR& refsbstrServer);
//+--------------------------------------------------------------------------
//
// Function: ValidateAndModifySAMName
//
// Synopsis: Looks for any illegal characters in the SamAccountName and
// converts them to the replacementChar
//
// Arguments: [pszSAMName - IN/OUT] : pointer to a string that contains the SamAccountName
// illegal characters will be replaced
// [pszInvalidChars - IN] : string containing the illegal characters
//
// Returns: HRESULT : S_OK if the name was valid and no characters had to be replaced
// S_FALSE if the name contained invalid characters that were replaced
// E_INVALIDARG
//
// History: 21-Feb-2001 JeffJon Created
//
//---------------------------------------------------------------------------
#define INVALID_NETBIOS_AND_ACCOUNT_NAME_CHARS_WITH_AT ILLEGAL_FAT_CHARS L".@"
HRESULT ValidateAndModifySAMName(PWSTR pszSAMName,
PCWSTR pszInvalidChars);
//+--------------------------------------------------------------------------
//
// Class: GetOutputDN
//
// Purpose: Converts an ADSI-escaped DN to one with DSCMD input escaping.
// This way, the output DN can be piped as input to another
// DSCMD command.
//
// History: 08-May-2001 JonN Created
//
//---------------------------------------------------------------------------
HRESULT GetOutputDN( OUT BSTR* pbstrOut, IN PCWSTR pszIn );
//+--------------------------------------------------------------------------
//
// Class: ValidateDNSyntax
//
// Purpose: Validates each string in the null separated list as having
// DN syntax
//
// Returns: The count of valid DNs in the list
//
// History: 12-Oct-2001 JeffJon Created
//
//---------------------------------------------------------------------------
UINT ValidateDNSyntax(IN PWSTR* ppszArray, UINT nStrings);
//+--------------------------------------------------------------------------
//
// Function: IsServerGC
//
// Purpose: Checks if server is Global Catalog
//
// Returns: TRUE if GC else flase
//
// History: 05-Jan-2002 hiteshr Created
//
//---------------------------------------------------------------------------
BOOL
IsServerGC(LPCWSTR pszServerName,
CDSCmdCredentialObject& refCredentialObject);
//+--------------------------------------------------------------------------
//
// Function: GetQuotedDN
//
// Purpose: Takes the give DN and surrounds it with quotes
//
// Returns: the quoted DN
//
// History: 10-Oct-2002 jeffjon Created
//
//---------------------------------------------------------------------------
CComBSTR GetQuotedDN(PWSTR pszDN);
//+--------------------------------------------------------------------------
//
// Function: ConvertTrusteeToDN
//
// Synopsis: Get the DN for an -acct param
//
// Arguments: [lpszDomain - IN]: Domain to query or NULL for local
// [lpszTrustee - IN]: Acct to resolve
// [lpszDN - OUT]: Returns the DN. Use LocalFree when done
//
// Returns: HRESULT : S_OK if everything succeeded
// E_INVALIDARG for invalid input
// Anything else is a failure code from an ADSI call
//
// History: 20-Aug-2002 RonMart Created
//
//---------------------------------------------------------------------------
HRESULT ConvertTrusteeToDN(LPCWSTR lpszDomain, LPCWSTR lpszTrustee,
LPWSTR* lpszDN);
//+--------------------------------------------------------------------------
//
// Function: GetDNSid
//
// Synopsis: Given a DN the objecSid value will be retrieved and returned
// as a SID
//
// Arguments: [lpszDN - IN]: DN to query
// [refBasePathsInfo - IN]: LDAP settings
// [refCredentialObject - IN]: Credentials to use for the query
// [pSid - OUT]: A SID if successful. Call LocalFree
// when done.
//
// Returns: HRESULT : S_OK if everything succeeded
// E_INVALIDARG for invalid input
// Anything else is a failure code from an ADSI call
//
// History: 20-Aug-2002 RonMart Created
//
//---------------------------------------------------------------------------
HRESULT GetDNSid(LPCTSTR lpszDN,
const CDSCmdBasePathsInfo& refBasePathsInfo,
const CDSCmdCredentialObject& refCredentialObject,
PSID* pSid);
//+--------------------------------------------------------------------------
//
// Function: GetQuotaContainerDN
//
// Synopsis: Takes the partition dn and merges it with the NTDS Quotas
// string (from wellKnownObjects GUID)
//
// Arguments: [basePathsInfo - IN]:
// [credentialObject - IN]: Creditials object used for
// binding to other objects
// [lpszPartitionDN - IN]: The partition to bind to
// [pszNewDN - OUT]: The munged quotas DN to return
//
// Returns: HRESULT : S_OK if everything succeeded
// E_UNEXPECTED in most failure cases
// E_OUTOFMEMORY if a LocalAlloc fails
// Anything else is a failure code from an ADSI call
//
// History: 05-Aug-2002 RonMart Created
//
//---------------------------------------------------------------------------
HRESULT GetQuotaContainerDN(IN CDSCmdBasePathsInfo& basePathsInfo,
IN const CDSCmdCredentialObject& credentialObject,
IN LPCWSTR lpszPartitionDN,
OUT PWSTR* pszNewDN);
//+--------------------------------------------------------------------------
//
// Function: ConvertTrusteeToNT4Name
//
// Synopsis: Get the DN for an -acct param
//
// Arguments: [lpszDomain - IN]: Domain to query or NULL for local
// [lpszTrustee - IN]: Acct to resolve
// [lpszNT4 - OUT]: Returns the NT4 name.
// Use LocalFree when done
//
// Returns: HRESULT : S_OK if everything succeeded
// E_INVALIDARG for invalid input
// Anything else is a failure code from an ADSI call
//
// History: 20-Aug-2002 RonMart Created
//
//---------------------------------------------------------------------------
HRESULT ConvertTrusteeToNT4Name(LPCWSTR lpszDomain, LPCWSTR lpszTrustee,
LPWSTR* lpszNT4);
#endif //_DSUTIL_H_