You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
135 lines
3.1 KiB
135 lines
3.1 KiB
///////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// Copyright (c) 2000, Microsoft Corp. All rights reserved.
|
|
//
|
|
// FILE
|
|
//
|
|
// peruser.cpp
|
|
//
|
|
// SYNOPSIS
|
|
//
|
|
// Defines the class NTSamPerUser.
|
|
//
|
|
///////////////////////////////////////////////////////////////////////////////
|
|
|
|
#include <ias.h>
|
|
#include <iaslsa.h>
|
|
|
|
#include <samutil.h>
|
|
#include <sdoias.h>
|
|
|
|
#include <ntsamperuser.h>
|
|
|
|
STDMETHODIMP NTSamPerUser::Initialize()
|
|
{
|
|
DWORD error = IASLsaInitialize();
|
|
if (error != NO_ERROR) { return HRESULT_FROM_WIN32(error); }
|
|
|
|
HRESULT hr;
|
|
|
|
hr = netp.initialize();
|
|
if (FAILED(hr)) { goto netp_failed; }
|
|
|
|
hr = ntds.initialize();
|
|
if (FAILED(hr)) { goto ntds_failed; }
|
|
|
|
hr = ras.initialize();
|
|
if (FAILED(hr)) { goto ras_failed; }
|
|
|
|
return S_OK;
|
|
|
|
ras_failed:
|
|
ntds.finalize();
|
|
|
|
ntds_failed:
|
|
netp.finalize();
|
|
|
|
netp_failed:
|
|
IASLsaUninitialize();
|
|
|
|
return hr;
|
|
|
|
}
|
|
|
|
STDMETHODIMP NTSamPerUser::Shutdown()
|
|
{
|
|
ras.finalize();
|
|
ntds.finalize();
|
|
netp.finalize();
|
|
IASLsaUninitialize();
|
|
return S_OK;
|
|
}
|
|
|
|
IASREQUESTSTATUS NTSamPerUser::onSyncRequest(IRequest* pRequest) throw ()
|
|
{
|
|
IASREQUESTSTATUS status;
|
|
|
|
try
|
|
{
|
|
IASRequest request(pRequest);
|
|
|
|
//////////
|
|
// Should we process the request?
|
|
//////////
|
|
|
|
IASAttribute ignoreDialin;
|
|
if (ignoreDialin.load(
|
|
request,
|
|
IAS_ATTRIBUTE_IGNORE_USER_DIALIN_PROPERTIES,
|
|
IASTYPE_BOOLEAN
|
|
) &&
|
|
ignoreDialin->Value.Boolean)
|
|
{
|
|
return IAS_REQUEST_STATUS_CONTINUE;
|
|
}
|
|
|
|
//////////
|
|
// Extract the NT4-Account-Name attribute.
|
|
//////////
|
|
|
|
IASAttribute identity;
|
|
if (!identity.load(request,
|
|
IAS_ATTRIBUTE_NT4_ACCOUNT_NAME,
|
|
IASTYPE_STRING))
|
|
{ return IAS_REQUEST_STATUS_CONTINUE; }
|
|
|
|
//////////
|
|
// Convert the User-Name to SAM format.
|
|
//////////
|
|
|
|
SamExtractor extractor(*identity);
|
|
PCWSTR domain = extractor.getDomain();
|
|
PCWSTR username = extractor.getUsername();
|
|
|
|
IASTracePrintf("NT-SAM User Authorization handler received request "
|
|
"for %S\\%S.", domain, username);
|
|
|
|
//////////
|
|
// Try each handler in order.
|
|
//////////
|
|
|
|
status = netp.processUser(request, domain, username);
|
|
if (status != IAS_REQUEST_STATUS_INVALID) { goto done; }
|
|
|
|
status = ntds.processUser(request, domain, username);
|
|
if (status != IAS_REQUEST_STATUS_INVALID) { goto done; }
|
|
|
|
status = ras.processUser(request, domain, username);
|
|
if (status != IAS_REQUEST_STATUS_INVALID) { goto done; }
|
|
|
|
//////////
|
|
// Default is to just continue down the pipeline. Theoretically, we
|
|
// should never get here.
|
|
//////////
|
|
|
|
status = IAS_REQUEST_STATUS_CONTINUE;
|
|
}
|
|
catch (const _com_error& ce)
|
|
{
|
|
IASTraceExcept();
|
|
status = IASProcessFailure(pRequest, ce.Error());
|
|
}
|
|
|
|
done:
|
|
return status;
|
|
}
|