archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
0 Tags
2.0 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-xp/Source/XPSP1/NT/admin/admt/moveobj/mover.cpp

653 lines
18 KiB
Raw Permalink Normal View History

Add source files
4 years ago
  1. // Mover.cpp : Implementation of CMoveObjApp and DLL registration.
  3. #include "stdafx.h"
  4. #include <stdio.h>
  5. #include <basetsd.h>
  6. #include <ntdsapi.h>
  7. #include "MoveObj.h"
  8. #include "Mover.h"
  9. #include "UString.hpp"
  10. #include "EaLen.hpp"
  12. #include "ErrDct.hpp"
  13. #include "TReg.hpp"
  14. #include "ResStr.h"
  16. #include "winldap.h" // use the platform SDK version of winldap.h, which is in the project directory
  20. #define SECURITY_WIN32 1 // Needed for sspi.h
  22. #include <sspi.h> // Needed for ISC_REQ_DELEGATE
  25. #define LDAP_SERVER_CROSSDOM_MOVE_TARGET_OID "1.2.840.113556.1.4.521"
  26. #define LDAP_SERVER_CROSSDOM_MOVE_TARGET_OID_W L"1.2.840.113556.1.4.521"
  29. TErrorDct err;
  30. TErrorDct errLogMain;
  31. StringLoader gString;
  33. BOOL // ret- whether to perform trace logging to a file
  34. MoverTraceLogging(
  35. WCHAR * filename // out- filename to use for trace logging
  36. )
  37. {
  38. DWORD rc = 0;
  39. BOOL bFound = FALSE;
  40. TRegKey key;
  41. WCHAR fnW[MAX_PATH];
  43. rc = key.OpenRead(GET_STRING(IDS_HKLM_DomainAdmin_Key),(HKEY)HKEY_LOCAL_MACHINE);
  44. if ( ! rc )
  45. {
  46. rc = key.ValueGetStr(L"MoveObjectLog",fnW,MAX_PATH);
  47. if ( ! rc )
  48. {
  49. if ( *fnW )
  50. {
  51. bFound = TRUE;
  52. UStrCpy(filename,fnW);
  53. }
  54. else
  55. {
  56. filename[0] = 0;
  57. }
  58. }
  59. }
  60. return bFound && filename[0];
  61. }
  64. // In the following function we are sending in the logFilename in the tgtCredDomain argument.
  65. // This is done since this is always called with a null value in the ADMT code. To be safe we
  66. // will check if the account value is null then we will treat this as a log file otherwise
  67. // we will need to treat this as credentials.
  68. STDMETHODIMP
  69. CMover::Connect(
  70. BSTR sourceComp, // in - source domain computer to connect to
  71. BSTR targetDSA, // in - target domain computer to connect to
  72. BSTR srcCredDomain, // in - credentials to use for source domain
  73. BSTR srcCredAccount, // in - credentials to use for source domain
  74. BSTR srcCredPassword, // in - credentials to use for source domain
  75. BSTR tgtCredDomain, // in - credentials to use for target domain
  76. BSTR tgtCredAccount, // in - credentials to use for target domain
  77. BSTR tgtCredPassword // in - credentials to use for target domain
  78. )
  79. {
  81. DWORD rc = 0;
  82. LONG value = 0;
  83. ULONG flags = 0;
  84. ULONG result = 0;
  85. SEC_WINNT_AUTH_IDENTITY srcCred;
  86. SEC_WINNT_AUTH_IDENTITY tgtCred;
  87. BOOL bUseSrcCred = FALSE;
  88. BOOL bUseTgtCred = FALSE;
  89. BOOL bSrcGood = FALSE;
  90. WCHAR * logFileMain;
  92. // strip off leading \\ if present
  93. if ( sourceComp && sourceComp[0] == L'\\' )
  94. {
  95. UStrCpy(m_sourceDSA,sourceComp + 2);
  96. }
  97. else
  98. {
  99. UStrCpy(m_sourceDSA,sourceComp);
  100. }
  101. if ( targetDSA && targetDSA[0] == L'\\' )
  102. {
  103. UStrCpy(m_targetDSA,targetDSA + 2);
  104. }
  105. else
  106. {
  107. UStrCpy(m_targetDSA,targetDSA);
  108. }
  110. // set up credentials structure to use for bind, if needed
  111. if ( srcCredDomain && *srcCredDomain && srcCredAccount && *srcCredAccount )
  112. {
  113. srcCred.User = srcCredAccount;
  114. srcCred.Domain = srcCredDomain;
  115. srcCred.Password = srcCredPassword;
  116. srcCred.UserLength = UStrLen(srcCred.User);
  117. srcCred.Flags = SEC_WINNT_AUTH_IDENTITY_UNICODE;
  118. srcCred.DomainLength = UStrLen(srcCred.Domain);
  119. srcCred.PasswordLength = UStrLen(srcCred.Password);
  120. bUseSrcCred = TRUE;
  121. }
  123. if ( tgtCredAccount && *tgtCredAccount )
  124. {
  125. tgtCred.User = tgtCredAccount;
  126. tgtCred.Domain = tgtCredDomain;
  127. tgtCred.Password = tgtCredPassword;
  128. tgtCred.UserLength = UStrLen(tgtCred.User);
  129. tgtCred.Flags = SEC_WINNT_AUTH_IDENTITY_UNICODE;
  130. tgtCred.DomainLength = UStrLen(tgtCred.Domain);
  131. tgtCred.PasswordLength = UStrLen(tgtCred.Password);
  132. bUseTgtCred = TRUE;
  133. }
  134. else if ( tgtCredDomain && *tgtCredDomain )
  135. {
  136. logFileMain = tgtCredDomain;
  137. if (*logFileMain)
  138. {
  139. errLogMain.LogOpen(logFileMain, 1);
  140. }
  141. }
  143. // Open LDAP connections to the source and target computers
  146. // first, connect to the source computer
  147. WCHAR logFile[LEN_Path];
  149. if ( MoverTraceLogging(logFile) )
  150. {
  151. err.LogOpen(logFile,1);
  152. }
  153. err.DbgMsgWrite(0,L"\n\nMoveObject::Connect(%ls,%ls)",m_sourceDSA,m_targetDSA);
  155. // m_srcLD = ldap_openW(m_sourceDSA, LDAP_PORT);
  156. //replace ldap_open(servername,..) with ldap_init and set LDAP_OPT_AREC_EXCLUSIVE
  157. //flag so that the following ldap calls (i.e. ldap_bind) will not need to
  158. //unnecessarily query for the domain controller
  159. m_srcLD = ldap_initW(m_sourceDSA, LDAP_PORT);
  161. if ( m_srcLD == NULL )
  162. {
  163. value = LdapGetLastError();
  164. if (value == LDAP_SUCCESS )
  165. {
  166. rc = ERROR_CONNECTION_REFUSED;
  167. }
  168. else
  169. {
  170. rc = LdapMapErrorToWin32(result);
  171. }
  172. errLogMain.SysMsgWrite(ErrE, rc, DCT_MSG_CONNECT_ERROR_SOURCE_SD, (WCHAR*)m_sourceDSA, rc);
  173. }
  175. if ( m_srcLD )
  176. {
  177. //set LDAP_OPT_AREC_EXCLUSIVE flag so that the following calls tp
  178. //ldap_open will not need to unnecessarily query for the domain controller
  179. flags = PtrToUlong(LDAP_OPT_ON);
  180. ldap_set_option(m_srcLD, LDAP_OPT_AREC_EXCLUSIVE, &flags);
  182. err.DbgMsgWrite(0,L"Setting source options");
  183. flags = 0;
  184. // set the delegation flag for the source handle
  185. result = ldap_get_option(m_srcLD, LDAP_OPT_SSPI_FLAGS,&flags);
  187. if ( result )
  188. {
  189. rc = LdapMapErrorToWin32(result);
  190. }
  191. else
  192. {
  193. flags |= ISC_REQ_DELEGATE;
  196. result = ldap_set_option(m_srcLD,LDAP_OPT_SSPI_FLAGS, &flags);
  197. if ( result )
  198. {
  199. rc = LdapMapErrorToWin32(result);
  200. }
  201. }
  202. }
  204. if ( ! rc )
  205. {
  206. err.DbgMsgWrite(0,L"Binding to source");
  207. // try to bind to the source LDAP server
  208. if( bUseSrcCred )
  209. {
  210. result = ldap_bind_s(m_srcLD,NULL,(WCHAR*)&srcCred, LDAP_AUTH_SSPI);
  211. }
  212. else
  213. {
  214. result = ldap_bind_s(m_srcLD,NULL,NULL, LDAP_AUTH_SSPI);
  215. }
  218. if ( result )
  219. {
  220. rc = LdapMapErrorToWin32(result);
  221. }
  222. else
  223. {
  224. bSrcGood = TRUE;
  225. }
  226. }
  228. if ( ! rc )
  229. {
  230. err.DbgMsgWrite(0,L"Connecting to target");
  231. // now try to connect to the target server
  232. // m_tgtLD = ldap_openW(m_targetDSA, LDAP_PORT);
  233. //replace ldap_open(servername,..) with ldap_init and set LDAP_OPT_AREC_EXCLUSIVE
  234. //flag so that the following ldap calls (i.e. ldap_bind) will not need to
  235. //unnecessarily query for the domain controller
  236. m_tgtLD = ldap_initW(m_targetDSA, LDAP_PORT);
  238. if ( m_tgtLD == NULL )
  239. {
  240. value = LdapGetLastError();
  241. if (value == LDAP_SUCCESS )
  242. {
  243. rc = ERROR_CONNECTION_REFUSED;
  244. }
  245. else
  246. {
  247. rc = LdapMapErrorToWin32(result);
  248. }
  249. errLogMain.SysMsgWrite(ErrE, rc, DCT_MSG_CONNECT_ERROR_TARGET_SD, (WCHAR*)m_targetDSA, rc);
  250. }
  252. if ( m_tgtLD )
  253. {
  254. //set LDAP_OPT_AREC_EXCLUSIVE flag so that the following calls tp
  255. //ldap_open will not need to unnecessarily query for the domain controller
  256. flags = PtrToUlong(LDAP_OPT_ON);
  257. ldap_set_option(m_tgtLD, LDAP_OPT_AREC_EXCLUSIVE, &flags);
  259. err.DbgMsgWrite(0,L"Setting target options.");
  260. flags = 0;
  262. result = ldap_get_option(m_tgtLD,LDAP_OPT_REFERRALS,&flags);
  263. if ( result )
  264. {
  265. rc = LdapMapErrorToWin32(result);
  266. }
  267. else
  268. {
  269. flags = PtrToUlong(LDAP_OPT_OFF);
  270. result = ldap_set_option(m_tgtLD,LDAP_OPT_REFERRALS,&flags);
  272. if ( result )
  273. {
  274. rc = LdapMapErrorToWin32(result);
  275. }
  276. }
  277. if ( ! rc )
  278. {
  279. err.DbgMsgWrite(0,L"Binding to target.");
  280. if ( bUseTgtCred )
  281. {
  282. result = ldap_bind_s(m_tgtLD,NULL,(PWCHAR)&tgtCred,LDAP_AUTH_SSPI);
  283. }
  284. else
  285. {
  286. result = ldap_bind_s(m_tgtLD,NULL,NULL,LDAP_AUTH_SSPI);
  287. }
  289. if ( result )
  290. {
  291. rc = LdapMapErrorToWin32(result);
  292. }
  293. if ( rc )
  294. {
  295. err.DbgMsgWrite(0,L"Bind to target failed,rc=%ld, ldapRC=0x%lx",rc,result);
  296. }
  297. else
  298. {
  299. err.DbgMsgWrite(0,L"Everything succeeded.");
  300. }
  301. }
  302. }
  304. }
  305. if ( bSrcGood )
  306. {
  307. rc = 0;
  308. }
  309. if ( rc )
  310. {
  311. // if failure, clean up any sessions we may have opened
  312. Close();
  313. }
  315. err.LogClose();
  317. if ( logFileMain && *logFileMain )
  318. {
  319. errLogMain.LogClose();
  320. }
  322. if ( SUCCEEDED(rc))
  323. return HRESULT_FROM_WIN32(rc);
  324. else
  325. return rc;
  326. }
  328. STDMETHODIMP CMover::Close()
  329. {
  330. // close any open connections
  331. if ( m_srcLD )
  332. {
  333. ldap_unbind_s(m_srcLD);
  334. m_srcLD = NULL;
  335. }
  337. if ( m_tgtLD )
  338. {
  339. ldap_unbind_s(m_tgtLD);
  340. m_tgtLD = NULL;
  341. }
  343. return S_OK;
  344. }
  346. char * MakeNarrowString(PWCHAR strInput)
  347. {
  348. char * strResult = NULL;
  349. ULONG len = 0;
  351. if ( strInput )
  352. {
  353. len = WideCharToMultiByte(CP_ACP,
  354. 0,
  355. strInput,
  356. wcslen(strInput),
  357. NULL,
  358. 0,
  359. NULL,
  360. NULL);
  362. strResult = (PCHAR)malloc(len + 1);
  364. if ( strResult )
  365. {
  366. WideCharToMultiByte(CP_ACP,
  367. 0,
  368. strInput,
  369. wcslen(strInput),
  370. strResult,
  371. len,
  372. NULL,
  373. NULL);
  374. // make sure the resulting string is null terminated
  375. strResult[len] = 0;
  376. }
  377. }
  379. return strResult;
  380. }
  382. void StripDN(WCHAR * str)
  383. {
  384. int curr=0,i=0;
  386. for ( curr=0,i=0; str[i] ; i++ )
  387. {
  388. if ( str[i] == L'\\' && str[i+1] == L'/' )
  389. {
  390. continue;
  391. }
  392. str[curr] = str[i];
  393. curr++;
  394. }
  395. str[curr] = 0;
  396. }
  398. STDMETHODIMP CMover::MoveObject(BSTR sourcePath, BSTR targetRDN, BSTR targetOUPath )
  399. {
  400. WCHAR sTargetContainer[LEN_Path];
  401. WCHAR sSourceDN[LEN_Path];
  402. WCHAR sTargetRDN[LEN_Path];
  403. WCHAR sTargetDSA[LEN_Path];
  404. char * pTgtDSA = NULL;
  405. WCHAR const * prefix = L"LDAP://";
  406. HRESULT hr = S_OK;
  408. // set up the arguments needed to call the interdomain move operation
  409. UStrCpy(sTargetDSA,m_targetDSA);
  410. pTgtDSA = MakeNarrowString(sTargetDSA);
  413. // the source path and target OuPath are provided in the LDAP:// format
  415. // get the target container, target DN, and source DN in canonical LDAP format
  417. if ( !UStrICmp(targetOUPath,prefix,UStrLen(prefix)) )
  418. {
  419. WCHAR * start = wcschr(targetOUPath+UStrLen(prefix) + 1,L'/');
  420. if ( start )
  421. {
  422. UStrCpy(sTargetContainer,start + 1);
  423. }
  424. else
  425. {
  426. // error!
  427. hr = E_INVALIDARG;
  428. }
  429. }
  430. if ( !UStrICmp(sourcePath,prefix,UStrLen(prefix)) )
  431. {
  432. WCHAR * start = wcschr(sourcePath+UStrLen(prefix)+1,L'/');
  433. if ( start )
  434. {
  435. UStrCpy(sSourceDN,start+1);
  436. UStrCpy(sTargetRDN,start + 1);
  437. WCHAR * temp = wcschr(sTargetRDN,L',');
  438. if ( temp )
  439. {
  440. (*temp) = 0;
  441. }
  442. }
  443. else
  444. {
  445. // error!
  446. hr = E_INVALIDARG;
  447. }
  448. }
  450. StripDN(sSourceDN);
  451. StripDN(sTargetRDN);
  452. StripDN(sTargetContainer);
  454. berval Value;
  455. Value.bv_val = pTgtDSA;
  456. Value.bv_len = strlen(pTgtDSA);
  458. LDAPControl ServerControl;
  459. LDAPControl * ServerControls[2];
  460. LDAPControl * ClientControls = NULL;
  462. ServerControl.ldctl_oid = LDAP_SERVER_CROSSDOM_MOVE_TARGET_OID_W;
  463. ServerControl.ldctl_value = Value;
  464. ServerControl.ldctl_iscritical = TRUE;
  466. ServerControls[0] = NULL;
  467. ServerControls[0] = &ServerControl;
  468. ServerControls[1] = NULL;
  470. /*
  471. DstDSA = dns name of dc
  472. Dn = distinguished name of object to be moved
  473. NewRdn = relative distinguished name of object
  474. NewParent = distinguished name of new parent container
  475. ServerControls= specify the LDAP operational control for cross domain move
  476. */
  477. DWORD ldaprc = ldap_rename_ext_s(m_srcLD,
  478. sSourceDN,
  479. targetRDN,
  480. sTargetContainer,
  481. TRUE,
  482. ServerControls,
  483. &ClientControls
  484. );
  486. DWORD winrc = 0;
  487. ULONG error;
  488. ULONG result;
  489. WCHAR logFile[LEN_Path];
  491. if ( MoverTraceLogging(logFile) )
  492. {
  493. err.LogOpen(logFile,1);
  494. }
  496. if ( ldaprc )
  497. {
  499. result = ldap_get_option(m_srcLD, LDAP_OPT_SERVER_EXT_ERROR,&error);
  500. if (! result )
  501. {
  502. winrc = error;
  503. }
  504. else
  505. {
  506. err.DbgMsgWrite(0,L"Failed to get extended error, result=%ld",result);
  507. winrc = LdapMapErrorToWin32(ldaprc);
  508. }
  510. }
  513. err.DbgMsgWrite(0,L"\nMoveObject(sSourceDN=%ls\n,sTargetRDN=%ls\n,sTargetContainer=%ls\n,pTargetDSA=%S) rc=%ld,ldapRC=%ld",
  514. sSourceDN,targetRDN,sTargetContainer,pTgtDSA,winrc,ldaprc);
  516. err.LogClose();
  518. free(pTgtDSA);
  520. if ( SUCCEEDED(winrc))
  521. return HRESULT_FROM_WIN32(winrc);
  522. else
  523. return winrc;
  524. }
  529. STDMETHODIMP CMover::CheckMove(BSTR sourcePath, BSTR targetRDN, BSTR targetOUPath )
  530. {
  531. WCHAR sTargetContainer[LEN_Path];
  532. WCHAR sSourceDN[LEN_Path];
  533. WCHAR sTargetRDN[LEN_Path];
  534. WCHAR sTargetDSA[LEN_Path];
  535. char * pTgtDSA = NULL;
  536. WCHAR const * prefix = L"LDAP://";
  537. HRESULT hr = S_OK;
  539. // set up the arguments needed to call the interdomain move operation
  540. UStrCpy(sTargetDSA,m_targetDSA);
  541. pTgtDSA = MakeNarrowString(sTargetDSA);
  544. // the source path and target OuPath are provided in the LDAP:// format
  546. // get the target container, target DN, and source DN in canonical LDAP format
  548. if ( !UStrICmp(targetOUPath,prefix,UStrLen(prefix)) )
  549. {
  550. WCHAR * start = wcschr(targetOUPath+UStrLen(prefix) + 1,L'/');
  551. if ( start )
  552. {
  553. UStrCpy(sTargetContainer,start + 1);
  554. }
  555. else
  556. {
  557. // error!
  558. hr = E_INVALIDARG;
  559. }
  560. }
  561. if ( !UStrICmp(sourcePath,prefix,UStrLen(prefix)) )
  562. {
  563. WCHAR * start = wcschr(sourcePath+UStrLen(prefix)+1,L'/');
  564. if ( start )
  565. {
  566. UStrCpy(sSourceDN,start+1);
  567. UStrCpy(sTargetRDN,start + 1);
  568. WCHAR * temp = wcschr(sTargetRDN,L',');
  569. if ( temp )
  570. {
  571. (*temp) = 0;
  572. }
  573. }
  574. else
  575. {
  576. // error!
  577. hr = E_INVALIDARG;
  578. }
  579. }
  581. StripDN(sSourceDN);
  582. StripDN(sTargetRDN);
  583. StripDN(sTargetContainer);
  585. berval Value;
  586. // this call will just do the source domain checks, so pass in NULL for the target domain
  587. Value.bv_val = NULL;
  588. Value.bv_len = 0;
  590. LDAPControl ServerControl;
  591. LDAPControl * ServerControls[2];
  592. LDAPControl * ClientControls = NULL;
  594. ServerControl.ldctl_oid = LDAP_SERVER_CROSSDOM_MOVE_TARGET_OID_W;
  595. ServerControl.ldctl_value = Value;
  596. ServerControl.ldctl_iscritical = TRUE;
  598. ServerControls[0] = NULL;
  599. ServerControls[0] = &ServerControl;
  600. ServerControls[1] = NULL;
  602. /*
  603. DstDSA = dns name of dc
  604. Dn = distinguished name of object to be moved
  605. NewRdn = relative distinguished name of object
  606. NewParent = distinguished name of new parent container
  607. ServerControls= specify the LDAP operational control for cross domain move
  608. */
  609. DWORD ldaprc = ldap_rename_ext_s(m_srcLD,
  610. sSourceDN,
  611. targetRDN,
  612. sTargetContainer,
  613. TRUE,
  614. ServerControls,
  615. &ClientControls
  616. );
  618. DWORD winrc = 0;
  619. ULONG error;
  620. ULONG result;
  621. WCHAR logFile[LEN_Path];
  623. if ( ldaprc )
  624. {
  625. result = ldap_get_option(m_srcLD, LDAP_OPT_SERVER_EXT_ERROR,&error);
  626. if (! result )
  627. {
  628. winrc = error;
  629. }
  630. else
  631. {
  632. err.DbgMsgWrite(0,L"Failed to get extended error, result=%ld",result);
  633. winrc = LdapMapErrorToWin32(ldaprc);
  634. }
  635. }
  637. if ( MoverTraceLogging(logFile) )
  638. {
  639. err.LogOpen(logFile,1);
  640. }
  642. err.DbgMsgWrite(0,L"\nMoveObject(sSourceDN=%ls\n,sTargetRDN=%ls\n,sTargetContainer=%ls\n,pTargetDSA=%S) rc=%ld,ldapRC=%ld,result=%ld",
  643. sSourceDN,targetRDN,sTargetContainer,pTgtDSA,winrc,ldaprc,result);
  645. err.LogClose();
  647. free(pTgtDSA);
  649. if ( SUCCEEDED(winrc))
  650. return HRESULT_FROM_WIN32(winrc);
  651. else
  652. return winrc;
  653. }