archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
0 Tags
2.0 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-xp/Source/XPSP1/NT/ds/security/tools/setspn/setspn.c

622 lines
14 KiB
Raw Permalink Normal View History

Add source files
4 years ago
  1. //+---------------------------------------------------------------------------
  2. //
  3. // Microsoft Windows
  4. // Copyright (C) Microsoft Corporation, 1992 - 1997.
  5. //
  6. // File: setspn.c
  7. //
  8. // Contents:
  9. //
  10. // Classes:
  11. //
  12. // Functions:
  13. //
  14. // History: 7-30-98 RichardW Created
  15. // 8-10-99 JBrezak Turned into setspn added list capability
  16. // 09-22-99 Jaroslad support for adding/removing arbitrary SPNs
  17. //
  18. //----------------------------------------------------------------------------
  20. #include <nt.h>
  21. #include <ntrtl.h>
  22. #include <nturtl.h>
  23. #include <windows.h>
  24. #define SECURITY_WIN32
  25. #include <rpc.h>
  26. #include <sspi.h>
  27. #include <secext.h>
  28. #include <lm.h>
  29. #include <winsock2.h>
  30. #include <dsgetdc.h>
  31. #include <dsgetdcp.h>
  32. #include <ntdsapi.h>
  33. #include <ntdsapip.h> // private DS_NAME_FORMATS
  34. #include <stdio.h>
  35. #include <winldap.h>
  36. #include <shlwapi.h>
  38. DWORD debug = 0;
  40. BOOL AddSpn(PWSTR Service, PWSTR Server);
  42. BOOL
  43. FindDomainForAccount(
  44. PWSTR Server,
  45. PWSTR DomainToCheck,
  46. PWSTR Domain,
  47. PWSTR DC
  48. )
  49. {
  50. ULONG NetStatus ;
  51. PDOMAIN_CONTROLLER_INFO DcInfo ;
  52. WCHAR LocalServerName[ 64 ];
  54. wcsncpy( LocalServerName, Server, 63 );
  55. wcscat( LocalServerName, L"$" );
  57. NetStatus = DsGetDcNameWithAccountW(
  58. NULL,
  59. LocalServerName,
  60. UF_ACCOUNT_TYPE_MASK,
  61. DomainToCheck,
  62. NULL,
  63. NULL,
  64. DS_DIRECTORY_SERVICE_REQUIRED |
  65. DS_RETURN_FLAT_NAME,
  66. &DcInfo );
  68. if ( NetStatus == 0 )
  69. {
  70. wcscat( Server, L"$" );
  71. wcscpy( Domain, DcInfo->DomainName );
  73. if (DC)
  74. {
  75. wcscpy( DC, &DcInfo->DomainControllerName[2] );
  77. }
  79. NetApiBufferFree( DcInfo );
  81. return TRUE ;
  82. }
  84. NetStatus = DsGetDcNameWithAccountW(
  85. NULL,
  86. Server,
  87. UF_ACCOUNT_TYPE_MASK,
  88. DomainToCheck,
  89. NULL,
  90. NULL,
  91. DS_DIRECTORY_SERVICE_REQUIRED |
  92. DS_RETURN_FLAT_NAME,
  93. &DcInfo );
  95. if ( NetStatus == 0 )
  96. {
  97. wcscpy( Domain, DcInfo->DomainName );
  99. if (DC)
  100. {
  101. wcscpy( DC, &DcInfo->DomainControllerName[2] );
  103. }
  105. NetApiBufferFree( DcInfo );
  107. return TRUE ;
  108. }
  110. return FALSE ;
  112. }
  114. BOOL
  115. AddHostSpn(
  116. PWSTR Server
  117. )
  118. {
  119. return (AddSpn(L"HOST", Server));
  120. }
  123. BOOL
  124. AddSpn(
  125. PWSTR Service,
  126. PWSTR Server
  127. )
  128. {
  129. WCHAR HostSpn[ 64 ];
  130. WCHAR FlatSpn[ 64 ];
  131. WCHAR Domain[ MAX_PATH ];
  132. WCHAR FlatName[ 64 ];
  133. HANDLE hDs ;
  134. ULONG NetStatus ;
  135. PDS_NAME_RESULT Result ;
  136. LPWSTR Flat = FlatName;
  137. LPWSTR Spns[2];
  138. WCHAR LocalServerName[ 64 ];
  140. wcsncpy( LocalServerName, Server, sizeof(LocalServerName)/sizeof(LocalServerName[0]) );
  142. if ( !FindDomainForAccount( LocalServerName, L"", Domain, NULL ))
  143. {
  144. fprintf(stderr,
  145. "Could not find account %ws\n", LocalServerName );
  146. return FALSE;
  147. }
  149. wcscpy( FlatName, Domain );
  150. wcscat( FlatName, L"\\" );
  151. wcscat( FlatName, LocalServerName );
  153. NetStatus = DsBind( NULL, Domain, &hDs );
  155. if ( NetStatus != 0 )
  156. {
  157. fprintf(stderr,
  158. "Failed to bind to DC of domain %ws, %#x\n",
  159. Domain, NetStatus );
  160. return FALSE ;
  161. }
  163. NetStatus = DsCrackNames(
  164. hDs,
  165. 0,
  166. DS_NT4_ACCOUNT_NAME,
  167. DS_FQDN_1779_NAME,
  168. 1,
  169. &Flat,
  170. &Result );
  172. if ( NetStatus != 0 ||
  173. Result->rItems[0].status != DS_NAME_NO_ERROR ||
  174. Result->cItems != 1)
  175. {
  176. fprintf(stderr,
  177. "Failed to crack name %ws into the FQDN, (%d) %d %#x\n",
  178. FlatName, NetStatus, Result->cItems,
  179. (Result->cItems==1)?Result->rItems[0].status:-1 );
  181. DsUnBind( &hDs );
  183. return FALSE ;
  184. }
  186. wsprintf( HostSpn, L"%s/%s.%s", Service, Server, Domain );
  187. wsprintf( FlatSpn, L"%s/%s", Service, Server );
  188. Spns[0] = HostSpn;
  189. Spns[1] = FlatSpn;
  191. printf("Registering ServicePrincipalNames for %ws\n",
  192. Result->rItems[0].pName);
  193. printf("\t%ws\n", HostSpn);
  194. printf("\t%ws\n", FlatSpn);
  196. #if 0
  197. printf("DsWriteAccountSpn: Commented out\n");
  198. #else
  199. NetStatus = DsWriteAccountSpn(
  200. hDs,
  201. DS_SPN_ADD_SPN_OP,
  202. Result->rItems[0].pName,
  203. 2,
  204. Spns );
  207. if ( NetStatus != 0 )
  208. {
  209. fprintf(stderr,
  210. "Failed to assign SPN to account '%ws', %#x\n",
  211. Result->rItems[0].pName, NetStatus );
  212. return FALSE;
  213. }
  214. #endif
  215. DsFreeNameResult( Result );
  217. DsUnBind( &hDs );
  219. return NetStatus == 0 ;
  220. }
  222. // added by jaroslad on 09/22/99
  223. BOOL
  224. AddRemoveSpn(
  225. PWSTR HostSpn,
  226. PWSTR HostDomain,
  227. PWSTR Server,
  228. DS_SPN_WRITE_OP Operation
  230. )
  231. {
  232. WCHAR FlatSpn[ MAX_PATH ];
  233. WCHAR Domain[ MAX_PATH ];
  234. WCHAR FlatName[ MAX_PATH ];
  235. HANDLE hDs ;
  236. ULONG NetStatus ;
  237. PDS_NAME_RESULT Result ;
  238. LPWSTR Flat = FlatName;
  239. LPWSTR Spns[2];
  241. if ( !FindDomainForAccount( Server, HostDomain, Domain, NULL ))
  242. {
  243. fprintf(stderr,
  244. "Unable to locate account %ws\n", Server);
  245. return FALSE ;
  246. }
  248. wcscpy( FlatName, Domain );
  249. wcscat( FlatName, L"\\" );
  250. wcscat( FlatName, Server );
  252. NetStatus = DsBind( NULL, Domain, &hDs );
  253. if ( NetStatus != 0 )
  254. {
  255. fprintf(stderr,
  256. "Failed to bind to DC of domain %ws, %#x\n",
  257. Domain, NetStatus );
  258. return FALSE ;
  259. }
  261. NetStatus = DsCrackNames(
  262. hDs,
  263. 0,
  264. DS_NT4_ACCOUNT_NAME,
  265. DS_FQDN_1779_NAME,
  266. 1,
  267. &Flat,
  268. &Result );
  270. if ( NetStatus != 0 ||
  271. Result->rItems[0].status != DS_NAME_NO_ERROR ||
  272. Result->cItems != 1)
  273. {
  274. fprintf(stderr,
  275. "Failed to crack name %ws into the FQDN, (%d) %d %#x\n",
  276. FlatName, NetStatus, Result->cItems,
  277. (Result->cItems==1)?Result->rItems[0].status:-1 );
  279. DsUnBind( &hDs );
  281. return FALSE ;
  282. }
  284. Spns[0] = HostSpn;
  286. printf("%s ServicePrincipalNames for %ws\n",
  287. (Operation==DS_SPN_DELETE_SPN_OP)?"Unregistering":"Registering", Result->rItems[0].pName);
  288. printf("\t%ws\n", HostSpn);
  290. #if 0
  291. printf("DsWriteAccountSpn: Commented out\n");
  292. #else
  293. NetStatus = DsWriteAccountSpn(
  294. hDs,
  295. Operation,
  296. Result->rItems[0].pName,
  297. 1,
  298. Spns );
  301. if ( NetStatus != 0 )
  302. {
  303. fprintf(stderr,
  304. "Failed to %s SPN on account '%ws', %#x\n",
  305. (Operation==DS_SPN_DELETE_SPN_OP)?"remove":"assign",
  306. Result->rItems[0].pName, NetStatus );
  307. return FALSE;
  308. }
  309. #endif
  311. DsFreeNameResult( Result );
  313. DsUnBind( &hDs );
  315. return NetStatus == 0 ;
  316. }
  319. BOOL
  320. LookupHostSpn(
  321. PWSTR ServerDomain,
  322. PWSTR Server
  323. )
  324. {
  325. WCHAR FlatName[ 128 ];
  326. HANDLE hDs ;
  327. ULONG NetStatus ;
  328. PDS_NAME_RESULT Result ;
  329. LPWSTR Flat = FlatName;
  330. LDAP *ld;
  331. int rc;
  332. LDAPMessage *e, *res;
  333. WCHAR *base_dn;
  334. WCHAR *search_dn, search_ava[256];
  335. WCHAR Domain[ MAX_PATH ];
  336. WCHAR DC[ MAX_PATH ];
  338. if ( !FindDomainForAccount( Server, ServerDomain, Domain, DC ))
  339. {
  340. fprintf(stderr, "Cannot find account %S\n", Server);
  341. return FALSE ;
  342. }
  344. if (debug)
  345. printf("Domain=%S DC=%S\n", Domain, DC);
  347. ld = ldap_open(DC, LDAP_PORT);
  348. if (ld == NULL) {
  349. fprintf(stderr, "ldap_init failed = %x", LdapGetLastError());
  350. return FALSE;
  351. }
  353. rc = ldap_bind_s(ld, NULL, NULL, LDAP_AUTH_NEGOTIATE);
  354. if (rc != LDAP_SUCCESS) {
  355. fprintf(stderr, "ldap_bind failed = %x", LdapGetLastError());
  356. ldap_unbind(ld);
  357. return FALSE;
  358. }
  360. NetStatus = DsBind( NULL, Domain, &hDs );
  361. if ( NetStatus != 0 )
  362. {
  363. fprintf(stderr, "Failed to bind to DC of domain %ws, %#x\n",
  364. Domain, NetStatus );
  365. return FALSE ;
  366. }
  368. wcscpy( FlatName, Domain );
  369. wcscat( FlatName, L"\\" );
  370. wcscat( FlatName, Server );
  372. NetStatus = DsCrackNames(
  373. hDs,
  374. 0,
  375. DS_NT4_ACCOUNT_NAME,
  376. DS_FQDN_1779_NAME,
  377. 1,
  378. &Flat,
  379. &Result );
  381. if ( NetStatus != 0 ||
  382. Result->rItems[0].status != DS_NAME_NO_ERROR ||
  383. Result->cItems != 1)
  384. {
  385. if (Result->rItems[0].status == DS_NAME_ERROR_NOT_FOUND)
  386. {
  387. fprintf(stderr,
  388. "Requested name \"%ws\" not found in directory.\n",
  389. FlatName);
  390. }
  391. else if (Result->rItems[0].status == DS_NAME_ERROR_NOT_UNIQUE)
  392. {
  393. fprintf(stderr,
  394. "Requested name \"%ws\" not unique in directory.\n",
  395. FlatName);
  396. }
  397. else
  398. fprintf(stderr,
  399. "Failed to crack name %ws into the FQDN, (%d) %d %#x\n",
  400. FlatName, NetStatus, Result->cItems,
  401. (Result->cItems==1)?Result->rItems[0].status:-1 );
  403. DsUnBind( &hDs );
  405. return FALSE ;
  406. }
  408. search_dn = Server;
  410. base_dn = StrChr(Result->rItems[0].pName, L',');
  411. if (!base_dn)
  412. base_dn = Result->rItems[0].pName;
  413. else
  414. base_dn++;
  416. if (debug) {
  417. printf("BASE_DN=%S\n", base_dn);
  418. printf("SEARCH_DN=%S\n", search_dn);
  419. }
  421. DsUnBind( &hDs );
  423. wsprintf(search_ava, L"(sAMAccountName=%s)", search_dn);
  424. if (debug)
  425. printf("FILTER=\"%S\"\n", search_ava);
  426. rc = ldap_search_s(ld, base_dn, LDAP_SCOPE_SUBTREE,
  427. search_ava, NULL, 0, &res);
  429. DsFreeNameResult( Result );
  431. if (rc != LDAP_SUCCESS) {
  432. fprintf(stderr, "ldap_search_s failed: %S", ldap_err2string(rc));
  433. ldap_unbind(ld);
  434. return 1;
  435. }
  437. for (e = ldap_first_entry(ld, res);
  438. e;
  439. e = ldap_next_entry(ld, e)) {
  440. BerElement *b;
  441. WCHAR *attr;
  442. WCHAR *dn = ldap_get_dn(ld, res);
  444. printf("Registered ServicePrincipalNames");
  445. if (dn)
  446. printf(" for %S", dn);
  447. printf(":\n");
  449. ldap_memfree(dn);
  451. for (attr = ldap_first_attribute(ld, e, &b);
  452. attr;
  453. attr = ldap_next_attribute(ld, e, b)) {
  454. WCHAR **values, **p;
  455. values = ldap_get_values(ld, e, attr);
  456. for (p = values; *p; p++) {
  457. if (StrCmp(attr, L"servicePrincipalName") == 0)
  458. printf(" %S\n", *p);
  459. }
  460. ldap_value_free(values);
  461. ldap_memfree(attr);
  462. }
  464. //ber_free(b, 1);
  465. }
  467. ldap_msgfree(res);
  468. ldap_unbind(ld);
  470. return TRUE;
  471. }
  473. void Usage( PWSTR name)
  474. {
  475. printf("\
  476. Usage: %S [switches data] computername \n\
  477. Where \"computername\" can be the name or domain\\name\n\
  478. \n\
  479. Switches:\n\
  480. -R = reset HOST ServicePrincipalName\n\
  481. Usage: setspn -R computername\n\
  482. -A = add arbitrary SPN \n\
  483. Usage: setspn -A SPN computername\n\
  484. -D = delete arbitrary SPN \n\
  485. Usage: setspn -D SPN computername\n\
  486. -L = list registered SPNs \n\
  487. Usage: setspn [-L] computername \n\
  488. Examples: \n\
  489. setspn -R daserver1 \n\
  490. It will register SPN \"HOST/daserver1\" and \"HOST/{DNS of daserver1}\" \n\
  491. setspn -A http/daserver daserver1 \n\
  492. It will register SPN \"http/daserver\" for computer \"daserver1\" \n\
  493. setspn -D http/daserver daserver1 \n\
  494. It will delete SPN \"http/daserver\" for computer \"daserver1\" \n\
  495. ", name);
  496. ExitProcess(0);
  497. }
  499. void __cdecl wmain (int argc, wchar_t *argv[])
  500. {
  501. int resetSPN = FALSE, addSPN = FALSE, deleteSPN = FALSE, listSPN = TRUE;
  502. UNICODE_STRING Service, Host,HostSpn, HostDomain ;
  503. wchar_t *ptr;
  504. int i;
  505. DS_SPN_WRITE_OP Operation;
  506. PWSTR Scan;
  507. DWORD Status = 1;
  509. for (i = 1; i < argc; i++)
  510. {
  511. if ((argv[i][0] == L'-') || (argv[i][0] == L'/'))
  512. {
  513. for (ptr = (argv[i] + 1); *ptr; ptr++)
  514. {
  515. switch(towupper(*ptr))
  516. {
  517. case L'R':
  518. resetSPN = TRUE;
  519. break;
  520. case L'A':
  521. addSPN = TRUE;
  522. break;
  523. case L'D':
  524. deleteSPN = TRUE;
  525. break;
  526. case L'L':
  527. listSPN = TRUE;
  528. break;
  529. case L'V':
  530. debug = TRUE;
  531. break;
  532. case L'?':
  533. default:
  534. Usage(argv[0]);
  535. break;
  536. }
  537. }
  538. }
  539. else
  540. break;
  541. }
  544. if ( resetSPN )
  545. {
  546. if ( ( argc - i ) != 1 )
  547. {
  548. Usage( argv[0] );
  549. }
  551. RtlInitUnicodeString( &Host, argv[i] );
  553. if ( AddHostSpn( Host.Buffer ) )
  554. {
  555. printf("Updated object\n");
  556. Status = 0;
  557. }
  558. }
  559. else if ( addSPN || deleteSPN )
  560. {
  561. if ( ( argc - i ) != 2 )
  562. {
  563. Usage( argv[0] );
  564. }
  566. RtlInitUnicodeString( &HostSpn, argv[i] );
  568. Scan = argv[ i + 1 ];
  570. if ( Scan = wcschr( Scan, L'\\' ) )
  571. {
  572. *Scan++ = L'\0';
  573. RtlInitUnicodeString( &HostDomain, argv[i+1] );
  574. RtlInitUnicodeString( &Host, Scan );
  575. }
  576. else
  577. {
  578. RtlInitUnicodeString( &HostDomain, L"" );
  579. RtlInitUnicodeString( &Host, argv[ i + 1 ] );
  580. }
  582. if ( addSPN )
  583. Operation = DS_SPN_ADD_SPN_OP;
  585. if ( deleteSPN )
  586. Operation = DS_SPN_DELETE_SPN_OP;
  588. if ( AddRemoveSpn( HostSpn.Buffer, HostDomain.Buffer, Host.Buffer, Operation) )
  589. {
  590. printf("Updated object\n");
  591. Status = 0;
  592. }
  593. }
  594. else if ( listSPN )
  595. {
  596. if ( ( argc - i ) != 1 )
  597. {
  598. Usage( argv[0] );
  599. }
  601. Scan = argv[ i ];
  603. if ( Scan = wcschr( Scan, L'\\' ) )
  604. {
  605. *Scan++ = L'\0';
  606. RtlInitUnicodeString( &HostDomain, argv[ i ] );
  607. RtlInitUnicodeString( &Host, Scan );
  608. }
  609. else
  610. {
  611. RtlInitUnicodeString( &HostDomain, L"" );
  612. RtlInitUnicodeString( &Host, argv[ i ] );
  613. }
  615. if (LookupHostSpn( HostDomain.Buffer, Host.Buffer ))
  616. {
  617. Status = 0;
  618. }
  619. }
  621. ExitProcess(Status);
  622. }