|
|
/*Copyright (c) 1995-1999, Mission Critical Software, Inc. All rights reserved.
===============================================================================Module - SecTranslator.cppSystem - Domain Consolidation Toolkit.Author - Christy BolesCreated - 97/06/27Description - COM object that controls the security translation process. Reads the settings for the translation and performs the necessary operations.
Updates -===============================================================================*/// SecTranslator.cpp : Implementation of CSecTranslator
#include "stdafx.h"
#include "WorkObj.h"
#include "SecTrans.h"
#include "Mcs.h"
#include "EaLen.hpp"
#include "BkupRstr.hpp"
#include "exchange.hpp"
#include "ErrDct.hpp"
#include "MapiProf.hpp"
#include "SDStat.hpp"
#include "sd.hpp"
#include "SecObj.hpp"
#include "LGTrans.h"
#include "RightsTr.h"
#include "RegTrans.h"
#include "RebootU.h"
#include "TReg.hpp"
#include "TxtSid.h"
#include "LSAUtils.h"
//#import "\bin\DBManager.tlb" no_namespace, named_guids
#import "DBMgr.tlb" no_namespace, named_guids
#include "varset_i.c"
#ifdef _DEBUG
#define new DEBUG_NEW
#undef THIS_FILE
static char THIS_FILE[] = __FILE__;#endif
#ifndef IStatusObjPtr
_COM_SMARTPTR_TYPEDEF(IStatusObj, __uuidof(IStatusObj));#endif
/////////////////////////////////////////////////////////////////////////////
// CSecTranslator
#define BACKUP_FAILED 5
#define BAD_PATH 6
#define BAD_LOG 2
#define LEN_SID 200
extern TErrorDct err;
// Defined in EnumVols.cpp
bool // ret -true if name begins with "\\" has at least 3 total chars, and no other '\'
IsMachineName( const LPWSTR name // in -possible machine name to check
);
DWORD // ret- OS return code
GetProgramFilesDirectory( WCHAR * directory, // out- location of program files directory
WCHAR const * computer // in - computer to find PF directory on
){ TRegKey hklm; TRegKey key; DWORD rc;
rc = hklm.Connect(HKEY_LOCAL_MACHINE,computer); if ( ! rc ) { rc = key.Open(L"SOFTWARE\\Microsoft\\Windows\\CurrentVersion",&hklm); } if ( !rc ) { rc = key.ValueGetStr(L"ProgramFilesDir",directory,MAX_PATH * (sizeof WCHAR)); } return rc;}
BOOL IsLocallyInstalled(){ BOOL bFound; TRegKey key; DWORD rc;
rc = key.Open(GET_STRING(IDS_HKLM_DomainAdmin_Key)); if ( ! rc ) { bFound = TRUE; } else { bFound = FALSE; } return bFound;}
DWORD // ret- OS return code
GetLocalMachineName(WCHAR * computer){ DWORD rc = 0; WKSTA_INFO_100 * buf = NULL;
rc = NetWkstaGetInfo(NULL,100,(LPBYTE*)&buf); if ( ! rc ) { UStrCpy(computer,L"\\\\"); UStrCpy(computer+2,buf->wki100_computername); NetApiBufferFree(buf); } return rc;}
BOOL IsThisDispatcherMachine(IVarSet * pVarSet){ BOOL bIsIt = FALSE; _bstr_t dispatcher = pVarSet->get(GET_BSTR(DCTVS_Options_Credentials_Server)); WCHAR localComputer[LEN_Computer] = L""; GetLocalMachineName(localComputer);
if ( ! UStrICmp(dispatcher,localComputer) ) { bIsIt = TRUE; } return bIsIt;}
class TSession : public TNode{ WCHAR server[LEN_Computer];public: TSession(WCHAR const * s) { safecopy(server,s); } WCHAR const * ServerName() { return server;} };
BOOL CSecTranslator::EstablishASession( WCHAR const * serverName // in - computer to establish a session to
){ BOOL bSuccess = TRUE; TSession * pSession = new TSession(serverName);
if ( EstablishSession(serverName,m_domain,m_username,m_password,TRUE) ) { m_ConnectionList.InsertBottom(pSession); } else { delete pSession; bSuccess = FALSE; err.SysMsgWrite(ErrW,GetLastError(),DCT_MSG_NO_SESSION_SD,serverName,GetLastError()); } return bSuccess;}
void CSecTranslator::CleanupSessions(){ TNodeListEnum e; TSession * s; TSession * snext;
for ( s = (TSession*)e.OpenFirst(&m_ConnectionList) ; s ; s = snext ) { snext = (TSession*) e.Next(); m_ConnectionList.Remove(s); // close the session
EstablishSession(s->ServerName(),NULL,NULL,NULL,FALSE); delete s; } e.Close();
}
STDMETHODIMP CSecTranslator::Process( IUnknown * pWorkItem // in - varset describing translation options
){ HRESULT hr = S_OK; IVarSetPtr pVarSet = pWorkItem; IStatusObjPtr pStatus = pVarSet->get(GET_BSTR(DCTVS_StatusObject)); BOOL bReallyDoEverything = FALSE; // this (though not implemented yet) can be used
// to provide a way to override the default behavior
// of only processing file, etc. security when running as
// local system. This would allow selective translation of items
// on the local machine
_bstr_t text = pVarSet->get(GET_BSTR(DCTVS_Options_Logfile)); m_Args.LogFile(text);
// Open the log file
// use append mode since other processes may also be using this file
if ( ! err.LogOpen(m_Args.LogFile(),1 /*append*/,0) ) { return HRESULT_FROM_WIN32(ERROR_FILE_NOT_FOUND); }
LoadSettingsFromVarSet(pVarSet);
// Set up the cache
TSDResolveStats stat(m_Args.Cache(),m_Args.PathList(),pVarSet);
if ( pStatus ) { m_Args.Cache()->SetStatusObject(pStatus); }
if ( m_Args.Cache()->IsTree() ) { m_Args.Cache()->ToSorted(); } m_Args.Cache()->SortedToScrambledTree(); m_Args.Cache()->Sort(&RidComp); m_Args.Cache()->Balance(); m_Args.Cache()->UnCancel(); // Verify that the Cache got the source and target domain information it needs
if ( ! m_Args.Cache()->IsInitialized() ) { err.MsgWrite(ErrS,DCT_MSG_NO_CACHE_INFO); } else// if (1)
{ if ( m_Args.IsLocalSystem() || bReallyDoEverything ) {// Do the required translations
if ( m_Args.TranslateFiles() || m_Args.TranslateShares() || m_Args.TranslatePrinters() || m_Args.TranslateRecycler() ) { // This runs the old FST code
pVarSet->put(GET_BSTR(DCTVS_CurrentOperation),GET_BSTR(IDS_FST_OPERATION_TEXT)); DoResolution(&stat); }
if ( m_Args.TranslateLocalGroups() ) { pVarSet->put(GET_BSTR(DCTVS_CurrentOperation),GET_BSTR(IDS_LGST_OPERATION_TEXT)); DoLocalGroupResolution(&stat); }
if ( m_Args.TranslateUserRights() ) { pVarSet->put(GET_BSTR(DCTVS_CurrentOperation),GET_BSTR(IDS_URST_OPERATION_TEXT)); DoUserRightsTranslation(&stat); }
if ( m_Args.TranslateRegistry() ) { pVarSet->put(GET_BSTR(DCTVS_CurrentOperation),GET_BSTR(IDS_REGST_OPERATION_TEXT)); GetBkupRstrPriv((WCHAR*)NULL); GetPrivilege((WCHAR*)NULL,SE_SECURITY_NAME); TranslateRegistry(NULL,&m_Args,m_Args.Cache(),&stat); } if ( m_Args.TranslateUserProfiles() ) { GetBkupRstrPriv((WCHAR*)NULL); GetPrivilege((WCHAR*)NULL,SE_SECURITY_NAME); TranslateLocalProfiles(&m_Args,m_Args.Cache(),&stat); } } else { // do exchange translation
if ( m_Args.TranslateMailboxes() || m_Args.TranslateContainers() ) { // This will run the old EST code
pVarSet->put(GET_BSTR(DCTVS_CurrentOperation),GET_BSTR(IDS_EST_OPERATION_TEXT)); DoExchangeResolution(&stat,pVarSet); } } } pVarSet->put(GET_BSTR(DCTVS_CurrentOperation),""); ExportStatsToVarSet(pVarSet,&stat);
if ( *m_CacheFile ) { BuildCacheFile(m_CacheFile); }
// Record whether errors occurred
long level = pVarSet->get(GET_BSTR(DCTVS_Results_ErrorLevel)); if ( level < err.GetMaxSeverityLevel() ) { pVarSet->put(GET_BSTR(DCTVS_Results_ErrorLevel),(LONG)err.GetMaxSeverityLevel()); } err.LogClose(); CleanupSessions(); return hr;}
void CSecTranslator::LoadSettingsFromVarSet( IVarSet * pVarSet // in - varset containing settings
){ MCSASSERT(pVarSet); _bstr_t text; _bstr_t text2; DWORD val;
try { m_Args.Reset();
text = pVarSet->get(GET_BSTR(DCTVS_Options_LocalProcessingOnly)); if ( !UStrICmp(text,GET_STRING(IDS_YES)) ) { err.MsgWrite(0,DCT_MSG_LOCAL_MODE); m_LocalOnly = TRUE; m_Args.SetLocalMode(TRUE); text = pVarSet->get(GET_BSTR(DCTVS_Options_SourceDomainSid)); safecopy(m_SourceSid,(WCHAR const *)text); text = pVarSet->get(GET_BSTR(DCTVS_Options_TargetDomainSid)); safecopy(m_TargetSid,(WCHAR const *)text); }
text = pVarSet->get(GET_BSTR(DCTVS_Options_SourceDomain)); m_Args.Source(text);
text = pVarSet->get(GET_BSTR(DCTVS_Options_TargetDomain)); m_Args.Target(text);
val = (LONG)pVarSet->get(GET_BSTR(DCTVS_Options_LogLevel)); if ( val ) m_Args.SetLogging(val); val = (LONG)pVarSet->get(L"Security.DebugLogLevel"); if ( val ) m_Args.SetLogging(val);
text = pVarSet->get(GET_BSTR(DCTVS_Options_NoChange)); if ( ! UStrICmp(text,GET_STRING(IDS_YES)) ) { m_Args.SetWriteChanges(FALSE); } else { m_Args.SetWriteChanges(TRUE); } text = pVarSet->get(GET_BSTR(DCTVS_Security_TranslationMode));
if ( !UStrICmp(text,GET_STRING(IDS_Add)) ) { m_Args.SetTranslationMode(ADD_SECURITY); } else if (! UStrICmp(text,GET_STRING(IDS_Replace)) ) { m_Args.SetTranslationMode(REPLACE_SECURITY); } else if ( ! UStrICmp(text,GET_STRING(IDS_Remove)) ) { m_Args.SetTranslationMode(REMOVE_SECURITY); } else { // Incorrect value - don't need to log this, just use replace
// the log will show replace as the translation mode
// err.MsgWrite(ErrE,DCT_MSG_BAD_TRANSLATION_MODE_S,(WCHAR*)text);
}
text = pVarSet->get(GET_BSTR(DCTVS_Security_TranslateFiles)); if ( !UStrICmp(text,GET_STRING(IDS_YES)) ) { m_Args.TranslateFiles(TRUE); } else { m_Args.TranslateFiles(FALSE); }
text = pVarSet->get(GET_BSTR(DCTVS_Security_TranslateShares)); if ( ! UStrICmp(text,GET_STRING(IDS_YES)) ) { m_Args.TranslateShares(TRUE); } else { m_Args.TranslateShares(FALSE); } text = pVarSet->get(GET_BSTR(DCTVS_Security_TranslatePrinters)); if ( ! UStrICmp(text,GET_STRING(IDS_YES)) ) { m_Args.TranslatePrinters(TRUE); } else { m_Args.TranslatePrinters(FALSE); } text = pVarSet->get(GET_BSTR(DCTVS_Security_TranslateUserProfiles)); if ( ! UStrICmp(text,GET_STRING(IDS_YES)) ) { m_Args.TranslateUserProfiles(TRUE); m_Args.TranslateRecycler(TRUE); } else { m_Args.TranslateUserProfiles(FALSE); m_Args.TranslateRecycler(FALSE); } text = pVarSet->get(GET_BSTR(DCTVS_Security_TranslateLocalGroups)); if ( !UStrICmp(text,GET_STRING(IDS_YES)) ) { m_Args.TranslateLocalGroups(TRUE); } else { m_Args.TranslateLocalGroups(FALSE); }
text = pVarSet->get(GET_BSTR(DCTVS_Security_TranslateRegistry)); if (! UStrICmp(text,GET_STRING(IDS_YES)) ) { m_Args.TranslateRegistry(TRUE); } else { m_Args.TranslateRegistry(FALSE); }
val = (LONG)pVarSet->get(GET_BSTR(DCTVS_Servers_NumItems)); for ( int i = 0 ; i < (int)val ; i++ ) { WCHAR key[MAX_PATH]; DWORD flags = 0; _bstr_t bStr;
swprintf(key,GET_STRING(DCTVSFmt_Servers_D),i);
bStr = key;
text = pVarSet->get(bStr); if ( text.length() ) { m_Args.PathList()->AddPath(text,flags); } } text = pVarSet->get(GET_BSTR(DCTVS_Security_GatherInformation)); if ( !UStrICmp(text,GET_STRING(IDS_YES)) ) { m_Args.Cache()->AddIfNotFound(TRUE); m_Args.SetWriteChanges(FALSE); m_Args.SetLogging(m_Args.LogSettings() & ~FILESTATS); } else { m_Args.Cache()->AddIfNotFound(FALSE); }
// Exchange Security Translation settings
text = pVarSet->get(GET_BSTR(DCTVS_Security_TranslateMailboxes)); if ( text.length() ) { m_Args.TranslateMailboxes(TRUE); safecopy(m_Container,(WCHAR*)text);
text = pVarSet->get(GET_BSTR(DCTVS_Security_MapiProfile)); safecopy(m_Profile,(WCHAR*)text);
} else { m_Args.TranslateMailboxes(FALSE); }
text = pVarSet->get(GET_BSTR(DCTVS_Security_TranslateContainers)); if ( text.length() ) { m_Args.TranslateContainers(TRUE); if ( ((WCHAR*)text)[0] == L'\\' && ((WCHAR*)text)[1] == L'\\' ) safecopy(m_exchServer,(WCHAR*)text+2); else safecopy(m_exchServer,(WCHAR*)text); } else { m_Args.TranslateContainers(FALSE); } text = pVarSet->get(GET_BSTR(DCTVS_Security_TranslateUserRights)); if ( !UStrICmp(text,GET_STRING(IDS_YES)) ) { m_Args.TranslateUserRights(TRUE); } text = pVarSet->get(GET_BSTR(DCTVS_Security_BuildCacheFile)); if ( text.length() ) { safecopy(m_CacheFile,(WCHAR*)text); } // Check for inconsistent arguments
// Load the cache
// There are 4 possible ways to populate the cache
// 1. Use the list from the migrated objects table in our database
// 2. We are given a list of accounts in the VarSet, under "Accounts.". This allows for renaming, but requires the most space
// 3. We are given an input file that was generated by AR, in "Accounts.InputFile". This also allows for renaming, with less overall memory use.
// 4. We are given a sid mapping, comma-seperated, file with source and target sids.
text = pVarSet->get(GET_BSTR(DCTVS_Security_BuildCacheFile)); text2 = pVarSet->get(GET_BSTR(DCTVS_AccountOptions_SecurityInputMOT)); //if list is in the migrated objects table
if ((!m_LocalOnly) && (!UStrICmp(text2,GET_STRING(IDS_YES)))) { LoadMigratedObjects(pVarSet); } //else if a sid mapping file is being used
else if ((!m_LocalOnly) && (UStrICmp(text2,GET_STRING(IDS_YES)))) { m_Args.SetUsingMapFile(TRUE); //set the arg flag to indicate use of map file
text2 = pVarSet->get(GET_BSTR(DCTVS_AccountOptions_SecurityMapFile)); LoadCacheFromMapFile(text2, pVarSet); } // took out the not because gather information sets this to false.
//else if ( !m_Args.Cache()->AddIfNotFound() ) // skip loading the cache if we're gathering information
else if ( m_Args.Cache()->AddIfNotFound() ) // skip loading the cache if we're gathering information
{ if ( m_LocalOnly ) { m_Args.Cache()->SetSourceAndTargetDomainsWithSids(m_Args.Source(),m_SourceSid,m_Args.Target(),m_TargetSid); } else { m_Args.Cache()->SetSourceAndTargetDomains(m_Args.Source(),m_Args.Target()); } } else { text = pVarSet->get(GET_BSTR(DCTVS_Accounts_InputFile)); if ( text.length() ) { LoadCacheFromFile(text,pVarSet); } else { LoadCacheFromVarSet(pVarSet); } } } catch ( ... ) { err.MsgWrite(ErrS,DCT_MSG_EXCEPTION_READING_VARSET); throw; }} void CSecTranslator::ExportStatsToVarSet( IVarSet * pVarSet, // in - varset to write stats to
TSDResolveStats * stat // in - object containing stats
){ _bstr_t filename; _bstr_t domain = pVarSet->get(GET_BSTR(DCTVS_Options_Credentials_Domain)); _bstr_t username = pVarSet->get(GET_BSTR(DCTVS_Options_Credentials_UserName)); _bstr_t password = pVarSet->get(GET_BSTR(DCTVS_Options_Credentials_Password)); _bstr_t server = pVarSet->get(GET_BSTR(DCTVS_Options_Credentials_Server)); _bstr_t share = pVarSet->get(GET_BSTR(DCTVS_Options_Credentials_Share)); BOOL bSessEstablished;
if ( username.length() && server.length() && share.length() ) { bSessEstablished = EstablishSession(server, domain, username, password, TRUE); } filename = pVarSet->get(GET_BSTR(DCTVS_Security_ReportAccountReferences));
stat->Report(m_Args.LogSummary(),m_Args.LogAccountDetails(),m_Args.LogPathDetails()); if ( m_Args.NoChange() ) { err.MsgWrite(0,DCT_MSG_NO_CHANGE_MODE); } stat->ReportToVarSet(pVarSet,m_Args.LogSettings() & SUMMARYSTATS); if ( filename.length() ) { err.MsgWrite(0,DCT_MSG_EXPORTING_ACCOUNT_REFS_S,(WCHAR*)filename); m_Args.Cache()->ReportAccountReferences((WCHAR*)filename); }
// if session was established, unestablish
if (bSessEstablished) { EstablishSession(server, domain, username, password, FALSE); }
long level = pVarSet->get(GET_BSTR(DCTVS_Results_ErrorLevel)); if ( level < err.GetMaxSeverityLevel() ) { pVarSet->put(GET_BSTR(DCTVS_Results_ErrorLevel),(LONG)err.GetMaxSeverityLevel()); }}
void CSecTranslator::DoResolution( TSDResolveStats * stat // in - object to write translation stats to
){ // display confirmation message if writing changes
int result; result = ResolveAll(&m_Args,stat);}
void CSecTranslator::DoLocalGroupResolution( TSDResolveStats * stat // in - object to write translation stats to
){ DWORD rc; TNodeListEnum tenum; TPathNode * tnode;
if ( m_LocalOnly ) { err.MsgWrite(0,DCT_MSG_TRANSLATING_LOCAL_GROUPS); rc = TranslateLocalGroups(NULL,&m_Args,m_Args.Cache(),stat); } else { // Enumerate the machines in the pathlist
for (tnode = (TPathNode *)tenum.OpenFirst((TNodeList *)m_Args.PathList()) ; tnode ; tnode = (TPathNode *)tenum.Next() ) { if ( IsMachineName(tnode->GetPathName()) ) { err.MsgWrite(0,DCT_MSG_TRANSLATING_LOCAL_GROUPS_ON_S,tnode->GetPathName()); rc = TranslateLocalGroups(tnode->GetPathName(),&m_Args,m_Args.Cache(),stat); } } } tenum.Close();}
void CSecTranslator::DoUserRightsTranslation( TSDResolveStats * stat // in - object to write stats to
){ DWORD rc; TNodeListEnum tenum; TPathNode * tnode;
if ( m_LocalOnly ) { err.MsgWrite(0,DCT_MSG_TRANSLATING_USER_RIGHTS); rc = TranslateUserRights(NULL,&m_Args,m_Args.Cache(),stat); } else { // Enumerate the machines in the pathlist
for (tnode = (TPathNode *)tenum.OpenFirst((TNodeList *)m_Args.PathList()) ; tnode ; tnode = (TPathNode *)tenum.Next() ) { if ( IsMachineName(tnode->GetPathName()) ) { err.MsgWrite(0,DCT_MSG_TRANSLATING_RIGHTS_ON_S,tnode->GetPathName()); rc = TranslateUserRights(tnode->GetPathName(),&m_Args,m_Args.Cache(),stat); } } } tenum.Close();}
BOOL CSecTranslator::LoadCacheFromVarSet( IVarSet * pVarSet // in - varset containing account mapping
){ BOOL bSuccess = TRUE; _bstr_t text;
if ( m_LocalOnly ) { m_Args.Cache()->SetSourceAndTargetDomainsWithSids(m_Args.Source(),m_SourceSid,m_Args.Target(),m_TargetSid); } else { m_Args.Cache()->SetSourceAndTargetDomains(m_Args.Source(),m_Args.Target()); } m_Args.Cache()->ToSorted(); // no wildcard filter specified. Use the explicit list of accounts
long numAccounts = pVarSet->get(GET_BSTR(DCTVS_Accounts_NumItems)); for ( int i = 0 ; i < numAccounts ; i++ ) { WCHAR key[LEN_Path]; WCHAR name[LEN_Account]; WCHAR targetName[LEN_Account]; WCHAR type[LEN_Path]; short sType;
swprintf(key,GET_STRING(DCTVSFmt_Accounts_D),i); text = pVarSet->get(key); safecopy(name,(WCHAR*)text);
swprintf(key,GET_STRING(DCTVSFmt_Accounts_TargetName_D),i); text = pVarSet->get(key); safecopy(targetName,(WCHAR*)text);
swprintf(key,GET_STRING(DCTVSFmt_Accounts_Type_D),i); text = pVarSet->get(key); safecopy(type,(WCHAR*)text);
if (! UStrICmp(type,L"user") ) sType = EA_AccountUser; else if (! UStrICmp(type,L"group") ) sType = EA_AccountGroup; else sType = 0; m_Args.Cache()->InsertLast(name,0,targetName,0,sType); } if ( bSuccess && ! m_LocalOnly ) { bSuccess = GetRIDsFromEA(); } return bSuccess;}
HRESULT CSecTranslator::LoadMigratedObjects(IVarSet * pVarSetIn){ HRESULT hr = S_OK;
// this reads the migrated objects table from the database, and
// constructs a mapping file to be used for security translation
IIManageDBPtr pDB; IUnknown * pUnk = NULL; IVarSetPtr pVarSet(CLSID_VarSet); WCHAR strKey[MAX_PATH]; long ndx = 0; _bstr_t srcSam = L"?"; _bstr_t tgtSam = L"?"; _bstr_t type; _bstr_t srcDom; _bstr_t tgtDom;// FILE * pFile = NULL;
// BOOL bSuccess = TRUE;
UCHAR srcEaServer[LEN_Computer]; UCHAR tgtEaServer[LEN_Computer]; _bstr_t text;
safecopy(srcEaServer,m_Args.Source()); safecopy(tgtEaServer,m_Args.Target());
if ( m_LocalOnly ) { m_Args.Cache()->SetSourceAndTargetDomainsWithSids(m_Args.Source(),m_SourceSid,m_Args.Target(),m_TargetSid); } else { m_Args.Cache()->SetSourceAndTargetDomains(m_Args.Source(),m_Args.Target()); } m_Args.Cache()->ToSorted(); hr = pDB.CreateInstance(CLSID_IManageDB);
if ( SUCCEEDED(hr) ) { hr = pVarSet->QueryInterface(IID_IUnknown,(void**)&pUnk); if ( SUCCEEDED(hr) ) { hr = pDB->raw_GetMigratedObjects(-1,&pUnk); } if ( SUCCEEDED(hr) ) { pVarSet = pUnk; pUnk->Release(); short sType; long rid = 0; long rid2 = 0; // GetMigratedObjects returns the migrated objects in the varset as:
// MigratedObjects.%ld.*
for ( ndx = 0 ;srcSam.length() && tgtSam.length() ; ndx++ ) { swprintf(strKey,L"MigratedObjects.%ld.%s",ndx,GET_STRING(DB_SourceDomain)); srcDom = pVarSet->get(strKey); swprintf(strKey,L"MigratedObjects.%ld.%s",ndx,GET_STRING(DB_TargetDomain)); tgtDom = pVarSet->get(strKey);
swprintf(strKey,L"MigratedObjects.%ld.%s",ndx,GET_STRING(DB_SourceSamName)); srcSam = pVarSet->get(strKey); swprintf(strKey,L"MigratedObjects.%ld.%s",ndx,GET_STRING(DB_TargetSamName)); tgtSam = pVarSet->get(strKey); swprintf(strKey,L"MigratedObjects.%ld.%s",ndx,GET_STRING(DB_Type)); type = pVarSet->get(strKey); swprintf(strKey,L"MigratedObjects.%ld.%s",ndx,GET_STRING(DB_SourceRid)); rid = pVarSet->get(strKey); swprintf(strKey,L"MigratedObjects.%ld.%s",ndx,GET_STRING(DB_TargetRid)); rid2 = pVarSet->get(strKey); if ( !UStrICmp(srcDom, m_Args.Source()) && !UStrICmp(tgtDom, m_Args.Target()) ) { if ( !UStrICmp(type,L"user") || !UStrICmp(type,L"group") ) { if (! UStrICmp(type,L"user") ) sType = EA_AccountUser; else if (! UStrICmp(type,L"group") ) sType = EA_AccountGroup; else sType = 0; m_Args.Cache()->InsertLast((WCHAR*)srcSam,rid,(WCHAR*)tgtSam,rid2,sType); } } } } }/* if ( SUCCEEDED(hr) )
{ GetRIDsFromEA(); }*/ return hr;}
BOOL CSecTranslator::BuildCacheFile( WCHAR const * filename // in - file to write account mapping to
){ BOOL bSuccess = TRUE; FILE * pFile; m_Args.Cache()->ToSorted();
TNodeListEnum e; TRidNode * node; WCHAR type[LEN_Path];
pFile = _wfopen(filename,L"wb"); if ( pFile ) { for ( node = (TRidNode*) e.OpenFirst(m_Args.Cache() ); node ; node = (TRidNode*)e.Next() ) { switch ( node->Type() ) { case EA_AccountUser: safecopy(type,L"user"); break; case EA_AccountGroup: case EA_AccountGGroup: case EA_AccountLGroup: safecopy(type,L"group"); break; default: type[0] = 0; break; }
// if (!UStrICmp(node->GetAcctName(),node->GetTargetAcctName()))
if ((UStrICmp(node->GetSrcDomSid(),L"")) && (UStrICmp(node->GetTgtDomSid(),L""))) { //account and domain names could be empty when using a sid
//mapping file for security translation. A later scanf by
//the agent will fail on a NULL name, so we will store "(UnKnown)"
//instead and deal with that on the scanf-side
WCHAR ssname[MAX_PATH]; wcscpy(ssname, node->GetAcctName()); if (!wcslen(ssname)) wcscpy(ssname, GET_STRING(IDS_UnknownSid)); WCHAR stname[MAX_PATH]; wcscpy(stname, node->GetTargetAcctName()); if (!wcslen(stname)) wcscpy(stname, GET_STRING(IDS_UnknownSid)); WCHAR ssdname[MAX_PATH]; wcscpy(ssdname, node->GetSrcDomName()); if (!wcslen(ssdname)) wcscpy(ssdname, GET_STRING(IDS_UnknownSid)); WCHAR stdname[MAX_PATH]; wcscpy(stdname, node->GetTgtDomName()); if (!wcslen(stdname)) wcscpy(stdname, GET_STRING(IDS_UnknownSid)); fwprintf(pFile,L"%s\t%s\t%s\t%lx\t%lx\t%lx\t%s\t%s\t%s\t%s\r\n",ssname,stname,type, 0, node->SrcRid(), node->TgtRid(), node->GetSrcDomSid(), node->GetTgtDomSid(), ssdname, stdname); } else { fwprintf(pFile,L"%s\t%s\t%s\t%lx\t%lx\t%lx\r\n",node->GetAcctName(),node->GetTargetAcctName(),type, 0, node->SrcRid(), node->TgtRid()); } } e.Close(); fclose(pFile); } else { bSuccess = FALSE;// DWORD rc = GetLastError();
} return bSuccess;}BOOL CSecTranslator::LoadCacheFromFile( WCHAR const * filename, // in - file to read account mapping from
IVarSet * pVarSet // in - pointer to varset
){ BOOL bSuccess = TRUE; _bstr_t text; FILE * pFile; WCHAR sourceName[LEN_Account]; WCHAR targetName[LEN_Account]; WCHAR sourceDomSid[MAX_PATH]; WCHAR targetDomSid[MAX_PATH]; WCHAR sourceDomName[MAX_PATH]; WCHAR targetDomName[MAX_PATH]; WCHAR type[LEN_Account]; DWORD status; int count = 0; BOOL bNeedRids = FALSE; WCHAR path[MAX_PATH]; WCHAR temp[MAX_PATH]; BOOL bUseMapFile = FALSE; if ( m_LocalOnly ) { m_Args.Cache()->SetSourceAndTargetDomainsWithSids(m_Args.Source(),m_SourceSid,m_Args.Target(),m_TargetSid); // find the module path
DWORD rc = GetModuleFileName(NULL,temp,DIM(temp)); if ( rc ) { // Generally, our DCTCache file will be in the same directory as our EXE.
// This is true 1) when agent is dispatched to clean machine (all will be in OnePointDomainAgent directory)
// and also 2) when agent is dispatched to the local ADMT machine (all will be in Program Files\ADMT directory)
// The exception is when the agent is dispatched to a remote machine where ADMT is also installed.
WCHAR * slash = wcsrchr(temp,L'\\'); UStrCpy(slash+1,filename); // Check whether ADMT is locally installed here
if ( IsLocallyInstalled() && !IsThisDispatcherMachine(pVarSet) ) { // ADMT is installed here, so we're running from the binaries
// in the Program files\ADMT directory
// However, our cache file should be in %Program Files%\\OnePOintDomainAgent
GetProgramFilesDirectory(temp,NULL); UStrCpy(temp+UStrLen(temp),L"\\OnePointDomainAgent\\"); UStrCpy(temp+UStrLen(temp),filename); } } else { rc = GetLastError(); err.DbgMsgWrite(0,L"Couldn't get the module filename, rc=%ld",rc); swprintf(temp,L"..\\OnePointDomainAgent\\%ls",filename); } _wfullpath(path,temp,MAX_PATH); } else { m_Args.Cache()->SetSourceAndTargetDomains(m_Args.Source(),m_Args.Target()); _wfullpath(path,filename,MAX_PATH); } m_Args.Cache()->ToSorted(); text = pVarSet->get(GET_BSTR(DCTVS_AccountOptions_SecurityInputMOT)); if (UStrICmp(text,GET_STRING(IDS_YES))) { m_Args.SetUsingMapFile(TRUE); //set the arg flag to indicate use of map file
bUseMapFile = TRUE; } // The input file should have the format:
// SourceName, TargetName, Type, Status [,rid1, rid2]
pFile = _wfopen(path,L"rb"); if ( pFile ) { int result; do { DWORD rid1 = 0; DWORD rid2 = 0; if (!bUseMapFile) { result = fwscanf(pFile,L"%[^\t]\t%[^\t]\t%[^\t]\t%lx\t%lx\t%lx\r\n", sourceName,targetName,type,&status,&rid1,&rid2);
if ( result < 4 ) break; } else { result = fwscanf(pFile,L"%[^\t]\t%[^\t]\t%[^\t]\t%lx\t%lx\t%lx\t%[^\t]\t%[^\t]\t%[^\t]\t%[^\r]\r\n", sourceName,targetName,type,&status,&rid1,&rid2,sourceDomSid,targetDomSid, sourceDomName, targetDomName);
if ( result < 8 ) break; }
short lType = 0; if ( !UStrICmp(type,L"user") ) lType = EA_AccountUser; else if ( ! UStrICmp(type,L"group") ) lType = EA_AccountGroup;
if (!bUseMapFile) m_Args.Cache()->InsertLast(sourceName,rid1,targetName,rid2,lType); else m_Args.Cache()->InsertLastWithSid(sourceName,sourceDomSid,sourceDomName,rid1, targetName,targetDomSid,targetDomName,rid2,lType); count++; if ( ! rid1 | ! rid2 ) { bNeedRids = TRUE; } } while ( result >= 4 ); // 4 fields read and assigned
if ( result ) { err.MsgWrite(ErrS,DCT_MSG_ERROR_READING_INPUT_FILE_S,path); } err.MsgWrite(0,DCT_MSG_ACCOUNTS_READ_FROM_FILE_DS,count,path); fclose(pFile); } else { err.MsgWrite(ErrS,DCT_MSG_ERROR_OPENING_FILE_S,path); bSuccess = FALSE; }
if ( bSuccess && bNeedRids && ! m_LocalOnly) { bSuccess = GetRIDsFromEA(); } return bSuccess;}
// This doesn't get RIDs from EA any more, since we have removed dependencies on MCS products.
// Instead, we use the Net APIs to get this information
BOOL CSecTranslator::GetRIDsFromEA(){ BOOL bSuccess = TRUE;
// set the cache to a tree sorted by name
m_Args.Cache()->SortedToScrambledTree(); m_Args.Cache()->Sort(&CompN);
// do NQDI to get RIDS for accounts
DWORD rc = 0; NET_DISPLAY_USER * pUser = NULL; NET_DISPLAY_GROUP * pGroup = NULL; DWORD count = 0; DWORD resume = 0; TRidNode * pNode = NULL;
// Get source rids for users
do { rc = NetQueryDisplayInformation(m_Args.Cache()->GetSourceDCName(),1,resume,5000,100000,&count,(void**)&pUser); if ( 0 == rc || ERROR_MORE_DATA == rc ) { for ( DWORD i = 0 ; i < count ; i++ ) { // see if this account is in the cache
pNode = (TRidNode*)m_Args.Cache()->Find(&vNameComp,pUser[i].usri1_name); if ( pNode ) { pNode->SrcRid(pUser[i].usri1_user_id); } } if ( count ) { resume = pUser[count-1].usri1_next_index; } else { // no items were returned - get out of here
break; } NetApiBufferFree(pUser); } } while ( rc == ERROR_MORE_DATA );
count = 0; resume = 0;
// Get source rids for global groups
do { rc = NetQueryDisplayInformation(m_Args.Cache()->GetSourceDCName(),3,resume,5000,100000,&count,(void**)&pGroup); if ( 0 == rc || ERROR_MORE_DATA == rc ) { for ( DWORD i = 0 ; i < count ; i++ ) { // see if this account is in the cache
pNode = (TRidNode*)m_Args.Cache()->Find(&vNameComp,pGroup[i].grpi3_name); if ( pNode ) { pNode->SrcRid(pGroup[i].grpi3_group_id); } } if ( count ) { resume = pGroup[count-1].grpi3_next_index; } else { // no items were returned - get out of here
break; } NetApiBufferFree(pGroup); } } while ( rc == ERROR_MORE_DATA );
count = 0; resume = 0; // Get target rids for users
// set the cache to a tree sorted by target name
m_Args.Cache()->ToSorted(); m_Args.Cache()->SortedToScrambledTree(); m_Args.Cache()->Sort(&CompTargetN);
do { rc = NetQueryDisplayInformation(m_Args.Cache()->GetTargetDCName(),1,resume,5000,100000,&count,(void**)&pUser); if ( 0 == rc || ERROR_MORE_DATA == rc ) { for ( DWORD i = 0 ; i < count ; i++ ) { // see if this account is in the cache
pNode = (TRidNode*)m_Args.Cache()->Find(&vTargetNameComp,pUser[i].usri1_name); if ( pNode ) { pNode->TgtRid(pUser[i].usri1_user_id); } } if ( count ) { resume = pUser[count-1].usri1_next_index; } else { // no items were returned - get out of here
break; } NetApiBufferFree(pUser); } } while ( rc == ERROR_MORE_DATA );
// TODO: Add error message if rc != 0
count = 0; resume = 0; // Get target rids for global groups
do { rc = NetQueryDisplayInformation(m_Args.Cache()->GetTargetDCName(),3,resume,5000,100000,&count,(void**)&pGroup); if ( 0 == rc || ERROR_MORE_DATA == rc ) { for ( DWORD i = 0 ; i < count ; i++ ) { // see if this account is in the cache
pNode = (TRidNode*)m_Args.Cache()->Find(&vTargetNameComp,pGroup[i].grpi3_name); if ( pNode ) { pNode->TgtRid(pGroup[i].grpi3_group_id); } } if ( count ) { resume = pGroup[count-1].grpi3_next_index; } else { // no items were returned - get out of here
break; } NetApiBufferFree(pGroup); } } while ( rc == ERROR_MORE_DATA );
// sort back to regular source name order
m_Args.Cache()->ToSorted(); m_Args.Cache()->SortedToScrambledTree(); m_Args.Cache()->Sort(&CompN);
// get source and target rids for local groups
TNodeTreeEnum tEnum; BYTE sid[LEN_SID]; DWORD lenSid; WCHAR domain[LEN_Domain]; DWORD lenDomain; SID_NAME_USE snu;
for ( pNode = (TRidNode*)tEnum.OpenFirst(m_Args.Cache()) ; pNode ; pNode = (TRidNode*) tEnum.Next() ) { if ( ! pNode->SrcRid() ) { // we don't have a rid for this account, possibly because it is a local group
lenSid = DIM(sid); lenDomain = DIM(domain); if ( LookupAccountName(m_Args.Cache()->GetSourceDCName(),pNode->GetAcctName(),sid,&lenSid,domain,&lenDomain,&snu) ) { if (! UStrICmp(m_Args.Source(),domain) ) { // found the source SID
// get the last sub-id
PUCHAR pCount = GetSidSubAuthorityCount(&sid); if ( pCount ) { LPDWORD pRid = GetSidSubAuthority(&sid,(*pCount) - 1 ); if ( pRid ) { pNode->SrcRid(*pRid); } } } } }
if ( pNode->SrcRid() && !pNode->TgtRid() ) { // we got the source RID, now try to get the target RID
lenSid = DIM(sid); lenDomain = DIM(domain); if ( LookupAccountName(m_Args.Cache()->GetTargetDCName(),pNode->GetTargetAcctName(),sid,&lenSid,domain,&lenDomain,&snu) ) { if (! UStrICmp(m_Args.Target(),domain) ) { // found the source SID
// get the last sub-id
PUCHAR pCount = GetSidSubAuthorityCount(&sid);
if ( pCount ) { LPDWORD pRid = GetSidSubAuthority(&sid,(*pCount) - 1 );
if ( pRid ) { pNode->TgtRid(*pRid); } } } } } } tEnum.Close();
return bSuccess;}
// We remove the Exchange server service accont from the cache before translating,
// since it is not recommended to change the service account from exchange
// in any event, the service account for exchange cannot be changed simply by granting
// exchange permissions to the new account. It also requires configuration changes within
// exchange that must be performed manually
BOOL CSecTranslator::RemoveExchangeServiceAccountFromCache(){ WCHAR const * exServiceName = L"MSExchangeDS"; SC_HANDLE hSCM; DWORD rc = 0; // return code
BOOL result = FALSE; BOOL bUseMapFile = m_Args.UsingMapFile();
if ( m_Args.TranslateContainers() ) { // get the service account name for the exchange directory service on exchServer
// BOOL retval=FALSE; // returned value
SC_HANDLE hSvc; // Service handle
DWORD lenQsc; // required qsc info len
union { QUERY_SERVICE_CONFIG qsc; // Exchange Directory service information
BYTE padding[1000]; } bufQsc; hSCM = OpenSCManager( m_exchServer, NULL, GENERIC_READ ); if ( !hSCM ) { rc = GetLastError(); err.SysMsgWrite( ErrW, rc, DCT_MSG_SCM_OPEN_FAILED_SD, m_exchServer,rc ); } else { hSvc = OpenService( hSCM, exServiceName, SERVICE_QUERY_CONFIG ); if ( !hSvc ) { rc = GetLastError(); switch ( rc ) { case ERROR_SERVICE_DOES_NOT_EXIST: // 1060
default: err.SysMsgWrite( ErrW, rc, DCT_MSG_OPEN_SERVICE_FAILED_SSD, m_exchServer , exServiceName, rc ); break; } } else { if ( !QueryServiceConfig( hSvc, &bufQsc.qsc, sizeof bufQsc, &lenQsc ) ) { rc = GetLastError(); err.SysMsgWrite( ErrW, rc, DCT_MSG_QUERY_SERVICE_CONFIG_FAILED_SSD, m_exchServer, exServiceName, rc ); } else { // We've found the account
result = TRUE; // bufQsc.qsc.lpServiceStartName is DOMAIN\Account or .\Account
WCHAR * domAcct = bufQsc.qsc.lpServiceStartName; WCHAR * domName; // domain-name
WCHAR * acctName; // account-name
for ( domName = domAcct ; *domName && *domName != _T('\\') ; domName++ ) ; if ( *domName == _T('\\') ) { *domName = 0; acctName = domName+1; domName = domAcct; } // Is the account from the source domain?
WCHAR szSourceDomain[LEN_Domain]; WCHAR wszAccountName[LEN_Account]; safecopy(wszAccountName,acctName); //use the domain name from the cache if we are not using a sID mapping
//file
if (!bUseMapFile) { safecopy(szSourceDomain,m_Args.Cache()->GetSourceDomainName()); if ( !UStrICmp(domName,szSourceDomain ) ) { // if so, is it in the cache?
TAcctNode * tnode; TNodeTreeEnum tEnum; // the cache is a tree, sorted by RID
for ( tnode = (TAcctNode *)tEnum.OpenFirst(m_Args.Cache()) ; tnode ; tnode = (TAcctNode *)tEnum.Next() ) { if ( !UStrICmp(tnode->GetAcctName(),wszAccountName) ) { // remove it from the cache, and notify the user
err.MsgWrite(ErrW,DCT_MSG_SKIPPING_EXCHANGE_ACCOUNT_SS,domName,acctName); m_Args.Cache()->Remove(tnode); } } tEnum.Close(); } }//end if not using mapping file
else //else using sID mapping file, get the source domain name from the
{ //node itself
//is this account in the cache?
TAcctNode * tnode; TNodeTreeEnum tEnum; // the cache is a tree, sorted by RID
for ( tnode = (TAcctNode *)tEnum.OpenFirst(m_Args.Cache()) ; tnode ; tnode = (TAcctNode *)tEnum.Next() ) { if (( !UStrICmp(tnode->GetAcctName(),wszAccountName) ) && ( !UStrICmp(((TRidNode*)tnode)->GetSrcDomName(),domName) )) { // remove it from the cache, and notify the user
err.MsgWrite(ErrW,DCT_MSG_SKIPPING_EXCHANGE_ACCOUNT_SS,domName,acctName); m_Args.Cache()->Remove(tnode); } } tEnum.Close(); }//end if using mapping file
CloseServiceHandle( hSvc ); } } CloseServiceHandle(hSCM); } } if ( !result ) { // couldn't get the service account name
err.SysMsgWrite(ErrW,rc,DCT_MSG_CANT_FIND_EXCHANGE_ACCOUNT_SD, m_exchServer,rc); } return result;}
void CSecTranslator::DoExchangeResolution( TSDResolveStats * stat, // in - stats object to record stats
IVarSet * pVarSet ){
{ TGlobalDirectory m_exDir; _bstr_t domain = pVarSet->get(GET_BSTR(DCTVS_AccountOptions_SidHistoryCredentials_Domain)); _bstr_t username = pVarSet->get(GET_BSTR(DCTVS_AccountOptions_SidHistoryCredentials_UserName)); _bstr_t password = pVarSet->get(GET_BSTR(DCTVS_AccountOptions_SidHistoryCredentials_Password)); _bstr_t mode = pVarSet->get(GET_BSTR(DCTVS_Security_TranslationMode)); _bstr_t mbquery = pVarSet->get(L"ExchangeMigration.LdapQuery"); WCHAR creds[LEN_Account + LEN_Domain + 6]; WCHAR query[LEN_Path] = L"(objectClass=*)"; if ( m_exchServer[0] ) { if (! RemoveExchangeServiceAccountFromCache() ) goto end; } if ( mbquery.length() ) { UStrCpy(query,(WCHAR*)mbquery); } if ( m_Args.TranslateMailboxes() || m_Args.TranslateContainers() ) { // make sure we have some accts in the cache
m_exDir.SetStats(stat); m_Args.Cache()->UnCancel(); swprintf(creds,L"cn=%ls,cn=%ls",(WCHAR*)username,(WCHAR*)domain); err.MsgWrite(0,DCT_MSG_EXCHANGE_TRANSLATION_MODE_S,(WCHAR*)mode); m_exDir.DoLdapTranslation(m_exchServer,creds,password,&m_Args,NULL,query); stat->DisplayPath(L""); } }end: // destructor for m_exDir must be called before we release the MAPI library!
ReleaseMAPI(); ReleaseDAPI(); return;}
/*********************************************************************
* * * Written by: Paul Thompson * * Date: 4 OCT 2000 * * * * This function is responsible for retrieving account sIDs from * * the given sID mapping file and adding these sids to the cache. * * * *********************************************************************/
//BEGIN LoadCacheFromMapFile
BOOL CSecTranslator::LoadCacheFromMapFile( WCHAR const * filename, // in - file to read sid mapping from
IVarSet * pVarSet // in - pointer to varset
){ FILE * pFile = NULL; WCHAR path[MAX_PATH]; WCHAR sourceSid[MAX_PATH]; WCHAR targetSid[MAX_PATH]; int count = 0; BOOL bSuccess = TRUE; // m_Args.Cache()->SetSourceAndTargetDomains(m_Args.Source(),m_Args.Target());
_wfullpath(path,filename,MAX_PATH);
m_Args.Cache()->ToSorted(); // The input file should have the format:
// srcSid,tgtSid
pFile = OpenMappingFile(path); // pFile = _wfopen(path,L"rb");
if ( pFile ) { int result; //move past the UNICODE Byte Order Mark
// fgetwc(pFile);
do { result = fwscanf(pFile,L"%[^,], %[^\r\n]\n",sourceSid,targetSid);
if ( result < 2 ) break; short lType = EA_AccountUser;
//divide the sids into domain sids and rids
WCHAR srcDomainSid[MAX_PATH] = L""; WCHAR tgtDomainSid[MAX_PATH] = L""; WCHAR srcDomainName[MAX_PATH] = L""; WCHAR tgtDomainName[MAX_PATH] = L""; DWORD srcRid = 0; DWORD tgtRid = 0; WCHAR srcName[MAX_PATH] = L""; WCHAR tgtName[MAX_PATH] = L""; WCHAR domainName[MAX_PATH] = L""; DWORD cb = MAX_PATH; DWORD cbDomain = MAX_PATH; SID_NAME_USE sid_Use; PSID srcSid = NULL; PSID tgtSid = NULL; WCHAR * slash; LPWSTR pdomc; WCHAR DCName[MAX_PATH]; BYTE ssid[200]; BYTE tsid[200]; DWORD lenSid = DIM(ssid); BOOL bNeedToFreeSrc = FALSE; BOOL bNeedToFreeTgt = FALSE;
//see if the source is given by domain\account format or
//decimal-style sid format
if (wcschr(sourceSid,L'\\')) { //seperate domain and account names
wcscpy(srcDomainName,sourceSid); slash = wcschr(srcDomainName,L'\\'); if ( slash ) { *slash = 0; wcscpy(srcName,slash+1); } //get a DC for the given domain
HRESULT res = NetGetDCName(NULL,srcDomainName,(LPBYTE *)&pdomc); if (res!=NERR_Success) { err.MsgWrite(0,DCT_MSG_SRC_ACCOUNT_NOT_READ_FROM_FILE_DS, sourceSid, targetSid, path, sourceSid); continue; }
wcscpy(DCName, pdomc); NetApiBufferFree(pdomc);
//get the sid for this account
if(!LookupAccountName(DCName,srcName,(PSID)ssid,&lenSid,srcDomainName,&cbDomain,&sid_Use)) { err.MsgWrite(0,DCT_MSG_SRC_ACCOUNT_NOT_READ_FROM_FILE_DS, sourceSid, targetSid, path, sourceSid); continue; }
srcSid = (PSID)ssid;
if (sid_Use == SidTypeGroup) lType = EA_AccountGroup; else lType = EA_AccountUser; }//end if domain\account format
else { srcSid = SidFromString(sourceSid); if (!srcSid) { err.MsgWrite(0,DCT_MSG_SRC_ACCOUNT_NOT_READ_FROM_FILE_DS, sourceSid, targetSid, path, sourceSid); continue; }
bNeedToFreeSrc = TRUE;
if (LookupAccountSid(NULL, srcSid, srcName, &cb, srcDomainName, &cbDomain, &sid_Use)) { if (sid_Use == SidTypeGroup) lType = EA_AccountGroup; else lType = EA_AccountUser; } }//end else sid format
//see if the target is given by domain\account format or
//decimal-style sid format
lenSid = DIM(tsid); cb = cbDomain = MAX_PATH; if (wcschr(targetSid,L'\\')) { //seperate domain and account names
wcscpy(tgtDomainName,targetSid); slash = wcschr(tgtDomainName,L'\\'); if ( slash ) { *slash = 0; wcscpy(tgtName,slash+1); } //get a DC for the given domain
HRESULT res = NetGetDCName(NULL,tgtDomainName,(LPBYTE *)&pdomc); if (res!=NERR_Success) { if (bNeedToFreeSrc) FreeSid(srcSid); err.MsgWrite(0,DCT_MSG_TGT_ACCOUNT_NOT_READ_FROM_FILE_DS, sourceSid, targetSid, path, targetSid); continue; }
wcscpy(DCName, pdomc); NetApiBufferFree(pdomc);
//get the sid for this account
if(!LookupAccountName(DCName,tgtName,(PSID)tsid,&lenSid,tgtDomainName,&cbDomain,&sid_Use)) { if (bNeedToFreeSrc) FreeSid(srcSid); err.MsgWrite(0,DCT_MSG_TGT_ACCOUNT_NOT_READ_FROM_FILE_DS, sourceSid, targetSid, path, targetSid); continue; }
tgtSid = (PSID)tsid;
if (sid_Use == SidTypeGroup) lType = EA_AccountGroup; else lType = EA_AccountUser; }//end if domain\account format
else { tgtSid = SidFromString(targetSid); if (!tgtSid) { if (bNeedToFreeSrc) FreeSid(srcSid); err.MsgWrite(0,DCT_MSG_TGT_ACCOUNT_NOT_READ_FROM_FILE_DS, sourceSid, targetSid, path, targetSid); continue; }
bNeedToFreeTgt = TRUE;
if (LookupAccountSid(NULL, tgtSid, tgtName, &cb, tgtDomainName, &cbDomain, &sid_Use)) { if (sid_Use == SidTypeGroup) lType = EA_AccountGroup; else lType = EA_AccountUser; } }//end else sid format
//if the source account is not already in the cache, then add it
if ((m_Args.Cache()->GetNumAccts() == 0) || (m_Args.Cache()->LookupWODomain(srcSid) == NULL)) { //get the domain sids and account rids from the account sids
SplitAccountSids(srcSid, srcDomainSid, &srcRid, tgtSid, tgtDomainSid, &tgtRid);
//insert this node into the cache
m_Args.Cache()->InsertLastWithSid(srcName,srcDomainSid,srcDomainName,srcRid,tgtName, tgtDomainSid,tgtDomainName,tgtRid,lType); count++; } else err.MsgWrite(0,DCT_MSG_SRC_ACCOUNT_DUPLICATE_IN_FILE_DS, sourceSid, targetSid, path, sourceSid);
if (bNeedToFreeSrc) FreeSid(srcSid); if (bNeedToFreeTgt) FreeSid(tgtSid); } while ( result >= 2 ); // 2 fields read and assigned
err.MsgWrite(0,DCT_MSG_ACCOUNTS_READ_FROM_FILE_DS,count,path); fclose(pFile); } else { err.MsgWrite(ErrS,DCT_MSG_ERROR_OPENING_FILE_S,path); bSuccess = FALSE; }
return bSuccess;}//END LoadCacheFromMapFile
/*********************************************************************
* * * Written by: Paul Thompson * * Date: 11 OCT 2000 * * * * This function is responsible for opening the sid mapping file * * whether it is anm ANSI or UNICODE file and return the file * * pointer. * * * *********************************************************************/
//BEGIN OpenMappingFile
FILE* CSecTranslator::OpenMappingFile(LPCTSTR pszFileName){ // open in binary mode first in order to check for UNICODE byte order
// mark if the file is UNICODE then it must be read in binary mode
// with the stream i/o functions
FILE* fp = _tfopen(pszFileName, _T("rb"));
if (fp == NULL) { return NULL;// _com_issue_error(E_INVALIDARG);
}
// check if file is ANSI or UNICODE or UTF-8
BYTE byteSignature[3];
if (fread(byteSignature, sizeof(BYTE), 3, fp) == 3) { static BYTE byteUtf8[] = { 0xEF, 0xBB, 0xBF }; static BYTE byteUnicodeLE[] = { 0xFF, 0xFE }; static BYTE byteUnicodeBE[] = { 0xFE, 0xFF };
// check for signature or byte order mark
if (memcmp(byteSignature, byteUtf8, sizeof(byteUtf8)) == 0) { // UTF-8 signature
// TODO: not currently supported
return NULL;// _com_issue_error(E_INVALIDARG);
} else if (memcmp(byteSignature, byteUnicodeLE, sizeof(byteUnicodeLE)) == 0) { // UNICODE Little Endian Byte Order Mark
// supported
// must read in binary mode
// move file pointer back one byte because we read 3 bytes
fseek(fp, -1, SEEK_CUR); } else if (memcmp(byteSignature, byteUnicodeBE, sizeof(byteUnicodeBE)) == 0) { // UNICODE Big Endian Byte Order Mark
// TODO: not currently supported
return NULL;// _com_issue_error(E_INVALIDARG);
} else { // assume ANSI
// re-open file in text mode as the stream i/o functions will
// treat the file as multi-byte characters and will convert them
// to UNICODE
fclose(fp);
fp = _tfopen(pszFileName, _T("rt")); } } else { return NULL;// _com_issue_error(E_INVALIDARG);
}
return fp;}//END OpenMappingFile
|
