|
|
//+---------------------------------------------------------------------------
//
// Microsoft Windows
// Copyright (C) Microsoft Corporation, 1992 - 1995.
//
// File: secutil.cxx
//
// Contents: Helper routines for conversion - LDAP specific
//
// Functions:
//
// History: 09-27-98 by splitting ldap\var2sec.cxx
// and distributing between ldapc and router - AjayR
//
//----------------------------------------------------------------------------
#include "ldapc.hxx"
#pragma hdrstop
//
// Definition need as this is not a part of the headers
//
extern "C" {HRESULTADsEncodeBinaryData ( PBYTE pbSrcData, DWORD dwSrcLen, LPWSTR * ppszDestData );}
HRESULTConvertSidToString( PSID pSid, LPWSTR String )
/*++
Routine Description:
This function generates a printable unicode string representation of a SID.
The resulting string will take one of two forms. If the IdentifierAuthority value is not greater than 2^32, then the SID will be in the form:
S-1-281736-12-72-9-110 ^ ^^ ^^ ^ ^^^ | | | | | +-----+--+-+--+---- Decimal
Otherwise it will take the form:
S-1-0x173495281736-12-72-9-110 ^^^^^^^^^^^^^^ ^^ ^^ ^ ^^^ Hexidecimal | | | | +--+-+--+---- Decimal
Arguments:
pSid - opaque pointer that supplies the SID that is to be converted to Unicode.
Return Value:
If the Sid is successfully converted to a Unicode string, a pointer to the Unicode string is returned, else NULL is returned.
--*/
{ WCHAR Buffer[256]; UCHAR i; ULONG Tmp; HRESULT hr = S_OK;
SID_IDENTIFIER_AUTHORITY *pSidIdentifierAuthority; PUCHAR pSidSubAuthorityCount;
if (!IsValidSid( pSid )) { *String= L'\0'; hr = HRESULT_FROM_WIN32(ERROR_INVALID_SID); RRETURN(hr); }
wsprintf(Buffer, L"S-%u-", (USHORT)(((PISID)pSid)->Revision )); wcscpy(String, Buffer);
pSidIdentifierAuthority = GetSidIdentifierAuthority(pSid);
if ( (pSidIdentifierAuthority->Value[0] != 0) || (pSidIdentifierAuthority->Value[1] != 0) ){ wsprintf(Buffer, L"0x%02hx%02hx%02hx%02hx%02hx%02hx", (USHORT)pSidIdentifierAuthority->Value[0], (USHORT)pSidIdentifierAuthority->Value[1], (USHORT)pSidIdentifierAuthority->Value[2], (USHORT)pSidIdentifierAuthority->Value[3], (USHORT)pSidIdentifierAuthority->Value[4], (USHORT)pSidIdentifierAuthority->Value[5] ); wcscat(String, Buffer);
} else {
Tmp = (ULONG)pSidIdentifierAuthority->Value[5] + (ULONG)(pSidIdentifierAuthority->Value[4] << 8) + (ULONG)(pSidIdentifierAuthority->Value[3] << 16) + (ULONG)(pSidIdentifierAuthority->Value[2] << 24); wsprintf(Buffer, L"%lu", Tmp); wcscat(String, Buffer); }
pSidSubAuthorityCount = GetSidSubAuthorityCount(pSid);
for (i=0;i< *(pSidSubAuthorityCount);i++ ) { wsprintf(Buffer, L"-%lu", *(GetSidSubAuthority(pSid, i))); wcscat(String, Buffer); }
RRETURN(S_OK);
}
HRESULTConvertU2TrusteeToSid( LPWSTR pszServerName, CCredentials& Credentials, LPWSTR pszTrustee, LPBYTE Sid, PDWORD pdwSidSize ){ PADSLDP pLdapHandle = NULL; HRESULT hr = S_OK; LPWSTR *SidAttribute = NULL; DWORD nCount = 0; DWORD dwStatus = 0; struct berval **ppBerValue = NULL; LPWSTR Attributes[2]; LDAPMessage *res = NULL; LDAPMessage *entry = NULL; DWORD dwNumberOfEntries = 0; DWORD dwSidLength = 0; LPBYTE lpByte = NULL; WCHAR szSid[MAX_PATH];
Attributes[0] = L"Sid"; Attributes[1] = NULL;
ConvertSidToString( Sid, szSid);
dwStatus = LdapOpenObject( pszServerName, pszTrustee, &pLdapHandle, Credentials, FALSE ); if (dwStatus) { hr = HRESULT_FROM_WIN32(dwStatus); BAIL_ON_FAILURE(hr); }
dwStatus = LdapSearchS( pLdapHandle, pszTrustee, LDAP_SCOPE_BASE, L"(objectClass=*)", Attributes, 0, &res );
if (dwStatus) { hr = HRESULT_FROM_WIN32(dwStatus); BAIL_ON_FAILURE(hr); }
dwNumberOfEntries = LdapCountEntries( pLdapHandle, res );
if ( dwNumberOfEntries == 0 ) RRETURN(S_OK);
dwStatus = LdapFirstEntry( pLdapHandle, res, &entry );
if (dwStatus) { hr = HRESULT_FROM_WIN32(dwStatus); BAIL_ON_FAILURE(hr); }
dwStatus = LdapGetValuesLen( pLdapHandle, entry, L"Sid", &ppBerValue, (int *)&nCount ); if (dwStatus) { hr = HRESULT_FROM_WIN32(dwStatus); BAIL_ON_FAILURE(hr); }
dwSidLength = ((struct berval **)ppBerValue)[0]->bv_len; lpByte = (LPBYTE)((struct berval **) ppBerValue)[0]->bv_val;
memcpy( Sid, lpByte, dwSidLength); *pdwSidSize = dwSidLength;
error:
if (res) { LdapMsgFree( res ); }
RRETURN(hr);}
HRESULTConvertSidToU2Trustee( LPWSTR pszServerName, CCredentials& Credentials, PSID pSid, LPWSTR szTrustee ){ HRESULT hr = S_OK; PUCHAR pSidAuthorityCount = NULL; LPWSTR pszQueryString = NULL; DWORD dwSidLength = 0; LDAPMessage *res = NULL; LPWSTR pszDN = NULL; LDAPMessage *entry = NULL; DWORD dwStatus = 0;
DWORD dwNumberOfEntries = 0; WCHAR szSearchExp[MAX_PATH];
PADSLDP pLdapHandle = NULL;
LPWSTR Attributes[] = {L"Sid", NULL}; WCHAR szSid[MAX_PATH];
ConvertSidToString( pSid, szSid);
pSidAuthorityCount = GetSidSubAuthorityCount(pSid);
if (!pSidAuthorityCount) { RRETURN(E_FAIL); }
dwSidLength = GetSidLengthRequired(*pSidAuthorityCount);
hr = ADsEncodeBinaryData ( (LPBYTE)pSid, dwSidLength, &pszQueryString ); BAIL_ON_FAILURE(hr);
dwStatus = LdapOpenObject( pszServerName, NULL, &pLdapHandle, Credentials, FALSE ); if (dwStatus) { hr = HRESULT_FROM_WIN32(dwStatus); BAIL_ON_FAILURE(hr); }
wcscpy(szSearchExp,L"(Sid="); wcscat(szSearchExp, pszQueryString); wcscat(szSearchExp, L")");
dwStatus = LdapSearchS( pLdapHandle, NULL, LDAP_SCOPE_SUBTREE, szSearchExp, Attributes, 0, &res );
if (dwStatus) { hr = HRESULT_FROM_WIN32(dwStatus); BAIL_ON_FAILURE(hr); }
dwNumberOfEntries = LdapCountEntries( pLdapHandle, res );
if ( dwNumberOfEntries == 0 ){ hr = E_FAIL; BAIL_ON_FAILURE(hr); }
dwStatus = LdapFirstEntry( pLdapHandle, res, &entry );
if (dwStatus) { hr = HRESULT_FROM_WIN32(dwStatus); BAIL_ON_FAILURE(hr); }
dwStatus = LdapGetDn( pLdapHandle, entry, &pszDN); if (dwStatus) { hr = HRESULT_FROM_WIN32(dwStatus); BAIL_ON_FAILURE(hr); }
wcscpy(szTrustee, pszDN);
error:
if (pszQueryString) { FreeADsStr(pszQueryString); }
if (pszDN) { LdapMemFree(pszDN); }
if (res) { LdapMsgFree( res ); }
if (pLdapHandle) { LdapCloseObject( pLdapHandle); }
RRETURN(hr);}
�
|
