archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7 Commits
1 Branch
0 Tags
2.0 GiB
Tree: 9769ad7c3d
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '9769ad7c3d'
${ noResults }
windows-xp/Source/XPSP1/NT/net/ias/providers/ntuser/peruser/rasuser.cpp

214 lines
5.5 KiB
Raw Normal View History

Add source files
4 years ago
  1. ///////////////////////////////////////////////////////////////////////////////
  2. //
  3. // Copyright (c) 1998, Microsoft Corp. All rights reserved.
  4. //
  5. // FILE
  6. //
  7. // rasuser.cpp
  8. //
  9. // SYNOPSIS
  10. //
  11. // This file defines the class RasUser.
  12. //
  13. // MODIFICATION HISTORY
  14. //
  15. // 03/20/1998 Original version.
  16. // 04/24/1998 Allow null domain for local server.
  17. // 05/19/1998 Converted to NtSamHandler.
  18. // 06/03/1998 Always use RAS/MPR for local users.
  19. // 06/23/1998 Use DCLocator to find server.
  20. // 07/09/1998 Always use RasAdminUserGetInfo
  21. // 07/11/1998 Switch to IASGetRASUserInfo.
  22. // 07/28/1998 Handle case where IAS is running on a DC.
  23. // 08/10/1998 Fix initialization error codes.
  24. // 03/10/1999 Use LDAP when possible.
  25. // 03/23/1999 Store the user's DN.
  26. //
  27. ///////////////////////////////////////////////////////////////////////////////
  29. #include <ias.h>
  30. #include <iastlutl.h>
  32. #define IASSAMAPI
  34. #include <iaslsa.h>
  35. #include <iasntds.h>
  36. #include <iasparms.h>
  38. #include <sdoias.h>
  40. #include <rasuser.h>
  41. #include <userschema.h>
  43. //////////
  44. // Attributes that should be retrieved for each user.
  45. //////////
  46. const PCWSTR USER_PARMS[] =
  47. {
  48. L"userParameters",
  49. NULL
  50. };
  52. HRESULT RasUser::initialize() throw ()
  53. {
  54. //////////
  55. // Let's get everything that could fail out of the way first.
  56. //////////
  58. PIASATTRIBUTE attrs[3];
  59. DWORD error = IASAttributeAlloc(3, attrs);
  60. if (error) { return HRESULT_FROM_WIN32(error); }
  62. //////////
  63. // Initialize the dial-in bit attributes.
  64. //////////
  66. attrs[0]->dwId = IAS_ATTRIBUTE_ALLOW_DIALIN;
  67. attrs[0]->Value.itType = IASTYPE_BOOLEAN;
  68. attrs[0]->Value.Boolean = TRUE;
  69. attrs[1]->dwFlags = 0;
  70. allowAccess.attach(attrs[0], false);
  72. attrs[1]->dwId = IAS_ATTRIBUTE_ALLOW_DIALIN;
  73. attrs[1]->Value.itType = IASTYPE_BOOLEAN;
  74. attrs[1]->Value.Boolean = FALSE;
  75. attrs[1]->dwFlags = 0;
  76. denyAccess.attach(attrs[1], false);
  78. attrs[2]->dwId = RADIUS_ATTRIBUTE_SERVICE_TYPE;
  79. attrs[2]->Value.itType = IASTYPE_ENUM;
  80. attrs[2]->Value.Enumerator = 4;
  81. attrs[2]->dwFlags = IAS_INCLUDE_IN_ACCEPT;
  82. callbackFramed.attach(attrs[2], false);
  84. return S_OK;
  85. }
  87. void RasUser::finalize() throw ()
  88. {
  89. allowAccess.release();
  90. denyAccess.release();
  91. callbackFramed.release();
  92. }
  94. IASREQUESTSTATUS RasUser::processUser(
  95. IASRequest& request,
  96. PCWSTR domainName,
  97. PCWSTR username
  98. )
  99. {
  100. IASTraceString("Using downlevel dial-in parameters.");
  102. DWORD error;
  103. RAS_USER_0 ru0;
  105. // Try using LDAP first since it's fastest.
  106. PLDAPMessage res;
  107. error = IASNtdsQueryUserAttributes(
  108. domainName,
  109. username,
  110. LDAP_SCOPE_SUBTREE,
  111. const_cast<PWCHAR*>(USER_PARMS),
  112. &res
  113. );
  114. if (error == NO_ERROR)
  115. {
  116. // Retrieve the connection for this message.
  117. LDAP* ld = ldap_conn_from_msg(NULL, res);
  119. LDAPMessage* entry = ldap_first_entry(ld, res);
  120. if (entry)
  121. {
  122. // Store the user's DN.
  123. PWCHAR dn = ldap_get_dnW(ld, entry);
  124. IASStoreFQUserName(request, DS_FQDN_1779_NAME, dn);
  125. ldap_memfree(dn);
  127. // There is at most one attribute.
  128. PWCHAR *str = ldap_get_valuesW(
  129. ld,
  130. entry,
  131. const_cast<PWCHAR>(USER_PARMS[0])
  132. );
  134. // It's okay if we didn't get anything, the API can handle NULL
  135. // UserParameters.
  136. error = IASParmsQueryRasUser0((str ? *str : NULL), &ru0);
  138. ldap_value_freeW(str);
  139. }
  140. else
  141. {
  142. error = ERROR_NO_SUCH_USER;
  143. }
  145. ldap_msgfree(res);
  146. }
  147. else if (error == ERROR_DS_NOT_INSTALLED)
  148. {
  149. // No DS, so fall back to SAM APIs.
  150. error = IASGetRASUserInfo(username, domainName, &ru0);
  151. }
  153. if (error)
  154. {
  155. IASTraceFailure("Per-user attribute retrieval", error);
  157. HRESULT hr = IASMapWin32Error(error, IAS_SERVER_UNAVAILABLE);
  159. return IASProcessFailure(request, hr);
  160. }
  162. // Used for injecting single attributes.
  163. ATTRIBUTEPOSITION pos, *first, *last;
  164. first = &pos;
  165. last = first + 1;
  167. //////////
  168. // Insert the always present Allow-Dialin attribute.
  169. //////////
  171. if ((ru0.bfPrivilege & RASPRIV_DialinPrivilege) == 0)
  172. {
  173. first->pAttribute = denyAccess;
  174. }
  175. else
  176. {
  177. first->pAttribute = allowAccess;
  178. }
  180. IASTraceString("Inserting attribute msNPAllowDialin.");
  181. OverwriteAttribute(request, first, last);
  183. //////////
  184. // Insert the "Callback Framed" service type if callback is allowed.
  185. //////////
  187. if ((ru0.bfPrivilege & RASPRIV_CallbackType) != RASPRIV_NoCallback)
  188. {
  189. first->pAttribute = callbackFramed;
  191. IASTraceString("Inserting attribute msRADIUSServiceType.");
  192. OverwriteAttribute(request, first, last);
  193. }
  195. //////////
  196. // Insert the Callback-Number if present.
  197. //////////
  199. if (ru0.bfPrivilege & RASPRIV_AdminSetCallback)
  200. {
  201. IASAttribute callback(true);
  202. callback->dwId = RADIUS_ATTRIBUTE_CALLBACK_NUMBER;
  203. callback.setOctetString(ru0.wszPhoneNumber);
  204. callback.setFlag(IAS_INCLUDE_IN_ACCEPT);
  206. first->pAttribute = callback;
  208. IASTraceString("Inserting attribute msRADIUSCallbackNumber.");
  209. OverwriteAttribute(request, first, last);
  210. }
  212. IASTraceString("Successfully retrieved per-user attributes.");
  213. return IAS_REQUEST_STATUS_HANDLED;
  214. }