archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
0 Tags
2.0 GiB
Tree: daad8a087a
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'daad8a087a'
${ noResults }
windows-xp/Source/XPSP1/NT/admin/dsutils/migrate/clonepr/connect.cpp

703 lines
16 KiB
Raw Normal View History

Add source files
4 years ago
  1. //
  2. // Implementation of ICloneSecurityPrincipal::Connect
  3. //
  4. // sburns 5-10-99
  8. #include "headers.hxx"
  9. #include "resource.h"
  10. #include "common.hpp"
  11. #include "implmain.hpp"
  15. CloneSecurityPrincipal::Connection::Connection()
  16. :
  17. dstComputer(0),
  18. dstDomainSamHandle(INVALID_HANDLE_VALUE),
  19. dstDsBindHandle(INVALID_HANDLE_VALUE),
  20. m_pldap(0),
  21. srcComputer(0),
  22. srcDcDnsName(),
  23. srcDomainSamHandle(INVALID_HANDLE_VALUE)
  24. {
  25. LOG_CTOR(CloneSecurityPrincipal::Connection);
  26. }
  30. CloneSecurityPrincipal::Connection::~Connection()
  31. {
  32. LOG_DTOR(CloneSecurityPrincipal::Connection);
  34. Disconnect();
  35. }
  39. HRESULT
  40. ValidateDCAndDomainParameters(
  41. const String& srcDC,
  42. const String& srcDomain,
  43. const String& dstDC,
  44. const String& dstDomain)
  45. {
  46. LOG_FUNCTION(ValidateDCAndDomainParameters);
  48. HRESULT hr = S_OK;
  49. do
  50. {
  51. if (srcDC.empty() && srcDomain.empty())
  52. {
  53. hr = E_INVALIDARG;
  54. SetComError(IDS_MUST_SPECIFY_SRC_DC_OR_DOMAIN);
  55. BREAK_ON_FAILED_HRESULT(hr);
  56. }
  58. if (dstDC.empty() && dstDomain.empty())
  59. {
  60. hr = E_INVALIDARG;
  61. SetComError(IDS_MUST_SPECIFY_DST_DC_OR_DOMAIN);
  62. BREAK_ON_FAILED_HRESULT(hr);
  63. }
  65. if (!srcDC.empty() && !dstDC.empty())
  66. {
  67. if (srcDC.icompare(dstDC) == 0)
  68. {
  69. // may not be the same dc
  71. hr = E_INVALIDARG;
  72. SetComError(IDS_SRC_DC_EQUALS_DST_DC);
  73. BREAK_ON_FAILED_HRESULT(hr);
  74. }
  75. }
  77. if (!srcDomain.empty() && dstDomain.empty())
  78. {
  79. if (srcDomain.icompare(dstDomain) == 0)
  80. {
  81. // may not be the same domain
  83. hr = E_INVALIDARG;
  84. SetComError(IDS_SRC_DOMAIN_EQUALS_DST_DOMAIN);
  85. BREAK_ON_FAILED_HRESULT(hr);
  86. }
  87. }
  88. }
  89. while (0);
  91. return hr;
  92. }
  96. // Creates a Computer object representing the domain controller specified, or
  97. // located domain controller for the domain specified. Does additional
  98. // validation of the dc and domain parameters.
  100. HRESULT
  101. CreateComputer(
  102. const String& dc,
  103. const String& domain,
  104. Computer*& computer)
  105. {
  106. LOG_FUNCTION(CreateComputer);
  107. ASSERT(computer == 0);
  109. computer = 0;
  110. HRESULT hr = S_OK;
  111. do
  112. {
  113. if (dc.empty())
  114. {
  115. // source DC was not specified: find a writeable DC
  117. // must have supplied the source domain: we checked for that
  118. // in an earlier call to ValidateDCAndDomainParameters
  119. ASSERT(!domain.empty());
  120. if (domain.empty())
  121. {
  122. hr = E_INVALIDARG;
  123. SetComError(IDS_MUST_SPECIFY_SRC_DC_OR_DOMAIN);
  124. break;
  125. }
  127. DOMAIN_CONTROLLER_INFO* info = 0;
  128. hr =
  129. Win32ToHresult(
  130. MyDsGetDcName(
  131. 0,
  132. domain,
  133. DS_WRITABLE_REQUIRED | DS_DIRECTORY_SERVICE_PREFERRED,
  134. info));
  136. LOG_HRESULT(hr);
  138. if (FAILED(hr))
  139. {
  140. SetComError(
  141. String::format(
  142. IDS_CANT_FIND_DC,
  143. domain.c_str(),
  144. GetErrorMessage(hr).c_str()));
  145. break;
  146. }
  148. if (info && info->DomainControllerName)
  149. {
  150. computer = new Computer(info->DomainControllerName);
  151. ::NetApiBufferFree(info);
  152. }
  153. else
  154. {
  155. // should always get a result if successful
  156. ASSERT(false);
  157. hr = E_FAIL;
  158. break;
  159. }
  160. }
  161. else
  162. {
  163. // source dc was supplied
  165. computer = new Computer(dc);
  166. }
  167. }
  168. while (0);
  170. return hr;
  171. }
  175. // HRESULT
  176. // Authenticate(
  177. // const Computer& computer,
  178. // const String& username,
  179. // const String& userDomain,
  180. // const String& password)
  181. // {
  182. // LOG_FUNCTION(Authenticate);
  183. //
  184. // // attempt to authenticate to the computer.
  185. // String name = computer.NameWithBackslashes();
  186. //
  187. // NETRESOURCE nr;
  188. // memset(&nr, 0, sizeof(nr));
  189. //
  190. // nr.dwType = RESOURCETYPE_ANY;
  191. // nr.lpRemoteName = const_cast<String::value_type*>(name.c_str());
  192. //
  193. // // see KB articles Q218497, Q180548, Q183366 for the pitfalls here...
  194. //
  195. // String u;
  196. // if (userDomain.empty())
  197. // {
  198. // u = username;
  199. // }
  200. // else
  201. // {
  202. // ASSERT(!username.empty());
  203. // u = userDomain + L"\\" + username;
  204. // }
  205. //
  206. // LOG(L"Calling WNetAddConnection2");
  207. // LOG(String::format(L"username : %1", u.empty() ? L"(null)" : u.c_str()));
  208. //
  209. // HRESULT hr =
  210. // Win32ToHresult(
  211. // ::WNetAddConnection2(
  212. // &nr,
  213. // password.c_str(),
  214. // u.empty() ? 0 : u.c_str(),
  215. // 0));
  216. //
  217. // LOG_HRESULT(hr);
  218. //
  219. // if (FAILED(hr))
  220. // {
  221. // SetComError(
  222. // String::format(
  223. // IDS_UNABLE_TO_CONNECT,
  224. // name.c_str(),
  225. // GetErrorMessage(hr).c_str()));
  226. // }
  227. //
  228. // return hr;
  229. // }
  233. HRESULT
  234. ValidateInitializedComputer(
  235. const Computer& computer,
  236. const String& domain)
  237. {
  238. LOG_FUNCTION(ValidateInitializedComputer);
  240. HRESULT hr = S_OK;
  241. do
  242. {
  243. if (!computer.IsDomainController())
  244. {
  245. hr = E_INVALIDARG;
  246. SetComError(
  247. String::format(
  248. IDS_COMPUTER_IS_NOT_DC,
  249. computer.GetNetbiosName().c_str()));
  250. break;
  251. }
  253. if (!domain.empty())
  254. {
  255. // check that the DC is really a DC of the specified domain
  256. if (
  257. computer.GetDomainDnsName().icompare(domain) != 0
  258. && computer.GetDomainNetbiosName().icompare(domain) != 0)
  259. {
  260. hr = E_INVALIDARG;
  261. SetComError(
  262. String::format(
  263. IDS_NOT_DC_FOR_WRONG_DOMAIN,
  264. computer.GetNetbiosName().c_str(),
  265. domain.c_str()));
  266. break;
  267. }
  268. }
  269. }
  270. while (0);
  272. return hr;
  273. }
  277. // Returns an open handle to the SAM database for the named domain on the
  278. // given DC. Should be freed with SamCloseHandle.
  280. HRESULT
  281. OpenSamDomain(
  282. const String& dcName,
  283. const String& domainNetBiosName,
  284. SAM_HANDLE& resultHandle)
  285. {
  286. LOG_FUNCTION2(OpenSamDomain, dcName);
  287. ASSERT(!dcName.empty());
  289. resultHandle = INVALID_HANDLE_VALUE;
  291. HRESULT hr = S_OK;
  292. SAM_HANDLE serverHandle = INVALID_HANDLE_VALUE;
  293. PSID domainSID = 0;
  294. do
  295. {
  296. UNICODE_STRING serverName;
  297. memset(&serverName, 0, sizeof(serverName));
  298. ::RtlInitUnicodeString(&serverName, dcName.c_str());
  300. LOG(L"Calling SamConnect");
  302. hr =
  303. NtStatusToHRESULT(
  304. ::SamConnect(
  305. &serverName,
  306. &serverHandle,
  307. MAXIMUM_ALLOWED,
  308. 0));
  309. if (FAILED(hr))
  310. {
  311. SetComError(
  312. String::format(
  313. IDS_UNABLE_TO_CONNECT_TO_SAM_SERVER,
  314. dcName.c_str(),
  315. GetErrorMessage(hr).c_str()));
  316. break;
  317. }
  319. UNICODE_STRING domainName;
  320. memset(&domainName, 0, sizeof(domainName));
  321. ::RtlInitUnicodeString(&domainName, domainNetBiosName.c_str());
  323. hr =
  324. NtStatusToHRESULT(
  325. ::SamLookupDomainInSamServer(
  326. serverHandle,
  327. &domainName,
  328. &domainSID));
  329. if (FAILED(hr))
  330. {
  331. SetComError(
  332. String::format(
  333. IDS_UNABLE_TO_LOOKUP_SAM_DOMAIN,
  334. domainNetBiosName.c_str(),
  335. GetErrorMessage(hr).c_str()));
  336. break;
  337. }
  339. hr =
  340. NtStatusToHRESULT(
  341. ::SamOpenDomain(
  342. serverHandle,
  343. MAXIMUM_ALLOWED,
  344. domainSID,
  345. &resultHandle));
  346. if (FAILED(hr))
  347. {
  348. SetComError(
  349. String::format(
  350. IDS_UNABLE_TO_OPEN_SAM_DOMAIN,
  351. domainNetBiosName.c_str(),
  352. GetErrorMessage(hr).c_str()));
  353. break;
  354. }
  355. }
  356. while (0);
  358. if (serverHandle != INVALID_HANDLE_VALUE)
  359. {
  360. ::SamCloseHandle(serverHandle);
  361. }
  363. if (domainSID)
  364. {
  365. ::SamFreeMemory(domainSID);
  366. }
  368. return hr;
  369. }
  373. HRESULT
  374. DetermineSourceDcDnsName(
  375. const String& srcDcNetbiosName,
  376. const String& srcDomainDnsName,
  377. String& srcDcDnsName)
  378. {
  379. LOG_FUNCTION(DetermineSourceDcDnsName);
  380. ASSERT(!srcDcNetbiosName.empty());
  382. srcDcDnsName.erase();
  384. if (srcDomainDnsName.empty())
  385. {
  386. // The computer is not a DS DC, so we don't need its DNS name.
  387. LOG(L"source DC is not a DS DC");
  389. return S_OK;
  390. }
  392. HRESULT hr = S_OK;
  393. HANDLE hds = 0;
  394. do
  395. {
  396. // Bind to self
  397. hr =
  398. MyDsBind(
  399. srcDcNetbiosName,
  400. srcDomainDnsName,
  401. hds);
  402. if (FAILED(hr))
  403. {
  404. SetComError(
  405. String::format(
  406. IDS_BIND_FAILED,
  407. srcDcNetbiosName.c_str(),
  408. GetErrorMessage(hr).c_str()));
  409. break;
  410. }
  412. // find all the dc's for my domain. the list should contain
  413. // srcDcNetbiosName.
  415. DS_DOMAIN_CONTROLLER_INFO_1W* info = 0;
  416. DWORD infoCount = 0;
  417. hr =
  418. MyDsGetDomainControllerInfo(
  419. hds,
  420. srcDomainDnsName,
  421. infoCount,
  422. info);
  423. if (FAILED(hr))
  424. {
  425. SetComError(
  426. String::format(
  427. IDS_GET_DC_INFO_FAILED,
  428. GetErrorMessage(hr).c_str()));
  429. break;
  430. }
  432. // there should be at least 1 entry, the source DC itself
  433. ASSERT(infoCount);
  434. ASSERT(info);
  436. if (info)
  437. {
  438. for (DWORD i = 0; i < infoCount; i++)
  439. {
  440. if (info[i].NetbiosName)
  441. {
  442. LOG(info[i].NetbiosName);
  444. if (srcDcNetbiosName.icompare(info[i].NetbiosName) == 0)
  445. {
  446. // we found ourselves in the list
  448. LOG(L"netbios name found");
  450. if (info[i].DnsHostName)
  451. {
  452. LOG(L"dns hostname found!");
  453. srcDcDnsName = info[i].DnsHostName;
  454. break;
  455. }
  457. }
  458. }
  459. }
  460. }
  462. ::DsFreeDomainControllerInfo(1, infoCount, info);
  464. if (srcDcDnsName.empty())
  465. {
  466. hr = E_FAIL;
  467. SetComError(
  468. String::format(
  469. IDS_CANT_FIND_SRC_DC_DNS_NAME,
  470. srcDcNetbiosName.c_str()));
  471. break;
  472. }
  474. LOG(srcDcDnsName);
  475. }
  476. while (0);
  478. if (hds)
  479. {
  480. ::DsUnBind(&hds);
  481. hds = 0;
  482. }
  484. return hr;
  485. }
  489. HRESULT
  490. CloneSecurityPrincipal::Connection::Connect(
  491. const String& srcDC,
  492. const String& srcDomain,
  493. const String& dstDC,
  494. const String& dstDomain)
  495. {
  496. LOG_FUNCTION(CloneSecurityPrincipal::Connection::Connect);
  498. HRESULT hr = S_OK;
  499. do
  500. {
  501. hr = ValidateDCAndDomainParameters(srcDC, srcDomain, dstDC, dstDomain);
  502. BREAK_ON_FAILED_HRESULT(hr);
  504. hr = CreateComputer(srcDC, srcDomain, srcComputer);
  505. BREAK_ON_FAILED_HRESULT(hr);
  507. hr = CreateComputer(dstDC, dstDomain, dstComputer);
  508. BREAK_ON_FAILED_HRESULT(hr);
  510. // hr =
  511. // Authenticate(
  512. // *srcComputer,
  513. // srcUsername,
  514. // srcUserDomain,
  515. // srcPassword);
  516. // BREAK_ON_FAILED_HRESULT(hr);
  518. hr = srcComputer->Refresh();
  519. if (FAILED(hr))
  520. {
  521. SetComError(
  522. String::format(
  523. IDS_UNABLE_TO_READ_COMPUTER_INFO,
  524. srcComputer->GetNetbiosName().c_str(),
  525. GetErrorMessage(hr).c_str()));
  526. break;
  527. }
  529. hr = ValidateInitializedComputer(*srcComputer, srcDomain);
  530. BREAK_ON_FAILED_HRESULT(hr);
  532. hr = dstComputer->Refresh();
  533. if (FAILED(hr))
  534. {
  535. SetComError(
  536. String::format(
  537. IDS_UNABLE_TO_READ_COMPUTER_INFO,
  538. dstComputer->GetNetbiosName().c_str(),
  539. GetErrorMessage(hr).c_str()));
  540. break;
  541. }
  543. hr = ValidateInitializedComputer(*dstComputer, dstDomain);
  544. BREAK_ON_FAILED_HRESULT(hr);
  546. // bind to the destination DC.
  548. ASSERT(dstDsBindHandle == INVALID_HANDLE_VALUE);
  550. hr =
  551. MyDsBind(
  552. dstComputer->GetNetbiosName(),
  553. String(),
  554. dstDsBindHandle);
  555. if (FAILED(hr))
  556. {
  557. SetComError(
  558. String::format(
  559. IDS_BIND_FAILED,
  560. dstComputer->GetNetbiosName().c_str(),
  561. GetErrorMessage(hr).c_str()));
  562. break;
  563. }
  565. //
  566. // open ldap connection to dstDC
  567. //
  568. m_pldap = ldap_open(const_cast<String::value_type*>(dstDC.c_str()), LDAP_PORT);
  569. if (!m_pldap)
  570. {
  571. hr = Win::GetLastErrorAsHresult();
  572. SetComError(
  573. String::format(
  574. IDS_LDAPOPEN_FAILED,
  575. dstComputer->GetNetbiosName().c_str(),
  576. GetErrorMessage(hr).c_str()));
  577. break;
  578. }
  580. // SEC_WINNT_AUTH_IDENTITY authInfo;
  581. // authInfo.User = const_cast<wchar_t*>(dstUsername.c_str());
  582. // authInfo.UserLength = dstUsername.length();
  583. // authInfo.Domain = const_cast<wchar_t*>(dstUserDomain.c_str());
  584. // authInfo.DomainLength = dstUserDomain.length();
  585. // authInfo.Password = const_cast<wchar_t*>(dstPassword.c_str());
  586. // authInfo.PasswordLength = dstPassword.length();
  587. // authInfo.Flags = SEC_WINNT_AUTH_IDENTITY_UNICODE;
  589. DWORD dwErr = ldap_bind_s(
  590. m_pldap,
  591. NULL,
  592. (TCHAR *) 0,
  593. LDAP_AUTH_NEGOTIATE);
  594. if (LDAP_SUCCESS != dwErr)
  595. {
  596. hr = Win::GetLastErrorAsHresult();
  598. ldap_unbind_s(m_pldap);
  599. m_pldap = 0;
  601. SetComError(
  602. String::format(
  603. IDS_LDAPBIND_FAILED,
  604. dstComputer->GetNetbiosName().c_str(),
  605. GetErrorMessage(hr).c_str()));
  606. break;
  607. }
  609. // obtain sam handles to source and dst domains
  611. ASSERT(srcDomainSamHandle == INVALID_HANDLE_VALUE);
  613. hr =
  614. OpenSamDomain(
  615. srcComputer->GetNetbiosName(),
  616. srcComputer->GetDomainNetbiosName(),
  617. srcDomainSamHandle);
  618. BREAK_ON_FAILED_HRESULT(hr);
  620. ASSERT(dstDomainSamHandle == INVALID_HANDLE_VALUE);
  622. hr =
  623. OpenSamDomain(
  624. dstComputer->GetNetbiosName(),
  625. dstComputer->GetDomainNetbiosName(),
  626. dstDomainSamHandle);
  627. BREAK_ON_FAILED_HRESULT(hr);
  629. hr =
  630. DetermineSourceDcDnsName(
  631. srcComputer->GetNetbiosName(),
  632. srcComputer->GetDomainDnsName(),
  633. srcDcDnsName);
  634. BREAK_ON_FAILED_HRESULT(hr);
  635. }
  636. while (0);
  638. if (FAILED(hr))
  639. {
  640. Disconnect();
  641. }
  643. return hr;
  644. }
  648. bool
  649. CloneSecurityPrincipal::Connection::IsConnected() const
  650. {
  651. LOG_FUNCTION(CloneSecurityPrincipal::Connection::IsConnected);
  653. bool result =
  654. srcComputer
  655. && dstComputer
  656. && (dstDsBindHandle != INVALID_HANDLE_VALUE)
  657. && (srcDomainSamHandle != INVALID_HANDLE_VALUE);
  659. LOG(
  660. String::format(
  661. L"object %1 connected.",
  662. result ? L"is" : L"is NOT"));
  664. return result;
  665. }
  669. void
  670. CloneSecurityPrincipal::Connection::Disconnect()
  671. {
  672. LOG_FUNCTION(CloneSecurityPrincipal::Connection::Disconnect);
  674. // may be called if Connect fails, so we might be in a partially
  675. // connected state. So we need to check the handle values.
  677. if (srcDomainSamHandle != INVALID_HANDLE_VALUE)
  678. {
  679. ::SamCloseHandle(srcDomainSamHandle);
  680. srcDomainSamHandle = INVALID_HANDLE_VALUE;
  681. }
  683. if (dstDsBindHandle != INVALID_HANDLE_VALUE)
  684. {
  685. ::DsUnBind(&dstDsBindHandle);
  686. dstDsBindHandle = INVALID_HANDLE_VALUE;
  687. }
  689. if (m_pldap)
  690. {
  691. ldap_unbind_s(m_pldap);
  692. m_pldap = 0;
  693. }
  695. delete dstComputer;
  696. dstComputer = 0;
  698. delete srcComputer;
  699. srcComputer = 0;
  700. }