|
|
//+---------------------------------------------------------------------------
//
// Microsoft Windows
// Copyright (C) Microsoft Corporation, 1992 - 1997.
//
// File: whackspn.c
//
// Contents:
//
// Classes:
//
// Functions:
//
// History: 7-30-98 RichardW Created
//
//----------------------------------------------------------------------------
#define LDAP_UNICODE 1
#include <nt.h>
#include <ntrtl.h>
#include <nturtl.h>
#include <windows.h>
#define SECURITY_WIN32
#include <rpc.h>
#include <sspi.h>
#include <secext.h>
#include <lm.h>
#include <winsock2.h>
#include <winldap.h>
#include <ntldap.h>
#include <dsgetdc.h>
#include <dsgetdcp.h>
#include <ntdsapi.h>
#include <stdio.h>
#include <stdlib.h>
#define NlPrint(x) DPrint x;
#define NL_CRITICAL 0
#define NL_MISC 0
HANDLE hGC ;
BOOL AddDollar = TRUE;
VOIDDPrint( DWORD Level, PCHAR FormatString, ... ){ va_list ArgList;
va_start(ArgList, FormatString); vprintf( FormatString, ArgList ); va_end( ArgList );}
BOOLFindDomainForServer( PWSTR Server, PWSTR Domain ){ ULONG NetStatus ; WCHAR LocalServerName[ 64 ]; PDOMAIN_CONTROLLER_INFOW DcInfo ;
wcsncpy( LocalServerName, Server, 63 );
if ( AddDollar ) { wcscat( LocalServerName, L"$" ); }
NetStatus = DsGetDcNameWithAccountW( NULL, LocalServerName, ( AddDollar ? UF_MACHINE_ACCOUNT_MASK : UF_NORMAL_ACCOUNT ), L"", NULL, NULL, DS_DIRECTORY_SERVICE_REQUIRED | DS_RETURN_DNS_NAME, &DcInfo );
if ( NetStatus == 0 ) { wcscpy( Domain, DcInfo->DomainName ); NetApiBufferFree( DcInfo );
return TRUE ; } else { printf("can't find DC for %ws - %u\n", LocalServerName, NetStatus ); }
return FALSE ;}
DWORDAddDnsHostNameAttribute( HANDLE hDs, PWCHAR Server, PWCHAR DnsDomain )
{ NET_API_STATUS NetStatus = NO_ERROR; ULONG CrackStatus = DS_NAME_NO_ERROR;
LPWSTR DnsHostNameValues[2]; LPWSTR SpnArray[3]; LPWSTR DnsSpn = NULL; LPWSTR NetbiosSpn = NULL;
LDAPModW DnsHostNameAttr; LDAPModW SpnAttr; LDAPModW *Mods[3] = {NULL};
LDAP *LdapHandle = NULL; LDAPMessage *LdapMessage = NULL; PDS_NAME_RESULTW CrackedName = NULL; LPWSTR DnOfAccount = NULL;
LPWSTR NameToCrack; DWORD SamNameSize; WCHAR SamName[ DNLEN + 1 + CNLEN + 1 + 1]; WCHAR nameBuffer[ 256 ];
ULONG LdapStatus; LONG LdapOption;
LDAP_TIMEVAL LdapTimeout; ULONG MessageNumber;
//
// Ldap modify control needed to indicate that the
// existing values of the modified attributes should
// be left intact and the missing ones should be added.
// Without this control, a modification of an attribute
// that results in an addition of a value that already
// exists will fail.
//
LDAPControl ModifyControl = { LDAP_SERVER_PERMISSIVE_MODIFY_OID_W, { 0, NULL }, FALSE };
PLDAPControl ModifyControlArray[2] = { &ModifyControl, NULL };
//
// Prepare DnsHostName modification entry
//
wcsncpy( nameBuffer, Server, sizeof( nameBuffer ) / sizeof( WCHAR )); wcscat( nameBuffer, L"." ); wcscat( nameBuffer, DnsDomain );
DnsHostNameValues[0] = nameBuffer; DnsHostNameValues[1] = NULL;
//
// If we set both DnsHostName and SPN, then DnsHostName is
// missing, so add it. If we set DnsHostName only, then
// DnsHostName already exists (but incorrect), so replace it.
//
if ( TRUE ) { DnsHostNameAttr.mod_op = LDAP_MOD_ADD; } else { DnsHostNameAttr.mod_op = LDAP_MOD_REPLACE; } DnsHostNameAttr.mod_type = L"DnsHostName"; DnsHostNameAttr.mod_values = DnsHostNameValues;
Mods[0] = &DnsHostNameAttr; Mods[1] = NULL;
//
// The name of the computer object is
// <NetbiosDomainName>\<NetbiosComputerName>$
//
wcscpy( SamName, DnsDomain ); { PWCHAR p;
p = wcschr( SamName, L'.' ); *p = UNICODE_NULL; }
wcscat( SamName, L"\\" ); wcscat( SamName, Server ); wcscat( SamName, L"$" );
//
// Crack the sam account name into a DN:
//
NameToCrack = SamName; NetStatus = DsCrackNamesW( hDs, 0, DS_NT4_ACCOUNT_NAME, DS_FQDN_1779_NAME, 1, &NameToCrack, &CrackedName );
if ( NetStatus != NO_ERROR ) { NlPrint(( NL_CRITICAL, "SPN: CrackNames failed on %ws for %ws: %ld\n", DnsDomain, SamName, NetStatus )); goto Cleanup ; }
if ( CrackedName->cItems != 1 ) { CrackStatus = DS_NAME_ERROR_NOT_UNIQUE; NlPrint(( NL_CRITICAL, "SPN: Cracked Name is not unique on %ws for %ws: %ld\n", DnsDomain, SamName, NetStatus )); goto Cleanup ; }
if ( CrackedName->rItems[ 0 ].status != DS_NAME_NO_ERROR ) { NlPrint(( NL_CRITICAL, "SPN: CrackNames failed on %ws for %ws: substatus %ld\n", DnsDomain, SamName, CrackedName->rItems[ 0 ].status )); CrackStatus = CrackedName->rItems[ 0 ].status; goto Cleanup ; } DnOfAccount = CrackedName->rItems[0].pName;
//
// Open an LDAP connection to the DC and set useful options
//
LdapHandle = ldap_init( DnsDomain, LDAP_PORT );
if ( LdapHandle == NULL ) { NetStatus = GetLastError(); NlPrint(( NL_CRITICAL, "SPN: ldap_init failed on %ws for %ws: %ld\n", DnsDomain, SamName, NetStatus )); goto Cleanup; }
// 30 second timeout
LdapOption = 30; LdapStatus = ldap_set_optionW( LdapHandle, LDAP_OPT_TIMELIMIT, &LdapOption ); if ( LdapStatus != LDAP_SUCCESS ) { NlPrint(( NL_CRITICAL, "SPN: ldap_set_option LDAP_OPT_TIMELIMIT failed on %ws for %ws: %ld: %s\n", DnsDomain, SamName, LdapStatus, ldap_err2stringA( LdapStatus ))); NetStatus = LdapMapErrorToWin32(LdapStatus); goto Cleanup; }
// Don't chase referals
LdapOption = PtrToLong(LDAP_OPT_OFF); LdapStatus = ldap_set_optionW( LdapHandle, LDAP_OPT_REFERRALS, &LdapOption ); if ( LdapStatus != LDAP_SUCCESS ) { NlPrint(( NL_CRITICAL, "SPN: ldap_set_option LDAP_OPT_REFERRALS failed on %ws for %ws: %ld: %s\n", DnsDomain, SamName, LdapStatus, ldap_err2stringA( LdapStatus ))); NetStatus = LdapMapErrorToWin32(LdapStatus); goto Cleanup; }
#if 0
// Set the option telling LDAP that I passed it an explicit DC name and
// that it can avoid the DsGetDcName.
LdapOption = PtrToLong(LDAP_OPT_ON); LdapStatus = ldap_set_optionW( LdapHandle, LDAP_OPT_AREC_EXCLUSIVE, &LdapOption ); if ( LdapStatus != LDAP_SUCCESS ) { NlPrint(( NL_CRITICAL, "SPN: ldap_set_option LDAP_OPT_AREC_EXCLUSIVE failed on %ws for %ws: %ld: %s\n", DnsDomain, SamName, LdapStatus, ldap_err2stringA( LdapStatus ))); NetStatus = LdapMapErrorToWin32(LdapStatus); goto Cleanup; }#endif
//
// Bind to the DC
//
LdapStatus = ldap_bind_s( LdapHandle, NULL, // No DN of account to authenticate as
NULL, // Default credentials
LDAP_AUTH_NEGOTIATE );
if ( LdapStatus != LDAP_SUCCESS ) { NlPrint(( NL_CRITICAL, "SPN: Cannot ldap_bind to %ws for %ws: %ld: %s\n", DnsDomain, SamName, LdapStatus, ldap_err2stringA( LdapStatus ))); NetStatus = LdapMapErrorToWin32(LdapStatus); goto Cleanup; }
//
// Write the modifications
//
LdapStatus = ldap_modify_extW( LdapHandle, DnOfAccount, Mods, (PLDAPControl *) &ModifyControlArray, NULL, // No client controls
&MessageNumber );
if ( LdapStatus != LDAP_SUCCESS ) { NlPrint(( NL_CRITICAL, "SPN: Cannot ldap_modify on %ws for %ws: %ld: %s\n", DnsDomain, DnOfAccount, LdapStatus, ldap_err2stringA( LdapStatus ))); NetStatus = LdapMapErrorToWin32(LdapStatus); goto Cleanup; }
// Wait for the modify to complete
LdapTimeout.tv_sec = 30; LdapTimeout.tv_usec = 0; LdapStatus = ldap_result( LdapHandle, MessageNumber, LDAP_MSG_ALL, &LdapTimeout, &LdapMessage );
switch ( LdapStatus ) { case -1: NlPrint(( NL_CRITICAL, "SPN: Cannot ldap_result on %ws for %ws: %ld: %s\n", DnsDomain, SamName, LdapHandle->ld_errno, ldap_err2stringA( LdapHandle->ld_errno ))); NetStatus = LdapMapErrorToWin32(LdapStatus); goto Cleanup;
case 0: NlPrint(( NL_CRITICAL, "SPN: ldap_result timeout on %ws for %ws.\n", DnsDomain, SamName )); NetStatus = LdapMapErrorToWin32(LdapStatus); goto Cleanup;
case LDAP_RES_MODIFY: if ( LdapMessage->lm_returncode != 0 ) { NlPrint(( NL_CRITICAL, "SPN: Cannot ldap_result on %ws for %ws: %ld: %s\n", DnsDomain, SamName, LdapMessage->lm_returncode, ldap_err2stringA( LdapMessage->lm_returncode ))); NetStatus = LdapMapErrorToWin32(LdapMessage->lm_returncode); goto Cleanup; }
NlPrint(( NL_MISC, "SPN: Set successfully on DC %ws\n", DnsDomain )); break; // This is what we expect
default: NlPrint(( NL_CRITICAL, "SPN: ldap_result unexpected result on %ws for %ws: %ld\n", DnsDomain, SamName, LdapStatus )); NetStatus = LdapMapErrorToWin32(LdapStatus); goto Cleanup; }
Cleanup:
//
// Log the failure in the event log, if requested.
// Try to output the most specific error.
//
if ( CrackedName ) { DsFreeNameResultW( CrackedName ); }
if ( LdapMessage != NULL ) { ldap_msgfree( LdapMessage ); }
if ( LdapHandle != NULL ) { ldap_unbind_s( LdapHandle ); }
if ( DnsSpn ) { LocalFree( DnsSpn ); }
if ( NetbiosSpn ) { LocalFree( NetbiosSpn ); }
return NetStatus;}
BOOLAddHostSpn( PWSTR Server ){ WCHAR HostSpn[ 64 ]; WCHAR Domain[ MAX_PATH ]; WCHAR FlatName[ 64 ]; HANDLE hDs ; ULONG NetStatus ; PWSTR Dot ; PDS_NAME_RESULTW Result ; LPWSTR Flat = FlatName; LPWSTR Spn = HostSpn ;
wcscpy( HostSpn, L"HOST/" ); wcscat( HostSpn, Server );
#if 1
if ( !FindDomainForServer( Server, Domain )) { printf(" No domain controller for %ws found\n", Server ); return FALSE ; }#else
wcscpy( Domain, L"ntdev.microsoft.com" );#endif
Dot = wcschr( Domain, L'.' ); if ( Dot ) { *Dot = L'\0'; } wcscpy( FlatName, Domain );
if ( Dot ) { *Dot = L'.' ; }
wcscat( FlatName, L"\\" ); wcscat( FlatName, Server ); if ( AddDollar ) { wcscat( FlatName, L"$" ); }
NetStatus = DsBindW( NULL, Domain, &hDs );
if ( NetStatus != 0 ) { printf("Failed to bind to DC of domain %ws, %#x\n", Domain, NetStatus ); return FALSE ; }
NetStatus = DsCrackNamesW( hDs, 0, DS_NT4_ACCOUNT_NAME, DS_FQDN_1779_NAME, 1, &Flat, &Result );
if ( NetStatus != 0 ) { printf("Failed to crack name %ws into the FQDN, %#x\n", FlatName, NetStatus );
DsUnBind( &hDs );
return FALSE ; } else { DWORD i; BOOL foundFailure = FALSE;
//
// check the stat-i inside the struct
//
for ( i = 0; i < Result->cItems; ++i ) { if ( Result->rItems[i].status == DS_NAME_NO_ERROR ) { printf("Found domain\\name '%ws\\%ws' for Flatname '%ws' \n", Result->rItems[i].pDomain, Result->rItems[i].pName, FlatName); } else { printf("Couldn't crack name for '%ws' - %u\n", FlatName, Result->rItems[i].status); foundFailure = TRUE; } }
if ( foundFailure ) { return FALSE; } }
//
// add DnsHostName attribute to this object
//
NetStatus = AddDnsHostNameAttribute( hDs, Server, Domain ); if ( NetStatus != 0 ) { printf( "Failed to add DnsHostName attrib to '%ws.%ws', %#x\n", Server, Domain, NetStatus );
return FALSE; }
//
// write the netbios based SPN
//
NetStatus = DsServerRegisterSpnW( DS_SPN_ADD_SPN_OP, L"HOST", Result->rItems[0].pName);
if ( NetStatus != 0 ) { printf("DsServerRegisterSpn Failed to assign SPN to '%ws', %#x\n", Result->rItems[0].pName, NetStatus ); }
NetStatus = DsWriteAccountSpnW( hDs, DS_SPN_ADD_SPN_OP, Result->rItems[0].pName, 1, &Spn );
if ( NetStatus != 0 ) { printf("Failed to assign SPN '%ws' to account '%ws', %#x\n", HostSpn, Result->rItems[0].pName, NetStatus ); } else { DWORD i; BOOL foundFailure = FALSE;
//
// check the stat-i inside the struct
//
for ( i = 0; i < Result->cItems; ++i ) { if ( Result->rItems[i].status == DS_NAME_NO_ERROR ) { printf("Assigned SPN '%ws' to account '%ws' \n", HostSpn, Result->rItems[i].pName ); } else { printf("WriteAccountSpn failed for '%ws' - %u\n", HostSpn, Result->rItems[i].status); foundFailure = TRUE; } }
if ( foundFailure ) { return FALSE; } }
//
// do it again with the DNS domain as well
//
wcscat( HostSpn, L"." ); wcscat( HostSpn, Domain );
NetStatus = DsWriteAccountSpnW(hDs, DS_SPN_ADD_SPN_OP, Result->rItems[0].pName, 1, &Spn );
if ( NetStatus != 0 ) { printf("Failed to assign SPN '%ws' to account '%ws', %#x\n", HostSpn, Result->rItems[0].pName, NetStatus ); } else { DWORD i; BOOL foundFailure = FALSE;
//
// check the stat-i inside the struct
//
for ( i = 0; i < Result->cItems; ++i ) { if ( Result->rItems[i].status == DS_NAME_NO_ERROR ) { printf("Assigned SPN '%ws' to account '%ws' \n", HostSpn, Result->rItems[i].pName ); } else { printf("WriteAccountSpn failed for '%ws' - %u\n", HostSpn, Result->rItems[i].status); foundFailure = TRUE; } }
if ( foundFailure ) { return FALSE; } }
DsFreeNameResultW( Result );
DsUnBind( &hDs );
return NetStatus == 0 ;
}
void __cdecl wmain (int argc, wchar_t *argv[]){
PWCHAR machineName;
if ( argc < 2 ) { printf("usage: %s [-$] machinename\n", argv[0] ); exit(0); }
if ( argv[1][0] == '-') { switch (argv[1][1]) { case '$': AddDollar = FALSE ; break; default: printf(" unrecognized option, '%s'\n", argv[1] ); exit(0);
}
machineName = argv[2];
} else { machineName = argv[1]; }
if ( AddHostSpn( machineName ) ) { printf("Updated object\n" ); }}
|
