archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
0 Tags
2.0 GiB
Tree: daad8a087a
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'daad8a087a'
${ noResults }
windows-xp/Source/XPSP1/NT/net/ias/providers/ntuser/ldap/iasntds.cpp

275 lines
5.8 KiB
Raw Normal View History

Add source files
4 years ago
  1. ///////////////////////////////////////////////////////////////////////////////
  2. //
  3. // FILE
  4. //
  5. // iasntds.cpp
  6. //
  7. // SYNOPSIS
  8. //
  9. // Defines global objects and functions for the IAS NTDS API.
  10. //
  11. // MODIFICATION HISTORY
  12. //
  13. // 05/11/1998 Original version.
  14. // 07/13/1998 Clean up header file dependencies.
  15. // 08/25/1998 Added IASNtdsQueryUserAttributes.
  16. // 09/02/1998 Added 'scope' parameter to IASNtdsQueryUserAttributes.
  17. // 03/10/1999 Added IASNtdsIsNativeModeDomain.
  18. // 03/23/1999 Retry failed searches.
  19. // 05/11/1999 Ask for at least one attribute or else you get them all.
  20. // 09/14/1999 Move SEARCH_TIMEOUT to LDAPConnection.
  21. //
  22. ///////////////////////////////////////////////////////////////////////////////
  24. #include <ias.h>
  25. #include <iasntds.h>
  27. #include <ldapcxn.h>
  28. #include <ntcache.h>
  30. namespace
  31. {
  32. // Global object caches.
  33. NTCache theDomains;
  35. // Initialization reference count.
  36. LONG refCount = 0;
  37. }
  39. DWORD
  40. WINAPI
  41. IASNtdsInitialize( VOID )
  42. {
  43. std::_Lockit _Lk;
  45. ++refCount;
  47. return NO_ERROR;
  49. }
  51. VOID
  52. WINAPI
  53. IASNtdsUninitialize( VOID )
  54. {
  55. std::_Lockit _Lk;
  57. if (--refCount == 0)
  58. {
  59. theDomains.clear();
  60. }
  61. }
  63. BOOL
  64. WINAPI
  65. IASNtdsIsNativeModeDomain(
  66. IN PCWSTR domain
  67. )
  68. {
  69. return theDomains.getMode(domain) == NTDomain::MODE_NATIVE;
  70. }
  72. //////////
  73. // Retrieve a single entry from the DS. Handles all clean-up on failure.
  74. //////////
  75. DWORD
  76. WINAPI
  77. GetSingleEntry(
  78. LDAPConnection* cxn,
  79. PWCHAR base,
  80. ULONG scope,
  81. PWCHAR filter,
  82. PWCHAR attrs[],
  83. LDAPMessage **res
  84. ) throw ()
  85. {
  86. //////////
  87. // Perform the search.
  88. //////////
  90. ULONG error = ldap_search_ext_sW(
  91. *cxn,
  92. base,
  93. scope,
  94. filter,
  95. attrs,
  96. FALSE,
  97. NULL,
  98. NULL,
  99. &LDAPConnection::SEARCH_TIMEOUT,
  100. 0,
  101. res
  102. );
  104. //////////
  105. // Process the results.
  106. //////////
  108. if (error != LDAP_SUCCESS && error != LDAP_PARTIAL_RESULTS)
  109. {
  110. cxn->disable();
  112. error = LdapMapErrorToWin32(error);
  113. }
  114. else if ((*res)->lm_returncode != LDAP_SUCCESS)
  115. {
  116. error = LdapMapErrorToWin32((*res)->lm_returncode);
  117. }
  118. else if (ldap_count_entries(*cxn, *res) != 1)
  119. {
  120. error = ERROR_NO_SUCH_USER;
  121. }
  122. else
  123. {
  124. return NO_ERROR;
  125. }
  127. //////////
  128. // The search failed, so clean-up.
  129. //////////
  131. ldap_msgfree(*res);
  132. *res = NULL;
  134. IASTraceFailure("ldap_search_ext_sW", error);
  136. return error;
  137. }
  139. //////////
  140. // Constants used for building LDAP search filters.
  141. //////////
  142. const WCHAR USER_FILTER_PREFIX[] = L"(sAMAccountName=";
  143. const WCHAR USER_FILTER_SUFFIX[] = L")";
  144. const size_t MAX_USERNAME_LENGTH = 256;
  145. const size_t USER_FILTER_LENGTH = sizeof(USER_FILTER_PREFIX)/sizeof(WCHAR) +
  146. MAX_USERNAME_LENGTH +
  147. sizeof(USER_FILTER_SUFFIX)/sizeof(WCHAR);
  149. //////////
  150. // Empty attribute list.
  151. //////////
  152. PWCHAR NO_ATTRS[] = { L"cn", NULL };
  154. DWORD
  155. WINAPI
  156. QueryUserAttributesOnce(
  157. IN PCWSTR domainName,
  158. IN PCWSTR username,
  159. IN ULONG scope,
  160. IN PWCHAR attrs[],
  161. OUT LDAPMessage** res
  162. )
  163. {
  164. //////////
  165. // Retrieve a connection to the domain.
  166. //////////
  168. CComPtr<LDAPConnection> cxn;
  169. DWORD error = theDomains.getConnection(domainName, &cxn);
  171. switch (error)
  172. {
  173. case NO_ERROR:
  174. {
  175. IASTracePrintf("Sending LDAP search to %s.", cxn->getHost());
  176. break;
  177. }
  179. case ERROR_DS_NOT_INSTALLED:
  180. {
  181. IASTracePrintf("DS not installed for domain %S.", domainName);
  182. return error;
  183. }
  185. default:
  186. {
  187. IASTraceFailure("NTDomain::getConnection", error);
  188. IASTracePrintf("Could not open an LDAP connection to domain %S.",
  189. domainName);
  190. return error;
  191. }
  192. }
  194. //////////
  195. // Initialize the search filter.
  196. //////////
  198. WCHAR searchFilter[USER_FILTER_LENGTH];
  199. wcscpy (searchFilter, USER_FILTER_PREFIX);
  200. wcsncat(searchFilter, username, MAX_USERNAME_LENGTH);
  201. wcscat (searchFilter, USER_FILTER_SUFFIX);
  203. //////////
  204. // Query the DS. If scope == LDAP_SCOPE_BASE, then we won't retrieve the
  205. // actual attributes yet.
  206. //////////
  208. error = GetSingleEntry(
  209. cxn,
  210. const_cast<PWCHAR>(cxn->getBase()),
  211. LDAP_SCOPE_SUBTREE,
  212. searchFilter,
  213. (scope == LDAP_SCOPE_BASE ? NO_ATTRS : attrs),
  214. res
  215. );
  217. if (error == NO_ERROR && scope == LDAP_SCOPE_BASE)
  218. {
  219. // All we care about is the user's DN.
  220. PWCHAR dn = ldap_get_dnW(*cxn, ldap_first_entry(*cxn, *res));
  221. ldap_msgfree(*res);
  223. // Now get the actual attributes.
  224. error = GetSingleEntry(
  225. cxn,
  226. dn,
  227. LDAP_SCOPE_BASE,
  228. L"(objectclass=*)",
  229. attrs,
  230. res
  231. );
  233. ldap_memfree(dn);
  234. }
  236. return error;
  237. }
  239. DWORD
  240. WINAPI
  241. IASNtdsQueryUserAttributes(
  242. IN PCWSTR domainName,
  243. IN PCWSTR username,
  244. IN ULONG scope,
  245. IN PWCHAR attrs[],
  246. OUT LDAPMessage** res
  247. )
  248. {
  249. DWORD retval = QueryUserAttributesOnce(
  250. domainName,
  251. username,
  252. scope,
  253. attrs,
  254. res
  255. );
  257. switch (retval)
  258. {
  259. case NO_ERROR:
  260. case ERROR_DS_NOT_INSTALLED:
  261. case ERROR_NO_SUCH_USER:
  262. case ERROR_ACCESS_DENIED:
  263. return retval;
  264. }
  266. IASTraceString("Retrying LDAP search.");
  268. return QueryUserAttributesOnce(
  269. domainName,
  270. username,
  271. scope,
  272. attrs,
  273. res
  274. );
  275. }