/////////////////////////////////////////////////////////////////////////////
//
// Copyright(C) 1999-2000 Microsoft Corporation all rights reserved.
//
// Module: migratemdb.cpp
//
// Project: Windows 2000 IAS
//
// Description: IAS NT 4 MDB to IAS W2K MDB Migration Logic
//
// Author: TLP 1/13/1999
//
//
// Revision 02/24/2000 Moved to a separate dll
// 03/15/2000 Almost completely rewritten
//
/////////////////////////////////////////////////////////////////////////////
#include "stdafx.h"
#include "Attributes.h"
#include "Clients.h"
#include "DefaultProvider.h"
#include "GlobalData.h"
#include "migratemdb.h"
#include "migrateregistry.h"
#include "Objects.h"
#include "Policy.h"
#include "Properties.h"
#include "Profiles.h"
#include "profileattributelist.h"
#include "Providers.h"
#include "proxyservergroupcollection.h"
#include "RadiusAttributeValues.h"
#include "Realms.h"
#include "RemoteRadiusServers.h"
#include "ServiceConfiguration.h"
#include "Version.h"
#include "updatemschap.h"
// To remember:
// IAS_MAX_VSA_LENGTH = (253 * 2);
// 1.0 Format Offsets
//VSA_OFFSET = 0;
//VSA_OFFSET_ID = 0;
//VSA_OFFSET_TYPE = 8;
//VSA_OFFSET_LENGTH = 10;
//VSA_OFFSET_VALUE_RFC = 12;
//VSA_OFFSET_VALUE_NONRFC = 8;
// 2.0 Format Offsets
//VSA_OFFSET_NEW = 2;
//VSA_OFFSET_ID_NEW = 2;
//VSA_OFFSET_TYPE_NEW = 10;
//VSA_OFFSET_LENGTH_NEW = 12;
//VSA_OFFSET_VALUE_NONRFC_NEW = 10;
//////////////////////////////////////////////////////////////////////////////
// Helper Functions
//////////////////////////////////////////////////////////////////////////////
/////// From inet.c in ias util directory /////////////
//////////
// Macro to test if a character is a digit.
//////////
#define IASIsDigit(p) ((_TUCHAR)(p - _T('0')) <= 9)
//////////
// Macro to strip one byte of an IP address from a character string.
// 'p' pointer to the string to be parsed
// 'ul' unsigned long that will receive the result.
//////////
#define STRIP_BYTE(p,ul) { \
if (!IASIsDigit(*p)) goto error; \
ul = *p++ - _T('0'); \
if (IASIsDigit(*p)) { \
ul *= 10; ul += *p++ - _T('0'); \
if (IASIsDigit(*p)) { \
ul *= 10; ul += *p++ - _T('0'); \
} \
} \
if (ul > 0xff) goto error; \
}
///////////////////////////////////////////////////////////////////////////////
//
// FUNCTION
//
// ias_inet_addr
//
// DESCRIPTION
//
// This function is similar to the WinSock inet_addr function (q.v.) except
// it returns the address in host order and it can operate on both ANSI
// and UNICODE strings.
//
///////////////////////////////////////////////////////////////////////////////
unsigned long __stdcall ias_inet_addr(const WCHAR* cp)
{
unsigned long token;
unsigned long addr;
STRIP_BYTE(cp,addr);
if (*cp++ != _T('.')) goto error;
STRIP_BYTE(cp,token);
if (*cp++ != _T('.')) goto error;
addr <<= 8;
addr |= token;
STRIP_BYTE(cp,token);
if (*cp++ != _T('.')) goto error;
addr <<= 8;
addr |= token;
STRIP_BYTE(cp,token);
addr <<= 8;
return addr | token;
error:
return 0xffffffff;
}
//////////////////////////////////////////////////////////////////////////////
// ConvertVSA
//////////////////////////////////////////////////////////////////////////////
void CMigrateMdb::ConvertVSA(
/*[in]*/ LPCWSTR pAttributeValueName,
/*[in]*/ LPCWSTR pAttrValue,
_bstr_t& NewString
)
{
const long IAS_MAX_VSA_LENGTH = (253 * 2);
const byte VSA_OFFSET = 0;
const byte VSA_OFFSET_NEW = 2;
const byte VSA_OFFSET_VALUE_RFC_NEW = 14;
wchar_t szNewValue[IAS_MAX_VSA_LENGTH + 1];
szNewValue[0] = '\0';
// RFC compliant integer
if ( ! lstrcmp(pAttributeValueName, L"URDecimal or Hexadecimal (0x.. "
L"format) Integer") )
{
// Add the "02" as the type to the head of the string
lstrcat(szNewValue,L"02");
// Copy the old value to the new
lstrcpy(szNewValue + VSA_OFFSET_NEW, pAttrValue + VSA_OFFSET);
// Strip of the "0x" if necessary and convert to decimal
if ( ! wcsncmp(&szNewValue[VSA_OFFSET_VALUE_RFC_NEW], L"0x", 2) )
{
lstrcpy(&szNewValue[VSA_OFFSET_VALUE_RFC_NEW],
&szNewValue[VSA_OFFSET_VALUE_RFC_NEW + 2] );
}
}
// RFC compliant string
else if ( ! lstrcmp(pAttributeValueName, L"URString") )
{
// Set the new string type to "01"
lstrcat(szNewValue,L"01");
// Copy the old string to the new
lstrcpy(szNewValue + VSA_OFFSET_NEW, pAttrValue + VSA_OFFSET);
// Convert the old hex formatted string to a BSTR (in place)
wchar_t wcSaved;
wchar_t* pXlatPos = &szNewValue[VSA_OFFSET_VALUE_RFC_NEW];
wchar_t* pNewCharPos = pXlatPos;
wchar_t* pEnd;
while ( *pXlatPos != '\0' )
{
wcSaved = *(pXlatPos + 2);
*(pXlatPos + 2) = '\0';
*pNewCharPos = (wchar_t) wcstol(pXlatPos, &pEnd, 16);
*(pXlatPos + 2) = wcSaved;
pXlatPos += 2;
++pNewCharPos;
}
*pNewCharPos = '\0';
}
// RFC compliant hex
else if ( ! lstrcmp(pAttributeValueName, L"URHexadecimal") )
{
// Set the new type and copy the old string to the new
lstrcat(szNewValue,L"03");
lstrcpy(szNewValue + VSA_OFFSET_NEW, pAttrValue + VSA_OFFSET);
}
// Non RFC compliant (always hex)
else if ( ! lstrcmp(pAttributeValueName, L"UHHexadecimal") )
{
// Set the new type and copy the old string to the new
lstrcat(szNewValue,L"00");
lstrcpy(szNewValue + VSA_OFFSET_NEW, pAttrValue + VSA_OFFSET);
}
// Error
else
{
_ASSERT(FALSE);
}
// Return the new string
NewString = szNewValue;
}
//////////////////////////////////////////////////////////////////////////////
// MigrateProxyServers
//////////////////////////////////////////////////////////////////////////////
void CMigrateMdb::MigrateProxyServers()
{
const long DEFAULT_PRIORITY = 1;
const long DEFAULT_WEIGHT = 50;
// If there isn't any servers.
if ( m_GlobalData.m_pRadiusServers->IsEmpty() )
{
return;
}
CProxyServerGroupCollection& ServerCollection
= CProxyServerGroupCollection::Instance();
// Do a loop on the RadiusServers sorted by server group
_bstr_t CurrentGroupName;
CProxyServersGroupHelper* pCurrentServerGroup = NULL; //avoid warning
// CurrentGroupName will never match a name received therefore
// pCurrentServerGroup will always be initialized before being used
HRESULT hr;
do
{
_bstr_t GroupName = m_GlobalData.m_pRadiusServers->GetGroupName();
if ( CurrentGroupName != GroupName )
{
CProxyServersGroupHelper ServerGroup(m_GlobalData);
CurrentGroupName = GroupName;
ServerGroup.SetName(GroupName);
// Add a server to the collection
pCurrentServerGroup = ServerCollection.Add(ServerGroup);
}
if ( !pCurrentServerGroup )
{
_com_issue_error(E_FAIL);
}
CProxyServerHelper Server(m_GlobalData);
_bstr_t ServerName = m_GlobalData.m_pRadiusServers->
GetProxyServerName();
Server.SetAddress(ServerName);
Server.SetAuthenticationPort(
m_GlobalData.m_pRadiusServers->GetAuthenticationPortNumber()
);
Server.SetAccountingPort(
m_GlobalData.m_pRadiusServers->GetAccountingPortNumber()
);
_bstr_t Secret = m_GlobalData.m_pRadiusServers->GetSharedSecret();
Server.SetAuthenticationSecret(Secret);
Server.SetPriority(DEFAULT_PRIORITY);
Server.SetWeight(DEFAULT_WEIGHT);
pCurrentServerGroup->Add(Server); // cannot be NULL pointer
hr = m_GlobalData.m_pRadiusServers->GetNext();
}
while (hr == S_OK);
// persist everything in the database
ServerCollection.Persist();
_com_util::CheckError(hr);
}
//////////////////////////////////////////////////////////////////////////////
// NewMigrateClients
//////////////////////////////////////////////////////////////////////////////
void CMigrateMdb::NewMigrateClients()
{
// If there isn't any client, return
if ( m_GlobalData.m_pClients->IsEmpty() )
{
return;
}
// for each client in the client table, add it (blindly) to the dest table
// i.e. walkpath to find the clients container
// create the properties for that containes (clients).
const WCHAR ClientContainerPath[] =
L"Root\0"
L"Microsoft Internet Authentication Service\0"
L"Protocols\0"
L"Microsoft Radius Protocol\0"
L"Clients\0";
LONG ClientContainerIdentity;
m_GlobalData.m_pObjects->WalkPath(
ClientContainerPath,
ClientContainerIdentity
);
HRESULT hr;
do
{
_bstr_t ClientName = m_GlobalData.m_pClients->GetHostName();
_bstr_t ClientSecret = m_GlobalData.m_pClients->GetSecret();
LONG ClientIdentity;
m_GlobalData.m_pObjects->InsertObject(
ClientName,
ClientContainerIdentity,
ClientIdentity
);
// Now insert the properties:
// IP Address
_bstr_t PropertyName = L"IP Address";
m_GlobalData.m_pProperties->InsertProperty(
ClientIdentity,
PropertyName,
VT_BSTR,
ClientName
);
// NAS Manufacturer
PropertyName = L"NAS Manufacturer";
_bstr_t StrValZero = L"0"; // RADIUS Standard
m_GlobalData.m_pProperties->InsertProperty(
ClientIdentity,
PropertyName,
VT_I4,
StrValZero
);
// Require Signature
PropertyName = L"Require Signature";
m_GlobalData.m_pProperties->InsertProperty(
ClientIdentity,
PropertyName,
VT_BOOL,
StrValZero
);
// Shared Secret
PropertyName = L"Shared Secret";
m_GlobalData.m_pProperties->InsertProperty(
ClientIdentity,
PropertyName,
VT_BSTR,
ClientSecret
);
hr = m_GlobalData.m_pClients->GetNext();
}
while ( hr == S_OK );
_com_util::CheckError(hr);
}
//////////////////////////////////////////////////////////////////////////////
// ConvertAttribute
//////////////////////////////////////////////////////////////////////////////
void CMigrateMdb::ConvertAttribute(
const _bstr_t& Value,
LONG Syntax,
LONG& Type,
bstr_t& StrVal
)
{
const size_t SIZE_LONG_MAX = 14;
switch (Syntax)
{
case IAS_SYNTAX_OCTETSTRING:
{
// abinary => OctetString
Type = VT_BSTR;
StrVal = Value;
break;
}
case IAS_SYNTAX_STRING:
case IAS_SYNTAX_UTCTIME:
case IAS_SYNTAX_PROVIDERSPECIFIC:
{
Type = VT_BSTR;
StrVal = Value;
break;
}
case IAS_SYNTAX_INETADDR:
{
unsigned long ulValue = ias_inet_addr(Value);
_ASSERT( ulValue != 0xffffffff );
Type = VT_I4;
WCHAR TempString[SIZE_LONG_MAX];
StrVal = _ultow(ulValue, TempString, 10);
break;
}
case IAS_SYNTAX_BOOLEAN:
{
LONG lValue = _wtol(Value);
Type = VT_BOOL;
StrVal = lValue? L"-1":L"0";
break;
}
case IAS_SYNTAX_INTEGER:
case IAS_SYNTAX_UNSIGNEDINTEGER:
case IAS_SYNTAX_ENUMERATOR:
{
Type = VT_I4;
StrVal = Value;
break;
}
default:
{
_com_issue_error(E_INVALIDARG);
}
}
}
//////////////////////////////////////////////////////////////////////////////
// MigrateAttribute
//////////////////////////////////////////////////////////////////////////////
void CMigrateMdb::MigrateAttribute(
const _bstr_t& Attribute,
LONG AttributeNumber,
const _bstr_t& AttributeValueName,
const _bstr_t& StringValue,
LONG RASProfileIdentity
)
{
// Note: Order might not be needed if the previous DB is always sorted
const size_t SIZE_LONG_MAX = 14;
_bstr_t LDAPName, StrVal;
LONG Syntax, Type; // Type: VT_BSTR, VT_I4, VT_BOOL
BOOL IsMultiValued;
HRESULT hr = m_GlobalData.m_pAttributes->GetAttribute(
AttributeNumber,
LDAPName,
Syntax,
IsMultiValued
);
if ( FAILED(hr) )
{
// Attribute unknown in the new dictionary
// that should never happen
return;
}
const LONG VSA = 26; //Vendor-Specific-Attribute
if ( StringValue.length() && ( AttributeNumber != VSA) )
{
// ordinary attribute, not an enumerator
ConvertAttribute(
StringValue,
Syntax,
Type,
StrVal
);
if ( IsMultiValued )
{
// If the attribute is multivalued then we need to add the value
// Otherwise we just update the attribute value
m_GlobalData.m_pProperties->InsertProperty(
RASProfileIdentity,
LDAPName,
Type,
StrVal
);
}
else
{
m_GlobalData.m_pProperties->UpdateProperty(
RASProfileIdentity,
LDAPName,
Type,
StrVal
);
}
}
else if ( StringValue.length() && ( AttributeNumber == VSA) )
{
// VSA Attribute (convert...)
if ( !AttributeValueName )
{
_com_issue_error(E_INVALIDARG);
}
ConvertVSA(AttributeValueName, StringValue, StrVal);
Type = VT_BSTR;
m_GlobalData.m_pProperties->InsertProperty(
RASProfileIdentity,
LDAPName,
Type,
StrVal
);
}
else if ( !StringValue.length() )
{
// Multivalued attribute.
Type = VT_I4;
// Get the number associated with it from the RadiusAttributeValues
// table
LONG Number = m_GlobalData.m_pRADIUSAttributeValues->GetAttributeNumber
(
Attribute,
AttributeValueName
);
WCHAR TempString[SIZE_LONG_MAX ];
StrVal = _ltow(Number, TempString, 10);
// The attribute should be multivalued
_ASSERTE(IsMultiValued);
m_GlobalData.m_pProperties->InsertProperty(
RASProfileIdentity,
LDAPName,
Type,
StrVal
);
}
else
{
// other (unknown)
_com_issue_error(E_FAIL);
}
}
//////////////////////////////////////////////////////////////////////////////
// MigrateOtherProfile
//////////////////////////////////////////////////////////////////////////////
void CMigrateMdb::MigrateOtherProfile(
const _bstr_t& ProfileName,
LONG ProfileIdentity
)
{
_bstr_t Attribute, AttributeValueName, StringValue;
LONG Order, AttributeNumber;
// Now add the attributes from the NT4 file
HRESULT hr = m_GlobalData.m_pProfileAttributeList->GetAttribute(
ProfileName,
Attribute,
AttributeNumber,
AttributeValueName,
StringValue,
Order
);
LONG IndexAttribute = 1;
// For each attribute in the Profile Attribute List
// with szProfile = ProfileName
while ( SUCCEEDED(hr) )
{
// migrate it to the default RAS profile in IAS.mdb
MigrateAttribute(
Attribute,
AttributeNumber,
AttributeValueName,
StringValue,
ProfileIdentity
);
hr = m_GlobalData.m_pProfileAttributeList->GetAttribute(
ProfileName,
Attribute,
AttributeNumber,
AttributeValueName,
StringValue,
Order,
IndexAttribute
);
++IndexAttribute;
}
}
//////////////////////////////////////////////////////////////////////////////
// MigrateCorpProfile
//////////////////////////////////////////////////////////////////////////////
void CMigrateMdb::MigrateCorpProfile(
const _bstr_t& ProfileName,
const _bstr_t& Description
)
{
_bstr_t Attribute, AttributeValueName, StringValue;
LONG Order, AttributeNumber;
// empty the default profiles attributes
const WCHAR RASProfilePath[] =
L"Root\0"
L"Microsoft Internet Authentication Service\0"
L"RadiusProfiles\0";
LONG RASProfileIdentity;
m_GlobalData.m_pObjects->WalkPath(RASProfilePath, RASProfileIdentity);
// Now get the first profile: that's the default (localized) RAS profile
_bstr_t DefaultProfileName;
LONG DefaultProfileIdentity;
m_GlobalData.m_pObjects->GetObject(
DefaultProfileName,
DefaultProfileIdentity,
RASProfileIdentity
);
// Clean the default attributes
m_GlobalData.m_pProperties->DeleteProperty(
DefaultProfileIdentity,
L"msRADIUSServiceType"
);
m_GlobalData.m_pProperties->DeleteProperty(
DefaultProfileIdentity,
L"msRADIUSFramedProtocol"
);
// Now add the attributes from the NT4 file
HRESULT hr = m_GlobalData.m_pProfileAttributeList->GetAttribute(
ProfileName,
Attribute,
AttributeNumber,
AttributeValueName,
StringValue,
Order
);
LONG IndexAttribute = 1;
// For each attribute in the Profile Attribute List
// with szProfile = ProfileName
while ( SUCCEEDED(hr) )
{
// migrate it to the default RAS profile in IAS.mdb
MigrateAttribute(
Attribute,
AttributeNumber,
AttributeValueName,
StringValue,
DefaultProfileIdentity
);
hr = m_GlobalData.m_pProfileAttributeList->GetAttribute(
ProfileName,
Attribute,
AttributeNumber,
AttributeValueName,
StringValue,
Order,
IndexAttribute
);
++IndexAttribute;
}
// now not matter what, if Description == ODBC,
// Then the policy should have a condition to never match.
// (update msNPConstraint
const _bstr_t BadProvider = L"ODBC";
if ( Description == BadProvider ) //safe compare
{
// Get the Policy container
const WCHAR RASPolicyPath[] =
L"Root\0"
L"Microsoft Internet Authentication Service\0"
L"NetworkPolicy\0";
// Get its (unique) child
LONG RASPolicyIdentity;
m_GlobalData.m_pObjects->WalkPath(RASPolicyPath, RASPolicyIdentity);
// Now get the first policy: that's the default (localized) RAS policy
_bstr_t DefaultPolicyName;
LONG DefaultPolicyIdentity;
m_GlobalData.m_pObjects->GetObject(
DefaultPolicyName,
DefaultPolicyIdentity,
RASPolicyIdentity
);
// delete the msNPConstraint (s)
const _bstr_t Constraint = L"msNPConstraint";
m_GlobalData.m_pProperties->DeleteProperty(
DefaultPolicyIdentity,
Constraint
);
// add a TIMEOFDAY that never matches
const _bstr_t DumbTime = L"TIMEOFDAY(\"\")";
m_GlobalData.m_pProperties->InsertProperty(
RASPolicyIdentity,
Constraint,
VT_BSTR,
DumbTime
);
}
}
//////////////////////////////////////////////////////////////////////////////
// NewMigrateProfiles
//////////////////////////////////////////////////////////////////////////////
void CMigrateMdb::NewMigrateProfiles()
{
const LONG AUTH_PROVIDER_WINDOWS = 1;
const LONG AUTH_PROVIDER_RADIUS_PROXY = 2;
const LONG ACCT_PROVIDER_RADIUS_PROXY = 2;
const _bstr_t RemoteRADIUSServers = L"Remote RADIUS Servers";
const _bstr_t MCIS = L"MCIS";
const _bstr_t MCISv2 = L"MCIS version 2.0";
const _bstr_t ODBC = L"ODBC";
const _bstr_t WindowsNT = L"Windows NT";
const _bstr_t MatchAll = L"TIMEOFDAY(\"0 00:00-24:00; 1 00:00"
L"-24:00; 2 00:00-24:00; 3 00:00-24:00; 4 00:00-24:00; 5 00:"
L"00-24:00; 6 00:00-24:00\")";
// Get the Default Provider's data
_bstr_t DPUserDefinedName, DPProfile;
VARIANT_BOOL DPForwardAccounting, DPSupressAccounting
, DPLogoutAccounting;
m_GlobalData.m_pDefaultProvider->GetDefaultProvider(
DPUserDefinedName,
DPProfile,
DPForwardAccounting,
DPSupressAccounting,
DPLogoutAccounting
);
_bstr_t ProfileName = m_GlobalData.m_pProfiles->GetProfileName();
// Do the NT4 CORP migration first if needed
if ( m_Utils.IsNT4Corp() )
{
// This is NT4 CORP. migrate the default profile into
// the default policy/profile (not the proxy default)
_bstr_t Description = m_GlobalData.m_pProviders->
GetProviderDescription(DPUserDefinedName);
MigrateCorpProfile(ProfileName, Description);
// stop here
return;
}
// Now that is not a NT4 CORP migration
// Delete the default Proxy Policy / profile
const WCHAR ProxyPoliciesPath[] =
L"Root\0"
L"Microsoft Internet Authentication Service\0"
L"Proxy Policies\0";
LONG ProxyPolicyIdentity;
m_GlobalData.m_pObjects->WalkPath(ProxyPoliciesPath, ProxyPolicyIdentity);
// Now get the first profile: that's the default (localized) RAS policy
_bstr_t DefaultPolicyName;
LONG DefaultPolicyIdentity;
m_GlobalData.m_pObjects->GetObject(
DefaultPolicyName,
DefaultPolicyIdentity,
ProxyPolicyIdentity
);
m_GlobalData.m_pObjects->DeleteObject(DefaultPolicyIdentity);
// From now on the default proxy policy / profile is deleted
// Now empty the default RAS profiles attributes
const WCHAR RASProfilePath[] =
L"Root\0"
L"Microsoft Internet Authentication Service\0"
L"RadiusProfiles\0";
LONG RASProfileIdentity;
m_GlobalData.m_pObjects->WalkPath(RASProfilePath, RASProfileIdentity);
// Now get the first profile: that's the default (localized) RAS profile
_bstr_t DefaultProfileName;
LONG DefaultProfileIdentity;
m_GlobalData.m_pObjects->GetObject(
DefaultProfileName,
DefaultProfileIdentity,
RASProfileIdentity
);
// Clean the default attributes
m_GlobalData.m_pProperties->DeleteProperty(
DefaultProfileIdentity,
L"msRADIUSServiceType"
);
m_GlobalData.m_pProperties->DeleteProperty(
DefaultProfileIdentity,
L"msRADIUSFramedProtocol"
);
// from now on the default RAS profile has its default attributes (the one
// in the Advanced tab in the UI) deleted.
HRESULT hr;
LONG Sequence = 1;
// Get the list of the profiles
do
{
LONG RealmIndex = 0;
ProfileName = m_GlobalData.m_pProfiles->GetProfileName();
// Note: hr should be set only by GetRealmIndex
do
{
// Get the realms associated with that profile
CPolicy TempPolicy;
hr = m_GlobalData.m_pRealms->GetRealmIndex(ProfileName,RealmIndex);
if ( hr != S_OK )
{
// exit that internal do / while to get the next profile
break;
}
_bstr_t RealmName = m_GlobalData.m_pRealms->GetRealmName();
TempPolicy.SetmsNPAction(RealmName);
++RealmIndex;
// That will set the realm part of the profile based on the
// values in NT4 as well as the reg keys values
m_GlobalData.m_pRealms->SetRealmDetails(
TempPolicy,
m_Utils
);
_bstr_t UserDefinedName = m_GlobalData.m_pRealms
->GetUserDefinedName();
// Look up the provider in the providers table. Note: Assume
// the proxy servers (and groups) are already migrated.
_bstr_t ProviderDescription = m_GlobalData.m_pProviders
->GetProviderDescription(UserDefinedName);
// Set the sequence order
TempPolicy.SetmsNPSequence(Sequence);
// Now set the authentication provider
if ( ProviderDescription == RemoteRADIUSServers )
{
TempPolicy.SetmsAuthProviderType(
AUTH_PROVIDER_RADIUS_PROXY,
UserDefinedName
);
}
else if ( ( ProviderDescription == MCIS ) ||
( ProviderDescription == MCISv2 ) ||
( ProviderDescription == WindowsNT ) )
{
TempPolicy.SetmsAuthProviderType(AUTH_PROVIDER_WINDOWS);
}
else if ( ProviderDescription == ODBC )
{
// If ODBC is the authentication provider,
// then convert that realm into a policy that would never match.
// Authentication provider should be NT Domain.
TempPolicy.SetmsAuthProviderType(AUTH_PROVIDER_WINDOWS);
const _bstr_t MatchNothing = L"TIMEOFDAY(\"\")";
TempPolicy.SetmsNPConstraint(MatchNothing);
}
else
{
_com_issue_error(E_INVALIDARG);
}
// persist the policy
LONG ProfileIdentity = TempPolicy.Persist(m_GlobalData);
// migrate the profile associated with that policy
MigrateOtherProfile(ProfileName, ProfileIdentity);
++Sequence;
} while (hr == S_OK);
hr = m_GlobalData.m_pProfiles->GetNext();
} while ( hr == S_OK );
if ( DPUserDefinedName.length() )
{
// there is a default provider: a default policy needs to be created
// same logic as above (mostly)
CPolicy DefaultPolicy;
DefaultPolicy.SetmsNPAction(DPProfile);
_bstr_t ProviderDescription = m_GlobalData.m_pProviders
->GetProviderDescription(DPUserDefinedName);
if ( ProviderDescription == RemoteRADIUSServers )
{
DefaultPolicy.SetmsAuthProviderType(
AUTH_PROVIDER_RADIUS_PROXY,
DPUserDefinedName
);
DefaultPolicy.SetmsNPConstraint(MatchAll);
}
else if ( ( ProviderDescription == MCIS ) ||
( ProviderDescription == MCISv2 ) ||
( ProviderDescription == WindowsNT ) )
{
DefaultPolicy.SetmsNPConstraint(MatchAll);
DefaultPolicy.SetmsAuthProviderType(AUTH_PROVIDER_WINDOWS);
}
else if ( ProviderDescription == ODBC )
{
// If ODBC is the authentication provider,
// then convert that realm into a policy that would never match.
// Authentication provider should be NT Domain.
DefaultPolicy.SetmsAuthProviderType(AUTH_PROVIDER_WINDOWS);
const _bstr_t MatchNothing = L"TIMEOFDAY(\"\")";
DefaultPolicy.SetmsNPConstraint(MatchNothing);
}
else
{
_com_issue_error(E_INVALIDARG);
}
DefaultPolicy.SetmsNPSequence(Sequence);
if ( DPForwardAccounting )
{
DefaultPolicy.SetmsAcctProviderType(ACCT_PROVIDER_RADIUS_PROXY);
}
LONG ProfileIdentity = DefaultPolicy.Persist(m_GlobalData);
MigrateOtherProfile(DPProfile, ProfileIdentity);
}
// else no default provider: no default policy
}
//////////////////////////////////////////////////////////////////////////////
// NewMigrateAccounting
//////////////////////////////////////////////////////////////////////////////
void CMigrateMdb::NewMigrateAccounting()
{
const WCHAR AccountingPath[] =
L"Root\0"
L"Microsoft Internet Authentication Service\0"
L"RequestHandlers\0"
L"Microsoft Accounting\0";
LONG AccountingIdentity;
m_GlobalData.m_pObjects->WalkPath(AccountingPath, AccountingIdentity);
_bstr_t MaxLogSize = m_GlobalData.m_pServiceConfiguration->GetMaxLogSize();
_bstr_t LogFrequency = m_GlobalData.m_pServiceConfiguration->
GetLogFrequency();
_bstr_t PropertyName = L"New Log Frequency";
m_GlobalData.m_pProperties->UpdateProperty(
AccountingIdentity,
PropertyName,
VT_I4,
LogFrequency
);
PropertyName = L"New Log Size";
m_GlobalData.m_pProperties->UpdateProperty(
AccountingIdentity,
PropertyName,
VT_I4,
MaxLogSize
);
DWORD Value;
m_Utils.NewGetAuthSrvParameter(L"LogAuthentications", Value);
_bstr_t LogAuth;
Value ? LogAuth = L"-1": LogAuth = L"0";
PropertyName = L"Log Authentication Packets";
m_GlobalData.m_pProperties->UpdateProperty(
AccountingIdentity,
PropertyName,
VT_BOOL,
LogAuth
);
m_Utils.NewGetAuthSrvParameter(L"LogAccounting", Value);
_bstr_t LogAcct;
Value ? LogAcct = L"-1": LogAcct = L"0";
PropertyName = L"Log Accounting Packets";
m_GlobalData.m_pProperties->UpdateProperty(
AccountingIdentity,
PropertyName,
VT_BOOL,
LogAcct
);
_bstr_t FormatIAS1 = L"0";
PropertyName = L"Log Format";
m_GlobalData.m_pProperties->UpdateProperty(
AccountingIdentity,
PropertyName,
VT_I4,
FormatIAS1
);
}
//////////////////////////////////////////////////////////////////////////////
// NewMigrateEventLog
//////////////////////////////////////////////////////////////////////////////
void CMigrateMdb::NewMigrateEventLog()
{
const WCHAR EventLogPath[] =
L"Root\0"
L"Microsoft Internet Authentication Service\0"
L"Auditors\0"
L"Microsoft NT Event Log Auditor\0";
LONG EventLogIdentity;
m_GlobalData.m_pObjects->WalkPath(EventLogPath, EventLogIdentity);
DWORD Value;
m_Utils.NewGetAuthSrvParameter(L"LogData", Value);
_bstr_t LogData;
Value ? LogData = L"-1": LogData = L"0";
_bstr_t PropertyName = L"Log Verbose";
m_GlobalData.m_pProperties->UpdateProperty(
EventLogIdentity,
PropertyName,
VT_BOOL,
LogData
);
m_Utils.NewGetAuthSrvParameter(L"LogBogus", Value);
_bstr_t LogBogus;
Value ? LogBogus = L"-1": LogBogus = L"0";
PropertyName = L"Log Malformed Packets";
m_GlobalData.m_pProperties->UpdateProperty(
EventLogIdentity,
PropertyName,
VT_BOOL,
LogBogus
);
}
//////////////////////////////////////////////////////////////////////////////
// NewMigrateService
//////////////////////////////////////////////////////////////////////////////
void CMigrateMdb::NewMigrateService()
{
const LONG PORT_SIZE_MAX = 34;
const WCHAR ServicePath[] =
L"Root\0"
L"Microsoft Internet Authentication Service\0"
L"Protocols\0"
L"Microsoft Radius Protocol\0";
LONG ServiceIdentity;
m_GlobalData.m_pObjects->WalkPath(ServicePath, ServiceIdentity);
DWORD Value;
m_Utils.NewGetAuthSrvParameter(L"RadiusPort", Value);
WCHAR TempString[PORT_SIZE_MAX];
_bstr_t RadiusPort = _ultow(Value, TempString, 10);
_bstr_t PropertyName = L"Authentication Port";
m_GlobalData.m_pProperties->UpdateProperty(
ServiceIdentity,
PropertyName,
VT_BSTR,
RadiusPort
);
m_Utils.NewGetAuthSrvParameter(L"AcctPort", Value);
_bstr_t AcctPort = _ltow(Value, TempString, 10);
PropertyName = L"Accounting Port";
m_GlobalData.m_pProperties->UpdateProperty(
ServiceIdentity,
PropertyName,
VT_BSTR,
AcctPort
);
}
//////////////////////////////////////////////////////////////////////////////
// NewMigrate
//////////////////////////////////////////////////////////////////////////////
void CMigrateMdb::NewMigrate()
{
NewMigrateClients();
if ( !m_Utils.IsNT4Corp() ) // it's either Win2k or NT4 ISP
{
// the proxy servers must be migrated before the policies and
// profiles
MigrateProxyServers();
}
NewMigrateProfiles();
NewMigrateAccounting();
NewMigrateEventLog();
NewMigrateService();
/////////////////////////////
// Migrate the Registry Keys
/////////////////////////////
CMigrateRegistry MigrateRegistry(m_Utils);
MigrateRegistry.MigrateProviders();
//////////////////////////////////////////////////////
// Update the MSChap Authentication types (password)
//////////////////////////////////////////////////////
CUpdateMSCHAP UpdateMSCHAP(m_GlobalData);
UpdateMSCHAP.Execute();
}