mirror of https://github.com/tongzx/nt5src
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
347 lines
7.7 KiB
347 lines
7.7 KiB
//+---------------------------------------------------------------------------
|
|
//
|
|
// Microsoft Windows
|
|
// Copyright (C) Microsoft Corporation, 1992 - 1995.
|
|
//
|
|
// File: secutil.cxx
|
|
//
|
|
// Contents: Helper routines for conversion - LDAP specific
|
|
//
|
|
// Functions:
|
|
//
|
|
// History: 09-27-98 by splitting ldap\var2sec.cxx
|
|
// and distributing between ldapc and router - AjayR
|
|
//
|
|
//----------------------------------------------------------------------------
|
|
#include "ldapc.hxx"
|
|
#pragma hdrstop
|
|
|
|
//
|
|
// Definition need as this is not a part of the headers
|
|
//
|
|
extern "C" {
|
|
HRESULT
|
|
ADsEncodeBinaryData (
|
|
PBYTE pbSrcData,
|
|
DWORD dwSrcLen,
|
|
LPWSTR * ppszDestData
|
|
);
|
|
}
|
|
|
|
HRESULT
|
|
ConvertSidToString(
|
|
PSID pSid,
|
|
LPWSTR String
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
|
|
This function generates a printable unicode string representation
|
|
of a SID.
|
|
|
|
The resulting string will take one of two forms. If the
|
|
IdentifierAuthority value is not greater than 2^32, then
|
|
the SID will be in the form:
|
|
|
|
|
|
S-1-281736-12-72-9-110
|
|
^ ^^ ^^ ^ ^^^
|
|
| | | | |
|
|
+-----+--+-+--+---- Decimal
|
|
|
|
|
|
|
|
Otherwise it will take the form:
|
|
|
|
|
|
S-1-0x173495281736-12-72-9-110
|
|
^^^^^^^^^^^^^^ ^^ ^^ ^ ^^^
|
|
Hexidecimal | | | |
|
|
+--+-+--+---- Decimal
|
|
|
|
|
|
Arguments:
|
|
|
|
pSid - opaque pointer that supplies the SID that is to be
|
|
converted to Unicode.
|
|
|
|
Return Value:
|
|
|
|
If the Sid is successfully converted to a Unicode string, a
|
|
pointer to the Unicode string is returned, else NULL is
|
|
returned.
|
|
|
|
--*/
|
|
|
|
{
|
|
WCHAR Buffer[256];
|
|
UCHAR i;
|
|
ULONG Tmp;
|
|
HRESULT hr = S_OK;
|
|
|
|
SID_IDENTIFIER_AUTHORITY *pSidIdentifierAuthority;
|
|
PUCHAR pSidSubAuthorityCount;
|
|
|
|
|
|
if (!IsValidSid( pSid )) {
|
|
*String= L'\0';
|
|
hr = HRESULT_FROM_WIN32(ERROR_INVALID_SID);
|
|
RRETURN(hr);
|
|
}
|
|
|
|
wsprintf(Buffer, L"S-%u-", (USHORT)(((PISID)pSid)->Revision ));
|
|
wcscpy(String, Buffer);
|
|
|
|
pSidIdentifierAuthority = GetSidIdentifierAuthority(pSid);
|
|
|
|
if ( (pSidIdentifierAuthority->Value[0] != 0) ||
|
|
(pSidIdentifierAuthority->Value[1] != 0) ){
|
|
wsprintf(Buffer, L"0x%02hx%02hx%02hx%02hx%02hx%02hx",
|
|
(USHORT)pSidIdentifierAuthority->Value[0],
|
|
(USHORT)pSidIdentifierAuthority->Value[1],
|
|
(USHORT)pSidIdentifierAuthority->Value[2],
|
|
(USHORT)pSidIdentifierAuthority->Value[3],
|
|
(USHORT)pSidIdentifierAuthority->Value[4],
|
|
(USHORT)pSidIdentifierAuthority->Value[5] );
|
|
wcscat(String, Buffer);
|
|
|
|
} else {
|
|
|
|
Tmp = (ULONG)pSidIdentifierAuthority->Value[5] +
|
|
(ULONG)(pSidIdentifierAuthority->Value[4] << 8) +
|
|
(ULONG)(pSidIdentifierAuthority->Value[3] << 16) +
|
|
(ULONG)(pSidIdentifierAuthority->Value[2] << 24);
|
|
wsprintf(Buffer, L"%lu", Tmp);
|
|
wcscat(String, Buffer);
|
|
}
|
|
|
|
pSidSubAuthorityCount = GetSidSubAuthorityCount(pSid);
|
|
|
|
for (i=0;i< *(pSidSubAuthorityCount);i++ ) {
|
|
wsprintf(Buffer, L"-%lu", *(GetSidSubAuthority(pSid, i)));
|
|
wcscat(String, Buffer);
|
|
}
|
|
|
|
RRETURN(S_OK);
|
|
|
|
}
|
|
|
|
|
|
HRESULT
|
|
ConvertU2TrusteeToSid(
|
|
LPWSTR pszServerName,
|
|
CCredentials& Credentials,
|
|
LPWSTR pszTrustee,
|
|
LPBYTE Sid,
|
|
PDWORD pdwSidSize
|
|
)
|
|
{
|
|
PADSLDP pLdapHandle = NULL;
|
|
HRESULT hr = S_OK;
|
|
LPWSTR *SidAttribute = NULL;
|
|
DWORD nCount = 0;
|
|
DWORD dwStatus = 0;
|
|
struct berval **ppBerValue = NULL;
|
|
LPWSTR Attributes[2];
|
|
LDAPMessage *res = NULL;
|
|
LDAPMessage *entry = NULL;
|
|
DWORD dwNumberOfEntries = 0;
|
|
DWORD dwSidLength = 0;
|
|
LPBYTE lpByte = NULL;
|
|
WCHAR szSid[MAX_PATH];
|
|
|
|
Attributes[0] = L"Sid";
|
|
Attributes[1] = NULL;
|
|
|
|
ConvertSidToString( Sid, szSid);
|
|
|
|
dwStatus = LdapOpenObject(
|
|
pszServerName,
|
|
pszTrustee,
|
|
&pLdapHandle,
|
|
Credentials,
|
|
FALSE
|
|
);
|
|
if (dwStatus) {
|
|
hr = HRESULT_FROM_WIN32(dwStatus);
|
|
BAIL_ON_FAILURE(hr);
|
|
}
|
|
|
|
dwStatus = LdapSearchS(
|
|
pLdapHandle,
|
|
pszTrustee,
|
|
LDAP_SCOPE_BASE,
|
|
L"(objectClass=*)",
|
|
Attributes,
|
|
0,
|
|
&res
|
|
);
|
|
|
|
if (dwStatus) {
|
|
hr = HRESULT_FROM_WIN32(dwStatus);
|
|
BAIL_ON_FAILURE(hr);
|
|
}
|
|
|
|
dwNumberOfEntries = LdapCountEntries( pLdapHandle, res );
|
|
|
|
if ( dwNumberOfEntries == 0 )
|
|
RRETURN(S_OK);
|
|
|
|
dwStatus = LdapFirstEntry( pLdapHandle, res, &entry );
|
|
|
|
if (dwStatus) {
|
|
hr = HRESULT_FROM_WIN32(dwStatus);
|
|
BAIL_ON_FAILURE(hr);
|
|
}
|
|
|
|
dwStatus = LdapGetValuesLen(
|
|
pLdapHandle,
|
|
entry,
|
|
L"Sid",
|
|
&ppBerValue,
|
|
(int *)&nCount
|
|
);
|
|
if (dwStatus) {
|
|
hr = HRESULT_FROM_WIN32(dwStatus);
|
|
BAIL_ON_FAILURE(hr);
|
|
}
|
|
|
|
dwSidLength = ((struct berval **)ppBerValue)[0]->bv_len;
|
|
lpByte = (LPBYTE)((struct berval **) ppBerValue)[0]->bv_val;
|
|
|
|
|
|
memcpy( Sid, lpByte, dwSidLength);
|
|
*pdwSidSize = dwSidLength;
|
|
|
|
error:
|
|
|
|
if (res) {
|
|
LdapMsgFree( res );
|
|
}
|
|
|
|
RRETURN(hr);
|
|
}
|
|
|
|
|
|
HRESULT
|
|
ConvertSidToU2Trustee(
|
|
LPWSTR pszServerName,
|
|
CCredentials& Credentials,
|
|
PSID pSid,
|
|
LPWSTR szTrustee
|
|
)
|
|
{
|
|
HRESULT hr = S_OK;
|
|
PUCHAR pSidAuthorityCount = NULL;
|
|
LPWSTR pszQueryString = NULL;
|
|
DWORD dwSidLength = 0;
|
|
LDAPMessage *res = NULL;
|
|
LPWSTR pszDN = NULL;
|
|
LDAPMessage *entry = NULL;
|
|
DWORD dwStatus = 0;
|
|
|
|
DWORD dwNumberOfEntries = 0;
|
|
WCHAR szSearchExp[MAX_PATH];
|
|
|
|
PADSLDP pLdapHandle = NULL;
|
|
|
|
LPWSTR Attributes[] = {L"Sid", NULL};
|
|
WCHAR szSid[MAX_PATH];
|
|
|
|
|
|
ConvertSidToString( pSid, szSid);
|
|
|
|
pSidAuthorityCount = GetSidSubAuthorityCount(pSid);
|
|
|
|
if (!pSidAuthorityCount) {
|
|
RRETURN(E_FAIL);
|
|
}
|
|
|
|
dwSidLength = GetSidLengthRequired(*pSidAuthorityCount);
|
|
|
|
hr = ADsEncodeBinaryData (
|
|
(LPBYTE)pSid,
|
|
dwSidLength,
|
|
&pszQueryString
|
|
);
|
|
BAIL_ON_FAILURE(hr);
|
|
|
|
|
|
dwStatus = LdapOpenObject(
|
|
pszServerName,
|
|
NULL,
|
|
&pLdapHandle,
|
|
Credentials,
|
|
FALSE
|
|
);
|
|
if (dwStatus) {
|
|
hr = HRESULT_FROM_WIN32(dwStatus);
|
|
BAIL_ON_FAILURE(hr);
|
|
}
|
|
|
|
wcscpy(szSearchExp,L"(Sid=");
|
|
wcscat(szSearchExp, pszQueryString);
|
|
wcscat(szSearchExp, L")");
|
|
|
|
dwStatus = LdapSearchS(
|
|
pLdapHandle,
|
|
NULL,
|
|
LDAP_SCOPE_SUBTREE,
|
|
szSearchExp,
|
|
Attributes,
|
|
0,
|
|
&res
|
|
);
|
|
|
|
if (dwStatus) {
|
|
hr = HRESULT_FROM_WIN32(dwStatus);
|
|
BAIL_ON_FAILURE(hr);
|
|
}
|
|
|
|
dwNumberOfEntries = LdapCountEntries( pLdapHandle, res );
|
|
|
|
if ( dwNumberOfEntries == 0 ){
|
|
hr = E_FAIL;
|
|
BAIL_ON_FAILURE(hr);
|
|
}
|
|
|
|
dwStatus = LdapFirstEntry( pLdapHandle, res, &entry );
|
|
|
|
if (dwStatus) {
|
|
hr = HRESULT_FROM_WIN32(dwStatus);
|
|
BAIL_ON_FAILURE(hr);
|
|
}
|
|
|
|
dwStatus = LdapGetDn( pLdapHandle, entry, &pszDN);
|
|
if (dwStatus) {
|
|
hr = HRESULT_FROM_WIN32(dwStatus);
|
|
BAIL_ON_FAILURE(hr);
|
|
}
|
|
|
|
wcscpy(szTrustee, pszDN);
|
|
|
|
error:
|
|
|
|
if (pszQueryString) {
|
|
FreeADsStr(pszQueryString);
|
|
}
|
|
|
|
if (pszDN) {
|
|
LdapMemFree(pszDN);
|
|
}
|
|
|
|
if (res) {
|
|
LdapMsgFree( res );
|
|
}
|
|
|
|
if (pLdapHandle) {
|
|
LdapCloseObject( pLdapHandle);
|
|
}
|
|
|
|
RRETURN(hr);
|
|
}
|
|
|
|
|