Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

347 lines
7.7 KiB

//+---------------------------------------------------------------------------
//
// Microsoft Windows
// Copyright (C) Microsoft Corporation, 1992 - 1995.
//
// File: secutil.cxx
//
// Contents: Helper routines for conversion - LDAP specific
//
// Functions:
//
// History: 09-27-98 by splitting ldap\var2sec.cxx
// and distributing between ldapc and router - AjayR
//
//----------------------------------------------------------------------------
#include "ldapc.hxx"
#pragma hdrstop
//
// Definition need as this is not a part of the headers
//
extern "C" {
HRESULT
ADsEncodeBinaryData (
PBYTE pbSrcData,
DWORD dwSrcLen,
LPWSTR * ppszDestData
);
}
HRESULT
ConvertSidToString(
PSID pSid,
LPWSTR String
)
/*++
Routine Description:
This function generates a printable unicode string representation
of a SID.
The resulting string will take one of two forms. If the
IdentifierAuthority value is not greater than 2^32, then
the SID will be in the form:
S-1-281736-12-72-9-110
^ ^^ ^^ ^ ^^^
| | | | |
+-----+--+-+--+---- Decimal
Otherwise it will take the form:
S-1-0x173495281736-12-72-9-110
^^^^^^^^^^^^^^ ^^ ^^ ^ ^^^
Hexidecimal | | | |
+--+-+--+---- Decimal
Arguments:
pSid - opaque pointer that supplies the SID that is to be
converted to Unicode.
Return Value:
If the Sid is successfully converted to a Unicode string, a
pointer to the Unicode string is returned, else NULL is
returned.
--*/
{
WCHAR Buffer[256];
UCHAR i;
ULONG Tmp;
HRESULT hr = S_OK;
SID_IDENTIFIER_AUTHORITY *pSidIdentifierAuthority;
PUCHAR pSidSubAuthorityCount;
if (!IsValidSid( pSid )) {
*String= L'\0';
hr = HRESULT_FROM_WIN32(ERROR_INVALID_SID);
RRETURN(hr);
}
wsprintf(Buffer, L"S-%u-", (USHORT)(((PISID)pSid)->Revision ));
wcscpy(String, Buffer);
pSidIdentifierAuthority = GetSidIdentifierAuthority(pSid);
if ( (pSidIdentifierAuthority->Value[0] != 0) ||
(pSidIdentifierAuthority->Value[1] != 0) ){
wsprintf(Buffer, L"0x%02hx%02hx%02hx%02hx%02hx%02hx",
(USHORT)pSidIdentifierAuthority->Value[0],
(USHORT)pSidIdentifierAuthority->Value[1],
(USHORT)pSidIdentifierAuthority->Value[2],
(USHORT)pSidIdentifierAuthority->Value[3],
(USHORT)pSidIdentifierAuthority->Value[4],
(USHORT)pSidIdentifierAuthority->Value[5] );
wcscat(String, Buffer);
} else {
Tmp = (ULONG)pSidIdentifierAuthority->Value[5] +
(ULONG)(pSidIdentifierAuthority->Value[4] << 8) +
(ULONG)(pSidIdentifierAuthority->Value[3] << 16) +
(ULONG)(pSidIdentifierAuthority->Value[2] << 24);
wsprintf(Buffer, L"%lu", Tmp);
wcscat(String, Buffer);
}
pSidSubAuthorityCount = GetSidSubAuthorityCount(pSid);
for (i=0;i< *(pSidSubAuthorityCount);i++ ) {
wsprintf(Buffer, L"-%lu", *(GetSidSubAuthority(pSid, i)));
wcscat(String, Buffer);
}
RRETURN(S_OK);
}
HRESULT
ConvertU2TrusteeToSid(
LPWSTR pszServerName,
CCredentials& Credentials,
LPWSTR pszTrustee,
LPBYTE Sid,
PDWORD pdwSidSize
)
{
PADSLDP pLdapHandle = NULL;
HRESULT hr = S_OK;
LPWSTR *SidAttribute = NULL;
DWORD nCount = 0;
DWORD dwStatus = 0;
struct berval **ppBerValue = NULL;
LPWSTR Attributes[2];
LDAPMessage *res = NULL;
LDAPMessage *entry = NULL;
DWORD dwNumberOfEntries = 0;
DWORD dwSidLength = 0;
LPBYTE lpByte = NULL;
WCHAR szSid[MAX_PATH];
Attributes[0] = L"Sid";
Attributes[1] = NULL;
ConvertSidToString( Sid, szSid);
dwStatus = LdapOpenObject(
pszServerName,
pszTrustee,
&pLdapHandle,
Credentials,
FALSE
);
if (dwStatus) {
hr = HRESULT_FROM_WIN32(dwStatus);
BAIL_ON_FAILURE(hr);
}
dwStatus = LdapSearchS(
pLdapHandle,
pszTrustee,
LDAP_SCOPE_BASE,
L"(objectClass=*)",
Attributes,
0,
&res
);
if (dwStatus) {
hr = HRESULT_FROM_WIN32(dwStatus);
BAIL_ON_FAILURE(hr);
}
dwNumberOfEntries = LdapCountEntries( pLdapHandle, res );
if ( dwNumberOfEntries == 0 )
RRETURN(S_OK);
dwStatus = LdapFirstEntry( pLdapHandle, res, &entry );
if (dwStatus) {
hr = HRESULT_FROM_WIN32(dwStatus);
BAIL_ON_FAILURE(hr);
}
dwStatus = LdapGetValuesLen(
pLdapHandle,
entry,
L"Sid",
&ppBerValue,
(int *)&nCount
);
if (dwStatus) {
hr = HRESULT_FROM_WIN32(dwStatus);
BAIL_ON_FAILURE(hr);
}
dwSidLength = ((struct berval **)ppBerValue)[0]->bv_len;
lpByte = (LPBYTE)((struct berval **) ppBerValue)[0]->bv_val;
memcpy( Sid, lpByte, dwSidLength);
*pdwSidSize = dwSidLength;
error:
if (res) {
LdapMsgFree( res );
}
RRETURN(hr);
}
HRESULT
ConvertSidToU2Trustee(
LPWSTR pszServerName,
CCredentials& Credentials,
PSID pSid,
LPWSTR szTrustee
)
{
HRESULT hr = S_OK;
PUCHAR pSidAuthorityCount = NULL;
LPWSTR pszQueryString = NULL;
DWORD dwSidLength = 0;
LDAPMessage *res = NULL;
LPWSTR pszDN = NULL;
LDAPMessage *entry = NULL;
DWORD dwStatus = 0;
DWORD dwNumberOfEntries = 0;
WCHAR szSearchExp[MAX_PATH];
PADSLDP pLdapHandle = NULL;
LPWSTR Attributes[] = {L"Sid", NULL};
WCHAR szSid[MAX_PATH];
ConvertSidToString( pSid, szSid);
pSidAuthorityCount = GetSidSubAuthorityCount(pSid);
if (!pSidAuthorityCount) {
RRETURN(E_FAIL);
}
dwSidLength = GetSidLengthRequired(*pSidAuthorityCount);
hr = ADsEncodeBinaryData (
(LPBYTE)pSid,
dwSidLength,
&pszQueryString
);
BAIL_ON_FAILURE(hr);
dwStatus = LdapOpenObject(
pszServerName,
NULL,
&pLdapHandle,
Credentials,
FALSE
);
if (dwStatus) {
hr = HRESULT_FROM_WIN32(dwStatus);
BAIL_ON_FAILURE(hr);
}
wcscpy(szSearchExp,L"(Sid=");
wcscat(szSearchExp, pszQueryString);
wcscat(szSearchExp, L")");
dwStatus = LdapSearchS(
pLdapHandle,
NULL,
LDAP_SCOPE_SUBTREE,
szSearchExp,
Attributes,
0,
&res
);
if (dwStatus) {
hr = HRESULT_FROM_WIN32(dwStatus);
BAIL_ON_FAILURE(hr);
}
dwNumberOfEntries = LdapCountEntries( pLdapHandle, res );
if ( dwNumberOfEntries == 0 ){
hr = E_FAIL;
BAIL_ON_FAILURE(hr);
}
dwStatus = LdapFirstEntry( pLdapHandle, res, &entry );
if (dwStatus) {
hr = HRESULT_FROM_WIN32(dwStatus);
BAIL_ON_FAILURE(hr);
}
dwStatus = LdapGetDn( pLdapHandle, entry, &pszDN);
if (dwStatus) {
hr = HRESULT_FROM_WIN32(dwStatus);
BAIL_ON_FAILURE(hr);
}
wcscpy(szTrustee, pszDN);
error:
if (pszQueryString) {
FreeADsStr(pszQueryString);
}
if (pszDN) {
LdapMemFree(pszDN);
}
if (res) {
LdapMsgFree( res );
}
if (pLdapHandle) {
LdapCloseObject( pLdapHandle);
}
RRETURN(hr);
}