mirror of https://github.com/tongzx/nt5src
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
671 lines
17 KiB
671 lines
17 KiB
|
|
//+---------------------------------------------------------------------------
|
|
//
|
|
// Microsoft Windows
|
|
// Copyright (C) Microsoft Corporation, 1992 - 1997.
|
|
//
|
|
// File: whackspn.c
|
|
//
|
|
// Contents:
|
|
//
|
|
// Classes:
|
|
//
|
|
// Functions:
|
|
//
|
|
// History: 7-30-98 RichardW Created
|
|
//
|
|
//----------------------------------------------------------------------------
|
|
|
|
#define LDAP_UNICODE 1
|
|
|
|
#include <nt.h>
|
|
#include <ntrtl.h>
|
|
#include <nturtl.h>
|
|
#include <windows.h>
|
|
#define SECURITY_WIN32
|
|
#include <rpc.h>
|
|
#include <sspi.h>
|
|
#include <secext.h>
|
|
#include <lm.h>
|
|
#include <winsock2.h>
|
|
#include <winldap.h>
|
|
#include <ntldap.h>
|
|
#include <dsgetdc.h>
|
|
#include <dsgetdcp.h>
|
|
#include <ntdsapi.h>
|
|
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
|
|
#define NlPrint(x) DPrint x;
|
|
#define NL_CRITICAL 0
|
|
#define NL_MISC 0
|
|
|
|
HANDLE hGC ;
|
|
|
|
BOOL AddDollar = TRUE;
|
|
|
|
VOID
|
|
DPrint(
|
|
DWORD Level,
|
|
PCHAR FormatString,
|
|
...
|
|
)
|
|
{
|
|
va_list ArgList;
|
|
|
|
va_start(ArgList, FormatString);
|
|
vprintf( FormatString, ArgList );
|
|
va_end( ArgList );
|
|
}
|
|
|
|
BOOL
|
|
FindDomainForServer(
|
|
PWSTR Server,
|
|
PWSTR Domain
|
|
)
|
|
{
|
|
ULONG NetStatus ;
|
|
WCHAR LocalServerName[ 64 ];
|
|
PDOMAIN_CONTROLLER_INFOW DcInfo ;
|
|
|
|
wcsncpy( LocalServerName, Server, 63 );
|
|
|
|
if ( AddDollar ) {
|
|
wcscat( LocalServerName, L"$" );
|
|
}
|
|
|
|
|
|
NetStatus = DsGetDcNameWithAccountW(
|
|
NULL,
|
|
LocalServerName,
|
|
( AddDollar ? UF_MACHINE_ACCOUNT_MASK : UF_NORMAL_ACCOUNT ),
|
|
L"",
|
|
NULL,
|
|
NULL,
|
|
DS_DIRECTORY_SERVICE_REQUIRED |
|
|
DS_RETURN_DNS_NAME,
|
|
&DcInfo );
|
|
|
|
if ( NetStatus == 0 ) {
|
|
wcscpy( Domain, DcInfo->DomainName );
|
|
NetApiBufferFree( DcInfo );
|
|
|
|
return TRUE ;
|
|
} else {
|
|
printf("can't find DC for %ws - %u\n", LocalServerName, NetStatus );
|
|
}
|
|
|
|
return FALSE ;
|
|
}
|
|
|
|
DWORD
|
|
AddDnsHostNameAttribute(
|
|
HANDLE hDs,
|
|
PWCHAR Server,
|
|
PWCHAR DnsDomain
|
|
)
|
|
|
|
{
|
|
NET_API_STATUS NetStatus = NO_ERROR;
|
|
ULONG CrackStatus = DS_NAME_NO_ERROR;
|
|
|
|
LPWSTR DnsHostNameValues[2];
|
|
LPWSTR SpnArray[3];
|
|
LPWSTR DnsSpn = NULL;
|
|
LPWSTR NetbiosSpn = NULL;
|
|
|
|
LDAPModW DnsHostNameAttr;
|
|
LDAPModW SpnAttr;
|
|
LDAPModW *Mods[3] = {NULL};
|
|
|
|
LDAP *LdapHandle = NULL;
|
|
LDAPMessage *LdapMessage = NULL;
|
|
PDS_NAME_RESULTW CrackedName = NULL;
|
|
LPWSTR DnOfAccount = NULL;
|
|
|
|
LPWSTR NameToCrack;
|
|
DWORD SamNameSize;
|
|
WCHAR SamName[ DNLEN + 1 + CNLEN + 1 + 1];
|
|
WCHAR nameBuffer[ 256 ];
|
|
|
|
ULONG LdapStatus;
|
|
LONG LdapOption;
|
|
|
|
LDAP_TIMEVAL LdapTimeout;
|
|
ULONG MessageNumber;
|
|
|
|
//
|
|
// Ldap modify control needed to indicate that the
|
|
// existing values of the modified attributes should
|
|
// be left intact and the missing ones should be added.
|
|
// Without this control, a modification of an attribute
|
|
// that results in an addition of a value that already
|
|
// exists will fail.
|
|
//
|
|
|
|
LDAPControl ModifyControl = {
|
|
LDAP_SERVER_PERMISSIVE_MODIFY_OID_W,
|
|
{
|
|
0, NULL
|
|
},
|
|
FALSE
|
|
};
|
|
|
|
PLDAPControl ModifyControlArray[2] =
|
|
{
|
|
&ModifyControl,
|
|
NULL
|
|
};
|
|
|
|
//
|
|
// Prepare DnsHostName modification entry
|
|
//
|
|
|
|
wcsncpy( nameBuffer, Server, sizeof( nameBuffer ) / sizeof( WCHAR ));
|
|
wcscat( nameBuffer, L"." );
|
|
wcscat( nameBuffer, DnsDomain );
|
|
|
|
DnsHostNameValues[0] = nameBuffer;
|
|
DnsHostNameValues[1] = NULL;
|
|
|
|
//
|
|
// If we set both DnsHostName and SPN, then DnsHostName is
|
|
// missing, so add it. If we set DnsHostName only, then
|
|
// DnsHostName already exists (but incorrect), so replace it.
|
|
//
|
|
if ( TRUE ) {
|
|
DnsHostNameAttr.mod_op = LDAP_MOD_ADD;
|
|
} else {
|
|
DnsHostNameAttr.mod_op = LDAP_MOD_REPLACE;
|
|
}
|
|
DnsHostNameAttr.mod_type = L"DnsHostName";
|
|
DnsHostNameAttr.mod_values = DnsHostNameValues;
|
|
|
|
Mods[0] = &DnsHostNameAttr;
|
|
Mods[1] = NULL;
|
|
|
|
//
|
|
// The name of the computer object is
|
|
// <NetbiosDomainName>\<NetbiosComputerName>$
|
|
//
|
|
|
|
wcscpy( SamName, DnsDomain );
|
|
{
|
|
PWCHAR p;
|
|
|
|
p = wcschr( SamName, L'.' );
|
|
*p = UNICODE_NULL;
|
|
}
|
|
|
|
wcscat( SamName, L"\\" );
|
|
wcscat( SamName, Server );
|
|
wcscat( SamName, L"$" );
|
|
|
|
//
|
|
// Crack the sam account name into a DN:
|
|
//
|
|
|
|
NameToCrack = SamName;
|
|
NetStatus = DsCrackNamesW(
|
|
hDs,
|
|
0,
|
|
DS_NT4_ACCOUNT_NAME,
|
|
DS_FQDN_1779_NAME,
|
|
1,
|
|
&NameToCrack,
|
|
&CrackedName );
|
|
|
|
if ( NetStatus != NO_ERROR ) {
|
|
NlPrint(( NL_CRITICAL,
|
|
"SPN: CrackNames failed on %ws for %ws: %ld\n",
|
|
DnsDomain,
|
|
SamName,
|
|
NetStatus ));
|
|
goto Cleanup ;
|
|
}
|
|
|
|
if ( CrackedName->cItems != 1 ) {
|
|
CrackStatus = DS_NAME_ERROR_NOT_UNIQUE;
|
|
NlPrint(( NL_CRITICAL,
|
|
"SPN: Cracked Name is not unique on %ws for %ws: %ld\n",
|
|
DnsDomain,
|
|
SamName,
|
|
NetStatus ));
|
|
goto Cleanup ;
|
|
}
|
|
|
|
if ( CrackedName->rItems[ 0 ].status != DS_NAME_NO_ERROR ) {
|
|
NlPrint(( NL_CRITICAL,
|
|
"SPN: CrackNames failed on %ws for %ws: substatus %ld\n",
|
|
DnsDomain,
|
|
SamName,
|
|
CrackedName->rItems[ 0 ].status ));
|
|
CrackStatus = CrackedName->rItems[ 0 ].status;
|
|
goto Cleanup ;
|
|
}
|
|
DnOfAccount = CrackedName->rItems[0].pName;
|
|
|
|
//
|
|
// Open an LDAP connection to the DC and set useful options
|
|
//
|
|
|
|
LdapHandle = ldap_init( DnsDomain, LDAP_PORT );
|
|
|
|
if ( LdapHandle == NULL ) {
|
|
NetStatus = GetLastError();
|
|
NlPrint(( NL_CRITICAL,
|
|
"SPN: ldap_init failed on %ws for %ws: %ld\n",
|
|
DnsDomain,
|
|
SamName,
|
|
NetStatus ));
|
|
goto Cleanup;
|
|
}
|
|
|
|
// 30 second timeout
|
|
LdapOption = 30;
|
|
LdapStatus = ldap_set_optionW( LdapHandle, LDAP_OPT_TIMELIMIT, &LdapOption );
|
|
if ( LdapStatus != LDAP_SUCCESS ) {
|
|
NlPrint(( NL_CRITICAL,
|
|
"SPN: ldap_set_option LDAP_OPT_TIMELIMIT failed on %ws for %ws: %ld: %s\n",
|
|
DnsDomain,
|
|
SamName,
|
|
LdapStatus,
|
|
ldap_err2stringA( LdapStatus )));
|
|
NetStatus = LdapMapErrorToWin32(LdapStatus);
|
|
goto Cleanup;
|
|
}
|
|
|
|
// Don't chase referals
|
|
LdapOption = PtrToLong(LDAP_OPT_OFF);
|
|
LdapStatus = ldap_set_optionW( LdapHandle, LDAP_OPT_REFERRALS, &LdapOption );
|
|
if ( LdapStatus != LDAP_SUCCESS ) {
|
|
NlPrint(( NL_CRITICAL,
|
|
"SPN: ldap_set_option LDAP_OPT_REFERRALS failed on %ws for %ws: %ld: %s\n",
|
|
DnsDomain,
|
|
SamName,
|
|
LdapStatus,
|
|
ldap_err2stringA( LdapStatus )));
|
|
NetStatus = LdapMapErrorToWin32(LdapStatus);
|
|
goto Cleanup;
|
|
}
|
|
|
|
#if 0
|
|
// Set the option telling LDAP that I passed it an explicit DC name and
|
|
// that it can avoid the DsGetDcName.
|
|
LdapOption = PtrToLong(LDAP_OPT_ON);
|
|
LdapStatus = ldap_set_optionW( LdapHandle, LDAP_OPT_AREC_EXCLUSIVE, &LdapOption );
|
|
if ( LdapStatus != LDAP_SUCCESS ) {
|
|
NlPrint(( NL_CRITICAL,
|
|
"SPN: ldap_set_option LDAP_OPT_AREC_EXCLUSIVE failed on %ws for %ws: %ld: %s\n",
|
|
DnsDomain,
|
|
SamName,
|
|
LdapStatus,
|
|
ldap_err2stringA( LdapStatus )));
|
|
NetStatus = LdapMapErrorToWin32(LdapStatus);
|
|
goto Cleanup;
|
|
}
|
|
#endif
|
|
|
|
//
|
|
// Bind to the DC
|
|
//
|
|
|
|
LdapStatus = ldap_bind_s( LdapHandle,
|
|
NULL, // No DN of account to authenticate as
|
|
NULL, // Default credentials
|
|
LDAP_AUTH_NEGOTIATE );
|
|
|
|
if ( LdapStatus != LDAP_SUCCESS ) {
|
|
NlPrint(( NL_CRITICAL,
|
|
"SPN: Cannot ldap_bind to %ws for %ws: %ld: %s\n",
|
|
DnsDomain,
|
|
SamName,
|
|
LdapStatus,
|
|
ldap_err2stringA( LdapStatus )));
|
|
NetStatus = LdapMapErrorToWin32(LdapStatus);
|
|
goto Cleanup;
|
|
}
|
|
|
|
|
|
//
|
|
// Write the modifications
|
|
//
|
|
|
|
LdapStatus = ldap_modify_extW( LdapHandle,
|
|
DnOfAccount,
|
|
Mods,
|
|
(PLDAPControl *) &ModifyControlArray,
|
|
NULL, // No client controls
|
|
&MessageNumber );
|
|
|
|
if ( LdapStatus != LDAP_SUCCESS ) {
|
|
NlPrint(( NL_CRITICAL,
|
|
"SPN: Cannot ldap_modify on %ws for %ws: %ld: %s\n",
|
|
DnsDomain,
|
|
DnOfAccount,
|
|
LdapStatus,
|
|
ldap_err2stringA( LdapStatus )));
|
|
NetStatus = LdapMapErrorToWin32(LdapStatus);
|
|
goto Cleanup;
|
|
}
|
|
|
|
// Wait for the modify to complete
|
|
LdapTimeout.tv_sec = 30;
|
|
LdapTimeout.tv_usec = 0;
|
|
LdapStatus = ldap_result( LdapHandle,
|
|
MessageNumber,
|
|
LDAP_MSG_ALL,
|
|
&LdapTimeout,
|
|
&LdapMessage );
|
|
|
|
switch ( LdapStatus ) {
|
|
case -1:
|
|
NlPrint(( NL_CRITICAL,
|
|
"SPN: Cannot ldap_result on %ws for %ws: %ld: %s\n",
|
|
DnsDomain,
|
|
SamName,
|
|
LdapHandle->ld_errno,
|
|
ldap_err2stringA( LdapHandle->ld_errno )));
|
|
NetStatus = LdapMapErrorToWin32(LdapStatus);
|
|
goto Cleanup;
|
|
|
|
case 0:
|
|
NlPrint(( NL_CRITICAL,
|
|
"SPN: ldap_result timeout on %ws for %ws.\n",
|
|
DnsDomain,
|
|
SamName ));
|
|
NetStatus = LdapMapErrorToWin32(LdapStatus);
|
|
goto Cleanup;
|
|
|
|
case LDAP_RES_MODIFY:
|
|
if ( LdapMessage->lm_returncode != 0 ) {
|
|
NlPrint(( NL_CRITICAL,
|
|
"SPN: Cannot ldap_result on %ws for %ws: %ld: %s\n",
|
|
DnsDomain,
|
|
SamName,
|
|
LdapMessage->lm_returncode,
|
|
ldap_err2stringA( LdapMessage->lm_returncode )));
|
|
NetStatus = LdapMapErrorToWin32(LdapMessage->lm_returncode);
|
|
goto Cleanup;
|
|
}
|
|
|
|
NlPrint(( NL_MISC,
|
|
"SPN: Set successfully on DC %ws\n",
|
|
DnsDomain ));
|
|
break; // This is what we expect
|
|
|
|
default:
|
|
NlPrint(( NL_CRITICAL,
|
|
"SPN: ldap_result unexpected result on %ws for %ws: %ld\n",
|
|
DnsDomain,
|
|
SamName,
|
|
LdapStatus ));
|
|
NetStatus = LdapMapErrorToWin32(LdapStatus);
|
|
goto Cleanup;
|
|
}
|
|
|
|
|
|
Cleanup:
|
|
|
|
//
|
|
// Log the failure in the event log, if requested.
|
|
// Try to output the most specific error.
|
|
//
|
|
|
|
if ( CrackedName ) {
|
|
DsFreeNameResultW( CrackedName );
|
|
}
|
|
|
|
if ( LdapMessage != NULL ) {
|
|
ldap_msgfree( LdapMessage );
|
|
}
|
|
|
|
if ( LdapHandle != NULL ) {
|
|
ldap_unbind_s( LdapHandle );
|
|
}
|
|
|
|
if ( DnsSpn ) {
|
|
LocalFree( DnsSpn );
|
|
}
|
|
|
|
if ( NetbiosSpn ) {
|
|
LocalFree( NetbiosSpn );
|
|
}
|
|
|
|
return NetStatus;
|
|
}
|
|
|
|
BOOL
|
|
AddHostSpn(
|
|
PWSTR Server
|
|
)
|
|
{
|
|
WCHAR HostSpn[ 64 ];
|
|
WCHAR Domain[ MAX_PATH ];
|
|
WCHAR FlatName[ 64 ];
|
|
HANDLE hDs ;
|
|
ULONG NetStatus ;
|
|
PWSTR Dot ;
|
|
PDS_NAME_RESULTW Result ;
|
|
LPWSTR Flat = FlatName;
|
|
LPWSTR Spn = HostSpn ;
|
|
|
|
wcscpy( HostSpn, L"HOST/" );
|
|
wcscat( HostSpn, Server );
|
|
|
|
#if 1
|
|
if ( !FindDomainForServer( Server, Domain )) {
|
|
printf(" No domain controller for %ws found\n", Server );
|
|
return FALSE ;
|
|
}
|
|
#else
|
|
wcscpy( Domain, L"ntdev.microsoft.com" );
|
|
#endif
|
|
|
|
Dot = wcschr( Domain, L'.' );
|
|
if ( Dot ) {
|
|
*Dot = L'\0';
|
|
}
|
|
|
|
wcscpy( FlatName, Domain );
|
|
|
|
if ( Dot ) {
|
|
*Dot = L'.' ;
|
|
}
|
|
|
|
wcscat( FlatName, L"\\" );
|
|
wcscat( FlatName, Server );
|
|
if ( AddDollar ) {
|
|
wcscat( FlatName, L"$" );
|
|
}
|
|
|
|
NetStatus = DsBindW( NULL, Domain, &hDs );
|
|
|
|
if ( NetStatus != 0 ) {
|
|
printf("Failed to bind to DC of domain %ws, %#x\n",
|
|
Domain, NetStatus );
|
|
return FALSE ;
|
|
}
|
|
|
|
NetStatus = DsCrackNamesW(
|
|
hDs,
|
|
0,
|
|
DS_NT4_ACCOUNT_NAME,
|
|
DS_FQDN_1779_NAME,
|
|
1,
|
|
&Flat,
|
|
&Result );
|
|
|
|
if ( NetStatus != 0 ) {
|
|
printf("Failed to crack name %ws into the FQDN, %#x\n",
|
|
FlatName, NetStatus );
|
|
|
|
DsUnBind( &hDs );
|
|
|
|
return FALSE ;
|
|
} else {
|
|
DWORD i;
|
|
BOOL foundFailure = FALSE;
|
|
|
|
//
|
|
// check the stat-i inside the struct
|
|
//
|
|
for ( i = 0; i < Result->cItems; ++i ) {
|
|
if ( Result->rItems[i].status == DS_NAME_NO_ERROR ) {
|
|
printf("Found domain\\name '%ws\\%ws' for Flatname '%ws' \n",
|
|
Result->rItems[i].pDomain,
|
|
Result->rItems[i].pName,
|
|
FlatName);
|
|
} else {
|
|
printf("Couldn't crack name for '%ws' - %u\n",
|
|
FlatName, Result->rItems[i].status);
|
|
foundFailure = TRUE;
|
|
}
|
|
}
|
|
|
|
if ( foundFailure ) {
|
|
return FALSE;
|
|
}
|
|
}
|
|
|
|
//
|
|
// add DnsHostName attribute to this object
|
|
//
|
|
NetStatus = AddDnsHostNameAttribute( hDs, Server, Domain );
|
|
if ( NetStatus != 0 ) {
|
|
printf( "Failed to add DnsHostName attrib to '%ws.%ws', %#x\n",
|
|
Server, Domain, NetStatus );
|
|
|
|
return FALSE;
|
|
}
|
|
|
|
//
|
|
// write the netbios based SPN
|
|
//
|
|
NetStatus = DsServerRegisterSpnW(
|
|
DS_SPN_ADD_SPN_OP,
|
|
L"HOST",
|
|
Result->rItems[0].pName);
|
|
|
|
if ( NetStatus != 0 ) {
|
|
printf("DsServerRegisterSpn Failed to assign SPN to '%ws', %#x\n",
|
|
Result->rItems[0].pName, NetStatus );
|
|
}
|
|
|
|
NetStatus = DsWriteAccountSpnW(
|
|
hDs,
|
|
DS_SPN_ADD_SPN_OP,
|
|
Result->rItems[0].pName,
|
|
1,
|
|
&Spn );
|
|
|
|
|
|
if ( NetStatus != 0 ) {
|
|
printf("Failed to assign SPN '%ws' to account '%ws', %#x\n",
|
|
HostSpn, Result->rItems[0].pName, NetStatus );
|
|
}
|
|
else {
|
|
DWORD i;
|
|
BOOL foundFailure = FALSE;
|
|
|
|
//
|
|
// check the stat-i inside the struct
|
|
//
|
|
for ( i = 0; i < Result->cItems; ++i ) {
|
|
if ( Result->rItems[i].status == DS_NAME_NO_ERROR ) {
|
|
printf("Assigned SPN '%ws' to account '%ws' \n",
|
|
HostSpn, Result->rItems[i].pName );
|
|
} else {
|
|
printf("WriteAccountSpn failed for '%ws' - %u\n",
|
|
HostSpn, Result->rItems[i].status);
|
|
foundFailure = TRUE;
|
|
}
|
|
}
|
|
|
|
if ( foundFailure ) {
|
|
return FALSE;
|
|
}
|
|
}
|
|
|
|
//
|
|
// do it again with the DNS domain as well
|
|
//
|
|
wcscat( HostSpn, L"." );
|
|
wcscat( HostSpn, Domain );
|
|
|
|
NetStatus = DsWriteAccountSpnW(hDs,
|
|
DS_SPN_ADD_SPN_OP,
|
|
Result->rItems[0].pName,
|
|
1,
|
|
&Spn );
|
|
|
|
|
|
if ( NetStatus != 0 ) {
|
|
printf("Failed to assign SPN '%ws' to account '%ws', %#x\n",
|
|
HostSpn, Result->rItems[0].pName, NetStatus );
|
|
}
|
|
else {
|
|
DWORD i;
|
|
BOOL foundFailure = FALSE;
|
|
|
|
//
|
|
// check the stat-i inside the struct
|
|
//
|
|
for ( i = 0; i < Result->cItems; ++i ) {
|
|
if ( Result->rItems[i].status == DS_NAME_NO_ERROR ) {
|
|
printf("Assigned SPN '%ws' to account '%ws' \n",
|
|
HostSpn, Result->rItems[i].pName );
|
|
} else {
|
|
printf("WriteAccountSpn failed for '%ws' - %u\n",
|
|
HostSpn, Result->rItems[i].status);
|
|
foundFailure = TRUE;
|
|
}
|
|
}
|
|
|
|
if ( foundFailure ) {
|
|
return FALSE;
|
|
}
|
|
}
|
|
|
|
DsFreeNameResultW( Result );
|
|
|
|
DsUnBind( &hDs );
|
|
|
|
|
|
return NetStatus == 0 ;
|
|
|
|
}
|
|
|
|
void __cdecl wmain (int argc, wchar_t *argv[])
|
|
{
|
|
|
|
PWCHAR machineName;
|
|
|
|
if ( argc < 2 ) {
|
|
printf("usage: %s [-$] machinename\n", argv[0] );
|
|
exit(0);
|
|
}
|
|
|
|
if ( argv[1][0] == '-') {
|
|
switch (argv[1][1]) {
|
|
case '$':
|
|
AddDollar = FALSE ;
|
|
break;
|
|
default:
|
|
printf(" unrecognized option, '%s'\n", argv[1] );
|
|
exit(0);
|
|
|
|
}
|
|
|
|
machineName = argv[2];
|
|
|
|
}
|
|
else {
|
|
machineName = argv[1];
|
|
}
|
|
|
|
|
|
if ( AddHostSpn( machineName ) ) {
|
|
printf("Updated object\n" );
|
|
}
|
|
}
|