135 lines
3 KiB
C++
135 lines
3 KiB
C++
|
///////////////////////////////////////////////////////////////////////////////
|
||
|
//
|
||
|
// Copyright (c) 2000, Microsoft Corp. All rights reserved.
|
||
|
//
|
||
|
// FILE
|
||
|
//
|
||
|
// peruser.cpp
|
||
|
//
|
||
|
// SYNOPSIS
|
||
|
//
|
||
|
// Defines the class NTSamPerUser.
|
||
|
//
|
||
|
///////////////////////////////////////////////////////////////////////////////
|
||
|
|
||
|
#include <ias.h>
|
||
|
#include <iaslsa.h>
|
||
|
|
||
|
#include <samutil.h>
|
||
|
#include <sdoias.h>
|
||
|
|
||
|
#include <ntsamperuser.h>
|
||
|
|
||
|
STDMETHODIMP NTSamPerUser::Initialize()
|
||
|
{
|
||
|
DWORD error = IASLsaInitialize();
|
||
|
if (error != NO_ERROR) { return HRESULT_FROM_WIN32(error); }
|
||
|
|
||
|
HRESULT hr;
|
||
|
|
||
|
hr = netp.initialize();
|
||
|
if (FAILED(hr)) { goto netp_failed; }
|
||
|
|
||
|
hr = ntds.initialize();
|
||
|
if (FAILED(hr)) { goto ntds_failed; }
|
||
|
|
||
|
hr = ras.initialize();
|
||
|
if (FAILED(hr)) { goto ras_failed; }
|
||
|
|
||
|
return S_OK;
|
||
|
|
||
|
ras_failed:
|
||
|
ntds.finalize();
|
||
|
|
||
|
ntds_failed:
|
||
|
netp.finalize();
|
||
|
|
||
|
netp_failed:
|
||
|
IASLsaUninitialize();
|
||
|
|
||
|
return hr;
|
||
|
|
||
|
}
|
||
|
|
||
|
STDMETHODIMP NTSamPerUser::Shutdown()
|
||
|
{
|
||
|
ras.finalize();
|
||
|
ntds.finalize();
|
||
|
netp.finalize();
|
||
|
IASLsaUninitialize();
|
||
|
return S_OK;
|
||
|
}
|
||
|
|
||
|
IASREQUESTSTATUS NTSamPerUser::onSyncRequest(IRequest* pRequest) throw ()
|
||
|
{
|
||
|
IASREQUESTSTATUS status;
|
||
|
|
||
|
try
|
||
|
{
|
||
|
IASRequest request(pRequest);
|
||
|
|
||
|
//////////
|
||
|
// Should we process the request?
|
||
|
//////////
|
||
|
|
||
|
IASAttribute ignoreDialin;
|
||
|
if (ignoreDialin.load(
|
||
|
request,
|
||
|
IAS_ATTRIBUTE_IGNORE_USER_DIALIN_PROPERTIES,
|
||
|
IASTYPE_BOOLEAN
|
||
|
) &&
|
||
|
ignoreDialin->Value.Boolean)
|
||
|
{
|
||
|
return IAS_REQUEST_STATUS_CONTINUE;
|
||
|
}
|
||
|
|
||
|
//////////
|
||
|
// Extract the NT4-Account-Name attribute.
|
||
|
//////////
|
||
|
|
||
|
IASAttribute identity;
|
||
|
if (!identity.load(request,
|
||
|
IAS_ATTRIBUTE_NT4_ACCOUNT_NAME,
|
||
|
IASTYPE_STRING))
|
||
|
{ return IAS_REQUEST_STATUS_CONTINUE; }
|
||
|
|
||
|
//////////
|
||
|
// Convert the User-Name to SAM format.
|
||
|
//////////
|
||
|
|
||
|
PCWSTR domain, username;
|
||
|
EXTRACT_SAM_IDENTITY(identity->Value.String, domain, username);
|
||
|
|
||
|
IASTracePrintf("NT-SAM User Authorization handler received request "
|
||
|
"for %S\\%S.", domain, username);
|
||
|
|
||
|
//////////
|
||
|
// Try each handler in order.
|
||
|
//////////
|
||
|
|
||
|
status = netp.processUser(request, domain, username);
|
||
|
if (status != IAS_REQUEST_STATUS_INVALID) { goto done; }
|
||
|
|
||
|
status = ntds.processUser(request, domain, username);
|
||
|
if (status != IAS_REQUEST_STATUS_INVALID) { goto done; }
|
||
|
|
||
|
status = ras.processUser(request, domain, username);
|
||
|
if (status != IAS_REQUEST_STATUS_INVALID) { goto done; }
|
||
|
|
||
|
//////////
|
||
|
// Default is to just continue down the pipeline. Theoretically, we
|
||
|
// should never get here.
|
||
|
//////////
|
||
|
|
||
|
status = IAS_REQUEST_STATUS_CONTINUE;
|
||
|
}
|
||
|
catch (const _com_error& ce)
|
||
|
{
|
||
|
IASTraceExcept();
|
||
|
status = IASProcessFailure(pRequest, ce.Error());
|
||
|
}
|
||
|
|
||
|
done:
|
||
|
return status;
|
||
|
}
|