windows-nt/Source/XPSP1/NT/admin/snapin/dsadmin/copyobj.cpp

1474 lines
37 KiB
C++
Raw Normal View History

2020-09-26 03:20:57 -05:00
//+-------------------------------------------------------------------------
//
// Microsoft Windows
//
// Copyright (C) Microsoft Corporation, 1999 - 1999
//
// File: copyobj.cpp
//
//--------------------------------------------------------------------------
/////////////////////////////////////////////////////////////////////
// copyobj.cpp
//
/////////////////////////////////////////////////////////////////////
#include "stdafx.h"
#include "resource.h"
#include "util.h"
#include "dsutil.h"
#include "newobj.h"
#include "copyobj.h"
#include "dscmn.h" // CrackName()
#include "querysup.h"
// attributes for "intelligent" copy user
static const PWSTR g_szProfilePath = L"profilePath";
static const PWSTR g_szHomeDir = L"homeDirectory";
/////////////////////////////////////////////////////////////////////
// global functions
//+----------------------------------------------------------------------------
//
// Function: _GetDomainScope
//
// Synopsis: Returns the full LDAP DN of the domain of the given object.
//
//-----------------------------------------------------------------------------
HRESULT _GetDomainScope(IADs* pIADs, CString& szDomainLDAPPath)
{
// get the DN of the current object
// get the SID of the object
CComVariant varObjectDistinguishedName;
HRESULT hr = pIADs->Get(L"distinguishedName", &varObjectDistinguishedName);
if (FAILED(hr))
{
TRACE(L"pIADs->Get(distinguishedName,...) failed with hr = 0x%x\n", hr);
return hr;
}
TRACE(L"Retrieved distinguishedName = <%s>\n", varObjectDistinguishedName.bstrVal);
// obtain the FQDN of the domain the object is in
LPWSTR pwzDomainDN = NULL;
hr = CrackName(varObjectDistinguishedName.bstrVal, &pwzDomainDN, GET_FQDN_DOMAIN_NAME);
if (FAILED(hr))
{
TRACE(L"CrackName(%s) failed with hr = 0x%x\n", varObjectDistinguishedName.bstrVal, hr);
return hr;
}
TRACE(L"CrackName(%s) returned <%s>\n", varObjectDistinguishedName.bstrVal, pwzDomainDN);
// retrieve the server name the object is bound to
CString szServer;
hr = GetADSIServerName(OUT szServer, IN pIADs);
if (FAILED(hr))
{
TRACE(L"GetADSIServerName() failed with hr = 0x%x\n", hr);
return hr;
}
TRACE(L"GetADSIServerName() returned <%s>\n", (LPCWSTR)szServer);
// build the full LDAP path of the domain
CPathCracker pathCracker;
hr = pathCracker.SetDisplayType(ADS_DISPLAY_FULL);
hr = pathCracker.Set((LPWSTR)((LPCWSTR)szServer), ADS_SETTYPE_SERVER);
hr = pathCracker.Set(pwzDomainDN, ADS_SETTYPE_DN);
LocalFreeStringW(&pwzDomainDN);
CComBSTR bstrDomainPath;
hr = pathCracker.Retrieve(ADS_FORMAT_X500, &bstrDomainPath);
if (FAILED(hr))
{
TRACE(L"PathCracker() failed to build LDAP path. hr = 0x%x\n", hr);
return hr;
}
szDomainLDAPPath = bstrDomainPath;
TRACE(L"Object's domain is: <%s>\n", (LPCWSTR)szDomainLDAPPath);
return S_OK;
}
//+----------------------------------------------------------------------------
//
// Method: _ConvertRIDtoName
//
// Synopsis: Convert the RID to the object DN.
//
//-----------------------------------------------------------------------------
HRESULT _ConvertRIDtoName(IN LPCWSTR lpszDomainLDAPPath,
IN PSID pObjSID,
IN DWORD priGroupRID,
OUT CString& szGroupPath)
{
PWSTR g_wzADsPath = L"ADsPath";
if ((pObjSID == NULL) || (priGroupRID == 0))
{
return E_INVALIDARG;
}
HRESULT hr = S_OK;
UCHAR * psaCount, i;
PSID pSID = NULL;
PSID_IDENTIFIER_AUTHORITY psia;
DWORD rgRid[8];
psaCount = GetSidSubAuthorityCount(pObjSID);
if (psaCount == NULL)
{
hr = HRESULT_FROM_WIN32(GetLastError());
TRACE(L"GetSidSubAuthorityCount() failed, hr = 0x%x\n", hr);
return hr;
}
ASSERT(*psaCount <= 8);
if (*psaCount > 8)
{
return E_FAIL;
}
for (i = 0; i < (*psaCount - 1); i++)
{
PDWORD pRid = GetSidSubAuthority(pObjSID, (DWORD)i);
if (pRid == NULL)
{
hr = HRESULT_FROM_WIN32(GetLastError());
TRACE(L"GetSidSubAuthority() failed, hr = 0x%x\n", hr);
return hr;
}
rgRid[i] = *pRid;
}
rgRid[*psaCount - 1] = priGroupRID;
for (i = *psaCount; i < 8; i++)
{
rgRid[i] = 0;
}
psia = GetSidIdentifierAuthority(pObjSID);
if (psia == NULL)
{
hr = HRESULT_FROM_WIN32(GetLastError());
TRACE(L"GetSidIdentifierAuthority() failed, hr = 0x%x\n", hr);
return hr;
}
if (!AllocateAndInitializeSid(psia, *psaCount, rgRid[0], rgRid[1],
rgRid[2], rgRid[3], rgRid[4],
rgRid[5], rgRid[6], rgRid[7], &pSID))
{
hr = HRESULT_FROM_WIN32(GetLastError());
TRACE(L"AllocateAndInitializeSid() failed, hr = 0x%x\n", hr);
return hr;
}
PWSTR rgpwzAttrNames[] = {g_wzADsPath};
const WCHAR wzSearchFormat[] = L"(&(objectCategory=group)(objectSid=%s))";
PWSTR pwzSID;
CString strSearchFilter;
hr = ADsEncodeBinaryData((PBYTE)pSID, GetLengthSid(pSID), &pwzSID);
if (FAILED(hr))
{
TRACE(L"ADsEncodeBinaryData() failed, hr = 0x%x\n", hr);
return hr;
}
strSearchFilter.Format(wzSearchFormat, pwzSID);
FreeADsMem(pwzSID);
CDSSearch Search;
hr = Search.Init(lpszDomainLDAPPath);
if (FAILED(hr))
{
TRACE(L"Search.Init(%s) failed, hr = 0x%x\n", lpszDomainLDAPPath, hr);
return hr;
}
Search.SetFilterString(const_cast<LPWSTR>((LPCTSTR)strSearchFilter));
Search.SetAttributeList(rgpwzAttrNames, 1);
Search.SetSearchScope(ADS_SCOPE_SUBTREE);
hr = Search.DoQuery();
if (FAILED(hr))
{
TRACE(L"Search.DoQuery() failed, hr = 0x%x\n", hr);
return hr;
}
hr = Search.GetNextRow();
if (hr == S_ADS_NOMORE_ROWS)
{
hr = S_OK;
szGroupPath = L"";
TRACE(L"Search. returned S_ADS_NOMORE_ROWS, we failed to find the primary group object, hr = 0x%x\n", hr);
return hr;
}
if (FAILED(hr))
{
TRACE(L"Search.GetNextRow() failed, hr = 0x%x\n", hr);
return hr;
}
ADS_SEARCH_COLUMN Column;
hr = Search.GetColumn(g_wzADsPath, &Column);
if (FAILED(hr))
{
TRACE(L"Search.GetColumn(%s) failed, hr = 0x%x\n", g_wzADsPath, hr);
return hr;
}
szGroupPath = Column.pADsValues->CaseIgnoreString;
Search.FreeColumn(&Column);
return hr;
}
/////////////////////////////////////////////////////////////////////
// CCopyableAttributesHolder
HRESULT CCopyableAttributesHolder::LoadFromSchema(MyBasePathsInfo* pBasePathsInfo)
{
TRACE(L"CCopyableAttributesHolder::LoadFromSchema()\n");
// build the LDAP path for the schema class
LPCWSTR lpszPhysicalSchemaNamingContext = pBasePathsInfo->GetSchemaNamingContext();
CString szPhysicalSchemaPath;
pBasePathsInfo->ComposeADsIPath(szPhysicalSchemaPath,lpszPhysicalSchemaNamingContext);
CDSSearch search;
HRESULT hr = search.Init(szPhysicalSchemaPath);
if (FAILED(hr))
{
TRACE(L"search.Init(%s) failed with hr = 0x%x\n", (LPCWSTR)szPhysicalSchemaPath, hr);
return hr;
}
// the query string filters out the attribute classes that have the
// "searchFlags" attribute with the 5th bit set (16 == 2^4)
static LPCWSTR lpszFilterFormat =
L"(&(objectCategory=CN=Attribute-Schema,%s)(searchFlags:1.2.840.113556.1.4.803:=16))";
int nFmtLen = lstrlen(lpszFilterFormat);
int nSchemaContextLen = lstrlen(lpszPhysicalSchemaNamingContext);
WCHAR* pszFilter = new WCHAR[nFmtLen+nSchemaContextLen+1];
if (!pszFilter)
{
TRACE(L"Could not allocate enough space for filter string\n");
return E_OUTOFMEMORY;
}
wsprintf(pszFilter, lpszFilterFormat, lpszPhysicalSchemaNamingContext);
static const int cAttrs = 1;
static LPCWSTR pszAttribsArr[cAttrs] =
{
L"lDAPDisplayName", // e.g. "accountExpires"
};
search.SetFilterString(pszFilter);
search.SetSearchScope(ADS_SCOPE_ONELEVEL);
search.SetAttributeList((LPWSTR*)pszAttribsArr, cAttrs);
hr = search.DoQuery();
if (FAILED(hr))
{
TRACE(L"search.DoQuery() failed with hr = 0x%x\n", hr);
return hr;
}
TRACE(L"\n*** Query Results BEGIN ***\n\n");
ADS_SEARCH_COLUMN Column;
hr = search.GetNextRow();
while (hr != S_ADS_NOMORE_ROWS)
{
if (FAILED(hr))
{
continue;
}
HRESULT hr0 = search.GetColumn((LPWSTR)pszAttribsArr[0], &Column);
if (FAILED(hr0))
{
continue;
}
LPCWSTR lpszAttr = Column.pADsValues->CaseIgnoreString;
TRACE(L"Attribute = %s", lpszAttr);
// screen against attributes we want to skip anyway
if (!_FindInNotCopyableHardwiredList(lpszAttr))
{
TRACE(L" can be copied");
m_attributeNameList.AddTail(lpszAttr);
}
TRACE(L"\n");
search.FreeColumn(&Column);
hr = search.GetNextRow();
} // while
TRACE(L"\n*** Query Results END ***\n\n");
if (pszFilter)
{
delete[] pszFilter;
pszFilter = 0;
}
return hr;
}
BOOL CCopyableAttributesHolder::CanCopy(LPCWSTR lpszAttributeName)
{
for (POSITION pos = m_attributeNameList.GetHeadPosition(); pos != NULL; )
{
CString& strRef = m_attributeNameList.GetNext(pos);
if (_wcsicmp(lpszAttributeName, strRef) == 0)
return TRUE;
}
return FALSE;
}
// function to screen out attributes that will not
// be copied (or not copied in bulk) no matter what the
// schema setting are
BOOL CCopyableAttributesHolder::_FindInNotCopyableHardwiredList(LPCWSTR lpszAttributeName)
{
static LPCWSTR _lpszNoCopyArr[] =
{
// we skip the toxic waste dump, no matter what
L"userParameters",
// userAccountControl handled separately after commit
L"userAccountControl",
// group membership (to be handled after commit)
L"primaryGroupID",
L"memberOf",
NULL // end of table marker
};
for (int k = 0; _lpszNoCopyArr[k] != NULL; k++)
{
if (_wcsicmp(lpszAttributeName, _lpszNoCopyArr[k]) == 0)
return TRUE;
}
return FALSE;
}
/////////////////////////////////////////////////////////////////////
// CCopyObjectHandlerBase
/////////////////////////////////////////////////////////////////////
// CSid
HRESULT CSid::Init(IADs* pIADs)
{
static LPWSTR g_wzObjectSID = L"objectSID";
CComPtr<IDirectoryObject> spDirObj;
HRESULT hr = pIADs->QueryInterface(IID_IDirectoryObject, (void**)&spDirObj);
if (FAILED(hr))
{
return hr;
}
PWSTR rgpwzAttrNames[] = {g_wzObjectSID};
DWORD cAttrs = 1;
Smart_PADS_ATTR_INFO spAttrs;
hr = spDirObj->GetObjectAttributes(rgpwzAttrNames, cAttrs, &spAttrs, &cAttrs);
if (FAILED(hr))
{
return hr;
}
if (_wcsicmp(spAttrs[0].pszAttrName, g_wzObjectSID) != 0)
{
return E_FAIL;
}
if (!Init(spAttrs[0].pADsValues->OctetString.dwLength,
spAttrs[0].pADsValues->OctetString.lpValue))
{
return E_OUTOFMEMORY;
}
return S_OK;
}
/////////////////////////////////////////////////////////////////////
// CGroupMembershipHolder
HRESULT CGroupMembershipHolder::Read(IADs* pIADs)
{
if (pIADs == NULL)
return E_INVALIDARG;
// hang on to the ADSI pointer
m_spIADs = pIADs;
// get the SID of the object
HRESULT hr = m_objectSid.Init(m_spIADs);
if (FAILED(hr))
{
TRACE(L"Failed to retrieve object SID, hr = 0x%x\n", hr);
return hr;
}
// get the info about the domain we are in
hr = _GetDomainScope(m_spIADs, m_szDomainLDAPPath);
if (FAILED(hr))
{
TRACE(L"_GetDomainScope() failed, hr = 0x%x\n", hr);
return hr;
}
hr = _ReadPrimaryGroupInfo();
if (FAILED(hr))
{
TRACE(L"_ReadPrimaryGroupInfo() failed, hr = 0x%x\n", hr);
return hr;
}
hr = _ReadNonPrimaryGroupInfo();
if (FAILED(hr))
{
TRACE(L"_ReadNonPrimaryGroupInfo() failed, hr = 0x%x\n", hr);
return hr;
}
#ifdef DBG
m_entryList.Trace(L"Group Membership List:");
#endif // DBG
return hr;
}
HRESULT CGroupMembershipHolder::CopyFrom(CGroupMembershipHolder* pSource)
{
// Add all the elements that are in the source
// but not yet in the destination
CGroupMembershipEntryList* pSourceList = &(pSource->m_entryList);
//
// Copy the state of the primary group
//
m_bPrimaryGroupFound = pSource->m_bPrimaryGroupFound;
CGroupMembershipEntryList additionsEntryList;
for (POSITION pos = pSourceList->GetHeadPosition(); pos != NULL; )
{
CGroupMembershipEntry* pCurrSourceEntry = pSourceList->GetNext(pos);
// look if the the source item is already in the current list
CGroupMembershipEntry* pEntry = m_entryList.FindByDN(pCurrSourceEntry->GetDN());
if (pEntry == NULL)
{
if (_wcsicmp(pCurrSourceEntry->GetDN(), L"") != 0)
{
// not found in the entry list, need to add
pEntry = new CGroupMembershipEntry(pCurrSourceEntry->GetRID(), pCurrSourceEntry->GetDN());
pEntry->MarkAdd();
additionsEntryList.AddTail(pEntry);
TRACE(L"add: RID %d, DN = <%s>\n", pEntry->GetRID(), pEntry->GetDN());
}
}
} // for
// find all the elements that are in the destination
// but not in the source (slated for deletion)
for (pos = m_entryList.GetHeadPosition(); pos != NULL; )
{
CGroupMembershipEntry* pCurrDestEntry = m_entryList.GetNext(pos);
// look if the the source item is in the source list
CGroupMembershipEntry* pEntry = pSourceList->FindByDN(pCurrDestEntry->GetDN());
if (pEntry == NULL)
{
// not found in the entry list, need to mark for deletion
pCurrDestEntry->MarkRemove();
TRACE(L"remove: RID %d, DN = <%s>\n", pCurrDestEntry->GetRID(), pCurrDestEntry->GetDN());
}
} // for
// catenate the list of additions to the entry list
m_entryList.Merge(&additionsEntryList);
return S_OK;
}
HRESULT _EditGroupMembership(LPCWSTR lpszServer, LPCWSTR lpszUserPath, LPCWSTR lpszGroupDN, BOOL bAdd)
{
// build the full LDAP path of the domain
CPathCracker pathCracker;
HRESULT hr = pathCracker.Set((LPWSTR)lpszServer, ADS_SETTYPE_SERVER);
hr = pathCracker.Set((LPWSTR)lpszGroupDN, ADS_SETTYPE_DN);
CComBSTR bstrGroupPath;
hr = pathCracker.Retrieve(ADS_FORMAT_X500, &bstrGroupPath);
if (FAILED(hr))
{
TRACE(L"PathCracker() failed to build LDAP path. hr = 0x%x\n", hr);
return hr;
}
CComPtr<IADs> spIADs;
hr = DSAdminOpenObject(bstrGroupPath,
IID_IADs,
(void **)&spIADs,
TRUE /*bServer*/);
if (FAILED(hr))
{
TRACE(L"DSAdminOpenObject(%s) on group failed, hr = 0x%x\n", bstrGroupPath, hr);
return hr;
}
hr = spIADs->GetInfo();
CComPtr<IADsGroup> spIADsGroup;
hr = spIADs->QueryInterface(IID_IADsGroup, (void**)&spIADsGroup);
if (bAdd)
{
hr = spIADsGroup->Add((LPWSTR)lpszUserPath);
if (FAILED(hr))
{
TRACE(L"spIADsGroup->Add(%s) on group failed, hr = 0x%x\n", lpszUserPath, hr);
return hr;
}
}
else
{
hr = spIADsGroup->Remove((LPWSTR)lpszUserPath);
if (FAILED(hr))
{
TRACE(L"spIADsGroup->Remove(%s) on group failed, hr = 0x%x\n", lpszUserPath, hr);
return hr;
}
}
hr = spIADsGroup->SetInfo();
if (FAILED(hr))
{
TRACE(L"spIADsGroup->SetInfo() on group failed, hr = 0x%x\n", hr);
return hr;
}
return hr;
}
HRESULT CGroupMembershipHolder::Write()
{
TRACE(L"CGroupMembershipHolder::Write()\n");
#ifdef DBG
m_entryList.Trace(L"Group Membership List:");
#endif // DBG
// get the path of the user object
CComBSTR bstrObjPath;
HRESULT hr = m_spIADs->get_ADsPath(&bstrObjPath);
if (FAILED(hr))
{
TRACE(L"m_spIADs->get_ADsPath() failed with hr = 0x%x\n", hr);
return hr;
}
TRACE(L"bstrPath = %s\n", (LPCWSTR)bstrObjPath);
// retrieve the server name the object is bound to
CString szServer;
hr = GetADSIServerName(OUT szServer, IN m_spIADs);
if (FAILED(hr))
{
TRACE(L"GetADSIServerName() failed with hr = 0x%x\n", hr);
return hr;
}
// first do all the additions
// also remember if we added a primary group
CGroupMembershipEntry* pNewPrimaryGroupEntry = NULL;
TRACE(L"\nfirst do all the additions\n\n");
for (POSITION pos = m_entryList.GetHeadPosition(); pos != NULL; )
{
CGroupMembershipEntry* pCurrEntry = m_entryList.GetNext(pos);
if (pCurrEntry->GetActionType() == CGroupMembershipEntry::add)
{
TRACE(L"add: RID %d, DN = <%s>\n", pCurrEntry->GetRID(), pCurrEntry->GetDN());
pCurrEntry->m_hr = _EditGroupMembership(szServer, bstrObjPath, pCurrEntry->GetDN(), TRUE /*bAdd*/);
if (SUCCEEDED(pCurrEntry->m_hr) && (pCurrEntry->IsPrimaryGroup()))
{
ASSERT(pNewPrimaryGroupEntry == NULL);
pNewPrimaryGroupEntry = pCurrEntry;
}
}
} // for
if (m_bPrimaryGroupFound)
{
// second, do the primary group change
TRACE(L"\ndo the primary group change\n\n");
if (pNewPrimaryGroupEntry != NULL)
{
TRACE(L"new primary: RID %d, DN = <%s>\n",
pNewPrimaryGroupEntry->GetRID(), pNewPrimaryGroupEntry->GetDN());
CComVariant varPrimaryGroupID;
varPrimaryGroupID.vt = VT_I4;
varPrimaryGroupID.lVal = pNewPrimaryGroupEntry->GetRID();
hr = m_spIADs->Put(L"primaryGroupID", varPrimaryGroupID);
if (FAILED(hr))
{
TRACE(L"m_spIADs->Put(primaryGroupID) failed with hr = 0x%x\n", hr);
return hr;
}
hr = m_spIADs->SetInfo();
if (FAILED(hr))
{
TRACE(L"m_spIADs->SetInfo() failed with hr = 0x%x\n", hr);
return hr;
}
}
}
// finally do the deletes
TRACE(L"\ndo the deletes\n\n");
for (pos = m_entryList.GetHeadPosition(); pos != NULL; )
{
CGroupMembershipEntry* pCurrEntry = m_entryList.GetNext(pos);
if (pCurrEntry->GetActionType() == CGroupMembershipEntry::remove)
{
TRACE(L"remove: RID %d, DN = <%s>\n", pCurrEntry->GetRID(), pCurrEntry->GetDN());
pCurrEntry->m_hr = _EditGroupMembership(szServer, bstrObjPath, pCurrEntry->GetDN(), FALSE /*bAdd*/);
}
} // for
return S_OK;
}
void CGroupMembershipHolder::ProcessFailures(HRESULT& hr, CString& szFailureString, BOOL* pPrimaryGroupFound)
{
// reset variables
hr = S_OK;
szFailureString.Empty();
BOOL bFirstOne = TRUE;
BOOL bGotAccessDenied = FALSE;
*pPrimaryGroupFound = m_bPrimaryGroupFound;
// compose the best error code. If one code is access denied,
// return it. If none is access denied, use the first error code
for (POSITION pos = m_entryList.GetHeadPosition(); pos != NULL; )
{
CGroupMembershipEntry* pCurrEntry = m_entryList.GetNext(pos);
if (FAILED(pCurrEntry->m_hr))
{
if (pCurrEntry->m_hr == E_ACCESSDENIED)
{
bGotAccessDenied = TRUE;
}
if (bFirstOne)
{
bFirstOne = FALSE;
hr = pCurrEntry->m_hr;
}
else
{
szFailureString += L"\n";
}
LPWSTR pszCanonical = NULL;
HRESULT hrCanonical =
CrackName((LPWSTR)pCurrEntry->GetDN(), &pszCanonical, GET_OBJ_CAN_NAME, NULL);
if ((S_OK == hrCanonical) && (pszCanonical != NULL))
{
szFailureString += pszCanonical;
LocalFreeStringW(&pszCanonical);
}
else
{
szFailureString += pCurrEntry->GetDN();
}
}
} // for
if (bGotAccessDenied)
{
// override any error we have
hr = E_ACCESSDENIED;
}
}
HRESULT CGroupMembershipHolder::_ReadPrimaryGroupInfo()
{
// from the object SID and the primary group RID, get the full
// primary group info
// read the RID for the primary group
CComVariant varPrimaryGroupID;
HRESULT hr = m_spIADs->Get(L"primaryGroupID", &varPrimaryGroupID);
if (FAILED(hr))
{
TRACE(L"m_spIADs->Get(primaryGroupID, ...) failed, hr = 0x%x\n", hr);
return hr;
}
ASSERT(varPrimaryGroupID.vt == VT_I4);
TRACE(L"primaryGroupID = %d\n", varPrimaryGroupID.lVal);
// now need to map it into actual group information
CString szGroupPath;
PSID pObjSID = m_objectSid.GetSid();
DWORD priGroupRID = varPrimaryGroupID.lVal;
hr = _ConvertRIDtoName(IN m_szDomainLDAPPath,
IN pObjSID,
IN priGroupRID,
OUT szGroupPath);
if (FAILED(hr))
{
TRACE(L"_ConvertRIDtoName() failed, hr = 0x%x\n", hr);
return hr;
}
CComBSTR bstrGroupDN;
if (szGroupPath != L"")
{
m_bPrimaryGroupFound = TRUE;
// from the LDAP path, retrieve the DN
CPathCracker pathCracker;
hr = pathCracker.Set((LPWSTR)(LPCWSTR)szGroupPath, ADS_SETTYPE_FULL);
hr = pathCracker.Retrieve(ADS_FORMAT_X500_DN, &bstrGroupDN);
if (FAILED(hr))
{
TRACE(L"PathCracker() failed to build primary group DN path. hr = 0x%x\n", hr);
return hr;
}
}
else
{
bstrGroupDN = szGroupPath;
}
// create a new entry
CGroupMembershipEntry* pEntry = new CGroupMembershipEntry(priGroupRID, bstrGroupDN);
m_entryList.AddTail(pEntry);
TRACE(L"CGroupMembershipEntry(%d,%s) added to list\n", priGroupRID, bstrGroupDN);
return hr;
}
HRESULT CGroupMembershipHolder::_ReadNonPrimaryGroupInfo()
{
// copy group membership
CComVariant varMemberOf;
HRESULT hr = m_spIADs->Get(L"memberOf", &varMemberOf);
if (hr == E_ADS_PROPERTY_NOT_FOUND)
{
TRACE(L"_ReadNonPrimaryGroupInfo(): memberOf not set\n");
return S_OK;
}
if (FAILED(hr))
{
return hr;
}
CStringList groupList;
hr = HrVariantToStringList(IN varMemberOf, groupList);
if (FAILED(hr))
{
TRACE(L"HrVariantToStringList() failed with hr = 0x%x\n", hr);
return hr;
}
CComBSTR bstrPath;
hr = m_spIADs->get_ADsPath(&bstrPath);
if (FAILED(hr))
{
TRACE(L"m_spIADs->get_ADsPath() failed with hr = 0x%x\n", hr);
return hr;
}
TRACE(L"bstrPath = %s\n", (LPCWSTR)bstrPath);
for (POSITION pos = groupList.GetHeadPosition(); pos != NULL; )
{
CString szGroupDN = groupList.GetNext(pos);
TRACE(_T("szGroupDN: %s\n"), (LPCWSTR)szGroupDN);
CGroupMembershipEntry* pEntry = new CGroupMembershipEntry(0x0, szGroupDN);
m_entryList.AddTail(pEntry);
}
return hr;
}
/////////////////////////////////////////////////////////////////////
// CCopyUserHandler
HRESULT CCopyUserHandler::Init(MyBasePathsInfo* pBasePathsInfo, IADs* pIADsCopyFrom)
{
HRESULT hr = CCopyObjectHandlerBase::Init(pBasePathsInfo, pIADsCopyFrom);
if (FAILED(hr))
{
return hr;
}
// read list of copyable attributes form the schema
hr = m_copyableAttributesHolder.LoadFromSchema(pBasePathsInfo);
if (FAILED(hr))
{
return hr;
}
// read group membership information
hr = m_sourceMembershipHolder.Read(m_spIADsCopyFrom);
if (FAILED(hr))
{
return hr;
}
hr = _ReadPasswordCannotChange();
if (FAILED(hr))
{
return hr;
}
hr = _ReadPasswordMustChange();
return hr;
}
HRESULT CCopyUserHandler::Copy(IADs* pIADsCopyTo, BOOL bPostCommit,
HWND hWnd, LPCWSTR lpszObjectName)
{
HRESULT hr = S_OK;
if (bPostCommit)
{
hr = _CopyGroupMembership(pIADsCopyTo);
if (SUCCEEDED(hr))
{
// might have failed to add to some group(s)
_ShowGroupMembershipWarnings(hWnd, lpszObjectName);
}
if (FAILED(hr))
{
// something went really wrong, need to bail out
return hr;
}
if (m_bNeedToCreateHomeDir)
{
// it might fail under unforeseen circumstances
hr = _CreateHomeDirectory(pIADsCopyTo, lpszObjectName, hWnd);
}
}
else
{
hr = _UpdatePaths(pIADsCopyTo);
}
return hr;
}
HRESULT CCopyUserHandler::_ReadPasswordCannotChange()
{
CChangePasswordPrivilegeAction ChangePasswordPrivilegeAction;
HRESULT hr = ChangePasswordPrivilegeAction.Load(GetCopyFrom());
if (FAILED(hr))
{
TRACE(L"ChangePasswordPrivilegeAction.Load() failed with hr = 0x%x\n", hr);
return hr;
}
hr = ChangePasswordPrivilegeAction.Read(&m_bPasswordCannotChange);
if (FAILED(hr))
{
TRACE(L"ChangePasswordPrivilegeAction.Read() failed with hr = 0x%x\n", hr);
return hr;
}
return S_OK;
}
HRESULT CCopyUserHandler::_ReadPasswordMustChange()
{
CComPtr<IDirectoryObject> spDirObj;
HRESULT hr = GetCopyFrom()->QueryInterface(IID_IDirectoryObject, (void**)&spDirObj);
if (FAILED(hr))
{
return hr;
}
PWSTR rgpwzAttrNames[] = {L"pwdLastSet"};
DWORD cAttrs = 1;
Smart_PADS_ATTR_INFO spAttrs;
hr = spDirObj->GetObjectAttributes(rgpwzAttrNames, cAttrs, &spAttrs, &cAttrs);
if (FAILED(hr))
{
return hr;
}
if ( (_wcsicmp(spAttrs[0].pszAttrName, L"pwdLastSet") != 0) ||
(spAttrs[0].dwADsType != ADSTYPE_LARGE_INTEGER) )
{
return E_FAIL;
}
m_bPasswordMustChange = (spAttrs[0].pADsValues->LargeInteger.QuadPart == 0);
return S_OK;
}
HRESULT CCopyUserHandler::_CopyAttributes(IADs* pIADsCopyTo)
{
ASSERT(pIADsCopyTo != NULL);
ASSERT(m_spIADsCopyFrom != NULL);
HRESULT hr = S_OK;
CComPtr<IADsPropertyList> spIADsPropertyList;
// get a property list interface from the object we want to copy from
hr = m_spIADsCopyFrom->QueryInterface(IID_IADsPropertyList, (void**)&spIADsPropertyList);
if (FAILED(hr))
{
return hr;
}
// ignore the return value and try to continue even if it didn't reset
hr = spIADsPropertyList->Reset();
// loop thru the list of set attributes
CComVariant varProperty;
do
{
hr = spIADsPropertyList->Next(&varProperty);
if (SUCCEEDED(hr))
{
ASSERT(varProperty.vt == VT_DISPATCH);
if (varProperty.pdispVal != NULL)
{
CComPtr<IADsPropertyEntry> spIADsPropertyEntry;
hr = (varProperty.pdispVal)->QueryInterface(IID_IADsPropertyEntry, (void**)&spIADsPropertyEntry);
if (SUCCEEDED(hr))
{
CComBSTR bstrName;
hr = spIADsPropertyEntry->get_Name(&bstrName);
if (SUCCEEDED(hr))
{
TRACE(L" Property Name = <%s>", bstrName);
if (m_copyableAttributesHolder.CanCopy(bstrName))
{
TRACE(L" Can copy: ");
CComVariant varData;
hr = m_spIADsCopyFrom->Get(bstrName, &varData);
if (SUCCEEDED(hr))
{
HRESULT hr1 = pIADsCopyTo->Put(bstrName, varData);
if (SUCCEEDED(hr1))
{
TRACE(L"Added");
}
else
{
TRACE(L"Failed: 0x%x", hr1);
}
}
}
TRACE(L"\n");
}
}
}
}
varProperty.Clear();
}
while (hr == S_OK);
return S_OK;
}
// Given an IADs* of an object, retrieves a string attrubute
// in a variant
HRESULT _GetStringAttribute(IN IADs* pIADs, IN LPCWSTR lpszAttribute, OUT CComVariant& var)
{
TRACE(L"_GetStringAttribute(_, %s, _)\n", lpszAttribute);
HRESULT hr = pIADs->Get((LPWSTR)lpszAttribute, &var);
if (FAILED(hr))
{
TRACE(L"_GetStringAttribute(): pIADs->Get() failed with hr = 0x%x\n", hr);
return hr;
}
if (var.vt != VT_BSTR)
{
TRACE(L"_GetStringAttribute(): failed because var.vt != VT_BSTR\n");
return E_INVALIDARG;
}
return S_OK;
}
BOOL _ChangePathUsingSAMAccountName(IN LPCWSTR lpszSAMAccountNameSource,
IN LPCWSTR lpszSAMAccountDestination,
INOUT CComVariant& varValPath)
{
// NOTICE: we do the substitution only if we find
// something like:
// \\myhost\myshare\JoeB
// i.e. the last token in the path is the source SAM account name
// we change into \\myhost\myshare\FrankM
TRACE(L"_ChangePathUsingSAMAccountName(%s, %s, _)\n",
lpszSAMAccountNameSource, lpszSAMAccountDestination);
ASSERT(lpszSAMAccountNameSource != NULL);
ASSERT(lpszSAMAccountDestination != NULL);
// invalid string
if ( (varValPath.vt != VT_BSTR) || (varValPath.bstrVal == NULL))
{
TRACE(L"returning FALSE, varValPath of wrong type or NULL\n");
return FALSE;
}
CString szSourcePath = varValPath.bstrVal;
TRACE(L"Input value for varValPath.bstrVal = %s\n", varValPath.bstrVal);
// look for a \ as a separator
int iLastSlash = szSourcePath.ReverseFind(L'\\');
if (iLastSlash == -1)
{
//
// No slashes were found
//
TRACE(L"returning FALSE, could not find the \\ at the end of the string\n");
return FALSE;
}
CString szSAMName = szSourcePath.Right(szSourcePath.GetLength() - iLastSlash - 1);
ASSERT(!szSAMName.IsEmpty());
// compare what is after the \ with the source SAM account name
if (szSAMName.CompareNoCase(lpszSAMAccountNameSource) != 0)
{
TRACE(L"returning FALSE, lpszLeaf = %s does not match source SAM account name\n", szSAMName);
return FALSE;
}
CString szBasePath = szSourcePath.Left(iLastSlash + 1);
CString szNewPath = szBasePath + lpszSAMAccountDestination;
// replace old value in variant
::SysFreeString(varValPath.bstrVal);
varValPath.bstrVal = ::SysAllocString(szNewPath);
TRACE(L"returning TRUE, new varValPath.bstrVal = %s\n", varValPath.bstrVal);
return TRUE; // we did a replacement
}
HRESULT _UpdatePathAttribute(IN LPCWSTR lpszAttributeName,
IN LPCWSTR lpszSAMAccountNameSource,
IN LPCWSTR lpszSAMAccountDestination,
IN IADs* pIADsCopySource,
IN IADs* pIADsCopyTo,
OUT BOOL* pbDirChanged)
{
TRACE(L"_UpdatePathAttribute(%s, %s, %s, _, _, _)\n",
lpszAttributeName, lpszSAMAccountNameSource, lpszSAMAccountDestination);
*pbDirChanged = FALSE;
// get the value of the source attribute
CComVariant varVal;
HRESULT hr = pIADsCopySource->Get((LPWSTR)lpszAttributeName, &varVal);
// if attribute not set, nothing to do
if (hr == E_ADS_PROPERTY_NOT_FOUND)
{
TRACE(L"attribute not set, just returning\n");
return E_ADS_PROPERTY_NOT_FOUND;
}
// handle other unexpected failures
if (FAILED(hr))
{
TRACE(L"pIADsCopySource->Get(%s,_) failed with hr = 0x%x\n", lpszAttributeName, hr);
return hr;
}
if (varVal.vt == VT_EMPTY)
{
TRACE(L"just returning because varVal.vt == VT_EMPTY\n");
return E_ADS_PROPERTY_NOT_FOUND;
}
if (varVal.vt != VT_BSTR)
{
TRACE(L"failed because var.vt != VT_BSTR\n");
return E_INVALIDARG;
}
// synthesize the new value of the path, if appropriate
if (_ChangePathUsingSAMAccountName(lpszSAMAccountNameSource, lpszSAMAccountDestination, varVal))
{
// the path got updated, need to update the destination object
hr = pIADsCopyTo->Put((LPWSTR)lpszAttributeName, varVal);
TRACE(L"pIADsCopyTo->Put(%s,_) returned hr = 0x%x\n", lpszAttributeName, hr);
if (SUCCEEDED(hr))
{
*pbDirChanged = TRUE;
}
}
TRACE(L"*pbDirChanged = %d\n", *pbDirChanged);
// we should fail only in really exceptional circumstances
ASSERT(SUCCEEDED(hr));
return hr;
}
HRESULT CCopyUserHandler::_UpdatePaths(IADs* pIADsCopyTo)
{
// NOTICE: we assume that, if the paths are copyable, they have been
// bulk copied when the temporary object was created.
// If the paths have to be adjusted, we overwrite the copy.
TRACE(L"CCopyUserHandler::_UpdatePaths()\n");
// reset the flag for post commit
m_bNeedToCreateHomeDir = FALSE;
BOOL bCopyHomeDir = m_copyableAttributesHolder.CanCopy(g_szHomeDir);
BOOL bCopyProfilePath = m_copyableAttributesHolder.CanCopy(g_szProfilePath);
TRACE(L"bCopyHomeDir = %d, bCopyProfilePath = %d\n", bCopyHomeDir, bCopyProfilePath);
if (!bCopyHomeDir && !bCopyProfilePath)
{
TRACE(L"no need to update anything, bail out\n");
return S_OK;
}
// retrieve the SAM account names of source and destination
// to synthesize the new paths
IADs* pIADsCopySource = GetCopyFrom();
CComVariant varSAMNameSource;
HRESULT hr = _GetStringAttribute(pIADsCopySource, gsz_samAccountName, varSAMNameSource);
if (FAILED(hr))
{
TRACE(L"_GetStringAttribute() failed on source SAM account name\n");
return hr;
}
CComVariant varSAMNameDestination;
hr = _GetStringAttribute(pIADsCopyTo, gsz_samAccountName, varSAMNameDestination);
if (FAILED(hr))
{
TRACE(L"_GetStringAttribute() failed on destination SAM account name\n");
return hr;
}
if (bCopyHomeDir)
{
BOOL bDummy;
hr = _UpdatePathAttribute(g_szHomeDir, varSAMNameSource.bstrVal,
varSAMNameDestination.bstrVal,
pIADsCopySource,
pIADsCopyTo,
&bDummy);
if (hr == E_ADS_PROPERTY_NOT_FOUND)
{
// not set, just clear the HRESULT
hr = S_OK;
}
else
{
// the home directory was set, verify it is a UNC path
CComVariant varDestinationHomeDir;
hr = _GetStringAttribute(pIADsCopyTo, g_szHomeDir, varDestinationHomeDir);
if (FAILED(hr))
{
TRACE(L"_GetStringAttribute() failed on homeDir hr = 0x%x\n", hr);
return hr;
}
m_bNeedToCreateHomeDir = DSPROP_IsValidUNCPath(varDestinationHomeDir.bstrVal);
TRACE(L"DSPROP_IsValidUNCPath(%s) returned = %d\n",
varDestinationHomeDir.bstrVal, m_bNeedToCreateHomeDir);
}
if (FAILED(hr))
{
TRACE(L"_UpdatePathAttribute() failed on homeDir hr = 0x%x\n", hr);
return hr;
}
}
if (bCopyProfilePath)
{
BOOL bDummy;
hr = _UpdatePathAttribute(g_szProfilePath, varSAMNameSource.bstrVal,
varSAMNameDestination.bstrVal,
pIADsCopySource,
pIADsCopyTo,
&bDummy);
if (hr == E_ADS_PROPERTY_NOT_FOUND)
{
// not set, just clear the HRESULT
hr = S_OK;
}
if (FAILED(hr))
{
TRACE(L"_UpdatePathAttribute() failed on profilePath hr = 0x%x\n", hr);
return hr;
}
}
// failure expected only under exceptional circumstances
return S_OK;
}
HRESULT CCopyUserHandler::_CreateHomeDirectory(IADs* pIADsCopyTo,
LPCWSTR lpszObjectName, HWND hWnd)
{
TRACE(L"CCopyUserHandler::_CreateHomeDirectory()\n");
ASSERT(m_bNeedToCreateHomeDir);
// retrieve the home directory attribute
CComVariant VarHomeDir;
HRESULT hr = pIADsCopyTo->Get(g_szHomeDir, &VarHomeDir);
if (FAILED(hr))
{
TRACE(L"pIADsCopyTo->Get(%s,_) failed, hr = 0x%x\n", g_szHomeDir, hr);
return hr;
}
if (VarHomeDir.vt != VT_BSTR)
{
TRACE(L"failing because varVal.vt != VT_BSTR\n");
return E_INVALIDARG;
}
// retrieve the SID of the newly created object
CSid destinationObjectSid;
hr = destinationObjectSid.Init(pIADsCopyTo);
if (FAILED(hr))
{
TRACE(L"destinationObjectSid.Init() failed, , hr = 0x%x\n", hr);
// unforeseen error
PVOID apv[1] = {(LPWSTR)(lpszObjectName) };
ReportErrorEx(hWnd, IDS_CANT_READ_HOME_DIR_SID, hr,
MB_OK | MB_ICONWARNING, apv, 1);
// we cannot proceed further, but we return success because
// we already displayed the error message and we want to treat the
// failure as a warning
return S_OK;
}
// make call to helper function to create directory and set ACL's on it
DWORD dwErr = ::DSPROP_CreateHomeDirectory(destinationObjectSid.GetSid(), VarHomeDir.bstrVal);
TRACE(L"DSPROP_CreateHomeDirectory(%s, pSid) returned dwErr = 0x%x\n", VarHomeDir.bstrVal, dwErr);
if (dwErr != 0)
{
// treat as a warning, display a message and continue
PVOID apv[1] = {VarHomeDir.bstrVal};
UINT nMsgID = 0;
switch (dwErr)
{
case ERROR_ALREADY_EXISTS:
nMsgID = IDS_HOME_DIR_EXISTS;
break;
case ERROR_PATH_NOT_FOUND:
nMsgID = IDS_HOME_DIR_CREATE_FAILED;
break;
case ERROR_LOGON_FAILURE:
case ERROR_NOT_AUTHENTICATED:
case ERROR_INVALID_PASSWORD:
case ERROR_PASSWORD_EXPIRED:
case ERROR_ACCOUNT_DISABLED:
case ERROR_ACCOUNT_LOCKED_OUT:
nMsgID = IDS_HOME_DIR_CREATE_NO_ACCESS;
break;
default:
nMsgID = IDS_HOME_DIR_CREATE_FAIL;
} // switch
HRESULT hrTemp = HRESULT_FROM_WIN32(dwErr);
ReportErrorEx(hWnd, nMsgID, hrTemp,
MB_OK|MB_ICONWARNING , apv, 1);
}
return S_OK;
}
HRESULT CCopyUserHandler::_CopyGroupMembership(IADs* pIADsCopyTo)
{
if (pIADsCopyTo == NULL)
return E_INVALIDARG;
HRESULT hr = pIADsCopyTo->GetInfo();
if (FAILED(hr))
{
TRACE(L"pIADsCopyTo->GetInfo() failed with hr = 0x%x\n", hr);
return hr;
}
CGroupMembershipHolder destinationMembership;
hr = destinationMembership.Read(pIADsCopyTo);
if (FAILED(hr))
{
TRACE(L"destinationMembership.Read(pIADsCopyTo) failed with hr = 0x%x\n", hr);
return hr;
}
hr = destinationMembership.CopyFrom(&m_sourceMembershipHolder);
if (FAILED(hr))
{
TRACE(L"destinationMembership.CopyFrom() failed with hr = 0x%x\n", hr);
return hr;
}
hr = destinationMembership.Write();
if (FAILED(hr))
{
// something unexpected failed and we are going to percolate
// it to the wizards for a generic warning message
TRACE(L"destinationMembership.Write() failed with hr = 0x%x\n", hr);
return hr;
}
// there can be failures related to acccess denied on some groups
// we handle them with a cumulative warning
destinationMembership.ProcessFailures(m_hrFailure, m_szFailureString, &m_bPrimaryGroupFound);
return S_OK;
}
void CCopyUserHandler::_ShowGroupMembershipWarnings(HWND hWnd, LPCWSTR lpszObjectName)
{
if (!m_bPrimaryGroupFound)
{
// Some message box
ReportMessageEx(hWnd, IDS_123_CANT_COPY_PRIMARY_GROUP_NOT_FOUND,
MB_OK | MB_ICONWARNING);
}
if (m_szFailureString.IsEmpty())
{
// we have nothing
return;
}
// we have an HRESULT we can use
ASSERT(FAILED(m_hrFailure));
UINT nMsgID = (m_hrFailure == E_ACCESSDENIED) ?
IDS_123_CANT_COPY_SOME_GROUP_MEMBERSHIP_ACCESS_DENIED :
IDS_123_CANT_COPY_SOME_GROUP_MEMBERSHIP;
PVOID apv[2] = {(LPWSTR)(lpszObjectName), (LPWSTR)(LPCWSTR)m_szFailureString };
ReportErrorEx(hWnd,nMsgID, m_hrFailure,
MB_OK | MB_ICONERROR, apv, 2);
}