1125 lines
28 KiB
C++
1125 lines
28 KiB
C++
|
/*++
|
|||
|
|
|||
|
Microsoft Windows
|
|||
|
|
|||
|
Copyright (C) Microsoft Corporation, 1998 - 2001
|
|||
|
|
|||
|
Module Name:
|
|||
|
|
|||
|
time.c
|
|||
|
|
|||
|
Abstract:
|
|||
|
|
|||
|
Handles the various functions for the time functionality of netdom
|
|||
|
|
|||
|
--*/
|
|||
|
#include "pch.h"
|
|||
|
#pragma hdrstop
|
|||
|
#include <netdom.h>
|
|||
|
|
|||
|
|
|||
|
DWORD
|
|||
|
NetDompTimeGetDc(
|
|||
|
IN PWSTR Domain,
|
|||
|
IN PWSTR DestServer,
|
|||
|
IN PND5_AUTH_INFO AuthInfo,
|
|||
|
OUT PWSTR *Dc
|
|||
|
)
|
|||
|
/*++
|
|||
|
|
|||
|
Routine Description:
|
|||
|
|
|||
|
This function will find the DC to use as a time source for the given machine
|
|||
|
|
|||
|
Arguments:
|
|||
|
|
|||
|
Domain - Domain to get a time source from
|
|||
|
|
|||
|
DestServer - Server for which we need a time source
|
|||
|
|
|||
|
AuthInfo - Auth info to connect to the destination server for
|
|||
|
|
|||
|
Dc - Where the dc name is returned. Freed via NetApiBufferFree
|
|||
|
|
|||
|
Return Value:
|
|||
|
|
|||
|
ERROR_INVALID_PARAMETER - No object name was supplied
|
|||
|
|
|||
|
--*/
|
|||
|
{
|
|||
|
DWORD Win32Err = ERROR_SUCCESS;
|
|||
|
PDOMAIN_CONTROLLER_INFO DcInfo = NULL;
|
|||
|
BOOL Retry = FALSE;
|
|||
|
WCHAR FlatName[ CNLEN + 1 ];
|
|||
|
ULONG Len = CNLEN + 1;
|
|||
|
|
|||
|
//
|
|||
|
// Get a server name
|
|||
|
//
|
|||
|
Win32Err = DsGetDcName( NULL,
|
|||
|
Domain,
|
|||
|
NULL,
|
|||
|
NULL,
|
|||
|
DS_GOOD_TIMESERV_PREFERRED,
|
|||
|
&DcInfo );
|
|||
|
|
|||
|
//
|
|||
|
// If we have a destination server specified, make sure that we
|
|||
|
// aren't talking to ourselves... That would kind of defeat the purpose
|
|||
|
//
|
|||
|
if ( Win32Err == ERROR_SUCCESS && DestServer ) {
|
|||
|
|
|||
|
if ( !_wcsicmp( DcInfo->DomainControllerName + 2, DestServer ) ) {
|
|||
|
|
|||
|
Retry = TRUE;
|
|||
|
|
|||
|
} else {
|
|||
|
|
|||
|
//
|
|||
|
// Handle the case where we have a Dns dc name and a netbios server name
|
|||
|
//
|
|||
|
if ( wcslen( DestServer ) <= CNLEN && FLAG_ON( DcInfo->Flags, DS_IS_DNS_NAME ) ) {
|
|||
|
|
|||
|
if ( !DnsHostnameToComputerName( DcInfo->DomainControllerName + 2,
|
|||
|
FlatName,
|
|||
|
&Len ) ) {
|
|||
|
|
|||
|
Win32Err = GetLastError();
|
|||
|
|
|||
|
} else {
|
|||
|
|
|||
|
if ( !_wcsicmp( FlatName, DestServer ) ) {
|
|||
|
|
|||
|
Retry = TRUE;
|
|||
|
}
|
|||
|
}
|
|||
|
}
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
//
|
|||
|
// We have a dc name specified, so connect to that machine, and try it again, with
|
|||
|
// the AvoidSelf flag. If we can't (like this is an NT4 PDC) then return that we
|
|||
|
// can't find a dc
|
|||
|
//
|
|||
|
if ( Win32Err == ERROR_SUCCESS && Retry ) {
|
|||
|
|
|||
|
NetApiBufferFree( DcInfo );
|
|||
|
DcInfo = NULL;
|
|||
|
|
|||
|
Win32Err = NetpManageIPCConnect( DestServer,
|
|||
|
AuthInfo->User,
|
|||
|
AuthInfo->Password,
|
|||
|
NETSETUPP_CONNECT_IPC );
|
|||
|
|
|||
|
if ( Win32Err == ERROR_SUCCESS ) {
|
|||
|
|
|||
|
Win32Err = DsGetDcName( DestServer,
|
|||
|
Domain,
|
|||
|
NULL,
|
|||
|
NULL,
|
|||
|
DS_GOOD_TIMESERV_PREFERRED | DS_AVOID_SELF,
|
|||
|
&DcInfo );
|
|||
|
|
|||
|
NetpManageIPCConnect( DestServer,
|
|||
|
AuthInfo->User,
|
|||
|
AuthInfo->Password,
|
|||
|
NETSETUPP_DISCONNECT_IPC );
|
|||
|
}
|
|||
|
|
|||
|
|
|||
|
}
|
|||
|
|
|||
|
|
|||
|
//
|
|||
|
// Copy the name if everything worked
|
|||
|
//
|
|||
|
if ( Win32Err == ERROR_SUCCESS ) {
|
|||
|
|
|||
|
Win32Err = NetApiBufferAllocate( ( wcslen( DcInfo->DomainControllerName + 2 ) + 1 ) *
|
|||
|
sizeof( WCHAR ),
|
|||
|
(PVOID*)Dc );
|
|||
|
if ( Win32Err == ERROR_SUCCESS ) {
|
|||
|
|
|||
|
wcscpy( *Dc, DcInfo->DomainControllerName + 2 );
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
NetApiBufferFree( DcInfo );
|
|||
|
|
|||
|
return( Win32Err );
|
|||
|
}
|
|||
|
|
|||
|
|
|||
|
|
|||
|
DWORD
|
|||
|
NetDompEnableSystimePriv(
|
|||
|
VOID
|
|||
|
)
|
|||
|
/*++
|
|||
|
|
|||
|
Routine Description:
|
|||
|
|
|||
|
This function will enable the systemtime privilege for the current thread
|
|||
|
|
|||
|
Arguments:
|
|||
|
|
|||
|
VOID
|
|||
|
|
|||
|
Return Value:
|
|||
|
|
|||
|
ERROR_INVALID_PARAMETER - No object name was supplied
|
|||
|
|
|||
|
--*/
|
|||
|
{
|
|||
|
NTSTATUS Status;
|
|||
|
HANDLE ThreadToken;
|
|||
|
TOKEN_PRIVILEGES Enabled, Previous;
|
|||
|
DWORD PreviousSize;
|
|||
|
|
|||
|
Status = NtOpenThreadToken( NtCurrentThread(),
|
|||
|
TOKEN_READ | TOKEN_WRITE,
|
|||
|
TRUE,
|
|||
|
&ThreadToken );
|
|||
|
|
|||
|
if ( Status == STATUS_NO_TOKEN ) {
|
|||
|
|
|||
|
Status = NtOpenProcessToken( NtCurrentProcess(),
|
|||
|
TOKEN_WRITE | TOKEN_READ,
|
|||
|
&ThreadToken );
|
|||
|
}
|
|||
|
|
|||
|
if ( NT_SUCCESS( Status ) ) {
|
|||
|
|
|||
|
Enabled.PrivilegeCount = 1;
|
|||
|
Enabled.Privileges[0].Luid.LowPart = SE_SYSTEMTIME_PRIVILEGE;
|
|||
|
Enabled.Privileges[0].Luid.HighPart = 0;
|
|||
|
Enabled.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
|
|||
|
PreviousSize = sizeof( Previous );
|
|||
|
|
|||
|
Status = NtAdjustPrivilegesToken( ThreadToken,
|
|||
|
FALSE,
|
|||
|
&Enabled,
|
|||
|
sizeof( Enabled ),
|
|||
|
&Previous,
|
|||
|
&PreviousSize );
|
|||
|
}
|
|||
|
|
|||
|
return( RtlNtStatusToDosError( Status ) );
|
|||
|
}
|
|||
|
|
|||
|
|
|||
|
|
|||
|
DWORD
|
|||
|
NetDompGetTimeTripLength(
|
|||
|
IN PWSTR Server,
|
|||
|
IN OUT PDWORD TripLength
|
|||
|
)
|
|||
|
/*++
|
|||
|
|
|||
|
Routine Description:
|
|||
|
|
|||
|
This function will get an approximate elapsed time for getting the time from a domain
|
|||
|
controller
|
|||
|
|
|||
|
Arguments:
|
|||
|
|
|||
|
Server - Server to get the elapsed trip time for
|
|||
|
|
|||
|
TripLength - Number of ticks it takes to get the time
|
|||
|
|
|||
|
Return Value:
|
|||
|
|
|||
|
ERROR_SUCCESS - The function succeeded
|
|||
|
|
|||
|
--*/
|
|||
|
{
|
|||
|
DWORD Win32Err = ERROR_SUCCESS;
|
|||
|
ULONG StartTime, EndTime, ElapsedTime = 0, i;
|
|||
|
PTIME_OF_DAY_INFO TOD;
|
|||
|
#define NETDOMP_NUM_TRIPS 2
|
|||
|
|
|||
|
//
|
|||
|
// Get the average from several time trips
|
|||
|
//
|
|||
|
for ( i = 0; i < NETDOMP_NUM_TRIPS && Win32Err == ERROR_SUCCESS; i++ ) {
|
|||
|
|
|||
|
StartTime = GetTickCount();
|
|||
|
Win32Err = NetRemoteTOD( Server, ( LPBYTE * )&TOD );
|
|||
|
EndTime = GetTickCount();
|
|||
|
ElapsedTime += ( EndTime - StartTime );
|
|||
|
|
|||
|
NetApiBufferFree( TOD );
|
|||
|
}
|
|||
|
|
|||
|
if ( Win32Err == ERROR_SUCCESS ) {
|
|||
|
|
|||
|
*TripLength = ElapsedTime / NETDOMP_NUM_TRIPS;
|
|||
|
}
|
|||
|
|
|||
|
|
|||
|
return( Win32Err );
|
|||
|
}
|
|||
|
|
|||
|
|
|||
|
DWORD
|
|||
|
NetDompResetSingleClient(
|
|||
|
IN PWSTR Server,
|
|||
|
IN PWSTR Dc,
|
|||
|
IN PND5_AUTH_INFO ObjectAuthInfo,
|
|||
|
IN DWORD DcDelay
|
|||
|
)
|
|||
|
/*++
|
|||
|
|
|||
|
Routine Description:
|
|||
|
|
|||
|
This function sync the time between and NT5 client and the specified domain controller
|
|||
|
|
|||
|
Arguments:
|
|||
|
|
|||
|
Server - Server to reset the time for
|
|||
|
|
|||
|
Dc - Domain controller to sync the time against
|
|||
|
|
|||
|
ObjectAuthInfo - User info to connect to the server as
|
|||
|
|
|||
|
DcDelay - The amount of time it takes to talk to the dc
|
|||
|
|
|||
|
Return Value:
|
|||
|
|
|||
|
ERROR_SUCCESS - The function succeeded
|
|||
|
|
|||
|
--*/
|
|||
|
{
|
|||
|
DWORD Win32Err = ERROR_SUCCESS;
|
|||
|
BOOL Connected = FALSE;
|
|||
|
//PSTR ServerA = NULL;
|
|||
|
|
|||
|
//
|
|||
|
// Set up a connection to the client machine
|
|||
|
//
|
|||
|
Win32Err = NetpManageIPCConnect( Server,
|
|||
|
ObjectAuthInfo->User,
|
|||
|
ObjectAuthInfo->Password,
|
|||
|
NETSETUPP_CONNECT_IPC );
|
|||
|
if ( Win32Err == ERROR_SUCCESS ) {
|
|||
|
|
|||
|
Connected = TRUE;
|
|||
|
|
|||
|
} else {
|
|||
|
|
|||
|
goto ResetSingleError;
|
|||
|
}
|
|||
|
|
|||
|
//if ( Server ) {
|
|||
|
//
|
|||
|
// Win32Err = NetApiBufferAllocate( wcstombs( NULL, Server, wcslen( Server ) + 1 ) + 3,
|
|||
|
// &ServerA );
|
|||
|
// if ( Win32Err != ERROR_SUCCESS ) {
|
|||
|
//
|
|||
|
// goto ResetSingleError;
|
|||
|
// }
|
|||
|
//
|
|||
|
// if ( *Server == L'\\' ) {
|
|||
|
//
|
|||
|
// strcpy( ServerA, "\\\\" );
|
|||
|
// wcstombs( ServerA + 2, Server, wcslen( Server ) + 1 );
|
|||
|
//
|
|||
|
// } else {
|
|||
|
//
|
|||
|
// wcstombs( ServerA, Server, wcslen( Server ) + 1 );
|
|||
|
// }
|
|||
|
//}
|
|||
|
|
|||
|
Win32Err = W32TimeSyncNow( Server,
|
|||
|
FALSE, // no wait
|
|||
|
TimeSyncFlag_HardResync );
|
|||
|
|
|||
|
ResetSingleError:
|
|||
|
|
|||
|
if ( Connected ) {
|
|||
|
|
|||
|
NetpManageIPCConnect( Server,
|
|||
|
ObjectAuthInfo->User,
|
|||
|
ObjectAuthInfo->Password,
|
|||
|
NETSETUPP_DISCONNECT_IPC );
|
|||
|
}
|
|||
|
|
|||
|
//NetApiBufferFree( ServerA );
|
|||
|
return( Win32Err );
|
|||
|
}
|
|||
|
|
|||
|
|
|||
|
DWORD
|
|||
|
NetDompVerifySingleClient(
|
|||
|
IN PWSTR Server,
|
|||
|
IN PWSTR Dc,
|
|||
|
IN PND5_AUTH_INFO ObjectAuthInfo,
|
|||
|
IN DWORD DcDelay,
|
|||
|
IN BOOL * InSync
|
|||
|
)
|
|||
|
/*++
|
|||
|
|
|||
|
Routine Description:
|
|||
|
|
|||
|
This function will verify that the time between the specified server and domain controller
|
|||
|
is within the acceptable skew
|
|||
|
|
|||
|
Arguments:
|
|||
|
|
|||
|
Server - Server to verify the time for
|
|||
|
|
|||
|
Dc - Domain controller to verify the time against
|
|||
|
|
|||
|
ObjectAuthInfo - User and password to connect to the client as
|
|||
|
|
|||
|
DcDelay - How long does it take to get the time from the domain controller
|
|||
|
|
|||
|
InSync - Where the results are returned.
|
|||
|
|
|||
|
Return Value:
|
|||
|
|
|||
|
ERROR_SUCCESS - The function succeeded
|
|||
|
|
|||
|
--*/
|
|||
|
{
|
|||
|
DWORD Win32Err = ERROR_SUCCESS;
|
|||
|
SYSTEMTIME StartTime, EndTime;
|
|||
|
PTIME_OF_DAY_INFO DcTOD = NULL, ClientTOD = NULL;
|
|||
|
BOOL Connected = FALSE;
|
|||
|
FILETIME StartFile, EndFile;
|
|||
|
LARGE_INTEGER ElapsedTime, TimeDifference, DcTime, ClientTime, UpdatedDcTime, TimeSkew,
|
|||
|
AllowedSkew;
|
|||
|
TIME_FIELDS TimeFields;
|
|||
|
LARGE_INTEGER SystemTime;
|
|||
|
|
|||
|
//
|
|||
|
// Set the allowable time skew. 600,000,000L is the number of 100 nanoseconds in a minute
|
|||
|
//
|
|||
|
#define NETDOMP_VERIFY_SKEW 0xB2D05E00
|
|||
|
|
|||
|
//
|
|||
|
// Assume the clocks are fine
|
|||
|
//
|
|||
|
*InSync = TRUE;
|
|||
|
|
|||
|
//
|
|||
|
// Set up a connection to the client machine
|
|||
|
//
|
|||
|
Win32Err = NetpManageIPCConnect( Server,
|
|||
|
ObjectAuthInfo->User,
|
|||
|
ObjectAuthInfo->Password,
|
|||
|
NETSETUPP_CONNECT_IPC );
|
|||
|
if ( Win32Err == ERROR_SUCCESS ) {
|
|||
|
|
|||
|
Connected = TRUE;
|
|||
|
|
|||
|
} else {
|
|||
|
|
|||
|
goto VerifySingleError;
|
|||
|
}
|
|||
|
|
|||
|
//
|
|||
|
// Ok, first, we get the time on the dc, then we get the time on the client, keeping in mind
|
|||
|
// how long that takes,
|
|||
|
//
|
|||
|
Win32Err = NetRemoteTOD( Dc, ( LPBYTE * )&DcTOD );
|
|||
|
|
|||
|
if ( Win32Err == ERROR_SUCCESS ) {
|
|||
|
|
|||
|
Win32Err = NetRemoteTOD( Server, ( LPBYTE * )&ClientTOD );
|
|||
|
|
|||
|
}
|
|||
|
|
|||
|
if ( Win32Err != ERROR_SUCCESS ) {
|
|||
|
|
|||
|
goto VerifySingleError;
|
|||
|
}
|
|||
|
|
|||
|
//
|
|||
|
// Ok, now we've gotten all the info we need, assemble it... Note that we are only computing
|
|||
|
// the difference in time here...
|
|||
|
//
|
|||
|
SystemTimeToFileTime( &StartTime, &StartFile );
|
|||
|
SystemTimeToFileTime( &EndTime, &EndFile );
|
|||
|
|
|||
|
|
|||
|
ElapsedTime = RtlLargeIntegerSubtract( *( PLARGE_INTEGER )&EndFile,
|
|||
|
*( PLARGE_INTEGER )&StartFile );
|
|||
|
|
|||
|
|
|||
|
TimeFields.Hour = ( WORD )DcTOD->tod_hours;
|
|||
|
TimeFields.Minute = ( WORD )DcTOD->tod_mins;
|
|||
|
TimeFields.Second = ( WORD )DcTOD->tod_secs;
|
|||
|
TimeFields.Milliseconds = ( WORD )DcTOD->tod_hunds * 10;
|
|||
|
TimeFields.Day = ( WORD )DcTOD->tod_day;
|
|||
|
TimeFields.Month = ( WORD )DcTOD->tod_month;
|
|||
|
TimeFields.Year = ( WORD )DcTOD->tod_year;
|
|||
|
|
|||
|
if ( !RtlTimeFieldsToTime( &TimeFields, &DcTime ) ) {
|
|||
|
|
|||
|
Win32Err = ERROR_INVALID_PARAMETER;
|
|||
|
}
|
|||
|
|
|||
|
TimeFields.Hour = ( WORD )ClientTOD->tod_hours;
|
|||
|
TimeFields.Minute = ( WORD )ClientTOD->tod_mins;
|
|||
|
TimeFields.Second = ( WORD )ClientTOD->tod_secs;
|
|||
|
TimeFields.Milliseconds = ( WORD )ClientTOD->tod_hunds * 10;
|
|||
|
TimeFields.Day = ( WORD )ClientTOD->tod_day;
|
|||
|
TimeFields.Month = ( WORD )ClientTOD->tod_month;
|
|||
|
TimeFields.Year = ( WORD )ClientTOD->tod_year;
|
|||
|
|
|||
|
if ( !RtlTimeFieldsToTime( &TimeFields, &ClientTime ) ) {
|
|||
|
|
|||
|
Win32Err = ERROR_INVALID_PARAMETER;
|
|||
|
}
|
|||
|
|
|||
|
//
|
|||
|
// Add the time it takes to get the time from the dc.
|
|||
|
//
|
|||
|
UpdatedDcTime = RtlLargeIntegerAdd( DcTime, ElapsedTime );
|
|||
|
|
|||
|
//
|
|||
|
// Compute the difference in time
|
|||
|
//
|
|||
|
if ( RtlLargeIntegerGreaterThan( UpdatedDcTime, ClientTime ) ) {
|
|||
|
|
|||
|
TimeSkew = RtlLargeIntegerSubtract( UpdatedDcTime,
|
|||
|
ClientTime );
|
|||
|
} else {
|
|||
|
|
|||
|
TimeSkew = RtlLargeIntegerSubtract( ClientTime,
|
|||
|
UpdatedDcTime );
|
|||
|
}
|
|||
|
|
|||
|
//
|
|||
|
// Now, see if there is a time difference greater than the allowable skew
|
|||
|
//
|
|||
|
AllowedSkew = RtlConvertUlongToLargeInteger( NETDOMP_VERIFY_SKEW );
|
|||
|
|
|||
|
if ( RtlLargeIntegerGreaterThan( TimeSkew, AllowedSkew ) ) {
|
|||
|
|
|||
|
*InSync = FALSE;
|
|||
|
}
|
|||
|
|
|||
|
|
|||
|
|
|||
|
|
|||
|
VerifySingleError:
|
|||
|
|
|||
|
if ( Connected ) {
|
|||
|
|
|||
|
NetpManageIPCConnect( Server,
|
|||
|
ObjectAuthInfo->User,
|
|||
|
ObjectAuthInfo->Password,
|
|||
|
NETSETUPP_DISCONNECT_IPC );
|
|||
|
}
|
|||
|
|
|||
|
NetApiBufferFree( ClientTOD );
|
|||
|
NetApiBufferFree( DcTOD );
|
|||
|
return( Win32Err );
|
|||
|
}
|
|||
|
|
|||
|
|
|||
|
|
|||
|
VOID
|
|||
|
NetDompDisplayTimeVerify(
|
|||
|
IN PWSTR Server,
|
|||
|
IN DWORD Results,
|
|||
|
IN BOOL InSync
|
|||
|
)
|
|||
|
/*++
|
|||
|
|
|||
|
Routine Description:
|
|||
|
|
|||
|
This function will display the results of the time verification
|
|||
|
|
|||
|
Arguments:
|
|||
|
|
|||
|
Server - Server which had the time verified
|
|||
|
|
|||
|
Results - The error code of the verification attempt
|
|||
|
|
|||
|
InSync - Whether the clocks are within the skew. Only valid if Results is ERROR_SUCCESS
|
|||
|
|
|||
|
Return Value:
|
|||
|
|
|||
|
VOID
|
|||
|
|
|||
|
--*/
|
|||
|
{
|
|||
|
NetDompDisplayMessage( MSG_TIME_COMPUTER, Server );
|
|||
|
if ( Results != ERROR_SUCCESS ) {
|
|||
|
|
|||
|
NetDompDisplayErrorMessage( Results );
|
|||
|
|
|||
|
} else {
|
|||
|
|
|||
|
NetDompDisplayMessage( InSync ? MSG_TIME_SUCCESS : MSG_TIME_FAILURE );
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
|
|||
|
|
|||
|
DWORD
|
|||
|
NetDompVerifyTime(
|
|||
|
IN PWSTR Domain,
|
|||
|
IN PWSTR Server, OPTIONAL
|
|||
|
IN PND5_AUTH_INFO DomainAuthInfo,
|
|||
|
IN PND5_AUTH_INFO ObjectAuthInfo,
|
|||
|
IN PWSTR Dc,
|
|||
|
IN BOOL AllWorkstation,
|
|||
|
IN BOOL AllServer
|
|||
|
)
|
|||
|
/*++
|
|||
|
|
|||
|
Routine Description:
|
|||
|
|
|||
|
This function will verify the time between some or all of the servers/workstations in a
|
|||
|
domain against the specified domain controller
|
|||
|
|
|||
|
Arguments:
|
|||
|
|
|||
|
Domain - Domain containing the servers/workstations
|
|||
|
|
|||
|
Server - Name of a specific machine to verify the time for
|
|||
|
|
|||
|
DomainAuthInfo - User and password for the domain controller
|
|||
|
|
|||
|
ObjectAuthInfo - User and password for the servers/workstations
|
|||
|
|
|||
|
Dc - Name of a domain controller in the domain to use as a time source
|
|||
|
|
|||
|
AllWorkstation - If TRUE, verify the time for all the workstations
|
|||
|
|
|||
|
AllServer - If TRUE, verify the time for all the servers
|
|||
|
|
|||
|
Return Value:
|
|||
|
|
|||
|
ERROR_SUCCESS - The function succeeded
|
|||
|
|
|||
|
ERROR_INVALID_PARAMETER - No server, workstation or machine was specified
|
|||
|
|
|||
|
--*/
|
|||
|
{
|
|||
|
DWORD Win32Err = ERROR_SUCCESS, Err2;
|
|||
|
BOOL DcSession = FALSE, InSync;
|
|||
|
DWORD DcDelay;
|
|||
|
LPUSER_INFO_0 UserList = NULL;
|
|||
|
PWSTR FullDc = NULL, Lop;
|
|||
|
ULONG ResumeHandle = 0, Count = 0, TotalCount = 0, i, j;
|
|||
|
ULONG Types[] = {
|
|||
|
FILTER_WORKSTATION_TRUST_ACCOUNT,
|
|||
|
FILTER_SERVER_TRUST_ACCOUNT
|
|||
|
};
|
|||
|
BOOL ProcessType[ sizeof( Types ) / sizeof( ULONG ) ];
|
|||
|
|
|||
|
ProcessType[ 0 ] = AllWorkstation;
|
|||
|
ProcessType[ 1 ] = AllServer;
|
|||
|
|
|||
|
//
|
|||
|
// Make sure that there is something to do
|
|||
|
//
|
|||
|
if ( !Server && !AllWorkstation && !AllServer ) {
|
|||
|
|
|||
|
return( ERROR_INVALID_PARAMETER );
|
|||
|
}
|
|||
|
|
|||
|
//
|
|||
|
// Build a full machine name
|
|||
|
//
|
|||
|
if ( Dc && *Dc != L'\\' ) {
|
|||
|
|
|||
|
Win32Err = NetApiBufferAllocate( ( wcslen( Dc ) + 3 ) * sizeof( WCHAR ),
|
|||
|
( PVOID * )&FullDc );
|
|||
|
|
|||
|
if ( Win32Err == ERROR_SUCCESS ) {
|
|||
|
|
|||
|
swprintf( FullDc, L"\\\\%ws", Dc );
|
|||
|
}
|
|||
|
|
|||
|
} else {
|
|||
|
|
|||
|
FullDc = Dc;
|
|||
|
}
|
|||
|
|
|||
|
|
|||
|
//
|
|||
|
// Set up a session
|
|||
|
//
|
|||
|
Win32Err = NetpManageIPCConnect( FullDc,
|
|||
|
DomainAuthInfo->User,
|
|||
|
DomainAuthInfo->Password,
|
|||
|
NETSETUPP_CONNECT_IPC );
|
|||
|
if ( Win32Err == ERROR_SUCCESS ) {
|
|||
|
|
|||
|
DcSession = FALSE;
|
|||
|
}
|
|||
|
|
|||
|
//
|
|||
|
// See how long it takes to get to the dc
|
|||
|
//
|
|||
|
if ( Win32Err == ERROR_SUCCESS ) {
|
|||
|
|
|||
|
Win32Err = NetDompGetTimeTripLength( Dc,
|
|||
|
&DcDelay );
|
|||
|
}
|
|||
|
|
|||
|
if ( Win32Err != ERROR_SUCCESS ) {
|
|||
|
|
|||
|
goto VerifyTimeError;
|
|||
|
}
|
|||
|
|
|||
|
|
|||
|
NetDompDisplayMessage( MSG_TIME_VERIFY );
|
|||
|
|
|||
|
//
|
|||
|
// Verify a single machine
|
|||
|
//
|
|||
|
if ( Server ) {
|
|||
|
|
|||
|
Win32Err = NetDompVerifySingleClient( Server,
|
|||
|
Dc,
|
|||
|
ObjectAuthInfo,
|
|||
|
DcDelay,
|
|||
|
&InSync );
|
|||
|
NetDompDisplayTimeVerify( Server,
|
|||
|
Win32Err,
|
|||
|
InSync );
|
|||
|
}
|
|||
|
|
|||
|
//
|
|||
|
// Verify all the workstations/servers, if requested.
|
|||
|
//
|
|||
|
for ( i = 0; i < sizeof( Types ) / sizeof( ULONG ); i++ ) {
|
|||
|
|
|||
|
if ( !ProcessType[ i ] ) {
|
|||
|
|
|||
|
continue;
|
|||
|
}
|
|||
|
|
|||
|
do {
|
|||
|
|
|||
|
Win32Err = NetUserEnum( FullDc,
|
|||
|
0,
|
|||
|
Types[ i ],
|
|||
|
( LPBYTE * )&UserList,
|
|||
|
MAX_PREFERRED_LENGTH,
|
|||
|
&Count,
|
|||
|
&TotalCount,
|
|||
|
&ResumeHandle );
|
|||
|
|
|||
|
if ( Win32Err == ERROR_SUCCESS || Win32Err == ERROR_MORE_DATA ) {
|
|||
|
|
|||
|
for ( j = 0; j < Count; j++ ) {
|
|||
|
|
|||
|
Lop = wcsrchr( UserList[ j ].usri0_name, L'$' );
|
|||
|
if ( Lop ) {
|
|||
|
|
|||
|
*Lop = UNICODE_NULL;
|
|||
|
}
|
|||
|
|
|||
|
Err2 = NetDompVerifySingleClient( UserList[ j ].usri0_name,
|
|||
|
Dc,
|
|||
|
ObjectAuthInfo,
|
|||
|
DcDelay,
|
|||
|
&InSync );
|
|||
|
NetDompDisplayTimeVerify( UserList[ j ].usri0_name,
|
|||
|
Err2,
|
|||
|
InSync );
|
|||
|
|
|||
|
}
|
|||
|
NetApiBufferFree( UserList );
|
|||
|
}
|
|||
|
|
|||
|
} while ( Win32Err == ERROR_MORE_DATA );
|
|||
|
|
|||
|
}
|
|||
|
|
|||
|
VerifyTimeError:
|
|||
|
|
|||
|
if ( DcSession ) {
|
|||
|
|
|||
|
NetpManageIPCConnect( FullDc,
|
|||
|
DomainAuthInfo->User,
|
|||
|
DomainAuthInfo->Password,
|
|||
|
NETSETUPP_DISCONNECT_IPC );
|
|||
|
}
|
|||
|
|
|||
|
if ( FullDc != Dc ) {
|
|||
|
|
|||
|
NetApiBufferFree( FullDc );
|
|||
|
}
|
|||
|
|
|||
|
return( Win32Err );
|
|||
|
}
|
|||
|
|
|||
|
|
|||
|
|
|||
|
DWORD
|
|||
|
NetDompResetTime(
|
|||
|
IN PWSTR Domain,
|
|||
|
IN PWSTR Server, OPTIONAL
|
|||
|
IN PND5_AUTH_INFO DomainAuthInfo,
|
|||
|
IN PND5_AUTH_INFO ObjectAuthInfo,
|
|||
|
IN PWSTR Dc,
|
|||
|
IN BOOL AllWorkstation,
|
|||
|
IN BOOL AllServer
|
|||
|
)
|
|||
|
/*++
|
|||
|
|
|||
|
Routine Description:
|
|||
|
|
|||
|
This function will reset the time between some or all of the servers/workstations in a
|
|||
|
domain against the specified domain controller
|
|||
|
|
|||
|
Arguments:
|
|||
|
|
|||
|
Domain - Domain containing the servers/workstations
|
|||
|
|
|||
|
Server - Name of a specific machine to reset the time for
|
|||
|
|
|||
|
DomainAuthInfo - User and password for the domain controller
|
|||
|
|
|||
|
ObjectAuthInfo - User and password for the servers/workstations
|
|||
|
|
|||
|
Dc - Name of a domain controller in the domain to use as a time source
|
|||
|
|
|||
|
AllWorkstation - If TRUE, reset the time for all the workstations
|
|||
|
|
|||
|
AllServer - If TRUE, reset the time for all the servers
|
|||
|
|
|||
|
Return Value:
|
|||
|
|
|||
|
ERROR_SUCCESS - The function succeeded
|
|||
|
|
|||
|
ERROR_INVALID_PARAMETER - No server, workstation or machine was specified
|
|||
|
|
|||
|
--*/
|
|||
|
{
|
|||
|
DWORD Win32Err = ERROR_SUCCESS, Err2;
|
|||
|
BOOL DcSession = FALSE, InSync;
|
|||
|
DWORD DcDelay;
|
|||
|
LPUSER_INFO_0 UserList = NULL;
|
|||
|
PWSTR FullDc = NULL, Lop;
|
|||
|
ULONG ResumeHandle = 0, Count = 0, TotalCount = 0, i, j;
|
|||
|
ULONG Types[] = {
|
|||
|
FILTER_WORKSTATION_TRUST_ACCOUNT,
|
|||
|
FILTER_SERVER_TRUST_ACCOUNT
|
|||
|
};
|
|||
|
BOOL ProcessType[ sizeof( Types ) / sizeof( ULONG ) ];
|
|||
|
|
|||
|
ProcessType[ 0 ] = AllWorkstation;
|
|||
|
ProcessType[ 1 ] = AllServer;
|
|||
|
|
|||
|
//
|
|||
|
// Make sure that there is something to do
|
|||
|
//
|
|||
|
if ( !Server && !AllWorkstation && !AllServer ) {
|
|||
|
|
|||
|
return( ERROR_INVALID_PARAMETER );
|
|||
|
}
|
|||
|
|
|||
|
if ( Dc && *Dc != L'\\' ) {
|
|||
|
|
|||
|
Win32Err = NetApiBufferAllocate( ( wcslen( Dc ) + 3 ) * sizeof( WCHAR ),
|
|||
|
( PVOID * )&FullDc );
|
|||
|
|
|||
|
if ( Win32Err == ERROR_SUCCESS ) {
|
|||
|
|
|||
|
swprintf( FullDc, L"\\\\%ws", Dc );
|
|||
|
}
|
|||
|
|
|||
|
} else {
|
|||
|
|
|||
|
FullDc = Dc;
|
|||
|
}
|
|||
|
|
|||
|
|
|||
|
|
|||
|
Win32Err = NetpManageIPCConnect( FullDc,
|
|||
|
DomainAuthInfo->User,
|
|||
|
DomainAuthInfo->Password,
|
|||
|
NETSETUPP_CONNECT_IPC );
|
|||
|
if ( Win32Err == ERROR_SUCCESS ) {
|
|||
|
|
|||
|
DcSession = FALSE;
|
|||
|
}
|
|||
|
|
|||
|
//
|
|||
|
// Get the trip time to the dc
|
|||
|
//
|
|||
|
if ( Win32Err == ERROR_SUCCESS ) {
|
|||
|
|
|||
|
Win32Err = NetDompGetTimeTripLength( Dc,
|
|||
|
&DcDelay );
|
|||
|
}
|
|||
|
|
|||
|
if ( Win32Err != ERROR_SUCCESS ) {
|
|||
|
|
|||
|
goto ResetTimeError;
|
|||
|
}
|
|||
|
|
|||
|
|
|||
|
NetDompDisplayMessage( MSG_TIME_VERIFY );
|
|||
|
|
|||
|
//
|
|||
|
// Reset the client, if needed
|
|||
|
//
|
|||
|
if ( Server ) {
|
|||
|
|
|||
|
Win32Err = NetDompVerifySingleClient( Server,
|
|||
|
Dc,
|
|||
|
ObjectAuthInfo,
|
|||
|
DcDelay,
|
|||
|
&InSync );
|
|||
|
if ( Win32Err == ERROR_SUCCESS && !InSync ) {
|
|||
|
|
|||
|
Win32Err = NetDompResetSingleClient( Server,
|
|||
|
Dc,
|
|||
|
ObjectAuthInfo,
|
|||
|
DcDelay );
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
//
|
|||
|
// Do all the workstations/servers, if required
|
|||
|
//
|
|||
|
for ( i = 0; i < sizeof( Types ) / sizeof( ULONG ); i++ ) {
|
|||
|
|
|||
|
if ( !ProcessType[ i ] ) {
|
|||
|
|
|||
|
continue;
|
|||
|
}
|
|||
|
|
|||
|
do {
|
|||
|
|
|||
|
Win32Err = NetUserEnum( FullDc,
|
|||
|
0,
|
|||
|
Types[ i ],
|
|||
|
( LPBYTE * )&UserList,
|
|||
|
MAX_PREFERRED_LENGTH,
|
|||
|
&Count,
|
|||
|
&TotalCount,
|
|||
|
&ResumeHandle );
|
|||
|
|
|||
|
if ( Win32Err == ERROR_SUCCESS || Win32Err == ERROR_MORE_DATA ) {
|
|||
|
|
|||
|
for ( j = 0; j < Count; j++ ) {
|
|||
|
|
|||
|
Lop = wcsrchr( UserList[ j ].usri0_name, L'$' );
|
|||
|
if ( Lop ) {
|
|||
|
|
|||
|
*Lop = UNICODE_NULL;
|
|||
|
}
|
|||
|
|
|||
|
Err2 = NetDompVerifySingleClient( UserList[ j ].usri0_name,
|
|||
|
Dc,
|
|||
|
ObjectAuthInfo,
|
|||
|
DcDelay,
|
|||
|
&InSync );
|
|||
|
|
|||
|
if ( Err2 == ERROR_SUCCESS && !InSync ) {
|
|||
|
|
|||
|
Err2 = NetDompResetSingleClient( UserList[ j ].usri0_name,
|
|||
|
Dc,
|
|||
|
ObjectAuthInfo,
|
|||
|
DcDelay );
|
|||
|
}
|
|||
|
}
|
|||
|
NetApiBufferFree( UserList );
|
|||
|
}
|
|||
|
|
|||
|
} while ( Win32Err == ERROR_MORE_DATA );
|
|||
|
|
|||
|
}
|
|||
|
|
|||
|
ResetTimeError:
|
|||
|
|
|||
|
if ( DcSession ) {
|
|||
|
|
|||
|
NetpManageIPCConnect( FullDc,
|
|||
|
DomainAuthInfo->User,
|
|||
|
DomainAuthInfo->Password,
|
|||
|
NETSETUPP_DISCONNECT_IPC );
|
|||
|
}
|
|||
|
|
|||
|
if ( FullDc != Dc ) {
|
|||
|
|
|||
|
NetApiBufferFree( FullDc );
|
|||
|
}
|
|||
|
|
|||
|
return( Win32Err );
|
|||
|
}
|
|||
|
|
|||
|
|
|||
|
DWORD
|
|||
|
NetDompHandleTime(ARG_RECORD * rgNetDomArgs)
|
|||
|
/*++
|
|||
|
|
|||
|
Routine Description:
|
|||
|
|
|||
|
This function will handle the NETDOM TIME requirements
|
|||
|
|
|||
|
Arguments:
|
|||
|
|
|||
|
Args - List of command line arguments
|
|||
|
|
|||
|
Return Value:
|
|||
|
|
|||
|
ERROR_INVALID_PARAMETER - No object name was supplied
|
|||
|
|
|||
|
--*/
|
|||
|
{
|
|||
|
DWORD Win32Err = ERROR_SUCCESS;
|
|||
|
PWSTR Domain = NULL, Dc = NULL;
|
|||
|
ND5_AUTH_INFO DomainUser, ObjectUser;
|
|||
|
ULONG i;
|
|||
|
|
|||
|
PWSTR Object = rgNetDomArgs[eObject].strValue;
|
|||
|
|
|||
|
if (!Object)
|
|||
|
{
|
|||
|
DisplayHelp(ePriTime);
|
|||
|
return( ERROR_INVALID_PARAMETER );
|
|||
|
}
|
|||
|
|
|||
|
RtlZeroMemory( &DomainUser, sizeof( ND5_AUTH_INFO ) );
|
|||
|
RtlZeroMemory( &ObjectUser, sizeof( ND5_AUTH_INFO ) );
|
|||
|
|
|||
|
//
|
|||
|
// Validate the args
|
|||
|
//
|
|||
|
Win32Err = NetDompValidateSecondaryArguments(rgNetDomArgs,
|
|||
|
eObject,
|
|||
|
eCommDomain,
|
|||
|
eCommUserNameO,
|
|||
|
eCommPasswordO,
|
|||
|
eCommUserNameD,
|
|||
|
eCommPasswordD,
|
|||
|
eQueryServer,
|
|||
|
eQueryWksta,
|
|||
|
eCommVerify,
|
|||
|
eCommReset,
|
|||
|
eCommVerbose,
|
|||
|
eArgEnd);
|
|||
|
if ( Win32Err != ERROR_SUCCESS ) {
|
|||
|
|
|||
|
DisplayHelp(ePriTime);
|
|||
|
goto HandleTimeExit;
|
|||
|
}
|
|||
|
|
|||
|
|
|||
|
//
|
|||
|
// Verify that we don't have too many arguments
|
|||
|
//
|
|||
|
if ( CmdFlagOn(rgNetDomArgs, eCommVerify) &&
|
|||
|
CmdFlagOn(rgNetDomArgs, eCommReset) ) {
|
|||
|
|
|||
|
NetDompDisplayUnexpectedParameter(rgNetDomArgs[eCommReset].strArg1);
|
|||
|
|
|||
|
Win32Err = ERROR_INVALID_PARAMETER;
|
|||
|
goto HandleTimeExit;
|
|||
|
}
|
|||
|
|
|||
|
//
|
|||
|
// Ok, make sure that we have a specified domain...
|
|||
|
//
|
|||
|
Win32Err = NetDompGetDomainForOperation(rgNetDomArgs,
|
|||
|
Object,
|
|||
|
TRUE,
|
|||
|
&Domain);
|
|||
|
|
|||
|
if ( Win32Err != ERROR_SUCCESS ) {
|
|||
|
|
|||
|
goto HandleTimeExit;
|
|||
|
}
|
|||
|
|
|||
|
//
|
|||
|
// Get the password and user if it exists
|
|||
|
//
|
|||
|
if ( CmdFlagOn(rgNetDomArgs, eCommUserNameD) ) {
|
|||
|
|
|||
|
Win32Err = NetDompGetUserAndPasswordForOperation(rgNetDomArgs,
|
|||
|
eCommUserNameD,
|
|||
|
Domain,
|
|||
|
&DomainUser);
|
|||
|
|
|||
|
if ( Win32Err != ERROR_SUCCESS ) {
|
|||
|
|
|||
|
goto HandleTimeExit;
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
if ( CmdFlagOn(rgNetDomArgs, eCommUserNameO) ) {
|
|||
|
|
|||
|
Win32Err = NetDompGetUserAndPasswordForOperation(rgNetDomArgs,
|
|||
|
eCommUserNameO,
|
|||
|
Object,
|
|||
|
&ObjectUser );
|
|||
|
|
|||
|
if ( Win32Err != ERROR_SUCCESS ) {
|
|||
|
|
|||
|
goto HandleTimeExit;
|
|||
|
}
|
|||
|
}
|
|||
|
|
|||
|
//
|
|||
|
// Get the name of a domain controller
|
|||
|
//
|
|||
|
Win32Err = NetDompTimeGetDc( Domain,
|
|||
|
Object,
|
|||
|
&ObjectUser,
|
|||
|
&Dc );
|
|||
|
|
|||
|
if ( Win32Err != ERROR_SUCCESS ) {
|
|||
|
|
|||
|
goto HandleTimeExit;
|
|||
|
}
|
|||
|
|
|||
|
//
|
|||
|
// Now, see what we are supposed to do
|
|||
|
//
|
|||
|
if ( CmdFlagOn(rgNetDomArgs, eCommVerify) ) {
|
|||
|
|
|||
|
Win32Err = NetDompVerifyTime( Domain,
|
|||
|
Object,
|
|||
|
&DomainUser,
|
|||
|
&ObjectUser,
|
|||
|
Dc,
|
|||
|
CmdFlagOn(rgNetDomArgs, eQueryWksta),
|
|||
|
CmdFlagOn(rgNetDomArgs, eQueryServer) );
|
|||
|
|
|||
|
}
|
|||
|
|
|||
|
if ( CmdFlagOn(rgNetDomArgs, eCommReset) ) {
|
|||
|
|
|||
|
Win32Err = NetDompResetTime( Domain,
|
|||
|
Object,
|
|||
|
&DomainUser,
|
|||
|
&ObjectUser,
|
|||
|
Dc,
|
|||
|
CmdFlagOn(rgNetDomArgs, eQueryWksta),
|
|||
|
CmdFlagOn(rgNetDomArgs, eQueryServer) );
|
|||
|
|
|||
|
}
|
|||
|
|
|||
|
|
|||
|
HandleTimeExit:
|
|||
|
|
|||
|
NetApiBufferFree( Domain );
|
|||
|
NetApiBufferFree( Dc );
|
|||
|
|
|||
|
NetDompFreeAuthIdent( &DomainUser );
|
|||
|
NetDompFreeAuthIdent( &ObjectUser );
|
|||
|
|
|||
|
if (NO_ERROR != Win32Err)
|
|||
|
{
|
|||
|
NetDompDisplayErrorMessage(Win32Err);
|
|||
|
}
|
|||
|
|
|||
|
return( Win32Err );
|
|||
|
}
|
|||
|
|
|||
|
|