/* --- PRIVATE FUNCTIONS ---------------------------------------------------- */ static void CallbackSdOwner( _In_ HANDLE hOutfile, _Inout_ PLDAP_RETRIEVED_DATA pLdapRetreivedData ) { BOOL bResult = FALSE; BOOL bDaclPresent = FALSE; BOOL bDaclDefaulted = FALSE; PACL pDacl = { 0 }; PSECURITY_DESCRIPTOR pSd = (PSECURITY_DESCRIPTOR)pLdapRetreivedData->ppbData[0]; if (!IsValidSecurityDescriptor(pSd)) { LOG(Err, _T("Invalid security descriptor")); return; } bResult = ControlWriteOwnerOutline(hOutfile, pSd, pLdapRetreivedData->tDN, CONTROL_AD_OWNER_KEYWORD); if (!bResult) { LOG(Err, _T("Cannot write owner control relation for <%s>"), pLdapRetreivedData->tDN); } bResult = GetSecurityDescriptorDacl(pSd, &bDaclPresent, &pDacl, &bDaclDefaulted); if (bResult == FALSE) { LOG(Err, _T("Failed to get DACL <%u>"), GetLastError()); return; } if (bDaclPresent == FALSE || pDacl == NULL) { LOG(Info, "Null or no DACL for element <%s>", pLdapRetreivedData->tDN); bResult = ControlWriteOutline(hOutfile, gs_ptSidEveryone, pLdapRetreivedData->tDN, CONTROL_AD_NULL_DACL_KEYWORD); if (bResult == FALSE) { LOG(Err, _T("Cannot write null-dacl control relation for <%s>"), pLdapRetreivedData->tDN); return; } } }
/* --- PRIVATE FUNCTIONS ---------------------------------------------------- */ static void CallbackGroupMember( _In_ CSV_HANDLE hOutfile, _In_ CSV_HANDLE hDenyOutfile, _Inout_ LPTSTR *tokens ) { BOOL bResult = FALSE; LPTSTR pMember = NULL; LPTSTR next = NULL; LPTSTR listMember = NULL; UNREFERENCED_PARAMETER(hDenyOutfile); if (STR_EMPTY(tokens[LdpListMember])) return; listMember = _tcsdup(tokens[LdpListMember]); pMember = _tcstok_s(listMember, _T(";"), &next); while (pMember) { bResult = ControlWriteOutline(hOutfile, pMember, tokens[LdpListDn], CONTROL_MEMBER_KEYWORD); if (!bResult) { LOG(Err, _T("Cannot write outline for <%s>"), tokens[LdpListDn]); } pMember = _tcstok_s(NULL, _T(";"), &next); } free(listMember); }
/* --- PRIVATE FUNCTIONS ---------------------------------------------------- */ static void CallbackExchRoleEntry( _In_ CSV_HANDLE hOutfile, _In_ CSV_HANDLE hDenyOutfile, _Inout_ LPTSTR *tokens ) { UNREFERENCED_PARAMETER(hDenyOutfile); BOOL bResult = FALSE; LPTSTR roleEntry = NULL; LPTSTR roleEntryName = NULL; LPTSTR listMsExchRoleEntries = NULL; LPTSTR nextEntry = NULL; LPTSTR nextEntryField = NULL; LPTSTR domainDN = NULL; LPTSTR dn = NULL; DWORD roleEntryIndex = 0; size_t eTSDNlen = 0; if (!exchangeTrustedSubsystemDN) { dn = _tcsdup(tokens[LdpListDn]); domainDN = _tcsstr(dn, _T("dc=")); eTSDNlen = _tcslen(ETS_PARTIAL_DN) + _tcslen(domainDN) + 1; exchangeTrustedSubsystemDN = HeapAlloc(GetProcessHeap(),HEAP_ZERO_MEMORY,eTSDNlen * sizeof(TCHAR)); if (!exchangeTrustedSubsystemDN) { LOG(Err, _T("Cannot allocate DN string")); } _tcsncat_s(exchangeTrustedSubsystemDN, eTSDNlen, ETS_PARTIAL_DN, _tcslen(ETS_PARTIAL_DN)); _tcsncat_s(exchangeTrustedSubsystemDN, eTSDNlen, domainDN, _tcslen(domainDN)); } // Do we have role entries if (STR_EMPTY(tokens[LdpListMsExchRoleEntries])) return; listMsExchRoleEntries = _tcsdup(tokens[LdpListMsExchRoleEntries]); CharLower(listMsExchRoleEntries); roleEntry = _tcstok_s(listMsExchRoleEntries, _T(";"), &nextEntry); while (roleEntry) { roleEntryName = _tcstok_s(roleEntry, _T(","), &nextEntryField); roleEntryName = _tcstok_s(NULL, _T(","), &nextEntryField); if (IsInSetOfStrings(roleEntryName, controlRoleEntryList, CONTROL_ROLE_ENTRY_COUNT, &roleEntryIndex)) { bResult = ControlWriteOutline(hOutfile, tokens[LdpListDn], exchangeTrustedSubsystemDN, gc_RoleEntryKeyword[roleEntryIndex]); if (!bResult) { LOG(Err, _T("Cannot write outline for <%s>"), tokens[LdpListDn]); } } nextEntryField = NULL; roleEntry = _tcstok_s(NULL, _T(";"), &nextEntry); } free(listMsExchRoleEntries); }
static void CallbackMakeAllNodes( _In_ CSV_HANDLE hOutfile, _In_ CSV_HANDLE hDenyOutfile, _In_ LPTSTR *tokens ) { BOOL bResult = FALSE; CACHE_OBJECT_BY_DN cacheEntry = { 0 }; PCACHE_OBJECT_BY_DN inserted = NULL; BOOL newElement = FALSE; DWORD i = 0; UNREFERENCED_PARAMETER(hDenyOutfile); if (STR_EMPTY(tokens[RelDnMaster]) || STR_EMPTY(tokens[RelDnSlave])) return; for (i = 0; i < 2; i++) { cacheEntry.dn = _tcsdup(tokens[i]); if (!cacheEntry.dn) FATAL(_T("Could not dup dn <%s>"), tokens[i]); cacheEntry.objectClass = _tcsdup(_T("unknown")); if (!cacheEntry.objectClass) FATAL(_T("Could not dup objectclass for dn <%s>"), tokens[i]); CacheEntryInsert( ppCache, (PVOID)&cacheEntry, sizeof(CACHE_OBJECT_BY_DN), &inserted, &newElement ); if (!inserted) { LOG(Err, _T("cannot insert new object-by-dn cache entry <%s>"), tokens[i]); } else if (!newElement) { LOG(Dbg, _T("object-by-dn cache entry is not new <%s>"), tokens[i]); free(cacheEntry.dn); free(cacheEntry.objectClass); } else { LOG(Dbg, _T("successfully inserted new object-by-dn entry for <%d>, writing to file"), tokens[i]); bResult = ControlWriteOutline(hOutfile, cacheEntry.dn, cacheEntry.objectClass, CONTROL_ALLNODES_KEYWORD); } } }
/* --- PRIVATE FUNCTIONS ---------------------------------------------------- */ static void CallbackSidHistory( _In_ HANDLE hOutfile, _Inout_ PLDAP_RETRIEVED_DATA pLdapRetreivedData ) { BOOL bResult = FALSE; PTCHAR ptDnSidHistory = NULL; for (DWORD i = 0; i < pLdapRetreivedData->dwElementCount; i++) { bResult = LdapResolveRawSid((PSID)pLdapRetreivedData->ppbData[i], &ptDnSidHistory); if (!bResult) { LOG(Warn, SUB_LOG(_T("%u: invalid sid history")), i); continue; } bResult = ControlWriteOutline(hOutfile, pLdapRetreivedData->tDN, ptDnSidHistory, CONTROL_SIDHIST_KEYWORD); if (!bResult) { LOG(Err, _T("Cannot write outline for <%s>"), pLdapRetreivedData->tDN); } free(ptDnSidHistory); } }
/* --- PRIVATE FUNCTIONS ---------------------------------------------------- */ static void CallbackBuildDnCache( _In_ CSV_HANDLE hOutfile, _In_ CSV_HANDLE hDenyOutfile, _In_ LPTSTR *tokens ) { BOOL bResult = FALSE; CACHE_OBJECT_BY_DN cacheEntry = { 0 }; CACHE_OBJECT_BY_DN mailCacheEntry = { 0 }; PCACHE_OBJECT_BY_DN inserted = NULL; BOOL newElement = FALSE; LPTSTR objectClass = NULL; UNREFERENCED_PARAMETER(hDenyOutfile); if (STR_EMPTY(tokens[LdpListDn]) || STR_EMPTY(tokens[LdpListObjectClass])) return; cacheEntry.dn = _tcsdup(tokens[LdpListDn]); if (!cacheEntry.dn) FATAL(_T("Could not dup dn <%s>"), tokens[LdpListDn]); cacheEntry.objectClass = _tcsdup(tokens[LdpListObjectClass]); if (!cacheEntry.objectClass) FATAL(_T("Could not dup objectClass <%s>"), tokens[LdpListObjectClass]); CacheEntryInsert( ppCache, (PVOID)&cacheEntry, sizeof(CACHE_OBJECT_BY_DN), &inserted, &newElement ); if (!inserted) { LOG(Err, _T("cannot insert new object-by-dn cache entry <%s>"), tokens[LdpListDn]); } else if (!newElement) { LOG(Dbg, _T("object-by-dn cache entry is not new <%s>"), tokens[LdpListDn]); free(cacheEntry.dn); free(cacheEntry.objectClass); } else { objectClass = _tcsrchr(tokens[LdpListObjectClass], _T(';')) + 1; bResult = ControlWriteOutline(hOutfile, tokens[LdpListDn], objectClass, CONTROL_ALLNODES_KEYWORD); if (!bResult) LOG(Err, _T("Cannot write outline for <%s>"), tokens[LdpListDn]); } // Writing Mail attributes as object of type email if (STR_EMPTY(tokens[LdpListMail])) return; mailCacheEntry.dn = _tcsdup(tokens[LdpListMail]); if (!mailCacheEntry.dn) FATAL(_T("Could not dup dn <%s>"), tokens[LdpListMail]); mailCacheEntry.objectClass = _tcsdup(_T("email")); if (!mailCacheEntry.objectClass) FATAL(_T("Could not dup objectClass <%s>"), _T("email")); CacheEntryInsert( ppCache, (PVOID)&mailCacheEntry, sizeof(CACHE_OBJECT_BY_DN), &inserted, &newElement ); if (!inserted) { LOG(Err, _T("cannot insert new object-by-dn cache entry <%s>"), tokens[LdpListMail]); } else if (!newElement) { LOG(Dbg, _T("object-by-dn cache entry is not new <%s>"), tokens[LdpListMail]); free(mailCacheEntry.dn); free(mailCacheEntry.objectClass); } else { bResult = ControlWriteOutline(hOutfile, tokens[LdpListMail], _T("email"), CONTROL_ALLNODES_KEYWORD); if (!bResult) LOG(Err, _T("Cannot write outline for <%s>"), tokens[LdpListMail]); } }