/* --- PRIVATE FUNCTIONS ---------------------------------------------------- */
static void CallbackSdOwner(
_In_ HANDLE hOutfile,
_Inout_ PLDAP_RETRIEVED_DATA pLdapRetreivedData
) {
BOOL bResult = FALSE;
BOOL bDaclPresent = FALSE;
BOOL bDaclDefaulted = FALSE;
PACL pDacl = { 0 };
PSECURITY_DESCRIPTOR pSd = (PSECURITY_DESCRIPTOR)pLdapRetreivedData->ppbData[0];
if (!IsValidSecurityDescriptor(pSd)) {
LOG(Err, _T("Invalid security descriptor"));
return;
}
bResult = ControlWriteOwnerOutline(hOutfile, pSd, pLdapRetreivedData->tDN, CONTROL_AD_OWNER_KEYWORD);
if (!bResult) {
LOG(Err, _T("Cannot write owner control relation for <%s>"), pLdapRetreivedData->tDN);
}
bResult = GetSecurityDescriptorDacl(pSd, &bDaclPresent, &pDacl, &bDaclDefaulted);
if (bResult == FALSE) {
LOG(Err, _T("Failed to get DACL <%u>"), GetLastError());
return;
}
if (bDaclPresent == FALSE || pDacl == NULL) {
LOG(Info, "Null or no DACL for element <%s>", pLdapRetreivedData->tDN);
bResult = ControlWriteOutline(hOutfile, gs_ptSidEveryone, pLdapRetreivedData->tDN, CONTROL_AD_NULL_DACL_KEYWORD);
if (bResult == FALSE) {
LOG(Err, _T("Cannot write null-dacl control relation for <%s>"), pLdapRetreivedData->tDN);
return;
}
}
}
/* --- PRIVATE FUNCTIONS ---------------------------------------------------- */
static void CallbackGroupMember(
_In_ CSV_HANDLE hOutfile,
_In_ CSV_HANDLE hDenyOutfile,
_Inout_ LPTSTR *tokens
) {
BOOL bResult = FALSE;
LPTSTR pMember = NULL;
LPTSTR next = NULL;
LPTSTR listMember = NULL;
UNREFERENCED_PARAMETER(hDenyOutfile);
if (STR_EMPTY(tokens[LdpListMember]))
return;
listMember = _tcsdup(tokens[LdpListMember]);
pMember = _tcstok_s(listMember, _T(";"), &next);
while (pMember) {
bResult = ControlWriteOutline(hOutfile, pMember, tokens[LdpListDn], CONTROL_MEMBER_KEYWORD);
if (!bResult) {
LOG(Err, _T("Cannot write outline for <%s>"), tokens[LdpListDn]);
}
pMember = _tcstok_s(NULL, _T(";"), &next);
}
free(listMember);
}
/* --- PRIVATE FUNCTIONS ---------------------------------------------------- */
static void CallbackExchRoleEntry(
_In_ CSV_HANDLE hOutfile,
_In_ CSV_HANDLE hDenyOutfile,
_Inout_ LPTSTR *tokens
) {
UNREFERENCED_PARAMETER(hDenyOutfile);
BOOL bResult = FALSE;
LPTSTR roleEntry = NULL;
LPTSTR roleEntryName = NULL;
LPTSTR listMsExchRoleEntries = NULL;
LPTSTR nextEntry = NULL;
LPTSTR nextEntryField = NULL;
LPTSTR domainDN = NULL;
LPTSTR dn = NULL;
DWORD roleEntryIndex = 0;
size_t eTSDNlen = 0;
if (!exchangeTrustedSubsystemDN) {
dn = _tcsdup(tokens[LdpListDn]);
domainDN = _tcsstr(dn, _T("dc="));
eTSDNlen = _tcslen(ETS_PARTIAL_DN) + _tcslen(domainDN) + 1;
exchangeTrustedSubsystemDN = HeapAlloc(GetProcessHeap(),HEAP_ZERO_MEMORY,eTSDNlen * sizeof(TCHAR));
if (!exchangeTrustedSubsystemDN) {
LOG(Err, _T("Cannot allocate DN string"));
}
_tcsncat_s(exchangeTrustedSubsystemDN, eTSDNlen, ETS_PARTIAL_DN, _tcslen(ETS_PARTIAL_DN));
_tcsncat_s(exchangeTrustedSubsystemDN, eTSDNlen, domainDN, _tcslen(domainDN));
}
// Do we have role entries
if (STR_EMPTY(tokens[LdpListMsExchRoleEntries]))
return;
listMsExchRoleEntries = _tcsdup(tokens[LdpListMsExchRoleEntries]);
CharLower(listMsExchRoleEntries);
roleEntry = _tcstok_s(listMsExchRoleEntries, _T(";"), &nextEntry);
while (roleEntry) {
roleEntryName = _tcstok_s(roleEntry, _T(","), &nextEntryField);
roleEntryName = _tcstok_s(NULL, _T(","), &nextEntryField);
if (IsInSetOfStrings(roleEntryName, controlRoleEntryList, CONTROL_ROLE_ENTRY_COUNT, &roleEntryIndex)) {
bResult = ControlWriteOutline(hOutfile, tokens[LdpListDn], exchangeTrustedSubsystemDN, gc_RoleEntryKeyword[roleEntryIndex]);
if (!bResult) {
LOG(Err, _T("Cannot write outline for <%s>"), tokens[LdpListDn]);
}
}
nextEntryField = NULL;
roleEntry = _tcstok_s(NULL, _T(";"), &nextEntry);
}
free(listMsExchRoleEntries);
}
static void CallbackMakeAllNodes(
_In_ CSV_HANDLE hOutfile,
_In_ CSV_HANDLE hDenyOutfile,
_In_ LPTSTR *tokens
) {
BOOL bResult = FALSE;
CACHE_OBJECT_BY_DN cacheEntry = { 0 };
PCACHE_OBJECT_BY_DN inserted = NULL;
BOOL newElement = FALSE;
DWORD i = 0;
UNREFERENCED_PARAMETER(hDenyOutfile);
if (STR_EMPTY(tokens[RelDnMaster]) || STR_EMPTY(tokens[RelDnSlave]))
return;
for (i = 0; i < 2; i++) {
cacheEntry.dn = _tcsdup(tokens[i]);
if (!cacheEntry.dn)
FATAL(_T("Could not dup dn <%s>"), tokens[i]);
cacheEntry.objectClass = _tcsdup(_T("unknown"));
if (!cacheEntry.objectClass)
FATAL(_T("Could not dup objectclass for dn <%s>"), tokens[i]);
CacheEntryInsert(
ppCache,
(PVOID)&cacheEntry,
sizeof(CACHE_OBJECT_BY_DN),
&inserted,
&newElement
);
if (!inserted) {
LOG(Err, _T("cannot insert new object-by-dn cache entry <%s>"), tokens[i]);
}
else if (!newElement) {
LOG(Dbg, _T("object-by-dn cache entry is not new <%s>"), tokens[i]);
free(cacheEntry.dn);
free(cacheEntry.objectClass);
}
else {
LOG(Dbg, _T("successfully inserted new object-by-dn entry for <%d>, writing to file"), tokens[i]);
bResult = ControlWriteOutline(hOutfile, cacheEntry.dn, cacheEntry.objectClass, CONTROL_ALLNODES_KEYWORD);
}
}
}
/* --- PRIVATE FUNCTIONS ---------------------------------------------------- */
static void CallbackSidHistory(
_In_ HANDLE hOutfile,
_Inout_ PLDAP_RETRIEVED_DATA pLdapRetreivedData
) {
BOOL bResult = FALSE;
PTCHAR ptDnSidHistory = NULL;
for (DWORD i = 0; i < pLdapRetreivedData->dwElementCount; i++) {
bResult = LdapResolveRawSid((PSID)pLdapRetreivedData->ppbData[i], &ptDnSidHistory);
if (!bResult) {
LOG(Warn, SUB_LOG(_T("%u: invalid sid history")), i);
continue;
}
bResult = ControlWriteOutline(hOutfile, pLdapRetreivedData->tDN, ptDnSidHistory, CONTROL_SIDHIST_KEYWORD);
if (!bResult) {
LOG(Err, _T("Cannot write outline for <%s>"), pLdapRetreivedData->tDN);
}
free(ptDnSidHistory);
}
}
/* --- PRIVATE FUNCTIONS ---------------------------------------------------- */
static void CallbackBuildDnCache(
_In_ CSV_HANDLE hOutfile,
_In_ CSV_HANDLE hDenyOutfile,
_In_ LPTSTR *tokens
) {
BOOL bResult = FALSE;
CACHE_OBJECT_BY_DN cacheEntry = { 0 };
CACHE_OBJECT_BY_DN mailCacheEntry = { 0 };
PCACHE_OBJECT_BY_DN inserted = NULL;
BOOL newElement = FALSE;
LPTSTR objectClass = NULL;
UNREFERENCED_PARAMETER(hDenyOutfile);
if (STR_EMPTY(tokens[LdpListDn]) || STR_EMPTY(tokens[LdpListObjectClass]))
return;
cacheEntry.dn = _tcsdup(tokens[LdpListDn]);
if (!cacheEntry.dn)
FATAL(_T("Could not dup dn <%s>"), tokens[LdpListDn]);
cacheEntry.objectClass = _tcsdup(tokens[LdpListObjectClass]);
if (!cacheEntry.objectClass)
FATAL(_T("Could not dup objectClass <%s>"), tokens[LdpListObjectClass]);
CacheEntryInsert(
ppCache,
(PVOID)&cacheEntry,
sizeof(CACHE_OBJECT_BY_DN),
&inserted,
&newElement
);
if (!inserted) {
LOG(Err, _T("cannot insert new object-by-dn cache entry <%s>"), tokens[LdpListDn]);
}
else if (!newElement) {
LOG(Dbg, _T("object-by-dn cache entry is not new <%s>"), tokens[LdpListDn]);
free(cacheEntry.dn);
free(cacheEntry.objectClass);
}
else {
objectClass = _tcsrchr(tokens[LdpListObjectClass], _T(';')) + 1;
bResult = ControlWriteOutline(hOutfile, tokens[LdpListDn], objectClass, CONTROL_ALLNODES_KEYWORD);
if (!bResult)
LOG(Err, _T("Cannot write outline for <%s>"), tokens[LdpListDn]);
}
// Writing Mail attributes as object of type email
if (STR_EMPTY(tokens[LdpListMail]))
return;
mailCacheEntry.dn = _tcsdup(tokens[LdpListMail]);
if (!mailCacheEntry.dn)
FATAL(_T("Could not dup dn <%s>"), tokens[LdpListMail]);
mailCacheEntry.objectClass = _tcsdup(_T("email"));
if (!mailCacheEntry.objectClass)
FATAL(_T("Could not dup objectClass <%s>"), _T("email"));
CacheEntryInsert(
ppCache,
(PVOID)&mailCacheEntry,
sizeof(CACHE_OBJECT_BY_DN),
&inserted,
&newElement
);
if (!inserted) {
LOG(Err, _T("cannot insert new object-by-dn cache entry <%s>"), tokens[LdpListMail]);
}
else if (!newElement) {
LOG(Dbg, _T("object-by-dn cache entry is not new <%s>"), tokens[LdpListMail]);
free(mailCacheEntry.dn);
free(mailCacheEntry.objectClass);
}
else {
bResult = ControlWriteOutline(hOutfile, tokens[LdpListMail], _T("email"), CONTROL_ALLNODES_KEYWORD);
if (!bResult)
LOG(Err, _T("Cannot write outline for <%s>"), tokens[LdpListMail]);
}
}
