4.1.4.2.9 CrackNames
-
procedure CrackNames(DRS_MSG_CRACKREQ_V1 msgIn, DS_NAME_RESULTW *pmsgOut): ULONG
The CrackNames method implements the core functionality of IDL_DRSCrackNames, that is, looking up directory object names that are provided in one format (for example, SPNs) and returning them in a different format (for example, DNs).
-
i: DWORD rt: set of DSName serverObj, siteObj, attr, class, er: DSName guid: GUID if msgIn.formatOffered in { all constants in DS_NAME_FORMAT enumeration, DS_NT4_ACCOUNT_NAME_SANS_DOMAIN, DS_NT4_ACCOUNT_NAME_SANS_DOMAIN_EX, DS_ALT_SECURITY_IDENTITIES_NAME, DS_STRING_SID_NAME, DS_USER_PRINCIPAL_NAME_AND_ALTSECID} then /* Regular name lookup. */ for i := 0 to msgIn.cNames - 1 /* Perform the lookup based on the input format. */ msgOut^.rItems[i] := LookupName( msgIn.dwFlags, msgIn.formatOffered, msgIn.formatDesired, msgIn.rpNames[i]) endfor msgOut^.cItems = msgIn.cNames else if msgIn.formatOffered = DS_LIST_ROLES then /* Return the list of FSMO role owners. */ i := 0 foreach role in {FSMO_SCHEMA, FSMO_DOMAIN_NAMING, FSMO_PDC, FSMO_RID, FSMO_INFRASTRUCTURE} msgOut^.rItems[i].pName := GetFSMORoleOwner(role).dn msgOut^.rItems[i].status := DS_NAME_NO_ERROR i := i + 1 endfor msgOut^.cItems := i else if msgIn.formatOffered = DS_LIST_SITES then /* Return the list of known sites. */ rt := select all o from children DescendantObject(ConfigNC(),"CN=Sites,") where o!objectCategory = GetDefaultObjectCategory(site) i := 0 foreach siteObj in rt msgOut^.rItems[i].pName := siteObj.dn msgOut^.rItems[i].status := DS_NAME_NO_ERROR i := i + 1 endfor msgOut^.cItems := i else if msgIn.formatOffered = DS_LIST_SERVERS_IN_SITE then /* Return all DCs in a site named msgIn.rpNames[0]. */ rt := select all o from subtree msgIn.rpNames[0] where o!objectCategory = GetDefaultObjectCategory(server) i := 0 foreach serverObj in rt msgOut^.rItems[i].pName := serverObj.dn msgOut^.rItems[i].status := DS_NAME_NO_ERROR i := i + 1 endfor msgOut^.cItems := i else if msgIn.formatOffered = DS_LIST_DOMAINS then /* Return all known AD domains. */ rt := select all o from subtree DescendantObject(ConfigNC(), "CN=Partitions,") where o!objectCategory = GetDefaultObjectCategory(crossRef) and FLAG_CR_NTDS_DOMAIN in o!systemFlags i := 0 foreach crObj in rt msgOut^.rItems[i].pName := crObj!ncName.dn msgOut^.rItems[i].status := DS_NAME_NO_ERROR i := i + 1 endfor msgOut^.cItems := i else if msgIn.formatOffered = DS_LIST_NCS then /* Return all known NCs. */ rt := select all o from subtree DescendantObject(ConfigNC(), "CN=Partitions,") where o!objectCategory = GetDefaultObjectCategory(crossRef) i := 0 foreach crObj in rt msgOut^.rItems[i].pName := crObj!ncName.dn msgOut^.rItems[i].status := DS_NAME_NO_ERROR i := i + 1 endfor msgOut^.cItems := i else if msgIn.formatOffered = DS_LIST_DOMAINS_IN_SITE then /* Return the list of domains that are hosted by DCs in a site * named msgIn.rpNames[0]. */ /* First find all DCs in a site named msgIn.rpNames[0]. */ rt := select all o from subtree msgIn.rpNames[0] where o!objectCategory = GetDefaultObjectCategory(nTDSDSA) /* Gather the list of all domains from DSA object. */ hostedDomains := null foreach dsaObj in rt /* Union operation eliminates duplicates. */ hostedDomains := hostedDomains + dsaObj!hasMasterNCs endfor i := 0 foreach domain in hostedDomains if domain ≠ SchemaNC() and domain ≠ ConfigNC() then msgOut^.rItems[i].pName := domain.dn msgOut^.rItems[i].status := DS_NAME_NO_ERROR i := i + 1 endif endfor msgOut^.cItems := i else if msgIn.formatOffered = DS_LIST_SERVERS_FOR_DOMAIN_IN_SITE then /* Return all DSAs hosting domain msgIn.rpNames[0] in a site named * msgIn.rpNames[1]. */ rt := select all o from subtree msgIn.rpNames[1] where o!objectCategory = GetDefaultObjectCategory(nTDSDSA) and msgIn.rpNames[0] in o!msDS-hasMasterNCs /* Return the list of server objects (parents of DSAs). */ i := 0 foreach dsaObj in rt serverObj := select one o from subtree ConfigNC() where o!objectGUID = dsaObj!parent msgOut^.rItems[i].pName := serverObj.dn msgOut^.rItems[i].status := DS_NAME_NO_ERROR i := i + 1 endfor msgOut^.cItems := i else if msgIn.formatOffered = DS_LIST_SERVERS_WITH_DCS_IN_SITE then /* Return all servers that have DSA objects in a site named * msgIn.rpNames[0]. */ rt := select all o from subtree msgIn.rpNames[0] where o!objectCategory = GetDefaultObjectCategory(nTDSDSA) and o!hasMasterNCs ≠ null /* Return the list of server objects (parents of DSAs). */ i := 0 foreach dsaObj in rt serverObj := select one o from subtree ConfigNC() where o!objectGUID = dsaObj!parent msgOut^.rItems[i].pName := serverObj.dn msgOut^.rItems[i].status := DS_NAME_NO_ERROR i := i + 1 endfor msgOut^.cItems := i else if msgIn.formatOffered = DS_LIST_INFO_FOR_SERVER then /* Returns the DSA object, the dnsHostName and the serverReference * for the server specified by msgIn.rpNames[0]. */ serverObj := GetDSNameFromDN(msgIn.rpNames[0]) dsaObj := select one o from subtree msgIn.rpNames[0] where o!objectCategory = GetDefaultObjectCategory(nTDSDSA) if dsaObj ≠ null then /* Ok, looks like a valid server object. */ msgOut^.rItems[0].pName := dsaObj.dn msgOut^.rItems[0].status := DS_NAME_NO_ERROR msgOut^.rItems[1].pName := serverObj!dnsHostName msgOut^.rItems[1].status := DS_NAME_NO_ERROR msgOut^.rItems[2].pName := serverObj!serverReference msgOut^.rItems[2].status := DS_NAME_NO_ERROR msgOut^.cItems := 3 endif else if msgIn.formatOffered = DS_LIST_GLOBAL_CATALOG_SERVERS then /* Returns the list of GC servers, including the info which site * each GC belongs to. */ rt := select all o from subtree ConfigNC() where O!objectCategory = GetDefaultObjectCategory(nTDSDSA) and NTDSDSA_OPT_IS_GC in o!options and o!invocationId ≠ null i := 0 foreach dsaObj in rt /* server object is the parent of the DSA object. */ serverObj := select one o from subtree ConfigNC() where o!objectGUID = dsaObj!parent /* Site object is the parent of the server object. */ siteObj := select one o from subtree ConfigNC() where o!objectGUID = serverObj!parent msgOut^.rItems[i].pDomain := serverObj!dnsHostName msgOut^.rItems[i].pName := leftmost RDN of siteObj.dn msgOut^.rItems[i].status := DS_NAME_NO_ERROR i := i+1 endfor msgOut.cItems := i else if msgIn.formatOffered = DS_MAP_SCHEMA_GUID then for i := 0 to msgIn.cNames - 1 /* Map a guid contained in msgIn.rpNames[i] to attribute or class * or propertySet.*/ /* Assume no match by default. */ msgOut^.rItems[i].status := DS_NAME_ERROR_SCHEMA_GUID_NOT_FOUND /* Validate the string guid contained in msgIn.rpNames[i] */ guid := GuidFromString(true, msgIn.rpNames[i]) if guid ≠ null then /* First, try to find a matching attribute. */ attr := select one o from subtree SchemaNC() where attributeSchema in o!objectClass and o!schemaIdGuid = msgIn.rpNames[i] if attr ≠ null /* Found a matching attribute object. */ msgOut^.rItems[i].pName := attr!lDAPDisplayName msgOut^.rItems[i].status := DS_NAME_ERROR_SCHEMA_GUID_ATTR else /* Next, try to find a matching class. */ class := select one o from subtree SchemaNC() where classSchema in o!objectClass o!schemaIdGuid = msgIn.rpNames[i] if class ≠ null /* Found a matching class object. */ msgOut^.rItems[i].pName := class!lDAPDisplayName msgOut^.rItems[i].status := DS_NAME_ERROR_SCHEMA_GUID_CLASS else /* Finally, try to find a matching extendedRight object. */ er := select one o from subtree DescendantObject(ConfigNC(), "CN=Extended-Rights,") where extendedRight in o!objectClass and o!rightsGuid = msgIn.rpNames[i] if er ≠ null /* Found a matching extendedRight object */ if RIGHT_DS_READ_PROPERTY in er!validAccesses or RIGHT_DS_WRITE_PROPERTY in er!validAccesses then msgOut^.rItems[i].pName := er!displayName msgOut^.rItems[i].status := DS_NAME_ERROR_SCHEMA_GUID_ATTR_SET else if RIGHT_DS_CONTROL_ACCESS in er!validAccesses or RIGHT_DS_WRITE_PROPERTY_EXTENDED in er!validAccesses then msgOut^.rItems[i].pName := er!displayName msgOut^.rItems[i].status := DS_NAME_ERROR_SCHEMA_GUID_CONTROL_RIGHT endif endif endif endif endif endfor msgOut^.cItems := msgIn.cNames endif return ERROR_SUCCESS