4.1.4.2.9 CrackNames

 procedure CrackNames(DRS_MSG_CRACKREQ_V1 msgIn, DS_NAME_RESULTW *pmsgOut): ULONG

The CrackNames method implements the core functionality of IDL_DRSCrackNames, that is, looking up directory object names that are provided in one format (for example, SPNs) and returning them in a different format (for example, DNs).

  
 i: DWORD
 rt: set of DSName
 serverObj, siteObj, attr, class, er: DSName
 guid: GUID
  
 if msgIn.formatOffered in {
     all constants in DS_NAME_FORMAT enumeration,
     DS_NT4_ACCOUNT_NAME_SANS_DOMAIN,
     DS_NT4_ACCOUNT_NAME_SANS_DOMAIN_EX,
     DS_ALT_SECURITY_IDENTITIES_NAME,
     DS_STRING_SID_NAME,
     DS_USER_PRINCIPAL_NAME_AND_ALTSECID} then
   /* Regular name lookup. */
   for i := 0 to msgIn.cNames - 1
     /* Perform the lookup based on the input format. */
     msgOut^.rItems[i] := LookupName(
              msgIn.dwFlags, msgIn.formatOffered, msgIn.formatDesired,
              msgIn.rpNames[i])
   endfor
   msgOut^.cItems = msgIn.cNames
 else if msgIn.formatOffered = DS_LIST_ROLES then
   /* Return the list of FSMO role owners. */
   i := 0
   foreach role in {FSMO_SCHEMA, FSMO_DOMAIN_NAMING, FSMO_PDC,
                    FSMO_RID, FSMO_INFRASTRUCTURE}
     msgOut^.rItems[i].pName := GetFSMORoleOwner(role).dn
     msgOut^.rItems[i].status := DS_NAME_NO_ERROR
     i := i + 1
   endfor
   msgOut^.cItems := i
 else if msgIn.formatOffered = DS_LIST_SITES then
   /* Return the list of known sites. */
   rt := select all o from children
         DescendantObject(ConfigNC(),"CN=Sites,")
         where o!objectCategory = GetDefaultObjectCategory(site)
   i := 0
   foreach siteObj in rt
     msgOut^.rItems[i].pName := siteObj.dn
     msgOut^.rItems[i].status := DS_NAME_NO_ERROR
     i := i + 1
   endfor
   msgOut^.cItems := i
 else if msgIn.formatOffered = DS_LIST_SERVERS_IN_SITE then
   /* Return all DCs in a site named msgIn.rpNames[0]. */
   rt := select all o from subtree msgIn.rpNames[0]
       where o!objectCategory = GetDefaultObjectCategory(server)
   i := 0
   foreach serverObj in rt
     msgOut^.rItems[i].pName := serverObj.dn
     msgOut^.rItems[i].status := DS_NAME_NO_ERROR
     i := i + 1
   endfor
   msgOut^.cItems := i
 else if msgIn.formatOffered = DS_LIST_DOMAINS then
   /* Return all known AD domains. */
   rt := select all o from 
       subtree DescendantObject(ConfigNC(), "CN=Partitions,")
         where o!objectCategory = GetDefaultObjectCategory(crossRef)
         and FLAG_CR_NTDS_DOMAIN in o!systemFlags
   i := 0
   foreach crObj in rt
     msgOut^.rItems[i].pName := crObj!ncName.dn
     msgOut^.rItems[i].status := DS_NAME_NO_ERROR
     i := i + 1
   endfor
   msgOut^.cItems := i
 else if msgIn.formatOffered = DS_LIST_NCS then
   /* Return all known NCs. */
   rt := select all o from 
       subtree DescendantObject(ConfigNC(), "CN=Partitions,")
         where o!objectCategory = GetDefaultObjectCategory(crossRef)
   i := 0
   foreach crObj in rt
     msgOut^.rItems[i].pName := crObj!ncName.dn
     msgOut^.rItems[i].status := DS_NAME_NO_ERROR
     i := i + 1
   endfor
   msgOut^.cItems := i
 else if msgIn.formatOffered = DS_LIST_DOMAINS_IN_SITE then
   /* Return the list of domains that are hosted by DCs in a site
    * named msgIn.rpNames[0]. */
   /* First find all DCs in a site named msgIn.rpNames[0]. */
   rt := select all o from subtree msgIn.rpNames[0]
       where o!objectCategory = GetDefaultObjectCategory(nTDSDSA)
   /* Gather the list of all domains from DSA object. */
   hostedDomains := null
   foreach dsaObj in rt
     /* Union operation eliminates duplicates. */
     hostedDomains := hostedDomains + dsaObj!hasMasterNCs
   endfor
   i := 0
   foreach domain in hostedDomains
     if domain ≠ SchemaNC() and domain ≠ ConfigNC() then
       msgOut^.rItems[i].pName := domain.dn
       msgOut^.rItems[i].status := DS_NAME_NO_ERROR
       i := i + 1
     endif
   endfor
   msgOut^.cItems := i
 else if msgIn.formatOffered = DS_LIST_SERVERS_FOR_DOMAIN_IN_SITE then
   /* Return all DSAs hosting domain msgIn.rpNames[0] in a site named
    * msgIn.rpNames[1]. */
   rt := select all o from subtree msgIn.rpNames[1]
       where o!objectCategory = GetDefaultObjectCategory(nTDSDSA) 
         and msgIn.rpNames[0] in o!msDS-hasMasterNCs
   /* Return the list of server objects (parents of DSAs). */
   i := 0
   foreach dsaObj in rt
     serverObj := select one o from subtree ConfigNC() where
         o!objectGUID = dsaObj!parent
     msgOut^.rItems[i].pName := serverObj.dn
     msgOut^.rItems[i].status := DS_NAME_NO_ERROR
     i := i + 1
   endfor
   msgOut^.cItems := i
 else if msgIn.formatOffered = DS_LIST_SERVERS_WITH_DCS_IN_SITE then
   /* Return all servers that have DSA objects in a site named
    * msgIn.rpNames[0]. */
   rt := select all o from subtree msgIn.rpNames[0]
       where o!objectCategory = GetDefaultObjectCategory(nTDSDSA)
         and o!hasMasterNCs ≠ null
   /* Return the list of server objects (parents of DSAs). */
   i := 0
   foreach dsaObj in rt
     serverObj := select one o from subtree ConfigNC() where
         o!objectGUID = dsaObj!parent
     msgOut^.rItems[i].pName := serverObj.dn
     msgOut^.rItems[i].status := DS_NAME_NO_ERROR
     i := i + 1
   endfor
   msgOut^.cItems := i
 else if msgIn.formatOffered = DS_LIST_INFO_FOR_SERVER then
   /* Returns the DSA object, the dnsHostName and the serverReference
    * for the server specified by msgIn.rpNames[0]. */
   serverObj := GetDSNameFromDN(msgIn.rpNames[0])
   dsaObj := select one o from subtree msgIn.rpNames[0]
       where o!objectCategory = GetDefaultObjectCategory(nTDSDSA)
   if dsaObj ≠ null then
     /* Ok, looks like a valid server object. */
     msgOut^.rItems[0].pName := dsaObj.dn
     msgOut^.rItems[0].status := DS_NAME_NO_ERROR
     msgOut^.rItems[1].pName := serverObj!dnsHostName
     msgOut^.rItems[1].status := DS_NAME_NO_ERROR
     msgOut^.rItems[2].pName := serverObj!serverReference
     msgOut^.rItems[2].status := DS_NAME_NO_ERROR
     msgOut^.cItems := 3
   endif
 else if msgIn.formatOffered = DS_LIST_GLOBAL_CATALOG_SERVERS then
   /* Returns the list of GC servers, including the info which site
    * each GC belongs to. */
   rt := select all o from subtree ConfigNC()
       where O!objectCategory = GetDefaultObjectCategory(nTDSDSA)
         and NTDSDSA_OPT_IS_GC in o!options and o!invocationId ≠ null
   i := 0
   foreach dsaObj in rt
     /* server object is the parent of the DSA object. */
     serverObj := select one o from subtree ConfigNC() where
         o!objectGUID = dsaObj!parent
     /* Site object is the parent of the server object. */
     siteObj := select one o from subtree ConfigNC() where
         o!objectGUID = serverObj!parent
     msgOut^.rItems[i].pDomain := serverObj!dnsHostName
     msgOut^.rItems[i].pName := leftmost RDN of siteObj.dn
     msgOut^.rItems[i].status := DS_NAME_NO_ERROR
     i := i+1
   endfor
   msgOut.cItems := i
 else if msgIn.formatOffered = DS_MAP_SCHEMA_GUID then
   for i := 0 to msgIn.cNames - 1
     /* Map a guid contained in msgIn.rpNames[i] to attribute or class
      * or propertySet.*/
     /* Assume no match by default. */
     msgOut^.rItems[i].status := DS_NAME_ERROR_SCHEMA_GUID_NOT_FOUND
     
     /* Validate the string guid contained in msgIn.rpNames[i] */
     guid := GuidFromString(true, msgIn.rpNames[i])
     if guid ≠ null then
     
       /* First, try to find a matching attribute. */
       attr := select one o from subtree SchemaNC()
           where attributeSchema in o!objectClass and
             o!schemaIdGuid = msgIn.rpNames[i]
       if attr ≠ null
         /* Found a matching attribute object. */
         msgOut^.rItems[i].pName := attr!lDAPDisplayName
         msgOut^.rItems[i].status := DS_NAME_ERROR_SCHEMA_GUID_ATTR
       else
         /* Next, try to find a matching class. */
         class := select one o from subtree SchemaNC()
             where classSchema in o!objectClass
               o!schemaIdGuid = msgIn.rpNames[i]
         if class ≠ null
           /* Found a matching class object. */
           msgOut^.rItems[i].pName := class!lDAPDisplayName
           msgOut^.rItems[i].status := DS_NAME_ERROR_SCHEMA_GUID_CLASS
         else
           /* Finally, try to find a matching extendedRight object. */
           er := select one o from 
               subtree DescendantObject(ConfigNC(),
                                        "CN=Extended-Rights,")
                 where extendedRight in o!objectClass and
                   o!rightsGuid = msgIn.rpNames[i]
           if er ≠ null
             /* Found a matching extendedRight object */
             if RIGHT_DS_READ_PROPERTY in er!validAccesses or 
                 RIGHT_DS_WRITE_PROPERTY in er!validAccesses then
               msgOut^.rItems[i].pName := er!displayName
               msgOut^.rItems[i].status := 
                   DS_NAME_ERROR_SCHEMA_GUID_ATTR_SET
             else if RIGHT_DS_CONTROL_ACCESS in er!validAccesses or 
                 RIGHT_DS_WRITE_PROPERTY_EXTENDED in er!validAccesses 
                 then
               msgOut^.rItems[i].pName := er!displayName
               msgOut^.rItems[i].status := 
                      DS_NAME_ERROR_SCHEMA_GUID_CONTROL_RIGHT
             endif
           endif
         endif
       endif
     endif
   endfor
   msgOut^.cItems := msgIn.cNames
 endif
  
 return ERROR_SUCCESS
  
Show: