Chasing referrals like ldp.exe in the win32 ldap API - winapi

I've been using ldp.exe to guide development of some ldap code for Active Directory. I'm using the win32 API (wldap32). ldp.exe has been extremely helpful in this regard, because in the right pane of the program it shows (more or less) the actual win32 API functions and arguments used to carry out the commands. I find this particularly helpful when crafting calls for ldap_search. If I can get the search to work in ldp.exe, I can directly translate the search to ldap_search.
This was all working as expected until I tried to query a trusted, linked base domain. For example, I login and authenticate to x.net. But I am trying to query the domain y.net which is trusted from x.net.
A search query like (SAMAccountName=mylogin) with BaseDN DC=x,DC=net works in ldp.exe immediately. If I change the BaseDN to DC=y,DC=net it will not work. However, if go to Search Options in ldp.exe and check the box for 'Chase Referrals', the query will work.
Here is the problem. I don't know what checking that box does in terms of win32 API calls. When I query BaseDN DC=y,DC=net with ldap_search directly the return code is LDAP_REFERRAL.
At first, I thought fixing it would be as simple as calling ldap_set_option with LDAP_OPT_REFERRALS, but that doesn't seem to be enough. I've tried settings various other referral related flags like LDAP_OPT_REFERRAL_HOP_LIMIT to larger numbers hoping that is my problem, but nothing seems to work.
I suppose that one possibility is that ldp.exe is actually following those referrals manually with additional function calls (but not actually showing it on the GUI). However, I have not found any good examples of how to do that. If anyone has an example of that, it would be greatly appreciated.
Additionally, I know this query can work because I have access to C# code using DirectoryEntry and DirectorySearcher that works fine in this case.
Does anyone know what is going on in ldp.exe 'Chase Referrals' and how to translate it to the win32 API?

If you see ldp.exe console output, win32 api ldap_search also get's LDAP_REFERRAL. However ldp.exe does follow referrals with additional functions which we don't see in the console as those are not api's.

Related

Service worker, caching a graph query request

so I'm getting in the world of service workers, found it complex for my level, and despite I manage to cache my physical files in my vue 3 project. I'm struggling with the way of caching the response from headless CMS, there is a lot information around about in general most of then very old, at the beginning I tried using workbox, then I read that you cannot catch graph response or post response(correct if I am wrong), in addition I was having a lot of issues trying to include the script with the vue 3 project and some error about some array, so ended up building the sw from scratch and it worker pretty well so far. Now I'm facing the issue with the graph response, so far I have read it's not easy which is quite discouraging when u read it from more experienced people. I have found some examples and lot of user asking the same question here some with no response as well, and so far I found an interesting response(3 years old), however I am not sure if this actually applies for my case if is deprecate. He provides a code example, however is not providing information about what exactly does the script, you can see the response here
So I am assuming the URL that needs to be provide is the url to my graph API in this case the one provide for CMS. And the in the variable cachedResponse under the catch, do I need to provide the query variable, meaning the const that I am using to call the graph? I have to mention I am not using apollo nor axios just a normal graph inclusion.
Also when I tried to run this code, at the beginning I got an issue with the script from dexie.js and had mime issue which I tried to correct with some suggestion from here. Which did not work for me. I thought that was my sw cache playing bad, however I cleaned it got same issue.
So so far have been a long way, It seems there is not magic formula, but if I can receive an advice or different approach from what I have been trying so far, would be very welcome. Thank you in advance for the help : )

Katharsis security + API versioning

I am currently evaluating possibilities, how to write/generate level2+ rest API. I came across karharis and i pretty like the concept and the whole idea how its done seems sound to me. But I have not found answers to these questions:
How to handle security properly. I can imagine that it might get tricky, as JSON api supports traversing to some extent. (out app will run in spring environment, so I suppose that we might use spring-security, but I do not know, if we will encounter some hidden traps)
API versioning. I havent found any clues how to handle API evolution. Are there any already supported options (content negotiation, path variable, query parameter...?) or do we need to hack it ourselves?
Thanks in advance!

powershell exchange 2010 grab body of email and set to variable

i am trying to get the body of an email and set it to a variable with powershell by using get-mailbox. the reason im not doing it an easier was is it is blocked on the network to get the body from outlook. im completly lost. ive tried export but thats to pst. ive tried doing a search query with logging but thats a bust also. im pretty lost anything to point me in the direction would be great.
As far as I know, Get-Mailbox won't do that, unfortunately. It'll get you information about the mailbox, but not it's contents. If you want to work w/ the contents of a mailbox, and you can't use Outlook, your best bet is probably the Exchange Web Service (EWS).
There is a way to do this but it really depends on how much you are willing to work to make it possible.
The best way that I could think of is using the EWS API. It's messy and it takes a while to learn so you will probably need to put some time and effort into making the script (unless you can find someone else who has).
Basically I got all of these links by doing a google search for "Powershell EWS API"
Here is another similar question:
How to check an exchange mailbox via powershell?
Here is some more help with how to use the API (it's kinda tricky):
http://blogs.technet.com/b/heyscriptingguy/archive/2011/12/02/learn-to-use-the-exchange-web-services-with-powershell.aspx
http://www.xipher.dk/WordPress/?p=739
Here are some examples to work off of (the first one is closest to what you are looking for):
http://social.technet.microsoft.com/Forums/scriptcenter/en-US/335a888b-bf85-4a36-a555-71cc84608960/download-email-content-text-from-exchange-ews-with-powershell?forum=ITCG
http://social.technet.microsoft.com/Forums/exchange/en-US/0ad086bd-eb23-4ece-a362-696fa526a7e6/retrieve-messages-from-inbox-subfolder?forum=exchangesvrdevelopment
http://poshcode.org/2978
Hope that helps!

Up to date, working Google apps-script example integrated with spreadsheet?

I'm trying to build some kind of GUI on top of/embedded into a google spreadsheet.
I've been crawling through the docs, and sadly, hitting a wall.
I DID find the sample video, at
http://www.youtube.com/watch?v=5VmEPo6Rkq4
Unfortunately, it seems out of date and broken :( Some of the calls are no longer valid.
And, while I think I figured that part out, I cant get the callback handler to be recognized.
It gives me a runtime error of
"Error encountered: Script function not found:
function respondToSubmit(e) {
/* full body of function here*/
}"
The odd thing is, for supposedly not finding it, it does a good job of printing out the whole function body.
It doesnt seem to be an error inside the function itself, because when I make it an EMPTY function, it still gives the same error :(
Could someone please point me to a simple, working example of how to add a UI alongside a google spreadsheet, or equivalent?
Please note that I dont need a general-purpose, standalone application(I think).
I'm just trying to embed some GUI type functions, in one very specific google spreadsheet that I have.
There are examples of simple Spreadsheet UIs using three different approaches in the
Dialogs and Sidebars in Google Apps documentation. They all work today. The third approach, Custom Dialogs, can be implemented using UiService or HtmlService, but that page only shows an example using HtmlService.

AutoUnlock a Windows User Session

Recently, I have been working on a CredentialProvider in order to unlock automatically (the trigger can be any event, so let’s say the end of a timer) a Windows Vista (or more recent version) user session.
For that I read some useful articles on the subject, the change between GINA and this new architecture. http://msdn.microsoft.com/en-us/magazine/cc163489.aspx.
I think, like everyone in the process of creating a custom CredentialProvider, I didn’t start from scratch but from the sample code provided by Microsoft. And then I tried to change the behaviour (things like logging) in the different functions.
So in the end I can use the custom CredentialProvider, enter the SetUsageScenario methods but still I cannot reach the Set or GetSerialization method. From what I’ve understood in the technical documentation on CredentialProvider (still provided by Microsoft) theses two methods should be called automatically. Is there something I missed ?
Also, my original idea was to get an authentication package using Kerberos in order to perform an implicit user authentication. I got this idea by seeking information on other SO or MSDN threads like
Is this approach the good one ?
Thank you very much for your time answering my questions. Any clarifications are welcomed, even if they don’t directly resolve my problems :-)
First of all - you need to set autologon flag to true in your implementation of the ICredentialProviderCredential::SetSelected(BOOL *pbAutoLogon) and ICredentialProvider::GetCredentialCount methods.
Next, you need to call ICredentialProviderEvents::CredentialsChanged when your timer is hit.
LogonUI will recreate your credentials, and because autologon is set to true it will call your GetSerialization() method.
SetSerialization and GetSerialization functions are called from your provider by LogonUI. After user enters username/password and presses ENTER button, LogonUI calls GetSerialization function and provides a pointer, as one of the four parameters, that will point in future to CREDENTIAL_PROVIDER_CREDENTIAL_SERIALIZATION structure created and filled by you, and then this structure will be sent from LogonUI to Winlogon to perform authentication. I don't know how to make LogonUI to call GetSerialization from your credential provider code and as far as I know you can't call GetSerialization by your own because where will you pass your filled CREDENTIAL_PROVIDER_CREDENTIAL_SERIALIZATION structure if no one requested it, but only LogonUI can path it to Winlogon?
There is a document called "Credential Provider Technical Reference", there you can read some details about credential providers. In the Shell samples folder there is a strange folder called "Autologon", maybe it will help you! Good Luck!

Resources