基于ADSI的NT帐号及Exchange Server帐号申请及验证模块源代码[6]

    debug.print "successfully deleted mailbox for user " & username
    delete_exchange_mailbox = true
    exit function

delete_exchange_mailbox_error:
   
    debug.print "error 0x" & cstr(hex(err.number)) & " occurred deleting mailbox for user " & username

end function

''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
''
'' makeselfsd -- builds a self-relative security descriptor suitable for adsi
''
'' return code : 1 = ok
''              0 = error
'' in    sselfsd    dynamic byte array, size 0
''      sserver    dc for the domain
''      sdomain    domain name
''      sassocuser  primary nt account for the mail box (sd owner)
''      paramarray  authorized accounts
''                  this is an array of (userid, role, userid, role...)
''                  where role is a combination of rights (cf rightxxx constants)
'' out  sselfsd    self relative sd allocated and initalized
''
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
public function makeselfsd(sselfsd() as byte, _
        sserver as string, sdomain as string, _
        sassocuser as string, _
        paramarray acelist() as variant) as long
dim secdesc as security_descriptor
dim i as integer
dim tacl as acl
dim taccess_allowed_ace as access_allowed_ace
dim psid() as byte
dim pacl() as byte
dim pacesid() as mysid
dim longueur as long
dim rc as long
   
    on error goto sderror
    ' initializing abolute sd
    rc = initializesecuritydescriptor(secdesc, security_descriptor_revision)
    if (rc <> 1) then
        err.raise -12, , "initializesecuritydescriptor"
    end if
   
    rc = getsid(sserver, sdomain, sassocuser, psid)
    if (rc <> 1) then
        err.raise -12, , "getsid"
    end if
   
    rc = setsecuritydescriptorowner(secdesc, psid(0), 0)
    if (rc <> 1) then
        err.raise -12, , "setsecuritydescriptorowner"
    end if
   
    ' i don't know why we had to do this one, but it works for us
    rc = setsecuritydescriptorgroup(secdesc, psid(0), 0)
    if (rc <> 1) then
        err.raise -12, , "setsecuritydescriptorgroup"
    end if
   
    ' getting sids for all the other users, and computing of total acl length
    ' (famous formula from msdn)
    longueur = len(tacl)
    redim preserve pacesid((ubound(acelist) - 1) / 2)
    for i = 0 to ubound(pacesid)
        if 1 <> getsid(sserver, sdomain, cstr(acelist(2 * i)), pacesid(i).x) then err.raise -12, , "getsid"
        longueur = longueur + getlengthsid(pacesid(i).x(0)) + len(taccess_allowed_ace) - 4
    next i
   
    ' initalizing acl, and adding one ace for each user
    redim pacl(longueur)
    if 1 <> initializeacl(pacl(0), longueur, acl_revision) then err.raise -12, , "initializeacl"
    for i = 0 to ubound(pacesid)
        if 1 <> addaccessallowedace(pacl(0), acl_revision, clng(acelist(2 * i + 1)), pacesid(i).x(0)) then err.raise -12, , "addaccessallowedace"
    next i
    if 1 <> setsecuritydescriptordacl(secdesc, 1, pacl(0), 0) then err.raise -12, , "setsecuritydescriptordacl"
   
    ' allocation and conversion in the self relative sd
    longueur = getsecuritydescriptorlength(secdesc)
    redim sselfsd(longueur)
    if 1 <> makeselfrelativesd(secdesc, sselfsd(0), longueur) then err.raise -12, , "makeselfrelativesd"
    makeselfsd = 1
    exit function

sderror:
    makeselfsd = 0
end function

''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
''
'' getsid -- gets the security identifier for the specified account name
''
''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''
public function getsid(sserver as string, sdomain as string, suserid as string, psid() as byte) as long
dim rc as long