4.1.31.2 Server Behavior of the IDL_DRSReadNgcKey Method
Informative summary of behavior: The IDL_DRSReadNgcKey method reads the msDS-KeyCredentialLink attribute values of an object, attempts to parses the msDS-KeyCredentialLink attribute on the object and returns the KeyMaterial field ([MS-ADTS] section 2.2.20.6) from the first entry that is successfully parsed. The order in which the values are parsed is implementation specific. Note that the following pseudocode uses the KEYCREDENTIALLINK_BLOB and KEYCREDENTIALLINK_ENTRY structures and related constants ([MS-ADTS] section 2.2.20).
-
ULONG IDL_DRSReadNgcKey( [in, ref] DRS_HANDLE hDrs, [in] DWORD dwInVersion, [in, ref, switch_is(dwInVersion)] DRS_MSG_READNGCKEYREQ* pmsgIn, [out, ref] DWORD* pdwOutVersion, [out, ref, switch_is(*pdwOutVersion)] DRS_MSG_READNGCKEYREPLY* pmsgOut); accountDN: unicodestring account: DSName keyValue : array of UCHAR err: DWORD key: DNBinary keyBinary: array of BYTE keyBlob: KEYCREDENTIALLINK_BLOB keyEntry: KEYCREDENTIALLINK_ENTRY offset: DWORD ValidateDRSInput(hDrs, 30) pdwOutVersion^ := 1 pmsgOut^.V1.retVal := 0 /* Input parameter validation */ if dwInVersion ≠ 1 then pmsgOut^.V1.retVal := ERROR_INVALID_PARAMETER return ERROR_INVALID_PARAMETER endif /* Input parameter validation */ if ClientUUID(hDrs) ≠ NTDSAPI_CLIENT_GUID pmsgOut^.V1.retVal := ERROR_INVALID_PARAMETER return ERROR_INVALID_PARAMETER endif accountDN := pmsgIn^.V1.pwszAccount if accountDN = null or accountDN = "" then pmsgOut^.V1.retVal := ERROR_INVALID_PARAMETER return ERROR_INVALID_PARAMETER endif account := GetDSNameFromDN(accountDN); if not ObjExists(account) then pmsgOut^.V1.retVal := ERROR_DS_OBJ_NOT_FOUND return ERROR_DS_OBJ_NOT_FOUND endif /* Perform access checks */ if (!AccessCheckAttr(account, msDS-KeyCredentialLink, RIGHT_DS_READ_PROPERTY)) then return ERROR_DS_INSUFF_ACCESS_RIGHTS endif keyValue := NULL foreach (key in obj!msDS-KeyCredentialLink) keyBinary := key!Binary offset := 0 keyBlob := keyBinary offset := offset + sizeof(keyBlob) if (keyBlob!Version != KEY_CREDENTIAL_LINK_VERSION_2) continue endif while (offset < length(keyBinary)) keyEntry := keyBinary[offset] offset := offset + sizeof(keyEntry!Length) + sizeof(keyEntry!Identifier) + keyEntry!Length if (keyEntry!Identifer = KeyMaterial) keyValue := keyEntry!Value break endif endwhile if (keyValue != NULL) break endif endfor if (keyValue == NULL) return ERROR_DS_OBJ_NOT_FOUND endif pmsgOut^.V1.pNgcKey := keyValue pmsgOut^.V1.cNgcKey := length(keyValue) return 0