archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-server-2003/admin/snapin/certmgr/gpepage.cpp

377 lines
12 KiB
Raw Permalink Normal View History

commiting as it is
4 years ago
  1. //+---------------------------------------------------------------------------
  2. /////////////////////////////////////////////////////////////////////////////////
  3. //
  4. // Microsoft Windows
  5. // Copyright (C) Microsoft Corporation, 1997-2002.
  6. //
  7. // File: GPEPage.cpp
  8. //
  9. // Contents: Implementation of CGPERootGeneralPage
  10. //
  11. //----------------------------------------------------------------------------
  13. #include "stdafx.h"
  14. #include <gpedit.h>
  15. #include "GPEPage.h"
  16. #include "storegpe.h"
  17. #include "CompData.h"
  19. #ifdef _DEBUG
  20. #ifndef ALPHA
  21. #define new DEBUG_NEW
  22. #endif
  23. #undef THIS_FILE
  24. static char THIS_FILE[] = __FILE__;
  25. #endif
  27. extern GUID g_guidExtension;
  28. extern GUID g_guidSnapin;
  29. extern GUID g_guidRegExt;
  32. /////////////////////////////////////////////////////////////////////////////
  33. // CGPERootGeneralPage property page
  36. CGPERootGeneralPage::CGPERootGeneralPage(CCertMgrComponentData* pCompData,
  37. bool fIsComputerType) :
  38. CHelpPropertyPage(CGPERootGeneralPage::IDD),
  39. m_dwGPERootFlags (0),
  40. m_hUserRootFlagsKey (0),
  41. m_hGroupPolicyKey (0),
  42. m_pGPEInformation (pCompData->GetGPEInformation ()),
  43. m_fIsComputerType (fIsComputerType)
  44. {
  45. //{{AFX_DATA_INIT(CGPERootGeneralPage)
  46. // NOTE: the ClassWizard will add member initialization here
  47. //}}AFX_DATA_INIT
  49. if ( m_pGPEInformation )
  50. {
  51. m_pGPEInformation->AddRef ();
  53. HRESULT hResult = m_pGPEInformation->GetRegistryKey (GPO_SECTION_MACHINE,
  54. &m_hGroupPolicyKey);
  55. ASSERT (SUCCEEDED (hResult));
  56. if ( SUCCEEDED (hResult) )
  57. GPEGetUserRootFlags ();
  58. }
  59. else
  60. RSOPGetUserRootFlags (pCompData);
  61. }
  63. CGPERootGeneralPage::~CGPERootGeneralPage()
  64. {
  65. if ( m_hUserRootFlagsKey )
  66. ::RegCloseKey (m_hUserRootFlagsKey);
  67. if ( m_hGroupPolicyKey )
  68. ::RegCloseKey (m_hGroupPolicyKey);
  69. if ( m_pGPEInformation )
  70. m_pGPEInformation->Release ();
  71. }
  73. void CGPERootGeneralPage::DoDataExchange(CDataExchange* pDX)
  74. {
  75. CHelpPropertyPage::DoDataExchange(pDX);
  76. //{{AFX_DATA_MAP(CGPERootGeneralPage)
  77. DDX_Control(pDX, IDC_ENABLE_USER_ROOT_STORE, m_enableUserRootStoreBtn);
  78. //}}AFX_DATA_MAP
  79. }
  82. BEGIN_MESSAGE_MAP(CGPERootGeneralPage, CHelpPropertyPage)
  83. //{{AFX_MSG_MAP(CGPERootGeneralPage)
  84. ON_BN_CLICKED(IDC_ENABLE_USER_ROOT_STORE, OnEnableUserRootStore)
  85. ON_BN_CLICKED(IDC_SET_DISABLE_LM_AUTH_FLAG, OnSetDisableLmAuthFlag)
  86. ON_BN_CLICKED(IDC_UNSET_DISABLE_LM_AUTH_FLAG, OnUnsetDisableLmAuthFlag)
  87. ON_BN_CLICKED(IDC_UNSET_DISABLE_NT_AUTH_REQUIRED_FLAG, OnUnsetDisableNtAuthRequiredFlag)
  88. ON_BN_CLICKED(IDC_SET_DISABLE_NT_AUTH_REQUIRED_FLAG, OnSetDisableNtAuthRequiredFlag)
  89. //}}AFX_MSG_MAP
  90. END_MESSAGE_MAP()
  92. /////////////////////////////////////////////////////////////////////////////
  93. // CGPERootGeneralPage message handlers
  96. BOOL CGPERootGeneralPage::OnInitDialog()
  97. {
  98. CHelpPropertyPage::OnInitDialog();
  100. // If this is the RSOP, make it read-only
  101. if ( !m_pGPEInformation )
  102. {
  103. // Make the page read-only
  104. m_enableUserRootStoreBtn.EnableWindow (FALSE);
  105. GetDlgItem (IDC_SET_DISABLE_LM_AUTH_FLAG)->EnableWindow (FALSE);
  106. GetDlgItem (IDC_UNSET_DISABLE_LM_AUTH_FLAG)->EnableWindow (FALSE);
  107. GetDlgItem (IDC_SET_DISABLE_NT_AUTH_REQUIRED_FLAG)->EnableWindow (FALSE);
  108. GetDlgItem (IDC_UNSET_DISABLE_NT_AUTH_REQUIRED_FLAG)->EnableWindow (FALSE);
  109. }
  111. if ( IsCurrentUserRootEnabled () )
  112. m_enableUserRootStoreBtn.SetCheck (BST_CHECKED);
  114. if ( m_dwGPERootFlags & CERT_PROT_ROOT_DISABLE_LM_AUTH_FLAG )
  115. SendDlgItemMessage (IDC_SET_DISABLE_LM_AUTH_FLAG, BM_SETCHECK, BST_CHECKED);
  116. else
  117. SendDlgItemMessage (IDC_UNSET_DISABLE_LM_AUTH_FLAG, BM_SETCHECK, BST_CHECKED);
  119. if ( m_dwGPERootFlags & CERT_PROT_ROOT_DISABLE_NT_AUTH_REQUIRED_FLAG )
  120. SendDlgItemMessage (IDC_SET_DISABLE_NT_AUTH_REQUIRED_FLAG, BM_SETCHECK, BST_CHECKED);
  121. else
  122. SendDlgItemMessage (IDC_UNSET_DISABLE_NT_AUTH_REQUIRED_FLAG, BM_SETCHECK, BST_CHECKED);
  125. return TRUE; // return TRUE unless you set the focus to a control
  126. // EXCEPTION: OCX Property Pages should return FALSE
  127. }
  129. void CGPERootGeneralPage::OnOK()
  130. {
  131. if ( m_pGPEInformation )
  132. {
  133. SaveCheck ();
  134. CHelpPropertyPage::OnOK ();
  135. }
  136. }
  138. void CGPERootGeneralPage::SaveCheck()
  139. {
  140. ASSERT (m_pGPEInformation);
  141. if ( m_pGPEInformation )
  142. {
  143. bool bRetVal = false;
  145. if ( m_enableUserRootStoreBtn.GetCheck () == BST_CHECKED )
  146. bRetVal = SetGPEFlags ((DWORD) CERT_PROT_ROOT_DISABLE_CURRENT_USER_FLAG, TRUE); // remove flag
  147. else
  148. bRetVal = SetGPEFlags ((DWORD) CERT_PROT_ROOT_DISABLE_CURRENT_USER_FLAG, FALSE); // set flag
  150. if ( bRetVal )
  151. {
  152. if ( BST_CHECKED == SendDlgItemMessage (IDC_SET_DISABLE_LM_AUTH_FLAG, BM_GETCHECK) )
  153. bRetVal = SetGPEFlags ((DWORD) CERT_PROT_ROOT_DISABLE_LM_AUTH_FLAG, FALSE); // set flag
  154. else if ( BST_CHECKED == SendDlgItemMessage (IDC_UNSET_DISABLE_LM_AUTH_FLAG, BM_GETCHECK) )
  155. bRetVal = SetGPEFlags ((DWORD) CERT_PROT_ROOT_DISABLE_LM_AUTH_FLAG, TRUE); // remove flag
  156. }
  158. if ( bRetVal )
  159. {
  160. if ( BST_CHECKED == SendDlgItemMessage (IDC_SET_DISABLE_NT_AUTH_REQUIRED_FLAG, BM_GETCHECK) )
  161. bRetVal = SetGPEFlags ((DWORD) CERT_PROT_ROOT_DISABLE_NT_AUTH_REQUIRED_FLAG, FALSE); // set flag
  162. else if ( BST_CHECKED == SendDlgItemMessage (IDC_UNSET_DISABLE_NT_AUTH_REQUIRED_FLAG, BM_GETCHECK) )
  163. bRetVal = SetGPEFlags ((DWORD) CERT_PROT_ROOT_DISABLE_NT_AUTH_REQUIRED_FLAG, TRUE); // remove flag
  164. }
  166. if ( bRetVal )
  167. {
  168. // TRUE means we're changing the machine policy only
  169. m_pGPEInformation->PolicyChanged (TRUE, TRUE, &g_guidExtension, &g_guidSnapin);
  170. m_pGPEInformation->PolicyChanged (TRUE, TRUE, &g_guidRegExt, &g_guidSnapin);
  171. }
  172. }
  173. }
  175. void CGPERootGeneralPage::OnEnableUserRootStore()
  176. {
  177. SetModified (TRUE);
  178. }
  181. void CGPERootGeneralPage::OnSetDisableLmAuthFlag()
  182. {
  183. SetModified (TRUE);
  184. }
  186. bool CGPERootGeneralPage::SetGPEFlags (DWORD dwFlags, BOOL bRemoveFlag)
  187. {
  188. bool bRetVal = false;
  190. ASSERT (m_pGPEInformation);
  191. if ( m_pGPEInformation )
  192. {
  193. DWORD dwType = REG_DWORD;
  194. DWORD dwData = 0;
  195. DWORD cbData = sizeof (dwData);
  197. // security review 2/27/2002 BryanWal ok
  198. LONG lResult = ::RegQueryValueEx (m_hUserRootFlagsKey, // handle of key to query
  199. CERT_PROT_ROOT_FLAGS_VALUE_NAME, // address of name of value to query
  200. 0, // reserved
  201. &dwType, // address of buffer for value type
  202. (LPBYTE) &dwData, // address of data buffer
  203. &cbData); // address of data buffer size);
  204. ASSERT (ERROR_SUCCESS == lResult || ERROR_FILE_NOT_FOUND == lResult);
  205. if ( ERROR_SUCCESS == lResult || ERROR_FILE_NOT_FOUND == lResult )
  206. {
  207. if ( ERROR_SUCCESS == lResult && REG_DWORD != dwType )
  208. {
  209. ASSERT (0);
  210. return false;
  211. }
  213. if ( bRemoveFlag )
  214. dwData &= ~dwFlags;
  215. else
  216. dwData |= dwFlags;
  218. lResult = ::RegSetValueEx (m_hUserRootFlagsKey,
  219. CERT_PROT_ROOT_FLAGS_VALUE_NAME, // address of value to set
  220. 0, // reserved
  221. REG_DWORD, // flag for value type
  222. (CONST BYTE *) &dwData, // address of value data
  223. cbData); // size of value data);
  224. ASSERT (ERROR_SUCCESS == lResult);
  225. if ( ERROR_SUCCESS == lResult )
  226. {
  227. m_dwGPERootFlags = dwData;
  228. bRetVal = true;
  229. }
  230. else
  231. DisplaySystemError (m_hWnd, lResult);
  232. }
  233. else
  234. DisplaySystemError (m_hWnd, lResult);
  235. }
  237. return bRetVal;
  238. }
  240. bool CGPERootGeneralPage::IsCurrentUserRootEnabled() const
  241. {
  242. if (m_dwGPERootFlags & CERT_PROT_ROOT_DISABLE_CURRENT_USER_FLAG)
  243. return false;
  244. else
  245. return true;
  246. }
  248. void CGPERootGeneralPage::RSOPGetUserRootFlags(const CCertMgrComponentData* pCompData)
  249. {
  250. if ( pCompData )
  251. {
  252. const CRSOPObjectArray* pObjectArray = m_fIsComputerType ?
  253. pCompData->GetRSOPObjectArrayComputer () :
  254. pCompData->GetRSOPObjectArrayUser ();
  255. int nIndex = 0;
  257. // NOTE: rsop object array is sorted first by registry key, then by precedence
  258. INT_PTR nUpperBound = pObjectArray->GetUpperBound ();
  260. while ( nUpperBound >= nIndex )
  261. {
  262. CRSOPObject* pObject = pObjectArray->GetAt (nIndex);
  263. if ( pObject )
  264. {
  265. // Consider only entries from this store
  266. // security review 2/27/2002 BryanWal ok
  267. if ( !wcscmp (CERT_PROT_ROOT_FLAGS_REGPATH, pObject->GetRegistryKey ()) )
  268. {
  269. ASSERT (1 == pObject->GetPrecedence ());
  270. m_dwGPERootFlags = pObject->GetDWORDValue ();
  271. break;
  272. }
  273. }
  274. else
  275. break;
  277. nIndex++;
  278. }
  279. }
  280. }
  282. void CGPERootGeneralPage::GPEGetUserRootFlags()
  283. {
  284. DWORD dwDisposition = 0;
  286. // security review 2/27/2002 BryanWal ok
  287. LONG lResult = ::RegCreateKeyEx (m_hGroupPolicyKey, // handle of an open key
  288. CERT_PROT_ROOT_FLAGS_REGPATH, // address of subkey name
  289. 0, // reserved
  290. L"", // address of class string
  291. REG_OPTION_NON_VOLATILE, // special options flag
  292. KEY_QUERY_VALUE | KEY_SET_VALUE, // desired security access
  293. NULL, // address of key security structure
  294. &m_hUserRootFlagsKey, // address of buffer for opened handle
  295. &dwDisposition); // address of disposition value buffer
  296. ASSERT (lResult == ERROR_SUCCESS);
  297. if ( lResult == ERROR_SUCCESS )
  298. {
  299. // Read value
  300. DWORD dwType = REG_DWORD;
  301. DWORD dwData = 0;
  302. DWORD cbData = sizeof (dwData);
  304. // security review 2/27/2002 BryanWal ok
  305. lResult = ::RegQueryValueEx (m_hUserRootFlagsKey, // handle of key to query
  306. CERT_PROT_ROOT_FLAGS_VALUE_NAME, // address of name of value to query
  307. 0, // reserved
  308. &dwType, // address of buffer for value type
  309. (LPBYTE) &dwData, // address of data buffer
  310. &cbData); // address of data buffer size);
  311. ASSERT (ERROR_SUCCESS == lResult || ERROR_FILE_NOT_FOUND == lResult);
  312. if ( ERROR_SUCCESS == lResult || ERROR_FILE_NOT_FOUND == lResult )
  313. {
  314. if ( REG_DWORD == dwType )
  315. {
  316. m_dwGPERootFlags = dwData;
  317. }
  318. }
  319. else
  320. DisplaySystemError (NULL, lResult);
  321. }
  322. else
  323. DisplaySystemError (NULL, lResult);
  324. }
  327. void CGPERootGeneralPage::DoContextHelp (HWND hWndControl)
  328. {
  329. _TRACE (1, L"Entering CGPERootGeneralPage::DoContextHelp\n");
  330. static const DWORD help_map[] =
  331. {
  332. IDC_ENABLE_USER_ROOT_STORE, IDH_GPEPAGE_ENABLE_USER_ROOT_STORE,
  333. IDC_SET_DISABLE_LM_AUTH_FLAG, IDH_SET_DISABLE_LM_AUTH_FLAG,
  334. IDC_UNSET_DISABLE_LM_AUTH_FLAG, IDH_UNSET_DISABLE_LM_AUTH_FLAG,
  335. IDC_SET_DISABLE_NT_AUTH_REQUIRED_FLAG, IDH_SET_DISABLE_NT_AUTH_REQUIRED_FLAG,
  336. IDC_UNSET_DISABLE_NT_AUTH_REQUIRED_FLAG, IDH_UNSET_DISABLE_NT_AUTH_REQUIRED_FLAG,
  337. 0, 0
  338. };
  340. switch (::GetDlgCtrlID (hWndControl))
  341. {
  342. case IDC_ENABLE_USER_ROOT_STORE:
  343. case IDC_SET_DISABLE_LM_AUTH_FLAG:
  344. case IDC_UNSET_DISABLE_LM_AUTH_FLAG:
  345. case IDC_SET_DISABLE_NT_AUTH_REQUIRED_FLAG:
  346. case IDC_UNSET_DISABLE_NT_AUTH_REQUIRED_FLAG:
  347. if ( !::WinHelp (
  348. hWndControl,
  349. GetF1HelpFilename(),
  350. HELP_WM_HELP,
  351. (DWORD_PTR) help_map) )
  352. {
  353. _TRACE (0, L"WinHelp () failed: 0x%x\n", GetLastError ());
  354. }
  355. break;
  357. default:
  358. break;
  359. }
  360. _TRACE (-1, L"Leaving CGPERootGeneralPage::DoContextHelp\n");
  361. }
  364. void CGPERootGeneralPage::OnUnsetDisableLmAuthFlag()
  365. {
  366. SetModified (TRUE);
  367. }
  369. void CGPERootGeneralPage::OnUnsetDisableNtAuthRequiredFlag()
  370. {
  371. SetModified (TRUE);
  372. }
  374. void CGPERootGeneralPage::OnSetDisableNtAuthRequiredFlag()
  375. {
  376. SetModified (TRUE);
  377. }