archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
4.9 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-server-2003/admin/snapin/certmgr/saferenforcementpropertypag...

406 lines
13 KiB
Raw Permalink Normal View History

commiting as it is
4 years ago
  1. //+---------------------------------------------------------------------------
  2. //
  3. // Microsoft Windows
  4. // Copyright (C) Microsoft Corporation, 2000-2002.
  5. //
  6. // File: SaferEnforcementPropertyPage.h
  7. //
  8. // Contents: Declaration of CSaferEnforcementPropertyPage
  9. //
  10. //----------------------------------------------------------------------------
  11. // SaferEnforcementPropertyPage.cpp : implementation file
  12. //
  14. #include "stdafx.h"
  15. #include "certmgr.h"
  16. #include <gpedit.h>
  17. #include "compdata.h"
  18. #include "SaferEnforcementPropertyPage.h"
  20. #ifdef _DEBUG
  21. #define new DEBUG_NEW
  22. #undef THIS_FILE
  23. static char THIS_FILE[] = __FILE__;
  24. #endif
  26. extern GUID g_guidExtension;
  27. extern GUID g_guidRegExt;
  28. extern GUID g_guidSnapin;
  30. /////////////////////////////////////////////////////////////////////////////
  31. // CSaferEnforcementPropertyPage property page
  33. // The "TransparentEnforcement" flag has the following values:
  34. // 0 = disable all transparent hooks (in CreateProcess and LoadLibrary)
  35. // 1 = enable transparent hooks for CreateProcess
  36. // 2 = enable transparent hooks for CreateProcess and LoadLibrary
  37. #define SAFER_TRANSPARENT_ENFORCEMENT_DISABLE_ALL 0
  38. #define SAFER_TRANSPARENT_ENFORCEMENT_ENABLE_CREATE_PROCESS 1
  39. #define SAFER_TRANSPARENT_ENFORCEMENT_ENABLE_ALL 2
  41. CSaferEnforcementPropertyPage::CSaferEnforcementPropertyPage(
  42. IGPEInformation* pGPEInformation,
  43. CCertMgrComponentData* pCompData,
  44. bool bReadOnly,
  45. CRSOPObjectArray& rsopObjectArray,
  46. bool bIsComputer)
  47. : CHelpPropertyPage(CSaferEnforcementPropertyPage::IDD),
  48. m_pGPEInformation (pGPEInformation),
  49. m_hGroupPolicyKey (0),
  50. m_fIsComputerType (bIsComputer),
  51. m_bReadOnly (bReadOnly),
  52. m_rsopObjectArray (rsopObjectArray),
  53. m_dwEnforcement (0),
  54. m_bDirty (false),
  55. m_dwScopeFlags (0),
  56. m_pCompData (pCompData)
  57. {
  58. //{{AFX_DATA_INIT(CSaferEnforcementPropertyPage)
  59. // NOTE: the ClassWizard will add member initialization here
  60. //}}AFX_DATA_INIT
  61. if ( m_pCompData )
  62. {
  63. m_pCompData->AddRef ();
  64. m_pCompData->IncrementOpenSaferPageCount ();
  65. }
  67. if ( m_pGPEInformation )
  68. {
  69. m_pGPEInformation->AddRef ();
  70. HRESULT hr = m_pGPEInformation->GetRegistryKey (
  71. m_fIsComputerType ? GPO_SECTION_MACHINE : GPO_SECTION_USER,
  72. &m_hGroupPolicyKey);
  73. ASSERT (SUCCEEDED (hr));
  74. if ( SUCCEEDED (hr) )
  75. {
  76. DWORD cbBuffer = sizeof (DWORD);
  77. CPolicyKey policyKey (m_pGPEInformation,
  78. SAFER_HKLM_REGBASE,
  79. m_fIsComputerType);
  81. SetRegistryScope (policyKey.GetKey (), bIsComputer);
  82. BOOL bRVal = SaferGetPolicyInformation (
  83. SAFER_SCOPEID_REGISTRY,
  84. SaferPolicyEnableTransparentEnforcement,
  85. cbBuffer,
  86. &m_dwEnforcement,
  87. &cbBuffer,
  88. 0);
  89. if ( !bRVal )
  90. {
  91. ASSERT (0);
  92. DWORD dwErr = GetLastError ();
  93. hr = HRESULT_FROM_WIN32 (dwErr);
  94. _TRACE (0, L"SaferGetPolicyInformation (SAFER_SCOPEID_REGISTRY, SaferPolicyEnableTransparentEnforcement) failed: %d\n",
  95. dwErr);
  96. }
  99. bRVal = SaferGetPolicyInformation (
  100. SAFER_SCOPEID_REGISTRY,
  101. SaferPolicyScopeFlags,
  102. cbBuffer,
  103. &m_dwScopeFlags,
  104. &cbBuffer,
  105. 0);
  106. if ( !bRVal )
  107. {
  108. ASSERT (0);
  109. DWORD dwErr = GetLastError ();
  110. hr = HRESULT_FROM_WIN32 (dwErr);
  111. _TRACE (0, L"SaferGetPolicyInformation (SAFER_SCOPEID_REGISTRY, SaferPolicyScopeFlags) failed: %d\n",
  112. dwErr);
  113. }
  114. }
  115. }
  116. else
  117. {
  118. RSOPGetEnforcement ();
  119. }
  120. }
  122. CSaferEnforcementPropertyPage::~CSaferEnforcementPropertyPage()
  123. {
  124. if ( m_hGroupPolicyKey )
  125. RegCloseKey (m_hGroupPolicyKey);
  127. if ( m_pGPEInformation )
  128. {
  129. m_pGPEInformation->Release ();
  130. }
  132. if ( m_pCompData )
  133. {
  134. m_pCompData->DecrementOpenSaferPageCount ();
  135. m_pCompData->Release ();
  136. m_pCompData = 0;
  137. }
  138. }
  140. void CSaferEnforcementPropertyPage::DoDataExchange(CDataExchange* pDX)
  141. {
  142. CHelpPropertyPage::DoDataExchange(pDX);
  143. //{{AFX_DATA_MAP(CSaferEnforcementPropertyPage)
  144. // NOTE: the ClassWizard will add DDX and DDV calls here
  145. //}}AFX_DATA_MAP
  146. }
  149. BEGIN_MESSAGE_MAP(CSaferEnforcementPropertyPage, CHelpPropertyPage)
  150. //{{AFX_MSG_MAP(CSaferEnforcementPropertyPage)
  151. ON_BN_CLICKED(IDC_ALL_EXCEPT_LIBS, OnAllExceptLibs)
  152. ON_BN_CLICKED(IDC_ALL_SOFTWARE_FILES, OnAllSoftwareFiles)
  153. ON_BN_CLICKED(IDC_APPLY_EXCEPT_ADMINS, OnApplyExceptAdmins)
  154. ON_BN_CLICKED(IDC_APPLY_TO_ALL_USERS, OnApplyToAllUsers)
  155. //}}AFX_MSG_MAP
  156. END_MESSAGE_MAP()
  158. /////////////////////////////////////////////////////////////////////////////
  159. // CSaferEnforcementPropertyPage message handlers
  160. void CSaferEnforcementPropertyPage::DoContextHelp (HWND hWndControl)
  161. {
  162. _TRACE (1, L"Entering CSaferEnforcementPropertyPage::DoContextHelp\n");
  163. static const DWORD help_map[] =
  164. {
  165. IDC_ALL_EXCEPT_LIBS, IDH_ALL_EXCEPT_LIBS,
  166. IDC_ALL_SOFTWARE_FILES, IDH_ALL_SOFTWARE_FILES,
  167. IDC_APPLY_TO_ALL_USERS, IDH_APPLY_TO_ALL_USERS,
  168. IDC_APPLY_EXCEPT_ADMINS, IDH_APPLY_EXCEPT_ADMINS,
  169. 0, 0
  170. };
  172. switch (::GetDlgCtrlID (hWndControl))
  173. {
  174. case IDC_ALL_EXCEPT_LIBS:
  175. case IDC_ALL_SOFTWARE_FILES:
  176. case IDC_APPLY_TO_ALL_USERS:
  177. case IDC_APPLY_EXCEPT_ADMINS:
  178. if ( !::WinHelp (
  179. hWndControl,
  180. GetF1HelpFilename(),
  181. HELP_WM_HELP,
  182. (DWORD_PTR) help_map) )
  183. {
  184. _TRACE (0, L"WinHelp () failed: 0x%x\n", GetLastError ());
  185. }
  186. break;
  188. default:
  189. break;
  190. }
  191. _TRACE (-1, L"Leaving CSaferEnforcementPropertyPage::DoContextHelp\n");
  192. }
  194. void CSaferEnforcementPropertyPage::RSOPGetEnforcement()
  195. {
  196. int nIndex = 0;
  197. INT_PTR nUpperBound = m_rsopObjectArray.GetUpperBound ();
  198. bool bEnforcementFlagFound = false;
  199. bool bScopeFlagFound = false;
  200. CString szKeyName = SAFER_HKLM_REGBASE;
  201. szKeyName += L"\\";
  202. szKeyName += SAFER_CODEIDS_REGSUBKEY;
  205. while ( nUpperBound >= nIndex )
  206. {
  207. CRSOPObject* pObject = m_rsopObjectArray.GetAt (nIndex);
  208. if ( pObject )
  209. {
  210. if ( pObject->GetRegistryKey () == szKeyName &&
  211. pObject->GetValueName () == SAFER_TRANSPARENTENABLED_REGVALUE &&
  212. 1 == pObject->GetPrecedence ())
  213. {
  214. m_dwEnforcement = pObject->GetDWORDValue ();
  215. bEnforcementFlagFound = true;
  216. }
  217. else if ( pObject->GetRegistryKey () == szKeyName &&
  218. pObject->GetValueName () == SAFER_POLICY_SCOPE &&
  219. 1 == pObject->GetPrecedence ())
  220. {
  221. m_dwScopeFlags = pObject->GetDWORDValue ();
  222. bScopeFlagFound = true;
  223. }
  224. }
  225. else
  226. break;
  228. if ( bScopeFlagFound && bEnforcementFlagFound )
  229. break;
  231. nIndex++;
  232. }
  233. }
  235. void CSaferEnforcementPropertyPage::OnAllExceptLibs()
  236. {
  237. // SetModify only if setting changed
  238. if ( !(m_dwEnforcement & SAFER_TRANSPARENT_ENFORCEMENT_ENABLE_CREATE_PROCESS) )
  239. {
  240. SetModified ();
  241. m_bDirty = true;
  242. }
  243. }
  245. void CSaferEnforcementPropertyPage::OnAllSoftwareFiles()
  246. {
  247. // SetModify only if setting changed
  248. if ( !(m_dwEnforcement & SAFER_TRANSPARENT_ENFORCEMENT_ENABLE_ALL) )
  249. {
  250. SetModified ();
  251. m_bDirty = true;
  252. }
  253. }
  255. BOOL CSaferEnforcementPropertyPage::OnApply()
  256. {
  257. _TRACE (1, L"Entering CSaferEnforcementPropertyPage::OnApply ()\n");
  258. if ( m_bDirty && m_pGPEInformation)
  259. {
  260. if ( BST_CHECKED == SendDlgItemMessage (IDC_ALL_EXCEPT_LIBS,
  261. BM_GETCHECK) )
  262. {
  263. m_dwEnforcement = SAFER_TRANSPARENT_ENFORCEMENT_ENABLE_CREATE_PROCESS;
  264. }
  265. else if ( BST_CHECKED == SendDlgItemMessage (IDC_ALL_SOFTWARE_FILES,
  266. BM_GETCHECK) )
  267. {
  268. m_dwEnforcement = SAFER_TRANSPARENT_ENFORCEMENT_ENABLE_ALL;
  269. }
  271. if ( BST_CHECKED == SendDlgItemMessage (IDC_APPLY_EXCEPT_ADMINS,
  272. BM_GETCHECK) )
  273. {
  274. m_dwScopeFlags = 1;
  275. }
  276. else if ( BST_CHECKED == SendDlgItemMessage (IDC_APPLY_TO_ALL_USERS,
  277. BM_GETCHECK) )
  278. {
  279. m_dwScopeFlags = 0;
  280. }
  282. CPolicyKey policyKey (m_pGPEInformation,
  283. SAFER_HKLM_REGBASE,
  284. m_fIsComputerType);
  285. SetRegistryScope (policyKey.GetKey (), m_fIsComputerType);
  286. DWORD cbData = sizeof (m_dwEnforcement);
  287. BOOL bRVal = SaferSetPolicyInformation (SAFER_SCOPEID_REGISTRY,
  288. SaferPolicyEnableTransparentEnforcement, cbData,
  289. &m_dwEnforcement, 0);
  290. if ( bRVal )
  291. {
  292. cbData = sizeof (m_dwScopeFlags);
  293. bRVal = SaferSetPolicyInformation (SAFER_SCOPEID_REGISTRY,
  294. SaferPolicyScopeFlags, cbData,
  295. &m_dwScopeFlags, 0);
  296. if ( bRVal )
  297. {
  298. // TRUE means we're changing the machine policy only
  299. m_pGPEInformation->PolicyChanged (m_fIsComputerType ? TRUE : FALSE,
  300. TRUE, &g_guidExtension, &g_guidSnapin);
  301. m_pGPEInformation->PolicyChanged (m_fIsComputerType ? TRUE : FALSE,
  302. TRUE, &g_guidRegExt, &g_guidSnapin);
  303. }
  304. else
  305. {
  306. DWORD dwErr = GetLastError ();
  307. _TRACE (0, L"SaferSetPolicyInformation (SAFER_SCOPEID_REGISTRY, SaferPolicyScopeFlags, %d failed: 0x%x\n",
  308. m_dwEnforcement, dwErr);
  309. CString text;
  310. CString caption;
  311. CThemeContextActivator activator;
  313. VERIFY (caption.LoadString (IDS_SAFER_WINDOWS_NODE_NAME));
  314. text.FormatMessage (IDS_CAN_SET_SAFER_ENFORCEMENT, GetSystemMessage (dwErr));
  315. MessageBox (text, caption);
  317. return FALSE;
  318. }
  319. }
  320. else
  321. {
  322. DWORD dwErr = GetLastError ();
  323. _TRACE (0, L"SaferSetPolicyInformation (SAFER_SCOPEID_REGISTRY, SaferPolicyEnableTransparentEnforcement, %d failed: 0x%x\n",
  324. m_dwEnforcement, dwErr);
  325. CString text;
  326. CString caption;
  327. CThemeContextActivator activator;
  329. VERIFY (caption.LoadString (IDS_SAFER_WINDOWS_NODE_NAME));
  330. text.FormatMessage (IDS_CAN_SET_SAFER_ENFORCEMENT, GetSystemMessage (dwErr));
  331. MessageBox (text, caption);
  333. return FALSE;
  334. }
  337. m_bDirty = false;
  338. }
  340. _TRACE (-1, L"Leaving CSaferEnforcementPropertyPage::OnApply ()\n");
  341. return CHelpPropertyPage::OnApply();
  342. }
  344. BOOL CSaferEnforcementPropertyPage::OnInitDialog()
  345. {
  346. CHelpPropertyPage::OnInitDialog();
  348. switch (m_dwEnforcement)
  349. {
  350. case SAFER_TRANSPARENT_ENFORCEMENT_DISABLE_ALL:
  351. break;
  353. case SAFER_TRANSPARENT_ENFORCEMENT_ENABLE_CREATE_PROCESS:
  354. SendDlgItemMessage (IDC_ALL_EXCEPT_LIBS, BM_SETCHECK, BST_CHECKED);
  355. break;
  357. case SAFER_TRANSPARENT_ENFORCEMENT_ENABLE_ALL:
  358. SendDlgItemMessage (IDC_ALL_SOFTWARE_FILES, BM_SETCHECK, BST_CHECKED);
  359. break;
  361. default:
  362. ASSERT (0);
  363. break;
  364. }
  366. if ( 1 == m_dwScopeFlags )
  367. {
  368. SendDlgItemMessage (IDC_APPLY_EXCEPT_ADMINS, BM_SETCHECK, BST_CHECKED);
  369. }
  370. else
  371. {
  372. SendDlgItemMessage (IDC_APPLY_TO_ALL_USERS, BM_SETCHECK, BST_CHECKED);
  373. }
  375. if ( m_bReadOnly )
  376. {
  377. GetDlgItem (IDC_ALL_EXCEPT_LIBS)->EnableWindow (FALSE);
  378. GetDlgItem (IDC_ALL_SOFTWARE_FILES)->EnableWindow (FALSE);
  379. GetDlgItem (IDC_APPLY_TO_ALL_USERS)->EnableWindow (FALSE);
  380. GetDlgItem (IDC_APPLY_EXCEPT_ADMINS)->EnableWindow (FALSE);
  381. }
  383. return TRUE; // return TRUE unless you set the focus to a control
  384. // EXCEPTION: OCX Property Pages should return FALSE
  385. }
  388. void CSaferEnforcementPropertyPage::OnApplyExceptAdmins()
  389. {
  390. // SetModify only if setting changed
  391. if ( 1 != m_dwScopeFlags )
  392. {
  393. SetModified ();
  394. m_bDirty = true;
  395. }
  396. }
  398. void CSaferEnforcementPropertyPage::OnApplyToAllUsers()
  399. {
  400. // SetModify only if setting changed
  401. if ( 1 == m_dwScopeFlags )
  402. {
  403. SetModified ();
  404. m_bDirty = true;
  405. }
  406. }