|
|
#include "private.h"
#include "multiusr.h"
UINT WM_IDENTITY_CHANGED;UINT WM_QUERY_IDENTITY_CHANGE;UINT WM_IDENTITY_INFO_CHANGED;
extern "C" int _fltused = 0; // define this so that floats and doubles don't bring in the CRT
// Count number of objects and number of locks.
ULONG g_cObj=0;ULONG g_cLock=0;
// DLL Instance handle
HINSTANCE g_hInst=0;
// mutex for preventing logon re-entrancy
HANDLE g_hMutex = NULL;
#define IDENTITY_LOGIN_VALUE 0x00098053
#define DEFINE_STRING_CONSTANTS
#include "StrConst.h"
#define MLUI_SUPPORT
#define MLUI_INIT
#include "mluisup.h"
BOOL g_fNotifyComplete = TRUE;GUID g_uidOldUserId = {0x0};GUID g_uidNewUserId = {0x0};
TCHAR szHKCUPolicyPath[] = "Software\\Microsoft\\Outlook Express\\Identities";
void FixMissingIdentityNames();void UnloadPStore();PSECURITY_DESCRIPTOR CreateSd(void);
// This is needed so we can link to libcmt.dll, because floating-point
// initialization code is required.
void __cdecl main(){}
#ifdef DISABIDENT
void DisableOnFirstRun(void){ // disable identities in Whistler
HKEY hKey = NULL; DWORD dwVal = 0; DWORD dwType = 0; ULONG cbData = sizeof(DWORD); OSVERSIONINFO OSInfo = {0}; TCHAR szPolicyPath[] = "Identities"; TCHAR szPolicyKey[] = "Locked Down"; TCHAR szFirstRun[] = "FirstRun"; TCHAR szRegisteredVersion[] = "RegisteredVersion";
OSInfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFO); GetVersionEx(&OSInfo); if((OSInfo.dwPlatformId == VER_PLATFORM_WIN32_NT) && (OSInfo.dwMajorVersion >= 5)) { if(!(((OSInfo.dwMajorVersion == 5) && (OSInfo.dwMinorVersion > 0)) || (OSInfo.dwMajorVersion > 5))) return; } else return; // No disabling on Win 9x and NT4
// Check: first time run?
if (RegCreateKeyEx(HKEY_LOCAL_MACHINE, szHKCUPolicyPath, 0, NULL, 0, KEY_ALL_ACCESS, NULL, &hKey, NULL) == ERROR_SUCCESS) { RegQueryValueEx(hKey, szRegisteredVersion, NULL, &dwType, (LPBYTE) &dwVal, &cbData); RegCloseKey(hKey);
if(dwVal != OSInfo.dwBuildNumber) return; // already checked.
} else return;
if (RegCreateKeyEx(HKEY_CURRENT_USER, szPolicyPath, 0, NULL, 0, KEY_ALL_ACCESS, NULL, &hKey, NULL) == ERROR_SUCCESS) { RegQueryValueEx(hKey, szFirstRun, NULL, &dwType, (LPBYTE) &dwVal, &cbData); if(dwVal != 1)
{ dwVal = 1; RegSetValueEx(hKey, szFirstRun, NULL, REG_DWORD, (LPBYTE) &dwVal, cbData); } else { RegCloseKey(hKey); return; // already checked.
} } else return;
if(MU_CountUsers() < 2) RegSetValueEx(hKey, szPolicyKey, NULL, REG_DWORD, (LPBYTE) &dwVal, cbData);
RegCloseKey(hKey);}#endif // DISABIDENT
//////////////////////////////////////////////////////////////////////////
//
// DLL entry point
//
//////////////////////////////////////////////////////////////////////////
EXTERN_C BOOL WINAPI LibMain(HINSTANCE hInstance, ULONG ulReason, LPVOID pvReserved){ WM_IDENTITY_CHANGED= RegisterWindowMessage("WM_IDENTITY_CHANGED"); WM_QUERY_IDENTITY_CHANGE= RegisterWindowMessage("WM_QUERY_IDENTITY_CHANGE"); WM_IDENTITY_INFO_CHANGED= RegisterWindowMessage("WM_IDENTITY_INFO_CHANGED");
switch (ulReason) { case DLL_PROCESS_ATTACH: // MessageBox(NULL, "Debug", "Debug", MB_OK);
SHFusionInitializeFromModule(hInstance); MLLoadResources(hInstance, TEXT("msidntld.dll")); if (MLGetHinst() == NULL) return FALSE;
if (g_hMutex == NULL) { SECURITY_ATTRIBUTES sa; PSECURITY_DESCRIPTOR psd;
psd = CreateSd(); if (psd) { sa.nLength = sizeof(SECURITY_ATTRIBUTES); sa.lpSecurityDescriptor = psd; sa.bInheritHandle = TRUE;
g_hMutex = CreateMutex(&sa, FALSE, "MSIdent Logon");
LocalFree(psd); } else // in the worst case drop down to unshared object
g_hMutex = CreateMutex(NULL, FALSE, "MSIdent Logon");
if (g_hMutex == NULL) // Try to open mutex, if we cannot create mutex IE6 32769
g_hMutex = OpenMutex(MUTEX_MODIFY_STATE, FALSE, "MSIdent Logon");
if (GetLastError() != ERROR_ALREADY_EXISTS) { GUID uidStart; USERINFO uiLogin;
#ifdef DISABIDENT
DisableOnFirstRun();#endif // DISABIDENT
// in case something got stuck in a switch, wipe it out here.
CUserIdentityManager::ClearChangingIdentities();
FixMissingIdentityNames(); // we are the first instance to come up.
// may need to reset the last user.....
if (GetProp(GetDesktopWindow(),"IDENTITY_LOGIN") != (HANDLE)IDENTITY_LOGIN_VALUE) { _MigratePasswords(); MU_GetLoginOption(&uidStart);
// if there is a password on this identity, we can't auto start as them
if (uidStart != GUID_NULL && MU_GetUserInfo(&uidStart, &uiLogin) && (uiLogin.fUsePassword || !uiLogin.fPasswordValid)) { uidStart = GUID_NULL; }
if (uidStart == GUID_NULL) { MU_SwitchToUser(""); SetProp(GetDesktopWindow(),"IDENTITY_LOGIN", (HANDLE)IDENTITY_LOGIN_VALUE); } else { if(MU_GetUserInfo(&uidStart, &uiLogin)) MU_SwitchToUser(uiLogin.szUsername); else MU_SwitchToUser(""); } SetProp(GetDesktopWindow(),"IDENTITY_LOGIN", (HANDLE)IDENTITY_LOGIN_VALUE); } } } DisableThreadLibraryCalls(hInstance); g_hInst = hInstance;
break;
case DLL_PROCESS_DETACH: MLFreeResources(hInstance); UnloadPStore(); CloseHandle(g_hMutex); g_hMutex = NULL; SHFusionUninitialize(); break; }
return TRUE;}
//////////////////////////////////////////////////////////////////////////
//
// Standard OLE entry points
//
//////////////////////////////////////////////////////////////////////////
// Class factory -
// For classes with no special needs these macros should take care of it.
// If your class needs some special stuff just to get the ball rolling,
// implement your own CreateInstance method. (ala, CConnectionAgent)
#define DEFINE_CREATEINSTANCE(cls, iface) \
HRESULT cls##_CreateInstance(IUnknown *punkOuter, IUnknown **ppunk) \{ \ *ppunk = (iface *)new cls; \ return (NULL != *ppunk) ? S_OK : E_OUTOFMEMORY; \}
#define DEFINE_AGGREGATED_CREATEINSTANCE(cls, iface) \
HRESULT cls##_CreateInstance(IUnknown *punkOuter, IUnknown **ppunk) \{ \ *ppunk = (iface *)new cls(punkOuter); \ return (NULL != *ppunk) ? S_OK : E_OUTOFMEMORY; \}
DEFINE_CREATEINSTANCE(CUserIdentityManager, IUserIdentityManager)
const CFactoryData g_FactoryData[] = { { &CLSID_UserIdentityManager, CUserIdentityManager_CreateInstance, 0 }};
HRESULT APIENTRY DllGetClassObject(REFCLSID rclsid, REFIID riid, void **ppv){ HRESULT hr = S_OK; IUnknown *punk = NULL;
*ppv = NULL;
MU_Init();
// Validate request
for (int i = 0; i < ARRAYSIZE(g_FactoryData); i++) { if (rclsid == *g_FactoryData[i].m_pClsid) { punk = new CClassFactory(&g_FactoryData[i]); break; } }
if (ARRAYSIZE(g_FactoryData) <= i) { hr = CLASS_E_CLASSNOTAVAILABLE; } else if (NULL == punk) { hr = E_OUTOFMEMORY; } else { hr = punk->QueryInterface(riid, ppv); punk->Release(); }
return hr;}
STDAPI DllCanUnloadNow(void){ // check objects and locks
return (0L == DllGetRef() && 0L == DllGetLock()) ? S_OK : S_FALSE;}
//////////////////////////////////////////////////////////////////////////
//
// Autoregistration entry points
//
//////////////////////////////////////////////////////////////////////////
HRESULT CallRegInstall(LPSTR szSection){ HRESULT hr = E_FAIL; char szDll[MAX_PATH]; int cch; STRENTRY seReg[2]; STRTABLE stReg; HINSTANCE hinstAdvPack = LoadLibrary(TEXT("ADVPACK.DLL"));
if (hinstAdvPack) { REGINSTALL pfnri = (REGINSTALL)GetProcAddress(hinstAdvPack, achREGINSTALL);
if (pfnri) { // Get our location
GetModuleFileName(g_hInst, szDll, sizeof(szDll));
// Setup special registration stuff
// Do this instead of relying on _SYS_MOD_PATH which loses spaces under '95
stReg.cEntries = 0; seReg[stReg.cEntries].pszName = "SYS_MOD_PATH"; seReg[stReg.cEntries].pszValue = szDll; stReg.cEntries++; stReg.pse = seReg;
hr = pfnri(g_hInst, szSection, &stReg); }
FreeLibrary(hinstAdvPack); }
return hr;}
STDAPI DllRegisterServer(void){ // Delete any old registration entries, then add the new ones.
// Keep ADVPACK.DLL loaded across multiple calls to RegInstall.
HINSTANCE hinstAdvPack = LoadLibrary(TEXT("ADVPACK.DLL")); HKEY hKey = NULL; DWORD dwVal = 1; ULONG cbData = sizeof(DWORD); OSVERSIONINFO OSInfo = {0}; TCHAR szPolicyPath[] = "Identities"; TCHAR szRegisteredVersion[] = "RegisteredVersion"; TCHAR szPolPath[] = "Software\\Policies\\Microsoft\\Windows\\CurrentVersion\\Identities"; TCHAR szPolicyKey[] = "Locked Down";
CallRegInstall("Reg"); if (hinstAdvPack) { FreeLibrary(hinstAdvPack); }#ifdef DISABIDENT
OSInfo.dwOSVersionInfoSize = sizeof(OSVERSIONINFO); GetVersionEx(&OSInfo);
if((OSInfo.dwPlatformId == VER_PLATFORM_WIN32_NT) && (OSInfo.dwMajorVersion >= 5)) { if(!(((OSInfo.dwMajorVersion == 5) && (OSInfo.dwMinorVersion > 0)) || (OSInfo.dwMajorVersion > 5))) return NOERROR; } else return NOERROR; // No disable for Win9x
// Set registration value
if (RegCreateKeyEx(HKEY_LOCAL_MACHINE, szHKCUPolicyPath, 0, NULL, 0, KEY_ALL_ACCESS, NULL, &hKey, NULL) == ERROR_SUCCESS) { dwVal = OSInfo.dwBuildNumber; RegSetValueEx(hKey, szRegisteredVersion, NULL, REG_DWORD, (LPBYTE) &dwVal, cbData); RegCloseKey(hKey); }#endif // DISABIDENT
// DISABLING identities in Win64
#ifdef _WIN64
// Set registration value
if (RegCreateKeyEx(HKEY_LOCAL_MACHINE, szPolPath, 0, NULL, 0, KEY_WOW64_32KEY | KEY_ALL_ACCESS, NULL, &hKey, NULL) == ERROR_SUCCESS) { RegSetValueEx(hKey, szPolicyKey, NULL, REG_DWORD, (LPBYTE) &dwVal, cbData); }#endif // _WIN64
return NOERROR;}
STDAPIDllUnregisterServer(void){ return NOERROR;}
PSECURITY_DESCRIPTOR CreateSd(void){ PSID AuthenticatedUsers = NULL; PSID BuiltInAdministrators = NULL; PSID PowerUsers = NULL; PSECURITY_DESCRIPTOR RetVal = NULL; PSECURITY_DESCRIPTOR Sd = NULL; SID_IDENTIFIER_AUTHORITY NtAuthority = SECURITY_NT_AUTHORITY; ULONG AclSize;
//
// Each RID represents a sub-unit of the authority. Two of the SIDs we
// want to build, Local Administrators, and Power Users, are in the "built
// in" domain. The other SID, for Authenticated users, is based directly
// off of the authority.
//
// For examples of other useful SIDs consult the list in
// \nt\public\sdk\inc\ntseapi.h.
//
if (!AllocateAndInitializeSid(&NtAuthority, 2, // 2 sub-authorities
SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS, 0,0,0,0,0,0, &BuiltInAdministrators)) goto ErrorExit;
if (!AllocateAndInitializeSid(&NtAuthority, 2, // 2 sub-authorities
SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_POWER_USERS, 0,0,0,0,0,0, &PowerUsers)) goto ErrorExit;
if (!AllocateAndInitializeSid(&NtAuthority, 1, // 1 sub-authority
SECURITY_AUTHENTICATED_USER_RID, 0,0,0,0,0,0,0, &AuthenticatedUsers)) goto ErrorExit;
//
// Calculate the size of and allocate a buffer for the DACL, we need
// this value independently of the total alloc size for ACL init.
//
// "- sizeof (ULONG)" represents the SidStart field of the
// ACCESS_ALLOWED_ACE. Since we're adding the entire length of the
// SID, this field is counted twice.
//
AclSize = sizeof (ACL) + (3 * (sizeof (ACCESS_ALLOWED_ACE) - sizeof (ULONG))) + GetLengthSid(AuthenticatedUsers) + GetLengthSid(BuiltInAdministrators) + GetLengthSid(PowerUsers);
Sd = (PSECURITY_DESCRIPTOR)LocalAlloc(LPTR, SECURITY_DESCRIPTOR_MIN_LENGTH + AclSize);
if (Sd) { ACL *Acl;
Acl = (ACL *)((BYTE *)Sd + SECURITY_DESCRIPTOR_MIN_LENGTH);
if (!InitializeAcl(Acl, AclSize, ACL_REVISION)) {
// Error
} else if (!AddAccessAllowedAce(Acl, ACL_REVISION, SYNCHRONIZE | MUTEX_MODIFY_STATE, AuthenticatedUsers)) {
// Failed to build the ACE granting "Authenticated users"
// (SYNCHRONIZE | GENERIC_READ | GENERIC_WRITE) access.
} else if (!AddAccessAllowedAce(Acl, ACL_REVISION, SYNCHRONIZE | MUTEX_MODIFY_STATE, PowerUsers)) {
// Failed to build the ACE granting "Power users"
// (SYNCHRONIZE | GENERIC_READ | GENERIC_WRITE) access.
} else if (!AddAccessAllowedAce(Acl, ACL_REVISION, MUTEX_ALL_ACCESS, BuiltInAdministrators)) {
// Failed to build the ACE granting "Built-in Administrators"
// GENERIC_ALL access.
} else if (!InitializeSecurityDescriptor(Sd, SECURITY_DESCRIPTOR_REVISION)) {
// error
} else if (!SetSecurityDescriptorDacl(Sd, TRUE, Acl, FALSE)) {
// error
} else {
// success
RetVal = Sd; }
// only free Sd if we encountered a failure
if (!RetVal) LocalFree(Sd); }
ErrorExit:
if (AuthenticatedUsers) FreeSid(AuthenticatedUsers);
if (BuiltInAdministrators) FreeSid(BuiltInAdministrators);
if (PowerUsers) FreeSid(PowerUsers);
return RetVal;}
|
