archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-server-2003/shell/osshell/security/aclui/pagebase.cpp

506 lines
16 KiB
Raw Permalink Normal View History

commiting as it is
4 years ago
  1. //+-------------------------------------------------------------------------
  2. //
  3. // Microsoft Windows
  4. //
  5. // Copyright (C) Microsoft Corporation, 1996 - 1999
  6. //
  7. // File: pagebase.cpp
  8. //
  9. // This file contains the implementation of the CSecurityPage base class.
  10. //
  11. //--------------------------------------------------------------------------
  13. #include "aclpriv.h"
  15. CSecurityPage::CSecurityPage( LPSECURITYINFO psi, SI_PAGE_TYPE siType )
  16. : m_siPageType(siType), m_psi(psi), m_psi2(NULL),m_pei(NULL), m_pObjectPicker(NULL),
  17. m_psoti(NULL),
  18. m_flLastOPOptions(DWORD(-1))
  19. {
  20. ZeroMemory(&m_siObjectInfo, sizeof(m_siObjectInfo));
  22. // Initialize COM incase our client hasn't
  23. m_hrComInit = CoInitialize(NULL);
  25. if (m_psi != NULL)
  26. {
  27. m_psi->AddRef();
  29. // It's normal for this to fail
  30. m_psi->QueryInterface(IID_ISecurityInformation2, (LPVOID*)&m_psi2);
  31. m_psi->QueryInterface(IID_IEffectivePermission, (LPVOID*)&m_pei);
  32. m_psi->QueryInterface(IID_ISecurityObjectTypeInfo, (LPVOID*)&m_psoti);
  33. }
  34. }
  36. CSecurityPage::~CSecurityPage( void )
  37. {
  38. DoRelease(m_psi);
  39. DoRelease(m_psi2);
  40. DoRelease(m_pObjectPicker);
  41. DoRelease(m_pei);
  42. DoRelease(m_psoti);
  44. if (SUCCEEDED(m_hrComInit))
  45. CoUninitialize();
  46. }
  48. HPROPSHEETPAGE
  49. CSecurityPage::CreatePropSheetPage(LPCTSTR pszDlgTemplate, LPCTSTR pszDlgTitle)
  50. {
  51. PROPSHEETPAGE psp;
  53. psp.dwSize = sizeof(psp);
  54. psp.dwFlags = PSP_USECALLBACK ;
  55. psp.hInstance = ::hModule;
  56. psp.pszTemplate = pszDlgTemplate;
  57. psp.pszTitle = pszDlgTitle;
  58. psp.pfnDlgProc = CSecurityPage::_DlgProc;
  59. psp.lParam = (LPARAM)this;
  60. psp.pfnCallback = CSecurityPage::_PSPageCallback;
  62. if (pszDlgTitle != NULL)
  63. psp.dwFlags |= PSP_USETITLE;
  65. return CreatePropertySheetPage(&psp);
  66. }
  68. HRESULT
  69. CSecurityPage::GetObjectPicker(IDsObjectPicker **ppObjectPicker)
  70. {
  71. HRESULT hr = S_OK;
  73. if (!m_pObjectPicker)
  74. {
  75. if (!m_psi)
  76. return E_UNEXPECTED;
  78. // See if the object supports IDsObjectPicker
  79. hr = m_psi->QueryInterface(IID_IDsObjectPicker, (LPVOID*)&m_pObjectPicker);
  81. // If the object doesn't support IDsObjectPicker, create one.
  82. if (FAILED(hr))
  83. {
  84. hr = CoCreateInstance(CLSID_DsObjectPicker,
  85. NULL,
  86. CLSCTX_INPROC_SERVER,
  87. IID_IDsObjectPicker,
  88. (LPVOID*)&m_pObjectPicker);
  89. }
  90. }
  92. if (ppObjectPicker)
  93. {
  94. *ppObjectPicker = m_pObjectPicker;
  95. // Return a reference (caller must Release)
  96. if (m_pObjectPicker)
  97. m_pObjectPicker->AddRef();
  98. }
  100. return hr;
  101. }
  104. //
  105. // Stuff used for initializing the Object Picker below
  106. //
  107. #define DSOP_FILTER_COMMON1 ( DSOP_FILTER_INCLUDE_ADVANCED_VIEW \
  108. | DSOP_FILTER_USERS \
  109. | DSOP_FILTER_UNIVERSAL_GROUPS_SE \
  110. | DSOP_FILTER_GLOBAL_GROUPS_SE \
  111. | DSOP_FILTER_COMPUTERS \
  112. )
  113. #define DSOP_FILTER_COMMON2 ( DSOP_FILTER_COMMON1 \
  114. | DSOP_FILTER_WELL_KNOWN_PRINCIPALS \
  115. | DSOP_FILTER_DOMAIN_LOCAL_GROUPS_SE\
  116. )
  117. #define DSOP_FILTER_COMMON3 ( DSOP_FILTER_COMMON2 \
  118. | DSOP_FILTER_BUILTIN_GROUPS \
  119. )
  120. #define DSOP_FILTER_DL_COMMON1 ( DSOP_DOWNLEVEL_FILTER_USERS \
  121. | DSOP_DOWNLEVEL_FILTER_GLOBAL_GROUPS \
  122. )
  123. #define DSOP_FILTER_DL_COMMON2 ( DSOP_FILTER_DL_COMMON1 \
  124. | DSOP_DOWNLEVEL_FILTER_ALL_WELLKNOWN_SIDS \
  125. )
  126. #define DSOP_FILTER_DL_COMMON3 ( DSOP_FILTER_DL_COMMON2 \
  127. | DSOP_DOWNLEVEL_FILTER_LOCAL_GROUPS \
  128. )
  130. #if 0
  131. { // DSOP_SCOPE_INIT_INFO
  132. cbSize,
  133. flType,
  134. flScope,
  135. { // DSOP_FILTER_FLAGS
  136. { // DSOP_UPLEVEL_FILTER_FLAGS
  137. flBothModes,
  138. flMixedModeOnly,
  139. flNativeModeOnly
  140. },
  141. flDownlevel
  142. },
  143. pwzDcName,
  144. pwzADsPath,
  145. hr // OUT
  146. }
  147. #endif
  149. #define DECLARE_SCOPE(t,f,b,m,n,d) \
  150. { sizeof(DSOP_SCOPE_INIT_INFO), (t), (f|DSOP_SCOPE_FLAG_DEFAULT_FILTER_GROUPS|DSOP_SCOPE_FLAG_DEFAULT_FILTER_USERS), { { (b), (m), (n) }, (d) }, NULL, NULL, S_OK }
  152. // The domain to which the target computer is joined.
  153. // Make 2 scopes, one for uplevel domains, the other for downlevel.
  154. #define JOINED_DOMAIN_SCOPE(f) \
  155. DECLARE_SCOPE(DSOP_SCOPE_TYPE_UPLEVEL_JOINED_DOMAIN,(f),0,(DSOP_FILTER_COMMON2 & ~(DSOP_FILTER_UNIVERSAL_GROUPS_SE|DSOP_FILTER_DOMAIN_LOCAL_GROUPS_SE)),DSOP_FILTER_COMMON2,0), \
  156. DECLARE_SCOPE(DSOP_SCOPE_TYPE_DOWNLEVEL_JOINED_DOMAIN,(f),0,0,0,DSOP_FILTER_DL_COMMON2)
  158. // The domain for which the target computer is a Domain Controller.
  159. // Make 2 scopes, one for uplevel domains, the other for downlevel.
  160. #define JOINED_DOMAIN_SCOPE_DC(f) \
  161. DECLARE_SCOPE(DSOP_SCOPE_TYPE_UPLEVEL_JOINED_DOMAIN,(f),0,(DSOP_FILTER_COMMON3 & ~DSOP_FILTER_UNIVERSAL_GROUPS_SE),DSOP_FILTER_COMMON3,0), \
  162. DECLARE_SCOPE(DSOP_SCOPE_TYPE_DOWNLEVEL_JOINED_DOMAIN,(f),0,0,0,DSOP_FILTER_DL_COMMON3)
  164. // Target computer scope. Computer scopes are always treated as
  165. // downlevel (i.e., they use the WinNT provider).
  166. #define TARGET_COMPUTER_SCOPE(f)\
  167. DECLARE_SCOPE(DSOP_SCOPE_TYPE_TARGET_COMPUTER,(f),0,0,0,DSOP_FILTER_DL_COMMON3)
  169. // The Global Catalog
  170. #define GLOBAL_CATALOG_SCOPE(f) \
  171. DECLARE_SCOPE(DSOP_SCOPE_TYPE_GLOBAL_CATALOG,(f),DSOP_FILTER_COMMON1|DSOP_FILTER_WELL_KNOWN_PRINCIPALS,0,0,0)
  173. // The domains in the same forest (enterprise) as the domain to which
  174. // the target machine is joined. Note these can only be DS-aware
  175. #define ENTERPRISE_SCOPE(f) \
  176. DECLARE_SCOPE(DSOP_SCOPE_TYPE_ENTERPRISE_DOMAIN,(f),DSOP_FILTER_COMMON1,0,0,0)
  178. // Domains external to the enterprise but trusted directly by the
  179. // domain to which the target machine is joined.
  180. #define EXTERNAL_SCOPE(f) \
  181. DECLARE_SCOPE(DSOP_SCOPE_TYPE_EXTERNAL_UPLEVEL_DOMAIN|DSOP_SCOPE_TYPE_EXTERNAL_DOWNLEVEL_DOMAIN,\
  182. (f),DSOP_FILTER_COMMON1,0,0,DSOP_DOWNLEVEL_FILTER_USERS|DSOP_DOWNLEVEL_FILTER_GLOBAL_GROUPS)
  184. // Workgroup scope. Only valid if the target computer is not joined
  185. // to a domain.
  186. #define WORKGROUP_SCOPE(f) \
  187. DECLARE_SCOPE(DSOP_SCOPE_TYPE_WORKGROUP,(f),0,0,0, DSOP_FILTER_DL_COMMON1|DSOP_DOWNLEVEL_FILTER_LOCAL_GROUPS )
  189. //
  190. // Array of Default Scopes
  191. //
  192. static const DSOP_SCOPE_INIT_INFO g_aDefaultScopes[] =
  193. {
  194. JOINED_DOMAIN_SCOPE(DSOP_SCOPE_FLAG_STARTING_SCOPE),
  195. TARGET_COMPUTER_SCOPE(0),
  196. GLOBAL_CATALOG_SCOPE(0),
  197. ENTERPRISE_SCOPE(0),
  198. EXTERNAL_SCOPE(0),
  199. };
  201. //
  202. // Same as above, but without the Target Computer
  203. // Used when the target is a Domain Controller
  204. //
  205. static const DSOP_SCOPE_INIT_INFO g_aDCScopes[] =
  206. {
  207. JOINED_DOMAIN_SCOPE_DC(DSOP_SCOPE_FLAG_STARTING_SCOPE),
  208. GLOBAL_CATALOG_SCOPE(0),
  209. ENTERPRISE_SCOPE(0),
  210. EXTERNAL_SCOPE(0),
  211. };
  213. //
  214. // Array of scopes for standalone machines
  215. //
  216. static const DSOP_SCOPE_INIT_INFO g_aStandAloneScopes[] =
  217. {
  218. //
  219. //On Standalone machine Both User And Groups are selected by default
  220. //
  221. TARGET_COMPUTER_SCOPE(DSOP_SCOPE_FLAG_STARTING_SCOPE|DSOP_SCOPE_FLAG_DEFAULT_FILTER_USERS),
  222. };
  224. //
  225. // Attributes that we want the Object Picker to retrieve
  226. //
  227. static const LPCTSTR g_aszOPAttributes[] =
  228. {
  229. TEXT("ObjectSid"),
  230. TEXT("userAccountControl"),
  231. };
  234. HRESULT
  235. CSecurityPage::InitObjectPicker(BOOL bMultiSelect)
  236. {
  237. HRESULT hr = S_OK;
  238. DSOP_INIT_INFO InitInfo;
  239. PCDSOP_SCOPE_INIT_INFO pScopes;
  240. ULONG cScopes;
  242. USES_CONVERSION;
  244. TraceEnter(TRACE_MISC, "InitObjectPicker");
  246. hr = GetObjectPicker();
  247. if (FAILED(hr))
  248. TraceLeaveResult(hr);
  250. TraceAssert(m_pObjectPicker != NULL);
  252. InitInfo.cbSize = sizeof(InitInfo);
  253. // We do the DC check at WM_INITDIALOG
  254. InitInfo.flOptions = DSOP_FLAG_SKIP_TARGET_COMPUTER_DC_CHECK;
  255. if (bMultiSelect)
  256. InitInfo.flOptions |= DSOP_FLAG_MULTISELECT;
  258. // flOptions is the only thing that changes from call to call,
  259. // so optimize this by only reinitializing if flOptions changes.
  260. if (m_flLastOPOptions == InitInfo.flOptions)
  261. TraceLeaveResult(S_OK); // Already initialized
  263. m_flLastOPOptions = (DWORD)-1;
  265. pScopes = g_aDefaultScopes;
  266. cScopes = ARRAYSIZE(g_aDefaultScopes);
  268. if (m_bStandalone)
  269. {
  270. cScopes = ARRAYSIZE(g_aStandAloneScopes);
  271. pScopes = g_aStandAloneScopes;
  272. }
  273. else if (m_siObjectInfo.dwFlags & SI_SERVER_IS_DC)
  274. {
  275. cScopes = ARRAYSIZE(g_aDCScopes);
  276. pScopes = g_aDCScopes;
  277. }
  279. //
  280. // The pwzTargetComputer member allows the object picker to be
  281. // retargetted to a different computer. It will behave as if it
  282. // were being run ON THAT COMPUTER.
  283. //
  284. InitInfo.pwzTargetComputer = T2CW(m_siObjectInfo.pszServerName);
  285. InitInfo.cDsScopeInfos = cScopes;
  286. InitInfo.aDsScopeInfos = (PDSOP_SCOPE_INIT_INFO)LocalAlloc(LPTR, sizeof(*pScopes)*cScopes);
  287. if (!InitInfo.aDsScopeInfos)
  288. TraceLeaveResult(E_OUTOFMEMORY);
  289. CopyMemory(InitInfo.aDsScopeInfos, pScopes, sizeof(*pScopes)*cScopes);
  290. InitInfo.cAttributesToFetch = ARRAYSIZE(g_aszOPAttributes);
  291. InitInfo.apwzAttributeNames = (LPCTSTR*)g_aszOPAttributes;
  293. if (m_siObjectInfo.dwFlags & SI_SERVER_IS_DC)
  294. {
  295. for (ULONG i = 0; i < cScopes; i++)
  296. {
  297. // Set the DC name if appropriate
  298. if ((m_siObjectInfo.dwFlags & SI_SERVER_IS_DC) &&
  299. (InitInfo.aDsScopeInfos[i].flType & DSOP_SCOPE_TYPE_UPLEVEL_JOINED_DOMAIN))
  300. {
  301. InitInfo.aDsScopeInfos[i].pwzDcName = InitInfo.pwzTargetComputer;
  302. }
  304. }
  305. }
  307. hr = m_pObjectPicker->Initialize(&InitInfo);
  309. if (SUCCEEDED(hr))
  310. {
  311. // Remember the Options for next time
  312. m_flLastOPOptions = InitInfo.flOptions;
  313. }
  315. LocalFree(InitInfo.aDsScopeInfos);
  317. TraceLeaveResult(hr);
  318. }
  321. HRESULT
  322. CSecurityPage::GetUserGroup(HWND hDlg, BOOL bMultiSelect, PUSER_LIST *ppUserList)
  323. {
  324. HRESULT hr;
  325. LPDATAOBJECT pdoSelection = NULL;
  326. STGMEDIUM medium = {0};
  327. FORMATETC fe = { (CLIPFORMAT)g_cfDsSelectionList, NULL, DVASPECT_CONTENT, -1, TYMED_HGLOBAL };
  328. PDS_SELECTION_LIST pDsSelList = NULL;
  329. HCURSOR hcur = NULL;
  330. PSIDCACHE pSidCache = NULL;
  331. UINT idErrorMsg = IDS_GET_USER_FAILED;
  333. TraceEnter(TRACE_MISC, "GetUserGroup");
  334. TraceAssert(ppUserList != NULL);
  336. *ppUserList = NULL;
  338. //
  339. // Create and initialize the Object Picker object
  340. //
  341. hr = InitObjectPicker(bMultiSelect);
  342. FailGracefully(hr, "Unable to initialize Object Picker object");
  344. //
  345. // Create the global sid cache object, if necessary
  346. //
  347. pSidCache = GetSidCache();
  348. if (pSidCache == NULL)
  349. ExitGracefully(hr, E_OUTOFMEMORY, "Unable to create SID cache");
  351. //
  352. // Bring up the object picker dialog
  353. //
  354. hr = m_pObjectPicker->InvokeDialog(hDlg, &pdoSelection);
  355. FailGracefully(hr, "IDsObjectPicker->Invoke failed");
  356. if (S_FALSE == hr)
  357. ExitGracefully(hr, S_FALSE, "IDsObjectPicker->Invoke cancelled by user");
  359. hr = pdoSelection->GetData(&fe, &medium);
  360. FailGracefully(hr, "Unable to get CFSTR_DSOP_DS_SELECTION_LIST from DataObject");
  362. pDsSelList = (PDS_SELECTION_LIST)GlobalLock(medium.hGlobal);
  363. if (!pDsSelList)
  364. ExitGracefully(hr, E_FAIL, "Unable to lock stgmedium.hGlobal");
  366. TraceAssert(pDsSelList->cItems > 0);
  367. Trace((TEXT("%d items selected"), pDsSelList->cItems));
  369. hcur = SetCursor(LoadCursor(NULL, IDC_WAIT));
  371. //Check if there is any disabled items
  372. if(!DoDisabledCheck(hDlg,
  373. pDsSelList))
  374. {
  375. return S_FALSE;
  376. }
  381. //
  382. // Lookup the names/sids and cache them
  383. //
  384. if (!pSidCache->LookupNames(pDsSelList,
  385. m_siObjectInfo.pszServerName,
  386. ppUserList,
  387. m_bStandalone))
  388. {
  389. hr = E_FAIL;
  390. idErrorMsg = IDS_SID_LOOKUP_FAILED;
  391. }
  393. SetCursor(hcur);
  395. exit_gracefully:
  397. if (pSidCache)
  398. pSidCache->Release();
  400. if (FAILED(hr))
  401. {
  402. SysMsgPopup(hDlg,
  403. MAKEINTRESOURCE(idErrorMsg),
  404. MAKEINTRESOURCE(IDS_SECURITY),
  405. MB_OK | MB_ICONERROR,
  406. ::hModule,
  407. hr);
  408. }
  410. if (pDsSelList)
  411. GlobalUnlock(medium.hGlobal);
  412. ReleaseStgMedium(&medium);
  413. DoRelease(pdoSelection);
  415. TraceLeaveResult(hr);
  416. }
  418. UINT
  419. CSecurityPage::PSPageCallback(HWND hwnd,
  420. UINT uMsg,
  421. LPPROPSHEETPAGE /*ppsp*/)
  422. {
  423. m_hrLastPSPCallbackResult = E_FAIL;
  425. if (m_psi != NULL)
  426. {
  427. m_hrLastPSPCallbackResult = m_psi->PropertySheetPageCallback(hwnd, uMsg, m_siPageType);
  428. if (m_hrLastPSPCallbackResult == E_NOTIMPL)
  429. m_hrLastPSPCallbackResult = S_OK;
  430. }
  432. return SUCCEEDED(m_hrLastPSPCallbackResult);
  433. }
  435. INT_PTR
  436. CALLBACK
  437. CSecurityPage::_DlgProc( HWND hDlg, UINT uMsg, WPARAM wParam, LPARAM lParam)
  438. {
  439. LPSECURITYPAGE pThis = (LPSECURITYPAGE)GetWindowLongPtr(hDlg, DWLP_USER);
  441. // The following messages arrive before WM_INITDIALOG
  442. // which means pThis is NULL for them. We don't need these
  443. // messages so let DefDlgProc handle them.
  444. //
  445. // WM_SETFONT
  446. // WM_NOTIFYFORMAT
  447. // WM_NOTIFY (LVN_HEADERCREATED)
  449. if (uMsg == WM_INITDIALOG)
  450. {
  451. pThis = (LPSECURITYPAGE)(((LPPROPSHEETPAGE)lParam)->lParam);
  452. SetWindowLongPtr(hDlg, DWLP_USER, (LONG_PTR)pThis);
  454. if (pThis)
  455. {
  456. if (!pThis->PSPageCallback(hDlg, PSPCB_SI_INITDIALOG, NULL))
  457. pThis->m_bAbortPage = TRUE;
  459. if (pThis->m_psi)
  460. {
  461. BOOL bIsDC = FALSE;
  462. pThis->m_psi->GetObjectInformation(&pThis->m_siObjectInfo);
  463. pThis->m_bStandalone = IsStandalone(pThis->m_siObjectInfo.pszServerName, &bIsDC);
  464. if (bIsDC)
  465. pThis->m_siObjectInfo.dwFlags |= SI_SERVER_IS_DC;
  466. }
  467. }
  468. }
  470. if (pThis != NULL)
  471. return pThis->DlgProc(hDlg, uMsg, wParam, lParam);
  473. return FALSE;
  474. }
  476. UINT
  477. CALLBACK
  478. CSecurityPage::_PSPageCallback(HWND hWnd, UINT uMsg, LPPROPSHEETPAGE ppsp)
  479. {
  480. LPSECURITYPAGE pThis = (LPSECURITYPAGE)ppsp->lParam;
  482. if (pThis)
  483. {
  484. UINT nResult = pThis->PSPageCallback(hWnd, uMsg, ppsp);
  486. switch (uMsg)
  487. {
  488. case PSPCB_CREATE:
  489. if (!nResult)
  490. pThis->m_bAbortPage = TRUE;
  491. break;
  493. case PSPCB_RELEASE:
  494. delete pThis;
  495. break;
  496. }
  497. }
  499. //
  500. // Always return non-zero or else our tab will disappear and whichever
  501. // property page becomes active won't repaint properly. Instead, use
  502. // the m_bAbortPage flag during WM_INITDIALOG to disable the page if
  503. // the callback failed.
  504. //
  505. return 1;
  506. }