|
|
//+-------------------------------------------------------------------------
//
// Microsoft Windows
//
// Copyright (C) Microsoft Corporation, 1999 - 2002
//
// File: _util.cpp
//
//--------------------------------------------------------------------------
PWSTR g_wzRootDSE = L"RootDSE";PWSTR g_wzSchemaNamingContext = L"schemaNamingContext";PWSTR g_wzLDAPAbstractSchemaFormat = L"LDAP://%s/schema/%s";
//
// Attribute names:
//
PWSTR g_wzDescription = L"description"; // ADSTYPE_CASE_IGNORE_STRING
PWSTR g_wzName = L"name"; // ADSTYPE_CASE_IGNORE_STRING
PWSTR g_wzMemberAttr = L"member"; // ADSTYPE_DN_STRING
#define _WIZ_FULL_CTRL _GRANT_ALL
// turn off check for warning C4127: conditional expression is constant
#pragma warning (disable : 4127)
///////////////////////////////////////////////////////////////////////
// CWString
BOOL CWString::LoadFromResource(UINT uID){ int nBufferSize = 128; static const int nCountMax = 4; int nCount = 1;
do { LPWSTR lpszBuffer = (LPWSTR)alloca(nCount*nBufferSize*sizeof(WCHAR)); int iRet = ::LoadString(_Module.GetResourceInstance(), uID, lpszBuffer, nBufferSize); if (iRet == 0) { (*this) = L"?"; return FALSE; // not found
} if (iRet == nBufferSize-1) // truncation
{ if (nCount > nCountMax) { // too many reallocations
(*this) = lpszBuffer; return FALSE; // truncation
} // try to expand buffer
nBufferSize *=2; nCount++; } else { // got it
(*this) = lpszBuffer; break; } } while (TRUE);
return TRUE;}
///////////////////////////////////////////////////////////////////////////////////
// catenate the server name and the 1779 name
// to get an LDAP path like "LDAP://myserv.foo.com./cn=host,..."
void BuildLdapPathHelper(LPCWSTR lpszServerName, LPCWSTR lpszNamingContext, CWString& szLdapPath){ static LPCWSTR lpszFmt = L"LDAP://%s/%s"; int nServerNameLen = lstrlen(lpszServerName)+1; int nFormatStringLen = lstrlen(lpszFmt)+1; int nNamingContext = lstrlen(lpszNamingContext)+1; // build the LDAP path for the schema class
WCHAR* pwszNewObjectPath = (WCHAR*)alloca(sizeof(WCHAR)*(nServerNameLen+nFormatStringLen+nNamingContext)); wsprintf(pwszNewObjectPath, lpszFmt, lpszServerName, lpszNamingContext);
szLdapPath = pwszNewObjectPath;}
// catenate the server name and the 1779 name
// to get something like "\\myserv.foo.com.\cn=host,..."
void BuildWin32PathHelper(LPCWSTR lpszServerName, LPCWSTR lpszNamingContext, CWString& szWin32Path){ static LPCWSTR lpszFmt = L"\\\\%s\\%s"; int nServerNameLen = lstrlen(lpszServerName)+1; int nFormatStringLen = lstrlen(lpszFmt)+1; int nNamingContext = lstrlen(lpszNamingContext)+1; // build the LDAP path for the schema class
WCHAR* pwszNewObjectPath = (WCHAR*)alloca(sizeof(WCHAR)*(nServerNameLen+nFormatStringLen+nNamingContext)); wsprintf(pwszNewObjectPath, lpszFmt, lpszServerName, lpszNamingContext);
szWin32Path = pwszNewObjectPath;}
HRESULT GetCanonicalNameFromNamingContext(LPCWSTR lpszNamingContext, CWString& szCanonicalName){ szCanonicalName = L"";
// assume in the form "cn=xyz,..."
LPWSTR lpszCanonicalName = NULL; HRESULT hr = CrackName((LPWSTR)lpszNamingContext, &lpszCanonicalName, GET_OBJ_CAN_NAME); if (SUCCEEDED(hr) && (lpszCanonicalName != NULL)) { szCanonicalName = lpszCanonicalName; } if (lpszCanonicalName != NULL) ::LocalFree(lpszCanonicalName); return hr;}
/////////////////////////////////////////////////////////////////////////
class CContainerProxyBase{public: CContainerProxyBase() { } virtual ~CContainerProxyBase() {} virtual BOOL Add(LPCWSTR lpsz) = 0;};
template <class TOBJ, class TARR, class TFILTR> class CContainerProxy : public CContainerProxyBase{public: CContainerProxy(TARR* pArr, TFILTR* pFilter) { m_pArr = pArr; m_pFilter = pFilter; } virtual BOOL Add(LPCWSTR lpsz) { ULONG filterFlags = 0x0; if ( (m_pFilter == NULL) || (m_pFilter->CanAdd(lpsz, &filterFlags)) ) { TOBJ* p = new TOBJ(filterFlags, lpsz); if (p == NULL) return FALSE; return m_pArr->Add(p); } return TRUE; }
private: TARR* m_pArr; TFILTR* m_pFilter;};
/////////////////////////////////////////////////////////////////////////
BOOL LoadStringHelper(UINT uID, LPTSTR lpszBuffer, int nBufferMax){ int iRet = ::LoadString(_Module.GetResourceInstance(), uID, lpszBuffer, nBufferMax); if (iRet == 0) { lpszBuffer[0] = NULL; return FALSE; // not found
} if (iRet == nBufferMax-1) return FALSE; // truncation
return TRUE;}
BOOL GetStringFromHRESULTError(HRESULT hr, CWString& szErrorString, BOOL bTryADsIErrors){ HRESULT hrGetLast = S_OK; DWORD status; PTSTR ptzSysMsg = NULL;
// first check if we have extended ADs errors
if ((hr != S_OK) && bTryADsIErrors) { WCHAR Buf1[256], Buf2[256]; hrGetLast = ::ADsGetLastError(&status, Buf1, 256, Buf2, 256); TRACE(_T("ADsGetLastError returned status of %lx, error: %s, name %s\n"), status, Buf1, Buf2); if ((status != ERROR_INVALID_DATA) && (status != 0)) { hr = status; } }
// try the system first
int nChars = ::FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM, NULL, hr, MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), (PTSTR)&ptzSysMsg, 0, NULL);
if (nChars == 0) { //try ads errors
static HMODULE g_adsMod = 0; if (0 == g_adsMod) g_adsMod = GetModuleHandle (L"activeds.dll"); nChars = ::FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_HMODULE, g_adsMod, hr, MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), (PTSTR)&ptzSysMsg, 0, NULL); }
if (nChars > 0) { szErrorString = ptzSysMsg; ::LocalFree(ptzSysMsg); }
return (nChars > 0);}
BOOL GetStringFromWin32Error(DWORD dwErr, CWString& szErrorString){ return GetStringFromHRESULTError(HRESULT_FROM_WIN32(dwErr),szErrorString);}
//
// Given a GUID struct, it returns a GUID in string format, without {}
//
BOOL FormatStringGUID(LPWSTR lpszBuf, UINT nBufSize, const GUID* pGuid){ lpszBuf[0] = NULL;
// if it is a NULL GUID*, just return an empty string
if (pGuid == NULL) { return FALSE; } /*
typedef struct _GUID { unsigned long Data1; unsigned short Data2; unsigned short Data3; unsigned char Data4[ 8 ];}
*/ if(SUCCEEDED(StringCchPrintf(lpszBuf, nBufSize, L"%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x", pGuid->Data1, pGuid->Data2, pGuid->Data3, pGuid->Data4[0], pGuid->Data4[1], pGuid->Data4[2], pGuid->Data4[3], pGuid->Data4[4], pGuid->Data4[5], pGuid->Data4[6], pGuid->Data4[7]))) { return TRUE; } else { return FALSE; }}
//
// Given a GUID in string format (without {}) it returns a GUID struct
//
// e.g. "00299570-246d-11d0-a768-00aa006e0529" to a struct form
//
BOOL GuidFromString(GUID* pGuid, LPCWSTR lpszGuidString){ ZeroMemory(pGuid, sizeof(GUID)); if (lpszGuidString == NULL) { return FALSE; }
int nLen = lstrlen(lpszGuidString); // the string length should be 36
if (nLen != 36) return FALSE;
// add the braces to call the Win32 API
LPWSTR lpszWithBraces = (LPWSTR)alloca((nLen+1+2)*sizeof(WCHAR)); // NULL plus {}
wsprintf(lpszWithBraces, L"{%s}", lpszGuidString);
return SUCCEEDED(::CLSIDFromString(lpszWithBraces, pGuid));}
DWORD AddEntryInAcl(PEXPLICIT_ACCESS pAccessEntry, PACL* ppAcl){ // add an entry in the DACL
PACL pOldAcl = *ppAcl;
TRACE(L"Calling SetEntriesInAcl()\n");
DWORD dwErr = ::SetEntriesInAcl(1, pAccessEntry, pOldAcl, ppAcl); TRACE(L"SetEntriesInAcl() returned dwErr = 0x%x\n", dwErr);
if (dwErr == ERROR_SUCCESS && NULL != pOldAcl ) { ::LocalFree(pOldAcl); } return dwErr;}
#ifdef DBG
void TraceGuid(LPCWSTR lpszMsg, const GUID* pGuid){ WCHAR szGuid[128]; FormatStringGUID(szGuid, 128, pGuid); TRACE(L"%s %s\n", lpszMsg, szGuid);}
#define TRACE_GUID(msg, pGuid)\
TraceGuid(msg, pGuid);
#else
#define TRACE_GUID(msg, pGuid)
#endif
DWORD AddObjectRightInAcl(IN PSID pSid, IN ULONG uAccess, IN const GUID* pRightGUID, IN const GUID* pInheritGUID, IN OUT PACL* ppAcl){ // trace input parameters
TRACE(L"AddObjectRightInAcl()\n"); TRACE(L"ULONG uAccess = 0x%x\n", uAccess); TRACE_GUID(L"pRightGUID =", pRightGUID); TRACE_GUID(L"pInheritGUID =", pInheritGUID);
EXPLICIT_ACCESS AccessEntry; ZeroMemory(&AccessEntry, sizeof(EXPLICIT_ACCESS));
if( uAccess == 0 ) return ERROR_SUCCESS;
// initialize EXPLICIT_ACCESS
AccessEntry.grfAccessPermissions = uAccess; AccessEntry.grfAccessMode = GRANT_ACCESS; AccessEntry.grfInheritance = SUB_CONTAINERS_ONLY_INHERIT; if (pInheritGUID != NULL) { AccessEntry.grfInheritance |= INHERIT_ONLY; }
OBJECTS_AND_SID ObjectsAndSid; ZeroMemory(&ObjectsAndSid, sizeof(OBJECTS_AND_SID));
TRACE(L"AccessEntry.grfAccessPermissions = 0x%x\n", AccessEntry.grfAccessPermissions); TRACE(L"AccessEntry.grfAccessMode = 0x%x\n", AccessEntry.grfAccessMode); TRACE(L"AccessEntry.grfInheritance = 0x%x\n", AccessEntry.grfInheritance);
TRACE(L"BuildTrusteeWithObjectsAndSid()\n");
BuildTrusteeWithObjectsAndSid(&(AccessEntry.Trustee), &ObjectsAndSid, const_cast<GUID*>(pRightGUID), // class, right or property
const_cast<GUID*>(pInheritGUID), // inherit guid (class)
pSid // SID for user or group
);
return ::AddEntryInAcl(&AccessEntry, ppAcl);}
//////////////////////////////////////////////////////////////////////////////
long SafeArrayGetCount(const VARIANT& refvar){ if (V_VT(&refvar) == VT_BSTR) { return (long)1; } if ( V_VT(&refvar) != ( VT_ARRAY | VT_VARIANT ) ) { ASSERT(FALSE); return (long)0; }
SAFEARRAY *saAttributes = V_ARRAY( &refvar ); long start, end; HRESULT hr = SafeArrayGetLBound( saAttributes, 1, &start ); if( FAILED(hr) ) return (long)0;
hr = SafeArrayGetUBound( saAttributes, 1, &end ); if( FAILED(hr) ) return (long)0;
return (end - start + 1);}
HRESULT VariantArrayToContainer(const VARIANT& refvar, CContainerProxyBase* pCont){ HRESULT hr = S_OK; long start, end, current;
if (V_VT(&refvar) == VT_BSTR) { //TRACE(_T("VT_BSTR: %s\n"),V_BSTR(&refvar));
pCont->Add(V_BSTR(&refvar)); return S_OK; }
//
// Check the VARIANT to make sure we have
// an array of variants.
//
if ( V_VT(&refvar) != ( VT_ARRAY | VT_VARIANT ) ) { ASSERT(FALSE); return E_UNEXPECTED; } SAFEARRAY *saAttributes = V_ARRAY( &refvar );
//
// Figure out the dimensions of the array.
//
hr = SafeArrayGetLBound( saAttributes, 1, &start ); if( FAILED(hr) ) return hr;
hr = SafeArrayGetUBound( saAttributes, 1, &end ); if( FAILED(hr) ) return hr;
//
// Process the array elements.
//
VARIANT SingleResult; for ( current = start ; current <= end ; current++ ) { ::VariantInit( &SingleResult ); hr = SafeArrayGetElement( saAttributes, ¤t, &SingleResult ); if( FAILED(hr) ) return hr; if ( V_VT(&SingleResult) != VT_BSTR ) return E_UNEXPECTED;
//TRACE(_T("VT_BSTR: %s\n"),V_BSTR(&SingleResult));
pCont->Add(V_BSTR(&SingleResult)); VariantClear( &SingleResult ); } return S_OK;}
HRESULT GetGlobalNamingContexts(LPCWSTR lpszServerName, CWString& szPhysicalSchemaNamingContext, CWString& szConfigurationNamingContext)
{ HRESULT hr = S_OK;
CComPtr<IADs> spRootDSE; CWString szRootDSEPath;
BuildLdapPathHelper(lpszServerName, g_wzRootDSE, szRootDSEPath); hr = ::ADsOpenObjectHelper(szRootDSEPath, IID_IADs, 0, (void**)&spRootDSE ); if (FAILED(hr)) { TRACE(L"Error opening ADsOpenObjectHelper(%S), hr=%x\n", (LPCWSTR)szRootDSEPath,hr); return hr; }
CComVariant varSchemaNamingContext; hr = spRootDSE->Get(CComBSTR (g_wzSchemaNamingContext), &varSchemaNamingContext); if (FAILED(hr)) { TRACE(_T("Error spRootDSE->Get((PWSTR)g_wzSchemaNamingContext), hr=%x\n"), hr); return hr; }
// finally get value
// (e.g. "cn=schema,cn=configuration,dc=marcocdev,dc=ntdev,dc=microsoft,dc=com")
ASSERT(varSchemaNamingContext.vt == VT_BSTR); szPhysicalSchemaNamingContext = varSchemaNamingContext.bstrVal;
// get the configuration container naming context
CComVariant varConfigurationNamingContext; hr = spRootDSE->Get(CComBSTR (L"configurationNamingContext"), &varConfigurationNamingContext); if (FAILED(hr)) { TRACE(L"Failed spRootDSE->Get(configurationNamingContext,&varConfigurationNamingContext), returned hr = 0x%x\n", hr); return hr; } ASSERT(varConfigurationNamingContext.vt == VT_BSTR); szConfigurationNamingContext = varConfigurationNamingContext.bstrVal;
return hr;}
LPCWSTR g_lpszSummaryIdent = L" ";LPCWSTR g_lpszSummaryNewLine = L"\r\n";
void WriteSummaryTitleLine(CWString& szSummary, UINT nTitleID, LPCWSTR lpszNewLine){ CWString szTemp; szTemp.LoadFromResource(nTitleID); WriteSummaryLine(szSummary, szTemp, NULL, lpszNewLine); szSummary += lpszNewLine;}
void WriteSummaryLine(CWString& szSummary, LPCWSTR lpsz, LPCWSTR lpszIdent, LPCWSTR lpszNewLine){ if (lpszIdent != NULL) szSummary += lpszIdent; szSummary += lpsz; szSummary += lpszNewLine;}
//////////////////////////////////////////////////////////////////////////////
LPCWSTR _GetFilePath(){ static LPCWSTR g_lpszFileName = L"\\system32\\dssec.dat"; static WCHAR g_lpszFilePath[2*MAX_PATH] = L"";
if (g_lpszFilePath[0] == NULL) { UINT nLen = ::GetSystemWindowsDirectory(g_lpszFilePath, MAX_PATH); if (nLen == 0) return NULL; wcscat(g_lpszFilePath, g_lpszFileName); } return g_lpszFilePath;}
ULONG GetClassFlags(LPCWSTR lpszClassName){ LPCWSTR lpszAttr = L"@"; INT nDefault = 0; return ::GetPrivateProfileInt(lpszClassName, lpszAttr, nDefault, _GetFilePath()); //return nDefault;
}
/////////////////////////////////////////////////////////////////////////////
// CFilterEntry
class CFilterEntry{public: CFilterEntry(LPWSTR lpszEntry) { m_lpszName = lpszEntry; m_nFlags = 0; Parse(); } LPCWSTR m_lpszName; ULONG m_nFlags;
bool operator<(CFilterEntry& x) { UNREFERENCED_PARAMETER (x); return false; }
private: void Parse() { WCHAR* p = (WCHAR*)m_lpszName; while (*p != NULL) { if (*p == TEXT('=')) { *p = NULL; m_nFlags = _wtoi(p+1); break; } p++; } }
};
class CFilterEntryHolder{public: CFilterEntryHolder() { m_pCharBuf = NULL; m_dwCharBufSize = 0; } ~CFilterEntryHolder() { if (m_pCharBuf != NULL) free(m_pCharBuf); }
ULONG GetAttributeFlags(LPCWSTR lpszClassName, LPCWSTR lpszAttr);
private: CWString m_szClassName; CGrowableArr<CFilterEntry> m_entries; WCHAR* m_pCharBuf; DWORD m_dwCharBufSize;
BOOL _ReadFile(); void _LoadFromFile(); ULONG _FindInCache(LPCWSTR lpszAttr);
};
BOOL CFilterEntryHolder::_ReadFile(){ if (m_pCharBuf == NULL) { m_dwCharBufSize = 4096; m_pCharBuf = (WCHAR*)malloc(sizeof(WCHAR)*m_dwCharBufSize); } if (m_pCharBuf == NULL) return FALSE;
BOOL bNeedRealloc = FALSE; int nReallocCount = 0; do { DWORD dwCharCount = ::GetPrivateProfileSection(m_szClassName, m_pCharBuf, m_dwCharBufSize, _GetFilePath()); if (dwCharCount == 0) return FALSE; bNeedRealloc = dwCharCount == (m_dwCharBufSize - 2); if (bNeedRealloc) { if (nReallocCount > 4) return FALSE; m_dwCharBufSize = 2*m_dwCharBufSize; WCHAR* pCharBuf = (WCHAR*)realloc(m_pCharBuf, sizeof(WCHAR)*m_dwCharBufSize); if ( pCharBuf ) { m_pCharBuf = pCharBuf; } else break; nReallocCount++; } } while (bNeedRealloc); return TRUE;}
void CFilterEntryHolder::_LoadFromFile(){ m_entries.Clear(); if (!_ReadFile()) return;
WCHAR* p = m_pCharBuf; WCHAR* pEntry = p;
while ( ! (( *p == NULL ) && ( *(p+1) == NULL )) ) { if (*p == NULL) { TRACE(_T("pEntry = <%s>\n"), pEntry); m_entries.Add(new CFilterEntry(pEntry)); pEntry = p+1; } p++; } if ( pEntry < p) m_entries.Add(new CFilterEntry(pEntry)); // add the last one
for (ULONG k=0; k<m_entries.GetCount(); k++) { TRACE(_T("k = %d, <%s> flags = %d\n"), k, m_entries[k]->m_lpszName, m_entries[k]->m_nFlags); }}
ULONG CFilterEntryHolder::_FindInCache(LPCWSTR lpszAttr){ for (ULONG k=0; k<m_entries.GetCount(); k++) { if (_wcsicmp(m_entries[k]->m_lpszName, lpszAttr) == 0) return m_entries[k]->m_nFlags; } return 0; // default
}
ULONG CFilterEntryHolder::GetAttributeFlags(LPCWSTR lpszClassName, LPCWSTR lpszAttr){ if (_wcsicmp(lpszClassName, m_szClassName) != 0) { // class name changed
m_szClassName = lpszClassName; _LoadFromFile(); } return _FindInCache(lpszAttr);}
ULONG GetAttributeFlags(LPCWSTR lpszClassName, LPCWSTR lpszAttr){ static CFilterEntryHolder g_holder; return g_holder.GetAttributeFlags(lpszClassName, lpszAttr);// INT nDefault = 0;
// return ::GetPrivateProfileInt(lpszClassName, lpszAttr, nDefault, _GetFilePath());
//return nDefault;
}
///////////////////////////////////////////////////////////////////////
// CPrincipal
HRESULT CPrincipal::Initialize(PDS_SELECTION pDsSelection, HICON hClassIcon){
TRACE(_T("pwzName = %s\n"), pDsSelection->pwzName); // e.g. JoeB
TRACE(_T("pwzADsPath = %s\n"), pDsSelection->pwzADsPath); // "LDAP:..." or "WINNT:..."
TRACE(_T("pwzClass = %s\n"), pDsSelection->pwzClass); // e.g. "user"
TRACE(_T("pwzUPN = %s\n"), pDsSelection->pwzUPN); // .e.g. "[email protected]."
WCHAR const c_szClassComputer[] = L"computer";
// get the SID
ASSERT(pDsSelection->pvarFetchedAttributes); if (pDsSelection->pvarFetchedAttributes[0].vt == VT_EMPTY) { TRACE(L"CPrincipal::Initialize() failed on VT_EMPTY sid\n"); // fatal error, we cannot proceed
return E_INVALIDARG; } if (pDsSelection->pvarFetchedAttributes[0].vt != (VT_ARRAY | VT_UI1)) { TRACE(L"CPrincipal::Initialize() failed on (VT_ARRAY | VT_UI1) sid\n"); // fatal error, we cannot proceed
return E_INVALIDARG; }
// make sure we have a good SID
PSID pSid = pDsSelection->pvarFetchedAttributes[0].parray->pvData; HRESULT hr = Initialize (pSid); if ( FAILED (hr) ) return hr;
// copy the icon
m_hClassIcon = hClassIcon; // copy the strings
m_szClass = pDsSelection->pwzClass;
//Strip from Computer Name
//16414 02/28/2000 *DS Admin snapin - DelWiz, need to strip the '$' from the end of computer names
m_szName = pDsSelection->pwzName; if( m_szClass && m_szName && ( wcscmp( m_szClass, (LPWSTR)c_szClassComputer) == 0 ) ) { // Strip the trailing '$'
LPWSTR pszTemp; pszTemp= (LPWSTR)(LPCWSTR)m_szName; int nLen = lstrlen(pszTemp); if (nLen && pszTemp[nLen-1] == TEXT('$')) { pszTemp[nLen-1] = TEXT('\0'); } } m_szADsPath = pDsSelection->pwzADsPath;
if( m_szClass && m_szADsPath && ( wcscmp( m_szClass, (LPWSTR)c_szClassComputer) == 0 ) ) { // Strip the trailing '$'
LPWSTR pszTemp; pszTemp= (LPWSTR)(LPCWSTR)m_szADsPath; int nLen = lstrlen(pszTemp); if (nLen && pszTemp[nLen-1] == TEXT('$')) { pszTemp[nLen-1] = TEXT('\0'); } }
m_szUPN = pDsSelection->pwzUPN;
// set the display name
_ComposeDisplayName();
return S_OK; }
HRESULT CPrincipal::Initialize (PSID pSid){ if (!IsValidSid(pSid)) { TRACE(L"CPrincipal::Initialize() failed on IsValidSid()\n"); // fatal error, we cannot proceed
return E_INVALIDARG; }
// we have a good SID, copy it
if (!m_sidHolder.Copy(pSid)) { TRACE(L"CPrincipal::Initialize() failed on m_sidHolder.Copy(pSid)\n"); // fatal error, we cannot proceed
return E_OUTOFMEMORY; }
return S_OK;}
BOOL BuildSamName(LPCWSTR lpszPath, CWString& s){ // strip the WINNT provider and reverse slashes
static LPCWSTR lpszPrefix = L"WinNT://"; int nPrefixLen = lstrlen(lpszPrefix);
if (_wcsnicmp(lpszPath, lpszPrefix, nPrefixLen ) != 0) { // not matching
return FALSE; }
// make a copy
LPCWSTR lpzsTemp = lpszPath+nPrefixLen; // past the prefix
s = L""; for (WCHAR* pChar = const_cast<LPWSTR>(lpzsTemp); (*pChar) != NULL; pChar++) { if (*pChar == L'/') s += L'\\'; else s += *pChar; } return TRUE;}
void CPrincipal::_ComposeDisplayName(){ LPCWSTR lpszAddToName = NULL;
// check if there is a UPN
LPCWSTR lpszUPN = m_szUPN; if ( (lpszUPN != NULL) && (lstrlen(lpszUPN) > 0)) { lpszAddToName = lpszUPN; }
// as a second chance, add the domain\name
LPCWSTR lpszPath = m_szADsPath; CWString sTemp;
if ((lpszAddToName == NULL) && (lpszPath != NULL) && (lstrlen(lpszPath) > 0)) { if (BuildSamName(lpszPath,sTemp)) { lpszAddToName = sTemp; } } if (lpszAddToName != NULL) { static LPCWSTR lpszFormat = L"%s (%s)"; size_t nLen = lstrlen(lpszAddToName) + lstrlen(lpszFormat) + m_szName.size() + 1; LPWSTR lpszTemp = (LPWSTR)alloca(nLen*sizeof(WCHAR)); wsprintf(lpszTemp, lpszFormat, m_szName.c_str(), lpszAddToName); m_szDisplayName = lpszTemp; } else { // got nothing, just use the name
m_szDisplayName = m_szName; }}
BOOL CPrincipal::IsEqual(CPrincipal* p){ return (_wcsicmp(m_szADsPath, p->m_szADsPath) == 0);}
BOOL CPrincipalList::AddIfNotPresent(CPrincipal* p){ CPrincipalList::iterator i; for (i = begin(); i != end(); ++i) { if ((*i)->IsEqual(p)) { delete p; // duplicate
return FALSE; } } push_back(p); return TRUE;}
void CPrincipalList::WriteSummaryInfo(CWString& szSummary, LPCWSTR lpszIdent, LPCWSTR lpszNewLine){ WriteSummaryTitleLine(szSummary, IDS_DELEGWIZ_FINISH_PRINCIPALS, lpszNewLine);
CPrincipalList::iterator i; for (i = begin(); i != end(); ++i) { WriteSummaryLine(szSummary, (*i)->GetDisplayName(), lpszIdent, lpszNewLine); } szSummary += lpszNewLine;}
///////////////////////////////////////////////////////////////////////
// CControlRightInfo
void CControlRightInfo::SetLocalizedName(UINT nLocalizationDisplayId, HMODULE hModule){ WCHAR szLocalizedDisplayName[256];
DWORD dwChars = 0;
if (hModule != NULL) { dwChars = FormatMessage(FORMAT_MESSAGE_FROM_HMODULE | FORMAT_MESSAGE_IGNORE_INSERTS, hModule, nLocalizationDisplayId, 0, szLocalizedDisplayName, 256, NULL); }
if (dwChars > 0) { m_szLocalizedName = szLocalizedDisplayName; } else { // failed, just use the LDAP display name
m_szLocalizedName = m_szLdapDisplayName; }
// need to set the display name
if (IsPropertySet()) { CWString szPropertySetFormat; szPropertySetFormat.LoadFromResource(IDS_DELEGWIZ_RW_PROPERTYSET); WCHAR* lpszBuffer = (WCHAR*)alloca(sizeof(WCHAR)*(szPropertySetFormat.size()+m_szLocalizedName.size()+1));
// we have a different display name
wsprintf(lpszBuffer, szPropertySetFormat, (LPCWSTR)m_szLocalizedName); m_szDisplayName = lpszBuffer; } else { // same as raw
m_szDisplayName = m_szLocalizedName; }}
///////////////////////////////////////////////////////////////////////
// CControlRightInfoArray
class CDsSecLib{public: CDsSecLib() { m_hInstance = ::LoadLibrary(L"dssec.dll"); } ~CDsSecLib() { if (m_hInstance != NULL) ::FreeLibrary(m_hInstance); } HINSTANCE Get() { return m_hInstance; }private: HINSTANCE m_hInstance;};
HRESULT CControlRightInfoArray::InitFromDS(CAdsiObject* pADSIObj, const GUID* pSchemaIDGUID){ TRACE(L"CControlRightInfoArray::InitFromDS()\n\n");
ASSERT(pSchemaIDGUID != NULL);
LPWSTR lpszSchemaIDGUID = (LPWSTR)alloca(128*sizeof(WCHAR)); if(!lpszSchemaIDGUID) return E_OUTOFMEMORY; if (!FormatStringGUID(lpszSchemaIDGUID, 128, pSchemaIDGUID)) { return E_INVALIDARG; }
// build the LDAP path for the schema class
CWString szPhysicalSchemaPath; LPCWSTR lpszPhysicalSchemaNamingContext = pADSIObj->GetPhysicalSchemaNamingContext(); BuildLdapPathHelper(pADSIObj->GetServerName(), lpszPhysicalSchemaNamingContext, szPhysicalSchemaPath);
// build the extended rights container naming context and LDAP path
CWString szExtendedRightsNamingContext; szExtendedRightsNamingContext = L"CN=Extended-Rights,"; szExtendedRightsNamingContext += pADSIObj->GetConfigurationNamingContext(); CWString szExtendedRightsPath; BuildLdapPathHelper(pADSIObj->GetServerName(), szExtendedRightsNamingContext, szExtendedRightsPath);
// bind a query to the extended rights container
CAdsiSearch search; HRESULT hr = search.Init(szExtendedRightsPath); TRACE(L"search.Init(%s) returned hr = 0x%x\n", (LPCWSTR)szExtendedRightsPath, hr);
if (FAILED(hr)) { return hr; }
// build an LDAP query string
static LPCWSTR lpszFilterFormat = L"(&(objectCategory=CN=Control-Access-Right,%s)(AppliesTo=%s))";
int nFmtLen = lstrlen(lpszFilterFormat); int nArgumentLen = lstrlen(lpszPhysicalSchemaNamingContext) + lstrlen(lpszSchemaIDGUID);
WCHAR* lpszFilter = (WCHAR*)alloca(sizeof(WCHAR)*(nFmtLen+nArgumentLen+1)); wsprintf(lpszFilter, lpszFilterFormat, lpszPhysicalSchemaNamingContext, lpszSchemaIDGUID);
// build an array of wanted columns
static const int cAttrs = 4; static LPCWSTR pszAttribsArr[cAttrs] = { L"displayName", // e.g. "Change Password"
L"rightsGuid", // e.g. "ab721a53-1e2f-...." (i.e. GUID in string form w/o {})
L"validAccesses", // bitmask of access righs
L"localizationDisplayId" // bitmask of access righs
}; hr = search.SetSearchScope(ADS_SCOPE_ONELEVEL); TRACE(L"search.SetSearchScope(ADS_SCOPE_ONELEVEL) returned hr = 0x%x\n", hr); if (FAILED(hr)) return hr;
hr = search.DoQuery(lpszFilter, pszAttribsArr, cAttrs); TRACE(L"search.DoQuery(lpszFilter, pszAttribsArr, cAttrs) returned hr = 0x%x\n", hr); if (FAILED(hr)) return hr;
TRACE(L"\n");
CWString szRightsGUID; ULONG nLocalizationDisplayId;
// load DSSEC.DLL to provide localized
CDsSecLib DsSecLib;
while ((hr = search.GetNextRow()) != S_ADS_NOMORE_ROWS) { if (FAILED(hr)) continue;
CControlRightInfo* pInfo = new CControlRightInfo();
HRESULT hr0 = search.GetColumnString(pszAttribsArr[0], pInfo->m_szLdapDisplayName);
// the DS gives us the GUID in string form, but we need it in struct form
HRESULT hr1 = search.GetColumnString(pszAttribsArr[1], szRightsGUID); if (SUCCEEDED(hr1)) { if (!::GuidFromString(&(pInfo->m_rightsGUID), szRightsGUID.c_str())) { TRACE(L"GuidFromString(_, %s) failed!\n", szRightsGUID.c_str()); hr1 = E_INVALIDARG; } }
HRESULT hr2 = search.GetColumnInteger(pszAttribsArr[2], pInfo->m_fAccess);
HRESULT hr3 = search.GetColumnInteger(pszAttribsArr[3], nLocalizationDisplayId);
TRACE(L"Name = <%s>, \n Guid = <%s>, Access = 0x%x, nLocalizationDisplayId = %d\n", pInfo->m_szLdapDisplayName.c_str(), szRightsGUID.c_str(), pInfo->m_fAccess, nLocalizationDisplayId); if (FAILED(hr0) || FAILED(hr1) || FAILED(hr2) || FAILED(hr3)) { TRACE(L"WARNING: discarding right, failed on columns: hr0 = 0x%x, hr1 = 0x%x, hr2 = 0x%x, hr3 = 0x%x\n", hr0, hr1, hr2, hr3); delete pInfo; } else { pInfo->SetLocalizedName(nLocalizationDisplayId, DsSecLib.Get());
Add(pInfo); } } // while
TRACE(L"\n\n");
if (hr == S_ADS_NOMORE_ROWS) hr = S_OK;
return hr;}
//////////////////////////////////////////////////////////////////////
// CPropertyRightInfo
const ULONG CPropertyRightInfo::m_nRightCountMax = 2;const ULONG CPropertyRightInfo::m_nReadIndex = 0;const ULONG CPropertyRightInfo::m_nWriteIndex = 1;
LPCWSTR CPropertyRightInfo::GetRightDisplayString(ULONG iRight){ static WCHAR szReadFmt[256] = L""; static WCHAR szWriteFmt[256] = L""; static WCHAR szReadAll[256] = L""; static WCHAR szWriteAll[256] = L"";
static WCHAR szDisplay[512];
ASSERT(GetName() != NULL); // must have a name!!!
szDisplay[0] = NULL; WCHAR* pFmt = NULL;
if (iRight == m_nReadIndex) { if (szReadFmt[0] == NULL) LoadStringHelper(IDS_DELEGWIZ_READ_PROPERTY, szReadFmt, ARRAYSIZE(szReadFmt)); pFmt = szReadFmt; } else if (iRight == m_nWriteIndex) { if (szWriteFmt[0] == NULL) LoadStringHelper(IDS_DELEGWIZ_WRITE_PROPERTY, szWriteFmt, ARRAYSIZE(szWriteFmt)); pFmt = szWriteFmt; }
if(pFmt) { if(SUCCEEDED(StringCchPrintf(szDisplay, sizeof(szDisplay)/sizeof(WCHAR), pFmt, GetDisplayName()))) { return szDisplay; } } return NULL; }
void CPropertyRightInfo::SetRight(ULONG iRight, BOOL b){ switch (iRight) { case m_nReadIndex: if (b) m_Access |= ACTRL_DS_READ_PROP; else m_Access &= ~ACTRL_DS_READ_PROP; break; case m_nWriteIndex: if (b) m_Access |= ACTRL_DS_WRITE_PROP; else m_Access &= ~ACTRL_DS_WRITE_PROP; break; default: ASSERT(FALSE); };}
ULONG CPropertyRightInfo::GetRight(ULONG iRight){ switch (iRight) { case m_nReadIndex: return (ULONG)ACTRL_DS_READ_PROP; break; case m_nWriteIndex: return (ULONG)ACTRL_DS_WRITE_PROP; break; default: ASSERT(FALSE); }; return 0;}
BOOL CPropertyRightInfo::IsRightSelected(ULONG iRight){ BOOL bRes = FALSE; switch (iRight) { case m_nReadIndex: bRes = m_Access & ACTRL_DS_READ_PROP; break; case m_nWriteIndex: bRes = m_Access & ACTRL_DS_WRITE_PROP; break; default: ASSERT(FALSE); }; return bRes;}
//////////////////////////////////////////////////////////////////////
// CPropertyRightInfoArray
template <class T> class CClassPtr{public: CClassPtr() { m_p = NULL;} ~CClassPtr() { if (m_p) delete m_p;}
CClassPtr& operator=(T* p) { m_p = p; return *this; } T* operator->() { return m_p; } T* operator&() { return m_p; }
private: T* m_p;};
HRESULT CPropertyRightInfoArray::InitFromSchema(CAdsiObject* pADSIObj, IADsClass * pDsSchemaClass, LPCWSTR lpszClassName, BOOL bUseFilter){ // setup
Clear();
CClassPtr<CPropertyRightInfoFilter> spFilter; if (bUseFilter) { spFilter = new CPropertyRightInfoFilter(); spFilter->SetClassName(lpszClassName); }
if (pDsSchemaClass == NULL) { ASSERT(lpszClassName == NULL); return S_OK; }
// get data from DS for specific properties
VARIANT MandatoryListVar, OptionalListVar; ::VariantInit(&MandatoryListVar); ::VariantInit(&OptionalListVar); HRESULT hr = pDsSchemaClass->get_MandatoryProperties(&MandatoryListVar); if (FAILED(hr)) { ::VariantClear(&MandatoryListVar); return hr; } hr = pDsSchemaClass->get_OptionalProperties(&OptionalListVar); if (FAILED(hr)) { ::VariantClear(&OptionalListVar); return hr; }
// add the results to the array
CContainerProxy<CPropertyRightInfo, CPropertyRightInfoArray, CPropertyRightInfoFilter> cont(this, &spFilter);
VariantArrayToContainer(MandatoryListVar, &cont); VariantArrayToContainer(OptionalListVar, &cont);
::VariantClear(&MandatoryListVar); ::VariantClear(&OptionalListVar);
// now need to set the friendly names
ULONG nCount = (ULONG) GetCount(); WCHAR szFrendlyName[1024]; HRESULT hrName; for (ULONG i=0; i<nCount; i++) { LPCWSTR lpszName = (*this)[i]->GetName(); if (lpszName != NULL) { hrName = pADSIObj->GetFriendlyAttributeName(lpszClassName, lpszName, szFrendlyName, 1024); ASSERT(SUCCEEDED(hrName)); (*this)[i]->SetDisplayName(SUCCEEDED(hrName) ? szFrendlyName : NULL); } }
// get guids
for (i=0; i<nCount; i++) { CPropertyRightInfo* pInfo = (*this)[i]; LPCWSTR lpszName = pInfo->GetName(); hr = pADSIObj->GetClassGuid(lpszName, TRUE, pInfo->m_schemaIDGUID); if (SUCCEEDED(hr)) { WCHAR szTest[128]; FormatStringGUID(szTest, 128, &(pInfo->m_schemaIDGUID)); TRACE(L"name = <%s>, guid = <%s>\n", lpszName, szTest); } else { TRACE(L"GetClassGuid(%s) failed hr = 0x%x\n", lpszName, hr); return hr; } }
Sort(); return hr;}
//////////////////////////////////////////////////////////////////////
// CClassRightInfo
const ULONG CClassRightInfo::m_nRightCountMax = 2;const ULONG CClassRightInfo::m_nCreateIndex = 0;const ULONG CClassRightInfo::m_nDeleteIndex = 1;
LPCWSTR CClassRightInfo::GetRightDisplayString(ULONG iRight){ static WCHAR szCreateFmt[256] = L""; static WCHAR szDeleteFmt[256] = L""; static WCHAR szCreateAll[256] = L""; static WCHAR szDeleteAll[256] = L"";
static WCHAR szDisplay[512];
ASSERT(GetName() != NULL); // must have a name!!!
szDisplay[0] = NULL; WCHAR* pFmt = NULL;
if (iRight == m_nCreateIndex) { if (szCreateFmt[0] == NULL) LoadStringHelper(IDS_DELEGWIZ_CREATE_CLASS, szCreateFmt, ARRAYSIZE(szCreateFmt)); pFmt = szCreateFmt; } else if (iRight == m_nDeleteIndex) { if (szDeleteFmt[0] == NULL) LoadStringHelper(IDS_DELEGWIZ_DELETE_CLASS, szDeleteFmt, ARRAYSIZE(szDeleteFmt)); pFmt = szDeleteFmt; }
if(pFmt) { if(SUCCEEDED(StringCchPrintf(szDisplay, sizeof(szDisplay)/sizeof(WCHAR), pFmt, GetDisplayName()))) {
return szDisplay; } }
return NULL;}
void CClassRightInfo::SetRight(ULONG iRight, BOOL b){ switch (iRight) { case m_nCreateIndex: if (b) m_Access |= ACTRL_DS_CREATE_CHILD; else m_Access &= ~ACTRL_DS_CREATE_CHILD; break; case m_nDeleteIndex: if (b) m_Access |= ACTRL_DS_DELETE_CHILD; else m_Access &= ~ACTRL_DS_DELETE_CHILD; break; default: ASSERT(FALSE); };}
ULONG CClassRightInfo::GetRight(ULONG iRight){ switch (iRight) { case m_nCreateIndex: return (ULONG)ACTRL_DS_CREATE_CHILD; break; case m_nDeleteIndex: return (ULONG)ACTRL_DS_DELETE_CHILD; break; default: ASSERT(FALSE); }; return 0;}
BOOL CClassRightInfo::IsRightSelected(ULONG iRight){ BOOL bRes = FALSE; switch (iRight) { case m_nCreateIndex: bRes = m_Access & ACTRL_DS_CREATE_CHILD; break; case m_nDeleteIndex: bRes = m_Access & ACTRL_DS_DELETE_CHILD; break; default: ASSERT(FALSE); }; return bRes;}
//////////////////////////////////////////////////////////////////////
// CClassRightInfoArray
HRESULT CClassRightInfoArray::InitFromSchema(CAdsiObject* pADSIObj, IADsClass* pDsSchemaClass, BOOL bUseFilter){ // setup
Clear();
if (pDsSchemaClass == NULL) return S_OK;
// read from DS
VARIANT ContainmentListVar; ::VariantInit(&ContainmentListVar); HRESULT hr = pDsSchemaClass->get_Containment(&ContainmentListVar); if (FAILED(hr)) { ::VariantClear(&ContainmentListVar); return hr; }
CClassPtr<CClassRightInfoFilter> spFilter; if (bUseFilter) { spFilter = new CClassRightInfoFilter(); } // add to array and filter
CContainerProxy<CClassRightInfo, CClassRightInfoArray, CClassRightInfoFilter> cont(this, &spFilter); VariantArrayToContainer(ContainmentListVar, &cont);
::VariantClear(&ContainmentListVar);
// now need to set the friendly names
ULONG nCount = (ULONG) GetCount(); WCHAR szFrendlyName[1024]; HRESULT hrName; for (ULONG i=0; i<nCount; i++) { LPCWSTR lpszName = (*this)[i]->GetName(); if (lpszName != NULL) { hrName = pADSIObj->GetFriendlyClassName(lpszName, szFrendlyName, 1024); ASSERT(SUCCEEDED(hrName)); (*this)[i]->SetDisplayName(SUCCEEDED(hrName) ? szFrendlyName : NULL); } }
// get guids
for (i=0; i<nCount; i++) { CClassRightInfo* pInfo = (*this)[i]; LPCWSTR lpszName = pInfo->GetName(); hr = pADSIObj->GetClassGuid(lpszName, FALSE, pInfo->m_schemaIDGUID); if (SUCCEEDED(hr)) { WCHAR szTest[128]; FormatStringGUID(szTest, 128, &(pInfo->m_schemaIDGUID)); TRACE(L"name = <%s>, guid = <%s>\n", lpszName, szTest); } else { TRACE(L"GetClassGuid(%s) failed hr = 0x%x\n", lpszName, hr); return hr; } }
Sort();
return hr;}
///////////////////////////////////////////////////////////////////////
// CAccessPermissionsHolderBase
CAccessPermissionsHolderBase::CAccessPermissionsHolderBase(BOOL bUseFilter){ m_bUseFilter = bUseFilter;}
CAccessPermissionsHolderBase::~CAccessPermissionsHolderBase(){ Clear();}
void CAccessPermissionsHolderBase::Clear(){ m_accessRightInfoArr.Clear(); m_controlRightInfoArr.Clear();
m_propertyRightInfoArray.Clear(); m_classRightInfoArray.Clear();}
BOOL CAccessPermissionsHolderBase::HasPermissionSelected(){ ULONG i,j; // check access rigths
for (i = 0; i < m_accessRightInfoArr.GetCount(); i++) { if (m_accessRightInfoArr[i]->IsSelected()) return TRUE; } // check control rigths
for (i = 0; i < m_controlRightInfoArr.GetCount(); i++) { if (m_controlRightInfoArr[i]->IsSelected()) return TRUE; }
// subobjects rigths
for (i = 0; i < m_classRightInfoArray.GetCount(); i++) { for (j=0; j< m_classRightInfoArray[i]->GetRightCount(); j++) { if ( m_classRightInfoArray[i]->IsRightSelected(j) ) return TRUE; } }
// property rights
for (i = 0; i < m_propertyRightInfoArray.GetCount(); i++) { for (j=0; j< m_propertyRightInfoArray[i]->GetRightCount(); j++) { if ( m_propertyRightInfoArray[i]->IsRightSelected(j) ) return TRUE; } }
return FALSE;}
/*
typedef struct _ACTRL_CONTROL_INFOW{ LPWSTR lpControlId; LPWSTR lpControlName;} ACTRL_CONTROL_INFOW, *PACTRL_CONTROL_INFOW;
typedef struct _ACTRL_ACCESS_INFOW{ ULONG fAccessPermission; LPWSTR lpAccessPermissionName;} ACTRL_ACCESS_INFOW, *PACTRL_ACCESS_INFOW;
*/
HRESULT CAccessPermissionsHolderBase::ReadDataFromDS(CAdsiObject* pADSIObj, LPCWSTR /*lpszObjectNamingContext*/, LPCWSTR lpszClassName, const GUID* pSchemaIDGUID, BOOL bChildClass, BOOL bHideListObject){#if DBG
WCHAR szGUID[128]; FormatStringGUID(szGUID, 128, pSchemaIDGUID); TRACE(L"CAccessPermissionsHolderBase::ReadDataFromDS(_, %s, %s)\n", lpszClassName, szGUID);#endif
Clear();
HRESULT hr = S_OK; if (pSchemaIDGUID != NULL) { hr = m_controlRightInfoArr.InitFromDS(pADSIObj, pSchemaIDGUID); TRACE(L"hr = m_controlRightInfoArr.InitFromDS(...) returned hr = 0x%x\n", hr); if (FAILED(hr)) { return hr; } }
hr = _ReadClassInfoFromDS(pADSIObj, lpszClassName); if (FAILED(hr)) { return hr; } hr = _LoadAccessRightInfoArrayFromTable(bChildClass,bHideListObject); return hr;}
HRESULT CAccessPermissionsHolderBase::_ReadClassInfoFromDS(CAdsiObject* pADSIObj, LPCWSTR lpszClassName){ HRESULT hr = S_OK; CComPtr<IADsClass> spSchemaObjectClass;
if (lpszClassName != NULL) { int nServerNameLen = lstrlen(pADSIObj->GetServerName()); int nClassNameLen = lstrlen(lpszClassName); int nFormatStringLen = lstrlen(g_wzLDAPAbstractSchemaFormat); // build the LDAP path for the schema class
WCHAR* pwszSchemaObjectPath = (WCHAR*)alloca(sizeof(WCHAR)*(nServerNameLen+nClassNameLen+nFormatStringLen+1)); wsprintf(pwszSchemaObjectPath, g_wzLDAPAbstractSchemaFormat, pADSIObj->GetServerName(), lpszClassName);
// get the schema class ADSI object
hr = ::ADsOpenObjectHelper(pwszSchemaObjectPath, IID_IADsClass, 0,(void**)&spSchemaObjectClass); if (FAILED(hr)) return hr;
}
//TRACE(_T("\nObject Properties\n\n"));
hr = m_propertyRightInfoArray.InitFromSchema(pADSIObj, spSchemaObjectClass,lpszClassName, m_bUseFilter); if (FAILED(hr)) return hr;
//TRACE(_T("\nObject contained classes\n\n"));
return m_classRightInfoArray.InitFromSchema(pADSIObj, spSchemaObjectClass, m_bUseFilter);}
DWORD CAccessPermissionsHolderBase::UpdateAccessList( CPrincipal* pPrincipal, CSchemaClassInfo* pClassInfo, LPCWSTR /*lpszServerName*/, LPCWSTR /*lpszPhysicalSchemaNamingContext*/, PACL *ppAcl){ TRACE(L"CAccessPermissionsHolderBase::UpdateAccessList()\n"); const GUID* pClassGUID = NULL;
TRACE(L"User or Group Name: %s\n", pPrincipal->GetDisplayName()); BOOL bChildClass = TRUE; if (pClassInfo != NULL) { pClassGUID = pClassInfo->GetSchemaGUID(); bChildClass = (pClassInfo->m_dwChildClass != CHILD_CLASS_NOT_EXIST ); }
return _UpdateAccessListHelper(pPrincipal->GetSid(), pClassGUID, ppAcl,bChildClass);}
DWORD CAccessPermissionsHolderBase::_UpdateAccessListHelper(PSID pSid, const GUID* pClassGUID, PACL *ppAcl, BOOL bChildClass){ TRACE(L"CAccessPermissionsHolderBase::_UpdateAccessListHelper()\n");
ASSERT(pSid != NULL);
ULONG AccessAllClass = 0; ULONG AccessAllProperty = 0; DWORD dwErr = 0;
// set common variables
ULONG uAccess = 0; // to be set and reset as see fit
if (m_accessRightInfoArr[0]->IsSelected()) // full control
{ uAccess = _WIZ_FULL_CTRL; dwErr = ::AddObjectRightInAcl(pSid, uAccess, NULL, pClassGUID, ppAcl); if (dwErr != ERROR_SUCCESS) goto exit; } else { // add an entry for all the standard access permissions:
// OR all the selected permissions together
uAccess = 0; UINT nSel = 0; for (UINT k=0; k < m_accessRightInfoArr.GetCount(); k++) { if (m_accessRightInfoArr[k]->IsSelected()) { nSel++; uAccess |= m_accessRightInfoArr[k]->GetAccess(); } } // for
if( !bChildClass ) uAccess &= (~(ACTRL_DS_CREATE_CHILD|ACTRL_DS_DELETE_CHILD)); if (nSel > 0) { // keep track of "All" flags
if (uAccess & ACTRL_DS_READ_PROP) AccessAllProperty |= ACTRL_DS_READ_PROP; if (uAccess & ACTRL_DS_WRITE_PROP) AccessAllProperty |= ACTRL_DS_WRITE_PROP;
if (uAccess & ACTRL_DS_CREATE_CHILD) AccessAllClass |= ACTRL_DS_CREATE_CHILD; if (uAccess & ACTRL_DS_DELETE_CHILD) AccessAllClass |= ACTRL_DS_DELETE_CHILD;
dwErr = ::AddObjectRightInAcl(pSid, uAccess, NULL, pClassGUID, ppAcl);
if (dwErr != ERROR_SUCCESS) goto exit; }
// add an entry for each of the control rights
for (k=0; k < m_controlRightInfoArr.GetCount(); k++) { if (m_controlRightInfoArr[k]->IsSelected()) { uAccess = m_controlRightInfoArr[k]->GetAccess(); dwErr = ::AddObjectRightInAcl(pSid, uAccess, m_controlRightInfoArr[k]->GetRightsGUID(), pClassGUID, ppAcl); if (dwErr != ERROR_SUCCESS) goto exit; } } // for
// add an entry for each of the subobjects rigths
for (ULONG iClass = 0; iClass < m_classRightInfoArray.GetCount(); iClass++) { ULONG Access = m_classRightInfoArray[iClass]->GetAccess(); if (Access != 0) { if (iClass > 0) { ULONG nRightCount = m_classRightInfoArray[iClass]->GetRightCount(); for (ULONG iCurrRight=0; iCurrRight<nRightCount; iCurrRight++) { // the first entry is the Create/Delete All, no need for other permissions,
ULONG currAccess = m_classRightInfoArray[iClass]->GetRight(iCurrRight); if (currAccess & AccessAllClass) { // right already present, strip out
Access &= ~currAccess; } } // for
} if (Access != 0) { uAccess = Access; dwErr = ::AddObjectRightInAcl(pSid, uAccess, m_classRightInfoArray[iClass]->GetSchemaGUID(), pClassGUID, ppAcl); if (dwErr != ERROR_SUCCESS) goto exit; } } } // for
// add an entry for each property right to set
for (ULONG iProperty=0; iProperty < m_propertyRightInfoArray.GetCount(); iProperty++) { ULONG Access = m_propertyRightInfoArray[iProperty]->GetAccess(); if (Access != 0) { if (iProperty > 0) { ULONG nRightCount = m_propertyRightInfoArray[iProperty]->GetRightCount(); for (ULONG iCurrRight=0; iCurrRight<nRightCount; iCurrRight++) { // the first entry is the Create/Delete All, no need for other permissions,
ULONG currAccess = m_propertyRightInfoArray[iProperty]->GetRight(iCurrRight); if (currAccess & AccessAllProperty) { // right already present, strip out
Access &= ~currAccess; } } // for
} if (Access != 0) { uAccess = Access; dwErr = ::AddObjectRightInAcl(pSid, uAccess, m_propertyRightInfoArray[iProperty]->GetSchemaGUID(), pClassGUID, ppAcl); if (dwErr != ERROR_SUCCESS) goto exit; } } }
} // if
exit:
return dwErr;}
///////////////////////////////////////////////////////////////////////
// CCustomAccessPermissionsHolder
CCustomAccessPermissionsHolder::CCustomAccessPermissionsHolder() : CAccessPermissionsHolderBase(TRUE){}
CCustomAccessPermissionsHolder::~CCustomAccessPermissionsHolder(){ Clear();}
void CCustomAccessPermissionsHolder::Clear(){ CAccessPermissionsHolderBase::Clear(); m_listViewItemArr.Clear();}
struct CAccessRightTableEntry{ UINT m_nStringID; ULONG m_fAccess;};
#define _WIZ_READ \
(READ_CONTROL | ACTRL_DS_LIST | ACTRL_DS_READ_PROP | ACTRL_DS_LIST_OBJECT)
#define _WIZ_WRITE \
(ACTRL_DS_SELF | ACTRL_DS_WRITE_PROP)
HRESULT CCustomAccessPermissionsHolder::_LoadAccessRightInfoArrayFromTable(BOOL bCreateDeleteChild,BOOL bHideListObject){ static CAccessRightTableEntry _pTable[] = { { IDS_DELEGWIZ_ACTRL_FULL, _WIZ_FULL_CTRL }, { IDS_DELEGWIZ_ACTRL_READ, _WIZ_READ }, { IDS_DELEGWIZ_ACTRL_WRITE, _WIZ_WRITE },/*
{ IDS_DELEGWIZ_ACTRL_SYSTEM_ACCESS, ACCESS_SYSTEM_SECURITY }, { IDS_DELEGWIZ_ACTRL_DELETE, DELETE }, { IDS_DELEGWIZ_ACTRL_READ_CONTROL, READ_CONTROL }, { IDS_DELEGWIZ_ACTRL_CHANGE_ACCESS, WRITE_DAC }, { IDS_DELEGWIZ_ACTRL_CHANGE_OWNER, WRITE_OWNER },*/ { IDS_DELEGWIZ_ACTRL_DS_CREATE_CHILD, ACTRL_DS_CREATE_CHILD }, { IDS_DELEGWIZ_ACTRL_DS_DELETE_CHILD, ACTRL_DS_DELETE_CHILD },/*
{ IDS_DELEGWIZ_ACTRL_DS_LIST, ACTRL_DS_LIST }, { IDS_DELEGWIZ_ACTRL_DS_SELF, ACTRL_DS_SELF },*/ { IDS_DELEGWIZ_ACTRL_DS_READ_PROP, ACTRL_DS_READ_PROP }, { IDS_DELEGWIZ_ACTRL_DS_WRITE_PROP, ACTRL_DS_WRITE_PROP },/*
{ IDS_DELEGWIZ_ACTRL_DS_DELETE_TREE, ACTRL_DS_DELETE_TREE }, { IDS_DELEGWIZ_ACTRL_DS_LIST_OBJECT, ACTRL_DS_LIST_OBJECT }, { IDS_DELEGWIZ_ACTRL_DS_CONTROL_ACCESS, ACTRL_DS_CONTROL_ACCESS },*/ {0, 0x0 } // end of table marker
};
if(bHideListObject) { _pTable[0].m_fAccess &= ~ACTRL_DS_LIST_OBJECT; _pTable[1].m_fAccess &= ~ACTRL_DS_LIST_OBJECT; }
TRACE(L"\nCCustomAccessPermissionsHolder::_LoadAccessRightInfoArrayFromTable()\n\n");
for(CAccessRightTableEntry* pCurrEntry = (CAccessRightTableEntry*)_pTable; pCurrEntry->m_nStringID != NULL; pCurrEntry++) { if( !bCreateDeleteChild && ( (pCurrEntry->m_fAccess == ACTRL_DS_CREATE_CHILD) || (pCurrEntry->m_fAccess == ACTRL_DS_DELETE_CHILD ) ) )
continue; CAccessRightInfo* pInfo = new CAccessRightInfo(); if( !pInfo ) return HRESULT_FROM_WIN32( ERROR_NOT_ENOUGH_MEMORY ); if (!pInfo->m_szDisplayName.LoadFromResource(pCurrEntry->m_nStringID)) { delete pInfo; continue; } pInfo->m_fAccess = pCurrEntry->m_fAccess;
TRACE(L"Display Name = <%s>, Access = 0x%x\n", pInfo->m_szDisplayName.c_str(), pInfo->m_fAccess); m_accessRightInfoArr.Add(pInfo); }
TRACE(L"\nCCustomAccessPermissionsHolder::_LoadAccessRightInfoArrayFromTable() exiting\n\n");
return S_OK;}
void CCustomAccessPermissionsHolder::_SelectAllRigths(){ ULONG i,j;
// select all access rigths
for (i = 0; i < m_accessRightInfoArr.GetCount(); i++) { m_accessRightInfoArr[i]->Select(TRUE); }
// select all control rights rigths
for (i = 0; i < m_controlRightInfoArr.GetCount(); i++) { m_controlRightInfoArr[i]->Select(TRUE); }
// select all subobjects rigths
for (i = 0; i < m_classRightInfoArray.GetCount(); i++) { for (j=0; j< m_classRightInfoArray[i]->GetRightCount(); j++) { m_classRightInfoArray[i]->SetRight(j, TRUE); } }
// select all property rights
for (i = 0; i < m_propertyRightInfoArray.GetCount(); i++) { for (j=0; j< m_propertyRightInfoArray[i]->GetRightCount(); j++) { m_propertyRightInfoArray[i]->SetRight(j, TRUE); } }
}
void CCustomAccessPermissionsHolder::_SelectAllPropertyRigths(ULONG fAccessPermission){ for (UINT i=0; i<m_propertyRightInfoArray.GetCount(); i++) { m_propertyRightInfoArray[i]->AddAccessRight(fAccessPermission); }}
void CCustomAccessPermissionsHolder::_SelectAllSubObjectRigths(ULONG fAccessPermission){ for (UINT i=0; i<m_classRightInfoArray.GetCount(); i++) { m_classRightInfoArray[i]->AddAccessRight(fAccessPermission); }}
void CCustomAccessPermissionsHolder::_DeselectAssociatedRights(ULONG fAccessPermission){ // deselect full control first
m_accessRightInfoArr[0]->Select(FALSE);
if (fAccessPermission != 0) { // deselect any other basic right that contains the flag
UINT nCount = (ULONG) m_accessRightInfoArr.GetCount(); for (ULONG iAccess=0; iAccess<nCount; iAccess++) { if (m_accessRightInfoArr[iAccess]->GetAccess() & fAccessPermission) m_accessRightInfoArr[iAccess]->Select(FALSE); } }}
void CCustomAccessPermissionsHolder::Select(IN CRigthsListViewItem* pItem, IN BOOL bSelect, OUT ULONG* pnNewFilterState){ ASSERT(pItem != NULL);
*pnNewFilterState = 0;
switch (pItem->m_type) { case CRigthsListViewItem::access: // access rights
case CRigthsListViewItem::ctrl: // general rights
{ // make the change to the entry that was passed in as argument
if (pItem->m_type == CRigthsListViewItem::access) { m_accessRightInfoArr[pItem->m_iIndex]->Select(bSelect); } else { m_controlRightInfoArr[pItem->m_iIndex]->Select(bSelect); } // now see if this triggers changes to the other entries
if (bSelect) { if (pItem->m_type == CRigthsListViewItem::access) { if (pItem->m_iIndex == 0) { // the user checked full control, need to select all the rigths
_SelectAllRigths();
// set flags to mark which set of flags is affected
*pnNewFilterState |= FILTER_EXP_GEN;
if (m_propertyRightInfoArray.GetCount() > 0) *pnNewFilterState |= FILTER_EXP_PROP;
if (m_classRightInfoArray.GetCount() > 0) *pnNewFilterState |= FILTER_EXP_SUBOBJ; } else { // check if the user selected some read/write all or create/delete all right
UINT iAccess = pItem->m_iIndex; ULONG fAccessPermission = m_accessRightInfoArr[iAccess]->GetAccess();
if ((fAccessPermission == _WIZ_READ) || (fAccessPermission == _WIZ_WRITE) ) { // need to select all the Read or Write Properties entried
// and the ACTRL_DS_READ_PROP ACTRL_DS_WRITE_PROP (Read All/Write All)
// select all access rigths
UINT nAssociatedAccessRight = (fAccessPermission == _WIZ_READ) ? ACTRL_DS_READ_PROP : ACTRL_DS_WRITE_PROP; for (UINT i = 0; i < m_accessRightInfoArr.GetCount(); i++) { if (m_accessRightInfoArr[i]->GetAccess() == nAssociatedAccessRight) { m_accessRightInfoArr[i]->Select(TRUE); _SelectAllPropertyRigths(nAssociatedAccessRight); if (m_propertyRightInfoArray.GetCount() > 0) *pnNewFilterState |= FILTER_EXP_PROP; break; } } }
if ( (fAccessPermission == ACTRL_DS_CREATE_CHILD) || (fAccessPermission == ACTRL_DS_DELETE_CHILD) ) { // need to select all the Create or Delete Child entries, if present
_SelectAllSubObjectRigths(fAccessPermission);
// set the flags
if (m_classRightInfoArray.GetCount() > 0) *pnNewFilterState |= FILTER_EXP_SUBOBJ; } else if ( (fAccessPermission == ACTRL_DS_READ_PROP) || (fAccessPermission == ACTRL_DS_WRITE_PROP) ) { // need to select all the Read or Write Property entries, if present
_SelectAllPropertyRigths(fAccessPermission);
// set the flags
if (m_propertyRightInfoArray.GetCount() > 0) *pnNewFilterState |= FILTER_EXP_PROP; } // if
} // if index zero
} // if type is access
} else // i.e. !bSelect
{ if (pItem->m_type == CRigthsListViewItem::access) { if (pItem->m_iIndex != 0) { // deselection on anything but full control
_DeselectAssociatedRights(m_accessRightInfoArr[pItem->m_iIndex]->GetAccess()); } } else if (pItem->m_type == CRigthsListViewItem::ctrl) { _DeselectAssociatedRights(m_controlRightInfoArr[pItem->m_iIndex]->GetAccess()); }/*
// deselection on anything but full control
if ( !((pItem->m_iIndex == 0) && (pItem->m_type == CRigthsListViewItem::access)) ) { _DeselectAssociatedRights(0); }*/ } } break;
case CRigthsListViewItem::prop: // property rights
{ ASSERT(pItem->m_iIndex < m_propertyRightInfoArray.GetCount()); m_propertyRightInfoArray[pItem->m_iIndex]->SetRight(pItem->m_iRight, bSelect); if (!bSelect) { // unchecking any Read/Write property, will unckeck the Read/Write All,
// Read and full control
_DeselectAssociatedRights(m_propertyRightInfoArray[pItem->m_iIndex]->GetRight(pItem->m_iRight)); } } break;
case CRigthsListViewItem::subobj: // subobject rigths
{ ASSERT(pItem->m_iIndex < m_classRightInfoArray.GetCount()); m_classRightInfoArray[pItem->m_iIndex]->SetRight(pItem->m_iRight, bSelect); if (!bSelect) { // unchecking any Create/Delete property, will unckeck the Create/Delete All
// and full control
_DeselectAssociatedRights(m_classRightInfoArray[pItem->m_iIndex]->GetRight(pItem->m_iRight)); } } break; default: ASSERT(FALSE); };
}
void CCustomAccessPermissionsHolder::FillAccessRightsListView( CCheckListViewHelper* pListViewHelper, ULONG nFilterState){ // clear the array of list view item proxies
m_listViewItemArr.Clear();
// enumerate the permissions and add to the checklist
ULONG i,j; ULONG iListViewItem = 0; // GENERAL RIGTHS
if (nFilterState & FILTER_EXP_GEN) { // add the list of access rights
UINT nAccessCount = (ULONG) m_accessRightInfoArr.GetCount(); for (i = 0; i < nAccessCount; i++) { // filter out entries with ACTRL_SYSTEM_ACCESS (auditing rigths)
if ( (m_accessRightInfoArr[i]->GetAccess() & ACTRL_SYSTEM_ACCESS) == 0) { CRigthsListViewItem* p = new CRigthsListViewItem(i, // index in m_accessRightInfoArr
0, // iRight
CRigthsListViewItem::access); m_listViewItemArr.Add(p); pListViewHelper->InsertItem(iListViewItem, m_accessRightInfoArr[i]->GetDisplayName(), (LPARAM)p, m_accessRightInfoArr[i]->IsSelected()); iListViewItem++; } }
// add the list of control rights
UINT nControlCount = (ULONG) m_controlRightInfoArr.GetCount(); for (i = 0; i < nControlCount; i++) { CRigthsListViewItem* p = new CRigthsListViewItem(i, // index in m_controlRightInfoArr
0, // iRight
CRigthsListViewItem::ctrl); m_listViewItemArr.Add(p); pListViewHelper->InsertItem(iListViewItem, m_controlRightInfoArr[i]->GetDisplayName(), (LPARAM)p, m_controlRightInfoArr[i]->IsSelected()); iListViewItem++; } } // PROPERTY RIGTHS
if (nFilterState & FILTER_EXP_PROP) { // it expands (2x)
for (i = 0; i < (ULONG) m_propertyRightInfoArray.GetCount(); i++) { for (j=0; j< m_propertyRightInfoArray[i]->GetRightCount(); j++) { LPCWSTR pszRightDisplayName = m_propertyRightInfoArray[i]->GetRightDisplayString(j); if(pszRightDisplayName) { CRigthsListViewItem* p = new CRigthsListViewItem(i,j, CRigthsListViewItem::prop); m_listViewItemArr.Add(p); pListViewHelper->InsertItem(iListViewItem, pszRightDisplayName, (LPARAM)p, m_propertyRightInfoArray[i]->IsRightSelected(j)); iListViewItem++; } } } }
// SUBOBJECT RIGTHS
if (nFilterState & FILTER_EXP_SUBOBJ) { // it expands (2x)
for (i = 0; i < m_classRightInfoArray.GetCount(); i++) { for (j=0; j< m_classRightInfoArray[i]->GetRightCount(); j++) { LPCWSTR pszRightDisplayName = m_classRightInfoArray[i]->GetRightDisplayString(j); if(pszRightDisplayName) {
CRigthsListViewItem* p = new CRigthsListViewItem(i,j, CRigthsListViewItem::subobj); m_listViewItemArr.Add(p); pListViewHelper->InsertItem(iListViewItem, pszRightDisplayName, (LPARAM)p, m_classRightInfoArray[i]->IsRightSelected(j)); iListViewItem++; } } } } // if
ASSERT(iListViewItem == m_listViewItemArr.GetCount());}
void CCustomAccessPermissionsHolder::UpdateAccessRightsListViewSelection( CCheckListViewHelper* pListViewHelper, ULONG /*nFilterState*/){ // syncrhonize the UI with the data
int nListViewCount = pListViewHelper->GetItemCount();
for (int iListViewItem=0; iListViewItem < nListViewCount; iListViewItem++) { CRigthsListViewItem* pCurrItem = (CRigthsListViewItem*)pListViewHelper->GetItemData(iListViewItem);
switch (pCurrItem->m_type) { case CRigthsListViewItem::access: { pListViewHelper->SetItemCheck(iListViewItem, m_accessRightInfoArr[pCurrItem->m_iIndex]->IsSelected()); } break; case CRigthsListViewItem::ctrl: { pListViewHelper->SetItemCheck(iListViewItem, m_controlRightInfoArr[pCurrItem->m_iIndex]->IsSelected()); } break; case CRigthsListViewItem::prop: { pListViewHelper->SetItemCheck(iListViewItem, m_propertyRightInfoArray[pCurrItem->m_iIndex]->IsRightSelected(pCurrItem->m_iRight)); } break; case CRigthsListViewItem::subobj: { pListViewHelper->SetItemCheck(iListViewItem, m_classRightInfoArray[pCurrItem->m_iIndex]->IsRightSelected(pCurrItem->m_iRight)); } break; } // switch
} // for
}
void CCustomAccessPermissionsHolder::WriteSummary(CWString& szSummary, LPCWSTR lpszIdent, LPCWSTR lpszNewLine){ WriteSummaryTitleLine(szSummary, IDS_DELEGWIZ_FINISH_PERMISSIONS, lpszNewLine);
if (m_accessRightInfoArr[0]->IsSelected()) // full control
{ WriteSummaryLine(szSummary, m_accessRightInfoArr[0]->GetDisplayName(), lpszIdent, lpszNewLine); } else { ULONG AccessAllClass = 0; ULONG AccessAllProperty = 0;
UINT i,j,k; // add an entry for all the standard access permissions:
for (k=0; k < m_accessRightInfoArr.GetCount(); k++) { if (m_accessRightInfoArr[k]->IsSelected()) { // keep track of "All" flags
if (m_accessRightInfoArr[k]->GetAccess() & ACTRL_DS_READ_PROP) AccessAllProperty |= ACTRL_DS_READ_PROP; if (m_accessRightInfoArr[k]->GetAccess() & ACTRL_DS_WRITE_PROP) AccessAllProperty |= ACTRL_DS_WRITE_PROP;
if (m_accessRightInfoArr[k]->GetAccess() & ACTRL_DS_CREATE_CHILD) AccessAllClass |= ACTRL_DS_CREATE_CHILD; if (m_accessRightInfoArr[k]->GetAccess() & ACTRL_DS_DELETE_CHILD) AccessAllClass |= ACTRL_DS_DELETE_CHILD;
WriteSummaryLine(szSummary, m_accessRightInfoArr[k]->GetDisplayName(), lpszIdent, lpszNewLine); } } // for
// add an entry for each of the control rights
for (k=0; k < m_controlRightInfoArr.GetCount(); k++) { if (m_controlRightInfoArr[k]->IsSelected()) { WriteSummaryLine(szSummary, m_controlRightInfoArr[k]->GetDisplayName(), lpszIdent, lpszNewLine); } } // for
// add an entry for each of the subobjects rigths
for (i = 0; i < m_classRightInfoArray.GetCount(); i++) { for (j=0; j< m_classRightInfoArray[i]->GetRightCount(); j++) { if ( m_classRightInfoArray[i]->IsRightSelected(j) && ((AccessAllClass & m_classRightInfoArray[i]->GetRight(j)) == 0) ) { LPCWSTR pszRightDisplayString = m_classRightInfoArray[i]->GetRightDisplayString(j); if(pszRightDisplayString) { WriteSummaryLine(szSummary, pszRightDisplayString, lpszIdent, lpszNewLine); } } } }
// add an entry for each property right to set
for (i = 0; i < m_propertyRightInfoArray.GetCount(); i++) { for (j=0; j< m_propertyRightInfoArray[i]->GetRightCount(); j++) { if ( m_propertyRightInfoArray[i]->IsRightSelected(j) && ((AccessAllProperty & m_propertyRightInfoArray[0]->GetRight(j)) == 0) ) { LPCWSTR pszRightDisplayString = m_propertyRightInfoArray[i]->GetRightDisplayString(j); if(pszRightDisplayString) { WriteSummaryLine(szSummary, pszRightDisplayString, lpszIdent, lpszNewLine); } } } }
} // if
szSummary += lpszNewLine;}
///////////////////////////////////////////////////////////////////////
// CCheckListViewHelper
#define CHECK_BIT(x) ((x >> 12) -1)
#define CHECK_CHANGED(pNMListView) \
(CHECK_BIT(pNMListView->uNewState) ^ CHECK_BIT(pNMListView->uOldState))
#define LVIS_STATEIMAGEMASK_CHECK (0x2000)
#define LVIS_STATEIMAGEMASK_UNCHECK (0x1000)
BOOL CCheckListViewHelper::IsChecked(NM_LISTVIEW* pNMListView){ return (CHECK_BIT(pNMListView->uNewState) != 0);}
BOOL CCheckListViewHelper::CheckChanged(NM_LISTVIEW* pNMListView){ if (pNMListView->uOldState == 0) return FALSE; // adding new items...
return CHECK_CHANGED(pNMListView) ? TRUE : FALSE;}
BOOL CCheckListViewHelper::Initialize(UINT nID, HWND hParent){ m_hWnd = GetDlgItem(hParent, nID); if (m_hWnd == NULL) return FALSE;
ListView_SetExtendedListViewStyle(m_hWnd, LVS_EX_CHECKBOXES);
RECT r; ::GetClientRect(m_hWnd, &r); int scroll = ::GetSystemMetrics(SM_CXVSCROLL); LV_COLUMN col; ZeroMemory(&col, sizeof(LV_COLUMN)); col.mask = LVCF_WIDTH; col.cx = (r.right - r.left) - scroll; return (0 == ListView_InsertColumn(m_hWnd,0,&col));}
int CCheckListViewHelper::InsertItem(int iItem, LPCTSTR lpszText, LPARAM lParam, BOOL bCheck){ TRACE(_T("CCheckListViewHelper::InsertItem(%d,%s,%x)\n"),iItem, lpszText, lParam);
LV_ITEM item; ZeroMemory(&item, sizeof(LV_ITEM)); item.mask = LVIF_TEXT | LVIF_PARAM; item.pszText = (LPTSTR)lpszText; item.lParam = lParam; item.iItem = iItem;
int iRes = ListView_InsertItem(m_hWnd, &item); if ((iRes != -1) && bCheck) SetItemCheck(iItem, TRUE); return iRes;}
BOOL CCheckListViewHelper::SetItemCheck(int iItem, BOOL bCheck){ LV_ITEM item; ZeroMemory(&item, sizeof(LV_ITEM)); item.mask = LVIF_STATE; item.state = bCheck ? LVIS_STATEIMAGEMASK_CHECK : LVIS_STATEIMAGEMASK_UNCHECK; item.stateMask = LVIS_STATEIMAGEMASK; item.iItem = iItem; return ListView_SetItem(m_hWnd, &item);}
void CCheckListViewHelper::SetCheckAll(BOOL bCheck){ LV_ITEM item; ZeroMemory(&item, sizeof(LV_ITEM)); item.mask = LVIF_STATE; item.state = bCheck ? LVIS_STATEIMAGEMASK_CHECK : LVIS_STATEIMAGEMASK_UNCHECK; item.stateMask = LVIS_STATEIMAGEMASK;
int nCount = ListView_GetItemCount(m_hWnd); for (int k = 0; k< nCount; k++) { item.iItem = k; ListView_SetItem(m_hWnd, &item); }}
LPARAM CCheckListViewHelper::GetItemData(int iItem){ LV_ITEM item; ZeroMemory(&item, sizeof(LV_ITEM)); item.mask = LVIF_PARAM; item.iItem = iItem; ListView_GetItem(m_hWnd, &item); return item.lParam;}
int CCheckListViewHelper::GetCheckCount(){ int nCount = GetItemCount(); int nCheckCount = 0; for (int k=0; k<nCount; k++) { if (ListView_GetCheckState(m_hWnd,k)) nCheckCount++; } return nCheckCount;}
BOOL CCheckListViewHelper::IsItemChecked(int iItem){ return ListView_GetCheckState(m_hWnd, iItem);}
void CCheckListViewHelper::GetCheckedItems(int nCheckCount, int* nCheckArray){ int nCount = GetItemCount(); int nCurrentCheck = 0; for (int k=0; k<nCount; k++) { if (ListView_GetCheckState(m_hWnd,k) && nCurrentCheck < nCheckCount) { nCheckArray[nCurrentCheck++] = k; } }}
////////////////////////////////////////////////////////////////////////////
// CNamedSecurityInfo
/*
DWORD CNamedSecurityInfo::Get(){ Reset(); // clear previous data
LPWSTR lpProvider = NULL; // not used
LPWSTR lpProperty = NULL; // want all
return ::GetNamedSecurityInfoEx(IN (LPWSTR) m_szObjectName.data(), IN SE_DS_OBJECT_ALL, IN DACL_SECURITY_INFORMATION, IN lpProvider, IN lpProperty, OUT &m_pAccessList, OUT &m_pAuditList, OUT &m_pOwner, OUT &m_pGroup);}
DWORD CNamedSecurityInfo::Set(){ LPWSTR lpProvider = NULL; // not used
dwErr = ::SetNamedSecurityInfoEx(IN (LPWSTR) m_szObjectName.data(), IN SE_DS_OBJECT_ALL, IN DACL_SECURITY_INFORMATION, IN lpProvider, IN m_pAccessList, IN m_pAuditList, IN m_pOwner, IN m_pGroup, IN NULL); // PACTRL_OVERLAPPED pOverlapped;
}
CNamedSecurityInfo::Reset(){ if (m_pAuditList != NULL) ::LocalFree(m_pAuditList); if (m_pOwner != NULL) ::LocalFree(m_pOwner); if (m_pGroup != NULL) ::LocalFree(m_pGroup);
if (m_pAccessList != NULL) ::LocalFree(m_pAccessList);}
*/
////////////////////////////////////////////////////////////////////////////
// CAdsiObject
HRESULT CAdsiObject::Bind(LPCWSTR lpszLdapPath){ _Clear();
CComBSTR bstrNamingContext; CComBSTR bstrClass;
// try to bind to the given LDAP path
HRESULT hr = ::ADsOpenObjectHelper(lpszLdapPath, IID_IADs, 0, (void **)&m_spIADs); if (FAILED(hr)) { TRACE(_T("Bind to DS object for IADs failed: %lx.\n"), hr); goto error; }
// get the DNS server name
hr = _QueryDNSServerName(); if (FAILED(hr)) { TRACE(_T("Trying to get the DNS server name failed: %lx.\n"), hr); goto error; }
hr = _InitGlobalNamingContexts(); if (FAILED(hr)) { TRACE(_T("Trying to get the physical schema naming context failed: %lx.\n"), hr); goto error; }
// need now to rebuild the LDAP path
// to make sure we talk always to the same server
hr = GetPathNameObject()->SkipPrefix(lpszLdapPath, &bstrNamingContext); if (FAILED(hr)) { TRACE(_T("Trying to get X500 name failed: %lx.\n"), hr); goto error; } if ( (!bstrNamingContext ) || (!bstrNamingContext[0])) { goto error; } m_szNamingContext = bstrNamingContext; BuildLdapPathHelper(GetServerName(), bstrNamingContext, m_szLdapPath);
// get the canonical name
hr = GetCanonicalNameFromNamingContext(bstrNamingContext, m_szCanonicalName); if (FAILED(hr)) { TRACE(_T("Trying to get canonical name failed, using naming context instead: %lx.\n"), hr); m_szCanonicalName = bstrNamingContext; } // get the object class
hr = m_spIADs->get_Class(&bstrClass); if (FAILED(hr)) { TRACE(_T("Trying to get class name failed: %lx.\n"), hr); goto error; } ASSERT(bstrClass != NULL); m_szClass = bstrClass;
// load and set the display specifier cache
hr = ::CoCreateInstance(CLSID_DsDisplaySpecifier, NULL, CLSCTX_INPROC_SERVER, IID_IDsDisplaySpecifier, (void**)&m_spIDsDisplaySpecifier); if (FAILED(hr)) { TRACE(_T("Trying to get the display specifier cache failed: %lx.\n"), hr); goto error; }
hr = m_spIDsDisplaySpecifier->SetServer(GetServerName(), NULL, NULL, 0x0); if (FAILED(hr)) { TRACE(_T("m_spIDsDisplaySpecifier->SetServer(%s) failed\n"), GetServerName()); goto error; }
ASSERT(SUCCEEDED(hr)); // all went fine
return hr;
error: // on error condition, just reset the info, we do not
// want a partially constructed object
_Clear(); return hr;}
#define DO_TIMING
HRESULT CAdsiObject::QuerySchemaClasses(CGrowableArr<CSchemaClassInfo>* pSchemaClassesInfoArray, BOOL bGetAttributes){ TRACE(L"\n==================================================\n"); TRACE(L"CAdsiObject::QuerySchemaClasses\n\n");#if defined (DO_TIMING)
DWORD dwTick1 = ::GetTickCount();#endif
// make sure we are bound
if (m_spIADs == NULL) { return E_INVALIDARG; }
// cleanup current entries in the list
pSchemaClassesInfoArray->Clear();
// build the LDAP path for the schema class
CWString szPhysicalSchemaPath; LPCWSTR lpszPhysicalSchemaNamingContext = GetPhysicalSchemaNamingContext(); BuildLdapPathHelper(GetServerName(), lpszPhysicalSchemaNamingContext, szPhysicalSchemaPath);
CAdsiSearch search; HRESULT hr = search.Init(szPhysicalSchemaPath); if (FAILED(hr)) return hr;
static LPCWSTR lpszClassFilterFormat = L"(&(objectCategory=CN=Class-Schema,%s)(lDAPDisplayName=*))"; static LPCWSTR lpszAttributeFilterFormat = L"(&(objectCategory=CN=Attribute-Schema,%s)(lDAPDisplayName=*))"; LPCWSTR lpszFilterFormat = bGetAttributes ? lpszAttributeFilterFormat : lpszClassFilterFormat;
int nFmtLen = lstrlen(lpszFilterFormat); int nSchemaContextLen = lstrlen(lpszPhysicalSchemaNamingContext);
WCHAR* lpszFilter = (WCHAR*)alloca(sizeof(WCHAR)*(nFmtLen+nSchemaContextLen+1)); wsprintf(lpszFilter, lpszFilterFormat, lpszPhysicalSchemaNamingContext);
static const int cAttrs = 4; static LPCWSTR pszAttribsArr[cAttrs] = { L"lDAPDisplayName", // e.g. "organizationalUnit"
L"name", // e.g. "Organizational-Unit"
L"schemaIDGUID", L"objectClassCategory", };
hr = search.SetSearchScope(ADS_SCOPE_ONELEVEL); if (FAILED(hr)) return hr; hr = search.DoQuery(lpszFilter, pszAttribsArr, cAttrs);
if (FAILED(hr)) return hr;
CWString szLDAPName, szName; szLDAPName = L""; szName = L""; GUID schemaIDGUID; ULONG iObjectClassCategory=0;
while ((hr = search.GetNextRow()) != S_ADS_NOMORE_ROWS) { if (FAILED(hr)) continue;
HRESULT hr0 = search.GetColumnString(pszAttribsArr[0], szLDAPName); HRESULT hr1 = search.GetColumnString(pszAttribsArr[1], szName); HRESULT hr2 = search.GetColumnOctectStringGUID(pszAttribsArr[2], schemaIDGUID); HRESULT hr3 = search.GetColumnInteger(pszAttribsArr[3], iObjectClassCategory);
if (FAILED(hr0) || FAILED(hr1) || FAILED(hr2) || FAILED(hr3)) continue;
ULONG fFilterFlags = ::GetClassFlags(szLDAPName);
CSchemaClassInfo* p = new CSchemaClassInfo(szLDAPName, szName, &schemaIDGUID); if(!p) return E_OUTOFMEMORY;
BOOL bFilter = (fFilterFlags & IDC_CLASS_NO); if (bFilter) p->SetFiltered();
//is class Auxiallary
if(iObjectClassCategory == 3) p->SetAux();
pSchemaClassesInfoArray->Add(p); //TRACE(L"Class %s inserted, IsFiltered() == %d\n", (LPCWSTR)szName, p->IsFiltered());
} // while
TRACE(L"\n================================================\n");#if defined (DO_TIMING)
DWORD dwTick2 = ::GetTickCount(); TRACE(L"Time to do Schema Query loop (mSec) = %d\n", dwTick2-dwTick1);#endif
_GetFriendlyClassNames(pSchemaClassesInfoArray);
#if defined (DO_TIMING)
dwTick2 = ::GetTickCount();#endif
pSchemaClassesInfoArray->Sort(); // wrt friendly class name
#if defined (DO_TIMING)
DWORD dwTick3 = ::GetTickCount(); TRACE(L"Time to sort (mSec) = %d\n", dwTick3-dwTick2);#endif
TRACE(L"exiting CAdsiObject::QuerySchemaClasses()\n\n"); return hr;}
HRESULT CAdsiObject::GetClassGuid(LPCWSTR lpszClassLdapDisplayName, BOOL bGetAttribute, GUID& guid){ //TRACE(L"CAdsiObject::GetClassGuid(%s, _)\n\n", lpszClassLdapDisplayName);
ZeroMemory(&guid, sizeof(GUID));
// make sure we are bound
if (m_spIADs == NULL) { return E_INVALIDARG; }
// build the LDAP path for the schema class
CWString szPhysicalSchemaPath; LPCWSTR lpszPhysicalSchemaNamingContext = GetPhysicalSchemaNamingContext(); BuildLdapPathHelper(GetServerName(), lpszPhysicalSchemaNamingContext, szPhysicalSchemaPath);
CAdsiSearch search; HRESULT hr = search.Init(szPhysicalSchemaPath); if (FAILED(hr)) return hr;
static LPCWSTR lpszClassFilterFormat = L"(&(objectCategory=CN=Class-Schema,%s)(lDAPDisplayName=%s))"; static LPCWSTR lpszAttributeFilterFormat = L"(&(objectCategory=CN=Attribute-Schema,%s)(lDAPDisplayName=%s))"; LPCWSTR lpszFilterFormat = bGetAttribute ? lpszAttributeFilterFormat : lpszClassFilterFormat;
int nFmtLen = lstrlen(lpszFilterFormat); int nSchemaContextLen = lstrlen(lpszPhysicalSchemaNamingContext); int nlDAPDisplayNameLen = lstrlen(lpszClassLdapDisplayName);
WCHAR* lpszFilter = (WCHAR*)alloca(sizeof(WCHAR)*(nFmtLen+nSchemaContextLen+nlDAPDisplayNameLen+1)); wsprintf(lpszFilter, lpszFilterFormat, lpszPhysicalSchemaNamingContext, lpszClassLdapDisplayName);
//TRACE(L"lpszFilter = %s\n", lpszFilter);
static const int cAttrs = 1; static LPCWSTR pszAttribsArr[cAttrs] = { L"schemaIDGUID", }; hr = search.SetSearchScope(ADS_SCOPE_ONELEVEL); if (FAILED(hr)) return hr; hr = search.DoQuery(lpszFilter, pszAttribsArr, cAttrs);
if (FAILED(hr)) return hr;
// expect a single result
hr = search.GetNextRow(); if ( hr == S_ADS_NOMORE_ROWS) { hr = E_ADS_UNKNOWN_OBJECT; } if (FAILED(hr)) return hr;
hr = search.GetColumnOctectStringGUID(pszAttribsArr[0], guid);
//TRACE(L"exiting CAdsiObject::GetClassGuid()\n\n");
return hr;}
HRESULT CAdsiObject::_QueryDNSServerName(){ // make sure we are bound
if (m_spIADs == NULL) { return E_INVALIDARG; }
m_szServerName = L"";
CComPtr<IADsObjectOptions> spIADsObjectOptions; HRESULT hr = m_spIADs->QueryInterface(IID_IADsObjectOptions, (void**)&spIADsObjectOptions); if (FAILED(hr)) return hr;
CComVariant var; hr = spIADsObjectOptions->GetOption(ADS_OPTION_SERVERNAME, &var); if (FAILED(hr)) return hr;
if(var.vt == VT_BSTR) { m_szServerName = V_BSTR(&var); } else { hr = E_INVALIDARG; }
return hr;}
HRESULT CAdsiObject::_InitGlobalNamingContexts(){ return ::GetGlobalNamingContexts(GetServerName(), m_szPhysicalSchemaNamingContext, m_szConfigurationNamingContext);}
HICON CAdsiObject::GetClassIcon(LPCWSTR lpszObjectClass){ ASSERT(m_spIDsDisplaySpecifier != NULL);
return m_spIDsDisplaySpecifier->GetIcon(lpszObjectClass, DSGIF_ISNORMAL | DSGIF_GETDEFAULTICON, 32, 32);}
HRESULT CAdsiObject::GetFriendlyClassName(LPCWSTR lpszObjectClass, LPWSTR lpszBuffer, int cchBuffer){ ASSERT(m_spIDsDisplaySpecifier != NULL); return m_spIDsDisplaySpecifier->GetFriendlyClassName(lpszObjectClass, lpszBuffer, cchBuffer);}
HRESULT CAdsiObject::GetFriendlyAttributeName(LPCWSTR lpszObjectClass, LPCWSTR lpszAttributeName, LPWSTR lpszBuffer, int cchBuffer){ ASSERT(m_spIDsDisplaySpecifier != NULL); return m_spIDsDisplaySpecifier->GetFriendlyAttributeName(lpszObjectClass, lpszAttributeName, lpszBuffer, cchBuffer);}
#if (FALSE)
HRESULT CAdsiObject::_GetFriendlyClassNames(CGrowableArr<CSchemaClassInfo>* pSchemaClassesInfoArray){ TRACE(L"begin _GetFriendlyClassNames() loop on all classes\n");
#if defined (DO_TIMING)
DWORD dwTick1 = ::GetTickCount();#endif
// now get the friendly class name to display
ULONG nCount = pSchemaClassesInfoArray->GetCount(); WCHAR szFrendlyName[1024];
for (UINT k=0; k<nCount; k++) { CSchemaClassInfo* p = (*pSchemaClassesInfoArray)[k]; HRESULT hrFriendlyName = this->GetFriendlyClassName(p->GetName(), szFrendlyName, 1024); ASSERT(SUCCEEDED(hrFriendlyName)); (*pSchemaClassesInfoArray)[k]->SetDisplayName(SUCCEEDED(hrFriendlyName) ? szFrendlyName : NULL); }
#if defined (DO_TIMING)
DWORD dwTick2 = ::GetTickCount(); TRACE(L"Time to call _GetFriendlyClassNames() loop (mSec) = %d\n", dwTick2-dwTick1);#endif
return S_OK;}
#else
HRESULT CAdsiObject::_GetFriendlyClassNames(CGrowableArr<CSchemaClassInfo>* pSchemaClassesInfoArray){ TRACE(L"\nbegin _GetFriendlyClassNames() using ADSI query\n");
#if defined (DO_TIMING)
DWORD dwTick1 = ::GetTickCount();#endif
ASSERT(m_spIDsDisplaySpecifier != NULL);
// get the display specifiers locale container (e.g. 409)
CComPtr<IADs> spLocaleContainer; HRESULT hr = m_spIDsDisplaySpecifier->GetDisplaySpecifier(NULL, IID_IADs, (void**)&spLocaleContainer); if (FAILED(hr)) return hr;
// get distinguished name of the container
CComVariant varLocaleContainerDN; hr = spLocaleContainer->Get(CComBSTR (L"distinguishedName"), &varLocaleContainerDN); if (FAILED(hr)) return hr;
// build the LDAP path for it
CWString szLocaleContainerPath; BuildLdapPathHelper(GetServerName(), varLocaleContainerDN.bstrVal, szLocaleContainerPath);
// build the LDAP path for the schema class
CWString szPhysicalSchemaPath; LPCWSTR lpszPhysicalSchemaNamingContext = GetPhysicalSchemaNamingContext(); BuildLdapPathHelper(GetServerName(), lpszPhysicalSchemaNamingContext, szPhysicalSchemaPath);
// build an LDAP query string
static LPCWSTR lpszFilterFormat = L"(objectCategory=CN=Display-Specifier,%s)";
int nFmtLen = lstrlen(lpszFilterFormat); int nArgumentLen = lstrlen(lpszPhysicalSchemaNamingContext);
WCHAR* lpszFilter = (WCHAR*)alloca(sizeof(WCHAR)*(nFmtLen+nArgumentLen+1)); wsprintf(lpszFilter, lpszFilterFormat, lpszPhysicalSchemaNamingContext);
// execute a query to get the CN and the class display name
CAdsiSearch search; hr = search.Init(szLocaleContainerPath); if (FAILED(hr)) return hr;
// build an array of wanted columns
static const int cAttrs = 2; static LPCWSTR pszAttribsArr[cAttrs] = { L"cn", // e.g. "organizationalUnit-Display"
L"classDisplayName", // e.g. "Organizational Unit" (i.e. the localizable one)
}; hr = search.SetSearchScope(ADS_SCOPE_ONELEVEL); //TRACE(L"search.SetSearchScope(ADS_SCOPE_ONELEVEL) returned hr = 0x%x\n", hr);
if (FAILED(hr)) return hr;
hr = search.DoQuery(lpszFilter, pszAttribsArr, cAttrs); //TRACE(L"search.DoQuery(lpszFilter, pszAttribsArr, cAttrs) returned hr = 0x%x\n", hr);
if (FAILED(hr)) return hr;
// need to keep track of matches
size_t nCount = pSchemaClassesInfoArray->GetCount();
BOOL* bFoundArray = (BOOL*)alloca(nCount*sizeof(BOOL)); ZeroMemory(bFoundArray, nCount*sizeof(BOOL));
WCHAR szBuffer[1024];
CWString szNamingAttribute, szClassDisplayName;
while ((hr = search.GetNextRow()) != S_ADS_NOMORE_ROWS) { if (FAILED(hr)) continue;
HRESULT hr0 = search.GetColumnString(pszAttribsArr[0], szNamingAttribute); HRESULT hr1 = search.GetColumnString(pszAttribsArr[1], szClassDisplayName);
//TRACE(L"szNamingAttribute = <%s>, szClassDisplayName = <%s>\n",
// szNamingAttribute.c_str(), szClassDisplayName.c_str());
if (FAILED(hr0) || FAILED(hr1) ) { TRACE(L"WARNING: discarding right, failed on columns: hr0 = 0x%x, hr1 = 0x%x\n", hr0, hr1); continue; } // got a good name, need to match with the entries in the array
for (UINT k=0; k<nCount; k++) { if (!bFoundArray[k]) { CSchemaClassInfo* p = (*pSchemaClassesInfoArray)[k]; //If its truncate, than string comparison will fail and
//it will be treated as if DisplayName didn't exist which
//is fine.
//NTRAID#NTBUG9-530206-2002/06/18-ronmart-Check return code and abort if failed
HRESULT hres = StringCchPrintf(szBuffer,sizeof(szBuffer)/sizeof(szBuffer[0]), L"%s-Display",p->GetName()); if(FAILED(hres)) return hres;
if (_wcsicmp(szBuffer, szNamingAttribute) == 0) { //TRACE(L" matching for %s\n",p->GetName());
p->SetDisplayName(szClassDisplayName); bFoundArray[k] = TRUE; } } } // for
} // while
// take care of the ones that did not have any display specifier
for (UINT k=0; k<nCount; k++) { if (!bFoundArray[k]) { (*pSchemaClassesInfoArray)[k]->SetDisplayName(NULL); } } // for
TRACE(L"\n\n");
if (hr == S_ADS_NOMORE_ROWS) hr = S_OK;
#if defined (DO_TIMING)
DWORD dwTick2 = ::GetTickCount(); TRACE(L"Time to call _GetFriendlyClassNames() on ADSI query (mSec) = %d\n", dwTick2-dwTick1);#endif
return hr;}
#endif
boolCAdsiObject::GetListObjectEnforced(){ if(m_iListObjectEnforced != -1) return (m_iListObjectEnforced==1);
PADS_ATTR_INFO pAttributeInfo = NULL; IDirectoryObject *pDirectoryService = NULL; IADsPathname *pPath = NULL; BSTR strServicePath = NULL; do { m_iListObjectEnforced = 0; // Assume "not enforced"
HRESULT hr = S_OK;
int i;
// Create a path object for manipulating ADS paths
hr = CoCreateInstance(CLSID_Pathname, NULL, CLSCTX_INPROC_SERVER, IID_IADsPathname, (LPVOID*)&pPath); if(FAILED(hr)) break;
CComBSTR bstrConfigPath = L"LDAP://"; if(GetServerName()) { bstrConfigPath += GetServerName(); bstrConfigPath += L"/"; } if(!GetConfigurationNamingContext()) break; bstrConfigPath += GetConfigurationNamingContext();
if(!bstrConfigPath.Length()) break;
hr = pPath->Set(bstrConfigPath, ADS_SETTYPE_FULL); if(FAILED(hr)) break;
const LPWSTR aszServicePath[] = { L"CN=Services", L"CN=Windows NT", L"CN=Directory Service", };
for (i = 0; i < ARRAYSIZE(aszServicePath); i++) { hr = pPath->AddLeafElement(CComBSTR (aszServicePath[i])); if(FAILED(hr)) break; }
hr = pPath->Retrieve(ADS_FORMAT_WINDOWS, &strServicePath); if(FAILED(hr)) break;
hr = ADsOpenObjectHelper(strServicePath, IID_IDirectoryObject, 0, (LPVOID*)&pDirectoryService); if(FAILED(hr)) break;
WCHAR const c_szDsHeuristics[] = L"dSHeuristics"; LPWSTR pszDsHeuristics = (LPWSTR)c_szDsHeuristics; DWORD dwAttributesReturned = 0; hr = pDirectoryService->GetObjectAttributes(&pszDsHeuristics, 1, &pAttributeInfo, &dwAttributesReturned); if (FAILED(hr)|| !pAttributeInfo) break;
ASSERT(ADSTYPE_DN_STRING <= pAttributeInfo->dwADsType); ASSERT(ADSTYPE_NUMERIC_STRING >= pAttributeInfo->dwADsType); ASSERT(1 == pAttributeInfo->dwNumValues); LPWSTR pszHeuristicString = pAttributeInfo->pADsValues->NumericString; if (pszHeuristicString && lstrlenW(pszHeuristicString) > 2 && L'0' != pszHeuristicString[2]) { m_iListObjectEnforced = 1; }
}while(0);
if (pAttributeInfo) FreeADsMem(pAttributeInfo);
if(pDirectoryService) pDirectoryService->Release(); if(pPath) pPath->Release(); if(strServicePath) SysFreeString(strServicePath);
return (m_iListObjectEnforced==1);}
////////////////////////////////////////////////////////////////////////////////////////
// CAdsiSearch
HRESULT CAdsiSearch::DoQuery(LPCWSTR lpszFilter, LPCWSTR* pszAttribsArr, int cAttrs){ if (m_spSearchObj == NULL) return E_ADS_BAD_PATHNAME;
static const int NUM_PREFS=3; static const int QUERY_PAGESIZE = 256; ADS_SEARCHPREF_INFO aSearchPref[NUM_PREFS];
aSearchPref[0].dwSearchPref = ADS_SEARCHPREF_CHASE_REFERRALS; aSearchPref[0].vValue.dwType = ADSTYPE_INTEGER; aSearchPref[0].vValue.Integer = ADS_CHASE_REFERRALS_EXTERNAL; aSearchPref[1].dwSearchPref = ADS_SEARCHPREF_PAGESIZE; aSearchPref[1].vValue.dwType = ADSTYPE_INTEGER; aSearchPref[1].vValue.Integer = QUERY_PAGESIZE; aSearchPref[2].dwSearchPref = ADS_SEARCHPREF_CACHE_RESULTS; aSearchPref[2].vValue.dwType = ADSTYPE_BOOLEAN; aSearchPref[2].vValue.Integer = FALSE; HRESULT hr = m_spSearchObj->SetSearchPreference (aSearchPref, NUM_PREFS); if (FAILED(hr)) return hr; return m_spSearchObj->ExecuteSearch((LPWSTR)lpszFilter, (LPWSTR*)pszAttribsArr, cAttrs, &m_SearchHandle);}
//
//Functions to replace GetNamedSecurityInfo and SetNamedSecurityInfo
//
#pragma warning (disable : 4127)
HRESULTSetSecInfoMask(LPUNKNOWN punk, SECURITY_INFORMATION si){ HRESULT hr = E_INVALIDARG; if (punk) { IADsObjectOptions *pOptions; hr = punk->QueryInterface(IID_IADsObjectOptions, (void**)&pOptions); if (SUCCEEDED(hr)) { VARIANT var; VariantInit(&var); V_VT(&var) = VT_I4; V_I4(&var) = si; hr = pOptions->SetOption(ADS_OPTION_SECURITY_MASK, var); pOptions->Release(); } } return hr;}//+---------------------------------------------------------------------------
//
// Function: GetSDForDsObject
// Synopsis: Reads the security descriptor from the specied DS object
// It only reads the DACL portion of the security descriptor
//
// Arguments: [IN pDsObject] -- DS object
// [ppDACL] --pointer to dacl in ppSD is returned here
// [OUT ppSD] -- Security descriptor returned here.
// calling API must free this by calling LocalFree
//
// Notes: The returned security descriptor must be freed with LocalFree
//
//----------------------------------------------------------------------------
HRESULT GetSDForDsObject(IDirectoryObject* pDsObject, PACL* ppDACL, PSECURITY_DESCRIPTOR* ppSD){ if(!pDsObject || !ppSD) { return E_POINTER; } *ppSD = NULL; if(ppDACL) { *ppDACL = NULL; }
HRESULT hr = S_OK; PADS_ATTR_INFO pSDAttributeInfo = NULL; do { WCHAR const c_szSDProperty[] = L"nTSecurityDescriptor"; LPWSTR pszProperty = (LPWSTR)c_szSDProperty; // Set the SECURITY_INFORMATION mask to DACL_SECURITY_INFORMATION
hr = SetSecInfoMask(pDsObject, DACL_SECURITY_INFORMATION); if(FAILED(hr)) break;
DWORD dwAttributesReturned; // Read the security descriptor attribute
hr = pDsObject->GetObjectAttributes(&pszProperty, 1, &pSDAttributeInfo, &dwAttributesReturned);
if(SUCCEEDED(hr) && !pSDAttributeInfo) { hr = E_FAIL; }
if(FAILED(hr)) break;
if((ADSTYPE_NT_SECURITY_DESCRIPTOR == pSDAttributeInfo->dwADsType) && (ADSTYPE_NT_SECURITY_DESCRIPTOR == pSDAttributeInfo->pADsValues->dwType)) {
*ppSD = (PSECURITY_DESCRIPTOR)LocalAlloc(LPTR, pSDAttributeInfo->pADsValues->SecurityDescriptor.dwLength); if (!*ppSD) { hr = E_OUTOFMEMORY; break; }
CopyMemory(*ppSD, pSDAttributeInfo->pADsValues->SecurityDescriptor.lpValue, pSDAttributeInfo->pADsValues->SecurityDescriptor.dwLength);
if(ppDACL) { BOOL bDaclPresent,bDaclDeafulted; if(!GetSecurityDescriptorDacl(*ppSD, &bDaclPresent, ppDACL, &bDaclDeafulted)) { DWORD dwErr = GetLastError(); hr = HRESULT_FROM_WIN32(dwErr); break; } } } else { hr = E_FAIL; } }while(0);
if (pSDAttributeInfo) FreeADsMem(pSDAttributeInfo);
if(FAILED(hr)) { if(*ppSD) { LocalFree(*ppSD); *ppSD = NULL; if(ppDACL) *ppDACL = NULL; } }
return hr;}
//+---------------------------------------------------------------------------
//
// Function: GetSDForDsObjectPath
// Synopsis: Reads the security descriptor from the specied DS object
// It only reads the DACL portion of the security descriptor
//
// Arguments: [IN pszObjectPath] -- LDAP Path of ds object
// [ppDACL] --pointer to dacl in ppSD is returned here
// [OUT ppSD] -- Security descriptor returned here.
// calling API must free this by calling LocalFree
//
// Notes: The returned security descriptor must be freed with LocalFree
//
//----------------------------------------------------------------------------
HRESULT GetSDForDsObjectPath(LPCWSTR pszObjectPath, PACL* ppDACL, PSECURITY_DESCRIPTOR* ppSecurityDescriptor){ if(!pszObjectPath || !ppSecurityDescriptor) { return E_POINTER; }
IDirectoryObject* pDsObject = NULL; HRESULT hr = ADsOpenObjectHelper(pszObjectPath, IID_IDirectoryObject,0,(void**)&pDsObject); if(SUCCEEDED(hr)) { hr = GetSDForDsObject(pDsObject,ppDACL,ppSecurityDescriptor); }
if(pDsObject) pDsObject->Release();
return hr;}
//+---------------------------------------------------------------------------
//
// Function: SetDaclForDsObject
// Synopsis: Sets the the DACL for the specified DS object
//
// Arguments: [IN pDsObject] -- ds object
// [IN pDACL] --pointer to dacl to be set
//
//----------------------------------------------------------------------------
HRESULT SetDaclForDsObject(IDirectoryObject* pDsObject, PACL pDACL){ if(!pDsObject || !pDACL) { return E_POINTER; } WCHAR const c_szSDProperty[] = L"nTSecurityDescriptor";
PSECURITY_DESCRIPTOR pSD = NULL; PSECURITY_DESCRIPTOR pSDCurrent = NULL; HRESULT hr = S_OK;
do { //Get the current SD for the object
hr = GetSDForDsObject(pDsObject,NULL,&pSDCurrent); if(FAILED(hr)) break;
//Get the control for the current security descriptor
SECURITY_DESCRIPTOR_CONTROL currentControl; DWORD dwRevision = 0; if(!GetSecurityDescriptorControl(pSDCurrent, ¤tControl, &dwRevision)) { DWORD dwErr = GetLastError(); hr = HRESULT_FROM_WIN32(dwErr); break; }
//Allocate the buffer for Security Descriptor
pSD = (PSECURITY_DESCRIPTOR)LocalAlloc(LPTR, SECURITY_DESCRIPTOR_MIN_LENGTH + pDACL->AclSize); if(!pSD) { hr = E_OUTOFMEMORY; break; }
if(!InitializeSecurityDescriptor(pSD, SECURITY_DESCRIPTOR_REVISION)) { DWORD dwErr = GetLastError(); hr = HRESULT_FROM_WIN32(dwErr); break; }
PISECURITY_DESCRIPTOR pISD = (PISECURITY_DESCRIPTOR)pSD; //
// Finally, build the security descriptor
//
pISD->Control |= SE_DACL_PRESENT | SE_DACL_AUTO_INHERIT_REQ | (currentControl & (SE_DACL_PROTECTED | SE_DACL_AUTO_INHERITED));
if (pDACL->AclSize > 0) { pISD->Dacl = (PACL)(pISD + 1); CopyMemory(pISD->Dacl, pDACL, pDACL->AclSize); }
//We are only setting DACL information
hr = SetSecInfoMask(pDsObject, DACL_SECURITY_INFORMATION); if(FAILED(hr)) break;
// Need the total size
DWORD dwSDLength = GetSecurityDescriptorLength(pSD);
//
// If necessary, make a self-relative copy of the security descriptor
//
SECURITY_DESCRIPTOR_CONTROL sdControl = 0; if(!GetSecurityDescriptorControl(pSD, &sdControl, &dwRevision)) { DWORD dwErr = GetLastError(); hr = HRESULT_FROM_WIN32(dwErr); break; }
if (!(sdControl & SE_SELF_RELATIVE)) { PSECURITY_DESCRIPTOR psd = (PSECURITY_DESCRIPTOR)LocalAlloc(LPTR, dwSDLength);
if (psd == NULL || !MakeSelfRelativeSD(pSD, psd, &dwSDLength)) { DWORD dwErr = GetLastError(); hr = HRESULT_FROM_WIN32(dwErr); break; }
// Point to the self-relative copy
LocalFree(pSD); pSD = psd; } ADSVALUE attributeValue; ADS_ATTR_INFO attributeInfo;
attributeValue.dwType = ADSTYPE_NT_SECURITY_DESCRIPTOR; attributeValue.SecurityDescriptor.dwLength = dwSDLength; attributeValue.SecurityDescriptor.lpValue = (LPBYTE)pSD;
attributeInfo.pszAttrName = (LPWSTR)c_szSDProperty; attributeInfo.dwControlCode = ADS_ATTR_UPDATE; attributeInfo.dwADsType = ADSTYPE_NT_SECURITY_DESCRIPTOR; attributeInfo.pADsValues = &attributeValue; attributeInfo.dwNumValues = 1; DWORD dwAttributesModified;
// Write the security descriptor
hr = pDsObject->SetObjectAttributes(&attributeInfo, 1, &dwAttributesModified);
}while(0);
if(pSDCurrent) { LocalFree(pSDCurrent); }
if(pSD) { LocalFree(pSD); }
return S_OK;
}
HRESULT SetDaclForDsObjectPath(LPCWSTR pszObjectPath, PACL pDACL){ if(!pszObjectPath || !pDACL) return E_POINTER;
IDirectoryObject* pDsObject = NULL;
HRESULT hr = ADsOpenObjectHelper(pszObjectPath, IID_IDirectoryObject,0,(void**)&pDsObject); if(SUCCEEDED(hr)) { hr = SetDaclForDsObject(pDsObject,pDACL); }
if(pDsObject) pDsObject->Release();
return hr;
}
|
