windows-server-2003/admin/snapin/certmgr/gpepage.cpp

//+---------------------------------------------------------------------------
/////////////////////////////////////////////////////////////////////////////////
//
//  Microsoft Windows
//  Copyright (C) Microsoft Corporation, 1997-2002.
//
//  File:       GPEPage.cpp
//
//  Contents:   Implementation of CGPERootGeneralPage
//
//----------------------------------------------------------------------------

#include "stdafx.h"
#include <gpedit.h>
#include "GPEPage.h"
#include "storegpe.h"
#include "CompData.h"

#ifdef _DEBUG
#ifndef ALPHA
#define new DEBUG_NEW
#endif
#undef THIS_FILE
static char THIS_FILE[] = __FILE__;
#endif

extern GUID g_guidExtension;
extern GUID g_guidSnapin;
extern GUID g_guidRegExt;


/////////////////////////////////////////////////////////////////////////////
// CGPERootGeneralPage property page


CGPERootGeneralPage::CGPERootGeneralPage(CCertMgrComponentData* pCompData,
        bool fIsComputerType) :
    CHelpPropertyPage(CGPERootGeneralPage::IDD),
    m_dwGPERootFlags (0),
    m_hUserRootFlagsKey (0),
    m_hGroupPolicyKey (0),
    m_pGPEInformation (pCompData->GetGPEInformation ()),
    m_fIsComputerType (fIsComputerType)
{
    //{{AFX_DATA_INIT(CGPERootGeneralPage)
    // NOTE: the ClassWizard will add member initialization here
    //}}AFX_DATA_INIT

    if ( m_pGPEInformation )
    {
        m_pGPEInformation->AddRef ();

        HRESULT hResult = m_pGPEInformation->GetRegistryKey (GPO_SECTION_MACHINE,
		        &m_hGroupPolicyKey);
        ASSERT (SUCCEEDED (hResult));
        if ( SUCCEEDED (hResult) )
		    GPEGetUserRootFlags ();
    } 
    else 
        RSOPGetUserRootFlags (pCompData);
}

CGPERootGeneralPage::~CGPERootGeneralPage()
{
    if ( m_hUserRootFlagsKey )
        ::RegCloseKey (m_hUserRootFlagsKey);
    if ( m_hGroupPolicyKey )
        ::RegCloseKey (m_hGroupPolicyKey);
    if ( m_pGPEInformation )
        m_pGPEInformation->Release ();
}

void CGPERootGeneralPage::DoDataExchange(CDataExchange* pDX)
{
    CHelpPropertyPage::DoDataExchange(pDX);
    //{{AFX_DATA_MAP(CGPERootGeneralPage)
    DDX_Control(pDX, IDC_ENABLE_USER_ROOT_STORE, m_enableUserRootStoreBtn);
    //}}AFX_DATA_MAP
}


BEGIN_MESSAGE_MAP(CGPERootGeneralPage, CHelpPropertyPage)
    //{{AFX_MSG_MAP(CGPERootGeneralPage)
    ON_BN_CLICKED(IDC_ENABLE_USER_ROOT_STORE, OnEnableUserRootStore)
    ON_BN_CLICKED(IDC_SET_DISABLE_LM_AUTH_FLAG, OnSetDisableLmAuthFlag)
	ON_BN_CLICKED(IDC_UNSET_DISABLE_LM_AUTH_FLAG, OnUnsetDisableLmAuthFlag)
	ON_BN_CLICKED(IDC_UNSET_DISABLE_NT_AUTH_REQUIRED_FLAG, OnUnsetDisableNtAuthRequiredFlag)
	ON_BN_CLICKED(IDC_SET_DISABLE_NT_AUTH_REQUIRED_FLAG, OnSetDisableNtAuthRequiredFlag)
	//}}AFX_MSG_MAP
END_MESSAGE_MAP()

/////////////////////////////////////////////////////////////////////////////
// CGPERootGeneralPage message handlers


BOOL CGPERootGeneralPage::OnInitDialog()
{
    CHelpPropertyPage::OnInitDialog();

    // If this is the RSOP, make it read-only
    if ( !m_pGPEInformation )
    {
        // Make the page read-only
        m_enableUserRootStoreBtn.EnableWindow (FALSE);
        GetDlgItem (IDC_SET_DISABLE_LM_AUTH_FLAG)->EnableWindow (FALSE);
        GetDlgItem (IDC_UNSET_DISABLE_LM_AUTH_FLAG)->EnableWindow (FALSE);
        GetDlgItem (IDC_SET_DISABLE_NT_AUTH_REQUIRED_FLAG)->EnableWindow (FALSE);
        GetDlgItem (IDC_UNSET_DISABLE_NT_AUTH_REQUIRED_FLAG)->EnableWindow (FALSE);
    }

    if ( IsCurrentUserRootEnabled () )
		m_enableUserRootStoreBtn.SetCheck (BST_CHECKED);

    if ( m_dwGPERootFlags & CERT_PROT_ROOT_DISABLE_LM_AUTH_FLAG )
        SendDlgItemMessage (IDC_SET_DISABLE_LM_AUTH_FLAG, BM_SETCHECK, BST_CHECKED);
    else
        SendDlgItemMessage (IDC_UNSET_DISABLE_LM_AUTH_FLAG, BM_SETCHECK, BST_CHECKED);
 
    if ( m_dwGPERootFlags & CERT_PROT_ROOT_DISABLE_NT_AUTH_REQUIRED_FLAG )
        SendDlgItemMessage (IDC_SET_DISABLE_NT_AUTH_REQUIRED_FLAG, BM_SETCHECK, BST_CHECKED);
    else
        SendDlgItemMessage (IDC_UNSET_DISABLE_NT_AUTH_REQUIRED_FLAG, BM_SETCHECK, BST_CHECKED);
 
 
	return TRUE;  // return TRUE unless you set the focus to a control
      // EXCEPTION: OCX Property Pages should return FALSE
}

void CGPERootGeneralPage::OnOK()
{
    if ( m_pGPEInformation )
    {
	    SaveCheck ();
	    CHelpPropertyPage::OnOK ();
    }
}

void CGPERootGeneralPage::SaveCheck()
{
    ASSERT (m_pGPEInformation);
    if ( m_pGPEInformation )
    {
        bool    bRetVal = false;

        if ( m_enableUserRootStoreBtn.GetCheck () == BST_CHECKED )
            bRetVal = SetGPEFlags ((DWORD) CERT_PROT_ROOT_DISABLE_CURRENT_USER_FLAG, TRUE); // remove flag
        else
            bRetVal = SetGPEFlags ((DWORD) CERT_PROT_ROOT_DISABLE_CURRENT_USER_FLAG, FALSE); // set flag

        if ( bRetVal )
        {
            if ( BST_CHECKED == SendDlgItemMessage (IDC_SET_DISABLE_LM_AUTH_FLAG, BM_GETCHECK) )
                bRetVal = SetGPEFlags ((DWORD) CERT_PROT_ROOT_DISABLE_LM_AUTH_FLAG, FALSE);	// set flag
            else if ( BST_CHECKED == SendDlgItemMessage (IDC_UNSET_DISABLE_LM_AUTH_FLAG, BM_GETCHECK) )
                bRetVal = SetGPEFlags ((DWORD) CERT_PROT_ROOT_DISABLE_LM_AUTH_FLAG, TRUE);	// remove flag
        }
        
        if ( bRetVal )
        {
            if ( BST_CHECKED == SendDlgItemMessage (IDC_SET_DISABLE_NT_AUTH_REQUIRED_FLAG, BM_GETCHECK) )
                bRetVal = SetGPEFlags ((DWORD) CERT_PROT_ROOT_DISABLE_NT_AUTH_REQUIRED_FLAG, FALSE);	// set flag
            else if ( BST_CHECKED == SendDlgItemMessage (IDC_UNSET_DISABLE_NT_AUTH_REQUIRED_FLAG, BM_GETCHECK) )
                bRetVal = SetGPEFlags ((DWORD) CERT_PROT_ROOT_DISABLE_NT_AUTH_REQUIRED_FLAG, TRUE);	// remove flag
        }

        if ( bRetVal )
        {
			// TRUE means we're changing the machine policy only
            m_pGPEInformation->PolicyChanged (TRUE, TRUE, &g_guidExtension, &g_guidSnapin);
            m_pGPEInformation->PolicyChanged (TRUE, TRUE, &g_guidRegExt, &g_guidSnapin);
        }
    }
}

void CGPERootGeneralPage::OnEnableUserRootStore()
{
    SetModified (TRUE);
}


void CGPERootGeneralPage::OnSetDisableLmAuthFlag()
{
    SetModified (TRUE);
}

bool CGPERootGeneralPage::SetGPEFlags (DWORD dwFlags, BOOL bRemoveFlag)
{
    bool    bRetVal = false;

    ASSERT (m_pGPEInformation);
    if ( m_pGPEInformation )
    {
        DWORD   dwType = REG_DWORD;
        DWORD   dwData = 0;
        DWORD   cbData = sizeof (dwData);

        // security review 2/27/2002 BryanWal ok
        LONG    lResult =  ::RegQueryValueEx (m_hUserRootFlagsKey,       // handle of key to query
		            CERT_PROT_ROOT_FLAGS_VALUE_NAME,  // address of name of value to query
			        0,              // reserved
				    &dwType,        // address of buffer for value type
				    (LPBYTE) &dwData,       // address of data buffer
				    &cbData);           // address of data buffer size);
	    ASSERT (ERROR_SUCCESS == lResult || ERROR_FILE_NOT_FOUND == lResult);
        if ( ERROR_SUCCESS == lResult || ERROR_FILE_NOT_FOUND == lResult )
        {
            if ( ERROR_SUCCESS == lResult && REG_DWORD != dwType )
            {
                ASSERT (0);
                return false;
            }

            if ( bRemoveFlag )
                dwData &= ~dwFlags;
            else
                dwData |= dwFlags;

            lResult = ::RegSetValueEx (m_hUserRootFlagsKey,
				    CERT_PROT_ROOT_FLAGS_VALUE_NAME, // address of value to set
				    0,              // reserved
				    REG_DWORD,          // flag for value type
				    (CONST BYTE *) &dwData, // address of value data
				    cbData);        // size of value data);
            ASSERT (ERROR_SUCCESS == lResult);
            if ( ERROR_SUCCESS == lResult )
		    {
                m_dwGPERootFlags = dwData;
                bRetVal = true;
		    }
		    else
                DisplaySystemError (m_hWnd, lResult);
        }
        else
            DisplaySystemError (m_hWnd, lResult);
    }

    return bRetVal;
}

bool CGPERootGeneralPage::IsCurrentUserRootEnabled() const
{
    if (m_dwGPERootFlags & CERT_PROT_ROOT_DISABLE_CURRENT_USER_FLAG)
        return false;
    else
        return true;
}

void CGPERootGeneralPage::RSOPGetUserRootFlags(const CCertMgrComponentData* pCompData)
{
    if ( pCompData )
    {
        const CRSOPObjectArray* pObjectArray = m_fIsComputerType ?
                pCompData->GetRSOPObjectArrayComputer () : 
                pCompData->GetRSOPObjectArrayUser ();
        int     nIndex = 0;

        // NOTE: rsop object array is sorted first by registry key, then by precedence
        INT_PTR nUpperBound = pObjectArray->GetUpperBound ();

        while ( nUpperBound >= nIndex )
        {
            CRSOPObject* pObject = pObjectArray->GetAt (nIndex);
            if ( pObject )
            {
                // Consider only entries from this store
                // security review 2/27/2002 BryanWal ok
                if ( !wcscmp (CERT_PROT_ROOT_FLAGS_REGPATH, pObject->GetRegistryKey ()) )
                {
					ASSERT (1 == pObject->GetPrecedence ());
                    m_dwGPERootFlags = pObject->GetDWORDValue ();
                    break;
                }
            }
            else
                break;

            nIndex++;
        }
    }
}

void CGPERootGeneralPage::GPEGetUserRootFlags()
{
    DWORD   dwDisposition = 0;

    // security review 2/27/2002 BryanWal ok
    LONG lResult = ::RegCreateKeyEx (m_hGroupPolicyKey, // handle of an open key
            CERT_PROT_ROOT_FLAGS_REGPATH,     // address of subkey name
            0,       // reserved
            L"",       // address of class string
            REG_OPTION_NON_VOLATILE,            // special options flag
            KEY_QUERY_VALUE | KEY_SET_VALUE,    // desired security access
            NULL,     // address of key security structure
			&m_hUserRootFlagsKey,      // address of buffer for opened handle
		    &dwDisposition);  // address of disposition value buffer
	ASSERT (lResult == ERROR_SUCCESS);
    if ( lResult == ERROR_SUCCESS )
    {
        // Read value
        DWORD   dwType = REG_DWORD;
        DWORD   dwData = 0;
        DWORD   cbData = sizeof (dwData);

        // security review 2/27/2002 BryanWal ok
        lResult =  ::RegQueryValueEx (m_hUserRootFlagsKey,       // handle of key to query
		        CERT_PROT_ROOT_FLAGS_VALUE_NAME,  // address of name of value to query
			    0,              // reserved
	            &dwType,        // address of buffer for value type
		        (LPBYTE) &dwData,       // address of data buffer
			    &cbData);           // address of data buffer size);
		ASSERT (ERROR_SUCCESS == lResult || ERROR_FILE_NOT_FOUND == lResult);
        if ( ERROR_SUCCESS == lResult || ERROR_FILE_NOT_FOUND == lResult )
		{
            if ( REG_DWORD == dwType )
            {
                m_dwGPERootFlags = dwData;
            }
		}
        else
            DisplaySystemError (NULL, lResult);
    }
    else
        DisplaySystemError (NULL, lResult);
}


void CGPERootGeneralPage::DoContextHelp (HWND hWndControl)
{
    _TRACE (1, L"Entering CGPERootGeneralPage::DoContextHelp\n");
    static const DWORD help_map[] =
    {
        IDC_ENABLE_USER_ROOT_STORE,                 IDH_GPEPAGE_ENABLE_USER_ROOT_STORE,
        IDC_SET_DISABLE_LM_AUTH_FLAG,               IDH_SET_DISABLE_LM_AUTH_FLAG,
        IDC_UNSET_DISABLE_LM_AUTH_FLAG,             IDH_UNSET_DISABLE_LM_AUTH_FLAG,
        IDC_SET_DISABLE_NT_AUTH_REQUIRED_FLAG,      IDH_SET_DISABLE_NT_AUTH_REQUIRED_FLAG,
        IDC_UNSET_DISABLE_NT_AUTH_REQUIRED_FLAG,    IDH_UNSET_DISABLE_NT_AUTH_REQUIRED_FLAG,
        0, 0
    };

    switch (::GetDlgCtrlID (hWndControl))
    {
    case IDC_ENABLE_USER_ROOT_STORE:
    case IDC_SET_DISABLE_LM_AUTH_FLAG:
    case IDC_UNSET_DISABLE_LM_AUTH_FLAG:
    case IDC_SET_DISABLE_NT_AUTH_REQUIRED_FLAG:
    case IDC_UNSET_DISABLE_NT_AUTH_REQUIRED_FLAG:
        if ( !::WinHelp (
            hWndControl,
            GetF1HelpFilename(),
            HELP_WM_HELP,
        (DWORD_PTR) help_map) )
        {
            _TRACE (0, L"WinHelp () failed: 0x%x\n", GetLastError ());    
        }
        break;

    default:
        break;
    }
    _TRACE (-1, L"Leaving CGPERootGeneralPage::DoContextHelp\n");
}


void CGPERootGeneralPage::OnUnsetDisableLmAuthFlag() 
{
	SetModified (TRUE);
}

void CGPERootGeneralPage::OnUnsetDisableNtAuthRequiredFlag() 
{
	SetModified (TRUE);
}

void CGPERootGeneralPage::OnSetDisableNtAuthRequiredFlag() 
{
	SetModified (TRUE);
}