archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 5c6fe3db62
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c6fe3db62'
${ noResults }
windows-server-2003/ds/security/gina/gpext/common/rsop/context.cxx

733 lines
15 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. //*************************************************************
  2. //
  3. // Copyright (c) Microsoft Corporation 1999 - 2000
  4. // All rights reserved
  5. //
  6. // context.cxx
  7. //
  8. //*************************************************************
  10. #include "rsop.hxx"
  11. #include <strsafe.h>
  13. CRsopContext::CRsopContext(
  14. PRSOP_TARGET pRsopTarget,
  15. BOOL bReportingMode,
  16. WCHAR* wszExtensionGuid
  17. ) :
  18. _pWbemServices( pRsopTarget->pWbemServices ),
  19. _wszNameSpace( NULL ),
  20. _pRsopTarget( pRsopTarget ),
  21. _bEnabled( TRUE ),
  22. _dwMode( bReportingMode ? MODE_REPORTING : MODE_PLANNING ),
  23. _phrLoggingStatus ( NULL ),
  24. _hPolicyAccess( NULL ),
  25. _wszExtensionGuid( wszExtensionGuid ),
  26. _hkRsop( NULL )
  27. {
  28. _pWbemServices->AddRef();
  29. }
  32. CRsopContext::CRsopContext(
  33. IWbemServices* pWbemServices,
  34. HRESULT* phrLoggingStatus,
  35. WCHAR* wszExtensionGuid
  36. ) :
  37. _pWbemServices( pWbemServices ),
  38. _wszNameSpace( NULL ),
  39. _pRsopTarget( NULL ),
  40. _bEnabled( pWbemServices != NULL ),
  41. _dwMode( MODE_DIAGNOSTIC ),
  42. _phrLoggingStatus ( phrLoggingStatus ),
  43. _hPolicyAccess( NULL ),
  44. _wszExtensionGuid( wszExtensionGuid ),
  45. _hkRsop( NULL )
  46. {
  47. if ( _bEnabled )
  48. {
  49. _pWbemServices->AddRef();
  50. }
  51. }
  53. CRsopContext::CRsopContext(
  54. WCHAR* wszExtensionGuid
  55. ) :
  56. _pWbemServices( NULL ),
  57. _wszNameSpace( NULL ),
  58. _pRsopTarget( NULL ),
  59. _bEnabled( FALSE ),
  60. _dwMode( MODE_DIAGNOSTIC ),
  61. _phrLoggingStatus ( NULL ),
  62. _hPolicyAccess( NULL ),
  63. _wszExtensionGuid( wszExtensionGuid ),
  64. _hkRsop( NULL )
  65. {}
  68. CRsopContext::~CRsopContext()
  69. {
  70. ASSERT( ! _hPolicyAccess );
  72. //
  73. // Set the final logging status
  74. //
  75. if ( _bEnabled && _phrLoggingStatus )
  76. {
  77. *_phrLoggingStatus = S_OK;
  78. }
  80. if ( _pWbemServices )
  81. {
  82. _pWbemServices->Release();
  83. }
  85. delete [] _wszNameSpace;
  87. if ( _hkRsop )
  88. {
  89. RegCloseKey( _hkRsop );
  90. }
  91. }
  93. BOOL CRsopContext::IsRsopEnabled()
  94. {
  95. return _bEnabled;
  96. }
  98. BOOL CRsopContext::IsPlanningModeEnabled()
  99. {
  100. return ( _dwMode == MODE_PLANNING ) || ( _dwMode == MODE_REPORTING );
  101. }
  103. BOOL CRsopContext::IsDiagnosticModeEnabled()
  104. {
  105. return _dwMode == MODE_DIAGNOSTIC;
  106. }
  108. BOOL CRsopContext::IsReportingModeEnabled()
  109. {
  110. return ( _dwMode == MODE_REPORTING );
  111. }
  113. HRESULT CRsopContext::GetRsopStatus()
  114. {
  115. HRESULT hr;
  117. hr = S_OK;
  119. if ( _phrLoggingStatus )
  120. {
  121. hr = *_phrLoggingStatus;
  122. }
  124. return hr;
  125. }
  127. void CRsopContext::SetNameSpace ( WCHAR* wszNameSpace )
  128. {
  129. _wszNameSpace = wszNameSpace;
  131. if ( _wszNameSpace )
  132. {
  133. EnableRsop();
  134. }
  135. }
  137. void CRsopContext::EnableRsop()
  138. {
  139. _bEnabled = (NULL != _pWbemServices) ||
  140. ( NULL != _wszNameSpace );
  141. }
  143. void CRsopContext::DisableRsop( HRESULT hrReason )
  144. {
  145. if ( _bEnabled && _phrLoggingStatus )
  146. {
  147. *_phrLoggingStatus = hrReason;
  148. }
  150. _bEnabled = FALSE;
  151. }
  154. //++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  155. //
  156. // Function: CRsopContext::Bind
  157. //
  158. // Purpose: Bind to a policy database and return an interface
  159. // for the user or machine namespace
  160. //
  161. // Params:
  162. //
  163. //
  164. // Return value: S_OK if successful, S_FALSE if already init'd,
  165. // other facility error if, the function fails.
  166. //
  167. // Notes:
  168. //
  169. //------------------------------------------------------------
  170. HRESULT CRsopContext::Bind( IWbemServices** ppWbemServices )
  171. {
  172. HRESULT hr;
  174. ASSERT ( _bEnabled );
  176. hr = S_OK;
  178. //
  179. // Only bind to the database if we don't already have an interface
  180. //
  181. if ( ! _pWbemServices )
  182. {
  183. //
  184. // If we don't have one, we'll have to bind
  185. // using the namespace path
  186. //
  187. hr = _PolicyDatabase.Bind(
  188. _wszNameSpace,
  189. &_pWbemServices);
  190. }
  192. //
  193. // If we already have an interface, return that
  194. //
  195. if ( _pWbemServices )
  196. {
  197. *ppWbemServices = _pWbemServices;
  198. hr = S_FALSE;
  199. }
  201. if ( FAILED(hr) )
  202. {
  203. DisableRsop( hr );
  204. }
  206. return hr;
  207. }
  210. //++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  211. //
  212. // Function: CRsopContext::GetNameSpace
  213. //
  214. // Purpose: Gets the namespace to which this context is bound
  215. //
  216. // Params: ppwszNameSpace -- out parameter that will point
  217. // to the address of a string that has the namespace --
  218. // this memory should be freed by the caller
  219. //
  220. // Return S_OK if success, error otherwise
  221. //
  222. // Notes:
  223. //
  224. //------------------------------------------------------------
  225. HRESULT CRsopContext::GetNameSpace( WCHAR** ppwszNameSpace )
  226. {
  227. LPWSTR wszNamespaceEnd;
  228. LPWSTR wszNameSpace;
  229. CVariant var;
  230. IWbemClassObject* pWbemClassObject;
  232. XBStr xbstrPath( L"__PATH" );
  233. XBStr xbstrClass( RSOP_POLICY_SETTING );
  235. if ( ! xbstrPath || ! xbstrClass )
  236. {
  237. return E_OUTOFMEMORY;
  238. }
  240. HRESULT hr;
  242. pWbemClassObject = NULL;
  244. //
  245. // Get the class
  246. //
  247. hr = _pWbemServices->GetObject(
  248. xbstrClass,
  249. 0L,
  250. NULL,
  251. &pWbemClassObject,
  252. NULL );
  254. if ( SUCCEEDED( hr ) )
  255. {
  257. //
  258. // Read the path property of the class from the class object
  259. //
  260. hr = pWbemClassObject->Get(
  261. xbstrPath,
  262. 0L,
  263. (VARIANT*) &var,
  264. NULL,
  265. NULL);
  267. pWbemClassObject->Release();
  268. }
  270. //
  271. // Now parse the path to obtain the parent namespace of
  272. // the class, which is the namespace in which the
  273. // IWbemServices pointer resides
  274. //
  276. //
  277. // Find the end of the class name so we can null-terminate it
  278. //
  279. if ( SUCCEEDED( hr ) )
  280. {
  281. //
  282. // Look for the delimiter that terminates the class name
  283. //
  284. wszNamespaceEnd = wcschr( ((VARIANT*) &var)->bstrVal, L':' );
  286. //
  287. // If we found the delimiter, terminate the string there
  288. //
  289. if ( wszNamespaceEnd )
  290. {
  291. *wszNamespaceEnd = L'\0';
  292. }
  294. //
  295. // Allocate space for the namespace string
  296. //
  297. DWORD dwNSLength = wcslen( ((VARIANT*) &var)->bstrVal ) + 1;
  298. wszNameSpace = new WCHAR [ dwNSLength ];
  300. //
  301. // If we got space for the namespace, copy it
  302. //
  303. if ( wszNameSpace )
  304. {
  305. hr = StringCchCopy( wszNameSpace, dwNSLength, ((VARIANT*) &var)->bstrVal );
  306. ASSERT( SUCCEEDED(hr) );
  308. *ppwszNameSpace = wszNameSpace;
  309. }
  310. else
  311. {
  312. hr = E_OUTOFMEMORY;
  313. }
  314. }
  316. return hr;
  317. }
  319. HRESULT
  320. CRsopContext::MoveContextState( CRsopContext* pRsopContext )
  321. {
  322. _pWbemServices = pRsopContext->_pWbemServices;
  324. if ( _pWbemServices )
  325. {
  326. _pWbemServices->AddRef();
  327. }
  329. _bEnabled = pRsopContext->_bEnabled;
  331. _dwMode = pRsopContext->_dwMode;
  333. _phrLoggingStatus = pRsopContext->_phrLoggingStatus;
  335. pRsopContext->_phrLoggingStatus = NULL;
  337. delete [] _wszNameSpace;
  338. _wszNameSpace = pRsopContext->_wszNameSpace;
  340. pRsopContext->_wszNameSpace = NULL;
  342. _pRsopTarget = pRsopContext->_pRsopTarget;
  344. _wszExtensionGuid = pRsopContext->_wszExtensionGuid;
  346. _hkRsop = pRsopContext->_hkRsop;
  348. pRsopContext->_hkRsop = NULL;
  350. return S_OK;
  351. }
  353. HRESULT
  354. CRsopContext::GetExclusiveLoggingAccess( BOOL bMachine )
  355. {
  356. HRESULT hr;
  358. hr = S_OK;
  360. ASSERT( ! _hPolicyAccess );
  362. //
  363. // We require exclusive access in diagnostic mode only --
  364. // in planning mode, we have implicit exclusive access
  365. //
  366. if ( IsRsopEnabled() && IsDiagnosticModeEnabled() )
  367. {
  368. _hPolicyAccess = EnterCriticalPolicySection( bMachine );
  370. //
  371. // On failure, disable logging
  372. //
  373. if ( ! _hPolicyAccess )
  374. {
  375. LONG Status;
  377. Status = GetLastError();
  379. hr = HRESULT_FROM_WIN32( Status );
  381. if ( SUCCEEDED( hr ) )
  382. {
  383. hr = E_FAIL;
  384. }
  386. DisableRsop( hr );
  387. }
  388. }
  390. return hr;
  391. }
  393. void
  394. CRsopContext::ReleaseExclusiveLoggingAccess()
  395. {
  396. if ( _hPolicyAccess )
  397. {
  398. LeaveCriticalPolicySection( _hPolicyAccess );
  400. _hPolicyAccess = NULL;
  401. }
  402. }
  405. LONG
  406. CRsopContext::GetRsopNamespaceKeyPath(
  407. PSID pUserSid,
  408. WCHAR** ppwszDiagnostic )
  409. {
  410. LONG Status;
  411. UNICODE_STRING SidString;
  412. WCHAR* wszUserSubkey;
  413. HRESULT hr = S_OK;
  415. *ppwszDiagnostic = NULL;
  417. RtlInitUnicodeString( &SidString, NULL );
  419. wszUserSubkey = NULL;
  421. Status = ERROR_SUCCESS;
  423. //
  424. // First, get the subkey
  425. //
  426. if ( pUserSid )
  427. {
  428. NTSTATUS NtStatus;
  430. NtStatus = RtlConvertSidToUnicodeString(
  431. &SidString,
  432. pUserSid,
  433. TRUE);
  435. if ( NT_SUCCESS( NtStatus ) )
  436. {
  437. wszUserSubkey = SidString.Buffer;
  438. }
  439. else
  440. {
  441. Status = RtlNtStatusToDosError( NtStatus );
  442. }
  443. }
  444. else
  445. {
  446. wszUserSubkey = MACHINESUBKEY;
  447. }
  449. //
  450. // If we have obtained the full subkey, we can now
  451. // generate the path for it
  452. //
  453. if ( ERROR_SUCCESS == Status )
  454. {
  455. DWORD cchLen;
  457. //
  458. // Space for the user sid string + the pathsep
  459. //
  460. cchLen = lstrlen ( wszUserSubkey ) + 1;
  462. //
  463. // Space for the gp extension state parent + extension list key (includes both pathseps and null terminator) +
  464. // + the cse subkey
  465. //
  466. cchLen += ( sizeof( GPSTATEKEY ) + sizeof( EXTENSIONLISTKEY ) ) / sizeof( *wszUserSubkey ) +
  467. lstrlen( _wszExtensionGuid ) + 1;
  469. *ppwszDiagnostic = new WCHAR[ cchLen ];
  471. if ( *ppwszDiagnostic )
  472. {
  473. hr = StringCchCopy( *ppwszDiagnostic, cchLen, GPSTATEKEY L"\\" );
  474. ASSERT(SUCCEEDED(hr));
  476. hr = StringCchCat( *ppwszDiagnostic, cchLen, wszUserSubkey );
  477. ASSERT(SUCCEEDED(hr));
  479. hr = StringCchCat( *ppwszDiagnostic, cchLen, EXTENSIONLISTKEY );
  480. ASSERT(SUCCEEDED(hr));
  482. hr = StringCchCat( *ppwszDiagnostic, cchLen, _wszExtensionGuid );
  483. ASSERT(SUCCEEDED(hr));
  484. }
  485. else
  486. {
  487. Status = ERROR_OUTOFMEMORY;
  488. }
  489. }
  491. //
  492. // Free allocated resources
  493. //
  494. if ( SidString.Buffer )
  495. {
  496. RtlFreeUnicodeString( &SidString );
  497. }
  499. return Status;
  500. }
  502. void
  503. CRsopContext::InitializeContext( PSID pUserSid )
  504. {
  505. LONG Status;
  506. WCHAR* wszNameSpace;
  507. WCHAR* wszNameSpaceKeyPath;
  509. //
  510. // In planning mode, all initialization is
  511. // already done, there is nothing to do here
  512. //
  513. if ( IsPlanningModeEnabled() )
  514. {
  515. return;
  516. }
  518. //
  519. // Return successfully if we already have our key.
  520. //
  521. if ( _hkRsop )
  522. return;
  524. Status = ERROR_SUCCESS;
  526. //
  527. // First, we need to get the rsop subkey -- we must ensure that it exists
  528. //
  529. Status = GetRsopNamespaceKeyPath(
  530. pUserSid,
  531. &wszNameSpaceKeyPath);
  533. if ( ERROR_SUCCESS == Status )
  534. {
  535. //
  536. // We create a key under the user's per machine policy
  537. // subtree. This key must be persistent so that extensions
  538. // that process policy outside of the policy engine context
  539. // or in no changes when the policy engine does not pass
  540. // a namepsace to the extension can know whether RSoP is enabled
  541. // or not and where to log the data
  542. //
  543. Status = RegCreateKeyEx(
  544. HKEY_LOCAL_MACHINE,
  545. wszNameSpaceKeyPath,
  546. 0,
  547. NULL,
  548. REG_OPTION_NON_VOLATILE,
  549. KEY_READ | KEY_WRITE,
  550. NULL,
  551. &_hkRsop,
  552. NULL );
  554. delete [] wszNameSpaceKeyPath;
  555. }
  557. if ( ERROR_SUCCESS != Status )
  558. {
  559. HRESULT hr;
  561. hr = HRESULT_FROM_WIN32( Status );
  563. DisableRsop( hr );
  564. }
  565. }
  567. void
  568. CRsopContext::InitializeSavedNameSpace()
  569. {
  570. LONG Status;
  572. if ( ! _hkRsop )
  573. {
  574. return;
  575. }
  577. //
  578. // In planning mode, all initialization is
  579. // already done, there is nothing to do here
  580. //
  581. if ( IsPlanningModeEnabled() )
  582. {
  583. return;
  584. }
  586. Status = ERROR_SUCCESS;
  588. //
  589. // If we already have a namespace, there is no need to use the saved
  590. // namespace, so we can leave since we've ensured the existence of the namespace key
  591. //
  592. if ( HasNameSpace() )
  593. {
  594. return;
  595. }
  597. //
  598. // The rsop namespace for this user is stored in the registry --
  599. // we query this below
  600. //
  601. DWORD Size;
  603. Size = 0;
  605. Status = RegQueryValueEx(
  606. _hkRsop,
  607. RSOPNAMESPACE,
  608. NULL,
  609. NULL,
  610. NULL,
  611. &Size);
  613. if ( ERROR_SUCCESS == Status )
  614. {
  615. WCHAR* wszNameSpace;
  617. wszNameSpace = (WCHAR*) new BYTE [ Size ];
  619. if ( ! wszNameSpace )
  620. {
  621. Status = ERROR_OUTOFMEMORY;
  623. goto CRsopContext__InitializeSavedNameSpace__Exit;
  624. }
  626. Status = RegQueryValueEx(
  627. _hkRsop,
  628. RSOPNAMESPACE,
  629. NULL,
  630. NULL,
  631. (LPBYTE) wszNameSpace,
  632. &Size);
  634. if ( ERROR_SUCCESS != Status )
  635. {
  636. delete [] wszNameSpace;
  637. wszNameSpace = NULL;
  638. }
  639. else
  640. {
  641. SetNameSpace( wszNameSpace );
  642. }
  643. }
  645. CRsopContext__InitializeSavedNameSpace__Exit:
  647. if ( ERROR_SUCCESS != Status )
  648. {
  649. HRESULT hr;
  651. hr = HRESULT_FROM_WIN32( Status );
  653. DisableRsop( hr );
  654. }
  655. }
  658. void
  659. CRsopContext::SaveNameSpace()
  660. {
  661. WCHAR* wszNameSpace;
  662. HRESULT hr;
  664. if ( ! IsRsopEnabled() )
  665. {
  666. return;
  667. }
  669. if ( IsPlanningModeEnabled() )
  670. {
  671. return;
  672. }
  674. wszNameSpace = NULL;
  676. //
  677. // Retrieve the rsop namespace -- note that the retrieved
  678. // string should be freed
  679. //
  680. hr = GetNameSpace( &wszNameSpace );
  682. if ( SUCCEEDED( hr ) )
  683. {
  684. #if DBG
  685. DWORD
  686. DebugStatus =
  687. #endif // DBG
  688. RegSetValueEx( _hkRsop,
  689. RSOPNAMESPACE,
  690. 0,
  691. REG_SZ,
  692. (LPBYTE) wszNameSpace,
  693. (lstrlen( wszNameSpace ) + 1) * sizeof(WCHAR) );
  694. }
  696. delete [] wszNameSpace;
  697. }
  699. void
  700. CRsopContext::DeleteSavedNameSpace()
  701. {
  702. if ( IsPlanningModeEnabled() )
  703. {
  704. return;
  705. }
  707. #if DBG
  708. DWORD
  709. DebugStatus =
  710. #endif // DBG
  711. RegDeleteValue( _hkRsop,
  712. RSOPNAMESPACE );
  713. }