archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 5c6fe3db62
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c6fe3db62'
${ noResults }
windows-server-2003/ds/security/services/scerpc/escprov/lockout.cpp

648 lines
16 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. // lockout.cpp, implementation of CAccountLockout class
  2. // Copyright (c)1997-1999 Microsoft Corporation
  3. //
  4. //////////////////////////////////////////////////////////////////////
  6. #include "precomp.h"
  7. #include "lockout.h"
  8. #include "persistmgr.h"
  9. #include <io.h>
  10. #include "requestobject.h"
  12. #define KeyThreshold L"LockoutBadCount"
  13. #define KeyReset L"ResetLockoutCount"
  14. #define KeyDuration L"LockoutDuration"
  16. /*
  17. Routine Description:
  19. Name:
  21. CAccountLockout::CAccountLockout
  23. Functionality:
  25. This is the constructor. Pass along the parameters to the base class
  27. Virtual:
  29. No (you know that, constructor won't be virtual!)
  31. Arguments:
  33. pKeyChain - Pointer to the ISceKeyChain COM interface which is prepared
  34. by the caller who constructs this instance.
  36. pNamespace - Pointer to WMI namespace of our provider (COM interface).
  37. Passed along by the caller. Must not be NULL.
  39. pCtx - Pointer to WMI context object (COM interface). Passed along
  40. by the caller. It's up to WMI whether this interface pointer is NULL or not.
  42. Return Value:
  44. None as any constructor
  46. Notes:
  47. if you create any local members, think about initialize them here
  49. */
  51. CAccountLockout::CAccountLockout (
  52. IN ISceKeyChain * pKeyChain,
  53. IN IWbemServices * pNamespace,
  54. IN IWbemContext * pCtx
  55. )
  56. :
  57. CGenericClass(pKeyChain, pNamespace, pCtx)
  58. {
  59. }
  61. /*
  62. Routine Description:
  64. Name:
  66. CAccountLockout::~CAccountLockout
  68. Functionality:
  70. Destructor. Necessary as good C++ discipline since we have virtual functions.
  72. Virtual:
  74. Yes.
  76. Arguments:
  78. none as any destructor
  80. Return Value:
  82. None as any destructor
  84. Notes:
  85. if you create any local members, think about whether
  86. there is any need for a non-trivial destructor
  88. */
  90. CAccountLockout::~CAccountLockout ()
  91. {
  92. }
  94. /*
  95. Routine Description:
  97. Name:
  99. CAccountLockout::CreateObject
  101. Functionality:
  103. Create WMI objects (Sce_AccountLockoutPolicy). Depending on parameter atAction,
  104. this creation may mean:
  105. (a) Get a single instance (atAction == ACTIONTYPE_GET)
  106. (b) Get several instances satisfying some criteria (atAction == ACTIONTYPE_QUERY)
  107. (c) Delete an instance (atAction == ACTIONTYPE_DELETE)
  109. Virtual:
  111. Yes.
  113. Arguments:
  115. pHandler - COM interface pointer for notifying WMI for creation result.
  116. atAction - Get single instance ACTIONTYPE_GET
  117. Get several instances ACTIONTYPE_QUERY
  118. Delete a single instance ACTIONTYPE_DELETE
  120. Return Value:
  122. Success: it must return success code (use SUCCEEDED to test). It is
  123. not guaranteed to return WBEM_NO_ERROR. The returned objects are indicated to WMI,
  124. not directly passed back via parameters.
  126. Failure: Various errors may occurs. Except WBEM_E_NOT_FOUND, any such error should indicate
  127. the failure of getting the wanted instance. If WBEM_E_NOT_FOUND is returned in querying
  128. situations, this may not be an error depending on caller's intention.
  130. Notes:
  132. */
  134. HRESULT
  135. CAccountLockout::CreateObject (
  136. IN IWbemObjectSink * pHandler,
  137. IN ACTIONTYPE atAction
  138. )
  139. {
  140. //
  141. // we know how to:
  142. // Get single instance ACTIONTYPE_GET
  143. // Delete a single instance ACTIONTYPE_DELETE
  144. // Get several instances ACTIONTYPE_QUERY
  145. //
  147. if ( ACTIONTYPE_GET != atAction &&
  148. ACTIONTYPE_DELETE != atAction &&
  149. ACTIONTYPE_QUERY != atAction )
  150. {
  151. return WBEM_E_NOT_SUPPORTED;
  152. }
  154. //
  155. // We must have the pStorePath property because that is where
  156. // our instance is stored.
  157. // m_srpKeyChain->GetKeyPropertyValue WBEM_S_FALSE if the key is not recognized
  158. // So, we need to test against WBEM_S_FALSE if the property is mandatory
  159. //
  161. CComVariant varStorePath;
  162. HRESULT hr = m_srpKeyChain->GetKeyPropertyValue(pStorePath, &varStorePath);
  164. if (SUCCEEDED(hr) && hr != WBEM_S_FALSE && varStorePath.vt == VT_BSTR)
  165. {
  167. //
  168. // Prepare a store (for persistence) for this store path (file)
  169. //
  171. CSceStore SceStore;
  172. hr = SceStore.SetPersistPath(varStorePath.bstrVal);
  174. if ( SUCCEEDED(hr) )
  175. {
  177. //
  178. // make sure the store (just a file) really exists. The raw path
  179. // may contain env variables, so we need the expanded path
  180. //
  182. DWORD dwAttrib = GetFileAttributes(SceStore.GetExpandedPath());
  184. if ( dwAttrib != -1 )
  185. {
  186. if ( ACTIONTYPE_DELETE == atAction )
  187. {
  188. hr = DeleteInstance(pHandler, &SceStore);
  189. }
  190. else
  191. {
  192. hr = ConstructInstance(pHandler, &SceStore, varStorePath.bstrVal, atAction);
  193. }
  195. }
  196. else
  197. {
  198. hr = WBEM_E_NOT_FOUND;
  199. }
  200. }
  201. }
  203. return hr;
  204. }
  206. /*
  207. Routine Description:
  209. Name:
  211. CAccountLockout::PutInst
  213. Functionality:
  215. Put an instance as instructed by WMI. Since this class implements Sce_AccountLockoutPolicy,
  216. which is persistence oriented, this will cause the Sce_AccountLockoutPolicy object's property
  217. information to be saved in our store.
  219. Virtual:
  221. Yes.
  223. Arguments:
  225. pInst - COM interface pointer to the WMI class (Sce_AccountLockoutPolicy) object.
  227. pHandler - COM interface pointer for notifying WMI of any events.
  229. pCtx - COM interface pointer. This interface is just something we pass around.
  230. WMI may mandate it (not now) in the future. But we never construct
  231. such an interface and so, we just pass around for various WMI API's
  233. Return Value:
  235. Success: it must return success code (use SUCCEEDED to test). It is
  236. not guaranteed to return WBEM_NO_ERROR.
  238. Failure: Various errors may occurs. Any such error should indicate the failure of persisting
  239. the instance.
  241. Notes:
  242. Since GetProperty will return a success code (WBEM_S_RESET_TO_DEFAULT) when the
  243. requested property is not present, don't simply use SUCCEEDED or FAILED macros
  244. to test for the result of retrieving a property.
  246. */
  248. HRESULT CAccountLockout::PutInst (
  249. IN IWbemClassObject * pInst,
  250. IN IWbemObjectSink * pHandler,
  251. IN IWbemContext * pCtx
  252. )
  253. {
  254. HRESULT hr = WBEM_NO_ERROR;
  256. DWORD dwThreshold=SCE_NO_VALUE;
  257. DWORD dwReset=SCE_NO_VALUE;
  258. DWORD dwDuration=SCE_NO_VALUE;
  260. //
  261. // CScePropertyMgr helps us to access WMI object's properties
  262. // create an instance and attach the WMI object to it.
  263. // This will always succeed.
  264. //
  266. CScePropertyMgr ScePropMgr;
  267. ScePropMgr.Attach(pInst);
  269. hr = ScePropMgr.GetProperty(pThreshold, &dwThreshold);
  271. if (SUCCEEDED(hr))
  272. {
  273. //
  274. // dependency check
  275. //
  277. if ( dwThreshold != SCE_NO_VALUE && dwThreshold > 0 )
  278. {
  279. //
  280. // get values for these two properties only if threshold is defined
  281. //
  283. if ( dwThreshold > 999 )
  284. {
  285. hr = WBEM_E_VALUE_OUT_OF_RANGE;
  286. }
  287. else
  288. {
  289. //
  290. // SCE_NO_VALUE means the property is not available
  291. //
  293. hr = ScePropMgr.GetProperty(pResetTimer, &dwReset);
  294. if (FAILED(hr))
  295. {
  296. return hr;
  297. }
  299. hr = ScePropMgr.GetProperty(pDuration, &dwDuration);
  300. if (FAILED(hr))
  301. {
  302. return hr;
  303. }
  305. //
  306. // check dependency now
  307. //
  309. if ( dwReset != SCE_NO_VALUE && dwDuration != SCE_NO_VALUE )
  310. {
  311. if ( dwReset > dwDuration )
  312. {
  313. hr = WBEM_E_VALUE_OUT_OF_RANGE;
  314. }
  315. if ( dwReset > 99999L || dwDuration >= 99999L )
  316. {
  317. hr = WBEM_E_VALUE_OUT_OF_RANGE;
  318. }
  319. }
  320. else
  321. {
  322. hr = WBEM_E_ILLEGAL_NULL;
  323. }
  324. }
  326. if ( FAILED(hr) )
  327. {
  328. return hr;
  329. }
  330. }
  331. }
  333. //
  334. // Attach the WMI object instance to the store and let the store know that
  335. // it's store is given by the pStorePath property of the instance.
  336. //
  338. CSceStore SceStore;
  339. hr = SceStore.SetPersistProperties(pInst, pStorePath);
  341. if (SUCCEEDED(hr))
  342. {
  343. hr = SaveSettingsToStore(&SceStore, dwThreshold, dwReset, dwDuration);
  344. }
  346. return hr;
  347. }
  349. /*
  350. Routine Description:
  352. Name:
  354. CAccountLockout::ConstructInstance
  356. Functionality:
  358. This is private function to create an instance of Sce_AccountLockoutPolicy.
  360. Virtual:
  362. No.
  364. Arguments:
  366. pHandler - COM interface pointer for notifying WMI of any events.
  368. pSceStore - Pointer to our store. It must have been appropriately set up.
  370. wszLogStorePath - store path, a key property of Sce_AccountLockoutPolicy class.
  372. atAction - determines if this is a query or a single instance GET.
  374. Return Value:
  376. Success: it must return success code (use SUCCEEDED to test). It is
  377. not guaranteed to return WBEM_NO_ERROR.
  379. Failure: Various errors may occurs. Any such error should indicate the creating the instance.
  381. Notes:
  383. */
  385. HRESULT
  386. CAccountLockout::ConstructInstance (
  387. IN IWbemObjectSink * pHandler,
  388. IN CSceStore * pSceStore,
  389. IN LPCWSTR wszLogStorePath,
  390. IN ACTIONTYPE atAction
  391. )
  392. {
  393. //
  394. // make sure that we have a valid store
  395. //
  397. if ( pSceStore == NULL ||
  398. pSceStore->GetStoreType() < SCE_INF_FORMAT ||
  399. pSceStore->GetStoreType() > SCE_JET_ANALYSIS_REQUIRED )
  400. {
  401. return WBEM_E_INVALID_PARAMETER;
  402. }
  404. //
  405. // ask SCE to read a gigantic structure out from the store. Only SCE
  406. // knows now to release the memory. Don't just delete it! Use our CSceStore
  407. // to do the releasing (FreeSecurityProfileInfo)
  408. //
  410. PSCE_PROFILE_INFO pInfo=NULL;
  412. HRESULT hr = pSceStore->GetSecurityProfileInfo (
  413. AREA_SECURITY_POLICY,
  414. &pInfo,
  415. NULL
  416. );
  418. CComPtr<IWbemClassObject> srpObj;
  420. //
  421. // CScePropertyMgr helps us to access WMI object's properties.
  422. //
  424. CScePropertyMgr ScePropMgr;
  426. if (SUCCEEDED(hr))
  427. {
  428. if ( pInfo->LockoutBadCount == SCE_NO_VALUE &&
  429. pInfo->LockoutDuration == SCE_NO_VALUE &&
  430. pInfo->ResetLockoutCount == SCE_NO_VALUE )
  431. {
  432. hr = WBEM_E_NOT_FOUND;
  433. goto CleanUp;
  434. }
  436. //
  437. // the use of the macro SCE_PROV_IfErrorGotoCleanup cause
  438. // a "goto CleanUp;" with hr set to the return value from
  439. // the function (macro parameter)
  440. //
  442. CComBSTR bstrLogOut;
  443. LPCWSTR pszExpandedPath = pSceStore->GetExpandedPath();
  445. if ( ACTIONTYPE_QUERY == atAction )
  446. {
  447. SCE_PROV_IfErrorGotoCleanup(MakeSingleBackSlashPath(wszLogStorePath, L'\\', &bstrLogOut));
  448. pszExpandedPath = bstrLogOut;
  449. }
  451. SCE_PROV_IfErrorGotoCleanup(SpawnAnInstance(&srpObj));
  453. //
  454. // attach the WMI object to the property manager.
  455. // This will always succeed.
  456. //
  458. ScePropMgr.Attach(srpObj);
  460. SCE_PROV_IfErrorGotoCleanup(ScePropMgr.PutProperty(pStorePath, pszExpandedPath));
  462. if (pInfo->LockoutBadCount != SCE_NO_VALUE ) {
  463. SCE_PROV_IfErrorGotoCleanup(ScePropMgr.PutProperty(pThreshold, pInfo->LockoutBadCount));
  464. }
  466. if (pInfo->LockoutDuration != SCE_NO_VALUE ) {
  467. SCE_PROV_IfErrorGotoCleanup(ScePropMgr.PutProperty(pDuration, pInfo->LockoutDuration));
  468. }
  470. if (pInfo->ResetLockoutCount != SCE_NO_VALUE ) {
  471. SCE_PROV_IfErrorGotoCleanup(ScePropMgr.PutProperty(pResetTimer, pInfo->ResetLockoutCount));
  472. }
  474. //
  475. // do the necessary gestures to WMI.
  476. // the use of WBEM_STATUS_REQUIREMENTS in SetStatus is not documented by WMI
  477. // at this point. Consult WMI team for detail if you suspect problems with
  478. // the use of WBEM_STATUS_REQUIREMENTS
  479. //
  481. if ( ACTIONTYPE_QUERY == atAction ) {
  482. pHandler->SetStatus(WBEM_STATUS_REQUIREMENTS, S_FALSE, NULL, NULL);
  483. } else {
  484. pHandler->SetStatus(WBEM_STATUS_REQUIREMENTS, S_OK, NULL, NULL);
  485. }
  487. //
  488. // pass the new instance to WMI
  489. //
  491. hr = pHandler->Indicate(1, &srpObj);
  492. }
  494. CleanUp:
  496. pSceStore->FreeSecurityProfileInfo(pInfo);
  498. return hr;
  499. }
  502. /*
  503. Routine Description:
  505. Name:
  507. CAccountLockout::DeleteInstance
  509. Functionality:
  511. remove an instance of Sce_AccountLockoutPolicy from the specified store.
  513. Virtual:
  515. No.
  517. Arguments:
  519. pHandler - COM interface pointer for notifying WMI of any events.
  521. pSceStore - Pointer to our store. It must have been appropriately set up.
  523. Return Value:
  525. Success: WBEM_NO_ERROR.
  527. Failure: WBEM_E_INVALID_PARAMETER.
  529. Notes:
  531. */
  533. HRESULT
  534. CAccountLockout::DeleteInstance (
  535. IN IWbemObjectSink * pHandler,
  536. IN CSceStore * pSceStore
  537. )
  538. {
  539. //
  540. // make sure that we have a valid store
  541. //
  543. if ( pSceStore == NULL ||
  544. pSceStore->GetStoreType() < SCE_INF_FORMAT ||
  545. pSceStore->GetStoreType() > SCE_JET_ANALYSIS_REQUIRED )
  546. {
  547. return WBEM_E_INVALID_PARAMETER;
  548. }
  550. HRESULT hr = WBEM_NO_ERROR;
  552. DWORD val = SCE_NO_VALUE;
  554. hr = SaveSettingsToStore(pSceStore, val, val, val);
  556. return hr;
  558. }
  560. /*
  561. Routine Description:
  563. Name:
  565. CAccountLockout::SaveSettingsToStore
  567. Functionality:
  569. With all the properties of a Sce_AccountLockoutPolicy, this function just saves
  570. the instance properties to our store.
  572. Virtual:
  574. No.
  576. Arguments:
  578. pSceStore - the store.
  580. dwThreshold - a corresponding key property of Sce_AccountLockoutPolicy class.
  582. dwReset - another corresponding property of the Sce_AccountLockoutPolicy class.
  584. dwDuration - another corresponding property of the Sce_AccountLockoutPolicy class.
  586. Return Value:
  588. Success: it must return success code (use SUCCEEDED to test). It is
  589. not guaranteed to return WBEM_NO_ERROR.
  591. Failure: Various errors may occurs. Any error indicates the failure to save the instance.
  593. Notes:
  594. */
  596. HRESULT
  597. CAccountLockout::SaveSettingsToStore (
  598. IN CSceStore * pSceStore,
  599. IN DWORD dwThreshold,
  600. IN DWORD dwReset,
  601. IN DWORD dwDuration
  602. )
  603. {
  604. DWORD dwDump;
  606. //
  607. // For a new .inf file. Write an empty buffer to the file
  608. // will creates the file with right header/signature/unicode format
  609. // this is harmless for existing files.
  610. // For database store, this is a no-op.
  611. //
  613. HRESULT hr = pSceStore->WriteSecurityProfileInfo(
  614. AreaBogus,
  615. (PSCE_PROFILE_INFO)&dwDump,
  616. NULL,
  617. false
  618. );
  620. //
  621. // Threshold
  622. //
  624. if (SUCCEEDED(hr))
  625. {
  626. hr = pSceStore->SavePropertyToStore(szSystemAccess, KeyThreshold, dwThreshold);
  628. if (SUCCEEDED(hr))
  629. {
  630. //
  631. // Reset
  632. //
  634. hr = pSceStore->SavePropertyToStore(szSystemAccess, KeyReset, dwReset);
  635. if (SUCCEEDED(hr))
  636. {
  637. //
  638. // Duration
  639. //
  641. hr = pSceStore->SavePropertyToStore(szSystemAccess, KeyDuration, dwDuration);
  642. }
  643. }
  644. }
  646. return hr;
  647. }