archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 5c6fe3db62
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c6fe3db62'
${ noResults }
windows-server-2003/ds/security/ssr/ipsecprov/policy.cpp

493 lines
12 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. // Policy.cpp: implementation for the CPolicy base class for main mode
  2. // and quick mode policies
  3. //
  4. // Copyright (c)1997-2001 Microsoft Corporation
  5. //
  6. //////////////////////////////////////////////////////////////////////
  7. #include "precomp.h"
  8. #include "NetSecProv.h"
  9. #include "Policy.h"
  10. #include "PolicyMM.h"
  11. #include "PolicyQM.h"
  13. //extern CCriticalSection g_CS;
  16. /*
  17. Routine Description:
  19. Name:
  21. CIPSecPolicy::Rollback
  23. Functionality:
  25. Static function to rollback those policies added by us with the given token.
  27. Virtual:
  29. No.
  31. Arguments:
  33. pNamespace - The namespace for ourselves.
  35. pszRollbackToken - The token used to record our the action when we add
  36. the policies.
  38. bClearAll - Flag whether we should clear all policies. If it's true,
  39. then we will delete all the policies regardless whether they
  40. are added by us or not. This is a dangerous flag.
  42. Return Value:
  44. Success:
  46. (1) WBEM_NO_ERROR: rollback objects are found and they are deleted.
  48. (2) WBEM_S_FALSE: no rollback objects are found.
  50. Failure:
  52. Various error codes indicating the cause of the failure.
  55. Notes:
  57. We will continue the deletion even if some failure happens. That failure will be
  58. returned, though.
  60. $undone:shawnwu, should we really support ClearAll?
  62. */
  64. HRESULT
  65. CIPSecPolicy::Rollback (
  66. IN IWbemServices * pNamespace,
  67. IN LPCWSTR pszRollbackToken,
  68. IN bool bClearAll
  69. )
  70. {
  71. if (pNamespace == NULL || pszRollbackToken == NULL)
  72. {
  73. return WBEM_E_INVALID_PARAMETER;
  74. }
  76. //if (bClearAll)
  77. //{
  78. // return ClearAllPolicies(pNamespace);
  79. //}
  81. CComPtr<IEnumWbemClassObject> srpEnum;
  83. //
  84. // this will only enumerate all rollback filter object without testing the
  85. // the token guid. This limitation is due to a mysterious error
  86. // for any queries containing the where clause. That might be a limitation
  87. // of non-dynamic classes of WMI
  88. //
  90. HRESULT hr = ::GetClassEnum(pNamespace, pszNspRollbackPolicy, &srpEnum);
  92. //
  93. // go through all found classes. srpEnum->Next will return WBEM_S_FALSE if instance
  94. // is not found.
  95. //
  97. CComPtr<IWbemClassObject> srpObj;
  98. ULONG nEnum = 0;
  99. HRESULT hrError = WBEM_NO_ERROR;
  101. hr = srpEnum->Next(WBEM_INFINITE, 1, &srpObj, &nEnum);
  102. bool bHasInst = (SUCCEEDED(hr) && hr != WBEM_S_FALSE && srpObj != NULL);
  104. while (SUCCEEDED(hr) && hr != WBEM_S_FALSE && srpObj)
  105. {
  106. CComVariant varTokenGuid;
  107. hr = srpObj->Get(g_pszTokenGuid, 0, &varTokenGuid, NULL, NULL);
  109. //
  110. // need to compare the token guid ourselves
  111. //
  113. if (SUCCEEDED(hr) &&
  114. varTokenGuid.vt == VT_BSTR &&
  115. varTokenGuid.bstrVal != NULL &&
  116. (_wcsicmp(pszRollbackToken, pszRollbackAll) == 0 || _wcsicmp(pszRollbackToken, varTokenGuid.bstrVal) == 0 )
  117. )
  118. {
  119. //
  120. // get the policy name and find the policy by the name
  121. //
  123. CComVariant varPolicyName;
  124. CComVariant varPolicyType;
  125. hr = srpObj->Get(g_pszPolicyName, 0, &varPolicyName, NULL, NULL);
  127. GUID guidFilter = GUID_NULL;
  129. //
  130. // different types of policy has different
  131. //
  133. if (SUCCEEDED(hr))
  134. {
  135. hr = srpObj->Get(g_pszPolicyType, 0, &varPolicyType, NULL, NULL);
  137. if (SUCCEEDED(hr) && varPolicyType.vt != VT_I4)
  138. {
  139. hr = WBEM_E_INVALID_OBJECT;
  140. }
  141. }
  143. if (SUCCEEDED(hr) && varPolicyName.vt == VT_BSTR)
  144. {
  145. DWORD dwResumeHandle = 0;
  146. DWORD dwReturned = 0;
  147. DWORD dwStatus;
  149. if (varPolicyType.lVal == MainMode_Policy)
  150. {
  151. //
  152. // main mode policy
  153. //
  155. hr = CMMPolicy::DeletePolicy(varPolicyName.bstrVal);
  156. }
  157. else if (varPolicyType.lVal == QuickMode_Policy)
  158. {
  159. //
  160. // quick mode policy
  161. //
  163. hr = CQMPolicy::DeletePolicy(varPolicyName.bstrVal);
  164. }
  165. }
  167. if (SUCCEEDED(hr))
  168. {
  169. CComVariant varPath;
  170. if (SUCCEEDED(srpObj->Get(L"__RelPath", 0, &varPath, NULL, NULL)) && varPath.vt == VT_BSTR)
  171. {
  172. hr = pNamespace->DeleteInstance(varPath.bstrVal, 0, NULL, NULL);
  173. }
  174. }
  176. //
  177. // we are tracking the first error
  178. //
  180. if (FAILED(hr) && SUCCEEDED(hrError))
  181. {
  182. hrError = hr;
  183. }
  184. }
  186. //
  187. // ready it for re-use
  188. //
  190. srpObj.Release();
  191. hr = srpEnum->Next(WBEM_INFINITE, 1, &srpObj, &nEnum);
  192. }
  194. if (SUCCEEDED(hr))
  195. {
  196. hr = CQMPolicy::DeleteDefaultPolicies();
  197. }
  199. if (!bHasInst)
  200. {
  201. return WBEM_S_FALSE;
  202. }
  203. else
  204. {
  205. //
  206. // any failure code will be returned regardless of the final hr
  207. //
  209. if (FAILED(hrError))
  210. {
  211. return hrError;
  212. }
  213. else
  214. {
  215. return SUCCEEDED(hr) ? WBEM_NO_ERROR : hr;
  216. }
  217. }
  218. }
  221. /*
  222. Routine Description:
  224. Name:
  226. CIPSecPolicy::ClearAllPolicies
  228. Functionality:
  230. Static function to delete all policies in SPD. This is a very dangerous action!
  232. Virtual:
  234. No.
  236. Arguments:
  238. pNamespace - The namespace for ourselves.
  240. Return Value:
  242. Success:
  244. WBEM_NO_ERROR.
  246. Failure:
  248. Various error codes indicating the cause of the failure.
  251. Notes:
  253. We will continue the deletion even if some failure happens. That failure will be
  254. returned, though.
  256. $undone:shawnwu, should we really support this?
  258. */
  260. HRESULT
  261. CIPSecPolicy::ClearAllPolicies (
  262. IN IWbemServices * pNamespace
  263. )
  264. {
  265. DWORD dwResumeHandle = 0;
  266. DWORD dwReturned = 0;
  267. DWORD dwStatus;
  269. HRESULT hr = WBEM_NO_ERROR;
  270. HRESULT hrError = WBEM_NO_ERROR;
  272. //
  273. // SPD doesn't have a similar API.
  274. // We have to do one by one. For that purpose, we need the name.
  275. //
  277. //
  278. // Delete main mode policies.
  279. //
  281. PIPSEC_MM_POLICY *ppMMPolicy = NULL;
  282. dwStatus = ::EnumMMPolicies(NULL, ppMMPolicy, 1, &dwReturned, &dwResumeHandle);
  283. while (ERROR_SUCCESS == dwStatus && dwReturned > 0)
  284. {
  285. hr = CMMPolicy::DeletePolicy((*ppMMPolicy)->pszPolicyName);
  287. //
  288. // we will track the first error
  289. //
  291. if (FAILED(hr) && SUCCEEDED(hrError))
  292. {
  293. hrError = hr;
  294. }
  296. FreePolicy(ppMMPolicy, true);
  297. *ppMMPolicy = NULL;
  299. dwReturned = 0;
  300. dwStatus = ::EnumMMPolicies(NULL, ppMMPolicy, 1, &dwReturned, &dwResumeHandle);
  301. }
  303. //
  304. // Delete quick mode policies.
  305. //
  307. PIPSEC_QM_POLICY *ppQMPolicy = NULL;
  309. dwResumeHandle = 0;
  310. dwReturned = 0;
  311. dwStatus = ::EnumQMPolicies(NULL, ppQMPolicy, 1, &dwReturned, &dwResumeHandle);
  312. while (ERROR_SUCCESS == dwStatus && dwReturned > 0)
  313. {
  314. hr = CQMPolicy::DeletePolicy((*ppQMPolicy)->pszPolicyName);
  316. //
  317. // we will track the first error
  318. //
  320. if (FAILED(hr) && SUCCEEDED(hrError))
  321. {
  322. hrError = hr;
  323. }
  325. FreePolicy(ppQMPolicy, true);
  326. *ppQMPolicy = NULL;
  328. dwReturned = 0;
  329. dwStatus = ::EnumQMPolicies(NULL, ppQMPolicy, 1, &dwReturned, &dwResumeHandle);
  330. }
  332. //
  333. // now, let's clear up all past action information for policies deposited in the
  334. // WMI depository
  335. //
  337. hr = ::DeleteRollbackObjects(pNamespace, pszNspRollbackPolicy);
  339. if (FAILED(hr) && SUCCEEDED(hrError))
  340. {
  341. hrError = hr;
  342. }
  344. return SUCCEEDED(hrError) ? WBEM_NO_ERROR : hrError;
  345. }
  348. /*
  349. Routine Description:
  351. Name:
  353. CIPSecPolicy::OnAfterAddPolicy
  355. Functionality:
  357. Post-adding handler to be called after successfully added a policy to SPD.
  359. Virtual:
  361. No.
  363. Arguments:
  365. pszPolicyName - The name of the filter.
  367. eType - The type of the policy (main mode or quick mode).
  369. Return Value:
  371. Success:
  373. (1) WBEM_NO_ERROR: if rollback object is successfully created.
  375. (2) WBEM_S_FALSE: if there is no rollback guid information.
  377. Failure:
  379. (1) various errors indicated by the returned error codes.
  382. Notes:
  384. (1) Currently, we don't require a rollback object to be created for each
  385. object added to SPD. Only a host that support rollback will deposit
  386. rollback guid information and only then can we create a rollback object.
  388. */
  390. HRESULT
  391. CIPSecPolicy::OnAfterAddPolicy (
  392. IN LPCWSTR pszPolicyName,
  393. IN EnumPolicyType eType
  394. )
  395. {
  396. //
  397. // will create an Nsp_RollbackPolicy
  398. //
  400. CComPtr<IWbemClassObject> srpObj;
  401. HRESULT hr = SpawnRollbackInstance(pszNspRollbackPolicy, &srpObj);
  403. if (FAILED(hr))
  404. {
  405. return hr;
  406. }
  408. //
  409. // won't consider a failure if there is no rollback guid, i.e., this action is not
  410. // part of a transaction block
  411. //
  413. if (SUCCEEDED(hr))
  414. {
  415. //
  416. // $undone:shawnwu, this approach to pulling the globals are not good.
  417. // Instead, we should implement it as an event handler.
  418. //
  420. //::UpdateGlobals(m_srpNamespace, m_srpCtx);
  421. //if (g_varRollbackGuid.vt != VT_NULL && g_varRollbackGuid.vt != VT_EMPTY)
  422. //{
  423. // hr = srpObj->Put(g_pszTokenGuid, 0, &g_varRollbackGuid, CIM_EMPTY);
  424. //}
  425. //else
  426. //{
  428. CComVariant varRollbackNull = pszEmptyRollbackToken;
  429. hr = srpObj->Put(g_pszTokenGuid, 0, &varRollbackNull, CIM_EMPTY);
  431. //}
  433. //
  434. // we can create a rollback object
  435. //
  437. if (SUCCEEDED(hr))
  438. {
  440. //
  441. // $undone:shawnwu, Currently, we only support rolling back added objects, not removed objects
  442. // Also, we don't cache the previous instance data yet.
  443. //
  445. VARIANT varAction;
  447. //
  448. // This is to record a PutInstance action
  449. //
  451. varAction.vt = VT_I4;
  452. varAction.lVal = Action_Add;
  454. hr = srpObj->Put(g_pszAction, 0, &varAction, CIM_EMPTY);
  456. if (SUCCEEDED(hr))
  457. {
  458. //
  459. // need to remember the policy's name
  460. //
  462. CComVariant var = pszPolicyName;
  463. hr = srpObj->Put(g_pszPolicyName, 0, &var, CIM_EMPTY);
  464. if (SUCCEEDED(hr))
  465. {
  466. var.Clear();
  467. var.vt = VT_I4;
  468. var.lVal = eType;
  469. hr = srpObj->Put(g_pszPolicyType, 0, &var, CIM_EMPTY);
  470. }
  471. }
  472. }
  473. }
  475. if (SUCCEEDED(hr))
  476. {
  477. hr = m_srpNamespace->PutInstance(srpObj, WBEM_FLAG_CREATE_OR_UPDATE, m_srpCtx, NULL);
  478. if (SUCCEEDED(hr))
  479. {
  480. hr = WBEM_NO_ERROR;
  481. }
  482. }
  483. else if (SUCCEEDED(hr))
  484. {
  485. //
  486. // we don't have rollback guid
  487. //
  489. hr = WBEM_S_FALSE;
  490. }
  492. return hr;
  493. }