|
|
/*++ BUILD Version: 0000 // Increment this if a change has global effects
Copyright (c) 2000 - 2002 Microsoft Corporation
Module Name:
dspub.cpp
Abstract:
Src module for tapi server DS publishing
Author:
Xiaohai Zhang (xzhang) 10-March-2000
Revision History:
--*/#include "windows.h"
#include "objbase.h"
#include "winbase.h"
#include "sddl.h"
#include "iads.h"
#include "activeds.h"
#include "tapi.h"
#include "tspi.h"
#include "utils.h"
#include "client.h"
#include "server.h"
#include "private.h"
#include "tchar.h"
#define SECURITY_WIN32
#include "sspi.h"
#include "secext.h"
#include "psapi.h"
extern "C" {
extern const TCHAR gszRegKeyTelephony[];extern DWORD gdwTapiSCPTTL;extern const TCHAR gszRegTapisrvSCPGuid[];extern CRITICAL_SECTION gSCPCritSec;
}
const TCHAR gszTapisrvBindingInfo[] = TEXT("E{\\pipe\\tapsrv}P{ncacn_np}C{%s}A{%s}S{%s}TTL{%s}");
const TCHAR gszVenderMS[] = TEXT("Microsoft");const TCHAR gszMSGuid[] = TEXT("937924B8-AA44-11d2-81F1-00C04FB9624E");
const WCHAR gwszTapisrvRDN[] = L"CN=Telephony Service";const TCHAR gszTapisrvProdName[] = TEXT("Telephony Service");// gszTapisrvGuid needs to be consistant with remotesp\dslookup.cpp
const TCHAR gszTapisrvGuid[] = TEXT("B1A37774-E3F7-488E-ADBFD4DB8A4AB2E5");const TCHAR gwszProxyRDN[] = L"cn=TAPI Proxy Server";const TCHAR gszProxyProdName[] = TEXT("TAPI Proxy Server");const TCHAR gszProxyGuid[] = TEXT("A2657445-3E27-400B-851A-456C41666E37");const TCHAR gszRegProxySCPGuid[] = TEXT("PROXYSCPGUID");
typedef struct _PROXY_SCP_ENTRY { // A valid CLSID requires 38 chars
TCHAR szClsid[40];
// A binding GUID is of format
// LDAP://<GUID={B1A37774-E3F7-488E-ADBFD4DB8A4AB2E5}>
// required size is 38+14=52 chars
TCHAR szObjGuid[56];
// Ref count for this entry
DWORD dwRefCount;} PROXY_SCP_ENTRY, *PPROXY_SCP_ENTRY;
typedef struct _PROXY_SCPS { DWORD dwTotalEntries; DWORD dwUsedEntries; PROXY_SCP_ENTRY * aEntries;} PROXY_SCPS, *PPROXY_SCPS;
PROXY_SCPS gProxyScps;
#define MAX_SD 2048
//
// GetTokenUser
//
// Based on hAccessToken, call GetTokenInformation
// to retrieve TokenUser info
//
HRESULTGetTokenUser (HANDLE hAccessToken, PTOKEN_USER * ppUser){ HRESULT hr = S_OK; DWORD dwInfoSize = 0; PTOKEN_USER ptuUser = NULL; DWORD ntsResult;
if (!GetTokenInformation( hAccessToken, TokenUser, NULL, 0, &dwInfoSize )) { ntsResult = GetLastError(); if (ntsResult != ERROR_INSUFFICIENT_BUFFER) { hr = HRESULT_FROM_WIN32 (ntsResult); goto ExitHere; } } ptuUser = (PTOKEN_USER) ServerAlloc (dwInfoSize); if (ptuUser == NULL) { hr = LINEERR_NOMEM; goto ExitHere; } if (!GetTokenInformation( hAccessToken, TokenUser, ptuUser, dwInfoSize, &dwInfoSize )) { ServerFree (ptuUser); hr = HRESULT_FROM_WIN32 (GetLastError()); goto ExitHere; }
*ppUser = ptuUser;
ExitHere: return hr;}
//
// IsLocalSystem
//
// This function makes the determination if the given process token
// is running as LocalSystem or LocalService or NetworkService
// Returns S_OK if it is, S_FALSE if it is not LocalSystem.
//
HRESULTIsLocalSystem(HANDLE hAccessToken) { HRESULT hr = S_OK; SID_IDENTIFIER_AUTHORITY NtAuthority = SECURITY_NT_AUTHORITY; PSID pLocalSid = NULL; PSID pLocalServiceSid = NULL; PSID pNetworkServiceSid = NULL; PTOKEN_USER ptuUser = NULL;
hr = GetTokenUser (hAccessToken, &ptuUser); if (FAILED(hr)) { goto ExitHere; }
if (!AllocateAndInitializeSid ( &NtAuthority, 1, SECURITY_LOCAL_SYSTEM_RID, 0, 0, 0, 0, 0, 0, 0, &pLocalSid) || !AllocateAndInitializeSid ( &NtAuthority, 1, SECURITY_LOCAL_SERVICE_RID, 0, 0, 0, 0, 0, 0, 0, &pLocalServiceSid) || !AllocateAndInitializeSid ( &NtAuthority, 1, SECURITY_NETWORK_SERVICE_RID, 0, 0, 0, 0, 0, 0, 0, &pNetworkServiceSid) ) { hr = HRESULT_FROM_WIN32(GetLastError()); goto ExitHere; }
if (!EqualSid(pLocalSid, ptuUser->User.Sid) && !EqualSid(pLocalServiceSid, ptuUser->User.Sid) && !EqualSid(pNetworkServiceSid, ptuUser->User.Sid)) { hr = S_FALSE; }
ExitHere:
if (NULL != ptuUser) { ServerFree (ptuUser); }
if (NULL != pLocalSid) { FreeSid(pLocalSid); } if (NULL != pLocalServiceSid) { FreeSid (pLocalServiceSid); } if (NULL != pNetworkServiceSid) { FreeSid (pNetworkServiceSid); }
return hr;}
//
// IsCurrentLocalSystem
//
// IsCurrentLocalSystem checks to see if current thread/process
// runs in LocalSystem account
//
HRESULTIsCurrentLocalSystem (){ HRESULT hr = S_OK; HANDLE hToken = NULL;
if (!OpenThreadToken( GetCurrentThread(), TOKEN_QUERY, FALSE, &hToken)) { if(!OpenProcessToken( GetCurrentProcess(), TOKEN_QUERY, &hToken )) { hr = HRESULT_FROM_WIN32(GetLastError()); goto ExitHere; } }
hr = IsLocalSystem (hToken); CloseHandle (hToken);
ExitHere: return hr;}
HRESULTSetPrivilege( HANDLE hToken, // token handle
LPCTSTR Privilege, // Privilege to enable/disable
BOOL bEnablePrivilege // to enable or disable privilege
){ HRESULT hr = S_OK; TOKEN_PRIVILEGES tp; LUID luid; TOKEN_PRIVILEGES tpPrevious; DWORD cbPrevious=sizeof(TOKEN_PRIVILEGES); DWORD dwErr;
if(!LookupPrivilegeValue( NULL, Privilege, &luid )) { hr = HRESULT_FROM_WIN32 (GetLastError ()); goto ExitHere; }
//
// first pass. get current privilege setting
//
tp.PrivilegeCount = 1; tp.Privileges[0].Luid = luid; tp.Privileges[0].Attributes = 0;
AdjustTokenPrivileges( hToken, FALSE, &tp, sizeof(TOKEN_PRIVILEGES), &tpPrevious, &cbPrevious ); dwErr = GetLastError (); if (dwErr != ERROR_SUCCESS) { hr = HRESULT_FROM_WIN32 (dwErr); goto ExitHere; }
//
// second pass. set privilege based on previous setting
//
tpPrevious.PrivilegeCount = 1; tpPrevious.Privileges[0].Luid = luid;
if(bEnablePrivilege) { tpPrevious.Privileges[0].Attributes |= (SE_PRIVILEGE_ENABLED); } else { tpPrevious.Privileges[0].Attributes ^= (SE_PRIVILEGE_ENABLED & tpPrevious.Privileges[0].Attributes); }
AdjustTokenPrivileges( hToken, FALSE, &tpPrevious, cbPrevious, NULL, NULL ); dwErr = GetLastError (); if (dwErr != ERROR_SUCCESS) { hr = HRESULT_FROM_WIN32 (dwErr); goto ExitHere; }
ExitHere: return hr;}
HRESULTSetCurrentPrivilege ( LPCTSTR Privilege, // Privilege to enable/disable
BOOL bEnablePrivilege // to enable or disable privilege
){ HRESULT hr = S_OK; HANDLE hToken = NULL;
if (!OpenThreadToken( GetCurrentThread(), TOKEN_QUERY | TOKEN_ADJUST_PRIVILEGES, FALSE, &hToken)) { if(!OpenProcessToken( GetCurrentProcess(), TOKEN_QUERY | TOKEN_ADJUST_PRIVILEGES, &hToken )) { hr = HRESULT_FROM_WIN32(GetLastError()); goto ExitHere; } }
hr = SetPrivilege(hToken, Privilege, bEnablePrivilege);
ExitHere: if (hToken) { CloseHandle(hToken); } return hr;}
//
// SetSidOnAcl
//
BOOLSetSidOnAcl( PSID pSid, PACL pAclSource, PACL *pAclDestination, DWORD AccessMask, BYTE AceFlags, BOOL bAddSid ){ HRESULT hr = S_OK; ACL_SIZE_INFORMATION AclInfo; DWORD dwNewAclSize, dwErr; LPVOID pAce; DWORD AceCounter;
//
// If we were given a NULL Acl, just provide a NULL Acl
//
*pAclDestination = NULL; if(pAclSource == NULL || !IsValidSid(pSid)) { hr = E_INVALIDARG; goto ExitHere; }
if(!GetAclInformation( pAclSource, &AclInfo, sizeof(ACL_SIZE_INFORMATION), AclSizeInformation )) { hr = HRESULT_FROM_WIN32 (GetLastError ()); goto ExitHere; }
//
// compute size for new Acl, based on addition or subtraction of Ace
//
if(bAddSid) { dwNewAclSize=AclInfo.AclBytesInUse + sizeof(ACCESS_ALLOWED_ACE) + GetLengthSid(pSid) - sizeof(DWORD) ; } else { dwNewAclSize=AclInfo.AclBytesInUse - sizeof(ACCESS_ALLOWED_ACE) - GetLengthSid(pSid) + sizeof(DWORD) ; }
*pAclDestination = (PACL)ServerAlloc(dwNewAclSize);
if(*pAclDestination == NULL) { hr = LINEERR_NOMEM; goto ExitHere; } //
// initialize new Acl
//
if(!InitializeAcl( *pAclDestination, dwNewAclSize, ACL_REVISION )) { hr = HRESULT_FROM_WIN32 (GetLastError ()); goto ExitHere; }
//
// if appropriate, add ace representing pSid
//
if(bAddSid) { PACCESS_ALLOWED_ACE pNewAce;
if(!AddAccessAllowedAce( *pAclDestination, ACL_REVISION, AccessMask, pSid )) { hr = HRESULT_FROM_WIN32 (GetLastError ()); goto ExitHere; }
//
// get pointer to ace we just added, so we can change the AceFlags
//
if(!GetAce( *pAclDestination, 0, // this is the first ace in the Acl
(void**) &pNewAce )) { hr = HRESULT_FROM_WIN32 (GetLastError ()); goto ExitHere; }
pNewAce->Header.AceFlags = AceFlags; }
//
// copy existing aces to new Acl
//
for(AceCounter = 0 ; AceCounter < AclInfo.AceCount ; AceCounter++) { //
// fetch existing ace
//
if(!GetAce(pAclSource, AceCounter, &pAce)) { hr = HRESULT_FROM_WIN32 (GetLastError ()); goto ExitHere; } //
// check to see if we are removing the Ace
//
if(!bAddSid) { //
// we only care about ACCESS_ALLOWED aces
//
if((((PACE_HEADER)pAce)->AceType) == ACCESS_ALLOWED_ACE_TYPE) { PSID pTempSid=(PSID)&((PACCESS_ALLOWED_ACE)pAce)->SidStart; //
// if the Sid matches, skip adding this Sid
//
if(EqualSid(pSid, pTempSid)) { continue; } } }
//
// append ace to Acl
//
if(!AddAce( *pAclDestination, ACL_REVISION, MAXDWORD, // maintain Ace order
pAce, ((PACE_HEADER)pAce)->AceSize )) { hr = HRESULT_FROM_WIN32 (GetLastError ()); goto ExitHere; } }
ExitHere:
//
// free memory if an error occurred
//
if(hr) { if(*pAclDestination != NULL) { ServerFree(*pAclDestination); } }
return hr;}
//
// AddSIDToKernelObject()
//
// This function takes a given SID and dwAccess and adds it to a given token.
//
// ** Be sure to restore old kernel object
// ** using call to GetKernelObjectSecurity()
//
HRESULTAddSIDToKernelObjectDacl( PSID pSid, DWORD dwAccess, HANDLE OriginalToken, PSECURITY_DESCRIPTOR* ppSDOld){ HRESULT hr = S_OK; PSECURITY_DESCRIPTOR pSD = NULL; SECURITY_DESCRIPTOR sdNew; DWORD cbByte = MAX_SD, cbNeeded = 0, dwErr = 0; PACL pOldDacl = NULL, pNewDacl = NULL; BOOL fDaclPresent, fDaclDefaulted, fRet = FALSE; pSD = (PSECURITY_DESCRIPTOR) ServerAlloc(cbByte); if (NULL == pSD) { hr = LINEERR_NOMEM; goto ExitHere; }
if (!InitializeSecurityDescriptor( &sdNew, SECURITY_DESCRIPTOR_REVISION )) { hr = HRESULT_FROM_WIN32 (GetLastError()); goto ExitHere; }
if (!GetKernelObjectSecurity( OriginalToken, DACL_SECURITY_INFORMATION, pSD, cbByte, &cbNeeded )) { dwErr = GetLastError(); if (cbNeeded > MAX_SD && dwErr == ERROR_MORE_DATA) { ServerFree(pSD); pSD = (PSECURITY_DESCRIPTOR) ServerAlloc(cbNeeded); if (NULL == pSD) { hr = LINEERR_NOMEM; goto ExitHere; } if (!GetKernelObjectSecurity( OriginalToken, DACL_SECURITY_INFORMATION, pSD, cbNeeded, &cbNeeded )) { hr = HRESULT_FROM_WIN32 (GetLastError()); goto ExitHere; } dwErr = 0; } if (dwErr != 0) { hr = HRESULT_FROM_WIN32 (dwErr); goto ExitHere; } } if (!GetSecurityDescriptorDacl( pSD, &fDaclPresent, &pOldDacl, &fDaclDefaulted )) { hr = HRESULT_FROM_WIN32 (GetLastError()); goto ExitHere; } hr = SetSidOnAcl( pSid, pOldDacl, &pNewDacl, dwAccess, 0, TRUE ); if (hr) { goto ExitHere; } if (!SetSecurityDescriptorDacl( &sdNew, TRUE, pNewDacl, FALSE )) { hr = HRESULT_FROM_WIN32 (GetLastError()); goto ExitHere; } if (!SetKernelObjectSecurity( OriginalToken, DACL_SECURITY_INFORMATION, &sdNew )) { hr = HRESULT_FROM_WIN32 (GetLastError()); goto ExitHere; } *ppSDOld = pSD;
ExitHere:
if (NULL != pNewDacl) { ServerFree(pNewDacl); }
if (hr) { if (NULL != pSD) { ServerFree(pSD); *ppSDOld = NULL; } } return hr;}
//
// SetTokenDefaultDacl
//
// This function makes pSidUser and LocalSystem account
// have full access in the default DACL of the access token
// this is necessary for CreateThread to succeed without
// an assert in checked build
//
HRESULTSetTokenDefaultDacl(HANDLE hAccessToken, PSID pSidUser) { HRESULT hr = S_OK; SID_IDENTIFIER_AUTHORITY IDAuthorityNT = SECURITY_NT_AUTHORITY; PSID pLocalSid = NULL; TOKEN_DEFAULT_DACL defDACL = {0}; DWORD cbDACL;
if (!AllocateAndInitializeSid( &IDAuthorityNT, 1, SECURITY_LOCAL_SYSTEM_RID, 0,0,0,0,0,0,0, &pLocalSid )) { hr = HRESULT_FROM_WIN32(GetLastError()); goto ExitHere; }
cbDACL = sizeof(ACL) + sizeof(ACCESS_ALLOWED_ACE) + GetLengthSid (pLocalSid) + sizeof(ACCESS_ALLOWED_ACE) + GetLengthSid (pSidUser); defDACL.DefaultDacl = (PACL) ServerAlloc (cbDACL); if (defDACL.DefaultDacl == NULL) { hr = LINEERR_NOMEM; goto ExitHere; } if (!InitializeAcl ( defDACL.DefaultDacl, cbDACL, ACL_REVISION )) { hr = HRESULT_FROM_WIN32(GetLastError()); goto ExitHere; } if (!AddAccessAllowedAce ( defDACL.DefaultDacl, ACL_REVISION, GENERIC_ALL, pLocalSid ) || !AddAccessAllowedAce ( defDACL.DefaultDacl, ACL_REVISION, GENERIC_ALL, pSidUser )) { hr = HRESULT_FROM_WIN32(GetLastError()); goto ExitHere; } if (!SetTokenInformation ( hAccessToken, TokenDefaultDacl, &defDACL, sizeof(TOKEN_DEFAULT_DACL) )) { hr = HRESULT_FROM_WIN32(GetLastError()); goto ExitHere; }
ExitHere:
if (NULL != pLocalSid) { FreeSid(pLocalSid); }
if (defDACL.DefaultDacl != NULL) { ServerFree (defDACL.DefaultDacl); }
return hr;}
//
// GetLocalSystemToken
//
// This function grabs a process token from a LocalSystem process and uses it
// to impersonate when ncessary
//
HRESULTGetLocalSystemToken(HANDLE* phRet){ HRESULT hr = S_OK;
DWORD rgDefPIDs[128]; DWORD * rgPIDs = rgDefPIDs; DWORD cbPIDs = sizeof(rgDefPIDs), cbNeeded;
DWORD i; HANDLE hProcess = NULL; HANDLE hPToken = NULL, hPDupToken = NULL, hPTokenNew = NULL; HANDLE hToken;
PTOKEN_USER ptuUser = NULL; BOOL fSet = FALSE; PSECURITY_DESCRIPTOR pSD = NULL;
//
// Set up necessary privilege for follow-on security operation
//
if(hr = SetCurrentPrivilege(SE_DEBUG_NAME, TRUE)) { goto ExitHere; } if(hr = SetCurrentPrivilege(SE_TAKE_OWNERSHIP_NAME, TRUE)) { goto ExitHere; }
//
// Get the current thread/process token user info
//
if (!OpenThreadToken( GetCurrentThread(), TOKEN_QUERY | TOKEN_ADJUST_PRIVILEGES, FALSE, &hToken)) { if(!OpenProcessToken( GetCurrentProcess(), TOKEN_QUERY | TOKEN_ADJUST_PRIVILEGES, &hToken )) { hr = HRESULT_FROM_WIN32(GetLastError()); goto ExitHere; } } hr = GetTokenUser (hToken, &ptuUser); CloseHandle (hToken); if (hr) { goto ExitHere; }
//
// Get the list of process IDs in the system
//
while (1) { if (!EnumProcesses ( rgPIDs, cbPIDs, &cbNeeded )) { hr = HRESULT_FROM_WIN32(GetLastError()); goto ExitHere; } // Break out if we have large enough buf
if (cbNeeded < cbPIDs) { break; } // Otherwise, alloc larger buffer
if (rgPIDs != rgDefPIDs) { ServerFree (rgPIDs); } cbPIDs += 256; rgPIDs = (DWORD *)ServerAlloc (cbPIDs); if (rgPIDs == NULL) { hr = LINEERR_NOMEM; goto ExitHere; } }
//
// Walk processes until we find one that's running as
// local system
//
for (i = 1; i < (cbNeeded / sizeof(DWORD)); i++) { hProcess = OpenProcess( PROCESS_ALL_ACCESS, FALSE, rgPIDs[i] ); if (NULL == hProcess) { hr = HRESULT_FROM_WIN32(GetLastError()); goto ExitHere; } if (!OpenProcessToken( hProcess, READ_CONTROL | WRITE_DAC, &hPToken )) { hr = HRESULT_FROM_WIN32(GetLastError()); goto ExitHere; }
//
// We have got the process token, but in general
// we do not have TOKEN_DUPLICATE access. So we
// go ahead and whack the DACL of the object to
// grant us the access right.
// IMPORTANT: need to restore the original SD
//
if (hr = AddSIDToKernelObjectDacl( ptuUser->User.Sid, TOKEN_DUPLICATE, hPToken, &pSD )) { goto ExitHere; } fSet = TRUE; if (!OpenProcessToken( hProcess, TOKEN_DUPLICATE, &hPTokenNew )) { hr = HRESULT_FROM_WIN32(GetLastError()); goto ExitHere; } //
// Duplicate the token
//
if (!DuplicateTokenEx( hPTokenNew, TOKEN_ALL_ACCESS, NULL, SecurityImpersonation, TokenPrimary, &hPDupToken )) { hr = HRESULT_FROM_WIN32(GetLastError()); goto ExitHere; }
if (IsLocalSystem (hPDupToken) == S_OK && SetTokenDefaultDacl ( hPDupToken, ptuUser->User.Sid) == S_OK) { break; }
//
// Loop cleanup
//
if (!SetKernelObjectSecurity( hPToken, DACL_SECURITY_INFORMATION, pSD )) { hr = HRESULT_FROM_WIN32(GetLastError()); goto ExitHere; } fSet = FALSE;
if (hPDupToken) { CloseHandle (hPDupToken); hPDupToken = NULL; } if (hPTokenNew) { CloseHandle (hPTokenNew); hPTokenNew = NULL; } if (pSD != NULL) { ServerFree (pSD); pSD = NULL; } if (hPToken) { CloseHandle (hPToken); hPToken = NULL; } if (hProcess) { CloseHandle (hProcess); hProcess = NULL; } } if (i >= cbNeeded / sizeof(DWORD)) { hr = S_FALSE; }
ExitHere: if (fSet) { if (!SetKernelObjectSecurity( hPToken, DACL_SECURITY_INFORMATION, pSD )) { hr = HRESULT_FROM_WIN32(GetLastError()); } } if (hPTokenNew) { CloseHandle (hPTokenNew); } if (hPToken) { CloseHandle (hPToken); } if (pSD != NULL) { ServerFree (pSD); } if (hProcess) { CloseHandle (hProcess); } if (rgPIDs != rgDefPIDs) { ServerFree (rgPIDs); } if (ptuUser) { ServerFree (ptuUser); }
if (hr) { *phRet = NULL; if (hPDupToken) { CloseHandle (hPDupToken); } } else { *phRet = hPDupToken; } return hr;}
//
// ImpersonateLocalSystem
//
HRESULT ImpersonateLocalSystem (){ HRESULT hr = S_OK; HANDLE hTokenLocalSys;
hr = GetLocalSystemToken (&hTokenLocalSys); if (FAILED (hr)) { goto ExitHere; }
if (!ImpersonateLoggedOnUser( hTokenLocalSys )) { hr = HRESULT_FROM_WIN32 (GetLastError ()); goto ExitHere; }
ExitHere: if (hTokenLocalSys) { CloseHandle (hTokenLocalSys); } return hr;}
//
// RevertLocalSystemImp
//
// Revert the LocalSystem account impersonation
//
HRESULT RevertLocalSystemImp (){ HRESULT hr;
if (!RevertToSelf()) { hr = HRESULT_FROM_WIN32 (GetLastError ()); } else { hr = S_OK; }
return hr;}
//
// AllowAccessToScpProperties
//
// The ACEs grant read/write access to the computer account
// under which the TAPI service instance will be running
//
HRESULT AllowAccessToScpProperties( IADs *pSCPObject // IADs pointer to the SCP object.
){ HRESULT hr = S_OK;
VARIANT varSD; LPOLESTR szAttribute = L"nTSecurityDescriptor"; DWORD dwLen; IADsSecurityDescriptor *pSD = NULL; IADsAccessControlList *pACL = NULL; IDispatch *pDisp = NULL; IADsAccessControlEntry *pACE1 = NULL; IADsAccessControlEntry *pACE2 = NULL; IDispatch *pDispACE = NULL; long lFlags = 0L;
SID_IDENTIFIER_AUTHORITY sia = SECURITY_NT_AUTHORITY; PSID pSid = NULL; LPOLESTR szTrustee = NULL; SID_IDENTIFIER_AUTHORITY siaAll = SECURITY_WORLD_SID_AUTHORITY; PSID pSidAll = NULL; LPOLESTR szTrusteeAll = NULL;
//
// Give tapi server service logon account full control
//
if(!AllocateAndInitializeSid( &sia, 1, SECURITY_SERVICE_RID, 0, 0, 0, 0, 0, 0, 0, &pSid ) || !ConvertSidToStringSidW (pSid, &szTrustee)) { hr = HRESULT_FROM_NT(GetLastError()); goto ExitHere; }
//
// Give everyone read access
//
if(!AllocateAndInitializeSid( &siaAll, 1, SECURITY_WORLD_RID, 0, 0, 0, 0, 0, 0, 0, &pSidAll ) || !ConvertSidToStringSidW (pSidAll, &szTrusteeAll)) { hr = HRESULT_FROM_NT(GetLastError()); goto ExitHere; }
//
// Now get the nTSecurityDescriptor
//
VariantClear(&varSD); hr = pSCPObject->Get(szAttribute, &varSD); if (FAILED(hr) || (varSD.vt!=VT_DISPATCH)) { LOG((TL_ERROR, "Get nTSecurityDescriptor failed: 0x%x\n", hr)); goto ExitHere; }
//
// Use the V_DISPATCH macro to get the IDispatch pointer from VARIANT
// structure and QueryInterface for an IADsSecurityDescriptor pointer.
//
hr = V_DISPATCH( &varSD )->QueryInterface( IID_IADsSecurityDescriptor, (void**)&pSD ); if (FAILED(hr)) { LOG((TL_ERROR, "Couldn't get IADsSecurityDescriptor: 0x%x\n", hr)); goto ExitHere; } // Get an IADsAccessControlList pointer to the security descriptor's DACL.
hr = pSD->get_DiscretionaryAcl(&pDisp); if (SUCCEEDED(hr)) hr = pDisp->QueryInterface(IID_IADsAccessControlList,(void**)&pACL); if (FAILED(hr)) { LOG((TL_ERROR, "Couldn't get DACL: 0x%x\n", hr)); goto ExitHere; } // Create the COM object for the first ACE.
hr = CoCreateInstance( CLSID_AccessControlEntry, NULL, CLSCTX_INPROC_SERVER, IID_IADsAccessControlEntry, (void **)&pACE1 ); // Create the COM object for the second ACE.
if (SUCCEEDED(hr)) { hr = CoCreateInstance( CLSID_AccessControlEntry, NULL, CLSCTX_INPROC_SERVER, IID_IADsAccessControlEntry, (void **)&pACE2 ); } if (FAILED(hr)) { LOG((TL_ERROR, "Couldn't create ACEs: 0x%x\n", hr)); goto ExitHere; }
//
// Set the properties of the two ACEs.
//
// Set the trustee
hr = pACE1->put_Trustee( szTrustee ); hr = pACE2->put_Trustee( szTrusteeAll );
//
// Set the access rights
//
// Full access for service logon account
hr = pACE1->put_AccessMask( ADS_RIGHT_DELETE | ADS_RIGHT_READ_CONTROL | ADS_RIGHT_WRITE_DAC | ADS_RIGHT_WRITE_OWNER | ADS_RIGHT_SYNCHRONIZE | ADS_RIGHT_ACCESS_SYSTEM_SECURITY | ADS_RIGHT_GENERIC_READ | ADS_RIGHT_GENERIC_WRITE | ADS_RIGHT_GENERIC_EXECUTE | ADS_RIGHT_GENERIC_ALL | ADS_RIGHT_DS_CREATE_CHILD | ADS_RIGHT_DS_DELETE_CHILD | ADS_RIGHT_ACTRL_DS_LIST | ADS_RIGHT_DS_SELF | ADS_RIGHT_DS_READ_PROP | ADS_RIGHT_DS_WRITE_PROP | ADS_RIGHT_DS_DELETE_TREE | ADS_RIGHT_DS_LIST_OBJECT | ADS_RIGHT_DS_CONTROL_ACCESS ); // Read access for everyone
hr = pACE2->put_AccessMask( ADS_RIGHT_DS_READ_PROP | ADS_RIGHT_READ_CONTROL | ADS_RIGHT_GENERIC_READ | ADS_RIGHT_ACTRL_DS_LIST | ADS_RIGHT_DS_LIST_OBJECT ); // Set the ACE type.
hr = pACE1->put_AceType( ADS_ACETYPE_ACCESS_ALLOWED_OBJECT ); hr = pACE2->put_AceType( ADS_ACETYPE_ACCESS_ALLOWED_OBJECT );
// Set AceFlags to zero because ACE is not inheritable.
hr = pACE1->put_AceFlags( 0 ); hr = pACE2->put_AceFlags( 0 ); // Set Flags to indicate an ACE that protects a specified object.
hr = pACE1->put_Flags( 0 ); hr = pACE2->put_Flags( 0 ); // Set ObjectType to the schemaIDGUID of the attribute.
hr = pACE1->put_ObjectType( NULL ); hr = pACE2->put_ObjectType( NULL );
// Add the ACEs to the DACL. Need an IDispatch pointer for each ACE
// to pass to the AddAce method.
hr = pACE1->QueryInterface(IID_IDispatch,(void**)&pDispACE); if (SUCCEEDED(hr)) { hr = pACL->AddAce(pDispACE); } if (FAILED(hr)) { LOG((TL_ERROR, "Couldn't add first ACE: 0x%x\n", hr)); goto ExitHere; } else { if (pDispACE) pDispACE->Release(); pDispACE = NULL; } // Do it again for the second ACE.
hr = pACE2->QueryInterface(IID_IDispatch, (void**)&pDispACE); if (SUCCEEDED(hr)) { hr = pACL->AddAce(pDispACE); } if (FAILED(hr)) { LOG((TL_ERROR, "Couldn't add second ACE: 0x%x\n", hr)); goto ExitHere; } // Write the modified DACL back to the security descriptor.
hr = pSD->put_DiscretionaryAcl(pDisp); if (SUCCEEDED(hr)) { // Write the ntSecurityDescriptor property to the property cache.
hr = pSCPObject->Put(szAttribute, varSD); if (SUCCEEDED(hr)) { // SetInfo updates the SCP object in the directory.
hr = pSCPObject->SetInfo(); } } ExitHere: if (pDispACE) pDispACE->Release(); if (pACE1) pACE1->Release(); if (pACE2) pACE2->Release(); if (pACL) pACL->Release(); if (pDisp) pDisp->Release(); if (pSD) pSD->Release();
if (szTrustee) LocalFree (szTrustee);
if (pSid) FreeSid (pSid); if (szTrusteeAll) LocalFree (szTrusteeAll);
if (pSidAll) FreeSid (pSidAll); VariantClear(&varSD); return hr;}
/**********************************************************
* SCP Creation *********************************************************/ //
// CreateSCP
//
// Creates a server Service Connection Point object
// under the local host computer object
//
// Parameters:
// wszRDN - RDN
// szProductName - A member of "keywords" property
// szProductGuid - A member of "keywords" property
// szExtraKey - An extra member of "keywords" property
// szBindingInfo - value of property "serviceBindingInformation"
// szObjGuidVlueName
// - The value name to store the SCP object GUID
// under HKLM\Software\Microsoft\Windows\// CurrentVersion\Telephony\// if this value is NULL, we don't cache it in registry
// ppBindByGuidStr - For returning the SCP object GUID in the
// format of LPTSTR, if this is NULL, the GUID is
// not returned
//
HRESULT CreateSCP ( LPWSTR wszRDN, LPTSTR szProductName, LPTSTR szProductGuid, LPTSTR szExtraKey, LPTSTR szBindingInfo, LPTSTR szObjGuidValueName, LPTSTR * ppBindByGuidStr ){ DWORD dwStat, dwAttr, dwLen; HRESULT hr = S_OK; IDispatch *pDisp = NULL; // returned dispinterface of new object
IDirectoryObject *pComp = NULL; // Computer object; parent of SCP
IADs *pIADsSCP = NULL; // IADs interface on new object
BOOL bCoInited = FALSE; BOOL bRevert = FALSE;
//
// Values for SCPs keywords attribute. Tapisrv product GUID is defined
// in server.h, vendor GUID is from MSDN
//
DWORD dwNumKeywords = 4; TCHAR *KwVal[5]={ (LPTSTR) gszMSGuid, // Vendor GUID
(LPTSTR) szProductGuid, // Product GUID
(LPTSTR) gszVenderMS, // Vendor Name
(LPTSTR) szProductName, // Product Name
NULL };
if (szExtraKey != NULL && szExtraKey[0] != 0) { KwVal[4] = szExtraKey; ++dwNumKeywords; }
TCHAR szServer[MAX_PATH]; TCHAR szBinding[128]; TCHAR szDn[MAX_PATH]; TCHAR szAdsPath[MAX_PATH];
HKEY hReg = NULL; DWORD dwDisp;
ADSVALUE cn,objclass,keywords[5],binding, classname,dnsname,nametype;
//
// SCP attributes to set during creation of SCP.
//
ADS_ATTR_INFO ScpAttribs[] = { {TEXT("cn"), ADS_ATTR_UPDATE, ADSTYPE_CASE_IGNORE_STRING, &cn, 1}, {TEXT("objectClass"), ADS_ATTR_UPDATE, ADSTYPE_CASE_IGNORE_STRING, &objclass, 1}, {TEXT("keywords"), ADS_ATTR_UPDATE, ADSTYPE_CASE_IGNORE_STRING, keywords, dwNumKeywords}, {TEXT("serviceDNSName"), ADS_ATTR_UPDATE, ADSTYPE_CASE_IGNORE_STRING, &dnsname, 1}, {TEXT("serviceDNSNameType"), ADS_ATTR_UPDATE,ADSTYPE_CASE_IGNORE_STRING, &nametype, 1}, {TEXT("serviceClassName"), ADS_ATTR_UPDATE, ADSTYPE_CASE_IGNORE_STRING, &classname, 1}, {TEXT("serviceBindingInformation"), ADS_ATTR_UPDATE, ADSTYPE_CASE_IGNORE_STRING, &binding, 1}, };
// A binding GUID is of format
// LDAP:<GUID=B1A37774-E3F7-488E-ADBFD4DB8A4AB2E5>
BSTR bstrGuid = NULL; TCHAR szBindByGuidStr[64];
//
// Do CoInitializeEx
//
hr = CoInitializeEx (NULL, COINIT_MULTITHREADED); if (FAILED (hr)) { goto ExitHere; } bCoInited = TRUE;
//
// Do all the operation in LocalSystem account
//
if (IsCurrentLocalSystem () != S_OK) { hr = ImpersonateLocalSystem (); if (hr) { goto ExitHere; } bRevert = TRUE; }
//
// Get the DNS name of the local computer
//
dwLen = sizeof(szServer); if (!GetComputerNameEx( ComputerNameDnsFullyQualified, szServer, &dwLen )) { hr = HRESULT_FROM_NT(GetLastError()); LOG((TL_ERROR, "GetComputerNameEx: %s\n", szServer)); goto ExitHere; }
//
// Fill in the attribute values to be stored in the SCP.
//
cn.dwType = ADSTYPE_CASE_IGNORE_STRING; cn.CaseIgnoreString = wszRDN + 3; // 3 is the size of "CN="
objclass.dwType = ADSTYPE_CASE_IGNORE_STRING; objclass.CaseIgnoreString = TEXT("serviceConnectionPoint");
keywords[0].dwType = ADSTYPE_CASE_IGNORE_STRING; keywords[1].dwType = ADSTYPE_CASE_IGNORE_STRING; keywords[2].dwType = ADSTYPE_CASE_IGNORE_STRING; keywords[3].dwType = ADSTYPE_CASE_IGNORE_STRING; keywords[4].dwType = ADSTYPE_CASE_IGNORE_STRING;
keywords[0].CaseIgnoreString=KwVal[0]; keywords[1].CaseIgnoreString=KwVal[1]; keywords[2].CaseIgnoreString=KwVal[2]; keywords[3].CaseIgnoreString=KwVal[3]; keywords[4].CaseIgnoreString=KwVal[4];
dnsname.dwType = ADSTYPE_CASE_IGNORE_STRING; dnsname.CaseIgnoreString = szServer; nametype.dwType = ADSTYPE_CASE_IGNORE_STRING; nametype.CaseIgnoreString = TEXT("A"); classname.dwType = ADSTYPE_CASE_IGNORE_STRING; classname.CaseIgnoreString = szProductName;
binding.dwType = ADSTYPE_CASE_IGNORE_STRING; binding.CaseIgnoreString = szBindingInfo;
//
// Get the distinguished name of the computer object for the local computer
//
dwLen = sizeof(szDn); if (!GetComputerObjectName(NameFullyQualifiedDN, szDn, &dwLen)) { hr = HRESULT_FROM_NT(GetLastError()); LOG((TL_ERROR, "GetComputerObjectName: %s\n", szDn)); goto ExitHere; }
//
// Compose the ADSpath and bind to the computer object for the local computer
//
_tcscpy(szAdsPath,TEXT("LDAP://")); _tcscat(szAdsPath,szDn); hr = ADsGetObject(szAdsPath, IID_IDirectoryObject, (void **)&pComp); if (FAILED(hr)) { LOG((TL_ERROR, "Failed to bind Computer Object.",hr)); goto ExitHere; }
//*******************************************************************
// Publish the SCP as a child of the computer object
//*******************************************************************
// Figure out attribute count.
dwAttr = sizeof(ScpAttribs)/sizeof(ADS_ATTR_INFO);
// Do the Deed!
hr = pComp->CreateDSObject( wszRDN, ScpAttribs, dwAttr, &pDisp ); if (FAILED(hr)) { LOG((TL_ERROR, "Failed to create SCP: 0x%x\n", hr)); if (HRESULT_CODE(hr) == ERROR_OBJECT_ALREADY_EXISTS) { hr = HRESULT_FROM_NT (TAPIERR_SCP_ALREADY_EXISTS); } goto ExitHere; }
// Query for an IADs pointer on the SCP object.
hr = pDisp->QueryInterface(IID_IADs,(void **)&pIADsSCP); if (FAILED(hr)) { LOG((TL_ERROR, "Failed to QI for IADs: 0x%x\n",hr)); goto ExitHere; }
// Set ACEs on SCP so service can modify it.
hr = AllowAccessToScpProperties( pIADsSCP // IADs pointer to the SCP object.
); if (FAILED(hr)) { LOG((TL_ERROR, "Failed to set ACEs on SCP DACL: 0x%x\n", hr)); goto ExitHere; }
// Retrieve the SCP's objectGUID in format suitable for binding.
hr = pIADsSCP->get_GUID(&bstrGuid); if (FAILED(hr)) { LOG((TL_ERROR, "Failed to get GUID: 0x%x\n", hr)); goto ExitHere; }
// Build a string for binding to the object by GUID
_tcscpy(szBindByGuidStr, TEXT("LDAP://<GUID=")); _tcscat(szBindByGuidStr, bstrGuid); _tcscat(szBindByGuidStr, TEXT(">")); LOG((TL_INFO, "GUID binding string: %S\n", szBindByGuidStr));
// Set the returning BindByGuidStr if any
if (ppBindByGuidStr) { *ppBindByGuidStr = (LPTSTR) ServerAlloc ( (_tcslen (szBindByGuidStr) + 1) * sizeof(TCHAR) ); if (*ppBindByGuidStr == NULL) { hr = LINEERR_NOMEM; goto ExitHere; } _tcscpy (*ppBindByGuidStr, szBindByGuidStr); }
// Create a registry key under
// HKEY_LOCAL_MACHINE\SOFTWARE\Vendor\Product.
if (szObjGuidValueName) { dwStat = RegCreateKeyEx( HKEY_LOCAL_MACHINE, gszRegKeyTelephony, 0, NULL, REG_OPTION_NON_VOLATILE, KEY_SET_VALUE, NULL, &hReg, &dwDisp); if (dwStat != NO_ERROR) { hr = HRESULT_FROM_NT(GetLastError()); LOG((TL_ERROR, "RegCreateKeyEx failed: 0x%x\n", hr)); return hr; }
// Cache the GUID binding string under the registry key.
dwStat = RegSetValueEx( hReg, szObjGuidValueName, 0, REG_SZ, (const BYTE *)szBindByGuidStr, sizeof(TCHAR)*(_tcslen(szBindByGuidStr)) ); if (dwStat != NO_ERROR) { hr = HRESULT_FROM_NT(GetLastError()); LOG((TL_ERROR, "RegSetValueEx failed: 0x%x\n", hr)); // goto ExitHere;
} }
ExitHere: if (pDisp) { pDisp->Release(); } if (pIADsSCP) { pIADsSCP->Release(); } if (hReg) { RegCloseKey(hReg); } if (bstrGuid) { SysFreeString (bstrGuid); } if (pComp) { if (FAILED(hr)) { pComp->DeleteDSObject (wszRDN); } pComp->Release(); }
if (bRevert) { RevertLocalSystemImp (); }
if (bCoInited) { CoUninitialize (); }
return hr;}
//
// CreateTapiSCP
//
// Creates the TAPI server Service Connection Point object
// under the local host computer object
//
// Parameters:
// pGuidAssoc - GUID of the line/user association objecct GUID
// currently NULL
// pGuidCluster - The cluster object GUID this server belonging to
//
HRESULT CreateTapiSCP ( GUID * pGuidAssoc, GUID * pGuidCluster ){ DWORD dwStat, dwAttr, dwLen; HRESULT hr = S_OK;
TCHAR szGUIDCluster[40]; TCHAR szGUIDAssoc[40]; TCHAR szBinding[128];
EnterCriticalSection(&gSCPCritSec);
// Construct the binding information
if (pGuidCluster != NULL) { StringFromGUID2 ( *pGuidCluster, szGUIDCluster, sizeof(szGUIDCluster) / sizeof(TCHAR) ); } else { szGUIDCluster[0] = 0; } if (pGuidAssoc != NULL) { StringFromGUID2 ( *pGuidAssoc, szGUIDAssoc, sizeof(szGUIDAssoc) / sizeof(TCHAR) ); } else { szGUIDAssoc[0] = 0; }
wsprintf( szBinding, gszTapisrvBindingInfo, szGUIDCluster, szGUIDAssoc, TEXT("Inactive"), TEXT("") );
hr = CreateSCP ( (LPWSTR) gwszTapisrvRDN, (LPTSTR) gszTapisrvProdName, (LPTSTR) gszTapisrvGuid, (pGuidCluster == NULL) ? NULL : ((LPTSTR)szGUIDCluster), (LPTSTR) szBinding, (LPTSTR) gszRegTapisrvSCPGuid, NULL );
LeaveCriticalSection(&gSCPCritSec);
return hr;}
//
// CreateProxySCP
//
// Creates the TAPI proxy server Service Connection Point object
// under the local host computer object
//
// Parameters:
// szClsid - class ID of the proxy server object for DCOM invokation
// ppBindByGuidStr
// - where to return the BindByGuid string pointer
//
HRESULT CreateProxySCP ( LPTSTR szClsid, LPTSTR * ppBindByGuidStr ){ HRESULT hr = S_OK; // RDN size include "cn=TAPI Proxy Server" + szClsid(38ch)
WCHAR wszRDN[128]; WCHAR *psz;
wcscpy (wszRDN, gwszProxyRDN); wcscat (wszRDN, L"{"); psz = wszRDN + wcslen(wszRDN);#ifndef UNICODE
if (MultiByteToWideChar ( CP_ACP, MB_PRECOMPOSED, szClsid, -1, psz, (sizeof(wszRDN) - sizeof(gwszProxyRDN)) / sizeof(WCHAR) - 3 // 3 is to compensate for the two brace
) == 0) { hr = HRESULT_FROM_NT(GetLastError()); goto ExitHere; }#else
wcscat (wszRDN, szClsid);#endif
wcscat (wszRDN, L"}"); hr = CreateSCP ( (LPWSTR) wszRDN, (LPTSTR) gszProxyProdName, (LPTSTR) gszProxyGuid, NULL, (LPTSTR) szClsid, NULL, ppBindByGuidStr );
return hr;}
/**********************************************************
* SCP Update *********************************************************/ //
// UpdateSCP
//
// Update a general SCP properties when necessary to keep every
// piece ofthe information up to date. The following will be checked:
// 1. Check the serviceDNSName property against current computer
// DNS name to ensure consistancy
// 2. Check the binding information with the information given
//
// Parameters:
// szAdsPath - The ADs path of the SCP object
// szBinding - The binding information to compare with
//
HRESULT UpdateSCP ( LPTSTR szAdsPath, LPTSTR szBinding ){ HRESULT hr = S_OK; DWORD dwAttrs; int i; ADSVALUE dnsname,binding;
DWORD dwLen; BOOL bUpdate=FALSE; BOOL bCoInited = FALSE; BOOL bRevert = FALSE;
IDirectoryObject *pObj = NULL; PADS_ATTR_INFO pAttribs = NULL;
TCHAR szServer[MAX_PATH];
TCHAR *pszAttrs[]={ TEXT("serviceDNSName"), TEXT("serviceBindingInformation") };
ADS_ATTR_INFO Attribs[]={ {TEXT("serviceDNSName"),ADS_ATTR_UPDATE,ADSTYPE_CASE_IGNORE_STRING,& dnsname,1}, {TEXT("serviceBindingInformation"),ADS_ATTR_UPDATE, ADSTYPE_CASE_IGNORE_STRING,&binding,1}, };
//
// Do CoInitializeEx
//
hr = CoInitializeEx (NULL, COINIT_MULTITHREADED); if (FAILED (hr)) { goto ExitHere; } bCoInited = TRUE;
//
// Do all the operation in LocalSystem account
//
if (IsCurrentLocalSystem() != S_OK) { hr = ImpersonateLocalSystem (); if (hr) { goto ExitHere; } bRevert = TRUE; } // Get the DNS name of the host server.
dwLen = sizeof(szServer)/sizeof(TCHAR); if (!GetComputerNameEx(ComputerNameDnsFullyQualified, szServer, &dwLen)) { hr = HRESULT_FROM_NT(GetLastError()); goto ExitHere; }
// Bind to the SCP.
hr = ADsGetObject(szAdsPath, IID_IDirectoryObject, (void **)&pObj); if (FAILED(hr)) { LOG((TL_ERROR, "ADsGetObject failed to bind to GUID (bind string: %S): ", szAdsPath )); goto ExitHere; }
// Retrieve attributes from the SCP.
hr = pObj->GetObjectAttributes(pszAttrs, 2, &pAttribs, &dwAttrs); if (FAILED(hr)) { LOG((TL_ERROR, "GetObjectAttributes failed")); goto ExitHere; }
// Check if we got the correct attribute type
if (pAttribs->dwADsType != ADSTYPE_CASE_IGNORE_STRING || (pAttribs+1)->dwADsType != ADSTYPE_CASE_IGNORE_STRING) { LOG((TL_ERROR, "GetObjectAttributes returned dwADsType (%d,%d) instead of CASE_IGNORE_STRING", pAttribs->dwADsType, (pAttribs+1)->dwADsType )); goto ExitHere; }
// Compare the current DNS name and port to the values retrieved from
// the SCP. Update the SCP only if something has changed.
for (i=0; i<(LONG)dwAttrs; i++) { if (_tcsicmp(TEXT("serviceDNSName"), pAttribs[i].pszAttrName)==0) { if (_tcsicmp(szServer, pAttribs[i].pADsValues->CaseIgnoreString) != 0) { LOG((TL_TRACE, "serviceDNSName being updated", 0)); bUpdate = TRUE; } else { LOG((TL_TRACE, "serviceDNSName okay", 0)); } } else if (_tcsicmp( TEXT("serviceBindingInformation"), pAttribs[i].pszAttrName )==0) { if (_tcsicmp(szBinding, pAttribs[i].pADsValues->CaseIgnoreString) != 0) { LOG((TL_TRACE, "serviceBindingInformation being updated", 0)); bUpdate = TRUE; } else { LOG((TL_TRACE, "serviceBindingInformation okay")); } } }
// The binding information or server name have changed,
// so update the SCP values.
if (bUpdate) { dnsname.dwType = ADSTYPE_CASE_IGNORE_STRING; dnsname.CaseIgnoreString = szServer; binding.dwType = ADSTYPE_CASE_IGNORE_STRING; binding.CaseIgnoreString = szBinding; hr = pObj->SetObjectAttributes(Attribs, 2, &dwAttrs); if (FAILED(hr)) { LOG((TL_ERROR, "ScpUpdate: Failed to set SCP values. 0x%x", hr)); goto ExitHere; } }
ExitHere: if (pAttribs) { FreeADsMem(pAttribs); } if (pObj) { pObj->Release(); }
if (bRevert) { RevertLocalSystemImp (); }
if (bCoInited) { CoUninitialize (); }
return hr;}
//
// UpdateTapiSCP
//
// Update TAPI server SCP properties when necessary to keep every
// piece ofthe information up to date. The following will be checked:
//
// Parameters:
// pGuidAssoc - The line/user association guid
// pGuidCluster - The cluster GUID
//
HRESULT UpdateTapiSCP ( BOOL bActive, GUID * pGuidAssoc, GUID * pGuidCluster ){ HRESULT hr = S_OK; TCHAR szGUIDCluster[40]; TCHAR szGUIDAssoc[40]; TCHAR szBinding[128];
DWORD dwStat, dwType, dwLen; HKEY hReg = NULL; TCHAR szAdsPath[MAX_PATH];
LOG((TL_TRACE, "UpdateTapiSCP: enter, bActive: %d", bActive));
EnterCriticalSection(&gSCPCritSec);
// Open the service's registry key.
dwStat = RegOpenKeyEx( HKEY_LOCAL_MACHINE, gszRegKeyTelephony, 0, KEY_QUERY_VALUE, &hReg ); if (dwStat != NO_ERROR) { // Probably because the SCP never published, CreateTapiSCP
LOG((TL_ERROR, "RegOpenKeyEx failed", dwStat)); hr = HRESULT_FROM_NT(dwStat); goto ExitHere; }
// Get the GUID binding string used to bind to the service's SCP.
dwLen = sizeof(szAdsPath); dwStat = RegQueryValueEx( hReg, gszRegTapisrvSCPGuid, 0, &dwType, (LPBYTE)szAdsPath, &dwLen ); if (dwStat != NO_ERROR) { LOG((TL_ERROR, "UpdateTapiSCP: RegQueryValueEx TapisrvSCPGuid failed, error 0x%x", dwStat)); if (TapiGlobals.dwFlags & TAPIGLOBALS_SERVER) { if (FAILED(hr = CreateTapiSCP (pGuidAssoc, pGuidCluster))) { LOG((TL_ERROR, "UpdateTapiSCP: CreateTapiSCP failed")); goto ExitHere; }
// CreateTapiSCP succeeded, need to read the guid
dwLen = sizeof(szAdsPath); dwStat = RegQueryValueEx( hReg, gszRegTapisrvSCPGuid, 0, &dwType, (LPBYTE)szAdsPath, &dwLen ); if (dwStat != NO_ERROR) { LOG((TL_ERROR, "UpdateTapiSCP: CreateTapiSCP succeeded but cannot read the guid")); hr = HRESULT_FROM_NT(dwStat); goto ExitHere; } } else { LOG((TL_TRACE, "UpdateTapiSCP: Telephony server is not enabled")); hr = HRESULT_FROM_NT(dwStat); goto ExitHere; } }
// Format to generate desired binding information
if (pGuidCluster != NULL) { StringFromGUID2 ( *pGuidCluster, szGUIDCluster, sizeof(szGUIDCluster) / sizeof(TCHAR) ); } else { szGUIDCluster[0] = 0; } if (pGuidAssoc != NULL) { StringFromGUID2 ( *pGuidAssoc, szGUIDAssoc, sizeof(szGUIDAssoc) / sizeof(TCHAR) ); } else { szGUIDAssoc[0] = 0; }
//
// Now construct the serviceBindingInformation based on the
// service status
//
if (bActive) { TCHAR szTTL[64]; FILETIME ftCur; ULONGLONG ullInc, ullTime; SYSTEMTIME stExp;
// Get current time
GetSystemTimeAsFileTime (&ftCur); CopyMemory (&ullTime, &ftCur, sizeof(ULONGLONG));
// Get the time increment for gdwTapiSCPTTL minutes
// FILETIME is in the unit of 100 nanoseconds
ullInc = ((ULONGLONG)gdwTapiSCPTTL) * 60 * 10000000;
// Get the record expiration time
ullTime += ullInc; CopyMemory (&ftCur, &ullTime, sizeof(FILETIME));
//
// Convert the expiration time to system time and
// format the string
//
// The current TTL string is the concatenation of
// Year, Month, Date, Hour, Minute, Second, Milliseconds
// There are 5 digits allocated for year, 3 digits for
// milliseconds, and 2 digits fro the remaining fields
// all the numbers are zero padded to fill the extra space
//
// Format here needs to be consistant with \ // sp\remotesp\dslookup.cpp
//
FileTimeToSystemTime (&ftCur, &stExp); wsprintf ( szTTL, TEXT("%05d%02d%02d%02d%02d%02d%03d"), stExp.wYear, stExp.wMonth, stExp.wDay, stExp.wHour, stExp.wMinute, stExp.wSecond, stExp.wMilliseconds ); wsprintf( szBinding, gszTapisrvBindingInfo, szGUIDCluster, szGUIDAssoc, TEXT("Active"), szTTL ); } else { wsprintf( szBinding, gszTapisrvBindingInfo, szGUIDCluster, szGUIDAssoc, TEXT("Inactive"), TEXT("") ); } hr = UpdateSCP ( szAdsPath, szBinding );
ExitHere:
if (hReg) { RegCloseKey (hReg); } LeaveCriticalSection(&gSCPCritSec); return hr;}
//
// Proxy server exists only if TAPI server are alive
// the DS information not likely to change when TAPI server is
// alive, so no SCP updating routine for Proxy server
//
/**********************************************************
* SCP Removal *********************************************************/ //
// RemoveSCP
//
// Removes a Service Connection Point object from the
// local host computer object.
//
// Parameters:
// wszRDN - the RDN of the SCP to delete
// szRegNameToDel
// - The registery value name to be deleted
// If this value is NULL, no registry del
//
HRESULT RemoveSCP ( LPWSTR wszRDN, LPTSTR szRegNameToDel ){ HRESULT hr = S_OK; TCHAR szServer[MAX_PATH]; TCHAR szAdsPath[MAX_PATH]; DWORD dwLen, dwStat; HKEY hReg; IDirectoryObject * pComp = NULL; BOOL bCoInited = FALSE; BOOL bRevert = FALSE;
LOG((TL_TRACE, "RemoveSCP %S %S", wszRDN, szRegNameToDel));
//
// Do CoInitializeEx
//
hr = CoInitializeEx (NULL, COINIT_MULTITHREADED); if (FAILED (hr)) { goto ExitHere; } bCoInited = TRUE;
//
// Do all the operation in LocalSystem account
//
if (IsCurrentLocalSystem() != S_OK) { hr = ImpersonateLocalSystem (); if (hr) { goto ExitHere; } bRevert = TRUE; } // Get the DNS name of the host server.
dwLen = sizeof(szServer); if (!GetComputerObjectName(NameFullyQualifiedDN, szServer, &dwLen)) { hr = HRESULT_FROM_NT(GetLastError()); goto ExitHere; } //
// Compose the ADSpath and bind to the computer object for the local computer
//
_tcscpy(szAdsPath,TEXT("LDAP://")); _tcscat(szAdsPath,szServer); hr = ADsGetObject(szAdsPath, IID_IDirectoryObject, (void **)&pComp); if (FAILED(hr)) { LOG((TL_ERROR, "Failed (%x) to bind Computer Object.",hr)); goto ExitHere; }
hr = pComp->DeleteDSObject (wszRDN); if (FAILED (hr)) { LOG((TL_ERROR, "Failed (%x) to Delete Tapisrv Object.",hr)); if (HRESULT_CODE(hr) == ERROR_DS_NO_SUCH_OBJECT) { hr = HRESULT_FROM_NT (TAPIERR_SCP_DOES_NOT_EXIST); } goto ExitHere; } // Open the service's registry key.
if (szRegNameToDel) { dwStat = RegOpenKeyEx( HKEY_LOCAL_MACHINE, gszRegKeyTelephony, 0, KEY_QUERY_VALUE | KEY_WRITE, &hReg); if (dwStat == NO_ERROR) { RegDeleteValue ( hReg, szRegNameToDel ); RegCloseKey (hReg); } else { LOG((TL_ERROR, "RegOpenKeyEx failed", dwStat)); hr = HRESULT_FROM_NT(GetLastError());// goto ExitHere;
} }
ExitHere: if (pComp) pComp->Release(); if (bRevert) { RevertLocalSystemImp (); } if (bCoInited) { CoUninitialize (); } return hr;}
//
// RemoveTapiSCP
//
// Removes the TAPI server Service Connection Point object from the
// local host computer object. This happens if a TAPI server machine
// retires from service.
//
HRESULT RemoveTapiSCP ( ){ DWORD dwResult;
EnterCriticalSection(&gSCPCritSec); dwResult = RemoveSCP ( (LPWSTR) gwszTapisrvRDN, (LPTSTR) gszRegTapisrvSCPGuid ); LeaveCriticalSection(&gSCPCritSec);
return dwResult;}
//
// RemoveProxySCP
//
// Removes the proxy server Service Connection Point object from the
// local host computer object. This happens if the last line is closed
// from a certain proxy server (CLSID)
//
HRESULT RemoveProxySCP ( LPTSTR szClsid ){ HRESULT hr = S_OK;
// Construct the RDN
// RDN size include "cn=TAPI Proxy Server" + szClsid(38ch)
WCHAR wszRDN[128]; WCHAR *psz;
wcscpy (wszRDN, gwszProxyRDN); wcscat (wszRDN, L"{"); psz = wszRDN + wcslen(wszRDN);#ifndef UNICODE
if (MultiByteToWideChar ( CP_ACP, MB_PRECOMPOSED, szClsid, -1, psz, (sizeof(wszRDN) - sizeof(gwszProxyRDN)) / sizeof(WCHAR) - 3 // 3 is to compensate for the two brace
) == 0) { hr = HRESULT_FROM_NT(GetLastError()); goto ExitHere; }#else
wcscat (wszRDN, szClsid);#endif
wcscat (wszRDN, L"}");
// Call RemoveSCP
hr = RemoveSCP ( wszRDN, NULL );
//ExitHere:
return hr;}
/**********************************************************
* Proxy Server SCP management *********************************************************/
//
// The Rules:
// 1. An array of created SCP objects and their corresponding CLSID
// is maintained in a global data structure PROXY_SCPS
// 2. ServerInit calls OnProxySCPInit & ServerShutdown calls
// OnProxySCPShutdown
// 3. Every LOpen with proxy privilege will call OnProxyLineOpen with
// the proxy server CLSID as the input parameter.
// An SCP object will be created for a new CLSID, subsequent LOpen
// with the same CLSID will only increment the ref count
// 4. Every LClose with on a line (opened with proxy privilege) will call
// OnProxyLineClose with the proxy server CLSID as the input parameter
// The ref count is decemented every time for the SCP with the CLSID,
// if the ref count goes to zero, the SCP object will be deleted.
//
HRESULT OnProxySCPInit ( ){ TapiEnterCriticalSection (&TapiGlobals.CritSec); ZeroMemory (&gProxyScps, sizeof(gProxyScps)); TapiLeaveCriticalSection (&TapiGlobals.CritSec); return S_OK;}
HRESULT OnProxySCPShutdown ( ){ DWORD i;
TapiEnterCriticalSection (&TapiGlobals.CritSec); for (i = 0; i < gProxyScps.dwUsedEntries; ++i) { RemoveProxySCP (gProxyScps.aEntries[i].szClsid); } if (gProxyScps.aEntries != NULL) { ServerFree (gProxyScps.aEntries); } ZeroMemory (&gProxyScps, sizeof(gProxyScps)); TapiLeaveCriticalSection (&TapiGlobals.CritSec); return S_OK;}
HRESULT OnProxyLineOpen ( LPTSTR szClsid ){ HRESULT hr = S_OK; BOOL fExists = FALSE; DWORD i;
// Skip beginning/trailing white space
while (*szClsid == TEXT(' ') || *szClsid == TEXT('\t')) ++ szClsid; // A valid CLSID string should only contain 38 chars
if (_tcslen (szClsid) > 40) { hr = E_INVALIDARG; goto ExitHere; }
TapiEnterCriticalSection (&TapiGlobals.CritSec); // Is SCP for this szClsid already created (in array)?
for (i = 0; i < gProxyScps.dwUsedEntries; ++i) { if (_tcsicmp ( gProxyScps.aEntries[i].szClsid, szClsid ) == 0) { fExists = TRUE; break; } }
// If already exists, inc the ref count
if (fExists) { gProxyScps.aEntries[i].dwRefCount++; } // If not exists, create the new SCP and cache it
else { LPTSTR pBindByGuidStr; hr = CreateProxySCP (szClsid, &pBindByGuidStr); if (FAILED (hr)) { TapiLeaveCriticalSection (&TapiGlobals.CritSec); goto ExitHere; }
if (gProxyScps.dwUsedEntries >= gProxyScps.dwTotalEntries) { // Increase the size
PROXY_SCP_ENTRY * pNew;
pNew = (PPROXY_SCP_ENTRY) ServerAlloc ( sizeof(PROXY_SCP_ENTRY) * (gProxyScps.dwTotalEntries + 16) ); if (pNew == NULL) { hr = LINEERR_NOMEM; ServerFree (pBindByGuidStr); TapiLeaveCriticalSection (&TapiGlobals.CritSec); goto ExitHere; } CopyMemory ( pNew, gProxyScps.aEntries, sizeof(PROXY_SCP_ENTRY) * gProxyScps.dwTotalEntries ); ServerFree (gProxyScps.aEntries); gProxyScps.aEntries = pNew; gProxyScps.dwTotalEntries += 16; } i = gProxyScps.dwUsedEntries++; _tcscpy (gProxyScps.aEntries[i].szClsid, szClsid); _tcscpy (gProxyScps.aEntries[i].szObjGuid, pBindByGuidStr); gProxyScps.aEntries[i].dwRefCount = 1; ServerFree (pBindByGuidStr); } TapiLeaveCriticalSection (&TapiGlobals.CritSec);
ExitHere: return hr;}
HRESULT OnProxyLineClose ( LPTSTR szClsid ){ HRESULT hr = S_OK; BOOL fExists = FALSE; DWORD i;
// Skip beginning/trailing white space
while (*szClsid == TEXT(' ') || *szClsid == TEXT('\t')) ++ szClsid; // A valid CLSID string should only contain 38 chars
if (_tcslen (szClsid) > 40) { hr = E_INVALIDARG; goto ExitHere; }
TapiEnterCriticalSection (&TapiGlobals.CritSec); // Is SCP for this szClsid already created (in array)?
for (i = 0; i < gProxyScps.dwUsedEntries; ++i) { if (_tcsicmp ( gProxyScps.aEntries[i].szClsid, szClsid ) == 0) { fExists = TRUE; break; } }
if (fExists) { --gProxyScps.aEntries[i].dwRefCount; // If ref count goes to zero, remove the SCP
if (gProxyScps.aEntries[i].dwRefCount == 0) { hr = RemoveProxySCP (gProxyScps.aEntries[i].szClsid); if (i < gProxyScps.dwUsedEntries - 1) { MoveMemory ( gProxyScps.aEntries + i, gProxyScps.aEntries + i + 1, sizeof(PROXY_SCP_ENTRY) * (gProxyScps.dwUsedEntries - 1 - i) ); } --gProxyScps.dwUsedEntries; } } TapiLeaveCriticalSection (&TapiGlobals.CritSec);
ExitHere: return hr;}
|
