archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 5c6fe3db62
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c6fe3db62'
${ noResults }
windows-server-2003/shell/ext/ratings/mslocusr/msluuser.cpp

552 lines
14 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. #include "mslocusr.h"
  2. #include "msluglob.h"
  3. #include <buffer.h>
  4. #include <regentry.h>
  5. #include "profiles.h"
  7. extern "C" {
  8. #include "netmpr.h"
  9. };
  11. #include <ole2.h>
  13. CLUUser::CLUUser(CLUDatabase *pDB)
  14. : m_cRef(1),
  15. m_hkeyDB(NULL),
  16. m_hkeyUser(NULL),
  17. m_fUserExists(FALSE),
  18. m_fAppearsSupervisor(FALSE),
  19. m_fLoadedProfile(FALSE),
  20. m_nlsUsername(),
  21. m_nlsDir(MAX_PATH),
  22. m_nlsPassword(),
  23. m_fAuthenticated(FALSE),
  24. m_pDB(pDB)
  25. {
  26. /* We have a reference to the database so we can get back to its idea
  27. * of the current user. We handle circular refcount problems specifically
  28. * in CLUDatabase::Release; the database only has one reference to an
  29. * IUser, so if his refcount gets down to 1, he releases his cached
  30. * current-user object.
  31. */
  32. m_pDB->AddRef();
  34. RefThisDLL(TRUE);
  35. }
  38. CLUUser::~CLUUser(void)
  39. {
  40. if (m_hkeyDB != NULL)
  41. RegCloseKey(m_hkeyDB);
  43. if (m_hkeyUser != NULL)
  44. RegCloseKey(m_hkeyUser);
  46. if (m_pDB != NULL)
  47. m_pDB->Release();
  49. RefThisDLL(FALSE);
  50. }
  53. HRESULT CLUUser::Init(LPCSTR pszUsername)
  54. {
  55. m_nlsUsername = pszUsername;
  57. UINT err = m_nlsUsername.QueryError();
  58. if (err != ERROR_SUCCESS)
  59. return HRESULT_FROM_WIN32(err);
  61. err = m_nlsDir.QueryError();
  62. if (err != ERROR_SUCCESS)
  63. return HRESULT_FROM_WIN32(err);
  65. err = (UINT)RegOpenKey(HKEY_LOCAL_MACHINE, ::szProfileList, &m_hkeyDB);
  66. if (err != ERROR_SUCCESS)
  67. return HRESULT_FROM_WIN32(err);
  69. if (!::strcmpf(pszUsername, ::szDefaultUserName)) {
  70. m_fUserExists = TRUE;
  71. m_fAppearsSupervisor = FALSE;
  72. }
  73. else {
  74. err = (UINT)RegOpenKey(m_hkeyDB, pszUsername, &m_hkeyUser);
  75. if (err != ERROR_SUCCESS) {
  76. m_hkeyUser = NULL;
  77. m_fUserExists = FALSE;
  78. }
  79. else {
  80. DWORD cb = sizeof(m_fAppearsSupervisor);
  81. if (RegQueryValueEx(m_hkeyUser, ::szSupervisor, NULL, NULL,
  82. (LPBYTE)&m_fAppearsSupervisor, &cb) != ERROR_SUCCESS) {
  83. m_fAppearsSupervisor = FALSE;
  84. }
  85. DWORD cbDir = m_nlsDir.QueryAllocSize();
  86. LPBYTE pbDir = (LPBYTE)m_nlsDir.Party();
  87. err = RegQueryValueEx(m_hkeyUser, ::szProfileImagePath, NULL, NULL,
  88. pbDir, &cbDir);
  89. if (err != ERROR_SUCCESS)
  90. *pbDir = '\0';
  91. m_nlsDir.DonePartying();
  92. m_fUserExists = (err == ERROR_SUCCESS);
  93. }
  94. }
  96. return NOERROR;
  97. }
  100. STDMETHODIMP CLUUser::QueryInterface(REFIID riid, LPVOID * ppvObj)
  101. {
  102. if (!IsEqualIID(riid, IID_IUnknown) &&
  103. !IsEqualIID(riid, IID_IUser)) {
  104. *ppvObj = NULL;
  105. return ResultFromScode(E_NOINTERFACE);
  106. }
  108. *ppvObj = this;
  109. AddRef();
  110. return NOERROR;
  111. }
  114. STDMETHODIMP_(ULONG) CLUUser::AddRef(void)
  115. {
  116. return ++m_cRef;
  117. }
  120. STDMETHODIMP_(ULONG) CLUUser::Release(void)
  121. {
  122. ULONG cRef;
  124. cRef = --m_cRef;
  126. if (0L == m_cRef) {
  127. delete this;
  128. }
  130. return cRef;
  131. }
  134. STDMETHODIMP CLUUser::GetName(LPSTR pbBuffer, LPDWORD pcbBuffer)
  135. {
  136. if (m_nlsUsername.QueryError())
  137. return ResultFromScode(E_OUTOFMEMORY);
  139. UINT err = NPSCopyNLS(&m_nlsUsername, pbBuffer, pcbBuffer);
  141. return HRESULT_FROM_WIN32(err);
  142. }
  145. STDMETHODIMP CLUUser::GetProfileDirectory(LPSTR pbBuffer, LPDWORD pcbBuffer)
  146. {
  147. if (m_nlsDir.QueryError())
  148. return ResultFromScode(E_OUTOFMEMORY);
  150. if (!m_nlsDir.strlen())
  151. return HRESULT_FROM_WIN32(ERROR_PATH_NOT_FOUND);
  153. UINT err = NPSCopyNLS(&m_nlsDir, pbBuffer, pcbBuffer);
  155. return HRESULT_FROM_WIN32(err);
  156. }
  159. BOOL CLUUser::IsSystemCurrentUser(void)
  160. {
  161. NLS_STR nlsSystemUsername(MAX_PATH);
  162. if (nlsSystemUsername.QueryError() == ERROR_SUCCESS) {
  163. if (SUCCEEDED(GetSystemCurrentUser(&nlsSystemUsername)) &&
  164. !m_nlsUsername.stricmp(nlsSystemUsername)) {
  165. return TRUE;
  166. }
  167. }
  168. return FALSE;
  169. }
  172. HRESULT CLUUser::GetSupervisorPassword(BUFFER *pbufOut)
  173. {
  174. LPSTR pBuffer = (LPSTR)pbufOut->QueryPtr();
  176. if (!m_fAuthenticated) {
  177. if (IsSystemCurrentUser()) {
  178. WORD cbBuffer = (WORD)pbufOut->QuerySize();
  179. APIERR err = WNetGetCachedPassword((LPSTR)::szSupervisorPWLKey,
  180. (WORD)::strlenf(::szSupervisorPWLKey),
  181. pBuffer,
  182. &cbBuffer,
  183. PCE_MISC);
  184. if (err == ERROR_SUCCESS)
  185. return S_OK;
  186. if (err == WN_CANCEL)
  187. return S_FALSE;
  188. return HRESULT_FROM_WIN32(err);
  189. }
  190. return HRESULT_FROM_WIN32(ERROR_NOT_AUTHENTICATED);
  191. }
  193. HPWL hPWL;
  194. HRESULT hres = GetPasswordCache(m_nlsPassword.QueryPch(), &hPWL);
  195. if (FAILED(hres))
  196. return hres;
  198. APIERR err = FindCacheResource(hPWL, ::szSupervisorPWLKey,
  199. (WORD)::strlenf(::szSupervisorPWLKey),
  200. pBuffer,
  201. (WORD)pbufOut->QuerySize(),
  202. PCE_MISC);
  203. ::ClosePasswordCache(hPWL, TRUE);
  205. if (err == IERR_CacheEntryNotFound)
  206. return S_FALSE;
  207. else if (err != NOERROR)
  208. return HRESULT_FROM_WIN32(err);
  210. CACHE_ENTRY_INFO *pcei = (CACHE_ENTRY_INFO *)pBuffer;
  211. ::memmovef(pBuffer, pBuffer + pcei->dchPassword, pcei->cbPassword);
  213. return NOERROR;
  214. }
  217. STDMETHODIMP CLUUser::IsSupervisor(void)
  218. {
  219. /* If the supervisor password is blank, then everybody's a supervisor */
  220. if (::VerifySupervisorPassword(::szNULL) == S_OK)
  221. return S_OK;
  223. /* If temporary supervisor privilege has been granted to this user object,
  224. * honor it.
  225. */
  227. if (m_fTempSupervisor)
  228. return S_OK;
  230. BUFFER bufPCE(MAX_ENTRY_SIZE+2);
  231. if (bufPCE.QueryPtr() == NULL)
  232. return E_OUTOFMEMORY;
  234. HRESULT hres = GetSupervisorPassword(&bufPCE);
  236. if (hres != S_OK)
  237. return hres;
  239. return ::VerifySupervisorPassword((LPCSTR)bufPCE.QueryPtr());
  240. }
  243. APIERR MakeSupervisor(HPWL hPWL, LPCSTR pszSupervisorPassword)
  244. {
  245. #ifdef MSLOCUSR_USE_SUPERVISOR_PASSWORD
  246. return ::AddCacheResource(hPWL,
  247. ::szSupervisorPWLKey,
  248. ::strlenf(::szSupervisorPWLKey),
  249. pszSupervisorPassword,
  250. ::strlenf(pszSupervisorPassword)+1,
  251. PCE_MISC, 0);
  252. #else
  253. return ERROR_SUCCESS;
  254. #endif
  255. }
  258. STDMETHODIMP CLUUser::SetSupervisorPrivilege(BOOL fMakeSupervisor, LPCSTR pszSupervisorPassword)
  259. {
  260. if (m_pDB == NULL)
  261. return E_UNEXPECTED;
  263. #ifndef MSLOCUSR_USE_SUPERVISOR_PASSWORD
  265. /* Don't write stuff to the user's password cache if we're not doing any
  266. * supervisor password stuff.
  267. */
  268. m_fAppearsSupervisor = fMakeSupervisor;
  269. return S_OK;
  271. #else
  273. BUFFER bufPCE(MAX_ENTRY_SIZE+2);
  274. if (bufPCE.QueryPtr() == NULL)
  275. return E_OUTOFMEMORY;
  277. HRESULT hres = S_OK;
  279. /* If supervisor password is provided by the caller, use that, otherwise
  280. * inspect the current user's password cache.
  281. */
  282. if (pszSupervisorPassword == NULL) {
  283. IUser *pCurrentUser;
  284. if (FAILED(m_pDB->GetCurrentUser(&pCurrentUser)))
  285. return E_ACCESSDENIED;
  287. hres = ((CLUUser *)pCurrentUser)->GetSupervisorPassword(&bufPCE);
  288. pCurrentUser->Release();
  289. pszSupervisorPassword = (LPCSTR)bufPCE.QueryPtr();
  290. }
  292. if (SUCCEEDED(hres)) {
  293. hres = ::VerifySupervisorPassword(pszSupervisorPassword);
  294. if (hres == S_OK) { /* not SUCCEEDED because S_FALSE means wrong PW */
  295. HPWL hpwlThisUser;
  296. hres = GetPasswordCache(m_nlsPassword.QueryPch(), &hpwlThisUser);
  297. if (SUCCEEDED(hres)) {
  298. APIERR err;
  299. if (fMakeSupervisor)
  300. {
  301. err = ::MakeSupervisor(hpwlThisUser, pszSupervisorPassword);
  302. }
  303. else {
  304. err = ::DeleteCacheResource(hpwlThisUser,
  305. ::szSupervisorPWLKey,
  306. ::strlenf(::szSupervisorPWLKey),
  307. PCE_MISC);
  308. }
  309. ::ClosePasswordCache(hpwlThisUser, TRUE);
  311. hres = HRESULT_FROM_WIN32(err);
  312. }
  313. else if (!m_fAuthenticated && IsSystemCurrentUser()) {
  314. APIERR err;
  315. if (fMakeSupervisor) {
  316. err = ::WNetCachePassword(
  317. (LPSTR)::szSupervisorPWLKey,
  318. ::strlenf(::szSupervisorPWLKey),
  319. (LPSTR)pszSupervisorPassword,
  320. ::strlenf(pszSupervisorPassword)+1,
  321. PCE_MISC, 0);
  322. }
  323. else {
  324. err = ::WNetRemoveCachedPassword(
  325. (LPSTR)::szSupervisorPWLKey,
  326. ::strlenf(::szSupervisorPWLKey),
  327. PCE_MISC);
  328. }
  329. hres = HRESULT_FROM_WIN32(err);
  330. }
  332. if (SUCCEEDED(hres)) {
  333. m_fAppearsSupervisor = fMakeSupervisor;
  334. if (m_hkeyUser != NULL)
  335. RegSetValueEx(m_hkeyUser, ::szSupervisor, NULL,
  336. REG_DWORD, (LPBYTE)&m_fAppearsSupervisor,
  337. sizeof(m_fAppearsSupervisor));
  338. }
  339. }
  340. }
  342. return hres;
  344. #endif
  345. }
  348. STDMETHODIMP CLUUser::MakeTempSupervisor(BOOL fMakeSupervisor, LPCSTR pszSupervisorPassword)
  349. {
  350. if (!fMakeSupervisor)
  351. m_fTempSupervisor = FALSE;
  352. else {
  353. HRESULT hres = ::VerifySupervisorPassword(pszSupervisorPassword);
  354. if (hres == S_FALSE)
  355. hres = E_ACCESSDENIED;
  356. if (FAILED(hres))
  357. return hres;
  359. m_fTempSupervisor = TRUE;
  360. }
  362. return S_OK;
  363. }
  366. STDMETHODIMP CLUUser::AppearsSupervisor(void)
  367. {
  368. if (m_fTempSupervisor)
  369. return S_OK;
  371. return m_fAppearsSupervisor ? S_OK : S_FALSE;
  372. }
  375. STDMETHODIMP CLUUser::Authenticate(LPCSTR pszPassword)
  376. {
  377. HPWL hPWL = NULL;
  379. HRESULT hres = GetPasswordCache(pszPassword, &hPWL);
  380. if (FAILED(hres))
  381. return hres;
  383. ::ClosePasswordCache(hPWL, TRUE);
  385. return NOERROR;
  386. }
  389. STDMETHODIMP CLUUser::ChangePassword(LPCSTR pszOldPassword, LPCSTR pszNewPassword)
  390. {
  391. // if current user is supervisor, allow null pszOldPassword
  393. NLS_STR nlsNewPassword(pszNewPassword);
  394. if (nlsNewPassword.QueryError())
  395. return HRESULT_FROM_WIN32(nlsNewPassword.QueryError());
  396. nlsNewPassword.strupr();
  397. nlsNewPassword.ToOEM();
  399. HPWL hPWL;
  401. HRESULT hres = GetPasswordCache(pszOldPassword, &hPWL);
  403. if (FAILED(hres))
  404. return hres;
  406. hres = HRESULT_FROM_WIN32(::SetCachePassword(hPWL, nlsNewPassword.QueryPch()));
  408. if (SUCCEEDED(hres)) {
  409. m_nlsPassword = pszNewPassword; /* FEATURE - obfuscate me */
  410. m_fAuthenticated = TRUE;
  411. }
  413. ::ClosePasswordCache(hPWL, TRUE);
  415. return hres;
  416. }
  419. HRESULT GetUserPasswordCache(LPCSTR pszUsername, LPCSTR pszPassword, LPHANDLE phOut, BOOL fCreate)
  420. {
  421. NLS_STR nlsUsername(pszUsername);
  422. if (nlsUsername.QueryError())
  423. return HRESULT_FROM_WIN32(nlsUsername.QueryError());
  425. nlsUsername.strupr();
  426. nlsUsername.ToOEM();
  428. NLS_STR nlsPassword(pszPassword);
  429. if (nlsPassword.QueryError())
  430. return HRESULT_FROM_WIN32(nlsPassword.QueryError());
  432. nlsPassword.ToOEM();
  434. *phOut = NULL;
  435. UINT err = ::OpenPasswordCache(phOut, nlsUsername.QueryPch(), nlsPassword.QueryPch(), TRUE);
  437. if (fCreate &&
  438. (err == IERR_UsernameNotFound || err == ERROR_FILE_NOT_FOUND ||
  439. err == ERROR_PATH_NOT_FOUND)) {
  440. err = ::CreatePasswordCache(phOut, nlsUsername.QueryPch(), nlsPassword.QueryPch());
  441. }
  443. if (err == IERR_IncorrectUsername) {
  444. nlsPassword.ToAnsi(); /* must convert to OEM to uppercase properly */
  445. nlsPassword.strupr();
  446. nlsPassword.ToOEM();
  447. err = ::OpenPasswordCache(phOut, nlsUsername.QueryPch(), nlsPassword.QueryPch(), TRUE);
  448. }
  450. if (err)
  451. return HRESULT_FROM_WIN32(err);
  453. return S_OK;
  454. }
  457. STDMETHODIMP CLUUser::GetPasswordCache(LPCSTR pszPassword, LPHANDLE phOut)
  458. {
  459. HRESULT hres = ::GetUserPasswordCache(m_nlsUsername.QueryPch(), pszPassword,
  460. phOut, TRUE);
  461. if (FAILED(hres))
  462. return hres;
  464. m_nlsPassword = pszPassword; /* FEATURE - obfuscate me */
  465. m_fAuthenticated = TRUE;
  467. return NOERROR;
  468. }
  471. STDMETHODIMP CLUUser::LoadProfile(HKEY *phkeyUser)
  472. {
  473. if (IsSystemCurrentUser() ||
  474. !::strcmpf(m_nlsUsername.QueryPch(), ::szDefaultUserName)) {
  475. /* If he's the current or default user, his profile should be loaded
  476. * under HKEY_USERS. If it is, we can return that key. Otherwise,
  477. * we'll need to load it.
  478. */
  479. if (RegOpenKeyEx(HKEY_USERS, m_nlsUsername.QueryPch(), 0,
  480. KEY_READ | KEY_WRITE, phkeyUser) == ERROR_SUCCESS) {
  481. m_fLoadedProfile = FALSE;
  482. return S_OK;
  483. }
  484. }
  485. else {
  486. if (IsCurrentUserSupervisor(m_pDB) != S_OK)
  487. return E_ACCESSDENIED;
  488. }
  490. RegEntry reRoot(::szProfileList, HKEY_LOCAL_MACHINE);
  491. if (reRoot.GetError() != ERROR_SUCCESS)
  492. return HRESULT_FROM_WIN32(reRoot.GetError());
  494. reRoot.MoveToSubKey(m_nlsUsername.QueryPch());
  495. if (reRoot.GetError() != ERROR_SUCCESS)
  496. return HRESULT_FROM_WIN32(reRoot.GetError());
  498. NLS_STR nlsProfilePath(MAX_PATH);
  499. if (nlsProfilePath.QueryError() != ERROR_SUCCESS)
  500. return E_OUTOFMEMORY;
  502. reRoot.GetValue(::szProfileImagePath, &nlsProfilePath);
  503. if (reRoot.GetError() != ERROR_SUCCESS)
  504. return HRESULT_FROM_WIN32(reRoot.GetError());
  506. AddBackslash(nlsProfilePath);
  507. nlsProfilePath.strcat(::szStdNormalProfile);
  508. if (!FileExists(nlsProfilePath.QueryPch()))
  509. return HRESULT_FROM_WIN32(ERROR_FILE_NOT_FOUND);
  511. LONG err = ::MyRegLoadKey(HKEY_USERS, m_nlsUsername.QueryPch(), nlsProfilePath.QueryPch());
  512. if (err == ERROR_SUCCESS) {
  513. HKEY hkeyNewProfile;
  514. err = ::RegOpenKey(HKEY_USERS, m_nlsUsername.QueryPch(), phkeyUser);
  515. if (err != ERROR_SUCCESS) {
  516. ::RegUnLoadKey(HKEY_USERS, m_nlsUsername.QueryPch());
  517. }
  518. else {
  519. m_fLoadedProfile = TRUE;
  520. }
  521. }
  523. return HRESULT_FROM_WIN32(err);
  524. }
  527. STDMETHODIMP CLUUser::UnloadProfile(HKEY hkeyUser)
  528. {
  529. RegFlushKey(hkeyUser);
  530. RegCloseKey(hkeyUser);
  532. if (m_fLoadedProfile) {
  533. RegUnLoadKey(HKEY_USERS, m_nlsUsername.QueryPch());
  534. m_fLoadedProfile = FALSE;
  535. }
  536. return S_OK;
  537. }
  540. STDMETHODIMP CLUUser::GetComponentSettings(REFCLSID clsidComponent,
  541. LPCSTR pszName, IUnknown **ppOut,
  542. DWORD fdwAccess)
  543. {
  544. return ResultFromScode(E_NOTIMPL);
  545. }
  548. STDMETHODIMP CLUUser::EnumerateComponentSettings(IEnumUnknown **ppOut,
  549. DWORD fdwAccess)
  550. {
  551. return ResultFromScode(E_NOTIMPL);
  552. }