|
|
/*++
(c) 1998 Seagate Software, Inc. All rights reserved.
Module Name:
fsaftclt.cpp
Abstract:
This class represents a user who the filter has detected accessing a file with placeholder information.
Author:
Chuck Bardeen [cbardeen] 12-Feb-1997
Revision History:
--*/
#include "stdafx.h"
extern "C" {#include <ntseapi.h>
#include <wchar.h>
#include <lmaccess.h>
#include <lmserver.h>
#include <lmshare.h>
#include <lmapibuf.h>
#include <lmerr.h>
// #define MAC_SUPPORT // NOTE: You must define MAC_SUPPORT in fsafltr.cpp to enable all the code
#ifdef MAC_SUPPORT
#include <macfile.h>
#endif
}
#define WSB_TRACE_IS WSB_TRACE_BIT_FSA
#include "wsb.h"
#include "fsa.h"
#include "fsaftclt.h"
static USHORT iCountFtclt = 0; // Count of existing objects
//
// We need to dynamically load the DLL for MAC support because it is not there if
// the MAC service is not installed.
//
#ifdef MAC_SUPPORT
HANDLE FsaDllSfm = 0;BOOL FsaMacSupportInstalled = FALSE;
extern "C" {DWORD (*pAfpAdminConnect) (LPWSTR lpwsServerName, PAFP_SERVER_HANDLE phAfpServer);VOID (*pAfpAdminDisconnect) (AFP_SERVER_HANDLE hAfpServer);VOID (*pAfpAdminBufferFree) (PVOID pBuffer);DWORD (*pAfpAdminSessionEnum) (AFP_SERVER_HANDLE hAfpServer, LPBYTE *lpbBuffer, DWORD dwPrefMaxLen, LPDWORD lpdwEntriesRead, LPDWORD lpdwTotalEntries, LPDWORD lpdwResumeHandle);}#endif
DWORD FsaIdentifyThread(void *pNotifyInterface);
�DWORD FsaIdentifyThread( void* pVoid )
/*++
Entry point of the thread that performs identify operation with remote clients.
--*/{HRESULT hr;
hr = CoInitializeEx(NULL, COINIT_MULTITHREADED); hr = ((CFsaFilterClient*) pVoid)->IdentifyThread(); CoUninitialize(); return(hr);}
//
// Get RsNotify interface (being used here in identify thread -
// similar utility function is being used in RsLnk)
//
staticHRESULTGetNotifyClientInterface( IN OLECHAR * machineName, OUT IFsaRecallNotifyClient ** ppClient ){ HRESULT hr = S_OK;
try {
//
// Make sure parameters OK and OUTs initially cleared
//
WsbAffirmPointer ( ppClient ); *ppClient = 0;
//
// If connecting local, things work better to use NULL
// for the computer name
//
if ( machineName ) {
CWsbStringPtr localMachine; WsbAffirmHr( WsbGetComputerName( localMachine ) );
if( _wcsicmp( localMachine, machineName ) == 0 ) {
machineName = 0;
}
}
//
// Set server info
//
COSERVERINFO csi; COAUTHINFO cai; memset ( &csi, 0, sizeof ( csi ) ); memset ( &cai, 0, sizeof ( cai ) );
// Set machine name
csi.pwszName = machineName;
// Create a proxy with security settings of no authentication (note that RsNotify is running with this security)
cai.dwAuthnSvc = RPC_C_AUTHN_WINNT; cai.dwAuthzSvc = RPC_C_AUTHZ_DEFAULT; cai.pwszServerPrincName = NULL; cai.dwImpersonationLevel = RPC_C_IMP_LEVEL_IMPERSONATE; cai.pAuthIdentityData = NULL; cai.dwCapabilities = EOAC_NONE;
cai.dwAuthnLevel = RPC_C_AUTHN_LEVEL_NONE;
csi.pAuthInfo = &cai;
//
// We want IFsaRecallNotifyClient back
//
MULTI_QI mqi; memset ( &mqi, 0, sizeof ( mqi ) ); mqi.pIID = &IID_IFsaRecallNotifyClient;
//
// Make the connection...
//
WsbAffirmHr ( CoCreateInstanceEx ( CLSID_CFsaRecallNotifyClient, 0, CLSCTX_NO_FAILURE_LOG | ( machineName ? CLSCTX_REMOTE_SERVER : CLSCTX_LOCAL_SERVER ), &csi, 1, &mqi ) ); WsbAffirmHr ( mqi.hr );
//
// We need to make sure we clean up correctly if any interface
// post-processing fails, so assign over to a smart pointer for
// the time being
//
CComPtr<IFsaRecallNotifyClient> pClientTemp = (IFsaRecallNotifyClient*)mqi.pItf; mqi.pItf->Release ( );
//
// Finally, we need to set the security on the procy to allow the
// anonymous connection. Values should be the same as above (COAUTHINFO)
// We need to make sure this is a remote machine first. Otherwise, we
// get an error of E_INVALIDARG.
//
if( machineName ) {
CComPtr<IClientSecurity> pSecurity; WsbAffirmHr( pClientTemp->QueryInterface( IID_IClientSecurity, (void**)&pSecurity ) );
WsbAffirmHr( pSecurity->SetBlanket ( pClientTemp, RPC_C_AUTHN_NONE, RPC_C_AUTHZ_NONE, 0, RPC_C_AUTHN_LEVEL_NONE, RPC_C_IMP_LEVEL_IDENTIFY, 0, 0 ) );
}
//
// Finally, assign over and AddRef the return.
//
*ppClient = pClientTemp; (*ppClient)->AddRef ( );
} WsbCatch ( hr );
return ( hr );}
HRESULTCFsaFilterClient::CheckRecallLimit( IN DWORD minRecallInterval, IN DWORD maxRecalls, IN BOOLEAN exemptAdmin )
/*++
Implements:
IWsbCollectable::CheckRecallLimit().
--*/{ HRESULT hr = S_OK; FILETIME now, last; LARGE_INTEGER tNow, tLast; ULONG rCount;
WsbTraceIn(OLESTR("CFsaFilterClient::CheckRecallLimit"), OLESTR("")); try { //
// Now check for runaway recall limits if the user is not
// an administrator
//
if ((!m_isAdmin) || (!exemptAdmin)) { //
// See if the time since the end of the last recall is
// less than m_minRecallInterval (in seconds) and if so,
// increment the count.
// If not, then reset the count (if we were not
// already triggered).
// If the count is equal to the max then set the trigger.
//
WsbTrace(OLESTR("CHsmFilter::IoctlThread: Not an administrator or admin is not exempt.\n")); GetSystemTimeAsFileTime(&now); tNow.LowPart = now.dwLowDateTime; tNow.HighPart = now.dwHighDateTime; GetLastRecallTime(&last); tLast.LowPart = last.dwLowDateTime; tLast.HighPart = last.dwHighDateTime; //
// Get the time (in 100 nano-second units)
// from the end of the last recall until now.
//
tNow.QuadPart -= tLast.QuadPart; //
// Convert to seconds and check against the interval time
//
tNow.QuadPart /= (LONGLONG) 10000000; if (tNow.QuadPart < (LONGLONG) minRecallInterval) { //
// This one counts - increment the count
// and check for a trigger.
//
GetRecallCount(&rCount); rCount++; SetRecallCount(rCount); WsbTrace(OLESTR("CHsmFilterClient::CheckRecallLimit: Recall count bumped to %ls.\n"), WsbLongAsString(rCount)); if (rCount >= maxRecalls) { //
// Hit the runaway recall limit. Set the
// limit flag.
//
WsbTrace(OLESTR("CHsmFilter::IoctlThread: Hit the runaway recall limit!!!.\n")); SetHitRecallLimit(TRUE); } } else { //
// Reset the count if they are not already triggered.
// If they are triggered then reset the trigger and
// limit if it has been a respectable time.
// TBD - What is a respectable time??
//
if (HitRecallLimit() != S_FALSE) { if (tNow.QuadPart > (LONGLONG) minRecallInterval * 100) { //
// A respectable time has passed - reset the trigger and count.
//
WsbTrace(OLESTR("CHsmFilterClient::CheckRecallLimit: Resetting recall limit trigger and count.\n")); SetHitRecallLimit(FALSE); SetRecallCount(0); m_loggedLimitError = FALSE; } } else { //
// This one did not count and they were not already triggered.
// Reset the count to zero.
//
WsbTrace(OLESTR("CHsmFilterClient::CheckRecallLimit: Resetting recall count.\n")); SetRecallCount(0); } } //
// Fail if the limit is hit.
//
WsbAffirm(HitRecallLimit() == S_FALSE, FSA_E_HIT_RECALL_LIMIT); }
} WsbCatch(hr);
// NOTE - IF RUNAWAY RECALL BEHAVIOR CHANGES TO TRUNCATE ON CLOSE, CHANGE
// FSA_MESSAGE_HIT_RECALL_LIMIT_ACCESSDENIED TO FSA_MESSAGE_HIT_RECALL_LIMIT_TRUNCATEONCLOSE.
if ( (hr == FSA_E_HIT_RECALL_LIMIT) && (!m_loggedLimitError)) { WsbLogEvent(FSA_MESSAGE_HIT_RECALL_LIMIT_ACCESSDENIED, 0, NULL, (WCHAR *) m_userName, NULL); m_loggedLimitError = TRUE; }
WsbTraceOut(OLESTR("CHsmFilterClient::CheckRecallLimit"), OLESTR("hr = <%ls>"), WsbHrAsString(hr));
return(hr);}
�HRESULTCFsaFilterClient::CompareBy( FSA_FILTERCLIENT_COMPARE by )
/*++
Implements:
IFsaFilterClient::CompareBy().
--*/{ HRESULT hr = S_OK;
m_compareBy = by; m_isDirty = TRUE;
return(hr);}
�HRESULTCFsaFilterClient::CompareTo( IN IUnknown* pUnknown, OUT SHORT* pResult )
/*++
Implements:
IWsbCollectable::CompareTo().
--*/{ HRESULT hr = S_OK; CComPtr<IFsaFilterClient> pClient;
WsbTraceIn(OLESTR("CFsaFilterClient::CompareTo"), OLESTR("")); try {
// Did they give us a valid item to compare to?
WsbAssert(0 != pUnknown, E_POINTER);
// We need the IWsbBool interface to get the value of the object.
WsbAffirmHr(pUnknown->QueryInterface(IID_IFsaFilterClient, (void**) &pClient));
// Compare the rules.
hr = CompareToIClient(pClient, pResult);
} WsbCatch(hr);
WsbTraceOut(OLESTR("CHsmFilterClient::CompareTo"), OLESTR("hr = <%ls>, result = <%ls>"), WsbHrAsString(hr), WsbPtrToShortAsString(pResult));
return(hr);}
�HRESULTCFsaFilterClient::CompareToAuthenticationId( IN LONG luidHigh, IN ULONG luidLow, OUT SHORT* pResult )
/*++
Implements:
IFsaFilterClient::CompareToAuthenticationId().
--*/{ HRESULT hr = S_OK; SHORT aResult;
WsbTraceIn(OLESTR("CFsaFilterClient::CompareToAuthenticationId"), OLESTR(""));
try {
if (m_luidHigh > luidHigh) { aResult = 1; } else if (m_luidHigh < luidHigh) { aResult = -1; } else if (m_luidLow > luidLow) { aResult = 1; } else if (m_luidLow < luidLow) { aResult = -1; } else { aResult = 0; }
if (0 != aResult) { hr = S_FALSE; }
if (0 != pResult) { *pResult = aResult; }
} WsbCatch(hr);
WsbTraceOut(OLESTR("CFsaFilterClient::CompareToAuthenticationId"), OLESTR("hr = <%ls>, result = <%d>"), WsbHrAsString(hr), aResult);
return(hr);}
�HRESULTCFsaFilterClient::CompareToIClient( IN IFsaFilterClient* pClient, OUT SHORT* pResult )
/*++
Implements:
IFsaFilterClient::CompareToIClient().
--*/{ HRESULT hr = S_OK; CWsbStringPtr name; LONG luidHigh; ULONG luidLow;
WsbTraceIn(OLESTR("CFsaFilterClient::CompareToIClient"), OLESTR(""));
try {
// Did they give us a valid item to compare to?
WsbAssert(0 != pClient, E_POINTER);
switch (m_compareBy) { case FSA_FILTERCLIENT_COMPARE_ID: WsbAffirmHr(pClient->GetAuthenticationId(&luidHigh, &luidLow)); hr = CompareToAuthenticationId(luidHigh, luidLow, pResult); break; case FSA_FILTERCLIENT_COMPARE_MACHINE: WsbAffirmHr(pClient->GetMachineName(&name, 0)); hr = CompareToMachineName(name, pResult); break; default: WsbAssert(FALSE, E_UNEXPECTED); }
} WsbCatch(hr);
WsbTraceOut(OLESTR("CFsaFilterClient::CompareToIClient"), OLESTR("hr = <%ls>, result = <%ls>"), WsbHrAsString(hr), WsbPtrToShortAsString(pResult));
return(hr);}
�HRESULTCFsaFilterClient::CompareToMachineName( IN OLECHAR* name, OUT SHORT* pResult )
/*++
Implements:
IFsaFilterClient::CompareToMachineName().
--*/{ HRESULT hr = S_OK; SHORT aResult;
WsbTraceIn(OLESTR("CFsaFilterClient::CompareToMachineName"), OLESTR(""));
try {
aResult = (SHORT)wcscmp(name, m_machineName); // TBD - Case sensitive or not?
if (0 != aResult) { hr = S_FALSE; } if (0 != pResult) { *pResult = aResult; }
} WsbCatch(hr);
WsbTraceOut(OLESTR("CFsaFilterClient::CompareToMachineName"), OLESTR("hr = <%ls>"), WsbHrAsString(hr));
return(hr);}
�HRESULTCFsaFilterClient::FinalConstruct( void )
/*++
Implements:
CComObjectRoot::FinalConstruct().
--*/{ HRESULT hr = S_OK; WsbTraceIn(OLESTR("CFsaFilterClient::FinalConstruct"),OLESTR("")); try {
WsbAffirmHr(CWsbCollectable::FinalConstruct());
m_compareBy = FSA_FILTERCLIENT_COMPARE_ID; m_luidHigh = 0; m_luidLow = 0; m_hasRecallDisabled = FALSE; m_hitRecallLimit = FALSE; m_lastRecallTime.dwLowDateTime = 0; m_lastRecallTime.dwHighDateTime = 0; m_identified = FALSE; m_tokenSource = L""; m_msgCounter = 1; m_identifyThread = NULL; m_isAdmin = FALSE; m_loggedLimitError = FALSE; m_recallCount = 0; } WsbCatch(hr);
iCountFtclt++; WsbTraceOut(OLESTR("CFsaFilterClient::FinalConstruct"),OLESTR("Count is <%d>"), iCountFtclt);
return(hr);}voidCFsaFilterClient::FinalRelease( void )
/*++
Implements:
CComObjectRoot::FinalRelease().
--*/{ WsbTraceIn(OLESTR("CFsaFilterClient::FinalRelease"),OLESTR(""));
if (NULL != m_identifyThread) { CloseHandle(m_identifyThread); m_identifyThread = NULL; }
CWsbCollectable::FinalRelease();
iCountFtclt--; WsbTraceOut(OLESTR("CFsaFilterClient::FinalRelease"),OLESTR("Count is <%d>"), iCountFtclt);}
�HRESULTCFsaFilterClient::GetClassID( OUT CLSID* pClsid )
/*++
Implements:
IPersist::GetClassID().
--*/{ HRESULT hr = S_OK;
WsbTraceIn(OLESTR("CFsaFilterClient::GetClassID"), OLESTR(""));
try {
WsbAssert(0 != pClsid, E_POINTER); *pClsid = CLSID_CFsaFilterClientNTFS;
} WsbCatch(hr);
WsbTraceOut(OLESTR("CFsaFilterClient::GetClassID"), OLESTR("hr = <%ls>, CLSID = <%ls>"), WsbHrAsString(hr), WsbGuidAsString(*pClsid));
return(hr);}
�HRESULTCFsaFilterClient::GetAuthenticationId( OUT LONG* pLuidHigh, OUT ULONG* pLuidLow )
/*++
Implements:
IFsaFilterClient::GetAuthenticationId().
--*/{ HRESULT hr = S_OK;
try {
WsbAssert(0 != pLuidHigh, E_POINTER); WsbAssert(0 != pLuidLow, E_POINTER);
*pLuidHigh = m_luidHigh; *pLuidLow = m_luidLow;
} WsbCatch(hr);
return(hr);}
�HRESULTCFsaFilterClient::GetDomainName( OUT OLECHAR** pName, IN ULONG bufferSize )
/*++
Implements:
IFsaFilterClient::GetDomainName().
--*/{ HRESULT hr = S_OK;
try {
WsbAssert(0 != pName, E_POINTER); WsbAffirmHr(m_domainName.CopyTo(pName, bufferSize));
} WsbCatch(hr);
return(hr);}
�HRESULTCFsaFilterClient::GetIsAdmin( OUT BOOLEAN *pIsAdmin )
/*++
Implements:
IPersist::GetIsAdmin().
--*/{ HRESULT hr = S_OK;
WsbTraceIn(OLESTR("CFsaFilterClient::GetIsAdmin"), OLESTR(""));
try {
WsbAssert(0 != pIsAdmin, E_POINTER); *pIsAdmin = m_isAdmin;
} WsbCatch(hr);
WsbTraceOut(OLESTR("CFsaFilterClient::GetIsAdmin"), OLESTR("hr = <%ls>, isAdmin = <%u>"), WsbHrAsString(hr), *pIsAdmin);
return(hr);}
�HRESULTCFsaFilterClient::GetLastRecallTime( OUT FILETIME* pTime )
/*++
Implements:
IFsaFilterClient::GetLastRecallTime().
--*/{ HRESULT hr = S_OK;
try {
WsbAssert(0 != pTime, E_POINTER); *pTime = m_lastRecallTime;
} WsbCatch(hr);
return(hr);}
�HRESULTCFsaFilterClient::GetMachineName( OUT OLECHAR** pName, IN ULONG bufferSize )
/*++
Implements:
IFsaFilterClient::GetMachineName().
--*/{ HRESULT hr = S_OK;
try {
WsbAssert(0 != pName, E_POINTER); WsbAffirmHr(m_machineName.CopyTo(pName, bufferSize));
} WsbCatch(hr);
return(hr);}
�HRESULTCFsaFilterClient::GetRecallCount( OUT ULONG* pCount )
/*++
Implements:
IFsaFilterClient::GetRecallCount().
--*/{ HRESULT hr = S_OK;
try {
WsbAssert(0 != pCount, E_POINTER); *pCount = m_recallCount;
} WsbCatch(hr);
return(hr);}
�HRESULTCFsaFilterClient::GetUserName( OUT OLECHAR** pName, IN ULONG bufferSize )
/*++
Implements:
IFsaFilterClient::GetUserName().
--*/{ HRESULT hr = S_OK;
try {
WsbAssert(0 != pName, E_POINTER); WsbAffirmHr(m_userName.CopyTo(pName, bufferSize));
} WsbCatch(hr);
return(hr);}
�HRESULTCFsaFilterClient::GetSizeMax( OUT ULARGE_INTEGER* pSize )
/*++
Implements:
IPersistStream::GetSizeMax().
--*/{ HRESULT hr = S_OK;
WsbTraceIn(OLESTR("CFsaFilterClient::GetSizeMax"), OLESTR(""));
try {
WsbAssert(0 != pSize, E_POINTER); pSize->QuadPart = 0;
// WE don't need to persist these.
hr = E_NOTIMPL;
} WsbCatch(hr);
WsbTraceOut(OLESTR("CFsaFilterClient::GetSizeMax"), OLESTR("hr = <%ls>, Size = <%ls>"), WsbHrAsString(hr), WsbPtrToUliAsString(pSize));
return(hr);}
�HRESULTCFsaFilterClient::HasRecallDisabled( void )
/*++
Implements:
IFsaFilterClient::HasRecallDisabled().
--*/{ HRESULT hr = S_OK;
WsbTraceIn(OLESTR("CFsaFilterClient::HasRecallDisabled"), OLESTR("")); if (!m_hasRecallDisabled) { hr = S_FALSE; }
WsbTraceOut(OLESTR("CHsmFilterClient::HasRecallDisabled"), OLESTR("hr = <%ls>"), WsbHrAsString(hr));
return(hr);}
�HRESULTCFsaFilterClient::HitRecallLimit( void )
/*++
Implements:
IFsaFilterClient::HitRecallLimit().
--*/{ HRESULT hr = S_OK;
WsbTraceIn(OLESTR("CFsaFilterClient::HitRecallLimit"), OLESTR("")); if (!m_hitRecallLimit) { hr = S_FALSE; }
WsbTraceOut(OLESTR("CHsmFilterClient::HitRecallLimit"), OLESTR("hr = <%ls>"), WsbHrAsString(hr));
return(hr);}
�HRESULTCFsaFilterClient::IdentifyThread( void )
/*++
Implements:
CFsaFilterClient::IdentifyThread().
Notes: Unlike recall start/stop messages that were moved to RsLnk.exe (bugs 570471, 571109), the identification is still being done from RsServ for the following reasons: 1) There is only one IdentifyThread - moving this thread to RsLnk solves nothing 2) The notification process actally needs to know whether an identification is taking place, so it could delay the notification (wait for the thread to be done).
--*/{#define WSB_BUFF_SIZE 1024
HRESULT hr = S_OK; BOOL done, guestUser, noUser; DWORD res, totalEnt, numEnt; UCHAR *buff = NULL; NET_API_STATUS status; SESSION_INFO_1 *sess; CWsbStringPtr pipePath; ULONG holdOff = 0;#ifdef MAC_SUPPORT
LPBYTE macBuff = NULL; PAFP_SESSION_INFO macInfo; AFP_SERVER_HANDLE macHandle = 0; DWORD macResume = 0; DWORD macTotalEntries, macTotalRead; DWORD result;#endif
WsbTraceIn(OLESTR("CFsaFilterClient::IdentifyThread"), OLESTR(""));
try { WsbTrace(OLESTR("CFsaFilterClient::IdentifyThread Flag: %x Client ID: %x:%x Source: %ls\n"), m_identified, m_luidHigh, m_luidLow, (WCHAR *) m_tokenSource);
//
// If already identified then we bail out here.
//
WsbAffirm(m_identified == FALSE, S_OK);
done = FALSE; res = 0; noUser = FALSE; if (_wcsicmp(m_userName, L"GUEST") == 0) { /* It is the guest user - find all sessions and
send to ones marked guest */ guestUser = TRUE; } else { guestUser = FALSE; if (wcslen(m_userName) == 0) { noUser = TRUE; } }
CComPtr<IFsaRecallNotifyClient> pRecallClient;
WsbAffirmHr(WsbGetComputerName( pipePath ));
WsbAffirmHr(pipePath.Prepend("\\\\")); WsbAffirmHr(pipePath.Append("\\pipe\\")); WsbAffirmHr(pipePath.Append(WSB_PIPE_NAME));
while ( done == FALSE ) {
if ( (guestUser == FALSE) && (noUser == FALSE) ) {
// If NetSessionEnum fails, try calling again for all users
status = NetSessionEnum(NULL, NULL, m_userName, 1, &buff, WSB_BUFF_SIZE, &numEnt, &totalEnt, &res);
if (status != 0) { status = NetSessionEnum(NULL, NULL, NULL, 1, &buff, WSB_BUFF_SIZE, &numEnt, &totalEnt, &res); } } else { status = NetSessionEnum( NULL, NULL, NULL, 1, &buff, WSB_BUFF_SIZE, &numEnt, &totalEnt, &res ); }
if ((status == NERR_Success) || (status == ERROR_MORE_DATA)) {
WsbTrace(OLESTR("CHsmFilterClient::IdentifyThread: NetSessionEnum output: Total entries=%ls , Read entries=%ls \n"), WsbLongAsString(totalEnt), WsbLongAsString(numEnt));
if (status != ERROR_MORE_DATA) { done = TRUE; }
sess = (SESSION_INFO_1 *) buff;
while ( numEnt != 0 ) { //
// If the request was made from the user GUEST then
// we enumerate all sessions and send the
// identification request to all the machines with
// sessions marked as GUEST. This is because the
// session may have some other user name but the
// request could still have GUEST access.
//
if (((guestUser) && (sess->sesi1_user_flags & SESS_GUEST)) || (!guestUser)) {
//
// Send the identify request message
//
WsbTrace(OLESTR("CFsaFilterClient::IdentifyThread - Sending identify request to %ls (local machine = %ls)\n"), sess->sesi1_cname, (WCHAR *) pipePath);
hr = GetNotifyClientInterface ( sess->sesi1_cname, &pRecallClient ); if ( SUCCEEDED ( hr ) ) {
hr = pRecallClient->IdentifyWithServer( pipePath ); if (hr != S_OK) { WsbTrace(OLESTR("CFsaFilterClient::IdentifyThread - error Identifing (%ls)\n"), WsbHrAsString(hr)); } } else { WsbTrace(OLESTR("CFsaFilterClient::IdentifyThread - error getting notify client interface hr = %ls (%x)\n"), WsbHrAsString( hr ), hr); } hr = S_OK; pRecallClient.Release ( ); }
sess++; numEnt--; }
NetApiBufferFree(buff); buff = NULL; } else { done = TRUE; } } #ifdef MAC_SUPPORT
//
// Done with LAN manager scan, now do a MAC scan.
//
if ( (FsaMacSupportInstalled) && ((pAfpAdminConnect)(NULL, &macHandle) == NO_ERROR) ) { //
// We have connected to the MAC service - do a session enumeration
//
macResume = 0; done = FALSE; while (done == FALSE) { result = (pAfpAdminSessionEnum)(macHandle, &macBuff, -1, &macTotalRead, &macTotalEntries, &macResume);
if ((result == NO_ERROR) || (result == ERROR_MORE_DATA)) { //
// Read some entries - send the message to each one
//
if (macTotalRead == macTotalEntries) { done = TRUE; }
macInfo = (PAFP_SESSION_INFO) macBuff; while ( macTotalRead != 0 ) { //
// Send to each matching user
//
if ( ( NULL != macInfo->afpsess_ws_name ) && ( _wcsicmp(m_userName, macInfo->afpsess_username ) == 0 ) ) {
WsbTrace(OLESTR("CHsmFilterClient::IdentifyThread: Send Identify to MAC %ls.\n"), macInfo->afpsess_ws_name);
//
// Send the identify request message
//
hr = GetNotifyClientInterface ( sess->sesi1_cname, &pRecallClient ); if ( SUCCEEDED ( hr ) ) { pRecallClient->IdentifyWithServer ( pipePath ); }
hr = S_OK; pRecallClient.Release ( ); } macInfo++; macTotalRead--; }
(pAfpAdminBufferFree)(macBuff); macBuff = NULL; } else { done = TRUE; } (pAfpAdminDisconnect)(macHandle); macHandle = 0; } }#endif
} WsbCatch(hr);
if (buff != NULL) { NetApiBufferFree(buff); }
#ifdef MAC_SUPPORT
if (FsaMacSupportInstalled) { if (macBuff != NULL) { (pAfpAdminBufferFree)(macBuff); } if (macHandle != 0) { (pAfpAdminDisconnect)(macHandle); } }#endif
WsbTraceOut(OLESTR("CFsaFilterClient::IdentifyThread"), OLESTR("hr = %ls"), WsbHrAsString(hr)); return(hr);}
�HRESULTCFsaFilterClient::Load( IN IStream* pStream )
/*++
Implements:
IPersistStream::Load().
--*/{ HRESULT hr = S_OK;
WsbTraceIn(OLESTR("CFsaFilterClient::Load"), OLESTR(""));
try { WsbAssert(0 != pStream, E_POINTER); // No persistence.
hr = E_NOTIMPL;
} WsbCatch(hr);
WsbTraceOut(OLESTR("CFsaFilterClient::Load"), OLESTR("hr = <%ls>"), WsbHrAsString(hr));
return(hr);}
�HRESULTCFsaFilterClient::Save( IN IStream* pStream, IN BOOL clearDirty )
/*++
Implements:
IPersistStream::Save().
--*/{ HRESULT hr = S_OK; CComPtr<IPersistStream> pPersistStream;
WsbTraceIn(OLESTR("CFsaFilterClient::Save"), OLESTR("clearDirty = <%ls>"), WsbBoolAsString(clearDirty)); try { WsbAssert(0 != pStream, E_POINTER); // No persistence.
hr = E_NOTIMPL;
// If we got it saved and we were asked to clear the dirty bit, then
// do so now.
if (clearDirty) { m_isDirty = FALSE; }
} WsbCatch(hr);
WsbTraceOut(OLESTR("CFsaFilterClient::Save"), OLESTR("hr = <%ls>"), WsbHrAsString(hr));
return(hr);}
�HRESULTCFsaFilterClient::SendRecallInfo( IFsaFilterRecall *pRecall, BOOL starting, HRESULT rHr )
/*++
Implements:
CFsaFilterClient::SendRecallInfo
--*/{ HRESULT hr = E_FAIL;
WsbTraceIn(OLESTR("CFsaFilterClient::SendRecallInfo"), OLESTR(""));
if( ! m_identified && ( m_identifyThread != NULL ) ) {
//
// Wait for up to 10 seconds for identify thread to complete if
// Client not yet identified
// Note that after fix to 570399, once the thread is created, the handle will only be valid
// (till the object is destructed), only that if the thread is not running, the handle would
// be signaled and the wait will finish immediately
//
WaitForSingleObject( m_identifyThread, 10000 ); }
//
// Let the client know that the recall is starting or is finished
//
if ( m_identified ) { try { WsbTrace(OLESTR("CFsaFilterClient::SendRecallInfo - Client (%ls) is being notified of recall status (starting = %u hr = %x).\n"), (WCHAR *) m_machineName, starting, rHr); //
// Create intermediate server object which will be the client's
// connection back to the service. This object acts as a middle
// man to overcome the admin-only access into the FSA service.
//
CComPtr<IFsaRecallNotifyServer> pRecallServer; WsbAffirmHr(CoCreateInstance(CLSID_CFsaRecallNotifyServer, 0, CLSCTX_NO_FAILURE_LOG | CLSCTX_ALL, IID_IFsaRecallNotifyServer, (void**)&pRecallServer)); WsbAffirmHr(pRecallServer->Init(pRecall));
//
// Use same object (different interface) to send the notifications
// (bugs 570471, 571109)
//
CComPtr<IFsaRecallNotifySend> pRecallNotify; WsbAffirmHr(pRecallServer->QueryInterface(IID_IFsaRecallNotifySend, (void**)&pRecallNotify)); CComPtr<IFsaRecallNotifyClient> pRecallClient; hr = pRecallNotify->SendNotification(m_machineName, starting, rHr); if (hr != S_OK) { WsbTrace(OLESTR("CFsaFilterClient::SendRecallInfo - failed in SendNotification (%ls)\n"), WsbHrAsString(hr)); }
} WsbCatch(hr); }
WsbTraceOut(OLESTR("CFsaFilterClient::SendRecallInfo"), OLESTR("hr = %ls"), WsbHrAsString(hr)); return(hr);}
�HRESULTCFsaFilterClient::SetAuthenticationId( IN LONG luidHigh, IN ULONG luidLow )
/*++
Implements:
IFsaFilterClient::SetAuthenticationId().
--*/{ m_luidHigh = luidHigh; m_luidLow = luidLow;
return(S_OK);}
�HRESULTCFsaFilterClient::SetDomainName( IN OLECHAR* name )
/*++
Implements:
IFsaFilterClient::SetDomainName().
--*/{ HRESULT hr = S_OK;
try {
m_domainName = name; WsbAssert(m_domainName != 0, E_UNEXPECTED);
} WsbCatch(hr);
return(hr);}
�HRESULTCFsaFilterClient::SetIsAdmin( IN BOOLEAN isAdmin )
/*++
Implements:
IFsaFilterClient::SetIsAdmin().
--*/{ m_isAdmin = isAdmin;
return(S_OK);}
�HRESULTCFsaFilterClient::SetLastRecallTime( IN FILETIME time )
/*++
Implements:
IFsaFilterClient::SetLastRecallTime().
--*/{ m_lastRecallTime = time;
return(S_OK);}
�HRESULTCFsaFilterClient::SetMachineName( IN OLECHAR* name )
/*++
Implements:
IFsaFilterClient::SetMachineName().
--*/{ HRESULT hr = S_OK;
try { WsbAssert(name != 0, E_UNEXPECTED);
m_machineName = name; m_identified = TRUE;
WsbTrace(OLESTR("CFsaFilterClient::SetMachineName Flag: %x Client ID: %x:%x Source: %ls == %ls\n"), m_identified, m_luidLow, m_luidHigh, (WCHAR *) m_tokenSource, (WCHAR *) m_machineName);
} WsbCatch(hr);
return(hr);}
�HRESULTCFsaFilterClient::SetRecallCount( IN ULONG count )
/*++
Implements:
IFsaFilterClient::SetRecallCount().
--*/{ m_recallCount = count;
return(S_OK);}
�HRESULTCFsaFilterClient::SetUserName( IN OLECHAR* name )
/*++
Implements:
IFsaFilterClient::SetUserName().
--*/{ HRESULT hr = S_OK;
try {
m_userName = _wcsupr(name); WsbAssert(m_userName != 0, E_UNEXPECTED);
} WsbCatch(hr);
return(hr);}
�HRESULTCFsaFilterClient::SetHasRecallDisabled( IN BOOL hasBeen )
/*++
Implements:
IFsaFilterClient::SetHasRecallDisabled().
--*/{ m_hasRecallDisabled = hasBeen;
return(S_OK);}
�HRESULTCFsaFilterClient::SetHitRecallLimit( IN BOOL hasBeen )
/*++
Implements:
IFsaFilterClient::SetHitRecallLimit().
--*/{ m_hitRecallLimit = hasBeen;
return(S_OK);}
�HRESULTCFsaFilterClient::SetTokenSource( IN CHAR *source )
/*++
Implements:
IFsaFilterClient::SetTokenSource()
--*/{ OLECHAR tSource[TOKEN_SOURCE_LENGTH + 1]; memset (tSource, 0, sizeof (tSource));
if (-1 == mbstowcs((WCHAR *) tSource, source, TOKEN_SOURCE_LENGTH)) { return E_INVALIDARG; }
m_tokenSource = tSource; return(S_OK);}
�HRESULTCFsaFilterClient::StartIdentify( void )
/*++
Implements:
CFsaFilterClient::StartIdentify().
--*/{#define WSB_BUFF_SIZE 1024
HRESULT hr = S_OK; DWORD tid;
WsbTraceIn(OLESTR("CFsaFilterClient::StartIdentify"), OLESTR(""));
try { WsbTrace(OLESTR("CFsaFilterClient::StartIdentify Flag: %x Client ID: %x:%x Source: %ls\n"), m_identified, m_luidHigh, m_luidLow, (WCHAR *) m_tokenSource);
//
// If already identified then we bail out here.
//
WsbAffirm(m_identified == FALSE, S_OK); //
// If the request is from User32 then it is local
//
if (_wcsicmp(m_tokenSource, L"User32") == 0) {
//
// Identified as the local machine.
// Set the name and bail out with S_OK
//
WsbAffirmHr(WsbGetComputerName( m_machineName )); m_identified = TRUE;
WsbTrace(OLESTR("CHsmFilterClient::StartIdentify: Identified as %ls.\n"), (WCHAR *) m_machineName);
WsbThrow( S_OK ); } else { //
// This code assumes that only one thread (IoctlThread) can execute
// (otherwise, it should be protected by a CS)
//
// Start the identification thread (if one is not running yet)
//
DWORD dwWaitStatus = 0; if ( (NULL == m_identifyThread) || ((dwWaitStatus = WaitForSingleObject(m_identifyThread, 0)) == WAIT_OBJECT_0) ) { // Thread is not running
WsbTrace(OLESTR("CHsmFilterClient::StartIdentify: Starting ID thread.\n")); HANDLE hTempThread = NULL;
WsbAffirm((hTempThread = CreateThread(0, 0, FsaIdentifyThread, (void*) this, 0, &tid)) != 0, HRESULT_FROM_WIN32(GetLastError())); if (hTempThread == NULL) { WsbAssertHr(E_FAIL); }
HANDLE hPrevThread = (HANDLE)InterlockedExchangePointer(&(void *)m_identifyThread, (void *)hTempThread); if (hPrevThread != NULL) { CloseHandle(hPrevThread); }
} else { WsbTrace(OLESTR("CFsaFilterClient::StartIdentify: thread is null or waut failed. thread=%p wait=%lu err=%lu\n"), (void *)m_identifyThread, dwWaitStatus, GetLastError()); } }
} WsbCatch(hr);
WsbTraceOut(OLESTR("CFsaFilterClient::StartIdentify"), OLESTR("hr = %ls"), WsbHrAsString(hr));
return(hr);}
�HRESULTCFsaFilterClient::Test( USHORT* passed, USHORT* failed )
/*++
Implements:
IWsbTestable::Test().
--*/{ HRESULT hr = S_OK;
try {
WsbAssert(0 != passed, E_POINTER); WsbAssert(0 != failed, E_POINTER);
*passed = 0; *failed = 0;
} WsbCatch(hr);
return(hr);}
|
