archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 7b07a90fc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7b07a90fc1'
${ noResults }
windows-server-2003/ds/security/azroles/accessck.cxx

435 lines
11 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (c) 2001 Microsoft Corporation
  5. Module Name:
  7. accessck.cxx
  9. Abstract:
  11. CAzBizRuleContext class implementation
  13. Author:
  15. ObjectFame sample code taken from http://support.microsoft.com/support/kb/articles/Q183/6/98.ASP
  16. Cliff Van Dyke (cliffv) 19-July-2001
  18. -- */
  20. #include "pch.hxx"
  22. /////////////////////////
  23. //CAzBizRuleContext
  24. /////////////////////////
  25. //Constructor
  26. CAzBizRuleContext::CAzBizRuleContext()
  27. {
  28. AzPrint((AZD_SCRIPT_MORE, "CAzBizRuleContext\n"));
  29. m_typeInfo = NULL;
  30. m_AcContext = NULL;
  31. // m_theConnection = NULL;
  33. //
  34. // Set the default return values for this access check
  35. //
  36. m_BizRuleResult = NULL;
  37. m_ScriptError = NULL;
  38. m_bCaseSensitive = TRUE;
  40. }
  42. //Destructor
  43. CAzBizRuleContext::~CAzBizRuleContext()
  44. {
  45. if (m_typeInfo != NULL) {
  46. m_typeInfo->Release();
  47. m_typeInfo = NULL;
  48. }
  50. ASSERT( m_AcContext == NULL );
  51. ASSERT( m_BizRuleResult == NULL );
  52. ASSERT( m_ScriptError == NULL );
  54. AzPrint((AZD_SCRIPT_MORE, "~CAzBizRuleContext\n"));
  55. }
  57. //
  58. // Methods to set/get the boolean result of the business rule
  59. //
  61. HRESULT
  62. CAzBizRuleContext::put_BusinessRuleResult(
  63. IN BOOL bResult
  64. )
  65. /*++
  67. Routine Description:
  69. The script calls the SetBusinessRuleResult method to indicate whether the business rule
  70. has decided to grant permission to the user to perform the requested task.
  72. If the script never calls this method, permission is not granted.
  74. On entry, AcContext->ClientContext.CritSect must be locked.
  76. Arguments:
  78. BizRuleResult -- Specifies whether permission is granted. If TRUE, permission is granted.
  79. If FALSE, permission is not granted.
  81. Return Value:
  83. None
  85. --*/
  86. {
  87. AzPrint((AZD_SCRIPT, "CAzBizRuleContext::put_BusinessRuleResult: %ld\n", bResult));
  89. //
  90. // This really can't happen, but ...
  91. //
  92. if ( m_BizRuleResult == NULL || m_AcContext == NULL || m_ScriptError == NULL ) {
  93. ASSERT( FALSE );
  94. return E_FAIL;
  95. }
  96. ASSERT( AzpIsCritsectLocked( &m_AcContext->ClientContext->CritSect ) );
  98. //
  99. // Set the result
  100. //
  102. *m_BizRuleResult = bResult;
  103. return S_OK;
  104. }
  106. HRESULT
  107. CAzBizRuleContext::put_BusinessRuleString(
  108. IN BSTR bstrBusinessRuleString
  109. )
  110. /*++
  112. Routine Description:
  114. The script calls the put_BusinessRuleString method to store a string to be returned
  115. from access check.
  117. If the no script ever calls this method, a zero length string is returned from access check.
  119. On entry, AcContext->ClientContext.CritSect must be locked.
  121. Arguments:
  123. bstrBusinessRuleString -- The string to store
  125. Return Value:
  127. None
  129. --*/
  130. {
  131. HRESULT hr;
  132. DWORD WinStatus;
  134. AZP_STRING CapturedString;
  136. //
  137. // Initialization
  138. //
  139. AzPrint((AZD_SCRIPT, "CAzBizRuleContext::put_BusinessRuleString: %ws\n", bstrBusinessRuleString ));
  140. AzpInitString( &CapturedString, NULL );
  142. //
  143. // This really can't happen, but ...
  144. //
  145. if ( m_BizRuleResult == NULL || m_AcContext == NULL || m_ScriptError == NULL ) {
  146. ASSERT( FALSE );
  147. hr = E_FAIL;
  148. goto Cleanup;
  149. }
  150. ASSERT( AzpIsCritsectLocked( &m_AcContext->ClientContext->CritSect ) );
  152. //
  153. // Capture the input string
  154. //
  156. WinStatus = AzpCaptureString( &CapturedString,
  157. bstrBusinessRuleString,
  158. AZ_MAX_BIZRULE_STRING,
  159. TRUE ); // NULL is OK
  161. if ( WinStatus != NO_ERROR ) {
  162. hr = E_OUTOFMEMORY;
  163. goto Cleanup;
  164. }
  166. //
  167. // Swap the old/new names
  168. //
  170. AzpSwapStrings( &CapturedString, &m_AcContext->BusinessRuleString );
  171. hr = S_OK;
  173. Cleanup:
  174. AzpFreeString( &CapturedString );
  175. return hr;
  176. }
  178. HRESULT
  179. CAzBizRuleContext::get_BusinessRuleString(
  180. OUT BSTR *pbstrBusinessRuleString)
  181. /*++
  183. Routine Description:
  185. The script calls the get_BusinessRuleString method to get a copy of the string to be returned
  186. from access check.
  188. If the no script ever calls this method, a zero length string is returned from access check.
  190. On entry, AcContext->ClientContext.CritSect must be locked.
  192. Arguments:
  194. bstrBusinessRuleString -- A pointer to the string to return
  196. Return Value:
  198. None
  200. --*/
  201. {
  202. LPWSTR TempString;
  203. AzPrint((AZD_SCRIPT, "CAzBizRuleContext::get_BusinessRuleString: %ws\n", m_AcContext->BusinessRuleString.String ));
  205. //
  206. // This really can't happen, but ...
  207. //
  208. if ( m_BizRuleResult == NULL || m_AcContext == NULL || m_ScriptError == NULL ) {
  209. ASSERT( FALSE );
  210. return E_FAIL;
  211. }
  212. ASSERT( AzpIsCritsectLocked( &m_AcContext->ClientContext->CritSect ) );
  214. //
  215. // Set the result
  216. //
  218. if ( m_AcContext->BusinessRuleString.String == NULL ) {
  219. TempString = NULL;
  220. } else {
  221. TempString = SysAllocString( m_AcContext->BusinessRuleString.String );
  223. if ( TempString == NULL ) {
  224. return E_OUTOFMEMORY;
  225. }
  226. }
  228. //
  229. // Return it to the caller
  230. //
  232. *pbstrBusinessRuleString = TempString;
  233. return S_OK;
  234. }
  236. HRESULT
  237. CAzBizRuleContext::GetParameter(
  238. IN BSTR bstrParameterName,
  239. OUT VARIANT *pvarParameterValue )
  240. {
  241. /*++
  243. Routine Description:
  245. The script calls the GetParameter method to get the parameters
  246. passed into IAzClientContext::AccessCheck in Parameters
  248. On entry, AcContext->ClientContext.CritSect must be locked.
  251. Arguments:
  253. bstrParameterName - Specifies the parameter to get. This name must match the name
  254. in one of the elements specified in the ParameterNames array passed to AccessCheck.
  256. pvarParameterValue - Returns a variant containing the corresponding element in the
  257. ParameterValues array passed to AccessCheck.
  259. Return Value:
  261. S_OK: pvarParameterValue was returned successfully
  262. E_INVALIDARG: bstrParameterName did not correspond to a passed in parameter
  264. --*/
  265. HRESULT hr;
  266. VARIANT Name;
  267. VARIANT *ParameterNameInArray;
  268. ULONG ArrayIndex;
  270. AzPrint((AZD_SCRIPT, "CAzBizRuleContext::GetParameter: %ls\n", bstrParameterName ));
  272. //
  273. // This really can't happen, but ...
  274. //
  275. if ( m_BizRuleResult == NULL || m_AcContext == NULL || m_ScriptError == NULL ) {
  276. ASSERT( FALSE );
  277. return E_FAIL;
  278. }
  279. ASSERT( AzpIsCritsectLocked( &m_AcContext->ClientContext->CritSect ) );
  281. //
  282. // Convert name to an easier form to compare
  283. //
  285. VariantInit( &Name );
  286. V_VT(&Name) = VT_BSTR;
  287. V_BSTR(&Name) = bstrParameterName;
  290. //
  291. // We didn't capture the array
  292. // So access it under a try/except
  293. __try {
  296. //
  297. // Do a binary search to find the parameter
  298. //
  300. if (m_bCaseSensitive)
  301. {
  302. ParameterNameInArray = (VARIANT *) bsearch(
  303. &Name,
  304. m_AcContext->ParameterNames,
  305. m_AcContext->ParameterCount,
  306. sizeof(VARIANT),
  307. AzpCompareParameterNames );
  308. }
  309. else
  310. {
  311. ParameterNameInArray = (VARIANT *) bsearch(
  312. &Name,
  313. m_AcContext->ParameterNames,
  314. m_AcContext->ParameterCount,
  315. sizeof(VARIANT),
  316. AzpCaseInsensitiveCompareParameterNames );
  317. }
  319. if ( ParameterNameInArray == NULL ) {
  320. AzPrint((AZD_INVPARM, "CAzBizRuleContext::GetParameter: %ls: Parameter not passed in.\n", bstrParameterName ));
  321. hr = E_INVALIDARG;
  322. goto Cleanup;
  323. }
  325. //
  326. // Return the parameter to the caller
  327. //
  329. ArrayIndex = (ULONG)(ParameterNameInArray - m_AcContext->ParameterNames);
  330. hr = VariantCopy( pvarParameterValue, &m_AcContext->ParameterValues[ArrayIndex] );
  332. if ( FAILED(hr)) {
  333. goto Cleanup;
  334. }
  336. //
  337. // Mark that we've used this parameter
  338. //
  340. if ( !m_AcContext->UsedParameters[ArrayIndex] ) {
  341. m_AcContext->UsedParameters[ArrayIndex] = TRUE;
  342. m_AcContext->UsedParameterCount ++;
  343. }
  345. hr = S_OK;
  347. Cleanup:;
  348. } __except( EXCEPTION_EXECUTE_HANDLER ) {
  350. hr = GetExceptionCode();
  351. AzPrint((AZD_CRITICAL, "GetParameter took an exception: 0x%lx\n", hr));
  352. }
  354. if ( FAILED(hr)) {
  355. *m_ScriptError = hr;
  356. }
  358. return hr;
  359. }
  362. VOID
  363. SetAccessCheckContext(
  364. IN OUT CAzBizRuleContext* BizRuleContext,
  365. IN BOOL bCaseSensitive,
  366. IN PACCESS_CHECK_CONTEXT AcContext,
  367. IN PBOOL BizRuleResult,
  368. IN HRESULT *ScriptError
  369. )
  370. /*++
  372. Routine Description:
  374. The routine tells this object about the current access check context that is running.
  375. The context is used to satisfy queries from the script about the access check being performed.
  377. On entry, AcContext->ClientContext.CritSect must be locked.
  379. Arguments:
  381. BizRuleContext - Pointer to the instance of IAzBizRuleContext to update.
  383. bCaseSensitive - Specify whether the the script is case-sensitive or not.
  385. AcContext - Specifies the context of the accesscheck operation the bizrule is being evaluated for
  386. NULL - sets the AccessCheck object back to an initialized state.
  388. BizRuleResult - Result of the bizrule
  389. NULL - sets the AccessCheck object back to an initialized state.
  391. ScriptError - Status of the script.
  392. Any error generated by the script should be returned here.
  393. NULL - sets the AccessCheck object back to an initialized state.
  395. Return Value:
  397. None
  399. Note:
  400. 1. This function modifies the state of the BizRuleContext object. And the modification
  401. is not protected. The reason this works, and future implementation must keep this
  402. in mind, is that we execute biz rules one after another sequentially. When that
  403. needs to be changed, then the whole biz rule context object needs to be re-written.
  405. 2. This function should really be a member function of CAzBizRuleContext instead of
  406. a friend function. Need to change that in V2.
  408. --*/
  409. {
  411. //
  412. // Initialization
  413. //
  415. AzPrint(( AZD_SCRIPT_MORE, "CAzBizRuleContext::SetAccessCheckContext\n"));
  417. if ( AcContext != NULL ) {
  418. ASSERT( AzpIsCritsectLocked( &AcContext->ClientContext->CritSect ) );
  419. }
  421. //
  422. // Save the pointer to the context
  423. //
  425. ASSERT( BizRuleContext != NULL );
  426. ASSERT( BizRuleContext->m_AcContext == NULL || AcContext == NULL );
  427. ASSERT( BizRuleContext->m_BizRuleResult == NULL || BizRuleResult == NULL );
  428. ASSERT( BizRuleContext->m_ScriptError == NULL || ScriptError == NULL );
  430. BizRuleContext->m_AcContext = AcContext;
  431. BizRuleContext->m_BizRuleResult = BizRuleResult;
  432. BizRuleContext->m_ScriptError = ScriptError;
  433. BizRuleContext->m_bCaseSensitive = bCaseSensitive;
  435. }