archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 7b07a90fc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7b07a90fc1'
${ noResults }
windows-server-2003/inetsrv/iis/iisrearc/iisplus/urlauth/urlauth.cxx

900 lines
24 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (c) 2000 Microsoft Corporation
  5. Module Name:
  7. urlauth.cxx
  9. Abstract:
  11. Implements an ISAPI * scriptmap which handles authorization by calling
  12. into the NT AuthZ framework.
  14. Author:
  16. Bilal Alam (balam) Nov 26, 2001
  18. --*/
  20. #include "precomp.hxx"
  22. DECLARE_DEBUG_PRINTS_OBJECT();
  23. DECLARE_DEBUG_VARIABLE();
  25. // local function declarations
  26. HRESULT
  27. GetTokenForExecution(
  28. EXTENSION_CONTROL_BLOCK *pecb,
  29. HANDLE * phToken
  30. );
  32. // global data
  33. ADMIN_MANAGER_CACHE * g_pAdminManagerCache;
  35. VOID
  36. WINAPI
  37. UrlAuthCompletion(
  38. EXTENSION_CONTROL_BLOCK * pecb,
  39. PVOID pvContext,
  40. DWORD,
  41. DWORD
  42. )
  43. /*++
  45. Routine Description:
  47. Routine to be called whenever ISAPI async stuff completes
  49. Arguments:
  51. pecb - EXTENSION_CONTROL_BLOCK *
  52. pContext - Unused
  53. cbIo - Unused
  54. dwError - Unused
  56. Return Value:
  58. None
  60. --*/
  61. {
  62. if ( pvContext )
  63. {
  64. DBG_REQUIRE( CloseHandle( pvContext ) );
  65. pvContext = NULL;
  66. }
  68. pecb->ServerSupportFunction( pecb->ConnID,
  69. HSE_REQ_DONE_WITH_SESSION,
  70. NULL,
  71. NULL,
  72. NULL );
  73. }
  75. DWORD
  76. WINAPI
  77. HttpExtensionProc(
  78. EXTENSION_CONTROL_BLOCK * pecb
  79. )
  80. /*++
  82. Routine Description:
  84. Main entry point for ISAPI
  86. Arguments:
  88. pecb - EXTENSION_CONTROL_BLOCK *
  90. Return Value:
  92. HSE_STATUS_*
  94. --*/
  95. {
  96. BOOL fRet;
  97. STACK_BUFFER( buff, 512 );
  98. DWORD cbBuffer;
  99. BOOL fAccessGranted = FALSE;
  100. BOOL fFatalError = FALSE;
  101. WCHAR * pszAdminStore;
  102. ADMIN_MANAGER * pAdminManager = NULL;
  103. AZ_APPLICATION * pApplication = NULL;
  104. WCHAR * pszScopeName;
  105. HRESULT hr = NO_ERROR;
  106. METADATA_RECORD * pRecord;
  107. HANDLE hImpersonationToken = NULL;
  108. HSE_CUSTOM_ERROR_INFO CustomErrorInfo = { "500 Server Error", 0, TRUE };
  110. //
  111. // First determine whether URL authorization is even enabled for this
  112. // URL
  113. //
  115. cbBuffer = buff.QuerySize();
  117. fRet = pecb->ServerSupportFunction( pecb,
  118. HSE_REQ_GET_METADATA_PROPERTY,
  119. buff.QueryPtr(),
  120. &cbBuffer,
  121. (LPDWORD) MD_ENABLE_URL_AUTHORIZATION );
  122. if ( !fRet )
  123. {
  124. if ( GetLastError() == ERROR_INVALID_INDEX )
  125. {
  126. // the common case is to fail with ERROR_INVALID_INDEX == access granted by no present metadata
  127. // if the above call failed with someting like OUTOFMEMORY or INVALIDPARAMETER do not allow access.
  128. fAccessGranted = TRUE;
  129. }
  130. else
  131. {
  132. fFatalError = TRUE;
  133. hr = HRESULT_FROM_WIN32( GetLastError() );
  134. }
  136. goto AccessCheckComplete;
  137. }
  139. //
  140. // Check the property now. If invalid type or if 0, then we're done
  141. //
  143. pRecord = (METADATA_RECORD*) buff.QueryPtr();
  144. if ( pRecord->dwMDDataType != DWORD_METADATA ||
  145. *((DWORD*)pRecord->pbMDData) == 0 )
  146. {
  147. fAccessGranted = TRUE;
  148. goto AccessCheckComplete;
  149. }
  151. //
  152. // If we're still a go, then retrieve the store name from the metabase.
  153. // This is our key into the AdminManager cache we maintain
  154. //
  156. cbBuffer = buff.QuerySize();
  158. fRet = pecb->ServerSupportFunction( pecb,
  159. HSE_REQ_GET_METADATA_PROPERTY,
  160. buff.QueryPtr(),
  161. &cbBuffer,
  162. (LPDWORD) MD_URL_AUTHORIZATION_STORE_NAME );
  163. if ( !fRet )
  164. {
  165. //
  166. // The only acceptable error is insufficient buffer. Otherwise, we
  167. // don't have a store name and we're sunk
  168. //
  170. if ( GetLastError() != ERROR_INSUFFICIENT_BUFFER )
  171. {
  172. CustomErrorInfo.pszStatus = "500 Server Error";
  173. CustomErrorInfo.uHttpSubError = 17;
  174. CustomErrorInfo.fAsync = TRUE;
  176. goto AccessCheckComplete;
  177. }
  179. DBG_ASSERT( cbBuffer > buff.QuerySize() );
  181. if ( !buff.Resize( cbBuffer ) )
  182. {
  183. fFatalError = TRUE;
  184. hr = HRESULT_FROM_WIN32( GetLastError() );
  185. goto AccessCheckComplete;
  186. }
  188. cbBuffer = buff.QuerySize();
  190. fRet = pecb->ServerSupportFunction( pecb,
  191. HSE_REQ_GET_METADATA_PROPERTY,
  192. buff.QueryPtr(),
  193. &cbBuffer,
  194. (LPDWORD) MD_URL_AUTHORIZATION_STORE_NAME );
  195. if ( !fRet )
  196. {
  197. DBG_ASSERT( GetLastError() != ERROR_INSUFFICIENT_BUFFER );
  199. fFatalError = TRUE;
  200. hr = HRESULT_FROM_WIN32( GetLastError() );
  201. goto AccessCheckComplete;
  202. }
  203. }
  205. //
  206. // Store name better be a string
  207. //
  209. pRecord = (METADATA_RECORD*) buff.QueryPtr();
  210. if ( pRecord->dwMDDataType != STRING_METADATA )
  211. {
  212. fFatalError = TRUE;
  213. hr = HRESULT_FROM_WIN32( ERROR_INVALID_DATA );
  214. goto AccessCheckComplete;
  215. }
  217. //
  218. // We should have an AdminManager store name now. Get an ADMIN_MANAGER
  219. // from the cache (cache will create it if not already in cache)
  220. //
  222. pszAdminStore = (WCHAR*) pRecord->pbMDData;
  224. DBG_ASSERT( g_pAdminManagerCache != NULL );
  226. hr = g_pAdminManagerCache->GetAdminManager( pszAdminStore,
  227. &pAdminManager );
  228. if ( FAILED( hr ) )
  229. {
  230. //
  231. // That sucks. We couldn't find an admin manager
  232. //
  234. CustomErrorInfo.pszStatus = "500 Server Error";
  235. CustomErrorInfo.uHttpSubError = 18;
  236. CustomErrorInfo.fAsync = TRUE;
  238. goto AccessCheckComplete;
  239. }
  241. DBG_ASSERT( pAdminManager != NULL );
  243. //
  244. // Get the application from the AdminManager. That should be trivial
  245. // since we always have the same application name.
  246. //
  248. hr = pAdminManager->GetApplication( &pApplication );
  249. if ( FAILED( hr ) )
  250. {
  251. fFatalError = TRUE;
  252. goto AccessCheckComplete;
  253. }
  255. DBG_ASSERT( pApplication != NULL );
  257. //
  258. // Get the scope name for this request
  259. //
  261. cbBuffer = buff.QuerySize();
  263. fRet = pecb->ServerSupportFunction( pecb,
  264. HSE_REQ_GET_METADATA_PROPERTY,
  265. buff.QueryPtr(),
  266. &cbBuffer,
  267. (LPDWORD) MD_URL_AUTHORIZATION_SCOPE_NAME );
  268. if ( !fRet )
  269. {
  270. //
  271. // It is acceptable to have no scope name. Then we use the NULL scope
  272. //
  274. if ( GetLastError() == ERROR_INSUFFICIENT_BUFFER )
  275. {
  276. DBG_ASSERT( cbBuffer > buff.QuerySize() );
  278. if ( !buff.Resize( cbBuffer ) )
  279. {
  280. fFatalError = TRUE;
  281. hr = HRESULT_FROM_WIN32( GetLastError() );
  282. goto AccessCheckComplete;
  283. }
  285. cbBuffer = buff.QuerySize();
  287. fRet = pecb->ServerSupportFunction( pecb,
  288. HSE_REQ_GET_METADATA_PROPERTY,
  289. buff.QueryPtr(),
  290. &cbBuffer,
  291. (LPDWORD) MD_URL_AUTHORIZATION_SCOPE_NAME );
  292. if ( !fRet )
  293. {
  294. DBG_ASSERT( GetLastError() != ERROR_INSUFFICIENT_BUFFER );
  296. fFatalError = TRUE;
  297. hr = HRESULT_FROM_WIN32( GetLastError() );
  298. goto AccessCheckComplete;
  299. }
  300. }
  301. }
  303. if ( fRet )
  304. {
  305. pRecord = (METADATA_RECORD*) buff.QueryPtr();
  307. if ( pRecord->dwMDDataType != STRING_METADATA )
  308. {
  309. fFatalError = TRUE;
  310. hr = HRESULT_FROM_WIN32( ERROR_INVALID_DATA );
  311. goto AccessCheckComplete;
  312. }
  314. //
  315. // We have a scope name. It better be a string
  316. //
  318. pszScopeName = (WCHAR*) pRecord->pbMDData;
  319. }
  320. else
  321. {
  322. pszScopeName = NULL;
  323. }
  325. //
  326. // Do the access check
  327. //
  329. hr = pApplication->DoAccessCheck( pecb,
  330. pszScopeName,
  331. &fAccessGranted );
  332. if ( FAILED( hr ) )
  333. {
  334. fFatalError = TRUE;
  335. goto AccessCheckComplete;
  336. }
  338. //
  339. // Determine what impersonation token should be used for execution of real URL
  340. //
  342. if ( fAccessGranted )
  343. {
  344. hr = GetTokenForExecution( pecb, &hImpersonationToken );
  345. if ( FAILED ( hr ) )
  346. {
  347. DBG_ASSERT( !hImpersonationToken );
  348. fAccessGranted = FALSE;
  349. fFatalError = TRUE;
  350. goto AccessCheckComplete;
  351. }
  352. }
  353. else
  354. {
  355. //
  356. // Didn't have access. Thats a 401.7
  357. //
  359. CustomErrorInfo.pszStatus = "401 Unauthorized";
  360. CustomErrorInfo.uHttpSubError = 7;
  361. CustomErrorInfo.fAsync = TRUE;
  362. }
  364. AccessCheckComplete:
  366. // not OK to have both access granted and a fatal error.
  367. DBG_ASSERT ( !( fAccessGranted && fFatalError ) );
  369. //
  370. // Do some cleanup
  371. //
  373. if ( pAdminManager != NULL )
  374. {
  375. pAdminManager->DereferenceCacheEntry();
  376. pAdminManager = NULL;
  377. }
  379. //
  380. // Time to do something (TM).
  381. //
  383. if ( fAccessGranted )
  384. {
  385. HSE_EXEC_UNICODE_URL_INFO ExecUrlInfo;
  386. HSE_EXEC_UNICODE_URL_USER_INFO ExecUrlUserInfo;
  388. //
  389. // Everything is ok. Just execute the original URL
  390. //
  392. fRet = pecb->ServerSupportFunction( pecb->ConnID,
  393. HSE_REQ_IO_COMPLETION,
  394. UrlAuthCompletion,
  395. NULL,
  396. (LPDWORD) hImpersonationToken );
  397. if ( !fRet )
  398. {
  399. DBG_ASSERT( FALSE );
  400. if ( hImpersonationToken )
  401. {
  402. DBG_REQUIRE( CloseHandle( hImpersonationToken ) );
  403. hImpersonationToken = NULL;
  404. }
  405. return HSE_STATUS_ERROR;
  406. }
  408. ZeroMemory( &ExecUrlInfo, sizeof( ExecUrlInfo ) );
  410. ExecUrlInfo.dwExecUrlFlags = HSE_EXEC_URL_IGNORE_CURRENT_INTERCEPTOR;
  412. if ( hImpersonationToken )
  413. {
  414. ExecUrlInfo.pUserInfo = &ExecUrlUserInfo;
  416. ZeroMemory( &ExecUrlUserInfo, sizeof( ExecUrlUserInfo ) );
  418. cbBuffer = buff.QuerySize();
  420. fRet = pecb->GetServerVariable( pecb->ConnID,
  421. "UNICODE_REMOTE_USER",
  422. buff.QueryPtr(),
  423. &cbBuffer );
  424. if ( !fRet )
  425. {
  426. if ( GetLastError() != ERROR_INSUFFICIENT_BUFFER )
  427. {
  428. if ( hImpersonationToken )
  429. {
  430. DBG_REQUIRE( CloseHandle( hImpersonationToken ) );
  431. hImpersonationToken = NULL;
  432. }
  433. return HSE_STATUS_ERROR;
  434. }
  436. DBG_ASSERT( cbBuffer > buff.QuerySize() );
  438. fRet = buff.Resize( cbBuffer );
  439. if ( !fRet )
  440. {
  441. if ( hImpersonationToken )
  442. {
  443. DBG_REQUIRE( CloseHandle( hImpersonationToken ) );
  444. hImpersonationToken = NULL;
  445. }
  446. return HSE_STATUS_ERROR;
  447. }
  449. cbBuffer = buff.QuerySize();
  451. fRet = pecb->GetServerVariable( pecb->ConnID,
  452. "UNICODE_REMOTE_USER",
  453. buff.QueryPtr(),
  454. &cbBuffer );
  455. if ( !fRet )
  456. {
  457. if ( hImpersonationToken )
  458. {
  459. DBG_REQUIRE( CloseHandle( hImpersonationToken ) );
  460. hImpersonationToken = NULL;
  461. }
  462. return HSE_STATUS_ERROR;
  463. }
  464. }
  466. ExecUrlUserInfo.pszCustomUserName = (WCHAR*) buff.QueryPtr();
  468. ExecUrlUserInfo.pszCustomAuthType = "URLAUTH";
  470. ExecUrlUserInfo.hImpersonationToken = hImpersonationToken;
  471. }
  473. fRet = pecb->ServerSupportFunction( pecb->ConnID,
  474. HSE_REQ_EXEC_UNICODE_URL,
  475. &ExecUrlInfo,
  476. NULL,
  477. NULL );
  479. if ( !fRet && hImpersonationToken )
  480. {
  481. DBG_REQUIRE( CloseHandle( hImpersonationToken ) );
  482. }
  483. hImpersonationToken = NULL;
  485. return fRet ? HSE_STATUS_PENDING : HSE_STATUS_ERROR;
  486. }
  487. else if ( !fFatalError )
  488. {
  489. //
  490. // This just means access wasn't granted. Send back an error
  491. //
  493. fRet = pecb->ServerSupportFunction( pecb->ConnID,
  494. HSE_REQ_IO_COMPLETION,
  495. UrlAuthCompletion,
  496. NULL,
  497. NULL );
  498. if ( !fRet )
  499. {
  500. DBG_ASSERT( FALSE );
  501. return HSE_STATUS_ERROR;
  502. }
  504. fRet = pecb->ServerSupportFunction( pecb->ConnID,
  505. HSE_REQ_SEND_CUSTOM_ERROR,
  506. &CustomErrorInfo,
  507. NULL,
  508. NULL );
  510. if ( !fRet )
  511. {
  512. pecb->ServerSupportFunction( pecb->ConnID,
  513. HSE_REQ_SEND_RESPONSE_HEADER,
  514. "500 Server Error",
  515. NULL,
  516. NULL );
  518. return HSE_STATUS_ERROR;
  519. }
  520. else
  521. {
  522. return HSE_STATUS_PENDING;
  523. }
  524. }
  525. else
  526. {
  527. //
  528. // Fatal error. Just set the last error and bail.
  529. //
  531. SetLastError( WIN32_FROM_HRESULT( hr ) );
  533. return HSE_STATUS_ERROR;
  534. }
  535. }
  537. BOOL
  538. WINAPI
  539. GetExtensionVersion(
  540. HSE_VERSION_INFO * pver
  541. )
  542. /*++
  544. Routine Description:
  546. Initialization routine for ISAPI
  548. Arguments:
  550. pver - Version information
  552. Return Value:
  554. TRUE if successful, else FALSE
  556. --*/
  557. {
  558. HRESULT hr;
  560. //
  561. // Do ISAPI interface init crap
  562. //
  564. pver->dwExtensionVersion = MAKELONG( 0, 1 );
  566. strcpy( pver->lpszExtensionDesc,
  567. "URL Authorization ISAPI" );
  569. //
  570. // Create an admin manager cache
  571. //
  573. g_pAdminManagerCache = new ADMIN_MANAGER_CACHE;
  574. if ( g_pAdminManagerCache == NULL )
  575. {
  576. return FALSE;
  577. }
  579. //
  580. // Initialize ADMIN_MANAGER globals
  581. //
  583. hr = ADMIN_MANAGER::Initialize();
  584. if ( FAILED( hr ) )
  585. {
  586. delete g_pAdminManagerCache;
  587. g_pAdminManagerCache = NULL;
  588. return FALSE;
  589. }
  591. //
  592. // Initialize AZ_APPLICATION globals
  593. //
  595. hr = AZ_APPLICATION::Initialize();
  596. if ( FAILED( hr ) )
  597. {
  598. ADMIN_MANAGER::Terminate();
  599. delete g_pAdminManagerCache;
  600. g_pAdminManagerCache = NULL;
  601. return FALSE;
  602. }
  604. return TRUE;
  605. }
  607. BOOL
  608. WINAPI
  609. TerminateExtension(
  610. DWORD
  611. )
  612. /*++
  614. Routine Description:
  616. Cleanup ISAPI extension
  618. Arguments:
  620. None
  622. Return Value:
  624. TRUE if successful, else FALSE
  626. --*/
  627. {
  628. AZ_APPLICATION::Terminate();
  630. ADMIN_MANAGER::Terminate();
  632. delete g_pAdminManagerCache;
  633. g_pAdminManagerCache = NULL;
  635. return TRUE;
  636. }
  638. BOOL
  639. WINAPI
  640. DllMain(
  641. HINSTANCE hDll,
  642. DWORD dwReason,
  643. LPVOID
  644. )
  645. /*++
  647. Routine Description:
  649. DLL Entry Routine
  651. Arguments:
  653. Return Value:
  655. TRUE if successful, else FALSE
  657. --*/
  658. {
  659. switch ( dwReason )
  660. {
  661. case DLL_PROCESS_ATTACH:
  663. CREATE_DEBUG_PRINT_OBJECT( "urlauth" );
  664. DisableThreadLibraryCalls( hDll );
  665. break;
  667. case DLL_PROCESS_DETACH:
  668. DELETE_DEBUG_PRINT_OBJECT();
  669. break;
  671. default:
  672. break;
  673. }
  675. return TRUE;
  676. }
  678. HRESULT
  679. GetTokenForExecution(
  680. EXTENSION_CONTROL_BLOCK *pecb,
  681. HANDLE * phToken
  682. )
  683. /*++
  685. Routine Description:
  687. From metadata, determine the impersonation token to return
  689. Arguments:
  691. pecb - current ecb for request
  692. phToken - where to store the token on success
  694. Return Value:
  696. HRESULT
  698. --*/
  699. {
  700. HRESULT hr = S_OK;
  701. BOOL fRet = FALSE;
  702. METADATA_RECORD *pRecord = NULL;
  703. STACK_BUFFER( buff, 512 );
  704. DWORD cbBuffer;
  705. DWORD dwValue= 0;
  706. HANDLE hToken = NULL;
  707. HANDLE hToken2 = NULL;
  709. DBG_ASSERT(pecb);
  710. DBG_ASSERT(phToken);
  711. *phToken = NULL;
  713. cbBuffer = buff.QuerySize();
  715. fRet = pecb->ServerSupportFunction( pecb,
  716. HSE_REQ_GET_METADATA_PROPERTY,
  717. buff.QueryPtr(),
  718. &cbBuffer,
  719. (LPDWORD) MD_URL_AUTHORIZATION_IMPERSONATION_LEVEL );
  720. if ( !fRet &&
  721. GetLastError() != ERROR_INVALID_INDEX )
  722. {
  723. hr = HRESULT_FROM_WIN32( GetLastError() );
  724. goto exit;
  725. }
  726. else if ( fRet )
  727. {
  728. //
  729. // Check the property now. If invalid type then we're done
  730. //
  732. pRecord = (METADATA_RECORD*) buff.QueryPtr();
  733. if ( pRecord->dwMDDataType != DWORD_METADATA )
  734. {
  735. hr = HRESULT_FROM_WIN32( ERROR_INVALID_PARAMETER );
  736. goto exit;
  737. }
  739. // valid type of data - validity of data value done in switch below
  740. dwValue = *(DWORD*)pRecord->pbMDData;
  741. }
  742. else
  743. {
  744. DBG_ASSERT( !fRet && GetLastError() == ERROR_INVALID_INDEX );
  746. // no metadata present, therefore use the default of zero
  747. dwValue = 0;
  748. }
  750. switch(dwValue)
  751. {
  752. case 0:
  753. // use the current authenticated user
  754. fRet = OpenThreadToken( GetCurrentThread(),
  755. TOKEN_ALL_ACCESS,
  756. TRUE,
  757. &hToken );
  758. if ( !fRet )
  759. {
  760. hr = HRESULT_FROM_WIN32( GetLastError() );
  761. goto exit;
  762. }
  764. break;
  766. case 1:
  767. // use the process token to impersonate
  769. // first get the current impersonation token
  770. fRet = OpenThreadToken( GetCurrentThread(),
  771. TOKEN_IMPERSONATE,
  772. TRUE,
  773. &hToken2 );
  774. if ( fRet )
  775. {
  776. DBG_ASSERT( hToken2 != NULL );
  777. RevertToSelf();
  778. }
  780. // get the current process token - it's a primary token
  781. fRet = OpenProcessToken( GetCurrentProcess(),
  782. TOKEN_ALL_ACCESS,
  783. &hToken );
  786. if ( hToken2 != NULL )
  787. {
  788. if ( !SetThreadToken( NULL, hToken2 ) )
  789. {
  790. DBG_ASSERT( FALSE );
  791. }
  793. DBG_REQUIRE( CloseHandle( hToken2 ) );
  794. hToken2 = NULL;
  795. }
  797. // checking the return value from open the process token here
  798. if ( !fRet )
  799. {
  800. hr = HRESULT_FROM_WIN32( GetLastError() );
  801. goto exit;
  802. }
  804. // create an impersonation token from the primary process token
  805. fRet = DuplicateHandle ( GetCurrentProcess(),
  806. hToken,
  807. GetCurrentProcess(),
  808. &hToken2,
  809. 0,
  810. FALSE,
  811. DUPLICATE_SAME_ACCESS );
  812. if ( !fRet )
  813. {
  814. hr = HRESULT_FROM_WIN32( GetLastError() );
  815. goto exit;
  816. }
  818. DBG_REQUIRE( CloseHandle( hToken ) );
  820. hToken = hToken2;
  821. hToken2 = NULL;
  823. break;
  825. case 2:
  826. // get the anonymous token for impersonation
  827. cbBuffer = buff.QuerySize();
  829. fRet = pecb->GetServerVariable( pecb->ConnID,
  830. "UNICODE_SCRIPT_NAME",
  831. (CHAR*) buff.QueryPtr(),
  832. &cbBuffer );
  833. if ( !fRet )
  834. {
  835. if ( GetLastError() != ERROR_INSUFFICIENT_BUFFER )
  836. {
  837. hr = HRESULT_FROM_WIN32( GetLastError() );
  838. goto exit;
  839. }
  841. DBG_ASSERT( cbBuffer > buff.QuerySize() );
  843. fRet = buff.Resize( cbBuffer );
  844. if ( !fRet )
  845. {
  846. hr = HRESULT_FROM_WIN32( GetLastError() );
  847. goto exit;
  848. }
  850. cbBuffer = buff.QuerySize();
  852. fRet = pecb->GetServerVariable( pecb->ConnID,
  853. "UNICODE_SCRIPT_NAME",
  854. (CHAR*) buff.QueryPtr(),
  855. &cbBuffer );
  856. if ( !fRet )
  857. {
  858. hr = HRESULT_FROM_WIN32( GetLastError() );
  859. goto exit;
  860. }
  861. }
  864. fRet = pecb->ServerSupportFunction( pecb->ConnID,
  865. HSE_REQ_GET_UNICODE_ANONYMOUS_TOKEN,
  866. buff.QueryPtr(),
  867. (LPDWORD)&hToken,
  868. NULL );
  869. if ( !fRet )
  870. {
  871. hr = HRESULT_FROM_WIN32( GetLastError() );
  872. goto exit;
  873. }
  875. break;
  877. default:
  878. // If not 0, 1, or 2 then not valid metadata
  879. hr = HRESULT_FROM_WIN32( ERROR_INVALID_PARAMETER );
  880. goto exit;
  882. break;
  883. }
  885. *phToken = hToken;
  886. hToken = NULL;
  888. hr = S_OK;
  890. exit:
  892. if ( hToken )
  893. {
  894. DBG_REQUIRE( CloseHandle( hToken ) );
  895. hToken = NULL;
  896. }
  898. return hr;
  899. };