Leaked source code of windows server 2003
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
|
|
//
// security.h
//
// Implementation of CTSSecurity
// TS Client Shell Security functions
//
// Copyright(C) Microsoft Corporation 2001
// Author: Nadim Abdo (nadima)
//
//
#include "stdafx.h"
#define TRC_GROUP TRC_GROUP_UI
#define TRC_FILE "security"
#include <atrcapi.h>
#include "security.h"
#include "tscsetting.h"
#include "rdrwrndlg.h"
#include "autreg.h"
#include "autil.h"
CTSSecurity::CTSSecurity(){}
CTSSecurity::~CTSSecurity(){}
DWORD CTSSecurity::MakePromptFlags(BOOL fRedirectDrives, BOOL fRedirectPorts){ DWORD dwFlags = REDIRSEC_PROMPT_EVERYTHING; if (fRedirectDrives) { dwFlags |= REDIRSEC_DRIVES; }
if (fRedirectPorts) { dwFlags |= REDIRSEC_PORTS; }
return dwFlags;}
//
// AllowConnection
// Purpose: Does security cheks to determine if the connection should
// proceed based on selected redirection options. This function
// will look at the security policy in the registry for that
// server and decide if the user needs to be prompted.
// If so it will pop UI.
//
// Params:
// hwndOwner - owning window (parents the dialog if we pop UI)
// hInstance - app instance for loading resources
// szServer - server name we are connecting to
// fRedirectDrives - drive redir requested
// fRedirectPorts - port redirection requested
// fRedirectSmartCards - scard redir requested
//
// Returns: BOOLean TRUE if connection is allowed with these settings
// false otherwise
//
// NOTE: Can POP Modal UI
//
//
BOOL CTSSecurity::AllowConnection(HWND hwndOwner, HINSTANCE hInstance, LPCTSTR szServer, BOOL fRedirectDrives, BOOL fRedirectPorts){ BOOL fAllowCon = FALSE; CUT ut; DWORD dwSecurityLevel; DC_BEGIN_FN("AllowConnection");
//
// First read the security level policy
//
dwSecurityLevel = ut.UT_ReadRegistryInt( UTREG_SECTION, REG_KEYNAME_SECURITYLEVEL, TSC_SECLEVEL_MEDIUM); if (TSC_SECLEVEL_LOW == dwSecurityLevel) { TRC_NRM((TB,_T("Security level policy is set to low: check passed"))); fAllowCon = TRUE; DC_QUIT; }
if (fRedirectDrives || fRedirectPorts) { DWORD dwSecurityFilter; DWORD dwSelectedOptions; DWORD dwFlagsToPrompt; //
// Get the security filter for this server name
//
dwSecurityFilter = REDIRSEC_PROMPT_EVERYTHING; dwSecurityFilter = ut.UT_ReadRegistryInt( REG_SECURITY_FILTER_SECTION, (LPTSTR)szServer, REDIRSEC_PROMPT_EVERYTHING);
dwSelectedOptions = MakePromptFlags(fRedirectDrives, fRedirectPorts);
TRC_ALT((TB,_T("Filter 0x%x Selected:0x%x"), dwSecurityFilter, dwSelectedOptions));
//
// Check if the filter allows the selected options
// thru without prompt. The filter indicates which bits
// are lalowed without prompt so NOT to see if any bits with
// prompt remain.
//
dwFlagsToPrompt = dwSelectedOptions & ~dwSecurityFilter; if (dwFlagsToPrompt) { INT dlgRet; //
// One or more options need a user prompt
// so pop the security UI
//
CRedirectPromptDlg rdrPromptDlg(hwndOwner, hInstance, dwSelectedOptions); dlgRet = rdrPromptDlg.DoModal(); if (IDOK == dlgRet) { //
// User is allowing redirection to happen
//
if (rdrPromptDlg.GetNeverPrompt()) { DWORD dwNewFilterBits;
//
// We need to modify the filter bits
// by OR'ing in the current redirection settings
// and writing them back to the registry
//
dwNewFilterBits = dwSelectedOptions | dwSecurityFilter; if (!ut.UT_WriteRegistryInt( REG_SECURITY_FILTER_SECTION, (LPTSTR)szServer, REDIRSEC_PROMPT_EVERYTHING, dwNewFilterBits)) { TRC_ERR((TB,_T("Failed to write prompt bits to reg"))); } }
fAllowCon = TRUE; } else { //
// User hit cancel which means don't allow
// the connection to proceed
//
TRC_NRM((TB,_T("User canceled out of security dialog"))); fAllowCon = FALSE; DC_QUIT; } } else { //
// No option is selected that requires a prompt
//
fAllowCon = TRUE; DC_QUIT; } } else { //
// No 'unsafe' device redirections requested so we just
// allow the connection to go thru
//
fAllowCon = TRUE; }
DC_END_FN();DC_EXIT_POINT: return fAllowCon;}
|
