archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 827363a95b
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '827363a95b'
${ noResults }
windows-server-2003/net/ias/providers/nap/dll/enforcer.cpp

229 lines
5.5 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. ///////////////////////////////////////////////////////////////////////////////
  2. //
  3. // FILE
  4. //
  5. // enforcer.cpp
  6. //
  7. // SYNOPSIS
  8. //
  9. // This file defines the class PolicyEnforcer.
  10. //
  11. ///////////////////////////////////////////////////////////////////////////////
  13. #include <ias.h>
  14. #include <iastlutl.h>
  15. #include <iasutil.h>
  16. #include <sdoias.h>
  17. #include <enforcer.h>
  18. #include <factory.h>
  19. #include <policylist.h>
  20. #include <SortedSdoCollection.h>
  21. #include <TunnelTagger.h>
  23. #include <BuildTree.h>
  24. #include <xprparse.h>
  26. _COM_SMARTPTR_TYPEDEF(ISdo, __uuidof(ISdo));
  27. _COM_SMARTPTR_TYPEDEF(ISdoCollection, __uuidof(ISdoCollection));
  30. PolicyEnforcerBase::~PolicyEnforcerBase() throw ()
  31. {
  32. TunnelTagger::Free(tagger);
  33. }
  36. void PolicyEnforcerBase::processException(
  37. IRequest* pRequest,
  38. const _com_error& ce
  39. ) throw ()
  40. {
  41. LONG reason;
  42. if (ce.Error() == HRESULT_FROM_WIN32(ERROR_MORE_DATA))
  43. {
  44. reason = IAS_MALFORMED_REQUEST;
  45. }
  46. else
  47. {
  48. reason = IAS_INTERNAL_ERROR;
  49. }
  51. // If there was any kind of error, discard the packet.
  52. pRequest->SetResponse(IAS_RESPONSE_DISCARD_PACKET, reason);
  53. }
  56. void PolicyEnforcerBase::setPolicies(IDispatch* pDisp)
  57. {
  58. using _com_util::CheckError;
  60. if (tagger == 0)
  61. {
  62. tagger = TunnelTagger::Alloc();
  63. }
  65. // Get the underlying collection.
  66. ISdoCollectionPtr collection(pDisp);
  68. // Get the enumerator out of the collection.
  69. IUnknownPtr unk;
  70. CheckError(get__NewSortedEnum(collection, &unk, PROPERTY_POLICY_MERIT));
  71. IEnumVARIANTPtr iter(unk);
  73. // Find out how many policies there are ...
  74. long count;
  75. CheckError(collection->get_Count(&count));
  77. // ... and create a temporary list to hold them.
  78. PolicyList temp;
  79. temp.reserve(count);
  81. //////////
  82. // Iterate through each policy in the collection.
  83. //////////
  85. _variant_t element;
  86. unsigned long fetched;
  88. while (iter->Next(1, &element, &fetched) == S_OK && fetched == 1)
  89. {
  90. // Get an SDO out of the variant.
  91. ISdoPtr policy(element);
  92. element.Clear();
  94. // Get the action and expression from the SDO.
  95. _variant_t policyName, propAction, propExpr;
  96. CheckError(policy->GetProperty(PROPERTY_SDO_NAME, &policyName));
  97. CheckError(policy->GetProperty(PROPERTY_POLICY_ACTION, &propAction));
  98. CheckError(policy->GetProperty(PROPERTY_POLICY_CONSTRAINT, &propExpr));
  100. // Create the Action object.
  101. ActionPtr action(
  102. new Action(
  103. V_BSTR(&policyName),
  104. nameAttr,
  105. propAction,
  106. *tagger
  107. )
  108. );
  110. // Parse the msNPConstraint strings into a token array.
  111. _variant_t tokens;
  112. CheckError(IASParseExpressionEx(&propExpr, &tokens));
  114. // Convert the token array into a logic tree.
  115. IConditionPtr expr;
  116. CheckError(IASBuildExpression(&tokens, &expr));
  118. // Insert the objects into our policy list.
  119. temp.insert(expr, action);
  120. }
  122. //////////
  123. // We successfully traversed the collection, so save the results.
  124. //////////
  126. policies.swap(temp);
  127. }
  130. STDMETHODIMP PolicyEnforcerBase::Shutdown()
  131. {
  132. policies.clear();
  134. // We may as well clear the factory cache here.
  135. theFactoryCache.clear();
  137. return S_OK;
  138. }
  141. STDMETHODIMP PolicyEnforcerBase::PutProperty(LONG Id, VARIANT *pValue)
  142. {
  143. if (pValue == NULL) { return E_INVALIDARG; }
  145. switch (Id)
  146. {
  147. case PROPERTY_NAP_POLICIES_COLLECTION:
  148. {
  149. if (V_VT(pValue) != VT_DISPATCH) { return DISP_E_TYPEMISMATCH; }
  150. try
  151. {
  152. setPolicies(V_DISPATCH(pValue));
  153. }
  154. CATCH_AND_RETURN();
  155. break;
  156. }
  158. default:
  159. {
  160. return DISP_E_MEMBERNOTFOUND;
  161. }
  162. }
  164. return S_OK;
  165. }
  167. IASREQUESTSTATUS PolicyEnforcerBase::onSyncRequest(IRequest* pRequest) throw ()
  168. {
  169. _ASSERT(pRequest != NULL);
  170. return IAS_REQUEST_STATUS_ABORT;
  171. }
  174. IASREQUESTSTATUS PolicyEnforcer::onSyncRequest(IRequest* pRequest) throw ()
  175. {
  176. _ASSERT(pRequest != NULL);
  178. try
  179. {
  180. IASRequest request(pRequest);
  182. if (!policies.apply(request))
  183. {
  184. // Access-Request: reject the user.
  185. request.SetResponse(IAS_RESPONSE_ACCESS_REJECT,
  186. IAS_NO_POLICY_MATCH);
  187. }
  188. }
  189. catch (const _com_error& ce)
  190. {
  191. processException(pRequest, ce);
  192. }
  194. return IAS_REQUEST_STATUS_HANDLED;
  195. }
  197. IASREQUESTSTATUS ProxyPolicyEnforcer::onSyncRequest(IRequest* pRequest) throw ()
  198. {
  199. _ASSERT(pRequest != NULL);
  201. try
  202. {
  203. IASRequest request(pRequest);
  205. if (!policies.apply(request))
  206. {
  207. // If no policy fired, then check is that was an Accounting
  208. // or an access request
  209. // Accounting: discard the packet
  210. if (request.get_Request() == IAS_REQUEST_ACCOUNTING)
  211. {
  212. request.SetResponse(IAS_RESPONSE_DISCARD_PACKET,
  213. IAS_NO_CXN_REQ_POLICY_MATCH);
  214. }
  215. else
  216. {
  217. // Access-Request: reject the user.
  218. request.SetResponse(IAS_RESPONSE_ACCESS_REJECT,
  219. IAS_NO_CXN_REQ_POLICY_MATCH);
  220. }
  221. }
  222. }
  223. catch (const _com_error& ce)
  224. {
  225. processException(pRequest, ce);
  226. }
  228. return IAS_REQUEST_STATUS_HANDLED;
  229. }