//////////////////////////////////////////////////////////////// // // Refgp.cxx // // Refresh Group Policy exe // // //////////////////////////////////////////////////////////////// #include "refgp.h" #define USER_POLICY_APPLIED_EVENT TEXT("userenv: User Group Policy has been applied") #define MACHINE_POLICY_APPLIED_EVENT TEXT("Global\\userenv: Machine Group Policy has been applied") #define USER_POLICY_DONE_EVENT TEXT("userenv: User Group Policy Processing is done") #define MACHINE_POLICY_DONE_EVENT TEXT("Global\\userenv: Machine Group Policy Processing is done") #define USER_POLICY_REFRESH_NEEDFG_EVENT TEXT("userenv: User Group Policy ForcedRefresh Needs Foreground Processing") #define MACHINE_POLICY_REFRESH_NEEDFG_EVENT TEXT("Global\\userenv: Machine Group Policy ForcedRefresh Needs Foreground Processing") #define REFRESH_MACHINE 1 #define REFRESH_USER 2 HINSTANCE hInst; typedef enum _FAILSTATES { NO_FAILURE, REFRESH_FAILED, POLWAIT_FAILED, POLWAIT_TIMEDOUT } FAILSTATES; typedef struct _REFSTRUCT { BOOL bMachine; DWORD dwOption; DWORD dwTimeOut; DWORD dwError; FAILSTATES fState; BOOL bFGNeeded; } REFSTRUCT, *LPREFSTRUCT; REFSTRUCT refMach; REFSTRUCT refUser; WCHAR szUser[200]; WCHAR szMach[200]; WCHAR szErr[MAX_PATH*2]; // // Below we define a mapping so that we can have user and computer // versions of certain messages. Note that we could parameterize // the messages such that they took the string 'user' or 'computer' // as an argument, but this can lead to problems with localization, // especially for languages in which nearby words affect the form // of other nearby words. For safety then, we simply have two // messages for each of these cases -- a user version and computer // version. // enum { ID_REFRESH_FAILED = 0, ID_POLWAIT_FAILED, ID_POLWAIT_TIMEDOUT, ID_REFRESH_BACKGND_SUCCESS, ID_REFRESH_BACKGND_TRIGGERED }; const DWORD REFRESH_STATUS_IDS[][2] = { { IDS_REFRESH_FAILED_COMPUTER, IDS_REFRESH_FAILED_USER }, { IDS_POLWAIT_FAILED_COMPUTER, IDS_POLWAIT_FAILED_USER }, { IDS_POLWAIT_TIMEDOUT_COMPUTER, IDS_POLWAIT_TIMEDOUT_USER }, { IDS_REFRESH_BACKGND_SUCCESS_COMPUTER, IDS_REFRESH_BACKGND_SUCCESS_USER }, { IDS_REFRESH_BACKGND_TRIGGERED_COMPUTER, IDS_REFRESH_BACKGND_TRIGGERED_USER } }; // Process arg. checks whether argument is present BOOL ProcessArg(int *pargc, LPWSTR **pargv, DWORD dwStringId, BOOL *bValue) { WCHAR szStr[200]; LPWSTR *argv = *pargv; if (*pargc == 0) return TRUE; if (!LoadString (hInst, dwStringId, szStr, 200)) { return FALSE; } for (; (*argv); *argv++) { if (_wcsicmp(*argv, szStr) == 0) { *bValue = TRUE; (*pargc)--; return TRUE; } } return TRUE; } // Process arg. checks whether argument is present and what the value is after the ":" in string format BOOL ProcessArg(int *pargc, WCHAR ***pargv, DWORD dwStringId, WCHAR **szValue) { WCHAR szStr[200]; LPWSTR *argv = *pargv, szJunk=NULL; if (*pargc == 0) return TRUE; if (!LoadString (hInst, dwStringId, szStr, 200)) { return FALSE; } for (; (*argv); *argv++) { if (_wcsnicmp(*argv, szStr, lstrlen(szStr)) == 0) { *szValue = (*argv)+lstrlen(szStr); (*pargc)--; return TRUE; } } *szValue = NULL; return TRUE; } // Process arg. checks whether argument is present and what the value is after the ":" in long format BOOL ProcessArg(int *pargc, WCHAR ***pargv, DWORD dwStringId, long *plValue) { WCHAR szStr[200]; LPWSTR *argv = *pargv, szJunk=NULL; if (*pargc == 0) return TRUE; if (!LoadString (hInst, dwStringId, szStr, 200)) { return FALSE; } for (; (*argv); *argv++) { if (_wcsnicmp(*argv, szStr, lstrlen(szStr)) == 0) { *plValue = wcstol((*argv)+lstrlen(szStr), &szJunk, 10); (*pargc)--; return TRUE; } } return TRUE; } BOOL CompareOptions(WCHAR *szValue, DWORD dwOptionId) { WCHAR szStr[200]; if (!szValue) return FALSE; if (!LoadString (hInst, dwOptionId, szStr, 200)) { return FALSE; } if (_wcsicmp(szValue, szStr) == 0) return TRUE; return FALSE; } BOOL GetValue(WCHAR *szValue, DWORD dwOptionId) { if (!LoadString (hInst, dwOptionId, szValue, 200)) { return FALSE; } return TRUE; } void PrintMsg(DWORD dwMsgId, ...) { WCHAR szFmt[200]; WCHAR szMsg[200]; va_list marker; if (!LoadString (hInst, dwMsgId, szFmt, 200)) { return; } va_start(marker, dwMsgId); wvnsprintf(szMsg, 200, szFmt, marker); va_end(marker); wprintf(szMsg); return; } void PrintUsage() { for (DWORD dwMsgId = IDS_USAGE_FIRST; dwMsgId <= IDS_USAGE_LAST; dwMsgId++) { PrintMsg(dwMsgId); } return; } BOOL PromptUserForFG(BOOL bMachine) { WCHAR tTemp, tChar; WCHAR Yes[20], No[20]; if (!LoadString (hInst, IDS_YES, Yes, 20)) { return FALSE; // safe } if (!LoadString (hInst, IDS_NO, No, 20)) { return FALSE; // safe } for (;;) { if (bMachine) PrintMsg(IDS_PROMPT_REBOOT); else PrintMsg(IDS_PROMPT_LOGOFF); tChar = getwchar(); tTemp = tChar; while (tTemp != TEXT('\n')) { tTemp = getwchar(); } if (towupper(tChar) == towupper(Yes[0])) return TRUE; if (towupper(tChar) == towupper(No[0])) return FALSE; } return FALSE; } //*************************************************************************** // // GetErrString // // Purpose: Calls FormatMessage to Get the error string corresp. to a error // code // // // Parameters: dwErr - Error Code // szErr - Buffer to return the error string (MAX_PATH) // is assumed.!!! // // Return: szErr // //*************************************************************************** LPTSTR GetErrString(DWORD dwErr, LPTSTR szErr) { szErr[0] = TEXT('\0'); FormatMessage(FORMAT_MESSAGE_IGNORE_INSERTS | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_MAX_WIDTH_MASK, NULL, dwErr, MAKELANGID(LANG_NEUTRAL, SUBLANG_NEUTRAL), szErr, MAX_PATH, NULL); return szErr; } void RefreshPolicyAndWait(LPREFSTRUCT lpRef) { HANDLE hNotifyEvent=NULL, hFGProcessingEvent=NULL; DWORD dwRet=0; lpRef->fState = REFRESH_FAILED; lpRef->dwError = E_FAIL; lpRef->bFGNeeded = FALSE; if (!RefreshPolicyEx(lpRef->bMachine, lpRef->dwOption)) { lpRef->fState = REFRESH_FAILED; lpRef->dwError = GetLastError(); goto Exit; } if (lpRef->dwTimeOut != 0) { lpRef->fState = POLWAIT_FAILED; lpRef->dwError = E_FAIL; hNotifyEvent = OpenEvent(SYNCHRONIZE, FALSE, lpRef->bMachine ? MACHINE_POLICY_DONE_EVENT : USER_POLICY_DONE_EVENT ); if (!hNotifyEvent) { lpRef->fState = POLWAIT_FAILED; lpRef->dwError = GetLastError(); goto Exit; } hFGProcessingEvent = OpenEvent(SYNCHRONIZE, FALSE, lpRef->bMachine ? MACHINE_POLICY_REFRESH_NEEDFG_EVENT : USER_POLICY_REFRESH_NEEDFG_EVENT); if (!hNotifyEvent) { lpRef->fState = POLWAIT_FAILED; lpRef->dwError = GetLastError(); goto Exit; } dwRet = WaitForSingleObject(hNotifyEvent, (lpRef->dwTimeOut == INFINITE) ? INFINITE : 1000*(lpRef->dwTimeOut)); if (dwRet == WAIT_FAILED) { lpRef->fState = POLWAIT_FAILED; lpRef->dwError = GetLastError(); goto Exit; } else if (dwRet == WAIT_ABANDONED) { lpRef->fState = POLWAIT_FAILED; lpRef->dwError = E_UNEXPECTED; goto Exit; } else if (dwRet == WAIT_TIMEOUT) { lpRef->fState = POLWAIT_TIMEDOUT; lpRef->dwError = 0; goto Exit; } lpRef->bFGNeeded = (lpRef->dwOption == RP_FORCE) && (WaitForSingleObject(hFGProcessingEvent, 0) == WAIT_OBJECT_0); } lpRef->fState = NO_FAILURE; Exit: if (hNotifyEvent) CloseHandle(hNotifyEvent); if (hFGProcessingEvent) CloseHandle(hFGProcessingEvent); return; } void PrintRefreshError(LPREFSTRUCT lpRef) { DWORD dwTarget; dwTarget = (lpRef->bMachine) ? COMPUTER_TARGET : USER_TARGET; switch (lpRef->fState) { case REFRESH_FAILED: PrintMsg(REFRESH_ID(ID_REFRESH_FAILED, dwTarget), GetErrString(lpRef->dwError, szErr)); break; case POLWAIT_FAILED: PrintMsg(REFRESH_ID(ID_POLWAIT_FAILED, dwTarget), GetErrString(lpRef->dwError, szErr)); break; case POLWAIT_TIMEDOUT: PrintMsg(REFRESH_ID(ID_POLWAIT_TIMEDOUT, dwTarget)); case NO_FAILURE: if (lpRef->dwTimeOut == 0) PrintMsg(REFRESH_ID(ID_REFRESH_BACKGND_TRIGGERED, dwTarget)); else PrintMsg(REFRESH_ID(ID_REFRESH_BACKGND_SUCCESS, dwTarget)); break; default: break; } } void __cdecl main (int argc, char **argv) { DWORD uTarget=0; BOOL bArgValid = TRUE; LONG lTime = 600; DWORD dwTime = 600, dwRet = 0, dwOption = 0, dwThread = 0; HANDLE hNotifyEvent=NULL, hFGProcessingEvent=NULL, hToken = NULL; BOOL bNeedFG = FALSE; LPWSTR lpCommandLine=0, szTarget=0; int wargc=0; LPWSTR *wargv=NULL, *wargv1=NULL; BOOL bForce=FALSE, bOkToLogoff=FALSE, bOkToBoot=FALSE, bNextFgSync = FALSE; BOOL bNeedBoot = FALSE, bNeedLogoff = FALSE; BOOL bError = FALSE; HANDLE hThreads[2] = {0, 0}; WCHAR achCodePage[13] = L".OCP"; UINT CodePage = GetConsoleOutputCP(); // // Set locale to the default // if ( 0 != CodePage ) { _ultow( CodePage, achCodePage + 1, 10 ); } _wsetlocale(LC_ALL, achCodePage); SetThreadUILanguage(0); lpCommandLine = GetCommandLine(); wargv1 = CommandLineToArgvW(lpCommandLine, &wargc); wargv = (LPWSTR *)LocalAlloc(LPTR, (1+wargc)*sizeof(LPWSTR)); if (!wargv) { PrintMsg(IDS_OUT_OF_MEMORY); goto Exit; } memcpy(wargv, wargv1, wargc*sizeof(LPWSTR)); hInst = GetModuleHandle(wargv[0]); if ((!GetValue(szUser, IDS_USER)) || (!GetValue(szMach, IDS_MACHINE))) { // we cannot read the resource strings. no point continuing return; } // // Ignore the first argument // wargc--; wargv++; // // Get the args // bArgValid = bArgValid && ProcessArg(&wargc, &wargv, IDS_TARGET, &szTarget); bArgValid = bArgValid && ProcessArg(&wargc, &wargv, IDS_TIME, &lTime); bArgValid = bArgValid && ProcessArg(&wargc, &wargv, IDS_FORCE, &bForce); bArgValid = bArgValid && ProcessArg(&wargc, &wargv, IDS_LOGOFF, &bOkToLogoff); bArgValid = bArgValid && ProcessArg(&wargc, &wargv, IDS_BOOT, &bOkToBoot); bArgValid = bArgValid && ProcessArg(&wargc, &wargv, IDS_SYNC, &bNextFgSync); bArgValid = bArgValid && (wargc == 0); // // Get the target correctly // uTarget = 0; if (bArgValid ) { if (!szTarget) { uTarget |= REFRESH_MACHINE; uTarget |= REFRESH_USER; } else if ( CompareOptions(szTarget, IDS_MACHINE) ) uTarget |= REFRESH_MACHINE; else if ( CompareOptions(szTarget, IDS_USER) ) uTarget |= REFRESH_USER; else { bArgValid = FALSE; } } // // Get the options correctly // if (bArgValid) { if ( bForce ) dwOption = RP_FORCE; else dwOption = 0; } if (lTime == -1) dwTime = INFINITE; else dwTime = lTime; if (!bArgValid) { PrintUsage(); goto Exit; } if (bOkToBoot) bOkToLogoff = TRUE; if (bNextFgSync) { if (uTarget & REFRESH_MACHINE) { dwRet = ForceSyncFgPolicy( 0 ); if (dwRet != ERROR_SUCCESS) { PrintMsg(IDS_SET_MODE_FAILED, GetErrString(dwRet, szErr)); goto Exit; } } if (uTarget & REFRESH_USER) { if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken)) { PrintMsg(IDS_SET_MODE_FAILED, GetErrString(GetLastError(), szErr)); goto Exit; } LPWSTR szSid = GetSidString( hToken ); if (!szSid) { PrintMsg(IDS_SET_MODE_FAILED, GetErrString(GetLastError(), szErr)); goto Exit; } dwRet = ForceSyncFgPolicy( szSid ); if (dwRet != ERROR_SUCCESS) { LocalFree (szSid); PrintMsg(IDS_SET_MODE_FAILED, GetErrString(dwRet, szErr)); goto Exit; } LocalFree (szSid); CloseHandle (hToken); hToken = 0; } } else { if (uTarget & REFRESH_MACHINE) { refMach.bMachine = TRUE; refMach.dwOption = dwOption; refMach.dwTimeOut = dwTime; if ((hThreads[dwThread] = CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)RefreshPolicyAndWait, &refMach, 0, 0)) == NULL) { PrintMsg(IDS_REFRESH_POLICY_FAILED, GetErrString(GetLastError(), szErr)); goto Exit; } dwThread++; } if (uTarget & REFRESH_USER) { refUser.bMachine = FALSE; refUser.dwOption = dwOption; refUser.dwTimeOut = dwTime; if ((hThreads[dwThread] = CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)RefreshPolicyAndWait, &refUser, 0, 0)) == NULL) { PrintMsg(IDS_REFRESH_POLICY_FAILED, GetErrString(GetLastError(), szErr)); goto Exit; } dwThread++; } PrintMsg(IDS_REFRESH_LAUNCHED); dwRet = WaitForMultipleObjects(dwThread, hThreads, TRUE, INFINITE); if ((dwRet != WAIT_OBJECT_0) && (dwRet != (WAIT_OBJECT_0 + 1))) { // our threads didn't terminate properly.. PrintMsg(IDS_REFRESH_POLICY_FAILED, GetErrString(GetLastError(), szErr)); goto Exit; } if (uTarget & REFRESH_USER) { PrintRefreshError(&refUser); if (refUser.fState != NO_FAILURE) bError = TRUE; } if (uTarget & REFRESH_MACHINE) { PrintRefreshError(&refMach); if (refMach.fState != NO_FAILURE) bError = TRUE; } if (NO_FAILURE == refMach.fState) { PrintMsg(IDS_LOOK_EVENT_LOG); } if (bError) { goto Exit; } } PrintMsg(IDS_SPACE); if ((uTarget & REFRESH_USER) && (bNextFgSync || refUser.bFGNeeded)) { if ( bNextFgSync ) PrintMsg(IDS_NEED_LOGOFF_SYNC); else PrintMsg(IDS_NEED_LOGOFF); bNeedLogoff = TRUE; } if ((uTarget & REFRESH_MACHINE) && (bNextFgSync || refMach.bFGNeeded)) { if ( bNextFgSync ) PrintMsg(IDS_NEED_REBOOT_SYNC); else PrintMsg(IDS_NEED_REBOOT); bNeedBoot = TRUE; } if ( !bNeedBoot && !bNeedLogoff) { goto Exit; } PrintMsg(IDS_SPACE); if (bNeedBoot && !bOkToBoot) { bOkToBoot = PromptUserForFG(TRUE); } if (bNeedBoot && bOkToBoot) { if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken)) { PrintMsg(IDS_COULDNT_REBOOT, GetErrString(GetLastError(), szErr)); goto Exit; } BYTE bytesTokenPrivNew[sizeof(DWORD)+sizeof(LUID_AND_ATTRIBUTES)]; PTOKEN_PRIVILEGES pTokenPrivNew = (PTOKEN_PRIVILEGES)bytesTokenPrivNew; BYTE bytesTokenPrivOld[sizeof(DWORD)+sizeof(LUID_AND_ATTRIBUTES)]; PTOKEN_PRIVILEGES pTokenPrivOld = (PTOKEN_PRIVILEGES)bytesTokenPrivOld; DWORD dwSize=sizeof(DWORD)+sizeof(LUID_AND_ATTRIBUTES); DWORD dwRetSize=0; pTokenPrivNew->PrivilegeCount = 1; pTokenPrivNew->Privileges->Attributes = SE_PRIVILEGE_ENABLED; if (!LookupPrivilegeValue(NULL, SE_SHUTDOWN_NAME, &(pTokenPrivNew->Privileges->Luid))) { PrintMsg(IDS_COULDNT_REBOOT, GetErrString(GetLastError(), szErr)); goto Exit; } if (!AdjustTokenPrivileges(hToken, FALSE, pTokenPrivNew, dwSize, pTokenPrivOld, &dwRetSize)) { PrintMsg(IDS_COULDNT_REBOOT, GetErrString(GetLastError(), szErr)); goto Exit; } PrintMsg(IDS_NOTIFY_MACHINE_FG); if (!ExitWindowsEx(EWX_REBOOT, 0)) { PrintMsg(IDS_COULDNT_REBOOT, GetErrString(GetLastError(), szErr)); } else { PrintMsg(IDS_REBOOTING); } if (!AdjustTokenPrivileges(hToken, FALSE, pTokenPrivOld, 0, NULL, 0)) { PrintMsg(IDS_COULDNT_REBOOT, GetErrString(GetLastError(), szErr)); goto Exit; } // if we are rebooting no need to call logoff code goto Exit; } if (bNeedLogoff && !bOkToLogoff) { bOkToLogoff = PromptUserForFG(FALSE); } if (bNeedLogoff && bOkToLogoff) { PrintMsg(IDS_NOTIFY_USER_FG); if (!ExitWindowsEx(EWX_LOGOFF, 0)) { PrintMsg(IDS_COULDNT_LOGOFF, GetErrString(GetLastError(), szErr)); } else { PrintMsg(IDS_LOGGING_OFF); } } Exit: if (hToken) CloseHandle(hToken); for (;dwThread;dwThread--) if (hThreads[dwThread-1]) { CloseHandle(hThreads[dwThread-1]); } if (wargv1) GlobalFree(wargv1); if (wargv) LocalFree(wargv); return; }