Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

3650 lines
102 KiB

//+-------------------------------------------------------------------------
//
// Microsoft Windows
//
// Copyright (C) Microsoft Corporation, 1999 - 2002
//
// File: _util.cpp
//
//--------------------------------------------------------------------------
PWSTR g_wzRootDSE = L"RootDSE";
PWSTR g_wzSchemaNamingContext = L"schemaNamingContext";
PWSTR g_wzLDAPAbstractSchemaFormat = L"LDAP://%s/schema/%s";
//
// Attribute names:
//
PWSTR g_wzDescription = L"description"; // ADSTYPE_CASE_IGNORE_STRING
PWSTR g_wzName = L"name"; // ADSTYPE_CASE_IGNORE_STRING
PWSTR g_wzMemberAttr = L"member"; // ADSTYPE_DN_STRING
#define _WIZ_FULL_CTRL _GRANT_ALL
// turn off check for warning C4127: conditional expression is constant
#pragma warning (disable : 4127)
///////////////////////////////////////////////////////////////////////
// CWString
BOOL CWString::LoadFromResource(UINT uID)
{
int nBufferSize = 128;
static const int nCountMax = 4;
int nCount = 1;
do
{
LPWSTR lpszBuffer = (LPWSTR)alloca(nCount*nBufferSize*sizeof(WCHAR));
int iRet = ::LoadString(_Module.GetResourceInstance(), uID,
lpszBuffer, nBufferSize);
if (iRet == 0)
{
(*this) = L"?";
return FALSE; // not found
}
if (iRet == nBufferSize-1) // truncation
{
if (nCount > nCountMax)
{
// too many reallocations
(*this) = lpszBuffer;
return FALSE; // truncation
}
// try to expand buffer
nBufferSize *=2;
nCount++;
}
else
{
// got it
(*this) = lpszBuffer;
break;
}
}
while (TRUE);
return TRUE;
}
///////////////////////////////////////////////////////////////////////////////////
// catenate the server name and the 1779 name
// to get an LDAP path like "LDAP://myserv.foo.com./cn=host,..."
void BuildLdapPathHelper(LPCWSTR lpszServerName, LPCWSTR lpszNamingContext, CWString& szLdapPath)
{
static LPCWSTR lpszFmt = L"LDAP://%s/%s";
int nServerNameLen = lstrlen(lpszServerName)+1;
int nFormatStringLen = lstrlen(lpszFmt)+1;
int nNamingContext = lstrlen(lpszNamingContext)+1;
// build the LDAP path for the schema class
WCHAR* pwszNewObjectPath =
(WCHAR*)alloca(sizeof(WCHAR)*(nServerNameLen+nFormatStringLen+nNamingContext));
wsprintf(pwszNewObjectPath, lpszFmt, lpszServerName, lpszNamingContext);
szLdapPath = pwszNewObjectPath;
}
// catenate the server name and the 1779 name
// to get something like "\\myserv.foo.com.\cn=host,..."
void BuildWin32PathHelper(LPCWSTR lpszServerName, LPCWSTR lpszNamingContext, CWString& szWin32Path)
{
static LPCWSTR lpszFmt = L"\\\\%s\\%s";
int nServerNameLen = lstrlen(lpszServerName)+1;
int nFormatStringLen = lstrlen(lpszFmt)+1;
int nNamingContext = lstrlen(lpszNamingContext)+1;
// build the LDAP path for the schema class
WCHAR* pwszNewObjectPath =
(WCHAR*)alloca(sizeof(WCHAR)*(nServerNameLen+nFormatStringLen+nNamingContext));
wsprintf(pwszNewObjectPath, lpszFmt, lpszServerName, lpszNamingContext);
szWin32Path = pwszNewObjectPath;
}
HRESULT GetCanonicalNameFromNamingContext(LPCWSTR lpszNamingContext, CWString& szCanonicalName)
{
szCanonicalName = L"";
// assume in the form "cn=xyz,..."
LPWSTR lpszCanonicalName = NULL;
HRESULT hr = CrackName((LPWSTR)lpszNamingContext, &lpszCanonicalName, GET_OBJ_CAN_NAME);
if (SUCCEEDED(hr) && (lpszCanonicalName != NULL))
{
szCanonicalName = lpszCanonicalName;
}
if (lpszCanonicalName != NULL)
::LocalFree(lpszCanonicalName);
return hr;
}
/////////////////////////////////////////////////////////////////////////
class CContainerProxyBase
{
public:
CContainerProxyBase() { }
virtual ~CContainerProxyBase() {}
virtual BOOL Add(LPCWSTR lpsz) = 0;
};
template <class TOBJ, class TARR, class TFILTR> class CContainerProxy
: public CContainerProxyBase
{
public:
CContainerProxy(TARR* pArr, TFILTR* pFilter)
{
m_pArr = pArr;
m_pFilter = pFilter;
}
virtual BOOL Add(LPCWSTR lpsz)
{
ULONG filterFlags = 0x0;
if ( (m_pFilter == NULL) ||
(m_pFilter->CanAdd(lpsz, &filterFlags)) )
{
TOBJ* p = new TOBJ(filterFlags, lpsz);
if (p == NULL)
return FALSE;
return m_pArr->Add(p);
}
return TRUE;
}
private:
TARR* m_pArr;
TFILTR* m_pFilter;
};
/////////////////////////////////////////////////////////////////////////
BOOL LoadStringHelper(UINT uID, LPTSTR lpszBuffer, int nBufferMax)
{
int iRet = ::LoadString(_Module.GetResourceInstance(), uID,
lpszBuffer, nBufferMax);
if (iRet == 0)
{
lpszBuffer[0] = NULL;
return FALSE; // not found
}
if (iRet == nBufferMax-1)
return FALSE; // truncation
return TRUE;
}
BOOL GetStringFromHRESULTError(HRESULT hr, CWString& szErrorString, BOOL bTryADsIErrors)
{
HRESULT hrGetLast = S_OK;
DWORD status;
PTSTR ptzSysMsg = NULL;
// first check if we have extended ADs errors
if ((hr != S_OK) && bTryADsIErrors)
{
WCHAR Buf1[256], Buf2[256];
hrGetLast = ::ADsGetLastError(&status, Buf1, 256, Buf2, 256);
TRACE(_T("ADsGetLastError returned status of %lx, error: %s, name %s\n"),
status, Buf1, Buf2);
if ((status != ERROR_INVALID_DATA) && (status != 0))
{
hr = status;
}
}
// try the system first
int nChars = ::FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER
| FORMAT_MESSAGE_FROM_SYSTEM, NULL, hr,
MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),
(PTSTR)&ptzSysMsg, 0, NULL);
if (nChars == 0)
{
//try ads errors
static HMODULE g_adsMod = 0;
if (0 == g_adsMod)
g_adsMod = GetModuleHandle (L"activeds.dll");
nChars = ::FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER
| FORMAT_MESSAGE_FROM_HMODULE, g_adsMod, hr,
MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT),
(PTSTR)&ptzSysMsg, 0, NULL);
}
if (nChars > 0)
{
szErrorString = ptzSysMsg;
::LocalFree(ptzSysMsg);
}
return (nChars > 0);
}
BOOL GetStringFromWin32Error(DWORD dwErr, CWString& szErrorString)
{
return GetStringFromHRESULTError(HRESULT_FROM_WIN32(dwErr),szErrorString);
}
//
// Given a GUID struct, it returns a GUID in string format, without {}
//
BOOL FormatStringGUID(LPWSTR lpszBuf, UINT nBufSize, const GUID* pGuid)
{
lpszBuf[0] = NULL;
// if it is a NULL GUID*, just return an empty string
if (pGuid == NULL)
{
return FALSE;
}
/*
typedef struct _GUID {
unsigned long Data1;
unsigned short Data2;
unsigned short Data3;
unsigned char Data4[ 8 ];
}
*/
if(SUCCEEDED(StringCchPrintf(lpszBuf, nBufSize,
L"%08x-%04x-%04x-%02x%02x-%02x%02x%02x%02x%02x%02x",
pGuid->Data1, pGuid->Data2, pGuid->Data3,
pGuid->Data4[0], pGuid->Data4[1],
pGuid->Data4[2], pGuid->Data4[3], pGuid->Data4[4], pGuid->Data4[5], pGuid->Data4[6], pGuid->Data4[7])))
{
return TRUE;
}
else
{
return FALSE;
}
}
//
// Given a GUID in string format (without {}) it returns a GUID struct
//
// e.g. "00299570-246d-11d0-a768-00aa006e0529" to a struct form
//
BOOL GuidFromString(GUID* pGuid, LPCWSTR lpszGuidString)
{
ZeroMemory(pGuid, sizeof(GUID));
if (lpszGuidString == NULL)
{
return FALSE;
}
int nLen = lstrlen(lpszGuidString);
// the string length should be 36
if (nLen != 36)
return FALSE;
// add the braces to call the Win32 API
LPWSTR lpszWithBraces = (LPWSTR)alloca((nLen+1+2)*sizeof(WCHAR)); // NULL plus {}
wsprintf(lpszWithBraces, L"{%s}", lpszGuidString);
return SUCCEEDED(::CLSIDFromString(lpszWithBraces, pGuid));
}
DWORD AddEntryInAcl(PEXPLICIT_ACCESS pAccessEntry, PACL* ppAcl)
{
// add an entry in the DACL
PACL pOldAcl = *ppAcl;
TRACE(L"Calling SetEntriesInAcl()\n");
DWORD dwErr = ::SetEntriesInAcl(1, pAccessEntry, pOldAcl, ppAcl);
TRACE(L"SetEntriesInAcl() returned dwErr = 0x%x\n", dwErr);
if (dwErr == ERROR_SUCCESS && NULL != pOldAcl )
{
::LocalFree(pOldAcl);
}
return dwErr;
}
#ifdef DBG
void TraceGuid(LPCWSTR lpszMsg, const GUID* pGuid)
{
WCHAR szGuid[128];
FormatStringGUID(szGuid, 128, pGuid);
TRACE(L"%s %s\n", lpszMsg, szGuid);
}
#define TRACE_GUID(msg, pGuid)\
TraceGuid(msg, pGuid);
#else
#define TRACE_GUID(msg, pGuid)
#endif
DWORD AddObjectRightInAcl(IN PSID pSid,
IN ULONG uAccess,
IN const GUID* pRightGUID,
IN const GUID* pInheritGUID,
IN OUT PACL* ppAcl)
{
// trace input parameters
TRACE(L"AddObjectRightInAcl()\n");
TRACE(L"ULONG uAccess = 0x%x\n", uAccess);
TRACE_GUID(L"pRightGUID =", pRightGUID);
TRACE_GUID(L"pInheritGUID =", pInheritGUID);
EXPLICIT_ACCESS AccessEntry;
ZeroMemory(&AccessEntry, sizeof(EXPLICIT_ACCESS));
if( uAccess == 0 )
return ERROR_SUCCESS;
// initialize EXPLICIT_ACCESS
AccessEntry.grfAccessPermissions = uAccess;
AccessEntry.grfAccessMode = GRANT_ACCESS;
AccessEntry.grfInheritance = SUB_CONTAINERS_ONLY_INHERIT;
if (pInheritGUID != NULL)
{
AccessEntry.grfInheritance |= INHERIT_ONLY;
}
OBJECTS_AND_SID ObjectsAndSid;
ZeroMemory(&ObjectsAndSid, sizeof(OBJECTS_AND_SID));
TRACE(L"AccessEntry.grfAccessPermissions = 0x%x\n", AccessEntry.grfAccessPermissions);
TRACE(L"AccessEntry.grfAccessMode = 0x%x\n", AccessEntry.grfAccessMode);
TRACE(L"AccessEntry.grfInheritance = 0x%x\n", AccessEntry.grfInheritance);
TRACE(L"BuildTrusteeWithObjectsAndSid()\n");
BuildTrusteeWithObjectsAndSid(&(AccessEntry.Trustee),
&ObjectsAndSid,
const_cast<GUID*>(pRightGUID), // class, right or property
const_cast<GUID*>(pInheritGUID), // inherit guid (class)
pSid // SID for user or group
);
return ::AddEntryInAcl(&AccessEntry, ppAcl);
}
//////////////////////////////////////////////////////////////////////////////
long SafeArrayGetCount(const VARIANT& refvar)
{
if (V_VT(&refvar) == VT_BSTR)
{
return (long)1;
}
if ( V_VT(&refvar) != ( VT_ARRAY | VT_VARIANT ) )
{
ASSERT(FALSE);
return (long)0;
}
SAFEARRAY *saAttributes = V_ARRAY( &refvar );
long start, end;
HRESULT hr = SafeArrayGetLBound( saAttributes, 1, &start );
if( FAILED(hr) )
return (long)0;
hr = SafeArrayGetUBound( saAttributes, 1, &end );
if( FAILED(hr) )
return (long)0;
return (end - start + 1);
}
HRESULT VariantArrayToContainer(const VARIANT& refvar, CContainerProxyBase* pCont)
{
HRESULT hr = S_OK;
long start, end, current;
if (V_VT(&refvar) == VT_BSTR)
{
//TRACE(_T("VT_BSTR: %s\n"),V_BSTR(&refvar));
pCont->Add(V_BSTR(&refvar));
return S_OK;
}
//
// Check the VARIANT to make sure we have
// an array of variants.
//
if ( V_VT(&refvar) != ( VT_ARRAY | VT_VARIANT ) )
{
ASSERT(FALSE);
return E_UNEXPECTED;
}
SAFEARRAY *saAttributes = V_ARRAY( &refvar );
//
// Figure out the dimensions of the array.
//
hr = SafeArrayGetLBound( saAttributes, 1, &start );
if( FAILED(hr) )
return hr;
hr = SafeArrayGetUBound( saAttributes, 1, &end );
if( FAILED(hr) )
return hr;
//
// Process the array elements.
//
VARIANT SingleResult;
for ( current = start ;
current <= end ;
current++ )
{
::VariantInit( &SingleResult );
hr = SafeArrayGetElement( saAttributes, &current, &SingleResult );
if( FAILED(hr) )
return hr;
if ( V_VT(&SingleResult) != VT_BSTR )
return E_UNEXPECTED;
//TRACE(_T("VT_BSTR: %s\n"),V_BSTR(&SingleResult));
pCont->Add(V_BSTR(&SingleResult));
VariantClear( &SingleResult );
}
return S_OK;
}
HRESULT GetGlobalNamingContexts(LPCWSTR lpszServerName,
CWString& szPhysicalSchemaNamingContext,
CWString& szConfigurationNamingContext)
{
HRESULT hr = S_OK;
CComPtr<IADs> spRootDSE;
CWString szRootDSEPath;
BuildLdapPathHelper(lpszServerName, g_wzRootDSE, szRootDSEPath);
hr = ::ADsOpenObjectHelper(szRootDSEPath,
IID_IADs,
0,
(void**)&spRootDSE
);
if (FAILED(hr))
{
TRACE(L"Error opening ADsOpenObjectHelper(%S), hr=%x\n", (LPCWSTR)szRootDSEPath,hr);
return hr;
}
CComVariant varSchemaNamingContext;
hr = spRootDSE->Get(CComBSTR (g_wzSchemaNamingContext),
&varSchemaNamingContext);
if (FAILED(hr))
{
TRACE(_T("Error spRootDSE->Get((PWSTR)g_wzSchemaNamingContext), hr=%x\n"), hr);
return hr;
}
// finally get value
// (e.g. "cn=schema,cn=configuration,dc=marcocdev,dc=ntdev,dc=microsoft,dc=com")
ASSERT(varSchemaNamingContext.vt == VT_BSTR);
szPhysicalSchemaNamingContext = varSchemaNamingContext.bstrVal;
// get the configuration container naming context
CComVariant varConfigurationNamingContext;
hr = spRootDSE->Get(CComBSTR (L"configurationNamingContext"),
&varConfigurationNamingContext);
if (FAILED(hr))
{
TRACE(L"Failed spRootDSE->Get(configurationNamingContext,&varConfigurationNamingContext), returned hr = 0x%x\n", hr);
return hr;
}
ASSERT(varConfigurationNamingContext.vt == VT_BSTR);
szConfigurationNamingContext = varConfigurationNamingContext.bstrVal;
return hr;
}
LPCWSTR g_lpszSummaryIdent = L" ";
LPCWSTR g_lpszSummaryNewLine = L"\r\n";
void WriteSummaryTitleLine(CWString& szSummary, UINT nTitleID, LPCWSTR lpszNewLine)
{
CWString szTemp;
szTemp.LoadFromResource(nTitleID);
WriteSummaryLine(szSummary, szTemp, NULL, lpszNewLine);
szSummary += lpszNewLine;
}
void WriteSummaryLine(CWString& szSummary, LPCWSTR lpsz, LPCWSTR lpszIdent, LPCWSTR lpszNewLine)
{
if (lpszIdent != NULL)
szSummary += lpszIdent;
szSummary += lpsz;
szSummary += lpszNewLine;
}
//////////////////////////////////////////////////////////////////////////////
LPCWSTR _GetFilePath()
{
static LPCWSTR g_lpszFileName = L"\\system32\\dssec.dat";
static WCHAR g_lpszFilePath[2*MAX_PATH] = L"";
if (g_lpszFilePath[0] == NULL)
{
UINT nLen = ::GetSystemWindowsDirectory(g_lpszFilePath, MAX_PATH);
if (nLen == 0)
return NULL;
wcscat(g_lpszFilePath, g_lpszFileName);
}
return g_lpszFilePath;
}
ULONG GetClassFlags(LPCWSTR lpszClassName)
{
LPCWSTR lpszAttr = L"@";
INT nDefault = 0;
return ::GetPrivateProfileInt(lpszClassName, lpszAttr, nDefault, _GetFilePath());
//return nDefault;
}
/////////////////////////////////////////////////////////////////////////////
// CFilterEntry
class CFilterEntry
{
public:
CFilterEntry(LPWSTR lpszEntry)
{
m_lpszName = lpszEntry;
m_nFlags = 0;
Parse();
}
LPCWSTR m_lpszName;
ULONG m_nFlags;
bool operator<(CFilterEntry& x)
{
UNREFERENCED_PARAMETER (x);
return false;
}
private:
void Parse()
{
WCHAR* p = (WCHAR*)m_lpszName;
while (*p != NULL)
{
if (*p == TEXT('='))
{
*p = NULL;
m_nFlags = _wtoi(p+1);
break;
}
p++;
}
}
};
class CFilterEntryHolder
{
public:
CFilterEntryHolder()
{
m_pCharBuf = NULL;
m_dwCharBufSize = 0;
}
~CFilterEntryHolder()
{
if (m_pCharBuf != NULL)
free(m_pCharBuf);
}
ULONG GetAttributeFlags(LPCWSTR lpszClassName, LPCWSTR lpszAttr);
private:
CWString m_szClassName;
CGrowableArr<CFilterEntry> m_entries;
WCHAR* m_pCharBuf;
DWORD m_dwCharBufSize;
BOOL _ReadFile();
void _LoadFromFile();
ULONG _FindInCache(LPCWSTR lpszAttr);
};
BOOL CFilterEntryHolder::_ReadFile()
{
if (m_pCharBuf == NULL)
{
m_dwCharBufSize = 4096;
m_pCharBuf = (WCHAR*)malloc(sizeof(WCHAR)*m_dwCharBufSize);
}
if (m_pCharBuf == NULL)
return FALSE;
BOOL bNeedRealloc = FALSE;
int nReallocCount = 0;
do
{
DWORD dwCharCount = ::GetPrivateProfileSection(m_szClassName,
m_pCharBuf, m_dwCharBufSize, _GetFilePath());
if (dwCharCount == 0)
return FALSE;
bNeedRealloc = dwCharCount == (m_dwCharBufSize - 2);
if (bNeedRealloc)
{
if (nReallocCount > 4)
return FALSE;
m_dwCharBufSize = 2*m_dwCharBufSize;
WCHAR* pCharBuf = (WCHAR*)realloc(m_pCharBuf, sizeof(WCHAR)*m_dwCharBufSize);
if ( pCharBuf )
{
m_pCharBuf = pCharBuf;
}
else
break;
nReallocCount++;
}
}
while (bNeedRealloc);
return TRUE;
}
void CFilterEntryHolder::_LoadFromFile()
{
m_entries.Clear();
if (!_ReadFile())
return;
WCHAR* p = m_pCharBuf;
WCHAR* pEntry = p;
while ( ! (( *p == NULL ) && ( *(p+1) == NULL )) )
{
if (*p == NULL)
{
TRACE(_T("pEntry = <%s>\n"), pEntry);
m_entries.Add(new CFilterEntry(pEntry));
pEntry = p+1;
}
p++;
}
if ( pEntry < p)
m_entries.Add(new CFilterEntry(pEntry)); // add the last one
for (ULONG k=0; k<m_entries.GetCount(); k++)
{
TRACE(_T("k = %d, <%s> flags = %d\n"), k, m_entries[k]->m_lpszName, m_entries[k]->m_nFlags);
}
}
ULONG CFilterEntryHolder::_FindInCache(LPCWSTR lpszAttr)
{
for (ULONG k=0; k<m_entries.GetCount(); k++)
{
if (_wcsicmp(m_entries[k]->m_lpszName, lpszAttr) == 0)
return m_entries[k]->m_nFlags;
}
return 0; // default
}
ULONG CFilterEntryHolder::GetAttributeFlags(LPCWSTR lpszClassName, LPCWSTR lpszAttr)
{
if (_wcsicmp(lpszClassName, m_szClassName) != 0)
{
// class name changed
m_szClassName = lpszClassName;
_LoadFromFile();
}
return _FindInCache(lpszAttr);
}
ULONG GetAttributeFlags(LPCWSTR lpszClassName, LPCWSTR lpszAttr)
{
static CFilterEntryHolder g_holder;
return g_holder.GetAttributeFlags(lpszClassName, lpszAttr);
// INT nDefault = 0;
// return ::GetPrivateProfileInt(lpszClassName, lpszAttr, nDefault, _GetFilePath());
//return nDefault;
}
///////////////////////////////////////////////////////////////////////
// CPrincipal
HRESULT CPrincipal::Initialize(PDS_SELECTION pDsSelection, HICON hClassIcon)
{
TRACE(_T("pwzName = %s\n"), pDsSelection->pwzName); // e.g. JoeB
TRACE(_T("pwzADsPath = %s\n"), pDsSelection->pwzADsPath); // "LDAP:..." or "WINNT:..."
TRACE(_T("pwzClass = %s\n"), pDsSelection->pwzClass); // e.g. "user"
TRACE(_T("pwzUPN = %s\n"), pDsSelection->pwzUPN); // .e.g. "[email protected]."
WCHAR const c_szClassComputer[] = L"computer";
// get the SID
ASSERT(pDsSelection->pvarFetchedAttributes);
if (pDsSelection->pvarFetchedAttributes[0].vt == VT_EMPTY)
{
TRACE(L"CPrincipal::Initialize() failed on VT_EMPTY sid\n");
// fatal error, we cannot proceed
return E_INVALIDARG;
}
if (pDsSelection->pvarFetchedAttributes[0].vt != (VT_ARRAY | VT_UI1))
{
TRACE(L"CPrincipal::Initialize() failed on (VT_ARRAY | VT_UI1) sid\n");
// fatal error, we cannot proceed
return E_INVALIDARG;
}
// make sure we have a good SID
PSID pSid = pDsSelection->pvarFetchedAttributes[0].parray->pvData;
HRESULT hr = Initialize (pSid);
if ( FAILED (hr) )
return hr;
// copy the icon
m_hClassIcon = hClassIcon;
// copy the strings
m_szClass = pDsSelection->pwzClass;
//Strip from Computer Name
//16414 02/28/2000 *DS Admin snapin - DelWiz, need to strip the '$' from the end of computer names
m_szName = pDsSelection->pwzName;
if( m_szClass && m_szName && ( wcscmp( m_szClass, (LPWSTR)c_szClassComputer) == 0 ) )
{
// Strip the trailing '$'
LPWSTR pszTemp;
pszTemp= (LPWSTR)(LPCWSTR)m_szName;
int nLen = lstrlen(pszTemp);
if (nLen && pszTemp[nLen-1] == TEXT('$'))
{
pszTemp[nLen-1] = TEXT('\0');
}
}
m_szADsPath = pDsSelection->pwzADsPath;
if( m_szClass && m_szADsPath && ( wcscmp( m_szClass, (LPWSTR)c_szClassComputer) == 0 ) )
{
// Strip the trailing '$'
LPWSTR pszTemp;
pszTemp= (LPWSTR)(LPCWSTR)m_szADsPath;
int nLen = lstrlen(pszTemp);
if (nLen && pszTemp[nLen-1] == TEXT('$'))
{
pszTemp[nLen-1] = TEXT('\0');
}
}
m_szUPN = pDsSelection->pwzUPN;
// set the display name
_ComposeDisplayName();
return S_OK;
}
HRESULT CPrincipal::Initialize (PSID pSid)
{
if (!IsValidSid(pSid))
{
TRACE(L"CPrincipal::Initialize() failed on IsValidSid()\n");
// fatal error, we cannot proceed
return E_INVALIDARG;
}
// we have a good SID, copy it
if (!m_sidHolder.Copy(pSid))
{
TRACE(L"CPrincipal::Initialize() failed on m_sidHolder.Copy(pSid)\n");
// fatal error, we cannot proceed
return E_OUTOFMEMORY;
}
return S_OK;
}
BOOL BuildSamName(LPCWSTR lpszPath, CWString& s)
{
// strip the WINNT provider and reverse slashes
static LPCWSTR lpszPrefix = L"WinNT://";
int nPrefixLen = lstrlen(lpszPrefix);
if (_wcsnicmp(lpszPath, lpszPrefix, nPrefixLen ) != 0)
{
// not matching
return FALSE;
}
// make a copy
LPCWSTR lpzsTemp = lpszPath+nPrefixLen; // past the prefix
s = L"";
for (WCHAR* pChar = const_cast<LPWSTR>(lpzsTemp); (*pChar) != NULL; pChar++)
{
if (*pChar == L'/')
s += L'\\';
else
s += *pChar;
}
return TRUE;
}
void CPrincipal::_ComposeDisplayName()
{
LPCWSTR lpszAddToName = NULL;
// check if there is a UPN
LPCWSTR lpszUPN = m_szUPN;
if ( (lpszUPN != NULL) && (lstrlen(lpszUPN) > 0))
{
lpszAddToName = lpszUPN;
}
// as a second chance, add the domain\name
LPCWSTR lpszPath = m_szADsPath;
CWString sTemp;
if ((lpszAddToName == NULL) && (lpszPath != NULL) && (lstrlen(lpszPath) > 0))
{
if (BuildSamName(lpszPath,sTemp))
{
lpszAddToName = sTemp;
}
}
if (lpszAddToName != NULL)
{
static LPCWSTR lpszFormat = L"%s (%s)";
size_t nLen = lstrlen(lpszAddToName) + lstrlen(lpszFormat) + m_szName.size() + 1;
LPWSTR lpszTemp = (LPWSTR)alloca(nLen*sizeof(WCHAR));
wsprintf(lpszTemp, lpszFormat, m_szName.c_str(), lpszAddToName);
m_szDisplayName = lpszTemp;
}
else
{
// got nothing, just use the name
m_szDisplayName = m_szName;
}
}
BOOL CPrincipal::IsEqual(CPrincipal* p)
{
return (_wcsicmp(m_szADsPath, p->m_szADsPath) == 0);
}
BOOL CPrincipalList::AddIfNotPresent(CPrincipal* p)
{
CPrincipalList::iterator i;
for (i = begin(); i != end(); ++i)
{
if ((*i)->IsEqual(p))
{
delete p; // duplicate
return FALSE;
}
}
push_back(p);
return TRUE;
}
void CPrincipalList::WriteSummaryInfo(CWString& szSummary, LPCWSTR lpszIdent, LPCWSTR lpszNewLine)
{
WriteSummaryTitleLine(szSummary, IDS_DELEGWIZ_FINISH_PRINCIPALS, lpszNewLine);
CPrincipalList::iterator i;
for (i = begin(); i != end(); ++i)
{
WriteSummaryLine(szSummary, (*i)->GetDisplayName(), lpszIdent, lpszNewLine);
}
szSummary += lpszNewLine;
}
///////////////////////////////////////////////////////////////////////
// CControlRightInfo
void CControlRightInfo::SetLocalizedName(UINT nLocalizationDisplayId, HMODULE hModule)
{
WCHAR szLocalizedDisplayName[256];
DWORD dwChars = 0;
if (hModule != NULL)
{
dwChars = FormatMessage(FORMAT_MESSAGE_FROM_HMODULE | FORMAT_MESSAGE_IGNORE_INSERTS,
hModule,
nLocalizationDisplayId,
0,
szLocalizedDisplayName,
256,
NULL);
}
if (dwChars > 0)
{
m_szLocalizedName = szLocalizedDisplayName;
}
else
{
// failed, just use the LDAP display name
m_szLocalizedName = m_szLdapDisplayName;
}
// need to set the display name
if (IsPropertySet())
{
CWString szPropertySetFormat;
szPropertySetFormat.LoadFromResource(IDS_DELEGWIZ_RW_PROPERTYSET);
WCHAR* lpszBuffer = (WCHAR*)alloca(sizeof(WCHAR)*(szPropertySetFormat.size()+m_szLocalizedName.size()+1));
// we have a different display name
wsprintf(lpszBuffer, szPropertySetFormat, (LPCWSTR)m_szLocalizedName);
m_szDisplayName = lpszBuffer;
}
else
{
// same as raw
m_szDisplayName = m_szLocalizedName;
}
}
///////////////////////////////////////////////////////////////////////
// CControlRightInfoArray
class CDsSecLib
{
public:
CDsSecLib()
{
m_hInstance = ::LoadLibrary(L"dssec.dll");
}
~CDsSecLib()
{
if (m_hInstance != NULL)
::FreeLibrary(m_hInstance);
}
HINSTANCE Get() { return m_hInstance; }
private:
HINSTANCE m_hInstance;
};
HRESULT CControlRightInfoArray::InitFromDS(CAdsiObject* pADSIObj,
const GUID* pSchemaIDGUID)
{
TRACE(L"CControlRightInfoArray::InitFromDS()\n\n");
ASSERT(pSchemaIDGUID != NULL);
LPWSTR lpszSchemaIDGUID = (LPWSTR)alloca(128*sizeof(WCHAR));
if(!lpszSchemaIDGUID)
return E_OUTOFMEMORY;
if (!FormatStringGUID(lpszSchemaIDGUID, 128, pSchemaIDGUID))
{
return E_INVALIDARG;
}
// build the LDAP path for the schema class
CWString szPhysicalSchemaPath;
LPCWSTR lpszPhysicalSchemaNamingContext = pADSIObj->GetPhysicalSchemaNamingContext();
BuildLdapPathHelper(pADSIObj->GetServerName(), lpszPhysicalSchemaNamingContext, szPhysicalSchemaPath);
// build the extended rights container naming context and LDAP path
CWString szExtendedRightsNamingContext;
szExtendedRightsNamingContext = L"CN=Extended-Rights,";
szExtendedRightsNamingContext += pADSIObj->GetConfigurationNamingContext();
CWString szExtendedRightsPath;
BuildLdapPathHelper(pADSIObj->GetServerName(), szExtendedRightsNamingContext, szExtendedRightsPath);
// bind a query to the extended rights container
CAdsiSearch search;
HRESULT hr = search.Init(szExtendedRightsPath);
TRACE(L"search.Init(%s) returned hr = 0x%x\n", (LPCWSTR)szExtendedRightsPath, hr);
if (FAILED(hr))
{
return hr;
}
// build an LDAP query string
static LPCWSTR lpszFilterFormat = L"(&(objectCategory=CN=Control-Access-Right,%s)(AppliesTo=%s))";
int nFmtLen = lstrlen(lpszFilterFormat);
int nArgumentLen = lstrlen(lpszPhysicalSchemaNamingContext) + lstrlen(lpszSchemaIDGUID);
WCHAR* lpszFilter = (WCHAR*)alloca(sizeof(WCHAR)*(nFmtLen+nArgumentLen+1));
wsprintf(lpszFilter, lpszFilterFormat, lpszPhysicalSchemaNamingContext, lpszSchemaIDGUID);
// build an array of wanted columns
static const int cAttrs = 4;
static LPCWSTR pszAttribsArr[cAttrs] =
{
L"displayName", // e.g. "Change Password"
L"rightsGuid", // e.g. "ab721a53-1e2f-...." (i.e. GUID in string form w/o {})
L"validAccesses", // bitmask of access righs
L"localizationDisplayId" // bitmask of access righs
};
hr = search.SetSearchScope(ADS_SCOPE_ONELEVEL);
TRACE(L"search.SetSearchScope(ADS_SCOPE_ONELEVEL) returned hr = 0x%x\n", hr);
if (FAILED(hr))
return hr;
hr = search.DoQuery(lpszFilter, pszAttribsArr, cAttrs);
TRACE(L"search.DoQuery(lpszFilter, pszAttribsArr, cAttrs) returned hr = 0x%x\n", hr);
if (FAILED(hr))
return hr;
TRACE(L"\n");
CWString szRightsGUID;
ULONG nLocalizationDisplayId;
// load DSSEC.DLL to provide localized
CDsSecLib DsSecLib;
while ((hr = search.GetNextRow()) != S_ADS_NOMORE_ROWS)
{
if (FAILED(hr))
continue;
CControlRightInfo* pInfo = new CControlRightInfo();
HRESULT hr0 = search.GetColumnString(pszAttribsArr[0], pInfo->m_szLdapDisplayName);
// the DS gives us the GUID in string form, but we need it in struct form
HRESULT hr1 = search.GetColumnString(pszAttribsArr[1], szRightsGUID);
if (SUCCEEDED(hr1))
{
if (!::GuidFromString(&(pInfo->m_rightsGUID), szRightsGUID.c_str()))
{
TRACE(L"GuidFromString(_, %s) failed!\n", szRightsGUID.c_str());
hr1 = E_INVALIDARG;
}
}
HRESULT hr2 = search.GetColumnInteger(pszAttribsArr[2], pInfo->m_fAccess);
HRESULT hr3 = search.GetColumnInteger(pszAttribsArr[3], nLocalizationDisplayId);
TRACE(L"Name = <%s>, \n Guid = <%s>, Access = 0x%x, nLocalizationDisplayId = %d\n",
pInfo->m_szLdapDisplayName.c_str(), szRightsGUID.c_str(), pInfo->m_fAccess, nLocalizationDisplayId);
if (FAILED(hr0) || FAILED(hr1) || FAILED(hr2) || FAILED(hr3))
{
TRACE(L"WARNING: discarding right, failed on columns: hr0 = 0x%x, hr1 = 0x%x, hr2 = 0x%x, hr3 = 0x%x\n",
hr0, hr1, hr2, hr3);
delete pInfo;
}
else
{
pInfo->SetLocalizedName(nLocalizationDisplayId, DsSecLib.Get());
Add(pInfo);
}
} // while
TRACE(L"\n\n");
if (hr == S_ADS_NOMORE_ROWS)
hr = S_OK;
return hr;
}
//////////////////////////////////////////////////////////////////////
// CPropertyRightInfo
const ULONG CPropertyRightInfo::m_nRightCountMax = 2;
const ULONG CPropertyRightInfo::m_nReadIndex = 0;
const ULONG CPropertyRightInfo::m_nWriteIndex = 1;
LPCWSTR CPropertyRightInfo::GetRightDisplayString(ULONG iRight)
{
static WCHAR szReadFmt[256] = L"";
static WCHAR szWriteFmt[256] = L"";
static WCHAR szReadAll[256] = L"";
static WCHAR szWriteAll[256] = L"";
static WCHAR szDisplay[512];
ASSERT(GetName() != NULL); // must have a name!!!
szDisplay[0] = NULL;
WCHAR* pFmt = NULL;
if (iRight == m_nReadIndex)
{
if (szReadFmt[0] == NULL)
LoadStringHelper(IDS_DELEGWIZ_READ_PROPERTY, szReadFmt, ARRAYSIZE(szReadFmt));
pFmt = szReadFmt;
}
else if (iRight == m_nWriteIndex)
{
if (szWriteFmt[0] == NULL)
LoadStringHelper(IDS_DELEGWIZ_WRITE_PROPERTY, szWriteFmt, ARRAYSIZE(szWriteFmt));
pFmt = szWriteFmt;
}
if(pFmt)
{
if(SUCCEEDED(StringCchPrintf(szDisplay, sizeof(szDisplay)/sizeof(WCHAR), pFmt, GetDisplayName())))
{
return szDisplay;
}
}
return NULL;
}
void CPropertyRightInfo::SetRight(ULONG iRight, BOOL b)
{
switch (iRight)
{
case m_nReadIndex:
if (b)
m_Access |= ACTRL_DS_READ_PROP;
else
m_Access &= ~ACTRL_DS_READ_PROP;
break;
case m_nWriteIndex:
if (b)
m_Access |= ACTRL_DS_WRITE_PROP;
else
m_Access &= ~ACTRL_DS_WRITE_PROP;
break;
default:
ASSERT(FALSE);
};
}
ULONG CPropertyRightInfo::GetRight(ULONG iRight)
{
switch (iRight)
{
case m_nReadIndex:
return (ULONG)ACTRL_DS_READ_PROP;
break;
case m_nWriteIndex:
return (ULONG)ACTRL_DS_WRITE_PROP;
break;
default:
ASSERT(FALSE);
};
return 0;
}
BOOL CPropertyRightInfo::IsRightSelected(ULONG iRight)
{
BOOL bRes = FALSE;
switch (iRight)
{
case m_nReadIndex:
bRes = m_Access & ACTRL_DS_READ_PROP;
break;
case m_nWriteIndex:
bRes = m_Access & ACTRL_DS_WRITE_PROP;
break;
default:
ASSERT(FALSE);
};
return bRes;
}
//////////////////////////////////////////////////////////////////////
// CPropertyRightInfoArray
template <class T> class CClassPtr
{
public:
CClassPtr() { m_p = NULL;}
~CClassPtr() { if (m_p) delete m_p;}
CClassPtr& operator=(T* p)
{
m_p = p;
return *this;
}
T* operator->()
{
return m_p;
}
T* operator&()
{
return m_p;
}
private:
T* m_p;
};
HRESULT CPropertyRightInfoArray::InitFromSchema(CAdsiObject* pADSIObj,
IADsClass * pDsSchemaClass,
LPCWSTR lpszClassName,
BOOL bUseFilter)
{
// setup
Clear();
CClassPtr<CPropertyRightInfoFilter> spFilter;
if (bUseFilter)
{
spFilter = new CPropertyRightInfoFilter();
spFilter->SetClassName(lpszClassName);
}
if (pDsSchemaClass == NULL)
{
ASSERT(lpszClassName == NULL);
return S_OK;
}
// get data from DS for specific properties
VARIANT MandatoryListVar, OptionalListVar;
::VariantInit(&MandatoryListVar);
::VariantInit(&OptionalListVar);
HRESULT hr = pDsSchemaClass->get_MandatoryProperties(&MandatoryListVar);
if (FAILED(hr))
{
::VariantClear(&MandatoryListVar);
return hr;
}
hr = pDsSchemaClass->get_OptionalProperties(&OptionalListVar);
if (FAILED(hr))
{
::VariantClear(&OptionalListVar);
return hr;
}
// add the results to the array
CContainerProxy<CPropertyRightInfo, CPropertyRightInfoArray, CPropertyRightInfoFilter>
cont(this, &spFilter);
VariantArrayToContainer(MandatoryListVar, &cont);
VariantArrayToContainer(OptionalListVar, &cont);
::VariantClear(&MandatoryListVar);
::VariantClear(&OptionalListVar);
// now need to set the friendly names
ULONG nCount = (ULONG) GetCount();
WCHAR szFrendlyName[1024];
HRESULT hrName;
for (ULONG i=0; i<nCount; i++)
{
LPCWSTR lpszName = (*this)[i]->GetName();
if (lpszName != NULL)
{
hrName = pADSIObj->GetFriendlyAttributeName(lpszClassName,
lpszName,
szFrendlyName, 1024);
ASSERT(SUCCEEDED(hrName));
(*this)[i]->SetDisplayName(SUCCEEDED(hrName) ? szFrendlyName : NULL);
}
}
// get guids
for (i=0; i<nCount; i++)
{
CPropertyRightInfo* pInfo = (*this)[i];
LPCWSTR lpszName = pInfo->GetName();
hr = pADSIObj->GetClassGuid(lpszName, TRUE, pInfo->m_schemaIDGUID);
if (SUCCEEDED(hr))
{
WCHAR szTest[128];
FormatStringGUID(szTest, 128, &(pInfo->m_schemaIDGUID));
TRACE(L"name = <%s>, guid = <%s>\n", lpszName, szTest);
}
else
{
TRACE(L"GetClassGuid(%s) failed hr = 0x%x\n", lpszName, hr);
return hr;
}
}
Sort();
return hr;
}
//////////////////////////////////////////////////////////////////////
// CClassRightInfo
const ULONG CClassRightInfo::m_nRightCountMax = 2;
const ULONG CClassRightInfo::m_nCreateIndex = 0;
const ULONG CClassRightInfo::m_nDeleteIndex = 1;
LPCWSTR CClassRightInfo::GetRightDisplayString(ULONG iRight)
{
static WCHAR szCreateFmt[256] = L"";
static WCHAR szDeleteFmt[256] = L"";
static WCHAR szCreateAll[256] = L"";
static WCHAR szDeleteAll[256] = L"";
static WCHAR szDisplay[512];
ASSERT(GetName() != NULL); // must have a name!!!
szDisplay[0] = NULL;
WCHAR* pFmt = NULL;
if (iRight == m_nCreateIndex)
{
if (szCreateFmt[0] == NULL)
LoadStringHelper(IDS_DELEGWIZ_CREATE_CLASS, szCreateFmt, ARRAYSIZE(szCreateFmt));
pFmt = szCreateFmt;
}
else if (iRight == m_nDeleteIndex)
{
if (szDeleteFmt[0] == NULL)
LoadStringHelper(IDS_DELEGWIZ_DELETE_CLASS, szDeleteFmt, ARRAYSIZE(szDeleteFmt));
pFmt = szDeleteFmt;
}
if(pFmt)
{
if(SUCCEEDED(StringCchPrintf(szDisplay,
sizeof(szDisplay)/sizeof(WCHAR),
pFmt,
GetDisplayName())))
{
return szDisplay;
}
}
return NULL;
}
void CClassRightInfo::SetRight(ULONG iRight, BOOL b)
{
switch (iRight)
{
case m_nCreateIndex:
if (b)
m_Access |= ACTRL_DS_CREATE_CHILD;
else
m_Access &= ~ACTRL_DS_CREATE_CHILD;
break;
case m_nDeleteIndex:
if (b)
m_Access |= ACTRL_DS_DELETE_CHILD;
else
m_Access &= ~ACTRL_DS_DELETE_CHILD;
break;
default:
ASSERT(FALSE);
};
}
ULONG CClassRightInfo::GetRight(ULONG iRight)
{
switch (iRight)
{
case m_nCreateIndex:
return (ULONG)ACTRL_DS_CREATE_CHILD;
break;
case m_nDeleteIndex:
return (ULONG)ACTRL_DS_DELETE_CHILD;
break;
default:
ASSERT(FALSE);
};
return 0;
}
BOOL CClassRightInfo::IsRightSelected(ULONG iRight)
{
BOOL bRes = FALSE;
switch (iRight)
{
case m_nCreateIndex:
bRes = m_Access & ACTRL_DS_CREATE_CHILD;
break;
case m_nDeleteIndex:
bRes = m_Access & ACTRL_DS_DELETE_CHILD;
break;
default:
ASSERT(FALSE);
};
return bRes;
}
//////////////////////////////////////////////////////////////////////
// CClassRightInfoArray
HRESULT CClassRightInfoArray::InitFromSchema(CAdsiObject* pADSIObj,
IADsClass* pDsSchemaClass,
BOOL bUseFilter)
{
// setup
Clear();
if (pDsSchemaClass == NULL)
return S_OK;
// read from DS
VARIANT ContainmentListVar;
::VariantInit(&ContainmentListVar);
HRESULT hr = pDsSchemaClass->get_Containment(&ContainmentListVar);
if (FAILED(hr))
{
::VariantClear(&ContainmentListVar);
return hr;
}
CClassPtr<CClassRightInfoFilter> spFilter;
if (bUseFilter)
{
spFilter = new CClassRightInfoFilter();
}
// add to array and filter
CContainerProxy<CClassRightInfo, CClassRightInfoArray, CClassRightInfoFilter>
cont(this, &spFilter);
VariantArrayToContainer(ContainmentListVar, &cont);
::VariantClear(&ContainmentListVar);
// now need to set the friendly names
ULONG nCount = (ULONG) GetCount();
WCHAR szFrendlyName[1024];
HRESULT hrName;
for (ULONG i=0; i<nCount; i++)
{
LPCWSTR lpszName = (*this)[i]->GetName();
if (lpszName != NULL)
{
hrName = pADSIObj->GetFriendlyClassName(lpszName, szFrendlyName, 1024);
ASSERT(SUCCEEDED(hrName));
(*this)[i]->SetDisplayName(SUCCEEDED(hrName) ? szFrendlyName : NULL);
}
}
// get guids
for (i=0; i<nCount; i++)
{
CClassRightInfo* pInfo = (*this)[i];
LPCWSTR lpszName = pInfo->GetName();
hr = pADSIObj->GetClassGuid(lpszName, FALSE, pInfo->m_schemaIDGUID);
if (SUCCEEDED(hr))
{
WCHAR szTest[128];
FormatStringGUID(szTest, 128, &(pInfo->m_schemaIDGUID));
TRACE(L"name = <%s>, guid = <%s>\n", lpszName, szTest);
}
else
{
TRACE(L"GetClassGuid(%s) failed hr = 0x%x\n", lpszName, hr);
return hr;
}
}
Sort();
return hr;
}
///////////////////////////////////////////////////////////////////////
// CAccessPermissionsHolderBase
CAccessPermissionsHolderBase::CAccessPermissionsHolderBase(BOOL bUseFilter)
{
m_bUseFilter = bUseFilter;
}
CAccessPermissionsHolderBase::~CAccessPermissionsHolderBase()
{
Clear();
}
void CAccessPermissionsHolderBase::Clear()
{
m_accessRightInfoArr.Clear();
m_controlRightInfoArr.Clear();
m_propertyRightInfoArray.Clear();
m_classRightInfoArray.Clear();
}
BOOL CAccessPermissionsHolderBase::HasPermissionSelected()
{
ULONG i,j;
// check access rigths
for (i = 0; i < m_accessRightInfoArr.GetCount(); i++)
{
if (m_accessRightInfoArr[i]->IsSelected())
return TRUE;
}
// check control rigths
for (i = 0; i < m_controlRightInfoArr.GetCount(); i++)
{
if (m_controlRightInfoArr[i]->IsSelected())
return TRUE;
}
// subobjects rigths
for (i = 0; i < m_classRightInfoArray.GetCount(); i++)
{
for (j=0; j< m_classRightInfoArray[i]->GetRightCount(); j++)
{
if ( m_classRightInfoArray[i]->IsRightSelected(j) )
return TRUE;
}
}
// property rights
for (i = 0; i < m_propertyRightInfoArray.GetCount(); i++)
{
for (j=0; j< m_propertyRightInfoArray[i]->GetRightCount(); j++)
{
if ( m_propertyRightInfoArray[i]->IsRightSelected(j) )
return TRUE;
}
}
return FALSE;
}
/*
typedef struct _ACTRL_CONTROL_INFOW
{
LPWSTR lpControlId;
LPWSTR lpControlName;
} ACTRL_CONTROL_INFOW, *PACTRL_CONTROL_INFOW;
typedef struct _ACTRL_ACCESS_INFOW
{
ULONG fAccessPermission;
LPWSTR lpAccessPermissionName;
} ACTRL_ACCESS_INFOW, *PACTRL_ACCESS_INFOW;
*/
HRESULT CAccessPermissionsHolderBase::ReadDataFromDS(CAdsiObject* pADSIObj,
LPCWSTR /*lpszObjectNamingContext*/,
LPCWSTR lpszClassName,
const GUID* pSchemaIDGUID,
BOOL bChildClass,
BOOL bHideListObject)
{
#if DBG
WCHAR szGUID[128];
FormatStringGUID(szGUID, 128, pSchemaIDGUID);
TRACE(L"CAccessPermissionsHolderBase::ReadDataFromDS(_, %s, %s)\n",
lpszClassName, szGUID);
#endif
Clear();
HRESULT hr = S_OK;
if (pSchemaIDGUID != NULL)
{
hr = m_controlRightInfoArr.InitFromDS(pADSIObj, pSchemaIDGUID);
TRACE(L"hr = m_controlRightInfoArr.InitFromDS(...) returned hr = 0x%x\n", hr);
if (FAILED(hr))
{
return hr;
}
}
hr = _ReadClassInfoFromDS(pADSIObj, lpszClassName);
if (FAILED(hr))
{
return hr;
}
hr = _LoadAccessRightInfoArrayFromTable(bChildClass,bHideListObject);
return hr;
}
HRESULT CAccessPermissionsHolderBase::_ReadClassInfoFromDS(CAdsiObject* pADSIObj,
LPCWSTR lpszClassName)
{
HRESULT hr = S_OK;
CComPtr<IADsClass> spSchemaObjectClass;
if (lpszClassName != NULL)
{
int nServerNameLen = lstrlen(pADSIObj->GetServerName());
int nClassNameLen = lstrlen(lpszClassName);
int nFormatStringLen = lstrlen(g_wzLDAPAbstractSchemaFormat);
// build the LDAP path for the schema class
WCHAR* pwszSchemaObjectPath =
(WCHAR*)alloca(sizeof(WCHAR)*(nServerNameLen+nClassNameLen+nFormatStringLen+1));
wsprintf(pwszSchemaObjectPath, g_wzLDAPAbstractSchemaFormat, pADSIObj->GetServerName(), lpszClassName);
// get the schema class ADSI object
hr = ::ADsOpenObjectHelper(pwszSchemaObjectPath,
IID_IADsClass, 0,(void**)&spSchemaObjectClass);
if (FAILED(hr))
return hr;
}
//TRACE(_T("\nObject Properties\n\n"));
hr = m_propertyRightInfoArray.InitFromSchema(pADSIObj, spSchemaObjectClass,lpszClassName, m_bUseFilter);
if (FAILED(hr))
return hr;
//TRACE(_T("\nObject contained classes\n\n"));
return m_classRightInfoArray.InitFromSchema(pADSIObj, spSchemaObjectClass, m_bUseFilter);
}
DWORD CAccessPermissionsHolderBase::UpdateAccessList( CPrincipal* pPrincipal,
CSchemaClassInfo* pClassInfo,
LPCWSTR /*lpszServerName*/,
LPCWSTR /*lpszPhysicalSchemaNamingContext*/,
PACL *ppAcl)
{
TRACE(L"CAccessPermissionsHolderBase::UpdateAccessList()\n");
const GUID* pClassGUID = NULL;
TRACE(L"User or Group Name: %s\n", pPrincipal->GetDisplayName());
BOOL bChildClass = TRUE;
if (pClassInfo != NULL)
{
pClassGUID = pClassInfo->GetSchemaGUID();
bChildClass = (pClassInfo->m_dwChildClass != CHILD_CLASS_NOT_EXIST );
}
return _UpdateAccessListHelper(pPrincipal->GetSid(), pClassGUID, ppAcl,bChildClass);
}
DWORD CAccessPermissionsHolderBase::_UpdateAccessListHelper(PSID pSid,
const GUID* pClassGUID,
PACL *ppAcl,
BOOL bChildClass)
{
TRACE(L"CAccessPermissionsHolderBase::_UpdateAccessListHelper()\n");
ASSERT(pSid != NULL);
ULONG AccessAllClass = 0;
ULONG AccessAllProperty = 0;
DWORD dwErr = 0;
// set common variables
ULONG uAccess = 0; // to be set and reset as see fit
if (m_accessRightInfoArr[0]->IsSelected()) // full control
{
uAccess = _WIZ_FULL_CTRL;
dwErr = ::AddObjectRightInAcl(pSid, uAccess, NULL, pClassGUID, ppAcl);
if (dwErr != ERROR_SUCCESS)
goto exit;
}
else
{
// add an entry for all the standard access permissions:
// OR all the selected permissions together
uAccess = 0;
UINT nSel = 0;
for (UINT k=0; k < m_accessRightInfoArr.GetCount(); k++)
{
if (m_accessRightInfoArr[k]->IsSelected())
{
nSel++;
uAccess |= m_accessRightInfoArr[k]->GetAccess();
}
} // for
if( !bChildClass )
uAccess &= (~(ACTRL_DS_CREATE_CHILD|ACTRL_DS_DELETE_CHILD));
if (nSel > 0)
{
// keep track of "All" flags
if (uAccess & ACTRL_DS_READ_PROP)
AccessAllProperty |= ACTRL_DS_READ_PROP;
if (uAccess & ACTRL_DS_WRITE_PROP)
AccessAllProperty |= ACTRL_DS_WRITE_PROP;
if (uAccess & ACTRL_DS_CREATE_CHILD)
AccessAllClass |= ACTRL_DS_CREATE_CHILD;
if (uAccess & ACTRL_DS_DELETE_CHILD)
AccessAllClass |= ACTRL_DS_DELETE_CHILD;
dwErr = ::AddObjectRightInAcl(pSid, uAccess, NULL, pClassGUID, ppAcl);
if (dwErr != ERROR_SUCCESS)
goto exit;
}
// add an entry for each of the control rights
for (k=0; k < m_controlRightInfoArr.GetCount(); k++)
{
if (m_controlRightInfoArr[k]->IsSelected())
{
uAccess = m_controlRightInfoArr[k]->GetAccess();
dwErr = ::AddObjectRightInAcl(pSid, uAccess,
m_controlRightInfoArr[k]->GetRightsGUID(),
pClassGUID,
ppAcl);
if (dwErr != ERROR_SUCCESS)
goto exit;
}
} // for
// add an entry for each of the subobjects rigths
for (ULONG iClass = 0; iClass < m_classRightInfoArray.GetCount(); iClass++)
{
ULONG Access = m_classRightInfoArray[iClass]->GetAccess();
if (Access != 0)
{
if (iClass > 0)
{
ULONG nRightCount = m_classRightInfoArray[iClass]->GetRightCount();
for (ULONG iCurrRight=0; iCurrRight<nRightCount; iCurrRight++)
{
// the first entry is the Create/Delete All, no need for other permissions,
ULONG currAccess = m_classRightInfoArray[iClass]->GetRight(iCurrRight);
if (currAccess & AccessAllClass)
{
// right already present, strip out
Access &= ~currAccess;
}
} // for
}
if (Access != 0)
{
uAccess = Access;
dwErr = ::AddObjectRightInAcl(pSid, uAccess,
m_classRightInfoArray[iClass]->GetSchemaGUID(),
pClassGUID,
ppAcl);
if (dwErr != ERROR_SUCCESS)
goto exit;
}
}
} // for
// add an entry for each property right to set
for (ULONG iProperty=0; iProperty < m_propertyRightInfoArray.GetCount(); iProperty++)
{
ULONG Access = m_propertyRightInfoArray[iProperty]->GetAccess();
if (Access != 0)
{
if (iProperty > 0)
{
ULONG nRightCount = m_propertyRightInfoArray[iProperty]->GetRightCount();
for (ULONG iCurrRight=0; iCurrRight<nRightCount; iCurrRight++)
{
// the first entry is the Create/Delete All, no need for other permissions,
ULONG currAccess = m_propertyRightInfoArray[iProperty]->GetRight(iCurrRight);
if (currAccess & AccessAllProperty)
{
// right already present, strip out
Access &= ~currAccess;
}
} // for
}
if (Access != 0)
{
uAccess = Access;
dwErr = ::AddObjectRightInAcl(pSid, uAccess,
m_propertyRightInfoArray[iProperty]->GetSchemaGUID(),
pClassGUID,
ppAcl);
if (dwErr != ERROR_SUCCESS)
goto exit;
}
}
}
} // if
exit:
return dwErr;
}
///////////////////////////////////////////////////////////////////////
// CCustomAccessPermissionsHolder
CCustomAccessPermissionsHolder::CCustomAccessPermissionsHolder()
: CAccessPermissionsHolderBase(TRUE)
{
}
CCustomAccessPermissionsHolder::~CCustomAccessPermissionsHolder()
{
Clear();
}
void CCustomAccessPermissionsHolder::Clear()
{
CAccessPermissionsHolderBase::Clear();
m_listViewItemArr.Clear();
}
struct CAccessRightTableEntry
{
UINT m_nStringID;
ULONG m_fAccess;
};
#define _WIZ_READ \
(READ_CONTROL | ACTRL_DS_LIST | ACTRL_DS_READ_PROP | ACTRL_DS_LIST_OBJECT)
#define _WIZ_WRITE \
(ACTRL_DS_SELF | ACTRL_DS_WRITE_PROP)
HRESULT CCustomAccessPermissionsHolder::_LoadAccessRightInfoArrayFromTable(BOOL bCreateDeleteChild,BOOL bHideListObject)
{
static CAccessRightTableEntry _pTable[] =
{
{ IDS_DELEGWIZ_ACTRL_FULL, _WIZ_FULL_CTRL },
{ IDS_DELEGWIZ_ACTRL_READ, _WIZ_READ },
{ IDS_DELEGWIZ_ACTRL_WRITE, _WIZ_WRITE },
/*
{ IDS_DELEGWIZ_ACTRL_SYSTEM_ACCESS, ACCESS_SYSTEM_SECURITY },
{ IDS_DELEGWIZ_ACTRL_DELETE, DELETE },
{ IDS_DELEGWIZ_ACTRL_READ_CONTROL, READ_CONTROL },
{ IDS_DELEGWIZ_ACTRL_CHANGE_ACCESS, WRITE_DAC },
{ IDS_DELEGWIZ_ACTRL_CHANGE_OWNER, WRITE_OWNER },
*/
{ IDS_DELEGWIZ_ACTRL_DS_CREATE_CHILD, ACTRL_DS_CREATE_CHILD },
{ IDS_DELEGWIZ_ACTRL_DS_DELETE_CHILD, ACTRL_DS_DELETE_CHILD },
/*
{ IDS_DELEGWIZ_ACTRL_DS_LIST, ACTRL_DS_LIST },
{ IDS_DELEGWIZ_ACTRL_DS_SELF, ACTRL_DS_SELF },
*/
{ IDS_DELEGWIZ_ACTRL_DS_READ_PROP, ACTRL_DS_READ_PROP },
{ IDS_DELEGWIZ_ACTRL_DS_WRITE_PROP, ACTRL_DS_WRITE_PROP },
/*
{ IDS_DELEGWIZ_ACTRL_DS_DELETE_TREE, ACTRL_DS_DELETE_TREE },
{ IDS_DELEGWIZ_ACTRL_DS_LIST_OBJECT, ACTRL_DS_LIST_OBJECT },
{ IDS_DELEGWIZ_ACTRL_DS_CONTROL_ACCESS, ACTRL_DS_CONTROL_ACCESS },
*/
{0, 0x0 } // end of table marker
};
if(bHideListObject)
{
_pTable[0].m_fAccess &= ~ACTRL_DS_LIST_OBJECT;
_pTable[1].m_fAccess &= ~ACTRL_DS_LIST_OBJECT;
}
TRACE(L"\nCCustomAccessPermissionsHolder::_LoadAccessRightInfoArrayFromTable()\n\n");
for(CAccessRightTableEntry* pCurrEntry = (CAccessRightTableEntry*)_pTable;
pCurrEntry->m_nStringID != NULL; pCurrEntry++)
{
if( !bCreateDeleteChild && (
(pCurrEntry->m_fAccess == ACTRL_DS_CREATE_CHILD) ||
(pCurrEntry->m_fAccess == ACTRL_DS_DELETE_CHILD ) ) )
continue;
CAccessRightInfo* pInfo = new CAccessRightInfo();
if( !pInfo )
return HRESULT_FROM_WIN32( ERROR_NOT_ENOUGH_MEMORY );
if (!pInfo->m_szDisplayName.LoadFromResource(pCurrEntry->m_nStringID))
{
delete pInfo;
continue;
}
pInfo->m_fAccess = pCurrEntry->m_fAccess;
TRACE(L"Display Name = <%s>, Access = 0x%x\n",
pInfo->m_szDisplayName.c_str(), pInfo->m_fAccess);
m_accessRightInfoArr.Add(pInfo);
}
TRACE(L"\nCCustomAccessPermissionsHolder::_LoadAccessRightInfoArrayFromTable() exiting\n\n");
return S_OK;
}
void CCustomAccessPermissionsHolder::_SelectAllRigths()
{
ULONG i,j;
// select all access rigths
for (i = 0; i < m_accessRightInfoArr.GetCount(); i++)
{
m_accessRightInfoArr[i]->Select(TRUE);
}
// select all control rights rigths
for (i = 0; i < m_controlRightInfoArr.GetCount(); i++)
{
m_controlRightInfoArr[i]->Select(TRUE);
}
// select all subobjects rigths
for (i = 0; i < m_classRightInfoArray.GetCount(); i++)
{
for (j=0; j< m_classRightInfoArray[i]->GetRightCount(); j++)
{
m_classRightInfoArray[i]->SetRight(j, TRUE);
}
}
// select all property rights
for (i = 0; i < m_propertyRightInfoArray.GetCount(); i++)
{
for (j=0; j< m_propertyRightInfoArray[i]->GetRightCount(); j++)
{
m_propertyRightInfoArray[i]->SetRight(j, TRUE);
}
}
}
void CCustomAccessPermissionsHolder::_SelectAllPropertyRigths(ULONG fAccessPermission)
{
for (UINT i=0; i<m_propertyRightInfoArray.GetCount(); i++)
{
m_propertyRightInfoArray[i]->AddAccessRight(fAccessPermission);
}
}
void CCustomAccessPermissionsHolder::_SelectAllSubObjectRigths(ULONG fAccessPermission)
{
for (UINT i=0; i<m_classRightInfoArray.GetCount(); i++)
{
m_classRightInfoArray[i]->AddAccessRight(fAccessPermission);
}
}
void CCustomAccessPermissionsHolder::_DeselectAssociatedRights(ULONG fAccessPermission)
{
// deselect full control first
m_accessRightInfoArr[0]->Select(FALSE);
if (fAccessPermission != 0)
{
// deselect any other basic right that contains the flag
UINT nCount = (ULONG) m_accessRightInfoArr.GetCount();
for (ULONG iAccess=0; iAccess<nCount; iAccess++)
{
if (m_accessRightInfoArr[iAccess]->GetAccess() & fAccessPermission)
m_accessRightInfoArr[iAccess]->Select(FALSE);
}
}
}
void CCustomAccessPermissionsHolder::Select(IN CRigthsListViewItem* pItem,
IN BOOL bSelect,
OUT ULONG* pnNewFilterState)
{
ASSERT(pItem != NULL);
*pnNewFilterState = 0;
switch (pItem->m_type)
{
case CRigthsListViewItem::access: // access rights
case CRigthsListViewItem::ctrl: // general rights
{
// make the change to the entry that was passed in as argument
if (pItem->m_type == CRigthsListViewItem::access)
{
m_accessRightInfoArr[pItem->m_iIndex]->Select(bSelect);
}
else
{
m_controlRightInfoArr[pItem->m_iIndex]->Select(bSelect);
}
// now see if this triggers changes to the other entries
if (bSelect)
{
if (pItem->m_type == CRigthsListViewItem::access)
{
if (pItem->m_iIndex == 0)
{
// the user checked full control, need to select all the rigths
_SelectAllRigths();
// set flags to mark which set of flags is affected
*pnNewFilterState |= FILTER_EXP_GEN;
if (m_propertyRightInfoArray.GetCount() > 0)
*pnNewFilterState |= FILTER_EXP_PROP;
if (m_classRightInfoArray.GetCount() > 0)
*pnNewFilterState |= FILTER_EXP_SUBOBJ;
}
else
{
// check if the user selected some read/write all or create/delete all right
UINT iAccess = pItem->m_iIndex;
ULONG fAccessPermission = m_accessRightInfoArr[iAccess]->GetAccess();
if ((fAccessPermission == _WIZ_READ) || (fAccessPermission == _WIZ_WRITE) )
{
// need to select all the Read or Write Properties entried
// and the ACTRL_DS_READ_PROP ACTRL_DS_WRITE_PROP (Read All/Write All)
// select all access rigths
UINT nAssociatedAccessRight =
(fAccessPermission == _WIZ_READ) ? ACTRL_DS_READ_PROP : ACTRL_DS_WRITE_PROP;
for (UINT i = 0; i < m_accessRightInfoArr.GetCount(); i++)
{
if (m_accessRightInfoArr[i]->GetAccess() == nAssociatedAccessRight)
{
m_accessRightInfoArr[i]->Select(TRUE);
_SelectAllPropertyRigths(nAssociatedAccessRight);
if (m_propertyRightInfoArray.GetCount() > 0)
*pnNewFilterState |= FILTER_EXP_PROP;
break;
}
}
}
if ( (fAccessPermission == ACTRL_DS_CREATE_CHILD) || (fAccessPermission == ACTRL_DS_DELETE_CHILD) )
{
// need to select all the Create or Delete Child entries, if present
_SelectAllSubObjectRigths(fAccessPermission);
// set the flags
if (m_classRightInfoArray.GetCount() > 0)
*pnNewFilterState |= FILTER_EXP_SUBOBJ;
}
else if ( (fAccessPermission == ACTRL_DS_READ_PROP) || (fAccessPermission == ACTRL_DS_WRITE_PROP) )
{
// need to select all the Read or Write Property entries, if present
_SelectAllPropertyRigths(fAccessPermission);
// set the flags
if (m_propertyRightInfoArray.GetCount() > 0)
*pnNewFilterState |= FILTER_EXP_PROP;
} // if
} // if index zero
} // if type is access
}
else // i.e. !bSelect
{
if (pItem->m_type == CRigthsListViewItem::access)
{
if (pItem->m_iIndex != 0)
{
// deselection on anything but full control
_DeselectAssociatedRights(m_accessRightInfoArr[pItem->m_iIndex]->GetAccess());
}
}
else if (pItem->m_type == CRigthsListViewItem::ctrl)
{
_DeselectAssociatedRights(m_controlRightInfoArr[pItem->m_iIndex]->GetAccess());
}
/*
// deselection on anything but full control
if ( !((pItem->m_iIndex == 0) && (pItem->m_type == CRigthsListViewItem::access)) )
{
_DeselectAssociatedRights(0);
}
*/
}
}
break;
case CRigthsListViewItem::prop: // property rights
{
ASSERT(pItem->m_iIndex < m_propertyRightInfoArray.GetCount());
m_propertyRightInfoArray[pItem->m_iIndex]->SetRight(pItem->m_iRight, bSelect);
if (!bSelect)
{
// unchecking any Read/Write property, will unckeck the Read/Write All,
// Read and full control
_DeselectAssociatedRights(m_propertyRightInfoArray[pItem->m_iIndex]->GetRight(pItem->m_iRight));
}
}
break;
case CRigthsListViewItem::subobj: // subobject rigths
{
ASSERT(pItem->m_iIndex < m_classRightInfoArray.GetCount());
m_classRightInfoArray[pItem->m_iIndex]->SetRight(pItem->m_iRight, bSelect);
if (!bSelect)
{
// unchecking any Create/Delete property, will unckeck the Create/Delete All
// and full control
_DeselectAssociatedRights(m_classRightInfoArray[pItem->m_iIndex]->GetRight(pItem->m_iRight));
}
}
break;
default:
ASSERT(FALSE);
};
}
void CCustomAccessPermissionsHolder::FillAccessRightsListView(
CCheckListViewHelper* pListViewHelper,
ULONG nFilterState)
{
// clear the array of list view item proxies
m_listViewItemArr.Clear();
// enumerate the permissions and add to the checklist
ULONG i,j;
ULONG iListViewItem = 0;
// GENERAL RIGTHS
if (nFilterState & FILTER_EXP_GEN)
{
// add the list of access rights
UINT nAccessCount = (ULONG) m_accessRightInfoArr.GetCount();
for (i = 0; i < nAccessCount; i++)
{
// filter out entries with ACTRL_SYSTEM_ACCESS (auditing rigths)
if ( (m_accessRightInfoArr[i]->GetAccess() & ACTRL_SYSTEM_ACCESS) == 0)
{
CRigthsListViewItem* p = new CRigthsListViewItem(i, // index in m_accessRightInfoArr
0, // iRight
CRigthsListViewItem::access);
m_listViewItemArr.Add(p);
pListViewHelper->InsertItem(iListViewItem,
m_accessRightInfoArr[i]->GetDisplayName(),
(LPARAM)p,
m_accessRightInfoArr[i]->IsSelected());
iListViewItem++;
}
}
// add the list of control rights
UINT nControlCount = (ULONG) m_controlRightInfoArr.GetCount();
for (i = 0; i < nControlCount; i++)
{
CRigthsListViewItem* p = new CRigthsListViewItem(i, // index in m_controlRightInfoArr
0, // iRight
CRigthsListViewItem::ctrl);
m_listViewItemArr.Add(p);
pListViewHelper->InsertItem(iListViewItem,
m_controlRightInfoArr[i]->GetDisplayName(),
(LPARAM)p,
m_controlRightInfoArr[i]->IsSelected());
iListViewItem++;
}
}
// PROPERTY RIGTHS
if (nFilterState & FILTER_EXP_PROP)
{
// it expands (2x)
for (i = 0; i < (ULONG) m_propertyRightInfoArray.GetCount(); i++)
{
for (j=0; j< m_propertyRightInfoArray[i]->GetRightCount(); j++)
{
LPCWSTR pszRightDisplayName = m_propertyRightInfoArray[i]->GetRightDisplayString(j);
if(pszRightDisplayName)
{
CRigthsListViewItem* p = new CRigthsListViewItem(i,j, CRigthsListViewItem::prop);
m_listViewItemArr.Add(p);
pListViewHelper->InsertItem(iListViewItem,
pszRightDisplayName,
(LPARAM)p,
m_propertyRightInfoArray[i]->IsRightSelected(j));
iListViewItem++;
}
}
}
}
// SUBOBJECT RIGTHS
if (nFilterState & FILTER_EXP_SUBOBJ)
{
// it expands (2x)
for (i = 0; i < m_classRightInfoArray.GetCount(); i++)
{
for (j=0; j< m_classRightInfoArray[i]->GetRightCount(); j++)
{
LPCWSTR pszRightDisplayName = m_classRightInfoArray[i]->GetRightDisplayString(j);
if(pszRightDisplayName)
{
CRigthsListViewItem* p = new CRigthsListViewItem(i,j, CRigthsListViewItem::subobj);
m_listViewItemArr.Add(p);
pListViewHelper->InsertItem(iListViewItem,
pszRightDisplayName,
(LPARAM)p,
m_classRightInfoArray[i]->IsRightSelected(j));
iListViewItem++;
}
}
}
} // if
ASSERT(iListViewItem == m_listViewItemArr.GetCount());
}
void CCustomAccessPermissionsHolder::UpdateAccessRightsListViewSelection(
CCheckListViewHelper* pListViewHelper,
ULONG /*nFilterState*/)
{
// syncrhonize the UI with the data
int nListViewCount = pListViewHelper->GetItemCount();
for (int iListViewItem=0; iListViewItem < nListViewCount; iListViewItem++)
{
CRigthsListViewItem* pCurrItem =
(CRigthsListViewItem*)pListViewHelper->GetItemData(iListViewItem);
switch (pCurrItem->m_type)
{
case CRigthsListViewItem::access:
{
pListViewHelper->SetItemCheck(iListViewItem,
m_accessRightInfoArr[pCurrItem->m_iIndex]->IsSelected());
}
break;
case CRigthsListViewItem::ctrl:
{
pListViewHelper->SetItemCheck(iListViewItem,
m_controlRightInfoArr[pCurrItem->m_iIndex]->IsSelected());
}
break;
case CRigthsListViewItem::prop:
{
pListViewHelper->SetItemCheck(iListViewItem,
m_propertyRightInfoArray[pCurrItem->m_iIndex]->IsRightSelected(pCurrItem->m_iRight));
}
break;
case CRigthsListViewItem::subobj:
{
pListViewHelper->SetItemCheck(iListViewItem,
m_classRightInfoArray[pCurrItem->m_iIndex]->IsRightSelected(pCurrItem->m_iRight));
}
break;
} // switch
} // for
}
void CCustomAccessPermissionsHolder::WriteSummary(CWString& szSummary, LPCWSTR lpszIdent, LPCWSTR lpszNewLine)
{
WriteSummaryTitleLine(szSummary, IDS_DELEGWIZ_FINISH_PERMISSIONS, lpszNewLine);
if (m_accessRightInfoArr[0]->IsSelected()) // full control
{
WriteSummaryLine(szSummary, m_accessRightInfoArr[0]->GetDisplayName(), lpszIdent, lpszNewLine);
}
else
{
ULONG AccessAllClass = 0;
ULONG AccessAllProperty = 0;
UINT i,j,k;
// add an entry for all the standard access permissions:
for (k=0; k < m_accessRightInfoArr.GetCount(); k++)
{
if (m_accessRightInfoArr[k]->IsSelected())
{
// keep track of "All" flags
if (m_accessRightInfoArr[k]->GetAccess() & ACTRL_DS_READ_PROP)
AccessAllProperty |= ACTRL_DS_READ_PROP;
if (m_accessRightInfoArr[k]->GetAccess() & ACTRL_DS_WRITE_PROP)
AccessAllProperty |= ACTRL_DS_WRITE_PROP;
if (m_accessRightInfoArr[k]->GetAccess() & ACTRL_DS_CREATE_CHILD)
AccessAllClass |= ACTRL_DS_CREATE_CHILD;
if (m_accessRightInfoArr[k]->GetAccess() & ACTRL_DS_DELETE_CHILD)
AccessAllClass |= ACTRL_DS_DELETE_CHILD;
WriteSummaryLine(szSummary, m_accessRightInfoArr[k]->GetDisplayName(), lpszIdent, lpszNewLine);
}
} // for
// add an entry for each of the control rights
for (k=0; k < m_controlRightInfoArr.GetCount(); k++)
{
if (m_controlRightInfoArr[k]->IsSelected())
{
WriteSummaryLine(szSummary, m_controlRightInfoArr[k]->GetDisplayName(), lpszIdent, lpszNewLine);
}
} // for
// add an entry for each of the subobjects rigths
for (i = 0; i < m_classRightInfoArray.GetCount(); i++)
{
for (j=0; j< m_classRightInfoArray[i]->GetRightCount(); j++)
{
if ( m_classRightInfoArray[i]->IsRightSelected(j) &&
((AccessAllClass & m_classRightInfoArray[i]->GetRight(j)) == 0) )
{
LPCWSTR pszRightDisplayString = m_classRightInfoArray[i]->GetRightDisplayString(j);
if(pszRightDisplayString)
{
WriteSummaryLine(szSummary, pszRightDisplayString, lpszIdent, lpszNewLine);
}
}
}
}
// add an entry for each property right to set
for (i = 0; i < m_propertyRightInfoArray.GetCount(); i++)
{
for (j=0; j< m_propertyRightInfoArray[i]->GetRightCount(); j++)
{
if ( m_propertyRightInfoArray[i]->IsRightSelected(j) &&
((AccessAllProperty & m_propertyRightInfoArray[0]->GetRight(j)) == 0) )
{
LPCWSTR pszRightDisplayString = m_propertyRightInfoArray[i]->GetRightDisplayString(j);
if(pszRightDisplayString)
{
WriteSummaryLine(szSummary, pszRightDisplayString, lpszIdent, lpszNewLine);
}
}
}
}
} // if
szSummary += lpszNewLine;
}
///////////////////////////////////////////////////////////////////////
// CCheckListViewHelper
#define CHECK_BIT(x) ((x >> 12) -1)
#define CHECK_CHANGED(pNMListView) \
(CHECK_BIT(pNMListView->uNewState) ^ CHECK_BIT(pNMListView->uOldState))
#define LVIS_STATEIMAGEMASK_CHECK (0x2000)
#define LVIS_STATEIMAGEMASK_UNCHECK (0x1000)
BOOL CCheckListViewHelper::IsChecked(NM_LISTVIEW* pNMListView)
{
return (CHECK_BIT(pNMListView->uNewState) != 0);
}
BOOL CCheckListViewHelper::CheckChanged(NM_LISTVIEW* pNMListView)
{
if (pNMListView->uOldState == 0)
return FALSE; // adding new items...
return CHECK_CHANGED(pNMListView) ? TRUE : FALSE;
}
BOOL CCheckListViewHelper::Initialize(UINT nID, HWND hParent)
{
m_hWnd = GetDlgItem(hParent, nID);
if (m_hWnd == NULL)
return FALSE;
ListView_SetExtendedListViewStyle(m_hWnd, LVS_EX_CHECKBOXES);
RECT r;
::GetClientRect(m_hWnd, &r);
int scroll = ::GetSystemMetrics(SM_CXVSCROLL);
LV_COLUMN col;
ZeroMemory(&col, sizeof(LV_COLUMN));
col.mask = LVCF_WIDTH;
col.cx = (r.right - r.left) - scroll;
return (0 == ListView_InsertColumn(m_hWnd,0,&col));
}
int CCheckListViewHelper::InsertItem(int iItem, LPCTSTR lpszText, LPARAM lParam, BOOL bCheck)
{
TRACE(_T("CCheckListViewHelper::InsertItem(%d,%s,%x)\n"),iItem, lpszText, lParam);
LV_ITEM item;
ZeroMemory(&item, sizeof(LV_ITEM));
item.mask = LVIF_TEXT | LVIF_PARAM;
item.pszText = (LPTSTR)lpszText;
item.lParam = lParam;
item.iItem = iItem;
int iRes = ListView_InsertItem(m_hWnd, &item);
if ((iRes != -1) && bCheck)
SetItemCheck(iItem, TRUE);
return iRes;
}
BOOL CCheckListViewHelper::SetItemCheck(int iItem, BOOL bCheck)
{
LV_ITEM item;
ZeroMemory(&item, sizeof(LV_ITEM));
item.mask = LVIF_STATE;
item.state = bCheck ? LVIS_STATEIMAGEMASK_CHECK : LVIS_STATEIMAGEMASK_UNCHECK;
item.stateMask = LVIS_STATEIMAGEMASK;
item.iItem = iItem;
return ListView_SetItem(m_hWnd, &item);
}
void CCheckListViewHelper::SetCheckAll(BOOL bCheck)
{
LV_ITEM item;
ZeroMemory(&item, sizeof(LV_ITEM));
item.mask = LVIF_STATE;
item.state = bCheck ? LVIS_STATEIMAGEMASK_CHECK : LVIS_STATEIMAGEMASK_UNCHECK;
item.stateMask = LVIS_STATEIMAGEMASK;
int nCount = ListView_GetItemCount(m_hWnd);
for (int k = 0; k< nCount; k++)
{
item.iItem = k;
ListView_SetItem(m_hWnd, &item);
}
}
LPARAM CCheckListViewHelper::GetItemData(int iItem)
{
LV_ITEM item;
ZeroMemory(&item, sizeof(LV_ITEM));
item.mask = LVIF_PARAM;
item.iItem = iItem;
ListView_GetItem(m_hWnd, &item);
return item.lParam;
}
int CCheckListViewHelper::GetCheckCount()
{
int nCount = GetItemCount();
int nCheckCount = 0;
for (int k=0; k<nCount; k++)
{
if (ListView_GetCheckState(m_hWnd,k))
nCheckCount++;
}
return nCheckCount;
}
BOOL CCheckListViewHelper::IsItemChecked(int iItem)
{
return ListView_GetCheckState(m_hWnd, iItem);
}
void CCheckListViewHelper::GetCheckedItems(int nCheckCount, int* nCheckArray)
{
int nCount = GetItemCount();
int nCurrentCheck = 0;
for (int k=0; k<nCount; k++)
{
if (ListView_GetCheckState(m_hWnd,k) && nCurrentCheck < nCheckCount)
{
nCheckArray[nCurrentCheck++] = k;
}
}
}
////////////////////////////////////////////////////////////////////////////
// CNamedSecurityInfo
/*
DWORD CNamedSecurityInfo::Get()
{
Reset(); // clear previous data
LPWSTR lpProvider = NULL; // not used
LPWSTR lpProperty = NULL; // want all
return ::GetNamedSecurityInfoEx(IN (LPWSTR) m_szObjectName.data(),
IN SE_DS_OBJECT_ALL,
IN DACL_SECURITY_INFORMATION,
IN lpProvider,
IN lpProperty,
OUT &m_pAccessList,
OUT &m_pAuditList,
OUT &m_pOwner,
OUT &m_pGroup);
}
DWORD CNamedSecurityInfo::Set()
{
LPWSTR lpProvider = NULL; // not used
dwErr = ::SetNamedSecurityInfoEx(IN (LPWSTR) m_szObjectName.data(),
IN SE_DS_OBJECT_ALL,
IN DACL_SECURITY_INFORMATION,
IN lpProvider,
IN m_pAccessList,
IN m_pAuditList,
IN m_pOwner,
IN m_pGroup,
IN NULL); // PACTRL_OVERLAPPED pOverlapped;
}
CNamedSecurityInfo::Reset()
{
if (m_pAuditList != NULL)
::LocalFree(m_pAuditList);
if (m_pOwner != NULL)
::LocalFree(m_pOwner);
if (m_pGroup != NULL)
::LocalFree(m_pGroup);
if (m_pAccessList != NULL)
::LocalFree(m_pAccessList);
}
*/
////////////////////////////////////////////////////////////////////////////
// CAdsiObject
HRESULT CAdsiObject::Bind(LPCWSTR lpszLdapPath)
{
_Clear();
CComBSTR bstrNamingContext;
CComBSTR bstrClass;
// try to bind to the given LDAP path
HRESULT hr = ::ADsOpenObjectHelper(lpszLdapPath,
IID_IADs,
0,
(void **)&m_spIADs);
if (FAILED(hr))
{
TRACE(_T("Bind to DS object for IADs failed: %lx.\n"), hr);
goto error;
}
// get the DNS server name
hr = _QueryDNSServerName();
if (FAILED(hr))
{
TRACE(_T("Trying to get the DNS server name failed: %lx.\n"), hr);
goto error;
}
hr = _InitGlobalNamingContexts();
if (FAILED(hr))
{
TRACE(_T("Trying to get the physical schema naming context failed: %lx.\n"), hr);
goto error;
}
// need now to rebuild the LDAP path
// to make sure we talk always to the same server
hr = GetPathNameObject()->SkipPrefix(lpszLdapPath, &bstrNamingContext);
if (FAILED(hr))
{
TRACE(_T("Trying to get X500 name failed: %lx.\n"), hr);
goto error;
}
if ( (!bstrNamingContext ) || (!bstrNamingContext[0]))
{
goto error;
}
m_szNamingContext = bstrNamingContext;
BuildLdapPathHelper(GetServerName(), bstrNamingContext, m_szLdapPath);
// get the canonical name
hr = GetCanonicalNameFromNamingContext(bstrNamingContext, m_szCanonicalName);
if (FAILED(hr))
{
TRACE(_T("Trying to get canonical name failed, using naming context instead: %lx.\n"), hr);
m_szCanonicalName = bstrNamingContext;
}
// get the object class
hr = m_spIADs->get_Class(&bstrClass);
if (FAILED(hr))
{
TRACE(_T("Trying to get class name failed: %lx.\n"), hr);
goto error;
}
ASSERT(bstrClass != NULL);
m_szClass = bstrClass;
// load and set the display specifier cache
hr = ::CoCreateInstance(CLSID_DsDisplaySpecifier,
NULL,
CLSCTX_INPROC_SERVER,
IID_IDsDisplaySpecifier,
(void**)&m_spIDsDisplaySpecifier);
if (FAILED(hr))
{
TRACE(_T("Trying to get the display specifier cache failed: %lx.\n"), hr);
goto error;
}
hr = m_spIDsDisplaySpecifier->SetServer(GetServerName(), NULL, NULL, 0x0);
if (FAILED(hr))
{
TRACE(_T("m_spIDsDisplaySpecifier->SetServer(%s) failed\n"), GetServerName());
goto error;
}
ASSERT(SUCCEEDED(hr)); // all went fine
return hr;
error:
// on error condition, just reset the info, we do not
// want a partially constructed object
_Clear();
return hr;
}
#define DO_TIMING
HRESULT CAdsiObject::QuerySchemaClasses(CGrowableArr<CSchemaClassInfo>* pSchemaClassesInfoArray,
BOOL bGetAttributes)
{
TRACE(L"\n==================================================\n");
TRACE(L"CAdsiObject::QuerySchemaClasses\n\n");
#if defined (DO_TIMING)
DWORD dwTick1 = ::GetTickCount();
#endif
// make sure we are bound
if (m_spIADs == NULL)
{
return E_INVALIDARG;
}
// cleanup current entries in the list
pSchemaClassesInfoArray->Clear();
// build the LDAP path for the schema class
CWString szPhysicalSchemaPath;
LPCWSTR lpszPhysicalSchemaNamingContext = GetPhysicalSchemaNamingContext();
BuildLdapPathHelper(GetServerName(), lpszPhysicalSchemaNamingContext, szPhysicalSchemaPath);
CAdsiSearch search;
HRESULT hr = search.Init(szPhysicalSchemaPath);
if (FAILED(hr))
return hr;
static LPCWSTR lpszClassFilterFormat = L"(&(objectCategory=CN=Class-Schema,%s)(lDAPDisplayName=*))";
static LPCWSTR lpszAttributeFilterFormat = L"(&(objectCategory=CN=Attribute-Schema,%s)(lDAPDisplayName=*))";
LPCWSTR lpszFilterFormat = bGetAttributes ? lpszAttributeFilterFormat : lpszClassFilterFormat;
int nFmtLen = lstrlen(lpszFilterFormat);
int nSchemaContextLen = lstrlen(lpszPhysicalSchemaNamingContext);
WCHAR* lpszFilter = (WCHAR*)alloca(sizeof(WCHAR)*(nFmtLen+nSchemaContextLen+1));
wsprintf(lpszFilter, lpszFilterFormat, lpszPhysicalSchemaNamingContext);
static const int cAttrs = 4;
static LPCWSTR pszAttribsArr[cAttrs] =
{
L"lDAPDisplayName", // e.g. "organizationalUnit"
L"name", // e.g. "Organizational-Unit"
L"schemaIDGUID",
L"objectClassCategory",
};
hr = search.SetSearchScope(ADS_SCOPE_ONELEVEL);
if (FAILED(hr))
return hr;
hr = search.DoQuery(lpszFilter, pszAttribsArr, cAttrs);
if (FAILED(hr))
return hr;
CWString szLDAPName, szName;
szLDAPName = L"";
szName = L"";
GUID schemaIDGUID;
ULONG iObjectClassCategory=0;
while ((hr = search.GetNextRow()) != S_ADS_NOMORE_ROWS)
{
if (FAILED(hr))
continue;
HRESULT hr0 = search.GetColumnString(pszAttribsArr[0], szLDAPName);
HRESULT hr1 = search.GetColumnString(pszAttribsArr[1], szName);
HRESULT hr2 = search.GetColumnOctectStringGUID(pszAttribsArr[2], schemaIDGUID);
HRESULT hr3 = search.GetColumnInteger(pszAttribsArr[3], iObjectClassCategory);
if (FAILED(hr0) || FAILED(hr1) || FAILED(hr2) || FAILED(hr3))
continue;
ULONG fFilterFlags = ::GetClassFlags(szLDAPName);
CSchemaClassInfo* p = new CSchemaClassInfo(szLDAPName, szName, &schemaIDGUID);
if(!p)
return E_OUTOFMEMORY;
BOOL bFilter = (fFilterFlags & IDC_CLASS_NO);
if (bFilter)
p->SetFiltered();
//is class Auxiallary
if(iObjectClassCategory == 3)
p->SetAux();
pSchemaClassesInfoArray->Add(p);
//TRACE(L"Class %s inserted, IsFiltered() == %d\n", (LPCWSTR)szName, p->IsFiltered());
} // while
TRACE(L"\n================================================\n");
#if defined (DO_TIMING)
DWORD dwTick2 = ::GetTickCount();
TRACE(L"Time to do Schema Query loop (mSec) = %d\n", dwTick2-dwTick1);
#endif
_GetFriendlyClassNames(pSchemaClassesInfoArray);
#if defined (DO_TIMING)
dwTick2 = ::GetTickCount();
#endif
pSchemaClassesInfoArray->Sort(); // wrt friendly class name
#if defined (DO_TIMING)
DWORD dwTick3 = ::GetTickCount();
TRACE(L"Time to sort (mSec) = %d\n", dwTick3-dwTick2);
#endif
TRACE(L"exiting CAdsiObject::QuerySchemaClasses()\n\n");
return hr;
}
HRESULT CAdsiObject::GetClassGuid(LPCWSTR lpszClassLdapDisplayName, BOOL bGetAttribute, GUID& guid)
{
//TRACE(L"CAdsiObject::GetClassGuid(%s, _)\n\n", lpszClassLdapDisplayName);
ZeroMemory(&guid, sizeof(GUID));
// make sure we are bound
if (m_spIADs == NULL)
{
return E_INVALIDARG;
}
// build the LDAP path for the schema class
CWString szPhysicalSchemaPath;
LPCWSTR lpszPhysicalSchemaNamingContext = GetPhysicalSchemaNamingContext();
BuildLdapPathHelper(GetServerName(), lpszPhysicalSchemaNamingContext, szPhysicalSchemaPath);
CAdsiSearch search;
HRESULT hr = search.Init(szPhysicalSchemaPath);
if (FAILED(hr))
return hr;
static LPCWSTR lpszClassFilterFormat = L"(&(objectCategory=CN=Class-Schema,%s)(lDAPDisplayName=%s))";
static LPCWSTR lpszAttributeFilterFormat = L"(&(objectCategory=CN=Attribute-Schema,%s)(lDAPDisplayName=%s))";
LPCWSTR lpszFilterFormat = bGetAttribute ? lpszAttributeFilterFormat : lpszClassFilterFormat;
int nFmtLen = lstrlen(lpszFilterFormat);
int nSchemaContextLen = lstrlen(lpszPhysicalSchemaNamingContext);
int nlDAPDisplayNameLen = lstrlen(lpszClassLdapDisplayName);
WCHAR* lpszFilter = (WCHAR*)alloca(sizeof(WCHAR)*(nFmtLen+nSchemaContextLen+nlDAPDisplayNameLen+1));
wsprintf(lpszFilter, lpszFilterFormat, lpszPhysicalSchemaNamingContext, lpszClassLdapDisplayName);
//TRACE(L"lpszFilter = %s\n", lpszFilter);
static const int cAttrs = 1;
static LPCWSTR pszAttribsArr[cAttrs] =
{
L"schemaIDGUID",
};
hr = search.SetSearchScope(ADS_SCOPE_ONELEVEL);
if (FAILED(hr))
return hr;
hr = search.DoQuery(lpszFilter, pszAttribsArr, cAttrs);
if (FAILED(hr))
return hr;
// expect a single result
hr = search.GetNextRow();
if ( hr == S_ADS_NOMORE_ROWS)
{
hr = E_ADS_UNKNOWN_OBJECT;
}
if (FAILED(hr))
return hr;
hr = search.GetColumnOctectStringGUID(pszAttribsArr[0], guid);
//TRACE(L"exiting CAdsiObject::GetClassGuid()\n\n");
return hr;
}
HRESULT CAdsiObject::_QueryDNSServerName()
{
// make sure we are bound
if (m_spIADs == NULL)
{
return E_INVALIDARG;
}
m_szServerName = L"";
CComPtr<IADsObjectOptions> spIADsObjectOptions;
HRESULT hr = m_spIADs->QueryInterface(IID_IADsObjectOptions, (void**)&spIADsObjectOptions);
if (FAILED(hr))
return hr;
CComVariant var;
hr = spIADsObjectOptions->GetOption(ADS_OPTION_SERVERNAME, &var);
if (FAILED(hr))
return hr;
if(var.vt == VT_BSTR)
{
m_szServerName = V_BSTR(&var);
}
else
{
hr = E_INVALIDARG;
}
return hr;
}
HRESULT CAdsiObject::_InitGlobalNamingContexts()
{
return ::GetGlobalNamingContexts(GetServerName(),
m_szPhysicalSchemaNamingContext,
m_szConfigurationNamingContext);
}
HICON CAdsiObject::GetClassIcon(LPCWSTR lpszObjectClass)
{
ASSERT(m_spIDsDisplaySpecifier != NULL);
return m_spIDsDisplaySpecifier->GetIcon(lpszObjectClass,
DSGIF_ISNORMAL | DSGIF_GETDEFAULTICON,
32, 32);
}
HRESULT CAdsiObject::GetFriendlyClassName(LPCWSTR lpszObjectClass,
LPWSTR lpszBuffer, int cchBuffer)
{
ASSERT(m_spIDsDisplaySpecifier != NULL);
return m_spIDsDisplaySpecifier->GetFriendlyClassName(lpszObjectClass,
lpszBuffer,
cchBuffer);
}
HRESULT CAdsiObject::GetFriendlyAttributeName(LPCWSTR lpszObjectClass,
LPCWSTR lpszAttributeName,
LPWSTR lpszBuffer, int cchBuffer)
{
ASSERT(m_spIDsDisplaySpecifier != NULL);
return m_spIDsDisplaySpecifier->GetFriendlyAttributeName(lpszObjectClass,
lpszAttributeName,
lpszBuffer, cchBuffer);
}
#if (FALSE)
HRESULT CAdsiObject::_GetFriendlyClassNames(CGrowableArr<CSchemaClassInfo>* pSchemaClassesInfoArray)
{
TRACE(L"begin _GetFriendlyClassNames() loop on all classes\n");
#if defined (DO_TIMING)
DWORD dwTick1 = ::GetTickCount();
#endif
// now get the friendly class name to display
ULONG nCount = pSchemaClassesInfoArray->GetCount();
WCHAR szFrendlyName[1024];
for (UINT k=0; k<nCount; k++)
{
CSchemaClassInfo* p = (*pSchemaClassesInfoArray)[k];
HRESULT hrFriendlyName = this->GetFriendlyClassName(p->GetName(), szFrendlyName, 1024);
ASSERT(SUCCEEDED(hrFriendlyName));
(*pSchemaClassesInfoArray)[k]->SetDisplayName(SUCCEEDED(hrFriendlyName) ? szFrendlyName : NULL);
}
#if defined (DO_TIMING)
DWORD dwTick2 = ::GetTickCount();
TRACE(L"Time to call _GetFriendlyClassNames() loop (mSec) = %d\n", dwTick2-dwTick1);
#endif
return S_OK;
}
#else
HRESULT CAdsiObject::_GetFriendlyClassNames(CGrowableArr<CSchemaClassInfo>* pSchemaClassesInfoArray)
{
TRACE(L"\nbegin _GetFriendlyClassNames() using ADSI query\n");
#if defined (DO_TIMING)
DWORD dwTick1 = ::GetTickCount();
#endif
ASSERT(m_spIDsDisplaySpecifier != NULL);
// get the display specifiers locale container (e.g. 409)
CComPtr<IADs> spLocaleContainer;
HRESULT hr = m_spIDsDisplaySpecifier->GetDisplaySpecifier(NULL, IID_IADs, (void**)&spLocaleContainer);
if (FAILED(hr))
return hr;
// get distinguished name of the container
CComVariant varLocaleContainerDN;
hr = spLocaleContainer->Get(CComBSTR (L"distinguishedName"), &varLocaleContainerDN);
if (FAILED(hr))
return hr;
// build the LDAP path for it
CWString szLocaleContainerPath;
BuildLdapPathHelper(GetServerName(), varLocaleContainerDN.bstrVal, szLocaleContainerPath);
// build the LDAP path for the schema class
CWString szPhysicalSchemaPath;
LPCWSTR lpszPhysicalSchemaNamingContext = GetPhysicalSchemaNamingContext();
BuildLdapPathHelper(GetServerName(), lpszPhysicalSchemaNamingContext, szPhysicalSchemaPath);
// build an LDAP query string
static LPCWSTR lpszFilterFormat = L"(objectCategory=CN=Display-Specifier,%s)";
int nFmtLen = lstrlen(lpszFilterFormat);
int nArgumentLen = lstrlen(lpszPhysicalSchemaNamingContext);
WCHAR* lpszFilter = (WCHAR*)alloca(sizeof(WCHAR)*(nFmtLen+nArgumentLen+1));
wsprintf(lpszFilter, lpszFilterFormat, lpszPhysicalSchemaNamingContext);
// execute a query to get the CN and the class display name
CAdsiSearch search;
hr = search.Init(szLocaleContainerPath);
if (FAILED(hr))
return hr;
// build an array of wanted columns
static const int cAttrs = 2;
static LPCWSTR pszAttribsArr[cAttrs] =
{
L"cn", // e.g. "organizationalUnit-Display"
L"classDisplayName", // e.g. "Organizational Unit" (i.e. the localizable one)
};
hr = search.SetSearchScope(ADS_SCOPE_ONELEVEL);
//TRACE(L"search.SetSearchScope(ADS_SCOPE_ONELEVEL) returned hr = 0x%x\n", hr);
if (FAILED(hr))
return hr;
hr = search.DoQuery(lpszFilter, pszAttribsArr, cAttrs);
//TRACE(L"search.DoQuery(lpszFilter, pszAttribsArr, cAttrs) returned hr = 0x%x\n", hr);
if (FAILED(hr))
return hr;
// need to keep track of matches
size_t nCount = pSchemaClassesInfoArray->GetCount();
BOOL* bFoundArray = (BOOL*)alloca(nCount*sizeof(BOOL));
ZeroMemory(bFoundArray, nCount*sizeof(BOOL));
WCHAR szBuffer[1024];
CWString szNamingAttribute, szClassDisplayName;
while ((hr = search.GetNextRow()) != S_ADS_NOMORE_ROWS)
{
if (FAILED(hr))
continue;
HRESULT hr0 = search.GetColumnString(pszAttribsArr[0], szNamingAttribute);
HRESULT hr1 = search.GetColumnString(pszAttribsArr[1], szClassDisplayName);
//TRACE(L"szNamingAttribute = <%s>, szClassDisplayName = <%s>\n",
// szNamingAttribute.c_str(), szClassDisplayName.c_str());
if (FAILED(hr0) || FAILED(hr1) )
{
TRACE(L"WARNING: discarding right, failed on columns: hr0 = 0x%x, hr1 = 0x%x\n",
hr0, hr1);
continue;
}
// got a good name, need to match with the entries in the array
for (UINT k=0; k<nCount; k++)
{
if (!bFoundArray[k])
{
CSchemaClassInfo* p = (*pSchemaClassesInfoArray)[k];
//If its truncate, than string comparison will fail and
//it will be treated as if DisplayName didn't exist which
//is fine.
//NTRAID#NTBUG9-530206-2002/06/18-ronmart-Check return code and abort if failed
HRESULT hres = StringCchPrintf(szBuffer,sizeof(szBuffer)/sizeof(szBuffer[0]), L"%s-Display",p->GetName());
if(FAILED(hres))
return hres;
if (_wcsicmp(szBuffer, szNamingAttribute) == 0)
{
//TRACE(L" matching for %s\n",p->GetName());
p->SetDisplayName(szClassDisplayName);
bFoundArray[k] = TRUE;
}
}
} // for
} // while
// take care of the ones that did not have any display specifier
for (UINT k=0; k<nCount; k++)
{
if (!bFoundArray[k])
{
(*pSchemaClassesInfoArray)[k]->SetDisplayName(NULL);
}
} // for
TRACE(L"\n\n");
if (hr == S_ADS_NOMORE_ROWS)
hr = S_OK;
#if defined (DO_TIMING)
DWORD dwTick2 = ::GetTickCount();
TRACE(L"Time to call _GetFriendlyClassNames() on ADSI query (mSec) = %d\n", dwTick2-dwTick1);
#endif
return hr;
}
#endif
bool
CAdsiObject::GetListObjectEnforced()
{
if(m_iListObjectEnforced != -1)
return (m_iListObjectEnforced==1);
PADS_ATTR_INFO pAttributeInfo = NULL;
IDirectoryObject *pDirectoryService = NULL;
IADsPathname *pPath = NULL;
BSTR strServicePath = NULL;
do
{
m_iListObjectEnforced = 0; // Assume "not enforced"
HRESULT hr = S_OK;
int i;
// Create a path object for manipulating ADS paths
hr = CoCreateInstance(CLSID_Pathname,
NULL,
CLSCTX_INPROC_SERVER,
IID_IADsPathname,
(LPVOID*)&pPath);
if(FAILED(hr))
break;
CComBSTR bstrConfigPath = L"LDAP://";
if(GetServerName())
{
bstrConfigPath += GetServerName();
bstrConfigPath += L"/";
}
if(!GetConfigurationNamingContext())
break;
bstrConfigPath += GetConfigurationNamingContext();
if(!bstrConfigPath.Length())
break;
hr = pPath->Set(bstrConfigPath, ADS_SETTYPE_FULL);
if(FAILED(hr))
break;
const LPWSTR aszServicePath[] =
{
L"CN=Services",
L"CN=Windows NT",
L"CN=Directory Service",
};
for (i = 0; i < ARRAYSIZE(aszServicePath); i++)
{
hr = pPath->AddLeafElement(CComBSTR (aszServicePath[i]));
if(FAILED(hr))
break;
}
hr = pPath->Retrieve(ADS_FORMAT_WINDOWS, &strServicePath);
if(FAILED(hr))
break;
hr = ADsOpenObjectHelper(strServicePath,
IID_IDirectoryObject,
0,
(LPVOID*)&pDirectoryService);
if(FAILED(hr))
break;
WCHAR const c_szDsHeuristics[] = L"dSHeuristics";
LPWSTR pszDsHeuristics = (LPWSTR)c_szDsHeuristics;
DWORD dwAttributesReturned = 0;
hr = pDirectoryService->GetObjectAttributes(&pszDsHeuristics,
1,
&pAttributeInfo,
&dwAttributesReturned);
if (FAILED(hr)|| !pAttributeInfo)
break;
ASSERT(ADSTYPE_DN_STRING <= pAttributeInfo->dwADsType);
ASSERT(ADSTYPE_NUMERIC_STRING >= pAttributeInfo->dwADsType);
ASSERT(1 == pAttributeInfo->dwNumValues);
LPWSTR pszHeuristicString = pAttributeInfo->pADsValues->NumericString;
if (pszHeuristicString &&
lstrlenW(pszHeuristicString) > 2 &&
L'0' != pszHeuristicString[2])
{
m_iListObjectEnforced = 1;
}
}while(0);
if (pAttributeInfo)
FreeADsMem(pAttributeInfo);
if(pDirectoryService)
pDirectoryService->Release();
if(pPath)
pPath->Release();
if(strServicePath)
SysFreeString(strServicePath);
return (m_iListObjectEnforced==1);
}
////////////////////////////////////////////////////////////////////////////////////////
// CAdsiSearch
HRESULT CAdsiSearch::DoQuery(LPCWSTR lpszFilter, LPCWSTR* pszAttribsArr, int cAttrs)
{
if (m_spSearchObj == NULL)
return E_ADS_BAD_PATHNAME;
static const int NUM_PREFS=3;
static const int QUERY_PAGESIZE = 256;
ADS_SEARCHPREF_INFO aSearchPref[NUM_PREFS];
aSearchPref[0].dwSearchPref = ADS_SEARCHPREF_CHASE_REFERRALS;
aSearchPref[0].vValue.dwType = ADSTYPE_INTEGER;
aSearchPref[0].vValue.Integer = ADS_CHASE_REFERRALS_EXTERNAL;
aSearchPref[1].dwSearchPref = ADS_SEARCHPREF_PAGESIZE;
aSearchPref[1].vValue.dwType = ADSTYPE_INTEGER;
aSearchPref[1].vValue.Integer = QUERY_PAGESIZE;
aSearchPref[2].dwSearchPref = ADS_SEARCHPREF_CACHE_RESULTS;
aSearchPref[2].vValue.dwType = ADSTYPE_BOOLEAN;
aSearchPref[2].vValue.Integer = FALSE;
HRESULT hr = m_spSearchObj->SetSearchPreference (aSearchPref, NUM_PREFS);
if (FAILED(hr))
return hr;
return m_spSearchObj->ExecuteSearch((LPWSTR)lpszFilter,
(LPWSTR*)pszAttribsArr,
cAttrs,
&m_SearchHandle);
}
//
//Functions to replace GetNamedSecurityInfo and SetNamedSecurityInfo
//
#pragma warning (disable : 4127)
HRESULT
SetSecInfoMask(LPUNKNOWN punk, SECURITY_INFORMATION si)
{
HRESULT hr = E_INVALIDARG;
if (punk)
{
IADsObjectOptions *pOptions;
hr = punk->QueryInterface(IID_IADsObjectOptions, (void**)&pOptions);
if (SUCCEEDED(hr))
{
VARIANT var;
VariantInit(&var);
V_VT(&var) = VT_I4;
V_I4(&var) = si;
hr = pOptions->SetOption(ADS_OPTION_SECURITY_MASK, var);
pOptions->Release();
}
}
return hr;
}
//+---------------------------------------------------------------------------
//
// Function: GetSDForDsObject
// Synopsis: Reads the security descriptor from the specied DS object
// It only reads the DACL portion of the security descriptor
//
// Arguments: [IN pDsObject] -- DS object
// [ppDACL] --pointer to dacl in ppSD is returned here
// [OUT ppSD] -- Security descriptor returned here.
// calling API must free this by calling LocalFree
//
// Notes: The returned security descriptor must be freed with LocalFree
//
//----------------------------------------------------------------------------
HRESULT GetSDForDsObject(IDirectoryObject* pDsObject,
PACL* ppDACL,
PSECURITY_DESCRIPTOR* ppSD)
{
if(!pDsObject || !ppSD)
{
return E_POINTER;
}
*ppSD = NULL;
if(ppDACL)
{
*ppDACL = NULL;
}
HRESULT hr = S_OK;
PADS_ATTR_INFO pSDAttributeInfo = NULL;
do
{
WCHAR const c_szSDProperty[] = L"nTSecurityDescriptor";
LPWSTR pszProperty = (LPWSTR)c_szSDProperty;
// Set the SECURITY_INFORMATION mask to DACL_SECURITY_INFORMATION
hr = SetSecInfoMask(pDsObject, DACL_SECURITY_INFORMATION);
if(FAILED(hr))
break;
DWORD dwAttributesReturned;
// Read the security descriptor attribute
hr = pDsObject->GetObjectAttributes(&pszProperty,
1,
&pSDAttributeInfo,
&dwAttributesReturned);
if(SUCCEEDED(hr) && !pSDAttributeInfo)
{
hr = E_FAIL;
}
if(FAILED(hr))
break;
if((ADSTYPE_NT_SECURITY_DESCRIPTOR == pSDAttributeInfo->dwADsType) &&
(ADSTYPE_NT_SECURITY_DESCRIPTOR == pSDAttributeInfo->pADsValues->dwType))
{
*ppSD = (PSECURITY_DESCRIPTOR)LocalAlloc(LPTR, pSDAttributeInfo->pADsValues->SecurityDescriptor.dwLength);
if (!*ppSD)
{
hr = E_OUTOFMEMORY;
break;
}
CopyMemory(*ppSD,
pSDAttributeInfo->pADsValues->SecurityDescriptor.lpValue,
pSDAttributeInfo->pADsValues->SecurityDescriptor.dwLength);
if(ppDACL)
{
BOOL bDaclPresent,bDaclDeafulted;
if(!GetSecurityDescriptorDacl(*ppSD,
&bDaclPresent,
ppDACL,
&bDaclDeafulted))
{
DWORD dwErr = GetLastError();
hr = HRESULT_FROM_WIN32(dwErr);
break;
}
}
}
else
{
hr = E_FAIL;
}
}while(0);
if (pSDAttributeInfo)
FreeADsMem(pSDAttributeInfo);
if(FAILED(hr))
{
if(*ppSD)
{
LocalFree(*ppSD);
*ppSD = NULL;
if(ppDACL)
*ppDACL = NULL;
}
}
return hr;
}
//+---------------------------------------------------------------------------
//
// Function: GetSDForDsObjectPath
// Synopsis: Reads the security descriptor from the specied DS object
// It only reads the DACL portion of the security descriptor
//
// Arguments: [IN pszObjectPath] -- LDAP Path of ds object
// [ppDACL] --pointer to dacl in ppSD is returned here
// [OUT ppSD] -- Security descriptor returned here.
// calling API must free this by calling LocalFree
//
// Notes: The returned security descriptor must be freed with LocalFree
//
//----------------------------------------------------------------------------
HRESULT GetSDForDsObjectPath(LPCWSTR pszObjectPath,
PACL* ppDACL,
PSECURITY_DESCRIPTOR* ppSecurityDescriptor)
{
if(!pszObjectPath || !ppSecurityDescriptor)
{
return E_POINTER;
}
IDirectoryObject* pDsObject = NULL;
HRESULT hr = ADsOpenObjectHelper(pszObjectPath, IID_IDirectoryObject,0,(void**)&pDsObject);
if(SUCCEEDED(hr))
{
hr = GetSDForDsObject(pDsObject,ppDACL,ppSecurityDescriptor);
}
if(pDsObject)
pDsObject->Release();
return hr;
}
//+---------------------------------------------------------------------------
//
// Function: SetDaclForDsObject
// Synopsis: Sets the the DACL for the specified DS object
//
// Arguments: [IN pDsObject] -- ds object
// [IN pDACL] --pointer to dacl to be set
//
//----------------------------------------------------------------------------
HRESULT SetDaclForDsObject(IDirectoryObject* pDsObject,
PACL pDACL)
{
if(!pDsObject || !pDACL)
{
return E_POINTER;
}
WCHAR const c_szSDProperty[] = L"nTSecurityDescriptor";
PSECURITY_DESCRIPTOR pSD = NULL;
PSECURITY_DESCRIPTOR pSDCurrent = NULL;
HRESULT hr = S_OK;
do
{
//Get the current SD for the object
hr = GetSDForDsObject(pDsObject,NULL,&pSDCurrent);
if(FAILED(hr))
break;
//Get the control for the current security descriptor
SECURITY_DESCRIPTOR_CONTROL currentControl;
DWORD dwRevision = 0;
if(!GetSecurityDescriptorControl(pSDCurrent, &currentControl, &dwRevision))
{
DWORD dwErr = GetLastError();
hr = HRESULT_FROM_WIN32(dwErr);
break;
}
//Allocate the buffer for Security Descriptor
pSD = (PSECURITY_DESCRIPTOR)LocalAlloc(LPTR, SECURITY_DESCRIPTOR_MIN_LENGTH + pDACL->AclSize);
if(!pSD)
{
hr = E_OUTOFMEMORY;
break;
}
if(!InitializeSecurityDescriptor(pSD, SECURITY_DESCRIPTOR_REVISION))
{
DWORD dwErr = GetLastError();
hr = HRESULT_FROM_WIN32(dwErr);
break;
}
PISECURITY_DESCRIPTOR pISD = (PISECURITY_DESCRIPTOR)pSD;
//
// Finally, build the security descriptor
//
pISD->Control |= SE_DACL_PRESENT | SE_DACL_AUTO_INHERIT_REQ
| (currentControl & (SE_DACL_PROTECTED | SE_DACL_AUTO_INHERITED));
if (pDACL->AclSize > 0)
{
pISD->Dacl = (PACL)(pISD + 1);
CopyMemory(pISD->Dacl, pDACL, pDACL->AclSize);
}
//We are only setting DACL information
hr = SetSecInfoMask(pDsObject, DACL_SECURITY_INFORMATION);
if(FAILED(hr))
break;
// Need the total size
DWORD dwSDLength = GetSecurityDescriptorLength(pSD);
//
// If necessary, make a self-relative copy of the security descriptor
//
SECURITY_DESCRIPTOR_CONTROL sdControl = 0;
if(!GetSecurityDescriptorControl(pSD, &sdControl, &dwRevision))
{
DWORD dwErr = GetLastError();
hr = HRESULT_FROM_WIN32(dwErr);
break;
}
if (!(sdControl & SE_SELF_RELATIVE))
{
PSECURITY_DESCRIPTOR psd = (PSECURITY_DESCRIPTOR)LocalAlloc(LPTR, dwSDLength);
if (psd == NULL ||
!MakeSelfRelativeSD(pSD, psd, &dwSDLength))
{
DWORD dwErr = GetLastError();
hr = HRESULT_FROM_WIN32(dwErr);
break;
}
// Point to the self-relative copy
LocalFree(pSD);
pSD = psd;
}
ADSVALUE attributeValue;
ADS_ATTR_INFO attributeInfo;
attributeValue.dwType = ADSTYPE_NT_SECURITY_DESCRIPTOR;
attributeValue.SecurityDescriptor.dwLength = dwSDLength;
attributeValue.SecurityDescriptor.lpValue = (LPBYTE)pSD;
attributeInfo.pszAttrName = (LPWSTR)c_szSDProperty;
attributeInfo.dwControlCode = ADS_ATTR_UPDATE;
attributeInfo.dwADsType = ADSTYPE_NT_SECURITY_DESCRIPTOR;
attributeInfo.pADsValues = &attributeValue;
attributeInfo.dwNumValues = 1;
DWORD dwAttributesModified;
// Write the security descriptor
hr = pDsObject->SetObjectAttributes(&attributeInfo,
1,
&dwAttributesModified);
}while(0);
if(pSDCurrent)
{
LocalFree(pSDCurrent);
}
if(pSD)
{
LocalFree(pSD);
}
return S_OK;
}
HRESULT SetDaclForDsObjectPath(LPCWSTR pszObjectPath,
PACL pDACL)
{
if(!pszObjectPath || !pDACL)
return E_POINTER;
IDirectoryObject* pDsObject = NULL;
HRESULT hr = ADsOpenObjectHelper(pszObjectPath, IID_IDirectoryObject,0,(void**)&pDsObject);
if(SUCCEEDED(hr))
{
hr = SetDaclForDsObject(pDsObject,pDACL);
}
if(pDsObject)
pDsObject->Release();
return hr;
}