You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
377 lines
12 KiB
377 lines
12 KiB
//+---------------------------------------------------------------------------
|
|
/////////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// Microsoft Windows
|
|
// Copyright (C) Microsoft Corporation, 1997-2002.
|
|
//
|
|
// File: GPEPage.cpp
|
|
//
|
|
// Contents: Implementation of CGPERootGeneralPage
|
|
//
|
|
//----------------------------------------------------------------------------
|
|
|
|
#include "stdafx.h"
|
|
#include <gpedit.h>
|
|
#include "GPEPage.h"
|
|
#include "storegpe.h"
|
|
#include "CompData.h"
|
|
|
|
#ifdef _DEBUG
|
|
#ifndef ALPHA
|
|
#define new DEBUG_NEW
|
|
#endif
|
|
#undef THIS_FILE
|
|
static char THIS_FILE[] = __FILE__;
|
|
#endif
|
|
|
|
extern GUID g_guidExtension;
|
|
extern GUID g_guidSnapin;
|
|
extern GUID g_guidRegExt;
|
|
|
|
|
|
/////////////////////////////////////////////////////////////////////////////
|
|
// CGPERootGeneralPage property page
|
|
|
|
|
|
CGPERootGeneralPage::CGPERootGeneralPage(CCertMgrComponentData* pCompData,
|
|
bool fIsComputerType) :
|
|
CHelpPropertyPage(CGPERootGeneralPage::IDD),
|
|
m_dwGPERootFlags (0),
|
|
m_hUserRootFlagsKey (0),
|
|
m_hGroupPolicyKey (0),
|
|
m_pGPEInformation (pCompData->GetGPEInformation ()),
|
|
m_fIsComputerType (fIsComputerType)
|
|
{
|
|
//{{AFX_DATA_INIT(CGPERootGeneralPage)
|
|
// NOTE: the ClassWizard will add member initialization here
|
|
//}}AFX_DATA_INIT
|
|
|
|
if ( m_pGPEInformation )
|
|
{
|
|
m_pGPEInformation->AddRef ();
|
|
|
|
HRESULT hResult = m_pGPEInformation->GetRegistryKey (GPO_SECTION_MACHINE,
|
|
&m_hGroupPolicyKey);
|
|
ASSERT (SUCCEEDED (hResult));
|
|
if ( SUCCEEDED (hResult) )
|
|
GPEGetUserRootFlags ();
|
|
}
|
|
else
|
|
RSOPGetUserRootFlags (pCompData);
|
|
}
|
|
|
|
CGPERootGeneralPage::~CGPERootGeneralPage()
|
|
{
|
|
if ( m_hUserRootFlagsKey )
|
|
::RegCloseKey (m_hUserRootFlagsKey);
|
|
if ( m_hGroupPolicyKey )
|
|
::RegCloseKey (m_hGroupPolicyKey);
|
|
if ( m_pGPEInformation )
|
|
m_pGPEInformation->Release ();
|
|
}
|
|
|
|
void CGPERootGeneralPage::DoDataExchange(CDataExchange* pDX)
|
|
{
|
|
CHelpPropertyPage::DoDataExchange(pDX);
|
|
//{{AFX_DATA_MAP(CGPERootGeneralPage)
|
|
DDX_Control(pDX, IDC_ENABLE_USER_ROOT_STORE, m_enableUserRootStoreBtn);
|
|
//}}AFX_DATA_MAP
|
|
}
|
|
|
|
|
|
BEGIN_MESSAGE_MAP(CGPERootGeneralPage, CHelpPropertyPage)
|
|
//{{AFX_MSG_MAP(CGPERootGeneralPage)
|
|
ON_BN_CLICKED(IDC_ENABLE_USER_ROOT_STORE, OnEnableUserRootStore)
|
|
ON_BN_CLICKED(IDC_SET_DISABLE_LM_AUTH_FLAG, OnSetDisableLmAuthFlag)
|
|
ON_BN_CLICKED(IDC_UNSET_DISABLE_LM_AUTH_FLAG, OnUnsetDisableLmAuthFlag)
|
|
ON_BN_CLICKED(IDC_UNSET_DISABLE_NT_AUTH_REQUIRED_FLAG, OnUnsetDisableNtAuthRequiredFlag)
|
|
ON_BN_CLICKED(IDC_SET_DISABLE_NT_AUTH_REQUIRED_FLAG, OnSetDisableNtAuthRequiredFlag)
|
|
//}}AFX_MSG_MAP
|
|
END_MESSAGE_MAP()
|
|
|
|
/////////////////////////////////////////////////////////////////////////////
|
|
// CGPERootGeneralPage message handlers
|
|
|
|
|
|
BOOL CGPERootGeneralPage::OnInitDialog()
|
|
{
|
|
CHelpPropertyPage::OnInitDialog();
|
|
|
|
// If this is the RSOP, make it read-only
|
|
if ( !m_pGPEInformation )
|
|
{
|
|
// Make the page read-only
|
|
m_enableUserRootStoreBtn.EnableWindow (FALSE);
|
|
GetDlgItem (IDC_SET_DISABLE_LM_AUTH_FLAG)->EnableWindow (FALSE);
|
|
GetDlgItem (IDC_UNSET_DISABLE_LM_AUTH_FLAG)->EnableWindow (FALSE);
|
|
GetDlgItem (IDC_SET_DISABLE_NT_AUTH_REQUIRED_FLAG)->EnableWindow (FALSE);
|
|
GetDlgItem (IDC_UNSET_DISABLE_NT_AUTH_REQUIRED_FLAG)->EnableWindow (FALSE);
|
|
}
|
|
|
|
if ( IsCurrentUserRootEnabled () )
|
|
m_enableUserRootStoreBtn.SetCheck (BST_CHECKED);
|
|
|
|
if ( m_dwGPERootFlags & CERT_PROT_ROOT_DISABLE_LM_AUTH_FLAG )
|
|
SendDlgItemMessage (IDC_SET_DISABLE_LM_AUTH_FLAG, BM_SETCHECK, BST_CHECKED);
|
|
else
|
|
SendDlgItemMessage (IDC_UNSET_DISABLE_LM_AUTH_FLAG, BM_SETCHECK, BST_CHECKED);
|
|
|
|
if ( m_dwGPERootFlags & CERT_PROT_ROOT_DISABLE_NT_AUTH_REQUIRED_FLAG )
|
|
SendDlgItemMessage (IDC_SET_DISABLE_NT_AUTH_REQUIRED_FLAG, BM_SETCHECK, BST_CHECKED);
|
|
else
|
|
SendDlgItemMessage (IDC_UNSET_DISABLE_NT_AUTH_REQUIRED_FLAG, BM_SETCHECK, BST_CHECKED);
|
|
|
|
|
|
return TRUE; // return TRUE unless you set the focus to a control
|
|
// EXCEPTION: OCX Property Pages should return FALSE
|
|
}
|
|
|
|
void CGPERootGeneralPage::OnOK()
|
|
{
|
|
if ( m_pGPEInformation )
|
|
{
|
|
SaveCheck ();
|
|
CHelpPropertyPage::OnOK ();
|
|
}
|
|
}
|
|
|
|
void CGPERootGeneralPage::SaveCheck()
|
|
{
|
|
ASSERT (m_pGPEInformation);
|
|
if ( m_pGPEInformation )
|
|
{
|
|
bool bRetVal = false;
|
|
|
|
if ( m_enableUserRootStoreBtn.GetCheck () == BST_CHECKED )
|
|
bRetVal = SetGPEFlags ((DWORD) CERT_PROT_ROOT_DISABLE_CURRENT_USER_FLAG, TRUE); // remove flag
|
|
else
|
|
bRetVal = SetGPEFlags ((DWORD) CERT_PROT_ROOT_DISABLE_CURRENT_USER_FLAG, FALSE); // set flag
|
|
|
|
if ( bRetVal )
|
|
{
|
|
if ( BST_CHECKED == SendDlgItemMessage (IDC_SET_DISABLE_LM_AUTH_FLAG, BM_GETCHECK) )
|
|
bRetVal = SetGPEFlags ((DWORD) CERT_PROT_ROOT_DISABLE_LM_AUTH_FLAG, FALSE); // set flag
|
|
else if ( BST_CHECKED == SendDlgItemMessage (IDC_UNSET_DISABLE_LM_AUTH_FLAG, BM_GETCHECK) )
|
|
bRetVal = SetGPEFlags ((DWORD) CERT_PROT_ROOT_DISABLE_LM_AUTH_FLAG, TRUE); // remove flag
|
|
}
|
|
|
|
if ( bRetVal )
|
|
{
|
|
if ( BST_CHECKED == SendDlgItemMessage (IDC_SET_DISABLE_NT_AUTH_REQUIRED_FLAG, BM_GETCHECK) )
|
|
bRetVal = SetGPEFlags ((DWORD) CERT_PROT_ROOT_DISABLE_NT_AUTH_REQUIRED_FLAG, FALSE); // set flag
|
|
else if ( BST_CHECKED == SendDlgItemMessage (IDC_UNSET_DISABLE_NT_AUTH_REQUIRED_FLAG, BM_GETCHECK) )
|
|
bRetVal = SetGPEFlags ((DWORD) CERT_PROT_ROOT_DISABLE_NT_AUTH_REQUIRED_FLAG, TRUE); // remove flag
|
|
}
|
|
|
|
if ( bRetVal )
|
|
{
|
|
// TRUE means we're changing the machine policy only
|
|
m_pGPEInformation->PolicyChanged (TRUE, TRUE, &g_guidExtension, &g_guidSnapin);
|
|
m_pGPEInformation->PolicyChanged (TRUE, TRUE, &g_guidRegExt, &g_guidSnapin);
|
|
}
|
|
}
|
|
}
|
|
|
|
void CGPERootGeneralPage::OnEnableUserRootStore()
|
|
{
|
|
SetModified (TRUE);
|
|
}
|
|
|
|
|
|
void CGPERootGeneralPage::OnSetDisableLmAuthFlag()
|
|
{
|
|
SetModified (TRUE);
|
|
}
|
|
|
|
bool CGPERootGeneralPage::SetGPEFlags (DWORD dwFlags, BOOL bRemoveFlag)
|
|
{
|
|
bool bRetVal = false;
|
|
|
|
ASSERT (m_pGPEInformation);
|
|
if ( m_pGPEInformation )
|
|
{
|
|
DWORD dwType = REG_DWORD;
|
|
DWORD dwData = 0;
|
|
DWORD cbData = sizeof (dwData);
|
|
|
|
// security review 2/27/2002 BryanWal ok
|
|
LONG lResult = ::RegQueryValueEx (m_hUserRootFlagsKey, // handle of key to query
|
|
CERT_PROT_ROOT_FLAGS_VALUE_NAME, // address of name of value to query
|
|
0, // reserved
|
|
&dwType, // address of buffer for value type
|
|
(LPBYTE) &dwData, // address of data buffer
|
|
&cbData); // address of data buffer size);
|
|
ASSERT (ERROR_SUCCESS == lResult || ERROR_FILE_NOT_FOUND == lResult);
|
|
if ( ERROR_SUCCESS == lResult || ERROR_FILE_NOT_FOUND == lResult )
|
|
{
|
|
if ( ERROR_SUCCESS == lResult && REG_DWORD != dwType )
|
|
{
|
|
ASSERT (0);
|
|
return false;
|
|
}
|
|
|
|
if ( bRemoveFlag )
|
|
dwData &= ~dwFlags;
|
|
else
|
|
dwData |= dwFlags;
|
|
|
|
lResult = ::RegSetValueEx (m_hUserRootFlagsKey,
|
|
CERT_PROT_ROOT_FLAGS_VALUE_NAME, // address of value to set
|
|
0, // reserved
|
|
REG_DWORD, // flag for value type
|
|
(CONST BYTE *) &dwData, // address of value data
|
|
cbData); // size of value data);
|
|
ASSERT (ERROR_SUCCESS == lResult);
|
|
if ( ERROR_SUCCESS == lResult )
|
|
{
|
|
m_dwGPERootFlags = dwData;
|
|
bRetVal = true;
|
|
}
|
|
else
|
|
DisplaySystemError (m_hWnd, lResult);
|
|
}
|
|
else
|
|
DisplaySystemError (m_hWnd, lResult);
|
|
}
|
|
|
|
return bRetVal;
|
|
}
|
|
|
|
bool CGPERootGeneralPage::IsCurrentUserRootEnabled() const
|
|
{
|
|
if (m_dwGPERootFlags & CERT_PROT_ROOT_DISABLE_CURRENT_USER_FLAG)
|
|
return false;
|
|
else
|
|
return true;
|
|
}
|
|
|
|
void CGPERootGeneralPage::RSOPGetUserRootFlags(const CCertMgrComponentData* pCompData)
|
|
{
|
|
if ( pCompData )
|
|
{
|
|
const CRSOPObjectArray* pObjectArray = m_fIsComputerType ?
|
|
pCompData->GetRSOPObjectArrayComputer () :
|
|
pCompData->GetRSOPObjectArrayUser ();
|
|
int nIndex = 0;
|
|
|
|
// NOTE: rsop object array is sorted first by registry key, then by precedence
|
|
INT_PTR nUpperBound = pObjectArray->GetUpperBound ();
|
|
|
|
while ( nUpperBound >= nIndex )
|
|
{
|
|
CRSOPObject* pObject = pObjectArray->GetAt (nIndex);
|
|
if ( pObject )
|
|
{
|
|
// Consider only entries from this store
|
|
// security review 2/27/2002 BryanWal ok
|
|
if ( !wcscmp (CERT_PROT_ROOT_FLAGS_REGPATH, pObject->GetRegistryKey ()) )
|
|
{
|
|
ASSERT (1 == pObject->GetPrecedence ());
|
|
m_dwGPERootFlags = pObject->GetDWORDValue ();
|
|
break;
|
|
}
|
|
}
|
|
else
|
|
break;
|
|
|
|
nIndex++;
|
|
}
|
|
}
|
|
}
|
|
|
|
void CGPERootGeneralPage::GPEGetUserRootFlags()
|
|
{
|
|
DWORD dwDisposition = 0;
|
|
|
|
// security review 2/27/2002 BryanWal ok
|
|
LONG lResult = ::RegCreateKeyEx (m_hGroupPolicyKey, // handle of an open key
|
|
CERT_PROT_ROOT_FLAGS_REGPATH, // address of subkey name
|
|
0, // reserved
|
|
L"", // address of class string
|
|
REG_OPTION_NON_VOLATILE, // special options flag
|
|
KEY_QUERY_VALUE | KEY_SET_VALUE, // desired security access
|
|
NULL, // address of key security structure
|
|
&m_hUserRootFlagsKey, // address of buffer for opened handle
|
|
&dwDisposition); // address of disposition value buffer
|
|
ASSERT (lResult == ERROR_SUCCESS);
|
|
if ( lResult == ERROR_SUCCESS )
|
|
{
|
|
// Read value
|
|
DWORD dwType = REG_DWORD;
|
|
DWORD dwData = 0;
|
|
DWORD cbData = sizeof (dwData);
|
|
|
|
// security review 2/27/2002 BryanWal ok
|
|
lResult = ::RegQueryValueEx (m_hUserRootFlagsKey, // handle of key to query
|
|
CERT_PROT_ROOT_FLAGS_VALUE_NAME, // address of name of value to query
|
|
0, // reserved
|
|
&dwType, // address of buffer for value type
|
|
(LPBYTE) &dwData, // address of data buffer
|
|
&cbData); // address of data buffer size);
|
|
ASSERT (ERROR_SUCCESS == lResult || ERROR_FILE_NOT_FOUND == lResult);
|
|
if ( ERROR_SUCCESS == lResult || ERROR_FILE_NOT_FOUND == lResult )
|
|
{
|
|
if ( REG_DWORD == dwType )
|
|
{
|
|
m_dwGPERootFlags = dwData;
|
|
}
|
|
}
|
|
else
|
|
DisplaySystemError (NULL, lResult);
|
|
}
|
|
else
|
|
DisplaySystemError (NULL, lResult);
|
|
}
|
|
|
|
|
|
void CGPERootGeneralPage::DoContextHelp (HWND hWndControl)
|
|
{
|
|
_TRACE (1, L"Entering CGPERootGeneralPage::DoContextHelp\n");
|
|
static const DWORD help_map[] =
|
|
{
|
|
IDC_ENABLE_USER_ROOT_STORE, IDH_GPEPAGE_ENABLE_USER_ROOT_STORE,
|
|
IDC_SET_DISABLE_LM_AUTH_FLAG, IDH_SET_DISABLE_LM_AUTH_FLAG,
|
|
IDC_UNSET_DISABLE_LM_AUTH_FLAG, IDH_UNSET_DISABLE_LM_AUTH_FLAG,
|
|
IDC_SET_DISABLE_NT_AUTH_REQUIRED_FLAG, IDH_SET_DISABLE_NT_AUTH_REQUIRED_FLAG,
|
|
IDC_UNSET_DISABLE_NT_AUTH_REQUIRED_FLAG, IDH_UNSET_DISABLE_NT_AUTH_REQUIRED_FLAG,
|
|
0, 0
|
|
};
|
|
|
|
switch (::GetDlgCtrlID (hWndControl))
|
|
{
|
|
case IDC_ENABLE_USER_ROOT_STORE:
|
|
case IDC_SET_DISABLE_LM_AUTH_FLAG:
|
|
case IDC_UNSET_DISABLE_LM_AUTH_FLAG:
|
|
case IDC_SET_DISABLE_NT_AUTH_REQUIRED_FLAG:
|
|
case IDC_UNSET_DISABLE_NT_AUTH_REQUIRED_FLAG:
|
|
if ( !::WinHelp (
|
|
hWndControl,
|
|
GetF1HelpFilename(),
|
|
HELP_WM_HELP,
|
|
(DWORD_PTR) help_map) )
|
|
{
|
|
_TRACE (0, L"WinHelp () failed: 0x%x\n", GetLastError ());
|
|
}
|
|
break;
|
|
|
|
default:
|
|
break;
|
|
}
|
|
_TRACE (-1, L"Leaving CGPERootGeneralPage::DoContextHelp\n");
|
|
}
|
|
|
|
|
|
void CGPERootGeneralPage::OnUnsetDisableLmAuthFlag()
|
|
{
|
|
SetModified (TRUE);
|
|
}
|
|
|
|
void CGPERootGeneralPage::OnUnsetDisableNtAuthRequiredFlag()
|
|
{
|
|
SetModified (TRUE);
|
|
}
|
|
|
|
void CGPERootGeneralPage::OnSetDisableNtAuthRequiredFlag()
|
|
{
|
|
SetModified (TRUE);
|
|
}
|