You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
373 lines
9.4 KiB
373 lines
9.4 KiB
#include <windows.h>
|
|
#include <wbemcli.h>
|
|
#include <wbemprov.h>
|
|
#include <stdio.h>
|
|
#include <commain.h>
|
|
#include <clsfac.h>
|
|
#include <wbemcomn.h>
|
|
#include <ql.h>
|
|
#include <sync.h>
|
|
#include <Dsrole.h>
|
|
#include "utility.h"
|
|
#include "PolicMan.h"
|
|
#include "PolicSOM.h"
|
|
#include "PolicStatus.h"
|
|
|
|
#include <tchar.h>
|
|
|
|
#define REG_RUN_KEY L"Software\\Microsoft\\Windows\\CurrentVersion\\Run"
|
|
|
|
class CMyServer : public CComServer
|
|
{
|
|
public:
|
|
CMyServer(void) { InitGlobalNames(); }
|
|
~CMyServer(void) { FreeGlobalNames(); }
|
|
|
|
HRESULT Initialize()
|
|
{
|
|
AddClassInfo(CLSID_PolicySOM,
|
|
new CClassFactory<CPolicySOM>(GetLifeControl()),
|
|
_T("WMI Policy SOM Provider"), TRUE);
|
|
|
|
AddClassInfo(CLSID_PolicyStatus,
|
|
new CClassFactory<CPolicyStatus>(GetLifeControl()),
|
|
_T("WMI Policy Status Provider"), TRUE);
|
|
|
|
return S_OK;
|
|
|
|
}
|
|
HRESULT InitializeCom()
|
|
{
|
|
return CoInitializeEx(NULL, COINIT_MULTITHREADED);
|
|
}
|
|
|
|
/*
|
|
void Register(void)
|
|
{
|
|
wchar_t
|
|
swKeyValue[] = L"RUNDLL32.EXE %systemroot%\\system32\\wbem\\policman.dll,CreateADContainers",
|
|
swExpandedValue[512],
|
|
swRunOnceKey[] = REG_RUN_KEY ;
|
|
|
|
HKEY
|
|
hkRunOnce;
|
|
|
|
LONG
|
|
lReturnCode;
|
|
|
|
lReturnCode = ExpandEnvironmentStrings(swKeyValue, swExpandedValue, 512);
|
|
|
|
lReturnCode = RegOpenKeyEx(HKEY_LOCAL_MACHINE, swRunOnceKey, 0, KEY_SET_VALUE, &hkRunOnce);
|
|
|
|
if(ERROR_SUCCESS != lReturnCode)
|
|
{
|
|
// error
|
|
}
|
|
|
|
lReturnCode = RegSetValueEx(hkRunOnce, L"PolicMan", 0, REG_EXPAND_SZ, (BYTE *)swExpandedValue,
|
|
(lstrlen(swExpandedValue)+1) * sizeof(wchar_t));
|
|
|
|
if(ERROR_SUCCESS != lReturnCode)
|
|
{
|
|
// error
|
|
}
|
|
|
|
RegCloseKey(hkRunOnce);
|
|
}
|
|
*/
|
|
} Server;
|
|
|
|
HRESULT GetOrCreateObj(CComQIPtr<IADsContainer, &IID_IADsContainer> &pIADsContainer_In,
|
|
CComBSTR &bstrObjName,
|
|
CComQIPtr<IADsContainer, &IID_IADsContainer> &pIADsContainer_Out)
|
|
{
|
|
HRESULT
|
|
hres = WBEM_E_FAILED;
|
|
|
|
CComQIPtr<IDispatch, &IID_IDispatch>
|
|
pDisp;
|
|
|
|
CComQIPtr<IDirectoryObject, &IID_IDirectoryObject>
|
|
pDirectoryObj;
|
|
|
|
CComQIPtr<IADsObjectOptions, &IID_IADsObjectOptions>
|
|
pADsObjectOptions;
|
|
|
|
CComVariant
|
|
vSecurityOptions;
|
|
|
|
ADSVALUE
|
|
AdsValue[1];
|
|
|
|
ADS_ATTR_INFO
|
|
attrInfo[] = { { L"ntSecurityDescriptor", ADS_ATTR_UPDATE, ADSTYPE_NT_SECURITY_DESCRIPTOR, &AdsValue[0], 1} };
|
|
|
|
CNtSecurityDescriptor
|
|
cSD;
|
|
|
|
DWORD
|
|
dwModified;
|
|
|
|
ADS_OBJECT_INFO
|
|
*pADsInfo = NULL;
|
|
|
|
if(NULL == pIADsContainer_In.p) return WBEM_E_FAILED;
|
|
|
|
// **** get/create object
|
|
|
|
hres = pIADsContainer_In->GetObject(g_bstrMISCContainer, bstrObjName, &pDisp);
|
|
if(FAILED(hres) || (NULL == pDisp.p))
|
|
{
|
|
CComQIPtr<IADs, &IID_IADs>
|
|
pIADs;
|
|
|
|
hres = pIADsContainer_In->Create(g_bstrMISCContainer, bstrObjName, &pDisp);
|
|
if(FAILED(hres) || (NULL == pDisp.p))
|
|
{
|
|
ERRORTRACE((LOG_ESS, "POLICMAN: (Container Creation) Could create container %S : 0x%x\n", (BSTR)bstrObjName, hres));
|
|
return hres;
|
|
}
|
|
|
|
// **** write object to AD
|
|
|
|
pIADs = pDisp;
|
|
hres = pIADs->SetInfo();
|
|
if(FAILED(hres))
|
|
{
|
|
ERRORTRACE((LOG_ESS, "POLICMAN: (Container Creation) Could write container %S to DS : 0x%x\n", (BSTR)bstrObjName, hres));
|
|
return hres;
|
|
}
|
|
}
|
|
|
|
// **** set object security option
|
|
|
|
pADsObjectOptions = pDisp;
|
|
vSecurityOptions = (ADS_SECURITY_INFO_OWNER | ADS_SECURITY_INFO_DACL);
|
|
hres = pADsObjectOptions->SetOption(ADS_OPTION_SECURITY_MASK, vSecurityOptions);
|
|
if(FAILED(hres))
|
|
{
|
|
ERRORTRACE((LOG_ESS, "POLICMAN: (Container Creation) Could set security options on object : 0x%x\n", hres));
|
|
return hres;
|
|
}
|
|
|
|
// **** create security descriptor
|
|
|
|
hres = CreateDefaultSecurityDescriptor(cSD);
|
|
if(FAILED(hres))
|
|
{
|
|
ERRORTRACE((LOG_ESS, "POLICMAN: (Container Creation) Could create security descriptor : 0x%x\n", hres));
|
|
return hres;
|
|
}
|
|
|
|
// **** set object security descriptor
|
|
|
|
AdsValue[0].dwType = ADSTYPE_NT_SECURITY_DESCRIPTOR;
|
|
AdsValue[0].SecurityDescriptor.dwLength = cSD.GetSize();
|
|
AdsValue[0].SecurityDescriptor.lpValue = (LPBYTE)cSD.GetPtr();
|
|
|
|
pDirectoryObj = pDisp;
|
|
hres = pDirectoryObj->SetObjectAttributes(attrInfo, 1, &dwModified);
|
|
if(FAILED(hres))
|
|
{
|
|
ERRORTRACE((LOG_ESS, "POLICMAN: (Container Creation) Could set security on object : 0x%x\n", hres));
|
|
return hres;
|
|
}
|
|
|
|
pIADsContainer_Out = pDirectoryObj;
|
|
|
|
return WBEM_S_NO_ERROR;
|
|
}
|
|
|
|
#define SYSTEM_PATH L"LDAP://CN=System,"
|
|
#define WMIPOLICY_PATH L"CN=WMIPolicy"
|
|
#define TEMPLATE_PATH L"CN=PolicyTemplate"
|
|
#define TYPE_PATH L"CN=PolicyType"
|
|
#define GPO_PATH L"CN=WMIGPO"
|
|
#define SOM_PATH L"CN=SOM"
|
|
|
|
HRESULT InScopeOfCOM_CreateADContainers(void)
|
|
{
|
|
HRESULT
|
|
hres = WBEM_E_FAILED;
|
|
|
|
PDSROLE_PRIMARY_DOMAIN_INFO_BASIC
|
|
pBasic;
|
|
|
|
CComPtr<IADs>
|
|
pRootDSE;
|
|
|
|
CComQIPtr<IADs, &IID_IADs>
|
|
pObj;
|
|
|
|
CComQIPtr<IADsContainer, &IID_IADsContainer>
|
|
pWMIPolicyObj,
|
|
pSystemObj,
|
|
pADsContainer;
|
|
|
|
CComVariant
|
|
vDomainName;
|
|
|
|
CComBSTR
|
|
bstrSystemPath(SYSTEM_PATH),
|
|
bstrWMIPolicy(WMIPOLICY_PATH),
|
|
bstrTemplate(TEMPLATE_PATH),
|
|
bstrType(TYPE_PATH),
|
|
bstrSom(SOM_PATH),
|
|
bstrGPO(GPO_PATH);
|
|
|
|
// **** delay until AD is up and running
|
|
|
|
DWORD
|
|
dwResult = DsRoleGetPrimaryDomainInformation(NULL, DsRolePrimaryDomainInfoBasic,
|
|
(PBYTE *)&pBasic);
|
|
|
|
if(dwResult == ERROR_SUCCESS)
|
|
{
|
|
// **** Check if this is a DC
|
|
|
|
if((pBasic->MachineRole == DsRole_RoleBackupDomainController) ||
|
|
(pBasic->MachineRole == DsRole_RolePrimaryDomainController))
|
|
{
|
|
HANDLE
|
|
hEvent;
|
|
|
|
hEvent = OpenEvent(SYNCHRONIZE, FALSE, TEXT("NtdsDelayedStartupCompletedEvent") );
|
|
|
|
if(hEvent) {
|
|
WaitForSingleObject(hEvent, 50000);
|
|
CloseHandle (hEvent);
|
|
}
|
|
}
|
|
}
|
|
|
|
// **** get LDAP name of domain controller
|
|
|
|
hres = ADsGetObject(L"LDAP://rootDSE", IID_IADs, (void**)&pRootDSE);
|
|
if(FAILED(hres))
|
|
{
|
|
ERRORTRACE((LOG_ESS, "POLICMAN: (Container Creation) Could not get pointer to LDAP://rootDSE : 0x%x\n", hres));
|
|
return hres;
|
|
}
|
|
else
|
|
{
|
|
hres = pRootDSE->Get(g_bstrMISCdefaultNamingContext, &vDomainName);
|
|
if(FAILED(hres) || (V_VT(&vDomainName) != VT_BSTR) || (V_BSTR(&vDomainName) == NULL))
|
|
{
|
|
ERRORTRACE((LOG_ESS, "POLICMAN: (Container Creation) could not get defaultNamingContext : 0x%x\n", hres));
|
|
return hres;
|
|
}
|
|
|
|
bstrSystemPath.Append(vDomainName.bstrVal);
|
|
}
|
|
|
|
// **** get system path
|
|
|
|
hres = ADsGetObject(bstrSystemPath, IID_IADsContainer, (void **)&pSystemObj);
|
|
if (FAILED(hres))
|
|
{
|
|
ERRORTRACE((LOG_ESS, "POLICMAN: (Container Creation) Could not get pointer to %S : 0x%x\n", (BSTR)bstrSystemPath, hres));
|
|
return hres;
|
|
}
|
|
|
|
// **** get/create WMIPolicy containers
|
|
|
|
hres = GetOrCreateObj(pSystemObj, bstrWMIPolicy, pWMIPolicyObj);
|
|
if(FAILED(hres))
|
|
{
|
|
ERRORTRACE((LOG_ESS, "POLICMAN: (Container Creation) Could not create/get pointer to %S : 0x%x\n", (BSTR)bstrWMIPolicy, hres));
|
|
return hres;
|
|
}
|
|
else
|
|
{
|
|
hres = GetOrCreateObj(pWMIPolicyObj, bstrTemplate, pADsContainer);
|
|
if(FAILED(hres))
|
|
{
|
|
ERRORTRACE((LOG_ESS, "POLICMAN: (Container Creation) Could not create/get pointer to %S : 0x%x\n", (BSTR)bstrTemplate, hres));
|
|
return hres;
|
|
}
|
|
|
|
hres = GetOrCreateObj(pWMIPolicyObj, bstrType, pADsContainer);
|
|
if(FAILED(hres))
|
|
{
|
|
ERRORTRACE((LOG_ESS, "POLICMAN: (Container Creation) Could not create/get pointer to %S : 0x%x\n", (BSTR)bstrType, hres));
|
|
return hres;
|
|
}
|
|
|
|
hres = GetOrCreateObj(pWMIPolicyObj, bstrSom, pADsContainer);
|
|
if(FAILED(hres))
|
|
{
|
|
ERRORTRACE((LOG_ESS, "POLICMAN: (Container Creation) Could not create/get pointer to %S : 0x%x\n", (BSTR)bstrSom, hres));
|
|
return hres;
|
|
}
|
|
|
|
hres = GetOrCreateObj(pWMIPolicyObj, bstrGPO, pADsContainer);
|
|
if(FAILED(hres))
|
|
{
|
|
ERRORTRACE((LOG_ESS, "POLICMAN: (Container Creation) Could not create/get pointer to %S : 0x%x\n", (BSTR)bstrGPO, hres));
|
|
return hres;
|
|
}
|
|
}
|
|
|
|
return S_OK;
|
|
}
|
|
|
|
extern "C" STDAPI CreateADContainers(void)
|
|
{
|
|
HRESULT
|
|
hres = WBEM_E_FAILED;
|
|
|
|
// **** init process context
|
|
|
|
CoInitialize(NULL);
|
|
|
|
CoInitializeSecurity (NULL, -1, NULL, NULL,
|
|
RPC_C_AUTHN_LEVEL_NONE, RPC_C_IMP_LEVEL_IMPERSONATE, NULL,
|
|
EOAC_NONE, NULL);
|
|
|
|
try
|
|
{
|
|
hres = InScopeOfCOM_CreateADContainers();
|
|
}
|
|
catch(...)
|
|
{
|
|
// **** error
|
|
|
|
return WBEM_E_FAILED;
|
|
}
|
|
|
|
// **** if we returned successfully, then remove the run key
|
|
|
|
if(SUCCEEDED(hres))
|
|
{
|
|
wchar_t
|
|
swKeyValue[] = L"RUNDLL32.EXE %systemroot%\\system32\\wbem\\policman.dll,CreateADContainers",
|
|
swExpandedKeyValue[512],
|
|
swRunOnceKey[] = REG_RUN_KEY ;
|
|
|
|
HKEY
|
|
hkRunOnce;
|
|
|
|
LONG
|
|
lReturnCode;
|
|
|
|
lReturnCode = RegOpenKeyEx(HKEY_LOCAL_MACHINE, swRunOnceKey, 0, KEY_SET_VALUE, &hkRunOnce);
|
|
|
|
if(ERROR_SUCCESS == lReturnCode)
|
|
{
|
|
lReturnCode = RegDeleteValue(hkRunOnce, L"PolicMan");
|
|
|
|
if(ERROR_SUCCESS != lReturnCode)
|
|
{
|
|
// error
|
|
}
|
|
|
|
RegCloseKey(hkRunOnce);
|
|
}
|
|
}
|
|
|
|
// **** cleanup and shutdown
|
|
|
|
CoUninitialize();
|
|
|
|
return S_OK;
|
|
}
|