You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1921 lines
58 KiB
1921 lines
58 KiB
#include "stdafx.h"
|
|
#include <ole2.h>
|
|
#include "iadm.h"
|
|
#include "iiscnfgp.h"
|
|
#include "mdkey.h"
|
|
#include "mdacl.h"
|
|
#include "inetinfo.h"
|
|
#include "log.h"
|
|
#include "svc.h"
|
|
#include "dcomperm.h"
|
|
#include "setpass.h"
|
|
#include "comncomp.hxx"
|
|
#include <comadmin.h> // CLSID_COMAdminCatalog
|
|
#include <Sddl.h>
|
|
#include <acl.hxx>
|
|
#include "webcomp.hxx"
|
|
|
|
typedef TCHAR USERNAME_STRING_TYPE[MAX_PATH];
|
|
typedef TCHAR PASSWORD_STRING_TYPE[LM20_PWLEN+1];
|
|
typedef enum {
|
|
GUFM_SUCCESS,
|
|
GUFM_NO_PATH,
|
|
GUFM_NO_PASSWORD,
|
|
GUFM_NO_USER_ID
|
|
} GUFM_RETURN;
|
|
#define OPEN_TIMEOUT_VALUE 30000
|
|
#define MD_SET_DATA_RECORD_EXT(PMDR, ID, ATTR, UTYPE, DTYPE, DLEN, PD) \
|
|
{ \
|
|
(PMDR)->dwMDIdentifier=ID; \
|
|
(PMDR)->dwMDAttributes=ATTR; \
|
|
(PMDR)->dwMDUserType=UTYPE; \
|
|
(PMDR)->dwMDDataType=DTYPE; \
|
|
(PMDR)->dwMDDataLen=DLEN; \
|
|
(PMDR)->pbMDData=(PBYTE)PD; \
|
|
}
|
|
|
|
#define SYSPREP_TEMPFILE_NAME _T("IISSysPr.tmp")
|
|
#define SYSPREP_KNOWN_SECTION_NAME _T("paths")
|
|
#define SYSPREP_KNOWN_REGISTRY_KEY _T("SysPrepIISInfo")
|
|
#define SYSPREP_KNOWN_REGISTRY_KEY2 _T("SysPrepIISInfoStage")
|
|
#define SYSPREP_TEMP_PASSWORD_LENGTH 256
|
|
#define SYSPREP_USE_SECRETS
|
|
|
|
#define REG_ENABLEPASSSYNC_KEY _T("SOFTWARE\\Microsoft\\InetStp")
|
|
#define REG_ENABLEPASSSYNC_VALUE _T("EnableUserAccountRestorePassSync")
|
|
|
|
DWORD AddUserToMetabaseACL2( CSecurityDescriptor *pSD, LPTSTR szUserToAdd, LPTSTR szSidString, ACCESS_ALLOWED_ACE * MyACEInfo);
|
|
HRESULT RemoveMetabaseACL( LPCTSTR szPath );
|
|
|
|
#ifndef _CHICAGO_
|
|
HRESULT
|
|
UpdateComApplications(
|
|
IMSAdminBase2 * pcCom,
|
|
LPCTSTR szWamUserName,
|
|
LPCTSTR szWamUserPass
|
|
)
|
|
/*++
|
|
Routine Description:
|
|
|
|
If the IWAM account has been modified, it is necessary to update the
|
|
the out of process com+ applications with the correct account
|
|
information. This routine will collect all the com+ applications and
|
|
reset the activation information.
|
|
|
|
Arguments:
|
|
|
|
pcCom - metabase object
|
|
szWamUserName - the new user name
|
|
szWamUserPass - the new user password
|
|
|
|
Note:
|
|
|
|
This routine is a royal pain in the butt. I take back
|
|
all the good things I may have said about com automation.
|
|
|
|
Return Value:
|
|
|
|
HRESULT - Return value from failed API call
|
|
- E_OUTOFMEMORY
|
|
- S_OK - everything worked
|
|
- S_FALSE - encountered a non-fatal error, unable
|
|
to reset at least one application.
|
|
--*/
|
|
{
|
|
HRESULT hr = NOERROR;
|
|
BOOL fNoErrors = TRUE;
|
|
|
|
METADATA_HANDLE hMetabase = NULL;
|
|
WCHAR * pwszDataPaths = NULL;
|
|
DWORD cchDataPaths = 0;
|
|
BOOL fTryAgain;
|
|
DWORD cMaxApplications;
|
|
WCHAR * pwszCurrentPath;
|
|
|
|
SAFEARRAY * psaApplications = NULL;
|
|
SAFEARRAYBOUND rgsaBound[1];
|
|
DWORD cApplications;
|
|
VARIANT varAppKey;
|
|
LONG rgIndices[1];
|
|
|
|
METADATA_RECORD mdrAppIsolated;
|
|
METADATA_RECORD mdrAppPackageId;
|
|
DWORD dwAppIsolated;
|
|
WCHAR wszAppPackageId[ 40 ];
|
|
DWORD dwMDGetDataLen = 0;
|
|
|
|
ICOMAdminCatalog * pComCatalog = NULL;
|
|
ICatalogCollection * pComAppCollection = NULL;
|
|
ICatalogObject * pComApp = NULL;
|
|
BSTR bstrAppCollectionName = NULL;
|
|
LONG nAppsInCollection;
|
|
LONG iCurrentApp;
|
|
LONG nChanges;
|
|
|
|
VARIANT varOldAppIdentity;
|
|
VARIANT varNewAppIdentity;
|
|
VARIANT varNewAppPassword;
|
|
|
|
// This is built unicode right now. Since all the com apis I need
|
|
// are unicode only I'm using wide characters here. I should get
|
|
// plenty of compiler errors if _UNICODE isn't defined, but just
|
|
// in case....
|
|
DBG_ASSERT( sizeof(TCHAR) == sizeof(WCHAR) );
|
|
|
|
iisDebugOut((LOG_TYPE_TRACE, _T("UpdateComApplications():start\n")));
|
|
|
|
// Init variants
|
|
VariantInit( &varAppKey );
|
|
VariantInit( &varOldAppIdentity );
|
|
VariantInit( &varNewAppIdentity );
|
|
VariantInit( &varNewAppPassword );
|
|
|
|
//
|
|
// Get the applications to be reset by querying the metabase paths
|
|
//
|
|
hr = pcCom->OpenKey( METADATA_MASTER_ROOT_HANDLE,
|
|
L"LM/W3SVC",
|
|
METADATA_PERMISSION_READ,
|
|
OPEN_TIMEOUT_VALUE,
|
|
&hMetabase
|
|
);
|
|
if( FAILED(hr) )
|
|
{
|
|
iisDebugOut((LOG_TYPE_ERROR, _T("Failed to open metabase (%08x)\n"),hr));
|
|
goto cleanup;
|
|
}
|
|
|
|
// Get the data paths string
|
|
|
|
fTryAgain = TRUE;
|
|
do
|
|
{
|
|
hr = pcCom->GetDataPaths( hMetabase,
|
|
NULL,
|
|
MD_APP_PACKAGE_ID,
|
|
STRING_METADATA,
|
|
cchDataPaths,
|
|
pwszDataPaths,
|
|
&cchDataPaths
|
|
);
|
|
|
|
if( HRESULT_FROM_WIN32(ERROR_INSUFFICIENT_BUFFER) == hr )
|
|
{
|
|
delete[] pwszDataPaths;
|
|
pwszDataPaths = NULL;
|
|
|
|
pwszDataPaths = new WCHAR[cchDataPaths];
|
|
if( !pwszDataPaths )
|
|
{
|
|
hr = E_OUTOFMEMORY;
|
|
goto cleanup;
|
|
}
|
|
}
|
|
else
|
|
{
|
|
fTryAgain = FALSE;
|
|
}
|
|
}
|
|
while( fTryAgain );
|
|
|
|
if( FAILED(hr) )
|
|
{
|
|
iisDebugOut((LOG_TYPE_ERROR, _T("Failed to find metadata (%08x) Data(%d)\n"),hr,MD_APP_PACKAGE_ID));
|
|
goto cleanup;
|
|
}
|
|
else if (pwszDataPaths == NULL)
|
|
{
|
|
//
|
|
// If we found no isolated apps, make the path list an empty multisz
|
|
//
|
|
cchDataPaths = 1;
|
|
pwszDataPaths = new WCHAR[cchDataPaths];
|
|
if( !pwszDataPaths )
|
|
{
|
|
hr = E_OUTOFMEMORY;
|
|
goto cleanup;
|
|
}
|
|
pwszDataPaths[0] = L'\0';
|
|
}
|
|
|
|
// Determine the maximum number of applications
|
|
|
|
cMaxApplications = 1; // The pooled application
|
|
|
|
for( pwszCurrentPath = pwszDataPaths;
|
|
*pwszCurrentPath != L'\0';
|
|
pwszCurrentPath += wcslen(pwszCurrentPath) + 1
|
|
)
|
|
{
|
|
cMaxApplications++;
|
|
}
|
|
|
|
//
|
|
// Build a key array and load the com applications.
|
|
//
|
|
|
|
// Create an array to hold the keys
|
|
|
|
rgsaBound[0].cElements = cMaxApplications;
|
|
rgsaBound[0].lLbound = 0;
|
|
|
|
psaApplications = SafeArrayCreate( VT_VARIANT, 1, rgsaBound );
|
|
if( psaApplications == NULL )
|
|
{
|
|
hr = E_OUTOFMEMORY;
|
|
goto cleanup;
|
|
}
|
|
|
|
// Set the out of process pool application key
|
|
varAppKey.vt = VT_BSTR;
|
|
varAppKey.bstrVal = SysAllocString( W3_OOP_POOL_PACKAGE_ID );
|
|
if( !varAppKey.bstrVal )
|
|
{
|
|
hr = E_OUTOFMEMORY;
|
|
goto cleanup;
|
|
}
|
|
|
|
rgIndices[0] = 0;
|
|
hr = SafeArrayPutElement( psaApplications, rgIndices, &varAppKey );
|
|
if( FAILED(hr) )
|
|
{
|
|
iisDebugOut((LOG_TYPE_ERROR, _T("Failed setting an element in a safe array (%08x)\n"),hr));
|
|
goto cleanup;
|
|
}
|
|
|
|
// For each of the application paths determine if an out of process
|
|
// application is defined there and set the appropriate key into
|
|
// our array
|
|
|
|
MD_SET_DATA_RECORD_EXT( &mdrAppIsolated,
|
|
MD_APP_ISOLATED,
|
|
METADATA_NO_ATTRIBUTES,
|
|
ALL_METADATA,
|
|
DWORD_METADATA,
|
|
sizeof(DWORD),
|
|
(PBYTE)&dwAppIsolated
|
|
);
|
|
|
|
MD_SET_DATA_RECORD_EXT( &mdrAppPackageId,
|
|
MD_APP_PACKAGE_ID,
|
|
METADATA_NO_ATTRIBUTES,
|
|
ALL_METADATA,
|
|
STRING_METADATA,
|
|
sizeof(wszAppPackageId),
|
|
(PBYTE)wszAppPackageId
|
|
);
|
|
|
|
wszAppPackageId[0] = L'\0';
|
|
|
|
// Go through each data path and set it into our array if
|
|
// it is an isolated application
|
|
|
|
cApplications = 1; // Actual # of applications - 1 for pool
|
|
|
|
for( pwszCurrentPath = pwszDataPaths;
|
|
*pwszCurrentPath != L'\0';
|
|
pwszCurrentPath += wcslen(pwszCurrentPath) + 1
|
|
)
|
|
{
|
|
hr = pcCom->GetData( hMetabase,
|
|
pwszCurrentPath,
|
|
&mdrAppIsolated,
|
|
&dwMDGetDataLen
|
|
);
|
|
if( FAILED(hr) )
|
|
{
|
|
iisDebugOut(( LOG_TYPE_ERROR,
|
|
_T("Failed to get data from the metabase (%08x) Path(%S) Data(%d)\n"),
|
|
hr,
|
|
pwszCurrentPath,
|
|
mdrAppIsolated.dwMDIdentifier
|
|
));
|
|
|
|
fNoErrors = FALSE;
|
|
continue;
|
|
}
|
|
|
|
// Is the application out of process
|
|
if( dwAppIsolated == 1 )
|
|
{
|
|
// Get the application id
|
|
|
|
hr = pcCom->GetData( hMetabase,
|
|
pwszCurrentPath,
|
|
&mdrAppPackageId,
|
|
&dwMDGetDataLen
|
|
);
|
|
if( FAILED(hr) )
|
|
{
|
|
iisDebugOut(( LOG_TYPE_ERROR,
|
|
_T("Failed to get data from the metabase (%08x) Path(%S) Data(%d)\n"),
|
|
hr,
|
|
pwszCurrentPath,
|
|
mdrAppPackageId.dwMDIdentifier
|
|
));
|
|
|
|
fNoErrors = FALSE;
|
|
continue;
|
|
}
|
|
|
|
// Add the application id to the array
|
|
|
|
VariantClear( &varAppKey );
|
|
varAppKey.vt = VT_BSTR;
|
|
varAppKey.bstrVal = SysAllocString( wszAppPackageId );
|
|
if( !varAppKey.bstrVal )
|
|
{
|
|
hr = E_OUTOFMEMORY;
|
|
goto cleanup;
|
|
}
|
|
|
|
rgIndices[0]++;
|
|
hr = SafeArrayPutElement( psaApplications,
|
|
rgIndices,
|
|
&varAppKey
|
|
);
|
|
if( FAILED(hr) )
|
|
{
|
|
iisDebugOut(( LOG_TYPE_ERROR,
|
|
_T("Failed to set safe array element (%08x)\n"),
|
|
hr
|
|
));
|
|
VariantClear( &varAppKey );
|
|
rgIndices[0]--;
|
|
fNoErrors = FALSE;
|
|
continue;
|
|
}
|
|
cApplications++;
|
|
}
|
|
}
|
|
|
|
// Done with the metabase
|
|
pcCom->CloseKey(hMetabase);
|
|
hMetabase = NULL;
|
|
|
|
// Shrink the size of the safe-array if necessary
|
|
if( cApplications < cMaxApplications )
|
|
{
|
|
rgsaBound[0].cElements = cApplications;
|
|
|
|
hr = SafeArrayRedim( psaApplications, rgsaBound );
|
|
if( FAILED(hr) )
|
|
{
|
|
iisDebugOut(( LOG_TYPE_ERROR,
|
|
_T("Failed to redim safe array (%08x)\n"),
|
|
hr
|
|
));
|
|
goto cleanup;
|
|
}
|
|
}
|
|
|
|
//
|
|
// For each application reset the activation identity
|
|
//
|
|
|
|
// Use our key array to get the application collection
|
|
|
|
hr = CoCreateInstance( CLSID_COMAdminCatalog,
|
|
NULL,
|
|
CLSCTX_SERVER,
|
|
IID_ICOMAdminCatalog,
|
|
(void**)&pComCatalog
|
|
);
|
|
if( FAILED(hr) )
|
|
{
|
|
iisDebugOut(( LOG_TYPE_ERROR,
|
|
_T("Failed to create COM catalog (%08x)\n"),
|
|
hr
|
|
));
|
|
goto cleanup;
|
|
}
|
|
|
|
hr = pComCatalog->GetCollection( L"Applications",
|
|
(IDispatch **)&pComAppCollection
|
|
);
|
|
if( FAILED(hr) )
|
|
{
|
|
iisDebugOut(( LOG_TYPE_ERROR,
|
|
_T("Failed to get Applications collection (%08x)\n"),
|
|
hr
|
|
));
|
|
goto cleanup;
|
|
}
|
|
|
|
hr = pComAppCollection->PopulateByKey( psaApplications );
|
|
if( FAILED(hr) )
|
|
{
|
|
iisDebugOut(( LOG_TYPE_ERROR,
|
|
_T("Failed to populate Applications collection (%08x)\n"),
|
|
hr
|
|
));
|
|
goto cleanup;
|
|
}
|
|
|
|
// Iterate over the application collection and update all the
|
|
// applications that use IWAM.
|
|
|
|
hr = pComAppCollection->get_Count( &nAppsInCollection );
|
|
if( FAILED(hr) )
|
|
{
|
|
iisDebugOut(( LOG_TYPE_ERROR,
|
|
_T("Failed to get Applications count (%08x)\n"),
|
|
hr
|
|
));
|
|
goto cleanup;
|
|
}
|
|
|
|
// Init our new app identity and password.
|
|
|
|
varNewAppIdentity.vt = VT_BSTR;
|
|
varNewAppIdentity.bstrVal = SysAllocString( szWamUserName );
|
|
if( !varNewAppIdentity.bstrVal )
|
|
{
|
|
hr = E_OUTOFMEMORY;
|
|
goto cleanup;
|
|
}
|
|
|
|
varNewAppPassword.vt = VT_BSTR;
|
|
varNewAppPassword.bstrVal = SysAllocString( szWamUserPass );
|
|
if( !varNewAppPassword.bstrVal )
|
|
{
|
|
hr = E_OUTOFMEMORY;
|
|
goto cleanup;
|
|
}
|
|
|
|
for( iCurrentApp = 0; iCurrentApp < nAppsInCollection; ++iCurrentApp )
|
|
{
|
|
if( pComApp )
|
|
{
|
|
pComApp->Release();
|
|
pComApp = NULL;
|
|
}
|
|
if( varOldAppIdentity.vt != VT_EMPTY )
|
|
{
|
|
VariantClear( &varOldAppIdentity );
|
|
}
|
|
|
|
hr = pComAppCollection->get_Item( iCurrentApp,
|
|
(IDispatch **)&pComApp );
|
|
if( FAILED(hr) )
|
|
{
|
|
iisDebugOut(( LOG_TYPE_ERROR,
|
|
_T("Failed to get item from Applications collection (%08x)\n"),
|
|
hr
|
|
));
|
|
fNoErrors = FALSE;
|
|
continue;
|
|
}
|
|
|
|
// If the user has set this to something other than the IWAM_
|
|
// user, then we will respect that and not reset the identiy.
|
|
|
|
hr = pComApp->get_Value( L"Identity", &varOldAppIdentity );
|
|
if( FAILED(hr) )
|
|
{
|
|
iisDebugOut(( LOG_TYPE_ERROR,
|
|
_T("Failed to get Identify from Application (%08x)\n"),
|
|
hr
|
|
));
|
|
fNoErrors = FALSE;
|
|
continue;
|
|
}
|
|
|
|
DBG_ASSERT( varOldAppIdentity.vt == VT_BSTR );
|
|
if( varOldAppIdentity.vt == VT_BSTR )
|
|
{
|
|
if( memcmp( L"IWAM_", varOldAppIdentity.bstrVal, 10 ) == 0 )
|
|
{
|
|
hr = pComApp->put_Value( L"Identity", varNewAppIdentity );
|
|
if( FAILED(hr) )
|
|
{
|
|
iisDebugOut(( LOG_TYPE_ERROR,
|
|
_T("Failed to set new Identify (%08x)\n"),
|
|
hr
|
|
));
|
|
fNoErrors = FALSE;
|
|
continue;
|
|
}
|
|
|
|
hr = pComApp->put_Value( L"Password", varNewAppPassword );
|
|
if( FAILED(hr) )
|
|
{
|
|
iisDebugOut(( LOG_TYPE_ERROR,
|
|
_T("Failed to set new Password (%08x)\n"),
|
|
hr
|
|
));
|
|
fNoErrors = FALSE;
|
|
continue;
|
|
}
|
|
}
|
|
else
|
|
{
|
|
DBGINFO(( DBG_CONTEXT,
|
|
"Unrecognized application identity (%S)\n",
|
|
varOldAppIdentity.bstrVal
|
|
));
|
|
}
|
|
}
|
|
}
|
|
|
|
hr = pComAppCollection->SaveChanges( &nChanges );
|
|
if( FAILED(hr) )
|
|
{
|
|
iisDebugOut(( LOG_TYPE_ERROR,
|
|
_T("Failed to save changes (%08x)\n"),
|
|
hr
|
|
));
|
|
goto cleanup;
|
|
}
|
|
|
|
goto cleanup;
|
|
|
|
cleanup:
|
|
|
|
if( hMetabase != NULL )
|
|
{
|
|
pcCom->CloseKey(hMetabase);
|
|
}
|
|
|
|
if( psaApplications != NULL )
|
|
{
|
|
SafeArrayDestroy( psaApplications );
|
|
}
|
|
|
|
if( pComCatalog != NULL )
|
|
{
|
|
pComCatalog->Release();
|
|
}
|
|
|
|
if( pComAppCollection != NULL )
|
|
{
|
|
pComAppCollection->Release();
|
|
}
|
|
|
|
if( pComApp != NULL )
|
|
{
|
|
pComApp->Release();
|
|
}
|
|
|
|
if( varAppKey.vt != VT_EMPTY )
|
|
{
|
|
VariantClear( &varAppKey );
|
|
}
|
|
|
|
if( varOldAppIdentity.vt != VT_EMPTY )
|
|
{
|
|
VariantClear( &varOldAppIdentity );
|
|
}
|
|
|
|
if( varNewAppIdentity.vt != VT_EMPTY )
|
|
{
|
|
VariantClear( &varNewAppIdentity );
|
|
}
|
|
|
|
if( varNewAppPassword.vt != VT_EMPTY )
|
|
{
|
|
VariantClear( &varNewAppPassword );
|
|
}
|
|
|
|
delete [] pwszDataPaths;
|
|
|
|
iisDebugOut((LOG_TYPE_TRACE, _T("UpdateComApplications():end\n")));
|
|
|
|
// return
|
|
if( FAILED(hr) )
|
|
{
|
|
return hr;
|
|
}
|
|
else if( fNoErrors == FALSE )
|
|
{
|
|
return S_FALSE;
|
|
}
|
|
else
|
|
{
|
|
return S_OK;
|
|
}
|
|
}
|
|
|
|
|
|
GUFM_RETURN GetUserFromMetabase(IMSAdminBase2 *pcCom,
|
|
LPWSTR pszPath,
|
|
DWORD dwUserMetaId,
|
|
DWORD dwPasswordMetaId,
|
|
USERNAME_STRING_TYPE ustUserBuf,
|
|
PASSWORD_STRING_TYPE pstPasswordBuf)
|
|
{
|
|
|
|
HRESULT hresTemp;
|
|
GUFM_RETURN gufmReturn = GUFM_SUCCESS;
|
|
METADATA_RECORD mdrData;
|
|
DWORD dwRequiredDataLen;
|
|
|
|
METADATA_HANDLE mhOpenHandle;
|
|
|
|
|
|
hresTemp = pcCom->OpenKey(METADATA_MASTER_ROOT_HANDLE,
|
|
pszPath,
|
|
METADATA_PERMISSION_READ,
|
|
OPEN_TIMEOUT_VALUE,
|
|
&mhOpenHandle);
|
|
if (FAILED(hresTemp)) {
|
|
gufmReturn = GUFM_NO_PATH;
|
|
}
|
|
else {
|
|
MD_SET_DATA_RECORD_EXT(&mdrData,
|
|
dwUserMetaId,
|
|
METADATA_NO_ATTRIBUTES,
|
|
ALL_METADATA,
|
|
STRING_METADATA,
|
|
MAX_PATH * sizeof(TCHAR),
|
|
(PBYTE)ustUserBuf)
|
|
|
|
hresTemp = pcCom->GetData(mhOpenHandle,
|
|
NULL,
|
|
&mdrData,
|
|
&dwRequiredDataLen);
|
|
|
|
if (FAILED(hresTemp) || (ustUserBuf[0] == (TCHAR)'\0')) {
|
|
gufmReturn = GUFM_NO_USER_ID;
|
|
}
|
|
else {
|
|
|
|
MD_SET_DATA_RECORD_EXT(&mdrData,
|
|
dwPasswordMetaId,
|
|
METADATA_NO_ATTRIBUTES,
|
|
ALL_METADATA,
|
|
STRING_METADATA,
|
|
MAX_PATH * sizeof(TCHAR),
|
|
(PBYTE)pstPasswordBuf)
|
|
|
|
hresTemp = pcCom->GetData(mhOpenHandle,
|
|
NULL,
|
|
&mdrData,
|
|
&dwRequiredDataLen);
|
|
if (FAILED(hresTemp)) {
|
|
gufmReturn = GUFM_NO_PASSWORD;
|
|
}
|
|
}
|
|
pcCom->CloseKey(mhOpenHandle);
|
|
}
|
|
|
|
return gufmReturn;
|
|
}
|
|
#endif
|
|
|
|
// ReRegisterDav
|
|
//
|
|
// This will re-register Dav. This is need after sysprep, so that the sids in the
|
|
// registry are correct.
|
|
//
|
|
BOOL
|
|
ReregisterDav()
|
|
{
|
|
TSTR_PATH strDavExe;
|
|
TSTR strCmdLine;
|
|
|
|
if ( !strDavExe.RetrieveSystemDir() ||
|
|
!strDavExe.PathAppend( _T("inetsrv") ) ||
|
|
!strDavExe.PathAppend( _T("davcdata.exe") ) ||
|
|
!strCmdLine.Copy( strDavExe ) ||
|
|
!strCmdLine.Append( _T(" /RegServer") ) )
|
|
{
|
|
// Failed to construct strings
|
|
return FALSE;
|
|
}
|
|
|
|
return RunProgram( strDavExe.QueryStr(), // Exe
|
|
strCmdLine.QueryStr(), // Parameters
|
|
TRUE, // Minimized
|
|
90, // Timeout, in seconds
|
|
FALSE ); // Do not create new console
|
|
}
|
|
|
|
HRESULT WINAPI SysPrepAclSyncIWam(void)
|
|
{
|
|
HRESULT hr = S_OK;
|
|
IMSAdminBase2 * pcCom;
|
|
|
|
iisDebugOut((LOG_TYPE_PROGRAM_FLOW, _T("start\n")));
|
|
|
|
hr = CoCreateInstance(CLSID_MSAdminBase,NULL,CLSCTX_ALL,IID_IMSAdminBase2,(void **) & pcCom);
|
|
if (SUCCEEDED(hr))
|
|
{
|
|
#ifndef _CHICAGO_
|
|
GUFM_RETURN gufmTemp;
|
|
PASSWORD_STRING_TYPE pstAnonyPass;
|
|
USERNAME_STRING_TYPE ustAnonyName;
|
|
|
|
pstAnonyPass[0] = (TCHAR)'\0';
|
|
ustAnonyName[0] = (TCHAR)'\0';
|
|
//
|
|
// Get the WAM username and password
|
|
//
|
|
gufmTemp = GetUserFromMetabase(pcCom,
|
|
TEXT("LM/W3SVC"),
|
|
MD_WAM_USER_NAME,
|
|
MD_WAM_PWD,
|
|
ustAnonyName,
|
|
pstAnonyPass);
|
|
|
|
UpdateComApplications(pcCom,ustAnonyName,pstAnonyPass);
|
|
#endif
|
|
pcCom->Release();
|
|
}
|
|
|
|
// Loop thru all the acl's
|
|
// and get the values, store it somewhere
|
|
|
|
iisDebugOut((LOG_TYPE_PROGRAM_FLOW, _T("end,ret=0x%x\n"),hr));
|
|
return hr;
|
|
}
|
|
|
|
// function: ChangeIUsrPasswords
|
|
//
|
|
// Change the IUsr Passwords after you have been sysprepped
|
|
//
|
|
// This is three steps:
|
|
// 1) Get the IUSR account name
|
|
// 2) Create a new password for it
|
|
// 3) Change the password at all locations with the username
|
|
//
|
|
BOOL ChangeIUsrPasswords()
|
|
{
|
|
CMDKey cmdKey;
|
|
TSTR strAnonymousPrefix;
|
|
CMDValue cmdAnonymousUserName;
|
|
CMDValue cmdCurrentUser;
|
|
LPTSTR pszNewPassword;
|
|
CString csPath;
|
|
LPTSTR szPath;
|
|
CStringList cslpathList;
|
|
POSITION pos;
|
|
BOOL bRet = TRUE;
|
|
|
|
if ( !strAnonymousPrefix.LoadString( IDS_GUEST_NAME ) ||
|
|
FAILED( cmdKey.OpenNode(TEXT("LM")) ) )
|
|
{
|
|
// Either of these is fatal
|
|
return FALSE;
|
|
}
|
|
|
|
// Find the anonymous username
|
|
if ( !cmdKey.GetData( cmdAnonymousUserName,
|
|
MD_ANONYMOUS_USER_NAME,
|
|
L"W3SVC" ) ||
|
|
( _tcsnicmp( strAnonymousPrefix.QueryStr(),
|
|
(LPTSTR) cmdAnonymousUserName.GetData(),
|
|
strAnonymousPrefix.QueryLen() ) != 0 ) )
|
|
{
|
|
// Either there was no anynmous user there, or they replace the IUSR_ username
|
|
return TRUE;
|
|
}
|
|
|
|
// Now update in all location
|
|
if (FAILED( cmdKey.GetDataPaths( MD_ANONYMOUS_USER_NAME,
|
|
STRING_METADATA,
|
|
cslpathList) ))
|
|
{
|
|
// Could not GetDataPaths for this value
|
|
return FALSE;
|
|
}
|
|
|
|
// Create new password
|
|
pszNewPassword = CreatePassword(LM20_PWLEN+1);
|
|
|
|
if ( !pszNewPassword )
|
|
{
|
|
// Could not create new password
|
|
return FALSE;
|
|
}
|
|
|
|
pos = cslpathList.GetHeadPosition();
|
|
|
|
while ( NULL != pos )
|
|
{
|
|
csPath = cslpathList.GetNext( pos );
|
|
szPath = csPath.GetBuffer(0);
|
|
|
|
if ( cmdKey.GetData( cmdCurrentUser, MD_ANONYMOUS_USER_NAME, szPath ),
|
|
( _tcsicmp( (LPTSTR) cmdAnonymousUserName.GetData(),
|
|
(LPTSTR) cmdCurrentUser.GetData() ) == 0 ) )
|
|
{
|
|
// We found a location with the username set
|
|
if ( FAILED( cmdKey.SetData( MD_ANONYMOUS_PWD,
|
|
METADATA_INHERIT | METADATA_SECURE,
|
|
IIS_MD_UT_FILE,
|
|
STRING_METADATA,
|
|
( _tcslen( pszNewPassword ) + 1 )*sizeof( TCHAR ),
|
|
(LPBYTE) pszNewPassword,
|
|
szPath ) ) )
|
|
{
|
|
// Failed to set correctly
|
|
bRet = FALSE;
|
|
}
|
|
}
|
|
}
|
|
|
|
if ( pszNewPassword )
|
|
{
|
|
GlobalFree(pszNewPassword);
|
|
}
|
|
|
|
return bRet;
|
|
}
|
|
|
|
// function: ReSetIWamIUsrPasswds
|
|
//
|
|
// This function Changes the IWAM and IUSR passwords the
|
|
// metabase. Then sets a reg entry, and stops and starts
|
|
// iisadmin. This causes iisadmin to reset the password in NT,
|
|
// and re sync the com objects.
|
|
//
|
|
// Return:
|
|
// TRUE - Succeeded
|
|
// FALSE - Failed
|
|
//
|
|
BOOL ReSetIWamIUsrPasswds(void)
|
|
{
|
|
DWORD dwType;
|
|
DWORD dwValue;
|
|
DWORD dwSize;
|
|
DWORD dwOldRegValue;
|
|
BOOL fOldRegWasSet = FALSE;
|
|
CMDKey cmdKey;
|
|
LPTSTR pszNewPassword = NULL;
|
|
HKEY hKey;
|
|
|
|
iisDebugOut((LOG_TYPE_TRACE, _T("ReSetIWamIUsrPasswds:start\n")));
|
|
|
|
if ( RegOpenKeyEx(HKEY_LOCAL_MACHINE,
|
|
REG_ENABLEPASSSYNC_KEY,
|
|
0,
|
|
KEY_READ | KEY_WRITE,
|
|
&hKey) != ERROR_SUCCESS)
|
|
{
|
|
// If we can not open the registry to set the flag,
|
|
// there is not hope in resetting the password
|
|
return FALSE;
|
|
}
|
|
|
|
if ( !ChangeIUsrPasswords() )
|
|
{
|
|
return FALSE;
|
|
}
|
|
|
|
cmdKey.OpenNode(TEXT("LM/W3SVC"));
|
|
|
|
// Set New IWAM Password
|
|
pszNewPassword = CreatePassword(LM20_PWLEN+1);
|
|
|
|
if ( pszNewPassword )
|
|
{
|
|
cmdKey.SetData(MD_WAM_PWD,METADATA_INHERIT | METADATA_SECURE,IIS_MD_UT_FILE,STRING_METADATA,(_tcslen(pszNewPassword)+1)*sizeof(TCHAR),(LPBYTE) pszNewPassword);
|
|
GlobalFree(pszNewPassword);
|
|
}
|
|
|
|
cmdKey.Close();
|
|
|
|
// Retrieve Old Value for REG_ENABLEPASSSYNC
|
|
dwSize = sizeof(DWORD);
|
|
if ( (RegQueryValueEx(hKey,REG_ENABLEPASSSYNC_VALUE,NULL,&dwType,(LPBYTE) &dwValue,&dwSize) == ERROR_SUCCESS) &&
|
|
(dwType == REG_DWORD)
|
|
)
|
|
{
|
|
fOldRegWasSet = TRUE;
|
|
dwOldRegValue = dwValue;
|
|
}
|
|
|
|
// Set New Value
|
|
dwSize = sizeof(DWORD);
|
|
dwType = REG_DWORD;
|
|
dwValue = 1;
|
|
if (RegSetValueEx(hKey,REG_ENABLEPASSSYNC_VALUE,0,dwType,(LPBYTE) &dwValue,dwSize) == ERROR_SUCCESS)
|
|
{
|
|
|
|
// Stop IISAdmin Service
|
|
StopServiceAndDependencies(TEXT("IISADMIN"), FALSE);
|
|
|
|
// Start IISAdmin Service (this will resync the passwords)
|
|
InetStartService(TEXT("IISADMIN"));
|
|
|
|
// We are going to reboot after installing, so don't
|
|
// worry about starting the services that we cascadingly
|
|
// stopped
|
|
|
|
// Reset the Key to the old value
|
|
if (fOldRegWasSet)
|
|
{
|
|
dwSize = sizeof(DWORD);
|
|
dwType = REG_DWORD;
|
|
RegSetValueEx(hKey,REG_ENABLEPASSSYNC_VALUE,0,dwType,(LPBYTE) &dwOldRegValue,dwSize);
|
|
}
|
|
else
|
|
{
|
|
RegDeleteValue(hKey,REG_ENABLEPASSSYNC_VALUE);
|
|
}
|
|
}
|
|
else
|
|
{
|
|
RegCloseKey(hKey);
|
|
return FALSE;
|
|
}
|
|
|
|
RegCloseKey(hKey);
|
|
|
|
return TRUE;
|
|
}
|
|
|
|
|
|
DWORD SysPrepTempfileWriteAclInfo(HANDLE hFile,CString csKeyPath)
|
|
{
|
|
DWORD dwReturn = ERROR_ACCESS_DENIED;
|
|
|
|
BOOL bFound = FALSE;
|
|
DWORD attr, uType, dType, cbLen;
|
|
CMDKey cmdKey;
|
|
BUFFER bufData;
|
|
PBYTE pData;
|
|
int BufSize;
|
|
|
|
PSECURITY_DESCRIPTOR pOldSd = NULL;
|
|
|
|
if (hFile == NULL || hFile == INVALID_HANDLE_VALUE)
|
|
{
|
|
return S_OK;
|
|
}
|
|
|
|
cmdKey.OpenNode(csKeyPath);
|
|
if ( (METADATA_HANDLE) cmdKey )
|
|
{
|
|
pData = (PBYTE)(bufData.QueryPtr());
|
|
BufSize = bufData.QuerySize();
|
|
cbLen = 0;
|
|
bFound = cmdKey.GetData(MD_ADMIN_ACL, &attr, &uType, &dType, &cbLen, pData, BufSize);
|
|
if (!bFound)
|
|
{
|
|
if (cbLen > 0)
|
|
{
|
|
if ( ! (bufData.Resize(cbLen)) )
|
|
{
|
|
iisDebugOut((LOG_TYPE_ERROR, _T("MDDumpAdminACL(): cmdKey.GetData. failed to resize to %d.!\n"), cbLen));
|
|
}
|
|
else
|
|
{
|
|
pData = (PBYTE)(bufData.QueryPtr());
|
|
BufSize = cbLen;
|
|
cbLen = 0;
|
|
bFound = cmdKey.GetData(MD_ADMIN_ACL, &attr, &uType, &dType, &cbLen, pData, BufSize);
|
|
}
|
|
}
|
|
}
|
|
cmdKey.Close();
|
|
|
|
if (bFound)
|
|
{
|
|
// dump out the info
|
|
// We've got the acl
|
|
pOldSd = (PSECURITY_DESCRIPTOR) pData;
|
|
if (IsValidSecurityDescriptor(pOldSd))
|
|
{
|
|
#ifndef _CHICAGO_
|
|
DumpAdminACL(hFile,pOldSd);
|
|
dwReturn = ERROR_SUCCESS;
|
|
#endif
|
|
}
|
|
}
|
|
else
|
|
{
|
|
dwReturn = ERROR_PATH_NOT_FOUND;
|
|
}
|
|
}
|
|
return dwReturn;
|
|
}
|
|
|
|
void SysPrepTempfileWrite(HANDLE hFile,TCHAR * szBuf)
|
|
{
|
|
DWORD dwBytesWritten = 0;
|
|
if (hFile != NULL && hFile != INVALID_HANDLE_VALUE)
|
|
{
|
|
if (WriteFile(hFile, szBuf, _tcslen(szBuf) * sizeof(TCHAR), &dwBytesWritten, NULL ) == FALSE )
|
|
{iisDebugOut((LOG_TYPE_WARN, _T("WriteFile Failed=0x%x.\n"), GetLastError()));}
|
|
}
|
|
return;
|
|
}
|
|
|
|
// Loop thru all the acl's
|
|
// and get the values, store it somewhere
|
|
HRESULT WINAPI SysPrepAclBackup(void)
|
|
{
|
|
HRESULT hRes = S_OK;
|
|
CMDKey cmdKey;
|
|
CStringList cslpathList;
|
|
POSITION pos;
|
|
CString csPath;
|
|
HANDLE hFile = INVALID_HANDLE_VALUE;
|
|
|
|
DWORD dwBytesWritten = 0;
|
|
TCHAR buf[256];
|
|
|
|
TCHAR szTempFileNameFull[_MAX_PATH];
|
|
|
|
iisDebugOut((LOG_TYPE_PROGRAM_FLOW, _T("start\n")));
|
|
|
|
hRes = cmdKey.OpenNode(_T("/"));
|
|
if ( FAILED(hRes) )
|
|
{
|
|
iisDebugOut((LOG_TYPE_ERROR, _T("OpenNode failed. err=0x%x.\n"), hRes));
|
|
goto SysPrepAclBackup_Exit;
|
|
}
|
|
|
|
// get the sub-paths that have the data on them
|
|
hRes = cmdKey.GetDataPaths( MD_ADMIN_ACL, BINARY_METADATA, cslpathList);
|
|
if ( FAILED(hRes) )
|
|
{
|
|
iisDebugOut((LOG_TYPE_ERROR, _T("Update()-GetDataPaths failed. err=0x%x.\n"), hRes));
|
|
goto SysPrepAclBackup_Exit;
|
|
}
|
|
|
|
// we now have the cstringlist of paths that need to be updated. Loop through the
|
|
// list and update them all.
|
|
// get the list's head position
|
|
pos = cslpathList.GetHeadPosition();
|
|
if ( NULL == pos )
|
|
{
|
|
goto SysPrepAclBackup_Exit;
|
|
}
|
|
|
|
// Create the tempfile
|
|
if (!GetWindowsDirectory(szTempFileNameFull,_MAX_PATH))
|
|
{
|
|
goto SysPrepAclBackup_Exit;
|
|
}
|
|
|
|
AddPath(szTempFileNameFull, SYSPREP_TEMPFILE_NAME);
|
|
if (GetFileAttributes(szTempFileNameFull) != 0xFFFFFFFF)
|
|
{
|
|
// if file already exists, then delete it
|
|
SetFileAttributes(szTempFileNameFull, FILE_ATTRIBUTE_NORMAL);
|
|
DeleteFile(szTempFileNameFull);
|
|
}
|
|
|
|
// create the file
|
|
hFile = CreateFile(szTempFileNameFull,GENERIC_READ | GENERIC_WRITE,FILE_SHARE_READ | FILE_SHARE_WRITE,NULL,OPEN_ALWAYS,FILE_ATTRIBUTE_NORMAL,NULL);
|
|
if (hFile == INVALID_HANDLE_VALUE)
|
|
{
|
|
hFile = NULL;
|
|
goto SysPrepAclBackup_Exit;
|
|
}
|
|
SetFilePointer( hFile, NULL, NULL, FILE_END );
|
|
|
|
// write a couple of bytes to the beginning of the file say that it's "unicode"
|
|
WriteFile(hFile, (LPCVOID) 0xFF, 1, &dwBytesWritten, NULL);
|
|
WriteFile(hFile, (LPCVOID) 0xFE, 1, &dwBytesWritten, NULL);
|
|
|
|
// write a section so that setupapi api's can read it
|
|
//
|
|
//[version]
|
|
//signature="$Windows NT$"
|
|
memset(buf, 0, _tcslen(buf) * sizeof(TCHAR));
|
|
_tcscpy(buf, _T("[version]\r\n"));SysPrepTempfileWrite(hFile, buf);
|
|
_tcscpy(buf, _T("signature=\"$Windows NT$\"\r\n"));SysPrepTempfileWrite(hFile, buf);
|
|
|
|
// Write in known section
|
|
_stprintf(buf, _T("[%s]\r\n"),SYSPREP_KNOWN_SECTION_NAME);SysPrepTempfileWrite(hFile, buf);
|
|
|
|
// Add entries for the [paths] section
|
|
// [paths]
|
|
// /
|
|
// /w3svc/info
|
|
// etc...
|
|
//
|
|
while ( NULL != pos )
|
|
{
|
|
// get the next path in question
|
|
csPath = cslpathList.GetNext( pos );
|
|
|
|
// Write to [paths] section
|
|
_stprintf(buf, _T("%s\r\n"),csPath);
|
|
SysPrepTempfileWrite(hFile, buf);
|
|
|
|
// Save this whole list to the tempfile....
|
|
//iisDebugOut((LOG_TYPE_PROGRAM_FLOW, _T("[%s]\n"),csPath));
|
|
}
|
|
|
|
// close the metabase
|
|
if ( (METADATA_HANDLE)cmdKey )
|
|
{cmdKey.Close();}
|
|
|
|
// go to the top of the list again
|
|
pos = cslpathList.GetHeadPosition();
|
|
while ( NULL != pos )
|
|
{
|
|
// get the next path in question
|
|
csPath = cslpathList.GetNext( pos );
|
|
|
|
// Write to [paths] section
|
|
_stprintf(buf, _T("[%s]\r\n"),csPath);
|
|
SysPrepTempfileWrite(hFile, buf);
|
|
|
|
// Get the info that we will add to this section from looking up the metabase...
|
|
// open up the metabase item for each of them.
|
|
// Grab the AdminACL data, convert it to username/permissions
|
|
// save the username/permission data into text format
|
|
SysPrepTempfileWriteAclInfo(hFile,csPath);
|
|
}
|
|
|
|
SysPrepAclBackup_Exit:
|
|
if ( (METADATA_HANDLE)cmdKey )
|
|
{cmdKey.Close();}
|
|
if (hFile)
|
|
{CloseHandle(hFile);}
|
|
iisDebugOut((LOG_TYPE_PROGRAM_FLOW, _T("end,ret=0x%x\n"),hRes));
|
|
return hRes;
|
|
}
|
|
|
|
|
|
|
|
void SysPrepRestoreAclSection(IN HINF hFile, IN LPCTSTR szSection)
|
|
{
|
|
LPTSTR szLine = NULL;
|
|
DWORD dwRequiredSize;
|
|
BOOL bRet = FALSE;
|
|
INFCONTEXT Context;
|
|
CSecurityDescriptor SD;
|
|
DWORD dwSize;
|
|
BUFFER buffNewSD;
|
|
TSTR strSid;
|
|
|
|
// go to the beginning of the section in the INF file
|
|
bRet = SetupFindFirstLine_Wrapped(hFile, szSection, NULL, &Context);
|
|
if (!bRet)
|
|
{
|
|
goto SysPrepRestoreAclSection_Exit;
|
|
}
|
|
|
|
// Start off by deleting the old ACL, since we do not want to add
|
|
// to it, we want to replace it
|
|
if ( FAILED( RemoveMetabaseACL( szSection ) ) )
|
|
{
|
|
iisDebugOut((LOG_TYPE_PROGRAM_FLOW, _T("RemoveMetabaseACL failed!!\n")));
|
|
}
|
|
|
|
// Set Group and Owner of SD
|
|
if ( !SD.SetOwnerbyWellKnownID( CSecurityDescriptor::GROUP_ADMINISTRATORS ) ||
|
|
!SD.SetGroupbyWellKnownID( CSecurityDescriptor::GROUP_ADMINISTRATORS ) )
|
|
{
|
|
iisDebugOut((LOG_TYPE_PROGRAM_FLOW, _T("Failed to initialize SD with owner and group, GLE=%8x\n"),GetLastError()));
|
|
goto SysPrepRestoreAclSection_Exit;
|
|
}
|
|
|
|
// loop through the items in the section.
|
|
while (bRet)
|
|
{
|
|
// get the size of the memory we need for this
|
|
bRet = SetupGetLineText(&Context, NULL, NULL, NULL, NULL, 0, &dwRequiredSize);
|
|
|
|
// prepare the buffer to receive the line
|
|
szLine = (LPTSTR)GlobalAlloc( GPTR, dwRequiredSize * sizeof(TCHAR) );
|
|
if ( !szLine )
|
|
{
|
|
goto SysPrepRestoreAclSection_Exit;
|
|
}
|
|
|
|
// get the line from the inf file1
|
|
if (SetupGetLineText(&Context, NULL, NULL, NULL, szLine, dwRequiredSize, NULL) == FALSE)
|
|
{
|
|
goto SysPrepRestoreAclSection_Exit;
|
|
}
|
|
|
|
// The line we get should look something like this:
|
|
//
|
|
//[/]
|
|
//IIS_WPG,0x0,0x0,0x24,0x400ab
|
|
//Administrators,0x0,0x0,0x18,0x400ab
|
|
//Everyone,0x0,0x0,0x14,0x8
|
|
|
|
// Get everything to the left of the "=" sign
|
|
// this should be the username
|
|
TCHAR szUserName[UNLEN + 1];
|
|
ACCESS_ALLOWED_ACE MyNewACE;
|
|
|
|
TCHAR *token = NULL;
|
|
token = _tcstok(szLine, _T(","));
|
|
if (token == NULL)
|
|
{
|
|
goto SysPrepRestoreAclSection_Exit;
|
|
}
|
|
// Get the username
|
|
_tcscpy(szUserName,token);
|
|
|
|
// Copy the String Sid
|
|
token = _tcstok(NULL, _T(","));
|
|
if ( (NULL == token) ||
|
|
!strSid.Copy( token ) )
|
|
{
|
|
goto SysPrepRestoreAclSection_Exit;
|
|
}
|
|
|
|
// Get the next 4 values...
|
|
token = _tcstok(NULL, _T(","));
|
|
if (NULL == token){goto SysPrepRestoreAclSection_Exit;}
|
|
MyNewACE.Header.AceType = (UCHAR) atodw(token);
|
|
|
|
token = _tcstok(NULL, _T(","));
|
|
if (NULL == token){goto SysPrepRestoreAclSection_Exit;}
|
|
MyNewACE.Header.AceFlags = (UCHAR) atodw(token);
|
|
|
|
token = _tcstok(NULL, _T(","));
|
|
if (NULL == token){goto SysPrepRestoreAclSection_Exit;}
|
|
MyNewACE.Header.AceSize = (USHORT) atodw(token);
|
|
|
|
token = _tcstok(NULL, _T(","));
|
|
if (NULL == token){goto SysPrepRestoreAclSection_Exit;}
|
|
MyNewACE.Mask = atodw(token);
|
|
|
|
//iisDebugOut((LOG_TYPE_TRACE, _T("NewACLinfo:%s,0x%x,0x%x,0x%x,0x%x\n"),szUserName,MyNewACE.Header.AceType,MyNewACE.Header.AceFlags,MyNewACE.Header.AceSize,MyNewACE.Mask));
|
|
|
|
// Grab this info and create an ACL for it.
|
|
if ( AddUserToMetabaseACL2( &SD, szUserName, strSid.QueryStr(), &MyNewACE) != ERROR_SUCCESS )
|
|
{
|
|
iisDebugOut((LOG_TYPE_ERROR, _T("Failed to restore metabase acl by adding '%s' to ACL at '%s', GLE=%8x)\n"),szUserName,szSection,GetLastError()));
|
|
return;
|
|
}
|
|
|
|
// find the next line in the section. If there is no next line it should return false
|
|
bRet = SetupFindNextLine(&Context, &Context);
|
|
|
|
// free the temporary buffer
|
|
GlobalFree( szLine );szLine=NULL;
|
|
szLine = NULL;
|
|
}
|
|
|
|
if ( !SD.CreateSelfRelativeSD( &buffNewSD, &dwSize ) )
|
|
{
|
|
// Failed to make selfrelative
|
|
iisDebugOut((LOG_TYPE_ERROR, _T("Failed to create SelfRelative SD at '%s', GLE=%8x)\n"),szSection,GetLastError()));
|
|
return;
|
|
}
|
|
|
|
WriteSDtoMetaBase( (PSECURITY_DESCRIPTOR) buffNewSD.QueryPtr(), szSection);
|
|
|
|
SysPrepRestoreAclSection_Exit:
|
|
if (szLine) {GlobalFree(szLine);szLine=NULL;}
|
|
return;
|
|
}
|
|
|
|
// Function: RemoveMetabaseACL
|
|
//
|
|
// Delete the Metabase ACL from the node specified
|
|
//
|
|
// Parameters:
|
|
// szPath - The node to delete it from
|
|
//
|
|
HRESULT RemoveMetabaseACL( LPCTSTR szPath )
|
|
{
|
|
DWORD hr;
|
|
CMDKey cmdKey;
|
|
|
|
iisDebugOut((LOG_TYPE_PROGRAM_FLOW, _T("RemoveMetabaseACL:start\n")));
|
|
|
|
hr = cmdKey.OpenNode( szPath );
|
|
|
|
if ( FAILED( hr ) )
|
|
{
|
|
// Failed to open Node
|
|
iisDebugOut((LOG_TYPE_PROGRAM_FLOW, _T("RemoveMetabaseACL: Open failed, hr = %8x\n"), hr));
|
|
return hr;
|
|
}
|
|
|
|
hr = cmdKey.DeleteData( MD_ADMIN_ACL, ALL_METADATA );
|
|
|
|
if ( FAILED( hr ) &&
|
|
( hr == MD_ERROR_DATA_NOT_FOUND ) )
|
|
{
|
|
iisDebugOut((LOG_TYPE_PROGRAM_FLOW, _T("RemoveMetabaseACL: Delete failed, hr = %8x\n"), hr));
|
|
// If the value did not exist, that is fine,
|
|
// we will just create a new one
|
|
hr = S_OK;
|
|
}
|
|
|
|
iisDebugOut((LOG_TYPE_PROGRAM_FLOW, _T("RemoveMetabaseACL: end\n")));
|
|
|
|
// Successfully removed
|
|
return hr;
|
|
}
|
|
|
|
DWORD AddUserToMetabaseACL2( CSecurityDescriptor *pSD, LPTSTR szUserToAdd, LPTSTR szSidString, ACCESS_ALLOWED_ACE * MyACEInfo)
|
|
{
|
|
DWORD dwReturn;
|
|
|
|
iisDebugOut((LOG_TYPE_TRACE_WIN32_API, _T("AddUserToMetabaseACL2():start. MyACEInfo->Mask=0x%x.\n"), MyACEInfo->Mask));
|
|
|
|
|
|
if ( !pSD->AddAccessAcebyName( szUserToAdd,
|
|
MyACEInfo->Mask,
|
|
MyACEInfo->Header.AceType == ACCESS_ALLOWED_ACE_TYPE ) )
|
|
{
|
|
// If we can not add by Username, then lets try to add by the old Sid
|
|
// since it might be a domain account we just can not get to
|
|
if ( !pSD->AddAccessAcebyStringSid( szSidString,
|
|
MyACEInfo->Mask,
|
|
MyACEInfo->Header.AceType == ACCESS_ALLOWED_ACE_TYPE ) )
|
|
{
|
|
// Failed to add user
|
|
dwReturn = GetLastError();
|
|
}
|
|
}
|
|
|
|
iisDebugOut((LOG_TYPE_TRACE_WIN32_API, _T("AddUserToMetabaseACL2():End. Return=0x%x.\n"), dwReturn ));
|
|
return ERROR_SUCCESS;
|
|
}
|
|
|
|
|
|
HRESULT WINAPI SysPrepAclRestore(void)
|
|
{
|
|
HRESULT hr = S_OK;
|
|
HINF InfHandle;
|
|
TCHAR szTempFileNameFull[_MAX_PATH];
|
|
CStringList strList;
|
|
CString csTheSection = SYSPREP_KNOWN_SECTION_NAME;
|
|
|
|
iisDebugOut((LOG_TYPE_PROGRAM_FLOW, _T("start\n")));
|
|
//MDDumpAdminACL(_T("/"));
|
|
|
|
// Loop thru our data file
|
|
// Create the tempfile
|
|
if (!GetWindowsDirectory(szTempFileNameFull,_MAX_PATH))
|
|
{
|
|
goto SysPrepAclRestore_Exit;
|
|
}
|
|
AddPath(szTempFileNameFull, SYSPREP_TEMPFILE_NAME);
|
|
|
|
// Get a handle to it.
|
|
InfHandle = SetupOpenInfFile(szTempFileNameFull, NULL, INF_STYLE_WIN4, NULL);
|
|
if(InfHandle == INVALID_HANDLE_VALUE)
|
|
{
|
|
goto SysPrepAclRestore_Exit;
|
|
}
|
|
|
|
if (ERROR_SUCCESS == FillStrListWithListOfSections(InfHandle, strList, csTheSection))
|
|
{
|
|
// loop thru the list returned back
|
|
if (strList.IsEmpty() == FALSE)
|
|
{
|
|
POSITION pos;
|
|
CString csEntry;
|
|
|
|
pos = strList.GetHeadPosition();
|
|
while (pos)
|
|
{
|
|
csEntry = strList.GetAt(pos);
|
|
|
|
// go get this section and read thru it's info
|
|
SysPrepRestoreAclSection(InfHandle, csEntry);
|
|
strList.GetNext(pos);
|
|
}
|
|
}
|
|
}
|
|
|
|
//MDDumpAdminACL(_T("/"));
|
|
|
|
if (GetFileAttributes(szTempFileNameFull) != 0xFFFFFFFF)
|
|
{
|
|
// if file already exists, then delete it
|
|
SetFileAttributes(szTempFileNameFull, FILE_ATTRIBUTE_NORMAL);
|
|
DeleteFile(szTempFileNameFull);
|
|
}
|
|
|
|
|
|
SysPrepAclRestore_Exit:
|
|
iisDebugOut((LOG_TYPE_PROGRAM_FLOW, _T("end,ret=0x%x\n"),hr));
|
|
return hr;
|
|
}
|
|
|
|
//
|
|
// DO NOT REMOVE THIS ENTRY POINT
|
|
//
|
|
// Entry point used by SysPrep in Whistler
|
|
//
|
|
// When sysprep runs, it is going to reset the machine sid
|
|
// so when that happens all the crypto stuff is broken.
|
|
// we had to implement this stuff so that before sysprep
|
|
// changes the sid (and thus breaking crypto) we can save our
|
|
// working metabase off somewhere (without crypto key encryption)
|
|
//
|
|
// At some point after sysprep has changed the machine sid
|
|
// it will call us into SysPrepRestore() and we wil restore
|
|
// our metabase using the new crypto keys on the machine.
|
|
//
|
|
HRESULT WINAPI SysPrepBackup(void)
|
|
{
|
|
HRESULT hr = S_OK;
|
|
WCHAR lpwszBackupLocation[_MAX_PATH];
|
|
DWORD dwMDVersion;
|
|
DWORD dwMDFlags;
|
|
WCHAR * pwszPassword = NULL;
|
|
BOOL bThingsAreGood = FALSE;
|
|
IMSAdminBase2 * pIMSAdminBase2 = NULL;
|
|
|
|
_tcscpy(g_MyLogFile.m_szLogPreLineInfo, _T("SysPrepBackup:"));
|
|
_tcscpy(g_MyLogFile.m_szLogPreLineInfo2, _T(""));
|
|
|
|
iisDebugOut((LOG_TYPE_PROGRAM_FLOW, _T("start\n")));
|
|
|
|
#ifndef _CHICAGO_
|
|
#ifdef SYSPREP_USE_SECRETS
|
|
#else
|
|
CRegKey regBigString(HKEY_LOCAL_MACHINE, REG_INETSTP, KEY_ALL_ACCESS);
|
|
#endif
|
|
#endif
|
|
// Check if the user who loaded this dll
|
|
// and is calling this entry point has the right priv to do this!
|
|
if (FALSE == RunningAsAdministrator())
|
|
{
|
|
hr = E_ABORT;
|
|
iisDebugOut((LOG_TYPE_ERROR, _T("No admin priv, aborting\n")));
|
|
goto SysPrepBackup_Exit2;
|
|
}
|
|
|
|
|
|
// if the service doesn't exist, then we don't have to do anyting
|
|
if (CheckifServiceExist(_T("IISADMIN")) != 0 )
|
|
{
|
|
iisDebugOut((LOG_TYPE_TRACE, _T("IIS not installed. do nothing.\n")));
|
|
hr = S_OK;
|
|
goto SysPrepBackup_Exit2;
|
|
}
|
|
|
|
// start the iisadmin service before calling backup.
|
|
// this is because if the backup function is called and the metabase is not
|
|
// running, then the metabase must startup while backup is trying to lock the
|
|
// metabase for backup. a race condition will happen and sometimes backup will
|
|
// fail since the metabase may take a while before starting up.
|
|
// this function will wait till the service is fully started before returning
|
|
InetStartService(_T("IISADMIN"));
|
|
|
|
#ifndef _CHICAGO_
|
|
pwszPassword = CreatePassword(SYSPREP_TEMP_PASSWORD_LENGTH);
|
|
if (pwszPassword)
|
|
{
|
|
#ifdef SYSPREP_USE_SECRETS
|
|
// calling set
|
|
if (ERROR_SUCCESS == SetSecret(SYSPREP_KNOWN_REGISTRY_KEY,pwszPassword))
|
|
{
|
|
bThingsAreGood = TRUE;
|
|
}
|
|
#else
|
|
if ((HKEY) regBigString)
|
|
{
|
|
regBigString.SetValue(SYSPREP_KNOWN_REGISTRY_KEY, pwszPassword);
|
|
bThingsAreGood = TRUE;
|
|
}
|
|
#endif
|
|
}
|
|
|
|
//iisDebugOut((LOG_TYPE_TRACE, _T("PASSWORD=%s,len=%d\n"),pwszPassword,wcslen(pwszPassword)));
|
|
#endif
|
|
|
|
// Tell the metabase where it should backup to.
|
|
wcscpy(lpwszBackupLocation,L"");
|
|
|
|
dwMDFlags = MD_BACKUP_OVERWRITE | MD_BACKUP_SAVE_FIRST | MD_BACKUP_FORCE_BACKUP;
|
|
dwMDVersion = MD_BACKUP_MAX_VERSION;
|
|
|
|
#ifndef _CHICAGO_
|
|
hr = CoInitializeEx( NULL, COINIT_MULTITHREADED );
|
|
#else
|
|
hr = CoInitialize(NULL);
|
|
#endif
|
|
// no need to call uninit
|
|
if( FAILED (hr))
|
|
{
|
|
iisDebugOut((LOG_TYPE_ERROR, _T("CoInitializeEx failed\n")));
|
|
goto SysPrepBackup_Exit2;
|
|
}
|
|
|
|
hr = ::CoCreateInstance(CLSID_MSAdminBase,NULL,CLSCTX_ALL,IID_IMSAdminBase2,(void **) & pIMSAdminBase2);
|
|
if(FAILED (hr))
|
|
{
|
|
iisDebugOut((LOG_TYPE_ERROR, _T("CoCreateInstance on IID_IMSAdminBase2 failed\n")));
|
|
goto SysPrepBackup_Exit;
|
|
}
|
|
|
|
// Call the metabase function
|
|
if (SUCCEEDED(hr))
|
|
{
|
|
iisDebugOut((LOG_TYPE_TRACE, _T("BackupWithPasswd calling...\n")));
|
|
if (bThingsAreGood)
|
|
{
|
|
//iisDebugOut((LOG_TYPE_TRACE, _T("using org\n")));
|
|
hr = pIMSAdminBase2->BackupWithPasswd(lpwszBackupLocation, dwMDVersion, dwMDFlags, pwszPassword);
|
|
}
|
|
else
|
|
{
|
|
//iisDebugOut((LOG_TYPE_TRACE, _T("using backup\n")));
|
|
hr = pIMSAdminBase2->BackupWithPasswd(lpwszBackupLocation, dwMDVersion, dwMDFlags, L"null");
|
|
}
|
|
if (pIMSAdminBase2)
|
|
{
|
|
pIMSAdminBase2->Release();
|
|
pIMSAdminBase2 = NULL;
|
|
}
|
|
if (SUCCEEDED(hr))
|
|
{
|
|
iisDebugOut((LOG_TYPE_TRACE, _T("BackupWithPasswd SUCCEEDED\n")));
|
|
}
|
|
else
|
|
{
|
|
iisDebugOut((LOG_TYPE_ERROR, _T("BackupWithPasswd failed\n")));
|
|
}
|
|
|
|
// Save all the acl info somewhere.
|
|
_tcscpy(g_MyLogFile.m_szLogPreLineInfo2, _T("SysPrepAclBackup"));
|
|
SysPrepAclBackup();
|
|
_tcscpy(g_MyLogFile.m_szLogPreLineInfo2, _T(""));
|
|
|
|
// set a flag to say that we called backup...
|
|
CRegKey regStageString(HKEY_LOCAL_MACHINE, REG_INETSTP, KEY_ALL_ACCESS);
|
|
if ((HKEY) regStageString)
|
|
{
|
|
regStageString.SetValue(SYSPREP_KNOWN_REGISTRY_KEY2, _T("1"));
|
|
}
|
|
}
|
|
|
|
SysPrepBackup_Exit:
|
|
CoUninitialize();
|
|
|
|
SysPrepBackup_Exit2:
|
|
if (pwszPassword) {GlobalFree(pwszPassword);pwszPassword=NULL;}
|
|
iisDebugOut((LOG_TYPE_PROGRAM_FLOW, _T("end,ret=0x%x\n"),hr));
|
|
_tcscpy(g_MyLogFile.m_szLogPreLineInfo, _T(""));
|
|
_tcscpy(g_MyLogFile.m_szLogPreLineInfo2, _T(""));
|
|
return hr;
|
|
}
|
|
|
|
//
|
|
// DO NOT REMOVE THIS ENTRY POINT
|
|
//
|
|
// Entry point used by SysPrep in Whistler
|
|
//
|
|
// When sysprep runs, it is going to reset the machine sid
|
|
// so when that happens all the crypto stuff is broken.
|
|
// we had to implement this stuff so that before sysprep
|
|
// changes the sid (and thus breaking crypto) we can save our
|
|
// working metabase off somewhere (without crypto key encryption)
|
|
//
|
|
// At some point after sysprep has changed the machine sid
|
|
// it will call us into SysPrepRestore() and we wil restore
|
|
// our metabase using the new crypto keys on the machine.
|
|
//
|
|
HRESULT WINAPI SysPrepRestore(void)
|
|
{
|
|
HRESULT hr = S_OK;
|
|
WCHAR lpwszBackupLocation[_MAX_PATH];
|
|
TCHAR szTempDir[_MAX_PATH];
|
|
TCHAR szSystemDir[_MAX_PATH];
|
|
DWORD dwMDVersion;
|
|
DWORD dwMDFlags;
|
|
TSTR strPassword;
|
|
IMSAdminBase2 * pIMSAdminBase2 = NULL;
|
|
BOOL bThingsAreGood = FALSE;
|
|
|
|
_tcscpy(g_MyLogFile.m_szLogPreLineInfo, _T("SysPrepRestore:"));
|
|
_tcscpy(g_MyLogFile.m_szLogPreLineInfo2, _T(""));
|
|
iisDebugOut((LOG_TYPE_PROGRAM_FLOW, _T("start\n")));
|
|
|
|
strPassword.MarkSensitiveData(TRUE);
|
|
|
|
#ifndef _CHICAGO_
|
|
#ifdef SYSPREP_USE_SECRETS
|
|
#else
|
|
CRegKey regBigString(HKEY_LOCAL_MACHINE, REG_INETSTP, KEY_ALL_ACCESS);
|
|
#endif
|
|
#endif
|
|
CRegKey regStageString(HKEY_LOCAL_MACHINE, REG_INETSTP, KEY_ALL_ACCESS);
|
|
iisDebugOut((LOG_TYPE_PROGRAM_FLOW, _T("SysPrepRestore start\n")));
|
|
|
|
// Check if the user who loaded this dll
|
|
// and is calling this entry point has the right priv to do this!
|
|
if (FALSE == RunningAsAdministrator())
|
|
{
|
|
hr = E_ABORT;
|
|
iisDebugOut((LOG_TYPE_ERROR, _T("No admin priv, aborting\n")));
|
|
goto SysPrepRestore_Exit2;
|
|
}
|
|
|
|
// Only do this restore stuff if backup was called...
|
|
|
|
if ((HKEY) regStageString)
|
|
{
|
|
CString csTheData;
|
|
regStageString.m_iDisplayWarnings = FALSE;
|
|
if ( regStageString.QueryValue(SYSPREP_KNOWN_REGISTRY_KEY2, csTheData) == ERROR_SUCCESS )
|
|
{
|
|
if (_tcsicmp(csTheData,_T("1")) == 0)
|
|
{
|
|
// Backup was run!
|
|
bThingsAreGood = TRUE;
|
|
}
|
|
else
|
|
{
|
|
bThingsAreGood = FALSE;
|
|
}
|
|
}
|
|
}
|
|
|
|
if (FALSE == bThingsAreGood)
|
|
{
|
|
// Lets get out.
|
|
iisDebugOut((LOG_TYPE_TRACE, _T("SysPrepBackup not called, so not doing SysPrepRestore. do nothing.\n")));
|
|
hr = S_OK;
|
|
goto SysPrepRestore_Exit2;
|
|
}
|
|
|
|
if ( !SetInstallStateInRegistry( INSTALLSTATE_CURRENTLYINSTALLING ) )
|
|
{
|
|
hr = E_ABORT;
|
|
iisDebugOut((LOG_TYPE_ERROR, _T("Could not set setup install state in registry, aborting\n")));
|
|
goto SysPrepRestore_Exit2;
|
|
}
|
|
|
|
// if the service doesn't exist, then we don't have to do anyting
|
|
if (CheckifServiceExist(_T("IISADMIN")) != 0 )
|
|
{
|
|
iisDebugOut((LOG_TYPE_TRACE, _T("SysPrepRestore IIS not installed. do nothing.\n")));
|
|
hr = S_OK;
|
|
goto SysPrepRestore_Exit2;
|
|
}
|
|
|
|
// make sure the iisadmin service is stopped.
|
|
StopServiceAndDependencies(_T("IISADMIN"), TRUE);
|
|
|
|
#ifndef _CHICAGO_
|
|
#ifdef SYSPREP_USE_SECRETS
|
|
if (GetSecret(SYSPREP_KNOWN_REGISTRY_KEY, &strPassword))
|
|
{
|
|
bThingsAreGood = TRUE;
|
|
}
|
|
#else
|
|
if ((HKEY) regBigString)
|
|
{
|
|
CString csTheData;
|
|
regBigString.m_iDisplayWarnings = FALSE;
|
|
if ( regBigString.QueryValue(SYSPREP_KNOWN_REGISTRY_KEY, csTheData) == ERROR_SUCCESS )
|
|
{
|
|
pwszPassword = (WCHAR *) GlobalAlloc (GPTR, (csTheData.GetLength() + 1) * sizeof(TCHAR) );
|
|
if (pwszPassword)
|
|
{
|
|
wcscpy(pwszPassword,csTheData);
|
|
bThingsAreGood = TRUE;
|
|
}
|
|
}
|
|
}
|
|
#endif
|
|
#endif
|
|
|
|
//iisDebugOut((LOG_TYPE_TRACE, _T("PASSWORD=%s,len=%d\n"),pwszPassword,wcslen(pwszPassword)));
|
|
|
|
|
|
// Tell the metabase where it should backup to.
|
|
wcscpy(lpwszBackupLocation,L"");
|
|
dwMDFlags = 0;
|
|
dwMDVersion = MD_BACKUP_MAX_VERSION;
|
|
|
|
//
|
|
// IISAdmin won't start up if the metabase.xml,mbschema.xml files are corrupted (bad signature)
|
|
// so delete them before restoring....
|
|
if (0 == GetSystemDirectory(szSystemDir, _MAX_PATH))
|
|
{
|
|
goto SysPrepRestore_Exit2;
|
|
}
|
|
|
|
// delete existing metabase files
|
|
// we can't have this file hanging around --> the metabase won't start if it is here!
|
|
|
|
// iis6 files -- for whistler server skus
|
|
_stprintf(szTempDir, _T("%s\\inetsrv\\Metabase.xml"),szSystemDir);
|
|
InetDeleteFile(szTempDir);
|
|
_stprintf(szTempDir, _T("%s\\inetsrv\\MBSchema.xml"),szSystemDir);
|
|
InetDeleteFile(szTempDir);
|
|
// iis51 files -- for whistler pro sku
|
|
_stprintf(szTempDir, _T("%s\\inetsrv\\metabase.bin"),szSystemDir);
|
|
InetDeleteFile(szTempDir);
|
|
|
|
#ifndef _CHICAGO_
|
|
hr = CoInitializeEx( NULL, COINIT_MULTITHREADED );
|
|
#else
|
|
hr = CoInitialize(NULL);
|
|
#endif
|
|
// no need to call uninit
|
|
if( FAILED (hr))
|
|
{
|
|
iisDebugOut((LOG_TYPE_ERROR, _T("CoInitializeEx failed\n")));
|
|
goto SysPrepRestore_Exit2;
|
|
}
|
|
hr = ::CoCreateInstance(CLSID_MSAdminBase,NULL,CLSCTX_ALL,IID_IMSAdminBase2,(void **) & pIMSAdminBase2);
|
|
if(FAILED (hr))
|
|
{
|
|
iisDebugOut((LOG_TYPE_ERROR, _T("CoCreateInstance on IID_IMSAdminBase2 failed\n")));
|
|
goto SysPrepRestore_Exit;
|
|
}
|
|
|
|
// Call the metabase function
|
|
if (SUCCEEDED(hr))
|
|
{
|
|
iisDebugOut((LOG_TYPE_TRACE, _T("RestoreWithPasswd calling...\n")));
|
|
if (bThingsAreGood)
|
|
{
|
|
//iisDebugOut((LOG_TYPE_TRACE, _T("using org\n")));
|
|
hr = pIMSAdminBase2->RestoreWithPasswd(lpwszBackupLocation, dwMDVersion, dwMDFlags, strPassword.QueryStr() );
|
|
}
|
|
else
|
|
{
|
|
//iisDebugOut((LOG_TYPE_TRACE, _T("using backup\n")));
|
|
hr = pIMSAdminBase2->RestoreWithPasswd(lpwszBackupLocation, dwMDVersion, dwMDFlags, L"null");
|
|
}
|
|
if (pIMSAdminBase2)
|
|
{
|
|
pIMSAdminBase2->Release();
|
|
pIMSAdminBase2 = NULL;
|
|
}
|
|
if (SUCCEEDED(hr))
|
|
{
|
|
|
|
// Delete the backup file that we used!
|
|
//MD_DEFAULT_BACKUP_LOCATION + ".md" + MD_BACKUP_MAX_VERSION
|
|
_stprintf(szTempDir, _T("%s\\inetsrv\\MetaBack\\%s.md%d"),szSystemDir,MD_DEFAULT_BACKUP_LOCATION,MD_BACKUP_MAX_VERSION);
|
|
InetDeleteFile(szTempDir);
|
|
_stprintf(szTempDir, _T("%s\\inetsrv\\MetaBack\\%s.sc%d"),szSystemDir,MD_DEFAULT_BACKUP_LOCATION,MD_BACKUP_MAX_VERSION);
|
|
InetDeleteFile(szTempDir);
|
|
iisDebugOut((LOG_TYPE_TRACE, _T("RestoreWithPasswd SUCCEEDED\n")));
|
|
#ifndef _CHICAGO_
|
|
#ifdef SYSPREP_USE_SECRETS
|
|
// we need to delete the Secret that we used here!
|
|
SetSecret(SYSPREP_KNOWN_REGISTRY_KEY,L" ");
|
|
#else
|
|
if ((HKEY) regBigString)
|
|
{
|
|
regBigString.DeleteValue(SYSPREP_KNOWN_REGISTRY_KEY);
|
|
}
|
|
#endif
|
|
#endif
|
|
|
|
// Do extra stuff
|
|
// like Re-applying the acl for the iis_wpg group to the "/" node
|
|
_tcscpy(g_MyLogFile.m_szLogPreLineInfo2, _T("SysPrepAclRestore"));
|
|
SysPrepAclRestore();
|
|
_tcscpy(g_MyLogFile.m_szLogPreLineInfo2, _T(""));
|
|
|
|
// syncronize wam with new iwam user
|
|
//_tcscpy(g_MyLogFile.m_szLogPreLineInfo2, _T("SysPrepAclSyncIWam"));
|
|
//SysPrepAclSyncIWam();
|
|
//_tcscpy(g_MyLogFile.m_szLogPreLineInfo2, _T(""));
|
|
|
|
// only delete this if restore ws success
|
|
if ((HKEY) regStageString)
|
|
{
|
|
regStageString.DeleteValue(SYSPREP_KNOWN_REGISTRY_KEY2);
|
|
}
|
|
|
|
}
|
|
else
|
|
{
|
|
iisDebugOut((LOG_TYPE_ERROR, _T("RestoreWithPasswd failed, with hr=0x%8x\n"),hr));
|
|
}
|
|
}
|
|
|
|
// Reset the passwords, and allow iisadmin to fix the com information
|
|
if (!ReSetIWamIUsrPasswds())
|
|
{
|
|
iisDebugOut((LOG_TYPE_WARN, _T("ReSetIWamIUsrPasswds was unable to reset IUSR and IWAM passwords\n")));
|
|
}
|
|
|
|
if ( !ReregisterDav() )
|
|
{
|
|
iisDebugOut((LOG_TYPE_WARN, _T("Failed to update DAV COM ACL's\n")));
|
|
}
|
|
|
|
SysPrepRestore_Exit:
|
|
CoUninitialize();
|
|
|
|
SysPrepRestore_Exit2:
|
|
SetInstallStateInRegistry( INSTALLSTATE_DONE );
|
|
iisDebugOut((LOG_TYPE_PROGRAM_FLOW, _T("end,ret=0x%x\n"),hr));
|
|
_tcscpy(g_MyLogFile.m_szLogPreLineInfo, _T(""));
|
|
_tcscpy(g_MyLogFile.m_szLogPreLineInfo2, _T(""));
|
|
return hr;
|
|
}
|
|
|
|
// ValidateWebRootDir
|
|
//
|
|
// Update the g_pTheApp->m_csPathWWWRoot
|
|
BOOL ValidateWebRootDir()
|
|
{
|
|
TSTR strWWWRootDir;
|
|
|
|
if ( !strWWWRootDir.Resize( MAX_PATH ) )
|
|
{
|
|
// Could not allocate space for this
|
|
return FALSE;
|
|
}
|
|
|
|
if ( GetDataFromMetabase(METABASEPATH_DEFAULTSITE, MD_VR_PATH, (PBYTE)strWWWRootDir.QueryStr(), strWWWRootDir.QuerySize()))
|
|
{
|
|
g_pTheApp->m_csPathWWWRoot = strWWWRootDir.QueryStr();
|
|
}
|
|
|
|
return TRUE;
|
|
}
|
|
|
|
// IsInstalled
|
|
//
|
|
// Check if the component is installed
|
|
//
|
|
BOOL
|
|
IsInstalled( LPTSTR szServiceName, LPBOOL pbIsInstalled )
|
|
{
|
|
DWORD dwRet;
|
|
|
|
dwRet = CheckifServiceExist( szServiceName );
|
|
|
|
if ( ( dwRet != ERROR_SUCCESS ) &&
|
|
( dwRet != ERROR_SERVICE_DOES_NOT_EXIST ) )
|
|
{
|
|
SetLastError( dwRet );
|
|
return FALSE;
|
|
}
|
|
|
|
*pbIsInstalled = ( dwRet == ERROR_SUCCESS );
|
|
|
|
return TRUE;
|
|
}
|
|
|
|
// ApplyIISAcl
|
|
//
|
|
// Apply the IIS Acl's to the machine, or remove them
|
|
//
|
|
BOOL
|
|
ApplyIISAcl( WCHAR cDriveLetter, BOOL bAdd )
|
|
{
|
|
BOOL bRet = TRUE;
|
|
BOOL bW3SVCIsInstalled;
|
|
BOOL bIISAdminIsInstalled;
|
|
TSTR_PATH strSystemDrive;
|
|
|
|
if ( !IsInstalled( _T("W3SVC"), &bW3SVCIsInstalled ) ||
|
|
!IsInstalled( _T("IISAdmin"), &bIISAdminIsInstalled ) )
|
|
{
|
|
// Failed to query if service was installed
|
|
return FALSE;
|
|
}
|
|
|
|
if ( !bIISAdminIsInstalled )
|
|
{
|
|
// Since nothing is installed, lets just exit now
|
|
return TRUE;
|
|
}
|
|
|
|
if ( !g_pTheApp->InitApplicationforSysPrep() ||
|
|
!ValidateWebRootDir() ||
|
|
!UpdateAnonymousUsers( NULL ) ||
|
|
!strSystemDrive.RetrieveWindowsDir() )
|
|
{
|
|
return FALSE;
|
|
}
|
|
|
|
// Reset this now, since we do not want it to interfere with the ACLing
|
|
g_pTheApp->m_eUpgradeType = UT_NONE;
|
|
|
|
if ( bAdd )
|
|
{
|
|
if ( bIISAdminIsInstalled &&
|
|
( ( cDriveLetter == L'*' ) ||
|
|
( tolower( cDriveLetter ) == tolower( *( strSystemDrive.QueryStr() ) ) )
|
|
)
|
|
)
|
|
{
|
|
// Update ACL's for IISAdmin if we are acling system drive
|
|
bRet = bRet && CCommonInstallComponent::SetMetabaseFileAcls();
|
|
}
|
|
|
|
if ( bW3SVCIsInstalled )
|
|
{
|
|
// Update ACL's for W3SVC
|
|
bRet = bRet && CWebServiceInstallComponent::SetAppropriateFileAclsforDrive( cDriveLetter );
|
|
|
|
if ( ( cDriveLetter == L'*' ) ||
|
|
( tolower( cDriveLetter ) == tolower( *( strSystemDrive.QueryStr() ) ) ) )
|
|
{
|
|
bRet = bRet && CWebServiceInstallComponent::SetAspTemporaryDirAcl( TRUE );
|
|
}
|
|
}
|
|
}
|
|
else
|
|
{
|
|
// Not implemented yet, because it is not used
|
|
bRet = FALSE;
|
|
}
|
|
|
|
return bRet;
|
|
}
|