archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
0 Tags
4.0 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-xp/Source/XPSP1/NT/ds/security/gina/snapins/gptext/ipsecext.cpp

565 lines
12 KiB
Raw Permalink Normal View History

Add source files
4 years ago
  1. #include "gptext.h"
  2. #include <initguid.h>
  3. #include <iadsp.h>
  4. #include "ipsecext.h"
  7. #define GPEXT_PATH TEXT("Software\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon\\GPExtensions\\{e437bc1c-aa7d-11d2-a382-00c04f991e27}")
  9. #define POLICY_PATH TEXT("Software\\Policies\\Microsoft\\Windows\\IPSec\\GPTIPSECPolicy")
  11. LPWSTR GetAttributes[] = {L"ipsecOwnersReference", L"ipsecName", L"description"};
  14. HRESULT
  15. RegisterIPSEC(void)
  16. {
  17. HKEY hKey;
  18. LONG lResult;
  19. DWORD dwDisp, dwValue;
  20. TCHAR szBuffer[512];
  23. lResult = RegCreateKeyEx (
  24. HKEY_LOCAL_MACHINE,
  25. GPEXT_PATH,
  26. 0,
  27. NULL,
  28. REG_OPTION_NON_VOLATILE,
  29. KEY_WRITE,
  30. NULL,
  31. &hKey,
  32. &dwDisp
  33. );
  35. if (lResult != ERROR_SUCCESS)
  36. {
  37. return lResult;
  38. }
  40. LoadString (g_hInstance, IDS_IPSEC_NAME, szBuffer, ARRAYSIZE(szBuffer));
  42. RegSetValueEx (
  43. hKey,
  44. NULL,
  45. 0,
  46. REG_SZ,
  47. (LPBYTE)szBuffer,
  48. (lstrlen(szBuffer) + 1) * sizeof(TCHAR)
  49. );
  51. RegSetValueEx (
  52. hKey,
  53. TEXT("ProcessGroupPolicy"),
  54. 0,
  55. REG_SZ,
  56. (LPBYTE)TEXT("ProcessIPSECPolicy"),
  57. (lstrlen(TEXT("ProcessIPSECPolicy")) + 1) * sizeof(TCHAR)
  58. );
  60. szBuffer[0] = L'\0';
  61. wcscpy(szBuffer, L"gptext.dll");
  63. RegSetValueEx (
  64. hKey,
  65. TEXT("DllName"),
  66. 0,
  67. REG_EXPAND_SZ,
  68. (LPBYTE)szBuffer,
  69. (lstrlen(szBuffer) + 1) * sizeof(TCHAR)
  70. );
  72. dwValue = 1;
  73. RegSetValueEx (
  74. hKey,
  75. TEXT("NoUserPolicy"),
  76. 0,
  77. REG_DWORD,
  78. (LPBYTE)&dwValue,
  79. sizeof(dwValue));
  81. RegSetValueEx (
  82. hKey,
  83. TEXT("NoGPOListChanges"),
  84. 0,
  85. REG_DWORD,
  86. (LPBYTE)&dwValue,
  87. sizeof(dwValue));
  89. RegCloseKey (hKey);
  91. return S_OK;
  92. }
  95. HRESULT
  96. UnregisterIPSEC(void)
  97. {
  99. RegDeleteKey (HKEY_LOCAL_MACHINE, GPEXT_PATH);
  101. return S_OK;
  102. }
  105. DWORD WINAPI
  106. ProcessIPSECPolicy(
  107. IN DWORD dwFlags, // GPO_INFO_FLAGS
  108. IN HANDLE hToken, // User or machine token
  109. IN HKEY hKeyRoot, // Root of registry
  110. IN PGROUP_POLICY_OBJECT pDeletedGPOList, // Linked list of deleted GPOs
  111. IN PGROUP_POLICY_OBJECT pChangedGPOList, // Linked list of changed GPOs
  112. IN ASYNCCOMPLETIONHANDLE pHandle, // For asynchronous completion
  113. IN BOOL *pbAbort, // If true, then abort GPO processing
  114. IN PFNSTATUSMESSAGECALLBACK pStatusCallback // Callback function for displaying status messages
  115. )
  117. {
  119. WCHAR szIPSECPolicy[MAX_PATH];
  120. WCHAR szIPSECPolicyName[MAX_PATH];
  121. WCHAR szIPSECPolicyDescription[512];
  122. HRESULT hr = S_OK;
  123. PGROUP_POLICY_OBJECT pGPO = NULL;
  125. //
  126. // Call CoInitialize for all the COM work we're doing
  127. //
  129. hr = CoInitializeEx(NULL,0);
  130. if (FAILED(hr)) {
  131. goto error;
  132. }
  134. memset(szIPSECPolicy, 0, sizeof(WCHAR)*MAX_PATH);
  135. memset(szIPSECPolicyName, 0, sizeof(WCHAR)*MAX_PATH);
  136. memset(szIPSECPolicyDescription, 0, sizeof(WCHAR)*512);
  139. //
  140. // First process the Deleted GPO List. If there is a single
  141. // entry on the GPO list, just delete the entire list.
  142. // Example Rex->Cassius->Brutus. If the delete List has
  143. // Cassius to be deleted, then really, we shouldn't be deleting
  144. // our registry entry because we're interested in Brutus which
  145. // has not be deleted. But in our case, the pChangedGPOList will
  146. // have all the information, so Brutus gets written back in the
  147. // next stage.
  148. //
  150. if (pDeletedGPOList) {
  153. DeleteIPSECPolicyFromRegistry();
  155. }
  158. pGPO = pChangedGPOList;
  160. //
  161. // Since IPSEC is really interested in the last
  162. // GPO only, loop through till we hit the last
  163. // GPO and write that GPO only. In this case, Brutus now
  164. // gets written back into the registry.
  165. //
  167. if (pChangedGPOList) {
  169. while (pGPO->pNext)
  170. {
  172. pGPO = pGPO->pNext;
  173. }
  175. //
  176. // Now write the last GPOs information
  177. //
  179. hr = RetrieveIPSECPolicyFromDS(
  180. pGPO,
  181. szIPSECPolicy,
  182. szIPSECPolicyName,
  183. szIPSECPolicyDescription
  184. );
  185. if (FAILED(hr)) {
  187. goto error;
  188. }
  191. hr = WriteIPSECPolicyToRegistry(
  192. szIPSECPolicy,
  193. szIPSECPolicyName,
  194. szIPSECPolicyDescription
  195. );
  196. if (FAILED(hr)) {
  197. goto error;
  198. }
  201. }
  203. PingPolicyAgent();
  205. CoUninitialize();
  207. return(ERROR_SUCCESS);
  209. error:
  211. return(ERROR_POLICY_OBJECT_NOT_FOUND);
  212. }
  215. HRESULT
  216. CreateChildPath(
  217. LPWSTR pszParentPath,
  218. LPWSTR pszChildComponent,
  219. BSTR * ppszChildPath
  220. )
  221. {
  222. HRESULT hr = S_OK;
  223. IADsPathname *pPathname = NULL;
  225. hr = CoCreateInstance(
  226. CLSID_Pathname,
  227. NULL,
  228. CLSCTX_ALL,
  229. IID_IADsPathname,
  230. (void**)&pPathname
  231. );
  232. BAIL_ON_FAILURE(hr);
  234. hr = pPathname->Set(pszParentPath, ADS_SETTYPE_FULL);
  235. BAIL_ON_FAILURE(hr);
  237. hr = pPathname->AddLeafElement(pszChildComponent);
  238. BAIL_ON_FAILURE(hr);
  240. hr = pPathname->Retrieve(ADS_FORMAT_X500, ppszChildPath);
  241. BAIL_ON_FAILURE(hr);
  243. error:
  244. if (pPathname) {
  245. pPathname->Release();
  246. }
  248. return(hr);
  249. }
  253. HRESULT
  254. RetrieveIPSECPolicyFromDS(
  255. PGROUP_POLICY_OBJECT pGPOInfo,
  256. LPWSTR pszIPSecPolicy,
  257. LPWSTR pszIPSecPolicyName,
  258. LPWSTR pszIPSecPolicyDescription
  259. )
  260. {
  261. LPWSTR pszMachinePath = NULL;
  262. BSTR pszMicrosoftPath = NULL;
  263. BSTR pszWindowsPath = NULL;
  264. BSTR pszIpsecPath = NULL;
  265. IDirectoryObject * pDirectoryObject = NULL;
  266. IDirectoryObject * pIpsecObject = NULL;
  267. BOOL bFound = FALSE;
  270. LPWSTR pszOwnersReference = L"ipsecOwnersReference";
  272. HRESULT hr = S_OK;
  273. PADS_ATTR_INFO pAttributeEntries = NULL;
  274. DWORD dwNumAttributesReturned = 0;
  276. DWORD i = 0;
  277. PADS_ATTR_INFO pAttributeEntry = NULL;
  280. pszMachinePath = pGPOInfo->lpDSPath;
  282. // Build the fully qualified ADsPath for my object
  284. hr = CreateChildPath(
  285. pszMachinePath,
  286. L"cn=Microsoft",
  287. &pszMicrosoftPath
  288. );
  289. BAIL_ON_FAILURE(hr);
  291. hr = CreateChildPath(
  292. pszMicrosoftPath,
  293. L"cn=Windows",
  294. &pszWindowsPath
  295. );
  296. BAIL_ON_FAILURE(hr);
  298. hr = CreateChildPath(
  299. pszWindowsPath,
  300. L"cn=ipsec",
  301. &pszIpsecPath
  302. );
  303. BAIL_ON_FAILURE(hr);
  305. hr = ADsGetObject(
  306. pszIpsecPath,
  307. IID_IDirectoryObject,
  308. (void **)&pIpsecObject
  309. );
  310. BAIL_ON_FAILURE(hr);
  312. hr = pIpsecObject->GetObjectAttributes(
  313. GetAttributes,
  314. 3,
  315. &pAttributeEntries,
  316. &dwNumAttributesReturned
  317. );
  318. BAIL_ON_FAILURE(hr);
  320. if (dwNumAttributesReturned == 0) {
  321. hr = E_FAIL;
  322. BAIL_ON_FAILURE(hr);
  324. }
  326. //
  327. // Process the PathName
  328. //
  330. for (i = 0; i < dwNumAttributesReturned; i++) {
  332. pAttributeEntry = pAttributeEntries + i;
  333. if (!_wcsicmp(pAttributeEntry->pszAttrName, L"ipsecOwnersReference")) {
  335. wcscpy(pszIPSecPolicy, L"LDAP://");
  336. wcscat(pszIPSecPolicy, pAttributeEntry->pADsValues->DNString);
  337. bFound = TRUE;
  338. break;
  339. }
  340. }
  342. if (!bFound) {
  344. hr = E_FAIL;
  345. BAIL_ON_FAILURE(hr);
  346. }
  348. //
  349. // Process the name
  350. //
  352. for (i = 0; i < dwNumAttributesReturned; i++) {
  354. pAttributeEntry = pAttributeEntries + i;
  355. if (!_wcsicmp(pAttributeEntry->pszAttrName, L"ipsecName")) {
  356. wcscat(pszIPSecPolicyName, pAttributeEntry->pADsValues->DNString);
  357. break;
  358. }
  359. }
  361. //
  362. // Process the description
  363. //
  365. for (i = 0; i < dwNumAttributesReturned; i++) {
  367. pAttributeEntry = pAttributeEntries + i;
  368. if (!_wcsicmp(pAttributeEntry->pszAttrName, L"description")) {
  369. wcscat(pszIPSecPolicyDescription, pAttributeEntry->pADsValues->DNString);
  370. break;
  371. }
  372. }
  375. error:
  377. if (pAttributeEntries) {
  379. FreeADsMem(pAttributeEntries);
  380. }
  382. if (pIpsecObject) {
  383. pIpsecObject->Release();
  384. }
  386. if (pszMicrosoftPath) {
  387. SysFreeString(pszMicrosoftPath);
  388. }
  390. if (pszWindowsPath) {
  391. SysFreeString(pszWindowsPath);
  392. }
  394. if (pszIpsecPath) {
  395. SysFreeString(pszIpsecPath);
  396. }
  398. return(hr);
  400. }
  403. DWORD
  404. DeleteIPSECPolicyFromRegistry(
  405. )
  406. {
  408. DWORD dwError = 0;
  409. HKEY hKey = NULL;
  410. DWORD dwDisp = 0;
  413. dwError = RegCreateKeyEx (
  414. HKEY_LOCAL_MACHINE,
  415. TEXT("Software\\Policies\\Microsoft\\Windows\\IPSec"),
  416. 0,
  417. NULL,
  418. REG_OPTION_NON_VOLATILE,
  419. KEY_ALL_ACCESS,
  420. NULL,
  421. &hKey,
  422. &dwDisp
  423. );
  424. if (dwError) {
  425. goto error;
  426. }
  429. dwError = RegDeleteKey(
  430. hKey,
  431. L"GPTIPSECPolicy"
  432. );
  434. /*
  435. dwError = RegDeleteValue(
  436. hKey,
  437. TEXT("DSIPSECPolicyPath")
  438. );
  440. dwError = RegDeleteValue(
  441. hKey,
  442. TEXT("DSIPSECPolicyName")
  443. );*/
  444. error:
  446. if (hKey) {
  448. RegCloseKey (hKey);
  450. }
  452. return(dwError);
  453. }
  455. DWORD
  456. WriteIPSECPolicyToRegistry(
  457. LPWSTR pszIPSecPolicyPath,
  458. LPWSTR pszIPSecPolicyName,
  459. LPWSTR pszIPSecPolicyDescription
  460. )
  461. {
  462. DWORD dwError = 0;
  463. DWORD dwDisp = 0;
  464. HKEY hKey = NULL;
  465. DWORD dwFlags = 1;
  467. dwError = RegCreateKeyEx (
  468. HKEY_LOCAL_MACHINE,
  469. POLICY_PATH,
  470. 0,
  471. NULL,
  472. REG_OPTION_NON_VOLATILE,
  473. KEY_ALL_ACCESS,
  474. NULL,
  475. &hKey,
  476. &dwDisp
  477. );
  478. if (dwError) {
  479. goto error;
  480. }
  483. if (pszIPSecPolicyPath && *pszIPSecPolicyPath) {
  485. dwError = RegSetValueEx (
  486. hKey,
  487. TEXT("DSIPSECPolicyPath"),
  488. 0,
  489. REG_SZ,
  490. (LPBYTE)pszIPSecPolicyPath,
  491. (lstrlen(pszIPSecPolicyPath) + 1) * sizeof(TCHAR)
  492. );
  494. dwFlags = 1;
  496. dwError = RegSetValueEx (
  497. hKey,
  498. TEXT("DSIPSECPolicyFlags"),
  499. 0,
  500. REG_DWORD,
  501. (LPBYTE)&dwFlags,
  502. sizeof(dwFlags)
  503. );
  505. }
  508. if (pszIPSecPolicyName && *pszIPSecPolicyName) {
  510. dwError = RegSetValueEx (
  511. hKey,
  512. TEXT("DSIPSECPolicyName"),
  513. 0,
  514. REG_SZ,
  515. (LPBYTE)pszIPSecPolicyName,
  516. (lstrlen(pszIPSecPolicyName) + 1) * sizeof(TCHAR)
  517. );
  518. }
  524. if (pszIPSecPolicyDescription && *pszIPSecPolicyDescription) {
  526. dwError = RegSetValueEx (
  527. hKey,
  528. TEXT("DSIPSECPolicyDescription"),
  529. 0,
  530. REG_SZ,
  531. (LPBYTE)pszIPSecPolicyDescription,
  532. (lstrlen(pszIPSecPolicyDescription) + 1) * sizeof(TCHAR)
  533. );
  534. }
  536. error:
  538. if (hKey) {
  540. RegCloseKey (hKey);
  542. }
  544. return(dwError);
  546. }
  549. VOID
  550. PingPolicyAgent(
  551. )
  552. {
  553. HANDLE hPolicyChangeEvent = NULL;
  555. hPolicyChangeEvent = OpenEvent(
  556. EVENT_ALL_ACCESS,
  557. FALSE,
  558. L"IPSEC_POLICY_CHANGE_EVENT"
  559. );
  561. if (hPolicyChangeEvent) {
  562. SetEvent(hPolicyChangeEvent);
  563. CloseHandle(hPolicyChangeEvent);
  564. }
  565. }