archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
0 Tags
2.0 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-xp/Source/XPSP1/NT/ds/security/gina/userinit/gposcript.cpp

710 lines
18 KiB
Raw Permalink Normal View History

Add source files
4 years ago
  2. #include <nt.h>
  3. #include <ntrtl.h>
  4. #include <nturtl.h>
  5. #include <windows.h>
  6. #include <shellapi.h>
  7. #include "SmartPtr.h"
  8. #include "strings.h"
  10. extern "C"
  11. {
  12. void PrependToPath( LPWSTR, LPWSTR*);
  13. void PathUnquoteSpaces( LPWSTR );
  14. void UpdateUserEnvironment();
  15. BOOL RegDelnode( HKEY, LPWSTR );
  16. LPWSTR GetSidString( HANDLE UserToken );
  17. void DeleteSidString( LPWSTR SidString );
  18. };
  20. #define GPO_SCRIPTS_KEY L"Software\\Policies\\Microsoft\\Windows\\System\\Scripts"
  21. #define GP_STATE_KEY L"Software\\Microsoft\\Windows\\CurrentVersion\\Group Policy\\State"
  22. #define ARRAYSIZE(a) (sizeof(a)/sizeof(a[0]))
  24. #define SCRIPT L"Script"
  25. #define PARAMETERS L"Parameters"
  26. #define EXECTIME L"ExecTime"
  27. #define GPOID L"GPO-ID"
  28. #define SOMID L"SOM-ID"
  29. #define FILESYSPATH L"FileSysPath"
  31. #define SCR_STARTUP L"Startup"
  32. #define SCR_SHUTDOWN L"Shutdown"
  33. #define SCR_LOGON L"Logon"
  34. #define SCR_LOGOFF L"Logoff"
  36. LPTSTR
  37. CheckSlash (LPTSTR lpDir)
  38. {
  39. LPTSTR lpEnd;
  41. lpEnd = lpDir + lstrlen(lpDir);
  43. if (*(lpEnd - 1) != TEXT('\\')) {
  44. *lpEnd = TEXT('\\');
  45. lpEnd++;
  46. *lpEnd = TEXT('\0');
  47. }
  49. return lpEnd;
  50. }
  52. BOOL
  53. RegDelnodeRecurse (HKEY hKeyRoot, LPTSTR lpSubKey)
  54. {
  55. LPTSTR lpEnd;
  56. LONG lResult;
  57. DWORD dwSize;
  58. TCHAR szName[MAX_PATH];
  59. HKEY hKey;
  60. FILETIME ftWrite;
  62. //
  63. // First, see if we can delete the key without having
  64. // to recurse.
  65. //
  68. lResult = RegDeleteKey(hKeyRoot, lpSubKey);
  70. if (lResult == ERROR_SUCCESS) {
  71. return TRUE;
  72. }
  75. lResult = RegOpenKeyEx (hKeyRoot, lpSubKey, 0, KEY_READ, &hKey);
  77. if (lResult != ERROR_SUCCESS) {
  78. return FALSE;
  79. }
  82. lpEnd = CheckSlash(lpSubKey);
  84. //
  85. // Enumerate the keys
  86. //
  88. dwSize = MAX_PATH;
  89. lResult = RegEnumKeyEx(hKey, 0, szName, &dwSize, NULL,
  90. NULL, NULL, &ftWrite);
  92. if (lResult == ERROR_SUCCESS) {
  94. do {
  96. lstrcpy (lpEnd, szName);
  98. if (!RegDelnodeRecurse(hKeyRoot, lpSubKey)) {
  99. break;
  100. }
  102. //
  103. // Enumerate again
  104. //
  106. dwSize = MAX_PATH;
  108. lResult = RegEnumKeyEx(hKey, 0, szName, &dwSize, NULL,
  109. NULL, NULL, &ftWrite);
  112. } while (lResult == ERROR_SUCCESS);
  113. }
  115. lpEnd--;
  116. *lpEnd = TEXT('\0');
  119. RegCloseKey (hKey);
  122. //
  123. // Try again to delete the key
  124. //
  126. lResult = RegDeleteKey(hKeyRoot, lpSubKey);
  128. if (lResult == ERROR_SUCCESS) {
  129. return TRUE;
  130. }
  132. return FALSE;
  133. }
  135. BOOL
  136. RegDelnode (HKEY hKeyRoot, LPTSTR lpSubKey)
  137. {
  138. TCHAR szDelKey[2 * MAX_PATH];
  141. lstrcpy (szDelKey, lpSubKey);
  143. return RegDelnodeRecurse(hKeyRoot, szDelKey);
  145. }
  147. PSID
  148. GetUserSid( HANDLE UserToken )
  149. {
  150. XPtrLF<TOKEN_USER> pUser;
  151. PTOKEN_USER pTemp;
  152. PSID pSid;
  153. DWORD BytesRequired = 200;
  154. NTSTATUS status;
  156. //
  157. // Allocate space for the user info
  158. //
  159. pUser = (PTOKEN_USER) LocalAlloc( LMEM_FIXED, BytesRequired );
  160. if ( !pUser )
  161. {
  162. return 0;
  163. }
  165. //
  166. // Read in the UserInfo
  167. //
  168. status = NtQueryInformationToken(
  169. UserToken, // Handle
  170. TokenUser, // TokenInformationClass
  171. pUser, // TokenInformation
  172. BytesRequired, // TokenInformationLength
  173. &BytesRequired // ReturnLength
  174. );
  176. if ( status == STATUS_BUFFER_TOO_SMALL )
  177. {
  178. //
  179. // Allocate a bigger buffer and try again.
  180. //
  181. pTemp = (PTOKEN_USER) LocalReAlloc( pUser, BytesRequired, LMEM_MOVEABLE );
  182. if ( !pTemp )
  183. {
  184. return 0;
  185. }
  187. pUser = pTemp;
  188. status = NtQueryInformationToken(
  189. UserToken, // Handle
  190. TokenUser, // TokenInformationClass
  191. pUser, // TokenInformation
  192. BytesRequired, // TokenInformationLength
  193. &BytesRequired // ReturnLength
  194. );
  196. }
  198. if ( !NT_SUCCESS(status) )
  199. {
  200. return 0;
  201. }
  203. BytesRequired = RtlLengthSid(pUser->User.Sid);
  204. pSid = LocalAlloc(LMEM_FIXED, BytesRequired);
  205. if ( !pSid )
  206. {
  207. return NULL;
  208. }
  210. status = RtlCopySid(BytesRequired, pSid, pUser->User.Sid);
  212. if ( !NT_SUCCESS(status) )
  213. {
  214. LocalFree(pSid);
  215. pSid = 0;
  216. }
  218. return pSid;
  219. }
  221. LPWSTR
  222. GetSidString( HANDLE UserToken )
  223. {
  224. NTSTATUS NtStatus;
  225. PSID UserSid;
  226. UNICODE_STRING UnicodeString;
  228. //
  229. // Get the user sid
  230. //
  231. UserSid = GetUserSid( UserToken );
  232. if ( !UserSid )
  233. {
  234. return 0;
  235. }
  237. //
  238. // Convert user SID to a string.
  239. //
  240. NtStatus = RtlConvertSidToUnicodeString(&UnicodeString,
  241. UserSid,
  242. (BOOLEAN)TRUE ); // Allocate
  243. LocalFree( UserSid );
  245. if ( !NT_SUCCESS(NtStatus) )
  246. {
  247. return 0;
  248. }
  250. return UnicodeString.Buffer ;
  251. }
  253. void
  254. DeleteSidString( LPWSTR SidString )
  255. {
  256. UNICODE_STRING String;
  258. RtlInitUnicodeString( &String, SidString );
  259. RtlFreeUnicodeString( &String );
  260. }
  262. typedef BOOL (*PFNSHELLEXECUTEEX)(LPSHELLEXECUTEINFO lpExecInfo);
  264. DWORD
  265. ExecuteScript( LPWSTR szCmdLine,
  266. LPWSTR szArgs,
  267. LPWSTR szWorkingDir,
  268. BOOL bSync,
  269. BOOL bHide,
  270. BOOL bRunMin,
  271. LPWSTR szType,
  272. PFNSHELLEXECUTEEX pfnShellExecuteEx,
  273. HANDLE hEventLog )
  274. {
  275. WCHAR szCmdLineEx[MAX_PATH];
  276. WCHAR szArgsEx[3 * MAX_PATH];
  277. WCHAR szCurDir[MAX_PATH];
  278. LPWSTR szOldPath = 0;
  279. BOOL bResult;
  280. DWORD dwError;
  281. SHELLEXECUTEINFO ExecInfo;
  283. if ( GetSystemDirectory( szCurDir, ARRAYSIZE( szCurDir ) ) )
  284. {
  285. SetCurrentDirectory( szCurDir );
  286. }
  288. //
  289. // Expand the command line and args
  290. //
  291. ExpandEnvironmentStrings( szCmdLine, szCmdLineEx, ARRAYSIZE(szCmdLineEx) );
  292. ExpandEnvironmentStrings( szArgs, szArgsEx, ARRAYSIZE(szArgsEx) );
  294. //
  295. // Put the working directory on the front of the PATH
  296. // environment variable
  297. //
  298. PrependToPath( szWorkingDir, &szOldPath );
  300. //
  301. // Run the script
  302. //
  303. PathUnquoteSpaces( szCmdLineEx );
  305. ZeroMemory(&ExecInfo, sizeof(ExecInfo));
  306. ExecInfo.cbSize = sizeof(ExecInfo);
  307. ExecInfo.fMask = SEE_MASK_DOENVSUBST |
  308. SEE_MASK_FLAG_NO_UI |
  309. SEE_MASK_NOZONECHECKS |
  310. SEE_MASK_NOCLOSEPROCESS;
  311. ExecInfo.lpFile = szCmdLineEx;
  312. ExecInfo.lpParameters = !szArgsEx[0] ? 0 : szArgsEx;
  313. ExecInfo.lpDirectory = szWorkingDir;
  315. if ( bHide )
  316. {
  317. ExecInfo.nShow = SW_HIDE;
  318. }
  319. else
  320. {
  321. ExecInfo.nShow = (bRunMin ? SW_SHOWMINNOACTIVE : SW_SHOWNORMAL );
  322. }
  324. bResult = pfnShellExecuteEx( &ExecInfo );
  325. dwError = GetLastError();
  327. //
  328. // Put the PATH environment variable back the way it was
  329. //
  330. if ( szOldPath )
  331. {
  332. SetEnvironmentVariable( L"PATH", szOldPath );
  333. LocalFree( szOldPath );
  334. szOldPath = 0;
  335. }
  337. if ( bResult )
  338. {
  339. dwError = 0;
  340. if (bSync)
  341. {
  342. WaitForSingleObject(ExecInfo.hProcess, INFINITE);
  343. UpdateUserEnvironment();
  344. }
  345. CloseHandle(ExecInfo.hProcess);
  346. }
  347. else
  348. {
  349. if ( hEventLog != 0 )
  350. {
  351. LPWSTR szMsgBuf[2] = { (LPTSTR) ExecInfo.lpFile, 0 };
  353. FormatMessage( FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_ALLOCATE_BUFFER,
  354. 0,
  355. dwError,
  356. 0,
  357. (LPTSTR) (&szMsgBuf[1]),
  358. 1,
  359. 0);
  361. ReportEvent(hEventLog,
  362. EVENTLOG_ERROR_TYPE,
  363. 0,
  364. SHELLEXEC_ERROR,
  365. 0,
  366. 2,
  367. 0,
  368. (LPCTSTR*) &szMsgBuf,
  369. 0);
  370. if ( szMsgBuf[1] )
  371. {
  372. LocalFree( szMsgBuf[1] );
  373. }
  374. }
  375. }
  377. return dwError;
  378. }
  380. ScrExecGPOFromReg( HKEY hKeyGPO,
  381. HKEY hKeyStateGPO,
  382. BOOL bSync,
  383. BOOL bHidden,
  384. BOOL bRunMin,
  385. LPWSTR szType,
  386. PFNSHELLEXECUTEEX pfnShellExecuteEx,
  387. HANDLE hEventLog )
  388. {
  389. DWORD dwError = ERROR_SUCCESS;
  390. DWORD cSubKeys = 0;
  391. WCHAR szFileSysPath[3*MAX_PATH];
  392. DWORD dwType;
  393. DWORD dwSize;
  395. //
  396. // FILESYSPATH
  397. //
  398. dwType = REG_SZ;
  399. dwSize = sizeof( szFileSysPath );
  400. dwError = RegQueryValueEx( hKeyGPO,
  401. FILESYSPATH,
  402. 0,
  403. &dwType,
  404. (LPBYTE) szFileSysPath,
  405. &dwSize );
  406. if ( dwError != ERROR_SUCCESS )
  407. {
  408. return dwError;
  409. }
  411. wcscat( szFileSysPath, L"\\Scripts\\" );
  412. wcscat( szFileSysPath, szType );
  414. //
  415. // get the numer of Scripts
  416. //
  417. dwError = RegQueryInfoKey( hKeyGPO,
  418. 0,
  419. 0,
  420. 0,
  421. &cSubKeys,
  422. 0,
  423. 0,
  424. 0,
  425. 0,
  426. 0,
  427. 0,
  428. 0 );
  429. if ( dwError == ERROR_SUCCESS )
  430. {
  431. //
  432. // for every Script
  433. //
  434. for ( DWORD dwIndex = 0 ; dwIndex < cSubKeys ; dwIndex++ )
  435. {
  436. XKey hKeyScript;
  437. XKey hKeyStateScript;
  438. WCHAR szTemp[32];
  440. dwError = RegOpenKeyEx( hKeyStateGPO,
  441. _itow( dwIndex, szTemp, 16 ),
  442. 0,
  443. KEY_ALL_ACCESS,
  444. &hKeyStateScript );
  445. if ( dwError != ERROR_SUCCESS )
  446. {
  447. return dwError;
  448. }
  450. //
  451. // open the Script key (we need only read perms)
  452. //
  453. dwError = RegOpenKeyEx( hKeyGPO,
  454. szTemp,
  455. 0,
  456. KEY_READ,
  457. &hKeyScript );
  458. if ( dwError != ERROR_SUCCESS )
  459. {
  460. return dwError;
  461. }
  463. WCHAR szScript[MAX_PATH];
  464. WCHAR szParameters[MAX_PATH];
  465. SYSTEMTIME execTime;
  467. //
  468. // script
  469. //
  470. dwType = REG_SZ;
  471. dwSize = sizeof( szScript );
  472. dwError = RegQueryValueEx( hKeyScript,
  473. SCRIPT,
  474. 0,
  475. &dwType,
  476. (LPBYTE) szScript,
  477. &dwSize );
  478. if ( dwError != ERROR_SUCCESS )
  479. {
  480. break;
  481. }
  483. //
  484. // parameters
  485. //
  486. dwType = REG_SZ;
  487. dwSize = sizeof( szParameters );
  488. dwError = RegQueryValueEx( hKeyScript,
  489. PARAMETERS,
  490. 0,
  491. &dwType,
  492. (LPBYTE) szParameters,
  493. &dwSize );
  494. if ( dwError != ERROR_SUCCESS )
  495. {
  496. break;
  497. }
  499. //
  500. // execute script
  501. //
  502. GetSystemTime( &execTime );
  503. dwError = ExecuteScript(szScript,
  504. szParameters,
  505. szFileSysPath,
  506. bSync,
  507. bHidden,
  508. bRunMin,
  509. szType,
  510. pfnShellExecuteEx,
  511. hEventLog );
  512. if ( dwError != ERROR_SUCCESS )
  513. {
  514. ZeroMemory( &execTime, sizeof( execTime ) );
  515. }
  517. //
  518. // write exec time
  519. //
  520. RegSetValueEx( hKeyStateScript,
  521. EXECTIME,
  522. 0,
  523. REG_QWORD,
  524. (LPBYTE) &execTime,
  525. sizeof( execTime ) );
  526. }
  527. }
  529. return dwError;
  530. }
  532. extern "C" DWORD
  533. ScrExecGPOListFromReg( LPWSTR szType,
  534. BOOL bMachine,
  535. BOOL bSync,
  536. BOOL bHidden,
  537. BOOL bRunMin,
  538. HANDLE hEventLog )
  539. {
  540. DWORD dwError = ERROR_SUCCESS;
  541. WCHAR szBuffer[MAX_PATH];
  542. XKey hKeyType;
  543. XKey hKeyState;
  544. XKey hKeyStateType;
  546. //
  547. // create the following key
  548. // HKLM\Software\Microsoft\Windows\CurrentVersion\Group Policy\State\<Target>\Scripts\<Type>
  549. //
  550. wcscpy( szBuffer, GP_STATE_KEY L"\\" );
  551. if ( bMachine )
  552. {
  553. wcscat( szBuffer, L"Machine\\Scripts" );
  554. }
  555. else
  556. {
  557. XHandle hToken;
  559. if ( !OpenProcessToken( GetCurrentProcess(),
  560. TOKEN_ALL_ACCESS,
  561. &hToken ) )
  562. {
  563. return GetLastError();
  564. }
  566. LPWSTR szSid = GetSidString( hToken );
  568. if ( !szSid )
  569. {
  570. return GetLastError();
  571. }
  573. wcscat( szBuffer, szSid );
  574. wcscat( szBuffer, L"\\Scripts" );
  575. DeleteSidString( szSid );
  576. }
  578. //
  579. // state
  580. //
  581. dwError = RegOpenKeyEx( HKEY_LOCAL_MACHINE,
  582. szBuffer,
  583. 0,
  584. KEY_ALL_ACCESS,
  585. &hKeyState );
  586. if ( dwError != ERROR_SUCCESS )
  587. {
  588. return dwError;
  589. }
  591. dwError = RegOpenKeyEx( hKeyState,
  592. szType,
  593. 0,
  594. KEY_ALL_ACCESS,
  595. &hKeyStateType );
  596. if ( dwError != ERROR_SUCCESS )
  597. {
  598. return dwError;
  599. }
  601. //
  602. // construct "Software\\Policies\\Microsoft\\Windows\\System\\Scripts\\<Type>
  603. //
  604. wcscpy( szBuffer, GPO_SCRIPTS_KEY L"\\" );
  605. wcscat( szBuffer, szType );
  607. //
  608. // open the key
  609. //
  610. dwError = RegOpenKeyEx( bMachine ? HKEY_LOCAL_MACHINE : HKEY_CURRENT_USER,
  611. szBuffer,
  612. 0,
  613. KEY_READ,
  614. &hKeyType );
  615. if ( dwError != ERROR_SUCCESS )
  616. {
  617. return dwError;
  618. }
  619. DWORD cSubKeys = 0;
  621. //
  622. // get the numer of GPOs
  623. //
  624. dwError = RegQueryInfoKey( hKeyType,
  625. 0,
  626. 0,
  627. 0,
  628. &cSubKeys,
  629. 0,
  630. 0,
  631. 0,
  632. 0,
  633. 0,
  634. 0,
  635. 0 );
  636. if ( dwError != ERROR_SUCCESS )
  637. {
  638. return dwError;
  639. }
  641. HINSTANCE hShell32;
  642. PFNSHELLEXECUTEEX pfnShellExecuteEx;
  644. hShell32 = LoadLibrary( L"shell32.dll" );
  646. if ( hShell32 )
  647. {
  648. pfnShellExecuteEx = (PFNSHELLEXECUTEEX) GetProcAddress( hShell32, "ShellExecuteExW" );
  649. if ( !pfnShellExecuteEx )
  650. {
  651. return GetLastError();
  652. }
  653. }
  655. //
  656. // for every GPO
  657. //
  658. for ( DWORD dwIndex = 0 ; dwIndex < cSubKeys ; dwIndex++ )
  659. {
  660. XKey hKeyGPO;
  661. XKey hKeyStateGPO;
  663. //
  664. // open the state GPO key
  665. //
  666. dwError = RegOpenKeyEx( hKeyStateType,
  667. _itow( dwIndex, szBuffer, 16 ),
  668. 0,
  669. KEY_ALL_ACCESS,
  670. &hKeyStateGPO );
  671. if ( dwError != ERROR_SUCCESS )
  672. {
  673. break;
  674. }
  676. //
  677. // open the policy GPO key (we need only read perms)
  678. //
  679. dwError = RegOpenKeyEx( hKeyType,
  680. szBuffer,
  681. 0,
  682. KEY_READ,
  683. &hKeyGPO );
  684. if ( dwError != ERROR_SUCCESS )
  685. {
  686. break;
  687. }
  689. //
  690. // execute all scripts in the GPO
  691. //
  692. DWORD dwExecError;
  693. dwExecError = ScrExecGPOFromReg(hKeyGPO,
  694. hKeyStateGPO,
  695. bSync,
  696. bHidden,
  697. bRunMin,
  698. szType,
  699. pfnShellExecuteEx,
  700. hEventLog );
  701. if ( dwExecError != ERROR_SUCCESS )
  702. {
  703. dwError = dwExecError;
  704. }
  705. }
  707. return dwError;
  708. }