|
|
#include "pch.h"
#pragma hdrstop
#include <aclapi.h>
#include "netoc.h"
#include "ncreg.h"
#include "snmpocx.h"
// Allocates an admin ACL to be used with security descriptor
PACL AllocACL(){ PACL pAcl = NULL; PSID pSidAdmins = NULL; SID_IDENTIFIER_AUTHORITY Authority = SECURITY_NT_AUTHORITY;
EXPLICIT_ACCESS ea[1];
// Create a SID for the BUILTIN\Administrators group.
if ( !AllocateAndInitializeSid( &Authority, 2, SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS, 0, 0, 0, 0, 0, 0, &pSidAdmins )) { return NULL; }
// Initialize an EXPLICIT_ACCESS structure for an ACE.
ZeroMemory(&ea, 1 * sizeof(EXPLICIT_ACCESS)); // The ACE will allow the Administrators group full access to the key.
ea[0].grfAccessPermissions = KEY_ALL_ACCESS; ea[0].grfAccessMode = SET_ACCESS; ea[0].grfInheritance= NO_INHERITANCE; ea[0].Trustee.TrusteeForm = TRUSTEE_IS_SID; ea[0].Trustee.TrusteeType = TRUSTEE_IS_GROUP; ea[0].Trustee.ptstrName = (LPTSTR) pSidAdmins;
// Create a new ACL that contains the new ACEs.
if (SetEntriesInAcl(1, ea, NULL, &pAcl) != ERROR_SUCCESS) { TraceError( "SetEntriesInAcl Error", GetLastError() ); FreeSid(pSidAdmins); return NULL; }
FreeSid(pSidAdmins);
return pAcl;}// frees a ACL
void FreeACL( PACL pAcl){ if (pAcl != NULL) LocalFree(pAcl);}
HRESULT SnmpAddAdminAclToKey(PWSTR pwszKey){ HKEY hKey = NULL; HRESULT hr; PACL pAcl = NULL; SECURITY_DESCRIPTOR S_Desc;
if (pwszKey == NULL) return S_FALSE; // open registy key
hr = HrRegOpenKeyEx(HKEY_LOCAL_MACHINE, pwszKey, // subkey name
KEY_ALL_ACCESS, // want WRITE_DAC,
&hKey // handle to open key
); if (hr != S_OK) { TraceError("SnmpAddAdminDaclToKey::HrRegOpenKeyEx", hr); return hr; } // Initialize a security descriptor.
if (InitializeSecurityDescriptor (&S_Desc, SECURITY_DESCRIPTOR_REVISION) == 0) { RegSafeCloseKey(hKey); TraceError("SnmpAddAdminDaclToKey::InitializeSecurityDescriptor", GetLastError()); return S_FALSE; }
// get the ACL and put it into the security descriptor
if ( (pAcl = AllocACL()) != NULL ) { if (!SetSecurityDescriptorDacl (&S_Desc, TRUE, pAcl, FALSE)) { FreeACL(pAcl); RegSafeCloseKey(hKey); TraceError("SnmpAddAdminDaclToKey::SetSecurityDescriptorDacl Failed.", GetLastError()); return S_FALSE; } } else { RegSafeCloseKey(hKey); TraceError("SnmpAddAdminAclToKey::AllocACL Failed.", GetLastError()); return S_FALSE; }
if (RegSetKeySecurity (hKey, DACL_SECURITY_INFORMATION, &S_Desc) != ERROR_SUCCESS) { FreeACL(pAcl); RegSafeCloseKey(hKey); TraceError("SnmpAddAdminDaclToKey::RegSetKeySecurity", GetLastError()); return S_FALSE; }
FreeACL(pAcl); RegSafeCloseKey(hKey); return S_OK;}
HRESULTSnmpRegWriteDword(PWSTR pszRegKey, PWSTR pszValueName, DWORD dwValueData){ HRESULT hr; HKEY hKey;
hr = HrRegCreateKeyEx(HKEY_LOCAL_MACHINE, pszRegKey, 0, KEY_QUERY_VALUE | KEY_SET_VALUE, NULL, &hKey, NULL); if (hr != S_OK) { return hr; }
hr = HrRegSetDword(hKey, pszValueName, dwValueData);
RegSafeCloseKey(hKey);
return hr;}
HRESULTSnmpRegUpgEnableAuthTraps(){ HRESULT hr = S_OK; HKEY hKey;
// open the ..SNMP\Parameters registry key
hr = HrRegOpenKeyEx(HKEY_LOCAL_MACHINE, REG_KEY_AUTHENTICATION_TRAPS, KEY_QUERY_VALUE, &hKey);
// if successful, look for EnableAuthenticationTrap switch
// in the old registry location
if (hr == S_OK) { DWORD dwAuthTrap;
// get the value of the old 'switch' parameter
hr = HrRegQueryDword(hKey, REG_VALUE_SWITCH, &dwAuthTrap);
// if successful transfer the value to the new location
// if this fails, it means the SNMP service worked with the default value
// which is already installed through the inf file.
if (hr == S_OK) { hr = SnmpRegWriteDword(REG_KEY_SNMP_PARAMETERS, REG_VALUE_AUTHENTICATION_TRAPS, dwAuthTrap); }
// close and delete the old registry key as it is obsolete
RegSafeCloseKey(hKey); HrRegDeleteKey (HKEY_LOCAL_MACHINE, REG_KEY_AUTHENTICATION_TRAPS); }
return hr;
}
HRESULTSnmpRegWriteCommunities(PWSTR pszCommArray){ HRESULT hr; HKEY hKey; PWSTR pszComm, pszAccess; DWORD dwAccess;
hr = HrRegDeleteKey(HKEY_LOCAL_MACHINE, REG_KEY_VALID_COMMUNITIES);
if (hr != S_OK) { return hr; }
hr = HrRegCreateKeyEx(HKEY_LOCAL_MACHINE, REG_KEY_VALID_COMMUNITIES, 0, KEY_QUERY_VALUE | KEY_SET_VALUE, NULL, &hKey, NULL);
if (hr != S_OK) { return hr; }
pszComm = pszCommArray; while (*pszComm != L'\0') { dwAccess = SEC_READ_ONLY_VALUE; pszAccess = wcschr(pszComm, L':'); if (pszAccess != NULL) { *pszAccess = L'\0'; pszAccess++;
if (_wcsicmp(pszAccess, SEC_NONE_NAME)==0) { dwAccess = SEC_NONE_VALUE; } if (_wcsicmp(pszAccess, SEC_NOTIFY_NAME)==0) { dwAccess = SEC_NOTIFY_VALUE; } if (_wcsicmp(pszAccess, SEC_READ_ONLY_NAME)==0) { dwAccess = SEC_READ_ONLY_VALUE; } if (_wcsicmp(pszAccess, SEC_READ_WRITE_NAME)==0) { dwAccess = SEC_READ_WRITE_VALUE; } if (_wcsicmp(pszAccess, SEC_READ_CREATE_NAME)==0) { dwAccess = SEC_READ_CREATE_VALUE; } }
hr = HrRegSetDword(hKey, pszComm, dwAccess); if (hr != S_OK) { break; } if (pszAccess != NULL) { pszComm = pszAccess; } pszComm += (wcslen(pszComm) + 1); }
RegSafeCloseKey(hKey); return hr;}
HRESULT SnmpRegWriteDefCommunity(){ HRESULT hr; HKEY hKey;
hr = HrRegCreateKeyEx(HKEY_LOCAL_MACHINE, REG_KEY_VALID_COMMUNITIES, 0, KEY_QUERY_VALUE | KEY_SET_VALUE, NULL, &hKey, NULL); if (hr != S_OK) { return hr; }
hr = HrRegSetDword(hKey, SEC_DEF_COMM_NAME, SEC_DEF_COMM_VALUE);
RegSafeCloseKey(hKey);
return hr;}
HRESULT SnmpRegWritePermittedMgrs(BOOL bAnyHost, PWSTR pMgrsList){ HRESULT hr; HKEY hKey; UINT nMgr = 1; WCHAR szMgr[16];
hr = HrRegDeleteKey(HKEY_LOCAL_MACHINE, REG_KEY_PERMITTED_MANAGERS);
if (hr != S_OK) { return hr; }
hr = HrRegCreateKeyEx(HKEY_LOCAL_MACHINE, REG_KEY_PERMITTED_MANAGERS, 0, KEY_QUERY_VALUE | KEY_SET_VALUE, NULL, &hKey, NULL);
if (hr != S_OK || bAnyHost) { return hr; }
while(*pMgrsList != L'\0') { swprintf(szMgr, L"%d", nMgr++); hr = HrRegSetSz(hKey, szMgr, pMgrsList); if (hr != S_OK) break; pMgrsList += wcslen(pMgrsList) + 1; }
RegSafeCloseKey(hKey);
return hr;}
HRESULTSnmpRegWriteTraps(tstring tstrVariable, PWSTR pTstrArray){ HKEY hKey, hKeyTrap; HRESULT hr = S_OK; UINT nTrap = 1; WCHAR szTrap[16];
hr = HrRegDeleteKeyTree(HKEY_LOCAL_MACHINE, REG_KEY_TRAP_DESTINATIONS);
if (hr != S_OK) return hr;
hr = HrRegCreateKeyEx(HKEY_LOCAL_MACHINE, REG_KEY_TRAP_DESTINATIONS, 0, KEY_QUERY_VALUE | KEY_SET_VALUE, NULL, &hKey, NULL);
if (hr != S_OK) return hr;
hr = HrRegCreateKeyEx(hKey, tstrVariable.c_str(), 0, KEY_QUERY_VALUE | KEY_SET_VALUE, NULL, &hKeyTrap, NULL); if (hr == S_OK) { // it might just happen that you want to create a
// community but you don't have the trap destination
// addresses yet. We should let this happen.
if (pTstrArray != NULL) { while(*pTstrArray != L'\0') { swprintf(szTrap, L"%d", nTrap++); hr = HrRegSetSz(hKeyTrap, szTrap, pTstrArray); if (hr != S_OK) break; pTstrArray += wcslen(pTstrArray) + 1; } }
RegSafeCloseKey(hKeyTrap); }
RegSafeCloseKey(hKey);
return hr;}
HRESULTSnmpRegWriteTstring(PWSTR pRegKey, PWSTR pValueName, tstring tstrValueData){ HRESULT hr = S_OK; HKEY hKey;
hr = HrRegCreateKeyEx(HKEY_LOCAL_MACHINE, pRegKey, 0, KEY_QUERY_VALUE | KEY_SET_VALUE, NULL, &hKey, NULL); if (hr != S_OK) return hr;
hr = HrRegSetString(hKey, pValueName, tstrValueData);
RegSafeCloseKey(hKey);
return hr;}
DWORDSnmpStrArrayToServices(PWSTR pSrvArray){ DWORD dwServices = 0;
while(*pSrvArray) { if(_wcsicmp(pSrvArray, SRV_AGNT_PHYSICAL_NAME)==0) dwServices |= SRV_AGNT_PHYSICAL_VALUE; if(_wcsicmp(pSrvArray, SRV_AGNT_DATALINK_NAME)==0) dwServices |= SRV_AGNT_DATALINK_VALUE; if(_wcsicmp(pSrvArray, SRV_AGNT_ENDTOEND_NAME)==0) dwServices |= SRV_AGNT_ENDTOEND_VALUE; if(_wcsicmp(pSrvArray, SRV_AGNT_INTERNET_NAME)==0) dwServices |= SRV_AGNT_INTERNET_VALUE; if(_wcsicmp(pSrvArray, SRV_AGNT_APPLICATIONS_NAME)==0) dwServices |= SRV_AGNT_APPLICATIONS_VALUE;
pSrvArray += wcslen(pSrvArray) + 1; } return dwServices;}
|
