Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

218 lines
8.5 KiB

  1. /*---------------------------------------------------------------------------
  2. File: RightsTranslator.cpp
  3. Comments: Functions to translate user rights
  4. (c) Copyright 1999, Mission Critical Software, Inc., All Rights Reserved
  5. Proprietary and confidential to Mission Critical Software, Inc.
  6. REVISION LOG ENTRY
  7. Revision By: Christy Boles
  8. Revised on 02/25/99 19:57:16
  9. ---------------------------------------------------------------------------
  10. */
  11. #include "StdAfx.h"
  12. #include "Mcs.h"
  13. #include "WorkObj.h"
  14. #include "SecTrans.h"
  15. #include "STArgs.hpp"
  16. #include "SidCache.hpp"
  17. #include "SDStat.hpp"
  18. #include "TxtSid.h"
  19. #include "ErrDct.hpp"
  20. //#import "\bin\McsDctWorkerObjects.tlb"
  21. #import "WorkObj.tlb"
  22. extern TErrorDct err;
  23. DWORD
  24. TranslateUserRights(
  25. WCHAR const * serverName, // in - name of server to translate groups on
  26. SecurityTranslatorArgs * stArgs, // in - translation settings
  27. TSDRidCache * cache, // in - translation table
  28. TSDResolveStats * stat // in - stats on items modified
  29. )
  30. {
  31. // DWORD rc = 0;
  32. HRESULT hr;
  33. SAFEARRAY * pRights = NULL;
  34. SAFEARRAY * pUsers = NULL;
  35. TAcctNode * node = NULL;
  36. _bstr_t server = serverName;
  37. MCSDCTWORKEROBJECTSLib::IUserRightsPtr pLsa(CLSID_UserRights);
  38. WCHAR currPath[500];
  39. DWORD mode = stArgs->TranslationMode();
  40. BOOL bUseMapFile = stArgs->UsingMapFile();
  41. if ( pLsa == NULL )
  42. {
  43. return E_FAIL;
  44. }
  45. pLsa->NoChange = stArgs->NoChange();
  46. if ( stArgs->TranslationMode() != ADD_SECURITY )
  47. {
  48. err.MsgWrite(0,DCT_MSG_USER_RIGHTS_ONLY_ADDS);
  49. stArgs->SetTranslationMode(ADD_SECURITY);
  50. }
  51. // Get a list of all the rights
  52. hr = pLsa->raw_GetRights(server,&pRights);
  53. if ( SUCCEEDED(hr) )
  54. {
  55. LONG nRights = 0;
  56. long ndx[1];
  57. hr = SafeArrayGetUBound(pRights,1,&nRights);
  58. if ( SUCCEEDED(hr) )
  59. {
  60. for ( long i = 0 ; i <= nRights ; i++ )
  61. {
  62. BSTR right;
  63. ndx[0] = i;
  64. hr = SafeArrayGetElement(pRights,ndx,&right);
  65. if ( SUCCEEDED(hr) )
  66. {
  67. swprintf(currPath,L"%s\\%s",serverName,(WCHAR*)right);
  68. if( stat )
  69. {
  70. stat->DisplayPath(currPath);
  71. }
  72. // Get a list of users who have this right
  73. hr = pLsa->raw_GetUsersWithRight(server,right,&pUsers);
  74. if ( SUCCEEDED(hr))
  75. {
  76. LONG nUsers = 0;
  77. hr = SafeArrayGetUBound(pUsers,1,&nUsers);
  78. if ( SUCCEEDED(hr) )
  79. {
  80. BSTR user;
  81. PSID pSid = NULL;
  82. // PSID pTgt = NULL;
  83. for ( long j = 0 ; j <= nUsers ; j++ )
  84. {
  85. ndx[0] = j;
  86. hr = SafeArrayGetElement(pUsers,ndx,&user);
  87. if ( SUCCEEDED(hr))
  88. {
  89. // Get the user's sid
  90. pSid = SidFromString(user);
  91. if ( pSid )
  92. {
  93. stat->IncrementExamined(userright);
  94. // Lookup the user in the cache
  95. if (!bUseMapFile)
  96. node = cache->Lookup(pSid);
  97. else
  98. node = cache->LookupWODomain(pSid);
  99. if ( node )
  100. {
  101. if ( node == (TAcctNode*)-1 )
  102. {
  103. node = NULL;
  104. }
  105. if ( node && node->IsValidOnTgt() )
  106. {
  107. // Found the account in the cache
  108. // remove the right from the source user
  109. if ( (stArgs->TranslationMode() != ADD_SECURITY) )
  110. {
  111. hr = pLsa->raw_RemoveUserRight(server,user,right);
  112. if ( FAILED(hr))
  113. {
  114. err.SysMsgWrite(ErrE,hr,DCT_MSG_REMOVE_RIGHT_FAILED_SSSD,
  115. (WCHAR*)right,node->GetAcctName(),serverName,hr);
  116. stat->IncrementSkipped(userright);
  117. }
  118. else
  119. {
  120. err.MsgWrite(0,DCT_MSG_REMOVED_RIGHT_SSSS,serverName,right,stArgs->Source(),node->GetAcctName());
  121. }
  122. }
  123. if ( SUCCEEDED(hr) )
  124. {
  125. stat->IncrementChanged(userright);
  126. PSID sid = NULL;
  127. if (!bUseMapFile)
  128. sid = cache->GetTgtSid(node);
  129. else
  130. sid = cache->GetTgtSidWODomain(node);
  131. if ( sid )
  132. {
  133. WCHAR strSid[200];
  134. DWORD lenStrSid = DIM(strSid);
  135. GetTextualSid(sid,strSid,&lenStrSid);
  136. if ( (stArgs->TranslationMode() != REMOVE_SECURITY) )
  137. {
  138. hr = pLsa->raw_AddUserRight(server,SysAllocString(strSid),right);
  139. if ( FAILED(hr) )
  140. {
  141. err.SysMsgWrite(ErrE,hr,DCT_MSG_ADD_RIGHT_FAILED_SSSD,
  142. (WCHAR*)right,node->GetAcctName(),serverName,hr);
  143. }
  144. else
  145. {
  146. err.MsgWrite(0,DCT_MSG_ADDED_RIGHT_SSSS,serverName,right,stArgs->Target(),node->GetAcctName());
  147. }
  148. }
  149. free(sid);
  150. }
  151. }
  152. }
  153. }
  154. FreeSid(pSid);
  155. }
  156. else
  157. {
  158. err.MsgWrite(ErrW,DCT_MSG_INVALID_SID_STRING_S,user);
  159. }
  160. SysFreeString(user);
  161. }
  162. }
  163. }
  164. else
  165. {
  166. err.SysMsgWrite(ErrE,hr,DCT_MSG_USERS_WITH_RIGHT_COUNT_FAILED_SSD,(WCHAR*)right,serverName,hr);
  167. }
  168. SafeArrayDestroy(pUsers);
  169. }
  170. else
  171. {
  172. err.MsgWrite(ErrE,DCT_MSG_GET_USERS_WITH_RIGHT_FAILED_SSD,(WCHAR*)right,serverName,hr);
  173. }
  174. SysFreeString(right);
  175. }
  176. else
  177. {
  178. err.MsgWrite(ErrE,DCT_MSG_LIST_RIGHTS_FAILED_SD,serverName,hr);
  179. break;
  180. }
  181. }
  182. }
  183. else
  184. {
  185. err.MsgWrite(ErrE,DCT_MSG_LIST_RIGHTS_FAILED_SD,serverName,hr);
  186. }
  187. SafeArrayDestroy(pRights);
  188. }
  189. else
  190. {
  191. err.MsgWrite(ErrE,DCT_MSG_LIST_RIGHTS_FAILED_SD,serverName,hr);
  192. }
  193. if( stat )
  194. {
  195. stat->DisplayPath(L"");
  196. }
  197. // set the translation mode back to its original value
  198. stArgs->SetTranslationMode(mode);
  199. return hr;
  200. }