archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8 Commits
1 Branch
0 Tags
2.0 GiB
Tree: 744f0b4006
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '744f0b4006'
${ noResults }
windows-xp/Source/XPSP1/NT/admin/activec/nodemgr/policy.cpp

177 lines
4.7 KiB
Raw Normal View History

Add source files
4 years ago
  1. //____________________________________________________________________________
  2. //
  3. // Microsoft Windows
  4. // Copyright (C) Microsoft Corporation, 1997 - 1999
  5. //
  6. // File: policy.cpp
  7. //
  8. // Contents: Helper class to determine policy for each snapin
  9. //
  10. // Classes: CPolicy
  11. //
  12. // Functions:
  13. //
  14. // History: 12/04/1998 AnandhaG Created
  15. //____________________________________________________________________________
  17. #include "stdafx.h"
  18. #include "policy.h"
  21. /*+-------------------------------------------------------------------------*
  22. *
  23. * CPolicy::ScInit
  24. *
  25. * PURPOSE: Initializes the policy object from registry.
  26. *
  27. * PARAMETERS:
  28. * None.
  29. *
  30. * RETURNS:
  31. * SC - Right now always returns success.
  32. *
  33. *+-------------------------------------------------------------------------*/
  34. SC CPolicy::ScInit()
  35. {
  36. DECLARE_SC (sc, _T("CPolicy::ScInit"));
  38. // Default NT4 configuration. Always allow author mode
  39. // and allow snapins not in permitted list.
  40. m_bRestrictAuthorMode = FALSE;
  41. m_bRestrictedToPermittedList = FALSE;
  43. // Check if the policy key exists. If not return success immediately.
  44. sc = m_rPolicyRootKey.ScOpen (HKEY_CURRENT_USER, POLICY_KEY, KEY_READ);
  45. if (sc)
  46. {
  47. if (sc = ScFromWin32 (ERROR_FILE_NOT_FOUND))
  48. {
  49. TRACE(_T("CPolicy::Policy does not exist\n"));
  50. sc.Clear();
  51. }
  53. return (sc);
  54. }
  56. bool bRestrictAuthorMode = false;
  57. bool bRestrictedToPermittedList = false;
  59. // Read the values of RestrictAuthorMode and whether
  60. // snapins not in the list are permitted or not.
  61. if (m_rPolicyRootKey.IsValuePresent(g_szRestrictAuthorMode))
  62. {
  63. DWORD dwValue;
  64. DWORD dwSize = sizeof(dwValue);
  65. DWORD dwType = REG_DWORD;
  67. sc = m_rPolicyRootKey.ScQueryValue (g_szRestrictAuthorMode, &dwType,
  68. &dwValue, &dwSize);
  69. if (sc)
  70. sc.Clear();
  71. else
  72. bRestrictAuthorMode = !!dwValue;
  73. }
  75. if (m_rPolicyRootKey.IsValuePresent(g_szRestrictToPermittedList))
  76. {
  77. DWORD dwValue = 0;
  78. DWORD dwSize = sizeof(dwValue);
  79. DWORD dwType = REG_DWORD;
  81. sc = m_rPolicyRootKey.ScQueryValue (g_szRestrictToPermittedList, &dwType,
  82. &dwValue, &dwSize);
  83. if (sc)
  84. sc.Clear();
  85. else
  86. bRestrictedToPermittedList = !!dwValue;
  87. }
  89. m_bRestrictAuthorMode = bRestrictAuthorMode;
  90. m_bRestrictedToPermittedList = bRestrictedToPermittedList;
  91. return sc;
  92. }
  95. /*+-------------------------------------------------------------------------*
  96. * CPolicy::IsPermittedSnapIn
  97. *
  98. * Determines if a snap-in is permitted according to this policy. The
  99. * real work happens in
  100. *
  101. * IsPermittedSnapIn (LPCWSTR);
  102. *--------------------------------------------------------------------------*/
  104. bool CPolicy::IsPermittedSnapIn(REFCLSID refSnapInCLSID)
  105. {
  106. CCoTaskMemPtr<WCHAR> spwzSnapinClsid;
  108. /*
  109. * Get the string representation of the CLSID. If that fails,
  110. * permit the snap-in.
  111. */
  112. if (FAILED (StringFromCLSID (refSnapInCLSID, &spwzSnapinClsid)))
  113. return TRUE;
  115. /*
  116. * forward to the real worker
  117. */
  118. return (IsPermittedSnapIn (spwzSnapinClsid));
  119. }
  122. /*+-------------------------------------------------------------------------*
  123. * CPolicy::IsPermittedSnapIn
  124. *
  125. * Determines if a snap-in is permitted according to this policy.
  126. *--------------------------------------------------------------------------*/
  128. bool CPolicy::IsPermittedSnapIn(LPCWSTR lpszCLSID)
  129. {
  130. /*
  131. * No CLSID? Allow it.
  132. */
  133. if (lpszCLSID == NULL)
  134. return (TRUE);
  136. /*
  137. * No policy key? Allow everything.
  138. */
  139. if (m_rPolicyRootKey == NULL)
  140. return (true);
  142. // See if this snapin policy is defined or not.
  143. bool bRestricted = FALSE;
  144. bool bSnapinFound = FALSE;
  146. USES_CONVERSION;
  147. CRegKeyEx regKeyTemp;
  148. bSnapinFound = !regKeyTemp.ScOpen (m_rPolicyRootKey, W2CT(lpszCLSID), KEY_READ).IsError();
  150. if (bSnapinFound && regKeyTemp.IsValuePresent(g_szRestrictRun))
  151. {
  152. // Read the value of Restrict_Run.
  153. DWORD dwValue = 0;
  154. DWORD dwSize = sizeof(DWORD);
  155. DWORD dwType = REG_DWORD;
  157. regKeyTemp.ScQueryValue (g_szRestrictRun, &dwType, &dwValue, &dwSize);
  158. bRestricted = !!dwValue;
  159. }
  161. // At this point we know policies root key exists. So if the
  162. // snapin key is not found, then we have to see if the administrator
  163. // allows snapins not in the permitted list (therefore snapin key
  164. // does not exist).
  165. if (! bSnapinFound)
  166. {
  167. if(m_bRestrictedToPermittedList)
  168. return false; // because if the snap-in is not on the list, and
  169. // restrictions are set, disallow by default
  170. else
  171. return true; // NT4 behavior - no restrictions set, and per-snap-in
  172. // entry not found, so allow by default.
  173. }
  175. // At this point snapin's Restrict_Run key was read so use it.
  176. return (!bRestricted);
  177. }