|
|
/*++
(c) 1998 Seagate Software, Inc. All rights reserved.
Module Name:
fsaftclt.cpp
Abstract:
This class represents a user who the filter has detected accessing a file with placeholder information.
Author:
Chuck Bardeen [cbardeen] 12-Feb-1997
Revision History:
--*/
#include "stdafx.h"
extern "C" {#include <ntseapi.h>
#include <wchar.h>
#include <lmaccess.h>
#include <lmserver.h>
#include <lmshare.h>
#include <lmapibuf.h>
#include <lmerr.h>
// #define MAC_SUPPORT // NOTE: You must define MAC_SUPPORT in fsafltr.cpp to enable all the code
#ifdef MAC_SUPPORT
#include <macfile.h>
#endif
}
#define WSB_TRACE_IS WSB_TRACE_BIT_FSA
#include "wsb.h"
#include "fsa.h"
#include "fsaftclt.h"
static USHORT iCountFtclt = 0; // Count of existing objects
//
// We need to dynamically load the DLL for MAC support because it is not there if
// the MAC service is not installed.
//
#ifdef MAC_SUPPORT
HANDLE FsaDllSfm = 0;BOOL FsaMacSupportInstalled = FALSE;
extern "C" {DWORD (*pAfpAdminConnect) (LPWSTR lpwsServerName, PAFP_SERVER_HANDLE phAfpServer);VOID (*pAfpAdminDisconnect) (AFP_SERVER_HANDLE hAfpServer);VOID (*pAfpAdminBufferFree) (PVOID pBuffer);DWORD (*pAfpAdminSessionEnum) (AFP_SERVER_HANDLE hAfpServer, LPBYTE *lpbBuffer, DWORD dwPrefMaxLen, LPDWORD lpdwEntriesRead, LPDWORD lpdwTotalEntries, LPDWORD lpdwResumeHandle);}#endif
DWORD FsaIdentifyThread(void *pNotifyInterface);
�DWORD FsaIdentifyThread( void* pVoid )
/*++
Entry point of the thread that performs identify operation with remote clients.
--*/{HRESULT hr;
hr = CoInitializeEx(NULL, COINIT_MULTITHREADED); hr = ((CFsaFilterClient*) pVoid)->IdentifyThread(); CoUninitialize(); return(hr);}
�staticHRESULTGetNotifyClientInterface( IN OLECHAR * machineName, OUT IFsaRecallNotifyClient ** ppClient ){ HRESULT hr = S_OK;
try {
//
// Make sure parameters OK and OUTs initially cleared
//
WsbAffirmPointer ( ppClient ); *ppClient = 0;
//
// If connecting local, things work better to use NULL
// for the computer name
//
if ( machineName ) {
CWsbStringPtr localMachine; WsbAffirmHr( WsbGetComputerName( localMachine ) );
if( _wcsicmp( localMachine, machineName ) == 0 ) {
machineName = 0;
}
}
//
// Set server info
//
COSERVERINFO csi; COAUTHINFO cai; memset ( &csi, 0, sizeof ( csi ) ); memset ( &cai, 0, sizeof ( cai ) );
// Set machine name
csi.pwszName = machineName;
// Create a proxy with security settings of no authentication (note that RsNotify is running with this security)
cai.dwAuthnSvc = RPC_C_AUTHN_WINNT; cai.dwAuthzSvc = RPC_C_AUTHZ_DEFAULT; cai.pwszServerPrincName = NULL; cai.dwImpersonationLevel = RPC_C_IMP_LEVEL_IMPERSONATE; cai.pAuthIdentityData = NULL; cai.dwCapabilities = EOAC_NONE;
cai.dwAuthnLevel = RPC_C_AUTHN_LEVEL_NONE;
csi.pAuthInfo = &cai;
//
// We want IFsaRecallNotifyClient back
//
MULTI_QI mqi; memset ( &mqi, 0, sizeof ( mqi ) ); mqi.pIID = &IID_IFsaRecallNotifyClient;
//
// Make the connection...
//
WsbAffirmHr ( CoCreateInstanceEx ( CLSID_CFsaRecallNotifyClient, 0, CLSCTX_NO_FAILURE_LOG | ( machineName ? CLSCTX_REMOTE_SERVER : CLSCTX_LOCAL_SERVER ), &csi, 1, &mqi ) ); WsbAffirmHr ( mqi.hr );
//
// We need to make sure we clean up correctly if any interface
// post-processing fails, so assign over to a smart pointer for
// the time being
//
CComPtr<IFsaRecallNotifyClient> pClientTemp = (IFsaRecallNotifyClient*)mqi.pItf; mqi.pItf->Release ( );
//
// Finally, we need to set the security on the procy to allow the
// anonymous connection. Values should be the same as above (COAUTHINFO)
// We need to make sure this is a remote machine first. Otherwise, we
// get an error of E_INVALIDARG.
//
if( machineName ) {
CComPtr<IClientSecurity> pSecurity; WsbAffirmHr( pClientTemp->QueryInterface( IID_IClientSecurity, (void**)&pSecurity ) );
WsbAffirmHr( pSecurity->SetBlanket ( pClientTemp, RPC_C_AUTHN_NONE, RPC_C_AUTHZ_NONE, 0, RPC_C_AUTHN_LEVEL_NONE, RPC_C_IMP_LEVEL_IDENTIFY, 0, 0 ) );
}
//
// Finally, assign over and AddRef the return.
//
*ppClient = pClientTemp; (*ppClient)->AddRef ( );
} WsbCatch ( hr );
return ( hr );}
�HRESULTCFsaFilterClient::CheckRecallLimit( IN DWORD minRecallInterval, IN DWORD maxRecalls, IN BOOLEAN exemptAdmin )
/*++
Implements:
IWsbCollectable::CheckRecallLimit().
--*/{ HRESULT hr = S_OK; FILETIME now, last; LARGE_INTEGER tNow, tLast; ULONG rCount;
WsbTraceIn(OLESTR("CFsaFilterClient::CheckRecallLimit"), OLESTR("")); try { //
// Now check for runaway recall limits if the user is not
// an administrator
//
if ((!m_isAdmin) || (!exemptAdmin)) { //
// See if the time since the end of the last recall is
// less than m_minRecallInterval (in seconds) and if so,
// increment the count.
// If not, then reset the count (if we were not
// already triggered).
// If the count is equal to the max then set the trigger.
//
WsbTrace(OLESTR("CHsmFilter::IoctlThread: Not an administrator or admin is not exempt.\n")); GetSystemTimeAsFileTime(&now); tNow.LowPart = now.dwLowDateTime; tNow.HighPart = now.dwHighDateTime; GetLastRecallTime(&last); tLast.LowPart = last.dwLowDateTime; tLast.HighPart = last.dwHighDateTime; //
// Get the time (in 100 nano-second units)
// from the end of the last recall until now.
//
tNow.QuadPart -= tLast.QuadPart; //
// Convert to seconds and check against the interval time
//
tNow.QuadPart /= (LONGLONG) 10000000; if (tNow.QuadPart < (LONGLONG) minRecallInterval) { //
// This one counts - increment the count
// and check for a trigger.
//
GetRecallCount(&rCount); rCount++; SetRecallCount(rCount); WsbTrace(OLESTR("CHsmFilterClient::CheckRecallLimit: Recall count bumped to %ls.\n"), WsbLongAsString(rCount)); if (rCount >= maxRecalls) { //
// Hit the runaway recall limit. Set the
// limit flag.
//
WsbTrace(OLESTR("CHsmFilter::IoctlThread: Hit the runaway recall limit!!!.\n")); SetHitRecallLimit(TRUE); } } else { //
// Reset the count if they are not already triggered.
// If they are triggered then reset the trigger and
// limit if it has been a respectable time.
// TBD - What is a respectable time??
//
if (HitRecallLimit() != S_FALSE) { if (tNow.QuadPart > (LONGLONG) minRecallInterval * 100) { //
// A respectable time has passed - reset the trigger and count.
//
WsbTrace(OLESTR("CHsmFilterClient::CheckRecallLimit: Resetting recall limit trigger and count.\n")); SetHitRecallLimit(FALSE); SetRecallCount(0); m_loggedLimitError = FALSE; } } else { //
// This one did not count and they were not already triggered.
// Reset the count to zero.
//
WsbTrace(OLESTR("CHsmFilterClient::CheckRecallLimit: Resetting recall count.\n")); SetRecallCount(0); } } //
// Fail if the limit is hit.
//
WsbAffirm(HitRecallLimit() == S_FALSE, FSA_E_HIT_RECALL_LIMIT); }
} WsbCatch(hr);
// NOTE - IF RUNAWAY RECALL BEHAVIOR CHANGES TO TRUNCATE ON CLOSE, CHANGE
// FSA_MESSAGE_HIT_RECALL_LIMIT_ACCESSDENIED TO FSA_MESSAGE_HIT_RECALL_LIMIT_TRUNCATEONCLOSE.
if ( (hr == FSA_E_HIT_RECALL_LIMIT) && (!m_loggedLimitError)) { WsbLogEvent(FSA_MESSAGE_HIT_RECALL_LIMIT_ACCESSDENIED, 0, NULL, (WCHAR *) m_userName, NULL); m_loggedLimitError = TRUE; }
WsbTraceOut(OLESTR("CHsmFilterClient::CheckRecallLimit"), OLESTR("hr = <%ls>"), WsbHrAsString(hr));
return(hr);}
�HRESULTCFsaFilterClient::CompareBy( FSA_FILTERCLIENT_COMPARE by )
/*++
Implements:
IFsaFilterClient::CompareBy().
--*/{ HRESULT hr = S_OK;
m_compareBy = by; m_isDirty = TRUE;
return(hr);}
�HRESULTCFsaFilterClient::CompareTo( IN IUnknown* pUnknown, OUT SHORT* pResult )
/*++
Implements:
IWsbCollectable::CompareTo().
--*/{ HRESULT hr = S_OK; CComPtr<IFsaFilterClient> pClient;
WsbTraceIn(OLESTR("CFsaFilterClient::CompareTo"), OLESTR("")); try {
// Did they give us a valid item to compare to?
WsbAssert(0 != pUnknown, E_POINTER);
// We need the IWsbBool interface to get the value of the object.
WsbAffirmHr(pUnknown->QueryInterface(IID_IFsaFilterClient, (void**) &pClient));
// Compare the rules.
hr = CompareToIClient(pClient, pResult);
} WsbCatch(hr);
WsbTraceOut(OLESTR("CHsmFilterClient::CompareTo"), OLESTR("hr = <%ls>, result = <%ls>"), WsbHrAsString(hr), WsbPtrToShortAsString(pResult));
return(hr);}
�HRESULTCFsaFilterClient::CompareToAuthenticationId( IN LONG luidHigh, IN ULONG luidLow, OUT SHORT* pResult )
/*++
Implements:
IFsaFilterClient::CompareToAuthenticationId().
--*/{ HRESULT hr = S_OK; SHORT aResult;
WsbTraceIn(OLESTR("CFsaFilterClient::CompareToAuthenticationId"), OLESTR(""));
try {
if (m_luidHigh > luidHigh) { aResult = 1; } else if (m_luidHigh < luidHigh) { aResult = -1; } else if (m_luidLow > luidLow) { aResult = 1; } else if (m_luidLow < luidLow) { aResult = -1; } else { aResult = 0; }
if (0 != aResult) { hr = S_FALSE; }
if (0 != pResult) { *pResult = aResult; }
} WsbCatch(hr);
WsbTraceOut(OLESTR("CFsaFilterClient::CompareToAuthenticationId"), OLESTR("hr = <%ls>, result = <%d>"), WsbHrAsString(hr), aResult);
return(hr);}
�HRESULTCFsaFilterClient::CompareToIClient( IN IFsaFilterClient* pClient, OUT SHORT* pResult )
/*++
Implements:
IFsaFilterClient::CompareToIClient().
--*/{ HRESULT hr = S_OK; CWsbStringPtr name; LONG luidHigh; ULONG luidLow;
WsbTraceIn(OLESTR("CFsaFilterClient::CompareToIClient"), OLESTR(""));
try {
// Did they give us a valid item to compare to?
WsbAssert(0 != pClient, E_POINTER);
switch (m_compareBy) { case FSA_FILTERCLIENT_COMPARE_ID: WsbAffirmHr(pClient->GetAuthenticationId(&luidHigh, &luidLow)); hr = CompareToAuthenticationId(luidHigh, luidLow, pResult); break; case FSA_FILTERCLIENT_COMPARE_MACHINE: WsbAffirmHr(pClient->GetMachineName(&name, 0)); hr = CompareToMachineName(name, pResult); break; default: WsbAssert(FALSE, E_UNEXPECTED); }
} WsbCatch(hr);
WsbTraceOut(OLESTR("CFsaFilterClient::CompareToIClient"), OLESTR("hr = <%ls>, result = <%ls>"), WsbHrAsString(hr), WsbPtrToShortAsString(pResult));
return(hr);}
�HRESULTCFsaFilterClient::CompareToMachineName( IN OLECHAR* name, OUT SHORT* pResult )
/*++
Implements:
IFsaFilterClient::CompareToMachineName().
--*/{ HRESULT hr = S_OK; SHORT aResult;
WsbTraceIn(OLESTR("CFsaFilterClient::CompareToMachineName"), OLESTR(""));
try {
aResult = (SHORT)wcscmp(name, m_machineName); // TBD - Case sensitive or not?
if (0 != aResult) { hr = S_FALSE; } if (0 != pResult) { *pResult = aResult; }
} WsbCatch(hr);
WsbTraceOut(OLESTR("CFsaFilterClient::CompareToMachineName"), OLESTR("hr = <%ls>"), WsbHrAsString(hr));
return(hr);}
�HRESULTCFsaFilterClient::FinalConstruct( void )
/*++
Implements:
CComObjectRoot::FinalConstruct().
--*/{ HRESULT hr = S_OK; WsbTraceIn(OLESTR("CFsaFilterClient::FinalConstruct"),OLESTR("")); try {
WsbAffirmHr(CWsbCollectable::FinalConstruct());
m_compareBy = FSA_FILTERCLIENT_COMPARE_ID; m_luidHigh = 0; m_luidLow = 0; m_hasRecallDisabled = FALSE; m_hitRecallLimit = FALSE; m_lastRecallTime.dwLowDateTime = 0; m_lastRecallTime.dwHighDateTime = 0; m_identified = FALSE; m_tokenSource = L""; m_msgCounter = 1; m_identifyThread = NULL; m_isAdmin = FALSE; m_loggedLimitError = FALSE; } WsbCatch(hr);
iCountFtclt++; WsbTraceOut(OLESTR("CFsaFilterClient::FinalConstruct"),OLESTR("Count is <%d>"), iCountFtclt);
return(hr);}voidCFsaFilterClient::FinalRelease( void )
/*++
Implements:
CComObjectRoot::FinalRelease().
--*/{ WsbTraceIn(OLESTR("CFsaFilterClient::FinalRelease"),OLESTR("")); CWsbCollectable::FinalRelease();
iCountFtclt--; WsbTraceOut(OLESTR("CFsaFilterClient::FinalRelease"),OLESTR("Count is <%d>"), iCountFtclt);}
�HRESULTCFsaFilterClient::GetClassID( OUT CLSID* pClsid )
/*++
Implements:
IPersist::GetClassID().
--*/{ HRESULT hr = S_OK;
WsbTraceIn(OLESTR("CFsaFilterClient::GetClassID"), OLESTR(""));
try {
WsbAssert(0 != pClsid, E_POINTER); *pClsid = CLSID_CFsaFilterClientNTFS;
} WsbCatch(hr);
WsbTraceOut(OLESTR("CFsaFilterClient::GetClassID"), OLESTR("hr = <%ls>, CLSID = <%ls>"), WsbHrAsString(hr), WsbGuidAsString(*pClsid));
return(hr);}
�HRESULTCFsaFilterClient::GetAuthenticationId( OUT LONG* pLuidHigh, OUT ULONG* pLuidLow )
/*++
Implements:
IFsaFilterClient::GetAuthenticationId().
--*/{ HRESULT hr = S_OK;
try {
WsbAssert(0 != pLuidHigh, E_POINTER); WsbAssert(0 != pLuidLow, E_POINTER);
*pLuidHigh = m_luidHigh; *pLuidLow = m_luidLow;
} WsbCatch(hr);
return(hr);}
�HRESULTCFsaFilterClient::GetDomainName( OUT OLECHAR** pName, IN ULONG bufferSize )
/*++
Implements:
IFsaFilterClient::GetDomainName().
--*/{ HRESULT hr = S_OK;
try {
WsbAssert(0 != pName, E_POINTER); WsbAffirmHr(m_domainName.CopyTo(pName, bufferSize));
} WsbCatch(hr);
return(hr);}
�HRESULTCFsaFilterClient::GetIsAdmin( OUT BOOLEAN *pIsAdmin )
/*++
Implements:
IPersist::GetIsAdmin().
--*/{ HRESULT hr = S_OK;
WsbTraceIn(OLESTR("CFsaFilterClient::GetIsAdmin"), OLESTR(""));
try {
WsbAssert(0 != pIsAdmin, E_POINTER); *pIsAdmin = m_isAdmin;
} WsbCatch(hr);
WsbTraceOut(OLESTR("CFsaFilterClient::GetIsAdmin"), OLESTR("hr = <%ls>, isAdmin = <%u>"), WsbHrAsString(hr), *pIsAdmin);
return(hr);}
�HRESULTCFsaFilterClient::GetLastRecallTime( OUT FILETIME* pTime )
/*++
Implements:
IFsaFilterClient::GetLastRecallTime().
--*/{ HRESULT hr = S_OK;
try {
WsbAssert(0 != pTime, E_POINTER); *pTime = m_lastRecallTime;
} WsbCatch(hr);
return(hr);}
�HRESULTCFsaFilterClient::GetMachineName( OUT OLECHAR** pName, IN ULONG bufferSize )
/*++
Implements:
IFsaFilterClient::GetMachineName().
--*/{ HRESULT hr = S_OK;
try {
WsbAssert(0 != pName, E_POINTER); WsbAffirmHr(m_machineName.CopyTo(pName, bufferSize));
} WsbCatch(hr);
return(hr);}
�HRESULTCFsaFilterClient::GetRecallCount( OUT ULONG* pCount )
/*++
Implements:
IFsaFilterClient::GetRecallCount().
--*/{ HRESULT hr = S_OK;
try {
WsbAssert(0 != pCount, E_POINTER); *pCount = m_recallCount;
} WsbCatch(hr);
return(hr);}
�HRESULTCFsaFilterClient::GetUserName( OUT OLECHAR** pName, IN ULONG bufferSize )
/*++
Implements:
IFsaFilterClient::GetUserName().
--*/{ HRESULT hr = S_OK;
try {
WsbAssert(0 != pName, E_POINTER); WsbAffirmHr(m_userName.CopyTo(pName, bufferSize));
} WsbCatch(hr);
return(hr);}
�HRESULTCFsaFilterClient::GetSizeMax( OUT ULARGE_INTEGER* pSize )
/*++
Implements:
IPersistStream::GetSizeMax().
--*/{ HRESULT hr = S_OK;
WsbTraceIn(OLESTR("CFsaFilterClient::GetSizeMax"), OLESTR(""));
try {
WsbAssert(0 != pSize, E_POINTER); pSize->QuadPart = 0;
// WE don't need to persist these.
hr = E_NOTIMPL;
} WsbCatch(hr);
WsbTraceOut(OLESTR("CFsaFilterClient::GetSizeMax"), OLESTR("hr = <%ls>, Size = <%ls>"), WsbHrAsString(hr), WsbPtrToUliAsString(pSize));
return(hr);}
�HRESULTCFsaFilterClient::HasRecallDisabled( void )
/*++
Implements:
IFsaFilterClient::HasRecallDisabled().
--*/{ HRESULT hr = S_OK;
WsbTraceIn(OLESTR("CFsaFilterClient::HasRecallDisabled"), OLESTR("")); if (!m_hasRecallDisabled) { hr = S_FALSE; }
WsbTraceOut(OLESTR("CHsmFilterClient::HasRecallDisabled"), OLESTR("hr = <%ls>"), WsbHrAsString(hr));
return(hr);}
�HRESULTCFsaFilterClient::HitRecallLimit( void )
/*++
Implements:
IFsaFilterClient::HitRecallLimit().
--*/{ HRESULT hr = S_OK;
WsbTraceIn(OLESTR("CFsaFilterClient::HitRecallLimit"), OLESTR("")); if (!m_hitRecallLimit) { hr = S_FALSE; }
WsbTraceOut(OLESTR("CHsmFilterClient::HitRecallLimit"), OLESTR("hr = <%ls>"), WsbHrAsString(hr));
return(hr);}
�HRESULTCFsaFilterClient::IdentifyThread( void )
/*++
Implements:
CFsaFilterClient::IdentifyThread().
--*/{#define WSB_BUFF_SIZE 1024
HRESULT hr = S_OK; BOOL done, guestUser, noUser; DWORD res, totalEnt, numEnt; UCHAR *buff = NULL; NET_API_STATUS status; SESSION_INFO_1 *sess; CWsbStringPtr pipePath; ULONG holdOff = 0;#ifdef MAC_SUPPORT
LPBYTE macBuff = NULL; PAFP_SESSION_INFO macInfo; AFP_SERVER_HANDLE macHandle = 0; DWORD macResume = 0; DWORD macTotalEntries, macTotalRead; DWORD result;#endif
WsbTraceIn(OLESTR("CFsaFilterClient::IdentifyThread"), OLESTR(""));
try { WsbTrace(OLESTR("CFsaFilterClient::IdentifyThread Flag: %x Client ID: %x:%x Source: %ls\n"), m_identified, m_luidHigh, m_luidLow, (WCHAR *) m_tokenSource);
//
// If already identified then we bail out here.
//
WsbAffirm(m_identified == FALSE, S_OK);
done = FALSE; res = 0; noUser = FALSE; if (_wcsicmp(m_userName, L"GUEST") == 0) { /* It is the guest user - find all sessions and
send to ones marked guest */ guestUser = TRUE; } else { guestUser = FALSE; if (wcslen(m_userName) == 0) { noUser = TRUE; } }
CComPtr<IFsaRecallNotifyClient> pRecallClient;
WsbGetComputerName( pipePath );
WsbAffirmHr(pipePath.Prepend("\\\\")); WsbAffirmHr(pipePath.Append("\\pipe\\")); WsbAffirmHr(pipePath.Append(WSB_PIPE_NAME));
while ( done == FALSE ) {
if ( (guestUser == FALSE) && (noUser == FALSE) ) {
// If NetSessionEnum fails, try calling again for all users
status = NetSessionEnum(NULL, NULL, m_userName, 1, &buff, WSB_BUFF_SIZE, &numEnt, &totalEnt, &res);
if (status != 0) { status = NetSessionEnum(NULL, NULL, NULL, 1, &buff, WSB_BUFF_SIZE, &numEnt, &totalEnt, &res); } } else { status = NetSessionEnum( NULL, NULL, NULL, 1, &buff, WSB_BUFF_SIZE, &numEnt, &totalEnt, &res ); }
if ((status == NERR_Success) || (status == ERROR_MORE_DATA)) {
WsbTrace(OLESTR("CHsmFilterClient::IdentifyThread: NetSessionEnum output: Total entries=%ls , Read entries=%ls \n"), WsbLongAsString(totalEnt), WsbLongAsString(numEnt));
if (status != ERROR_MORE_DATA) { done = TRUE; }
sess = (SESSION_INFO_1 *) buff;
while ( numEnt != 0 ) { //
// If the request was made from the user GUEST then
// we enumerate all sessions and send the
// identification request to all the machines with
// sessions marked as GUEST. This is because the
// session may have some other user name but the
// request could still have GUEST access.
//
if (((guestUser) && (sess->sesi1_user_flags & SESS_GUEST)) || (!guestUser)) {
//
// Send the identify request message
//
WsbTrace(OLESTR("CFsaFilterClient::IdentifyThread - Sending identify request to %ls (local machine = %ls)\n"), sess->sesi1_cname, (WCHAR *) pipePath);
hr = GetNotifyClientInterface ( sess->sesi1_cname, &pRecallClient ); if ( SUCCEEDED ( hr ) ) {
hr = pRecallClient->IdentifyWithServer( pipePath ); if (hr != S_OK) { WsbTrace(OLESTR("CFsaFilterClient::IdentifyThread - error Identifing (%ls)\n"), WsbHrAsString(hr)); } } else { WsbTrace(OLESTR("CFsaFilterClient::IdentifyThread - error getting notify client interface hr = %ls (%x)\n"), WsbHrAsString( hr ), hr); } hr = S_OK; pRecallClient.Release ( ); }
sess++; numEnt--; }
NetApiBufferFree(buff); buff = NULL; } else { done = TRUE; } } #ifdef MAC_SUPPORT
//
// Done with LAN manager scan, now do a MAC scan.
//
if ( (FsaMacSupportInstalled) && ((pAfpAdminConnect)(NULL, &macHandle) == NO_ERROR) ) { //
// We have connected to the MAC service - do a session enumeration
//
macResume = 0; done = FALSE; while (done == FALSE) { result = (pAfpAdminSessionEnum)(macHandle, &macBuff, -1, &macTotalRead, &macTotalEntries, &macResume);
if ((result == NO_ERROR) || (result == ERROR_MORE_DATA)) { //
// Read some entries - send the message to each one
//
if (macTotalRead == macTotalEntries) { done = TRUE; }
macInfo = (PAFP_SESSION_INFO) macBuff; while ( macTotalRead != 0 ) { //
// Send to each matching user
//
if ( ( NULL != macInfo->afpsess_ws_name ) && ( _wcsicmp(m_userName, macInfo->afpsess_username ) == 0 ) ) {
WsbTrace(OLESTR("CHsmFilterClient::IdentifyThread: Send Identify to MAC %ls.\n"), macInfo->afpsess_ws_name);
//
// Send the identify request message
//
hr = GetNotifyClientInterface ( sess->sesi1_cname, &pRecallClient ); if ( SUCCEEDED ( hr ) ) { pRecallClient->IdentifyWithServer ( pipePath ); }
hr = S_OK; pRecallClient.Release ( ); } macInfo++; macTotalRead--; }
(pAfpAdminBufferFree)(macBuff); macBuff = NULL; } else { done = TRUE; } (pAfpAdminDisconnect)(macHandle); macHandle = 0; } }#endif
} WsbCatch(hr);
if (buff != NULL) { NetApiBufferFree(buff); }
#ifdef MAC_SUPPORT
if (FsaMacSupportInstalled) { if (macBuff != NULL) { (pAfpAdminBufferFree)(macBuff); } if (macHandle != 0) { (pAfpAdminDisconnect)(macHandle); } }#endif
CloseHandle(m_identifyThread); m_identifyThread = NULL;
WsbTraceOut(OLESTR("CFsaFilterClient::IdentifyThread"), OLESTR("hr = %ls"), WsbHrAsString(hr)); return(hr);}
�HRESULTCFsaFilterClient::Load( IN IStream* pStream )
/*++
Implements:
IPersistStream::Load().
--*/{ HRESULT hr = S_OK;
WsbTraceIn(OLESTR("CFsaFilterClient::Load"), OLESTR(""));
try { WsbAssert(0 != pStream, E_POINTER); // No persistence.
hr = E_NOTIMPL;
} WsbCatch(hr);
WsbTraceOut(OLESTR("CFsaFilterClient::Load"), OLESTR("hr = <%ls>"), WsbHrAsString(hr));
return(hr);}
�HRESULTCFsaFilterClient::Save( IN IStream* pStream, IN BOOL clearDirty )
/*++
Implements:
IPersistStream::Save().
--*/{ HRESULT hr = S_OK; CComPtr<IPersistStream> pPersistStream;
WsbTraceIn(OLESTR("CFsaFilterClient::Save"), OLESTR("clearDirty = <%ls>"), WsbBoolAsString(clearDirty)); try { WsbAssert(0 != pStream, E_POINTER); // No persistence.
hr = E_NOTIMPL;
// If we got it saved and we were asked to clear the dirty bit, then
// do so now.
if (clearDirty) { m_isDirty = FALSE; }
} WsbCatch(hr);
WsbTraceOut(OLESTR("CFsaFilterClient::Save"), OLESTR("hr = <%ls>"), WsbHrAsString(hr));
return(hr);}
�HRESULTCFsaFilterClient::SendRecallInfo( IFsaFilterRecall *pRecall, BOOL starting, HRESULT rHr )
/*++
Implements:
CFsaFilterClient::SendRecallInfo
--*/{ HRESULT hr = E_FAIL;
if( ! m_identified && ( m_identifyThread != NULL ) ) {
//
// Wait for up to 10 seconds for identify thread to complete if
// Client not yet identified
//
WaitForMultipleObjects( 1, &m_identifyThread, FALSE, 10000 ); }
//
// Let the client know that the recall is starting or is finished
//
if ( m_identified ) { try { WsbTrace(OLESTR("CFsaFilterClient::SendRecallInfo - Client (%ls) is being notified of recall status (starting = %u hr = %x).\n"), (WCHAR *) m_machineName, starting, rHr); //
// Create intermediate server object which will be the client's
// connection back to the service. This object acts as a middle
// man to overcome the admin-only access into the FSA service.
//
CComPtr<IFsaRecallNotifyServer> pRecallServer; WsbAffirmHr(CoCreateInstance(CLSID_CFsaRecallNotifyServer, 0, CLSCTX_NO_FAILURE_LOG | CLSCTX_ALL, IID_IFsaRecallNotifyServer, (void**)&pRecallServer)); WsbAffirmHr(pRecallServer->Init(pRecall));
CComPtr<IFsaRecallNotifyClient> pRecallClient; hr = GetNotifyClientInterface ( m_machineName, &pRecallClient ); if ( SUCCEEDED( hr ) ) { if (starting) { hr = pRecallClient->OnRecallStarted ( pRecallServer ); } else { hr = pRecallClient->OnRecallFinished ( pRecallServer, rHr ); } if (hr != S_OK) { WsbTrace(OLESTR("CFsaFilterClient::SendRecallInfo - Got the interface but failed in OnRecall... (%ls)\n"), WsbHrAsString(hr)); } } else { WsbTrace(OLESTR("CFsaFilterClient::SendRecallInfo - error getting notify client interface hr = %ls (%x)\n"), WsbHrAsString( hr ), hr); } } WsbCatchAndDo(hr, WsbTrace(OLESTR("CFsaFilterClient::SendRecallInfo - hr = %ls\n"), WsbHrAsString(hr)); ); }
return(hr);
}
�HRESULTCFsaFilterClient::SetAuthenticationId( IN LONG luidHigh, IN ULONG luidLow )
/*++
Implements:
IFsaFilterClient::SetAuthenticationId().
--*/{ m_luidHigh = luidHigh; m_luidLow = luidLow;
return(S_OK);}
�HRESULTCFsaFilterClient::SetDomainName( IN OLECHAR* name )
/*++
Implements:
IFsaFilterClient::SetDomainName().
--*/{ HRESULT hr = S_OK;
try {
m_domainName = name; WsbAssert(m_domainName != 0, E_UNEXPECTED);
} WsbCatch(hr);
return(hr);}
�HRESULTCFsaFilterClient::SetIsAdmin( IN BOOLEAN isAdmin )
/*++
Implements:
IFsaFilterClient::SetIsAdmin().
--*/{ m_isAdmin = isAdmin;
return(S_OK);}
�HRESULTCFsaFilterClient::SetLastRecallTime( IN FILETIME time )
/*++
Implements:
IFsaFilterClient::SetLastRecallTime().
--*/{ m_lastRecallTime = time;
return(S_OK);}
�HRESULTCFsaFilterClient::SetMachineName( IN OLECHAR* name )
/*++
Implements:
IFsaFilterClient::SetMachineName().
--*/{ HRESULT hr = S_OK;
try { WsbAssert(name != 0, E_UNEXPECTED);
m_machineName = name; m_identified = TRUE;
WsbTrace(OLESTR("CFsaFilterClient::SetMachineName Flag: %x Client ID: %x:%x Source: %ls == %ls\n"), m_identified, m_luidLow, m_luidHigh, (WCHAR *) m_tokenSource, (WCHAR *) m_machineName);
} WsbCatch(hr);
return(hr);}
�HRESULTCFsaFilterClient::SetRecallCount( IN ULONG count )
/*++
Implements:
IFsaFilterClient::SetRecallCount().
--*/{ m_recallCount = count;
return(S_OK);}
�HRESULTCFsaFilterClient::SetUserName( IN OLECHAR* name )
/*++
Implements:
IFsaFilterClient::SetUserName().
--*/{ HRESULT hr = S_OK;
try {
m_userName = _wcsupr(name); WsbAssert(m_userName != 0, E_UNEXPECTED);
} WsbCatch(hr);
return(hr);}
�HRESULTCFsaFilterClient::SetHasRecallDisabled( IN BOOL hasBeen )
/*++
Implements:
IFsaFilterClient::SetHasRecallDisabled().
--*/{ m_hasRecallDisabled = hasBeen;
return(S_OK);}
�HRESULTCFsaFilterClient::SetHitRecallLimit( IN BOOL hasBeen )
/*++
Implements:
IFsaFilterClient::SetHitRecallLimit().
--*/{ m_hitRecallLimit = hasBeen;
return(S_OK);}
�HRESULTCFsaFilterClient::SetTokenSource( IN CHAR *source )
/*++
Implements:
IFsaFilterClient::SetTokenSource()
--*/{OLECHAR tSource[TOKEN_SOURCE_LENGTH + 1];
mbstowcs((WCHAR *) tSource, source, TOKEN_SOURCE_LENGTH); m_tokenSource = tSource; return(S_OK);}
�HRESULTCFsaFilterClient::StartIdentify( void )
/*++
Implements:
CFsaFilterClient::StartIdentify().
--*/{#define WSB_BUFF_SIZE 1024
HRESULT hr = S_OK; DWORD tid;
WsbTraceIn(OLESTR("CFsaFilterClient::StartIdentify"), OLESTR(""));
try { WsbTrace(OLESTR("CFsaFilterClient::StartIdentify Flag: %x Client ID: %x:%x Source: %ls\n"), m_identified, m_luidHigh, m_luidLow, (WCHAR *) m_tokenSource);
//
// If already identified then we bail out here.
//
WsbAffirm(m_identified == FALSE, S_OK); //
// If the request is from User32 then it is local
//
if (_wcsicmp(m_tokenSource, L"User32") == 0) {
//
// Identified as the local machine.
// Set the name and bail out with S_OK
//
WsbGetComputerName( m_machineName ); m_identified = TRUE;
WsbTrace(OLESTR("CHsmFilterClient::StartIdentify: Identified as %ls.\n"), (WCHAR *) m_machineName);
WsbThrow( S_OK ); } else { //
// Start the identification thread
//
if (NULL == m_identifyThread) { WsbTrace(OLESTR("CHsmFilterClient::StartIdentify: Starting ID thread.\n"));
WsbAffirm((m_identifyThread = CreateThread(0, 0, FsaIdentifyThread, (void*) this, 0, &tid)) != 0, HRESULT_FROM_WIN32(GetLastError())); if (m_identifyThread == NULL) { WsbAssertHr(E_FAIL); // TBD What error to return here??
} } }
} WsbCatch(hr);
WsbTraceOut(OLESTR("CFsaFilterClient::StartIdentify"), OLESTR("hr = %ls"), WsbHrAsString(hr));
return(hr);}
�HRESULTCFsaFilterClient::Test( USHORT* passed, USHORT* failed )
/*++
Implements:
IWsbTestable::Test().
--*/{ HRESULT hr = S_OK;
try {
WsbAssert(0 != passed, E_POINTER); WsbAssert(0 != failed, E_POINTER);
*passed = 0; *failed = 0;
} WsbCatch(hr);
return(hr);}
|
