|
|
#include "PolicRange.h"
#include <stdio.h>
#include <windows.h>
#include <ArrTempl.h>
#include <wbemutil.h>
#include <GenUtils.h>
#include "genlex.h"
#include "objpath.h"
#include "utility.h"
/******************************\
**** POLICY PROVIDER HELPERS ***\******************************/
// returns addref'd pointer back to m_pWMIMgmt
IWbemServices* CPolicyRange::GetWMIServices(void){ CInCritSec lock(&m_CS);
if (NULL != m_pWMIMgmt) m_pWMIMgmt->AddRef();
return m_pWMIMgmt;}
// returns addref'd pointer back to m_pADMgmt
IADsContainer* CPolicyRange::GetADServices(void){ CInCritSec lock(&m_CS); IADsContainer *pADContainer = NULL; HRESULT hres; wchar_t *pADPath = NULL;
if(NULL == pADPath) { if(NULL != m_pADMgmt) { m_pADMgmt->AddRef(); pADContainer = m_pADMgmt; } } else { wchar_t szDSPath[MAX_PATH];
// wcscpy(szDSPath,L"LDAP://");
// wcscat(szDSPath, pADPath);
hres = ADsGetObject(pADPath, IID_IADsContainer, (void**) &pADContainer); if (FAILED(hres)) ERRORTRACE((LOG_ESS, "POLICMAN: failed 0x%08X\n", hres)); }
return pADContainer;}
// returns false if services pointer has already been set
bool CPolicyRange::SetWMIServices(IWbemServices* pServices){ CInCritSec lock(&m_CS); bool bOldOneNull;
if (bOldOneNull = (m_pWMIMgmt == NULL)) { m_pWMIMgmt = pServices; pServices->AddRef(); }
return bOldOneNull;}
// returns false if services pointer has already been set
bool CPolicyRange::SetADServices(IADsContainer* pServices){ CInCritSec lock(&m_CS); bool bOldOneNull;
if (bOldOneNull = (m_pADMgmt == NULL)) { m_pADMgmt = pServices; if(pServices) pServices->AddRef(); }
return bOldOneNull;}
CPolicyRange::~CPolicyRange(){ // **** WMI services object
if (NULL != m_pWMIMgmt) { m_pWMIMgmt->Release(); m_pWMIMgmt= NULL; }
// **** AD services object
if (NULL != m_pADMgmt) { m_pADMgmt->Release(); m_pADMgmt= NULL; }};
void* CPolicyRange::GetInterface(REFIID riid){ if(riid == IID_IWbemServices) return &m_XProvider; else if(riid == IID_IWbemProviderInit) return &m_XInit; else return NULL;}
/*********************************************\
*** Policy Template Specific Implementation ***\*********************************************/
// returns addref'd pointer to class object
IWbemClassObject* CPolicyRange::XProvider::GetPolicyTemplateClass(){ CInCritSec lock(&m_pObject->m_CS);
if(NULL == m_pWMIPolicyClassObject) { IWbemServices* pWinMgmt = NULL;
if(pWinMgmt = m_pObject->GetWMIServices()) { CReleaseMe relMgmt(pWinMgmt); pWinMgmt->GetObject(g_bstrClassMergeablePolicy, WBEM_FLAG_RETURN_WBEM_COMPLETE, NULL, &m_pWMIPolicyClassObject, NULL); } }
if (m_pWMIPolicyClassObject) m_pWMIPolicyClassObject->AddRef();
return m_pWMIPolicyClassObject;}
// returns addref'd pointer to emply class instance
IWbemClassObject* CPolicyRange::XProvider::GetPolicyTemplateInstance(){ IWbemClassObject* pObj = NULL; IWbemClassObject* pClass = NULL;
if (pClass = GetPolicyTemplateClass()) { CReleaseMe releaseClass(pClass); pClass->SpawnInstance(0, &pObj); }
return pObj;}
CPolicyRange::XProvider::~XProvider(){// I fixed it! - HMH ;-)
// CInCritSec lock(&m_pObject->m_CS);
if(NULL != m_pWMIPolicyClassObject) { m_pWMIPolicyClassObject->Release(); m_pWMIPolicyClassObject = NULL; }}
/*************************\
*** IWbemProviderInit ***\*************************/
STDMETHODIMP CPolicyRange::XInit::Initialize( LPWSTR, LONG, LPWSTR, LPWSTR, IWbemServices* pServices, IWbemContext* pCtxt, IWbemProviderInitSink* pSink){ CComPtr<IADs> pRootDSE;
CComPtr<IADsContainer> pObject;
HRESULT hres = WBEM_S_NO_ERROR, hres2 = WBEM_S_NO_ERROR;
CComVariant v1;
wchar_t szDSPath[MAX_PATH];
// **** impersonate client for security
hres = CoImpersonateClient(); if(FAILED(hres)) { ERRORTRACE((LOG_ESS, "POLICMAN: (CoImpersonateClient) could not assume client permissions, 0x%08X\n", hres)); hres = WBEM_S_ACCESS_DENIED; } else { // **** safe WMI name space pointer
m_pObject->SetWMIServices(pServices); // **** get pointer to AD policy template table
hres = ADsGetObject(L"LDAP://rootDSE", IID_IADs, (void**)&pRootDSE); if (FAILED(hres)) { ERRORTRACE((LOG_ESS, "POLICMAN: (ADsGetObject) could not get object: LDAP://rootDSE, 0x%08X\n", hres)); hres = WBEM_E_NOT_FOUND; } else { hres = pRootDSE->Get(L"defaultNamingContext",&v1); if(FAILED(hres)) { ERRORTRACE((LOG_ESS, "POLICMAN: (IADs::Get) could not get defaultNamingContext, 0x%08X\n", hres)); hres = WBEM_E_NOT_FOUND; } else { wcscpy(szDSPath,L"LDAP://CN=PolicyTemplate,CN=WMIPolicy,CN=System,"); wcscat(szDSPath, V_BSTR(&v1)); hres = ADsGetObject(szDSPath, IID_IADsContainer, (void**) &pObject); if (FAILED(hres)) { ERRORTRACE((LOG_ESS, "POLICMAN: (ADsGetObject) could not get AD object: %S, 0x%08X\n", szDSPath, hres)); hres = WBEM_E_NOT_FOUND; }
m_pObject->SetADServices(pObject); } } } hres2 = pSink->SetStatus(hres, 0); if(FAILED(hres2)) { ERRORTRACE((LOG_ESS, "POLICMAN: could not set return status\n")); if(SUCCEEDED(hres)) hres = hres2; }
return hres;}
/*******************\
*** IWbemServices ***\*******************/
//TODO: clean up bstrs & variants upon raising an exception (maybe theres a CVariantClearMe or some such?)
HRESULT CPolicyRange::XProvider::DoResolve(IWbemServices* pPolicyNamespace, const BSTR strObjectPath, IWbemContext __RPC_FAR *pCtx, IWbemClassObject __RPC_FAR *pInParams, IWbemClassObject __RPC_FAR *pOutParams, IWbemObjectSink __RPC_FAR *pResponseHandler){ HRESULT hres = WBEM_E_FAILED;
CComPtr<IUnknown> pUnk;
ParsedObjectPath *pParsedObjectPath = NULL;
CComPtr<IWbemClassObject> pTargetPolicyObj, pMergedParam;
CComVariant vRetVal, vMergedRange, vObj, vMergedParamValue, vMergedParamName, vTargetValue;
long nIndex = -1;
wchar_t *pswIndexStart = NULL;
// **** parse object path
CObjectPathParser ObjPath(e_ParserAcceptRelativeNamespace);
if(ObjPath.NoError != ObjPath.Parse(strObjectPath, &pParsedObjectPath)) { ERRORTRACE((LOG_ESS, "POLICMAN: Parse error for object: %S\n", strObjectPath)); hres = WBEM_E_INVALID_QUERY; } else { // **** get input param obj
hres = pInParams->Get(L"mergedRange", 0, &vMergedRange, NULL, NULL); if(FAILED(hres)) return hres; hres = V_UNKNOWN(&vMergedRange)->QueryInterface(IID_IWbemClassObject, (void **)&pMergedParam); if(FAILED(hres)) return hres;
// **** get target policy object
hres = pInParams->Get(L"obj", 0, &vObj, NULL, NULL); if(FAILED(hres)) return hres; hres = V_UNKNOWN(&vObj)->QueryInterface(IID_IWbemClassObject, (void **)&pTargetPolicyObj); if(FAILED(hres)) return hres;
// **** get name for attribute in target policy object named in param obj
hres = pMergedParam->Get(L"PropertyName", 0, &vMergedParamName, NULL, NULL); if(FAILED(hres)) return hres;
// **** parse name to see if it is part of an array
if(pswIndexStart = wcsstr(V_BSTR(&vMergedParamName), L"[")) { *pswIndexStart = L'\0';
nIndex = wcstol(pswIndexStart + 1, NULL, 10); }
// **** check to see if vParamAttrName is an attribute in target object
hres = pTargetPolicyObj->Get(V_BSTR(&vMergedParamName), 0, &vTargetValue, NULL, NULL); if(FAILED(hres)) { if(WBEM_E_NOT_FOUND == hres) { ERRORTRACE((LOG_ESS, "POLICMAN: Policy range setting %S not in target object\n", vMergedParamName.bstrVal)); } else return hres; } else { // **** get default value from param obj
hres = pMergedParam->Get(L"Default", 0, &vMergedParamValue, NULL, NULL); if(FAILED(hres)) return hres;
// **** set value
if(nIndex < 0) { // **** check to see if attribute is already set
if(vTargetValue.vt != VT_NULL) { ERRORTRACE((LOG_ESS, "POLICMAN: Attempt to set policy range setting %S more than once\n", vMergedParamName.bstrVal)); } else { hres = pTargetPolicyObj->Put(V_BSTR(&vMergedParamName), 0, &vMergedParamValue, 0); if(FAILED(hres)) { ERRORTRACE((LOG_ESS, "POLICMAN: Attempting to place attribute %S in target instance generated error 0x%x\n", vMergedParamName.bstrVal, hres)); return hres; } } } else { if((vTargetValue.vt & VT_ARRAY) || (vTargetValue.vt == VT_NULL)) { CComVariant vNewArray; // **** signed and unsigned integers
if((vMergedParamValue.vt & VT_I4)) { SafeArray<int, VT_I4> arrayMember(&vTargetValue); if(arrayMember.IndexMax() < nIndex) { arrayMember.ReDim(0, nIndex + 1); } arrayMember[nIndex] = vMergedParamValue.lVal; V_VT(&vNewArray) = (VT_ARRAY | VT_I4); V_ARRAY(&vNewArray) = arrayMember.Data(); } // **** real numbers
else if((vMergedParamValue.vt & VT_R8)) { SafeArray<double, VT_R8> arrayMember(&vTargetValue); if(arrayMember.IndexMax() < nIndex) { arrayMember.ReDim(0, nIndex + 1); } arrayMember[nIndex] = vMergedParamValue.dblVal; V_VT(&vNewArray) = (VT_ARRAY | VT_R8); V_ARRAY(&vNewArray) = arrayMember.Data(); } // **** strings
else if((vMergedParamValue.vt & VT_BSTR)) { SafeArray<BSTR, VT_BSTR> arrayMember(&vTargetValue); if(arrayMember.IndexMax() < nIndex) { arrayMember.ReDim(0, nIndex + 1); } else if(NULL != arrayMember[nIndex]) { SysFreeString(arrayMember[nIndex]); } arrayMember[nIndex] = SysAllocString(vMergedParamValue.bstrVal); V_VT(&vNewArray) = (VT_ARRAY | VT_BSTR); V_ARRAY(&vNewArray) = arrayMember.Data(); } hres = pTargetPolicyObj->Put(V_BSTR(&vMergedParamName), 0, &vNewArray, 0); if(FAILED(hres)) return hres; } else return WBEM_E_TYPE_MISMATCH; } }
// **** put target policy obj in output param obj
hres = pTargetPolicyObj->QueryInterface(IID_IUnknown, (void **)&pUnk); if(FAILED(hres)) return hres;
vObj = pUnk; hres = pOutParams->Put(L"obj", 0, &vObj, 0); if(FAILED(hres)) return hres;
// **** put status in return value
vRetVal = hres; hres = pOutParams->Put(L"ReturnValue", 0, &vRetVal, 0); if(FAILED(hres)) return hres;
// **** send output back to client
hres = pResponseHandler->Indicate(1, &pOutParams); if(FAILED(hres)) return hres; }
ObjPath.Free(pParsedObjectPath);
return hres;}
HRESULT CPolicyRange::XProvider::DoSet(){ HRESULT hr = WBEM_E_FAILED; return hr;}
HRESULT CPolicyRange::XProvider::DoMerge(IWbemServices* pNamespace, const BSTR strObjectPath, IWbemContext __RPC_FAR *pCtx, IWbemClassObject __RPC_FAR *pInParams, IWbemClassObject __RPC_FAR *pOutParams, IWbemObjectSink __RPC_FAR *pResponseHandler){ HRESULT hres = WBEM_E_FAILED;
CComPtr<IUnknown> pUnk;
ParsedObjectPath *pParsedObjectPath = NULL;
CComPtr<IWbemClassObject> pMergedParam;
CComVariant v1;
// **** parse object path
CObjectPathParser ObjPath(e_ParserAcceptRelativeNamespace);
if(ObjPath.NoError != ObjPath.Parse(strObjectPath, &pParsedObjectPath)) { ERRORTRACE((LOG_ESS, "POLICMAN: Parse error for object: %S\n", strObjectPath)); hres = WBEM_E_INVALID_QUERY; } else { int firstElement = -1, conflictObj = -1;
CComPtr<IWbemClassObject> pArrayElement;
CComVariant vRangeParamType;
// **** get input array
hres = pInParams->Get(L"ranges", 0, &v1, NULL, NULL); if(FAILED(hres)) return hres;
SafeArray<IUnknown*, VT_UNKNOWN> InputArray(&v1);
firstElement = -1; while((++firstElement < InputArray.Size()) && (NULL == InputArray[firstElement])); if(firstElement >= InputArray.Size()) return WBEM_E_INVALID_PARAMETER;
// **** get actual type of range parameter objects
hres = InputArray[firstElement]->QueryInterface(IID_IWbemClassObject, (void **)&pArrayElement); if(FAILED(hres)) return hres;
hres = pArrayElement->Get(L"__CLASS", 0, &vRangeParamType, NULL, NULL); if(FAILED(hres)) return hres; // **** perform merge
if(-1 == conflictObj) { if(_wcsicmp(vRangeParamType.bstrVal, L"MSFT_SintRangeParam") == 0) hres = Range_Sint32_Merge(InputArray, pMergedParam, conflictObj);
else if(_wcsicmp(vRangeParamType.bstrVal, L"MSFT_UintRangeParam") == 0) hres = Range_Uint32_Merge(InputArray, pMergedParam, conflictObj);
else if(_wcsicmp(vRangeParamType.bstrVal, L"MSFT_RealRangeParam") == 0) hres = Range_Real_Merge(InputArray, pMergedParam, conflictObj);
else if(_wcsicmp(vRangeParamType.bstrVal, L"MSFT_SintSetParam") == 0) hres = Set_Sint32_Merge(InputArray, pMergedParam, conflictObj);
else if(_wcsicmp(vRangeParamType.bstrVal, L"MSFT_UintSetParam") == 0) hres = Set_Uint32_Merge(InputArray, pMergedParam, conflictObj);
else if(_wcsicmp(vRangeParamType.bstrVal, L"MSFT_StringSetParam") == 0) hres = Set_String_Merge(InputArray, pMergedParam, conflictObj);
else return WBEM_E_INVALID_PARAMETER; }
// **** put merged range in output param obj
if(NULL != pMergedParam.p) { hres = pMergedParam->QueryInterface(IID_IUnknown, (void **)&pUnk); if(FAILED(hres)) return hres;
v1 = pUnk; hres = pOutParams->Put(L"mergedRange", 0, &v1, 0); if(FAILED(hres)) return hres; }
// **** put put which policy object caused conflict
v1 = conflictObj; hres = pOutParams->Put(L"conflict", 0, &v1, 0); if(FAILED(hres)) return hres;
// **** put status in return value
v1 = hres; hres = pOutParams->Put(L"ReturnValue", 0, &v1, 0); if(FAILED(hres)) return hres;
// **** send output back to client
hres = pResponseHandler->Indicate(1, &pOutParams); if(FAILED(hres)) return hres; }
ObjPath.Free(pParsedObjectPath); return WBEM_S_NO_ERROR;}
STDMETHODIMP CPolicyRange::XProvider::ExecMethodAsync( /* [in] */ const BSTR strObjectPath, /* [in] */ const BSTR strMethodName, /* [in] */ long lFlags, /* [in] */ IWbemContext __RPC_FAR *pCtx, /* [in] */ IWbemClassObject __RPC_FAR *pInParams, /* [in] */ IWbemObjectSink __RPC_FAR *pResponseHandler){ HRESULT hres = WBEM_S_NO_ERROR;
IWbemServices* pNamespace = m_pObject->GetWMIServices(); CReleaseMe RelpNamespace(pNamespace);
// **** impersonate client
hres = CoImpersonateClient(); if(FAILED(hres)) { ERRORTRACE((LOG_ESS, "POLICMAN: (CoImpersonateClient) could not assume client permissions, 0x%08X\n", hres)); hres = WBEM_S_ACCESS_DENIED; } else { if((NULL == strObjectPath) || (NULL == strMethodName) || (NULL == pInParams) || (NULL == pResponseHandler)) { ERRORTRACE((LOG_ESS, "POLICMAN: object handle and/or return status objects are NULL\n")); hres = WBEM_E_INVALID_PARAMETER; } else { try { // **** get policy template class definition
IWbemClassObject* pClass = NULL; hres = pNamespace->GetObject(g_bstrClassRangeParam, 0, pCtx, &pClass, NULL); if(FAILED(hres)) return hres; CReleaseMe relClass(pClass);
// **** get output object
IWbemClassObject* pOutClass = NULL; IWbemClassObject* pOutParamsObj = NULL;
CReleaseMe relOutClass(pOutClass); CReleaseMe relOutObj(pOutParamsObj);
hres = pClass->GetMethod(strMethodName, 0, NULL, &pOutClass); if(FAILED(hres)) return hres;
hres = pOutClass->SpawnInstance(0, &pOutParamsObj); if(FAILED(hres)) return hres;
// **** figure out which method we're here to service
if (_wcsicmp(strMethodName, L"Merge") == 0) hres = DoMerge(pNamespace, strObjectPath, pCtx, pInParams, pOutParamsObj, pResponseHandler); else if (_wcsicmp(strMethodName, L"Resolve") == 0) hres = DoResolve(pNamespace, strObjectPath, pCtx, pInParams, pOutParamsObj, pResponseHandler); else hres = WBEM_E_INVALID_PARAMETER; } catch(long hret) { ERRORTRACE((LOG_ESS, "POLICMAN: caught exception with HRESULT 0x%08X\n", hret)); hres = hret; } catch(wchar_t *swErrString) { ERRORTRACE((LOG_ESS, "POLICMAN: Caught Exception: %S\n", swErrString)); hres = WBEM_E_FAILED; } catch(...) { ERRORTRACE((LOG_ESS, "POLICMAN: Caught unknown Exception\n")); hres = WBEM_E_FAILED; } }
pResponseHandler->SetStatus(0, hres, NULL, NULL); hres = CoRevertToSelf(); }
return hres;}
|
