|
|
/**********************************************************************//** Microsoft Windows/NT **//** Copyright(c) Microsoft Corporation, 1997 - 1999 **//**********************************************************************/#include <stdafx.h>
#include <sdoias.h>
#include "raputil.h"
//////////
// Extract an interface pointer from a VARIANT struct.
//////////
HRESULTGetInterfaceFromVariant( IN VARIANT *var, IN REFIID riid, OUT PVOID *ppv ){ HRESULT hr; // Check the parameters.
if (!var || !ppv) { return E_POINTER; } // Switch based on the VARIANT type.
switch (V_VT(var)) { case VT_UNKNOWN: hr = V_UNKNOWN(var)->QueryInterface(riid, ppv); break; case VT_DISPATCH: hr = V_DISPATCH(var)->QueryInterface(riid, ppv); break; default: hr = DISP_E_TYPEMISMATCH; } return hr;}
//////////
// Removes an integer value from a SAFEARRAY of VARIANTs.
//////////
HRESULTRemoveIntegerFromArray( IN VARIANT* array, IN LONG value ){ VARIANT *begin, *end, *i; // Check the parameters.
if (!array) { return E_POINTER; } else if (V_VT(array) == VT_EMPTY) { // If the VARIANT is empty, then the value doesn't exists, so there's
// nothing to do.
return S_OK; } else if (V_VT(array) != (VT_ARRAY | VT_VARIANT)) { // The VARIANT doesn't contain a SAFEARRAY of VARIANTs.
return DISP_E_TYPEMISMATCH; } // Compute the beginning and end of the array data.
begin = (VARIANT*)V_ARRAY(array)->pvData; end = begin + V_ARRAY(array)->rgsabound[0].cElements; // Search for the value to be removed.
for (i = begin; i != end && V_I4(i) != value; ++i) { if (V_VT(i) == VT_I4 && V_I4(i) == value) { // We found a match, so remove it from the array ...
memmove(i, i + 1, ((end - i) - 1) * sizeof(VARIANT)); // ... and decrement the number of elements.
--(V_ARRAY(array)->rgsabound[0].cElements); // We don't allow duplicates, so we're done.
break; } } return S_OK;}
//////////
// Adds an integer value to a SAFEARRAY of VARIANTs.
//////////
HRESULTAddIntegerToArray( IN VARIANT *array, IN LONG value ){ ULONG nelem; VARIANT *begin, *end, *i; SAFEARRAY* psa; // Check the parameters.
if (!array) { return E_POINTER; } else if (V_VT(array) == VT_EMPTY) { // The VARIANT is empty, so create a new array.
psa = SafeArrayCreateVector(VT_VARIANT, 0, 1); if (!psa) { return E_OUTOFMEMORY; } // Set the value of the lone element.
i = (VARIANT*)psa->pvData; V_VT(i) = VT_I4; V_I4(i) = value; // Store the SAFEARRAY in the VARIANT.
V_VT(array) = (VT_ARRAY | VT_VARIANT); V_ARRAY(array) = psa; return S_OK; } else if (V_VT(array) != (VT_ARRAY | VT_VARIANT)) { // The VARIANT doesn't contain a SAFEARRAY of VARIANTs.
return DISP_E_TYPEMISMATCH; } // Compute the beginning and end of the array data.
nelem = V_ARRAY(array)->rgsabound[0].cElements; begin = (VARIANT*)V_ARRAY(array)->pvData; end = begin + nelem; // See if the value already exists, ...
for (i = begin; i != end; ++i) { if (V_I4(i) == value) { // ... and if it does, then there's nothing to do.
return S_OK; } } // Create a new array with enough room for the new element.
psa = SafeArrayCreateVector(VT_VARIANT, 0, nelem + 1); if (!psa) { return E_OUTOFMEMORY; } i = (VARIANT*)psa->pvData; // Copy in the old data.
memcpy(i + 1, begin, nelem * sizeof(VARIANT)); // Add the new element.
V_VT(i) = VT_I4; V_I4(i) = value; // Destroy the old array ...
SafeArrayDestroy(V_ARRAY(array)); // ... and save the new one.
V_ARRAY(array) = psa; return S_OK;}
//////////
// Create a machine SDO and attach to the local machine.
//////////
HRESULTOpenMachineSdo( IN LPWSTR wszMachineName, OUT ISdoMachine **ppMachine ){ HRESULT hr; USES_CONVERSION; // Check the parameters.
if (!ppMachine) { return E_POINTER; } // Create the SdoMachine object.
hr = CoCreateInstance( CLSID_SdoMachine, NULL, CLSCTX_INPROC_SERVER, IID_ISdoMachine, (PVOID*)ppMachine ); if (SUCCEEDED(hr)) { // Attach to the local machine.
BSTR bstrMachineName = W2BSTR(wszMachineName); hr = (*ppMachine)->Attach(bstrMachineName); if (FAILED(hr)) { // We couldn't attach, so don't return the SDO to the caller.
(*ppMachine)->Release(); ppMachine = NULL; }
SysFreeString(bstrMachineName); } return hr;}
//////////
// Given a machine SDO and a service name, retrieve the service SDO.
//////////
HRESULTOpenServiceSDO( IN ISdoMachine *pMachine, IN LPWSTR wszServiceName, OUT ISdo **ppService ){ HRESULT hr; IUnknown* pUnk; BSTR bstrServiceName = NULL;
// Create a BSTR for the service name
bstrServiceName = SysAllocString(wszServiceName); if (bstrServiceName == NULL) return E_OUTOFMEMORY; // Check the parameters.
if (!pMachine || !ppService) { return E_POINTER; } // Retrieve the service SDO ...
hr = pMachine->GetServiceSDO( DATA_STORE_LOCAL, bstrServiceName, &pUnk ); if (SUCCEEDED(hr)) { // ... and query for the ISdo interface.
hr = pUnk->QueryInterface(IID_ISdo, (PVOID*)ppService ); pUnk->Release(); }
SysFreeString(bstrServiceName); return hr;}
//////////
// Given a machine SDO, retrieve the dictionary SDO.
//////////
HRESULTOpenDictionarySDO( IN ISdoMachine *pMachine, OUT ISdoDictionaryOld **ppDictionary ){ HRESULT hr; IUnknown* pUnk; // Check the parameters.
if (!ppDictionary) { return E_POINTER; } // Get the dictionary SDO ...
hr = pMachine->GetDictionarySDO(&pUnk); if (SUCCEEDED(hr)) { // ... and query for the ISdoDictionaryOld interface.
hr = pUnk->QueryInterface(IID_ISdoDictionaryOld, (PVOID*)ppDictionary );
pUnk->Release(); } return hr;}
//////////
// Given a parent SDO, retrieve a child SDO with the given property ID.
//////////
HRESULTOpenChildObject( IN ISdo *pParent, IN LONG lProperty, IN REFIID riid, OUT PVOID *ppv ){ HRESULT hr; VARIANT val; // Check the parameters.
if (!pParent || !ppv) { return E_POINTER; } // ISdo::GetProperty requires the out parameters to be initialized.
VariantInit(&val); // Get the property corresponding to the child object ...
hr = pParent->GetProperty( lProperty, &val ); if (SUCCEEDED(hr)) { // ... and convert it to the desired interface.
hr = GetInterfaceFromVariant( &val, riid, ppv ); VariantClear(&val); } return hr;}
//////////
// Given a service SDO, retrieve the default profile. If more than one profile
// exists, this function returns ERROR_NO_DEFAULT_PROFILE.
//////////
HRESULTGetDefaultProfile( IN ISdo* pService, OUT ISdo** ppProfile ){ HRESULT hr; ISdoCollection* pProfiles; LONG count; ULONG ulCount; IUnknown* pUnk; IEnumVARIANT* pEnum; VARIANT val; // Check the parameters.
if (!pService || !ppProfile) { return E_POINTER; } // Null this out, so we can safely release it on exit.
pProfiles = NULL; do { // Get the profiles collection, which is a child of the service SDO.
hr = OpenChildObject( pService, PROPERTY_IAS_PROFILES_COLLECTION, IID_ISdoCollection, (PVOID*)&pProfiles ); if (FAILED(hr)) { break; } // How many profiles are there?
hr = pProfiles->get_Count( &count ); if (FAILED(hr)) { break; } // If there's more than one, then there's no default.
if (count != 1) { hr = ERROR_NO_DEFAULT_PROFILE; break; } // Get an enumerator for the collection.
hr = pProfiles->get__NewEnum( &pUnk ); if (FAILED(hr)) { break; } hr = pUnk->QueryInterface( IID_IEnumVARIANT, (PVOID*)&pEnum ); pUnk->Release(); if (FAILED(hr)) { break; } // Get the first (and only) object in the collection.
VariantInit(&val); hr = pEnum->Next( 1, &val, &ulCount ); if (SUCCEEDED(hr)) { if (ulCount == 1) { // Get the ISdo interface for the default profile.
hr = GetInterfaceFromVariant( &val, IID_ISdo, (PVOID*)ppProfile ); VariantClear(&val); } else { // This should never happen since we already checked the count.
hr = ERROR_NO_DEFAULT_PROFILE; }
pEnum->Release(); } } while (FALSE); // Release the Profiles collection.
if (pProfiles) { pProfiles->Release(); } return hr;}
//////////
// Get a particular attribute SDO from the collection. If the attribute doesn't
// exist and pDictionary is non-NULL, then a new attribute will be created.
//////////
HRESULTGetAttribute( IN ISdoCollection *pAttributes, IN OPTIONAL ISdoDictionaryOld *pDictionary, IN PCWSTR wszName, OUT ISdo **ppAttribute ){ HRESULT hr; VARIANT key; IDispatch* pDisp; ATTRIBUTEID attrId; // Check the parameters
if (!pAttributes || !ppAttribute) { return E_POINTER; } // Create a VARIANT key to look up the attribute.
VariantInit(&key); V_VT(&key) = VT_BSTR; V_BSTR(&key) = SysAllocString(wszName); if (!V_BSTR(&key)) { return E_OUTOFMEMORY; } // Retrieve the desired attribute.
hr = pAttributes->Item( &key, &pDisp ); // If it doesn't exist and me have a dictionary, create a new attribute.
if (hr == DISP_E_MEMBERNOTFOUND && pDictionary) { // Look up the attribute ID.
hr = pDictionary->GetAttributeID( V_BSTR(&key), &attrId ); if (SUCCEEDED(hr)) { // Create an attribute SDO.
hr = pDictionary->CreateAttribute( attrId, &pDisp ); if (SUCCEEDED(hr)) { // Add it to the attributes collection.
hr = pAttributes->Add( V_BSTR(&key), &pDisp ); if (FAILED(hr)) { // If we couldn't add it, then release the object.
pDisp->Release(); } } } } // If we successfully retrieved or created an attribute, then get it's
// ISdo interface.
if (SUCCEEDED(hr)) { hr = pDisp->QueryInterface( IID_ISdo, (PVOID*)ppAttribute ); pDisp->Release(); } // We're done with the key.
VariantClear(&key); return hr;}
//////////
// Sets/Adds a single-valued integer attribute in a profile.
//////////
HRESULTSetIntegerAttribute( IN ISdoCollection *pAttributes, IN OPTIONAL ISdoDictionaryOld *pDictionary, IN LPWSTR wszName, IN LONG lValue ){ HRESULT hr; ISdo *pAttribute; VARIANT val; // Get the attribute SDO.
hr = GetAttribute( pAttributes, pDictionary, wszName, &pAttribute ); if (SUCCEEDED(hr)) { // Initialize the attribute value ...
VariantInit(&val); V_VT(&val) = VT_I4; V_I4(&val) = lValue; // ... and set the value property.
hr = pAttribute->PutProperty( PROPERTY_ATTRIBUTE_VALUE, &val );
pAttribute->Release(); } return hr;}
HRESULTSetBooleanAttribute ( IN ISdoCollection *pAttributes, IN OPTIONAL ISdoDictionaryOld *pDictionary, IN LPWSTR wszName, IN BOOL lValue ){ HRESULT hr; ISdo *pAttribute; VARIANT val; // Get the attribute SDO.
hr = GetAttribute( pAttributes, pDictionary, wszName, &pAttribute ); if (SUCCEEDED(hr)) { // Initialize the attribute value ...
VariantInit(&val); V_VT(&val) = VT_BOOL; V_BOOL(&val) = (VARIANT_BOOL)lValue; // ... and set the value property.
hr = pAttribute->PutProperty( PROPERTY_ATTRIBUTE_VALUE, &val );
pAttribute->Release(); } return hr;}
HRESULT SetDialinSetting( IN ISdoCollection *pAttributes, IN OPTIONAL ISdoDictionaryOld *pDictionary, BOOL fDialinAllowed){ long ulCount; ULONG ulCountReceived; HRESULT hr = S_OK;
CComBSTR bstr; CComPtr<IUnknown> spUnknown; CComPtr<IEnumVARIANT> spEnumVariant; CComPtr<ISdoDictionaryOld> spDictionarySdo(pDictionary); CComVariant var;
//
// get the attribute collection of this profile
//
CComPtr<ISdoCollection> spProfAttrCollectionSdo ( pAttributes );
// We check the count of items in our collection and don't bother getting the
// enumerator if the count is zero.
// This saves time and also helps us to a void a bug in the the enumerator which
// causes it to fail if we call next when it is empty.
hr = spProfAttrCollectionSdo->get_Count( & ulCount ); if ( FAILED(hr) ) { return hr; }
if ( ulCount > 0) { // Get the enumerator for the attribute collection.
hr = spProfAttrCollectionSdo->get__NewEnum( (IUnknown **) & spUnknown ); if ( FAILED(hr) ) { return hr; }
hr = spUnknown->QueryInterface( IID_IEnumVARIANT, (void **) &spEnumVariant ); spUnknown.Release(); if ( FAILED(hr) ) { return hr; }
// Get the first item.
hr = spEnumVariant->Next( 1, &var, &ulCountReceived ); while( SUCCEEDED( hr ) && ulCountReceived == 1 ) { // Get an sdo pointer from the variant we received.
CComPtr<ISdo> spSdo; hr = V_DISPATCH(&var)->QueryInterface( IID_ISdo, (void **) &spSdo ); if ( !SUCCEEDED(hr)) { return hr; }
//
// get attribute ID
//
var.Clear(); hr = spSdo->GetProperty(PROPERTY_ATTRIBUTE_ID, &var); if ( !SUCCEEDED(hr) ) { return hr; }
DWORD dwAttrId = V_I4(&var);
if ( dwAttrId == (DWORD)IAS_ATTRIBUTE_ALLOW_DIALIN ) { // found this one in the profile, check for its value
var.Clear(); V_VT(&var) = VT_BOOL; V_BOOL(&var) = fDialinAllowed ? VARIANT_TRUE: VARIANT_FALSE ; hr = spSdo->PutProperty(PROPERTY_ATTRIBUTE_VALUE, &var); if ( !SUCCEEDED(hr) ) { return hr; } return S_OK; }
// Clear the variant of whatever it had --
// this will release any data associated with it.
var.Clear();
// Get the next item.
hr = spEnumVariant->Next( 1, &var, &ulCountReceived ); if ( !SUCCEEDED(hr)) {
return hr; } } // while
} // if
// if we reach here, it means we either haven't found the attribute,
// or the profile doesn't have anything in its attribute collection.
if ( !fDialinAllowed ) { // we don't need to do anything if dialin is allowed, becuase if this
// attribute is not in the profile, then dialin is by default allowed
// but we need to add this attribute to the profile if it's DENIED
// create the SDO for this attribute
CComPtr<IDispatch> spDispatch; hr = spDictionarySdo->CreateAttribute( (ATTRIBUTEID)IAS_ATTRIBUTE_ALLOW_DIALIN, (IDispatch**)&spDispatch.p); if ( !SUCCEEDED(hr) ) { return hr; }
// add this node to profile attribute collection
hr = spProfAttrCollectionSdo->Add(NULL, (IDispatch**)&spDispatch.p); if ( !SUCCEEDED(hr) ) { return hr; }
//
// get the ISdo pointer
//
CComPtr<ISdo> spAttrSdo; hr = spDispatch->QueryInterface( IID_ISdo, (void **) &spAttrSdo); if ( !SUCCEEDED(hr) ) { return hr; }
// set sdo property for this attribute
CComVariant var;
// set value
V_VT(&var) = VT_BOOL; V_BOOL(&var) = VARIANT_FALSE; hr = spAttrSdo->PutProperty(PROPERTY_ATTRIBUTE_VALUE, &var); if ( !SUCCEEDED(hr) ) { return hr; }
var.Clear();
} // if (!dialinallowed)
return hr;}
//////////
// Update the default policy based on the specified flags.
//////////
HRESULTUpdateDefaultPolicy( IN LPWSTR wszMachineName, IN BOOL fEnableMSCHAPv1, IN BOOL fEnableMSCHAPv2, IN BOOL fRequireEncryption ){ HRESULT hr; ISdoMachine *pMachine; ISdo *pService, *pProfile, *pAuthType; ISdoDictionaryOld *pDictionary; ISdoCollection *pAttributes; VARIANT val; // Initialize the local variables, so we can safely clean up on exit.
pMachine = NULL; pService = pProfile = pAuthType = NULL; pDictionary = NULL; pAttributes = NULL; VariantInit(&val); do { hr = OpenMachineSdo(wszMachineName, &pMachine); if (FAILED(hr)) { break; } hr = OpenServiceSDO(pMachine, L"RemoteAccess", &pService); if (FAILED(hr)) { break; } hr = OpenDictionarySDO(pMachine, &pDictionary); if (FAILED(hr)) { break; } hr = GetDefaultProfile(pService, &pProfile); if (FAILED(hr)) { break; } // Get the attributes collection, which is a child of the profile.
hr = OpenChildObject( pProfile, PROPERTY_PROFILE_ATTRIBUTES_COLLECTION, IID_ISdoCollection, (PVOID*)&pAttributes ); if (FAILED(hr)) { break; } // Get the current value of the NP-Authentication-Type attribute.
hr = GetAttribute( pAttributes, pDictionary, L"NP-Authentication-Type", &pAuthType ); if (FAILED(hr)) { break; } hr = pAuthType->GetProperty( PROPERTY_ATTRIBUTE_VALUE, &val ); if (FAILED(hr)) { break; } // Update MS-CHAP v1
if (fEnableMSCHAPv1) { hr = AddIntegerToArray(&val, 3); } else { hr = RemoveIntegerFromArray(&val, 3); } if (FAILED(hr)) { break; } // Update MS-CHAP v2
if (fEnableMSCHAPv2) { hr = AddIntegerToArray(&val, 4); } else { hr = RemoveIntegerFromArray(&val, 4); } if (FAILED(hr)) { break; } // Write the new value back to the attribute.
hr = pAuthType->PutProperty( PROPERTY_ATTRIBUTE_VALUE, &val ); if (FAILED(hr)) { break; }
// Update the encryption attributes if necessary.
if (fRequireEncryption) { hr = SetIntegerAttribute( pAttributes, pDictionary, L"MS-MPPE-Encryption-Policy", 2 ); if (FAILED(hr)) { break; } hr = SetIntegerAttribute( pAttributes, pDictionary, L"MS-MPPE-Encryption-Types", 14 ); if (FAILED(hr)) { break; } }
//
//Update the default for msNPAllowDialin - This should be set
//to deny permissions by default
//
hr = SetDialinSetting(pAttributes,pDictionary, FALSE); if (FAILED(hr)) { break; } hr = pProfile->Apply(); } while (FALSE); // Clean up.
VariantClear(&val); if (pAttributes) pAttributes->Release(); if (pDictionary) pDictionary->Release(); if (pAuthType) pAuthType->Release(); if (pProfile) pProfile->Release(); if (pService) pService->Release(); if (pMachine) pMachine->Release();
return hr;}
#if 0
#include <stdio.h>
int __cdecl wmain(int argc, wchar_t *argv[]){ HRESULT hr; BOOL fEnableMSCHAPv1, fEnableMSCHAPv2, fRequireEncryption;
if (argc != 4) { wprintf(L"Usage: wizard <t|f> <t|f> <t|f>\n" L" 1st flag: MS-CHAP v1 enabled\n" L" 2nd flag: MS-CHAP v2 enabled\n" L" 3rd flag: Encryption required\n"); return -1; }
fEnableMSCHAPv1 = argv[1][0] == 't' ? TRUE : FALSE; fEnableMSCHAPv2 = argv[2][0] == 't' ? TRUE : FALSE; fRequireEncryption = argv[3][0] == 't' ? TRUE : FALSE;
CoInitializeEx(NULL, COINIT_MULTITHREADED);
hr = UpdateDefaultPolicy( NULL, // Machine name.
fEnableMSCHAPv1, fEnableMSCHAPv2, fRequireEncryption ); if (SUCCEEDED(hr)) { wprintf(L"UpdateDefaultPolicy succeeded.\n"); } else { wprintf(L"UpdateDefaultPolicy returned: 0x%08X.\n", hr); }
CoUninitialize();
return 0;}#endif
|
