Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

7022 lines
179 KiB

//*************************************************************
// File name: GPOBJ.CPP
//
// Description: Group Policy Object class
//
//
// Microsoft Confidential
// Copyright (c) Microsoft Corporation 1998
// All rights reserved
//
//*************************************************************
#include "main.h"
#include "browser.h"
//
// Help ids
//
DWORD aPropertiesHelpIds[] =
{
IDC_TITLE, IDH_PROP_TITLE,
IDC_DISABLE_COMPUTER, IDH_PROP_DISABLE_COMPUTER,
IDC_DISABLE_USER, IDH_PROP_DISABLE_USER,
0, 0
};
DWORD aLinkHelpIds[] =
{
IDC_CBDOMAIN, IDH_LINK_DOMAIN,
IDC_ACTION, IDH_LINK_BUTTON,
IDC_RESULTLIST, IDH_LINK_RESULT,
0, 0
};
DWORD aWQLFilterHelpIds[] =
{
IDC_NONE, IDH_WQL_FILTER_NONE,
IDC_THIS_FILTER, IDH_WQL_FILTER_THIS_FILTER,
IDC_FILTER_NAME, IDH_WQL_FILTER_NAME,
IDC_FILTER_BROWSE, IDH_WQL_FILTER_BROWSE,
0, 0
};
///////////////////////////////////////////////////////////////////////////////
// //
// CGroupPolicyObject implementation //
// //
///////////////////////////////////////////////////////////////////////////////
CGroupPolicyObject::CGroupPolicyObject()
{
InterlockedIncrement(&g_cRefThisDll);
m_cRef = 1;
m_bInitialized = FALSE;
m_pADs = NULL;
m_gpoType = GPOTypeLocal;
m_dwFlags = 0;
m_pName = NULL;
m_pDisplayName = NULL;
m_pMachineName = NULL;
m_pUser = NULL;
m_pMachine = NULL;
m_hinstDSSec = NULL;
m_pfnDSCreateSecurityPage = NULL;
m_pTempFilterString = NULL;
m_pDSPath = NULL;
m_pFileSysPath = NULL;
}
CGroupPolicyObject::~CGroupPolicyObject()
{
CleanUp();
if (m_hinstDSSec)
{
FreeLibrary (m_hinstDSSec);
}
InterlockedDecrement(&g_cRefThisDll);
}
///////////////////////////////////////////////////////////////////////////////
// //
// CGroupPolicyObject object implementation (IUnknown) //
// //
///////////////////////////////////////////////////////////////////////////////
HRESULT CGroupPolicyObject::QueryInterface (REFIID riid, void **ppv)
{
if (IsEqualIID(riid, IID_IGroupPolicyObject) || IsEqualIID(riid, IID_IUnknown))
{
*ppv = (LPGROUPPOLICYOBJECT)this;
m_cRef++;
return S_OK;
}
else
{
*ppv = NULL;
return E_NOINTERFACE;
}
}
ULONG CGroupPolicyObject::AddRef (void)
{
return ++m_cRef;
}
ULONG CGroupPolicyObject::Release (void)
{
if (--m_cRef == 0) {
delete this;
return 0;
}
return m_cRef;
}
///////////////////////////////////////////////////////////////////////////////
// //
// CGroupPolicyObject object implementation (IGroupPolicyObject) //
// //
///////////////////////////////////////////////////////////////////////////////
//*************************************************************
//
// CGroupPolicyObject::New()
//
// Purpose: Creates a new GPO in the DS
//
// Parameters: pszDomainName - Domain to create GPO in
// pszDisplayName - GPO friendly name (optional)
// dwFlags - Open / creation flags
//
// Note: The domain passed in should be in this format:
// LDAP://DC=domain,DC=company,DC=COM
//
// Return: S_OK if successful
//
//*************************************************************
STDMETHODIMP CGroupPolicyObject::New (LPOLESTR pszDomainName, LPOLESTR pszDisplayName,
DWORD dwFlags)
{
HRESULT hr = E_FAIL;
IADsPathname * pADsPathname = NULL;
BSTR bstrContainer = NULL;
BSTR bstrGPC = NULL;
LPTSTR lpResult = NULL, lpDCName = NULL;
LPTSTR lpEnd = NULL, lpTemp = NULL, lpGPTPath = NULL;
LPTSTR lpForest = NULL;
DWORD dwResult;
GUID guid;
TCHAR szGPOName[50];
TCHAR szTemp[100];
TCHAR szGPOPath[2*MAX_PATH];
WIN32_FILE_ATTRIBUTE_DATA fad;
IADs *pADs = NULL;
PSECURITY_DESCRIPTOR pSD = NULL;
SECURITY_INFORMATION si = (OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION |
DACL_SECURITY_INFORMATION);
//
// Check if this object has already been initialized
//
if (m_bInitialized)
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::New: Called on an initialized object.")));
return STG_E_INUSE;
}
//
// Check parameters
//
if (!pszDomainName)
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::New: Null domain name")));
hr = E_INVALIDARG;
goto Exit;
}
if (CompareString (LOCALE_USER_DEFAULT, NORM_STOP_ON_NULL, TEXT("LDAP://"),
7, pszDomainName, 7) != CSTR_EQUAL)
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::New: Domain name does not start with LDAP://")));
hr = E_INVALIDARG;
goto Exit;
}
//
// Verbose output
//
DebugMsg((DM_VERBOSE, TEXT("CGroupPolicyObject::New: Entering with:")));
DebugMsg((DM_VERBOSE, TEXT("CGroupPolicyObject::New: Domain Name: %s"), pszDomainName));
DebugMsg((DM_VERBOSE, TEXT("CGroupPolicyObject::New: Flags: 0x%x"), dwFlags));
//
// Convert the ADSI domain name into a DNS style name
//
hr = ConvertToDotStyle (pszDomainName, &lpResult);
if (FAILED(hr))
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::New: Failed to convert domain name with 0x%x"), hr));
goto Exit;
}
//
// If we are working on the enterprise then we need to get the name of the
// forest.
//
#if FGPO_SUPPORT
if (GPO_OPEN_FOREST == (dwFlags & GPO_OPEN_FOREST))
{
DWORD dwResult = QueryForForestName(NULL,
lpResult,
DS_PDC_REQUIRED | DS_RETURN_DNS_NAME,
&lpTemp);
if (dwResult != ERROR_SUCCESS)
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::New: QueryForestName failed for domain name %s with %d"),
lpResult, dwResult));
hr = HRESULT_FROM_WIN32(dwResult);
goto Exit;
}
int cch = 0;
int n=0;
// count the dots in lpTemp;
while (lpTemp[n])
{
if (L'.' == lpTemp[n])
{
cch++;
}
n++;
}
cch *= 3; // multiply the number of dots by 3;
cch += 11; // add 10 + 1 (for the null)
cch += n; // add the string size;
lpForest = (LPTSTR) LocalAlloc(LPTR, sizeof(WCHAR) * cch);
if (!lpForest)
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::New: Failed to allocate memory for forest name with %d"),
GetLastError()));
hr = HRESULT_FROM_WIN32(GetLastError());
goto Exit;
}
NameToPath(lpForest, lpTemp, cch);
// substitute the forest's dot path for the domain's dot path
LocalFree(lpResult);
lpResult = lpTemp;
lpTemp = NULL;
//
// Check to see if we have a domain path to a specific DC.
// If we don't then the string will start "LDAP://DC=".
// The equal sign in particular can only be there if we don't have a specific
// DC so we'll just check for the equal sign.
//
if (*(pszDomainName + 9) != TEXT('='))
{
// we have a path to a specific DC
// need to extract the server path and prepend it to the forest name
lpDCName = ExtractServerName(pszDomainName);
if (!lpDCName)
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::New: Failed to extract server name for Forest path")));
hr = HRESULT_FROM_WIN32(GetLastError());
goto Exit;
}
lpTemp = MakeFullPath(lpForest, lpDCName);
if (!lpTemp)
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::New: Failed to combine server name with Forest path")));
hr = HRESULT_FROM_WIN32(GetLastError());
goto Exit;
}
// clean up the variables we just borrowed so they can be used later
LocalFree(lpDCName);
lpDCName = NULL;
LocalFree(lpForest);
lpForest = lpTemp;
lpTemp = NULL;
}
// Substitute the path to the forest for the path to the domain
pszDomainName = lpForest;
}
#endif
//
// Check to see if we have a domain path to a specific DC.
// If we don't then the string will start "LDAP://DC=".
// The equal sign in particular can only be there if we don't have a specific
// DC so we'll just check for the equal sign.
//
if (*(pszDomainName + 9) == TEXT('='))
{
//
// Convert LDAP to dot (DN) style
//
hr = ConvertToDotStyle (pszDomainName, &lpTemp);
if (FAILED(hr))
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::New: Failed to convert domain name with 0x%x"), hr));
goto Exit;
}
//
// Get the GPO DC for this domain
//
lpDCName = GetDCName (lpTemp, NULL, NULL, FALSE, 0);
if (!lpDCName)
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::New: Failed to get DC name with %d"),
GetLastError()));
hr = HRESULT_FROM_WIN32(GetLastError());
goto Exit;
}
//
// Build a fully qualified domain name to a specific DC
//
lpTemp = MakeFullPath (pszDomainName, lpDCName);
if (!lpTemp)
{
hr = HRESULT_FROM_WIN32(GetLastError());
goto Exit;
}
}
else
{
lpDCName = ExtractServerName (pszDomainName);
if (!lpDCName)
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::New: Failed to extract server name from ADSI path")));
hr = HRESULT_FROM_WIN32(GetLastError());
goto Exit;
}
lpTemp = (LPTSTR) LocalAlloc (LPTR, (lstrlen(pszDomainName) + 1) * sizeof(TCHAR));
if (!lpTemp)
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::New: Failed to allocate memory for true domain name with %d"),
GetLastError()));
hr = HRESULT_FROM_WIN32(GetLastError());
goto Exit;
}
lstrcpy (lpTemp, pszDomainName);
}
//
// Create a pathname object we can work with
//
hr = CoCreateInstance(CLSID_Pathname, NULL, CLSCTX_INPROC_SERVER,
IID_IADsPathname, (LPVOID*)&pADsPathname);
if (FAILED(hr))
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::New: Failed to create adspathname instance with 0x%x"), hr));
LocalFree (lpTemp);
goto Exit;
}
//
// Add the domain name
//
hr = pADsPathname->Set (lpTemp, ADS_SETTYPE_FULL);
LocalFree (lpTemp);
if (FAILED(hr))
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::New: Failed to set pathname with 0x%x"), hr));
goto Exit;
}
#if FGPO_SUPPORT
if (GPO_OPEN_FOREST != (dwFlags & GPO_OPEN_FOREST))
{
#endif
//
// Add the system folder to the path unless we're on the enterprise
//
hr = pADsPathname->AddLeafElement (TEXT("CN=System"));
if (FAILED(hr))
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::New: Failed to add system folder with 0x%x"), hr));
goto Exit;
}
#if FGPO_SUPPORT
}
else
{
//
// We're on the enterprise so point at the Configuration folder instead
//
hr = pADsPathname->AddLeafElement (TEXT("CN=Configuration"));
if (FAILED(hr))
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::New: Failed to add system folder with 0x%x"), hr));
goto Exit;
}
}
#endif
//
// Retreive the container path - this is the path to the parent of the policies folder
//
hr = pADsPathname->Retrieve (ADS_FORMAT_X500, &bstrContainer);
if (FAILED(hr))
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::New: Failed to retreive container path with 0x%x"), hr));
goto Exit;
}
//
// Create the Policies container
//
hr = CreateContainer (bstrContainer, TEXT("Policies"), FALSE);
if (FAILED(hr))
{
if (hr != HRESULT_FROM_WIN32(ERROR_OBJECT_ALREADY_EXISTS))
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::New: Failed to create the gpo container with 0x%x"), hr));
goto Exit;
}
}
SysFreeString (bstrContainer);
bstrContainer = NULL;
//
// Add the policies container to the path
//
hr = pADsPathname->AddLeafElement (TEXT("CN=Policies"));
if (FAILED(hr))
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::New: Failed to add policies folder with 0x%x"), hr));
goto Exit;
}
//
// Retreive the container path - this is the path to the policies folder
//
hr = pADsPathname->Retrieve (ADS_FORMAT_X500, &bstrContainer);
if (FAILED(hr))
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::New: Failed to retreive container path with 0x%x"), hr));
goto Exit;
}
//
// Create a new GPO name (guid)
//
if (FAILED(CoCreateGuid(&guid)))
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::New: Failed to create GUID.")));
goto Exit;
}
if (!StringFromGUID2 (guid, szGPOName, ARRAYSIZE(szGPOName)))
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::New: Failed to convert GUID.")));
goto Exit;
}
//
// Create a container for this GPO
//
hr = CreateContainer (bstrContainer, szGPOName, TRUE);
if (FAILED(hr)) {
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::New: Failed to create the gpo container with 0x%x"), hr));
goto Exit;
}
SysFreeString (bstrContainer);
bstrContainer = NULL;
//
// Add the GPO name to the path
//
lstrcpy (szTemp, TEXT("CN="));
lstrcat (szTemp, szGPOName);
hr = pADsPathname->AddLeafElement (szTemp);
if (FAILED(hr))
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::New: Failed to add machine folder with 0x%x"), hr));
goto Exit;
}
//
// Retreive the GPC path
//
hr = pADsPathname->Retrieve (ADS_FORMAT_X500, &bstrGPC);
if (FAILED(hr))
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::New: Failed to retreive container path with 0x%x"), hr));
goto Exit;
}
DebugMsg((DM_VERBOSE, TEXT("CGroupPolicyObject::New: GPO container path is: %s"), bstrGPC));
//
// Now create the machine and user containers
//
hr = CreateContainer (bstrGPC, MACHINE_SECTION, FALSE);
if (FAILED(hr)) {
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::New: Failed to create the machine container with 0x%x"), hr));
goto Exit;
}
hr = CreateContainer (bstrGPC, USER_SECTION, FALSE);
if (FAILED(hr)) {
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::New: Failed to create the user container with 0x%x"), hr));
goto Exit;
}
//
// Prepare the file system storage on the sysvol
//
// Build the name
//
wsprintf (szGPOPath, TEXT("\\\\%s\\SysVol\\%s\\Policies\\%s"), lpDCName, lpResult, szGPOName);
lpGPTPath = (LPTSTR) LocalAlloc(LPTR, (lstrlen(szGPOPath) + 1) * sizeof(TCHAR));
if (!lpGPTPath)
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::New: Failed to allocate memory for GPT path with %d"),
GetLastError()));
hr = HRESULT_FROM_WIN32(GetLastError());
goto Exit;
}
lstrcpy (lpGPTPath, szGPOPath);
if (!CreateNestedDirectory (szGPOPath, NULL))
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::New: Failed to create file system directory %s with %d"),
szGPOPath, GetLastError()));
hr = HRESULT_FROM_WIN32(GetLastError());
goto Exit;
}
DebugMsg((DM_VERBOSE, TEXT("CGroupPolicyObject::New: File system folder is: %s"), szGPOPath));
//
// Set the security of the sysvol to match the security of the DS
//
// First, enable some security privilages so we can set the owner / sacl information
//
if (!EnableSecurityPrivs())
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::New: Failed to enable the security privilages with %d"),
GetLastError()));
hr = HRESULT_FROM_WIN32(GetLastError());
goto Exit;
}
//
// Bind to the GPO
//
hr = OpenDSObject(bstrGPC, IID_IADs, (void **)&pADs);
if (FAILED(hr)) {
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::New: Failed to get gpo IADs interface with 0x%x"), hr));
SetThreadToken(NULL, NULL);
goto Exit;
}
//
// Get the security descriptor from the DS
//
hr = GetSecurityDescriptor (pADs, si, &pSD);
if (FAILED(hr)) {
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::New: Failed to query the security descriptor with 0x%x"), hr));
SetThreadToken(NULL, NULL);
goto Exit;
}
//
// Set the security information on the sysvol
//
dwResult = SetSysvolSecurity (szGPOPath, si, pSD);
if (dwResult != ERROR_SUCCESS)
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::New: Failed to set sysvol security for %s with %d"),
szGPOPath, dwResult));
hr = HRESULT_FROM_WIN32(dwResult);
SetThreadToken(NULL, NULL);
goto Exit;
}
//
// Reset the security privilages
//
SetThreadToken(NULL, NULL);
lpEnd = CheckSlash(szGPOPath);
//
// Set the initial version number
//
lstrcpy (lpEnd, TEXT("GPT.INI"));
if (!WritePrivateProfileString (TEXT("General"), TEXT("Version"), TEXT("0"),
szGPOPath))
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::New: Failed to set initial version number for %s with %d"),
szGPOPath, GetLastError()));
hr = HRESULT_FROM_WIN32(GetLastError());
goto Exit;
}
//
// Create the user and machine directories
//
lstrcpy (lpEnd, MACHINE_SECTION);
if (!CreateNestedDirectory (szGPOPath, NULL))
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::New: Failed to create machine file system directory %s with %d"),
szGPOPath, GetLastError()));
hr = HRESULT_FROM_WIN32(GetLastError());
goto Exit;
}
lstrcpy (lpEnd, USER_SECTION);
if (!CreateNestedDirectory (szGPOPath, NULL))
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::New: Failed to create user file system directory %s with %d"),
szGPOPath, GetLastError()));
hr = HRESULT_FROM_WIN32(GetLastError());
goto Exit;
}
//
// Set the GPO specific information
//
// Note that we use the nameless form of the sysvol path
//
wsprintf (szGPOPath, TEXT("\\\\%s\\SysVol\\%s\\Policies\\%s"), lpResult, lpResult, szGPOName);
hr = SetGPOInfo (bstrGPC, pszDisplayName, szGPOPath);
if (FAILED(hr)) {
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::New: Failed to set GPO information with 0x%x"), hr));
goto Exit;
}
//
// Call OpenDSGPO to do the loading work
//
hr = OpenDSGPO(bstrGPC, dwFlags);
Exit:
if (lpForest)
{
LocalFree (lpForest);
}
if (lpDCName)
{
LocalFree (lpDCName);
}
if (lpResult)
{
LocalFree (lpResult);
}
if (bstrContainer)
{
SysFreeString (bstrContainer);
}
if (bstrGPC)
{
if (FAILED(hr))
{
if (FAILED(DSDelnode(bstrGPC)))
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::New: Failed to delete GPC with 0x%x"), hr));
}
}
SysFreeString (bstrGPC);
}
if (lpGPTPath)
{
if (FAILED(hr))
{
if (!Delnode(lpGPTPath))
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::New: Failed to delete GPT with %d"),
GetLastError()));
}
}
}
if (pADsPathname)
{
pADsPathname->Release();
}
if (pADs)
{
pADs->Release();
}
if (pSD)
{
LocalFree (pSD);
}
DebugMsg((DM_VERBOSE, TEXT("CGroupPolicyObject::New: Leaving with a status of 0x%x"), hr));
return hr;
}
//*************************************************************
//
// OpenDSGPO()
//
// Purpose: Opens a DS Group Policy Object
//
// Parameters: pszPath - Path to the GPO to open
// dwFlags - Open / creation flags
//
// Return: S_OK if successful
//
//*************************************************************
STDMETHODIMP CGroupPolicyObject::OpenDSGPO (LPOLESTR pszPath, DWORD dwFlags)
{
HRESULT hr = E_FAIL;
VARIANT var;
IADsPathname * pADsPathname = NULL;
IADsObjectOptions *pOptions = NULL;
BSTR bstrProperty;
BSTR bstrGPOName = NULL;
BSTR bstrContainer;
BSTR bstrDCName;
TCHAR szPath[2*MAX_PATH];
TCHAR szKeyName[100];
LPTSTR lpTemp;
LPTSTR lpEnd;
LPTSTR pszFullPath = NULL;
DWORD dwResult;
WIN32_FILE_ATTRIBUTE_DATA fad;
DFS_INFO_101 Info101;
LPTSTR lpDCName = NULL;
LPOLESTR pszDomain;
UINT uiSize;
TCHAR szFormat[10];
LPTSTR lpNames[2];
//
// Check if this object has already been initialized
//
if (m_bInitialized)
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::OpenDSGPO: Called on an uninitialized object.")));
return STG_E_INUSE;
}
//
// Check parameters
//
if (!pszPath)
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::OpenDSGPO: NULL GPO name")));
return E_INVALIDARG;
}
if (CompareString (LOCALE_USER_DEFAULT, NORM_STOP_ON_NULL, TEXT("LDAP://"),
7, pszPath, 7) != CSTR_EQUAL)
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::OpenDSGPO: %s does not start with LDAP://"), pszPath));
hr = E_INVALIDARG;
goto Exit;
}
//
// Verbose output
//
DebugMsg((DM_VERBOSE, TEXT("CGroupPolicyObject::OpenDSGPO: Entering with:")));
DebugMsg((DM_VERBOSE, TEXT("CGroupPolicyObject::OpenDSGPO: GPO Path: %s"), pszPath));
DebugMsg((DM_VERBOSE, TEXT("CGroupPolicyObject::OpenDSGPO: Flags: %d"), dwFlags));
//
// Save the flags
//
m_dwFlags = dwFlags;
//
// Retreive the server name if defined
//
lpDCName = ExtractServerName (pszPath);
if (lpDCName)
{
pszFullPath = pszPath;
}
else
{
//
// Get the domain name
//
pszDomain = GetDomainFromLDAPPath(pszPath);
if (!pszDomain)
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::OpenDSGPO: Failed to get domain name")));
hr = E_FAIL;
goto Exit;
}
//
// Convert LDAP to dot (DN) style
//
hr = ConvertToDotStyle (pszDomain, &lpTemp);
delete [] pszDomain;
if (FAILED(hr))
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::OpenDSGPO: Failed to convert domain name with 0x%x"), hr));
goto Exit;
}
//
// Get the GPO DC for this domain
//
lpDCName = GetDCName (lpTemp, NULL, NULL, FALSE, 0);
LocalFree (lpTemp);
if (!lpDCName)
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::OpenDSGPO: Failed to get DC name with %d"),
GetLastError()));
hr = HRESULT_FROM_WIN32(GetLastError());
goto Exit;
}
//
// Make the fully qualified path
//
pszFullPath = MakeFullPath (pszPath, lpDCName);
if (!pszFullPath)
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::OpenDSGPO: Failed to make full GPO path")));
hr = HRESULT_FROM_WIN32(GetLastError());
goto Exit;
}
}
DebugMsg((DM_VERBOSE, TEXT("CGroupPolicyObject::OpenDSGPO: Using server %s"), lpDCName));
DebugMsg((DM_VERBOSE, TEXT("CGroupPolicyObject::OpenDSGPO: Using fully qualifed pathname of %s"), pszFullPath));
//
// Save the DC name
//
m_pMachineName = (LPTSTR) LocalAlloc (LPTR, (lstrlen(lpDCName) + 1) * sizeof(TCHAR));
if (!m_pMachineName)
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::OpenDSGPO: Failed to allocate memory for machine name")));
hr = HRESULT_FROM_WIN32(GetLastError());
goto Exit;
}
lstrcpy (m_pMachineName, lpDCName);
//
// Save the DS path
//
m_pDSPath = (LPTSTR) LocalAlloc (LPTR, (lstrlen(pszFullPath) + 2) * sizeof(TCHAR));
if (!m_pDSPath)
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::OpenDSGPO: Failed to allocate memory for ds path")));
hr = HRESULT_FROM_WIN32(GetLastError());
goto Exit;
}
lstrcpy (m_pDSPath, pszFullPath);
//
// Bind to the DS object. Note we hold on to this bind until
// the object goes away. This way other ADSI calls will go to
// the same DC.
//
DebugMsg((DM_VERBOSE, TEXT("CGroupPolicyObject::OpenDSGPO: Binding to the object")));
hr = OpenDSObject(m_pDSPath, IID_IADs, (void **)&m_pADs);
if (FAILED(hr))
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::OpenDSGPO: OpenDSObject failed with 0x%x"), hr));
goto Exit;
}
DebugMsg((DM_VERBOSE, TEXT("CGroupPolicyObject::OpenDSGPO: Bound successfully.")));
//
// Check if the user has write permission to the GPO
//
if (!(m_dwFlags & GPO_OPEN_READ_ONLY))
{
DebugMsg((DM_VERBOSE, TEXT("CGroupPolicyObject::OpenDSGPO: Checking for write access")));
hr = CheckDSWriteAccess ((LPUNKNOWN)m_pADs, TEXT("versionNumber"));
if (FAILED(hr))
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::OpenDSGPO: CheckDSWriteAccess failed with 0x%x"), hr));
goto Exit;
}
DebugMsg((DM_VERBOSE, TEXT("CGroupPolicyObject::OpenDSGPO: Write access granted")));
}
//
// Query for the file system path
//
bstrProperty = SysAllocString (GPT_PATH_PROPERTY);
if (!bstrProperty)
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::OpenDSGPO: Failed to allocate memory")));
hr = ERROR_OUTOFMEMORY;
goto Exit;
}
VariantInit(&var);
hr = m_pADs->Get(bstrProperty, &var);
if (FAILED(hr))
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::OpenDSGPO: Failed to query GPT path with 0x%x"), hr));
SysFreeString (bstrProperty);
VariantClear (&var);
goto Exit;
}
m_pFileSysPath = (LPTSTR) LocalAlloc (LPTR, (lstrlen(var.bstrVal) + 2) * sizeof(TCHAR));
if (!m_pFileSysPath)
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::OpenDSGPO: Failed to allocate memory for gpt path")));
SysFreeString (bstrProperty);
VariantClear (&var);
hr = HRESULT_FROM_WIN32(GetLastError());
goto Exit;
}
lstrcpy (m_pFileSysPath, var.bstrVal);
SysFreeString (bstrProperty);
VariantClear (&var);
//
// Query for the display name
//
bstrProperty = SysAllocString (GPO_NAME_PROPERTY);
if (!bstrProperty)
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::OpenDSGPO: Failed to allocate memory")));
hr = ERROR_OUTOFMEMORY;
goto Exit;
}
VariantInit(&var);
hr = m_pADs->Get(bstrProperty, &var);
if (FAILED(hr))
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::OpenDSGPO: Failed to query for display name with 0x%x"), hr));
SysFreeString (bstrProperty);
VariantClear (&var);
goto Exit;
}
m_pDisplayName = (LPTSTR) LocalAlloc (LPTR, (lstrlen(var.bstrVal) + 1) * sizeof(TCHAR));
if (!m_pDisplayName)
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::OpenDSGPO: Failed to allocate memory for display name")));
SysFreeString (bstrProperty);
VariantClear (&var);
hr = HRESULT_FROM_WIN32(GetLastError());
goto Exit;
}
lstrcpy (m_pDisplayName, var.bstrVal);
SysFreeString (bstrProperty);
VariantClear (&var);
//
// Create a pathname object we can work with
//
hr = CoCreateInstance(CLSID_Pathname, NULL, CLSCTX_INPROC_SERVER,
IID_IADsPathname, (LPVOID*)&pADsPathname);
if (FAILED(hr))
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::OpenDSGPO: Failed to create adspathname instance with 0x%x"), hr));
goto Exit;
}
//
// Add the domain name
//
hr = pADsPathname->Set (m_pDSPath, ADS_SETTYPE_FULL);
if (FAILED(hr))
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::OpenDSGPO: Failed to set pathname with 0x%x"), hr));
goto Exit;
}
//
// Retrieve the GPO name
//
hr = pADsPathname->GetElement (0, &bstrGPOName);
if (FAILED(hr))
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::OpenDSGPO: Failed to retreive GPO name with 0x%x"), hr));
goto Exit;
}
//
// Make a copy of the GPO name
//
m_pName = (LPTSTR) LocalAlloc (LPTR, (lstrlen(bstrGPOName) + 1 - 3) * sizeof(TCHAR));
if (!m_pName)
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::OpenDSGPO: Failed to allocate memory for gpo name")));
hr = HRESULT_FROM_WIN32(GetLastError());
goto Exit;
}
lstrcpy (m_pName, (bstrGPOName + 3));
//
// Set the ADSI preferred DC.
//
hr = m_pADs->QueryInterface(IID_IADsObjectOptions, (void**)&pOptions);
if (SUCCEEDED(hr))
{
//
// Get the domain name
//
pszDomain = GetDomainFromLDAPPath(pszPath);
if (!pszDomain)
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::OpenDSGPO: Failed to get domain name")));
hr = E_FAIL;
goto Exit;
}
//
// Convert LDAP to dot (DN) style
//
hr = ConvertToDotStyle (pszDomain, &lpTemp);
delete [] pszDomain;
if (FAILED(hr))
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::OpenDSGPO: Failed to convert domain name with 0x%x"), hr));
goto Exit;
}
//
// Build a variant containing the domain and dc names
//
VariantInit(&var);
lpNames[0] = lpTemp;
lpNames[1] = lpDCName;
hr = ADsBuildVarArrayStr (lpNames, 2, &var);
LocalFree (lpTemp);
if (FAILED(hr))
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::OpenDSGPO: Failed to convert domain name with 0x%x"), hr));
goto Exit;
}
//
// Set the DC name
//
hr = pOptions->SetOption(ADS_PRIVATE_OPTION_SPECIFIC_SERVER, var);
VariantClear (&var);
if (FAILED(hr))
{
//
// TODO: Remove this block after lab03 RI's -- or -- remove post whistler beta2
//
if (hr == E_ADS_BAD_PARAMETER)
{
//
// Set the DC name the old way
//
VariantInit(&var);
var.vt = VT_BSTR;
var.bstrVal = SysAllocString (lpDCName);
if (var.bstrVal)
{
hr = pOptions->SetOption(ADS_PRIVATE_OPTION_SPECIFIC_SERVER, var);
}
else
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::OpenDSGPO: Failed to allocate bstr DCName string")));
}
VariantClear (&var);
}
else
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::OpenDSGPO: Failed to set private DC name with 0x%x"), hr));
}
}
pOptions->Release();
}
else
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::OpenDSGPO: Failed to get DS object options interface with 0x%x"), hr));
}
//
// Ask the MUP to read/write to this DC's sysvol.
// We first have to get attributes for the nameless path. This causes the MUP's
// cache to be initialize if it isn't already. Then we can tell
// the MUP which server to use.
//
if (!GetFileAttributesEx (m_pFileSysPath, GetFileExInfoStandard, &fad))
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::OpenDSGPO: GetFileAttributes for %s FAILED with %d."), m_pFileSysPath, GetLastError()));
}
//
// Now we need to take the full path and trim it down to just
// domain name \ share
//
lstrcpy (szPath, m_pFileSysPath);
if ((szPath[0] != TEXT('\\')) || (szPath[1] != TEXT('\\')))
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::OpenDSGPO: Sysvol path doesn't start with \\\\")));
goto Exit;
}
lpTemp = szPath + 2;
while (*lpTemp && (*lpTemp != TEXT('\\')))
lpTemp++;
if (!(*lpTemp))
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::OpenDSGPO: Failed to find slash between domain name and share")));
goto Exit;
}
lpTemp++;
while (*lpTemp && (*lpTemp != TEXT('\\')))
lpTemp++;
if (!(*lpTemp))
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::OpenDSGPO: Failed to find slash between share and directory")));
goto Exit;
}
*lpTemp = TEXT('\0');
Info101.State = DFS_STORAGE_STATE_ACTIVE;
dwResult = NetDfsSetClientInfo (szPath, lpDCName,
L"SysVol", 101, (LPBYTE)&Info101);
if (dwResult != NERR_Success)
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::OpenDSGPO: Failed to set %s as the active sysvol with %d"),
lpDCName, dwResult));
}
//
// Now load the registry information
//
if (m_dwFlags & GPO_OPEN_LOAD_REGISTRY)
{
DebugMsg((DM_VERBOSE, TEXT("CGroupPolicyObject::OpenDSGPO: Loading registry files")));
lstrcpy (szPath, m_pFileSysPath);
lpEnd = CheckSlash (szPath);
//
// Initialize the user registry (HKCU)
//
m_pUser = new CRegistryHive();
if (!m_pUser)
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::OpenDSGPO: Failed to create User registry")));
hr = HRESULT_FROM_WIN32(GetLastError());
goto Exit;
}
lstrcpy (lpEnd, USER_SECTION);
lstrcat (lpEnd, TEXT("\\Registry.pol"));
lstrcpy (szKeyName, m_pName);
lstrcat (szKeyName, USER_SECTION);
hr = m_pUser->Initialize (szPath, szKeyName);
if (FAILED(hr))
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::OpenDSGPO: User registry failed to initialize")));
goto Exit;
}
//
// Initialize the machine registry (HKLM)
//
m_pMachine = new CRegistryHive();
if (!m_pMachine)
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::OpenDSGPO: Failed to create machine registry")));
hr = HRESULT_FROM_WIN32(GetLastError());
goto Exit;
}
lstrcpy (lpEnd, MACHINE_SECTION);
lstrcat (lpEnd, TEXT("\\Registry.pol"));
lstrcpy (szKeyName, m_pName);
lstrcat (szKeyName, MACHINE_SECTION);
hr = m_pMachine->Initialize (szPath, szKeyName);
if (FAILED(hr))
{
DebugMsg((DM_WARNING, TEXT("CComponentData::InitializeGPT: machine registry failed to initialize")));
goto Exit;
}
}
//
// Success
//
hr = S_OK;
Exit:
if (pADsPathname)
{
pADsPathname->Release();
}
if (bstrGPOName)
{
SysFreeString (bstrGPOName);
}
if (lpDCName)
{
LocalFree (lpDCName);
}
if (pszFullPath != pszPath)
{
LocalFree (pszFullPath);
}
if (SUCCEEDED(hr))
{
m_gpoType = GPOTypeDS;
m_bInitialized = TRUE;
} else {
CleanUp();
}
DebugMsg((DM_VERBOSE, TEXT("CGroupPolicyObject::OpenDSGPO: Leaving with a status of 0x%x"), hr));
return hr;
}
//*************************************************************
//
// OpenLocalMachineGPO()
//
// Purpose: Opens this machines GPO
//
// Parameters: dwFlags - load flags
//
// Return: S_OK if successful
//
//*************************************************************
STDMETHODIMP CGroupPolicyObject::OpenLocalMachineGPO (DWORD dwFlags)
{
HRESULT hr = E_FAIL;
TCHAR szBuffer[MAX_PATH];
TCHAR szKeyName[100];
LPTSTR lpEnd;
TCHAR szPath[MAX_PATH];
TCHAR szFuncVersion[10];
UINT uRet = 0;
//
// Check if this object has already been initialized
//
if (m_bInitialized)
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::OpenLocalMachineGPO: Called on an uninitialized object.")));
return STG_E_INUSE;
}
//
// Save the flags
//
m_dwFlags = dwFlags;
//
// Get the path to the local GPO
//
ExpandEnvironmentStrings (LOCAL_GPO_DIRECTORY, szBuffer, ARRAYSIZE(szBuffer));
//
// Save the file system path
//
m_pFileSysPath = (LPTSTR) LocalAlloc (LPTR, (lstrlen(szBuffer) + 1) * sizeof(TCHAR));
if (!m_pFileSysPath)
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::OpenLocalMachineGPO: Failed to allocate memory for gpt path")));
hr = HRESULT_FROM_WIN32(GetLastError());
goto Exit;
}
lstrcpy (m_pFileSysPath, szBuffer);
//
// Create the directory
//
uRet = CreateSecureDirectory (szBuffer);
if (!uRet)
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::OpenLocalMachineGPO: Failed to create file system directory %s with %d"),
szBuffer, GetLastError()));
hr = HRESULT_FROM_WIN32(GetLastError());
goto Exit;
}
SetFileAttributes (szBuffer, FILE_ATTRIBUTE_HIDDEN);
//
// Check if the user has write access to the directory
//
if (!(m_dwFlags & GPO_OPEN_READ_ONLY))
{
hr = CheckFSWriteAccess (szBuffer);
if (FAILED(hr))
{
if (hr == HRESULT_FROM_WIN32(ERROR_ACCESS_DENIED))
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::OpenLocalMachineGPO: User does not have write access to this GPO (access denied).")));
goto Exit;
}
else
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::OpenLocalMachineGPO: CheckFSWriteAccess failed with 0x%x"), hr));
}
}
}
if ( uRet != ERROR_ALREADY_EXISTS )
{
lstrcpy( szPath, m_pFileSysPath );
lpEnd = CheckSlash(szPath);
lstrcpy( lpEnd, TEXT("gpt.ini") );
wsprintf( szFuncVersion, TEXT("%d"), GPO_FUNCTIONALITY_VERSION );
if (!WritePrivateProfileString (TEXT("General"), TEXT("gPCFunctionalityVersion"),
szFuncVersion, szPath))
{
hr = HRESULT_FROM_WIN32(GetLastError());
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::OpenLocalMachineGPO: Failed to write functionality version with 0x%x"), hr));
goto Exit;
}
}
lpEnd = CheckSlash(szBuffer);
//
// Create the user and machine directories
//
lstrcpy (lpEnd, MACHINE_SECTION);
if (!CreateNestedDirectory (szBuffer, NULL))
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::OpenLocalMachineGPO: Failed to create machine subdirectory with %d"),
GetLastError()));
hr = HRESULT_FROM_WIN32(GetLastError());
goto Exit;
}
lstrcpy (lpEnd, USER_SECTION);
if (!CreateNestedDirectory (szBuffer, NULL))
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::OpenLocalMachineGPO: Failed to create user subdirectory with %d"),
GetLastError()));
hr = HRESULT_FROM_WIN32(GetLastError());
goto Exit;
}
//
// Load the GPO name
//
LoadString (g_hInstance, IDS_LOCAL_NAME, szBuffer, ARRAYSIZE(szBuffer));
m_pName = (LPTSTR) LocalAlloc (LPTR, (lstrlen(szBuffer) + 2) * sizeof(TCHAR));
if (!m_pName)
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::OpenLocalMachineGPO: Failed to allocate memory for name")));
hr = HRESULT_FROM_WIN32(GetLastError());
goto Exit;
}
lstrcpy (m_pName, szBuffer);
//
// Load the display name
//
LoadString (g_hInstance, IDS_LOCAL_DISPLAY_NAME, szBuffer, ARRAYSIZE(szBuffer));
m_pDisplayName = (LPTSTR) LocalAlloc (LPTR, (lstrlen(szBuffer) + 2) * sizeof(TCHAR));
if (!m_pDisplayName)
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::OpenLocalMachineGPO: Failed to allocate memory for display name")));
hr = HRESULT_FROM_WIN32(GetLastError());
goto Exit;
}
lstrcpy (m_pDisplayName, szBuffer);
//
// Now load the registry information
//
if (m_dwFlags & GPO_OPEN_LOAD_REGISTRY)
{
lstrcpy (szBuffer, m_pFileSysPath);
lpEnd = CheckSlash (szBuffer);
//
// Initialize the user registry (HKCU)
//
m_pUser = new CRegistryHive();
if (!m_pUser)
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::OpenLocalMachineGPO: Failed to create User registry")));
hr = HRESULT_FROM_WIN32(GetLastError());
goto Exit;
}
lstrcpy (lpEnd, USER_SECTION);
lstrcat (lpEnd, TEXT("\\Registry.pol"));
lstrcpy (szKeyName, m_pName);
lstrcat (szKeyName, USER_SECTION);
hr = m_pUser->Initialize (szBuffer, szKeyName);
if (FAILED(hr))
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::OpenLocalMachineGPO: User registry failed to initialize")));
goto Exit;
}
//
// Initialize the machine registry (HKLM)
//
m_pMachine = new CRegistryHive();
if (!m_pMachine)
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::OpenLocalMachineGPO: Failed to create machine registry")));
hr = HRESULT_FROM_WIN32(GetLastError());
goto Exit;
}
lstrcpy (lpEnd, MACHINE_SECTION);
lstrcat (lpEnd, TEXT("\\Registry.pol"));
lstrcpy (szKeyName, m_pName);
lstrcat (szKeyName, MACHINE_SECTION);
hr = m_pMachine->Initialize (szBuffer, szKeyName);
if (FAILED(hr))
{
DebugMsg((DM_WARNING, TEXT("CComponentData::InitializeGPT: machine registry failed to initialize")));
goto Exit;
}
}
//
// Success
//
hr = S_OK;
Exit:
if (SUCCEEDED(hr))
{
m_gpoType = GPOTypeLocal;
m_bInitialized = TRUE;
} else {
CleanUp();
}
return hr;
}
//*************************************************************
//
// OpenRemoteMachineGPO()
//
// Purpose: Opens a remote machines GPO
// dwFlags - load flags
//
// Parameters: pszComputerName - name of computer
//
// Return: S_OK if successful
//
//*************************************************************
STDMETHODIMP CGroupPolicyObject::OpenRemoteMachineGPO (LPOLESTR pszComputerName,
DWORD dwFlags)
{
HRESULT hr = E_FAIL;
TCHAR szComputerName[MAX_PATH];
TCHAR szBuffer[MAX_PATH];
TCHAR szKeyName[100];
LPTSTR lpEnd;
TCHAR szPath[MAX_PATH];
TCHAR szFuncVersion[10];
UINT uRet = 0;
//
// Check if this object has already been initialized
//
if (m_bInitialized)
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::OpenRemoteMachineGPO: Called on an uninitialized object.")));
return STG_E_INUSE;
}
//
// Check parameters
//
if (!pszComputerName)
return E_INVALIDARG;
//
// Save the flags
//
m_dwFlags = dwFlags;
//
// Parse the computer name
//
if ((pszComputerName[0] == TEXT('\\')) && (pszComputerName[1] == TEXT('\\')))
{
lstrcpy(szComputerName, pszComputerName+2);
}
else
{
lstrcpy(szComputerName, pszComputerName);
}
//
// Save the machine name
//
m_pMachineName = (LPTSTR) LocalAlloc (LPTR, (lstrlen(szComputerName) + 1) * sizeof(TCHAR));
if (!m_pMachineName)
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::OpenRemoteMachineGPO: Failed to allocate memory for machine name")));
hr = HRESULT_FROM_WIN32(GetLastError());
goto Exit;
}
lstrcpy (m_pMachineName, szComputerName);
//
// Get the path to the local GPO
//
wsprintf (szBuffer, REMOTE_GPO_DIRECTORY, szComputerName);
//
// Save the file system path
//
m_pFileSysPath = (LPTSTR) LocalAlloc (LPTR, (lstrlen(szBuffer) + 1) * sizeof(TCHAR));
if (!m_pFileSysPath)
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::OpenRemoteMachineGPO: Failed to allocate memory for gpt path")));
hr = HRESULT_FROM_WIN32(GetLastError());
goto Exit;
}
lstrcpy (m_pFileSysPath, szBuffer);
//
// Create the directory
//
uRet = CreateSecureDirectory (szBuffer);
if (!uRet)
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::OpenRemoteMachineGPO: Failed to create file system directory %s with %d"),
szBuffer, GetLastError()));
hr = HRESULT_FROM_WIN32(GetLastError());
goto Exit;
}
SetFileAttributes (szBuffer, FILE_ATTRIBUTE_HIDDEN);
//
// Check if the user has write access to the directory
//
if (!(m_dwFlags & GPO_OPEN_READ_ONLY))
{
hr = CheckFSWriteAccess (szBuffer);
if (FAILED(hr))
{
if (hr == HRESULT_FROM_WIN32(ERROR_ACCESS_DENIED))
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::OpenRemoteMachineGPO: User does not have write access to this GPO (access denied).")));
goto Exit;
}
else
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::OpenRemoteMachineGPO: CheckFSWriteAccess failed with 0x%x"), hr));
}
}
}
if ( uRet != ERROR_ALREADY_EXISTS )
{
lstrcpy( szPath, m_pFileSysPath );
lpEnd = CheckSlash(szPath);
lstrcpy( lpEnd, TEXT("gpt.ini") );
wsprintf( szFuncVersion, TEXT("%d"), GPO_FUNCTIONALITY_VERSION );
if (!WritePrivateProfileString (TEXT("General"), TEXT("gPCFunctionalityVersion"),
szFuncVersion, szPath))
{
hr = HRESULT_FROM_WIN32(GetLastError());
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::OpenRemoteMachineGPO: Failed to write functionality version with 0x%x"), hr));
goto Exit;
}
}
lpEnd = CheckSlash(szBuffer);
//
// Create the user and machine directories
//
lstrcpy (lpEnd, MACHINE_SECTION);
if (!CreateNestedDirectory (szBuffer, NULL))
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::OpenRemoteMachineGPO: Failed to create machine subdirectory with %d"),
GetLastError()));
hr = HRESULT_FROM_WIN32(GetLastError());
goto Exit;
}
lstrcpy (lpEnd, USER_SECTION);
if (!CreateNestedDirectory (szBuffer, NULL))
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::OpenRemoteMachineGPO: Failed to create user subdirectory with %d"),
GetLastError()));
hr = HRESULT_FROM_WIN32(GetLastError());
goto Exit;
}
//
// Load the GPO name
//
m_pName = (LPTSTR) LocalAlloc (LPTR, (lstrlen(szComputerName) + 2) * sizeof(TCHAR));
if (!m_pName)
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::OpenRemoteMachineGPO: Failed to allocate memory for name")));
hr = HRESULT_FROM_WIN32(GetLastError());
goto Exit;
}
lstrcpy (m_pName, szComputerName);
//
// Load the display name
//
m_pDisplayName = (LPTSTR) LocalAlloc (LPTR, (lstrlen(szComputerName) + 2) * sizeof(TCHAR));
if (!m_pDisplayName)
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::OpenRemoteMachineGPO: Failed to allocate memory for display name")));
hr = HRESULT_FROM_WIN32(GetLastError());
goto Exit;
}
lstrcpy (m_pDisplayName, szComputerName);
//
// Now load the registry information
//
if (m_dwFlags & GPO_OPEN_LOAD_REGISTRY)
{
lstrcpy (szBuffer, m_pFileSysPath);
lpEnd = CheckSlash (szBuffer);
//
// Initialize the user registry (HKCU)
//
m_pUser = new CRegistryHive();
if (!m_pUser)
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::OpenRemoteMachineGPO: Failed to create User registry")));
hr = HRESULT_FROM_WIN32(GetLastError());
goto Exit;
}
lstrcpy (lpEnd, USER_SECTION);
lstrcat (lpEnd, TEXT("\\Registry.pol"));
lstrcpy (szKeyName, m_pName);
lstrcat (szKeyName, USER_SECTION);
hr = m_pUser->Initialize (szBuffer, szKeyName);
if (FAILED(hr))
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::OpenRemoteMachineGPO: User registry failed to initialize")));
goto Exit;
}
//
// Initialize the machine registry (HKLM)
//
m_pMachine = new CRegistryHive();
if (!m_pMachine)
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::OpenRemoteMachineGPO: Failed to create machine registry")));
hr = HRESULT_FROM_WIN32(GetLastError());
goto Exit;
}
lstrcpy (lpEnd, MACHINE_SECTION);
lstrcat (lpEnd, TEXT("\\Registry.pol"));
lstrcpy (szKeyName, m_pName);
lstrcat (szKeyName, MACHINE_SECTION);
hr = m_pMachine->Initialize (szBuffer, szKeyName);
if (FAILED(hr))
{
DebugMsg((DM_WARNING, TEXT("CComponentData::InitializeGPT: machine registry failed to initialize")));
goto Exit;
}
}
//
// Success
//
hr = S_OK;
Exit:
if (SUCCEEDED(hr))
{
m_gpoType = GPOTypeRemote;
m_bInitialized = TRUE;
} else {
CleanUp();
}
return hr;
}
//*************************************************************
//
// Save()
//
// Purpose: Saves the registry information and bumps the
// version number
//
// Parameters: none
//
// Return: S_OK if successful
//
//*************************************************************
STDMETHODIMP CGroupPolicyObject::Save (BOOL bMachine, BOOL bAdd, GUID *pGuidExtension, GUID *pGuidSnapin)
{
HRESULT hr;
TCHAR szPath[2*MAX_PATH];
TCHAR szVersion[25];
ULONG ulVersion, ulOriginal;
USHORT uMachine, uUser;
BSTR bstrName;
VARIANT var;
GUID RegistryGuid = REGISTRY_EXTENSION_GUID;
BOOL bEmpty;
DebugMsg((DM_VERBOSE, TEXT("CGroupPolicyObject::Save: Entering with bMachine = %d and bAdd = %d"),
bMachine, bAdd));
if (!m_bInitialized)
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::Save: Called on an uninitialized object.")));
return OLE_E_BLANK;
}
if ( pGuidExtension == 0 || pGuidSnapin == 0 )
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::Save: One of the guids is null")));
return ERROR_INVALID_PARAMETER;
}
if (m_dwFlags & GPO_OPEN_READ_ONLY)
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::Save: Called on a READ ONLY GPO")));
return HRESULT_FROM_WIN32(ERROR_ACCESS_DENIED);
}
//
// Save registry settings
//
if (!CompareGuid (pGuidExtension, &RegistryGuid))
{
if (bMachine)
{
if (m_pMachine)
{
hr = m_pMachine->Save();
if (FAILED(hr))
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::Save: Failed to save the machine registry with 0x%x"), hr));
return hr;
}
hr = m_pMachine->IsRegistryEmpty(&bEmpty);
if (SUCCEEDED(hr) && bEmpty)
{
bAdd = FALSE;
}
else
{
bAdd = TRUE;
}
}
}
else
{
if (m_pUser)
{
hr = m_pUser->Save();
if (FAILED(hr))
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::Save: Failed to save the user registry with 0x%x"), hr));
return hr;
}
hr = m_pUser->IsRegistryEmpty(&bEmpty);
if (SUCCEEDED(hr) && bEmpty)
{
bAdd = FALSE;
}
else
{
bAdd = TRUE;
}
}
}
}
XPtrST<TCHAR> xValueIn;
hr = GetProperty( bMachine ? GPO_MACHEXTENSION_NAMES
: GPO_USEREXTENSION_NAMES,
xValueIn );
if ( FAILED(hr) )
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::Save: Failed to GetProperty with 0x%x"), hr));
return hr;
}
CGuidList guidList;
hr = guidList.UnMarshallGuids( xValueIn.GetPointer() );
if ( FAILED(hr) )
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::Save: Failed to unmarshall guids with 0x%x"), hr));
return hr;
}
hr = guidList.Update( bAdd, pGuidExtension, pGuidSnapin );
if ( FAILED(hr) )
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::Save: Failed to update with 0x%x"), hr));
return hr;
}
if ( guidList.GuidsChanged() )
{
XPtrST<TCHAR> xValueOut;
hr = guidList.MarshallGuids( xValueOut );
if ( FAILED(hr ) )
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::Save: Failed to marshall guids with 0x%x"), hr));
return hr;
}
hr = SetProperty( bMachine ? GPO_MACHEXTENSION_NAMES
: GPO_USEREXTENSION_NAMES,
xValueOut.GetPointer() );
if ( FAILED(hr ) )
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::Save: Failed to set property guids with 0x%x"), hr));
return hr;
}
}
//
// Get the current version number
//
lstrcpy (szPath, m_pFileSysPath);
lstrcat (szPath, TEXT("\\GPT.INI"));
if (m_gpoType == GPOTypeDS)
{
bstrName = SysAllocString (GPO_VERSION_PROPERTY);
if (!bstrName)
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::Save: Failed to allocate memory")));
return ERROR_OUTOFMEMORY;
}
VariantInit(&var);
hr = m_pADs->Get(bstrName, &var);
if (SUCCEEDED(hr))
{
ulOriginal = var.lVal;
}
SysFreeString (bstrName);
VariantClear (&var);
if (FAILED(hr))
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::Save: Failed to get ds version number with 0x%x"), hr));
return hr;
}
}
else
{
ulOriginal = GetPrivateProfileInt(TEXT("General"), TEXT("Version"), 0, szPath);
}
//
// Separate the user and machine version numbers
//
uUser = (USHORT) HIWORD(ulOriginal);
uMachine = (USHORT) LOWORD(ulOriginal);
//
// Increment the version number
//
if (bMachine)
{
uMachine = uMachine + 1;
if (uMachine == 0)
uMachine++;
}
else
{
uUser = uUser + 1;
if (uUser == 0)
uUser++;
}
//
// Put the version number back together
//
ulVersion = (ULONG) MAKELONG (uMachine, uUser);
//
// Update version number in the GPT
//
wsprintf (szVersion, TEXT("%d"), ulVersion);
if (!WritePrivateProfileString (TEXT("General"), TEXT("Version"),
szVersion, szPath))
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::Save: Failed to write sysvol version number with %d"),
GetLastError()));
return HRESULT_FROM_WIN32(GetLastError());
}
//
// Put the original version number in szVersion in case
// we need to roll backwards below
//
wsprintf (szVersion, TEXT("%d"), ulOriginal);
//
// Set the version number in the GPC
//
if (m_gpoType == GPOTypeDS)
{
bstrName = SysAllocString (GPO_VERSION_PROPERTY);
if (bstrName)
{
VariantInit(&var);
var.vt = VT_I4;
var.lVal = ulVersion;
hr = m_pADs->Put(bstrName, var);
VariantClear (&var);
SysFreeString (bstrName);
}
else
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::Save: Failed to allocate memory")));
hr = ERROR_OUTOFMEMORY;
}
if (SUCCEEDED(hr))
{
//
// Commit the changes
//
hr = m_pADs->SetInfo();
if (FAILED(hr))
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::Save: Failed to commit version number update with 0x%x"), hr));
if (!WritePrivateProfileString (TEXT("General"), TEXT("Version"),
szVersion, szPath))
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::Save: Failed to reset the sysvol version number with %d"),
GetLastError()));
}
}
} else {
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::Save: Failed to update version number with 0x%x"), hr));
if (!WritePrivateProfileString (TEXT("General"), TEXT("Version"), szVersion, szPath))
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::Save: Failed to reset the sysvol version number with %d"),
GetLastError()));
}
}
}
//
// If we are editing the local group policy object, then call
// RefreshGroupPolicy() so that the end user can see the results
// immediately.
//
if (m_gpoType == GPOTypeLocal)
{
RefreshGroupPolicy (bMachine);
}
DebugMsg((DM_VERBOSE, TEXT("CGroupPolicyObject::Save: Leaving with 0x%x"), hr));
return hr;
}
//*************************************************************
//
// Delete()
//
// Purpose: Deletes this Group Policy Object
//
// Parameters: none
//
// Return: S_OK if successful
//
//*************************************************************
STDMETHODIMP CGroupPolicyObject::Delete (void)
{
HRESULT hr;
if (!m_bInitialized)
{
return OLE_E_BLANK;
}
if (m_dwFlags & GPO_OPEN_READ_ONLY)
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::Delete: Delete called on a READ ONLY GPO")));
return HRESULT_FROM_WIN32(ERROR_ACCESS_DENIED);
}
//
// Unmount the registry information
//
if (m_pUser)
{
m_pUser->Release();
m_pUser = NULL;
}
if (m_pMachine)
{
m_pMachine->Release();
m_pMachine = NULL;
}
//
// Clean out the DS stuff
//
if (m_gpoType == GPOTypeDS)
{
hr = DSDelnode (m_pDSPath);
if (FAILED(hr))
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::Delete: Failed to delete DS storage with 0x%x"), hr));
goto Exit;
}
}
//
// Delete the file system stuff
//
if (Delnode (m_pFileSysPath))
{
hr = S_OK;
}
else
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::Delete: Failed to delete file system storage with %d"),
GetLastError()));
hr = HRESULT_FROM_WIN32(GetLastError());
}
if (SUCCEEDED(hr))
{
CleanUp();
}
Exit:
return hr;
}
//*************************************************************
//
// GetName()
//
// Purpose: Gets the unique GPO name
//
// Parameters: pszName is a pointer to a buffer which receives the name
// cchMaxLength is the max size of the buffer
//
// Return: S_OK if successful
//
//*************************************************************
STDMETHODIMP CGroupPolicyObject::GetName (LPOLESTR pszName, int cchMaxLength)
{
//
// Check parameters
//
if (!pszName || (cchMaxLength <= 0))
return E_INVALIDARG;
if (!m_bInitialized)
{
return OLE_E_BLANK;
}
//
// Save the name
//
if ((lstrlen (m_pName) + 1) <= cchMaxLength)
{
lstrcpy (pszName, m_pName);
return S_OK;
}
return E_OUTOFMEMORY;
}
//*************************************************************
//
// GetDisplayName()
//
// Purpose: Gets the friendly name for this GPO
//
// Parameters: pszName is a pointer to a buffer which receives the name
// cchMaxLength is the max size of the buffer
//
// Return: S_OK if successful
//
//*************************************************************
STDMETHODIMP CGroupPolicyObject::GetDisplayName (LPOLESTR pszName, int cchMaxLength)
{
//
// Check parameters
//
if (!pszName || (cchMaxLength <= 0))
return E_INVALIDARG;
if (!m_bInitialized)
{
return OLE_E_BLANK;
}
if ((lstrlen (m_pDisplayName) + 1) <= cchMaxLength)
{
lstrcpy (pszName, m_pDisplayName);
return S_OK;
}
return E_OUTOFMEMORY;
}
//+--------------------------------------------------------------------------
//
// Member: CGroupPolicyObject::SetDisplayName
//
// Synopsis: changes the friendly display name for a group policy object
//
// Arguments: [pszName] - new name (can be NULL to clear name)
//
// Returns: S_OK - success
//
// Modifies:
//
// Derivation:
//
// History: 05-002-1998 stevebl Created
//
// Notes:
//
//---------------------------------------------------------------------------
STDMETHODIMP CGroupPolicyObject::SetDisplayName (LPOLESTR lpDisplayName)
{
HRESULT hr = E_FAIL;
BSTR bstrName;
VARIANT var;
LPOLESTR lpNewName;
LPTSTR lpPath, lpEnd;
DWORD dwSize;
//
// Check parameters
//
if (!m_bInitialized)
{
return OLE_E_BLANK;
}
if (m_gpoType != GPOTypeDS)
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::SetDisplayName: Called for a non DS GPO")));
hr = E_INVALIDARG;
goto Exit;
}
if (!lpDisplayName)
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::SetDisplayName: NULL display name")));
hr = E_INVALIDARG;
goto Exit;
}
if (m_dwFlags & GPO_OPEN_READ_ONLY)
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::SetDisplayName: Called for a READ ONLY GPO")));
hr = HRESULT_FROM_WIN32(ERROR_ACCESS_DENIED);
goto Exit;
}
//
// Call the internal method to set the display name
//
hr = SetDisplayNameI (m_pADs, lpDisplayName, m_pFileSysPath, TRUE);
Exit:
return hr;
}
//*************************************************************
//
// GetPath()
//
// Purpose: Returns the path to the GPO
//
// If the GPO is in the DS, this is an DN path
// If the GPO is machine based, it is a file system path
//
// Parameters: pszPath is a pointer to a buffer which receives the path
// cchMaxLength is the max size of the buffer
//
// Return: S_OK if successful
//
//*************************************************************
STDMETHODIMP CGroupPolicyObject::GetPath (LPOLESTR pszPath, int cchMaxLength)
{
LPTSTR lpTemp;
//
// Check parameters
//
if (!pszPath || (cchMaxLength <= 0))
return E_INVALIDARG;
if (!m_bInitialized)
{
return OLE_E_BLANK;
}
if (m_gpoType == GPOTypeDS)
{
lpTemp = MakeNamelessPath (m_pDSPath);
if (lpTemp)
{
if ((lstrlen (lpTemp) + 1) <= cchMaxLength)
{
lstrcpy (pszPath, lpTemp);
LocalFree (lpTemp);
return S_OK;
}
LocalFree (lpTemp);
}
}
else
{
if ((lstrlen (m_pFileSysPath) + 1) <= cchMaxLength)
{
lstrcpy (pszPath, m_pFileSysPath);
return S_OK;
}
}
return E_OUTOFMEMORY;
}
//*************************************************************
//
// GetDSPath()
//
// Purpose: Returns a DS path to the requested section
//
// Parameters: dwSection identifies root vs user vs machine
// pszPath is a pointer to a buffer which receives the path
// cchMaxLength is the max size of the buffer
//
// Return: S_OK if successful
//
//*************************************************************
STDMETHODIMP CGroupPolicyObject::GetDSPath (DWORD dwSection, LPOLESTR pszPath, int cchMaxPath)
{
HRESULT hr = E_FAIL;
BSTR bstrPath = NULL;
TCHAR szTemp[100];
IADsPathname * pADsPathname = NULL;
//
// Check for initialization
//
if (!m_bInitialized)
{
return OLE_E_BLANK;
}
//
// Check parameters
//
if (!pszPath || (cchMaxPath <= 0))
return E_INVALIDARG;
if ((dwSection != GPO_SECTION_ROOT) &&
(dwSection != GPO_SECTION_USER) &&
(dwSection != GPO_SECTION_MACHINE))
return E_INVALIDARG;
//
// If this is a local or remote machine GPO, then the
// caller gets an empty string back.
//
if (m_gpoType != GPOTypeDS)
{
*pszPath = TEXT('\0');
hr = S_OK;
goto Exit;
}
//
// Create a pathname object we can work with
//
hr = CoCreateInstance(CLSID_Pathname, NULL, CLSCTX_INPROC_SERVER,
IID_IADsPathname, (LPVOID*)&pADsPathname);
if (FAILED(hr))
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::GetDSPath: Failed to create adspathname instance with 0x%x"), hr));
goto Exit;
}
//
// Add the GPO name
//
hr = pADsPathname->Set (m_pDSPath, ADS_SETTYPE_FULL);
if (FAILED(hr))
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::GetDSPath: Failed to set pathname with 0x%x"), hr));
goto Exit;
}
//
// Add the appropriate subcontainer
//
if (dwSection != GPO_SECTION_ROOT)
{
lstrcpy (szTemp, TEXT("CN="));
if (dwSection == GPO_SECTION_USER)
lstrcat (szTemp, USER_SECTION);
else
lstrcat (szTemp, MACHINE_SECTION);
hr = pADsPathname->AddLeafElement (szTemp);
if (FAILED(hr))
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::GetDSPath: Failed to add subcontainer with 0x%x"), hr));
goto Exit;
}
}
hr = pADsPathname->Retrieve (ADS_FORMAT_X500_NO_SERVER, &bstrPath);
if (FAILED(hr))
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::GetDSPath: Failed to retreive container path with 0x%x"), hr));
goto Exit;
}
if ((lstrlen(bstrPath) + 1) <= cchMaxPath)
{
lstrcpy (pszPath, bstrPath);
hr = S_OK;
}
else
{
hr = E_OUTOFMEMORY;
}
SysFreeString (bstrPath);
Exit:
if (pADsPathname)
{
pADsPathname->Release();
}
return hr;
}
//*************************************************************
//
// GetFileSysPath()
//
// Purpose: Returns the file system path to the requested section
//
// Parameters: dwSection identifies user vs machine
// pszPath is a pointer to a buffer which receives the path
// cchMaxLength is the max size of the buffer
//
// Return: S_OK if successful
//
//*************************************************************
STDMETHODIMP CGroupPolicyObject::GetFileSysPath (DWORD dwSection, LPOLESTR pszPath, int cchMaxPath)
{
TCHAR szPath[2*MAX_PATH];
LPTSTR lpEnd;
//
// Check parameters
//
if (!pszPath || (cchMaxPath <= 0))
return E_INVALIDARG;
if (!m_bInitialized)
{
return OLE_E_BLANK;
}
lstrcpy (szPath, m_pFileSysPath);
if (dwSection != GPO_SECTION_ROOT)
{
if (dwSection == GPO_SECTION_USER)
{
lpEnd = CheckSlash (szPath);
lstrcpy (lpEnd, USER_SECTION);
}
else if (dwSection == GPO_SECTION_MACHINE)
{
lpEnd = CheckSlash (szPath);
lstrcpy (lpEnd, MACHINE_SECTION);
}
else
{
return E_INVALIDARG;
}
}
if ((lstrlen(szPath) + 1) <= cchMaxPath)
{
lstrcpy (pszPath, szPath);
return S_OK;
}
return E_OUTOFMEMORY;
}
//*************************************************************
//
// GetRegistryKey()
//
// Purpose: Returns the requested registry key
//
// Parameters: dwSection identifies user vs machine
// hKey receives the opened registry key
//
// Return: S_OK if successful
//
//*************************************************************
STDMETHODIMP CGroupPolicyObject::GetRegistryKey (DWORD dwSection, HKEY *hKey)
{
HRESULT hr = E_FAIL;
if (!m_bInitialized)
{
return OLE_E_BLANK;
}
switch (dwSection)
{
case GPO_SECTION_USER:
if (m_pUser)
{
hr = m_pUser->GetHKey(hKey);
}
break;
case GPO_SECTION_MACHINE:
if (m_pMachine)
{
hr = m_pMachine->GetHKey(hKey);
}
break;
}
return (hr);
}
//*************************************************************
//
// GetOptions()
//
// Purpose: Gets the GPO options
//
// Parameters: dwOptions receives the options
//
// Return: S_OK if successful
//
//*************************************************************
STDMETHODIMP CGroupPolicyObject::GetOptions (DWORD * dwOptions)
{
HRESULT hr;
//
// Check for initialization
//
if (!m_bInitialized)
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::GetOptions: Called on an uninitialized object.")));
return OLE_E_BLANK;
}
//
// Check argument
//
if (!dwOptions)
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::GetOptions: Received a NULL ptr.")));
return E_INVALIDARG;
}
//
// If this is a DS GPO, the options are stored as a property on the
// GPC. If this a machine GPO, they are in the gpt.ini file.
//
if (m_gpoType == GPOTypeDS)
{
VARIANT var;
BSTR bstrProperty;
//
// Query for the options
//
bstrProperty = SysAllocString (GPO_OPTIONS_PROPERTY);
if (bstrProperty)
{
VariantInit(&var);
hr = m_pADs->Get(bstrProperty, &var);
if (SUCCEEDED(hr))
{
*dwOptions = var.lVal;
}
else
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::GetOptions: Failed to query for options with 0x%x"), hr));
}
VariantClear (&var);
SysFreeString (bstrProperty);
}
else
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::GetOptions: Failed to allocate memory")));
hr = ERROR_OUTOFMEMORY;
}
}
else
{
TCHAR szPath[2*MAX_PATH];
LPTSTR lpEnd;
//
// Get the file system path
//
hr = GetPath (szPath, ARRAYSIZE(szPath));
if (FAILED(hr))
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::GetOptions: Failed to get path with 0x%x"), hr));
return hr;
}
//
// Tack on gpt.ini
//
lpEnd = CheckSlash (szPath);
lstrcpy (lpEnd, TEXT("GPT.INI"));
//
// Get the options
//
*dwOptions = GetPrivateProfileInt (TEXT("General"), TEXT("Options"),
0, szPath);
hr = S_OK;
}
return hr;
}
//*************************************************************
//
// SetOptions()
//
// Purpose: Sets the GPO options
//
// Parameters: dwOptions is the new options
// dwMask states which options should be set
//
// Return: S_OK if successful
//
//*************************************************************
STDMETHODIMP CGroupPolicyObject::SetOptions (DWORD dwOptions, DWORD dwMask)
{
HRESULT hr;
DWORD dwResult = 0, dwOriginal;
//
// Check for initialization
//
if (!m_bInitialized)
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::SetOptions: Called on an uninitialized object.")));
return OLE_E_BLANK;
}
if (m_dwFlags & GPO_OPEN_READ_ONLY)
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::SetOptions: Called for a READ ONLY GPO")));
return HRESULT_FROM_WIN32(ERROR_ACCESS_DENIED);
}
//
// Query for the current options
//
hr = GetOptions (&dwResult);
if (FAILED(hr))
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::SetOptions: Failed to get previous options with 0x%x"), hr));
return hr;
}
//
// Save the original options so we can compare later
//
dwOriginal = dwResult;
//
// Check for the machine disabled option
//
if (dwMask & GPO_OPTION_DISABLE_MACHINE)
{
if (dwOptions & GPO_OPTION_DISABLE_MACHINE)
{
dwResult |= GPO_OPTION_DISABLE_MACHINE;
}
else
{
dwResult &= ~GPO_OPTION_DISABLE_MACHINE;
}
}
//
// Check for the user disabled option
//
if (dwMask & GPO_OPTION_DISABLE_USER)
{
if (dwOptions & GPO_OPTION_DISABLE_USER)
{
dwResult |= GPO_OPTION_DISABLE_USER;
}
else
{
dwResult &= ~GPO_OPTION_DISABLE_USER;
}
}
//
// If something changed, set the options back in the GPO
//
if (dwResult != dwOriginal)
{
//
// Set the options in the DS or gpt.ini as appropriate
//
if (m_gpoType == GPOTypeDS)
{
VARIANT var;
BSTR bstrName;
bstrName = SysAllocString (GPO_OPTIONS_PROPERTY);
if (bstrName)
{
VariantInit(&var);
var.vt = VT_I4;
var.lVal = dwResult;
hr = m_pADs->Put(bstrName, var);
VariantClear (&var);
SysFreeString (bstrName);
}
else
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::SetOptions: Failed to allocate memory")));
hr = ERROR_OUTOFMEMORY;
}
if (SUCCEEDED(hr))
{
hr = m_pADs->SetInfo();
}
if (FAILED(hr))
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::SetOptions: Failed to set options with 0x%x"), hr));
}
}
else
{
TCHAR szPath[2*MAX_PATH];
TCHAR szOptions[20];
LPTSTR lpEnd;
//
// Get the file system path
//
hr = GetPath (szPath, ARRAYSIZE(szPath));
if (FAILED(hr))
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::SetOptions: Failed to get path with 0x%x"), hr));
return hr;
}
//
// Tack on gpt.ini
//
lpEnd = CheckSlash (szPath);
lstrcpy (lpEnd, TEXT("GPT.INI"));
//
// Convert the options to string format
//
_itot (dwResult, szOptions, 10);
//
// Set the options
//
if (!WritePrivateProfileString (TEXT("General"), TEXT("Options"),
szOptions, szPath))
{
hr = HRESULT_FROM_WIN32(GetLastError());
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::SetOptions: Failed to set options with 0x%x"), hr));
return hr;
}
//
// If this is the local GPO, trigger a policy refresh if appropriate
//
if (m_gpoType == GPOTypeLocal)
{
RefreshGroupPolicy (TRUE);
RefreshGroupPolicy (FALSE);
}
hr = S_OK;
}
}
else
{
hr = S_OK;
}
return hr;
}
//*************************************************************
//
// GetType()
//
// Purpose: Gets the GPO type
//
// Parameters: gpoType receives the type
//
//
// Return: S_OK if successful
//
//*************************************************************
STDMETHODIMP CGroupPolicyObject::GetType (GROUP_POLICY_OBJECT_TYPE *gpoType)
{
//
// Check for initialization
//
if (!m_bInitialized)
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::GetType: Called on an uninitialized object.")));
return OLE_E_BLANK;
}
//
// Check argument
//
if (!gpoType)
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::GetType: Received a NULL ptr.")));
return E_INVALIDARG;
}
//
// Store type
//
*gpoType = m_gpoType;
return S_OK;
}
//*************************************************************
//
// GetMachineName()
//
// Purpose: Gets the machine name of the remote GPO
//
// Parameters: pszName is a pointer to a buffer which receives the name
// cchMaxLength is the max size of the buffer
//
// Note: This method returns the name passed to OpenRemoteMachineGPO
//
// Return: S_OK if successful
//
//*************************************************************
STDMETHODIMP CGroupPolicyObject::GetMachineName (LPOLESTR pszName, int cchMaxLength)
{
HRESULT hr = S_OK;
//
// Check parameters
//
if (!pszName || (cchMaxLength <= 0))
return E_INVALIDARG;
if (!m_bInitialized)
{
return OLE_E_BLANK;
}
if (m_pMachineName)
{
//
// Save the name
//
if ((lstrlen (m_pMachineName) + 1) <= cchMaxLength)
{
lstrcpy (pszName, m_pMachineName);
}
else
{
hr = E_OUTOFMEMORY;
}
}
else
{
*pszName = TEXT('\0');
}
return hr;
}
BOOL
EnableWMIFilters( LPWSTR );
//*************************************************************
//
// GetPropertySheetPages()
//
// Purpose: Returns an array of property sheet pages for
// the callee to use. The callee needs to free
// the buffer with LocalFree when finished.
//
// Parameters: hPages receives a pointer to an array of page handles
// uPageCount receives the number of pages in hPages
//
// Return: S_OK if successful
//
//*************************************************************
STDMETHODIMP CGroupPolicyObject::GetPropertySheetPages (HPROPSHEETPAGE **hPages,
UINT *uPageCount)
{
HPROPSHEETPAGE hTempPages[4];
HPROPSHEETPAGE *lpPages;
PROPSHEETPAGE psp;
UINT i, uTempPageCount = 0;
HRESULT hr;
//
// Create the General property sheet
//
psp.dwSize = sizeof(PROPSHEETPAGE);
psp.dwFlags = 0;
psp.hInstance = g_hInstance;
psp.pszTemplate = MAKEINTRESOURCE(IDD_PROPERTIES);
psp.pfnDlgProc = PropertiesDlgProc;
psp.lParam = (LPARAM) this;
hTempPages[uTempPageCount] = CreatePropertySheetPage(&psp);
if (!hTempPages[uTempPageCount])
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::GetPropertySheetPages: Failed to create property sheet page with %d."),
GetLastError()));
return E_FAIL;
}
uTempPageCount++;
//
// If this is a DS GPO, then create the links, DS security, and WMI filter pages
//
if (m_gpoType == GPOTypeDS)
{
// Create the search for links page
psp.dwSize = sizeof(PROPSHEETPAGE);
psp.dwFlags = 0;
psp.hInstance = g_hInstance;
psp.pszTemplate = MAKEINTRESOURCE(IDD_GPE_LINKS);
psp.pfnDlgProc = GPELinksDlgProc;
psp.lParam = (LPARAM) this;
hTempPages[uTempPageCount] = CreatePropertySheetPage(&psp);
if (!hTempPages[uTempPageCount])
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::GetPropertySheetPages: Failed to create property sheet page with %d."),
GetLastError()));
// destroy the previous prop page
DestroyPropertySheetPage(hTempPages[uTempPageCount - 1]);
return E_FAIL;
}
uTempPageCount++;
//
// Load DSSec.dll
//
if (!m_hinstDSSec)
{
m_hinstDSSec = LoadLibrary (TEXT("dssec.dll"));
}
if (m_hinstDSSec)
{
if (!m_pfnDSCreateSecurityPage)
{
m_pfnDSCreateSecurityPage = (PFNDSCREATESECPAGE) GetProcAddress (
m_hinstDSSec, "DSCreateSecurityPage");
}
if (m_pfnDSCreateSecurityPage)
{
//
// Call DSCreateSecurityPage
//
hr = m_pfnDSCreateSecurityPage (m_pDSPath, L"groupPolicyContainer",
DSSI_IS_ROOT | ((m_dwFlags & GPO_OPEN_READ_ONLY) ? DSSI_READ_ONLY : 0),
&hTempPages[uTempPageCount],
ReadSecurityDescriptor,
WriteSecurityDescriptor, (LPARAM)this);
if (SUCCEEDED(hr))
{
uTempPageCount++;
}
else
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::GetPropertySheetPages: Failed to create DS security page with 0x%x."), hr));
}
}
else
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::GetPropertySheetPages: Failed to get function entry point with %d."), GetLastError()));
}
}
else
{
DebugMsg((DM_WARNING, TEXT("CComponentData::CreatePropertyPages: Failed to load dssec.dll with %d."), GetLastError()));
}
if ( EnableWMIFilters( m_pDSPath ) )
{
// Create the WQL filter page
psp.dwSize = sizeof(PROPSHEETPAGE);
psp.dwFlags = 0;
psp.hInstance = g_hInstance;
psp.pszTemplate = MAKEINTRESOURCE(IDD_WQLFILTER);
psp.pfnDlgProc = WQLFilterDlgProc;
psp.lParam = (LPARAM) this;
hTempPages[uTempPageCount] = CreatePropertySheetPage(&psp);
if (!hTempPages[uTempPageCount])
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::GetPropertySheetPages: Failed to create property sheet page with %d."),
GetLastError()));
for (i=0; i < uTempPageCount; i++)
{
DestroyPropertySheetPage(hTempPages[i]);
}
return E_FAIL;
}
uTempPageCount++;
}
}
//
// Save the results
//
lpPages = (HPROPSHEETPAGE *)LocalAlloc (LPTR, sizeof(HPROPSHEETPAGE) * uTempPageCount);
if (!lpPages)
{
for (i=0; i < uTempPageCount; i++)
{
DestroyPropertySheetPage(hTempPages[i]);
}
return E_OUTOFMEMORY;
}
for (i=0; i < uTempPageCount; i++)
{
lpPages[i] = hTempPages[i];
}
*hPages = lpPages;
*uPageCount = uTempPageCount;
return S_OK;
}
///////////////////////////////////////////////////////////////////////////////
// //
// Internal methods //
// //
///////////////////////////////////////////////////////////////////////////////
STDMETHODIMP CGroupPolicyObject::CreateContainer (LPOLESTR lpParent,
LPOLESTR lpCommonName,
BOOL bGPC)
{
HRESULT hr = E_FAIL;
VARIANT var;
IADs * pADs = NULL;
IADsContainer * pADsContainer = NULL;
IDispatch * pDispatch = NULL;
BSTR bstrProvider = NULL;
BSTR bstrName = NULL;
TCHAR szTemp[MAX_PATH];
// test to see if the container already exists
{
szTemp[0] = 0;
// scan lpParent to find the first instance of "CN="
LPTSTR lpSub = StrStr(lpParent, TEXT("CN="));
// insert CN=lpCommonName at that point
if (lpSub)
{
lstrcpyn(szTemp, lpParent, ((int)(lpSub - lpParent)) + 1);
lstrcat(szTemp, TEXT("CN="));
lstrcat(szTemp, lpCommonName);
lstrcat(szTemp, TEXT(","));
lstrcat(szTemp, lpSub);
}
hr = OpenDSObject(szTemp, IID_IADsContainer, (void **)&pADsContainer);
if (SUCCEEDED(hr))
{
hr = ERROR_OBJECT_ALREADY_EXISTS;
goto Exit;
}
}
//
// Bind to the parent object so we can create the container
//
hr = OpenDSObject(lpParent, IID_IADsContainer, (void **)&pADsContainer);
if (FAILED(hr)) {
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::CreateContainer: Failed to get gpo container interface with 0x%x"), hr));
goto Exit;
}
//
// Create the container (either GPC or normal container)
//
lstrcpy (szTemp, TEXT("CN="));
lstrcat (szTemp, lpCommonName);
hr = pADsContainer->Create ((bGPC ? TEXT("groupPolicyContainer") : TEXT("container")),
szTemp, &pDispatch);
if (FAILED(hr)) {
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::CreateContainer: Failed to create container with 0x%x"), hr));
goto Exit;
}
//
// Query for the IADs interface so we can set the CN name and
// commit the changes
//
hr = pDispatch->QueryInterface(IID_IADs, (LPVOID *)&pADs);
if (FAILED(hr)) {
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::CreateContainer: QI for IADs failed with 0x%x"), hr));
goto Exit;
}
//
// Set the common name (aka "cn")
//
bstrName = SysAllocString (L"cn");
if (bstrName)
{
VariantInit(&var);
var.vt = VT_BSTR;
var.bstrVal = SysAllocString (lpCommonName);
hr = pADs->Put(bstrName, var);
VariantClear (&var);
SysFreeString (bstrName);
}
else
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::CreateContainer: Failed to allocate memory")));
hr = ERROR_OUTOFMEMORY;
}
if (FAILED(hr))
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::CreateContainer: Failed to put common name with 0x%x"), hr));
goto Exit;
}
//
// Call SetInfo to commit the changes
//
hr = pADs->SetInfo();
Exit:
if (pDispatch)
{
pDispatch->Release();
}
if (pADs)
{
pADs->Release();
}
if (pADsContainer)
{
pADsContainer->Release();
}
return hr;
}
STDMETHODIMP CGroupPolicyObject::SetDisplayNameI (IADs * pADs, LPOLESTR lpDisplayName,
LPOLESTR lpGPTPath, BOOL bUpdateDisplayVar)
{
HRESULT hr = E_FAIL;
BSTR bstrName;
VARIANT var;
LPOLESTR lpNewName;
LPTSTR lpPath, lpEnd;
DWORD dwSize;
//
// Make a copy of the display name and limit it to MAX_FRIENDLYNAME characters
//
dwSize = lstrlen(lpDisplayName);
if (dwSize > (MAX_FRIENDLYNAME - 1))
{
dwSize = (MAX_FRIENDLYNAME - 1);
}
lpNewName = (LPOLESTR) LocalAlloc (LPTR, (dwSize + 2) * sizeof(OLECHAR));
if (!lpNewName)
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::SetDisplayNameI: Failed to allocate memory for display name")));
hr = HRESULT_FROM_WIN32(GetLastError());
goto Exit;
}
lstrcpyn (lpNewName, lpDisplayName, (dwSize + 1));
//
// Set the display name
//
bstrName = SysAllocString (GPO_NAME_PROPERTY);
if (!bstrName)
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::SetDisplayNameI: Failed to allocate memory")));
LocalFree (lpNewName);
return ERROR_OUTOFMEMORY;
}
VariantInit(&var);
var.vt = VT_BSTR;
var.bstrVal = SysAllocString (lpNewName);
if (var.bstrVal)
{
hr = pADs->Put(bstrName, var);
}
else
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::SetDisplayNameI: Failed to allocate memory")));
hr = ERROR_OUTOFMEMORY;
}
SysFreeString (bstrName);
VariantClear (&var);
if (FAILED(hr))
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::SetDisplayNameI: Failed to put display name with 0x%x"), hr));
LocalFree (lpNewName);
goto Exit;
}
//
// Commit the changes
//
hr = pADs->SetInfo();
if (FAILED(hr))
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::SetDisplayNameI: Failed to commit changes with 0x%x"), hr));
LocalFree (lpNewName);
goto Exit;
}
//
// Put the display name in the gpt.ini file also
//
lpPath = (LPTSTR) LocalAlloc (LPTR, (lstrlen(lpGPTPath) + 10) * sizeof(TCHAR));
if (lpPath)
{
lstrcpy(lpPath, lpGPTPath);
lpEnd = CheckSlash(lpPath);
lstrcpy(lpEnd, TEXT("gpt.ini"));
if (!WritePrivateProfileString (TEXT("General"), GPO_NAME_PROPERTY,
lpNewName, lpPath))
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::SetDisplayNameI: Failed to write display name to gpt.ini with 0x%x"), hr));
}
LocalFree (lpPath);
}
//
// Update the member variable if appropriate
//
if (bUpdateDisplayVar)
{
//
// Update the display name variable
//
if (m_pDisplayName)
{
LocalFree (m_pDisplayName);
m_pDisplayName = NULL;
}
m_pDisplayName = lpNewName;
}
else
{
LocalFree (lpNewName);
}
Exit:
return hr;
}
STDMETHODIMP CGroupPolicyObject::SetGPOInfo (LPOLESTR lpGPO,
LPOLESTR lpDisplayName,
LPOLESTR lpGPTPath)
{
HRESULT hr = E_FAIL;
IADs * pADs = NULL;
BSTR bstrName;
VARIANT var;
TCHAR szDefaultName[MAX_FRIENDLYNAME];
//
// Bind to the GPO container
//
hr = OpenDSObject(lpGPO, IID_IADs, (void **)&pADs);
if (FAILED(hr)) {
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::SetGPOInfo: Failed to get gpo interface with 0x%x"), hr));
goto Exit;
}
//
// Set the display name
//
GetNewGPODisplayName (szDefaultName, ARRAYSIZE(szDefaultName));
hr = SetDisplayNameI (pADs, (lpDisplayName ? lpDisplayName : szDefaultName),
lpGPTPath, FALSE);
if (FAILED(hr))
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::SetGPOInfo: Failed to set display name")));
goto Exit;
}
//
// Set the GPT location
//
bstrName = SysAllocString (GPT_PATH_PROPERTY);
if (bstrName)
{
VariantInit(&var);
var.vt = VT_BSTR;
var.bstrVal = SysAllocString (lpGPTPath);
if (var.bstrVal)
{
hr = pADs->Put(bstrName, var);
}
else
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::SetGPOInfo: Failed to allocate memory")));
hr = ERROR_OUTOFMEMORY;
}
VariantClear (&var);
SysFreeString (bstrName);
}
else
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::SetGPOInfo: Failed to allocate memory")));
hr = ERROR_OUTOFMEMORY;
}
if (FAILED(hr))
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::SetGPOInfo: Failed to save GPT path with 0x%x"), hr));
goto Exit;
}
//
// Set the version number
//
bstrName = SysAllocString (GPO_VERSION_PROPERTY);
if (bstrName)
{
VariantInit(&var);
var.vt = VT_I4;
var.lVal = 0;
hr = pADs->Put(bstrName, var);
VariantClear (&var);
SysFreeString (bstrName);
}
else
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::SetGPOInfo: Failed to allocate memory")));
hr = ERROR_OUTOFMEMORY;
}
if (FAILED(hr))
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::SetGPOInfo: Failed to set version number with 0x%x"), hr));
goto Exit;
}
//
// Set the functionality version number
//
bstrName = SysAllocString (GPO_FUNCTION_PROPERTY);
if (bstrName)
{
VariantInit(&var);
var.vt = VT_I4;
var.lVal = GPO_FUNCTIONALITY_VERSION;
hr = pADs->Put(bstrName, var);
VariantClear (&var);
SysFreeString (bstrName);
}
else
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::SetGPOInfo: Failed to allocate memory")));
hr = ERROR_OUTOFMEMORY;
}
if (FAILED(hr))
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::SetGPOInfo: Failed to set functionality version number with 0x%x"), hr));
goto Exit;
}
//
// Set the options
//
bstrName = SysAllocString (GPO_OPTIONS_PROPERTY);
if (bstrName)
{
VariantInit(&var);
var.vt = VT_I4;
var.lVal = 0;
hr = pADs->Put(bstrName, var);
VariantClear (&var);
SysFreeString (bstrName);
}
else
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::SetGPOInfo: Failed to allocate memory")));
hr = ERROR_OUTOFMEMORY;
}
if (FAILED(hr))
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::SetGPOInfo: Failed to set options with 0x%x"), hr));
goto Exit;
}
//
// Commit the changes
//
hr = pADs->SetInfo();
Exit:
if (pADs)
{
pADs->Release();
}
return hr;
}
STDMETHODIMP CGroupPolicyObject::CheckFSWriteAccess (LPOLESTR lpLocalGPO)
{
TCHAR szBuffer[MAX_PATH];
LPTSTR lpEnd;
HRESULT hr;
lstrcpy (szBuffer, lpLocalGPO);
lpEnd = CheckSlash (szBuffer);
lstrcpy (lpEnd, TEXT("gpt.ini"));
if (!WritePrivateProfileString (TEXT("General"), TEXT("AccessCheck"),
TEXT("test"), szBuffer))
{
hr = HRESULT_FROM_WIN32(GetLastError());
}
else
{
WritePrivateProfileString (TEXT("General"), TEXT("AccessCheck"),
NULL, szBuffer);
hr = S_OK;
}
return hr;
}
STDMETHODIMP CGroupPolicyObject::GetSecurityDescriptor (IADs *pADs,
SECURITY_INFORMATION si,
PSECURITY_DESCRIPTOR *pSD)
{
HRESULT hr;
VARIANT var;
LPWSTR pszSDProperty = L"nTSecurityDescriptor";
IDirectoryObject *pDsObject = NULL;
IADsObjectOptions *pOptions = NULL;
PADS_ATTR_INFO pSDAttributeInfo = NULL;
DWORD dwAttributesReturned;
//
// Retreive the DS Object interface
//
hr = pADs->QueryInterface(IID_IDirectoryObject, (void**)&pDsObject);
if (FAILED(hr)) {
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::GetSecurityDescriptor: Failed to get gpo DS object interface with 0x%x"), hr));
goto Exit;
}
//
// Retreive the DS Object Options interface
//
hr = pADs->QueryInterface(IID_IADsObjectOptions, (void**)&pOptions);
if (FAILED(hr)) {
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::GetSecurityDescriptor: Failed to get DS object options interface with 0x%x"), hr));
goto Exit;
}
//
// Set the SECURITY_INFORMATION mask
//
VariantInit(&var);
var.vt = VT_I4;
var.lVal = si;
hr = pOptions->SetOption(ADS_OPTION_SECURITY_MASK, var);
VariantClear (&var);
if (FAILED(hr)) {
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::GetSecurityDescriptor: Failed to set ADSI security options with 0x%x"), hr));
goto Exit;
}
//
// Read the security descriptor
//
hr = pDsObject->GetObjectAttributes(&pszSDProperty, 1, &pSDAttributeInfo,
&dwAttributesReturned);
if (SUCCEEDED(hr) && !pSDAttributeInfo)
{
hr = E_ACCESSDENIED; // This happens for SACL if no SecurityPrivilege
}
if (FAILED(hr)) {
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::GetSecurityDescriptor: Failed to get DS object attributes with 0x%x"), hr));
goto Exit;
}
//
// Duplicate the security descriptor
//
*pSD = (PSECURITY_DESCRIPTOR)LocalAlloc(LPTR, pSDAttributeInfo->pADsValues->SecurityDescriptor.dwLength);
if (!*pSD)
{
hr = HRESULT_FROM_WIN32(GetLastError());
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::GetSecurityDescriptor: Failed to allocate memory with 0x%x"), hr));
goto Exit;
}
CopyMemory(*pSD, pSDAttributeInfo->pADsValues->SecurityDescriptor.lpValue,
pSDAttributeInfo->pADsValues->SecurityDescriptor.dwLength);
Exit:
if (pSDAttributeInfo)
{
FreeADsMem(pSDAttributeInfo);
}
if (pOptions)
{
pOptions->Release();
}
if (pDsObject)
{
pDsObject->Release();
}
return hr;
}
BOOL CGroupPolicyObject::EnableSecurityPrivs(void)
{
BOOL bResult;
HANDLE hToken;
HANDLE hNewToken;
BYTE buffer[sizeof(PRIVILEGE_SET) + sizeof(LUID_AND_ATTRIBUTES)];
PTOKEN_PRIVILEGES pPrivileges = (PTOKEN_PRIVILEGES)buffer;
//
// Get a token and enable the Security and Take Ownership
// privileges, if possible.
//
bResult = OpenThreadToken(GetCurrentThread(), TOKEN_DUPLICATE, TRUE, &hToken);
if (!bResult)
{
bResult = OpenProcessToken(GetCurrentProcess(), TOKEN_DUPLICATE, &hToken);
}
if (!bResult)
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::EnableSecurityPrivs: Failed to get both thread and process token with %d"),
GetLastError()));
return FALSE;
}
bResult = DuplicateTokenEx(hToken,
TOKEN_IMPERSONATE | TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY,
NULL, // PSECURITY_ATTRIBUTES
SecurityImpersonation, // SECURITY_IMPERSONATION_LEVEL
TokenImpersonation, // TokenType
&hNewToken); // Duplicate token
if (!bResult)
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::EnableSecurityPrivs: Failed to duplicate the token with %d"),
GetLastError()));
CloseHandle(hToken);
return FALSE;
}
//
// PRIVILEGE_SET contains 1 LUID_AND_ATTRIBUTES already, so
// this is enough for 2 LUID_AND_ATTRIBUTES (2 privileges).
//
CloseHandle(hToken);
hToken = hNewToken;
pPrivileges->PrivilegeCount = 2;
pPrivileges->Privileges[0].Luid = RtlConvertUlongToLuid(SE_SECURITY_PRIVILEGE);
pPrivileges->Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
pPrivileges->Privileges[1].Luid = RtlConvertUlongToLuid(SE_TAKE_OWNERSHIP_PRIVILEGE);
pPrivileges->Privileges[1].Attributes = SE_PRIVILEGE_ENABLED;
bResult = AdjustTokenPrivileges(hToken, // TokenHandle
FALSE, // DisableAllPrivileges
pPrivileges,// NewState
0, // BufferLength
NULL, // PreviousState
NULL); // ReturnLength
if (!bResult)
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::EnableSecurityPrivs: Failed to AdjustTokenPrivileges with %d"),
GetLastError()));
CloseHandle(hToken);
return FALSE;
}
//
// Set the new thread token
//
SetThreadToken(NULL, hToken);
CloseHandle(hToken);
return TRUE;
}
DWORD CGroupPolicyObject::EnableInheritance (PACL pAcl)
{
WORD wIndex;
DWORD dwResult = ERROR_SUCCESS;
ACE_HEADER *pAceHeader;
if (pAcl)
{
//
// Loop through the ACL looking at each ACE entry
//
for (wIndex = 0; wIndex < pAcl->AceCount; wIndex++)
{
if (!GetAce (pAcl, (DWORD)wIndex, (LPVOID *)&pAceHeader))
{
dwResult = GetLastError();
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::EnableInheritance: GetAce failed with %d"),
dwResult));
goto Exit;
}
//
// Turn on the inheritance flags
//
pAceHeader->AceFlags |= (CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE);
}
}
Exit:
return dwResult;
}
//
// This method will convert a DS ACL into a file system ACL
//
DWORD CGroupPolicyObject::MapSecurityRights (PACL pAcl)
{
WORD wIndex;
DWORD dwResult = ERROR_SUCCESS;
ACE_HEADER *pAceHeader;
PACCESS_ALLOWED_ACE pAce;
PACCESS_ALLOWED_OBJECT_ACE pObjectAce;
ACCESS_MASK AccessMask;
#if DBG
PSID pSid;
TCHAR szName[150], szDomain[100];
DWORD dwName, dwDomain;
SID_NAME_USE SidUse;
#endif
DebugMsg((DM_VERBOSE, TEXT("CGroupPolicyObject::MapSecurityRights: ACL contains %d ACEs"), pAcl->AceCount));
//
// Loop through the ACL looking at each ACE entry
//
for (wIndex = 0; wIndex < pAcl->AceCount; wIndex++)
{
if (!GetAce (pAcl, (DWORD)wIndex, (LPVOID *)&pAceHeader))
{
dwResult = GetLastError();
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::MapSecurityRights: GetAce failed with %d"),
dwResult));
goto Exit;
}
DebugMsg((DM_VERBOSE, TEXT("CGroupPolicyObject::MapSecurityRights: ==================")));
switch (pAceHeader->AceType)
{
case ACCESS_ALLOWED_ACE_TYPE:
case ACCESS_DENIED_ACE_TYPE:
case SYSTEM_AUDIT_ACE_TYPE:
{
pAce = (PACCESS_ALLOWED_ACE) pAceHeader;
#if DBG
pSid = (PSID) &pAce->SidStart;
dwName = ARRAYSIZE(szName);
dwDomain = ARRAYSIZE(szDomain);
if (LookupAccountSid (NULL, pSid, szName, &dwName, szDomain,
&dwDomain, &SidUse))
{
DebugMsg((DM_VERBOSE, TEXT("CGroupPolicyObject::MapSecurityRights: Normal ACE entry for: Name = %s Domain = %s"),
szName, szDomain));
}
#endif
AccessMask = pAce->Mask;
pAce->Mask &= STANDARD_RIGHTS_ALL;
DebugMsg((DM_VERBOSE, TEXT("CGroupPolicyObject::MapSecurityRights: DS access mask is 0x%x"),
AccessMask));
DebugMsg((DM_VERBOSE, TEXT("CGroupPolicyObject::MapSecurityRights: Corresponding sysvol permissions follow:")));
//
// Read
//
if ((AccessMask & ACTRL_DS_READ_PROP) &&
(AccessMask & ACTRL_DS_LIST))
{
DebugMsg((DM_VERBOSE, TEXT("CGroupPolicyObject::MapSecurityRights: Granting Read permission")));
pAce->Mask |= (SYNCHRONIZE | FILE_LIST_DIRECTORY |
FILE_READ_ATTRIBUTES | FILE_READ_EA |
FILE_READ_DATA | FILE_EXECUTE);
}
//
// Write
//
if (AccessMask & ACTRL_DS_WRITE_PROP)
{
DebugMsg((DM_VERBOSE, TEXT("CGroupPolicyObject::MapSecurityRights: Granting Write permission")));
pAce->Mask |= (SYNCHRONIZE | FILE_WRITE_DATA |
FILE_APPEND_DATA | FILE_WRITE_EA |
FILE_WRITE_ATTRIBUTES | FILE_ADD_FILE |
FILE_ADD_SUBDIRECTORY);
}
//
// Misc
//
if (AccessMask & ACTRL_DS_CREATE_CHILD)
{
DebugMsg((DM_VERBOSE, TEXT("CGroupPolicyObject::MapSecurityRights: Granting directory creation permission")));
pAce->Mask |= (FILE_ADD_SUBDIRECTORY | FILE_ADD_FILE);
}
if (AccessMask & ACTRL_DS_DELETE_CHILD)
{
DebugMsg((DM_VERBOSE, TEXT("CGroupPolicyObject::MapSecurityRights: Granting directory delete permission")));
pAce->Mask |= FILE_DELETE_CHILD;
}
//
// Inheritance
//
pAceHeader->AceFlags |= (OBJECT_INHERIT_ACE | CONTAINER_INHERIT_ACE);
}
break;
case ACCESS_ALLOWED_OBJECT_ACE_TYPE:
case ACCESS_DENIED_OBJECT_ACE_TYPE:
case SYSTEM_AUDIT_OBJECT_ACE_TYPE:
DebugMsg((DM_VERBOSE, TEXT("CGroupPolicyObject::MapSecurityRights: Clearing access mask in DS object ACE entry")));
pObjectAce = (PACCESS_ALLOWED_OBJECT_ACE) pAceHeader;
pObjectAce->Mask = 0;
break;
default:
DebugMsg((DM_VERBOSE, TEXT("CGroupPolicyObject::MapSecurityRights: Unknown ACE type 0x%x"), pAceHeader->AceType));
break;
}
DebugMsg((DM_VERBOSE, TEXT("CGroupPolicyObject::MapSecurityRights: ==================")));
}
Exit:
return dwResult;
}
//
// This method will convert a DS security access list into a
// file system security access list and actually set the security
//
DWORD CGroupPolicyObject::SetSysvolSecurity (LPTSTR lpFileSysPath, SECURITY_INFORMATION si,
PSECURITY_DESCRIPTOR pSD)
{
PACL pSacl = NULL, pDacl = NULL;
PSID psidOwner = NULL, psidGroup = NULL;
BOOL bAclPresent, bDefaulted;
DWORD dwResult;
//
// Get the DACL
//
if (si & DACL_SECURITY_INFORMATION)
{
if (!GetSecurityDescriptorDacl (pSD, &bAclPresent, &pDacl, &bDefaulted))
{
dwResult = GetLastError();
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::SetSysvolSecurity: GetSecurityDescriptorDacl failed with %d"),
dwResult));
goto Exit;
}
}
//
// Get the SACL
//
if (si & SACL_SECURITY_INFORMATION)
{
if (!GetSecurityDescriptorSacl (pSD, &bAclPresent, &pSacl, &bDefaulted))
{
dwResult = GetLastError();
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::SetSysvolSecurity: GetSecurityDescriptorSacl failed with %d"),
dwResult));
goto Exit;
}
}
//
// Get the owner
//
if (si & OWNER_SECURITY_INFORMATION)
{
if (!GetSecurityDescriptorOwner (pSD, &psidOwner, &bDefaulted))
{
dwResult = GetLastError();
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::SetSysvolSecurity: GetSecurityDescriptorOwner failed with %d"),
dwResult));
goto Exit;
}
}
//
// Get the group
//
if (si & GROUP_SECURITY_INFORMATION)
{
if (!GetSecurityDescriptorGroup (pSD, &psidGroup, &bDefaulted))
{
dwResult = GetLastError();
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::SetSysvolSecurity: GetSecurityDescriptorGroup failed with %d"),
dwResult));
goto Exit;
}
}
//
// Convert the DS access control lists into file system
// access control lists
//
if (pDacl)
{
dwResult = MapSecurityRights (pDacl);
if (dwResult != ERROR_SUCCESS)
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::SetSysvolSecurity: MapSecurityRights for the DACL failed with %d"),
dwResult));
goto Exit;
}
}
if (pSacl)
{
dwResult = MapSecurityRights (pSacl);
if (dwResult != ERROR_SUCCESS)
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::SetSysvolSecurity: MapSecurityRights for the SACL failed with %d"),
dwResult));
goto Exit;
}
}
//
// Switch to using the PROTECTED_DACL_SECURITY_INFORMATION and
// PROTECTED_SACL_SECURITY_INFORMATION flags so that this subdirectory
// does not inherit settings from it's parent (aka: "protect" it)
//
if (si & DACL_SECURITY_INFORMATION)
{
si |= PROTECTED_DACL_SECURITY_INFORMATION;
}
if (si & SACL_SECURITY_INFORMATION)
{
si |= PROTECTED_SACL_SECURITY_INFORMATION;
}
//
// Set the access control information for the file system portion
//
dwResult = SetNamedSecurityInfo(lpFileSysPath, SE_FILE_OBJECT, si, psidOwner,
psidGroup, pDacl, pSacl);
Exit:
return dwResult;
}
HRESULT WINAPI CGroupPolicyObject::ReadSecurityDescriptor (LPCWSTR lpGPOPath,
SECURITY_INFORMATION si,
PSECURITY_DESCRIPTOR *pSD,
LPARAM lpContext)
{
CGroupPolicyObject * pGPO;
HRESULT hr;
//
// Convert lpContext into a pGPO
//
pGPO = (CGroupPolicyObject*)lpContext;
if (!pGPO)
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::ReadSecurityDescriptor: GPO interface pointer is NULL")));
return E_FAIL;
}
hr = pGPO->GetSecurityDescriptor (pGPO->m_pADs, si, pSD);
if (FAILED(hr))
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::ReadSecurityDescriptor: GetSecurityDescriptor returned 0x%x"), hr));
}
return (hr);
}
HRESULT WINAPI CGroupPolicyObject::WriteSecurityDescriptor (LPCWSTR lpGPOPath,
SECURITY_INFORMATION si,
PSECURITY_DESCRIPTOR pSD,
LPARAM lpContext)
{
CGroupPolicyObject * pGPO;
IDirectoryObject *pDsObject = NULL;
IADsObjectOptions *pOptions = NULL;
DWORD dwResult = ERROR_SUCCESS;
HRESULT hr;
VARIANT var;
ADSVALUE attributeValue;
ADS_ATTR_INFO attributeInfo;
DWORD dwAttributesModified;
DWORD dwSDLength;
PSECURITY_DESCRIPTOR psd = NULL, pSDOrg = NULL;
SECURITY_DESCRIPTOR_CONTROL sdControl = 0;
DWORD dwRevision;
PACL pAcl;
BOOL bPresent, bDefault;
//
// Convert lpContext into a pGPO
//
pGPO = (CGroupPolicyObject*)lpContext;
if (!pGPO)
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::WriteSecurityDescriptor: GPO interface pointer is NULL")));
return E_FAIL;
}
//
// Get the original security descriptor from the DS
//
hr = pGPO->GetSecurityDescriptor (pGPO->m_pADs, si, &pSDOrg);
if (FAILED(hr)) {
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::WriteSecurityDescriptor: Failed to query the security descriptor with 0x%x"), hr));
goto Exit;
}
//
// Retreive the DS Object interface
//
hr = pGPO->m_pADs->QueryInterface(IID_IDirectoryObject, (void**)&pDsObject);
if (FAILED(hr)) {
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::WriteSecurityDescriptor: Failed to get DS object interface with 0x%x"), hr));
goto Exit;
}
//
// Retreive the DS Object Options interface
//
hr = pGPO->m_pADs->QueryInterface(IID_IADsObjectOptions, (void**)&pOptions);
if (FAILED(hr)) {
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::WriteSecurityDescriptor: Failed to get DS object options interface with 0x%x"), hr));
goto Exit;
}
//
// Set the SECURITY_INFORMATION mask
//
VariantInit(&var);
var.vt = VT_I4;
var.lVal = si;
hr = pOptions->SetOption(ADS_OPTION_SECURITY_MASK, var);
VariantClear (&var);
if (FAILED(hr)) {
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::WriteSecurityDescriptor: Failed to get DS object options interface with 0x%x"), hr));
goto Exit;
}
//
// Need the total size of the security descriptor
//
dwSDLength = GetSecurityDescriptorLength(pSD);
//
// If necessary, make a self-relative copy of the security descriptor
//
if (!GetSecurityDescriptorControl(pSD, &sdControl, &dwRevision))
{
dwResult = GetLastError();
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::WriteSecurityDescriptor: Failed to get security descriptor control with %d"),
dwResult));
hr = HRESULT_FROM_WIN32(dwResult);
goto Exit;
}
if (!(sdControl & SE_SELF_RELATIVE))
{
psd = (PSECURITY_DESCRIPTOR)LocalAlloc(LPTR, dwSDLength);
if (!psd)
{
dwResult = GetLastError();
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::WriteSecurityDescriptor: Failed to allocate memory for new SD with %d"),
dwResult));
hr = HRESULT_FROM_WIN32(dwResult);
goto Exit;
}
if (!MakeSelfRelativeSD(pSD, psd, &dwSDLength))
{
dwResult = GetLastError();
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::WriteSecurityDescriptor: MakeSelfRelativeSD failed with %d"),
dwResult));
hr = HRESULT_FROM_WIN32(dwResult);
goto Exit;
}
//
// Point to the self-relative copy
//
pSD = psd;
}
//
// By default, the general page will set things up so the inheritance
// is for the root container only. We really want the inheritance to
// be for the root and all sub-containers, so run through the
// DACL and SACL and set the new inheritance flags
//
if (si & DACL_SECURITY_INFORMATION)
{
if (!GetSecurityDescriptorDacl(pSD, &bPresent, &pAcl, &bDefault))
{
dwResult = GetLastError();
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::WriteSecurityDescriptor: GetSecurityDescriptorDacl failed with %d"),
dwResult));
hr = HRESULT_FROM_WIN32(dwResult);
goto Exit;
}
dwResult = pGPO->EnableInheritance (pAcl);
if (dwResult != ERROR_SUCCESS)
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::WriteSecurityDescriptor: EnableInheritance failed with %d"),
dwResult));
hr = HRESULT_FROM_WIN32(dwResult);
goto Exit;
}
}
if (si & SACL_SECURITY_INFORMATION)
{
if (!GetSecurityDescriptorSacl(pSD, &bPresent, &pAcl, &bDefault))
{
dwResult = GetLastError();
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::WriteSecurityDescriptor: GetSecurityDescriptorSacl failed with %d"),
dwResult));
hr = HRESULT_FROM_WIN32(dwResult);
goto Exit;
}
dwResult = pGPO->EnableInheritance (pAcl);
if (dwResult != ERROR_SUCCESS)
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::WriteSecurityDescriptor: EnableInheritance failed with %d"),
dwResult));
hr = HRESULT_FROM_WIN32(dwResult);
goto Exit;
}
}
//
// Set the DS security
//
attributeValue.dwType = ADSTYPE_NT_SECURITY_DESCRIPTOR;
attributeValue.SecurityDescriptor.dwLength = dwSDLength;
attributeValue.SecurityDescriptor.lpValue = (LPBYTE)pSD;
attributeInfo.pszAttrName = L"nTSecurityDescriptor";
attributeInfo.dwControlCode = ADS_ATTR_UPDATE;
attributeInfo.dwADsType = ADSTYPE_NT_SECURITY_DESCRIPTOR;
attributeInfo.pADsValues = &attributeValue;
attributeInfo.dwNumValues = 1;
hr = pDsObject->SetObjectAttributes(&attributeInfo, 1, &dwAttributesModified);
if (FAILED(hr)) {
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::WriteSecurityDescriptor: Failed to set DS security with 0x%x"), hr));
goto Exit;
}
//
// Set the sysvol security
//
dwResult = pGPO->SetSysvolSecurity (pGPO->m_pFileSysPath, si, pSD);
if (dwResult != ERROR_SUCCESS)
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::WriteSecurityDescriptor: Failed to set the security for the file system portion <%s> with %d"),
pGPO->m_pFileSysPath, dwResult));
hr = HRESULT_FROM_WIN32(dwResult);
//
// Restore the orignal DS security
//
attributeValue.dwType = ADSTYPE_NT_SECURITY_DESCRIPTOR;
attributeValue.SecurityDescriptor.dwLength = GetSecurityDescriptorLength(pSDOrg);
attributeValue.SecurityDescriptor.lpValue = (LPBYTE)pSDOrg;
attributeInfo.pszAttrName = L"nTSecurityDescriptor";
attributeInfo.dwControlCode = ADS_ATTR_UPDATE;
attributeInfo.dwADsType = ADSTYPE_NT_SECURITY_DESCRIPTOR;
attributeInfo.pADsValues = &attributeValue;
attributeInfo.dwNumValues = 1;
if (FAILED(pDsObject->SetObjectAttributes(&attributeInfo, 1, &dwAttributesModified)))
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::WriteSecurityDescriptor: Failed to restore DS security")));
}
goto Exit;
}
Exit:
if (pDsObject)
{
pDsObject->Release();
}
if (pOptions)
{
pOptions->Release();
}
if (psd)
{
LocalFree(psd);
}
if (pSDOrg)
{
LocalFree(pSDOrg);
}
return (hr);
}
STDMETHODIMP CGroupPolicyObject::CleanUp (void)
{
if (m_pUser)
{
m_pUser->Release();
m_pUser = NULL;
}
if (m_pMachine)
{
m_pMachine->Release();
m_pMachine = NULL;
}
if (m_pName)
{
LocalFree (m_pName);
m_pName = NULL;
}
if (m_pDisplayName)
{
LocalFree (m_pDisplayName);
m_pDisplayName = NULL;
}
if (m_pDSPath)
{
LocalFree (m_pDSPath);
m_pDSPath = NULL;
}
if (m_pFileSysPath)
{
LocalFree (m_pFileSysPath);
m_pFileSysPath = NULL;
}
if (m_pMachineName)
{
LocalFree (m_pMachineName);
m_pMachineName = NULL;
}
if (m_pADs)
{
m_pADs->Release();
m_pADs = NULL;
}
m_gpoType = GPOTypeLocal;
m_bInitialized = FALSE;
return S_OK;
}
STDMETHODIMP CGroupPolicyObject::RefreshGroupPolicy (BOOL bMachine)
{
HINSTANCE hInstUserEnv;
PFNREFRESHPOLICY pfnRefreshPolicy;
//
// Load the function we need
//
hInstUserEnv = LoadLibrary (TEXT("userenv.dll"));
if (!hInstUserEnv) {
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::RefreshGroupPolicy: Failed to load userenv with %d."),
GetLastError()));
return (HRESULT_FROM_WIN32(GetLastError()));
}
pfnRefreshPolicy = (PFNREFRESHPOLICY)GetProcAddress (hInstUserEnv,
"RefreshPolicy");
if (!pfnRefreshPolicy) {
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::RefreshGroupPolicy: Failed to find RefreshPolicy with %d."),
GetLastError()));
FreeLibrary (hInstUserEnv);
return (HRESULT_FROM_WIN32(GetLastError()));
}
//
// Refresh policy
//
pfnRefreshPolicy (bMachine);
//
// Clean up
//
FreeLibrary (hInstUserEnv);
return S_OK;
}
BSTR
ParseDomainName( LPWSTR szDomain )
{
BSTR bstrDomain = 0;
if ( szDomain )
{
WCHAR szXDomain[MAX_PATH*2];
DWORD dwSize = MAX_PATH*2;
if ( TranslateName( szDomain,
NameUnknown,
NameCanonical,
szXDomain,
&dwSize ) )
{
LPWSTR szTemp = wcschr( szXDomain, L'/' );
if ( szTemp )
{
*szTemp = 0;
}
bstrDomain = SysAllocString( szXDomain );
}
}
DebugMsg((DM_VERBOSE, TEXT("ParseDomainName: *** %s ***"), bstrDomain ? bstrDomain : L"" ));
return bstrDomain;
}
BSTR
ParseDomainName2( LPWSTR szDSObject )
{
BSTR bstrDomain = 0;
if ( !szDSObject )
{
return bstrDomain;
}
if ( CompareString( LOCALE_USER_DEFAULT,
NORM_IGNORECASE,
szDSObject,
7,
L"LDAP://",
7 ) == CSTR_EQUAL )
{
szDSObject += 7;
}
if ( *szDSObject )
{
WCHAR szXDomain[MAX_PATH*2];
DWORD dwSize = MAX_PATH*2;
if ( TranslateName( szDSObject,
NameUnknown,
NameCanonical,
szXDomain,
&dwSize ) )
{
LPWSTR szTemp = wcschr( szXDomain, L'/' );
if ( szTemp )
{
*szTemp = 0;
}
bstrDomain = SysAllocString( szXDomain );
}
}
DebugMsg((DM_VERBOSE, TEXT("ParseDomainName2: *** %s ***"), bstrDomain ? bstrDomain : L"" ));
return bstrDomain;
}
INT_PTR CALLBACK CGroupPolicyObject::WQLFilterDlgProc(HWND hDlg, UINT message, WPARAM wParam, LPARAM lParam)
{
CGroupPolicyObject* pGPO;
switch (message)
{
case WM_INITDIALOG:
{
HRESULT hr;
BSTR bstrName;
VARIANT var;
LPTSTR lpDisplayName;
pGPO = (CGroupPolicyObject*) (((LPPROPSHEETPAGE)lParam)->lParam);
SetWindowLongPtr (hDlg, DWLP_USER, (LONG_PTR) pGPO);
//
// Set the defaults
//
pGPO->m_pTempFilterString = NULL;
CheckDlgButton (hDlg, IDC_NONE, BST_CHECKED);
EnableWindow (GetDlgItem(hDlg, IDC_FILTER_NAME), FALSE);
EnableWindow (GetDlgItem(hDlg, IDC_FILTER_BROWSE), FALSE);
if (pGPO->m_dwFlags & GPO_OPEN_READ_ONLY)
{
EnableWindow (GetDlgItem(hDlg, IDC_NONE), FALSE);
EnableWindow (GetDlgItem(hDlg, IDC_THIS_FILTER), FALSE);
}
//
// Query for the filter
//
bstrName = SysAllocString (GPO_WQLFILTER_PROPERTY);
if (!bstrName)
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::WQLFilterDlgProc: Failed to allocate memory")));
break;
}
VariantInit(&var);
hr = pGPO->m_pADs->Get(bstrName, &var);
//
// If we find a filter, initialize the UI and save the filter string in the
// temporary buffer
//
if (SUCCEEDED(hr))
{
//
// Check if we found a null filter (defined as one space character)
//
if (*var.bstrVal != TEXT(' '))
{
pGPO->m_pTempFilterString = new TCHAR [lstrlen(var.bstrVal) + 1];
if (!pGPO->m_pTempFilterString)
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::WQLFilterDlgProc: Failed to allocate memory for filter")));
SysFreeString (bstrName);
VariantClear (&var);
break;
}
lstrcpy (pGPO->m_pTempFilterString, var.bstrVal);
lpDisplayName = GetWMIFilterDisplayName (hDlg, pGPO->m_pTempFilterString, TRUE, FALSE);
if (lpDisplayName)
{
SetDlgItemText (hDlg, IDC_FILTER_NAME, lpDisplayName);
delete [] lpDisplayName;
CheckDlgButton (hDlg, IDC_NONE, BST_UNCHECKED);
CheckDlgButton (hDlg, IDC_THIS_FILTER, BST_CHECKED);
EnableWindow (GetDlgItem(hDlg, IDC_FILTER_NAME), TRUE);
if (!(pGPO->m_dwFlags & GPO_OPEN_READ_ONLY))
{
EnableWindow (GetDlgItem(hDlg, IDC_FILTER_BROWSE), TRUE);
}
}
}
}
else
{
if (hr != E_ADS_PROPERTY_NOT_FOUND)
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::WQLFilterDlgProc: Failed to query filter with 0x%x"), hr));
}
}
SysFreeString (bstrName);
VariantClear (&var);
break;
}
case WM_COMMAND:
{
pGPO = (CGroupPolicyObject *) GetWindowLongPtr (hDlg, DWLP_USER);
if (!pGPO) {
break;
}
if (LOWORD(wParam) == IDC_FILTER_BROWSE)
{
LPTSTR lpDisplayName = NULL, lpFilter = NULL;
WCHAR szDomain[2*MAX_PATH];
HRESULT hr = pGPO->GetPath( szDomain, ARRAYSIZE( szDomain ) );
if ( FAILED( hr ) )
{
break;
}
BSTR bstrDomain = ParseDomainName2( szDomain );
if (!GetWMIFilter(FALSE, hDlg, TRUE, &lpDisplayName, &(pGPO->m_pTempFilterString), bstrDomain ))
{
SysFreeString( bstrDomain );
break;
}
SysFreeString( bstrDomain );
if (!(pGPO->m_pTempFilterString)) {
SetDlgItemText (hDlg, IDC_FILTER_NAME, TEXT(""));
EnableWindow (GetDlgItem(hDlg, IDC_FILTER_NAME), FALSE);
EnableWindow (GetDlgItem(hDlg, IDC_FILTER_BROWSE), FALSE);
CheckDlgButton (hDlg, IDC_NONE, BST_CHECKED);
CheckDlgButton (hDlg, IDC_THIS_FILTER, BST_UNCHECKED);
SendMessage (GetParent(hDlg), PSM_CHANGED, (WPARAM) hDlg, 0);
}
else {
SetDlgItemText (hDlg, IDC_FILTER_NAME, lpDisplayName);
delete [] lpDisplayName;
SendMessage (GetParent(hDlg), PSM_CHANGED, (WPARAM) hDlg, 0);
}
}
if (LOWORD(wParam) == IDC_NONE)
{
EnableWindow (GetDlgItem(hDlg, IDC_FILTER_NAME), FALSE);
EnableWindow (GetDlgItem(hDlg, IDC_FILTER_BROWSE), FALSE);
if (pGPO->m_pTempFilterString)
{
delete [] pGPO->m_pTempFilterString;
pGPO->m_pTempFilterString = NULL;
}
}
else if (LOWORD(wParam) == IDC_THIS_FILTER)
{
EnableWindow (GetDlgItem(hDlg, IDC_FILTER_NAME), TRUE);
EnableWindow (GetDlgItem(hDlg, IDC_FILTER_BROWSE), TRUE);
}
break;
}
case WM_NOTIFY:
{
pGPO = (CGroupPolicyObject *) GetWindowLongPtr (hDlg, DWLP_USER);
if (!pGPO) {
break;
}
switch (((NMHDR FAR*)lParam)->code)
{
case PSN_APPLY:
{
HRESULT hr;
BSTR bstrName;
VARIANT var;
//
// Save the current WQL filter
//
bstrName = SysAllocString (GPO_WQLFILTER_PROPERTY);
if (!bstrName)
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::WQLFilterDlgProc: Failed to allocate memory")));
break;
}
VariantInit(&var);
var.vt = VT_BSTR;
var.bstrVal = SysAllocString (pGPO->m_pTempFilterString ? pGPO->m_pTempFilterString : TEXT(" "));
if (var.bstrVal)
{
hr = pGPO->m_pADs->Put(bstrName, var);
}
else
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::WQLFilterDlgProc: Failed to allocate memory")));
SysFreeString (bstrName);
break;
}
SysFreeString (bstrName);
VariantClear (&var);
if (FAILED(hr))
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::WQLFilterDlgProc: Failed to put display name with 0x%x"), hr));
break;
}
//
// Commit the changes
//
hr = pGPO->m_pADs->SetInfo();
if (FAILED(hr))
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::WQLFilterDlgProc: Failed to commit changes with 0x%x"), hr));
break;
}
//
// Free the filter string if appropriate
//
if (((PSHNOTIFY *)lParam)->lParam)
{
if (pGPO->m_pTempFilterString)
{
delete [] pGPO->m_pTempFilterString;
pGPO->m_pTempFilterString = NULL;
}
}
break;
}
case PSN_RESET:
{
if (pGPO->m_pTempFilterString)
{
delete [] pGPO->m_pTempFilterString;
pGPO->m_pTempFilterString = NULL;
}
break;
}
}
break;
}
case WM_HELP: // F1
WinHelp((HWND)((LPHELPINFO) lParam)->hItemHandle, HELP_FILE, HELP_WM_HELP,
(ULONG_PTR) (LPSTR) aWQLFilterHelpIds);
break;
case WM_CONTEXTMENU: // right mouse click
WinHelp((HWND) wParam, HELP_FILE, HELP_CONTEXTMENU,
(ULONG_PTR) (LPSTR) aWQLFilterHelpIds);
return (TRUE);
default:
break;
}
return FALSE;
}
#define MAX_BUTTON_LEN 64
//////////////////////////////////////////////////////////////////////////////
//
//////////////////////////////////////////////////////////////////////////////
INT_PTR CALLBACK CGroupPolicyObject::GPELinksDlgProc(HWND hDlg, UINT message, WPARAM wParam, LPARAM lParam)
{
GLPARAM * pglp = NULL;
switch (message)
{
case WM_INITDIALOG:
{
LV_COLUMN lvc = {LVCF_WIDTH};
RECT rc;
HWND hList = GetDlgItem(hDlg, IDC_RESULTLIST);
// Allocate the per dialog structure
pglp = (GLPARAM*)LocalAlloc (LPTR, sizeof(GLPARAM));
if (pglp)
{
pglp->pGPO = (CGroupPolicyObject*) (((LPPROPSHEETPAGE)lParam)->lParam);
SetWindowLongPtr (hDlg, DWLP_USER, (LONG_PTR) pglp);
pglp->pGPO->FillDomainList (GetDlgItem(hDlg, IDC_CBDOMAIN));
}
else
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::GPELinksDlgProc: Failed to LocalAlloc in WM_INITDIALOG")));
}
// Set the Columns, in the list view
if (IsWindow(hList))
{
SendMessage(hList, LVM_SETEXTENDEDLISTVIEWSTYLE, LVS_EX_LABELTIP,
LVS_EX_LABELTIP);
GetClientRect(hList, &rc);
lvc.cx = (rc.right - rc.left);
ListView_InsertColumn(hList, 0, &lvc);
}
// Show icon in the corner
Animate_Open(GetDlgItem(hDlg, IDAC_FIND), MAKEINTRESOURCE(IDA_FIND));
break;
}
case WM_COMMAND:
{
pglp = (GLPARAM *) GetWindowLongPtr (hDlg, DWLP_USER);
if (!pglp)
{
break;
}
if ((IDC_CBDOMAIN == LOWORD(wParam)) && ((CBN_SELCHANGE == HIWORD(wParam)) || (CBN_SELENDOK == HIWORD(wParam))))
{
// Clear the list view
pglp->fAbort = TRUE;
SendDlgItemMessage(hDlg, IDC_RESULTLIST, LVM_DELETEALLITEMS, 0, 0L);
break;
}
// If the IDC_ACTION was clicked then do search
if ((IDC_ACTION == LOWORD(wParam)) && (BN_CLICKED == HIWORD(wParam)))
{
// If we are have been asked to start a search, create the thread to do so
if (!pglp->fFinding)
{
HANDLE hThread = NULL;
DWORD dwThreadId = 0;
GLTHREADPARAM * pgltp = NULL;
int nCurSel = 0;
// Make sure something has been selected in the combo box
nCurSel = (int)SendDlgItemMessage (hDlg, IDC_CBDOMAIN, CB_GETCURSEL, 0, 0L);
if (CB_ERR == nCurSel)
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::GPELinksDlgProc: There was no Domain selected in the combo box. Exiting.")));
break;
}
// Allocate the Thread Param structure
pgltp = (GLTHREADPARAM*)LocalAlloc (LPTR, sizeof(GLTHREADPARAM));
if (!pgltp)
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::GPELinksDlgProc: Failed to LocalAlloc Thread Param structure")));
break;
}
pgltp->hDlg = hDlg;
pgltp->pGPO = pglp->pGPO;
pgltp->pfAbort = &pglp->fAbort;
pgltp->pszLDAPName = (LPOLESTR)SendDlgItemMessage (hDlg, IDC_CBDOMAIN, CB_GETITEMDATA, nCurSel, 0L);
if (!pgltp->pszLDAPName)
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::GPELinksDlgProc: The LDAP name buffer was NULL.")));
LocalFree(pgltp);
break;
}
pgltp->pszLDAPName = MakeFullPath (pgltp->pszLDAPName, pglp->pGPO->m_pMachineName);
// Unset the abort flag
pglp->fAbort = FALSE;
// Clear the list view
SendDlgItemMessage(hDlg, IDC_RESULTLIST, LVM_DELETEALLITEMS, 0, 0L);
// Fire off the thread to fill the list view
hThread = CreateThread (NULL, 0, (LPTHREAD_START_ROUTINE)GLThreadFunc, pgltp, 0, &dwThreadId);
if (!hThread)
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::GPELinksDlgProc: Could not create the search thread.")));
LocalFree(pgltp);
break;
}
CloseHandle (hThread);
// Change the text on the button to "Stop"
SendMessage (hDlg, PDM_CHANGEBUTTONTEXT, 0, 0L);
}
else
{
// The user wants to stop the search
pglp->fAbort = TRUE;
}
}
break;
}
case PDM_CHANGEBUTTONTEXT:
{
TCHAR szButtonText[MAX_BUTTON_LEN] = {0};
pglp = (GLPARAM *) GetWindowLongPtr (hDlg, DWLP_USER);
if (!pglp)
{
break;
}
if (!pglp->fFinding)
Animate_Play(GetDlgItem(hDlg, IDAC_FIND), 0, -1, -1);
else
Animate_Stop(GetDlgItem(hDlg, IDAC_FIND));
// Set the button to show appropriate text
LoadString (g_hInstance, pglp->fFinding ? IDS_FINDNOW: IDS_STOP, szButtonText, ARRAYSIZE(szButtonText));
SetDlgItemText (hDlg, IDC_ACTION, szButtonText);
// Flip the toggle
pglp->fFinding = !pglp->fFinding;
break;
}
case WM_NOTIFY:
{
pglp = (GLPARAM *) GetWindowLongPtr (hDlg, DWLP_USER);
if (!pglp)
{
break;
}
switch (((NMHDR FAR*)lParam)->code)
{
// In case thr user wants to cancel, bail from the thread
case PSN_QUERYCANCEL:
pglp->fAbort = TRUE;
break;
// In case thr user wants to close the prop sheet, bail from the thread
case PSN_APPLY:
case PSN_RESET:
{
int nCount = 0;
PSHNOTIFY * pNotify = (PSHNOTIFY *) lParam;
// User just hit the Apply button don't destroy everything.
if (!pNotify->lParam)
{
SetWindowLongPtr (hDlg, DWLP_MSGRESULT, PSNRET_NOERROR);
return TRUE;
}
pglp->fAbort = TRUE;
// When the dialog is going away, delete all the data that was stored with each CB item in
// FillDomainList() are freed
if (IsWindow(GetDlgItem(hDlg, IDC_CBDOMAIN)))
{
nCount = (int) SendDlgItemMessage(hDlg, IDC_CBDOMAIN, CB_GETCOUNT, 0, 0L);
for (int nIndex = 0; nIndex < nCount; nIndex++)
{
LPOLESTR pszStr;
pszStr = (LPOLESTR)SendDlgItemMessage(hDlg, IDC_CBDOMAIN, CB_GETITEMDATA, nIndex, 0L);
if (pszStr)
delete [] pszStr;
}
}
// Free the per dialog structure
LocalFree (pglp);
SetWindowLongPtr (hDlg, DWLP_USER, (LONG_PTR) NULL);
Animate_Close(GetDlgItem(hDlg, IDAC_FIND));
break;
}
}
break;
}
case WM_HELP: // F1
WinHelp((HWND)((LPHELPINFO) lParam)->hItemHandle, HELP_FILE, HELP_WM_HELP,
(ULONG_PTR) (LPSTR) aLinkHelpIds);
break;
case WM_CONTEXTMENU: // right mouse click
WinHelp((HWND) wParam, HELP_FILE, HELP_CONTEXTMENU,
(ULONG_PTR) (LPSTR) aLinkHelpIds);
return (TRUE);
default:
break;
}
return FALSE;
}
//////////////////////////////////////////////////////////////////////////////
// The thread that will look call the recursive find function. This function will clean up
// the param structure that has been passed in
//////////////////////////////////////////////////////////////////////////////
DWORD WINAPI CGroupPolicyObject::GLThreadFunc(GLTHREADPARAM * pgltp)
{
LPTSTR lpGPO;
DWORD dwRet;
HINSTANCE hInstance = LoadLibrary(TEXT("GPEdit.dll"));
HRESULT hr;
//
// Initialize COM
//
hr = CoInitialize(NULL);
if (FAILED(hr))
{
return 0L;
}
//
// Make sure we have a thread param structure
//
if (pgltp)
{
pgltp->pGPO->AddRef();
lpGPO = MakeNamelessPath (pgltp->pGPO->m_pDSPath);
if (lpGPO)
{
//
// Check if the user wants to abort. Otherwise make recursive call
//
if (!*(pgltp->pfAbort))
{
dwRet = pgltp->pGPO->FindLinkInDomain(pgltp, lpGPO);
}
if ((!*(pgltp->pfAbort)) && dwRet)
{
pgltp->pGPO->FindLinkInSite(pgltp, lpGPO);
}
if (IsWindow(GetDlgItem(pgltp->hDlg, IDC_RESULTLIST)))
{
ListView_SetItemState(GetDlgItem(pgltp->hDlg, IDC_RESULTLIST), 0, LVIS_SELECTED |LVIS_FOCUSED, LVIS_SELECTED |LVIS_FOCUSED);
}
//
// Switch the button text, change the cursor, and free the param that the
// dialog proc allocated and sent to us
//
SendMessage(pgltp->hDlg, PDM_CHANGEBUTTONTEXT, 0, 0L);
LocalFree (lpGPO);
}
pgltp->pGPO->Release();
LocalFree(pgltp->pszLDAPName);
LocalFree(pgltp);
}
//
// Uninitialize COM
//
CoUninitialize();
FreeLibraryAndExitThread(hInstance, 0);
return 0L;
}
DWORD WINAPI CGroupPolicyObject::FindLinkInSite(GLTHREADPARAM * pgltp, LPTSTR lpGPO)
{
IADsContainer * pADsContainer = NULL;
HRESULT hr;
IEnumVARIANT *pVar = NULL;
IADs * pADs = NULL;
VARIANT var;
ULONG ulResult;
IDispatch * pDispatch = NULL;
BSTR bstrClassName;
BSTR bstrSite = NULL;
IADsPathname * pADsPathname = NULL;
//
// Create a pathname object we can work with
//
hr = CoCreateInstance(CLSID_Pathname, NULL, CLSCTX_INPROC_SERVER,
IID_IADsPathname, (LPVOID*)&pADsPathname);
if (FAILED(hr))
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::FindLinkInSite: Failed to create adspathname instance with 0x%x"), hr));
goto Exit;
}
//
// Add the gpo name
//
hr = pADsPathname->Set (pgltp->pszLDAPName, ADS_SETTYPE_FULL);
if (FAILED(hr))
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::FindLinkInSite: Failed to set pathname with 0x%x"), hr));
goto Exit;
}
//
// Add the configuration folder to the path
//
hr = pADsPathname->AddLeafElement (TEXT("CN=Configuration"));
if (FAILED(hr))
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::FindLinkInSite: Failed to add configuration folder with 0x%x"), hr));
goto Exit;
}
//
// Add the sites container to the path
//
hr = pADsPathname->AddLeafElement (TEXT("CN=Sites"));
if (FAILED(hr))
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::FindLinkInSite: Failed to add sites folder with 0x%x"), hr));
goto Exit;
}
//
// Retreive the container path
//
hr = pADsPathname->Retrieve (ADS_FORMAT_X500, &bstrSite);
if (FAILED(hr))
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::FindLinkInSite: Failed to retreive site path with 0x%x"), hr));
goto Exit;
}
// Create Enumerator
hr = OpenDSObject(bstrSite, IID_IADsContainer, (void **)&pADsContainer);
if (FAILED(hr))
{
DebugMsg((DM_VERBOSE, TEXT("FindLinkInSite: Failed to get gpo container interface with 0x%x for object %s"),
hr, bstrSite));
goto Exit;
}
// Build the enumerator
hr = ADsBuildEnumerator (pADsContainer, &pVar);
if (FAILED(hr))
{
DebugMsg((DM_WARNING, TEXT("FindLinkInSite: Failed to get enumerator with 0x%x"), hr));
goto Exit;
}
//
// Enumerate
//
while (TRUE)
{
TCHAR lpSite[] = TEXT("site");
DWORD dwStrLen = lstrlen (lpSite);
// Check if the user wants to abort. Before proceeding
if (*(pgltp->pfAbort))
{
break;
}
VariantInit(&var);
hr = ADsEnumerateNext(pVar, 1, &var, &ulResult);
if (S_FALSE == hr)
{
VariantClear (&var);
break;
}
if ((FAILED(hr)) || (var.vt != VT_DISPATCH))
{
DebugMsg((DM_VERBOSE, TEXT("CGroupPolicyObject::FindLinkInSite: Failed to enumerator with 0x%x or we didn't get the IDispatch"), hr));
VariantClear (&var);
break;
}
if (*(pgltp->pfAbort))
{
VariantClear (&var);
break;
}
//
// We found something, get the IDispatch interface
//
pDispatch = var.pdispVal;
if (!pDispatch)
{
VariantClear (&var);
goto Exit;
}
//
// Now query for the IADs interface so we can get some
// properties from this object
//
hr = pDispatch->QueryInterface(IID_IADs, (LPVOID *)&pADs);
if (FAILED(hr))
{
DebugMsg((DM_WARNING, TEXT("AddGPOsForDomain: QI for IADs failed with 0x%x"), hr));
VariantClear (&var);
goto Exit;
}
//
// Get the relative and class names
//
hr = pADs->get_Class (&bstrClassName);
if (FAILED(hr))
{
DebugMsg((DM_WARNING, TEXT("DSDelnodeRecurse: Failed get class name with 0x%x"), hr));
pADs->Release();
VariantClear (&var);
goto Exit;
}
if (CompareString (LOCALE_USER_DEFAULT, NORM_IGNORECASE | NORM_STOP_ON_NULL,
lpSite, dwStrLen, bstrClassName, dwStrLen) == CSTR_EQUAL)
{
VARIANT varLink;
BSTR bstrLinkProp;
VariantInit(&varLink);
bstrLinkProp = SysAllocString(GPM_LINK_PROPERTY);
if (bstrLinkProp)
{
// Now get the Name property
hr = pADs->Get(bstrLinkProp, &varLink);
// Create the new LDAP:// string and call FindLinkInDomain() recursively
if (SUCCEEDED(hr) && wcsstr(varLink.bstrVal, lpGPO))
{
VARIANT varName;
BSTR bstrNameProp;
VariantInit(&varName);
bstrNameProp = SysAllocString(GPM_NAME_PROPERTY);
if (bstrNameProp)
{
// Now get the Name property
hr = pADs->Get(bstrNameProp, &varName);
if (SUCCEEDED(hr))
{
LV_ITEM lvi = {LVIF_TEXT};
LPTSTR pszTemp = MakeNamelessPath(bstrSite);
if (pszTemp)
{
ULONG ulLen = wcslen(pszTemp) + 2 + wcslen(varName.bstrVal);
LPOLESTR pszTranslated = new OLECHAR[ulLen];
if (pszTranslated)
{
// Move pointer over the lDAP:// string and insert the rest into the listview
pszTemp += wcslen(TEXT("LDAP://"));
lvi.iItem = 0x7FFFFFFF;
if (TranslateName(pszTemp, NameFullyQualifiedDN, NameCanonical, pszTranslated, &ulLen))
{
wcscat(pszTranslated, TEXT("/"));
wcscat(pszTranslated, varName.bstrVal);
lvi.pszText = pszTranslated;
ListView_InsertItem(GetDlgItem(pgltp->hDlg, IDC_RESULTLIST), &lvi);
}
delete [] pszTranslated;
}
LocalFree (pszTemp);
}
}
SysFreeString (bstrNameProp);
}
VariantClear (&varName);
}
SysFreeString (bstrLinkProp);
}
VariantClear (&varLink);
}
pADs->Release();
SysFreeString (bstrClassName);
}
Exit:
if (pADsContainer)
pADsContainer->Release();
if (pADsPathname)
pADsPathname->Release();
if (bstrSite)
SysFreeString (bstrSite);
return 1L;
}
//////////////////////////////////////////////////////////////////////////////
// Recursive call that will look through all domains and OUs for our GUID
//////////////////////////////////////////////////////////////////////////////
DWORD WINAPI CGroupPolicyObject::FindLinkInDomain(GLTHREADPARAM * pgltp, LPTSTR lpGPO)
{
IADs * pADs = NULL;
IADsContainer * pADsContainer = NULL;
HRESULT hr;
IEnumVARIANT *pVar = NULL;
VARIANT var;
ULONG ulResult;
BSTR bstrClassName;
IDispatch * pDispatch = NULL;
DWORD dwResult = 1;
// Check if the user wants to abort. Before proceeding
if (*(pgltp->pfAbort))
{
return 0;
}
// Bind to Object
hr = OpenDSObject(pgltp->pszLDAPName, IID_IADs, (void **)&pADs);
if (SUCCEEDED(hr))
{
BSTR bstrLinkProp;
VariantInit(&var);
bstrLinkProp = SysAllocString(GPM_LINK_PROPERTY);
if (bstrLinkProp)
{
// Now get the link property
hr = pADs->Get(bstrLinkProp, &var);
// Check if out GUID is in there.
if (SUCCEEDED(hr) && StrStrI(var.bstrVal, lpGPO))
{
LV_ITEM lvi = {LVIF_TEXT};
//
// Check if this is a forest path
//
if (IsForest(pgltp->pszLDAPName))
{
TCHAR szForest[50] = {0};
LoadString (g_hInstance, IDS_FOREST, szForest, ARRAYSIZE(szForest));
lvi.iItem = 0x7FFFFFFF;
lvi.pszText = szForest;
ListView_InsertItem(GetDlgItem(pgltp->hDlg, IDC_RESULTLIST), &lvi);
}
else
{
LPTSTR pszTemp = MakeNamelessPath(pgltp->pszLDAPName);
if (pszTemp)
{
ULONG ulLen = wcslen(pszTemp) + 2;
LPOLESTR pszTranslated = new OLECHAR[ulLen];
if (pszTranslated)
{
// Move pointer over the lDAP:// string and insert the rest into the listview
pszTemp += wcslen(TEXT("LDAP://"));
lvi.iItem = 0x7FFFFFFF;
if (TranslateName(pszTemp, NameFullyQualifiedDN, NameCanonical, pszTranslated, &ulLen))
{
lvi.pszText = pszTranslated;
ListView_InsertItem(GetDlgItem(pgltp->hDlg, IDC_RESULTLIST), &lvi);
}
delete [] pszTranslated;
}
LocalFree (pszTemp);
}
}
}
// Cleanup
SysFreeString(bstrLinkProp);
}
VariantClear(&var);
pADs->Release();
}
else
{
DebugMsg((DM_VERBOSE, TEXT("FindLinkInDomain: Failed to get IID_IADs. hr: 0x%x, for %s"),hr, pgltp->pszLDAPName));
ReportError(pgltp->hDlg, hr, IDS_DSBINDFAILED);
dwResult = 0;
goto Exit;
}
// Check if the user wants to abort. Before proceeding
if (*(pgltp->pfAbort))
{
dwResult = 0;
goto Exit;
}
// Create Enumerator
hr = OpenDSObject(pgltp->pszLDAPName, IID_IADsContainer, (void **)&pADsContainer);
if (FAILED(hr))
{
DebugMsg((DM_VERBOSE, TEXT("FindLinkInDomain: Failed to get gpo container interface with 0x%x for object %s"),
hr, pgltp->pszLDAPName));
dwResult = 0;
goto Exit;
}
hr = ADsBuildEnumerator (pADsContainer, &pVar);
if (FAILED(hr))
{
DebugMsg((DM_WARNING, TEXT("FindLinkInDomain: Failed to get enumerator with 0x%x"), hr));
dwResult = 0;
goto Exit;
}
//
// Enumerate
//
while (TRUE)
{
TCHAR lpOU[] = TEXT("organizationalUnit");
DWORD dwStrLen = lstrlen (lpOU);
// Check if the user wants to abort. Before proceeding
if (*(pgltp->pfAbort))
{
break;
}
VariantInit(&var);
hr = ADsEnumerateNext(pVar, 1, &var, &ulResult);
if (S_FALSE == hr)
{
VariantClear (&var);
break;
}
if ((FAILED(hr)) || (var.vt != VT_DISPATCH))
{
VariantClear (&var);
break;
}
if (*(pgltp->pfAbort))
{
VariantClear (&var);
break;
}
//
// We found something, get the IDispatch interface
//
pDispatch = var.pdispVal;
if (!pDispatch)
{
VariantClear (&var);
dwResult = 0;
goto Exit;
}
//
// Now query for the IADs interface so we can get some
// properties from this object
//
hr = pDispatch->QueryInterface(IID_IADs, (LPVOID *)&pADs);
if (FAILED(hr))
{
DebugMsg((DM_WARNING, TEXT("AddGPOsForDomain: QI for IADs failed with 0x%x"), hr));
VariantClear (&var);
dwResult = 0;
goto Exit;
}
//
// Get the relative and class names
//
hr = pADs->get_Class (&bstrClassName);
if (FAILED(hr))
{
DebugMsg((DM_WARNING, TEXT("DSDelnodeRecurse: Failed get class name with 0x%x"), hr));
pADs->Release();
VariantClear (&var);
dwResult = 0;
goto Exit;
}
if (CompareString (LOCALE_USER_DEFAULT, NORM_IGNORECASE | NORM_STOP_ON_NULL,
lpOU, dwStrLen, bstrClassName, dwStrLen) == CSTR_EQUAL)
{
VARIANT varName;
BSTR bstrNameProp;
VariantInit(&varName);
bstrNameProp = SysAllocString(GPM_NAME_PROPERTY);
if (bstrNameProp)
{
// Now get the Name property
hr = pADs->Get(bstrNameProp, &varName);
// Create the new LDAP:// string and call FindLinkInDomain() recursively
if (SUCCEEDED(hr))
{
GLTHREADPARAM gltp = *pgltp;
IADsPathname * pADsPathname;
LPOLESTR pszNewName = new OLECHAR[wcslen(varName.bstrVal) + 10];
BSTR bstr;
//
// Build the new element name
//
if (!pszNewName)
{
dwResult = 0;
goto Exit;
}
wcscpy(pszNewName, TEXT("OU="));
wcscat(pszNewName, varName.bstrVal);
//
// Create a pathname object we can work with
//
hr = CoCreateInstance(CLSID_Pathname, NULL, CLSCTX_INPROC_SERVER,
IID_IADsPathname, (LPVOID*)&pADsPathname);
if (FAILED(hr))
{
delete [] pszNewName;
dwResult = 0;
goto Exit;
}
//
// Set the current name
//
hr = pADsPathname->Set (pgltp->pszLDAPName, ADS_SETTYPE_FULL);
if (FAILED(hr))
{
delete [] pszNewName;
pADsPathname->Release();
dwResult = 0;
goto Exit;
}
//
// Check for escape characters
//
hr = pADsPathname->GetEscapedElement (0, pszNewName, &bstr);
delete [] pszNewName;
if (FAILED(hr))
{
pADsPathname->Release();
dwResult = 0;
goto Exit;
}
//
// Add the new element
//
hr = pADsPathname->AddLeafElement (bstr);
SysFreeString (bstr);
if (FAILED(hr))
{
pADsPathname->Release();
dwResult = 0;
goto Exit;
}
//
// Get the new path
//
hr = pADsPathname->Retrieve(ADS_FORMAT_X500, &bstr);
pADsPathname->Release();
if (FAILED(hr))
{
dwResult = 0;
goto Exit;
}
//
// Recurse
//
gltp.pszLDAPName = bstr;
if (FindLinkInDomain(&gltp, lpGPO) == 0)
{
dwResult = 0;
goto Exit;
}
SysFreeString (bstr);
}
SysFreeString (bstrNameProp);
}
VariantClear (&varName);
}
pADs->Release();
SysFreeString (bstrClassName);
}
Exit:
if (pADsContainer)
pADsContainer->Release();
return dwResult;
}
//////////////////////////////////////////////////////////////////////////////
// Fill the combobox with available domains
//////////////////////////////////////////////////////////////////////////////
BOOL CGroupPolicyObject::FillDomainList (HWND hWndCombo)
{
HRESULT hr;
DWORD dwIndex = 0;
LPOLESTR pszDomain;
LPTSTR lpTemp;
HCURSOR hcur = SetCursor(LoadCursor(NULL, IDC_WAIT));
// get the ordered tree of domains
LOOKDATA * pDomainList = BuildDomainList(NULL);
LOOKDATA *pRemember = pDomainList;
// now walk the tree, adding elements to the dialog box
int nCBIndex;
// start at the head
while (pDomainList)
{
// add the LDAP path for the doman in this node
//SendMessage(hWndCombo, CB_INSERTSTRING, (WPARAM) -1, (LPARAM)(LPCTSTR) pDomainList->szData);
nCBIndex = (int)SendMessage(hWndCombo, CB_INSERTSTRING, (WPARAM) -1, (LPARAM)(LPCTSTR) pDomainList->szName);
SendMessage(hWndCombo, CB_SETITEMDATA, (WPARAM) nCBIndex, (LPARAM)(LPCTSTR) pDomainList->szData);
if (pDomainList->pChild)
{
// go to its child
pDomainList = pDomainList->pChild;
}
else
{
if (pDomainList->pSibling)
{
// go to its sibling if there are no children
pDomainList = pDomainList->pSibling;
}
else
{
// there are no children and no siblings
// back up until we find a parent with a sibling
// or there are no more parents (we're done)
do
{
pDomainList = pDomainList->pParent;
if (pDomainList)
{
if (pDomainList->pSibling)
{
pDomainList = pDomainList->pSibling;
break;
}
}
else
{
break;
}
} while (TRUE);
}
}
}
FreeDomainInfo (pRemember);
//
// Select the current domain in the combobox
//
pszDomain = GetDomainFromLDAPPath(m_pDSPath);
if (pszDomain)
{
//
// Convert LDAP to dot (DN) style
//
hr = ConvertToDotStyle (pszDomain, &lpTemp);
if (SUCCEEDED(hr))
{
dwIndex = (DWORD) SendMessage (hWndCombo, CB_FINDSTRINGEXACT, (WPARAM) -1,
(LONG_PTR)lpTemp);
if (dwIndex == CB_ERR)
{
dwIndex = 0;
}
LocalFree (lpTemp);
}
delete [] pszDomain;
}
SendMessage (hWndCombo, CB_SETCURSEL, (WPARAM)dwIndex, 0);
SetCursor(hcur);
return TRUE;
}
INT_PTR CALLBACK CGroupPolicyObject::PropertiesDlgProc(HWND hDlg, UINT message, WPARAM wParam, LPARAM lParam)
{
CGroupPolicyObject * pGPO;
static BOOL bDirty;
static BOOL bDisableWarningIssued;
switch (message)
{
case WM_INITDIALOG:
{
DWORD dwTemp;
LPTSTR lpEnd;
TCHAR szBuffer[2*MAX_PATH];
TCHAR szDate[100];
TCHAR szTime[100];
TCHAR szFormat[80];
TCHAR szVersion[100];
WIN32_FILE_ATTRIBUTE_DATA fad;
FILETIME filetime, CreateTime, ChangeTime;
SYSTEMTIME systime;
LPTSTR lpResult;
LPOLESTR pszDomain;
ULONG ulVersion = 0;
USHORT uMachine, uUser;
VARIANT var;
BSTR bstrName;
LPTSTR lpDisplayName;
WORD wDosDate, wDosTime;
pGPO = (CGroupPolicyObject *) (((LPPROPSHEETPAGE)lParam)->lParam);
SetWindowLongPtr (hDlg, DWLP_USER, (LONG_PTR) pGPO);
//
// Initialize
//
if ((pGPO->m_pMachineName) && (pGPO->m_gpoType == GPOTypeDS))
{
lpDisplayName = (LPTSTR) LocalAlloc (LPTR, (lstrlen(pGPO->m_pDisplayName) +
lstrlen(pGPO->m_pMachineName) +
5) * sizeof(TCHAR));
if (lpDisplayName)
{
LoadString (g_hInstance, IDS_NAMEFORMAT, szFormat, ARRAYSIZE(szFormat));
wsprintf (lpDisplayName, szFormat, pGPO->m_pDisplayName, pGPO->m_pMachineName);
SetDlgItemText (hDlg, IDC_TITLE, lpDisplayName);
LocalFree (lpDisplayName);
}
}
else
{
SetDlgItemText (hDlg, IDC_TITLE, pGPO->m_pDisplayName);
}
if (pGPO->m_gpoType == GPOTypeDS)
{
if (IsForest(pGPO->m_pDSPath))
{
LoadString (g_hInstance, IDS_FORESTHEADING, szBuffer, ARRAYSIZE(szBuffer));
SetDlgItemText (hDlg, IDC_DOMAIN_HEADING, szBuffer);
}
pszDomain = GetDomainFromLDAPPath(pGPO->m_pDSPath);
if (pszDomain)
{
if (SUCCEEDED(ConvertToDotStyle (pszDomain, &lpResult)))
{
SetDlgItemText (hDlg, IDC_DOMAIN, lpResult);
LocalFree (lpResult);
}
delete [] pszDomain;
}
SetDlgItemText (hDlg, IDC_UNIQUE_NAME, pGPO->m_pName);
}
else
{
LoadString (g_hInstance, IDS_NOTAPPLICABLE, szBuffer, ARRAYSIZE(szBuffer));
SetDlgItemText (hDlg, IDC_DOMAIN, szBuffer);
SetDlgItemText (hDlg, IDC_UNIQUE_NAME, szBuffer);
}
if (SUCCEEDED(pGPO->GetOptions(&dwTemp)))
{
if (dwTemp & GPO_OPTION_DISABLE_MACHINE)
{
CheckDlgButton (hDlg, IDC_DISABLE_COMPUTER, BST_CHECKED);
}
if (dwTemp & GPO_OPTION_DISABLE_USER)
{
CheckDlgButton (hDlg, IDC_DISABLE_USER, BST_CHECKED);
}
}
lstrcpy (szBuffer, pGPO->m_pFileSysPath);
lpEnd = CheckSlash (szBuffer);
lstrcpy (lpEnd, TEXT("gpt.ini"));
if (pGPO->m_gpoType == GPOTypeDS)
{
VariantInit(&var);
bstrName = SysAllocString (GPO_VERSION_PROPERTY);
if (bstrName)
{
if (SUCCEEDED(pGPO->m_pADs->Get(bstrName, &var)))
{
ulVersion = var.lVal;
}
SysFreeString (bstrName);
}
VariantClear (&var);
}
else
{
ulVersion = GetPrivateProfileInt(TEXT("General"), TEXT("Version"), 0, szBuffer);
}
uMachine = (USHORT) LOWORD(ulVersion);
uUser = (USHORT) HIWORD(ulVersion);
LoadString (g_hInstance, IDS_REVISIONFORMAT, szFormat, ARRAYSIZE(szFormat));
wsprintf (szVersion, szFormat, uMachine, uUser);
SetDlgItemText (hDlg, IDC_REVISION, szVersion);
//
// Get the date / time info
//
CreateTime.dwLowDateTime = 0;
CreateTime.dwHighDateTime = 0;
ChangeTime.dwLowDateTime = 0;
ChangeTime.dwHighDateTime = 0;
if (pGPO->m_gpoType == GPOTypeDS)
{
//
// Get the creation time
//
VariantInit(&var);
bstrName = SysAllocString (TEXT("whenCreated"));
if (bstrName)
{
if (SUCCEEDED(pGPO->m_pADs->Get(bstrName, &var)))
{
if (VariantTimeToDosDateTime (var.date, &wDosDate, &wDosTime))
{
DosDateTimeToFileTime (wDosDate, wDosTime, &CreateTime);
}
}
SysFreeString (bstrName);
}
VariantClear (&var);
//
// Get the last write time
//
VariantInit(&var);
bstrName = SysAllocString (TEXT("whenChanged"));
if (bstrName)
{
if (SUCCEEDED(pGPO->m_pADs->Get(bstrName, &var)))
{
if (VariantTimeToDosDateTime (var.date, &wDosDate, &wDosTime))
{
DosDateTimeToFileTime (wDosDate, wDosTime, &ChangeTime);
}
}
SysFreeString (bstrName);
}
VariantClear (&var);
}
else
{
//
// Get the time info from the gpt.ini file
//
if (GetFileAttributesEx (szBuffer, GetFileExInfoStandard, &fad))
{
CreateTime.dwLowDateTime = fad.ftCreationTime.dwLowDateTime;
CreateTime.dwHighDateTime = fad.ftCreationTime.dwHighDateTime;
ChangeTime.dwLowDateTime = fad.ftLastWriteTime.dwLowDateTime;
ChangeTime.dwHighDateTime = fad.ftLastWriteTime.dwHighDateTime;
}
}
//
// Format & display the date / time information
//
FileTimeToLocalFileTime (&CreateTime, &filetime);
FileTimeToSystemTime (&filetime, &systime);
GetDateFormat (LOCALE_USER_DEFAULT, DATE_SHORTDATE, &systime,
NULL, szDate, ARRAYSIZE (szDate));
GetTimeFormat (LOCALE_USER_DEFAULT, 0, &systime,
NULL, szTime, ARRAYSIZE (szTime));
LoadString (g_hInstance, IDS_DATETIMEFORMAT, szFormat, ARRAYSIZE(szFormat));
wsprintf (szBuffer, szFormat, szDate, szTime);
SetDlgItemText (hDlg, IDC_CREATE_DATE, szBuffer);
FileTimeToLocalFileTime (&ChangeTime, &filetime);
FileTimeToSystemTime (&filetime, &systime);
GetDateFormat (LOCALE_USER_DEFAULT, DATE_SHORTDATE, &systime,
NULL, szDate, ARRAYSIZE (szDate));
GetTimeFormat (LOCALE_USER_DEFAULT, 0, &systime,
NULL, szTime, ARRAYSIZE (szTime));
wsprintf (szBuffer, szFormat, szDate, szTime);
SetDlgItemText (hDlg, IDC_MODIFIED_DATE, szBuffer);
if (pGPO->m_dwFlags & GPO_OPEN_READ_ONLY)
{
EnableWindow (GetDlgItem(hDlg, IDC_DISABLE_COMPUTER), FALSE);
EnableWindow (GetDlgItem(hDlg, IDC_DISABLE_USER), FALSE);
}
bDirty = FALSE;
bDisableWarningIssued = FALSE;
break;
}
case WM_COMMAND:
if (HIWORD(wParam) == BN_CLICKED)
{
if ((LOWORD(wParam) == IDC_DISABLE_COMPUTER) ||
(LOWORD(wParam) == IDC_DISABLE_USER))
{
if (!bDisableWarningIssued)
{
if (IsDlgButtonChecked (hDlg, LOWORD(wParam)) == BST_CHECKED)
{
TCHAR szMessage[200];
TCHAR szTitle[100];
bDisableWarningIssued = TRUE;
LoadString (g_hInstance, IDS_CONFIRMDISABLE, szMessage, ARRAYSIZE(szMessage));
LoadString (g_hInstance, IDS_CONFIRMTITLE2, szTitle, ARRAYSIZE(szTitle));
if (MessageBox (hDlg, szMessage, szTitle, MB_YESNO |
MB_ICONWARNING | MB_DEFBUTTON2) == IDNO) {
CheckDlgButton (hDlg, LOWORD(wParam), BST_UNCHECKED);
break;
}
}
}
}
if (!bDirty)
{
SendMessage (GetParent(hDlg), PSM_CHANGED, (WPARAM) hDlg, 0);
bDirty = TRUE;
}
}
break;
case WM_NOTIFY:
pGPO = (CGroupPolicyObject *) GetWindowLongPtr (hDlg, DWLP_USER);
if (!pGPO) {
break;
}
switch (((NMHDR FAR*)lParam)->code)
{
case PSN_APPLY:
{
if (bDirty)
{
DWORD dwTemp = 0;
HRESULT hr;
//
// Set the disable flags in the GPO
//
if (IsDlgButtonChecked (hDlg, IDC_DISABLE_COMPUTER) == BST_CHECKED)
{
dwTemp |= GPO_OPTION_DISABLE_MACHINE;
}
if (IsDlgButtonChecked (hDlg, IDC_DISABLE_USER) == BST_CHECKED)
{
dwTemp |= GPO_OPTION_DISABLE_USER;
}
hr = pGPO->SetOptions (dwTemp, (GPO_OPTION_DISABLE_MACHINE | GPO_OPTION_DISABLE_USER));
if (FAILED(hr))
{
ReportError(hDlg, hr, IDS_FAILEDPROPERTIES);
SetWindowLongPtr (hDlg, DWLP_MSGRESULT, PSNRET_INVALID);
return TRUE;
}
bDirty = FALSE;
}
}
// fall through...
case PSN_RESET:
SetWindowLongPtr (hDlg, DWLP_MSGRESULT, PSNRET_NOERROR);
return TRUE;
}
break;
case WM_HELP: // F1
WinHelp((HWND)((LPHELPINFO) lParam)->hItemHandle, HELP_FILE, HELP_WM_HELP,
(ULONG_PTR) (LPSTR) aPropertiesHelpIds);
break;
case WM_CONTEXTMENU: // right mouse click
WinHelp((HWND) wParam, HELP_FILE, HELP_CONTEXTMENU,
(ULONG_PTR) (LPSTR) aPropertiesHelpIds);
return (TRUE);
}
return FALSE;
}
///////////////////////////////////////////////////////////////////////////////
// //
// Class factory object implementation //
// //
///////////////////////////////////////////////////////////////////////////////
CGroupPolicyObjectCF::CGroupPolicyObjectCF()
{
m_cRef = 1;
InterlockedIncrement(&g_cRefThisDll);
}
CGroupPolicyObjectCF::~CGroupPolicyObjectCF()
{
InterlockedDecrement(&g_cRefThisDll);
}
///////////////////////////////////////////////////////////////////////////////
// //
// Class factory object implementation (IUnknown) //
// //
///////////////////////////////////////////////////////////////////////////////
STDMETHODIMP_(ULONG)
CGroupPolicyObjectCF::AddRef()
{
return ++m_cRef;
}
STDMETHODIMP_(ULONG)
CGroupPolicyObjectCF::Release()
{
if (--m_cRef == 0)
{
delete this;
return 0;
}
return m_cRef;
}
STDMETHODIMP
CGroupPolicyObjectCF::QueryInterface(REFIID riid, LPVOID FAR* ppv)
{
if (IsEqualIID(riid, IID_IUnknown) || IsEqualIID(riid, IID_IClassFactory))
{
*ppv = (LPCLASSFACTORY)this;
m_cRef++;
return S_OK;
}
else
{
*ppv = NULL;
return E_NOINTERFACE;
}
}
///////////////////////////////////////////////////////////////////////////////
// //
// Class factory object implementation (IClassFactory) //
// //
///////////////////////////////////////////////////////////////////////////////
STDMETHODIMP
CGroupPolicyObjectCF::CreateInstance(LPUNKNOWN pUnkOuter,
REFIID riid,
LPVOID FAR* ppvObj)
{
*ppvObj = NULL;
if (pUnkOuter)
return CLASS_E_NOAGGREGATION;
CGroupPolicyObject *pGroupPolicyObject = new CGroupPolicyObject(); // ref count == 1
if (!pGroupPolicyObject)
return E_OUTOFMEMORY;
HRESULT hr = pGroupPolicyObject->QueryInterface(riid, ppvObj);
pGroupPolicyObject->Release(); // release initial ref
return hr;
}
STDMETHODIMP
CGroupPolicyObjectCF::LockServer(BOOL fLock)
{
return E_NOTIMPL;
}
//*************************************************************
//
// CGroupPolicyObject::GetProperty
//
// Purpose: Retrieves a property from DS or from gpt.ini
//
// Parameters: pszProp - Property to get
// xValueIn - Value returned here
//
// Returns: S_OK if successful
//
//*************************************************************
HRESULT CGroupPolicyObject::GetProperty( TCHAR *pszProp, XPtrST<TCHAR>& xValueIn )
{
HRESULT hr = E_FAIL;
if ( m_gpoType == GPOTypeDS )
{
VARIANT var;
BSTR bstrProperty;
VariantInit( &var );
bstrProperty = SysAllocString( pszProp );
if ( bstrProperty == NULL )
return E_OUTOFMEMORY;
hr = m_pADs->Get( bstrProperty, &var );
if ( SUCCEEDED(hr) )
{
TCHAR *pszValue = new TCHAR[lstrlen(var.bstrVal) + 1];
if ( pszValue == 0 )
hr = E_OUTOFMEMORY;
else
{
lstrcpy( pszValue, var.bstrVal );
xValueIn.Set( pszValue );
hr = S_OK;
}
} else if ( hr == E_ADS_PROPERTY_NOT_FOUND )
{
//
// Property has not be written out before
//
hr = S_OK;
}
if ( FAILED(hr) ) {
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::GetProperty: Failed with errorcode 0x%x"), hr));
}
SysFreeString( bstrProperty );
VariantClear( &var );
return hr;
}
else
{
TCHAR szPath[2*MAX_PATH];
//
// Get the file system path
//
hr = GetPath (szPath, ARRAYSIZE(szPath));
if ( FAILED(hr) ) {
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::GetProperty: Failed with errorcode 0x%x"), hr));
}
LPTSTR lpEnd = CheckSlash (szPath);
lstrcpy (lpEnd, TEXT("GPT.INI"));
XPtrST<TCHAR> xszValue( new TCHAR[2*MAX_PATH] );
if ( xszValue.GetPointer() == NULL )
return E_OUTOFMEMORY;
DWORD dwSize = (2*MAX_PATH);
DWORD dwCount = GetPrivateProfileString( TEXT("General"),
pszProp,
TEXT(""),
xszValue.GetPointer(),
dwSize,
szPath );
while ( dwCount == dwSize - 1 )
{
//
// Value has been truncated, so retry with larger buffer
//
dwSize *= 2;
delete xszValue.Acquire();
xszValue.Set( new TCHAR[dwSize] );
if ( xszValue.GetPointer() == NULL )
return E_OUTOFMEMORY;
dwCount = GetPrivateProfileString( TEXT("General"),
pszProp,
TEXT(""),
xszValue.GetPointer(),
dwSize,
szPath );
}
xValueIn.Set( xszValue.Acquire() );
return S_OK;
}
}
//*************************************************************
//
// CGroupPolicyObject::SetProperty
//
// Purpose: Writes a property to DS or to gpt.ini
//
// Parameters: pszProp - Property to set
// pszPropValue - Property value
//
// Returns: S_OK if successful
//
//*************************************************************
HRESULT CGroupPolicyObject::SetProperty( TCHAR *pszProp, TCHAR *pszPropValue )
{
HRESULT hr = E_FAIL;
if ( m_gpoType == GPOTypeDS )
{
VARIANT var;
VariantInit( &var );
var.vt = VT_BSTR;
var.bstrVal = SysAllocString( pszPropValue );
if ( var.bstrVal == 0 )
return E_OUTOFMEMORY;
BSTR bstrProperty = SysAllocString( pszProp );
if ( bstrProperty == 0 )
{
VariantClear( &var );
return E_OUTOFMEMORY;
}
hr = m_pADs->Put( bstrProperty, var );
if ( FAILED(hr) )
{
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::SetProperty: Failed with errorcode 0x%x"), hr));
return hr;
}
SysFreeString( bstrProperty );
VariantClear( &var );
return S_OK;
}
else
{
TCHAR szPath[2*MAX_PATH];
//
// Get the file system path
//
hr = GetPath (szPath, ARRAYSIZE(szPath));
if ( FAILED(hr) ) {
DebugMsg((DM_WARNING, TEXT("CGroupPolicyObject::SetProperty: Failed with errorcode 0x%x"), hr));
}
LPTSTR lpEnd = CheckSlash (szPath);
lstrcpy (lpEnd, TEXT("GPT.INI"));
BOOL bOk = WritePrivateProfileString( TEXT("General"),
pszProp,
pszPropValue,
szPath );
if ( bOk )
hr = S_OK;
else
hr = GetLastError();
return hr;
}
}