Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

1646 lines
49 KiB

#include "stdafx.h"
#include <ole2.h>
#include "iadm.h"
#include "iiscnfgp.h"
#include "mdkey.h"
#include "mdacl.h"
#include "inetinfo.h"
#include "log.h"
#include "svc.h"
#include "dcomperm.h"
#include "setpass.h"
#include <comadmin.h> // CLSID_COMAdminCatalog
#include "comadmii.c" // CLSID_COMAdminCatalog
typedef TCHAR USERNAME_STRING_TYPE[MAX_PATH];
typedef TCHAR PASSWORD_STRING_TYPE[LM20_PWLEN+1];
typedef enum {
GUFM_SUCCESS,
GUFM_NO_PATH,
GUFM_NO_PASSWORD,
GUFM_NO_USER_ID
} GUFM_RETURN;
#define OPEN_TIMEOUT_VALUE 30000
#define MD_SET_DATA_RECORD_EXT(PMDR, ID, ATTR, UTYPE, DTYPE, DLEN, PD) \
{ \
(PMDR)->dwMDIdentifier=ID; \
(PMDR)->dwMDAttributes=ATTR; \
(PMDR)->dwMDUserType=UTYPE; \
(PMDR)->dwMDDataType=DTYPE; \
(PMDR)->dwMDDataLen=DLEN; \
(PMDR)->pbMDData=(PBYTE)PD; \
}
#define SYSPREP_TEMPFILE_NAME _T("IISSysPr.tmp")
#define SYSPREP_KNOWN_SECTION_NAME _T("paths")
#define SYSPREP_KNOWN_REGISTRY_KEY _T("SysPrepIISInfo")
#define SYSPREP_TEMP_PASSWORD_LENGTH 256
#define SYSPREP_USE_SECRETS
#define REG_ENABLEPASSSYNC_KEY _T("SOFTWARE\\Microsoft\\InetStp")
#define REG_ENABLEPASSSYNC_VALUE _T("EnableUserAccountRestorePassSync")
DWORD AddUserToMetabaseACL2(CString csKeyPath, LPTSTR szUserToAdd, ACCESS_ALLOWED_ACE * MyACEInfo);
#ifndef _CHICAGO_
HRESULT
UpdateComApplications(
IMSAdminBase2 * pcCom,
LPCTSTR szWamUserName,
LPCTSTR szWamUserPass
)
/*++
Routine Description:
If the IWAM account has been modified, it is necessary to update the
the out of process com+ applications with the correct account
information. This routine will collect all the com+ applications and
reset the activation information.
Arguments:
pcCom - metabase object
szWamUserName - the new user name
szWamUserPass - the new user password
Note:
This routine is a royal pain in the butt. I take back
all the good things I may have said about com automation.
Return Value:
HRESULT - Return value from failed API call
- E_OUTOFMEMORY
- S_OK - everything worked
- S_FALSE - encountered a non-fatal error, unable
to reset at least one application.
--*/
{
HRESULT hr = NOERROR;
BOOL fNoErrors = TRUE;
METADATA_HANDLE hMetabase = NULL;
WCHAR * pwszDataPaths = NULL;
DWORD cchDataPaths = 0;
BOOL fTryAgain;
DWORD cMaxApplications;
WCHAR * pwszCurrentPath;
SAFEARRAY * psaApplications = NULL;
SAFEARRAYBOUND rgsaBound[1];
DWORD cApplications;
VARIANT varAppKey;
LONG rgIndices[1];
METADATA_RECORD mdrAppIsolated;
METADATA_RECORD mdrAppPackageId;
DWORD dwAppIsolated;
WCHAR wszAppPackageId[ 40 ];
DWORD dwMDGetDataLen = 0;
ICOMAdminCatalog * pComCatalog = NULL;
ICatalogCollection * pComAppCollection = NULL;
ICatalogObject * pComApp = NULL;
BSTR bstrAppCollectionName = NULL;
LONG nAppsInCollection;
LONG iCurrentApp;
LONG nChanges;
VARIANT varOldAppIdentity;
VARIANT varNewAppIdentity;
VARIANT varNewAppPassword;
// This is built unicode right now. Since all the com apis I need
// are unicode only I'm using wide characters here. I should get
// plenty of compiler errors if _UNICODE isn't defined, but just
// in case....
DBG_ASSERT( sizeof(TCHAR) == sizeof(WCHAR) );
iisDebugOut((LOG_TYPE_TRACE, _T("UpdateComApplications():start\n")));
// Init variants
VariantInit( &varAppKey );
VariantInit( &varOldAppIdentity );
VariantInit( &varNewAppIdentity );
VariantInit( &varNewAppPassword );
//
// Get the applications to be reset by querying the metabase paths
//
hr = pcCom->OpenKey( METADATA_MASTER_ROOT_HANDLE,
L"LM/W3SVC",
METADATA_PERMISSION_READ,
OPEN_TIMEOUT_VALUE,
&hMetabase
);
if( FAILED(hr) )
{
iisDebugOut((LOG_TYPE_ERROR, _T("Failed to open metabase (%08x)\n"),hr));
goto cleanup;
}
// Get the data paths string
fTryAgain = TRUE;
do
{
hr = pcCom->GetDataPaths( hMetabase,
NULL,
MD_APP_PACKAGE_ID,
STRING_METADATA,
cchDataPaths,
pwszDataPaths,
&cchDataPaths
);
if( HRESULT_FROM_WIN32(ERROR_INSUFFICIENT_BUFFER) == hr )
{
delete[] pwszDataPaths;
pwszDataPaths = NULL;
pwszDataPaths = new WCHAR[cchDataPaths];
if( !pwszDataPaths )
{
hr = E_OUTOFMEMORY;
goto cleanup;
}
}
else
{
fTryAgain = FALSE;
}
}
while( fTryAgain );
if( FAILED(hr) )
{
iisDebugOut((LOG_TYPE_ERROR, _T("Failed to find metadata (%08x) Data(%d)\n"),hr,MD_APP_PACKAGE_ID));
goto cleanup;
}
else if (pwszDataPaths == NULL)
{
//
// If we found no isolated apps, make the path list an empty multisz
//
cchDataPaths = 1;
pwszDataPaths = new WCHAR[cchDataPaths];
if( !pwszDataPaths )
{
hr = E_OUTOFMEMORY;
goto cleanup;
}
pwszDataPaths[0] = L'\0';
}
// Determine the maximum number of applications
cMaxApplications = 1; // The pooled application
for( pwszCurrentPath = pwszDataPaths;
*pwszCurrentPath != L'\0';
pwszCurrentPath += wcslen(pwszCurrentPath) + 1
)
{
cMaxApplications++;
}
//
// Build a key array and load the com applications.
//
// Create an array to hold the keys
rgsaBound[0].cElements = cMaxApplications;
rgsaBound[0].lLbound = 0;
psaApplications = SafeArrayCreate( VT_VARIANT, 1, rgsaBound );
if( psaApplications == NULL )
{
hr = E_OUTOFMEMORY;
goto cleanup;
}
// Set the out of process pool application key
varAppKey.vt = VT_BSTR;
varAppKey.bstrVal = SysAllocString( W3_OOP_POOL_PACKAGE_ID );
if( !varAppKey.bstrVal )
{
hr = E_OUTOFMEMORY;
goto cleanup;
}
rgIndices[0] = 0;
hr = SafeArrayPutElement( psaApplications, rgIndices, &varAppKey );
if( FAILED(hr) )
{
iisDebugOut((LOG_TYPE_ERROR, _T("Failed setting an element in a safe array (%08x)\n"),hr));
goto cleanup;
}
// For each of the application paths determine if an out of process
// application is defined there and set the appropriate key into
// our array
MD_SET_DATA_RECORD_EXT( &mdrAppIsolated,
MD_APP_ISOLATED,
METADATA_NO_ATTRIBUTES,
ALL_METADATA,
DWORD_METADATA,
sizeof(DWORD),
(PBYTE)&dwAppIsolated
);
MD_SET_DATA_RECORD_EXT( &mdrAppPackageId,
MD_APP_PACKAGE_ID,
METADATA_NO_ATTRIBUTES,
ALL_METADATA,
STRING_METADATA,
sizeof(wszAppPackageId),
(PBYTE)wszAppPackageId
);
wszAppPackageId[0] = L'\0';
// Go through each data path and set it into our array if
// it is an isolated application
cApplications = 1; // Actual # of applications - 1 for pool
for( pwszCurrentPath = pwszDataPaths;
*pwszCurrentPath != L'\0';
pwszCurrentPath += wcslen(pwszCurrentPath) + 1
)
{
hr = pcCom->GetData( hMetabase,
pwszCurrentPath,
&mdrAppIsolated,
&dwMDGetDataLen
);
if( FAILED(hr) )
{
iisDebugOut(( LOG_TYPE_ERROR,
_T("Failed to get data from the metabase (%08x) Path(%S) Data(%d)\n"),
hr,
pwszCurrentPath,
mdrAppIsolated.dwMDIdentifier
));
fNoErrors = FALSE;
continue;
}
// Is the application out of process
if( dwAppIsolated == 1 )
{
// Get the application id
hr = pcCom->GetData( hMetabase,
pwszCurrentPath,
&mdrAppPackageId,
&dwMDGetDataLen
);
if( FAILED(hr) )
{
iisDebugOut(( LOG_TYPE_ERROR,
_T("Failed to get data from the metabase (%08x) Path(%S) Data(%d)\n"),
hr,
pwszCurrentPath,
mdrAppPackageId.dwMDIdentifier
));
fNoErrors = FALSE;
continue;
}
// Add the application id to the array
VariantClear( &varAppKey );
varAppKey.vt = VT_BSTR;
varAppKey.bstrVal = SysAllocString( wszAppPackageId );
if( !varAppKey.bstrVal )
{
hr = E_OUTOFMEMORY;
goto cleanup;
}
rgIndices[0]++;
hr = SafeArrayPutElement( psaApplications,
rgIndices,
&varAppKey
);
if( FAILED(hr) )
{
iisDebugOut(( LOG_TYPE_ERROR,
_T("Failed to set safe array element (%08x)\n"),
hr
));
VariantClear( &varAppKey );
rgIndices[0]--;
fNoErrors = FALSE;
continue;
}
cApplications++;
}
}
// Done with the metabase
pcCom->CloseKey(hMetabase);
hMetabase = NULL;
// Shrink the size of the safe-array if necessary
if( cApplications < cMaxApplications )
{
rgsaBound[0].cElements = cApplications;
hr = SafeArrayRedim( psaApplications, rgsaBound );
if( FAILED(hr) )
{
iisDebugOut(( LOG_TYPE_ERROR,
_T("Failed to redim safe array (%08x)\n"),
hr
));
goto cleanup;
}
}
//
// For each application reset the activation identity
//
// Use our key array to get the application collection
hr = CoCreateInstance( CLSID_COMAdminCatalog,
NULL,
CLSCTX_SERVER,
IID_ICOMAdminCatalog,
(void**)&pComCatalog
);
if( FAILED(hr) )
{
iisDebugOut(( LOG_TYPE_ERROR,
_T("Failed to create COM catalog (%08x)\n"),
hr
));
goto cleanup;
}
hr = pComCatalog->GetCollection( L"Applications",
(IDispatch **)&pComAppCollection
);
if( FAILED(hr) )
{
iisDebugOut(( LOG_TYPE_ERROR,
_T("Failed to get Applications collection (%08x)\n"),
hr
));
goto cleanup;
}
hr = pComAppCollection->PopulateByKey( psaApplications );
if( FAILED(hr) )
{
iisDebugOut(( LOG_TYPE_ERROR,
_T("Failed to populate Applications collection (%08x)\n"),
hr
));
goto cleanup;
}
// Iterate over the application collection and update all the
// applications that use IWAM.
hr = pComAppCollection->get_Count( &nAppsInCollection );
if( FAILED(hr) )
{
iisDebugOut(( LOG_TYPE_ERROR,
_T("Failed to get Applications count (%08x)\n"),
hr
));
goto cleanup;
}
// Init our new app identity and password.
varNewAppIdentity.vt = VT_BSTR;
varNewAppIdentity.bstrVal = SysAllocString( szWamUserName );
if( !varNewAppIdentity.bstrVal )
{
hr = E_OUTOFMEMORY;
goto cleanup;
}
varNewAppPassword.vt = VT_BSTR;
varNewAppPassword.bstrVal = SysAllocString( szWamUserPass );
if( !varNewAppPassword.bstrVal )
{
hr = E_OUTOFMEMORY;
goto cleanup;
}
for( iCurrentApp = 0; iCurrentApp < nAppsInCollection; ++iCurrentApp )
{
if( pComApp )
{
pComApp->Release();
pComApp = NULL;
}
if( varOldAppIdentity.vt != VT_EMPTY )
{
VariantClear( &varOldAppIdentity );
}
hr = pComAppCollection->get_Item( iCurrentApp,
(IDispatch **)&pComApp );
if( FAILED(hr) )
{
iisDebugOut(( LOG_TYPE_ERROR,
_T("Failed to get item from Applications collection (%08x)\n"),
hr
));
fNoErrors = FALSE;
continue;
}
// If the user has set this to something other than the IWAM_
// user, then we will respect that and not reset the identiy.
hr = pComApp->get_Value( L"Identity", &varOldAppIdentity );
if( FAILED(hr) )
{
iisDebugOut(( LOG_TYPE_ERROR,
_T("Failed to get Identify from Application (%08x)\n"),
hr
));
fNoErrors = FALSE;
continue;
}
DBG_ASSERT( varOldAppIdentity.vt == VT_BSTR );
if( varOldAppIdentity.vt == VT_BSTR )
{
if( memcmp( L"IWAM_", varOldAppIdentity.bstrVal, 10 ) == 0 )
{
hr = pComApp->put_Value( L"Identity", varNewAppIdentity );
if( FAILED(hr) )
{
iisDebugOut(( LOG_TYPE_ERROR,
_T("Failed to set new Identify (%08x)\n"),
hr
));
fNoErrors = FALSE;
continue;
}
hr = pComApp->put_Value( L"Password", varNewAppPassword );
if( FAILED(hr) )
{
iisDebugOut(( LOG_TYPE_ERROR,
_T("Failed to set new Password (%08x)\n"),
hr
));
fNoErrors = FALSE;
continue;
}
}
else
{
DBGINFO(( DBG_CONTEXT,
"Unrecognized application identity (%S)\n",
varOldAppIdentity.bstrVal
));
}
}
}
hr = pComAppCollection->SaveChanges( &nChanges );
if( FAILED(hr) )
{
iisDebugOut(( LOG_TYPE_ERROR,
_T("Failed to save changes (%08x)\n"),
hr
));
goto cleanup;
}
goto cleanup;
cleanup:
if( hMetabase != NULL )
{
pcCom->CloseKey(hMetabase);
}
if( psaApplications != NULL )
{
SafeArrayDestroy( psaApplications );
}
if( pComCatalog != NULL )
{
pComCatalog->Release();
}
if( pComAppCollection != NULL )
{
pComAppCollection->Release();
}
if( pComApp != NULL )
{
pComApp->Release();
}
if( varAppKey.vt != VT_EMPTY )
{
VariantClear( &varAppKey );
}
if( varOldAppIdentity.vt != VT_EMPTY )
{
VariantClear( &varOldAppIdentity );
}
if( varNewAppIdentity.vt != VT_EMPTY )
{
VariantClear( &varNewAppIdentity );
}
if( varNewAppPassword.vt != VT_EMPTY )
{
VariantClear( &varNewAppPassword );
}
delete [] pwszDataPaths;
iisDebugOut((LOG_TYPE_TRACE, _T("UpdateComApplications():end\n")));
// return
if( FAILED(hr) )
{
return hr;
}
else if( fNoErrors == FALSE )
{
return S_FALSE;
}
else
{
return S_OK;
}
}
GUFM_RETURN GetUserFromMetabase(IMSAdminBase2 *pcCom,
LPWSTR pszPath,
DWORD dwUserMetaId,
DWORD dwPasswordMetaId,
USERNAME_STRING_TYPE ustUserBuf,
PASSWORD_STRING_TYPE pstPasswordBuf)
{
HRESULT hresTemp;
GUFM_RETURN gufmReturn = GUFM_SUCCESS;
METADATA_RECORD mdrData;
DWORD dwRequiredDataLen;
METADATA_HANDLE mhOpenHandle;
hresTemp = pcCom->OpenKey(METADATA_MASTER_ROOT_HANDLE,
pszPath,
METADATA_PERMISSION_READ,
OPEN_TIMEOUT_VALUE,
&mhOpenHandle);
if (FAILED(hresTemp)) {
gufmReturn = GUFM_NO_PATH;
}
else {
MD_SET_DATA_RECORD_EXT(&mdrData,
dwUserMetaId,
METADATA_NO_ATTRIBUTES,
ALL_METADATA,
STRING_METADATA,
MAX_PATH * sizeof(TCHAR),
(PBYTE)ustUserBuf)
hresTemp = pcCom->GetData(mhOpenHandle,
NULL,
&mdrData,
&dwRequiredDataLen);
if (FAILED(hresTemp) || (ustUserBuf[0] == (TCHAR)'\0')) {
gufmReturn = GUFM_NO_USER_ID;
}
else {
MD_SET_DATA_RECORD_EXT(&mdrData,
dwPasswordMetaId,
METADATA_NO_ATTRIBUTES,
ALL_METADATA,
STRING_METADATA,
MAX_PATH * sizeof(TCHAR),
(PBYTE)pstPasswordBuf)
hresTemp = pcCom->GetData(mhOpenHandle,
NULL,
&mdrData,
&dwRequiredDataLen);
if (FAILED(hresTemp)) {
gufmReturn = GUFM_NO_PASSWORD;
}
}
pcCom->CloseKey(mhOpenHandle);
}
return gufmReturn;
}
#endif
HRESULT WINAPI SysPrepAclSyncIWam(void)
{
HRESULT hr = S_OK;
IMSAdminBase2 * pcCom;
GUFM_RETURN gufmTemp;
iisDebugOut((LOG_TYPE_PROGRAM_FLOW, _T("start\n")));
hr = CoCreateInstance(CLSID_MSAdminBase,NULL,CLSCTX_ALL,IID_IMSAdminBase2,(void **) & pcCom);
if (SUCCEEDED(hr))
{
#ifndef _CHICAGO_
PASSWORD_STRING_TYPE pstAnonyPass;
USERNAME_STRING_TYPE ustAnonyName;
pstAnonyPass[0] = (TCHAR)'\0';
ustAnonyName[0] = (TCHAR)'\0';
//
// Get the WAM username and password
//
gufmTemp = GetUserFromMetabase(pcCom,
TEXT("LM/W3SVC"),
MD_WAM_USER_NAME,
MD_WAM_PWD,
ustAnonyName,
pstAnonyPass);
UpdateComApplications(pcCom,ustAnonyName,pstAnonyPass);
#endif
pcCom->Release();
}
// Loop thru all the acl's
// and get the values, store it somewhere
iisDebugOut((LOG_TYPE_PROGRAM_FLOW, _T("end,ret=0x%x\n"),hr));
return hr;
}
// function: ReSetIWamIUsrPasswds
//
// This function Changes the IWAM and IUSR passwords the
// metabase. Then sets a reg entry, and stops and starts
// iisadmin. This causes iisadmin to reset the password in NT,
// and re sync the com objects.
//
// Return:
// TRUE - Succeeded
// FALSE - Failed
//
BOOL ReSetIWamIUsrPasswds(void)
{
DWORD dwType;
DWORD dwValue;
DWORD dwSize;
DWORD dwOldRegValue;
BOOL fOldRegWasSet = FALSE;
CMDKey cmdKey;
LPTSTR pszNewPassword = NULL;
HKEY hKey;
iisDebugOut((LOG_TYPE_TRACE, _T("ReSetIWamIUsrPasswds:start\n")));
if ( RegOpenKeyEx(HKEY_LOCAL_MACHINE,
REG_ENABLEPASSSYNC_KEY,
0,
KEY_READ | KEY_WRITE,
&hKey) != ERROR_SUCCESS)
{
// If we can not open the registry to set the flag,
// there is not hope in resetting the password
return FALSE;
}
cmdKey.OpenNode(TEXT("LM/W3SVC"));
// Set New IUSR Password
if (pszNewPassword = CreatePassword(LM20_PWLEN+1))
{
cmdKey.SetData(MD_ANONYMOUS_PWD,METADATA_INHERIT | METADATA_SECURE,IIS_MD_UT_FILE,STRING_METADATA,(_tcslen(pszNewPassword)+1)*sizeof(TCHAR),(LPBYTE) pszNewPassword);
GlobalFree(pszNewPassword);
}
// Set New IWAM Password
if (pszNewPassword = CreatePassword(LM20_PWLEN+1))
{
cmdKey.SetData(MD_WAM_PWD,METADATA_INHERIT | METADATA_SECURE,IIS_MD_UT_FILE,STRING_METADATA,(_tcslen(pszNewPassword)+1)*sizeof(TCHAR),(LPBYTE) pszNewPassword);
GlobalFree(pszNewPassword);
}
cmdKey.Close();
// Retrieve Old Value for REG_ENABLEPASSSYNC
dwSize = sizeof(DWORD);
if ( (RegQueryValueEx(hKey,REG_ENABLEPASSSYNC_VALUE,NULL,&dwType,(LPBYTE) &dwValue,&dwSize) == ERROR_SUCCESS) &&
(dwType == REG_DWORD)
)
{
fOldRegWasSet = TRUE;
dwOldRegValue = dwValue;
}
// Set New Value
dwSize = sizeof(DWORD);
dwType = REG_DWORD;
dwValue = 1;
if (RegSetValueEx(hKey,REG_ENABLEPASSSYNC_VALUE,0,dwType,(LPBYTE) &dwValue,dwSize) == ERROR_SUCCESS)
{
// Stop IISAdmin Service
StopServiceAndDependencies(TEXT("IISADMIN"), FALSE);
// Start IISAdmin Service (this will resync the passwords)
InetStartService(TEXT("IISADMIN"));
// We are going to reboot after installing, so don't
// worry about starting the services that we cascadingly
// stopped
// Reset the Key to the old value
if (fOldRegWasSet)
{
dwSize = sizeof(DWORD);
dwType = REG_DWORD;
RegSetValueEx(hKey,REG_ENABLEPASSSYNC_VALUE,0,dwType,(LPBYTE) &dwOldRegValue,dwSize);
}
else
{
RegDeleteValue(hKey,REG_ENABLEPASSSYNC_VALUE);
}
}
else
{
RegCloseKey(hKey);
return FALSE;
}
RegCloseKey(hKey);
return TRUE;
}
DWORD SysPrepTempfileWriteAclInfo(HANDLE hFile,CString csKeyPath)
{
DWORD dwReturn = E_FAIL;
BOOL bFound = FALSE;
DWORD attr, uType, dType, cbLen;
CMDKey cmdKey;
BUFFER bufData;
PBYTE pData;
int BufSize;
PSECURITY_DESCRIPTOR pOldSd = NULL;
if (hFile == NULL || hFile == INVALID_HANDLE_VALUE)
{
return S_OK;
}
cmdKey.OpenNode(csKeyPath);
if ( (METADATA_HANDLE) cmdKey )
{
pData = (PBYTE)(bufData.QueryPtr());
BufSize = bufData.QuerySize();
cbLen = 0;
bFound = cmdKey.GetData(MD_ADMIN_ACL, &attr, &uType, &dType, &cbLen, pData, BufSize);
if (!bFound)
{
if (cbLen > 0)
{
if ( ! (bufData.Resize(cbLen)) )
{
iisDebugOut((LOG_TYPE_ERROR, _T("MDDumpAdminACL(): cmdKey.GetData. failed to resize to %d.!\n"), cbLen));
}
else
{
pData = (PBYTE)(bufData.QueryPtr());
BufSize = cbLen;
cbLen = 0;
bFound = cmdKey.GetData(MD_ADMIN_ACL, &attr, &uType, &dType, &cbLen, pData, BufSize);
}
}
}
cmdKey.Close();
if (bFound)
{
// dump out the info
// We've got the acl
pOldSd = (PSECURITY_DESCRIPTOR) pData;
if (IsValidSecurityDescriptor(pOldSd))
{
#ifndef _CHICAGO_
DumpAdminACL(hFile,pOldSd);
dwReturn = ERROR_SUCCESS;
#endif
}
}
else
{
// there was no acl to be found.
}
}
return dwReturn;
}
void SysPrepTempfileWrite(HANDLE hFile,TCHAR * szBuf)
{
DWORD dwBytesWritten = 0;
if (hFile != NULL && hFile != INVALID_HANDLE_VALUE)
{
if (WriteFile(hFile, szBuf, _tcslen(szBuf) * sizeof(TCHAR), &dwBytesWritten, NULL ) == FALSE )
{iisDebugOut((LOG_TYPE_WARN, _T("WriteFile Failed=0x%x.\n"), GetLastError()));}
}
return;
}
// Loop thru all the acl's
// and get the values, store it somewhere
HRESULT WINAPI SysPrepAclBackup(void)
{
HRESULT hRes = S_OK;
CMDKey cmdKey;
CStringList cslpathList;
POSITION pos;
CString csPath;
HANDLE hFile = INVALID_HANDLE_VALUE;
DWORD dwBytesWritten = 0;
TCHAR buf[256];
TCHAR szTempFileNameFull[_MAX_PATH];
iisDebugOut((LOG_TYPE_PROGRAM_FLOW, _T("start\n")));
hRes = cmdKey.OpenNode(_T("/"));
if ( FAILED(hRes) )
{
iisDebugOut((LOG_TYPE_ERROR, _T("OpenNode failed. err=0x%x.\n"), hRes));
goto SysPrepAclBackup_Exit;
}
// get the sub-paths that have the data on them
hRes = cmdKey.GetDataPaths( MD_ADMIN_ACL, BINARY_METADATA, cslpathList);
if ( FAILED(hRes) )
{
iisDebugOut((LOG_TYPE_ERROR, _T("Update()-GetDataPaths failed. err=0x%x.\n"), hRes));
goto SysPrepAclBackup_Exit;
}
// we now have the cstringlist of paths that need to be updated. Loop through the
// list and update them all.
// get the list's head position
pos = cslpathList.GetHeadPosition();
if ( NULL == pos )
{
goto SysPrepAclBackup_Exit;
}
// Create the tempfile
if (!GetWindowsDirectory(szTempFileNameFull,_MAX_PATH))
{
goto SysPrepAclBackup_Exit;
}
AddPath(szTempFileNameFull, SYSPREP_TEMPFILE_NAME);
if (GetFileAttributes(szTempFileNameFull) != 0xFFFFFFFF)
{
// if file already exists, then delete it
SetFileAttributes(szTempFileNameFull, FILE_ATTRIBUTE_NORMAL);
DeleteFile(szTempFileNameFull);
}
// create the file
hFile = CreateFile(szTempFileNameFull,GENERIC_READ | GENERIC_WRITE,FILE_SHARE_READ | FILE_SHARE_WRITE,NULL,OPEN_ALWAYS,FILE_ATTRIBUTE_NORMAL,NULL);
if (hFile == INVALID_HANDLE_VALUE)
{
hFile = NULL;
goto SysPrepAclBackup_Exit;
}
SetFilePointer( hFile, NULL, NULL, FILE_END );
// write a couple of bytes to the beginning of the file say that it's "unicode"
WriteFile(hFile, (LPCVOID) 0xFF, 1, &dwBytesWritten, NULL);
WriteFile(hFile, (LPCVOID) 0xFE, 1, &dwBytesWritten, NULL);
// write a section so that setupapi api's can read it
//
//[version]
//signature="$Windows NT$"
memset(buf, 0, _tcslen(buf) * sizeof(TCHAR));
_tcscpy(buf, _T("[version]\r\n"));SysPrepTempfileWrite(hFile, buf);
_tcscpy(buf, _T("signature=\"$Windows NT$\"\r\n"));SysPrepTempfileWrite(hFile, buf);
// Write in known section
_stprintf(buf, _T("[%s]\r\n"),SYSPREP_KNOWN_SECTION_NAME);SysPrepTempfileWrite(hFile, buf);
// Add entries for the [paths] section
// [paths]
// /
// /w3svc/info
// etc...
//
while ( NULL != pos )
{
// get the next path in question
csPath = cslpathList.GetNext( pos );
// Write to [paths] section
_stprintf(buf, _T("%s\r\n"),csPath);
SysPrepTempfileWrite(hFile, buf);
// Save this whole list to the tempfile....
//iisDebugOut((LOG_TYPE_PROGRAM_FLOW, _T("[%s]\n"),csPath));
}
// close the metabase
if ( (METADATA_HANDLE)cmdKey )
{cmdKey.Close();}
// go to the top of the list again
pos = cslpathList.GetHeadPosition();
while ( NULL != pos )
{
// get the next path in question
csPath = cslpathList.GetNext( pos );
// Write to [paths] section
_stprintf(buf, _T("[%s]\r\n"),csPath);
SysPrepTempfileWrite(hFile, buf);
// Get the info that we will add to this section from looking up the metabase...
// open up the metabase item for each of them.
// Grab the AdminACL data, convert it to username/permissions
// save the username/permission data into text format
SysPrepTempfileWriteAclInfo(hFile,csPath);
}
SysPrepAclBackup_Exit:
if ( (METADATA_HANDLE)cmdKey )
{cmdKey.Close();}
if (hFile)
{CloseHandle(hFile);}
iisDebugOut((LOG_TYPE_PROGRAM_FLOW, _T("end,ret=0x%x\n"),hRes));
return hRes;
}
void SysPrepRestoreAclSection(IN HINF hFile, IN LPCTSTR szSection)
{
LPTSTR szLine = NULL;
DWORD dwRequiredSize;
BOOL bRet = FALSE;
INFCONTEXT Context;
// go to the beginning of the section in the INF file
bRet = SetupFindFirstLine_Wrapped(hFile, szSection, NULL, &Context);
if (!bRet)
{
goto SysPrepRestoreAclSection_Exit;
}
// loop through the items in the section.
while (bRet)
{
// get the size of the memory we need for this
bRet = SetupGetLineText(&Context, NULL, NULL, NULL, NULL, 0, &dwRequiredSize);
// prepare the buffer to receive the line
szLine = (LPTSTR)GlobalAlloc( GPTR, dwRequiredSize * sizeof(TCHAR) );
if ( !szLine )
{
goto SysPrepRestoreAclSection_Exit;
}
// get the line from the inf file1
if (SetupGetLineText(&Context, NULL, NULL, NULL, szLine, dwRequiredSize, NULL) == FALSE)
{
goto SysPrepRestoreAclSection_Exit;
}
// The line we get should look something like this:
//
//[/]
//IIS_WPG,0x0,0x0,0x24,0x400ab
//Administrators,0x0,0x0,0x18,0x400ab
//Everyone,0x0,0x0,0x14,0x8
// Get everything to the left of the "=" sign
// this should be the username
TCHAR szUserName[UNLEN + 1];
ACCESS_ALLOWED_ACE MyNewACE;
/*
typedef struct _ACCESS_ALLOWED_ACE {
ACE_HEADER Header;
ACCESS_MASK Mask;
ULONG SidStart;
} ACCESS_ALLOWED_ACE;
typedef struct _ACE_HEADER {
UCHAR AceType;
UCHAR AceFlags;
USHORT AceSize;
} ACE_HEADER;
typedef ACE_HEADER *PACE_HEADER;
typedef ULONG ACCESS_MASK;
*/
TCHAR *token = NULL;
token = _tcstok(szLine, _T(","));
if (token == NULL)
{
goto SysPrepRestoreAclSection_Exit;
}
// Get the username
_tcscpy(szUserName,token);
// Get the next 4 values...
token = _tcstok(NULL, _T(","));
if (NULL == token){goto SysPrepRestoreAclSection_Exit;}
MyNewACE.Header.AceType = (UCHAR) atodw(token);
token = _tcstok(NULL, _T(","));
if (NULL == token){goto SysPrepRestoreAclSection_Exit;}
MyNewACE.Header.AceFlags = (UCHAR) atodw(token);
token = _tcstok(NULL, _T(","));
if (NULL == token){goto SysPrepRestoreAclSection_Exit;}
MyNewACE.Header.AceSize = (USHORT) atodw(token);
token = _tcstok(NULL, _T(","));
if (NULL == token){goto SysPrepRestoreAclSection_Exit;}
MyNewACE.Mask = atodw(token);
//iisDebugOut((LOG_TYPE_TRACE, _T("NewACLinfo:%s,0x%x,0x%x,0x%x,0x%x\n"),szUserName,MyNewACE.Header.AceType,MyNewACE.Header.AceFlags,MyNewACE.Header.AceSize,MyNewACE.Mask));
// Grab this info and create an ACL for it.
AddUserToMetabaseACL2(szSection,szUserName,&MyNewACE);
// find the next line in the section. If there is no next line it should return false
bRet = SetupFindNextLine(&Context, &Context);
// free the temporary buffer
GlobalFree( szLine );szLine=NULL;
szLine = NULL;
}
SysPrepRestoreAclSection_Exit:
if (szLine) {GlobalFree(szLine);szLine=NULL;}
return;
}
DWORD AddUserToMetabaseACL2(CString csKeyPath, LPTSTR szUserToAdd, ACCESS_ALLOWED_ACE * MyACEInfo)
{
DWORD dwReturn = E_FAIL;
BOOL bFound = FALSE;
DWORD attr, uType, dType, cbLen;
CMDKey cmdKey;
BUFFER bufData;
PBYTE pData;
int BufSize;
iisDebugOut((LOG_TYPE_TRACE_WIN32_API, _T("AddUserToMetabaseACL2():start. MyACEInfo->Mask=0x%x.\n"), MyACEInfo->Mask));
PSECURITY_DESCRIPTOR pOldSd = NULL;
PSECURITY_DESCRIPTOR pNewSd = NULL;
cmdKey.OpenNode(csKeyPath);
if ( (METADATA_HANDLE) cmdKey )
{
pData = (PBYTE)(bufData.QueryPtr());
BufSize = bufData.QuerySize();
cbLen = 0;
bFound = cmdKey.GetData(MD_ADMIN_ACL, &attr, &uType, &dType, &cbLen, pData, BufSize);
if (!bFound)
{
if (cbLen > 0)
{
if ( ! (bufData.Resize(cbLen)) )
{
iisDebugOut((LOG_TYPE_ERROR, _T("AddUserToMetabaseACL2(): cmdKey.GetData. failed to resize to %d.!\n"), cbLen));
}
else
{
pData = (PBYTE)(bufData.QueryPtr());
BufSize = cbLen;
cbLen = 0;
bFound = cmdKey.GetData(MD_ADMIN_ACL, &attr, &uType, &dType, &cbLen, pData, BufSize);
}
}
}
cmdKey.Close();
if (bFound)
{
// We've got the acl
// so now we want to add a user to it.
pOldSd = (PSECURITY_DESCRIPTOR) pData;
if (IsValidSecurityDescriptor(pOldSd))
{
DWORD AccessMask = (MD_ACR_READ |MD_ACR_WRITE |MD_ACR_RESTRICTED_WRITE |MD_ACR_UNSECURE_PROPS_READ |MD_ACR_ENUM_KEYS |MD_ACR_WRITE_DAC);
PSID principalSID = NULL;
BOOL bWellKnownSID = FALSE;
// Get the SID for the certain string (administrator or everyone or whoever)
dwReturn = GetPrincipalSID(szUserToAdd, &principalSID, &bWellKnownSID);
if (dwReturn != ERROR_SUCCESS)
{
iisDebugOut((LOG_TYPE_WARN, _T("AddUserToMetabaseACL2:GetPrincipalSID(%s) FAILED. Error()= 0x%x\n"), szUserToAdd, dwReturn));
return dwReturn;
}
#ifndef _CHICAGO_
//#define ACCESS_ALLOWED_ACE_TYPE (0x0)
//#define ACCESS_DENIED_ACE_TYPE (0x1)
//#define SYSTEM_AUDIT_ACE_TYPE (0x2)
if (FALSE == AddUserAccessToSD(pOldSd,principalSID,MyACEInfo->Mask,MyACEInfo->Header.AceType,&pNewSd))
{
return dwReturn;
}
if (pNewSd)
{
// We have a new self relative SD
// lets write it to the metabase.
if (IsValidSecurityDescriptor(pNewSd))
{
dwReturn = WriteSDtoMetaBase(pNewSd, csKeyPath);
}
else
{
iisDebugOut((LOG_TYPE_ERROR, _T("AddUserToMetabaseACL2:IsValidSecurityDescriptor failed, bad sd\n")));
}
}
#endif
}
}
else
{
// there was no acl to be found.
}
}
if (pNewSd){GlobalFree(pNewSd);}
iisDebugOut((LOG_TYPE_TRACE_WIN32_API, _T("AddUserToMetabaseACL2():End. Return=0x%x.\n"), dwReturn));
return dwReturn;
}
HRESULT WINAPI SysPrepAclRestore(void)
{
HRESULT hr = S_OK;
HINF InfHandle;
TCHAR szTempFileNameFull[_MAX_PATH];
CStringList strList;
CString csTheSection = SYSPREP_KNOWN_SECTION_NAME;
iisDebugOut((LOG_TYPE_PROGRAM_FLOW, _T("start\n")));
//MDDumpAdminACL(_T("/"));
// Loop thru our data file
// Create the tempfile
if (!GetWindowsDirectory(szTempFileNameFull,_MAX_PATH))
{
goto SysPrepAclRestore_Exit;
}
AddPath(szTempFileNameFull, SYSPREP_TEMPFILE_NAME);
// Get a handle to it.
InfHandle = SetupOpenInfFile(szTempFileNameFull, NULL, INF_STYLE_WIN4, NULL);
if(InfHandle == INVALID_HANDLE_VALUE)
{
goto SysPrepAclRestore_Exit;
}
if (ERROR_SUCCESS == FillStrListWithListOfSections(InfHandle, strList, csTheSection))
{
// loop thru the list returned back
if (strList.IsEmpty() == FALSE)
{
POSITION pos;
CString csEntry;
pos = strList.GetHeadPosition();
while (pos)
{
csEntry = strList.GetAt(pos);
// go get this section and read thru it's info
SysPrepRestoreAclSection(InfHandle, csEntry);
strList.GetNext(pos);
}
}
}
//MDDumpAdminACL(_T("/"));
if (GetFileAttributes(szTempFileNameFull) != 0xFFFFFFFF)
{
// if file already exists, then delete it
SetFileAttributes(szTempFileNameFull, FILE_ATTRIBUTE_NORMAL);
DeleteFile(szTempFileNameFull);
}
SysPrepAclRestore_Exit:
iisDebugOut((LOG_TYPE_PROGRAM_FLOW, _T("end,ret=0x%x\n"),hr));
return hr;
}
//
// DO NOT REMOVE THIS ENTRY POINT
//
// Entry point used by SysPrep in Whistler
//
// When sysprep runs, it is going to reset the machine sid
// so when that happens all the crypto stuff is broken.
// we had to implement this stuff so that before sysprep
// changes the sid (and thus breaking crypto) we can save our
// working metabase off somewhere (without crypto key encryption)
//
// At some point after sysprep has changed the machine sid
// it will call us into SysPrepRestore() and we wil restore
// our metabase using the new crypto keys on the machine.
//
HRESULT WINAPI SysPrepBackup(void)
{
HRESULT hr = S_OK;
WCHAR lpwszBackupLocation[_MAX_PATH];
DWORD dwMDVersion;
DWORD dwMDFlags;
WCHAR * pwszPassword = NULL;
BOOL bThingsAreGood = FALSE;
IMSAdminBase2 * pIMSAdminBase2 = NULL;
_tcscpy(g_MyLogFile.m_szLogPreLineInfo, _T("SysPrepBackup:"));
_tcscpy(g_MyLogFile.m_szLogPreLineInfo2, _T(""));
iisDebugOut((LOG_TYPE_PROGRAM_FLOW, _T("start\n")));
#ifndef _CHICAGO_
#ifdef SYSPREP_USE_SECRETS
#else
CRegKey regBigString(HKEY_LOCAL_MACHINE, REG_INETSTP, KEY_ALL_ACCESS);
#endif
#endif
// Check if the user who loaded this dll
// and is calling this entry point has the right priv to do this!
if (FALSE == RunningAsAdministrator())
{
hr = E_ABORT;
iisDebugOut((LOG_TYPE_ERROR, _T("No admin priv, aborting\n")));
goto SysPrepBackup_Exit2;
}
// if the service doesn't exist, then we don't have to do anyting
if (CheckifServiceExist(_T("IISADMIN")) != 0 )
{
iisDebugOut((LOG_TYPE_TRACE, _T("IIS not installed. do nothing.\n")));
hr = S_OK;
goto SysPrepBackup_Exit2;
}
// start the iisadmin service before calling backup.
// this is because if the backup function is called and the metabase is not
// running, then the metabase must startup while backup is trying to lock the
// metabase for backup. a race condition will happen and sometimes backup will
// fail since the metabase may take a while before starting up.
// this function will wait till the service is fully started before returning
InetStartService(_T("IISADMIN"));
#ifndef _CHICAGO_
pwszPassword = CreatePassword(SYSPREP_TEMP_PASSWORD_LENGTH);
if (pwszPassword)
{
#ifdef SYSPREP_USE_SECRETS
// calling set
if (ERROR_SUCCESS == SetSecret(SYSPREP_KNOWN_REGISTRY_KEY,pwszPassword))
{
bThingsAreGood = TRUE;
}
#else
if ((HKEY) regBigString)
{
regBigString.SetValue(SYSPREP_KNOWN_REGISTRY_KEY, pwszPassword);
bThingsAreGood = TRUE;
}
#endif
}
//iisDebugOut((LOG_TYPE_TRACE, _T("PASSWORD=%s,len=%d\n"),pwszPassword,wcslen(pwszPassword)));
#endif
// Tell the metabase where it should backup to.
wcscpy(lpwszBackupLocation,L"");
dwMDFlags = MD_BACKUP_OVERWRITE | MD_BACKUP_SAVE_FIRST | MD_BACKUP_FORCE_BACKUP;
dwMDVersion = MD_BACKUP_MAX_VERSION;
#ifndef _CHICAGO_
hr = CoInitializeEx( NULL, COINIT_MULTITHREADED );
#else
hr = CoInitialize(NULL);
#endif
// no need to call uninit
if( FAILED (hr))
{
iisDebugOut((LOG_TYPE_ERROR, _T("CoInitializeEx failed\n")));
goto SysPrepBackup_Exit2;
}
hr = ::CoCreateInstance(CLSID_MSAdminBase,NULL,CLSCTX_ALL,IID_IMSAdminBase2,(void **) & pIMSAdminBase2);
if(FAILED (hr))
{
iisDebugOut((LOG_TYPE_ERROR, _T("CoCreateInstance on IID_IMSAdminBase2 failed\n")));
goto SysPrepBackup_Exit;
}
// Call the metabase function
if (SUCCEEDED(hr))
{
iisDebugOut((LOG_TYPE_TRACE, _T("BackupWithPasswd calling...\n")));
if (bThingsAreGood)
{
//iisDebugOut((LOG_TYPE_TRACE, _T("using org\n")));
hr = pIMSAdminBase2->BackupWithPasswd(lpwszBackupLocation, dwMDVersion, dwMDFlags, pwszPassword);
}
else
{
//iisDebugOut((LOG_TYPE_TRACE, _T("using backup\n")));
hr = pIMSAdminBase2->BackupWithPasswd(lpwszBackupLocation, dwMDVersion, dwMDFlags, L"null");
}
if (pIMSAdminBase2)
{
pIMSAdminBase2->Release();
pIMSAdminBase2 = NULL;
}
if (SUCCEEDED(hr))
{
iisDebugOut((LOG_TYPE_TRACE, _T("BackupWithPasswd SUCCEEDED\n")));
}
else
{
iisDebugOut((LOG_TYPE_ERROR, _T("BackupWithPasswd failed\n")));
}
// Save all the acl info somewhere.
_tcscpy(g_MyLogFile.m_szLogPreLineInfo2, _T("SysPrepAclBackup"));
SysPrepAclBackup();
_tcscpy(g_MyLogFile.m_szLogPreLineInfo2, _T(""));
}
SysPrepBackup_Exit:
CoUninitialize();
SysPrepBackup_Exit2:
if (pwszPassword) {GlobalFree(pwszPassword);pwszPassword=NULL;}
iisDebugOut((LOG_TYPE_PROGRAM_FLOW, _T("end,ret=0x%x\n"),hr));
_tcscpy(g_MyLogFile.m_szLogPreLineInfo, _T(""));
_tcscpy(g_MyLogFile.m_szLogPreLineInfo2, _T(""));
return hr;
}
//
// DO NOT REMOVE THIS ENTRY POINT
//
// Entry point used by SysPrep in Whistler
//
// When sysprep runs, it is going to reset the machine sid
// so when that happens all the crypto stuff is broken.
// we had to implement this stuff so that before sysprep
// changes the sid (and thus breaking crypto) we can save our
// working metabase off somewhere (without crypto key encryption)
//
// At some point after sysprep has changed the machine sid
// it will call us into SysPrepRestore() and we wil restore
// our metabase using the new crypto keys on the machine.
//
HRESULT WINAPI SysPrepRestore(void)
{
HRESULT hr = S_OK;
WCHAR lpwszBackupLocation[_MAX_PATH];
TCHAR szTempDir[_MAX_PATH];
TCHAR szSystemDir[_MAX_PATH];
DWORD dwMDVersion;
DWORD dwMDFlags;
WCHAR * pwszPassword = NULL;
IMSAdminBase2 * pIMSAdminBase2 = NULL;
BOOL bThingsAreGood = FALSE;
_tcscpy(g_MyLogFile.m_szLogPreLineInfo, _T("SysPrepRestore:"));
_tcscpy(g_MyLogFile.m_szLogPreLineInfo2, _T(""));
iisDebugOut((LOG_TYPE_PROGRAM_FLOW, _T("start\n")));
#ifndef _CHICAGO_
#ifdef SYSPREP_USE_SECRETS
BUFFER * pbufSecret = NULL;
#else
CRegKey regBigString(HKEY_LOCAL_MACHINE, REG_INETSTP, KEY_ALL_ACCESS);
#endif
#endif
iisDebugOut((LOG_TYPE_PROGRAM_FLOW, _T("SysPrepRestore start\n")));
// Check if the user who loaded this dll
// and is calling this entry point has the right priv to do this!
if (FALSE == RunningAsAdministrator())
{
hr = E_ABORT;
iisDebugOut((LOG_TYPE_ERROR, _T("No admin priv, aborting\n")));
goto SysPrepRestore_Exit2;
}
// if the service doesn't exist, then we don't have to do anyting
if (CheckifServiceExist(_T("IISADMIN")) != 0 )
{
iisDebugOut((LOG_TYPE_TRACE, _T("SysPrepRestore IIS not installed. do nothing.\n")));
hr = S_OK;
goto SysPrepRestore_Exit2;
}
// make sure the iisadmin service is stopped.
StopServiceAndDependencies(_T("IISADMIN"), TRUE);
#ifndef _CHICAGO_
#ifdef SYSPREP_USE_SECRETS
pbufSecret = new BUFFER();
if (pbufSecret)
{
if (GetSecret(SYSPREP_KNOWN_REGISTRY_KEY, pbufSecret))
{
LPWSTR pwsz = NULL;
pwsz = (WCHAR *) pbufSecret->QueryPtr();
// alloc some space the same size
pwszPassword = (WCHAR *) GlobalAlloc (GPTR, pbufSecret->QuerySize());
_tcscpy(pwszPassword, pwsz);
delete(pbufSecret);
pbufSecret = NULL;
bThingsAreGood = TRUE;
}
}
#else
if ((HKEY) regBigString)
{
CString csTheData;
if ( regBigString.QueryValue(SYSPREP_KNOWN_REGISTRY_KEY, csTheData) == ERROR_SUCCESS )
{
pwszPassword = (WCHAR *) GlobalAlloc (GPTR, (csTheData.GetLength() + 1) * sizeof(TCHAR) );
if (pwszPassword)
{
wcscpy(pwszPassword,csTheData);
bThingsAreGood = TRUE;
}
}
}
#endif
#endif
//iisDebugOut((LOG_TYPE_TRACE, _T("PASSWORD=%s,len=%d\n"),pwszPassword,wcslen(pwszPassword)));
// Tell the metabase where it should backup to.
wcscpy(lpwszBackupLocation,L"");
dwMDFlags = 0;
dwMDVersion = MD_BACKUP_MAX_VERSION;
//
// IISAdmin won't start up if the metabase.xml,mbschema.xml files are corrupted (bad signature)
// so delete them before restoring....
if (0 == GetSystemDirectory(szSystemDir, _MAX_PATH))
{
goto SysPrepRestore_Exit2;
}
// iis6 files -- for whistler server skus
_stprintf(szTempDir, _T("%s\\inetsrv\\Metabase.xml"),szSystemDir);
InetDeleteFile(szTempDir);
_stprintf(szTempDir, _T("%s\\inetsrv\\MBSchema.xml"),szSystemDir);
InetDeleteFile(szTempDir);
// iis51 files -- for whistler pro sku
_stprintf(szTempDir, _T("%s\\inetsrv\\metabase.bin"),szSystemDir);
InetDeleteFile(szTempDir);
#ifndef _CHICAGO_
hr = CoInitializeEx( NULL, COINIT_MULTITHREADED );
#else
hr = CoInitialize(NULL);
#endif
// no need to call uninit
if( FAILED (hr))
{
iisDebugOut((LOG_TYPE_ERROR, _T("CoInitializeEx failed\n")));
goto SysPrepRestore_Exit2;
}
hr = ::CoCreateInstance(CLSID_MSAdminBase,NULL,CLSCTX_ALL,IID_IMSAdminBase2,(void **) & pIMSAdminBase2);
if(FAILED (hr))
{
iisDebugOut((LOG_TYPE_ERROR, _T("CoCreateInstance on IID_IMSAdminBase2 failed\n")));
goto SysPrepRestore_Exit;
}
// Call the metabase function
if (SUCCEEDED(hr))
{
iisDebugOut((LOG_TYPE_TRACE, _T("RestoreWithPasswd calling...\n")));
if (bThingsAreGood)
{
//iisDebugOut((LOG_TYPE_TRACE, _T("using org\n")));
hr = pIMSAdminBase2->RestoreWithPasswd(lpwszBackupLocation, dwMDVersion, dwMDFlags, pwszPassword);
}
else
{
//iisDebugOut((LOG_TYPE_TRACE, _T("using backup\n")));
hr = pIMSAdminBase2->RestoreWithPasswd(lpwszBackupLocation, dwMDVersion, dwMDFlags, L"null");
}
if (pIMSAdminBase2)
{
pIMSAdminBase2->Release();
pIMSAdminBase2 = NULL;
}
if (SUCCEEDED(hr))
{
// Delete the backup file that we used!
//MD_DEFAULT_BACKUP_LOCATION + ".md" + MD_BACKUP_MAX_VERSION
_stprintf(szTempDir, _T("%s\\inetsrv\\MetaBack\\%s.md%d"),szSystemDir,MD_DEFAULT_BACKUP_LOCATION,MD_BACKUP_MAX_VERSION);
InetDeleteFile(szTempDir);
_stprintf(szTempDir, _T("%s\\inetsrv\\MetaBack\\%s.sc%d"),szSystemDir,MD_DEFAULT_BACKUP_LOCATION,MD_BACKUP_MAX_VERSION);
InetDeleteFile(szTempDir);
iisDebugOut((LOG_TYPE_TRACE, _T("RestoreWithPasswd SUCCEEDED\n")));
#ifndef _CHICAGO_
#ifdef SYSPREP_USE_SECRETS
// we need to delete the Secret that we used here!
SetSecret(SYSPREP_KNOWN_REGISTRY_KEY,L" ");
#else
if ((HKEY) regBigString)
{
regBigString.DeleteValue(SYSPREP_KNOWN_REGISTRY_KEY);
}
#endif
#endif
// Do extra stuff
// like Re-applying the acl for the iis_wpg group to the "/" node
_tcscpy(g_MyLogFile.m_szLogPreLineInfo2, _T("SysPrepAclRestore"));
SysPrepAclRestore();
_tcscpy(g_MyLogFile.m_szLogPreLineInfo2, _T(""));
// syncronize wam with new iwam user
//_tcscpy(g_MyLogFile.m_szLogPreLineInfo2, _T("SysPrepAclSyncIWam"));
//SysPrepAclSyncIWam();
//_tcscpy(g_MyLogFile.m_szLogPreLineInfo2, _T(""));
}
else
{
iisDebugOut((LOG_TYPE_ERROR, _T("RestoreWithPasswd failed\n")));
}
}
// Reset the passwords, and allow iisadmin to fix the com information
if (!ReSetIWamIUsrPasswds())
{
iisDebugOut((LOG_TYPE_WARN, _T("ReSetIWamIUsrPasswds was unable to reset IUSR and IWAM passwords\n")));
}
SysPrepRestore_Exit:
CoUninitialize();
SysPrepRestore_Exit2:
if (pwszPassword) {GlobalFree(pwszPassword);pwszPassword=NULL;}
iisDebugOut((LOG_TYPE_PROGRAM_FLOW, _T("end,ret=0x%x\n"),hr));
_tcscpy(g_MyLogFile.m_szLogPreLineInfo, _T(""));
_tcscpy(g_MyLogFile.m_szLogPreLineInfo2, _T(""));
return hr;
}