mirror of https://github.com/tongzx/nt5src
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
662 lines
16 KiB
662 lines
16 KiB
//+---------------------------------------------------------------------------
|
|
//
|
|
// Microsoft Windows
|
|
// Copyright (C) Microsoft Corporation, 2001.
|
|
//
|
|
// sens.cpp
|
|
//
|
|
// Modele that implements a COM+ subscriber for use with SENS notifications.
|
|
//
|
|
// 10/9/2001 annah Created
|
|
// Ported code from BITS sources. Removed SEH code,
|
|
// changed methods that threw exceptions to return
|
|
// error codes.
|
|
//
|
|
//----------------------------------------------------------------------------
|
|
|
|
|
|
#include "pch.h"
|
|
#include "ausens.h"
|
|
#include "tscompat.h"
|
|
#include "service.h"
|
|
|
|
static CLogonNotification *g_SensLogonNotification = NULL;
|
|
|
|
|
|
HRESULT ActivateSensLogonNotification()
|
|
{
|
|
HRESULT hr = S_OK;
|
|
|
|
// only activate once
|
|
if ( g_SensLogonNotification )
|
|
{
|
|
DEBUGMSG("AUSENS Logon object was already created; reusing object.");
|
|
return S_OK;
|
|
}
|
|
|
|
g_SensLogonNotification = new CLogonNotification();
|
|
if (!g_SensLogonNotification)
|
|
{
|
|
DEBUGMSG("AUSENS Failed to alocate memory for CLogonNotification object.");
|
|
return E_OUTOFMEMORY;
|
|
}
|
|
|
|
hr = g_SensLogonNotification->Initialize();
|
|
if (FAILED(hr))
|
|
{
|
|
DEBUGMSG( "AUSENS notification activation failed." );
|
|
}
|
|
else
|
|
{
|
|
DEBUGMSG( "AUSENS notification activated" );
|
|
}
|
|
|
|
return hr;
|
|
}
|
|
|
|
HRESULT DeactivateSensLogonNotification()
|
|
{
|
|
if (!g_SensLogonNotification)
|
|
{
|
|
DEBUGMSG("AUSENS Logon object is not activated; ignoring call.");
|
|
return S_OK;
|
|
}
|
|
|
|
delete g_SensLogonNotification;
|
|
g_SensLogonNotification = NULL;
|
|
|
|
DEBUGMSG( "AUSENS notification deactivated" );
|
|
return S_OK;
|
|
}
|
|
|
|
//----------------------------------------------------------------------------
|
|
// BSTR manipulation
|
|
//----------------------------------------------------------------------------
|
|
|
|
HRESULT AppendBSTR(BSTR *bstrDest, BSTR bstrAppend)
|
|
{
|
|
HRESULT hr = S_OK;
|
|
BSTR bstrNew = NULL;
|
|
|
|
if (bstrDest == NULL || *bstrDest == NULL)
|
|
return E_INVALIDARG;
|
|
|
|
if (bstrAppend == NULL)
|
|
return S_OK;
|
|
|
|
hr = VarBstrCat(*bstrDest, bstrAppend, &bstrNew);
|
|
if (SUCCEEDED(hr))
|
|
{
|
|
SysFreeString(*bstrDest);
|
|
*bstrDest = bstrNew;
|
|
}
|
|
|
|
return hr;
|
|
}
|
|
|
|
// Caller is responsible for freeing bstrOut
|
|
HRESULT BSTRFromIID(IN REFIID riid, OUT BSTR *bstrOut)
|
|
{
|
|
HRESULT hr = S_OK;
|
|
LPOLESTR lpszGUID = NULL;
|
|
|
|
if (bstrOut == NULL)
|
|
{
|
|
hr = E_INVALIDARG;
|
|
goto done;
|
|
}
|
|
|
|
hr = StringFromIID(riid, &lpszGUID);
|
|
if (FAILED(hr))
|
|
{
|
|
DEBUGMSG("AUSENS Failed to extract GUID from string");
|
|
goto done;
|
|
}
|
|
|
|
*bstrOut = SysAllocString(lpszGUID);
|
|
if (*bstrOut == NULL)
|
|
{
|
|
hr = E_OUTOFMEMORY;
|
|
goto done;
|
|
}
|
|
|
|
done:
|
|
if (lpszGUID)
|
|
{
|
|
CoTaskMemFree(lpszGUID);
|
|
}
|
|
|
|
return hr;
|
|
}
|
|
|
|
HRESULT CBstrTable::Initialize()
|
|
{
|
|
HRESULT hr = S_OK;
|
|
|
|
hr = BSTRFromIID(g_oLogonSubscription.MethodGuid, &m_bstrLogonMethodGuid);
|
|
if (FAILED(hr))
|
|
{
|
|
goto done;
|
|
}
|
|
|
|
m_bstrLogonMethodName = SysAllocString(g_oLogonSubscription.pszMethodName);
|
|
if (m_bstrLogonMethodName == NULL)
|
|
{
|
|
hr = E_OUTOFMEMORY;
|
|
goto done;
|
|
}
|
|
|
|
m_bstrSubscriptionName = SysAllocString(SUBSCRIPTION_NAME_TEXT);
|
|
if (m_bstrSubscriptionName == NULL)
|
|
{
|
|
hr = E_OUTOFMEMORY;
|
|
goto done;
|
|
}
|
|
|
|
m_bstrSubscriptionDescription = SysAllocString(SUBSCRIPTION_DESCRIPTION_TEXT);
|
|
if (m_bstrSubscriptionDescription == NULL)
|
|
{
|
|
hr = E_OUTOFMEMORY;
|
|
goto done;
|
|
}
|
|
|
|
hr = BSTRFromIID(_uuidof(ISensLogon), &m_bstrSensLogonGuid);
|
|
if (FAILED(hr))
|
|
{
|
|
goto done;
|
|
}
|
|
|
|
hr = BSTRFromIID(SENSGUID_EVENTCLASS_LOGON, &m_bstrSensEventClassGuid);
|
|
if (FAILED(hr))
|
|
{
|
|
goto done;
|
|
}
|
|
|
|
done:
|
|
return hr;
|
|
}
|
|
|
|
|
|
//----------------------------------------------------------------------------
|
|
// Implementation for CLogonNotification methods
|
|
//----------------------------------------------------------------------------
|
|
|
|
HRESULT CLogonNotification::Initialize()
|
|
{
|
|
HRESULT hr = S_OK;
|
|
SIZE_T cSubscriptions = 0;
|
|
|
|
//
|
|
// Create auxiliary object with BSTR names used for several actions
|
|
//
|
|
m_oBstrTable = new CBstrTable();
|
|
if (!m_oBstrTable)
|
|
{
|
|
return E_OUTOFMEMORY;
|
|
}
|
|
|
|
hr = m_oBstrTable->Initialize();
|
|
if (FAILED(hr))
|
|
{
|
|
DEBUGMSG("AUSENS Could not create auxiliary structure BstrTable");
|
|
return hr;
|
|
}
|
|
|
|
//
|
|
// Load the type library from SENS
|
|
//
|
|
hr = LoadTypeLibEx(L"SENS.DLL", REGKIND_NONE, &m_TypeLib);
|
|
if (FAILED(hr))
|
|
{
|
|
DEBUGMSG("AUSENS Could not load type library from SENS DLL");
|
|
goto done;
|
|
}
|
|
|
|
//
|
|
// Get TypeInfo for ISensLogon from SENS typelib -- this will
|
|
// simplify thing for us when implementing IDispatch methods
|
|
//
|
|
hr = m_TypeLib->GetTypeInfoOfGuid(__uuidof( ISensLogon ), &m_TypeInfo);
|
|
if (FAILED(hr))
|
|
{
|
|
DEBUGMSG("AUSENS Could not get type info for ISensLogon.");
|
|
goto done;
|
|
}
|
|
|
|
//
|
|
// Grab an interface pointer of the EventSystem object
|
|
//
|
|
hr = CoCreateInstance(CLSID_CEventSystem, NULL, CLSCTX_INPROC_SERVER | CLSCTX_LOCAL_SERVER, IID_IEventSystem, (void**)&m_EventSystem );
|
|
if (FAILED(hr))
|
|
{
|
|
DEBUGMSG("AUSENS Failed to create EventSytem instance for Sens subscription. Error is %x.", hr);
|
|
goto done;
|
|
}
|
|
|
|
//
|
|
// Subscribe for the Logon notifications
|
|
//
|
|
DEBUGMSG("AUSENS Subscribing method '%S' with SENS (%S)", m_oBstrTable->m_bstrLogonMethodName, m_oBstrTable->m_bstrLogonMethodGuid);
|
|
hr = SubscribeMethod(m_oBstrTable->m_bstrLogonMethodName, m_oBstrTable->m_bstrLogonMethodGuid);
|
|
if (FAILED(hr))
|
|
{
|
|
DEBUGMSG("AUSENS Subscription for method failed.");
|
|
goto done;
|
|
}
|
|
m_fSubscribed = TRUE;
|
|
|
|
done:
|
|
|
|
return hr;
|
|
}
|
|
|
|
HRESULT CLogonNotification::UnsubscribeAllMethods()
|
|
{
|
|
HRESULT hr = S_OK;
|
|
BSTR bstrQuery = NULL;
|
|
BSTR bstrAux = NULL;
|
|
int ErrorIndex;
|
|
|
|
DEBUGMSG("AUSENS Unsubscribing all methods");
|
|
//
|
|
// The query should be a string in the following format:
|
|
// EventClassID == {D5978630-5B9F-11D1-8DD2-00AA004ABD5E} and SubscriptioniD == {XXXXXXX-5B9F-11D1-8DD2-00AA004ABD5E}
|
|
//
|
|
|
|
bstrQuery = SysAllocString(L"EventClassID == ");
|
|
if (bstrQuery == NULL)
|
|
{
|
|
hr = E_OUTOFMEMORY;
|
|
goto done;
|
|
}
|
|
|
|
bstrAux = SysAllocString(L" and SubscriptionID == ");
|
|
if (bstrAux == NULL)
|
|
{
|
|
hr = E_OUTOFMEMORY;
|
|
goto done;
|
|
}
|
|
|
|
hr = AppendBSTR(&bstrQuery, m_oBstrTable->m_bstrSensLogonGuid);
|
|
if (FAILED(hr))
|
|
{
|
|
DEBUGMSG("AUSENS Failed to append BSTR string");
|
|
goto done;
|
|
}
|
|
|
|
hr = AppendBSTR(&bstrQuery, bstrAux);
|
|
if (FAILED(hr))
|
|
{
|
|
DEBUGMSG("AUSENS Failed to append BSTR string");
|
|
goto done;
|
|
}
|
|
|
|
hr = AppendBSTR(&bstrQuery, m_oBstrTable->m_bstrLogonMethodGuid);
|
|
if (FAILED(hr))
|
|
{
|
|
DEBUGMSG("AUSENS Failed to append BSTR string");
|
|
goto done;
|
|
}
|
|
|
|
if (bstrQuery != NULL)
|
|
{
|
|
// Remove subscription for all ISensLogon subscription that were added for this WU component
|
|
DEBUGMSG("AUSENS remove subscription query: %S", bstrQuery);
|
|
hr = m_EventSystem->Remove( PROGID_EventSubscription, bstrQuery, &ErrorIndex );
|
|
if (FAILED(hr))
|
|
{
|
|
DEBUGMSG("AUSENS Failed to remove AU Subscription from COM Event System");
|
|
goto done;
|
|
}
|
|
m_fSubscribed = FALSE;
|
|
}
|
|
else
|
|
{
|
|
hr = E_OUTOFMEMORY;
|
|
goto done;
|
|
}
|
|
|
|
done:
|
|
|
|
SafeFreeBSTR(bstrQuery);
|
|
SafeFreeBSTR(bstrAux);
|
|
|
|
return hr;
|
|
}
|
|
|
|
HRESULT CLogonNotification::SubscribeMethod(const BSTR bstrMethodName, const BSTR bstrMethodGuid)
|
|
{
|
|
HRESULT hr = S_OK;
|
|
IEventSubscription *pEventSubscription = NULL;
|
|
|
|
//
|
|
// Create an instance of EventSubscription
|
|
//
|
|
hr = CoCreateInstance(CLSID_CEventSubscription, NULL, CLSCTX_INPROC_SERVER | CLSCTX_LOCAL_SERVER, IID_IEventSubscription, (void**)&pEventSubscription);
|
|
if (FAILED(hr))
|
|
{
|
|
DEBUGMSG("AUSENS Failed to instanciate EventSubscription object");
|
|
goto done;
|
|
}
|
|
|
|
//
|
|
// Subscribe the method
|
|
//
|
|
hr = pEventSubscription->put_EventClassID(m_oBstrTable->m_bstrSensEventClassGuid);
|
|
if (FAILED(hr))
|
|
{
|
|
DEBUGMSG("AUSENS Failed to set EventClassID during method subscription");
|
|
goto done;
|
|
}
|
|
|
|
hr = pEventSubscription->put_SubscriberInterface(this);
|
|
if (FAILED(hr))
|
|
{
|
|
DEBUGMSG("AUSENS Failed to set EventClassID during method subscription");
|
|
goto done;
|
|
}
|
|
|
|
hr = pEventSubscription->put_SubscriptionName(m_oBstrTable->m_bstrSubscriptionName);
|
|
if (FAILED(hr))
|
|
{
|
|
DEBUGMSG("AUSENS Failed to set EventClassID during method subscription");
|
|
goto done;
|
|
}
|
|
|
|
hr = pEventSubscription->put_Description(m_oBstrTable->m_bstrSubscriptionDescription);
|
|
if (FAILED(hr))
|
|
{
|
|
DEBUGMSG("AUSENS Failed to set subscription method during method subscription");
|
|
goto done;
|
|
}
|
|
|
|
hr = pEventSubscription->put_Enabled(TRUE);
|
|
if (FAILED(hr))
|
|
{
|
|
DEBUGMSG("AUSENS Failed to set enabled flag during method subscription");
|
|
goto done;
|
|
}
|
|
|
|
hr = pEventSubscription->put_MethodName(bstrMethodName);
|
|
if (FAILED(hr))
|
|
{
|
|
DEBUGMSG("AUSENS Failed to set MethodName during method subscription");
|
|
goto done;
|
|
}
|
|
|
|
hr = pEventSubscription->put_SubscriptionID(bstrMethodGuid);
|
|
if (FAILED(hr))
|
|
{
|
|
DEBUGMSG("AUSENS Failed to set SubscriptionID during method subscription");
|
|
goto done;
|
|
}
|
|
|
|
hr = m_EventSystem->Store(PROGID_EventSubscription, pEventSubscription);
|
|
if (FAILED(hr))
|
|
{
|
|
DEBUGMSG("AUSENS Failed to store Event Subscription in the Event System");
|
|
goto done;
|
|
}
|
|
|
|
done:
|
|
SafeRelease(pEventSubscription);
|
|
|
|
return hr;
|
|
}
|
|
|
|
void CLogonNotification::Cleanup()
|
|
{
|
|
__try
|
|
{
|
|
if (m_EventSystem)
|
|
{
|
|
if (m_fSubscribed)
|
|
{
|
|
UnsubscribeAllMethods();
|
|
}
|
|
SafeRelease(m_EventSystem);
|
|
}
|
|
|
|
SafeRelease(m_TypeInfo);
|
|
SafeRelease(m_TypeLib);
|
|
}
|
|
__except(EXCEPTION_EXECUTE_HANDLER)
|
|
{
|
|
DEBUGMSG("AUSENS Cleanup raised and execution exception that was trapped.");
|
|
}
|
|
|
|
if (m_oBstrTable)
|
|
{
|
|
delete m_oBstrTable;
|
|
m_oBstrTable = NULL;
|
|
}
|
|
}
|
|
|
|
HRESULT CLogonNotification::CheckLocalSystem()
|
|
{
|
|
HRESULT hr = E_FAIL;
|
|
PSID pLocalSid = NULL;
|
|
HANDLE hToken = NULL;
|
|
SID_IDENTIFIER_AUTHORITY IDAuthorityNT = SECURITY_NT_AUTHORITY;
|
|
BOOL fRet = FALSE;
|
|
BOOL fIsLocalSystem = FALSE;
|
|
|
|
fRet = AllocateAndInitializeSid(
|
|
&IDAuthorityNT,
|
|
1,
|
|
SECURITY_LOCAL_SYSTEM_RID,
|
|
0,0,0,0,0,0,0,
|
|
&pLocalSid );
|
|
|
|
if (fRet == FALSE)
|
|
{
|
|
hr = HRESULT_FROM_WIN32(GetLastError());
|
|
DEBUGMSG("AUSENS AllocateAndInitializeSid failed with error %x", hr);
|
|
goto done;
|
|
}
|
|
|
|
if (FAILED(hr = CoImpersonateClient()))
|
|
{
|
|
DEBUGMSG("AUSENS Failed to impersonate client", hr);
|
|
hr = E_ACCESSDENIED;
|
|
goto done;
|
|
}
|
|
|
|
fRet = OpenThreadToken(GetCurrentThread(), TOKEN_QUERY, TRUE, &hToken);
|
|
if (fRet == FALSE)
|
|
{
|
|
hr = HRESULT_FROM_WIN32(GetLastError());
|
|
DEBUGMSG("AUSENS Failed to OpenProcessToken");
|
|
goto done;
|
|
}
|
|
|
|
if (FAILED(CoRevertToSelf()))
|
|
{
|
|
AUASSERT(FALSE); //should never be there
|
|
hr = E_ACCESSDENIED;
|
|
goto done;
|
|
}
|
|
|
|
fRet = CheckTokenMembership(hToken, pLocalSid, &fIsLocalSystem);
|
|
if (fRet == FALSE)
|
|
{
|
|
hr = HRESULT_FROM_WIN32(GetLastError());
|
|
DEBUGMSG("AUSENS fail to Check token membership with error %x", hr);
|
|
goto done;
|
|
}
|
|
|
|
if (fIsLocalSystem)
|
|
{
|
|
hr = S_OK;
|
|
}
|
|
else
|
|
{
|
|
hr = E_ACCESSDENIED;
|
|
DEBUGMSG("AUSENS SECURITY CHECK Current thread is not running as LocalSystem!!");
|
|
}
|
|
|
|
done:
|
|
|
|
if (hToken != NULL)
|
|
CloseHandle(hToken);
|
|
if (pLocalSid != NULL)
|
|
FreeSid(pLocalSid);
|
|
|
|
return hr;
|
|
}
|
|
|
|
STDMETHODIMP CLogonNotification::Logon( BSTR UserName )
|
|
{
|
|
DEBUGMSG("AUSENS logon notification for %S", (WCHAR*)UserName );
|
|
DEBUGMSG("AUSENS Forcing the rebuilt of the cachesessions array");
|
|
|
|
//
|
|
// fix for security bug 563054 -- annah
|
|
//
|
|
// The Logon() method is called by the COM+ Event System to notify us of a logon event
|
|
// We expose the ISensLogon interface but don't want anybody calling us
|
|
// that is not the COM+ Event System.
|
|
//
|
|
// The COM+ Event System service runs as Local System in the netsvcs svchost group.
|
|
// We will check if the caller is really the Event System by checking for
|
|
// the Local System account.
|
|
//
|
|
HRESULT hr = CheckLocalSystem();
|
|
if (FAILED(hr))
|
|
{
|
|
DEBUGMSG("AUSENS CheckLocalSystem failed with error %x. Will not trigger logon notification", hr);
|
|
goto done;
|
|
}
|
|
|
|
|
|
//
|
|
// One big problem of the code below is that although we're validating that
|
|
// there are admins on the machine who are valid users for AU, it could be the
|
|
// same that was already there, because we don't have a reliable way of receiving
|
|
// logoff notifications. So we will raise the NEW_ADMIN event here, and
|
|
// we will block the cretiion of a new client if we detect that there's a
|
|
// a client still running.
|
|
//
|
|
gAdminSessions.RebuildSessionCache();
|
|
if (gAdminSessions.CSessions() > 0)
|
|
{
|
|
DEBUGMSG("AU SENS Logon: There are admins in the admin cache, raising NEW_ADMIN event (it could be a false alarm)");
|
|
SetActiveAdminSessionEvent();
|
|
}
|
|
|
|
#if DBG
|
|
gAdminSessions.m_DumpSessions();
|
|
#endif
|
|
|
|
done:
|
|
|
|
return S_OK;
|
|
}
|
|
|
|
STDMETHODIMP CLogonNotification::Logoff( BSTR UserName )
|
|
{
|
|
DEBUGMSG( "AUSENS logoff notification for %S", (WCHAR*)UserName );
|
|
|
|
// do nothing
|
|
|
|
#if DBG
|
|
gAdminSessions.m_DumpSessions();
|
|
#endif
|
|
|
|
return S_OK;
|
|
}
|
|
|
|
STDMETHODIMP CLogonNotification::QueryInterface(REFIID iid, void** ppvObject)
|
|
{
|
|
HRESULT hr = S_OK;
|
|
*ppvObject = NULL;
|
|
|
|
if ((iid == IID_IUnknown) || (iid == _uuidof(IDispatch)) || (iid == _uuidof(ISensLogon)))
|
|
{
|
|
*ppvObject = static_cast<ISensLogon *> (this);
|
|
(static_cast<IUnknown *>(*ppvObject))->AddRef();
|
|
}
|
|
else
|
|
{
|
|
hr = E_NOINTERFACE;
|
|
}
|
|
|
|
return hr;
|
|
}
|
|
|
|
STDMETHODIMP CLogonNotification::GetIDsOfNames(REFIID, OLECHAR ** rgszNames, unsigned int cNames, LCID, DISPID *rgDispId )
|
|
{
|
|
return m_TypeInfo->GetIDsOfNames(rgszNames, cNames, rgDispId);
|
|
}
|
|
|
|
|
|
STDMETHODIMP CLogonNotification::GetTypeInfo(unsigned int iTInfo, LCID, ITypeInfo **ppTInfo )
|
|
{
|
|
if ( iTInfo != 0 )
|
|
return DISP_E_BADINDEX;
|
|
|
|
*ppTInfo = m_TypeInfo;
|
|
m_TypeInfo->AddRef();
|
|
|
|
return S_OK;
|
|
}
|
|
|
|
STDMETHODIMP CLogonNotification::GetTypeInfoCount(unsigned int *pctinfo)
|
|
{
|
|
*pctinfo = 1;
|
|
return S_OK;
|
|
}
|
|
|
|
STDMETHODIMP CLogonNotification::Invoke(
|
|
DISPID dispID,
|
|
REFIID riid,
|
|
LCID,
|
|
WORD wFlags,
|
|
DISPPARAMS *pDispParams,
|
|
VARIANT *pvarResult,
|
|
EXCEPINFO *pExcepInfo,
|
|
unsigned int *puArgErr )
|
|
{
|
|
|
|
if (riid != IID_NULL)
|
|
{
|
|
return DISP_E_UNKNOWNINTERFACE;
|
|
}
|
|
|
|
return m_TypeInfo->Invoke(
|
|
(IDispatch*) this,
|
|
dispID,
|
|
wFlags,
|
|
pDispParams,
|
|
pvarResult,
|
|
pExcepInfo,
|
|
puArgErr
|
|
);
|
|
}
|
|
|
|
STDMETHODIMP CLogonNotification::DisplayLock( BSTR UserName )
|
|
{
|
|
return S_OK;
|
|
}
|
|
|
|
STDMETHODIMP CLogonNotification::DisplayUnlock( BSTR UserName )
|
|
{
|
|
return S_OK;
|
|
}
|
|
|
|
STDMETHODIMP CLogonNotification::StartScreenSaver( BSTR UserName )
|
|
{
|
|
return S_OK;
|
|
}
|
|
|
|
STDMETHODIMP CLogonNotification::StopScreenSaver( BSTR UserName )
|
|
{
|
|
return S_OK;
|
|
}
|
|
|
|
STDMETHODIMP CLogonNotification::StartShell( BSTR UserName )
|
|
{
|
|
return S_OK;
|
|
}
|
|
|
|
|