mirror of https://github.com/tongzx/nt5src
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2980 lines
97 KiB
2980 lines
97 KiB
#include "stdafx.h"
|
|
#include <setupapi.h>
|
|
#include <shlobj.h>
|
|
#include <ole2.h>
|
|
#include "lzexpand.h"
|
|
#include "log.h"
|
|
#include "dcomperm.h"
|
|
#include "strfn.h"
|
|
#include "other.h"
|
|
#include <direct.h>
|
|
#include <aclapi.h>
|
|
|
|
|
|
typedef struct _QUEUECONTEXT {
|
|
HWND OwnerWindow;
|
|
DWORD MainThreadId;
|
|
HWND ProgressDialog;
|
|
HWND ProgressBar;
|
|
BOOL Cancelled;
|
|
PTSTR CurrentSourceName;
|
|
BOOL ScreenReader;
|
|
BOOL MessageBoxUp;
|
|
WPARAM PendingUiType;
|
|
PVOID PendingUiParameters;
|
|
UINT CancelReturnCode;
|
|
BOOL DialogKilled;
|
|
//
|
|
// If the SetupInitDefaultQueueCallbackEx is used, the caller can
|
|
// specify an alternate handler for progress. This is useful to
|
|
// get the default behavior for disk prompting, error handling, etc,
|
|
// but to provide a gas gauge embedded, say, in a wizard page.
|
|
//
|
|
// The alternate window is sent ProgressMsg once when the copy queue
|
|
// is started (wParam = 0. lParam = number of files to copy).
|
|
// It is then also sent once per file copied (wParam = 1. lParam = 0).
|
|
//
|
|
// NOTE: a silent installation (i.e., no progress UI) can be accomplished
|
|
// by specifying an AlternateProgressWindow handle of INVALID_HANDLE_VALUE.
|
|
//
|
|
HWND AlternateProgressWindow;
|
|
UINT ProgressMsg;
|
|
UINT NoToAllMask;
|
|
|
|
HANDLE UiThreadHandle;
|
|
|
|
#ifdef NOCANCEL_SUPPORT
|
|
BOOL AllowCancel;
|
|
#endif
|
|
|
|
} QUEUECONTEXT, *PQUEUECONTEXT;
|
|
|
|
|
|
|
|
//-------------------------------------------------------------------
|
|
// purpose: install an section in an .inf file
|
|
//-------------------------------------------------------------------
|
|
int InstallInfSection_NoFiles(HINF InfHandle,TCHAR szINFFileName[],TCHAR szSectionName[])
|
|
{
|
|
HWND Window = NULL;
|
|
BOOL bReturn = FALSE;
|
|
BOOL bReturnTemp = FALSE; // assume failure.
|
|
TCHAR ActualSection[1000];
|
|
DWORD ActualSectionLength;
|
|
BOOL bPleaseCloseInfHandle = FALSE;
|
|
|
|
iisDebugOut_Start1(_T("InstallInfSection_NoFiles"),szSectionName,LOG_TYPE_PROGRAM_FLOW);
|
|
|
|
__try {
|
|
|
|
// Check if a valid infhandle as passed in....
|
|
// if so, use that, otherwise, use the passed in filename...
|
|
if(InfHandle == INVALID_HANDLE_VALUE)
|
|
{
|
|
// Try to use the filename.
|
|
if (_tcsicmp(szINFFileName, _T("")) == 0)
|
|
{
|
|
goto c1;
|
|
}
|
|
|
|
// we have a filename entry. let's try to use it.
|
|
// Check if the file exists
|
|
if (!IsFileExist(szINFFileName))
|
|
{
|
|
//MessageBox(NULL, "unable to find file", "cannot find file", MB_OK);
|
|
goto c1;
|
|
}
|
|
|
|
// Load the inf file and get the handle
|
|
InfHandle = SetupOpenInfFile(szINFFileName, NULL, INF_STYLE_WIN4, NULL);
|
|
bPleaseCloseInfHandle = TRUE;
|
|
}
|
|
if(InfHandle == INVALID_HANDLE_VALUE) {goto c1;}
|
|
|
|
//
|
|
// See if there is an nt-specific section
|
|
//
|
|
SetupDiGetActualSectionToInstall(InfHandle,szSectionName,ActualSection,sizeof(ActualSection),&ActualSectionLength,NULL);
|
|
|
|
//
|
|
// Perform non-file operations for the section passed on the cmd line.
|
|
//
|
|
bReturn = SetupInstallFromInfSection(Window,InfHandle,ActualSection,SPINST_ALL & ~SPINST_FILES,NULL,NULL,0,NULL,NULL,NULL,NULL);
|
|
if(!bReturn) {goto c1;}
|
|
|
|
//
|
|
// Install any services for the section
|
|
//
|
|
bReturn = SetupInstallServicesFromInfSection(InfHandle,ActualSection,0);
|
|
if(!bReturn)
|
|
{
|
|
iisDebugOut((LOG_TYPE_TRACE, _T("SetupInstallServicesFromInfSection failed.Ret=%d.\n"), GetLastError()));
|
|
}
|
|
|
|
//
|
|
// Refresh the desktop.
|
|
//
|
|
SHChangeNotify(SHCNE_ASSOCCHANGED,SHCNF_FLUSHNOWAIT,0,0);
|
|
|
|
//
|
|
// If we get to here, then this routine has been successful.
|
|
//
|
|
bReturnTemp = TRUE;
|
|
|
|
c1:
|
|
//
|
|
// If the bReturnTemp failed and it was because the user cancelled, then we don't want to consider
|
|
// that as an bReturnTemp (i.e., we don't want to give an bReturnTemp popup later).
|
|
//
|
|
if((bReturnTemp != TRUE) && (GetLastError() == ERROR_CANCELLED)) {bReturnTemp = TRUE;}
|
|
if (bPleaseCloseInfHandle == TRUE)
|
|
{
|
|
if(InfHandle != INVALID_HANDLE_VALUE) {SetupCloseInfFile(InfHandle);InfHandle = INVALID_HANDLE_VALUE;}
|
|
}
|
|
|
|
;}
|
|
__except(EXCEPTION_EXECUTE_HANDLER)
|
|
{
|
|
if (bPleaseCloseInfHandle == TRUE)
|
|
{
|
|
if(InfHandle != INVALID_HANDLE_VALUE) {SetupCloseInfFile(InfHandle);InfHandle = INVALID_HANDLE_VALUE;}
|
|
}
|
|
}
|
|
|
|
//
|
|
// If the bReturnTemp failed because the user cancelled, then we don't want to consider
|
|
// that as an bReturnTemp (i.e., we don't want to give an bReturnTemp popup later).
|
|
//
|
|
if((bReturnTemp != TRUE) && (GetLastError() == ERROR_CANCELLED)) {bReturnTemp = TRUE;}
|
|
|
|
// Display installation failed message
|
|
//if(bReturnTemp) {MyMessageBox(NULL, _T("IDS_INF_FAILED"), MB_OK);}
|
|
|
|
iisDebugOut((LOG_TYPE_PROGRAM_FLOW, _T("InstallInfSection_NoFiles.[%s].End.Ret=%d.\n"), szSectionName, bReturnTemp));
|
|
return bReturnTemp;
|
|
}
|
|
|
|
|
|
|
|
//-------------------------------------------------------------------
|
|
// purpose: install an section in an .inf file
|
|
//-------------------------------------------------------------------
|
|
int InstallInfSection(HINF InfHandle,TCHAR szINFFileName[],TCHAR szSectionName[])
|
|
{
|
|
HWND Window = NULL;
|
|
PTSTR SourcePath = NULL;
|
|
//HINF InfHandle = INVALID_HANDLE_VALUE;
|
|
HSPFILEQ FileQueue = INVALID_HANDLE_VALUE;
|
|
PQUEUECONTEXT QueueContext = NULL;
|
|
BOOL bReturn = FALSE;
|
|
BOOL bReturnTemp = FALSE; // assume failure.
|
|
TCHAR ActualSection[1000];
|
|
DWORD ActualSectionLength;
|
|
BOOL bPleaseCloseInfHandle = FALSE;
|
|
|
|
iisDebugOut_Start1(_T("InstallInfSection"),szSectionName,LOG_TYPE_PROGRAM_FLOW);
|
|
|
|
__try {
|
|
|
|
// Check if a valid infhandle as passed in....
|
|
// if so, use that, otherwise, use the passed in filename...
|
|
if(InfHandle == INVALID_HANDLE_VALUE)
|
|
{
|
|
// Try to use the filename.
|
|
if (_tcsicmp(szINFFileName, _T("")) == 0)
|
|
{
|
|
goto c1;
|
|
}
|
|
|
|
// we have a filename entry. let's try to use it.
|
|
// Check if the file exists
|
|
if (!IsFileExist(szINFFileName))
|
|
{
|
|
//MessageBox(NULL, "unable to find file", "cannot find file", MB_OK);
|
|
goto c1;
|
|
}
|
|
|
|
// Load the inf file and get the handle
|
|
InfHandle = SetupOpenInfFile(szINFFileName, NULL, INF_STYLE_WIN4, NULL);
|
|
bPleaseCloseInfHandle = TRUE;
|
|
}
|
|
if(InfHandle == INVALID_HANDLE_VALUE) {goto c1;}
|
|
|
|
//
|
|
// See if there is an nt-specific section
|
|
//
|
|
SetupDiGetActualSectionToInstall(InfHandle,szSectionName,ActualSection,sizeof(ActualSection),&ActualSectionLength,NULL);
|
|
|
|
//
|
|
// Create a setup file queue and initialize the default queue callback.
|
|
//
|
|
FileQueue = SetupOpenFileQueue();
|
|
if(FileQueue == INVALID_HANDLE_VALUE) {goto c1;}
|
|
|
|
//QueueContext = SetupInitDefaultQueueCallback(Window);
|
|
//if(!QueueContext) {goto c1;}
|
|
|
|
QueueContext = (PQUEUECONTEXT) SetupInitDefaultQueueCallbackEx(Window,NULL,0,0,0);
|
|
if(!QueueContext) {goto c1;}
|
|
QueueContext->PendingUiType = IDF_CHECKFIRST;
|
|
|
|
//
|
|
// Enqueue file operations for the section passed on the cmd line.
|
|
//
|
|
//SourcePath = NULL;
|
|
// SP_COPY_NOPRUNE = setupapi has a new deal which will prune files from the copyqueue if they already exist on the system.
|
|
// however, the problem with the new deal is that the pruning code does not check if you have the same file
|
|
// queued in the delete or rename queue. specify SP_COPY_NOPRUNE to make sure that our file never gets
|
|
// pruned (removed) from the copy queue. aaronl 12/4/98
|
|
//bReturn = SetupInstallFilesFromInfSection(InfHandle,NULL,FileQueue,ActualSection,SourcePath,SP_COPY_NEWER | SP_COPY_NOPRUNE);
|
|
bReturn = SetupInstallFilesFromInfSection(InfHandle,NULL,FileQueue,ActualSection,SourcePath, SP_COPY_NOPRUNE);
|
|
if(!bReturn) {goto c1;}
|
|
|
|
//
|
|
// Commit file queue.
|
|
//
|
|
if(!SetupCommitFileQueue(Window, FileQueue, SetupDefaultQueueCallback, QueueContext)) {goto c1;}
|
|
|
|
//
|
|
// Perform non-file operations for the section passed on the cmd line.
|
|
//
|
|
bReturn = SetupInstallFromInfSection(Window,InfHandle,ActualSection,SPINST_ALL & ~SPINST_FILES,NULL,NULL,0,NULL,NULL,NULL,NULL);
|
|
if(!bReturn) {goto c1;}
|
|
|
|
//
|
|
// Refresh the desktop.
|
|
//
|
|
SHChangeNotify(SHCNE_ASSOCCHANGED,SHCNF_FLUSHNOWAIT,0,0);
|
|
|
|
//
|
|
// If we get to here, then this routine has been successful.
|
|
//
|
|
bReturnTemp = TRUE;
|
|
|
|
c1:
|
|
//
|
|
// If the bReturnTemp failed and it was because the user cancelled, then we don't want to consider
|
|
// that as an bReturnTemp (i.e., we don't want to give an bReturnTemp popup later).
|
|
//
|
|
if((bReturnTemp != TRUE) && (GetLastError() == ERROR_CANCELLED)) {bReturnTemp = TRUE;}
|
|
if(QueueContext) {SetupTermDefaultQueueCallback(QueueContext);QueueContext = NULL;}
|
|
if(FileQueue != INVALID_HANDLE_VALUE) {SetupCloseFileQueue(FileQueue);FileQueue = INVALID_HANDLE_VALUE;}
|
|
if (bPleaseCloseInfHandle == TRUE)
|
|
{
|
|
if(InfHandle != INVALID_HANDLE_VALUE) {SetupCloseInfFile(InfHandle);InfHandle = INVALID_HANDLE_VALUE;}
|
|
}
|
|
|
|
;}
|
|
__except(EXCEPTION_EXECUTE_HANDLER)
|
|
{
|
|
if(QueueContext) {SetupTermDefaultQueueCallback(QueueContext);}
|
|
if(FileQueue != INVALID_HANDLE_VALUE) {SetupCloseFileQueue(FileQueue);}
|
|
if (bPleaseCloseInfHandle == TRUE)
|
|
{
|
|
if(InfHandle != INVALID_HANDLE_VALUE) {SetupCloseInfFile(InfHandle);InfHandle = INVALID_HANDLE_VALUE;}
|
|
}
|
|
}
|
|
|
|
//
|
|
// If the bReturnTemp failed because the user cancelled, then we don't want to consider
|
|
// that as an bReturnTemp (i.e., we don't want to give an bReturnTemp popup later).
|
|
//
|
|
if((bReturnTemp != TRUE) && (GetLastError() == ERROR_CANCELLED)) {bReturnTemp = TRUE;}
|
|
|
|
// Display installation failed message
|
|
//if(bReturnTemp) {MyMessageBox(NULL, _T("IDS_INF_FAILED"), MB_OK);}
|
|
|
|
iisDebugOut((LOG_TYPE_PROGRAM_FLOW, _T("InstallInfSection.[%s].End.Ret=%d.\n"), szSectionName, bReturnTemp));
|
|
return bReturnTemp;
|
|
}
|
|
|
|
|
|
BOOL IsValidDriveType(LPTSTR szRoot)
|
|
{
|
|
BOOL fReturn = FALSE;
|
|
int i;
|
|
|
|
i = GetDriveType(szRoot);
|
|
|
|
if (i == DRIVE_FIXED) {fReturn = TRUE;}
|
|
|
|
if (i == DRIVE_REMOVABLE)
|
|
{
|
|
BOOL b;
|
|
ULONGLONG TotalSpace;
|
|
DWORD SectorsPerCluster, BytesPerSector, NumberOfFreeClusters, TotalNumberOfClusters;
|
|
DWORD FloppySpace = 10 * 1024 * 1024;// use 10MB to distinguish a floppy from other drives, like JAZ drive 1GB
|
|
b = GetDiskFreeSpace(szRoot,&SectorsPerCluster, &BytesPerSector, &NumberOfFreeClusters, &TotalNumberOfClusters);
|
|
if (b)
|
|
{
|
|
TotalSpace = (ULONGLONG) TotalNumberOfClusters * SectorsPerCluster * BytesPerSector;
|
|
if (TotalSpace > (ULONGLONG) FloppySpace)
|
|
{fReturn = TRUE;}
|
|
else
|
|
{
|
|
iisDebugOutSafeParams((LOG_TYPE_ERROR, _T("GetDiskFreeSpace():Drive=DRIVE_REMOVABLE:Not Sufficient space on drive '%1!s!'. FAIL\n"), szRoot));
|
|
}
|
|
}
|
|
else
|
|
{
|
|
iisDebugOutSafeParams((LOG_TYPE_ERROR, _T("GetDiskFreeSpace(Drive=DRIVE_REMOVABLE) on %1!s! returns err: 0x%2!x!. FAILURE\n"), szRoot, GetLastError()));
|
|
}
|
|
}
|
|
|
|
return (fReturn);
|
|
}
|
|
|
|
// If lpszPath is a valid directory, return TRUE, and pass back the valid path in lpszPath to caller
|
|
// Otherwise, return FALSE.
|
|
BOOL IsValidDirectoryName(LPTSTR lpszPath)
|
|
{
|
|
DWORD err = 0;
|
|
BOOL bReturn = FALSE;
|
|
TCHAR szFullPath[_MAX_PATH];
|
|
LPTSTR p;
|
|
|
|
iisDebugOutSafeParams((LOG_TYPE_TRACE_WIN32_API, _T("IsValidDirectoryName %1!s!\n"), lpszPath));
|
|
err = GetFullPathName(lpszPath, _MAX_PATH, szFullPath, &p);
|
|
if (err != 0)
|
|
{
|
|
if (szFullPath[1] == _T(':')) { // good, not a UNC name
|
|
// make sure it is a FIXED drive
|
|
TCHAR szRoot[4];
|
|
_tcsncpy(szRoot, szFullPath, 3);
|
|
szRoot[3] = _T('\0');
|
|
if (IsValidDriveType(szRoot))
|
|
{
|
|
// OK, ready to create each layered directory
|
|
TCHAR szBuffer[_MAX_PATH];
|
|
LPTSTR token, tail;
|
|
CStringArray aDir;
|
|
int i, n;
|
|
|
|
tail = szBuffer;
|
|
token = _tcstok(szFullPath, _T("\\"));
|
|
if (token)
|
|
{
|
|
_tcscpy(tail, token);
|
|
tail += _tcslen(token);
|
|
bReturn = TRUE; /* return TRUE if in the form of C:\ */
|
|
while (token = _tcstok(NULL, _T("\\")))
|
|
{
|
|
*tail = _T('\\');
|
|
tail = _tcsinc(tail);
|
|
_tcscpy(tail, token);
|
|
// create it & rememeber it
|
|
err = GetFileAttributes(szBuffer);
|
|
if (err == 0xFFFFFFFF)
|
|
{
|
|
// szBuffer contains a non-existing path
|
|
// create it
|
|
if (CreateDirectory(szBuffer, NULL))
|
|
{
|
|
// succeed, remember the directory in an array
|
|
aDir.Add(szBuffer);
|
|
}
|
|
else
|
|
{
|
|
iisDebugOutSafeParams((LOG_TYPE_ERROR, _T("IsValidDirectory:CreateDirectory failed on %1!s!, err=%2!x!.\n"), szBuffer, GetLastError()));
|
|
bReturn = FALSE;
|
|
break;
|
|
}
|
|
} else {
|
|
// szBuffer contains an existing path,
|
|
// make sure it is a directory
|
|
if (!(err & FILE_ATTRIBUTE_DIRECTORY))
|
|
{
|
|
iisDebugOutSafeParams((LOG_TYPE_ERROR, _T("IsValidDirectory failure. %1!s! is not a valid directory.\n"), szBuffer));
|
|
bReturn = FALSE;
|
|
break;
|
|
}
|
|
}
|
|
tail += _tcslen(token);
|
|
}
|
|
if (bReturn)
|
|
{
|
|
// pass the valid directory to the caller
|
|
if (*(tail-1) == _T(':'))
|
|
{
|
|
*tail = _T('\\');
|
|
tail = _tcsinc(tail);
|
|
}
|
|
_tcscpy(lpszPath, szBuffer);
|
|
}
|
|
}
|
|
// remove the created directories we remembered in the array
|
|
n = (int)aDir.GetSize();
|
|
for (i = n-1; i >= 0; i--)
|
|
RemoveDirectory(aDir[i]);
|
|
} else {
|
|
iisDebugOutSafeParams((LOG_TYPE_ERROR, _T("IsValidDirectory failure. %1!s! is not on a valid drive.\n"), szFullPath));
|
|
}
|
|
} else {
|
|
iisDebugOutSafeParams((LOG_TYPE_ERROR, _T("IsValidDirectory failure. UNC name %1!s! is not allowed.\n"), szFullPath));
|
|
}
|
|
} else {
|
|
iisDebugOutSafeParams((LOG_TYPE_ERROR, _T("IsValidDirectory:GetFullPathName failed on %1!s!, err=%2!x!.\n"), lpszPath, GetLastError()));
|
|
}
|
|
|
|
return (bReturn);
|
|
}
|
|
|
|
BOOL IsValidNumber(LPCTSTR szValue)
|
|
{
|
|
LPTSTR p = (LPTSTR)szValue;
|
|
while (*p)
|
|
{
|
|
if ( *p >= _T('0') && *p <= _T('9') )
|
|
{
|
|
p = _tcsinc(p);
|
|
continue;
|
|
} else
|
|
return FALSE;
|
|
}
|
|
return TRUE;
|
|
}
|
|
|
|
// Calculate the size of a Multi-String in TCHAR, including the ending 2 '\0's.
|
|
int GetMultiStrSize(LPTSTR p)
|
|
{
|
|
int c = 0;
|
|
|
|
while (1) {
|
|
if (*p) {
|
|
p++;
|
|
c++;
|
|
} else {
|
|
c++;
|
|
if (*(p+1)) {
|
|
p++;
|
|
} else {
|
|
c++;
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
return c;
|
|
}
|
|
|
|
BOOL IsFileExist(LPCTSTR szFile)
|
|
{
|
|
// Check if the file has expandable Environment strings
|
|
LPTSTR pch = NULL;
|
|
pch = _tcschr( (LPTSTR) szFile, _T('%'));
|
|
if (pch)
|
|
{
|
|
TCHAR szValue[_MAX_PATH];
|
|
_tcscpy(szValue,szFile);
|
|
if (!ExpandEnvironmentStrings( (LPCTSTR)szFile, szValue, sizeof(szValue)/sizeof(TCHAR)))
|
|
{_tcscpy(szValue,szFile);}
|
|
|
|
return (GetFileAttributes(szValue) != 0xFFFFFFFF);
|
|
}
|
|
else
|
|
{
|
|
return (GetFileAttributes(szFile) != 0xFFFFFFFF);
|
|
}
|
|
}
|
|
|
|
void InetGetFilePath(LPCTSTR szFile, LPTSTR szPath)
|
|
{
|
|
// if UNC name \\computer\share\local1\local2
|
|
if (*szFile == _T('\\') && *(_tcsinc(szFile)) == _T('\\')) {
|
|
TCHAR szTemp[_MAX_PATH], szLocal[_MAX_PATH];
|
|
TCHAR *p = NULL;
|
|
int i = 0;
|
|
|
|
_tcscpy(szTemp, szFile);
|
|
p = szTemp;
|
|
while (*p) {
|
|
if (*p == _T('\\'))
|
|
i++;
|
|
if (i == 4) {
|
|
*p = _T('\0');
|
|
p = _tcsinc(p); // p is now pointing at local1\local2
|
|
break;
|
|
}
|
|
p = _tcsinc(p);
|
|
}
|
|
_tcscpy(szPath, szTemp); // now szPath contains \\computer\share
|
|
|
|
if (i == 4 && *p) { // p is pointing the local path now
|
|
_tcscpy(szLocal, p);
|
|
p = _tcsrchr(szLocal, _T('\\'));
|
|
if (p)
|
|
*p = _T('\0');
|
|
_tcscat(szPath, _T("\\"));
|
|
_tcscat(szPath, szLocal); // szPath contains \\computer\share\local1
|
|
}
|
|
} else { // NOT UNC name
|
|
TCHAR *p;
|
|
if (GetFullPathName(szFile, _MAX_PATH, szPath, &p)) {
|
|
p = _tcsrchr(szPath, _T('\\'));
|
|
if (p)
|
|
{
|
|
TCHAR *p2 = NULL;
|
|
p2 = _tcsdec(szPath, p);
|
|
if (p2)
|
|
{
|
|
if (*p2 == _T(':') )
|
|
{p = _tcsinc(p);}
|
|
}
|
|
*p = _T('\0');
|
|
}
|
|
} else {
|
|
iisDebugOutSafeParams((LOG_TYPE_WARN, _T("GetFullPathName: szFile=%1!s!, err=%2!d!\n"), szFile, GetLastError()));
|
|
MyMessageBox(NULL, _T("GetFullPathName"), GetLastError(), MB_OK | MB_SETFOREGROUND);
|
|
}
|
|
}
|
|
|
|
return;
|
|
}
|
|
|
|
|
|
BOOL InetDeleteFile(LPCTSTR szFileName)
|
|
{
|
|
// if file exists but DeleteFile() fails
|
|
if ( IsFileExist(szFileName) && !(::DeleteFile(szFileName)) ) {
|
|
// if we cannot delete it, then move delay until reboot
|
|
// move it to top level dir on the same drive, and mark it as hidden
|
|
// Note: MoveFileEx() works only on the same drive if dealing with file-in-use
|
|
TCHAR TmpName[_MAX_PATH];
|
|
TCHAR csTmpPath[5] = _T("C:\\.");
|
|
csTmpPath[0] = *szFileName;
|
|
if ( GetTempFileName( (LPCTSTR)csTmpPath, _T("INT"), 0, TmpName ) == 0 ||
|
|
!MoveFileEx( szFileName, TmpName, MOVEFILE_REPLACE_EXISTING|MOVEFILE_COPY_ALLOWED|MOVEFILE_WRITE_THROUGH ) ) {
|
|
return FALSE;
|
|
}
|
|
MoveFileEx( TmpName, NULL, MOVEFILE_DELAY_UNTIL_REBOOT );
|
|
SetFileAttributes(TmpName, FILE_ATTRIBUTE_HIDDEN);
|
|
}
|
|
|
|
return TRUE;
|
|
}
|
|
|
|
BOOL InetCopyFile( LPCTSTR szSrc, LPCTSTR szDest)
|
|
{
|
|
INT err;
|
|
INT fSrc;
|
|
INT fDest;
|
|
OFSTRUCT ofstruct;
|
|
|
|
do {
|
|
// open source file
|
|
iisDebugOut_Start((_T("LZ32.dll:LZOpenFile()")));
|
|
if (( fSrc = LZOpenFile( (LPTSTR)szSrc, &ofstruct, OF_READ | OF_SHARE_DENY_NONE )) < 0 )
|
|
{
|
|
iisDebugOut_End((_T("LZ32.dll:LZOpenFile")));
|
|
// cannot open src file
|
|
LZClose(fSrc);
|
|
|
|
UINT iMsg = MyMessageBox( NULL, IDS_CANNOT_OPEN_SRC_FILE, szSrc, MB_ABORTRETRYIGNORE | MB_SETFOREGROUND );
|
|
switch ( iMsg )
|
|
{
|
|
case IDABORT:
|
|
return FALSE;
|
|
case IDRETRY:
|
|
break;
|
|
case IDIGNORE:
|
|
default:
|
|
return TRUE;
|
|
}
|
|
}
|
|
else
|
|
{
|
|
iisDebugOut_End((_T("LZ32.dll:LZOpenFile")));
|
|
break;
|
|
}
|
|
} while (TRUE);
|
|
|
|
// move the desintation file
|
|
CFileStatus status;
|
|
if ( CFile::GetStatus( szDest, status ))
|
|
{
|
|
// try to remove it
|
|
if ( !InetDeleteFile( szDest ))
|
|
{
|
|
LZClose( fSrc );
|
|
return TRUE;
|
|
}
|
|
}
|
|
|
|
// open desination file
|
|
do {
|
|
iisDebugOut_Start((_T("LZ32.dll:LZOpenFile()")));
|
|
if (( fDest = LZOpenFile( (LPTSTR)szDest, &ofstruct, OF_CREATE | OF_WRITE | OF_SHARE_DENY_NONE )) < 0 )
|
|
{
|
|
iisDebugOut_End((_T("LZ32.dll:LZOpenFile")));
|
|
LZClose(fDest);
|
|
|
|
UINT iMsg = MyMessageBox( NULL, IDS_CANNOT_OPEN_DEST_FILE, szDest, MB_ABORTRETRYIGNORE | MB_SETFOREGROUND );
|
|
switch ( iMsg )
|
|
{
|
|
case IDABORT:
|
|
LZClose(fSrc);
|
|
return FALSE;
|
|
case IDRETRY:
|
|
break;
|
|
case IDIGNORE:
|
|
default:
|
|
LZClose(fSrc);
|
|
return TRUE;
|
|
}
|
|
}
|
|
else
|
|
{
|
|
iisDebugOut_End((_T("LZ32.dll:LZOpenFile")));
|
|
break;
|
|
}
|
|
} while (TRUE);
|
|
|
|
do {
|
|
iisDebugOut_Start((_T("LZ32.dll:LZCopy()")));
|
|
if (( err = LZCopy( fSrc, fDest )) < 0 )
|
|
{
|
|
iisDebugOut_End((_T("LZ32.dll:LZCopy")));
|
|
LZClose( fSrc );
|
|
LZClose( fDest );
|
|
|
|
UINT iMsg = MyMessageBox( NULL, IDS_CANNOT_COPY_FILE, szSrc,szDest,ERROR_CANNOT_COPY, MB_ABORTRETRYIGNORE | MB_SETFOREGROUND );
|
|
switch ( iMsg )
|
|
{
|
|
case IDABORT:
|
|
return FALSE;
|
|
case IDRETRY:
|
|
break;
|
|
case IDIGNORE:
|
|
default:
|
|
return TRUE;
|
|
}
|
|
}
|
|
else
|
|
{
|
|
iisDebugOut_End((_T("LZ32.dll:LZCopy")));
|
|
LZClose( fSrc );
|
|
LZClose( fDest );
|
|
break;
|
|
}
|
|
} while (TRUE);
|
|
|
|
return TRUE;
|
|
}
|
|
|
|
// Given a fullpathname of a directory, remove any empty dirs under it including itself
|
|
|
|
BOOL RecRemoveEmptyDir(LPCTSTR szName)
|
|
{
|
|
BOOL fReturn = FALSE;
|
|
DWORD retCode;
|
|
BOOL fRemoveDir = TRUE;
|
|
WIN32_FIND_DATA FindFileData;
|
|
HANDLE hFile = INVALID_HANDLE_VALUE;
|
|
TCHAR szSubDir[_MAX_PATH] = _T("");
|
|
TCHAR szDirName[_MAX_PATH] = _T("");
|
|
|
|
retCode = GetFileAttributes(szName);
|
|
|
|
if (retCode == 0xFFFFFFFF || !(retCode & FILE_ATTRIBUTE_DIRECTORY))
|
|
return FALSE;
|
|
|
|
_stprintf(szDirName, _T("%s\\*"), szName);
|
|
hFile = FindFirstFile(szDirName, &FindFileData);
|
|
|
|
if (hFile != INVALID_HANDLE_VALUE) {
|
|
do {
|
|
if (_tcsicmp(FindFileData.cFileName, _T(".")) != 0 &&
|
|
_tcsicmp(FindFileData.cFileName, _T("..")) != 0 ) {
|
|
if (FindFileData.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY) {
|
|
_stprintf(szSubDir, _T("%s\\%s"), szName, FindFileData.cFileName);
|
|
fRemoveDir = RecRemoveEmptyDir(szSubDir) && fRemoveDir;
|
|
} else {
|
|
CString csFileName = FindFileData.cFileName;
|
|
CString csPrefix = csFileName.Left(3);
|
|
CString csSuffix = csFileName.Right(4);
|
|
if (_tcsicmp(csPrefix, _T("INT")) == 0 &&
|
|
_tcsicmp(csSuffix, _T(".tmp")) == 0 ) { // this is an INT*.tmp created by IIS
|
|
_stprintf(szSubDir, _T("%s\\%s"), szName, FindFileData.cFileName);
|
|
if (!::DeleteFile(szSubDir))
|
|
fRemoveDir = FALSE; // this dir is not empty
|
|
} else
|
|
fRemoveDir = FALSE; // it is a file, this Dir is not empty
|
|
}
|
|
}
|
|
|
|
if (!FindNextFile(hFile, &FindFileData)) {
|
|
FindClose(hFile);
|
|
break;
|
|
}
|
|
} while (TRUE);
|
|
}
|
|
|
|
if (fRemoveDir) {
|
|
TCHAR szDirName[_MAX_PATH];
|
|
GetCurrentDirectory( _MAX_PATH, szDirName );
|
|
SetCurrentDirectory(g_pTheApp->m_csSysDir);
|
|
fReturn = ::RemoveDirectory(szName);
|
|
SetCurrentDirectory(szDirName);
|
|
}
|
|
|
|
return fReturn;
|
|
|
|
}
|
|
|
|
// Given a fullpathname of a directory, remove the directory node
|
|
|
|
BOOL RecRemoveDir(LPCTSTR szName)
|
|
{
|
|
DWORD retCode;
|
|
WIN32_FIND_DATA FindFileData;
|
|
HANDLE hFile = INVALID_HANDLE_VALUE;
|
|
TCHAR szSubDir[_MAX_PATH] = _T("");
|
|
TCHAR szDirName[_MAX_PATH] = _T("");
|
|
|
|
retCode = GetFileAttributes(szName);
|
|
|
|
if (retCode == 0xFFFFFFFF)
|
|
return FALSE;
|
|
|
|
if (!(retCode & FILE_ATTRIBUTE_DIRECTORY)) {
|
|
InetDeleteFile(szName);
|
|
return TRUE;
|
|
}
|
|
|
|
_stprintf(szDirName, _T("%s\\*"), szName);
|
|
hFile = FindFirstFile(szDirName, &FindFileData);
|
|
|
|
if (hFile != INVALID_HANDLE_VALUE) {
|
|
do {
|
|
if ( _tcsicmp(FindFileData.cFileName, _T(".")) != 0 &&
|
|
_tcsicmp(FindFileData.cFileName, _T("..")) != 0 ) {
|
|
_stprintf(szSubDir, _T("%s\\%s"), szName, FindFileData.cFileName);
|
|
RecRemoveDir(szSubDir);
|
|
}
|
|
|
|
if ( !FindNextFile(hFile, &FindFileData) ) {
|
|
FindClose(hFile);
|
|
break;
|
|
}
|
|
} while (TRUE);
|
|
}
|
|
|
|
return( ::RemoveDirectory(szName) );
|
|
}
|
|
|
|
|
|
//
|
|
// Given a directory path, this subroutine will create the direct layer by layer
|
|
//
|
|
|
|
BOOL CreateLayerDirectory( CString &str )
|
|
{
|
|
BOOL fReturn = TRUE;
|
|
|
|
iisDebugOutSafeParams((LOG_TYPE_TRACE_WIN32_API, _T("CreateLayerDirectory %1!s!\n"), (LPCTSTR)str));
|
|
do
|
|
{
|
|
INT index=0;
|
|
// INT iLength = str.GetLength();
|
|
INT iLength = _tcslen(str);
|
|
|
|
// first find the index for the first directory
|
|
if ( iLength > 2 )
|
|
{
|
|
if ( *_tcsninc(str,1) == _T(':'))
|
|
{
|
|
// assume the first character is driver letter
|
|
if ( *_tcsninc(str,2) == _T('\\'))
|
|
{
|
|
index = 2;
|
|
} else
|
|
{
|
|
index = 1;
|
|
}
|
|
} else if ( *_tcsninc(str,0) == _T('\\'))
|
|
{
|
|
if ( *_tcsninc(str,1) == _T('\\'))
|
|
{
|
|
BOOL fFound = FALSE;
|
|
INT i;
|
|
INT nNum = 0;
|
|
// unc name
|
|
for (i = 2; i < iLength; i++ )
|
|
{
|
|
if ( *_tcsninc(str,i) == _T('\\'))
|
|
{
|
|
// find it
|
|
nNum ++;
|
|
if ( nNum == 2 )
|
|
{
|
|
fFound = TRUE;
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
if ( fFound )
|
|
{
|
|
index = i;
|
|
} else
|
|
{
|
|
// bad name
|
|
break;
|
|
}
|
|
} else
|
|
{
|
|
index = 1;
|
|
}
|
|
}
|
|
} else if ( *_tcsninc(str,0) == _T('\\'))
|
|
{
|
|
index = 0;
|
|
}
|
|
|
|
// okay ... build directory
|
|
do
|
|
{
|
|
// find next one
|
|
do
|
|
{
|
|
if ( index < ( iLength - 1))
|
|
{
|
|
index ++;
|
|
} else
|
|
{
|
|
break;
|
|
}
|
|
} while ( *_tcsninc(str,index) != _T('\\'));
|
|
|
|
|
|
TCHAR szCurrentDir[_MAX_PATH+1];
|
|
TCHAR szLeftDir[_MAX_PATH+1];
|
|
ZeroMemory( szLeftDir, _MAX_PATH+1 );
|
|
|
|
GetCurrentDirectory( _MAX_PATH+1, szCurrentDir );
|
|
|
|
_tcsncpy( szLeftDir, str, index + 1 );
|
|
if ( !SetCurrentDirectory(szLeftDir) )
|
|
{
|
|
if (( fReturn = CreateDirectory( szLeftDir, NULL )) != TRUE )
|
|
{
|
|
break;
|
|
}
|
|
}
|
|
|
|
SetCurrentDirectory( szCurrentDir );
|
|
|
|
if ( index >= ( iLength - 1 ))
|
|
{
|
|
fReturn = TRUE;
|
|
break;
|
|
}
|
|
} while ( TRUE );
|
|
} while (FALSE);
|
|
|
|
return(fReturn);
|
|
}
|
|
|
|
|
|
// szResult = szParentDir \ szSubDir
|
|
BOOL AppendDir(LPCTSTR szParentDir, LPCTSTR szSubDir, LPTSTR szResult)
|
|
{
|
|
LPTSTR p = (LPTSTR)szParentDir;
|
|
|
|
ASSERT(szParentDir);
|
|
ASSERT(szSubDir);
|
|
ASSERT(*szSubDir && *szSubDir != _T('\\'));
|
|
|
|
if (*szParentDir == _T('\0'))
|
|
_tcscpy(szResult, szSubDir);
|
|
else {
|
|
_tcscpy(szResult, szParentDir);
|
|
|
|
p = szResult;
|
|
while (*p)
|
|
p = _tcsinc(p);
|
|
|
|
if (*(_tcsdec(szResult, p)) != _T('\\'))
|
|
_tcscat(szResult, _T("\\"));
|
|
|
|
_tcscat(szResult, szSubDir);
|
|
}
|
|
return TRUE;
|
|
}
|
|
|
|
|
|
|
|
//***************************************************************************
|
|
//*
|
|
//* purpose: add's filename onto path
|
|
//*
|
|
//***************************************************************************
|
|
void AddPath(LPTSTR szPath, LPCTSTR szName )
|
|
{
|
|
LPTSTR p = szPath;
|
|
LPTSTR pPrev;
|
|
ASSERT(szPath);
|
|
ASSERT(szName);
|
|
|
|
// Find end of the string
|
|
while (*p){p = _tcsinc(p);}
|
|
|
|
// If no trailing backslash then add one
|
|
pPrev = _tcsdec(szPath, p);
|
|
if ( (!pPrev) ||
|
|
(*(pPrev) != _T('\\'))
|
|
)
|
|
{_tcscat(szPath, _T("\\"));}
|
|
|
|
// if there are spaces precluding szName, then skip
|
|
while ( *szName == ' ' ) szName = _tcsinc(szName);;
|
|
|
|
// Add new name to existing path string
|
|
_tcscat(szPath, szName);
|
|
}
|
|
|
|
|
|
CString AddPath(CString szPath, LPCTSTR szName )
|
|
{
|
|
TCHAR szPathCopy[_MAX_PATH] = _T("");
|
|
_tcscpy(szPathCopy,szPath);
|
|
LPTSTR p = szPathCopy;
|
|
ASSERT(szPathCopy);
|
|
ASSERT(szName);
|
|
|
|
// Find end of the string
|
|
while (*p){p = _tcsinc(p);}
|
|
|
|
// If no trailing backslash then add one
|
|
if (*(_tcsdec(szPathCopy, p)) != _T('\\'))
|
|
{_tcscat(szPathCopy, _T("\\"));}
|
|
|
|
// if there are spaces precluding szName, then skip
|
|
while ( *szName == _T(' ') ) szName = _tcsinc(szName);;
|
|
|
|
// make sure that the szName
|
|
// does not look like this "\filename"
|
|
CString csTempString = szName;
|
|
if (_tcsicmp(csTempString.Left(1), _T("\\")) == 0)
|
|
{
|
|
csTempString = csTempString.Right( csTempString.GetLength() - 1);
|
|
}
|
|
|
|
// Add new name to existing path string
|
|
_tcscat(szPathCopy, csTempString);
|
|
|
|
return szPathCopy;
|
|
//szPath = szPathCopy;
|
|
}
|
|
|
|
|
|
BOOL ReturnFileNameOnly(LPCTSTR lpFullPath, LPTSTR lpReturnFileName)
|
|
{
|
|
int iReturn = FALSE;
|
|
|
|
TCHAR pfilename_only[_MAX_FNAME];
|
|
TCHAR pextention_only[_MAX_EXT];
|
|
|
|
_tcscpy(lpReturnFileName, _T(""));
|
|
|
|
_tsplitpath( lpFullPath, NULL, NULL, pfilename_only, pextention_only);
|
|
if (pextention_only) {_tcscat(pfilename_only,pextention_only);}
|
|
if (pfilename_only)
|
|
{
|
|
_tcscpy(lpReturnFileName, pfilename_only);
|
|
iReturn = TRUE;
|
|
}
|
|
else
|
|
{
|
|
// well, we don't have anything in pfilename_only
|
|
// that's probably because we got some strange path name like:
|
|
// /??/c:\somethng\filename.txt
|
|
// so... let's just return everything after the last "\" character.
|
|
LPTSTR pszTheLastBackSlash = _tcsrchr((LPTSTR) lpFullPath, _T('\\'));
|
|
_tcscpy(lpReturnFileName, pszTheLastBackSlash);
|
|
iReturn = TRUE;
|
|
}
|
|
return iReturn;
|
|
}
|
|
|
|
|
|
BOOL ReturnFilePathOnly(LPCTSTR lpFullPath, LPTSTR lpReturnPathOnly)
|
|
{
|
|
int iReturn = FALSE;
|
|
TCHAR szDrive_only[_MAX_DRIVE];
|
|
TCHAR szPath_only[_MAX_PATH];
|
|
TCHAR szFilename_only[_MAX_PATH];
|
|
TCHAR szFilename_ext_only[_MAX_EXT];
|
|
|
|
_tcscpy(lpReturnPathOnly, _T(""));
|
|
_tsplitpath( lpFullPath, szDrive_only, szPath_only, szFilename_only, szFilename_ext_only);
|
|
_tcscpy(lpReturnPathOnly, szDrive_only);
|
|
_tcscat(lpReturnPathOnly, szPath_only);
|
|
iReturn = TRUE;
|
|
|
|
return iReturn;
|
|
}
|
|
|
|
|
|
void DeleteFilesWildcard(TCHAR *szDir, TCHAR *szFileName)
|
|
{
|
|
WIN32_FIND_DATA FindFileData;
|
|
HANDLE hFile = INVALID_HANDLE_VALUE;
|
|
TCHAR szFileToBeDeleted[_MAX_PATH];
|
|
|
|
_stprintf(szFileToBeDeleted, _T("%s\\%s"), szDir, szFileName);
|
|
|
|
hFile = FindFirstFile(szFileToBeDeleted, &FindFileData);
|
|
if (hFile != INVALID_HANDLE_VALUE)
|
|
{
|
|
do {
|
|
if ( _tcsicmp(FindFileData.cFileName, _T(".")) != 0 && _tcsicmp(FindFileData.cFileName, _T("..")) != 0 )
|
|
{
|
|
if (FindFileData.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY)
|
|
{
|
|
// this is a directory, so let's skip it
|
|
}
|
|
else
|
|
{
|
|
// this is a file, so let's Delete it.
|
|
TCHAR szTempFileName[_MAX_PATH];
|
|
_stprintf(szTempFileName, _T("%s\\%s"), szDir, FindFileData.cFileName);
|
|
// set to normal attributes, so we can delete it
|
|
SetFileAttributes(szTempFileName, FILE_ATTRIBUTE_NORMAL);
|
|
// delete it, hopefully
|
|
InetDeleteFile(szTempFileName);
|
|
}
|
|
}
|
|
|
|
// get the next file
|
|
if ( !FindNextFile(hFile, &FindFileData) )
|
|
{
|
|
FindClose(hFile);
|
|
break;
|
|
}
|
|
} while (TRUE);
|
|
}
|
|
|
|
return;
|
|
}
|
|
|
|
|
|
int IsThisDriveNTFS(IN LPTSTR FileName)
|
|
{
|
|
BOOL Ntfs = FALSE;
|
|
TCHAR szDriveRootPath[_MAX_DRIVE + 5];
|
|
DWORD DontCare;
|
|
TCHAR NameBuffer[100];
|
|
|
|
// get the Drive only.
|
|
_tsplitpath( FileName, szDriveRootPath, NULL, NULL, NULL);
|
|
_tcscat(szDriveRootPath, _T("\\"));
|
|
|
|
//
|
|
// find out what the file system is
|
|
//
|
|
if (0 != GetVolumeInformation(szDriveRootPath,NULL,0,NULL,&DontCare,&DontCare,NameBuffer,sizeof(NameBuffer)/sizeof(TCHAR)))
|
|
{
|
|
if (0 == _tcsicmp(NameBuffer,_T("NTFS")))
|
|
{Ntfs = TRUE;}
|
|
}
|
|
|
|
return Ntfs;
|
|
}
|
|
|
|
|
|
// take something like
|
|
// e:\winnt\system32 and return back %systemroot%\system23
|
|
// e:\winnt\system32\inetsrv and return back %systemroot%\system23\inetsrv
|
|
int ReverseExpandEnvironmentStrings(LPTSTR szOriginalDir,LPTSTR szNewlyMungedDir)
|
|
{
|
|
int iReturn = FALSE;
|
|
int iWhere = 0;
|
|
TCHAR szSystemDir[_MAX_PATH];
|
|
CString csTempString;
|
|
CString csTempString2;
|
|
|
|
// default it with the input string
|
|
_tcscpy(szNewlyMungedDir, szOriginalDir);
|
|
|
|
// get the c:\winnt\system32 dir
|
|
if (0 == GetSystemDirectory(szSystemDir, _MAX_PATH))
|
|
{
|
|
// we weren't able to get the systemdirectory, so just return whatever was put in
|
|
iReturn = TRUE;
|
|
goto ReverseExpandEnvironmentStrings_Exit;
|
|
}
|
|
|
|
csTempString = szOriginalDir;
|
|
csTempString2 = szSystemDir;
|
|
|
|
// Find the "e:\winnt\system32"
|
|
iWhere = csTempString.Find(szSystemDir);
|
|
if (-1 != iWhere)
|
|
{
|
|
CString AfterString;
|
|
|
|
// there is a "e:\winnt\system32" in the string
|
|
// Get the after e:\winnt\system32 stuff
|
|
AfterString = csTempString.Right(csTempString.GetLength() - (iWhere + csTempString2.GetLength()));
|
|
|
|
// Take everything after the string and append it to our new string.
|
|
_tcscpy(szNewlyMungedDir, _T("%SystemRoot%\\System32"));
|
|
_tcscat(szNewlyMungedDir, AfterString);
|
|
|
|
// return true!
|
|
iReturn = TRUE;
|
|
}
|
|
|
|
ReverseExpandEnvironmentStrings_Exit:
|
|
return iReturn;
|
|
}
|
|
|
|
|
|
DWORD ReturnFileSize(LPCTSTR myFileName)
|
|
{
|
|
DWORD dwReturn = 0xFFFFFFFF;
|
|
HANDLE hFile = CreateFile(myFileName, GENERIC_READ, 0, NULL, OPEN_EXISTING,FILE_ATTRIBUTE_NORMAL, NULL);
|
|
if (hFile != INVALID_HANDLE_VALUE)
|
|
{
|
|
dwReturn = GetFileSize(hFile, NULL);
|
|
CloseHandle(hFile);
|
|
}
|
|
return dwReturn;
|
|
}
|
|
|
|
|
|
BOOL IsFileExist_NormalOrCompressed(LPCTSTR szFile)
|
|
{
|
|
int iReturn = FALSE;
|
|
TCHAR szDrive_only[_MAX_DRIVE];
|
|
TCHAR szPath_only[_MAX_PATH];
|
|
TCHAR szFilename_only[_MAX_PATH];
|
|
TCHAR szFilename_ext_only[_MAX_EXT];
|
|
|
|
TCHAR szCompressedName[_MAX_PATH];
|
|
|
|
// Check if the file exsts
|
|
// if it doesn't, check if maybe the compressed file exists.
|
|
iisDebugOut((LOG_TYPE_TRACE_WIN32_API, _T("IsFileExist_NormalOrCompressed:%s.\n"), szFile));
|
|
if (IsFileExist(szFile) != TRUE)
|
|
{
|
|
iisDebugOut((LOG_TYPE_TRACE_WIN32_API, _T("IsFileExist_NormalOrCompressed:%s not exist.\n"), szFile));
|
|
// check if maybe the compressed file exists
|
|
_tsplitpath( szFile, szDrive_only, szPath_only, szFilename_only, szFilename_ext_only);
|
|
|
|
// Replace the last character with an '_'
|
|
int nLen = 0;
|
|
nLen = _tcslen(szFilename_ext_only);
|
|
*_tcsninc(szFilename_ext_only, nLen-1) = _T('_');
|
|
_stprintf(szCompressedName,_T("%s%s%s%s"),szDrive_only, szPath_only, szFilename_only, szFilename_ext_only);
|
|
|
|
// see if it exists
|
|
iisDebugOut((LOG_TYPE_TRACE_WIN32_API, _T("IsFileExist_NormalOrCompressed:%s.\n"), szCompressedName));
|
|
if (IsFileExist(szCompressedName) != TRUE)
|
|
{
|
|
iisDebugOut((LOG_TYPE_TRACE_WIN32_API, _T("IsFileExist_NormalOrCompressed:%s. no exist.\n"), szCompressedName));
|
|
goto IsFileExist_RegOrCompressed_Exit;
|
|
}
|
|
else
|
|
{
|
|
iisDebugOut((LOG_TYPE_TRACE_WIN32_API, _T("IsFileExist_NormalOrCompressed:%s. exist.\n"), szCompressedName));
|
|
}
|
|
}
|
|
|
|
// we got this far, that must mean things are okay.
|
|
iReturn = TRUE;
|
|
|
|
IsFileExist_RegOrCompressed_Exit:
|
|
return iReturn;
|
|
}
|
|
|
|
|
|
// Clean leading & trailing spaces
|
|
// Clean trailing backslashes
|
|
BOOL CleanPathString(LPTSTR szPath)
|
|
{
|
|
CString csPath = szPath;
|
|
|
|
csPath.TrimLeft();
|
|
csPath.TrimRight();
|
|
|
|
_tcscpy(szPath, (LPCTSTR)csPath);
|
|
|
|
return TRUE;
|
|
}
|
|
|
|
|
|
//
|
|
// Return 0 if there was nothing to compare
|
|
// Return 1 if Source is Equal to Destination
|
|
// Return 2 if Source is Larger than Destination
|
|
// Return 3 if Source is Less than Destination
|
|
//
|
|
INT VerCmp(LPTSTR szSrcVerString, LPTSTR szDestVerString)
|
|
{
|
|
INT iReturn = 0;
|
|
const DWORD MAX_NUM_OF_VER_FIELDS = 32;
|
|
DWORD dwSrcVer[MAX_NUM_OF_VER_FIELDS], dwDestVer[MAX_NUM_OF_VER_FIELDS];
|
|
memset( (PVOID)dwSrcVer, 0, sizeof(dwSrcVer));
|
|
memset( (PVOID)dwDestVer, 0, sizeof(dwDestVer));
|
|
int i=0;
|
|
TCHAR szSeps[] = _T(".");
|
|
TCHAR *token;
|
|
BOOL bNotEqual = FALSE;
|
|
|
|
// expand src version string into a dword arrary
|
|
i = 0;
|
|
token = _tcstok(szSrcVerString, szSeps);
|
|
while ( token && (i < MAX_NUM_OF_VER_FIELDS) ) {
|
|
dwSrcVer[i++] = _ttoi(token);
|
|
token = _tcstok(NULL, szSeps);
|
|
}
|
|
|
|
// expand dest version string into a dword arrary
|
|
i = 0;
|
|
token = _tcstok(szDestVerString, szSeps);
|
|
while ( token && (i < MAX_NUM_OF_VER_FIELDS) ) {
|
|
dwDestVer[i++] = _ttoi(token);
|
|
token = _tcstok(NULL, szSeps);
|
|
}
|
|
|
|
// Check for Equality
|
|
for (i=0; i<MAX_NUM_OF_VER_FIELDS; i++)
|
|
{
|
|
if (dwSrcVer[i] != dwDestVer[i])
|
|
{
|
|
bNotEqual = TRUE;
|
|
break;
|
|
}
|
|
}
|
|
|
|
if (TRUE == bNotEqual)
|
|
{
|
|
// int compare each field
|
|
for (i=0; i<MAX_NUM_OF_VER_FIELDS; i++)
|
|
{
|
|
if (dwSrcVer[i] > dwDestVer[i])
|
|
{return 2;}
|
|
if (dwSrcVer[i] < dwDestVer[i])
|
|
{return 3;}
|
|
}
|
|
// if we haven't return here, then
|
|
// there probably wasn't anything to loop thru (for 0=0 till 0)
|
|
return 0;
|
|
}
|
|
else
|
|
{
|
|
// it is equal so return so
|
|
return 1;
|
|
}
|
|
}
|
|
|
|
|
|
DWORD atodw(LPCTSTR lpszData)
|
|
{
|
|
DWORD i = 0, sum = 0;
|
|
TCHAR *s, *t;
|
|
|
|
s = (LPTSTR)lpszData;
|
|
t = (LPTSTR)lpszData;
|
|
|
|
while (*t)
|
|
t = _tcsinc(t);
|
|
t = _tcsdec(lpszData, t);
|
|
|
|
if (*s == _T('0') && (*(_tcsinc(s)) == _T('x') || *(_tcsinc(s)) == _T('X')))
|
|
s = _tcsninc(s, 2);
|
|
|
|
while (s <= t) {
|
|
if ( *s >= _T('0') && *s <= _T('9') )
|
|
i = *s - _T('0');
|
|
else if ( *s >= _T('a') && *s <= _T('f') )
|
|
i = *s - _T('a') + 10;
|
|
else if ( *s >= _T('A') && *s <= _T('F') )
|
|
i = *s - _T('A') + 10;
|
|
else
|
|
break;
|
|
|
|
sum = sum * 16 + i;
|
|
s = _tcsinc(s);
|
|
}
|
|
return sum;
|
|
}
|
|
|
|
|
|
void MakePath(LPTSTR lpPath)
|
|
{
|
|
LPTSTR lpTmp;
|
|
lpTmp = CharPrev( lpPath, lpPath + _tcslen(lpPath));
|
|
|
|
// chop filename off
|
|
while ( (lpTmp > lpPath) && *lpTmp && (*lpTmp != '\\') )
|
|
lpTmp = CharPrev( lpPath, lpTmp );
|
|
|
|
if ( *CharPrev( lpPath, lpTmp ) != ':' )
|
|
*lpTmp = '\0';
|
|
else
|
|
*CharNext(lpTmp) = '\0';
|
|
return;
|
|
}
|
|
|
|
|
|
CString ReturnUniqueFileName(CString csInputFullName)
|
|
{
|
|
TCHAR szPathCopy[_MAX_PATH] = _T("");
|
|
_tcscpy(szPathCopy,csInputFullName);
|
|
long iNum = 1;
|
|
do
|
|
{
|
|
_stprintf(szPathCopy,TEXT("%s.%d"),csInputFullName,iNum);
|
|
// Check if the file exists
|
|
if (!IsFileExist(szPathCopy)){goto ReturnUniqueFileName_Exit;}
|
|
iNum++;
|
|
} while (iNum <= 50);
|
|
|
|
ReturnUniqueFileName_Exit:
|
|
// returns %s50 if there are fifty copies aleady!
|
|
return szPathCopy;
|
|
}
|
|
|
|
|
|
/*---------------------------------------------------------------------------*
|
|
Description: Displays the current running version of setup to the debug
|
|
output and setup log.
|
|
-----------------------------------------------------------------------------*/
|
|
void DisplayVerOnCurrentModule()
|
|
{
|
|
TCHAR tszModuleName[_MAX_PATH+1];
|
|
GetModuleFileName((HINSTANCE)g_MyModuleHandle, tszModuleName, _MAX_PATH+1);
|
|
LogFileVersion(tszModuleName, TRUE);
|
|
return;
|
|
}
|
|
|
|
void MyGetVersionFromFile(LPCTSTR lpszFilename, LPDWORD pdwMSVer, LPDWORD pdwLSVer, LPTSTR pszReturnLocalizedVersion)
|
|
{
|
|
struct TRANSARRAY {
|
|
WORD wLanguageID;
|
|
WORD wCharacterSet;
|
|
};
|
|
unsigned uiSize;
|
|
DWORD dwVerInfoSize;
|
|
DWORD dwHandle;
|
|
VS_FIXEDFILEINFO * lpVSFixedFileInfo;
|
|
LPTSTR lpBuffer = NULL;
|
|
LPVOID lpVerBuffer = NULL;
|
|
|
|
LPTSTR pszTheResult = NULL;
|
|
TCHAR QueryString[48] = _T("");
|
|
TRANSARRAY *lpTransArray;
|
|
|
|
*pdwMSVer = *pdwLSVer = 0L;
|
|
|
|
dwVerInfoSize = GetFileVersionInfoSize( (LPTSTR) lpszFilename, &dwHandle);
|
|
if (dwVerInfoSize)
|
|
{
|
|
// Alloc the memory for the version stamping
|
|
lpBuffer = (LPTSTR) LocalAlloc(LPTR, dwVerInfoSize);
|
|
if (lpBuffer)
|
|
{
|
|
int iTemp = 0;
|
|
iTemp = GetFileVersionInfo( (LPTSTR) lpszFilename, dwHandle, dwVerInfoSize, lpBuffer);
|
|
|
|
// Read version stamping info
|
|
if (iTemp)
|
|
{
|
|
// Get the value for Translation
|
|
if (VerQueryValue(lpBuffer, _T("\\"), (LPVOID*)&lpVSFixedFileInfo, &uiSize) && (uiSize))
|
|
{
|
|
*pdwMSVer = lpVSFixedFileInfo->dwFileVersionMS;
|
|
*pdwLSVer = lpVSFixedFileInfo->dwFileVersionLS;
|
|
}
|
|
|
|
// get a pointer to the translation table information
|
|
if (VerQueryValue(lpBuffer, _T("\\VarFileInfo\\Translation"), &lpVerBuffer, &uiSize) && (uiSize))
|
|
{
|
|
lpTransArray = (TRANSARRAY *) lpVerBuffer;
|
|
// lpTransArray points to the translation array. dwFixedLength has number of bytes in array
|
|
_stprintf(QueryString, _T("\\StringFileInfo\\%04x%04x\\FileVersion"), lpTransArray[0].wLanguageID, lpTransArray[0].wCharacterSet);
|
|
if (VerQueryValue(lpBuffer, QueryString, (LPVOID*) &pszTheResult, &uiSize))
|
|
{
|
|
_tcscpy(pszReturnLocalizedVersion, pszTheResult);
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
if(lpBuffer) {LocalFree(lpBuffer);lpBuffer=NULL;}
|
|
return ;
|
|
}
|
|
|
|
|
|
BOOL MyGetDescriptionFromFile(LPCTSTR lpszFilename, LPTSTR pszReturnDescription)
|
|
{
|
|
BOOL bRet = FALSE;
|
|
struct TRANSARRAY {
|
|
WORD wLanguageID;
|
|
WORD wCharacterSet;
|
|
};
|
|
unsigned uiSize;
|
|
DWORD dwVerInfoSize;
|
|
DWORD dwHandle;
|
|
VS_FIXEDFILEINFO * lpVSFixedFileInfo;
|
|
LPTSTR lpBuffer = NULL;
|
|
LPVOID lpTempBuffer = NULL;
|
|
|
|
LPTSTR pszTheResult = NULL;
|
|
TCHAR QueryString[52] = _T("");
|
|
TRANSARRAY *lpTransArray;
|
|
|
|
dwVerInfoSize = GetFileVersionInfoSize( (LPTSTR) lpszFilename, &dwHandle);
|
|
if (dwVerInfoSize)
|
|
{
|
|
// Alloc the memory for the version stamping
|
|
lpBuffer = (LPTSTR) LocalAlloc(LPTR, dwVerInfoSize);
|
|
if (lpBuffer)
|
|
{
|
|
int iTemp = 0;
|
|
iTemp = GetFileVersionInfo( (LPTSTR) lpszFilename, dwHandle, dwVerInfoSize, lpBuffer);
|
|
|
|
// Read version stamping info
|
|
if (iTemp)
|
|
{
|
|
// get a pointer to the translation table information
|
|
if (VerQueryValue(lpBuffer, _T("\\VarFileInfo\\Translation"), &lpTempBuffer, &uiSize) && (uiSize))
|
|
{
|
|
lpTransArray = (TRANSARRAY *) lpTempBuffer;
|
|
// lpTransArray points to the translation array. dwFixedLength has number of bytes in array
|
|
_stprintf(QueryString, _T("\\StringFileInfo\\%04x%04x\\FileDescription"), lpTransArray[0].wLanguageID, lpTransArray[0].wCharacterSet);
|
|
if (VerQueryValue(lpBuffer, QueryString, (LPVOID*) &pszTheResult, &uiSize))
|
|
{
|
|
_tcscpy(pszReturnDescription, pszTheResult);
|
|
bRet = TRUE;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
if(lpBuffer) {LocalFree(lpBuffer);lpBuffer=NULL;}
|
|
return bRet;
|
|
}
|
|
|
|
|
|
//
|
|
// Returns True if the filename has a version stamp which is part of ntop4.0
|
|
//
|
|
int IsFileLessThanThisVersion(IN LPCTSTR lpszFullFilePath, IN DWORD dwNtopMSVer, IN DWORD dwNtopLSVer)
|
|
{
|
|
int iReturn = FALSE;
|
|
DWORD dwMSVer, dwLSVer;
|
|
TCHAR szLocalizedVersion[100] = _T("");
|
|
|
|
// if the filename has a version number
|
|
// and it's larger than the release version of ntop 4.2.622.1, 4.02.0622 (localized version)
|
|
// return back true! if not, then return back false.
|
|
|
|
// see if the file exists
|
|
if (!IsFileExist(lpszFullFilePath))
|
|
{goto iFileWasPartOfIIS4_Exit;}
|
|
|
|
// get the fileinformation
|
|
// includes version and localizedversion
|
|
MyGetVersionFromFile(lpszFullFilePath, &dwMSVer, &dwLSVer, szLocalizedVersion);
|
|
if (!dwMSVer)
|
|
{
|
|
iisDebugOut((LOG_TYPE_TRACE, _T("iFileWasPartOfIIS4:%s.No version."), lpszFullFilePath));
|
|
goto iFileWasPartOfIIS4_Exit;
|
|
}
|
|
|
|
// okay, there is a version on this.
|
|
iisDebugOut((LOG_TYPE_TRACE, _T("iFileWasPartOfIIS4:%d.%d.%d.%d, %s, %s"), HIWORD(dwMSVer), LOWORD(dwMSVer), HIWORD(dwLSVer), LOWORD(dwLSVer), szLocalizedVersion, lpszFullFilePath));
|
|
|
|
// Check if the version is smaller than what was shipped with iis4.0
|
|
// NTOP versions were 4.02.0622
|
|
if (dwMSVer < dwNtopMSVer)
|
|
{goto iFileWasPartOfIIS4_Exit;}
|
|
|
|
// check if the file has a smaller minor version number
|
|
if ( (dwMSVer == dwNtopMSVer) && (dwLSVer < dwNtopLSVer) )
|
|
{goto iFileWasPartOfIIS4_Exit;}
|
|
|
|
// this is a ntop 4.0 or greater versioned file
|
|
iReturn = TRUE;
|
|
|
|
iFileWasPartOfIIS4_Exit:
|
|
return iReturn;
|
|
}
|
|
|
|
|
|
void MakeSureDirAclsHaveAtLeastRead(LPTSTR lpszDirectoryPath)
|
|
{
|
|
iisDebugOut_Start1(_T("MakeSureDirAclsHaveAtLeastRead"),lpszDirectoryPath, LOG_TYPE_TRACE);
|
|
|
|
DWORD err;
|
|
TCHAR szThePath[_MAX_PATH];
|
|
|
|
if (FALSE == IsThisDriveNTFS(lpszDirectoryPath))
|
|
{
|
|
iisDebugOut((LOG_TYPE_TRACE_WIN32_API, _T("MakeSureDirAclsHaveAtLeastRead:filesys is not ntfs.")));
|
|
goto MakeSureDirAclsHaveAtLeastRead_Exit;
|
|
}
|
|
|
|
do
|
|
{
|
|
//
|
|
// Loop through all the files in the physical path
|
|
//
|
|
_tcscpy(szThePath, lpszDirectoryPath);
|
|
_tcscat(szThePath, _T("\\*"));
|
|
|
|
WIN32_FIND_DATA w32data;
|
|
HANDLE hFind = ::FindFirstFile(szThePath, &w32data);
|
|
if (hFind == INVALID_HANDLE_VALUE)
|
|
{
|
|
iisDebugOut((LOG_TYPE_TRACE_WIN32_API, _T("MakeSureDirAclsHaveAtLeastRead:WARNING.filenotfound:%s"),lpszDirectoryPath));
|
|
// No files...
|
|
break;
|
|
}
|
|
//
|
|
// First, set the new ACL on the folder itself.
|
|
//
|
|
err = SetAccessOnFile(lpszDirectoryPath, TRUE);
|
|
err = SetAccessOnFile(lpszDirectoryPath, FALSE);
|
|
err = ERROR_SUCCESS;
|
|
//if (err != ERROR_SUCCESS){iisDebugOut((LOG_TYPE_WARN, _T("MakeSureDirAclsHaveAtLeastRead:%s:FAILED WARNING.ret=0x%x."),lpszDirectoryPath,err));}
|
|
//
|
|
// Now do all the files in it
|
|
//
|
|
do
|
|
{
|
|
//
|
|
// Only set the acl on files, not sub-directories
|
|
//
|
|
if (w32data.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY)
|
|
{
|
|
continue;
|
|
}
|
|
|
|
//
|
|
// Build the current file's full path name
|
|
//
|
|
_tcscpy(szThePath, lpszDirectoryPath);
|
|
_tcscat(szThePath, _T("\\"));
|
|
_tcscat(szThePath, w32data.cFileName);
|
|
|
|
err = SetAccessOnFile(szThePath, TRUE);
|
|
err = SetAccessOnFile(szThePath, FALSE);
|
|
err = ERROR_SUCCESS;
|
|
//if (err != ERROR_SUCCESS){iisDebugOut((LOG_TYPE_WARN, _T("MakeSureDirAclsHaveAtLeastRead:%s:FAILED WARNING.ret=0x%x."),szThePath,err));}
|
|
|
|
} while(SUCCEEDED(err) && FindNextFile(hFind, &w32data));
|
|
FindClose(hFind);
|
|
} while(FALSE);
|
|
|
|
MakeSureDirAclsHaveAtLeastRead_Exit:
|
|
return;
|
|
}
|
|
|
|
|
|
DWORD SetAccessOnFile(IN LPTSTR FileName, BOOL bDoForAdmin)
|
|
{
|
|
DWORD dwError = 0;
|
|
TCHAR TrusteeName[50];
|
|
PACL ExistingDacl = NULL;
|
|
PACL NewAcl = NULL;
|
|
PSECURITY_DESCRIPTOR psd = NULL;
|
|
|
|
// access stuff.
|
|
DWORD AccessMask = GENERIC_ALL;
|
|
EXPLICIT_ACCESS explicitaccess;
|
|
ACCESS_MODE option;
|
|
DWORD InheritFlag = NO_INHERITANCE;
|
|
|
|
// other
|
|
PSID principalSID = NULL;
|
|
BOOL bWellKnownSID = FALSE;
|
|
TRUSTEE myTrustee;
|
|
|
|
// other other
|
|
LPCTSTR ServerName = NULL; // local machine
|
|
DWORD cbName = 200;
|
|
TCHAR lpGuestGrpName[200];
|
|
TCHAR ReferencedDomainName[200];
|
|
DWORD cbReferencedDomainName = sizeof(ReferencedDomainName);
|
|
SID_NAME_USE sidNameUse = SidTypeUser;
|
|
|
|
// get current Dacl on specified file
|
|
dwError = GetNamedSecurityInfo(FileName,SE_FILE_OBJECT,DACL_SECURITY_INFORMATION,NULL,NULL,&ExistingDacl,NULL,&psd);
|
|
if(dwError != ERROR_SUCCESS)
|
|
{
|
|
iisDebugOut((LOG_TYPE_WARN, _T("SetAccessOnFile: GetNamedSecurityInfo failed on %s. err=0x%x\n"),FileName,dwError));
|
|
goto SetAccessOnFile_Exit;
|
|
}
|
|
// set defaults
|
|
option = GRANT_ACCESS;
|
|
InheritFlag = SUB_CONTAINERS_AND_OBJECTS_INHERIT;
|
|
|
|
if (bDoForAdmin)
|
|
{
|
|
// Do for Administrators -- should be more access
|
|
AccessMask = SYNCHRONIZE ;
|
|
AccessMask |= GENERIC_ALL;
|
|
_tcscpy(TrusteeName,_T("BUILTIN\\ADMINISTRATORS"));
|
|
_tcscpy(TrusteeName,_T("administrators"));
|
|
}
|
|
else
|
|
{
|
|
// Do for Administrators -- should be more access
|
|
AccessMask = SYNCHRONIZE ;
|
|
AccessMask |= GENERIC_READ;
|
|
_tcscpy(TrusteeName,_T("EVERYONE"));
|
|
}
|
|
|
|
// Get the SID for the certain string (administrator or everyone)
|
|
dwError = GetPrincipalSID(TrusteeName, &principalSID, &bWellKnownSID);
|
|
if (dwError != ERROR_SUCCESS)
|
|
{
|
|
iisDebugOut((LOG_TYPE_WARN, _T("SetAccessOnFile:GetPrincipalSID(%s) FAILED. Error()= 0x%x\n"), TrusteeName, dwError));
|
|
goto SetAccessOnFile_Exit;
|
|
}
|
|
|
|
// using Sid, get the "localized" name
|
|
if (0 == LookupAccountSid(ServerName, principalSID, lpGuestGrpName, &cbName, ReferencedDomainName, &cbReferencedDomainName, &sidNameUse))
|
|
{
|
|
iisDebugOut((LOG_TYPE_WARN, _T("SetAccessOnFile:LookupAccountSid(%s) FAILED. GetLastError()= 0x%x\n"), TrusteeName, GetLastError()));
|
|
goto SetAccessOnFile_Exit;
|
|
}
|
|
|
|
// using the "localized" name, build explicit access structure
|
|
BuildExplicitAccessWithName(&explicitaccess,lpGuestGrpName,AccessMask,option,InheritFlag);
|
|
explicitaccess.Trustee.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
|
|
explicitaccess.Trustee.TrusteeForm = TRUSTEE_IS_NAME;
|
|
explicitaccess.Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP;
|
|
|
|
// set the acl with this certain access stuff
|
|
dwError = SetEntriesInAcl(1,&explicitaccess,ExistingDacl,&NewAcl);
|
|
if(dwError != ERROR_SUCCESS)
|
|
{
|
|
// it may error because the user is already there
|
|
//iisDebugOut((LOG_TYPE_WARN, _T("SetAccessOnFile: SetEntriesInAcl failed on %s. for trustee=%s. err=0x%x\n"),FileName,explicitaccess.Trustee.ptstrName,dwError));
|
|
iisDebugOut((LOG_TYPE_TRACE_WIN32_API, _T("SetAccessOnFile: SetEntriesInAcl failed on %s. for trustee=%s. err=0x%x\n"),FileName,explicitaccess.Trustee.ptstrName,dwError));
|
|
goto SetAccessOnFile_Exit;
|
|
}
|
|
|
|
// apply new security to file
|
|
dwError = SetNamedSecurityInfo(FileName,SE_FILE_OBJECT,DACL_SECURITY_INFORMATION,NULL,NULL,NewAcl,NULL);
|
|
if(dwError != ERROR_SUCCESS)
|
|
{
|
|
iisDebugOut((LOG_TYPE_WARN, _T("SetAccessOnFile: SetNamedSecurityInfo failed on %s. err=0x%x\n"),FileName,dwError));
|
|
goto SetAccessOnFile_Exit;
|
|
}
|
|
|
|
// everything is kool!
|
|
dwError = ERROR_SUCCESS;
|
|
|
|
SetAccessOnFile_Exit:
|
|
if(NewAcl != NULL){LocalFree(NewAcl);}
|
|
if(psd != NULL){LocalFree(psd);}
|
|
if (principalSID)
|
|
{
|
|
if (bWellKnownSID)
|
|
FreeSid (principalSID);
|
|
else
|
|
free (principalSID);
|
|
}
|
|
return dwError;
|
|
}
|
|
|
|
|
|
int CreateAnEmptyFile(CString strTheFullPath)
|
|
{
|
|
int iReturn = FALSE;
|
|
HANDLE hFile = NULL;
|
|
|
|
if (IsFileExist(strTheFullPath) == TRUE)
|
|
{
|
|
return TRUE;
|
|
}
|
|
|
|
// Open existing file or create a new one.
|
|
hFile = CreateFile(strTheFullPath,GENERIC_READ | GENERIC_WRITE,FILE_SHARE_READ | FILE_SHARE_WRITE,NULL,OPEN_ALWAYS,FILE_ATTRIBUTE_NORMAL,NULL);
|
|
if (hFile == INVALID_HANDLE_VALUE)
|
|
{
|
|
hFile = NULL;
|
|
iisDebugOutSafeParams((LOG_TYPE_WARN, _T("CreateAnEmptyFile:() failed to CreateFile %1!s!. POTENTIAL PROBLEM. FAILURE.\n"), strTheFullPath));
|
|
}
|
|
else
|
|
{
|
|
// write to the file
|
|
if (hFile)
|
|
{
|
|
iReturn = TRUE;
|
|
/*
|
|
DWORD dwBytesWritten = 0;
|
|
char szTestData[2];
|
|
strcpy(szTestData, " ");
|
|
if (WriteFile(hFile,szTestData,strlen(szTestData),&dwBytesWritten,NULL))
|
|
{
|
|
// everything is hunky dory. don't print anything
|
|
iReturn = TRUE;
|
|
}
|
|
else
|
|
{
|
|
// error writing to the file.
|
|
iisDebugOutSafeParams((LOG_TYPE_WARN, _T("CreateAnEmptyFile:WriteFile(%1!s!) Failed. POTENTIAL PROBLEM. FAILURE. Error=0x%2!x!.\n"), strTheFullPath, GetLastError()));
|
|
}
|
|
*/
|
|
}
|
|
}
|
|
|
|
if (hFile)
|
|
{
|
|
CloseHandle(hFile);
|
|
}
|
|
|
|
return iReturn;
|
|
}
|
|
|
|
|
|
DWORD GrantUserAccessToFile(IN LPTSTR FileName,IN LPTSTR TrusteeName)
|
|
{
|
|
iisDebugOut_Start1(_T("GrantUserAccessToFile"),FileName,LOG_TYPE_TRACE);
|
|
|
|
DWORD dwError = 0;
|
|
PACL ExistingDacl = NULL;
|
|
PACL NewAcl = NULL;
|
|
PSECURITY_DESCRIPTOR psd = NULL;
|
|
|
|
// access stuff.
|
|
DWORD AccessMask = GENERIC_ALL;
|
|
EXPLICIT_ACCESS explicitaccess;
|
|
ACCESS_MODE option;
|
|
DWORD InheritFlag = NO_INHERITANCE;
|
|
|
|
// other
|
|
PSID principalSID = NULL;
|
|
BOOL bWellKnownSID = FALSE;
|
|
TRUSTEE myTrustee;
|
|
|
|
// other other
|
|
LPCTSTR ServerName = NULL; // local machine
|
|
DWORD cbName = 200;
|
|
TCHAR lpGuestGrpName[200];
|
|
TCHAR ReferencedDomainName[200];
|
|
DWORD cbReferencedDomainName = sizeof(ReferencedDomainName);
|
|
SID_NAME_USE sidNameUse = SidTypeUser;
|
|
|
|
if (IsFileExist(FileName) != TRUE)
|
|
{
|
|
iisDebugOut((LOG_TYPE_TRACE_WIN32_API, _T("GrantUserAccessToFile:file doesn't exist.")));
|
|
goto GrantUserAccessToFile_Exit;
|
|
}
|
|
|
|
if (FALSE == IsThisDriveNTFS(FileName))
|
|
{
|
|
iisDebugOut((LOG_TYPE_TRACE_WIN32_API, _T("GrantUserAccessToFile:filesys is not ntfs.")));
|
|
goto GrantUserAccessToFile_Exit;
|
|
}
|
|
|
|
// get current Dacl on specified file
|
|
dwError = GetNamedSecurityInfo(FileName,SE_FILE_OBJECT,DACL_SECURITY_INFORMATION,NULL,NULL,&ExistingDacl,NULL,&psd);
|
|
if(dwError != ERROR_SUCCESS)
|
|
{
|
|
psd = NULL;
|
|
iisDebugOut((LOG_TYPE_WARN, _T("GrantUserAccessToFile: GetNamedSecurityInfo failed on %s.\n"),FileName));
|
|
goto GrantUserAccessToFile_Exit;
|
|
}
|
|
// set defaults
|
|
option = GRANT_ACCESS;
|
|
InheritFlag = SUB_CONTAINERS_AND_OBJECTS_INHERIT;
|
|
|
|
// assign access
|
|
AccessMask = SYNCHRONIZE ;
|
|
AccessMask |= GENERIC_ALL;
|
|
//AccessMask = MAXIMUM_ALLOWED;
|
|
|
|
// Get the SID for the certain string (administrator or everyone)
|
|
dwError = GetPrincipalSID(TrusteeName, &principalSID, &bWellKnownSID);
|
|
if (dwError != ERROR_SUCCESS)
|
|
{
|
|
principalSID = NULL;
|
|
iisDebugOut((LOG_TYPE_WARN, _T("GrantUserAccessToFile:GetPrincipalSID(%s) FAILED. Error()= 0x%x\n"), TrusteeName, dwError));
|
|
goto GrantUserAccessToFile_Exit;
|
|
}
|
|
|
|
// using Sid, get the "localized" name
|
|
if (0 == LookupAccountSid(ServerName, principalSID, lpGuestGrpName, &cbName, ReferencedDomainName, &cbReferencedDomainName, &sidNameUse))
|
|
{
|
|
iisDebugOut((LOG_TYPE_WARN, _T("GrantUserAccessToFile:LookupAccountSid(%s) FAILED. GetLastError()= 0x%x\n"), TrusteeName, GetLastError()));
|
|
goto GrantUserAccessToFile_Exit;
|
|
}
|
|
|
|
// using the "localized" name, build explicit access structure
|
|
BuildExplicitAccessWithName(&explicitaccess,lpGuestGrpName,AccessMask,option,InheritFlag);
|
|
explicitaccess.Trustee.MultipleTrusteeOperation = NO_MULTIPLE_TRUSTEE;
|
|
explicitaccess.Trustee.TrusteeForm = TRUSTEE_IS_NAME;
|
|
explicitaccess.Trustee.TrusteeType = TRUSTEE_IS_UNKNOWN;
|
|
if (_tcsicmp(TrusteeName, _T("administrators")) == 0 || _tcsicmp(TrusteeName, _T("everyone")) == 0)
|
|
{
|
|
explicitaccess.Trustee.TrusteeType = TRUSTEE_IS_WELL_KNOWN_GROUP;
|
|
}
|
|
|
|
// set the acl with this certain access stuff
|
|
dwError = SetEntriesInAcl(1,&explicitaccess,ExistingDacl,&NewAcl);
|
|
if(dwError != ERROR_SUCCESS)
|
|
{
|
|
NewAcl = NULL;
|
|
// it may error because the user is already there
|
|
iisDebugOut((LOG_TYPE_TRACE_WIN32_API, _T("GrantUserAccessToFile: SetEntriesInAcl failed on %s. for trustee=%s. err=0x%x\n"),FileName,explicitaccess.Trustee.ptstrName,dwError));
|
|
goto GrantUserAccessToFile_Exit;
|
|
}
|
|
|
|
// apply new security to file
|
|
dwError = SetNamedSecurityInfo(FileName,SE_FILE_OBJECT,DACL_SECURITY_INFORMATION,NULL,NULL,NewAcl,NULL);
|
|
if(dwError != ERROR_SUCCESS)
|
|
{
|
|
iisDebugOut((LOG_TYPE_WARN, _T("GrantUserAccessToFile: SetNamedSecurityInfo failed on %s. err=0x%x\n"),FileName,dwError));
|
|
goto GrantUserAccessToFile_Exit;
|
|
}
|
|
|
|
// everything is kool!
|
|
dwError = ERROR_SUCCESS;
|
|
|
|
GrantUserAccessToFile_Exit:
|
|
if(NewAcl != NULL){LocalFree(NewAcl);}
|
|
if(psd != NULL){LocalFree(psd);}
|
|
if (principalSID)
|
|
{
|
|
if (bWellKnownSID)
|
|
FreeSid (principalSID);
|
|
else
|
|
free (principalSID);
|
|
}
|
|
iisDebugOut_End1(_T("GrantUserAccessToFile"),FileName);
|
|
return dwError;
|
|
}
|
|
|
|
|
|
#ifndef _CHICAGO_
|
|
|
|
DWORD SetDirectorySecurity(
|
|
IN LPCTSTR szDirPath,
|
|
IN LPCTSTR szPrincipal,
|
|
IN INT iAceType,
|
|
IN DWORD dwAccessMask,
|
|
IN DWORD dwInheritMask
|
|
)
|
|
{
|
|
DWORD dwStatus = ERROR_FILE_NOT_FOUND;
|
|
|
|
if (ACCESS_ALLOWED_ACE_TYPE == iAceType || ACCESS_DENIED_ACE_TYPE == iAceType)
|
|
{
|
|
if (IsFileExist(szDirPath) == TRUE)
|
|
{
|
|
PSID principalSID = NULL;
|
|
BOOL bWellKnownSID = FALSE;
|
|
dwStatus = GetPrincipalSID((LPTSTR) szPrincipal, &principalSID, &bWellKnownSID);
|
|
if (dwStatus == ERROR_SUCCESS)
|
|
{
|
|
PSECURITY_DESCRIPTOR psd = NULL;
|
|
dwStatus = SetAccessOnDirOrFile((TCHAR*) szDirPath,principalSID,iAceType,dwAccessMask,dwInheritMask,&psd);
|
|
|
|
//DumpAdminACL(INVALID_HANDLE_VALUE,psd);
|
|
if (psd) {free(psd);psd=NULL;}
|
|
}
|
|
}
|
|
}
|
|
return dwStatus;
|
|
}
|
|
|
|
// -------------------------------------------------------------------------------------
|
|
// Function: RemovePrincipalFromFileAcl
|
|
//
|
|
// Remove a Access Control Entry from an Access Control List for a file/directory for a
|
|
// particular SID
|
|
//
|
|
// -------------------------------------------------------------------------------------
|
|
DWORD RemovePrincipalFromFileAcl(IN TCHAR *pszFile,IN LPTSTR szPrincipal)
|
|
{
|
|
PACL pdacl;
|
|
SECURITY_DESCRIPTOR_CONTROL sdc;
|
|
PSECURITY_DESCRIPTOR psdRelative = NULL;
|
|
PSECURITY_DESCRIPTOR psdAbsolute = NULL;
|
|
DWORD cbSize = 0;
|
|
BOOL bRes = 0;
|
|
DWORD dwSecurityDescriptorRevision;
|
|
BOOL fHasDacl = FALSE;
|
|
BOOL fDaclDefaulted = FALSE;
|
|
BOOL bUserExistsToBeDeleted;
|
|
DWORD dwError = ERROR_SUCCESS;
|
|
|
|
// get the size of the security descriptor
|
|
if ( !(bRes = GetFileSecurity(pszFile,DACL_SECURITY_INFORMATION,psdRelative,0,&cbSize)) )
|
|
{
|
|
if (GetLastError() == ERROR_INSUFFICIENT_BUFFER)
|
|
{
|
|
psdRelative = malloc(cbSize);
|
|
|
|
if (!psdRelative)
|
|
{
|
|
return ERROR_INSUFFICIENT_BUFFER;
|
|
}
|
|
|
|
bRes = GetFileSecurity(pszFile,DACL_SECURITY_INFORMATION,psdRelative,cbSize,&cbSize);
|
|
}
|
|
}
|
|
|
|
if (!bRes)
|
|
{
|
|
if (psdRelative)
|
|
{
|
|
free(psdRelative);
|
|
}
|
|
return (GetLastError());
|
|
}
|
|
|
|
// get security descriptor control from the security descriptor
|
|
if (!GetSecurityDescriptorControl(psdRelative, (PSECURITY_DESCRIPTOR_CONTROL) &sdc,(LPDWORD) &dwSecurityDescriptorRevision))
|
|
{
|
|
dwError = GetLastError();
|
|
}
|
|
else if (SE_DACL_PRESENT & sdc)
|
|
{
|
|
// Acl's are present, so we will attempt to remove the one passes in.
|
|
if (GetSecurityDescriptorDacl(psdRelative, (LPBOOL) &fHasDacl,(PACL *) &pdacl, (LPBOOL) &fDaclDefaulted))
|
|
{
|
|
// Remove ACE from Acl
|
|
dwError = RemovePrincipalFromACL(pdacl,szPrincipal,&bUserExistsToBeDeleted);
|
|
|
|
if (dwError == ERROR_SUCCESS)
|
|
{
|
|
psdAbsolute = (PSECURITY_DESCRIPTOR) malloc(GetSecurityDescriptorLength(psdRelative));
|
|
|
|
if (psdAbsolute)
|
|
{
|
|
if ( !(InitializeSecurityDescriptor(psdAbsolute, SECURITY_DESCRIPTOR_REVISION)) ||
|
|
!(SetSecurityDescriptorDacl(psdAbsolute, TRUE, pdacl, fDaclDefaulted)) ||
|
|
!(IsValidSecurityDescriptor(psdAbsolute)) ||
|
|
!(SetFileSecurity(pszFile,(SECURITY_INFORMATION)(DACL_SECURITY_INFORMATION),psdAbsolute))
|
|
)
|
|
{
|
|
dwError = GetLastError();
|
|
}
|
|
|
|
if (psdAbsolute)
|
|
{
|
|
free(psdAbsolute);
|
|
}
|
|
}
|
|
else
|
|
{
|
|
dwError = ERROR_INSUFFICIENT_BUFFER;
|
|
}
|
|
}
|
|
}
|
|
else
|
|
{
|
|
dwError = GetLastError();
|
|
}
|
|
}
|
|
|
|
if (psdRelative)
|
|
{
|
|
free(psdRelative);
|
|
}
|
|
|
|
return dwError;
|
|
}
|
|
|
|
DWORD SetAccessOnDirOrFile(IN TCHAR *pszFile,PSID psidGroup,INT iAceType,DWORD dwAccessMask,DWORD dwInheritMask,PSECURITY_DESCRIPTOR* ppsd)
|
|
{
|
|
PSECURITY_DESCRIPTOR psdAbsolute = NULL;
|
|
PACL pdacl;
|
|
DWORD cbSecurityDescriptor = 0;
|
|
DWORD dwSecurityDescriptorRevision;
|
|
DWORD cbDacl = 0;
|
|
SECURITY_DESCRIPTOR_CONTROL sdc;
|
|
PACL pdaclNew = NULL;
|
|
DWORD cbAddDaclLength = 0;
|
|
BOOL fAceFound = FALSE;
|
|
BOOL fHasDacl = FALSE;
|
|
BOOL fDaclDefaulted = FALSE;
|
|
ACCESS_ALLOWED_ACE* pAce;
|
|
DWORD i;
|
|
BOOL fAceForGroupPresent = FALSE;
|
|
DWORD dwMask;
|
|
PSECURITY_DESCRIPTOR psdRelative = NULL;
|
|
DWORD cbSize = 0;
|
|
BOOL bRes = 0;
|
|
|
|
// get the size of the security descriptor
|
|
bRes = GetFileSecurity(pszFile,DACL_SECURITY_INFORMATION,psdRelative,0,&cbSize);
|
|
DWORD dwError = GetLastError();
|
|
if (ERROR_INSUFFICIENT_BUFFER == dwError)
|
|
{
|
|
psdRelative = malloc(cbSize);
|
|
if (!psdRelative)
|
|
{
|
|
return ERROR_INSUFFICIENT_BUFFER;
|
|
}
|
|
|
|
bRes = GetFileSecurity(pszFile,DACL_SECURITY_INFORMATION,psdRelative,cbSize,&cbSize);
|
|
}
|
|
|
|
if (!bRes)
|
|
{
|
|
if (psdRelative){free(psdRelative);}
|
|
return (GetLastError());
|
|
}
|
|
|
|
// get security descriptor control from the security descriptor
|
|
if (!GetSecurityDescriptorControl(psdRelative, (PSECURITY_DESCRIPTOR_CONTROL) &sdc,(LPDWORD) &dwSecurityDescriptorRevision))
|
|
{
|
|
return (GetLastError());
|
|
}
|
|
|
|
// check if DACL is present
|
|
if (SE_DACL_PRESENT & sdc)
|
|
{
|
|
ACE_HEADER *pAceHeader;
|
|
|
|
// get dacl
|
|
if (!GetSecurityDescriptorDacl(psdRelative, (LPBOOL) &fHasDacl,(PACL *) &pdacl, (LPBOOL) &fDaclDefaulted))
|
|
{
|
|
return ( GetLastError());
|
|
}
|
|
|
|
// check if pdacl is null
|
|
// if it is then security is wide open -- this could be a fat drive.
|
|
if (NULL == pdacl)
|
|
{
|
|
return ERROR_SUCCESS;
|
|
}
|
|
|
|
// get dacl length
|
|
cbDacl = pdacl->AclSize;
|
|
// now check if SID's ACE is there
|
|
for (i = 0; i < pdacl->AceCount; i++)
|
|
{
|
|
if (!GetAce(pdacl, i, (LPVOID *) &pAce))
|
|
{
|
|
return ( GetLastError());
|
|
}
|
|
|
|
pAceHeader = (ACE_HEADER *)pAce;
|
|
|
|
// check if group sid is already there
|
|
if (EqualSid((PSID) &(pAce->SidStart), psidGroup))
|
|
{
|
|
if (ACCESS_DENIED_ACE_TYPE == iAceType)
|
|
{
|
|
if (pAceHeader->AceType == ACCESS_DENIED_ACE_TYPE)
|
|
{
|
|
// If the correct access is present, return success
|
|
if ((pAce->Mask & dwAccessMask) == dwAccessMask)
|
|
{
|
|
return ERROR_SUCCESS;
|
|
}
|
|
fAceForGroupPresent = TRUE;
|
|
break;
|
|
}
|
|
}
|
|
else
|
|
{
|
|
if (pAceHeader->AceType == ACCESS_ALLOWED_ACE_TYPE)
|
|
{
|
|
// If the correct access is present, return success
|
|
if ((pAce->Mask & dwAccessMask) == dwAccessMask)
|
|
{
|
|
return ERROR_SUCCESS;
|
|
}
|
|
fAceForGroupPresent = TRUE;
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
// if the group did not exist, we will need to add room
|
|
// for another ACE
|
|
if (!fAceForGroupPresent)
|
|
{
|
|
// get length of new DACL
|
|
cbAddDaclLength = sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD) + GetLengthSid(psidGroup);
|
|
}
|
|
}
|
|
else
|
|
{
|
|
// get length of new DACL
|
|
cbAddDaclLength = sizeof(ACL) + sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD) + GetLengthSid (psidGroup);
|
|
}
|
|
|
|
|
|
// get memory needed for new DACL
|
|
pdaclNew = (PACL) malloc (cbDacl + cbAddDaclLength);
|
|
if (!pdaclNew)
|
|
{
|
|
return (GetLastError());
|
|
}
|
|
|
|
// get the sd length
|
|
cbSecurityDescriptor = GetSecurityDescriptorLength(psdRelative);
|
|
|
|
// get memory for new SD
|
|
psdAbsolute = (PSECURITY_DESCRIPTOR) malloc(cbSecurityDescriptor + cbAddDaclLength);
|
|
if (!psdAbsolute)
|
|
{
|
|
dwError = GetLastError();
|
|
goto ErrorExit;
|
|
}
|
|
|
|
// change self-relative SD to absolute by making new SD
|
|
if (!InitializeSecurityDescriptor(psdAbsolute, SECURITY_DESCRIPTOR_REVISION))
|
|
{
|
|
dwError = GetLastError();
|
|
goto ErrorExit;
|
|
}
|
|
|
|
// init new DACL
|
|
if (!InitializeAcl(pdaclNew, cbDacl + cbAddDaclLength, ACL_REVISION))
|
|
{
|
|
dwError = GetLastError();
|
|
goto ErrorExit;
|
|
}
|
|
|
|
// Add a new ACE for our SID if one was not already present
|
|
if ( (!fAceForGroupPresent) && (ACCESS_DENIED_ACE_TYPE == iAceType) )
|
|
{
|
|
if (!AddAccessDeniedAce(pdaclNew, ACL_REVISION, dwAccessMask,psidGroup))
|
|
{
|
|
dwError = GetLastError();
|
|
goto ErrorExit;
|
|
}
|
|
}
|
|
|
|
// now add in all of the ACEs into the new DACL (if org DACL is there)
|
|
if (SE_DACL_PRESENT & sdc)
|
|
{
|
|
ACE_HEADER *pAceHeader;
|
|
|
|
for (i = 0; i < pdacl->AceCount; i++)
|
|
{
|
|
// get ace from original dacl
|
|
if (!GetAce(pdacl, i, (LPVOID*) &pAce))
|
|
{
|
|
dwError = GetLastError();
|
|
goto ErrorExit;
|
|
}
|
|
|
|
pAceHeader = (ACE_HEADER *)pAce;
|
|
|
|
if (pAceHeader->AceType == ACCESS_ALLOWED_ACE_TYPE)
|
|
{
|
|
dwMask = pAce->Mask;
|
|
if (ACCESS_ALLOWED_ACE_TYPE == iAceType)
|
|
{
|
|
// If an ACE for our SID exists, we just need to bump
|
|
// up the access level instead of creating a new ACE
|
|
if (EqualSid((PSID) &(pAce->SidStart), psidGroup))
|
|
{
|
|
dwMask = dwAccessMask | pAce->Mask;
|
|
}
|
|
}
|
|
if (!AddAccessAllowedAceEx(pdaclNew, ACL_REVISION, pAce->Header.AceFlags,dwMask,(PSID) &(pAce->SidStart)))
|
|
{
|
|
dwError = GetLastError();
|
|
goto ErrorExit;
|
|
}
|
|
}
|
|
else if (pAceHeader->AceType == ACCESS_DENIED_ACE_TYPE)
|
|
{
|
|
dwMask = pAce->Mask;
|
|
if (ACCESS_DENIED_ACE_TYPE == iAceType)
|
|
{
|
|
// If an ACE for our SID exists, we just need to bump
|
|
// up the access level instead of creating a new ACE
|
|
if (EqualSid((PSID) &(pAce->SidStart), psidGroup))
|
|
{
|
|
dwMask = dwAccessMask | pAce->Mask;
|
|
}
|
|
}
|
|
if (!AddAccessDeniedAceEx(pdaclNew, ACL_REVISION, pAce->Header.AceFlags,dwMask,(PSID) &(pAce->SidStart)))
|
|
{
|
|
dwError = GetLastError();
|
|
goto ErrorExit;
|
|
}
|
|
}
|
|
else
|
|
{
|
|
// copy denied or audit ace.
|
|
if (!AddAce(pdaclNew, ACL_REVISION, 0xFFFFFFFF,pAce, pAceHeader->AceSize ))
|
|
{
|
|
dwError = GetLastError();
|
|
goto ErrorExit;
|
|
}
|
|
}
|
|
|
|
//iisDebugOut((LOG_TYPE_TRACE, _T("OrgAce[%d]=0x%x\n"),i,pAce->Header.AceFlags));
|
|
}
|
|
}
|
|
|
|
// Add a new ACE for our SID if one was not already present
|
|
if ( (!fAceForGroupPresent) && (ACCESS_ALLOWED_ACE_TYPE == iAceType) )
|
|
{
|
|
if (!AddAccessAllowedAce(pdaclNew, ACL_REVISION, dwAccessMask,psidGroup))
|
|
{
|
|
dwError = GetLastError();
|
|
goto ErrorExit;
|
|
}
|
|
}
|
|
|
|
// change the header on an existing ace to have inherit
|
|
for (i = 0; i < pdaclNew->AceCount; i++)
|
|
{
|
|
if (!GetAce(pdaclNew, i, (LPVOID *) &pAce))
|
|
{
|
|
return ( GetLastError());
|
|
}
|
|
|
|
// CONTAINER_INHERIT_ACE = Other containers that are contained by the primary object inherit the entry.
|
|
// INHERIT_ONLY_ACE = The ACE does not apply to the primary object to which the ACL is attached, but objects contained by the primary object inherit the entry.
|
|
// NO_PROPAGATE_INHERIT_ACE = The OBJECT_INHERIT_ACE and CONTAINER_INHERIT_ACE flags are not propagated to an inherited entry.
|
|
// OBJECT_INHERIT_ACE = Noncontainer objects contained by the primary object inherit the entry.
|
|
// SUB_CONTAINERS_ONLY_INHERIT = Other containers that are contained by the primary object inherit the entry. This flag corresponds to the CONTAINER_INHERIT_ACE flag.
|
|
// SUB_OBJECTS_ONLY_INHERIT = Noncontainer objects contained by the primary object inherit the entry. This flag corresponds to the OBJECT_INHERIT_ACE flag.
|
|
// SUB_CONTAINERS_AND_OBJECTS_INHERIT = Both containers and noncontainer objects that are contained by the primary object inherit the entry. This flag corresponds to the combination of the CONTAINER_INHERIT_ACE and OBJECT_INHERIT_ACE flags.
|
|
|
|
//iisDebugOut((LOG_TYPE_TRACE, _T("NewAce[%d]=0x%x\n"),i,pAce->Header.AceFlags));
|
|
|
|
// if it's our SID, then change the header to be inherited
|
|
if (EqualSid((PSID) &(pAce->SidStart), psidGroup))
|
|
{
|
|
pAce->Header.AceFlags |= dwInheritMask;
|
|
}
|
|
}
|
|
|
|
|
|
// check if everything went ok
|
|
if (!IsValidAcl(pdaclNew))
|
|
{
|
|
dwError = ERROR_INVALID_ACL;
|
|
goto ErrorExit;
|
|
}
|
|
|
|
// now set security descriptor DACL
|
|
if (!SetSecurityDescriptorDacl(psdAbsolute, TRUE, pdaclNew, fDaclDefaulted))
|
|
{
|
|
dwError = GetLastError();
|
|
goto ErrorExit;
|
|
}
|
|
|
|
// check if everything went ok
|
|
if (!IsValidSecurityDescriptor(psdAbsolute))
|
|
{
|
|
dwError = ERROR_INVALID_SECURITY_DESCR;
|
|
goto ErrorExit;
|
|
}
|
|
|
|
// now set the reg key security (this will overwrite any existing security)
|
|
bRes = SetFileSecurity(pszFile,(SECURITY_INFORMATION)(DACL_SECURITY_INFORMATION),psdAbsolute);
|
|
if (bRes)
|
|
{
|
|
dwError = ERROR_SUCCESS;
|
|
}
|
|
|
|
if (ppsd)
|
|
{
|
|
*ppsd = psdRelative;
|
|
}
|
|
|
|
ErrorExit:
|
|
// free memory
|
|
if (psdAbsolute)
|
|
{
|
|
free (psdAbsolute);
|
|
if (pdaclNew)
|
|
{
|
|
free((VOID*) pdaclNew);
|
|
}
|
|
}
|
|
|
|
return dwError;
|
|
}
|
|
|
|
//+--------------------------------------------------------------------------
|
|
//
|
|
// Function: SetAccessOnRegKey
|
|
//
|
|
// Purpose: Adds access for a specified SID to a registry key
|
|
//
|
|
// Arguments:
|
|
// hkey [in] The registry key that will receive the
|
|
// modified security descriptor
|
|
// psidGroup [in] The SID (in self-relative mode) that will be
|
|
// granted access to the key
|
|
// dwAccessMask [in] The access level to grant
|
|
// ppsd [out] The previous security descriptor
|
|
//
|
|
// Returns: DWORD. ERROR_SUCCESS or a failure code from winerror.h
|
|
//
|
|
//+--------------------------------------------------------------------------
|
|
DWORD
|
|
SetAccessOnRegKey(HKEY hkey, PSID psidGroup,
|
|
DWORD dwAccessMask,
|
|
DWORD dwInheritMask,
|
|
PSECURITY_DESCRIPTOR* ppsd)
|
|
{
|
|
PSECURITY_DESCRIPTOR psdAbsolute = NULL;
|
|
PACL pdacl;
|
|
DWORD cbSecurityDescriptor = 0;
|
|
DWORD dwSecurityDescriptorRevision;
|
|
DWORD cbDacl = 0;
|
|
SECURITY_DESCRIPTOR_CONTROL sdc;
|
|
PACL pdaclNew = NULL;
|
|
DWORD cbAddDaclLength = 0;
|
|
BOOL fAceFound = FALSE;
|
|
BOOL fHasDacl = FALSE;
|
|
BOOL fDaclDefaulted = FALSE;
|
|
ACCESS_ALLOWED_ACE* pAce;
|
|
DWORD i;
|
|
BOOL fAceForGroupPresent = FALSE;
|
|
DWORD dwMask;
|
|
PSECURITY_DESCRIPTOR psdRelative = NULL;
|
|
DWORD cbSize = 0;
|
|
|
|
// Get the current security descriptor for hkey
|
|
//
|
|
DWORD dwError = RegGetKeySecurity(hkey, DACL_SECURITY_INFORMATION, psdRelative, &cbSize);
|
|
|
|
if (ERROR_INSUFFICIENT_BUFFER == dwError)
|
|
{
|
|
psdRelative = malloc(cbSize);
|
|
if (!psdRelative)
|
|
{
|
|
return ERROR_INSUFFICIENT_BUFFER;
|
|
}
|
|
|
|
dwError = RegGetKeySecurity(hkey, DACL_SECURITY_INFORMATION, psdRelative, &cbSize);
|
|
}
|
|
|
|
// get security descriptor control from the security descriptor
|
|
if ( (!psdRelative) ||
|
|
(dwError != ERROR_SUCCESS) ||
|
|
(!GetSecurityDescriptorControl(psdRelative, (PSECURITY_DESCRIPTOR_CONTROL) &sdc,(LPDWORD) &dwSecurityDescriptorRevision))
|
|
)
|
|
{
|
|
return (GetLastError());
|
|
}
|
|
|
|
// check if DACL is present
|
|
if (SE_DACL_PRESENT & sdc)
|
|
{
|
|
ACE_HEADER *pAceHeader;
|
|
|
|
// get dacl
|
|
if (!GetSecurityDescriptorDacl(psdRelative, (LPBOOL) &fHasDacl,(PACL *) &pdacl, (LPBOOL) &fDaclDefaulted))
|
|
{
|
|
return ( GetLastError());
|
|
}
|
|
|
|
// check if pdacl is null
|
|
// if it is then security is wide open -- this could be a fat drive.
|
|
if (NULL == pdacl)
|
|
{
|
|
return ERROR_SUCCESS;
|
|
}
|
|
|
|
// get dacl length
|
|
cbDacl = pdacl->AclSize;
|
|
// now check if SID's ACE is there
|
|
for (i = 0; i < pdacl->AceCount; i++)
|
|
{
|
|
if (!GetAce(pdacl, i, (LPVOID *) &pAce))
|
|
{
|
|
return ( GetLastError());
|
|
}
|
|
|
|
pAceHeader = (ACE_HEADER *)pAce;
|
|
if (pAceHeader->AceType == ACCESS_ALLOWED_ACE_TYPE)
|
|
{
|
|
// check if group sid is already there
|
|
if (EqualSid((PSID) &(pAce->SidStart), psidGroup))
|
|
{
|
|
// If the correct access is present, return success
|
|
if ((pAce->Mask & dwAccessMask) == dwAccessMask)
|
|
{
|
|
return ERROR_SUCCESS;
|
|
}
|
|
fAceForGroupPresent = TRUE;
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
// if the group did not exist, we will need to add room
|
|
// for another ACE
|
|
if (!fAceForGroupPresent)
|
|
{
|
|
// get length of new DACL
|
|
cbAddDaclLength = sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD) + GetLengthSid(psidGroup);
|
|
}
|
|
}
|
|
else
|
|
{
|
|
// get length of new DACL
|
|
cbAddDaclLength = sizeof(ACL) + sizeof(ACCESS_ALLOWED_ACE) - sizeof(DWORD) + GetLengthSid (psidGroup);
|
|
}
|
|
|
|
|
|
// get memory needed for new DACL
|
|
pdaclNew = (PACL) malloc (cbDacl + cbAddDaclLength);
|
|
if (!pdaclNew)
|
|
{
|
|
return (GetLastError());
|
|
}
|
|
|
|
// get the sd length
|
|
cbSecurityDescriptor = GetSecurityDescriptorLength(psdRelative);
|
|
|
|
// get memory for new SD
|
|
psdAbsolute = (PSECURITY_DESCRIPTOR) malloc(cbSecurityDescriptor + cbAddDaclLength);
|
|
if (!psdAbsolute)
|
|
{
|
|
dwError = GetLastError();
|
|
goto ErrorExit;
|
|
}
|
|
|
|
// change self-relative SD to absolute by making new SD
|
|
if (!InitializeSecurityDescriptor(psdAbsolute, SECURITY_DESCRIPTOR_REVISION))
|
|
{
|
|
dwError = GetLastError();
|
|
goto ErrorExit;
|
|
}
|
|
|
|
// init new DACL
|
|
if (!InitializeAcl(pdaclNew, cbDacl + cbAddDaclLength, ACL_REVISION))
|
|
{
|
|
dwError = GetLastError();
|
|
goto ErrorExit;
|
|
}
|
|
|
|
// now add in all of the ACEs into the new DACL (if org DACL is there)
|
|
if (SE_DACL_PRESENT & sdc)
|
|
{
|
|
ACE_HEADER *pAceHeader;
|
|
|
|
for (i = 0; i < pdacl->AceCount; i++)
|
|
{
|
|
// get ace from original dacl
|
|
if (!GetAce(pdacl, i, (LPVOID*) &pAce))
|
|
{
|
|
dwError = GetLastError();
|
|
goto ErrorExit;
|
|
}
|
|
|
|
pAceHeader = (ACE_HEADER *)pAce;
|
|
if (pAceHeader->AceType == ACCESS_ALLOWED_ACE_TYPE)
|
|
{
|
|
// If an ACE for our SID exists, we just need to bump
|
|
// up the access level instead of creating a new ACE
|
|
//
|
|
if (EqualSid((PSID) &(pAce->SidStart), psidGroup))
|
|
{
|
|
dwMask = dwAccessMask | pAce->Mask;
|
|
}
|
|
else
|
|
{
|
|
dwMask = pAce->Mask;
|
|
}
|
|
|
|
//iisDebugOut((LOG_TYPE_TRACE, _T("OrgAce[%d]=0x%x\n"),i,pAce->Header.AceFlags));
|
|
|
|
// now add ace to new dacl
|
|
if (!AddAccessAllowedAceEx(pdaclNew, ACL_REVISION, pAce->Header.AceFlags,dwMask,(PSID) &(pAce->SidStart)))
|
|
{
|
|
dwError = GetLastError();
|
|
goto ErrorExit;
|
|
}
|
|
}
|
|
else
|
|
{
|
|
// copy denied or audit ace.
|
|
if (!AddAce(pdaclNew, ACL_REVISION, 0xFFFFFFFF, pAce, pAceHeader->AceSize ))
|
|
{
|
|
dwError = GetLastError();
|
|
goto ErrorExit;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
// Add a new ACE for our SID if one was not already present
|
|
if (!fAceForGroupPresent)
|
|
{
|
|
// now add new ACE to new DACL
|
|
if (!AddAccessAllowedAce(pdaclNew, ACL_REVISION, dwAccessMask,psidGroup))
|
|
{
|
|
dwError = GetLastError();
|
|
goto ErrorExit;
|
|
}
|
|
}
|
|
|
|
// change the header on an existing ace to have inherit
|
|
for (i = 0; i < pdaclNew->AceCount; i++)
|
|
{
|
|
if (!GetAce(pdaclNew, i, (LPVOID *) &pAce))
|
|
{
|
|
return ( GetLastError());
|
|
}
|
|
// CONTAINER_INHERIT_ACE = Other containers that are contained by the primary object inherit the entry.
|
|
// INHERIT_ONLY_ACE = The ACE does not apply to the primary object to which the ACL is attached, but objects contained by the primary object inherit the entry.
|
|
// NO_PROPAGATE_INHERIT_ACE = The OBJECT_INHERIT_ACE and CONTAINER_INHERIT_ACE flags are not propagated to an inherited entry.
|
|
// OBJECT_INHERIT_ACE = Noncontainer objects contained by the primary object inherit the entry.
|
|
// SUB_CONTAINERS_ONLY_INHERIT = Other containers that are contained by the primary object inherit the entry. This flag corresponds to the CONTAINER_INHERIT_ACE flag.
|
|
// SUB_OBJECTS_ONLY_INHERIT = Noncontainer objects contained by the primary object inherit the entry. This flag corresponds to the OBJECT_INHERIT_ACE flag.
|
|
// SUB_CONTAINERS_AND_OBJECTS_INHERIT = Both containers and noncontainer objects that are contained by the primary object inherit the entry. This flag corresponds to the combination of the CONTAINER_INHERIT_ACE and OBJECT_INHERIT_ACE flags.
|
|
|
|
//iisDebugOut((LOG_TYPE_TRACE, _T("NewAce[%d]=0x%x\n"),i,pAce->Header.AceFlags));
|
|
|
|
// if it's our SID, then change the header to be inherited
|
|
if (EqualSid((PSID) &(pAce->SidStart), psidGroup))
|
|
{
|
|
//pAce->Header.AceFlags |= CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE | INHERITED_ACE;
|
|
//pAce->Header.AceFlags |= CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE | dwInheritMask;
|
|
pAce->Header.AceFlags |= dwInheritMask;
|
|
}
|
|
}
|
|
|
|
|
|
// check if everything went ok
|
|
if (!IsValidAcl(pdaclNew))
|
|
{
|
|
dwError = ERROR_INVALID_ACL;
|
|
goto ErrorExit;
|
|
}
|
|
|
|
// now set security descriptor DACL
|
|
if (!SetSecurityDescriptorDacl(psdAbsolute, TRUE, pdaclNew, fDaclDefaulted))
|
|
{
|
|
dwError = GetLastError();
|
|
goto ErrorExit;
|
|
}
|
|
|
|
// check if everything went ok
|
|
if (!IsValidSecurityDescriptor(psdAbsolute))
|
|
{
|
|
dwError = ERROR_INVALID_SECURITY_DESCR;
|
|
goto ErrorExit;
|
|
}
|
|
|
|
// now set the reg key security (this will overwrite any
|
|
// existing security)
|
|
dwError = RegSetKeySecurity(hkey, (SECURITY_INFORMATION)(DACL_SECURITY_INFORMATION), psdAbsolute);
|
|
|
|
if (ppsd)
|
|
{
|
|
*ppsd = psdRelative;
|
|
}
|
|
ErrorExit:
|
|
// free memory
|
|
if (psdAbsolute)
|
|
{
|
|
free (psdAbsolute);
|
|
if (pdaclNew)
|
|
{
|
|
free((VOID*) pdaclNew);
|
|
}
|
|
}
|
|
|
|
return dwError;
|
|
}
|
|
|
|
|
|
|
|
BOOL
|
|
AddUserAccessToSD(
|
|
IN PSECURITY_DESCRIPTOR pSd,
|
|
IN PSID pSid,
|
|
IN DWORD NewAccess,
|
|
IN UCHAR TheAceType,
|
|
OUT PSECURITY_DESCRIPTOR *ppSdNew
|
|
)
|
|
{
|
|
ULONG i;
|
|
BOOL bReturn = FALSE;
|
|
BOOL Result;
|
|
BOOL DaclPresent;
|
|
BOOL DaclDefaulted;
|
|
DWORD Length;
|
|
DWORD NewAclLength;
|
|
ACCESS_ALLOWED_ACE* OldAce;
|
|
PACE_HEADER NewAce;
|
|
ACL_SIZE_INFORMATION AclInfo;
|
|
PACL Dacl = NULL;
|
|
PACL NewDacl = NULL;
|
|
PACL NewAceDacl = NULL;
|
|
PSECURITY_DESCRIPTOR NewSD = NULL;
|
|
PSECURITY_DESCRIPTOR OldSD = NULL;
|
|
PSECURITY_DESCRIPTOR outpSD = NULL;
|
|
DWORD cboutpSD = 0;
|
|
BOOL fAceForGroupPresent = FALSE;
|
|
DWORD dwMask;
|
|
|
|
OldSD = pSd;
|
|
|
|
iisDebugOut((LOG_TYPE_TRACE_WIN32_API, _T("AddUserAccessToSD start\n")));
|
|
|
|
// only do if the ace is allowed/denied
|
|
if (ACCESS_ALLOWED_ACE_TYPE != TheAceType && ACCESS_DENIED_ACE_TYPE != TheAceType)
|
|
{
|
|
iisDebugOut((LOG_TYPE_TRACE, _T("AddUserAccessToSD useless param\n")));
|
|
goto AddUserAccessToSD_Exit;
|
|
}
|
|
|
|
// Convert SecurityDescriptor to absolute format. It generates
|
|
// a new SecurityDescriptor for its output which we must free.
|
|
if ( !MakeAbsoluteCopyFromRelative(OldSD, &NewSD) )
|
|
{
|
|
iisDebugOut((LOG_TYPE_ERROR, _T("MakeAbsoluteCopyFromRelative failed\n")));
|
|
goto AddUserAccessToSD_Exit;
|
|
|
|
}
|
|
|
|
// Must get DACL pointer from new (absolute) SD
|
|
if(!GetSecurityDescriptorDacl(NewSD,&DaclPresent,&Dacl,&DaclDefaulted))
|
|
{
|
|
iisDebugOut((LOG_TYPE_ERROR, _T("GetSecurityDescriptorDacl failed with 0x%x\n"),GetLastError()));
|
|
goto AddUserAccessToSD_Exit;
|
|
|
|
}
|
|
|
|
// If no DACL, no need to add the user since no DACL
|
|
// means all accesss
|
|
if( !DaclPresent )
|
|
{
|
|
bReturn = TRUE;
|
|
goto AddUserAccessToSD_Exit;
|
|
}
|
|
|
|
// Code can return DaclPresent, but a NULL which means
|
|
// a NULL Dacl is present. This allows all access to the object.
|
|
if( Dacl == NULL )
|
|
{
|
|
bReturn = TRUE;
|
|
goto AddUserAccessToSD_Exit;
|
|
}
|
|
|
|
// Get the current ACL's size
|
|
if( !GetAclInformation(Dacl,&AclInfo,sizeof(AclInfo),AclSizeInformation) )
|
|
{
|
|
iisDebugOut((LOG_TYPE_ERROR, _T("GetAclInformation failed with 0x%x\n"),GetLastError()));
|
|
goto AddUserAccessToSD_Exit;
|
|
}
|
|
|
|
// Check if access is already there
|
|
// --------------------------------
|
|
// Check to see if this SID already exists in there
|
|
// if it does (and it has the right access we want) then forget it, we don't have to do anything more.
|
|
for (i = 0; i < AclInfo.AceCount; i++)
|
|
{
|
|
ACE_HEADER *pAceHeader;
|
|
ACCESS_ALLOWED_ACE* pAce = NULL;
|
|
|
|
if (!GetAce(Dacl, i, (LPVOID *) &pAce))
|
|
{
|
|
iisDebugOut((LOG_TYPE_ERROR, _T("GetAce failed with 0x%x\n"),GetLastError()));
|
|
goto AddUserAccessToSD_Exit;
|
|
}
|
|
|
|
pAceHeader = (ACE_HEADER *)pAce;
|
|
|
|
// check if group sid is already there
|
|
if (EqualSid((PSID) &(pAce->SidStart), pSid))
|
|
{
|
|
if (pAceHeader->AceType == ACCESS_ALLOWED_ACE_TYPE)
|
|
{
|
|
// If the correct access is present, return success
|
|
if ((pAce->Mask & NewAccess) == NewAccess)
|
|
{
|
|
//iisDebugOut((LOG_TYPE_TRACE, _T("AddUserAccessToSD:correct access already present. Exiting,1=0x%x,2=0x%x,3=0x%x\n"),pAce->Mask,NewAccess,(pAce->Mask & NewAccess)));
|
|
bReturn = TRUE;
|
|
goto AddUserAccessToSD_Exit;
|
|
}
|
|
else
|
|
{
|
|
// the ace that exist doesn't have the permissions that we want.
|
|
// If an ACE for our SID exists, we just need to bump
|
|
// up the access level instead of creating a new ACE
|
|
fAceForGroupPresent = TRUE;
|
|
}
|
|
}
|
|
break;
|
|
}
|
|
}
|
|
|
|
// If we have to create a new ACE
|
|
// (because our user isn't listed in the existing ACL)
|
|
// then let's Create a new ACL to put the new access allowed ACE on
|
|
// --------------------------------
|
|
if (!fAceForGroupPresent)
|
|
{
|
|
NewAclLength = sizeof(ACL) +
|
|
sizeof(ACCESS_ALLOWED_ACE) - sizeof(ULONG) +
|
|
GetLengthSid( pSid );
|
|
|
|
NewAceDacl = (PACL) LocalAlloc( LMEM_FIXED, NewAclLength );
|
|
if ( NewAceDacl == NULL )
|
|
{
|
|
iisDebugOut((LOG_TYPE_ERROR, _T("LocalAlloc failed\n")));
|
|
goto AddUserAccessToSD_Exit;
|
|
}
|
|
|
|
if(!InitializeAcl( NewAceDacl, NewAclLength, ACL_REVISION ))
|
|
{
|
|
iisDebugOut((LOG_TYPE_ERROR, _T("InitializeAcl failed with 0x%x\n"),GetLastError()));
|
|
goto AddUserAccessToSD_Exit;
|
|
}
|
|
|
|
if (ACCESS_DENIED_ACE_TYPE == TheAceType)
|
|
{
|
|
Result = AddAccessDeniedAce(NewAceDacl,ACL_REVISION,NewAccess,pSid);
|
|
}
|
|
else
|
|
{
|
|
Result = AddAccessAllowedAce(NewAceDacl,ACL_REVISION,NewAccess,pSid);
|
|
}
|
|
if( !Result )
|
|
{
|
|
iisDebugOut((LOG_TYPE_ERROR, _T("AddAccessAllowedAce failed with 0x%x\n"),GetLastError()));
|
|
goto AddUserAccessToSD_Exit;
|
|
}
|
|
// Grab the 1st ace from the Newly created Dacl
|
|
if(!GetAce( NewAceDacl, 0, (void **)&NewAce ))
|
|
{
|
|
iisDebugOut((LOG_TYPE_ERROR, _T("GetAce failed with 0x%x\n"),GetLastError()));
|
|
goto AddUserAccessToSD_Exit;
|
|
}
|
|
|
|
// add CONTAINER_INHERIT_ACE TO AceFlags
|
|
//NewAce->AceFlags |= CONTAINER_INHERIT_ACE;
|
|
|
|
Length = AclInfo.AclBytesInUse + NewAce->AceSize;
|
|
}
|
|
else
|
|
{
|
|
Length = AclInfo.AclBytesInUse;
|
|
}
|
|
|
|
// Allocate new DACL
|
|
NewDacl = (PACL) LocalAlloc( LMEM_FIXED, Length );
|
|
if(NewDacl == NULL)
|
|
{
|
|
iisDebugOut((LOG_TYPE_ERROR, _T("LocalAlloc failed\n")));
|
|
goto AddUserAccessToSD_Exit;
|
|
}
|
|
if(!InitializeAcl( NewDacl, Length, ACL_REVISION ))
|
|
{
|
|
iisDebugOut((LOG_TYPE_ERROR, _T("InitializeAcl failed with 0x%x\n"),GetLastError()));
|
|
goto AddUserAccessToSD_Exit;
|
|
}
|
|
|
|
// Insert new ACE at the front of the new DACL
|
|
if (!fAceForGroupPresent)
|
|
{
|
|
if(!AddAce( NewDacl, ACL_REVISION, 0, NewAce, NewAce->AceSize ))
|
|
{
|
|
iisDebugOut((LOG_TYPE_ERROR, _T("AddAce failed with 0x%x\n"),GetLastError()));
|
|
goto AddUserAccessToSD_Exit;
|
|
}
|
|
}
|
|
|
|
// ----------------------------------------
|
|
// Read thru the old Dacl and get the ACE's
|
|
// add it to the new Dacl
|
|
// ----------------------------------------
|
|
for ( i = 0; i < AclInfo.AceCount; i++ )
|
|
{
|
|
ACE_HEADER *pAceHeader;
|
|
|
|
Result = GetAce( Dacl, i, (LPVOID*) &OldAce );
|
|
if( !Result )
|
|
{
|
|
iisDebugOut((LOG_TYPE_ERROR, _T("GetAce failed with 0x%x\n"),GetLastError()));
|
|
goto AddUserAccessToSD_Exit;
|
|
}
|
|
|
|
pAceHeader = (ACE_HEADER *)OldAce;
|
|
|
|
// If an ACE for our SID exists, we just need to bump
|
|
// up the access level instead of creating a new ACE
|
|
//
|
|
if (pAceHeader->AceType == ACCESS_ALLOWED_ACE_TYPE)
|
|
{
|
|
dwMask = OldAce->Mask;
|
|
if (fAceForGroupPresent)
|
|
{
|
|
if (EqualSid((PSID) &(OldAce->SidStart), pSid))
|
|
{
|
|
dwMask = NewAccess | OldAce->Mask;
|
|
}
|
|
}
|
|
|
|
// now add ace to new dacl
|
|
Result = AddAccessAllowedAceEx(NewDacl, ACL_REVISION, OldAce->Header.AceFlags,dwMask,(PSID) &(OldAce->SidStart));
|
|
if( !Result )
|
|
{
|
|
iisDebugOut((LOG_TYPE_ERROR, _T("AddAccessAllowedAceEx failed with 0x%x\n"),GetLastError()));
|
|
goto AddUserAccessToSD_Exit;
|
|
}
|
|
}
|
|
else
|
|
{
|
|
// copy denied or audit ace.
|
|
if (!AddAce(NewDacl, ACL_REVISION, 0xFFFFFFFF,OldAce, pAceHeader->AceSize ))
|
|
{
|
|
iisDebugOut((LOG_TYPE_ERROR, _T("AddAce failed with 0x%x\n"),GetLastError()));
|
|
goto AddUserAccessToSD_Exit;
|
|
}
|
|
}
|
|
}
|
|
|
|
|
|
// Set new DACL for Security Descriptor
|
|
if(!SetSecurityDescriptorDacl(NewSD,TRUE,NewDacl,FALSE))
|
|
{
|
|
iisDebugOut((LOG_TYPE_ERROR, _T("SetSecurityDescriptorDacl failed with 0x%x\n"),GetLastError()));
|
|
goto AddUserAccessToSD_Exit;
|
|
}
|
|
|
|
// The new SD is in absolute format. change it to Relative before we pass it back
|
|
cboutpSD = 0;
|
|
MakeSelfRelativeSD(NewSD, outpSD, &cboutpSD);
|
|
outpSD = (PSECURITY_DESCRIPTOR)GlobalAlloc(GPTR, cboutpSD);
|
|
if ( !outpSD )
|
|
{
|
|
iisDebugOut((LOG_TYPE_ERROR, _T("GlobalAlloc failed\n")));
|
|
goto AddUserAccessToSD_Exit;
|
|
}
|
|
|
|
if (!MakeSelfRelativeSD(NewSD, outpSD, &cboutpSD))
|
|
{
|
|
iisDebugOut((LOG_TYPE_ERROR, _T("MakeSelfRelativeSD failed with 0x%x\n"),GetLastError()));
|
|
goto AddUserAccessToSD_Exit;
|
|
}
|
|
|
|
// The new SD is passed back in relative format,
|
|
*ppSdNew = outpSD;
|
|
|
|
bReturn = TRUE;
|
|
|
|
AddUserAccessToSD_Exit:
|
|
if (NewSD){free( NewSD );NewSD = NULL;}
|
|
if (NewDacl){LocalFree( NewDacl );NewDacl = NULL;}
|
|
if (NewAceDacl){LocalFree( NewAceDacl );NewAceDacl = NULL;}
|
|
iisDebugOut((LOG_TYPE_TRACE_WIN32_API, _T("AddUserAccessToSD end\n")));
|
|
return bReturn;
|
|
}
|
|
|
|
DWORD SetRegistryKeySecurityAdmin(HKEY hkey, DWORD samDesired,PSECURITY_DESCRIPTOR* ppsdOld)
|
|
{
|
|
PSID psid;
|
|
SID_IDENTIFIER_AUTHORITY sidAuth = SECURITY_NT_AUTHORITY;
|
|
DWORD dwError = ERROR_SUCCESS;
|
|
|
|
// Get sid for the local Administrators group
|
|
if (!AllocateAndInitializeSid(&sidAuth, 2,SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS,0, 0, 0, 0, 0, 0, &psid) )
|
|
{
|
|
dwError = GetLastError();
|
|
}
|
|
|
|
if (ERROR_SUCCESS == dwError)
|
|
{
|
|
// Add all access privileges for the local administrators group
|
|
dwError = SetAccessOnRegKey(hkey, psid, samDesired, CONTAINER_INHERIT_ACE | OBJECT_INHERIT_ACE | INHERITED_ACE, ppsdOld);
|
|
}
|
|
|
|
return dwError;
|
|
}
|
|
|
|
|
|
DWORD SetRegistryKeySecurity(
|
|
IN HKEY hkeyRootKey,
|
|
IN LPCTSTR szKeyPath,
|
|
IN LPCTSTR szPrincipal,
|
|
IN DWORD dwAccessMask,
|
|
IN DWORD dwInheritMask,
|
|
IN BOOL bDoSubKeys,
|
|
IN LPTSTR szExclusiveList
|
|
)
|
|
{
|
|
DWORD dwStatus;
|
|
HKEY hkeyThisKey;
|
|
DWORD dwKeyIndex;
|
|
DWORD dwSubKeyLen;
|
|
TCHAR szSubKeyName[_MAX_PATH];
|
|
FILETIME FileTime;
|
|
TCHAR *szExclusiveStart;
|
|
BOOL fSetSecurityRec;
|
|
|
|
dwStatus = RegOpenKeyEx(hkeyRootKey,szKeyPath,0L,KEY_ALL_ACCESS,&hkeyThisKey);
|
|
if (ERROR_SUCCESS == dwStatus)
|
|
{
|
|
PSID principalSID = NULL;
|
|
BOOL bWellKnownSID = FALSE;
|
|
if (ERROR_SUCCESS == GetPrincipalSID((LPTSTR) szPrincipal, &principalSID, &bWellKnownSID))
|
|
{
|
|
PSECURITY_DESCRIPTOR psd = NULL;
|
|
SetAccessOnRegKey(hkeyThisKey,principalSID,dwAccessMask,dwInheritMask,&psd);
|
|
if (psd) {free(psd);}
|
|
if (bDoSubKeys)
|
|
{
|
|
dwKeyIndex = 0;
|
|
dwSubKeyLen = sizeof(szSubKeyName) / sizeof(TCHAR);
|
|
|
|
while (RegEnumKeyEx (hkeyThisKey,dwKeyIndex,szSubKeyName,&dwSubKeyLen,NULL,NULL,NULL,&FileTime) == ERROR_SUCCESS)
|
|
{
|
|
// subkey found so set subkey security
|
|
// attach on the inherited ace attribute since everything under this will be inherited
|
|
dwInheritMask |= INHERITED_ACE;
|
|
|
|
fSetSecurityRec = TRUE;
|
|
|
|
szExclusiveStart = szExclusiveList;
|
|
while ( szExclusiveStart != NULL )
|
|
{
|
|
szExclusiveStart = _tcsstr(szExclusiveStart,szSubKeyName);
|
|
|
|
// If we have found the substring, and the character after it is a NULL terminator or a ',', and
|
|
// it is at the begining of the string, or it had a , before it, then it is a match.
|
|
if ( ( szExclusiveStart != NULL ) &&
|
|
( ( *(szExclusiveStart + dwSubKeyLen) == '\0' ) || ( *(szExclusiveStart + dwSubKeyLen) == ',' ) ) &&
|
|
( ( szExclusiveStart == szExclusiveList) || (*(szExclusiveStart - 1) == ',') )
|
|
)
|
|
{
|
|
fSetSecurityRec = FALSE;
|
|
break;
|
|
}
|
|
|
|
// Increment to move past current search result
|
|
if (szExclusiveStart)
|
|
{
|
|
szExclusiveStart = szExclusiveStart + dwSubKeyLen;
|
|
}
|
|
}
|
|
|
|
if ( fSetSecurityRec )
|
|
{
|
|
dwStatus = SetRegistryKeySecurity(hkeyThisKey,szSubKeyName,szPrincipal,dwAccessMask,dwInheritMask,bDoSubKeys,szExclusiveList);
|
|
}
|
|
|
|
// set variables for next call
|
|
dwKeyIndex++;
|
|
dwSubKeyLen = sizeof(szSubKeyName) / sizeof(TCHAR);
|
|
}
|
|
}
|
|
}
|
|
RegCloseKey(hkeyThisKey);
|
|
}
|
|
return dwStatus;
|
|
}
|
|
|
|
#endif
|
|
|