mirror of https://github.com/tongzx/nt5src
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6416 lines
186 KiB
6416 lines
186 KiB
/*++
|
|
Copyright (c) 1996 Microsoft Corporation
|
|
|
|
Module Name:
|
|
|
|
pfget.cpp
|
|
|
|
Abstract:
|
|
|
|
Routines to get information from jet database (configuration/analysis
|
|
info).
|
|
|
|
Author:
|
|
|
|
Jin Huang (jinhuang) 28-Oct-1996
|
|
|
|
Revision History:
|
|
|
|
jinhuang 26-Jan-1998 splitted to client-server
|
|
|
|
--*/
|
|
|
|
#include "serverp.h"
|
|
#include <io.h>
|
|
#include "pfp.h"
|
|
#include "kerberos.h"
|
|
#include "regvalue.h"
|
|
#include <sddl.h>
|
|
#pragma hdrstop
|
|
|
|
//#define SCE_DBG 1
|
|
#define SCE_INTERNAL_NP 0x80
|
|
#define SCE_ALLOC_MAX_NODE 10
|
|
|
|
typedef struct _SCE_BROWSE_CALLBACK_VALUE {
|
|
|
|
DWORD Len;
|
|
UCHAR *Value;
|
|
|
|
} SCE_BROWSE_CALLBACK_VALUE;
|
|
|
|
|
|
//
|
|
// Forward references
|
|
//
|
|
|
|
SCESTATUS
|
|
ScepGetSystemAccess(
|
|
IN PSCECONTEXT hProfile,
|
|
IN SCETYPE ProfileType,
|
|
OUT PSCE_PROFILE_INFO pProfileInfo,
|
|
OUT PSCE_ERROR_LOG_INFO *Errlog OPTIONAL
|
|
);
|
|
|
|
SCESTATUS
|
|
ScepGetVariableValue(
|
|
IN PSCESECTION hSection,
|
|
IN SCETYPE ProfileType,
|
|
IN PCWSTR KeyName,
|
|
OUT PWSTR *Value,
|
|
OUT PDWORD ValueLen
|
|
);
|
|
|
|
SCESTATUS
|
|
ScepAddToPrivilegeList(
|
|
OUT PSCE_PRIVILEGE_VALUE_LIST *pPrivilegeList,
|
|
IN PWSTR Name,
|
|
IN DWORD Len,
|
|
IN DWORD PrivValue
|
|
);
|
|
|
|
SCESTATUS
|
|
ScepGetGroupMembership(
|
|
IN PSCECONTEXT hProfile,
|
|
IN SCETYPE ProfileType,
|
|
OUT PSCE_GROUP_MEMBERSHIP *pGroupMembership,
|
|
OUT PSCE_ERROR_LOG_INFO *Errlog OPTIONAL
|
|
);
|
|
|
|
SCESTATUS
|
|
ScepGetGroupMembershipFromOneTable(
|
|
IN LSA_HANDLE LsaPolicy,
|
|
IN PSCECONTEXT hProfile,
|
|
IN SCETYPE ProfileType,
|
|
OUT PSCE_GROUP_MEMBERSHIP *pGroupMembership,
|
|
OUT PSCE_ERROR_LOG_INFO *Errlog OPTIONAL
|
|
);
|
|
|
|
SCESTATUS
|
|
ScepGetObjectList(
|
|
IN PSCECONTEXT hProfile,
|
|
IN SCETYPE ProfileType,
|
|
IN PCWSTR SectionName,
|
|
OUT PSCE_OBJECT_LIST *pObjectRoots,
|
|
OUT PSCE_ERROR_LOG_INFO *Errlog OPTIONAL
|
|
);
|
|
SCESTATUS
|
|
ScepGetDsRoot(
|
|
IN PSCECONTEXT hProfile,
|
|
IN SCETYPE ProfileType,
|
|
IN PCWSTR SectionName,
|
|
OUT PSCE_OBJECT_LIST *pObjectRoots,
|
|
OUT PSCE_ERROR_LOG_INFO *Errlog OPTIONAL
|
|
);
|
|
|
|
SCESTATUS
|
|
ScepBuildDsTree(
|
|
OUT PSCE_OBJECT_CHILD_LIST *TreeRoot,
|
|
IN ULONG Level,
|
|
IN WCHAR Delim,
|
|
IN PCWSTR ObjectFullName
|
|
);
|
|
|
|
SCESTATUS
|
|
ScepGetObjectFromOneTable(
|
|
IN PSCECONTEXT hProfile,
|
|
IN SCETYPE ProfileType,
|
|
IN PCWSTR SectionName,
|
|
OUT PSCE_OBJECT_LIST *pObjectRoots,
|
|
OUT PSCE_ERROR_LOG_INFO *Errlog OPTIONAL
|
|
);
|
|
|
|
SCESTATUS
|
|
ScepGetObjectChildrenFromOneTable(
|
|
IN PSCECONTEXT hProfile,
|
|
IN SCETYPE ProfileType,
|
|
IN AREA_INFORMATION Area,
|
|
IN PWSTR ObjectPrefix,
|
|
IN SCE_SUBOBJECT_TYPE Option,
|
|
OUT PVOID *Buffer,
|
|
OUT PSCE_ERROR_LOG_INFO *Errlog OPTIONAL
|
|
);
|
|
|
|
BYTE
|
|
ScepGetObjectStatusFlag(
|
|
IN PSCECONTEXT hProfile,
|
|
IN SCETYPE ProfileType,
|
|
IN AREA_INFORMATION Area,
|
|
IN PWSTR ObjectPrefix,
|
|
IN BOOL bLookForParent
|
|
);
|
|
|
|
SCESTATUS
|
|
ScepGetAuditing(
|
|
IN PSCECONTEXT hProfile,
|
|
IN SCETYPE ProfileType,
|
|
OUT PSCE_PROFILE_INFO pProfileInfo,
|
|
OUT PSCE_ERROR_LOG_INFO *Errlog OPTIONAL
|
|
);
|
|
|
|
SCESTATUS
|
|
ScepGetPrivilegesFromOneTable(
|
|
IN LSA_HANDLE LsaPolicy,
|
|
IN PSCECONTEXT hProfile,
|
|
IN SCETYPE ProfileType,
|
|
IN DWORD dwAccountFormat,
|
|
OUT PVOID *pPrivileges,
|
|
OUT PSCE_ERROR_LOG_INFO *Errlog OPTIONAL
|
|
);
|
|
|
|
SCESTATUS
|
|
ScepGetSystemServices(
|
|
IN PSCECONTEXT hProfile,
|
|
IN SCETYPE ProfileType,
|
|
OUT PSCE_SERVICES *pServiceList,
|
|
OUT PSCE_ERROR_LOG_INFO *Errlog OPTIONAL
|
|
);
|
|
|
|
BOOL
|
|
ScepSearchItemInChildren(
|
|
IN PWSTR ItemName,
|
|
IN DWORD NameLen,
|
|
IN PSCE_OBJECT_CHILDREN_NODE *pArrObject,
|
|
IN DWORD arrCount,
|
|
OUT LONG *pFindIndex
|
|
);
|
|
|
|
|
|
DWORD
|
|
ScepAddItemToChildren(
|
|
IN PSCE_OBJECT_CHILDREN_NODE ThisNode OPTIONAL,
|
|
IN PWSTR ItemName,
|
|
IN DWORD NameLen,
|
|
IN BOOL IsContainer,
|
|
IN BYTE Status,
|
|
IN DWORD ChildCount,
|
|
IN OUT PSCE_OBJECT_CHILDREN_NODE **ppArrObject,
|
|
IN OUT DWORD *pArrCount,
|
|
IN OUT DWORD *pMaxCount,
|
|
IN OUT LONG *pFindIndex
|
|
);
|
|
|
|
//
|
|
// function definitions
|
|
//
|
|
|
|
SCESTATUS
|
|
ScepGetDatabaseInfo(
|
|
IN PSCECONTEXT hProfile,
|
|
IN SCETYPE ProfileType,
|
|
IN AREA_INFORMATION Area,
|
|
IN DWORD dwAccountFormat,
|
|
OUT PSCE_PROFILE_INFO *ppInfoBuffer,
|
|
IN OUT PSCE_ERROR_LOG_INFO *Errlog OPTIONAL
|
|
)
|
|
/**++
|
|
|
|
Function Description:
|
|
|
|
This function reads all or part of information from a SCP/SAP/SMP profile
|
|
depending on the ProfileType, into the InfoBuffer. ProfileType is saved in
|
|
the ppInfoBuffer's Type field.
|
|
|
|
A handle to the profile (Jet database) is passed into the routine every
|
|
time this routine is called. Area specifies one or more pre-defined security
|
|
areas to get information. One area's information may be saved in multiple
|
|
sections in the profile.
|
|
|
|
The memory related to the area(s) will be reset/freed before loading
|
|
information from the profile. If the return code is SCESTATUS_SUCCESS, then
|
|
the output InfoBuffer contains the requested information. Otherwise,
|
|
InfoBuffer contains nothing for the area(s) specified.
|
|
|
|
Arguments:
|
|
|
|
hProfile - The handle to the profile to read from.
|
|
|
|
ProfileType - value to indicate engine type.
|
|
SCE_ENGINE_SCP
|
|
SCE_ENGINE_SAP
|
|
SCE_ENGINE_SMP
|
|
|
|
Area - area(s) for which to get information from
|
|
AREA_SECURITY_POLICY
|
|
AREA_PRIVILEGES
|
|
AREA_GROUP_MEMBERSHIP
|
|
AREA_REGISTRY_SECURITY
|
|
AREA_SYSTEM_SERVICE
|
|
AREA_FILE_SECURITY
|
|
|
|
ppInfoBuffer - The address of SCP/SAP/SMP buffers. If it is NULL, a buffer
|
|
will be created which must be freed by LocalFree. The
|
|
output is the information requested if successful, or
|
|
nothing if fail.
|
|
|
|
Errlog - A buffer to hold all error codes/text encountered when
|
|
parsing the INF file. If Errlog is NULL, no further error
|
|
information is returned except the return DWORD
|
|
|
|
Return Value:
|
|
|
|
SCESTATUS_SUCCESS
|
|
SCESTATUS_PROFILE_NOT_FOUND
|
|
SCESTATUS_NOT_ENOUGH_RESOURCE
|
|
SCESTATUS_INVALID_PARAMETER
|
|
SCESTATUS_BAD_FORMAT
|
|
SCESTATUS_INVALID_DATA
|
|
|
|
-- **/
|
|
{
|
|
|
|
SCESTATUS rc=SCESTATUS_SUCCESS;
|
|
DWORD Len;
|
|
BOOL bBufAlloc=FALSE;
|
|
NT_PRODUCT_TYPE theType;
|
|
|
|
//
|
|
// if the JET database is not opened then return
|
|
//
|
|
|
|
if ( hProfile == NULL ) {
|
|
|
|
return( SCESTATUS_INVALID_PARAMETER );
|
|
}
|
|
|
|
//
|
|
// address for InfoBuffer cannot be NULL
|
|
//
|
|
if ( ppInfoBuffer == NULL ) {
|
|
return( SCESTATUS_INVALID_PARAMETER );
|
|
}
|
|
|
|
//
|
|
// check scetype
|
|
//
|
|
if ( ProfileType > SCE_ENGINE_SMP ) {
|
|
return(SCESTATUS_INVALID_PARAMETER);
|
|
}
|
|
|
|
//
|
|
// check to see if there is a SMP or SCP table
|
|
//
|
|
if ( hProfile->JetSmpID == JET_tableidNil ||
|
|
hProfile->JetScpID == JET_tableidNil ) {
|
|
return(SCESTATUS_PROFILE_NOT_FOUND);
|
|
}
|
|
|
|
if ( ProfileType == SCE_ENGINE_GPO &&
|
|
hProfile->JetScpID == hProfile->JetSmpID ) {
|
|
//
|
|
// there is no domain GPO policy
|
|
//
|
|
return(SCESTATUS_PROFILE_NOT_FOUND);
|
|
}
|
|
//
|
|
// design on this part is changed.
|
|
// if there is no SAP table which means the system has not been
|
|
// analyzed based on the template in SMP, return error and UI
|
|
// will display "no analysis is performed"
|
|
//
|
|
if ( ProfileType == SCE_ENGINE_SAP &&
|
|
hProfile->JetSapID == JET_tableidNil) {
|
|
|
|
return(SCESTATUS_PROFILE_NOT_FOUND);
|
|
}
|
|
|
|
//
|
|
// create buffer if it is NULL
|
|
//
|
|
if ( *ppInfoBuffer == NULL) {
|
|
//
|
|
// allocate memory
|
|
//
|
|
Len = sizeof(SCE_PROFILE_INFO);
|
|
*ppInfoBuffer = (PSCE_PROFILE_INFO)ScepAlloc( (UINT)0, Len);
|
|
if ( *ppInfoBuffer == NULL ) {
|
|
|
|
return( SCESTATUS_NOT_ENOUGH_RESOURCE );
|
|
}
|
|
memset(*ppInfoBuffer, '\0', Len);
|
|
bBufAlloc = TRUE;
|
|
|
|
(*ppInfoBuffer)->Type = ( ProfileType==SCE_ENGINE_GPO) ? SCE_ENGINE_SCP : ProfileType;
|
|
|
|
}
|
|
|
|
/*
|
|
// Design changed. Checking is moved above creating the buffer.
|
|
|
|
if ( ProfileType == SCE_ENGINE_SAP &&
|
|
hProfile->JetSapID == JET_tableidNil) {
|
|
//
|
|
// if no SAP table is there, which means configuration is done
|
|
// but analysis is not done, we treat it as everything is fine
|
|
// reset the buffer to SCE_NO_VALUE
|
|
//
|
|
ScepResetSecurityPolicyArea(*ppInfoBuffer);
|
|
|
|
// return(SCESTATUS_PROFILE_NOT_FOUND);
|
|
return(SCESTATUS_SUCCESS);
|
|
}
|
|
*/
|
|
//
|
|
// Free related memory and reset the buffer before parsing
|
|
// there is a problem here for now. it clears the handle and
|
|
// filename too. So comment it out.
|
|
|
|
SceFreeMemory( (PVOID)(*ppInfoBuffer), (DWORD)Area );
|
|
|
|
//
|
|
// system access
|
|
//
|
|
|
|
if ( Area & AREA_SECURITY_POLICY ) {
|
|
|
|
rc = ScepGetSystemAccess(
|
|
hProfile,
|
|
ProfileType,
|
|
*ppInfoBuffer,
|
|
Errlog
|
|
);
|
|
|
|
if( rc != SCESTATUS_SUCCESS )
|
|
goto Done;
|
|
|
|
//
|
|
// system auditing
|
|
//
|
|
rc = ScepGetAuditing(hProfile,
|
|
ProfileType,
|
|
*ppInfoBuffer,
|
|
Errlog
|
|
);
|
|
|
|
if( rc != SCESTATUS_SUCCESS )
|
|
goto Done;
|
|
|
|
#if _WIN32_WINNT>=0x0500
|
|
if ( RtlGetNtProductType(&theType) ) {
|
|
|
|
if ( theType == NtProductLanManNt ) {
|
|
|
|
rc = ScepGetKerberosPolicy(
|
|
hProfile,
|
|
ProfileType,
|
|
&((*ppInfoBuffer)->pKerberosInfo),
|
|
Errlog
|
|
);
|
|
|
|
if ( rc != SCESTATUS_SUCCESS )
|
|
goto Done;
|
|
}
|
|
}
|
|
#endif
|
|
//
|
|
// registry values
|
|
//
|
|
rc = ScepGetRegistryValues(
|
|
hProfile,
|
|
ProfileType,
|
|
&((*ppInfoBuffer)->aRegValues),
|
|
&((*ppInfoBuffer)->RegValueCount),
|
|
Errlog
|
|
);
|
|
|
|
if ( rc != SCESTATUS_SUCCESS )
|
|
goto Done;
|
|
}
|
|
|
|
//
|
|
// privilege/rights
|
|
//
|
|
|
|
if ( Area & AREA_PRIVILEGES ) {
|
|
//
|
|
// SCP/SMP/SAP privilegeAssignedTo are all in the same address in the
|
|
// SCE_PROFILE_INFO structure.
|
|
//
|
|
rc = ScepGetPrivileges(
|
|
hProfile,
|
|
ProfileType,
|
|
dwAccountFormat,
|
|
(PVOID *)&( (*ppInfoBuffer)->OtherInfo.scp.u.pPrivilegeAssignedTo ),
|
|
Errlog
|
|
);
|
|
|
|
if( rc != SCESTATUS_SUCCESS )
|
|
goto Done;
|
|
}
|
|
|
|
|
|
//
|
|
// group memberships
|
|
//
|
|
|
|
if ( (Area & AREA_GROUP_MEMBERSHIP) &&
|
|
(ProfileType != SCE_ENGINE_GPO) ) {
|
|
|
|
rc = ScepGetGroupMembership(
|
|
hProfile,
|
|
ProfileType,
|
|
&((*ppInfoBuffer)->pGroupMembership),
|
|
Errlog
|
|
);
|
|
|
|
if( rc != SCESTATUS_SUCCESS )
|
|
goto Done;
|
|
}
|
|
|
|
//
|
|
// registry keys security
|
|
//
|
|
|
|
if ( (Area & AREA_REGISTRY_SECURITY) &&
|
|
(ProfileType != SCE_ENGINE_GPO) ) {
|
|
|
|
rc = ScepGetObjectList(
|
|
hProfile,
|
|
ProfileType,
|
|
szRegistryKeys,
|
|
&((*ppInfoBuffer)->pRegistryKeys.pOneLevel),
|
|
Errlog
|
|
);
|
|
if ( rc != SCESTATUS_SUCCESS )
|
|
goto Done;
|
|
|
|
}
|
|
|
|
//
|
|
// file security
|
|
//
|
|
|
|
if ( (Area & AREA_FILE_SECURITY) &&
|
|
(ProfileType != SCE_ENGINE_GPO) ) {
|
|
|
|
rc = ScepGetObjectList(
|
|
hProfile,
|
|
ProfileType,
|
|
szFileSecurity,
|
|
&((*ppInfoBuffer)->pFiles.pOneLevel),
|
|
Errlog
|
|
);
|
|
|
|
if ( rc != SCESTATUS_SUCCESS )
|
|
goto Done;
|
|
}
|
|
|
|
//
|
|
// DS object security
|
|
//
|
|
#if 0
|
|
|
|
#if _WIN32_WINNT>=0x0500
|
|
if ( (Area & AREA_DS_OBJECTS) &&
|
|
(ProfileType != SCE_ENGINE_GPO) &&
|
|
RtlGetNtProductType(&theType) ) {
|
|
|
|
if ( theType == NtProductLanManNt ) {
|
|
rc = ScepGetDsRoot(
|
|
hProfile,
|
|
ProfileType,
|
|
szDSSecurity,
|
|
&((*ppInfoBuffer)->pDsObjects.pOneLevel),
|
|
Errlog
|
|
);
|
|
|
|
if ( rc != SCESTATUS_SUCCESS )
|
|
goto Done;
|
|
}
|
|
}
|
|
#endif
|
|
#endif
|
|
|
|
if ( (Area & AREA_SYSTEM_SERVICE) &&
|
|
(ProfileType != SCE_ENGINE_GPO) ) {
|
|
|
|
rc = ScepGetSystemServices(
|
|
hProfile,
|
|
ProfileType,
|
|
&((*ppInfoBuffer)->pServices),
|
|
Errlog
|
|
);
|
|
if ( rc != SCESTATUS_SUCCESS )
|
|
goto Done;
|
|
|
|
}
|
|
|
|
Done:
|
|
|
|
if ( rc != SCESTATUS_SUCCESS ) {
|
|
|
|
//
|
|
// need free memory because some fatal error happened
|
|
//
|
|
|
|
if ( bBufAlloc ) {
|
|
SceFreeProfileMemory(*ppInfoBuffer);
|
|
*ppInfoBuffer = NULL;
|
|
} else
|
|
SceFreeMemory( (PVOID)(*ppInfoBuffer), (DWORD)Area );
|
|
|
|
}
|
|
return(rc);
|
|
}
|
|
|
|
|
|
SCESTATUS
|
|
ScepGetSystemAccess(
|
|
IN PSCECONTEXT hProfile,
|
|
IN SCETYPE ProfileType,
|
|
OUT PSCE_PROFILE_INFO pProfileInfo,
|
|
OUT PSCE_ERROR_LOG_INFO *Errlog OPTIONAL
|
|
)
|
|
/*++
|
|
Routine Description:
|
|
|
|
This routine retrieves system access area information from the Jet database
|
|
and stores in the output buffer pProfileInfo. System access information
|
|
includes information in [System Access] sections.
|
|
|
|
Arguments:
|
|
|
|
hProfile - The profile handle context
|
|
|
|
pProfileinfo - the output buffer to hold profile info (SCP or SAP).
|
|
|
|
Errlog - A buffer to hold all error codes/text encountered when
|
|
parsing the INF file. If Errlog is NULL, no further error
|
|
information is returned except the return DWORD
|
|
|
|
Return value:
|
|
|
|
SCESTATUS - SCESTATUS_SUCCESS
|
|
SCESTATUS_NOT_ENOUGH_RESOURCE
|
|
SCESTATUS_INVALID_PARAMETER
|
|
SCESTATUS_BAD_FORMAT
|
|
SCESTATUS_INVALID_DATA
|
|
|
|
--*/
|
|
|
|
{
|
|
SCESTATUS rc;
|
|
PSCESECTION hSection=NULL;
|
|
|
|
SCE_KEY_LOOKUP AccessKeys[] = {
|
|
{(PWSTR)TEXT("MinimumPasswordAge"), offsetof(struct _SCE_PROFILE_INFO, MinimumPasswordAge), 'D'},
|
|
{(PWSTR)TEXT("MaximumPasswordAge"), offsetof(struct _SCE_PROFILE_INFO, MaximumPasswordAge), 'D'},
|
|
{(PWSTR)TEXT("MinimumPasswordLength"), offsetof(struct _SCE_PROFILE_INFO, MinimumPasswordLength), 'D'},
|
|
{(PWSTR)TEXT("PasswordComplexity"), offsetof(struct _SCE_PROFILE_INFO, PasswordComplexity), 'D'},
|
|
{(PWSTR)TEXT("PasswordHistorySize"), offsetof(struct _SCE_PROFILE_INFO, PasswordHistorySize), 'D'},
|
|
{(PWSTR)TEXT("LockoutBadCount"), offsetof(struct _SCE_PROFILE_INFO, LockoutBadCount), 'D'},
|
|
{(PWSTR)TEXT("ResetLockoutCount"), offsetof(struct _SCE_PROFILE_INFO, ResetLockoutCount), 'D'},
|
|
{(PWSTR)TEXT("LockoutDuration"), offsetof(struct _SCE_PROFILE_INFO, LockoutDuration), 'D'},
|
|
{(PWSTR)TEXT("RequireLogonToChangePassword"),offsetof(struct _SCE_PROFILE_INFO, RequireLogonToChangePassword),'D'},
|
|
{(PWSTR)TEXT("ForceLogoffWhenHourExpire"),offsetof(struct _SCE_PROFILE_INFO, ForceLogoffWhenHourExpire),'D'},
|
|
{(PWSTR)TEXT("ClearTextPassword"), offsetof(struct _SCE_PROFILE_INFO, ClearTextPassword), 'D'},
|
|
{(PWSTR)TEXT("LSAAnonymousNameLookup"), offsetof(struct _SCE_PROFILE_INFO, LSAAnonymousNameLookup), 'D'},
|
|
{(PWSTR)TEXT("EnableAdminAccount"), offsetof(struct _SCE_PROFILE_INFO, EnableAdminAccount), 'D'},
|
|
{(PWSTR)TEXT("EnableGuestAccount"), offsetof(struct _SCE_PROFILE_INFO, EnableGuestAccount), 'D'}
|
|
};
|
|
|
|
DWORD cKeys = sizeof(AccessKeys) / sizeof(SCE_KEY_LOOKUP);
|
|
|
|
DWORD DataSize=0;
|
|
PWSTR Strvalue=NULL;
|
|
DWORD SDsize=0;
|
|
PSECURITY_DESCRIPTOR pTempSD=NULL;
|
|
|
|
|
|
if ( pProfileInfo == NULL ) {
|
|
return(SCESTATUS_INVALID_PARAMETER);
|
|
}
|
|
|
|
rc = ScepGetFixValueSection(
|
|
hProfile,
|
|
szSystemAccess,
|
|
AccessKeys,
|
|
cKeys,
|
|
ProfileType,
|
|
(PVOID)pProfileInfo,
|
|
&hSection,
|
|
Errlog
|
|
);
|
|
if ( rc != SCESTATUS_SUCCESS )
|
|
return(rc);
|
|
|
|
//
|
|
// get new administrator for SCP and SMP types
|
|
//
|
|
rc = ScepGetVariableValue(
|
|
hSection,
|
|
ProfileType,
|
|
L"NewAdministratorName",
|
|
&Strvalue,
|
|
&DataSize
|
|
);
|
|
if ( rc != SCESTATUS_RECORD_NOT_FOUND &&
|
|
rc != SCESTATUS_SUCCESS ) {
|
|
|
|
ScepBuildErrorLogInfo( ERROR_READ_FAULT,
|
|
Errlog, SCEERR_QUERY_VALUE,
|
|
L"NewAdministratorName"
|
|
);
|
|
goto Done;
|
|
}
|
|
rc = SCESTATUS_SUCCESS;
|
|
|
|
if ( Strvalue ) {
|
|
if ( Strvalue[0] != L'\0') {
|
|
pProfileInfo->NewAdministratorName = Strvalue;
|
|
} else {
|
|
pProfileInfo->NewAdministratorName = NULL;
|
|
ScepFree(Strvalue);
|
|
}
|
|
Strvalue = NULL;
|
|
}
|
|
|
|
//
|
|
// NewGuestName
|
|
//
|
|
|
|
rc = ScepGetVariableValue(
|
|
hSection,
|
|
ProfileType,
|
|
L"NewGuestName",
|
|
&Strvalue,
|
|
&DataSize
|
|
);
|
|
if ( rc != SCESTATUS_RECORD_NOT_FOUND &&
|
|
rc != SCESTATUS_SUCCESS ) {
|
|
|
|
ScepBuildErrorLogInfo( ERROR_READ_FAULT,
|
|
Errlog, SCEERR_QUERY_VALUE,
|
|
L"NewGuestName"
|
|
);
|
|
goto Done;
|
|
}
|
|
rc = SCESTATUS_SUCCESS;
|
|
|
|
if ( Strvalue ) {
|
|
if ( Strvalue[0] != L'\0') {
|
|
pProfileInfo->NewGuestName = Strvalue;
|
|
} else {
|
|
pProfileInfo->NewGuestName = NULL;
|
|
ScepFree(Strvalue);
|
|
}
|
|
Strvalue = NULL;
|
|
}
|
|
|
|
Done:
|
|
|
|
SceJetCloseSection(&hSection, TRUE);
|
|
|
|
if ( pTempSD != NULL )
|
|
ScepFree(pTempSD);
|
|
|
|
if ( Strvalue != NULL )
|
|
ScepFree( Strvalue );
|
|
|
|
return(rc);
|
|
}
|
|
|
|
|
|
SCESTATUS
|
|
ScepGetFixValueSection(
|
|
IN PSCECONTEXT hProfile,
|
|
IN PCWSTR SectionName,
|
|
IN SCE_KEY_LOOKUP *Keys,
|
|
IN DWORD cKeys,
|
|
IN SCETYPE ProfileType,
|
|
OUT PVOID pInfo,
|
|
OUT PSCESECTION *phSection,
|
|
OUT PSCE_ERROR_LOG_INFO *Errlog OPTIONAL
|
|
)
|
|
/* ++
|
|
-- */
|
|
{
|
|
SCESTATUS rc;
|
|
DWORD i;
|
|
TCHAR Value[25];
|
|
DWORD RetValueLen;
|
|
LONG Keyvalue;
|
|
|
|
|
|
|
|
rc = ScepOpenSectionForName(
|
|
hProfile,
|
|
(ProfileType==SCE_ENGINE_GPO)? SCE_ENGINE_SCP : ProfileType,
|
|
SectionName,
|
|
phSection
|
|
);
|
|
if ( SCESTATUS_SUCCESS != rc ) {
|
|
ScepBuildErrorLogInfo( ERROR_INVALID_DATA,
|
|
Errlog, SCEERR_OPEN,
|
|
SectionName
|
|
);
|
|
return(rc);
|
|
}
|
|
|
|
JET_COLUMNID ColGpoID = 0;
|
|
JET_ERR JetErr;
|
|
LONG GpoID=0;
|
|
DWORD Actual;
|
|
|
|
if ( ProfileType == SCE_ENGINE_GPO ) {
|
|
JET_COLUMNDEF ColumnGpoIDDef;
|
|
|
|
JetErr = JetGetTableColumnInfo(
|
|
(*phSection)->JetSessionID,
|
|
(*phSection)->JetTableID,
|
|
"GpoID",
|
|
(VOID *)&ColumnGpoIDDef,
|
|
sizeof(JET_COLUMNDEF),
|
|
JET_ColInfo
|
|
);
|
|
if ( JET_errSuccess == JetErr ) {
|
|
ColGpoID = ColumnGpoIDDef.columnid;
|
|
}
|
|
}
|
|
|
|
//
|
|
// get each key in the access array
|
|
//
|
|
for ( i=0; i<cKeys; i++ ) {
|
|
|
|
memset(Value, '\0', 50);
|
|
RetValueLen = 0;
|
|
|
|
rc = SceJetGetValue(
|
|
*phSection,
|
|
SCEJET_EXACT_MATCH_NO_CASE,
|
|
(PWSTR)(Keys[i].KeyString),
|
|
NULL,
|
|
0,
|
|
NULL,
|
|
Value,
|
|
48,
|
|
&RetValueLen
|
|
);
|
|
|
|
if ( RetValueLen > 0 )
|
|
Value[RetValueLen/2] = L'\0';
|
|
|
|
if ( rc == SCESTATUS_SUCCESS ) {
|
|
|
|
GpoID = 1;
|
|
if ( ProfileType == SCE_ENGINE_GPO ) {
|
|
|
|
//
|
|
// query if the setting comes from a GPO
|
|
// get GPO ID field from the current line
|
|
//
|
|
GpoID = 0;
|
|
|
|
if ( ColGpoID > 0 ) {
|
|
|
|
JetErr = JetRetrieveColumn(
|
|
(*phSection)->JetSessionID,
|
|
(*phSection)->JetTableID,
|
|
ColGpoID,
|
|
(void *)&GpoID,
|
|
4,
|
|
&Actual,
|
|
0,
|
|
NULL
|
|
);
|
|
}
|
|
}
|
|
|
|
if ( GpoID > 0 && RetValueLen > 0 && Value[0] != L'\0' )
|
|
Keyvalue = _wtol(Value);
|
|
else
|
|
Keyvalue = SCE_NO_VALUE;
|
|
|
|
} else if ( rc == SCESTATUS_RECORD_NOT_FOUND ) {
|
|
rc = SCESTATUS_SUCCESS; // it is OK not find a record
|
|
Keyvalue = SCE_NO_VALUE;
|
|
} else {
|
|
ScepBuildErrorLogInfo( ERROR_READ_FAULT,
|
|
Errlog,
|
|
SCEERR_QUERY_VALUE,
|
|
Keys[i].KeyString
|
|
);
|
|
goto Done;
|
|
}
|
|
#ifdef SCE_DBG
|
|
printf("Get info %s (%d) for ", Value, Keyvalue);
|
|
wprintf(L"%s. rc=%d, Return Length=%d\n",
|
|
Keys[i].KeyString, rc, RetValueLen);
|
|
#endif
|
|
|
|
switch (Keys[i].BufferType ) {
|
|
case 'B':
|
|
*((BOOL *)((CHAR *)pInfo+Keys[i].Offset)) = (Keyvalue == 1) ? TRUE : FALSE;
|
|
break;
|
|
case 'D':
|
|
*((DWORD *)((CHAR *)pInfo+Keys[i].Offset)) = Keyvalue;
|
|
break;
|
|
default:
|
|
rc = SCESTATUS_INVALID_DATA;
|
|
ScepBuildErrorLogInfo( ERROR_INVALID_DATA,
|
|
Errlog,
|
|
SCEERR_CANT_FIND_DATATYPE,
|
|
Keys[i].KeyString
|
|
);
|
|
goto Done;
|
|
}
|
|
}
|
|
|
|
Done:
|
|
//
|
|
// close the section
|
|
//
|
|
if ( rc != SCESTATUS_SUCCESS ) {
|
|
|
|
SceJetCloseSection(phSection, TRUE);
|
|
}
|
|
|
|
return(rc);
|
|
|
|
}
|
|
|
|
|
|
SCESTATUS
|
|
ScepGetVariableValue(
|
|
IN PSCESECTION hSection,
|
|
IN SCETYPE ProfileType,
|
|
IN PCWSTR KeyName,
|
|
OUT PWSTR *Value,
|
|
OUT PDWORD ValueLen
|
|
)
|
|
/* ++
|
|
-- */
|
|
{
|
|
|
|
SCESTATUS rc;
|
|
|
|
rc = SceJetGetValue(
|
|
hSection,
|
|
SCEJET_EXACT_MATCH_NO_CASE,
|
|
(PWSTR)KeyName,
|
|
NULL,
|
|
0,
|
|
NULL,
|
|
NULL,
|
|
0,
|
|
ValueLen
|
|
);
|
|
|
|
if ( rc == SCESTATUS_SUCCESS && *ValueLen > 0 ) {
|
|
|
|
LONG GpoID=1;
|
|
|
|
if ( ProfileType == SCE_ENGINE_GPO ) {
|
|
|
|
JET_COLUMNDEF ColumnGpoIDDef;
|
|
JET_COLUMNID ColGpoID = 0;
|
|
JET_ERR JetErr;
|
|
DWORD Actual;
|
|
|
|
|
|
JetErr = JetGetTableColumnInfo(
|
|
hSection->JetSessionID,
|
|
hSection->JetTableID,
|
|
"GpoID",
|
|
(VOID *)&ColumnGpoIDDef,
|
|
sizeof(JET_COLUMNDEF),
|
|
JET_ColInfo
|
|
);
|
|
|
|
GpoID = 0;
|
|
|
|
if ( JET_errSuccess == JetErr ) {
|
|
ColGpoID = ColumnGpoIDDef.columnid;
|
|
//
|
|
// query if the setting comes from a GPO
|
|
// get GPO ID field from the current line
|
|
//
|
|
JetErr = JetRetrieveColumn(
|
|
hSection->JetSessionID,
|
|
hSection->JetTableID,
|
|
ColGpoID,
|
|
(void *)&GpoID,
|
|
4,
|
|
&Actual,
|
|
0,
|
|
NULL
|
|
);
|
|
|
|
}
|
|
}
|
|
|
|
if ( GpoID > 0 ) {
|
|
|
|
//
|
|
// if DataSize = 0 then the security descriptor is NULL also
|
|
//
|
|
*Value = (PWSTR)ScepAlloc( LMEM_ZEROINIT, *ValueLen+2);
|
|
|
|
if( *Value == NULL ) {
|
|
rc = SCESTATUS_NOT_ENOUGH_RESOURCE;
|
|
|
|
} else {
|
|
rc = SceJetGetValue(
|
|
hSection,
|
|
SCEJET_CURRENT,
|
|
(PWSTR)KeyName,
|
|
NULL,
|
|
0,
|
|
NULL,
|
|
*Value,
|
|
*ValueLen,
|
|
ValueLen
|
|
);
|
|
}
|
|
|
|
} else {
|
|
|
|
rc = SCESTATUS_RECORD_NOT_FOUND;
|
|
}
|
|
|
|
}
|
|
|
|
return(rc);
|
|
|
|
}
|
|
|
|
|
|
SCESTATUS
|
|
ScepGetPrivileges(
|
|
IN PSCECONTEXT hProfile,
|
|
IN SCETYPE ProfileType,
|
|
IN DWORD dwAccountFormat,
|
|
OUT PVOID *pPrivileges,
|
|
OUT PSCE_ERROR_LOG_INFO *Errlog OPTIONAL
|
|
)
|
|
{
|
|
SCESTATUS rc;
|
|
|
|
LSA_HANDLE LsaHandle=NULL;
|
|
|
|
rc = RtlNtStatusToDosError(
|
|
ScepOpenLsaPolicy(
|
|
MAXIMUM_ALLOWED,
|
|
&LsaHandle,
|
|
TRUE
|
|
));
|
|
|
|
if ( ERROR_SUCCESS != rc ) {
|
|
ScepBuildErrorLogInfo(
|
|
rc,
|
|
Errlog,
|
|
SCEDLL_LSA_POLICY
|
|
);
|
|
return(ScepDosErrorToSceStatus(rc));
|
|
}
|
|
|
|
PSCE_PRIVILEGE_ASSIGNMENT pTempList=NULL, pNode, pPriv, pParent, pTemp;
|
|
|
|
rc = ScepGetPrivilegesFromOneTable(
|
|
LsaHandle,
|
|
hProfile,
|
|
ProfileType,
|
|
dwAccountFormat,
|
|
pPrivileges,
|
|
Errlog
|
|
);
|
|
|
|
if ( SCESTATUS_SUCCESS == rc && SCE_ENGINE_SAP == ProfileType ) {
|
|
//
|
|
// get the remaining stuff from SMP
|
|
//
|
|
rc = ScepGetPrivilegesFromOneTable(
|
|
LsaHandle,
|
|
hProfile,
|
|
SCE_ENGINE_SCP, // SCE_ENGINE_SMP,
|
|
dwAccountFormat,
|
|
(PVOID *)&pTempList,
|
|
Errlog
|
|
);
|
|
if ( rc == SCESTATUS_SUCCESS ) {
|
|
//
|
|
// add non-exist nodes to pPrivileges
|
|
//
|
|
pNode=pTempList;
|
|
pParent=NULL;
|
|
|
|
while ( pNode ) {
|
|
//
|
|
// if this node does not exist in the SAP
|
|
// this node is analyzed with "match" status
|
|
// if it already exists in SAP, it is a "mismatched" item
|
|
// duplication is prevented by the last argument TRUE
|
|
//
|
|
for ( pPriv=(PSCE_PRIVILEGE_ASSIGNMENT)(*pPrivileges);
|
|
pPriv != NULL; pPriv=pPriv->Next ) {
|
|
if ( pPriv->Status & SCE_INTERNAL_NP &&
|
|
_wcsicmp( pPriv->Name, pNode->Name) == 0 )
|
|
break;
|
|
}
|
|
if ( pPriv ) {
|
|
//
|
|
// find the entry in SAP, mismatched item
|
|
//
|
|
if ( pPriv->Status & SCE_STATUS_ERROR_NOT_AVAILABLE ) {
|
|
pPriv->Status = SCE_STATUS_ERROR_NOT_AVAILABLE;
|
|
} else {
|
|
pPriv->Status = SCE_STATUS_MISMATCH;
|
|
}
|
|
|
|
pParent = pNode;
|
|
pNode = pNode->Next;
|
|
|
|
} else {
|
|
//
|
|
// does not exist in SAP.
|
|
// just move this node to SAP, with status SCE_STATUS_GOOD
|
|
//
|
|
if ( pParent )
|
|
pParent->Next = pNode->Next;
|
|
else
|
|
pTempList = pNode->Next;
|
|
|
|
pTemp = pNode;
|
|
pNode=pNode->Next;
|
|
|
|
pTemp->Next = (PSCE_PRIVILEGE_ASSIGNMENT)(*pPrivileges);
|
|
*((PSCE_PRIVILEGE_ASSIGNMENT *)pPrivileges) = pTemp;
|
|
}
|
|
}
|
|
//
|
|
// priv exist in analysis but not in template
|
|
//
|
|
for ( pPriv=(PSCE_PRIVILEGE_ASSIGNMENT)(*pPrivileges);
|
|
pPriv != NULL; pPriv=pPriv->Next ) {
|
|
if ( pPriv->Status & SCE_INTERNAL_NP )
|
|
pPriv->Status = SCE_STATUS_NOT_CONFIGURED;
|
|
}
|
|
|
|
} else if ( rc == SCESTATUS_RECORD_NOT_FOUND ) {
|
|
|
|
rc = SCESTATUS_SUCCESS;
|
|
|
|
} else {
|
|
//
|
|
// pPrivileges will be freed outside
|
|
//
|
|
}
|
|
|
|
if ( pTempList )
|
|
ScepFreePrivilege(pTempList);
|
|
}
|
|
|
|
if ( LsaHandle ) {
|
|
LsaClose(LsaHandle);
|
|
}
|
|
|
|
return(rc);
|
|
}
|
|
|
|
|
|
SCESTATUS
|
|
ScepGetPrivilegesFromOneTable(
|
|
IN LSA_HANDLE LsaPolicy,
|
|
IN PSCECONTEXT hProfile,
|
|
IN SCETYPE ProfileType,
|
|
IN DWORD dwAccountFormat,
|
|
OUT PVOID *pPrivileges,
|
|
OUT PSCE_ERROR_LOG_INFO *Errlog OPTIONAL
|
|
)
|
|
/* ++
|
|
Routine Description:
|
|
|
|
Arguments:
|
|
|
|
Return Value:
|
|
|
|
|
|
-- */
|
|
{
|
|
SCESTATUS rc;
|
|
PSCESECTION hSection=NULL;
|
|
WCHAR KeyName[36];
|
|
PWSTR Value=NULL;
|
|
|
|
PSCE_PRIVILEGE_ASSIGNMENT pPrivilegeAssigned=NULL;
|
|
PSCE_PRIVILEGE_VALUE_LIST pPrivilegeList=NULL;
|
|
|
|
DWORD KeyLen=0;
|
|
DWORD ValueLen;
|
|
DWORD Len;
|
|
PWSTR pTemp;
|
|
DWORD PrivValue;
|
|
|
|
|
|
if ( pPrivileges == NULL )
|
|
return(SCESTATUS_INVALID_PARAMETER);
|
|
|
|
rc = ScepOpenSectionForName(
|
|
hProfile,
|
|
(ProfileType==SCE_ENGINE_GPO)? SCE_ENGINE_SCP : ProfileType,
|
|
szPrivilegeRights,
|
|
&hSection
|
|
);
|
|
|
|
if ( rc != SCESTATUS_SUCCESS ) {
|
|
ScepBuildErrorLogInfo( ERROR_INVALID_DATA,
|
|
Errlog, SCEERR_OPEN,
|
|
szPrivilegeRights
|
|
);
|
|
return(rc);
|
|
}
|
|
|
|
JET_COLUMNID ColGpoID = 0;
|
|
JET_ERR JetErr;
|
|
LONG GpoID;
|
|
|
|
|
|
if ( ProfileType == SCE_ENGINE_GPO ) {
|
|
|
|
JET_COLUMNDEF ColumnGpoIDDef;
|
|
|
|
JetErr = JetGetTableColumnInfo(
|
|
hSection->JetSessionID,
|
|
hSection->JetTableID,
|
|
"GpoID",
|
|
(VOID *)&ColumnGpoIDDef,
|
|
sizeof(JET_COLUMNDEF),
|
|
JET_ColInfo
|
|
);
|
|
if ( JET_errSuccess == JetErr ) {
|
|
ColGpoID = ColumnGpoIDDef.columnid;
|
|
}
|
|
}
|
|
|
|
//
|
|
// goto the first line of this section
|
|
//
|
|
// memset(KeyName, '\0', 72); KeyName will be manually terminated later
|
|
rc = SceJetGetValue(
|
|
hSection,
|
|
SCEJET_PREFIX_MATCH,
|
|
NULL,
|
|
KeyName,
|
|
70,
|
|
&KeyLen,
|
|
NULL,
|
|
0,
|
|
&ValueLen
|
|
);
|
|
while ( rc == SCESTATUS_SUCCESS ||
|
|
rc == SCESTATUS_BUFFER_TOO_SMALL ) {
|
|
|
|
//
|
|
// terminate the string
|
|
//
|
|
KeyName[KeyLen/2] = L'\0';
|
|
|
|
//
|
|
// lookup privilege's value
|
|
// ignore unknown privileges
|
|
//
|
|
if ( ( PrivValue = ScepLookupPrivByName(KeyName) ) == -1 ) {
|
|
ScepBuildErrorLogInfo( ERROR_INVALID_DATA,
|
|
Errlog,
|
|
SCEERR_INVALID_PRIVILEGE,
|
|
KeyName
|
|
);
|
|
|
|
rc = SceJetGetValue(
|
|
hSection,
|
|
SCEJET_NEXT_LINE,
|
|
NULL,
|
|
KeyName,
|
|
70,
|
|
&KeyLen,
|
|
NULL,
|
|
0,
|
|
&ValueLen
|
|
);
|
|
continue;
|
|
// rc = SCESTATUS_INVALID_DATA;
|
|
// goto Done;
|
|
}
|
|
|
|
GpoID = 1;
|
|
|
|
if ( ProfileType == SCE_ENGINE_GPO ) {
|
|
|
|
GpoID = 0;
|
|
|
|
if ( ColGpoID > 0 ) {
|
|
|
|
DWORD Actual;
|
|
|
|
JetErr = JetRetrieveColumn(
|
|
hSection->JetSessionID,
|
|
hSection->JetTableID,
|
|
ColGpoID,
|
|
(void *)&GpoID,
|
|
4,
|
|
&Actual,
|
|
0,
|
|
NULL
|
|
);
|
|
}
|
|
}
|
|
|
|
if ( ProfileType == SCE_ENGINE_GPO &&
|
|
GpoID <= 0 ) {
|
|
//
|
|
// not domain GPO settings
|
|
//
|
|
rc = SceJetGetValue(
|
|
hSection,
|
|
SCEJET_NEXT_LINE,
|
|
NULL,
|
|
KeyName,
|
|
70,
|
|
&KeyLen,
|
|
NULL,
|
|
0,
|
|
&ValueLen
|
|
);
|
|
continue;
|
|
}
|
|
|
|
//
|
|
// allocate memory for the group name and value string
|
|
//
|
|
Value = (PWSTR)ScepAlloc( LMEM_ZEROINIT, ValueLen+2);
|
|
|
|
if ( Value == NULL ) {
|
|
rc = SCESTATUS_NOT_ENOUGH_RESOURCE;
|
|
goto Done;
|
|
|
|
}
|
|
//
|
|
// Get the group and its value
|
|
//
|
|
rc = SceJetGetValue(
|
|
hSection,
|
|
SCEJET_CURRENT,
|
|
NULL,
|
|
NULL,
|
|
0,
|
|
NULL,
|
|
Value,
|
|
ValueLen,
|
|
&ValueLen
|
|
);
|
|
if ( rc != SCESTATUS_SUCCESS )
|
|
goto Done;
|
|
|
|
//
|
|
// create a node for this privilege
|
|
//
|
|
if ( ProfileType == SCE_ENGINE_SAP ||
|
|
ProfileType == SCE_ENGINE_SMP ||
|
|
ProfileType == SCE_ENGINE_GPO ||
|
|
ProfileType == SCE_ENGINE_SCP ) {
|
|
|
|
//
|
|
// a sce_privilege_assignment structure. allocate buffer
|
|
//
|
|
pPrivilegeAssigned = (PSCE_PRIVILEGE_ASSIGNMENT)ScepAlloc( LMEM_ZEROINIT,
|
|
sizeof(SCE_PRIVILEGE_ASSIGNMENT) );
|
|
if ( pPrivilegeAssigned == NULL ) {
|
|
rc = SCESTATUS_NOT_ENOUGH_RESOURCE;
|
|
goto Done;
|
|
}
|
|
pPrivilegeAssigned->Name = (PWSTR)ScepAlloc( (UINT)0, (wcslen(KeyName)+1)*sizeof(WCHAR));
|
|
if ( pPrivilegeAssigned->Name == NULL ) {
|
|
ScepFree(pPrivilegeAssigned);
|
|
rc = SCESTATUS_NOT_ENOUGH_RESOURCE;
|
|
goto Done;
|
|
}
|
|
|
|
wcscpy(pPrivilegeAssigned->Name, KeyName);
|
|
pPrivilegeAssigned->Value = PrivValue;
|
|
|
|
if ( SCE_ENGINE_SAP == ProfileType )
|
|
pPrivilegeAssigned->Status = SCE_INTERNAL_NP;
|
|
else
|
|
pPrivilegeAssigned->Status = SCE_STATUS_GOOD;
|
|
}
|
|
|
|
//
|
|
// add the multi-sz value string to the node, depending on the value type
|
|
//
|
|
PSID pSid=NULL;
|
|
BOOL bBufferUsed;
|
|
|
|
pTemp = Value;
|
|
if (pTemp != NULL && pTemp[0] == L'\0' && ValueLen > 1) {
|
|
pTemp ++;
|
|
}
|
|
|
|
while ( rc == SCESTATUS_SUCCESS && pTemp != NULL && pTemp[0]) {
|
|
Len = wcslen(pTemp);
|
|
|
|
if ( (ProfileType == SCE_ENGINE_SAP) &&
|
|
(_wcsicmp( SCE_ERROR_STRING, pTemp) == 0) ) {
|
|
//
|
|
// this is an errored item
|
|
//
|
|
pPrivilegeAssigned->Status |= SCE_STATUS_ERROR_NOT_AVAILABLE;
|
|
break;
|
|
}
|
|
|
|
//
|
|
// convert pTemp (may be a name, or *SID format) to the right
|
|
// format (SID_STRING, Name, or ACCOUNT_SID)
|
|
//
|
|
switch ( dwAccountFormat ) {
|
|
case SCE_ACCOUNT_SID:
|
|
|
|
if ( pTemp[0] == L'*' ) {
|
|
//
|
|
// this is the *SID format, convert to SID
|
|
//
|
|
if ( !ConvertStringSidToSid( pTemp+1, &pSid) ) {
|
|
//
|
|
// if failed to convert from sid string to sid,
|
|
// treat it as any name
|
|
//
|
|
rc = GetLastError();
|
|
}
|
|
} else {
|
|
//
|
|
// lookup name for a sid
|
|
//
|
|
rc = RtlNtStatusToDosError(
|
|
ScepConvertNameToSid(
|
|
LsaPolicy,
|
|
pTemp,
|
|
&pSid
|
|
));
|
|
}
|
|
|
|
if ( ERROR_SUCCESS == rc && pSid ) {
|
|
|
|
if ( ProfileType == SCE_ENGINE_SAP ||
|
|
ProfileType == SCE_ENGINE_SMP ||
|
|
ProfileType == SCE_ENGINE_GPO ||
|
|
ProfileType == SCE_ENGINE_SCP ) {
|
|
|
|
rc = ScepAddSidToNameList(
|
|
&(pPrivilegeAssigned->AssignedTo),
|
|
pSid,
|
|
TRUE, // reuse the buffer
|
|
&bBufferUsed
|
|
);
|
|
|
|
} else {
|
|
//
|
|
// add to privilege list (as Sid)
|
|
//
|
|
rc = ScepAddSidToPrivilegeList(
|
|
&pPrivilegeList,
|
|
pSid,
|
|
TRUE, // reuse the buffer
|
|
PrivValue,
|
|
&bBufferUsed
|
|
);
|
|
}
|
|
|
|
if ( rc == ERROR_SUCCESS && bBufferUsed ) {
|
|
pSid = NULL;
|
|
}
|
|
|
|
rc = ScepDosErrorToSceStatus(rc);
|
|
|
|
} else {
|
|
//
|
|
// add as name format
|
|
//
|
|
if ( ProfileType == SCE_ENGINE_SAP ||
|
|
ProfileType == SCE_ENGINE_SMP ||
|
|
ProfileType == SCE_ENGINE_GPO ||
|
|
ProfileType == SCE_ENGINE_SCP ) {
|
|
|
|
rc = ScepAddToNameList(&(pPrivilegeAssigned->AssignedTo), pTemp, Len );
|
|
rc = ScepDosErrorToSceStatus(rc);
|
|
|
|
} else {
|
|
//
|
|
// pPrivilegeList is a privilege_value list for each user/group.
|
|
// the LowValue and HighValue fields are combination of all privileges assigned to the user
|
|
//
|
|
rc = ScepAddToPrivilegeList(&pPrivilegeList, pTemp, Len, PrivValue);
|
|
}
|
|
}
|
|
|
|
if ( pSid ) {
|
|
LocalFree(pSid);
|
|
pSid = NULL;
|
|
}
|
|
|
|
break;
|
|
|
|
default:
|
|
|
|
if ( (dwAccountFormat != SCE_ACCOUNT_SID_STRING) &&
|
|
(pTemp[0] == L'*') ) {
|
|
//
|
|
// this is a *SID format, must be converted into Domain\Account format
|
|
//
|
|
if ( ProfileType == SCE_ENGINE_SAP ||
|
|
ProfileType == SCE_ENGINE_SMP ||
|
|
ProfileType == SCE_ENGINE_GPO ||
|
|
ProfileType == SCE_ENGINE_SCP ) {
|
|
|
|
rc = ScepLookupSidStringAndAddToNameList(
|
|
LsaPolicy,
|
|
&(pPrivilegeAssigned->AssignedTo),
|
|
pTemp, // +1,
|
|
Len // -1
|
|
);
|
|
} else {
|
|
//
|
|
// add to privilege value list
|
|
//
|
|
PWSTR strName=NULL;
|
|
DWORD strLen=0;
|
|
|
|
if ( ConvertStringSidToSid( pTemp+1, &pSid) ) {
|
|
|
|
rc = RtlNtStatusToDosError(
|
|
ScepConvertSidToName(
|
|
LsaPolicy,
|
|
pSid,
|
|
TRUE, // want domain\account format
|
|
&strName,
|
|
&strLen
|
|
));
|
|
LocalFree(pSid);
|
|
pSid = NULL;
|
|
|
|
} else {
|
|
rc = GetLastError();
|
|
}
|
|
|
|
if ( rc == ERROR_SUCCESS ) {
|
|
//
|
|
// add the name to the privilege list
|
|
//
|
|
rc = ScepAddToPrivilegeList(&pPrivilegeList, strName, strLen, PrivValue);
|
|
} else {
|
|
//
|
|
// if couldn't lookup for the name, add *SID to the list
|
|
//
|
|
rc = ScepAddToPrivilegeList(&pPrivilegeList, pTemp, Len, PrivValue);
|
|
}
|
|
|
|
if ( strName ) {
|
|
ScepFree(strName);
|
|
strName = NULL;
|
|
}
|
|
}
|
|
} else {
|
|
|
|
if ( ProfileType == SCE_ENGINE_SAP ||
|
|
ProfileType == SCE_ENGINE_SMP ||
|
|
ProfileType == SCE_ENGINE_GPO ||
|
|
ProfileType == SCE_ENGINE_SCP ) {
|
|
|
|
rc = ScepDosErrorToSceStatus(
|
|
ScepAddToNameList(&(pPrivilegeAssigned->AssignedTo),
|
|
pTemp,
|
|
Len ));
|
|
|
|
} else {
|
|
//
|
|
// pPrivilegeList is a privilege_value list for each user/group.
|
|
// the LowValue and HighValue fields are combination of all privileges assigned to the user
|
|
//
|
|
rc = ScepAddToPrivilegeList(&pPrivilegeList, pTemp, Len, PrivValue);
|
|
#ifdef SCE_DBG
|
|
wprintf(L"\tAdd Priv %d for %s (%d bytes)\n", PrivValue, pTemp, Len);
|
|
#endif
|
|
}
|
|
}
|
|
break;
|
|
}
|
|
|
|
pTemp += Len +1;
|
|
if ( rc != SCESTATUS_SUCCESS ) {
|
|
ScepBuildErrorLogInfo( ERROR_WRITE_FAULT,
|
|
Errlog,
|
|
SCEERR_ADD,
|
|
KeyName
|
|
);
|
|
}
|
|
}
|
|
|
|
//
|
|
// Free memory
|
|
//
|
|
if ( rc != SCESTATUS_SUCCESS ) {
|
|
if ( pPrivilegeAssigned != NULL )
|
|
ScepFreePrivilege(pPrivilegeAssigned);
|
|
|
|
if ( pPrivilegeList != NULL )
|
|
ScepFreePrivilegeValueList(pPrivilegeList);
|
|
|
|
goto Done;
|
|
}
|
|
|
|
//
|
|
// link this to the PSCE_PRIVILEGE_ASSIGNMENT list in pPrivileges
|
|
//
|
|
if ( ProfileType == SCE_ENGINE_SAP ||
|
|
ProfileType == SCE_ENGINE_SMP ||
|
|
ProfileType == SCE_ENGINE_GPO ||
|
|
ProfileType == SCE_ENGINE_SCP ) {
|
|
|
|
pPrivilegeAssigned->Next = *((PSCE_PRIVILEGE_ASSIGNMENT *)pPrivileges);
|
|
*((PSCE_PRIVILEGE_ASSIGNMENT *)pPrivileges) = pPrivilegeAssigned;
|
|
pPrivilegeAssigned = NULL;
|
|
|
|
}
|
|
|
|
ScepFree(Value);
|
|
Value = NULL;
|
|
|
|
//
|
|
// read next line
|
|
//
|
|
// memset(KeyName, '\0', 72); KeyName will be manually terminated
|
|
rc = SceJetGetValue(
|
|
hSection,
|
|
SCEJET_NEXT_LINE,
|
|
NULL,
|
|
KeyName,
|
|
70,
|
|
&KeyLen,
|
|
NULL,
|
|
0,
|
|
&ValueLen
|
|
);
|
|
}
|
|
|
|
if ( rc == SCESTATUS_RECORD_NOT_FOUND )
|
|
rc = SCESTATUS_SUCCESS;
|
|
|
|
if ( rc == SCESTATUS_SUCCESS ) {
|
|
|
|
if ( ProfileType == SCE_ENGINE_SCP_INTERNAL ||
|
|
ProfileType == SCE_ENGINE_SMP_INTERNAL )
|
|
*((PSCE_PRIVILEGE_VALUE_LIST *)pPrivileges) = pPrivilegeList;
|
|
|
|
}
|
|
|
|
Done:
|
|
|
|
//
|
|
// close the find index range
|
|
//
|
|
SceJetGetValue(
|
|
hSection,
|
|
SCEJET_CLOSE_VALUE,
|
|
NULL,
|
|
NULL,
|
|
0,
|
|
NULL,
|
|
NULL,
|
|
0,
|
|
NULL
|
|
);
|
|
|
|
if ( Value != NULL )
|
|
ScepFree(Value);
|
|
|
|
//
|
|
// close the section
|
|
//
|
|
SceJetCloseSection( &hSection, TRUE );
|
|
|
|
return(rc);
|
|
|
|
}
|
|
|
|
|
|
SCESTATUS
|
|
ScepAddToPrivilegeList(
|
|
OUT PSCE_PRIVILEGE_VALUE_LIST *pPrivilegeList,
|
|
IN PWSTR Name,
|
|
IN DWORD Len,
|
|
IN DWORD PrivValue
|
|
)
|
|
{
|
|
PSCE_PRIVILEGE_VALUE_LIST pPriv,
|
|
LastOne=NULL;
|
|
|
|
|
|
if ( pPrivilegeList == NULL || Name == NULL || Len == 0 )
|
|
return(SCESTATUS_INVALID_PARAMETER);
|
|
|
|
for ( pPriv = *pPrivilegeList;
|
|
pPriv != NULL;
|
|
LastOne=pPriv, pPriv = pPriv->Next ) {
|
|
|
|
if ( ( wcslen(pPriv->Name) == Len ) &&
|
|
( _wcsnicmp( pPriv->Name, Name, Len ) == 0 ) ) {
|
|
if ( PrivValue < 32 ) {
|
|
|
|
pPriv->PrivLowPart |= (1 << PrivValue);
|
|
} else {
|
|
pPriv->PrivHighPart |= (1 << (PrivValue-32) );
|
|
}
|
|
break;
|
|
}
|
|
}
|
|
if ( pPriv == NULL ) {
|
|
//
|
|
// Create a new one
|
|
//
|
|
pPriv = (PSCE_PRIVILEGE_VALUE_LIST)ScepAlloc( LMEM_ZEROINIT,
|
|
sizeof(SCE_PRIVILEGE_VALUE_LIST));
|
|
if ( pPriv == NULL )
|
|
return(SCESTATUS_NOT_ENOUGH_RESOURCE);
|
|
|
|
pPriv->Name = (PWSTR)ScepAlloc( LMEM_ZEROINIT, (Len+1)*sizeof(WCHAR));
|
|
if ( pPriv->Name == NULL ) {
|
|
ScepFree(pPriv);
|
|
return(SCESTATUS_NOT_ENOUGH_RESOURCE);
|
|
}
|
|
wcsncpy(pPriv->Name, Name, Len);
|
|
|
|
if ( PrivValue < 32 ) {
|
|
|
|
pPriv->PrivLowPart |= (1 << PrivValue);
|
|
} else {
|
|
pPriv->PrivHighPart |= (1 << (PrivValue-32) );
|
|
}
|
|
|
|
//
|
|
// link to the list
|
|
//
|
|
if ( LastOne != NULL )
|
|
LastOne->Next = pPriv;
|
|
else
|
|
*pPrivilegeList = pPriv;
|
|
|
|
}
|
|
|
|
return(SCESTATUS_SUCCESS);
|
|
}
|
|
|
|
|
|
SCESTATUS
|
|
ScepAddSidToPrivilegeList(
|
|
OUT PSCE_PRIVILEGE_VALUE_LIST *pPrivilegeList,
|
|
IN PSID pSid,
|
|
IN BOOL bReuseBuffer,
|
|
IN DWORD PrivValue,
|
|
OUT BOOL *pbBufferUsed
|
|
)
|
|
{
|
|
|
|
if ( pPrivilegeList == NULL || pbBufferUsed == NULL )
|
|
return(SCESTATUS_INVALID_PARAMETER);
|
|
|
|
*pbBufferUsed = FALSE;
|
|
|
|
if ( pSid == NULL ) {
|
|
return(SCESTATUS_SUCCESS);
|
|
}
|
|
|
|
if ( !ScepValidSid(pSid) ) {
|
|
return(SCESTATUS_INVALID_PARAMETER);
|
|
}
|
|
|
|
PSCE_PRIVILEGE_VALUE_LIST pPriv,
|
|
LastOne=NULL;
|
|
|
|
//
|
|
// check if the sid is already in the list
|
|
//
|
|
for ( pPriv = *pPrivilegeList;
|
|
pPriv != NULL;
|
|
LastOne=pPriv, pPriv = pPriv->Next ) {
|
|
|
|
if ( pPriv->Name == NULL ) {
|
|
continue;
|
|
}
|
|
|
|
if ( ScepValidSid( (PSID)(pPriv->Name) ) &&
|
|
RtlEqualSid( (PSID)(pPriv->Name), pSid ) ) {
|
|
|
|
if ( PrivValue < 32 ) {
|
|
|
|
pPriv->PrivLowPart |= (1 << PrivValue);
|
|
} else {
|
|
pPriv->PrivHighPart |= (1 << (PrivValue-32) );
|
|
}
|
|
|
|
break;
|
|
}
|
|
}
|
|
|
|
if ( pPriv == NULL ) {
|
|
//
|
|
// Create a new one
|
|
//
|
|
pPriv = (PSCE_PRIVILEGE_VALUE_LIST)ScepAlloc( LMEM_ZEROINIT,
|
|
sizeof(SCE_PRIVILEGE_VALUE_LIST));
|
|
if ( pPriv == NULL )
|
|
return(SCESTATUS_NOT_ENOUGH_RESOURCE);
|
|
|
|
if ( bReuseBuffer ) {
|
|
|
|
pPriv->Name = (PWSTR)pSid;
|
|
*pbBufferUsed = TRUE;
|
|
|
|
} else {
|
|
|
|
DWORD Length = RtlLengthSid ( pSid );
|
|
|
|
pPriv->Name = (PWSTR)ScepAlloc( LMEM_ZEROINIT, Length);
|
|
if ( pPriv->Name == NULL ) {
|
|
ScepFree(pPriv);
|
|
return(SCESTATUS_NOT_ENOUGH_RESOURCE);
|
|
}
|
|
|
|
RtlCopySid( Length, (PSID)(pPriv->Name), pSid );
|
|
|
|
}
|
|
|
|
if ( PrivValue < 32 ) {
|
|
|
|
pPriv->PrivLowPart |= (1 << PrivValue);
|
|
} else {
|
|
pPriv->PrivHighPart |= (1 << (PrivValue-32) );
|
|
}
|
|
|
|
//
|
|
// link to the list
|
|
//
|
|
if ( LastOne != NULL )
|
|
LastOne->Next = pPriv;
|
|
else
|
|
*pPrivilegeList = pPriv;
|
|
|
|
}
|
|
|
|
return(SCESTATUS_SUCCESS);
|
|
}
|
|
|
|
|
|
SCESTATUS
|
|
ScepGetGroupMembership(
|
|
IN PSCECONTEXT hProfile,
|
|
IN SCETYPE ProfileType,
|
|
OUT PSCE_GROUP_MEMBERSHIP *pGroupMembership,
|
|
OUT PSCE_ERROR_LOG_INFO *Errlog OPTIONAL
|
|
)
|
|
{
|
|
SCESTATUS rc;
|
|
DWORD OneStatus;
|
|
|
|
PSCE_GROUP_MEMBERSHIP pTempList=NULL, pNode, pGroup2,
|
|
pParent, pTemp;
|
|
|
|
LSA_HANDLE LsaHandle=NULL;
|
|
|
|
rc = RtlNtStatusToDosError(
|
|
ScepOpenLsaPolicy(
|
|
MAXIMUM_ALLOWED,
|
|
&LsaHandle,
|
|
TRUE
|
|
));
|
|
|
|
if ( ERROR_SUCCESS != rc ) {
|
|
ScepBuildErrorLogInfo(
|
|
rc,
|
|
Errlog,
|
|
SCEDLL_LSA_POLICY
|
|
);
|
|
return(ScepDosErrorToSceStatus(rc));
|
|
}
|
|
|
|
//
|
|
// get groups from the requested table first
|
|
//
|
|
rc = ScepGetGroupMembershipFromOneTable(
|
|
LsaHandle,
|
|
hProfile,
|
|
ProfileType,
|
|
pGroupMembership,
|
|
Errlog
|
|
);
|
|
//
|
|
// return all groups if it is requested for SAP entry
|
|
//
|
|
if ( SCESTATUS_SUCCESS == rc && SCE_ENGINE_SAP == ProfileType ) {
|
|
//
|
|
// get the remaining stuff from SMP
|
|
//
|
|
rc = ScepGetGroupMembershipFromOneTable(
|
|
LsaHandle,
|
|
hProfile,
|
|
SCE_ENGINE_SCP, //SCE_ENGINE_SMP,
|
|
&pTempList,
|
|
Errlog
|
|
);
|
|
if ( rc == SCESTATUS_SUCCESS ) {
|
|
//
|
|
// add non-exist nodes to pObjectRoots
|
|
//
|
|
pNode=pTempList;
|
|
pParent=NULL;
|
|
|
|
while ( pNode ) {
|
|
//
|
|
// if this node does not exist in the SAP
|
|
// this node is analyzed with "match" status
|
|
// if it already exists in SAP, it is a "mismatched" item
|
|
// duplication is prevented by the last argument TRUE
|
|
//
|
|
for ( pGroup2=*pGroupMembership; pGroup2 != NULL; pGroup2=pGroup2->Next ) {
|
|
if ( (pGroup2->Status & SCE_INTERNAL_NP) &&
|
|
_wcsicmp( pGroup2->GroupName, pNode->GroupName) == 0 )
|
|
break;
|
|
}
|
|
if ( pGroup2 ) {
|
|
//
|
|
// find the entry in SAP, mismatched item
|
|
// maybe pMembers, or pMemberOf
|
|
// or not analyzed item, or error items
|
|
//
|
|
OneStatus = pGroup2->Status;
|
|
pGroup2->Status = 0;
|
|
|
|
if ( (OneStatus & SCE_GROUP_STATUS_NOT_ANALYZED) ) {
|
|
// this item is added after last inspection
|
|
pGroup2->Status = SCE_GROUP_STATUS_NOT_ANALYZED;
|
|
|
|
} else if ( (OneStatus & SCE_GROUP_STATUS_ERROR_ANALYZED) ) {
|
|
|
|
// this item errored when analyzing
|
|
pGroup2->Status = SCE_GROUP_STATUS_ERROR_ANALYZED;
|
|
|
|
} else {
|
|
if ( pNode->Status & SCE_GROUP_STATUS_NC_MEMBERS ) {
|
|
pGroup2->Status |= SCE_GROUP_STATUS_NC_MEMBERS;
|
|
} else {
|
|
if ( !(OneStatus & SCE_GROUP_STATUS_NC_MEMBERS) ) {
|
|
pGroup2->Status |= SCE_GROUP_STATUS_MEMBERS_MISMATCH;
|
|
} else {
|
|
// a matched members, pGroup2->pMembers should be NULL;
|
|
if ( pGroup2->pMembers ) {
|
|
ScepFreeNameList(pGroup2->pMembers);
|
|
}
|
|
pGroup2->pMembers = pNode->pMembers;
|
|
pNode->pMembers = NULL;
|
|
}
|
|
}
|
|
|
|
if ( pNode->Status & SCE_GROUP_STATUS_NC_MEMBEROF ) {
|
|
pGroup2->Status |= SCE_GROUP_STATUS_NC_MEMBEROF;
|
|
} else {
|
|
if ( !(OneStatus & SCE_GROUP_STATUS_NC_MEMBEROF) ) {
|
|
pGroup2->Status |= SCE_GROUP_STATUS_MEMBEROF_MISMATCH;
|
|
} else {
|
|
// a matched memberof, pGroup2->pMemberOf should be NULL;
|
|
if ( pGroup2->pMemberOf ) {
|
|
ScepFreeNameList(pGroup2->pMemberOf);
|
|
}
|
|
pGroup2->pMemberOf = pNode->pMemberOf;
|
|
pNode->pMemberOf = NULL;
|
|
}
|
|
}
|
|
}
|
|
pParent = pNode;
|
|
pNode = pNode->Next;
|
|
|
|
} else {
|
|
//
|
|
// does not exist in SAP.
|
|
// this is a matched item on pMembers, and/or pMemberOf
|
|
// just move this node to SAP, with status NC_MEMBERS, or NC_MEMBEROF, or 0
|
|
//
|
|
if ( pParent )
|
|
pParent->Next = pNode->Next;
|
|
else
|
|
pTempList = pNode->Next;
|
|
|
|
pTemp = pNode;
|
|
pNode=pNode->Next;
|
|
|
|
pTemp->Next = *pGroupMembership;
|
|
*pGroupMembership = pTemp;
|
|
}
|
|
}
|
|
//
|
|
// group exist in analysis but not in template
|
|
//
|
|
for ( pGroup2=*pGroupMembership; pGroup2 != NULL; pGroup2=pGroup2->Next ) {
|
|
if ( pGroup2->Status & SCE_INTERNAL_NP )
|
|
pGroup2->Status = SCE_GROUP_STATUS_NC_MEMBERS | SCE_GROUP_STATUS_NC_MEMBEROF;
|
|
}
|
|
|
|
} else if ( rc == SCESTATUS_RECORD_NOT_FOUND ) {
|
|
|
|
rc = SCESTATUS_SUCCESS;
|
|
|
|
} else {
|
|
//
|
|
// pGroupMembership will be freed outside
|
|
//
|
|
}
|
|
|
|
if ( pTempList ) {
|
|
ScepFreeGroupMembership(pTempList);
|
|
}
|
|
}
|
|
|
|
//
|
|
// now the group name may be in *SID format, conver it now to name
|
|
//
|
|
if ( SCESTATUS_SUCCESS == rc && *pGroupMembership ) {
|
|
|
|
for ( pGroup2=*pGroupMembership; pGroup2 != NULL; pGroup2=pGroup2->Next ) {
|
|
if ( pGroup2->GroupName == NULL ) {
|
|
continue;
|
|
}
|
|
|
|
if ( pGroup2->GroupName[0] == L'*' ) {
|
|
//
|
|
// *SID format, convert it
|
|
//
|
|
PSID pSid=NULL;
|
|
|
|
if ( ConvertStringSidToSid( (pGroup2->GroupName)+1, &pSid) ) {
|
|
|
|
PWSTR strName=NULL;
|
|
DWORD strLen=0;
|
|
|
|
if (NT_SUCCESS( ScepConvertSidToName(
|
|
LsaHandle,
|
|
pSid,
|
|
TRUE, // want domain\account format
|
|
&strName,
|
|
&strLen
|
|
)) && strName ) {
|
|
|
|
ScepFree(pGroup2->GroupName);
|
|
pGroup2->GroupName = strName;
|
|
strName = NULL;
|
|
}
|
|
|
|
LocalFree(pSid);
|
|
pSid = NULL;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
if ( LsaHandle ) {
|
|
LsaClose(LsaHandle);
|
|
}
|
|
|
|
return(rc);
|
|
|
|
}
|
|
|
|
|
|
SCESTATUS
|
|
ScepGetGroupMembershipFromOneTable(
|
|
IN LSA_HANDLE LsaPolicy,
|
|
IN PSCECONTEXT hProfile,
|
|
IN SCETYPE ProfileType,
|
|
OUT PSCE_GROUP_MEMBERSHIP *pGroupMembership,
|
|
OUT PSCE_ERROR_LOG_INFO *Errlog OPTIONAL
|
|
)
|
|
/* ++
|
|
Routine Description:
|
|
|
|
This routine retrieves group membership information from the Jet databasae
|
|
and stores in the output buffer pGroupMembership. Group membership information
|
|
is in [Group Membership] section.
|
|
|
|
Arguments:
|
|
|
|
hProfile - the profile handle context
|
|
|
|
ProfileType - Type of the Profile
|
|
SCE_ENGINE_SAP
|
|
SCE_ENGINE_SMP
|
|
SCE_ENGINE_SCP
|
|
|
|
pGroupMembership - the output buffer to hold group membership info.
|
|
|
|
Errlog - the error list for errors encountered in this routine.
|
|
|
|
Return value:
|
|
|
|
SCESTATUS - SCESTATUS_SUCCESS
|
|
SCESTATUS_NOT_ENOUGH_RESOURCE
|
|
SCESTATUS_INVALID_PARAMETER
|
|
SCESTATUS_BAD_FORMAT
|
|
SCESTATUS_INVALID_DATA
|
|
|
|
-- */
|
|
{
|
|
SCESTATUS rc;
|
|
PSCESECTION hSection=NULL;
|
|
PSCE_GROUP_MEMBERSHIP pGroup=NULL;
|
|
DWORD GroupLen, ValueLen;
|
|
PWSTR GroupName=NULL;
|
|
PWSTR Value=NULL;
|
|
DWORD ValueType;
|
|
ULONG Len;
|
|
PWSTR pTemp;
|
|
|
|
|
|
if ( pGroupMembership == NULL )
|
|
return(SCESTATUS_INVALID_PARAMETER);
|
|
|
|
rc = ScepOpenSectionForName(
|
|
hProfile,
|
|
ProfileType,
|
|
szGroupMembership,
|
|
&hSection
|
|
);
|
|
if ( rc != SCESTATUS_SUCCESS ) {
|
|
ScepBuildErrorLogInfo( ERROR_INVALID_DATA,
|
|
Errlog,
|
|
SCEERR_OPEN,
|
|
szGroupMembership
|
|
);
|
|
return(rc);
|
|
}
|
|
|
|
//
|
|
// goto the first line of this section
|
|
//
|
|
rc = SceJetGetValue(
|
|
hSection,
|
|
SCEJET_PREFIX_MATCH,
|
|
NULL,
|
|
NULL,
|
|
0,
|
|
&GroupLen,
|
|
NULL,
|
|
0,
|
|
&ValueLen
|
|
);
|
|
while ( rc == SCESTATUS_SUCCESS ) {
|
|
|
|
//
|
|
// allocate memory for the group name and value string
|
|
//
|
|
GroupName = (PWSTR)ScepAlloc( LMEM_ZEROINIT, GroupLen+2);
|
|
Value = (PWSTR)ScepAlloc( LMEM_ZEROINIT, ValueLen+2);
|
|
|
|
if ( GroupName == NULL || Value == NULL ) {
|
|
rc = SCESTATUS_NOT_ENOUGH_RESOURCE;
|
|
goto Done;
|
|
|
|
}
|
|
//
|
|
// Get the group and its value
|
|
//
|
|
rc = SceJetGetValue(
|
|
hSection,
|
|
SCEJET_CURRENT,
|
|
NULL,
|
|
GroupName,
|
|
GroupLen,
|
|
&GroupLen,
|
|
Value,
|
|
ValueLen,
|
|
&ValueLen
|
|
);
|
|
if ( rc != SCESTATUS_SUCCESS )
|
|
goto Done;
|
|
|
|
GroupName[GroupLen/2] = L'\0';
|
|
Value[ValueLen/2] = L'\0';
|
|
|
|
#ifdef SCE_DBG
|
|
wprintf(L"rc=%d, group membership: %s=%s\n", rc, GroupName, Value);
|
|
#endif
|
|
|
|
if (pTemp = ScepWcstrr(GroupName, szMembers) )
|
|
ValueType = 0;
|
|
else if (pTemp = ScepWcstrr(GroupName, szMemberof) )
|
|
ValueType = 1;
|
|
else if (pTemp = ScepWcstrr(GroupName, szPrivileges) )
|
|
ValueType = 2;
|
|
|
|
if ( pTemp == NULL ) {
|
|
ScepBuildErrorLogInfo( ERROR_INVALID_DATA,
|
|
Errlog,
|
|
SCEERR_CANT_FIND_KEYWORD,
|
|
GroupName
|
|
);
|
|
rc = SCESTATUS_INVALID_DATA;
|
|
goto NextLine; //Done;
|
|
}
|
|
|
|
Len = (DWORD)(pTemp - GroupName);
|
|
|
|
//
|
|
// if this is the first group, or a different group, create another node
|
|
// Note, the group name may be in SID string format now.
|
|
// Will be converted later (in the calling function) because we don't want
|
|
// to lookup for the same group name several times (each group may have
|
|
// multiple records).
|
|
//
|
|
if ( *pGroupMembership == NULL ||
|
|
_wcsnicmp((*pGroupMembership)->GroupName, GroupName, Len) != 0 ||
|
|
(*pGroupMembership)->GroupName[Len] != L'\0' ) {
|
|
//
|
|
// a new group. allocate buffer
|
|
//
|
|
pGroup = (PSCE_GROUP_MEMBERSHIP)ScepAlloc( LMEM_ZEROINIT, sizeof(SCE_GROUP_MEMBERSHIP) );
|
|
if ( pGroup == NULL ) {
|
|
rc = SCESTATUS_NOT_ENOUGH_RESOURCE;
|
|
goto Done;
|
|
}
|
|
pGroup->GroupName = (PWSTR)ScepAlloc( LMEM_ZEROINIT, (Len+1)*sizeof(WCHAR));
|
|
if ( pGroup->GroupName == NULL ) {
|
|
ScepFree(pGroup);
|
|
rc = SCESTATUS_NOT_ENOUGH_RESOURCE;
|
|
goto Done;
|
|
}
|
|
//
|
|
// get right case for group name
|
|
//
|
|
wcsncpy(pGroup->GroupName, GroupName, Len);
|
|
|
|
// do not care return codes
|
|
ScepGetGroupCase(pGroup->GroupName, Len);
|
|
|
|
pGroup->Next = *pGroupMembership;
|
|
|
|
// if ( SCE_ENGINE_SAP == ProfileType )
|
|
pGroup->Status = SCE_GROUP_STATUS_NC_MEMBERS | SCE_GROUP_STATUS_NC_MEMBEROF;
|
|
// else
|
|
// pGroup->Status = 0;
|
|
if ( SCE_ENGINE_SAP == ProfileType )
|
|
pGroup->Status |= SCE_INTERNAL_NP;
|
|
|
|
}
|
|
|
|
//
|
|
// add the multi-sz value string to the group node, depending on the value type
|
|
//
|
|
pTemp = Value;
|
|
while ( rc == SCESTATUS_SUCCESS && pTemp != NULL && pTemp[0] ) {
|
|
while ( *pTemp && L' ' == *pTemp ) {
|
|
pTemp++;
|
|
}
|
|
|
|
if ( SCE_ENGINE_SAP == ProfileType ) {
|
|
if ( !(*pTemp) ) {
|
|
// this is an not analyzed item
|
|
pGroup->Status = SCE_GROUP_STATUS_NOT_ANALYZED |
|
|
SCE_INTERNAL_NP;
|
|
|
|
break;
|
|
} else if ( _wcsicmp(SCE_ERROR_STRING, pTemp) == 0 ) {
|
|
// this is error item
|
|
pGroup->Status = SCE_GROUP_STATUS_ERROR_ANALYZED |
|
|
SCE_INTERNAL_NP;
|
|
|
|
break;
|
|
}
|
|
}
|
|
|
|
if ( !(*pTemp) ) {
|
|
// empty string is not allowed
|
|
break;
|
|
}
|
|
|
|
Len = wcslen(pTemp);
|
|
|
|
if ( ValueType != 0 && ValueType != 1 ) {
|
|
#if 0
|
|
//
|
|
// privilege with optional via group name
|
|
//
|
|
Status = (*((CHAR *)pTemp)-'0')*10 + ((*((CHAR *)pTemp+1)) - '0');
|
|
|
|
PWSTR strName=NULL;
|
|
DWORD strLen=0;
|
|
|
|
if ( pTemp[1] == L'*' ) {
|
|
//
|
|
// convert the SID string into name format
|
|
//
|
|
PSID pSid=NULL;
|
|
|
|
if ( ConvertStringSidToSid( pTemp+2, &pSid) ) {
|
|
|
|
rc = RtlNtStatusToDosError(
|
|
ScepConvertSidToName(
|
|
LsaPolicy,
|
|
pSid,
|
|
TRUE, // want domain\account format
|
|
&strName,
|
|
&strLen
|
|
));
|
|
LocalFree(pSid);
|
|
pSid = NULL;
|
|
|
|
} else {
|
|
rc = GetLastError();
|
|
}
|
|
}
|
|
|
|
if ( ERROR_SUCCESS == rc && strName ) {
|
|
rc = ScepAddToNameStatusList(&(pGroup->pPrivilegesHeld),
|
|
strName,
|
|
strLen,
|
|
Status);
|
|
} else {
|
|
//
|
|
// if failed to convert, or it's a name format already
|
|
// just add it to the list
|
|
//
|
|
rc = ScepAddToNameStatusList(&(pGroup->pPrivilegesHeld),
|
|
pTemp+1, Len-1, Status);
|
|
}
|
|
|
|
if ( strName ) {
|
|
ScepFree(strName);
|
|
strName = NULL;
|
|
}
|
|
#endif
|
|
} else {
|
|
//
|
|
// members (0) of memberof (1)
|
|
//
|
|
if ( pTemp[0] == L'*' ) {
|
|
//
|
|
// *SID format, convert to name, and add to the list
|
|
//
|
|
rc = ScepLookupSidStringAndAddToNameList(LsaPolicy,
|
|
(ValueType == 0) ?
|
|
&(pGroup->pMembers):
|
|
&(pGroup->pMemberOf),
|
|
pTemp, // +1,
|
|
Len // -1
|
|
);
|
|
|
|
} else {
|
|
|
|
rc = ScepAddToNameList((ValueType == 0) ?
|
|
&(pGroup->pMembers):
|
|
&(pGroup->pMemberOf),
|
|
pTemp,
|
|
Len );
|
|
}
|
|
}
|
|
|
|
#ifdef SCE_DBG
|
|
wprintf(L"Add %s to group list\n", pTemp);
|
|
#endif
|
|
pTemp += Len +1;
|
|
}
|
|
|
|
//
|
|
// Free memory
|
|
//
|
|
if ( rc != SCESTATUS_SUCCESS && pGroup != *pGroupMembership ) {
|
|
|
|
pGroup->Next = NULL;
|
|
ScepFreeGroupMembership( pGroup );
|
|
goto Done;
|
|
}
|
|
|
|
switch ( ValueType ) {
|
|
case 0: // members
|
|
pGroup->Status &= ~SCE_GROUP_STATUS_NC_MEMBERS;
|
|
break;
|
|
case 1:
|
|
pGroup->Status &= ~SCE_GROUP_STATUS_NC_MEMBEROF;
|
|
break;
|
|
}
|
|
*pGroupMembership = pGroup;
|
|
|
|
NextLine:
|
|
|
|
ScepFree(GroupName);
|
|
GroupName = NULL;
|
|
|
|
ScepFree(Value);
|
|
Value = NULL;
|
|
|
|
//
|
|
// read next line
|
|
//
|
|
rc = SceJetGetValue(
|
|
hSection,
|
|
SCEJET_NEXT_LINE,
|
|
NULL,
|
|
NULL,
|
|
0,
|
|
&GroupLen,
|
|
NULL,
|
|
0,
|
|
&ValueLen
|
|
);
|
|
}
|
|
|
|
if ( rc == SCESTATUS_RECORD_NOT_FOUND )
|
|
rc = SCESTATUS_SUCCESS;
|
|
|
|
Done:
|
|
|
|
//
|
|
// close the find index range
|
|
//
|
|
SceJetGetValue(
|
|
hSection,
|
|
SCEJET_CLOSE_VALUE,
|
|
NULL,
|
|
NULL,
|
|
0,
|
|
NULL,
|
|
NULL,
|
|
0,
|
|
NULL
|
|
);
|
|
|
|
if ( GroupName != NULL )
|
|
ScepFree(GroupName);
|
|
|
|
if ( Value != NULL )
|
|
ScepFree(Value);
|
|
|
|
//
|
|
// close the section
|
|
//
|
|
SceJetCloseSection( &hSection, TRUE );
|
|
|
|
return(rc);
|
|
|
|
}
|
|
|
|
|
|
SCESTATUS
|
|
ScepOpenSectionForName(
|
|
IN PSCECONTEXT hProfile,
|
|
IN SCETYPE ProfileType,
|
|
IN PCWSTR SectionName,
|
|
OUT PSCESECTION *phSection
|
|
)
|
|
{
|
|
SCESTATUS rc;
|
|
DOUBLE SectionID;
|
|
SCEJET_TABLE_TYPE tblType;
|
|
|
|
//
|
|
// table type
|
|
//
|
|
switch ( ProfileType ) {
|
|
case SCE_ENGINE_SCP:
|
|
case SCE_ENGINE_SCP_INTERNAL:
|
|
tblType = SCEJET_TABLE_SCP;
|
|
break;
|
|
|
|
case SCE_ENGINE_SMP:
|
|
case SCE_ENGINE_SMP_INTERNAL:
|
|
tblType = SCEJET_TABLE_SMP;
|
|
break;
|
|
|
|
case SCE_ENGINE_SAP:
|
|
tblType = SCEJET_TABLE_SAP;
|
|
break;
|
|
|
|
default:
|
|
return(SCESTATUS_INVALID_PARAMETER);
|
|
}
|
|
|
|
//
|
|
// get section id
|
|
//
|
|
rc = SceJetGetSectionIDByName(
|
|
hProfile,
|
|
SectionName,
|
|
&SectionID
|
|
);
|
|
if ( rc != SCESTATUS_SUCCESS )
|
|
return(rc);
|
|
|
|
rc = SceJetOpenSection(
|
|
hProfile,
|
|
SectionID,
|
|
tblType,
|
|
phSection
|
|
);
|
|
return(rc);
|
|
|
|
}
|
|
|
|
|
|
SCESTATUS
|
|
ScepGetDsRoot(
|
|
IN PSCECONTEXT hProfile,
|
|
IN SCETYPE ProfileType,
|
|
IN PCWSTR SectionName,
|
|
OUT PSCE_OBJECT_LIST *pObjectRoots,
|
|
OUT PSCE_ERROR_LOG_INFO *Errlog OPTIONAL
|
|
)
|
|
/*
|
|
DS object root has only one entry, which is the DS domain name
|
|
So the list contains only one entry.
|
|
The format of the DS domain name is dc=<domain>,dc=<domain1>,...o=internet,
|
|
which is the DNS name of the DS domain in LDAP format
|
|
|
|
*/
|
|
{
|
|
SCESTATUS rc;
|
|
PSCESECTION hSection=NULL;
|
|
PSCE_OBJECT_LIST pDsRoot=NULL;
|
|
PWSTR JetName=NULL;
|
|
BOOL IsContainer, LastOne;
|
|
DWORD Count, ValueLen;
|
|
BYTE Status;
|
|
WCHAR StatusFlag=L'\0';
|
|
|
|
|
|
rc = ScepOpenSectionForName(
|
|
hProfile,
|
|
ProfileType,
|
|
SectionName,
|
|
&hSection
|
|
);
|
|
|
|
if ( rc != SCESTATUS_SUCCESS ) {
|
|
ScepBuildErrorLogInfo( ERROR_INVALID_DATA,
|
|
Errlog,
|
|
SCEERR_OPEN,
|
|
SectionName
|
|
);
|
|
return(rc);
|
|
}
|
|
|
|
rc = ScepLdapOpen(NULL);
|
|
|
|
if ( rc == SCESTATUS_SUCCESS ) {
|
|
|
|
rc = ScepEnumerateDsObjectRoots(
|
|
NULL,
|
|
&pDsRoot
|
|
);
|
|
ScepLdapClose(NULL);
|
|
}
|
|
|
|
if ( rc == SCESTATUS_SUCCESS ) {
|
|
|
|
if ( pDsRoot == NULL ) {
|
|
rc = SCESTATUS_PROFILE_NOT_FOUND;
|
|
|
|
} else {
|
|
//
|
|
// Convert domain root
|
|
//
|
|
rc = ScepConvertLdapToJetIndexName(
|
|
pDsRoot->Name,
|
|
&JetName
|
|
);
|
|
}
|
|
}
|
|
|
|
if ( rc == SCESTATUS_SUCCESS ) {
|
|
//
|
|
// goto the line matching the domain root
|
|
//
|
|
rc = SceJetSeek(
|
|
hSection,
|
|
JetName,
|
|
wcslen(JetName)*sizeof(WCHAR),
|
|
SCEJET_SEEK_GE
|
|
);
|
|
|
|
if ( rc == SCESTATUS_RECORD_NOT_FOUND ) {
|
|
|
|
if ( ProfileType == SCE_ENGINE_SAP ) {
|
|
//
|
|
// the domain is not in the table, try another one
|
|
//
|
|
SceJetCloseSection(&hSection, FALSE);
|
|
|
|
rc = ScepOpenSectionForName(
|
|
hProfile,
|
|
SCE_ENGINE_SCP, // SCE_ENGINE_SMP,
|
|
SectionName,
|
|
&hSection
|
|
);
|
|
if ( rc == SCESTATUS_SUCCESS ) {
|
|
//
|
|
// get count under the domain
|
|
//
|
|
Count = 0;
|
|
rc = SceJetGetLineCount(
|
|
hSection,
|
|
JetName,
|
|
FALSE,
|
|
&Count);
|
|
|
|
if ( rc == SCESTATUS_SUCCESS ||
|
|
rc == SCESTATUS_RECORD_NOT_FOUND ) {
|
|
|
|
if ( rc == SCESTATUS_SUCCESS )
|
|
pDsRoot->Status = SCE_STATUS_CHECK;
|
|
else
|
|
pDsRoot->Status = SCE_STATUS_NOT_CONFIGURED;
|
|
pDsRoot->IsContainer = TRUE;
|
|
pDsRoot->Count = Count;
|
|
|
|
*pObjectRoots = pDsRoot;
|
|
pDsRoot = NULL;
|
|
|
|
rc = SCESTATUS_SUCCESS;
|
|
}
|
|
|
|
}
|
|
}
|
|
rc = SCESTATUS_SUCCESS;
|
|
|
|
} else if ( rc == SCESTATUS_SUCCESS ) {
|
|
//
|
|
// something of the domain exist, get value and count of the domain
|
|
//
|
|
rc = SceJetGetValue(
|
|
hSection,
|
|
SCEJET_EXACT_MATCH,
|
|
JetName,
|
|
NULL,
|
|
0,
|
|
NULL,
|
|
(PWSTR)&StatusFlag, // two bytes buffer
|
|
2,
|
|
&ValueLen
|
|
);
|
|
|
|
if ( rc == SCESTATUS_SUCCESS ||
|
|
rc == SCESTATUS_BUFFER_TOO_SMALL ||
|
|
rc == SCESTATUS_RECORD_NOT_FOUND ) {
|
|
|
|
if ( rc != SCESTATUS_RECORD_NOT_FOUND ) {
|
|
LastOne = TRUE;
|
|
Status = *((BYTE *)&StatusFlag);
|
|
IsContainer = *((CHAR *)&StatusFlag+1) != '0' ? TRUE : FALSE;
|
|
|
|
} else {
|
|
LastOne = FALSE;
|
|
IsContainer = TRUE;
|
|
if ( ProfileType == SCE_ENGINE_SAP )
|
|
Status = SCE_STATUS_GOOD;
|
|
else
|
|
Status = SCE_STATUS_CHECK;
|
|
}
|
|
//
|
|
// get count under the domain
|
|
//
|
|
rc = SceJetGetLineCount(
|
|
hSection,
|
|
JetName,
|
|
FALSE,
|
|
&Count);
|
|
|
|
if ( rc == SCESTATUS_SUCCESS ) {
|
|
|
|
if ( LastOne )
|
|
Count--;
|
|
|
|
if ( !IsContainer && Count > 0 ) {
|
|
IsContainer = TRUE;
|
|
}
|
|
|
|
//
|
|
// the proper domain name is in pDsRoot
|
|
//
|
|
pDsRoot->Status = Status;
|
|
pDsRoot->IsContainer = IsContainer;
|
|
pDsRoot->Count = Count;
|
|
|
|
*pObjectRoots = pDsRoot;
|
|
pDsRoot = NULL;
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
if ( SCESTATUS_RECORD_NOT_FOUND == rc ) {
|
|
rc = SCESTATUS_SUCCESS;
|
|
}
|
|
if ( rc != SCESTATUS_SUCCESS ) {
|
|
ScepBuildErrorLogInfo(ScepSceStatusToDosError(rc),
|
|
Errlog, SCEERR_QUERY_INFO,
|
|
L"SCP/SMP");
|
|
}
|
|
|
|
if ( JetName != NULL ) {
|
|
ScepFree(JetName);
|
|
}
|
|
|
|
} else {
|
|
ScepBuildErrorLogInfo(ScepSceStatusToDosError(rc),
|
|
Errlog, SCEERR_QUERY_INFO,
|
|
SectionName);
|
|
}
|
|
|
|
ScepFreeObjectList(pDsRoot);
|
|
|
|
SceJetCloseSection(&hSection, TRUE);
|
|
|
|
return(rc);
|
|
}
|
|
|
|
|
|
SCESTATUS
|
|
ScepGetObjectList(
|
|
IN PSCECONTEXT hProfile,
|
|
IN SCETYPE ProfileType,
|
|
IN PCWSTR SectionName,
|
|
OUT PSCE_OBJECT_LIST *pObjectRoots,
|
|
OUT PSCE_ERROR_LOG_INFO *Errlog OPTIONAL
|
|
)
|
|
/* ++
|
|
Routine Description:
|
|
|
|
This routine retrieves registry or files security information from the JET
|
|
database for the root only. To get detail under a root object, call
|
|
ScepGetChildrentObject.
|
|
|
|
For Profiletype "SCE_ENGINE_SAP" (analysis info), a combination of SMP and SAP
|
|
are returned for a complete set of "analyzed" objects.
|
|
|
|
Arguments:
|
|
|
|
hProfile - the profile handle context
|
|
|
|
ProfileType - value to indicate engine type.
|
|
SCE_ENGINE_SCP
|
|
SCE_ENGINE_SAP
|
|
SCE_ENGINE_SMP
|
|
|
|
SectionName - The section name for the objects to retrieve.
|
|
|
|
pObjectRoots - The output list of object roots
|
|
|
|
Errlog - the cummulative error list to hold errors encountered in this routine.
|
|
|
|
Return value:
|
|
|
|
SCESTATUS - SCESTATUS_SUCCESS
|
|
SCESTATUS_NOT_ENOUGH_RESOURCE
|
|
SCESTATUS_INVALID_PARAMETER
|
|
SCESTATUS_BAD_FORMAT
|
|
SCESTATUS_INVALID_DATA
|
|
-- */
|
|
|
|
{
|
|
SCESTATUS rc;
|
|
PSCE_OBJECT_LIST pTempList=NULL,
|
|
pNode;
|
|
|
|
//
|
|
// get roots from the first table first
|
|
//
|
|
rc = ScepGetObjectFromOneTable(
|
|
hProfile,
|
|
ProfileType,
|
|
SectionName,
|
|
pObjectRoots,
|
|
Errlog
|
|
);
|
|
//
|
|
// Ds objects only return the domain name, no need to search SMP
|
|
//
|
|
if ( rc == SCESTATUS_SUCCESS && ProfileType == SCE_ENGINE_SAP ) {
|
|
//
|
|
// get the stuff from SMP
|
|
//
|
|
rc = ScepGetObjectFromOneTable(
|
|
hProfile,
|
|
SCE_ENGINE_SCP, // SCE_ENGINE_SMP,
|
|
SectionName,
|
|
&pTempList,
|
|
Errlog
|
|
);
|
|
if ( rc == SCESTATUS_SUCCESS ) {
|
|
//
|
|
// add non-exist nodes to pObjectRoots
|
|
//
|
|
for ( pNode=pTempList; pNode != NULL; pNode = pNode->Next ) {
|
|
|
|
//
|
|
// if this node does not exist in the SAP
|
|
// this node is analyzed with "match" status and
|
|
// no bad children under the node
|
|
// duplication is prevented by the last argument
|
|
//
|
|
rc = ScepAddToObjectList(pObjectRoots, pNode->Name, 0,
|
|
pNode->IsContainer, SCE_STATUS_GOOD, 0, SCE_CHECK_DUP);
|
|
|
|
if ( rc != ERROR_SUCCESS ) {
|
|
ScepBuildErrorLogInfo( rc,
|
|
Errlog,
|
|
SCEERR_ADD,
|
|
pNode->Name
|
|
);
|
|
//
|
|
// only the following two errors could be returned
|
|
//
|
|
if ( rc == ERROR_NOT_ENOUGH_MEMORY ) {
|
|
rc = SCESTATUS_NOT_ENOUGH_RESOURCE;
|
|
break;
|
|
} else
|
|
rc = SCESTATUS_INVALID_PARAMETER;
|
|
}
|
|
|
|
}
|
|
|
|
} else if ( rc == SCESTATUS_RECORD_NOT_FOUND ) {
|
|
|
|
rc = SCESTATUS_SUCCESS;
|
|
|
|
} else {
|
|
//
|
|
// pObjectRoots will be freed outside
|
|
//
|
|
}
|
|
|
|
if ( pTempList ) {
|
|
ScepFreeObjectList(pTempList);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
return(rc);
|
|
}
|
|
|
|
|
|
SCESTATUS
|
|
ScepGetObjectFromOneTable(
|
|
IN PSCECONTEXT hProfile,
|
|
IN SCETYPE ProfileType,
|
|
IN PCWSTR SectionName,
|
|
OUT PSCE_OBJECT_LIST *pObjectRoots,
|
|
OUT PSCE_ERROR_LOG_INFO *Errlog OPTIONAL
|
|
)
|
|
/* ++
|
|
Routine Description:
|
|
|
|
This routine retrieves registry or files security information from the JET
|
|
database for the root only. To get detail under a root object, call
|
|
ScepGetChildrentObject.
|
|
|
|
Arguments:
|
|
|
|
hProfile - the profile handle context
|
|
|
|
ProfileType - value to indicate engine type.
|
|
SCE_ENGINE_SCP
|
|
SCE_ENGINE_SAP
|
|
SCE_ENGINE_SMP
|
|
|
|
SectionName - The section name for the objects to retrieve.
|
|
|
|
pObjectRoots - The output list of object roots
|
|
|
|
Errlog - the cummulative error list to hold errors encountered in this routine.
|
|
|
|
Return value:
|
|
|
|
SCESTATUS - SCESTATUS_SUCCESS
|
|
SCESTATUS_NOT_ENOUGH_RESOURCE
|
|
SCESTATUS_INVALID_PARAMETER
|
|
SCESTATUS_BAD_FORMAT
|
|
SCESTATUS_INVALID_DATA
|
|
-- */
|
|
{
|
|
|
|
SCESTATUS rc;
|
|
PSCESECTION hSection=NULL;
|
|
DWORD ObjectLen=0;
|
|
WCHAR ObjectName[21];
|
|
WCHAR StatusFlag=L'\0';
|
|
BYTE Status=0;
|
|
BOOL IsContainer=TRUE;
|
|
DWORD Len, Count;
|
|
WCHAR Buffer[21];
|
|
BOOL LastOne;
|
|
DWORD ValueLen=0;
|
|
|
|
|
|
rc = ScepOpenSectionForName(
|
|
hProfile,
|
|
ProfileType,
|
|
SectionName,
|
|
&hSection
|
|
);
|
|
|
|
if ( rc != SCESTATUS_SUCCESS ) {
|
|
ScepBuildErrorLogInfo( ERROR_INVALID_DATA,
|
|
Errlog,
|
|
SCEERR_OPEN,
|
|
SectionName
|
|
);
|
|
return(rc);
|
|
}
|
|
|
|
//
|
|
// goto the first line of this section
|
|
//
|
|
rc = SceJetSeek(
|
|
hSection,
|
|
NULL,
|
|
0,
|
|
SCEJET_SEEK_GE
|
|
);
|
|
|
|
while ( rc == SCESTATUS_SUCCESS ||
|
|
rc == SCESTATUS_BUFFER_TOO_SMALL ) {
|
|
|
|
memset(ObjectName, '\0', 21*sizeof(WCHAR));
|
|
memset(Buffer, '\0', 21*sizeof(WCHAR));
|
|
|
|
rc = SceJetGetValue(
|
|
hSection,
|
|
SCEJET_CURRENT,
|
|
NULL,
|
|
ObjectName,
|
|
20*sizeof(WCHAR),
|
|
&ObjectLen,
|
|
(PWSTR)&StatusFlag, // two bytes buffer
|
|
2,
|
|
&ValueLen
|
|
);
|
|
#ifdef SCE_DBG
|
|
wprintf(L"ObjectLen=%d, StatusFlag=%x, ValueLen=%d, rc=%d, ObjectName=%s \n",
|
|
ObjectLen, StatusFlag, ValueLen, rc, ObjectName);
|
|
#endif
|
|
if ( rc != SCESTATUS_SUCCESS && rc != SCESTATUS_BUFFER_TOO_SMALL ) {
|
|
ScepBuildErrorLogInfo( ERROR_READ_FAULT,
|
|
Errlog,
|
|
SCEERR_QUERY_VALUE,
|
|
SectionName
|
|
);
|
|
break;
|
|
}
|
|
//
|
|
// get first component of the object
|
|
//
|
|
if ( ObjectLen <= 40 )
|
|
ObjectName[ObjectLen/sizeof(WCHAR)] = L'\0';
|
|
|
|
rc = ScepGetNameInLevel(
|
|
ObjectName,
|
|
1,
|
|
L'\\',
|
|
Buffer,
|
|
&LastOne
|
|
);
|
|
|
|
if ( rc == SCESTATUS_SUCCESS ) {
|
|
|
|
Len = wcslen(Buffer);
|
|
|
|
if ( LastOne ) {
|
|
|
|
Status = *((BYTE *)&StatusFlag);
|
|
IsContainer = *((CHAR *)&StatusFlag+1) != '0' ? TRUE : FALSE;
|
|
|
|
} else {
|
|
IsContainer = TRUE;
|
|
if ( ProfileType == SCE_ENGINE_SAP )
|
|
Status = SCE_STATUS_GOOD;
|
|
else
|
|
Status = SCE_STATUS_CHECK;
|
|
}
|
|
|
|
#ifdef SCE_DBG
|
|
printf("\nStatus=%d, StatusFlag=%x, Len=%d, Buffer=%ws\n", Status, StatusFlag, Len, Buffer);
|
|
#endif
|
|
//
|
|
// get count of this object
|
|
//
|
|
rc = SceJetGetLineCount(
|
|
hSection,
|
|
Buffer,
|
|
FALSE,
|
|
&Count);
|
|
|
|
if ( rc == SCESTATUS_SUCCESS ||
|
|
rc == SCESTATUS_RECORD_NOT_FOUND ) {
|
|
|
|
if ( LastOne )
|
|
Count--;
|
|
|
|
if ( !IsContainer && Count > 0 ) {
|
|
IsContainer = TRUE;
|
|
}
|
|
|
|
//
|
|
// the root of registry and file are always upper cased
|
|
//
|
|
_wcsupr(Buffer);
|
|
|
|
rc = ScepAddToObjectList(pObjectRoots, Buffer, Len,
|
|
IsContainer, Status, Count, 0);
|
|
|
|
if ( rc != ERROR_SUCCESS ) {
|
|
ScepBuildErrorLogInfo( rc,
|
|
Errlog,
|
|
SCEERR_ADD,
|
|
Buffer
|
|
);
|
|
// only the following two errors could be returned
|
|
if ( rc == ERROR_NOT_ENOUGH_MEMORY )
|
|
rc = SCESTATUS_NOT_ENOUGH_RESOURCE;
|
|
else
|
|
rc = SCESTATUS_INVALID_PARAMETER;
|
|
}
|
|
}
|
|
|
|
if ( rc == SCESTATUS_SUCCESS ) {
|
|
//
|
|
// seek to the next one
|
|
//
|
|
Buffer[Len-1] = (WCHAR)( Buffer[Len-1] + 1);
|
|
|
|
rc = SceJetSeek(
|
|
hSection,
|
|
Buffer,
|
|
Len*sizeof(TCHAR),
|
|
SCEJET_SEEK_GT_NO_CASE
|
|
);
|
|
|
|
if ( rc != SCESTATUS_SUCCESS && rc != SCESTATUS_RECORD_NOT_FOUND )
|
|
ScepBuildErrorLogInfo( ERROR_READ_FAULT,
|
|
Errlog,
|
|
SCEERR_QUERY_VALUE,
|
|
SectionName
|
|
);
|
|
|
|
}
|
|
}
|
|
}
|
|
|
|
if ( rc == SCESTATUS_RECORD_NOT_FOUND )
|
|
rc = SCESTATUS_SUCCESS;
|
|
|
|
//
|
|
// close the section
|
|
//
|
|
SceJetCloseSection( &hSection, TRUE );
|
|
|
|
return(rc);
|
|
|
|
}
|
|
|
|
|
|
SCESTATUS
|
|
ScepGetAuditing(
|
|
IN PSCECONTEXT hProfile,
|
|
IN SCETYPE ProfileType,
|
|
OUT PSCE_PROFILE_INFO pProfileInfo,
|
|
OUT PSCE_ERROR_LOG_INFO *Errlog OPTIONAL
|
|
)
|
|
/* ++
|
|
Routine Description:
|
|
|
|
This routine retrieves system auditing information from the JET database
|
|
and stores in the output buffer pProfileInfo. The auditing information
|
|
is stored in [System Log], [Security Log], [Application Log], [Audit Event],
|
|
[Audit Registry], and [Audit File] sections.
|
|
|
|
Arguments:
|
|
|
|
hProfile - the profile handle context
|
|
|
|
pProfileInfo - the output buffer to hold profile info.
|
|
|
|
Errlog - The cummulative error list to hold errors encountered in this routine.
|
|
|
|
Return value:
|
|
|
|
SCESTATUS - SCESTATUS_SUCCESS
|
|
SCESTATUS_NOT_ENOUGH_RESOURCE
|
|
SCESTATUS_INVALID_PARAMETER
|
|
SCESTATUS_BAD_FORMAT
|
|
SCESTATUS_INVALID_DATA
|
|
-- */
|
|
{
|
|
|
|
SCESTATUS rc;
|
|
SCE_KEY_LOOKUP LogKeys[]={
|
|
{(PWSTR)TEXT("MaximumLogSize"), offsetof(struct _SCE_PROFILE_INFO, MaximumLogSize), 'D'},
|
|
{(PWSTR)TEXT("AuditLogRetentionPeriod"),offsetof(struct _SCE_PROFILE_INFO, AuditLogRetentionPeriod), 'D'},
|
|
{(PWSTR)TEXT("RetentionDays"), offsetof(struct _SCE_PROFILE_INFO, RetentionDays), 'D'},
|
|
{(PWSTR)TEXT("RestrictGuestAccess"), offsetof(struct _SCE_PROFILE_INFO, RestrictGuestAccess), 'D'}
|
|
};
|
|
|
|
SCE_KEY_LOOKUP EventKeys[]={
|
|
{(PWSTR)TEXT("AuditSystemEvents"), offsetof(struct _SCE_PROFILE_INFO, AuditSystemEvents), 'D'},
|
|
{(PWSTR)TEXT("AuditLogonEvents"), offsetof(struct _SCE_PROFILE_INFO, AuditLogonEvents), 'D'},
|
|
{(PWSTR)TEXT("AuditObjectAccess"), offsetof(struct _SCE_PROFILE_INFO, AuditObjectAccess), 'D'},
|
|
{(PWSTR)TEXT("AuditPrivilegeUse"), offsetof(struct _SCE_PROFILE_INFO, AuditPrivilegeUse), 'D'},
|
|
{(PWSTR)TEXT("AuditPolicyChange"), offsetof(struct _SCE_PROFILE_INFO, AuditPolicyChange), 'D'},
|
|
{(PWSTR)TEXT("AuditAccountManage"), offsetof(struct _SCE_PROFILE_INFO, AuditAccountManage), 'D'},
|
|
{(PWSTR)TEXT("AuditProcessTracking"),offsetof(struct _SCE_PROFILE_INFO, AuditProcessTracking),'D'},
|
|
{(PWSTR)TEXT("AuditDSAccess"), offsetof(struct _SCE_PROFILE_INFO, AuditDSAccess), 'D'},
|
|
{(PWSTR)TEXT("AuditAccountLogon"), offsetof(struct _SCE_PROFILE_INFO, AuditAccountLogon), 'D'}};
|
|
|
|
DWORD cKeys = sizeof(EventKeys) / sizeof(SCE_KEY_LOOKUP);
|
|
|
|
PCWSTR szAuditLog;
|
|
DWORD i, j;
|
|
PSCESECTION hSection=NULL;
|
|
|
|
|
|
if ( hProfile == NULL ||
|
|
pProfileInfo == NULL ) {
|
|
return(SCESTATUS_INVALID_PARAMETER);
|
|
}
|
|
|
|
|
|
for ( i=0; i<3; i++) {
|
|
|
|
//
|
|
// Get Event Log setting for system log, security log and application log
|
|
//
|
|
|
|
switch (i) {
|
|
case 0:
|
|
szAuditLog = szAuditSystemLog;
|
|
break;
|
|
case 1:
|
|
szAuditLog = szAuditSecurityLog;
|
|
break;
|
|
default:
|
|
szAuditLog = szAuditApplicationLog;
|
|
break;
|
|
}
|
|
|
|
//
|
|
// get DWORD values for the section
|
|
//
|
|
rc = ScepGetFixValueSection(
|
|
hProfile,
|
|
szAuditLog,
|
|
LogKeys,
|
|
4,
|
|
ProfileType,
|
|
(PVOID)pProfileInfo,
|
|
&hSection,
|
|
Errlog
|
|
);
|
|
if ( rc != SCESTATUS_SUCCESS )
|
|
goto Done;
|
|
|
|
// close the section
|
|
SceJetCloseSection( &hSection, FALSE );
|
|
|
|
//
|
|
// update the Offset for next section
|
|
//
|
|
for ( j=0; j<4; j++ )
|
|
LogKeys[j].Offset += sizeof(DWORD);
|
|
}
|
|
|
|
//
|
|
// Get Audit Event info
|
|
//
|
|
//
|
|
// get DWORD values for the section
|
|
//
|
|
rc = ScepGetFixValueSection(
|
|
hProfile,
|
|
szAuditEvent,
|
|
EventKeys,
|
|
cKeys,
|
|
ProfileType,
|
|
(PVOID)pProfileInfo,
|
|
&hSection,
|
|
Errlog
|
|
);
|
|
if ( rc != SCESTATUS_SUCCESS )
|
|
goto Done;
|
|
|
|
// close the section
|
|
SceJetCloseSection( &hSection, TRUE );
|
|
|
|
Done:
|
|
|
|
// close the section
|
|
if ( rc != SCESTATUS_SUCCESS )
|
|
SceJetCloseSection( &hSection, TRUE );
|
|
|
|
return(rc);
|
|
}
|
|
|
|
//////////////////////////////
|
|
// helper APIs
|
|
//////////////////////////////
|
|
|
|
SCESTATUS
|
|
ScepGetUserSection(
|
|
IN PSCECONTEXT hProfile,
|
|
IN SCETYPE ProfileType,
|
|
IN PWSTR Name,
|
|
OUT PVOID *ppInfo,
|
|
OUT PSCE_ERROR_LOG_INFO *Errlog OPTIONAL
|
|
)
|
|
/* ++
|
|
Function Description:
|
|
|
|
This routine get a dynamic section's information for a security area.
|
|
Dynamic sections are those created dynamically, based on other sections'
|
|
related information. Dynamic sections in a profile include User Security
|
|
Profiles for SCP and User Settings for SAP/SMP. Name contains the section's
|
|
identifier, either the section's name, or a partial name (e.g., a user
|
|
name) for the section. The output must be casted to different structure,
|
|
depending on the ProfileType and Area.
|
|
|
|
The output buffer contains one instance of the requested information,
|
|
e.g., one user security profile or one user's setting. To get all dynamic
|
|
sections, this routine must be called repeatly. The output buffer must
|
|
be freed by LocalFree after its use.
|
|
|
|
Arguments:
|
|
|
|
hProfile - The handle of the profile
|
|
|
|
ProfileType - The type of the profile to read
|
|
|
|
Name - The dynamic section's identifier
|
|
|
|
ppInfo - Output buffer (PSCE_USER_PROFILE or PSCE_USER_SETTING)
|
|
|
|
Errlog - The error log buffer
|
|
|
|
Return Value:
|
|
|
|
SCESTATUS_SUCCESS
|
|
SCESTATUS_PROFILE_NOT_FOUND
|
|
SCESTATUS_NOT_ENOUGH_RESOURCE
|
|
SCESTATUS_INVALID_PARAMETER
|
|
SCESTATUS_BAD_FORMAT
|
|
SCESTATUS_INVALID_DATA
|
|
|
|
-- */
|
|
|
|
{
|
|
//
|
|
// not support area
|
|
// if need this area later, refer to usersav directory for archived code
|
|
//
|
|
return(SCESTATUS_SERVICE_NOT_SUPPORT);
|
|
|
|
}
|
|
|
|
|
|
SCESTATUS
|
|
ScepGetObjectChildren(
|
|
IN PSCECONTEXT hProfile,
|
|
IN SCETYPE ProfileType,
|
|
IN AREA_INFORMATION Area,
|
|
IN PWSTR ObjectPrefix,
|
|
IN SCE_SUBOBJECT_TYPE Option,
|
|
OUT PVOID *Buffer,
|
|
OUT PSCE_ERROR_LOG_INFO *Errlog OPTIONAL
|
|
)
|
|
/*
|
|
Routine Description
|
|
|
|
This routine is the same as ScepGetObjectChildrenFromOneTable, except when
|
|
ProfileType is SCE_ENGINE_SAP, in which case, object children in SMP is also
|
|
looked up and returned so the returned list contains the complete set of
|
|
the objects analyzed.
|
|
|
|
Arguments:
|
|
|
|
See ScepGetObjectChildrenFromOneTable
|
|
|
|
Return Value:
|
|
|
|
See ScepGetObjectChildrenFromOneTable
|
|
*/
|
|
{
|
|
SCESTATUS rc;
|
|
|
|
rc = ScepGetObjectChildrenFromOneTable(
|
|
hProfile,
|
|
ProfileType,
|
|
Area,
|
|
ObjectPrefix,
|
|
Option,
|
|
Buffer,
|
|
Errlog
|
|
);
|
|
|
|
if ( rc == SCESTATUS_RECORD_NOT_FOUND ) {
|
|
rc = SCESTATUS_SUCCESS;
|
|
}
|
|
|
|
if ( rc == SCESTATUS_SERVICE_NOT_SUPPORT &&
|
|
ProfileType == SCE_ENGINE_SAP &&
|
|
Option == SCE_IMMEDIATE_CHILDREN ) {
|
|
|
|
return( SCESTATUS_RECORD_NOT_FOUND); // no acl support, do not allow children
|
|
}
|
|
|
|
if ( rc == SCESTATUS_SUCCESS &&
|
|
ProfileType == SCE_ENGINE_SAP &&
|
|
Option == SCE_IMMEDIATE_CHILDREN ) {
|
|
|
|
PSCE_OBJECT_CHILDREN pTempList=NULL;
|
|
PSCE_OBJECT_CHILDREN_NODE *pArrObject=NULL;
|
|
DWORD arrCount=0, MaxCount=0;
|
|
LONG FindIndex;
|
|
|
|
if ( *Buffer ) {
|
|
arrCount = ((PSCE_OBJECT_CHILDREN)(*Buffer))->nCount;
|
|
MaxCount = ((PSCE_OBJECT_CHILDREN)(*Buffer))->MaxCount;
|
|
pArrObject = &(((PSCE_OBJECT_CHILDREN)(*Buffer))->arrObject);
|
|
}
|
|
|
|
//
|
|
// get object children from SMP table too
|
|
//
|
|
rc = ScepGetObjectChildrenFromOneTable(
|
|
hProfile,
|
|
SCE_ENGINE_SCP, //SCE_ENGINE_SMP,
|
|
Area,
|
|
ObjectPrefix,
|
|
Option,
|
|
(PVOID *)(&pTempList),
|
|
Errlog
|
|
);
|
|
|
|
if ( rc == SCESTATUS_SUCCESS && pTempList ) {
|
|
//
|
|
// add non-exist nodes to Buffer
|
|
//
|
|
DWORD i;
|
|
PSCE_OBJECT_CHILDREN_NODE *pTmpObject= &(pTempList->arrObject);
|
|
|
|
for ( i=0; i<pTempList->nCount; i++ ) {
|
|
|
|
//
|
|
// if this node does not exist in the SAP
|
|
// this node is analyzed with "match" status and
|
|
// no bad children under the node
|
|
// duplication is prevented by the last argument
|
|
//
|
|
if ( pTmpObject[i] == NULL ||
|
|
pTmpObject[i]->Name == NULL ) {
|
|
continue;
|
|
}
|
|
|
|
FindIndex = -1;
|
|
pTmpObject[i]->Status = SCE_STATUS_GOOD;
|
|
|
|
rc = ScepAddItemToChildren(
|
|
pTmpObject[i],
|
|
pTmpObject[i]->Name,
|
|
0,
|
|
pTmpObject[i]->IsContainer,
|
|
pTmpObject[i]->Status,
|
|
pTmpObject[i]->Count,
|
|
&pArrObject,
|
|
&arrCount,
|
|
&MaxCount,
|
|
&FindIndex
|
|
);
|
|
|
|
if ( rc == ERROR_SUCCESS ) {
|
|
//
|
|
// successfully added
|
|
//
|
|
pTmpObject[i] = NULL;
|
|
} else if ( rc == ERROR_DUP_NAME ) {
|
|
//
|
|
// node already exist, ignore the error
|
|
//
|
|
rc = ERROR_SUCCESS;
|
|
|
|
} else {
|
|
ScepBuildErrorLogInfo( rc,
|
|
Errlog,
|
|
SCEERR_ADD,
|
|
pTmpObject[i]->Name
|
|
);
|
|
//
|
|
// only the following two errors could be returned
|
|
//
|
|
if ( rc == ERROR_NOT_ENOUGH_MEMORY ) {
|
|
rc = SCESTATUS_NOT_ENOUGH_RESOURCE;
|
|
break;
|
|
} else
|
|
rc = SCESTATUS_INVALID_PARAMETER;
|
|
}
|
|
|
|
}
|
|
|
|
} else if ( rc == SCESTATUS_RECORD_NOT_FOUND ) {
|
|
|
|
rc = SCESTATUS_SUCCESS;
|
|
|
|
}
|
|
|
|
if ( pTempList ) {
|
|
ScepFreeObjectChildren(pTempList);
|
|
}
|
|
|
|
if ( rc == SCESTATUS_SUCCESS ) {
|
|
//
|
|
// detect if status of this container or any of its "immediate" parent
|
|
// is in "auto-inherit" status. If so, query from the system to
|
|
// get good items.
|
|
//
|
|
|
|
BYTE ParentStatus = ScepGetObjectStatusFlag(
|
|
hProfile,
|
|
SCE_ENGINE_SCP, //SCE_ENGINE_SMP,
|
|
Area,
|
|
ObjectPrefix,
|
|
TRUE);
|
|
|
|
BYTE AnalysisStatus = ScepGetObjectStatusFlag(
|
|
hProfile,
|
|
SCE_ENGINE_SAP,
|
|
Area,
|
|
ObjectPrefix,
|
|
FALSE);
|
|
//
|
|
// compute the status to be used for all enumerated objects
|
|
//
|
|
BYTE NewStatus;
|
|
|
|
if ( AnalysisStatus == SCE_STATUS_ERROR_NOT_AVAILABLE ||
|
|
AnalysisStatus == SCE_STATUS_NOT_ANALYZED ) {
|
|
|
|
NewStatus = SCE_STATUS_NOT_ANALYZED;
|
|
|
|
} else if ( ParentStatus == SCE_STATUS_OVERWRITE ) {
|
|
|
|
NewStatus = SCE_STATUS_GOOD;
|
|
} else {
|
|
NewStatus = SCE_STATUS_NOT_CONFIGURED;
|
|
}
|
|
|
|
//
|
|
// even though there is no parent in SMP, still return all objects
|
|
//
|
|
// if ( (BYTE)-1 != ParentStatus ) {
|
|
|
|
// if any child is found for this level
|
|
// get the remaining "good" status nodes from system
|
|
//
|
|
|
|
PWSTR WildCard=NULL;
|
|
DWORD BufSize;
|
|
|
|
switch ( Area ) {
|
|
case AREA_FILE_SECURITY:
|
|
|
|
struct _wfinddata_t FileInfo;
|
|
intptr_t hFile;
|
|
BOOL BackSlashExist;
|
|
|
|
BufSize = wcslen(ObjectPrefix)+4;
|
|
WildCard = (PWSTR)ScepAlloc( 0, (BufSize+1)*sizeof(WCHAR));
|
|
if ( !WildCard ) {
|
|
rc = SCESTATUS_NOT_ENOUGH_RESOURCE;
|
|
break;
|
|
}
|
|
BackSlashExist = ScepLastBackSlash(ObjectPrefix);
|
|
if ( BackSlashExist )
|
|
swprintf(WildCard, L"%s*.*", ObjectPrefix);
|
|
else
|
|
swprintf(WildCard, L"%s\\*.*", ObjectPrefix);
|
|
|
|
hFile = _wfindfirst(WildCard, &FileInfo);
|
|
|
|
ScepFree(WildCard);
|
|
WildCard = NULL;
|
|
|
|
if ( hFile != -1 ) {
|
|
do {
|
|
if ( wcscmp(L"..", FileInfo.name) == 0 ||
|
|
wcscmp(L".", FileInfo.name) == 0 )
|
|
continue;
|
|
|
|
FindIndex = -1;
|
|
|
|
rc = ScepAddItemToChildren(
|
|
NULL,
|
|
FileInfo.name,
|
|
0,
|
|
(FileInfo.attrib & _A_SUBDIR) ? TRUE : FALSE,
|
|
NewStatus,
|
|
0,
|
|
&pArrObject,
|
|
&arrCount,
|
|
&MaxCount,
|
|
&FindIndex
|
|
);
|
|
|
|
if ( rc == ERROR_DUP_NAME ) {
|
|
rc = ERROR_SUCCESS;
|
|
} else if ( rc != ERROR_SUCCESS ) {
|
|
ScepBuildErrorLogInfo( rc,
|
|
Errlog,
|
|
SCEERR_ADD,
|
|
FileInfo.name
|
|
);
|
|
//
|
|
// only the following two errors could be returned
|
|
//
|
|
if ( rc == ERROR_NOT_ENOUGH_MEMORY ) {
|
|
rc = SCESTATUS_NOT_ENOUGH_RESOURCE;
|
|
break;
|
|
} else
|
|
rc = SCESTATUS_INVALID_PARAMETER;
|
|
}
|
|
|
|
} while ( _wfindnext(hFile, &FileInfo) == 0 );
|
|
|
|
_findclose(hFile);
|
|
}
|
|
|
|
break;
|
|
case AREA_REGISTRY_SECURITY:
|
|
|
|
HKEY hKey;
|
|
DWORD index;
|
|
DWORD EnumRc;
|
|
//
|
|
// open the key (on a 64-bit platform, 64-bit
|
|
// registry only will be done if SCE_ENGINE_SAP)
|
|
//
|
|
rc = ScepOpenRegistryObject(
|
|
SE_REGISTRY_KEY,
|
|
ObjectPrefix,
|
|
KEY_READ,
|
|
&hKey
|
|
);
|
|
|
|
if ( rc == ERROR_SUCCESS ) {
|
|
index = 0;
|
|
//
|
|
// enumerate all subkeys of the key
|
|
//
|
|
do {
|
|
WildCard = (PWSTR)ScepAlloc(LMEM_ZEROINIT, MAX_PATH*sizeof(WCHAR));
|
|
if ( WildCard == NULL ) {
|
|
rc = SCESTATUS_NOT_ENOUGH_RESOURCE;
|
|
break;
|
|
}
|
|
BufSize = MAX_PATH;
|
|
|
|
EnumRc = RegEnumKeyEx(hKey,
|
|
index,
|
|
WildCard,
|
|
&BufSize,
|
|
NULL,
|
|
NULL,
|
|
NULL,
|
|
NULL);
|
|
|
|
if ( EnumRc == ERROR_SUCCESS ) {
|
|
index++;
|
|
//
|
|
// add the name to the object list
|
|
//
|
|
FindIndex = -1;
|
|
rc = ScepAddItemToChildren(
|
|
NULL,
|
|
WildCard,
|
|
BufSize,
|
|
TRUE,
|
|
NewStatus,
|
|
0,
|
|
&pArrObject,
|
|
&arrCount,
|
|
&MaxCount,
|
|
&FindIndex
|
|
);
|
|
|
|
if ( rc == ERROR_DUP_NAME ) {
|
|
rc = ERROR_SUCCESS;
|
|
} else if ( rc != ERROR_SUCCESS ) {
|
|
ScepBuildErrorLogInfo( rc,
|
|
Errlog,
|
|
SCEERR_ADD,
|
|
WildCard
|
|
);
|
|
//
|
|
// only the following two errors could be returned
|
|
//
|
|
if ( rc == ERROR_NOT_ENOUGH_MEMORY ) {
|
|
rc = SCESTATUS_NOT_ENOUGH_RESOURCE;
|
|
break;
|
|
} else
|
|
rc = SCESTATUS_INVALID_PARAMETER;
|
|
}
|
|
}
|
|
|
|
ScepFree(WildCard);
|
|
WildCard = NULL;
|
|
|
|
} while ( EnumRc != ERROR_NO_MORE_ITEMS );
|
|
|
|
RegCloseKey(hKey);
|
|
|
|
} else {
|
|
rc = ScepDosErrorToSceStatus(rc);
|
|
}
|
|
|
|
break;
|
|
#if 0
|
|
case AREA_DS_OBJECTS:
|
|
|
|
PSCE_NAME_LIST pTemp, pList=NULL;
|
|
|
|
rc = ScepLdapOpen(NULL);
|
|
|
|
if ( rc == SCESTATUS_SUCCESS ) {
|
|
//
|
|
// detect if the Ds object exist
|
|
//
|
|
rc = ScepDsObjectExist(ObjectPrefix);
|
|
|
|
if ( rc == SCESTATUS_SUCCESS ) {
|
|
|
|
rc = ScepEnumerateDsOneLevel(ObjectPrefix, &pList);
|
|
//
|
|
// add each one to the object list
|
|
//
|
|
for (pTemp=pList; pTemp != NULL; pTemp = pTemp->Next ) {
|
|
//
|
|
// look for the first ldap component
|
|
//
|
|
WildCard = wcschr(pTemp->Name, L',');
|
|
if ( WildCard ) {
|
|
BufSize = (DWORD)(WildCard - pTemp->Name);
|
|
} else {
|
|
BufSize = 0;
|
|
}
|
|
|
|
rc = ScepAddItemToChildren(
|
|
NULL,
|
|
pTemp->Name,
|
|
BufSize,
|
|
TRUE,
|
|
NewStatus,
|
|
0,
|
|
&pArrObject,
|
|
&arrCount,
|
|
&MaxCount,
|
|
&FindIndex
|
|
);
|
|
|
|
if ( rc != ERROR_SUCCESS ) {
|
|
ScepBuildErrorLogInfo( rc,
|
|
Errlog,
|
|
SCEERR_ADD,
|
|
pTemp->Name
|
|
);
|
|
//
|
|
// only the following two errors could be returned
|
|
//
|
|
if ( rc == ERROR_NOT_ENOUGH_MEMORY ) {
|
|
rc = SCESTATUS_NOT_ENOUGH_RESOURCE;
|
|
break;
|
|
} else
|
|
rc = SCESTATUS_INVALID_PARAMETER;
|
|
}
|
|
}
|
|
if ( pList ) {
|
|
//
|
|
// free the list
|
|
//
|
|
ScepFreeNameList(pList);
|
|
}
|
|
}
|
|
ScepLdapClose(NULL);
|
|
}
|
|
break;
|
|
#endif
|
|
|
|
}
|
|
//
|
|
// ignore other errors except out of memory
|
|
//
|
|
if ( rc != SCESTATUS_NOT_ENOUGH_RESOURCE ) {
|
|
rc = SCESTATUS_SUCCESS;
|
|
}
|
|
// }
|
|
|
|
}
|
|
/*
|
|
if ( *Buffer ) {
|
|
((PSCE_OBJECT_CHILDREN)(*Buffer))->nCount = arrCount;
|
|
((PSCE_OBJECT_CHILDREN)(*Buffer))->MaxCount = MaxCount;
|
|
((PSCE_OBJECT_CHILDREN)(*Buffer))->arrObject = pArrObject;
|
|
}
|
|
*/
|
|
if ( pArrObject ) {
|
|
*Buffer = (PVOID)((PBYTE)pArrObject - 2*sizeof(DWORD));
|
|
((PSCE_OBJECT_CHILDREN)(*Buffer))->nCount = arrCount;
|
|
((PSCE_OBJECT_CHILDREN)(*Buffer))->MaxCount = MaxCount;
|
|
}
|
|
|
|
if ( rc != SCESTATUS_SUCCESS ) {
|
|
//
|
|
// free Buffer
|
|
//
|
|
ScepFreeObjectChildren((PSCE_OBJECT_CHILDREN)(*Buffer));
|
|
*Buffer = NULL;
|
|
}
|
|
}
|
|
|
|
if ( (SCESTATUS_SUCCESS == rc) &&
|
|
(*Buffer == NULL) ) {
|
|
//
|
|
// get nothing
|
|
//
|
|
rc = SCESTATUS_RECORD_NOT_FOUND;
|
|
}
|
|
|
|
return(rc);
|
|
}
|
|
|
|
|
|
BYTE
|
|
ScepGetObjectStatusFlag(
|
|
IN PSCECONTEXT hProfile,
|
|
IN SCETYPE ProfileType,
|
|
IN AREA_INFORMATION Area,
|
|
IN PWSTR ObjectPrefix,
|
|
IN BOOL bLookForParent
|
|
)
|
|
/*
|
|
Routine Description:
|
|
|
|
To find the status for the closest parent node (immediate/non immediate)
|
|
for the Object in the table.
|
|
|
|
Arguments:
|
|
|
|
hProfile - the databaes handle
|
|
|
|
ProfileType - the table type
|
|
|
|
Area - the area information
|
|
|
|
ObjectPrefix - the object's full name
|
|
|
|
Return Value:
|
|
|
|
Byte - the status flag for the nearest parent if one is found
|
|
|
|
*/
|
|
{
|
|
LPCTSTR SectionName;
|
|
PSCESECTION hSection=NULL;
|
|
WCHAR Delim;
|
|
BYTE Status=(BYTE)-1;
|
|
|
|
SCESTATUS rc;
|
|
PWSTR JetName=NULL;
|
|
|
|
|
|
switch ( Area) {
|
|
case AREA_FILE_SECURITY:
|
|
SectionName = szFileSecurity;
|
|
JetName = ObjectPrefix;
|
|
Delim = L'\\';
|
|
break;
|
|
case AREA_REGISTRY_SECURITY:
|
|
SectionName = szRegistryKeys;
|
|
JetName = ObjectPrefix;
|
|
Delim = L'\\';
|
|
break;
|
|
#if 0
|
|
case AREA_DS_OBJECTS:
|
|
SectionName = szDSSecurity;
|
|
Delim = L',';
|
|
rc = ScepConvertLdapToJetIndexName(
|
|
ObjectPrefix,
|
|
&JetName
|
|
);
|
|
if ( rc != SCESTATUS_SUCCESS ) {
|
|
return (BYTE)-1;
|
|
}
|
|
break;
|
|
#endif
|
|
default:
|
|
return (BYTE)-1;
|
|
}
|
|
|
|
rc = ScepOpenSectionForName(
|
|
hProfile,
|
|
ProfileType,
|
|
SectionName,
|
|
&hSection
|
|
);
|
|
if ( SCESTATUS_SUCCESS == rc ) {
|
|
|
|
Status = ScepGetObjectAnalysisStatus(hSection,
|
|
JetName,
|
|
bLookForParent
|
|
);
|
|
}
|
|
|
|
SceJetCloseSection(&hSection, TRUE);
|
|
|
|
if ( JetName != ObjectPrefix ) {
|
|
ScepFree(JetName);
|
|
}
|
|
|
|
if ( SCESTATUS_SUCCESS == rc ) {
|
|
return Status;
|
|
}
|
|
|
|
return (BYTE)-1;
|
|
}
|
|
|
|
SCESTATUS
|
|
ScepGetObjectChildrenFromOneTable(
|
|
IN PSCECONTEXT hProfile,
|
|
IN SCETYPE ProfileType,
|
|
IN AREA_INFORMATION Area,
|
|
IN PWSTR ObjectPrefix,
|
|
IN SCE_SUBOBJECT_TYPE Option,
|
|
OUT PVOID *Buffer,
|
|
OUT PSCE_ERROR_LOG_INFO *Errlog OPTIONAL
|
|
)
|
|
/* ++
|
|
Routine Description:
|
|
|
|
This routine is used for Registry and File Security ONLY.
|
|
|
|
This routine takes a object prefix ( e.g., a parent node’s full path name)
|
|
and outputs all files and sub directories under the object, or the immediate
|
|
children under the object, based on Option. When all files and sub
|
|
directories are outputted, the output information is in a n-tree structure
|
|
(SCE_OBJECT_TREE). If only the immediate children are outputted, the
|
|
output information is in a list structure (SCE_OBJECT_CHILDREN). The output buffer
|
|
must be freed by LocalFree after its use.
|
|
|
|
Arguments:
|
|
|
|
hProfile - The handle to the profile
|
|
|
|
ProifleType - The type of the profile to read
|
|
|
|
Area - The security area to read info
|
|
AREA_REGISTRY_SECURITY
|
|
AREA_FILE_SECURITY
|
|
|
|
ObjectPrefix- The parent node’s full path name (e.g., c:\winnt)
|
|
|
|
Option - The option for output information. Valid values are
|
|
SCE_ALL_CHILDREN
|
|
SCE_IMMEDIATE_CHILDREN
|
|
|
|
Buffer - The output buffer.
|
|
|
|
Errlog - The error log buffer.
|
|
|
|
Return Value:
|
|
|
|
SCESTATUS_SUCCESS
|
|
SCESTATUS_PROFILE_NOT_FOUND
|
|
SCESTATUS_NOT_ENOUGH_RESOURCE
|
|
SCESTATUS_INVALID_PARAMETER
|
|
SCESTATUS_BAD_FORMAT
|
|
SCESTATUS_INVALID_DATA
|
|
-- */
|
|
{
|
|
SCESTATUS rc = SCESTATUS_SUCCESS;
|
|
PCWSTR SectionName=NULL;
|
|
PWSTR JetName;
|
|
WCHAR Delim=L'\\';
|
|
|
|
|
|
if ( ObjectPrefix == NULL || ObjectPrefix[0] == L'\0' )
|
|
return(SCESTATUS_INVALID_PARAMETER);
|
|
|
|
if ( Option == SCE_ALL_CHILDREN &&
|
|
ProfileType == SCE_ENGINE_SAP )
|
|
return(SCESTATUS_INVALID_PARAMETER);
|
|
|
|
|
|
switch (Area) {
|
|
case AREA_REGISTRY_SECURITY:
|
|
SectionName = szRegistryKeys;
|
|
JetName = ObjectPrefix;
|
|
break;
|
|
|
|
case AREA_FILE_SECURITY:
|
|
SectionName = szFileSecurity;
|
|
JetName = ObjectPrefix;
|
|
|
|
break;
|
|
#if 0
|
|
case AREA_DS_OBJECTS:
|
|
SectionName = szDSSecurity;
|
|
Delim = L',';
|
|
|
|
rc = ScepConvertLdapToJetIndexName(
|
|
ObjectPrefix,
|
|
&JetName
|
|
);
|
|
if ( rc != SCESTATUS_SUCCESS )
|
|
return(rc);
|
|
*Buffer = NULL;
|
|
break;
|
|
#endif
|
|
|
|
default:
|
|
return(SCESTATUS_INVALID_PARAMETER);
|
|
}
|
|
|
|
DWORD PrefixLen;
|
|
PWSTR NewPrefix;
|
|
PWSTR ObjectName=NULL;
|
|
PWSTR Value=NULL;
|
|
DWORD ObjectLen, ValueLen;
|
|
PWSTR Buffer1=NULL;
|
|
|
|
//
|
|
// make a new prefix to force a Delim at the end
|
|
//
|
|
PrefixLen = wcslen(JetName);
|
|
|
|
if ( Option != SCE_ALL_CHILDREN ) {
|
|
|
|
if ( JetName[PrefixLen-1] != Delim )
|
|
PrefixLen++;
|
|
|
|
NewPrefix = (PWSTR)ScepAlloc(0, (PrefixLen+1)*sizeof(WCHAR));
|
|
|
|
if ( NewPrefix == NULL ) {
|
|
rc = SCESTATUS_NOT_ENOUGH_RESOURCE;
|
|
|
|
} else {
|
|
wcscpy(NewPrefix, JetName);
|
|
NewPrefix[PrefixLen-1] = Delim;
|
|
NewPrefix[PrefixLen] = L'\0';
|
|
}
|
|
} else
|
|
NewPrefix = JetName;
|
|
|
|
if ( rc != SCESTATUS_SUCCESS ) {
|
|
if ( Area == AREA_DS_OBJECTS )
|
|
ScepFree(JetName);
|
|
|
|
return(rc);
|
|
}
|
|
|
|
PSCESECTION hSection=NULL;
|
|
DWORD i;
|
|
PSCE_OBJECT_CHILDREN_NODE *pArrObject=NULL;
|
|
DWORD arrCount=0;
|
|
DWORD MaxCount=0;
|
|
LONG LastIndex=-1;
|
|
LONG FindIndex=-1;
|
|
|
|
//
|
|
// open the section
|
|
//
|
|
rc = ScepOpenSectionForName(
|
|
hProfile,
|
|
ProfileType,
|
|
SectionName,
|
|
&hSection
|
|
);
|
|
|
|
if ( rc == SCESTATUS_SUCCESS ) {
|
|
|
|
if ( ProfileType == SCE_ENGINE_SAP &&
|
|
Option != SCE_ALL_CHILDREN &&
|
|
PrefixLen > 2 ) {
|
|
|
|
//
|
|
// find if this drive support ACL
|
|
//
|
|
WCHAR StatusFlag=L'\0';
|
|
WCHAR SaveChr = NewPrefix[3];
|
|
|
|
NewPrefix[3] = L'\0';
|
|
|
|
rc = SceJetGetValue(
|
|
hSection,
|
|
SCEJET_EXACT_MATCH_NO_CASE,
|
|
NewPrefix,
|
|
NULL,
|
|
0,
|
|
NULL,
|
|
(PWSTR)&StatusFlag, // two bytes buffer
|
|
2,
|
|
&i
|
|
);
|
|
|
|
NewPrefix[3] = SaveChr;
|
|
|
|
if ( SCESTATUS_SUCCESS == rc ||
|
|
SCESTATUS_BUFFER_TOO_SMALL == rc ) {
|
|
|
|
i = *((BYTE *)&StatusFlag);
|
|
|
|
if ( i == (BYTE)SCE_STATUS_NO_ACL_SUPPORT ||
|
|
i == (DWORD)SCE_STATUS_NO_ACL_SUPPORT ) {
|
|
|
|
rc = SCESTATUS_SERVICE_NOT_SUPPORT;
|
|
} else {
|
|
|
|
rc = SCESTATUS_SUCCESS;
|
|
}
|
|
} else {
|
|
rc = SCESTATUS_SUCCESS;
|
|
}
|
|
}
|
|
} else {
|
|
|
|
ScepBuildErrorLogInfo( ERROR_INVALID_HANDLE,
|
|
Errlog,
|
|
SCEERR_OPEN,
|
|
SectionName
|
|
);
|
|
}
|
|
|
|
if ( rc == SCESTATUS_SUCCESS ) {
|
|
|
|
DWORD Level;
|
|
PWSTR pTemp;
|
|
DWORD SDsize=0;
|
|
|
|
pTemp = wcschr(JetName, Delim);
|
|
Level=1;
|
|
while ( pTemp ) {
|
|
pTemp++;
|
|
if ( pTemp[0] != 0 )
|
|
Level++;
|
|
pTemp = wcschr(pTemp, Delim);
|
|
}
|
|
Level++;
|
|
|
|
|
|
if ( Option == SCE_ALL_CHILDREN ) {
|
|
//
|
|
// find the first record in the section
|
|
//
|
|
rc = SceJetGetValue(
|
|
hSection,
|
|
SCEJET_PREFIX_MATCH_NO_CASE,
|
|
JetName,
|
|
NULL,
|
|
0,
|
|
&SDsize, // temp use for ObjectLen,
|
|
NULL,
|
|
0,
|
|
&i // temp use for ValueLen
|
|
);
|
|
} else {
|
|
//
|
|
// find the first record matching prefix in the section
|
|
//
|
|
rc = SceJetSeek(
|
|
hSection,
|
|
NewPrefix,
|
|
PrefixLen*sizeof(TCHAR),
|
|
SCEJET_SEEK_GE_NO_CASE
|
|
);
|
|
|
|
if ( rc == SCESTATUS_SUCCESS ) {
|
|
//
|
|
// start the Ldap server
|
|
//
|
|
if ( Area == AREA_DS_OBJECTS) {
|
|
|
|
rc = ScepLdapOpen(NULL);
|
|
|
|
if ( rc != SCESTATUS_SUCCESS ) {
|
|
ScepBuildErrorLogInfo( 0,
|
|
Errlog,
|
|
SCEERR_CONVERT_LDAP,
|
|
L""
|
|
);
|
|
}
|
|
}
|
|
|
|
if ( rc == SCESTATUS_SUCCESS ) {
|
|
rc = SceJetGetValue(
|
|
hSection,
|
|
SCEJET_CURRENT,
|
|
NULL,
|
|
NULL,
|
|
0,
|
|
&SDsize, // temp use for ObjectLen,
|
|
NULL,
|
|
0,
|
|
&i // temp use for ValueLen
|
|
);
|
|
}
|
|
}
|
|
|
|
}
|
|
|
|
DWORD Count=0;
|
|
BYTE Status;
|
|
BOOL IsContainer;
|
|
SCEJET_FIND_TYPE FindFlag;
|
|
|
|
while ( rc == SCESTATUS_SUCCESS ) {
|
|
|
|
//
|
|
// allocate memory for the group name and value string
|
|
//
|
|
ObjectName = (PWSTR)ScepAlloc( LMEM_ZEROINIT, SDsize+2); // ObjectLen
|
|
Value = (PWSTR)ScepAlloc( LMEM_ZEROINIT, i+2); //ValueLen
|
|
|
|
if ( ObjectName == NULL || Value == NULL ) {
|
|
rc = SCESTATUS_NOT_ENOUGH_RESOURCE;
|
|
goto Done;
|
|
|
|
}
|
|
//
|
|
// Get the group and its value
|
|
//
|
|
rc = SceJetGetValue(
|
|
hSection,
|
|
SCEJET_CURRENT,
|
|
NULL,
|
|
ObjectName,
|
|
SDsize,
|
|
&ObjectLen,
|
|
Value,
|
|
i,
|
|
&ValueLen
|
|
);
|
|
if ( rc != SCESTATUS_SUCCESS ) {
|
|
ScepBuildErrorLogInfo( ERROR_READ_FAULT,
|
|
Errlog,
|
|
SCEERR_QUERY_VALUE,
|
|
SectionName
|
|
);
|
|
goto Done;
|
|
}
|
|
|
|
//
|
|
// teminate the string
|
|
//
|
|
if ( ObjectLen > SDsize )
|
|
ObjectLen = SDsize;
|
|
if ( ValueLen > i )
|
|
ValueLen = i;
|
|
|
|
ObjectName[ObjectLen/2] = L'\0';
|
|
Value[ValueLen/2] = L'\0';
|
|
|
|
if ( Option == SCE_ALL_CHILDREN ) {
|
|
//
|
|
// add this object to the object tree
|
|
//
|
|
|
|
PSECURITY_DESCRIPTOR pTempSD=NULL;
|
|
SECURITY_INFORMATION SeInfo;
|
|
|
|
//
|
|
// use i temperatorily
|
|
//
|
|
i = ConvertTextSecurityDescriptor(
|
|
Value+1,
|
|
&pTempSD,
|
|
&SDsize,
|
|
&SeInfo
|
|
);
|
|
|
|
if ( i == NO_ERROR ) {
|
|
|
|
if ( Area != AREA_DS_OBJECTS ) {
|
|
ScepChangeAclRevision(pTempSD, ACL_REVISION);
|
|
}
|
|
|
|
Status = *((BYTE *)Value);
|
|
IsContainer = *((CHAR *)Value+1) != '0' ? TRUE : FALSE;
|
|
|
|
if ( Area == AREA_DS_OBJECTS && *Buffer == NULL ) {
|
|
//
|
|
// build the first node separately because the first node
|
|
// is always the domain name with its DNS name as full name
|
|
//
|
|
rc = ScepBuildDsTree(
|
|
(PSCE_OBJECT_CHILD_LIST *)Buffer,
|
|
Level-1,
|
|
Delim,
|
|
JetName
|
|
);
|
|
if ( rc == SCESTATUS_SUCCESS ) {
|
|
|
|
if ( _wcsicmp(ObjectName, JetName) == 0 ) {
|
|
//
|
|
// exact match
|
|
//
|
|
(*((PSCE_OBJECT_TREE *)Buffer))->IsContainer = IsContainer;
|
|
(*((PSCE_OBJECT_TREE *)Buffer))->Status = Status;
|
|
(*((PSCE_OBJECT_TREE *)Buffer))->pSecurityDescriptor = pTempSD;
|
|
(*((PSCE_OBJECT_TREE *)Buffer))->SeInfo = SeInfo;
|
|
|
|
} else {
|
|
|
|
rc = ScepBuildObjectTree(
|
|
NULL,
|
|
(PSCE_OBJECT_CHILD_LIST *)Buffer,
|
|
Level-1,
|
|
Delim,
|
|
ObjectName,
|
|
IsContainer,
|
|
Status,
|
|
pTempSD,
|
|
SeInfo
|
|
);
|
|
}
|
|
}
|
|
|
|
} else {
|
|
|
|
rc = ScepBuildObjectTree(
|
|
NULL,
|
|
(PSCE_OBJECT_CHILD_LIST *)Buffer,
|
|
(Area == AREA_DS_OBJECTS) ? Level : 1,
|
|
Delim,
|
|
ObjectName,
|
|
IsContainer,
|
|
Status,
|
|
pTempSD,
|
|
SeInfo
|
|
);
|
|
}
|
|
if ( rc != SCESTATUS_SUCCESS ) {
|
|
ScepBuildErrorLogInfo( ScepSceStatusToDosError(rc),
|
|
Errlog,
|
|
SCEERR_BUILD_OBJECT
|
|
);
|
|
ScepFree(pTempSD);
|
|
}
|
|
|
|
} else {
|
|
ScepBuildErrorLogInfo( i,
|
|
Errlog,
|
|
SCEERR_BUILD_SD,
|
|
ObjectName // Value+1
|
|
);
|
|
rc = ScepDosErrorToSceStatus(i);
|
|
}
|
|
FindFlag = SCEJET_NEXT_LINE;
|
|
|
|
} else {
|
|
|
|
INT CompFlag;
|
|
DWORD ListHeadLen;
|
|
|
|
// verify it is within the right range
|
|
CompFlag = _wcsnicmp(ObjectName, NewPrefix, PrefixLen);
|
|
|
|
if ( pArrObject != NULL && LastIndex >= 0 && LastIndex < (LONG)arrCount ) {
|
|
ListHeadLen = wcslen(pArrObject[LastIndex]->Name);
|
|
|
|
} else
|
|
ListHeadLen = 0;
|
|
|
|
if ( (CompFlag == 0 && PrefixLen == ObjectLen/2) ||
|
|
CompFlag < 0 ) {
|
|
// CompFlag < 0 should be impossible!!!
|
|
// if it is the exact match with ObjectPrefix, ignore
|
|
//
|
|
// Every next level node is returned in the ObjectList
|
|
// with either
|
|
// Count=0 ( no sub children ), or
|
|
// Count > 0 && Status=SCE_STATUS_GOOD (this one is good)
|
|
// Status=mismatch/unknown/ignore/check
|
|
// should not count the object itself
|
|
//
|
|
rc = SceJetMoveNext(hSection);
|
|
|
|
} else if (CompFlag > 0 ) {
|
|
|
|
rc = SCESTATUS_RECORD_NOT_FOUND;
|
|
|
|
} else if (pArrObject != NULL && LastIndex >= 0 && LastIndex < (LONG)arrCount &&
|
|
PrefixLen+ListHeadLen < ObjectLen/2 &&
|
|
ObjectName[PrefixLen+ListHeadLen] == Delim &&
|
|
_wcsnicmp( pArrObject[LastIndex]->Name, ObjectName+PrefixLen,
|
|
ListHeadLen ) == 0 ) {
|
|
//
|
|
// if the list is not NULL, check the list head (new added item)
|
|
// to see if the ObjectName is already in. If yes, skip
|
|
//
|
|
Buffer1 = (PWSTR)ScepAlloc(0, (ListHeadLen+PrefixLen+2)*sizeof(WCHAR));
|
|
|
|
if ( Buffer1 == NULL ) {
|
|
rc = SCESTATUS_NOT_ENOUGH_RESOURCE;
|
|
|
|
} else {
|
|
|
|
swprintf(Buffer1, L"%s%s", NewPrefix, pArrObject[LastIndex]->Name);
|
|
Buffer1[PrefixLen+ListHeadLen] = (WCHAR) (Delim + 1);
|
|
Buffer1[PrefixLen+ListHeadLen+1] = L'\0';
|
|
//
|
|
// skip the block
|
|
//
|
|
rc = SceJetSeek(
|
|
hSection,
|
|
Buffer1,
|
|
(PrefixLen+ListHeadLen+1)*sizeof(TCHAR),
|
|
SCEJET_SEEK_GE_DONT_CARE //SCEJET_SEEK_GE_NO_CASE
|
|
);
|
|
|
|
ScepFree(Buffer1);
|
|
Buffer1 = NULL;
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
DWORD Len;
|
|
BOOL LastOne;
|
|
|
|
//
|
|
// searching for the right level component
|
|
//
|
|
PWSTR pStart = ObjectName;
|
|
|
|
for ( i=0; i<Level; i++) {
|
|
|
|
pTemp = wcschr(pStart, Delim);
|
|
|
|
if ( i == Level-1 ) {
|
|
//
|
|
// find the right level
|
|
//
|
|
if ( pTemp == NULL ) {
|
|
LastOne = TRUE;
|
|
Len = ObjectLen/2; // wcslen(pStart); from begining
|
|
} else {
|
|
Len = (DWORD)(pTemp - ObjectName); // pStart; from begining
|
|
if ( *(pTemp+1) == L'\0' )
|
|
LastOne = TRUE;
|
|
else
|
|
LastOne = FALSE;
|
|
}
|
|
SDsize = (DWORD)(pStart - ObjectName);
|
|
} else {
|
|
if ( pTemp == NULL ) {
|
|
rc = SCESTATUS_INVALID_PARAMETER;
|
|
break;
|
|
} else
|
|
pStart = pTemp + 1;
|
|
}
|
|
}
|
|
|
|
if ( rc == SCESTATUS_SUCCESS && Len > SDsize ) {
|
|
|
|
Buffer1 = (PWSTR)ScepAlloc( LMEM_ZEROINIT, (Len+1)*sizeof(WCHAR));
|
|
|
|
if ( Buffer1 == NULL )
|
|
rc = SCESTATUS_NOT_ENOUGH_RESOURCE;
|
|
else {
|
|
// wcsncpy(Buffer1, pStart, Len );
|
|
wcsncpy(Buffer1, ObjectName, Len);
|
|
|
|
Count = 1;
|
|
|
|
if ( LastOne ) {
|
|
|
|
Count = 0;
|
|
|
|
Status = *((BYTE *)Value);
|
|
IsContainer = *((CHAR *)Value+1) != '0' ? TRUE : FALSE;
|
|
|
|
} else {
|
|
IsContainer = TRUE;
|
|
|
|
if ( ProfileType == SCE_ENGINE_SAP )
|
|
Status = SCE_STATUS_GOOD;
|
|
else
|
|
Status = SCE_STATUS_CHECK;
|
|
}
|
|
|
|
}
|
|
}
|
|
|
|
if ( rc != SCESTATUS_SUCCESS ) {
|
|
ScepBuildErrorLogInfo( ERROR_READ_FAULT,
|
|
Errlog,
|
|
SCEERR_PROCESS_OBJECT,
|
|
ObjectName
|
|
);
|
|
} else if ( Buffer1 != NULL) {
|
|
//
|
|
// check to see if Buffer1 is already in the list
|
|
//
|
|
|
|
i=0; // temp. use of i for skip flag
|
|
if ( pArrObject && LastIndex >= 0 && LastIndex < (LONG)arrCount ) {
|
|
|
|
if ( ScepSearchItemInChildren(Buffer1+SDsize,
|
|
Len-SDsize,
|
|
pArrObject,
|
|
arrCount,
|
|
&FindIndex
|
|
)
|
|
) {
|
|
|
|
//
|
|
// Buffer1 is already in the list, skip the block
|
|
// use pStart temporarily
|
|
//
|
|
|
|
pStart = (PWSTR)ScepAlloc(0, (Len+2)*sizeof(WCHAR));
|
|
if ( pStart == NULL ) {
|
|
rc = SCESTATUS_NOT_ENOUGH_RESOURCE;
|
|
|
|
} else {
|
|
//
|
|
// skip the block
|
|
//
|
|
|
|
wcscpy(pStart, Buffer1);
|
|
pStart[Len] = (WCHAR) ( Delim+1);
|
|
pStart[Len+1] = L'\0';
|
|
|
|
rc = SceJetSeek(
|
|
hSection,
|
|
pStart,
|
|
(Len+1)*sizeof(TCHAR),
|
|
SCEJET_SEEK_GE_DONT_CARE //cannot use GT cause it will skip the section
|
|
);
|
|
|
|
ScepFree(pStart);
|
|
pStart = NULL;
|
|
|
|
i=1;
|
|
LastIndex = FindIndex;
|
|
}
|
|
}
|
|
}
|
|
|
|
if ( 0 == i && SCESTATUS_SUCCESS == rc ) {
|
|
|
|
//
|
|
// get count
|
|
//
|
|
pStart = (PWSTR)ScepAlloc(0, (Len+2)*sizeof(WCHAR));
|
|
if ( pStart == NULL ) {
|
|
rc = SCESTATUS_NOT_ENOUGH_RESOURCE;
|
|
|
|
} else {
|
|
|
|
wcscpy(pStart, Buffer1);
|
|
pStart[Len] = Delim;
|
|
pStart[Len+1] = L'\0';
|
|
|
|
rc = SceJetGetLineCount(
|
|
hSection,
|
|
pStart,
|
|
FALSE,
|
|
&Count);
|
|
|
|
if ( rc == SCESTATUS_SUCCESS ||
|
|
rc == SCESTATUS_RECORD_NOT_FOUND ) {
|
|
|
|
if ( !IsContainer && Count > 0 ) {
|
|
IsContainer = TRUE;
|
|
}
|
|
|
|
//
|
|
// make buffer1 approprate case
|
|
//
|
|
switch (Area) {
|
|
case AREA_REGISTRY_SECURITY:
|
|
rc = ScepGetRegKeyCase(Buffer1, SDsize, Len-SDsize);
|
|
break;
|
|
case AREA_FILE_SECURITY:
|
|
rc = ScepGetFileCase(Buffer1, SDsize, Len-SDsize);
|
|
break;
|
|
case AREA_DS_OBJECTS:
|
|
//
|
|
// need convert name first from o=,dc=,cn= to cn=,dc=,o=
|
|
//
|
|
pTemp=NULL;
|
|
rc = ScepConvertJetNameToLdapCase(
|
|
Buffer1,
|
|
TRUE, // Last component only
|
|
SCE_CASE_PREFERED, // right case
|
|
&pTemp
|
|
);
|
|
|
|
if ( rc != ERROR_FILE_NOT_FOUND && pTemp != NULL ) {
|
|
|
|
rc = ScepAddItemToChildren(NULL,
|
|
pTemp,
|
|
wcslen(pTemp),
|
|
IsContainer,
|
|
Status,
|
|
Count,
|
|
&pArrObject,
|
|
&arrCount,
|
|
&MaxCount,
|
|
&FindIndex
|
|
);
|
|
|
|
if ( rc != ERROR_SUCCESS ) {
|
|
ScepBuildErrorLogInfo( rc,
|
|
Errlog,
|
|
SCEERR_ADD,
|
|
pTemp
|
|
);
|
|
} else {
|
|
LastIndex = FindIndex;
|
|
}
|
|
|
|
ScepFree(pTemp);
|
|
pTemp = NULL;
|
|
}
|
|
rc = ScepDosErrorToSceStatus(rc);
|
|
|
|
break;
|
|
}
|
|
/*
|
|
if ( rc == SCESTATUS_PROFILE_NOT_FOUND ) {
|
|
//
|
|
// if the object does not exist, do not add
|
|
//
|
|
rc = SCESTATUS_SUCCESS;
|
|
|
|
} else if ( Area != AREA_DS_OBJECTS ) {
|
|
*/
|
|
if ( rc != SCESTATUS_PROFILE_NOT_FOUND &&
|
|
Area != AREA_DS_OBJECTS ) {
|
|
|
|
rc = ScepAddItemToChildren(NULL,
|
|
Buffer1+SDsize,
|
|
Len-SDsize,
|
|
IsContainer,
|
|
Status,
|
|
Count,
|
|
&pArrObject,
|
|
&arrCount,
|
|
&MaxCount,
|
|
&FindIndex
|
|
);
|
|
|
|
if ( rc != ERROR_SUCCESS ) {
|
|
ScepBuildErrorLogInfo( rc,
|
|
Errlog,
|
|
SCEERR_ADD,
|
|
Buffer1
|
|
);
|
|
rc = ScepDosErrorToSceStatus(rc);
|
|
} else {
|
|
LastIndex = FindIndex;
|
|
}
|
|
}
|
|
}
|
|
|
|
if ( rc == SCESTATUS_SUCCESS ) {
|
|
//
|
|
// seek to the original one
|
|
//
|
|
// Buffer1[Len-1] = (WCHAR) (Buffer1[Len-1] + 1);
|
|
rc = SceJetSeek(
|
|
hSection,
|
|
Buffer1,
|
|
Len*sizeof(TCHAR),
|
|
SCEJET_SEEK_GE_NO_CASE
|
|
);
|
|
//
|
|
// should be success, move to next line
|
|
//
|
|
rc = SceJetMoveNext(hSection);
|
|
|
|
} else if ( rc == SCESTATUS_PROFILE_NOT_FOUND ) {
|
|
|
|
pStart[Len] = (WCHAR) ( Delim+1);
|
|
pStart[Len+1] = L'\0';
|
|
|
|
rc = SceJetSeek(
|
|
hSection,
|
|
pStart,
|
|
(Len+1)*sizeof(TCHAR),
|
|
SCEJET_SEEK_GE_DONT_CARE //cannot use GT cause it will skip the section
|
|
);
|
|
|
|
}
|
|
|
|
ScepFree(pStart);
|
|
pStart = NULL;
|
|
|
|
}
|
|
}
|
|
|
|
ScepFree(Buffer1);
|
|
Buffer1 = NULL;
|
|
|
|
} else
|
|
rc = SceJetMoveNext(hSection);
|
|
}
|
|
FindFlag = SCEJET_CURRENT;
|
|
}
|
|
|
|
ScepFree(ObjectName);
|
|
ObjectName = NULL;
|
|
|
|
ScepFree(Value);
|
|
Value = NULL;
|
|
|
|
if ( rc != SCESTATUS_SUCCESS )
|
|
break;
|
|
|
|
//
|
|
// read next line
|
|
//
|
|
rc = SceJetGetValue(
|
|
hSection,
|
|
FindFlag,
|
|
NULL,
|
|
NULL,
|
|
0,
|
|
&SDsize, // temp use for ObjectLen
|
|
NULL,
|
|
0,
|
|
&i // temp use for ValueLen
|
|
);
|
|
}
|
|
|
|
if ( rc == SCESTATUS_RECORD_NOT_FOUND )
|
|
rc = SCESTATUS_SUCCESS;
|
|
|
|
}
|
|
|
|
Done:
|
|
|
|
if ( Area == AREA_DS_OBJECTS ) {
|
|
|
|
if ( Area == AREA_DS_OBJECTS ) {
|
|
if ( JetName != NULL )
|
|
ScepFree(JetName);
|
|
}
|
|
|
|
ScepLdapClose(NULL);
|
|
}
|
|
|
|
if ( Option != SCE_ALL_CHILDREN ) {
|
|
ScepFree(NewPrefix);
|
|
}
|
|
|
|
if ( Buffer1 != NULL )
|
|
ScepFree(Buffer1);
|
|
|
|
if ( ObjectName != NULL )
|
|
ScepFree(ObjectName);
|
|
|
|
if ( Value != NULL )
|
|
ScepFree(Value);
|
|
|
|
//
|
|
// close the find index range
|
|
//
|
|
SceJetGetValue(
|
|
hSection,
|
|
SCEJET_CLOSE_VALUE,
|
|
NULL,
|
|
NULL,
|
|
0,
|
|
NULL,
|
|
NULL,
|
|
0,
|
|
NULL
|
|
);
|
|
|
|
SceJetCloseSection( &hSection, TRUE);
|
|
|
|
if ( ( rc == SCESTATUS_SUCCESS ) &&
|
|
( Option != SCE_ALL_CHILDREN ) ) {
|
|
|
|
if ( pArrObject ) {
|
|
*Buffer = (PVOID)((PBYTE)pArrObject-sizeof(DWORD)*2);
|
|
|
|
((PSCE_OBJECT_CHILDREN)(*Buffer))->nCount = arrCount;
|
|
((PSCE_OBJECT_CHILDREN)(*Buffer))->MaxCount = MaxCount;
|
|
} else {
|
|
*Buffer = NULL;
|
|
}
|
|
/*
|
|
*Buffer = ScepAlloc(0, sizeof(SCE_OBJECT_CHILDREN));
|
|
|
|
if ( *Buffer ) {
|
|
|
|
((PSCE_OBJECT_CHILDREN)(*Buffer))->nCount = arrCount;
|
|
((PSCE_OBJECT_CHILDREN)(*Buffer))->MaxCount = MaxCount;
|
|
((PSCE_OBJECT_CHILDREN)(*Buffer))->arrObject = pArrObject;
|
|
|
|
} else {
|
|
rc = SCESTATUS_NOT_ENOUGH_RESOURCE;
|
|
}
|
|
*/
|
|
}
|
|
|
|
if ( rc != SCESTATUS_SUCCESS ) {
|
|
//
|
|
// free (PVOID *)Buffer
|
|
//
|
|
if ( Option == SCE_ALL_CHILDREN ) {
|
|
// OBJECT_CHILD_LIST structure
|
|
ScepFreeObject2Security((PSCE_OBJECT_CHILD_LIST)(*Buffer), FALSE);
|
|
} else if ( pArrObject ) {
|
|
// OBJECT_CHILDREN structure
|
|
ScepFreeObjectChildren((PSCE_OBJECT_CHILDREN)((PBYTE)pArrObject-sizeof(DWORD)*2));
|
|
}
|
|
*Buffer = NULL;
|
|
|
|
}
|
|
|
|
return(rc);
|
|
}
|
|
|
|
|
|
SCESTATUS
|
|
ScepBuildDsTree(
|
|
OUT PSCE_OBJECT_CHILD_LIST *TreeRoot,
|
|
IN ULONG Level,
|
|
IN WCHAR Delim,
|
|
IN PCWSTR ObjectFullName
|
|
)
|
|
{
|
|
TCHAR Buffer[MAX_PATH];
|
|
BOOL LastOne=FALSE;
|
|
SCESTATUS rc;
|
|
|
|
if ( TreeRoot == NULL || ObjectFullName == NULL ) {
|
|
return(SCESTATUS_INVALID_PARAMETER);
|
|
}
|
|
|
|
memset(Buffer, '\0', MAX_PATH*sizeof(TCHAR));
|
|
|
|
rc = ScepGetNameInLevel(ObjectFullName,
|
|
Level,
|
|
Delim,
|
|
Buffer,
|
|
&LastOne);
|
|
|
|
if ( rc != SCESTATUS_SUCCESS )
|
|
return(rc);
|
|
|
|
*TreeRoot = (PSCE_OBJECT_CHILD_LIST)ScepAlloc(LPTR, sizeof(SCE_OBJECT_CHILD_LIST));
|
|
if ( *TreeRoot == NULL )
|
|
return(SCESTATUS_NOT_ENOUGH_RESOURCE);
|
|
|
|
PSCE_OBJECT_TREE Node;
|
|
|
|
//
|
|
// allocate buffer for the node
|
|
//
|
|
Node = (PSCE_OBJECT_TREE)ScepAlloc((UINT)0, sizeof(SCE_OBJECT_TREE));
|
|
if ( Node == NULL ) {
|
|
ScepFree(*TreeRoot);
|
|
*TreeRoot = NULL;
|
|
return(SCESTATUS_NOT_ENOUGH_RESOURCE);
|
|
}
|
|
|
|
//
|
|
// allocate buffer for the object name
|
|
//
|
|
Node->Name = (PWSTR)ScepAlloc((UINT)0,
|
|
(wcslen(Buffer)+1) * sizeof(TCHAR));
|
|
if ( Node->Name != NULL ) {
|
|
|
|
Node->ObjectFullName = (PWSTR)ScepAlloc( 0, (wcslen(ObjectFullName)+1)*sizeof(TCHAR));
|
|
|
|
if ( Node->ObjectFullName != NULL ) {
|
|
//
|
|
// initialize
|
|
//
|
|
wcscpy(Node->Name, Buffer);
|
|
wcscpy(Node->ObjectFullName, ObjectFullName);
|
|
|
|
Node->ChildList = NULL;
|
|
Node->Parent = NULL;
|
|
Node->pApplySecurityDescriptor = NULL;
|
|
|
|
Node->pSecurityDescriptor = NULL;
|
|
Node->SeInfo = 0;
|
|
Node->IsContainer = TRUE;
|
|
Node->Status = SCE_STATUS_CHECK;
|
|
|
|
(*TreeRoot)->Node = Node;
|
|
|
|
} else {
|
|
|
|
rc = SCESTATUS_NOT_ENOUGH_RESOURCE;
|
|
ScepFree( Node->Name );
|
|
ScepFree( Node );
|
|
ScepFree( *TreeRoot );
|
|
*TreeRoot = NULL;
|
|
}
|
|
} else {
|
|
rc = SCESTATUS_NOT_ENOUGH_RESOURCE;
|
|
ScepFree( Node );
|
|
ScepFree( *TreeRoot );
|
|
*TreeRoot = NULL;
|
|
}
|
|
|
|
return(rc);
|
|
|
|
}
|
|
|
|
|
|
SCESTATUS
|
|
ScepGetObjectSecurity(
|
|
IN PSCECONTEXT hProfile,
|
|
IN SCETYPE ProfileType,
|
|
IN AREA_INFORMATION Area,
|
|
IN PWSTR ObjectName,
|
|
OUT PSCE_OBJECT_SECURITY *ObjSecurity
|
|
)
|
|
/*
|
|
Get security for a single object
|
|
*/
|
|
{
|
|
SCESTATUS rc;
|
|
PCWSTR SectionName=NULL;
|
|
PSCESECTION hSection=NULL;
|
|
PWSTR Value=NULL;
|
|
DWORD ValueLen;
|
|
PSECURITY_DESCRIPTOR pTempSD=NULL;
|
|
SECURITY_INFORMATION SeInfo;
|
|
DWORD SDsize, Win32Rc;
|
|
|
|
|
|
if ( hProfile == NULL || ObjectName == NULL ||
|
|
ObjSecurity == NULL ) {
|
|
return(SCESTATUS_INVALID_PARAMETER);
|
|
}
|
|
|
|
switch (Area) {
|
|
case AREA_REGISTRY_SECURITY:
|
|
SectionName = szRegistryKeys;
|
|
break;
|
|
case AREA_FILE_SECURITY:
|
|
SectionName = szFileSecurity;
|
|
break;
|
|
#if 0
|
|
case AREA_DS_OBJECTS:
|
|
SectionName = szDSSecurity;
|
|
break;
|
|
#endif
|
|
default:
|
|
return(SCESTATUS_INVALID_PARAMETER);
|
|
}
|
|
|
|
rc = ScepOpenSectionForName(
|
|
hProfile,
|
|
ProfileType,
|
|
SectionName,
|
|
&hSection
|
|
);
|
|
|
|
if ( rc == SCESTATUS_SUCCESS ) {
|
|
|
|
rc = SceJetGetValue(
|
|
hSection,
|
|
SCEJET_EXACT_MATCH_NO_CASE,
|
|
ObjectName,
|
|
NULL,
|
|
0,
|
|
NULL,
|
|
NULL,
|
|
0,
|
|
&ValueLen
|
|
);
|
|
|
|
if ( rc == SCESTATUS_SUCCESS ) {
|
|
//
|
|
// allocate memory for value string
|
|
//
|
|
Value = (PWSTR)ScepAlloc( LMEM_ZEROINIT, ValueLen+2);
|
|
|
|
if ( Value == NULL ) {
|
|
rc = SCESTATUS_NOT_ENOUGH_RESOURCE;
|
|
goto Done;
|
|
|
|
}
|
|
//
|
|
// Get the value
|
|
//
|
|
rc = SceJetGetValue(
|
|
hSection,
|
|
SCEJET_CURRENT,
|
|
NULL,
|
|
NULL,
|
|
0,
|
|
NULL,
|
|
Value,
|
|
ValueLen,
|
|
&ValueLen
|
|
);
|
|
|
|
if ( rc == SCESTATUS_SUCCESS ) {
|
|
|
|
//
|
|
// convert security descriptor
|
|
//
|
|
|
|
Win32Rc = ConvertTextSecurityDescriptor(
|
|
Value+1,
|
|
&pTempSD,
|
|
&SDsize,
|
|
&SeInfo
|
|
);
|
|
if ( Win32Rc == NO_ERROR ) {
|
|
|
|
if ( Area != AREA_DS_OBJECTS ) {
|
|
ScepChangeAclRevision(pTempSD, ACL_REVISION);
|
|
}
|
|
//
|
|
// allocate output buffer (SCE_OBJECT_SECURITY)
|
|
//
|
|
*ObjSecurity = (PSCE_OBJECT_SECURITY)ScepAlloc(0, sizeof(SCE_OBJECT_SECURITY));
|
|
if ( *ObjSecurity == NULL ) {
|
|
rc = SCESTATUS_NOT_ENOUGH_RESOURCE;
|
|
goto Done;
|
|
}
|
|
(*ObjSecurity)->Name = (PWSTR)ScepAlloc(0, (wcslen(ObjectName)+1)*sizeof(TCHAR));
|
|
if ( (*ObjSecurity)->Name == NULL ) {
|
|
rc = SCESTATUS_NOT_ENOUGH_RESOURCE;
|
|
ScepFree(*ObjSecurity);
|
|
*ObjSecurity = NULL;
|
|
goto Done;
|
|
}
|
|
/*
|
|
(*ObjSecurity)->SDspec = (PWSTR)ScepAlloc(0, ValueLen);
|
|
if ( (*ObjSecurity)->SDspec == NULL ) {
|
|
rc = SCESTATUS_NOT_ENOUGH_RESOURCE;
|
|
ScepFree((*ObjSecurity)->Name);
|
|
ScepFree(*ObjSecurity);
|
|
*ObjSecurity = NULL;
|
|
goto Done;
|
|
}
|
|
*/
|
|
//
|
|
// build the structure
|
|
//
|
|
(*ObjSecurity)->Status = *((BYTE *)Value);
|
|
(*ObjSecurity)->IsContainer = *((CHAR *)Value+1) != '0' ? TRUE : FALSE;
|
|
|
|
wcscpy( (*ObjSecurity)->Name, ObjectName);
|
|
(*ObjSecurity)->pSecurityDescriptor = pTempSD;
|
|
pTempSD = NULL;
|
|
(*ObjSecurity)->SeInfo = SeInfo;
|
|
// wcscpy( (*ObjSecurity)->SDspec, Value+1);
|
|
// (*ObjSecurity)->SDsize = ValueLen/2-1;
|
|
|
|
} else
|
|
rc = ScepDosErrorToSceStatus(Win32Rc);
|
|
}
|
|
|
|
}
|
|
}
|
|
|
|
Done:
|
|
|
|
SceJetCloseSection( &hSection, TRUE);
|
|
|
|
if ( pTempSD )
|
|
ScepFree(pTempSD);
|
|
if ( Value )
|
|
ScepFree(Value);
|
|
|
|
return(rc);
|
|
}
|
|
|
|
|
|
SCESTATUS
|
|
ScepGetSystemServices(
|
|
IN PSCECONTEXT hProfile,
|
|
IN SCETYPE ProfileType,
|
|
OUT PSCE_SERVICES *pServiceList,
|
|
OUT PSCE_ERROR_LOG_INFO *Errlog OPTIONAL
|
|
)
|
|
/*
|
|
Routine Description:
|
|
|
|
Read all services defined in the Jet table into the service list
|
|
|
|
Arguments:
|
|
|
|
hProfile - the jet profile handle
|
|
|
|
ProfileType - The table to read from
|
|
SCE_ENGINE_SCP
|
|
SCE_ENGINE_SAP
|
|
SCE_ENGINE_SMP
|
|
|
|
pServiceList - The service list to output
|
|
|
|
Errlog - the error messages to output
|
|
|
|
Return Value:
|
|
|
|
SCESTATUS_SUCCESS
|
|
SCESTATUS error codes
|
|
|
|
*/
|
|
{
|
|
SCESTATUS rc;
|
|
DWORD Win32Rc;
|
|
PSCESECTION hSection=NULL;
|
|
DWORD ServiceLen=0, ValueLen=0;
|
|
PWSTR ServiceName=NULL,
|
|
Value=NULL;
|
|
PSECURITY_DESCRIPTOR pTempSD=NULL;
|
|
SECURITY_INFORMATION SeInfo;
|
|
DWORD SDsize;
|
|
PSCE_SERVICES ServiceNode;
|
|
PSCE_SERVICES pServices=NULL, pNode, pParent;
|
|
|
|
|
|
if ( hProfile == NULL ||
|
|
pServiceList == NULL ) {
|
|
return(SCESTATUS_INVALID_PARAMETER);
|
|
}
|
|
//
|
|
// open the section
|
|
//
|
|
rc = ScepOpenSectionForName(
|
|
hProfile,
|
|
ProfileType,
|
|
szServiceGeneral,
|
|
&hSection
|
|
);
|
|
|
|
if ( rc == SCESTATUS_RECORD_NOT_FOUND ) {
|
|
return(SCESTATUS_SUCCESS);
|
|
}
|
|
|
|
if ( rc != SCESTATUS_SUCCESS ) {
|
|
ScepBuildErrorLogInfo( ERROR_INVALID_DATA,
|
|
Errlog,
|
|
SCEERR_OPEN,
|
|
szServiceGeneral
|
|
);
|
|
return(rc);
|
|
}
|
|
|
|
//
|
|
// enumerate all service names from the system.
|
|
// do not care the error code
|
|
//
|
|
SceEnumerateServices(&pServices, TRUE);
|
|
|
|
//
|
|
// goto the first line of this section
|
|
//
|
|
rc = SceJetGetValue(
|
|
hSection,
|
|
SCEJET_PREFIX_MATCH,
|
|
NULL,
|
|
NULL,
|
|
0,
|
|
&ServiceLen,
|
|
NULL,
|
|
0,
|
|
&ValueLen
|
|
);
|
|
while ( rc == SCESTATUS_SUCCESS ) {
|
|
|
|
//
|
|
// allocate memory for the service name and value string
|
|
//
|
|
ServiceName = (PWSTR)ScepAlloc( LMEM_ZEROINIT, ServiceLen+2);
|
|
if ( ServiceName != NULL ) {
|
|
|
|
Value = (PWSTR)ScepAlloc( LMEM_ZEROINIT, ValueLen+2);
|
|
if ( Value != NULL ) {
|
|
//
|
|
// Get the service and its value
|
|
//
|
|
rc = SceJetGetValue(
|
|
hSection,
|
|
SCEJET_CURRENT,
|
|
NULL,
|
|
ServiceName,
|
|
ServiceLen,
|
|
&ServiceLen,
|
|
Value,
|
|
ValueLen,
|
|
&ValueLen
|
|
);
|
|
if ( rc == SCESTATUS_SUCCESS ) {
|
|
|
|
ServiceName[ServiceLen/2] = L'\0';
|
|
Value[ValueLen/2] = L'\0';
|
|
|
|
#ifdef SCE_DBG
|
|
wprintf(L"rc=%d, service: %s=%s\n", rc, ServiceName, Value);
|
|
#endif
|
|
//
|
|
// convert to security descriptor
|
|
//
|
|
Win32Rc = ConvertTextSecurityDescriptor(
|
|
Value+1,
|
|
&pTempSD,
|
|
&SDsize,
|
|
&SeInfo
|
|
);
|
|
if ( Win32Rc == NO_ERROR ) {
|
|
|
|
ScepChangeAclRevision(pTempSD, ACL_REVISION);
|
|
//
|
|
// create this service node
|
|
//
|
|
ServiceNode = (PSCE_SERVICES)ScepAlloc( LMEM_FIXED, sizeof(SCE_SERVICES) );
|
|
|
|
if ( ServiceNode != NULL ) {
|
|
//
|
|
// find the right name for the service
|
|
//
|
|
for ( pNode=pServices, pParent=NULL; pNode != NULL;
|
|
pParent=pNode, pNode=pNode->Next ) {
|
|
|
|
if ( _wcsicmp(pNode->ServiceName, ServiceName) == 0 ) {
|
|
break;
|
|
}
|
|
}
|
|
if ( pNode != NULL ) {
|
|
//
|
|
// got it
|
|
//
|
|
ServiceNode->ServiceName = pNode->ServiceName;
|
|
ServiceNode->DisplayName = pNode->DisplayName;
|
|
//
|
|
// free the node
|
|
//
|
|
if ( pParent != NULL ) {
|
|
pParent->Next = pNode->Next;
|
|
} else {
|
|
pServices = pNode->Next;
|
|
}
|
|
// General is NULL becuase the enumerate call asks only for names
|
|
ScepFree(pNode);
|
|
pNode = NULL;
|
|
|
|
} else {
|
|
//
|
|
// did not find it
|
|
//
|
|
ServiceNode->ServiceName = ServiceName;
|
|
ServiceNode->DisplayName = NULL;
|
|
|
|
ServiceName = NULL;
|
|
}
|
|
|
|
ServiceNode->Status = *((BYTE *)Value);
|
|
ServiceNode->Startup = *((BYTE *)Value+1);
|
|
ServiceNode->General.pSecurityDescriptor = pTempSD;
|
|
ServiceNode->SeInfo = SeInfo;
|
|
ServiceNode->Next = *pServiceList;
|
|
|
|
*pServiceList = ServiceNode;
|
|
|
|
//
|
|
// DO NOT free the following buffers
|
|
//
|
|
pTempSD = NULL;
|
|
|
|
} else {
|
|
rc = SCESTATUS_NOT_ENOUGH_RESOURCE;
|
|
ScepFree(pTempSD);
|
|
}
|
|
|
|
} else {
|
|
ScepBuildErrorLogInfo( Win32Rc,
|
|
Errlog,
|
|
SCEERR_BUILD_SD,
|
|
ServiceName
|
|
);
|
|
rc = ScepDosErrorToSceStatus(Win32Rc);
|
|
}
|
|
}
|
|
ScepFree(Value);
|
|
|
|
} else
|
|
rc = SCESTATUS_NOT_ENOUGH_RESOURCE;
|
|
|
|
//
|
|
// ServiceName could be used in the service node
|
|
//
|
|
if ( ServiceName )
|
|
ScepFree(ServiceName);
|
|
|
|
} else
|
|
rc = SCESTATUS_NOT_ENOUGH_RESOURCE;
|
|
|
|
if ( rc == SCESTATUS_SUCCESS ) {
|
|
//
|
|
// read next line
|
|
//
|
|
rc = SceJetGetValue(
|
|
hSection,
|
|
SCEJET_NEXT_LINE,
|
|
NULL,
|
|
NULL,
|
|
0,
|
|
&ServiceLen,
|
|
NULL,
|
|
0,
|
|
&ValueLen
|
|
);
|
|
}
|
|
}
|
|
|
|
if ( rc == SCESTATUS_RECORD_NOT_FOUND )
|
|
rc = SCESTATUS_SUCCESS;
|
|
|
|
//
|
|
// close the find index range
|
|
//
|
|
SceJetGetValue(
|
|
hSection,
|
|
SCEJET_CLOSE_VALUE,
|
|
NULL,
|
|
NULL,
|
|
0,
|
|
NULL,
|
|
NULL,
|
|
0,
|
|
NULL
|
|
);
|
|
|
|
//
|
|
// close the section
|
|
//
|
|
SceJetCloseSection( &hSection, TRUE );
|
|
|
|
if ( rc != SCESTATUS_SUCCESS ) {
|
|
//
|
|
// free the service list
|
|
//
|
|
SceFreePSCE_SERVICES(*pServiceList);
|
|
*pServiceList = NULL;
|
|
}
|
|
|
|
SceFreePSCE_SERVICES(pServices);
|
|
|
|
return(rc);
|
|
}
|
|
|
|
|
|
|
|
SCESTATUS
|
|
ScepCopyObjects(
|
|
IN PSCECONTEXT hProfile,
|
|
IN SCETYPE ProfileType,
|
|
IN PWSTR InfFile,
|
|
IN PCWSTR SectionName,
|
|
IN AREA_INFORMATION Area,
|
|
IN OUT PSCE_ERROR_LOG_INFO *Errlog OPTIONAL
|
|
)
|
|
/* ++
|
|
Routine Description:
|
|
|
|
This routine copies registry/file/ds/service object in SMP table to the specified
|
|
inf template.
|
|
|
|
Arguments:
|
|
|
|
hProfile - The handle to the profile
|
|
|
|
InfFile - The INF template name
|
|
|
|
SectionName - the section name where data is stored
|
|
|
|
Area - The security area to read info
|
|
AREA_REGISTRY_SECURITY
|
|
AREA_FILE_SECURITY
|
|
AREA_DS_OBJECTS
|
|
|
|
Errlog - The error log buffer.
|
|
|
|
Return Value:
|
|
|
|
SCESTATUS_SUCCESS
|
|
SCESTATUS_PROFILE_NOT_FOUND
|
|
SCESTATUS_NOT_ENOUGH_RESOURCE
|
|
SCESTATUS_INVALID_PARAMETER
|
|
SCESTATUS_BAD_FORMAT
|
|
SCESTATUS_INVALID_DATA
|
|
-- */
|
|
{
|
|
SCESTATUS rc = SCESTATUS_SUCCESS;
|
|
PSCESECTION hSection=NULL;
|
|
|
|
PWSTR ObjectName=NULL;
|
|
PWSTR Value=NULL;
|
|
DWORD ObjectLen, ValueLen;
|
|
|
|
BYTE Status;
|
|
PWSTR NewValue=NULL;
|
|
|
|
DWORD Count=0;
|
|
WCHAR KeyName[10];
|
|
|
|
|
|
if ( InfFile == NULL || hProfile == NULL )
|
|
return(SCESTATUS_INVALID_PARAMETER);
|
|
|
|
//
|
|
// open the section
|
|
//
|
|
rc = ScepOpenSectionForName(
|
|
hProfile,
|
|
ProfileType,
|
|
SectionName,
|
|
&hSection
|
|
);
|
|
|
|
if ( rc == SCESTATUS_SUCCESS ) {
|
|
//
|
|
// empty the section first.
|
|
//
|
|
WritePrivateProfileSection(
|
|
SectionName,
|
|
NULL,
|
|
(LPCTSTR)InfFile);
|
|
//
|
|
// find the first record in the section
|
|
//
|
|
rc = SceJetGetValue(
|
|
hSection,
|
|
SCEJET_PREFIX_MATCH,
|
|
NULL,
|
|
NULL,
|
|
0,
|
|
&ObjectLen,
|
|
NULL,
|
|
0,
|
|
&ValueLen
|
|
);
|
|
|
|
while ( rc == SCESTATUS_SUCCESS ) {
|
|
|
|
Count++;
|
|
//
|
|
// allocate memory for the group name and value string
|
|
//
|
|
ObjectName = (PWSTR)ScepAlloc( LMEM_ZEROINIT, ObjectLen+2);
|
|
Value = (PWSTR)ScepAlloc( LMEM_ZEROINIT, ValueLen+2);
|
|
|
|
if ( ObjectName == NULL || Value == NULL ) {
|
|
rc = SCESTATUS_NOT_ENOUGH_RESOURCE;
|
|
goto Done;
|
|
|
|
}
|
|
//
|
|
// Get the group and its value
|
|
//
|
|
rc = SceJetGetValue(
|
|
hSection,
|
|
SCEJET_CURRENT,
|
|
NULL,
|
|
ObjectName,
|
|
ObjectLen,
|
|
&ObjectLen,
|
|
Value,
|
|
ValueLen,
|
|
&ValueLen
|
|
);
|
|
if ( rc != SCESTATUS_SUCCESS ) {
|
|
ScepBuildErrorLogInfo( ERROR_READ_FAULT,
|
|
Errlog,
|
|
SCEERR_QUERY_VALUE,
|
|
SectionName
|
|
);
|
|
goto Done;
|
|
}
|
|
|
|
#ifdef SCE_DBG
|
|
wprintf(L"Addr: %x %x, %s=%s\n", ObjectName, Value, ObjectName, Value+1);
|
|
#endif
|
|
|
|
if ( Area == AREA_SYSTEM_SERVICE )
|
|
Status = *((BYTE *)Value+1);
|
|
else
|
|
Status = *((BYTE *)Value);
|
|
|
|
NewValue = (PWSTR)ScepAlloc(0, ObjectLen+ValueLen+18);
|
|
|
|
if ( NewValue == NULL ) {
|
|
rc = SCESTATUS_NOT_ENOUGH_RESOURCE;
|
|
goto Done;
|
|
}
|
|
|
|
swprintf(NewValue, L"\"%s\", %d, \"%s\"\0", ObjectName, Status, Value+1);
|
|
swprintf(KeyName, L"%x\0", Count);
|
|
|
|
//
|
|
// write this line to the inf file
|
|
//
|
|
if ( !WritePrivateProfileString(
|
|
SectionName,
|
|
KeyName,
|
|
NewValue,
|
|
InfFile
|
|
) ) {
|
|
ScepBuildErrorLogInfo( GetLastError(),
|
|
Errlog,
|
|
SCEERR_WRITE_INFO,
|
|
ObjectName
|
|
);
|
|
rc = ScepDosErrorToSceStatus(GetLastError());
|
|
}
|
|
|
|
ScepFree(ObjectName);
|
|
ObjectName = NULL;
|
|
|
|
ScepFree(Value);
|
|
Value = NULL;
|
|
|
|
ScepFree(NewValue);
|
|
NewValue = NULL;
|
|
|
|
if ( rc != SCESTATUS_SUCCESS )
|
|
break;
|
|
|
|
//
|
|
// read next line
|
|
//
|
|
rc = SceJetGetValue(
|
|
hSection,
|
|
SCEJET_NEXT_LINE,
|
|
NULL,
|
|
NULL,
|
|
0,
|
|
&ObjectLen,
|
|
NULL,
|
|
0,
|
|
&ValueLen
|
|
);
|
|
}
|
|
|
|
if ( rc == SCESTATUS_RECORD_NOT_FOUND )
|
|
rc = SCESTATUS_SUCCESS;
|
|
|
|
} else
|
|
ScepBuildErrorLogInfo( ERROR_INVALID_HANDLE,
|
|
Errlog,
|
|
SCEERR_OPEN,
|
|
SectionName
|
|
);
|
|
|
|
Done:
|
|
|
|
if ( ObjectName != NULL )
|
|
ScepFree(ObjectName);
|
|
|
|
if ( Value != NULL )
|
|
ScepFree(Value);
|
|
|
|
if ( NewValue != NULL )
|
|
ScepFree(NewValue);
|
|
//
|
|
// close the find index range
|
|
//
|
|
SceJetGetValue(
|
|
hSection,
|
|
SCEJET_CLOSE_VALUE,
|
|
NULL,
|
|
NULL,
|
|
0,
|
|
NULL,
|
|
NULL,
|
|
0,
|
|
NULL
|
|
);
|
|
|
|
SceJetCloseSection( &hSection, TRUE);
|
|
|
|
return(rc);
|
|
}
|
|
|
|
|
|
SCESTATUS
|
|
ScepGetAnalysisSummary(
|
|
IN PSCECONTEXT Context,
|
|
IN AREA_INFORMATION Area,
|
|
OUT PDWORD pCount
|
|
)
|
|
{
|
|
SCESTATUS rc=SCESTATUS_INVALID_PARAMETER;
|
|
DWORD count;
|
|
DWORD total=0;
|
|
PSCESECTION hSection=NULL;
|
|
|
|
if ( Context == NULL || pCount == NULL )
|
|
return(SCESTATUS_INVALID_PARAMETER);
|
|
|
|
*pCount = 0;
|
|
|
|
if ( Area & AREA_SECURITY_POLICY ) {
|
|
//
|
|
// system access
|
|
//
|
|
rc = ScepOpenSectionForName(
|
|
Context,
|
|
SCE_ENGINE_SAP,
|
|
szSystemAccess,
|
|
&hSection
|
|
);
|
|
if ( rc == SCESTATUS_SUCCESS ) {
|
|
rc = SceJetGetLineCount(
|
|
hSection,
|
|
NULL,
|
|
FALSE,
|
|
&count
|
|
);
|
|
}
|
|
SceJetCloseSection( &hSection, TRUE);
|
|
|
|
if ( rc != SCESTATUS_SUCCESS )
|
|
return(rc);
|
|
|
|
total += count;
|
|
|
|
//
|
|
// System Log
|
|
//
|
|
rc = ScepOpenSectionForName(
|
|
Context,
|
|
SCE_ENGINE_SAP,
|
|
szAuditSystemLog,
|
|
&hSection
|
|
);
|
|
if ( rc == SCESTATUS_SUCCESS ) {
|
|
rc = SceJetGetLineCount(
|
|
hSection,
|
|
NULL,
|
|
FALSE,
|
|
&count
|
|
);
|
|
}
|
|
SceJetCloseSection( &hSection, TRUE);
|
|
|
|
if ( rc != SCESTATUS_SUCCESS )
|
|
return(rc);
|
|
|
|
total += count;
|
|
//
|
|
// Security Log
|
|
//
|
|
rc = ScepOpenSectionForName(
|
|
Context,
|
|
SCE_ENGINE_SAP,
|
|
szAuditSecurityLog,
|
|
&hSection
|
|
);
|
|
if ( rc == SCESTATUS_SUCCESS ) {
|
|
rc = SceJetGetLineCount(
|
|
hSection,
|
|
NULL,
|
|
FALSE,
|
|
&count
|
|
);
|
|
}
|
|
SceJetCloseSection( &hSection, TRUE);
|
|
|
|
if ( rc != SCESTATUS_SUCCESS )
|
|
return(rc);
|
|
|
|
total += count;
|
|
//
|
|
// Application Log
|
|
//
|
|
rc = ScepOpenSectionForName(
|
|
Context,
|
|
SCE_ENGINE_SAP,
|
|
szAuditApplicationLog,
|
|
&hSection
|
|
);
|
|
if ( rc == SCESTATUS_SUCCESS ) {
|
|
rc = SceJetGetLineCount(
|
|
hSection,
|
|
NULL,
|
|
FALSE,
|
|
&count
|
|
);
|
|
}
|
|
SceJetCloseSection( &hSection, TRUE);
|
|
|
|
if ( rc != SCESTATUS_SUCCESS )
|
|
return(rc);
|
|
|
|
total += count;
|
|
//
|
|
// Event Audit
|
|
//
|
|
rc = ScepOpenSectionForName(
|
|
Context,
|
|
SCE_ENGINE_SAP,
|
|
szAuditEvent,
|
|
&hSection
|
|
);
|
|
if ( rc == SCESTATUS_SUCCESS ) {
|
|
rc = SceJetGetLineCount(
|
|
hSection,
|
|
NULL,
|
|
FALSE,
|
|
&count
|
|
);
|
|
}
|
|
SceJetCloseSection( &hSection, TRUE);
|
|
|
|
if ( rc != SCESTATUS_SUCCESS )
|
|
return(rc);
|
|
|
|
total += count;
|
|
}
|
|
|
|
if ( Area & AREA_PRIVILEGES ) {
|
|
//
|
|
// Privileges
|
|
//
|
|
rc = ScepOpenSectionForName(
|
|
Context,
|
|
SCE_ENGINE_SAP,
|
|
szPrivilegeRights,
|
|
&hSection
|
|
);
|
|
if ( rc == SCESTATUS_SUCCESS ) {
|
|
rc = SceJetGetLineCount(
|
|
hSection,
|
|
NULL,
|
|
FALSE,
|
|
&count
|
|
);
|
|
}
|
|
SceJetCloseSection( &hSection, TRUE);
|
|
|
|
if ( rc != SCESTATUS_SUCCESS )
|
|
return(rc);
|
|
|
|
total += count;
|
|
}
|
|
|
|
if ( Area & AREA_GROUP_MEMBERSHIP) {
|
|
//
|
|
// Group Membership
|
|
//
|
|
rc = ScepOpenSectionForName(
|
|
Context,
|
|
SCE_ENGINE_SAP,
|
|
szGroupMembership,
|
|
&hSection
|
|
);
|
|
if ( rc == SCESTATUS_SUCCESS ) {
|
|
rc = SceJetGetLineCount(
|
|
hSection,
|
|
NULL,
|
|
FALSE,
|
|
&count
|
|
);
|
|
}
|
|
SceJetCloseSection( &hSection, TRUE);
|
|
|
|
if ( rc != SCESTATUS_SUCCESS )
|
|
return(rc);
|
|
|
|
total += count;
|
|
}
|
|
|
|
if ( Area & AREA_SYSTEM_SERVICE ) {
|
|
//
|
|
// system service
|
|
//
|
|
rc = ScepOpenSectionForName(
|
|
Context,
|
|
SCE_ENGINE_SAP,
|
|
szServiceGeneral,
|
|
&hSection
|
|
);
|
|
if ( rc == SCESTATUS_SUCCESS ) {
|
|
rc = SceJetGetLineCount(
|
|
hSection,
|
|
NULL,
|
|
FALSE,
|
|
&count
|
|
);
|
|
}
|
|
SceJetCloseSection( &hSection, TRUE);
|
|
|
|
if ( rc != SCESTATUS_SUCCESS )
|
|
return(rc);
|
|
|
|
total += count;
|
|
}
|
|
|
|
if ( Area & AREA_REGISTRY_SECURITY ) {
|
|
//
|
|
// Registry security
|
|
//
|
|
rc = ScepOpenSectionForName(
|
|
Context,
|
|
SCE_ENGINE_SAP,
|
|
szRegistryKeys,
|
|
&hSection
|
|
);
|
|
if ( rc == SCESTATUS_SUCCESS ) {
|
|
rc = SceJetGetLineCount(
|
|
hSection,
|
|
NULL,
|
|
FALSE,
|
|
&count
|
|
);
|
|
}
|
|
SceJetCloseSection( &hSection, TRUE);
|
|
|
|
if ( rc != SCESTATUS_SUCCESS )
|
|
return(rc);
|
|
|
|
total += count;
|
|
}
|
|
if ( Area & AREA_FILE_SECURITY ) {
|
|
//
|
|
// File Security
|
|
//
|
|
rc = ScepOpenSectionForName(
|
|
Context,
|
|
SCE_ENGINE_SAP,
|
|
szFileSecurity,
|
|
&hSection
|
|
);
|
|
if ( rc == SCESTATUS_SUCCESS ) {
|
|
rc = SceJetGetLineCount(
|
|
hSection,
|
|
NULL,
|
|
FALSE,
|
|
&count
|
|
);
|
|
}
|
|
SceJetCloseSection( &hSection, TRUE);
|
|
|
|
if ( rc != SCESTATUS_SUCCESS )
|
|
return(rc);
|
|
|
|
total += count;
|
|
}
|
|
|
|
#if 0
|
|
#if _WIN32_WINNT>=0x0500
|
|
if ( Area & AREA_DS_OBJECTS &&
|
|
RtlGetNtProductType(&theType) ) {
|
|
|
|
if ( theType == NtProductLanManNt ) {
|
|
//
|
|
// DS object security
|
|
//
|
|
rc = ScepOpenSectionForName(
|
|
Context,
|
|
SCE_ENGINE_SAP,
|
|
szDSSecurity,
|
|
&hSection
|
|
);
|
|
if ( rc == SCESTATUS_SUCCESS ) {
|
|
rc = SceJetGetLineCount(
|
|
hSection,
|
|
NULL,
|
|
FALSE,
|
|
&count
|
|
);
|
|
}
|
|
SceJetCloseSection( &hSection, TRUE);
|
|
|
|
if ( rc != SCESTATUS_SUCCESS )
|
|
return(rc);
|
|
|
|
total += count;
|
|
}
|
|
}
|
|
#endif
|
|
#endif
|
|
|
|
*pCount = total;
|
|
|
|
return(rc);
|
|
}
|
|
|
|
|
|
SCESTATUS
|
|
ScepBrowseTableSection(
|
|
IN PSCECONTEXT hProfile,
|
|
IN SCETYPE ProfileType,
|
|
IN PCWSTR SectionName,
|
|
IN DWORD Options
|
|
)
|
|
{
|
|
SCESTATUS rc;
|
|
PSCESECTION hSection=NULL;
|
|
|
|
SceClientBrowseCallback(
|
|
0,
|
|
(PWSTR)SectionName,
|
|
NULL,
|
|
NULL
|
|
);
|
|
|
|
rc = ScepOpenSectionForName(
|
|
hProfile,
|
|
ProfileType,
|
|
SectionName,
|
|
&hSection
|
|
);
|
|
|
|
if ( rc != SCESTATUS_SUCCESS ) {
|
|
return(rc);
|
|
}
|
|
|
|
JET_ERR JetErr;
|
|
|
|
//
|
|
// goto the first line of this section
|
|
//
|
|
DWORD KeyLen, ValueLen, Actual;
|
|
LONG GpoID=0;
|
|
PWSTR KeyName=NULL;
|
|
PWSTR Value=NULL;
|
|
TCHAR GpoName[MAX_PATH];
|
|
|
|
SCE_BROWSE_CALLBACK_VALUE ValBuf;
|
|
ValBuf.Len = 0;
|
|
ValBuf.Value = NULL;
|
|
|
|
rc = SceJetGetValue(
|
|
hSection,
|
|
SCEJET_PREFIX_MATCH,
|
|
NULL,
|
|
NULL,
|
|
0,
|
|
&KeyLen,
|
|
NULL,
|
|
0,
|
|
&ValueLen
|
|
);
|
|
|
|
while ( rc == SCESTATUS_SUCCESS ) {
|
|
|
|
//
|
|
// get GPO ID field from the current line
|
|
//
|
|
GpoID = 0;
|
|
|
|
if ( hSection->JetColumnGpoID > 0 ) {
|
|
|
|
JetErr = JetRetrieveColumn(
|
|
hSection->JetSessionID,
|
|
hSection->JetTableID,
|
|
hSection->JetColumnGpoID,
|
|
(void *)&GpoID,
|
|
4,
|
|
&Actual,
|
|
0,
|
|
NULL
|
|
);
|
|
}
|
|
|
|
|
|
if ( (Options & SCEBROWSE_DOMAIN_POLICY) &&
|
|
(GpoID <= 0) ) {
|
|
//
|
|
// do not need this line, continue to next line
|
|
//
|
|
} else {
|
|
|
|
KeyName = (PWSTR)ScepAlloc(LMEM_ZEROINIT, KeyLen+2);
|
|
|
|
//
|
|
// allocate memory for the group name and value string
|
|
//
|
|
Value = (PWSTR)ScepAlloc( LMEM_ZEROINIT, ValueLen+2);
|
|
|
|
if ( KeyName == NULL || Value == NULL ) {
|
|
rc = SCESTATUS_NOT_ENOUGH_RESOURCE;
|
|
goto Done;
|
|
|
|
}
|
|
|
|
//
|
|
// Get the key and value
|
|
//
|
|
DWORD NewKeyLen, NewValueLen;
|
|
|
|
rc = SceJetGetValue(
|
|
hSection,
|
|
SCEJET_CURRENT,
|
|
NULL,
|
|
KeyName,
|
|
KeyLen,
|
|
&NewKeyLen,
|
|
Value,
|
|
ValueLen,
|
|
&NewValueLen
|
|
);
|
|
|
|
if ( rc != SCESTATUS_SUCCESS )
|
|
goto Done;
|
|
|
|
//
|
|
// terminate the string
|
|
//
|
|
KeyName[KeyLen/2] = L'\0';
|
|
|
|
Value[ValueLen/2] = L'\0';
|
|
|
|
GpoName[0] = L'\0';
|
|
|
|
if ( hSection->JetColumnGpoID > 0 && GpoID > 0 ) {
|
|
|
|
Actual = MAX_PATH;
|
|
SceJetGetGpoNameByID(
|
|
hProfile,
|
|
GpoID,
|
|
GpoName,
|
|
&Actual,
|
|
NULL,
|
|
NULL
|
|
);
|
|
}
|
|
|
|
if ( Value && Value[0] != L'\0' &&
|
|
( Options & SCEBROWSE_MULTI_SZ) ) {
|
|
|
|
if (0 == _wcsicmp( KeyName, szLegalNoticeTextKeyName) ) {
|
|
|
|
//
|
|
// check for commas and escape them with ","
|
|
// k=7,a",",b,c
|
|
// pValueStr will be a,\0b\0c\0\0 which we should make
|
|
// a","\0b\0c\0\0
|
|
//
|
|
|
|
DWORD dwCommaCount = 0;
|
|
|
|
for ( DWORD dwIndex = 1; dwIndex < ValueLen/2 ; dwIndex++) {
|
|
if ( Value[dwIndex] == L',' )
|
|
dwCommaCount++;
|
|
}
|
|
|
|
if ( dwCommaCount > 0 ) {
|
|
|
|
//
|
|
// in this case we have to escape commas
|
|
//
|
|
|
|
PWSTR pszValueEscaped;
|
|
DWORD dwBytes = (ValueLen/2 + 1 + (dwCommaCount*2))*sizeof(WCHAR);
|
|
|
|
pszValueEscaped = (PWSTR)ScepAlloc(LMEM_ZEROINIT, dwBytes);
|
|
|
|
if (pszValueEscaped) {
|
|
|
|
memset(pszValueEscaped, '\0', dwBytes);
|
|
ValueLen = 2 * ScepEscapeString(Value,
|
|
ValueLen/2,
|
|
L',',
|
|
L'"',
|
|
pszValueEscaped
|
|
);
|
|
|
|
ScepFree(Value);
|
|
|
|
Value = pszValueEscaped;
|
|
|
|
} else {
|
|
rc = SCESTATUS_NOT_ENOUGH_RESOURCE;
|
|
goto Done;
|
|
}
|
|
}
|
|
}
|
|
|
|
ScepConvertMultiSzToDelim(Value+1, ValueLen/2-1, L'\0', L',');
|
|
|
|
}
|
|
|
|
__try {
|
|
|
|
ValBuf.Len = Value ? (ValueLen+2) : 0 ;
|
|
ValBuf.Value = (UCHAR *)Value;
|
|
|
|
SceClientBrowseCallback(
|
|
GpoID,
|
|
KeyName,
|
|
GpoName,
|
|
(SCEPR_SR_SECURITY_DESCRIPTOR *)&ValBuf
|
|
);
|
|
} __except(EXCEPTION_EXECUTE_HANDLER) {
|
|
|
|
}
|
|
|
|
ScepFree(Value);
|
|
Value = NULL;
|
|
|
|
ScepFree(KeyName);
|
|
KeyName = NULL;
|
|
}
|
|
|
|
//
|
|
// read next line
|
|
//
|
|
|
|
rc = SceJetGetValue(
|
|
hSection,
|
|
SCEJET_NEXT_LINE,
|
|
NULL,
|
|
NULL,
|
|
0,
|
|
&KeyLen,
|
|
NULL,
|
|
0,
|
|
&ValueLen
|
|
);
|
|
}
|
|
|
|
if ( rc == SCESTATUS_RECORD_NOT_FOUND )
|
|
rc = SCESTATUS_SUCCESS;
|
|
|
|
Done:
|
|
|
|
//
|
|
// close the find index range
|
|
//
|
|
SceJetGetValue(
|
|
hSection,
|
|
SCEJET_CLOSE_VALUE,
|
|
NULL,
|
|
NULL,
|
|
0,
|
|
NULL,
|
|
NULL,
|
|
0,
|
|
NULL
|
|
);
|
|
|
|
if ( Value != NULL )
|
|
ScepFree(Value);
|
|
|
|
if ( KeyName != NULL )
|
|
ScepFree(KeyName);
|
|
|
|
//
|
|
// close the section
|
|
//
|
|
SceJetCloseSection( &hSection, TRUE );
|
|
|
|
return(rc);
|
|
}
|
|
|
|
|
|
BOOL
|
|
ScepSearchItemInChildren(
|
|
IN PWSTR ItemName,
|
|
IN DWORD NameLen,
|
|
IN PSCE_OBJECT_CHILDREN_NODE *pArrObject,
|
|
IN DWORD arrCount,
|
|
OUT LONG *pFindIndex
|
|
)
|
|
/*
|
|
Routine Description:
|
|
|
|
Search the item name in the array specified. If found, the index to the
|
|
array is returned in pFindIndex.
|
|
|
|
Return Value:
|
|
|
|
TRUE - find it
|
|
FALSE - doesn't find it
|
|
*/
|
|
{
|
|
if ( pFindIndex == NULL ) {
|
|
return(FALSE);
|
|
}
|
|
|
|
//
|
|
// note pFindIndex stores the closest node, not necessary mean
|
|
// the index is the match.
|
|
//
|
|
*pFindIndex = -1;
|
|
|
|
if ( ItemName == NULL ||
|
|
pArrObject == NULL ||
|
|
arrCount == 0 ) {
|
|
return(FALSE);
|
|
}
|
|
|
|
DWORD idxStart=0;
|
|
DWORD idxEnd=arrCount-1;
|
|
|
|
DWORD theIndex;
|
|
INT CompFlag=-1;
|
|
|
|
do {
|
|
|
|
//
|
|
// choose the middle
|
|
//
|
|
theIndex = (idxStart + idxEnd)/2;
|
|
|
|
if ( pArrObject[theIndex] == NULL ||
|
|
pArrObject[theIndex]->Name == NULL ) {
|
|
//
|
|
// this is a bad node, check the start node
|
|
//
|
|
while ( (pArrObject[idxStart] == NULL ||
|
|
pArrObject[idxStart]->Name == NULL) &&
|
|
idxStart <= idxEnd ) {
|
|
|
|
idxStart++;
|
|
}
|
|
|
|
if ( idxStart <= idxEnd ) {
|
|
|
|
//
|
|
// check the start node
|
|
//
|
|
CompFlag = _wcsicmp(ItemName, pArrObject[idxStart]->Name);
|
|
*pFindIndex = idxStart;
|
|
|
|
if ( CompFlag == 0 ) {
|
|
// find it
|
|
break;
|
|
|
|
} else if ( CompFlag < 0 ) {
|
|
//
|
|
// the item is less than idxStart - no match
|
|
//
|
|
break;
|
|
|
|
} else {
|
|
//
|
|
// the item is between theStart and idxEnd
|
|
//
|
|
if ( idxStart == idxEnd ) {
|
|
// empty now. quit
|
|
break;
|
|
} else {
|
|
idxStart++;
|
|
}
|
|
}
|
|
}
|
|
|
|
} else {
|
|
|
|
CompFlag = _wcsicmp(ItemName, pArrObject[theIndex]->Name);
|
|
*pFindIndex = theIndex;
|
|
|
|
if ( CompFlag == 0 ) {
|
|
// find it
|
|
break;
|
|
|
|
} else if ( CompFlag < 0 ) {
|
|
//
|
|
// the item is between index idxStart and theIndex
|
|
//
|
|
if ( theIndex == idxStart ) {
|
|
// empty now. quit
|
|
break;
|
|
} else {
|
|
idxEnd = theIndex-1;
|
|
}
|
|
} else {
|
|
//
|
|
// the item is between theIndex and idxEnd
|
|
//
|
|
if ( theIndex == idxEnd ) {
|
|
// empty now. quit
|
|
break;
|
|
} else {
|
|
idxStart = theIndex+1;
|
|
}
|
|
}
|
|
|
|
}
|
|
|
|
} while ( idxStart <= idxEnd );
|
|
|
|
if ( CompFlag == 0 ) {
|
|
return(TRUE);
|
|
} else {
|
|
return(FALSE);
|
|
}
|
|
}
|
|
|
|
|
|
DWORD
|
|
ScepAddItemToChildren(
|
|
IN PSCE_OBJECT_CHILDREN_NODE ThisNode OPTIONAL,
|
|
IN PWSTR ItemName,
|
|
IN DWORD NameLen,
|
|
IN BOOL IsContainer,
|
|
IN BYTE Status,
|
|
IN DWORD ChildCount,
|
|
IN OUT PSCE_OBJECT_CHILDREN_NODE **ppArrObject,
|
|
IN OUT DWORD *pArrCount,
|
|
IN OUT DWORD *pMaxCount,
|
|
IN OUT LONG *pFindIndex
|
|
)
|
|
/*
|
|
Routine Description:
|
|
|
|
Add a node to the children array. If the node is allocated, the pointer
|
|
will be added to the array; otherwise, a new allocation is made for the
|
|
new node.
|
|
|
|
The node's name will be first checked in the array for duplicate. If
|
|
pFindIndex is specified (not -1), the index will be first used to locate
|
|
the node. If the new node's name is found in the array, it won't be
|
|
added.
|
|
|
|
Return Value:
|
|
|
|
ERROR_DUP_NAME duplicate node name is found, node is not added to the array
|
|
ERROR_SUCCESS succeed
|
|
other errors
|
|
*/
|
|
{
|
|
|
|
if ( ItemName == NULL ||
|
|
ppArrObject == NULL ||
|
|
pArrCount == NULL ||
|
|
pMaxCount == NULL ||
|
|
pFindIndex == NULL ) {
|
|
return(ERROR_INVALID_PARAMETER);
|
|
}
|
|
|
|
DWORD rc=ERROR_SUCCESS;
|
|
|
|
if ( *ppArrObject == NULL ||
|
|
*pArrCount == 0 ) {
|
|
|
|
*pArrCount = 0;
|
|
*pMaxCount = 0;
|
|
*pFindIndex = -1;
|
|
|
|
} else if ( ( *pFindIndex < 0 ) ||
|
|
( *pFindIndex >= (LONG)(*pArrCount) ) ||
|
|
( (*ppArrObject)[*pFindIndex] == NULL ) ||
|
|
( (*ppArrObject)[*pFindIndex]->Name == NULL) ) {
|
|
|
|
//
|
|
// should search for the closest node
|
|
//
|
|
if ( ScepSearchItemInChildren(
|
|
ItemName,
|
|
NameLen,
|
|
*ppArrObject,
|
|
*pArrCount,
|
|
pFindIndex
|
|
) ) {
|
|
|
|
return(ERROR_DUP_NAME);
|
|
}
|
|
}
|
|
|
|
INT CompFlag=-1;
|
|
|
|
if ( *pFindIndex >= 0 ) {
|
|
|
|
//
|
|
// check if the closest node matches the new node
|
|
//
|
|
CompFlag = _wcsicmp( ItemName, (*ppArrObject)[*pFindIndex]->Name );
|
|
|
|
if ( CompFlag == 0 ) {
|
|
return(ERROR_DUP_NAME);
|
|
}
|
|
}
|
|
|
|
PSCE_OBJECT_CHILDREN_NODE pNodeToAdd;
|
|
|
|
if ( ThisNode == NULL ) {
|
|
//
|
|
// allocate a new node
|
|
//
|
|
pNodeToAdd = (PSCE_OBJECT_CHILDREN_NODE)ScepAlloc(0, sizeof(SCE_OBJECT_CHILDREN_NODE));
|
|
|
|
if ( NameLen == 0 ) {
|
|
NameLen = wcslen(ItemName);
|
|
}
|
|
|
|
if ( pNodeToAdd ) {
|
|
pNodeToAdd->Name = (PWSTR)ScepAlloc(0, (NameLen+1)*sizeof(WCHAR));
|
|
|
|
if ( pNodeToAdd->Name ) {
|
|
wcscpy(pNodeToAdd->Name, ItemName);
|
|
pNodeToAdd->IsContainer = IsContainer;
|
|
pNodeToAdd->Status = Status;
|
|
pNodeToAdd->Count = ChildCount;
|
|
|
|
} else {
|
|
rc = ERROR_NOT_ENOUGH_MEMORY;
|
|
ScepFree(pNodeToAdd);
|
|
pNodeToAdd = NULL;
|
|
}
|
|
} else {
|
|
rc = ERROR_NOT_ENOUGH_MEMORY;
|
|
}
|
|
|
|
} else {
|
|
|
|
pNodeToAdd = ThisNode;
|
|
}
|
|
|
|
if ( ERROR_SUCCESS == rc ) {
|
|
|
|
LONG idxAdd, i;
|
|
|
|
if ( *pFindIndex >= 0 ) {
|
|
|
|
if ( CompFlag < 0 ) {
|
|
//
|
|
// add the new node before pFindIndex
|
|
//
|
|
idxAdd = *pFindIndex;
|
|
|
|
} else {
|
|
//
|
|
// add the new node after pFindIndex
|
|
//
|
|
idxAdd = *pFindIndex+1;
|
|
}
|
|
|
|
} else {
|
|
idxAdd = 0;
|
|
}
|
|
|
|
if ( *pArrCount >= *pMaxCount ) {
|
|
//
|
|
// there is not enough array nodes to hold the new node
|
|
//
|
|
PSCE_OBJECT_CHILDREN_NODE *pNewArray;
|
|
PBYTE pTmpBuffer;
|
|
|
|
pTmpBuffer = (PBYTE)ScepAlloc(0, 2*sizeof(DWORD)+(*pMaxCount+SCE_ALLOC_MAX_NODE)*sizeof(PSCE_OBJECT_CHILDREN_NODE));
|
|
|
|
if ( pTmpBuffer == NULL ) {
|
|
|
|
rc = ERROR_NOT_ENOUGH_MEMORY;
|
|
|
|
} else {
|
|
|
|
//
|
|
// need to shift two DWORDs for the array start
|
|
//
|
|
pNewArray = (PSCE_OBJECT_CHILDREN_NODE *)(pTmpBuffer + 2*sizeof(DWORD));
|
|
|
|
LONG idxStart1, idxEnd1, idxStart2, idxEnd2;
|
|
|
|
if ( *pFindIndex >= 0 ) {
|
|
|
|
if ( CompFlag < 0 ) {
|
|
//
|
|
// add the new node before pFindIndex
|
|
//
|
|
idxEnd1 = *pFindIndex-1;
|
|
idxStart2 = *pFindIndex;
|
|
|
|
} else {
|
|
//
|
|
// add the new node after pFindIndex
|
|
//
|
|
|
|
idxEnd1 = *pFindIndex;
|
|
idxStart2 = *pFindIndex+1;
|
|
}
|
|
|
|
idxStart1 = 0;
|
|
idxEnd2 = *pArrCount-1;
|
|
|
|
} else {
|
|
idxStart1 = -1;
|
|
idxEnd1 = -1;
|
|
idxStart2 = 0;
|
|
idxEnd2 = *pArrCount-1;
|
|
}
|
|
|
|
//
|
|
// make the copy
|
|
//
|
|
LONG j=0;
|
|
for ( i=idxStart1; i<=idxEnd1 && i>=0; i++ ) {
|
|
pNewArray[j++] = (*ppArrObject)[i];
|
|
}
|
|
|
|
pNewArray[idxAdd] = pNodeToAdd;
|
|
j = idxAdd+1;
|
|
|
|
for ( i=idxStart2; i<=idxEnd2 && i>=0; i++ ) {
|
|
pNewArray[j++] = (*ppArrObject)[i];
|
|
}
|
|
|
|
(*pMaxCount) += SCE_ALLOC_MAX_NODE;
|
|
(*pArrCount)++;
|
|
|
|
//
|
|
// free the old list
|
|
//
|
|
if ( *ppArrObject ) {
|
|
ScepFree((PBYTE)(*ppArrObject)-2*sizeof(DWORD));
|
|
}
|
|
*ppArrObject = pNewArray;
|
|
|
|
*pFindIndex = idxAdd;
|
|
|
|
}
|
|
|
|
} else {
|
|
//
|
|
// the buffer is big enough, just add the node to the buffer
|
|
//
|
|
|
|
//
|
|
// make the copy
|
|
//
|
|
for ( i=*pArrCount-1; i>=idxAdd && i>=0; i-- ) {
|
|
(*ppArrObject)[i+1] = (*ppArrObject)[i];
|
|
}
|
|
|
|
(*ppArrObject)[idxAdd] = pNodeToAdd;
|
|
|
|
(*pArrCount)++;
|
|
|
|
*pFindIndex = idxAdd;
|
|
}
|
|
}
|
|
|
|
//
|
|
// release memory if it fails
|
|
//
|
|
if ( ERROR_SUCCESS != rc &&
|
|
pNodeToAdd &&
|
|
pNodeToAdd != ThisNode ) {
|
|
|
|
ScepFree(pNodeToAdd->Name);
|
|
ScepFree(pNodeToAdd);
|
|
}
|
|
|
|
return(rc);
|
|
|
|
}
|
|
|