windows-nt/Source/XPSP1/NT/base/fs/utils/driverquery/connectwmi.cpp

1080 lines
30 KiB
C++
Raw Normal View History

2020-09-26 03:20:57 -05:00
//**********************************************************************************
// Copyright (c) Microsoft Corporation
//
// Module Name:
// CONNECTWMI.cpp
//
// Abstract:
// Contains functions to connect to wmi.
//
// Author:
// J.S.Vasu
//
// Revision History:
// J.S.Vasu 26-sep-2k : Created It.
// *********************************************************************************
// Include files
#include "pch.h"
#include "resource.h"
#include "driverquery.h"
// error constants
#define E_SERVER_NOTFOUND 0x800706ba
// function prototypes
BOOL IsValidServerEx( LPCWSTR pwszServer,
BOOL &bLocalSystem );
HRESULT GetSecurityArguments( IUnknown *pInterface,
DWORD& dwAuthorization,
DWORD& dwAuthentication );
HRESULT SetInterfaceSecurity( IUnknown *pInterface,
LPCWSTR pwszServer,
LPCWSTR pwszUser,
LPCWSTR pwszPassword,
COAUTHIDENTITY **ppAuthIdentity );
HRESULT WINAPI SetProxyBlanket( IUnknown *pInterface,
DWORD dwAuthnSvc,
DWORD dwAuthzSvc,
LPWSTR pwszPrincipal,
DWORD dwAuthLevel,
DWORD dwImpLevel,
RPC_AUTH_IDENTITY_HANDLE pAuthInfo,
DWORD dwCapabilities );
HRESULT WINAPI WbemAllocAuthIdentity( LPCWSTR pwszUser,
LPCWSTR pwszPassword,
LPCWSTR pwszDomain,
COAUTHIDENTITY **ppAuthIdent );
BOOL ConnectWmi( IWbemLocator *pLocator,
IWbemServices ** ppServices,
LPCWSTR pwszServer,
LPCWSTR pwszUser,
LPCWSTR pwszPassword,
COAUTHIDENTITY **ppAuthIdentity,
BOOL bCheckWithNullPwd = FALSE,
LPCWSTR pwszNamespace = CIMV2_NAME_SPACE,
HRESULT *phr = NULL,
BOOL *pbLocalSystem = NULL );
VOID WINAPI WbemFreeAuthIdentity( COAUTHIDENTITY **ppAuthIdentity );
// ***************************************************************************
// Routine Description:
// Checks whether the server name is a valid server name or not.
//
// Arguments:
// pwszServer [in] - Server name to be validated.
// bLocalSystem [in/out] - Set to TRUE if server specified is local system.
//
// Return Value:
// TRUE if server is valid else FALSE.
//
// ***************************************************************************
BOOL IsValidServerEx( LPCWSTR pwszServer, BOOL &bLocalSystem )
{
// local variables
CHString strTemp;
if( pwszServer == NULL )
{
return FALSE;
}
bLocalSystem = FALSE;
// get a local copy
strTemp = pwszServer;
// remove the forward slashes (UNC) if exist in the begining of the server name
if ( IsUNCFormat( strTemp ) == TRUE )
{
strTemp = strTemp.Mid( 2 );
if ( strTemp.GetLength() == 0 )
return FALSE;
}
// now check if any '\' character appears in the server name. If so error
if ( strTemp.Find( L'\\' ) != -1 )
return FALSE;
// now check if server name is '.' only which represent local system in WMI
// else determine whether this is a local system or not
bLocalSystem = TRUE;
if ( strTemp.CompareNoCase( L"." ) != 0 )
{
// validate the server
if ( IsValidServer( strTemp ) == FALSE )
return FALSE;
// check whether this is a local system or not
bLocalSystem = IsLocalSystem( strTemp );
}
// valid server name
return TRUE;
}
// ***************************************************************************
// Routine Description:
// Connects to wmi.
//
// Arguments:
// pLocator [in] - Pointer to the IWbemLocator object.
// ppServices [out] - Pointer to IWbemServices object.
// pwszServer [in] - Holds the server name to connect to.
// pwszUser [in/out] - Holds the user name.
// pwszPassword [in/out] - Holds the password.
// ppAuthIdentity [in/out] - Pointer to authentication structure.
// bCheckWithNullPwd [in] - Specifies whether to connect through null password.
// pwszNamespace [in] - Specifies the namespace to connect to.
// phRes [in/out] - Holds the error value.
// pbLocalSystem [in/out] - Holds the boolean value to represent whether the server
// name is local or not.
// Return Value:
// TRUE if successfully connected, FALSE if not.
// ***************************************************************************
BOOL ConnectWmi( IWbemLocator *pLocator, IWbemServices **ppServices,
LPCWSTR pwszServer, LPCWSTR pwszUser, LPCWSTR pwszPassword,
COAUTHIDENTITY **ppAuthIdentity,
BOOL bCheckWithNullPwd, LPCWSTR pwszNamespace, HRESULT *phRes,
BOOL *pbLocalSystem )
{
// local variables
HRESULT hRes = 0;
BOOL bResult = FALSE;
BOOL bLocalSystem = FALSE;
_bstr_t bstrServer;
_bstr_t bstrNamespace;
_bstr_t bstrUser;
_bstr_t bstrPassword;
if ( pbLocalSystem != NULL )
{
*pbLocalSystem = FALSE;
}
if ( phRes != NULL )
{
*phRes = NO_ERROR;
}
try
{
// clear the error
SetLastError( WBEM_S_NO_ERROR );
// assume that connection to WMI namespace is failed
bResult = FALSE;
// check whether locator object exists or not if not return FALSE
if ( pLocator == NULL )
{
if ( phRes != NULL )
{
*phRes = WBEM_E_INVALID_PARAMETER;
}
// return failure
return FALSE;
}
// validate the server name
// NOTE: The error being raised in custom define for '0x800706ba' value
// The message that will be displayed in "The RPC server is unavailable."
if ( IsValidServerEx( pwszServer, bLocalSystem ) == FALSE )
{
_com_issue_error( ERROR_BAD_NETPATH );
}
// validate the user name
if ( IsValidUserEx( pwszUser ) == FALSE )
{
_com_issue_error( ERROR_NO_SUCH_USER );
}
// prepare namespace
bstrNamespace = pwszNamespace; // name space
if ( pwszServer != NULL && bLocalSystem == FALSE )
{
// get the server name
bstrServer = pwszServer;
// prepare the namespace
// NOTE: check for the UNC naming format of the server and do
if ( IsUNCFormat( pwszServer ) == TRUE )
{
bstrNamespace = bstrServer + L"\\" + pwszNamespace;
}
else
{
bstrNamespace = L"\\\\" + bstrServer + L"\\" + pwszNamespace;
}
// user credentials
if ( pwszUser != NULL && lstrlen( pwszUser ) != 0 )
{
// copy the user name
bstrUser = pwszUser;
// if password is empty string and if we need to check with
// null password, then do not set the password and try
bstrPassword = pwszPassword;
if ( bCheckWithNullPwd == TRUE && bstrPassword.length() == 0 )
{
bstrPassword = (LPWSTR) NULL;
}
}
}
// release the existing services object ( to be in safer side )
SAFE_RELEASE( *ppServices );
// connect to the remote system's WMI
// there is a twist here ...
// do not trap the ConnectServer function failure into exception
// instead handle that action manually
// by default try the ConnectServer function as the information which we have
// in our hands at this point. If the ConnectServer is failed,
// check whether password variable has any contents are not ... if no contents
// check with "" (empty) password ... this might pass in this situation ..
// if this call is also failed ... nothing is there that we can do ... throw the exception
hRes = pLocator->ConnectServer( bstrNamespace,
bstrUser, bstrPassword, 0L, 0L, NULL, NULL, ppServices );
if ( FAILED( hRes ) )
{
//
// special case ...
// check whether password exists or not
// NOTE: do not check for 'WBEM_E_ACCESS_DENIED'
// this error code says that user with the current credentials is not
// having access permisions to the 'namespace'
if ( hRes == E_ACCESSDENIED )
{
// check if we tried to connect to the system using null password
// if so, then try connecting to the remote system with empty string
if ( bCheckWithNullPwd == TRUE &&
bstrUser.length() != 0 && bstrPassword.length() == 0 )
{
// now invoke with ...
hRes = pLocator->ConnectServer( bstrNamespace,
bstrUser, _bstr_t( L"" ), 0L, 0L, NULL, NULL, ppServices );
}
}
else if ( hRes == WBEM_E_LOCAL_CREDENTIALS )
{
// credentials were passed to the local system.
// So ignore the credentials and try to reconnect
bLocalSystem = TRUE;
bstrUser = (LPWSTR) NULL;
bstrPassword = (LPWSTR) NULL;
bstrNamespace = pwszNamespace; // name space
hRes = pLocator->ConnectServer( bstrNamespace,
NULL, NULL, 0L, 0L, NULL, NULL, ppServices );
// now check the result again .. if failed
}
// now check the result again .. if failed .. ummmm..
if ( FAILED( hRes ) )
{
_com_issue_error( hRes );
}
else
{
bstrPassword = L"";
}
}
// set the security at the interface level also
SAFE_EXECUTE( SetInterfaceSecurity( *ppServices,
pwszServer, bstrUser, bstrPassword, ppAuthIdentity ) );
// connection to WMI is successful
bResult = TRUE;
// save the hr value if needed by the caller
if ( phRes != NULL )
{
*phRes = WBEM_S_NO_ERROR;
}
}
catch( _com_error& e )
{
// save the error
WMISaveError( e );
// save the hr value if needed by the caller
if ( phRes != NULL )
{
*phRes = e.Error();
}
}
if ( pbLocalSystem != NULL )
{
*pbLocalSystem = bLocalSystem;
}
// return the result
return bResult;
}
// ***************************************************************************
// Routine Description:
// Connects to wmi.
//
// Arguments:
// pLocator [in] - Pointer to the IWbemLocator object.
// ppServices [out] - Pointer to IWbemServices object.
// strServer [in] - Holds the server name to connect to.
// strUserName [in/out] - Holds the user name.
// strPassword [in/out] - Holds the password.
// ppAuthIdentity [in/out] - Pointer to authentication structure.
// bNeedPassword [in] - Specifies whether to prompt for password.
// pwszNamespace [in] - Specifies the namespace to connect to.
// pbLocalSystem [in/out] - Holds the boolean value to represent whether the server
// name is local or not.
// Return Value:
// TRUE if successfully connected, FALSE if not.
// ***************************************************************************
BOOL ConnectWmiEx( IWbemLocator *pLocator,
IWbemServices **ppServices,
const CHString &strServer, CHString &strUserName, CHString &strPassword,
COAUTHIDENTITY **ppAuthIdentity, BOOL bNeedPassword, LPCWSTR pwszNamespace,
BOOL* pbLocalSystem )
{
// local variables
HRESULT hRes = 0;
DWORD dwSize = 0;
BOOL bResult = FALSE;
LPWSTR pwszPassword = NULL;
CHString strBuffer = NULL_STRING;
__MAX_SIZE_STRING szBuffer = NULL_STRING;
// clear the error .. if any
SetLastError( WBEM_S_NO_ERROR );
// sometime users want the utility to prompt for the password
// check what user wants the utility to do
if ( bNeedPassword == TRUE && strPassword.Compare( L"*" ) == 0 )
{
// user wants the utility to prompt for the password
// so skip this part and let the flow directly jump the password acceptance part
}
else
{
// try to establish connection to the remote system with the credentials supplied
if ( strUserName.GetLength() == 0 )
{
// user name is empty
// so, it is obvious that password will also be empty
// even if password is specified, we have to ignore that
bResult = ConnectWmi( pLocator, ppServices,
strServer, NULL, NULL, ppAuthIdentity, FALSE, pwszNamespace, &hRes, pbLocalSystem );
}
else
{
// credentials were supplied
// but password might not be specified ... so check and act accordingly
LPCWSTR pwszTemp = NULL;
if ( bNeedPassword == FALSE )
pwszTemp = strPassword;
// ...
bResult = ConnectWmi( pLocator, ppServices, strServer,
strUserName, pwszTemp, ppAuthIdentity, FALSE, pwszNamespace, &hRes, pbLocalSystem );
}
// check the result ... if successful in establishing connection ... return
if ( bResult == TRUE )
return TRUE;
// now check the kind of error occurred
switch( hRes )
{
case E_ACCESSDENIED:
break;
case WBEM_E_LOCAL_CREDENTIALS:
// needs to do special processing
break;
case WBEM_E_ACCESS_DENIED:
default:
GetWbemErrorText( hRes );
DISPLAY_MESSAGE( stderr, ERROR_TAG );
DISPLAY_MESSAGE( stderr, GetReason() );
return( FALSE ); // no use of accepting the password .. return failure
}
// if failed in establishing connection to the remote terminal
// even if the password is specifed, then there is nothing to do ... simply return failure
if ( bNeedPassword == FALSE )
{
GetWbemErrorText( hRes );
DISPLAY_MESSAGE( stderr, ERROR_TAG );
DISPLAY_MESSAGE( stderr, GetReason() );
return FALSE;
}
}
// check whether user name is specified or not
// if not, get the local system's current user name under whose credentials, the process
// is running
if ( strUserName.GetLength() == 0 )
{
// sub-local variables
LPWSTR pwszUserName = NULL;
try
{
// get the required buffer
pwszUserName = strUserName.GetBufferSetLength( MAX_STRING_LENGTH );
}
catch( ... )
{
SetLastError( E_OUTOFMEMORY );
SaveLastError();
DISPLAY_MESSAGE( stderr, ERROR_TAG );
ShowLastError( stderr );
return FALSE;
}
// get the user name
_TCHAR szUserName[MAX_RES_STRING];
ULONG ulLong = MAX_RES_STRING;
if ( GetUserNameEx ( NameSamCompatible, szUserName , &ulLong)== FALSE )
{
// error occured while trying to get the current user info
SaveLastError();
DISPLAY_MESSAGE( stderr, ERROR_TAG );
ShowLastError( stderr );
return FALSE;
}
lstrcpy(pwszUserName,szUserName);
// format the user name
if ( _tcschr( pwszUserName, _T( '\\' ) ) == NULL )
{
// server not present in user name ... prepare ... this is only for display purpose
FORMAT_STRING2( szBuffer, _T( "%s\\%s" ), strServer, szUserName );
lstrcpy( pwszUserName, szBuffer );
}
// release the extra buffer allocated
strUserName.ReleaseBuffer();
}
try
{
// get the required buffer
pwszPassword = strPassword.GetBufferSetLength( MAX_STRING_LENGTH );
}
catch( ... )
{
SetLastError( E_OUTOFMEMORY );
SaveLastError();
DISPLAY_MESSAGE( stderr, ERROR_TAG );
ShowLastError( stderr );
return FALSE;
}
// accept the password from the user
strBuffer.Format( INPUT_PASSWORD, strUserName );
WriteConsoleW( GetStdHandle( STD_ERROR_HANDLE ),
strBuffer, strBuffer.GetLength(), &dwSize, NULL );
GetPassword( pwszPassword, MAX_PASSWORD_LENGTH );
// release the buffer allocated for password
strPassword.ReleaseBuffer();
// now again try to establish the connection using the currently
// supplied credentials
bResult = ConnectWmi( pLocator, ppServices, strServer,
strUserName, strPassword, ppAuthIdentity, FALSE, pwszNamespace, &hRes, pbLocalSystem );
if( bResult == FALSE )
{
GetWbemErrorText( hRes );
DISPLAY_MESSAGE( stderr, ERROR_TAG );
DISPLAY_MESSAGE( stderr, GetReason() );
return( FALSE ); // no use of accepting the password .. return failure
}
// return the success
return bResult;
}
// ***************************************************************************
// Routine Description:
// Gets the security arguments for an interface.
//
// Arguments:
// pInterface [in] - Pointer to interface stucture.
// dwAuthorization [in/out] - Holds Authorization value.
// dwAuthentication [in/out] - Holds the Authentication value.
//
// Return Value:
// Returns HRESULT value.
// ***************************************************************************
HRESULT GetSecurityArguments( IUnknown *pInterface,
DWORD& dwAuthorization, DWORD& dwAuthentication )
{
// local variables
HRESULT hRes = 0;
DWORD dwAuthnSvc = 0, dwAuthzSvc = 0;
IClientSecurity *pClientSecurity = NULL;
if(pInterface == NULL)
{
return WBEM_E_INVALID_PARAMETER; ;
}
// try to get the client security services values if possible
hRes = pInterface->QueryInterface( IID_IClientSecurity, (void**) &pClientSecurity );
if ( SUCCEEDED( hRes ) )
{
// got the client security interface
// now try to get the security services values
hRes = pClientSecurity->QueryBlanket( pInterface,
&dwAuthnSvc, &dwAuthzSvc, NULL, NULL, NULL, NULL, NULL );
if ( SUCCEEDED( hRes ) )
{
// we've got the values from the interface
dwAuthentication = dwAuthnSvc;
dwAuthorization = dwAuthzSvc;
}
// release the client security interface
SAFEIRELEASE( pClientSecurity );
}
// return always success
return S_OK;
}
// ***************************************************************************
// Routine Description:
// Sets the interface security for the interface.
//
// Arguments:
// pInterface [in] - pointer to the interface.
// pAuthIdentity [in] - pointer to authentication structure.
//
// Return Value:
// returns HRESULT value.
// ***************************************************************************
HRESULT SetInterfaceSecurity( IUnknown *pInterface, COAUTHIDENTITY *pAuthIdentity )
{
// local variables
HRESULT hRes;
LPWSTR pwszDomain = NULL;
DWORD dwAuthorization = RPC_C_AUTHZ_NONE;
DWORD dwAuthentication = RPC_C_AUTHN_WINNT;
// check the interface
if ( pInterface == NULL )
{
return WBEM_E_INVALID_PARAMETER;
}
// get the current security argument value
// GetSecurityArguments( pInterface, dwAuthorization, dwAuthentication );
// set the security information to the interface
hRes = SetProxyBlanket( pInterface, dwAuthentication, dwAuthorization, NULL,
RPC_C_AUTHN_LEVEL_DEFAULT, RPC_C_IMP_LEVEL_IMPERSONATE, pAuthIdentity, EOAC_NONE );
// return the result
return hRes;
}
// ***************************************************************************
// Routine Description:
// Sets proxy blanket for the interface.
//
// Arguments:
// pInterface [in] - pointer to the inteface.
// dwAuthnsvc [in] - Authentication service to use.
// dwAuthzSvc [in] - Authorization service to use.
// pwszPricipal [in] - Server principal name to use with the authentication service.
// dwAuthLevel [in] - Authentication level to use.
// dwImpLevel [in] - Impersonation level to use.
// pAuthInfo [in] - Identity of the client.
// dwCapabilities [in] - Capability flags.
//
// Return Value:
// Return HRESULT value.
//
// ***************************************************************************
HRESULT WINAPI SetProxyBlanket( IUnknown *pInterface,
DWORD dwAuthnSvc, DWORD dwAuthzSvc,
LPWSTR pwszPrincipal, DWORD dwAuthLevel, DWORD dwImpLevel,
RPC_AUTH_IDENTITY_HANDLE pAuthInfo, DWORD dwCapabilities )
{
// local variables
HRESULT hRes;
IUnknown *pUnknown = NULL;
IClientSecurity *pClientSecurity = NULL;
if( pInterface == NULL )
{
return WBEM_E_INVALID_PARAMETER;
}
// get the IUnknown interface ... to check whether this is a valid interface or not
hRes = pInterface->QueryInterface( IID_IUnknown, (void **) &pUnknown );
if ( hRes != S_OK )
{
return hRes;
}
// now get the client security interface
hRes = pInterface->QueryInterface( IID_IClientSecurity, (void **) &pClientSecurity );
if ( hRes != S_OK )
{
SAFEIRELEASE( pUnknown );
return hRes;
}
//
// Can't set pAuthInfo if cloaking requested, as cloaking implies
// that the current proxy identity in the impersonated thread (rather
// than the credentials supplied explicitly by the RPC_AUTH_IDENTITY_HANDLE)
// is to be used.
// See MSDN info on CoSetProxyBlanket for more details.
//
if ( dwCapabilities & (EOAC_STATIC_CLOAKING | EOAC_DYNAMIC_CLOAKING) )
pAuthInfo = NULL;
// now set the security
hRes = pClientSecurity->SetBlanket( pInterface, dwAuthnSvc, dwAuthzSvc, pwszPrincipal,
dwAuthLevel, dwImpLevel, pAuthInfo, dwCapabilities );
// release the security interface
SAFEIRELEASE( pClientSecurity );
// we should check the auth identity structure. if exists .. set for IUnknown also
if ( pAuthInfo != NULL )
{
hRes = pUnknown->QueryInterface( IID_IClientSecurity, (void **) &pClientSecurity );
if ( hRes == S_OK )
{
// set security authentication
hRes = pClientSecurity->SetBlanket(
pUnknown, dwAuthnSvc, dwAuthzSvc, pwszPrincipal,
dwAuthLevel, dwImpLevel, pAuthInfo, dwCapabilities );
// release
SAFEIRELEASE( pClientSecurity );
}
else if ( hRes == E_NOINTERFACE )
hRes = S_OK; // ignore no interface errors
}
// release the IUnknown
SAFEIRELEASE( pUnknown );
// return the result
return hRes;
}
// ***************************************************************************
// Routine Description:
// Allocate memory for authentication variables.
//
// Arguments:
// pwszUser [in/out] - User name.
// pwszPassword [in/out] - Password.
// pwszDomain [in/out] - Domain name.
// ppAuthIdent [in/out] - Poointer to authentication structure.
//
// Return Value:
// Returns HRESULT value.
// ***************************************************************************
HRESULT WINAPI WbemAllocAuthIdentity( LPCWSTR pwszUser, LPCWSTR pwszPassword,
LPCWSTR pwszDomain, COAUTHIDENTITY **ppAuthIdent )
{
// local variables
COAUTHIDENTITY* pAuthIdent = NULL;
// validate the input parameter
if ( ppAuthIdent == NULL )
return WBEM_E_INVALID_PARAMETER;
// allocation thru COM API
pAuthIdent = ( COAUTHIDENTITY* ) CoTaskMemAlloc( sizeof( COAUTHIDENTITY ) );
if ( NULL == pAuthIdent )
return WBEM_E_OUT_OF_MEMORY;
// init with 0's
ZeroMemory( ( void* ) pAuthIdent, sizeof( COAUTHIDENTITY ) );
//
// Allocate needed memory and copy in data. Cleanup if anything goes wrong
// user
if ( pwszUser != NULL )
{
// allocate memory for user
LONG lLength = wcslen( pwszUser );
pAuthIdent->User = ( LPWSTR ) CoTaskMemAlloc( (lLength + 1) * sizeof( WCHAR ) );
if ( pAuthIdent->User == NULL )
{
WbemFreeAuthIdentity( &pAuthIdent );
return WBEM_E_OUT_OF_MEMORY;
}
// set the length and do copy contents
pAuthIdent->UserLength = lLength;
wcscpy( pAuthIdent->User, pwszUser );
}
// domain
if ( pwszDomain != NULL )
{
// allocate memory for domain
LONG lLength = wcslen( pwszDomain );
pAuthIdent->Domain = ( LPWSTR ) CoTaskMemAlloc( (lLength + 1) * sizeof( WCHAR ) );
if ( pAuthIdent->Domain == NULL )
{
WbemFreeAuthIdentity( &pAuthIdent );
return WBEM_E_OUT_OF_MEMORY;
}
// set the length and do copy contents
pAuthIdent->DomainLength = lLength;
wcscpy( pAuthIdent->Domain, pwszDomain );
}
// passsord
if ( pwszPassword != NULL )
{
// allocate memory for passsord
LONG lLength = wcslen( pwszPassword );
pAuthIdent->Password = ( LPWSTR ) CoTaskMemAlloc( (lLength + 1) * sizeof( WCHAR ) );
if ( pAuthIdent->Password == NULL )
{
WbemFreeAuthIdentity( &pAuthIdent );
return WBEM_E_OUT_OF_MEMORY;
}
// set the length and do copy contents
pAuthIdent->PasswordLength = lLength;
wcscpy( pAuthIdent->Password, pwszPassword );
}
// type of the structure
pAuthIdent->Flags = SEC_WINNT_AUTH_IDENTITY_UNICODE;
// final set the address to out parameter
*ppAuthIdent = pAuthIdent;
// return result
return S_OK;
}
// ***************************************************************************
// Routine Description:
// Frees the memory of authentication stucture variable.
//
// Arguments:
// ppAuthIdentity [in] - Pointer to authentication structure.
//
// Return Value:
// none.
// ***************************************************************************
VOID WINAPI WbemFreeAuthIdentity( COAUTHIDENTITY** ppAuthIdentity )
{
// make sure we have a pointer, then walk the structure members and cleanup.
if ( *ppAuthIdentity != NULL )
{
// free the memory allocated for user
if ( (*ppAuthIdentity)->User != NULL )
CoTaskMemFree( (*ppAuthIdentity)->User );
// free the memory allocated for password
if ( (*ppAuthIdentity)->Password != NULL )
CoTaskMemFree( (*ppAuthIdentity)->Password );
// free the memory allocated for domain
if ( (*ppAuthIdentity)->Domain != NULL )
CoTaskMemFree( (*ppAuthIdentity)->Domain );
// final the structure
CoTaskMemFree( *ppAuthIdentity );
}
// set to NULL
*ppAuthIdentity = NULL;
}
// ***************************************************************************
// Routine Description: checks if a user name is valid.
//
// Arguments: UserName
//
// Return Value: BOOL
//
// ***************************************************************************
BOOL IsValidUserEx( LPCWSTR pwszUser )
{
// local variables
CHString strUser;
try
{
// get user into local memory
strUser = pwszUser;
// user name should not be just '\'
if ( strUser.CompareNoCase( L"\\" ) == 0 )
return FALSE;
// user name should not contain invalid characters
if ( strUser.FindOneOf( L"/[]:|<>+=;,?*" ) != -1 )
return FALSE;
}
catch( ... )
{
SetLastError( E_OUTOFMEMORY );
return FALSE;
}
// user name is valid
return TRUE;
}
// ***************************************************************************
// Routine Description:
// Sets interface security.
//
// Arguments:
// pInterface [in] - Pointer to the interface to which security has to be set.
// pwszServer [in] - Holds the server name of the interface.
// pwszUser [in] - Holds the user name of the server.
// pwszPassword [in] - Hold the password of the user.
// ppAuthIdentity [in/out] - Pointer to authentication structure.
//
// Return Value:
// returns HRESULT value.
// ***************************************************************************
HRESULT SetInterfaceSecurity( IUnknown* pInterface,
LPCWSTR pwszServer, LPCWSTR pwszUser,
LPCWSTR pwszPassword, COAUTHIDENTITY** ppAuthIdentity )
{
// local variables
HRESULT hr=0;
CHString strUser;
CHString strDomain;
LPCWSTR pwszUserArg = NULL;
LPCWSTR pwszDomainArg = NULL;
DWORD dwAuthorization = RPC_C_AUTHZ_NONE;
DWORD dwAuthentication = RPC_C_AUTHN_WINNT;
// check the interface
if ( pInterface == NULL )
{
return WBEM_E_INVALID_PARAMETER;
}
// check the authentity strcuture ... if authentity structure is already ready
// simply invoke the 2nd version of SetInterfaceSecurity
if ( *ppAuthIdentity != NULL )
{
return SetInterfaceSecurity( pInterface, *ppAuthIdentity );
}
// get the current security argument value
// GetSecurityArguments( pInterface, dwAuthorization, dwAuthentication );
// If we are doing trivial case, just pass in a null authenication structure
// for which the current logged in user's credentials will be considered
if ( pwszUser == NULL && pwszPassword == NULL )
{
// set the security
hr = SetProxyBlanket( pInterface, dwAuthentication, dwAuthorization,
NULL, RPC_C_AUTHN_LEVEL_DEFAULT, RPC_C_IMP_LEVEL_IMPERSONATE, NULL, EOAC_NONE );
// return the result
return hr;
}
// parse and find out if the user name contains the domain name
// if contains, extract the domain value from it
LONG lPos = -1;
strDomain = L"";
strUser = pwszUser;
if ( ( lPos = strUser.Find( L'\\' ) ) != -1 )
{
// user name contains domain name ... domain\user format
strDomain = strUser.Left( lPos );
strUser = strUser.Mid( lPos + 1 );
}
// get the domain info if it exists only
if ( strDomain.GetLength() != 0 )
{
pwszDomainArg = strDomain;
}
// get the user info if it exists only
if ( strUser.GetLength() != 0 )
{
pwszUserArg = strUser;
}
// check if authentication info is available or not ...
// initialize the security authenication information ... UNICODE VERSION STRUCTURE
if ( ppAuthIdentity == NULL )
{
return WBEM_E_INVALID_PARAMETER;
}
else if ( *ppAuthIdentity == NULL )
{
hr = WbemAllocAuthIdentity( pwszUserArg, pwszPassword, pwszDomainArg, ppAuthIdentity );
if ( hr != S_OK )
{
return hr;
}
}
// set the security information to the interface
hr = SetProxyBlanket( pInterface, dwAuthentication, dwAuthorization, NULL,
RPC_C_AUTHN_LEVEL_DEFAULT, RPC_C_IMP_LEVEL_IMPERSONATE, *ppAuthIdentity, EOAC_NONE );
// return the result
return hr;
}
// ***************************************************************************
// Routine Description:
// Gets WMI error description.
//
// Arguments:
// hResError [in] - Contain error value.
//
// Return Value:
// none.
// ***************************************************************************
VOID WMISaveError( HRESULT hResError )
{
// local variables
HRESULT hRes;
CHString strBuffer = NULL_STRING;
IWbemStatusCodeText *pWbemStatus = NULL;
// if the error is win32 based, choose FormatMessage to get the message
switch( hResError )
{
case E_ACCESSDENIED: // Message: "Access Denied"
case ERROR_NO_SUCH_USER: // Message: "The specified user does not exist."
{
// change the error message to "Logon failure: unknown user name or bad password."
if ( hResError == E_ACCESSDENIED )
{
hResError = ERROR_LOGON_FAILURE;
}
// ...
SetLastError( hResError );
SaveLastError();
return;
}
}
try
{
// get the pointer to buffer
LPWSTR pwszBuffer = NULL;
pwszBuffer = strBuffer.GetBufferSetLength( MAX_STRING_LENGTH );
// get the wbem specific status code text
hRes = CoCreateInstance( CLSID_WbemStatusCodeText,
NULL, CLSCTX_INPROC_SERVER, IID_IWbemStatusCodeText, ( LPVOID* ) &pWbemStatus );
// check whether we got the interface or not
if ( SUCCEEDED( hRes ) )
{
// get the error message
BSTR bstr = NULL;
hRes = pWbemStatus->GetErrorCodeText( hResError, 0, 0, &bstr );
if ( SUCCEEDED( hRes ) )
{
// get the error message in proper format
GetCompatibleStringFromUnicode( bstr, pwszBuffer, MAX_STRING_LENGTH );
//
// supress all the new-line characters and add '.' at the end ( if not exists )
LPWSTR pwszTemp = NULL;
pwszTemp = wcstok( pwszBuffer, L"\r\n" );
if( pwszTemp == NULL )
{
_com_issue_error( WBEM_E_INVALID_PARAMETER );
}
if ( *( pwszTemp + lstrlenW( pwszTemp ) - 1 ) != L'.' )
{
lstrcatW( pwszTemp, L"." );
}
// free the BSTR
SysFreeString( bstr );
bstr = NULL;
// now release status code interface
SAFE_RELEASE( pWbemStatus );
}
else
{
// failed to get the error message ... get the com specific error message
_com_issue_error( hResError );
}
}
else
{
// failed to get the error message ... get the com specific error message
_com_issue_error( hResError );
}
// release the buffer
strBuffer.ReleaseBuffer();
}
catch( _com_error& e )
{
try
{
// get the error message
strBuffer.ReleaseBuffer();
if ( e.ErrorMessage() != NULL )
strBuffer = e.ErrorMessage();
}
catch( ... )
{
SetLastError( E_OUTOFMEMORY );
SaveLastError();
}
}
catch( ... )
{
SetLastError( E_OUTOFMEMORY );
SaveLastError();
return;
}
// set the reason
strBuffer += L"\n";
SetReason( strBuffer );
}