windows-nt/Source/XPSP1/NT/inetsrv/iis/ui/admin/comprop/usrbrows.cpp

1941 lines
40 KiB
C++
Raw Normal View History

2020-09-26 03:20:57 -05:00
/*++
Copyright (c) 1994-1998 Microsoft Corporation
Module Name :
usrbrows.cpp
Abstract:
User Browser Dialog
Author:
Ronald Meijer (ronaldm)
Project:
Internet Services Manager
Revision History:
--*/
//
// Include Files
//
#include "stdafx.h"
#include <iiscnfgp.h>
#include "comprop.h"
#include "objpick.h"
#ifdef _DEBUG
#undef THIS_FILE
static char BASED_CODE THIS_FILE[] = __FILE__;
#endif
extern "C"
{
#define _NTSEAPI_ // Don't want the security API hdrs
#include <getuser.h>
}
#define SZ_USER_CLASS _T("user")
#define SZ_GROUP_CLASS _T("group")
BOOL
CAccessEntry::LookupAccountSid(
OUT CString & strFullUserName,
OUT int & nPictureID,
IN PSID pSid,
IN LPCTSTR lpstrSystemName /* OPTIONAL */
)
/*++
Routine Description:
Get a full user name and picture ID from the SID
Arguments:
CString &strFullUserName : Returns the user name
int & nPictureID : Returns offset into the imagemap that
represents the account type.
PSID pSid : Input SID pointer
LPCTSTR lpstrSystemName : System name or NULL
Return Value:
TRUE for success, FALSE for failure.
--*/
{
DWORD cbUserName = PATHLEN * sizeof(TCHAR);
DWORD cbRefDomainName = PATHLEN * sizeof(TCHAR);
CString strUserName;
CString strRefDomainName;
SID_NAME_USE SidToNameUse;
LPTSTR lpUserName = strUserName.GetBuffer(PATHLEN);
LPTSTR lpRefDomainName = strRefDomainName.GetBuffer(PATHLEN);
BOOL fLookUpOK = ::LookupAccountSid(
lpstrSystemName,
pSid,
lpUserName,
&cbUserName,
lpRefDomainName,
&cbRefDomainName,
&SidToNameUse
);
strUserName.ReleaseBuffer();
strRefDomainName.ReleaseBuffer();
strFullUserName.Empty();
if (fLookUpOK)
{
if (!strRefDomainName.IsEmpty()
&& strRefDomainName.CompareNoCase(_T("BUILTIN")))
{
strFullUserName += strRefDomainName;
strFullUserName += "\\";
}
strFullUserName += strUserName;
nPictureID = SidToNameUse;
}
else
{
strFullUserName.LoadString(IDS_UNKNOWN_USER);
nPictureID = SidTypeUnknown;
}
//
// SID_NAME_USE is 1-based
//
--nPictureID ;
return fLookUpOK;
}
CAccessEntry::CAccessEntry(
IN LPVOID pAce,
IN BOOL fResolveSID
)
/*++
Routine Description:
Construct from an ACE
Arguments:
LPVOID pAce : Pointer to ACE object
BOOL fResolveSID : TRUE to resolve the SID immediately
Return Value:
N/A
--*/
: m_pSid(NULL),
m_fSIDResolved(FALSE),
m_fDeletable(TRUE),
m_fInvisible(FALSE),
m_nPictureID(SidTypeUnknown-1), // SID_NAME_USE is 1-based
m_lpstrSystemName(NULL),
m_accMask(0L),
m_fDeleted(FALSE),
m_strUserName()
{
MarkEntryAsClean();
PACE_HEADER ph = (PACE_HEADER)pAce;
PSID pSID = NULL;
switch(ph->AceType)
{
case ACCESS_ALLOWED_ACE_TYPE:
pSID = (PSID)&((PACCESS_ALLOWED_ACE)pAce)->SidStart;
m_accMask = ((PACCESS_ALLOWED_ACE)pAce)->Mask;
break;
case ACCESS_DENIED_ACE_TYPE:
case SYSTEM_AUDIT_ACE_TYPE:
case SYSTEM_ALARM_ACE_TYPE:
default:
//
// Not supported!
//
ASSERT(FALSE);
break;
}
if (pSID == NULL)
{
return;
}
//
// Allocate a new copy of the sid.
//
DWORD cbSize = ::RtlLengthSid(pSID);
m_pSid = (PSID)AllocMem(cbSize);
DWORD err = ::RtlCopySid(cbSize, m_pSid, pSID);
ASSERT(err == ERROR_SUCCESS);
//
// Only the non-deletable administrators have execute
// privileges
//
m_fDeletable = (m_accMask & FILE_EXECUTE) == 0L;
//
// Enum_keys is a special access right that literally "everyone"
// has, but it doesn't designate an operator, so it should not
// show up in the operator list if this is the only right it has.
//
m_fInvisible = (m_accMask == MD_ACR_ENUM_KEYS);
//SetAccessMask(lpAccessEntry);
if (fResolveSID)
{
ResolveSID();
}
}
CAccessEntry::CAccessEntry(
IN ACCESS_MASK accPermissions,
IN PSID pSid,
IN LPCTSTR lpstrSystemName, OPTIONAL
IN BOOL fResolveSID
)
/*++
Routine Description:
Constructor from access permissions and SID.
Arguments:
ACCESS_MASK accPermissions : Access mask
PSID pSid : Pointer to SID
LPCTSTR lpstrSystemName : Optional system name
BOOL fResolveSID : TRUE to resolve SID immediately
Return Value:
N/A
--*/
: m_pSid(NULL),
m_fSIDResolved(FALSE),
m_fDeletable(TRUE),
m_fInvisible(FALSE),
m_fDeleted(FALSE),
m_nPictureID(SidTypeUnknown-1), // SID_NAME_USE is 1-based
m_strUserName(),
m_lpstrSystemName(NULL),
m_accMask(accPermissions)
{
MarkEntryAsClean();
//
// Allocate a new copy of the sid.
//
DWORD cbSize = ::RtlLengthSid(pSid);
m_pSid = (PSID)AllocMem(cbSize);
DWORD err = ::RtlCopySid(cbSize, m_pSid, pSid);
ASSERT(err == ERROR_SUCCESS);
if (lpstrSystemName != NULL)
{
m_lpstrSystemName = AllocTString(::lstrlen(lpstrSystemName) + 1);
::lstrcpy(m_lpstrSystemName, lpstrSystemName);
}
if (fResolveSID)
{
TRACEEOLID("Bogus SID");
ResolveSID();
}
}
CAccessEntry::CAccessEntry(
IN PSID pSid,
IN LPCTSTR pszUserName,
IN LPCTSTR pszClassName
)
: m_pSid(NULL),
m_fSIDResolved(pszUserName != NULL),
m_fDeletable(TRUE),
m_fInvisible(FALSE),
m_fDeleted(FALSE),
m_nPictureID(SidTypeUnknown-1), // SID_NAME_USE is 1-based
m_strUserName(pszUserName),
m_lpstrSystemName(NULL),
m_accMask(0)
{
MarkEntryAsClean();
//
// Allocate a new copy of the sid.
//
DWORD cbSize = ::RtlLengthSid(pSid);
m_pSid = (PSID)AllocMem(cbSize);
DWORD err = ::RtlCopySid(cbSize, m_pSid, pSid);
ASSERT(err == ERROR_SUCCESS);
if (lstrcmpi(SZ_USER_CLASS, pszClassName) == 0)
m_nPictureID = SidTypeUser - 1;
else if (lstrcmpi(SZ_GROUP_CLASS, pszClassName) == 0)
m_nPictureID = SidTypeGroup - 1;
}
CAccessEntry::CAccessEntry(
IN CAccessEntry& ae
)
: m_fSIDResolved(ae.m_fSIDResolved),
m_fDeletable(ae.m_fDeletable),
m_fInvisible(ae.m_fInvisible),
m_fDeleted(ae.m_fDeleted),
m_fDirty(ae.m_fDirty),
m_nPictureID(ae.m_nPictureID),
m_strUserName(ae.m_strUserName),
m_lpstrSystemName(ae.m_lpstrSystemName),
m_accMask(ae.m_accMask)
{
DWORD cbSize = ::RtlLengthSid(ae.m_pSid);
m_pSid = (PSID)AllocMem(cbSize);
DWORD err = ::RtlCopySid(cbSize, m_pSid, ae.m_pSid);
ASSERT(err == ERROR_SUCCESS);
}
CAccessEntry::~CAccessEntry()
/*++
Routine Description:
Destructor
Arguments:
N/A
Return Value:
N/A
--*/
{
TRACEEOLID(_T("Destroying local copy of the SID"));
ASSERT(m_pSid != NULL);
FreeMem(m_pSid);
if (m_lpstrSystemName != NULL)
{
FreeMem(m_lpstrSystemName);
}
}
BOOL
CAccessEntry::ResolveSID()
/*++
Routine Description:
Look up the user name and type.
Arguments:
None
Return Value:
TRUE for success, FALSE for failure.
Notes:
This could take some time.
--*/
{
//
// Even if it fails, it will be considered
// resolved
//
m_fSIDResolved = TRUE;
return CAccessEntry::LookupAccountSid(
m_strUserName,
m_nPictureID,
m_pSid,
m_lpstrSystemName
);
}
void
CAccessEntry::AddPermissions(
IN ACCESS_MASK accNewPermissions
)
/*++
Routine Description:
Add permissions to this entry.
Arguments:
ACCESS_MASK accNewPermissions : New access permissions to be added
Return Value:
None.
--*/
{
m_accMask |= accNewPermissions;
m_fInvisible = (m_accMask == MD_ACR_ENUM_KEYS);
m_fDeletable = (m_accMask & FILE_EXECUTE) == 0L;
MarkEntryAsChanged();
}
void
CAccessEntry::RemovePermissions(
IN ACCESS_MASK accPermissions
)
/*++
Routine Description:
Remove permissions from this entry.
Arguments:
ACCESS_MASK accPermissions : Access permissions to be taken away
--*/
{
m_accMask &= ~accPermissions;
MarkEntryAsChanged();
}
//
// Helper Functions
//
// <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
PSID
GetOwnerSID()
/*++
Routine Description:
Return a pointer to the primary owner SID we're using.
Arguments:
None
Return Value:
Pointer to owner SID.
--*/
{
PSID pSID = NULL;
SID_IDENTIFIER_AUTHORITY NtAuthority = SECURITY_NT_AUTHORITY;
if (!::AllocateAndInitializeSid(
&NtAuthority,
2,
SECURITY_BUILTIN_DOMAIN_RID,
DOMAIN_ALIAS_RID_ADMINS,
0, 0, 0, 0, 0, 0,
&pSID
))
{
TRACEEOLID("Unable to get primary SID " << ::GetLastError());
}
return pSID;
}
BOOL
BuildAclBlob(
IN CObListPlus & oblSID,
OUT CBlob & blob
)
/*++
Routine Description:
Build a security descriptor blob from the access entries in the oblist
Arguments:
CObListPlus & oblSID : Input list of access entries
CBlob & blob : Output blob
Return Value:
TRUE if the list is dirty. If the list had no entries marked
as dirty, the blob generated will be empty, and this function will
return FALSE.
Notes:
Entries marked as deleted will not be added to the list.
--*/
{
ASSERT(blob.IsEmpty());
BOOL fAclDirty = FALSE;
CAccessEntry * pEntry;
DWORD dwAclSize = sizeof(ACL) - sizeof(DWORD);
CObListIter obli(oblSID);
int cItems = 0;
while(pEntry = (CAccessEntry *)obli.Next())
{
if (!pEntry->IsDeleted())
{
dwAclSize += GetLengthSid(pEntry->GetSid());
dwAclSize += sizeof(ACCESS_ALLOWED_ACE);
++cItems;
}
if (pEntry->IsDirty())
{
fAclDirty = TRUE;
}
}
if (fAclDirty)
{
//
// Build the acl
//
PACL pacl = NULL;
try
{
if (cItems > 0 && dwAclSize > 0)
{
pacl = (PACL)AllocMem(dwAclSize);
if (InitializeAcl(pacl, dwAclSize, ACL_REVISION))
{
obli.Reset();
while(pEntry = (CAccessEntry *)obli.Next())
{
if (!pEntry->IsDeleted())
{
BOOL f = AddAccessAllowedAce(
pacl,
ACL_REVISION,
pEntry->QueryAccessMask(),
pEntry->GetSid()
);
ASSERT(f);
}
}
}
}
//
// Build the security descriptor
//
PSECURITY_DESCRIPTOR pSD =
(PSECURITY_DESCRIPTOR)AllocMem(SECURITY_DESCRIPTOR_MIN_LENGTH);
VERIFY(InitializeSecurityDescriptor(pSD, SECURITY_DESCRIPTOR_REVISION));
VERIFY(SetSecurityDescriptorDacl(pSD, TRUE, pacl, FALSE));
//
// Set owner and primary group
//
PSID pSID = GetOwnerSID();
ASSERT(pSID);
VERIFY(SetSecurityDescriptorOwner(pSD, pSID, TRUE));
VERIFY(SetSecurityDescriptorGroup(pSD, pSID, TRUE));
//
// Convert to self-relative
//
PSECURITY_DESCRIPTOR pSDSelfRelative = NULL;
DWORD dwSize = 0L;
MakeSelfRelativeSD(pSD, pSDSelfRelative, &dwSize);
pSDSelfRelative = AllocMem(dwSize);
MakeSelfRelativeSD(pSD, pSDSelfRelative, &dwSize);
//
// Blob takes ownership
//
blob.SetValue(dwSize, (PBYTE)pSDSelfRelative, FALSE);
//
// Clean up
//
FreeMem(pSD);
FreeSid(pSID);
}
catch(CMemoryException * e)
{
e->ReportError();
e->Delete();
}
}
return fAclDirty;
}
DWORD
BuildAclOblistFromBlob(
IN CBlob & blob,
OUT CObListPlus & oblSID
)
/*++
Routine Description:
Build an oblist of access entries from a security descriptor blob
Arguments:
CBlob & blob : Input blob
CObListPlus & oblSID : Output oblist of access entries
Return Value:
Error return code
--*/
{
PSECURITY_DESCRIPTOR pSD = NULL;
if (!blob.IsEmpty())
{
pSD = (PSECURITY_DESCRIPTOR)blob.GetData();
}
if (pSD == NULL)
{
//
// Empty...
//
return ERROR_SUCCESS;
}
if (!IsValidSecurityDescriptor(pSD))
{
return ::GetLastError();
}
ASSERT(GetSecurityDescriptorLength(pSD) == blob.GetSize());
PACL pacl;
BOOL fDaclPresent;
BOOL fDaclDef;
VERIFY(GetSecurityDescriptorDacl(pSD, &fDaclPresent, &pacl, &fDaclDef));
if (!fDaclPresent || pacl == NULL)
{
return ERROR_SUCCESS;
}
if (!IsValidAcl(pacl))
{
return GetLastError();
}
CError err;
for (WORD w = 0; w < pacl->AceCount; ++w)
{
PVOID pAce;
if (GetAce(pacl, w, &pAce))
{
CAccessEntry * pEntry = new CAccessEntry(pAce, TRUE);
oblSID.AddTail(pEntry);
}
else
{
//
// Save last error, but continue
//
err.GetLastWinError();
}
}
//
// Return last error
//
return err;
}
//
// CAccessEntryListBox - a listbox of user SIDs
//
// <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
IMPLEMENT_DYNAMIC(CAccessEntryListBox, CRMCListBox);
const int CAccessEntryListBox::nBitmaps = 8;
void
CAccessEntryListBox::DrawItemEx(
IN CRMCListBoxDrawStruct& ds
)
/*++
Routine Description:
Draw item in the listbox
Arguments:
CRMCListBoxDrawStruct & ds : Input data structure
Return Value:
N/A
--*/
{
CAccessEntry * pEntry = (CAccessEntry *)ds.m_ItemData;
ASSERT(pEntry != NULL);
ASSERT(pEntry->IsSIDResolved());
DrawBitmap(ds, 0, pEntry->QueryPictureID());
ColumnText(ds, 0, TRUE, pEntry->QueryUserName());
}
void
CAccessEntryListBox::FillAccessListBox(
IN CObListPlus & obl
)
/*++
Routine Description:
Fill a listbox with entries from the oblist.
Entries will not be shown if the deleted flag is set, or if
their access mask does not fit with the requested access mask.
Arguments:
CObListPlus & obl : List of access entries
Return Value:
None.
--*/
{
CObListIter obli(obl);
CAccessEntry * pAccessEntry;
//
// Remember the selection.
//
CAccessEntry * pSelEntry = GetSelectedItem();
SetRedraw(FALSE);
ResetContent();
int cItems = 0;
for ( /**/ ; pAccessEntry = (CAccessEntry *)obli.Next(); ++cItems)
{
if (pAccessEntry->IsVisible() && !pAccessEntry->IsDeleted())
{
AddItem(pAccessEntry);
}
}
SetRedraw(TRUE);
SelectItem(pSelEntry);
}
void
CAccessEntryListBox::ResolveAccessList(
IN CObListPlus &obl
)
/*++
Routine Description:
For each member of the list, resolve the SID into a username.
Arguments:
CObListPlus & obl : List of access entries
Return Value:
None.
--*/
{
CObListIter obli(obl);
CAccessEntry * pAccessEntry;
while (pAccessEntry = (CAccessEntry *)obli.Next())
{
if (!pAccessEntry->IsSIDResolved())
{
pAccessEntry->ResolveSID();
}
}
}
BOOL
CAccessEntryListBox::AddUserPermissions(
IN LPCTSTR lpstrServer,
IN CObListPlus &oblSID,
IN CAccessEntry * newUser,
IN ACCESS_MASK accPermissions
)
/*++
Routine Description:
Add a user to the service list. The return value is
the what would be its listbox index.
Arguments:
LPCTSTR lpstrServer : Server name
CObListPlus &oblSID : List of SIDs
LPUSERDETAILS pusdtNewUser : User details from user browser
ACCESS_MASK accPermissions : Access permissions
Return Value:
TRUE for success, FALSE for failure.
--*/
{
CAccessEntry * pAccessEntry;
//
// Look it up in the list to see if it exists already
//
CObListIter obli(oblSID);
while(pAccessEntry = (CAccessEntry *)obli.Next())
{
if (*pAccessEntry == newUser->GetSid())
{
TRACEEOLID("Found existing account -- adding permissions");
if (pAccessEntry->IsDeleted())
{
//
// Back again..
//
pAccessEntry->FlagForDeletion(FALSE);
}
break;
}
}
if (pAccessEntry == NULL)
{
// I am creating new entry here to be sure that I could delete it from
// the input array. SID is copied to new entry.
pAccessEntry = new CAccessEntry(*newUser);
if (pAccessEntry == NULL)
return FALSE;
pAccessEntry->MarkEntryAsNew();
oblSID.AddTail(pAccessEntry);
}
pAccessEntry->AddPermissions(accPermissions);
return TRUE;
}
BOOL
CAccessEntryListBox::AddToAccessList(
IN CWnd * pWnd,
IN LPCTSTR lpstrServer,
OUT CObListPlus & obl
)
/*++
Routine Description:
Bring up the Add Users and Groups dialogs from netui.
Arguments:
CWnd * pWnd : Parent window
LPCTSTR lpstrServer : Server that owns the accounts
CObListPlus & obl : Returns the list of selected users.
Return Value:
TRUE if anything was added, FALSE otherwise.
--*/
{
CGetUsers usrBrowser(lpstrServer, TRUE);
BOOL bRes = usrBrowser.GetUsers(pWnd->GetSafeHwnd());
UINT cItems = 0;
if (bRes)
{
//
// Specify access mask for an operator
//
ACCESS_MASK accPermissions =
(MD_ACR_READ | MD_ACR_WRITE | MD_ACR_ENUM_KEYS);
for (int i = 0; i < usrBrowser.GetSize(); i++)
{
if (!AddUserPermissions(lpstrServer, obl, usrBrowser[i], accPermissions))
{
bRes = FALSE;
break;
}
cItems++;
}
}
if (cItems > 0)
{
FillAccessListBox(obl);
}
return bRes;
#if 0
USERBROWSER ub;
CError err;
//
// Specify access mask for an operator
//
ACCESS_MASK accPermissions =
(MD_ACR_READ | MD_ACR_WRITE | MD_ACR_ENUM_KEYS);
CString strDomain(lpstrServer);
//
// Ensure the computer name starts with
// backslashes
//
if (strDomain[0] != _T('\\'))
{
strDomain = _T("\\\\") + strDomain;
}
CString strTitle;
VERIFY(strTitle.LoadString(IDS_SELECT_ADMIN));
ub.ulStructSize = sizeof(ub);
ub.fUserCancelled = FALSE;
ub.fExpandNames = FALSE;
ub.hwndOwner = pWnd ? pWnd->m_hWnd : NULL;
ub.pszTitle = NULL;
ub.pszInitialDomain = (LPTSTR)(LPCTSTR)strDomain;
ub.Flags = USRBROWS_INCL_EVERYONE
| USRBROWS_SHOW_ALL
| USRBROWS_EXPAND_USERS;
ub.pszHelpFileName = NULL;
ub.ulHelpContext = IDHELP_MULT_USRBROWSER;
CWinApp * pApp = ::AfxGetApp();
ASSERT(pApp);
if (pApp)
{
ub.pszHelpFileName = (LPTSTR)(LPCTSTR)pApp->m_pszHelpFilePath;
}
HUSERBROW hUserBrowser = ::OpenUserBrowser(&ub);
if (hUserBrowser == NULL)
{
err.GetLastWinError();
err.MessageBoxOnFailure(MB_OK | MB_ICONHAND);
return FALSE;
}
int cItems = 0;
if (!ub.fUserCancelled)
{
//
// Selected users are granted the new privilege
//
try
{
//
// We break out of this loop ourselves
//
for ( ;; )
{
LPUSERDETAILS pusdtNewUser;
DWORD cbSize;
//
// First call should always fail, but tell
// us the size required.
//
cbSize = 0;
EnumUserBrowserSelection(hUserBrowser, NULL, &cbSize);
err.GetLastWinError();
if (err.Win32Error() == ERROR_NO_MORE_ITEMS)
{
//
// All done
//
err.Reset();
break;
}
if (err.Win32Error() == ERROR_INSUFFICIENT_BUFFER)
{
err.Reset();
}
if (err.Failed())
{
break;
}
//
// The EnumUserBrowserSelection API has a bug in which
// the size returned might actually by insufficient.
//
cbSize += 100;
TRACEEOLID("Enum structure size requested is " << cbSize);
pusdtNewUser = (LPUSERDETAILS)AllocMem(cbSize);
if (pusdtNewUser == NULL)
{
err.GetLastWinError();
break;
}
if (!EnumUserBrowserSelection(
hUserBrowser,
pusdtNewUser,
&cbSize
))
{
err.GetLastWinError();
break;
}
TRACEEOLID("Adding user " << pusdtNewUser->pszAccountName);
AddUserPermissions(
lpstrServer,
obl,
pusdtNewUser,
accPermissions
);
++cItems;
FreeMem(pusdtNewUser);
if (err.Failed())
{
break;
}
}
}
catch(CException * e)
{
err.GetLastWinError();
TRACEEOLID("Exception generated while enumerating users");
e->Delete();
}
}
err.MessageBoxOnFailure();
::CloseUserBrowser(hUserBrowser);
if (cItems > 0)
{
FillAccessListBox(obl);
return TRUE;
}
return FALSE;
#endif
}
static
int
BrowseCallbackProc(
IN HWND hwnd,
IN UINT uMsg,
IN LPARAM lParam,
IN LPARAM lpData
)
/*++
Routine Description:
Callback function for the folder browser
Arguments:
hwnd : Handle to the browse dialog box. The callback function can
send the following messages to this window:
BFFM_ENABLEOK Enables the OK button if the wParam parameter
is nonzero or disables it if wParam is zero.
BFFM_SETSELECTION Selects the specified folder. The lParam
parameter is the PIDL of the folder to select
if wParam is FALSE, or it is the path of the
folder otherwise.
BFFM_SETSTATUSTEXT Sets the status text to the null-terminated
string specified by the lParam parameter.
uMsg : Value identifying the event. This parameter can be one of the
following values:
0 Initialize dir path. lParam is the path.
BFFM_INITIALIZED The browse dialog box has finished
initializing. lpData is NULL.
BFFM_SELCHANGED The selection has changed. lpData
is a pointer to the item identifier list for
the newly selected folder.
lParam : Message-specific value. For more information, see the
description of uMsg.
lpData : Application-defined value that was specified in the lParam
member of the BROWSEINFO structure.
Return Value:
0
--*/
{
static LPCTSTR lpstrDomain = NULL;
switch(uMsg)
{
case 0:
lpstrDomain = (LPCTSTR)lParam;
break;
case BFFM_INITIALIZED:
//
// Dialog initialized -- select desired folder
//
if (lpstrDomain != NULL)
{
::SendMessage(hwnd, BFFM_SETSELECTION, TRUE, (LPARAM)lpstrDomain);
}
break;
}
return 0;
}
CBrowseDomainDlg::CBrowseDomainDlg(
IN CWnd * pParent OPTIONAL,
IN LPCTSTR lpszInitialDomain OPTIONAL
)
/*++
Routine Description:
Constructor for domain browser dialog
Arguments:
CWnd * pParent : Parent window or NULL
LPCTSTR lpszInitialDomain : Initial domain, or NULL
Return Value:
N/A
--*/
: m_strInitialDomain(lpszInitialDomain)
{
VERIFY(m_strTitle.LoadString(IDS_BROWSE_DOMAIN));
m_bi.pidlRoot = NULL;
m_bi.hwndOwner = pParent ? pParent->m_hWnd : NULL;
m_bi.pszDisplayName = m_szBuffer;
m_bi.lpszTitle = m_strTitle;
m_bi.ulFlags = BIF_DONTGOBELOWDOMAIN;
m_bi.lpfn = BrowseCallbackProc;
m_bi.lParam = 0;
//
// Let the callback function know the default dir is
//
lpszInitialDomain = !m_strInitialDomain.IsEmpty()
? (LPCTSTR)m_strInitialDomain
: NULL;
BrowseCallbackProc(m_bi.hwndOwner, 0, (LPARAM)lpszInitialDomain, NULL);
//
// Only display network items
//
LPITEMIDLIST pidl;
if (SUCCEEDED(::SHGetSpecialFolderLocation(m_bi.hwndOwner,
CSIDL_NETWORK, &pidl)))
{
m_bi.pidlRoot = pidl;
}
}
CBrowseDomainDlg::~CBrowseDomainDlg()
/*++
Routine Description:
Destructor for directory browser dialog
Arguments:
N/A
Return Value:
N/A
--*/
{
if (m_bi.pidlRoot != NULL)
{
LPITEMIDLIST pidl = (LPITEMIDLIST)m_bi.pidlRoot;
//
// Free using shell allocator
//
LPMALLOC pMalloc;
if (::SHGetMalloc(&pMalloc) == NOERROR)
{
pMalloc->Free(pidl);
pMalloc->Release();
}
}
}
/* virtual */
int
CBrowseDomainDlg::DoModal()
/*++
Routine Description:
Display the browser dialog, and fill in the selected domain.
Arguments:
None
Return Value:
IDOK if the OK button was pressed, IDCANCEL otherwise.
--*/
{
BOOL fSelectionMade = FALSE;
//
// Gets the Shell's default allocator
//
LPMALLOC pMalloc;
if (::SHGetMalloc(&pMalloc) == NOERROR)
{
LPITEMIDLIST pidl;
if ((pidl = ::SHBrowseForFolder(&m_bi)) != NULL)
{
//
// m_szBuffer contains the selected path already
//
fSelectionMade = TRUE;
//
// Free the PIDL allocated by SHBrowseForFolder.
//
pMalloc->Free(pidl);
}
//
// Release the shell's allocator.
//
pMalloc->Release();
}
return fSelectionMade ? IDOK : IDCANCEL;
}
LPCTSTR
CBrowseDomainDlg::GetSelectedDomain(
OUT CString & strName
) const
/*++
Routine Description:
Get the selected domain
Arguments:
CString & strName : String in which to return the domain
Return Value:
A pointer to the domain string or NULL in case of error.
Notes:
This function should be called only after the dialog has been dismissed.
--*/
{
LPCTSTR lp = NULL;
try
{
strName = m_szBuffer;
lp = strName;
}
catch(CMemoryException * e)
{
TRACEEOLID("!!!exception getting path");
e->ReportError();
e->Delete();
strName.Empty();
}
return lp;
}
CBrowseUserDlg::CBrowseUserDlg(
IN CWnd * pParentWnd OPTIONAL,
IN LPCTSTR lpszTitle,
IN LPCTSTR lpszInitialDomain,
IN BOOL fExpandNames,
IN BOOL fSkipInitialDomainInName,
IN DWORD dwFlags,
IN LPCTSTR lpszHelpFileName,
IN ULONG ulHelpContext
)
/*++
Routine Description:
Constructor for user browser dialog
Arguments:
CWnd * pParentWnd : Parent window
LPCTSTR lpszTitle : Dialog title text
LPCTSTR lpszInitialDomain : Initial domain name
BOOL fExpandNames : Expand the names
BOOL fSkipInitialDomainInName : Skip the initial domain when expanding
DWORD dwFlags : Flags
LPCTSTR lpszHelpFileName : Help file path and name
ULONG ulHelpContext : Help context ID
Return Value:
N/A
--*/
: m_fSkipInitialDomainInName(fSkipInitialDomainInName),
m_strTitle(lpszTitle),
m_strInitialDomain(lpszInitialDomain),
m_strHelpFileName(lpszHelpFileName)
{
m_ub.ulStructSize = sizeof(m_ub);
m_ub.fExpandNames = fExpandNames;
m_ub.hwndOwner = pParentWnd->m_hWnd;
m_ub.pszTitle = (LPTSTR)(LPCTSTR)m_strTitle;
m_ub.pszInitialDomain = (LPTSTR)(LPCTSTR)m_strInitialDomain;
m_ub.Flags = dwFlags;
m_ub.pszHelpFileName = (LPTSTR)(LPCTSTR)m_strHelpFileName;
m_ub.ulHelpContext = ulHelpContext;
}
/* virtual */
int
CBrowseUserDlg::DoModal()
/*++
Routine Description:
Show the user browser dialog
Arguments:
None
Return Value:
IDOK if the OK button was pressed, IDCANCEL if the dialog
was cancelled.
--*/
{
CError err;
m_ub.fUserCancelled = FALSE;
m_strSelectedAccounts.RemoveAll();
HUSERBROW hUserBrowser = ::OpenUserBrowser(&m_ub);
if (hUserBrowser == NULL)
{
err.GetLastWinError();
err.MessageBoxOnFailure(MB_OK | MB_ICONHAND);
return IDCANCEL;
}
if (!m_ub.fUserCancelled)
{
try
{
CString strInitialDomain(PURE_COMPUTER_NAME(m_ub.pszInitialDomain));
//
// We break out of this loop ourselves
//
for ( ;; )
{
LPUSERDETAILS pusdtNewUser;
DWORD cbSize;
//
// First call should always fail, but tell
// us the size required.
//
cbSize = 0;
EnumUserBrowserSelection(hUserBrowser, NULL, &cbSize);
err.GetLastWinError();
if (err.Win32Error() == ERROR_NO_MORE_ITEMS)
{
//
// All done
//
err.Reset();
break;
}
if (err.Win32Error() == ERROR_INSUFFICIENT_BUFFER)
{
err.Reset();
}
if (err.Failed())
{
break;
}
//
// The EnumUserBrowserSelection API has a bug in which
// the size returned might actually be insufficient.
//
cbSize += 100;
TRACEEOLID("Enum structure size requested is " << cbSize);
pusdtNewUser = (LPUSERDETAILS)AllocMem(cbSize);
if (pusdtNewUser == NULL)
{
err.GetLastWinError();
break;
}
if (!EnumUserBrowserSelection(
hUserBrowser,
pusdtNewUser,
&cbSize
))
{
err.GetLastWinError();
break;
}
TRACEEOLID("Adding user " << pusdtNewUser->pszAccountName);
CString strAccount;
//
// If the domain name doesn't match that of the
// intial domain, add it as well.
//
if (!m_fSkipInitialDomainInName ||
strInitialDomain.CompareNoCase(pusdtNewUser->pszDomainName) != 0)
{
strAccount += pusdtNewUser->pszDomainName;
strAccount += _T('\\');
}
strAccount += pusdtNewUser->pszAccountName;
m_strSelectedAccounts.AddTail(strAccount);
FreeMem(pusdtNewUser);
if (err.Failed())
{
break;
}
}
}
catch(CMemoryException * e)
{
TRACEEOLID("!!!exception generated while enumerating users");
err = ERROR_NOT_ENOUGH_MEMORY;
e->Delete();
}
}
err.MessageBoxOnFailure();
::CloseUserBrowser(hUserBrowser);
return m_ub.fUserCancelled ? IDCANCEL : IDOK;
}
//
// CUserAccountDlg dialog
//
// <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
CUserAccountDlg::CUserAccountDlg(
IN LPCTSTR lpstrServer,
IN LPCTSTR lpstrUserName,
IN LPCTSTR lpstrPassword,
IN CWnd * pParent OPTIONAL
)
/*++
Routine Description:
Constructor for bringing up the user account dialog
Arguments:
LPCTSTR lpstrServer : Server
LPCTSTR lpstrUserName : Starting Username
LPCTSTR lpstrPassword : Starting Password
CWnd * pParent : Parent window handle
Return Value:
N/A
--*/
: m_strUserName(lpstrUserName),
m_strPassword(lpstrPassword),
m_strServer(lpstrServer),
CDialog(CUserAccountDlg::IDD, pParent)
{
//{{AFX_DATA_INIT(CUserAccountDlg)
//}}AFX_DATA_INIT
}
void
CUserAccountDlg::DoDataExchange(
IN CDataExchange * pDX
)
/*++
Routine Description:
Initialise/Store control Data
Arguments:
CDataExchange * pDX : DDX/DDV struct
Return Value:
None.
--*/
{
CDialog::DoDataExchange(pDX);
//{{AFX_DATA_MAP(CUserAccountDlg)
DDX_Control(pDX, IDC_EDIT_USERNAME, m_edit_UserName);
DDX_Control(pDX, IDC_EDIT_PASSWORD, m_edit_Password);
//}}AFX_DATA_MAP
//
// Private DDX/DDV Routines
//
DDX_Text(pDX, IDC_EDIT_USERNAME, m_strUserName);
DDV_MinMaxChars(pDX, m_strUserName, 1, UNLEN);
DDX_Password(pDX, IDC_EDIT_PASSWORD, m_strPassword, g_lpszDummyPassword);
DDV_MaxChars(pDX, m_strPassword, PWLEN);
}
//
// Message Map
//
BEGIN_MESSAGE_MAP(CUserAccountDlg, CDialog)
//{{AFX_MSG_MAP(CUserAccountDlg)
ON_BN_CLICKED(IDC_BUTTON_BROWSE_USERS, OnButtonBrowseUsers)
ON_BN_CLICKED(IDC_BUTTON_CHECK_PASSWORD, OnButtonCheckPassword)
ON_EN_CHANGE(IDC_EDIT_USERNAME, OnChangeEditUsername)
//}}AFX_MSG_MAP
END_MESSAGE_MAP()
//
// Message Handlers
//
// <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
BOOL
GetIUsrAccount(
IN LPCTSTR lpstrServer,
IN CWnd * pParent, OPTIONAL
OUT CString & str
)
/*++
Routine Description:
Helper function to browse for IUSR Account
Arguments:
LPCTSTR lpstrServer : Server
CWnd * pParent : Parent window
CString & str : Will contain the selected account
Return Value:
TRUE if an account was selected FALSE if not
--*/
{
CGetUsers usrBrowser(lpstrServer);
BOOL bRes = usrBrowser.GetUsers(pParent->GetSafeHwnd(), TRUE);
if (bRes)
{
if (usrBrowser.GetSize() != 0)
{
str = usrBrowser.GetAt(0)->QueryUserName();
}
else
bRes = FALSE;
}
return bRes;
#if 0
CString strDomain(lpstrServer);
//
// Ensure the computer name starts with
// backslashes
//
if (strDomain[0] != _T('\\'))
{
strDomain = _T("\\\\") + strDomain;
}
CString strTitle;
LPCTSTR lpszHelpPath = NULL;
ULONG ulHelpID = IDHELP_USRBROWSER;
VERIFY(strTitle.LoadString(IDS_SELECT_IUSR_ACCOUNT));
CWinApp * pApp = ::AfxGetApp();
ASSERT(pApp);
if (pApp)
{
lpszHelpPath = pApp->m_pszHelpFilePath;
}
CBrowseUserDlg dlg(
pParent,
strTitle,
strDomain,
FALSE,
TRUE,
USRBROWS_EXPAND_USERS
| USRBROWS_SINGLE_SELECT
| USRBROWS_SHOW_USERS,
lpszHelpPath,
ulHelpID
);
if (dlg.DoModal() == IDOK
&& dlg.GetSelectionCount() > 0)
{
str = dlg.GetSelectedAccounts().GetHead();
return TRUE;
}
return FALSE;
#endif
}
DWORD
VerifyUserPassword(
IN LPCTSTR lpstrUserName,
IN LPCTSTR lpstrPassword
)
/*++
Routine Description:
Verify the usernamer password combo checks out
Arguments:
LPCTSTR lpstrUserName : Domain/username combo
LPCTSTR lpstrPassword : Password
Return Value:
ERROR_SUCCESS if the password checks out, an error code
otherwise.
--*/
{
CString strDomain;
CString strUser(lpstrUserName);
CString strPassword(lpstrPassword);
SplitUserNameAndDomain(strUser, strDomain);
//
// In order to look up an account name, this process
// must first be granted the privilege of doing so.
//
CError err;
{
HANDLE hToken;
LUID AccountLookupValue;
TOKEN_PRIVILEGES tkp;
do
{
if (!OpenProcessToken(GetCurrentProcess(),
TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY,
&hToken)
)
{
err.GetLastWinError();
break;
}
if (!LookupPrivilegeValue(NULL, SE_TCB_NAME, &AccountLookupValue))
{
err.GetLastWinError();
break;
}
tkp.PrivilegeCount = 1;
tkp.Privileges[0].Luid = AccountLookupValue;
tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
AdjustTokenPrivileges(
hToken,
FALSE,
&tkp,
sizeof(TOKEN_PRIVILEGES),
(PTOKEN_PRIVILEGES)NULL,
(PDWORD)NULL
);
err.GetLastWinError();
if (err.Failed())
{
break;
}
HANDLE hUser = NULL;
if (LogonUser(
strUser.GetBuffer(0),
strDomain.GetBuffer(0),
strPassword.GetBuffer(0),
LOGON32_LOGON_NETWORK,
LOGON32_PROVIDER_DEFAULT,
&hUser
))
{
//
// Success!
//
CloseHandle(hUser);
}
else
{
err.GetLastWinError();
}
//
// Remove the privilege
//
}
while(FALSE);
}
HANDLE hUser = NULL;
if (LogonUser(
strUser.GetBuffer(0),
strDomain.GetBuffer(0),
strPassword.GetBuffer(0),
LOGON32_LOGON_NETWORK,
LOGON32_PROVIDER_DEFAULT,
&hUser))
{
//
// Success!
//
CloseHandle(hUser);
}
else
{
err.GetLastWinError();
}
return err;
}
void
CUserAccountDlg::OnButtonBrowseUsers()
/*++
Routine Description:
User browse dialog pressed, bring up
the user browser
Arguments:
None
Return Value:
None
--*/
{
CString str;
if (GetIUsrAccount(m_strServer, this, str))
{
//
// If a name was selected, blank
// out the password
//
m_edit_UserName.SetWindowText(str);
m_edit_Password.SetFocus();
}
}
void
CUserAccountDlg::OnChangeEditUsername()
/*++
Routine Description:
Handle change in user name edit box by blanking out the password
Arguments:
None
Return Value:
None
--*/
{
m_edit_Password.SetWindowText(_T(""));
}
void
CUserAccountDlg::OnButtonCheckPassword()
/*++
Routine Description:
'Check Password' has been pressed. Try to validate
the password that has been entered
Arguments:
None
Return Value:
None
--*/
{
if (!UpdateData(TRUE))
{
return;
}
CError err(VerifyUserPassword(m_strUserName, m_strPassword));
if (!err.MessageBoxOnFailure())
{
::AfxMessageBox(IDS_PASSWORD_OK);
}
}