//Copyright (c) 1998 - 1999 Microsoft Corporation // c2cfgDlg.cpp : implementation file // #include "stdafx.h" #include "c2cfg.h" #include "c2cfgDlg.h" #include "security.h" #include #include #include "..\..\inc\utildll.h" #ifdef _DEBUG #define new DEBUG_NEW #undef THIS_FILE static char THIS_FILE[] = __FILE__; #endif ///////////////////////////////////////////////////////////////////////////// // CAboutDlg dialog used for App About class CAboutDlg : public CDialog { public: CAboutDlg(); // Dialog Data //{{AFX_DATA(CAboutDlg) enum { IDD = IDD_ABOUTBOX }; //}}AFX_DATA // ClassWizard generated virtual function overrides //{{AFX_VIRTUAL(CAboutDlg) protected: virtual void DoDataExchange(CDataExchange* pDX); // DDX/DDV support //}}AFX_VIRTUAL // Implementation protected: //{{AFX_MSG(CAboutDlg) //}}AFX_MSG DECLARE_MESSAGE_MAP() }; CAboutDlg::CAboutDlg() : CDialog(CAboutDlg::IDD) { //{{AFX_DATA_INIT(CAboutDlg) //}}AFX_DATA_INIT } void CAboutDlg::DoDataExchange(CDataExchange* pDX) { CDialog::DoDataExchange(pDX); //{{AFX_DATA_MAP(CAboutDlg) //}}AFX_DATA_MAP } BEGIN_MESSAGE_MAP(CAboutDlg, CDialog) //{{AFX_MSG_MAP(CAboutDlg) // No message handlers //}}AFX_MSG_MAP END_MESSAGE_MAP() ///////////////////////////////////////////////////////////////////////////// // CC2cfgDlg dialog CC2cfgDlg::CC2cfgDlg(CWnd* pParent /*=NULL*/) : CDialog(CC2cfgDlg::IDD, pParent) { //{{AFX_DATA_INIT(CC2cfgDlg) //}}AFX_DATA_INIT // Note that LoadIcon does not require a subsequent DestroyIcon in Win32 m_hIcon = AfxGetApp()->LoadIcon(IDR_MAINFRAME); } void CC2cfgDlg::DoDataExchange(CDataExchange* pDX) { CDialog::DoDataExchange(pDX); //{{AFX_DATA_MAP(CC2cfgDlg) //}}AFX_DATA_MAP } BEGIN_MESSAGE_MAP(CC2cfgDlg, CDialog) //{{AFX_MSG_MAP(CC2cfgDlg) ON_WM_SYSCOMMAND() ON_WM_PAINT() ON_WM_QUERYDRAGICON() ON_BN_CLICKED(ID_HELP, OnHelp) //}}AFX_MSG_MAP END_MESSAGE_MAP() ///////////////////////////////////////////////////////////////////////////// // CC2cfgDlg message handlers BOOL CC2cfgDlg::OnInitDialog() { WCHAR pwcSecLevel[sizeof("Medium")]; PWCHAR pwcSecurityPath = SECURITY_REG_NAME; PWCHAR pwcSecurity = CTXSECURITY_SECURITYLEVEL; ULONG ulSize; ULONG ulType; CString sErrorString; CString sErrorTitle; CWnd *wndRButton; CString sSecLevelString; CDialog::OnInitDialog(); // Add "About..." menu item to system menu. // IDM_ABOUTBOX must be in the system command range. ASSERT((IDM_ABOUTBOX & 0xFFF0) == IDM_ABOUTBOX); ASSERT(IDM_ABOUTBOX < 0xF000); CMenu* pSysMenu = GetSystemMenu(FALSE); CString strAboutMenu; strAboutMenu.LoadString(IDS_ABOUTBOX); if (!strAboutMenu.IsEmpty()) { pSysMenu->AppendMenu(MF_SEPARATOR); pSysMenu->AppendMenu(MF_STRING, IDM_ABOUTBOX, strAboutMenu); } // Set the icon for this dialog. The framework does this automatically // when the application's main window is not a dialog SetIcon(m_hIcon, TRUE); // Set big icon SetIcon(m_hIcon, FALSE); // Set small icon // TODO: Add extra initialization here if( TestUserForAdmin( TRUE ) != TRUE ) // param TRUE specifies check for domain admin { if( TestUserForAdmin( FALSE ) != TRUE ) // param FALSE specifies check for local admin { sErrorString.LoadString( IDS_NOT_ADMIN ); sErrorTitle.LoadString( IDS_C2_ERR ); MessageBox( sErrorString, sErrorTitle, MB_OK | MB_ICONEXCLAMATION ); DestroyWindow(); return FALSE; } } if( RegOpenKeyExW( HKEY_LOCAL_MACHINE, pwcSecurityPath,0,KEY_ALL_ACCESS,&hKey ) ) { //error message box sErrorString.LoadString( IDS_ERR_REG ); sErrorTitle.LoadString( IDS_C2_ERR ); MessageBox( sErrorString, sErrorTitle,MB_OK ); DestroyWindow(); return FALSE; } if( RegQueryValueExW( hKey,pwcSecurity,0,&ulType,(LPBYTE)pwcSecLevel,&ulSize) ) { //error message box sErrorString.LoadString( IDS_ERR_REG ); sErrorTitle.LoadString( IDS_C2_ERR ); MessageBox( sErrorString, sErrorTitle,MB_OK ); RegCloseKey( hKey ); DestroyWindow(); return FALSE; } if( wcscmp( pwcSecLevel,L"Default")== 0 ) { CheckRadioButton( IDC_HIGH, IDC_LOW, IDC_LOW ); sSecLevelString.LoadString( IDS_TEXT_DEFAULT ); } else if( wcscmp( pwcSecLevel,L"Low")== 0 ) { CheckRadioButton( IDC_HIGH, IDC_LOW, IDC_LOW ); sSecLevelString.LoadString( IDS_TEXT_LOW ); } else if( wcscmp( pwcSecLevel,L"Medium")== 0 ) { CheckRadioButton( IDC_HIGH, IDC_LOW, IDC_MED ); sSecLevelString.LoadString( IDS_TEXT_MED ); // disable low button wndRButton = GetDlgItem( IDC_LOW ); wndRButton->EnableWindow( FALSE ); } else { CheckRadioButton( IDC_HIGH, IDC_LOW, IDC_HIGH ); sSecLevelString.LoadString( IDS_TEXT_HIGH ); //disable other two buttons wndRButton = GetDlgItem( IDC_MED ); wndRButton->EnableWindow( FALSE ); wndRButton = GetDlgItem( IDC_LOW ); wndRButton->EnableWindow( FALSE ); } SetDlgItemText( IDC_STATUS, sSecLevelString ); return TRUE; // return TRUE unless you set the focus to a control } void CC2cfgDlg::OnSysCommand(UINT nID, LPARAM lParam) { if ((nID & 0xFFF0) == IDM_ABOUTBOX) { CAboutDlg dlgAbout; dlgAbout.DoModal(); } else { CDialog::OnSysCommand(nID, lParam); } } // If you add a minimize button to your dialog, you will need the code below // to draw the icon. For MFC applications using the document/view model, // this is automatically done for you by the framework. void CC2cfgDlg::OnPaint() { if (IsIconic()) { CPaintDC dc(this); // device context for painting SendMessage(WM_ICONERASEBKGND, (WPARAM) dc.GetSafeHdc(), 0); // Center icon in client rectangle int cxIcon = GetSystemMetrics(SM_CXICON); int cyIcon = GetSystemMetrics(SM_CYICON); CRect rect; GetClientRect(&rect); int x = (rect.Width() - cxIcon + 1) / 2; int y = (rect.Height() - cyIcon + 1) / 2; // Draw the icon dc.DrawIcon(x, y, m_hIcon); } else { CDialog::OnPaint(); } } // The system calls this to obtain the cursor to display while the user drags // the minimized window. HCURSOR CC2cfgDlg::OnQueryDragIcon() { return (HCURSOR) m_hIcon; } HKEY g_RegEventKey; void CC2cfgDlg::OnOK() { // TODO: Add extra validation here WCHAR pwcPath[MAX_PATH]; WCHAR pwc_src[MAX_PATH]; WCHAR pwc_dest[MAX_PATH]; WCHAR pwcNTF_file[20]; WCHAR pwcREG_file[20]; WCHAR C2CONFIG[] = L"c2config"; WCHAR pwcSecLevel[sizeof("Medium")]; ULONG ulSize; PWCHAR pwcSecurity = CTXSECURITY_SECURITYLEVEL; WCHAR szDir[MAX_PATH]; CString sErrorString; CString sErrorTitle; CString sMessage; CString sMessageTitle; DWORD idRegSecCheck, idDirSecCheck; /************ Structures containing event handles to wait on and boolean variable to set when event occurs **************/ EVENT_CHECK_TYPE DirectoryEventCheck, RegistryEventCheck; BOOLEAN PosixDeleted = FALSE; BOOLEAN OS2Deleted = FALSE; WCHAR szBuffer[MAX_PATH]; WCHAR szFileName[MAX_PATH]; PWCHAR pwc; STARTUPINFOW StartUpInfo; PROCESS_INFORMATION ProcessInfo; if( IsDlgButtonChecked(IDC_HIGH) ) { wcscpy( pwcNTF_file, L"\\c2ntfhi.inf" ); wcscpy( pwcREG_file, L"\\c2reghi.inf" ); wcscpy( pwcSecLevel, L"High"); } else if( IsDlgButtonChecked(IDC_MED) ) { wcscpy( pwcNTF_file, L"\\c2ntfmed.inf" ); wcscpy( pwcREG_file, L"\\c2regmed.inf" ); wcscpy( pwcSecLevel, L"Medium" ); } else { // low wcscpy( pwcNTF_file, L"\\c2ntflow.inf" ); wcscpy( pwcREG_file, L"\\c2reglow.inf" ); wcscpy( pwcSecLevel, L"Low"); } /************************************************************************************* What I'm trying to do: C2config.exe takes in the files c2regacl.inf (registry) and c2ntfacl.inf( file system ). These files are scripts to set the ACL's on the registry and file system . There a 3 different flavors of each of these files. One each for LOW, MEDIUM, and HIGH c2 security. I simply select a file based on the security level selected and then copy it to the the generic name c2regacl.inf or c2ntfacl.inf. The user must still run 2 functions in c2config.exe to use these inf files. After c2config.exe runs I do a check to see if they were run. *************************************************************************************/ GetSystemDirectoryW( pwcPath, MAX_PATH ); wcscpy( pwc_src, pwcPath ); wcscat( pwc_src, pwcNTF_file ); wcscpy( pwc_dest, pwcPath ); wcscat( pwc_dest, L"\\c2ntfacl.inf" ); if( !CopyFileW(pwc_src, pwc_dest, FALSE) ) { //error message box sErrorString.Format( IDS_ERR_NO_FILE, pwcNTF_file+1 ); sErrorTitle.LoadString( IDS_C2_ERR ); MessageBox( sErrorString, sErrorTitle,MB_OK ); RegCloseKey( hKey ); CDialog::OnOK(); return; } *pwc_src = *pwc_dest = L'\0'; wcscpy( pwc_src, pwcPath ); wcscat( pwc_src, pwcREG_file ); wcscpy( pwc_dest, pwcPath ); wcscat( pwc_dest, L"\\c2regacl.inf" ); if( !CopyFileW(pwc_src, pwc_dest, FALSE) ) { //send an error box out sErrorString.Format( IDS_ERR_NO_FILE, pwcREG_file+1 ); sErrorTitle.LoadString( IDS_C2_ERR ); MessageBox( sErrorString, sErrorTitle,MB_OK ); RegCloseKey( hKey ); CDialog::OnOK(); return; } memset( &StartUpInfo,'\0', sizeof(STARTUPINFO) ); StartUpInfo.cb = sizeof(STARTUPINFO); StartUpInfo.wShowWindow = SW_SHOWDEFAULT; /***************************************************************************** These threads are started to check if c2config is run correctly -- changing the security ACL's on the registry and specified files. Theses threads are passed an event handle and a boolean variable. If the security they are looking at is changed, the event is triggered and the bolean variable is set. *****************************************************************************/ RegistryEventCheck.handle = CreateEvent( NULL, FALSE, FALSE, NULL ); RegistryEventCheck.bEventTriggered = FALSE; if( RegistryEventCheck.handle != NULL ) { CreateThread( NULL, 0, (LPTHREAD_START_ROUTINE)RegistrySecurityCheck, &RegistryEventCheck, 0, &idRegSecCheck ); } /* I only want to keep the drive letter info part of the system directory */ GetSystemDirectoryW( szDir, MAX_PATH ); szDir[3] = L'\0'; DirectoryEventCheck.handle = FindFirstChangeNotificationW( szDir, TRUE, FILE_NOTIFY_CHANGE_SECURITY ); DirectoryEventCheck.bEventTriggered = FALSE; if( DirectoryEventCheck.handle != INVALID_HANDLE_VALUE ) { CreateThread( NULL, 0, (LPTHREAD_START_ROUTINE)DirectorySecurityCheck, &DirectoryEventCheck, 0, &idDirSecCheck ); } /******* Run C2config and then I'll check to see what the user did **************/ CreateProcessW(NULL, C2CONFIG, NULL, NULL, FALSE, 0, NULL, NULL, &StartUpInfo, &ProcessInfo ); WaitForSingleObject( ProcessInfo.hProcess, INFINITE ); /******************************************************************** I can't guarentee that the created threads ever stop waiting for an event. So they would not always be able to close there handles. So I do it here. ***********************************************************************/ RegCloseKey( g_RegEventKey ); CloseHandle( RegistryEventCheck.handle ); FindCloseChangeNotification( DirectoryEventCheck.handle ); /********************************************************************** Both the Registry and the Directory Security levels must be set, or I do not record the change in the directory. **********************************************************************/ wcscpy( szFileName, L"psxss.exe" ); if( SearchPathW( NULL, szFileName, NULL, MAX_PATH, szBuffer, &pwc ) == 0 ) PosixDeleted = TRUE; wcscpy( szFileName, L"os2.exe" ); if( SearchPathW( NULL, szFileName, NULL, MAX_PATH, szBuffer, &pwc ) == 0 ) OS2Deleted = TRUE; if( (RegistryEventCheck.bEventTriggered == TRUE) && (DirectoryEventCheck.bEventTriggered == TRUE) && (PosixDeleted == TRUE) && (OS2Deleted == TRUE) ) { ulSize = ( wcslen(pwcSecLevel) + 1 ) * sizeof(WCHAR); RegSetValueExW( hKey,pwcSecurity,0,REG_SZ,(LPBYTE)pwcSecLevel,ulSize ); sMessage.Format( IDS_SUCCESS_FM, pwcSecLevel ); sMessageTitle.LoadString( IDS_C2 ); MessageBox( sMessage, sMessageTitle, MB_OK ); } else { sMessage.LoadString( IDS_FAIL ); sMessageTitle.LoadString( IDS_C2 ); MessageBox( sMessage, sMessageTitle,MB_OK ); } RegCloseKey( hKey ); CDialog::OnOK(); } void CC2cfgDlg::WinHelp(DWORD dwData, UINT nCmd) { // TODO: Add your specialized code here and/or call the base class CDialog::WinHelp(dwData, nCmd); } void CC2cfgDlg::OnHelp() { // TODO: Add your control notification handler code here WinHelp(0, HELP_CONTENTS); }