// ipaccess.cpp : Implementation of CTcpAccess & CTcpAccessExceptions. #include "stdafx.h" #include "pudebug.h" #define _RDNS_STANDALONE #include DECLARE_DEBUG_PRINTS_OBJECT() #include "smtpadm.h" #include "smtpcmn.h" #include "cmultisz.h" #include "ipaccess.h" #include "oleutil.h" #include "metautil.h" #include "metakey.h" // Must define THIS_FILE_* macros to use SmtpCreateException() #define THIS_FILE_HELP_CONTEXT 0 #define THIS_FILE_PROG_ID _T("Smtpadm.TcpAccess.1") #define THIS_FILE_IID IID_ITcpAccess // // Useful macros: // #define MAKEIPADDRESS(b1,b2,b3,b4) (((DWORD)(b1)<<24) +\ ((DWORD)(b2)<<16) +\ ((DWORD)(b3)<< 8) +\ ((DWORD)(b4))) #define GETIP_FIRST(x) ((x>>24) & 0xff) #define GETIP_SECOND(x) ((x>>16) & 0xff) #define GETIP_THIRD(x) ((x>> 8) & 0xff) #define GETIP_FOURTH(x) ((x) & 0xff) inline void DWORDtoLPBYTE ( IN DWORD dw, OUT LPBYTE lpBytes ) { _ASSERT ( !IsBadWritePtr ( lpBytes, 4 * sizeof ( BYTE ) ) ); lpBytes[0] = (BYTE)GETIP_FIRST(dw); lpBytes[1] = (BYTE)GETIP_SECOND(dw); lpBytes[2] = (BYTE)GETIP_THIRD(dw); lpBytes[3] = (BYTE)GETIP_FOURTH(dw); } ///////////////////////////////////////////////////////////////////////////// // STDMETHODIMP CTcpAccess::InterfaceSupportsErrorInfo(REFIID riid) { static const IID* arr[] = { &IID_ITcpAccess, }; for (int i=0;iRelease (); } if ( m_pDenyList ) { m_pDenyList->Release (); } } HRESULT CTcpAccess::GetAddressCheckFromMetabase ( CMetabaseKey * pMB, ADDRESS_CHECK * pAC ) { HRESULT hr = NOERROR; DWORD dwDummy = 0; DWORD cbIpSec = 0; BYTE * pIpSec = NULL; hr = pMB->GetDataSize ( _T(""), MD_IP_SEC, BINARY_METADATA, &cbIpSec, METADATA_INHERIT, IIS_MD_UT_FILE ); if ( hr == MD_ERROR_DATA_NOT_FOUND ) { hr = NOERROR; cbIpSec = 0; } BAIL_ON_FAILURE ( hr ); if ( cbIpSec != 0 ) { pIpSec = new BYTE [ cbIpSec ]; if ( !pIpSec ) { BAIL_WITH_FAILURE ( hr, E_OUTOFMEMORY ); } hr = pMB->GetBinary ( MD_IP_SEC, pIpSec, cbIpSec, METADATA_INHERIT, IIS_MD_UT_FILE ); BAIL_ON_FAILURE (hr); pAC->BindCheckList ( pIpSec, cbIpSec ); } Exit: return hr; } ////////////////////////////////////////////////////////////////////// // Private admin object interface: ////////////////////////////////////////////////////////////////////// HRESULT CTcpAccess::GetFromMetabase ( CMetabaseKey * pMB ) { HRESULT hr = NULL; CComObject * pGrantList = NULL; CComObject * pDenyList = NULL; ADDRESS_CHECK ac; hr = GetAddressCheckFromMetabase ( pMB, &ac ); BAIL_ON_FAILURE ( hr ); hr = CComObject::CreateInstance ( &pGrantList ); BAIL_ON_FAILURE(hr); hr = CComObject::CreateInstance ( &pDenyList ); BAIL_ON_FAILURE(hr); // // Copy each list into our object: // hr = pGrantList->FromAddressCheck ( &ac, TRUE ); BAIL_ON_FAILURE(hr); hr = pDenyList->FromAddressCheck ( &ac, FALSE ); BAIL_ON_FAILURE(hr); // // Replace the old grant & deny lists with the new ones: // if ( m_pGrantList ) { m_pGrantList->Release (); m_pGrantList = NULL; } if ( m_pDenyList ) { m_pDenyList->Release (); m_pDenyList = NULL; } m_pGrantList = pGrantList; m_pDenyList = pDenyList; m_pGrantList->AddRef (); m_pDenyList->AddRef (); Exit: ac.UnbindCheckList (); if ( FAILED(hr) ) { delete pGrantList; delete pDenyList; } return hr; } HRESULT CTcpAccess::SendToMetabase ( CMetabaseKey * pMB ) { HRESULT hr; ADDRESS_CHECK ac; BYTE * pIpSec = NULL; DWORD cbIpSec = 0; _ASSERT ( m_pGrantList ); _ASSERT ( m_pDenyList ); ac.BindCheckList (); hr = m_pGrantList->ToAddressCheck ( &ac, TRUE ); BAIL_ON_FAILURE(hr); hr = m_pDenyList->ToAddressCheck ( &ac, FALSE ); BAIL_ON_FAILURE(hr); cbIpSec = ac.QueryCheckListSize (); pIpSec = ac.QueryCheckListPtr (); hr = pMB->SetBinary ( MD_IP_SEC, pIpSec, cbIpSec, METADATA_INHERIT | METADATA_REFERENCE, IIS_MD_UT_FILE ); Exit: return hr; } ////////////////////////////////////////////////////////////////////// // Properties: ////////////////////////////////////////////////////////////////////// STDMETHODIMP CTcpAccess::get_GrantedList ( ITcpAccessExceptions ** ppGrantedList ) { return m_pGrantList->QueryInterface ( IID_ITcpAccessExceptions, (void **) ppGrantedList ); } STDMETHODIMP CTcpAccess::get_DeniedList ( ITcpAccessExceptions ** ppDeniedList ) { return m_pDenyList->QueryInterface ( IID_ITcpAccessExceptions, (void **) ppDeniedList ); } ///////////////////////////////////////////////////////////////////////////// // STDMETHODIMP CTcpAccessExceptions::InterfaceSupportsErrorInfo(REFIID riid) { static const IID* arr[] = { &IID_ITcpAccessExceptions, }; for (int i=0;iGetNbName ( fGrantList ); cAddresses = pAC->GetNbAddr ( fGrantList ); // // Copy the Dns Names: // for ( i = 0; i < cNames; i++ ) { DWORD dwFlags = 0; LPSTR lpName = NULL; CComBSTR strDomain; if ( pAC->GetName ( fGrantList, i, &lpName, &dwFlags ) ) { if ( !(dwFlags & DNSLIST_FLAG_NOSUBDOMAIN) ) { strDomain = _T("*."); strDomain.Append ( lpName ); } else { strDomain = lpName; } hr = AddDnsName ( strDomain ); BAIL_ON_FAILURE(hr); } } // // Copy the IpAddresses: // for ( i = 0; i < cAddresses; i++ ) { DWORD dwFlags = 0; LPBYTE lpMask = NULL; LPBYTE lpAddr = NULL; DWORD dwIpAddress; DWORD dwIpMask; if ( pAC->GetAddr ( fGrantList, i, &dwFlags, &lpMask, &lpAddr ) ) { dwIpAddress = MAKEIPADDRESS( lpAddr[0], lpAddr[1], lpAddr[2], lpAddr[3] ); dwIpMask = MAKEIPADDRESS( lpMask[0], lpMask[1], lpMask[2], lpMask[3] ); hr = AddIpAddress ( (long) dwIpAddress, (long) dwIpMask ); BAIL_ON_FAILURE(hr); } } Exit: return hr; } HRESULT CTcpAccessExceptions::ToAddressCheck ( ADDRESS_CHECK * pAC, BOOL fGrantList ) { HRESULT hr = NOERROR; long i; for ( i = 0; i < m_cCount; i++ ) { BOOL fIsName = FALSE; BOOL fIsAddr = FALSE; m_rgItems[i]->get_IsDnsName ( &fIsName ); m_rgItems[i]->get_IsIpAddress ( &fIsAddr ); if ( fIsName ) { CComBSTR strDnsName; DWORD cchName = 0; LPSTR szAnsiName = NULL; DWORD dwFlags = 0; LPSTR lpName = NULL; hr = m_rgItems[i]->get_DnsName ( &strDnsName ); BAIL_ON_FAILURE(hr); cchName = strDnsName.Length ( ); szAnsiName = new char [ cchName + 1 ]; if ( !szAnsiName ) { BAIL_WITH_FAILURE( hr, E_OUTOFMEMORY ); } WideCharToMultiByte ( CP_ACP, 0, strDnsName, -1, szAnsiName, cchName + 1, NULL, NULL ); if ( strncmp ( szAnsiName, "*.", 2 ) == 0 ) { dwFlags = 0; lpName = szAnsiName + 2; } else { dwFlags |= DNSLIST_FLAG_NOSUBDOMAIN; lpName = szAnsiName; } pAC->AddName ( fGrantList, lpName, dwFlags ); delete szAnsiName; } else if ( fIsAddr ) { long lIpAddress = 0; long lIpMask = 0; BYTE bIp[4]; BYTE bMask[4]; m_rgItems[i]->get_IpAddress ( &lIpAddress ); m_rgItems[i]->get_IpMask ( &lIpMask ); DWORDtoLPBYTE ( (DWORD) lIpAddress, bIp ); DWORDtoLPBYTE ( (DWORD) lIpMask, bMask ); pAC->AddAddr ( fGrantList, AF_INET, bMask, bIp ); } } Exit: return hr; } ////////////////////////////////////////////////////////////////////// // Properties: ////////////////////////////////////////////////////////////////////// STDMETHODIMP CTcpAccessExceptions::get_Count ( long * pcCount ) { return StdPropertyGet ( m_cCount, pcCount ); } STDMETHODIMP CTcpAccessExceptions::AddDnsName ( BSTR strDnsName ) { HRESULT hr = NOERROR; CComPtr pNew; hr = CTcpAccessException::CreateNew ( strDnsName, &pNew ); BAIL_ON_FAILURE ( hr ); hr = AddItem ( pNew ); BAIL_ON_FAILURE ( hr ); Exit: return hr; } STDMETHODIMP CTcpAccessExceptions::AddIpAddress ( long lIpAddress, long lIpMask ) { HRESULT hr = NOERROR; CComPtr pNew; hr = CTcpAccessException::CreateNew ( lIpAddress, lIpMask, &pNew ); BAIL_ON_FAILURE ( hr ); hr = AddItem ( pNew ); BAIL_ON_FAILURE ( hr ); Exit: return hr; } HRESULT CTcpAccessExceptions::AddItem ( ITcpAccessException * pNew ) { HRESULT hr = NOERROR; CComPtr * rgNewItems = NULL; long i; rgNewItems = new CComPtr [ m_cCount + 1 ]; if ( !rgNewItems ) { BAIL_WITH_FAILURE ( hr, E_OUTOFMEMORY ); } for ( i = 0; i < m_cCount; i++ ) { rgNewItems[i] = m_rgItems[i]; } rgNewItems[m_cCount] = pNew; delete [] m_rgItems; m_rgItems = rgNewItems; m_cCount++; Exit: return hr; } STDMETHODIMP CTcpAccessExceptions::Item ( long index, ITcpAccessException ** ppTcpAccessException ) { HRESULT hr; if ( index < 0 || index >= m_cCount ) { return SmtpCreateException ( IDS_SMTPEXCEPTION_INVALID_INDEX ); } hr = m_rgItems[index]->QueryInterface ( IID_ITcpAccessException, (void **) ppTcpAccessException ); return hr; } STDMETHODIMP CTcpAccessExceptions::Remove ( long index ) { HRESULT hr = NOERROR; CComPtr pTemp; long i; if ( index < 0 || index >= m_cCount ) { return SmtpCreateException ( IDS_SMTPEXCEPTION_INVALID_INDEX ); } for ( i = index + 1; i < m_cCount; i++ ) { m_rgItems[i - 1] = m_rgItems[i]; } m_rgItems[m_cCount - 1].Release (); m_cCount--; return hr; } STDMETHODIMP CTcpAccessExceptions::FindDnsIndex ( BSTR strDnsNameToFind, long * pIndex ) { long lResult = -1; long i; for ( i = 0; i < m_cCount; i++ ) { HRESULT hr1; CComBSTR strDnsName; BOOL fIsDnsName = FALSE; hr1 = m_rgItems[i]->get_IsDnsName ( &fIsDnsName ); if ( !fIsDnsName ) { continue; } hr1 = m_rgItems[i]->get_DnsName ( &strDnsName ); if ( SUCCEEDED(hr1) && !lstrcmpi ( strDnsName, strDnsNameToFind ) ) { lResult = i; break; } } *pIndex = lResult; return NOERROR; } STDMETHODIMP CTcpAccessExceptions::FindIpIndex ( long lIpAddressToFind, long lIpMaskToFind, long * pIndex ) { long lResult = -1; long i; for ( i = 0; i < m_cCount; i++ ) { BOOL fIsIpAddress = FALSE; long lIpAddress; long lIpMask; m_rgItems[i]->get_IsIpAddress ( &fIsIpAddress ); if ( !fIsIpAddress ) { continue; } m_rgItems[i]->get_IpAddress ( &lIpAddress ); m_rgItems[i]->get_IpMask ( &lIpMask ); if ( lIpAddress == lIpAddressToFind && lIpMask == lIpMaskToFind ) { lResult = i; break; } } *pIndex = lResult; return NOERROR; } STDMETHODIMP CTcpAccessExceptions::Clear ( ) { delete [] m_rgItems; m_rgItems = NULL; m_cCount = 0; return NOERROR; } ///////////////////////////////////////////////////////////////////////////// // STDMETHODIMP CTcpAccessException::InterfaceSupportsErrorInfo(REFIID riid) { static const IID* arr[] = { &IID_ITcpAccessException, }; for (int i=0;i * pNew = NULL; hr = CComObject::CreateInstance ( &pNew ); BAIL_ON_FAILURE(hr); hr = pNew->put_DnsName ( strDnsName ); BAIL_ON_FAILURE(hr); hr = pNew->QueryInterface ( IID_ITcpAccessException, (void **) ppNew ); BAIL_ON_FAILURE(hr); Exit: if ( FAILED(hr) ) { delete pNew; } return hr; } HRESULT CTcpAccessException::CreateNew ( DWORD dwIpAddress, DWORD dwIpMask, ITcpAccessException ** ppNew ) { HRESULT hr; CComObject * pNew = NULL; hr = CComObject::CreateInstance ( &pNew ); BAIL_ON_FAILURE(hr); hr = pNew->put_IpAddress ( (long) dwIpAddress ); hr = pNew->put_IpMask ( (long) dwIpMask ); hr = pNew->QueryInterface ( IID_ITcpAccessException, (void **) ppNew ); BAIL_ON_FAILURE(hr); Exit: if ( FAILED(hr) ) { delete pNew; } return hr; } ////////////////////////////////////////////////////////////////////// // Properties: ////////////////////////////////////////////////////////////////////// STDMETHODIMP CTcpAccessException::get_IsDnsName ( BOOL * pfIsDnsName ) { return StdPropertyGet ( m_fIsDnsName, pfIsDnsName ); } STDMETHODIMP CTcpAccessException::get_IsIpAddress ( BOOL * pfIsIpAddress ) { return StdPropertyGet ( m_fIsIpAddress, pfIsIpAddress ); } STDMETHODIMP CTcpAccessException::get_DnsName ( BSTR * pstrDnsName ) { return StdPropertyGet ( m_strDnsName, pstrDnsName ); } STDMETHODIMP CTcpAccessException::put_DnsName ( BSTR strDnsName ) { HRESULT hr; hr = StdPropertyPut ( &m_strDnsName, strDnsName ); if ( SUCCEEDED(hr) ) { m_fIsDnsName = TRUE; m_fIsIpAddress = FALSE; } return hr; } STDMETHODIMP CTcpAccessException::get_IpAddress ( long * plIpAddress ) { return StdPropertyGet ( m_dwIpAddress, plIpAddress ); } STDMETHODIMP CTcpAccessException::put_IpAddress ( long lIpAddress ) { HRESULT hr; hr = StdPropertyPut ( &m_dwIpAddress, lIpAddress ); if ( SUCCEEDED(hr) ) { m_fIsDnsName = FALSE; m_fIsIpAddress = TRUE; } return hr; } STDMETHODIMP CTcpAccessException::get_IpMask ( long * plIpMask ) { return StdPropertyGet ( m_dwIpMask, plIpMask ); } STDMETHODIMP CTcpAccessException::put_IpMask ( long lIpMask ) { return StdPropertyPut ( &m_dwIpMask, lIpMask ); }