2020-09-30 16:53:55 +02:00

242 lines
9.5 KiB
C++

/*---------------------------------------------------------------------------
File: RightsTranslator.cpp
Comments: Functions to translate user rights
(c) Copyright 1999, Mission Critical Software, Inc., All Rights Reserved
Proprietary and confidential to Mission Critical Software, Inc.
REVISION LOG ENTRY
Revision By: Christy Boles
Revised on 02/25/99 19:57:16
---------------------------------------------------------------------------
*/
#include "StdAfx.h"
#include "Mcs.h"
#include "WorkObj.h"
#include "SecTrans.h"
#include "STArgs.hpp"
#include "SidCache.hpp"
#include "SDStat.hpp"
#include "TxtSid.h"
#include "ErrDct.hpp"
//#import "\bin\McsDctWorkerObjects.tlb"
#import "WorkObj.tlb"
extern TErrorDct err;
DWORD
TranslateUserRights(
WCHAR const * serverName, // in - name of server to translate groups on
SecurityTranslatorArgs * stArgs, // in - translation settings
TSDRidCache * cache, // in - translation table
TSDResolveStats * stat // in - stats on items modified
)
{
// DWORD rc = 0;
HRESULT hr;
SAFEARRAY * pRights = NULL;
SAFEARRAY * pUsers = NULL;
TAcctNode * node = NULL;
_bstr_t server = serverName;
MCSDCTWORKEROBJECTSLib::IUserRightsPtr pLsa(CLSID_UserRights);
WCHAR currPath[500];
DWORD mode = stArgs->TranslationMode();
BOOL bUseMapFile = stArgs->UsingMapFile();
//
// If server name is not null then use specified name for generated messages. If specified
// server name is null that means the user rights translation is being performed on the
// local machine therefore retrieve the local machine name and use it for generated messages.
//
WCHAR szServerName[LEN_Computer];
if (serverName && *serverName)
{
wcsncpy(szServerName, serverName, LEN_Computer);
szServerName[LEN_Computer - 1] = L'\0';
}
else
{
DWORD dwSize = LEN_Computer;
if (!GetComputerName(szServerName, &dwSize))
{
szServerName[0] = L'\0';
}
}
if ( pLsa == NULL )
{
return E_FAIL;
}
pLsa->NoChange = stArgs->NoChange();
if ( stArgs->TranslationMode() == REPLACE_SECURITY || stArgs->TranslationMode() == REMOVE_SECURITY )
{
err.MsgWrite(0,DCT_MSG_USER_RIGHTS_ONLY_ADDS);
stArgs->SetTranslationMode(ADD_SECURITY);
}
// Get a list of all the rights
hr = pLsa->raw_GetRights(server,&pRights);
if ( SUCCEEDED(hr) )
{
LONG nRights = 0;
long ndx[1];
hr = SafeArrayGetUBound(pRights,1,&nRights);
if ( SUCCEEDED(hr) )
{
for ( long i = 0 ; i <= nRights && !stArgs->Cache()->IsCancelled(); i++ )
{
BSTR right;
ndx[0] = i;
hr = SafeArrayGetElement(pRights,ndx,&right);
if ( SUCCEEDED(hr) )
{
swprintf(currPath,L"%s\\%s",szServerName,(WCHAR*)right);
if( stat )
{
stat->DisplayPath(currPath);
}
// Get a list of users who have this right
hr = pLsa->raw_GetUsersWithRight(server,right,&pUsers);
if ( SUCCEEDED(hr))
{
LONG nUsers = 0;
hr = SafeArrayGetUBound(pUsers,1,&nUsers);
if ( SUCCEEDED(hr) )
{
BSTR user;
PSID pSid = NULL;
// PSID pTgt = NULL;
for ( long j = 0 ; j <= nUsers ; j++ )
{
ndx[0] = j;
hr = SafeArrayGetElement(pUsers,ndx,&user);
if ( SUCCEEDED(hr))
{
// Get the user's sid
pSid = SidFromString(user);
if ( pSid )
{
stat->IncrementExamined(userright);
// Lookup the user in the cache
if (!bUseMapFile)
node = cache->Lookup(pSid);
else
node = cache->LookupWODomain(pSid);
if ( node )
{
if ( node == (TAcctNode*)-1 )
{
node = NULL;
}
if ( node && node->IsValidOnTgt() )
{
// Found the account in the cache
// remove the right from the source user
if ( (stArgs->TranslationMode() == REMOVE_SECURITY ||stArgs->TranslationMode() == REPLACE_SECURITY) )
{
hr = pLsa->raw_RemoveUserRight(server,user,right);
if ( FAILED(hr))
{
err.SysMsgWrite(ErrE,hr,DCT_MSG_REMOVE_RIGHT_FAILED_SSSD,
(WCHAR*)right,node->GetAcctName(),szServerName,hr);
stat->IncrementSkipped(userright);
}
else
{
err.MsgWrite(0,DCT_MSG_REMOVED_RIGHT_SSSS,szServerName,right,stArgs->Source(),node->GetAcctName());
}
}
if ( SUCCEEDED(hr) )
{
stat->IncrementChanged(userright);
PSID sid = NULL;
if (!bUseMapFile)
sid = cache->GetTgtSid(node);
else
sid = cache->GetTgtSidWODomain(node);
if ( sid )
{
WCHAR strSid[200];
DWORD lenStrSid = DIM(strSid);
GetTextualSid(sid,strSid,&lenStrSid);
if ( (stArgs->TranslationMode() != REMOVE_SECURITY) )
{
hr = pLsa->raw_AddUserRight(server,SysAllocString(strSid),right);
if ( FAILED(hr) )
{
err.SysMsgWrite(ErrE,hr,DCT_MSG_ADD_RIGHT_FAILED_SSSD,
(WCHAR*)right,node->GetAcctName(),szServerName,hr);
}
else
{
err.MsgWrite(0,DCT_MSG_ADDED_RIGHT_SSSS,szServerName,right,stArgs->Target(),node->GetAcctName());
}
}
free(sid);
}
}
}
}
FreeSid(pSid);
}
else
{
err.MsgWrite(ErrW,DCT_MSG_INVALID_SID_STRING_S,user);
}
SysFreeString(user);
}
}
}
else
{
err.SysMsgWrite(ErrE,hr,DCT_MSG_USERS_WITH_RIGHT_COUNT_FAILED_SSD,(WCHAR*)right,szServerName,hr);
}
SafeArrayDestroy(pUsers);
}
else
{
err.MsgWrite(ErrE,DCT_MSG_GET_USERS_WITH_RIGHT_FAILED_SSD,(WCHAR*)right,szServerName,hr);
}
SysFreeString(right);
}
else
{
err.MsgWrite(ErrE,DCT_MSG_LIST_RIGHTS_FAILED_SD,szServerName,hr);
break;
}
}
}
else
{
err.MsgWrite(ErrE,DCT_MSG_LIST_RIGHTS_FAILED_SD,szServerName,hr);
}
SafeArrayDestroy(pRights);
}
else
{
err.MsgWrite(ErrE,DCT_MSG_LIST_RIGHTS_FAILED_SD,szServerName,hr);
}
if( stat )
{
stat->DisplayPath(L"");
}
// set the translation mode back to its original value
stArgs->SetTranslationMode(mode);
return hr;
}