From: Rob M. <ro...@us...> - 2008-08-22 08:17:56
|
Update of /cvsroot/wix/wix/src/ca/serverca/scaexec In directory sc8-pr-cvs9.sourceforge.net:/tmp/cvs-serv14818/src/ca/serverca/scaexec Modified Files: scacertexec.cpp scaexec.cpp Log Message: EricStJ: Fix SFBUG:1827123 Properly escape database identifiers when using in a query string. CAraman: fixes for compiling at /WX /W4, and one fix for static analysis AaronSte: Adding documentation for WiX MSBuild tasks. MiCarls: IIS Extension no longer expects certain sibling elements in a particular order. EricStJ: Fix EscapeSqlIdentifier to better handle NULL and empty string MiCarls: Fix "if[n]def" to support variable names containing a dot PMarcu: SFBUG:2013549 Improved performance for file diffing. EricStj: Allow CloseApps to send close messages with elevated privilege. RobMen: SFBUG:1881856 - fix cert uninstall on Vista. SFBUG:1930640 - PFXImportCertStore() delete private key containers. SFBUG:1881660 - Certificates should work in MSM. MiCarls: SFBUG:2034934 - don't modularize binder variable file IDs RobMen: SFBUG:1550592 - don't include flattened XSD files in binaries.zip. MiCarls: User-creation custom action code will now remove users from groups they were added to on uninstall, if the user is not being deleted. Index: scacertexec.cpp =================================================================== RCS file: /cvsroot/wix/wix/src/ca/serverca/scaexec/scacertexec.cpp,v retrieving revision 1.3 retrieving revision 1.4 diff -C2 -d -r1.3 -r1.4 *** scacertexec.cpp 10 Jul 2008 19:37:39 -0000 1.3 --- scacertexec.cpp 22 Aug 2008 08:17:22 -0000 1.4 *************** *** 45,48 **** --- 45,49 ---- static HRESULT UninstallCertificate( __in HCERTSTORE hStore, + __in BOOL fUserCertificateStore, __in LPCWSTR wzName ); *************** *** 165,168 **** --- 166,170 ---- DWORD cbData = 0; + BOOL fUserStoreLocation = (CERT_SYSTEM_STORE_CURRENT_USER == dwStoreLocation); HCERTSTORE hCertStore = NULL; *************** *** 205,209 **** if (SCA_ACTION_INSTALL == saAction) // install operations need more data { ! hr = InstallCertificate(hCertStore, (dwStoreLocation == CERT_SYSTEM_STORE_CURRENT_USER), pwzName, pbData, cbData, pwzPFXPassword); ExitOnFailure(hr, "Failed to install certificate."); } --- 207,211 ---- if (SCA_ACTION_INSTALL == saAction) // install operations need more data { ! hr = InstallCertificate(hCertStore, fUserStoreLocation, pwzName, pbData, cbData, pwzPFXPassword); ExitOnFailure(hr, "Failed to install certificate."); } *************** *** 212,216 **** Assert(SCA_ACTION_UNINSTALL == saAction); ! hr = UninstallCertificate(hCertStore, pwzName); ExitOnFailure(hr, "Failed to uninstall certificate."); } --- 214,218 ---- Assert(SCA_ACTION_UNINSTALL == saAction); ! hr = UninstallCertificate(hCertStore, fUserStoreLocation, pwzName); ExitOnFailure(hr, "Failed to uninstall certificate."); } *************** *** 267,271 **** ExitOnNull(wzPFXPassword, hr, E_INVALIDARG, "Failed to import PFX blob because no password was provided"); ! hPfxCertStore = ::PFXImportCertStore((CRYPT_DATA_BLOB*)&blob, wzPFXPassword, fUserCertificateStore ? CRYPT_USER_KEYSET : CRYPT_MACHINE_KEYSET); ExitOnNullWithLastError(hPfxCertStore, hr, "Failed to open PFX file."); --- 269,274 ---- ExitOnNull(wzPFXPassword, hr, E_INVALIDARG, "Failed to import PFX blob because no password was provided"); ! DWORD dwKeyset = fUserCertificateStore ? CRYPT_USER_KEYSET : CRYPT_MACHINE_KEYSET; ! hPfxCertStore = ::PFXImportCertStore((CRYPT_DATA_BLOB*)&blob, wzPFXPassword, dwKeyset | PKCS12_NO_PERSIST_KEY); ExitOnNullWithLastError(hPfxCertStore, hr, "Failed to open PFX file."); *************** *** 318,341 **** static HRESULT UninstallCertificate( __in HCERTSTORE hStore, __in LPCWSTR wzName ) { HRESULT hr = S_OK; PCCERT_CONTEXT pCertContext = NULL; WcaLog(LOGMSG_STANDARD, "Deleting certificate with friendly name: %S", wzName); - /* - pCertContextDelete = ::CertFindCertificateInStore(hCertStore, PKCS_7_ASN_ENCODING | X509_ASN_ENCODING, 0, CERT_FIND_EXISTING, pCertContext, NULL); - if (pCertContextDelete) - { - if (!::CertDeleteCertificateFromStore(pCertContextDelete)) - { - ExitWithLastError1(hr, "Failed to delete certificate: %S", wzName); - } - - pCertContextDelete = NULL; // deleting a certificate free its context. - } - // else if we can't find the certificate in the store just ignore everything. - */ // Loop through all certificates in the store, deleting the ones that match our friendly name. --- 321,335 ---- static HRESULT UninstallCertificate( __in HCERTSTORE hStore, + __in BOOL fUserCertificateStore, __in LPCWSTR wzName ) { HRESULT hr = S_OK; + DWORD er = ERROR_SUCCESS; PCCERT_CONTEXT pCertContext = NULL; + CRYPT_KEY_PROV_INFO* pPrivateKeyInfo = NULL; + DWORD cbPrivateKeyInfo = 0; WcaLog(LOGMSG_STANDARD, "Deleting certificate with friendly name: %S", wzName); // Loop through all certificates in the store, deleting the ones that match our friendly name. *************** *** 352,359 **** if(pCertContextDelete) { ! if (!::CertDeleteCertificateFromStore(pCertContextDelete)) { ! WcaLog(LOGMSG_STANDARD, "Failed to delete certificate with friendly name: %S, continuing anyway.", wzFriendlyName); } pCertContextDelete = NULL; } --- 346,410 ---- if(pCertContextDelete) { ! // Delete the certificate and if successful delete the matching private key as well. ! if (::CertDeleteCertificateFromStore(pCertContextDelete)) { ! // Get the private key info. ! DWORD cb = cbPrivateKeyInfo; ! if (!::CertGetCertificateContextProperty(pCertContextDelete, CERT_KEY_PROV_INFO_PROP_ID, static_cast<LPVOID>(pPrivateKeyInfo), &cb)) ! { ! er = ::GetLastError(); ! if (ERROR_MORE_DATA == er) ! { ! LPVOID pv = NULL; ! if (!pPrivateKeyInfo) ! { ! pv = MemAlloc(cb, TRUE); ! } ! else ! { ! pv = MemReAlloc(pPrivateKeyInfo, cb, TRUE); ! } ! ExitOnNull(pv, hr, E_OUTOFMEMORY, "Failed to allocate memory for private key information."); ! ! cbPrivateKeyInfo = cb; ! pPrivateKeyInfo = static_cast<CRYPT_KEY_PROV_INFO*>(pv); ! pv = NULL; ! ! if (!::CertGetCertificateContextProperty(pCertContextDelete, CERT_KEY_PROV_INFO_PROP_ID, static_cast<LPVOID>(pPrivateKeyInfo), &cb)) ! { ! er = ::GetLastError(); ! } ! } ! hr = HRESULT_FROM_WIN32(er); ! } ! ! // If we found private key info, delete it. ! if (SUCCEEDED(hr)) ! { ! HCRYPTPROV hProvIgnored = NULL; // ignored on deletes. ! DWORD dwKeyset = fUserCertificateStore ? CRYPT_USER_KEYSET : CRYPT_MACHINE_KEYSET; ! ! if (!::CryptAcquireContextW(&hProvIgnored, pPrivateKeyInfo->pwszContainerName, pPrivateKeyInfo->pwszProvName, pPrivateKeyInfo->dwProvType, dwKeyset | CRYPT_DELETEKEYSET)) ! { ! er = ::GetLastError(); ! hr = HRESULT_FROM_WIN32(er); ! } ! } ! else // don't worry about failures to delete private keys. ! { ! hr = S_OK; ! } } + else + { + er = ::GetLastError(); + hr = HRESULT_FROM_WIN32(er); + } + + if (FAILED(hr)) + { + WcaLog(LOGMSG_STANDARD, "Failed to delete certificate with friendly name: %S, continuing anyway. Error: 0x%x", wzFriendlyName, hr); + } + pCertContextDelete = NULL; } Index: scaexec.cpp =================================================================== RCS file: /cvsroot/wix/wix/src/ca/serverca/scaexec/scaexec.cpp,v retrieving revision 1.17 retrieving revision 1.18 diff -C2 -d -r1.17 -r1.18 *** scaexec.cpp 18 Jul 2008 06:28:53 -0000 1.17 --- scaexec.cpp 22 Aug 2008 08:17:22 -0000 1.18 *************** *** 55,59 **** UINT er = ERROR_SUCCESS; ! IMSAdminBase* piMetabase = NULL; LPWSTR pwzData = NULL; --- 55,59 ---- UINT er = ERROR_SUCCESS; ! IMSAdminBase* piMetabase = NULL; LPWSTR pwzData = NULL; *************** *** 64,68 **** hr = ::CoInitialize(NULL); ExitOnFailure(hr, "failed to initialize COM"); ! hr = ::CoCreateInstance(CLSID_MSAdminBase, NULL, CLSCTX_ALL, IID_IMSAdminBase, (void**)&piMetabase); MessageExitOnFailure(hr, msierrIISCannotConnect, "failed to get IID_IIMSAdminBase object"); --- 64,68 ---- hr = ::CoInitialize(NULL); ExitOnFailure(hr, "failed to initialize COM"); ! hr = ::CoCreateInstance(CLSID_MSAdminBase, NULL, CLSCTX_ALL, IID_IMSAdminBase, reinterpret_cast<void**>(&piMetabase)); MessageExitOnFailure(hr, msierrIISCannotConnect, "failed to get IID_IIMSAdminBase object"); *************** *** 101,105 **** UINT er = ERROR_SUCCESS; ! IMSAdminBase* piMetabase = NULL; LPWSTR pwzData = NULL; DWORD cchData = 0; --- 101,105 ---- UINT er = ERROR_SUCCESS; ! IMSAdminBase* piMetabase = NULL; LPWSTR pwzData = NULL; DWORD cchData = 0; *************** *** 110,114 **** hr = ::CoInitialize(NULL); ExitOnFailure(hr, "failed to initialize COM"); ! hr = ::CoCreateInstance(CLSID_MSAdminBase, NULL, CLSCTX_ALL, IID_IMSAdminBase, (void**)&piMetabase); ExitOnFailure(hr, "failed to get IID_IIMSAdminBase object"); --- 110,114 ---- hr = ::CoInitialize(NULL); ExitOnFailure(hr, "failed to initialize COM"); ! hr = ::CoCreateInstance(CLSID_MSAdminBase, NULL, CLSCTX_ALL, IID_IMSAdminBase, reinterpret_cast<void**>(&piMetabase)); ExitOnFailure(hr, "failed to get IID_IIMSAdminBase object"); *************** *** 145,149 **** UINT er = ERROR_SUCCESS; ! IMSAdminBase* piMetabase = NULL; LPWSTR pwzData = NULL; DWORD cchData = 0; --- 145,149 ---- UINT er = ERROR_SUCCESS; ! IMSAdminBase* piMetabase = NULL; LPWSTR pwzData = NULL; DWORD cchData = 0; *************** *** 154,158 **** hr = ::CoInitialize(NULL); ExitOnFailure(hr, "failed to initialize COM"); ! hr = ::CoCreateInstance(CLSID_MSAdminBase, NULL, CLSCTX_ALL, IID_IMSAdminBase, (void**)&piMetabase); ExitOnFailure(hr, "failed to get IID_IIMSAdminBase object"); --- 154,158 ---- hr = ::CoInitialize(NULL); ExitOnFailure(hr, "failed to initialize COM"); ! hr = ::CoCreateInstance(CLSID_MSAdminBase, NULL, CLSCTX_ALL, IID_IMSAdminBase, reinterpret_cast<void**>(&piMetabase)); ExitOnFailure(hr, "failed to get IID_IIMSAdminBase object"); *************** *** 253,263 **** hr = WcaReadStringFromCaData(ppwzCustomActionData, &pwzKey); ExitOnFailure(hr, "failed to read key"); ! hr = WcaReadIntegerFromCaData(ppwzCustomActionData, (int *)&mr.dwMDIdentifier); ExitOnFailure(hr, "failed to read identifier"); ! hr = WcaReadIntegerFromCaData(ppwzCustomActionData, (int *)&mr.dwMDAttributes); ExitOnFailure(hr, "failed to read attributes"); ! hr = WcaReadIntegerFromCaData(ppwzCustomActionData, (int *)&mr.dwMDUserType); ExitOnFailure(hr, "failed to read user type"); ! hr = WcaReadIntegerFromCaData(ppwzCustomActionData, (int *)&mr.dwMDDataType); ExitOnFailure(hr, "failed to read data type"); --- 253,263 ---- hr = WcaReadStringFromCaData(ppwzCustomActionData, &pwzKey); ExitOnFailure(hr, "failed to read key"); ! hr = WcaReadIntegerFromCaData(ppwzCustomActionData, reinterpret_cast<int *>(&mr.dwMDIdentifier)); ExitOnFailure(hr, "failed to read identifier"); ! hr = WcaReadIntegerFromCaData(ppwzCustomActionData, reinterpret_cast<int *>(&mr.dwMDAttributes)); ExitOnFailure(hr, "failed to read attributes"); ! hr = WcaReadIntegerFromCaData(ppwzCustomActionData, reinterpret_cast<int *>(&mr.dwMDUserType)); ExitOnFailure(hr, "failed to read user type"); ! hr = WcaReadIntegerFromCaData(ppwzCustomActionData, reinterpret_cast<int *>(&mr.dwMDDataType)); ExitOnFailure(hr, "failed to read data type"); *************** *** 265,276 **** { case DWORD_METADATA: ! hr = WcaReadIntegerFromCaData(ppwzCustomActionData, (int *)&dwData); mr.dwMDDataLen = sizeof(dwData); ! mr.pbMDData = (BYTE*)&dwData; break; case STRING_METADATA: hr = WcaReadStringFromCaData(ppwzCustomActionData, &pwzTemp); mr.dwMDDataLen = (lstrlenW(pwzTemp) + 1) * sizeof(WCHAR); ! mr.pbMDData = (BYTE*)pwzTemp; break; case MULTISZ_METADATA: --- 265,276 ---- { case DWORD_METADATA: ! hr = WcaReadIntegerFromCaData(ppwzCustomActionData, reinterpret_cast<int *>(&dwData)); mr.dwMDDataLen = sizeof(dwData); ! mr.pbMDData = reinterpret_cast<BYTE*>(&dwData); break; case STRING_METADATA: hr = WcaReadStringFromCaData(ppwzCustomActionData, &pwzTemp); mr.dwMDDataLen = (lstrlenW(pwzTemp) + 1) * sizeof(WCHAR); ! mr.pbMDData = reinterpret_cast<BYTE*>(pwzTemp); break; case MULTISZ_METADATA: *************** *** 283,291 **** *pwzT = L'\0'; } ! mr.pbMDData = (BYTE*)pwzTemp; } break; case BINARY_METADATA: ! hr = WcaReadStreamFromCaData(ppwzCustomActionData, &mr.pbMDData, (DWORD_PTR *)&mr.dwMDDataLen); fFreeData = TRUE; break; --- 283,291 ---- *pwzT = L'\0'; } ! mr.pbMDData = reinterpret_cast<BYTE*>(pwzTemp); } break; case BINARY_METADATA: ! hr = WcaReadStreamFromCaData(ppwzCustomActionData, &mr.pbMDData, reinterpret_cast<DWORD_PTR *>(&mr.dwMDDataLen)); fFreeData = TRUE; break; *************** *** 336,340 **** hr = WcaReadStringFromCaData(ppwzCustomActionData, &pwzRoot); // MetabaseRoot ExitOnFailure(hr, "failed to get metabase root"); ! hr = WcaReadIntegerFromCaData(ppwzCustomActionData, (int *)&fInProc); // InProc ExitOnFailure(hr, "failed to get in proc flag"); --- 336,340 ---- hr = WcaReadStringFromCaData(ppwzCustomActionData, &pwzRoot); // MetabaseRoot ExitOnFailure(hr, "failed to get metabase root"); ! hr = WcaReadIntegerFromCaData(ppwzCustomActionData, reinterpret_cast<int *>(&fInProc)); // InProc ExitOnFailure(hr, "failed to get in proc flag"); *************** *** 408,412 **** HRESULT hr = S_OK; UINT er = ERROR_SUCCESS; ! IMSAdminBase* piMetabase = NULL; IWamAdmin* piWam = NULL; --- 408,412 ---- HRESULT hr = S_OK; UINT er = ERROR_SUCCESS; ! IMSAdminBase* piMetabase = NULL; IWamAdmin* piWam = NULL; *************** *** 435,439 **** if (NULL == piWam) { ! hr = ::CoCreateInstance(CLSID_WamAdmin, NULL, CLSCTX_ALL, IID_IWamAdmin, (void**)&piWam); MessageExitOnFailure(hr, msierrIISCannotConnect, "failed to get IID_IWamAdmin object"); } --- 435,439 ---- if (NULL == piWam) { ! hr = ::CoCreateInstance(CLSID_WamAdmin, NULL, CLSCTX_ALL, IID_IWamAdmin, reinterpret_cast<void**>(&piWam)); MessageExitOnFailure(hr, msierrIISCannotConnect, "failed to get IID_IWamAdmin object"); } *************** *** 445,449 **** if (NULL == piMetabase) { ! hr = ::CoCreateInstance(CLSID_MSAdminBase, NULL, CLSCTX_ALL, IID_IMSAdminBase, (void**)&piMetabase); MessageExitOnFailure(hr, msierrIISCannotConnect, "failed to get IID_IIMSAdminBase object"); } --- 445,449 ---- if (NULL == piMetabase) { ! hr = ::CoCreateInstance(CLSID_MSAdminBase, NULL, CLSCTX_ALL, IID_IMSAdminBase, reinterpret_cast<void**>(&piMetabase)); MessageExitOnFailure(hr, msierrIISCannotConnect, "failed to get IID_IIMSAdminBase object"); } *************** *** 455,459 **** if (NULL == piMetabase) { ! hr = ::CoCreateInstance(CLSID_MSAdminBase, NULL, CLSCTX_ALL, IID_IMSAdminBase, (void**)&piMetabase); MessageExitOnFailure(hr, msierrIISCannotConnect, "failed to get IID_IIMSAdminBase object"); } --- 455,459 ---- if (NULL == piMetabase) { ! hr = ::CoCreateInstance(CLSID_MSAdminBase, NULL, CLSCTX_ALL, IID_IMSAdminBase, reinterpret_cast<void**>(&piMetabase)); MessageExitOnFailure(hr, msierrIISCannotConnect, "failed to get IID_IIMSAdminBase object"); } *************** *** 465,469 **** if (NULL == piMetabase) { ! hr = ::CoCreateInstance(CLSID_MSAdminBase, NULL, CLSCTX_ALL, IID_IMSAdminBase, (void**)&piMetabase); MessageExitOnFailure(hr, msierrIISCannotConnect, "failed to get IID_IIMSAdminBase object"); } --- 465,469 ---- if (NULL == piMetabase) { ! hr = ::CoCreateInstance(CLSID_MSAdminBase, NULL, CLSCTX_ALL, IID_IMSAdminBase, reinterpret_cast<void**>(&piMetabase)); MessageExitOnFailure(hr, msierrIISCannotConnect, "failed to get IID_IIMSAdminBase object"); } *************** *** 549,553 **** hr = WcaReadIntegerFromCaData(&pwz, &iAttributes); ExitOnFailure1(hr, "failed to read attributes from custom action data: %S", pwz); ! hr = WcaReadIntegerFromCaData(&pwz, (int *)&fIntegratedAuth); // Integrated Windows Authentication? ExitOnFailure1(hr, "failed to read integrated auth flag from custom action data: %S", pwz); hr = WcaReadStringFromCaData(&pwz, &pwzUser); // SQL User --- 549,553 ---- hr = WcaReadIntegerFromCaData(&pwz, &iAttributes); ExitOnFailure1(hr, "failed to read attributes from custom action data: %S", pwz); ! hr = WcaReadIntegerFromCaData(&pwz, reinterpret_cast<int *>(&fIntegratedAuth)); // Integrated Windows Authentication? ExitOnFailure1(hr, "failed to read integrated auth flag from custom action data: %S", pwz); hr = WcaReadStringFromCaData(&pwz, &pwzUser); // SQL User *************** *** 557,561 **** // db file spec ! hr = WcaReadIntegerFromCaData(&pwz, (int *) &fHaveDbFileSpec); ExitOnFailure1(hr, "failed to read db file spec from custom action data: %S", pwz); --- 557,561 ---- // db file spec ! hr = WcaReadIntegerFromCaData(&pwz, reinterpret_cast<int *>(&fHaveDbFileSpec)); ExitOnFailure1(hr, "failed to read db file spec from custom action data: %S", pwz); *************** *** 589,593 **** // log file spec ! hr = WcaReadIntegerFromCaData(&pwz, (int *) &fHaveLogFileSpec); ExitOnFailure1(hr, "failed to read log file spec from custom action data: %S", pwz); if (fHaveLogFileSpec) --- 589,593 ---- // log file spec ! hr = WcaReadIntegerFromCaData(&pwz, reinterpret_cast<int *>(&fHaveLogFileSpec)); ExitOnFailure1(hr, "failed to read log file spec from custom action data: %S", pwz); if (fHaveLogFileSpec) *************** *** 705,711 **** hr = WcaReadStringFromCaData(&pwz, &pwzDatabase); ExitOnFailure(hr, "failed to read database"); ! hr = WcaReadIntegerFromCaData(&pwz, (int *)&lAttributes); ExitOnFailure(hr, "failed to read attributes"); ! hr = WcaReadIntegerFromCaData(&pwz, (int *)&fIntegratedAuth); // Integrated Windows Authentication? ExitOnFailure(hr, "failed to read integrated auth flag"); hr = WcaReadStringFromCaData(&pwz, &pwzUser); --- 705,711 ---- hr = WcaReadStringFromCaData(&pwz, &pwzDatabase); ExitOnFailure(hr, "failed to read database"); ! hr = WcaReadIntegerFromCaData(&pwz, reinterpret_cast<int *>(&lAttributes)); ExitOnFailure(hr, "failed to read attributes"); ! hr = WcaReadIntegerFromCaData(&pwz, reinterpret_cast<int *>(&fIntegratedAuth)); // Integrated Windows Authentication? ExitOnFailure(hr, "failed to read integrated auth flag"); hr = WcaReadStringFromCaData(&pwz, &pwzUser); *************** *** 794,798 **** hr = WcaReadIntegerFromCaData(&pwz, &iAttributesDB); ExitOnFailure(hr, "failed to read attributes"); ! hr = WcaReadIntegerFromCaData(&pwz, (int *)&fIntegratedAuth); // Integrated Windows Authentication? ExitOnFailure(hr, "failed to read integrated auth flag"); hr = WcaReadStringFromCaData(&pwz, &pwzUser); --- 794,798 ---- hr = WcaReadIntegerFromCaData(&pwz, &iAttributesDB); ExitOnFailure(hr, "failed to read attributes"); ! hr = WcaReadIntegerFromCaData(&pwz, reinterpret_cast<int *>(&fIntegratedAuth)); // Integrated Windows Authentication? ExitOnFailure(hr, "failed to read integrated auth flag"); hr = WcaReadStringFromCaData(&pwz, &pwzUser); *************** *** 894,905 **** hr = WcaReadStringFromCaData(&pwz, &pwzDirectory); // full path to share ExitOnFailure(hr, "failed to read share name"); ! hr = WcaReadIntegerFromCaData(&pwz, (int *)&fIntegratedAuth); ExitOnFailure(hr, "failed to read integrated authentication"); ! hr = WcaReadIntegerFromCaData(&pwz, (int *)&dwExUserPerms); ExitOnFailure(hr, "failed to read count of permissions to set"); if(dwExUserPerms > 0) { ! pUserPermsList = (SCA_SMBP_USER_PERMS*)MemAlloc(sizeof(SCA_SMBP_USER_PERMS)*dwExUserPerms, TRUE); ExitOnNull(pUserPermsList, hr, E_OUTOFMEMORY, "failed to allocate memory for permissions structure"); --- 894,905 ---- hr = WcaReadStringFromCaData(&pwz, &pwzDirectory); // full path to share ExitOnFailure(hr, "failed to read share name"); ! hr = WcaReadIntegerFromCaData(&pwz, reinterpret_cast<int *>(&fIntegratedAuth)); ExitOnFailure(hr, "failed to read integrated authentication"); ! hr = WcaReadIntegerFromCaData(&pwz, reinterpret_cast<int *>(&dwExUserPerms)); ExitOnFailure(hr, "failed to read count of permissions to set"); if(dwExUserPerms > 0) { ! pUserPermsList = reinterpret_cast<SCA_SMBP_USER_PERMS*>(MemAlloc(sizeof(SCA_SMBP_USER_PERMS)*dwExUserPerms, TRUE)); ExitOnNull(pUserPermsList, hr, E_OUTOFMEMORY, "failed to allocate memory for permissions structure"); *************** *** 917,921 **** iAccessMode = 0; ! hr = WcaReadIntegerFromCaData(&pwz, (int *)&nExPermissions); ExitOnFailure(hr, "failed to read count of permissions"); pUserPermsList[dwCounter].nPermissions = nExPermissions; --- 917,921 ---- iAccessMode = 0; ! hr = WcaReadIntegerFromCaData(&pwz, reinterpret_cast<int *>(&nExPermissions)); ExitOnFailure(hr, "failed to read count of permissions"); pUserPermsList[dwCounter].nPermissions = nExPermissions; *************** *** 1076,1080 **** lgmi.lgrmi3_domainandname = (NULL == pwzUser ? wzUser : pwzUser); ! ui = ::NetLocalGroupAddMembers(wz, wzGroup, 3 , (LPBYTE)&lgmi, 1); } hr = HRESULT_FROM_WIN32(ui); --- 1076,1080 ---- lgmi.lgrmi3_domainandname = (NULL == pwzUser ? wzUser : pwzUser); ! ui = ::NetLocalGroupAddMembers(wz, wzGroup, 3 , reinterpret_cast<LPBYTE>(&lgmi), 1); } hr = HRESULT_FROM_WIN32(ui); *************** *** 1095,1100 **** ExitOnFailure2(hr, "failed to create group ADsPath for group: %S domain: %S", wzGroup, wzGroupDomain); ! hr = ::ADsGetObject(bstrGroup,IID_IADsGroup,(void**)&pGroup); ! ExitOnFailure1(hr, "Failed to get group '%S'.", (WCHAR*)bstrGroup ); hr = pGroup->Add(bstrUser); --- 1095,1100 ---- ExitOnFailure2(hr, "failed to create group ADsPath for group: %S domain: %S", wzGroup, wzGroupDomain); ! hr = ::ADsGetObject(bstrGroup,IID_IADsGroup, reinterpret_cast<void**>(&pGroup)); ! ExitOnFailure1(hr, "Failed to get group '%S'.", reinterpret_cast<WCHAR*>(bstrGroup) ); hr = pGroup->Add(bstrUser); *************** *** 1102,1106 **** hr = S_OK; ! ExitOnFailure2(hr, "Failed to add user %S to group '%S'.", (WCHAR*)bstrUser, (WCHAR*)bstrGroup ); } --- 1102,1172 ---- hr = S_OK; ! ExitOnFailure2(hr, "Failed to add user %S to group '%S'.", reinterpret_cast<WCHAR*>(bstrUser), reinterpret_cast<WCHAR*>(bstrGroup) ); ! } ! ! LExit: ! ReleaseObject(pGroup); ! ReleaseBSTR(bstrUser); ! ReleaseBSTR(bstrGroup); ! ! return hr; ! } ! ! static HRESULT RemoveUserFromGroup( ! __in LPWSTR wzUser, ! __in LPCWSTR wzUserDomain, ! __in LPCWSTR wzGroup, ! __in LPCWSTR wzGroupDomain ! ) ! { ! Assert(wzUser && *wzUser && wzUserDomain && wzGroup && *wzGroup && wzGroupDomain); ! ! HRESULT hr = S_OK; ! IADsGroup *pGroup = NULL; ! BSTR bstrUser = NULL; ! BSTR bstrGroup = NULL; ! LPCWSTR wz = NULL; ! LPWSTR pwzUser = NULL; ! LOCALGROUP_MEMBERS_INFO_3 lgmi; ! ! if (*wzGroupDomain) ! { ! wz = wzGroupDomain; ! } ! ! // Try removing it from the global group first ! UINT ui = ::NetGroupDelUser(wz, wzGroup, wzUser); ! if (NERR_GroupNotFound == ui) ! { ! // Try removing it from the local group ! if (wzUserDomain) ! { ! hr = StrAllocFormatted(&pwzUser, L"%s\\%s", wzUserDomain, wzUser); ! ExitOnFailure(hr, "failed to allocate user domain string"); ! } ! ! lgmi.lgrmi3_domainandname = (NULL == pwzUser ? wzUser : pwzUser); ! ui = ::NetLocalGroupDelMembers(wz, wzGroup, 3 , reinterpret_cast<LPBYTE>(&lgmi), 1); ! } ! hr = HRESULT_FROM_WIN32(ui); ! ! // ! // If we failed, try active directory ! // ! if (FAILED(hr)) ! { ! WcaLog(LOGMSG_VERBOSE, "Failed to remove user: %S, domain %S from group: %S, domain: %S with error 0x%x. Attempting to use Active Directory", wzUser, wzUserDomain, wzGroup, wzGroupDomain, hr); ! ! hr = CreateADsPath(wzUserDomain, wzUser, &bstrUser); ! ExitOnFailure2(hr, "failed to create user ADsPath in order to remove user: %S domain: %S", wzUser, wzUserDomain); ! ! hr = CreateADsPath(wzGroupDomain, wzGroup, &bstrGroup); ! ExitOnFailure2(hr, "failed to create group ADsPath in order to remove group: %S domain: %S", wzGroup, wzGroupDomain); ! ! hr = ::ADsGetObject(bstrGroup,IID_IADsGroup, reinterpret_cast<void**>(&pGroup)); ! ExitOnFailure1(hr, "Failed to get group '%S'.", reinterpret_cast<WCHAR*>(bstrGroup) ); ! ! hr = pGroup->Remove(bstrUser); ! ExitOnFailure2(hr, "Failed to remove user %S from group '%S'.", reinterpret_cast<WCHAR*>(bstrUser), reinterpret_cast<WCHAR*>(bstrGroup) ); } *************** *** 1237,1241 **** USER_INFO_1* puserInfo = NULL; DWORD dw; ! LPCWSTR wz = NULL; hr = WcaInitialize(hInstall, "CreateUser"); --- 1303,1307 ---- USER_INFO_1* puserInfo = NULL; DWORD dw; ! LPCWSTR wz = NULL; hr = WcaInitialize(hInstall, "CreateUser"); *************** *** 1255,1262 **** hr = WcaReadStringFromCaData(&pwz, &pwzDomain); ! ExitOnFailure(hr, "failed to read domain from custom action data"); hr = WcaReadIntegerFromCaData(&pwz, &iAttributes); ! ExitOnFailure(hr, "failed to read attributes from custom action data"); hr = WcaReadStringFromCaData(&pwz, &pwzPassword); --- 1321,1328 ---- hr = WcaReadStringFromCaData(&pwz, &pwzDomain); ! ExitOnFailure(hr, "failed to read domain from custom action data"); hr = WcaReadIntegerFromCaData(&pwz, &iAttributes); ! ExitOnFailure(hr, "failed to read attributes from custom action data"); hr = WcaReadStringFromCaData(&pwz, &pwzPassword); *************** *** 1291,1300 **** } ! er = ::NetUserAdd(wz, 1, (LPBYTE)&userInfo, &dw); if (NERR_UserExists == er) { if (SCAU_UPDATE_IF_EXISTS & iAttributes) { ! er = ::NetUserGetInfo(wz, pwzName, 1, (LPBYTE*)&puserInfo); if (NERR_Success == er) { --- 1357,1366 ---- } ! er = ::NetUserAdd(wz, 1, reinterpret_cast<LPBYTE>(&userInfo), &dw); if (NERR_UserExists == er) { if (SCAU_UPDATE_IF_EXISTS & iAttributes) { ! er = ::NetUserGetInfo(wz, pwzName, 1, reinterpret_cast<LPBYTE*>(&puserInfo)); if (NERR_Success == er) { *************** *** 1303,1307 **** SetUserPasswordAndAttributes(puserInfo, pwzPassword, iAttributes); ! er = ::NetUserSetInfo(wz, pwzName, 1, (LPBYTE)puserInfo, &dw); } } --- 1369,1373 ---- SetUserPasswordAndAttributes(puserInfo, pwzPassword, iAttributes); ! er = ::NetUserSetInfo(wz, pwzName, 1, reinterpret_cast<LPBYTE>(puserInfo), &dw); } } *************** *** 1380,1383 **** --- 1446,1451 ---- LPWSTR pwzName = NULL; LPWSTR pwzDomain= NULL; + LPWSTR pwzGroup = NULL; + LPWSTR pwzGroupDomain = NULL; int iAttributes = 0; LPCWSTR wz = NULL; *************** *** 1403,1407 **** hr = WcaReadIntegerFromCaData(&pwz, &iAttributes); ! ExitOnFailure(hr, "failed to read domain from custom action data"); // --- 1471,1475 ---- hr = WcaReadIntegerFromCaData(&pwz, &iAttributes); ! ExitOnFailure(hr, "failed to read attributes from custom action data"); // *************** *** 1443,1446 **** --- 1511,1544 ---- ExitOnFailure1(hr = HRESULT_FROM_WIN32(er), "failed to delete user account: %S", pwzName); } + else + { + // + // Remove the user from the groups + // + while (S_OK == (hr = WcaReadStringFromCaData(&pwz, &pwzGroup))) + { + hr = WcaReadStringFromCaData(&pwz, &pwzGroupDomain); + + if (FAILED(hr)) + { + WcaLogError(hr, "failed to get domain for group: %S, continuing anyway.", pwzGroup); + } + else + { + hr = RemoveUserFromGroup(pwzName, pwzDomain, pwzGroup, pwzGroupDomain); + if (FAILED(hr)) + { + WcaLogError(hr, "failed to remove user: %S from group %S, continuing anyway.", pwzName, pwzGroup); + } + } + } + + if (E_NOMOREITEMS == hr) // if there are no more items, all is well + { + hr = S_OK; + } + + ExitOnFailure1(hr, "failed to get next group from which to remove user:%S", pwzName); + } LExit: |