diff options
Diffstat (limited to 'src/ca/scauser.cpp')
| -rw-r--r-- | src/ca/scauser.cpp | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/src/ca/scauser.cpp b/src/ca/scauser.cpp index 0d87301f..b25e9daf 100644 --- a/src/ca/scauser.cpp +++ b/src/ca/scauser.cpp | |||
| @@ -475,10 +475,19 @@ HRESULT ScaUserExecute( | |||
| 475 | DWORD er = 0; | 475 | DWORD er = 0; |
| 476 | PDOMAIN_CONTROLLER_INFOW pDomainControllerInfo = NULL; | 476 | PDOMAIN_CONTROLLER_INFOW pDomainControllerInfo = NULL; |
| 477 | 477 | ||
| 478 | LPWSTR pwzBaseScriptKey = NULL; | ||
| 479 | DWORD cScriptKey = 0; | ||
| 480 | |||
| 478 | USER_INFO_0 *pUserInfo = NULL; | 481 | USER_INFO_0 *pUserInfo = NULL; |
| 482 | LPWSTR pwzScriptKey = NULL; | ||
| 479 | LPWSTR pwzActionData = NULL; | 483 | LPWSTR pwzActionData = NULL; |
| 480 | LPWSTR pwzRollbackData = NULL; | 484 | LPWSTR pwzRollbackData = NULL; |
| 481 | 485 | ||
| 486 | // Get the base script key for this CustomAction. | ||
| 487 | hr = WcaCaScriptCreateKey(&pwzBaseScriptKey); | ||
| 488 | ExitOnFailure(hr, "Failed to get encoding key."); | ||
| 489 | |||
| 490 | // Loop through all the users to be configured. | ||
| 482 | for (SCA_USER *psu = psuList; psu; psu = psu->psuNext) | 491 | for (SCA_USER *psu = psuList; psu; psu = psu->psuNext) |
| 483 | { | 492 | { |
| 484 | USER_EXISTS ueUserExists = USER_EXISTS_INDETERMINATE; | 493 | USER_EXISTS ueUserExists = USER_EXISTS_INDETERMINATE; |
| @@ -555,6 +564,17 @@ HRESULT ScaUserExecute( | |||
| 555 | // Rollback only if the user already exists, we couldn't determine if the user exists, or we are going to create the user | 564 | // Rollback only if the user already exists, we couldn't determine if the user exists, or we are going to create the user |
| 556 | if ((USER_EXISTS_YES == ueUserExists) || (USER_EXISTS_INDETERMINATE == ueUserExists) || !(psu->iAttributes & SCAU_DONT_CREATE_USER)) | 565 | if ((USER_EXISTS_YES == ueUserExists) || (USER_EXISTS_INDETERMINATE == ueUserExists) || !(psu->iAttributes & SCAU_DONT_CREATE_USER)) |
| 557 | { | 566 | { |
| 567 | ++cScriptKey; | ||
| 568 | hr = StrAllocFormatted(&pwzScriptKey, L"%ls%u", pwzBaseScriptKey, cScriptKey); | ||
| 569 | ExitOnFailure(hr, "Failed to create encoding key."); | ||
| 570 | |||
| 571 | // Write the script key to CustomActionData for install and rollback so information can be passed to rollback. | ||
| 572 | hr = WcaWriteStringToCaData(pwzScriptKey, &pwzActionData); | ||
| 573 | ExitOnFailure(hr, "Failed to add encoding key to custom action data."); | ||
| 574 | |||
| 575 | hr = WcaWriteStringToCaData(pwzScriptKey, &pwzRollbackData); | ||
| 576 | ExitOnFailure(hr, "Failed to add encoding key to rollback custom action data."); | ||
| 577 | |||
| 558 | INT iRollbackUserAttributes = psu->iAttributes; | 578 | INT iRollbackUserAttributes = psu->iAttributes; |
| 559 | 579 | ||
| 560 | // If the user already exists, ensure this is accounted for in rollback | 580 | // If the user already exists, ensure this is accounted for in rollback |
| @@ -567,6 +587,10 @@ HRESULT ScaUserExecute( | |||
| 567 | iRollbackUserAttributes &= ~SCAU_DONT_CREATE_USER; | 587 | iRollbackUserAttributes &= ~SCAU_DONT_CREATE_USER; |
| 568 | } | 588 | } |
| 569 | 589 | ||
| 590 | // The deferred CA determines when to rollback User Rights Assignments so these should never be set. | ||
| 591 | iRollbackUserAttributes &= ~SCAU_ALLOW_LOGON_AS_SERVICE; | ||
| 592 | iRollbackUserAttributes &= ~SCAU_ALLOW_LOGON_AS_BATCH; | ||
| 593 | |||
| 570 | hr = WcaWriteStringToCaData(psu->wzName, &pwzRollbackData); | 594 | hr = WcaWriteStringToCaData(psu->wzName, &pwzRollbackData); |
| 571 | ExitOnFailure(hr, "Failed to add user name to rollback custom action data: %ls", psu->wzName); | 595 | ExitOnFailure(hr, "Failed to add user name to rollback custom action data: %ls", psu->wzName); |
| 572 | hr = WcaWriteStringToCaData(psu->wzDomain, &pwzRollbackData); | 596 | hr = WcaWriteStringToCaData(psu->wzDomain, &pwzRollbackData); |
| @@ -584,6 +608,12 @@ HRESULT ScaUserExecute( | |||
| 584 | hr = WcaDoDeferredAction(CUSTOM_ACTION_DECORATION(L"CreateUserRollback"), pwzRollbackData, COST_USER_DELETE); | 608 | hr = WcaDoDeferredAction(CUSTOM_ACTION_DECORATION(L"CreateUserRollback"), pwzRollbackData, COST_USER_DELETE); |
| 585 | ExitOnFailure(hr, "failed to schedule CreateUserRollback"); | 609 | ExitOnFailure(hr, "failed to schedule CreateUserRollback"); |
| 586 | } | 610 | } |
| 611 | else | ||
| 612 | { | ||
| 613 | // Write empty script key to CustomActionData since there is no rollback. | ||
| 614 | hr = WcaWriteStringToCaData(L"", &pwzActionData); | ||
| 615 | ExitOnFailure(hr, "Failed to add empty encoding key to custom action data."); | ||
| 616 | } | ||
| 587 | 617 | ||
| 588 | // | 618 | // |
| 589 | // Schedule the creation now. | 619 | // Schedule the creation now. |
| @@ -614,6 +644,7 @@ HRESULT ScaUserExecute( | |||
| 614 | ExitOnFailure(hr, "failed to schedule RemoveUser"); | 644 | ExitOnFailure(hr, "failed to schedule RemoveUser"); |
| 615 | } | 645 | } |
| 616 | 646 | ||
| 647 | ReleaseNullStr(pwzScriptKey); | ||
| 617 | ReleaseNullStr(pwzActionData); | 648 | ReleaseNullStr(pwzActionData); |
| 618 | ReleaseNullStr(pwzRollbackData); | 649 | ReleaseNullStr(pwzRollbackData); |
| 619 | if (pUserInfo) | 650 | if (pUserInfo) |
| @@ -629,6 +660,8 @@ HRESULT ScaUserExecute( | |||
| 629 | } | 660 | } |
| 630 | 661 | ||
| 631 | LExit: | 662 | LExit: |
| 663 | ReleaseStr(pwzBaseScriptKey); | ||
| 664 | ReleaseStr(pwzScriptKey); | ||
| 632 | ReleaseStr(pwzActionData); | 665 | ReleaseStr(pwzActionData); |
| 633 | ReleaseStr(pwzRollbackData); | 666 | ReleaseStr(pwzRollbackData); |
| 634 | if (pUserInfo) | 667 | if (pUserInfo) |