1 files changed, 720 insertions, 0 deletions
diff --git a/src/ext/ComPlus/ca/cpapproleexec.cpp b/src/ext/ComPlus/ca/cpapproleexec.cpp
new file mode 100644
index 00000000..e3b71e93
--- /dev/null
+++ b/src/ext/ComPlus/ca/cpapproleexec.cpp
@@ -0,0 +1,720 @@
+// Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information.
+#include "precomp.h"
+// private structs
+struct CPI_APPLICATION_ROLE_ATTRIBUTES
+{
+    int iActionType;
+    int iActionCost;
+    LPWSTR pwzKey;
+    LPWSTR pwzName;
+    LPWSTR pwzAppID;
+    LPWSTR pwzPartID;
+    CPI_PROPERTY* pPropList;
+};
+struct CPI_USER_IN_APPLICATION_ROLE_ATTRIBUTES
+{
+    int iActionType;
+    int iActionCost;
+    LPWSTR pwzKey;
+    LPWSTR pwzRoleName;
+    LPWSTR pwzAccount;
+    LPWSTR pwzAppID;
+    LPWSTR pwzPartID;
+};
+// prototypes for private helper functions
+static HRESULT ReadApplicationRoleAttributes(
+    LPWSTR* ppwzData,
+    CPI_APPLICATION_ROLE_ATTRIBUTES* pAttrs
+    );
+static void FreeApplicationRoleAttributes(
+    CPI_APPLICATION_ROLE_ATTRIBUTES* pAttrs
+    );
+static HRESULT CreateApplicationRole(
+    CPI_APPLICATION_ROLE_ATTRIBUTES* pAttrs
+    );
+static HRESULT RemoveApplicationRole(
+    CPI_APPLICATION_ROLE_ATTRIBUTES* pAttrs
+    );
+static HRESULT ReadUsersInApplicationRoleAttributes(
+    LPWSTR* ppwzData,
+    CPI_USER_IN_APPLICATION_ROLE_ATTRIBUTES* pAttrs
+    );
+static void FreeUsersInApplicationRoleAttributes(
+    CPI_USER_IN_APPLICATION_ROLE_ATTRIBUTES* pAttrs
+    );
+static HRESULT CreateUsersInApplicationRole(
+    CPI_USER_IN_APPLICATION_ROLE_ATTRIBUTES* pAttrs
+    );
+static HRESULT RemoveUsersInApplicationRole(
+    CPI_USER_IN_APPLICATION_ROLE_ATTRIBUTES* pAttrs
+    );
+// function definitions
+HRESULT CpiConfigureApplicationRoles(
+    LPWSTR* ppwzData,
+    HANDLE hRollbackFile
+    )
+{
+    HRESULT hr = S_OK;
+    CPI_APPLICATION_ROLE_ATTRIBUTES attrs;
+    ::ZeroMemory(&attrs, sizeof(attrs));
+    // read action text
+    hr = CpiActionStartMessage(ppwzData, FALSE);
+    ExitOnFailure(hr, "Failed to send action start message");
+    // ger count
+    int iCnt = 0;
+    hr = WcaReadIntegerFromCaData(ppwzData, &iCnt);
+    ExitOnFailure(hr, "Failed to read count");
+    // write count to rollback file
+    hr = CpiWriteIntegerToRollbackFile(hRollbackFile, iCnt);
+    ExitOnFailure(hr, "Failed to write count to rollback file");
+    for (int i = 0; i < iCnt; i++)
+    {
+        // read attributes from CustomActionData
+        hr = ReadApplicationRoleAttributes(ppwzData, &attrs);
+        ExitOnFailure(hr, "Failed to read attributes");
+        // progress message
+        hr = CpiActionDataMessage(1, attrs.pwzName);
+        ExitOnFailure(hr, "Failed to send progress messages");
+        if (S_FALSE == hr)
+            ExitFunction();
+        // write key to rollback file
+        hr = CpiWriteKeyToRollbackFile(hRollbackFile, attrs.pwzKey);
+        ExitOnFailure(hr, "Failed to write key to rollback file");
+        // action
+        switch (attrs.iActionType)
+        {
+        case atCreate:
+            hr = CreateApplicationRole(&attrs);
+            ExitOnFailure(hr, "Failed to create application role, key: %S", attrs.pwzKey);
+            break;
+        case atRemove:
+            hr = RemoveApplicationRole(&attrs);
+            ExitOnFailure(hr, "Failed to remove application role, key: %S", attrs.pwzKey);
+            break;
+        }
+        // write completion status to rollback file
+        hr = CpiWriteIntegerToRollbackFile(hRollbackFile, 1);
+        ExitOnFailure(hr, "Failed to write completion status to rollback file");
+        // progress
+        hr = WcaProgressMessage(attrs.iActionCost, FALSE);
+        ExitOnFailure(hr, "Failed to update progress");
+    }
+    hr = S_OK;
+LExit:
+    // clean up
+    FreeApplicationRoleAttributes(&attrs);
+    return hr;
+}
+HRESULT CpiRollbackConfigureApplicationRoles(
+    LPWSTR* ppwzData,
+    CPI_ROLLBACK_DATA* pRollbackDataList
+    )
+{
+    HRESULT hr = S_OK;
+    int iRollbackStatus;
+    CPI_APPLICATION_ROLE_ATTRIBUTES attrs;
+    ::ZeroMemory(&attrs, sizeof(attrs));
+    // read action text
+    hr = CpiActionStartMessage(ppwzData, NULL == pRollbackDataList);
+    ExitOnFailure(hr, "Failed to send action start message");
+    // get count
+    int iCnt = 0;
+    hr = WcaReadIntegerFromCaData(ppwzData, &iCnt);
+    ExitOnFailure(hr, "Failed to read count");
+    for (int i = 0; i < iCnt; i++)
+    {
+        // read attributes from CustomActionData
+        hr = ReadApplicationRoleAttributes(ppwzData, &attrs);
+        ExitOnFailure(hr, "Failed to read attributes");
+        // rollback status
+        hr = CpiFindRollbackStatus(pRollbackDataList, attrs.pwzKey, &iRollbackStatus);
+        if (S_FALSE == hr)
+            continue; // not found, nothing to rollback
+        // progress message
+        hr = CpiActionDataMessage(1, attrs.pwzName);
+        ExitOnFailure(hr, "Failed to send progress messages");
+        if (S_FALSE == hr)
+            ExitFunction();
+        // action
+        switch (attrs.iActionType)
+        {
+        case atCreate:
+            hr = CreateApplicationRole(&attrs);
+            if (FAILED(hr))
+                WcaLog(LOGMSG_STANDARD, "Failed to create application role, hr: 0x%x, key: %S", hr, attrs.pwzKey);
+            break;
+        case atRemove:
+            hr = RemoveApplicationRole(&attrs);
+            if (FAILED(hr))
+                WcaLog(LOGMSG_STANDARD, "Failed to remove application role, hr: 0x%x, key: %S", hr, attrs.pwzKey);
+            break;
+        }
+        // check rollback status
+        if (0 == iRollbackStatus)
+            continue; // operation did not complete, skip progress
+        // progress
+        hr = WcaProgressMessage(attrs.iActionCost, FALSE);
+        ExitOnFailure(hr, "Failed to update progress");
+    }
+    hr = S_OK;
+LExit:
+    // clean up
+    FreeApplicationRoleAttributes(&attrs);
+    return hr;
+}
+HRESULT CpiConfigureUsersInApplicationRoles(
+    LPWSTR* ppwzData,
+    HANDLE hRollbackFile
+    )
+{
+    HRESULT hr = S_OK;
+    CPI_USER_IN_APPLICATION_ROLE_ATTRIBUTES attrs;
+    ::ZeroMemory(&attrs, sizeof(attrs));
+    // read action text
+    hr = CpiActionStartMessage(ppwzData, FALSE);
+    ExitOnFailure(hr, "Failed to send action start message");
+    // ger count
+    int iCnt = 0;
+    hr = WcaReadIntegerFromCaData(ppwzData, &iCnt);
+    ExitOnFailure(hr, "Failed to read count");
+    // write count to rollback file
+    hr = CpiWriteIntegerToRollbackFile(hRollbackFile, iCnt);
+    ExitOnFailure(hr, "Failed to write count to rollback file");
+    for (int i = 0; i < iCnt; i++)
+    {
+        // read attributes from CustomActionData
+        hr = ReadUsersInApplicationRoleAttributes(ppwzData, &attrs);
+        ExitOnFailure(hr, "Failed to read attributes");
+        // progress message
+        hr = CpiActionDataMessage(1, attrs.pwzRoleName);
+        ExitOnFailure(hr, "Failed to send progress messages");
+        if (S_FALSE == hr)
+            ExitFunction();
+        // write key to rollback file
+        hr = CpiWriteKeyToRollbackFile(hRollbackFile, attrs.pwzKey);
+        ExitOnFailure(hr, "Failed to write key to rollback file");
+        // action
+        switch (attrs.iActionType)
+        {
+        case atCreate:
+            hr = CreateUsersInApplicationRole(&attrs);
+            ExitOnFailure(hr, "Failed to create user in application role, key: %S", attrs.pwzKey);
+            break;
+        case atRemove:
+            hr = RemoveUsersInApplicationRole(&attrs);
+            ExitOnFailure(hr, "Failed to remove user from application role, key: %S", attrs.pwzKey);
+            break;
+        }
+        // write completion status to rollback file
+        hr = CpiWriteIntegerToRollbackFile(hRollbackFile, 1);
+        ExitOnFailure(hr, "Failed to write completion status to rollback file");
+        // progress
+        hr = WcaProgressMessage(attrs.iActionCost, FALSE);
+        ExitOnFailure(hr, "Failed to update progress");
+    }
+    hr = S_OK;
+LExit:
+    // clean up
+    FreeUsersInApplicationRoleAttributes(&attrs);
+    return hr;
+}
+HRESULT CpiRollbackConfigureUsersInApplicationRoles(
+    LPWSTR* ppwzData,
+    CPI_ROLLBACK_DATA* pRollbackDataList
+    )
+{
+    HRESULT hr = S_OK;
+    int iRollbackStatus;
+    CPI_USER_IN_APPLICATION_ROLE_ATTRIBUTES attrs;
+    ::ZeroMemory(&attrs, sizeof(attrs));
+    // read action text
+    hr = CpiActionStartMessage(ppwzData, NULL == pRollbackDataList);
+    ExitOnFailure(hr, "Failed to send action start message");
+    // get count
+    int iCnt = 0;
+    hr = WcaReadIntegerFromCaData(ppwzData, &iCnt);
+    ExitOnFailure(hr, "Failed to read count");
+    for (int i = 0; i < iCnt; i++)
+    {
+        // read attributes from CustomActionData
+        hr = ReadUsersInApplicationRoleAttributes(ppwzData, &attrs);
+        ExitOnFailure(hr, "Failed to read attributes");
+        // rollback status
+        hr = CpiFindRollbackStatus(pRollbackDataList, attrs.pwzKey, &iRollbackStatus);
+        if (S_FALSE == hr)
+            continue; // not found, nothing to rollback
+        // progress message
+        hr = CpiActionDataMessage(1, attrs.pwzRoleName);
+        ExitOnFailure(hr, "Failed to send progress messages");
+        if (S_FALSE == hr)
+            ExitFunction();
+        // action
+        switch (attrs.iActionType)
+        {
+        case atCreate:
+            hr = CreateUsersInApplicationRole(&attrs);
+            if (FAILED(hr))
+                WcaLog(LOGMSG_STANDARD, "Failed to add user to application role, hr: 0x%x, key: %S", hr, attrs.pwzKey);
+            break;
+        case atRemove:
+            hr = RemoveUsersInApplicationRole(&attrs);
+            if (FAILED(hr))
+                WcaLog(LOGMSG_STANDARD, "Failed to remove user from application role, hr: 0x%x, key: %S", hr, attrs.pwzKey);
+            break;
+        }
+        // check rollback status
+        if (0 == iRollbackStatus)
+            continue; // operation did not complete, skip progress
+        // progress
+        hr = WcaProgressMessage(attrs.iActionCost, FALSE);
+        ExitOnFailure(hr, "Failed to update progress");
+    }
+    hr = S_OK;
+LExit:
+    // clean up
+    FreeUsersInApplicationRoleAttributes(&attrs);
+    return hr;
+}
+// helper function definitions
+static HRESULT ReadApplicationRoleAttributes(
+    LPWSTR* ppwzData,
+    CPI_APPLICATION_ROLE_ATTRIBUTES* pAttrs
+    )
+{
+    HRESULT hr = S_OK;
+    hr = WcaReadIntegerFromCaData(ppwzData, &pAttrs->iActionType);
+    ExitOnFailure(hr, "Failed to read action type");
+    hr = WcaReadIntegerFromCaData(ppwzData, &pAttrs->iActionCost);
+    ExitOnFailure(hr, "Failed to read action cost");
+    hr = WcaReadStringFromCaData(ppwzData, &pAttrs->pwzKey);
+    ExitOnFailure(hr, "Failed to read key");
+    hr = WcaReadStringFromCaData(ppwzData, &pAttrs->pwzName);
+    ExitOnFailure(hr, "Failed to read name");
+    hr = WcaReadStringFromCaData(ppwzData, &pAttrs->pwzAppID);
+    ExitOnFailure(hr, "Failed to read application id");
+    hr = WcaReadStringFromCaData(ppwzData, &pAttrs->pwzPartID);
+    ExitOnFailure(hr, "Failed to read partition id");
+    hr = CpiReadPropertyList(ppwzData, &pAttrs->pPropList);
+    ExitOnFailure(hr, "Failed to read properties");
+    hr = S_OK;
+LExit:
+    return hr;
+}
+static void FreeApplicationRoleAttributes(
+    CPI_APPLICATION_ROLE_ATTRIBUTES* pAttrs
+    )
+{
+    ReleaseStr(pAttrs->pwzKey);
+    ReleaseStr(pAttrs->pwzName);
+    ReleaseStr(pAttrs->pwzAppID);
+    ReleaseStr(pAttrs->pwzPartID);
+    if (pAttrs->pPropList)
+        CpiFreePropertyList(pAttrs->pPropList);
+}
+static HRESULT CreateApplicationRole(
+    CPI_APPLICATION_ROLE_ATTRIBUTES* pAttrs
+    )
+{
+    HRESULT hr = S_OK;
+    ICatalogCollection* piRolesColl = NULL;
+    ICatalogObject* piRoleObj = NULL;
+    long lChanges = 0;
+    // log
+    WcaLog(LOGMSG_VERBOSE, "Creating application role, key: %S", pAttrs->pwzKey);
+    // get roles collection
+    hr = CpiGetRolesCollection(pAttrs->pwzPartID, pAttrs->pwzAppID, &piRolesColl);
+    if (S_FALSE == hr)
+        hr = HRESULT_FROM_WIN32(ERROR_NOT_FOUND);
+    ExitOnFailure(hr, "Failed to get roles collection");
+    // check if role exists
+    hr = CpiFindCollectionObjectByName(piRolesColl, pAttrs->pwzName, &piRoleObj);
+    ExitOnFailure(hr, "Failed to find role");
+    if (S_FALSE == hr)
+    {
+        // create role
+        hr = CpiAddCollectionObject(piRolesColl, &piRoleObj);
+        ExitOnFailure(hr, "Failed to add role to collection");
+        hr = CpiPutCollectionObjectValue(piRoleObj, L"Name", pAttrs->pwzName);
+        ExitOnFailure(hr, "Failed to set role name property");
+    }
+    // properties
+    hr = CpiPutCollectionObjectValues(piRoleObj, pAttrs->pPropList);
+    ExitOnFailure(hr, "Failed to write properties");
+    // save changes
+    hr = piRolesColl->SaveChanges(&lChanges);
+    if (COMADMIN_E_OBJECTERRORS == hr)
+        CpiLogCatalogErrorInfo();
+    ExitOnFailure(hr, "Failed to save changes");
+    // log
+    WcaLog(LOGMSG_VERBOSE, "%d changes saved to catalog, key: %S", lChanges, pAttrs->pwzKey);
+    hr = S_OK;
+LExit:
+    // clean up
+    ReleaseObject(piRolesColl);
+    ReleaseObject(piRoleObj);
+    return hr;
+}
+static HRESULT RemoveApplicationRole(
+    CPI_APPLICATION_ROLE_ATTRIBUTES* pAttrs
+    )
+{
+    HRESULT hr = S_OK;
+    ICatalogCollection* piRolesColl = NULL;
+    long lChanges = 0;
+    // log
+    WcaLog(LOGMSG_VERBOSE, "Removing application role, key: %S", pAttrs->pwzKey);
+    // get roles collection
+    hr = CpiGetRolesCollection(pAttrs->pwzPartID, pAttrs->pwzAppID, &piRolesColl);
+    ExitOnFailure(hr, "Failed to get roles collection");
+    if (S_FALSE == hr)
+    {
+        // roles collection not found
+        WcaLog(LOGMSG_VERBOSE, "Unable to retrieve roles collection, nothing to delete, key: %S", pAttrs->pwzKey);
+        ExitFunction1(hr = S_OK);
+    }
+    // remove
+    hr = CpiRemoveCollectionObject(piRolesColl, NULL, pAttrs->pwzName, FALSE);
+    ExitOnFailure(hr, "Failed to remove role");
+    if (S_FALSE == hr)
+    {
+        // role not found
+        WcaLog(LOGMSG_VERBOSE, "Role not found, nothing to delete, key: %S", pAttrs->pwzKey);
+        ExitFunction1(hr = S_OK);
+    }
+    // save changes
+    hr = piRolesColl->SaveChanges(&lChanges);
+    if (COMADMIN_E_OBJECTERRORS == hr)
+        CpiLogCatalogErrorInfo();
+    ExitOnFailure(hr, "Failed to save changes");
+    // log
+    WcaLog(LOGMSG_VERBOSE, "%d changes saved to catalog, key: %S", lChanges, pAttrs->pwzKey);
+    hr = S_OK;
+LExit:
+    // clean up
+    ReleaseObject(piRolesColl);
+    return hr;
+}
+static HRESULT ReadUsersInApplicationRoleAttributes(
+    LPWSTR* ppwzData,
+    CPI_USER_IN_APPLICATION_ROLE_ATTRIBUTES* pAttrs
+    )
+{
+    HRESULT hr = S_OK;
+    hr = WcaReadIntegerFromCaData(ppwzData, &pAttrs->iActionType);
+    ExitOnFailure(hr, "Failed to read action type");
+    hr = WcaReadIntegerFromCaData(ppwzData, &pAttrs->iActionCost);
+    ExitOnFailure(hr, "Failed to read action cost");
+    hr = WcaReadStringFromCaData(ppwzData, &pAttrs->pwzKey);
+    ExitOnFailure(hr, "Failed to read key");
+    hr = WcaReadStringFromCaData(ppwzData, &pAttrs->pwzRoleName);
+    ExitOnFailure(hr, "Failed to read role name");
+    hr = WcaReadStringFromCaData(ppwzData, &pAttrs->pwzAccount);
+    ExitOnFailure(hr, "Failed to read account name");
+    hr = WcaReadStringFromCaData(ppwzData, &pAttrs->pwzAppID);
+    ExitOnFailure(hr, "Failed to read application id");
+    hr = WcaReadStringFromCaData(ppwzData, &pAttrs->pwzPartID);
+    ExitOnFailure(hr, "Failed to read partition id");
+    hr = S_OK;
+LExit:
+    return hr;
+}
+static void FreeUsersInApplicationRoleAttributes(
+    CPI_USER_IN_APPLICATION_ROLE_ATTRIBUTES* pAttrs
+    )
+{
+    ReleaseStr(pAttrs->pwzKey);
+    ReleaseStr(pAttrs->pwzRoleName);
+    ReleaseStr(pAttrs->pwzAccount);
+    ReleaseStr(pAttrs->pwzAppID);
+    ReleaseStr(pAttrs->pwzPartID);
+}
+static HRESULT CreateUsersInApplicationRole(
+    CPI_USER_IN_APPLICATION_ROLE_ATTRIBUTES* pAttrs
+    )
+{
+    HRESULT hr = S_OK;
+    UINT er = ERROR_SUCCESS;
+    ICatalogCollection* piUsrInRoleColl = NULL;
+    ICatalogObject* piUsrInRoleObj = NULL;
+    PSID pSid = NULL;
+    long lChanges = 0;
+    // log
+    WcaLog(LOGMSG_VERBOSE, "Adding user to application role, key: %S", pAttrs->pwzKey);
+    // get users in role collection
+    hr = CpiGetUsersInRoleCollection(pAttrs->pwzPartID, pAttrs->pwzAppID, pAttrs->pwzRoleName, &piUsrInRoleColl);
+    if (S_FALSE == hr)
+        hr = HRESULT_FROM_WIN32(ERROR_NOT_FOUND);
+    ExitOnFailure(hr, "Failed to get users in role collection");
+    // get SID for account
+    do {
+        er = ERROR_SUCCESS;
+        hr = CpiAccountNameToSid(pAttrs->pwzAccount, &pSid);
+        if (HRESULT_FROM_WIN32(ERROR_NONE_MAPPED) == hr && !::MsiGetMode(WcaGetInstallHandle(), MSIRUNMODE_ROLLBACK))
+        {
+            WcaLog(LOGMSG_STANDARD, "Failed to lookup account name, hr: 0x%x, account: '%S'", hr, pAttrs->pwzAccount);
+            er = WcaErrorMessage(msierrComPlusFailedLookupNames, hr, INSTALLMESSAGE_ERROR | MB_ABORTRETRYIGNORE, 0);
+            switch (er)
+            {
+            case IDABORT:
+                ExitFunction(); // exit with error code from CpiAccountNameToSid()
+            case IDRETRY:
+                break;
+            case IDIGNORE:
+            default:
+                ExitFunction1(hr = S_OK);
+            }
+        }
+        else
+            ExitOnFailure(hr, "Failed to get SID for account");
+    } while (IDRETRY == er);
+    // find any existing entry
+    hr = CpiFindUserCollectionObject(piUsrInRoleColl, pSid, NULL);
+    if (HRESULT_FROM_WIN32(ERROR_NONE_MAPPED) == hr || HRESULT_FROM_WIN32(ERROR_SOME_NOT_MAPPED) == hr)
+        WcaLog(LOGMSG_STANDARD, "Failed to lookup account names, hr: 0x%x", hr);
+    else
+        ExitOnFailure(hr, "Failed to find user in application role");
+    if (S_OK == hr)
+    {
+        WcaLog(LOGMSG_VERBOSE, "User already assigned to application role, key: %S", pAttrs->pwzKey);
+        ExitFunction(); // exit with hr = S_OK
+    }
+    // convert SID back to account name
+    hr = CpiSidToAccountName(pSid, &pAttrs->pwzAccount);
+    ExitOnFailure(hr, "Failed to convert SID to account name");
+    // add user
+    hr = CpiAddCollectionObject(piUsrInRoleColl, &piUsrInRoleObj);
+    ExitOnFailure(hr, "Failed to add user in role to collection");
+    hr = CpiPutCollectionObjectValue(piUsrInRoleObj, L"User", pAttrs->pwzAccount);
+    ExitOnFailure(hr, "Failed to set role name property");
+    // save changes
+    hr = piUsrInRoleColl->SaveChanges(&lChanges);
+    if (COMADMIN_E_OBJECTERRORS == hr)
+        CpiLogCatalogErrorInfo();
+    ExitOnFailure(hr, "Failed to save changes");
+    // log
+    WcaLog(LOGMSG_VERBOSE, "%d changes saved to catalog, key: %S", lChanges, pAttrs->pwzKey);
+    hr = S_OK;
+LExit:
+    // clean up
+    ReleaseObject(piUsrInRoleColl);
+    ReleaseObject(piUsrInRoleObj);
+    if (pSid)
+        ::HeapFree(::GetProcessHeap(), 0, pSid);
+    return hr;
+}
+static HRESULT RemoveUsersInApplicationRole(
+    CPI_USER_IN_APPLICATION_ROLE_ATTRIBUTES* pAttrs
+    )
+{
+    HRESULT hr = S_OK;
+    UINT er = ERROR_SUCCESS;
+    ICatalogCollection* piUsrInRoleColl = NULL;
+    PSID pSid = NULL;
+    long lChanges = 0;
+    // log
+    WcaLog(LOGMSG_VERBOSE, "Removing user from application role, key: %S", pAttrs->pwzKey);
+    // get users in role collection
+    hr = CpiGetUsersInRoleCollection(pAttrs->pwzPartID, pAttrs->pwzAppID, pAttrs->pwzRoleName, &piUsrInRoleColl);
+    ExitOnFailure(hr, "Failed to get users in role collection");
+    if (S_FALSE == hr)
+    {
+        // users in role collection not found
+        WcaLog(LOGMSG_VERBOSE, "Unable to retrieve users in role collection, nothing to delete, key: %S", pAttrs->pwzKey);
+        ExitFunction1(hr = S_OK);
+    }
+    // get SID for account
+    do {
+        er = ERROR_SUCCESS;
+        hr = CpiAccountNameToSid(pAttrs->pwzAccount, &pSid);
+        if (HRESULT_FROM_WIN32(ERROR_NONE_MAPPED) == hr && !::MsiGetMode(WcaGetInstallHandle(), MSIRUNMODE_ROLLBACK))
+        {
+            WcaLog(LOGMSG_STANDARD, "Failed to lookup account name, hr: 0x%x, account: '%S'", hr, pAttrs->pwzAccount);
+            er = WcaErrorMessage(msierrComPlusFailedLookupNames, hr, INSTALLMESSAGE_ERROR | MB_ABORTRETRYIGNORE, 0);
+            switch (er)
+            {
+            case IDABORT:
+                ExitFunction(); // exit with error code from CpiAccountNameToSid()
+            case IDRETRY:
+                break;
+            case IDIGNORE:
+            default:
+                ExitFunction1(hr = S_OK);
+            }
+        }
+        else
+            ExitOnFailure(hr, "Failed to get SID for account");
+    } while (IDRETRY == er);
+    // remove
+    hr = CpiRemoveUserCollectionObject(piUsrInRoleColl, pSid);
+    if (HRESULT_FROM_WIN32(ERROR_NONE_MAPPED) == hr || HRESULT_FROM_WIN32(ERROR_SOME_NOT_MAPPED) == hr)
+    {
+        WcaLog(LOGMSG_STANDARD, "Failed to lookup account names, hr: 0x%x", hr);
+        hr = S_FALSE;
+    }
+    else
+        ExitOnFailure(hr, "Failed to remove user");
+    if (S_FALSE == hr)
+    {
+        // role not found
+        WcaLog(LOGMSG_VERBOSE, "User not found for application role, nothing to delete, key: %S", pAttrs->pwzKey);
+        ExitFunction1(hr = S_OK);
+    }
+    // save changes
+    hr = piUsrInRoleColl->SaveChanges(&lChanges);
+    if (COMADMIN_E_OBJECTERRORS == hr)
+        CpiLogCatalogErrorInfo();
+    ExitOnFailure(hr, "Failed to save changes");
+    // log
+    WcaLog(LOGMSG_VERBOSE, "%d changes saved to catalog, key: %S", lChanges, pAttrs->pwzKey);
+    hr = S_OK;
+LExit:
+    // clean up
+    ReleaseObject(piUsrInRoleColl);
+    if (pSid)
+        ::HeapFree(::GetProcessHeap(), 0, pSid);
+    return hr;
+}

diff --git a/src/ext/ComPlus/ca/cpapproleexec.cpp b/src/ext/ComPlus/ca/cpapproleexec.cpp new file mode 100644 index 00000000..e3b71e93 --- /dev/null +++ b/src/ext/ComPlus/ca/cpapproleexec.cpp
@@ -0,0 +1,720 @@
	1	// Copyright (c) .NET Foundation and contributors. All rights reserved. Licensed under the Microsoft Reciprocal License. See LICENSE.TXT file in the project root for full license information.
	2
	3	#include "precomp.h"
	4
	5
	6	// private structs
	7
	8	struct CPI_APPLICATION_ROLE_ATTRIBUTES
	9	{
	10	int iActionType;
	11	int iActionCost;
	12	LPWSTR pwzKey;
	13	LPWSTR pwzName;
	14	LPWSTR pwzAppID;
	15	LPWSTR pwzPartID;
	16	CPI_PROPERTY* pPropList;
	17	};
	18
	19	struct CPI_USER_IN_APPLICATION_ROLE_ATTRIBUTES
	20	{
	21	int iActionType;
	22	int iActionCost;
	23	LPWSTR pwzKey;
	24	LPWSTR pwzRoleName;
	25	LPWSTR pwzAccount;
	26	LPWSTR pwzAppID;
	27	LPWSTR pwzPartID;
	28	};
	29
	30
	31	// prototypes for private helper functions
	32
	33	static HRESULT ReadApplicationRoleAttributes(
	34	LPWSTR* ppwzData,
	35	CPI_APPLICATION_ROLE_ATTRIBUTES* pAttrs
	36	);
	37	static void FreeApplicationRoleAttributes(
	38	CPI_APPLICATION_ROLE_ATTRIBUTES* pAttrs
	39	);
	40	static HRESULT CreateApplicationRole(
	41	CPI_APPLICATION_ROLE_ATTRIBUTES* pAttrs
	42	);
	43	static HRESULT RemoveApplicationRole(
	44	CPI_APPLICATION_ROLE_ATTRIBUTES* pAttrs
	45	);
	46	static HRESULT ReadUsersInApplicationRoleAttributes(
	47	LPWSTR* ppwzData,
	48	CPI_USER_IN_APPLICATION_ROLE_ATTRIBUTES* pAttrs
	49	);
	50	static void FreeUsersInApplicationRoleAttributes(
	51	CPI_USER_IN_APPLICATION_ROLE_ATTRIBUTES* pAttrs
	52	);
	53	static HRESULT CreateUsersInApplicationRole(
	54	CPI_USER_IN_APPLICATION_ROLE_ATTRIBUTES* pAttrs
	55	);
	56	static HRESULT RemoveUsersInApplicationRole(
	57	CPI_USER_IN_APPLICATION_ROLE_ATTRIBUTES* pAttrs
	58	);
	59
	60
	61	// function definitions
	62
	63	HRESULT CpiConfigureApplicationRoles(
	64	LPWSTR* ppwzData,
	65	HANDLE hRollbackFile
	66	)
	67	{
	68	HRESULT hr = S_OK;
	69
	70	CPI_APPLICATION_ROLE_ATTRIBUTES attrs;
	71	::ZeroMemory(&attrs, sizeof(attrs));
	72
	73	// read action text
	74	hr = CpiActionStartMessage(ppwzData, FALSE);
	75	ExitOnFailure(hr, "Failed to send action start message");
	76
	77	// ger count
	78	int iCnt = 0;
	79	hr = WcaReadIntegerFromCaData(ppwzData, &iCnt);
	80	ExitOnFailure(hr, "Failed to read count");
	81
	82	// write count to rollback file
	83	hr = CpiWriteIntegerToRollbackFile(hRollbackFile, iCnt);
	84	ExitOnFailure(hr, "Failed to write count to rollback file");
	85
	86	for (int i = 0; i < iCnt; i++)
	87	{
	88	// read attributes from CustomActionData
	89	hr = ReadApplicationRoleAttributes(ppwzData, &attrs);
	90	ExitOnFailure(hr, "Failed to read attributes");
	91
	92	// progress message
	93	hr = CpiActionDataMessage(1, attrs.pwzName);
	94	ExitOnFailure(hr, "Failed to send progress messages");
	95
	96	if (S_FALSE == hr)
	97	ExitFunction();
	98
	99	// write key to rollback file
	100	hr = CpiWriteKeyToRollbackFile(hRollbackFile, attrs.pwzKey);
	101	ExitOnFailure(hr, "Failed to write key to rollback file");
	102
	103	// action
	104	switch (attrs.iActionType)
	105	{
	106	case atCreate:
	107	hr = CreateApplicationRole(&attrs);
	108	ExitOnFailure(hr, "Failed to create application role, key: %S", attrs.pwzKey);
	109	break;
	110	case atRemove:
	111	hr = RemoveApplicationRole(&attrs);
	112	ExitOnFailure(hr, "Failed to remove application role, key: %S", attrs.pwzKey);
	113	break;
	114	}
	115
	116	// write completion status to rollback file
	117	hr = CpiWriteIntegerToRollbackFile(hRollbackFile, 1);
	118	ExitOnFailure(hr, "Failed to write completion status to rollback file");
	119
	120	// progress
	121	hr = WcaProgressMessage(attrs.iActionCost, FALSE);
	122	ExitOnFailure(hr, "Failed to update progress");
	123	}
	124
	125	hr = S_OK;
	126
	127	LExit:
	128	// clean up
	129	FreeApplicationRoleAttributes(&attrs);
	130
	131	return hr;
	132	}
	133
	134	HRESULT CpiRollbackConfigureApplicationRoles(
	135	LPWSTR* ppwzData,
	136	CPI_ROLLBACK_DATA* pRollbackDataList
	137	)
	138	{
	139	HRESULT hr = S_OK;
	140
	141	int iRollbackStatus;
	142
	143	CPI_APPLICATION_ROLE_ATTRIBUTES attrs;
	144	::ZeroMemory(&attrs, sizeof(attrs));
	145
	146	// read action text
	147	hr = CpiActionStartMessage(ppwzData, NULL == pRollbackDataList);
	148	ExitOnFailure(hr, "Failed to send action start message");
	149
	150	// get count
	151	int iCnt = 0;
	152	hr = WcaReadIntegerFromCaData(ppwzData, &iCnt);
	153	ExitOnFailure(hr, "Failed to read count");
	154
	155	for (int i = 0; i < iCnt; i++)
	156	{
	157	// read attributes from CustomActionData
	158	hr = ReadApplicationRoleAttributes(ppwzData, &attrs);
	159	ExitOnFailure(hr, "Failed to read attributes");
	160
	161	// rollback status
	162	hr = CpiFindRollbackStatus(pRollbackDataList, attrs.pwzKey, &iRollbackStatus);
	163
	164	if (S_FALSE == hr)
	165	continue; // not found, nothing to rollback
	166
	167	// progress message
	168	hr = CpiActionDataMessage(1, attrs.pwzName);
	169	ExitOnFailure(hr, "Failed to send progress messages");
	170
	171	if (S_FALSE == hr)
	172	ExitFunction();
	173
	174	// action
	175	switch (attrs.iActionType)
	176	{
	177	case atCreate:
	178	hr = CreateApplicationRole(&attrs);
	179	if (FAILED(hr))
	180	WcaLog(LOGMSG_STANDARD, "Failed to create application role, hr: 0x%x, key: %S", hr, attrs.pwzKey);
	181	break;
	182	case atRemove:
	183	hr = RemoveApplicationRole(&attrs);
	184	if (FAILED(hr))
	185	WcaLog(LOGMSG_STANDARD, "Failed to remove application role, hr: 0x%x, key: %S", hr, attrs.pwzKey);
	186	break;
	187	}
	188
	189	// check rollback status
	190	if (0 == iRollbackStatus)
	191	continue; // operation did not complete, skip progress
	192
	193	// progress
	194	hr = WcaProgressMessage(attrs.iActionCost, FALSE);
	195	ExitOnFailure(hr, "Failed to update progress");
	196	}
	197
	198	hr = S_OK;
	199
	200	LExit:
	201	// clean up
	202	FreeApplicationRoleAttributes(&attrs);
	203
	204	return hr;
	205	}
	206
	207	HRESULT CpiConfigureUsersInApplicationRoles(
	208	LPWSTR* ppwzData,
	209	HANDLE hRollbackFile
	210	)
	211	{
	212	HRESULT hr = S_OK;
	213
	214	CPI_USER_IN_APPLICATION_ROLE_ATTRIBUTES attrs;
	215	::ZeroMemory(&attrs, sizeof(attrs));
	216
	217	// read action text
	218	hr = CpiActionStartMessage(ppwzData, FALSE);
	219	ExitOnFailure(hr, "Failed to send action start message");
	220
	221	// ger count
	222	int iCnt = 0;
	223	hr = WcaReadIntegerFromCaData(ppwzData, &iCnt);
	224	ExitOnFailure(hr, "Failed to read count");
	225
	226	// write count to rollback file
	227	hr = CpiWriteIntegerToRollbackFile(hRollbackFile, iCnt);
	228	ExitOnFailure(hr, "Failed to write count to rollback file");
	229
	230	for (int i = 0; i < iCnt; i++)
	231	{
	232	// read attributes from CustomActionData
	233	hr = ReadUsersInApplicationRoleAttributes(ppwzData, &attrs);
	234	ExitOnFailure(hr, "Failed to read attributes");
	235
	236	// progress message
	237	hr = CpiActionDataMessage(1, attrs.pwzRoleName);
	238	ExitOnFailure(hr, "Failed to send progress messages");
	239
	240	if (S_FALSE == hr)
	241	ExitFunction();
	242
	243	// write key to rollback file
	244	hr = CpiWriteKeyToRollbackFile(hRollbackFile, attrs.pwzKey);
	245	ExitOnFailure(hr, "Failed to write key to rollback file");
	246
	247	// action
	248	switch (attrs.iActionType)
	249	{
	250	case atCreate:
	251	hr = CreateUsersInApplicationRole(&attrs);
	252	ExitOnFailure(hr, "Failed to create user in application role, key: %S", attrs.pwzKey);
	253	break;
	254	case atRemove:
	255	hr = RemoveUsersInApplicationRole(&attrs);
	256	ExitOnFailure(hr, "Failed to remove user from application role, key: %S", attrs.pwzKey);
	257	break;
	258	}
	259
	260	// write completion status to rollback file
	261	hr = CpiWriteIntegerToRollbackFile(hRollbackFile, 1);
	262	ExitOnFailure(hr, "Failed to write completion status to rollback file");
	263
	264	// progress
	265	hr = WcaProgressMessage(attrs.iActionCost, FALSE);
	266	ExitOnFailure(hr, "Failed to update progress");
	267	}
	268
	269	hr = S_OK;
	270
	271	LExit:
	272	// clean up
	273	FreeUsersInApplicationRoleAttributes(&attrs);
	274
	275	return hr;
	276	}
	277
	278	HRESULT CpiRollbackConfigureUsersInApplicationRoles(
	279	LPWSTR* ppwzData,
	280	CPI_ROLLBACK_DATA* pRollbackDataList
	281	)
	282	{
	283	HRESULT hr = S_OK;
	284
	285	int iRollbackStatus;
	286
	287	CPI_USER_IN_APPLICATION_ROLE_ATTRIBUTES attrs;
	288	::ZeroMemory(&attrs, sizeof(attrs));
	289
	290	// read action text
	291	hr = CpiActionStartMessage(ppwzData, NULL == pRollbackDataList);
	292	ExitOnFailure(hr, "Failed to send action start message");
	293
	294	// get count
	295	int iCnt = 0;
	296	hr = WcaReadIntegerFromCaData(ppwzData, &iCnt);
	297	ExitOnFailure(hr, "Failed to read count");
	298
	299	for (int i = 0; i < iCnt; i++)
	300	{
	301	// read attributes from CustomActionData
	302	hr = ReadUsersInApplicationRoleAttributes(ppwzData, &attrs);
	303	ExitOnFailure(hr, "Failed to read attributes");
	304
	305	// rollback status
	306	hr = CpiFindRollbackStatus(pRollbackDataList, attrs.pwzKey, &iRollbackStatus);
	307
	308	if (S_FALSE == hr)
	309	continue; // not found, nothing to rollback
	310
	311	// progress message
	312	hr = CpiActionDataMessage(1, attrs.pwzRoleName);
	313	ExitOnFailure(hr, "Failed to send progress messages");
	314
	315	if (S_FALSE == hr)
	316	ExitFunction();
	317
	318	// action
	319	switch (attrs.iActionType)
	320	{
	321	case atCreate:
	322	hr = CreateUsersInApplicationRole(&attrs);
	323	if (FAILED(hr))
	324	WcaLog(LOGMSG_STANDARD, "Failed to add user to application role, hr: 0x%x, key: %S", hr, attrs.pwzKey);
	325	break;
	326	case atRemove:
	327	hr = RemoveUsersInApplicationRole(&attrs);
	328	if (FAILED(hr))
	329	WcaLog(LOGMSG_STANDARD, "Failed to remove user from application role, hr: 0x%x, key: %S", hr, attrs.pwzKey);
	330	break;
	331	}
	332
	333	// check rollback status
	334	if (0 == iRollbackStatus)
	335	continue; // operation did not complete, skip progress
	336
	337	// progress
	338	hr = WcaProgressMessage(attrs.iActionCost, FALSE);
	339	ExitOnFailure(hr, "Failed to update progress");
	340	}
	341
	342	hr = S_OK;
	343
	344	LExit:
	345	// clean up
	346	FreeUsersInApplicationRoleAttributes(&attrs);
	347
	348	return hr;
	349	}
	350
	351
	352	// helper function definitions
	353
	354	static HRESULT ReadApplicationRoleAttributes(
	355	LPWSTR* ppwzData,
	356	CPI_APPLICATION_ROLE_ATTRIBUTES* pAttrs
	357	)
	358	{
	359	HRESULT hr = S_OK;
	360
	361	hr = WcaReadIntegerFromCaData(ppwzData, &pAttrs->iActionType);
	362	ExitOnFailure(hr, "Failed to read action type");
	363	hr = WcaReadIntegerFromCaData(ppwzData, &pAttrs->iActionCost);
	364	ExitOnFailure(hr, "Failed to read action cost");
	365	hr = WcaReadStringFromCaData(ppwzData, &pAttrs->pwzKey);
	366	ExitOnFailure(hr, "Failed to read key");
	367	hr = WcaReadStringFromCaData(ppwzData, &pAttrs->pwzName);
	368	ExitOnFailure(hr, "Failed to read name");
	369	hr = WcaReadStringFromCaData(ppwzData, &pAttrs->pwzAppID);
	370	ExitOnFailure(hr, "Failed to read application id");
	371	hr = WcaReadStringFromCaData(ppwzData, &pAttrs->pwzPartID);
	372	ExitOnFailure(hr, "Failed to read partition id");
	373	hr = CpiReadPropertyList(ppwzData, &pAttrs->pPropList);
	374	ExitOnFailure(hr, "Failed to read properties");
	375
	376	hr = S_OK;
	377
	378	LExit:
	379	return hr;
	380	}
	381
	382	static void FreeApplicationRoleAttributes(
	383	CPI_APPLICATION_ROLE_ATTRIBUTES* pAttrs
	384	)
	385	{
	386	ReleaseStr(pAttrs->pwzKey);
	387	ReleaseStr(pAttrs->pwzName);
	388	ReleaseStr(pAttrs->pwzAppID);
	389	ReleaseStr(pAttrs->pwzPartID);
	390
	391	if (pAttrs->pPropList)
	392	CpiFreePropertyList(pAttrs->pPropList);
	393	}
	394
	395	static HRESULT CreateApplicationRole(
	396	CPI_APPLICATION_ROLE_ATTRIBUTES* pAttrs
	397	)
	398	{
	399	HRESULT hr = S_OK;
	400
	401	ICatalogCollection* piRolesColl = NULL;
	402	ICatalogObject* piRoleObj = NULL;
	403
	404	long lChanges = 0;
	405
	406	// log
	407	WcaLog(LOGMSG_VERBOSE, "Creating application role, key: %S", pAttrs->pwzKey);
	408
	409	// get roles collection
	410	hr = CpiGetRolesCollection(pAttrs->pwzPartID, pAttrs->pwzAppID, &piRolesColl);
	411	if (S_FALSE == hr)
	412	hr = HRESULT_FROM_WIN32(ERROR_NOT_FOUND);
	413	ExitOnFailure(hr, "Failed to get roles collection");
	414
	415	// check if role exists
	416	hr = CpiFindCollectionObjectByName(piRolesColl, pAttrs->pwzName, &piRoleObj);
	417	ExitOnFailure(hr, "Failed to find role");
	418
	419	if (S_FALSE == hr)
	420	{
	421	// create role
	422	hr = CpiAddCollectionObject(piRolesColl, &piRoleObj);
	423	ExitOnFailure(hr, "Failed to add role to collection");
	424
	425	hr = CpiPutCollectionObjectValue(piRoleObj, L"Name", pAttrs->pwzName);
	426	ExitOnFailure(hr, "Failed to set role name property");
	427	}
	428
	429	// properties
	430	hr = CpiPutCollectionObjectValues(piRoleObj, pAttrs->pPropList);
	431	ExitOnFailure(hr, "Failed to write properties");
	432
	433	// save changes
	434	hr = piRolesColl->SaveChanges(&lChanges);
	435	if (COMADMIN_E_OBJECTERRORS == hr)
	436	CpiLogCatalogErrorInfo();
	437	ExitOnFailure(hr, "Failed to save changes");
	438
	439	// log
	440	WcaLog(LOGMSG_VERBOSE, "%d changes saved to catalog, key: %S", lChanges, pAttrs->pwzKey);
	441
	442	hr = S_OK;
	443
	444	LExit:
	445	// clean up
	446	ReleaseObject(piRolesColl);
	447	ReleaseObject(piRoleObj);
	448
	449	return hr;
	450	}
	451
	452	static HRESULT RemoveApplicationRole(
	453	CPI_APPLICATION_ROLE_ATTRIBUTES* pAttrs
	454	)
	455	{
	456	HRESULT hr = S_OK;
	457
	458	ICatalogCollection* piRolesColl = NULL;
	459
	460	long lChanges = 0;
	461
	462	// log
	463	WcaLog(LOGMSG_VERBOSE, "Removing application role, key: %S", pAttrs->pwzKey);
	464
	465	// get roles collection
	466	hr = CpiGetRolesCollection(pAttrs->pwzPartID, pAttrs->pwzAppID, &piRolesColl);
	467	ExitOnFailure(hr, "Failed to get roles collection");
	468
	469	if (S_FALSE == hr)
	470	{
	471	// roles collection not found
	472	WcaLog(LOGMSG_VERBOSE, "Unable to retrieve roles collection, nothing to delete, key: %S", pAttrs->pwzKey);
	473	ExitFunction1(hr = S_OK);
	474	}
	475
	476	// remove
	477	hr = CpiRemoveCollectionObject(piRolesColl, NULL, pAttrs->pwzName, FALSE);
	478	ExitOnFailure(hr, "Failed to remove role");
	479
	480	if (S_FALSE == hr)
	481	{
	482	// role not found
	483	WcaLog(LOGMSG_VERBOSE, "Role not found, nothing to delete, key: %S", pAttrs->pwzKey);
	484	ExitFunction1(hr = S_OK);
	485	}
	486
	487	// save changes
	488	hr = piRolesColl->SaveChanges(&lChanges);
	489	if (COMADMIN_E_OBJECTERRORS == hr)
	490	CpiLogCatalogErrorInfo();
	491	ExitOnFailure(hr, "Failed to save changes");
	492
	493	// log
	494	WcaLog(LOGMSG_VERBOSE, "%d changes saved to catalog, key: %S", lChanges, pAttrs->pwzKey);
	495
	496	hr = S_OK;
	497
	498	LExit:
	499	// clean up
	500	ReleaseObject(piRolesColl);
	501
	502	return hr;
	503	}
	504
	505	static HRESULT ReadUsersInApplicationRoleAttributes(
	506	LPWSTR* ppwzData,
	507	CPI_USER_IN_APPLICATION_ROLE_ATTRIBUTES* pAttrs
	508	)
	509	{
	510	HRESULT hr = S_OK;
	511
	512	hr = WcaReadIntegerFromCaData(ppwzData, &pAttrs->iActionType);
	513	ExitOnFailure(hr, "Failed to read action type");
	514	hr = WcaReadIntegerFromCaData(ppwzData, &pAttrs->iActionCost);
	515	ExitOnFailure(hr, "Failed to read action cost");
	516	hr = WcaReadStringFromCaData(ppwzData, &pAttrs->pwzKey);
	517	ExitOnFailure(hr, "Failed to read key");
	518	hr = WcaReadStringFromCaData(ppwzData, &pAttrs->pwzRoleName);
	519	ExitOnFailure(hr, "Failed to read role name");
	520	hr = WcaReadStringFromCaData(ppwzData, &pAttrs->pwzAccount);
	521	ExitOnFailure(hr, "Failed to read account name");
	522	hr = WcaReadStringFromCaData(ppwzData, &pAttrs->pwzAppID);
	523	ExitOnFailure(hr, "Failed to read application id");
	524	hr = WcaReadStringFromCaData(ppwzData, &pAttrs->pwzPartID);
	525	ExitOnFailure(hr, "Failed to read partition id");
	526
	527	hr = S_OK;
	528
	529	LExit:
	530	return hr;
	531	}
	532
	533	static void FreeUsersInApplicationRoleAttributes(
	534	CPI_USER_IN_APPLICATION_ROLE_ATTRIBUTES* pAttrs
	535	)
	536	{
	537	ReleaseStr(pAttrs->pwzKey);
	538	ReleaseStr(pAttrs->pwzRoleName);
	539	ReleaseStr(pAttrs->pwzAccount);
	540	ReleaseStr(pAttrs->pwzAppID);
	541	ReleaseStr(pAttrs->pwzPartID);
	542	}
	543
	544	static HRESULT CreateUsersInApplicationRole(
	545	CPI_USER_IN_APPLICATION_ROLE_ATTRIBUTES* pAttrs
	546	)
	547	{
	548	HRESULT hr = S_OK;
	549	UINT er = ERROR_SUCCESS;
	550
	551	ICatalogCollection* piUsrInRoleColl = NULL;
	552	ICatalogObject* piUsrInRoleObj = NULL;
	553
	554	PSID pSid = NULL;
	555	long lChanges = 0;
	556
	557	// log
	558	WcaLog(LOGMSG_VERBOSE, "Adding user to application role, key: %S", pAttrs->pwzKey);
	559
	560	// get users in role collection
	561	hr = CpiGetUsersInRoleCollection(pAttrs->pwzPartID, pAttrs->pwzAppID, pAttrs->pwzRoleName, &piUsrInRoleColl);
	562	if (S_FALSE == hr)
	563	hr = HRESULT_FROM_WIN32(ERROR_NOT_FOUND);
	564	ExitOnFailure(hr, "Failed to get users in role collection");
	565
	566	// get SID for account
	567	do {
	568	er = ERROR_SUCCESS;
	569	hr = CpiAccountNameToSid(pAttrs->pwzAccount, &pSid);
	570	if (HRESULT_FROM_WIN32(ERROR_NONE_MAPPED) == hr && !::MsiGetMode(WcaGetInstallHandle(), MSIRUNMODE_ROLLBACK))
	571	{
	572	WcaLog(LOGMSG_STANDARD, "Failed to lookup account name, hr: 0x%x, account: '%S'", hr, pAttrs->pwzAccount);
	573	er = WcaErrorMessage(msierrComPlusFailedLookupNames, hr, INSTALLMESSAGE_ERROR \| MB_ABORTRETRYIGNORE, 0);
	574	switch (er)
	575	{
	576	case IDABORT:
	577	ExitFunction(); // exit with error code from CpiAccountNameToSid()
	578	case IDRETRY:
	579	break;
	580	case IDIGNORE:
	581	default:
	582	ExitFunction1(hr = S_OK);
	583	}
	584	}
	585	else
	586	ExitOnFailure(hr, "Failed to get SID for account");
	587	} while (IDRETRY == er);
	588
	589	// find any existing entry
	590	hr = CpiFindUserCollectionObject(piUsrInRoleColl, pSid, NULL);
	591	if (HRESULT_FROM_WIN32(ERROR_NONE_MAPPED) == hr \|\| HRESULT_FROM_WIN32(ERROR_SOME_NOT_MAPPED) == hr)
	592	WcaLog(LOGMSG_STANDARD, "Failed to lookup account names, hr: 0x%x", hr);
	593	else
	594	ExitOnFailure(hr, "Failed to find user in application role");
	595
	596	if (S_OK == hr)
	597	{
	598	WcaLog(LOGMSG_VERBOSE, "User already assigned to application role, key: %S", pAttrs->pwzKey);
	599	ExitFunction(); // exit with hr = S_OK
	600	}
	601
	602	// convert SID back to account name
	603	hr = CpiSidToAccountName(pSid, &pAttrs->pwzAccount);
	604	ExitOnFailure(hr, "Failed to convert SID to account name");
	605
	606	// add user
	607	hr = CpiAddCollectionObject(piUsrInRoleColl, &piUsrInRoleObj);
	608	ExitOnFailure(hr, "Failed to add user in role to collection");
	609
	610	hr = CpiPutCollectionObjectValue(piUsrInRoleObj, L"User", pAttrs->pwzAccount);
	611	ExitOnFailure(hr, "Failed to set role name property");
	612
	613	// save changes
	614	hr = piUsrInRoleColl->SaveChanges(&lChanges);
	615	if (COMADMIN_E_OBJECTERRORS == hr)
	616	CpiLogCatalogErrorInfo();
	617	ExitOnFailure(hr, "Failed to save changes");
	618
	619	// log
	620	WcaLog(LOGMSG_VERBOSE, "%d changes saved to catalog, key: %S", lChanges, pAttrs->pwzKey);
	621
	622	hr = S_OK;
	623
	624	LExit:
	625	// clean up
	626	ReleaseObject(piUsrInRoleColl);
	627	ReleaseObject(piUsrInRoleObj);
	628
	629	if (pSid)
	630	::HeapFree(::GetProcessHeap(), 0, pSid);
	631
	632	return hr;
	633	}
	634
	635	static HRESULT RemoveUsersInApplicationRole(
	636	CPI_USER_IN_APPLICATION_ROLE_ATTRIBUTES* pAttrs
	637	)
	638	{
	639	HRESULT hr = S_OK;
	640	UINT er = ERROR_SUCCESS;
	641
	642	ICatalogCollection* piUsrInRoleColl = NULL;
	643
	644	PSID pSid = NULL;
	645	long lChanges = 0;
	646
	647	// log
	648	WcaLog(LOGMSG_VERBOSE, "Removing user from application role, key: %S", pAttrs->pwzKey);
	649
	650	// get users in role collection
	651	hr = CpiGetUsersInRoleCollection(pAttrs->pwzPartID, pAttrs->pwzAppID, pAttrs->pwzRoleName, &piUsrInRoleColl);
	652	ExitOnFailure(hr, "Failed to get users in role collection");
	653
	654	if (S_FALSE == hr)
	655	{
	656	// users in role collection not found
	657	WcaLog(LOGMSG_VERBOSE, "Unable to retrieve users in role collection, nothing to delete, key: %S", pAttrs->pwzKey);
	658	ExitFunction1(hr = S_OK);
	659	}
	660
	661	// get SID for account
	662	do {
	663	er = ERROR_SUCCESS;
	664	hr = CpiAccountNameToSid(pAttrs->pwzAccount, &pSid);
	665	if (HRESULT_FROM_WIN32(ERROR_NONE_MAPPED) == hr && !::MsiGetMode(WcaGetInstallHandle(), MSIRUNMODE_ROLLBACK))
	666	{
	667	WcaLog(LOGMSG_STANDARD, "Failed to lookup account name, hr: 0x%x, account: '%S'", hr, pAttrs->pwzAccount);
	668	er = WcaErrorMessage(msierrComPlusFailedLookupNames, hr, INSTALLMESSAGE_ERROR \| MB_ABORTRETRYIGNORE, 0);
	669	switch (er)
	670	{
	671	case IDABORT:
	672	ExitFunction(); // exit with error code from CpiAccountNameToSid()
	673	case IDRETRY:
	674	break;
	675	case IDIGNORE:
	676	default:
	677	ExitFunction1(hr = S_OK);
	678	}
	679	}
	680	else
	681	ExitOnFailure(hr, "Failed to get SID for account");
	682	} while (IDRETRY == er);
	683
	684	// remove
	685	hr = CpiRemoveUserCollectionObject(piUsrInRoleColl, pSid);
	686	if (HRESULT_FROM_WIN32(ERROR_NONE_MAPPED) == hr \|\| HRESULT_FROM_WIN32(ERROR_SOME_NOT_MAPPED) == hr)
	687	{
	688	WcaLog(LOGMSG_STANDARD, "Failed to lookup account names, hr: 0x%x", hr);
	689	hr = S_FALSE;
	690	}
	691	else
	692	ExitOnFailure(hr, "Failed to remove user");
	693
	694	if (S_FALSE == hr)
	695	{
	696	// role not found
	697	WcaLog(LOGMSG_VERBOSE, "User not found for application role, nothing to delete, key: %S", pAttrs->pwzKey);
	698	ExitFunction1(hr = S_OK);
	699	}
	700
	701	// save changes
	702	hr = piUsrInRoleColl->SaveChanges(&lChanges);
	703	if (COMADMIN_E_OBJECTERRORS == hr)
	704	CpiLogCatalogErrorInfo();
	705	ExitOnFailure(hr, "Failed to save changes");
	706
	707	// log
	708	WcaLog(LOGMSG_VERBOSE, "%d changes saved to catalog, key: %S", lChanges, pAttrs->pwzKey);
	709
	710	hr = S_OK;
	711
	712	LExit:
	713	// clean up
	714	ReleaseObject(piUsrInRoleColl);
	715
	716	if (pSid)
	717	::HeapFree(::GetProcessHeap(), 0, pSid);
	718
	719	return hr;
	720	}