BOOL PLUGIN_GENERIC_INITIALIZE(
_In_ PLUGIN_API_TABLE const * const api
) {
BOOL bResult = FALSE;
PTCHAR pptAttrsListForCsv[MMR_OUTFILE_HEADER_COUNT] = MMR_OUTFILE_HEADER;
bResult = ApiHeapCreateX(&gs_hHeapMasterSlave, MASTERMAILBOX_HEAP_NAME, NULL);
if (API_FAILED(bResult)) {
return ERROR_VALUE;
}
gs_outfileName = api->Common.GetPluginOption(_T("mmrout"), FALSE);
if (!gs_outfileName) {
gs_outfileName = DEFAULT_MMR_OUTFILE;
}
gs_outDenyfileName = ApiHeapAllocX(gs_hHeapMasterSlave, (DWORD)((_tcslen(gs_outfileName) + 10) * sizeof(TCHAR)));
_stprintf_s(gs_outDenyfileName, _tcslen(gs_outfileName) + 10, _T("%s.deny.csv"), gs_outfileName);
API_LOG(Info, _T("Outfiles are <%s>/<%s>"), gs_outfileName, gs_outDenyfileName);
bResult = api->InputCsv.CsvOpenWrite(gs_outfileName, MMR_OUTFILE_HEADER_COUNT, pptAttrsListForCsv, &gs_hOutfile);
if (!bResult) {
API_FATAL(_T("Failed to open CSV outfile <%s>: <err:%#08x>"), gs_outfileName, api->InputCsv.CsvGetLastError(gs_hOutfile));
}
bResult = api->InputCsv.CsvOpenWrite(gs_outDenyfileName, MMR_OUTFILE_HEADER_COUNT, pptAttrsListForCsv, &gs_hOutDenyfile);
if (!bResult) {
API_FATAL(_T("Failed to open CSV outfile <%s>: <err:%#08x>"), gs_outDenyfileName, api->InputCsv.CsvGetLastError(gs_hOutDenyfile));
}
return TRUE;
}
BOOL PLUGIN_GENERIC_INITIALIZE(
_In_ PLUGIN_API_TABLE const * const api
) {
DWORD dwWritten = 0;
BOOL bResult = FALSE;
gs_outfileName = api->Common.GetPluginOption(_T("msrout"), FALSE);
if (!gs_outfileName) {
gs_outfileName = DEFAULT_MSR_OUTFILE;
}
API_LOG(Info, _T("Outfile is <%s>"), gs_outfileName);
gs_hOutfile = CreateFile(gs_outfileName, GENERIC_WRITE, 0, NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL | FILE_ATTRIBUTE_TEMPORARY, NULL);
if (gs_hOutfile == INVALID_HANDLE_VALUE) {
API_FATAL(_T("Failed to create outfile <%s> : <%u>"), gs_outfileName, GetLastError());
}
bResult = WriteFile(gs_hOutfile, MSR_OUTFILE_HEADER, (DWORD)_tcslen(MSR_OUTFILE_HEADER), &dwWritten, NULL);
if (!bResult) {
API_FATAL(_T("Failed to write header to outfile <%s> : <%u>"), gs_outfileName, GetLastError());
}
return TRUE;
}
BOOL PLUGIN_FILTER_FILTERACE(
_In_ PLUGIN_API_TABLE const * const api,
_Inout_ PIMPORTED_ACE ace
) {
PSID trusteeSidAce = api->Ace.GetTrustee(ace);
if (gs_TrusteeFilter == NULL && gs_TrusteeDnFilter != NULL) {
PIMPORTED_OBJECT object = api->Resolver.GetObjectByDn(gs_TrusteeDnFilter);
if (!object) {
API_FATAL(_T("Cannot resolve DN <%s>"), gs_TrusteeDnFilter);
}
gs_TrusteeFilter = &object->imported.sid;
}
return EqualSid(trusteeSidAce, gs_TrusteeFilter);
}
/* --- PRIVATE FUNCTIONS ---------------------------------------------------- */
static void WriteRelation(
_In_ PLUGIN_API_TABLE const * const api,
_In_ LPTSTR master,
_In_ LPTSTR slave,
_In_ LPTSTR relationKeyword,
_In_ CSV_HANDLE outFile
) {
LPTSTR csvRecord[3];
BOOL bResult = FALSE;
DWORD csvRecordNumber = 3;
csvRecord[0] = master;
csvRecord[1] = slave;
csvRecord[2] = relationKeyword;
bResult = api->InputCsv.CsvWriteNextRecord(outFile, csvRecord, &csvRecordNumber);
if (!bResult)
API_FATAL(_T("Failed to write CSV outfile: <err:%#08x>"), api->InputCsv.CsvGetLastError(outFile));
}
BOOL PLUGIN_GENERIC_INITIALIZE(
_In_ PLUGIN_API_TABLE const * const api
) {
BOOL bResult = FALSE;
LPTSTR trustee = api->Common.GetPluginOption(_T("trustee"), TRUE);
if (_tcsncmp(SID_STR_PREFIX, trustee, strlen(SID_STR_PREFIX)) == 0) {
bResult = ConvertStringSidToSid(trustee, &gs_TrusteeFilter);
if (!bResult) {
API_FATAL(_T("Failed to convert SID <%s> to its binary form : <%u>"), trustee, GetLastError());
}
API_LOG(Info, _T("Filtering trustee by SID <%s>"), trustee);
}
else {
// Resolution will take place later since resolver has not been activated yet
gs_TrusteeDnFilter = trustee;
API_LOG(Info, _T("Filtering trustee by DN <%s>"), trustee);
}
return TRUE;
}
BOOL PLUGIN_GENERIC_INITIALIZE(
_In_ PLUGIN_API_TABLE const * const api
) {
BOOL bResult = FALSE;
LPTSTR inhobjty = api->Common.GetPluginOption(_T("inhobjtype"), FALSE);
// TODO : guid resolution from resolved str form could be nice here
if (!inhobjty) {
API_LOG(Info, _T("Filtering empty inheritedObjectType"));
gs_EmptyInhObjType = TRUE;
}
else {
bResult = api->Common.ConvertStrGuidToGuid(inhobjty, &gs_InhObjectTypeFilter);
gs_EmptyInhObjType = FALSE;
if (bResult != NOERROR) {
API_FATAL(_T("Error while converting inherited object type guid <%s> to its binary form : <%#08x)"), inhobjty, bResult);
}
else {
API_LOG(Info, _T("Filtering inheritedObjectType <%s>"), inhobjty);
}
}
return TRUE;
}
