win32install.cpp

ftpserver very good sample

#include "stdafx.h"
#include "WarFtpdlite.h"
#include "WarFtpdLiteWin32NtService.h"
#include "WarUserAuthWin32Nt.h"
#include "WarWinntLsa.h"
#include "WarFsys.h"
#include "WarLog.h"

#if WAR_CRYPTO && !defined(WAR_OPENSSL_RSA_H_INCLUDED)
#   define WAR_OPENSSL_RSA_H_INCLUDED
#   include <openssl/rsa.h>
#endif

#if WAR_CRYPTO && !defined(WAR_OPENSSL_PEM_H_INCLUDED)
#   define WAR_OPENSSL_PEM_H_INCLUDED
#   include <openssl/pem.h>
#endif


#ifdef WAR_WINNT
#   include "PrfData.h"
#endif

using namespace std;

enum SiteTypeE
{
	ST_DEFAULT,
	ST_ADMIN	
};

#define KEY(a,b) a.GetRef(b)
#define VAL(a) war_regstr_t(a)

void CreateSite(WarWin32Registry& regRoot, 
				LPCTSTR siteName, 
				LPCTSTR siteDescr,
				SiteTypeE siteType)
{
	WarWin32Registry reg_sites, reg_site, reg_protocols, reg_prot_ftp, 
		reg_prot_http, reg_site_options, reg_site_paths, 
		reg_auth, reg_auth_nt, reg_path, reg_mime, reg_mime_types,
        reg_modules, reg_modules_auth, reg_modules_auth_winnt,
        reg_modules_auth_winnt_users, reg_modules_auth_winnt_groups;
    bool know_anon_passwd = false;

	TCHAR current_path[MAX_PATH];
        current_path[0] = 0;
        ::GetCurrentDirectory(sizeof(current_path), current_path);


	WarLog info_log(WARLOG_INFO, "CreateSite");

    reg_modules.Create(KEY(regRoot, WAR_WINNT_REG_MODULES));
    reg_modules_auth.Create(KEY(reg_modules, WAR_WINNT_REG_AUTH_MODULES));
    reg_modules_auth_winnt.Create(KEY(reg_modules_auth, WAR_WINNT_REG_WINNT));
    reg_modules_auth_winnt_users.Create(KEY(reg_modules_auth_winnt, WAR_WINNT_REG_USERS));
    reg_modules_auth_winnt_groups.Create(KEY(reg_modules_auth_winnt, WAR_WINNT_REG_GROUPS));

	info_log << "Setting up site: " << siteName << war_endl;
	reg_sites.Create(KEY(regRoot, WAR_WINNT_REG_SITES));

	reg_site.Create(KEY(reg_sites, siteName));
	reg_site.SetValue(WAR_WINNT_REG_NAME, VAL(_T(DEFAULT_FTP_SVR_NAME)));
	reg_site.SetValue(WAR_WINNT_REG_CLASSID, _T(WAR_CLSID_SITE));
	reg_site.SetValue(WAR_WINNT_REG_ENABLE, true);

	info_log << "Setting up Windows NT security integration." << war_endl;
	
	reg_auth.Create(KEY(reg_site, WAR_WINNT_REG_AUTH_MODULES));
	reg_auth_nt.Create(KEY(reg_auth, WAR_WINNT_REG_WINNT));
	reg_auth_nt.SetValue(WAR_WINNT_REG_CLASSID, _T(WAR_CLSID_AUTH_NT));
	if (ST_ADMIN == siteType)
	{
		reg_auth_nt.SetValue(WAR_WINNT_AUTH_FTP_GROUP, VAL(_T("Administrators")));
	}
	else
	{
		reg_auth_nt.SetValue(WAR_WINNT_AUTH_FTP_GROUP, VAL(_T("FTP-Users")));
		reg_auth_nt.SetValue(WAR_WINNT_AUTH_ANON_USER, VAL(_T("FTP-Guest")));

        // See if we know the password
        try
        {
            WarWin32Registry reg_user;
            reg_user.Open(KEY(reg_modules_auth_winnt_users, 
                _T("FTP-Guest")));
            war_regstr_t pwd = reg_user.GetStrValue(WAR_WINNT_REG_PASSWORD, NULL, true, true);
            reg_auth_nt.SetValue(WAR_WINNT_AUTH_ANON_PASSWD, pwd);
            know_anon_passwd = true;
        }
        catch(WarException)
        {
        }

	}
	
	reg_auth_nt.SetValue(WAR_WINNT_AUTH_ALLOW_ANON, false);
	reg_auth_nt.SetValue(WAR_WINNT_AUTH_ANON_PWDEMAIL, true);
	reg_auth_nt.SetValue(WAR_WINNT_AUTH_SERVER_LOCAL, true);
	reg_auth_nt.SetValue(WAR_WINNT_REG_ENABLE, (ST_ADMIN == siteType));

	info_log << "Setting up the server module." << war_endl;
	reg_protocols.Create(KEY(reg_site, WAR_WINNT_REG_PROTOCOLS));
	
	reg_prot_ftp.Create(KEY(reg_protocols, WAR_WINNT_REG_FTP));
	reg_prot_ftp.SetValue(WAR_WINNT_REG_ENABLE, (ST_DEFAULT == siteType));
	reg_prot_http.Create(KEY(reg_protocols, WAR_WINNT_REG_HTTP));
	reg_prot_http.SetValue(WAR_WINNT_REG_ENABLE, (ST_ADMIN == siteType));

	reg_mime.Create(KEY(reg_site, WAR_WINNT_REG_MIME_TYPES));
	reg_mime.SetValue(WAR_WINNT_REG_FILENAME, VAL(_T("")));
	reg_mime.SetValue(WAR_WINNT_USE_LOCAL_OS, false);

	reg_mime_types.Create(KEY(reg_mime, WAR_WINNT_REG_DEFINED));
	reg_mime_types.SetValue(_T("html"), VAL(_T("text/html")));
	reg_mime_types.SetValue(_T("htm"), VAL(_T("text/html")));
	reg_mime_types.SetValue(_T("doc"), VAL(_T("application/msword")));
	reg_mime_types.SetValue(_T("dot"), VAL(_T("application/msword")));
	reg_mime_types.SetValue(_T("pdf"), VAL(_T("application/pdf")));
	reg_mime_types.SetValue(_T("ps"), VAL(_T("application/postscript")));
	reg_mime_types.SetValue(_T("ppt"), VAL(_T("application/powerpoint")));
	reg_mime_types.SetValue(_T("dvi"), VAL(_T("application/x-dvi")));
	reg_mime_types.SetValue(_T("zip"), VAL(_T("application/zip")));
	reg_mime_types.SetValue(_T("tgz"), VAL(_T("application/x-gtar")));
	reg_mime_types.SetValue(_T("tar"), VAL(_T("application/x-tar")));
	reg_mime_types.SetValue(_T("mid"), VAL(_T("audio/midi")));
	reg_mime_types.SetValue(_T("midi"), VAL(_T("audio/midi")));
	reg_mime_types.SetValue(_T("mp3"), VAL(_T("audio/mpeg")));
	reg_mime_types.SetValue(_T("gif"), VAL(_T("image/gif")));
	reg_mime_types.SetValue(_T("jpg"), VAL(_T("image/jpeg")));
	reg_mime_types.SetValue(_T("jpeg"), VAL(_T("image/jpeg")));
	reg_mime_types.SetValue(_T("jpe"), VAL(_T("image/jpeg")));
	reg_mime_types.SetValue(_T("png"), VAL(_T("image/png")));
	reg_mime_types.SetValue(_T("bmp"), VAL(_T("image/x-ms-bmp")));
	reg_mime_types.SetValue(_T("xbm"), VAL(_T("image/x-xbitmap")));
	reg_mime_types.SetValue(_T("xpm"), VAL(_T("image/x-xpixmap")));
	reg_mime_types.SetValue(_T("txt"), VAL(_T("text/plain")));
	reg_mime_types.SetValue(_T("java"), VAL(_T("text/x-java")));
	reg_mime_types.SetValue(_T("avi"), VAL(_T("video/x-msvideo")));

	
#ifdef DEBUG
	// For debug situations, we use a low port number that normally
	// will be blocked from external networks by access-lists in
	// routers, or by firewalls.
	if (ST_ADMIN == siteType)
	{
		reg_prot_ftp.SetValue(WAR_WINNT_REG_ADDRESS, VAL(_T("localhost:10021")));
		reg_prot_http.SetValue(WAR_WINNT_REG_ADDRESS, VAL(_T("localhost:10081")));
	}
	else
	{
		reg_prot_ftp.SetValue(WAR_WINNT_REG_ADDRESS, VAL(_T("*:10")));
		reg_prot_http.SetValue(WAR_WINNT_REG_ADDRESS, VAL(_T("*:81")));
	}
#else
	// Listen to all interfaces on the FTP port (normally port 21)
	if (ST_ADMIN == siteType)
	{
		reg_prot_ftp.SetValue(WAR_WINNT_REG_ADDRESS, VAL(_T("localhost:9))); 
			reg_prot_http.SetValue(WAR_WINNT_REG_ADDRESS, VAL(_T("localhost:81)));
	}
	else
	{
		reg_prot_ftp.SetValue(WAR_WINNT_REG_ADDRESS, VAL(_T("*:ftp")));
		reg_prot_http.SetValue(WAR_WINNT_REG_ADDRESS, VAL(_T("*:http")));
	}
#endif
	
	reg_prot_http.SetValue(WAR_WINNT_REG_DEFAULT_PAGE, VAL(_T("index.html index.htm")));
	reg_prot_http.SetValue(WAR_WINNT_REG_VIRTUAL_HOST, VAL(_T("")));

	reg_site_paths.Create(KEY(reg_site, WAR_WINNT_REG_FILE_SYSTEMS));
	
	// Virtual server options
	reg_site_options.Create(KEY(reg_site,WAR_WINNT_REG_OPTIONS));
	
	// Add some standard paths

	reg_path.Create(KEY(reg_site_paths, _T("/")));
	
	war_syspath_t my_path = _T("file:///");
	if (!RootPath.empty())
		my_path << RootPath << WAR_SYSSLASH << ((ST_ADMIN == siteType) ? "wwwadmin" : "root");
	else
		my_path << current_path << WAR_SYSSLASH << ((ST_ADMIN == siteType) ? "wwwadmin" : "root");
	
	try
	{
		WarFsysGenericCreateDirectories(WarUrl(my_path));
	}
	catch(WarException)
	{
	}

	reg_path.SetValue(WAR_WINNT_SHARE_URL, war_regstr_t(my_path.GetPath()));
	reg_path.SetValue(WAR_WINNT_REG_PERMISSIONS, WarSvrEnums::DEFAULT_PERMS);
	
	//	Don't make upload dir for admin site
	if (ST_ADMIN != siteType)
	{	
		reg_path.Create(KEY(reg_site_paths, _T("/upload")));
		
		my_path = "file:///";
		if (!RootPath.empty())
			my_path << RootPath << WAR_SYSSLASH << "upload";
		else
			my_path << current_path 
			<< WAR_SYSSLASH << "root" 
			<< WAR_SYSSLASH << "upload";
		
		try
		{
			WarFsysGenericCreateDirectories(WarUrl(my_path));
		}
		catch(WarException)
		{
		}

		reg_path.SetValue(WAR_WINNT_SHARE_URL, war_regstr_t(my_path.GetPath()));
        reg_path.SetValue(WAR_WINNT_REG_PERMISSIONS, 0x3d3b0);
	}

	// Create wfdeproc filesystem for admin site
	if (ST_ADMIN == siteType)
	{	
		reg_path.Create(KEY(reg_site_paths, _T("/wfde")));
		
		my_path = "wfde:///proc";

		reg_path.SetValue(WAR_WINNT_SHARE_URL, war_regstr_t(my_path.GetPath()));
        reg_path.SetValue(WAR_WINNT_REG_PERMISSIONS, 0x52da);
	}

	// Install the desired FTP-group and FTP-user
	bool created_anon_user = false;
	war_user_auth_win32_nt_ptr_t auth_ptr = new WarUserAuthWin32Nt;
	auth_ptr->Create(reg_auth, false);
	try
	{
		if (!auth_ptr->HaveLocalGroup(_T("FTP-Users")))
		{
			info_log << "Creating the NT group FTP-Users on the local machine." << war_endl;
			auth_ptr->CreateGroup(_T("FTP-Users"));
            WarWin32Registry reg_group;
            reg_group.Create(KEY(reg_modules_auth_winnt_groups, _T("FTP-Users")));
		}
	}
	catch(WarException& ex)
	{
		if (WAR_ERR_OBJECT_EXIST != ex.LocalError())
			throw ex;
	}
	
	try
	{
		if (!auth_ptr->HaveLocalUser(_T("FTP-Guest")))
		{
			WarCollector<TCHAR> anon_passwd_buf(WarCollector<wchar_t>::SM_ERASE);
			anon_passwd_buf = WarUserAuth::GeneratePasswd();
			
			info_log << "Creating the NT user FTP-Guest on the local machine." << war_endl;
			auth_ptr->CreateUser(_T("FTP-Guest"),  anon_passwd_buf.GetValue().c_str());
			
			reg_auth_nt.SetValue(WAR_WINNT_AUTH_ANON_PASSWD, anon_passwd_buf.GetValue().c_str(), true);

            WarWin32Registry reg_user;
            reg_user.Create(KEY(reg_modules_auth_winnt_users, _T("FTP-Guest")));
            reg_user.SetValue(WAR_WINNT_REG_PASSWORD, war_regstr_t(anon_passwd_buf.GetValue().c_str()), true);
		}
	}
	catch(WarException& ex)
	{
		if (WAR_ERR_OBJECT_EXIST != ex.LocalError())
			throw ex;
	}

	if (reg_auth_nt.HaveValue(WAR_WINNT_AUTH_ANON_PASSWD))
	{
		// Make an empty password. This must be initialized before the anon-user
		// will work!
		info_log << "I don't know the password for the anonymous user. "
			<< "This must be set before anonymous users can log on"
			<< war_endl;

		reg_auth_nt.SetValue(WAR_WINNT_AUTH_ANON_PASSWD, war_regstr_t(_T("")), true);
	}
	
	try
	{
        if (ST_ADMIN != siteType)
        {
		    auth_ptr->AddUserToGroup(_T("FTP-Guest"), _T("Guests"));
        }
	}
	catch(WarException)
	{
	}
	
	if (ST_DEFAULT == siteType)
	{
		// Set up the default user-properties for the server instance
		try
		{
			if (UserName.GetValue().empty())
				UserName = DEFAULT_USER_NAME;
			
			info_log << "The server will run in the userspace of the NT user \"" << UserName << "\"" << war_endl;
			
			if (!auth_ptr->HaveLocalUser(UserName.GetValue().c_str()))
			{
				info_log << "Creating the local NT user \"" << UserName << "\"" << war_endl;
				
				// Generate a random password
				if (UserPasswd.GetValue().empty())
					UserPasswd = WarUserAuth::GeneratePasswd();
				
				// Create the server's user account
				auth_ptr->CreateUser(UserName.GetValue().c_str(), 
					UserPasswd.GetValue().c_str(), true);
				
				// Add to "guest" group
				auth_ptr->AddUserToGroup(UserName.GetValue().c_str(), _T("Guests"));                    
				regRoot.SetValue(WAR_WINNT_RUN_AS_USER_PWD, UserPasswd.GetValue().c_str(), true);

                WarWin32Registry reg_user;
                reg_user.Create(KEY(reg_modules_auth_winnt_users, UserName.GetValue().c_str()));
                reg_user.SetValue(WAR_WINNT_REG_PASSWORD, war_regstr_t(UserPasswd.GetValue().c_str()), true);
            }
            else
            {
                // Fetch the password if it's empty
                if (UserPasswd.GetValue().empty())
                {
                    WarWin32Registry reg_user;
                    if (reg_modules_auth_winnt_users.HaveKey(UserName.GetValue().c_str()))
                    {
                        reg_user.Open(KEY(reg_modules_auth_winnt_users, UserName.GetValue().c_str()));
                        if (reg_user.HaveValue(WAR_WINNT_REG_PASSWORD, true))
                        {
                            UserPasswd = reg_user.GetStrValue(WAR_WINNT_REG_PASSWORD, NULL, true, true);
                        }
                    }
                }
            }
            
			regRoot.SetValue(WAR_WINNT_RUN_AS_USER, UserName.GetValue().c_str());
			
			// Give requiered privilegies
			LSA_HANDLE lsa = NULL;
			DWORD error = WarOpenPolicy(NULL, POLICY_ALL_ACCESS, &lsa);
			WarLog err_log(WARLOG_ERROR, "DoInstall()");
			if (0 != error)
			{
				WarError err(WAR_ERR_SYSTEM_ERROR, error);
				
				err_log << "Failed to open LSA policy handle"
					<< err
					<< war_endl;
				
			} else 
			{
				WarCollector<wchar_t> user_name = UserName,
					service_logon_name = SE_SERVICE_LOGON_NAME,
					tcb_name = SE_TCB_NAME,