捐血一袋救人一命

2011年7月21日 星期四

自動化阻擋 SMTP/POP3 Authtication Attack

前一陣子公司不斷遭遇到 Cracker 攻擊 Exchange 2003 的 SMTP/POP3 服務,

企圖以暴力方式破解信箱帳號密碼。

由於本公司採用中華電信的資安艦隊服務,所以將 SMTP/POP3 Log Dump 出來之後,寄交中華電信處理。

中華電信將 IPS 的觸發值調低之後,安穩了兩天;兩天之後,卻發現 Cracker 改變攻擊的頻率,變成每兩秒 Try 一次帳號密碼。

當我將此發現告知中華電信資安艦隊服務人員之後,中華電信人員表示,由於駭客攻擊的頻率已經很低,無法攔阻這樣的攻擊,建議加強密碼政策管理來補強。

身為一個網路管理者,看到這樣的 Log 當然很不爽,駭客天天來家門口踩盤子,所以決定自己動手寫程式,強化 Exchange 防護措施

首先,當然是配合之前撈 Log 的程式,然後去判斷哪些是駭客攻擊。

然後配合使用 ExIPSecurity.exe 裡的程式,來自動添加拒絕連線清單。

ExIPSecurity.exe 可以在 Microsoft DownLoad Center 下載

它是個壓縮檔,裡面一共有四個檔案:

eula.txt,這是版權宣告,看看就好

ExIpSec.dll,這個檔案需要透過 regsvr32.exe 註冊,之後 Ipsec.vbs 會呼叫用到它的元件。

Ipsec.vbs 這個就是管理 Exchange 全域接受清單/全域拒絕清單/連線控制清單/轉寄控制清單 的程式

最後一個文件是 ExIpSecurity 程式的使用說明…有點冗長,有空再看吧…

簡單的說,它就是管理 Exchange 以下兩張圖中,藍色線框的設定

2011-07-21_121209

2011-07-21_121300

其中連線控制與轉送限制這兩個清單,都有預設接受或預設拒絕連線的設定(如下圖)

2011-07-21_121316 2011-07-21_121325

要設定預設值,要使用下列參數

-o s –g [grant | deny]

至於是要設定連線控制或是轉寄限制,則是由參數 –r [connection | relay] 來控制

所以,如果要設定連線控制預設為「下列清單以外的所有項目」(被列入清單的 IP 或 網域或 FQDN 都一律拒絕連線),參數如下:

-o s –g grant –r connection

如果是要設定轉寄限制預設為「僅限下列清單」(只有被列入清單的IP 或 網域或 FQDN 才能轉送郵件),參數如下:

-o –s –g deny –r relay

Ipsec.vbs 原始程式都是英文,看得比較慢,所以我加上一點中文訊息;此外,它顯示 Usage 時有點囉唆,所以我把它改了,方便一覽。

修改過的全部程式碼如下:

REM
REM LOCALIZATION
REM

L_SWITCH_SERVER        = "-s"
L_SWITCH_INSTANCE        = "-i"
L_SWITCH_OPERATION          = "-o"
L_SWITCH_RESTRICTION        = "-r"
L_SWITCH_TYPE            = "-t"
L_SWITCH_GRANTDEFAULT    = "-g"
L_SWITCH_VALUE                  = "-v"
L_SWITCH_MASK            = "-m"
L_SWITCH_DC            = "-d"

L_OP_ENUMERATE            = "e"
L_OP_ADD                = "a"
L_OP_DELETE                   = "d"
L_OP_CLEAR                = "c"
L_OP_SETGRANTDEFAULT     = "s"

L_DESC_PROGRAM                = "Ipsec.vbs - Manipulate Exchange Ip Security Settings"
L_DESC_ENUMERATE             = "Enumerate a security setting (條列連線控管清單設定)"
L_DESC_ADD                    = "Add an IP address or domain"
L_DESC_DELETE                = "Delete an IP address or domain"
L_DESC_CLEAR                = "Clear the current IP list or domain list"
L_DESC_SETGRANTDEFAULT        = "Set grant or deny by default"

L_DESC_SERVER                = "server name (default: local machine's name)"
L_DESC_INSTANCE            = "instance id (default = 1)"
L_DESC_OPERATIONS            = "<operations>"
L_DESC_RESTRICTION            = "connection/relay/accept/deny (連線控制/轉送限制/全域接受清單/全域拒絕清單)"
L_DESC_TYPE                    = "ip/domain (default: ip) (not used in -o s and -o e)"
L_DESC_GRANTDEFAULT        = "grant/deny (only for -o s)"
L_DESC_VALUE                = "value (ip or domain) to add or remove (required for -o a and -o d)"
L_DESC_MASK                = "subnet mask (optional)"
L_DESC_DC                    = "domain controller (required)"

L_RESTRICTION_CONNECTION    = "connection"
L_RESTRICTION_RELAY            = "relay"
L_RESTRICTION_ACCEPT        = "accept"
L_RESTRICTION_DENY            = "deny"
L_TYPE_IP                    = "ip"
L_TYPE_DOMAIN                = "domain"
L_GRANTDEFAULT_GRANT        = "grant"
L_GRANTDEFAULT_DENY        = "deny"

L_DESC_EXAMPLES            = "Examples:"
L_DESC_EXAMPLE1            = "Ipsec.vbs -d ad1 -o e -r connection (條列連線控管清單設定)"
L_DESC_EXAMPLE2            = "Ipsec.vbs -d ad1 -o a -r relay -v 127.0.0.1 (允許本機轉送郵件)"
L_DESC_EXAMPLE3            = "Ipsec.vbs -d ad1 -o a -r accept -v 123.123.123.0 -m 255.255.255.0 (增加 IP 到全域接受清單)"
L_DESC_EXAMPLE4            = "Ipsec.vbs -d ad1 -o e -r accept -v 123.123.123.0 -m 255.255.255.0 (從全域接受清單中刪除某個 IP 地址)"
L_DESC_EXAMPLE5            = "Ipsec.vbs -d ad1 -o a -r deny -v 123.123.123.0 -m 255.255.255.0 (增加 IP 到全域拒絕清單)"
L_DESC_EXAMPLE6            = "Ipsec.vbs -d ad1 -o e -r deny -v 123.123.123.0 -m 255.255.255.0 (從全域拒絕清單中刪除某個 IP 地址)"
L_DESC_EXAMPLE7            = "Ipsec.vbs -d ad1 -s server1 -o d -r connection -t domain -v domain1 (刪除連線控制清單中的某個網域)"
L_DESC_EXAMPLE8            = "Ipsec.vbs -d ad1 -s server1 -o c -r deny (清空全域拒絕清單)"
L_DESC_EXAMPLE9            = "Ipsec.vbs -d ad1 -i 2 -o s -r relay -g grant (設定轉寄限制預設為「下列清單以外的所有項目」"

L_DESC_GLOBAL1                = "Note that options '-o s' and '-t domain' are not allowed in global accept/deny lists."

REM
REM END LOCALIZATION
REM

REM
REM --- Globals ---
REM

dim g_dictParms
Dim objDsIpSec

Set g_dictParms = CreateObject ( "Scripting.Dictionary" )
Set objDsIpSec = CreateObject("ExIpSec.ExIpSecurity")

Dim bAlreadyBind
bAlreadyBind = FALSE
Dim bAllowDomain
bAllowDomain = TRUE
REM
REM --- Set argument defaults ---
REM

g_dictParms(L_SWITCH_OPERATION)        = ""
g_dictParms(L_SWITCH_RESTRICTION)        = ""
g_dictParms(L_SWITCH_TYPE)                = ""
g_dictParms(L_SWITCH_GRANTDEFAULT)        = ""
g_dictParms(L_SWITCH_VALUE)                = ""
g_dictParms(L_SWITCH_SERVER)            = ""
g_dictParms(L_SWITCH_INSTANCE)            = 1
g_dictParms(L_SWITCH_MASK)                = ""
g_dictParms(L_SWITCH_DC)                = ""
REM
REM --- Begin Main Program ---
REM

REM parameter validation
if WScript.Arguments.Count = 0 then
    Usage
    WScript.Quit 1
end if

if NOT ParseCommandLine ( g_dictParms, WScript.Arguments ) then
    Quit "Syntax incorrect. Type 'ipsec.vbs' for usage."
end if

if g_dictParms ( L_SWITCH_OPERATION ) = "" then
    Quit "No operation (-o) is specified"
end if

if g_dictParms ( L_SWITCH_DC ) = "" then
    Quit "No domain controller (-d) is specified"
end if

On Error Resume Next

REM check whether we need connection or relay restriction
if UCase ( g_dictParms ( L_SWITCH_RESTRICTION ) ) = UCase ( L_RESTRICTION_CONNECTION ) then
    objDsIpSec.BindToSmtpVsi g_dictParms(L_SWITCH_SERVER), g_dictParms(L_SWITCH_INSTANCE), g_dictParms(L_SWITCH_DC)
    CheckErr "BindToSmtpVsi"
    bAlreadyBind = TRUE
    objDsIpSec.GetIpSecurityList
    CheckErr "GetIpSecurityList"
elseif UCase ( g_dictParms ( L_SWITCH_RESTRICTION ) ) = UCase ( L_RESTRICTION_RELAY ) then
    objDsIpSec.BindToSmtpVsi g_dictParms(L_SWITCH_SERVER), g_dictParms(L_SWITCH_INSTANCE), g_dictParms(L_SWITCH_DC)
    CheckErr "BindToSmtpVsi"
    bAlreadyBind = TRUE
    objDsIpSec.GetRelayIpList
    CheckErr "GetRelayIpList"
elseif UCase ( g_dictParms ( L_SWITCH_RESTRICTION ) ) = UCase ( L_RESTRICTION_ACCEPT ) then
    objDsIpSec.BindToGlobalList g_dictParms(L_SWITCH_DC)
    CheckErr "BindToGlobalList"
    bAlreadyBind = TRUE
    bAllowDomain = FALSE
    objDsIpSec.GetGlobalAcceptList
    CheckErr "GetGlobalAcceptList"
elseif UCase ( g_dictParms ( L_SWITCH_RESTRICTION ) ) = UCase ( L_RESTRICTION_DENY ) then
    objDsIpSec.BindToGlobalList g_dictParms(L_SWITCH_DC)
    CheckErr "BindToGlobalList"
    bAlreadyBind = TRUE
    bAllowDomain = FALSE
    objDsIpSec.GetGlobalDenyList
    CheckErr "GetGlobalDenyList"
else
    Quit "Invalid -r option"
end if

REM get the lists and GrantByDefault and validate -t option
Dim listGrant
Dim listDeny
Dim GrantByDefault
if g_dictParms(L_SWITCH_OPERATION) = L_OP_SETGRANTDEFAULT OR g_dictParms(L_SWITCH_OPERATION) = L_OP_ENUMERATE then
    if g_dictParms ( L_SWITCH_TYPE )  <> "" then
        Quit "-t option is not used in -o e or -o s"
    end if
end if

REM set the default -t
if g_dictParms ( L_SWITCH_TYPE ) = "" then g_dictParms ( L_SWITCH_TYPE ) = L_TYPE_IP end if
if UCase ( g_dictParms ( L_SWITCH_TYPE ) ) = UCase ( L_TYPE_IP ) then
    listGrant = objDsIpSec.IpGrant
    CheckErr "get_IpGrant"
    listDeny = objDsIpSec.IpDeny
    CheckErr "get_IpDeny"
elseif UCase ( g_dictParms ( L_SWITCH_TYPE ) ) = UCase ( L_TYPE_DOMAIN ) then
    if (bAllowDomain) then
        listGrant = objDsIpSec.DomainGrant
        CheckErr "get_DomainGrant"
        listDeny = objDsIpSec.DomainDeny
        CheckErr "get_DomainDeny"
    else
        Quit "Domain is not allowed on global accept or deny list"
    end if
else
    Quit "Invalid -t option"
end if
GrantByDefault = objDsIpSec.GrantByDefault
CheckErr "get_GrantByDefault"

REM -g option is only for -o s
if g_dictParms ( L_SWITCH_GRANTDEFAULT ) <> "" AND g_dictParms(L_SWITCH_OPERATION) <> L_OP_SETGRANTDEFAULT then
    Quit "-g option is only used in -o s"
end if

REM Do different operations according to L_SWITCH_OPERATION
select case g_dictParms(L_SWITCH_OPERATION)
case L_OP_ENUMERATE

    Dim listToDisplayIp
    Dim listToDisplayDomain
    if ( GrantByDefault ) then
        WScript.Echo "Default: Grant permission"
        WScript.Echo "Dumping Deny List"
        listToDisplayIp = objDsIpSec.IpDeny
        CheckErr "get_IpDeny"
        if (bAllowDomain) then
            listToDisplayDomain = objDsIpSec.DomainDeny
            CheckErr "get_DomainDeny"
        end if
    else
        WScript.Echo "Default: Deny permission"
        WScript.Echo "Dumping Grant List"
        listToDisplayIp = objDsIpSec.IpGrant
        CheckErr "get_IpGrant"
        if (bAllowDomain) then
            listToDisplayDomain = objDsIpSec.DomainGrant
            CheckErr "get_DomainGrant"
        end if
    end if

    WScript.Echo "Ip:"
    DumpList listToDisplayIp, TRUE
    if (bAllowDomain) then
        WScript.Echo "Domain:"
        DumpList listToDisplayDomain, FALSE
    end if

case L_OP_ADD

    if g_dictParms ( L_SWITCH_VALUE ) = "" then
        Quit "No item to add"
    end if

    Dim ValueToAdd
    ValueToAdd =  g_dictParms ( L_SWITCH_VALUE )

    if g_dictParms (L_SWITCH_MASK) = "255.255.255.255" then
        g_dictParms (L_SWITCH_MASK) = ""
    end if

    if ( NOT g_dictParms ( L_SWITCH_MASK ) = "" ) AND  UCase ( g_dictParms ( L_SWITCH_TYPE ) ) = UCase ( L_TYPE_IP ) then   
        ValueToAdd = ValueToAdd + ","
        ValueToAdd = ValueToAdd + g_dictParms ( L_SWITCH_MASK )
    end if
    if ( GrantByDefault ) then
        WScript.Echo "Default: Grant permission"
        MakeSureNoDuplicate listDeny, ValueToAdd
        Redim Preserve listDeny(UBound(listDeny)+1)
        listDeny(UBound(listDeny)) = ValueToAdd
        if UCase ( g_dictParms ( L_SWITCH_TYPE ) ) = UCase ( L_TYPE_IP ) then
            objDsIpSec.IpDeny = listDeny
            CheckErr "put_IpDeny"
            WScript.Echo "Adding to IpDeny"
        else
            if (bAllowDomain) then
                objDsIpSec.DomainDeny = listDeny
                CheckErr "put_DomainDeny"
                WScript.Echo "Adding to DomainDeny"
            end if
        end if
    else
        WScript.Echo "Default: Deny permission"
        MakeSureNoDuplicate listGrant, ValueToAdd
        Redim Preserve listGrant(UBound(listGrant)+1)
        listGrant(UBound(listGrant)) = ValueToAdd
        if UCase ( g_dictParms ( L_SWITCH_TYPE ) ) = UCase ( L_TYPE_IP ) then
            objDsIpSec.IpGrant = listGrant
            CheckErr "put_IpGrant"
            WScript.Echo "Adding to IpGrant"
        else
            if (bAllowDomain) then
                objDsIpSec.DomainGrant = listGrant
                CheckErr "put_DomainGrant"
                WScript.Echo "Adding to DomainGrant"
            end if
        end if
    end if

    objDsIpSec.WriteList
    CheckErr "WriteList"
    WScript.echo "WriteList completed: ("+ ValueToAdd +") is added."
case L_OP_DELETE

    if g_dictParms ( L_SWITCH_VALUE ) = "" then
        Quit "No item to remove"
    end if

    Dim ValueToDelete
    ValueToDelete =  g_dictParms ( L_SWITCH_VALUE )
    if g_dictParms (L_SWITCH_MASK) = "255.255.255.255" then
        g_dictParms (L_SWITCH_MASK) = ""
    end if

    if ( NOT g_dictParms ( L_SWITCH_MASK ) = "" ) AND  UCase ( g_dictParms ( L_SWITCH_TYPE ) ) = UCase ( L_TYPE_IP ) then   
        ValueToDelete = ValueToDelete + ","
        ValueToDelete = ValueToDelete + g_dictParms ( L_SWITCH_MASK )
    end if
    if ( GrantByDefault ) then
        WScript.Echo "Default: Grant permission"
        MoveItemToEndOfList  listDeny, ValueToDelete
        Redim Preserve listDeny(UBound(listDeny)-1)
        if UCase ( g_dictParms ( L_SWITCH_TYPE ) ) = UCase ( L_TYPE_IP ) then
            objDsIpSec.IpDeny = listDeny
            CheckErr "put_IpDeny"
            WScript.Echo "Removing from IpDeny"
        else
            if (bAllowDomain) then
                objDsIpSec.DomainDeny = listDeny
                CheckErr "put_DomainDeny"
                WScript.Echo "Removing from DomainDeny"
            end if
        end if
    else
        WScript.Echo "Default: Deny permission"
        MoveItemToEndOfList  listGrant, ValueToDelete
        Redim Preserve listGrant(UBound(listGrant)-1)
        if UCase ( g_dictParms ( L_SWITCH_TYPE ) ) = UCase ( L_TYPE_IP ) then
            objDsIpSec.IpGrant = listGrant
            CheckErr "put_IpGrant"
            WScript.Echo "Removing from IpGrant"
        else
            if (bAllowDomain) then
                objDsIpSec.DomainGrant = listGrant
                CheckErr "put_DomainGrant"
                WScript.Echo "Removing from DomainGrant"
            end if
        end if
    end if

    objDsIpSec.WriteList
    CheckErr "WriteList"
    WScript.echo "WriteList completed: ("+ ValueToDelete +") is deleted."   

case L_OP_CLEAR

    if ( GrantByDefault ) then
        WScript.Echo "Default: Grant permission"
        Redim Preserve listDeny(-1)
        if UCase ( g_dictParms ( L_SWITCH_TYPE ) ) = UCase ( L_TYPE_IP ) then
            objDsIpSec.IpDeny = listDeny
            CheckErr "put_IpDeny"
            WScript.Echo "Clearing IpDeny"
        else
            if (bAllowDomain) then
                objDsIpSec.DomainDeny = listDeny
                CheckErr "put_DomainDeny"
                WScript.Echo "Clearing DomainDeny"
            end if
        end if
    else
        WScript.Echo "Default: Deny permission"
        Redim Preserve listGrant(-1)
        if UCase ( g_dictParms ( L_SWITCH_TYPE ) ) = UCase ( L_TYPE_IP ) then
            objDsIpSec.IpGrant = listGrant
            CheckErr "put_IpGrant"
            WScript.Echo "Clearing IpGrant"
        else
            if (bAllowDomain) then
                objDsIpSec.DomainGrant = listGrant
                CheckErr "put_DomainGrant"
                WScript.Echo "Clearing DomainGrant"
            end if
        end if
    end if

    objDsIpSec.WriteList
    CheckErr "WriteList"
    WScript.echo "WriteList completed"   

case L_OP_SETGRANTDEFAULT
    if (NOT bAllowDomain) then
        REM We're working on global list. Should not set this default grant/deny.
        Quit "This operation is not allowed on global accept/deny list"
    end if

    if GrantByDefault then
        WScript.Echo "Previous default permission: Grant"
    else
        WScript.Echo "Previous default permission: Deny"
    end if

    if GrantByDefault AND UCase ( g_dictParms ( L_SWITCH_GRANTDEFAULT ) ) = UCase ( L_GRANTDEFAULT_GRANT ) then
        WScript.Echo "Unchanged"
    elseif GrantByDefault AND UCase ( g_dictParms ( L_SWITCH_GRANTDEFAULT ) ) = UCase ( L_GRANTDEFAULT_DENY ) then
        objDsIpSec.GrantByDefault = FALSE
        CheckErr "put_GrantByDefault"
        WScript.echo "Setting default to: Deny"
        objDsIpSec.WriteList
        CheckErr "WriteList"
        WScript.echo "WriteList completed"   
    elseif NOT GrantByDefault AND UCase ( g_dictParms ( L_SWITCH_GRANTDEFAULT ) ) = UCase ( L_GRANTDEFAULT_DENY ) then
        WScript.Echo "Unchanged"
    elseif NOT GrantByDefault AND UCase ( g_dictParms ( L_SWITCH_GRANTDEFAULT ) ) = UCase ( L_GRANTDEFAULT_GRANT ) then
        objDsIpSec.GrantByDefault = TRUE
        CheckErr "put_GrantByDefault"
        WScript.echo "Setting default to: Grant"
        objDsIpSec.WriteList
        CheckErr "WriteList"
        WScript.echo "WriteList completed"   
    else
        Quit "Invalid -g option"
    end if   
case else
    Quit "Invalid operation"
end select

On Error goto 0

if bAlreadyBind then
      objDsIpSec.ReleaseBinding
      CheckErr "ReleaseBinding"
    REM WScript.echo "Release Binding"
end if
WScript.Echo "Completed"
WScript.Quit 0

REM
REM --- End Main Program ---
REM

REM
REM ParseCommandLine ( dictParameters, cmdline )
REM     Parses the command line parameters into the given dictionary
REM
REM Arguments:
REM     dictParameters  - A dictionary containing the global parameters
REM     cmdline - Collection of command line arguments
REM
REM Returns - Success code
REM

Function ParseCommandLine ( dictParameters, cmdline )
    dim     fRet
    dim     cArgs
    dim     i
    dim     strSwitch
    dim     strArgument

    fRet    = TRUE
    cArgs   = cmdline.Count
    i       = 0
    do while (i < cArgs)

        REM
        REM Parse the switch and its argument
        REM

        if i + 1 >= cArgs then
            REM
            REM Not enough command line arguments - Fail
            REM

            fRet = FALSE
            exit do
        end if

        strSwitch = cmdline(i)
        i = i + 1

        strArgument = cmdline(i)
        i = i + 1

        REM
        REM Add the switch,argument pair to the dictionary
        REM

        if NOT dictParameters.Exists ( strSwitch ) then
            REM
            REM Bad switch - Fail
            REM

            fRet = FALSE
            exit do
        end if

        dictParameters(strSwitch) = strArgument

    loop

    ParseCommandLine = fRet
end function

REM
REM Usage ()
REM     prints out the description of the command line arguments
REM

Sub Usage
   
Message = L_DESC_PROGRAM & vbCRLF
    Message = Message & vbTab & L_SWITCH_SERVER & " " & L_DESC_SERVER & vbCRLF
    Message = Message & vbTab & L_SWITCH_INSTANCE & " " & L_DESC_INSTANCE & vbCRLF
    Message = Message & vbTab & L_SWITCH_OPERATION & " " & L_DESC_OPERATIONS & vbCRLF
    Message = Message & vbTab & vbTab & L_OP_ENUMERATE & vbTab & L_DESC_ENUMERATE & vbCRLF
    Message = Message & vbTab & vbTab & L_OP_ADD & vbTab & L_DESC_ADD & vbCRLF
    Message = Message & vbTab & vbTab & L_OP_DELETE & vbTab & L_DESC_DELETE & vbCRLF
    Message = Message & vbTab & vbTab & L_OP_CLEAR & vbTab & L_DESC_CLEAR & vbCRLF
    Message = Message & vbTab & vbTab & L_OP_SETGRANTDEFAULT & vbTab & L_DESC_SETGRANTDEFAULT & vbCRLF
    Message = Message & vbTab & L_SWITCH_RESTRICTION & " " & L_DESC_RESTRICTION & vbCRLF
    Message = Message & vbTab & L_SWITCH_TYPE & " " & L_DESC_TYPE & vbCRLF
    Message = Message & vbTab & L_SWITCH_GRANTDEFAULT & " " & L_DESC_GRANTDEFAULT & vbCRLF
    Message = Message & vbTab & L_SWITCH_VALUE & " " & L_DESC_VALUE & vbCRLF
    Message = Message & vbTab & L_SWITCH_MASK & " " & L_DESC_MASK & vbCRLF
    Message = Message & vbTab & L_SWITCH_DC & " " & L_DESC_DC & vbCRLF & vbCRLF
    Examples = L_DESC_EXAMPLES & vbCRLF
    Examples = Examples & L_DESC_EXAMPLE1 & vbCRLF
    Examples = Examples & L_DESC_EXAMPLE2 & vbCRLF
    Examples = Examples & L_DESC_EXAMPLE3 & vbCRLF
    Examples = Examples & L_DESC_EXAMPLE4 & vbCRLF
    Examples = Examples & L_DESC_EXAMPLE5 & vbCRLF
    Examples = Examples & L_DESC_EXAMPLE6 & vbCRLF
    Examples = Examples & L_DESC_EXAMPLE7 & vbCRLF
    Examples = Examples & L_DESC_EXAMPLE8 & vbCRLF
    Examples = Examples & L_DESC_EXAMPLE9 & vbCRLF
    Examples = Examples & vbCRLF
    Examples = Examples & L_DESC_GLOBAL1 & vbCRLF
    WScript.Echo Message & Examples
end sub

Sub MoveItemToEndOfList(list, item)
    Dim i
    Dim j
    Dim k
    Dim tempItem
    tempItem = ""
    i = LBound(list)
    j = UBound(list)
    if not (j < i) then
        for k = i to j
            if list(k) = item then
                WScript.Echo "Found " + list(k) + " in the list"
                tempItem = list(j)
                list(j) = list(k)
                list(k) = tempItem
                exit for
            end if
        next
        if tempItem = "" then
            Quit "Can't find a match ("+ item + ")"
        end if
    else
        Quit "List empty"
    end if
End Sub

Sub MakeSureNoDuplicate(list, item)
    Dim i
    Dim j
    Dim k
    Dim tempItem
    tempItem = ""
    i = LBound(list)
    j = UBound(list)
    if not (j < i) then
        for k = i to j
            if list(k) = item then
                Quit "Found " + list(k) + " in the list"
            end if
        next
    end if
End Sub

Sub DumpList(list, isIp)
    Dim i
    Dim j
    Dim k
    Dim str
    i = LBound(list)
    j = UBound(list)
    if not (j < i) then
        for k = i to j
            if (isIp) then
                str = Replace(list(k), ",", ", Subnet Mask:")
            else
                str = list(k)
            end if
            WScript.Echo vbTab & str
        next
    else
        WScript.Echo "List empty"
    end if
End Sub

Function Quit (strMsg)
    if bAlreadyBind then
          objDsIpSec.ReleaseBinding
        WScript.echo "Release Binding"
    end if
    WScript.Echo "Quitting: " & strMsg
    WScript.Quit 1
End Function

REM ================================================================================================
REM Function:
REM   CheckErr          -- checks err status, reports err
REM
REM Arguments:
REM   none              -- Err is vbscript builtin IErrorInfo
REM
REM ================================================================================================
Function CheckErr(strDesc)
    If Err.Number <> 0 Then
        WScript.Echo "Failed Script " & strDesc & " 0x" & Hex(Err.Number)
        If(Len(Err.Description) > 0) Then
                  WScript.Echo  "Err.Description: " & Err.Description
        End If
        Quit "Error - " + strDesc
    End If
End Function

反應:

0 意見: