| REM
REM LOCALIZATION
REM L_SWITCH_SERVER = "-s"
L_SWITCH_INSTANCE = "-i"
L_SWITCH_OPERATION = "-o"
L_SWITCH_RESTRICTION = "-r"
L_SWITCH_TYPE = "-t"
L_SWITCH_GRANTDEFAULT = "-g"
L_SWITCH_VALUE = "-v"
L_SWITCH_MASK = "-m"
L_SWITCH_DC = "-d" L_OP_ENUMERATE = "e"
L_OP_ADD = "a"
L_OP_DELETE = "d"
L_OP_CLEAR = "c"
L_OP_SETGRANTDEFAULT = "s" L_DESC_PROGRAM = "Ipsec.vbs - Manipulate Exchange Ip Security Settings"
L_DESC_ENUMERATE = "Enumerate a security setting (條列連線控管清單設定)"
L_DESC_ADD = "Add an IP address or domain"
L_DESC_DELETE = "Delete an IP address or domain"
L_DESC_CLEAR = "Clear the current IP list or domain list"
L_DESC_SETGRANTDEFAULT = "Set grant or deny by default" L_DESC_SERVER = "server name (default: local machine's name)"
L_DESC_INSTANCE = "instance id (default = 1)"
L_DESC_OPERATIONS = "<operations>"
L_DESC_RESTRICTION = "connection/relay/accept/deny (連線控制/轉送限制/全域接受清單/全域拒絕清單)"
L_DESC_TYPE = "ip/domain (default: ip) (not used in -o s and -o e)"
L_DESC_GRANTDEFAULT = "grant/deny (only for -o s)"
L_DESC_VALUE = "value (ip or domain) to add or remove (required for -o a and -o d)"
L_DESC_MASK = "subnet mask (optional)"
L_DESC_DC = "domain controller (required)" L_RESTRICTION_CONNECTION = "connection"
L_RESTRICTION_RELAY = "relay"
L_RESTRICTION_ACCEPT = "accept"
L_RESTRICTION_DENY = "deny"
L_TYPE_IP = "ip"
L_TYPE_DOMAIN = "domain"
L_GRANTDEFAULT_GRANT = "grant"
L_GRANTDEFAULT_DENY = "deny" L_DESC_EXAMPLES = "Examples:"
L_DESC_EXAMPLE1 = "Ipsec.vbs -d ad1 -o e -r connection (條列連線控管清單設定)"
L_DESC_EXAMPLE2 = "Ipsec.vbs -d ad1 -o a -r relay -v 127.0.0.1 (允許本機轉送郵件)"
L_DESC_EXAMPLE3 = "Ipsec.vbs -d ad1 -o a -r accept -v 123.123.123.0 -m 255.255.255.0 (增加 IP 到全域接受清單)"
L_DESC_EXAMPLE4 = "Ipsec.vbs -d ad1 -o e -r accept -v 123.123.123.0 -m 255.255.255.0 (從全域接受清單中刪除某個 IP 地址)"
L_DESC_EXAMPLE5 = "Ipsec.vbs -d ad1 -o a -r deny -v 123.123.123.0 -m 255.255.255.0 (增加 IP 到全域拒絕清單)"
L_DESC_EXAMPLE6 = "Ipsec.vbs -d ad1 -o e -r deny -v 123.123.123.0 -m 255.255.255.0 (從全域拒絕清單中刪除某個 IP 地址)"
L_DESC_EXAMPLE7 = "Ipsec.vbs -d ad1 -s server1 -o d -r connection -t domain -v domain1 (刪除連線控制清單中的某個網域)"
L_DESC_EXAMPLE8 = "Ipsec.vbs -d ad1 -s server1 -o c -r deny (清空全域拒絕清單)"
L_DESC_EXAMPLE9 = "Ipsec.vbs -d ad1 -i 2 -o s -r relay -g grant (設定轉寄限制預設為「下列清單以外的所有項目」" L_DESC_GLOBAL1 = "Note that options '-o s' and '-t domain' are not allowed in global accept/deny lists." REM
REM END LOCALIZATION
REM REM
REM --- Globals ---
REM dim g_dictParms
Dim objDsIpSec Set g_dictParms = CreateObject ( "Scripting.Dictionary" )
Set objDsIpSec = CreateObject("ExIpSec.ExIpSecurity") Dim bAlreadyBind
bAlreadyBind = FALSE
Dim bAllowDomain
bAllowDomain = TRUE
REM
REM --- Set argument defaults ---
REM g_dictParms(L_SWITCH_OPERATION) = ""
g_dictParms(L_SWITCH_RESTRICTION) = ""
g_dictParms(L_SWITCH_TYPE) = ""
g_dictParms(L_SWITCH_GRANTDEFAULT) = ""
g_dictParms(L_SWITCH_VALUE) = ""
g_dictParms(L_SWITCH_SERVER) = ""
g_dictParms(L_SWITCH_INSTANCE) = 1
g_dictParms(L_SWITCH_MASK) = ""
g_dictParms(L_SWITCH_DC) = ""
REM
REM --- Begin Main Program ---
REM REM parameter validation
if WScript.Arguments.Count = 0 then
Usage
WScript.Quit 1
end if if NOT ParseCommandLine ( g_dictParms, WScript.Arguments ) then
Quit "Syntax incorrect. Type 'ipsec.vbs' for usage."
end if if g_dictParms ( L_SWITCH_OPERATION ) = "" then
Quit "No operation (-o) is specified"
end if if g_dictParms ( L_SWITCH_DC ) = "" then
Quit "No domain controller (-d) is specified"
end if On Error Resume Next REM check whether we need connection or relay restriction
if UCase ( g_dictParms ( L_SWITCH_RESTRICTION ) ) = UCase ( L_RESTRICTION_CONNECTION ) then
objDsIpSec.BindToSmtpVsi g_dictParms(L_SWITCH_SERVER), g_dictParms(L_SWITCH_INSTANCE), g_dictParms(L_SWITCH_DC)
CheckErr "BindToSmtpVsi"
bAlreadyBind = TRUE
objDsIpSec.GetIpSecurityList
CheckErr "GetIpSecurityList"
elseif UCase ( g_dictParms ( L_SWITCH_RESTRICTION ) ) = UCase ( L_RESTRICTION_RELAY ) then
objDsIpSec.BindToSmtpVsi g_dictParms(L_SWITCH_SERVER), g_dictParms(L_SWITCH_INSTANCE), g_dictParms(L_SWITCH_DC)
CheckErr "BindToSmtpVsi"
bAlreadyBind = TRUE
objDsIpSec.GetRelayIpList
CheckErr "GetRelayIpList"
elseif UCase ( g_dictParms ( L_SWITCH_RESTRICTION ) ) = UCase ( L_RESTRICTION_ACCEPT ) then
objDsIpSec.BindToGlobalList g_dictParms(L_SWITCH_DC)
CheckErr "BindToGlobalList"
bAlreadyBind = TRUE
bAllowDomain = FALSE
objDsIpSec.GetGlobalAcceptList
CheckErr "GetGlobalAcceptList"
elseif UCase ( g_dictParms ( L_SWITCH_RESTRICTION ) ) = UCase ( L_RESTRICTION_DENY ) then
objDsIpSec.BindToGlobalList g_dictParms(L_SWITCH_DC)
CheckErr "BindToGlobalList"
bAlreadyBind = TRUE
bAllowDomain = FALSE
objDsIpSec.GetGlobalDenyList
CheckErr "GetGlobalDenyList"
else
Quit "Invalid -r option"
end if REM get the lists and GrantByDefault and validate -t option
Dim listGrant
Dim listDeny
Dim GrantByDefault
if g_dictParms(L_SWITCH_OPERATION) = L_OP_SETGRANTDEFAULT OR g_dictParms(L_SWITCH_OPERATION) = L_OP_ENUMERATE then
if g_dictParms ( L_SWITCH_TYPE ) <> "" then
Quit "-t option is not used in -o e or -o s"
end if
end if REM set the default -t
if g_dictParms ( L_SWITCH_TYPE ) = "" then g_dictParms ( L_SWITCH_TYPE ) = L_TYPE_IP end if
if UCase ( g_dictParms ( L_SWITCH_TYPE ) ) = UCase ( L_TYPE_IP ) then
listGrant = objDsIpSec.IpGrant
CheckErr "get_IpGrant"
listDeny = objDsIpSec.IpDeny
CheckErr "get_IpDeny"
elseif UCase ( g_dictParms ( L_SWITCH_TYPE ) ) = UCase ( L_TYPE_DOMAIN ) then
if (bAllowDomain) then
listGrant = objDsIpSec.DomainGrant
CheckErr "get_DomainGrant"
listDeny = objDsIpSec.DomainDeny
CheckErr "get_DomainDeny"
else
Quit "Domain is not allowed on global accept or deny list"
end if
else
Quit "Invalid -t option"
end if
GrantByDefault = objDsIpSec.GrantByDefault
CheckErr "get_GrantByDefault" REM -g option is only for -o s
if g_dictParms ( L_SWITCH_GRANTDEFAULT ) <> "" AND g_dictParms(L_SWITCH_OPERATION) <> L_OP_SETGRANTDEFAULT then
Quit "-g option is only used in -o s"
end if REM Do different operations according to L_SWITCH_OPERATION
select case g_dictParms(L_SWITCH_OPERATION)
case L_OP_ENUMERATE Dim listToDisplayIp
Dim listToDisplayDomain
if ( GrantByDefault ) then
WScript.Echo "Default: Grant permission"
WScript.Echo "Dumping Deny List"
listToDisplayIp = objDsIpSec.IpDeny
CheckErr "get_IpDeny"
if (bAllowDomain) then
listToDisplayDomain = objDsIpSec.DomainDeny
CheckErr "get_DomainDeny"
end if
else
WScript.Echo "Default: Deny permission"
WScript.Echo "Dumping Grant List"
listToDisplayIp = objDsIpSec.IpGrant
CheckErr "get_IpGrant"
if (bAllowDomain) then
listToDisplayDomain = objDsIpSec.DomainGrant
CheckErr "get_DomainGrant"
end if
end if WScript.Echo "Ip:"
DumpList listToDisplayIp, TRUE
if (bAllowDomain) then
WScript.Echo "Domain:"
DumpList listToDisplayDomain, FALSE
end if case L_OP_ADD if g_dictParms ( L_SWITCH_VALUE ) = "" then
Quit "No item to add"
end if Dim ValueToAdd
ValueToAdd = g_dictParms ( L_SWITCH_VALUE ) if g_dictParms (L_SWITCH_MASK) = "255.255.255.255" then
g_dictParms (L_SWITCH_MASK) = ""
end if if ( NOT g_dictParms ( L_SWITCH_MASK ) = "" ) AND UCase ( g_dictParms ( L_SWITCH_TYPE ) ) = UCase ( L_TYPE_IP ) then
ValueToAdd = ValueToAdd + ","
ValueToAdd = ValueToAdd + g_dictParms ( L_SWITCH_MASK )
end if
if ( GrantByDefault ) then
WScript.Echo "Default: Grant permission"
MakeSureNoDuplicate listDeny, ValueToAdd
Redim Preserve listDeny(UBound(listDeny)+1)
listDeny(UBound(listDeny)) = ValueToAdd
if UCase ( g_dictParms ( L_SWITCH_TYPE ) ) = UCase ( L_TYPE_IP ) then
objDsIpSec.IpDeny = listDeny
CheckErr "put_IpDeny"
WScript.Echo "Adding to IpDeny"
else
if (bAllowDomain) then
objDsIpSec.DomainDeny = listDeny
CheckErr "put_DomainDeny"
WScript.Echo "Adding to DomainDeny"
end if
end if
else
WScript.Echo "Default: Deny permission"
MakeSureNoDuplicate listGrant, ValueToAdd
Redim Preserve listGrant(UBound(listGrant)+1)
listGrant(UBound(listGrant)) = ValueToAdd
if UCase ( g_dictParms ( L_SWITCH_TYPE ) ) = UCase ( L_TYPE_IP ) then
objDsIpSec.IpGrant = listGrant
CheckErr "put_IpGrant"
WScript.Echo "Adding to IpGrant"
else
if (bAllowDomain) then
objDsIpSec.DomainGrant = listGrant
CheckErr "put_DomainGrant"
WScript.Echo "Adding to DomainGrant"
end if
end if
end if objDsIpSec.WriteList
CheckErr "WriteList"
WScript.echo "WriteList completed: ("+ ValueToAdd +") is added."
case L_OP_DELETE if g_dictParms ( L_SWITCH_VALUE ) = "" then
Quit "No item to remove"
end if Dim ValueToDelete
ValueToDelete = g_dictParms ( L_SWITCH_VALUE )
if g_dictParms (L_SWITCH_MASK) = "255.255.255.255" then
g_dictParms (L_SWITCH_MASK) = ""
end if if ( NOT g_dictParms ( L_SWITCH_MASK ) = "" ) AND UCase ( g_dictParms ( L_SWITCH_TYPE ) ) = UCase ( L_TYPE_IP ) then
ValueToDelete = ValueToDelete + ","
ValueToDelete = ValueToDelete + g_dictParms ( L_SWITCH_MASK )
end if
if ( GrantByDefault ) then
WScript.Echo "Default: Grant permission"
MoveItemToEndOfList listDeny, ValueToDelete
Redim Preserve listDeny(UBound(listDeny)-1)
if UCase ( g_dictParms ( L_SWITCH_TYPE ) ) = UCase ( L_TYPE_IP ) then
objDsIpSec.IpDeny = listDeny
CheckErr "put_IpDeny"
WScript.Echo "Removing from IpDeny"
else
if (bAllowDomain) then
objDsIpSec.DomainDeny = listDeny
CheckErr "put_DomainDeny"
WScript.Echo "Removing from DomainDeny"
end if
end if
else
WScript.Echo "Default: Deny permission"
MoveItemToEndOfList listGrant, ValueToDelete
Redim Preserve listGrant(UBound(listGrant)-1)
if UCase ( g_dictParms ( L_SWITCH_TYPE ) ) = UCase ( L_TYPE_IP ) then
objDsIpSec.IpGrant = listGrant
CheckErr "put_IpGrant"
WScript.Echo "Removing from IpGrant"
else
if (bAllowDomain) then
objDsIpSec.DomainGrant = listGrant
CheckErr "put_DomainGrant"
WScript.Echo "Removing from DomainGrant"
end if
end if
end if objDsIpSec.WriteList
CheckErr "WriteList"
WScript.echo "WriteList completed: ("+ ValueToDelete +") is deleted." case L_OP_CLEAR if ( GrantByDefault ) then
WScript.Echo "Default: Grant permission"
Redim Preserve listDeny(-1)
if UCase ( g_dictParms ( L_SWITCH_TYPE ) ) = UCase ( L_TYPE_IP ) then
objDsIpSec.IpDeny = listDeny
CheckErr "put_IpDeny"
WScript.Echo "Clearing IpDeny"
else
if (bAllowDomain) then
objDsIpSec.DomainDeny = listDeny
CheckErr "put_DomainDeny"
WScript.Echo "Clearing DomainDeny"
end if
end if
else
WScript.Echo "Default: Deny permission"
Redim Preserve listGrant(-1)
if UCase ( g_dictParms ( L_SWITCH_TYPE ) ) = UCase ( L_TYPE_IP ) then
objDsIpSec.IpGrant = listGrant
CheckErr "put_IpGrant"
WScript.Echo "Clearing IpGrant"
else
if (bAllowDomain) then
objDsIpSec.DomainGrant = listGrant
CheckErr "put_DomainGrant"
WScript.Echo "Clearing DomainGrant"
end if
end if
end if objDsIpSec.WriteList
CheckErr "WriteList"
WScript.echo "WriteList completed" case L_OP_SETGRANTDEFAULT
if (NOT bAllowDomain) then
REM We're working on global list. Should not set this default grant/deny.
Quit "This operation is not allowed on global accept/deny list"
end if if GrantByDefault then
WScript.Echo "Previous default permission: Grant"
else
WScript.Echo "Previous default permission: Deny"
end if if GrantByDefault AND UCase ( g_dictParms ( L_SWITCH_GRANTDEFAULT ) ) = UCase ( L_GRANTDEFAULT_GRANT ) then
WScript.Echo "Unchanged"
elseif GrantByDefault AND UCase ( g_dictParms ( L_SWITCH_GRANTDEFAULT ) ) = UCase ( L_GRANTDEFAULT_DENY ) then
objDsIpSec.GrantByDefault = FALSE
CheckErr "put_GrantByDefault"
WScript.echo "Setting default to: Deny"
objDsIpSec.WriteList
CheckErr "WriteList"
WScript.echo "WriteList completed"
elseif NOT GrantByDefault AND UCase ( g_dictParms ( L_SWITCH_GRANTDEFAULT ) ) = UCase ( L_GRANTDEFAULT_DENY ) then
WScript.Echo "Unchanged"
elseif NOT GrantByDefault AND UCase ( g_dictParms ( L_SWITCH_GRANTDEFAULT ) ) = UCase ( L_GRANTDEFAULT_GRANT ) then
objDsIpSec.GrantByDefault = TRUE
CheckErr "put_GrantByDefault"
WScript.echo "Setting default to: Grant"
objDsIpSec.WriteList
CheckErr "WriteList"
WScript.echo "WriteList completed"
else
Quit "Invalid -g option"
end if
case else
Quit "Invalid operation"
end select On Error goto 0 if bAlreadyBind then
objDsIpSec.ReleaseBinding
CheckErr "ReleaseBinding"
REM WScript.echo "Release Binding"
end if
WScript.Echo "Completed"
WScript.Quit 0 REM
REM --- End Main Program ---
REM REM
REM ParseCommandLine ( dictParameters, cmdline )
REM Parses the command line parameters into the given dictionary
REM
REM Arguments:
REM dictParameters - A dictionary containing the global parameters
REM cmdline - Collection of command line arguments
REM
REM Returns - Success code
REM Function ParseCommandLine ( dictParameters, cmdline )
dim fRet
dim cArgs
dim i
dim strSwitch
dim strArgument fRet = TRUE
cArgs = cmdline.Count
i = 0
do while (i < cArgs) REM
REM Parse the switch and its argument
REM if i + 1 >= cArgs then
REM
REM Not enough command line arguments - Fail
REM fRet = FALSE
exit do
end if strSwitch = cmdline(i)
i = i + 1 strArgument = cmdline(i)
i = i + 1 REM
REM Add the switch,argument pair to the dictionary
REM if NOT dictParameters.Exists ( strSwitch ) then
REM
REM Bad switch - Fail
REM fRet = FALSE
exit do
end if dictParameters(strSwitch) = strArgument loop ParseCommandLine = fRet
end function REM
REM Usage ()
REM prints out the description of the command line arguments
REM Sub Usage
Message = L_DESC_PROGRAM & vbCRLF
Message = Message & vbTab & L_SWITCH_SERVER & " " & L_DESC_SERVER & vbCRLF
Message = Message & vbTab & L_SWITCH_INSTANCE & " " & L_DESC_INSTANCE & vbCRLF
Message = Message & vbTab & L_SWITCH_OPERATION & " " & L_DESC_OPERATIONS & vbCRLF
Message = Message & vbTab & vbTab & L_OP_ENUMERATE & vbTab & L_DESC_ENUMERATE & vbCRLF
Message = Message & vbTab & vbTab & L_OP_ADD & vbTab & L_DESC_ADD & vbCRLF
Message = Message & vbTab & vbTab & L_OP_DELETE & vbTab & L_DESC_DELETE & vbCRLF
Message = Message & vbTab & vbTab & L_OP_CLEAR & vbTab & L_DESC_CLEAR & vbCRLF
Message = Message & vbTab & vbTab & L_OP_SETGRANTDEFAULT & vbTab & L_DESC_SETGRANTDEFAULT & vbCRLF
Message = Message & vbTab & L_SWITCH_RESTRICTION & " " & L_DESC_RESTRICTION & vbCRLF
Message = Message & vbTab & L_SWITCH_TYPE & " " & L_DESC_TYPE & vbCRLF
Message = Message & vbTab & L_SWITCH_GRANTDEFAULT & " " & L_DESC_GRANTDEFAULT & vbCRLF
Message = Message & vbTab & L_SWITCH_VALUE & " " & L_DESC_VALUE & vbCRLF
Message = Message & vbTab & L_SWITCH_MASK & " " & L_DESC_MASK & vbCRLF
Message = Message & vbTab & L_SWITCH_DC & " " & L_DESC_DC & vbCRLF & vbCRLF
Examples = L_DESC_EXAMPLES & vbCRLF
Examples = Examples & L_DESC_EXAMPLE1 & vbCRLF
Examples = Examples & L_DESC_EXAMPLE2 & vbCRLF
Examples = Examples & L_DESC_EXAMPLE3 & vbCRLF
Examples = Examples & L_DESC_EXAMPLE4 & vbCRLF
Examples = Examples & L_DESC_EXAMPLE5 & vbCRLF
Examples = Examples & L_DESC_EXAMPLE6 & vbCRLF
Examples = Examples & L_DESC_EXAMPLE7 & vbCRLF
Examples = Examples & L_DESC_EXAMPLE8 & vbCRLF
Examples = Examples & L_DESC_EXAMPLE9 & vbCRLF
Examples = Examples & vbCRLF
Examples = Examples & L_DESC_GLOBAL1 & vbCRLF
WScript.Echo Message & Examples
end sub Sub MoveItemToEndOfList(list, item)
Dim i
Dim j
Dim k
Dim tempItem
tempItem = ""
i = LBound(list)
j = UBound(list)
if not (j < i) then
for k = i to j
if list(k) = item then
WScript.Echo "Found " + list(k) + " in the list"
tempItem = list(j)
list(j) = list(k)
list(k) = tempItem
exit for
end if
next
if tempItem = "" then
Quit "Can't find a match ("+ item + ")"
end if
else
Quit "List empty"
end if
End Sub Sub MakeSureNoDuplicate(list, item)
Dim i
Dim j
Dim k
Dim tempItem
tempItem = ""
i = LBound(list)
j = UBound(list)
if not (j < i) then
for k = i to j
if list(k) = item then
Quit "Found " + list(k) + " in the list"
end if
next
end if
End Sub Sub DumpList(list, isIp)
Dim i
Dim j
Dim k
Dim str
i = LBound(list)
j = UBound(list)
if not (j < i) then
for k = i to j
if (isIp) then
str = Replace(list(k), ",", ", Subnet Mask:")
else
str = list(k)
end if
WScript.Echo vbTab & str
next
else
WScript.Echo "List empty"
end if
End Sub Function Quit (strMsg)
if bAlreadyBind then
objDsIpSec.ReleaseBinding
WScript.echo "Release Binding"
end if
WScript.Echo "Quitting: " & strMsg
WScript.Quit 1
End Function REM ================================================================================================
REM Function:
REM CheckErr -- checks err status, reports err
REM
REM Arguments:
REM none -- Err is vbscript builtin IErrorInfo
REM
REM ================================================================================================
Function CheckErr(strDesc)
If Err.Number <> 0 Then
WScript.Echo "Failed Script " & strDesc & " 0x" & Hex(Err.Number)
If(Len(Err.Description) > 0) Then
WScript.Echo "Err.Description: " & Err.Description
End If
Quit "Error - " + strDesc
End If
End Function | 
發表文章
0 意見:
張貼留言