archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-server-2003/admin/snapin/certmgr/componentdatarsop.cpp

631 lines
24 KiB
Raw Permalink Normal View History

commiting as it is
4 years ago
  1. //+---------------------------------------------------------------------------
  2. /////////////////////////////////////////////////////////////////////////////////
  3. //
  4. // Microsoft Windows
  5. // Copyright (C) Microsoft Corporation, 1997-2002.
  6. //
  7. // File: ComponentDataRSOP.cpp
  8. //
  9. // Contents: Implementation of RSOP portions CCertMgrComponentData
  10. //
  11. //----------------------------------------------------------------------------
  13. #include "stdafx.h"
  15. #include <gpedit.h>
  16. #include "compdata.h"
  17. #include "dataobj.h"
  18. #include "cookie.h"
  19. #include "Certifct.h"
  20. #pragma warning(push, 3)
  21. #include <wintrust.h>
  22. #include <cryptui.h>
  23. #include <sceattch.h>
  24. #pragma warning(pop)
  25. #include "StoreRSOP.h"
  27. #ifdef _DEBUG
  28. #ifndef ALPHA
  29. #define new DEBUG_NEW
  30. #endif
  31. #undef THIS_FILE
  32. static char THIS_FILE[] = __FILE__;
  33. #endif
  36. //
  37. // CCertMgrComponentData
  38. //
  41. HRESULT CCertMgrComponentData::BuildWMIList (LPDATAOBJECT pDataObject, bool bIsComputer)
  42. {
  43. _TRACE (1, L"Entering CCertMgrComponentData::BuildWMIList (%s)\n", bIsComputer ? L"computer" : L"user");
  44. HRESULT hr = S_OK;
  46. #if DBG
  47. if ( bIsComputer )
  48. {
  49. _TRACE (0, L"m_rsopObjectArrayComputer contains %d objects\n",
  50. m_rsopObjectArrayComputer.GetUpperBound ());
  51. }
  52. else
  53. {
  54. _TRACE (0, L"m_rsopObjectArrayUser contains %d objects\n",
  55. m_rsopObjectArrayUser.GetUpperBound ());
  56. }
  57. #endif
  58. int nIndex = 0;
  59. if ( bIsComputer )
  60. {
  61. INT_PTR nUpperBound = m_rsopObjectArrayComputer.GetUpperBound ();
  62. while ( nUpperBound >= nIndex )
  63. {
  64. CRSOPObject* pCurrObject = m_rsopObjectArrayComputer.GetAt (nIndex);
  65. if ( pCurrObject )
  66. {
  67. delete pCurrObject;
  68. }
  69. nIndex++;
  70. }
  71. m_rsopObjectArrayComputer.RemoveAll ();
  72. }
  73. else
  74. {
  75. INT_PTR nUpperBound = m_rsopObjectArrayUser.GetUpperBound ();
  76. while ( nUpperBound >= nIndex )
  77. {
  78. CRSOPObject* pCurrObject = m_rsopObjectArrayUser.GetAt (nIndex);
  79. if ( pCurrObject )
  80. {
  81. delete pCurrObject;
  82. }
  83. nIndex++;
  84. }
  85. m_rsopObjectArrayUser.RemoveAll ();
  86. }
  88. if ( ((bIsComputer && !m_pRSOPInformationComputer) ||
  89. (!bIsComputer && !m_pRSOPInformationUser) )
  90. && pDataObject )
  91. {
  92. IUnknown* pIUnknown = 0;
  94. hr = ExtractData (pDataObject,
  95. CCertMgrDataObject::m_CFSCE_RSOPUnknown,
  96. &pIUnknown, sizeof (IUnknown*));
  97. ASSERT (SUCCEEDED (hr));
  98. if ( SUCCEEDED (hr) )
  99. {
  100. if ( bIsComputer )
  101. {
  102. hr = pIUnknown->QueryInterface (
  103. IID_PPV_ARG (IRSOPInformation, &m_pRSOPInformationComputer));
  104. }
  105. else
  106. {
  107. hr = pIUnknown->QueryInterface (
  108. IID_PPV_ARG (IRSOPInformation, &m_pRSOPInformationUser));
  109. }
  110. ASSERT (SUCCEEDED (hr));
  111. if ( SUCCEEDED (hr) )
  112. {
  113. if ( bIsComputer )
  114. {
  115. hr = m_pRSOPInformationComputer->GetFlags (&m_dwRSOPFlagsComputer);
  116. }
  117. else
  118. {
  119. hr = m_pRSOPInformationUser->GetFlags (&m_dwRSOPFlagsUser);
  120. }
  121. ASSERT (SUCCEEDED (hr));
  123. int cchMaxLength = 512;
  124. LPOLESTR pszNameSpace = (LPOLESTR) LocalAlloc (LPTR, cchMaxLength * sizeof (WCHAR));
  125. if ( pszNameSpace )
  126. {
  127. DWORD dwSection = 0;
  129. switch (m_dwSCEMode)
  130. {
  131. case SCE_MODE_LOCAL_USER:
  132. case SCE_MODE_DOMAIN_USER:
  133. case SCE_MODE_OU_USER:
  134. case SCE_MODE_REMOTE_USER:
  135. case SCE_MODE_RSOP_USER:
  136. dwSection = GPO_SECTION_USER;
  137. break;
  139. case SCE_MODE_LOCAL_COMPUTER:
  140. case SCE_MODE_DOMAIN_COMPUTER:
  141. case SCE_MODE_OU_COMPUTER:
  142. case SCE_MODE_RSOP_COMPUTER:
  143. case SCE_MODE_REMOTE_COMPUTER:
  144. dwSection = GPO_SECTION_MACHINE;
  145. break;
  147. default:
  148. ASSERT (0);
  149. return E_UNEXPECTED;
  150. }
  151. if ( bIsComputer )
  152. {
  153. hr = m_pRSOPInformationComputer->GetNamespace (
  154. dwSection,
  155. pszNameSpace,
  156. cchMaxLength);
  157. }
  158. else
  159. {
  160. hr = m_pRSOPInformationUser->GetNamespace (
  161. dwSection,
  162. pszNameSpace,
  163. cchMaxLength);
  164. }
  165. if ( SUCCEEDED (hr) )
  166. {
  167. IWbemLocator *pIWbemLocator = 0;
  168. // ISSUE
  169. // NTRAID 544154 TRACKING: PKP GrpPol: Verify that WMI communication with the store can be secured
  170. hr = ::CoCreateInstance (CLSID_WbemLocator,
  171. NULL,
  172. CLSCTX_INPROC_SERVER,
  173. IID_PPV_ARG(IWbemLocator, &pIWbemLocator));
  174. if ( SUCCEEDED (hr) )
  175. {
  176. BSTR bstrNameSpace = SysAllocString (pszNameSpace);
  177. if ( bstrNameSpace )
  178. {
  179. if ( bIsComputer )
  180. {
  181. hr = pIWbemLocator->ConnectServer (bstrNameSpace,
  182. NULL, NULL, 0, 0, NULL, NULL,
  183. &m_pIWbemServicesComputer);
  184. }
  185. else
  186. {
  187. hr = pIWbemLocator->ConnectServer (bstrNameSpace,
  188. NULL, NULL, 0, 0, NULL, NULL,
  189. &m_pIWbemServicesUser);
  190. }
  191. if ( FAILED (hr) )
  192. {
  193. _TRACE (0, L"IWbemLocator::ConnectServer (%s) failed: 0x%x(%s)\n",
  194. bstrNameSpace, hr, (PCWSTR) GetSystemMessage (hr));
  195. }
  196. SysFreeString (bstrNameSpace);
  197. }
  198. else
  199. hr = E_OUTOFMEMORY;
  200. pIWbemLocator->Release ();
  201. }
  202. }
  203. LocalFree (pszNameSpace);
  204. }
  205. else
  206. hr = E_OUTOFMEMORY;
  207. }
  208. }
  209. }
  211. if ( SUCCEEDED (hr) && ((bIsComputer && m_pIWbemServicesComputer) ||
  212. (!bIsComputer && m_pIWbemServicesUser)) )
  213. {
  214. IEnumWbemClassObject * pEnum = 0;
  215. IWbemClassObject *pObject = 0;
  216. ULONG ulRet = 0;
  219. //
  220. // Execute the query
  221. //
  222. if ( bIsComputer )
  223. {
  224. hr = m_pIWbemServicesComputer->ExecQuery (m_pbstrLanguage, m_pbstrQuery,
  225. WBEM_FLAG_FORWARD_ONLY | WBEM_FLAG_RETURN_IMMEDIATELY,
  226. NULL, &pEnum);
  227. }
  228. else
  229. {
  230. hr = m_pIWbemServicesUser->ExecQuery (m_pbstrLanguage, m_pbstrQuery,
  231. WBEM_FLAG_FORWARD_ONLY | WBEM_FLAG_RETURN_IMMEDIATELY,
  232. NULL, &pEnum);
  233. }
  234. if ( SUCCEEDED (hr) )
  235. {
  236. //
  237. // Loop through the results retrieving the registry key and value names
  238. //
  239. while ( (hr = pEnum->Next(WBEM_INFINITE, 1, &pObject, &ulRet)) == WBEM_S_NO_ERROR )
  240. {
  241. hr = GetValuesAndInsertInRSOPObjectList (pObject,
  242. bIsComputer ? m_rsopObjectArrayComputer : m_rsopObjectArrayUser,
  243. bIsComputer);
  245. pObject->Release ();
  247. if ( FAILED (hr) )
  248. break;
  249. }
  251. pEnum->Release();
  253. #if DBG
  254. int nSpewIndex = 0;
  255. INT_PTR nUpperBound = 0;
  257. if ( bIsComputer )
  258. nUpperBound = m_rsopObjectArrayComputer.GetUpperBound ();
  259. else
  260. nUpperBound = m_rsopObjectArrayUser.GetUpperBound ();
  262. while ( nUpperBound >= nSpewIndex )
  263. {
  264. CRSOPObject* pCurrObject = 0;
  265. if ( bIsComputer )
  266. pCurrObject = m_rsopObjectArrayComputer.GetAt (nSpewIndex);
  267. else
  268. pCurrObject = m_rsopObjectArrayUser.GetAt (nSpewIndex);
  269. if ( !pCurrObject )
  270. break;
  271. _TRACE (0, L"\t%d\t%s\t%s\t%s\n", pCurrObject->GetPrecedence (),
  272. (PCWSTR) pCurrObject->GetRegistryKey (),
  273. (PCWSTR) pCurrObject->GetValueName (),
  274. (PCWSTR) pCurrObject->GetPolicyName ());
  275. nSpewIndex++;
  276. }
  277. #endif
  278. }
  279. }
  281. _TRACE (-1, L"Leaving CCertMgrComponentData::BuildWMIList (): 0x%x\n", hr);
  282. return hr;
  283. }
  285. HRESULT CCertMgrComponentData::GetValuesAndInsertInRSOPObjectList (
  286. IWbemClassObject* pObject,
  287. CRSOPObjectArray& rRsopObjectArray,
  288. bool bIsComputer)
  289. {
  290. HRESULT hr = S_OK;
  292. if ( !pObject )
  293. return E_POINTER;
  295. //
  296. // Check if the allocations succeeded
  297. //
  299. if ( m_pbstrLanguage && m_pbstrQuery && m_pbstrRegistryKey &&
  300. m_pbstrValueName && m_pbstrValue &&
  301. m_pbstrPrecedence && m_pbstrGPOid )
  302. {
  303. COleVariant varRegistryKey;
  304. COleVariant varValueName;
  305. COleVariant varValue;
  306. COleVariant varPrecedence;
  307. COleVariant varGPOid;
  308. hr = pObject->Get (m_pbstrRegistryKey, 0, &varRegistryKey, NULL, NULL);
  309. if (SUCCEEDED(hr))
  310. {
  311. hr = pObject->Get (m_pbstrValueName, 0, &varValueName, NULL, NULL);
  312. if (SUCCEEDED(hr))
  313. {
  314. hr = pObject->Get (m_pbstrValue, 0, &varValue, NULL, NULL);
  315. if (SUCCEEDED(hr))
  316. {
  317. //#ifndef DBG
  318. // only include objects that have a value name
  319. if ( varValueName.bstrVal[0] )
  320. //#endif
  321. {
  322. //#ifndef DBG
  323. // Only include those objects that are in the system store registry
  324. // path or in the cryptography\autoenrollment path
  325. if ( FoundInRSOPFilter (varRegistryKey.bstrVal) )
  326. //#endif
  327. {
  328. hr = pObject->Get (m_pbstrPrecedence, 0, &varPrecedence, NULL, NULL);
  329. if (SUCCEEDED(hr))
  330. {
  331. hr = pObject->Get (m_pbstrGPOid, 0, &varGPOid, NULL, NULL);
  332. if (SUCCEEDED(hr))
  333. {
  334. PWSTR lpGPOName = 0;
  336. hr = GetGPOFriendlyName (
  337. varGPOid.bstrVal,
  338. &lpGPOName,
  339. bIsComputer);
  341. if (SUCCEEDED(hr))
  342. {
  344. CRSOPObject* pRSOPObject = new CRSOPObject (
  345. varRegistryKey.bstrVal,
  346. varValueName.bstrVal,
  347. lpGPOName,
  348. varPrecedence.uintVal,
  349. varValue,
  350. varGPOid.bstrVal);
  351. if ( pRSOPObject )
  352. {
  353. CRSOPObject* pCurrObject = 0;
  354. int nIndex = 0;
  355. bool bInserted = false;
  356. INT_PTR nUpperBound = rRsopObjectArray.GetUpperBound ();
  358. while ( nUpperBound >= nIndex )
  359. {
  360. pCurrObject = rRsopObjectArray.GetAt (nIndex);
  361. if ( !pCurrObject )
  362. break;
  364. // Sort first by registry key name,
  365. // then by value name, then by
  366. // precedence
  367. // security review 2/22/2002 BryanWal ok
  368. int nCmpVal = wcscmp (pCurrObject->GetRegistryKey (),
  369. pRSOPObject->GetRegistryKey ());
  370. if ( nCmpVal > 0 )
  371. {
  372. rRsopObjectArray.InsertAt (nIndex, pRSOPObject);
  373. bInserted = true;
  374. break;
  375. }
  376. else if ( nCmpVal == 0 )
  377. {
  378. // Sort by value name
  379. // security review 2/22/2002 BryanWal ok
  380. nCmpVal = wcscmp (pCurrObject->GetValueName (),
  381. pRSOPObject->GetValueName ());
  382. if ( nCmpVal > 0 )
  383. {
  384. rRsopObjectArray.InsertAt (nIndex, pRSOPObject);
  385. bInserted = true;
  386. break;
  387. }
  388. else if ( nCmpVal == 0 )
  389. {
  390. // Sort by precedence
  391. if ( pCurrObject->GetPrecedence () >
  392. pRSOPObject->GetPrecedence () )
  393. {
  394. rRsopObjectArray.InsertAt (nIndex, pRSOPObject);
  395. bInserted = true;
  396. break;
  397. }
  398. else if ( pCurrObject->GetPrecedence () ==
  399. pRSOPObject->GetPrecedence () )
  400. {
  401. // The registry key, value name and precedence
  402. // are the same - this is a duplicate. Pretend
  403. // we've added it and move on.
  404. bInserted = true;
  405. break;
  406. }
  407. }
  408. }
  409. nIndex++;
  410. }
  411. if ( !bInserted )
  412. rRsopObjectArray.Add (pRSOPObject);
  413. }
  415. LocalFree (lpGPOName);
  416. }
  417. varGPOid.Clear ();
  418. }
  420. varPrecedence.Clear ();
  421. }
  422. }
  423. }
  424. varValue.Clear ();
  425. }
  427. varValueName.Clear ();
  428. }
  430. varRegistryKey.Clear ();
  431. }
  432. }
  433. else
  434. hr = E_OUTOFMEMORY;
  436. return hr;
  437. }
  440. HRESULT CCertMgrComponentData::GetGPOFriendlyName (PCWSTR pwszOID, PWSTR *ppwszGPOName, bool bIsComputer)
  441. {
  442. ASSERT (pwszOID);
  443. if ( !pwszOID )
  444. return E_POINTER;
  446. ASSERT (ppwszGPOName);
  447. if ( !ppwszGPOName )
  448. return E_POINTER;
  451. HRESULT hr = S_OK;
  453. //
  454. // Set the default
  455. //
  457. *ppwszGPOName = NULL;
  460. //
  461. // Build the query
  462. //
  463. PCWSTR pwszQueryFormat = L"SELECT name, id FROM RSOP_GPO where id=\"%s\"";
  464. // security review 2/22/2002 BryanWal ok
  465. PWSTR pwszQuery = (PWSTR) ::LocalAlloc (LPTR, ((wcslen(pwszOID) + wcslen (pwszQueryFormat) + 1) * sizeof(WCHAR)));
  466. if ( pwszQuery )
  467. {
  468. // security review 2/22/2002 BryanWal ok
  469. wsprintf (pwszQuery, pwszQueryFormat, pwszOID);
  472. BSTR bstrQuery = SysAllocString (pwszQuery);
  473. if (bstrQuery)
  474. {
  475. //
  476. // Allocate BSTRs for the property names we want to retreive
  477. //
  479. BSTR bstrName = SysAllocString (TEXT("name"));
  480. if (bstrName)
  481. {
  482. //
  483. // Execute the query
  484. //
  486. IEnumWbemClassObject* pEnum = 0;
  487. if ( bIsComputer )
  488. {
  489. hr = m_pIWbemServicesComputer->ExecQuery (m_pbstrLanguage, bstrQuery,
  490. WBEM_FLAG_FORWARD_ONLY | WBEM_FLAG_RETURN_IMMEDIATELY,
  491. NULL, &pEnum);
  492. }
  493. else
  494. {
  495. hr = m_pIWbemServicesUser->ExecQuery (m_pbstrLanguage, bstrQuery,
  496. WBEM_FLAG_FORWARD_ONLY | WBEM_FLAG_RETURN_IMMEDIATELY,
  497. NULL, &pEnum);
  498. }
  501. if ( SUCCEEDED (hr) )
  502. {
  503. //
  504. // Loop through the results
  505. //
  506. IWbemClassObject* pObjects[2] = {0, 0};
  507. ULONG ulRet = 0;
  508. hr = pEnum->Next(WBEM_INFINITE, 1, pObjects, &ulRet);
  509. if ( SUCCEEDED (hr) )
  510. {
  511. //
  512. // Check for the "data not available case"
  513. //
  515. if (ulRet != 0)
  516. {
  517. //
  518. // Get the name
  519. //
  520. VARIANT varGPOName;
  521. hr = pObjects[0]->Get (bstrName, 0, &varGPOName, NULL, NULL);
  522. if ( SUCCEEDED (hr) )
  523. {
  524. //
  525. // Save the name
  526. //
  528. // security review 2/22/2002 BryanWal ok
  529. *ppwszGPOName = (PWSTR) ::LocalAlloc (LPTR, (wcslen (varGPOName.bstrVal) + 1) * sizeof(WCHAR));
  531. if ( *ppwszGPOName )
  532. {
  533. // security review 2/22/2002 BryanWal ok
  534. wcscpy (*ppwszGPOName, varGPOName.bstrVal);
  536. VariantClear (&varGPOName);
  538. hr = S_OK;
  539. }
  540. else
  541. {
  542. _TRACE (0, L"CCertMgrComponentData::GetGPOFriendlyName: Failed to allocate memory for GPO Name");
  543. hr = E_OUTOFMEMORY;
  544. }
  545. }
  546. else
  547. {
  548. _TRACE (0, L"CCertMgrComponentData::GetGPOFriendlyName: Failed to get gponame in query results for %s with 0x%x\n",
  549. bstrQuery, hr);
  550. }
  551. }
  552. }
  553. else
  554. {
  555. _TRACE (0, L"CCertMgrComponentData::GetGPOFriendlyName: Failed to get first item in query results for %s with 0x%x\n",
  556. bstrQuery, hr);
  557. }
  559. pEnum->Release ();
  560. }
  561. else
  562. {
  563. _TRACE (0, L"CCertMgrComponentData::GetGPOFriendlyName: Failed to query for %s with 0x%x\n",
  564. bstrQuery, hr);
  565. }
  567. SysFreeString (bstrName);
  568. }
  569. else
  570. {
  571. _TRACE (0, L"CCertMgrComponentData::GetGPOFriendlyName: Failed to allocate memory for name");
  572. hr = HRESULT_FROM_WIN32(ERROR_OUTOFMEMORY);
  573. }
  575. SysFreeString (bstrQuery);
  576. }
  577. else
  578. {
  579. _TRACE (0, L"CCertMgrComponentData::GetGPOFriendlyName: Failed to allocate memory for query");
  580. hr = E_OUTOFMEMORY;
  581. }
  582. ::LocalFree (pwszQuery);
  583. }
  584. else
  585. {
  586. _TRACE (0, L"CCertMgrComponentData::GetGPOFriendlyName: Failed to allocate memory for unicode query");
  587. hr = E_OUTOFMEMORY;
  588. }
  590. return hr;
  591. }
  596. ///////////////////////////////////////////////////////////////////////////////
  597. ///////////////////////////////////////////////////////////////////////////////
  598. bool CCertMgrPKPolExtension::FoundInRSOPFilter (BSTR bstrKey) const
  599. {
  600. ASSERT (bstrKey);
  601. if ( !bstrKey )
  602. return false;
  604. // security review 2/22/2002 BryanWal ok for all
  605. static size_t nRegPathLen = wcslen (CERT_GROUP_POLICY_SYSTEM_STORE_REGPATH);
  606. static size_t nTrustedPublisherKeyLen =
  607. wcslen (CERT_TRUST_PUB_SAFER_GROUP_POLICY_TRUSTED_PUBLISHER_STORE_REGPATH);
  608. static size_t nDisallowedKeyLen =
  609. wcslen (CERT_TRUST_PUB_SAFER_GROUP_POLICY_DISALLOWED_STORE_REGPATH);
  610. static size_t nSaferKeyLen = wcslen (SAFER_HKLM_REGBASE);
  611. static size_t nEFSKeyLen = wcslen (EFS_SETTINGS_REGPATH);
  614. //Include group policy system stores but not trusted publisher or disallowed
  615. // security review 2/22/2002 BryanWal ok for all
  616. if ( !_wcsnicmp (CERT_GROUP_POLICY_SYSTEM_STORE_REGPATH, bstrKey, nRegPathLen) &&
  617. (_wcsnicmp (CERT_TRUST_PUB_SAFER_GROUP_POLICY_TRUSTED_PUBLISHER_STORE_REGPATH,
  618. bstrKey, nTrustedPublisherKeyLen) &&
  619. _wcsnicmp (CERT_TRUST_PUB_SAFER_GROUP_POLICY_DISALLOWED_STORE_REGPATH,
  620. bstrKey, nDisallowedKeyLen)) )
  621. {
  622. return true;
  623. }
  624. else if ( !_wcsnicmp (SAFER_HKLM_REGBASE, bstrKey, nSaferKeyLen) ||
  625. !_wcsnicmp (EFS_SETTINGS_REGPATH, bstrKey, nEFSKeyLen) ||
  626. !_wcsicmp (AUTO_ENROLLMENT_KEY, bstrKey) )
  627. {
  628. return true;
  629. }
  630. else
  631. return false;
  632. }