archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
4.9 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-server-2003/admin/snapin/certmgr/safertrustedpublishersprope...

358 lines
13 KiB
Raw Permalink Normal View History

commiting as it is
4 years ago
  1. //+---------------------------------------------------------------------------
  2. //
  3. // Microsoft Windows
  4. // Copyright (C) Microsoft Corporation, 2000-2002.
  5. //
  6. // File: SaferTrustedPublishersPropertyPage.h
  7. //
  8. // Contents: Declaration of CSaferTrustedPublishersPropertyPage
  9. //
  10. //----------------------------------------------------------------------------
  11. // SaferTrustedPublishersPropertyPage.cpp : implementation file
  12. //
  14. #include "stdafx.h"
  15. #include "certmgr.h"
  16. #include <gpedit.h>
  17. #include "compdata.h"
  18. #include "SaferTrustedPublishersPropertyPage.h"
  20. #ifdef _DEBUG
  21. #define new DEBUG_NEW
  22. #undef THIS_FILE
  23. static char THIS_FILE[] = __FILE__;
  24. #endif
  26. extern GUID g_guidExtension;
  27. extern GUID g_guidRegExt;
  28. extern GUID g_guidSnapin;
  30. /////////////////////////////////////////////////////////////////////////////
  31. // CSaferTrustedPublishersPropertyPage property page
  33. CSaferTrustedPublishersPropertyPage::CSaferTrustedPublishersPropertyPage(
  34. bool fIsMachineType, IGPEInformation* pGPEInformation,
  35. CCertMgrComponentData* pCompData)
  36. : CHelpPropertyPage(CSaferTrustedPublishersPropertyPage::IDD),
  37. m_pGPEInformation (pGPEInformation),
  38. m_hGroupPolicyKey (0),
  39. m_dwTrustedPublisherFlags (0),
  40. m_fIsComputerType (fIsMachineType),
  41. m_bRSOPValueFound (false),
  42. m_pCompData (pCompData)
  43. {
  44. // NTRAID# 263969 Safer Windows: "Enterprise Administrators" radio
  45. // button should be disabled on Trusted Publishers property sheet for
  46. // computers in workgroups.
  47. ASSERT (m_pCompData);
  48. if ( m_pCompData )
  49. {
  50. m_pCompData->AddRef ();
  51. m_pCompData->IncrementOpenSaferPageCount ();
  52. }
  54. if ( m_pGPEInformation )
  55. {
  56. m_pGPEInformation->AddRef ();
  57. HRESULT hResult = m_pGPEInformation->GetRegistryKey (
  58. m_fIsComputerType ? GPO_SECTION_MACHINE : GPO_SECTION_USER,
  59. &m_hGroupPolicyKey);
  60. ASSERT (SUCCEEDED (hResult));
  61. if ( SUCCEEDED (hResult) )
  62. GetTrustedPublisherFlags ();
  63. }
  64. else
  65. RSOPGetTrustedPublisherFlags (pCompData);
  67. //{{AFX_DATA_INIT(CSaferTrustedPublishersPropertyPage)
  68. // NOTE: the ClassWizard will add member initialization here
  69. //}}AFX_DATA_INIT
  70. }
  72. CSaferTrustedPublishersPropertyPage::~CSaferTrustedPublishersPropertyPage()
  73. {
  74. if ( m_hGroupPolicyKey )
  75. RegCloseKey (m_hGroupPolicyKey);
  77. if ( m_pGPEInformation )
  78. {
  79. m_pGPEInformation->Release ();
  80. }
  82. if ( m_pCompData )
  83. {
  84. m_pCompData->DecrementOpenSaferPageCount ();
  85. m_pCompData->Release ();
  86. m_pCompData = 0;
  87. }
  88. }
  90. void CSaferTrustedPublishersPropertyPage::DoDataExchange(CDataExchange* pDX)
  91. {
  92. CHelpPropertyPage::DoDataExchange(pDX);
  93. //{{AFX_DATA_MAP(CSaferTrustedPublishersPropertyPage)
  94. // NOTE: the ClassWizard will add DDX and DDV calls here
  95. //}}AFX_DATA_MAP
  96. }
  99. BEGIN_MESSAGE_MAP(CSaferTrustedPublishersPropertyPage, CHelpPropertyPage)
  100. //{{AFX_MSG_MAP(CSaferTrustedPublishersPropertyPage)
  101. ON_BN_CLICKED(IDC_TP_BY_END_USER, OnTpByEndUser)
  102. ON_BN_CLICKED(IDC_TP_BY_LOCAL_COMPUTER_ADMIN, OnTpByLocalComputerAdmin)
  103. ON_BN_CLICKED(IDC_TP_BY_ENTERPRISE_ADMIN, OnTpByEnterpriseAdmin)
  104. ON_BN_CLICKED(IDC_TP_REV_CHECK_PUBLISHER, OnTpRevCheckPublisher)
  105. ON_BN_CLICKED(IDC_TP_REV_CHECK_TIMESTAMP, OnTpRevCheckTimestamp)
  106. //}}AFX_MSG_MAP
  107. END_MESSAGE_MAP()
  109. /////////////////////////////////////////////////////////////////////////////
  110. // CSaferTrustedPublishersPropertyPage message handlers
  111. void CSaferTrustedPublishersPropertyPage::DoContextHelp (HWND hWndControl)
  112. {
  113. _TRACE (1, L"Entering CSaferTrustedPublishersPropertyPage::DoContextHelp\n");
  114. static const DWORD help_map[] =
  115. {
  116. IDC_TP_BY_END_USER, IDH_TP_BY_END_USER,
  117. IDC_TP_BY_LOCAL_COMPUTER_ADMIN, IDH_TP_BY_LOCAL_COMPUTER_ADMIN,
  118. IDC_TP_BY_ENTERPRISE_ADMIN, IDH_TP_BY_ENTERPRISE_ADMIN,
  119. IDC_TP_REV_CHECK_PUBLISHER, IDH_TP_REV_CHECK_PUBLISHER,
  120. IDC_TP_REV_CHECK_TIMESTAMP, IDH_TP_REV_CHECK_TIMESTAMP,
  121. 0, 0
  122. };
  123. switch (::GetDlgCtrlID (hWndControl))
  124. {
  125. case IDC_TP_BY_END_USER:
  126. case IDC_TP_BY_LOCAL_COMPUTER_ADMIN:
  127. case IDC_TP_BY_ENTERPRISE_ADMIN:
  128. case IDC_TP_REV_CHECK_PUBLISHER:
  129. case IDC_TP_REV_CHECK_TIMESTAMP:
  130. if ( !::WinHelp (
  131. hWndControl,
  132. GetF1HelpFilename(),
  133. HELP_WM_HELP,
  134. (DWORD_PTR) help_map) )
  135. {
  136. _TRACE (0, L"WinHelp () failed: 0x%x\n", GetLastError ());
  137. }
  138. break;
  140. default:
  141. break;
  142. }
  143. _TRACE (-1, L"Leaving CSaferTrustedPublishersPropertyPage::DoContextHelp\n");
  144. }
  147. BOOL CSaferTrustedPublishersPropertyPage::OnInitDialog()
  148. {
  149. CHelpPropertyPage::OnInitDialog();
  151. if ( m_dwTrustedPublisherFlags & CERT_TRUST_PUB_CHECK_PUBLISHER_REV_FLAG )
  152. SendDlgItemMessage (IDC_TP_REV_CHECK_PUBLISHER, BM_SETCHECK, BST_CHECKED);
  154. if ( m_dwTrustedPublisherFlags & CERT_TRUST_PUB_CHECK_TIMESTAMP_REV_FLAG )
  155. SendDlgItemMessage (IDC_TP_REV_CHECK_TIMESTAMP, BM_SETCHECK, BST_CHECKED);
  157. if ( m_dwTrustedPublisherFlags & CERT_TRUST_PUB_ALLOW_ENTERPRISE_ADMIN_TRUST )
  158. SendDlgItemMessage (IDC_TP_BY_ENTERPRISE_ADMIN, BM_SETCHECK, BST_CHECKED);
  159. else if ( m_dwTrustedPublisherFlags & CERT_TRUST_PUB_ALLOW_MACHINE_ADMIN_TRUST )
  160. SendDlgItemMessage (IDC_TP_BY_LOCAL_COMPUTER_ADMIN, BM_SETCHECK, BST_CHECKED);
  161. else
  162. SendDlgItemMessage (IDC_TP_BY_END_USER, BM_SETCHECK, BST_CHECKED);
  164. if ( !m_pGPEInformation )
  165. {
  166. // Is RSOP
  167. GetDlgItem (IDC_TP_REV_CHECK_PUBLISHER)->EnableWindow (FALSE);
  168. GetDlgItem (IDC_TP_REV_CHECK_TIMESTAMP)->EnableWindow (FALSE);
  169. GetDlgItem (IDC_TP_BY_ENTERPRISE_ADMIN)->EnableWindow (FALSE);
  170. GetDlgItem (IDC_TP_BY_LOCAL_COMPUTER_ADMIN)->EnableWindow (FALSE);
  171. GetDlgItem (IDC_TP_BY_END_USER)->EnableWindow (FALSE);
  172. }
  174. // NTRAID# 263969 Safer Windows: "Enterprise Administrators" radio
  175. // button should be disabled on Trusted Publishers property sheet for
  176. // computers in workgroups.
  177. if ( m_pCompData->ComputerIsStandAlone () )
  178. GetDlgItem (IDC_TP_BY_ENTERPRISE_ADMIN)->EnableWindow (FALSE);
  180. return TRUE; // return TRUE unless you set the focus to a control
  181. // EXCEPTION: OCX Property Pages should return FALSE
  182. }
  184. void CSaferTrustedPublishersPropertyPage::GetTrustedPublisherFlags()
  185. {
  186. DWORD dwDisposition = 0;
  188. HKEY hKey = 0;
  189. LONG lResult = ::RegCreateKeyEx (m_hGroupPolicyKey, // handle of an open key
  190. CERT_TRUST_PUB_SAFER_GROUP_POLICY_REGPATH, // address of subkey name
  191. 0, // reserved
  192. L"", // address of class string
  193. REG_OPTION_NON_VOLATILE, // special options flag
  194. // security review 2/25/2002 BryanWal ok
  195. KEY_QUERY_VALUE, // desired security access
  196. NULL, // address of key security structure
  197. &hKey, // address of buffer for opened handle
  198. &dwDisposition); // address of disposition value buffer
  199. ASSERT (lResult == ERROR_SUCCESS);
  200. if ( lResult == ERROR_SUCCESS )
  201. {
  202. // Read value
  203. DWORD dwType = REG_DWORD;
  204. DWORD dwData = 0;
  205. DWORD cbData = sizeof (dwData);
  207. // security review 2/25/2002 BryanWal ok
  208. lResult = ::RegQueryValueEx (hKey, // handle of key to query
  209. CERT_TRUST_PUB_AUTHENTICODE_FLAGS_VALUE_NAME, // address of name of value to query
  210. 0, // reserved
  211. &dwType, // address of buffer for value type
  212. (LPBYTE) &dwData, // address of data buffer
  213. &cbData); // address of data buffer size);
  214. ASSERT (ERROR_SUCCESS == lResult || ERROR_FILE_NOT_FOUND == lResult);
  215. if ( ERROR_SUCCESS == lResult || ERROR_FILE_NOT_FOUND == lResult )
  216. {
  217. if ( REG_DWORD == dwType )
  218. m_dwTrustedPublisherFlags = dwData;
  219. }
  220. else
  221. DisplaySystemError (m_hWnd, lResult);
  223. RegCloseKey (hKey);
  224. }
  225. else
  226. DisplaySystemError (m_hWnd, lResult);
  227. }
  229. void CSaferTrustedPublishersPropertyPage::OnTpByEndUser()
  230. {
  231. if ( m_dwTrustedPublisherFlags &
  232. (CERT_TRUST_PUB_ALLOW_MACHINE_ADMIN_TRUST |
  233. CERT_TRUST_PUB_ALLOW_ENTERPRISE_ADMIN_TRUST) )
  234. {
  235. m_dwTrustedPublisherFlags = 0;
  236. SetModified ();
  237. }
  238. }
  240. void CSaferTrustedPublishersPropertyPage::OnTpByLocalComputerAdmin()
  241. {
  242. if ( !(m_dwTrustedPublisherFlags & CERT_TRUST_PUB_ALLOW_MACHINE_ADMIN_TRUST) )
  243. {
  244. m_dwTrustedPublisherFlags = CERT_TRUST_PUB_ALLOW_MACHINE_ADMIN_TRUST;
  245. SetModified ();
  246. }
  247. }
  249. void CSaferTrustedPublishersPropertyPage::OnTpByEnterpriseAdmin()
  250. {
  251. if ( !(m_dwTrustedPublisherFlags & CERT_TRUST_PUB_ALLOW_ENTERPRISE_ADMIN_TRUST) )
  252. {
  253. m_dwTrustedPublisherFlags = CERT_TRUST_PUB_ALLOW_ENTERPRISE_ADMIN_TRUST;
  254. SetModified ();
  255. }
  256. }
  258. void CSaferTrustedPublishersPropertyPage::OnTpRevCheckPublisher()
  259. {
  260. SetModified ();
  261. }
  263. void CSaferTrustedPublishersPropertyPage::OnTpRevCheckTimestamp()
  264. {
  265. SetModified ();
  266. }
  268. BOOL CSaferTrustedPublishersPropertyPage::OnApply()
  269. {
  270. if ( m_pGPEInformation )
  271. {
  272. DWORD dwFlags = 0;
  274. if ( BST_CHECKED == SendDlgItemMessage (IDC_TP_REV_CHECK_PUBLISHER, BM_GETCHECK) )
  275. dwFlags |= CERT_TRUST_PUB_CHECK_PUBLISHER_REV_FLAG;
  277. if ( BST_CHECKED == SendDlgItemMessage (IDC_TP_REV_CHECK_TIMESTAMP, BM_GETCHECK) )
  278. dwFlags |= CERT_TRUST_PUB_CHECK_TIMESTAMP_REV_FLAG;
  280. if ( BST_CHECKED == SendDlgItemMessage (IDC_TP_BY_ENTERPRISE_ADMIN, BM_GETCHECK) )
  281. dwFlags |= CERT_TRUST_PUB_ALLOW_ENTERPRISE_ADMIN_TRUST;
  282. else if ( BST_CHECKED == SendDlgItemMessage (IDC_TP_BY_LOCAL_COMPUTER_ADMIN, BM_GETCHECK) )
  283. dwFlags |= CERT_TRUST_PUB_ALLOW_MACHINE_ADMIN_TRUST;
  284. else
  285. dwFlags |= CERT_TRUST_PUB_ALLOW_END_USER_TRUST;
  287. HKEY hKey = 0;
  288. DWORD dwDisposition = 0;
  289. LONG lResult = ::RegCreateKeyEx (m_hGroupPolicyKey, // handle of an open key
  290. CERT_TRUST_PUB_SAFER_GROUP_POLICY_REGPATH, // address of subkey name
  291. 0, // reserved
  292. L"", // address of class string
  293. REG_OPTION_NON_VOLATILE, // special options flag
  294. // security review 2/25/2002 BryanWal ok
  295. KEY_SET_VALUE, // desired security access
  296. NULL, // address of key security structure
  297. &hKey, // address of buffer for opened handle
  298. &dwDisposition); // address of disposition value buffer
  299. ASSERT (lResult == ERROR_SUCCESS);
  300. if ( lResult == ERROR_SUCCESS )
  301. {
  302. DWORD cbData = sizeof (dwFlags);
  303. lResult = ::RegSetValueEx (hKey,
  304. CERT_TRUST_PUB_AUTHENTICODE_FLAGS_VALUE_NAME, // address of value to set
  305. 0, // reserved
  306. REG_DWORD, // flag for value type
  307. (CONST BYTE *) &dwFlags, // address of value data
  308. cbData); // size of value data);
  309. ASSERT (ERROR_SUCCESS == lResult);
  310. if ( ERROR_SUCCESS == lResult )
  311. {
  312. // TRUE means we're changing the machine policy only
  313. m_pGPEInformation->PolicyChanged (m_fIsComputerType ? TRUE : FALSE,
  314. TRUE, &g_guidExtension, &g_guidSnapin);
  315. m_pGPEInformation->PolicyChanged (m_fIsComputerType ? TRUE : FALSE,
  316. TRUE, &g_guidRegExt, &g_guidSnapin);
  317. }
  318. else
  319. DisplaySystemError (m_hWnd, lResult);
  321. RegCloseKey (hKey);
  322. }
  323. }
  325. return CHelpPropertyPage::OnApply();
  326. }
  328. void CSaferTrustedPublishersPropertyPage::RSOPGetTrustedPublisherFlags(const CCertMgrComponentData* pCompData)
  329. {
  330. if ( pCompData )
  331. {
  332. int nIndex = 0;
  333. // NOTE: rsop object array is sorted first by registry key, then by precedence
  334. const CRSOPObjectArray* pObjectArray = m_fIsComputerType ?
  335. pCompData->GetRSOPObjectArrayComputer () : pCompData->GetRSOPObjectArrayUser ();
  336. INT_PTR nUpperBound = pObjectArray->GetUpperBound ();
  338. while ( nUpperBound >= nIndex )
  339. {
  340. CRSOPObject* pObject = pObjectArray->GetAt (nIndex);
  341. if ( pObject )
  342. {
  343. // security review 2/25/2002 BryanWal ok
  344. if ( !_wcsicmp (CERT_TRUST_PUB_SAFER_GROUP_POLICY_REGPATH, pObject->GetRegistryKey ()) &&
  345. !_wcsicmp (CERT_TRUST_PUB_AUTHENTICODE_FLAGS_VALUE_NAME, pObject->GetValueName ()) )
  346. {
  347. ASSERT (1 == pObject->GetPrecedence ());
  348. m_dwTrustedPublisherFlags = pObject->GetDWORDValue ();
  349. m_bRSOPValueFound = true;
  350. break;
  351. }
  352. }
  353. else
  354. break;
  356. nIndex++;
  357. }
  358. }
  359. }