archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
4.9 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-server-2003/admin/snapin/certmgr/storegpe.cpp

775 lines
28 KiB
Raw Permalink Normal View History

commiting as it is
4 years ago
  1. //+---------------------------------------------------------------------------
  2. //
  3. // Microsoft Windows
  4. // Copyright (C) Microsoft Corporation, 1997-2002.
  5. //
  6. // File: StoreGPE.cpp
  7. //
  8. // Contents: Implementation of CCertStoreGPE
  9. //
  10. //----------------------------------------------------------------------------
  11. #include "stdafx.h"
  12. #include <gpedit.h>
  13. #include "cookie.h"
  14. #include "storegpe.h"
  15. #include "certifct.h"
  17. USE_HANDLE_MACROS("CERTMGR(storegpe.cpp)")
  19. #ifdef _DEBUG
  20. #ifndef ALPHA
  21. #define new DEBUG_NEW
  22. #endif
  23. #undef THIS_FILE
  24. static char THIS_FILE[] = __FILE__;
  25. #endif
  27. GUID g_guidExtension = { 0xb1be8d72, 0x6eac, 0x11d2, {0xa4, 0xea, 0x00, 0xc0, 0x4f, 0x79, 0xf8, 0x3a }};
  28. GUID g_guidRegExt = REGISTRY_EXTENSION_GUID;
  29. GUID g_guidSnapin = CLSID_CertificateManager;
  31. ///////////////////////////////////////////////////////////////////////////////
  32. ///////////////////////////////////////////////////////////////////////////////
  33. HRESULT CCertStoreGPE::Commit ()
  34. {
  35. _TRACE (1, L"Entering CCertStoreGPE::Commit - %s\n",
  36. (LPCWSTR) m_pcszStoreName);
  37. ASSERT (CERTMGR_LOG_STORE_GPE == m_objecttype);
  38. HRESULT hr = S_OK;
  41. if ( GetStoreType () == EFS_STORE && !m_fIsNullEFSPolicy )
  42. {
  43. if ( SUCCEEDED (hr) )
  44. hr = WriteEFSBlobToRegistry ();
  45. }
  47. if ( SUCCEEDED (hr) && m_bDirty )
  48. {
  49. hr = CCertStore::Commit ();
  50. ASSERT (SUCCEEDED (hr));
  51. ASSERT (m_pGPEInformation);
  52. if ( SUCCEEDED (hr) && m_pGPEInformation )
  53. {
  54. hr = m_pGPEInformation->PolicyChanged (
  55. m_fIsComputerType ? TRUE : FALSE,
  56. m_bAddInCallToPolicyChanged, &g_guidExtension, &g_guidSnapin );
  57. hr = m_pGPEInformation->PolicyChanged (
  58. m_fIsComputerType ? TRUE : FALSE,
  59. m_bAddInCallToPolicyChanged, &g_guidRegExt, &g_guidSnapin );
  60. ASSERT (SUCCEEDED (hr));
  61. }
  62. }
  65. _TRACE (-1, L"Leaving CCertStoreGPE::Commit - %s\n",
  66. (LPCWSTR) m_pcszStoreName);
  67. return hr;
  68. }
  72. CCertStoreGPE::CCertStoreGPE (
  73. DWORD dwFlags,
  74. LPCWSTR lpcszMachineName,
  75. LPCWSTR objectName,
  76. const CString & pcszLogStoreName,
  77. const CString & pcszPhysStoreName,
  78. IGPEInformation * pGPTInformation,
  79. const GUID& compDataGUID,
  80. IConsole* pConsole)
  81. : CCertStore (CERTMGR_LOG_STORE_GPE,
  82. CERT_STORE_PROV_SYSTEM, dwFlags, lpcszMachineName, objectName,
  83. pcszLogStoreName, pcszPhysStoreName,
  84. StoreNameToType (pcszLogStoreName),
  85. 0,
  86. pConsole),
  87. m_pGPEInformation (pGPTInformation),
  88. m_fIsNullEFSPolicy (true), // assume NULL policy until proven otherwise
  89. m_hGroupPolicyKey (0),
  90. m_bAddInCallToPolicyChanged (TRUE)
  91. {
  92. _TRACE (1, L"Entering CCertStoreGPE::CCertStoreGPE - %s\n",
  93. (LPCWSTR) pcszLogStoreName);
  94. ASSERT (CERTMGR_LOG_STORE_GPE == m_objecttype);
  95. ASSERT (m_pGPEInformation);
  96. if ( m_pGPEInformation )
  97. {
  98. m_pGPEInformation->AddRef ();
  99. if ( ::IsEqualGUID (compDataGUID, NODEID_User) )
  100. {
  101. m_fIsComputerType = false;
  102. m_dwFlags |= CERT_SYSTEM_STORE_CURRENT_USER_GROUP_POLICY;
  103. }
  104. else if ( ::IsEqualGUID (compDataGUID, NODEID_Machine) )
  105. {
  106. m_fIsComputerType = true;
  107. m_dwFlags |= CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY;
  108. }
  109. else
  110. ASSERT (0);
  111. }
  112. _TRACE (-1, L"Leaving CCertStoreGPE::CCertStoreGPE - %s\n",
  113. (LPCWSTR) pcszLogStoreName);
  114. }
  117. CCertStoreGPE::~CCertStoreGPE ()
  118. {
  119. _TRACE (1, L"Entering CCertStoreGPE::~CCertStoreGPE - %s\n",
  120. (LPCWSTR) m_pcszStoreName);;
  121. ASSERT (CERTMGR_LOG_STORE_GPE == m_objecttype);
  123. if ( m_hGroupPolicyKey )
  124. RegCloseKey (m_hGroupPolicyKey);
  126. if ( m_pGPEInformation )
  127. {
  128. m_pGPEInformation->Release ();
  129. m_pGPEInformation = 0;
  130. }
  132. CERT_CONTEXT_PSID_STRUCT* pCert = 0;
  133. while (!m_EFSCertList.IsEmpty () )
  134. {
  135. pCert = m_EFSCertList.RemoveHead ();
  136. ASSERT (pCert);
  137. if ( pCert )
  138. delete pCert;
  139. }
  140. _TRACE (-1, L"Leaving CCertStoreGPE::~CCertStoreGPE - %s\n",
  141. (LPCWSTR) m_pcszStoreName);
  142. }
  144. HCERTSTORE CCertStoreGPE::GetStoreHandle (BOOL bSilent /*= FALSE*/, HRESULT* phr /* = 0*/)
  145. {
  146. _TRACE (1, L"Entering CCertStoreGPE::GetStoreHandle - %s\n",
  147. (LPCWSTR) m_pcszStoreName);
  148. ASSERT (CERTMGR_LOG_STORE_GPE == m_objecttype);
  149. CERT_SYSTEM_STORE_RELOCATE_PARA RelocatePara;
  150. void* pvPara = 0;
  152. if ( !m_hCertStore )
  153. {
  154. DWORD dwErr = 0;
  156. if ( EFS_STORE == GetStoreType () && m_fIsNullEFSPolicy )
  157. {
  158. // Test to see if EFS key exists, if not, flag this as
  159. // having no EFS policy and return.
  160. HKEY hEFSKey = 0;
  161. // security review 2/27/2002 BryanWal ok
  162. LONG lResult = ::RegOpenKeyEx (GetGroupPolicyKey (), CERT_EFSBLOB_REGPATH, 0,
  163. KEY_READ, &hEFSKey);
  164. if ( ERROR_SUCCESS == lResult )
  165. {
  166. m_fIsNullEFSPolicy = false;
  167. ::RegCloseKey (hEFSKey);
  168. }
  169. else
  170. return 0;
  171. }
  172. RelocatePara.hKeyBase = GetGroupPolicyKey ();
  173. RelocatePara.pwszSystemStore = (LPCWSTR) m_pcszStoreName;
  174. pvPara = (void*) &RelocatePara;
  175. m_hCertStore = ::CertOpenStore (m_storeProvider,
  176. X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, NULL,
  177. m_dwFlags | CERT_STORE_SET_LOCALIZED_NAME_FLAG | CERT_STORE_MAXIMUM_ALLOWED_FLAG,
  178. pvPara);
  179. if ( !m_hCertStore )
  180. {
  181. dwErr = GetLastError ();
  182. if ( phr )
  183. *phr = HRESULT_FROM_WIN32 (dwErr);
  184. m_hCertStore = ::CertOpenStore (m_storeProvider,
  185. X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, NULL,
  186. m_dwFlags | CERT_STORE_READONLY_FLAG | CERT_STORE_SET_LOCALIZED_NAME_FLAG,
  187. pvPara);
  188. if ( m_hCertStore )
  189. m_bReadOnly = true;
  190. else
  191. {
  192. dwErr = GetLastError ();
  193. if ( phr )
  194. *phr = HRESULT_FROM_WIN32 (dwErr);
  195. _TRACE (0, L"CertOpenStore (%s) failed: 0x%x\n",
  196. (PCWSTR) m_pcszStoreName, dwErr);
  197. }
  198. }
  200. if ( !m_hCertStore && !m_bUnableToOpenMsgDisplayed && !bSilent &&
  201. (USERDS_STORE != GetStoreType ()) )
  202. {
  203. m_bUnableToOpenMsgDisplayed = true;
  204. CString caption;
  205. CString text;
  206. int iRetVal = 0;
  208. VERIFY (caption.LoadString (IDS_CERTIFICATE_MANAGER));
  209. text.FormatMessage (IDS_UNABLE_TO_OPEN_STORE, GetStoreName (),
  210. GetSystemMessage (dwErr));
  211. if ( m_pConsole )
  212. m_pConsole->MessageBox (text, caption, MB_OK | MB_ICONINFORMATION, &iRetVal);
  213. }
  214. }
  216. _TRACE (-1, L"Leaving CCertStoreGPE::GetStoreHandle - %s\n",
  217. (LPCWSTR) m_pcszStoreName);
  219. return m_hCertStore;
  220. }
  222. bool CCertStoreGPE::CanContain(CertificateManagerObjectType nodeType)
  223. {
  224. _TRACE (1, L"Entering CCertStoreGPE::CanContain - %s\n",
  225. (LPCWSTR) m_pcszStoreName);
  226. ASSERT (CERTMGR_LOG_STORE_GPE == m_objecttype);
  227. bool bCanContain = false;
  229. switch (nodeType)
  230. {
  231. case CERTMGR_CERTIFICATE:
  232. if ( ROOT_STORE == GetStoreType () ||
  233. EFS_STORE == GetStoreType () )
  234. {
  235. bCanContain = true;
  236. }
  237. break;
  239. case CERTMGR_CTL:
  240. if ( TRUST_STORE == GetStoreType () )
  241. {
  242. bCanContain = true;
  243. }
  244. break;
  246. default:
  247. break;
  248. }
  250. _TRACE (-1, L"Leaving CCertStoreGPE::CanContain - %s\n",
  251. (LPCWSTR) m_pcszStoreName);
  252. return bCanContain;
  253. }
  256. bool CCertStoreGPE::IsMachineStore()
  257. {
  258. _TRACE (0, L"Entering and leaving CCertStoreGPE::IsMachineStore - %s\n",
  259. (LPCWSTR) m_pcszStoreName);
  260. ASSERT (CERTMGR_LOG_STORE_GPE == m_objecttype);
  262. if (m_dwFlags & CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY)
  263. return true;
  264. else
  265. return false;
  266. }
  269. HKEY CCertStoreGPE::GetGroupPolicyKey()
  270. {
  271. _TRACE (1, L"Entering CCertStoreGPE::GetGroupPolicyKey - %s\n",
  272. (LPCWSTR) m_pcszStoreName);
  273. ASSERT (CERTMGR_LOG_STORE_GPE == m_objecttype);
  274. if ( !m_hGroupPolicyKey )
  275. {
  276. if ( m_fIsComputerType )
  277. {
  278. HRESULT hr = m_pGPEInformation->GetRegistryKey (GPO_SECTION_MACHINE,
  279. &m_hGroupPolicyKey);
  280. ASSERT (SUCCEEDED (hr));
  281. }
  282. else
  283. {
  284. HRESULT hr = m_pGPEInformation->GetRegistryKey (GPO_SECTION_USER,
  285. &m_hGroupPolicyKey);
  286. ASSERT (SUCCEEDED (hr));
  287. }
  288. }
  290. _TRACE (-1, L"Leaving CCertStoreGPE::GetGroupPolicyKey - %s\n",
  291. (LPCWSTR) m_pcszStoreName);
  292. return m_hGroupPolicyKey;
  293. }
  295. IGPEInformation * CCertStoreGPE::GetGPEInformation() const
  296. {
  297. _TRACE (0, L"Entering and leaving CCertStoreGPE::GetGPEInformation - %s\n",
  298. (LPCWSTR) m_pcszStoreName);
  299. ASSERT (CERTMGR_LOG_STORE_GPE == m_objecttype);
  300. return m_pGPEInformation;
  301. }
  303. HRESULT CCertStoreGPE::WriteEFSBlobToRegistry()
  304. {
  305. _TRACE (1, L"Entering CCertStoreGPE::WriteEFSBlobToRegistry - %s\n",
  306. (LPCWSTR) m_pcszStoreName);
  307. ASSERT (CERTMGR_LOG_STORE_GPE == m_objecttype);
  308. HRESULT hr = S_OK;
  310. if ( !m_fIsNullEFSPolicy )
  311. {
  312. HKEY hGroupPolicyKey = GetGroupPolicyKey ();
  313. if ( hGroupPolicyKey )
  314. {
  315. DWORD dwDisposition = 0;
  316. HKEY hKeyEFSBlob = 0;
  317. int nCertCnt = GetCertCount ();
  319. // security review 2/27/2002 BryanWal ok - reduce privilege requested
  320. LONG lResult = ::RegCreateKeyEx (hGroupPolicyKey, // handle of an open key
  321. CERT_EFSBLOB_REGPATH, // address of subkey name
  322. 0, // reserved
  323. L"", // address of class string
  324. REG_OPTION_NON_VOLATILE, // special options flag
  325. KEY_SET_VALUE, // desired security access
  326. NULL, // address of key security structure
  327. &hKeyEFSBlob, // address of buffer for opened handle
  328. &dwDisposition); // address of disposition value buffer
  329. ASSERT (lResult == ERROR_SUCCESS);
  330. if ( lResult == ERROR_SUCCESS )
  331. {
  332. try {
  333. PEFS_PUBLIC_KEY_INFO* pEFSPKI = new PEFS_PUBLIC_KEY_INFO[nCertCnt];
  334. DWORD* cbPKI = new DWORD[nCertCnt];
  335. PRECOVERY_KEY_1_1* pRecoveryKey = new PRECOVERY_KEY_1_1[nCertCnt];
  336. DWORD* cbRecoveryKey = new DWORD[nCertCnt];
  337. PRECOVERY_POLICY_1_1 pRecoveryPolicy = 0;
  338. DWORD cbRecoveryPolicy = 0;
  339. BYTE* pData = 0;
  340. DWORD cbData = 0;
  341. int nActualCertCnt = 0;
  342. PCCERT_CONTEXT pCertContext = 0;
  344. if ( !pEFSPKI || ! cbPKI || ! pRecoveryKey || !cbRecoveryKey )
  345. {
  346. ::RegCloseKey (hKeyEFSBlob);
  347. hr = E_OUTOFMEMORY;
  348. }
  349. else
  350. {
  351. // security review 2/27/2002 BryanWal ok
  352. ::ZeroMemory (pEFSPKI, nCertCnt*sizeof (PEFS_PUBLIC_KEY_INFO));
  353. ::ZeroMemory (cbPKI, nCertCnt*sizeof (DWORD));
  354. ::ZeroMemory (pRecoveryKey, nCertCnt*sizeof (PRECOVERY_KEY_1_1));
  355. ::ZeroMemory (cbRecoveryKey, nCertCnt*sizeof (DWORD));
  357. while ( 1 )
  358. {
  359. // Subsequent calls to CertEnumCertificatesInStore () free pCertContext. If
  360. // we must break prematurely out of this loop, we must CertFreeCertificateContext ()
  361. // explicitly on the last pCertContext
  362. pCertContext = EnumCertificates (pCertContext);
  363. if ( pCertContext )
  364. {
  365. hr = CreatePublicKeyInformationCertificate (
  366. GetPSIDFromCert (pCertContext),
  367. pCertContext->pbCertEncoded,
  368. pCertContext->cbCertEncoded,
  369. &pEFSPKI[nActualCertCnt],
  370. &cbPKI[nActualCertCnt]);
  371. if ( SUCCEEDED (hr) )
  372. {
  373. cbRecoveryKey[nActualCertCnt] = sizeof (ULONG) + cbPKI[nActualCertCnt];
  374. pRecoveryKey[nActualCertCnt] = (PRECOVERY_KEY_1_1)
  375. ::LocalAlloc (LPTR, cbRecoveryKey[nActualCertCnt]);
  376. if ( pRecoveryKey[nActualCertCnt] )
  377. {
  378. pRecoveryKey[nActualCertCnt]->TotalLength = cbRecoveryKey[nActualCertCnt];
  379. // security review 2/27/2002 BryanWal ok
  380. memcpy (&(pRecoveryKey[nActualCertCnt]->PublicKeyInfo),
  381. pEFSPKI[nActualCertCnt],
  382. cbPKI[nActualCertCnt]);
  383. }
  384. else
  385. {
  386. hr = E_OUTOFMEMORY;
  387. ::CertFreeCertificateContext (pCertContext);
  388. break;
  389. }
  390. }
  391. nActualCertCnt++;
  392. if ( nActualCertCnt > nCertCnt )
  393. {
  394. ASSERT (0);
  395. ::CertFreeCertificateContext (pCertContext);
  396. break;
  397. }
  398. }
  399. else
  400. break;
  401. }
  402. Close ();
  403. ASSERT (nActualCertCnt == nCertCnt);
  404. if ( SUCCEEDED (hr) )
  405. {
  407. cbRecoveryPolicy = sizeof (RECOVERY_POLICY_HEADER);
  408. for (int nIndex = 0; nIndex < nActualCertCnt; nIndex++)
  409. cbRecoveryPolicy += cbRecoveryKey[nIndex];
  410. pRecoveryPolicy = (PRECOVERY_POLICY_1_1) ::LocalAlloc (LPTR, cbRecoveryPolicy);
  411. if ( pRecoveryPolicy )
  412. {
  413. pRecoveryPolicy->RecoveryPolicyHeader.MajorRevision = EFS_RECOVERY_POLICY_MAJOR_REVISION_1;
  414. pRecoveryPolicy->RecoveryPolicyHeader.MinorRevision = EFS_RECOVERY_POLICY_MINOR_REVISION_1;
  415. pRecoveryPolicy->RecoveryPolicyHeader.RecoveryKeyCount = nActualCertCnt;
  417. // Build array of variable size recovery keys.
  418. BYTE* ptr = (BYTE*) pRecoveryPolicy->RecoveryKeyList;
  419. for (int nIndex = 0; nIndex < nActualCertCnt; nIndex++)
  420. {
  421. // security review 2/27/2002 BryanWal ok
  422. memcpy (ptr, pRecoveryKey[nIndex], cbRecoveryKey[nIndex]);
  423. ptr += cbRecoveryKey[nIndex];
  424. }
  425. }
  426. else
  427. {
  428. hr = E_OUTOFMEMORY;
  429. }
  431. if ( pRecoveryPolicy ) // otherwise, the value is set to 0
  432. {
  433. pData = (BYTE*) pRecoveryPolicy;
  434. cbData = cbRecoveryPolicy;
  435. }
  436. lResult = ::RegSetValueEx (hKeyEFSBlob, // handle of key to set value for
  437. CERT_EFSBLOB_VALUE_NAME, // address of value to set
  438. 0, // reserved
  439. REG_BINARY, // flag for value type
  440. pData, // address of value data
  441. cbData); // size of value data
  442. if ( lResult == ERROR_SUCCESS )
  443. {
  444. m_bDirty = true;
  445. }
  446. else
  447. DisplaySystemError (NULL, lResult);
  448. }
  449. ::RegCloseKey (hKeyEFSBlob);
  450. hKeyEFSBlob = 0;
  452. // Free all the allocated pointers in the arrays.
  453. for (int nIndex = 0; nIndex < nActualCertCnt; nIndex++)
  454. {
  455. if ( pEFSPKI[nIndex] )
  456. ::LocalFree (pEFSPKI[nIndex]);
  457. if ( pRecoveryKey[nIndex] )
  458. ::LocalFree (pRecoveryKey[nIndex]);
  459. }
  461. // Free the allocated arrays
  462. if ( pEFSPKI )
  463. delete [] pEFSPKI;
  464. if ( cbPKI )
  465. delete [] cbPKI;
  466. if ( cbRecoveryKey )
  467. delete [] cbRecoveryKey;
  468. if ( pRecoveryKey )
  469. delete [] pRecoveryKey;
  471. if ( pRecoveryPolicy )
  472. ::LocalFree (pRecoveryPolicy);
  473. }
  474. }
  476. catch (CMemoryException*)
  477. {
  478. if ( hKeyEFSBlob )
  479. ::RegCloseKey (hKeyEFSBlob);
  480. }
  481. }
  482. else
  483. {
  484. hr = HRESULT_FROM_WIN32 (lResult);
  485. DisplaySystemError (NULL, lResult);
  486. }
  487. if ( SUCCEEDED (hr) )
  488. m_bDirty = true;
  489. }
  490. }
  492. _TRACE (-1, L"Leaving CCertStoreGPE::WriteEFSBlobToRegistry - %s\n",
  493. (LPCWSTR) m_pcszStoreName);
  494. return hr;
  495. }
  498. #define POINTER_TO_OFFSET( Pointer, pBase ) (((PUCHAR)(Pointer)) - ((PUCHAR)(pBase)))
  500. HRESULT CCertStoreGPE::CreatePublicKeyInformationCertificate(
  501. IN PSID pUserSid OPTIONAL,
  502. PBYTE pbCert,
  503. DWORD cbCert,
  504. OUT PEFS_PUBLIC_KEY_INFO * PublicKeyInformation,
  505. DWORD* pcbPublicKeyInfo)
  506. {
  507. _TRACE (1, L"Entering CCertStoreGPE::CreatePublicKeyInformationCertificate - %s\n",
  508. (LPCWSTR) m_pcszStoreName);
  509. ASSERT (CERTMGR_LOG_STORE_GPE == m_objecttype);
  510. ASSERT (PublicKeyInformation && pcbPublicKeyInfo);
  511. ASSERT (pbCert);
  512. if ( !PublicKeyInformation || !pcbPublicKeyInfo || !pbCert)
  513. return E_POINTER;
  515. DWORD userSidLength = 0;
  516. PBYTE pBase = 0;
  518. if (pUserSid != NULL)
  519. {
  520. userSidLength = GetLengthSid (pUserSid);
  521. }
  523. DWORD publicKeyInformationLength = sizeof( EFS_PUBLIC_KEY_INFO ) + userSidLength + cbCert;
  525. //
  526. // Allocate and fill in the PublicKeyInformation structure
  527. //
  529. *PublicKeyInformation = (PEFS_PUBLIC_KEY_INFO) ::LocalAlloc (LPTR, publicKeyInformationLength);
  531. if ( !(*PublicKeyInformation) )
  532. {
  533. return ERROR_NOT_ENOUGH_MEMORY;
  534. }
  536. (*PublicKeyInformation)->Length = publicKeyInformationLength;
  537. (*PublicKeyInformation)->KeySourceTag = (ULONG)EfsCertificate;
  539. //
  540. // Copy the string and SID data to the end of the structure.
  541. //
  543. pBase = (PBYTE) *PublicKeyInformation;
  544. pBase = (PBYTE) pBase + sizeof (EFS_PUBLIC_KEY_INFO);
  546. if (pUserSid != NULL)
  547. {
  548. (*PublicKeyInformation)->PossibleKeyOwner = (ULONG)POINTER_TO_OFFSET( pBase, *PublicKeyInformation );
  549. // security review 2/27/2002 BryanWal ok
  550. ::CopySid( userSidLength, (PSID)pBase, pUserSid );
  551. }
  552. else
  553. {
  554. (*PublicKeyInformation)->PossibleKeyOwner = (ULONG)NULL;
  555. }
  557. pBase = ((PBYTE)pBase + userSidLength);
  559. (*PublicKeyInformation)->CertificateInfo.CertificateLength = cbCert;
  560. (*PublicKeyInformation)->CertificateInfo.Certificate = (ULONG)POINTER_TO_OFFSET( pBase, *PublicKeyInformation );
  562. // security review 2/27/2002 BryanWal ok
  563. memcpy (pBase, pbCert, cbCert );
  564. *pcbPublicKeyInfo = publicKeyInformationLength;
  566. _TRACE (-1, L"Leaving CCertStoreGPE::CreatePublicKeyInformationCertificate - %s\n",
  567. (LPCWSTR) m_pcszStoreName);
  568. return 0;
  569. }
  571. void CCertStoreGPE::AddCertToList(PCCERT_CONTEXT pCertContext, PSID userPSID)
  572. {
  573. _TRACE (1, L"Entering CCertStoreGPE::AddCertToList - %s\n",
  574. (LPCWSTR) m_pcszStoreName);
  575. ASSERT (CERTMGR_LOG_STORE_GPE == m_objecttype);
  576. if ( pCertContext && userPSID )
  577. {
  578. CERT_CONTEXT_PSID_STRUCT* pCert = new CERT_CONTEXT_PSID_STRUCT (
  579. pCertContext, userPSID);
  580. if ( pCert )
  581. {
  582. m_EFSCertList.AddTail (pCert);
  583. m_bDirty = true;
  584. }
  585. }
  586. _TRACE (-1, L"Leaving CCertStoreGPE::AddCertToList - %s\n",
  587. (LPCWSTR) m_pcszStoreName);
  588. }
  590. PSID CCertStoreGPE::GetPSIDFromCert (PCCERT_CONTEXT pCertContext)
  591. {
  592. _TRACE (1, L"Entering CCertStoreGPE::GetPSIDFromCert - %s\n",
  593. (LPCWSTR) m_pcszStoreName);
  594. ASSERT (CERTMGR_LOG_STORE_GPE == m_objecttype);
  595. PSID pSID = 0;
  596. CERT_CONTEXT_PSID_STRUCT* pCert = 0;
  597. POSITION curPos = 0;
  599. for (POSITION nextPos = m_EFSCertList.GetHeadPosition (); nextPos; )
  600. {
  601. curPos = nextPos;
  602. pCert = m_EFSCertList.GetNext (nextPos);
  603. if ( CertCompareCertificate (
  604. X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
  605. pCert->m_pCertContext->pCertInfo,
  606. pCertContext->pCertInfo) )
  607. {
  608. pSID = pCert->m_psid;
  609. break;
  610. }
  611. }
  613. _TRACE (-1, L"Leaving CCertStoreGPE::GetPSIDFromCert - %s\n",
  614. (LPCWSTR) m_pcszStoreName);
  615. return pSID;
  616. }
  619. void CCertStoreGPE::FinalCommit()
  620. {
  621. _TRACE (1, L"Entering CCertStoreGPE::FinalCommit - %s\n",
  622. (LPCWSTR) m_pcszStoreName);
  623. ASSERT (CERTMGR_LOG_STORE_GPE == m_objecttype);
  624. // Called only from destructor
  625. // Cannot commit here for GPT: GPT has already freed all pertinent data
  626. _TRACE (-1, L"Leaving CCertStoreGPE::FinalCommit - %s\n",
  627. (LPCWSTR) m_pcszStoreName);
  628. }
  631. bool CCertStoreGPE::IsNullEFSPolicy()
  632. {
  633. _TRACE (1, L"Entering CCertStoreGPE::IsNullEFSPolicy - %s\n",
  634. (LPCWSTR) m_pcszStoreName);
  635. GetStoreHandle (); // to initialize
  636. Close ();
  637. _TRACE (-1, L"Leaving CCertStoreGPE::IsNullEFSPolicy - %s\n",
  638. (LPCWSTR) m_pcszStoreName);
  639. return m_fIsNullEFSPolicy;
  640. }
  642. void CCertStoreGPE::AllowEmptyEFSPolicy()
  643. {
  644. _TRACE (1, L"Entering CCertStoreGPE::AllowEmptyEFSPolicy - %s\n",
  645. (LPCWSTR) m_pcszStoreName);
  646. m_fIsNullEFSPolicy = false;
  647. _TRACE (-1, L"Leaving CCertStoreGPE::AllowEmptyEFSPolicy - %s\n",
  648. (LPCWSTR) m_pcszStoreName);
  649. }
  651. HRESULT CCertStoreGPE::AddCertificateContext(PCCERT_CONTEXT pContext, LPCONSOLE pConsole, bool bDeletePrivateKey)
  652. {
  653. _TRACE (1, L"Entering CCertStoreGPE::AddCertificateContext - %s\n",
  654. (LPCWSTR) m_pcszStoreName);
  655. HRESULT hr = S_OK;
  656. AllowEmptyEFSPolicy ();
  657. hr = CCertStore::AddCertificateContext (pContext, pConsole, bDeletePrivateKey);
  659. _TRACE (-1, L"Leaving CCertStoreGPE::AddCertificateContext - %s\n",
  660. (LPCWSTR) m_pcszStoreName);
  661. return hr;
  662. }
  664. HRESULT CCertStoreGPE::DeleteEFSPolicy(bool bCommitChanges)
  665. {
  666. _TRACE (1, L"Entering CCertStoreGPE::DeleteEFSPolicy - %s\n",
  667. (LPCWSTR) m_pcszStoreName);
  668. ASSERT (EFS_STORE == GetStoreType ());
  669. if ( EFS_STORE == GetStoreType () )
  670. {
  671. // If the store is open, close it first
  672. if ( m_hCertStore )
  673. {
  674. CERT_CONTEXT_PSID_STRUCT* pCert = 0;
  675. while (!m_EFSCertList.IsEmpty () )
  676. {
  677. pCert = m_EFSCertList.RemoveHead ();
  678. ASSERT (pCert);
  679. if ( pCert )
  680. delete pCert;
  681. }
  683. VERIFY (::CertCloseStore (m_hCertStore, CERT_CLOSE_STORE_FORCE_FLAG)); //CERT_CLOSE_STORE_CHECK_FLAG);
  684. m_hCertStore = 0;
  685. }
  687. LRESULT lResult = ::RegDelnode (GetGroupPolicyKey (), CERT_EFSBLOB_REGPATH);
  688. if ( ERROR_SUCCESS == lResult )
  689. {
  690. m_fIsNullEFSPolicy = true;
  691. m_bDirty = true;
  693. if ( bCommitChanges )
  694. {
  695. m_bAddInCallToPolicyChanged = FALSE; // delete policy
  696. Commit ();
  697. m_bAddInCallToPolicyChanged = TRUE;
  698. }
  699. }
  700. else
  701. DisplaySystemError (NULL, (DWORD)lResult);
  702. }
  704. _TRACE (-1, L"Leaving CCertStoreGPE::DeleteEFSPolicy - %s\n",
  705. (LPCWSTR) m_pcszStoreName);
  706. return S_OK;
  707. }
  710. HRESULT CCertStoreGPE::PolicyChanged()
  711. {
  712. _TRACE (1, L"Entering CCertStoreGPE::PolicyChanged - %s\n",
  713. (LPCWSTR) m_pcszStoreName);
  714. HRESULT hr = E_FAIL;
  716. if ( m_pGPEInformation )
  717. {
  718. hr = m_pGPEInformation->PolicyChanged (
  719. m_fIsComputerType ? TRUE : FALSE,
  720. m_bAddInCallToPolicyChanged, &g_guidExtension, &g_guidSnapin);
  721. hr = m_pGPEInformation->PolicyChanged (
  722. m_fIsComputerType ? TRUE : FALSE,
  723. m_bAddInCallToPolicyChanged, &g_guidRegExt, &g_guidSnapin);
  724. }
  726. _TRACE (-1, L"Leaving CCertStoreGPE::PolicyChanged - %s\n",
  727. (LPCWSTR) m_pcszStoreName);
  728. return hr;
  729. }
  731. PCCERT_CONTEXT CCertStoreGPE::EnumCertificates (PCCERT_CONTEXT pPrevCertContext)
  732. {
  733. PCCERT_CONTEXT pCertContext = CCertStore::EnumCertificates (pPrevCertContext);
  735. if ( pCertContext )
  736. m_fIsNullEFSPolicy = false;
  738. return pCertContext;
  739. }
  741. CERT_CONTEXT_PSID_STRUCT::CERT_CONTEXT_PSID_STRUCT (PCCERT_CONTEXT pCertContext, PSID psid) :
  742. m_pCertContext (0),
  743. m_psid (0)
  744. {
  745. if ( pCertContext && psid )
  746. {
  747. m_pCertContext = CertDuplicateCertificateContext (pCertContext);
  748. DWORD dwSidSize = ::GetLengthSid (psid);
  749. if ( dwSidSize > 0 )
  750. {
  751. m_psid = new BYTE[dwSidSize];
  752. if ( m_psid )
  753. {
  754. // security review 2/27/2002 BryanWal ok
  755. ::ZeroMemory (m_psid, dwSidSize);
  756. if ( !::CopySid (dwSidSize, m_psid, psid) )
  757. {
  758. ASSERT (0);
  759. delete [] m_psid;
  760. m_psid = 0;
  761. }
  762. }
  763. }
  764. }
  765. }
  767. CERT_CONTEXT_PSID_STRUCT::~CERT_CONTEXT_PSID_STRUCT ()
  768. {
  769. if ( m_pCertContext )
  770. ::CertFreeCertificateContext (m_pCertContext);
  771. if ( m_psid )
  772. delete [] m_psid;
  773. }