archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-server-2003/admin/snapin/certmgr/storersop.cpp

517 lines
21 KiB
Raw Permalink Normal View History

commiting as it is
4 years ago
  1. //+---------------------------------------------------------------------------
  2. //
  3. // Microsoft Windows
  4. // Copyright (C) Microsoft Corporation, 1997-2002.
  5. //
  6. // File: StoreRSOP.cpp
  7. //
  8. // Contents: Implementation of CCertStoreRSOP
  9. //
  10. //----------------------------------------------------------------------------
  11. #include "stdafx.h"
  12. #include <gpedit.h>
  13. #include "cookie.h"
  14. #include "StoreRSOP.h"
  15. #include "certifct.h"
  17. USE_HANDLE_MACROS("CERTMGR(StoreRSOP.cpp)")
  19. #ifdef _DEBUG
  20. #ifndef ALPHA
  21. #define new DEBUG_NEW
  22. #endif
  23. #undef THIS_FILE
  24. static char THIS_FILE[] = __FILE__;
  25. #endif
  27. extern GUID g_guidExtension;
  28. extern GUID g_guidRegExt;
  29. extern GUID g_guidSnapin;
  32. ///////////////////////////////////////////////////////////////////////////////
  33. ///////////////////////////////////////////////////////////////////////////////
  34. CCertStoreRSOP::CCertStoreRSOP (
  35. DWORD dwFlags,
  36. LPCWSTR lpcszMachineName,
  37. LPCWSTR objectName,
  38. const CString & pcszLogStoreName,
  39. const CString & pcszPhysStoreName,
  40. CRSOPObjectArray& rsopObjectArray,
  41. const GUID& compDataGUID,
  42. IConsole* pConsole)
  43. : CCertStore (CERTMGR_LOG_STORE_RSOP,
  44. CERT_STORE_PROV_SYSTEM, dwFlags, lpcszMachineName, objectName,
  45. pcszLogStoreName, pcszPhysStoreName,
  46. StoreNameToType (pcszLogStoreName),
  47. 0,
  48. pConsole),
  49. m_fIsNullEFSPolicy (true) // assume NULL policy until proven otherwise
  50. {
  51. _TRACE (1, L"Entering CCertStoreRSOP::CCertStoreRSOP - %s\n",
  52. (LPCWSTR) pcszLogStoreName);
  53. ASSERT (CERTMGR_LOG_STORE_RSOP == m_objecttype);
  54. if ( ::IsEqualGUID (compDataGUID, NODEID_User) )
  55. {
  56. m_fIsComputerType = false;
  57. m_dwFlags |= CERT_SYSTEM_STORE_CURRENT_USER_GROUP_POLICY;
  58. }
  59. else if ( ::IsEqualGUID (compDataGUID, NODEID_Machine) )
  60. {
  61. m_fIsComputerType = true;
  62. m_dwFlags |= CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY;
  63. }
  64. else
  65. ASSERT (0);
  67. int nIndex = 0;
  68. INT_PTR nUpperBound = rsopObjectArray.GetUpperBound ();
  69. bool bFound = false;
  70. CString storePath = CERT_GROUP_POLICY_SYSTEM_STORE_REGPATH;
  71. storePath += L"\\";
  72. storePath += m_pcszStoreName;
  73. size_t nStoreLen = storePath.GetLength ();
  74. CString szWinningEFSPolicy;
  76. while ( nUpperBound >= nIndex )
  77. {
  78. CRSOPObject* pObject = rsopObjectArray.GetAt (nIndex);
  79. if ( pObject )
  80. {
  81. // Only add if
  82. // 1. Precedence is 1
  83. // 2. The object belongs to this store
  84. // 3. The valueName is not empty
  85. if ( 1 == pObject->GetPrecedence () )
  86. {
  87. // Consider only entries from this store
  88. // security review 2/25/2002 BryanWal ok
  89. if ( !wcsncmp (storePath, pObject->GetRegistryKey (), nStoreLen) )
  90. {
  91. bFound = true;
  92. if ( !pObject->GetValueName ().IsEmpty () )
  93. {
  94. // NTRAID# 477258 AddRSoP: EFS: Domain policy should
  95. // be disabled once OU policy has been established
  96. if ( EFS_STORE == GetStoreType () )
  97. {
  98. // Find "EFSBlob". Because the list is sorted,
  99. // this will be found before all the "Certificate"
  100. // keys that have the value of "Blob". There should
  101. // only be one "EFSBlob" that has a precedence of 1.
  102. // This winning EFSBlob will contain the winning
  103. // GPO OID, which we will cache. After this, we
  104. // will only keep certificates that have this same
  105. // policy OID.
  106. // Note that the EFSBlob is a special structure that
  107. // also contains all the EFS certificates, but each
  108. // EFSBlob have a unique precedence, while all the
  109. // "Blob"s have a precedence of 1, even if they
  110. // will not be applied.
  111. if ( CERT_EFSBLOB_VALUE_NAME == pObject->GetValueName () )
  112. {
  113. ASSERT (-1 == m_rsopObjectArray.GetUpperBound ());
  114. ASSERT (szWinningEFSPolicy.IsEmpty ());
  115. szWinningEFSPolicy = pObject->GetPolicyOID ();
  116. }
  117. else if ( szWinningEFSPolicy == pObject->GetPolicyOID () )
  118. {
  119. CRSOPObject* pNewObject = new CRSOPObject (*pObject);
  120. if ( pNewObject )
  121. m_rsopObjectArray.Add (pNewObject);
  122. }
  123. }
  124. else
  125. {
  126. CRSOPObject* pNewObject = new CRSOPObject (*pObject);
  127. if ( pNewObject )
  128. m_rsopObjectArray.Add (pNewObject);
  129. }
  130. }
  131. }
  132. else if ( bFound )
  133. {
  134. // Since the list is sorted, and we've already found the
  135. // desired RSOP objects and no longer are finding them,
  136. // there aren't any more. We can optimize and break here.
  137. break;
  138. }
  139. }
  140. }
  141. else
  142. break;
  144. nIndex++;
  145. }
  147. _TRACE (-1, L"Leaving CCertStoreRSOP::CCertStoreRSOP - %s\n",
  148. (LPCWSTR) pcszLogStoreName);
  149. }
  152. CCertStoreRSOP::~CCertStoreRSOP ()
  153. {
  154. _TRACE (1, L"Entering CCertStoreRSOP::~CCertStoreRSOP - %s\n",
  155. (LPCWSTR) m_pcszStoreName);
  156. ASSERT (CERTMGR_LOG_STORE_RSOP == m_objecttype);
  157. INT_PTR nUpperBound = m_rsopObjectArray.GetUpperBound ();
  158. int nIndex = 0;
  160. while (nUpperBound >= nIndex)
  161. {
  162. CRSOPObject* pObject = m_rsopObjectArray.GetAt (nIndex);
  163. if ( pObject )
  164. {
  165. delete pObject;
  166. }
  167. else
  168. break;
  170. nIndex++;
  171. }
  173. _TRACE (-1, L"Leaving CCertStoreRSOP::~CCertStoreRSOP - %s\n",
  174. (LPCWSTR) m_pcszStoreName);
  175. }
  177. HCERTSTORE CCertStoreRSOP::GetStoreHandle (BOOL bSilent /*= FALSE*/, HRESULT* phr /* = 0*/)
  178. {
  179. _TRACE (1, L"Entering CCertStoreRSOP::GetStoreHandle - %s\n",
  180. (LPCWSTR) m_pcszStoreName);
  181. ASSERT (CERTMGR_LOG_STORE_RSOP == m_objecttype);
  183. if ( !m_hCertStore )
  184. {
  185. DWORD dwErr = 0;
  187. //open a generic memory store
  188. m_hCertStore = ::CertOpenStore (CERT_STORE_PROV_MEMORY,
  189. 0, NULL,
  190. CERT_STORE_SET_LOCALIZED_NAME_FLAG | CERT_STORE_MAXIMUM_ALLOWED_FLAG,
  191. NULL);
  192. if ( m_hCertStore )
  193. {
  194. // Certificates, CTLs and other objects are either stored integrally in a
  195. // value called "Blob" or broken up into multiple parts. In this case, we'll
  196. // first see "BlobCount", which tells us how many parts there are, then
  197. // "BlobLength" which tells us the total byte length and finally
  198. // "Blob0", "Blob1", etc. to "Blob<BlobCount-1>"
  199. // Check for Certificates
  200. GetBlobs ();
  201. }
  202. else
  203. {
  204. dwErr = GetLastError ();
  205. if ( phr )
  206. *phr = HRESULT_FROM_WIN32 (dwErr);
  207. _TRACE (0, L"CertOpenStore (CERT_STORE_PROV_MEMORY) failed: 0x%x\n", dwErr);
  208. }
  210. if ( !m_hCertStore && !m_bUnableToOpenMsgDisplayed
  211. && !bSilent &&
  212. (USERDS_STORE != GetStoreType ()) )
  213. {
  214. m_bUnableToOpenMsgDisplayed = true;
  215. CString caption;
  216. CString text;
  217. int iRetVal = 0;
  219. VERIFY (caption.LoadString (IDS_CERTIFICATE_MANAGER));
  220. text.FormatMessage (IDS_UNABLE_TO_OPEN_STORE, GetStoreName (),
  221. GetSystemMessage (dwErr));
  222. if ( m_pConsole )
  223. m_pConsole->MessageBox (text, caption, MB_OK, &iRetVal);
  224. }
  225. }
  227. _TRACE (-1, L"Leaving CCertStoreRSOP::GetStoreHandle - %s\n",
  228. (LPCWSTR) m_pcszStoreName);
  230. return m_hCertStore;
  231. }
  234. HRESULT CCertStoreRSOP::GetBlobs ()
  235. {
  236. HRESULT hr = S_OK;
  237. INT_PTR nUpperBound = m_rsopObjectArray.GetUpperBound ();
  238. int nIndex = 0;
  240. while (nUpperBound >= nIndex)
  241. {
  242. CRSOPObject* pObject = m_rsopObjectArray.GetAt (nIndex);
  243. if ( pObject )
  244. {
  245. if ( STR_BLOB == pObject->GetValueName () )
  246. {
  247. // If this is a single, serialized cert, get it and
  248. // add it to the store
  249. BYTE* pByte = pObject->GetBlob ();
  250. ASSERT (pByte);
  251. if ( pByte )
  252. {
  253. if ( !CertAddSerializedElementToStore (
  254. m_hCertStore,
  255. pByte,
  256. (DWORD) pObject->GetBlobLength (),
  257. CERT_STORE_ADD_ALWAYS,
  258. 0,
  259. CERT_STORE_ALL_CONTEXT_FLAG,
  260. NULL,
  261. NULL) )
  262. {
  263. _TRACE (0, L"CertAddSerializedElementToStore () failed: 0x%x\n",
  264. GetLastError ());
  265. }
  266. }
  267. }
  268. else if ( STR_BLOBCOUNT == pObject->GetValueName () )
  269. {
  270. CString szBaseRegKey = pObject->GetRegistryKey ();
  271. DWORD dwBlobCount = pObject->GetDWORDValue ();
  272. if ( dwBlobCount > 0 )
  273. {
  274. nIndex++;
  275. if (nUpperBound >= nIndex)
  276. {
  277. // Get the blob length
  278. pObject = m_rsopObjectArray.GetAt (nIndex);
  279. if ( pObject )
  280. {
  281. if ( STR_BLOBLENGTH == pObject->GetValueName () )
  282. {
  283. DWORD dwBlobLength = pObject->GetDWORDValue ();
  284. if ( dwBlobLength )
  285. {
  286. BYTE* pbyLob = new BYTE[dwBlobLength];
  287. if ( pbyLob )
  288. {
  289. size_t nTotalBlobLength = 0;
  290. BYTE* pbyLobPtr = pbyLob;
  291. for (DWORD dwBlob = 0; dwBlob < dwBlobCount; dwBlob++)
  292. {
  293. nIndex++;
  294. if ( nUpperBound >= nIndex )
  295. {
  296. // security review 2/25/2002 BryanWal
  297. // NOTICE. Docs say that int64 requires 33 chars,
  298. // so DWORD would require half that many (17)
  299. // NOTICE: 4 == wcslen (STR_BLOB) ("Blob")
  300. ASSERT (4 == wcslen (STR_BLOB));
  301. const size_t BUF_LEN = 4 + 17 + 1;
  302. WCHAR szName[BUF_LEN];
  303. wsprintf (szName, L"%s%d", STR_BLOB, dwBlob);
  304. CString szRegKey = szBaseRegKey;
  305. szRegKey += L"\\";
  306. szRegKey += szName;
  308. pObject = m_rsopObjectArray.GetAt (nIndex);
  309. if ( pObject )
  310. {
  311. if ( nTotalBlobLength + pObject->GetBlobLength () <=
  312. dwBlobLength )
  313. {
  314. if ( szRegKey == pObject->GetRegistryKey () &&
  315. STR_BLOB == pObject->GetValueName () )
  316. {
  317. BYTE* pByte = pObject->GetBlob ();
  318. if ( pByte )
  319. {
  320. // security review 2/25/2002 BryanWal
  321. // NOTICE: Add length addition check above to
  322. // to prevent buffer overflow here if registry
  323. // data is bad
  324. memcpy (pbyLobPtr, pByte, pObject->GetBlobLength ());
  325. pbyLobPtr += pObject->GetBlobLength ();
  326. nTotalBlobLength += pObject->GetBlobLength ();
  327. }
  328. else
  329. {
  330. ASSERT (0);
  331. hr = E_UNEXPECTED;
  332. break;
  333. }
  334. }
  335. else
  336. {
  337. ASSERT (0);
  338. hr = E_UNEXPECTED;
  339. break;
  340. }
  341. }
  342. else
  343. {
  344. ASSERT (0);
  345. hr = E_UNEXPECTED;
  346. break;
  347. }
  348. }
  349. else
  350. {
  351. ASSERT (0);
  352. hr = E_UNEXPECTED;
  353. break;
  354. }
  355. }
  356. else
  357. {
  358. ASSERT (0);
  359. hr = E_UNEXPECTED;
  360. break;
  361. }
  362. }
  364. if ( SUCCEEDED (hr) && nTotalBlobLength == (size_t) dwBlobLength )
  365. {
  366. if ( !CertAddSerializedElementToStore (
  367. m_hCertStore,
  368. pbyLob,
  369. dwBlobLength,
  370. CERT_STORE_ADD_ALWAYS,
  371. 0,
  372. CERT_STORE_ALL_CONTEXT_FLAG,
  373. NULL,
  374. NULL) )
  375. {
  376. _TRACE (0, L"CertAddSerializedElementToStore () failed: 0x%x\n",
  377. GetLastError ());
  378. }
  379. }
  381. delete [] pbyLob;
  382. }
  383. else
  384. {
  385. hr = E_OUTOFMEMORY;
  386. break;
  387. }
  388. }
  389. else
  390. {
  391. ASSERT (0);
  392. hr = E_UNEXPECTED;
  393. break;
  394. }
  395. }
  396. else
  397. {
  398. ASSERT (0);
  399. hr = E_UNEXPECTED;
  400. break;
  401. }
  402. }
  403. else
  404. {
  405. ASSERT (0);
  406. hr = E_UNEXPECTED;
  407. break;
  408. }
  409. }
  410. else
  411. {
  412. ASSERT (0);
  413. hr = E_UNEXPECTED;
  414. break;
  415. }
  416. }
  417. }
  418. }
  419. else
  420. break;
  422. nIndex++;
  423. }
  425. return hr;
  426. }
  428. bool CCertStoreRSOP::CanContain(CertificateManagerObjectType nodeType)
  429. {
  430. _TRACE (1, L"Entering CCertStoreRSOP::CanContain - %s\n",
  431. (LPCWSTR) m_pcszStoreName);
  432. ASSERT (CERTMGR_LOG_STORE_RSOP == m_objecttype);
  433. bool bCanContain = false;
  435. switch (nodeType)
  436. {
  437. case CERTMGR_CERTIFICATE:
  438. if ( ROOT_STORE == GetStoreType () ||
  439. EFS_STORE == GetStoreType () )
  440. {
  441. bCanContain = true;
  442. }
  443. break;
  445. case CERTMGR_CTL:
  446. if ( TRUST_STORE == GetStoreType () )
  447. {
  448. bCanContain = true;
  449. }
  450. break;
  452. default:
  453. break;
  454. }
  456. _TRACE (-1, L"Leaving CCertStoreRSOP::CanContain - %s\n",
  457. (LPCWSTR) m_pcszStoreName);
  458. return bCanContain;
  459. }
  462. bool CCertStoreRSOP::IsMachineStore()
  463. {
  464. _TRACE (0, L"Entering and leaving CCertStoreRSOP::IsMachineStore - %s\n",
  465. (LPCWSTR) m_pcszStoreName);
  466. ASSERT (CERTMGR_LOG_STORE_RSOP == m_objecttype);
  468. if (m_dwFlags & CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY)
  469. return true;
  470. else
  471. return false;
  472. }
  475. void CCertStoreRSOP::FinalCommit()
  476. {
  477. _TRACE (1, L"Entering CCertStoreRSOP::FinalCommit - %s\n",
  478. (LPCWSTR) m_pcszStoreName);
  479. ASSERT (CERTMGR_LOG_STORE_RSOP == m_objecttype);
  480. // Called only from destructor
  481. // Cannot commit here for GPT: GPT has already freed all pertinent data
  482. _TRACE (-1, L"Leaving CCertStoreRSOP::FinalCommit - %s\n",
  483. (LPCWSTR) m_pcszStoreName);
  484. }
  487. bool CCertStoreRSOP::IsNullEFSPolicy()
  488. {
  489. _TRACE (1, L"Entering CCertStoreRSOP::IsNullEFSPolicy - %s\n",
  490. (LPCWSTR) m_pcszStoreName);
  491. GetStoreHandle (); // to initialize
  492. PCCERT_CONTEXT pCertContext = EnumCertificates (0); // sets m_fIsNullEFSPolicy
  493. if ( pCertContext )
  494. ::CertFreeCertificateContext (pCertContext);
  495. Close ();
  496. _TRACE (-1, L"Leaving CCertStoreRSOP::IsNullEFSPolicy - %s\n",
  497. (LPCWSTR) m_pcszStoreName);
  498. return m_fIsNullEFSPolicy;
  499. }
  501. void CCertStoreRSOP::AllowEmptyEFSPolicy()
  502. {
  503. _TRACE (1, L"Entering CCertStoreRSOP::AllowEmptyEFSPolicy - %s\n",
  504. (LPCWSTR) m_pcszStoreName);
  505. m_fIsNullEFSPolicy = false;
  506. _TRACE (-1, L"Leaving CCertStoreRSOP::AllowEmptyEFSPolicy - %s\n",
  507. (LPCWSTR) m_pcszStoreName);
  508. }
  510. PCCERT_CONTEXT CCertStoreRSOP::EnumCertificates (PCCERT_CONTEXT pPrevCertContext)
  511. {
  512. PCCERT_CONTEXT pCertContext = CCertStore::EnumCertificates (pPrevCertContext);
  514. if ( pCertContext )
  515. m_fIsNullEFSPolicy = false;
  517. return pCertContext;
  518. }