archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-server-2003/ds/security/cryptoapi/pki/chain/defce.cpp

700 lines
20 KiB
Raw Permalink Normal View History

commiting as it is
4 years ago
  1. //+---------------------------------------------------------------------------
  2. //
  3. // Microsoft Windows NT Security
  4. // Copyright (C) Microsoft Corporation, 1997 - 1999
  5. //
  6. // File: defce.cpp
  7. //
  8. // Contents: Default Chain Engine Manager
  9. //
  10. // History: 21-Apr-98 kirtd Created
  11. //
  12. //----------------------------------------------------------------------------
  13. #include <global.hxx>
  14. //+---------------------------------------------------------------------------
  15. //
  16. // Member: CDefaultChainEngineMgr::CDefaultChainEngineMgr, public
  17. //
  18. // Synopsis: Constructor
  19. //
  20. //----------------------------------------------------------------------------
  21. CDefaultChainEngineMgr::CDefaultChainEngineMgr ()
  22. {
  23. }
  25. //+---------------------------------------------------------------------------
  26. //
  27. // Member: CDefaultChainEngineMgr::~CDefaultChainEngineMgr, public
  28. //
  29. // Synopsis: Destructor
  30. //
  31. //----------------------------------------------------------------------------
  32. CDefaultChainEngineMgr::~CDefaultChainEngineMgr ()
  33. {
  34. }
  36. //+---------------------------------------------------------------------------
  37. //
  38. // Member: CDefaultChainEngineMgr::Initialize, public
  39. //
  40. // Synopsis: initialization routine
  41. //
  42. //----------------------------------------------------------------------------
  43. BOOL
  44. CDefaultChainEngineMgr::Initialize ()
  45. {
  46. LRU_CACHE_CONFIG Config;
  48. if (!Pki_InitializeCriticalSection( &m_Lock ))
  49. {
  50. return FALSE;
  51. }
  53. m_hLocalMachineEngine = NULL;
  54. m_hProcessUserEngine = NULL;
  55. m_hImpersonationCache = NULL;
  57. memset( &Config, 0, sizeof( Config ) );
  59. Config.dwFlags = LRU_CACHE_NO_SERIALIZE;
  60. Config.cBuckets = DEFAULT_IMPERSONATION_CACHE_BUCKETS;
  61. Config.MaxEntries = MAX_IMPERSONATION_CACHE_ENTRIES;
  62. Config.pfnHash = DefaultChainEngineMgrHashTokenIdentifier;
  63. Config.pfnOnRemoval = DefaultChainEngineMgrOnImpersonationEngineRemoval;
  65. if (!I_CryptCreateLruCache( &Config, &m_hImpersonationCache ) )
  66. {
  67. DeleteCriticalSection( &m_Lock );
  68. return FALSE;
  69. }
  71. return TRUE;
  72. }
  74. //+---------------------------------------------------------------------------
  75. //
  76. // Member: CDefaultChainEngineMgr::Uninitialize, public
  77. //
  78. // Synopsis: uninitialization routine
  79. //
  80. //----------------------------------------------------------------------------
  81. VOID
  82. CDefaultChainEngineMgr::Uninitialize ()
  83. {
  84. if ( m_hLocalMachineEngine != NULL )
  85. {
  86. CertFreeCertificateChainEngine( m_hLocalMachineEngine );
  87. }
  89. if ( m_hProcessUserEngine != NULL )
  90. {
  91. CertFreeCertificateChainEngine( m_hProcessUserEngine );
  92. }
  94. if ( m_hImpersonationCache != NULL )
  95. {
  96. I_CryptFreeLruCache( m_hImpersonationCache, 0, NULL );
  97. }
  99. DeleteCriticalSection( &m_Lock );
  100. }
  102. //+---------------------------------------------------------------------------
  103. //
  104. // Member: CDefaultChainEngineMgr::GetDefaultEngine, public
  105. //
  106. // Synopsis: get the default engine
  107. //
  108. //----------------------------------------------------------------------------
  109. BOOL
  110. CDefaultChainEngineMgr::GetDefaultEngine (
  111. IN HCERTCHAINENGINE hDefaultHandle,
  112. OUT HCERTCHAINENGINE* phDefaultEngine
  113. )
  114. {
  115. assert( ( hDefaultHandle == HCCE_LOCAL_MACHINE ) ||
  116. ( hDefaultHandle == HCCE_CURRENT_USER ) );
  118. if ( hDefaultHandle == HCCE_LOCAL_MACHINE )
  119. {
  120. return( GetDefaultLocalMachineEngine( phDefaultEngine ) );
  121. }
  122. else if ( hDefaultHandle == HCCE_CURRENT_USER )
  123. {
  124. return( GetDefaultCurrentUserEngine( phDefaultEngine ) );
  125. }
  127. SetLastError( (DWORD) E_INVALIDARG );
  128. return( FALSE );
  129. }
  131. //+---------------------------------------------------------------------------
  132. //
  133. // Member: CDefaultChainEngineMgr::GetDefaultLocalMachineEngine, public
  134. //
  135. // Synopsis: get the default local machine chain engine
  136. //
  137. //----------------------------------------------------------------------------
  138. BOOL
  139. CDefaultChainEngineMgr::GetDefaultLocalMachineEngine (
  140. OUT HCERTCHAINENGINE* phDefaultEngine
  141. )
  142. {
  143. BOOL fResult = TRUE;
  145. EnterCriticalSection( &m_Lock );
  147. if ( m_hLocalMachineEngine == NULL )
  148. {
  149. HCERTCHAINENGINE hEngine = NULL;
  150. CERT_CHAIN_ENGINE_CONFIG Config;
  152. LeaveCriticalSection( &m_Lock );
  154. memset( &Config, 0, sizeof( Config ) );
  156. Config.cbSize = sizeof( Config );
  157. Config.dwFlags = CERT_CHAIN_USE_LOCAL_MACHINE_STORE;
  158. Config.dwFlags |= CERT_CHAIN_ENABLE_CACHE_AUTO_UPDATE |
  159. CERT_CHAIN_ENABLE_SHARE_STORE;
  161. fResult = CertCreateCertificateChainEngine(
  162. &Config,
  163. &hEngine
  164. );
  166. EnterCriticalSection( &m_Lock );
  168. if ( ( fResult == TRUE ) && ( m_hLocalMachineEngine == NULL ) )
  169. {
  170. m_hLocalMachineEngine = hEngine;
  171. hEngine = NULL;
  172. }
  174. if ( hEngine != NULL )
  175. {
  176. ( (PCCERTCHAINENGINE)hEngine )->Release();
  177. }
  178. }
  180. if ( fResult == TRUE )
  181. {
  182. ( (PCCERTCHAINENGINE)m_hLocalMachineEngine )->AddRef();
  183. *phDefaultEngine = m_hLocalMachineEngine;
  184. }
  186. LeaveCriticalSection( &m_Lock );
  188. return( fResult );
  189. }
  191. //+---------------------------------------------------------------------------
  192. //
  193. // Member: CDefaultChainEngineMgr::GetDefaultCurrentUserEngine, public
  194. //
  195. // Synopsis: get the default current user chain engine
  196. //
  197. //----------------------------------------------------------------------------
  198. BOOL
  199. CDefaultChainEngineMgr::GetDefaultCurrentUserEngine (
  200. OUT HCERTCHAINENGINE* phDefaultEngine
  201. )
  202. {
  203. BOOL fResult = TRUE;
  204. HANDLE hUserToken;
  206. EnterCriticalSection( &m_Lock );
  208. if ( IsImpersonatingUser( &hUserToken ) == FALSE )
  209. {
  210. if ( GetLastError() != ERROR_NO_TOKEN )
  211. {
  212. LeaveCriticalSection( &m_Lock );
  213. return( FALSE );
  214. }
  216. if ( m_hProcessUserEngine == NULL )
  217. {
  218. HCERTCHAINENGINE hEngine = NULL;
  219. CERT_CHAIN_ENGINE_CONFIG Config;
  221. LeaveCriticalSection( &m_Lock );
  223. memset( &Config, 0, sizeof( Config ) );
  225. Config.cbSize = sizeof( Config );
  226. Config.dwFlags |= CERT_CHAIN_ENABLE_CACHE_AUTO_UPDATE |
  227. CERT_CHAIN_ENABLE_SHARE_STORE;
  229. fResult = CertCreateCertificateChainEngine(
  230. &Config,
  231. &hEngine
  232. );
  234. EnterCriticalSection( &m_Lock );
  236. if ( ( fResult == TRUE ) && ( m_hProcessUserEngine == NULL ) )
  237. {
  238. m_hProcessUserEngine = hEngine;
  239. hEngine = NULL;
  240. }
  242. if ( hEngine != NULL )
  243. {
  244. ( (PCCERTCHAINENGINE)hEngine )->Release();
  245. }
  246. }
  248. if ( fResult == TRUE )
  249. {
  250. ( (PCCERTCHAINENGINE)m_hProcessUserEngine )->AddRef();
  251. *phDefaultEngine = m_hProcessUserEngine;
  252. }
  253. }
  254. else
  255. {
  256. fResult = GetDefaultCurrentImpersonatedUserEngine(
  257. hUserToken,
  258. phDefaultEngine
  259. );
  261. CloseHandle( hUserToken );
  262. }
  264. LeaveCriticalSection( &m_Lock );
  266. return( fResult );
  267. }
  269. //+---------------------------------------------------------------------------
  270. //
  271. // Member: CDefaultChainEngineMgr::FlushDefaultEngine, public
  272. //
  273. // Synopsis: flush default engine
  274. //
  275. //----------------------------------------------------------------------------
  276. VOID
  277. CDefaultChainEngineMgr::FlushDefaultEngine (IN HCERTCHAINENGINE hDefaultHandle)
  278. {
  279. HCERTCHAINENGINE hEngine = NULL;
  280. HLRUCACHE hCacheToFree = NULL;
  281. HLRUCACHE hCache = NULL;
  282. LRU_CACHE_CONFIG Config;
  284. EnterCriticalSection( &m_Lock );
  286. if ( hDefaultHandle == HCCE_CURRENT_USER )
  287. {
  288. hEngine = m_hProcessUserEngine;
  289. m_hProcessUserEngine = NULL;
  291. assert( m_hImpersonationCache != NULL );
  293. memset( &Config, 0, sizeof( Config ) );
  295. Config.dwFlags = LRU_CACHE_NO_SERIALIZE;
  296. Config.cBuckets = DEFAULT_IMPERSONATION_CACHE_BUCKETS;
  297. Config.MaxEntries = MAX_IMPERSONATION_CACHE_ENTRIES;
  298. Config.pfnHash = DefaultChainEngineMgrHashTokenIdentifier;
  299. Config.pfnOnRemoval = DefaultChainEngineMgrOnImpersonationEngineRemoval;
  301. if ( I_CryptCreateLruCache( &Config, &hCache ) == TRUE )
  302. {
  303. hCacheToFree = m_hImpersonationCache;
  304. m_hImpersonationCache = hCache;
  305. }
  306. else
  307. {
  308. I_CryptFlushLruCache( m_hImpersonationCache, 0, NULL );
  309. }
  311. assert( m_hImpersonationCache != NULL );
  312. }
  313. else if ( hDefaultHandle == HCCE_LOCAL_MACHINE )
  314. {
  315. hEngine = m_hLocalMachineEngine;
  316. m_hLocalMachineEngine = NULL;
  317. }
  319. LeaveCriticalSection( &m_Lock );
  321. if ( hEngine != NULL )
  322. {
  323. CertFreeCertificateChainEngine( hEngine );
  324. }
  326. if ( hCacheToFree != NULL )
  327. {
  328. I_CryptFreeLruCache( hCacheToFree, 0, NULL );
  329. }
  330. }
  332. //+---------------------------------------------------------------------------
  333. //
  334. // Member: CDefaultChainEngineMgr::GetDefaultCurrentImpersonatedUserEngine
  335. //
  336. // Synopsis: get current impersonated user chain engine
  337. //
  338. //----------------------------------------------------------------------------
  339. BOOL
  340. CDefaultChainEngineMgr::GetDefaultCurrentImpersonatedUserEngine (
  341. IN HANDLE hUserToken,
  342. OUT HCERTCHAINENGINE* phDefaultEngine
  343. )
  344. {
  345. BOOL fResult;
  346. CRYPT_DATA_BLOB TokenId;
  347. PCIMPERSONATIONENGINE pEngine = NULL;
  348. HCERTCHAINENGINE hChainEngine = NULL;
  350. fResult = GetTokenId( hUserToken, &TokenId );
  352. if ( fResult == TRUE )
  353. {
  354. if ( FindImpersonationEngine( &TokenId, &pEngine ) == FALSE )
  355. {
  356. CERT_CHAIN_ENGINE_CONFIG Config;
  358. LeaveCriticalSection( &m_Lock );
  360. memset( &Config, 0, sizeof( Config ) );
  362. Config.cbSize = sizeof( Config );
  363. Config.dwFlags |= CERT_CHAIN_ENABLE_CACHE_AUTO_UPDATE |
  364. CERT_CHAIN_ENABLE_SHARE_STORE;
  366. fResult = CertCreateCertificateChainEngine(
  367. &Config,
  368. &hChainEngine
  369. );
  371. EnterCriticalSection( &m_Lock );
  373. if ( fResult == TRUE )
  374. {
  375. fResult = FindImpersonationEngine( &TokenId, &pEngine );
  377. if ( fResult == FALSE )
  378. {
  379. fResult = CreateImpersonationEngine(
  380. &TokenId,
  381. hChainEngine,
  382. &pEngine
  383. );
  385. if ( fResult == TRUE )
  386. {
  387. hChainEngine = NULL;
  388. AddToImpersonationCache( pEngine );
  389. }
  390. }
  391. }
  392. }
  394. FreeTokenId( &TokenId );
  395. }
  397. if ( fResult == TRUE )
  398. {
  399. *phDefaultEngine = pEngine->ChainEngine();
  400. ( (PCCERTCHAINENGINE)*phDefaultEngine )->AddRef();
  401. }
  403. if ( pEngine != NULL )
  404. {
  405. pEngine->Release();
  406. }
  408. // NOTE: This release of the lock to free the unneeded chain engine handle
  409. // must happen AFTER we're done with the impersonation engine and
  410. // have addref'd the appropriate chain engine handle
  412. if ( hChainEngine != NULL )
  413. {
  414. LeaveCriticalSection( &m_Lock );
  416. CertFreeCertificateChainEngine( hChainEngine );
  418. EnterCriticalSection( &m_Lock );
  419. }
  421. return( fResult );
  422. }
  424. //+---------------------------------------------------------------------------
  425. //
  426. // Member: CDefaultChainEngineMgr::IsImpersonatingUser, public
  427. //
  428. // Synopsis: is impersonating user?
  429. //
  430. //----------------------------------------------------------------------------
  431. BOOL
  432. CDefaultChainEngineMgr::IsImpersonatingUser (
  433. OUT HANDLE* phUserToken
  434. )
  435. {
  436. if ( FIsWinNT() == FALSE )
  437. {
  438. SetLastError( ERROR_NO_TOKEN );
  439. return( FALSE );
  440. }
  442. return( OpenThreadToken(
  443. GetCurrentThread(),
  444. TOKEN_QUERY,
  445. TRUE,
  446. phUserToken
  447. ) );
  448. }
  450. //+---------------------------------------------------------------------------
  451. //
  452. // Member: CDefaultChainEngineMgr::GetTokenId, public
  453. //
  454. // Synopsis: get the token id which is the ModifiedId LUID inside of
  455. // the TOKEN_STATISTICS information
  456. //
  457. //----------------------------------------------------------------------------
  458. BOOL
  459. CDefaultChainEngineMgr::GetTokenId (
  460. IN HANDLE hUserToken,
  461. OUT PCRYPT_DATA_BLOB pTokenId
  462. )
  463. {
  464. BOOL fResult;
  465. TOKEN_STATISTICS ts;
  466. DWORD Length = 0;
  468. fResult = GetTokenInformation(
  469. hUserToken,
  470. TokenStatistics,
  471. &ts,
  472. sizeof( ts ),
  473. &Length
  474. );
  476. if ( fResult == TRUE )
  477. {
  478. pTokenId->cbData = sizeof( ts.ModifiedId );
  479. pTokenId->pbData = new BYTE [ sizeof( ts.ModifiedId ) ];
  480. if ( pTokenId->pbData != NULL )
  481. {
  482. memcpy(
  483. pTokenId->pbData,
  484. &ts.ModifiedId,
  485. sizeof( ts.ModifiedId )
  486. );
  487. }
  488. else
  489. {
  490. SetLastError( (DWORD) E_OUTOFMEMORY );
  491. fResult = FALSE;
  492. }
  493. }
  495. return( fResult );
  496. }
  498. //+---------------------------------------------------------------------------
  499. //
  500. // Member: CDefaultChainEngineMgr::FreeTokenId, public
  501. //
  502. // Synopsis: free token id
  503. //
  504. //----------------------------------------------------------------------------
  505. VOID
  506. CDefaultChainEngineMgr::FreeTokenId (
  507. IN PCRYPT_DATA_BLOB pTokenId
  508. )
  509. {
  510. delete pTokenId->pbData;
  511. }
  513. //+---------------------------------------------------------------------------
  514. //
  515. // Member: CDefaultChainEngineMgr::FindImpersonationEngine, public
  516. //
  517. // Synopsis: find the impersonation engine
  518. //
  519. //----------------------------------------------------------------------------
  520. BOOL
  521. CDefaultChainEngineMgr::FindImpersonationEngine (
  522. IN PCRYPT_DATA_BLOB pTokenId,
  523. OUT PCIMPERSONATIONENGINE* ppEngine
  524. )
  525. {
  526. HLRUENTRY hFound;
  527. PCIMPERSONATIONENGINE pEngine = NULL;
  529. hFound = I_CryptFindLruEntry( m_hImpersonationCache, pTokenId );
  531. if ( hFound != NULL )
  532. {
  533. pEngine = (PCIMPERSONATIONENGINE)I_CryptGetLruEntryData( hFound );
  534. pEngine->AddRef();
  536. *ppEngine = pEngine;
  538. I_CryptReleaseLruEntry( hFound );
  540. return( TRUE );
  541. }
  543. return( FALSE );
  544. }
  546. //+---------------------------------------------------------------------------
  547. //
  548. // Member: CDefaultChainEngineMgr::CreateImpersonationEngine, public
  549. //
  550. // Synopsis: create an impersonation engine
  551. //
  552. //----------------------------------------------------------------------------
  553. BOOL
  554. CDefaultChainEngineMgr::CreateImpersonationEngine (
  555. IN PCRYPT_DATA_BLOB pTokenId,
  556. IN HCERTCHAINENGINE hChainEngine,
  557. OUT PCIMPERSONATIONENGINE* ppEngine
  558. )
  559. {
  560. BOOL fResult = FALSE;
  561. PCIMPERSONATIONENGINE pEngine;
  563. pEngine = new CImpersonationEngine(
  564. m_hImpersonationCache,
  565. hChainEngine,
  566. pTokenId,
  567. fResult
  568. );
  570. if ( pEngine == NULL )
  571. {
  572. SetLastError( (DWORD) E_OUTOFMEMORY );
  573. return( FALSE );
  574. }
  575. else if ( fResult == FALSE )
  576. {
  577. delete pEngine;
  578. return( FALSE );
  579. }
  581. *ppEngine = pEngine;
  582. return( TRUE );
  583. }
  585. //+---------------------------------------------------------------------------
  586. //
  587. // Member: CDefaultChainEngineMgr::AddToImpersonationCache, public
  588. //
  589. // Synopsis: add to the cache
  590. //
  591. //----------------------------------------------------------------------------
  592. VOID
  593. CDefaultChainEngineMgr::AddToImpersonationCache(
  594. IN PCIMPERSONATIONENGINE pEngine
  595. )
  596. {
  597. pEngine->AddRef();
  598. I_CryptInsertLruEntry( pEngine->LruEntry(), NULL );
  599. }
  601. //+---------------------------------------------------------------------------
  602. //
  603. // Function: DefaultChainEngineMgrOnImpersonationEngineRemoval
  604. //
  605. // Synopsis: removal notification
  606. //
  607. //----------------------------------------------------------------------------
  608. VOID WINAPI
  609. DefaultChainEngineMgrOnImpersonationEngineRemoval (
  610. IN LPVOID pv,
  611. IN LPVOID pvRemovalContext
  612. )
  613. {
  614. ( (PCIMPERSONATIONENGINE)pv )->Release();
  615. }
  617. //+---------------------------------------------------------------------------
  618. //
  619. // Function: DefaultChainEngineMgrHashTokenIdentifier
  620. //
  621. // Synopsis: hash the token identifier
  622. //
  623. //----------------------------------------------------------------------------
  624. DWORD WINAPI
  625. DefaultChainEngineMgrHashTokenIdentifier (
  626. IN PCRYPT_DATA_BLOB pIdentifier
  627. )
  628. {
  629. DWORD dwHash = 0;
  630. DWORD cb = pIdentifier->cbData;
  631. LPBYTE pb = pIdentifier->pbData;
  633. while ( cb-- )
  634. {
  635. if ( dwHash & 0x80000000 )
  636. {
  637. dwHash = ( dwHash << 1 ) | 1;
  638. }
  639. else
  640. {
  641. dwHash = dwHash << 1;
  642. }
  644. dwHash += *pb++;
  645. }
  647. return( dwHash );
  648. }
  649. //+---------------------------------------------------------------------------
  650. //
  651. // Member: CImpersonationEngine::CImpersonationEngine, public
  652. //
  653. // Synopsis: Constructor
  654. //
  655. //----------------------------------------------------------------------------
  656. CImpersonationEngine::CImpersonationEngine (
  657. IN HLRUCACHE hCache,
  658. IN HCERTCHAINENGINE hChainEngine,
  659. IN PCRYPT_DATA_BLOB pTokenId,
  660. OUT BOOL& rfResult
  661. )
  662. {
  664. m_cRefs = 1;
  665. m_hChainEngine = NULL;
  666. m_hLruEntry = NULL;
  668. rfResult = I_CryptCreateLruEntry(
  669. hCache,
  670. pTokenId,
  671. this,
  672. &m_hLruEntry
  673. );
  675. if ( rfResult == TRUE )
  676. {
  677. m_hChainEngine = hChainEngine;
  678. }
  679. }
  681. //+---------------------------------------------------------------------------
  682. //
  683. // Member: CImpersonationEngine::~CImpersonationEngine, public
  684. //
  685. // Synopsis: Destructor
  686. //
  687. //----------------------------------------------------------------------------
  688. CImpersonationEngine::~CImpersonationEngine ()
  689. {
  690. if ( m_hLruEntry != NULL )
  691. {
  692. I_CryptReleaseLruEntry( m_hLruEntry );
  693. }
  695. if ( m_hChainEngine != NULL )
  696. {
  697. CertFreeCertificateChainEngine( m_hChainEngine );
  698. }
  699. }