|
|
//+-------------------------------------------------------------------------
//
// Microsoft Windows
//
// Copyright (C) Microsoft Corporation, 1995 - 1999
//
// File: dcom.cpp
//
// Contents: IDispatch helper functions
//
//--------------------------------------------------------------------------
#include <pch.cpp>
#pragma hdrstop
#include "certsrvd.h"
#define __dwFILE__ __dwFILE_CERTLIB_DCOM_CPP__
HRESULTmySplitConfigString( IN WCHAR const *pwszConfig, OUT WCHAR **ppwszServer, OUT WCHAR **ppwszAuthority){ HRESULT hr; WCHAR const *pwsz; DWORD cwcServer; WCHAR *pwszAuthority = NULL; *ppwszServer = NULL; *ppwszAuthority = NULL; while (L'\\' == *pwszConfig) { pwszConfig++; } pwsz = wcschr(pwszConfig, L'\\'); if (NULL == pwsz) { cwcServer = wcslen(pwszConfig); } else { cwcServer = SAFE_SUBTRACT_POINTERS(pwsz, pwszConfig); pwsz++;
pwszAuthority = (WCHAR *) LocalAlloc( LMEM_FIXED, (wcslen(pwsz) + 1) * sizeof(WCHAR)); if (NULL == pwszAuthority) { hr = E_OUTOFMEMORY; _JumpError(hr, error, "LocalAlloc"); } wcscpy(pwszAuthority, pwsz); } *ppwszServer = (WCHAR *) LocalAlloc( LMEM_FIXED, (cwcServer + 1) * sizeof(WCHAR)); if (NULL == *ppwszServer) { hr = E_OUTOFMEMORY; _JumpError(hr, error, "LocalAlloc"); } CopyMemory(*ppwszServer, pwszConfig, cwcServer * sizeof(WCHAR)); (*ppwszServer)[cwcServer] = L'\0';
*ppwszAuthority = pwszAuthority; pwszAuthority = NULL; hr = S_OK;
error: if (NULL != pwszAuthority) { LocalFree(pwszAuthority); } return(hr);}
HRESULT_OpenDComConnection( IN WCHAR const *pwszConfig, IN CLSID const *pclsid, IN IID const *piid, OPTIONAL OUT WCHAR const **ppwszAuthority, OPTIONAL IN OUT WCHAR **ppwszServerName, OUT BOOL *pfNewConnection, IN OUT IUnknown **ppUnknown){ HRESULT hr; WCHAR *pwszServerName = NULL; WCHAR *pwsz; DWORD cwc; COSERVERINFO ComponentInfo; MULTI_QI mq; WCHAR *pwcDot = NULL;
if (NULL == pwszConfig || NULL == pclsid || NULL == piid || NULL == pfNewConnection || NULL == ppUnknown) { hr = E_POINTER; _JumpError(hr, error, "NULL parm"); }
CSASSERT(NULL != pwszConfig); *pfNewConnection = FALSE;
// Allow UNC-style config strings: \\server\CaName
while (L'\\' == *pwszConfig) { pwszConfig++; } pwsz = wcschr(pwszConfig, L'\\'); if (NULL == pwsz) { cwc = wcslen(pwszConfig); if (NULL != ppwszAuthority) { *ppwszAuthority = &pwszConfig[cwc]; } } else { cwc = SAFE_SUBTRACT_POINTERS(pwsz, pwszConfig); if (NULL != ppwszAuthority) { *ppwszAuthority = &pwsz[1]; } } pwszServerName = (WCHAR *) LocalAlloc( LMEM_FIXED, (cwc + 1) * sizeof(WCHAR)); if (NULL == pwszServerName) { hr = E_OUTOFMEMORY; _JumpError(hr, error, "LocalAlloc"); } CopyMemory(pwszServerName, pwszConfig, cwc * sizeof(WCHAR)); pwszServerName[cwc] = L'\0';
// NOTE: CoSetProxyBlanket returns RPC_S_UNKNOWN_AUTHN_SERVICE when
// the Dns name ends with a '.'. Until that's fixed, truncate the dot.
if (0 < cwc && L'.' == pwszServerName[cwc - 1]) { pwszServerName[cwc - 1] = L'\0'; cwc--; }
if (NULL == *ppUnknown || NULL == ppwszServerName || NULL == *ppwszServerName || 0 != mylstrcmpiL(pwszServerName, *ppwszServerName)) { ZeroMemory(&ComponentInfo, sizeof(COSERVERINFO)); ComponentInfo.pwszName = pwszServerName; //ComponentInfo.pAuthInfo = NULL;
mq.pIID = piid; mq.pItf = NULL; mq.hr = S_OK;
myCloseDComConnection(ppUnknown, ppwszServerName);
for (;;) { hr = CoCreateInstanceEx( *pclsid, NULL, CLSCTX_SERVER, //CLSCTX_LOCAL_SERVER,
&ComponentInfo, 1, &mq); _PrintIfErrorStr2( hr, "CoCreateInstanceEx", pwszServerName, E_NOINTERFACE);
if (HRESULT_FROM_WIN32(RPC_S_SERVER_UNAVAILABLE) == hr && 0 < cwc && L'.' == pwszServerName[cwc - 1]) { pwcDot = &pwszServerName[cwc - 1]; *pwcDot = L'\0'; continue; } break; } if (NULL != pwcDot) { *pwcDot = L'.'; } _JumpIfErrorStr2(hr, error, "CoCreateInstanceEx", pwszServerName, hr);
*ppUnknown = mq.pItf; if (NULL != ppwszServerName) { CSASSERT(NULL == *ppwszServerName); *ppwszServerName = pwszServerName; pwszServerName = NULL; }
*pfNewConnection = TRUE; } hr = S_OK;
error: if (S_OK != hr) { myCloseDComConnection(ppUnknown, ppwszServerName); } if (NULL != pwszServerName) { LocalFree(pwszServerName); } return(hr);}
HRESULT_OpenDComConnection2( IN WCHAR const *pwszConfig, IN CLSID const *pclsid, IN IID const *piid, // v1 interface
IN IID const *piid2,// v2 interface
OPTIONAL OUT WCHAR const **ppwszAuthority, OPTIONAL IN OUT WCHAR **ppwszServerName, OPTIONAL OUT BOOL *pfNewConnection, IN OUT DWORD *pdwServerVersion, IN OUT IUnknown **ppUnknown){ HRESULT hr = E_INVALIDARG; BOOL fNewConnection; DWORD dwAuthnSvc = RPC_C_AUTHN_DEFAULT; IUnknown *pUnknown; IUnknown *pRealUnknown = NULL; IRpcOptions *pRpcOpt = NULL; ULONG_PTR dwProperty = 0;
if (NULL != pfNewConnection) { *pfNewConnection = FALSE; } CSASSERT( 0 == *pdwServerVersion || 1 == *pdwServerVersion || 2 == *pdwServerVersion);
hr = _OpenDComConnection( pwszConfig, pclsid, piid, ppwszAuthority, ppwszServerName, &fNewConnection, ppUnknown); _JumpIfError(hr, error, "_OpenDComConnection");
if (fNewConnection) { if (NULL != pfNewConnection) { *pfNewConnection = TRUE; }
// determine if server is on local box, we'll pass in AuthN param based on this
hr = (*ppUnknown)->QueryInterface (IID_IRpcOptions, (void**)&pRpcOpt); if (SUCCEEDED(hr)) { hr = pRpcOpt->Query((*ppUnknown), COMBND_SERVER_LOCALITY, &dwProperty); if (SUCCEEDED(hr)) { // if not local, set snego (locally snego doesn't work)
if(SERVER_LOCALITY_MACHINE_LOCAL != dwProperty) dwAuthnSvc = RPC_C_AUTHN_GSS_NEGOTIATE; } pRpcOpt->Release(); pRpcOpt = NULL; }
hr = (*ppUnknown)->QueryInterface(IID_IUnknown, (VOID **) &pRealUnknown); _JumpIfError(hr, error, "QI IUnknown");
hr = CoSetProxyBlanket( pRealUnknown, dwAuthnSvc, RPC_C_AUTHZ_DEFAULT, // use NT default authentication
COLE_DEFAULT_PRINCIPAL, RPC_C_AUTHN_LEVEL_PKT_PRIVACY, // call
RPC_C_IMP_LEVEL_IMPERSONATE, NULL, EOAC_STATIC_CLOAKING); _JumpIfError(hr, error, "CoSetProxyBlanket");
hr = CoSetProxyBlanket( *ppUnknown, dwAuthnSvc, RPC_C_AUTHZ_DEFAULT, // use NT default authentication
COLE_DEFAULT_PRINCIPAL, RPC_C_AUTHN_LEVEL_PKT_PRIVACY, // call
RPC_C_IMP_LEVEL_IMPERSONATE, NULL, EOAC_STATIC_CLOAKING); _JumpIfError(hr, error, "CoSetProxyBlanket");
hr = (*ppUnknown)->QueryInterface(*piid2, (VOID **) &pUnknown); if (S_OK != hr) { *pdwServerVersion = 1; // v2 not supported
} else { *pdwServerVersion = 2; // v2 supported
(*ppUnknown)->Release(); *ppUnknown = pUnknown;
hr = CoSetProxyBlanket( *ppUnknown, dwAuthnSvc, RPC_C_AUTHZ_DEFAULT, // use NT default authentication
COLE_DEFAULT_PRINCIPAL, RPC_C_AUTHN_LEVEL_PKT_PRIVACY, // call
RPC_C_IMP_LEVEL_IMPERSONATE, NULL, EOAC_STATIC_CLOAKING); _JumpIfError(hr, error, "CoSetProxyBlanket");
}
} hr = S_OK;
error: if(pRealUnknown) { pRealUnknown->Release(); } return(hr);}
HRESULTmyOpenAdminDComConnection( IN WCHAR const *pwszConfig, OPTIONAL OUT WCHAR const **ppwszAuthority, OPTIONAL IN OUT WCHAR **ppwszServerName, IN OUT DWORD *pdwServerVersion, IN OUT ICertAdminD2 **ppICertAdminD){ HRESULT hr;
hr = _OpenDComConnection2( pwszConfig, &CLSID_CCertAdminD, &IID_ICertAdminD, &IID_ICertAdminD2, ppwszAuthority, ppwszServerName, NULL, // pfNewConnection
pdwServerVersion, (IUnknown **) ppICertAdminD); _JumpIfError(hr, error, "_OpenDComConnection2");
error: return(hr);}
HRESULTmyOpenRequestDComConnection( IN WCHAR const *pwszConfig, OPTIONAL OUT WCHAR const **ppwszAuthority, OPTIONAL IN OUT WCHAR **ppwszServerName, OPTIONAL OUT BOOL *pfNewConnection, IN OUT DWORD *pdwServerVersion, IN OUT ICertRequestD2 **ppICertRequestD){ HRESULT hr;
hr = _OpenDComConnection2( pwszConfig, &CLSID_CCertRequestD, &IID_ICertRequestD, &IID_ICertRequestD2, ppwszAuthority, ppwszServerName, pfNewConnection, pdwServerVersion, (IUnknown **) ppICertRequestD); _JumpIfError(hr, error, "_OpenDComConnection2");
error: return(hr);}
//+--------------------------------------------------------------------------
// myCloseDComConnection -- release DCOM connection
//
//+--------------------------------------------------------------------------
VOIDmyCloseDComConnection( OPTIONAL IN OUT IUnknown **ppUnknown, OPTIONAL IN OUT WCHAR **ppwszServerName){ if (NULL != ppUnknown && NULL != *ppUnknown) { (*ppUnknown)->Release(); *ppUnknown = NULL; } if (NULL != ppwszServerName && NULL != *ppwszServerName) { LocalFree(*ppwszServerName); *ppwszServerName = NULL; }}
HRESULTmyPingCertSrv( IN WCHAR const *pwszConfigOrCAName, OPTIONAL IN WCHAR const *pwszMachineName, OPTIONAL OUT WCHAR **ppwszzCANames, OPTIONAL OUT WCHAR **ppwszSharedFolder, OPTIONAL OUT CAINFO **ppCAInfo, OPTIONAL OUT DWORD *pdwServerVersion, OPTIONAL OUT WCHAR **ppwszCADnsName){ HRESULT hr; WCHAR wszConfig[MAX_PATH]; WCHAR const *pwszConfig; ICertRequestD2 *pICertRequestD = NULL; WCHAR const *pwszAuthority; CERTTRANSBLOB ctbCANames; CERTTRANSBLOB ctbSharedFolder; CERTTRANSBLOB ctbCAInfo; CERTTRANSBLOB ctbCADnsName; CAINFO CAInfo; CAINFO const *pCAInfo; DWORD dwServerVersion = 0;
ctbCANames.pb = NULL; ctbCANames.cb = 0; ctbSharedFolder.pb = NULL; ctbSharedFolder.cb = 0; ctbCAInfo.pb = NULL; ctbCAInfo.cb = 0; ctbCADnsName.pb = NULL; ctbCADnsName.cb = 0;
if (NULL != ppwszzCANames) { *ppwszzCANames = NULL; } if (NULL != ppwszSharedFolder) { *ppwszSharedFolder = NULL; } if (NULL != ppCAInfo) { *ppCAInfo = NULL; } if (NULL != ppwszCADnsName) { *ppwszCADnsName = NULL; }
if (NULL == pwszConfigOrCAName) { hr = E_POINTER; _JumpError(hr, error, "Invalid parameters"); } pwszConfig = pwszConfigOrCAName; if (NULL != pwszMachineName) { wcscpy(wszConfig, pwszMachineName); wcscat(wszConfig, L"\\"); wcscat(wszConfig, pwszConfigOrCAName); pwszConfig = wszConfig; }
hr = myOpenRequestDComConnection( pwszConfig, &pwszAuthority, NULL, NULL, &dwServerVersion, &pICertRequestD); _JumpIfError(hr, error, "myOpenRequestDComConnection");
CSASSERT(0 != dwServerVersion);
if (2 <= dwServerVersion) { __try { hr = pICertRequestD->Ping2(pwszAuthority); } __except(hr = myHEXCEPTIONCODE(), EXCEPTION_EXECUTE_HANDLER) { } _JumpIfError(hr, error, "Ping2"); } else { __try { hr = pICertRequestD->Ping(pwszAuthority); } __except(hr = myHEXCEPTIONCODE(), EXCEPTION_EXECUTE_HANDLER) { } _JumpIfError(hr, error, "Ping"); }
if (NULL != ppwszzCANames) { __try { hr = pICertRequestD->GetCACert( GETCERT_CANAME, pwszAuthority, &ctbCANames); } __except(hr = myHEXCEPTIONCODE(), EXCEPTION_EXECUTE_HANDLER) { } _JumpIfError(hr, error, "GetCACert(CANames)");
// must register this memory
myRegisterMemAlloc(ctbCANames.pb, ctbCANames.cb, CSM_COTASKALLOC);
// Only one CA Name expected for now...
CSASSERT( (wcslen((WCHAR *) ctbCANames.pb) + 1) * sizeof(WCHAR) == ctbCANames.cb);
*ppwszzCANames = (WCHAR *) LocalAlloc( LMEM_FIXED, ctbCANames.cb + sizeof(WCHAR)); if (NULL == *ppwszzCANames) { hr = E_OUTOFMEMORY; _JumpError(hr, error, "LocalAlloc"); } CopyMemory(*ppwszzCANames, ctbCANames.pb, ctbCANames.cb); (*ppwszzCANames)[ctbCANames.cb/sizeof(WCHAR)] = L'\0'; }
if (NULL != ppwszSharedFolder) { __try { hr = pICertRequestD->GetCACert( GETCERT_SHAREDFOLDER, pwszAuthority, &ctbSharedFolder); } __except(hr = myHEXCEPTIONCODE(), EXCEPTION_EXECUTE_HANDLER) { } _JumpIfError(hr, error, "GetCACert(SharedFolder)"); // must register this memory
myRegisterMemAlloc(ctbSharedFolder.pb, ctbSharedFolder.cb, CSM_COTASKALLOC); *ppwszSharedFolder = (WCHAR *)LocalAlloc(LMEM_FIXED, ctbSharedFolder.cb + sizeof(WCHAR)); if (NULL == *ppwszSharedFolder) { hr = E_OUTOFMEMORY; _JumpError(hr, error, "LocalAlloc"); } CopyMemory(*ppwszSharedFolder, ctbSharedFolder.pb, ctbSharedFolder.cb); (*ppwszSharedFolder)[ctbSharedFolder.cb/sizeof(WCHAR)] = L'\0'; CSASSERT(wcslen(*ppwszSharedFolder)*sizeof(WCHAR) == ctbSharedFolder.cb); }
if (NULL != ppCAInfo) { __try { hr = pICertRequestD->GetCACert( GETCERT_CAINFO, pwszAuthority, &ctbCAInfo); } __except(hr = myHEXCEPTIONCODE(), EXCEPTION_EXECUTE_HANDLER) { } if (E_INVALIDARG == hr) // if old server
{ __try { hr = pICertRequestD->GetCACert( GETCERT_CATYPE, pwszAuthority, &ctbCAInfo); } __except(hr = myHEXCEPTIONCODE(), EXCEPTION_EXECUTE_HANDLER) { } _JumpIfError(hr, error, "GetCACert(CAType)");
myRegisterMemAlloc(ctbCAInfo.pb, ctbCAInfo.cb, CSM_COTASKALLOC);
ZeroMemory(&CAInfo, sizeof(CAInfo)); CAInfo.cbSize = CCSIZEOF_STRUCT(CAINFO, cCASignatureCerts); CAInfo.CAType = *(ENUM_CATYPES *) ctbCAInfo.pb; CAInfo.cCASignatureCerts = 1; pCAInfo = &CAInfo; } else { _JumpIfError(hr, error, "GetCACert(CAInfo)");
// must register this memory
myRegisterMemAlloc(ctbCAInfo.pb, ctbCAInfo.cb, CSM_COTASKALLOC);
pCAInfo = (CAINFO *) ctbCAInfo.pb; } *ppCAInfo = (CAINFO *) LocalAlloc(LMEM_FIXED, pCAInfo->cbSize); if (NULL == *ppCAInfo) { hr = E_OUTOFMEMORY; _JumpError(hr, error, "LocalAlloc"); } CopyMemory(*ppCAInfo, pCAInfo, pCAInfo->cbSize); } if (NULL != pdwServerVersion) { *pdwServerVersion = dwServerVersion; } if (NULL != ppwszCADnsName && 2 <= dwServerVersion) { __try { hr = pICertRequestD->GetCAProperty( pwszAuthority, CR_PROP_DNSNAME, 0, PROPTYPE_STRING, &ctbCADnsName); } __except(hr = myHEXCEPTIONCODE(), EXCEPTION_EXECUTE_HANDLER) { } _JumpIfError(hr, error, "GetCACert(SharedFolder)");
// must register this memory
myRegisterMemAlloc(ctbCADnsName.pb, ctbCADnsName.cb, CSM_COTASKALLOC); *ppwszCADnsName = (WCHAR *)LocalAlloc(LMEM_FIXED, ctbCADnsName.cb + sizeof(WCHAR)); if (NULL == *ppwszCADnsName) { hr = E_OUTOFMEMORY; _JumpError(hr, error, "LocalAlloc"); } CopyMemory(*ppwszCADnsName, ctbCADnsName.pb, ctbCADnsName.cb); (*ppwszCADnsName)[ctbCADnsName.cb/sizeof(WCHAR)] = L'\0'; CSASSERT((wcslen(*ppwszCADnsName)+1)*sizeof(WCHAR) == ctbCADnsName.cb); }
hr = S_OK;
error: myCloseDComConnection((IUnknown **) &pICertRequestD, NULL); if (NULL != ctbCANames.pb) { CoTaskMemFree(ctbCANames.pb); } if (NULL != ctbSharedFolder.pb) { CoTaskMemFree(ctbSharedFolder.pb); } if (NULL != ctbCAInfo.pb) { CoTaskMemFree(ctbCAInfo.pb); } if (NULL != ctbCADnsName.pb) { CoTaskMemFree(ctbCADnsName.pb); }
return(hr);}
HRESULTmyEnablePrivilege( IN LPCTSTR szPrivilege, IN BOOL fEnable){
HRESULT hr = S_OK; TOKEN_PRIVILEGES NewState; CAutoHANDLE hThread; CAutoHANDLE hToken;
NewState.PrivilegeCount = 1;
hThread = GetCurrentThread(); if (!hThread) { hr = myHLastError(); _JumpIfError(hr, error, "GetCurrentThread"); }
// Get the access token for current thread
if (!OpenThreadToken( hThread, TOKEN_QUERY | TOKEN_ADJUST_PRIVILEGES, FALSE, &hToken)) { hr = myHLastError();
if(hr==HRESULT_FROM_WIN32(ERROR_NO_TOKEN)) { HANDLE hProcess = GetCurrentProcess(); if (!hProcess) { hr = myHLastError(); _JumpError(hr, error, "GetCurrentProcess"); }
if (!OpenProcessToken(hProcess, TOKEN_QUERY | TOKEN_ADJUST_PRIVILEGES, &hToken)) { hr = myHLastError(); _JumpError(hr, error, "OpenProcessToken"); }
hr = S_OK; } else { _JumpError(hr, error, "OpenThreadToken"); } }
if (!LookupPrivilegeValue(NULL, szPrivilege, &NewState.Privileges[0].Luid)) { hr = myHLastError(); _JumpIfError(hr, error, "LookupPrivelageValue"); }
NewState.Privileges[0].Attributes = (fEnable?SE_PRIVILEGE_ENABLED:0);
if(!AdjustTokenPrivileges(hToken, FALSE, &NewState, sizeof(NewState), NULL, NULL)) { hr = myHLastError(); _JumpIfError(hr, error, "AdjustTokenPrivileges"); } else { hr = myHLastError(); if(HRESULT_FROM_WIN32(ERROR_NOT_ALL_ASSIGNED)==hr) { // privilege not held, return a generic access denied error
hr = E_ACCESSDENIED; } }
error: return hr;}
|
