archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-server-2003/ds/security/services/ca/policy/sample/request.cpp

453 lines
10 KiB
Raw Permalink Normal View History

commiting as it is
4 years ago
  1. //+--------------------------------------------------------------------------
  2. //
  3. // Microsoft Windows
  4. // Copyright (C) Microsoft Corporation, 1996 - 2000
  5. //
  6. // File: request.cpp
  7. //
  8. // Contents: Cert Server Policy Module implementation
  9. //
  10. //---------------------------------------------------------------------------
  12. #include "pch.cpp"
  13. #pragma hdrstop
  15. #include <assert.h>
  16. #include "celib.h"
  17. #include "policy.h"
  18. #include "module.h"
  21. HRESULT
  22. ReqInitialize(
  23. IN ICertServerPolicy *pServer)
  24. {
  25. HRESULT hr;
  27. hr = S_OK;
  29. return(hr);
  30. }
  33. VOID
  34. ReqCleanup()
  35. {
  36. }
  39. CRequestInstance::~CRequestInstance()
  40. {
  41. _Cleanup();
  42. }
  45. VOID
  46. CRequestInstance::_Cleanup()
  47. {
  48. if (NULL != m_strTemplateName)
  49. {
  50. SysFreeString(m_strTemplateName);
  51. m_strTemplateName = NULL;
  52. }
  53. if (NULL != m_strTemplateObjId)
  54. {
  55. SysFreeString(m_strTemplateObjId);
  56. m_strTemplateObjId = NULL;
  57. }
  58. }
  63. static WCHAR const *s_apwszCATypes[] =
  64. {
  65. wszCERTTYPE_SUBORDINATE_CA,
  66. wszCERTTYPE_CROSS_CA,
  67. };
  69. //+--------------------------------------------------------------------------
  70. // CRequestInstance::Initialize
  71. //
  72. // Returns S_OK on success.
  73. //+--------------------------------------------------------------------------
  75. HRESULT
  76. CRequestInstance::Initialize(
  77. IN CCertPolicySample *pPolicy,
  78. IN ICertServerPolicy *pServer,
  79. OUT BOOL *pfEnableEnrolleeExtensions)
  80. {
  81. HRESULT hr;
  82. HRESULT hrTemplate = S_OK;
  83. CERT_TEMPLATE_EXT *pTemplate = NULL;
  84. CERT_NAME_VALUE *pName = NULL;
  85. BSTR strTemplateObjId = NULL; // from V2 template extension
  86. BSTR strTemplateName = NULL; // from V1 template extension
  87. BSTR strTemplateRA = NULL; // from request attributes
  88. WCHAR const *pwszTemplateName;
  89. WCHAR const *pwszTemplateObjId;
  90. WCHAR const *pwszV1TemplateClass;
  91. VARIANT varValue;
  92. DWORD cbType;
  93. DWORD i;
  94. BOOL fConflict;
  95. BOOL f;
  96. BOOL fTemplateMissing;
  97. BOOL fRAObjId = FALSE;
  99. VariantInit(&varValue);
  100. *pfEnableEnrolleeExtensions = TRUE
  101. ;
  103. m_pPolicy = pPolicy;
  104. m_fCA = FALSE;
  107. // Retrieve the template ObjId from the V2 cert template info extension
  109. m_dwTemplateMajorVersion = 0;
  110. m_dwTemplateMinorVersion = 0;
  111. hr = polGetCertificateExtension(
  112. pServer,
  113. TEXT(szOID_CERTIFICATE_TEMPLATE),
  114. PROPTYPE_BINARY,
  115. &varValue);
  116. _PrintIfErrorStr2(
  117. hr,
  118. "Policy:polGetCertificateExtension",
  119. TEXT(szOID_CERTIFICATE_TEMPLATE),
  120. CERTSRV_E_PROPERTY_EMPTY);
  121. if (S_OK == hr)
  122. {
  123. // There was a cert type indicator.
  124. // varValue points to an encoded string
  126. if (VT_BSTR != varValue.vt)
  127. {
  128. hr = E_INVALIDARG;
  129. _JumpError(hr, error, "Policy:varValue.vt");
  130. }
  131. if (!ceDecodeObject(
  132. X509_ASN_ENCODING,
  133. X509_CERTIFICATE_TEMPLATE,
  134. (BYTE *) varValue.bstrVal,
  135. SysStringByteLen(varValue.bstrVal),
  136. FALSE,
  137. (VOID **) &pTemplate,
  138. &cbType))
  139. {
  140. hr = ceHLastError();
  141. _JumpError(hr, error, "Policy:ceDecodeObject");
  142. }
  143. if (!ceConvertSzToBstr(&strTemplateObjId, pTemplate->pszObjId, -1))
  144. {
  145. hr = E_OUTOFMEMORY;
  146. _JumpError(hr, error, "Policy:ceConvertSzToBstr");
  147. }
  148. m_dwTemplateMajorVersion = pTemplate->dwMajorVersion;
  149. m_dwTemplateMinorVersion = pTemplate->dwMinorVersion;
  150. DBGPRINT((
  151. fDebug,
  152. pTemplate->fMinorVersion?
  153. "Extension Template Info: %ws V%u.%u\n" :
  154. "Extension Template Info: %ws V%u%\n",
  155. strTemplateObjId,
  156. m_dwTemplateMajorVersion,
  157. m_dwTemplateMinorVersion));
  158. }
  159. VariantClear(&varValue);
  161. // Retrieve template Name from the V1 cert template name extension
  163. hr = polGetCertificateExtension(
  164. pServer,
  165. TEXT(szOID_ENROLL_CERTTYPE_EXTENSION),
  166. PROPTYPE_BINARY,
  167. &varValue);
  168. _PrintIfErrorStr2(
  169. hr,
  170. "Policy:polGetCertificateExtension",
  171. TEXT(szOID_ENROLL_CERTTYPE_EXTENSION),
  172. CERTSRV_E_PROPERTY_EMPTY);
  173. if (S_OK == hr)
  174. {
  175. // There was a cert type indicator.
  176. // varValue points to an encoded string
  178. if (VT_BSTR != varValue.vt)
  179. {
  180. hr = E_INVALIDARG;
  181. _JumpError(hr, error, "Policy:varValue.vt");
  182. }
  183. if (!ceDecodeObject(
  184. X509_ASN_ENCODING,
  185. X509_UNICODE_ANY_STRING,
  186. (BYTE *) varValue.bstrVal,
  187. SysStringByteLen(varValue.bstrVal),
  188. FALSE,
  189. (VOID **) &pName,
  190. &cbType))
  191. {
  192. hr = ceHLastError();
  193. _JumpError(hr, error, "Policy:ceDecodeObject");
  194. }
  195. strTemplateName = SysAllocString((WCHAR *) pName->Value.pbData);
  196. if (NULL == strTemplateName)
  197. {
  198. hr = E_OUTOFMEMORY;
  199. _JumpError(hr, error, "Policy:SysAllocString");
  200. }
  201. DBGPRINT((fDebug, "Extension Template: %ws\n", strTemplateName));
  202. }
  204. fConflict = FALSE;
  205. fTemplateMissing = FALSE;
  207. // Retrieve the template from the request attributes
  209. hr = polGetRequestAttribute(pServer, wszPROPCERTTEMPLATE, &strTemplateRA);
  210. if (S_OK != hr)
  211. {
  212. _PrintErrorStr2(
  213. hr,
  214. "Policy:polGetRequestAttribute",
  215. wszPROPCERTTEMPLATE,
  216. CERTSRV_E_PROPERTY_EMPTY);
  217. hr = S_OK;
  220. }
  221. else
  222. {
  223. DBGPRINT((fDebug, "Attribute Template: %ws\n", strTemplateRA));
  224. if (NULL != strTemplateObjId &&
  225. !_TemplateNamesMatch(strTemplateObjId, strTemplateRA, &f))
  226. {
  227. fConflict = TRUE;
  228. if (f)
  229. {
  230. fTemplateMissing = TRUE;
  231. }
  232. }
  233. if (NULL != strTemplateName &&
  234. !_TemplateNamesMatch(strTemplateName, strTemplateRA, &f))
  235. {
  236. fConflict = TRUE;
  237. if (f)
  238. {
  239. fTemplateMissing = TRUE;
  240. }
  241. }
  242. hr = ceVerifyObjId(strTemplateRA);
  243. fRAObjId = S_OK == hr;
  244. }
  246. if (NULL != strTemplateObjId &&
  247. NULL != strTemplateName &&
  248. !_TemplateNamesMatch(strTemplateObjId, strTemplateName, &f))
  249. {
  250. fConflict = TRUE;
  251. if (f)
  252. {
  253. fTemplateMissing = TRUE;
  254. }
  255. }
  257. if (fConflict)
  258. {
  259. hrTemplate = CERTSRV_E_TEMPLATE_CONFLICT;
  260. if (NULL != strTemplateObjId)
  261. {
  262. _PrintErrorStr(
  263. hrTemplate,
  264. "Policy:Extension Template ObjId",
  265. strTemplateObjId);
  266. }
  267. if (NULL != strTemplateName)
  268. {
  269. _PrintErrorStr(
  270. hrTemplate,
  271. "Policy:Extension Template Name",
  272. strTemplateName);
  273. }
  274. if (NULL != strTemplateRA)
  275. {
  276. _PrintErrorStr(
  277. hrTemplate,
  278. "Policy:Attribute Template",
  279. strTemplateRA);
  280. }
  281. }
  283. pwszTemplateName = strTemplateName;
  284. pwszTemplateObjId = strTemplateObjId;
  285. if (fRAObjId)
  286. {
  287. if (NULL == pwszTemplateObjId)
  288. {
  289. pwszTemplateObjId = strTemplateRA;
  290. }
  291. }
  292. else
  293. {
  294. if (NULL == pwszTemplateName)
  295. {
  296. pwszTemplateName = strTemplateRA;
  297. }
  298. }
  301. {
  302. if (NULL != pwszTemplateName)
  303. {
  304. for (i = 0; i < ARRAYSIZE(s_apwszCATypes); i++)
  305. {
  306. if (0 == celstrcmpiL(s_apwszCATypes[i], pwszTemplateName))
  307. {
  308. m_fCA = TRUE;
  309. break;
  310. }
  311. }
  312. }
  313. }
  314. hr = SetTemplateName(pServer, pwszTemplateName, pwszTemplateObjId);
  315. _JumpIfError(hr, error, "Policy:SetTemplateName");
  317. pwszV1TemplateClass = pwszTemplateName;
  320. hr = pPolicy->AddV1TemplateNameExtension(pServer, pwszV1TemplateClass);
  321. _JumpIfError(hr, error, "AddTemplateNameExtension");
  323. error:
  324. if (S_OK != hrTemplate)
  325. {
  326. hr = hrTemplate; // override secondary errors
  328. }
  329. VariantClear(&varValue);
  331. if (NULL != pName)
  332. {
  333. LocalFree(pName);
  334. }
  335. if (NULL != pTemplate)
  336. {
  337. LocalFree(pTemplate);
  338. }
  339. if (NULL != strTemplateObjId)
  340. {
  341. SysFreeString(strTemplateObjId);
  342. }
  343. if (NULL != strTemplateName)
  344. {
  345. SysFreeString(strTemplateName);
  346. }
  347. if (NULL != strTemplateRA)
  348. {
  349. SysFreeString(strTemplateRA);
  350. }
  351. return(hr);
  352. }
  357. BOOL
  358. CRequestInstance::_TemplateNamesMatch(
  359. IN WCHAR const *pwszTemplateName1,
  360. IN WCHAR const *pwszTemplateName2,
  361. OUT BOOL *pfTemplateMissing)
  362. {
  363. HRESULT hr1;
  364. HRESULT hr2;
  365. BOOL fMatch = TRUE;
  367. *pfTemplateMissing = FALSE;
  369. if (0 == celstrcmpiL(pwszTemplateName1, pwszTemplateName2))
  370. {
  371. goto done; // identical names
  372. }
  374. {
  375. hr1 = ceVerifyObjId(pwszTemplateName1);
  376. hr2 = ceVerifyObjId(pwszTemplateName2);
  377. if ((S_OK == hr1) ^ (S_OK == hr2))
  378. {
  379. goto done;
  380. }
  381. }
  382. fMatch = FALSE;
  384. done:
  385. return(fMatch);
  386. }
  389. //+--------------------------------------------------------------------------
  390. // CRequestInstance::SetTemplateName
  391. //
  392. // Returns S_OK on success.
  393. //+--------------------------------------------------------------------------
  395. HRESULT
  396. CRequestInstance::SetTemplateName(
  397. IN ICertServerPolicy *pServer,
  398. IN OPTIONAL WCHAR const *pwszTemplateName,
  399. IN OPTIONAL WCHAR const *pwszTemplateObjId)
  400. {
  401. HRESULT hr;
  402. BSTR strProp = NULL;
  403. BSTR strTemplateName = NULL;
  405. if (NULL != pwszTemplateName)
  406. {
  407. m_strTemplateName = SysAllocString(pwszTemplateName);
  408. if (NULL == m_strTemplateName)
  409. {
  410. hr = E_OUTOFMEMORY;
  411. _JumpError(hr, error, "Policy:SysAllocString");
  412. }
  413. strTemplateName = m_strTemplateName;
  414. }
  416. if (NULL != pwszTemplateObjId)
  417. {
  418. m_strTemplateObjId = SysAllocString(pwszTemplateObjId);
  419. if (NULL == m_strTemplateObjId)
  420. {
  421. hr = E_OUTOFMEMORY;
  422. _JumpError(hr, error, "Policy:SysAllocString");
  423. }
  424. strTemplateName = m_strTemplateObjId;
  425. }
  427. if (NULL != strTemplateName)
  428. {
  429. VARIANT var;
  431. strProp = SysAllocString(wszPROPCERTIFICATETEMPLATE);
  432. if (NULL == strProp)
  433. {
  434. hr = E_OUTOFMEMORY;
  435. _JumpError(hr, error, "Policy:SysAllocString");
  436. }
  438. var.vt = VT_BSTR;
  439. var.bstrVal = strTemplateName;
  441. hr = pServer->SetCertificateProperty(strProp, PROPTYPE_STRING, &var);
  442. _JumpIfError(hr, error, "Policy:SetCertificateProperty");
  443. }
  444. hr = S_OK;
  446. error:
  447. if (NULL != strProp)
  448. {
  449. SysFreeString(strProp);
  450. }
  451. return(hr);
  452. }