archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-server-2003/inetsrv/iis/iisrearc/iisplus/sfwp/sslconfigprov/client/sslconfigprovclient.cxx

609 lines
13 KiB
Raw Permalink Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (c) 2001 Microsoft Corporation
  5. Module Name :
  6. sslconfigprovclient.cxx
  8. Abstract:
  9. SSL CONFIG PROV client
  11. Client provides easy way of retrieving SSL related parameters
  12. through named pipes.
  13. Only one pipe connection is currently supported and
  14. all client threads have to share it
  15. ( exclusive access is maintained by locking )
  18. Client side is guaranteed not to use any COM stuff.
  19. Not using COM was requirement from NT Security folks
  20. to enable HTTPFilter be hosted in lsass
  22. Author:
  23. Jaroslav Dunajsky April-24-2001
  25. Environment:
  26. Win32 - User Mode
  28. Project:
  29. Stream Filter Worker Process
  30. --*/
  34. #include "precomp.hxx"
  39. HRESULT
  40. SSL_CONFIG_PROV_CLIENT::Initialize(
  41. IN SSL_CONFIG_CHANGE_CALLBACK * pSslConfigChangeCallback,
  42. IN OPTIONAL PVOID pvParam
  43. )
  44. /*++
  46. Routine Description:
  47. Connect to SSL_CONFIG_PIPE
  49. Arguments:
  51. Return Value:
  53. HRESULT
  55. --*/
  56. {
  57. HRESULT hr = E_FAIL;
  59. IF_DEBUG( TRACE )
  60. {
  61. DBGPRINTF(( DBG_CONTEXT,
  62. "SSL_CONFIG_PROV_CLIENT::Initialize()\n"
  63. ));
  64. }
  66. //
  67. // store the callback function pointer, and first parameter
  68. //
  69. _pSslConfigChangeCallback = pSslConfigChangeCallback;
  70. _pSslConfigChangeCallbackParameter = pvParam;
  73. //
  74. // Initialize parent (it will handle all the pipe initialization)
  75. //
  76. return SSL_CONFIG_PIPE::PipeInitializeClient( WSZ_SSL_CONFIG_PIPE );
  79. }
  81. HRESULT
  82. SSL_CONFIG_PROV_CLIENT::Terminate(
  83. VOID
  84. )
  85. /*++
  87. Routine Description:
  88. Cleanup
  90. Arguments:
  92. Return Value:
  94. HRESULT
  96. --*/
  97. {
  98. IF_DEBUG( TRACE )
  99. {
  100. DBGPRINTF(( DBG_CONTEXT,
  101. "SSL_CONFIG_PROV_CLIENT::Terminate()\n"
  102. ));
  103. }
  105. _SslConfigChangeProvClient.StopListeningForChanges();
  106. SSL_CONFIG_PIPE::PipeDisconnect();
  108. return SSL_CONFIG_PIPE::PipeTerminate();
  109. }
  111. HRESULT
  112. SSL_CONFIG_PROV_CLIENT::MaintainPipeConnection(
  113. VOID
  114. )
  115. /*++
  117. Routine Description:
  118. Maintain pipe connection. If connection is not opened
  119. then reopen it
  121. Caller must assure that Pipe is locked when this call is made
  123. Arguments:
  125. Return Value:
  127. HRESULT
  129. --*/
  130. {
  131. HRESULT hr = E_FAIL;
  133. //
  134. // Config change provider has easy way to find out
  135. // if pipe was disconnected because it is actively listening on it
  136. // we assume that if config change provider is connected already, then
  137. // the config provider is connected as well
  138. //
  140. if ( !_SslConfigChangeProvClient.IsConnected() )
  141. {
  142. //
  143. // Check if config provider was ever connected
  144. // If previous connection failed
  145. // (the reason would most likely be crash of inetinfo)
  146. // it is safer to terminate all connections and
  147. // then try to reconnect
  148. //
  150. DBG_ASSERT( IsPipeLocked() );
  151. _SslConfigChangeProvClient.StopListeningForChanges();
  153. SSL_CONFIG_PIPE::PipeDisconnect();
  156. //
  157. // Connect to change notification pipe
  158. //
  160. hr = _SslConfigChangeProvClient.StartListeningForChanges(
  161. _pSslConfigChangeCallback,
  162. _pSslConfigChangeCallbackParameter );
  164. if ( FAILED( hr ) )
  165. {
  166. return hr;
  167. }
  169. //
  170. // Connect to ssl config pipe
  171. //
  173. hr = SSL_CONFIG_PIPE::PipeConnect();
  175. if (FAILED( hr ) )
  176. {
  177. _SslConfigChangeProvClient.StopListeningForChanges();
  179. return hr;
  180. }
  182. //
  183. // Notify user of the config provider
  184. // that all data received so far that may be cached
  185. // should be flushed
  186. //
  188. DBG_ASSERT( _pSslConfigChangeCallback != NULL );
  189. (* _pSslConfigChangeCallback) (
  190. _pSslConfigChangeCallbackParameter,
  191. CMD_CHANGED_ALL,
  192. 0 );
  195. return hr;
  196. }
  197. return S_OK;
  198. }
  200. HRESULT
  201. SSL_CONFIG_PROV_CLIENT::GetOneSiteSecureBindings(
  202. IN DWORD dwSiteId,
  203. OUT MULTISZ * pSecureBindings
  204. )
  205. /*++
  207. Routine Description:
  208. Retrieve secure bindings for specified site
  210. Arguments:
  212. Return Value:
  214. HRESULT
  216. --*/
  217. {
  218. DWORD dwReturnedSiteId = 0;
  219. IF_DEBUG( TRACE )
  220. {
  221. DBGPRINTF(( DBG_CONTEXT,
  222. "GetOneSiteSecureBindings( %d )\n",
  223. dwSiteId ));
  224. }
  226. SSL_CONFIG_PIPE_COMMAND Command;
  227. HRESULT hr = E_FAIL;
  229. DBG_ASSERT( pSecureBindings != NULL );
  231. Command.dwCommandId = CMD_GET_ONE_SITE_SECURE_BINDINGS;
  232. Command.dwParameter1 = dwSiteId;
  234. PipeLock();
  236. //
  237. // assure that pipe will be open
  238. //
  239. hr = MaintainPipeConnection();
  240. if ( FAILED( hr ) )
  241. {
  242. goto Cleanup;
  243. }
  245. hr = PipeSendCommand( &Command );
  246. if ( FAILED( hr ) )
  247. {
  248. goto Cleanup;
  249. }
  251. hr = ReceiveOneSiteSecureBindings( &dwReturnedSiteId ,
  252. pSecureBindings );
  254. Cleanup:
  255. if( FAILED( hr ) )
  256. {
  257. IF_DEBUG( TRACE )
  258. {
  259. DBGPRINTF(( DBG_CONTEXT,
  260. "GetOneSiteSecureBindings( %d ) leaving with error. hr = 0x%x\n",
  261. hr ));
  262. }
  263. }
  264. PipeUnlock();
  265. return hr;
  267. }
  269. HRESULT
  270. SSL_CONFIG_PROV_CLIENT::ReceiveOneSiteSecureBindings(
  271. OUT DWORD * pdwSiteId,
  272. OUT MULTISZ * pSecureBindings
  273. )
  274. /*++
  276. Routine Description:
  277. read secure bindings from pipe
  279. Note: it's caller's responsibility to have pipe access locked
  281. Arguments:
  283. Return Value:
  285. HRESULT
  287. --*/
  288. {
  289. SSL_CONFIG_PIPE_RESPONSE_HEADER ResponseHeader;
  290. HRESULT hr = E_FAIL;
  292. DBG_ASSERT( pSecureBindings != NULL );
  293. DBG_ASSERT( pdwSiteId != NULL );
  294. DBG_ASSERT( IsPipeLocked() );
  296. hr = PipeReceiveResponseHeader( &ResponseHeader );
  297. if ( FAILED( hr ) )
  298. {
  299. goto failed;
  300. }
  301. DBG_ASSERT( ResponseHeader.dwCommandId == CMD_GET_ONE_SITE_SECURE_BINDINGS );
  302. *pdwSiteId = ResponseHeader.dwParameter1;
  304. if ( FAILED ( ResponseHeader.hrErrorCode ) )
  305. {
  306. //
  307. // return error reported by ssl configuration info provider
  308. //
  309. //BUGBUG always read data to clean up pipe
  311. hr = ResponseHeader.hrErrorCode;
  312. goto failed;
  313. }
  314. if ( !pSecureBindings->Resize( ResponseHeader.dwResponseSize ) )
  315. {
  316. hr = HRESULT_FROM_WIN32( GetLastError());
  317. goto failed;
  318. }
  320. hr = PipeReceiveData( ResponseHeader.dwResponseSize,
  321. reinterpret_cast<BYTE *>(pSecureBindings->QueryPtr()) );
  322. if ( FAILED( hr ) )
  323. {
  324. goto failed;
  325. }
  326. return S_OK;
  327. failed:
  328. DBG_ASSERT( FAILED( hr ) );
  329. return hr;
  331. }
  334. HRESULT
  335. SSL_CONFIG_PROV_CLIENT::StartAllSitesSecureBindingsEnumeration(
  336. VOID
  337. )
  338. /*++
  340. Routine Description:
  341. Lock named pipe for exclusive access
  342. Send command over named pipe to read all secure bindings
  344. Note: StopSiteSecureBindingsEnumeration() must be called
  345. to unlock named pipe (after successfull
  346. StartAllSitesSecureBindingsEnumeration() call )
  347. Arguments:
  349. Return Value:
  351. HRESULT
  353. --*/
  354. {
  355. SSL_CONFIG_PIPE_COMMAND Command;
  356. SSL_CONFIG_PIPE_RESPONSE_HEADER ResponseHeader;
  357. HRESULT hr = E_FAIL;
  359. IF_DEBUG( TRACE )
  360. {
  361. DBGPRINTF(( DBG_CONTEXT,
  362. "StartAllSitesSecureBindingsEnumeration\n",
  363. hr ));
  364. }
  366. Command.dwCommandId = CMD_GET_ALL_SITES_SECURE_BINDINGS;
  367. Command.dwParameter1 = 0;
  369. PipeLock();
  371. //
  372. // assure that pipe will be open
  373. //
  374. hr = MaintainPipeConnection();
  375. if ( FAILED( hr ) )
  376. {
  377. goto Failure;
  378. }
  380. hr = PipeSendCommand( &Command );
  381. if ( FAILED( hr ) )
  382. {
  383. goto Failure;
  384. }
  386. hr = PipeReceiveResponseHeader( &ResponseHeader );
  387. if ( FAILED( hr ) )
  388. {
  389. goto Failure;
  390. }
  392. DBG_ASSERT( ResponseHeader.dwCommandId == Command.dwCommandId );
  393. //
  394. // Response size 0 means that reponse will be terminated by
  395. // special termination record
  396. //
  397. DBG_ASSERT( ResponseHeader.dwResponseSize == 0 );
  399. if ( FAILED( ResponseHeader.hrErrorCode ) )
  400. {
  401. hr = ResponseHeader.hrErrorCode;
  402. goto Failure;
  403. }
  405. hr = S_OK;
  406. return hr;
  408. Failure:
  409. IF_DEBUG( TRACE )
  410. {
  411. DBGPRINTF(( DBG_CONTEXT,
  412. "StartAllSitesSecureBindingsEnumeration() leaving with error. hr = 0x%x\n",
  413. hr ));
  414. }
  416. PipeUnlock();
  417. return hr;
  418. }
  420. HRESULT
  421. SSL_CONFIG_PROV_CLIENT::StopAllSitesSecureBindingsEnumeration(
  422. VOID
  423. )
  424. /*++
  426. Routine Description:
  427. If all enumerated data was not read using GetNextSiteSecureBindings()
  428. it will read the leftover. Then unlock access to named pipe
  430. Note: call only after successful StartAllSitesSecureBindingsEnumeration()
  432. Arguments:
  434. Return Value:
  436. HRESULT
  438. --*/
  439. {
  440. IF_DEBUG( TRACE )
  441. {
  442. DBGPRINTF(( DBG_CONTEXT,
  443. "StopAllSitesSecureBindingsEnumeration\n"
  444. ));
  445. }
  447. PipeUnlock();
  448. return S_OK;
  449. }
  451. HRESULT
  452. SSL_CONFIG_PROV_CLIENT::GetNextSiteSecureBindings(
  453. OUT DWORD * pdwId,
  454. OUT MULTISZ * pSecureBindings
  455. )
  456. /*++
  458. Routine Description:
  459. Enumerate all Secure Bindings after StartSiteSecureBindingsEnumeration()
  460. was called
  462. Note: StopSiteSecureBindingsEnumeration() must always be called
  463. afterwards to unlock named pipe
  465. Note: only those sites that contain secure bindings will be enumerated
  467. Arguments:
  468. pdwId - ID of the enumerated site
  469. pSecureBindings - secure bindings
  471. Return Value:
  473. HRESULT
  474. HRESULT_FROM_WIN32(ERROR_NO_MORE_ITEMS) means that all Sites
  475. have been enumerated already. This signals the end of enumeration
  477. --*/
  478. {
  479. return ReceiveOneSiteSecureBindings ( pdwId,
  480. pSecureBindings );
  481. }
  483. HRESULT
  484. SSL_CONFIG_PROV_CLIENT::GetOneSiteSslConfiguration(
  485. IN DWORD dwSiteId,
  486. OUT SITE_SSL_CONFIGURATION * pSiteSslConfiguration
  487. )
  488. /*++
  490. Routine Description:
  491. Get all SSL configuration parameters for specified site
  493. Arguments:
  494. dwSiteId
  495. SiteSslConfiguration
  497. Return Value:
  499. HRESULT
  501. --*/
  502. {
  503. SSL_CONFIG_PIPE_COMMAND Command;
  504. SSL_CONFIG_PIPE_RESPONSE_HEADER ResponseHeader;
  505. HRESULT hr = E_FAIL;
  507. IF_DEBUG( TRACE )
  508. {
  509. DBGPRINTF(( DBG_CONTEXT,
  510. "GetOneSiteSslConfiguration( %d )\n",
  511. dwSiteId ));
  512. }
  514. Command.dwCommandId = CMD_GET_SSL_CONFIGURATION;
  515. Command.dwParameter1 = dwSiteId;
  517. //
  518. // Get exclusive access to pipe
  519. //
  520. PipeLock();
  522. //
  523. // assure that pipe will be open
  524. //
  526. hr = MaintainPipeConnection();
  527. if ( FAILED( hr ) )
  528. {
  529. goto Cleanup;
  530. }
  532. //
  533. // Send command to request SSL CONFIGURATION
  534. //
  536. hr = PipeSendCommand( &Command );
  537. if ( FAILED( hr ) )
  538. {
  539. goto Cleanup;
  540. }
  542. //
  543. // Receive response header and later addition response data if available
  544. //
  546. hr = PipeReceiveResponseHeader( &ResponseHeader );
  547. if ( FAILED( hr ) )
  548. {
  549. goto Cleanup;
  550. }
  552. if ( ResponseHeader.dwCommandId != CMD_GET_SSL_CONFIGURATION ||
  553. ResponseHeader.dwResponseSize != sizeof(*pSiteSslConfiguration) )
  554. {
  555. DBG_ASSERT( FALSE );
  556. hr = E_FAIL;
  557. goto Cleanup;
  558. }
  560. if ( FAILED ( ResponseHeader.hrErrorCode ) )
  561. {
  562. //
  563. // return error reported by ssl configuration info provider
  564. //
  566. hr = ResponseHeader.hrErrorCode;
  568. //
  569. // Read data to cleanup the pipe
  570. //
  571. PipeReceiveData( sizeof(*pSiteSslConfiguration),
  572. reinterpret_cast<BYTE *>(pSiteSslConfiguration) );
  574. goto Cleanup;
  575. }
  577. //
  578. // Receive additional data
  579. //
  581. hr = PipeReceiveData( sizeof(*pSiteSslConfiguration),
  582. reinterpret_cast<BYTE *>(pSiteSslConfiguration) );
  583. if ( FAILED( hr ) )
  584. {
  585. goto Cleanup;
  586. }
  588. hr = S_OK;
  590. Cleanup:
  591. if ( FAILED( hr ) )
  592. {
  593. IF_DEBUG( TRACE )
  594. {
  595. DBGPRINTF(( DBG_CONTEXT,
  596. "GetOneSiteSslConfiguration( %d ) leaving with error. hr = 0x%x\n",
  597. dwSiteId,
  598. hr ));
  599. }
  600. }
  601. //
  602. // Done with pipe
  603. //
  604. PipeUnlock();
  605. return hr;
  607. }