archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-server-2003/inetsrv/iis/inc/iismap.hxx

562 lines
17 KiB
Raw Permalink Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (c) 1996 Microsoft Corporation
  5. Module Name:
  7. iismap.hxx
  9. Abstract:
  11. Headers for classes to handle mapping
  13. --*/
  16. /*
  18. Usage:
  20. 1 mapper class is defined here derived from CIisAcctMapper :
  21. - CIisCertMapper : SSL certificate mapping
  22. An instance of one these classes must be created by the client.
  23. This instance must be initialized ( call to Init() ) and terminated
  24. ( call to Terminate() ) before and after use.
  25. Load() / Save() load and save the current mapping. Changes made to the
  26. mappings are not commited until Save() is called.
  27. The file integrity will be checked at load time, error ERROR_BAD_FORMAT will
  28. be returned if format is corrupted, ERROR_INVALID_ACCESS if the file was
  29. modified by an application without using this library. In the later case
  30. the content is valid, and can be validated by calling Save().
  32. Each class defines a field list ( MappingGetFieldList() ), a field being
  33. defined by its type ( IISMDB_TYPE_* ), displayable name
  34. and maximum width ( characters )
  36. Each class also defines a hierarchy of fields used in the mapping process.
  37. The hierarchy is defined by an array of descriptor ( index in field list array
  38. and mandatory flag. The mandatory flag indicates whether this field must be
  39. present when a new mapping is created, it is an indication intended for the UI )
  40. The hierarchy is accessed by GetHierarchy() and is modified in place.
  41. A call to UpdateHierarchy() is necessary after any modification to the
  42. hierarchy.
  43. An option bit ( GetOptions() & IISMDB_OPTION_EDIT_HIERARCHY ) indicates
  44. whether the hierarcht is editable for a given class or not.
  46. Mapping entries are accessed through GetNbMapping(), GetMapping( 0-based index ).
  47. To add a mapping, call CreateNewMapping() then Add() or delete the created
  48. mapping.
  49. To update a mapping, access it using GetMapping() then call Update().
  50. To delete a mapping, call Delete().
  52. Each mapping is derived from CIisMapping.
  53. Fields are get/set using MappingGetField() / MappingSetField().
  55. Each class storage is controlled by a registry key as defined by
  56. IIS_*_MAPPER_REG. Two values must be created :
  57. - FileLocation:REG_SZ, which is the full path of the file used to store
  58. the mappings
  59. - FileValidator:REG_BINARY, which will be used by this library
  60. to store/check a MD5 digest of the file content to check file integrity
  63. Features specific to SSL certificate mappings ( CIisCertMapper ):
  65. - a list of BLOBs is to be created/edited by the UI through
  66. SetIssuerList()/GetIssuerList().
  67. Each BLOB describes a certificate issuer. Exact format to be defined
  68. by the Crypto team, but can assumed to be ASN.1 description of issuer.
  69. This list will be used by the SSL package to request the client to send
  70. a list of certificates issued by one of the issuer in this list.
  72. */
  74. extern "C" {
  75. #include <md5.h>
  76. }
  78. #ifndef IISMAP_DLLEXP
  79. # ifdef DLL_IMPLEMENTATION
  80. # define IISMAP_DLLEXP __declspec(dllexport)
  81. # ifdef IMPLEMENTATION_EXPORT
  82. # define IRTL_EXPIMP
  83. # else
  84. # undef IRTL_EXPIMP
  85. # endif
  86. # else // !DLL_IMPLEMENTATION
  87. # define IISMAP_DLLEXP __declspec(dllimport)
  88. # define IRTL_EXPIMP extern
  89. # endif // !DLL_IMPLEMENTATION
  90. #endif // !IISMAP_DLLEXP
  92. #include <xbf.hxx>
  94. //
  95. // redefining macro from tssec.hxx because of ugly dependencies
  96. // Issue 04/03/02 jaroslad: value should eventually be consolidated
  97. //
  98. #ifndef IIS_DNLEN
  99. #define IIS_DNLEN (256)
  100. #endif
  103. typedef LPVOID VALID_CTX;
  105. //
  106. // Field types, can be used to associate semantic to each field
  107. // (e.g. not displaying password in clear text but as '*' )
  108. //
  110. #define IISMDB_TYPE_STRING 0 // generic string
  111. #define IISMDB_TYPE_PWD 1 // clear text password
  112. #define IISMDB_TYPE_NTACCT 2 // NT account ([Domain\]UserName)
  113. #define IISMDB_TYPE_ISSUER_O 3 // Certificate Issuer Organization
  114. #define IISMDB_TYPE_ISSUER_OU 4 // Certificate Issuer Organization Unit
  115. #define IISMDB_TYPE_ISSUER_C 5 // Certificate Issuer Country
  116. #define IISMDB_TYPE_SUBJECT_O 6 // Certificate Subject Organization
  117. #define IISMDB_TYPE_SUBJECT_OU 7 // Certificate Subject Organization Unit
  118. #define IISMDB_TYPE_SUBJECT_C 8 // Certificate Subject Country
  119. #define IISMDB_TYPE_SUBJECT_CN 9 // Certificate Subject Name
  120. #define IISMDB_TYPE_ITACCT 10 // Internet account
  121. #define IISMDB_TYPE_ITPWD 11 // Internet password, stored as MD5 digest
  122. #define IISMDB_TYPE_ITREALM 12 // Internet realm
  123. #define IISMDB_TYPE_ITMD5PWD 13 // Internet password, stored as MD5 digest
  124. // of Account ":" Realm ":" Clear-text password
  125. #define IISMDB_TYPE_NTPWD 14 // NT password
  127. #define IISMDB_TYPE_OPTION_MASK 0xff000000
  128. #define IISMDB_TYPE_BINARY 0x80000000
  130. //
  131. // Field indexes for SSL certificates mapping
  132. //
  134. #define IISMDB_INDEX_ISSUER_O 0
  135. #define IISMDB_INDEX_ISSUER_OU 1
  136. #define IISMDB_INDEX_ISSUER_C 2
  137. #define IISMDB_INDEX_SUBJECT_O 3
  138. #define IISMDB_INDEX_SUBJECT_OU 4
  139. #define IISMDB_INDEX_SUBJECT_C 5
  140. #define IISMDB_INDEX_SUBJECT_CN 6
  141. #define IISMDB_INDEX_NT_ACCT 7
  142. #define IISMDB_INDEX_NB 8 // must be last
  144. //
  145. // Client cert to NT acct 1:1 mapping
  146. //
  147. #define IISMDB_INDEX_CERT11_CERT 0
  148. #define IISMDB_INDEX_CERT11_NT_ACCT 1
  149. #define IISMDB_INDEX_CERT11_NAME 2
  150. #define IISMDB_INDEX_CERT11_ENABLED 3
  151. #define IISMDB_INDEX_CERT11_NT_PWD 4
  152. #define IISMDB_INDEX_CERT11_NB 5
  154. // options
  156. // set if hierarchy to be edited by user
  157. #define IISMDB_OPTION_EDIT_HIERARCHY 0x00000001
  158. #define IISMDB_OPTION_ISSUER_LIST 0x00000002
  160. #define IISMDB_CERT_OPTIONS (IISMDB_OPTION_EDIT_HIERARCHY|IISMDB_OPTION_ISSUER_LIST)
  161. #define IISMDB_CERT11_OPTIONS (IISMDB_OPTION_ISSUER_LIST)
  162. #define IISMDB_ITA_OPTIONS 0
  163. #define IISMDB_MD5_OPTIONS 0
  165. // version #
  167. #define IISMDB_VERSION_1 1
  168. #define IISMDB_CURRENT_VERSION IISMDB_VERSION_1
  170. #define IISMDB_FILE_MAGIC_VALUE (('B'<<24)|('D'<<16)|('M'<<8)|('I'))
  173. #define IIS_CERT_MAPPER_REG "SYSTEM\\CurrentControlSet\\Services\\W3SVC\\Parameters\\CertMapper"
  174. #define IIS_CERT11_MAPPER_REG "SYSTEM\\CurrentControlSet\\Services\\W3SVC\\Parameters\\Cert11Mapper"
  175. #define W3_PARAMS "SYSTEM\\CurrentControlSet\\Services\\W3SVC\\Parameters"
  176. #define INSTALL_PATH "InstallPath"
  177. #define MAPPER_GUID "MapperGuid"
  179. // REG_BINARY : MD5 digest of file content
  180. #define FILE_VALIDATOR "FileValidator"
  182. // REG_SZ : file name
  183. #define FILE_LOCATION "FileLocation"
  185. //
  186. // Mapping array allocation extension granularity
  187. //
  189. #define IIS_MAP_BUFF_GRAN 128
  191. typedef struct _Cert_Map {
  192. DWORD cbIssuerLen;
  193. LPBYTE pIssuer;
  194. DWORD cbSubjectLen;
  195. LPBYTE pSubject;
  196. } Cert_Map ;
  198. //
  199. // Field descriptor
  200. //
  202. typedef struct _IISMDB_Fields {
  203. DWORD m_dwType;
  204. LPSTR m_pszDisplayName;
  205. DWORD m_dwResID;
  206. DWORD m_dwMaxLen;
  207. } IISMDB_Fields;
  209. //
  210. // Field Hierarchy descriptor
  211. //
  213. typedef struct _IISMDB_HEntry {
  214. DWORD m_dwIndex;
  215. BOOL m_fMandatory;;
  216. } IISMDB_HEntry;
  219. class CIisAcctMapper;
  221. class CIisMapping {
  222. public:
  223. CIisMapping();
  224. ~CIisMapping() { if ( m_pBuff != NULL ) LocalFree( m_pBuff ); }
  225. //
  226. IISMAP_DLLEXP virtual BOOL Serialize( FILE*, VALID_CTX, LPVOID );
  227. IISMAP_DLLEXP virtual BOOL Deserialize( FILE*, VALID_CTX, LPVOID );
  228. virtual BOOL StoreFieldRef( DWORD /*iIndex*/, LPSTR /*pf*/ ) { return FALSE; }
  229. virtual BOOL StoreFieldRef( DWORD /*iIndex*/, LPSTR /*pf*/, DWORD /*dwL*/ ) { return FALSE; }
  230. virtual BOOL IsCrypt( DWORD /*iIndex*/ ) { return FALSE; }
  231. int Cmp( CIisMapping*, BOOL fCmpForMatch = FALSE );
  232. DWORD GetMask() { return m_dwMask; }
  233. IISMAP_DLLEXP BOOL UpdateMask( IISMDB_HEntry*, DWORD );
  234. IISMAP_DLLEXP BOOL Copy( CIisMapping* );
  235. BOOL StoreField(
  236. LPSTR* ppszFields,
  237. DWORD dwIndex,
  238. DWORD dwNbIndex,
  239. LPSTR pszNew
  240. );
  241. BOOL StoreField(
  242. LPSTR* ppszFields,
  243. LPDWORD ppdwFields,
  244. DWORD dwIndex,
  245. DWORD dwNbIndex,
  246. LPSTR pszNew,
  247. DWORD cNew,
  248. BOOL fIsUuEncoded
  249. );
  251. public:
  252. // stores a copy to storage pointed to by pF
  253. IISMAP_DLLEXP virtual BOOL MappingSetField( DWORD iIndex, LPSTR pF );
  254. IISMAP_DLLEXP virtual BOOL MappingSetField( DWORD iIndex, PBYTE pbF, DWORD cbF, BOOL );
  256. // return a pointer to internal storage
  257. IISMAP_DLLEXP virtual BOOL MappingGetField( DWORD iIndex, LPSTR* );
  258. IISMAP_DLLEXP virtual BOOL MappingGetField( DWORD iIndex, PBYTE*, LPDWORD, BOOL );
  260. IISMAP_DLLEXP virtual UINT GetNbField( LPSTR ** ) { return 0; }
  261. IISMAP_DLLEXP virtual UINT GetNbField( LPSTR **, LPDWORD* ) { return 0; }
  263. IISMAP_DLLEXP virtual BOOL Clone( CIisMapping** ) { return FALSE; }
  264. IISMAP_DLLEXP BOOL CloneEx( CIisMapping**, LPSTR*, LPSTR*, LPDWORD, LPDWORD, UINT );
  266. protected:
  267. LPBYTE m_pBuff;
  268. UINT m_cUsedBuff;
  269. UINT m_cAllocBuff;
  270. CIisAcctMapper *m_pMapper;
  271. DWORD m_dwMask;
  272. } ;
  275. class CCert11Mapping : public CIisMapping {
  276. public:
  277. IISMAP_DLLEXP CCert11Mapping();
  278. IISMAP_DLLEXP CCert11Mapping( CIisAcctMapper* );
  279. IISMAP_DLLEXP ~CCert11Mapping();
  280. //
  282. BOOL Init( LPBYTE pC, DWORD cC, IISMDB_HEntry *pH, DWORD dwH );
  284. BOOL StoreFieldRef( DWORD iIndex, LPSTR pF ) { m_pFields[iIndex] = pF; return TRUE; }
  285. BOOL StoreFieldRef( DWORD iIndex, LPSTR pF, DWORD dwF ) { m_pFields[iIndex] = pF; m_cFields[iIndex] = dwF; return TRUE; }
  286. BOOL IsCrypt( DWORD iIndex ) { return (iIndex == IISMDB_INDEX_CERT11_NT_PWD) ? TRUE : FALSE; }
  287. //
  288. UINT GetNbField(LPSTR **pF) { *pF = m_pFields; return sizeof(m_pFields)/sizeof(LPSTR);}
  289. UINT GetNbField(LPSTR **pF, LPDWORD *pcF) { *pF = m_pFields; *pcF = m_cFields; return sizeof(m_pFields)/sizeof(LPSTR);}
  290. BOOL MappingSetField( DWORD iIndex, LPSTR pF );
  292. BOOL Clone( CIisMapping** ppM)
  293. {
  294. if ( *ppM = new CCert11Mapping( m_pMapper ) )
  295. {
  296. return CloneEx( ppM, ((CCert11Mapping*)*ppM)->m_pFields, m_pFields, ((CCert11Mapping*)*ppM)->m_cFields, m_cFields, IISMDB_INDEX_CERT11_NB );
  297. }
  298. return FALSE;
  299. }
  301. private:
  302. LPSTR m_pFields[IISMDB_INDEX_CERT11_NB];
  303. DWORD m_cFields[IISMDB_INDEX_CERT11_NB];
  304. } ;
  308. //
  309. // BLOB describing an issuer ( ASN.1 format )
  310. //
  312. typedef struct _IssuerAccepted {
  313. DWORD cbIssuerLen;
  314. LPBYTE pbIssuer;
  315. } IssuerAccepted;
  318. //
  319. // Mapping class descriptor ( a class defines the subset of fields used
  320. // to check for a mapping match ).
  321. //
  323. typedef struct _MappingClass {
  324. DWORD dwClass;
  325. DWORD dwFirst;
  326. DWORD dwLast;
  327. } MappingClass;
  330. class CIisAcctMapper {
  331. public:
  332. IISMAP_DLLEXP CIisAcctMapper();
  333. IISMAP_DLLEXP ~CIisAcctMapper();
  334. //
  336. // BOOL* updated with TRUE if 1st call to Init() for this object,
  337. // fMonitorChange used to indicate if change monitoring thread should
  338. // be created. If yes, changes to the database will trigger auto-refresh
  339. // This should be set to FALSE by the mapping Editor ( UI )
  340. //IISMAP_DLLEXP BOOL Init( BOOL*, BOOL fMonitorChange = TRUE );
  342. // fForce control whether instance is terminated even if non balanced
  343. // calls to Init()/Terminate()
  344. //IISMAP_DLLEXP BOOL Terminate( BOOL fForce = FALSE );
  346. // clear all mapping entries
  347. IISMAP_DLLEXP BOOL Reset();
  349. //DWORD UpdateIndication( VOID );
  350. virtual LPSTR GetRegKeyName() { return NULL; }
  352. //
  354. virtual BOOL LoadPrivate( FILE*, VALID_CTX ) { return TRUE; }
  355. virtual BOOL SavePrivate( FILE*, VALID_CTX ) { return TRUE; }
  356. virtual BOOL ResetPrivate() { return TRUE; }
  357. virtual IISMDB_HEntry* GetDefaultHierarchy( LPDWORD pdwN )
  358. { *pdwN = 0; return NULL; }
  359. //
  360. //
  361. IISMAP_DLLEXP void Lock();
  362. IISMAP_DLLEXP void Unlock();
  363. //
  364. IISMAP_DLLEXP BOOL FindMatch( CIisMapping* pQuery, CIisMapping** pResult, LPDWORD pI = NULL );
  365. IISMAP_DLLEXP BOOL UpdateClasses( BOOL fComputeMask = TRUE );
  366. BOOL SortMappings();
  368. public:
  369. //
  370. // to be used by DB clients
  371. //
  373. IISMAP_DLLEXP BOOL MappingGetFieldList(IISMDB_Fields** pF, DWORD* pC )
  374. { *pF = m_pFields; *pC = m_cFields; return TRUE; }
  375. IISMAP_DLLEXP DWORD GetOptions() { return m_dwOptions; }
  376. IISMAP_DLLEXP DWORD GetNbMapping( BOOL fAlt = FALSE ) { return (fAlt && m_pAltMapping) ? m_cAltMapping : m_cMapping; }
  377. IISMAP_DLLEXP BOOL GetMapping( DWORD iIndex, CIisMapping**, BOOL fFromAlt = FALSE, BOOL fPutAlt = FALSE );
  378. IISMAP_DLLEXP BOOL FlushAlternate( BOOL fApply );
  379. IISMAP_DLLEXP virtual CIisMapping* CreateNewMapping() { return NULL; }
  380. IISMAP_DLLEXP virtual BOOL Add( CIisMapping*, BOOL fAlternate = FALSE ); // release ownership of CIisMapping
  381. IISMAP_DLLEXP virtual DWORD AddEx( CIisMapping* ); // release ownership of CIisMapping
  383. IISMAP_DLLEXP BOOL Update( DWORD iIndex, CIisMapping* pM );
  384. IISMAP_DLLEXP BOOL Update( DWORD iIndex );
  385. IISMAP_DLLEXP BOOL Delete( DWORD iIndex, BOOL fUseAlternate = FALSE );
  387. // can return ERROR_INVALID_ACCESS if MD5 signature invalid.
  388. // file was loaded anyway, must Save() to validate.
  390. IISMAP_DLLEXP BOOL Load();
  391. IISMAP_DLLEXP BOOL Save();
  392. IISMAP_DLLEXP IISMDB_HEntry* GetHierarchy( DWORD *pC ) { *pC = m_cHierarchy; return m_pHierarchy; }
  393. IISMAP_DLLEXP BOOL UpdateHierarchy() { return UpdateClasses( TRUE ); }
  395. //
  396. // Create unique ID for this object. Necessary before Load()/Save()
  397. //
  399. IISMAP_DLLEXP BOOL Create( VOID );
  400. IISMAP_DLLEXP BOOL Delete( VOID );
  402. IISMAP_DLLEXP BOOL Serialize( CStoreXBF* );
  403. IISMAP_DLLEXP BOOL Unserialize( CStoreXBF* );
  404. IISMAP_DLLEXP BOOL Unserialize( LPBYTE*, LPDWORD );
  405. IISMAP_DLLEXP BOOL Serialize( VOID );
  406. IISMAP_DLLEXP BOOL Unserialize( VOID );
  407. IISMAP_DLLEXP DWORD GetMappingCount( VOID ) { return m_cMapping; }
  410. private:
  412. static
  413. int __cdecl
  414. QsortIisMappingCmp(
  415. const void *pA,
  416. const void *pB
  417. );
  419. static
  420. int __cdecl
  421. MatchIisMappingCmp(
  422. const void *pA,
  423. const void *pB
  424. );
  429. protected:
  430. CRITICAL_SECTION csLock;
  431. HANDLE m_hNotifyEvent;
  432. BOOL m_fRequestTerminate;
  434. LONG m_cInit;
  436. CIisMapping ** m_pMapping;
  437. DWORD m_cMapping;
  439. CIisMapping ** m_pAltMapping;
  440. DWORD m_cAltMapping;
  442. CHAR m_achFileName[MAX_PATH];
  444. IISMDB_HEntry * m_pHierarchy;
  445. DWORD m_cHierarchy;
  447. MappingClass* m_pClasses;
  449. IISMDB_Fields* m_pFields;
  450. DWORD m_cFields;
  451. DWORD m_dwOptions;
  453. MD5_CTX m_md5;
  455. LPBYTE m_pSesKey;
  456. DWORD m_dwSesKey;
  457. } ;
  460. //
  461. // SSL client certificates 1:1 mapper
  462. //
  464. class CIisCert11Mapper : public CIisAcctMapper {
  465. public:
  466. IISMAP_DLLEXP CIisCert11Mapper();
  467. IISMAP_DLLEXP ~CIisCert11Mapper();
  468. LPSTR GetRegKeyName() { return IIS_CERT11_MAPPER_REG; }
  469. IISMDB_HEntry* GetDefaultHierarchy( LPDWORD pdwN );
  470. IISMAP_DLLEXP CIisMapping* CreateNewMapping() { return (CIisMapping*)new CCert11Mapping(this); }
  471. IISMAP_DLLEXP CIisMapping* CreateNewMapping( LPBYTE pC, DWORD dwC );
  472. BOOL LoadPrivate( FILE*, VALID_CTX );
  473. BOOL SavePrivate( FILE*, VALID_CTX );
  474. BOOL ResetPrivate();
  475. BOOL Add( CIisMapping* );
  476. private:
  477. static
  478. LPSTR
  479. Iisfgets(
  480. LPSTR pBuf,
  481. INT cMax,
  482. FILE* fIn
  483. );
  485. static
  486. INT
  487. Iisfputs(
  488. const char* pBuf,
  489. FILE* fOut
  490. );
  493. private:
  494. IssuerAccepted *m_pIssuers;
  495. DWORD m_cIssuers;
  496. } ;
  499. IISMAP_DLLEXP
  500. BOOL
  501. ReportIisMapEvent(
  502. WORD wType,
  503. DWORD dwEventId,
  504. WORD cNbStr,
  505. LPCTSTR* pStr
  506. );
  508. IISMAP_DLLEXP
  509. BOOL
  510. ReportIisMapEventW(
  511. WORD wType,
  512. DWORD dwEventId,
  513. WORD cNbStr,
  514. LPCWSTR* pStr
  515. );
  518. IISMAP_DLLEXP
  519. BOOL IISuudecode(char * bufcoded,
  520. BYTE * bufout,
  521. DWORD * pcbDecoded,
  522. BOOL fBase64
  523. );
  524. IISMAP_DLLEXP
  525. BOOL IISuuencode( BYTE * bufin,
  526. DWORD nbytes,
  527. BYTE * outptr,
  528. BOOL fBase64 );
  531. IISMAP_DLLEXP
  532. DWORD WINAPI
  533. CreateMapping(
  534. LPWSTR pwszUuIssuer,
  535. LPWSTR pwszUuSubject,
  536. LPWSTR pwszNtAcct
  537. );
  539. IISMAP_DLLEXP
  540. DWORD WINAPI
  541. CheckMapping(
  542. LPWSTR pwszUuIssuer,
  543. LPWSTR pwszUuSubject,
  544. LPWSTR* pwszNtAcct
  545. );
  547. IISMAP_DLLEXP
  548. DWORD WINAPI
  549. SaveMapping(
  550. VOID
  551. );
  553. IISMAP_DLLEXP
  554. VOID
  555. ImportIISCertMappingsToIIS6(
  556. VOID
  557. );
  560. BOOL InitializeMapping( HANDLE );
  561. VOID TerminateMapping();