archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 5c6fe3db62
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c6fe3db62'
${ noResults }
windows-server-2003/ds/security/cryptoapi/pki/certstor/ctlfunc.cpp

354 lines
12 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. //+-------------------------------------------------------------------------
  2. //
  3. // Microsoft Windows
  4. //
  5. // Copyright (C) Microsoft Corporation, 1995 - 1999
  6. //
  7. // File: ctlfunc.cpp
  8. //
  9. // Contents: Certificate Verify CTL Usage Dispatch Functions
  10. //
  11. // Functions: I_CertCTLUsageFuncDllMain
  12. // CertVerifyCTLUsage
  13. //
  14. // History: 29-Apr-97 philh created
  15. //--------------------------------------------------------------------------
  17. #include "global.hxx"
  18. #include <dbgdef.h>
  20. static HCRYPTOIDFUNCSET hUsageFuncSet;
  22. typedef BOOL (WINAPI *PFN_CERT_DLL_VERIFY_CTL_USAGE)(
  23. IN DWORD dwEncodingType,
  24. IN DWORD dwSubjectType,
  25. IN void *pvSubject,
  26. IN PCTL_USAGE pSubjectUsage,
  27. IN DWORD dwFlags,
  28. IN OPTIONAL PCTL_VERIFY_USAGE_PARA pVerifyUsagePara,
  29. IN OUT PCTL_VERIFY_USAGE_STATUS pVerifyUsageStatus
  30. );
  32. //+-------------------------------------------------------------------------
  33. // Dll initialization
  34. //--------------------------------------------------------------------------
  35. BOOL
  36. WINAPI
  37. I_CertCTLUsageFuncDllMain(
  38. HMODULE hModule,
  39. ULONG ulReason,
  40. LPVOID lpReserved)
  41. {
  42. BOOL fRet;
  44. switch (ulReason) {
  45. case DLL_PROCESS_ATTACH:
  46. if (NULL == (hUsageFuncSet = CryptInitOIDFunctionSet(
  47. CRYPT_OID_VERIFY_CTL_USAGE_FUNC,
  48. 0))) // dwFlags
  49. goto CryptInitOIDFunctionSetError;
  50. break;
  52. case DLL_PROCESS_DETACH:
  53. case DLL_THREAD_DETACH:
  54. default:
  55. break;
  56. }
  58. fRet = TRUE;
  59. CommonReturn:
  60. return fRet;
  62. ErrorReturn:
  63. fRet = FALSE;
  64. goto CommonReturn;
  65. TRACE_ERROR(CryptInitOIDFunctionSetError)
  66. }
  68. static void ZeroUsageStatus(
  69. IN OUT PCTL_VERIFY_USAGE_STATUS pUsageStatus)
  70. {
  71. pUsageStatus->dwError = 0;
  72. pUsageStatus->dwFlags = 0;
  73. if (pUsageStatus->ppCtl)
  74. *pUsageStatus->ppCtl = NULL;
  75. pUsageStatus->dwCtlEntryIndex = 0;
  76. if (pUsageStatus->ppSigner)
  77. *pUsageStatus->ppSigner = NULL;
  78. pUsageStatus->dwSignerIndex = 0;
  79. }
  81. //+-------------------------------------------------------------------------
  82. // Remember the "most interesting" error
  83. //--------------------------------------------------------------------------
  84. static void UpdateUsageError(
  85. IN DWORD dwNewError,
  86. IN OUT DWORD *pdwError
  87. )
  88. {
  89. if (0 != dwNewError) {
  90. DWORD dwError = *pdwError;
  91. if ((DWORD) CRYPT_E_NOT_IN_CTL == dwNewError ||
  92. (DWORD) CRYPT_E_NO_VERIFY_USAGE_DLL == dwError
  93. ||
  94. ((DWORD) CRYPT_E_NOT_IN_CTL != dwError &&
  95. (DWORD) CRYPT_E_NO_TRUSTED_SIGNER != dwError &&
  96. (DWORD) CRYPT_E_NO_VERIFY_USAGE_CHECK != dwNewError))
  97. *pdwError = dwNewError;
  98. }
  99. }
  101. static BOOL VerifyDefaultUsage(
  102. IN DWORD dwEncodingType,
  103. IN DWORD dwSubjectType,
  104. IN void *pvSubject,
  105. IN PCTL_USAGE pSubjectUsage,
  106. IN DWORD dwFlags,
  107. IN OPTIONAL PCTL_VERIFY_USAGE_PARA pVerifyUsagePara,
  108. IN OUT PCTL_VERIFY_USAGE_STATUS pVerifyUsageStatus
  109. )
  110. {
  111. BOOL fResult;
  112. DWORD dwError = (DWORD) CRYPT_E_NO_VERIFY_USAGE_DLL;
  113. LPWSTR pwszDllList; // _alloca'ed
  114. DWORD cchDllList;
  115. DWORD cchDll;
  116. void *pvFuncAddr;
  117. HCRYPTOIDFUNCADDR hFuncAddr;
  119. // Iterate through the installed default functions.
  120. // Setting pwszDll to NULL searches the installed list. Setting
  121. // hFuncAddr to NULL starts the search at the beginning.
  122. hFuncAddr = NULL;
  123. while (CryptGetDefaultOIDFunctionAddress(
  124. hUsageFuncSet,
  125. dwEncodingType,
  126. NULL, // pwszDll
  127. 0, // dwFlags
  128. &pvFuncAddr,
  129. &hFuncAddr)) {
  130. ZeroUsageStatus(pVerifyUsageStatus);
  131. fResult = ((PFN_CERT_DLL_VERIFY_CTL_USAGE) pvFuncAddr)(
  132. dwEncodingType,
  133. dwSubjectType,
  134. pvSubject,
  135. pSubjectUsage,
  136. dwFlags,
  137. pVerifyUsagePara,
  138. pVerifyUsageStatus);
  139. if (fResult) {
  140. CryptFreeOIDFunctionAddress(hFuncAddr, 0);
  141. goto CommonReturn;
  142. } else
  143. // Unable to verify usage for this installed
  144. // function. However, remember any "interesting"
  145. // errors.
  146. UpdateUsageError(pVerifyUsageStatus->dwError, &dwError);
  147. }
  149. if (!CryptGetDefaultOIDDllList(
  150. hUsageFuncSet,
  151. dwEncodingType,
  152. NULL, // pszDllList
  153. &cchDllList)) goto GetDllListError;
  154. __try {
  155. pwszDllList = (LPWSTR) _alloca(cchDllList * sizeof(WCHAR));
  156. } __except(EXCEPTION_EXECUTE_HANDLER) {
  157. goto OutOfMemory;
  158. }
  159. if (!CryptGetDefaultOIDDllList(
  160. hUsageFuncSet,
  161. dwEncodingType,
  162. pwszDllList,
  163. &cchDllList)) goto GetDllListError;
  165. for (; 0 != (cchDll = wcslen(pwszDllList)); pwszDllList += cchDll + 1) {
  166. if (CryptGetDefaultOIDFunctionAddress(
  167. hUsageFuncSet,
  168. dwEncodingType,
  169. pwszDllList,
  170. 0, // dwFlags
  171. &pvFuncAddr,
  172. &hFuncAddr)) {
  173. ZeroUsageStatus(pVerifyUsageStatus);
  174. fResult = ((PFN_CERT_DLL_VERIFY_CTL_USAGE) pvFuncAddr)(
  175. dwEncodingType,
  176. dwSubjectType,
  177. pvSubject,
  178. pSubjectUsage,
  179. dwFlags,
  180. pVerifyUsagePara,
  181. pVerifyUsageStatus);
  182. CryptFreeOIDFunctionAddress(hFuncAddr, 0);
  183. if (fResult)
  184. goto CommonReturn;
  185. else
  186. // Unable to verify usage for this registered
  187. // function. However, remember any "interesting"
  188. // errors.
  189. UpdateUsageError(pVerifyUsageStatus->dwError, &dwError);
  190. }
  191. }
  193. goto ErrorReturn;
  195. CommonReturn:
  196. return fResult;
  197. ErrorReturn:
  198. pVerifyUsageStatus->dwError = dwError;
  199. fResult = FALSE;
  200. goto CommonReturn;
  201. TRACE_ERROR(GetDllListError)
  202. TRACE_ERROR(OutOfMemory)
  203. }
  205. static BOOL VerifyOIDUsage(
  206. IN DWORD dwEncodingType,
  207. IN DWORD dwSubjectType,
  208. IN void *pvSubject,
  209. IN PCTL_USAGE pSubjectUsage,
  210. IN DWORD dwFlags,
  211. IN OPTIONAL PCTL_VERIFY_USAGE_PARA pVerifyUsagePara,
  212. IN OUT PCTL_VERIFY_USAGE_STATUS pVerifyUsageStatus
  213. )
  214. {
  215. BOOL fResult;
  216. HCRYPTOIDFUNCADDR hFuncAddr;
  217. PVOID pvFuncAddr;
  219. if (pSubjectUsage && pSubjectUsage->cUsageIdentifier > 0 &&
  220. CryptGetOIDFunctionAddress(
  221. hUsageFuncSet,
  222. dwEncodingType,
  223. pSubjectUsage->rgpszUsageIdentifier[0],
  224. 0, // dwFlags
  225. &pvFuncAddr,
  226. &hFuncAddr)) {
  227. ZeroUsageStatus(pVerifyUsageStatus);
  228. fResult = ((PFN_CERT_DLL_VERIFY_CTL_USAGE) pvFuncAddr)(
  229. dwEncodingType,
  230. dwSubjectType,
  231. pvSubject,
  232. pSubjectUsage,
  233. dwFlags,
  234. pVerifyUsagePara,
  235. pVerifyUsageStatus);
  236. CryptFreeOIDFunctionAddress(hFuncAddr, 0);
  237. } else {
  238. pVerifyUsageStatus->dwError = (DWORD) CRYPT_E_NO_VERIFY_USAGE_DLL;
  239. fResult = FALSE;
  240. }
  242. return fResult;
  243. }
  245. //+-------------------------------------------------------------------------
  246. // Verify that a subject is trusted for the specified usage by finding a
  247. // signed and time valid CTL with the usage identifiers and containing the
  248. // the subject. A subject can be identified by either its certificate context
  249. // or any identifier such as its SHA1 hash.
  250. //
  251. // See CertFindSubjectInCTL for definition of dwSubjectType and pvSubject
  252. // parameters.
  253. //
  254. // Via pVerifyUsagePara, the caller can specify the stores to be searched
  255. // to find the CTL. The caller can also specify the stores containing
  256. // acceptable CTL signers. By setting the ListIdentifier, the caller
  257. // can also restrict to a particular signer CTL list.
  258. //
  259. // Via pVerifyUsageStatus, the CTL containing the subject, the subject's
  260. // index into the CTL's array of entries, and the signer of the CTL
  261. // are returned. If the caller is interested, ppCtl and ppSigner can be set
  262. // to NULL. Returned contexts must be freed via the store's free context APIs.
  263. //
  264. // If the CERT_VERIFY_INHIBIT_CTL_UPDATE_FLAG isn't set, then, a time
  265. // invalid CTL in one of the CtlStores may be replaced. When replaced, the
  266. // CERT_VERIFY_UPDATED_CTL_FLAG is set in pVerifyUsageStatus->dwFlags.
  267. //
  268. // If the CERT_VERIFY_TRUSTED_SIGNERS_FLAG is set, then, only the
  269. // SignerStores specified in pVerifyUsageStatus are searched to find
  270. // the signer. Otherwise, the SignerStores provide additional sources
  271. // to find the signer's certificate.
  272. //
  273. // If CERT_VERIFY_NO_TIME_CHECK_FLAG is set, then, the CTLs aren't checked
  274. // for time validity.
  275. //
  276. // If CERT_VERIFY_ALLOW_MORE_USAGE_FLAG is set, then, the CTL may contain
  277. // additional usage identifiers than specified by pSubjectUsage. Otherwise,
  278. // the found CTL will contain the same usage identifers and no more.
  279. //
  280. // CertVerifyCTLUsage will be implemented as a dispatcher to OID installable
  281. // functions. First, it will try to find an OID function matching the first
  282. // usage object identifier in the pUsage sequence. Next, it will dispatch
  283. // to the default CertDllVerifyCTLUsage functions.
  284. //
  285. // If the subject is trusted for the specified usage, then, TRUE is
  286. // returned. Otherwise, FALSE is returned with dwError set to one of the
  287. // following:
  288. // CRYPT_E_NO_VERIFY_USAGE_DLL
  289. // CRYPT_E_NO_VERIFY_USAGE_CHECK
  290. // CRYPT_E_VERIFY_USAGE_OFFLINE
  291. // CRYPT_E_NOT_IN_CTL
  292. // CRYPT_E_NO_TRUSTED_SIGNER
  293. //--------------------------------------------------------------------------
  294. BOOL
  295. WINAPI
  296. CertVerifyCTLUsage(
  297. IN DWORD dwEncodingType,
  298. IN DWORD dwSubjectType,
  299. IN void *pvSubject,
  300. IN PCTL_USAGE pSubjectUsage,
  301. IN DWORD dwFlags,
  302. IN OPTIONAL PCTL_VERIFY_USAGE_PARA pVerifyUsagePara,
  303. IN OUT PCTL_VERIFY_USAGE_STATUS pVerifyUsageStatus
  304. )
  305. {
  306. BOOL fResult;
  308. assert(NULL == pVerifyUsagePara || pVerifyUsagePara->cbSize >=
  309. sizeof(CTL_VERIFY_USAGE_PARA));
  310. assert(pVerifyUsageStatus && pVerifyUsageStatus->cbSize >=
  311. sizeof(CTL_VERIFY_USAGE_STATUS));
  312. if (pVerifyUsagePara && pVerifyUsagePara->cbSize <
  313. sizeof(CTL_VERIFY_USAGE_PARA))
  314. goto InvalidArg;
  315. if (NULL == pVerifyUsageStatus || pVerifyUsageStatus->cbSize <
  316. sizeof(CTL_VERIFY_USAGE_STATUS))
  317. goto InvalidArg;
  320. fResult = VerifyOIDUsage(
  321. dwEncodingType,
  322. dwSubjectType,
  323. pvSubject,
  324. pSubjectUsage,
  325. dwFlags,
  326. pVerifyUsagePara,
  327. pVerifyUsageStatus);
  328. if (!fResult) {
  329. DWORD dwError = pVerifyUsageStatus->dwError;
  331. fResult = VerifyDefaultUsage(
  332. dwEncodingType,
  333. dwSubjectType,
  334. pvSubject,
  335. pSubjectUsage,
  336. dwFlags,
  337. pVerifyUsagePara,
  338. pVerifyUsageStatus);
  339. if (!fResult) {
  340. UpdateUsageError(pVerifyUsageStatus->dwError, &dwError);
  341. ZeroUsageStatus(pVerifyUsageStatus);
  342. pVerifyUsageStatus->dwError = dwError;
  343. SetLastError(dwError);
  344. }
  345. }
  347. CommonReturn:
  348. return fResult;
  349. ErrorReturn:
  350. fResult = FALSE;
  351. goto CommonReturn;
  353. SET_ERROR(InvalidArg, E_INVALIDARG)
  354. }