archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 5c6fe3db62
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c6fe3db62'
${ noResults }
windows-server-2003/ds/security/cryptoapi/pkitrust/softpub/callui.cpp

462 lines
12 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. //+-------------------------------------------------------------------------
  2. //
  3. // Microsoft Windows
  4. //
  5. // Copyright (C) Microsoft Corporation, 1996 - 1999
  6. //
  7. // File: callui.cpp
  8. //
  9. // Contents: Microsoft Internet Security Authenticode Policy Provider
  10. //
  11. // Functions: SoftpubCallUI
  12. //
  13. // *** local functions ***
  14. // _AllocGetOpusInfo
  15. //
  16. // History: 06-Jun-1997 pberkman created
  17. //
  18. //--------------------------------------------------------------------------
  20. #include "global.hxx"
  21. #include "trustdb.h"
  22. #include "acui.h"
  23. #include "winsafer.h"
  25. SPC_SP_OPUS_INFO *_AllocGetOpusInfo(CRYPT_PROVIDER_DATA *pProvData, CRYPT_PROVIDER_SGNR *pSigner,
  26. DWORD *pcbOpusInfo);
  30. #define MIN_HASH_LEN 16
  31. #define MAX_HASH_LEN 20
  33. // Returns:
  34. // S_FALSE
  35. // not found in the database
  36. // TRUST_E_SYSTEM_ERROR
  37. // system errors while attempting to do the check
  38. // S_OK
  39. // found in the database
  40. // TRUST_E_EXPLICIT_DISTRUST
  41. // explicitly disallowed in the database or revoked
  42. HRESULT _CheckTrustedPublisher(
  43. CRYPT_PROVIDER_DATA *pProvData,
  44. DWORD dwError,
  45. BOOL fOnlyDisallowed
  46. )
  47. {
  48. CRYPT_PROVIDER_SGNR *pSigner;
  49. PCCERT_CONTEXT pPubCert;
  50. BYTE rgbHash[MAX_HASH_LEN];
  51. CRYPT_DATA_BLOB HashBlob;
  52. HCERTSTORE hStore;
  54. if (CERT_E_REVOKED == dwError)
  55. {
  56. return TRUST_E_EXPLICIT_DISTRUST;
  57. }
  59. pSigner = WTHelperGetProvSignerFromChain(pProvData, 0, FALSE, 0);
  61. if (NULL == pSigner || pSigner->csCertChain <= 0)
  62. {
  63. return S_FALSE;
  64. }
  66. pPubCert = WTHelperGetProvCertFromChain(pSigner, 0)->pCert;
  68. // Check if disallowed.
  70. // Since the signature component can be altered, must use the signature
  71. // hash
  73. HashBlob.pbData = rgbHash;
  74. HashBlob.cbData = MAX_HASH_LEN;
  75. if (!CertGetCertificateContextProperty(
  76. pPubCert,
  77. CERT_SIGNATURE_HASH_PROP_ID,
  78. rgbHash,
  79. &HashBlob.cbData
  80. ) || MIN_HASH_LEN > HashBlob.cbData)
  81. {
  82. return TRUST_E_SYSTEM_ERROR;
  83. }
  85. hStore = OpenDisallowedStore();
  87. if (hStore)
  88. {
  89. PCCERT_CONTEXT pFoundCert;
  91. pFoundCert = CertFindCertificateInStore(
  92. hStore,
  93. 0, // dwCertEncodingType
  94. 0, // dwFindFlags
  95. CERT_FIND_SIGNATURE_HASH,
  96. (const void *) &HashBlob,
  97. NULL //pPrevCertContext
  98. );
  100. CertCloseStore(hStore, 0);
  101. if (pFoundCert)
  102. {
  103. CertFreeCertificateContext(pFoundCert);
  104. return TRUST_E_EXPLICIT_DISTRUST;
  105. }
  106. }
  108. if (fOnlyDisallowed)
  109. {
  110. return S_FALSE;
  111. }
  113. if (S_OK != dwError)
  114. {
  115. // Everything must be valid to allow a trusted publisher
  116. return S_FALSE;
  117. }
  119. // Check if trusted publisher
  121. hStore = OpenTrustedPublisherStore();
  123. if (hStore)
  124. {
  125. PCCERT_CONTEXT pFoundCert;
  127. pFoundCert = CertFindCertificateInStore(
  128. hStore,
  129. 0, // dwCertEncodingType
  130. 0, // dwFindFlags
  131. CERT_FIND_SIGNATURE_HASH,
  132. (const void *) &HashBlob,
  133. NULL //pPrevCertContext
  134. );
  136. CertCloseStore(hStore, 0);
  137. if (pFoundCert)
  138. {
  139. CertFreeCertificateContext(pFoundCert);
  140. return S_OK;
  141. }
  142. }
  144. return S_FALSE;
  145. }
  148. typedef BOOL (WINAPI *PFN_SAFERI_SEARCH_MATCHING_HASH_RULES)(
  149. IN ALG_ID HashAlgorithm OPTIONAL,
  150. IN PBYTE pHashBytes,
  151. IN DWORD dwHashSize,
  152. IN DWORD dwOriginalImageSize OPTIONAL,
  153. OUT PDWORD pdwFoundLevel,
  154. OUT PDWORD pdwUIFlags
  155. );
  157. // Returns:
  158. // S_FALSE
  159. // not found in the database
  160. // S_OK
  161. // fully trusted in the database
  162. // TRUST_E_EXPLICIT_DISTRUST
  163. // explicitly disallowed in the database
  164. HRESULT _CheckTrustedCodeHash(CRYPT_PROVIDER_DATA *pProvData)
  165. {
  166. static BOOL fGotProcAddr = FALSE;
  167. static PFN_SAFERI_SEARCH_MATCHING_HASH_RULES
  168. pfnCodeAuthzSearchMatchingHashRules = NULL;
  170. DWORD cbHash;
  172. if (pProvData->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_OBJPROV] == 0 &&
  173. pProvData->pPDSip && pProvData->pPDSip->psIndirectData)
  174. {
  175. cbHash = pProvData->pPDSip->psIndirectData->Digest.cbData;
  176. }
  177. else
  178. {
  179. cbHash = 0;
  180. }
  182. if (0 == cbHash)
  183. {
  184. return S_FALSE;
  185. }
  187. // wintrust.dll has a static dependency on advapi32.dll. However, not
  188. // all advapi32.dll's will export "SaferiSearchMatchingHashRules"
  189. if (!fGotProcAddr)
  190. {
  191. HMODULE hModule;
  193. hModule = GetModuleHandleA("advapi32.dll");
  194. if (NULL != hModule)
  195. {
  196. pfnCodeAuthzSearchMatchingHashRules =
  197. (PFN_SAFERI_SEARCH_MATCHING_HASH_RULES) GetProcAddress(
  198. hModule, "SaferiSearchMatchingHashRules");
  199. }
  201. fGotProcAddr = TRUE;
  202. }
  204. if (NULL != pfnCodeAuthzSearchMatchingHashRules)
  205. {
  206. __try
  207. {
  208. DWORD dwFoundLevel = 0xFFFFFFFF;
  209. DWORD dwUIFlags = 0;
  211. if (pfnCodeAuthzSearchMatchingHashRules(
  212. CertOIDToAlgId(pProvData->pPDSip->psIndirectData->DigestAlgorithm.pszObjId),
  213. pProvData->pPDSip->psIndirectData->Digest.pbData,
  214. cbHash,
  215. 0, // dwOriginalImageSize
  216. &dwFoundLevel,
  217. &dwUIFlags
  218. ))
  219. {
  220. switch (dwFoundLevel)
  221. {
  222. case SAFER_LEVELID_FULLYTRUSTED:
  223. return S_OK;
  224. case SAFER_LEVELID_DISALLOWED:
  225. return TRUST_E_EXPLICIT_DISTRUST;
  226. }
  227. }
  228. }
  229. __except(EXCEPTION_EXECUTE_HANDLER)
  230. {
  231. }
  232. }
  234. return S_FALSE;
  235. }
  238. HRESULT SoftpubCallUI(CRYPT_PROVIDER_DATA *pProvData, DWORD dwError, BOOL fFinalCall)
  239. {
  240. HRESULT hr;
  241. DWORD dwUIChoice;
  243. if (!(fFinalCall))
  244. {
  245. // TBDTBD: if we want the user to get involved along the way???
  246. return(ERROR_SUCCESS);
  247. }
  249. if (0 == (pProvData->dwProvFlags & WTD_SAFER_FLAG))
  250. {
  251. if (!(pProvData->dwRegPolicySettings & WTPF_ALLOWONLYPERTRUST) &&
  252. (pProvData->pWintrustData->dwUIChoice == WTD_UI_NONE))
  253. {
  254. if (S_OK == dwError || ((DWORD) CERT_E_REVOKED) == dwError)
  255. {
  256. //
  257. // Check for explicitly trusted or disallowed code
  258. //
  259. hr = _CheckTrustedCodeHash(pProvData);
  260. if (S_FALSE != hr)
  261. {
  262. if (S_OK == hr)
  263. {
  264. // Ensure we always indicate trust.
  265. pProvData->dwFinalError = 0;
  266. }
  267. return hr;
  268. }
  270. //
  271. // Check for untrusted publisher
  272. //
  273. hr = _CheckTrustedPublisher(pProvData, dwError, TRUE);
  274. if (TRUST_E_EXPLICIT_DISTRUST == hr)
  275. {
  276. return TRUST_E_EXPLICIT_DISTRUST;
  277. }
  278. }
  280. return(dwError);
  281. }
  282. }
  285. //
  286. // Check for trusted or disallowed subject hash
  287. //
  288. hr = _CheckTrustedCodeHash(pProvData);
  289. if (S_FALSE != hr)
  290. {
  291. if (S_OK == hr)
  292. {
  293. // Ensure we always indicate trust.
  294. pProvData->dwFinalError = 0;
  295. }
  296. return hr;
  297. }
  299. //
  300. // Check for trusted or disallowed publisher
  301. //
  302. hr = _CheckTrustedPublisher(pProvData, dwError, FALSE);
  303. if (S_FALSE != hr)
  304. {
  305. if (S_OK == hr)
  306. {
  307. // Ensure we always indicate trust.
  308. pProvData->dwFinalError = 0;
  309. }
  310. return hr;
  311. }
  313. if (pProvData->dwRegPolicySettings & WTPF_ALLOWONLYPERTRUST)
  314. {
  315. if (0 == dwError)
  316. {
  317. return CRYPT_E_SECURITY_SETTINGS;
  318. }
  319. return dwError;
  320. }
  322. dwUIChoice = pProvData->pWintrustData->dwUIChoice;
  324. if ((dwUIChoice == WTD_UI_NONE) ||
  325. ((dwUIChoice == WTD_UI_NOBAD) && (dwError != ERROR_SUCCESS)) ||
  326. ((dwUIChoice == WTD_UI_NOGOOD) && (dwError == ERROR_SUCCESS)))
  327. {
  328. if (0 == dwError)
  329. {
  330. // No explicit trust
  331. pProvData->dwFinalError = TRUST_E_SUBJECT_NOT_TRUSTED;
  332. }
  333. return dwError;
  334. }
  336. //
  337. // call the ui
  338. //
  339. HINSTANCE hModule = NULL;
  340. IPersonalTrustDB *pTrustDB = NULL;
  341. ACUI_INVOKE_INFO aii;
  342. pfnACUIProviderInvokeUI pfn = NULL;
  343. DWORD cbOpusInfo;
  344. CRYPT_PROVIDER_SGNR *pRootSigner;
  346. pRootSigner = WTHelperGetProvSignerFromChain(pProvData, 0, FALSE, 0);
  348. OpenTrustDB(NULL, IID_IPersonalTrustDB, (LPVOID*)&pTrustDB);
  350. memset(&aii, 0x00, sizeof(ACUI_INVOKE_INFO));
  352. //
  353. // Setup the UI invokation
  354. //
  356. aii.cbSize = sizeof(ACUI_INVOKE_INFO);
  357. aii.hDisplay = pProvData->hWndParent;
  358. aii.pProvData = pProvData;
  359. aii.hrInvokeReason = dwError;
  360. aii.pwcsAltDisplayName = WTHelperGetFileName(pProvData->pWintrustData);
  361. aii.pPersonalTrustDB = (IUnknown *)pTrustDB;
  363. if (pRootSigner)
  364. {
  365. aii.pOpusInfo = _AllocGetOpusInfo(pProvData, pRootSigner, &cbOpusInfo);
  366. }
  368. //
  369. // Load the default authenticode UI.
  370. //
  371. if (hModule = LoadLibraryA(CVP_DLL))
  372. {
  373. pfn = (pfnACUIProviderInvokeUI)GetProcAddress(hModule, "ACUIProviderInvokeUI");
  374. }
  376. //
  377. // Invoke the UI
  378. //
  379. if (pfn)
  380. {
  381. hr = (*pfn)(&aii);
  382. }
  383. else
  384. {
  385. hr = TRUST_E_PROVIDER_UNKNOWN;
  386. pProvData->dwError = hr;
  387. pProvData->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_UIPROV] = hr;
  389. DBG_PRINTF((DBG_SS, "Unable to load CRYPTUI.DLL\n"));
  391. }
  393. //
  394. // Return the appropriate code
  395. //
  397. if (pTrustDB)
  398. {
  399. pTrustDB->Release();
  400. }
  402. if (aii.pOpusInfo)
  403. {
  404. TrustFreeDecode(WVT_MODID_SOFTPUB, (BYTE **)&aii.pOpusInfo);
  405. }
  407. if (hModule)
  408. {
  409. FreeLibrary(hModule);
  410. }
  412. return hr;
  413. }
  416. SPC_SP_OPUS_INFO *_AllocGetOpusInfo(CRYPT_PROVIDER_DATA *pProvData, CRYPT_PROVIDER_SGNR *pSigner,
  417. DWORD *pcbOpusInfo)
  418. {
  419. PCRYPT_ATTRIBUTE pAttr;
  420. PSPC_SP_OPUS_INFO pInfo;
  422. pInfo = NULL;
  424. if (!(pSigner->psSigner))
  425. {
  426. goto NoSigner;
  427. }
  429. if (pSigner->psSigner->AuthAttrs.cAttr == 0)
  430. {
  431. goto NoOpusAttribute;
  432. }
  434. if (!(pAttr = CertFindAttribute(SPC_SP_OPUS_INFO_OBJID,
  435. pSigner->psSigner->AuthAttrs.cAttr,
  436. pSigner->psSigner->AuthAttrs.rgAttr)))
  437. {
  438. goto NoOpusAttribute;
  439. }
  441. if (!(pAttr->rgValue))
  442. {
  443. goto NoOpusAttribute;
  444. }
  446. if (!(TrustDecode(WVT_MODID_SOFTPUB, (BYTE **)&pInfo, pcbOpusInfo, 200,
  447. pProvData->dwEncoding, SPC_SP_OPUS_INFO_STRUCT,
  448. pAttr->rgValue->pbData, pAttr->rgValue->cbData, CRYPT_DECODE_NOCOPY_FLAG)))
  449. {
  450. goto DecodeError;
  451. }
  453. return(pInfo);
  455. ErrorReturn:
  456. return(NULL);
  458. TRACE_ERROR_EX(DBG_SS, NoSigner);
  459. TRACE_ERROR_EX(DBG_SS, NoOpusAttribute);
  460. TRACE_ERROR_EX(DBG_SS, DecodeError);
  461. }