|
|
//+--------------------------------------------------------------------------
//
// Microsoft Windows
// Copyright (C) Microsoft Corporation, 1996 - 1999
//
// File: setup.cpp
//
// Contents:
//
//---------------------------------------------------------------------------
#include "pch.cpp"
#pragma hdrstop
#include <assert.h>
#include <accctrl.h>
#include <ntldap.h>
#include "certca.h"
#include "cainfop.h"
#include "csldap.h"
#include "dssetup.h"
#define __dwFILE__ __dwFILE_OCMSETUP_DSSETUP_CPP__
typedef HRESULT (* LPFNDLL_INSTALL)(BOOL bInstall, LPCWSTR pszCmdLine);
BOOLIsCAExistInDS( IN WCHAR const *pwszSanitizedName){ BOOL exist = FALSE; HRESULT hr; HCAINFO hCAInfo = NULL; WCHAR *pwszDSName = NULL;
hr = mySanitizedNameToDSName(pwszSanitizedName, &pwszDSName); _JumpIfError(hr, error, "mySanitizedNameToDSName");
hr = CAFindByName( pwszDSName, NULL, CA_FIND_INCLUDE_UNTRUSTED | CA_FIND_INCLUDE_NON_TEMPLATE_CA, &hCAInfo); _JumpIfErrorStr(hr, error, "IsCAExistInDS:CAFindByName", pwszDSName);
if (NULL == hCAInfo) { hr = E_INVALIDARG; _JumpError(hr, error, "invalid CA in DS"); } exist = TRUE;
error: if (NULL != pwszDSName) { LocalFree(pwszDSName); } if (NULL != hCAInfo) { CACloseCA(hCAInfo); } return exist;}
BOOLIsDSAvailable( OPTIONAL OUT bool *pfIsOldDSVersion){ HRESULT hr; BOOL available = FALSE; LDAP *pld = NULL; HMODULE hMod = NULL;
if (NULL != pfIsOldDSVersion) { *pfIsOldDSVersion = false; }
// fail out quickly if DS not present on domain
hr = myDoesDSExist(FALSE); _JumpIfError(hr, error, "myDoesDSExist");
hMod = LoadLibrary(L"wldap32.dll"); if (NULL == hMod) { hr = myHLastError(); _JumpErrorStr(hr, error, "LoadLibrary", L"wldap32.dll"); } available = TRUE;
// If the caller is checking for an old DS, turn on RLBF_REQUIRE_LDAP_INTEG
// to test for the presence of a required DS bug fix:
hr = myRobustLdapBindEx( 0, // dwFlags1
(NULL != pfIsOldDSVersion? RLBF_REQUIRE_LDAP_INTEG : 0) | RLBF_REQUIRE_SECURE_LDAP, // dwFlags2
LDAP_VERSION2, // uVersion
NULL, // pwszDomainName
&pld, NULL); // ppwszForestDNSName
if (NULL != pfIsOldDSVersion && CERTSRV_E_DOWNLEVEL_DC_SSL_OR_UPGRADE == hr) { *pfIsOldDSVersion = true; } _JumpIfError(hr, error, "myRobustLdapBindEx");
error: if (NULL != pld) { ldap_unbind(pld); } if (NULL != hMod) { FreeLibrary(hMod); } return available;}
HRESULTRemoveCAInDS( IN WCHAR const *pwszSanitizedName){ HRESULT hr; HCAINFO hCAInfo = NULL; WCHAR *pwszDSName = NULL;
hr = mySanitizedNameToDSName(pwszSanitizedName, &pwszDSName); _JumpIfError(hr, error, "mySanitizedNameToDSName");
hr = CAFindByName( pwszDSName, NULL, CA_FIND_INCLUDE_UNTRUSTED | CA_FIND_INCLUDE_NON_TEMPLATE_CA, &hCAInfo); _JumpIfErrorStr(hr, error, "RemoveCAInDS:CAFindByName", pwszDSName);
if (NULL == hCAInfo) { hr = E_INVALIDARG; _JumpError(hr, error, "invalid CA in DS"); } hr = CADeleteCA(hCAInfo); _JumpIfError(hr, error, "CADeleteCA");
hr = RemoveCAMachineFromCertPublishers(); _JumpIfError(hr, error, "RemoveCAMachineFromCertPublishers");
if(FIsAdvancedServer()) { hr = RemoveCAMachineFromPreWin2kGroup(); _JumpIfError(hr, error, "RemoveCAMachineFromPreWin2kGroup"); }
error: if (NULL != pwszDSName) { LocalFree(pwszDSName); } if (NULL != hCAInfo) { CACloseCA(hCAInfo); } return hr;}
HRESULTCreateCertDSHierarchy(VOID){
HRESULT hr = S_OK; ULONG ldaperr; LDAP *pld = NULL; LDAPMod objectClass;
WCHAR *objectClassVals[3]; LDAPMod *mods[2]; BSTR bstrConfigDN = NULL;
WCHAR * awszLocations[] = { L"CN=Public Key Services,CN=Services,", L"CN=Enrollment Services,CN=Public Key Services,CN=Services,", NULL, };
WCHAR ** pwszCurLocation; DWORD cbBuffer; BSTR bstrBuffer = NULL;
// bind to ds
hr = myLdapOpen( NULL, // pwszDomainName
RLBF_REQUIRE_SECURE_LDAP, // dwFlags
&pld, NULL, // pstrDomainDN
&bstrConfigDN); _JumpIfError(hr, error, "myLdapOpen");
pwszCurLocation = awszLocations; // Build the Public Key Services container
mods[0] = &objectClass; mods[1] = NULL;
objectClass.mod_op = 0; objectClass.mod_type = TEXT("objectclass"); objectClass.mod_values = objectClassVals;
objectClassVals[0] = TEXT("top"); objectClassVals[1] = TEXT("container"); objectClassVals[2] = NULL;
while(*pwszCurLocation) { cbBuffer = wcslen(*pwszCurLocation) + wcslen(bstrConfigDN) + 1;
// Build a string containing the CA Location
bstrBuffer = SysAllocStringLen(NULL, cbBuffer); if(bstrBuffer == NULL) { hr = E_OUTOFMEMORY; goto error; } wcscpy(bstrBuffer, *pwszCurLocation); wcscat(bstrBuffer, bstrConfigDN);
ldaperr = ldap_add_s(pld, bstrBuffer, mods); SysFreeString(bstrBuffer); if(ldaperr != LDAP_SUCCESS && ldaperr != LDAP_ALREADY_EXISTS) { hr = myHLdapError(pld, ldaperr, NULL); goto error; } pwszCurLocation++; }
error: myLdapClose(pld, NULL, bstrConfigDN); return(hr);}
//
HRESULT InitializeCertificateTemplates(VOID){ HRESULT hr = S_OK; DWORD err = ERROR_SUCCESS;
HINSTANCE hCertCli = NULL; LPFNDLL_INSTALL lpfnDllInstall = NULL;
hCertCli = LoadLibrary(L"certcli.dll"); if(hCertCli == NULL) { hr = myHLastError(); goto error; } lpfnDllInstall = (LPFNDLL_INSTALL)GetProcAddress(hCertCli, "DllInstall"); if(lpfnDllInstall == NULL) { hr = myHLastError(); goto error; } err = lpfnDllInstall(TRUE, L"i"); hr = HRESULT_FROM_WIN32(err);
error:
return hr;
}
HRESULT DNStoDirectoryName(IN LPWSTR wszDNSDomain, OUT LPWSTR *pwszDN)
{ HRESULT hr = S_OK; DWORD cDN; LPWSTR wszResult = NULL;
LPWSTR wszCurrent, wszNext;
if (wszDNSDomain == NULL) { hr = E_POINTER; _JumpError(hr, error, "DNStoDirectoryName"); }
if(0==wcsncmp(wszDNSDomain, L"\\\\", 2)) { // this is a DC DNS name, skip the machine name
wszDNSDomain = wcschr(wszDNSDomain, L'.'); // no dot found?
if(!wszDNSDomain) { hr =E_UNEXPECTED; _JumpError(hr, error, "DC DNS doesn't contain at least one dot"); } // jump over the dot
wszDNSDomain++;
// no domain name following the DC name?
if(L'\0'==*wszDNSDomain) { hr = E_UNEXPECTED; _JumpError(hr, error, "DC DNS name doesn't contain a domain name"); } }
// Estimate the size of the output string
cDN = wcslen(wszDNSDomain) + 3;
wszCurrent=wszDNSDomain;
for (;;) { wszCurrent = wcschr(wszCurrent, L'.'); if (NULL == wszCurrent) { break; } cDN += 4; // sizeof ,DC=
wszCurrent++; } cDN += 1; // NULL terminate
wszResult = (LPWSTR)LocalAlloc(LMEM_FIXED, cDN * sizeof(WCHAR)); if(wszResult == NULL) { hr = E_OUTOFMEMORY; _JumpError(hr, error, "LocalAlloc"); }
wszCurrent=wszDNSDomain;
// prepend the first DC=
wszNext = wszResult + 3; wcscpy(wszResult, L"DC="); while(*wszCurrent) { if(*wszCurrent != '.') { *wszNext++ = *wszCurrent++; } else { wszCurrent++; if(*wszCurrent) { wcscpy(wszNext, L",DC="); wszNext += 4; } } } *wszNext = 0;
if(pwszDN) { *pwszDN = wszResult; wszResult = NULL; }error:
if(wszResult) { LocalFree(wszResult); } return hr;}
|
