archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
4.9 GiB
Tree: 5c6fe3db62
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c6fe3db62'
${ noResults }
windows-server-2003/inetcore/setup/ieak5/ieakeng/seccerts.cpp

302 lines
10 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. //
  2. // SECCERTS.CPP
  3. //
  5. #include "precomp.h"
  6. #include <wintrust.h>
  7. #include <wintrustp.h>
  8. #include <cryptui.h>
  10. static BOOL importSiteCertHelper(LPCTSTR pcszInsFile, LPCTSTR pcszSCWorkDir, LPCTSTR pcszSCInf, BOOL fImportSC);
  11. static BOOL importAuthCodeHelper(LPCTSTR pcszInsFile, LPCTSTR pcszAuthWorkDir, LPCTSTR pcszAuthInf, BOOL fImportAuth);
  13. BOOL WINAPI ImportSiteCertA(LPCSTR pcszInsFile, LPCSTR pcszSCWorkDir, LPCSTR pcszSCInf, BOOL fImportSC)
  14. {
  15. USES_CONVERSION;
  17. return importSiteCertHelper(A2CT(pcszInsFile), A2CT(pcszSCWorkDir), A2CT(pcszSCInf), fImportSC);
  18. }
  20. BOOL WINAPI ImportSiteCertW(LPCWSTR pcwszInsFile, LPCWSTR pcwszSCWorkDir, LPCWSTR pcwszSCInf, BOOL fImportSC)
  21. {
  22. USES_CONVERSION;
  24. return importSiteCertHelper(W2CT(pcwszInsFile), W2CT(pcwszSCWorkDir), W2CT(pcwszSCInf), fImportSC);
  25. }
  27. BOOL WINAPI ModifySiteCert(HWND hDlg)
  28. {
  29. typedef DWORD (WINAPI * CRYPTUIDLGCERTMGR)(PCCRYPTUI_CERT_MGR_STRUCT);
  31. BOOL fRet;
  32. HINSTANCE hCryptUI;
  33. CRYPTUIDLGCERTMGR lpfnCryptUIDlgCertMgr;
  34. CRYPTUI_CERT_MGR_STRUCT ccm;
  36. fRet = FALSE;
  38. hCryptUI = NULL;
  40. if ((hCryptUI = LoadLibrary(TEXT("cryptui.dll"))) == NULL)
  41. goto Exit;
  43. if ((lpfnCryptUIDlgCertMgr = (CRYPTUIDLGCERTMGR) GetProcAddress(hCryptUI, "CryptUIDlgCertMgr")) == NULL)
  44. goto Exit;
  46. fRet = TRUE;
  48. // call into cryptui.dll to modify the certs
  49. ZeroMemory(&ccm, sizeof(ccm));
  50. ccm.dwSize = sizeof(ccm);
  51. ccm.hwndParent = hDlg;
  52. lpfnCryptUIDlgCertMgr(&ccm);
  54. Exit:
  55. if (hCryptUI != NULL)
  56. FreeLibrary(hCryptUI);
  58. return fRet;
  59. }
  61. BOOL WINAPI ImportAuthCodeA(LPCSTR pcszInsFile, LPCSTR pcszAuthWorkDir, LPCSTR pcszAuthInf, BOOL fImportAuth)
  62. {
  63. USES_CONVERSION;
  65. return importAuthCodeHelper(A2CT(pcszInsFile), A2CT(pcszAuthWorkDir), A2CT(pcszAuthInf), fImportAuth);
  66. }
  68. BOOL WINAPI ImportAuthCodeW(LPCWSTR pcwszInsFile, LPCWSTR pcwszAuthWorkDir, LPCWSTR pcwszAuthInf, BOOL fImportAuth)
  69. {
  70. USES_CONVERSION;
  72. return importAuthCodeHelper(W2CT(pcwszInsFile), W2CT(pcwszAuthWorkDir), W2CT(pcwszAuthInf), fImportAuth);
  73. }
  75. BOOL WINAPI ModifyAuthCode(HWND hDlg)
  76. {
  77. HINSTANCE hWinTrust = NULL;
  78. HINSTANCE hSoftPub = NULL;
  79. BOOL fRet = FALSE;
  82. //Thanks to a change from the crypto team, this needs to behave differently on whistler
  83. if (IsOS(OS_WHISTLERORGREATER))
  84. {
  85. typedef BOOL (WINAPI * OPENPERSONALTRUSTDBDIALOGEX)(HWND,DWORD,PVOID);
  87. OPENPERSONALTRUSTDBDIALOGEX pfnOpenPersonalTrustDBDialogEx;
  89. hWinTrust = NULL;
  90. hSoftPub = NULL;
  92. if ((hWinTrust = LoadLibrary(TEXT("wintrust.dll"))) == NULL)
  93. goto Exit;
  95. if ((pfnOpenPersonalTrustDBDialogEx = (OPENPERSONALTRUSTDBDIALOGEX) GetProcAddress(hWinTrust, "OpenPersonalTrustDBDialogEx")) == NULL)
  96. goto Exit;
  98. fRet = TRUE;
  99. DWORD dwFlags = WT_TRUSTDBDIALOG_ONLY_PUB_TAB_FLAG|WT_TRUSTDBDIALOG_WRITE_LEGACY_REG_FLAG|WT_TRUSTDBDIALOG_WRITE_IEAK_STORE_FLAG;
  101. // call into wintrust.dll/softpub.dll to modify the certs
  102. pfnOpenPersonalTrustDBDialogEx(hDlg,dwFlags,NULL);
  103. }
  104. else
  105. {
  106. typedef BOOL (WINAPI * OPENPERSONALTRUSTDBDIALOG)(HWND);
  108. HINSTANCE hWinTrust, hSoftPub;
  110. OPENPERSONALTRUSTDBDIALOG pfnOpenPersonalTrustDBDialog;
  112. hWinTrust = NULL;
  113. hSoftPub = NULL;
  115. if ((hWinTrust = LoadLibrary(TEXT("wintrust.dll"))) == NULL)
  116. goto Exit;
  118. if ((pfnOpenPersonalTrustDBDialog = (OPENPERSONALTRUSTDBDIALOG) GetProcAddress(hWinTrust, "OpenPersonalTrustDBDialog")) == NULL)
  119. {
  120. FreeLibrary(hWinTrust);
  121. hWinTrust = NULL;
  123. // We can also find the same function on NT machines (and possibly future Win9x's)
  124. // in SOFTPUB.DLL, so make another check there too
  125. if ((hSoftPub = LoadLibrary(TEXT("softpub.dll"))) == NULL)
  126. goto Exit;
  127. if ((pfnOpenPersonalTrustDBDialog = (OPENPERSONALTRUSTDBDIALOG) GetProcAddress(hSoftPub, "OpenPersonalTrustDBDialog")) == NULL)
  128. goto Exit;
  129. }
  131. fRet = TRUE;
  133. // call into wintrust.dll/softpub.dll to modify the certs
  134. pfnOpenPersonalTrustDBDialog(hDlg);
  136. }
  138. Exit:
  139. if (hWinTrust != NULL)
  140. FreeLibrary(hWinTrust);
  142. if (hSoftPub != NULL)
  143. FreeLibrary(hSoftPub);
  145. return fRet;
  146. }
  148. static BOOL importSiteCertHelper(LPCTSTR pcszInsFile, LPCTSTR pcszSCWorkDir, LPCTSTR pcszSCInf, BOOL fImportSC)
  149. {
  150. BOOL bRet = FALSE;
  151. TCHAR szFullInfName[MAX_PATH];
  152. HANDLE hInf;
  154. if (pcszInsFile == NULL || pcszSCInf == NULL)
  155. return FALSE;
  157. // Before processing anything, first clear out the entries in the INS file and delete work dirs
  159. // clear out the entries in the INS file that correspond to importing security certificates
  160. InsDeleteKey(SECURITY_IMPORTS, TEXT("ImportSiteCert"), pcszInsFile);
  161. InsDeleteKey(IS_EXTREGINF, TEXT("SiteCert"), pcszInsFile);
  162. InsDeleteKey(IS_EXTREGINF_HKLM, TEXT("SiteCert"), pcszInsFile);
  163. InsDeleteKey(IS_EXTREGINF_HKCU, TEXT("SiteCert"), pcszInsFile);
  165. // blow away the pcszSCWorkDir and pcszSCInf
  166. if (pcszSCWorkDir != NULL)
  167. PathRemovePath(pcszSCWorkDir);
  168. PathRemovePath(pcszSCInf);
  170. if (!fImportSC)
  171. return TRUE;
  173. if (pcszSCWorkDir != NULL && PathIsFileSpec(pcszSCInf)) // create SITECERT.INF under pcszSCWorkDir
  174. PathCombine(szFullInfName, pcszSCWorkDir, pcszSCInf);
  175. else
  176. StrCpy(szFullInfName, pcszSCInf);
  178. // create SITECERT.INF file
  179. if ((hInf = CreateNewFile(szFullInfName)) != INVALID_HANDLE_VALUE)
  180. {
  181. TCHAR szBuf[MAX_PATH];
  182. HKEY hkSite1 = NULL, hkSite2 = NULL;
  184. // first, write the standard goo - [Version], [DefaultInstall], etc. - to SITECERT.INF
  185. WriteStringToFile(hInf, (LPCVOID) SC_INF_ADD, StrLen(SC_INF_ADD));
  187. SHOpenKeyHKLM(REG_KEY_SITECERT1, KEY_DEFAULT_ACCESS, &hkSite1);
  188. SHOpenKeyHKLM(REG_KEY_SITECERT2, KEY_DEFAULT_ACCESS, &hkSite2);
  189. if (hkSite1 != NULL && hkSite2 != NULL)
  190. {
  191. ExportRegTree2Inf(hkSite1, TEXT("HKLM"), REG_KEY_SITECERT1, hInf);
  192. ExportRegTree2Inf(hkSite2, TEXT("HKLM"), REG_KEY_SITECERT2, hInf);
  194. bRet = TRUE;
  195. }
  196. SHCloseKey(hkSite1);
  197. SHCloseKey(hkSite2);
  199. SHOpenKeyHKCU(REG_KEY_SITECERT1, KEY_DEFAULT_ACCESS, &hkSite1);
  200. SHOpenKeyHKCU(REG_KEY_SITECERT2, KEY_DEFAULT_ACCESS, &hkSite2);
  201. if (hkSite1 != NULL && hkSite2 != NULL)
  202. {
  203. // write [AddReg.HKCU]
  204. WriteStringToFile(hInf, (LPCVOID) SC_INF_ADDREG_HKCU, StrLen(SC_INF_ADDREG_HKCU));
  205. ExportRegTree2Inf(hkSite1, TEXT("HKCU"), REG_KEY_SITECERT1, hInf);
  206. ExportRegTree2Inf(hkSite2, TEXT("HKCU"), REG_KEY_SITECERT2, hInf);
  208. bRet = TRUE;
  209. }
  210. SHCloseKey(hkSite1);
  211. SHCloseKey(hkSite2);
  213. CloseHandle(hInf);
  215. // update the INS file
  216. InsWriteBool(SECURITY_IMPORTS, TEXT("ImportSiteCert"), TRUE, pcszInsFile);
  217. wnsprintf(szBuf, countof(szBuf), TEXT("*,%s,") IS_DEFAULTINSTALL, PathFindFileName(pcszSCInf));
  218. WritePrivateProfileString(IS_EXTREGINF, TEXT("SiteCert"), szBuf, pcszInsFile);
  220. // write to new ExtRegInf.HKLM and ExtRegInf.HKCU sections
  221. if (!InsIsSectionEmpty(IS_IEAKADDREG_HKLM, szFullInfName))
  222. {
  223. wnsprintf(szBuf, countof(szBuf), TEXT("%s,") IS_IEAKINSTALL_HKLM, PathFindFileName(pcszSCInf));
  224. WritePrivateProfileString(IS_EXTREGINF_HKLM, TEXT("SiteCert"), szBuf, pcszInsFile);
  225. }
  227. if (!InsIsSectionEmpty(IS_IEAKADDREG_HKCU, szFullInfName))
  228. {
  229. wnsprintf(szBuf, countof(szBuf), TEXT("%s,") IS_IEAKINSTALL_HKCU, PathFindFileName(pcszSCInf));
  230. WritePrivateProfileString(IS_EXTREGINF_HKCU, TEXT("SiteCert"), szBuf, pcszInsFile);
  231. }
  232. }
  234. return bRet;
  235. }
  237. static BOOL importAuthCodeHelper(LPCTSTR pcszInsFile, LPCTSTR pcszAuthWorkDir, LPCTSTR pcszAuthInf, BOOL fImportAuth)
  238. {
  239. BOOL bRet = FALSE;
  240. HKEY hkAuth;
  242. if (pcszInsFile == NULL || pcszAuthInf == NULL)
  243. return FALSE;
  245. // Before processing anything, first clear out the entries in the INS file and delete work dirs
  247. // clear out the entries in the INS file that correspond to importing authenticode settings
  248. InsDeleteKey(SECURITY_IMPORTS, TEXT("ImportAuthCode"), pcszInsFile);
  249. InsDeleteKey(IS_EXTREGINF, TEXT("AuthCode"), pcszInsFile);
  250. InsDeleteKey(IS_EXTREGINF_HKLM, TEXT("AuthCode"), pcszInsFile);
  252. // blow away the pcszAuthWorkDir and pcszAuthInf
  253. if (pcszAuthWorkDir != NULL)
  254. PathRemovePath(pcszAuthWorkDir);
  255. PathRemovePath(pcszAuthInf);
  257. if (!fImportAuth)
  258. return TRUE;
  260. if (SHOpenKeyHKCU(REG_KEY_AUTHENTICODE, KEY_DEFAULT_ACCESS, &hkAuth) == ERROR_SUCCESS)
  261. {
  262. TCHAR szFullInfName[MAX_PATH];
  263. HANDLE hInf;
  265. if (pcszAuthWorkDir != NULL && PathIsFileSpec(pcszAuthInf)) // create AUTHCODE.INF under pcszAuthWorkDir
  266. PathCombine(szFullInfName, pcszAuthWorkDir, pcszAuthInf);
  267. else
  268. StrCpy(szFullInfName, pcszAuthInf);
  270. // create AUTHCODE.INF file
  271. if ((hInf = CreateNewFile(szFullInfName)) != INVALID_HANDLE_VALUE)
  272. {
  273. TCHAR szBuf[MAX_PATH];
  275. // first, write the standard goo - [Version], [DefaultInstall], etc. - to AUTHCODE.INF
  276. WriteStringToFile(hInf, (LPCVOID) AUTH_INF_ADD, StrLen(AUTH_INF_ADD));
  278. ExportRegTree2Inf(hkAuth, TEXT("HKCU"), REG_KEY_AUTHENTICODE, hInf);
  280. CloseHandle(hInf);
  282. // update the INS file
  283. InsWriteBool(SECURITY_IMPORTS, TEXT("ImportAuthCode"), TRUE, pcszInsFile);
  284. wnsprintf(szBuf, countof(szBuf), TEXT("*,%s,") IS_DEFAULTINSTALL, PathFindFileName(pcszAuthInf));
  285. WritePrivateProfileString(IS_EXTREGINF, TEXT("AuthCode"), szBuf, pcszInsFile);
  287. // write to new ExtRegInf.HKCU section
  288. if (!InsIsSectionEmpty(IS_IEAKADDREG_HKCU, szFullInfName))
  289. {
  290. wnsprintf(szBuf, countof(szBuf), TEXT("%s,") IS_IEAKINSTALL_HKCU, PathFindFileName(pcszAuthInf));
  291. WritePrivateProfileString(IS_EXTREGINF_HKCU, TEXT("AuthCode"), szBuf, pcszInsFile);
  292. }
  294. bRet = TRUE;
  295. }
  297. SHCloseKey(hkAuth);
  298. }
  300. return bRet;
  301. }