archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 5c6fe3db62
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c6fe3db62'
${ noResults }
windows-server-2003/inetsrv/iis/admin/certmap/addcert.cpp

428 lines
13 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. // AddCert.cpp : implementation file
  2. //
  4. #include "stdafx.h"
  5. #include "certmap.h"
  7. // persistence and mapping includes
  8. #include "WrapMaps.h"
  9. #include "wrapmb.h"
  11. #include "ListRow.h"
  12. #include "ChkLstCt.h"
  14. // mapping page includes
  15. #include "brwsdlg.h"
  16. #include "EdtOne11.h"
  17. #include "Ed11Maps.h"
  18. #include "Map11Pge.h"
  20. extern "C"
  21. {
  22. #include <wincrypt.h>
  23. #include <schannel.h>
  24. }
  26. #include <iismap.hxx>
  27. #include <iiscmr.hxx>
  29. #ifdef _DEBUG
  30. #define new DEBUG_NEW
  31. #undef THIS_FILE
  32. static char THIS_FILE[] = __FILE__;
  33. #endif
  36. #define COL_NUM_NAME 0
  37. #define COL_NUM_NTACCOUNT 1
  39. #define CERT_HEADER "-----BEGIN CERTIFICATE-----"
  43. // the code that reads the certificate file is pretty much lifted from the
  44. // keyring application. Which pretty much lifted it from the setkey application
  46. // defines taken from the old KeyGen utility
  47. #define MESSAGE_HEADER "-----BEGIN NEW CERTIFICATE REQUEST-----\r\n"
  48. #define MESSAGE_TRAILER "-----END NEW CERTIFICATE REQUEST-----\r\n"
  49. #define MIME_TYPE "Content-Type: application/x-pkcs10\r\n"
  50. #define MIME_ENCODING "Content-Transfer-Encoding: base64\r\n\r\n"
  52. void uudecode_cert(char *bufcoded, DWORD *pcbDecoded );
  55. //---------------------------------------------------------------------------
  56. // originally from keyring - modified to fit
  57. BOOL CMap11Page::FAddCertificateFile( CString szFile )
  58. {
  59. CFile cfile;
  60. PVOID pData = NULL;
  61. BOOL fSuccess =FALSE;;
  63. // open the file
  64. if ( !cfile.Open( szFile, CFile::modeRead | CFile::shareDenyNone ) )
  65. return FALSE;
  67. // how big is the file - add one so we can zero terminate the buffer
  68. DWORD cbCertificate = cfile.GetLength() + 1;
  70. // make sure the file has some size
  71. if ( !cbCertificate )
  72. {
  73. AfxMessageBox( IDS_ERR_INVALID_CERTIFICATE );
  74. return FALSE;
  75. }
  77. // put the rest of the operation in a try/catch
  78. try
  79. {
  80. PCCERT_CONTEXT pCertContext=NULL; //used to determine whether cert file is binary DER encoded
  81. // allocate space for the data
  82. pData = GlobalAlloc( GPTR, cbCertificate );
  83. if ( !pData ) AfxThrowMemoryException();
  85. // copy in the data from the file to the pointer - will throw and exception
  86. DWORD cbRead = cfile.Read( pData, cbCertificate );
  88. // zero terminate for decoding
  89. ((BYTE*)pData)[cbRead] = 0;
  91. // close the file
  92. cfile.Close();
  94. //certificate file may be either be binary DER file or BASE64 encoded file
  96. // try binary DER encoded first
  97. pCertContext= CertCreateCertificateContext(X509_ASN_ENCODING, (const BYTE *)pData, cbRead);
  98. if(pCertContext != NULL)
  99. {
  100. // we created certificate context only to verify that file is binary DER encoded
  101. // free it now
  102. CertFreeCertificateContext(pCertContext);
  103. pCertContext=NULL;
  104. }
  105. else // now try BASE64 encoded
  106. {
  107. // we don't care about header ----BEGIN CERTIFICATE----- or trailer-----END CERTIFICATE-----,
  108. // uudecode will take care of that
  109. uudecode_cert( (PCHAR)pData, &cbRead );
  110. }
  111. // we now have a pointer to a certificate. Lets keep it clean looking
  112. // call another subroutine to finish the job.
  113. fSuccess = FAddCertificate( (PUCHAR)pData, cbRead );
  115. }catch( CException * pException )
  116. {
  117. pException->Delete();
  118. // return failure
  119. fSuccess = FALSE;
  121. // if the pointer was allocated, deallocate it
  122. if ( pData )
  123. {
  124. GlobalFree( pData );
  125. pData = NULL;
  126. }
  127. }
  129. // return success
  130. return fSuccess;
  131. }
  133. #define CERT_HEADER_LEN 17
  134. CHAR CertTag[ 13 ] = { 0x04, 0x0b, 'c', 'e', 'r', 't', 'i', 'f', 'i', 'c', 'a', 't', 'e' };
  136. //---------------------------------------------------------------------------
  137. // we are passed in a complete certificate. We need to parse out the subject
  138. // and the issuer fields so we can add the mapping. Then add the mapping.
  139. #define CF_CERT_FROM_FILE 2
  140. BOOL CMap11Page::FAddCertificate( PUCHAR pCertificate, DWORD cbCertificate )
  141. {
  142. BOOL fSuccess = FALSE;
  144. // thankfully, the certificate is already in the correct format.
  145. // this means that, for now at least, we don't have to do anything
  146. // special to it to store it. However, we should crack it once just
  147. // to see that we can to prove that it is a valid cert.
  149. ASSERT( pCertificate );
  150. if ( !pCertificate ) return FALSE;
  152. // crack the certificate to prove that we can
  153. PX509Certificate p509 = NULL;
  154. fSuccess = SslCrackCertificate( pCertificate, cbCertificate, CF_CERT_FROM_FILE, &p509 );
  155. if ( fSuccess )
  156. {
  157. SslFreeCertificate( p509 );
  158. }
  159. else
  160. {
  161. // we were not able to crack the certificate. Alert the user and fail
  162. AfxMessageBox( IDS_ERR_INVALID_CERTIFICATE );
  163. return FALSE;
  164. }
  166. // by this point we know we have a valid certificate, make the new mapping and fill it in
  167. // make the new mapping object
  168. C11Mapping* pMapping = PNewMapping();
  169. ASSERT( pMapping );
  170. if( !pMapping )
  171. {
  172. AfxThrowMemoryException(); // seems fairly appropriate
  173. return FALSE;
  174. }
  177. // one more thing before we add the certificate. Skip the header if it is there
  178. PUCHAR pCert = pCertificate;
  179. DWORD cbCert = cbCertificate;
  180. if ( memcmp( pCert + 4, CertTag, sizeof( CertTag ) ) == 0 )
  181. {
  182. pCert += CERT_HEADER_LEN;
  183. cbCert -= CERT_HEADER_LEN;
  184. }
  187. // install the certificate into the mapping
  188. fSuccess &= pMapping->SetCertificate( pCert, cbCert );
  190. // by default, the mapping is enabled
  191. fSuccess &= pMapping->SetMapEnabled( TRUE );
  193. // install a default name
  194. CString sz;
  196. sz.LoadString( IDS_DEFAULT_11MAP );
  198. fSuccess &= pMapping->SetMapName( sz );
  200. // install a blank mapping
  201. fSuccess &= pMapping->SetNTAccount( "" );
  203. if ( !fSuccess )
  204. AfxThrowMemoryException(); // seems fairly appropriate
  207. // now edit the newly created mapping object. If the user cancels,
  208. // then do not add it to the mapper object nor the list
  209. if ( !EditOneMapping( pMapping) )
  210. {
  211. DeleteMapping( pMapping );
  212. return FALSE;
  213. }
  215. // add the mapping item to the list control
  216. fSuccess = FAddMappingToList( pMapping );
  218. // one more test for success
  219. if ( !fSuccess )
  220. {
  221. DeleteMapping( pMapping );
  222. ASSERT( FALSE );
  223. }
  225. // mark the mapping to be saved
  226. if ( fSuccess )
  227. MarkToSave( pMapping );
  229. // return the answer
  230. return fSuccess;
  231. }
  234. // ==============================================================
  235. // The function 'uudecode_cert' IS THE SAME function that is
  236. // found in file: Addcert.cpp if we make the following code
  237. // have a FALSE for bAddWrapperAroundCert -- surely we can unify
  238. // these 2 functions. Having 2 functions named 'uudecode_cert'
  239. // was causing me LINKING errors. + we have 2 instances of
  240. // the external tables: uudecode_cert and pr2six
  241. //
  242. // Since I am linking both Addcert.cpp and CKey.cpp I choose to
  243. // leave the defintions intact for CKey.cpp [ and have extended
  244. // uudecode_cert by adding conditional code as shown below] Further
  245. // work needs to be done after identification as to why I need both
  246. // Addcert.cpp and CKey.cpp to pass bAddWrapperAroundCert as a
  247. // parameter so that both files can be supported.
  248. // ==============================================================
  249. // BOOL bAddWrapperAroundCert = TRUE;
  250. // if (bAddWrapperAroundCert) {
  251. // //
  252. // // Now we need to add a new wrapper sequence around the certificate
  253. // // indicating this is a certificate
  254. // //
  255. //
  256. // memmove( beginbuf + sizeof(abCertHeader),
  257. // beginbuf,
  258. // nbytesdecoded );
  259. //
  260. // memcpy( beginbuf,
  261. // abCertHeader,
  262. // sizeof(abCertHeader) );
  263. //
  264. // //
  265. // // The beginning record size is the total number of bytes decoded plus
  266. // // the number of bytes in the certificate header
  267. // //
  268. //
  269. // beginbuf[CERT_SIZE_HIBYTE] = (BYTE) (((USHORT)nbytesdecoded+CERT_RECORD) >> 8);
  270. // beginbuf[CERT_SIZE_LOBYTE] = (BYTE) ((USHORT)nbytesdecoded+CERT_RECORD);
  271. //
  272. // nbytesdecoded += sizeof(abCertHeader);
  273. // }
  275. // #ifdef WE_ARE_USING_THE_VERSION_IN__CKey_cpp__NOT_THIS_ONE__ITS_JUST_LIKE_THIS_ONE_WITH_1SMALL_CHANGE
  277. //============================ BASED ON SETKEY
  278. const int pr2six[256]={
  279. 64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,
  280. 64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,62,64,64,64,63,
  281. 52,53,54,55,56,57,58,59,60,61,64,64,64,64,64,64,64,0,1,2,3,4,5,6,7,8,9,
  282. 10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,64,64,64,64,64,64,26,27,
  283. 28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,
  284. 64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,
  285. 64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,
  286. 64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,
  287. 64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,
  288. 64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,64,
  289. 64,64,64,64,64,64,64,64,64,64,64,64,64
  290. };
  292. //
  293. // We have to squirt a record into the decoded stream
  294. //
  296. #define CERT_RECORD 13
  297. #define CERT_SIZE_HIBYTE 2 // Index into record of record size
  298. #define CERT_SIZE_LOBYTE 3
  300. unsigned char abCertHeader[] = {0x30, 0x82, // Record
  301. 0x00, 0x00, // Size of cert + buff
  302. 0x04, 0x0b, 0x63, 0x65,// Cert record data
  303. 0x72, 0x74, 0x69, 0x66,
  304. 0x69, 0x63, 0x61, 0x74,
  305. 0x65 };
  307. void uudecode_cert(char *bufcoded, DWORD *pcbDecoded )
  308. {
  309. int nbytesdecoded;
  310. char *bufin = bufcoded;
  311. unsigned char *bufout = (unsigned char *)bufcoded;
  312. unsigned char *pbuf;
  313. int nprbytes;
  314. char * beginbuf = bufcoded;
  316. ASSERT(bufcoded);
  317. ASSERT(pcbDecoded);
  319. /* Strip leading whitespace. */
  321. while(*bufcoded==' ' ||
  322. *bufcoded == '\t' ||
  323. *bufcoded == '\r' ||
  324. *bufcoded == '\n' )
  325. {
  326. bufcoded++;
  327. }
  329. //
  330. // If there is a beginning '---- ....' then skip the first line
  331. //
  333. if ( bufcoded[0] == '-' && bufcoded[1] == '-' )
  334. {
  335. bufin = strchr( bufcoded, '\n' );
  337. if ( bufin )
  338. {
  339. bufin++;
  340. bufcoded = bufin;
  341. }
  342. else
  343. {
  344. bufin = bufcoded;
  345. }
  346. }
  347. else
  348. {
  349. bufin = bufcoded;
  350. }
  352. //
  353. // Strip all cr/lf from the block
  354. //
  356. pbuf = (unsigned char *)bufin;
  357. while ( *pbuf )
  358. {
  359. if ( (*pbuf == ' ') || (*pbuf == '\r') || (*pbuf == '\n') )
  360. {
  361. memmove( (void*)pbuf, pbuf+1, strlen( (char*)pbuf + 1) + 1 );
  362. }
  363. else
  364. {
  365. pbuf++;
  366. }
  367. }
  369. /* Figure out how many characters are in the input buffer.
  370. * If this would decode into more bytes than would fit into
  371. * the output buffer, adjust the number of input bytes downwards.
  372. */
  374. while(pr2six[*(bufin++)] <= 63);
  375. nprbytes = DIFF(bufin - bufcoded) - 1;
  376. nbytesdecoded = ((nprbytes+3)/4) * 3;
  378. bufin = bufcoded;
  380. while (nprbytes > 0) {
  381. *(bufout++) =
  382. (unsigned char) (pr2six[*bufin] << 2 | pr2six[bufin[1]] >> 4);
  383. *(bufout++) =
  384. (unsigned char) (pr2six[bufin[1]] << 4 | pr2six[bufin[2]] >> 2);
  385. *(bufout++) =
  386. (unsigned char) (pr2six[bufin[2]] << 6 | pr2six[bufin[3]]);
  387. bufin += 4;
  388. nprbytes -= 4;
  389. }
  391. if(nprbytes & 03) {
  392. if(pr2six[bufin[-2]] > 63)
  393. nbytesdecoded -= 2;
  394. else
  395. nbytesdecoded -= 1;
  396. }
  398. /*
  399. //
  400. // Now we need to add a new wrapper sequence around the certificate
  401. // indicating this is a certificate
  402. //
  404. memmove( beginbuf + sizeof(abCertHeader),
  405. beginbuf,
  406. nbytesdecoded );
  408. memcpy( beginbuf,
  409. abCertHeader,
  410. sizeof(abCertHeader) );
  412. //
  413. // The beginning record size is the total number of bytes decoded plus
  414. // the number of bytes in the certificate header
  415. //
  417. beginbuf[CERT_SIZE_HIBYTE] = (BYTE) (((USHORT)nbytesdecoded+CERT_RECORD) >> 8);
  418. beginbuf[CERT_SIZE_LOBYTE] = (BYTE) ((USHORT)nbytesdecoded+CERT_RECORD);
  420. nbytesdecoded += sizeof(abCertHeader);
  421. */
  423. if ( pcbDecoded )
  424. *pcbDecoded = nbytesdecoded;
  425. }
  426. // ============ END BASED ON SETKEY
  428. //#endif /* WE_ARE_USING_THE_VERSION_IN__CKey_cpp__NOT_THIS_ONE__ITS_JUST_LIKE_THIS_ONE_WITH_1SMALL_CHANGE */