archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 5c6fe3db62
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c6fe3db62'
${ noResults }
windows-server-2003/shell/osshell/encrypt/users.cpp

678 lines
19 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. // Users.cpp: implementation of the CUsers class.
  2. //
  3. //////////////////////////////////////////////////////////////////////
  5. #include "stdafx.h"
  6. #include "efsadu.h"
  7. #include "Users.h"
  8. #include <wincrypt.h>
  10. #ifdef _DEBUG
  11. #undef THIS_FILE
  12. static char THIS_FILE[]=__FILE__;
  13. #define new DEBUG_NEW
  14. #endif
  16. //////////////////////////////////////////////////////////////////////
  17. // Construction/Destruction
  18. //////////////////////////////////////////////////////////////////////
  20. CUsers::CUsers()
  21. {
  22. m_UsersRoot = NULL;
  23. m_UserAddedCnt = 0;
  24. m_UserRemovedCnt = 0;
  25. }
  27. //////////////////////////////////////////////////////////////////////
  28. // Walk through the chain to free the memory
  29. //////////////////////////////////////////////////////////////////////
  31. CUsers::~CUsers()
  32. {
  33. Clear();
  34. }
  36. PUSERSONFILE
  37. CUsers::RemoveItemFromHead(void)
  38. {
  39. PUSERSONFILE PItem = m_UsersRoot;
  40. if (m_UsersRoot){
  41. m_UsersRoot = m_UsersRoot->Next;
  42. if ((PItem->Flag & USERADDED) && !(PItem->Flag & USERREMOVED)){
  43. m_UserAddedCnt--;
  44. }
  45. if ((PItem->Flag & USERINFILE) && (PItem->Flag & USERREMOVED)){
  46. m_UserRemovedCnt--;
  47. }
  48. }
  49. return PItem;
  50. }
  52. DWORD
  53. CUsers::Add( CUsers &NewUsers )
  54. {
  55. PUSERSONFILE NewItem;
  57. while (NewItem = NewUsers.RemoveItemFromHead()){
  58. PUSERSONFILE TmpItem = m_UsersRoot;
  60. while ( TmpItem ){
  62. if ((NewItem->UserName && TmpItem->UserName && !_tcsicmp(NewItem->UserName, TmpItem->UserName)) ||
  63. ((NULL == NewItem->UserName) && (TmpItem->UserName == NULL))){
  65. //
  66. // User exist
  67. //
  69. if ( TmpItem->Flag & USERREMOVED ){
  71. if ( TmpItem->Flag & USERADDED ){
  73. ASSERT(!(TmpItem->Flag & USERINFILE));
  75. //
  76. // User added and removed
  77. //
  78. m_UserAddedCnt++;
  80. } else if ( TmpItem->Flag & USERINFILE ){
  82. //
  83. // User added and removed
  84. //
  85. m_UserRemovedCnt--;
  87. }
  88. TmpItem->Flag &= ~USERREMOVED;
  89. }
  91. //
  92. // The caller will count on CUsers to release the memory
  93. //
  95. if (NewItem->UserName){
  96. delete [] NewItem->UserName;
  97. }
  98. if ( NewItem->Context ) {
  99. CertFreeCertificateContext((PCCERT_CONTEXT)NewItem->Context);
  100. }
  101. delete [] NewItem->Cert;
  102. if (NewItem->UserSid){
  103. delete [] NewItem->UserSid;
  104. }
  105. delete NewItem;
  106. NewItem = NULL;
  107. break;
  108. }
  109. TmpItem = TmpItem->Next;
  110. }
  112. if (NewItem ){
  113. //
  114. // New item. Insert into the head.
  115. //
  117. NewItem->Next = m_UsersRoot;
  118. m_UsersRoot = NewItem;
  119. m_UserAddedCnt++;
  120. }
  122. }
  124. return ERROR_SUCCESS;
  125. }
  127. DWORD
  128. CUsers::Add(
  129. LPTSTR UserName,
  130. PVOID UserCert,
  131. PSID UserSid, /* = NULL */
  132. DWORD Flag, /* = USERINFILE */
  133. PVOID Context /* = NULL */
  134. )
  135. //////////////////////////////////////////////////////////////////////
  136. // Routine Description:
  137. // Create an item for a user
  138. // Arguments:
  139. // UserName -- User's name
  140. // UserCert -- User's certificate blob or hash
  141. // UserSid -- User's ID. Can be NULL
  142. // Flag -- Indicate if the item is existing in the file, to be added or removed
  143. // Return Value:
  144. // NO_ERROR if succeed.
  145. // Will throw exception if memory allocation fails. ( From new.)
  146. //
  147. //////////////////////////////////////////////////////////////////////
  148. {
  150. PUSERSONFILE UserItem;
  151. PUSERSONFILE TmpUserItem = m_UsersRoot;
  152. PEFS_CERTIFICATE_BLOB CertBlob;
  153. PEFS_HASH_BLOB CertHashBlob;
  154. DWORD CertSize;
  155. DWORD SidSize;
  157. if ( !UserCert ){
  158. return ERROR_INVALID_PARAMETER;
  159. }
  161. ASSERT ( (( Flag & USERADDED ) || ( Flag & USERINFILE )) &&
  162. ( (Flag & (USERADDED | USERINFILE)) != (USERADDED | USERINFILE)));
  165. //
  166. // If the user already in the memory, no new item is to be created except for unknown user
  167. //
  169. while ( TmpUserItem ){
  170. if ( (UserName && TmpUserItem->UserName && !_tcsicmp(UserName, TmpUserItem->UserName)) ||
  171. ((NULL == UserName) && (TmpUserItem->UserName == NULL))){
  173. //
  174. // User exist
  175. //
  177. if ( TmpUserItem->Flag & USERREMOVED ){
  179. if ( TmpUserItem->Flag & USERADDED ){
  181. ASSERT(!(TmpUserItem->Flag & USERINFILE));
  183. //
  184. // User added and removed
  185. //
  186. m_UserAddedCnt++;
  188. } else if ( TmpUserItem->Flag & USERINFILE ){
  190. //
  191. // User added and removed
  192. //
  193. m_UserRemovedCnt--;
  195. }
  196. TmpUserItem->Flag &= ~USERREMOVED;
  197. }
  199. //
  200. // The caller will count on CUsers to release
  201. // the context if the call returns CRYPT_E_EXISTS. This is just for
  202. // performance reason.
  203. //
  204. /*
  205. if (UserName){
  206. delete [] UserName;
  207. }
  208. */
  209. if ( Context ) {
  210. CertFreeCertificateContext((PCCERT_CONTEXT)Context);
  211. Context = NULL;
  212. }
  213. return CRYPT_E_EXISTS;
  214. }
  215. TmpUserItem = TmpUserItem->Next;
  216. }
  218. try {
  219. UserItem = new USERSONFILE;
  220. if ( NULL == UserItem ){
  221. AfxThrowMemoryException( );
  222. }
  224. UserItem->Next = NULL;
  226. //
  227. // In case exception raised, we can call delete.
  228. // Delete NULL is OK, but random data is not OK.
  229. //
  231. UserItem->UserSid = NULL;
  232. UserItem->Cert = NULL;
  233. UserItem->Context = NULL;
  235. if ( UserSid ){
  236. SidSize = GetLengthSid( UserSid );
  237. if ( SidSize > 0 ){
  238. UserItem->UserSid = new BYTE[SidSize];
  239. if ( NULL == UserItem->UserSid ){
  240. AfxThrowMemoryException( );
  241. }
  242. if ( !CopySid(SidSize, UserItem->UserSid, UserSid)){
  243. delete [] UserItem->UserSid;
  244. delete UserItem;
  245. return GetLastError();
  246. }
  248. } else {
  249. delete UserItem;
  250. return GetLastError();
  251. }
  252. } else {
  253. UserItem->UserSid = NULL;
  254. }
  256. if ( Flag & USERINFILE ){
  258. //
  259. // The info is from the file. Use the hash structure
  260. //
  262. CertHashBlob = ( PEFS_HASH_BLOB ) UserCert;
  263. CertSize = sizeof(EFS_HASH_BLOB) + CertHashBlob->cbData;
  264. UserItem->Cert = new BYTE[CertSize];
  265. if ( NULL == UserItem->Cert ){
  266. AfxThrowMemoryException( );
  267. }
  268. ((PEFS_HASH_BLOB)UserItem->Cert)->cbData = CertHashBlob->cbData;
  269. ((PEFS_HASH_BLOB)UserItem->Cert)->pbData = (PBYTE)(UserItem->Cert) + sizeof(EFS_HASH_BLOB);
  270. memcpy(((PEFS_HASH_BLOB)UserItem->Cert)->pbData,
  271. CertHashBlob->pbData,
  272. CertHashBlob->cbData
  273. );
  274. } else {
  276. //
  277. // The info is from the user picked cert. Use Cert Blob structure
  278. //
  280. CertBlob = ( PEFS_CERTIFICATE_BLOB ) UserCert;
  281. CertSize = sizeof(EFS_CERTIFICATE_BLOB) + CertBlob->cbData;
  282. UserItem->Cert = new BYTE[CertSize];
  283. if ( NULL == UserItem->Cert ){
  284. AfxThrowMemoryException( );
  285. }
  286. ((PEFS_CERTIFICATE_BLOB)UserItem->Cert)->cbData = CertBlob->cbData;
  287. ((PEFS_CERTIFICATE_BLOB)UserItem->Cert)->dwCertEncodingType = CertBlob->dwCertEncodingType;
  288. ((PEFS_CERTIFICATE_BLOB)UserItem->Cert)->pbData = (PBYTE)(UserItem->Cert) + sizeof(EFS_CERTIFICATE_BLOB);
  289. memcpy(((PEFS_CERTIFICATE_BLOB)UserItem->Cert)->pbData,
  290. CertBlob->pbData,
  291. CertBlob->cbData
  292. );
  294. }
  296. UserItem->UserName = UserName;
  297. UserItem->Context = Context;
  298. UserItem->Flag = Flag;
  299. if ( Flag & USERADDED ){
  300. m_UserAddedCnt ++;
  301. }
  302. }
  303. catch (...) {
  304. delete [] UserItem->UserSid;
  305. delete [] UserItem->Cert;
  306. delete UserItem;
  307. AfxThrowMemoryException( );
  308. return ERROR_NOT_ENOUGH_MEMORY;
  309. }
  311. //
  312. // Add to the head
  313. //
  315. if ( NULL != m_UsersRoot ){
  316. UserItem->Next = m_UsersRoot;
  317. }
  318. m_UsersRoot = UserItem;
  320. return NO_ERROR;
  321. }
  323. DWORD
  324. CUsers::Remove(
  325. LPCTSTR UserName
  326. )
  327. //////////////////////////////////////////////////////////////////////
  328. // Routine Description:
  329. // Remove a user from the list. Actually just mark for remove.
  330. // Arguments:
  331. // UserName -- User's name
  332. // Return Value:
  333. // NO_ERROR if succeed.
  334. // ERROR_NOT_FOUND if the user cannot be found.
  335. //
  336. //////////////////////////////////////////////////////////////////////
  337. {
  338. PUSERSONFILE TmpUserItem = m_UsersRoot;
  340. BOOL UserMatched =FALSE;
  342. while ( TmpUserItem ){
  343. if (((NULL==UserName) && ( NULL == TmpUserItem->UserName)) ||
  344. ( UserName && TmpUserItem->UserName && !_tcsicmp(UserName, TmpUserItem->UserName))){
  346. //
  347. // User exist, mark it for remove
  348. //
  350. if ( TmpUserItem->Flag & USERINFILE ){
  351. m_UserRemovedCnt++;
  352. } else if ( TmpUserItem->Flag & USERADDED ) {
  353. m_UserAddedCnt--;
  354. }
  355. TmpUserItem->Flag |= USERREMOVED;
  356. return NO_ERROR;
  357. }
  358. TmpUserItem = TmpUserItem->Next;
  359. }
  360. return ERROR_NOT_FOUND;
  361. }
  364. DWORD
  365. CUsers::GetCertInfo(
  366. LPCTSTR UserName,
  367. PVOID *CertData,
  368. PVOID *CertContext
  369. )
  370. //////////////////////////////////////////////////////////////////////
  371. // Routine Description:
  372. // Get user's cert related value
  373. // Arguments:
  374. // UserName -- User's name whose cert is to be found
  375. // CertData -- Certificate Thumbprinter or cert blob
  376. // CertContext -- Cert context
  377. // Return Value:
  378. // Win32 Error
  379. //
  380. //////////////////////////////////////////////////////////////////////
  381. {
  383. PUSERSONFILE TmpUserItem = m_UsersRoot;
  385. BOOL UserMatched =FALSE;
  387. if ((CertData == NULL) || (CertContext == NULL) ) {
  388. return ERROR_INVALID_PARAMETER;
  389. }
  391. while ( TmpUserItem ){
  392. if (((NULL==UserName) && ( NULL == TmpUserItem->UserName)) ||
  393. ( UserName && TmpUserItem->UserName && !_tcsicmp(UserName, TmpUserItem->UserName))){
  395. //
  396. // User exist, return the interested data
  397. //
  399. *CertData = TmpUserItem->Cert;
  400. *CertContext = TmpUserItem->Context;
  402. return ERROR_SUCCESS;
  403. }
  404. TmpUserItem = TmpUserItem->Next;
  405. }
  406. return ERROR_NOT_FOUND;
  407. }
  409. PVOID
  410. CUsers::StartEnum()
  411. //////////////////////////////////////////////////////////////////////
  412. // Routine Description:
  413. // Prepare for GetNextUser
  414. // Arguments:
  415. //
  416. // Return Value:
  417. // A pointer used for GetNextUser
  418. //
  419. //////////////////////////////////////////////////////////////////////
  420. {
  421. return ((PVOID)m_UsersRoot);
  422. }
  424. PVOID
  425. CUsers::GetNextUser(
  426. PVOID Token,
  427. CString &UserName,
  428. CString &CertHash
  429. )
  430. //////////////////////////////////////////////////////////////////////
  431. // Routine Description:
  432. // Get next user in the list.(Not removed).
  433. // Arguments:
  434. // UserName -- Next User's name
  435. // CertHash -- Certificate Thumbprinter
  436. // Token -- A pointer returned by previous GetNextUser or StartEnum.
  437. // Return Value:
  438. // A pointer for GetNextUser()
  439. //
  440. //////////////////////////////////////////////////////////////////////
  441. {
  443. PUSERSONFILE TmpItem = (PUSERSONFILE) Token;
  444. PVOID RetPointer = NULL;
  446. while ( TmpItem ){
  448. if ( TmpItem->Flag & USERREMOVED ){
  449. TmpItem = TmpItem->Next;
  450. continue;
  451. }
  453. try{
  454. LPWSTR HashString = NULL;
  456. UserName = TmpItem->UserName;
  458. if (TmpItem->Flag & USERINFILE){
  460. PEFS_HASH_BLOB UserHashBlob;
  462. UserHashBlob = (PEFS_HASH_BLOB)TmpItem->Cert;
  463. HashString = new WCHAR[((((UserHashBlob->cbData + 1)/2) * 5) + 1)];
  464. if (HashString) {
  465. ConvertHashToStr(UserHashBlob->pbData, UserHashBlob->cbData, HashString);
  466. }
  468. } else if ( TmpItem->Context ){
  470. DWORD cbHash;
  471. PBYTE pbHash;
  473. if (CertGetCertificateContextProperty(
  474. (PCCERT_CONTEXT)TmpItem->Context,
  475. CERT_HASH_PROP_ID,
  476. NULL,
  477. &cbHash
  478. )) {
  480. pbHash = (PBYTE)new BYTE[cbHash];
  482. if (pbHash != NULL) {
  484. if (CertGetCertificateContextProperty(
  485. (PCCERT_CONTEXT)TmpItem->Context,
  486. CERT_HASH_PROP_ID,
  487. pbHash,
  488. &cbHash
  489. )) {
  491. HashString = new WCHAR[((((cbHash + 1)/2) * 5) + 1)];
  492. if (HashString) {
  493. ConvertHashToStr(pbHash, cbHash, HashString);
  494. }
  495. }
  497. delete [] pbHash;
  499. }
  500. }
  502. }
  504. CertHash = HashString;
  505. if (HashString){
  506. delete [] HashString;
  507. }
  508. RetPointer = TmpItem->Next;
  509. }
  510. catch (...){
  512. //
  513. // Out of memory
  514. //
  516. TmpItem = NULL;
  517. RetPointer = NULL;
  518. }
  519. break;
  520. }
  522. if ( NULL == TmpItem ){
  523. UserName.Empty();
  524. CertHash.Empty();
  525. }
  526. return RetPointer;
  528. }
  530. DWORD CUsers::GetUserAddedCnt()
  531. {
  532. return m_UserAddedCnt;
  533. }
  535. DWORD CUsers::GetUserRemovedCnt()
  536. {
  537. return m_UserRemovedCnt;
  538. }
  540. PVOID
  541. CUsers::GetNextChangedUser(
  542. PVOID Token,
  543. LPTSTR * UserName,
  544. PSID * UserSid,
  545. PVOID * CertData,
  546. DWORD * Flag
  547. )
  548. //////////////////////////////////////////////////////////////////////
  549. // Routine Description:
  550. // Get the info for changed users. This method is not well behaved in the
  551. // sense of OOP. It exposes internal pointers to the ouside world. The gain
  552. // is performance. At this moment, CUsers is a supporting class and used only
  553. // by USERLIST and CAddSheet (single thread). We can make USERLIST a
  554. // friend of CUsers if such concerns are raised in the future or reimplement this.
  555. // The same issue applies to the enumerate methods.
  556. //
  557. // Arguments:
  558. // Token -- A pointer to the item returned in previous GetNextChangedUser or StartEnum.
  559. // UserName -- User's name
  560. // CertData -- User's certificate blob or hash
  561. // UserSid -- User's ID. Can be NULL
  562. // Flag -- Indicate if the item is existing in the file, to be added or removed
  563. // Return Value:
  564. // Next item pointer.
  565. //
  566. //////////////////////////////////////////////////////////////////////
  567. {
  568. BOOL ChangedUserFound = FALSE;
  570. while ( Token ){
  572. *Flag = ((PUSERSONFILE) Token)->Flag;
  574. if ( ( *Flag & USERADDED ) && !( *Flag & USERREMOVED )){
  576. //
  577. // The user is to to be added to the file
  578. //
  580. *Flag = USERADDED;
  581. ChangedUserFound = TRUE;
  583. } else if ( ( *Flag & USERREMOVED ) && ( *Flag & USERINFILE)){
  585. //
  586. // The user is to be removed from the file
  587. //
  589. *Flag = USERREMOVED;
  590. ChangedUserFound = TRUE;
  592. }
  594. if ( ChangedUserFound ){
  596. *UserName = ((PUSERSONFILE) Token)->UserName;
  597. *UserSid = ((PUSERSONFILE) Token)->UserSid;
  598. *CertData = ((PUSERSONFILE) Token)->Cert;
  599. return ((PUSERSONFILE) Token)->Next;
  601. } else {
  603. Token = ((PUSERSONFILE) Token)->Next;
  605. }
  607. }
  609. *UserName = NULL;
  610. *UserSid = NULL;
  611. *CertData = NULL;
  612. *Flag = 0;
  613. return NULL;
  614. }
  616. void CUsers::Clear()
  617. {
  619. PUSERSONFILE TmpUserItem = m_UsersRoot;
  620. while (TmpUserItem){
  621. m_UsersRoot = TmpUserItem->Next;
  622. delete [] TmpUserItem->UserName;
  623. delete [] TmpUserItem->Cert;
  624. if (TmpUserItem->UserSid){
  625. delete [] TmpUserItem->UserSid;
  626. }
  627. if (TmpUserItem->Context){
  628. CertFreeCertificateContext((PCCERT_CONTEXT)TmpUserItem->Context);
  629. }
  630. delete TmpUserItem;
  631. TmpUserItem = m_UsersRoot;
  632. }
  634. m_UsersRoot = NULL;
  635. m_UserAddedCnt = 0;
  636. m_UserRemovedCnt = 0;
  638. }
  640. void CUsers::ConvertHashToStr(
  641. PBYTE pHashData,
  642. DWORD cbData,
  643. LPWSTR OutHashStr
  644. )
  645. {
  647. DWORD Index = 0;
  648. BOOLEAN NoLastZero = FALSE;
  650. for (; Index < cbData; Index+=2) {
  652. BYTE HashByteLow = pHashData[Index] & 0x0f;
  653. BYTE HashByteHigh = (pHashData[Index] & 0xf0) >> 4;
  655. OutHashStr[Index * 5/2] = HashByteHigh > 9 ? (WCHAR)(HashByteHigh - 9 + 0x40): (WCHAR)(HashByteHigh + 0x30);
  656. OutHashStr[Index * 5/2 + 1] = HashByteLow > 9 ? (WCHAR)(HashByteLow - 9 + 0x40): (WCHAR)(HashByteLow + 0x30);
  658. if (Index + 1 < cbData) {
  659. HashByteLow = pHashData[Index+1] & 0x0f;
  660. HashByteHigh = (pHashData[Index+1] & 0xf0) >> 4;
  662. OutHashStr[Index * 5/2 + 2] = HashByteHigh > 9 ? (WCHAR)(HashByteHigh - 9 + 0x40): (WCHAR)(HashByteHigh + 0x30);
  663. OutHashStr[Index * 5/2 + 3] = HashByteLow > 9 ? (WCHAR)(HashByteLow - 9 + 0x40): (WCHAR)(HashByteLow + 0x30);
  665. OutHashStr[Index * 5/2 + 4] = L' ';
  667. } else {
  668. OutHashStr[Index * 5/2 + 2] = 0;
  669. NoLastZero = TRUE;
  670. }
  672. }
  674. if (!NoLastZero) {
  675. OutHashStr[Index*5/2] = 0;
  676. }
  678. }