archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 7b07a90fc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7b07a90fc1'
${ noResults }
windows-server-2003/ds/security/cryptoapi/pkitrust/tools/updroots/updroots.cpp

331 lines
9.3 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. //+-------------------------------------------------------------------------
  2. //
  3. // Microsoft Windows
  4. //
  5. // Copyright (C) Microsoft Corporation, 1995 - 1996
  6. //
  7. // File: updroots.cpp
  8. //
  9. // Contents: Updates LocalMachine roots. Pre-whistler, HKLM "Root" store.
  10. // Otherwise, HKLM "AuthRoot" store.
  11. //
  12. // See Usage() for list of options.
  13. //
  14. //
  15. // Functions: main
  16. //
  17. // History: 30-Aug-00 philh created
  18. //
  19. //--------------------------------------------------------------------------
  22. #include <windows.h>
  23. #include "wincrypt.h"
  25. #include <stdlib.h>
  26. #include <stdio.h>
  27. #include <string.h>
  28. #include <memory.h>
  29. #include <time.h>
  31. #define SHA1_HASH_LEN 20
  33. //+-------------------------------------------------------------------------
  34. // crypt32.dll Whistler version numbers
  35. //
  36. // Doesn't need to be the official Whistler release #. Any build # after
  37. // the "AuthRoot" store was added.
  38. //--------------------------------------------------------------------------
  39. #define WHISTLER_CRYPT32_DLL_VER_MS (( 5 << 16) | 131 )
  40. #define WHISTLER_CRYPT32_DLL_VER_LS (( 2257 << 16) | 1 )
  43. BOOL fLocalMachine = FALSE;
  45. void PrintLastError(LPCSTR pszMsg)
  46. {
  47. DWORD dwErr = GetLastError();
  48. char buf[512];
  50. sprintf(buf, "%s failed => 0x%x (%d) \n", pszMsg, dwErr, dwErr);
  51. MessageBoxA(
  52. NULL, // hWnd
  53. buf,
  54. "UpdRoots",
  55. MB_OK | MB_ICONERROR | MB_TASKMODAL
  56. );
  57. }
  59. void PrintMsg(LPCSTR pszMsg)
  60. {
  61. MessageBoxA(
  62. NULL, // hWnd
  63. pszMsg,
  64. "UpdRoots",
  65. MB_OK | MB_ICONEXCLAMATION | MB_TASKMODAL
  66. );
  67. }
  69. static void Usage(void)
  70. {
  71. MessageBoxA(
  72. NULL, // hWnd
  73. "Usage: UpdRoots [options] <SrcStoreFilename>\n"
  74. "Options are:\n"
  75. "-h -\tThis message\n"
  76. "-d -\tDelete (default is to add)\n"
  77. "-l -\tLocal Machine (default is Third Party)\n"
  78. "\n",
  79. "UpdRoots",
  80. MB_OK | MB_ICONEXCLAMATION | MB_TASKMODAL
  81. );
  82. }
  85. PCCERT_CONTEXT FindCertificateInOtherStore(
  86. IN HCERTSTORE hOtherStore,
  87. IN PCCERT_CONTEXT pCert
  88. )
  89. {
  90. BYTE rgbHash[SHA1_HASH_LEN];
  91. CRYPT_DATA_BLOB HashBlob;
  93. HashBlob.pbData = rgbHash;
  94. HashBlob.cbData = SHA1_HASH_LEN;
  95. if (!CertGetCertificateContextProperty(
  96. pCert,
  97. CERT_SHA1_HASH_PROP_ID,
  98. rgbHash,
  99. &HashBlob.cbData
  100. ) || SHA1_HASH_LEN != HashBlob.cbData)
  101. return NULL;
  103. return CertFindCertificateInStore(
  104. hOtherStore,
  105. 0, // dwCertEncodingType
  106. 0, // dwFindFlags
  107. CERT_FIND_SHA1_HASH,
  108. (const void *) &HashBlob,
  109. NULL //pPrevCertContext
  110. );
  111. }
  113. BOOL DeleteCertificateFromOtherStore(
  114. IN HCERTSTORE hOtherStore,
  115. IN PCCERT_CONTEXT pCert
  116. )
  117. {
  118. BOOL fResult;
  119. PCCERT_CONTEXT pOtherCert;
  121. if (pOtherCert = FindCertificateInOtherStore(hOtherStore, pCert))
  122. fResult = CertDeleteCertificateFromStore(pOtherCert);
  123. else
  124. fResult = TRUE;
  125. return fResult;
  126. }
  128. typedef BOOL (WINAPI *PFN_CRYPT_GET_FILE_VERSION)(
  129. IN LPCWSTR pwszFilename,
  130. OUT DWORD *pdwFileVersionMS, /* e.g. 0x00030075 = "3.75" */
  131. OUT DWORD *pdwFileVersionLS /* e.g. 0x00000031 = "0.31" */
  132. );
  134. #define NO_LOGICAL_STORE_VERSION 0
  135. #define LOGICAL_STORE_VERSION 1
  136. #define AUTH_STORE_VERSION 2
  138. // Note, I_CryptGetFileVersion and logical stores, not supported in all
  139. // versions of crypt32.dll
  140. //
  141. // Returns one of the above defined version constants
  142. DWORD GetCrypt32Version()
  143. {
  144. DWORD dwVersion;
  145. DWORD dwFileVersionMS;
  146. DWORD dwFileVersionLS;
  147. HMODULE hModule;
  148. PFN_CRYPT_GET_FILE_VERSION pfnCryptGetFileVersion;
  150. hModule = GetModuleHandleA("crypt32.dll");
  151. if (NULL == hModule)
  152. return NO_LOGICAL_STORE_VERSION;
  154. if (NULL == GetProcAddress(hModule, "CertEnumPhysicalStore"))
  155. return NO_LOGICAL_STORE_VERSION;
  157. if (fLocalMachine)
  158. return LOGICAL_STORE_VERSION;
  160. pfnCryptGetFileVersion = (PFN_CRYPT_GET_FILE_VERSION) GetProcAddress(
  161. hModule, "I_CryptGetFileVersion");
  162. if (NULL == pfnCryptGetFileVersion)
  163. return LOGICAL_STORE_VERSION;
  165. dwVersion = LOGICAL_STORE_VERSION;
  166. if (pfnCryptGetFileVersion(
  167. L"crypt32.dll",
  168. &dwFileVersionMS,
  169. &dwFileVersionLS)) {
  170. if (WHISTLER_CRYPT32_DLL_VER_MS < dwFileVersionMS)
  171. dwVersion = AUTH_STORE_VERSION;
  172. else if (WHISTLER_CRYPT32_DLL_VER_MS == dwFileVersionMS &&
  173. WHISTLER_CRYPT32_DLL_VER_LS <= dwFileVersionLS)
  174. dwVersion = AUTH_STORE_VERSION;
  175. }
  177. return dwVersion;
  178. }
  180. int _cdecl main(int argc, char * argv[])
  181. {
  182. BOOL fResult;
  183. int ReturnStatus = 0;
  184. LPSTR pszSrcStoreFilename = NULL; // not allocated
  185. HANDLE hSrcStore = NULL;
  186. HANDLE hRootStore = NULL;
  188. BOOL fDelete = FALSE;
  189. DWORD dwVersion;
  190. PCCERT_CONTEXT pSrcCert;
  192. while (--argc>0)
  193. {
  194. if (**++argv == '-')
  195. {
  196. switch(argv[0][1])
  197. {
  198. case 'd':
  199. fDelete = TRUE;
  200. break;
  201. case 'l':
  202. fLocalMachine = TRUE;
  203. break;
  204. case 'h':
  205. default:
  206. goto BadUsage;
  208. }
  209. } else {
  210. if (pszSrcStoreFilename == NULL)
  211. pszSrcStoreFilename = argv[0];
  212. else {
  213. PrintMsg("too many store filenames\n");
  214. goto BadUsage;
  215. }
  216. }
  217. }
  219. if (NULL == pszSrcStoreFilename) {
  220. PrintMsg("missing store filename\n");
  221. goto BadUsage;
  222. }
  224. // Attempt to open the source store
  225. hSrcStore = CertOpenStore(
  226. CERT_STORE_PROV_FILENAME_A,
  227. X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
  228. 0, // hCryptProv
  229. CERT_STORE_READONLY_FLAG,
  230. (const void *) pszSrcStoreFilename
  231. );
  232. if (NULL == hSrcStore) {
  233. PrintLastError("Open SrcStore");
  234. goto ErrorReturn;
  235. }
  237. // Attempt to open the destination root store. For Whistler and beyond its
  238. // the HKLM "AuthRoot" store. Pre-Whistler its the HKLM "Root" store.
  239. // Also, earlier versions of crypt32 didn't support logical stores.
  240. // For -l option, force it to be the HKLM "Root" store.
  242. dwVersion = GetCrypt32Version();
  244. if (NO_LOGICAL_STORE_VERSION == dwVersion) {
  245. // Need to open the registry to bypass the add root message boxes
  246. HKEY hKey = NULL;
  247. LONG lErr;
  249. if (ERROR_SUCCESS != (lErr = RegOpenKeyExA(
  250. HKEY_CURRENT_USER,
  251. "Software\\Microsoft\\SystemCertificates\\Root",
  252. 0, // dwReserved
  253. KEY_ALL_ACCESS,
  254. &hKey))) {
  255. SetLastError(lErr);
  256. PrintLastError("RegOpenKeyExA(root)\n");
  257. goto ErrorReturn;
  258. }
  260. hRootStore = CertOpenStore(
  261. CERT_STORE_PROV_REG,
  262. 0, // dwEncodingType
  263. 0, // hCryptProv
  264. 0, // dwFlags
  265. (const void *) hKey
  266. );
  268. RegCloseKey(hKey);
  269. } else {
  270. LPCSTR pszRootStoreName;
  272. if (AUTH_STORE_VERSION == dwVersion)
  273. pszRootStoreName = "AuthRoot";
  274. else
  275. pszRootStoreName = "Root";
  277. hRootStore = CertOpenStore(
  278. CERT_STORE_PROV_SYSTEM_REGISTRY_A,
  279. 0, // dwEncodingType
  280. 0, // hCryptProv
  281. CERT_SYSTEM_STORE_LOCAL_MACHINE,
  282. (const void *) pszRootStoreName
  283. );
  284. }
  286. if (NULL == hRootStore) {
  287. PrintLastError("Open RootStore");
  288. goto ErrorReturn;
  289. }
  291. // Iterate through all the certificates in the source store. Add or delete
  292. // from the root store.
  293. fResult = TRUE;
  294. pSrcCert = NULL;
  295. while (pSrcCert = CertEnumCertificatesInStore(hSrcStore, pSrcCert)) {
  296. if (fDelete) {
  297. if (!DeleteCertificateFromOtherStore(hRootStore, pSrcCert)) {
  298. fResult = FALSE;
  299. PrintLastError("DeleteCert");
  300. }
  301. } else {
  302. // Note, earlier versions of crypt32.dll didn't support
  303. // CERT_STORE_ADD_REPLACE_EXISTING_INHERIT_PROPERTIES
  304. if (!CertAddCertificateContextToStore(
  305. hRootStore,
  306. pSrcCert,
  307. CERT_STORE_ADD_REPLACE_EXISTING,
  308. NULL)) {
  309. fResult = FALSE;
  310. PrintLastError("AddCert");
  311. }
  312. }
  313. }
  315. if (!fResult)
  316. goto ErrorReturn;
  318. ReturnStatus = 0;
  319. CommonReturn:
  320. if (hSrcStore)
  321. CertCloseStore(hSrcStore, 0);
  322. if (hRootStore)
  323. CertCloseStore(hRootStore, 0);
  324. return ReturnStatus;
  326. BadUsage:
  327. Usage();
  328. ErrorReturn:
  329. ReturnStatus = -1;
  330. goto CommonReturn;
  331. }