archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 7b07a90fc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7b07a90fc1'
${ noResults }
windows-server-2003/net/rras/ras/ppp/eaptls/scard.c

594 lines
13 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /*
  3. Copyright (c) 1997, Microsoft Corporation, all rights reserved
  5. Description:
  6. Smart card helper functions.
  8. History:
  9. 13 Dec 1997: Amanda Matlosz created original version.
  10. 12 May 1998: Vijay Baliga moved things around.
  12. */
  14. #undef UNICODE
  16. #include <winscard.h>
  17. #include <wincrypt.h>
  18. #include <rtutils.h>
  19. #include "resource.h"
  21. HINSTANCE
  22. GetHInstance(
  23. VOID
  24. );
  27. WCHAR*
  28. WszFromId(
  29. IN HINSTANCE hInstance,
  30. IN DWORD dwStringId
  31. );
  34. VOID
  35. EapTlsTrace(
  36. IN CHAR* Format,
  37. ...
  38. );
  41. typedef
  42. WINSCARDAPI LONG
  43. (WINAPI *GETOPENCARDNAMEA)(
  44. OPENCARDNAMEA*
  45. );
  47. GETOPENCARDNAMEA g_fnGetOpenCardNameA = NULL;
  48. HINSTANCE g_hInstanceScardDlg = NULL;
  50. /*
  52. Returns:
  54. Notes:
  56. */
  58. DWORD
  59. LoadScardDlgDll(
  60. VOID
  61. )
  62. {
  63. DWORD dwErr = NO_ERROR;
  65. if (NULL == g_hInstanceScardDlg)
  66. {
  67. g_hInstanceScardDlg = LoadLibrary("scarddlg.dll");
  68. }
  70. if (NULL == g_hInstanceScardDlg)
  71. {
  72. dwErr = GetLastError();
  73. EapTlsTrace("LoadLibrary(scarddlg.dll) failed and returned 0x%x",
  74. dwErr);
  75. goto LDone;
  76. }
  78. if (NULL == g_fnGetOpenCardNameA)
  79. {
  80. g_fnGetOpenCardNameA = (GETOPENCARDNAMEA)
  81. GetProcAddress(g_hInstanceScardDlg, "GetOpenCardNameA");
  82. }
  84. if (NULL == g_fnGetOpenCardNameA)
  85. {
  86. dwErr = GetLastError();
  87. EapTlsTrace("GetProcAddress(GetOpenCardNameA) failed and returned 0x%x",
  88. dwErr);
  89. goto LDone;
  90. }
  92. LDone:
  94. return(dwErr);
  95. }
  97. /*
  99. Returns:
  101. Notes:
  103. */
  105. VOID
  106. FreeScardDlgDll(
  107. VOID
  108. )
  109. {
  110. if (NULL != g_hInstanceScardDlg)
  111. {
  112. FreeLibrary(g_hInstanceScardDlg);
  113. g_hInstanceScardDlg = NULL;
  114. g_fnGetOpenCardNameA = NULL;
  115. }
  116. }
  118. /*
  120. Returns:
  122. Notes:
  124. */
  126. DWORD
  127. LocalCryptGetProvParamW(
  128. IN HCRYPTPROV hProv,
  129. IN DWORD dwParam,
  130. OUT WCHAR** ppwsz
  131. )
  132. {
  133. CHAR* psz = NULL;
  134. WCHAR* pwszTemp = NULL;
  135. DWORD cb;
  136. int count;
  137. BOOL fSuccess;
  138. DWORD dwErr = NO_ERROR;
  140. fSuccess = CryptGetProvParam(hProv, dwParam, NULL, &cb, 0);
  142. if (!fSuccess)
  143. {
  144. dwErr = GetLastError();
  145. EapTlsTrace("CryptGetProvParam failed and returned 0x%x", dwErr);
  146. goto LDone;
  147. }
  149. psz = (CHAR*)LocalAlloc(LPTR, cb);
  151. if (NULL == psz)
  152. {
  153. dwErr = GetLastError();
  154. EapTlsTrace("LocalAlloc failed and returned %d", dwErr);
  155. goto LDone;
  156. }
  158. fSuccess = CryptGetProvParam(hProv, dwParam, (BYTE*)psz, &cb, 0);
  160. if (!fSuccess)
  161. {
  162. dwErr = GetLastError();
  163. EapTlsTrace("CryptGetProvParam failed and returned 0x%x", dwErr);
  164. goto LDone;
  165. }
  167. count = MultiByteToWideChar(CP_UTF8, 0, psz, -1, NULL, 0);
  169. if (0 == count)
  170. {
  171. dwErr = GetLastError();
  172. EapTlsTrace("MultiByteToWideChar(%s) failed: %d", psz, dwErr);
  173. goto LDone;
  174. }
  176. pwszTemp = (WCHAR*)LocalAlloc(LPTR, count * sizeof(WCHAR));
  178. if (NULL == pwszTemp)
  179. {
  180. dwErr = GetLastError();
  181. EapTlsTrace("LocalAlloc failed and returned %d", dwErr);
  182. goto LDone;
  183. }
  185. count = MultiByteToWideChar(CP_UTF8, 0, psz, -1, pwszTemp, count);
  187. if (0 == count)
  188. {
  189. dwErr = GetLastError();
  190. EapTlsTrace("MultiByteToWideChar(%s) failed: %d", psz, dwErr);
  191. goto LDone;
  192. }
  194. *ppwsz = pwszTemp;
  195. pwszTemp = NULL;
  197. LDone:
  199. LocalFree(pwszTemp);
  200. LocalFree(psz);
  201. return(dwErr);
  202. }
  204. /*
  206. Returns:
  208. Notes:
  209. This internal routine generates a certificate context with (static)
  210. keyprov info suitable for CertStore-based operations.
  212. */
  214. DWORD
  215. BuildCertContext(
  216. IN HCRYPTPROV hProv,
  217. IN BYTE* pbCert,
  218. IN DWORD dwCertLen,
  219. OUT PCCERT_CONTEXT* ppCertContext
  220. )
  221. {
  222. CRYPT_KEY_PROV_INFO KeyProvInfo;
  223. WCHAR* pwszContainerName = NULL;
  224. WCHAR* pwszProviderName = NULL;
  225. BOOL fCertContextCreated = FALSE;
  226. BOOL fSuccess;
  227. DWORD dwErr = NO_ERROR;
  229. if ( (0 == hProv)
  230. || (NULL == pbCert)
  231. || (0 == dwCertLen))
  232. {
  233. dwErr = ERROR_INVALID_PARAMETER;
  234. goto LDone;
  235. }
  237. RTASSERT(NULL != ppCertContext);
  239. // Convert the certificate into a cert context.
  241. *ppCertContext = CertCreateCertificateContext(
  242. X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
  243. pbCert, dwCertLen);
  245. if (NULL == *ppCertContext)
  246. {
  247. dwErr = GetLastError();
  248. EapTlsTrace("CertCreateCertificateContext failed and returned 0x%x",
  249. dwErr);
  250. goto LDone;
  251. }
  253. fCertContextCreated = TRUE;
  255. // Associate cryptprovider w/ the private key property of this cert
  257. dwErr = LocalCryptGetProvParamW(hProv, PP_CONTAINER, &pwszContainerName);
  259. if (NO_ERROR != dwErr)
  260. {
  261. goto LDone;
  262. }
  264. EapTlsTrace("Container: %ws", pwszContainerName);
  266. dwErr = LocalCryptGetProvParamW(hProv, PP_NAME, &pwszProviderName);
  268. if (NO_ERROR != dwErr)
  269. {
  270. goto LDone;
  271. }
  273. EapTlsTrace("Provider: %ws", pwszProviderName);
  275. // Set the cert context properties to reflect the prov info
  277. KeyProvInfo.pwszContainerName = pwszContainerName;
  278. KeyProvInfo.pwszProvName = pwszProviderName;
  279. KeyProvInfo.dwProvType = PROV_RSA_FULL;
  280. KeyProvInfo.dwFlags = 0;
  281. KeyProvInfo.cProvParam = 0;
  282. KeyProvInfo.rgProvParam = NULL;
  283. KeyProvInfo.dwKeySpec = AT_KEYEXCHANGE;
  285. fSuccess = CertSetCertificateContextProperty(
  286. *ppCertContext,
  287. CERT_KEY_PROV_INFO_PROP_ID,
  288. 0,
  289. (void *)&KeyProvInfo);
  291. if (!fSuccess)
  292. {
  293. dwErr = GetLastError();
  294. EapTlsTrace("CertSetCertificateContextProperty failed and returned "
  295. "0x%x", dwErr);
  296. goto LDone;
  297. }
  300. LDone:
  302. if (NO_ERROR != dwErr)
  303. {
  304. if (fCertContextCreated)
  305. {
  306. CertFreeCertificateContext(*ppCertContext);
  307. }
  309. *ppCertContext = NULL;
  310. }
  312. LocalFree(pwszContainerName);
  313. LocalFree(pwszProviderName);
  315. return(dwErr);
  316. }
  318. /*
  320. Returns:
  322. Notes:
  323. The "Select Card" common dialog is raised, then the certificate is read
  324. from the card, a certificate context complete with key prov info is
  325. migrated to the cert store and also returned to the caller.
  327. */
  329. DWORD
  330. GetCertFromCard(
  331. OUT PCCERT_CONTEXT* ppCertContext
  332. )
  333. {
  334. CHAR* pszReader = NULL;
  335. CHAR* pszCard = NULL;
  336. DWORD cbReaderOrCard = MAX_PATH;
  337. SCARDCONTEXT hContext = 0;
  338. OPENCARDNAMEA OpenCardName;
  339. CHAR* pszProviderName = NULL;
  340. DWORD cchProvider;
  341. HCRYPTPROV hProv = 0;
  342. HCRYPTKEY hKey = 0;
  343. DWORD cbCertLen;
  344. BYTE* pbCert = NULL;
  345. HCERTSTORE hCertStore = NULL;
  347. BOOL fSuccess;
  348. LONG lErr;
  349. DWORD dwErr = NO_ERROR;
  350. LPWSTR lpwszTitle = NULL;
  351. CHAR szTitle[50] = {0}; //We know the size of title will not be
  352. //greater than this.
  354. EapTlsTrace("GetCertFromCard");
  356. RTASSERT(NULL != ppCertContext);
  358. dwErr = LoadScardDlgDll();
  360. if (NO_ERROR != dwErr)
  361. {
  362. goto LDone;
  363. }
  365. pszReader = (BYTE*)LocalAlloc(LPTR, cbReaderOrCard);
  367. if (NULL == pszReader)
  368. {
  369. dwErr = GetLastError();
  370. EapTlsTrace("LocalAlloc failed and returned %d", dwErr);
  371. goto LDone;
  372. }
  374. pszCard = (BYTE*)LocalAlloc(LPTR, cbReaderOrCard);
  376. if (NULL == pszCard)
  377. {
  378. dwErr = GetLastError();
  379. EapTlsTrace("LocalAlloc failed and returned %d", dwErr);
  380. goto LDone;
  381. }
  383. lErr = SCardEstablishContext(SCARD_SCOPE_USER, NULL, NULL, &hContext);
  385. if (SCARD_S_SUCCESS != lErr)
  386. {
  387. dwErr = lErr;
  388. EapTlsTrace("SCardEstablishContext failed and returned 0x%x", dwErr);
  389. goto LDone;
  390. }
  392. ZeroMemory(&OpenCardName, sizeof(OpenCardName));
  394. lpwszTitle = WszFromId(GetHInstance(),IDS_SCARD_TITLE );
  397. WideCharToMultiByte(CP_ACP,
  398. 0,
  399. lpwszTitle,
  400. -1,
  401. szTitle,
  402. 50,
  403. NULL,
  404. NULL
  405. );
  407. OpenCardName.dwStructSize = sizeof(OpenCardName);
  408. OpenCardName.hSCardContext = hContext;
  409. OpenCardName.lpstrCardNames = NULL;
  410. OpenCardName.lpstrRdr = pszReader;
  411. OpenCardName.nMaxRdr = cbReaderOrCard;
  412. OpenCardName.lpstrCard = pszCard;
  413. OpenCardName.nMaxCard = cbReaderOrCard;
  414. OpenCardName.lpstrTitle = szTitle;
  415. OpenCardName.dwFlags = SC_DLG_MINIMAL_UI;
  416. OpenCardName.dwShareMode = 0;
  417. OpenCardName.dwPreferredProtocols = 0;
  419. lErr = g_fnGetOpenCardNameA(&OpenCardName);
  421. if (SCARD_S_SUCCESS != lErr)
  422. {
  423. dwErr = lErr;
  424. EapTlsTrace("GetOpenCardNameA failed and returned 0x%x", dwErr);
  425. goto LDone;
  426. }
  428. EapTlsTrace("Reader: %s, Card: %s", pszReader, pszCard);
  430. RTASSERT(0 == OpenCardName.hCardHandle);
  432. pszProviderName = NULL;
  433. cchProvider = SCARD_AUTOALLOCATE;
  435. lErr = SCardGetCardTypeProviderNameA(hContext, OpenCardName.lpstrCard,
  436. SCARD_PROVIDER_CSP, (CHAR*) &pszProviderName, &cchProvider);
  438. if (SCARD_S_SUCCESS != lErr)
  439. {
  440. dwErr = lErr;
  441. EapTlsTrace("SCardGetCardTypeProviderNameA failed and returned 0x%x",
  442. dwErr);
  443. goto LDone;
  444. }
  446. if (NULL != pszProviderName)
  447. {
  448. EapTlsTrace("Provider: %s", pszProviderName);
  449. }
  451. // Load the CSP
  453. fSuccess = CryptAcquireContext(&hProv, NULL /* default container */,
  454. pszProviderName, PROV_RSA_FULL,
  455. CRYPT_SILENT /* or 0, to show CSP UI as needed */);
  457. if (!fSuccess)
  458. {
  459. dwErr = GetLastError();
  460. EapTlsTrace("CryptAcquireContext failed and returned 0x%x", dwErr);
  461. goto LDone;
  462. }
  464. // Get the key handle.
  466. fSuccess = CryptGetUserKey(hProv, AT_KEYEXCHANGE, &hKey);
  468. if (!fSuccess)
  469. {
  470. dwErr = GetLastError();
  471. EapTlsTrace("CryptGetUserKey failed and returned 0x%x", dwErr);
  472. goto LDone;
  473. }
  475. // Upload the certificate.
  477. cbCertLen = 0;
  479. fSuccess = CryptGetKeyParam(hKey, KP_CERTIFICATE, NULL, &cbCertLen, 0);
  481. if (!fSuccess)
  482. {
  483. dwErr = GetLastError();
  485. if (ERROR_MORE_DATA != dwErr)
  486. {
  487. EapTlsTrace("CryptGetKeyParam(KP_CERTIFICATE) failed and returned "
  488. "0x%x", dwErr);
  489. goto LDone;
  490. }
  492. dwErr = NO_ERROR;
  493. }
  495. pbCert = (BYTE*)LocalAlloc(LPTR, cbCertLen);
  497. if (NULL == pbCert)
  498. {
  499. dwErr = GetLastError();
  500. EapTlsTrace("LocalAlloc failed and returned %d", dwErr);
  501. goto LDone;
  502. }
  504. fSuccess = CryptGetKeyParam(hKey, KP_CERTIFICATE, pbCert, &cbCertLen, 0);
  506. if (!fSuccess)
  507. {
  508. dwErr = GetLastError();
  509. EapTlsTrace("CryptGetKeyParam(KP_CERTIFICATE) failed and returned "
  510. "0x%x", dwErr);
  511. goto LDone;
  512. }
  514. // Get the cert context...
  516. dwErr = BuildCertContext(hProv, pbCert, cbCertLen, ppCertContext);
  518. if (NO_ERROR != dwErr)
  519. {
  520. goto LDone;
  521. }
  523. // ...and migrate it to the My store
  525. hCertStore = CertOpenStore(CERT_STORE_PROV_SYSTEM_A, 0, hProv,
  526. CERT_SYSTEM_STORE_CURRENT_USER, "MY");
  528. if (NULL == hCertStore)
  529. {
  530. dwErr = GetLastError();
  531. EapTlsTrace("CertOpenStore failed and returned 0x%x", dwErr);
  532. goto LDone;
  533. }
  535. fSuccess = CertAddCertificateContextToStore(hCertStore, *ppCertContext,
  536. CERT_STORE_ADD_REPLACE_EXISTING, NULL);
  538. if (!fSuccess)
  539. {
  540. // This is OK. Don't return an error.
  542. EapTlsTrace("CertAddCertificateContextToStore failed and returned 0x%x",
  543. GetLastError());
  544. }
  546. LDone:
  547. LocalFree (lpwszTitle);
  548. LocalFree(pszReader);
  549. LocalFree(pszCard);
  550. LocalFree(pbCert);
  552. if (0 != hProv)
  553. {
  554. CryptReleaseContext(hProv, 0);
  555. }
  557. if (NULL != hCertStore)
  558. {
  559. CertCloseStore(hCertStore, CERT_CLOSE_STORE_FORCE_FLAG);
  560. }
  562. if (NULL != pszProviderName)
  563. {
  564. SCardFreeMemory(hContext, pszProviderName);
  565. }
  567. if (0 != hContext)
  568. {
  569. SCardReleaseContext(hContext);
  570. }
  572. if (0 != hKey)
  573. {
  574. CryptDestroyKey(hKey);
  575. }
  577. RTASSERT( (NO_ERROR == dwErr)
  578. || (NULL == *ppCertContext));
  580. if ( (NULL == *ppCertContext)
  581. && (NO_ERROR == dwErr))
  582. {
  583. EapTlsTrace("CertContext is NULL. Returning E_FAIL");
  584. dwErr = E_FAIL;
  585. }
  587. if ( (SCARD_W_CANCELLED_BY_USER == dwErr)
  588. || (SCARD_E_NO_READERS_AVAILABLE == dwErr))
  589. {
  590. dwErr = ERROR_CANCELLED;
  591. }
  593. return(dwErr);
  594. }