archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 827363a95b
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '827363a95b'
${ noResults }
windows-server-2003/admin/snapin/certmgr/compdata.cpp

6263 lines
218 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. //+---------------------------------------------------------------------------
  2. /////////////////////////////////////////////////////////////////////////////////
  3. //
  4. // Microsoft Windows
  5. // Copyright (C) Microsoft Corporation, 1997-2002.
  6. //
  7. // File: compdata.cpp
  8. //
  9. // Contents: Implementation of CCertMgrComponentData
  10. //
  11. //----------------------------------------------------------------------------
  13. #include "stdafx.h"
  15. USE_HANDLE_MACROS ("CERTMGR (compdata.cpp)")
  16. #include <gpedit.h>
  17. #include "compdata.h"
  18. #include "dataobj.h"
  19. #include "cookie.h"
  20. #include "snapmgr.h"
  21. #include "Certifct.h"
  22. #include "dlgs.h"
  23. #include "SelAcct.h"
  24. #include "FindDlg.h"
  25. #pragma warning(push, 3)
  26. #include <wintrust.h>
  27. #include <cryptui.h>
  28. #include <sceattch.h>
  29. #pragma warning(pop)
  30. #include "selservc.h"
  31. #include "acrgenpg.h"
  32. #include "acrspsht.h"
  33. #include "acrswlcm.h"
  34. #include "acrstype.h"
  36. #include "acrslast.h"
  37. #include "addsheet.h"
  38. #include "gpepage.h"
  39. #include "storegpe.h"
  40. #include "uuids.h"
  41. #include "StoreRSOP.h"
  42. #include "PolicyPrecedencePropertyPage.h"
  43. #include "AutoenrollmentPropertyPage.h"
  44. #include "SaferEntry.h"
  45. #include "SaferUtil.h"
  46. #include "SaferDefinedFileTypesPropertyPage.h"
  47. #include "EFSGeneralPropertyPage.h"
  50. #ifdef _DEBUG
  51. #ifndef ALPHA
  52. #define new DEBUG_NEW
  53. #endif
  54. #undef THIS_FILE
  55. static char THIS_FILE[] = __FILE__;
  56. #endif
  59. #include "stdcdata.cpp" // CComponentData implementation
  61. extern HINSTANCE g_hInstance;
  63. extern GUID g_guidExtension;
  64. extern GUID g_guidRegExt;
  65. extern GUID g_guidSnapin;
  67. //
  68. // CCertMgrComponentData
  69. //
  71. extern CString g_szFileName; // If not empty, was called from command-line.
  73. CCertMgrComponentData::CCertMgrComponentData ()
  74. : m_pRootCookie (0),
  75. m_activeViewPersist (IDM_STORE_VIEW),
  76. m_hRootScopeItem (0),
  77. m_bShowPhysicalStoresPersist (0),
  78. m_bShowArchivedCertsPersist (0),
  79. m_fAllowOverrideMachineName (0),
  80. m_dwFlagsPersist (0),
  81. m_dwLocationPersist (0),
  82. m_pResultData (0),
  83. m_pGPEInformation (0),
  84. m_pRSOPInformationComputer (0),
  85. m_pRSOPInformationUser (0),
  86. m_bIsUserAdministrator (FALSE),
  87. m_dwSCEMode (SCE_MODE_UNKNOWN),
  88. m_pHeader (0),
  89. m_bMultipleObjectsSelected (false) ,
  90. m_pCryptUIMMCCallbackStruct (0),
  91. m_pGPERootStore (0),
  92. m_pGPETrustStore (0),
  93. m_pFileBasedStore (0),
  94. m_pGPEACRSUserStore (0),
  95. m_pGPEACRSComputerStore (0),
  96. m_fInvalidComputer (false),
  97. m_bMachineIsStandAlone (true),
  98. m_pComponentConsole (0),
  99. m_bIsRSOP (false),
  100. m_pIWbemServicesComputer (0),
  101. m_pIWbemServicesUser (0),
  102. m_pbstrLanguage (SysAllocString (STR_WQL)),
  103. m_pbstrQuery (SysAllocString (STR_SELECT_STATEMENT)),
  104. m_pbstrValueName (SysAllocString (STR_PROP_VALUENAME)),
  105. m_pbstrRegistryKey (SysAllocString (STR_PROP_REGISTRYKEY)),
  106. m_pbstrValue (SysAllocString (STR_PROP_VALUE)),
  107. m_pbstrPrecedence (SysAllocString (STR_PROP_PRECEDENCE)),
  108. m_pbstrGPOid (SysAllocString (STR_PROP_GPOID)),
  109. m_dwRSOPFlagsComputer (0),
  110. m_dwRSOPFlagsUser (0),
  111. m_dwDefaultSaferLevel (0),
  112. m_pdwSaferLevels (0),
  113. m_bSaferSupported (false),
  114. m_nOpenSaferPageRefCount (0)
  115. {
  116. _TRACE (1, L"Entering CCertMgrComponentData::CCertMgrComponentData\n");
  117. m_pRootCookie = new CCertMgrCookie (CERTMGR_SNAPIN);
  119. // Get name of logged-in user
  120. DWORD dwSize = 0;
  121. BOOL bRet = ::GetUserName (0, &dwSize);
  122. if ( dwSize > 0 )
  123. {
  124. bRet = ::GetUserName (m_szLoggedInUser.GetBufferSetLength (dwSize), &dwSize);
  125. ASSERT (bRet);
  126. m_szLoggedInUser.ReleaseBuffer ();
  127. }
  129. // Get name of this computer
  130. dwSize = MAX_COMPUTERNAME_LENGTH + 1 ;
  131. bRet = ::GetComputerName (m_szThisComputer.GetBufferSetLength (MAX_COMPUTERNAME_LENGTH + 1 ), &dwSize);
  132. ASSERT (bRet);
  133. m_szThisComputer.ReleaseBuffer ();
  135. // Find out if logged-in users is an Administrator
  136. IsUserAdministrator (m_bIsUserAdministrator);
  138. if ( !g_szFileName.IsEmpty () )
  139. {
  140. m_szFileName = g_szFileName;
  141. g_szFileName = _T ("");
  142. m_dwLocationPersist = 0;
  143. }
  145. // Find out if we're joined to a domain.
  146. PDSROLE_PRIMARY_DOMAIN_INFO_BASIC pInfo = 0;
  147. DWORD dwErr = ::DsRoleGetPrimaryDomainInformation (
  148. 0,
  149. DsRolePrimaryDomainInfoBasic,
  150. (PBYTE*) &pInfo);
  151. if ( ERROR_SUCCESS == dwErr )
  152. {
  153. switch (pInfo->MachineRole)
  154. {
  155. case DsRole_RoleStandaloneWorkstation:
  156. case DsRole_RoleStandaloneServer:
  157. m_bMachineIsStandAlone = true;
  158. break;
  160. case DsRole_RoleMemberWorkstation:
  161. case DsRole_RoleMemberServer:
  162. case DsRole_RoleBackupDomainController:
  163. case DsRole_RolePrimaryDomainController:
  164. m_bMachineIsStandAlone = false;
  165. break;
  167. default:
  168. break;
  169. }
  170. }
  171. else
  172. {
  173. _TRACE (0, L"DsRoleGetPrimaryDomainInformation () failed: 0x%x\n", dwErr);
  174. }
  175. NetApiBufferFree (pInfo);
  177. _TRACE (-1, L"Leaving CCertMgrComponentData::CCertMgrComponentData\n");
  178. }
  180. CCertMgrComponentData::~CCertMgrComponentData ()
  181. {
  182. _TRACE (1, L"Entering CCertMgrComponentData::~CCertMgrComponentData\n");
  183. if ( m_pCryptUIMMCCallbackStruct )
  184. {
  185. ::MMCFreeNotifyHandle (m_pCryptUIMMCCallbackStruct->lNotifyHandle);
  186. ((LPDATAOBJECT)(m_pCryptUIMMCCallbackStruct->param))->Release ();
  187. ::GlobalFree (m_pCryptUIMMCCallbackStruct);
  188. m_pCryptUIMMCCallbackStruct = 0;
  189. }
  191. if ( m_pGPERootStore )
  192. {
  193. m_pGPERootStore->Release ();
  194. m_pGPERootStore = 0;
  195. }
  196. if ( m_pGPETrustStore )
  197. {
  198. m_pGPETrustStore->Release ();
  199. m_pGPETrustStore = 0;
  200. }
  201. if ( m_pFileBasedStore )
  202. {
  203. m_pFileBasedStore->Release ();
  204. m_pFileBasedStore = 0;
  205. }
  207. if ( m_pGPEACRSUserStore )
  208. {
  209. m_pGPEACRSUserStore->Release ();
  210. m_pGPEACRSUserStore = 0;
  211. }
  213. if ( m_pGPEACRSComputerStore )
  214. {
  215. m_pGPEACRSComputerStore->Release ();
  216. m_pGPEACRSComputerStore = 0;
  217. }
  219. CCookie& rootCookie = QueryBaseRootCookie ();
  220. while ( !rootCookie.m_listResultCookieBlocks.IsEmpty() )
  221. {
  222. (rootCookie.m_listResultCookieBlocks.RemoveHead())->Release();
  223. }
  224. if ( m_pGPEInformation )
  225. {
  226. m_pGPEInformation->Release ();
  227. m_pGPEInformation = 0;
  228. }
  230. if ( m_pRSOPInformationComputer )
  231. {
  232. m_pRSOPInformationComputer->Release ();
  233. m_pRSOPInformationComputer = 0;
  234. }
  235. if ( m_pRSOPInformationUser )
  236. {
  237. m_pRSOPInformationUser->Release ();
  238. m_pRSOPInformationUser = 0;
  239. }
  241. if ( m_pResultData )
  242. {
  243. m_pResultData->Release ();
  244. m_pResultData = 0;
  245. }
  247. if ( m_pComponentConsole )
  248. {
  249. SAFE_RELEASE (m_pComponentConsole);
  250. m_pComponentConsole = 0;
  251. }
  253. if (m_pbstrLanguage)
  254. SysFreeString (m_pbstrLanguage);
  256. if (m_pbstrQuery)
  257. SysFreeString (m_pbstrQuery);
  259. if (m_pbstrRegistryKey)
  260. SysFreeString (m_pbstrRegistryKey);
  262. if (m_pbstrValueName)
  263. SysFreeString (m_pbstrValueName);
  265. if (m_pbstrValue)
  266. SysFreeString (m_pbstrValue);
  268. if ( m_pbstrPrecedence )
  269. SysFreeString (m_pbstrPrecedence);
  271. if ( m_pbstrGPOid )
  272. SysFreeString (m_pbstrGPOid);
  274. int nIndex = 0;
  275. INT_PTR nUpperBound = m_rsopObjectArrayComputer.GetUpperBound ();
  277. while ( nUpperBound >= nIndex )
  278. {
  279. CRSOPObject* pCurrObject = m_rsopObjectArrayComputer.GetAt (nIndex);
  280. if ( pCurrObject )
  281. {
  282. delete pCurrObject;
  283. }
  284. nIndex++;
  285. }
  286. m_rsopObjectArrayComputer.RemoveAll ();
  289. nIndex = 0;
  290. nUpperBound = m_rsopObjectArrayUser.GetUpperBound ();
  291. while ( nUpperBound >= nIndex )
  292. {
  293. CRSOPObject* pCurrObject = m_rsopObjectArrayUser.GetAt (nIndex);
  294. if ( pCurrObject )
  295. {
  296. delete pCurrObject;
  297. }
  298. nIndex++;
  299. }
  300. m_rsopObjectArrayUser.RemoveAll ();
  302. if ( m_pIWbemServicesComputer )
  303. m_pIWbemServicesComputer->Release ();
  305. if ( m_pIWbemServicesUser )
  306. m_pIWbemServicesUser->Release ();
  308. if ( m_pRootCookie )
  309. m_pRootCookie->Release ();
  311. if ( m_pdwSaferLevels )
  312. delete m_pdwSaferLevels;
  314. _TRACE (-1, L"Leaving CCertMgrComponentData::~CCertMgrComponentData\n");
  315. }
  317. DEFINE_FORWARDS_MACHINE_NAME ( CCertMgrComponentData, (m_pRootCookie) )
  319. CCookie& CCertMgrComponentData::QueryBaseRootCookie ()
  320. {
  321. _TRACE (0, L"Entering and leaving CCertMgrComponentData::QueryBaseRootCookie\n");
  322. ASSERT (m_pRootCookie);
  323. return (CCookie&) *m_pRootCookie;
  324. }
  327. STDMETHODIMP CCertMgrComponentData::CreateComponent (LPCOMPONENT* ppComponent)
  328. {
  329. _TRACE (1, L"Entering CCertMgrComponentData::CreateComponent\n");
  331. ASSERT (ppComponent);
  333. CComObject<CCertMgrComponent>* pObject = 0;
  334. CComObject<CCertMgrComponent>::CreateInstance (&pObject);
  335. ASSERT (pObject);
  336. pObject->SetComponentDataPtr ( (CCertMgrComponentData*) this);
  338. HRESULT hr = pObject->QueryInterface (IID_PPV_ARG (IComponent, ppComponent));
  339. _TRACE (1, L"Entering CCertMgrComponentData::CreateComponent\n");
  340. return hr;
  341. }
  343. HRESULT CCertMgrComponentData::LoadIcons (LPIMAGELIST pImageList, BOOL /*fLoadLargeIcons*/)
  344. {
  345. _TRACE (1, L"Entering CCertMgrComponentData::LoadIcons\n");
  346. AFX_MANAGE_STATE (AfxGetStaticModuleState ());
  348. // Structure to map a Resource ID to an index of icon
  349. struct RESID2IICON
  350. {
  351. UINT uIconId; // Icon resource ID
  352. int iIcon; // Index of the icon in the image list
  353. };
  354. const static RESID2IICON rgzLoadIconList[] =
  355. {
  356. // Misc icons
  357. { IDI_CERTIFICATE, iIconCertificate },
  358. { IDI_CTL, iIconCTL },
  359. { IDI_CRL, iIconCRL },
  360. { IDI_AUTO_CERT_REQUEST, iIconAutoCertRequest },
  361. { IDI_AUTOENROLL, iIconAutoEnroll },
  362. { IDI_SAFER_LEVEL, iIconSaferLevel },
  363. { IDI_DEFAULT_SAFER_LEVEL, iIconDefaultSaferLevel },
  364. { IDI_SAFER_HASH_ENTRY, iIconSaferHashEntry },
  365. { IDI_SAFER_URL_ENTRY, iIconSaferURLEntry },
  366. { IDI_SAFER_NAME_ENTRY, iIconSaferNameEntry },
  367. { IDI_SETTINGS, iIconSettings },
  368. { IDI_SAFER_CERT_ENTRY, iIconSaferCertEntry },
  369. { 0, 0} // Must be last
  370. };
  373. for (int i = 0; rgzLoadIconList[i].uIconId != 0; i++)
  374. {
  375. HICON hIcon = ::LoadIcon (AfxGetInstanceHandle (),
  376. MAKEINTRESOURCE (rgzLoadIconList[i].uIconId));
  377. ASSERT (hIcon && "Icon ID not found in resources");
  378. /*HRESULT hr =*/ pImageList->ImageListSetIcon ( (PLONG_PTR) hIcon,
  379. rgzLoadIconList[i].iIcon);
  380. // ASSERT (SUCCEEDED (hr) && "Unable to add icon to ImageList");
  381. }
  383. _TRACE (-1, L"Leaving CCertMgrComponentData::LoadIcons\n");
  384. return S_OK;
  385. }
  388. HRESULT CCertMgrComponentData::OnNotifyExpand (LPDATAOBJECT pDataObject, BOOL bExpanding, HSCOPEITEM hParent)
  389. {
  390. _TRACE (1, L"Entering CCertMgrComponentData::OnNotifyExpand\n");
  391. AFX_MANAGE_STATE (AfxGetStaticModuleState ());
  392. CWaitCursor waitCursor;
  393. ASSERT (pDataObject && hParent && m_pConsoleNameSpace);
  394. if (!bExpanding)
  395. return S_OK;
  397. static bool bDomainVersionChecked = false;
  399. if ( !bDomainVersionChecked )
  400. {
  401. if ( !m_bMachineIsStandAlone ) // only check if joined to a domain
  402. CheckDomainVersion ();
  403. bDomainVersionChecked = true;
  404. }
  406. GUID guidObjectType;
  407. HRESULT hr = ExtractObjectTypeGUID (pDataObject, &guidObjectType);
  408. ASSERT (SUCCEEDED (hr));
  409. if ( IsSecurityConfigurationEditorNodetype (guidObjectType) )
  410. {
  411. hr = ExtractData (pDataObject, CCertMgrDataObject::m_CFSCEModeType,
  412. &m_dwSCEMode, sizeof (DWORD));
  413. ASSERT (SUCCEEDED (hr));
  414. if ( SUCCEEDED (hr) )
  415. {
  416. switch (m_dwSCEMode)
  417. {
  418. case SCE_MODE_DOMAIN_USER: // User Settings
  419. case SCE_MODE_OU_USER:
  420. case SCE_MODE_LOCAL_USER:
  421. case SCE_MODE_DOMAIN_COMPUTER: // Computer Settings
  422. case SCE_MODE_OU_COMPUTER:
  423. case SCE_MODE_LOCAL_COMPUTER:
  424. m_bIsRSOP = false;
  425. if ( !m_pGPEInformation )
  426. {
  427. IUnknown* pIUnknown = 0;
  429. hr = ExtractData (pDataObject,
  430. CCertMgrDataObject::m_CFSCE_GPTUnknown,
  431. &pIUnknown, sizeof (IUnknown*));
  432. ASSERT (SUCCEEDED (hr));
  433. if ( SUCCEEDED (hr) )
  434. {
  435. hr = pIUnknown->QueryInterface (
  436. IID_PPV_ARG (IGPEInformation, &m_pGPEInformation));
  437. ASSERT (SUCCEEDED (hr));
  438. #if DBG
  439. if ( SUCCEEDED (hr) )
  440. {
  441. const int cbLen = 512;
  442. WCHAR szName[cbLen];
  443. hr = m_pGPEInformation->GetName (szName, cbLen);
  444. if ( SUCCEEDED (hr) )
  445. {
  446. _TRACE (0, L"IGPEInformation::GetName () returned: %s",
  447. szName);
  448. }
  449. else
  450. {
  451. _TRACE (0, L"IGPEInformation::GetName () failed: 0x%x\n", hr);
  452. }
  453. }
  454. #endif
  455. pIUnknown->Release ();
  456. }
  457. }
  459. if ( SUCCEEDED (hr) )
  460. {
  461. switch (m_dwSCEMode)
  462. {
  463. case SCE_MODE_DOMAIN_USER:
  464. case SCE_MODE_OU_USER:
  465. case SCE_MODE_LOCAL_USER:
  466. hr = ExpandScopeNodes (NULL, hParent, _T (""),
  467. CERT_SYSTEM_STORE_CURRENT_USER_GROUP_POLICY, NODEID_User);
  468. break;
  470. case SCE_MODE_DOMAIN_COMPUTER:
  471. case SCE_MODE_OU_COMPUTER:
  472. case SCE_MODE_LOCAL_COMPUTER:
  473. hr = ExpandScopeNodes (NULL, hParent, _T (""),
  474. CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY, NODEID_Machine);
  475. break;
  477. default:
  478. ASSERT (0);
  479. hr = E_FAIL;
  480. break;
  481. }
  482. }
  483. break;
  485. case SCE_MODE_RSOP_USER:
  486. case SCE_MODE_RSOP_COMPUTER:
  487. m_bIsRSOP = true;
  488. hr = BuildWMIList (pDataObject, SCE_MODE_RSOP_COMPUTER == m_dwSCEMode);
  489. if ( SUCCEEDED (hr) )
  490. {
  491. switch (m_dwSCEMode)
  492. {
  493. case SCE_MODE_RSOP_USER:
  494. hr = ExpandScopeNodes (NULL, hParent, _T (""),
  495. CERT_SYSTEM_STORE_CURRENT_USER_GROUP_POLICY,
  496. NODEID_User);
  497. break;
  499. case SCE_MODE_RSOP_COMPUTER:
  500. hr = ExpandScopeNodes (NULL, hParent, _T (""),
  501. CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY,
  502. NODEID_Machine);
  503. break;
  505. default:
  506. ASSERT (0);
  507. hr = E_FAIL;
  508. break;
  509. }
  510. }
  511. break;
  513. default:
  514. // we are not extending other nodes
  515. break;
  516. }
  517. }
  519. return hr;
  520. }
  522. // Beyond this point we are not dealing with extension node types.
  523. {
  524. CCertMgrCookie* pParentCookie = ConvertCookie (pDataObject);
  525. if ( pParentCookie )
  526. {
  527. hr = ExpandScopeNodes (pParentCookie, hParent, _T (""), 0, guidObjectType);
  528. }
  529. else
  530. hr = E_UNEXPECTED;
  531. }
  534. _TRACE (-1, L"Leaving CCertMgrComponentData::OnNotifyExpand: 0x%x\n", hr);
  535. return hr;
  536. }
  539. HRESULT CCertMgrComponentData::OnNotifyRelease (LPDATAOBJECT /*pDataObject*/, HSCOPEITEM hItem)
  540. {
  541. _TRACE (1, L"Entering CCertMgrComponentData::OnNotifyRelease\n");
  543. HRESULT hr = DeleteChildren (hItem);
  545. //
  546. // In RSoP, we may get called to refresh the scope pane when the query
  547. // is re-executed -- if this happens, current nodes will be removed and
  548. // we must reset all of our cached information. We reset the relevant
  549. // information below
  550. //
  551. if ( hItem && (!m_hRootScopeItem || m_hRootScopeItem == hItem) )
  552. {
  553. if ( m_pGPERootStore )
  554. {
  555. m_pGPERootStore->Release ();
  556. m_pGPERootStore = 0;
  557. }
  559. if ( m_pGPETrustStore )
  560. {
  561. m_pGPETrustStore->Release ();
  562. m_pGPETrustStore = 0;
  563. }
  565. if ( m_pGPEACRSComputerStore )
  566. {
  567. m_pGPEACRSComputerStore->Release ();
  568. m_pGPEACRSComputerStore = 0;
  569. }
  571. if ( m_pGPEACRSUserStore )
  572. {
  573. m_pGPEACRSUserStore->Release ();
  574. m_pGPEACRSUserStore = 0;
  575. }
  577. if ( m_pRSOPInformationComputer )
  578. {
  579. m_pRSOPInformationComputer->Release();
  580. m_pRSOPInformationComputer = 0;
  581. }
  583. if ( m_pRSOPInformationUser )
  584. {
  585. m_pRSOPInformationUser->Release();
  586. m_pRSOPInformationUser = 0;
  587. }
  588. }
  590. _TRACE (-1, L"Leaving CCertMgrComponentData::OnNotifyRelease: 0x%x\n", hr);
  591. return hr;
  592. }
  595. BSTR CCertMgrComponentData::QueryResultColumnText (CCookie& basecookie, int nCol)
  596. {
  597. // _TRACE (1, L"Entering CCertMgrComponentData::QueryResultColumnText\n");
  598. CCertMgrCookie& cookie = (CCertMgrCookie&) basecookie;
  599. BSTR strResult = L"";
  601. #ifndef UNICODE
  602. #error not ANSI-enabled
  603. #endif
  604. switch ( cookie.m_objecttype )
  605. {
  606. case CERTMGR_SNAPIN:
  607. case CERTMGR_USAGE:
  608. case CERTMGR_CRL_CONTAINER:
  609. case CERTMGR_CTL_CONTAINER:
  610. case CERTMGR_CERT_CONTAINER:
  611. case CERTMGR_CERT_POLICIES_USER:
  612. case CERTMGR_CERT_POLICIES_COMPUTER:
  613. case CERTMGR_SAFER_COMPUTER_ROOT:
  614. case CERTMGR_SAFER_USER_ROOT:
  615. case CERTMGR_SAFER_COMPUTER_LEVELS:
  616. case CERTMGR_SAFER_USER_LEVELS:
  617. case CERTMGR_SAFER_COMPUTER_ENTRIES:
  618. case CERTMGR_SAFER_USER_ENTRIES:
  619. if ( 0 == nCol )
  620. strResult = const_cast<BSTR> (cookie.GetObjectName ());
  621. break;
  623. case CERTMGR_SAFER_COMPUTER_LEVEL:
  624. case CERTMGR_SAFER_USER_LEVEL:
  625. if ( 0 == nCol )
  626. strResult = const_cast<BSTR> (cookie.GetObjectName ());
  627. break;
  629. case CERTMGR_SAFER_COMPUTER_ENTRY:
  630. case CERTMGR_SAFER_USER_ENTRY:
  631. ASSERT (0);
  632. break;
  634. case CERTMGR_PHYS_STORE:
  635. case CERTMGR_LOG_STORE:
  636. case CERTMGR_LOG_STORE_GPE:
  637. case CERTMGR_LOG_STORE_RSOP:
  638. if (COLNUM_CERT_SUBJECT == nCol)
  639. {
  640. CCertStore* pStore = reinterpret_cast <CCertStore*> (&cookie);
  641. ASSERT (pStore);
  642. if ( pStore )
  643. {
  644. // NTRAID# 455988 PKP: RSOP mode depicts localized store
  645. // name under PublicKeyPolicies. Store names are different
  646. // in GP editor
  648. // if ( m_pGPEInformation || m_bIsRSOP )
  649. // strResult = const_cast<BSTR> (pStore->GetObjectName () );
  650. // else
  651. strResult = const_cast<BSTR> (pStore->GetLocalizedName ());
  652. }
  653. }
  654. break;
  656. case CERTMGR_PKP_AUTOENROLLMENT_COMPUTER_SETTINGS:
  657. case CERTMGR_PKP_AUTOENROLLMENT_USER_SETTINGS:
  658. ASSERT (0);
  659. break;
  661. case CERTMGR_CERTIFICATE:
  662. case CERTMGR_CRL:
  663. case CERTMGR_CTL:
  664. case CERTMGR_AUTO_CERT_REQUEST:
  665. _TRACE (0, L"CCertMgrComponentData::QueryResultColumnText bad parent type\n");
  666. ASSERT (0);
  667. break;
  669. default:
  670. ASSERT (0);
  671. break;
  672. }
  674. // _TRACE (-1, L"Leaving CCertMgrComponentData::QueryResultColumnText\n");
  675. return strResult;
  676. }
  678. int CCertMgrComponentData::QueryImage (CCookie& basecookie, BOOL /*fOpenImage*/)
  679. {
  680. // _TRACE (1, L"Entering CCertMgrComponentData::QueryImage\n");
  681. int nIcon = 0;
  683. CCertMgrCookie& cookie = (CCertMgrCookie&)basecookie;
  684. switch ( cookie.m_objecttype )
  685. {
  686. case CERTMGR_SNAPIN:
  687. nIcon = iIconCertificate;
  688. break;
  690. case CERTMGR_USAGE:
  691. case CERTMGR_PHYS_STORE:
  692. case CERTMGR_LOG_STORE:
  693. case CERTMGR_LOG_STORE_GPE:
  694. case CERTMGR_LOG_STORE_RSOP:
  695. case CERTMGR_CTL_CONTAINER:
  696. case CERTMGR_CERT_CONTAINER:
  697. case CERTMGR_CRL_CONTAINER:
  698. case CERTMGR_CERT_POLICIES_USER:
  699. case CERTMGR_CERT_POLICIES_COMPUTER:
  700. case CERTMGR_SAFER_COMPUTER_ROOT:
  701. case CERTMGR_SAFER_USER_ROOT:
  702. case CERTMGR_SAFER_COMPUTER_LEVELS:
  703. case CERTMGR_SAFER_USER_LEVELS:
  704. case CERTMGR_SAFER_COMPUTER_ENTRIES:
  705. case CERTMGR_SAFER_USER_ENTRIES:
  706. break;
  708. case CERTMGR_CERTIFICATE:
  709. case CERTMGR_CRL:
  710. case CERTMGR_CTL:
  711. case CERTMGR_PKP_AUTOENROLLMENT_COMPUTER_SETTINGS:
  712. case CERTMGR_PKP_AUTOENROLLMENT_USER_SETTINGS:
  713. ASSERT (0); // not expected in scope pane
  714. break;
  716. default:
  717. _TRACE (0, L"CCertMgrComponentData::QueryImage bad parent type\n");
  718. ASSERT (0);
  719. break;
  720. }
  721. // _TRACE (-1, L"Leaving CCertMgrComponentData::QueryImage\n");
  722. return nIcon;
  723. }
  726. ///////////////////////////////////////////////////////////////////////////////
  727. /// IExtendPropertySheet
  729. STDMETHODIMP CCertMgrComponentData::QueryPagesFor (LPDATAOBJECT pDataObject)
  730. {
  731. _TRACE (1, L"Entering CCertMgrComponentData::QueryPagesFor\n");
  732. HRESULT hr = S_OK;
  733. ASSERT (pDataObject);
  735. if ( pDataObject )
  736. {
  737. DATA_OBJECT_TYPES dataobjecttype = CCT_SCOPE;
  738. hr = ExtractData (pDataObject,
  739. CCertMgrDataObject::m_CFDataObjectType,
  740. &dataobjecttype, sizeof (dataobjecttype));
  741. if ( SUCCEEDED (hr) )
  742. {
  743. switch (dataobjecttype)
  744. {
  745. case CCT_SNAPIN_MANAGER:
  746. if ( !m_bIsUserAdministrator )
  747. {
  748. // Non-admins may manage only their own certs
  749. m_dwLocationPersist = CERT_SYSTEM_STORE_CURRENT_USER;
  750. hr = S_FALSE;
  751. }
  752. break;
  754. case CCT_RESULT:
  755. {
  756. hr = S_FALSE;
  757. CCertMgrCookie* pParentCookie = ConvertCookie (pDataObject);
  758. if ( pParentCookie )
  759. {
  760. switch (pParentCookie->m_objecttype)
  761. {
  762. case CERTMGR_CERTIFICATE:
  763. case CERTMGR_AUTO_CERT_REQUEST:
  764. case CERTMGR_PKP_AUTOENROLLMENT_COMPUTER_SETTINGS:
  765. case CERTMGR_PKP_AUTOENROLLMENT_USER_SETTINGS:
  766. case CERTMGR_SAFER_COMPUTER_LEVEL:
  767. case CERTMGR_SAFER_USER_LEVEL:
  768. case CERTMGR_SAFER_COMPUTER_TRUSTED_PUBLISHERS:
  769. case CERTMGR_SAFER_USER_TRUSTED_PUBLISHERS:
  770. case CERTMGR_SAFER_COMPUTER_DEFINED_FILE_TYPES:
  771. case CERTMGR_SAFER_USER_DEFINED_FILE_TYPES:
  772. case CERTMGR_SAFER_COMPUTER_ENTRY:
  773. case CERTMGR_SAFER_USER_ENTRY:
  774. case CERTMGR_SAFER_COMPUTER_ENFORCEMENT:
  775. case CERTMGR_SAFER_USER_ENFORCEMENT:
  776. hr = S_OK;
  777. break;
  779. case CERTMGR_CTL:
  780. if ( m_bIsRSOP )
  781. hr = S_OK;
  782. break;
  784. default:
  785. break;
  786. }
  787. }
  788. }
  789. break;
  791. case CCT_SCOPE:
  792. {
  793. CCertMgrCookie* pParentCookie = ConvertCookie (pDataObject);
  794. if ( pParentCookie )
  795. {
  796. switch ( pParentCookie->m_objecttype )
  797. {
  798. case CERTMGR_LOG_STORE_GPE:
  799. case CERTMGR_LOG_STORE_RSOP:
  800. {
  801. CCertStore* pStore = reinterpret_cast <CCertStore*> (pParentCookie);
  802. ASSERT (pStore);
  803. if ( pStore )
  804. {
  805. switch (pStore->GetStoreType ())
  806. {
  807. case ROOT_STORE:
  808. case EFS_STORE:
  809. hr = S_OK;
  810. break;
  812. default:
  813. break;
  814. }
  815. }
  816. else
  817. hr = S_FALSE;
  818. }
  819. break;
  821. default:
  822. hr = S_FALSE;
  823. break;
  824. }
  825. }
  826. else
  827. {
  828. hr = S_FALSE;
  829. }
  830. }
  831. break;
  833. default:
  834. hr = S_FALSE;
  835. break;
  836. }
  837. }
  838. }
  839. else
  840. hr = E_POINTER;
  843. _TRACE (-1, L"Leaving CCertMgrComponentData::QueryPagesFor: 0x%x\n", hr);
  844. return hr;
  845. }
  847. STDMETHODIMP CCertMgrComponentData::CreatePropertyPages (
  848. LPPROPERTYSHEETCALLBACK pCallback,
  849. LONG_PTR handle, // This handle must be saved in the property page object to notify the parent when modified
  850. LPDATAOBJECT pDataObject)
  851. {
  852. _TRACE (1, L"Entering CCertMgrComponentData::CreatePropertyPages\n");
  853. AFX_MANAGE_STATE(AfxGetStaticModuleState());
  854. HRESULT hr = S_OK;
  857. ASSERT (pCallback && pDataObject);
  858. if ( pCallback && pDataObject )
  859. {
  860. DATA_OBJECT_TYPES dataobjecttype = CCT_SCOPE;
  861. hr = ExtractData (pDataObject,
  862. CCertMgrDataObject::m_CFDataObjectType,
  863. &dataobjecttype, sizeof (dataobjecttype));
  864. switch (dataobjecttype)
  865. {
  866. case CCT_SNAPIN_MANAGER:
  867. hr = AddSnapMgrPropPages (pCallback);
  868. break;
  870. case CCT_RESULT:
  871. {
  872. CCertMgrCookie* pParentCookie = ConvertCookie (pDataObject);
  873. if ( pParentCookie )
  874. {
  875. switch (pParentCookie->m_objecttype)
  876. {
  877. case CERTMGR_CERTIFICATE:
  878. {
  879. CCertificate* pCert = reinterpret_cast <CCertificate*> (pParentCookie);
  880. ASSERT (pCert);
  881. if ( pCert )
  882. {
  883. if ( pCert->IsCertStillInStore () )
  884. {
  885. // Anything, except ACRS
  886. hr = AddCertPropPages (pCert, pCallback,
  887. pDataObject, handle);
  888. }
  889. else
  890. {
  891. CString text;
  892. CString caption;
  894. VERIFY (caption.LoadString (IDS_CERTIFICATE_MANAGER));
  895. VERIFY (text.LoadString (
  896. IDS_CANCEL_BECAUSE_CERT_HAS_BEEN_DELETED));
  897. int iRetVal = 0;
  898. VERIFY (SUCCEEDED (m_pConsole->MessageBox (text, caption,
  899. MB_OK, &iRetVal)));
  901. m_pConsole->UpdateAllViews (pDataObject, 0, 0);
  902. hr = E_FAIL;
  903. }
  904. }
  905. else
  906. hr = E_FAIL;
  907. }
  908. break;
  910. case CERTMGR_AUTO_CERT_REQUEST:
  911. {
  912. CAutoCertRequest* pACR = reinterpret_cast <CAutoCertRequest*> (pParentCookie);
  913. ASSERT (pACR);
  914. if ( pACR )
  915. {
  916. hr = AddACRSCTLPropPages (pACR, pCallback);
  917. }
  918. else
  919. hr = E_FAIL;
  920. }
  921. break;
  923. case CERTMGR_CTL:
  924. {
  925. CCTL* pCTL = reinterpret_cast <CCTL*> (pParentCookie);
  926. ASSERT (pCTL);
  927. if ( pCTL )
  928. {
  929. hr = AddCTLPropPages (pCTL, pCallback);
  930. }
  931. else
  932. hr = E_FAIL;
  933. }
  934. break;
  936. case CERTMGR_PKP_AUTOENROLLMENT_COMPUTER_SETTINGS:
  937. case CERTMGR_PKP_AUTOENROLLMENT_USER_SETTINGS:
  938. hr = AddAutoenrollmentSettingsPropPages (pCallback,
  939. CERTMGR_PKP_AUTOENROLLMENT_COMPUTER_SETTINGS ==
  940. pParentCookie->m_objecttype);
  941. break;
  943. case CERTMGR_SAFER_COMPUTER_LEVEL:
  944. case CERTMGR_SAFER_USER_LEVEL:
  945. hr = AddSaferLevelPropPage (pCallback,
  946. dynamic_cast <CSaferLevel*>(pParentCookie),
  947. handle,
  948. pDataObject);
  949. break;
  951. case CERTMGR_SAFER_COMPUTER_TRUSTED_PUBLISHERS:
  952. case CERTMGR_SAFER_USER_TRUSTED_PUBLISHERS:
  953. hr = AddSaferTrustedPublisherPropPages (pCallback,
  954. CERTMGR_SAFER_COMPUTER_TRUSTED_PUBLISHERS ==
  955. pParentCookie->m_objecttype);
  956. break;
  958. case CERTMGR_SAFER_COMPUTER_DEFINED_FILE_TYPES:
  959. case CERTMGR_SAFER_USER_DEFINED_FILE_TYPES:
  960. hr = AddSaferDefinedFileTypesPropPages (pCallback,
  961. CERTMGR_SAFER_COMPUTER_DEFINED_FILE_TYPES ==
  962. pParentCookie->m_objecttype);
  963. break;
  965. case CERTMGR_SAFER_COMPUTER_ENFORCEMENT:
  966. case CERTMGR_SAFER_USER_ENFORCEMENT:
  967. hr = AddSaferEnforcementPropPages (pCallback,
  968. CERTMGR_SAFER_COMPUTER_ENFORCEMENT ==
  969. pParentCookie->m_objecttype);
  970. break;
  972. case CERTMGR_SAFER_COMPUTER_ENTRY:
  973. case CERTMGR_SAFER_USER_ENTRY:
  974. hr = AddSaferEntryPropertyPage (pCallback,
  975. pParentCookie, pDataObject, handle);
  976. break;
  978. default:
  979. break;
  980. }
  981. }
  982. else
  983. hr = E_UNEXPECTED;
  984. }
  985. break;
  987. case CCT_SCOPE:
  988. {
  989. CCertMgrCookie* pParentCookie = ConvertCookie (pDataObject);
  990. if ( pParentCookie )
  991. {
  992. switch ( pParentCookie->m_objecttype )
  993. {
  994. case CERTMGR_LOG_STORE_GPE:
  995. case CERTMGR_LOG_STORE_RSOP:
  996. {
  997. CCertStore* pStore = reinterpret_cast <CCertStore*> (pParentCookie);
  998. ASSERT (pStore);
  999. if ( pStore )
  1000. {
  1001. if ( ROOT_STORE == pStore->GetStoreType () )
  1002. {
  1003. hr = AddGPEStorePropPages (pCallback, pStore);
  1004. }
  1005. else if ( EFS_STORE == pStore->GetStoreType () )
  1006. {
  1007. hr = AddEFSSettingsPropPages (pCallback,
  1008. pStore->IsMachineStore ());
  1009. }
  1010. }
  1011. else
  1012. hr = E_FAIL;
  1013. }
  1014. break;
  1016. case CERTMGR_PKP_AUTOENROLLMENT_COMPUTER_SETTINGS:
  1017. case CERTMGR_PKP_AUTOENROLLMENT_USER_SETTINGS:
  1018. ASSERT (0);
  1019. break;
  1021. default:
  1022. break;
  1023. }
  1024. }
  1025. else
  1026. hr = E_UNEXPECTED;
  1027. }
  1028. break;
  1031. default:
  1032. break;
  1033. }
  1034. }
  1035. else
  1036. hr = E_POINTER;
  1038. _TRACE (-1, L"Leaving CCertMgrComponentData::CreatePropertyPages: 0x%x\n", hr);
  1039. return hr;
  1040. }
  1043. HRESULT CCertMgrComponentData::AddSnapMgrPropPages (LPPROPERTYSHEETCALLBACK pCallback)
  1044. {
  1045. _TRACE (1, L"Entering CCertMgrComponentData::AddSnapMgrPropPages\n");
  1046. HRESULT hr = S_OK;
  1047. ASSERT (pCallback);
  1048. if ( pCallback )
  1049. {
  1050. //
  1051. // Note that once we have established that this is a CCT_SNAPIN_MANAGER cookie,
  1052. // we don't care about its other properties. A CCT_SNAPIN_MANAGER cookie is
  1053. // equivalent to a BOOL flag asking for the Node Properties page instead of a
  1054. // managed object property page. JonN 10/9/96
  1055. //
  1056. if ( m_bIsUserAdministrator )
  1057. {
  1058. CSelectAccountPropPage * pSelAcctPage =
  1059. new CSelectAccountPropPage (IsWindowsNT ());
  1060. if ( pSelAcctPage )
  1061. {
  1062. pSelAcctPage->AssignLocationPtr (&m_dwLocationPersist);
  1063. HPROPSHEETPAGE hSelAcctPage = MyCreatePropertySheetPage (&pSelAcctPage->m_psp);
  1064. if ( hSelAcctPage )
  1065. {
  1066. hr = pCallback->AddPage (hSelAcctPage);
  1067. ASSERT (SUCCEEDED (hr));
  1068. if ( FAILED (hr) )
  1069. VERIFY (::DestroyPropertySheetPage (hSelAcctPage));
  1070. }
  1071. else
  1072. delete pSelAcctPage;
  1073. }
  1074. else
  1075. {
  1076. hr = E_OUTOFMEMORY;
  1077. }
  1079. // In Windows 95 or Windows 98,users will only be able to manage the
  1080. // local machine.
  1081. if ( IsWindowsNT () )
  1082. {
  1083. CCertMgrChooseMachinePropPage * pChooseMachinePage = new CCertMgrChooseMachinePropPage ();
  1084. if ( pChooseMachinePage )
  1085. {
  1086. pChooseMachinePage->AssignLocationPtr (&m_dwLocationPersist);
  1088. // Initialize state of object
  1089. ASSERT (m_pRootCookie);
  1090. if ( m_pRootCookie )
  1091. {
  1092. pChooseMachinePage->InitMachineName (m_pRootCookie->QueryTargetServer ());
  1093. pChooseMachinePage->SetOutputBuffers (
  1094. OUT &m_strMachineNamePersist,
  1095. OUT &m_fAllowOverrideMachineName,
  1096. OUT &m_pRootCookie->m_strMachineName); // Effective machine name
  1098. HPROPSHEETPAGE hChooseMachinePage = MyCreatePropertySheetPage (&pChooseMachinePage->m_psp);
  1099. if ( hChooseMachinePage )
  1100. {
  1101. hr = pCallback->AddPage (hChooseMachinePage);
  1102. ASSERT (SUCCEEDED (hr));
  1103. if ( FAILED (hr) )
  1104. VERIFY (::DestroyPropertySheetPage (hChooseMachinePage));
  1105. }
  1106. else
  1107. delete pChooseMachinePage;
  1108. }
  1109. }
  1110. else
  1111. {
  1112. hr = E_OUTOFMEMORY;
  1113. }
  1115. CSelectServiceAccountPropPage* pServicePage = new
  1116. CSelectServiceAccountPropPage (&m_szManagedServicePersist,
  1117. &m_szManagedServiceDisplayName,
  1118. m_strMachineNamePersist);
  1119. if ( pServicePage )
  1120. {
  1121. // pServicePage->SetCaption (IDS_MS_CERT_MGR); // access violation when called
  1123. HPROPSHEETPAGE hServicePage = MyCreatePropertySheetPage (&pServicePage->m_psp);
  1124. if ( hServicePage )
  1125. {
  1126. hr = pCallback->AddPage (hServicePage);
  1127. ASSERT (SUCCEEDED (hr));
  1128. if ( FAILED (hr) )
  1129. VERIFY (::DestroyPropertySheetPage (hServicePage));
  1131. }
  1132. else
  1133. delete pServicePage;
  1134. }
  1135. else
  1136. {
  1137. hr = E_OUTOFMEMORY;
  1138. }
  1139. }
  1140. }
  1141. else
  1142. {
  1143. // Non-administrators may view their own certs only.
  1144. m_dwLocationPersist = CERT_SYSTEM_STORE_CURRENT_USER;
  1145. }
  1148. }
  1149. else
  1150. hr = E_POINTER;
  1152. _TRACE (-1, L"Leaving CCertMgrComponentData::AddSnapMgrPropPages: 0x%x\n", hr);
  1153. return hr;
  1154. }
  1157. HRESULT CCertMgrComponentData::AddACRSCTLPropPages (CAutoCertRequest* pACR, LPPROPERTYSHEETCALLBACK pCallback)
  1158. {
  1159. _TRACE (1, L"Entering CCertMgrComponentData::AddACRSCTLPropPages\n");
  1160. HRESULT hr = S_OK;
  1161. ASSERT (pACR && pCallback);
  1162. if ( pACR && pCallback )
  1163. {
  1164. CACRGeneralPage * pACRPage = new CACRGeneralPage (*pACR);
  1165. if ( pACRPage )
  1166. {
  1167. HPROPSHEETPAGE hACRPage = MyCreatePropertySheetPage (&pACRPage->m_psp);
  1168. if ( hACRPage )
  1169. {
  1170. hr = pCallback->AddPage (hACRPage);
  1171. ASSERT (SUCCEEDED (hr));
  1172. if ( FAILED (hr) )
  1173. VERIFY (::DestroyPropertySheetPage (hACRPage));
  1174. }
  1175. else
  1176. delete pACRPage;
  1177. }
  1178. else
  1179. {
  1180. hr = E_OUTOFMEMORY;
  1181. }
  1183. if ( m_bIsRSOP )
  1184. {
  1185. CString szSHA1Hash (L"\\ACRS\\CTLs\\");
  1186. szSHA1Hash += pACR->GetSHAHash ();
  1187. hr = FindRSOPObjectByHashAndDisplayPrecedencePage (szSHA1Hash,
  1188. pACR->GetCertStore ().IsComputerType (), pCallback);
  1189. }
  1190. }
  1191. else
  1192. hr = E_POINTER;
  1194. _TRACE (-1, L"Leaving CCertMgrComponentData::AddACRSCTLPropPages: 0x%x\n", hr);
  1195. return hr;
  1196. }
  1198. HRESULT CCertMgrComponentData::FindRSOPObjectByHashAndDisplayPrecedencePage (
  1199. const CString& szHash,
  1200. const bool bIsComputer,
  1201. LPPROPERTYSHEETCALLBACK pCallback)
  1202. {
  1203. HRESULT hr = S_OK;
  1204. CString szRegKey;
  1206. // NOTE: rsop object array is sorted first by registry key, then by precedence
  1207. const CRSOPObjectArray* pObjectArray =
  1208. bIsComputer ?
  1209. GetRSOPObjectArrayComputer () : GetRSOPObjectArrayUser ();
  1210. INT_PTR nUpperBound = pObjectArray->GetUpperBound ();
  1211. int nIndex = 0;
  1213. // The CTLs are identified by their SHA1 hash. Find the
  1214. // RSOP object containing this CTL's SHA1 hash value and
  1215. // use that to determine the precedence.
  1216. while ( nUpperBound >= nIndex )
  1217. {
  1218. CRSOPObject* pObject = pObjectArray->GetAt (nIndex);
  1219. if ( pObject )
  1220. {
  1221. if ( -1 != pObject->GetRegistryKey ().Find (szHash) )
  1222. {
  1223. // If value equals to "Blob" or "Blob0", then we've
  1224. // found our node
  1225. // security review 2/26/2002 BryanWal ok
  1226. if ( !wcscmp (STR_BLOB, pObject->GetValueName ()) ||
  1227. !wcscmp (STR_BLOB0, pObject->GetValueName ()) )
  1228. {
  1229. szRegKey = pObject->GetRegistryKey ();
  1230. break;
  1231. }
  1232. }
  1233. }
  1234. else
  1235. break;
  1237. nIndex++;
  1238. }
  1240. // Only show the property page if the correct RSOP object was found
  1241. if ( !szRegKey.IsEmpty () )
  1242. {
  1243. CPolicyPrecedencePropertyPage * pPrecedencePage =
  1244. new CPolicyPrecedencePropertyPage (this, szRegKey,
  1245. STR_BLOB,
  1246. bIsComputer);
  1247. if ( pPrecedencePage )
  1248. {
  1249. HPROPSHEETPAGE hPrecedencePage = MyCreatePropertySheetPage (&pPrecedencePage->m_psp);
  1250. if ( hPrecedencePage )
  1251. {
  1252. hr = pCallback->AddPage (hPrecedencePage);
  1253. ASSERT (SUCCEEDED (hr));
  1254. if ( FAILED (hr) )
  1255. VERIFY (::DestroyPropertySheetPage (hPrecedencePage));
  1256. }
  1257. else
  1258. delete pPrecedencePage;
  1259. }
  1260. else
  1261. {
  1262. hr = E_OUTOFMEMORY;
  1263. }
  1264. }
  1266. return hr;
  1267. }
  1269. HRESULT CCertMgrComponentData::AddCTLPropPages (CCTL* pCTL, LPPROPERTYSHEETCALLBACK pCallback)
  1270. {
  1271. _TRACE (1, L"Entering CCertMgrComponentData::AddCTLPropPages\n");
  1272. HRESULT hr = S_OK;
  1273. ASSERT (pCTL && pCallback);
  1274. if ( pCTL && pCallback )
  1275. {
  1276. if ( m_bIsRSOP )
  1277. {
  1278. CString szSHA1Hash (L"\\Trust\\CTLs\\");
  1279. szSHA1Hash += pCTL->GetSHAHash ();
  1280. hr = FindRSOPObjectByHashAndDisplayPrecedencePage (szSHA1Hash,
  1281. pCTL->GetCertStore ().IsComputerType (), pCallback);
  1282. }
  1283. }
  1284. else
  1285. hr = E_POINTER;
  1287. _TRACE (-1, L"Leaving CCertMgrComponentData::AddCTLPropPages: 0x%x\n", hr);
  1288. return hr;
  1289. }
  1292. HRESULT CCertMgrComponentData::AddEFSSettingsPropPages (
  1293. LPPROPERTYSHEETCALLBACK pCallback,
  1294. bool fIsComputerType)
  1295. {
  1296. _TRACE (1, L"Entering CCertMgrComponentData::AddEFSSettingsPropPages\n");
  1297. HRESULT hr = S_OK;
  1298. ASSERT (pCallback);
  1299. if ( pCallback )
  1300. {
  1301. CEFSGeneralPropertyPage * pEFSPage = new CEFSGeneralPropertyPage (
  1302. this, fIsComputerType);
  1303. if ( pEFSPage )
  1304. {
  1305. HPROPSHEETPAGE hEFSPage = MyCreatePropertySheetPage (&pEFSPage->m_psp);
  1306. if ( hEFSPage )
  1307. {
  1308. hr = pCallback->AddPage (hEFSPage);
  1309. ASSERT (SUCCEEDED (hr));
  1310. if ( SUCCEEDED (hr) )
  1311. {
  1312. if ( m_bIsRSOP )
  1313. {
  1314. CString storePath = EFS_SETTINGS_REGPATH;
  1315. CPolicyPrecedencePropertyPage * pPrecedencePage =
  1316. new CPolicyPrecedencePropertyPage (this, storePath,
  1317. EFS_SETTINGS_REGVALUE,
  1318. fIsComputerType);
  1319. if ( pPrecedencePage )
  1320. {
  1321. HPROPSHEETPAGE hPrecedencePage = MyCreatePropertySheetPage (&pPrecedencePage->m_psp);
  1322. if ( hPrecedencePage )
  1323. {
  1324. hr = pCallback->AddPage (hPrecedencePage);
  1325. ASSERT (SUCCEEDED (hr));
  1326. if ( FAILED (hr) )
  1327. VERIFY (::DestroyPropertySheetPage (hPrecedencePage));
  1328. }
  1329. else
  1330. delete pPrecedencePage;
  1331. }
  1332. else
  1333. {
  1334. hr = E_OUTOFMEMORY;
  1335. }
  1336. }
  1337. }
  1338. else
  1339. VERIFY (::DestroyPropertySheetPage (hEFSPage));
  1340. }
  1341. else
  1342. delete pEFSPage;
  1343. }
  1344. else
  1345. {
  1346. hr = E_OUTOFMEMORY;
  1347. }
  1348. }
  1349. else
  1350. hr = E_POINTER;
  1352. _TRACE (-1, L"Leaving CCertMgrComponentData::AddEFSSettingsPropPages: 0x%x\n", hr);
  1353. return hr;
  1354. }
  1356. HRESULT CCertMgrComponentData::AddAutoenrollmentSettingsPropPages (
  1357. LPPROPERTYSHEETCALLBACK pCallback,
  1358. bool fIsComputerType)
  1359. {
  1360. _TRACE (1, L"Entering CCertMgrComponentData::AddAutoenrollmentSettingsPropPages\n");
  1361. HRESULT hr = S_OK;
  1362. ASSERT (pCallback);
  1363. if ( pCallback )
  1364. {
  1365. CAutoenrollmentPropertyPage * pAutoEnrollmentPage = new CAutoenrollmentPropertyPage (
  1366. this, fIsComputerType);
  1367. if ( pAutoEnrollmentPage )
  1368. {
  1369. HPROPSHEETPAGE hAutoEnrollmentPage = MyCreatePropertySheetPage (&pAutoEnrollmentPage->m_psp);
  1370. if ( hAutoEnrollmentPage )
  1371. {
  1372. hr = pCallback->AddPage (hAutoEnrollmentPage);
  1373. ASSERT (SUCCEEDED (hr));
  1374. if ( SUCCEEDED (hr) )
  1375. {
  1376. if ( m_bIsRSOP )
  1377. {
  1378. CString storePath = AUTO_ENROLLMENT_KEY;
  1379. CPolicyPrecedencePropertyPage * pPrecedencePage =
  1380. new CPolicyPrecedencePropertyPage (this, storePath,
  1381. AUTO_ENROLLMENT_POLICY,
  1382. fIsComputerType);
  1383. if ( pPrecedencePage )
  1384. {
  1385. HPROPSHEETPAGE hPrecedencePage = MyCreatePropertySheetPage (&pPrecedencePage->m_psp);
  1386. if ( hPrecedencePage )
  1387. {
  1388. hr = pCallback->AddPage (hPrecedencePage);
  1389. ASSERT (SUCCEEDED (hr));
  1390. if ( FAILED (hr) )
  1391. VERIFY (::DestroyPropertySheetPage (hPrecedencePage));
  1392. }
  1393. else
  1394. delete pPrecedencePage;
  1395. }
  1396. else
  1397. {
  1398. hr = E_OUTOFMEMORY;
  1399. }
  1400. }
  1401. }
  1402. else
  1403. VERIFY (::DestroyPropertySheetPage (hAutoEnrollmentPage));
  1404. }
  1405. else
  1406. delete pAutoEnrollmentPage;
  1407. }
  1408. else
  1409. {
  1410. hr = E_OUTOFMEMORY;
  1411. }
  1412. }
  1413. else
  1414. hr = E_POINTER;
  1416. _TRACE (-1, L"Leaving CCertMgrComponentData::AddAutoenrollmentSettingsPropPages: 0x%x\n", hr);
  1417. return hr;
  1418. }
  1420. HRESULT CCertMgrComponentData::AddGPEStorePropPages (
  1421. LPPROPERTYSHEETCALLBACK pCallback,
  1422. CCertStore* pStore)
  1423. {
  1424. _TRACE (1, L"Entering CCertMgrComponentData::AddGPEStorePropPages\n");
  1425. HRESULT hr = S_OK;
  1426. ASSERT (pCallback && pStore);
  1427. if ( !pCallback || !pStore)
  1428. return E_POINTER;
  1429. ASSERT (m_pGPEInformation || m_pRSOPInformationComputer || m_pRSOPInformationUser );
  1430. if ( !m_pGPEInformation && !m_pRSOPInformationComputer && !m_pRSOPInformationUser )
  1431. return E_UNEXPECTED;
  1433. bool bIsComputerType = pStore->IsMachineStore ();
  1435. CGPERootGeneralPage * pGPERootPage = new CGPERootGeneralPage (this, bIsComputerType);
  1436. if ( pGPERootPage )
  1437. {
  1438. HPROPSHEETPAGE hGPERootPage = MyCreatePropertySheetPage (&pGPERootPage->m_psp);
  1439. if ( hGPERootPage )
  1440. {
  1441. hr = pCallback->AddPage (hGPERootPage);
  1442. ASSERT (SUCCEEDED (hr));
  1443. if ( FAILED (hr) )
  1444. VERIFY (::DestroyPropertySheetPage (hGPERootPage));
  1445. }
  1446. else
  1447. delete pGPERootPage;
  1448. }
  1449. else
  1450. {
  1451. hr = E_OUTOFMEMORY;
  1452. }
  1454. if ( SUCCEEDED (hr) )
  1455. {
  1456. if ( m_bIsRSOP )
  1457. {
  1458. CString storePath = CERT_GROUP_POLICY_SYSTEM_STORE_REGPATH;
  1459. storePath += L"\\";
  1460. storePath += pStore->GetStoreName ();
  1462. CPolicyPrecedencePropertyPage * pPrecedencePage =
  1463. new CPolicyPrecedencePropertyPage (this, storePath,
  1464. CERT_PROT_ROOT_FLAGS_VALUE_NAME, bIsComputerType);
  1465. if ( pPrecedencePage )
  1466. {
  1467. HPROPSHEETPAGE hPrecedencePage = MyCreatePropertySheetPage (&pPrecedencePage->m_psp);
  1468. if ( hPrecedencePage )
  1469. {
  1470. hr = pCallback->AddPage (hPrecedencePage);
  1471. ASSERT (SUCCEEDED (hr));
  1472. if ( FAILED (hr) )
  1473. VERIFY (::DestroyPropertySheetPage (hPrecedencePage));
  1474. }
  1475. else
  1476. delete pPrecedencePage;
  1477. }
  1478. else
  1479. {
  1480. hr = E_OUTOFMEMORY;
  1481. }
  1482. }
  1483. }
  1485. _TRACE (-1, L"Leaving CCertMgrComponentData::AddGPEStorePropPages: 0x%x\n", hr);
  1486. return hr;
  1487. }
  1490. HRESULT CCertMgrComponentData::AddCertPropPages (
  1491. CCertificate * pCert,
  1492. LPPROPERTYSHEETCALLBACK pCallback,
  1493. LPDATAOBJECT pDataObject,
  1494. LONG_PTR lNotifyHandle)
  1495. {
  1496. _TRACE (1, L"Entering CCertMgrComponentData::AddCertPropPages\n");
  1497. HRESULT hr = S_OK;
  1498. CWaitCursor waitCursor;
  1499. ASSERT (pCert);
  1500. ASSERT (pCallback);
  1501. if ( pCert && pCallback )
  1502. {
  1503. PROPSHEETPAGEW* ppsp = 0;
  1504. DWORD dwPageCnt = 0;
  1505. CRYPTUI_VIEWCERTIFICATEPROPERTIES_STRUCT sps;
  1506. HCERTSTORE* pPropPageStores = new HCERTSTORE[1];
  1508. if ( pPropPageStores )
  1509. {
  1510. m_pCryptUIMMCCallbackStruct = (PCRYPTUI_MMCCALLBACK_STRUCT)
  1511. ::GlobalAlloc (GMEM_FIXED, sizeof (CRYPTUI_MMCCALLBACK_STRUCT));
  1512. if ( m_pCryptUIMMCCallbackStruct )
  1513. {
  1514. m_pCryptUIMMCCallbackStruct->pfnCallback = &MMCPropertyChangeNotify;
  1515. m_pCryptUIMMCCallbackStruct->lNotifyHandle = lNotifyHandle;
  1516. pDataObject->AddRef ();
  1517. m_pCryptUIMMCCallbackStruct->param = (LPARAM) pDataObject;
  1519. CCertStore* pStore = pCert->GetCertStore ();
  1520. if ( pStore )
  1521. {
  1522. pPropPageStores[0] = pStore->GetStoreHandle ();
  1523. // security review 2/26/2002 BryanWal ok
  1524. ::ZeroMemory (&sps, sizeof (sps));
  1525. sps.dwSize = sizeof (sps);
  1526. sps.pMMCCallback = m_pCryptUIMMCCallbackStruct;
  1527. sps.pCertContext = pCert->GetNewCertContext ();
  1528. sps.cStores = 1;
  1529. sps.rghStores = pPropPageStores;
  1531. // All dialogs should be read-only under RSOP
  1532. if ( m_bIsRSOP || pCert->IsReadOnly () )
  1533. sps.dwFlags |= CRYPTUI_DISABLE_EDITPROPERTIES;
  1535. _TRACE (0, L"Calling CryptUIGetCertificatePropertiesPages()\n");
  1536. BOOL bReturn = ::CryptUIGetCertificatePropertiesPages (
  1537. &sps,
  1538. NULL,
  1539. &ppsp,
  1540. &dwPageCnt);
  1541. ASSERT (bReturn);
  1542. if ( bReturn )
  1543. {
  1544. HPROPSHEETPAGE hPage = 0;
  1545. for (DWORD dwIndex = 0; dwIndex < dwPageCnt; dwIndex++)
  1546. {
  1547. _TRACE (0, L"Calling CreatePropertySheetPage()\n");
  1548. // Not necessary to call MyCreatePropertySheetPage here
  1549. // as these are not MFC-based property pages
  1550. hPage = ::CreatePropertySheetPage (&ppsp[dwIndex]);
  1551. if ( hPage )
  1552. {
  1553. hr = pCallback->AddPage (hPage);
  1554. ASSERT (SUCCEEDED (hr));
  1555. if ( FAILED (hr) )
  1556. {
  1557. VERIFY (::DestroyPropertySheetPage (hPage));
  1558. break;
  1559. }
  1560. }
  1561. else
  1562. {
  1563. hr = HRESULT_FROM_WIN32 (GetLastError ());
  1564. break;
  1565. }
  1566. }
  1567. }
  1568. else
  1569. {
  1570. hr = E_UNEXPECTED;
  1571. GlobalFree (m_pCryptUIMMCCallbackStruct);
  1572. ::CertFreeCertificateContext (sps.pCertContext);
  1573. }
  1574. }
  1575. }
  1576. else
  1577. {
  1578. hr = E_OUTOFMEMORY;
  1579. }
  1581. if ( E_OUTOFMEMORY == hr && ppsp )
  1582. free (ppsp); // source uses malloc
  1584. delete [] pPropPageStores;
  1585. }
  1586. else
  1587. hr = E_OUTOFMEMORY;
  1589. if ( m_bIsRSOP )
  1590. {
  1591. CString szSHA1Hash (L"\\Certificates\\");
  1592. szSHA1Hash += pCert->GetSHAHash ();
  1593. hr = FindRSOPObjectByHashAndDisplayPrecedencePage (szSHA1Hash,
  1594. pCert->GetCertStore ()->IsComputerType (),
  1595. pCallback);
  1597. }
  1598. }
  1599. else
  1600. hr = E_POINTER;
  1603. _TRACE (-1, L"Leaving CCertMgrComponentData::AddCertPropPages: 0x%x\n", hr);
  1604. return hr;
  1605. }
  1608. HRESULT CCertMgrComponentData::AddContainersToScopePane (
  1609. HSCOPEITEM hParent,
  1610. CCertMgrCookie& parentCookie,
  1611. bool bDeleteAndExpand)
  1612. {
  1613. _TRACE (1, L"Entering CCertMgrComponentData::AddContainersToScopePane\n");
  1614. AFX_MANAGE_STATE (AfxGetStaticModuleState ());
  1616. LPCONSOLENAMESPACE2 pConsoleNameSpace2 = 0;
  1617. HRESULT hr = m_pConsoleNameSpace->QueryInterface (
  1618. IID_PPV_ARG (IConsoleNameSpace2, &pConsoleNameSpace2));
  1619. if ( SUCCEEDED (hr) && pConsoleNameSpace2 )
  1620. {
  1621. hr = pConsoleNameSpace2->Expand (hParent);
  1622. ASSERT (SUCCEEDED (hr));
  1623. pConsoleNameSpace2->Release ();
  1624. pConsoleNameSpace2 = 0;
  1625. }
  1627. if ( CERTMGR_PHYS_STORE == parentCookie.m_objecttype ||
  1628. (CERTMGR_LOG_STORE == parentCookie.m_objecttype && !m_bShowPhysicalStoresPersist) )
  1629. {
  1630. CCertStore* pStore =
  1631. reinterpret_cast <CCertStore*> (&parentCookie);
  1632. ASSERT (pStore);
  1633. if ( pStore )
  1634. {
  1635. CString objectName;
  1636. if ( pStore->ContainsCRLs () &&
  1637. !ContainerExists (hParent, CERTMGR_CRL_CONTAINER) )
  1638. {
  1639. VERIFY (objectName.LoadString (IDS_CERTIFICATE_REVOCATION_LIST));
  1640. hr = AddScopeNode (new CContainerCookie (
  1641. *pStore,
  1642. CERTMGR_CRL_CONTAINER,
  1643. pStore->QueryNonNULLMachineName (),
  1644. objectName), L"", hParent);
  1645. }
  1647. if ( SUCCEEDED (hr) && pStore->ContainsCTLs () &&
  1648. !ContainerExists (hParent, CERTMGR_CTL_CONTAINER) )
  1649. {
  1650. VERIFY (objectName.LoadString (IDS_CERTIFICATE_TRUST_LIST));
  1651. hr = AddScopeNode (new CContainerCookie (
  1652. *pStore,
  1653. CERTMGR_CTL_CONTAINER,
  1654. pStore->QueryNonNULLMachineName (),
  1655. objectName), L"", hParent);
  1656. }
  1658. if ( SUCCEEDED (hr) && pStore->ContainsCertificates () &&
  1659. !ContainerExists (hParent, CERTMGR_CERT_CONTAINER) )
  1660. {
  1661. VERIFY (objectName.LoadString (IDS_CERTIFICATES));
  1662. hr = AddScopeNode (new CContainerCookie (
  1663. *pStore,
  1664. CERTMGR_CERT_CONTAINER,
  1665. pStore->QueryNonNULLMachineName (),
  1666. objectName), L"", hParent);
  1667. }
  1668. }
  1669. else
  1670. hr = E_UNEXPECTED;
  1671. }
  1672. else if ( CERTMGR_LOG_STORE == parentCookie.m_objecttype && m_bShowPhysicalStoresPersist )
  1673. {
  1674. if ( bDeleteAndExpand )
  1675. {
  1676. hr = DeleteChildren (hParent);
  1677. if ( SUCCEEDED (hr) )
  1678. {
  1679. GUID guid;
  1680. hr = ExpandScopeNodes (&parentCookie, hParent, _T (""), 0, guid);
  1681. }
  1682. }
  1683. }
  1685. _TRACE (-1, L"Leaving CCertMgrComponentData::AddContainersToScopePane: 0x%x\n", hr);
  1686. return hr;
  1687. }
  1689. typedef struct _ENUM_ARG {
  1690. DWORD m_dwFlags;
  1691. LPCONSOLENAMESPACE m_pConsoleNameSpace;
  1692. HSCOPEITEM m_hParent;
  1693. CCertMgrComponentData* m_pCompData;
  1694. PCWSTR m_pcszMachineName;
  1695. CCertMgrCookie* m_pParentCookie;
  1696. SPECIAL_STORE_TYPE m_storeType;
  1697. LPCONSOLE m_pConsole;
  1698. } ENUM_ARG, *PENUM_ARG;
  1700. static BOOL WINAPI EnumPhyCallback (
  1701. IN const void *pvSystemStore,
  1702. IN DWORD dwFlags,
  1703. IN PCWSTR pwszStoreName,
  1704. IN PCERT_PHYSICAL_STORE_INFO pStoreInfo,
  1705. IN OPTIONAL void* /*pvReserved*/,
  1706. IN OPTIONAL void *pvArg
  1707. )
  1708. {
  1709. _TRACE (1, L"Entering EnumPhyCallback\n");
  1711. if ( ! (pStoreInfo->dwFlags & CERT_PHYSICAL_STORE_OPEN_DISABLE_FLAG) )
  1712. {
  1713. PENUM_ARG pEnumArg = (PENUM_ARG) pvArg;
  1714. SCOPEDATAITEM tSDItem;
  1716. // security review 2/26/2002 BryanWal ok
  1717. ::ZeroMemory (&tSDItem,sizeof (tSDItem));
  1718. tSDItem.mask = SDI_STR | SDI_IMAGE | SDI_STATE | SDI_PARAM | SDI_PARENT;
  1719. tSDItem.displayname = MMC_CALLBACK;
  1720. tSDItem.relativeID = pEnumArg->m_hParent;
  1721. tSDItem.nState = 0;
  1723. if ( pEnumArg->m_pCompData->ShowArchivedCerts () )
  1724. dwFlags |= CERT_STORE_ENUM_ARCHIVED_FLAG;
  1726. // Create new cookies
  1727. CCertStore* pNewCookie = new CCertStore (
  1728. CERTMGR_PHYS_STORE,
  1729. CERT_STORE_PROV_PHYSICAL,
  1730. dwFlags,
  1731. pEnumArg->m_pcszMachineName,
  1732. pwszStoreName, (PCWSTR) pvSystemStore, pwszStoreName,
  1733. pEnumArg->m_storeType,
  1734. dwFlags,
  1735. pEnumArg->m_pConsole);
  1736. if ( pNewCookie )
  1737. {
  1738. // pEnumArg->m_pParentCookie->m_listScopeCookieBlocks.AddHead (
  1739. // (CBaseCookieBlock*) pNewCookie);
  1740. // WARNING cookie cast
  1741. tSDItem.lParam = reinterpret_cast<LPARAM> ( (CCookie*) pNewCookie);
  1742. tSDItem.nImage = pEnumArg->m_pCompData->QueryImage (*pNewCookie, FALSE);
  1743. HRESULT hr = pEnumArg->m_pConsoleNameSpace->InsertItem (&tSDItem);
  1744. ASSERT (SUCCEEDED (hr));
  1745. if ( SUCCEEDED (hr) )
  1746. pNewCookie->m_hScopeItem = tSDItem.ID;
  1747. }
  1748. }
  1750. _TRACE (-1, L"Leaving EnumPhyCallback\n");
  1751. return TRUE;
  1752. }
  1754. HRESULT CCertMgrComponentData::AddPhysicalStoresToScopePane (HSCOPEITEM hParent, CCertMgrCookie& parentCookie, const SPECIAL_STORE_TYPE storeType)
  1755. {
  1756. _TRACE (1, L"Entering CCertMgrComponentData::AddPhysicalStoresToScopePane\n");
  1757. CWaitCursor cursor;
  1758. HRESULT hr = S_OK;
  1759. DWORD dwFlags = 0;
  1760. ENUM_ARG enumArg;
  1763. dwFlags &= ~CERT_SYSTEM_STORE_LOCATION_MASK;
  1764. dwFlags |= CERT_STORE_READONLY_FLAG | m_dwLocationPersist;
  1766. // security review 2/26/2002 BryanWal ok
  1767. ::ZeroMemory (&enumArg, sizeof (enumArg));
  1768. enumArg.m_dwFlags = dwFlags;
  1769. enumArg.m_pConsoleNameSpace = m_pConsoleNameSpace;
  1770. enumArg.m_hParent = hParent;
  1771. enumArg.m_pCompData = this;
  1772. enumArg.m_pcszMachineName = parentCookie.QueryNonNULLMachineName ();
  1773. enumArg.m_pParentCookie = &parentCookie;
  1774. enumArg.m_storeType = storeType;
  1775. enumArg.m_pConsole = m_pConsole;
  1777. if (!::CertEnumPhysicalStore (
  1778. (PWSTR) (PCWSTR) parentCookie.GetObjectName (),
  1779. dwFlags,
  1780. &enumArg,
  1781. EnumPhyCallback))
  1782. {
  1783. DWORD dwErr = GetLastError ();
  1784. DisplaySystemError (dwErr);
  1785. hr = HRESULT_FROM_WIN32 (dwErr);
  1786. }
  1788. _TRACE (-1, L"Leaving CCertMgrComponentData::AddPhysicalStoresToScopePane: 0x%x\n", hr);
  1789. return hr;
  1790. }
  1792. static BOOL WINAPI EnumIComponentDataSysCallback (
  1793. IN const void* pwszSystemStore,
  1794. IN DWORD dwFlags,
  1795. IN PCERT_SYSTEM_STORE_INFO /*pStoreInfo*/,
  1796. IN OPTIONAL void* /*pvReserved*/,
  1797. IN OPTIONAL void *pvArg
  1798. )
  1799. {
  1800. _TRACE (1, L"Entering EnumIComponentDataSysCallback\n");
  1801. PENUM_ARG pEnumArg = (PENUM_ARG) pvArg;
  1802. SCOPEDATAITEM tSDItem;
  1803. // security review 2/26/2002 BryanWal ok
  1804. ::ZeroMemory (&tSDItem,sizeof (tSDItem));
  1805. tSDItem.mask = SDI_STR | SDI_IMAGE | SDI_STATE | SDI_PARAM | SDI_PARENT;
  1806. tSDItem.displayname = MMC_CALLBACK;
  1807. tSDItem.relativeID = pEnumArg->m_hParent;
  1808. tSDItem.nState = 0;
  1811. // Create new cookies
  1812. SPECIAL_STORE_TYPE storeType = GetSpecialStoreType ((PWSTR) pwszSystemStore);
  1814. //
  1815. // We will not expose the ACRS store for machines or users. It is not
  1816. // interesting or useful at this level. All Auto Cert Requests should
  1817. // be managed only at the policy level.
  1818. //
  1819. if ( ACRS_STORE != storeType )
  1820. {
  1821. if ( pEnumArg->m_pCompData->ShowArchivedCerts () )
  1822. dwFlags |= CERT_STORE_ENUM_ARCHIVED_FLAG;
  1823. CCertStore* pNewCookie = new CCertStore (
  1824. CERTMGR_LOG_STORE,
  1825. CERT_STORE_PROV_SYSTEM,
  1826. dwFlags,
  1827. pEnumArg->m_pcszMachineName,
  1828. (PCWSTR) pwszSystemStore,
  1829. (PCWSTR) pwszSystemStore,
  1830. _T (""),
  1831. storeType,
  1832. pEnumArg->m_dwFlags,
  1833. pEnumArg->m_pConsole);
  1834. if ( pNewCookie )
  1835. {
  1836. pEnumArg->m_pParentCookie->m_listScopeCookieBlocks.AddHead (
  1837. (CBaseCookieBlock*) pNewCookie);
  1838. // WARNING cookie cast
  1839. tSDItem.lParam = reinterpret_cast<LPARAM> ( (CCookie*) pNewCookie);
  1840. tSDItem.nImage = pEnumArg->m_pCompData->QueryImage (*pNewCookie, FALSE);
  1841. HRESULT hr = pEnumArg->m_pConsoleNameSpace->InsertItem (&tSDItem);
  1842. ASSERT (SUCCEEDED (hr));
  1843. if ( SUCCEEDED (hr) )
  1844. pNewCookie->m_hScopeItem = tSDItem.ID;
  1845. }
  1846. }
  1848. _TRACE (-1, L"Leaving EnumIComponentDataSysCallback\n");
  1849. return TRUE;
  1850. }
  1854. HRESULT CCertMgrComponentData::AddLogicalStoresToScopePane (HSCOPEITEM hParent, CCertMgrCookie& parentCookie)
  1855. {
  1856. _TRACE (1, L"Entering CCertMgrComponentData::AddLogicalStoresToScopePane\n");
  1857. CWaitCursor cursor;
  1858. HRESULT hr = S_OK;
  1860. // If m_dwLocationPersist is 0 but the file name is empty, this means the
  1861. // user launched certmgr.msc without providing a target file. Launch
  1862. // certificates snapin as the current user instead.
  1863. if ( !m_dwLocationPersist )
  1864. {
  1865. if ( m_szFileName.IsEmpty () )
  1866. m_dwLocationPersist = CERT_SYSTEM_STORE_CURRENT_USER;
  1868. ChangeRootNodeName (L"");
  1869. }
  1871. DWORD dwFlags = m_dwLocationPersist;
  1872. ENUM_ARG enumArg;
  1874. // security review 2/26/2002 BryanWal ok
  1875. ::ZeroMemory (&enumArg, sizeof (enumArg));
  1876. enumArg.m_dwFlags = dwFlags;
  1877. enumArg.m_pConsoleNameSpace = m_pConsoleNameSpace;
  1878. enumArg.m_hParent = hParent;
  1879. enumArg.m_pCompData = this;
  1880. enumArg.m_pcszMachineName = parentCookie.QueryNonNULLMachineName ();
  1881. enumArg.m_pParentCookie = &parentCookie;
  1882. enumArg.m_pConsole = m_pConsole;
  1883. CString location;
  1884. void* pvPara = 0;
  1886. switch (m_dwLocationPersist)
  1887. {
  1888. case CERT_SYSTEM_STORE_CURRENT_USER:
  1889. case CERT_SYSTEM_STORE_LOCAL_MACHINE:
  1890. if ( !m_szManagedServicePersist.IsEmpty () )
  1891. m_szManagedServicePersist.Empty ();
  1892. break;
  1894. case CERT_SYSTEM_STORE_CURRENT_SERVICE:
  1895. case CERT_SYSTEM_STORE_SERVICES:
  1896. break;
  1898. case 0: // in the event of a file store
  1899. break;
  1901. default:
  1902. ASSERT (0);
  1903. break;
  1904. }
  1906. if ( !m_szManagedServicePersist.IsEmpty () )
  1907. {
  1908. if ( m_szManagedComputer.CompareNoCase (m_szThisComputer) ) //!=
  1909. {
  1910. location = m_szManagedComputer + _T ("\\") +
  1911. m_szManagedServicePersist;
  1912. pvPara = (void *) (PCWSTR) location;
  1913. }
  1914. else
  1915. pvPara = (void *) (PCWSTR) m_szManagedServicePersist;
  1916. }
  1917. else if ( m_szManagedComputer.CompareNoCase (m_szThisComputer) ) //!=
  1918. {
  1919. pvPara = (void *) (PCWSTR) m_szManagedComputer;
  1920. }
  1923. if ( m_szFileName.IsEmpty () )
  1924. {
  1925. // Ensure creation of MY store
  1926. HCERTSTORE hTempStore = ::CertOpenStore (CERT_STORE_PROV_SYSTEM,
  1927. X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
  1928. NULL,
  1929. dwFlags | CERT_STORE_SET_LOCALIZED_NAME_FLAG,
  1930. MY_SYSTEM_STORE_NAME);
  1931. if ( hTempStore ) // otherwise, store is read only
  1932. {
  1933. VERIFY (::CertCloseStore (hTempStore, CERT_CLOSE_STORE_CHECK_FLAG));
  1934. }
  1935. else
  1936. {
  1937. _TRACE (0, L"CertOpenStore (%s) failed: 0x%x\n",
  1938. MY_SYSTEM_STORE_NAME, GetLastError ());
  1939. }
  1941. if ( !::CertEnumSystemStore (dwFlags, pvPara, &enumArg,
  1942. EnumIComponentDataSysCallback) )
  1943. {
  1944. DWORD dwErr = GetLastError ();
  1945. CString text;
  1946. CString caption;
  1948. VERIFY (caption.LoadString (IDS_CERTIFICATE_MANAGER));
  1949. if ( ERROR_ACCESS_DENIED == dwErr )
  1950. {
  1951. VERIFY (text.LoadString (IDS_NO_PERMISSION));
  1953. }
  1954. else
  1955. {
  1956. text.FormatMessage (IDS_CANT_ENUMERATE_SYSTEM_STORES, GetSystemMessage (dwErr));
  1957. }
  1958. int iRetVal = 0;
  1959. VERIFY (SUCCEEDED (m_pConsole->MessageBox (text, caption,
  1960. MB_OK, &iRetVal)));
  1961. hr = HRESULT_FROM_WIN32 (dwErr);
  1963. if ( ERROR_BAD_NETPATH == dwErr )
  1964. {
  1965. m_fInvalidComputer = true;
  1966. }
  1967. }
  1968. }
  1969. else
  1970. {
  1971. // CertOpenStore with provider type of:
  1972. // CERT_STORE_PROV_FILE or CERT_STORE_PROV_FILENAME_A
  1973. // or CERT_STORE_PROV_FILENAME_W.
  1974. // See online documentation or wincrypt.h for more info.
  1975. // Create new cookies
  1976. dwFlags = 0;
  1977. if ( ShowArchivedCerts () )
  1978. dwFlags |= CERT_STORE_ENUM_ARCHIVED_FLAG;
  1980. ASSERT (!m_pFileBasedStore);
  1981. m_pFileBasedStore = new CCertStore (
  1982. CERTMGR_LOG_STORE,
  1983. CERT_STORE_PROV_FILENAME_W,
  1984. dwFlags,
  1985. parentCookie.QueryNonNULLMachineName (),
  1986. m_szFileName, m_szFileName, L"", NO_SPECIAL_TYPE,
  1987. m_dwLocationPersist,
  1988. m_pConsole);
  1989. if ( m_pFileBasedStore )
  1990. {
  1991. m_pFileBasedStore->AddRef ();
  1992. hr = AddScopeNode (m_pFileBasedStore,
  1993. L"", hParent);
  1994. }
  1995. else
  1996. {
  1997. hr = E_OUTOFMEMORY;
  1998. }
  1999. }
  2001. _TRACE (-1, L"Leaving CCertMgrComponentData::AddLogicalStoresToScopePane: 0x%x\n", hr);
  2002. return hr;
  2003. }
  2006. // If the callback returns FALSE, stops the enumeration.
  2007. BOOL EnumOIDInfo (PCCRYPT_OID_INFO pInfo, void *pvArg)
  2008. {
  2009. _TRACE (1, L"Entering EnumOIDInfo\n");
  2010. ENUM_ARG* pEnumArg = (ENUM_ARG*) pvArg;
  2011. SCOPEDATAITEM tSDItem;
  2012. // security review 2/26/2002 BryanWal ok
  2013. ::ZeroMemory (&tSDItem, sizeof (tSDItem));
  2014. tSDItem.mask = SDI_STR | SDI_IMAGE | SDI_STATE | SDI_PARAM | SDI_PARENT;
  2015. tSDItem.displayname = MMC_CALLBACK;
  2016. tSDItem.relativeID = pEnumArg->m_hParent;
  2017. tSDItem.nState = 0;
  2019. // See if this usage is already listed by name. If so, just add the
  2020. // additional OID, otherwise, create a new cookie.
  2021. CUsageCookie* pUsageCookie =
  2022. pEnumArg->m_pCompData->FindDuplicateUsage (pEnumArg->m_hParent,
  2023. pInfo->pwszName);
  2024. if ( !pUsageCookie )
  2025. {
  2026. pUsageCookie= new CUsageCookie (CERTMGR_USAGE,
  2027. pEnumArg->m_pcszMachineName,
  2028. pInfo->pwszName);
  2029. if ( pUsageCookie )
  2030. {
  2031. pEnumArg->m_pCompData->GetRootCookie ()->m_listScopeCookieBlocks.AddHead ( (CBaseCookieBlock*) pUsageCookie);
  2033. // WARNING cookie cast
  2034. tSDItem.mask |= SDI_CHILDREN;
  2035. tSDItem.cChildren = 0;
  2036. tSDItem.lParam = reinterpret_cast<LPARAM> ( (CCookie*) pUsageCookie);
  2037. tSDItem.nImage = pEnumArg->m_pCompData->QueryImage (*pUsageCookie, FALSE);
  2038. HRESULT hr = pEnumArg->m_pConsoleNameSpace->InsertItem (&tSDItem);
  2039. ASSERT (SUCCEEDED (hr));
  2040. }
  2041. }
  2042. pUsageCookie->AddOID (pInfo->pszOID);
  2045. _TRACE (-1, L"Leaving EnumOIDInfo\n");
  2046. return TRUE;
  2047. }
  2050. HRESULT CCertMgrComponentData::AddUsagesToScopePane (HSCOPEITEM hParent, CCertMgrCookie& parentCookie)
  2051. {
  2052. _TRACE (1, L"Entering CCertMgrComponentData::AddUsagesToScopePane\n");
  2053. HRESULT hr = S_OK;
  2054. ENUM_ARG enumArg;
  2056. // security review 2/26/2002 BryanWal ok
  2057. ::ZeroMemory (&enumArg, sizeof (enumArg));
  2058. enumArg.m_dwFlags = 0;
  2059. enumArg.m_pConsoleNameSpace = m_pConsoleNameSpace;
  2060. enumArg.m_hParent = hParent;
  2061. enumArg.m_pCompData = this;
  2062. enumArg.m_pcszMachineName = parentCookie.QueryNonNULLMachineName ();
  2063. enumArg.m_pParentCookie = &parentCookie;
  2064. enumArg.m_pConsole = m_pConsole;
  2065. BOOL bResult = ::CryptEnumOIDInfo (CRYPT_ENHKEY_USAGE_OID_GROUP_ID, 0,
  2066. &enumArg, EnumOIDInfo);
  2067. ASSERT (bResult);
  2070. _TRACE (-1, L"Leaving CCertMgrComponentData::AddUsagesToScopePane: 0x%x\n", hr);
  2071. return hr;
  2072. }
  2075. BOOL IsMMCMultiSelectDataObject(IDataObject* pDataObject)
  2076. {
  2077. _TRACE (1, L"Entering IsMMCMultiSelectDataObject\n");
  2078. if (pDataObject == NULL)
  2079. return FALSE;
  2081. CLIPFORMAT s_cf = 0;
  2082. if (s_cf == 0)
  2083. {
  2084. USES_CONVERSION;
  2085. // security review 2/26/2002 BryanWal ok
  2086. s_cf = (CLIPFORMAT)RegisterClipboardFormat(W2T(CCF_MMC_MULTISELECT_DATAOBJECT));
  2087. }
  2089. FORMATETC fmt = {s_cf, NULL, DVASPECT_CONTENT, -1, TYMED_HGLOBAL};
  2091. BOOL bResult = ((pDataObject->QueryGetData(&fmt) == S_OK));
  2092. _TRACE (-1, L"Leaving IsMMCMultiSelectDataObject - return %d\n", bResult);
  2093. return bResult;
  2094. }
  2098. STDMETHODIMP CCertMgrComponentData::Command (long nCommandID, LPDATAOBJECT pDataObject)
  2099. {
  2100. _TRACE (1, L"Entering CCertMgrComponentData::Command\n");
  2101. HRESULT hr = S_OK;
  2103. switch (nCommandID)
  2104. {
  2105. case IDM_TASK_RENEW_SAME_KEY:
  2106. hr = OnRenew (pDataObject, false);
  2107. break;
  2109. case IDM_TASK_RENEW_NEW_KEY:
  2110. hr = OnRenew (pDataObject, true);
  2111. break;
  2113. case IDM_TASK_IMPORT:
  2114. hr = OnImport (pDataObject);
  2115. break;
  2117. case IDM_TASK_EXPORT:
  2118. hr = OnExport (pDataObject);
  2119. break;
  2121. case IDM_CTL_EDIT:
  2122. hr = OnCTLEdit (pDataObject);
  2123. break;
  2125. case IDM_EDIT_ACRS:
  2126. hr = OnACRSEdit (pDataObject);
  2127. break;
  2129. case IDM_NEW_CTL:
  2130. hr = OnNewCTL (pDataObject);
  2131. break;
  2133. case IDM_TASK_CTL_EXPORT:
  2134. case IDM_TASK_CRL_EXPORT:
  2135. hr = OnExport (pDataObject);
  2136. break;
  2138. case IDM_TASK_EXPORT_STORE:
  2139. hr = OnExport (pDataObject);
  2140. break;
  2142. case IDM_TOP_FIND:
  2143. case IDM_TASK_FIND:
  2144. hr = OnFind (pDataObject);
  2145. break;
  2147. case IDM_TASK_PULSEAUTOENROLL:
  2148. hr = OnPulseAutoEnroll();
  2149. break;
  2151. case IDM_TOP_CHANGE_COMPUTER:
  2152. case IDM_TASK_CHANGE_COMPUTER:
  2153. hr = OnChangeComputer (pDataObject);
  2154. break;
  2156. case IDM_ENROLL_NEW_CERT:
  2157. hr = OnEnroll (pDataObject, true);
  2158. break;
  2160. case IDM_ENROLL_NEW_CERT_SAME_KEY:
  2161. hr = OnEnroll (pDataObject, false);
  2162. break;
  2164. case IDM_ENROLL_NEW_CERT_NEW_KEY:
  2165. hr = OnEnroll (pDataObject, true);
  2166. break;
  2168. case IDM_OPTIONS:
  2169. hr = OnOptions (pDataObject);
  2170. break;
  2172. case IDM_INIT_POLICY:
  2173. hr = OnInitEFSPolicy (pDataObject);
  2174. break;
  2176. case IDM_DEL_POLICY:
  2177. {
  2178. AFX_MANAGE_STATE (AfxGetStaticModuleState ());
  2179. CString text;
  2180. CString caption;
  2181. int iRetVal = 0;
  2184. VERIFY (text.LoadString (IDS_CONFIRM_DELETE_EFS_POLICY));
  2185. VERIFY (caption.LoadString (IDS_CERTIFICATE_MANAGER));
  2186. hr = m_pConsole->MessageBox (text, caption,
  2187. MB_YESNO, &iRetVal);
  2188. ASSERT (SUCCEEDED (hr));
  2189. if ( SUCCEEDED (hr) && IDYES == iRetVal )
  2190. hr = OnDeleteEFSPolicy (pDataObject, true);
  2191. }
  2192. break;
  2194. case IDM_ADD_DOMAIN_ENCRYPTED_RECOVERY_AGENT:
  2195. case IDM_ADD_DOMAIN_ENCRYPTED_RECOVERY_AGENT1:
  2196. case IDM_ADD_DOMAIN_ENCRYPTED_RECOVERY_AGENT2:
  2197. hr = OnAddDomainEncryptedDataRecoveryAgent (pDataObject);
  2198. break;
  2200. case IDM_CREATE_DOMAIN_ENCRYPTED_RECOVERY_AGENT:
  2201. hr = OnEnroll (pDataObject, true, false); // do not show UI
  2202. break;
  2204. case IDM_NEW_ACRS:
  2205. hr = OnNewACRS (pDataObject);
  2206. break;
  2208. case IDM_SAFER_LEVEL_SET_DEFAULT:
  2209. hr = OnSetSaferLevelDefault (pDataObject);
  2210. break;
  2212. case IDM_SAFER_NEW_ENTRY_PATH:
  2213. case IDM_SAFER_NEW_ENTRY_HASH:
  2214. case IDM_SAFER_NEW_ENTRY_CERTIFICATE:
  2215. case IDM_SAFER_NEW_ENTRY_INTERNET_ZONE:
  2216. hr = OnNewSaferEntry (nCommandID, pDataObject);
  2217. break;
  2219. case IDM_TOP_CREATE_NEW_SAFER_POLICY:
  2220. case IDM_TASK_CREATE_NEW_SAFER_POLICY:
  2221. hr = OnCreateNewSaferPolicy (pDataObject);
  2222. break;
  2224. case IDM_TOP_DELETE_NEW_SAFER_POLICY:
  2225. case IDM_TASK_DELETE_NEW_SAFER_POLICY:
  2226. hr = OnDeleteSaferPolicy (pDataObject);
  2227. break;
  2229. case -1: // Received on forward/back buttons from toolbar
  2230. break;
  2232. default:
  2233. ASSERT (0);
  2234. break;
  2235. }
  2237. _TRACE (-1, L"Leaving CCertMgrComponentData::Command: 0x%x\n", hr);
  2238. return hr;
  2239. }
  2241. HRESULT CCertMgrComponentData::OnNewACRS (LPDATAOBJECT pDataObject)
  2242. {
  2243. _TRACE (1, L"Entering CCertMgrComponentData::OnNewACRS\n");
  2244. ASSERT (pDataObject);
  2245. if ( !pDataObject )
  2246. return E_POINTER;
  2247. AFX_MANAGE_STATE (AfxGetStaticModuleState ());
  2248. HRESULT hr = S_OK;
  2249. CCertMgrCookie* pCookie = ConvertCookie (pDataObject);
  2250. ASSERT (pCookie);
  2251. if ( pCookie )
  2252. {
  2253. if ( CERTMGR_LOG_STORE_GPE == pCookie->m_objecttype )
  2254. {
  2255. CCertStoreGPE* pStore = reinterpret_cast <CCertStoreGPE*> (pCookie);
  2256. ASSERT (pStore);
  2257. if ( pStore )
  2258. {
  2259. HWND hwndConsole = 0;
  2260. hr = m_pConsole->GetMainWindow (&hwndConsole);
  2261. ASSERT (SUCCEEDED (hr));
  2262. if ( SUCCEEDED (hr) )
  2263. {
  2264. ACRSWizardPropertySheet sheet (pStore, NULL);
  2266. ACRSWizardWelcomePage welcomePage;
  2267. ACRSWizardTypePage typePage;
  2268. ACRSCompletionPage completionPage;
  2270. sheet.AddPage (&welcomePage);
  2271. sheet.AddPage (&typePage);
  2272. sheet.AddPage (&completionPage);
  2274. if ( sheet.DoWizard (hwndConsole) )
  2275. {
  2276. pStore->SetDirty ();
  2277. hr = m_pConsole->UpdateAllViews (pDataObject, 0, 0);
  2278. ASSERT (SUCCEEDED (hr));
  2279. }
  2280. }
  2281. }
  2282. else
  2283. hr = E_UNEXPECTED;
  2284. }
  2285. else
  2286. hr = E_UNEXPECTED;
  2288. }
  2289. else
  2290. hr = E_UNEXPECTED;
  2292. _TRACE (-1, L"Leaving CCertMgrComponentData::OnNewACRS: 0x%x\n", hr);
  2293. return hr;
  2294. }
  2297. HRESULT CCertMgrComponentData::RefreshScopePane (LPDATAOBJECT pDataObject)
  2298. {
  2299. _TRACE (1, L"Entering CCertMgrComponentData::RefreshScopePane\n");
  2300. HRESULT hr = S_OK;
  2301. CCertMgrCookie* pCookie = 0;
  2303. if ( pDataObject )
  2304. pCookie = ConvertCookie (pDataObject);
  2305. if ( !pDataObject || pCookie )
  2306. {
  2307. // If m_hRootScopeItem is NULL, then this is an extension and we don't want to go in here.
  2308. if ( !pDataObject || (m_hRootScopeItem && pCookie->m_hScopeItem == m_hRootScopeItem) )
  2309. {
  2310. hr = DeleteScopeItems ();
  2311. ASSERT (SUCCEEDED (hr));
  2312. if ( 1 ) //SUCCEEDED (hr) )
  2313. {
  2314. GUID guid;
  2315. hr = ExpandScopeNodes (m_pRootCookie, m_hRootScopeItem,
  2316. _T (""), 0, guid);
  2317. }
  2318. else if ( E_UNEXPECTED == hr )
  2319. {
  2320. ASSERT (0);
  2321. }
  2322. else if ( E_INVALIDARG == hr )
  2323. {
  2324. ASSERT (0);
  2325. }
  2327. }
  2328. else
  2329. {
  2330. switch (pCookie->m_objecttype)
  2331. {
  2332. case CERTMGR_LOG_STORE_GPE:
  2333. case CERTMGR_LOG_STORE_RSOP:
  2334. case CERTMGR_USAGE:
  2335. case CERTMGR_LOG_STORE:
  2336. case CERTMGR_PHYS_STORE:
  2337. case CERTMGR_CRL_CONTAINER:
  2338. case CERTMGR_CTL_CONTAINER:
  2339. case CERTMGR_CERT_CONTAINER:
  2340. hr = DeleteChildren (pCookie->m_hScopeItem);
  2341. break;
  2343. default:
  2344. break;
  2345. }
  2346. }
  2347. }
  2348. _TRACE (-1, L"Leaving CCertMgrComponentData::RefreshScopePane: 0x%x\n", hr);
  2349. return hr;
  2350. }
  2353. HRESULT CCertMgrComponentData::ExpandScopeNodes (
  2354. CCertMgrCookie* pParentCookie,
  2355. HSCOPEITEM hParent,
  2356. const CString& strServerName,
  2357. DWORD dwLocation,
  2358. const GUID& guidObjectType)
  2359. {
  2360. _TRACE (1, L"Entering CCertMgrComponentData::ExpandScopeNodes\n");
  2361. ASSERT (hParent);
  2362. AFX_MANAGE_STATE (AfxGetStaticModuleState ());
  2363. CWaitCursor waitCursor;
  2364. HRESULT hr = S_OK;
  2366. if ( pParentCookie )
  2367. {
  2368. CString objectName;
  2370. switch ( pParentCookie->m_objecttype )
  2371. {
  2372. // These node types have no children yet
  2373. case CERTMGR_SNAPIN:
  2374. // We don't expect the handle of the root scope item to change, ever!
  2375. ASSERT ( m_hRootScopeItem ? (m_hRootScopeItem == hParent) : 1);
  2376. if ( !m_hRootScopeItem )
  2377. m_hRootScopeItem = hParent;
  2379. switch (m_activeViewPersist)
  2380. {
  2381. case IDM_USAGE_VIEW:
  2382. hr = AddUsagesToScopePane (hParent, *pParentCookie);
  2383. break;
  2385. case IDM_STORE_VIEW:
  2386. hr = AddLogicalStoresToScopePane (hParent, *pParentCookie);
  2387. break;
  2389. default:
  2390. ASSERT (0);
  2391. hr = E_UNEXPECTED;
  2392. break;
  2393. }
  2394. break;
  2396. // This node type has no children
  2397. case CERTMGR_USAGE:
  2398. case CERTMGR_CRL_CONTAINER:
  2399. case CERTMGR_CTL_CONTAINER:
  2400. case CERTMGR_CERT_CONTAINER:
  2401. break;
  2403. case CERTMGR_PHYS_STORE:
  2404. // Create one each of a CRL_CONTAINER node, CTL_CONTAINER
  2405. // node and CERT container node.
  2406. hr = AddContainersToScopePane (hParent, *pParentCookie,
  2407. false);
  2408. break;
  2410. case CERTMGR_LOG_STORE_RSOP:
  2411. case CERTMGR_LOG_STORE_GPE:
  2412. // This is the Group Policy Editor extension
  2413. // This node type has no children
  2414. break;
  2416. case CERTMGR_LOG_STORE:
  2417. if ( m_bShowPhysicalStoresPersist )
  2418. {
  2419. SPECIAL_STORE_TYPE storeType = NO_SPECIAL_TYPE;
  2420. CCertStore* pCertStoreCookie =
  2421. reinterpret_cast <CCertStore*> (pParentCookie);
  2422. ASSERT (pCertStoreCookie);
  2423. if ( pCertStoreCookie )
  2424. storeType = pCertStoreCookie->GetStoreType ();
  2425. hr = AddPhysicalStoresToScopePane (hParent, *pParentCookie,
  2426. storeType);
  2427. }
  2428. else
  2429. {
  2430. // Create one each of a CRL_CONTAINER node, CTL_CONTAINER
  2431. // node and CERT container node.
  2432. hr = AddContainersToScopePane (hParent, *pParentCookie,
  2433. false);
  2434. }
  2435. break;
  2437. case CERTMGR_CERT_POLICIES_USER:
  2438. // Don't add these nodes for local machine policy
  2439. if ( SCE_MODE_LOCAL_COMPUTER != m_dwSCEMode )
  2440. {
  2441. // Add "Trusted Certificate Authorities"
  2442. VERIFY (objectName.LoadString (IDS_CERTIFICATE_TRUST_LISTS));
  2444. if ( SUCCEEDED (hr) )
  2445. {
  2446. if ( m_pGPEInformation )
  2447. {
  2448. hr = AddScopeNode (new CCertStoreGPE (
  2449. CERT_SYSTEM_STORE_RELOCATE_FLAG,
  2450. _T (""),
  2451. (PCWSTR) objectName,
  2452. TRUST_SYSTEM_STORE_NAME,
  2453. _T (""),
  2454. m_pGPEInformation,
  2455. NODEID_User,
  2456. m_pConsole),
  2457. strServerName,
  2458. hParent);
  2459. }
  2460. else if ( m_pRSOPInformationUser )
  2461. {
  2462. hr = AddScopeNode (new CCertStoreRSOP (
  2463. CERT_SYSTEM_STORE_RELOCATE_FLAG,
  2464. _T (""),
  2465. (PCWSTR) objectName,
  2466. TRUST_SYSTEM_STORE_NAME,
  2467. _T (""),
  2468. m_rsopObjectArrayUser,
  2469. NODEID_User,
  2470. m_pConsole),
  2471. strServerName,
  2472. hParent);
  2473. }
  2474. }
  2475. }
  2476. break;
  2478. case CERTMGR_CERT_POLICIES_COMPUTER:
  2479. // Add only this node for local machine policy
  2480. // Add "Encrypting File System"
  2482. VERIFY (objectName.LoadString (IDS_ENCRYPTING_FILE_SYSTEM_NODE_NAME));
  2484. if ( m_pGPEInformation )
  2485. {
  2486. hr = AddScopeNode (new CCertStoreGPE (
  2487. CERT_SYSTEM_STORE_RELOCATE_FLAG,
  2488. _T (""),
  2489. (PCWSTR) objectName,
  2490. EFS_SYSTEM_STORE_NAME,
  2491. _T (""),
  2492. m_pGPEInformation,
  2493. NODEID_Machine,
  2494. m_pConsole),
  2495. strServerName,
  2496. hParent);
  2497. }
  2498. else if ( m_pRSOPInformationComputer )
  2499. {
  2500. hr = AddScopeNode (new CCertStoreRSOP (
  2501. CERT_SYSTEM_STORE_RELOCATE_FLAG,
  2502. _T (""),
  2503. (PCWSTR) objectName,
  2504. EFS_SYSTEM_STORE_NAME,
  2505. _T (""),
  2506. m_rsopObjectArrayComputer,
  2507. NODEID_Machine,
  2508. m_pConsole),
  2509. strServerName,
  2510. hParent);
  2511. }
  2513. if ( SCE_MODE_LOCAL_COMPUTER != m_dwSCEMode )
  2514. {
  2515. // Add these policies if this is the domain policy
  2516. if ( SUCCEEDED (hr) )
  2517. {
  2518. // Add "Automatic Certificate Request Settings"
  2519. VERIFY (objectName.LoadString (IDS_AUTOMATIC_CERT_REQUEST_SETTINGS_NODE_NAME));
  2520. if ( m_pGPEInformation )
  2521. {
  2522. m_pGPEACRSComputerStore = new CCertStoreGPE (
  2523. CERT_SYSTEM_STORE_RELOCATE_FLAG,
  2524. _T (""),
  2525. (PCWSTR) objectName,
  2526. ACRS_SYSTEM_STORE_NAME,
  2527. _T (""),
  2528. m_pGPEInformation,
  2529. NODEID_Machine,
  2530. m_pConsole);
  2531. }
  2532. else if ( m_pRSOPInformationComputer )
  2533. {
  2534. m_pGPEACRSComputerStore = new CCertStoreRSOP (
  2535. CERT_SYSTEM_STORE_RELOCATE_FLAG,
  2536. _T (""),
  2537. (PCWSTR) objectName,
  2538. ACRS_SYSTEM_STORE_NAME,
  2539. _T (""),
  2540. m_rsopObjectArrayComputer,
  2541. NODEID_Machine,
  2542. m_pConsole);
  2543. }
  2544. if ( m_pGPEACRSComputerStore )
  2545. {
  2546. m_pGPEACRSComputerStore->AddRef ();
  2547. hr = AddScopeNode (m_pGPEACRSComputerStore,
  2548. strServerName, hParent);
  2549. }
  2550. else
  2551. {
  2552. hr = E_OUTOFMEMORY;
  2553. }
  2554. }
  2557. if ( SUCCEEDED (hr) )
  2558. {
  2559. // Add "Domain Root Certificate Authorities"
  2560. VERIFY (objectName.LoadString (IDS_DOMAIN_ROOT_CERT_AUTHS_NODE_NAME));
  2562. ASSERT (!m_pGPERootStore);
  2563. if ( m_pGPEInformation )
  2564. {
  2565. m_pGPERootStore = new CCertStoreGPE (
  2566. CERT_SYSTEM_STORE_RELOCATE_FLAG,
  2567. _T (""),
  2568. (PCWSTR) objectName,
  2569. ROOT_SYSTEM_STORE_NAME,
  2570. _T (""),
  2571. m_pGPEInformation,
  2572. NODEID_Machine,
  2573. m_pConsole);
  2574. }
  2575. else if ( m_pRSOPInformationComputer )
  2576. {
  2577. m_pGPERootStore = new CCertStoreRSOP (
  2578. CERT_SYSTEM_STORE_RELOCATE_FLAG,
  2579. _T (""),
  2580. (PCWSTR) objectName,
  2581. ROOT_SYSTEM_STORE_NAME,
  2582. _T (""),
  2583. m_rsopObjectArrayComputer,
  2584. NODEID_Machine,
  2585. m_pConsole);
  2586. }
  2588. if ( m_pGPERootStore )
  2589. {
  2590. m_pGPERootStore->AddRef ();
  2591. hr = AddScopeNode (m_pGPERootStore,
  2592. strServerName, hParent);
  2593. }
  2594. else
  2595. {
  2596. hr = E_OUTOFMEMORY;
  2597. }
  2598. }
  2600. if ( SUCCEEDED (hr) )
  2601. {
  2602. // Add "Trusted Certificate Authorities"
  2603. VERIFY (objectName.LoadString (IDS_CERTIFICATE_TRUST_LISTS));
  2605. ASSERT (!m_pGPETrustStore);
  2606. if ( m_pGPEInformation )
  2607. {
  2608. m_pGPETrustStore = new CCertStoreGPE (
  2609. CERT_SYSTEM_STORE_RELOCATE_FLAG,
  2610. _T (""),
  2611. (PCWSTR) objectName,
  2612. TRUST_SYSTEM_STORE_NAME,
  2613. _T (""),
  2614. m_pGPEInformation,
  2615. NODEID_Machine,
  2616. m_pConsole);
  2617. }
  2618. else if ( m_pRSOPInformationComputer )
  2619. {
  2620. m_pGPETrustStore = new CCertStoreRSOP (
  2621. CERT_SYSTEM_STORE_RELOCATE_FLAG,
  2622. _T (""),
  2623. (PCWSTR) objectName,
  2624. TRUST_SYSTEM_STORE_NAME,
  2625. _T (""),
  2626. m_rsopObjectArrayComputer,
  2627. NODEID_Machine,
  2628. m_pConsole);
  2629. }
  2630. if ( m_pGPETrustStore )
  2631. {
  2632. m_pGPETrustStore->AddRef ();
  2633. hr = AddScopeNode (m_pGPETrustStore,
  2634. strServerName, hParent);
  2635. }
  2636. else
  2637. {
  2638. hr = E_OUTOFMEMORY;
  2639. }
  2640. }
  2641. }
  2642. break;
  2644. case CERTMGR_SAFER_COMPUTER_ROOT:
  2645. case CERTMGR_SAFER_USER_ROOT:
  2646. {
  2647. CSaferRootCookie* pSaferRootCookie =
  2648. dynamic_cast <CSaferRootCookie*> (pParentCookie);
  2649. if ( pSaferRootCookie )
  2650. {
  2651. pSaferRootCookie->m_bExpandedOnce = true;
  2652. bool bIsComputer =
  2653. (CERTMGR_SAFER_COMPUTER_ROOT == pParentCookie->m_objecttype);
  2654. if ( !m_bIsRSOP )
  2655. {
  2656. // Find out if Safer is supported by the OS
  2657. m_bSaferSupported = false;
  2658. SAFER_LEVEL_HANDLE hLevel = 0;
  2659. CPolicyKey policyKey (m_pGPEInformation,
  2660. SAFER_HKLM_REGBASE,
  2661. CERTMGR_SAFER_COMPUTER_ROOT == pParentCookie->m_objecttype);
  2662. SetRegistryScope (policyKey.GetKey (),
  2663. CERTMGR_SAFER_COMPUTER_ROOT == pParentCookie->m_objecttype);
  2665. BOOL bRVal = SaferCreateLevel (SAFER_SCOPEID_REGISTRY,
  2666. SAFER_LEVELID_FULLYTRUSTED,
  2667. SAFER_LEVEL_OPEN,
  2668. &hLevel,
  2669. policyKey.GetKey ());
  2670. if ( bRVal )
  2671. {
  2672. m_bSaferSupported = true;
  2673. VERIFY (SaferCloseLevel (hLevel));
  2674. }
  2675. else
  2676. {
  2677. DWORD dwErr = GetLastError ();
  2678. _TRACE (0, L"SaferCreateLevel () failed: 0x%x\n", dwErr);
  2679. }
  2681. // Install default file types
  2682. if ( m_bSaferSupported && m_pGPEInformation )
  2683. {
  2684. HKEY hGroupPolicyKey = 0;
  2685. hr = m_pGPEInformation->GetRegistryKey (
  2686. bIsComputer ?
  2687. GPO_SECTION_MACHINE : GPO_SECTION_USER,
  2688. &hGroupPolicyKey);
  2689. if ( SUCCEEDED (hr) )
  2690. {
  2691. // Check to see if safer defaults have already
  2692. // been defined. If not, prompt the user
  2693. // for confirmation. If the response is "no"
  2694. // then do not create the nodes
  2695. PCWSTR pszKeyName = bIsComputer ?
  2696. SAFER_COMPUTER_CODEIDS_REGKEY :
  2697. SAFER_USER_CODEIDS_REGKEY;
  2699. HKEY hCodeIDsKey = 0;
  2700. LONG lResult = RegOpenKeyEx (hGroupPolicyKey,
  2701. pszKeyName, 0, KEY_READ, &hCodeIDsKey);
  2702. if ( ERROR_FILE_NOT_FOUND == lResult )
  2703. {
  2704. pSaferRootCookie->m_bCreateSaferNodes = false;
  2705. ::RegCloseKey (hGroupPolicyKey);
  2706. break;
  2707. }
  2708. else if ( hCodeIDsKey )
  2709. {
  2710. ::RegCloseKey (hCodeIDsKey);
  2711. hCodeIDsKey = 0;
  2712. }
  2713. ::RegCloseKey (hGroupPolicyKey);
  2714. }
  2715. }
  2716. }
  2718. if ( m_bSaferSupported || m_bIsRSOP )
  2719. {
  2720. // Add "Levels" node
  2721. VERIFY (objectName.LoadString (IDS_SAFER_LEVELS_NODE_NAME));
  2722. hr = AddScopeNode (new CCertMgrCookie (
  2723. bIsComputer ?
  2724. CERTMGR_SAFER_COMPUTER_LEVELS : CERTMGR_SAFER_USER_LEVELS,
  2725. 0,
  2726. (PCWSTR) objectName), strServerName, hParent);
  2728. // Add "Entries" node
  2729. if ( SUCCEEDED (hr) )
  2730. {
  2731. VERIFY (objectName.LoadString (IDS_SAFER_ENTRIES_NODE_NAME));
  2732. hr = AddScopeNode (new CSaferEntries (
  2733. bIsComputer,
  2734. strServerName,
  2735. objectName,
  2736. m_pGPEInformation,
  2737. bIsComputer ? m_pRSOPInformationComputer : m_pRSOPInformationUser,
  2738. bIsComputer ? m_rsopObjectArrayComputer : m_rsopObjectArrayUser,
  2739. m_pConsole),
  2740. strServerName, hParent);
  2742. if ( SUCCEEDED (hr) )
  2743. {
  2744. hr = SaferEnumerateLevels (bIsComputer);
  2745. }
  2746. }
  2747. }
  2748. }
  2749. }
  2750. break;
  2752. case CERTMGR_SAFER_COMPUTER_LEVELS:
  2753. break;
  2755. case CERTMGR_SAFER_USER_LEVELS:
  2756. // TODO: Enumerate user levels
  2757. break;
  2759. case CERTMGR_SAFER_COMPUTER_ENTRIES:
  2760. // TODO: Enumerate computer entries
  2761. break;
  2763. case CERTMGR_SAFER_USER_ENTRIES:
  2764. // TODO: Enumerate user entries
  2765. break;
  2767. case CERTMGR_CERTIFICATE: // not expected in scope pane
  2768. case CERTMGR_CRL:
  2769. case CERTMGR_CTL:
  2770. case CERTMGR_AUTO_CERT_REQUEST:
  2771. case CERTMGR_PKP_AUTOENROLLMENT_COMPUTER_SETTINGS:
  2772. case CERTMGR_PKP_AUTOENROLLMENT_USER_SETTINGS:
  2773. ASSERT (0);
  2774. hr = E_UNEXPECTED;
  2775. break;
  2777. default:
  2778. _TRACE (0, L"CCertMgrComponentData::EnumerateScopeChildren bad parent type\n");
  2779. ASSERT (0);
  2780. hr = S_OK;
  2781. break;
  2782. }
  2783. }
  2784. else
  2785. {
  2786. // If parentCookie not passed in, then this is an extension snap-in
  2787. m_dwLocationPersist = dwLocation;
  2790. if ( m_pGPEInformation || m_pRSOPInformationComputer || m_pRSOPInformationUser )
  2791. {
  2792. CString objectName;
  2795. if ( ::IsEqualGUID (guidObjectType, NODEID_Machine) )
  2796. {
  2797. if ( SUCCEEDED (hr) )
  2798. {
  2799. CLSID classID;
  2800. GetClassID (&classID);
  2802. if ( ::IsEqualGUID (classID, CLSID_CertificateManagerPKPOLExt) )
  2803. {
  2804. // Add "Public Key Policies" node
  2805. VERIFY (objectName.LoadString (IDS_PUBLIC_KEY_POLICIES_NODE_NAME));
  2806. hr = AddScopeNode (new CCertMgrCookie (
  2807. CERTMGR_CERT_POLICIES_COMPUTER,
  2808. 0,
  2809. (PCWSTR) objectName),
  2810. strServerName, hParent);
  2811. }
  2812. else if ( ::IsEqualGUID (classID, CLSID_SaferWindowsExtension) )
  2813. {
  2814. // Add "Software Restriction Policies" node
  2815. VERIFY (objectName.LoadString (IDS_SAFER_WINDOWS_NODE_NAME));
  2816. hr = AddScopeNode (new CSaferRootCookie (
  2817. CERTMGR_SAFER_COMPUTER_ROOT,
  2818. 0,
  2819. (PCWSTR) objectName),
  2820. strServerName, hParent);
  2821. }
  2822. }
  2824. }
  2825. else if ( ::IsEqualGUID (guidObjectType, NODEID_User) )
  2826. {
  2827. if ( SUCCEEDED (hr) )
  2828. {
  2829. CLSID classID;
  2830. GetClassID (&classID);
  2832. if ( ::IsEqualGUID (classID, CLSID_CertificateManagerPKPOLExt) )
  2833. {
  2834. // Add "Public Key Policies" node
  2835. VERIFY (objectName.LoadString (IDS_PUBLIC_KEY_POLICIES_NODE_NAME));
  2836. hr = AddScopeNode (new CCertMgrCookie (
  2837. CERTMGR_CERT_POLICIES_USER,
  2838. 0,
  2839. (PCWSTR) objectName), strServerName, hParent);
  2840. }
  2841. else if ( ::IsEqualGUID (classID, CLSID_SaferWindowsExtension) )
  2842. {
  2843. if ( SCE_MODE_LOCAL_USER != m_dwSCEMode )
  2844. {
  2845. // Add "Software Restriction Policies" node
  2846. VERIFY (objectName.LoadString (IDS_SAFER_WINDOWS_NODE_NAME));
  2847. hr = AddScopeNode (new CSaferRootCookie (
  2848. CERTMGR_SAFER_USER_ROOT,
  2849. 0,
  2850. (PCWSTR) objectName), strServerName, hParent);
  2851. }
  2852. }
  2853. }
  2854. }
  2855. }
  2856. }
  2858. _TRACE (-1, L"Leaving CCertMgrComponentData::ExpandScopeNodes: 0x%x\n", hr);
  2859. return hr;
  2860. }
  2863. HRESULT CCertMgrComponentData::DeleteScopeItems (HSCOPEITEM hScopeItem /* = 0 */)
  2864. {
  2865. _TRACE (1, L"Entering CCertMgrComponentData::DeleteScopeItems\n");
  2866. HRESULT hr = S_OK;
  2868. if ( m_pGPERootStore )
  2869. {
  2870. m_pGPERootStore->Release ();
  2871. m_pGPERootStore = 0;
  2872. }
  2874. if ( m_pGPETrustStore )
  2875. {
  2876. m_pGPETrustStore->Release ();
  2877. m_pGPETrustStore = 0;
  2878. }
  2880. if ( m_pGPEACRSComputerStore )
  2881. {
  2882. m_pGPEACRSComputerStore->Release ();
  2883. m_pGPEACRSComputerStore = 0;
  2884. }
  2886. if ( m_pGPEACRSUserStore )
  2887. {
  2888. m_pGPEACRSUserStore->Release ();
  2889. m_pGPEACRSUserStore = 0;
  2890. }
  2892. if ( m_pFileBasedStore )
  2893. {
  2894. m_pFileBasedStore->Release ();
  2895. m_pFileBasedStore = 0;
  2896. }
  2898. hr = DeleteChildren (hScopeItem ? hScopeItem : m_hRootScopeItem);
  2900. _TRACE (-1, L"Leaving CCertMgrComponentData::DeleteScopeItems: 0x%x\n", hr);
  2901. return hr;
  2902. }
  2905. HRESULT CCertMgrComponentData::DeleteChildren (HSCOPEITEM hParent)
  2906. {
  2907. _TRACE (1, L"Entering CCertMgrComponentData::DeleteChildren\n");
  2908. if ( !hParent )
  2909. return S_OK;
  2911. HSCOPEITEM hChild = 0;
  2912. HSCOPEITEM hNextChild = 0;
  2913. MMC_COOKIE lCookie = 0;
  2914. CCertMgrCookie* pCookie = 0;
  2915. HRESULT hr = S_OK;
  2916. CCookie& rootCookie = QueryBaseRootCookie ();
  2918. // Optimization: If we're deleting everything below the root, free all
  2919. // the result items here so we don't have to go looking for them later by
  2920. // store
  2921. if ( hParent == m_hRootScopeItem )
  2922. {
  2923. LPRESULTDATA pResultData = 0;
  2924. hr = GetResultData (&pResultData);
  2925. if ( SUCCEEDED (hr) )
  2926. {
  2927. hr = pResultData->DeleteAllRsltItems ();
  2928. if ( SUCCEEDED (hr) || E_UNEXPECTED == hr ) // returns E_UNEXPECTED if console shutting down
  2929. {
  2930. RemoveResultCookies (pResultData);
  2931. }
  2932. else
  2933. {
  2934. _TRACE (0, L"IResultData::DeleteAllRsltItems () failed: 0x%x\n", hr);
  2935. }
  2936. pResultData->Release ();
  2937. }
  2938. }
  2941. hr = m_pConsoleNameSpace->GetChildItem (hParent, &hChild, &lCookie);
  2942. ASSERT (SUCCEEDED (hr) || E_FAIL == hr); // appears to return E_FAIL when there are no children
  2943. while ( SUCCEEDED (hr) && hChild )
  2944. {
  2945. pCookie = reinterpret_cast <CCertMgrCookie*> (lCookie);
  2947. hr = DeleteChildren (hChild);
  2948. if ( !SUCCEEDED (hr) )
  2949. break;
  2951. hNextChild = 0;
  2952. hr = m_pConsoleNameSpace->GetNextItem (hChild, &hNextChild, &lCookie);
  2953. ASSERT (SUCCEEDED (hr));
  2955. hr = m_pConsoleNameSpace->DeleteItem (hChild, TRUE);
  2956. ASSERT (SUCCEEDED (hr));
  2958. switch (pCookie->m_objecttype)
  2959. {
  2960. case CERTMGR_LOG_STORE:
  2961. case CERTMGR_LOG_STORE_GPE:
  2962. case CERTMGR_LOG_STORE_RSOP:
  2963. case CERTMGR_PHYS_STORE:
  2964. {
  2965. // If this is a store, delete all the result nodes that belong to this
  2966. // store. We can tell if objects were enumerated from this store simply
  2967. // by comparing the store handles.
  2968. CCertStore* pStore = reinterpret_cast <CCertStore*> (pCookie);
  2969. ASSERT (pStore);
  2970. if ( pStore )
  2971. {
  2972. // If the store is not 'open' (it's HCERTSTORE handle is still '0')
  2973. // then we can skip checking this list. We haven't enumerated anything
  2974. // in this store.
  2975. if ( pStore->IsOpen () )
  2976. {
  2977. POSITION pos1 = 0;
  2978. POSITION pos2 = 0;
  2979. CBaseCookieBlock* pResultCookie = 0;
  2980. HCERTSTORE hStoreHandle = pStore->GetStoreHandle ();
  2982. // As an optimization, if DeleteChildren was originally called with
  2983. // the root scope item, all the result cookies have already been
  2984. // deleted since we're going to delete them all anyway.
  2985. for (pos1 = rootCookie.m_listResultCookieBlocks.GetHeadPosition();
  2986. (pos2 = pos1) != NULL; )
  2987. {
  2988. pResultCookie = rootCookie.m_listResultCookieBlocks.GetNext (pos1);
  2989. ASSERT (pResultCookie);
  2990. if ( pResultCookie )
  2991. {
  2992. hr = ReleaseResultCookie (pResultCookie,
  2993. rootCookie, hStoreHandle, pos2);
  2994. }
  2995. }
  2996. pStore->Close ();
  2997. }
  2998. }
  2999. }
  3000. // fall through
  3002. case CERTMGR_CRL_CONTAINER:
  3003. case CERTMGR_CTL_CONTAINER:
  3004. case CERTMGR_CERT_CONTAINER:
  3005. case CERTMGR_USAGE:
  3006. case CERTMGR_SAFER_COMPUTER_ENTRIES:
  3007. case CERTMGR_SAFER_USER_ENTRIES:
  3008. {
  3009. POSITION pos1 = 0;
  3010. POSITION pos2 = 0;
  3011. CBaseCookieBlock* pResultCookie = 0;
  3013. // Find and remove this cookie from the scope cookie list
  3014. for (pos1 = rootCookie.m_listScopeCookieBlocks.GetHeadPosition();
  3015. pos1 != NULL; )
  3016. {
  3017. pos2 = pos1;
  3018. pResultCookie = rootCookie.m_listScopeCookieBlocks.GetNext (pos1);
  3019. ASSERT (pResultCookie);
  3020. if ( pResultCookie )
  3021. {
  3022. if ( pResultCookie->QueryBaseCookie (0) == pCookie )
  3023. {
  3024. rootCookie.m_listScopeCookieBlocks.RemoveAt (pos2);
  3025. pResultCookie->Release ();
  3026. break;
  3027. }
  3028. }
  3029. }
  3030. }
  3031. break;
  3033. default:
  3034. break;
  3035. }
  3037. hChild = hNextChild;
  3038. }
  3041. _TRACE (-1, L"Leaving CCertMgrComponentData::DeleteChildren: 0x%x\n", hr);
  3042. return hr;
  3043. }
  3046. CertificateManagerObjectType CCertMgrComponentData::GetObjectType (LPDATAOBJECT pDataObject)
  3047. {
  3048. _TRACE (1, L"Entering CCertMgrComponentData::GetObjectType\n");
  3049. CertificateManagerObjectType objType = CERTMGR_INVALID;
  3051. ASSERT (pDataObject);
  3052. CCertMgrCookie* pCookie = ConvertCookie (pDataObject);
  3053. if ( ((CCertMgrCookie*) MMC_MULTI_SELECT_COOKIE) == pCookie )
  3054. objType = CERTMGR_MULTISEL;
  3055. else if ( pCookie )
  3056. objType = pCookie->m_objecttype;
  3058. _TRACE (-1, L"Leaving CCertMgrComponentData::GetObjectType\n");
  3059. return objType;
  3060. }
  3064. HRESULT CCertMgrComponentData::OnPulseAutoEnroll()
  3065. {
  3066. _TRACE (1, L"Entering CCertMgrComponentData::OnPulseAutoEnroll\n");
  3067. HRESULT hr = S_OK;
  3068. AFX_MANAGE_STATE (AfxGetStaticModuleState ());
  3070. HANDLE hEvent = NULL;
  3071. LPWSTR wszEventName;
  3074. // pulse autoenroll event here, choose between machine or user
  3076. // user or machine pulse?
  3077. wszEventName = L"Global\\" MACHINE_AUTOENROLLMENT_TRIGGER_EVENT;
  3078. if (CERT_SYSTEM_STORE_CURRENT_USER == m_dwLocationPersist)
  3079. wszEventName = USER_AUTOENROLLMENT_TRIGGER_EVENT;
  3081. hEvent=OpenEvent(EVENT_MODIFY_STATE, false, wszEventName);
  3082. if (NULL==hEvent)
  3083. {
  3084. DWORD dwErr = GetLastError();
  3086. CString text;
  3087. CString caption;
  3089. VERIFY (caption.LoadString (IDS_CERTIFICATE_MANAGER));
  3090. text.FormatMessage (IDS_CANT_OPEN_AUTOENROLL_EVENT, GetSystemMessage (dwErr));
  3092. int iRetVal = 0;
  3093. VERIFY (SUCCEEDED (m_pConsole->MessageBox (text, caption, MB_OK, &iRetVal)));
  3095. hr=HRESULT_FROM_WIN32(dwErr);
  3096. _TRACE (0, L"OpenEvent(%s) failed with 0x%08X.\n", wszEventName, hr);
  3097. goto error;
  3098. }
  3100. if (!SetEvent(hEvent))
  3101. {
  3102. DWORD dwErr = GetLastError();
  3103. DisplaySystemError (dwErr);
  3104. hr=HRESULT_FROM_WIN32(dwErr);
  3105. _TRACE (0, L"SetEvent failed with 0x%08X.\n", hr);
  3106. goto error;
  3107. }
  3110. error:
  3111. if (NULL!=hEvent)
  3112. CloseHandle(hEvent);
  3114. _TRACE (-1, L"Leaving CCertMgrComponentData::OnPulseAutoEnroll: 0x%x\n", hr);
  3115. return hr;
  3116. }
  3118. HRESULT CCertMgrComponentData::OnFind (LPDATAOBJECT pDataObject)
  3119. {
  3120. _TRACE (1, L"Entering CCertMgrComponentData::OnFind\n");
  3121. HRESULT hr = S_OK;
  3122. ASSERT (pDataObject);
  3123. AFX_MANAGE_STATE (AfxGetStaticModuleState ());
  3124. HWND hParent = 0;
  3127. ASSERT (pDataObject);
  3128. CCertMgrCookie* pParentCookie = ConvertCookie (pDataObject);
  3129. if ( pParentCookie )
  3130. {
  3131. switch (pParentCookie->m_objecttype)
  3132. {
  3133. case CERTMGR_SNAPIN:
  3134. case CERTMGR_PHYS_STORE:
  3135. case CERTMGR_LOG_STORE:
  3136. case CERTMGR_LOG_STORE_GPE:
  3137. case CERTMGR_LOG_STORE_RSOP:
  3138. case CERTMGR_USAGE:
  3139. {
  3140. // Get parent window handle and attach to a CWnd object
  3141. hr = m_pConsole->GetMainWindow (&hParent);
  3142. ASSERT (SUCCEEDED (hr));
  3143. if ( SUCCEEDED (hr) )
  3144. {
  3145. CWnd parentWnd;
  3146. VERIFY (parentWnd.Attach (hParent));
  3147. CFindDialog findDlg (&parentWnd,
  3148. pParentCookie->QueryNonNULLMachineName (),
  3149. m_szFileName,
  3150. this);
  3151. CThemeContextActivator activator;
  3152. INT_PTR iReturn = findDlg.DoModal ();
  3153. ASSERT (-1 != iReturn && IDABORT != iReturn);
  3154. if ( -1 == iReturn || IDABORT == iReturn )
  3155. hr = E_UNEXPECTED;
  3156. else
  3157. {
  3158. if ( findDlg.ConsoleRefreshRequired () )
  3159. {
  3160. hr = m_pConsole->UpdateAllViews (pDataObject, 0,
  3161. HINT_REFRESH_STORES);
  3162. }
  3163. }
  3165. parentWnd.Detach ();
  3168. }
  3169. }
  3170. break;
  3172. case CERTMGR_CERTIFICATE:
  3173. case CERTMGR_CRL:
  3174. case CERTMGR_CTL:
  3175. case CERTMGR_AUTO_CERT_REQUEST:
  3176. ASSERT (0);
  3177. hr = E_UNEXPECTED;
  3178. break;
  3180. case CERTMGR_PKP_AUTOENROLLMENT_COMPUTER_SETTINGS:
  3181. case CERTMGR_PKP_AUTOENROLLMENT_USER_SETTINGS:
  3182. ASSERT (0);
  3183. break;
  3185. case CERTMGR_CRL_CONTAINER:
  3186. case CERTMGR_CTL_CONTAINER:
  3187. case CERTMGR_CERT_CONTAINER:
  3188. break;
  3190. default:
  3191. ASSERT (0);
  3192. hr = E_UNEXPECTED;
  3193. }
  3194. }
  3196. _TRACE (-1, L"Leaving CCertMgrComponentData::OnFind: 0x%x\n", hr);
  3197. return hr;
  3198. }
  3200. HRESULT CCertMgrComponentData::OnChangeComputer (LPDATAOBJECT pDataObject)
  3201. {
  3202. if ( !pDataObject )
  3203. return E_POINTER;
  3205. _TRACE (1, L"Entering CCertMgrComponentData::OnChangeComputer\n");
  3206. HRESULT hr = S_OK;
  3207. ASSERT (pDataObject);
  3208. AFX_MANAGE_STATE (AfxGetStaticModuleState ());
  3211. ASSERT (pDataObject);
  3212. CCertMgrCookie* pParentCookie = ConvertCookie (pDataObject);
  3213. if ( pParentCookie && CERTMGR_SNAPIN == pParentCookie->m_objecttype )
  3214. {
  3215. HWND hWndParent = NULL;
  3216. hr = m_pConsole->GetMainWindow (&hWndParent);
  3217. CString machineName;
  3218. hr = ComputerNameFromObjectPicker (hWndParent, machineName);
  3219. if ( S_OK == hr ) // S_FALSE means user pressed "Cancel"
  3220. {
  3221. machineName.MakeUpper ();
  3223. // added IsLocalComputername 1/27/99 JonN
  3224. // If the user chooses the local computer, treat that as if they had chosen
  3225. // "Local Computer" in Snapin Manager. This means that there is no way to
  3226. // reset the snapin to target explicitly at this computer without either
  3227. // reloading the snapin from Snapin Manager, or going to a different computer.
  3228. // When the Choose Target Computer UI is revised, we can make this more
  3229. // consistent with Snapin Manager.
  3230. if ( IsLocalComputername( machineName ) )
  3231. machineName = L"";
  3233. QueryRootCookie().SetMachineName (machineName);
  3235. // Set the persistent name. If we are managing the local computer
  3236. // this name should be empty.
  3237. m_strMachineNamePersist = machineName;
  3239. hr = ChangeRootNodeName (machineName);
  3240. if ( SUCCEEDED(hr) )
  3241. {
  3242. hr = m_pConsole->UpdateAllViews (pDataObject, 0, HINT_CHANGE_COMPUTER);
  3243. }
  3244. }
  3245. }
  3246. else
  3247. hr = E_UNEXPECTED;
  3250. _TRACE (-1, L"Leaving CCertMgrComponentData::OnChangeComputer: 0x%x\n", hr);
  3251. return hr;
  3252. }
  3255. HRESULT CCertMgrComponentData::IsUserAdministrator (BOOL & bIsAdministrator)
  3256. {
  3257. _TRACE (1, L"Entering CCertMgrComponentData::IsUserAdministrator\n");
  3258. HRESULT hr = S_OK;
  3259. DWORD dwErr = 0;
  3261. bIsAdministrator = FALSE;
  3262. if ( IsWindowsNT () )
  3263. {
  3264. PSID psidAdministrators;
  3265. SID_IDENTIFIER_AUTHORITY siaNtAuthority = SECURITY_NT_AUTHORITY;
  3267. // security review 2/26/2002 BryanWal ok
  3268. BOOL bResult = ::AllocateAndInitializeSid (&siaNtAuthority, 2,
  3269. SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS,
  3270. 0, 0, 0, 0, 0, 0, &psidAdministrators);
  3271. if ( bResult )
  3272. {
  3273. bResult = CheckTokenMembership (0, psidAdministrators,
  3274. &bIsAdministrator);
  3275. ASSERT (bResult);
  3276. if ( !bResult )
  3277. {
  3278. dwErr = GetLastError ();
  3279. DisplaySystemError (dwErr);
  3280. hr = HRESULT_FROM_WIN32 (dwErr);
  3281. }
  3282. FreeSid (psidAdministrators);
  3283. }
  3284. else
  3285. {
  3286. dwErr = GetLastError ();
  3287. DisplaySystemError (dwErr);
  3288. hr = HRESULT_FROM_WIN32 (dwErr);
  3289. }
  3290. }
  3292. _TRACE (-1, L"Leaving CCertMgrComponentData::IsUserAdministrator: 0x%x\n", hr);
  3293. return hr;
  3294. }
  3297. void CCertMgrComponentData::DisplaySystemError (DWORD dwErr)
  3298. {
  3299. _TRACE (1, L"Entering CCertMgrComponentData::DisplaySystemError\n");
  3300. AFX_MANAGE_STATE (AfxGetStaticModuleState ());
  3301. LPVOID lpMsgBuf;
  3303. // security review 2/26/2002 BryanWal ok - message is from system
  3304. ::FormatMessage (FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM,
  3305. NULL,
  3306. dwErr,
  3307. MAKELANGID (LANG_NEUTRAL, SUBLANG_DEFAULT), // Default language
  3308. (PWSTR) &lpMsgBuf, 0, NULL );
  3310. // Display the string.
  3311. CString caption;
  3312. VERIFY (caption.LoadString (IDS_CERTIFICATE_MANAGER));
  3313. int iRetVal = 0;
  3314. if ( m_pConsole )
  3315. {
  3316. HRESULT hr = m_pConsole->MessageBox ( (PWSTR) lpMsgBuf, caption,
  3317. MB_ICONWARNING | MB_OK, &iRetVal);
  3318. ASSERT (SUCCEEDED (hr));
  3319. }
  3320. else
  3321. {
  3322. CThemeContextActivator activator;
  3323. ::MessageBox (NULL, (PWSTR) lpMsgBuf, caption, MB_ICONWARNING | MB_OK);
  3324. }
  3325. // Free the buffer.
  3326. LocalFree (lpMsgBuf);
  3327. _TRACE (-1, L"Leaving CCertMgrComponentData::DisplaySystemError\n");
  3328. }
  3330. CString CCertMgrComponentData::GetCommandLineFileName () const
  3331. {
  3332. _TRACE (0, L"Entering and leaving CCertMgrComponentData::GetCommandLineFileName\n");
  3333. return m_szFileName;
  3334. }
  3336. //
  3337. // GetManagedComputer ()
  3338. //
  3339. // Returns the name of the managed computer. If we are managing the local machine
  3340. // returns an empty string. (As required by a number of Crypt32 APIs
  3341. //
  3342. CString CCertMgrComponentData::GetManagedComputer () const
  3343. {
  3344. _TRACE (0, L"Entering and leaving CCertMgrComponentData::GetManagedComputer\n");
  3345. if ( m_szManagedComputer.CompareNoCase (m_szThisComputer) ) // !=
  3346. {
  3347. return m_szManagedComputer;
  3348. }
  3349. else
  3350. return _T ("");
  3351. }
  3353. CString CCertMgrComponentData::GetManagedService () const
  3354. {
  3355. _TRACE (0, L"Entering and leaving CCertMgrComponentData::GetManagedService\n");
  3356. return m_szManagedServicePersist;
  3357. }
  3359. DWORD CCertMgrComponentData::GetLocation () const
  3360. {
  3361. _TRACE (0, L"Entering and leaving CCertMgrComponentData::GetLocation\n");
  3362. return m_dwLocationPersist;
  3363. }
  3365. LPCONSOLENAMESPACE CCertMgrComponentData::GetConsoleNameSpace () const
  3366. {
  3367. _TRACE (0, L"Entering and leaving CCertMgrComponentData::GetConsoleNameSpace\n");
  3368. return m_pConsoleNameSpace;
  3369. }
  3372. CUsageCookie* CCertMgrComponentData::FindDuplicateUsage (HSCOPEITEM hParent, PCWSTR pszName)
  3373. {
  3374. _TRACE (1, L"Entering CCertMgrComponentData::FindDuplicateUsage\n");
  3375. ASSERT (pszName);
  3376. if ( !pszName )
  3377. return 0;
  3380. CUsageCookie* pUsageCookie = 0;
  3382. MMC_COOKIE lCookie = 0;
  3383. HSCOPEITEM hChildItem = 0;
  3384. bool bFound = false;
  3386. HRESULT hr = m_pConsoleNameSpace->GetChildItem (hParent, &hChildItem, &lCookie);
  3387. ASSERT (SUCCEEDED (hr));
  3388. while ( hChildItem && SUCCEEDED (hr) )
  3389. {
  3390. pUsageCookie = reinterpret_cast <CUsageCookie*> (lCookie);
  3391. if ( !wcscoll (pszName, pUsageCookie->GetObjectName ()) )
  3392. {
  3393. bFound = true;
  3394. break;
  3395. }
  3397. hr = m_pConsoleNameSpace->GetNextItem (hChildItem, &hChildItem, &lCookie);
  3398. ASSERT (SUCCEEDED (hr));
  3399. }
  3401. _TRACE (-1, L"Leaving CCertMgrComponentData::FindDuplicateUsage\n");
  3402. if ( bFound )
  3403. return pUsageCookie;
  3404. else
  3405. return NULL;
  3406. }
  3409. bool CCertMgrComponentData::IsSecurityConfigurationEditorNodetype (const GUID& refguid) const
  3410. {
  3411. _TRACE (0, L"Entering and leaving CCertMgrComponentData::IsSecurityConfigurationEditorNodetype\n");
  3412. return ::IsEqualGUID (refguid, cNodetypeSceTemplate) ? true : false;
  3413. }
  3416. HRESULT CCertMgrComponentData::OnEnroll (
  3417. LPDATAOBJECT pDataObject,
  3418. bool bNewKey,
  3419. bool bShowUI /* = true */)
  3420. {
  3421. _TRACE (1, L"Entering CCertMgrComponentData::OnEnroll\n");
  3422. AFX_MANAGE_STATE (AfxGetStaticModuleState ());
  3423. ASSERT (pDataObject);
  3424. if ( !pDataObject )
  3425. return E_POINTER;
  3427. HRESULT hr = S_OK;
  3428. CCertMgrCookie* pParentCookie = ConvertCookie (pDataObject);
  3429. if ( pParentCookie )
  3430. {
  3431. CCertStore* pStore = 0;
  3432. CCertificate* pCert = 0;
  3433. CCertStoreGPE* pGPEStore = 0;
  3434. bool bParentIsStoreOrContainer = false;
  3435. HSCOPEITEM hScopeItem = 0;
  3436. bool bEFSPolicyTurnedOn = false;
  3438. switch (pParentCookie->m_objecttype)
  3439. {
  3440. case CERTMGR_CERTIFICATE:
  3441. pCert = reinterpret_cast <CCertificate*> (pParentCookie);
  3442. ASSERT (pCert);
  3443. break;
  3445. case CERTMGR_PHYS_STORE:
  3446. case CERTMGR_LOG_STORE:
  3447. if ( !m_pGPEInformation ) // If we are not extending the GPE/SCE
  3448. {
  3449. hScopeItem = pParentCookie->m_hScopeItem; // = 0;
  3450. pStore = reinterpret_cast <CCertStore*> (pParentCookie);
  3451. ASSERT (pStore);
  3452. }
  3453. bParentIsStoreOrContainer = true;
  3454. break;
  3456. case CERTMGR_CERT_CONTAINER:
  3457. if ( !m_pGPEInformation ) // If we are not extending the GPE/SCE
  3458. {
  3459. CContainerCookie* pContainer = reinterpret_cast <CContainerCookie*> (pParentCookie);
  3460. ASSERT (pContainer);
  3461. if ( pContainer )
  3462. {
  3463. MMC_COOKIE lCookie = 0;
  3464. hr = m_pConsoleNameSpace->GetParentItem (
  3465. pContainer->m_hScopeItem, &hScopeItem, &lCookie);
  3466. ASSERT (SUCCEEDED (hr));
  3467. pStore = &pContainer->GetCertStore ();
  3468. }
  3469. }
  3470. bParentIsStoreOrContainer = true;
  3471. break;
  3473. case CERTMGR_USAGE:
  3474. break;
  3476. case CERTMGR_LOG_STORE_RSOP:
  3477. ASSERT (0);
  3478. return E_FAIL;
  3479. break;
  3481. case CERTMGR_PKP_AUTOENROLLMENT_COMPUTER_SETTINGS:
  3482. case CERTMGR_PKP_AUTOENROLLMENT_USER_SETTINGS:
  3483. ASSERT (0);
  3484. break;
  3486. case CERTMGR_LOG_STORE_GPE:
  3487. pGPEStore = reinterpret_cast <CCertStoreGPE*> (pParentCookie);
  3488. ASSERT (pGPEStore);
  3489. if ( pGPEStore )
  3490. {
  3491. if ( pGPEStore->IsNullEFSPolicy () )
  3492. {
  3493. pGPEStore->AllowEmptyEFSPolicy ();
  3494. bEFSPolicyTurnedOn = true;
  3496. }
  3497. }
  3498. else
  3499. return E_FAIL;
  3500. break;
  3502. default:
  3503. ASSERT (0);
  3504. return E_UNEXPECTED;
  3505. }
  3506. HWND hwndParent = 0;
  3507. hr = m_pConsole->GetMainWindow (&hwndParent);
  3508. ASSERT (SUCCEEDED (hr));
  3509. CRYPTUI_WIZ_CERT_REQUEST_PVK_CERT pvkCert;
  3510. CRYPTUI_WIZ_CERT_REQUEST_PVK_NEW pvkNew;
  3511. CRYPTUI_WIZ_CERT_REQUEST_INFO certRequestInfo;
  3512. CRYPT_KEY_PROV_INFO provInfo;
  3514. // For EFS Recovery Agent
  3515. CRYPTUI_WIZ_CERT_TYPE certType;
  3516. PWSTR rgwszCertType = wszCERTTYPE_EFS_RECOVERY;
  3518. // security review 2/26/2002 BryanWal ok
  3519. ::ZeroMemory (&certRequestInfo, sizeof (certRequestInfo));
  3520. certRequestInfo.dwSize = sizeof (certRequestInfo);
  3521. certRequestInfo.dwPurpose = CRYPTUI_WIZ_CERT_ENROLL;
  3523. // User wants to manage user account
  3524. // pass in NULL to machine name and to account name
  3525. // User wants to manage local machine account
  3526. // pass in NULL for account name and result of ::GetComputerName ()
  3527. // to machine name
  3528. // User want to manage remote machine
  3529. // pass in NULL for account name and machine name for machineName
  3530. // User wants to manage remote account on remote machine
  3531. // pass in account name for accountName and machine name for machineName
  3532. switch (m_dwLocationPersist)
  3533. {
  3534. case CERT_SYSTEM_STORE_CURRENT_SERVICE:
  3535. case CERT_SYSTEM_STORE_SERVICES:
  3536. certRequestInfo.pwszMachineName = (PCWSTR) m_szManagedComputer;
  3537. certRequestInfo.pwszAccountName = (PCWSTR) m_szManagedServicePersist;
  3538. break;
  3540. case CERT_SYSTEM_STORE_CURRENT_USER:
  3541. certRequestInfo.pwszMachineName = NULL;
  3542. certRequestInfo.pwszAccountName = NULL;
  3543. break;
  3545. case CERT_SYSTEM_STORE_LOCAL_MACHINE:
  3546. certRequestInfo.pwszMachineName = (PCWSTR) m_szManagedComputer;
  3547. certRequestInfo.pwszAccountName = NULL;
  3548. break;
  3550. case CERT_SYSTEM_STORE_CURRENT_USER_GROUP_POLICY:
  3551. case CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY:
  3552. certRequestInfo.pwszMachineName = NULL;
  3553. certRequestInfo.pwszAccountName = NULL;
  3554. certRequestInfo.pwszDesStore = 0;
  3555. certRequestInfo.dwCertOpenStoreFlag = 0;
  3556. break;
  3558. default:
  3559. ASSERT (0);
  3560. return E_UNEXPECTED;
  3561. break;
  3562. }
  3565. if ( !pCert || bNewKey )
  3566. {
  3567. // Request a certificate with a new key
  3568. certRequestInfo.dwPvkChoice = CRYPTUI_WIZ_CERT_REQUEST_PVK_CHOICE_NEW;
  3569. // security review 2/26/2002 BryanWal ok
  3570. ::ZeroMemory (&pvkNew, sizeof (pvkNew));
  3571. pvkNew.dwSize = sizeof (pvkNew);
  3572. certRequestInfo.pPvkNew = &pvkNew;
  3573. if ( CERT_SYSTEM_STORE_LOCAL_MACHINE == m_dwLocationPersist )
  3574. {
  3575. // security review 2/26/2002 BryanWal ok
  3576. ::ZeroMemory (&provInfo, sizeof (provInfo));
  3578. provInfo.dwFlags = CRYPT_MACHINE_KEYSET;
  3579. pvkNew.pKeyProvInfo = &provInfo;
  3580. }
  3582. if ( pGPEStore && EFS_STORE == pGPEStore->GetStoreType () )
  3583. {
  3584. // This creates an Encryption Recovery Agent.
  3585. // security review 2/26/2002 BryanWal ok
  3586. ::ZeroMemory (&certType, sizeof (certType));
  3587. certType.dwSize = sizeof (CRYPTUI_WIZ_CERT_TYPE);
  3588. certType.cCertType = 1;
  3589. certType.rgwszCertType = &rgwszCertType;
  3592. certRequestInfo.dwCertChoice = CRYPTUI_WIZ_CERT_REQUEST_CERT_TYPE;
  3593. certRequestInfo.pCertType = &certType;
  3594. // security review 2/26/2002 BryanWal ok
  3595. ::ZeroMemory (&provInfo, sizeof (provInfo));
  3596. provInfo.pwszProvName = MS_DEF_PROV_W;
  3597. provInfo.dwProvType = PROV_RSA_FULL;
  3599. pvkNew.pKeyProvInfo = &provInfo;
  3600. pvkNew.dwGenKeyFlags = CRYPT_EXPORTABLE;
  3601. }
  3602. }
  3603. else
  3604. {
  3605. // Request a certificate with the same key as an existing certificate
  3606. if ( IsLocalComputername (m_szManagedComputer) )
  3607. {
  3608. // Find out if the cert has a private key before continuing.
  3609. DWORD dwFlags = 0;
  3611. if ( CERT_SYSTEM_STORE_LOCAL_MACHINE == m_dwLocationPersist )
  3612. dwFlags = CRYPT_FIND_MACHINE_KEYSET_FLAG;
  3613. if ( !::CryptFindCertificateKeyProvInfo (
  3614. pCert->GetCertContext (), dwFlags, 0) )
  3615. {
  3616. DWORD dwErr = GetLastError ();
  3617. _TRACE (0, L"CryptFindCertificateKeyProvInfo () failed: 0x%x\n",
  3618. dwErr);
  3619. CString text;
  3620. CString caption;
  3621. CThemeContextActivator activator;
  3623. text.FormatMessage (IDS_NO_PRIVATE_KEY,
  3624. GetSystemMessage (dwErr));
  3625. VERIFY (caption.LoadString (IDS_REQUEST_CERT_SAME_KEY));
  3626. ::MessageBox (hwndParent, text, caption, MB_OK);
  3627. return hr;
  3628. }
  3629. }
  3630. certRequestInfo.dwPvkChoice = CRYPTUI_WIZ_CERT_REQUEST_PVK_CHOICE_CERT;
  3631. // security review 2/26/2002 BryanWal ok
  3632. ::ZeroMemory (&pvkCert, sizeof (pvkCert));
  3633. pvkCert.dwSize = sizeof (pvkCert);
  3634. pvkCert.pCertContext = pCert->GetCertContext ();
  3635. certRequestInfo.pPvkCert = &pvkCert;
  3636. }
  3638. certRequestInfo.pwszCertDNName = NULL;
  3640. // Now that all the preliminaries are out of they way and the data is
  3641. // all set up, call the enrollment wizard.
  3642. DWORD status = 0;
  3643. PCCERT_CONTEXT pNewCertContext = 0;
  3644. BOOL bResult = FALSE;
  3645. CThemeContextActivator activator;
  3648. DWORD dwErr = 0;
  3649. while (1)
  3650. {
  3651. // this must be inside the while statement as bNewKey can change
  3652. DWORD dwFlags = 0;
  3653. if ( !bShowUI )
  3654. dwFlags |= CRYPTUI_WIZ_NO_UI;
  3655. if ( bNewKey )
  3656. dwFlags |= CRYPTUI_WIZ_CERT_REQUEST_REQUIRE_NEW_KEY;
  3658. bResult = ::CryptUIWizCertRequest (
  3659. dwFlags,
  3660. hwndParent,
  3661. NULL,
  3662. &certRequestInfo,
  3663. &pNewCertContext,
  3664. &status);
  3665. dwErr = GetLastError ();
  3666. if ( !bResult && NTE_TOKEN_KEYSET_STORAGE_FULL == HRESULT_FROM_WIN32 (dwErr) )
  3667. {
  3668. // NTRAID# 299089 Enrollment Wizard: Should return some
  3669. // meaningful message when users fail to enroll/renew on a
  3670. // smart card
  3671. if ( !bNewKey )
  3672. break;
  3674. CString text;
  3675. CString caption;
  3676. int iRetVal = 0;
  3678. VERIFY (text.LoadString (IDS_SMARTCARD_FULL_REUSE_PRIVATE_KEY));
  3679. VERIFY (caption.LoadString (IDS_CERTIFICATE_MANAGER));
  3680. hr = m_pConsole->MessageBox (text, caption,
  3681. MB_YESNO, &iRetVal);
  3682. ASSERT (SUCCEEDED (hr));
  3683. if ( IDYES == iRetVal )
  3684. {
  3685. bNewKey = false;
  3686. }
  3687. else
  3688. break;
  3689. }
  3690. else
  3691. break;
  3692. }
  3694. if ( !bResult && !bShowUI )
  3695. {
  3696. CString text;
  3697. CString caption;
  3698. int iRetVal = 0;
  3700. text.FormatMessage (IDS_CANNOT_CREATE_DATA_RECOVERY_AGENT,
  3701. GetSystemMessage (dwErr));
  3702. VERIFY (caption.LoadString (IDS_PUBLIC_KEY_POLICIES_NODE_NAME));
  3703. if ( m_pConsole )
  3704. {
  3705. hr = m_pConsole->MessageBox (text, caption, MB_OK, &iRetVal);
  3706. ASSERT (SUCCEEDED (hr));
  3707. }
  3708. }
  3709. else if ( bResult && (CRYPTUI_WIZ_CERT_REQUEST_STATUS_SUCCEEDED == status) && pNewCertContext )
  3710. {
  3711. if ( bEFSPolicyTurnedOn )
  3712. {
  3713. // Force scope item selection to for call to
  3714. // IComponent::QueryResultViewType ()
  3715. hr = m_pComponentConsole->SelectScopeItem (pGPEStore->m_hScopeItem);
  3716. hr = m_pConsole->UpdateAllViews (pDataObject, 0, HINT_EFS_ADD_DEL_POLICY);
  3717. hr = OnNotifyExpand (pDataObject, TRUE, pGPEStore->m_hScopeItem);
  3718. }
  3720. ASSERT (!(pStore && pGPEStore)); // these can't both be true
  3721. if ( pStore )
  3722. {
  3723. pStore->IncrementCertCount ();
  3724. pStore->SetDirty ();
  3725. pStore->Resync ();
  3727. }
  3728. else if ( pGPEStore )
  3729. {
  3730. pGPEStore->InvalidateCertCount ();
  3731. pGPEStore->SetDirty ();
  3732. pGPEStore->Resync ();
  3735. if ( EFS_STORE == pGPEStore->GetStoreType () )
  3736. {
  3737. hr = CompleteEFSRecoveryAgent (pGPEStore, pNewCertContext);
  3738. }
  3739. }
  3740. else if ( pCert && pCert->GetCertStore ())
  3741. {
  3742. pCert->GetCertStore ()->Resync ();
  3743. }
  3745. if ( !m_pGPEInformation ) // If we are not extending the GPE/SCE
  3746. {
  3747. if ( bParentIsStoreOrContainer )
  3748. {
  3749. ASSERT (hScopeItem);
  3750. ASSERT (pStore);
  3751. hr = CreateContainers (hScopeItem, *pStore);
  3753. // Display the new cert only if the container node is selected
  3754. if ( CERTMGR_CERT_CONTAINER == pParentCookie->m_objecttype &&
  3755. pParentCookie->IsSelected () )
  3756. {
  3757. // Add certificate to result pane
  3758. RESULTDATAITEM rdItem;
  3759. CCookie& rootCookie = QueryBaseRootCookie ();
  3761. // security review 2/26/2002 BryanWal ok
  3762. ::ZeroMemory (&rdItem, sizeof (rdItem));
  3763. rdItem.mask = RDI_STR | RDI_IMAGE | RDI_PARAM | RDI_STATE;
  3764. rdItem.nImage = iIconCertificate;
  3765. rdItem.nCol = 0;
  3766. rdItem.nState = LVIS_SELECTED | LVIS_FOCUSED;
  3767. rdItem.str = MMC_TEXTCALLBACK;
  3769. PCCERT_CONTEXT pFoundCertContext =
  3770. pStore->FindCertificate (0, CERT_FIND_EXISTING,
  3771. (void*) pNewCertContext, NULL);
  3772. if ( pFoundCertContext )
  3773. {
  3774. pCert = new CCertificate (pFoundCertContext, pStore);
  3775. if ( pCert )
  3776. {
  3777. rootCookie.m_listResultCookieBlocks.AddHead (pCert);
  3778. rdItem.lParam = (LPARAM) pCert;
  3779. pCert->m_resultDataID = m_pResultData;
  3780. hr = m_pResultData->InsertItem (&rdItem);
  3781. if ( FAILED (hr) )
  3782. {
  3783. _TRACE (0, L"IResultData::InsertItem () failed: 0x%x\n", hr);
  3784. }
  3785. else
  3786. {
  3787. hr = DisplayCertificateCountByStore (
  3788. m_pComponentConsole, pStore, false);
  3789. }
  3790. }
  3791. else
  3792. hr = E_OUTOFMEMORY;
  3794. ::CertFreeCertificateContext (pFoundCertContext);
  3795. }
  3796. else
  3797. {
  3798. hr = HRESULT_FROM_WIN32 (GetLastError ());
  3799. }
  3801. ASSERT (SUCCEEDED (hr));
  3802. }
  3803. hr = DisplayCertificateCountByStore (m_pComponentConsole, pStore);
  3804. }
  3805. else
  3806. {
  3807. hr = m_pConsole->UpdateAllViews (pDataObject, 0,
  3808. HINT_CERT_ENROLLED_USAGE_MODE);
  3809. ASSERT (SUCCEEDED (hr));
  3810. }
  3811. }
  3812. else
  3813. {
  3814. hr = m_pConsole->UpdateAllViews (pDataObject, 0, 0);
  3815. ASSERT (SUCCEEDED (hr));
  3816. hr = DisplayCertificateCountByStore (m_pComponentConsole, pGPEStore, true);
  3817. }
  3818. ::CertFreeCertificateContext (pNewCertContext);
  3819. }
  3820. else if ( bEFSPolicyTurnedOn )
  3821. {
  3822. // If we allowed policy creation just for this enrollment, but
  3823. // nothing was enrolled, go ahead and delete the policy.
  3824. hr = OnDeleteEFSPolicy (pDataObject, false);
  3825. }
  3827. }
  3828. else
  3829. hr = E_POINTER;
  3831. _TRACE (-1, L"Leaving CCertMgrComponentData::OnEnroll: 0x%x\n", hr);
  3832. return hr;
  3833. }
  3836. HRESULT RenewCertificate (
  3837. CCertificate* pCert,
  3838. bool bNewKey,
  3839. const CString& machineName,
  3840. DWORD dwLocation,
  3841. const CString& managedComputer,
  3842. const CString& managedService,
  3843. HWND hwndParent,
  3844. LPCONSOLE pConsole,
  3845. LPDATAOBJECT pDataObject)
  3846. {
  3847. HRESULT hr = S_OK;
  3849. if ( pCert )
  3850. {
  3851. CRYPTUI_WIZ_CERT_REQUEST_PVK_CERT pvkCert;
  3852. CRYPTUI_WIZ_CERT_REQUEST_PVK_NEW pvkNew;
  3853. CRYPTUI_WIZ_CERT_REQUEST_INFO certRequestInfo;
  3854. CRYPT_KEY_PROV_INFO provInfo;
  3857. // security review 2/26/2002 BryanWal ok
  3858. ::ZeroMemory (&certRequestInfo, sizeof (certRequestInfo));
  3859. certRequestInfo.dwSize = sizeof (certRequestInfo);
  3860. certRequestInfo.dwPurpose = CRYPTUI_WIZ_CERT_RENEW;
  3861. // User wants to manage user account
  3862. // pass in NULL to machine name and to account name
  3863. // User wants to manage local machine account
  3864. // pass in NULL for account name and result of ::GetComputerName ()
  3865. // to machine name
  3866. // User want to manage remote machine
  3867. // pass in NULL for account name and machine name for machineName
  3868. // User wants to manage remote account on remote machine
  3869. // pass in account name for accountName and machine name for machineName
  3870. // TODO: Ensure that this is NULL if the local machine
  3871. BOOL bIsLocalMachine = IsLocalComputername (machineName);
  3872. switch (dwLocation)
  3873. {
  3874. case CERT_SYSTEM_STORE_CURRENT_SERVICE:
  3875. case CERT_SYSTEM_STORE_SERVICES:
  3876. certRequestInfo.pwszMachineName = (PCWSTR) managedComputer;
  3877. certRequestInfo.pwszAccountName = (PCWSTR) managedService;
  3878. break;
  3880. case CERT_SYSTEM_STORE_CURRENT_USER:
  3881. certRequestInfo.pwszMachineName = NULL;
  3882. certRequestInfo.pwszAccountName = NULL;
  3883. break;
  3885. case CERT_SYSTEM_STORE_LOCAL_MACHINE:
  3886. certRequestInfo.pwszMachineName = (PCWSTR) managedComputer;
  3887. certRequestInfo.pwszAccountName = NULL;
  3888. break;
  3890. default:
  3891. ASSERT (0);
  3892. return E_UNEXPECTED;
  3893. break;
  3894. }
  3895. certRequestInfo.pRenewCertContext = pCert->GetCertContext ();
  3896. if ( bNewKey )
  3897. {
  3898. certRequestInfo.dwPvkChoice = CRYPTUI_WIZ_CERT_REQUEST_PVK_CHOICE_NEW;
  3899. // security review 2/26/2002 BryanWal ok
  3900. ::ZeroMemory (&pvkNew, sizeof (pvkNew));
  3901. pvkNew.dwSize = sizeof (pvkNew);
  3902. if ( CERT_SYSTEM_STORE_LOCAL_MACHINE == dwLocation )
  3903. {
  3904. // security review 2/26/2002 BryanWal ok
  3905. ::ZeroMemory (&provInfo, sizeof (provInfo));
  3906. provInfo.dwFlags = CRYPT_MACHINE_KEYSET;
  3907. pvkNew.pKeyProvInfo = &provInfo;
  3908. }
  3909. certRequestInfo.pPvkNew = &pvkNew;
  3910. }
  3911. else
  3912. {
  3913. if ( bIsLocalMachine )
  3914. {
  3915. DWORD dwFlags = 0;
  3917. if ( CERT_SYSTEM_STORE_LOCAL_MACHINE == dwLocation )
  3918. dwFlags = CRYPT_FIND_MACHINE_KEYSET_FLAG;
  3919. if ( !::CryptFindCertificateKeyProvInfo (
  3920. pCert->GetCertContext (), dwFlags, 0) )
  3921. {
  3922. DWORD dwErr = GetLastError ();
  3923. _TRACE (0, L"CryptFindCertificateKeyProvInfo () failed: 0x%x\n",
  3924. dwErr);
  3925. CString text;
  3926. CString caption;
  3927. CThemeContextActivator activator;
  3929. text.FormatMessage (IDS_NO_PRIVATE_KEY,
  3930. GetSystemMessage (dwErr));
  3931. VERIFY (caption.LoadString (IDS_RENEW_CERT_SAME_KEY));
  3932. ::MessageBox (hwndParent, text, caption, MB_OK);
  3933. return hr;
  3934. }
  3935. }
  3937. certRequestInfo.dwPvkChoice = CRYPTUI_WIZ_CERT_REQUEST_PVK_CHOICE_CERT;
  3938. // security review 2/26/2002 BryanWal ok
  3939. ::ZeroMemory (&pvkCert, sizeof (pvkCert));
  3940. pvkCert.dwSize = sizeof (pvkCert);
  3941. pvkCert.pCertContext = pCert->GetCertContext ();
  3942. certRequestInfo.pPvkCert = &pvkCert;
  3943. }
  3946. DWORD status = 0;
  3947. PCCERT_CONTEXT pNewCertContext = 0;
  3948. BOOL bResult = FALSE;
  3949. CThemeContextActivator activator;
  3951. while (1)
  3952. {
  3953. bResult = ::CryptUIWizCertRequest (
  3954. bNewKey ? CRYPTUI_WIZ_CERT_REQUEST_REQUIRE_NEW_KEY : 0,
  3955. hwndParent, NULL,
  3956. &certRequestInfo, &pNewCertContext, &status);
  3957. if ( !bResult && HRESULT_FROM_WIN32 (NTE_TOKEN_KEYSET_STORAGE_FULL) == GetLastError () )
  3958. {
  3959. // NTRAID# 299089 Enrollment Wizard: Should return some
  3960. // meaningful message when users fail to enroll/renew on a
  3961. // smart card
  3962. if ( !bNewKey )
  3963. break;
  3965. CString text;
  3966. CString caption;
  3967. int iRetVal = 0;
  3969. VERIFY (text.LoadString (IDS_SMARTCARD_FULL_REUSE_PRIVATE_KEY));
  3970. VERIFY (caption.LoadString (IDS_CERTIFICATE_MANAGER));
  3971. if ( pConsole )
  3972. {
  3973. hr = pConsole->MessageBox (text, caption, MB_YESNO, &iRetVal);
  3974. ASSERT (SUCCEEDED (hr));
  3975. }
  3976. else
  3977. {
  3978. CThemeContextActivator activator;
  3979. iRetVal = ::MessageBox (hwndParent, text, caption, MB_OK);
  3980. }
  3981. if ( IDYES == iRetVal )
  3982. {
  3983. bNewKey = false;
  3984. }
  3985. else
  3986. break;
  3987. }
  3988. else
  3989. break;
  3990. }
  3992. if ( bResult && (CRYPTUI_WIZ_CERT_REQUEST_STATUS_SUCCEEDED == status) && pNewCertContext )
  3993. {
  3994. CCertStore* pStore = pCert->GetCertStore ();
  3995. if ( pStore )
  3996. {
  3997. pStore->SetDirty ();
  3998. pStore->Resync ();
  3999. if ( pConsole )
  4000. hr = pConsole->UpdateAllViews (pDataObject, 0, 0);
  4001. }
  4003. CertFreeCertificateContext (pNewCertContext);
  4004. ASSERT (SUCCEEDED (hr));
  4005. }
  4006. }
  4007. else
  4008. hr = E_POINTER;
  4010. return hr;
  4011. }
  4013. HRESULT CCertMgrComponentData::OnRenew (LPDATAOBJECT pDataObject, bool bNewKey)
  4014. {
  4015. _TRACE (1, L"Entering CCertMgrComponentData::OnRenew\n");
  4016. AFX_MANAGE_STATE (AfxGetStaticModuleState ());
  4017. HRESULT hr = S_OK;
  4018. HWND hwndParent = 0;
  4019. VERIFY (SUCCEEDED (m_pConsole->GetMainWindow (&hwndParent)));
  4020. CCertMgrCookie* pParentCookie = ConvertCookie (pDataObject);
  4021. if ( pParentCookie && CERTMGR_CERTIFICATE == pParentCookie->m_objecttype )
  4022. {
  4023. CCertificate* pCert = reinterpret_cast <CCertificate*> (pParentCookie);
  4024. ASSERT (pCert);
  4025. if ( pCert )
  4026. {
  4027. hr = RenewCertificate (pCert, bNewKey, m_strMachineNamePersist,
  4028. m_dwLocationPersist, m_szManagedComputer,
  4029. m_szManagedServicePersist, hwndParent, m_pConsole, pDataObject);
  4030. }
  4031. }
  4032. else
  4033. hr = E_POINTER;
  4035. _TRACE (-1, L"Leaving CCertMgrComponentData::OnRenew: 0x%x\n", hr);
  4036. return hr;
  4037. }
  4040. CCertMgrCookie* CCertMgrComponentData::ConvertCookie (LPDATAOBJECT pDataObject)
  4041. {
  4042. CCertMgrCookie* pParentCookie = 0;
  4043. CCookie* pBaseParentCookie = 0;
  4044. HRESULT hr = ExtractData (pDataObject,
  4045. CCertMgrDataObject::m_CFRawCookie,
  4046. &pBaseParentCookie,
  4047. sizeof (pBaseParentCookie) );
  4048. if ( SUCCEEDED (hr) )
  4049. {
  4050. pParentCookie = ActiveCookie (pBaseParentCookie);
  4051. ASSERT (pParentCookie);
  4052. }
  4053. return pParentCookie;
  4054. }
  4057. HRESULT CCertMgrComponentData::OnImport (LPDATAOBJECT pDataObject)
  4058. {
  4059. _TRACE (1, L"Entering CCertMgrComponentData::OnImport\n");
  4060. AFX_MANAGE_STATE (AfxGetStaticModuleState ());
  4061. HRESULT hr = S_OK;
  4062. ASSERT (m_szFileName.IsEmpty ());
  4063. if ( !m_szFileName.IsEmpty () )
  4064. return E_UNEXPECTED;
  4065. ASSERT (pDataObject);
  4066. if ( !pDataObject )
  4067. return E_POINTER;
  4070. DWORD dwFlags = 0;
  4072. if ( CERT_SYSTEM_STORE_CURRENT_USER == m_dwLocationPersist )
  4073. {
  4074. // We're managing the user's certificate store
  4075. dwFlags |= CRYPTUI_WIZ_IMPORT_TO_CURRENTUSER;
  4076. }
  4077. else
  4078. {
  4079. // We're managing certificates on a machine
  4080. dwFlags |= CRYPTUI_WIZ_IMPORT_TO_LOCALMACHINE;
  4082. if ( !IsLocalComputername (m_szManagedComputer) )
  4083. {
  4084. // We're managing certificates on a remote machine
  4085. dwFlags |= CRYPTUI_WIZ_IMPORT_REMOTE_DEST_STORE;
  4086. }
  4087. }
  4089. HCERTSTORE hDestStore = 0;
  4090. CCertStore* pDestStore = 0;
  4091. HSCOPEITEM hScopeItem = 0;
  4092. int nOriginalCertCount = 0;
  4093. int nOriginalCTLCount = 0;
  4095. CCertMgrCookie* pParentCookie = ConvertCookie (pDataObject);
  4096. if ( pParentCookie )
  4097. {
  4098. hScopeItem = pParentCookie->m_hScopeItem;
  4099. switch (pParentCookie->m_objecttype)
  4100. {
  4101. case CERTMGR_PKP_AUTOENROLLMENT_COMPUTER_SETTINGS:
  4102. case CERTMGR_PKP_AUTOENROLLMENT_USER_SETTINGS:
  4103. ASSERT (0);
  4104. break;
  4106. case CERTMGR_LOG_STORE_RSOP:
  4107. ASSERT (0);
  4108. return E_FAIL;
  4109. break;
  4111. case CERTMGR_LOG_STORE_GPE:
  4112. {
  4113. dwFlags |= CRYPTUI_WIZ_IMPORT_NO_CHANGE_DEST_STORE;
  4114. pDestStore = reinterpret_cast <CCertStore*> (pParentCookie);
  4115. ASSERT (pDestStore);
  4116. if ( pDestStore )
  4117. {
  4118. nOriginalCertCount = pDestStore->GetCertCount ();
  4119. hDestStore = pDestStore->GetStoreHandle ();
  4121. switch (pDestStore->GetStoreType ())
  4122. {
  4123. case ACRS_STORE:
  4124. break;
  4126. case TRUST_STORE:
  4127. dwFlags |= CRYPTUI_WIZ_IMPORT_ALLOW_CTL;
  4128. nOriginalCTLCount = pDestStore->GetCTLCount ();
  4129. break;
  4131. case ROOT_STORE:
  4132. dwFlags |= CRYPTUI_WIZ_IMPORT_ALLOW_CERT;
  4133. break;
  4135. case EFS_STORE:
  4136. break;
  4138. default:
  4139. ASSERT (0);
  4140. break;
  4141. }
  4142. }
  4143. else
  4144. hr = E_UNEXPECTED;
  4145. }
  4146. break;
  4148. case CERTMGR_LOG_STORE:
  4149. case CERTMGR_PHYS_STORE:
  4150. {
  4151. pDestStore = reinterpret_cast <CCertStore*> (pParentCookie);
  4152. ASSERT (pDestStore);
  4153. if ( pDestStore )
  4154. {
  4155. if ( TRUST_STORE == pDestStore->GetStoreType () )
  4156. nOriginalCTLCount = pDestStore->GetCTLCount ();
  4157. else
  4158. nOriginalCertCount = pDestStore->GetCertCount ();
  4160. hDestStore = pDestStore->GetStoreHandle ();
  4161. }
  4162. else
  4163. hr = E_UNEXPECTED;
  4164. }
  4165. break;
  4167. case CERTMGR_CERT_CONTAINER:
  4168. case CERTMGR_CTL_CONTAINER:
  4169. {
  4170. CContainerCookie* pContainer = reinterpret_cast <CContainerCookie*> (pParentCookie);
  4171. ASSERT (pContainer);
  4172. if ( pContainer )
  4173. {
  4174. MMC_COOKIE lCookie = 0;
  4175. hr = m_pConsoleNameSpace->GetParentItem (
  4176. pContainer->m_hScopeItem, &hScopeItem, &lCookie);
  4177. ASSERT (SUCCEEDED (hr));
  4178. pDestStore = &pContainer->GetCertStore ();
  4179. if ( CERTMGR_CERT_CONTAINER == pParentCookie->m_objecttype )
  4180. nOriginalCertCount = pDestStore->GetCertCount ();
  4181. else
  4182. nOriginalCTLCount = pDestStore->GetCTLCount ();
  4183. hDestStore = pDestStore->GetStoreHandle ();
  4184. }
  4185. else
  4186. hr = E_UNEXPECTED;
  4187. }
  4188. break;
  4190. case CERTMGR_USAGE:
  4191. pDestStore = 0;
  4192. hDestStore = 0;
  4193. break;
  4195. default:
  4196. ASSERT (0);
  4197. hr = E_UNEXPECTED;
  4198. }
  4199. }
  4200. else
  4201. hr = E_UNEXPECTED;
  4204. if ( SUCCEEDED (hr) )
  4205. {
  4206. HWND hwndParent = 0;
  4207. hr = m_pConsole->GetMainWindow (&hwndParent);
  4208. ASSERT (SUCCEEDED (hr));
  4210. // Now that all the data is set up and everything is in readiness,
  4211. // call the Import Wizard
  4212. CThemeContextActivator activator;
  4213. BOOL bResult = ::CryptUIWizImport (dwFlags, hwndParent, 0, NULL, hDestStore);
  4214. if ( bResult )
  4215. {
  4216. bool bWizardCancelled = false;
  4217. CCertStore* pStore = 0;
  4219. switch (pParentCookie->m_objecttype)
  4220. {
  4221. case CERTMGR_LOG_STORE_RSOP:
  4222. ASSERT (0);
  4223. return E_FAIL;
  4224. break;
  4226. case CERTMGR_LOG_STORE_GPE:
  4227. case CERTMGR_LOG_STORE:
  4228. case CERTMGR_PHYS_STORE:
  4229. {
  4230. pStore = reinterpret_cast <CCertStore*> (pParentCookie);
  4231. ASSERT (pStore);
  4232. if ( pStore )
  4233. {
  4234. if ( TRUST_STORE == pStore->GetStoreType () )
  4235. {
  4236. if ( pStore->GetCTLCount () != nOriginalCTLCount )
  4237. {
  4238. pStore->SetDirty ();
  4239. hr = pStore->Commit ();
  4240. }
  4241. else
  4242. bWizardCancelled = true;
  4243. }
  4244. else
  4245. {
  4246. pStore->InvalidateCertCount ();
  4247. if ( pStore->GetCertCount () != nOriginalCertCount )
  4248. {
  4249. pStore->SetDirty ();
  4250. hr = pStore->Commit ();
  4251. }
  4252. else
  4253. bWizardCancelled = true;
  4254. }
  4255. }
  4256. else
  4257. hr = E_UNEXPECTED;
  4258. }
  4259. break;
  4261. case CERTMGR_CERT_CONTAINER:
  4262. case CERTMGR_CTL_CONTAINER:
  4263. {
  4264. CContainerCookie* pContainer = reinterpret_cast <CContainerCookie*> (pParentCookie);
  4265. ASSERT (pContainer);
  4266. if ( pContainer )
  4267. {
  4268. pStore = &pContainer->GetCertStore ();
  4270. if ( CERTMGR_CERT_CONTAINER == pParentCookie->m_objecttype )
  4271. {
  4272. pStore->InvalidateCertCount ();
  4273. if ( pStore->GetCertCount () != nOriginalCertCount )
  4274. {
  4275. pStore->SetDirty ();
  4276. hr = pStore->Commit ();
  4277. }
  4278. else
  4279. bWizardCancelled = true;
  4280. }
  4281. else
  4282. {
  4283. if ( pStore->GetCTLCount () != nOriginalCTLCount )
  4284. {
  4285. pStore->SetDirty ();
  4286. hr = pStore->Commit ();
  4287. }
  4288. else
  4289. bWizardCancelled = true;
  4290. }
  4292. }
  4293. else
  4294. hr = E_UNEXPECTED;
  4295. }
  4296. break;
  4298. case CERTMGR_USAGE:
  4299. break;
  4301. default:
  4302. ASSERT (0);
  4303. hr = E_UNEXPECTED;
  4304. }
  4306. if ( !bWizardCancelled )
  4307. {
  4308. if ( pStore )
  4309. {
  4310. if ( SUCCEEDED (hr) )
  4311. pStore->Resync ();
  4312. }
  4314. if ( CERTMGR_LOG_STORE == pParentCookie->m_objecttype ||
  4315. (CERTMGR_LOG_STORE == pParentCookie->m_objecttype && !m_bShowPhysicalStoresPersist) )
  4316. {
  4317. if ( pStore )
  4318. hr = CreateContainers (hScopeItem, *pStore);
  4319. }
  4321. hr = m_pConsole->UpdateAllViews (pDataObject, 0, HINT_IMPORT);
  4322. ASSERT (SUCCEEDED (hr));
  4323. }
  4324. }
  4325. if ( pDestStore )
  4326. pDestStore->Close ();
  4327. }
  4328. _TRACE (-1, L"Leaving CCertMgrComponentData::OnImport: 0x%x\n", hr);
  4329. return hr;
  4330. }
  4332. HRESULT CCertMgrComponentData::OnExport (LPDATAOBJECT pDataObject)
  4333. {
  4334. _TRACE (1, L"Entering CCertMgrComponentData::OnExport\n");
  4335. AFX_MANAGE_STATE (AfxGetStaticModuleState ());
  4336. HRESULT hr = S_OK;
  4338. LPDATAOBJECT pMSDO = ExtractMultiSelect (pDataObject);
  4339. m_bMultipleObjectsSelected = false;
  4341. if ( pMSDO )
  4342. {
  4343. // Iterate through list of selected objects -
  4344. // Add them to a memory store
  4345. // Export to PFX file through wizard with new
  4346. // "export from store - certs only" flag
  4347. m_bMultipleObjectsSelected = true;
  4348. HCERTSTORE hCertStore = ::CertOpenStore (CERT_STORE_PROV_MEMORY,
  4349. 0, NULL, 0, NULL);
  4350. ASSERT (hCertStore);
  4351. if ( hCertStore )
  4352. {
  4353. CCertMgrCookie* pCookie = 0;
  4354. CCertMgrDataObject* pDO = reinterpret_cast <CCertMgrDataObject*>(pMSDO);
  4355. ASSERT (pDO);
  4356. if ( pDO )
  4357. {
  4358. BOOL bResult = FALSE;
  4359. pDO->Reset();
  4360. while (pDO->Next(1, reinterpret_cast<MMC_COOKIE*>(&pCookie), NULL) != S_FALSE)
  4361. {
  4362. if ( CERTMGR_CERTIFICATE == pCookie->m_objecttype )
  4363. {
  4364. CCertificate* pCert = reinterpret_cast <CCertificate*> (pCookie);
  4365. ASSERT (pCert);
  4366. if ( pCert )
  4367. {
  4368. bResult = ::CertAddCertificateContextToStore (
  4369. hCertStore,
  4370. ::CertDuplicateCertificateContext (pCert->GetCertContext ()),
  4371. CERT_STORE_ADD_NEW, 0);
  4372. ASSERT (bResult);
  4373. if ( !bResult )
  4374. break;
  4375. }
  4376. }
  4377. else if ( CERTMGR_CTL == pCookie->m_objecttype )
  4378. {
  4379. CCTL* pCTL = reinterpret_cast <CCTL*> (pCookie);
  4380. ASSERT (pCTL);
  4381. if ( pCTL )
  4382. {
  4383. bResult = ::CertAddCTLContextToStore (
  4384. hCertStore,
  4385. ::CertDuplicateCTLContext (pCTL->GetCTLContext ()),
  4386. CERT_STORE_ADD_NEW, 0);
  4387. ASSERT (bResult);
  4388. if ( !bResult )
  4389. break;
  4390. }
  4391. }
  4392. }
  4394. // Call Export Wizard
  4395. CRYPTUI_WIZ_EXPORT_INFO cwi;
  4396. // security review 2/26/2002 BryanWal ok
  4397. ::ZeroMemory (&cwi, sizeof (cwi));
  4398. cwi.dwSize = sizeof (cwi);
  4399. cwi.dwSubjectChoice = CRYPTUI_WIZ_EXPORT_CERT_STORE;
  4400. cwi.hCertStore = hCertStore;
  4402. HWND hwndParent = 0;
  4403. hr = m_pConsole->GetMainWindow (&hwndParent);
  4404. ASSERT (SUCCEEDED (hr));
  4405. CThemeContextActivator activator;
  4406. bResult = ::CryptUIWizExport (
  4407. 0,
  4408. hwndParent,
  4409. 0,
  4410. &cwi,
  4411. NULL);
  4413. VERIFY (::CertCloseStore (hCertStore, CERT_CLOSE_STORE_CHECK_FLAG));
  4414. }
  4415. else
  4416. hr = E_FAIL;
  4418. return hr;
  4419. }
  4420. else
  4421. {
  4422. DWORD dwErr = GetLastError ();
  4423. _TRACE (0, L"CertOpenStore (%s) failed: 0x%x\n",
  4424. CERT_STORE_PROV_MEMORY, dwErr);
  4425. hr = HRESULT_FROM_WIN32 (dwErr);
  4426. return hr;
  4427. }
  4428. }
  4431. CRYPTUI_WIZ_EXPORT_INFO cwi;
  4432. CCertificate* pCert = 0;
  4433. CCRL* pCRL = 0;
  4434. CCTL* pCTL = 0;
  4435. CCertStore* pCertStore = 0;
  4436. CCertMgrCookie* pCookie = ConvertCookie (pDataObject);
  4437. ASSERT (pCookie);
  4438. if ( !pCookie )
  4439. return E_UNEXPECTED;
  4441. // security review 2/26/2002 BryanWal ok
  4442. ::ZeroMemory (&cwi, sizeof (cwi));
  4443. cwi.dwSize = sizeof (cwi);
  4444. switch (pCookie->m_objecttype)
  4445. {
  4446. case CERTMGR_CERTIFICATE:
  4447. cwi.dwSubjectChoice = CRYPTUI_WIZ_EXPORT_CERT_CONTEXT;
  4448. pCert = reinterpret_cast <CCertificate*> (pCookie);
  4449. ASSERT (pCert);
  4450. if ( pCert )
  4451. cwi.pCertContext = pCert->GetCertContext ();
  4452. else
  4453. return E_UNEXPECTED;
  4454. break;
  4456. case CERTMGR_CRL:
  4457. cwi.dwSubjectChoice = CRYPTUI_WIZ_EXPORT_CRL_CONTEXT;
  4458. pCRL = reinterpret_cast <CCRL*> (pCookie);
  4459. ASSERT (pCRL);
  4460. if ( pCRL )
  4461. cwi.pCRLContext = pCRL->GetCRLContext ();
  4462. else
  4463. return E_UNEXPECTED;
  4464. break;
  4466. case CERTMGR_CTL:
  4467. cwi.dwSubjectChoice = CRYPTUI_WIZ_EXPORT_CTL_CONTEXT;
  4468. pCTL = reinterpret_cast <CCTL*> (pCookie);
  4469. ASSERT (pCTL);
  4470. if ( pCTL )
  4471. cwi.pCTLContext = pCTL->GetCTLContext ();
  4472. else
  4473. return E_UNEXPECTED;
  4474. break;
  4476. case CERTMGR_LOG_STORE:
  4477. case CERTMGR_PHYS_STORE:
  4478. cwi.dwSubjectChoice = CRYPTUI_WIZ_EXPORT_CERT_STORE;
  4479. pCertStore = reinterpret_cast <CCertStore*> (pCookie);
  4480. ASSERT (pCertStore);
  4481. if ( pCertStore )
  4482. cwi.hCertStore = pCertStore->GetStoreHandle ();
  4483. else
  4484. return E_UNEXPECTED;
  4485. break;
  4487. default:
  4488. ASSERT (0);
  4489. return E_UNEXPECTED;
  4490. }
  4492. HWND hwndParent = 0;
  4493. hr = m_pConsole->GetMainWindow (&hwndParent);
  4494. ASSERT (SUCCEEDED (hr));
  4495. CThemeContextActivator activator;
  4496. ::CryptUIWizExport (
  4497. 0,
  4498. hwndParent,
  4499. 0,
  4500. &cwi,
  4501. NULL);
  4503. if ( pCertStore )
  4504. pCertStore->Close ();
  4505. _TRACE (-1, L"Leaving CCertMgrComponentData::OnExport: 0x%x\n", hr);
  4506. return hr;
  4507. }
  4510. HRESULT CCertMgrComponentData::OnNewCTL (LPDATAOBJECT pDataObject)
  4511. {
  4512. _TRACE (1, L"Entering CCertMgrComponentData::OnNewCTL\n");
  4513. AFX_MANAGE_STATE (AfxGetStaticModuleState ());
  4514. ASSERT (pDataObject);
  4515. if ( !pDataObject )
  4516. return E_POINTER;
  4517. HRESULT hr = S_OK;
  4518. CCertMgrCookie* pCookie = ConvertCookie (pDataObject);
  4519. ASSERT (pCookie);
  4520. if ( !pCookie )
  4521. return E_UNEXPECTED;
  4523. CCertStore* pStore = 0;
  4524. CContainerCookie* pCont = 0;
  4526. switch ( pCookie->m_objecttype )
  4527. {
  4528. case CERTMGR_CTL_CONTAINER:
  4529. {
  4530. pCont = reinterpret_cast <CContainerCookie*> (pCookie);
  4531. ASSERT (pCont);
  4532. if ( pCont )
  4533. {
  4534. pStore = &(pCont->GetCertStore ());
  4535. }
  4536. else
  4537. return E_UNEXPECTED;
  4538. }
  4539. break;
  4541. case CERTMGR_LOG_STORE_RSOP:
  4542. ASSERT (0);
  4543. return E_UNEXPECTED;
  4544. break;
  4546. case CERTMGR_LOG_STORE:
  4547. case CERTMGR_LOG_STORE_GPE:
  4548. case CERTMGR_PHYS_STORE:
  4549. {
  4550. pStore = reinterpret_cast <CCertStore*> (pCookie);
  4551. ASSERT (pStore);
  4552. if ( !pStore )
  4553. return E_UNEXPECTED;
  4554. }
  4555. break;
  4557. default:
  4558. ASSERT (0);
  4559. return E_UNEXPECTED;
  4560. }
  4562. ASSERT (pStore);
  4563. if ( !pStore )
  4564. return E_UNEXPECTED;
  4566. pStore->Lock ();
  4568. CRYPTUI_WIZ_BUILDCTL_DEST_INFO destInfo;
  4570. // security review 2/26/2002 BryanWal ok
  4571. ::ZeroMemory (&destInfo, sizeof (destInfo));
  4572. destInfo.dwSize = sizeof (destInfo);
  4573. destInfo.dwDestinationChoice = CRYPTUI_WIZ_BUILDCTL_DEST_CERT_STORE;
  4574. destInfo.hCertStore = pStore->GetStoreHandle ();
  4575. ASSERT (destInfo.hCertStore);
  4576. if ( !destInfo.hCertStore )
  4577. return E_UNEXPECTED;
  4579. HWND hwndParent = 0;
  4580. hr = m_pConsole->GetMainWindow (&hwndParent);
  4581. ASSERT (SUCCEEDED (hr));
  4582. PCCTL_CONTEXT pCTLContext = 0;
  4583. CThemeContextActivator activator;
  4584. BOOL bResult = ::CryptUIWizBuildCTL (
  4585. CRYPTUI_WIZ_BUILDCTL_SKIP_DESTINATION,
  4586. hwndParent,
  4587. 0,
  4588. NULL,
  4589. &destInfo,
  4590. &pCTLContext);
  4591. if ( bResult )
  4592. {
  4593. // If pCTLContext, then the wizard completed
  4594. if ( pCTLContext )
  4595. {
  4596. pStore->SetDirty ();
  4597. pStore->Commit ();
  4598. hr = m_pConsole->UpdateAllViews (pDataObject, 0, 0);
  4599. ASSERT (SUCCEEDED (hr));
  4600. ::CertFreeCTLContext (pCTLContext);
  4601. }
  4602. }
  4604. pStore->Unlock ();
  4605. pStore->Close ();
  4606. _TRACE (-1, L"Leaving CCertMgrComponentData::OnNewCTL: 0x%x\n", hr);
  4607. return hr;
  4608. }
  4610. HRESULT CCertMgrComponentData::OnACRSEdit (LPDATAOBJECT pDataObject)
  4611. {
  4612. _TRACE (1, L"Entering CCertMgrComponentData::OnACRSEdit\n");
  4613. AFX_MANAGE_STATE (AfxGetStaticModuleState ());
  4614. HRESULT hr = S_OK;
  4615. CCertMgrCookie* pCookie = ConvertCookie (pDataObject);
  4616. ASSERT (pCookie);
  4617. if ( !pCookie )
  4618. return E_UNEXPECTED;
  4620. switch ( pCookie->m_objecttype )
  4621. {
  4622. case CERTMGR_AUTO_CERT_REQUEST:
  4623. {
  4624. CAutoCertRequest* pACR = reinterpret_cast <CAutoCertRequest*> (pCookie);
  4625. ASSERT (pACR);
  4626. if ( pACR )
  4627. {
  4628. CCertStore& rStore = pACR->GetCertStore ();
  4629. CCertStoreGPE* pStore = reinterpret_cast <CCertStoreGPE*> (&rStore);
  4630. ASSERT (pStore);
  4631. if ( pStore )
  4632. {
  4633. HWND hwndConsole = 0;
  4634. hr = m_pConsole->GetMainWindow (&hwndConsole);
  4635. ASSERT (SUCCEEDED (hr));
  4636. if ( SUCCEEDED (hr) )
  4637. {
  4638. ACRSWizardPropertySheet sheet (pStore, pACR);
  4640. ACRSWizardWelcomePage welcomePage;
  4641. ACRSWizardTypePage typePage;
  4642. ACRSCompletionPage completionPage;
  4644. sheet.AddPage (&welcomePage);
  4645. sheet.AddPage (&typePage);
  4646. sheet.AddPage (&completionPage);
  4648. if ( sheet.DoWizard (hwndConsole) )
  4649. {
  4650. pStore->SetDirty ();
  4651. hr = DeleteCTLFromResultPane (pACR, pDataObject);
  4652. hr = m_pConsole->UpdateAllViews (pDataObject, 0, 0);
  4653. ASSERT (SUCCEEDED (hr));
  4654. }
  4655. }
  4656. }
  4657. else
  4658. hr = E_UNEXPECTED;
  4659. }
  4660. else
  4661. return E_UNEXPECTED;
  4662. }
  4663. break;
  4665. default:
  4666. ASSERT (0);
  4667. return E_UNEXPECTED;
  4668. }
  4670. _TRACE (-1, L"Leaving CCertMgrComponentData::OnACRSEdit: 0x%x\n", hr);
  4671. return hr;
  4672. }
  4674. HRESULT CCertMgrComponentData::OnCTLEdit (LPDATAOBJECT pDataObject)
  4675. {
  4676. _TRACE (1, L"Entering CCertMgrComponentData::OnCTLEdit\n");
  4677. AFX_MANAGE_STATE (AfxGetStaticModuleState ());
  4678. ASSERT (pDataObject);
  4679. if ( !pDataObject )
  4680. return E_POINTER;
  4681. HRESULT hr = S_OK;
  4682. CCertMgrCookie* pCookie = ConvertCookie (pDataObject);
  4683. ASSERT (pCookie);
  4684. if ( !pCookie )
  4685. return E_UNEXPECTED;
  4687. switch ( pCookie->m_objecttype )
  4688. {
  4689. case CERTMGR_CTL:
  4690. {
  4691. CCTL* pCTL = reinterpret_cast <CCTL*> (pCookie);
  4692. ASSERT (pCTL);
  4693. if ( pCTL )
  4694. {
  4695. CCertStore& rStore = pCTL->GetCertStore ();
  4696. CRYPTUI_WIZ_BUILDCTL_SRC_INFO srcInfo;
  4698. // security review 2/26/2002 BryanWal ok
  4699. ::ZeroMemory (&srcInfo, sizeof (srcInfo));
  4700. srcInfo.dwSize = sizeof (srcInfo);
  4701. srcInfo.pCTLContext = pCTL->GetCTLContext ();
  4702. srcInfo.dwSourceChoice = CRYPTUI_WIZ_BUILDCTL_SRC_EXISTING_CTL;
  4704. HWND hwndParent = 0;
  4705. hr = m_pConsole->GetMainWindow (&hwndParent);
  4706. ASSERT (SUCCEEDED (hr));
  4707. PCCTL_CONTEXT pNewCTLContext = 0;
  4708. CThemeContextActivator activator;
  4709. BOOL bResult = ::CryptUIWizBuildCTL (
  4710. CRYPTUI_WIZ_BUILDCTL_SKIP_DESTINATION,
  4711. hwndParent,
  4712. 0,
  4713. &srcInfo,
  4714. NULL,
  4715. &pNewCTLContext);
  4716. ASSERT (bResult);
  4717. if ( bResult && pNewCTLContext )
  4718. {
  4719. rStore.SetDirty ();
  4720. // Delete old CTL and add the new one.
  4721. if ( pCTL->DeleteFromStore () )
  4722. {
  4723. if ( !rStore.AddCTLContext (pNewCTLContext) )
  4724. {
  4725. DWORD dwErr = GetLastError ();
  4726. if ( CRYPT_E_EXISTS == dwErr )
  4727. {
  4728. CString text;
  4729. CString caption;
  4730. int iRetVal = 0;
  4733. VERIFY (text.LoadString (IDS_DUPLICATE_CTL));
  4734. VERIFY (caption.LoadString (IDS_CERTIFICATE_MANAGER));
  4735. hr = m_pConsole->MessageBox (text, caption,
  4736. MB_OK, &iRetVal);
  4737. ASSERT (SUCCEEDED (hr));
  4738. hr = E_FAIL;
  4739. }
  4740. else
  4741. {
  4742. DisplaySystemError (dwErr);
  4743. hr = HRESULT_FROM_WIN32 (dwErr);
  4744. }
  4745. }
  4746. rStore.Commit ();
  4747. hr = m_pConsole->UpdateAllViews (pDataObject, 0, 0);
  4748. ASSERT (SUCCEEDED (hr));
  4749. }
  4750. else
  4751. {
  4752. DWORD dwErr = GetLastError ();
  4753. DisplaySystemError (dwErr);
  4754. hr = HRESULT_FROM_WIN32 (dwErr);
  4755. }
  4756. }
  4757. }
  4758. else
  4759. return E_UNEXPECTED;
  4760. }
  4761. break;
  4763. default:
  4764. ASSERT (0);
  4765. return E_UNEXPECTED;
  4766. }
  4768. _TRACE (-1, L"Leaving CCertMgrComponentData::OnCTLEdit: 0x%x\n", hr);
  4769. return hr;
  4770. }
  4773. HRESULT CCertMgrComponentData::OnAddDomainEncryptedDataRecoveryAgent (LPDATAOBJECT pDataObject)
  4774. {
  4775. _TRACE (1, L"Entering CCertMgrComponentData::OnAddDomainEncryptedDataRecoveryAgent\n");
  4776. AFX_MANAGE_STATE (AfxGetStaticModuleState ());
  4777. ASSERT (pDataObject);
  4778. if ( !pDataObject )
  4779. return E_POINTER;
  4781. HRESULT hr = S_OK;
  4782. CCertMgrCookie* pCookie = ConvertCookie (pDataObject);
  4783. ASSERT (pCookie);
  4784. if ( pCookie )
  4785. {
  4786. CCertStoreGPE* pStore = reinterpret_cast <CCertStoreGPE*> (pCookie);
  4787. ASSERT (pStore && EFS_STORE == pStore->GetStoreType ());
  4788. if ( pStore && EFS_STORE == pStore->GetStoreType () )
  4789. {
  4790. HWND hwndConsole = 0;
  4791. hr = m_pConsole->GetMainWindow (&hwndConsole);
  4792. ASSERT (SUCCEEDED (hr));
  4793. if ( SUCCEEDED (hr) )
  4794. {
  4795. CUsers EFSUsers;
  4796. CAddEFSWizSheet efsAddSheet (IDS_ADDTITLE, EFSUsers, m_bMachineIsStandAlone);
  4798. if ( efsAddSheet.DoWizard (hwndConsole) )
  4799. {
  4800. pStore->SetDirty ();
  4802. bool bWasEmpty = false;
  4803. CString szUserName;
  4804. CString szCertName;
  4805. PUSERSONFILE pUser = EFSUsers.StartEnum ();
  4807. if ( pStore->IsNullEFSPolicy () )
  4808. {
  4809. bWasEmpty = true;
  4810. pStore->AllowEmptyEFSPolicy ();
  4811. hr = m_pConsole->UpdateAllViews (pDataObject, 0, HINT_EFS_ADD_DEL_POLICY);
  4812. ASSERT (SUCCEEDED (hr));
  4813. }
  4815. // If the store is an empty store, we need to delete it before adding
  4816. // the first cert. Otherwise CertAddCertificateContextToStore () fails
  4817. // with E_ACCESS_DENIED
  4818. if ( 0 == pStore->GetCertCount () )
  4819. pStore->DeleteEFSPolicy (false);
  4821. while ( pUser )
  4822. {
  4823. hr = pStore->AddCertificateContext (
  4824. pUser->m_pCertContext, m_pConsole, false);
  4825. if ( SUCCEEDED (hr) )
  4826. {
  4827. pStore->AddCertToList (pUser->m_pCertContext, pUser->m_UserSid);
  4829. hr = ValidateCertChain (pUser->m_pCertContext);
  4830. hr = m_pConsole->UpdateAllViews (pDataObject, 0, 0);
  4831. ASSERT (SUCCEEDED (hr));
  4832. }
  4833. else
  4834. break;
  4835. pUser = EFSUsers.GetNextUser (pUser, szUserName, szCertName);
  4836. }
  4837. pStore->Commit ();
  4838. hr = DisplayCertificateCountByStore (m_pComponentConsole, pStore, true);
  4840. if ( bWasEmpty )
  4841. {
  4842. // Force scope item selection to force call to
  4843. // IComponent::QueryResultViewType ()
  4844. hr = m_pComponentConsole->SelectScopeItem (pCookie->m_hScopeItem);
  4845. hr = m_pConsole->UpdateAllViews (pDataObject, 0, 0);
  4846. hr = OnNotifyExpand (pDataObject, TRUE, pCookie->m_hScopeItem);
  4847. }
  4848. }
  4849. }
  4850. }
  4851. else
  4852. hr = E_UNEXPECTED;
  4853. }
  4854. _TRACE (-1, L"Leaving CCertMgrComponentData::OnAddDomainEncryptedDataRecoveryAgent: 0x%x\n", hr);
  4855. return hr;
  4856. }
  4859. // This code from Robert Reichel
  4860. /*++
  4862. Routine Description:
  4864. This routine returns the TOKEN_USER structure for the
  4865. current user, and optionally, the AuthenticationId from his
  4866. token.
  4868. Arguments:
  4870. AuthenticationId - Supplies an optional pointer to return the
  4871. AuthenticationId.
  4873. Return Value:
  4875. On success, returns a pointer to a TOKEN_USER structure.
  4877. On failure, returns NULL. Call GetLastError() for more
  4878. detailed error information.
  4880. --*/
  4882. PTOKEN_USER EfspGetTokenUser ()
  4883. {
  4884. _TRACE (1, L"Entering EfspGetTokenUser\n");
  4885. HANDLE hToken = 0;
  4886. DWORD dwReturnLength = 0;
  4887. PTOKEN_USER pTokenUser = NULL;
  4889. BOOL bResult = ::OpenProcessToken (GetCurrentProcess (), TOKEN_QUERY, &hToken);
  4890. if ( bResult )
  4891. {
  4892. // security review 2/26/2002 BryanWal ok
  4893. bResult = ::GetTokenInformation (
  4894. hToken,
  4895. TokenUser,
  4896. NULL,
  4897. 0,
  4898. &dwReturnLength);
  4899. if ( !bResult && dwReturnLength > 0 )
  4900. {
  4901. pTokenUser = (PTOKEN_USER) malloc (dwReturnLength);
  4903. if (pTokenUser)
  4904. {
  4905. // security review 2/26/2002 BryanWal ok
  4906. bResult = ::GetTokenInformation (
  4907. hToken,
  4908. TokenUser,
  4909. pTokenUser,
  4910. dwReturnLength,
  4911. &dwReturnLength);
  4912. if ( !bResult)
  4913. {
  4914. DWORD dwErr = GetLastError ();
  4915. DisplaySystemError (NULL, dwErr);
  4916. free (pTokenUser);
  4917. pTokenUser = NULL;
  4918. }
  4919. }
  4920. }
  4921. else
  4922. {
  4923. DWORD dwErr = GetLastError ();
  4924. DisplaySystemError (NULL, dwErr);
  4925. }
  4927. ::CloseHandle (hToken);
  4928. }
  4929. else
  4930. {
  4931. DWORD dwErr = GetLastError ();
  4932. DisplaySystemError (NULL, dwErr);
  4933. }
  4935. _TRACE (-1, L"Leaving EfspGetTokenUser\n");
  4936. return pTokenUser;
  4937. }
  4940. HRESULT CCertMgrComponentData::CompleteEFSRecoveryAgent(CCertStoreGPE* pStore, PCCERT_CONTEXT pCertContext)
  4941. {
  4942. _TRACE (1, L"Entering CCertMgrComponentData::CompleteEFSRecoveryAgent\n");
  4943. HRESULT hr = S_OK;
  4944. ASSERT (pCertContext);
  4945. if ( !pCertContext || !pStore )
  4946. return E_POINTER;
  4948. // This is using to Enroll to create a new EFS Recovery Agent.
  4949. // Get PSID of logged-in user and save to store
  4952. // If the store is an empty store, we need to delete it before adding
  4953. // the first cert. Otherwise CertAddCertificateContextToStore () fails
  4954. // with E_ACCESS_DENIED
  4955. if ( 0 == pStore->GetCertCount () )
  4956. pStore->DeleteEFSPolicy (false);
  4957. hr = pStore->AddCertificateContext (pCertContext, m_pConsole, false);
  4958. if ( SUCCEEDED (hr) )
  4959. {
  4960. pStore->Commit ();
  4962. PTOKEN_USER pTokenUser = ::EfspGetTokenUser ();
  4963. if ( pTokenUser )
  4964. {
  4965. pStore->AddCertToList (pCertContext, pTokenUser->User.Sid);
  4966. free (pTokenUser);
  4967. }
  4969. if ( SUCCEEDED (hr) )
  4970. {
  4971. hr = ValidateCertChain (pCertContext);
  4972. }
  4973. }
  4974. else
  4975. {
  4976. int iRetVal = 0;
  4977. CString text;
  4978. CString caption;
  4980. text.FormatMessage (IDS_CANT_ADD_CERT, pStore->GetLocalizedName (),
  4981. GetSystemMessage (hr));
  4982. VERIFY (caption.LoadString (IDS_CERTIFICATE_MANAGER));
  4984. m_pConsole->MessageBox (text, caption,
  4985. MB_OK | MB_ICONWARNING, &iRetVal);
  4986. }
  4989. // Exportable keys are not currently supported. We can uncomment this code if this
  4990. // feature becomes available again in the future.
  4991. /*
  4992. int iRetVal = 0;
  4993. CString text;
  4994. CString caption;
  4996. VERIFY (text.LoadString (IDS_EXPORT_AND_DELETE_EFS_KEY));
  4997. VERIFY (caption.LoadString (IDS_CREATE_AUTO_CERT_REQUEST));
  4999. hr = m_pConsole->MessageBox (text, caption,
  5000. MB_YESNO | MB_ICONQUESTION, &iRetVal);
  5001. ASSERT (SUCCEEDED (hr));
  5002. if ( SUCCEEDED (hr) && IDYES == iRetVal )
  5003. {
  5004. // Remove the private key from the cert.
  5005. hr = CertSetCertificateContextProperty (pCertContext,
  5006. CERT_KEY_PROV_INFO_PROP_ID, 0, 0);
  5007. ASSERT (SUCCEEDED (hr));
  5009. // Bring up the common file open dialog to get a filename
  5010. // and the standard password dialog to get a password so
  5011. // that I can write out the PFX file.
  5012. HWND hwndConsole = 0;
  5013. hr = m_pConsole->GetMainWindow (&hwndConsole);
  5014. ASSERT (SUCCEEDED (hr));
  5015. if ( SUCCEEDED (hr) )
  5016. {
  5017. CString szFilter;
  5018. VERIFY (szFilter.LoadString (IDS_SAVE_PFX_FILTER));
  5020. CWnd mainWindow;
  5021. if ( mainWindow.Attach (hwndConsole) )
  5022. {
  5023. CFileDialog* pFileDlg = new CFileDialog (FALSE, // use as File Save As
  5024. L"pfx", // default extension
  5025. NULL, // preferred file name
  5026. OFN_HIDEREADONLY | OFN_OVERWRITEPROMPT | OFN_CREATEPROMPT | OFN_NOREADONLYRETURN,
  5027. (PCWSTR) szFilter,
  5028. &mainWindow);
  5029. if ( pFileDlg )
  5030. {
  5031. CThemeContextActivator activator;
  5032. if ( IDOK == pFileDlg->DoModal () )
  5033. {
  5034. CString pathName = pFileDlg->GetPathName ();
  5035. CRYPTUI_WIZ_EXPORT_INFO cwi;
  5036. CRYPTUI_WIZ_EXPORT_CERTCONTEXT_INFO cci;
  5038. ::ZeroMemory (&cwi, sizeof (cwi));
  5039. cwi.dwSize = sizeof (cwi);
  5040. cwi.pwszExportFileName = (PCWSTR) pathName;
  5041. cwi.dwSubjectChoice = CRYPTUI_WIZ_EXPORT_CERT_CONTEXT;
  5042. cwi.pCertContext = pCertContext;
  5044. ::ZeroMemory (&cci, sizeof (cci));
  5045. cci.dwSize = sizeof (cci);
  5046. cci.dwExportFormat = CRYPTUI_WIZ_EXPORT_FORMAT_PFX;
  5047. cci.fExportChain = TRUE;
  5048. cci.fExportPrivateKeys = TRUE;
  5050. CPassword passwordDlg;
  5053. // Launch password dialog
  5054. CThemeContextActivator activator;
  5055. if ( IDOK == passwordDlg.DoModal () )
  5056. {
  5057. if ( !wcslen (passwordDlg.GetPassword ()) )
  5058. {
  5059. // If password string is empty, pass NULL.
  5060. cci.pwszPassword = 0;
  5061. }
  5062. else
  5063. cci.pwszPassword = passwordDlg.GetPassword ();
  5065. CThemeContextActivator activator;
  5066. BOOL bResult = ::CryptUIWizExport (
  5067. CRYPTUI_WIZ_NO_UI,
  5068. 0, // hwndParent ignored
  5069. 0, // pwszWizardTitle ignored
  5070. &cwi,
  5071. (void*) &cci);
  5072. if ( bResult )
  5073. {
  5074. hr = DeleteKeyFromRSABASE (pCertContext);
  5075. }
  5076. else
  5077. {
  5078. DWORD dwErr = GetLastError ();
  5079. DisplaySystemError (dwErr);
  5080. }
  5081. }
  5082. }
  5084. delete pFileDlg;
  5085. }
  5086. else
  5087. {
  5088. hr = E_OUTOFMEMORY;
  5089. }
  5091. }
  5092. else
  5093. ASSERT (0);
  5094. VERIFY (mainWindow.Detach () == hwndConsole);
  5095. }
  5096. }
  5097. */
  5099. _TRACE (-1, L"Leaving CCertMgrComponentData::CompleteEFSRecoveryAgent: 0x%x\n", hr);
  5100. return hr;
  5101. }
  5103. HRESULT CCertMgrComponentData::AddScopeNode(CCertMgrCookie * pNewCookie, const CString & strServerName, HSCOPEITEM hParent)
  5104. {
  5105. _TRACE (1, L"Entering CCertMgrComponentData::AddScopeNode\n");
  5106. ASSERT (pNewCookie);
  5107. if ( !pNewCookie )
  5108. return E_POINTER;
  5110. HRESULT hr = S_OK;
  5113. SCOPEDATAITEM tSDItem;
  5115. // security review 2/26/2002 BryanWal ok
  5116. ::ZeroMemory (&tSDItem,sizeof (tSDItem));
  5117. tSDItem.mask = SDI_STR | SDI_IMAGE | SDI_STATE | SDI_PARAM | SDI_PARENT;
  5118. tSDItem.displayname = MMC_CALLBACK;
  5119. tSDItem.relativeID = hParent;
  5120. tSDItem.nState = 0;
  5122. switch (pNewCookie->m_objecttype)
  5123. {
  5124. case CERTMGR_USAGE:
  5125. case CERTMGR_CRL_CONTAINER:
  5126. case CERTMGR_CTL_CONTAINER:
  5127. case CERTMGR_CERT_CONTAINER:
  5128. case CERTMGR_LOG_STORE_GPE:
  5129. case CERTMGR_LOG_STORE_RSOP:
  5130. case CERTMGR_SAFER_COMPUTER_LEVELS:
  5131. case CERTMGR_SAFER_USER_LEVELS:
  5132. case CERTMGR_SAFER_COMPUTER_ENTRIES:
  5133. case CERTMGR_SAFER_USER_ENTRIES:
  5134. tSDItem.mask |= SDI_CHILDREN;
  5135. tSDItem.cChildren = 0;
  5136. break;
  5138. case CERTMGR_PKP_AUTOENROLLMENT_COMPUTER_SETTINGS:
  5139. case CERTMGR_PKP_AUTOENROLLMENT_USER_SETTINGS:
  5140. ASSERT (0);
  5141. break;
  5143. default:
  5144. break;
  5145. }
  5146. if ( pNewCookie != m_pRootCookie && m_pRootCookie )
  5147. m_pRootCookie->m_listScopeCookieBlocks.AddHead ( (CBaseCookieBlock*) pNewCookie);
  5148. if ( !strServerName.IsEmpty () )
  5149. pNewCookie->m_strMachineName = strServerName;
  5150. tSDItem.lParam = reinterpret_cast<LPARAM> ( (CCookie*) pNewCookie);
  5151. tSDItem.nImage = QueryImage (*pNewCookie, FALSE);
  5152. hr = m_pConsoleNameSpace->InsertItem (&tSDItem);
  5153. if ( SUCCEEDED (hr) )
  5154. pNewCookie->m_hScopeItem = tSDItem.ID;
  5156. _TRACE (-1, L"Leaving CCertMgrComponentData::AddScopeNode: 0x%x\n", hr);
  5157. return hr;
  5158. }
  5160. HRESULT CCertMgrComponentData::DeleteKeyFromRSABASE(PCCERT_CONTEXT pCertContext)
  5161. {
  5162. _TRACE (1, L"Entering CCertMgrComponentData::DeleteKeyFromRSABASE\n");
  5163. ASSERT (pCertContext);
  5164. if ( !pCertContext )
  5165. return E_POINTER;
  5166. HRESULT hr = S_OK;
  5167. DWORD cbData = 0;
  5169. BOOL bResult = ::CertGetCertificateContextProperty (pCertContext,
  5170. CERT_KEY_PROV_INFO_PROP_ID, 0, &cbData);
  5171. ASSERT (bResult);
  5172. if ( bResult )
  5173. {
  5174. PCRYPT_KEY_PROV_INFO pKeyProvInfo = (PCRYPT_KEY_PROV_INFO) ::LocalAlloc (LPTR, cbData);
  5175. if ( pKeyProvInfo )
  5176. {
  5177. bResult = ::CertGetCertificateContextProperty (pCertContext,
  5178. CERT_KEY_PROV_INFO_PROP_ID, pKeyProvInfo, &cbData);
  5179. ASSERT (bResult);
  5180. if ( bResult )
  5181. {
  5182. HCRYPTPROV hProv = 0;
  5183. bResult = ::CryptAcquireContext (&hProv,
  5184. pKeyProvInfo->pwszContainerName,
  5185. pKeyProvInfo->pwszProvName,
  5186. pKeyProvInfo->dwProvType,
  5187. CRYPT_DELETEKEYSET);
  5188. ASSERT (bResult);
  5189. if ( !bResult )
  5190. {
  5191. DWORD dwErr = GetLastError ();
  5192. hr = HRESULT_FROM_WIN32 (dwErr);
  5193. DisplaySystemError (dwErr);
  5194. }
  5195. }
  5196. else
  5197. {
  5198. DWORD dwErr = GetLastError ();
  5199. hr = HRESULT_FROM_WIN32 (dwErr);
  5200. DisplaySystemError (dwErr);
  5201. }
  5203. ::LocalFree (pKeyProvInfo);
  5204. }
  5205. else
  5206. {
  5207. hr = E_OUTOFMEMORY;
  5208. }
  5209. }
  5210. else
  5211. {
  5212. DWORD dwErr = GetLastError ();
  5213. hr = HRESULT_FROM_WIN32 (dwErr);
  5214. DisplaySystemError (dwErr);
  5215. }
  5218. _TRACE (-1, L"Leaving CCertMgrComponentData::DeleteKeyFromRSABASE: 0x%x\n", hr);
  5219. return hr;
  5220. }
  5222. HRESULT CCertMgrComponentData::ReleaseResultCookie (
  5223. CBaseCookieBlock * pResultCookie,
  5224. CCookie& rootCookie,
  5225. HCERTSTORE hStoreHandle,
  5226. POSITION pos2)
  5227. {
  5228. // _TRACE (1, L"Entering CCertMgrComponentData::ReleaseResultCookie\n");
  5229. CCertMgrCookie* pCookie = reinterpret_cast <CCertMgrCookie*> (pResultCookie);
  5230. ASSERT (pCookie);
  5231. if ( pCookie )
  5232. {
  5233. switch (pCookie->m_objecttype)
  5234. {
  5235. case CERTMGR_CERTIFICATE:
  5236. {
  5237. CCertificate* pCert = reinterpret_cast <CCertificate*> (pCookie);
  5238. ASSERT (pCert);
  5239. if ( pCert && pCert->GetCertStore () )
  5240. {
  5241. if ( pCert->GetCertStore ()->GetStoreHandle () == hStoreHandle )
  5242. {
  5243. // pCookie and pCert point to the same object
  5244. pResultCookie = rootCookie.m_listResultCookieBlocks.GetAt (pos2);
  5245. ASSERT (pResultCookie);
  5246. rootCookie.m_listResultCookieBlocks.RemoveAt (pos2);
  5247. if ( pResultCookie )
  5248. {
  5249. pResultCookie->Release ();
  5250. }
  5251. }
  5252. pCert->GetCertStore ()->Close ();
  5253. }
  5254. }
  5255. break;
  5257. case CERTMGR_CTL:
  5258. case CERTMGR_AUTO_CERT_REQUEST:
  5259. {
  5260. CCTL* pCTL = reinterpret_cast <CCTL*> (pCookie);
  5261. ASSERT (pCTL);
  5262. if ( pCTL )
  5263. {
  5264. if ( pCTL->GetCertStore ().GetStoreHandle () == hStoreHandle )
  5265. {
  5266. // pCookie and pCert point to the same object
  5267. pResultCookie = rootCookie.m_listResultCookieBlocks.GetAt (pos2);
  5268. ASSERT (pResultCookie);
  5269. rootCookie.m_listResultCookieBlocks.RemoveAt (pos2);
  5270. if ( pResultCookie )
  5271. {
  5272. pResultCookie->Release ();
  5273. }
  5274. }
  5275. pCTL->GetCertStore ().Close ();
  5276. }
  5277. }
  5278. break;
  5280. case CERTMGR_CRL:
  5281. {
  5282. CCRL* pCRL = reinterpret_cast <CCRL*> (pCookie);
  5283. ASSERT (pCRL);
  5284. if ( pCRL )
  5285. {
  5286. if ( pCRL->GetCertStore ().GetStoreHandle () == hStoreHandle )
  5287. {
  5288. // pCookie and pCert point to the same object
  5289. pResultCookie = rootCookie.m_listResultCookieBlocks.GetAt (pos2);
  5290. ASSERT (pResultCookie);
  5291. rootCookie.m_listResultCookieBlocks.RemoveAt (pos2);
  5292. if ( pResultCookie )
  5293. {
  5294. pResultCookie->Release ();
  5295. }
  5296. }
  5297. pCRL->GetCertStore ().Close ();
  5298. }
  5299. }
  5300. break;
  5302. default:
  5303. // _TRACE (0, L"CCertMgrComponentData::ReleaseResultCookie () - bad cookie type: 0x%x\n",
  5304. // pCookie->m_objecttype);
  5305. break;
  5306. }
  5307. }
  5309. // _TRACE (-1, L"Leaving CCertMgrComponentData::ReleaseResultCookie: S_OK\n");
  5310. return S_OK;
  5311. }
  5313. void CCertMgrComponentData::SetResultData(LPRESULTDATA pResultData)
  5314. {
  5315. _TRACE (1, L"Entering CCertMgrComponentData::SetResultData\n");
  5316. ASSERT (pResultData);
  5317. if ( pResultData && pResultData != m_pResultData )
  5318. {
  5319. if ( m_pResultData )
  5320. m_pResultData->Release ();
  5321. m_pResultData = pResultData;
  5322. m_pResultData->AddRef ();
  5323. }
  5324. _TRACE (-1, L"Leaving CCertMgrComponentData::SetResultData\n");
  5325. }
  5327. HRESULT CCertMgrComponentData::GetResultData(LPRESULTDATA* ppResultData)
  5328. {
  5329. HRESULT hr = S_OK;
  5331. if ( !ppResultData )
  5332. hr = E_POINTER;
  5333. else if ( !m_pResultData )
  5334. {
  5335. if ( m_pConsole )
  5336. {
  5337. hr = m_pConsole->QueryInterface(IID_PPV_ARG (IResultData, &m_pResultData));
  5338. _ASSERT (SUCCEEDED (hr));
  5339. }
  5340. else
  5341. hr = E_FAIL;
  5342. }
  5344. if ( SUCCEEDED (hr) && m_pResultData )
  5345. {
  5346. *ppResultData = m_pResultData;
  5347. m_pResultData->AddRef ();
  5348. }
  5350. return hr;
  5351. }
  5352. ///////////////////////////////////////////////////////////////////////////////
  5353. //
  5354. // Check to see if a child scope pane object exists of the desired type
  5355. // immediately below hParent
  5356. //
  5357. ///////////////////////////////////////////////////////////////////////////////
  5358. bool CCertMgrComponentData::ContainerExists(HSCOPEITEM hParent, CertificateManagerObjectType objectType)
  5359. {
  5360. _TRACE (1, L"Entering CCertMgrComponentData::ContainerExists\n");
  5361. bool bExists = false;
  5362. CCertMgrCookie* pCookie = 0;
  5363. HSCOPEITEM hChild = 0;
  5364. MMC_COOKIE lCookie = 0;
  5365. HRESULT hr = m_pConsoleNameSpace->GetChildItem (hParent,
  5366. &hChild, &lCookie);
  5367. ASSERT (SUCCEEDED (hr));
  5368. while ( SUCCEEDED (hr) && hChild )
  5369. {
  5370. pCookie = reinterpret_cast <CCertMgrCookie*> (lCookie);
  5371. ASSERT (pCookie);
  5372. if ( pCookie )
  5373. {
  5374. if ( pCookie->m_objecttype == objectType )
  5375. {
  5376. bExists = true;
  5377. break;
  5378. }
  5379. }
  5380. hr = m_pConsoleNameSpace->GetNextItem (hChild, &hChild, &lCookie);
  5381. ASSERT (SUCCEEDED (hr));
  5382. }
  5384. _TRACE (-1, L"Leaving CCertMgrComponentData::ContainerExists\n");
  5385. return bExists;
  5386. }
  5389. void CCertMgrComponentData::DisplayAccessDenied ()
  5390. {
  5391. _TRACE (1, L"Entering CCertMgrComponentData::DisplayAccessDenied\n");
  5392. DWORD dwErr = GetLastError ();
  5393. ASSERT (E_ACCESSDENIED == dwErr);
  5394. if ( E_ACCESSDENIED == dwErr )
  5395. {
  5396. LPVOID lpMsgBuf = 0;
  5398. // security review 2/26/2002 BryanWal ok
  5399. ::FormatMessage (FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM,
  5400. NULL,
  5401. GetLastError (),
  5402. MAKELANGID (LANG_NEUTRAL, SUBLANG_DEFAULT), // Default language
  5403. (PWSTR) &lpMsgBuf, 0, NULL );
  5405. // Display the string.
  5406. CString caption;
  5407. VERIFY (caption.LoadString (IDS_CERTIFICATE_MANAGER));
  5408. int iRetVal = 0;
  5409. VERIFY (SUCCEEDED (m_pConsole->MessageBox ( (PWSTR) lpMsgBuf, caption,
  5410. MB_ICONWARNING | MB_OK, &iRetVal)));
  5412. // Free the buffer.
  5413. LocalFree (lpMsgBuf);
  5414. }
  5415. _TRACE (-1, L"Leaving CCertMgrComponentData::DisplayAccessDenied\n");
  5416. }
  5419. HRESULT CCertMgrComponentData::DeleteCTLFromResultPane (CCTL * pCTL, LPDATAOBJECT pDataObject)
  5420. {
  5421. _TRACE (1, L"Entering CCertMgrComponentData::DeleteCTLFromResultPane\n");
  5422. ASSERT (pCTL);
  5423. ASSERT (pDataObject);
  5424. if ( !pCTL || !pDataObject )
  5425. return E_POINTER;
  5427. HRESULT hr = S_OK;
  5428. if ( pCTL->DeleteFromStore () )
  5429. {
  5430. hr = pCTL->GetCertStore ().Commit ();
  5431. ASSERT (SUCCEEDED (hr));
  5432. if ( SUCCEEDED (hr) )
  5433. {
  5434. HRESULTITEM itemID = 0;
  5435. hr = m_pResultData->FindItemByLParam ( (LPARAM) pCTL, &itemID);
  5436. if ( SUCCEEDED (hr) )
  5437. {
  5438. hr = m_pResultData->DeleteItem (itemID, 0);
  5439. ASSERT (SUCCEEDED (hr));
  5440. }
  5442. // If we can't succeed in removing this one item, then update the whole panel.
  5443. if ( !SUCCEEDED (hr) )
  5444. {
  5445. hr = m_pConsole->UpdateAllViews (pDataObject, 0, 0);
  5446. }
  5447. }
  5448. }
  5449. else
  5450. {
  5451. DisplayAccessDenied ();
  5452. }
  5454. _TRACE (-1, L"LeavingLeaving CCertMgrComponentData::DeleteCTLFromResultPane: 0x%x\n", hr);
  5455. return hr;
  5456. }
  5459. CString CCertMgrComponentData::GetThisComputer() const
  5460. {
  5461. _TRACE (0, L"Entering and leaving CCertMgrComponentData::GetThisComputer\n");
  5462. return m_szThisComputer;
  5463. }
  5465. typedef struct _ENUM_LOG_ARG {
  5466. DWORD m_dwFlags;
  5467. CTypedPtrList<CPtrList, CCertStore*>* m_pStoreList;
  5468. PCWSTR m_pcszMachineName;
  5469. CCertMgrComponentData* m_pCompData;
  5470. LPCONSOLE m_pConsole;
  5471. } ENUM_LOG_ARG, *PENUM_LOG_ARG;
  5475. static BOOL WINAPI EnumLogCallback (
  5476. IN const void* pwszSystemStore,
  5477. IN DWORD dwFlags,
  5478. IN PCERT_SYSTEM_STORE_INFO /*pStoreInfo*/,
  5479. IN OPTIONAL void* /*pvReserved*/,
  5480. IN OPTIONAL void *pvArg
  5481. )
  5482. {
  5483. _TRACE (1, L"Entering EnumLogCallback\n");
  5484. BOOL bResult = TRUE;
  5485. PENUM_LOG_ARG pEnumArg = (PENUM_LOG_ARG) pvArg;
  5487. // Create new cookies
  5488. SPECIAL_STORE_TYPE storeType = GetSpecialStoreType ((PWSTR) pwszSystemStore);
  5490. //
  5491. // We will not expose the ACRS store for machines or users. It is not
  5492. // interesting or useful at this level. All Auto Cert Requests should
  5493. // be managed only at the policy level.
  5494. //
  5495. if ( ACRS_STORE != storeType )
  5496. {
  5497. if ( pEnumArg->m_pCompData->ShowArchivedCerts () )
  5498. dwFlags |= CERT_STORE_ENUM_ARCHIVED_FLAG;
  5499. CCertStore* pStore = new CCertStore (
  5500. CERTMGR_LOG_STORE,
  5501. CERT_STORE_PROV_SYSTEM,
  5502. dwFlags,
  5503. pEnumArg->m_pcszMachineName,
  5504. (PCWSTR) pwszSystemStore,
  5505. (PCWSTR) pwszSystemStore,
  5506. _T (""), storeType,
  5507. pEnumArg->m_dwFlags,
  5508. pEnumArg->m_pConsole);
  5509. if ( pStore )
  5510. {
  5511. pEnumArg->m_pStoreList->AddTail (pStore);
  5512. }
  5513. }
  5515. _TRACE (-1, L"Leaving EnumLogCallback\n");
  5516. return bResult;
  5517. }
  5520. HRESULT CCertMgrComponentData::EnumerateLogicalStores (CTypedPtrList<CPtrList, CCertStore*>* pStoreList)
  5521. {
  5522. _TRACE (1, L"Entering CCertMgrComponentData::EnumerateLogicalStores\n");
  5523. CWaitCursor cursor;
  5524. HRESULT hr = S_OK;
  5525. ENUM_LOG_ARG enumArg;
  5526. DWORD dwFlags = GetLocation ();
  5528. // security review 2/26/2002 BryanWal ok
  5529. ::ZeroMemory (&enumArg, sizeof (enumArg));
  5530. enumArg.m_dwFlags = dwFlags;
  5531. enumArg.m_pStoreList = pStoreList;
  5532. enumArg.m_pcszMachineName =
  5533. QueryRootCookie ().QueryNonNULLMachineName ();
  5534. enumArg.m_pCompData = this;
  5535. enumArg.m_pConsole = m_pConsole;
  5536. CString location;
  5537. void* pvPara = 0;
  5541. if ( !GetManagedService ().IsEmpty () )
  5542. {
  5543. if ( !GetManagedComputer ().IsEmpty () )
  5544. {
  5545. location = GetManagedComputer () + _T("\\") +
  5546. GetManagedComputer ();
  5547. pvPara = (void *) (PCWSTR) location;
  5548. }
  5549. else
  5550. pvPara = (void *) (PCWSTR) GetManagedService ();
  5551. }
  5552. else if ( !GetManagedComputer ().IsEmpty () )
  5553. {
  5554. pvPara = (void *) (PCWSTR) GetManagedComputer ();
  5555. }
  5557. CString fileName = GetCommandLineFileName ();
  5558. if ( fileName.IsEmpty () )
  5559. {
  5560. // Ensure creation of MY store
  5561. HCERTSTORE hTempStore = ::CertOpenStore (CERT_STORE_PROV_SYSTEM,
  5562. X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
  5563. NULL,
  5564. dwFlags | CERT_STORE_SET_LOCALIZED_NAME_FLAG,
  5565. MY_SYSTEM_STORE_NAME);
  5566. if ( hTempStore ) // otherwise, store is read only
  5567. {
  5568. VERIFY (::CertCloseStore (hTempStore, CERT_CLOSE_STORE_CHECK_FLAG));
  5569. }
  5570. else
  5571. {
  5572. _TRACE (0, L"CertOpenStore (%s) failed: 0x%x\n",
  5573. MY_SYSTEM_STORE_NAME, GetLastError ());
  5574. }
  5576. if ( !::CertEnumSystemStore (dwFlags, pvPara, &enumArg, EnumLogCallback) )
  5577. {
  5578. DWORD dwErr = GetLastError ();
  5579. CString text;
  5580. CString caption;
  5582. VERIFY (caption.LoadString (IDS_CERTIFICATE_MANAGER));
  5583. if ( ERROR_ACCESS_DENIED == dwErr )
  5584. {
  5585. VERIFY (text.LoadString (IDS_NO_PERMISSION));
  5587. }
  5588. else
  5589. {
  5590. text.FormatMessage (IDS_CANT_ENUMERATE_SYSTEM_STORES, GetSystemMessage (dwErr));
  5591. }
  5592. int iRetVal = 0;
  5593. VERIFY (SUCCEEDED (m_pConsole->MessageBox (text, caption,
  5594. MB_OK, &iRetVal)));
  5595. hr = HRESULT_FROM_WIN32 (dwErr);
  5596. hr = HRESULT_FROM_WIN32 (dwErr);
  5597. }
  5598. }
  5599. else
  5600. {
  5601. // Create new cookies
  5602. dwFlags = 0;
  5604. // If there is a class file-based store, use that, otherwise allocate
  5605. // a new one.
  5606. CCertStore* pStore = m_pFileBasedStore;
  5607. if ( !pStore )
  5608. pStore = new CCertStore (
  5609. CERTMGR_LOG_STORE,
  5610. CERT_STORE_PROV_FILENAME_W,
  5611. dwFlags,
  5612. QueryRootCookie ().QueryNonNULLMachineName (),
  5613. fileName, fileName, _T (""), NO_SPECIAL_TYPE,
  5614. m_dwLocationPersist,
  5615. m_pConsole);
  5616. else
  5617. pStore->AddRef ();
  5618. if ( pStore )
  5619. {
  5620. pStoreList->AddTail (pStore);
  5621. }
  5622. }
  5624. _TRACE (-1, L"LeavingLeaving CCertMgrComponentData::EnumerateLogicalStores: 0x%x\n", hr);
  5625. return hr;
  5626. }
  5628. HRESULT CCertMgrComponentData::OnNotifyPreload(
  5629. LPDATAOBJECT /*lpDataObject*/,
  5630. HSCOPEITEM hRootScopeItem)
  5631. {
  5632. _TRACE (1, L"Entering CCertMgrComponentData::OnNotifyPreload\n");
  5633. ASSERT (m_fAllowOverrideMachineName);
  5634. HRESULT hr = S_OK;
  5636. QueryBaseRootCookie ().m_hScopeItem = hRootScopeItem;
  5638. // The machine name will be changed only if the stores are machine-based
  5639. // stores.
  5640. switch (m_dwLocationPersist)
  5641. {
  5642. case CERT_SYSTEM_STORE_LOCAL_MACHINE:
  5643. case CERT_SYSTEM_STORE_CURRENT_SERVICE:
  5644. case CERT_SYSTEM_STORE_SERVICES:
  5645. {
  5647. CString machineName = QueryRootCookie ().QueryNonNULLMachineName();
  5649. hr = ChangeRootNodeName (machineName);
  5650. }
  5651. break;
  5653. default:
  5654. break;
  5655. }
  5657. _TRACE (-1, L"LeavingLeaving CCertMgrComponentData::OnNotifyPreload: 0x%x\n", hr);
  5658. return hr;
  5659. }
  5661. ///////////////////////////////////////////////////////////////////////////////
  5662. //
  5663. // ChangeRootNodeName ()
  5664. //
  5665. // Purpose: Change the text of the root node
  5666. //
  5667. // Input: newName - the new machine name that the snapin manages
  5668. // Output: Returns S_OK on success
  5669. //
  5670. ///////////////////////////////////////////////////////////////////////////////
  5671. HRESULT CCertMgrComponentData::ChangeRootNodeName(const CString & newName)
  5672. {
  5673. _TRACE (1, L"Entering CCertMgrComponentData::ChangeRootNodeName\n");
  5675. if ( !QueryBaseRootCookie ().m_hScopeItem )
  5676. {
  5677. if ( m_hRootScopeItem )
  5678. QueryBaseRootCookie ().m_hScopeItem = m_hRootScopeItem;
  5679. else
  5680. return E_UNEXPECTED;
  5681. }
  5683. CString formattedName;
  5685. switch (m_dwLocationPersist)
  5686. {
  5687. case CERT_SYSTEM_STORE_LOCAL_MACHINE:
  5688. {
  5689. CString machineName (newName);
  5691. // If machineName is empty, then this manages the local machine. Get
  5692. // the local machine name. Then format the computer name with the snapin
  5693. // name
  5694. if ( IsLocalComputername (machineName) )
  5695. {
  5696. formattedName.LoadString (IDS_SCOPE_SNAPIN_TITLE_LOCAL_MACHINE);
  5697. m_szManagedComputer = L"";
  5698. }
  5699. else
  5700. {
  5701. machineName.MakeUpper ();
  5702. formattedName.FormatMessage (IDS_SCOPE_SNAPIN_TITLE_MACHINE, machineName);
  5703. m_szManagedComputer = machineName;
  5704. }
  5705. }
  5706. break;
  5708. case CERT_SYSTEM_STORE_CURRENT_SERVICE:
  5709. case CERT_SYSTEM_STORE_SERVICES:
  5710. {
  5711. CString machineName (newName);
  5713. // If machineName is empty, then this manages the local machine. Get
  5714. // the local machine name. Then format the computer name with the snapin
  5715. // name
  5716. if ( IsLocalComputername (machineName) )
  5717. {
  5718. // Get this machine name and add it to the string.
  5719. formattedName.FormatMessage (IDS_SCOPE_SNAPIN_TITLE_SERVICE_LOCAL_MACHINE,
  5720. m_szManagedServiceDisplayName);
  5721. m_szManagedComputer = L"";
  5722. }
  5723. else
  5724. {
  5725. formattedName.FormatMessage (IDS_SCOPE_SNAPIN_TITLE_SERVICE,
  5726. m_szManagedServiceDisplayName, machineName);
  5727. m_szManagedComputer = machineName;
  5728. }
  5729. }
  5730. break;
  5732. case CERT_SYSTEM_STORE_CURRENT_USER:
  5733. VERIFY (formattedName.LoadString (IDS_SCOPE_SNAPIN_TITLE_USER));
  5734. break;
  5736. case 0:
  5737. VERIFY (formattedName.LoadString (IDS_SCOPE_SNAPIN_TITLE_FILE));
  5738. break;
  5740. default:
  5741. return S_OK;
  5742. }
  5745. SCOPEDATAITEM item;
  5746. // security review 2/26/2002 BryanWal ok
  5747. ::ZeroMemory (&item, sizeof (item));
  5748. item.mask = SDI_STR;
  5749. item.displayname = (PWSTR) (PCWSTR) formattedName;
  5750. item.ID = QueryBaseRootCookie ().m_hScopeItem;
  5752. HRESULT hr = m_pConsoleNameSpace->SetItem (&item);
  5753. if ( FAILED (hr) )
  5754. {
  5755. _TRACE (0, L"IConsoleNameSpace2::SetItem () failed: 0x%x\n", hr);
  5756. }
  5757. if ( SUCCEEDED (hr) )
  5758. m_fInvalidComputer = false;
  5760. _TRACE (-1, L"LeavingLeaving CCertMgrComponentData::ChangeRootNodeName: 0x%x\n", hr);
  5761. return hr;
  5762. }
  5764. HRESULT CCertMgrComponentData::CreateContainers(
  5765. HSCOPEITEM hScopeItem,
  5766. CCertStore& rTargetStore)
  5767. {
  5768. _TRACE (1, L"Entering CCertMgrComponentData::CreateContainers\n");
  5769. HRESULT hr = S_OK;
  5771. // If the container was a cert store and it does not
  5772. // already have Certs/CRLs/CTLs, instantiate a new CRL container
  5773. // in the scope pane.
  5774. if ( -1 != hScopeItem )
  5775. {
  5776. SCOPEDATAITEM item;
  5778. // security review 2/26/2002 BryanWal ok
  5779. ::ZeroMemory (&item, sizeof (item));
  5780. item.mask = SDI_STATE;
  5781. item.nState = 0;
  5782. item.ID = hScopeItem;
  5784. hr = m_pConsoleNameSpace->SetItem (&item);
  5785. if ( FAILED (hr) )
  5786. {
  5787. _TRACE (0, L"IConsoleNameSpace2::SetItem () failed: 0x%x\n", hr);
  5788. }
  5789. if ( CERTMGR_LOG_STORE_GPE != rTargetStore.m_objecttype &&
  5790. CERTMGR_LOG_STORE_RSOP != rTargetStore.m_objecttype)
  5791. {
  5792. AddContainersToScopePane (hScopeItem,
  5793. rTargetStore, true);
  5794. }
  5795. }
  5797. _TRACE (-1, L"LeavingLeaving CCertMgrComponentData::CreateContainers: 0x%x\n", hr);
  5798. return hr;
  5799. }
  5803. HRESULT CCertMgrComponentData::OnOptions(LPDATAOBJECT pDataObject)
  5804. {
  5805. _TRACE (1, L"Entering CCertMgrComponentData::OnOptions\n");
  5806. AFX_MANAGE_STATE (AfxGetStaticModuleState ());
  5807. HWND hParent = 0;
  5810. // Get parent window handle and attach to a CWnd object
  5811. HRESULT hr = m_pConsole->GetMainWindow (&hParent);
  5812. ASSERT (SUCCEEDED (hr));
  5813. if ( SUCCEEDED (hr) )
  5814. {
  5815. int activeView = m_activeViewPersist;
  5816. BOOL bShowPhysicalStores = m_bShowPhysicalStoresPersist;
  5817. BOOL bShowArchivedCerts = m_bShowArchivedCertsPersist;
  5818. CWnd parentWnd;
  5819. VERIFY (parentWnd.Attach (hParent));
  5820. CViewOptionsDlg optionsDlg (&parentWnd,
  5821. this);
  5823. CThemeContextActivator activator;
  5824. INT_PTR iReturn = optionsDlg.DoModal ();
  5825. ASSERT (-1 != iReturn);
  5826. if ( -1 == iReturn )
  5827. hr = (HRESULT)iReturn;
  5829. if ( IDOK == iReturn )
  5830. {
  5831. long hint = 0;
  5833. if ( activeView != m_activeViewPersist )
  5834. {
  5835. hint |= HINT_CHANGE_VIEW_TYPE;
  5836. if ( IDM_USAGE_VIEW == m_activeViewPersist )
  5837. {
  5838. // view by usage
  5839. ASSERT (m_pHeader);
  5840. if ( m_pHeader && GetObjectType (pDataObject) == CERTMGR_SNAPIN )
  5841. {
  5842. CString str;
  5843. VERIFY (str.LoadString (IDS_COLUMN_PURPOSE) );
  5844. hr = m_pHeader->SetColumnText (0,
  5845. const_cast<PWSTR> ( (PCWSTR) str));
  5846. }
  5847. }
  5848. else
  5849. {
  5850. // View by stores
  5851. ASSERT (m_pHeader);
  5852. if ( m_pHeader && GetObjectType (pDataObject) == CERTMGR_SNAPIN )
  5853. {
  5854. CString str;
  5855. VERIFY (str.LoadString (IDS_COLUMN_LOG_CERTIFICATE_STORE));
  5856. hr = m_pHeader->SetColumnText (0,
  5857. const_cast<PWSTR> ( (PCWSTR) str));
  5858. }
  5859. }
  5860. }
  5862. if ( bShowPhysicalStores != m_bShowPhysicalStoresPersist )
  5863. hint |= HINT_CHANGE_STORE_TYPE;
  5865. if ( bShowArchivedCerts != m_bShowArchivedCertsPersist )
  5866. hint |= HINT_SHOW_ARCHIVE_CERTS;
  5868. if ( hint )
  5869. {
  5870. hr = m_pConsole->UpdateAllViews (pDataObject, 0, hint);
  5871. ASSERT (SUCCEEDED (hr));
  5872. m_fDirty = TRUE;
  5873. }
  5874. }
  5875. parentWnd.Detach ();
  5876. }
  5878. _TRACE (-1, L"LeavingLeaving CCertMgrComponentData::OnOptions: 0x%x\n", hr);
  5879. return hr;
  5880. }
  5882. bool CCertMgrComponentData::ShowArchivedCerts() const
  5883. {
  5884. _TRACE (0, L"Entering and leaving CCertMgrComponentData::ShowArchivedCerts\n");
  5885. if ( m_bShowArchivedCertsPersist )
  5886. return true;
  5887. else
  5888. return false;
  5889. }
  5892. HRESULT CCertMgrComponentData::OnPropertyChange (LPARAM param)
  5893. {
  5894. _TRACE (1, L"Entering CCertMgrComponentData::OnPropertyChange\n");
  5895. ASSERT (param);
  5896. if ( !param )
  5897. return E_FAIL;
  5899. HRESULT hr = S_OK;
  5900. LPDATAOBJECT pDataObject = reinterpret_cast<LPDATAOBJECT>(param);
  5901. bool bHandled = false;
  5903. CCertMgrCookie* pCookie = ConvertCookie (pDataObject);
  5904. if ( pCookie )
  5905. {
  5906. switch (pCookie->m_objecttype)
  5907. {
  5908. case CERTMGR_SAFER_COMPUTER_ENTRY:
  5909. case CERTMGR_SAFER_USER_ENTRY:
  5910. {
  5911. HRESULTITEM itemID = 0;
  5913. if ( m_pResultData )
  5914. {
  5915. pCookie->Refresh ();
  5916. hr = m_pResultData->FindItemByLParam ( (LPARAM) pCookie, &itemID);
  5917. if ( SUCCEEDED (hr) )
  5918. {
  5919. hr = m_pResultData->UpdateItem (itemID);
  5920. if ( FAILED (hr) )
  5921. {
  5922. _TRACE (0, L"IResultData::UpdateItem () failed: 0x%x\n", hr);
  5923. }
  5924. }
  5925. else
  5926. {
  5927. _TRACE (0, L"IResultData::FindItemByLParam () failed: 0x%x\n", hr);
  5928. }
  5929. }
  5930. else
  5931. {
  5932. _TRACE (0, L"Unexpected error: m_pResultData was NULL\n");
  5933. hr = E_FAIL;
  5934. }
  5935. bHandled = true;
  5936. }
  5937. break;
  5939. case CERTMGR_SAFER_COMPUTER_LEVEL:
  5940. case CERTMGR_SAFER_USER_LEVEL:
  5941. if ( m_pConsole )
  5942. hr = m_pConsole->UpdateAllViews (pDataObject, 0, 0);
  5943. break;
  5945. default:
  5946. break;
  5947. }
  5948. }
  5950. if ( !bHandled && m_pCryptUIMMCCallbackStruct )
  5951. {
  5953. if ( pDataObject == reinterpret_cast<LPDATAOBJECT>(m_pCryptUIMMCCallbackStruct->param) )
  5954. {
  5955. ::MMCFreeNotifyHandle (m_pCryptUIMMCCallbackStruct->lNotifyHandle);
  5956. pCookie = ConvertCookie (pDataObject);
  5957. if ( pCookie )
  5958. {
  5959. ASSERT (CERTMGR_CERTIFICATE == pCookie->m_objecttype);
  5960. if ( CERTMGR_CERTIFICATE == pCookie->m_objecttype )
  5961. {
  5962. CCertificate* pCert = reinterpret_cast<CCertificate*>(pCookie);
  5963. ASSERT (pCert);
  5964. if ( pCert && pCert->GetCertStore () )
  5965. {
  5966. pCert->GetCertStore ()->SetDirty ();
  5967. pCert->GetCertStore ()->Commit ();
  5968. pCert->GetCertStore ()->Close ();
  5969. }
  5970. }
  5971. }
  5973. pDataObject->Release ();
  5974. ::GlobalFree (m_pCryptUIMMCCallbackStruct);
  5975. m_pCryptUIMMCCallbackStruct = 0;
  5976. m_pConsole->UpdateAllViews (pDataObject, 0, 0);
  5977. }
  5978. }
  5981. _TRACE (-1, L"LeavingLeaving CCertMgrComponentData::OnPropertyChange: 0x%x\n", hr);
  5982. return hr;
  5983. }
  5985. HRESULT CCertMgrComponentData::OnDeleteEFSPolicy(LPDATAOBJECT pDataObject, bool bCommitChanges)
  5986. {
  5987. _TRACE (1, L"Entering CCertMgrComponentData::OnDeleteEFSPolicy\n");
  5988. AFX_MANAGE_STATE (AfxGetStaticModuleState ());
  5989. ASSERT (pDataObject);
  5990. if ( !pDataObject )
  5991. return E_POINTER;
  5993. HRESULT hr = S_OK;
  5994. CCertMgrCookie* pCookie = ConvertCookie (pDataObject);
  5995. ASSERT (pCookie);
  5996. if ( pCookie )
  5997. {
  5998. CCertStoreGPE* pStore = reinterpret_cast <CCertStoreGPE*> (pCookie);
  5999. ASSERT (pStore && EFS_STORE == pStore->GetStoreType () && !pStore->IsNullEFSPolicy () );
  6000. if ( pStore && EFS_STORE == pStore->GetStoreType () && !pStore->IsNullEFSPolicy () )
  6001. {
  6002. pStore->DeleteEFSPolicy (bCommitChanges);
  6004. // Force scope item selection to force call to
  6005. // IComponent::QueryResultViewType ()
  6006. hr = m_pComponentConsole->SelectScopeItem (pStore->m_hScopeItem);
  6007. hr = m_pConsole->UpdateAllViews (pDataObject, 0, HINT_EFS_ADD_DEL_POLICY);
  6008. hr = OnNotifyExpand (pDataObject, TRUE, pStore->m_hScopeItem);
  6009. }
  6010. }
  6012. _TRACE (-1, L"LeavingLeaving CCertMgrComponentData::OnDeleteEFSPolicy: 0x%x\n", hr);
  6013. return hr;
  6014. }
  6016. HRESULT CCertMgrComponentData::OnInitEFSPolicy(LPDATAOBJECT pDataObject)
  6017. {
  6018. _TRACE (1, L"Entering CCertMgrComponentData::OnInitEFSPolicy\n");
  6019. AFX_MANAGE_STATE (AfxGetStaticModuleState ());
  6020. ASSERT (pDataObject);
  6021. if ( !pDataObject )
  6022. return E_POINTER;
  6024. HRESULT hr = S_OK;
  6025. CCertMgrCookie* pCookie = ConvertCookie (pDataObject);
  6026. ASSERT (pCookie);
  6027. if ( pCookie )
  6028. {
  6029. CCertStoreGPE* pStore = reinterpret_cast <CCertStoreGPE*> (pCookie);
  6030. ASSERT (pStore && EFS_STORE == pStore->GetStoreType () && pStore->IsNullEFSPolicy () );
  6031. if ( pStore && EFS_STORE == pStore->GetStoreType () && pStore->IsNullEFSPolicy () )
  6032. {
  6033. pStore->SetDirty ();
  6034. pStore->AllowEmptyEFSPolicy ();
  6035. pStore->PolicyChanged ();
  6036. pStore->Commit ();
  6037. hr = m_pConsole->UpdateAllViews (pDataObject, 0, HINT_EFS_ADD_DEL_POLICY);
  6038. }
  6039. }
  6041. _TRACE (-1, L"LeavingLeaving CCertMgrComponentData::OnInitEFSPolicy: 0x%x\n", hr);
  6042. return hr;
  6043. }
  6045. ///////////////////////////////////////////////////////////////////////////////
  6046. //
  6047. // CCertMgrComponentData::RemoveResultCookies
  6048. //
  6049. // Remove and delete all the result cookies corresponding to the LPRESULTDATA
  6050. // object passed in. Thus all cookies added to pResultData are released and
  6051. // removed from the master list.
  6052. //
  6053. ///////////////////////////////////////////////////////////////////////////////
  6054. void CCertMgrComponentData::RemoveResultCookies(LPRESULTDATA pResultData)
  6055. {
  6056. _TRACE (1, L"Entering CCertMgrComponentData::RemoveResultCookies\n");
  6057. CCertMgrCookie* pCookie = 0;
  6059. CCookie& rootCookie = QueryBaseRootCookie ();
  6061. POSITION curPos = 0;
  6063. for (POSITION nextPos = rootCookie.m_listResultCookieBlocks.GetHeadPosition (); nextPos; )
  6064. {
  6065. curPos = nextPos;
  6066. pCookie = reinterpret_cast <CCertMgrCookie*> (rootCookie.m_listResultCookieBlocks.GetNext (nextPos));
  6067. ASSERT (pCookie);
  6068. if ( pCookie )
  6069. {
  6070. if ( pCookie->m_resultDataID == pResultData )
  6071. {
  6072. pCookie->Release ();
  6073. rootCookie.m_listResultCookieBlocks.RemoveAt (curPos);
  6074. }
  6075. }
  6076. }
  6077. _TRACE (-1, L"Leaving CCertMgrComponentData::RemoveResultCookies\n");
  6078. }
  6081. HRESULT CCertMgrComponentData::ValidateCertChain(PCCERT_CONTEXT pCertContext)
  6082. {
  6083. _TRACE (1, L"Entering CCertMgrComponentData::ValidateCertChain\n");
  6084. HRESULT hr = S_OK;
  6085. ASSERT (pCertContext);
  6086. if ( !pCertContext )
  6087. return E_POINTER;
  6089. CERT_CONTEXT_LIST certChainList;
  6090. BOOL bValidated = GetCertificateChain (
  6091. const_cast<CERT_CONTEXT*>(pCertContext),
  6092. certChainList);
  6093. if ( !bValidated )
  6094. {
  6095. int iRetVal = 0;
  6096. CString text;
  6097. CString caption;
  6099. VERIFY (text.LoadString (IDS_CERT_COULD_NOT_BE_VALIDATED));
  6100. VERIFY (caption.LoadString (IDS_CERTIFICATE_MANAGER));
  6102. hr = m_pConsole->MessageBox (text, caption,
  6103. MB_OK, &iRetVal);
  6104. }
  6106. // Clean up list
  6107. CERT_CONTEXT* pDeleteContext = 0;
  6108. while (!certChainList.IsEmpty () )
  6109. {
  6110. pDeleteContext = certChainList.RemoveHead ();
  6111. if ( pDeleteContext )
  6112. ::CertFreeCertificateContext (pCertContext);
  6113. }
  6116. _TRACE (-1, L"LeavingLeaving CCertMgrComponentData::ValidateCertChain: 0x%x\n", hr);
  6117. return hr;
  6118. }
  6120. HRESULT CCertMgrComponentData::RemoveCertChainFromPolicy(
  6121. PCCERT_CONTEXT pCertContext,
  6122. CERT_CONTEXT_LIST& certChainsThatCantBeDeleted)
  6123. {
  6124. _TRACE (1, L"Entering CCertMgrComponentData::RemoveCertChainFromPolicy\n");
  6125. HRESULT hr = S_OK;
  6126. ASSERT (pCertContext);
  6127. if ( !pCertContext )
  6128. return E_POINTER;
  6130. CERT_CONTEXT_LIST certChainList;
  6131. BOOL bValidated = GetCertificateChain (
  6132. const_cast<CERT_CONTEXT*>(pCertContext),
  6133. certChainList);
  6134. if ( bValidated )
  6135. {
  6136. // Add this cert context to the chain
  6137. certChainList.AddTail (
  6138. const_cast<CERT_CONTEXT*>
  6139. (::CertDuplicateCertificateContext (pCertContext)));
  6141. CCertStoreGPE CAStore (
  6142. CERT_SYSTEM_STORE_RELOCATE_FLAG,
  6143. _T (""),
  6144. _T (""),
  6145. CA_SYSTEM_STORE_NAME,
  6146. _T (""),
  6147. m_pGPEInformation,
  6148. NODEID_Machine,
  6149. m_pConsole);
  6151. for (POSITION pos = certChainList.GetHeadPosition (); pos;)
  6152. {
  6153. PCCERT_CONTEXT pCertChainContext = certChainList.GetNext (pos);
  6154. // Do not remove chain-certs whose EFS
  6155. // agents are still in the EFS store
  6156. bool bFound = false;
  6157. for (POSITION posND = certChainsThatCantBeDeleted.GetHeadPosition ();
  6158. posND; )
  6159. {
  6160. CERT_CONTEXT* pNonDelChainCertContext = certChainsThatCantBeDeleted.GetNext (posND);
  6161. if ( pNonDelChainCertContext )
  6162. {
  6163. if ( ::CertCompareCertificate (
  6164. X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
  6165. pCertChainContext->pCertInfo,
  6166. pNonDelChainCertContext->pCertInfo) )
  6167. {
  6168. bFound = true;
  6169. break;
  6170. }
  6171. }
  6172. }
  6174. // Was found in the list of certs that cant be deleted
  6175. // Try the next one.
  6176. if ( bFound )
  6177. continue;
  6179. // Wasn't found in the list that can't be deleted.
  6180. // Go ahead and delete
  6181. DWORD cbData = 20;
  6182. BYTE certHash[20];
  6183. BOOL bReturn = ::CertGetCertificateContextProperty (
  6184. pCertContext,
  6185. CERT_SHA1_HASH_PROP_ID,
  6186. certHash,
  6187. &cbData);
  6188. ASSERT (bReturn);
  6189. if ( bReturn )
  6190. {
  6191. CRYPT_DATA_BLOB blob = {sizeof (certHash), certHash};
  6192. PCCERT_CONTEXT pFoundCertContext = CertFindCertificateInStore(
  6193. CAStore.GetStoreHandle (),
  6194. 0,
  6195. 0,
  6196. CERT_FIND_SHA1_HASH,
  6197. &blob,
  6198. 0);
  6199. if ( pFoundCertContext )
  6200. {
  6201. ::CertDeleteCertificateFromStore (pFoundCertContext);
  6202. }
  6203. }
  6204. }
  6206. CAStore.Commit ();
  6207. }
  6209. // Clean up list
  6210. CERT_CONTEXT* pDeleteContext = 0;
  6211. while (!certChainList.IsEmpty () )
  6212. {
  6213. pDeleteContext = certChainList.RemoveHead ();
  6214. if ( pDeleteContext )
  6215. ::CertFreeCertificateContext (pCertContext);
  6216. }
  6218. _TRACE (-1, L"LeavingLeaving CCertMgrComponentData::RemoveCertChainFromPolicy: 0x%x\n", hr);
  6219. return hr;
  6220. }
  6222. STDMETHODIMP CCertMgrComponentData::GetLinkedTopics(LPOLESTR* lpCompiledHelpFiles)
  6223. {
  6224. HRESULT hr = S_OK;
  6227. if ( lpCompiledHelpFiles )
  6228. {
  6229. CString strLinkedTopic;
  6231. UINT nLen = ::GetSystemWindowsDirectory (strLinkedTopic.GetBufferSetLength(2 * MAX_PATH), 2 * MAX_PATH);
  6232. strLinkedTopic.ReleaseBuffer();
  6233. if ( nLen )
  6234. {
  6235. strLinkedTopic += L"\\help\\";
  6236. strLinkedTopic += m_strLinkedHelpFile;
  6238. *lpCompiledHelpFiles = reinterpret_cast<LPOLESTR>
  6239. (CoTaskMemAlloc((strLinkedTopic.GetLength() + 1)* sizeof(wchar_t)));
  6241. if ( *lpCompiledHelpFiles )
  6242. {
  6243. // security review 2/26/2002 BryanWal ok
  6244. wcscpy(*lpCompiledHelpFiles, (PWSTR)(PCWSTR)strLinkedTopic);
  6245. }
  6246. else
  6247. hr = E_OUTOFMEMORY;
  6248. }
  6249. else
  6250. hr = E_FAIL;
  6251. }
  6252. else
  6253. return E_POINTER;
  6256. return hr;
  6257. }
  6259. STDMETHODIMP CCertMgrComponentData::GetHelpTopic(LPOLESTR* lpCompiledHelpFile)
  6260. {
  6261. return CComponentData::GetHelpTopic (lpCompiledHelpFile);
  6262. }