archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 827363a95b
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '827363a95b'
${ noResults }
windows-server-2003/ds/security/cryptoapi/pki/rpor/scheme.cpp

1184 lines
36 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. //+---------------------------------------------------------------------------
  2. //
  3. // Microsoft Windows NT Security
  4. // Copyright (C) Microsoft Corporation, 1997 - 1999
  5. //
  6. // File: scheme.cpp
  7. //
  8. // Contents: Generic Scheme Provider Utility Functions
  9. //
  10. // History: 18-Aug-97 kirtd Created
  11. // 01-Jan-02 philh Moved from wininet to winhttp
  12. //
  13. //----------------------------------------------------------------------------
  14. #include <global.hxx>
  15. #include <userenv.h>
  16. #include <userenvp.h> // for GetUserAppDataPathW
  17. #include <dbgdef.h>
  19. //+-------------------------------------------------------------------------
  20. // For impersonation, return thread token, otherwise, return process token
  21. //--------------------------------------------------------------------------
  22. HANDLE
  23. WINAPI
  24. I_SchemeGetToken()
  25. {
  26. HANDLE hToken = NULL;
  27. DWORD dwErr;
  29. //
  30. // first, attempt to look at the thread token. If none exists,
  31. // which is true if the thread is not impersonating, try the
  32. // process token.
  33. //
  35. if (!OpenThreadToken(
  36. GetCurrentThread(),
  37. TOKEN_QUERY | TOKEN_IMPERSONATE,
  38. TRUE,
  39. &hToken
  40. )) {
  41. dwErr = GetLastError();
  42. if (ERROR_NO_TOKEN != dwErr)
  43. goto OpenThreadTokenError;
  45. if (!OpenProcessToken(GetCurrentProcess(),
  46. TOKEN_QUERY | TOKEN_IMPERSONATE | TOKEN_DUPLICATE, &hToken)) {
  47. dwErr = GetLastError();
  48. goto OpenProcessTokenError;
  49. }
  50. }
  52. CommonReturn:
  53. return hToken;
  54. ErrorReturn:
  55. hToken = NULL;
  56. goto CommonReturn;
  57. SET_ERROR_VAR(OpenThreadTokenError, dwErr)
  58. SET_ERROR_VAR(OpenProcessTokenError, dwErr)
  59. }
  61. //+-------------------------------------------------------------------------
  62. // Ensure LastError is preserved
  63. //--------------------------------------------------------------------------
  64. VOID
  65. WINAPI
  66. I_SchemeCloseHandle(
  67. IN HANDLE h
  68. )
  69. {
  70. if (h) {
  71. DWORD dwErr = GetLastError();
  73. CloseHandle(h);
  75. SetLastError(dwErr);
  76. }
  77. }
  79. //+-------------------------------------------------------------------------
  80. // Returns %UserProfile%\Microsoft\CryptnetUrlCache\ which must be
  81. // freed via PkiFree().
  82. //--------------------------------------------------------------------------
  83. LPWSTR
  84. WINAPI
  85. I_SchemeGetCryptnetUrlCacheDir()
  86. {
  87. DWORD dwErr;
  88. HANDLE hToken = NULL;
  89. LPWSTR pwszDir = NULL;
  90. DWORD cchDir;
  91. WCHAR wszAppDataPath[MAX_PATH + 1];
  93. hToken = I_SchemeGetToken();
  95. wszAppDataPath[0] = L'\0';
  96. dwErr = GetUserAppDataPathW(
  97. hToken,
  98. FALSE, // fLocalAppData
  99. wszAppDataPath
  100. );
  102. if (ERROR_SUCCESS != dwErr || L'\0' == wszAppDataPath[0])
  103. goto GetUserAppDataPathError;
  105. wszAppDataPath[MAX_PATH] = L'\0';
  107. #if DBG
  108. DbgPrintf(DBG_SS_CRYPT32, "userenv!GetUserAppDataPathW:: %S\n",
  109. wszAppDataPath);
  110. #endif
  112. cchDir = wcslen(wszAppDataPath) + wcslen(SCHEME_CRYPTNET_URL_CACHE_DIR) + 1;
  114. pwszDir = (LPWSTR) PkiNonzeroAlloc(cchDir * sizeof(WCHAR));
  115. if (NULL == pwszDir)
  116. goto OutOfMemory;
  118. wcscpy(pwszDir, wszAppDataPath);
  119. wcscat(pwszDir, SCHEME_CRYPTNET_URL_CACHE_DIR);
  121. CommonReturn:
  122. if (hToken)
  123. I_SchemeCloseHandle(hToken);
  124. return pwszDir;
  125. ErrorReturn:
  126. pwszDir = NULL;
  127. goto CommonReturn;
  129. SET_ERROR_VAR(GetUserAppDataPathError, dwErr)
  130. TRACE_ERROR(OutOfMemory)
  131. }
  133. //+-------------------------------------------------------------------------
  134. // Converts the bytes into UNICODE HEX
  135. //
  136. // Needs (cb * 2 + 1) * sizeof(WCHAR) bytes of space in wsz
  137. //--------------------------------------------------------------------------
  138. VOID
  139. WINAPI
  140. I_SchemeBytesToWStr(DWORD cb, void* pv, LPWSTR wsz)
  141. {
  142. BYTE* pb = (BYTE*) pv;
  143. for (DWORD i = 0; i<cb; i++) {
  144. int b;
  145. b = (*pb & 0xF0) >> 4;
  146. *wsz++ = (WCHAR)( (b <= 9) ? b + L'0' : (b - 10) + L'A');
  147. b = *pb & 0x0F;
  148. *wsz++ = (WCHAR)( (b <= 9) ? b + L'0' : (b - 10) + L'A');
  149. pb++;
  150. }
  151. *wsz++ = 0;
  152. }
  155. //+-------------------------------------------------------------------------
  156. // Gets the URL's filename by formatting its MD5 hash as UNICODE hex
  157. //--------------------------------------------------------------------------
  158. VOID
  159. WINAPI
  160. I_SchemeGetUrlFileName(
  161. IN LPCWSTR pwszUrl,
  162. OUT WCHAR wszUrlFileName[SCHEME_URL_FILENAME_LEN]
  163. )
  164. {
  165. MD5_CTX md5ctx;
  167. MD5Init(&md5ctx);
  168. MD5Update(&md5ctx, (const BYTE *) pwszUrl, wcslen(pwszUrl) * sizeof(WCHAR));
  169. MD5Final(&md5ctx);
  171. // convert to a string
  172. I_SchemeBytesToWStr(MD5DIGESTLEN, md5ctx.digest, wszUrlFileName);
  173. }
  175. static DWORD rgdwCreateFileRetryMilliseconds[] =
  176. { 1, 10, 100, 500, 1000, 5000 };
  178. #define MAX_CREATE_FILE_RETRY_COUNT \
  179. (sizeof(rgdwCreateFileRetryMilliseconds) / \
  180. sizeof(rgdwCreateFileRetryMilliseconds[0]))
  182. //+-------------------------------------------------------------------------
  183. // For ERROR_SHARING_VIOLATION or ERROR_ACCESS_DENIED errors returned
  184. // by CreateFileW(), retries after sleeping the above times.
  185. //
  186. // Note, the file to be created is under %UserProfile%. Therefore, unless
  187. // opened by another thread shouldn't get the above errors.
  188. //
  189. // If unable to create the file, returns NULL and not INVALID_HANDLE_VALUE.
  190. //--------------------------------------------------------------------------
  191. HANDLE
  192. WINAPI
  193. I_SchemeCreateFile(
  194. IN LPCWSTR pwszFileName,
  195. IN BOOL fWrite
  196. )
  197. {
  198. HANDLE hFile = INVALID_HANDLE_VALUE;
  199. DWORD dwErr;
  200. DWORD dwRetryCount;
  202. dwRetryCount = 0;
  203. while (INVALID_HANDLE_VALUE == (hFile = CreateFileW(
  204. pwszFileName,
  205. fWrite ? (GENERIC_WRITE | GENERIC_READ) : GENERIC_READ,
  206. fWrite ? 0 : FILE_SHARE_READ,
  207. NULL, // lpsa
  208. fWrite ? CREATE_ALWAYS : OPEN_EXISTING,
  209. fWrite ? FILE_ATTRIBUTE_SYSTEM : FILE_ATTRIBUTE_NORMAL,
  210. NULL // hTemplateFile
  211. ))) {
  212. dwErr = GetLastError();
  213. if ((ERROR_SHARING_VIOLATION == dwErr ||
  214. ERROR_ACCESS_DENIED == dwErr) &&
  215. MAX_CREATE_FILE_RETRY_COUNT > dwRetryCount) {
  216. Sleep(rgdwCreateFileRetryMilliseconds[dwRetryCount]);
  217. dwRetryCount++;
  218. } else {
  219. if (ERROR_PATH_NOT_FOUND == dwErr)
  220. dwErr = ERROR_FILE_NOT_FOUND;
  221. goto CreateFileError;
  222. }
  223. }
  225. CommonReturn:
  226. return hFile;
  227. ErrorReturn:
  228. hFile = NULL;
  229. goto CommonReturn;
  231. SET_ERROR_VAR(CreateFileError, dwErr)
  232. }
  235. //+-------------------------------------------------------------------------
  236. // The MetaData file is always opened first and closed last.
  237. // Its opened for writing without sharing.
  238. //--------------------------------------------------------------------------
  239. BOOL
  240. WINAPI
  241. I_SchemeCreateCacheFiles(
  242. IN LPCWSTR pwszUrl,
  243. IN BOOL fWrite,
  244. OUT HANDLE *phMetaDataFile,
  245. OUT HANDLE *phContentFile
  246. )
  247. {
  248. BOOL fResult;
  249. LPWSTR pwszCryptnetUrlCacheDir = NULL;
  250. DWORD cchCryptnetUrlCacheDir;
  251. LPWSTR pwszMetaDataFile = NULL;
  252. LPWSTR pwszContentFile = NULL;
  254. HANDLE hMetaDataFile = NULL;
  255. HANDLE hContentFile = NULL;
  256. WCHAR wszUrlFileName[SCHEME_URL_FILENAME_LEN];
  258. pwszCryptnetUrlCacheDir = I_SchemeGetCryptnetUrlCacheDir();
  259. if (NULL == pwszCryptnetUrlCacheDir)
  260. goto GetCryptnetUrlCacheDirError;
  262. cchCryptnetUrlCacheDir = wcslen(pwszCryptnetUrlCacheDir);
  264. pwszMetaDataFile = (LPWSTR) PkiNonzeroAlloc(
  265. (cchCryptnetUrlCacheDir + wcslen(SCHEME_META_DATA_SUBDIR) + 1 +
  266. SCHEME_URL_FILENAME_LEN) * sizeof(WCHAR));
  267. pwszContentFile = (LPWSTR) PkiNonzeroAlloc(
  268. (cchCryptnetUrlCacheDir + wcslen(SCHEME_CONTENT_SUBDIR) + 1 +
  269. SCHEME_URL_FILENAME_LEN) * sizeof(WCHAR));
  271. if (NULL == pwszMetaDataFile || NULL == pwszContentFile)
  272. goto OutOfMemory;
  274. wcscpy(pwszMetaDataFile, pwszCryptnetUrlCacheDir);
  275. wcscat(pwszMetaDataFile, SCHEME_META_DATA_SUBDIR);
  276. wcscpy(pwszContentFile, pwszCryptnetUrlCacheDir);
  277. wcscat(pwszContentFile, SCHEME_CONTENT_SUBDIR);
  280. if (fWrite) {
  281. if (!I_RecursiveCreateDirectory(pwszMetaDataFile, NULL))
  282. goto CreateMetaDataDirError;
  283. if (!I_RecursiveCreateDirectory(pwszContentFile, NULL))
  284. goto CreateContentDirError;
  285. }
  287. I_SchemeGetUrlFileName(pwszUrl, wszUrlFileName);
  289. wcscat(pwszMetaDataFile, L"\\");
  290. wcscat(pwszMetaDataFile, wszUrlFileName);
  291. hMetaDataFile = I_SchemeCreateFile(pwszMetaDataFile, fWrite);
  292. if (NULL == hMetaDataFile)
  293. goto CreateMetaDataFileError;
  295. wcscat(pwszContentFile, L"\\");
  296. wcscat(pwszContentFile, wszUrlFileName);
  297. hContentFile = I_SchemeCreateFile(pwszContentFile, fWrite);
  298. if (NULL == hContentFile)
  299. goto CreateContentFileError;
  301. fResult = TRUE;
  303. CommonReturn:
  304. PkiFree(pwszCryptnetUrlCacheDir);
  305. PkiFree(pwszMetaDataFile);
  306. PkiFree(pwszContentFile);
  308. *phMetaDataFile = hMetaDataFile;
  309. *phContentFile = hContentFile;
  310. return fResult;
  312. ErrorReturn:
  313. if (NULL != hContentFile) {
  314. I_SchemeCloseHandle(hContentFile);
  315. hContentFile = NULL;
  316. }
  317. if (NULL != hMetaDataFile) {
  318. I_SchemeCloseHandle(hMetaDataFile);
  319. hMetaDataFile = NULL;
  320. }
  322. fResult = FALSE;
  323. goto CommonReturn;
  325. TRACE_ERROR(GetCryptnetUrlCacheDirError)
  326. TRACE_ERROR(OutOfMemory)
  327. TRACE_ERROR(CreateMetaDataDirError)
  328. TRACE_ERROR(CreateContentDirError)
  329. TRACE_ERROR(CreateMetaDataFileError)
  330. TRACE_ERROR(CreateContentFileError)
  331. }
  334. //+-------------------------------------------------------------------------
  335. // The returned MetaDataHeader must be freed via PkiFree(). Returns NULL
  336. // for any errors. pcbBlob and pwszUrl point to memory following the
  337. // header and don't need to be freed.
  338. //
  339. // The pwsUrl is guaranteed to be NULL terminated.
  340. //--------------------------------------------------------------------------
  341. PSCHEME_CACHE_META_DATA_HEADER
  342. WINAPI
  343. I_SchemeReadAndValidateMetaDataFile(
  344. IN HANDLE hMetaDataFile,
  345. OUT OPTIONAL DWORD **ppcbBlob, // Not allocated
  346. OUT OPTIONAL LPCWSTR *ppwszUrl // Not allocated
  347. )
  348. {
  349. PSCHEME_CACHE_META_DATA_HEADER pMetaDataHeader = NULL;
  350. DWORD *pcbBlob = NULL;
  351. LPWSTR pwszUrl = NULL;
  353. DWORD cbMetaData;
  354. DWORD cbBytesRead;
  355. DWORD cBlob;
  356. DWORD cchUrl;
  357. DWORD dwUrlOffset;
  359. cbMetaData = GetFileSize(hMetaDataFile, NULL);
  360. if (INVALID_FILE_SIZE == cbMetaData ||
  361. sizeof(SCHEME_CACHE_META_DATA_HEADER) > cbMetaData)
  362. goto InvalidMetaDataFile;
  364. pMetaDataHeader = (PSCHEME_CACHE_META_DATA_HEADER) PkiZeroAlloc(
  365. cbMetaData);
  366. if (NULL == pMetaDataHeader)
  367. goto OutOfMemory;
  369. if (!ReadFile(
  370. hMetaDataFile,
  371. pMetaDataHeader,
  372. cbMetaData,
  373. &cbBytesRead,
  374. NULL // lpOverlapped
  375. ) || cbMetaData != cbBytesRead)
  376. goto ReadMetaDataFileError;
  378. cBlob = pMetaDataHeader->cBlob;
  380. if (sizeof(SCHEME_CACHE_META_DATA_HEADER) > pMetaDataHeader->cbSize ||
  381. cbMetaData < pMetaDataHeader->cbSize ||
  382. 0 != (pMetaDataHeader->cbSize % sizeof(DWORD)) ||
  383. cBlob > (cbMetaData - pMetaDataHeader->cbSize) / sizeof(DWORD))
  384. goto InvalidMetaDataFile;
  386. pcbBlob = (DWORD *) (((BYTE*)pMetaDataHeader) + pMetaDataHeader->cbSize);
  388. cchUrl = pMetaDataHeader->cbUrl / sizeof(WCHAR);
  389. dwUrlOffset = pMetaDataHeader->cbSize + sizeof(DWORD) * cBlob;
  390. if (0 == cchUrl ||
  391. cchUrl > (cbMetaData - dwUrlOffset) / sizeof(WCHAR))
  392. goto InvalidMetaDataFile;
  393. pwszUrl = (LPWSTR) (((BYTE*)pMetaDataHeader) + dwUrlOffset);
  394. pwszUrl[cchUrl - 1] = L'\0';
  396. CommonReturn:
  397. if (ppcbBlob)
  398. *ppcbBlob = pcbBlob;
  399. if (ppwszUrl)
  400. *ppwszUrl = (LPCWSTR) pwszUrl;
  402. return pMetaDataHeader;
  404. ErrorReturn:
  405. if (pMetaDataHeader) {
  406. PkiFree(pMetaDataHeader);
  407. pMetaDataHeader = NULL;
  408. }
  409. pcbBlob = NULL;
  410. pwszUrl = NULL;
  412. goto CommonReturn;
  414. SET_ERROR(InvalidMetaDataFile, CRYPT_E_FILE_ERROR)
  415. TRACE_ERROR(OutOfMemory)
  416. TRACE_ERROR(ReadMetaDataFileError)
  417. }
  421. //+---------------------------------------------------------------------------
  422. //
  423. // Function: SchemeCacheCryptBlobArray
  424. //
  425. // Synopsis: cache the crypt blob array under the given URL
  426. //
  427. //----------------------------------------------------------------------------
  428. BOOL WINAPI
  429. SchemeCacheCryptBlobArray (
  430. IN LPCWSTR pwszUrl,
  431. IN DWORD dwRetrievalFlags,
  432. IN PCRYPT_BLOB_ARRAY pcba,
  433. IN PCRYPT_RETRIEVE_AUX_INFO pAuxInfo
  434. )
  435. {
  436. BOOL fResult;
  437. SCHEME_CACHE_META_DATA_HEADER MetaDataHeader;
  438. HANDLE hMetaDataFile = NULL;
  439. HANDLE hContentFile = NULL;
  440. DWORD cbBytesWritten;
  441. DWORD i;
  443. if (!I_SchemeCreateCacheFiles(
  444. pwszUrl,
  445. TRUE, // fWrite
  446. &hMetaDataFile,
  447. &hContentFile
  448. ))
  449. goto CreateCacheFilesError;
  451. memset(&MetaDataHeader, 0, sizeof(MetaDataHeader));
  452. MetaDataHeader.cbSize = sizeof(MetaDataHeader);
  453. MetaDataHeader.dwMagic = SCHEME_CACHE_META_DATA_MAGIC;
  454. MetaDataHeader.cBlob = pcba->cBlob;
  455. MetaDataHeader.cbUrl = (wcslen(pwszUrl) + 1) * sizeof(WCHAR);
  456. GetSystemTimeAsFileTime(&MetaDataHeader.LastSyncTime);
  458. if (!WriteFile(
  459. hMetaDataFile,
  460. &MetaDataHeader,
  461. sizeof(MetaDataHeader),
  462. &cbBytesWritten,
  463. NULL // lpOverlapped
  464. ))
  465. goto WriteMetaDataHeaderError;
  467. for (i = 0; i < pcba->cBlob; i++) {
  468. DWORD cbBlob = pcba->rgBlob[i].cbData;
  470. if (!WriteFile(
  471. hMetaDataFile,
  472. &cbBlob,
  473. sizeof(cbBlob),
  474. &cbBytesWritten,
  475. NULL // lpOverlapped
  476. ))
  477. goto WriteBlobLengthError;
  479. if (0 != cbBlob) {
  480. if (!WriteFile(
  481. hContentFile,
  482. pcba->rgBlob[i].pbData,
  483. cbBlob,
  484. &cbBytesWritten,
  485. NULL // lpOverlapped
  486. ))
  487. goto WriteBlobContentError;
  488. }
  489. }
  491. if (!WriteFile(
  492. hMetaDataFile,
  493. pwszUrl,
  494. MetaDataHeader.cbUrl,
  495. &cbBytesWritten,
  496. NULL // lpOverlapped
  497. ))
  498. goto WriteUrlError;
  500. if (pAuxInfo &&
  501. offsetof(CRYPT_RETRIEVE_AUX_INFO, pLastSyncTime) <
  502. pAuxInfo->cbSize && pAuxInfo->pLastSyncTime)
  503. *pAuxInfo->pLastSyncTime = MetaDataHeader.LastSyncTime;
  505. fResult = TRUE;
  507. CommonReturn:
  508. if (NULL != hContentFile)
  509. I_SchemeCloseHandle(hContentFile);
  510. if (NULL != hMetaDataFile)
  511. I_SchemeCloseHandle(hMetaDataFile);
  512. return fResult;
  514. ErrorReturn:
  515. fResult = FALSE;
  516. goto CommonReturn;
  517. TRACE_ERROR(CreateCacheFilesError)
  518. TRACE_ERROR(WriteMetaDataHeaderError)
  519. TRACE_ERROR(WriteBlobLengthError)
  520. TRACE_ERROR(WriteBlobContentError)
  521. TRACE_ERROR(WriteUrlError)
  522. }
  525. //+---------------------------------------------------------------------------
  526. //
  527. // Function: SchemeRetrieveCachedCryptBlobArray
  528. //
  529. // Synopsis: retrieve cached blob array bits
  530. //
  531. //----------------------------------------------------------------------------
  532. BOOL WINAPI
  533. SchemeRetrieveCachedCryptBlobArray (
  534. IN LPCWSTR pwszUrl,
  535. IN DWORD dwRetrievalFlags,
  536. OUT PCRYPT_BLOB_ARRAY pcba,
  537. OUT PFN_FREE_ENCODED_OBJECT_FUNC* ppfnFreeObject,
  538. OUT LPVOID* ppvFreeContext,
  539. IN OUT PCRYPT_RETRIEVE_AUX_INFO pAuxInfo
  540. )
  541. {
  542. BOOL fResult;
  543. HANDLE hMetaDataFile = NULL;
  544. HANDLE hContentFile = NULL;
  545. PSCHEME_CACHE_META_DATA_HEADER pMetaDataHeader = NULL;
  546. DWORD *pcbBlob; // not allocated
  547. DWORD cbContent;
  548. DWORD cBlob;
  549. PCRYPT_BLOB_ARRAY pCachedArray = NULL;
  550. PCRYPT_DATA_BLOB pBlob; // not allocated
  551. BYTE *pbBlob; // not allocated
  552. DWORD cbBlobHeader;
  553. DWORD cbBytesRead;
  554. DWORD i;
  556. if (!I_SchemeCreateCacheFiles(
  557. pwszUrl,
  558. FALSE, // fWrite
  559. &hMetaDataFile,
  560. &hContentFile
  561. ))
  562. goto CreateCacheFilesError;
  564. pMetaDataHeader = I_SchemeReadAndValidateMetaDataFile(
  565. hMetaDataFile,
  566. &pcbBlob,
  567. NULL // ppwszUrl
  568. );
  569. if (NULL == pMetaDataHeader)
  570. goto ReadMetaDataFileError;
  572. cBlob = pMetaDataHeader->cBlob;
  574. cbContent = 0;
  575. for (i = 0; i < cBlob; i++)
  576. cbContent += pcbBlob[i];
  578. cbBlobHeader = sizeof(CRYPT_BLOB_ARRAY) + cBlob * sizeof(CRYPT_DATA_BLOB);
  579. pCachedArray = (PCRYPT_BLOB_ARRAY) PkiZeroAlloc(
  580. cbBlobHeader + cbContent);
  581. if (NULL == pCachedArray)
  582. goto OutOfMemory;
  584. pBlob = (PCRYPT_DATA_BLOB) &pCachedArray[1];
  585. pbBlob = (BYTE *) &pBlob[cBlob];
  587. if (0 != cbContent) {
  588. if (!ReadFile(
  589. hContentFile,
  590. pbBlob,
  591. cbContent,
  592. &cbBytesRead,
  593. NULL // lpOverlapped
  594. ) || cbContent != cbBytesRead)
  595. goto ReadContentFileError;
  596. }
  598. pCachedArray->cBlob = cBlob;
  599. pCachedArray->rgBlob = pBlob;
  601. for (i = 0; i < cBlob; i++) {
  602. pBlob[i].cbData = pcbBlob[i];
  603. pBlob[i].pbData = pbBlob;
  604. pbBlob += pcbBlob[i];
  605. }
  607. pcba->cBlob = pCachedArray->cBlob;
  608. pcba->rgBlob = pCachedArray->rgBlob;
  610. *ppfnFreeObject = SchemeFreeEncodedCryptBlobArray;
  611. *ppvFreeContext = (LPVOID) pCachedArray;
  613. if (pAuxInfo && offsetof(CRYPT_RETRIEVE_AUX_INFO, pLastSyncTime) <
  614. pAuxInfo->cbSize && pAuxInfo->pLastSyncTime)
  615. *pAuxInfo->pLastSyncTime = pMetaDataHeader->LastSyncTime;
  617. fResult = TRUE;
  619. CommonReturn:
  620. if (NULL != hContentFile)
  621. I_SchemeCloseHandle(hContentFile);
  622. if (NULL != hMetaDataFile)
  623. I_SchemeCloseHandle(hMetaDataFile);
  624. PkiFree(pMetaDataHeader);
  625. return fResult;
  627. ErrorReturn:
  628. PkiFree(pCachedArray);
  629. fResult = FALSE;
  630. goto CommonReturn;
  632. TRACE_ERROR(CreateCacheFilesError)
  633. TRACE_ERROR(OutOfMemory)
  634. TRACE_ERROR(ReadMetaDataFileError)
  635. TRACE_ERROR(ReadContentFileError)
  636. }
  638. //+-------------------------------------------------------------------------
  639. // For ERROR_SHARING_VIOLATION or ERROR_ACCESS_DENIED errors returned
  640. // by DeleteFileW(), retries after sleeping an increasing array of times.
  641. //
  642. // Note, the file to be deleted is under %UserProfile%. Therefore, unless
  643. // opened by another thread shouldn't get the above errors.
  644. //--------------------------------------------------------------------------
  645. BOOL
  646. WINAPI
  647. I_SchemeDeleteFile(
  648. IN LPCWSTR pwszFileName
  649. )
  650. {
  651. BOOL fResult;
  652. DWORD dwErr;
  653. DWORD dwRetryCount;
  655. dwRetryCount = 0;
  656. while (!DeleteFileU(pwszFileName)) {
  657. dwErr = GetLastError();
  658. if ((ERROR_SHARING_VIOLATION == dwErr ||
  659. ERROR_ACCESS_DENIED == dwErr) &&
  660. MAX_CREATE_FILE_RETRY_COUNT > dwRetryCount) {
  661. Sleep(rgdwCreateFileRetryMilliseconds[dwRetryCount]);
  662. dwRetryCount++;
  663. } else
  664. goto DeleteFileError;
  665. }
  667. fResult = TRUE;
  669. CommonReturn:
  670. return fResult;
  671. ErrorReturn:
  672. fResult = FALSE;
  673. goto CommonReturn;
  675. SET_ERROR_VAR(DeleteFileError, dwErr)
  676. }
  679. //+---------------------------------------------------------------------------
  680. //
  681. // Function: SchemeDeleteUrlCacheEntry
  682. //
  683. // Synopsis: delete URL cache entry
  684. //
  685. // For no cache entry returns FALSE with LastError set to
  686. // ERROR_FILE_NOT_FOUND
  687. //
  688. //----------------------------------------------------------------------------
  689. BOOL WINAPI
  690. SchemeDeleteUrlCacheEntry (
  691. IN LPCWSTR pwszUrl
  692. )
  693. {
  694. BOOL fResult;
  695. LPWSTR pwszCryptnetUrlCacheDir = NULL;
  696. DWORD cchCryptnetUrlCacheDir;
  697. LPWSTR pwszMetaDataFile = NULL;
  698. LPWSTR pwszContentFile = NULL;
  699. WCHAR wszUrlFileName[SCHEME_URL_FILENAME_LEN];
  702. // Format the MetaData and Content filenames
  703. // - %UserProfile%\Microsoft\CryptnetUrlCache\MetaData\14A1AE3A6A7648689AE8F94F367AC606
  704. // - %UserProfile%\Microsoft\CryptnetUrlCache\Content\14A1AE3A6A7648689AE8F94F367AC606
  705. // Where 14A1AE3A6A7648689AE8F94F367AC606 is the Unicode Hex of md5 hash
  706. // of the URL string
  708. pwszCryptnetUrlCacheDir = I_SchemeGetCryptnetUrlCacheDir();
  709. if (NULL == pwszCryptnetUrlCacheDir)
  710. goto GetCryptnetUrlCacheDirError;
  712. cchCryptnetUrlCacheDir = wcslen(pwszCryptnetUrlCacheDir);
  714. pwszMetaDataFile = (LPWSTR) PkiNonzeroAlloc(
  715. (cchCryptnetUrlCacheDir + wcslen(SCHEME_META_DATA_SUBDIR) + 1 +
  716. SCHEME_URL_FILENAME_LEN) * sizeof(WCHAR));
  717. pwszContentFile = (LPWSTR) PkiNonzeroAlloc(
  718. (cchCryptnetUrlCacheDir + wcslen(SCHEME_CONTENT_SUBDIR) + 1 +
  719. SCHEME_URL_FILENAME_LEN) * sizeof(WCHAR));
  721. if (NULL == pwszMetaDataFile || NULL == pwszContentFile)
  722. goto OutOfMemory;
  724. I_SchemeGetUrlFileName(pwszUrl, wszUrlFileName);
  726. wcscpy(pwszMetaDataFile, pwszCryptnetUrlCacheDir);
  727. wcscat(pwszMetaDataFile, SCHEME_META_DATA_SUBDIR);
  728. wcscat(pwszMetaDataFile, L"\\");
  729. wcscat(pwszMetaDataFile, wszUrlFileName);
  731. wcscpy(pwszContentFile, pwszCryptnetUrlCacheDir);
  732. wcscat(pwszContentFile, SCHEME_CONTENT_SUBDIR);
  733. wcscat(pwszContentFile, L"\\");
  734. wcscat(pwszContentFile, wszUrlFileName);
  736. // Delete both the content and meta data files.
  737. if (!I_SchemeDeleteFile(pwszContentFile)) {
  738. if (ERROR_FILE_NOT_FOUND != GetLastError())
  739. goto DeleteContentFileError;
  740. }
  742. fResult = I_SchemeDeleteFile(pwszMetaDataFile);
  744. CommonReturn:
  745. PkiFree(pwszCryptnetUrlCacheDir);
  746. PkiFree(pwszMetaDataFile);
  747. PkiFree(pwszContentFile);
  749. return fResult;
  751. ErrorReturn:
  753. fResult = FALSE;
  754. goto CommonReturn;
  756. TRACE_ERROR(GetCryptnetUrlCacheDirError)
  757. TRACE_ERROR(OutOfMemory)
  758. TRACE_ERROR(DeleteContentFileError)
  759. }
  763. //+---------------------------------------------------------------------------
  764. //
  765. // Function: SchemeFreeEncodedCryptBlobArray
  766. //
  767. // Synopsis: free encoded crypt blob array
  768. //
  769. //----------------------------------------------------------------------------
  770. VOID WINAPI
  771. SchemeFreeEncodedCryptBlobArray (
  772. IN LPCSTR pszObjectOid,
  773. IN PCRYPT_BLOB_ARRAY pcba,
  774. IN LPVOID pvFreeContext
  775. )
  776. {
  777. PkiFree(pvFreeContext);
  778. }
  780. //+---------------------------------------------------------------------------
  781. //
  782. // Function: SchemeGetPasswordCredentialsW
  783. //
  784. // Synopsis: get password credentials from crypt credentials
  785. //
  786. //----------------------------------------------------------------------------
  787. BOOL WINAPI
  788. SchemeGetPasswordCredentialsW (
  789. IN PCRYPT_CREDENTIALS pCredentials,
  790. OUT PCRYPT_PASSWORD_CREDENTIALSW pPasswordCredentials,
  791. OUT BOOL* pfFreeCredentials
  792. )
  793. {
  794. DWORD cwUsername;
  795. DWORD cwPassword;
  796. PCRYPT_PASSWORD_CREDENTIALSA pPassCredA;
  797. PCRYPT_PASSWORD_CREDENTIALSW pPassCredW;
  798. LPWSTR pszUsername;
  799. LPWSTR pszPassword;
  801. if ( pPasswordCredentials->cbSize != sizeof( CRYPT_PASSWORD_CREDENTIALS ) )
  802. {
  803. SetLastError( (DWORD) E_INVALIDARG );
  804. return( FALSE );
  805. }
  807. if ( pCredentials == NULL )
  808. {
  809. pPasswordCredentials->pszUsername = NULL;
  810. pPasswordCredentials->pszPassword = NULL;
  811. *pfFreeCredentials = FALSE;
  813. return( TRUE );
  814. }
  816. if ( pCredentials->pszCredentialsOid ==
  817. CREDENTIAL_OID_PASSWORD_CREDENTIALS_W )
  818. {
  819. pPassCredW = (PCRYPT_PASSWORD_CREDENTIALSW)pCredentials->pvCredentials;
  820. *pPasswordCredentials = *pPassCredW;
  821. *pfFreeCredentials = FALSE;
  823. return( TRUE );
  824. }
  826. if ( pCredentials->pszCredentialsOid !=
  827. CREDENTIAL_OID_PASSWORD_CREDENTIALS_A )
  828. {
  829. SetLastError( (DWORD) E_INVALIDARG );
  830. return( FALSE );
  831. }
  833. pPassCredA = (PCRYPT_PASSWORD_CREDENTIALSA)pCredentials->pvCredentials;
  834. cwUsername = strlen( pPassCredA->pszUsername ) + 1;
  835. cwPassword = strlen( pPassCredA->pszPassword ) + 1;
  837. pszUsername = new WCHAR [ cwUsername ];
  838. pszPassword = new WCHAR [ cwPassword ];
  840. if ( ( pszUsername == NULL ) || ( pszPassword == NULL ) )
  841. {
  842. delete [] pszUsername;
  843. delete [] pszPassword;
  844. SetLastError( (DWORD) E_OUTOFMEMORY );
  845. return( FALSE );
  846. }
  848. *pfFreeCredentials = TRUE;
  850. MultiByteToWideChar(
  851. CP_ACP,
  852. 0,
  853. pPassCredA->pszUsername,
  854. cwUsername,
  855. pszUsername,
  856. cwUsername
  857. );
  858. pszUsername[cwUsername - 1] = L'\0';
  860. MultiByteToWideChar(
  861. CP_ACP,
  862. 0,
  863. pPassCredA->pszPassword,
  864. cwPassword,
  865. pszPassword,
  866. cwPassword
  867. );
  868. pszPassword[cwPassword - 1] = L'\0';
  870. pPasswordCredentials->pszUsername = pszUsername;
  871. pPasswordCredentials->pszPassword = pszPassword;
  873. return( TRUE );
  874. }
  876. //+---------------------------------------------------------------------------
  877. //
  878. // Function: SchemeFreePasswordCredentialsA
  879. //
  880. // Synopsis: free password credentials
  881. //
  882. //----------------------------------------------------------------------------
  883. VOID WINAPI
  884. SchemeFreePasswordCredentialsW (
  885. IN PCRYPT_PASSWORD_CREDENTIALSW pPasswordCredentials
  886. )
  887. {
  888. DWORD cch;
  890. // Ensure allocated credentials are cleared out before being freed.
  892. if (pPasswordCredentials->pszUsername)
  893. {
  894. cch = wcslen(pPasswordCredentials->pszUsername);
  895. SecureZeroMemory(pPasswordCredentials->pszUsername,
  896. cch * sizeof(WCHAR));
  897. delete [] pPasswordCredentials->pszUsername;
  898. }
  901. if (pPasswordCredentials->pszPassword)
  902. {
  903. cch = wcslen(pPasswordCredentials->pszPassword);
  904. SecureZeroMemory(pPasswordCredentials->pszPassword,
  905. cch * sizeof(WCHAR));
  906. delete [] pPasswordCredentials->pszPassword;
  907. }
  908. }
  910. //+---------------------------------------------------------------------------
  911. //
  912. // Function: SchemeGetAuthIdentityFromPasswordCredentialsW
  913. //
  914. // Synopsis: converts a CRYPT_PASSWORD_CREDENTIALSW to a
  915. // SEC_WINNT_AUTH_IDENTITY_W
  916. //
  917. //----------------------------------------------------------------------------
  918. BOOL WINAPI
  919. SchemeGetAuthIdentityFromPasswordCredentialsW (
  920. IN PCRYPT_PASSWORD_CREDENTIALSW pPasswordCredentials,
  921. OUT PSEC_WINNT_AUTH_IDENTITY_W pAuthIdentity
  922. )
  923. {
  924. DWORD cDomain = 0;
  926. if ( pPasswordCredentials->pszUsername == NULL )
  927. {
  928. pAuthIdentity->User = NULL;
  929. pAuthIdentity->UserLength = 0;
  930. pAuthIdentity->Domain = NULL;
  931. pAuthIdentity->DomainLength = 0;
  932. pAuthIdentity->Password = NULL;
  933. pAuthIdentity->PasswordLength = 0;
  934. pAuthIdentity->Flags = SEC_WINNT_AUTH_IDENTITY_UNICODE;
  935. return TRUE;
  936. }
  938. while ( ( pPasswordCredentials->pszUsername[cDomain] != L'\0' ) &&
  939. ( pPasswordCredentials->pszUsername[cDomain] != L'\\' ) )
  940. {
  941. cDomain += 1;
  942. }
  944. if ( cDomain != (DWORD)wcslen( pPasswordCredentials->pszUsername ) )
  945. {
  946. LPWSTR pwszDomain;
  948. pwszDomain = new WCHAR [ cDomain + 1 ];
  950. if ( pwszDomain == NULL )
  951. {
  952. SetLastError( (DWORD) E_OUTOFMEMORY );
  953. return( FALSE );
  954. }
  956. memcpy(pwszDomain, pPasswordCredentials->pszUsername,
  957. cDomain * sizeof(WCHAR));
  958. pwszDomain[cDomain] = L'\0';
  960. pAuthIdentity->Domain = (USHORT *)pwszDomain;
  961. pAuthIdentity->DomainLength = cDomain;
  963. pAuthIdentity->User = (USHORT *)&pPasswordCredentials->pszUsername[
  964. cDomain+1
  965. ];
  967. pAuthIdentity->UserLength = wcslen( (LPCWSTR)pAuthIdentity->User );
  968. }
  969. else
  970. {
  971. pAuthIdentity->Domain = NULL;
  972. pAuthIdentity->DomainLength = 0;
  973. pAuthIdentity->User = (USHORT *)pPasswordCredentials->pszUsername;
  974. pAuthIdentity->UserLength = cDomain;
  975. }
  977. pAuthIdentity->Password = (USHORT *)pPasswordCredentials->pszPassword;
  978. pAuthIdentity->PasswordLength = wcslen( (LPCWSTR)pAuthIdentity->Password );
  979. pAuthIdentity->Flags = SEC_WINNT_AUTH_IDENTITY_UNICODE;
  981. return TRUE;
  982. }
  984. //+---------------------------------------------------------------------------
  985. //
  986. // Function: SchemeFreeAuthIdentityFromPasswordCredentialsW
  987. //
  988. // Synopsis: restore the backslash to the domain username pair
  989. //
  990. //----------------------------------------------------------------------------
  991. VOID WINAPI
  992. SchemeFreeAuthIdentityFromPasswordCredentialsW (
  993. IN PCRYPT_PASSWORD_CREDENTIALSW pPasswordCredentials,
  994. IN OUT PSEC_WINNT_AUTH_IDENTITY_W pAuthIdentity
  995. )
  996. {
  997. if ( pAuthIdentity->Domain != NULL )
  998. {
  999. DWORD dwLastError = GetLastError();
  1001. delete [] pAuthIdentity->Domain;
  1003. SetLastError(dwLastError);
  1004. }
  1005. }
  1008. //+---------------------------------------------------------------------------
  1009. //
  1010. // Function: SchemeRetrieveUncachedAuxInfo
  1011. //
  1012. // Synopsis: update the LastSyncTime in the retrieval AuxInfo with the
  1013. // current time.
  1014. //
  1015. //----------------------------------------------------------------------------
  1016. BOOL WINAPI
  1017. SchemeRetrieveUncachedAuxInfo (
  1018. IN PCRYPT_RETRIEVE_AUX_INFO pAuxInfo
  1019. )
  1020. {
  1021. if ( pAuxInfo &&
  1022. offsetof(CRYPT_RETRIEVE_AUX_INFO, pLastSyncTime) <
  1023. pAuxInfo->cbSize &&
  1024. pAuxInfo->pLastSyncTime )
  1025. {
  1026. GetSystemTimeAsFileTime( pAuxInfo->pLastSyncTime );
  1027. }
  1029. return( TRUE );
  1030. }
  1033. //+-------------------------------------------------------------------------
  1034. // Iterate through the Url Cache MetaData files in:
  1035. // %UserProfile%\Microsoft\CryptnetUrlCache\MetaData
  1036. //--------------------------------------------------------------------------
  1037. BOOL
  1038. WINAPI
  1039. I_CryptNetEnumUrlCacheEntry(
  1040. IN DWORD dwFlags,
  1041. IN LPVOID pvReserved,
  1042. IN LPVOID pvArg,
  1043. IN PFN_CRYPTNET_ENUM_URL_CACHE_ENTRY_CALLBACK pfnEnumCallback
  1044. )
  1045. {
  1046. BOOL fResult;
  1047. DWORD dwLastError = 0;
  1048. DWORD cchCryptnetUrlCacheDir;
  1049. LPWSTR pwszCryptnetUrlCacheDir = NULL;
  1050. DWORD cchMetaDataDir;
  1051. LPWSTR pwszMetaDataFile = NULL;
  1052. DWORD cchContentDir;
  1053. LPWSTR pwszContentFile = NULL;
  1054. HANDLE hFindFile = INVALID_HANDLE_VALUE;
  1055. WIN32_FIND_DATAW FindFileData;
  1057. pwszCryptnetUrlCacheDir = I_SchemeGetCryptnetUrlCacheDir();
  1058. if (NULL == pwszCryptnetUrlCacheDir)
  1059. goto GetCryptnetUrlCacheDirError;
  1061. cchCryptnetUrlCacheDir = wcslen(pwszCryptnetUrlCacheDir);
  1062. cchMetaDataDir = cchCryptnetUrlCacheDir + SCHEME_CCH_META_DATA_SUBDIR + 1;
  1063. cchContentDir = cchCryptnetUrlCacheDir + SCHEME_CCH_CONTENT_SUBDIR + 1;
  1065. pwszMetaDataFile = (LPWSTR) PkiNonzeroAlloc(
  1066. (cchMetaDataDir + SCHEME_URL_FILENAME_LEN) * sizeof(WCHAR));
  1067. pwszContentFile = (LPWSTR) PkiNonzeroAlloc(
  1068. (cchContentDir + SCHEME_URL_FILENAME_LEN) * sizeof(WCHAR));
  1070. if (NULL == pwszMetaDataFile || NULL == pwszContentFile)
  1071. goto OutOfMemory;
  1073. memcpy(pwszMetaDataFile, pwszCryptnetUrlCacheDir,
  1074. cchCryptnetUrlCacheDir * sizeof(WCHAR));
  1075. memcpy(pwszMetaDataFile + cchCryptnetUrlCacheDir,
  1076. SCHEME_META_DATA_SUBDIR,
  1077. SCHEME_CCH_META_DATA_SUBDIR * sizeof(WCHAR));
  1078. wcscpy(&pwszMetaDataFile[cchMetaDataDir - 1], L"\\*");
  1080. if (INVALID_HANDLE_VALUE == (hFindFile = FindFirstFileW(
  1081. pwszMetaDataFile,
  1082. &FindFileData
  1083. ))) {
  1084. dwLastError = GetLastError();
  1085. if (ERROR_PATH_NOT_FOUND == dwLastError)
  1086. dwLastError = ERROR_FILE_NOT_FOUND;
  1087. goto FindFirstFileError;
  1088. }
  1090. memcpy(pwszContentFile, pwszCryptnetUrlCacheDir,
  1091. cchCryptnetUrlCacheDir * sizeof(WCHAR));
  1092. memcpy(pwszContentFile + cchCryptnetUrlCacheDir,
  1093. SCHEME_CONTENT_SUBDIR, SCHEME_CCH_CONTENT_SUBDIR * sizeof(WCHAR));
  1094. pwszContentFile[cchContentDir - 1] = L'\\';
  1097. while (TRUE) {
  1098. DWORD cchFileName = wcslen(FindFileData.cFileName);
  1100. if (0 == (FILE_ATTRIBUTE_DIRECTORY & FindFileData.dwFileAttributes) &&
  1101. 0 == FindFileData.nFileSizeHigh &&
  1102. 0 != FindFileData.nFileSizeLow &&
  1103. L'\0' != FindFileData.cFileName[0] &&
  1104. SCHEME_URL_FILENAME_LEN > cchFileName) {
  1106. HANDLE hMetaDataFile;
  1108. memcpy(pwszMetaDataFile + cchMetaDataDir,
  1109. FindFileData.cFileName, (cchFileName + 1) * sizeof(WCHAR));
  1110. memcpy(pwszContentFile + cchContentDir,
  1111. FindFileData.cFileName, (cchFileName + 1) * sizeof(WCHAR));
  1113. hMetaDataFile = I_SchemeCreateFile(
  1114. pwszMetaDataFile,
  1115. FALSE // fWrite
  1116. );
  1117. if (NULL != hMetaDataFile) {
  1118. PSCHEME_CACHE_META_DATA_HEADER pMetaDataHeader;
  1119. CRYPTNET_URL_CACHE_ENTRY UrlCacheEntry;
  1121. pMetaDataHeader = I_SchemeReadAndValidateMetaDataFile(
  1122. hMetaDataFile,
  1123. &UrlCacheEntry.pcbBlob, // Not allocated
  1124. &UrlCacheEntry.pwszUrl // Not allocated
  1125. );
  1127. I_SchemeCloseHandle(hMetaDataFile);
  1129. if (NULL != pMetaDataHeader) {
  1130. UrlCacheEntry.cbSize = sizeof(UrlCacheEntry);
  1131. UrlCacheEntry.dwMagic = pMetaDataHeader->dwMagic;
  1132. UrlCacheEntry.LastSyncTime = pMetaDataHeader->LastSyncTime;
  1133. UrlCacheEntry.cBlob = pMetaDataHeader->cBlob;
  1134. // UrlCacheEntry.pcbBlob =
  1135. // UrlCacheEntry.pwszUrl =
  1136. UrlCacheEntry.pwszMetaDataFileName = pwszMetaDataFile;
  1137. UrlCacheEntry.pwszContentFileName = pwszContentFile;
  1139. fResult = pfnEnumCallback(
  1140. &UrlCacheEntry,
  1141. 0, // dwFlags
  1142. NULL, // pvReserved
  1143. pvArg
  1144. );
  1146. PkiFree(pMetaDataHeader);
  1147. if (!fResult)
  1148. goto ErrorReturn;
  1149. }
  1150. }
  1151. }
  1153. if (!FindNextFileW(hFindFile, &FindFileData)) {
  1154. dwLastError = GetLastError();
  1155. if (ERROR_NO_MORE_FILES == dwLastError)
  1156. goto SuccessReturn;
  1157. else
  1158. goto FindNextFileError;
  1159. }
  1160. }
  1162. SuccessReturn:
  1163. fResult = TRUE;
  1165. CommonReturn:
  1166. PkiFree(pwszCryptnetUrlCacheDir);
  1167. PkiFree(pwszMetaDataFile);
  1168. PkiFree(pwszContentFile);
  1169. if (INVALID_HANDLE_VALUE != hFindFile)
  1170. FindClose(hFindFile);
  1172. SetLastError(dwLastError);
  1173. return fResult;
  1175. ErrorReturn:
  1176. dwLastError = GetLastError();
  1177. fResult = FALSE;
  1178. goto CommonReturn;
  1180. TRACE_ERROR(GetCryptnetUrlCacheDirError)
  1181. TRACE_ERROR(OutOfMemory)
  1182. SET_ERROR_VAR(FindFirstFileError, dwLastError)
  1183. SET_ERROR_VAR(FindNextFileError, dwLastError)
  1184. }