archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 827363a95b
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '827363a95b'
${ noResults }
windows-server-2003/inetcore/wininet/dll/certcach.cxx

593 lines
11 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (c) 1996 Microsoft Corporation
  5. Module Name:
  7. certcach.cxx
  9. Abstract:
  11. Contains class implementation for certificate cache object.
  12. This object will hold various Certificate entries.
  14. Contents:
  15. SECURITY_CACHE_LIST_ENTRY::SECURITY_CACHE_LIST_ENTRY
  16. SECURITY_CACHE_LIST_ENTRY::~SECURITY_CACHE_LIST_ENTRY
  17. SECURITY_CACHE_LIST_ENTRY::AddRef
  18. SECURITY_CACHE_LIST_ENTRY::Release
  19. SECURITY_CACHE_LIST_ENTRY::Clear
  20. SECURITY_CACHE_LIST::Find
  21. SECURITY_CACHE_LIST::Add
  22. SECURITY_CACHE_LIST::ClearList
  23. SECURITY_CACHE_LIST::ClearClientAuthCertChains
  25. TODO: Add Cert validation. What if Cert is given but different?
  27. Author:
  29. Arthur L Bierer (arthurbi) 20-Apr-1996
  31. Revision History:
  33. 20-Apr-1996 arthurbi
  34. Created
  36. --*/
  37. #include <wininetp.h>
  39. //
  40. // private manifests
  41. //
  43. #define MAX_CERT_CACHE_CERTS 16
  45. //
  46. // private types
  47. //
  49. //
  50. // SECURITY_CACHE_LIST_ENTRY member functions
  51. //
  54. SECURITY_CACHE_LIST_ENTRY::SECURITY_CACHE_LIST_ENTRY(
  55. IN LPSTR lpszHostName
  56. )
  58. /*++
  60. Routine Description:
  62. SECURITY_CACHE_LIST_ENTRY constructor. Create object; don't add it to list
  64. Arguments:
  66. lpszHostName - name of host for which this cache entry created
  68. Return Value:
  70. None.
  72. --*/
  74. {
  75. DEBUG_ENTER((DBG_OBJECTS,
  76. None,
  77. "SECURITY_CACHE_LIST_ENTRY::SECURITY_CACHE_LIST_ENTRY",
  78. "%q",
  79. lpszHostName
  80. ));
  82. #if INET_DEBUG
  83. _List.Flink = _List.Blink = NULL;
  84. #endif
  85. _cRef = 1;
  86. _fInCache = FALSE;
  87. _ServerName = lpszHostName;
  88. ZeroMemory(&_CertInfo, sizeof(_CertInfo));
  89. _dwSecurityFlags = 0;
  90. _pCertContextArray = NULL;
  91. _fForceNewSession = FALSE;
  92. _fValidateAll = FALSE;
  94. #if INET_DEBUG
  95. m_Signature = 0x454c4353; // 'SCLE'
  96. #endif
  98. DEBUG_LEAVE(0);
  99. }
  102. SECURITY_CACHE_LIST_ENTRY::~SECURITY_CACHE_LIST_ENTRY()
  104. /*++
  106. Routine Description:
  108. SECURITY_CACHE_LIST_ENTRY destructor.
  110. Arguments:
  112. None.
  114. Return Value:
  116. None.
  118. --*/
  120. {
  121. DEBUG_ENTER((DBG_OBJECTS,
  122. None,
  123. "~SECURITY_CACHE_LIST_ENTRY",
  124. "{%#x [%q]}",
  125. this,
  126. _ServerName.StringAddress()
  127. ));
  129. INET_ASSERT((_List.Flink == NULL) && (_List.Blink == NULL));
  131. Clear();
  133. DEBUG_LEAVE(0);
  134. }
  137. LONG
  138. SECURITY_CACHE_LIST_ENTRY::AddRef(
  139. VOID
  140. )
  142. /*++
  144. Routine Description:
  146. Increment reference count of SECURITY_CACHE_LIST_ENTRY
  148. Arguments:
  150. None.
  152. Return Value:
  154. LONG - reference count after increment
  156. --*/
  158. {
  159. DEBUG_ENTER((DBG_OBJECTS,
  160. Int,
  161. "SECURITY_CACHE_LIST_ENTRY::AddRef",
  162. "{%#x [%q, %d]}",
  163. this,
  164. _ServerName.StringAddress(),
  165. _cRef
  166. ));
  168. InterlockedIncrement(&_cRef);
  170. DEBUG_LEAVE(_cRef);
  172. return _cRef;
  173. }
  176. LONG
  177. SECURITY_CACHE_LIST_ENTRY::Release(
  178. VOID
  179. )
  181. /*++
  183. Routine Description:
  185. Decrement reference count and destroy object if (<=) zero
  187. Arguments:
  189. None.
  191. Return Value:
  193. LONG - reference count after decrement
  195. --*/
  197. {
  198. DEBUG_ENTER((DBG_OBJECTS,
  199. Int,
  200. "SECURITY_CACHE_LIST_ENTRY::Release",
  201. "{%q [%d]}",
  202. _ServerName.StringAddress(),
  203. _cRef
  204. ));
  206. LONG cRet;
  208. if (0 >= (cRet = InterlockedDecrement(&_cRef))) {
  209. delete this;
  210. }
  212. DEBUG_LEAVE(cRet);
  214. return cRet;
  215. }
  218. VOID
  219. SECURITY_CACHE_LIST_ENTRY::Clear()
  221. /*++
  223. Routine Description:
  225. Clear out SECURITY_CACHE_LIST_ENTRY
  227. Arguments:
  229. Clear -
  231. Return Value:
  233. None.
  235. --*/
  237. {
  238. if (_CertInfo.pCertificate != NULL) {
  239. __try {
  240. CertFreeCertificateContext(_CertInfo.pCertificate);
  241. } __except(EXCEPTION_EXECUTE_HANDLER) {
  242. }
  243. ENDEXCEPT
  244. _CertInfo.pCertificate = NULL;
  245. }
  247. ZeroMemory(&_CertInfo, sizeof(_CertInfo));
  248. _CertInfo.dwSize = sizeof(_CertInfo);
  250. _dwSecurityFlags = 0;
  251. _ServerName = NULL;
  252. _pCertContextArray = NULL;
  253. if( _pCertContextArray )
  254. {
  255. delete _pCertContextArray;
  256. _pCertContextArray = NULL;
  257. }
  258. }
  260. //
  261. // SECURITY_CACHE_LIST member functions
  262. //
  265. VOID
  266. SECURITY_CACHE_LIST::ClearList(
  267. VOID
  268. )
  270. /*++
  272. Routine Description:
  274. description-of-function.
  276. Arguments:
  278. None.
  280. Return Value:
  282. None.
  284. --*/
  286. {
  287. DEBUG_ENTER((DBG_OBJECTS,
  288. None,
  289. "SECURITY_CACHE_LIST::ClearList",
  290. NULL
  291. ));
  293. LockSerializedList(&_List);
  295. while (!IsSerializedListEmpty(&_List)) {
  297. SECURITY_CACHE_LIST_ENTRY * CacheEntry;
  299. //
  300. // remove the PROXY_SERVER_LIST_ENTRY at the head of the serialized
  301. // list
  302. //
  304. LPVOID entry = SlDequeueHead(&_List);
  306. //
  307. // entry should not be NULL - IsSerializedListEmpty() told us we
  308. // could expect something
  309. //
  311. INET_ASSERT(entry != NULL);
  313. //
  314. // get the address of the object (should be the same as entry) and
  315. // delete it
  316. //
  318. CacheEntry = CONTAINING_RECORD(entry, SECURITY_CACHE_LIST_ENTRY, _List);
  320. DEBUG_PRINT(OBJECTS,
  321. INFO,
  322. ("releasing %q (%d)\n",
  323. CacheEntry->_ServerName.StringAddress(),
  324. CacheEntry->_cRef
  325. ));
  327. CacheEntry->Release();
  328. }
  330. UnlockSerializedList(&_List);
  332. DEBUG_LEAVE(0);
  333. }
  336. DWORD
  337. SECURITY_CACHE_LIST::Add(
  338. IN SECURITY_CACHE_LIST_ENTRY * entry
  339. )
  341. /*++
  343. Routine Description:
  345. Adds a CertInfo Structure to the list front of the list.
  347. Arguments:
  349. lpszHost - Hostname to add.
  351. Return Value:
  353. DWORD
  354. Success - ERROR_SUCCESS
  356. Failure - ERROR_NOT_ENOUGH_MEMORY
  358. --*/
  360. {
  361. DEBUG_ENTER((DBG_HTTP,
  362. Dword,
  363. "SECURITY_CACHE_LIST::Add",
  364. "%#x [%q, %d]",
  365. entry,
  366. entry ? entry->_ServerName.StringAddress() : "",
  367. entry ? entry->_cRef : 0
  368. ));
  370. DWORD error = ERROR_SUCCESS;
  372. INET_ASSERT(entry != NULL);
  374. if (entry != NULL) {
  375. LockSerializedList(&_List);
  377. //
  378. // If we've grown too much, nuke the oldest one.
  379. //
  381. if (ElementsOnSerializedList(&_List) >= MAX_CERT_CACHE_CERTS) {
  383. SECURITY_CACHE_LIST_ENTRY *pOld;
  384. LPVOID old_entry = SlDequeueTail(&_List);
  386. INET_ASSERT(old_entry != NULL);
  388. pOld = CONTAINING_RECORD(old_entry, SECURITY_CACHE_LIST_ENTRY, _List);
  390. //
  391. // entry should not be NULL - IsSerializedListEmpty() told us we
  392. // could expect something
  393. //
  395. pOld->_fInCache = FALSE;
  397. //
  398. // Clean Our old object, and reinstatiate with a new name.
  399. //
  401. pOld->Release();
  402. }
  403. InsertAtHeadOfSerializedList(&_List, &entry->_List);
  404. entry->AddRef();
  405. entry->_fInCache = TRUE;
  406. UnlockSerializedList(&_List);
  407. }
  409. DEBUG_LEAVE(error);
  411. return error;
  412. }
  415. SECURITY_CACHE_LIST_ENTRY *
  416. SECURITY_CACHE_LIST::Find(
  417. IN LPSTR lpszHost
  418. )
  420. /*++
  422. Routine Description:
  424. Searches the linked list for the Cert, and returns
  425. the found entry, or NULL if not found.
  427. Arguments:
  429. lpszHost - Hostname to search on.
  431. Return Value:
  433. CERT_CACHE_LIST_ENTRY *
  434. Success - Pointer to found entry.
  436. Failure - NULL, not found.
  438. --*/
  440. {
  441. DEBUG_ENTER((DBG_HTTP,
  442. Pointer,
  443. "SECURITY_CACHE_LIST::Find",
  444. "%q",
  445. lpszHost
  446. ));
  448. SECURITY_CACHE_LIST_ENTRY * info = NULL;
  450. //
  451. // BUGBUG need to validate against Server Certifcate on every
  452. // connection, this Find only validates by Hostname.
  453. // What about DNS spoofing? Won't we be hosed?
  454. //
  456. //
  457. // TODO if found, need to push to front of list.
  458. //
  460. LockSerializedList(&_List);
  461. for (PLIST_ENTRY entry = HeadOfSerializedList(&_List);
  462. entry != (PLIST_ENTRY)SlSelf(&_List);
  463. entry = entry->Flink)
  464. {
  465. info = CONTAINING_RECORD(entry, SECURITY_CACHE_LIST_ENTRY, _List);
  467. //
  468. // check to see if they match.
  469. //
  471. if (info->_ServerName.Stricmp(lpszHost) == 0) {
  472. info->AddRef();
  473. break; // match.
  474. }
  475. info = NULL;
  476. }
  477. UnlockSerializedList(&_List);
  479. DEBUG_LEAVE(info);
  481. return info;
  482. }
  485. VOID
  486. SECURITY_CACHE_LIST::Remove(
  487. IN LPSTR lpszHost
  488. )
  490. /*++
  492. Routine Description:
  494. Searches the linked list for the Cert, and removes
  495. the entry.
  497. Arguments:
  499. lpszHost - Hostname to search on.
  501. Return Value:
  503. None
  505. --*/
  507. {
  508. DEBUG_ENTER((DBG_HTTP,
  509. Pointer,
  510. "SECURITY_CACHE_LIST::Remove",
  511. "%q",
  512. lpszHost
  513. ));
  515. SECURITY_CACHE_LIST_ENTRY * info = NULL;
  518. LockSerializedList(&_List);
  519. for (PLIST_ENTRY entry = HeadOfSerializedList(&_List);
  520. entry != (PLIST_ENTRY)SlSelf(&_List);
  521. entry = entry->Flink)
  522. {
  523. info = CONTAINING_RECORD(entry, SECURITY_CACHE_LIST_ENTRY, _List);
  525. //
  526. // check to see if they match.
  527. //
  529. if (info->_ServerName.Stricmp(lpszHost) == 0) {
  530. RemoveFromSerializedList(&_List, entry);
  531. break; // match.
  532. }
  533. info->_fInCache = FALSE;
  534. info = NULL;
  535. }
  536. UnlockSerializedList(&_List);
  538. DEBUG_LEAVE(0);
  540. }
  543. VOID
  544. SECURITY_CACHE_LIST::ClearClientAuthCertChains(
  545. VOID
  546. )
  547. /*++
  549. Routine Description:
  551. This function walks the cache and releases any client
  552. auth chains associated with each entry. This method
  553. is called in response to the "Clear SSL State" button
  554. being pressed in inetcpl. Starting with Whistler,
  555. client certificates are cached for the logon session,
  556. rather than the process.
  558. Arguments:
  560. None.
  562. Return Value:
  564. None.
  566. --*/
  567. {
  568. DEBUG_ENTER((DBG_HTTP,
  569. None,
  570. "SECURITY_CACHE_LIST::ClearClientAuthCertChains",
  571. NULL
  572. ));
  574. SECURITY_CACHE_LIST_ENTRY * pInfo = NULL;
  576. LockSerializedList(&_List);
  577. for (PLIST_ENTRY entry = HeadOfSerializedList(&_List);
  578. entry != (PLIST_ENTRY)SlSelf(&_List);
  579. entry = entry->Flink)
  580. {
  581. pInfo = CONTAINING_RECORD(entry, SECURITY_CACHE_LIST_ENTRY, _List);
  583. // This will delete and NULL the array
  584. pInfo->SetCertContextArray(NULL);
  586. // Ensure new session is negotiated for next SSL connection to server
  587. pInfo->SetForceNewSession(TRUE);
  588. }
  589. UnlockSerializedList(&_List);
  591. DEBUG_LEAVE(0);
  592. }