archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
 
 
 
 
 
 
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-server-2003/admin/snapin/certentp/certtmpl.cpp

1617 lines
54 KiB
Raw Permalink Blame History

//+---------------------------------------------------------------------------
//
// Microsoft Windows
// Copyright (C) Microsoft Corporation, 1997-2002.
//
// File: CertTmpl.cpp
//
// Contents: Implementation of DLL Exports
//
//----------------------------------------------------------------------------
#include "stdafx.h"
#define INITGUID
#pragma warning(push,3)
#include <initguid.h>
#pragma warning(pop)
#include "CertTmpl_i.c"
#include "about.h" // CCertTemplatesAbout
#include "compdata.h" // CCertTmplSnapin
#include "uuids.h"
#pragma warning(push,3)
#include <ntverp.h> // VER_PRODUCTVERSION_STR
#include <typeinfo.h>
#define INCL_WINSOCK_API_TYPEDEFS 1
#include <winsock2.h>
#include <svcguid.h>
#include <winldap.h>
#pragma warning(pop)
#include "chooser.cpp"
#include "ShellExt.h"
#include "PolicyOID.h"
extern POLICY_OID_LIST g_policyOIDList;
USE_HANDLE_MACROS ("CERTTMPL (CertTmpl.cpp)")
//
// This is used by the nodetype utility routines in stdutils.cpp
//
const struct NODETYPE_GUID_ARRAYSTRUCT g_NodetypeGuids[CERTTMPL_NUMTYPES] =
{
{ // CERTTMPL_SNAPIN
structuuidNodetypeSnapin,
lstruuidNodetypeSnapin },
{ // CERT_TEMPLATE
structuuidNodetypeCertTemplate,
lstruuidNodetypeCertTemplate }
};
const struct NODETYPE_GUID_ARRAYSTRUCT* g_aNodetypeGuids = g_NodetypeGuids;
const int g_cNumNodetypeGuids = CERTTMPL_NUMTYPES;
const CLSID CLSID_CertTemplateShellExt = /* {11BDCE06-D55C-44e9-BC0B-8655F89E8CC5} */
{ 0x11bdce06, 0xd55c, 0x44e9, { 0xbc, 0xb, 0x86, 0x55, 0xf8, 0x9e, 0x8c, 0xc5 } };
HINSTANCE g_hInstance = 0;
CComModule _Module;
BEGIN_OBJECT_MAP (ObjectMap)
OBJECT_ENTRY (CLSID_CertTemplatesSnapin, CCertTmplSnapin)
OBJECT_ENTRY (CLSID_CertTemplatesAbout, CCertTemplatesAbout)
OBJECT_ENTRY(CLSID_CertTemplateShellExt, CCertTemplateShellExt)
END_OBJECT_MAP ()
class CCertTmplApp : public CWinApp
{
public:
CCertTmplApp ();
virtual ~CCertTmplApp ();
virtual BOOL InitInstance ();
virtual int ExitInstance ();
private:
};
CCertTmplApp theApp;
CCertTmplApp::CCertTmplApp ()
{
}
CCertTmplApp::~CCertTmplApp ()
{
}
BOOL CCertTmplApp::InitInstance ()
{
#ifdef _MERGE_PROXYSTUB
hProxyDll = m_hInstance;
#endif
g_hInstance = m_hInstance;
AfxSetResourceHandle (m_hInstance);
_Module.Init (ObjectMap, m_hInstance);
AfxInitRichEdit();
#if DBG
CheckDebugOutputLevel ();
#endif
SHFusionInitializeFromModuleID (m_hInstance, 2);
return CWinApp::InitInstance ();
}
int CCertTmplApp::ExitInstance ()
{
SHFusionUninitialize();
while ( !g_policyOIDList.IsEmpty () )
{
CPolicyOID* pPolicyOID = g_policyOIDList.RemoveHead ();
if ( pPolicyOID )
delete pPolicyOID;
}
_Module.Term ();
return CWinApp::ExitInstance ();
}
/////////////////////////////////////////////////////////////////////////////
// Used to determine whether the DLL can be unloaded by OLE
STDAPI DllCanUnloadNow (void)
{
AFX_MANAGE_STATE (AfxGetStaticModuleState ());
return (AfxDllCanUnloadNow ()==S_OK && _Module.GetLockCount ()==0) ? S_OK : S_FALSE;
}
/////////////////////////////////////////////////////////////////////////////
// Returns a class factory to create an object of the requested type
STDAPI DllGetClassObject (REFCLSID rclsid, REFIID riid, LPVOID* ppv)
{
return _Module.GetClassObject (rclsid, riid, ppv);
}
/////////////////////////////////////////////////////////////////////////////
// DllRegisterServer - Adds entries to the system registry
STDAPI DllRegisterServer (void)
{
AFX_MANAGE_STATE (AfxGetStaticModuleState ());
// registers object, typelib and all interfaces in typelib
HRESULT hr = _Module.RegisterServer (TRUE);
ASSERT (SUCCEEDED (hr));
if ( E_ACCESSDENIED == hr )
{
CString caption;
CString text;
CThemeContextActivator activator;
VERIFY (caption.LoadString (IDS_REGISTER_CERTTMPL));
VERIFY (text.LoadString (IDS_INSUFFICIENT_RIGHTS_TO_REGISTER_CERTTMPL));
MessageBox (NULL, text, caption, MB_OK);
return hr;
}
try
{
CString strGUID;
CString snapinName;
AMC::CRegKey rkSnapins;
BOOL fFound = rkSnapins.OpenKeyEx (HKEY_LOCAL_MACHINE, SNAPINS_KEY);
ASSERT (fFound);
if ( fFound )
{
{
AMC::CRegKey rkCertTmplSnapin;
hr = GuidToCString (&strGUID, CLSID_CertTemplatesSnapin);
if ( FAILED (hr) )
{
ASSERT (FALSE);
return SELFREG_E_CLASS;
}
rkCertTmplSnapin.CreateKeyEx (rkSnapins, strGUID);
ASSERT (rkCertTmplSnapin.GetLastError () == ERROR_SUCCESS);
rkCertTmplSnapin.SetString (g_szNodeType, g_aNodetypeGuids[CERTTMPL_SNAPIN].bstr);
VERIFY (snapinName.LoadString (IDS_CERTTMPL_REGISTRY));
rkCertTmplSnapin.SetString (g_szNameString, (PCWSTR) snapinName);
hr = GuidToCString (&strGUID, CLSID_CertTemplatesAbout);
if ( FAILED (hr) )
{
ASSERT (FALSE);
return SELFREG_E_CLASS;
}
rkCertTmplSnapin.SetString (L"About", strGUID);
rkCertTmplSnapin.SetString (L"Provider", L"Microsoft");
// security review 2/20/2002 BryanWal ok
size_t len = strlen (VER_PRODUCTVERSION_STR);
PWSTR pszVer = new WCHAR[len+1];
if ( pszVer )
{
// security review BryanWal 02/20/2002 ok
::ZeroMemory (pszVer, (len+1) * sizeof (WCHAR));
// security review BryanWal 02/20/2002 cnt should be len+1
// to include conversion of NULL char
len = ::mbstowcs (pszVer, VER_PRODUCTVERSION_STR, len+1);
rkCertTmplSnapin.SetString (L"Version", pszVer);
delete [] pszVer;
}
AMC::CRegKey rkCertTmplMgrStandalone;
rkCertTmplMgrStandalone.CreateKeyEx (rkCertTmplSnapin, g_szStandAlone);
ASSERT (rkCertTmplMgrStandalone.GetLastError () == ERROR_SUCCESS);
AMC::CRegKey rkMyNodeTypes;
rkMyNodeTypes.CreateKeyEx (rkCertTmplSnapin, g_szNodeTypes);
ASSERT (rkMyNodeTypes.GetLastError () == ERROR_SUCCESS);
AMC::CRegKey rkMyNodeType;
for (int i = CERTTMPL_SNAPIN; i < CERTTMPL_NUMTYPES; i++)
{
rkMyNodeType.CreateKeyEx (rkMyNodeTypes, g_aNodetypeGuids[i].bstr);
ASSERT (rkMyNodeType.GetLastError () == ERROR_SUCCESS);
rkMyNodeType.CloseKey ();
}
//
// BryanWal 5/18/00
// 94793: MUI: MMC: Certificates snap-in stores its display
// information in the registry
//
// MMC now supports NameStringIndirect
//
// NTRAID# Bug9 611500 prefast: certtmpl: certtmpl.cpp(247) :
// warning 53: Call to 'GetModuleFileNameW' may not
// zero-terminate string 'achModuleFileName'.
// Fix by zero'ing out the buffer and passing in 1 less than
// the buffer size to GetModuleFileName
WCHAR achModuleFileName[MAX_PATH+20];
::ZeroMemory (achModuleFileName, sizeof(achModuleFileName)/sizeof(WCHAR));
if (0 != ::GetModuleFileName(
AfxGetInstanceHandle(),
achModuleFileName,
sizeof(achModuleFileName)/sizeof(WCHAR) - 1))
{
CString strNameIndirect;
strNameIndirect.Format (L"@%s,-%d",
achModuleFileName,
IDS_CERTTMPL_REGISTRY);
rkCertTmplSnapin.SetString (L"NameStringIndirect",
strNameIndirect );
}
rkCertTmplSnapin.CloseKey ();
}
AMC::CRegKey rkNodeTypes;
fFound = rkNodeTypes.OpenKeyEx (HKEY_LOCAL_MACHINE, NODE_TYPES_KEY);
ASSERT (fFound);
if ( fFound )
{
AMC::CRegKey rkNodeType;
for (int i = CERTTMPL_SNAPIN; i < CERTTMPL_NUMTYPES; i++)
{
rkNodeType.CreateKeyEx (rkNodeTypes, g_aNodetypeGuids[i].bstr);
ASSERT (rkNodeType.GetLastError () == ERROR_SUCCESS);
rkNodeType.CloseKey ();
}
rkNodeTypes.CloseKey ();
}
else
return SELFREG_E_CLASS;
}
else
return SELFREG_E_CLASS;
}
catch (COleException* e)
{
ASSERT (FALSE);
e->Delete ();
return SELFREG_E_CLASS;
}
ASSERT (SUCCEEDED (hr));
return hr;
}
/////////////////////////////////////////////////////////////////////////////
// DllUnregisterServer - Removes entries from the system registry
STDAPI DllUnregisterServer (void)
{
LRESULT lResult = 0;
try
{
AMC::CRegKey rkSnapins;
BOOL fFound = FALSE;
do
{
CString strGUID;
CString snapinName;
fFound = rkSnapins.OpenKeyEx (HKEY_LOCAL_MACHINE, SNAPINS_KEY);
ASSERT (fFound);
if ( fFound )
{
{
AMC::CRegKey rkCertTmplSnapin;
HRESULT hr = GuidToCString (&strGUID, CLSID_CertTemplatesSnapin);
if ( FAILED (hr) )
{
ASSERT (FALSE);
lResult = SELFREG_E_CLASS;
break;
}
lResult = RegDelnode (rkSnapins, (PCWSTR) strGUID);
}
AMC::CRegKey rkNodeTypes;
fFound = rkNodeTypes.OpenKeyEx (HKEY_LOCAL_MACHINE, NODE_TYPES_KEY);
ASSERT (fFound);
if ( fFound )
{
for (int i = CERTTMPL_SNAPIN; i < CERTTMPL_NUMTYPES; i++)
{
lResult = RegDelnode (rkNodeTypes, g_aNodetypeGuids[i].bstr);
}
rkNodeTypes.CloseKey ();
}
else
{
lResult = SELFREG_E_CLASS;
break;
}
}
else
{
lResult = SELFREG_E_CLASS;
break;
}
} while (0);
if ( fFound )
rkSnapins.CloseKey ();
}
catch (COleException* e)
{
ASSERT (FALSE);
e->Delete ();
lResult = SELFREG_E_CLASS;
}
if ( SELFREG_E_CLASS != lResult )
_Module.UnregisterServer ();
return HRESULT_FROM_WIN32 (lResult);
}
STDAPI DllInstall(BOOL /*bInstall*/, PCWSTR /*pszCmdLine*/)
{
return S_OK;
}
///////////////////////////////////////////////////////////////////////////////
// FormatDate ()
//
// utcDateTime (IN) - A FILETIME in UTC format.
// pszDateTime (OUT) - A string containing the local date and time
// formatted by locale and user preference
//
///////////////////////////////////////////////////////////////////////////////
HRESULT FormatDate (FILETIME utcDateTime, CString & pszDateTime)
{
// Time is returned as UTC, will be displayed as local.
// Use FileTimeToLocalFileTime () to make it local,
// then call FileTimeToSystemTime () to convert to system time, then
// format with GetDateFormat () and GetTimeFormat () to display
// according to user and locale preferences
HRESULT hr = S_OK;
FILETIME localDateTime;
BOOL bResult = FileTimeToLocalFileTime (&utcDateTime, // pointer to UTC file time to convert
&localDateTime); // pointer to converted file time
ASSERT (bResult);
if ( bResult )
{
SYSTEMTIME sysTime;
bResult = FileTimeToSystemTime (
&localDateTime, // pointer to file time to convert
&sysTime); // pointer to structure to receive system time
if ( bResult )
{
CString date;
CString time;
// Get date
// Get length to allocate buffer of sufficient size
int iLen = GetDateFormat (
LOCALE_USER_DEFAULT, // locale for which date is to be formatted
0, // flags specifying function options
&sysTime, // date to be formatted
0, // date format string
0, // buffer for storing formatted string
0); // size of buffer
ASSERT (iLen > 0);
if ( iLen > 0 )
{
int iResult = GetDateFormat (
LOCALE_USER_DEFAULT, // locale for which date is to be formatted
0, // flags specifying function options
&sysTime, // date to be formatted
0, // date format string
date.GetBufferSetLength (iLen), // buffer for storing formatted string
iLen); // size of buffer
ASSERT (iResult);
date.ReleaseBuffer ();
if ( iResult )
pszDateTime = date;
else
hr = HRESULT_FROM_WIN32 (GetLastError ());
if ( iResult )
{
// Get time
// Get length to allocate buffer of sufficient size
iLen = GetTimeFormat (
LOCALE_USER_DEFAULT, // locale for which date is to be formatted
0, // flags specifying function options
&sysTime, // date to be formatted
0, // date format string
0, // buffer for storing formatted string
0); // size of buffer
ASSERT (iLen > 0);
if ( iLen > 0 )
{
iResult = GetTimeFormat (
LOCALE_USER_DEFAULT, // locale for which date is to be formatted
0, // flags specifying function options
&sysTime, // date to be formatted
0, // date format string
time.GetBufferSetLength (iLen), // buffer for storing formatted string
iLen); // size of buffer
ASSERT (iResult);
time.ReleaseBuffer ();
if ( iResult )
{
pszDateTime = date + L" " + time;
}
else
hr = E_UNEXPECTED;
}
else
hr = E_UNEXPECTED;
}
else
hr = E_UNEXPECTED;
}
else
{
hr = HRESULT_FROM_WIN32 (GetLastError ());
}
}
else
{
hr = HRESULT_FROM_WIN32 (GetLastError ());
}
}
else
{
hr = HRESULT_FROM_WIN32 (GetLastError ());
}
return hr;
}
void DisplaySystemError (HWND hParent, DWORD dwErr)
{
AFX_MANAGE_STATE (AfxGetStaticModuleState ());
LPVOID lpMsgBuf;
// security review BryanWal 2/20/2002 ok because message is from system
FormatMessage (FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM,
NULL,
dwErr,
MAKELANGID (LANG_NEUTRAL, SUBLANG_DEFAULT), // Default language
(PWSTR) &lpMsgBuf, 0, NULL);
// Display the string.
CThemeContextActivator activator;
CString caption;
VERIFY (caption.LoadString (IDS_CERTTMPL));
::MessageBox (hParent, (PWSTR) lpMsgBuf, (PCWSTR) caption, MB_OK);
// Free the buffer.
LocalFree (lpMsgBuf);
}
bool IsWindowsNT()
{
OSVERSIONINFO versionInfo;
// security review BryanWal 2/20/2002 ok
::ZeroMemory (&versionInfo, sizeof (versionInfo));
versionInfo.dwOSVersionInfoSize = sizeof (versionInfo);
BOOL bResult = ::GetVersionEx (&versionInfo);
ASSERT (bResult);
if ( bResult )
{
if ( VER_PLATFORM_WIN32_NT == versionInfo.dwPlatformId )
bResult = TRUE;
}
return bResult ? true : false;
}
////// This stuff was stolen from windows\gina\snapins\gpedit (eric flo's stuff) //////
//*************************************************************
//
// RegDelnodeRecurse()
//
// Purpose: Deletes a registry key and all it's subkeys / values.
// Called by RegDelnode
//
// Parameters: hKeyRoot - Root key
// pwszSubKey - SubKey to delete
//
// Return: ERROR_SUCCESS if successful
// something else if an error occurs
//
// Comments:
//
// History: Date Author Comment
// 10/3/95 ericflo Created
// 5/13/98 BryanWal Modified to return LRESULT
//
//*************************************************************
LRESULT RegDelnodeRecurse (HKEY hKeyRoot, CString szSubKey)
{
ASSERT (hKeyRoot && !szSubKey.IsEmpty ());
if ( !hKeyRoot || szSubKey.IsEmpty () )
return ERROR_INVALID_PARAMETER;
//
// First, see if we can delete the key without having
// to recurse.
//
LONG lResult = ::RegDeleteKey(hKeyRoot, szSubKey);
if (lResult == ERROR_SUCCESS)
{
return lResult;
}
HKEY hKey = 0;
lResult = ::RegOpenKeyEx (hKeyRoot, szSubKey, 0, KEY_READ, &hKey);
if (lResult == ERROR_SUCCESS)
{
// ensure szSubKey ends with a slash
if ( L'\\' != szSubKey.GetAt (szSubKey.GetLength () - 1) )
{
szSubKey += L"\\";
}
//
// Enumerate the keys
//
DWORD dwSize = MAX_PATH;
FILETIME ftWrite;
WCHAR szName[MAX_PATH];
lResult = ::RegEnumKeyEx(hKey, 0,
szName,
&dwSize, // size in TCHARS of szName, including terminating NULL (on input)
NULL,
NULL, NULL, &ftWrite);
if (lResult == ERROR_SUCCESS)
{
do {
if ( ERROR_SUCCESS != RegDelnodeRecurse (hKeyRoot, szSubKey + szName) )
{
break;
}
//
// Enumerate again
//
dwSize = MAX_PATH;
lResult = ::RegEnumKeyEx(hKey, 0,
szName,
&dwSize, // size in TCHARS of szName, including terminating NULL (on input)
NULL,
NULL, NULL, &ftWrite);
} while (lResult == ERROR_SUCCESS);
}
::RegCloseKey (hKey);
}
// remove slash from szSubKey
szSubKey.Delete (szSubKey.GetLength () - 1, 1);
//
// Try again to delete the key
//
lResult = ::RegDeleteKey(hKeyRoot, szSubKey);
if (lResult == ERROR_SUCCESS)
{
return lResult;
}
return lResult;
}
//*************************************************************
//
// RegDelnode()
//
// Purpose: Deletes a registry key and all it's subkeys / values
//
// Parameters: hKeyRoot - Root key
// pwszSubKey - SubKey to delete
//
// Return: ERROR_SUCCESS if successful
// something else if an error occurs
//
// Comments:
//
// History: Date Author Comment
// 10/3/95 ericflo Created
// 5/13/98 BryanWal Modified to return LRESULT
//
//*************************************************************
LRESULT RegDelnode (HKEY hKeyRoot, CString szSubKey)
{
ASSERT (hKeyRoot && !szSubKey.IsEmpty ());
if ( !hKeyRoot || szSubKey.IsEmpty () )
return ERROR_INVALID_PARAMETER;
return RegDelnodeRecurse (hKeyRoot, szSubKey);
}
//+--------------------------------------------------------------------------
//
// Function: InitObjectPickerForDomainComputers
//
// Synopsis: Call IDsObjectPicker::Initialize with arguments that will
// set it to allow the user to pick a single computer object.
//
// Arguments: [pDsObjectPicker] - object picker interface instance
//
// Returns: Result of calling IDsObjectPicker::Initialize.
//
// History: 10-14-1998 DavidMun Created
//
//---------------------------------------------------------------------------
HRESULT InitObjectPickerForDomainComputers(IDsObjectPicker *pDsObjectPicker)
{
//
// Prepare to initialize the object picker.
// Set up the array of scope initializer structures.
//
static const int SCOPE_INIT_COUNT = 1;
DSOP_SCOPE_INIT_INFO aScopeInit[SCOPE_INIT_COUNT];
// security review BryanWal 02/02/2002 ok
::ZeroMemory(aScopeInit, sizeof(aScopeInit));
//
// Since we just want computer objects from every scope, combine them
// all in a single scope initializer.
//
aScopeInit[0].cbSize = sizeof(DSOP_SCOPE_INIT_INFO);
aScopeInit[0].flType = DSOP_SCOPE_TYPE_UPLEVEL_JOINED_DOMAIN
| DSOP_SCOPE_TYPE_DOWNLEVEL_JOINED_DOMAIN;
aScopeInit[0].FilterFlags.Uplevel.flBothModes =
DSOP_FILTER_COMPUTERS;
aScopeInit[0].FilterFlags.flDownlevel = DSOP_DOWNLEVEL_FILTER_COMPUTERS;
//
// Put the scope init array into the object picker init array
//
DSOP_INIT_INFO InitInfo;
// security review BryanWal 02/02/2002 ok
::ZeroMemory(&InitInfo, sizeof(InitInfo));
InitInfo.cbSize = sizeof(InitInfo);
InitInfo.pwzTargetComputer = NULL; // NULL == local machine
InitInfo.cDsScopeInfos = SCOPE_INIT_COUNT;
InitInfo.aDsScopeInfos = aScopeInit;
//
// Note object picker makes its own copy of InitInfo. Also note
// that Initialize may be called multiple times, last call wins.
//
return pDsObjectPicker->Initialize(&InitInfo);
}
CString GetSystemMessage (DWORD dwErr)
{
AFX_MANAGE_STATE (AfxGetStaticModuleState ());
CString message;
if ( HRESULT_FROM_WIN32 (ERROR_NO_SUCH_DOMAIN) == dwErr )
{
VERIFY (message.LoadString (IDS_ERROR_NO_SUCH_DOMAIN));
}
else
{
LPVOID lpMsgBuf = 0;
// security review BryanWal 02/02/2002 ok because message is from system
FormatMessage (FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM,
NULL,
dwErr,
MAKELANGID (LANG_NEUTRAL, SUBLANG_DEFAULT), // Default language
(PWSTR) &lpMsgBuf, 0, NULL );
message = (PWSTR) lpMsgBuf;
// Remove white space (including new line characters)
message.TrimRight ();
// Free the buffer.
LocalFree (lpMsgBuf);
}
return message;
}
//+---------------------------------------------------------------------------
//
// Function: LocaleStrCmp
//
// Synopsis: Do a case insensitive string compare that is safe for any
// locale.
//
// Arguments: [ptsz1] - strings to compare
// [ptsz2]
//
// Returns: -1, 0, or 1 just like lstrcmpi
//
// History: 10-28-96 DavidMun Created
//
// Notes: This is slower than lstrcmpi, but will work when sorting
// strings even in Japanese.
//
//----------------------------------------------------------------------------
int LocaleStrCmp(LPCWSTR ptsz1, LPCWSTR ptsz2)
{
ASSERT (ptsz1 && ptsz2);
if ( !ptsz1 || !ptsz2 )
return 0;
int iRet = 0;
iRet = CompareString(LOCALE_USER_DEFAULT,
NORM_IGNORECASE |
NORM_IGNOREKANATYPE |
NORM_IGNOREWIDTH,
ptsz1,
-1,
ptsz2,
-1);
if (iRet)
{
iRet -= 2; // convert to lstrcmpi-style return -1, 0, or 1
if ( 0 == iRet )
{
UNICODE_STRING unistr1;
UNICODE_STRING unistr2;
// security review 2/20/2002 BryanWal ok - Length is length in BYTES
::RtlInitUnicodeString (&unistr1, ptsz1);
// security review 2/20/2002 BryanWal ok - Length is length in BYTES
::RtlInitUnicodeString (&unistr2, ptsz2);
iRet = ::RtlCompareUnicodeString(
&unistr1,
&unistr2,
FALSE );
}
}
else
{
DWORD dwErr = GetLastError ();
_TRACE (0, L"CompareString (%s, %s) failed: 0x%x\n", ptsz1, ptsz2, dwErr);
}
return iRet;
}
void FreeStringArray (PWSTR* rgpszStrings, DWORD dwAddCount)
{
if ( rgpszStrings )
{
for (DWORD dwIndex = 0; dwIndex < dwAddCount; dwIndex++)
{
if ( rgpszStrings[dwIndex] )
CoTaskMemFree (rgpszStrings[dwIndex]);
}
CoTaskMemFree (rgpszStrings);
}
}
HRESULT DisplayRootNodeStatusBarText (LPCONSOLE pConsole)
{
if ( !pConsole )
return E_POINTER;
_TRACE (1, L"Entering DisplayRootNodeStatusBarText\n");
AFX_MANAGE_STATE (AfxGetStaticModuleState ( ));
CComPtr<IConsole2> spConsole2;
HRESULT hr = pConsole->QueryInterface (IID_PPV_ARG (IConsole2, &spConsole2));
if (SUCCEEDED (hr))
{
CString statusText;
VERIFY (statusText.LoadString (IDS_ROOTNODE_STATUSBAR_TEXT));
hr = spConsole2->SetStatusText ((PWSTR)(PCWSTR) statusText);
}
_TRACE (-1, L"Leaving DisplayRootNodeStatusBarText: 0x%x\n", hr);
return hr;
}
HRESULT DisplayObjectCountInStatusBar (LPCONSOLE pConsole, DWORD dwCnt)
{
if ( !pConsole )
return E_POINTER;
_TRACE (1, L"Entering DisplayObjectCountInStatusBar- %d, %s\n",
dwCnt, L"Certificate Templates");
AFX_MANAGE_STATE (AfxGetStaticModuleState ( ));
CComPtr<IConsole2> spConsole2;
HRESULT hr = pConsole->QueryInterface (IID_PPV_ARG (IConsole2, &spConsole2));
if (SUCCEEDED (hr))
{
CString statusText;
UINT formatID = 0;
switch (dwCnt)
{
case -1:
statusText = L"";
break;
case 1:
VERIFY (statusText.LoadString (IDS_CERT_TEMPLATE_COUNT_SINGLE));
break;
default:
formatID = IDS_CERT_TEMPLATE_COUNT;
break;
}
if ( formatID )
{
// security review BryanWal 02/02/2002 ok
statusText.FormatMessage (formatID, dwCnt);
}
hr = spConsole2->SetStatusText ((PWSTR)(PCWSTR) statusText);
}
_TRACE (-1, L"Leaving DisplayObjectCountInStatusBar: 0x%x\n", hr);
return hr;
}
PCWSTR GetContextHelpFile ()
{
static CString strHelpTopic;
if ( strHelpTopic.IsEmpty () )
{
UINT nLen = ::GetSystemWindowsDirectory (strHelpTopic.GetBufferSetLength(2 * MAX_PATH), 2 * MAX_PATH);
strHelpTopic.ReleaseBuffer();
if (0 == nLen)
{
ASSERT(FALSE);
return 0;
}
strHelpTopic += CERTTMPL_HELP_PATH;
strHelpTopic += CERTTMPL_CONTEXT_HELP_FILE;
}
return (PCWSTR) strHelpTopic;
}
bool MyGetOIDInfoA (CString & string, LPCSTR pszObjId)
{
ASSERT (pszObjId);
if ( !pszObjId )
return false;
PCCRYPT_OID_INFO pOIDInfo; // This points to a constant data structure and must not be freed.
bool bResult = false;
// NTRAID# 479067 Certtmpl UI: Title bar and descriptive text incorrect
if ( !strcmp (szOID_CERT_POLICIES, pszObjId) )
{
VERIFY (string.LoadString (IDS_ISSUANCE_POLICIES));
bResult = true;
}
else
{
string = L"";
pOIDInfo = ::CryptFindOIDInfo (CRYPT_OID_INFO_OID_KEY, (void *) pszObjId, 0);
if ( pOIDInfo )
{
string = pOIDInfo->pwszName;
bResult = true;
}
else
{
for (POSITION nextPos = g_policyOIDList.GetHeadPosition (); nextPos; )
{
CPolicyOID* pPolicyOID = g_policyOIDList.GetNext (nextPos);
if ( pPolicyOID )
{
if ( !strcmp (pPolicyOID->GetOIDA (), pszObjId) )
{
string = pPolicyOID->GetDisplayName ();
bResult = true;
break;
}
}
}
if ( !bResult )
{
// security review BryanWal 02/02/2002 ok
int nLen = ::MultiByteToWideChar (CP_ACP, 0, pszObjId, -1, NULL, 0);
ASSERT (nLen > 0);
if ( nLen > 0)
{
// security review BryanWal 02/02/2002 ok
// NOTICE: GetBufferSetLength () takes len not including trailing NULL,
// returns NULL on failure. MultiByteToWideChar () handles NULL arg.
nLen = ::MultiByteToWideChar (CP_ACP, 0, pszObjId, -1,
string.GetBufferSetLength (nLen), nLen);
ASSERT (nLen > 0);
string.ReleaseBuffer ();
}
bResult = (nLen > 0) ? true : false;
}
}
}
return bResult;
}
#define REGSZ_ENABLE_CERTTYPE_EDITING L"EnableCertTypeEditing"
bool IsCerttypeEditingAllowed()
{
DWORD lResult;
HKEY hKey = NULL;
DWORD dwType;
DWORD dwEnabled = 0;
DWORD cbEnabled = sizeof(dwEnabled);
lResult = RegOpenKeyEx (HKEY_CURRENT_USER,
L"Software\\Microsoft\\Cryptography\\CertificateTemplateCache",
0,
KEY_READ,
&hKey);
if (lResult == ERROR_SUCCESS)
{
// security review BryanWal 02/02/2002 ok
lResult = RegQueryValueEx(hKey,
REGSZ_ENABLE_CERTTYPE_EDITING,
NULL,
&dwType,
(PBYTE)&dwEnabled,
&cbEnabled);
if(lResult == ERROR_SUCCESS)
{
if(dwType != REG_DWORD)
{
dwEnabled = 0;
}
}
RegCloseKey (hKey);
}
return (dwEnabled != 0);
}
BOOL EnumOIDInfo (PCCRYPT_OID_INFO pInfo, void* /*pvArg*/)
{
BOOL bRVal = TRUE;
if ( pInfo && pInfo->pszOID )
{
// NTRAID# 463344 Certtmpl.msc: Remove "All Application Policies" from
// Extensions selection list in Certtmpl.msc -- break Enrollment
if ( !strcmp (szOID_ANY_APPLICATION_POLICY, pInfo->pszOID) )
return TRUE;
for (POSITION nextPos = g_policyOIDList.GetHeadPosition (); nextPos; )
{
CPolicyOID* pPolicyOID = g_policyOIDList.GetNext (nextPos);
if ( pPolicyOID )
{
if ( !strcmp (pPolicyOID->GetOIDA (), pInfo->pszOID) )
return TRUE; // duplicate found, get next
}
}
int flags = 0;
if ( CRYPT_ENHKEY_USAGE_OID_GROUP_ID == pInfo->dwGroupId )
flags = CERT_OID_TYPE_APPLICATION_POLICY;
else if ( CRYPT_POLICY_OID_GROUP_ID == pInfo->dwGroupId )
flags = CERT_OID_TYPE_ISSUER_POLICY;
else
{
ASSERT (0);
return TRUE;
}
CPolicyOID* pPolicyOID = new CPolicyOID (pInfo->pszOID, pInfo->pwszName,
flags, false);
if ( pPolicyOID )
{
g_policyOIDList.AddTail (pPolicyOID);
}
else
bRVal = FALSE;
}
else
bRVal = FALSE;
return bRVal;
}
HRESULT GetBuiltInOIDs ()
{
HRESULT hr = S_OK;
CryptEnumOIDInfo (
CRYPT_ENHKEY_USAGE_OID_GROUP_ID,
0,
0,
EnumOIDInfo);
CryptEnumOIDInfo (
CRYPT_POLICY_OID_GROUP_ID,
0,
0,
EnumOIDInfo);
return hr;
}
HRESULT EnumerateOIDs (
IDirectoryObject* pOIDContObj)
{
_TRACE (1, L"Entering EnumerateOIDs\n");
CComPtr<IDirectorySearch> spDsSearch;
HRESULT hr = pOIDContObj->QueryInterface (IID_PPV_ARG(IDirectorySearch, &spDsSearch));
if ( SUCCEEDED (hr) )
{
ASSERT (!!spDsSearch);
ADS_SEARCHPREF_INFO pSearchPref[1];
DWORD dwNumPref = 1;
pSearchPref[0].dwSearchPref = ADS_SEARCHPREF_SEARCH_SCOPE;
pSearchPref[0].vValue.dwType = ADSTYPE_INTEGER;
pSearchPref[0].vValue.Integer = ADS_SCOPE_ONELEVEL;
hr = spDsSearch->SetSearchPreference(
pSearchPref,
dwNumPref
);
if ( SUCCEEDED (hr) )
{
static const DWORD cAttrs = 3;
static PWSTR rgszAttrList[cAttrs] = {OID_PROP_DISPLAY_NAME, OID_PROP_OID, OID_PROP_TYPE};
ADS_SEARCH_HANDLE hSearchHandle = 0;
wstring strQuery;
ADS_SEARCH_COLUMN Column;
Column.pszAttrName = 0;
strQuery = L"objectClass=msPKI-Enterprise-Oid";
hr = spDsSearch->ExecuteSearch(
const_cast <PWSTR>(strQuery.c_str ()),
rgszAttrList,
cAttrs,
&hSearchHandle
);
if ( SUCCEEDED (hr) )
{
while ((hr = spDsSearch->GetNextRow (hSearchHandle)) != S_ADS_NOMORE_ROWS )
{
if (FAILED(hr))
continue;
//
// Getting current row's information
//
hr = spDsSearch->GetColumn(
hSearchHandle,
rgszAttrList[0],
&Column
);
if ( SUCCEEDED (hr) )
{
CString strDisplayName = Column.pADsValues->CaseIgnoreString;
spDsSearch->FreeColumn (&Column);
Column.pszAttrName = NULL;
hr = spDsSearch->GetColumn(
hSearchHandle,
rgszAttrList[1],
&Column
);
if ( SUCCEEDED (hr) )
{
bool bOIDFound = false;
CString strOID = Column.pADsValues->CaseIgnoreString;
spDsSearch->FreeColumn (&Column);
for (POSITION nextPos = g_policyOIDList.GetHeadPosition (); nextPos; )
{
CPolicyOID* pPolicyOID = g_policyOIDList.GetNext (nextPos);
if ( pPolicyOID )
{
if ( pPolicyOID->GetOIDW () == strOID )
{
bOIDFound = true;
break;
}
}
}
if ( !bOIDFound )
{
Column.pszAttrName = NULL;
hr = spDsSearch->GetColumn(
hSearchHandle,
rgszAttrList[2],
&Column
);
if ( SUCCEEDED (hr) )
{
ADS_INTEGER flags = Column.pADsValues->Integer;
spDsSearch->FreeColumn (&Column);
Column.pszAttrName = NULL;
// Only add issuance and application OIDs to the list
if ( CERT_OID_TYPE_ISSUER_POLICY == flags ||
CERT_OID_TYPE_APPLICATION_POLICY == flags )
{
CPolicyOID* pPolicyOID = new CPolicyOID (strOID, strDisplayName, flags);
if ( pPolicyOID )
{
g_policyOIDList.AddTail (pPolicyOID);
}
else
break;
}
}
}
}
}
else if ( hr != E_ADS_COLUMN_NOT_SET )
{
break;
}
else
{
_TRACE (0, L"IDirectorySearch::GetColumn () failed: 0x%x\n", hr);
}
}
}
else
{
_TRACE (0, L"IDirectorySearch::ExecuteSearch () failed: 0x%x\n", hr);
}
spDsSearch->CloseSearchHandle(hSearchHandle);
}
else
{
_TRACE (0, L"IDirectorySearch::SetSearchPreference () failed: 0x%x\n", hr);
}
}
else
{
_TRACE (0, L"IDirectoryObject::QueryInterface (IDirectorySearch) failed: 0x%x\n", hr);
}
_TRACE (-1, L"Leaving EnumerateOIDs: 0x%x\n", hr);
return hr;
}
HRESULT GetEnterpriseOIDs ()
{
_TRACE (1, L"Entering GetEnterpriseOIDs\n");
AFX_MANAGE_STATE(AfxGetStaticModuleState());
HRESULT hr = S_OK;
// Empty the list first
while ( !g_policyOIDList.IsEmpty () )
{
CPolicyOID* pPolicyOID = g_policyOIDList.RemoveHead ();
if ( pPolicyOID )
delete pPolicyOID;
}
hr = GetBuiltInOIDs ();
if ( SUCCEEDED (hr) )
{
CComPtr<IADsPathname> spPathname;
//
// Constructing the directory paths
//
// security review BryanWal 02/02/2002 ok
hr = CoCreateInstance(
CLSID_Pathname,
NULL,
CLSCTX_ALL,
IID_PPV_ARG (IADsPathname, &spPathname));
if ( SUCCEEDED (hr) )
{
CComBSTR bstrPathElement;
ASSERT (!!spPathname);
bstrPathElement = CERTTMPL_LDAP;
hr = spPathname->Set(bstrPathElement, ADS_SETTYPE_PROVIDER);
if ( SUCCEEDED (hr) )
{
//
// Open the root DSE object
//
bstrPathElement = CERTTMPL_ROOTDSE;
hr = spPathname->AddLeafElement(bstrPathElement);
if ( SUCCEEDED (hr) )
{
BSTR bstrFullPath = 0;
hr = spPathname->Retrieve(ADS_FORMAT_X500, &bstrFullPath);
if ( SUCCEEDED (hr) )
{
CComPtr<IADs> spRootDSEObject;
VARIANT varNamingContext;
hr = ADsGetObject (
bstrFullPath,
IID_PPV_ARG (IADs, &spRootDSEObject));
if ( SUCCEEDED (hr) )
{
ASSERT (!!spRootDSEObject);
//
// Get the configuration naming context from the root DSE
//
bstrPathElement = CERTTMPL_CONFIG_NAMING_CONTEXT;
hr = spRootDSEObject->Get(bstrPathElement,
&varNamingContext);
if ( SUCCEEDED (hr) )
{
hr = spPathname->Set(V_BSTR(&varNamingContext),
ADS_SETTYPE_DN);
if ( SUCCEEDED (hr) )
{
bstrPathElement = L"CN=Services";
hr = spPathname->AddLeafElement (bstrPathElement);
if ( SUCCEEDED (hr) )
{
bstrPathElement = L"CN=Public Key Services";
hr = spPathname->AddLeafElement (bstrPathElement);
if ( SUCCEEDED (hr) )
{
bstrPathElement = L"CN=OID";
hr = spPathname->AddLeafElement (bstrPathElement);
if ( SUCCEEDED (hr) )
{
BSTR bstrOIDPath = 0;
hr = spPathname->Retrieve(ADS_FORMAT_X500, &bstrOIDPath);
if ( SUCCEEDED (hr) )
{
CComPtr<IDirectoryObject> spOIDContObj;
hr = ADsGetObject (
bstrOIDPath,
IID_PPV_ARG (IDirectoryObject, &spOIDContObj));
if ( SUCCEEDED (hr) )
{
hr = EnumerateOIDs (spOIDContObj);
}
else
{
_TRACE (0, L"ADsGetObject (%s) failed: 0x%x\n", bstrOIDPath, hr);
}
SysFreeString (bstrOIDPath);
}
}
}
}
}
}
else
{
_TRACE (0, L"IADs::Get (%s) failed: 0x%x\n", CERTTMPL_CONFIG_NAMING_CONTEXT, hr);
}
}
else
{
_TRACE (0, L"ADsGetObject (%s) failed: 0x%x\n", bstrFullPath, hr);
}
}
}
}
}
else
hr = E_POINTER;
}
_TRACE (-1, L"Leaving GetEnterpriseOIDs: 0x%x\n", hr);
return hr;
}
bool OIDHasValidFormat (PCWSTR pszOidValue, int& rErrorTypeStrID)
{
ASSERT (pszOidValue);
if ( !pszOidValue )
return false;
_TRACE (1, L"Entering OIDHasValidFormat (%s)\n", pszOidValue);
rErrorTypeStrID = 0;
bool bFormatIsValid = false;
int nLen = WideCharToMultiByte(
CP_ACP, // code page
0, // performance and mapping flags
pszOidValue, // wide-character string
-1, // -1 - calculate length of null-terminated string automatically
0, // buffer for new string
0, // size of buffer - 0 causes API to return length including null terminator
0, // default for unmappable chars
0); // set when default char used
if ( nLen > 0 )
{
PSTR pszAnsiBuf = new char[nLen];
if ( pszAnsiBuf )
{
// security review BryanWal 02/02/2002 ok
ZeroMemory (pszAnsiBuf, nLen*sizeof(char));
// security review BryanWal 02/02/2002 ok
nLen = WideCharToMultiByte(
CP_ACP, // code page
0, // performance and mapping flags
pszOidValue, // wide-character string
-1, // -1 - calculate length of null-terminated string automatically
pszAnsiBuf, // buffer for new string
nLen, // size of buffer
0, // default for unmappable chars
0); // set when default char used
if ( nLen )
{
// According to PhilH:
// The first number is limited to
// 0,1 or 2. The second number is
// limited to 0 - 39 when the first
// number is 0 or 1. Otherwise, any
// number.
// Also, according to X.208, there
// must be at least 2 numbers.
bFormatIsValid = true;
// security review 2/20/2002 BryanWal ok
size_t cbAnsiBufLen = strlen (pszAnsiBuf);
// check for only digits and "."
size_t nIdx = strspn (pszAnsiBuf, "0123456789.\0");
if ( nIdx > 0 && nIdx < cbAnsiBufLen )
{
bFormatIsValid = false;
rErrorTypeStrID = IDS_OID_CONTAINS_NON_DIGITS;
}
// check for consecutive "."s - string not valid if present
if ( bFormatIsValid && strstr (pszAnsiBuf, "..") )
{
bFormatIsValid = false;
rErrorTypeStrID = IDS_OID_CONTAINS_CONSECUTIVE_DOTS;
}
// must begin with "0." or "1." or "2."
bool bFirstNumberIs0 = false;
bool bFirstNumberIs1 = false;
bool bFirstNumberIs2 = false;
if ( bFormatIsValid )
{
if ( !strncmp (pszAnsiBuf, "0.", 2) )
bFirstNumberIs0 = true;
else if ( !strncmp (pszAnsiBuf, "1.", 2) )
bFirstNumberIs1 = true;
else if ( !strncmp (pszAnsiBuf, "2.", 2) )
bFirstNumberIs2 = true;
if ( !bFirstNumberIs0 && !bFirstNumberIs1 && !bFirstNumberIs2 )
{
bFormatIsValid = false;
rErrorTypeStrID = IDS_OID_MUST_START_WITH_0_1_2;
}
}
if ( bFormatIsValid && ( bFirstNumberIs0 || bFirstNumberIs1 ) )
{
PSTR pszBuf = pszAnsiBuf;
pszBuf += 2;
// there must be a number after the dot
// security review 2/20/2002 BryanWal ok
if ( strlen (pszBuf) )
{
// truncate the string at the next dot, if any
PSTR pszDot = strstr (pszBuf, ".");
if ( pszDot )
pszDot[0] = 0;
// convert the string to a number and check for range 0-39
int nValue = atoi (pszBuf);
if ( nValue < 0 || nValue > 39 )
{
bFormatIsValid = false;
rErrorTypeStrID = IDS_OID_0_1_MUST_BE_0_TO_39;
}
}
else
{
bFormatIsValid = false;
rErrorTypeStrID = IDS_OID_MUST_HAVE_TWO_NUMBERS;
}
}
// ensure no trailing "."
if ( bFormatIsValid )
{
if ( '.' == pszAnsiBuf[cbAnsiBufLen - 1] )
{
bFormatIsValid = false;
rErrorTypeStrID = IDS_OID_CANNOT_END_WITH_DOT;
}
}
if ( bFormatIsValid )
{
bFormatIsValid = false;
CRYPT_ATTRIBUTE cryptAttr;
// security review BryanWal 02/02/2002 ok
::ZeroMemory (&cryptAttr, sizeof (cryptAttr));
cryptAttr.cValue = 0;
cryptAttr.pszObjId = pszAnsiBuf;
cryptAttr.rgValue = 0;
DWORD cbEncoded = 0;
BOOL bResult = CryptEncodeObject (X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
PKCS_ATTRIBUTE,
&cryptAttr,
NULL,
&cbEncoded);
if ( cbEncoded > 0 )
{
BYTE* pBuffer = new BYTE[cbEncoded];
if ( pBuffer )
{
bResult = CryptEncodeObject (X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
PKCS_ATTRIBUTE,
&cryptAttr,
pBuffer,
&cbEncoded);
if ( bResult )
{
DWORD cbStructInfo = 0;
bResult = CryptDecodeObject (X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
PKCS_ATTRIBUTE,
pBuffer,
cbEncoded,
0,
0,
&cbStructInfo);
if ( cbStructInfo > 0 )
{
BYTE* pStructBuf = new BYTE[cbStructInfo];
if ( pStructBuf )
{
bResult = CryptDecodeObject (X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
PKCS_ATTRIBUTE,
pBuffer,
cbEncoded,
0,
pStructBuf,
&cbStructInfo);
if ( bResult )
{
CRYPT_ATTRIBUTE* pCryptAttr = (CRYPT_ATTRIBUTE*) pStructBuf;
if ( !strcmp (pszAnsiBuf, pCryptAttr->pszObjId) )
{
bFormatIsValid = true;
}
}
delete [] pStructBuf;
}
}
}
delete [] pBuffer;
}
}
}
}
else
{
_TRACE (0, L"WideCharToMultiByte (%s) failed: 0x%x\n", pszOidValue,
GetLastError ());
}
delete [] pszAnsiBuf;
}
}
else
{
_TRACE (0, L"WideCharToMultiByte (%s) failed: 0x%x\n", pszOidValue,
GetLastError ());
}
_TRACE (-1, L"Leaving EnumerateOIDs: %s\n", bFormatIsValid ? L"true" : L"false");
return bFormatIsValid;
}
HPROPSHEETPAGE MyCreatePropertySheetPage(AFX_OLDPROPSHEETPAGE* psp)
{
ASSERT (psp);
if ( !psp )
return 0;
PROPSHEETPAGE_V3 sp_v3 = {0};
// security review 2/20/2002 BryanWal ok
ASSERT (sizeof (sp_v3) >= psp->dwSize);
if ( sizeof (sp_v3) >= psp->dwSize )
{
CopyMemory (&sp_v3, psp, psp->dwSize);
sp_v3.dwSize = sizeof(sp_v3);
}
else
return 0;
return (::CreatePropertySheetPage (&sp_v3));
}