You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
359 lines
13 KiB
359 lines
13 KiB
//+---------------------------------------------------------------------------
|
|
//
|
|
// Microsoft Windows
|
|
// Copyright (C) Microsoft Corporation, 2000-2002.
|
|
//
|
|
// File: SaferTrustedPublishersPropertyPage.h
|
|
//
|
|
// Contents: Declaration of CSaferTrustedPublishersPropertyPage
|
|
//
|
|
//----------------------------------------------------------------------------
|
|
// SaferTrustedPublishersPropertyPage.cpp : implementation file
|
|
//
|
|
|
|
#include "stdafx.h"
|
|
#include "certmgr.h"
|
|
#include <gpedit.h>
|
|
#include "compdata.h"
|
|
#include "SaferTrustedPublishersPropertyPage.h"
|
|
|
|
#ifdef _DEBUG
|
|
#define new DEBUG_NEW
|
|
#undef THIS_FILE
|
|
static char THIS_FILE[] = __FILE__;
|
|
#endif
|
|
|
|
extern GUID g_guidExtension;
|
|
extern GUID g_guidRegExt;
|
|
extern GUID g_guidSnapin;
|
|
|
|
/////////////////////////////////////////////////////////////////////////////
|
|
// CSaferTrustedPublishersPropertyPage property page
|
|
|
|
CSaferTrustedPublishersPropertyPage::CSaferTrustedPublishersPropertyPage(
|
|
bool fIsMachineType, IGPEInformation* pGPEInformation,
|
|
CCertMgrComponentData* pCompData)
|
|
: CHelpPropertyPage(CSaferTrustedPublishersPropertyPage::IDD),
|
|
m_pGPEInformation (pGPEInformation),
|
|
m_hGroupPolicyKey (0),
|
|
m_dwTrustedPublisherFlags (0),
|
|
m_fIsComputerType (fIsMachineType),
|
|
m_bRSOPValueFound (false),
|
|
m_pCompData (pCompData)
|
|
{
|
|
// NTRAID# 263969 Safer Windows: "Enterprise Administrators" radio
|
|
// button should be disabled on Trusted Publishers property sheet for
|
|
// computers in workgroups.
|
|
ASSERT (m_pCompData);
|
|
if ( m_pCompData )
|
|
{
|
|
m_pCompData->AddRef ();
|
|
m_pCompData->IncrementOpenSaferPageCount ();
|
|
}
|
|
|
|
if ( m_pGPEInformation )
|
|
{
|
|
m_pGPEInformation->AddRef ();
|
|
HRESULT hResult = m_pGPEInformation->GetRegistryKey (
|
|
m_fIsComputerType ? GPO_SECTION_MACHINE : GPO_SECTION_USER,
|
|
&m_hGroupPolicyKey);
|
|
ASSERT (SUCCEEDED (hResult));
|
|
if ( SUCCEEDED (hResult) )
|
|
GetTrustedPublisherFlags ();
|
|
}
|
|
else
|
|
RSOPGetTrustedPublisherFlags (pCompData);
|
|
|
|
//{{AFX_DATA_INIT(CSaferTrustedPublishersPropertyPage)
|
|
// NOTE: the ClassWizard will add member initialization here
|
|
//}}AFX_DATA_INIT
|
|
}
|
|
|
|
CSaferTrustedPublishersPropertyPage::~CSaferTrustedPublishersPropertyPage()
|
|
{
|
|
if ( m_hGroupPolicyKey )
|
|
RegCloseKey (m_hGroupPolicyKey);
|
|
|
|
if ( m_pGPEInformation )
|
|
{
|
|
m_pGPEInformation->Release ();
|
|
}
|
|
|
|
if ( m_pCompData )
|
|
{
|
|
m_pCompData->DecrementOpenSaferPageCount ();
|
|
m_pCompData->Release ();
|
|
m_pCompData = 0;
|
|
}
|
|
}
|
|
|
|
void CSaferTrustedPublishersPropertyPage::DoDataExchange(CDataExchange* pDX)
|
|
{
|
|
CHelpPropertyPage::DoDataExchange(pDX);
|
|
//{{AFX_DATA_MAP(CSaferTrustedPublishersPropertyPage)
|
|
// NOTE: the ClassWizard will add DDX and DDV calls here
|
|
//}}AFX_DATA_MAP
|
|
}
|
|
|
|
|
|
BEGIN_MESSAGE_MAP(CSaferTrustedPublishersPropertyPage, CHelpPropertyPage)
|
|
//{{AFX_MSG_MAP(CSaferTrustedPublishersPropertyPage)
|
|
ON_BN_CLICKED(IDC_TP_BY_END_USER, OnTpByEndUser)
|
|
ON_BN_CLICKED(IDC_TP_BY_LOCAL_COMPUTER_ADMIN, OnTpByLocalComputerAdmin)
|
|
ON_BN_CLICKED(IDC_TP_BY_ENTERPRISE_ADMIN, OnTpByEnterpriseAdmin)
|
|
ON_BN_CLICKED(IDC_TP_REV_CHECK_PUBLISHER, OnTpRevCheckPublisher)
|
|
ON_BN_CLICKED(IDC_TP_REV_CHECK_TIMESTAMP, OnTpRevCheckTimestamp)
|
|
//}}AFX_MSG_MAP
|
|
END_MESSAGE_MAP()
|
|
|
|
/////////////////////////////////////////////////////////////////////////////
|
|
// CSaferTrustedPublishersPropertyPage message handlers
|
|
void CSaferTrustedPublishersPropertyPage::DoContextHelp (HWND hWndControl)
|
|
{
|
|
_TRACE (1, L"Entering CSaferTrustedPublishersPropertyPage::DoContextHelp\n");
|
|
static const DWORD help_map[] =
|
|
{
|
|
IDC_TP_BY_END_USER, IDH_TP_BY_END_USER,
|
|
IDC_TP_BY_LOCAL_COMPUTER_ADMIN, IDH_TP_BY_LOCAL_COMPUTER_ADMIN,
|
|
IDC_TP_BY_ENTERPRISE_ADMIN, IDH_TP_BY_ENTERPRISE_ADMIN,
|
|
IDC_TP_REV_CHECK_PUBLISHER, IDH_TP_REV_CHECK_PUBLISHER,
|
|
IDC_TP_REV_CHECK_TIMESTAMP, IDH_TP_REV_CHECK_TIMESTAMP,
|
|
0, 0
|
|
};
|
|
switch (::GetDlgCtrlID (hWndControl))
|
|
{
|
|
case IDC_TP_BY_END_USER:
|
|
case IDC_TP_BY_LOCAL_COMPUTER_ADMIN:
|
|
case IDC_TP_BY_ENTERPRISE_ADMIN:
|
|
case IDC_TP_REV_CHECK_PUBLISHER:
|
|
case IDC_TP_REV_CHECK_TIMESTAMP:
|
|
if ( !::WinHelp (
|
|
hWndControl,
|
|
GetF1HelpFilename(),
|
|
HELP_WM_HELP,
|
|
(DWORD_PTR) help_map) )
|
|
{
|
|
_TRACE (0, L"WinHelp () failed: 0x%x\n", GetLastError ());
|
|
}
|
|
break;
|
|
|
|
default:
|
|
break;
|
|
}
|
|
_TRACE (-1, L"Leaving CSaferTrustedPublishersPropertyPage::DoContextHelp\n");
|
|
}
|
|
|
|
|
|
BOOL CSaferTrustedPublishersPropertyPage::OnInitDialog()
|
|
{
|
|
CHelpPropertyPage::OnInitDialog();
|
|
|
|
if ( m_dwTrustedPublisherFlags & CERT_TRUST_PUB_CHECK_PUBLISHER_REV_FLAG )
|
|
SendDlgItemMessage (IDC_TP_REV_CHECK_PUBLISHER, BM_SETCHECK, BST_CHECKED);
|
|
|
|
if ( m_dwTrustedPublisherFlags & CERT_TRUST_PUB_CHECK_TIMESTAMP_REV_FLAG )
|
|
SendDlgItemMessage (IDC_TP_REV_CHECK_TIMESTAMP, BM_SETCHECK, BST_CHECKED);
|
|
|
|
if ( m_dwTrustedPublisherFlags & CERT_TRUST_PUB_ALLOW_ENTERPRISE_ADMIN_TRUST )
|
|
SendDlgItemMessage (IDC_TP_BY_ENTERPRISE_ADMIN, BM_SETCHECK, BST_CHECKED);
|
|
else if ( m_dwTrustedPublisherFlags & CERT_TRUST_PUB_ALLOW_MACHINE_ADMIN_TRUST )
|
|
SendDlgItemMessage (IDC_TP_BY_LOCAL_COMPUTER_ADMIN, BM_SETCHECK, BST_CHECKED);
|
|
else
|
|
SendDlgItemMessage (IDC_TP_BY_END_USER, BM_SETCHECK, BST_CHECKED);
|
|
|
|
if ( !m_pGPEInformation )
|
|
{
|
|
// Is RSOP
|
|
GetDlgItem (IDC_TP_REV_CHECK_PUBLISHER)->EnableWindow (FALSE);
|
|
GetDlgItem (IDC_TP_REV_CHECK_TIMESTAMP)->EnableWindow (FALSE);
|
|
GetDlgItem (IDC_TP_BY_ENTERPRISE_ADMIN)->EnableWindow (FALSE);
|
|
GetDlgItem (IDC_TP_BY_LOCAL_COMPUTER_ADMIN)->EnableWindow (FALSE);
|
|
GetDlgItem (IDC_TP_BY_END_USER)->EnableWindow (FALSE);
|
|
}
|
|
|
|
// NTRAID# 263969 Safer Windows: "Enterprise Administrators" radio
|
|
// button should be disabled on Trusted Publishers property sheet for
|
|
// computers in workgroups.
|
|
if ( m_pCompData->ComputerIsStandAlone () )
|
|
GetDlgItem (IDC_TP_BY_ENTERPRISE_ADMIN)->EnableWindow (FALSE);
|
|
|
|
return TRUE; // return TRUE unless you set the focus to a control
|
|
// EXCEPTION: OCX Property Pages should return FALSE
|
|
}
|
|
|
|
void CSaferTrustedPublishersPropertyPage::GetTrustedPublisherFlags()
|
|
{
|
|
DWORD dwDisposition = 0;
|
|
|
|
HKEY hKey = 0;
|
|
LONG lResult = ::RegCreateKeyEx (m_hGroupPolicyKey, // handle of an open key
|
|
CERT_TRUST_PUB_SAFER_GROUP_POLICY_REGPATH, // address of subkey name
|
|
0, // reserved
|
|
L"", // address of class string
|
|
REG_OPTION_NON_VOLATILE, // special options flag
|
|
// security review 2/25/2002 BryanWal ok
|
|
KEY_QUERY_VALUE, // desired security access
|
|
NULL, // address of key security structure
|
|
&hKey, // address of buffer for opened handle
|
|
&dwDisposition); // address of disposition value buffer
|
|
ASSERT (lResult == ERROR_SUCCESS);
|
|
if ( lResult == ERROR_SUCCESS )
|
|
{
|
|
// Read value
|
|
DWORD dwType = REG_DWORD;
|
|
DWORD dwData = 0;
|
|
DWORD cbData = sizeof (dwData);
|
|
|
|
// security review 2/25/2002 BryanWal ok
|
|
lResult = ::RegQueryValueEx (hKey, // handle of key to query
|
|
CERT_TRUST_PUB_AUTHENTICODE_FLAGS_VALUE_NAME, // address of name of value to query
|
|
0, // reserved
|
|
&dwType, // address of buffer for value type
|
|
(LPBYTE) &dwData, // address of data buffer
|
|
&cbData); // address of data buffer size);
|
|
ASSERT (ERROR_SUCCESS == lResult || ERROR_FILE_NOT_FOUND == lResult);
|
|
if ( ERROR_SUCCESS == lResult || ERROR_FILE_NOT_FOUND == lResult )
|
|
{
|
|
if ( REG_DWORD == dwType )
|
|
m_dwTrustedPublisherFlags = dwData;
|
|
}
|
|
else
|
|
DisplaySystemError (m_hWnd, lResult);
|
|
|
|
RegCloseKey (hKey);
|
|
}
|
|
else
|
|
DisplaySystemError (m_hWnd, lResult);
|
|
}
|
|
|
|
void CSaferTrustedPublishersPropertyPage::OnTpByEndUser()
|
|
{
|
|
if ( m_dwTrustedPublisherFlags &
|
|
(CERT_TRUST_PUB_ALLOW_MACHINE_ADMIN_TRUST |
|
|
CERT_TRUST_PUB_ALLOW_ENTERPRISE_ADMIN_TRUST) )
|
|
{
|
|
m_dwTrustedPublisherFlags = 0;
|
|
SetModified ();
|
|
}
|
|
}
|
|
|
|
void CSaferTrustedPublishersPropertyPage::OnTpByLocalComputerAdmin()
|
|
{
|
|
if ( !(m_dwTrustedPublisherFlags & CERT_TRUST_PUB_ALLOW_MACHINE_ADMIN_TRUST) )
|
|
{
|
|
m_dwTrustedPublisherFlags = CERT_TRUST_PUB_ALLOW_MACHINE_ADMIN_TRUST;
|
|
SetModified ();
|
|
}
|
|
}
|
|
|
|
void CSaferTrustedPublishersPropertyPage::OnTpByEnterpriseAdmin()
|
|
{
|
|
if ( !(m_dwTrustedPublisherFlags & CERT_TRUST_PUB_ALLOW_ENTERPRISE_ADMIN_TRUST) )
|
|
{
|
|
m_dwTrustedPublisherFlags = CERT_TRUST_PUB_ALLOW_ENTERPRISE_ADMIN_TRUST;
|
|
SetModified ();
|
|
}
|
|
}
|
|
|
|
void CSaferTrustedPublishersPropertyPage::OnTpRevCheckPublisher()
|
|
{
|
|
SetModified ();
|
|
}
|
|
|
|
void CSaferTrustedPublishersPropertyPage::OnTpRevCheckTimestamp()
|
|
{
|
|
SetModified ();
|
|
}
|
|
|
|
BOOL CSaferTrustedPublishersPropertyPage::OnApply()
|
|
{
|
|
if ( m_pGPEInformation )
|
|
{
|
|
DWORD dwFlags = 0;
|
|
|
|
if ( BST_CHECKED == SendDlgItemMessage (IDC_TP_REV_CHECK_PUBLISHER, BM_GETCHECK) )
|
|
dwFlags |= CERT_TRUST_PUB_CHECK_PUBLISHER_REV_FLAG;
|
|
|
|
if ( BST_CHECKED == SendDlgItemMessage (IDC_TP_REV_CHECK_TIMESTAMP, BM_GETCHECK) )
|
|
dwFlags |= CERT_TRUST_PUB_CHECK_TIMESTAMP_REV_FLAG;
|
|
|
|
if ( BST_CHECKED == SendDlgItemMessage (IDC_TP_BY_ENTERPRISE_ADMIN, BM_GETCHECK) )
|
|
dwFlags |= CERT_TRUST_PUB_ALLOW_ENTERPRISE_ADMIN_TRUST;
|
|
else if ( BST_CHECKED == SendDlgItemMessage (IDC_TP_BY_LOCAL_COMPUTER_ADMIN, BM_GETCHECK) )
|
|
dwFlags |= CERT_TRUST_PUB_ALLOW_MACHINE_ADMIN_TRUST;
|
|
else
|
|
dwFlags |= CERT_TRUST_PUB_ALLOW_END_USER_TRUST;
|
|
|
|
HKEY hKey = 0;
|
|
DWORD dwDisposition = 0;
|
|
LONG lResult = ::RegCreateKeyEx (m_hGroupPolicyKey, // handle of an open key
|
|
CERT_TRUST_PUB_SAFER_GROUP_POLICY_REGPATH, // address of subkey name
|
|
0, // reserved
|
|
L"", // address of class string
|
|
REG_OPTION_NON_VOLATILE, // special options flag
|
|
// security review 2/25/2002 BryanWal ok
|
|
KEY_SET_VALUE, // desired security access
|
|
NULL, // address of key security structure
|
|
&hKey, // address of buffer for opened handle
|
|
&dwDisposition); // address of disposition value buffer
|
|
ASSERT (lResult == ERROR_SUCCESS);
|
|
if ( lResult == ERROR_SUCCESS )
|
|
{
|
|
DWORD cbData = sizeof (dwFlags);
|
|
lResult = ::RegSetValueEx (hKey,
|
|
CERT_TRUST_PUB_AUTHENTICODE_FLAGS_VALUE_NAME, // address of value to set
|
|
0, // reserved
|
|
REG_DWORD, // flag for value type
|
|
(CONST BYTE *) &dwFlags, // address of value data
|
|
cbData); // size of value data);
|
|
ASSERT (ERROR_SUCCESS == lResult);
|
|
if ( ERROR_SUCCESS == lResult )
|
|
{
|
|
// TRUE means we're changing the machine policy only
|
|
m_pGPEInformation->PolicyChanged (m_fIsComputerType ? TRUE : FALSE,
|
|
TRUE, &g_guidExtension, &g_guidSnapin);
|
|
m_pGPEInformation->PolicyChanged (m_fIsComputerType ? TRUE : FALSE,
|
|
TRUE, &g_guidRegExt, &g_guidSnapin);
|
|
}
|
|
else
|
|
DisplaySystemError (m_hWnd, lResult);
|
|
|
|
RegCloseKey (hKey);
|
|
}
|
|
}
|
|
|
|
return CHelpPropertyPage::OnApply();
|
|
}
|
|
|
|
void CSaferTrustedPublishersPropertyPage::RSOPGetTrustedPublisherFlags(const CCertMgrComponentData* pCompData)
|
|
{
|
|
if ( pCompData )
|
|
{
|
|
int nIndex = 0;
|
|
// NOTE: rsop object array is sorted first by registry key, then by precedence
|
|
const CRSOPObjectArray* pObjectArray = m_fIsComputerType ?
|
|
pCompData->GetRSOPObjectArrayComputer () : pCompData->GetRSOPObjectArrayUser ();
|
|
INT_PTR nUpperBound = pObjectArray->GetUpperBound ();
|
|
|
|
while ( nUpperBound >= nIndex )
|
|
{
|
|
CRSOPObject* pObject = pObjectArray->GetAt (nIndex);
|
|
if ( pObject )
|
|
{
|
|
// security review 2/25/2002 BryanWal ok
|
|
if ( !_wcsicmp (CERT_TRUST_PUB_SAFER_GROUP_POLICY_REGPATH, pObject->GetRegistryKey ()) &&
|
|
!_wcsicmp (CERT_TRUST_PUB_AUTHENTICODE_FLAGS_VALUE_NAME, pObject->GetValueName ()) )
|
|
{
|
|
ASSERT (1 == pObject->GetPrecedence ());
|
|
m_dwTrustedPublisherFlags = pObject->GetDWORDValue ();
|
|
m_bRSOPValueFound = true;
|
|
break;
|
|
}
|
|
}
|
|
else
|
|
break;
|
|
|
|
nIndex++;
|
|
}
|
|
}
|
|
}
|