Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

359 lines
13 KiB

//+---------------------------------------------------------------------------
//
// Microsoft Windows
// Copyright (C) Microsoft Corporation, 2000-2002.
//
// File: SaferTrustedPublishersPropertyPage.h
//
// Contents: Declaration of CSaferTrustedPublishersPropertyPage
//
//----------------------------------------------------------------------------
// SaferTrustedPublishersPropertyPage.cpp : implementation file
//
#include "stdafx.h"
#include "certmgr.h"
#include <gpedit.h>
#include "compdata.h"
#include "SaferTrustedPublishersPropertyPage.h"
#ifdef _DEBUG
#define new DEBUG_NEW
#undef THIS_FILE
static char THIS_FILE[] = __FILE__;
#endif
extern GUID g_guidExtension;
extern GUID g_guidRegExt;
extern GUID g_guidSnapin;
/////////////////////////////////////////////////////////////////////////////
// CSaferTrustedPublishersPropertyPage property page
CSaferTrustedPublishersPropertyPage::CSaferTrustedPublishersPropertyPage(
bool fIsMachineType, IGPEInformation* pGPEInformation,
CCertMgrComponentData* pCompData)
: CHelpPropertyPage(CSaferTrustedPublishersPropertyPage::IDD),
m_pGPEInformation (pGPEInformation),
m_hGroupPolicyKey (0),
m_dwTrustedPublisherFlags (0),
m_fIsComputerType (fIsMachineType),
m_bRSOPValueFound (false),
m_pCompData (pCompData)
{
// NTRAID# 263969 Safer Windows: "Enterprise Administrators" radio
// button should be disabled on Trusted Publishers property sheet for
// computers in workgroups.
ASSERT (m_pCompData);
if ( m_pCompData )
{
m_pCompData->AddRef ();
m_pCompData->IncrementOpenSaferPageCount ();
}
if ( m_pGPEInformation )
{
m_pGPEInformation->AddRef ();
HRESULT hResult = m_pGPEInformation->GetRegistryKey (
m_fIsComputerType ? GPO_SECTION_MACHINE : GPO_SECTION_USER,
&m_hGroupPolicyKey);
ASSERT (SUCCEEDED (hResult));
if ( SUCCEEDED (hResult) )
GetTrustedPublisherFlags ();
}
else
RSOPGetTrustedPublisherFlags (pCompData);
//{{AFX_DATA_INIT(CSaferTrustedPublishersPropertyPage)
// NOTE: the ClassWizard will add member initialization here
//}}AFX_DATA_INIT
}
CSaferTrustedPublishersPropertyPage::~CSaferTrustedPublishersPropertyPage()
{
if ( m_hGroupPolicyKey )
RegCloseKey (m_hGroupPolicyKey);
if ( m_pGPEInformation )
{
m_pGPEInformation->Release ();
}
if ( m_pCompData )
{
m_pCompData->DecrementOpenSaferPageCount ();
m_pCompData->Release ();
m_pCompData = 0;
}
}
void CSaferTrustedPublishersPropertyPage::DoDataExchange(CDataExchange* pDX)
{
CHelpPropertyPage::DoDataExchange(pDX);
//{{AFX_DATA_MAP(CSaferTrustedPublishersPropertyPage)
// NOTE: the ClassWizard will add DDX and DDV calls here
//}}AFX_DATA_MAP
}
BEGIN_MESSAGE_MAP(CSaferTrustedPublishersPropertyPage, CHelpPropertyPage)
//{{AFX_MSG_MAP(CSaferTrustedPublishersPropertyPage)
ON_BN_CLICKED(IDC_TP_BY_END_USER, OnTpByEndUser)
ON_BN_CLICKED(IDC_TP_BY_LOCAL_COMPUTER_ADMIN, OnTpByLocalComputerAdmin)
ON_BN_CLICKED(IDC_TP_BY_ENTERPRISE_ADMIN, OnTpByEnterpriseAdmin)
ON_BN_CLICKED(IDC_TP_REV_CHECK_PUBLISHER, OnTpRevCheckPublisher)
ON_BN_CLICKED(IDC_TP_REV_CHECK_TIMESTAMP, OnTpRevCheckTimestamp)
//}}AFX_MSG_MAP
END_MESSAGE_MAP()
/////////////////////////////////////////////////////////////////////////////
// CSaferTrustedPublishersPropertyPage message handlers
void CSaferTrustedPublishersPropertyPage::DoContextHelp (HWND hWndControl)
{
_TRACE (1, L"Entering CSaferTrustedPublishersPropertyPage::DoContextHelp\n");
static const DWORD help_map[] =
{
IDC_TP_BY_END_USER, IDH_TP_BY_END_USER,
IDC_TP_BY_LOCAL_COMPUTER_ADMIN, IDH_TP_BY_LOCAL_COMPUTER_ADMIN,
IDC_TP_BY_ENTERPRISE_ADMIN, IDH_TP_BY_ENTERPRISE_ADMIN,
IDC_TP_REV_CHECK_PUBLISHER, IDH_TP_REV_CHECK_PUBLISHER,
IDC_TP_REV_CHECK_TIMESTAMP, IDH_TP_REV_CHECK_TIMESTAMP,
0, 0
};
switch (::GetDlgCtrlID (hWndControl))
{
case IDC_TP_BY_END_USER:
case IDC_TP_BY_LOCAL_COMPUTER_ADMIN:
case IDC_TP_BY_ENTERPRISE_ADMIN:
case IDC_TP_REV_CHECK_PUBLISHER:
case IDC_TP_REV_CHECK_TIMESTAMP:
if ( !::WinHelp (
hWndControl,
GetF1HelpFilename(),
HELP_WM_HELP,
(DWORD_PTR) help_map) )
{
_TRACE (0, L"WinHelp () failed: 0x%x\n", GetLastError ());
}
break;
default:
break;
}
_TRACE (-1, L"Leaving CSaferTrustedPublishersPropertyPage::DoContextHelp\n");
}
BOOL CSaferTrustedPublishersPropertyPage::OnInitDialog()
{
CHelpPropertyPage::OnInitDialog();
if ( m_dwTrustedPublisherFlags & CERT_TRUST_PUB_CHECK_PUBLISHER_REV_FLAG )
SendDlgItemMessage (IDC_TP_REV_CHECK_PUBLISHER, BM_SETCHECK, BST_CHECKED);
if ( m_dwTrustedPublisherFlags & CERT_TRUST_PUB_CHECK_TIMESTAMP_REV_FLAG )
SendDlgItemMessage (IDC_TP_REV_CHECK_TIMESTAMP, BM_SETCHECK, BST_CHECKED);
if ( m_dwTrustedPublisherFlags & CERT_TRUST_PUB_ALLOW_ENTERPRISE_ADMIN_TRUST )
SendDlgItemMessage (IDC_TP_BY_ENTERPRISE_ADMIN, BM_SETCHECK, BST_CHECKED);
else if ( m_dwTrustedPublisherFlags & CERT_TRUST_PUB_ALLOW_MACHINE_ADMIN_TRUST )
SendDlgItemMessage (IDC_TP_BY_LOCAL_COMPUTER_ADMIN, BM_SETCHECK, BST_CHECKED);
else
SendDlgItemMessage (IDC_TP_BY_END_USER, BM_SETCHECK, BST_CHECKED);
if ( !m_pGPEInformation )
{
// Is RSOP
GetDlgItem (IDC_TP_REV_CHECK_PUBLISHER)->EnableWindow (FALSE);
GetDlgItem (IDC_TP_REV_CHECK_TIMESTAMP)->EnableWindow (FALSE);
GetDlgItem (IDC_TP_BY_ENTERPRISE_ADMIN)->EnableWindow (FALSE);
GetDlgItem (IDC_TP_BY_LOCAL_COMPUTER_ADMIN)->EnableWindow (FALSE);
GetDlgItem (IDC_TP_BY_END_USER)->EnableWindow (FALSE);
}
// NTRAID# 263969 Safer Windows: "Enterprise Administrators" radio
// button should be disabled on Trusted Publishers property sheet for
// computers in workgroups.
if ( m_pCompData->ComputerIsStandAlone () )
GetDlgItem (IDC_TP_BY_ENTERPRISE_ADMIN)->EnableWindow (FALSE);
return TRUE; // return TRUE unless you set the focus to a control
// EXCEPTION: OCX Property Pages should return FALSE
}
void CSaferTrustedPublishersPropertyPage::GetTrustedPublisherFlags()
{
DWORD dwDisposition = 0;
HKEY hKey = 0;
LONG lResult = ::RegCreateKeyEx (m_hGroupPolicyKey, // handle of an open key
CERT_TRUST_PUB_SAFER_GROUP_POLICY_REGPATH, // address of subkey name
0, // reserved
L"", // address of class string
REG_OPTION_NON_VOLATILE, // special options flag
// security review 2/25/2002 BryanWal ok
KEY_QUERY_VALUE, // desired security access
NULL, // address of key security structure
&hKey, // address of buffer for opened handle
&dwDisposition); // address of disposition value buffer
ASSERT (lResult == ERROR_SUCCESS);
if ( lResult == ERROR_SUCCESS )
{
// Read value
DWORD dwType = REG_DWORD;
DWORD dwData = 0;
DWORD cbData = sizeof (dwData);
// security review 2/25/2002 BryanWal ok
lResult = ::RegQueryValueEx (hKey, // handle of key to query
CERT_TRUST_PUB_AUTHENTICODE_FLAGS_VALUE_NAME, // address of name of value to query
0, // reserved
&dwType, // address of buffer for value type
(LPBYTE) &dwData, // address of data buffer
&cbData); // address of data buffer size);
ASSERT (ERROR_SUCCESS == lResult || ERROR_FILE_NOT_FOUND == lResult);
if ( ERROR_SUCCESS == lResult || ERROR_FILE_NOT_FOUND == lResult )
{
if ( REG_DWORD == dwType )
m_dwTrustedPublisherFlags = dwData;
}
else
DisplaySystemError (m_hWnd, lResult);
RegCloseKey (hKey);
}
else
DisplaySystemError (m_hWnd, lResult);
}
void CSaferTrustedPublishersPropertyPage::OnTpByEndUser()
{
if ( m_dwTrustedPublisherFlags &
(CERT_TRUST_PUB_ALLOW_MACHINE_ADMIN_TRUST |
CERT_TRUST_PUB_ALLOW_ENTERPRISE_ADMIN_TRUST) )
{
m_dwTrustedPublisherFlags = 0;
SetModified ();
}
}
void CSaferTrustedPublishersPropertyPage::OnTpByLocalComputerAdmin()
{
if ( !(m_dwTrustedPublisherFlags & CERT_TRUST_PUB_ALLOW_MACHINE_ADMIN_TRUST) )
{
m_dwTrustedPublisherFlags = CERT_TRUST_PUB_ALLOW_MACHINE_ADMIN_TRUST;
SetModified ();
}
}
void CSaferTrustedPublishersPropertyPage::OnTpByEnterpriseAdmin()
{
if ( !(m_dwTrustedPublisherFlags & CERT_TRUST_PUB_ALLOW_ENTERPRISE_ADMIN_TRUST) )
{
m_dwTrustedPublisherFlags = CERT_TRUST_PUB_ALLOW_ENTERPRISE_ADMIN_TRUST;
SetModified ();
}
}
void CSaferTrustedPublishersPropertyPage::OnTpRevCheckPublisher()
{
SetModified ();
}
void CSaferTrustedPublishersPropertyPage::OnTpRevCheckTimestamp()
{
SetModified ();
}
BOOL CSaferTrustedPublishersPropertyPage::OnApply()
{
if ( m_pGPEInformation )
{
DWORD dwFlags = 0;
if ( BST_CHECKED == SendDlgItemMessage (IDC_TP_REV_CHECK_PUBLISHER, BM_GETCHECK) )
dwFlags |= CERT_TRUST_PUB_CHECK_PUBLISHER_REV_FLAG;
if ( BST_CHECKED == SendDlgItemMessage (IDC_TP_REV_CHECK_TIMESTAMP, BM_GETCHECK) )
dwFlags |= CERT_TRUST_PUB_CHECK_TIMESTAMP_REV_FLAG;
if ( BST_CHECKED == SendDlgItemMessage (IDC_TP_BY_ENTERPRISE_ADMIN, BM_GETCHECK) )
dwFlags |= CERT_TRUST_PUB_ALLOW_ENTERPRISE_ADMIN_TRUST;
else if ( BST_CHECKED == SendDlgItemMessage (IDC_TP_BY_LOCAL_COMPUTER_ADMIN, BM_GETCHECK) )
dwFlags |= CERT_TRUST_PUB_ALLOW_MACHINE_ADMIN_TRUST;
else
dwFlags |= CERT_TRUST_PUB_ALLOW_END_USER_TRUST;
HKEY hKey = 0;
DWORD dwDisposition = 0;
LONG lResult = ::RegCreateKeyEx (m_hGroupPolicyKey, // handle of an open key
CERT_TRUST_PUB_SAFER_GROUP_POLICY_REGPATH, // address of subkey name
0, // reserved
L"", // address of class string
REG_OPTION_NON_VOLATILE, // special options flag
// security review 2/25/2002 BryanWal ok
KEY_SET_VALUE, // desired security access
NULL, // address of key security structure
&hKey, // address of buffer for opened handle
&dwDisposition); // address of disposition value buffer
ASSERT (lResult == ERROR_SUCCESS);
if ( lResult == ERROR_SUCCESS )
{
DWORD cbData = sizeof (dwFlags);
lResult = ::RegSetValueEx (hKey,
CERT_TRUST_PUB_AUTHENTICODE_FLAGS_VALUE_NAME, // address of value to set
0, // reserved
REG_DWORD, // flag for value type
(CONST BYTE *) &dwFlags, // address of value data
cbData); // size of value data);
ASSERT (ERROR_SUCCESS == lResult);
if ( ERROR_SUCCESS == lResult )
{
// TRUE means we're changing the machine policy only
m_pGPEInformation->PolicyChanged (m_fIsComputerType ? TRUE : FALSE,
TRUE, &g_guidExtension, &g_guidSnapin);
m_pGPEInformation->PolicyChanged (m_fIsComputerType ? TRUE : FALSE,
TRUE, &g_guidRegExt, &g_guidSnapin);
}
else
DisplaySystemError (m_hWnd, lResult);
RegCloseKey (hKey);
}
}
return CHelpPropertyPage::OnApply();
}
void CSaferTrustedPublishersPropertyPage::RSOPGetTrustedPublisherFlags(const CCertMgrComponentData* pCompData)
{
if ( pCompData )
{
int nIndex = 0;
// NOTE: rsop object array is sorted first by registry key, then by precedence
const CRSOPObjectArray* pObjectArray = m_fIsComputerType ?
pCompData->GetRSOPObjectArrayComputer () : pCompData->GetRSOPObjectArrayUser ();
INT_PTR nUpperBound = pObjectArray->GetUpperBound ();
while ( nUpperBound >= nIndex )
{
CRSOPObject* pObject = pObjectArray->GetAt (nIndex);
if ( pObject )
{
// security review 2/25/2002 BryanWal ok
if ( !_wcsicmp (CERT_TRUST_PUB_SAFER_GROUP_POLICY_REGPATH, pObject->GetRegistryKey ()) &&
!_wcsicmp (CERT_TRUST_PUB_AUTHENTICODE_FLAGS_VALUE_NAME, pObject->GetValueName ()) )
{
ASSERT (1 == pObject->GetPrecedence ());
m_dwTrustedPublisherFlags = pObject->GetDWORDValue ();
m_bRSOPValueFound = true;
break;
}
}
else
break;
nIndex++;
}
}
}