You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
775 lines
28 KiB
775 lines
28 KiB
//+---------------------------------------------------------------------------
|
|
//
|
|
// Microsoft Windows
|
|
// Copyright (C) Microsoft Corporation, 1997-2002.
|
|
//
|
|
// File: StoreGPE.cpp
|
|
//
|
|
// Contents: Implementation of CCertStoreGPE
|
|
//
|
|
//----------------------------------------------------------------------------
|
|
#include "stdafx.h"
|
|
#include <gpedit.h>
|
|
#include "cookie.h"
|
|
#include "storegpe.h"
|
|
#include "certifct.h"
|
|
|
|
USE_HANDLE_MACROS("CERTMGR(storegpe.cpp)")
|
|
|
|
#ifdef _DEBUG
|
|
#ifndef ALPHA
|
|
#define new DEBUG_NEW
|
|
#endif
|
|
#undef THIS_FILE
|
|
static char THIS_FILE[] = __FILE__;
|
|
#endif
|
|
|
|
GUID g_guidExtension = { 0xb1be8d72, 0x6eac, 0x11d2, {0xa4, 0xea, 0x00, 0xc0, 0x4f, 0x79, 0xf8, 0x3a }};
|
|
GUID g_guidRegExt = REGISTRY_EXTENSION_GUID;
|
|
GUID g_guidSnapin = CLSID_CertificateManager;
|
|
|
|
///////////////////////////////////////////////////////////////////////////////
|
|
///////////////////////////////////////////////////////////////////////////////
|
|
HRESULT CCertStoreGPE::Commit ()
|
|
{
|
|
_TRACE (1, L"Entering CCertStoreGPE::Commit - %s\n",
|
|
(LPCWSTR) m_pcszStoreName);
|
|
ASSERT (CERTMGR_LOG_STORE_GPE == m_objecttype);
|
|
HRESULT hr = S_OK;
|
|
|
|
|
|
if ( GetStoreType () == EFS_STORE && !m_fIsNullEFSPolicy )
|
|
{
|
|
if ( SUCCEEDED (hr) )
|
|
hr = WriteEFSBlobToRegistry ();
|
|
}
|
|
|
|
if ( SUCCEEDED (hr) && m_bDirty )
|
|
{
|
|
hr = CCertStore::Commit ();
|
|
ASSERT (SUCCEEDED (hr));
|
|
ASSERT (m_pGPEInformation);
|
|
if ( SUCCEEDED (hr) && m_pGPEInformation )
|
|
{
|
|
hr = m_pGPEInformation->PolicyChanged (
|
|
m_fIsComputerType ? TRUE : FALSE,
|
|
m_bAddInCallToPolicyChanged, &g_guidExtension, &g_guidSnapin );
|
|
hr = m_pGPEInformation->PolicyChanged (
|
|
m_fIsComputerType ? TRUE : FALSE,
|
|
m_bAddInCallToPolicyChanged, &g_guidRegExt, &g_guidSnapin );
|
|
ASSERT (SUCCEEDED (hr));
|
|
}
|
|
}
|
|
|
|
|
|
_TRACE (-1, L"Leaving CCertStoreGPE::Commit - %s\n",
|
|
(LPCWSTR) m_pcszStoreName);
|
|
return hr;
|
|
}
|
|
|
|
|
|
|
|
CCertStoreGPE::CCertStoreGPE (
|
|
DWORD dwFlags,
|
|
LPCWSTR lpcszMachineName,
|
|
LPCWSTR objectName,
|
|
const CString & pcszLogStoreName,
|
|
const CString & pcszPhysStoreName,
|
|
IGPEInformation * pGPTInformation,
|
|
const GUID& compDataGUID,
|
|
IConsole* pConsole)
|
|
: CCertStore (CERTMGR_LOG_STORE_GPE,
|
|
CERT_STORE_PROV_SYSTEM, dwFlags, lpcszMachineName, objectName,
|
|
pcszLogStoreName, pcszPhysStoreName,
|
|
StoreNameToType (pcszLogStoreName),
|
|
0,
|
|
pConsole),
|
|
m_pGPEInformation (pGPTInformation),
|
|
m_fIsNullEFSPolicy (true), // assume NULL policy until proven otherwise
|
|
m_hGroupPolicyKey (0),
|
|
m_bAddInCallToPolicyChanged (TRUE)
|
|
{
|
|
_TRACE (1, L"Entering CCertStoreGPE::CCertStoreGPE - %s\n",
|
|
(LPCWSTR) pcszLogStoreName);
|
|
ASSERT (CERTMGR_LOG_STORE_GPE == m_objecttype);
|
|
ASSERT (m_pGPEInformation);
|
|
if ( m_pGPEInformation )
|
|
{
|
|
m_pGPEInformation->AddRef ();
|
|
if ( ::IsEqualGUID (compDataGUID, NODEID_User) )
|
|
{
|
|
m_fIsComputerType = false;
|
|
m_dwFlags |= CERT_SYSTEM_STORE_CURRENT_USER_GROUP_POLICY;
|
|
}
|
|
else if ( ::IsEqualGUID (compDataGUID, NODEID_Machine) )
|
|
{
|
|
m_fIsComputerType = true;
|
|
m_dwFlags |= CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY;
|
|
}
|
|
else
|
|
ASSERT (0);
|
|
}
|
|
_TRACE (-1, L"Leaving CCertStoreGPE::CCertStoreGPE - %s\n",
|
|
(LPCWSTR) pcszLogStoreName);
|
|
}
|
|
|
|
|
|
CCertStoreGPE::~CCertStoreGPE ()
|
|
{
|
|
_TRACE (1, L"Entering CCertStoreGPE::~CCertStoreGPE - %s\n",
|
|
(LPCWSTR) m_pcszStoreName);;
|
|
ASSERT (CERTMGR_LOG_STORE_GPE == m_objecttype);
|
|
|
|
if ( m_hGroupPolicyKey )
|
|
RegCloseKey (m_hGroupPolicyKey);
|
|
|
|
if ( m_pGPEInformation )
|
|
{
|
|
m_pGPEInformation->Release ();
|
|
m_pGPEInformation = 0;
|
|
}
|
|
|
|
CERT_CONTEXT_PSID_STRUCT* pCert = 0;
|
|
while (!m_EFSCertList.IsEmpty () )
|
|
{
|
|
pCert = m_EFSCertList.RemoveHead ();
|
|
ASSERT (pCert);
|
|
if ( pCert )
|
|
delete pCert;
|
|
}
|
|
_TRACE (-1, L"Leaving CCertStoreGPE::~CCertStoreGPE - %s\n",
|
|
(LPCWSTR) m_pcszStoreName);
|
|
}
|
|
|
|
HCERTSTORE CCertStoreGPE::GetStoreHandle (BOOL bSilent /*= FALSE*/, HRESULT* phr /* = 0*/)
|
|
{
|
|
_TRACE (1, L"Entering CCertStoreGPE::GetStoreHandle - %s\n",
|
|
(LPCWSTR) m_pcszStoreName);
|
|
ASSERT (CERTMGR_LOG_STORE_GPE == m_objecttype);
|
|
CERT_SYSTEM_STORE_RELOCATE_PARA RelocatePara;
|
|
void* pvPara = 0;
|
|
|
|
if ( !m_hCertStore )
|
|
{
|
|
DWORD dwErr = 0;
|
|
|
|
if ( EFS_STORE == GetStoreType () && m_fIsNullEFSPolicy )
|
|
{
|
|
// Test to see if EFS key exists, if not, flag this as
|
|
// having no EFS policy and return.
|
|
HKEY hEFSKey = 0;
|
|
// security review 2/27/2002 BryanWal ok
|
|
LONG lResult = ::RegOpenKeyEx (GetGroupPolicyKey (), CERT_EFSBLOB_REGPATH, 0,
|
|
KEY_READ, &hEFSKey);
|
|
if ( ERROR_SUCCESS == lResult )
|
|
{
|
|
m_fIsNullEFSPolicy = false;
|
|
::RegCloseKey (hEFSKey);
|
|
}
|
|
else
|
|
return 0;
|
|
}
|
|
RelocatePara.hKeyBase = GetGroupPolicyKey ();
|
|
RelocatePara.pwszSystemStore = (LPCWSTR) m_pcszStoreName;
|
|
pvPara = (void*) &RelocatePara;
|
|
m_hCertStore = ::CertOpenStore (m_storeProvider,
|
|
X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, NULL,
|
|
m_dwFlags | CERT_STORE_SET_LOCALIZED_NAME_FLAG | CERT_STORE_MAXIMUM_ALLOWED_FLAG,
|
|
pvPara);
|
|
if ( !m_hCertStore )
|
|
{
|
|
dwErr = GetLastError ();
|
|
if ( phr )
|
|
*phr = HRESULT_FROM_WIN32 (dwErr);
|
|
m_hCertStore = ::CertOpenStore (m_storeProvider,
|
|
X509_ASN_ENCODING | PKCS_7_ASN_ENCODING, NULL,
|
|
m_dwFlags | CERT_STORE_READONLY_FLAG | CERT_STORE_SET_LOCALIZED_NAME_FLAG,
|
|
pvPara);
|
|
if ( m_hCertStore )
|
|
m_bReadOnly = true;
|
|
else
|
|
{
|
|
dwErr = GetLastError ();
|
|
if ( phr )
|
|
*phr = HRESULT_FROM_WIN32 (dwErr);
|
|
_TRACE (0, L"CertOpenStore (%s) failed: 0x%x\n",
|
|
(PCWSTR) m_pcszStoreName, dwErr);
|
|
}
|
|
}
|
|
|
|
if ( !m_hCertStore && !m_bUnableToOpenMsgDisplayed && !bSilent &&
|
|
(USERDS_STORE != GetStoreType ()) )
|
|
{
|
|
m_bUnableToOpenMsgDisplayed = true;
|
|
CString caption;
|
|
CString text;
|
|
int iRetVal = 0;
|
|
|
|
VERIFY (caption.LoadString (IDS_CERTIFICATE_MANAGER));
|
|
text.FormatMessage (IDS_UNABLE_TO_OPEN_STORE, GetStoreName (),
|
|
GetSystemMessage (dwErr));
|
|
if ( m_pConsole )
|
|
m_pConsole->MessageBox (text, caption, MB_OK | MB_ICONINFORMATION, &iRetVal);
|
|
}
|
|
}
|
|
|
|
_TRACE (-1, L"Leaving CCertStoreGPE::GetStoreHandle - %s\n",
|
|
(LPCWSTR) m_pcszStoreName);
|
|
|
|
return m_hCertStore;
|
|
}
|
|
|
|
bool CCertStoreGPE::CanContain(CertificateManagerObjectType nodeType)
|
|
{
|
|
_TRACE (1, L"Entering CCertStoreGPE::CanContain - %s\n",
|
|
(LPCWSTR) m_pcszStoreName);
|
|
ASSERT (CERTMGR_LOG_STORE_GPE == m_objecttype);
|
|
bool bCanContain = false;
|
|
|
|
switch (nodeType)
|
|
{
|
|
case CERTMGR_CERTIFICATE:
|
|
if ( ROOT_STORE == GetStoreType () ||
|
|
EFS_STORE == GetStoreType () )
|
|
{
|
|
bCanContain = true;
|
|
}
|
|
break;
|
|
|
|
case CERTMGR_CTL:
|
|
if ( TRUST_STORE == GetStoreType () )
|
|
{
|
|
bCanContain = true;
|
|
}
|
|
break;
|
|
|
|
default:
|
|
break;
|
|
}
|
|
|
|
_TRACE (-1, L"Leaving CCertStoreGPE::CanContain - %s\n",
|
|
(LPCWSTR) m_pcszStoreName);
|
|
return bCanContain;
|
|
}
|
|
|
|
|
|
bool CCertStoreGPE::IsMachineStore()
|
|
{
|
|
_TRACE (0, L"Entering and leaving CCertStoreGPE::IsMachineStore - %s\n",
|
|
(LPCWSTR) m_pcszStoreName);
|
|
ASSERT (CERTMGR_LOG_STORE_GPE == m_objecttype);
|
|
|
|
if (m_dwFlags & CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY)
|
|
return true;
|
|
else
|
|
return false;
|
|
}
|
|
|
|
|
|
HKEY CCertStoreGPE::GetGroupPolicyKey()
|
|
{
|
|
_TRACE (1, L"Entering CCertStoreGPE::GetGroupPolicyKey - %s\n",
|
|
(LPCWSTR) m_pcszStoreName);
|
|
ASSERT (CERTMGR_LOG_STORE_GPE == m_objecttype);
|
|
if ( !m_hGroupPolicyKey )
|
|
{
|
|
if ( m_fIsComputerType )
|
|
{
|
|
HRESULT hr = m_pGPEInformation->GetRegistryKey (GPO_SECTION_MACHINE,
|
|
&m_hGroupPolicyKey);
|
|
ASSERT (SUCCEEDED (hr));
|
|
}
|
|
else
|
|
{
|
|
HRESULT hr = m_pGPEInformation->GetRegistryKey (GPO_SECTION_USER,
|
|
&m_hGroupPolicyKey);
|
|
ASSERT (SUCCEEDED (hr));
|
|
}
|
|
}
|
|
|
|
_TRACE (-1, L"Leaving CCertStoreGPE::GetGroupPolicyKey - %s\n",
|
|
(LPCWSTR) m_pcszStoreName);
|
|
return m_hGroupPolicyKey;
|
|
}
|
|
|
|
IGPEInformation * CCertStoreGPE::GetGPEInformation() const
|
|
{
|
|
_TRACE (0, L"Entering and leaving CCertStoreGPE::GetGPEInformation - %s\n",
|
|
(LPCWSTR) m_pcszStoreName);
|
|
ASSERT (CERTMGR_LOG_STORE_GPE == m_objecttype);
|
|
return m_pGPEInformation;
|
|
}
|
|
|
|
HRESULT CCertStoreGPE::WriteEFSBlobToRegistry()
|
|
{
|
|
_TRACE (1, L"Entering CCertStoreGPE::WriteEFSBlobToRegistry - %s\n",
|
|
(LPCWSTR) m_pcszStoreName);
|
|
ASSERT (CERTMGR_LOG_STORE_GPE == m_objecttype);
|
|
HRESULT hr = S_OK;
|
|
|
|
if ( !m_fIsNullEFSPolicy )
|
|
{
|
|
HKEY hGroupPolicyKey = GetGroupPolicyKey ();
|
|
if ( hGroupPolicyKey )
|
|
{
|
|
DWORD dwDisposition = 0;
|
|
HKEY hKeyEFSBlob = 0;
|
|
int nCertCnt = GetCertCount ();
|
|
|
|
// security review 2/27/2002 BryanWal ok - reduce privilege requested
|
|
LONG lResult = ::RegCreateKeyEx (hGroupPolicyKey, // handle of an open key
|
|
CERT_EFSBLOB_REGPATH, // address of subkey name
|
|
0, // reserved
|
|
L"", // address of class string
|
|
REG_OPTION_NON_VOLATILE, // special options flag
|
|
KEY_SET_VALUE, // desired security access
|
|
NULL, // address of key security structure
|
|
&hKeyEFSBlob, // address of buffer for opened handle
|
|
&dwDisposition); // address of disposition value buffer
|
|
ASSERT (lResult == ERROR_SUCCESS);
|
|
if ( lResult == ERROR_SUCCESS )
|
|
{
|
|
try {
|
|
PEFS_PUBLIC_KEY_INFO* pEFSPKI = new PEFS_PUBLIC_KEY_INFO[nCertCnt];
|
|
DWORD* cbPKI = new DWORD[nCertCnt];
|
|
PRECOVERY_KEY_1_1* pRecoveryKey = new PRECOVERY_KEY_1_1[nCertCnt];
|
|
DWORD* cbRecoveryKey = new DWORD[nCertCnt];
|
|
PRECOVERY_POLICY_1_1 pRecoveryPolicy = 0;
|
|
DWORD cbRecoveryPolicy = 0;
|
|
BYTE* pData = 0;
|
|
DWORD cbData = 0;
|
|
int nActualCertCnt = 0;
|
|
PCCERT_CONTEXT pCertContext = 0;
|
|
|
|
if ( !pEFSPKI || ! cbPKI || ! pRecoveryKey || !cbRecoveryKey )
|
|
{
|
|
::RegCloseKey (hKeyEFSBlob);
|
|
hr = E_OUTOFMEMORY;
|
|
}
|
|
else
|
|
{
|
|
// security review 2/27/2002 BryanWal ok
|
|
::ZeroMemory (pEFSPKI, nCertCnt*sizeof (PEFS_PUBLIC_KEY_INFO));
|
|
::ZeroMemory (cbPKI, nCertCnt*sizeof (DWORD));
|
|
::ZeroMemory (pRecoveryKey, nCertCnt*sizeof (PRECOVERY_KEY_1_1));
|
|
::ZeroMemory (cbRecoveryKey, nCertCnt*sizeof (DWORD));
|
|
|
|
while ( 1 )
|
|
{
|
|
// Subsequent calls to CertEnumCertificatesInStore () free pCertContext. If
|
|
// we must break prematurely out of this loop, we must CertFreeCertificateContext ()
|
|
// explicitly on the last pCertContext
|
|
pCertContext = EnumCertificates (pCertContext);
|
|
if ( pCertContext )
|
|
{
|
|
hr = CreatePublicKeyInformationCertificate (
|
|
GetPSIDFromCert (pCertContext),
|
|
pCertContext->pbCertEncoded,
|
|
pCertContext->cbCertEncoded,
|
|
&pEFSPKI[nActualCertCnt],
|
|
&cbPKI[nActualCertCnt]);
|
|
if ( SUCCEEDED (hr) )
|
|
{
|
|
cbRecoveryKey[nActualCertCnt] = sizeof (ULONG) + cbPKI[nActualCertCnt];
|
|
pRecoveryKey[nActualCertCnt] = (PRECOVERY_KEY_1_1)
|
|
::LocalAlloc (LPTR, cbRecoveryKey[nActualCertCnt]);
|
|
if ( pRecoveryKey[nActualCertCnt] )
|
|
{
|
|
pRecoveryKey[nActualCertCnt]->TotalLength = cbRecoveryKey[nActualCertCnt];
|
|
// security review 2/27/2002 BryanWal ok
|
|
memcpy (&(pRecoveryKey[nActualCertCnt]->PublicKeyInfo),
|
|
pEFSPKI[nActualCertCnt],
|
|
cbPKI[nActualCertCnt]);
|
|
}
|
|
else
|
|
{
|
|
hr = E_OUTOFMEMORY;
|
|
::CertFreeCertificateContext (pCertContext);
|
|
break;
|
|
}
|
|
}
|
|
nActualCertCnt++;
|
|
if ( nActualCertCnt > nCertCnt )
|
|
{
|
|
ASSERT (0);
|
|
::CertFreeCertificateContext (pCertContext);
|
|
break;
|
|
}
|
|
}
|
|
else
|
|
break;
|
|
}
|
|
Close ();
|
|
ASSERT (nActualCertCnt == nCertCnt);
|
|
if ( SUCCEEDED (hr) )
|
|
{
|
|
|
|
cbRecoveryPolicy = sizeof (RECOVERY_POLICY_HEADER);
|
|
for (int nIndex = 0; nIndex < nActualCertCnt; nIndex++)
|
|
cbRecoveryPolicy += cbRecoveryKey[nIndex];
|
|
pRecoveryPolicy = (PRECOVERY_POLICY_1_1) ::LocalAlloc (LPTR, cbRecoveryPolicy);
|
|
if ( pRecoveryPolicy )
|
|
{
|
|
pRecoveryPolicy->RecoveryPolicyHeader.MajorRevision = EFS_RECOVERY_POLICY_MAJOR_REVISION_1;
|
|
pRecoveryPolicy->RecoveryPolicyHeader.MinorRevision = EFS_RECOVERY_POLICY_MINOR_REVISION_1;
|
|
pRecoveryPolicy->RecoveryPolicyHeader.RecoveryKeyCount = nActualCertCnt;
|
|
|
|
// Build array of variable size recovery keys.
|
|
BYTE* ptr = (BYTE*) pRecoveryPolicy->RecoveryKeyList;
|
|
for (int nIndex = 0; nIndex < nActualCertCnt; nIndex++)
|
|
{
|
|
// security review 2/27/2002 BryanWal ok
|
|
memcpy (ptr, pRecoveryKey[nIndex], cbRecoveryKey[nIndex]);
|
|
ptr += cbRecoveryKey[nIndex];
|
|
}
|
|
}
|
|
else
|
|
{
|
|
hr = E_OUTOFMEMORY;
|
|
}
|
|
|
|
if ( pRecoveryPolicy ) // otherwise, the value is set to 0
|
|
{
|
|
pData = (BYTE*) pRecoveryPolicy;
|
|
cbData = cbRecoveryPolicy;
|
|
}
|
|
lResult = ::RegSetValueEx (hKeyEFSBlob, // handle of key to set value for
|
|
CERT_EFSBLOB_VALUE_NAME, // address of value to set
|
|
0, // reserved
|
|
REG_BINARY, // flag for value type
|
|
pData, // address of value data
|
|
cbData); // size of value data
|
|
if ( lResult == ERROR_SUCCESS )
|
|
{
|
|
m_bDirty = true;
|
|
}
|
|
else
|
|
DisplaySystemError (NULL, lResult);
|
|
}
|
|
::RegCloseKey (hKeyEFSBlob);
|
|
hKeyEFSBlob = 0;
|
|
|
|
// Free all the allocated pointers in the arrays.
|
|
for (int nIndex = 0; nIndex < nActualCertCnt; nIndex++)
|
|
{
|
|
if ( pEFSPKI[nIndex] )
|
|
::LocalFree (pEFSPKI[nIndex]);
|
|
if ( pRecoveryKey[nIndex] )
|
|
::LocalFree (pRecoveryKey[nIndex]);
|
|
}
|
|
|
|
// Free the allocated arrays
|
|
if ( pEFSPKI )
|
|
delete [] pEFSPKI;
|
|
if ( cbPKI )
|
|
delete [] cbPKI;
|
|
if ( cbRecoveryKey )
|
|
delete [] cbRecoveryKey;
|
|
if ( pRecoveryKey )
|
|
delete [] pRecoveryKey;
|
|
|
|
if ( pRecoveryPolicy )
|
|
::LocalFree (pRecoveryPolicy);
|
|
}
|
|
}
|
|
|
|
catch (CMemoryException*)
|
|
{
|
|
if ( hKeyEFSBlob )
|
|
::RegCloseKey (hKeyEFSBlob);
|
|
}
|
|
}
|
|
else
|
|
{
|
|
hr = HRESULT_FROM_WIN32 (lResult);
|
|
DisplaySystemError (NULL, lResult);
|
|
}
|
|
if ( SUCCEEDED (hr) )
|
|
m_bDirty = true;
|
|
}
|
|
}
|
|
|
|
_TRACE (-1, L"Leaving CCertStoreGPE::WriteEFSBlobToRegistry - %s\n",
|
|
(LPCWSTR) m_pcszStoreName);
|
|
return hr;
|
|
}
|
|
|
|
|
|
#define POINTER_TO_OFFSET( Pointer, pBase ) (((PUCHAR)(Pointer)) - ((PUCHAR)(pBase)))
|
|
|
|
HRESULT CCertStoreGPE::CreatePublicKeyInformationCertificate(
|
|
IN PSID pUserSid OPTIONAL,
|
|
PBYTE pbCert,
|
|
DWORD cbCert,
|
|
OUT PEFS_PUBLIC_KEY_INFO * PublicKeyInformation,
|
|
DWORD* pcbPublicKeyInfo)
|
|
{
|
|
_TRACE (1, L"Entering CCertStoreGPE::CreatePublicKeyInformationCertificate - %s\n",
|
|
(LPCWSTR) m_pcszStoreName);
|
|
ASSERT (CERTMGR_LOG_STORE_GPE == m_objecttype);
|
|
ASSERT (PublicKeyInformation && pcbPublicKeyInfo);
|
|
ASSERT (pbCert);
|
|
if ( !PublicKeyInformation || !pcbPublicKeyInfo || !pbCert)
|
|
return E_POINTER;
|
|
|
|
DWORD userSidLength = 0;
|
|
PBYTE pBase = 0;
|
|
|
|
if (pUserSid != NULL)
|
|
{
|
|
userSidLength = GetLengthSid (pUserSid);
|
|
}
|
|
|
|
DWORD publicKeyInformationLength = sizeof( EFS_PUBLIC_KEY_INFO ) + userSidLength + cbCert;
|
|
|
|
//
|
|
// Allocate and fill in the PublicKeyInformation structure
|
|
//
|
|
|
|
*PublicKeyInformation = (PEFS_PUBLIC_KEY_INFO) ::LocalAlloc (LPTR, publicKeyInformationLength);
|
|
|
|
if ( !(*PublicKeyInformation) )
|
|
{
|
|
return ERROR_NOT_ENOUGH_MEMORY;
|
|
}
|
|
|
|
(*PublicKeyInformation)->Length = publicKeyInformationLength;
|
|
(*PublicKeyInformation)->KeySourceTag = (ULONG)EfsCertificate;
|
|
|
|
//
|
|
// Copy the string and SID data to the end of the structure.
|
|
//
|
|
|
|
pBase = (PBYTE) *PublicKeyInformation;
|
|
pBase = (PBYTE) pBase + sizeof (EFS_PUBLIC_KEY_INFO);
|
|
|
|
if (pUserSid != NULL)
|
|
{
|
|
(*PublicKeyInformation)->PossibleKeyOwner = (ULONG)POINTER_TO_OFFSET( pBase, *PublicKeyInformation );
|
|
// security review 2/27/2002 BryanWal ok
|
|
::CopySid( userSidLength, (PSID)pBase, pUserSid );
|
|
}
|
|
else
|
|
{
|
|
(*PublicKeyInformation)->PossibleKeyOwner = (ULONG)NULL;
|
|
}
|
|
|
|
pBase = ((PBYTE)pBase + userSidLength);
|
|
|
|
(*PublicKeyInformation)->CertificateInfo.CertificateLength = cbCert;
|
|
(*PublicKeyInformation)->CertificateInfo.Certificate = (ULONG)POINTER_TO_OFFSET( pBase, *PublicKeyInformation );
|
|
|
|
// security review 2/27/2002 BryanWal ok
|
|
memcpy (pBase, pbCert, cbCert );
|
|
*pcbPublicKeyInfo = publicKeyInformationLength;
|
|
|
|
_TRACE (-1, L"Leaving CCertStoreGPE::CreatePublicKeyInformationCertificate - %s\n",
|
|
(LPCWSTR) m_pcszStoreName);
|
|
return 0;
|
|
}
|
|
|
|
void CCertStoreGPE::AddCertToList(PCCERT_CONTEXT pCertContext, PSID userPSID)
|
|
{
|
|
_TRACE (1, L"Entering CCertStoreGPE::AddCertToList - %s\n",
|
|
(LPCWSTR) m_pcszStoreName);
|
|
ASSERT (CERTMGR_LOG_STORE_GPE == m_objecttype);
|
|
if ( pCertContext && userPSID )
|
|
{
|
|
CERT_CONTEXT_PSID_STRUCT* pCert = new CERT_CONTEXT_PSID_STRUCT (
|
|
pCertContext, userPSID);
|
|
if ( pCert )
|
|
{
|
|
m_EFSCertList.AddTail (pCert);
|
|
m_bDirty = true;
|
|
}
|
|
}
|
|
_TRACE (-1, L"Leaving CCertStoreGPE::AddCertToList - %s\n",
|
|
(LPCWSTR) m_pcszStoreName);
|
|
}
|
|
|
|
PSID CCertStoreGPE::GetPSIDFromCert (PCCERT_CONTEXT pCertContext)
|
|
{
|
|
_TRACE (1, L"Entering CCertStoreGPE::GetPSIDFromCert - %s\n",
|
|
(LPCWSTR) m_pcszStoreName);
|
|
ASSERT (CERTMGR_LOG_STORE_GPE == m_objecttype);
|
|
PSID pSID = 0;
|
|
CERT_CONTEXT_PSID_STRUCT* pCert = 0;
|
|
POSITION curPos = 0;
|
|
|
|
for (POSITION nextPos = m_EFSCertList.GetHeadPosition (); nextPos; )
|
|
{
|
|
curPos = nextPos;
|
|
pCert = m_EFSCertList.GetNext (nextPos);
|
|
if ( CertCompareCertificate (
|
|
X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
|
|
pCert->m_pCertContext->pCertInfo,
|
|
pCertContext->pCertInfo) )
|
|
{
|
|
pSID = pCert->m_psid;
|
|
break;
|
|
}
|
|
}
|
|
|
|
_TRACE (-1, L"Leaving CCertStoreGPE::GetPSIDFromCert - %s\n",
|
|
(LPCWSTR) m_pcszStoreName);
|
|
return pSID;
|
|
}
|
|
|
|
|
|
void CCertStoreGPE::FinalCommit()
|
|
{
|
|
_TRACE (1, L"Entering CCertStoreGPE::FinalCommit - %s\n",
|
|
(LPCWSTR) m_pcszStoreName);
|
|
ASSERT (CERTMGR_LOG_STORE_GPE == m_objecttype);
|
|
// Called only from destructor
|
|
// Cannot commit here for GPT: GPT has already freed all pertinent data
|
|
_TRACE (-1, L"Leaving CCertStoreGPE::FinalCommit - %s\n",
|
|
(LPCWSTR) m_pcszStoreName);
|
|
}
|
|
|
|
|
|
bool CCertStoreGPE::IsNullEFSPolicy()
|
|
{
|
|
_TRACE (1, L"Entering CCertStoreGPE::IsNullEFSPolicy - %s\n",
|
|
(LPCWSTR) m_pcszStoreName);
|
|
GetStoreHandle (); // to initialize
|
|
Close ();
|
|
_TRACE (-1, L"Leaving CCertStoreGPE::IsNullEFSPolicy - %s\n",
|
|
(LPCWSTR) m_pcszStoreName);
|
|
return m_fIsNullEFSPolicy;
|
|
}
|
|
|
|
void CCertStoreGPE::AllowEmptyEFSPolicy()
|
|
{
|
|
_TRACE (1, L"Entering CCertStoreGPE::AllowEmptyEFSPolicy - %s\n",
|
|
(LPCWSTR) m_pcszStoreName);
|
|
m_fIsNullEFSPolicy = false;
|
|
_TRACE (-1, L"Leaving CCertStoreGPE::AllowEmptyEFSPolicy - %s\n",
|
|
(LPCWSTR) m_pcszStoreName);
|
|
}
|
|
|
|
HRESULT CCertStoreGPE::AddCertificateContext(PCCERT_CONTEXT pContext, LPCONSOLE pConsole, bool bDeletePrivateKey)
|
|
{
|
|
_TRACE (1, L"Entering CCertStoreGPE::AddCertificateContext - %s\n",
|
|
(LPCWSTR) m_pcszStoreName);
|
|
HRESULT hr = S_OK;
|
|
AllowEmptyEFSPolicy ();
|
|
hr = CCertStore::AddCertificateContext (pContext, pConsole, bDeletePrivateKey);
|
|
|
|
_TRACE (-1, L"Leaving CCertStoreGPE::AddCertificateContext - %s\n",
|
|
(LPCWSTR) m_pcszStoreName);
|
|
return hr;
|
|
}
|
|
|
|
HRESULT CCertStoreGPE::DeleteEFSPolicy(bool bCommitChanges)
|
|
{
|
|
_TRACE (1, L"Entering CCertStoreGPE::DeleteEFSPolicy - %s\n",
|
|
(LPCWSTR) m_pcszStoreName);
|
|
ASSERT (EFS_STORE == GetStoreType ());
|
|
if ( EFS_STORE == GetStoreType () )
|
|
{
|
|
// If the store is open, close it first
|
|
if ( m_hCertStore )
|
|
{
|
|
CERT_CONTEXT_PSID_STRUCT* pCert = 0;
|
|
while (!m_EFSCertList.IsEmpty () )
|
|
{
|
|
pCert = m_EFSCertList.RemoveHead ();
|
|
ASSERT (pCert);
|
|
if ( pCert )
|
|
delete pCert;
|
|
}
|
|
|
|
VERIFY (::CertCloseStore (m_hCertStore, CERT_CLOSE_STORE_FORCE_FLAG)); //CERT_CLOSE_STORE_CHECK_FLAG);
|
|
m_hCertStore = 0;
|
|
}
|
|
|
|
LRESULT lResult = ::RegDelnode (GetGroupPolicyKey (), CERT_EFSBLOB_REGPATH);
|
|
if ( ERROR_SUCCESS == lResult )
|
|
{
|
|
m_fIsNullEFSPolicy = true;
|
|
m_bDirty = true;
|
|
|
|
if ( bCommitChanges )
|
|
{
|
|
m_bAddInCallToPolicyChanged = FALSE; // delete policy
|
|
Commit ();
|
|
m_bAddInCallToPolicyChanged = TRUE;
|
|
}
|
|
}
|
|
else
|
|
DisplaySystemError (NULL, (DWORD)lResult);
|
|
}
|
|
|
|
_TRACE (-1, L"Leaving CCertStoreGPE::DeleteEFSPolicy - %s\n",
|
|
(LPCWSTR) m_pcszStoreName);
|
|
return S_OK;
|
|
}
|
|
|
|
|
|
HRESULT CCertStoreGPE::PolicyChanged()
|
|
{
|
|
_TRACE (1, L"Entering CCertStoreGPE::PolicyChanged - %s\n",
|
|
(LPCWSTR) m_pcszStoreName);
|
|
HRESULT hr = E_FAIL;
|
|
|
|
if ( m_pGPEInformation )
|
|
{
|
|
hr = m_pGPEInformation->PolicyChanged (
|
|
m_fIsComputerType ? TRUE : FALSE,
|
|
m_bAddInCallToPolicyChanged, &g_guidExtension, &g_guidSnapin);
|
|
hr = m_pGPEInformation->PolicyChanged (
|
|
m_fIsComputerType ? TRUE : FALSE,
|
|
m_bAddInCallToPolicyChanged, &g_guidRegExt, &g_guidSnapin);
|
|
}
|
|
|
|
_TRACE (-1, L"Leaving CCertStoreGPE::PolicyChanged - %s\n",
|
|
(LPCWSTR) m_pcszStoreName);
|
|
return hr;
|
|
}
|
|
|
|
PCCERT_CONTEXT CCertStoreGPE::EnumCertificates (PCCERT_CONTEXT pPrevCertContext)
|
|
{
|
|
PCCERT_CONTEXT pCertContext = CCertStore::EnumCertificates (pPrevCertContext);
|
|
|
|
if ( pCertContext )
|
|
m_fIsNullEFSPolicy = false;
|
|
|
|
return pCertContext;
|
|
}
|
|
|
|
CERT_CONTEXT_PSID_STRUCT::CERT_CONTEXT_PSID_STRUCT (PCCERT_CONTEXT pCertContext, PSID psid) :
|
|
m_pCertContext (0),
|
|
m_psid (0)
|
|
{
|
|
if ( pCertContext && psid )
|
|
{
|
|
m_pCertContext = CertDuplicateCertificateContext (pCertContext);
|
|
DWORD dwSidSize = ::GetLengthSid (psid);
|
|
if ( dwSidSize > 0 )
|
|
{
|
|
m_psid = new BYTE[dwSidSize];
|
|
if ( m_psid )
|
|
{
|
|
// security review 2/27/2002 BryanWal ok
|
|
::ZeroMemory (m_psid, dwSidSize);
|
|
if ( !::CopySid (dwSidSize, m_psid, psid) )
|
|
{
|
|
ASSERT (0);
|
|
delete [] m_psid;
|
|
m_psid = 0;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
CERT_CONTEXT_PSID_STRUCT::~CERT_CONTEXT_PSID_STRUCT ()
|
|
{
|
|
if ( m_pCertContext )
|
|
::CertFreeCertificateContext (m_pCertContext);
|
|
if ( m_psid )
|
|
delete [] m_psid;
|
|
}
|
|
|
|
|