Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

513 lines
15 KiB

//+---------------------------------------------------------------------------
//
// Microsoft Windows NT Security
// Copyright (C) Microsoft Corporation, 1997 - 2000
//
// File: extract.cpp
//
// Contents: Chain Cabinet Extraction
//
// Functions: ExtractAuthRootAutoUpdateCtlFromCab
//
// History: 11-Nov-00 philh Created
//
//----------------------------------------------------------------------------
#include <global.hxx>
#include <setupapi.h>
#include <dbgdef.h>
#include <userenv.h>
#define CHAIN_CHAR_LEN(sz) (sizeof(sz) / sizeof(sz[0]))
//+===========================================================================
// Extract helper functions
//============================================================================
//+-------------------------------------------------------------------------
// Allocate and read a blob from a file.
//
// The allocated bytes must be freed by calling PkiFree().
//--------------------------------------------------------------------------
BOOL WINAPI
ReadBlobFromFileA(
IN LPCSTR pszFileName,
OUT BYTE **ppb,
OUT DWORD *pcb
)
{
BOOL fResult;
HANDLE hFile;
BYTE *pb = NULL;
DWORD cb = 0;
DWORD cbRead = 0;
hFile = CreateFileA(
pszFileName,
GENERIC_READ,
FILE_SHARE_READ | FILE_SHARE_WRITE,
NULL, // lpsa
OPEN_EXISTING,
0, // fdwAttrsAndFlags
NULL // TemplateFile
);
if (INVALID_HANDLE_VALUE == hFile)
goto CreateFileError;
cb = GetFileSize(hFile, NULL);
if (0 == cb)
goto EmptyFile;
if (NULL == (pb = (BYTE *) PkiNonzeroAlloc(cb)))
goto OutOfMemory;
if (!ReadFile(hFile, pb, cb, &cbRead, NULL))
goto ReadFileError;
if (cbRead != cb)
goto InvalidFileLengthError;
fResult = TRUE;
CommonReturn:
if (INVALID_HANDLE_VALUE != hFile) {
DWORD dwLastErr = GetLastError();
CloseHandle(hFile);
SetLastError(dwLastErr);
}
*ppb = pb;
*pcb = cb;
return fResult;
ErrorReturn:
if (pb) {
PkiFree(pb);
pb = NULL;
}
cb = 0;
fResult = FALSE;
goto CommonReturn;
TRACE_ERROR(CreateFileError)
SET_ERROR(EmptyFile, ERROR_INVALID_DATA)
TRACE_ERROR(OutOfMemory)
TRACE_ERROR(ReadFileError)
SET_ERROR(InvalidFileLengthError, ERROR_INVALID_DATA)
}
//+-------------------------------------------------------------------------
// Write the blob to the specified file
//--------------------------------------------------------------------------
BOOL WINAPI
WriteBlobToFileA(
IN LPCSTR pszFileName,
IN const BYTE *pb,
IN DWORD cb
)
{
BOOL fResult;
HANDLE hFile;
DWORD cbWritten;
hFile = CreateFileA(
pszFileName,
GENERIC_WRITE,
0, // fdwShareMode
NULL, // lpsa
CREATE_ALWAYS,
0, // fdwAttrsAndFlags
0); // TemplateFile
if (INVALID_HANDLE_VALUE == hFile)
goto CreateFileError;
if (!WriteFile(hFile, pb, cb, &cbWritten, NULL))
goto WriteFileError;
fResult = TRUE;
CommonReturn:
if (INVALID_HANDLE_VALUE != hFile) {
DWORD dwLastErr = GetLastError();
CloseHandle(hFile);
SetLastError(dwLastErr);
}
return fResult;
ErrorReturn:
fResult = FALSE;
goto CommonReturn;
TRACE_ERROR(CreateFileError)
TRACE_ERROR(WriteFileError)
}
typedef struct _EXTRACT_CAB_FILE_CONTEXT_A {
LPCSTR pszFileInCab;
LPCSTR pszTempTargetFileName; // MAX_PATH array
BOOL fDidExtract;
} EXTRACT_CAB_FILE_CONTEXT_A, *PEXTRACT_CAB_FILE_CONTEXT_A;
//+-------------------------------------------------------------------------
// Callback called by SetupIterateCabinetA to extract the file.
//--------------------------------------------------------------------------
UINT CALLBACK
ExtractCabFileCallbackA(
IN PVOID Context,
IN UINT Notification,
IN UINT_PTR Param1,
IN UINT_PTR Param2
)
{
UINT uRet;
PEXTRACT_CAB_FILE_CONTEXT_A pCabFileContext =
(PEXTRACT_CAB_FILE_CONTEXT_A) Context;
switch (Notification) {
case SPFILENOTIFY_FILEINCABINET:
{
PFILE_IN_CABINET_INFO_A pInfo =
(PFILE_IN_CABINET_INFO_A) Param1;
if (0 == _stricmp(pCabFileContext->pszFileInCab,
pInfo->NameInCabinet)) {
strncpy(pInfo->FullTargetName,
pCabFileContext->pszTempTargetFileName,
CHAIN_CHAR_LEN(pInfo->FullTargetName));
pInfo->FullTargetName[
CHAIN_CHAR_LEN(pInfo->FullTargetName) - 1] = '\0';
uRet = FILEOP_DOIT;
} else
uRet = FILEOP_SKIP;
}
break;
case SPFILENOTIFY_FILEEXTRACTED:
{
PFILEPATHS_A pInfo = (PFILEPATHS_A) Param1;
uRet = pInfo->Win32Error;
if (NO_ERROR == uRet &&
0 == _stricmp(pCabFileContext->pszTempTargetFileName,
pInfo->Target))
pCabFileContext->fDidExtract = TRUE;
}
break;
default:
uRet = NO_ERROR;
}
return uRet;
}
typedef BOOL (WINAPI *PFN_SETUP_ITERATE_CABINET_A)(
IN PCSTR CabinetFile,
IN DWORD Reserved,
IN PSP_FILE_CALLBACK_A MsgHandler,
IN PVOID Context
);
//+-------------------------------------------------------------------------
// Load setupapi.dll and call SetupIterateCabinetA to extract and
// expand the specified file in the cab.
//--------------------------------------------------------------------------
BOOL WINAPI
ExtractFileFromCabFileA(
IN LPCSTR pszFileInCab,
IN const CHAR szTempCabFileName[MAX_PATH],
IN const CHAR szTempTargetFileName[MAX_PATH]
)
{
BOOL fResult;
HMODULE hDll = NULL;
PFN_SETUP_ITERATE_CABINET_A pfnSetupIterateCabinetA;
EXTRACT_CAB_FILE_CONTEXT_A CabFileContext;
if (NULL == (hDll = LoadLibraryA("setupapi.dll")))
goto LoadSetupApiDllError;
if (NULL == (pfnSetupIterateCabinetA =
(PFN_SETUP_ITERATE_CABINET_A) GetProcAddress(
hDll, "SetupIterateCabinetA")))
goto SetupIterateCabinetAProcAddressError;
memset(&CabFileContext, 0, sizeof(CabFileContext));
CabFileContext.pszFileInCab = pszFileInCab;
CabFileContext.pszTempTargetFileName = szTempTargetFileName;
if (!pfnSetupIterateCabinetA(
szTempCabFileName,
0, // Reserved
ExtractCabFileCallbackA,
&CabFileContext
))
goto SetupIterateCabinetError;
if (!CabFileContext.fDidExtract)
goto NoCabFileExtracted;
fResult = TRUE;
CommonReturn:
if (hDll) {
DWORD dwLastErr = GetLastError();
FreeLibrary(hDll);
SetLastError(dwLastErr);
}
return fResult;
ErrorReturn:
fResult = FALSE;
goto CommonReturn;
TRACE_ERROR(LoadSetupApiDllError)
TRACE_ERROR(SetupIterateCabinetAProcAddressError)
TRACE_ERROR(SetupIterateCabinetError)
SET_ERROR(NoCabFileExtracted, ERROR_FILE_NOT_FOUND)
}
typedef BOOL (WINAPI *PFN_EXPAND_ENVIRONMENT_STRINGS_FOR_USER_A)(
IN HANDLE hToken,
IN LPCSTR lpSrc,
OUT LPSTR lpDest,
IN DWORD dwSize
);
//+-------------------------------------------------------------------------
// Get the thread's temp directory. We may be doing thread impersonation.
//
// Returns 0 if unable to get a thread temp path
//--------------------------------------------------------------------------
DWORD WINAPI
I_GetThreadTempPathA(
OUT CHAR szTempPath[MAX_PATH]
)
{
DWORD cch;
HANDLE hToken = NULL;
HMODULE hDll = NULL;
PFN_EXPAND_ENVIRONMENT_STRINGS_FOR_USER_A
pfnExpandEnvironmentStringsForUserA;
if (!FIsWinNT5())
return 0;
if (!OpenThreadToken(
GetCurrentThread(),
TOKEN_QUERY | TOKEN_IMPERSONATE,
TRUE,
&hToken
))
// We aren't impersonating. Default to the system environment
// variables.
hToken = NULL;
if (NULL == (hDll = LoadLibraryA("userenv.dll")))
goto LoadUserenvDllError;
if (NULL == (pfnExpandEnvironmentStringsForUserA =
(PFN_EXPAND_ENVIRONMENT_STRINGS_FOR_USER_A) GetProcAddress(hDll,
"ExpandEnvironmentStringsForUserA")))
goto ExpandEnvironmentStringsForUserAProcAddressError;
szTempPath[0] = L'\0';
if (!pfnExpandEnvironmentStringsForUserA(
hToken,
"%Temp%\\",
szTempPath,
MAX_PATH - 1
) || '\0' == szTempPath[0])
goto ExpandTempError;
szTempPath[MAX_PATH - 1] = '\0';
cch = strlen(szTempPath);
CommonReturn:
if (hToken)
CloseHandle(hToken);
if (hDll)
FreeLibrary(hDll);
return cch;
ErrorReturn:
cch = 0;
goto CommonReturn;
TRACE_ERROR(LoadUserenvDllError)
TRACE_ERROR(ExpandEnvironmentStringsForUserAProcAddressError)
TRACE_ERROR(ExpandTempError)
}
//+-------------------------------------------------------------------------
// Extract, expand and allocate an in-memory blob for the specified
// file from the in-memory cab.
//
// The allocated bytes must be freed by calling PkiFree().
//--------------------------------------------------------------------------
BOOL WINAPI
ExtractBlobFromCabA(
IN const BYTE *pbCab,
IN DWORD cbCab,
IN LPCSTR pszFileInCab,
OUT BYTE **ppb,
OUT DWORD *pcb
)
{
BOOL fResult;
DWORD dwLastErr = 0;
BYTE *pb = NULL;
DWORD cb;
CHAR szTempPath[MAX_PATH];
CHAR szTempCabFileName[MAX_PATH]; szTempCabFileName[0] = '\0';
CHAR szTempTargetFileName[MAX_PATH]; szTempTargetFileName[0] = '\0';
DWORD cch;
// Get temp filenames for the cabinet and extracted target
cch = GetTempPathA(CHAIN_CHAR_LEN(szTempPath), szTempPath);
if (0 == cch || (CHAIN_CHAR_LEN(szTempPath) - 1) < cch)
goto GetTempPathError;
if (0 == GetTempFileNameA(szTempPath, "Cab", 0, szTempCabFileName)) {
dwLastErr = GetLastError();
// If we are doing thread impersonation, we may not have access to the
// process's temp directory. Try to get the impersonated thread's
// temp directory.
cch = I_GetThreadTempPathA(szTempPath);
if (0 != cch)
cch = GetTempFileNameA(szTempPath, "Cab", 0, szTempCabFileName);
if (0 == cch) {
SetLastError(dwLastErr);
szTempCabFileName[0] = '\0';
goto GetTempCabFileNameError;
}
}
szTempCabFileName[CHAIN_CHAR_LEN(szTempCabFileName) - 1] = '\0';
if (0 == GetTempFileNameA(szTempPath, "Tar", 0, szTempTargetFileName)) {
szTempTargetFileName[0] = '\0';
goto GetTempTargetFileNameError;
}
szTempTargetFileName[CHAIN_CHAR_LEN(szTempTargetFileName) - 1] = '\0';
// Write the cab bytes to the temporary cab file
if (!WriteBlobToFileA(szTempCabFileName, pbCab, cbCab))
goto WriteCabFileError;
// Extract the specified file from the temporary cab file
if (!ExtractFileFromCabFileA(
pszFileInCab, szTempCabFileName, szTempTargetFileName))
goto ExtractFileFromCabFileError;
// Read and allocate the bytes from the temporary target file
if (!ReadBlobFromFileA(szTempTargetFileName, &pb, &cb))
goto ReadTargetFileError;
fResult = TRUE;
CommonReturn:
// Delete the temp files
if ('\0' != szTempCabFileName)
DeleteFileA(szTempCabFileName);
if ('\0' != szTempTargetFileName)
DeleteFileA(szTempTargetFileName);
*ppb = pb;
*pcb = cb;
SetLastError(dwLastErr);
return fResult;
ErrorReturn:
dwLastErr = GetLastError();
if (pb) {
PkiFree(pb);
pb = NULL;
}
cb = 0;
fResult = FALSE;
goto CommonReturn;
TRACE_ERROR(GetTempPathError)
TRACE_ERROR(GetTempCabFileNameError)
TRACE_ERROR(GetTempTargetFileNameError)
TRACE_ERROR(WriteCabFileError)
TRACE_ERROR(ExtractFileFromCabFileError)
TRACE_ERROR(ReadTargetFileError)
}
//+---------------------------------------------------------------------------
//
// Function: ExtractAuthRootAutoUpdateCtlFromCab
//
// Synopsis: Extract the authroot.stl file from the cabinet blob
// and create the AuthRoot Auto Update CTL.
//
// Assumption: Chain engine isn't locked in the calling thread.
//
//----------------------------------------------------------------------------
PCCTL_CONTEXT WINAPI
ExtractAuthRootAutoUpdateCtlFromCab (
IN PCRYPT_BLOB_ARRAY pcbaCab
)
{
PCRYPT_DATA_BLOB pCabBlob;
PCCTL_CONTEXT pCtl = NULL;
BYTE *pbEncodedCtl = NULL;
DWORD cbEncodedCtl;
CERT_CREATE_CONTEXT_PARA CreateContextPara;
// Get the cab blob
pCabBlob = pcbaCab->rgBlob;
if (0 == pcbaCab->cBlob || 0 == pCabBlob->cbData)
goto InvalidCabBlob;
// Extract, expand and create an in-memory blob for the stl file in the
// in-memory cab
if (!ExtractBlobFromCabA(
pCabBlob->pbData,
pCabBlob->cbData,
CERT_AUTH_ROOT_CTL_FILENAME_A,
&pbEncodedCtl,
&cbEncodedCtl
))
goto ExtractStlFromCabError;
// Create the Ctl from the extracted bytes
memset(&CreateContextPara, 0, sizeof(CreateContextPara));
CreateContextPara.cbSize = sizeof(CreateContextPara);
CreateContextPara.pfnFree = PkiFree;
pCtl = (PCCTL_CONTEXT) CertCreateContext(
CERT_STORE_CTL_CONTEXT,
X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
pbEncodedCtl,
cbEncodedCtl,
CERT_CREATE_CONTEXT_NOCOPY_FLAG,
&CreateContextPara
);
// For NO_COPY_FLAG, pbEncodedCtl is always freed, even for an error
pbEncodedCtl = NULL;
if (NULL == pCtl)
goto CreateCtlError;
CommonReturn:
return pCtl;
ErrorReturn:
assert(NULL == pCtl);
if (pbEncodedCtl)
PkiFree(pbEncodedCtl);
goto CommonReturn;
SET_ERROR(InvalidCabBlob, ERROR_INVALID_DATA)
TRACE_ERROR(ExtractStlFromCabError)
TRACE_ERROR(CreateCtlError)
}