You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
282 lines
5.9 KiB
282 lines
5.9 KiB
//+---------------------------------------------------------------------------
|
|
//
|
|
// Microsoft Windows NT Security
|
|
// Copyright (C) Microsoft Corporation, 1997 - 1999
|
|
//
|
|
// File: defce.h
|
|
//
|
|
// Contents: Default Chain Engine Manager
|
|
//
|
|
// History: 21-Apr-98 kirtd Created
|
|
//
|
|
//----------------------------------------------------------------------------
|
|
#if !defined(__DEFCE_H__)
|
|
#define __DEFCE_H__
|
|
|
|
//
|
|
// Forward class declarations
|
|
//
|
|
|
|
class CDefaultChainEngineMgr;
|
|
class CImpersonationEngine;
|
|
|
|
//
|
|
// Class pointer definitions
|
|
//
|
|
|
|
typedef CDefaultChainEngineMgr* PCDEFAULTCHAINENGINEMGR;
|
|
typedef CImpersonationEngine* PCIMPERSONATIONENGINE;
|
|
|
|
//
|
|
// Some default definitions
|
|
//
|
|
|
|
#define DEFAULT_ENGINE_URL_RETRIEVAL_TIMEOUT 15000
|
|
|
|
//
|
|
// CDefaultChainEngineMgr. Manage the default chain engines
|
|
//
|
|
|
|
class CDefaultChainEngineMgr
|
|
{
|
|
public:
|
|
|
|
//
|
|
// Constructor
|
|
//
|
|
|
|
CDefaultChainEngineMgr ();
|
|
~CDefaultChainEngineMgr ();
|
|
|
|
//
|
|
// Initialization
|
|
//
|
|
|
|
BOOL Initialize ();
|
|
VOID Uninitialize ();
|
|
|
|
//
|
|
// Get default chain engines
|
|
//
|
|
|
|
BOOL GetDefaultEngine (
|
|
IN HCERTCHAINENGINE hDefaultHandle,
|
|
OUT HCERTCHAINENGINE* phDefaultEngine
|
|
);
|
|
|
|
BOOL GetDefaultLocalMachineEngine (
|
|
OUT HCERTCHAINENGINE* phDefaultEngine
|
|
);
|
|
|
|
BOOL GetDefaultCurrentUserEngine (
|
|
OUT HCERTCHAINENGINE* phDefaultEngine
|
|
);
|
|
|
|
//
|
|
// Flush default engines
|
|
//
|
|
|
|
VOID FlushDefaultEngine (IN HCERTCHAINENGINE hDefaultHandle);
|
|
|
|
private:
|
|
|
|
//
|
|
// Lock
|
|
//
|
|
|
|
CRITICAL_SECTION m_Lock;
|
|
|
|
//
|
|
// Local Machine Default Engine
|
|
//
|
|
|
|
HCERTCHAINENGINE m_hLocalMachineEngine;
|
|
|
|
//
|
|
// Process User Default Engine
|
|
//
|
|
|
|
HCERTCHAINENGINE m_hProcessUserEngine;
|
|
|
|
//
|
|
// Impersonated Users Default Engine Cache
|
|
//
|
|
|
|
HLRUCACHE m_hImpersonationCache;
|
|
|
|
//
|
|
// Private methods
|
|
//
|
|
|
|
BOOL GetDefaultCurrentImpersonatedUserEngine (
|
|
IN HANDLE hUserToken,
|
|
OUT HCERTCHAINENGINE* phDefaultEngine
|
|
);
|
|
|
|
BOOL IsImpersonatingUser (
|
|
OUT HANDLE* phUserToken
|
|
);
|
|
|
|
BOOL GetTokenId (
|
|
IN HANDLE hUserToken,
|
|
OUT PCRYPT_DATA_BLOB pTokenId
|
|
);
|
|
|
|
VOID FreeTokenId (
|
|
IN PCRYPT_DATA_BLOB pTokenId
|
|
);
|
|
|
|
BOOL FindImpersonationEngine (
|
|
IN PCRYPT_DATA_BLOB pTokenId,
|
|
OUT PCIMPERSONATIONENGINE* ppEngine
|
|
);
|
|
|
|
// NOTE: The impersonation engine accepts ownership of the chain engine
|
|
// upon success
|
|
BOOL CreateImpersonationEngine (
|
|
IN PCRYPT_DATA_BLOB pTokenId,
|
|
IN HCERTCHAINENGINE hChainEngine,
|
|
OUT PCIMPERSONATIONENGINE* ppEngine
|
|
);
|
|
|
|
VOID AddToImpersonationCache (
|
|
IN PCIMPERSONATIONENGINE pEngine
|
|
);
|
|
};
|
|
|
|
VOID WINAPI
|
|
DefaultChainEngineMgrOnImpersonationEngineRemoval (
|
|
IN LPVOID pv,
|
|
IN LPVOID pvRemovalContext
|
|
);
|
|
|
|
DWORD WINAPI
|
|
DefaultChainEngineMgrHashTokenIdentifier (
|
|
IN PCRYPT_DATA_BLOB pIdentifier
|
|
);
|
|
|
|
#define DEFAULT_IMPERSONATION_CACHE_BUCKETS 3
|
|
#define MAX_IMPERSONATION_CACHE_ENTRIES 3
|
|
|
|
//
|
|
// CImpersonationEngine, simply a ref-counted chain engine handle which
|
|
// can be added to the LRU cache
|
|
//
|
|
|
|
class CImpersonationEngine
|
|
{
|
|
public:
|
|
|
|
//
|
|
// Constructor
|
|
//
|
|
|
|
CImpersonationEngine (
|
|
IN HLRUCACHE hCache,
|
|
IN HCERTCHAINENGINE hChainEngine,
|
|
IN PCRYPT_DATA_BLOB pTokenId,
|
|
OUT BOOL& rfResult
|
|
);
|
|
|
|
~CImpersonationEngine ();
|
|
|
|
//
|
|
// Reference counting
|
|
//
|
|
|
|
inline VOID AddRef ();
|
|
inline VOID Release ();
|
|
|
|
//
|
|
// Access to the chain engine
|
|
//
|
|
|
|
inline HCERTCHAINENGINE ChainEngine ();
|
|
|
|
//
|
|
// Access to the LRU entry handle
|
|
//
|
|
|
|
inline HLRUENTRY LruEntry ();
|
|
|
|
private:
|
|
|
|
//
|
|
// Reference count
|
|
//
|
|
|
|
ULONG m_cRefs;
|
|
|
|
//
|
|
// Chain Engine
|
|
//
|
|
|
|
HCERTCHAINENGINE m_hChainEngine;
|
|
|
|
//
|
|
// LRU entry handle
|
|
//
|
|
|
|
HLRUENTRY m_hLruEntry;
|
|
};
|
|
|
|
//
|
|
// Inline methods
|
|
//
|
|
|
|
//+---------------------------------------------------------------------------
|
|
//
|
|
// Member: CImpersonationEngine::AddRef, public
|
|
//
|
|
// Synopsis: add a reference to the object
|
|
//
|
|
//----------------------------------------------------------------------------
|
|
inline VOID
|
|
CImpersonationEngine::AddRef ()
|
|
{
|
|
InterlockedIncrement( (LONG *)&m_cRefs );
|
|
}
|
|
|
|
//+---------------------------------------------------------------------------
|
|
//
|
|
// Member: CImpersonationEngine::Release, public
|
|
//
|
|
// Synopsis: release a reference on the object
|
|
//
|
|
//----------------------------------------------------------------------------
|
|
inline VOID
|
|
CImpersonationEngine::Release ()
|
|
{
|
|
if ( InterlockedDecrement( (LONG *)&m_cRefs ) == 0 )
|
|
{
|
|
delete this;
|
|
}
|
|
}
|
|
|
|
//+---------------------------------------------------------------------------
|
|
//
|
|
// Member: CImpersonationEngine::ChainEngine, public
|
|
//
|
|
// Synopsis: return the cert chain engine
|
|
//
|
|
//----------------------------------------------------------------------------
|
|
inline HCERTCHAINENGINE
|
|
CImpersonationEngine::ChainEngine ()
|
|
{
|
|
return( m_hChainEngine );
|
|
}
|
|
|
|
//+---------------------------------------------------------------------------
|
|
//
|
|
// Member: CImpersonationEngine::LruEntry, public
|
|
//
|
|
// Synopsis: return the LRU entry handle
|
|
//
|
|
//----------------------------------------------------------------------------
|
|
inline HLRUENTRY
|
|
CImpersonationEngine::LruEntry ()
|
|
{
|
|
return( m_hLruEntry );
|
|
}
|
|
|
|
#endif
|