Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

1457 lines
48 KiB

// Map11Pge.cpp : implementation file
//
// Certificate mappings storage has changed for IIS6.
// CERTMAP.OCX however has to support downlevel admin
// of IIS5, IIS5.1
//
// NSEPM support was removed from IIS6 and 1to1 client certificate
// mapping information is now stored under <site>/Cert11/Mappings
// node directly in the metabase
// Functions with IIS6 postfix access new location
// for 1to1 client certificate mappings storage
#include "stdafx.h"
#include <iadmw.h>
#include "certmap.h"
// persistence and mapping includes
#include "WrapMaps.h"
//#include "wrpprsis.h"
//#include "admutil.h"
#include "ListRow.h"
#include "ChkLstCt.h"
#include "wrapmb.h"
// mapping page includes
#include "brwsdlg.h"
#include "EdtOne11.h"
#include "Ed11Maps.h"
#include "Map11Pge.h"
#include "CrackCrt.h"
#include <iiscnfgp.h>
//#include "WrpMBWrp.h"
#ifdef _DEBUG
#define new DEBUG_NEW
#undef THIS_FILE
static char THIS_FILE[] = __FILE__;
#endif
#define COL_NUM_ENABLED 0
#define COL_NUM_NAME 1
#define COL_NUM_NTACCOUNT 2
#define MB_EXTEND_KEY _T("Cert11")
#define MB_EXTEND_KEY_MAPS _T("Cert11/Mappings")
/////////////////////////////////////////////////////////////////////////////
// CMap11Page property page
IMPLEMENT_DYNCREATE(CMap11Page, CPropertyPage)
CMap11Page::CMap11Page() : CPropertyPage(CMap11Page::IDD),
m_MapsInMetabase( 0 )
{
//{{AFX_DATA_INIT(CMap11Page)
m_csz_i_c = _T("");
m_csz_i_o = _T("");
m_csz_i_ou = _T("");
m_csz_s_c = _T("");
m_csz_s_cn = _T("");
m_csz_s_l = _T("");
m_csz_s_o = _T("");
m_csz_s_ou = _T("");
m_csz_s_s = _T("");
m_fIsIIS6 = TRUE;
//}}AFX_DATA_INIT
}
CMap11Page::~CMap11Page()
{
ResetMappingList();
}
void CMap11Page::DoDataExchange(CDataExchange* pDX)
{
CPropertyPage::DoDataExchange(pDX);
//{{AFX_DATA_MAP(CMap11Page)
DDX_Control(pDX, IDC_ADD, m_cbutton_add);
DDX_Control(pDX, IDC_ISSUER, m_cbutton_grp_issuer);
DDX_Control(pDX, IDC_ISSUED_TO, m_cbutton_grp_issuedto);
DDX_Control(pDX, IDC_LIST, m_clistctrl_list);
DDX_Control(pDX, IDC_EDIT_11MAP, m_cbutton_editmap);
DDX_Control(pDX, IDC_DELETE, m_cbutton_delete);
DDX_Text(pDX, IDC_I_C, m_csz_i_c);
DDX_Text(pDX, IDC_I_O, m_csz_i_o);
DDX_Text(pDX, IDC_I_OU, m_csz_i_ou);
DDX_Text(pDX, IDC_S_C, m_csz_s_c);
DDX_Text(pDX, IDC_S_CN, m_csz_s_cn);
DDX_Text(pDX, IDC_S_L, m_csz_s_l);
DDX_Text(pDX, IDC_S_O, m_csz_s_o);
DDX_Text(pDX, IDC_S_OU, m_csz_s_ou);
DDX_Text(pDX, IDC_S_S, m_csz_s_s);
//}}AFX_DATA_MAP
}
BEGIN_MESSAGE_MAP(CMap11Page, CPropertyPage)
//{{AFX_MSG_MAP(CMap11Page)
ON_BN_CLICKED(IDC_ADD, OnAdd)
ON_BN_CLICKED(IDC_DELETE, OnDelete)
ON_BN_CLICKED(IDC_EDIT_11MAP, OnEdit11map)
ON_NOTIFY(LVN_ITEMCHANGED, IDC_LIST, OnItemchangedList)
ON_NOTIFY(NM_DBLCLK, IDC_LIST, OnDblclkList)
//}}AFX_MSG_MAP
ON_COMMAND(ID_HELP_FINDER, DoHelp)
ON_COMMAND(ID_HELP, DoHelp)
ON_COMMAND(ID_CONTEXT_HELP, DoHelp)
ON_COMMAND(ID_DEFAULT_HELP, DoHelp)
END_MESSAGE_MAP()
//---------------------------------------------------------------------------
void CMap11Page::DoHelp()
{
WinHelpDebug(HIDD_CERTMAP_MAIN_BASIC);
WinHelp( HIDD_CERTMAP_MAIN_BASIC );
}
/////////////////////////////////////////////////////////////////////////////
// initialization routines
//---------------------------------------------------------------------------
// FInitMapper is called by the routine instantiating this page. After the object
// is first created is when it is called. It allows us to fail gracefully.
BOOL CMap11Page::FInit(IMSAdminBase* pMB)
{
m_pMB = pMB;
// check if it's for older than iis6 version
m_fIsIIS6 = TRUE;
if (IsLegacyMetabase(pMB)){m_fIsIIS6 = FALSE;}
if ( !m_fIsIIS6 )
{
// IIS5.1 and older saved cert mappings through NSEPM
m_szMBPath = m_szMBPath + SZ_NAMESPACE_EXTENTION;
}
// this has become a simple place
return TRUE;
}
//---------------------------------------------------------------------------
BOOL CMap11Page::OnInitDialog()
{
//call the parental oninitdialog
BOOL f = CPropertyPage::OnInitDialog();
// if the initinalization (sp?) succeeded, init the list and other items
if ( f )
{
// init the contents of the list
FInitMappingList();
// Fill the mapping list with the stored items
FillMappingList();
// set the initial button states
EnableDependantButtons();
}
// set any changes in the info into place
UpdateData(FALSE);
// return the answer
return f;
}
//---------------------------------------------------------------------------
BOOL CMap11Page::FInitMappingList()
{
CString sz;
int i;
// setup the friendly name column
sz.Empty();
i = m_clistctrl_list.InsertColumn( COL_NUM_ENABLED, sz, LVCFMT_LEFT, 20 );
// setup the friendly name column
sz.LoadString( IDS_LIST11_NAME );
i = m_clistctrl_list.InsertColumn( COL_NUM_NAME, sz, LVCFMT_LEFT, 105 );
// setup the account column
sz.LoadString( IDS_LIST11_ACCOUNT );
i = m_clistctrl_list.InsertColumn( COL_NUM_NTACCOUNT, sz, LVCFMT_LEFT, 195 );
return TRUE;
}
//---------------------------------------------------------------------------
BOOL CMap11Page::FillMappingList()
{
// reset the mapping list - get rid of anything in there now
ResetMappingList();
// read in the mappings - it adds them to the list
FReadMappings();
return TRUE;
}
//---------------------------------------------------------------------------
//BOOL CMap11Page::FAddMappingToList( C11Mapping* pMap, DWORD iList )
BOOL CMap11Page::FAddMappingToList( C11Mapping* pMap )
{
CString sz;
int i;
DWORD iList;
// if requested, make sure the mapping is added to the end of the list
iList = m_clistctrl_list.GetItemCount();
// get the appropriate "enabled" string
BOOL fEnabled;
pMap->GetMapEnabled( &fEnabled );
if ( fEnabled )
sz.LoadString( IDS_ENABLED );
else
sz.Empty();
// add the friendly name of the mapping
// create the new entry in the list box. Do not sort on this entry - yet
i = m_clistctrl_list.InsertItem( iList, sz );
// add the friendly name of the mapping
pMap->GetMapName( sz );
// create the new entry in the list box. Do not sort on this entry - yet
m_clistctrl_list.SetItemText( i, COL_NUM_NAME, sz );
// add the account name of the mapping
pMap->GetNTAccount( sz );
m_clistctrl_list.SetItemText( i, COL_NUM_NTACCOUNT, sz );
// attach the pointer to the mapping as the private data in the list.
m_clistctrl_list.SetItemData( i, (UINT_PTR)pMap );
// return whether or not the insertion succeeded
return TRUE;
}
//---------------------------------------------------------------------------
void CMap11Page::EnableDependantButtons()
{
// the whole purpose of this routine is to gray or activate
// the edit and delete buttons depending on whether or not anything
// is selected. So start by getting the selection count
if ( m_clistctrl_list.GetSelectedCount() > 0 )
{
// there are items selected
m_cbutton_editmap.EnableWindow( TRUE );
m_cbutton_delete.EnableWindow( TRUE );
EnableCrackDisplay( TRUE );
}
else
{
// nope. Nothing selected
m_cbutton_editmap.EnableWindow( FALSE );
m_cbutton_delete.EnableWindow( FALSE );
}
// always enable the add button
m_cbutton_add.EnableWindow( TRUE );
}
//---------------------------------------------------------------------------
BOOL CMap11Page::EditOneMapping( C11Mapping* pUpdateMap )
{
CEditOne11MapDlg mapdlg;
// prepare the mapping dialog
pUpdateMap->GetMapName( mapdlg.m_sz_mapname );
pUpdateMap->GetMapEnabled( &mapdlg.m_bool_enable );
pUpdateMap->GetNTAccount( mapdlg.m_sz_accountname );
pUpdateMap->GetNTPassword( mapdlg.m_sz_password );
// run the mapping dialog
if ( mapdlg.DoModal() == IDOK )
{
// update its friendly name
pUpdateMap->SetMapName( mapdlg.m_sz_mapname );
// set the NT account field of the mapping object
pUpdateMap->SetNTAccount( mapdlg.m_sz_accountname );
// set the NT account password field of the mapping object
CString csTempString;
mapdlg.m_sz_password.CopyTo(csTempString);
pUpdateMap->SetNTPassword( csTempString );
// set whether or not the mapping is enabled
pUpdateMap->SetMapEnabled( mapdlg.m_bool_enable );
// NOTE: the caller is resposible for calling UpdateMappingInDispList
// as the mapping in question may not yet be in the display list
// this mapping has changed. Mark it to be saved
MarkToSave( pUpdateMap );
// return true because the user said "OK"
return TRUE;
}
// return FALSE because the user did not say "OK"
return FALSE;
}
//---------------------------------------------------------------------------
BOOL CMap11Page::EditMultipleMappings()
{
CEdit11Mappings mapdlg;
C11Mapping* pUpdate11Map;
BOOL fSetInitialState = FALSE;
BOOL fEnable;
// scan the list of seleted items for the proper initial enable button state
// loop through the selected items, setting each one's mapping
int iList = -1;
while( (iList = m_clistctrl_list.GetNextItem( iList, LVNI_SELECTED )) >= 0 )
{
// get the mapping item for updating purposes
pUpdate11Map = GetMappingInDisplay( iList );
ASSERT( pUpdate11Map );
if ( !pUpdate11Map )
{
AfxMessageBox( IDS_ERR_ACCESS_MAPPING );
break;
}
// get the enable state of the mapping
pUpdate11Map->GetMapEnabled( &fEnable );
// if this is the first time, just set the initial state
if ( !fSetInitialState )
{
mapdlg.m_int_enable = fEnable;
fSetInitialState = TRUE;
}
else
{
// if it is different, then go indeterminate and break
if ( fEnable != mapdlg.m_int_enable )
{
mapdlg.m_int_enable = 2;
break;
}
}
}
// run the mapping dialog
if ( mapdlg.DoModal() == IDOK )
{
// loop through the selected items, setting each one's mapping
int iList = -1;
while( (iList = m_clistctrl_list.GetNextItem( iList, LVNI_SELECTED )) >= 0 )
{
// get the mapping item for updating purposes
pUpdate11Map = GetMappingInDisplay( iList );
if ( !pUpdate11Map )
{
AfxMessageBox( IDS_ERR_ACCESS_MAPPING );
break;
}
// set the enable flag if requested
switch ( mapdlg.m_int_enable )
{
case 0: // disable
pUpdate11Map->SetMapEnabled( FALSE );
break;
case 1: // enable
pUpdate11Map->SetMapEnabled( TRUE );
break;
}
// set the NT account field of the mapping object
pUpdate11Map->SetNTAccount( mapdlg.m_sz_accountname );
// set the NT account password field of the mapping object
CString csTempString;
mapdlg.m_sz_password.CopyTo(csTempString);
pUpdate11Map->SetNTPassword( csTempString );
// update it in the list control too
UpdateMappingInDispList( iList, pUpdate11Map );
// this mapping has changed. Mark it to be saved
MarkToSave( pUpdate11Map );
}
// activate the apply button
SetModified();
// return true because the user said "OK"
return TRUE;
}
// return FALSE because the user did not say "OK"
return FALSE;
}
//---------------------------------------------------------------------------
void CMap11Page::UpdateMappingInDispList( DWORD iList, C11Mapping* pMap )
{
CString sz;
// verify the index and the pointer!
ASSERT( pMap == GetMappingInDisplay(iList) );
// get the appropriate "enabled" string
BOOL fEnabled;
pMap->GetMapEnabled( &fEnabled );
if ( fEnabled )
sz.LoadString( IDS_ENABLED );
else
sz.Empty();
// update the "Enabled" indicator
m_clistctrl_list.SetItemText( iList, COL_NUM_ENABLED, sz );
// update the mapping name
pMap->GetMapName( sz );
m_clistctrl_list.SetItemText( iList, COL_NUM_NAME, sz );
// update the account name
pMap->GetNTAccount( sz );
m_clistctrl_list.SetItemText( iList, COL_NUM_NTACCOUNT, sz );
}
//---------------------------------------------------------------------------
void CMap11Page::ResetMappingList()
{
// first, delete all the mapping objects in the list
DWORD cbList = m_clistctrl_list.GetItemCount();
for ( DWORD iList = 0; iList < cbList; iList++ )
DeleteMapping( GetMappingInDisplay(iList) );
// reset the mapping list - get rid of anything in there now
m_clistctrl_list.DeleteAllItems();
}
//---------------------------------------------------------------------------
void CMap11Page::MarkToSave( C11Mapping* pSaveMap, BOOL fSave )
{
// first, we see if it is already in the list. If it is, we have nothing to do
// unless fSave is set to false, then we remove it from the list
DWORD cbItemsInList = (DWORD)m_rgbSave.GetSize();
for ( DWORD i = 0; i < cbItemsInList; i++ )
{
if ( pSaveMap == (C11Mapping*)m_rgbSave[i] )
{
// go away if fSave, otherwise, double check it isn't
// anywhere else in the list
if ( fSave )
{
return;
}
else
{
// remove the item from the list
m_rgbSave.RemoveAt(i);
// don't skip now as the list slid down
cbItemsInList--;
i--;
}
}
}
// since it is not there, we should add it, if fSave is true
if ( fSave )
m_rgbSave.Add( (CObject*)pSaveMap );
}
/////////////////////////////////////////////////////////////////////////////
// CMap11Page message handlers
//---------------------------------------------------------------------------
void CMap11Page::OnOK()
{
// this has gotten much simpler
FWriteMappings();
CPropertyPage::OnOK();
}
//---------------------------------------------------------------------------
BOOL CMap11Page::OnApply()
{
// this has gotten much simpler
BOOL f = FWriteMappings();
// rebuild the display
FillMappingList();
return f;
}
//---------------------------------------------------------------------------
// when the user pushes the add button, ask them to load a certificate, then
// add it to the list as a mapping
void CMap11Page::OnAdd()
{
// put this in a try/catch to make errors easier to deal with
try {
CString szFilter;
szFilter.LoadString( IDS_KEY_OR_CERT_FILE_FILTER );
// prepare the file dialog variables
CFileDialog cfdlg(TRUE, NULL, NULL,
OFN_FILEMUSTEXIST | OFN_PATHMUSTEXIST | OFN_HIDEREADONLY,
(LPCTSTR)szFilter);
// Disable hook to get Windows 2000 style dialog
cfdlg.m_ofn.Flags &= ~(OFN_ENABLEHOOK);
// run the dialog
if ( cfdlg.DoModal() == IDOK )
{
// add the certificate to the mapping list
if ( FAddCertificateFile( cfdlg.GetPathName() ) )
{
// activate the apply button
SetModified();
}
}
}
catch ( CException * pException )
{
pException->Delete();
}
}
//---------------------------------------------------------------------------
void CMap11Page::OnDelete()
{
C11Mapping* pKillMap;
// ask the user to confirm this decision
if ( AfxMessageBox(IDS_CONFIRM_DELETE, MB_OKCANCEL) != IDOK )
return;
// loop through the selected items. Remove each from the list,
// then mark it to be deleted.
int iList = -1;
while( (iList = m_clistctrl_list.GetNextItem( -1, LVNI_SELECTED )) >= 0 )
{
// get the mapping
pKillMap = GetMappingInDisplay( iList );
// remove it from the list
m_clistctrl_list.DeleteItem( iList );
// if it has not yet been applied to the metabase, continue
if ( (!m_fIsIIS6 && pKillMap->iMD == NEW_OBJECT ) ||
( m_fIsIIS6 && pKillMap->QueryNodeName() == "" /*NEW_OBJECT*/ ) )
{
// since this mapping never existed, we can just remove it from the add/edit lists
MarkToSave( pKillMap, FALSE );
// go to the next selected object
continue;
}
// mark the item to be deleted from the metabase
m_rgbDelete.Add( (CObject*)pKillMap );
}
// activate the apply button
SetModified();
}
//---------------------------------------------------------------------------
void CMap11Page::OnEdit11map()
{
int iList;
C11Mapping* pUpdateMap;
// what happens here depends on if just one mapping is selected, or many
switch( m_clistctrl_list.GetSelectedCount() )
{
case 0: // do nothing - should not get here because button grays out
ASSERT( FALSE );
break;
case 1: // get the mapping for update and run single edit dialog
// get index of the selected list item
iList = m_clistctrl_list.GetNextItem( -1, LVNI_SELECTED );
ASSERT( iList >= 0 );
// get the mapping item for updating purposes
pUpdateMap = GetMappingInDisplay( iList );
if ( !pUpdateMap )
{
AfxMessageBox( IDS_ERR_ACCESS_MAPPING );
break;
}
// edit the mapping, update it if successful, delete if not
if ( EditOneMapping(pUpdateMap) )
{
UpdateMappingInDispList( iList, pUpdateMap );
// activate the apply button
SetModified();
}
break;
default: // run the multi edit dialog
EditMultipleMappings();
break;
}
}
//---------------------------------------------------------------------------
void CMap11Page::OnDblclkList(NMHDR* pNMHDR, LRESULT* pResult)
{
*pResult = 0;
// if something in the list was double clicked, edit it
if ( m_clistctrl_list.GetSelectedCount() > 0 )
OnEdit11map();
}
//---------------------------------------------------------------------------
void CMap11Page::OnItemchangedList(NMHDR* pNMHDR, LRESULT* pResult)
{
C11Mapping* pSelMap;
NM_LISTVIEW* pNMListView = (NM_LISTVIEW*)pNMHDR;
*pResult = 0;
// enable the correct items
EnableDependantButtons();
// fill in the cracked information for the selected mapping - if there is only one
if ( m_clistctrl_list.GetSelectedCount() == 1 )
{
// get index of the selected list item
int i = m_clistctrl_list.GetNextItem( -1, LVNI_SELECTED );
ASSERT( i >= 0 );
// get the mapper index for the item
pSelMap = GetMappingInDisplay( i );
if ( pSelMap )
{
DisplayCrackedMap( pSelMap );
}
}
else
{
// either multiple, or no mappings selected
EnableCrackDisplay( FALSE );
}
}
//================================================================================
// special display
//---------------------------------------------------------------------------
BOOL CMap11Page::DisplayCrackedMap( C11Mapping* pMap )
{
PUCHAR pCert;
DWORD cbCert;
CString sz;
// obtain a reference to the certificate
if ( !pMap->GetCertificate( &pCert, &cbCert ) )
return FALSE;
// crack the certificate
CCrackedCert cracker;
if ( !cracker.CrackCert( pCert, cbCert ) )
return FALSE;
// fill in all the fields
cracker.GetIssuerCountry( sz );
m_csz_i_c = sz;
cracker.GetIssuerOrganization( sz );
m_csz_i_o = sz;
cracker.GetIssuerUnit( sz );
m_csz_i_ou = sz;
cracker.GetSubjectCountry( sz );
m_csz_s_c = sz;
cracker.GetSubjectCommonName( sz );
m_csz_s_cn = sz;
cracker.GetSubjectLocality( sz );
m_csz_s_l = sz;
cracker.GetSubjectOrganization( sz );
m_csz_s_o = sz;
cracker.GetSubjectUnit( sz );
m_csz_s_ou = sz;
cracker.GetSubjectState( sz );
m_csz_s_s = sz;
UpdateData( FALSE );
// return success
return TRUE;
}
//---------------------------------------------------------------------------
void CMap11Page::ClearCrackDisplay()
{
m_csz_i_c.Empty();
m_csz_i_o.Empty();
m_csz_i_ou.Empty();
m_csz_s_c.Empty();
m_csz_s_cn.Empty();
m_csz_s_l.Empty();
m_csz_s_o.Empty();
m_csz_s_ou.Empty();
m_csz_s_s.Empty();
UpdateData( FALSE );
}
//---------------------------------------------------------------------------
void CMap11Page::EnableCrackDisplay( BOOL fEnable )
{
if ( !fEnable )
ClearCrackDisplay();
m_cbutton_grp_issuer.EnableWindow( fEnable );
m_cbutton_grp_issuedto.EnableWindow( fEnable );
}
//---------------------------------------------------------------------------
BOOL CMap11Page::FReadMappings()
{
if ( m_fIsIIS6 )
{
return FReadMappingsIIS6();
}
BOOL f;
C11Mapping* pMap;
DWORD cbData;
PVOID pData;
DWORD fEnabled;
CString sz;
BOOL fRet = TRUE;
// before messing with the metabase, prepare the strings we will need
CString szBasePath = m_szMBPath + _T('/');
CString szRelativePath = MB_EXTEND_KEY_MAPS;
CString szObjectPath = m_szMBPath + _T('/') + szRelativePath;
CString szMapPath;
// prepare the metabase wrappers
CWrapMetaBase mbWrap;
f = mbWrap.FInit(m_pMB);
// open the base object
f = mbWrap.Open( szObjectPath, METADATA_PERMISSION_READ );
ASSERT( f );
if ( !f )
{
return FALSE;
}
// for now, at least, we are reading in all the mappings. reset the m_nNamer counter
// so that we end up with a somewhat accurate reading of the last number-name in the list.
m_MapsInMetabase = 0;
// Loop the items in the metabase, adding each to the napper.
DWORD index = 0;
CString szEnum;
while ( mbWrap.EnumObjects(_T(""), szEnum.GetBuffer(MAX_PATH*sizeof(WCHAR)),
MAX_PATH*sizeof(WCHAR), index) )
{
szEnum.ReleaseBuffer();
// keep track of the number of mappings we encounter
m_MapsInMetabase++;
// build the final mapping object path
szMapPath.Format( _T("/%s"), szEnum );
// make a new mapping object
pMap = PNewMapping();
if (pMap == NULL) {
SetLastError(E_OUTOFMEMORY);
fRet = FALSE;
break;
}
// install the object name into the mapping
pMap->iMD = m_MapsInMetabase;
// get the certificate
pData = mbWrap.GetData( szMapPath, MD_MAPCERT, IIS_MD_UT_SERVER, BINARY_METADATA, &cbData );
if ( pData )
{
// set the data into place
pMap->SetCertificate( (PUCHAR)pData, cbData );
// free the buffer
mbWrap.FreeWrapData( pData );
}
// get the NT Account - a string
cbData = METADATA_MAX_NAME_LEN;
if ( Get11String( &mbWrap, szMapPath, MD_MAPNTACCT, sz) )
{
pMap->SetNTAccount( sz );
}
// get the NT Password
cbData = METADATA_MAX_NAME_LEN;
if ( Get11String( &mbWrap, szMapPath, MD_MAPNTPWD, sz) )
{
pMap->SetNTPassword( sz );
}
// get the Enabled flag
if ( mbWrap.GetDword( szMapPath, MD_MAPENABLED, IIS_MD_UT_SERVER, &fEnabled) )
pMap->SetMapEnabled( (fEnabled > 0) );
// get the mapping name
cbData = METADATA_MAX_NAME_LEN;
if ( Get11String( &mbWrap, szMapPath, MD_MAPNAME, sz) )
{
pMap->SetMapName( sz );
}
// add the mapping to the list
FAddMappingToList( pMap );
// increment the index
index++;
}
szEnum.ReleaseBuffer();
// close the mapping object
mbWrap.Close();
// return success
return fRet;
}
//---------------------------------------------------------------------------
// IMPORTANT: There is a bug in the mapping namespace extension where, even
// though we are using the unicode metabase interface, all the strings are
// expected to be ansi. This means that we cannont use the wrapmb getstring
// and setstring calls with regards to the nsmp extetention. That is why
// there are these two string wrapper classes that
// also, all the strings used here are IIS_MD_UT_SERVER, so we can elimiate that parameter.
BOOL CMap11Page::Get11String(CWrapMetaBase* pmb, LPCTSTR pszPath, DWORD dwPropID, CString& sz)
{
DWORD dwcb;
BOOL fAnswer = FALSE;
// get the string using the self-allocating get data process
// that that it is cast as ANSI so the sz gets it right.
// NOTE: This must be gotten as an ANSI string!
PCHAR pchar = (PCHAR)pmb->GetData( pszPath, dwPropID, IIS_MD_UT_SERVER, STRING_METADATA, &dwcb );
if ( pchar )
{
// set the answer
sz = pchar;
fAnswer = TRUE;
// clean up
pmb->FreeWrapData( pchar );
}
// return the answer
return fAnswer;
}
//---------------------------------------------------------------------------
/* INTRINSA suppress=null_pointers, uninitialized */
BOOL CMap11Page::Set11String(CWrapMetaBase* pmb, LPCTSTR pszPath, DWORD dwPropID, CString& sz, DWORD dwFlags )
{
USES_CONVERSION;
// Easy. Just set it as data
// Make sure it is set back as an ANSI string though
LPSTR pA = T2A((LPTSTR)(LPCTSTR)sz);
return pmb->SetData( pszPath, dwPropID, IIS_MD_UT_SERVER, STRING_METADATA,
(PVOID)pA, strlen(pA)+1, dwFlags );
}
//---------------------------------------------------------------------------
// we only need to write out the mappings that have been either changed or added.
// Thoughts on further optimizations: The bare minimum info about where to find
// a mapping in the metabase could be stored in the metabase. Then, the mappings
// would only be loaded when they were added to be edited or displayed in the
// cracked list. The private data for each item in the list would have to have
// some sort of reference to a position in the metabase.
BOOL CMap11Page::FWriteMappings()
{
if ( m_fIsIIS6 )
{
return FWriteMappingsIIS6();
}
BOOL f;
DWORD i,j;
DWORD cMappings;
C11Mapping* pMap;
C11Mapping* pMapTemp;
CString sz;
DWORD dwEnabled;
PUCHAR pCert;
DWORD cbCert;
DWORD iList;
CStrPassword cspTempPassword;
// before messing with the metabase, prepare the strings we will need
CString szTempPath;
CString szBasePath = m_szMBPath + _T("/Cert11");
CString szRelativePath = _T("/Mappings");
CString szObjectPath = szRelativePath + _T('/');
// prepare the base metabase wrapper
CWrapMetaBase mbBase;
f = mbBase.FInit(m_pMB);
if ( !f )
{
AfxMessageBox( IDS_ERR_ACCESS_MAPPING );
return FALSE;
}
// first, we have to open the Cert11 object. If it doesn't exist
// then we have to add it tothe metabase
if ( !mbBase.Open( szBasePath, METADATA_PERMISSION_READ|METADATA_PERMISSION_WRITE ) )
{
// Cert11 does not exist - open the namespace base and add it
szTempPath = m_szMBPath + _T('/');
if ( !mbBase.Open( szTempPath, METADATA_PERMISSION_READ|METADATA_PERMISSION_WRITE ) )
{
AfxMessageBox( IDS_ERR_ACCESS_MAPPING );
return FALSE; // serious problems if we can't open the base
}
// add the Cert11 object
szTempPath = _T("Cert11");
f = mbBase.AddObject( szTempPath );
mbBase.Close();
if ( !f )
{
AfxMessageBox( IDS_ERR_CANTADD );
return FALSE;
}
// try again to open the Cert11. Fail if it doesn't work
if ( !mbBase.Open( szBasePath, METADATA_PERMISSION_READ|METADATA_PERMISSION_WRITE ) )
{
AfxMessageBox( IDS_ERR_ACCESS_MAPPING );
return FALSE;
}
}
//==========
// start by deleting all the mappings in the to-be-deleted list
cMappings = (DWORD)m_rgbDelete.GetSize();
// only bother if there are items waiting to be deleted
if ( cMappings > 0 )
{
// get the count of mappings in the display list
DWORD cList = m_clistctrl_list.GetItemCount();
// sort the mappings, in decending order
for ( i = 0; i < cMappings-1; i++ )
{
pMap = (C11Mapping*)m_rgbDelete[i];
for ( j = i; j < cMappings; j++ )
{
pMapTemp = (C11Mapping*)m_rgbDelete[j];
if ( pMap->iMD < pMapTemp->iMD )
{
m_rgbDelete.SetAt( i, (CObject*)pMapTemp );
m_rgbDelete.SetAt( j, (CObject*)pMap );
pMap = pMapTemp;
}
}
}
// loop the mappings, deleting each from the metabase
for ( i = 0; i < cMappings; i++ )
{
// get the mapping object
pMap = (C11Mapping*)m_rgbDelete[i];
if ( !pMap || (pMap->iMD == NEW_OBJECT) )
continue;
// build the relative path to the object in question.
szObjectPath.Format( _T("%s/%d"), szRelativePath, pMap->iMD );
// delete that mapping's object from the metabase
f = mbBase.DeleteObject( szObjectPath );
// decrement the number of maps in the metabase
m_MapsInMetabase--;
// loop the items in the list, decrementing the index of those
// that are above it. Yes - this is non-optimal, but its what
// has to be done for now
for ( iList = 0; iList < cList; iList++ )
{
pMapTemp = GetMappingInDisplay(iList);
if ( (pMapTemp->iMD > pMap->iMD) && (pMapTemp->iMD != NEW_OBJECT) )
pMapTemp->iMD--;
}
// since we will no longer be needing this mapping, delete it
DeleteMapping( pMap );
}
// reset the to-be-deleted list
m_rgbDelete.RemoveAll();
}
//==========
// get the number mappings in the to-be-saved list
cMappings = (DWORD)m_rgbSave.GetSize();
// loop the mappings, adding each to the metabase
for ( i = 0; i < cMappings; i++ )
{
// get the mapping object
pMap = (C11Mapping*)m_rgbSave[i];
ASSERT( pMap );
// if the object is already in the metabase, just open it.
if ( pMap->iMD != NEW_OBJECT )
{
// build the relative path to the object
szObjectPath.Format( _T("%s/%d"), szRelativePath, pMap->iMD );
}
else
{
// set up the name of the new mapping as one higher
// than the number of mappings in the metabase
pMap->iMD = m_MapsInMetabase + 1;
// build the relative path to the object
szObjectPath.Format( _T("%s/%d"), szRelativePath, pMap->iMD );
// add the mapping object to the base
f = mbBase.AddObject( szObjectPath );
if ( f )
{
// increment the number of maps in the metabase
m_MapsInMetabase++;
}
}
// write the object's parameters
if ( f )
{
// save the certificate
if ( pMap->GetCertificate(&pCert, &cbCert) )
{
// set the data into place in the object
f = mbBase.SetData( szObjectPath, MD_MAPCERT, IIS_MD_UT_SERVER, BINARY_METADATA,
pCert, cbCert, METADATA_SECURE | METADATA_INHERIT );
}
// save the NTAccount
if ( pMap->GetNTAccount(sz) )
{
// set the data into place in the object
f = Set11String(&mbBase, szObjectPath, MD_MAPNTACCT, sz, METADATA_SECURE);
}
// save the password - secure
if ( pMap->GetNTPassword(cspTempPassword) )
{
// set the data into place in the object
CString csTempPassword;
cspTempPassword.CopyTo(csTempPassword);
f = Set11String(&mbBase, szObjectPath, MD_MAPNTPWD, csTempPassword, METADATA_SECURE);
}
// save the map's name
if ( pMap->GetMapName(sz) )
{
// set the data into place in the object
f = Set11String(&mbBase, szObjectPath, MD_MAPNAME, sz);
}
// save the Enabled flag
// server reads the flag as the value of the dword
if ( pMap->GetMapEnabled(&f) )
{
dwEnabled = (DWORD)f;
f = mbBase.SetDword( szObjectPath, MD_MAPENABLED, IIS_MD_UT_SERVER, dwEnabled );
}
}
}
// close the base object
mbBase.Close();
// save the metabase
mbBase.Save();
// reset the to-be-saved list
m_rgbSave.RemoveAll();
// return success
return TRUE;
}
//---------------------------------------------------------------------------
BOOL CMap11Page::FReadMappingsIIS6()
{
BOOL f;
C11Mapping* pMap;
DWORD cbData;
PVOID pData;
DWORD fEnabled;
WCHAR * pChar = NULL;
BOOL fRet = TRUE;
// before messing with the metabase, prepare the strings we will need
CString szBasePath = m_szMBPath + _T('/');
CString szRelativePath = MB_EXTEND_KEY_MAPS;
CString szObjectPath = m_szMBPath + _T('/') + szRelativePath;
CString szMapPath;
// prepare the metabase wrappers
CWrapMetaBase mbWrap;
f = mbWrap.FInit(m_pMB);
// open the base object
f = mbWrap.Open( szObjectPath, METADATA_PERMISSION_READ );
ASSERT( f );
if ( !f )
{
return FALSE;
}
// for now, at least, we are reading in all the mappings. reset the m_nNamer counter
// so that we end up with a somewhat accurate reading of the last number-name in the list.
m_MapsInMetabase = 0;
// Loop the items in the metabase, adding each to the napper.
DWORD index = 0;
CString szEnum;
while ( mbWrap.EnumObjects(_T(""), szEnum.GetBuffer(MAX_PATH*sizeof(WCHAR)),
MAX_PATH*sizeof(WCHAR), index) )
{
szEnum.ReleaseBuffer();
// keep track of the number of mappings we encounter
m_MapsInMetabase++;
// build the final mapping object path
szMapPath.Format( _T("/%s"), szEnum );
// make a new mapping object
pMap = PNewMapping();
if (pMap == NULL) {
SetLastError(E_OUTOFMEMORY);
fRet = FALSE;
break;
}
// install the object name into the mapping
pMap->SetNodeName( szEnum );
// get the certificate
pData = mbWrap.GetData( szMapPath, MD_MAPCERT, IIS_MD_UT_SERVER, BINARY_METADATA, &cbData );
if ( pData )
{
// set the data into place
pMap->SetCertificate( (PUCHAR)pData, cbData );
// free the buffer
mbWrap.FreeWrapData( pData );
}
// get the NT Account - a string
cbData = METADATA_MAX_NAME_LEN;
if ( pChar = (WCHAR *) mbWrap.GetData( szMapPath, MD_MAPNTACCT, IIS_MD_UT_SERVER, STRING_METADATA, &cbData ) )
{
pMap->SetNTAccount( pChar );
// free the buffer
mbWrap.FreeWrapData( pChar );
}
// get the NT Password
cbData = METADATA_MAX_NAME_LEN;
if ( pChar = (WCHAR *) mbWrap.GetData( szMapPath, MD_MAPNTPWD, IIS_MD_UT_SERVER, STRING_METADATA, &cbData ) )
{
pMap->SetNTPassword( pChar );
// free the buffer
mbWrap.FreeWrapData( pChar );
}
// get the Enabled flag
if ( mbWrap.GetDword( szMapPath, MD_MAPENABLED, IIS_MD_UT_SERVER, &fEnabled) )
pMap->SetMapEnabled( (fEnabled > 0) );
// get the mapping name
cbData = METADATA_MAX_NAME_LEN;
if ( pChar = (WCHAR *) mbWrap.GetData( szMapPath, MD_MAPNAME, IIS_MD_UT_SERVER, STRING_METADATA, &cbData ) )
{
pMap->SetMapName( pChar );
// free the buffer
mbWrap.FreeWrapData( pChar );
}
// add the mapping to the list
FAddMappingToList( pMap );
// increment the index
index++;
}
szEnum.ReleaseBuffer();
// close the mapping object
mbWrap.Close();
// return success
return fRet;
}
//---------------------------------------------------------------------------
// we only need to write out the mappings that have been either changed or added.
// This function is based on FWriteMappings() function. Minimum changes were made
// to support IIS6 format of IIS 1to1 client certificate mappings
BOOL CMap11Page::FWriteMappingsIIS6()
{
BOOL f;
DWORD i,j;
DWORD cMappings;
C11Mapping* pMap;
C11Mapping* pMapTemp;
CString sz;
DWORD dwEnabled;
PUCHAR pCert;
DWORD cbCert;
DWORD iList;
CStrPassword cspTempPassword;
// before messing with the metabase, prepare the strings we will need
CString szTempPath;
CString szBasePath = m_szMBPath + _T('/')+ MB_EXTEND_KEY_MAPS;
CString szObjectPath = "";
// prepare the base metabase wrapper
CWrapMetaBase mbBase;
f = mbBase.FInit(m_pMB);
if ( !f )
{
AfxMessageBox( IDS_ERR_ACCESS_MAPPING );
return FALSE;
}
// first, we have to open the Cert11Mappings object. If it doesn't exist
// then we have to add it to the metabase
if ( !mbBase.Open( szBasePath, METADATA_PERMISSION_READ|METADATA_PERMISSION_WRITE ) )
{
// Cert11Mappings does not exist - open the namespace base and add it
szTempPath = m_szMBPath + _T('/');
if ( !mbBase.Open( szTempPath, METADATA_PERMISSION_READ|METADATA_PERMISSION_WRITE ) )
{
AfxMessageBox( IDS_ERR_ACCESS_MAPPING );
return FALSE; // serious problems if we can't open the base
}
// add the Cert11Mappings object
szTempPath = MB_EXTEND_KEY_MAPS;
f = mbBase.AddObject( szTempPath );
mbBase.Close();
if ( !f )
{
AfxMessageBox( IDS_ERR_CANTADD );
return FALSE;
}
// try again to open the Cert11Mappings. Fail if it doesn't work
if ( !mbBase.Open( szBasePath, METADATA_PERMISSION_READ|METADATA_PERMISSION_WRITE ) )
{
AfxMessageBox( IDS_ERR_ACCESS_MAPPING );
return FALSE;
}
}
//==========
// start by deleting all the mappings in the to-be-deleted list
cMappings = (DWORD)m_rgbDelete.GetSize();
// only bother if there are items waiting to be deleted
if ( cMappings > 0 )
{
// get the count of mappings in the display list
DWORD cList = m_clistctrl_list.GetItemCount();
// loop the mappings, deleting each from the metabase
for ( i = 0; i < cMappings; i++ )
{
// get the mapping object
pMap = (C11Mapping*)m_rgbDelete[i];
if ( !pMap || (pMap->QueryNodeName() == "" /*NEW_OBJECT*/) )
continue;
// build the relative path to the object in question.
szObjectPath.Format( _T("%s"), pMap->QueryNodeName() );
// delete that mapping's object from the metabase
f = mbBase.DeleteObject( szObjectPath );
// decrement the number of maps in the metabase
m_MapsInMetabase--;
// since we will no longer be needing this mapping, delete it
DeleteMapping( pMap );
}
// reset the to-be-deleted list
m_rgbDelete.RemoveAll();
}
//==========
// get the number mappings in the to-be-saved list
cMappings = (DWORD)m_rgbSave.GetSize();
// loop the mappings, adding each to the metabase
for ( i = 0; i < cMappings; i++ )
{
// get the mapping object
pMap = (C11Mapping*)m_rgbSave[i];
ASSERT( pMap );
// if the object is already in the metabase, just open it.
if ( pMap->QueryNodeName() != "" /*NEW_OBJECT*/ )
{
// build the relative path to the object
szObjectPath.Format( _T("%s"), pMap->QueryNodeName() );
}
else
{
// set up the name of the new mapping node to be equal
// to SHA1 hash of the certificate
pMap->SetNodeName( pMap->QueryCertHash() );
// build the relative path to the object
szObjectPath.Format( _T("%s"), pMap->QueryNodeName() );
if ( !szObjectPath.IsEmpty() )
{
// add the mapping object to the base
f = mbBase.AddObject( szObjectPath );
if ( f )
{
// increment the number of maps in the metabase
m_MapsInMetabase++;
}
// reset error of Adding object
// most likely node already exists
// CODEWORK: 04/08/02 jaroslad - this function is very optimistic
// it ignores errors that happen during process of saving mapping data
f = TRUE;
}
}
// write the object's parameters
if ( f && !szObjectPath.IsEmpty() )
{
// save the certificate
if ( pMap->GetCertificate(&pCert, &cbCert) )
{
// set the data into place in the object
f = mbBase.SetData( szObjectPath, MD_MAPCERT, IIS_MD_UT_SERVER, BINARY_METADATA,
pCert, cbCert, 0 );
}
// save the NTAccount
if ( pMap->GetNTAccount(sz) )
{
// set the data into place in the object
f = mbBase.SetString(szObjectPath, MD_MAPNTACCT, IIS_MD_UT_SERVER, sz, 0 );
}
// save the password - secure
if ( pMap->GetNTPassword(cspTempPassword) )
{
// set the data into place in the object
CString csTempPassword;
cspTempPassword.CopyTo(csTempPassword);
f = mbBase.SetString(szObjectPath, MD_MAPNTPWD, IIS_MD_UT_SERVER,
csTempPassword, METADATA_SECURE);
}
// save the map's name
if ( pMap->GetMapName(sz) )
{
// set the data into place in the object
f = mbBase.SetString(szObjectPath, MD_MAPNAME, IIS_MD_UT_SERVER, sz, 0);
}
// save the Enabled flag
// server reads the flag as the value of the dword
if ( pMap->GetMapEnabled(&f) )
{
dwEnabled = (DWORD)f;
f = mbBase.SetDword( szObjectPath, MD_MAPENABLED, IIS_MD_UT_SERVER, dwEnabled, 0 );
}
}
}
// close the base object
mbBase.Close();
// save the metabase
mbBase.Save();
// reset the to-be-saved list
m_rgbSave.RemoveAll();
// return success
return TRUE;
}
//---------------------------------------------------------------------------
C11Mapping* CMap11Page::PNewMapping()
{
// the way it should be
return new C11Mapping();
}
//---------------------------------------------------------------------------
void CMap11Page::DeleteMapping( C11Mapping* pMap )
{
// the way it should be
delete pMap;
}