Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

262 lines
5.7 KiB

#ifdef INET_DEBUG
#define CERT_CONTEXT_ARRAY_ALLOC_UNIT 1 // made small for testing
#else
// now always small since enum chains are no longer built
#define CERT_CONTEXT_ARRAY_ALLOC_UNIT 1
#endif
#define ClearCreds(CredHandle) \
CredHandle.dwLower = CredHandle.dwUpper = 0
#define IsCredClear(CredHandle) \
(( CredHandle.dwLower == 0 && CredHandle.dwUpper == 0 ) ? TRUE : FALSE )
typedef BOOL
(WINAPI *CERT_FREE_CERTIFICATE_CONTEXT_FN)
(IN PCCERT_CONTEXT pCertContext
);
typedef PCCERT_CONTEXT
(WINAPI *CERT_DUPLICATE_CERTIFICATE_CONTEXT_FN)
(IN PCCERT_CONTEXT pCertContext
);
extern CERT_DUPLICATE_CERTIFICATE_CONTEXT_FN g_pfnCertDuplicateCertificateContext;
extern CERT_FREE_CERTIFICATE_CONTEXT_FN g_pfnCertFreeCertificateContext;
class CERT_CONTEXT_ARRAY
{
private:
//
// number of cert chains in array
//
DWORD _cCertContexts;
//
// number of slots allocated in array
//
DWORD _cAlloced;
//
// array of Cert Context pointers
//
PCCERT_CONTEXT* _ppCertContexts;
//
// Index of Cert Chain, selected to be used by user.
//
INT _iSelected;
//
// Not Equal to ERROR_SUCCESS upon error at intialization.
//
DWORD _error;
// Critical section to guard the Cred Handle
CCritSec _cs ;
// Cred Handle created for the selected cert context which we should re-use
// to prevent multiple prompts to the user.
CredHandle _hCreds;
//
// Determines whether impersonation should be reverted for SSL handling.
//
BOOL _fNoRevert;
public:
CERT_CONTEXT_ARRAY(BOOL fNoRevert);
~CERT_CONTEXT_ARRAY();
void Reset (void);
DWORD
AddCertContext(
PCCERT_CONTEXT pCertContext
)
{
DWORD error = ERROR_SUCCESS;
INET_ASSERT(pCertContext);
//
// If the Array is already full, Realloc
//
if ( _cAlloced <= _cCertContexts )
{
INET_ASSERT(_cAlloced == _cCertContexts);
PCCERT_CONTEXT* pNew = (PCCERT_CONTEXT *)
REALLOCATE_MEMORY(_ppCertContexts,
(sizeof(PCERT_CONTEXT)*
(CERT_CONTEXT_ARRAY_ALLOC_UNIT+_cAlloced))
);
_cAlloced += CERT_CONTEXT_ARRAY_ALLOC_UNIT;
if ( pNew == NULL )
{
error = GetLastError();
FREE_MEMORY(_ppCertContexts);
_ppCertContexts = NULL;
goto quit;
}
else
_ppCertContexts = pNew;
}
//
// Store new Pointer into array
//
PCCERT_CONTEXT pNewCertContext;
WRAP_REVERT_USER((*g_pfnCertDuplicateCertificateContext),
_fNoRevert,
(pCertContext),
pNewCertContext);
if (pNewCertContext == NULL)
{
error = GetLastError();
goto quit;
}
_ppCertContexts[_cCertContexts] = pNewCertContext;
_cCertContexts++;
quit:
return error;
}
VOID
SelectCertContext(
INT index
)
{
INET_ASSERT((index >= 0 && index < (INT) _cCertContexts) || index == -1);
_iSelected = index;
}
PCCERT_CONTEXT
GetCertContext(
DWORD dwIndex
)
{
INET_ASSERT(dwIndex < _cCertContexts);
return _ppCertContexts[dwIndex];
}
PCCERT_CONTEXT
GetSelectedCertContext(
VOID
)
{
INET_ASSERT(_iSelected >= 0 || _iSelected == -1);
if ( _iSelected == -1 )
return NULL;
return GetCertContext((DWORD) _iSelected);
}
DWORD
GetError(
VOID
)
{
return _error;
}
DWORD
GetArraySize(
VOID
)
{
return _cCertContexts;
}
BOOL
LockCredHandle( )
{
if (_cs.IsInitialized())
return _cs.Lock();
else
// try initializing again
return (_cs.Init() && _cs.Lock());
}
VOID
UnlockCredHandle( )
{
_cs.Unlock();
}
CredHandle
GetCredHandle( )
{
return _hCreds;
}
VOID
SetCredHandle(CredHandle hCreds )
{
_hCreds = hCreds;
}
};
typedef HRESULT
(WINAPI * WIN_VERIFY_TRUST_FN)
(
IN OPTIONAL HWND hwnd,
IN GUID *pgActionID,
IN WINTRUST_DATA *pWinTrustData
);
typedef CRYPT_PROVIDER_DATA * (WINAPI * WT_HELPER_PROV_DATA_FROM_STATE_DATA_FN)
(
IN HANDLE hStateData
);
#define WIN_VERIFY_TRUST_NAME TEXT("WinVerifyTrust")
#define WT_HELPER_PROV_DATA_FROM_STATE_DATA_NAME TEXT("WTHelperProvDataFromStateData")
#define ADVAPI_DLLNAME TEXT("advapi32.dll")
#define WINTRUST_DLLNAME TEXT("wintrust.dll")
#define SOFTPUB_DLLNAME TEXT("softpub.dll")
#define SP_REG_KEY_SCHANNEL_BASE TEXT("System\\CurrentControlSet\\Control\\SecurityProviders\\SCHANNEL")
#define SP_REG_WINTRUST TEXT("Wintrust")
#define CLIENT_AUTH_TYPE L"ClientAuth"
#define CHAIN_BUFFER_SIZE 32768
#define ISSUER_SIZE_FIELD_SIZE 2
DWORD
CliAuthSelectCredential(
IN PCtxtHandle phContext,
IN LPTSTR pszPackageName,
IN CERT_CONTEXT_ARRAY *pCertContextArray,
OUT PCredHandle phCredential,
IN LPDWORD pdwStatus,
IN DWORD dwSecureProtocols,
IN BOOL fNoRevert);