|
|
//+--------------------------------------------------------------------------
//
// Microsoft Windows
// Copyright (C) Microsoft Corporation, 1996 - 1999
//
// File: certsrv.cpp
//
// Contents: Cert Server main & debug support
//
// History: 25-Jul-96 vich created
//
//---------------------------------------------------------------------------
#include <pch.cpp>
#pragma hdrstop
#include <locale.h>
#include <io.h>
#include <fcntl.h>
#include <safeboot.h>
#include <authzi.h>
#include "elog.h"
#include "certlog.h"
#include "certsrvd.h"
#include "resource.h"
#include "csresstr.h"
#define __dwFILE__ __dwFILE_CERTSRV_CERTSRV_CPP__
HKEY g_hkeyCABase = 0;
BOOL g_fCreateDB = FALSE;BOOL g_fStartAsService = TRUE;BOOL g_fStarted;BOOL g_fStartInProgress;DWORD g_ServiceThreadId;HWND g_hwndMain;WCHAR g_wszAppName[] = L"CertSrv";HINSTANCE g_hInstApp;DWORD g_dwDelay0;DWORD g_dwDelay1;DWORD g_dwDelay2;BOOL g_fCryptSilent = FALSE;
HANDLE g_hServiceThread = NULL;HANDLE g_hShutdownEvent = NULL;
CRITICAL_SECTION g_ShutdownCriticalSection;BOOL g_fShutdownCritSec = FALSE;
BOOL g_fRefuseIncoming = FALSE;LONG g_cCalls = 0;LONG g_cCallsActive = 0;BOOL g_fAdvancedServer = FALSE;
CAutoLPWSTR g_pwszDBFileHash;
SERVICE_TABLE_ENTRY steDispatchTable[] ={ { const_cast<WCHAR *>(g_wszCertSrvServiceName), ServiceMain }, { NULL, NULL }};
WCHAR const g_wszRegKeyClassesCLSID[] = L"SOFTWARE\\Classes\\CLSID";WCHAR const g_wszRegKeyInprocServer32[] = L"InprocServer32";WCHAR const g_wszRegValueThreadingModel[] = L"ThreadingModel";WCHAR const g_wszRegKeyAppId[] = L"SOFTWARE\\Classes\\AppId";WCHAR const g_wszRegRunAs[] = L"RunAs";WCHAR const g_wszRegValueInteractiveUser[] = L"Interactive User";WCHAR const g_wszRegLocalService[] = L"LocalService";
// do not change the order, add new audit resources at the end
// g_pwszAllow,
// g_pwszDeny,
// g_pwszCAAdmin,
// g_pwszOfficer,
// g_pwszRead,
// g_pwszEnroll,
LPCWSTR g_pwszAuditResources[6];
using namespace CertSrv;
HRESULTOpenRegistryComKey( IN HKEY hKeyParent, IN CLSID const *pclsid, IN BOOL fWrite, OUT HKEY *phKey){ HRESULT hr; WCHAR *pwsz = NULL;
*phKey = NULL; hr = StringFromCLSID(*pclsid, &pwsz); _JumpIfError(hr, error, "StringFromCLSID");
hr = RegOpenKeyEx( hKeyParent, pwsz, 0, fWrite? KEY_ALL_ACCESS : KEY_READ, phKey); _JumpIfError(hr, error, "RegOpenKeyEx");
error: if (NULL != pwsz) { CoTaskMemFree(pwsz); } return(hr);}
BOOLIsMissingRegistryValue( IN HKEY hKey, IN WCHAR const *pwszRegValueName){ HRESULT hr; DWORD dwLen; DWORD dwType;
hr = RegQueryValueEx(hKey, pwszRegValueName, NULL, &dwType, NULL, &dwLen); if (S_OK != hr) { hr = myHError(hr); } _JumpIfError2( hr, error, "RegQueryValueEx", HRESULT_FROM_WIN32(ERROR_FILE_NOT_FOUND));
error: return(HRESULT_FROM_WIN32(ERROR_FILE_NOT_FOUND) == hr);}
BOOLIsMatchingRegistryValue( IN HKEY hKey, IN WCHAR const *pwszRegValueName, IN WCHAR const *pwszRegValueString){ HRESULT hr; DWORD dwLen; DWORD dwType; BOOL fMatch = FALSE; WCHAR buf[MAX_PATH];
dwLen = sizeof(buf); hr = RegQueryValueEx( hKey, pwszRegValueName, NULL, &dwType, (BYTE *) buf, &dwLen); _JumpIfErrorStr(hr, error, "RegQueryValueEx", pwszRegValueName);
if (REG_SZ == dwType && 0 == lstrcmpi(buf, pwszRegValueString)) { fMatch = TRUE; }
error: return(fMatch);}
HRESULTSetRegistryStringValue( IN HKEY hKey, IN WCHAR const *pwszRegValueName, IN WCHAR const *pwszRegValueString){ HRESULT hr;
hr = RegSetValueEx( hKey, pwszRegValueName, 0, REG_SZ, (const BYTE *) pwszRegValueString, (wcslen(pwszRegValueString) + 1) * sizeof(WCHAR)); return(hr);}
HRESULTCertSrvSetRegistryFileTimeValue( IN BOOL fConfigLevel, IN WCHAR const *pwszRegValueName, IN DWORD cpwszDelete, OPTIONAL IN WCHAR const * const *papwszRegValueNameDelete){ HRESULT hr; HKEY hKey = NULL; HKEY hKey1 = NULL; WCHAR *pwszKey; FILETIME ftCurrent; DWORD i;
GetSystemTimeAsFileTime(&ftCurrent);
hr = RegOpenKeyEx( HKEY_LOCAL_MACHINE, wszREGKEYCONFIGPATH, 0, KEY_ALL_ACCESS, &hKey); _JumpIfError(hr, error, "RegOpenKeyEx");
if (!fConfigLevel) { hKey1 = hKey; hKey = NULL; hr = RegOpenKeyEx( hKey1, g_wszSanitizedName, 0, KEY_ALL_ACCESS, &hKey); _JumpIfError(hr, error, "RegOpenKeyEx"); }
hr = RegSetValueEx( hKey, pwszRegValueName, 0, REG_BINARY, (BYTE const *) &ftCurrent, sizeof(ftCurrent)); _JumpIfError(hr, error, "RegSetValueEx");
for (i = 0; i < cpwszDelete; i++) { hr = RegDeleteValue(hKey, papwszRegValueNameDelete[i]); _PrintIfError2(hr, "RegDeleteValue", ERROR_FILE_NOT_FOUND); } hr = S_OK;
error: if (NULL != hKey1) { RegCloseKey(hKey1); } if (NULL != hKey) { RegCloseKey(hKey); } return(myHError(hr));}
HRESULTSetRegistryDcomConfig( IN BOOL fConsoleActive){ HRESULT hr; HKEY hKeyAppId = NULL; HKEY hKeyAdmin = NULL; HKEY hKeyRequest = NULL; DWORD cChanged = 0;
hr = RegOpenKeyEx( HKEY_LOCAL_MACHINE, g_wszRegKeyAppId, 0, KEY_ALL_ACCESS, &hKeyAppId); _JumpIfError(hr, error, "RegOpenKeyEx");
hr = OpenRegistryComKey(hKeyAppId, &CLSID_CCertAdminD, TRUE, &hKeyAdmin); _JumpIfError(hr, error, "OpenRegistryComKey");
hr = OpenRegistryComKey(hKeyAppId, &CLSID_CCertRequestD, TRUE, &hKeyRequest); _JumpIfError(hr, error, "OpenRegistryComKey");
if (fConsoleActive) { // Running in console mode:
// Delete both LocalService registry values
// Create both RunAs = InteractiveUser registry values
if (!IsMissingRegistryValue(hKeyAdmin, g_wszRegLocalService)) { cChanged++; hr = RegDeleteValue(hKeyAdmin, g_wszRegLocalService); _JumpIfError(hr, error, "RegDeleteValue"); } if (!IsMissingRegistryValue(hKeyRequest, g_wszRegLocalService)) { cChanged++; hr = RegDeleteValue(hKeyRequest, g_wszRegLocalService); _JumpIfError(hr, error, "RegDeleteValue"); }
if (!IsMatchingRegistryValue( hKeyAdmin, g_wszRegRunAs, g_wszRegValueInteractiveUser)) { cChanged++; hr = SetRegistryStringValue( hKeyAdmin, g_wszRegRunAs, g_wszRegValueInteractiveUser); _JumpIfError(hr, error, "SetRegistryStringValue"); } if (!IsMatchingRegistryValue( hKeyRequest, g_wszRegRunAs, g_wszRegValueInteractiveUser)) { cChanged++; hr = SetRegistryStringValue( hKeyRequest, g_wszRegRunAs, g_wszRegValueInteractiveUser); _JumpIfError(hr, error, "SetRegistryStringValue"); } if (0 != cChanged) { DBGPRINT(( DBG_SS_CERTSRV, "SetRegistryDcomConfig(%u): setting %ws=%ws\n", cChanged, g_wszRegRunAs, g_wszRegValueInteractiveUser)); } } else { // Running as a service:
// Delete both RunAs registry values
// Create both LocalService = CertSvc registry values
if (!IsMissingRegistryValue(hKeyAdmin, g_wszRegRunAs)) { cChanged++; hr = RegDeleteValue(hKeyAdmin, g_wszRegRunAs); _JumpIfError(hr, error, "RegDeleteValue"); } if (!IsMissingRegistryValue(hKeyRequest, g_wszRegRunAs)) { cChanged++; hr = RegDeleteValue(hKeyRequest, g_wszRegRunAs); _JumpIfError(hr, error, "RegDeleteValue"); }
if (!IsMatchingRegistryValue( hKeyAdmin, g_wszRegLocalService, g_wszCertSrvServiceName)) { cChanged++; hr = SetRegistryStringValue( hKeyAdmin, g_wszRegLocalService, g_wszCertSrvServiceName); _JumpIfError(hr, error, "SetRegistryStringValue"); } if (!IsMatchingRegistryValue( hKeyRequest, g_wszRegLocalService, g_wszCertSrvServiceName)) { cChanged++; hr = SetRegistryStringValue( hKeyRequest, g_wszRegLocalService, g_wszCertSrvServiceName); _JumpIfError(hr, error, "SetRegistryStringValue"); } if (0 != cChanged) { DBGPRINT(( DBG_SS_CERTSRV, "SetRegistryDcomConfig(%u): setting %ws=%ws\n", cChanged, g_wszRegLocalService, g_wszCertSrvServiceName)); } }
error: if (NULL != hKeyRequest) { RegCloseKey(hKeyRequest); } if (NULL != hKeyAdmin) { RegCloseKey(hKeyAdmin); } if (NULL != hKeyAppId) { RegCloseKey(hKeyAppId); } return(myHError(hr));}
DWORDGetRegistryDwordValue( IN WCHAR const *pwszRegValueName){ HRESULT hr; HKEY hKeyConfig = NULL; DWORD dwVal; DWORD dwType; DWORD dwLen;
dwVal = 0;
hr = RegOpenKeyEx( HKEY_LOCAL_MACHINE, g_wszRegKeyConfigPath, 0, KEY_READ, &hKeyConfig); _JumpIfError(hr, error, "RegOpenKeyEx");
dwLen = sizeof(dwVal); hr = RegQueryValueEx( hKeyConfig, pwszRegValueName, NULL, &dwType, (BYTE *) &dwVal, &dwLen);
if (S_OK != hr || REG_DWORD != dwType || sizeof(dwVal) != dwLen) { dwVal = 0; goto error; }
error: if (NULL != hKeyConfig) { RegCloseKey(hKeyConfig); } return(dwVal);}
HRESULT CertSrvResetRegistryWatch( IN OUT HANDLE *phRegistryModified){ HRESULT hr; CSASSERT(NULL != phRegistryModified);
//////////////////////////////////////
// Initialization of registry events
if (NULL == g_hkeyCABase) { DWORD dwDisposition; LPWSTR pszCAPath; pszCAPath = (LPWSTR) LocalAlloc( LMEM_FIXED, (WSZARRAYSIZE(wszREGKEYCONFIGPATH_BS) + wcslen(g_wszSanitizedName) + 1) * sizeof(WCHAR)); if (NULL == pszCAPath) { hr = E_OUTOFMEMORY; _JumpError(hr, error, "LocalAlloc"); } wcscpy(pszCAPath, wszREGKEYCONFIGPATH_BS); wcscat(pszCAPath, g_wszSanitizedName); hr = RegCreateKeyEx( HKEY_LOCAL_MACHINE, pszCAPath, 0, // reserved
NULL, // class
0, // options
KEY_ALL_ACCESS, // sec desired
NULL, // sec attr
&g_hkeyCABase, // phk
&dwDisposition); LocalFree(pszCAPath); pszCAPath = NULL; _JumpIfError(hr, error, "RegCreateKeyEx base key"); } if (NULL == *phRegistryModified) { *phRegistryModified = CreateEvent( NULL, TRUE, // manual reset
FALSE, // initial state
L"Registry Modification Event"); if (NULL == *phRegistryModified) { hr = myHLastError(); _JumpError(hr, error, "CreateEvent registry watch"); } } else { // reset registry event
ResetEvent( *phRegistryModified ); }
// register our registry lookout trigger
hr = RegNotifyChangeKeyValue( g_hkeyCABase, FALSE, REG_NOTIFY_CHANGE_LAST_SET, *phRegistryModified, TRUE); _JumpIfError(hr, error, "RegNotifyChangeKeyValue on base key");
error: return(myHError(hr));}
HRESULT CertSrvRegistryModificationEvent( IN FILETIME const *pftWait, IN OUT DWORD *pdwTimeOut){ HRESULT hr; DWORD dwVal; BOOL fDisabledNew; FILETIME ftCurrent; BOOL fSetEvent = FALSE; DWORD dwMSTimeOut;
// see if Base CRL publish enabled state has changed
hr = myGetCertRegDWValue( g_wszSanitizedName, NULL, NULL, wszREGCRLPERIODCOUNT, &dwVal); if (S_OK == hr) { fDisabledNew = 0 == dwVal; if (fDisabledNew != g_fCRLPublishDisabled) { fSetEvent = TRUE; } }
// see if Delta CRL publish enabled state has changed
hr = myGetCertRegDWValue( g_wszSanitizedName, NULL, NULL, wszREGCRLDELTAPERIODCOUNT, &dwVal); if (S_OK == hr) { fDisabledNew = 0 == dwVal; if (fDisabledNew != g_fDeltaCRLPublishDisabled) { fSetEvent = TRUE; } }
GetSystemTimeAsFileTime(&ftCurrent);
CRLComputeTimeOut(pftWait, &ftCurrent, &dwMSTimeOut); if (dwMSTimeOut >= *pdwTimeOut) { dwMSTimeOut = *pdwTimeOut; fSetEvent = TRUE; } *pdwTimeOut -= dwMSTimeOut;
if (fSetEvent) { SetEvent(g_hCRLManualPublishEvent); // pulse to get up-to-date
} return(hr);}
#if DBG_CERTSRV
WCHAR const *certsrvGetCurrentTimeWsz(){ HRESULT hr; FILETIME ft; WCHAR *pwszTime = NULL; static WCHAR s_wszTime[128]; GetSystemTimeAsFileTime(&ft); hr = myGMTFileTimeToWszLocalTime(&ft, TRUE, &pwszTime); _PrintIfError(hr, "myGMTFileTimeToWszLocalTime"); s_wszTime[0] = L'\0'; if (NULL != pwszTime) { wcsncpy(s_wszTime, pwszTime, ARRAYSIZE(s_wszTime)); s_wszTime[ARRAYSIZE(s_wszTime) - 1] = L'\0'; LocalFree(pwszTime); } return(s_wszTime);}#endif
HRESULTCertSrvBlockThreadUntilStop(){ HRESULT hr; HANDLE hRegistryModified = NULL; DWORD dwTimeOut;
// check CRL publish, get next timeout interval
hr = CRLPubWakeupEvent(&dwTimeOut); _PrintIfError(hr, "CRLPubWakeupEvent");
hr = CertSrvResetRegistryWatch(&hRegistryModified); _PrintIfError(hr, "CertSrvResetRegistryWatch");
while (TRUE) { FILETIME ftWait; DWORD dw; HANDLE hmultiObjects[] = { hRegistryModified, g_hServiceStoppingEvent, g_hCRLManualPublishEvent };
#if DBG_CERTSRV
{ LLFILETIME llft; WCHAR *pwszTimePeriod = NULL;
llft.ll = dwTimeOut; llft.ll *= (CVT_BASE / 1000); // convert msecs to 100ns
llft.ll = -llft.ll; hr = myFileTimePeriodToWszTimePeriod( &llft.ft, TRUE, // fExact
&pwszTimePeriod); _PrintIfError(hr, "myFileTimePeriodToWszTimePeriod");
DBGPRINT(( DBG_SS_CERTSRV, "WaitForMultipleObjects(%u ms) %ws @%ws\n", dwTimeOut, pwszTimePeriod, certsrvGetCurrentTimeWsz())); if (NULL != pwszTimePeriod) { LocalFree(pwszTimePeriod); } }#endif
GetSystemTimeAsFileTime(&ftWait); dw = WaitForMultipleObjects( ARRAYSIZE(hmultiObjects), hmultiObjects, FALSE, // any object will cause bailout
dwTimeOut);
DBGPRINT(( DBG_SS_CERTSRV, "WaitForMultipleObjects(%u ms)->%x, %ws\n", dwTimeOut, dw, certsrvGetCurrentTimeWsz()));
if (WAIT_FAILED == dw) { hr = GetLastError(); _JumpError(hr, error, "WaitForMultipleObjects worker"); }
if (dw == WAIT_TIMEOUT) // CRL
{ hr = CRLPubWakeupEvent(&dwTimeOut); _PrintIfError(hr, "Error during CRLPubWakeupEvent");
DBGPRINT((DBG_SS_CERTSRVI, "CRLPub: TimeOut %u ms\n", dwTimeOut)); } else if (dw == WAIT_OBJECT_0) // Registry modification
{ // In either case, determine if CRL needs to be published
hr = CertSrvRegistryModificationEvent(&ftWait, &dwTimeOut); _PrintIfError(hr, "Error during CertSrvRegistryModificationEvent");
// in registry case, reset registry trigger
DBGPRINT(( DBG_SS_CERTSRVI, "CRLPub: Registry change trigger, TimeOut=%u ms\n", dwTimeOut));
hr = CertSrvResetRegistryWatch(&hRegistryModified); _PrintIfError(hr, "Error during CertSrvResetRegistryWatch"); } else if (dw == WAIT_OBJECT_0 + 1) { // found "service done" event
DBGPRINT((DBG_SS_CERTSRV, "Service is pending stop request\n")); break; // exit wait loop
} else if (dw == WAIT_OBJECT_0 + 2) { // found "g_hCRLManualPublishEvent" event: recalc timeout
hr = CRLPubWakeupEvent(&dwTimeOut); _PrintIfError(hr, "Error during CRLPubWakeupEvent");
DBGPRINT(( DBG_SS_CERTSRVI, "CRLPub: Manual publish recalc, TimeOut=%u ms\n", dwTimeOut)); } else { CSASSERT(!"unexpected wait return"); hr = E_UNEXPECTED; _JumpError(hr, error, "WaitForMultipleObjects"); } } hr = S_OK;
error: CloseHandle(hRegistryModified); return hr;}
// returns TRUE if we shutdown correctly
BOOLCertSrvStopServer( IN BOOL fConsoleActive){ HRESULT hr; BOOL fCoInit = FALSE; BOOL fShutDown = FALSE;
if (!g_fStartInProgress) // ignore while starting the server
{ fShutDown = TRUE;
DBGPRINT(( DBG_SS_CERTSRV, "CertSrvStopServer(fConsoleActive=%u, tid=%d)\n", fConsoleActive, GetCurrentThreadId()));
SetEvent(g_hServiceStoppingEvent);
if (g_hkeyCABase) { RegCloseKey(g_hkeyCABase); g_hkeyCABase = NULL; }
hr = CoInitializeEx(NULL, GetCertsrvComThreadingModel()); if (S_OK != hr && S_FALSE != hr) { _JumpError(hr, error, "CoInitializeEx"); } fCoInit = TRUE;
// don't allow new callers in
hr = RPCTeardown(); _PrintIfError(hr, "RPCTeardown"); CertStopClassFactories();
CoreTerminate();
if (g_fStarted) { if (CERTLOG_TERSE <= g_dwLogLevel) { LogEventString( EVENTLOG_INFORMATION_TYPE, MSG_I_SERVER_STOPPED, g_wszCommonName); } CONSOLEPRINT0(( DBG_SS_CERTSRV, "Certification Authority Service Stopped\n"));
{ //only perform Hash if the auditing is enabled
if(AUDIT_FILTER_STARTSTOP & g_dwAuditFilter) { CertSrv::CAuditEvent event( SE_AUDITID_CERTSRV_SERVICESTOP, g_dwAuditFilter);
hr = ComputeMAC(g_wszDatabase, &g_pwszDBFileHash); _JumpIfErrorStr(hr, error, "ComputeMAC", g_wszDatabase);
hr = event.AddData(g_pwszDBFileHash); // %1 database hash
g_pwszDBFileHash.Cleanup(); _JumpIfError(hr, error, "CAuditEvent::AddData");
//
// ... add code for retrieving key usage count from CSP
//
hr = event.AddData((DWORD)0); // %2 key usage count
_JumpIfError(hr, error, "CAuditEvent::AddData");
hr = event.Report(); _JumpIfError(hr, error, "CAuditEvent::Report"); } } } g_fStarted = FALSE;
AuthzFreeResourceManager(g_AuthzCertSrvRM); g_AuthzCertSrvRM = NULL; g_CASD.Uninitialize(); g_OfficerRightsSD.Uninitialize();
// set "completely stopped" event
if (!fConsoleActive) { SetEvent(g_hServiceStoppedEvent); } }
error: if (fCoInit) { CoUninitialize(); } return(fShutDown);}
// Control-C handler
BOOLStopServer( IN DWORD dwCtrlType){ HRESULT hr;
// if successful shutdown
if (SendMessage(g_hwndMain, WM_STOPSERVER, 0, 0)) { if (!PostMessage(g_hwndMain, WM_SYNC_CLOSING_THREADS, S_OK, 0)) { hr = myHLastError(); _PrintError(hr, "PostMessage"); } SetConsoleCtrlHandler(StopServer, FALSE); } return(TRUE);}
HRESULTCertSrvEnterServer( OUT DWORD *pState){ HRESULT hr; BOOL fEntered = FALSE; *pState = 0; // Caller need not exit server
if (!g_fShutdownCritSec) { hr = HRESULT_FROM_WIN32(ERROR_DLL_INIT_FAILED); _JumpError(hr, error, "InitializeCriticalSection"); } EnterCriticalSection(&g_ShutdownCriticalSection); fEntered = TRUE;
hr = CertSrvTestServerState(); _JumpIfError(hr, error, "CertSrvTestServerState");
g_cCalls++; g_cCallsActive++; *pState = 1; // Caller must exit server
hr = S_OK;
error: if (fEntered) { LeaveCriticalSection(&g_ShutdownCriticalSection); } return(hr);}
HRESULTCertSrvTestServerState(){ HRESULT hr; if (g_fRefuseIncoming) { hr = HRESULT_FROM_WIN32(ERROR_SHUTDOWN_IN_PROGRESS); _JumpError(hr, error, "g_fRefuseIncoming"); } hr = S_OK;
error: return(hr);}
HRESULTCertSrvLockServer( IN OUT DWORD *pState){ HRESULT hr; BOOL fEntered = FALSE;
// Eliminate this thread from the active thread count
CertSrvExitServer(*pState); *pState = 0; // Caller no longer needs to exit server
if (!g_fShutdownCritSec) { hr = HRESULT_FROM_WIN32(ERROR_DLL_INIT_FAILED); _JumpError(hr, error, "InitializeCriticalSection"); } EnterCriticalSection(&g_ShutdownCriticalSection); fEntered = TRUE;
g_fRefuseIncoming = TRUE; DBShutDown(TRUE); DBGPRINT((DBG_SS_CERTSRV, "LockServer(thread count = %u)\n", g_cCallsActive)); while (0 < g_cCallsActive) { LeaveCriticalSection(&g_ShutdownCriticalSection);
// Wait 15 seconds plus 2 seconds for each active call.
hr = WaitForSingleObject( g_hShutdownEvent, (15 + 2 * g_cCallsActive) * 1000); EnterCriticalSection(&g_ShutdownCriticalSection);
_PrintIfError(hr, "WaitForSingleObject"); if ((HRESULT) WAIT_OBJECT_0 == hr) { DBGPRINT((DBG_SS_CERTSRV, "LockServer(last thread exit event)\n")); } else if ((HRESULT) WAIT_TIMEOUT == hr) { DBGPRINT((DBG_SS_CERTSRV, "LockServer(timeout)\n")); break; } else if ((HRESULT) WAIT_ABANDONED == hr) { DBGPRINT((DBG_SS_CERTSRV, "LockServer(wait abandoned)\n")); } DBGPRINT((DBG_SS_CERTSRV, "LockServer(thread count = %u)\n", g_cCallsActive)); } DBGPRINT((DBG_SS_CERTSRV, "LockServer(done: thread count = %u)\n", g_cCallsActive)); hr = S_OK;
error: if (fEntered) { LeaveCriticalSection(&g_ShutdownCriticalSection); } return(hr);}
VOIDCertSrvExitServer( IN DWORD State){ HRESULT hr; BOOL fEntered = FALSE;
if (!g_fShutdownCritSec) { hr = HRESULT_FROM_WIN32(ERROR_DLL_INIT_FAILED); _JumpError(hr, error, "InitializeCriticalSection"); } EnterCriticalSection(&g_ShutdownCriticalSection); fEntered = TRUE;
if (State) { CSASSERT(0 < g_cCallsActive); if (0 == --g_cCallsActive && g_fRefuseIncoming) { DBGPRINT((DBG_SS_CERTSRV, "ExitServer(set last thread exit event)\n")); SetEvent(g_hShutdownEvent); } }
error: if (fEntered) { LeaveCriticalSection(&g_ShutdownCriticalSection); }}
// Test for alignment faults in the C runtimes.
// If the bug hasn't been fixed yet, log an event during cert server startup.
VOIDcertsrvLogAlignmentFaultStatus(){ HRESULT hr; HRESULT hr2; ULONG_PTR ExceptionAddress; WCHAR awcAddress[2 + 2 * cwcDWORDSPRINTF]; WCHAR const *apwsz[2]; WORD cpwsz; WCHAR awchr[cwcHRESULTSTRING]; WCHAR const *pwszStringErr = NULL; apwsz[1] = NULL; __try { fwprintf(stdout, L"."); // may fault if I/O buffer is odd aligned
fprintf(stdout, "."); fwprintf(stdout, L".\n"); // may fault if I/O buffer is odd aligned
hr = S_OK; } __except( ExceptionAddress = (ULONG_PTR) (GetExceptionInformation())->ExceptionRecord->ExceptionAddress, hr = myHEXCEPTIONCODE(), EXCEPTION_EXECUTE_HANDLER) { _PrintError(hr, "certsrvLogAlignmentFaultStatus: Exception"); } if (S_OK != hr) { ALIGNIOB(stdout); // align the stdio buffer
wprintf(L"STDIO exception: 0x%x\n", hr);
wsprintf(awcAddress, L"0x%p", ExceptionAddress); CSASSERT(wcslen(awcAddress) < ARRAYSIZE(awcAddress));
apwsz[0] = awcAddress; pwszStringErr = myGetErrorMessageText(hr, TRUE); apwsz[1] = pwszStringErr; if (NULL == pwszStringErr) { apwsz[1] = myHResultToString(awchr, hr); } cpwsz = ARRAYSIZE(apwsz);
hr2 = LogEvent( EVENTLOG_WARNING_TYPE, MSG_E_STARTUP_EXCEPTION, cpwsz, apwsz); _JumpIfError(hr2, error, "LogEvent"); }
error: if (NULL != pwszStringErr) { LocalFree(const_cast<WCHAR *>(pwszStringErr)); }}
#define MSTOSEC(ms) (((ms) + 1000 - 1)/1000)
FNLOGEXCEPTION certsrvLogException;
HRESULTcertsrvStartServer( IN BOOL fConsoleActive){ HRESULT hr; DWORD TimeStart; WCHAR awc[ARRAYSIZE(SAFEBOOT_DSREPAIR_STR_W)]; DWORD cwc; DWORD dwEventType = EVENTLOG_ERROR_TYPE; DWORD dwIdEvent = 0;
g_fStartInProgress = TRUE; DBGPRINT(( DBG_SS_CERTSRV, "StartServer(tid=%d, fConsoleActive=%u)\n", GetCurrentThreadId(), fConsoleActive)); TimeStart = GetTickCount();
if (fConsoleActive) { g_fStartAsService = FALSE; SetConsoleCtrlHandler(StopServer, TRUE); }
if (!FIsServer()) { // don't allow startup on non-server SKU
hr = HRESULT_FROM_WIN32(ERROR_OLD_WIN_VERSION); _JumpError(hr, error, "FIsServer"); }
cwc = GetEnvironmentVariable(L"SAFEBOOT_OPTION", awc, ARRAYSIZE(awc)); if (0 != cwc && ARRAYSIZE(awc) > cwc && 0 == lstrcmpi(awc, SAFEBOOT_DSREPAIR_STR_W)) { // log an error to the event log and stop immediately
dwEventType = EVENTLOG_INFORMATION_TYPE; dwIdEvent = MSG_SAFEBOOT_DETECTED;
hr = HRESULT_FROM_WIN32(ERROR_RETRY); _JumpError(hr, error, "Not starting service: booted in DSRepair mode"); } g_fAdvancedServer = FIsAdvancedServer();
if (!AuthzInitializeResourceManager( 0, CallbackAccessCheck, NULL, NULL, L"CertSrv", &g_AuthzCertSrvRM)) { hr = myHLastError(); _PrintError(hr, "AuthzInitializeResourceManager"); if (E_INVALIDARG != hr || (2 > g_fAdvancedServer && IsWhistler())) { goto error; } }
hr = CoreInit(); if (S_OK != hr) { dwIdEvent = MAXDWORD; // Error event already logged
_JumpError(hr, error, "CoreInit"); } certsrvLogAlignmentFaultStatus(); myLogExceptionInit(certsrvLogException);
hr = RPCInit(); if (S_OK != hr) { dwIdEvent = MSG_E_RPC_INIT; _JumpError(hr, error, "RPCInit"); }
hr = SetRegistryDcomConfig(fConsoleActive); if (S_OK != hr) { dwIdEvent = MSG_E_REGISTRY_DCOM; _JumpError(hr, error, "SetRegistryDcomConfig"); }
hr = CertStartClassFactories(); if (S_OK != hr) { dwIdEvent = CO_E_WRONG_SERVER_IDENTITY == hr? MSG_E_SERVER_IDENTITY : MSG_E_CLASS_FACTORIES; _JumpError(hr, error, "CertStartClassFactories"); }
{ //only perform Hash if the auditing is enabled
if(AUDIT_FILTER_STARTSTOP & g_dwAuditFilter) { CertSrv::CAuditEvent event( SE_AUDITID_CERTSRV_SERVICESTART, g_dwAuditFilter);
hr = event.AddData(g_pwszDBFileHash); // %1 database hash
g_pwszDBFileHash.Cleanup(); _JumpIfError(hr, error, "CAuditEvent::AddData"); //
// ... add code for retrieving key usage count from CSP
//
hr = event.AddData((DWORD)0); // %2 key usage count
_JumpIfError(hr, error, "CAuditEvent::AddData");
hr = event.Report(); _JumpIfError(hr, error, "CAuditEvent::Report"); } }
{ CertSrv::CAuditEvent event( SE_AUDITID_CERTSRV_ROLESEPARATIONSTATE, g_dwAuditFilter);
hr = event.AddData(CAuditEvent::RoleSeparationIsEnabled()); // %1 is role separation enabled?
_JumpIfError(hr, error, "CAuditEvent::AddData"); hr = event.Report(); _JumpIfError(hr, error, "CAuditEvent::Report"); }
if (CERTLOG_TERSE <= g_dwLogLevel) { LogEventString( EVENTLOG_INFORMATION_TYPE, MSG_I_SERVER_STARTED, g_wszCommonName); } CONSOLEPRINT1(( DBG_SS_CERTSRV, "Certification Authority Service Ready (%us) ...\n", MSTOSEC(GetTickCount() - TimeStart))); g_fStarted = TRUE; CSASSERT(S_OK == hr);
error: if (S_OK != hr) { if (MAXDWORD != dwIdEvent) { if (0 == dwIdEvent) { dwIdEvent = MSG_E_GENERIC_STARTUP_FAILRE; } LogEventStringHResult( dwEventType, dwIdEvent, g_wszCommonName, EVENTLOG_INFORMATION_TYPE == dwEventType? S_OK : hr); }
CertSrvStopServer(fConsoleActive); // returning error here results in repost to scm
}
g_fStartInProgress = FALSE; return(hr);}
VOIDcertsrvLogException( IN HRESULT hrEvent, IN EXCEPTION_POINTERS const *pep, OPTIONAL IN char const *pszFileName, IN DWORD dwFile, IN DWORD dwLine){ HRESULT hr; WCHAR awcFile[2 + 3 * cwcDWORDSPRINTF]; WCHAR awcFlags[3 + cwcDWORDSPRINTF]; WCHAR awcAddress[2 + 2 * cwcDWORDSPRINTF]; WCHAR const *apwsz[4]; WORD cpwsz; WCHAR awchr[cwcHRESULTSTRING]; WCHAR const *pwszStringErr = NULL;
wsprintf(awcFile, L"%u.%u.%u", dwFile, dwLine, MSG_E_EXCEPTION); CSASSERT(wcslen(awcFile) < ARRAYSIZE(awcFile));
wsprintf(awcFlags, L"0x%08x", pep->ExceptionRecord->ExceptionFlags); CSASSERT(wcslen(awcFlags) < ARRAYSIZE(awcFlags));
wsprintf(awcAddress, L"0x%p", pep->ExceptionRecord->ExceptionAddress); CSASSERT(wcslen(awcAddress) < ARRAYSIZE(awcAddress));
apwsz[0] = awcFile; apwsz[1] = awcAddress; apwsz[2] = awcFlags; pwszStringErr = myGetErrorMessageText(hrEvent, TRUE); apwsz[3] = pwszStringErr; if (NULL == pwszStringErr) { apwsz[3] = myHResultToString(awchr, hrEvent); } cpwsz = ARRAYSIZE(apwsz);
hr = LogEvent(EVENTLOG_ERROR_TYPE, MSG_E_EXCEPTION, cpwsz, apwsz); _JumpIfError(hr, error, "LogEvent");
error: if (NULL != pwszStringErr) { LocalFree(const_cast<WCHAR *>(pwszStringErr)); }}
DWORDCertSrvStartServerThread( IN VOID *pvArg){ HRESULT hr = S_OK; DWORD Flags = (DWORD) (ULONG_PTR) pvArg; BOOL b; ULONG_PTR ulp;
// Anatomy of startup code
// if g_fStartAsService, just registers this new thread as the main
// thread and blocks until the ServiceMain fxn returns.
// We're in a non-rpc thread; check if we need to create VRoots. I would
// have liked to have moved this into CoreInit, but we're limited in where
// we can do this (can't be calling into RPC during RPC call).
//
// If the SetupStatus SETUP_ATTEMPT_VROOT_CREATE registry flag is clear,
// this call is a nop. A separate thread is created to access the IIS
// metabase. If it hangs, it will be nuked -- after the specified timeout.
// This call returns immediately, so the only detectable error is likely
// to be a thread creation problem.
// if we're doing anything other than starting the service controller,
// check to see if the vroots need to be created.
if (0 == (Flags & CSST_STARTSERVICECONTROLLER)) { WCHAR *pwszPath = NULL; DWORD cb = sizeof(ENUM_CATYPES); DWORD dwType; ENUM_CATYPES CAType = ENUM_UNKNOWN_CA; HKEY hkey = NULL;
hr = myRegOpenRelativeKey( NULL, L"ca", RORKF_CREATESUBKEYS, &pwszPath, NULL, // ppwszName
&hkey); _PrintIfError(hr, "myRegOpenRelativeKey"); if (S_OK == hr) { DBGPRINT((DBG_SS_CERTLIBI, "%ws\n", pwszPath)); cb = sizeof(CAType); hr = RegQueryValueEx( hkey, wszREGCATYPE, NULL, &dwType, (BYTE *) &CAType, &cb); _PrintIfErrorStr(hr, "RegQueryValueEx", wszREGCATYPE); } if (pwszPath) LocalFree(pwszPath); if (hkey) RegCloseKey(hkey);
hr = myModifyVirtualRootsAndFileShares( VFF_CREATEVROOTS | // Create VRoots
VFF_CREATEFILESHARES | // Create File Shares
VFF_CHECKREGFLAGFIRST | // Skip if reg flag clear
VFF_CLEARREGFLAGFIRST, // Clear flag before attempt
CAType, TRUE, // asynch call -- don't block
VFCSEC_TIMEOUT, // wait this long before giving up
NULL, NULL); if (S_OK != hr) { LogEventHResult( EVENTLOG_INFORMATION_TYPE, MSG_E_IIS_INTEGRATION_ERROR, hr); } }
// StartServiceCtrlDispatcher should hang until certsrv terminates
if ((CSST_STARTSERVICECONTROLLER & Flags) && !StartServiceCtrlDispatcher(steDispatchTable)) { hr = myHLastError(); if (HRESULT_FROM_WIN32(ERROR_FAILED_SERVICE_CONTROLLER_CONNECT) != hr) { _JumpError(hr, error, "StartServiceCtrlDispatcher"); } CONSOLEPRINT0(( DBG_SS_CERTSRV, "CertSrv: Failed to connect to service controller -- running in standalone mode\n"));
Flags &= ~CSST_STARTSERVICECONTROLLER; Flags |= CSST_CONSOLE; }
if (0 == (CSST_STARTSERVICECONTROLLER & Flags)) { DBGPRINT(( DBG_SS_CERTSRVI, "SendMessageTimeout(tid=%d, hwnd=0x%x, msg=0x%x)\n", GetCurrentThreadId(), g_hwndMain, WM_STARTSERVER));
b = SendMessageTimeout( g_hwndMain, WM_STARTSERVER, (CSST_CONSOLE & Flags)? TRUE : FALSE, // fConsoleActive
0, SMTO_BLOCK, MAXLONG, &ulp) != 0; if (!b) { hr = myHLastError(); _JumpError(hr, error, "SendMessageTimeout"); } else if (ulp != S_OK) { hr = (HRESULT) ulp; _JumpError(hr, error, "SendMessageTimeout"); } }
if (Flags & CSST_CONSOLE) { // we're running as console, and so don't have a CRL publishing thread.
// Use this one since no one cares if it returns
// if svc, we do this in the caller of this function
CertSrvBlockThreadUntilStop(); }
error:
// on return, this thread dies
return(hr);}
VOIDUsage( IN BOOL fUsageInternal){ WCHAR awcUsage[2048];
if (LoadString(NULL, IDS_USAGE, awcUsage, ARRAYSIZE(awcUsage))) { CONSOLEPRINT1((MAXDWORD, "%ws", awcUsage)); } if (fUsageInternal) { if (LoadString(NULL, IDS_USAGE_FULL, awcUsage, ARRAYSIZE(awcUsage))) { CONSOLEPRINT1((MAXDWORD, "%ws", awcUsage)); }#if DBG_COMTEST
if (LoadString(NULL, IDS_USAGE_COMTEST, awcUsage, ARRAYSIZE(awcUsage))) { CONSOLEPRINT1((MAXDWORD, "%ws", awcUsage)); }#endif
}}
intArgvParseCommandLine( IN int argc, IN WCHAR *argv[]){ HRESULT hr;
myVerifyResourceStrings(g_hInstApp);
hr = E_INVALIDARG; while (1 < argc && (L'-' == argv[1][0] || L'/' == argv[1][0])) { WCHAR *pwsz = argv[1]; BOOL fUsage = FALSE; BOOL fUsageInternal = FALSE;
while (*++pwsz != L'\0') { switch (*pwsz) {#if DBG_COMTEST
case L'C': case L'c': fComTest = TRUE; break;#endif
case L'N': case L'n': g_fCreateDB = TRUE; break;
case L'Z': case L'z': g_fStartAsService = FALSE; break;
case L'S': case L's': g_fCryptSilent = TRUE; break;
case L'?': case L'u': fUsage = TRUE; if (0 == lstrcmp(pwsz, L"uSAGE")) { fUsageInternal = TRUE; } // FALLTHROUGH
default: Usage(fUsageInternal); if (fUsage) { goto error; } _JumpError(hr, error, "bad command line option"); } } argc--; argv++; } if (argc != 1) { Usage(FALSE); _JumpError(hr, error, "extra args"); } hr = S_OK;
error: return(hr);}
typedef int (FNARGVMAIN)( IN int argc, IN WCHAR *argv[]);
//+------------------------------------------------------------------------
// FUNCTION: CertArgvMainDispatch
//
// NOTES: Takes a WCHAR * command line and chews it up into argc/argv
// form so it can be passed on to a traditional C-style main.
//-------------------------------------------------------------------------
intCertArgvMainDispatch( IN FNARGVMAIN *pfnMain, IN WCHAR *pwszAppName, IN WCHAR const *pwszCmdLine){ WCHAR buf[MAX_PATH]; WCHAR *apwszArg[20]; int cArg = 0; LPWSTR p = buf; WCHAR wcEnd;
apwszArg[cArg++] = pwszAppName; while (*pwszCmdLine != L'\0') { while (*pwszCmdLine == L' ') { pwszCmdLine++; } if (*pwszCmdLine != L'\0') { wcEnd = L' '; if (*pwszCmdLine == L'"') { wcEnd = *pwszCmdLine++; } apwszArg[cArg++] = p; while (*pwszCmdLine != L'\0' && *pwszCmdLine != wcEnd) { *p++ = *pwszCmdLine++; } *p++ = L'\0'; if (*pwszCmdLine != L'\0') { pwszCmdLine++; // skip blank or quote character
} } } apwszArg[cArg] = NULL;
return((*pfnMain)(cArg, apwszArg));}
//+------------------------------------------------------------------------
// FUNCTION: MainWndProc(...)
//-------------------------------------------------------------------------
LRESULT APIENTRYMainWndProc( IN HWND hWnd, IN UINT msg, IN WPARAM wParam, IN LPARAM lParam){ WCHAR *pwszCmdLine; HRESULT hr; LPARAM lRet = 0; DBGPRINT(( DBG_SS_CERTSRVI, "MainWndProc(tid=%d) msg=0x%x, wp=0x%x, lp=0x%x\n", GetCurrentThreadId(), msg, wParam, lParam)); switch (msg) { case WM_CREATE: case WM_SIZE: break; case WM_DESTROY: if (!g_fStartAsService) PostQuitMessage(S_OK); break;
case WM_ENDSESSION: // only stop on a real shutdown,
// never look at this msg if running as svc
if (g_fStartAsService || (0 == wParam) || (0 != lParam)) { break; } // fall through
case WM_STOPSERVER: lRet = CertSrvStopServer(!g_fStartAsService);
break; case WM_SYNC_CLOSING_THREADS: hr = (HRESULT) lParam; // sync: wait for SCM to return control to exiting CertSrvStartServerThread
if (WAIT_OBJECT_0 != WaitForSingleObject(g_hServiceThread, 10 * 1000)) { hr = WAIT_TIMEOUT; } PostQuitMessage(hr); break; case WM_STARTSERVER: hr = CoInitializeEx(NULL, GetCertsrvComThreadingModel()); if (S_FALSE == hr) { hr = S_OK; } if (S_OK != hr) { LogEventString( EVENTLOG_ERROR_TYPE, MSG_E_OLE_INIT_FAILED, NULL); _PrintError(hr, "CoInitializeEx"); } else { hr = certsrvStartServer((BOOL) wParam); _PrintIfError(hr, "certsrvStartServer"); }
if (S_OK != hr) { if ((BOOL) wParam) // fConsoleActive
{ PostQuitMessage(hr); } lRet = hr; // set this so caller knows we failed
} break; case WM_SUSPENDSERVER: break; case WM_RESTARTSERVER: break;
default: lRet = DefWindowProc(hWnd, msg, wParam, lParam); } return(lRet);}
/*
Complete anatomy of certificate server startup/shutdown
WinMain():||g_hSvcThread = CreateThread(CertSrvStartServerThread(SVC_CONTROLLER))| ||[MessageLoop \| processing CertSrvStartServerThread(SVC_CONTROLLER):| until |StartSvcCtrlDispatcher(ServiceMain)| WM_QUIT] ||ServiceMain:| ||RegisterSvcCtrlHandler(ServiceControlHandler())| ||hStartThread = CreateThread(CertSrvStartServerThread(0))| || || || \ | || CertSrvStartServerThread(0):| || |SendMessage(WM_STARTSERVER)| || \return // CertSrvStartServerThread(0)
| || (Thread Terminates)| ||WaitForSingleObject(hStartThread), pinging SCM| ||CertSrvBlockThreadUntilStop()| |||WaitForSingleObject(g_hSvcStoppingEvent) ***steady state***| ||\return // CertSrvBlockThreadUntilStop()
| ||WaitForSingleObject(g_hSvcStoppedEvent), pinging SCM| ||PostMessage(WM_SYNC_CLOSING_THREADS)| |\return // StartSvcCtrlDispatcher(ServiceMain)
| \return // CertSrvStartServerThread(SVC_CONTROLLER)
| (Thread Terminates)| WM_QUIT:\ return (Process Terminates)
ServiceControlHandler special functions:SERVICE_CONTROL_STOP:|PostMessage(WM_STOPSERVER)\break
MessageLoop special functions:
WM_SYNC_CLOSING_THREADS:|WaitForSingleObject(g_hSvcThread)|PostQuitMessage() // WM_QUIT to msgloop
\break
WM_STOPSERVER:|CertSrvStopServer():|| Signal(g_hServiceStoppingEvent)|| Signal(g_hServiceStoppedEvent)|\ return // CertSrvStopServer()
\break
*/
//+------------------------------------------------------------------------
// Function: wWinMain()
//
// Synopsis: Entry Point
//
// Arguments: [hInstance] -- Instance handle
// [hPrevInstance] -- Obsolete
// [lpCmdLine] -- App command line
// [nCmdShow] -- Starting show state
//-------------------------------------------------------------------------
extern "C" int APIENTRYwWinMain( IN HINSTANCE hInstance, IN HINSTANCE hPrevInstance, IN LPWSTR lpCmdLine, IN int nCmdShow){ MSG msg; WNDCLASSEX wcApp; ATOM atomClass; HRESULT hr; BOOL fCoInit = FALSE; WCHAR awchr[cwcHRESULTSTRING]; WCHAR const *pwszMsgAlloc; WCHAR const *pwszMsg;#if DBG_CERTSRV
WCHAR *pwszThreadModel = NULL;#endif
_setmode(_fileno(stdout), _O_TEXT); _wsetlocale(LC_ALL, L".OCP");
DBGPRINTINIT("+certsrv.log"); DBGPRINT((DBG_SS_CERTSRVI, "Main Thread = %x\n", GetCurrentThreadId()));
g_dwDelay0 = GetRegistryDwordValue(L"Delay0"); g_dwDelay1 = GetRegistryDwordValue(L"Delay1"); g_dwDelay2 = GetRegistryDwordValue(L"Delay2");
if (0 != g_dwDelay0) { DBGPRINT(( DBG_SS_CERTSRV, "wWinMain(0): sleeping %u seconds\n", g_dwDelay0)); Sleep(1000 * g_dwDelay0); }
// Save the current instance
g_hInstApp = hInstance; ZeroMemory(&wcApp, sizeof(wcApp));
// Set up the application's window class
wcApp.cbSize = sizeof(wcApp); wcApp.lpfnWndProc = MainWndProc; wcApp.hInstance = hInstance; wcApp.hIcon = LoadIcon(NULL, IDI_APPLICATION); wcApp.hCursor = LoadCursor(NULL, IDC_ARROW); wcApp.hbrBackground = NULL; // try to not pull in GDI32
wcApp.lpszClassName = g_wszAppName;
atomClass = RegisterClassEx(&wcApp); if (!atomClass) { hr = myHLastError(); _JumpError(hr, error, "RegisterClassEx"); }
// Create Main Window
g_hwndMain = CreateWindowEx( 0, // dwExStyle
(WCHAR const *) atomClass, // lpClassName
L"Certification Authority",// lpWindowName
WS_OVERLAPPEDWINDOW, // dwStyle
//0, // dwStyle
CW_USEDEFAULT, // x
CW_USEDEFAULT, // y
CW_USEDEFAULT, // nWidth
CW_USEDEFAULT, // nHeight
NULL, // hWndParent
NULL, // hMenu
hInstance, // hInstance
NULL); // lpParam
if (NULL == g_hwndMain) { hr = myHLastError(); _JumpError(hr, error, "CreateWindowEx"); } DBGPRINT((DBG_SS_CERTSRVI, "Main Window = %x\n", g_hwndMain));
// Make window visible
// ShowWindow(g_hwndMain,nCmdShow);
hr = CertArgvMainDispatch(ArgvParseCommandLine, g_wszAppName, lpCmdLine); _JumpIfError2(hr, error, "CertArgvMainDispatch", E_INVALIDARG);
// Update window client area
// UpdateWindow(g_hwndMain);
if (0 != g_dwDelay1) { DBGPRINT(( DBG_SS_CERTSRV, "wWinMain(1): sleeping %u seconds\n", g_dwDelay1)); Sleep(1000 * g_dwDelay1); }
hr = CoInitializeEx(NULL, GetCertsrvComThreadingModel()); if (S_OK != hr && S_FALSE != hr) { LogEventStringHResult( EVENTLOG_ERROR_TYPE, MSG_E_CO_INITIALIZE, g_wszCommonName, hr); _JumpError(hr, error, "CoInitializeEx"); } fCoInit = TRUE;
g_hServiceStoppingEvent = CreateEvent(NULL, TRUE, FALSE, NULL); if (NULL == g_hServiceStoppingEvent) { hr = myHLastError(); _JumpError(hr, error, "CreateEvent"); } g_hServiceStoppedEvent = CreateEvent(NULL, TRUE, FALSE, NULL); if (NULL == g_hServiceStoppedEvent) { hr = myHLastError(); _JumpError(hr, error, "CreateEvent"); } g_hCRLManualPublishEvent = CreateEvent(NULL, TRUE, FALSE, NULL); if (NULL == g_hCRLManualPublishEvent) { hr = myHLastError(); _JumpError(hr, error, "CreateEvent"); } g_hShutdownEvent = CreateEvent(NULL, TRUE, FALSE, NULL); if (NULL == g_hShutdownEvent) { hr = myHLastError(); _JumpError(hr, error, "CreateEvent"); } __try { InitializeCriticalSection(&g_ShutdownCriticalSection); g_fShutdownCritSec = TRUE; hr = S_OK; } __except(hr = myHEXCEPTIONCODE(), EXCEPTION_EXECUTE_HANDLER) { } _JumpIfError(hr, error, "InitializeCriticalSection");
g_hServiceThread = CreateThread( NULL, // lpThreadAttributes (Security Attr)
0, // dwStackSize
CertSrvStartServerThread, (VOID *) UlongToPtr((g_fStartAsService ? CSST_STARTSERVICECONTROLLER : CSST_CONSOLE)), // lpParameter
0, // dwCreationFlags
&g_ServiceThreadId); if (NULL == g_hServiceThread) { hr = myHLastError(); LogEventStringHResult( EVENTLOG_ERROR_TYPE, MSG_E_SERVICE_THREAD, g_wszCommonName, hr); _JumpError(hr, error, "CreateThread"); } DBGPRINT((DBG_SS_CERTSRVI, "Service Thread = %x\n", g_ServiceThreadId));
// Message Loop
while (TRUE) { BOOL b;
b = GetMessage(&msg, NULL, 0, 0); if (!b) { hr = (HRESULT)msg.wParam; _JumpIfError(hr, error, "WM_QUIT"); break; } if (-1 == (LONG) b) { hr = myHLastError(); _JumpError(hr, error, "GetMessage"); } DBGPRINT(( DBG_SS_CERTSRVI, "DispatchMessage(tid=%d) msg=0x%x, wp=0x%x, lp=0x%x\n", GetCurrentThreadId(), msg.message, msg.wParam, msg.lParam)); DispatchMessage(&msg); }
error: if (fCoInit) { CoUninitialize(); } if (g_fShutdownCritSec) { DeleteCriticalSection(&g_ShutdownCriticalSection); g_fShutdownCritSec = FALSE; } if (NULL != g_hShutdownEvent) { CloseHandle(g_hShutdownEvent); } if (NULL != g_hServiceThread) { CloseHandle(g_hServiceThread); } if (NULL != g_hServiceStoppingEvent) { CloseHandle(g_hServiceStoppingEvent); } if (NULL != g_hServiceStoppedEvent) { CloseHandle(g_hServiceStoppedEvent); } if (NULL != g_hCRLManualPublishEvent) { CloseHandle(g_hCRLManualPublishEvent); } CAuditEvent::CleanupAuditEventTypeHandles();
pwszMsgAlloc = NULL; pwszMsg = L"S_OK"; if (S_OK != hr) { pwszMsgAlloc = myGetErrorMessageText(hr, TRUE); if (NULL != pwszMsgAlloc) { pwszMsg = pwszMsgAlloc; } else { pwszMsg = myHResultToString(awchr, hr); } } CONSOLEPRINT1((DBG_SS_CERTSRV, "Exit Status = %ws\n", pwszMsg)); if (NULL != pwszMsgAlloc) { LocalFree(const_cast<WCHAR *>(pwszMsgAlloc)); } myFreeResourceStrings("certsrv.exe"); myFreeColumnDisplayNames(); myRegisterMemDump(); return(hr);}
|
