archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7 Commits
1 Branch
0 Tags
2.0 GiB
Tree: 1b390dddff
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '1b390dddff'
${ noResults }
windows-xp/Source/XPSP1/NT/ds/security/services/ca/ocmsetup/unattend.cpp

1146 lines
36 KiB
Raw Normal View History

Add source files
4 years ago
  1. //+-------------------------------------------------------------------------
  2. //
  3. // Microsoft Windows
  4. //
  5. // Copyright (C) Microsoft Corporation, 1998 - 1999
  6. //
  7. // File: unattend.cpp
  8. //
  9. // Contents: handling unattended attributes
  10. //
  11. // History: 8/97 XTan
  12. //
  13. //----------------------------------------------------------------------------
  15. #include "pch.cpp"
  16. #pragma hdrstop
  18. // includes
  19. #include <assert.h>
  21. #include "cscsp.h"
  22. #include "certmsg.h"
  23. #include "usecert.h"
  24. #include "dssetup.h"
  25. #include "wizpage.h"
  27. //defines
  29. #define __dwFILE__ __dwFILE_OCMSETUP_UNATTEND_CPP__
  31. #define wszCOMPONENTS L"Components"
  33. #define wszAttrCAMACHINE L"camachine" //L"CAMachine"
  34. #define wszAttrCANAME L"caname" //L"CAName"
  35. #define wszAttrPARENTCAMACHINE L"parentcamachine" //L"ParentCAMachine"
  36. #define wszAttrPARENTCANAME L"parentcaname" //L"ParentCAName"
  38. #define wszAttrCATYPE L"catype" //L"CAType"
  39. #define wszAttrNAME L"name" //L"Name"
  40. #define wszAttrCADISTINGUISHEDNAME L"cadistinguishedname" //L"CADistinguishedName"
  41. #define wszAttrORGANIZATION L"organization" //L"Organization" // dead
  42. #define wszAttrORGANIZATIONUNIT L"organizationalunit" //L"OrganizationalUnit" // dead
  43. #define wszAttrLOCALITY L"locality" //L"Locality" // dead
  44. #define wszAttrSTATE L"state" //L"State" // dead
  45. #define wszAttrCOUNTRY L"country" //L"Country" // dead
  46. #define wszAttrDESCRIPTION L"description" //L"Description" // dead
  47. #define wszAttrEMAIL L"email" //L"Email" // dead
  48. #define wszAttrVALIDITYPERIODSTRING L"validityperiod" //L"ValidityPeriod"
  49. #define wszAttrVALIDITYPERIODCOUNT L"validityperiodunits" //L"ValidityPeriodUnits"
  50. #define wszAttrSHAREDFOLDER L"sharedfolder" //L"SharedFolder"
  51. #define wszAttrREQUESTFILE L"requestfile" //L"RequestFile"
  52. #define wszAttrCSPPROVIDER L"cspprovider" //L"CSPProvider"
  53. #define wszAttrHASHALGORITHM L"hashalgorithm" //L"HashAlgorithm"
  54. #define wszAttrKEYLENGTH L"keylength" //L"KeyLength"
  55. #define wszAttrEXISTINGKEY L"existingkey" //L"ExistingKey"
  56. #define wszAttrUSEEXISTINGCERT L"useexistingcert" //L"UseExistingCert"
  57. #define wszAttrPRESERVEDB L"preservedb" //L"PreserveDB"
  58. #define wszAttrDBDIR L"dbdir" //L"DBDir"
  59. #define wszAttrLOGDIR L"logdir" //L"LogDir"
  60. #define wszAttrINTERACTIVESERVICE L"interactive" //L"Interactive"
  62. #define wszValueENTERPRISEROOT L"enterpriseroot"
  63. #define wszValueENTERPRISESUBORDINATE L"enterprisesubordinate"
  64. #define wszValueSTANDALONEROOT L"standaloneroot"
  65. #define wszValueSTANDALONESUBORDINATE L"standalonesubordinate"
  66. #define wszValueYES L"yes"
  67. #define wszValueNO L"no"
  68. #define wszValueSHA1 L"sha1"
  69. #define wszValueMD2 L"md2"
  70. #define wszValueMD4 L"md4"
  71. #define wszValueMD5 L"md5"
  73. //typedefs
  75. // globals
  77. UNATTENDPARM aUnattendParmClient[] =
  78. {
  79. { wszAttrCAMACHINE, NULL/*pClient->pwszWebCAMachine*/ },
  80. { wszAttrCANAME, NULL/*pClient->pwszWebCAName*/ },
  81. // add more code in HookUnattendedClientAttributes if you add
  82. { NULL, NULL/*end*/ },
  83. };
  86. UNATTENDPARM aUnattendParmServer[] =
  87. {
  88. { wszAttrCATYPE, NULL/*pServer->pwszCAType*/ },
  89. { wszAttrNAME, NULL/*pServer->pwszCACommonName*/ },
  90. { wszAttrCADISTINGUISHEDNAME,NULL/*pServer->pwszCADistinguishedName*/ },
  92. /* dead params
  93. { wszAttrORGANIZATION, NULL },
  94. { wszAttrORGANIZATIONUNIT, NULL },
  95. { wszAttrLOCALITY, NULL },
  96. { wszAttrSTATE, NULL },
  97. { wszAttrCOUNTRY, NULL },
  98. { wszAttrDESCRIPTION, NULL },
  99. { wszAttrEMAIL, NULL },*/
  101. { wszAttrVALIDITYPERIODCOUNT, NULL/*pServer->pwszValidityPeriodCount*/ },
  102. { wszAttrVALIDITYPERIODSTRING, NULL/*pServer->pwszValidityPeriodString*/ },
  103. { wszAttrSHAREDFOLDER, NULL/*pServer->pwszSharedFolder*/ },
  104. { wszAttrREQUESTFILE, NULL/*pServer->pwszRequestFile*/ },
  105. { wszAttrCSPPROVIDER, NULL/*pServer->pwszProvName*/ },
  106. { wszAttrHASHALGORITHM, NULL/*pServer->pwszHashAlgorithm*/ },
  107. { wszAttrKEYLENGTH, NULL/*pServer->pwszKeyLength*/ },
  108. { wszAttrEXISTINGKEY, NULL/*pServer->pwszKeyContainerName*/ },
  109. { wszAttrUSEEXISTINGCERT, NULL/*pServer->pwszUseExistingCert*/ },
  110. { wszAttrPRESERVEDB, NULL/*pServer->pwszPreserveDB*/ },
  111. { wszAttrPARENTCAMACHINE, NULL/*pServer->pwszParentCAMachine*/ },
  112. { wszAttrPARENTCANAME, NULL/*pServer->pwszParentCAName*/ },
  113. { wszAttrDBDIR, NULL/*pServer->pwszDBDirectory*/ },
  114. { wszAttrLOGDIR, NULL/*pServer->pwszLogDirectory*/ },
  115. { wszAttrINTERACTIVESERVICE, NULL/*pServer->pwszInteractiveService*/ },
  116. // add more code in HookUnattendedServerAttributes if you add
  117. { NULL, NULL/*end*/ },
  118. };
  121. HRESULT
  122. HookUnattendedClientAttributes(
  123. IN OUT PER_COMPONENT_DATA *pComp,
  124. IN OUT const SUBCOMP *pClientComp)
  125. {
  126. HRESULT hr;
  127. DWORD i;
  128. CAWEBCLIENTSETUPINFO *pClient = pComp->CA.pClient;
  130. for (i = 0; NULL != pClientComp->aUnattendParm[i].pwszName; ++i)
  131. {
  132. if (0 == lstrcmpi( wszAttrCAMACHINE,
  133. pClientComp->aUnattendParm[i].pwszName) )
  134. {
  135. pClientComp->aUnattendParm[i].ppwszValue =
  136. &pClient->pwszWebCAMachine;
  137. }
  138. else if (0 == lstrcmpi( wszAttrCANAME,
  139. pClientComp->aUnattendParm[i].pwszName) )
  140. {
  141. pClientComp->aUnattendParm[i].ppwszValue =
  142. &pClient->pwszWebCAName;
  143. }
  144. else
  145. {
  146. hr = E_INVALIDARG;
  147. _JumpError(hr, error, "Internal error, incorrect attr.");
  148. }
  149. }
  151. hr = S_OK;
  152. error:
  153. return hr;
  154. }
  156. HRESULT
  157. HookUnattendedServerAttributes(
  158. IN OUT PER_COMPONENT_DATA *pComp,
  159. IN OUT const SUBCOMP *pServerComp)
  160. {
  161. HRESULT hr;
  162. DWORD i;
  163. CASERVERSETUPINFO *pServer = (pComp->CA).pServer;
  165. for (i = 0; NULL != pServerComp->aUnattendParm[i].pwszName; ++i)
  166. {
  167. if (0 == lstrcmpi( wszAttrCATYPE,
  168. pServerComp->aUnattendParm[i].pwszName) )
  169. {
  170. pServerComp->aUnattendParm[i].ppwszValue =
  171. &pServer->pwszCAType;
  172. }
  173. else if (0 == lstrcmpi( wszAttrNAME,
  174. pServerComp->aUnattendParm[i].pwszName) )
  175. {
  176. pServerComp->aUnattendParm[i].ppwszValue =
  177. &pServer->pwszCACommonName;
  178. }
  179. else if (0 == lstrcmpi( wszAttrCADISTINGUISHEDNAME,
  180. pServerComp->aUnattendParm[i].pwszName) )
  181. {
  182. pServerComp->aUnattendParm[i].ppwszValue =
  183. &pServer->pwszFullCADN;
  184. }
  185. else if (0 == lstrcmpi( wszAttrORGANIZATION,
  186. pServerComp->aUnattendParm[i].pwszName) )
  187. {
  188. // dead
  189. }
  190. else if (0 == lstrcmpi( wszAttrORGANIZATIONUNIT,
  191. pServerComp->aUnattendParm[i].pwszName) )
  192. {
  193. // dead
  194. }
  195. else if (0 == lstrcmpi( wszAttrLOCALITY,
  196. pServerComp->aUnattendParm[i].pwszName) )
  197. {
  198. // dead
  199. }
  200. else if (0 == lstrcmpi( wszAttrSTATE,
  201. pServerComp->aUnattendParm[i].pwszName) )
  202. {
  203. // dead
  204. }
  205. else if (0 == lstrcmpi( wszAttrCOUNTRY,
  206. pServerComp->aUnattendParm[i].pwszName) )
  207. {
  208. // dead
  209. }
  210. else if (0 == lstrcmpi( wszAttrDESCRIPTION,
  211. pServerComp->aUnattendParm[i].pwszName) )
  212. {
  213. // dead
  214. }
  215. else if (0 == lstrcmpi( wszAttrEMAIL,
  216. pServerComp->aUnattendParm[i].pwszName) )
  217. {
  218. // dead
  219. }
  220. else if (0 == lstrcmpi( wszAttrVALIDITYPERIODCOUNT,
  221. pServerComp->aUnattendParm[i].pwszName) )
  222. {
  223. pServerComp->aUnattendParm[i].ppwszValue =
  224. &pServer->pwszValidityPeriodCount;
  225. }
  226. else if (0 == lstrcmpi( wszAttrVALIDITYPERIODSTRING,
  227. pServerComp->aUnattendParm[i].pwszName) )
  228. {
  229. pServerComp->aUnattendParm[i].ppwszValue =
  230. &pServer->pwszValidityPeriodString;
  231. }
  232. else if (0 == lstrcmpi( wszAttrSHAREDFOLDER,
  233. pServerComp->aUnattendParm[i].pwszName) )
  234. {
  235. pServerComp->aUnattendParm[i].ppwszValue =
  236. &pServer->pwszSharedFolder;
  237. }
  238. else if (0 == lstrcmpi( wszAttrREQUESTFILE,
  239. pServerComp->aUnattendParm[i].pwszName) )
  240. {
  241. pServerComp->aUnattendParm[i].ppwszValue =
  242. &pServer->pwszRequestFile;
  243. }
  244. else if (0 == lstrcmpi( wszAttrCSPPROVIDER,
  245. pServerComp->aUnattendParm[i].pwszName) )
  246. {
  247. pServerComp->aUnattendParm[i].ppwszValue =
  248. &pServer->pCSPInfo->pwszProvName;
  249. }
  250. else if (0 == lstrcmpi( wszAttrHASHALGORITHM,
  251. pServerComp->aUnattendParm[i].pwszName) )
  252. {
  253. pServerComp->aUnattendParm[i].ppwszValue =
  254. &pServer->pwszHashAlgorithm;
  255. }
  256. else if (0 == lstrcmpi( wszAttrKEYLENGTH,
  257. pServerComp->aUnattendParm[i].pwszName) )
  258. {
  259. pServerComp->aUnattendParm[i].ppwszValue =
  260. &pServer->pwszKeyLength;
  261. }
  262. else if (0 == lstrcmpi( wszAttrEXISTINGKEY,
  263. pServerComp->aUnattendParm[i].pwszName) )
  264. {
  265. pServerComp->aUnattendParm[i].ppwszValue =
  266. &pServer->pwszKeyContainerName;
  267. }
  268. else if (0 == lstrcmpi( wszAttrUSEEXISTINGCERT,
  269. pServerComp->aUnattendParm[i].pwszName) )
  270. {
  271. pServerComp->aUnattendParm[i].ppwszValue =
  272. &pServer->pwszUseExistingCert;
  273. }
  274. else if (0 == lstrcmpi( wszAttrPRESERVEDB,
  275. pServerComp->aUnattendParm[i].pwszName) )
  276. {
  277. pServerComp->aUnattendParm[i].ppwszValue =
  278. &pServer->pwszPreserveDB;
  279. }
  280. else if (0 == lstrcmpi( wszAttrPARENTCAMACHINE,
  281. pServerComp->aUnattendParm[i].pwszName) )
  282. {
  283. pServerComp->aUnattendParm[i].ppwszValue =
  284. &pServer->pwszParentCAMachine;
  285. }
  286. else if (0 == lstrcmpi( wszAttrPARENTCANAME,
  287. pServerComp->aUnattendParm[i].pwszName) )
  288. {
  289. pServerComp->aUnattendParm[i].ppwszValue =
  290. &pServer->pwszParentCAName;
  291. }
  292. else if (0 == lstrcmpi( wszAttrDBDIR,
  293. pServerComp->aUnattendParm[i].pwszName) )
  294. {
  295. pServerComp->aUnattendParm[i].ppwszValue =
  296. &pServer->pwszDBDirectory;
  297. }
  298. else if (0 == lstrcmpi( wszAttrLOGDIR,
  299. pServerComp->aUnattendParm[i].pwszName) )
  300. {
  301. pServerComp->aUnattendParm[i].ppwszValue =
  302. &pServer->pwszLogDirectory;
  303. }
  304. else if (0 == lstrcmpi( wszAttrINTERACTIVESERVICE,
  305. pServerComp->aUnattendParm[i].pwszName) )
  306. {
  307. pServerComp->aUnattendParm[i].ppwszValue =
  308. &pServer->pwszInteractiveService;
  309. }
  310. else
  311. {
  312. hr = E_INVALIDARG;
  313. _JumpError(hr, error, "Internal error, incorrect attr.");
  314. }
  315. }
  317. hr = S_OK;
  318. error:
  319. return hr;
  320. }
  323. HRESULT
  324. certocmRetrieveUnattendedText(
  325. IN WCHAR const *pwszComponent,
  326. IN WCHAR const *pwszSubComponent,
  327. IN PER_COMPONENT_DATA *pComp)
  328. {
  329. HRESULT hr;
  330. SUBCOMP *psc;
  331. WCHAR *pwsz = NULL;
  332. WCHAR *pwszLoad;
  333. HANDLE hUnattendedFile = (*pComp->HelperRoutines.GetInfHandle)(
  334. INFINDEX_UNATTENDED,
  335. pComp->HelperRoutines.OcManagerContext);
  337. psc = TranslateSubComponent(pwszComponent, pwszSubComponent);
  338. if (NULL == psc)
  339. {
  340. hr = E_INVALIDARG;
  341. _JumpError(hr, error, "Internal error, unsupported component");
  342. }
  344. psc->fInstallUnattend = FALSE;
  346. hr = certocmReadInfString(
  347. hUnattendedFile,
  348. pComp->pwszUnattendedFile,
  349. wszCOMPONENTS,
  350. pwszSubComponent,
  351. &pwsz);
  352. CSILOG(hr, IDS_LOG_UNATTENDED_ATTRIBUTE, pwszSubComponent, pwsz, NULL);
  353. _JumpIfError(hr, error, "certocmReadInfString");
  355. if (0 == lstrcmpi(pwsz, L"DEFAULT"))
  356. {
  357. psc->fInstallUnattend = psc->fDefaultInstallUnattend;
  358. }
  359. else
  360. {
  361. psc->fInstallUnattend = 0 == lstrcmpi(pwsz, L"ON");
  362. }
  364. if (psc->fInstallUnattend)
  365. {
  366. DWORD i;
  368. for (i = 0; NULL != psc->aUnattendParm[i].pwszName; i++)
  369. {
  370. pwszLoad = NULL;
  371. hr = certocmReadInfString(
  372. hUnattendedFile,
  373. pComp->pwszUnattendedFile,
  374. psc->pwszSubComponent,
  375. psc->aUnattendParm[i].pwszName,
  376. &pwszLoad);
  377. if (S_OK != hr || NULL == pwszLoad)
  378. {
  379. // allow missing attributes
  380. _PrintErrorStr(
  381. hr,
  382. "Ignoring certocmReadInfString",
  383. psc->aUnattendParm[i].pwszName);
  384. continue;
  385. }
  387. if (0x0 == pwszLoad[0])
  388. {
  389. // if a attribute is given as empty, put it in log
  390. CSILOG(
  391. hr,
  392. IDS_LOG_EMPTY_UNATTENDED_ATTRIBUTE,
  393. psc->aUnattendParm[i].pwszName,
  394. NULL,
  395. NULL);
  397. // continue to take default
  398. LocalFree(pwszLoad);
  399. continue;
  400. }
  402. if (NULL != psc->aUnattendParm[i].ppwszValue &&
  403. NULL != *(psc->aUnattendParm[i].ppwszValue) )
  404. {
  405. // free old or default attributes
  406. LocalFree(*(psc->aUnattendParm[i].ppwszValue));
  407. }
  408. // get new
  409. *(psc->aUnattendParm[i].ppwszValue) = pwszLoad;
  411. CSILOG(
  412. S_OK,
  413. IDS_LOG_UNATTENDED_ATTRIBUTE,
  414. psc->aUnattendParm[i].pwszName,
  415. pwszLoad,
  416. NULL);
  417. }
  418. }
  420. hr = S_OK;
  421. error:
  422. if (NULL != pwsz)
  423. {
  424. LocalFree(pwsz);
  425. }
  426. return hr;
  427. }
  429. HRESULT BuildDistinguishedName(
  430. LPCWSTR pcwszCN,
  431. LPWSTR *ppwszDN)
  432. {
  433. HRESULT hr = S_OK;
  434. LPWSTR pwszDN = NULL;
  435. LPWSTR pwszMachineDN = NULL;
  436. LPCWSTR pcwszCNEqual = L"CN=";
  437. DWORD dwLen = 0;
  439. CSASSERT(pcwszCN);
  440. CSASSERT(ppwszDN);
  442. myGetComputerObjectName(NameFullyQualifiedDN, &pwszMachineDN);
  443. //ignore failure
  445. dwLen = wcslen(pcwszCNEqual)+wcslen(pcwszCN)+1;
  446. if(pwszMachineDN)
  447. {
  448. dwLen += wcslen(pwszMachineDN)+1; // add 1 for comma
  449. }
  450. dwLen *= sizeof(WCHAR);
  452. pwszDN = (LPWSTR)LocalAlloc(LMEM_FIXED, dwLen);
  453. _JumpIfAllocFailed(pwszDN, error);
  455. wcscpy(pwszDN, pcwszCNEqual);
  456. wcscat(pwszDN, pcwszCN);
  458. if (pwszMachineDN)
  459. {
  460. _wcsupr(pwszMachineDN);
  462. WCHAR *pwszFirstDCComponent = wcsstr(pwszMachineDN, L"DC=");
  463. if (pwszFirstDCComponent != NULL)
  464. {
  465. wcscat(pwszDN, L",");
  466. wcscat(pwszDN, pwszFirstDCComponent);
  467. }
  468. }
  470. *ppwszDN = pwszDN;
  472. error:
  474. LOCAL_FREE(pwszMachineDN);
  475. return hr;
  476. }
  478. HRESULT
  479. PrepareServerUnattendedAttributes(
  480. HWND hwnd,
  481. PER_COMPONENT_DATA *pComp,
  482. SUBCOMP *psc)
  483. {
  484. HRESULT hr;
  485. CASERVERSETUPINFO *pServer = (pComp->CA).pServer;
  486. BOOL fUpdateAlg = FALSE;
  487. BOOL fCoInit = FALSE;
  488. BOOL fNotContinue = FALSE;
  489. BOOL fValidDigitString;
  491. WCHAR *pwszConfig = NULL;
  493. // determine CA type
  494. if (NULL != pServer->pwszCAType)
  495. {
  496. // case insensitive
  497. if (0 == lstrcmpi(wszValueENTERPRISEROOT, pServer->pwszCAType))
  498. {
  499. pServer->CAType = ENUM_ENTERPRISE_ROOTCA;
  500. }
  501. else if (0 == lstrcmpi(wszValueENTERPRISESUBORDINATE, pServer->pwszCAType))
  502. {
  503. pServer->CAType = ENUM_ENTERPRISE_SUBCA;
  504. }
  505. else if (0 == lstrcmpi(wszValueSTANDALONEROOT, pServer->pwszCAType))
  506. {
  507. pServer->CAType = ENUM_STANDALONE_ROOTCA;
  508. }
  509. else if (0 == lstrcmpi(wszValueSTANDALONESUBORDINATE, pServer->pwszCAType))
  510. {
  511. pServer->CAType = ENUM_STANDALONE_SUBCA;
  512. }
  513. else
  514. {
  515. // unknown ca type in unattended file
  516. hr = E_INVALIDARG;
  517. CSILOG(hr, IDS_LOG_BAD_CATYPE, pServer->pwszCAType, NULL, NULL);
  518. _JumpError(hr, error, "unknown ca type in unattended file");
  519. }
  520. }
  522. // determine if ca type and DS combination is legal
  523. if (IsEnterpriseCA(pServer->CAType))
  524. {
  525. // enterprise cas require DS
  526. if (!pServer->fUseDS)
  527. {
  528. // no ds, let it failure
  529. hr = E_INVALIDARG;
  530. CSILOG(hr, IDS_LOG_ENTERPRISE_NO_DS, NULL, NULL, NULL);
  531. _JumpError(hr, error, "No DS is available for enterprise CA. Either select standalone or install DS first");
  532. }
  533. }
  535. // build full CA DN
  537. if(EmptyString(pServer->pwszCACommonName))
  538. {
  539. hr = E_INVALIDARG;
  540. CSILOG(hr, IDS_LOG_CA_NAME_REQUIRED, NULL, NULL, NULL);
  541. _JumpError(hr, error, "CA name not specified");
  542. }
  544. if(!EmptyString(pServer->pwszFullCADN))
  545. {
  546. LPWSTR pwszTempFullName;
  547. hr = BuildFullDN(
  548. pServer->pwszCACommonName,
  549. pServer->pwszFullCADN,
  550. &pwszTempFullName);
  551. _JumpIfError(hr, error, "BuildFullDN");
  553. LocalFree(pServer->pwszFullCADN);
  554. pServer->pwszFullCADN = pwszTempFullName;
  555. }
  556. else
  557. {
  558. hr = BuildDistinguishedName(
  559. pServer->pwszCACommonName,
  560. &pServer->pwszFullCADN);
  561. _JumpIfError(hr, error, "BuildDistinguishedName");
  562. }
  564. // determine advance attributes
  565. hr = csiGetProviderTypeFromProviderName(
  566. pServer->pCSPInfo->pwszProvName,
  567. &pServer->pCSPInfo->dwProvType);
  568. _JumpIfError(hr, error, "csiGetProviderTypeFromProviderName");
  570. if (NULL != pServer->pwszHashAlgorithm)
  571. {
  572. // case insensitive
  573. if (0 == lstrcmpi(wszValueSHA1, pServer->pwszHashAlgorithm) )
  574. {
  575. pServer->pHashInfo->idAlg = CALG_SHA1;
  576. }
  577. else if (0 == lstrcmpi(wszValueMD2, pServer->pwszHashAlgorithm) )
  578. {
  579. pServer->pHashInfo->idAlg = CALG_MD2;
  580. }
  581. else if (0 == lstrcmpi(wszValueMD4, pServer->pwszHashAlgorithm) )
  582. {
  583. pServer->pHashInfo->idAlg = CALG_MD4;
  584. }
  585. else if (0 == lstrcmpi(wszValueMD5, pServer->pwszHashAlgorithm) )
  586. {
  587. pServer->pHashInfo->idAlg = CALG_MD5;
  588. }
  589. else
  590. {
  591. // undone, support oid ???
  593. // otherwise convert to calg id
  594. pServer->pHashInfo->idAlg = myWtoI(
  595. pServer->pwszHashAlgorithm,
  596. &fValidDigitString);
  597. }
  598. }
  599. // update algorithm oid anyway (for any changes from csp name, type, hash)
  600. if (NULL != pServer->pszAlgId)
  601. {
  602. // free old
  603. LocalFree(pServer->pszAlgId);
  604. }
  605. hr = myGetSigningOID(
  606. NULL, // hProv
  607. pServer->pCSPInfo->pwszProvName,
  608. pServer->pCSPInfo->dwProvType,
  609. pServer->pHashInfo->idAlg,
  610. &pServer->pszAlgId);
  611. _JumpIfError(hr, error, "myGetSigningOID");
  613. if (NULL != pServer->pwszKeyLength)
  614. {
  615. pServer->dwKeyLength = myWtoI(
  616. pServer->pwszKeyLength,
  617. &fValidDigitString);
  618. }
  620. // Import from PFX file?
  621. if(NULL != pServer->pwszPFXFile)
  622. {
  623. hr = ImportPFXAndUpdateCSPInfo(
  624. hwnd,
  625. pComp);
  626. _JumpIfError(hr, error, "ImportPFXAndUpdateCSPInfo");
  627. }
  629. if (NULL != pServer->pwszKeyContainerName)
  630. {
  631. if (NULL != pServer->pwszKeyLength)
  632. {
  633. CSILOG(hr, IDS_LOG_IGNORE_KEYLENGTH, NULL, NULL, NULL);
  634. _PrintError(0, "Defined key length is ignored because of reusing key");
  635. }
  636. // to revert key container name to common name
  637. if (NULL != pServer->pwszCACommonName)
  638. {
  639. LocalFree(pServer->pwszCACommonName);
  640. pServer->pwszCACommonName = NULL;
  641. }
  642. hr = myRevertSanitizeName(pServer->pwszKeyContainerName,
  643. &pServer->pwszCACommonName);
  644. _JumpIfError(hr, error, "myRevertSanitizeName");
  645. }
  647. // set preserveDB flag
  648. pServer->fPreserveDB = FALSE;
  649. if (NULL != pServer->pwszPreserveDB)
  650. {
  651. // case insensitive
  652. if (0 == lstrcmpi(wszValueYES, pServer->pwszPreserveDB))
  653. {
  654. pServer->fPreserveDB = TRUE;
  655. }
  656. }
  658. // set fInteractiveService flag
  659. pServer->fInteractiveService = FALSE;
  660. if (NULL != pServer->pwszInteractiveService)
  661. {
  662. // case insensitive
  663. if (0 == lstrcmpi(wszValueYES, pServer->pwszInteractiveService))
  664. {
  665. pServer->fInteractiveService = TRUE;
  666. }
  667. }
  669. // ca idinfo attributes
  671. // Reuse cert?
  672. if (NULL!=pServer->pwszUseExistingCert &&
  673. 0==lstrcmpi(wszValueYES, pServer->pwszUseExistingCert))
  674. {
  675. //
  676. // User wants to reuse an existing cert
  677. //
  679. // must have a key container name to reuse a cert
  680. if (NULL==pServer->pwszKeyContainerName) {
  681. hr=E_INVALIDARG;
  682. CSILOG(hr, IDS_LOG_REUSE_CERT_NO_REUSE_KEY, NULL, NULL, NULL);
  683. _JumpError(hr, error, "cannot reuse ca cert without reuse key");
  684. }
  686. // see if a matching certificate exists
  687. CERT_CONTEXT const * pccExistingCert;
  688. hr = FindCertificateByKey(pServer, &pccExistingCert);
  689. if (S_OK != hr)
  690. {
  691. CSILOG(hr, IDS_LOG_NO_CERT, NULL, NULL, NULL);
  692. _JumpError(hr, error, "FindCertificateByKey");
  693. }
  695. // use the matching cert
  696. hr = SetExistingCertToUse(pServer, pccExistingCert);
  697. _JumpIfError(hr, error, "SetExistingCertToUse");
  699. } else {
  700. //
  701. // User does not want to reuse an existing cert
  702. // Get the information that we would have pulled from the cert
  703. //
  705. // must reuse an existing cert to preserve the DB
  706. if (pServer->fPreserveDB){
  707. hr = E_INVALIDARG;
  708. CSILOG(hr, IDS_LOG_REUSE_DB_WITHOUT_REUSE_CERT, NULL, NULL, NULL);
  709. _JumpError(hr, error, "cannot preserve DB if don't reuse both key and ca cert");
  710. }
  712. // determine extended idinfo attributes
  714. // validity period
  715. DWORD dwValidityPeriodCount;
  716. ENUM_PERIOD enumValidityPeriod = ENUM_PERIOD_INVALID;
  717. BOOL fSwap;
  718. if (NULL != pServer->pwszValidityPeriodCount ||
  719. NULL != pServer->pwszValidityPeriodString)
  720. {
  721. hr = myInfGetValidityPeriod(
  722. NULL, // hInf
  723. pServer->pwszValidityPeriodCount,
  724. pServer->pwszValidityPeriodString,
  725. &dwValidityPeriodCount,
  726. &enumValidityPeriod,
  727. &fSwap);
  728. _JumpIfError(hr, error, "myGetValidityPeriod");
  730. if (ENUM_PERIOD_INVALID != enumValidityPeriod)
  731. {
  732. pServer->enumValidityPeriod = enumValidityPeriod;
  733. }
  734. if (0 != dwValidityPeriodCount)
  735. {
  736. pServer->dwValidityPeriodCount = dwValidityPeriodCount;
  737. }
  738. }
  740. if (!IsValidPeriod(pServer))
  741. {
  742. hr = E_INVALIDARG;
  743. CSILOG(
  744. hr,
  745. IDS_LOG_BAD_VALIDITY_PERIOD_COUNT,
  746. pServer->pwszValidityPeriodCount,
  747. NULL,
  748. &pServer->dwValidityPeriodCount);
  749. _JumpError(hr, error, "validity period count");
  750. }
  752. pServer->NotAfter = pServer->NotBefore;
  753. myMakeExprDateTime(
  754. &pServer->NotAfter,
  755. pServer->dwValidityPeriodCount,
  756. pServer->enumValidityPeriod);
  758. //if swap, swap pointer before validation
  759. if (fSwap)
  760. {
  761. WCHAR *pwszTemp = pServer->pwszValidityPeriodCount;
  762. pServer->pwszValidityPeriodCount = pServer->pwszValidityPeriodString;
  763. pServer->pwszValidityPeriodString = pwszTemp;
  764. }
  766. //the following WizardPageValidation requires
  767. //pServer->pwszValidityPeriodCount so load from count before validation
  768. if (NULL == pServer->pwszValidityPeriodCount)
  769. {
  770. WCHAR wszCount[10]; //should be enough
  771. wsprintf(wszCount, L"%d", pServer->dwValidityPeriodCount);
  772. pServer->pwszValidityPeriodCount = (WCHAR*)LocalAlloc(LMEM_FIXED,
  773. (wcslen(wszCount) + 1) * sizeof(WCHAR));
  774. _JumpIfOutOfMemory(hr, error, pServer->pwszValidityPeriodCount);
  775. wcscpy(pServer->pwszValidityPeriodCount, wszCount);
  776. }
  778. // hook with g_aIdPageString
  779. hr = HookIdInfoPageStrings(
  780. NULL, // hDlg
  781. g_aIdPageString,
  782. pServer);
  783. _JumpIfError(hr, error, "HookIdInfoPageStrings");
  785. hr = WizardPageValidation(
  786. pComp->hInstance,
  787. pComp->fUnattended,
  788. NULL,
  789. g_aIdPageString);
  790. _JumpIfError(hr, error, "WizardPageValidation");
  792. // make sure no invalid rdn characters
  793. if (IsAnyInvalidRDN(NULL, pComp))
  794. {
  795. hr = E_INVALIDARG;
  796. CSILOG(
  797. hr,
  798. IDS_LOG_BAD_OR_MISSING_CANAME,
  799. pServer->pwszCACommonName,
  800. NULL,
  801. NULL);
  802. _JumpError(hr, error, "Invalid RDN characters");
  803. }
  805. } // <- End if reuse/not-reuse cert
  807. // determine CA name
  808. if (NULL != pServer->pwszSanitizedName)
  809. {
  810. // free old
  811. LocalFree(pServer->pwszSanitizedName);
  812. pServer->pwszSanitizedName = NULL;
  813. }
  814. // derive ca name from common name
  815. hr = mySanitizeName(
  816. pServer->pwszCACommonName,
  817. &(pServer->pwszSanitizedName) );
  818. _JumpIfError(hr, error, "mySanitizeName");
  820. if (MAX_PATH <= wcslen(pServer->pwszSanitizedName) + cwcSUFFIXMAX)
  821. {
  822. hr = CO_E_PATHTOOLONG;
  823. CSILOG(
  824. hr,
  825. IDS_LOG_CANAME_TOO_LONG,
  826. pServer->pwszSanitizedName,
  827. NULL,
  828. NULL);
  829. _JumpErrorStr(hr, error, "CA Name", pServer->pwszSanitizedName);
  830. }
  832. // store attributes
  833. hr = StorePageValidation(NULL, pComp, &fNotContinue);
  834. _JumpIfError(hr, error, "StorePageValidation");
  836. if (fNotContinue)
  837. {
  838. hr = S_FALSE;
  839. _JumpError(hr, error, "StorePageValidation failed");
  840. }
  842. // ca cert file name
  843. if (NULL != pServer->pwszCACertFile)
  844. {
  845. // free old one
  846. LocalFree(pServer->pwszCACertFile);
  847. }
  848. hr = csiBuildCACertFileName(
  849. pComp->hInstance,
  850. hwnd,
  851. pComp->fUnattended,
  852. pServer->pwszSharedFolder,
  853. pServer->pwszSanitizedName,
  854. L".crt",
  855. 0, // CANAMEIDTOICERT(pServer->dwCertNameId),
  856. &pServer->pwszCACertFile);
  857. if (S_OK != hr)
  858. {
  859. CSILOG(
  860. hr,
  861. IDS_LOG_PATH_CAFILE_BUILD_FAIL,
  862. pServer->pwszSharedFolder, //likely by invalid shared folder path
  863. NULL,
  864. NULL);
  865. _JumpError(hr, error, "csiBuildFileName");
  866. }
  868. // validate path length
  869. if (MAX_PATH <= wcslen(pServer->pwszCACertFile) + cwcSUFFIXMAX)
  870. {
  871. hr = CO_E_PATHTOOLONG;
  872. CSILOG(
  873. hr,
  874. IDS_LOG_PATH_TOO_LONG_CANAME,
  875. pServer->pwszCACertFile,
  876. NULL,
  877. NULL);
  878. _JumpErrorStr(hr, error, "csiBuildFileName", pServer->pwszCACertFile);
  879. }
  881. // request attributes
  882. // if subordinate ca, determine online or request file
  883. if (IsSubordinateCA(pServer->CAType))
  884. {
  885. // default
  886. pServer->fSaveRequestAsFile = TRUE;
  887. if (NULL != pServer->pwszParentCAMachine)
  888. {
  889. // online case
  890. pServer->fSaveRequestAsFile = FALSE;
  892. hr = CoInitialize(NULL);
  893. if (S_OK != hr && S_FALSE != hr)
  894. {
  895. _JumpError(hr, error, "CoInitialize");
  896. }
  897. fCoInit = TRUE;
  899. if (NULL != pServer->pwszParentCAName)
  900. {
  901. // answer file provides both machine and ca names
  902. hr = myFormConfigString(
  903. pServer->pwszParentCAMachine,
  904. pServer->pwszParentCAName,
  905. &pwszConfig);
  906. _JumpIfError(hr, error, "myFormConfigString");
  908. // answer file has complete config string, try to ping it
  909. hr = myPingCertSrv(pwszConfig, NULL, NULL, NULL, NULL, NULL, NULL);
  910. if (S_OK != hr)
  911. {
  912. // can't finish without pingable ca
  913. CSILOG(
  914. hr,
  915. IDS_LOG_PING_PARENT_FAIL,
  916. pwszConfig,
  917. NULL,
  918. NULL);
  919. _JumpErrorStr(hr, error, "myPingCertSrv", pwszConfig);
  920. }
  921. }
  922. else
  923. {
  924. WCHAR *pwszzCAList = NULL;
  925. // answer file only has machine name, try to get ca name
  926. hr = myPingCertSrv(
  927. pServer->pwszParentCAMachine,
  928. NULL,
  929. &pwszzCAList,
  930. NULL,
  931. NULL,
  932. NULL,
  933. NULL);
  934. if (S_OK != hr)
  935. {
  936. // can't finish without pingable ca
  937. CSILOG(
  938. hr,
  939. IDS_LOG_PING_PARENT_FAIL,
  940. pServer->pwszParentCAMachine,
  941. NULL,
  942. NULL);
  943. _JumpErrorStr(hr, error, "myPingCertSrv",
  944. pServer->pwszParentCAMachine);
  945. }
  946. // pick the first one as the choice
  947. pServer->pwszParentCAName = pwszzCAList;
  948. }
  949. }
  951. if (NULL == pServer->pwszRequestFile)
  952. {
  953. // in any case, construct request file name if not defined
  954. hr = BuildRequestFileName(
  955. pServer->pwszCACertFile,
  956. &pServer->pwszRequestFile);
  957. _JumpIfError(hr, error, "BuildRequestFileName");
  958. // make sure in limit
  959. if (MAX_PATH <= wcslen(pServer->pwszRequestFile) + cwcSUFFIXMAX)
  960. {
  961. hr = CO_E_PATHTOOLONG;
  962. CSILOG(
  963. hr,
  964. IDS_LOG_REQUEST_FILE_TOO_LONG,
  965. pServer->pwszRequestFile,
  966. NULL,
  967. NULL);
  968. _JumpErrorStr(hr, error, "Request File", pServer->pwszRequestFile);
  969. }
  970. }
  971. }
  973. // other attributes
  975. if(pServer->fUseDS)
  976. {
  977. pServer->dwRevocationFlags = REVEXT_DEFAULT_DS;
  978. }
  979. else
  980. {
  981. pServer->dwRevocationFlags = REVEXT_DEFAULT_NODS;
  982. }
  984. hr = S_OK;
  985. error:
  986. if (fCoInit)
  987. {
  988. CoUninitialize();
  989. }
  990. if (NULL!=pwszConfig) {
  991. LocalFree(pwszConfig);
  992. }
  994. CSILOG(hr, IDS_LOG_SERVER_UNATTENDED_ATTRIBUTES, NULL, NULL, NULL);
  995. return hr;
  996. }
  999. HRESULT
  1000. PrepareClientUnattendedAttributes(
  1001. PER_COMPONENT_DATA *pComp,
  1002. SUBCOMP *psc)
  1003. {
  1004. HRESULT hr;
  1005. CAWEBCLIENTSETUPINFO *pClient = pComp->CA.pClient;
  1007. WCHAR *pwszConfig = NULL;
  1008. CAINFO *pCAInfo = NULL;
  1009. BOOL fCoInit = FALSE;
  1010. WCHAR * pwszDnsName = NULL;
  1012. if ((IS_CLIENT_INSTALL & pComp->dwInstallStatus) &&
  1013. !(IS_SERVER_INSTALL & pComp->dwInstallStatus))
  1014. {
  1015. // no extra setting and converting
  1016. if (NULL == pClient->pwszWebCAMachine)
  1017. {
  1018. hr = E_INVALIDARG;
  1019. CSILOG(hr, IDS_LOG_CA_MACHINE_REQUIRED, NULL, NULL, NULL);
  1020. _JumpError(hr, error, "ca machine name is required");
  1021. }
  1023. hr = CoInitialize(NULL);
  1024. if (S_OK != hr && S_FALSE != hr)
  1025. {
  1026. _JumpError(hr, error, "CoInitialize");
  1027. }
  1028. fCoInit = TRUE;
  1030. if (NULL == pClient->pwszWebCAName)
  1031. {
  1032. WCHAR *pwszzCAList = NULL;
  1033. // answer file only has machine name, try to get ca name
  1034. hr = myPingCertSrv(
  1035. pClient->pwszWebCAMachine,
  1036. NULL,
  1037. &pwszzCAList,
  1038. NULL,
  1039. NULL,
  1040. NULL,
  1041. NULL);
  1042. if (S_OK != hr)
  1043. {
  1044. // can't finish without pingable ca
  1045. CSILOG(
  1046. hr,
  1047. IDS_LOG_PING_PARENT_FAIL,
  1048. pClient->pwszWebCAMachine,
  1049. NULL,
  1050. NULL);
  1051. _JumpErrorStr(hr, error, "myPingCertSrv",
  1052. pClient->pwszWebCAMachine);
  1053. }
  1054. // pick the first one as the choice
  1055. pClient->pwszWebCAName = pwszzCAList;
  1056. }
  1058. hr = mySanitizeName(pClient->pwszWebCAName, &pClient->pwszSanitizedWebCAName);
  1059. _JumpIfError(hr, error, "mySanitizeName");
  1061. // build the config string so we can ping the parent CA
  1062. hr = myFormConfigString(
  1063. pClient->pwszWebCAMachine,
  1064. pClient->pwszWebCAName,
  1065. &pwszConfig);
  1066. _JumpIfError(hr, error, "myFormConfigString");
  1068. // ping the CA to retrieve the CA type and DNS name.
  1069. hr = myPingCertSrv(pwszConfig, NULL, NULL, NULL, &pCAInfo, NULL, &pwszDnsName);
  1070. if (S_OK != hr)
  1071. {
  1072. // can't finish without pingable ca
  1073. CSILOG(
  1074. hr,
  1075. IDS_LOG_PING_PARENT_FAIL,
  1076. pwszConfig,
  1077. NULL,
  1078. NULL);
  1079. _JumpErrorStr(hr, error, "myPingCertSrv", pwszConfig);
  1080. }
  1081. pClient->WebCAType = pCAInfo->CAType;
  1083. // use the FQDN if available
  1084. if (NULL!=pwszDnsName) {
  1085. LocalFree(pClient->pwszWebCAMachine);
  1086. pClient->pwszWebCAMachine=pwszDnsName;
  1087. }
  1088. }
  1090. hr = S_OK;
  1091. error:
  1092. if (NULL!=pwszConfig)
  1093. {
  1094. LocalFree(pwszConfig);
  1095. }
  1097. if (NULL != pCAInfo)
  1098. {
  1099. LocalFree(pCAInfo);
  1100. }
  1102. if (fCoInit)
  1103. {
  1104. CoUninitialize();
  1105. }
  1107. CSILOG(hr, IDS_LOG_CLIENT_UNATTENDED_ATTRIBUTES, NULL, NULL, NULL);
  1108. return hr;
  1109. }
  1112. HRESULT
  1113. PrepareUnattendedAttributes(
  1114. IN HWND hwnd,
  1115. IN WCHAR const *pwszComponent,
  1116. IN WCHAR const *pwszSubComponent,
  1117. IN PER_COMPONENT_DATA *pComp)
  1118. {
  1119. HRESULT hr;
  1120. SUBCOMP *psc = TranslateSubComponent(pwszComponent, pwszSubComponent);
  1122. if (NULL == psc)
  1123. {
  1124. hr = E_INVALIDARG;
  1125. _JumpError(hr, error, "Internal error, unsupported component");
  1126. }
  1128. switch (psc->cscSubComponent)
  1129. {
  1130. case cscServer:
  1131. hr = PrepareServerUnattendedAttributes(hwnd, pComp, psc);
  1132. _JumpIfError(hr, error, "PrepareServerUnattendedAttributes");
  1133. break;
  1134. case cscClient:
  1135. hr = PrepareClientUnattendedAttributes(pComp, psc);
  1136. _JumpIfError(hr, error, "PrepareClientUnattendedAttributes");
  1137. break;
  1138. default:
  1139. hr = E_INVALIDARG;
  1140. _JumpError(hr, error, "Internal error, unsupported component");
  1141. }
  1143. hr = S_OK;
  1144. error:
  1145. return hr;
  1146. }