archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8 Commits
1 Branch
0 Tags
2.0 GiB
Tree: 744f0b4006
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '744f0b4006'
${ noResults }
windows-xp/Source/XPSP1/NT/ds/security/cryptoapi/pkitrust/softpub/callui.cpp

448 lines
11 KiB
Raw Normal View History

Add source files
4 years ago
  1. //+-------------------------------------------------------------------------
  2. //
  3. // Microsoft Windows
  4. //
  5. // Copyright (C) Microsoft Corporation, 1996 - 1999
  6. //
  7. // File: callui.cpp
  8. //
  9. // Contents: Microsoft Internet Security Authenticode Policy Provider
  10. //
  11. // Functions: SoftpubCallUI
  12. //
  13. // *** local functions ***
  14. // _AllocGetOpusInfo
  15. //
  16. // History: 06-Jun-1997 pberkman created
  17. //
  18. //--------------------------------------------------------------------------
  20. #include "global.hxx"
  21. #include "trustdb.h"
  22. #include "acui.h"
  23. #include "winsafer.h"
  25. SPC_SP_OPUS_INFO *_AllocGetOpusInfo(CRYPT_PROVIDER_DATA *pProvData, CRYPT_PROVIDER_SGNR *pSigner,
  26. DWORD *pcbOpusInfo);
  30. #define MIN_HASH_LEN 16
  31. #define MAX_HASH_LEN 20
  33. // Returns:
  34. // S_FALSE
  35. // not found in the database
  36. // TRUST_E_SYSTEM_ERROR
  37. // system errors while attempting to do the check
  38. // S_OK
  39. // found in the database
  40. // TRUST_E_EXPLICIT_DISTRUST
  41. // explicitly disallowed in the database or revoked
  42. HRESULT _CheckTrustedPublisher(
  43. CRYPT_PROVIDER_DATA *pProvData,
  44. DWORD dwError,
  45. BOOL fOnlyDisallowed
  46. )
  47. {
  48. CRYPT_PROVIDER_SGNR *pSigner;
  49. PCCERT_CONTEXT pPubCert;
  50. BYTE rgbHash[MAX_HASH_LEN];
  51. CRYPT_DATA_BLOB HashBlob;
  52. HCERTSTORE hStore;
  54. if (CERT_E_REVOKED == dwError)
  55. {
  56. return TRUST_E_EXPLICIT_DISTRUST;
  57. }
  59. pSigner = WTHelperGetProvSignerFromChain(pProvData, 0, FALSE, 0);
  61. if (NULL == pSigner || pSigner->csCertChain <= 0)
  62. {
  63. return S_FALSE;
  64. }
  66. pPubCert = WTHelperGetProvCertFromChain(pSigner, 0)->pCert;
  68. // Check if disallowed.
  70. // Since the signature component can be altered, must use the signature
  71. // hash
  73. HashBlob.pbData = rgbHash;
  74. HashBlob.cbData = MAX_HASH_LEN;
  75. if (!CertGetCertificateContextProperty(
  76. pPubCert,
  77. CERT_SIGNATURE_HASH_PROP_ID,
  78. rgbHash,
  79. &HashBlob.cbData
  80. ) || MIN_HASH_LEN > HashBlob.cbData)
  81. {
  82. return TRUST_E_SYSTEM_ERROR;
  83. }
  85. hStore = OpenDisallowedStore();
  87. if (hStore)
  88. {
  89. PCCERT_CONTEXT pFoundCert;
  91. pFoundCert = CertFindCertificateInStore(
  92. hStore,
  93. 0, // dwCertEncodingType
  94. 0, // dwFindFlags
  95. CERT_FIND_SIGNATURE_HASH,
  96. (const void *) &HashBlob,
  97. NULL //pPrevCertContext
  98. );
  100. CertCloseStore(hStore, 0);
  101. if (pFoundCert)
  102. {
  103. CertFreeCertificateContext(pFoundCert);
  104. return TRUST_E_EXPLICIT_DISTRUST;
  105. }
  106. }
  108. if (fOnlyDisallowed)
  109. {
  110. return S_FALSE;
  111. }
  113. if (S_OK != dwError)
  114. {
  115. // Everything must be valid to allow a trusted publisher
  116. return S_FALSE;
  117. }
  119. // Check if trusted publisher
  121. hStore = OpenTrustedPublisherStore();
  123. if (hStore)
  124. {
  125. PCCERT_CONTEXT pFoundCert;
  127. pFoundCert = CertFindCertificateInStore(
  128. hStore,
  129. 0, // dwCertEncodingType
  130. 0, // dwFindFlags
  131. CERT_FIND_SIGNATURE_HASH,
  132. (const void *) &HashBlob,
  133. NULL //pPrevCertContext
  134. );
  136. CertCloseStore(hStore, 0);
  137. if (pFoundCert)
  138. {
  139. CertFreeCertificateContext(pFoundCert);
  140. return S_OK;
  141. }
  142. }
  144. return S_FALSE;
  145. }
  148. typedef BOOL (WINAPI *PFN_SAFERI_SEARCH_MATCHING_HASH_RULES)(
  149. IN ALG_ID HashAlgorithm OPTIONAL,
  150. IN PBYTE pHashBytes,
  151. IN DWORD dwHashSize,
  152. IN DWORD dwOriginalImageSize OPTIONAL,
  153. OUT PDWORD pdwFoundLevel,
  154. OUT PDWORD pdwUIFlags
  155. );
  157. // Returns:
  158. // S_FALSE
  159. // not found in the database
  160. // S_OK
  161. // fully trusted in the database
  162. // TRUST_E_EXPLICIT_DISTRUST
  163. // explicitly disallowed in the database
  164. HRESULT _CheckTrustedCodeHash(CRYPT_PROVIDER_DATA *pProvData)
  165. {
  166. static BOOL fGotProcAddr = FALSE;
  167. static PFN_SAFERI_SEARCH_MATCHING_HASH_RULES
  168. pfnCodeAuthzSearchMatchingHashRules = NULL;
  170. DWORD cbHash;
  172. if (pProvData->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_OBJPROV] == 0 &&
  173. pProvData->pPDSip && pProvData->pPDSip->psIndirectData)
  174. {
  175. cbHash = pProvData->pPDSip->psIndirectData->Digest.cbData;
  176. }
  177. else
  178. {
  179. cbHash = 0;
  180. }
  182. if (0 == cbHash)
  183. {
  184. return S_FALSE;
  185. }
  187. // wintrust.dll has a static dependency on advapi32.dll. However, not
  188. // all advapi32.dll's will export "SaferiSearchMatchingHashRules"
  189. if (!fGotProcAddr)
  190. {
  191. HMODULE hModule;
  193. hModule = GetModuleHandleA("advapi32.dll");
  194. if (NULL != hModule)
  195. {
  196. pfnCodeAuthzSearchMatchingHashRules =
  197. (PFN_SAFERI_SEARCH_MATCHING_HASH_RULES) GetProcAddress(
  198. hModule, "SaferiSearchMatchingHashRules");
  199. }
  201. fGotProcAddr = TRUE;
  202. }
  204. if (NULL != pfnCodeAuthzSearchMatchingHashRules)
  205. {
  206. __try
  207. {
  208. DWORD dwFoundLevel = 0xFFFFFFFF;
  209. DWORD dwUIFlags = 0;
  211. if (pfnCodeAuthzSearchMatchingHashRules(
  212. CertOIDToAlgId(pProvData->pPDSip->psIndirectData->DigestAlgorithm.pszObjId),
  213. pProvData->pPDSip->psIndirectData->Digest.pbData,
  214. cbHash,
  215. 0, // dwOriginalImageSize
  216. &dwFoundLevel,
  217. &dwUIFlags
  218. ))
  219. {
  220. switch (dwFoundLevel)
  221. {
  222. case SAFER_LEVELID_FULLYTRUSTED:
  223. return S_OK;
  224. case SAFER_LEVELID_DISALLOWED:
  225. return TRUST_E_EXPLICIT_DISTRUST;
  226. }
  227. }
  228. }
  229. __except(EXCEPTION_EXECUTE_HANDLER)
  230. {
  231. }
  232. }
  234. return S_FALSE;
  235. }
  238. HRESULT SoftpubCallUI(CRYPT_PROVIDER_DATA *pProvData, DWORD dwError, BOOL fFinalCall)
  239. {
  240. HRESULT hr;
  241. DWORD dwUIChoice;
  243. if (!(fFinalCall))
  244. {
  245. // TBDTBD: if we want the user to get involved along the way???
  246. return(ERROR_SUCCESS);
  247. }
  249. if (0 == (pProvData->dwProvFlags & WTD_SAFER_FLAG))
  250. {
  251. if (!(pProvData->dwRegPolicySettings & WTPF_ALLOWONLYPERTRUST) &&
  252. (pProvData->pWintrustData->dwUIChoice == WTD_UI_NONE))
  253. {
  254. if (S_OK == dwError)
  255. {
  256. //
  257. // Check for untrusted publisher
  258. //
  259. hr = _CheckTrustedPublisher(pProvData, dwError, TRUE);
  260. if (TRUST_E_EXPLICIT_DISTRUST == hr)
  261. {
  262. return TRUST_E_EXPLICIT_DISTRUST;
  263. }
  264. }
  266. return(dwError);
  267. }
  268. }
  271. //
  272. // Check for trusted or disallowed subject hash
  273. //
  274. hr = _CheckTrustedCodeHash(pProvData);
  275. if (S_FALSE != hr)
  276. {
  277. if (S_OK == hr)
  278. {
  279. // Ensure we always indicate trust.
  280. pProvData->dwFinalError = 0;
  281. }
  282. return hr;
  283. }
  285. //
  286. // Check for trusted or disallowed publisher
  287. //
  288. hr = _CheckTrustedPublisher(pProvData, dwError, FALSE);
  289. if (S_FALSE != hr)
  290. {
  291. if (S_OK == hr)
  292. {
  293. // Ensure we always indicate trust.
  294. pProvData->dwFinalError = 0;
  295. }
  296. return hr;
  297. }
  299. if (pProvData->dwRegPolicySettings & WTPF_ALLOWONLYPERTRUST)
  300. {
  301. if (0 == dwError)
  302. {
  303. return CRYPT_E_SECURITY_SETTINGS;
  304. }
  305. return dwError;
  306. }
  308. dwUIChoice = pProvData->pWintrustData->dwUIChoice;
  310. if ((dwUIChoice == WTD_UI_NONE) ||
  311. ((dwUIChoice == WTD_UI_NOBAD) && (dwError != ERROR_SUCCESS)) ||
  312. ((dwUIChoice == WTD_UI_NOGOOD) && (dwError == ERROR_SUCCESS)))
  313. {
  314. if (0 == dwError)
  315. {
  316. // No explicit trust
  317. pProvData->dwFinalError = TRUST_E_SUBJECT_NOT_TRUSTED;
  318. }
  319. return dwError;
  320. }
  322. //
  323. // call the ui
  324. //
  325. HINSTANCE hModule = NULL;
  326. IPersonalTrustDB *pTrustDB = NULL;
  327. ACUI_INVOKE_INFO aii;
  328. pfnACUIProviderInvokeUI pfn = NULL;
  329. DWORD cbOpusInfo;
  330. CRYPT_PROVIDER_SGNR *pRootSigner;
  332. pRootSigner = WTHelperGetProvSignerFromChain(pProvData, 0, FALSE, 0);
  334. OpenTrustDB(NULL, IID_IPersonalTrustDB, (LPVOID*)&pTrustDB);
  336. memset(&aii, 0x00, sizeof(ACUI_INVOKE_INFO));
  338. //
  339. // Setup the UI invokation
  340. //
  342. aii.cbSize = sizeof(ACUI_INVOKE_INFO);
  343. aii.hDisplay = pProvData->hWndParent;
  344. aii.pProvData = pProvData;
  345. aii.hrInvokeReason = dwError;
  346. aii.pwcsAltDisplayName = WTHelperGetFileName(pProvData->pWintrustData);
  347. aii.pPersonalTrustDB = (IUnknown *)pTrustDB;
  349. if (pRootSigner)
  350. {
  351. aii.pOpusInfo = _AllocGetOpusInfo(pProvData, pRootSigner, &cbOpusInfo);
  352. }
  354. //
  355. // Load the default authenticode UI.
  356. //
  357. if (hModule = LoadLibraryA(CVP_DLL))
  358. {
  359. pfn = (pfnACUIProviderInvokeUI)GetProcAddress(hModule, "ACUIProviderInvokeUI");
  360. }
  362. //
  363. // Invoke the UI
  364. //
  365. if (pfn)
  366. {
  367. hr = (*pfn)(&aii);
  368. }
  369. else
  370. {
  371. hr = TRUST_E_PROVIDER_UNKNOWN;
  372. pProvData->dwError = hr;
  373. pProvData->padwTrustStepErrors[TRUSTERROR_STEP_FINAL_UIPROV] = hr;
  375. DBG_PRINTF((DBG_SS, "Unable to load CRYPTUI.DLL\n"));
  377. }
  379. //
  380. // Return the appropriate code
  381. //
  383. if (pTrustDB)
  384. {
  385. pTrustDB->Release();
  386. }
  388. if (aii.pOpusInfo)
  389. {
  390. TrustFreeDecode(WVT_MODID_SOFTPUB, (BYTE **)&aii.pOpusInfo);
  391. }
  393. if (hModule)
  394. {
  395. FreeLibrary(hModule);
  396. }
  398. return hr;
  399. }
  402. SPC_SP_OPUS_INFO *_AllocGetOpusInfo(CRYPT_PROVIDER_DATA *pProvData, CRYPT_PROVIDER_SGNR *pSigner,
  403. DWORD *pcbOpusInfo)
  404. {
  405. PCRYPT_ATTRIBUTE pAttr;
  406. PSPC_SP_OPUS_INFO pInfo;
  408. pInfo = NULL;
  410. if (!(pSigner->psSigner))
  411. {
  412. goto NoSigner;
  413. }
  415. if (pSigner->psSigner->AuthAttrs.cAttr == 0)
  416. {
  417. goto NoOpusAttribute;
  418. }
  420. if (!(pAttr = CertFindAttribute(SPC_SP_OPUS_INFO_OBJID,
  421. pSigner->psSigner->AuthAttrs.cAttr,
  422. pSigner->psSigner->AuthAttrs.rgAttr)))
  423. {
  424. goto NoOpusAttribute;
  425. }
  427. if (!(pAttr->rgValue))
  428. {
  429. goto NoOpusAttribute;
  430. }
  432. if (!(TrustDecode(WVT_MODID_SOFTPUB, (BYTE **)&pInfo, pcbOpusInfo, 200,
  433. pProvData->dwEncoding, SPC_SP_OPUS_INFO_STRUCT,
  434. pAttr->rgValue->pbData, pAttr->rgValue->cbData, CRYPT_DECODE_NOCOPY_FLAG)))
  435. {
  436. goto DecodeError;
  437. }
  439. return(pInfo);
  441. ErrorReturn:
  442. return(NULL);
  444. TRACE_ERROR_EX(DBG_SS, NoSigner);
  445. TRACE_ERROR_EX(DBG_SS, NoOpusAttribute);
  446. TRACE_ERROR_EX(DBG_SS, DecodeError);
  447. }