archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8 Commits
1 Branch
0 Tags
2.0 GiB
Tree: 744f0b4006
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '744f0b4006'
${ noResults }
windows-xp/Source/XPSP1/NT/ds/security/services/ca/certsrv/rpc.cpp

401 lines
9.6 KiB
Raw Normal View History

Add source files
4 years ago
  1. //+--------------------------------------------------------------------------
  2. //
  3. // Microsoft Windows
  4. // Copyright (C) Microsoft Corporation, 1996 - 1999
  5. //
  6. // File: rpc.cpp
  7. //
  8. // Contents: Cert Server RPC
  9. //
  10. // History: 03-Sep-96 larrys created
  11. //
  12. //---------------------------------------------------------------------------
  14. #include <pch.cpp>
  16. #pragma hdrstop
  18. #include <stdio.h>
  19. #include <accctrl.h>
  21. #include "certrpc.h"
  22. #include "certacl.h"
  23. #include "cscom.h"
  24. #include "resource.h"
  26. #define __dwFILE__ __dwFILE_CERTSRV_RPC_CPP__
  29. RPC_BINDING_VECTOR *pvBindings = NULL;
  31. char *pszProtSeqNp = "ncacn_np";
  33. char *pszProtSeqTcp = "ncacn_ip_tcp";
  36. typedef struct _CS_RPC_ATHN_LIST
  37. {
  38. DWORD dwAuthnLevel;
  39. DWORD dwPrinceNameService;
  40. DWORD dwAuthnService;
  41. } CS_RPC_ATHN_LIST ;
  43. CS_RPC_ATHN_LIST g_acsAthnList[] =
  44. {
  45. { RPC_C_AUTHN_LEVEL_PKT_INTEGRITY, RPC_C_AUTHN_GSS_NEGOTIATE, RPC_C_AUTHN_GSS_NEGOTIATE },
  46. { RPC_C_AUTHN_LEVEL_NONE, RPC_C_AUTHN_NONE, RPC_C_AUTHN_NONE }
  47. };
  49. DWORD g_ccsAthnList = sizeof(g_acsAthnList)/sizeof(g_acsAthnList[0]);
  52. HRESULT
  53. RPCInit(VOID)
  54. {
  55. char *pszEndpoint = "\\pipe\\cert";
  57. LPSTR pszPrincName = NULL;
  58. HRESULT hr;
  59. DWORD i;
  61. if (RPC_S_OK == RpcNetworkIsProtseqValidA((unsigned char *) pszProtSeqNp))
  62. {
  63. hr = RpcServerUseProtseqEpA(
  64. (unsigned char *) pszProtSeqNp,
  65. RPC_C_PROTSEQ_MAX_REQS_DEFAULT,
  66. (unsigned char *) pszEndpoint,
  67. NULL);
  68. _JumpIfError(hr, error, "RpcServerUseProtseqEpA");
  69. }
  71. if (RPC_S_OK == RpcNetworkIsProtseqValidA((unsigned char *) pszProtSeqTcp))
  72. {
  74. hr = RpcServerUseProtseqA(
  75. (unsigned char *) pszProtSeqTcp,
  76. RPC_C_PROTSEQ_MAX_REQS_DEFAULT,
  77. NULL);
  78. if ((HRESULT) ERROR_OUTOFMEMORY == hr)
  79. {
  80. OSVERSIONINFO ovi;
  82. ovi.dwOSVersionInfoSize = sizeof(ovi);
  83. if (GetVersionEx(&ovi) &&
  84. VER_PLATFORM_WIN32_NT == ovi.dwPlatformId &&
  85. 4 >= ovi.dwMajorVersion)
  86. {
  87. hr = S_OK; // Ignore IP failure
  88. }
  89. }
  90. _JumpIfError(hr, error, "RpcServerUseProtseqA");
  91. }
  93. hr = RpcServerInqBindings(&pvBindings);
  94. _JumpIfError(hr, error, "RpcServerInqBindings");
  96. hr = RpcServerRegisterIf(s_ICertPassage_v0_0_s_ifspec, NULL, NULL);
  97. _JumpIfError(hr, error, "RpcServerRegisterIf");
  99. // Register Authentication Services
  101. for (i = 0; i < g_ccsAthnList; i++)
  102. {
  104. pszPrincName = NULL;
  105. if (g_acsAthnList[i].dwPrinceNameService != RPC_C_AUTHN_NONE)
  106. {
  107. hr = RpcServerInqDefaultPrincNameA(
  108. g_acsAthnList[i].dwPrinceNameService,
  109. (BYTE **) &pszPrincName);
  110. if (hr != RPC_S_OK)
  111. {
  112. continue;
  113. }
  114. }
  118. hr = RpcServerRegisterAuthInfoA(
  119. (BYTE *) pszPrincName,
  120. g_acsAthnList[i].dwAuthnService,
  121. 0,
  122. 0);
  123. if(hr == RPC_S_UNKNOWN_AUTHN_SERVICE)
  124. {
  125. continue;
  126. }
  127. if(hr != RPC_S_OK)
  128. {
  129. break;
  130. }
  131. }
  133. if (hr != RPC_S_UNKNOWN_AUTHN_SERVICE)
  134. {
  135. _JumpIfError(hr, error, "RpcServerRegisterAuthInfoA");
  136. }
  139. hr = RpcEpRegister(s_ICertPassage_v0_0_s_ifspec, pvBindings, NULL, NULL);
  140. _JumpIfError(hr, error, "RpcEpRegister");
  142. // Listen, but don't wait...
  144. hr = RpcServerListen(1, RPC_C_LISTEN_MAX_CALLS_DEFAULT, TRUE);
  145. _JumpIfError(hr, error, "RpcServerListen");
  147. error:
  148. if (NULL != pszPrincName)
  149. {
  150. RpcStringFreeA((BYTE **) &pszPrincName);
  151. }
  152. return(hr);
  153. }
  156. HRESULT
  157. RPCTeardown(VOID)
  158. {
  159. HRESULT hr;
  161. // tear down, don't wait for calls to complete
  163. hr = RpcServerUnregisterIf(s_ICertPassage_v0_0_s_ifspec, NULL, FALSE);
  164. _JumpIfError(hr, error, "RpcServerUnregisterIf");
  166. // We have no good way of knowing if all RPC requests are done, so let it
  167. // leak on shutdown.
  168. // RPC_STATUS RPC_ENTRY RpcMgmtWaitServerListen(VOID); ??
  170. hr = S_OK;
  172. error:
  173. return(hr);
  174. }
  177. HRESULT
  178. SetTransBlobString(
  179. CERTTRANSBLOB const *pctb,
  180. WCHAR const **ppwsz)
  181. {
  182. HRESULT hr;
  184. if (NULL != pctb->pb && 0 != pctb->cb)
  185. {
  186. *ppwsz = (WCHAR const *) pctb->pb;
  188. // use lstrlen here for protection against non-zero terminated bufs!
  189. // lstrlen will catch AV's and return error
  191. if ((lstrlen(*ppwsz) + 1) * sizeof(WCHAR) != pctb->cb)
  192. {
  193. hr = E_INVALIDARG;
  194. _JumpIfError(hr, error, "Bad TransBlob string");
  195. }
  196. }
  197. hr = S_OK;
  199. error:
  200. return(hr);
  201. }
  204. /* server prototype */
  205. DWORD
  206. s_CertServerRequest(
  207. /* [in] */ handle_t h,
  208. /* [in] */ DWORD dwFlags,
  209. /* [unique][string][in] */ const wchar_t __RPC_FAR *pwszAuthority,
  210. /* [ref][out][in] */ DWORD __RPC_FAR *pdwRequestId,
  211. /* [out] */ DWORD __RPC_FAR *pdwDisposition,
  212. /* [ref][in] */ CERTTRANSBLOB const __RPC_FAR *pctbAttribs,
  213. /* [ref][in] */ CERTTRANSBLOB const __RPC_FAR *pctbRequest,
  214. /* [ref][out] */ CERTTRANSBLOB __RPC_FAR *pctbCertChain,
  215. /* [ref][out] */ CERTTRANSBLOB __RPC_FAR *pctbEncodedCert,
  216. /* [ref][out] */ CERTTRANSBLOB __RPC_FAR *pctbDispositionMessage)
  217. {
  218. HRESULT hr = S_OK;
  219. DWORD OpRequest;
  220. WCHAR const *pwszAttributes = NULL;
  221. WCHAR const *pwszSerialNumber = NULL;
  222. CERTTRANSBLOB ctbEmpty = { 0, NULL };
  223. CERTTRANSBLOB const *pctbSerial = &ctbEmpty;
  224. WCHAR *pwszUserName = NULL;
  225. DWORD dwComContextIndex = MAXDWORD;
  226. CERTSRV_COM_CONTEXT ComContext;
  227. CERTSRV_RESULT_CONTEXT ResultContext;
  228. DWORD State = 0;
  230. ZeroMemory(&ComContext, sizeof(ComContext));
  231. ZeroMemory(&ResultContext, sizeof(ResultContext));
  233. DBGPRINT((
  234. DBG_SS_CERTSRV,
  235. "s_CertServerRequest(tid=%d)\n",
  236. GetCurrentThreadId()));
  238. hr = CertSrvEnterServer(&State);
  239. _JumpIfError(hr, error, "CertSrvEnterServer");
  241. hr = CheckAuthorityName(pwszAuthority);
  242. _JumpIfError(hr, error, "No authority name");
  244. hr = RegisterComContext(&ComContext, &dwComContextIndex);
  245. _JumpIfError(hr, error, "RegisterComContext");
  247. OpRequest = CR_IN_RETRIEVE;
  248. if (NULL != pctbRequest->pb)
  249. {
  250. *pdwRequestId = 0;
  251. OpRequest = CR_IN_NEW;
  252. }
  253. else
  254. {
  255. // RetrievePending by SerialNumber in pctbAttribs
  257. pctbSerial = pctbAttribs;
  258. pctbAttribs = &ctbEmpty;
  259. }
  260. *pdwDisposition = CR_DISP_ERROR;
  262. __try
  263. {
  264. hr = CheckCertSrvAccess(
  265. pwszAuthority,
  266. h,
  267. CA_ACCESS_ENROLL,
  268. &ComContext.fInRequestGroup,
  269. &ComContext.hAccessToken);
  270. _LeaveIfError(hr, "CheckCertSrvAccess");
  271. }
  272. __except(hr = myHEXCEPTIONCODE(), EXCEPTION_EXECUTE_HANDLER)
  273. {
  274. _PrintError(hr, "Exception");
  275. }
  276. _JumpIfError(hr, error, "CheckCertSrvAccess");
  278. hr = SetTransBlobString(pctbAttribs, &pwszAttributes);
  279. _JumpIfError(hr, error, "SetTransBlobString");
  281. hr = SetTransBlobString(pctbSerial, &pwszSerialNumber);
  282. _JumpIfError(hr, error, "SetTransBlobString");
  284. ResultContext.pdwRequestId = pdwRequestId;
  285. ResultContext.pdwDisposition = pdwDisposition;
  286. ResultContext.pctbDispositionMessage = pctbDispositionMessage;
  287. ResultContext.pctbCert = pctbEncodedCert;
  288. if (CR_IN_FULLRESPONSE & dwFlags)
  289. {
  290. ResultContext.pctbFullResponse = pctbCertChain;
  291. }
  292. else
  293. {
  294. ResultContext.pctbCertChain = pctbCertChain;
  295. }
  297. __try
  298. {
  299. hr = GetClientUserName(
  300. h,
  301. &pwszUserName,
  302. CR_IN_NEW == OpRequest && IsEnterpriseCA(g_CAType)?
  303. &ComContext.pwszUserDN : NULL);
  304. _LeaveIfError(hr, "GetClientUserName");
  306. hr = CoreProcessRequest(
  307. OpRequest | (dwFlags & CR_IN_FORMATMASK),
  308. pwszUserName,
  309. pctbRequest->cb, // cbRequest
  310. pctbRequest->pb, // pbRequest
  311. pwszAttributes,
  312. pwszSerialNumber,
  313. dwComContextIndex,
  314. *pdwRequestId,
  315. &ResultContext); // Allocates returned memory
  316. }
  317. __except(hr = myHEXCEPTIONCODE(), EXCEPTION_EXECUTE_HANDLER)
  318. {
  319. }
  320. _JumpIfError(hr, error, "CoreProcessRequest");
  322. // Post-processing
  323. pctbDispositionMessage->cb = 0;
  324. if (NULL != pctbDispositionMessage->pb)
  325. {
  326. pctbDispositionMessage->cb =
  327. (wcslen((WCHAR *) pctbDispositionMessage->pb) + 1) * sizeof(WCHAR);
  328. }
  330. error:
  331. ReleaseResult(&ResultContext);
  332. if (NULL != pwszUserName)
  333. {
  334. LocalFree(pwszUserName);
  335. }
  336. if (NULL != ComContext.hAccessToken)
  337. {
  338. HRESULT hr2;
  340. // closehandle can throw
  341. __try
  342. {
  343. CloseHandle(ComContext.hAccessToken);
  344. }
  345. __except(hr2 = myHEXCEPTIONCODE(), EXCEPTION_EXECUTE_HANDLER)
  346. {
  347. _PrintError(hr2, "Exception");
  348. if (S_OK == hr)
  349. {
  350. hr = hr2;
  351. }
  352. }
  353. }
  354. if (MAXDWORD != dwComContextIndex)
  355. {
  356. if (NULL != ComContext.pwszUserDN)
  357. {
  358. LocalFree(ComContext.pwszUserDN);
  359. }
  360. UnregisterComContext(&ComContext, dwComContextIndex);
  361. }
  362. CertSrvExitServer(State);
  363. CSASSERT(S_OK == hr || FAILED(hr));
  364. return(hr);
  365. }
  368. //+--------------------------------------------------------------------------
  369. // MIDL_user_allocate -- Allocates memory for RPC operations.
  370. //
  371. // Parameters:
  372. // cb - # of bytes to allocate
  373. //
  374. // Returns:
  375. // Memory allocated, or NULL if not enough memory.
  376. //---------------------------------------------------------------------------
  378. void __RPC_FAR * __RPC_USER
  379. MIDL_user_allocate(
  380. IN size_t cb)
  381. {
  382. return(CoTaskMemAlloc(cb));
  383. }
  386. //+--------------------------------------------------------------------------
  387. // MIDL_user_free -- Free memory allocated via MIDL_user_allocate.
  388. //
  389. // Parameters:
  390. // pvBuffer - The buffer to free.
  391. //
  392. // Returns:
  393. // None.
  394. //---------------------------------------------------------------------------
  396. void __RPC_USER
  397. MIDL_user_free(
  398. IN void __RPC_FAR *pb)
  399. {
  400. CoTaskMemFree(pb);
  401. }