archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
9 Commits
1 Branch
0 Tags
2.0 GiB
Tree: 75c48ba87f
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '75c48ba87f'
${ noResults }
windows-xp/Source/XPSP1/NT/inetsrv/iis/admin/snapin/wsecure.cpp

825 lines
16 KiB
Raw Normal View History

Add source files
4 years ago
  1. /*++
  3. Copyright (c) 1994-1998 Microsoft Corporation
  5. Module Name :
  7. security.cpp
  9. Abstract:
  11. WWW Security Property Page
  13. Author:
  15. Ronald Meijer (ronaldm)
  17. Project:
  19. Internet Services Manager
  21. Revision History:
  23. --*/
  25. //
  26. // Include Files
  27. //
  28. #include "stdafx.h"
  29. #include "common.h"
  30. #include "inetprop.h"
  31. #include "InetMgrApp.h"
  32. #include "supdlgs.h"
  33. #include "shts.h"
  34. #include "w3sht.h"
  35. #include "wincrypt.h"
  36. #include "resource.h"
  37. #include "wsecure.h"
  38. #include "authent.h"
  39. #include "seccom.h"
  40. #include "ipdomdlg.h"
  42. #include "cryptui.h"
  44. #ifdef _DEBUG
  45. #define new DEBUG_NEW
  46. #undef THIS_FILE
  47. static char THIS_FILE[] = __FILE__;
  48. #endif
  50. //
  51. // CW3SecurityPage property page
  52. //
  53. IMPLEMENT_DYNCREATE(CW3SecurityPage, CInetPropertyPage)
  57. CW3SecurityPage::CW3SecurityPage(
  58. IN CInetPropertySheet * pSheet,
  59. IN BOOL fHome,
  60. IN DWORD dwAttributes
  61. )
  62. /*++
  64. Routine Description:
  66. Constructor
  68. Arguments:
  70. CInetPropertySheet * pSheet : Sheet object
  71. BOOL fHome : TRUE if this is a home directory
  72. DWORD dwAttributes : Attributes
  74. Return Value:
  76. N/A
  78. --*/
  79. : CInetPropertyPage(CW3SecurityPage::IDD, pSheet,
  80. IS_FILE(dwAttributes)
  81. ? IDS_TAB_FILE_SECURITY
  82. : IDS_TAB_DIR_SECURITY
  83. ),
  84. m_oblAccessList(),
  85. m_fU2Installed(FALSE),
  86. m_fIpDirty(FALSE),
  87. m_fHome(fHome),
  88. //
  89. // By default, we grant access
  90. //
  91. m_fOldDefaultGranted(TRUE),
  92. m_fDefaultGranted(TRUE)
  93. {
  95. #if 0 // Keep class wizard happy
  97. //{{AFX_DATA_INIT(CW3SecurityPage)
  98. m_fUseNTMapper = FALSE;
  99. //}}AFX_DATA_INIT
  101. #endif // 0
  103. }
  106. CW3SecurityPage::~CW3SecurityPage()
  107. /*++
  109. Routine Description:
  111. Destructor
  113. Arguments:
  115. N/A
  117. Return Value:
  119. N/A
  121. --*/
  122. {
  123. }
  127. void
  128. CW3SecurityPage::DoDataExchange(
  129. IN CDataExchange * pDX
  130. )
  131. /*++
  133. Routine Description:
  135. Initialise/Store control data
  137. Arguments:
  139. CDataExchange * pDX - DDX/DDV control structure
  141. Return Value:
  143. None
  145. --*/
  146. {
  147. CInetPropertyPage::DoDataExchange(pDX);
  149. //{{AFX_DATA_MAP(CW3SecurityPage)
  150. DDX_Check(pDX, IDC_CHECK_ENABLE_DS, m_fUseNTMapper);
  151. DDX_Control(pDX, IDC_ICON_SECURE, m_icon_Secure);
  152. DDX_Control(pDX, IDC_STATIC_SSL_PROMPT, m_static_SSLPrompt);
  153. DDX_Control(pDX, IDC_CHECK_ENABLE_DS, m_check_EnableDS);
  154. DDX_Control(pDX, IDC_BUTTON_GET_CERTIFICATES, m_button_GetCertificates);
  155. DDX_Control(pDX, IDC_VIEW_CERTIFICATE, m_button_ViewCertificates);
  156. DDX_Control(pDX, IDC_BUTTON_COMMUNICATIONS, m_button_Communications);
  157. //}}AFX_DATA_MAP
  158. }
  162. //
  163. // Message Map
  164. //
  165. BEGIN_MESSAGE_MAP(CW3SecurityPage, CInetPropertyPage)
  166. //{{AFX_MSG_MAP(CW3SecurityPage)
  167. ON_BN_CLICKED(IDC_BUTTON_AUTHENTICATION, OnButtonAuthentication)
  168. ON_BN_CLICKED(IDC_BUTTON_COMMUNICATIONS, OnButtonCommunications)
  169. ON_BN_CLICKED(IDC_BUTTON_IP_SECURITY, OnButtonIpSecurity)
  170. ON_BN_CLICKED(IDC_BUTTON_GET_CERTIFICATES, OnButtonGetCertificates)
  171. ON_BN_CLICKED(IDC_VIEW_CERTIFICATE, OnButtonViewCertificates)
  172. //}}AFX_MSG_MAP
  174. ON_BN_CLICKED(IDC_CHECK_ENABLE_DS, OnItemChanged)
  176. END_MESSAGE_MAP()
  180. /* virtual */
  181. HRESULT
  182. CW3SecurityPage::FetchLoadedValues()
  183. /*++
  185. Routine Description:
  187. Move configuration data from sheet to dialog controls
  189. Arguments:
  191. None
  193. Return Value:
  195. HRESULT
  197. --*/
  198. {
  199. CError err;
  201. BEGIN_META_DIR_READ(CW3Sheet)
  202. FETCH_DIR_DATA_FROM_SHEET(m_dwAuthFlags);
  203. FETCH_DIR_DATA_FROM_SHEET(m_dwSSLAccessPermissions);
  204. FETCH_DIR_DATA_FROM_SHEET(m_strBasicDomain);
  205. FETCH_DIR_DATA_FROM_SHEET(m_strRealm);
  206. FETCH_DIR_DATA_FROM_SHEET(m_strAnonUserName);
  207. FETCH_DIR_DATA_FROM_SHEET(m_strAnonPassword);
  208. FETCH_DIR_DATA_FROM_SHEET(m_fPasswordSync);
  209. FETCH_DIR_DATA_FROM_SHEET(m_fU2Installed);
  210. FETCH_DIR_DATA_FROM_SHEET(m_fUseNTMapper);
  211. END_META_DIR_READ(err)
  212. m_fPasswordSyncInitial = m_fPasswordSync;
  213. //
  214. // First we need to read in the hash and the name of the store. If either
  215. // is not there then there is no certificate.
  216. //
  217. BEGIN_META_INST_READ(CW3Sheet)
  218. // BUGBUG we are not fetching the hash right now because it needs a new
  219. // copy constructor. Otherwise it does a bitwise copy of the pointer value.
  220. // Then this one desctructs, freeing the pointer. Then the other one desctucts
  221. // freeing it again.
  222. // FETCH_INST_DATA_FROM_SHEET(m_CertHash);
  223. FETCH_INST_DATA_FROM_SHEET(m_strCertStoreName);
  224. FETCH_INST_DATA_FROM_SHEET(m_strCTLIdentifier);
  225. FETCH_INST_DATA_FROM_SHEET(m_strCTLStoreName);
  226. END_META_INST_READ(err)
  228. //
  229. // Build the IPL list
  230. //
  231. err = BuildIplOblistFromBlob(
  232. GetIPL(),
  233. m_oblAccessList,
  234. m_fDefaultGranted
  235. );
  237. m_fOldDefaultGranted = m_fDefaultGranted;
  239. return err;
  240. }
  244. /* virtual */
  245. HRESULT
  246. CW3SecurityPage::SaveInfo()
  247. /*++
  249. Routine Description:
  251. Save the information on this property page
  253. Arguments:
  255. None
  257. Return Value:
  259. Error return code
  261. --*/
  262. {
  263. ASSERT(IsDirty());
  265. TRACEEOLID("Saving W3 security page now...");
  267. CError err;
  269. //
  270. // Check to see if the ip access list needs saving.
  271. //
  272. BOOL fIplDirty = m_fIpDirty || (m_fOldDefaultGranted != m_fDefaultGranted);
  274. //
  275. // Use m_ notation because the message crackers require it
  276. //
  277. CBlob m_ipl;
  279. if (fIplDirty)
  280. {
  281. BuildIplBlob(m_oblAccessList, m_fDefaultGranted, m_ipl);
  282. }
  284. BeginWaitCursor();
  286. BEGIN_META_DIR_WRITE(CW3Sheet)
  287. STORE_DIR_DATA_ON_SHEET(m_dwSSLAccessPermissions)
  288. STORE_DIR_DATA_ON_SHEET(m_dwAuthFlags)
  289. STORE_DIR_DATA_ON_SHEET(m_strBasicDomain)
  290. STORE_DIR_DATA_ON_SHEET(m_strRealm)
  292. if (fIplDirty)
  293. {
  294. STORE_DIR_DATA_ON_SHEET(m_ipl)
  295. }
  296. STORE_DIR_DATA_ON_SHEET(m_strAnonUserName)
  297. STORE_DIR_DATA_ON_SHEET(m_fPasswordSync)
  298. STORE_DIR_DATA_ON_SHEET(m_fUseNTMapper)
  299. if (m_fPasswordSync != m_fPasswordSyncInitial && m_fPasswordSync)
  300. {
  301. FLAG_DIR_DATA_FOR_DELETION(MD_ANONYMOUS_PWD);
  302. }
  303. else
  304. {
  305. STORE_DIR_DATA_ON_SHEET(m_strAnonPassword);
  306. }
  307. END_META_DIR_WRITE(err)
  309. if (err.Succeeded())
  310. {
  311. BEGIN_META_INST_WRITE(CW3Sheet)
  312. if ( m_strCTLIdentifier.IsEmpty() )
  313. {
  314. FLAG_INST_DATA_FOR_DELETION( MD_SSL_CTL_IDENTIFIER )
  315. }
  316. else
  317. {
  318. STORE_INST_DATA_ON_SHEET(m_strCTLIdentifier)
  319. }
  321. if ( m_strCTLStoreName.IsEmpty() )
  322. {
  323. FLAG_INST_DATA_FOR_DELETION( MD_SSL_CTL_STORE_NAME )
  324. }
  325. else
  326. {
  327. STORE_INST_DATA_ON_SHEET(m_strCTLStoreName)
  328. }
  329. END_META_INST_WRITE(err)
  330. }
  332. EndWaitCursor();
  334. if (err.Succeeded())
  335. {
  336. m_fIpDirty = FALSE;
  337. m_fOldDefaultGranted = m_fDefaultGranted;
  338. err = ((CW3Sheet *)GetSheet())->SetKeyType();
  339. }
  341. return err;
  342. }
  346. BOOL
  347. CW3SecurityPage::FetchSSLState()
  348. /*++
  350. Routine Description:
  352. Obtain the state of the dialog depending on whether certificates
  353. are installed or not.
  355. Arguments:
  357. None
  359. Return Value:
  361. TRUE if certificates are installed, FALSE otherwise
  363. --*/
  364. {
  365. BeginWaitCursor();
  366. m_fCertInstalled = ::IsCertInstalledOnServer(
  367. QueryAuthInfo(),
  368. QueryMetaPath()
  369. );
  370. EndWaitCursor();
  372. return m_fCertInstalled;
  373. }
  377. void
  378. CW3SecurityPage::SetSSLControlState()
  379. /*++
  381. Routine Description:
  383. Enable/disable supported controls depending on what's installed.
  384. Only available on non-master instance nodes.
  386. Arguments:
  388. None
  390. Return Value:
  392. None
  394. --*/
  395. {
  396. m_static_SSLPrompt.EnableWindow(!IsMasterInstance());
  397. m_button_GetCertificates.EnableWindow(
  398. !IsMasterInstance()
  399. && m_fHome
  400. && IsLocal()
  401. );
  402. m_button_Communications.EnableWindow(
  403. !IsMasterInstance()
  404. && IsSSLSupported()
  405. && FetchSSLState()
  406. );
  407. m_button_ViewCertificates.EnableWindow(m_fCertInstalled);
  408. }
  412. //
  413. // Message Handlers
  414. //
  415. // <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
  417. BOOL
  418. CW3SecurityPage::OnSetActive()
  419. /*++
  421. Routine Description:
  423. Page got activated -- set the SSL state depending on whether a
  424. certificate is installed or not.
  426. Arguments:
  428. None
  430. Return Value:
  432. TRUE to activate the page, FALSE otherwise.
  434. --*/
  435. {
  436. //
  437. // Enable/disable ssl controls
  438. //
  439. SetSSLControlState();
  441. return CInetPropertyPage::OnSetActive();
  442. }
  446. BOOL
  447. CW3SecurityPage::OnInitDialog()
  448. /*++
  450. Routine Description:
  452. WM_INITDIALOG handler. Initialize the dialog.
  454. Arguments:
  456. None.
  458. Return Value:
  460. TRUE if no focus is to be set automatically, FALSE if the focus
  461. is already set.
  463. --*/
  464. {
  465. CInetPropertyPage::OnInitDialog();
  467. //
  468. // Initialize certificate authorities ocx
  469. //
  470. CRect rc(0, 0, 0, 0);
  471. m_ocx_CertificateAuthorities.Create(
  472. _T("CertWiz"),
  473. WS_BORDER,
  474. rc,
  475. this,
  476. IDC_APPSCTRL
  477. );
  479. GetDlgItem(IDC_GROUP_IP)->EnableWindow(HasIPAccessCheck());
  480. GetDlgItem(IDC_ICON_IP)->EnableWindow(HasIPAccessCheck());
  481. GetDlgItem(IDC_STATIC_IP)->EnableWindow(HasIPAccessCheck());
  482. GetDlgItem(IDC_BUTTON_IP_SECURITY)->EnableWindow(HasIPAccessCheck());
  483. GetDlgItem(IDC_BUTTON_AUTHENTICATION)->EnableWindow(!m_fU2Installed);
  485. //
  486. // Configure for either master or non-master display.
  487. //
  488. m_check_EnableDS.ShowWindow(IsMasterInstance() ? SW_SHOW : SW_HIDE);
  489. m_check_EnableDS.EnableWindow(
  490. HasAdminAccess()
  491. && IsMasterInstance()
  492. && HasNTCertMapper()
  493. );
  495. #define SHOW_NON_MASTER(x)\
  496. (x).ShowWindow(IsMasterInstance() ? SW_HIDE : SW_SHOW)
  498. SHOW_NON_MASTER(m_static_SSLPrompt);
  499. SHOW_NON_MASTER(m_icon_Secure);
  500. SHOW_NON_MASTER(m_button_GetCertificates);
  501. SHOW_NON_MASTER(m_button_Communications);
  502. SHOW_NON_MASTER(m_button_ViewCertificates);
  504. #undef SHOW_NON_MASTER
  506. return TRUE;
  507. }
  511. void
  512. CW3SecurityPage::OnButtonAuthentication()
  513. /*++
  515. Routine Description:
  517. 'Authentication' button hander
  519. Arguments:
  521. None
  523. Return Value:
  525. None
  527. --*/
  528. {
  529. CAuthenticationDlg dlg(
  530. QueryServerName(),
  531. QueryInstance(),
  532. m_strBasicDomain,
  533. m_strRealm,
  534. m_dwAuthFlags,
  535. m_dwSSLAccessPermissions,
  536. m_strAnonUserName,
  537. m_strAnonPassword,
  538. m_fPasswordSync,
  539. HasAdminAccess(),
  540. HasDigest(),
  541. this
  542. );
  544. DWORD dwOldAccess = m_dwSSLAccessPermissions;
  545. DWORD dwOldAuth = m_dwAuthFlags;
  546. CString strOldDomain = m_strBasicDomain;
  547. CString strOldRealm = m_strRealm;
  548. CString strOldUserName = m_strAnonUserName;
  549. CString strOldPassword = m_strAnonPassword;
  550. BOOL fOldPasswordSync = m_fPasswordSync;
  552. if (dlg.DoModal() == IDOK)
  553. {
  554. //
  555. // See if anything has changed
  556. //
  557. if (dwOldAccess != m_dwSSLAccessPermissions
  558. || dwOldAuth != m_dwAuthFlags
  559. || m_strBasicDomain != strOldDomain
  560. || m_strRealm != strOldRealm
  561. || m_strAnonUserName != strOldUserName
  562. || m_strAnonPassword != strOldPassword
  563. || m_fPasswordSync != fOldPasswordSync
  564. )
  565. {
  566. //
  567. // Mark as dirty
  568. //
  569. OnItemChanged();
  570. }
  571. }
  572. }
  576. void
  577. CW3SecurityPage::OnButtonCommunications()
  578. /*++
  580. Routine Description:
  582. 'Communications' button handler
  584. Arguments:
  586. None
  588. Return Value:
  590. None
  592. --*/
  593. {
  594. //
  595. // Prep the flag for if we can edit CTLs or not
  596. //
  597. BOOL fEditCTLs = IsMasterInstance() || m_fHome;
  599. //
  600. // Prep the communications dialog
  601. //
  602. CSecCommDlg dlg(
  603. QueryServerName(),
  604. QueryInstanceMetaPath(),
  605. m_strBasicDomain,
  606. m_dwAuthFlags,
  607. QueryAuthInfo(),
  608. m_dwSSLAccessPermissions,
  609. IsMasterInstance(),
  610. IsSSLSupported(),
  611. IsSSL128Supported(),
  612. m_fU2Installed,
  613. m_strCTLIdentifier,
  614. m_strCTLStoreName,
  615. fEditCTLs,
  616. IsLocal(),
  617. this
  618. );
  620. DWORD dwOldAccess = m_dwSSLAccessPermissions;
  621. DWORD dwOldAuth = m_dwAuthFlags;
  623. if (dlg.DoModal() == IDOK)
  624. {
  625. //
  626. // See if anything has changed
  627. //
  628. if (dwOldAccess != m_dwSSLAccessPermissions
  629. || dwOldAuth != m_dwAuthFlags
  630. )
  631. {
  632. //
  633. // Mark as dirty
  634. //
  635. OnItemChanged();
  636. }
  638. //
  639. // See if the CTL information has changed
  640. //
  641. if (dlg.m_bCTLDirty)
  642. {
  643. m_strCTLIdentifier = dlg.m_strCTLIdentifier;
  644. m_strCTLStoreName = dlg.m_strCTLStoreName;
  645. OnItemChanged();
  646. }
  647. }
  648. }
  652. void
  653. CW3SecurityPage::OnButtonIpSecurity()
  654. /*++
  656. Routine Description:
  658. 'tcpip' button handler
  660. Arguments:
  662. None
  664. Return Value:
  666. None
  668. --*/
  669. {
  670. CIPDomainDlg dlg(
  671. m_fIpDirty,
  672. m_fDefaultGranted,
  673. m_fOldDefaultGranted,
  674. m_oblAccessList,
  675. this
  676. );
  678. if (dlg.DoModal() == IDOK)
  679. {
  680. //
  681. // Rebuild the list. Temporarily reset ownership, otherwise
  682. // RemoveAll() will destroy the pointers which are shared with the
  683. // new list.
  684. //
  685. BOOL fOwn = m_oblAccessList.SetOwnership(FALSE);
  686. m_oblAccessList.RemoveAll();
  687. m_oblAccessList.AddTail(&dlg.GetAccessList());
  688. m_oblAccessList.SetOwnership(fOwn);
  690. if (m_fIpDirty || m_fOldDefaultGranted != m_fDefaultGranted)
  691. {
  692. OnItemChanged();
  693. }
  694. }
  695. }
  699. void
  700. CW3SecurityPage::OnButtonGetCertificates()
  701. /*++
  703. Routine Description:
  705. "get certicate" button handler
  707. Arguments:
  709. None
  711. Return Value:
  713. None
  715. --*/
  716. {
  717. m_ocx_CertificateAuthorities.SetMachineName(QueryServerName());
  718. m_ocx_CertificateAuthorities.SetServerInstance(QueryInstanceMetaPath());
  719. m_ocx_CertificateAuthorities.DoClick();
  721. //
  722. // There may now be a certificate. See if we should enable the edit button.
  723. //
  724. SetSSLControlState();
  725. }
  728. void
  729. CW3SecurityPage::OnButtonViewCertificates()
  730. /*++
  732. Routine Description:
  734. "view certicate" button handler
  736. Arguments:
  738. None
  740. Return Value:
  742. None
  744. --*/
  745. {
  746. HCERTSTORE hStore = NULL;
  747. PCCERT_CONTEXT pCert = NULL;
  748. CMetaKey key(QueryAuthInfo(),
  749. QueryInstanceMetaPath(),
  750. METADATA_PERMISSION_READ | METADATA_PERMISSION_WRITE,
  751. METADATA_MASTER_ROOT_HANDLE);
  752. if (key.Succeeded())
  753. {
  754. CString store_name;
  755. CBlob hash;
  756. if ( SUCCEEDED(key.QueryValue(MD_SSL_CERT_STORE_NAME, store_name))
  757. && SUCCEEDED(key.QueryValue(MD_SSL_CERT_HASH, hash))
  758. )
  759. {
  760. hStore = CertOpenStore(
  761. CERT_STORE_PROV_SYSTEM,
  762. PKCS_7_ASN_ENCODING | X509_ASN_ENCODING,
  763. NULL,
  764. CERT_SYSTEM_STORE_LOCAL_MACHINE,
  765. store_name
  766. );
  767. if (hStore != NULL)
  768. {
  769. // Now we need to find cert by hash
  770. CRYPT_HASH_BLOB crypt_hash;
  771. crypt_hash.cbData = hash.GetSize();
  772. crypt_hash.pbData = hash.GetData();
  773. pCert = CertFindCertificateInStore(hStore,
  774. X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
  775. 0, CERT_FIND_HASH, (LPVOID)&crypt_hash, NULL);
  776. }
  777. }
  778. }
  779. if (pCert)
  780. {
  781. BOOL fPropertiesChanged;
  782. CRYPTUI_VIEWCERTIFICATE_STRUCT vcs;
  783. HCERTSTORE hCertStore = ::CertDuplicateStore(hStore);
  784. ::ZeroMemory (&vcs, sizeof (vcs));
  785. vcs.dwSize = sizeof (vcs);
  786. vcs.hwndParent = GetParent()->GetSafeHwnd();
  787. vcs.dwFlags = 0;
  788. vcs.cStores = 1;
  789. vcs.rghStores = &hCertStore;
  790. vcs.pCertContext = pCert;
  791. ::CryptUIDlgViewCertificate(&vcs, &fPropertiesChanged);
  792. ::CertCloseStore (hCertStore, 0);
  793. }
  794. else
  795. {
  796. }
  797. if (pCert != NULL)
  798. ::CertFreeCertificateContext(pCert);
  799. if (hStore != NULL)
  800. ::CertCloseStore(hStore, 0);
  801. }
  803. void
  804. CW3SecurityPage::OnItemChanged()
  805. /*++
  807. Routine Description:
  809. All EN_CHANGE messages map to this function
  811. Arguments:
  813. None
  815. Return Value:
  817. None
  819. --*/
  820. {
  821. SetModified(TRUE);
  822. }