archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7 Commits
1 Branch
0 Tags
2.0 GiB
Tree: 9769ad7c3d
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '9769ad7c3d'
${ noResults }
windows-xp/Source/XPSP1/NT/admin/snapin/certmgr/compdata.cpp

5971 lines
169 KiB
Raw Normal View History

Add source files
4 years ago
  1. //+---------------------------------------------------------------------------
  2. /////////////////////////////////////////////////////////////////////////////////
  3. //
  4. // Microsoft Windows
  5. // Copyright (C) Microsoft Corporation, 1997-2001.
  6. //
  7. // File: compdata.cpp
  8. //
  9. // Contents: Implementation of CCertMgrComponentData
  10. //
  11. //----------------------------------------------------------------------------
  13. #include "stdafx.h"
  15. USE_HANDLE_MACROS ("CERTMGR (compdata.cpp)")
  16. #include <gpedit.h>
  17. #include "compdata.h"
  18. #include "dataobj.h"
  19. #include "cookie.h"
  20. #include "snapmgr.h"
  21. #include "Certifct.h"
  22. #include "dlgs.h"
  23. #include "SelAcct.h"
  24. #include "FindDlg.h"
  25. #pragma warning(push, 3)
  26. #include <wintrust.h>
  27. #include <cryptui.h>
  28. #include <sceattch.h>
  29. #pragma warning(pop)
  30. #include "selservc.h"
  31. #include "acrgenpg.h"
  32. #include "acrspsht.h"
  33. #include "acrswlcm.h"
  34. #include "acrstype.h"
  36. #include "acrslast.h"
  37. #include "addsheet.h"
  38. #include "gpepage.h"
  39. #include "password.h"
  40. #include "storegpe.h"
  41. #include "uuids.h"
  42. #include "StoreRSOP.h"
  43. #include "PolicyPrecedencePropertyPage.h"
  44. #include "AutoenrollmentPropertyPage.h"
  45. #include "SaferEntry.h"
  46. #include "SaferUtil.h"
  47. #include "SaferDefinedFileTypesPropertyPage.h"
  48. #include "EFSGeneralPropertyPage.h"
  51. #ifdef _DEBUG
  52. #ifndef ALPHA
  53. #define new DEBUG_NEW
  54. #endif
  55. #undef THIS_FILE
  56. static char THIS_FILE[] = __FILE__;
  57. #endif
  60. #include "stdcdata.cpp" // CComponentData implementation
  62. extern HINSTANCE g_hInstance;
  64. extern GUID g_guidExtension;
  65. extern GUID g_guidRegExt;
  66. extern GUID g_guidSnapin;
  68. //
  69. // CCertMgrComponentData
  70. //
  72. extern CString g_szFileName; // If not empty, was called from command-line.
  74. CCertMgrComponentData::CCertMgrComponentData ()
  75. : m_pRootCookie (0),
  76. m_activeViewPersist (IDM_STORE_VIEW),
  77. m_hRootScopeItem (0),
  78. m_bShowPhysicalStoresPersist (0),
  79. m_bShowArchivedCertsPersist (0),
  80. m_fAllowOverrideMachineName (0),
  81. m_dwFlagsPersist (0),
  82. m_dwLocationPersist (0),
  83. m_pResultData (0),
  84. m_pGPEInformation (0),
  85. m_pRSOPInformationComputer (0),
  86. m_pRSOPInformationUser (0),
  87. m_bIsUserAdministrator (FALSE),
  88. m_dwSCEMode (SCE_MODE_UNKNOWN),
  89. m_pHeader (0),
  90. m_bMultipleObjectsSelected (false) ,
  91. m_pCryptUIMMCCallbackStruct (0),
  92. m_pGPERootStore (0),
  93. m_pGPETrustStore (0),
  94. m_pFileBasedStore (0),
  95. m_pGPEACRSUserStore (0),
  96. m_pGPEACRSComputerStore (0),
  97. m_fInvalidComputer (false),
  98. m_bMachineIsStandAlone (true),
  99. m_pComponentConsole (0),
  100. m_bIsRSOP (false),
  101. m_pIWbemServicesComputer (0),
  102. m_pIWbemServicesUser (0),
  103. m_pbstrLanguage (SysAllocString (STR_WQL)),
  104. m_pbstrQuery (SysAllocString (STR_SELECT_STATEMENT)),
  105. m_pbstrValueName (SysAllocString (STR_PROP_VALUENAME)),
  106. m_pbstrRegistryKey (SysAllocString (STR_PROP_REGISTRYKEY)),
  107. m_pbstrValue (SysAllocString (STR_PROP_VALUE)),
  108. m_pbstrPrecedence (SysAllocString (STR_PROP_PRECEDENCE)),
  109. m_pbstrGPOid (SysAllocString (STR_PROP_GPOID)),
  110. m_dwRSOPFlagsComputer (0),
  111. m_dwRSOPFlagsUser (0),
  112. m_dwDefaultSaferLevel (0),
  113. m_pdwSaferLevels (0),
  114. m_bSaferSupported (false)
  115. {
  116. _TRACE (1, L"Entering CCertMgrComponentData::CCertMgrComponentData\n");
  117. m_pRootCookie = new CCertMgrCookie (CERTMGR_SNAPIN);
  119. // Get name of logged-in user
  120. DWORD dwSize = 0;
  121. ::GetUserName (0, &dwSize);
  122. BOOL bRet = ::GetUserName (m_szLoggedInUser.GetBufferSetLength (dwSize), &dwSize);
  123. ASSERT (bRet);
  124. m_szLoggedInUser.ReleaseBuffer ();
  126. // Get name of this computer
  127. dwSize = MAX_COMPUTERNAME_LENGTH + 1 ;
  128. bRet = ::GetComputerName (m_szThisComputer.GetBufferSetLength (MAX_COMPUTERNAME_LENGTH + 1 ), &dwSize);
  129. ASSERT (bRet);
  130. m_szThisComputer.ReleaseBuffer ();
  132. // Find out if logged-in users is an Administrator
  133. IsUserAdministrator (m_bIsUserAdministrator);
  135. if ( !g_szFileName.IsEmpty () )
  136. {
  137. m_szFileName = g_szFileName;
  138. g_szFileName = _T ("");
  139. }
  141. // Find out if we're joined to a domain.
  142. PDSROLE_PRIMARY_DOMAIN_INFO_BASIC pInfo = 0;
  143. DWORD dwErr = ::DsRoleGetPrimaryDomainInformation (
  144. 0,
  145. DsRolePrimaryDomainInfoBasic,
  146. (PBYTE*) &pInfo);
  147. if ( ERROR_SUCCESS == dwErr )
  148. {
  149. switch (pInfo->MachineRole)
  150. {
  151. case DsRole_RoleStandaloneWorkstation:
  152. case DsRole_RoleStandaloneServer:
  153. m_bMachineIsStandAlone = true;
  154. break;
  156. case DsRole_RoleMemberWorkstation:
  157. case DsRole_RoleMemberServer:
  158. case DsRole_RoleBackupDomainController:
  159. case DsRole_RolePrimaryDomainController:
  160. m_bMachineIsStandAlone = false;
  161. break;
  163. default:
  164. break;
  165. }
  166. }
  167. else
  168. {
  169. _TRACE (0, L"DsRoleGetPrimaryDomainInformation () failed: 0x%x\n", dwErr);
  170. }
  171. NetApiBufferFree (pInfo);
  173. _TRACE (-1, L"Leaving CCertMgrComponentData::CCertMgrComponentData\n");
  174. }
  176. CCertMgrComponentData::~CCertMgrComponentData ()
  177. {
  178. _TRACE (1, L"Entering CCertMgrComponentData::~CCertMgrComponentData\n");
  179. if ( m_pCryptUIMMCCallbackStruct )
  180. {
  181. ::MMCFreeNotifyHandle (m_pCryptUIMMCCallbackStruct->lNotifyHandle);
  182. ((LPDATAOBJECT)(m_pCryptUIMMCCallbackStruct->param))->Release ();
  183. ::GlobalFree (m_pCryptUIMMCCallbackStruct);
  184. m_pCryptUIMMCCallbackStruct = 0;
  185. }
  187. if ( m_pGPERootStore )
  188. {
  189. m_pGPERootStore->Release ();
  190. m_pGPERootStore = 0;
  191. }
  192. if ( m_pGPETrustStore )
  193. {
  194. m_pGPETrustStore->Release ();
  195. m_pGPETrustStore = 0;
  196. }
  197. if ( m_pFileBasedStore )
  198. {
  199. m_pFileBasedStore->Release ();
  200. m_pFileBasedStore = 0;
  201. }
  203. if ( m_pGPEACRSUserStore )
  204. {
  205. m_pGPEACRSUserStore->Release ();
  206. m_pGPEACRSUserStore = 0;
  207. }
  209. if ( m_pGPEACRSComputerStore )
  210. {
  211. m_pGPEACRSComputerStore->Release ();
  212. m_pGPEACRSComputerStore = 0;
  213. }
  215. CCookie& rootCookie = QueryBaseRootCookie ();
  216. while ( !rootCookie.m_listResultCookieBlocks.IsEmpty() )
  217. {
  218. (rootCookie.m_listResultCookieBlocks.RemoveHead())->Release();
  219. }
  220. if ( m_pGPEInformation )
  221. {
  222. m_pGPEInformation->Release ();
  223. m_pGPEInformation = 0;
  224. }
  226. if ( m_pRSOPInformationComputer )
  227. {
  228. m_pRSOPInformationComputer->Release ();
  229. m_pRSOPInformationComputer = 0;
  230. }
  231. if ( m_pRSOPInformationUser )
  232. {
  233. m_pRSOPInformationUser->Release ();
  234. m_pRSOPInformationUser = 0;
  235. }
  237. if ( m_pResultData )
  238. {
  239. m_pResultData->Release ();
  240. m_pResultData = 0;
  241. }
  243. if ( m_pComponentConsole )
  244. {
  245. SAFE_RELEASE (m_pComponentConsole);
  246. m_pComponentConsole = 0;
  247. }
  249. if (m_pbstrLanguage)
  250. SysFreeString (m_pbstrLanguage);
  252. if (m_pbstrQuery)
  253. SysFreeString (m_pbstrQuery);
  255. if (m_pbstrRegistryKey)
  256. SysFreeString (m_pbstrRegistryKey);
  258. if (m_pbstrValueName)
  259. SysFreeString (m_pbstrValueName);
  261. if (m_pbstrValue)
  262. SysFreeString (m_pbstrValue);
  264. if ( m_pbstrPrecedence )
  265. SysFreeString (m_pbstrPrecedence);
  267. if ( m_pbstrGPOid )
  268. SysFreeString (m_pbstrGPOid);
  270. int nIndex = 0;
  271. INT_PTR nUpperBound = m_rsopObjectArrayComputer.GetUpperBound ();
  273. while ( nUpperBound >= nIndex )
  274. {
  275. CRSOPObject* pCurrObject = m_rsopObjectArrayComputer.GetAt (nIndex);
  276. if ( pCurrObject )
  277. {
  278. delete pCurrObject;
  279. }
  280. nIndex++;
  281. }
  282. m_rsopObjectArrayComputer.RemoveAll ();
  285. nIndex = 0;
  286. nUpperBound = m_rsopObjectArrayUser.GetUpperBound ();
  287. while ( nUpperBound >= nIndex )
  288. {
  289. CRSOPObject* pCurrObject = m_rsopObjectArrayUser.GetAt (nIndex);
  290. if ( pCurrObject )
  291. {
  292. delete pCurrObject;
  293. }
  294. nIndex++;
  295. }
  296. m_rsopObjectArrayUser.RemoveAll ();
  298. if ( m_pIWbemServicesComputer )
  299. m_pIWbemServicesComputer->Release ();
  301. if ( m_pIWbemServicesUser )
  302. m_pIWbemServicesUser->Release ();
  304. if ( m_pRootCookie )
  305. m_pRootCookie->Release ();
  307. if ( m_pdwSaferLevels )
  308. delete m_pdwSaferLevels;
  310. _TRACE (-1, L"Leaving CCertMgrComponentData::~CCertMgrComponentData\n");
  311. }
  313. DEFINE_FORWARDS_MACHINE_NAME ( CCertMgrComponentData, (m_pRootCookie) )
  315. CCookie& CCertMgrComponentData::QueryBaseRootCookie ()
  316. {
  317. _TRACE (0, L"Entering and leaving CCertMgrComponentData::QueryBaseRootCookie\n");
  318. ASSERT (m_pRootCookie);
  319. return (CCookie&) *m_pRootCookie;
  320. }
  323. STDMETHODIMP CCertMgrComponentData::CreateComponent (LPCOMPONENT* ppComponent)
  324. {
  325. _TRACE (1, L"Entering CCertMgrComponentData::CreateComponent\n");
  327. ASSERT (ppComponent);
  329. CComObject<CCertMgrComponent>* pObject = 0;
  330. CComObject<CCertMgrComponent>::CreateInstance (&pObject);
  331. ASSERT (pObject);
  332. pObject->SetComponentDataPtr ( (CCertMgrComponentData*) this);
  334. HRESULT hr = pObject->QueryInterface (IID_PPV_ARG (IComponent, ppComponent));
  335. _TRACE (1, L"Entering CCertMgrComponentData::CreateComponent\n");
  336. return hr;
  337. }
  339. HRESULT CCertMgrComponentData::LoadIcons (LPIMAGELIST pImageList, BOOL /*fLoadLargeIcons*/)
  340. {
  341. _TRACE (1, L"Entering CCertMgrComponentData::LoadIcons\n");
  342. // Structure to map a Resource ID to an index of icon
  343. struct RESID2IICON
  344. {
  345. UINT uIconId; // Icon resource ID
  346. int iIcon; // Index of the icon in the image list
  347. };
  348. const static RESID2IICON rgzLoadIconList[] =
  349. {
  350. // Misc icons
  351. { IDI_CERTIFICATE, iIconCertificate },
  352. { IDI_CTL, iIconCTL },
  353. { IDI_CRL, iIconCRL },
  354. { IDI_AUTO_CERT_REQUEST, iIconAutoCertRequest },
  355. { IDI_AUTOENROLL, iIconAutoEnroll },
  356. { IDI_SAFER_LEVEL, iIconSaferLevel },
  357. { IDI_DEFAULT_SAFER_LEVEL, iIconDefaultSaferLevel },
  358. { IDI_SAFER_HASH_ENTRY, iIconSaferHashEntry },
  359. { IDI_SAFER_URL_ENTRY, iIconSaferURLEntry },
  360. { IDI_SAFER_NAME_ENTRY, iIconSaferNameEntry },
  361. { IDI_SETTINGS, iIconSettings },
  362. { IDI_SAFER_CERT_ENTRY, iIconSaferCertEntry },
  363. { 0, 0} // Must be last
  364. };
  367. for (int i = 0; rgzLoadIconList[i].uIconId != 0; i++)
  368. {
  369. HICON hIcon = ::LoadIcon (AfxGetInstanceHandle (),
  370. MAKEINTRESOURCE (rgzLoadIconList[i].uIconId));
  371. ASSERT (hIcon && "Icon ID not found in resources");
  372. /*HRESULT hr =*/ pImageList->ImageListSetIcon ( (PLONG_PTR) hIcon,
  373. rgzLoadIconList[i].iIcon);
  374. // ASSERT (SUCCEEDED (hr) && "Unable to add icon to ImageList");
  375. }
  377. _TRACE (-1, L"Leaving CCertMgrComponentData::LoadIcons\n");
  378. return S_OK;
  379. }
  382. HRESULT CCertMgrComponentData::OnNotifyExpand (LPDATAOBJECT pDataObject, BOOL bExpanding, HSCOPEITEM hParent)
  383. {
  384. _TRACE (1, L"Entering CCertMgrComponentData::OnNotifyExpand\n");
  385. AFX_MANAGE_STATE (AfxGetStaticModuleState ());
  386. CWaitCursor waitCursor;
  387. ASSERT (pDataObject && hParent && m_pConsoleNameSpace);
  388. if (!bExpanding)
  389. return S_OK;
  391. static bool bDomainVersionChecked = false;
  393. if ( !bDomainVersionChecked )
  394. {
  395. if ( !m_bMachineIsStandAlone ) // only check if joined to a domain
  396. CheckDomainVersion ();
  397. bDomainVersionChecked = true;
  398. }
  400. GUID guidObjectType;
  401. HRESULT hr = ExtractObjectTypeGUID (pDataObject, &guidObjectType);
  402. ASSERT (SUCCEEDED (hr));
  403. if ( IsSecurityConfigurationEditorNodetype (guidObjectType) )
  404. {
  405. hr = ExtractData (pDataObject, CCertMgrDataObject::m_CFSCEModeType,
  406. &m_dwSCEMode, sizeof (DWORD));
  407. ASSERT (SUCCEEDED (hr));
  408. if ( SUCCEEDED (hr) )
  409. {
  410. switch (m_dwSCEMode)
  411. {
  412. case SCE_MODE_DOMAIN_USER: // User Settings
  413. case SCE_MODE_OU_USER:
  414. case SCE_MODE_LOCAL_USER:
  415. case SCE_MODE_DOMAIN_COMPUTER: // Computer Settings
  416. case SCE_MODE_OU_COMPUTER:
  417. case SCE_MODE_LOCAL_COMPUTER:
  418. m_bIsRSOP = false;
  419. if ( !m_pGPEInformation )
  420. {
  421. IUnknown* pIUnknown = 0;
  423. hr = ExtractData (pDataObject,
  424. CCertMgrDataObject::m_CFSCE_GPTUnknown,
  425. &pIUnknown, sizeof (IUnknown*));
  426. ASSERT (SUCCEEDED (hr));
  427. if ( SUCCEEDED (hr) )
  428. {
  429. hr = pIUnknown->QueryInterface (
  430. IID_PPV_ARG (IGPEInformation, &m_pGPEInformation));
  431. ASSERT (SUCCEEDED (hr));
  432. #if DBG
  433. if ( SUCCEEDED (hr) )
  434. {
  435. const int cbLen = 512;
  436. WCHAR szName[cbLen];
  437. hr = m_pGPEInformation->GetName (szName, cbLen);
  438. if ( SUCCEEDED (hr) )
  439. {
  440. _TRACE (0, L"IGPEInformation::GetName () returned: %s",
  441. szName);
  442. }
  443. else
  444. {
  445. _TRACE (0, L"IGPEInformation::GetName () failed: 0x%x\n", hr);
  446. }
  447. }
  448. #endif
  449. pIUnknown->Release ();
  450. }
  451. }
  453. if ( SUCCEEDED (hr) )
  454. {
  455. switch (m_dwSCEMode)
  456. {
  457. case SCE_MODE_DOMAIN_USER:
  458. case SCE_MODE_OU_USER:
  459. case SCE_MODE_LOCAL_USER:
  460. hr = ExpandScopeNodes (NULL, hParent, _T (""),
  461. CERT_SYSTEM_STORE_CURRENT_USER_GROUP_POLICY, NODEID_User);
  462. break;
  464. case SCE_MODE_DOMAIN_COMPUTER:
  465. case SCE_MODE_OU_COMPUTER:
  466. case SCE_MODE_LOCAL_COMPUTER:
  467. hr = ExpandScopeNodes (NULL, hParent, _T (""),
  468. CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY, NODEID_Machine);
  469. break;
  471. default:
  472. ASSERT (0);
  473. hr = E_FAIL;
  474. break;
  475. }
  476. }
  477. break;
  479. case SCE_MODE_RSOP_USER:
  480. case SCE_MODE_RSOP_COMPUTER:
  481. m_bIsRSOP = true;
  482. hr = BuildWMIList (pDataObject, SCE_MODE_RSOP_COMPUTER == m_dwSCEMode);
  483. if ( SUCCEEDED (hr) )
  484. {
  485. switch (m_dwSCEMode)
  486. {
  487. case SCE_MODE_RSOP_USER:
  488. hr = ExpandScopeNodes (NULL, hParent, _T (""),
  489. CERT_SYSTEM_STORE_CURRENT_USER_GROUP_POLICY,
  490. NODEID_User);
  491. break;
  493. case SCE_MODE_RSOP_COMPUTER:
  494. hr = ExpandScopeNodes (NULL, hParent, _T (""),
  495. CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY,
  496. NODEID_Machine);
  497. break;
  499. default:
  500. ASSERT (0);
  501. hr = E_FAIL;
  502. break;
  503. }
  504. }
  505. break;
  507. default:
  508. // we are not extending other nodes
  509. break;
  510. }
  511. }
  513. return hr;
  514. }
  516. // Beyond this point we are not dealing with extension node types.
  517. {
  518. CCertMgrCookie* pParentCookie = ConvertCookie (pDataObject);
  519. if ( pParentCookie )
  520. {
  521. hr = ExpandScopeNodes (pParentCookie, hParent, _T (""), 0, guidObjectType);
  522. }
  523. else
  524. hr = E_UNEXPECTED;
  525. }
  528. _TRACE (-1, L"Leaving CCertMgrComponentData::OnNotifyExpand: 0x%x\n", hr);
  529. return hr;
  530. }
  533. HRESULT CCertMgrComponentData::OnNotifyRelease (LPDATAOBJECT /*pDataObject*/, HSCOPEITEM hItem)
  534. {
  535. _TRACE (1, L"Entering CCertMgrComponentData::OnNotifyRelease\n");
  537. HRESULT hr = DeleteChildren (hItem);
  539. _TRACE (-1, L"Leaving CCertMgrComponentData::OnNotifyRelease: 0x%x\n", hr);
  540. return hr;
  541. }
  544. BSTR CCertMgrComponentData::QueryResultColumnText (CCookie& basecookie, int nCol)
  545. {
  546. // _TRACE (1, L"Entering CCertMgrComponentData::QueryResultColumnText\n");
  547. CCertMgrCookie& cookie = (CCertMgrCookie&) basecookie;
  548. BSTR strResult = L"";
  550. #ifndef UNICODE
  551. #error not ANSI-enabled
  552. #endif
  553. switch ( cookie.m_objecttype )
  554. {
  555. case CERTMGR_SNAPIN:
  556. case CERTMGR_USAGE:
  557. case CERTMGR_CRL_CONTAINER:
  558. case CERTMGR_CTL_CONTAINER:
  559. case CERTMGR_CERT_CONTAINER:
  560. case CERTMGR_CERT_POLICIES_USER:
  561. case CERTMGR_CERT_POLICIES_COMPUTER:
  562. case CERTMGR_SAFER_COMPUTER_ROOT:
  563. case CERTMGR_SAFER_USER_ROOT:
  564. case CERTMGR_SAFER_COMPUTER_LEVELS:
  565. case CERTMGR_SAFER_USER_LEVELS:
  566. case CERTMGR_SAFER_COMPUTER_ENTRIES:
  567. case CERTMGR_SAFER_USER_ENTRIES:
  568. if ( 0 == nCol )
  569. strResult = const_cast<BSTR> (cookie.GetObjectName ());
  570. break;
  572. case CERTMGR_SAFER_COMPUTER_LEVEL:
  573. case CERTMGR_SAFER_USER_LEVEL:
  574. if ( 0 == nCol )
  575. strResult = const_cast<BSTR> (cookie.GetObjectName ());
  576. break;
  578. case CERTMGR_SAFER_COMPUTER_ENTRY:
  579. case CERTMGR_SAFER_USER_ENTRY:
  580. ASSERT (0);
  581. break;
  583. case CERTMGR_PHYS_STORE:
  584. case CERTMGR_LOG_STORE:
  585. case CERTMGR_LOG_STORE_GPE:
  586. case CERTMGR_LOG_STORE_RSOP:
  587. if (COLNUM_CERT_SUBJECT == nCol)
  588. {
  589. CCertStore* pStore = reinterpret_cast <CCertStore*> (&cookie);
  590. ASSERT (pStore);
  591. if ( pStore )
  592. strResult = const_cast<BSTR> (pStore->GetLocalizedName ());
  593. }
  594. break;
  596. case CERTMGR_PKP_AUTOENROLLMENT_COMPUTER_SETTINGS:
  597. case CERTMGR_PKP_AUTOENROLLMENT_USER_SETTINGS:
  598. ASSERT (0);
  599. break;
  601. case CERTMGR_CERTIFICATE:
  602. case CERTMGR_CRL:
  603. case CERTMGR_CTL:
  604. case CERTMGR_AUTO_CERT_REQUEST:
  605. case CERTMGR_NULL_POLICY:
  606. _TRACE (0, L"CCertMgrComponentData::QueryResultColumnText bad parent type\n");
  607. ASSERT (0);
  608. break;
  610. default:
  611. ASSERT (0);
  612. break;
  613. }
  615. // _TRACE (-1, L"Leaving CCertMgrComponentData::QueryResultColumnText\n");
  616. return strResult;
  617. }
  619. int CCertMgrComponentData::QueryImage (CCookie& basecookie, BOOL /*fOpenImage*/)
  620. {
  621. // _TRACE (1, L"Entering CCertMgrComponentData::QueryImage\n");
  622. int nIcon = 0;
  624. CCertMgrCookie& cookie = (CCertMgrCookie&)basecookie;
  625. switch ( cookie.m_objecttype )
  626. {
  627. case CERTMGR_SNAPIN:
  628. nIcon = iIconCertificate;
  629. break;
  631. case CERTMGR_USAGE:
  632. case CERTMGR_PHYS_STORE:
  633. case CERTMGR_LOG_STORE:
  634. case CERTMGR_LOG_STORE_GPE:
  635. case CERTMGR_LOG_STORE_RSOP:
  636. case CERTMGR_CTL_CONTAINER:
  637. case CERTMGR_CERT_CONTAINER:
  638. case CERTMGR_CRL_CONTAINER:
  639. case CERTMGR_CERT_POLICIES_USER:
  640. case CERTMGR_CERT_POLICIES_COMPUTER:
  641. case CERTMGR_SAFER_COMPUTER_ROOT:
  642. case CERTMGR_SAFER_USER_ROOT:
  643. case CERTMGR_SAFER_COMPUTER_LEVELS:
  644. case CERTMGR_SAFER_USER_LEVELS:
  645. case CERTMGR_SAFER_COMPUTER_ENTRIES:
  646. case CERTMGR_SAFER_USER_ENTRIES:
  647. break;
  649. case CERTMGR_CERTIFICATE:
  650. case CERTMGR_CRL:
  651. case CERTMGR_CTL:
  652. case CERTMGR_PKP_AUTOENROLLMENT_COMPUTER_SETTINGS:
  653. case CERTMGR_PKP_AUTOENROLLMENT_USER_SETTINGS:
  654. ASSERT (0); // not expected in scope pane
  655. break;
  657. default:
  658. _TRACE (0, L"CCertMgrComponentData::QueryImage bad parent type\n");
  659. ASSERT (0);
  660. break;
  661. }
  662. // _TRACE (-1, L"Leaving CCertMgrComponentData::QueryImage\n");
  663. return nIcon;
  664. }
  667. ///////////////////////////////////////////////////////////////////////////////
  668. /// IExtendPropertySheet
  670. STDMETHODIMP CCertMgrComponentData::QueryPagesFor (LPDATAOBJECT pDataObject)
  671. {
  672. _TRACE (1, L"Entering CCertMgrComponentData::QueryPagesFor\n");
  673. HRESULT hr = S_OK;
  674. ASSERT (pDataObject);
  676. if ( pDataObject )
  677. {
  678. DATA_OBJECT_TYPES dataobjecttype = CCT_SCOPE;
  679. hr = ExtractData (pDataObject,
  680. CCertMgrDataObject::m_CFDataObjectType,
  681. &dataobjecttype, sizeof (dataobjecttype));
  682. if ( SUCCEEDED (hr) )
  683. {
  684. switch (dataobjecttype)
  685. {
  686. case CCT_SNAPIN_MANAGER:
  687. if ( !m_bIsUserAdministrator )
  688. {
  689. // Non-admins may manage only their own certs
  690. m_dwLocationPersist = CERT_SYSTEM_STORE_CURRENT_USER;
  691. hr = S_FALSE;
  692. }
  693. break;
  695. case CCT_RESULT:
  696. {
  697. hr = S_FALSE;
  698. CCertMgrCookie* pParentCookie = ConvertCookie (pDataObject);
  699. if ( pParentCookie )
  700. {
  701. switch (pParentCookie->m_objecttype)
  702. {
  703. case CERTMGR_CERTIFICATE:
  704. case CERTMGR_AUTO_CERT_REQUEST:
  705. case CERTMGR_PKP_AUTOENROLLMENT_COMPUTER_SETTINGS:
  706. case CERTMGR_PKP_AUTOENROLLMENT_USER_SETTINGS:
  707. case CERTMGR_SAFER_COMPUTER_LEVEL:
  708. case CERTMGR_SAFER_USER_LEVEL:
  709. case CERTMGR_SAFER_COMPUTER_TRUSTED_PUBLISHERS:
  710. case CERTMGR_SAFER_USER_TRUSTED_PUBLISHERS:
  711. case CERTMGR_SAFER_COMPUTER_DEFINED_FILE_TYPES:
  712. case CERTMGR_SAFER_USER_DEFINED_FILE_TYPES:
  713. case CERTMGR_SAFER_COMPUTER_ENTRY:
  714. case CERTMGR_SAFER_USER_ENTRY:
  715. case CERTMGR_SAFER_COMPUTER_ENFORCEMENT:
  716. case CERTMGR_SAFER_USER_ENFORCEMENT:
  717. hr = S_OK;
  718. break;
  720. default:
  721. break;
  722. }
  723. }
  724. }
  725. break;
  727. case CCT_SCOPE:
  728. {
  729. CCertMgrCookie* pParentCookie = ConvertCookie (pDataObject);
  730. if ( pParentCookie )
  731. {
  732. switch ( pParentCookie->m_objecttype )
  733. {
  734. case CERTMGR_LOG_STORE_GPE:
  735. case CERTMGR_LOG_STORE_RSOP:
  736. {
  737. CCertStore* pStore = reinterpret_cast <CCertStore*> (pParentCookie);
  738. ASSERT (pStore);
  739. if ( pStore )
  740. {
  741. switch (pStore->GetStoreType ())
  742. {
  743. case ROOT_STORE:
  744. case EFS_STORE:
  745. hr = S_OK;
  746. break;
  748. default:
  749. break;
  750. }
  751. }
  752. else
  753. hr = S_FALSE;
  754. }
  755. break;
  757. default:
  758. hr = S_FALSE;
  759. break;
  760. }
  761. }
  762. else
  763. {
  764. hr = S_FALSE;
  765. }
  766. }
  767. break;
  769. default:
  770. hr = S_FALSE;
  771. break;
  772. }
  773. }
  774. }
  775. else
  776. hr = E_POINTER;
  779. _TRACE (-1, L"Leaving CCertMgrComponentData::QueryPagesFor: 0x%x\n", hr);
  780. return hr;
  781. }
  783. STDMETHODIMP CCertMgrComponentData::CreatePropertyPages (
  784. LPPROPERTYSHEETCALLBACK pCallback,
  785. LONG_PTR handle, // This handle must be saved in the property page object to notify the parent when modified
  786. LPDATAOBJECT pDataObject)
  787. {
  788. _TRACE (1, L"Entering CCertMgrComponentData::CreatePropertyPages\n");
  789. AFX_MANAGE_STATE(AfxGetStaticModuleState());
  790. HRESULT hr = S_OK;
  793. ASSERT (pCallback && pDataObject);
  794. if ( pCallback && pDataObject )
  795. {
  796. DATA_OBJECT_TYPES dataobjecttype = CCT_SCOPE;
  797. hr = ExtractData (pDataObject,
  798. CCertMgrDataObject::m_CFDataObjectType,
  799. &dataobjecttype, sizeof (dataobjecttype));
  800. switch (dataobjecttype)
  801. {
  802. case CCT_SNAPIN_MANAGER:
  803. hr = AddSnapMgrPropPages (pCallback);
  804. break;
  806. case CCT_RESULT:
  807. {
  808. CCertMgrCookie* pParentCookie = ConvertCookie (pDataObject);
  809. if ( pParentCookie )
  810. {
  811. switch (pParentCookie->m_objecttype)
  812. {
  813. case CERTMGR_CERTIFICATE:
  814. {
  815. CCertificate* pCert = reinterpret_cast <CCertificate*> (pParentCookie);
  816. ASSERT (pCert);
  817. if ( pCert )
  818. {
  819. // Anything, except ACRS
  820. hr = AddCertPropPages (pCert, pCallback, pDataObject, handle);
  821. }
  822. else
  823. hr = E_FAIL;
  824. }
  825. break;
  827. case CERTMGR_AUTO_CERT_REQUEST:
  828. {
  829. CAutoCertRequest* pACR = reinterpret_cast <CAutoCertRequest*> (pParentCookie);
  830. ASSERT (pACR);
  831. if ( pACR )
  832. {
  833. hr = AddACRSCTLPropPages (pACR, pCallback);
  834. }
  835. else
  836. hr = E_FAIL;
  837. }
  838. break;
  840. case CERTMGR_PKP_AUTOENROLLMENT_COMPUTER_SETTINGS:
  841. case CERTMGR_PKP_AUTOENROLLMENT_USER_SETTINGS:
  842. hr = AddAutoenrollmentSettingsPropPages (pCallback,
  843. CERTMGR_PKP_AUTOENROLLMENT_COMPUTER_SETTINGS ==
  844. pParentCookie->m_objecttype);
  845. break;
  847. case CERTMGR_SAFER_COMPUTER_LEVEL:
  848. case CERTMGR_SAFER_USER_LEVEL:
  849. hr = AddSaferLevelPropPage (pCallback,
  850. dynamic_cast <CSaferLevel*>(pParentCookie),
  851. handle,
  852. pDataObject);
  853. break;
  855. case CERTMGR_SAFER_COMPUTER_TRUSTED_PUBLISHERS:
  856. case CERTMGR_SAFER_USER_TRUSTED_PUBLISHERS:
  857. hr = AddSaferTrustedPublisherPropPages (pCallback,
  858. CERTMGR_SAFER_COMPUTER_TRUSTED_PUBLISHERS ==
  859. pParentCookie->m_objecttype);
  860. break;
  862. case CERTMGR_SAFER_COMPUTER_DEFINED_FILE_TYPES:
  863. case CERTMGR_SAFER_USER_DEFINED_FILE_TYPES:
  864. hr = AddSaferDefinedFileTypesPropPages (pCallback,
  865. CERTMGR_SAFER_COMPUTER_DEFINED_FILE_TYPES ==
  866. pParentCookie->m_objecttype);
  867. break;
  869. case CERTMGR_SAFER_COMPUTER_ENFORCEMENT:
  870. case CERTMGR_SAFER_USER_ENFORCEMENT:
  871. hr = AddSaferEnforcementPropPages (pCallback,
  872. CERTMGR_SAFER_COMPUTER_ENFORCEMENT ==
  873. pParentCookie->m_objecttype);
  874. break;
  876. case CERTMGR_SAFER_COMPUTER_ENTRY:
  877. case CERTMGR_SAFER_USER_ENTRY:
  878. hr = AddSaferEntryPropertyPage (pCallback,
  879. pParentCookie, pDataObject, handle);
  880. break;
  882. default:
  883. break;
  884. }
  885. }
  886. else
  887. hr = E_UNEXPECTED;
  888. }
  889. break;
  891. case CCT_SCOPE:
  892. {
  893. CCertMgrCookie* pParentCookie = ConvertCookie (pDataObject);
  894. if ( pParentCookie )
  895. {
  896. switch ( pParentCookie->m_objecttype )
  897. {
  898. case CERTMGR_LOG_STORE_GPE:
  899. case CERTMGR_LOG_STORE_RSOP:
  900. {
  901. CCertStore* pStore = reinterpret_cast <CCertStore*> (pParentCookie);
  902. ASSERT (pStore);
  903. if ( pStore )
  904. {
  905. if ( ROOT_STORE == pStore->GetStoreType () )
  906. {
  907. hr = AddGPEStorePropPages (pCallback, pStore);
  908. }
  909. else if ( EFS_STORE == pStore->GetStoreType () )
  910. {
  911. hr = AddEFSSettingsPropPages (pCallback,
  912. pStore->IsMachineStore ());
  913. }
  914. }
  915. else
  916. hr = E_FAIL;
  917. }
  918. break;
  920. case CERTMGR_PKP_AUTOENROLLMENT_COMPUTER_SETTINGS:
  921. case CERTMGR_PKP_AUTOENROLLMENT_USER_SETTINGS:
  922. ASSERT (0);
  923. break;
  925. default:
  926. break;
  927. }
  928. }
  929. else
  930. hr = E_UNEXPECTED;
  931. }
  932. break;
  935. default:
  936. break;
  937. }
  938. }
  939. else
  940. hr = E_POINTER;
  942. _TRACE (-1, L"Leaving CCertMgrComponentData::CreatePropertyPages: 0x%x\n", hr);
  943. return hr;
  944. }
  947. HRESULT CCertMgrComponentData::AddSnapMgrPropPages (LPPROPERTYSHEETCALLBACK pCallback)
  948. {
  949. _TRACE (1, L"Entering CCertMgrComponentData::AddSnapMgrPropPages\n");
  950. HRESULT hr = S_OK;
  951. ASSERT (pCallback);
  952. if ( pCallback )
  953. {
  954. //
  955. // Note that once we have established that this is a CCT_SNAPIN_MANAGER cookie,
  956. // we don't care about its other properties. A CCT_SNAPIN_MANAGER cookie is
  957. // equivalent to a BOOL flag asking for the Node Properties page instead of a
  958. // managed object property page. JonN 10/9/96
  959. //
  960. if ( m_bIsUserAdministrator )
  961. {
  962. CSelectAccountPropPage * pSelAcctPage =
  963. new CSelectAccountPropPage (IsWindowsNT ());
  964. if ( pSelAcctPage )
  965. {
  966. pSelAcctPage->AssignLocationPtr (&m_dwLocationPersist);
  967. HPROPSHEETPAGE hSelAcctPage = MyCreatePropertySheetPage (&pSelAcctPage->m_psp);
  968. if ( hSelAcctPage )
  969. {
  970. hr = pCallback->AddPage (hSelAcctPage);
  971. ASSERT (SUCCEEDED (hr));
  972. if ( FAILED (hr) )
  973. VERIFY (::DestroyPropertySheetPage (hSelAcctPage));
  974. }
  975. else
  976. delete pSelAcctPage;
  977. }
  978. else
  979. {
  980. hr = E_OUTOFMEMORY;
  981. }
  983. // In Windows 95 or Windows 98,users will only be able to manage the
  984. // local machine.
  985. if ( IsWindowsNT () )
  986. {
  987. CCertMgrChooseMachinePropPage * pChooseMachinePage = new CCertMgrChooseMachinePropPage ();
  988. if ( pChooseMachinePage )
  989. {
  990. pChooseMachinePage->AssignLocationPtr (&m_dwLocationPersist);
  992. // Initialize state of object
  993. ASSERT (m_pRootCookie);
  994. if ( m_pRootCookie )
  995. {
  996. pChooseMachinePage->InitMachineName (m_pRootCookie->QueryTargetServer ());
  997. pChooseMachinePage->SetOutputBuffers (
  998. OUT &m_strMachineNamePersist,
  999. OUT &m_fAllowOverrideMachineName,
  1000. OUT &m_pRootCookie->m_strMachineName); // Effective machine name
  1002. HPROPSHEETPAGE hChooseMachinePage = MyCreatePropertySheetPage (&pChooseMachinePage->m_psp);
  1003. if ( hChooseMachinePage )
  1004. {
  1005. hr = pCallback->AddPage (hChooseMachinePage);
  1006. ASSERT (SUCCEEDED (hr));
  1007. if ( FAILED (hr) )
  1008. VERIFY (::DestroyPropertySheetPage (hChooseMachinePage));
  1009. }
  1010. else
  1011. delete pChooseMachinePage;
  1012. }
  1013. }
  1014. else
  1015. {
  1016. hr = E_OUTOFMEMORY;
  1017. }
  1019. CSelectServiceAccountPropPage* pServicePage = new
  1020. CSelectServiceAccountPropPage (&m_szManagedServicePersist,
  1021. &m_szManagedServiceDisplayName,
  1022. m_strMachineNamePersist);
  1023. if ( pServicePage )
  1024. {
  1025. // pServicePage->SetCaption (IDS_MS_CERT_MGR); // access violation when called
  1027. HPROPSHEETPAGE hServicePage = MyCreatePropertySheetPage (&pServicePage->m_psp);
  1028. if ( hServicePage )
  1029. {
  1030. hr = pCallback->AddPage (hServicePage);
  1031. ASSERT (SUCCEEDED (hr));
  1032. if ( FAILED (hr) )
  1033. VERIFY (::DestroyPropertySheetPage (hServicePage));
  1035. }
  1036. else
  1037. delete pServicePage;
  1038. }
  1039. else
  1040. {
  1041. hr = E_OUTOFMEMORY;
  1042. }
  1043. }
  1044. }
  1045. else
  1046. {
  1047. // Non-administrators may view their own certs only.
  1048. m_dwLocationPersist = CERT_SYSTEM_STORE_CURRENT_USER;
  1049. }
  1052. }
  1053. else
  1054. hr = E_POINTER;
  1056. _TRACE (-1, L"Leaving CCertMgrComponentData::AddSnapMgrPropPages: 0x%x\n", hr);
  1057. return hr;
  1058. }
  1061. HRESULT CCertMgrComponentData::AddACRSCTLPropPages (CAutoCertRequest* pACR, LPPROPERTYSHEETCALLBACK pCallback)
  1062. {
  1063. _TRACE (1, L"Entering CCertMgrComponentData::AddACRSCTLPropPages\n");
  1064. HRESULT hr = S_OK;
  1065. ASSERT (pACR && pCallback);
  1066. if ( pACR && pCallback )
  1067. {
  1068. CACRGeneralPage * pACRPage = new CACRGeneralPage (*pACR);
  1069. if ( pACRPage )
  1070. {
  1071. HPROPSHEETPAGE hACRPage = MyCreatePropertySheetPage (&pACRPage->m_psp);
  1072. if ( hACRPage )
  1073. {
  1074. hr = pCallback->AddPage (hACRPage);
  1075. ASSERT (SUCCEEDED (hr));
  1076. if ( FAILED (hr) )
  1077. VERIFY (::DestroyPropertySheetPage (hACRPage));
  1078. }
  1079. else
  1080. delete pACRPage;
  1081. }
  1082. else
  1083. {
  1084. hr = E_OUTOFMEMORY;
  1085. }
  1086. }
  1087. else
  1088. hr = E_POINTER;
  1090. _TRACE (-1, L"Leaving CCertMgrComponentData::AddACRSCTLPropPages: 0x%x\n", hr);
  1091. return hr;
  1092. }
  1095. HRESULT CCertMgrComponentData::AddEFSSettingsPropPages (
  1096. LPPROPERTYSHEETCALLBACK pCallback,
  1097. bool fIsComputerType)
  1098. {
  1099. _TRACE (1, L"Entering CCertMgrComponentData::AddEFSSettingsPropPages\n");
  1100. HRESULT hr = S_OK;
  1101. ASSERT (pCallback);
  1102. if ( pCallback )
  1103. {
  1104. CEFSGeneralPropertyPage * pEFSPage = new CEFSGeneralPropertyPage (
  1105. this, fIsComputerType);
  1106. if ( pEFSPage )
  1107. {
  1108. HPROPSHEETPAGE hEFSPage = MyCreatePropertySheetPage (&pEFSPage->m_psp);
  1109. if ( hEFSPage )
  1110. {
  1111. hr = pCallback->AddPage (hEFSPage);
  1112. ASSERT (SUCCEEDED (hr));
  1113. if ( SUCCEEDED (hr) )
  1114. {
  1115. if ( m_bIsRSOP )
  1116. {
  1117. CString storePath = EFS_SETTINGS_REGPATH;
  1118. CPolicyPrecedencePropertyPage * pPrecedencePage =
  1119. new CPolicyPrecedencePropertyPage (this, storePath,
  1120. EFS_SETTINGS_REGVALUE,
  1121. fIsComputerType);
  1122. if ( pPrecedencePage )
  1123. {
  1124. HPROPSHEETPAGE hPrecedencePage = MyCreatePropertySheetPage (&pPrecedencePage->m_psp);
  1125. if ( hPrecedencePage )
  1126. {
  1127. hr = pCallback->AddPage (hPrecedencePage);
  1128. ASSERT (SUCCEEDED (hr));
  1129. if ( FAILED (hr) )
  1130. VERIFY (::DestroyPropertySheetPage (hPrecedencePage));
  1131. }
  1132. else
  1133. delete pPrecedencePage;
  1134. }
  1135. else
  1136. {
  1137. hr = E_OUTOFMEMORY;
  1138. }
  1139. }
  1140. }
  1141. else
  1142. VERIFY (::DestroyPropertySheetPage (hEFSPage));
  1143. }
  1144. else
  1145. delete pEFSPage;
  1146. }
  1147. else
  1148. {
  1149. hr = E_OUTOFMEMORY;
  1150. }
  1151. }
  1152. else
  1153. hr = E_POINTER;
  1155. _TRACE (-1, L"Leaving CCertMgrComponentData::AddEFSSettingsPropPages: 0x%x\n", hr);
  1156. return hr;
  1157. }
  1159. HRESULT CCertMgrComponentData::AddAutoenrollmentSettingsPropPages (
  1160. LPPROPERTYSHEETCALLBACK pCallback,
  1161. bool fIsComputerType)
  1162. {
  1163. _TRACE (1, L"Entering CCertMgrComponentData::AddAutoenrollmentSettingsPropPages\n");
  1164. HRESULT hr = S_OK;
  1165. ASSERT (pCallback);
  1166. if ( pCallback )
  1167. {
  1168. CAutoenrollmentPropertyPage * pAutoEnrollmentPage = new CAutoenrollmentPropertyPage (
  1169. this, fIsComputerType);
  1170. if ( pAutoEnrollmentPage )
  1171. {
  1172. HPROPSHEETPAGE hAutoEnrollmentPage = MyCreatePropertySheetPage (&pAutoEnrollmentPage->m_psp);
  1173. if ( hAutoEnrollmentPage )
  1174. {
  1175. hr = pCallback->AddPage (hAutoEnrollmentPage);
  1176. ASSERT (SUCCEEDED (hr));
  1177. if ( SUCCEEDED (hr) )
  1178. {
  1179. if ( m_bIsRSOP )
  1180. {
  1181. CString storePath = AUTO_ENROLLMENT_KEY;
  1182. CPolicyPrecedencePropertyPage * pPrecedencePage =
  1183. new CPolicyPrecedencePropertyPage (this, storePath,
  1184. AUTO_ENROLLMENT_POLICY,
  1185. fIsComputerType);
  1186. if ( pPrecedencePage )
  1187. {
  1188. HPROPSHEETPAGE hPrecedencePage = MyCreatePropertySheetPage (&pPrecedencePage->m_psp);
  1189. if ( hPrecedencePage )
  1190. {
  1191. hr = pCallback->AddPage (hPrecedencePage);
  1192. ASSERT (SUCCEEDED (hr));
  1193. if ( FAILED (hr) )
  1194. VERIFY (::DestroyPropertySheetPage (hPrecedencePage));
  1195. }
  1196. else
  1197. delete pPrecedencePage;
  1198. }
  1199. else
  1200. {
  1201. hr = E_OUTOFMEMORY;
  1202. }
  1203. }
  1204. }
  1205. else
  1206. VERIFY (::DestroyPropertySheetPage (hAutoEnrollmentPage));
  1207. }
  1208. else
  1209. delete pAutoEnrollmentPage;
  1210. }
  1211. else
  1212. {
  1213. hr = E_OUTOFMEMORY;
  1214. }
  1215. }
  1216. else
  1217. hr = E_POINTER;
  1219. _TRACE (-1, L"Leaving CCertMgrComponentData::AddAutoenrollmentSettingsPropPages: 0x%x\n", hr);
  1220. return hr;
  1221. }
  1223. HRESULT CCertMgrComponentData::AddGPEStorePropPages (
  1224. LPPROPERTYSHEETCALLBACK pCallback,
  1225. CCertStore* pStore)
  1226. {
  1227. _TRACE (1, L"Entering CCertMgrComponentData::AddGPEStorePropPages\n");
  1228. HRESULT hr = S_OK;
  1229. ASSERT (pCallback && pStore);
  1230. if ( !pCallback || !pStore)
  1231. return E_POINTER;
  1232. ASSERT (m_pGPEInformation || m_pRSOPInformationComputer || m_pRSOPInformationUser );
  1233. if ( !m_pGPEInformation && !m_pRSOPInformationComputer && !m_pRSOPInformationUser )
  1234. return E_UNEXPECTED;
  1236. bool bIsComputerType = pStore->IsMachineStore ();
  1238. CGPERootGeneralPage * pGPERootPage = new CGPERootGeneralPage (this, bIsComputerType);
  1239. if ( pGPERootPage )
  1240. {
  1241. HPROPSHEETPAGE hGPERootPage = MyCreatePropertySheetPage (&pGPERootPage->m_psp);
  1242. if ( hGPERootPage )
  1243. {
  1244. hr = pCallback->AddPage (hGPERootPage);
  1245. ASSERT (SUCCEEDED (hr));
  1246. if ( FAILED (hr) )
  1247. VERIFY (::DestroyPropertySheetPage (hGPERootPage));
  1248. }
  1249. else
  1250. delete pGPERootPage;
  1251. }
  1252. else
  1253. {
  1254. hr = E_OUTOFMEMORY;
  1255. }
  1257. if ( SUCCEEDED (hr) )
  1258. {
  1259. if ( m_bIsRSOP )
  1260. {
  1261. CString storePath = CERT_GROUP_POLICY_SYSTEM_STORE_REGPATH;
  1262. storePath += L"\\";
  1263. storePath += pStore->GetStoreName ();
  1265. CPolicyPrecedencePropertyPage * pPrecedencePage =
  1266. new CPolicyPrecedencePropertyPage (this, storePath, STR_BLOB, bIsComputerType);
  1267. if ( pPrecedencePage )
  1268. {
  1269. HPROPSHEETPAGE hPrecedencePage = MyCreatePropertySheetPage (&pPrecedencePage->m_psp);
  1270. if ( hPrecedencePage )
  1271. {
  1272. hr = pCallback->AddPage (hPrecedencePage);
  1273. ASSERT (SUCCEEDED (hr));
  1274. if ( FAILED (hr) )
  1275. VERIFY (::DestroyPropertySheetPage (hPrecedencePage));
  1276. }
  1277. else
  1278. delete pPrecedencePage;
  1279. }
  1280. else
  1281. {
  1282. hr = E_OUTOFMEMORY;
  1283. }
  1284. }
  1285. }
  1287. _TRACE (-1, L"Leaving CCertMgrComponentData::AddGPEStorePropPages: 0x%x\n", hr);
  1288. return hr;
  1289. }
  1292. HRESULT CCertMgrComponentData::AddCertPropPages (CCertificate * pCert, LPPROPERTYSHEETCALLBACK pCallback, LPDATAOBJECT pDataObject, LONG_PTR lNotifyHandle)
  1293. {
  1294. _TRACE (1, L"Entering CCertMgrComponentData::AddCertPropPages\n");
  1295. HRESULT hr = S_OK;
  1296. CWaitCursor waitCursor;
  1297. ASSERT (pCert);
  1298. ASSERT (pCallback);
  1299. if ( pCert && pCallback )
  1300. {
  1301. PROPSHEETPAGEW* ppsp = 0;
  1302. DWORD dwPageCnt = 0;
  1303. CRYPTUI_VIEWCERTIFICATEPROPERTIES_STRUCT sps;
  1304. HCERTSTORE* pPropPageStores = new HCERTSTORE[1];
  1306. if ( pPropPageStores )
  1307. {
  1308. m_pCryptUIMMCCallbackStruct = (PCRYPTUI_MMCCALLBACK_STRUCT)
  1309. ::GlobalAlloc (GMEM_FIXED, sizeof (CRYPTUI_MMCCALLBACK_STRUCT));
  1310. if ( m_pCryptUIMMCCallbackStruct )
  1311. {
  1312. m_pCryptUIMMCCallbackStruct->pfnCallback = &MMCPropertyChangeNotify;
  1313. m_pCryptUIMMCCallbackStruct->lNotifyHandle = lNotifyHandle;
  1314. pDataObject->AddRef ();
  1315. m_pCryptUIMMCCallbackStruct->param = (LPARAM) pDataObject;
  1317. CCertStore* pStore = pCert->GetCertStore ();
  1318. if ( pStore )
  1319. {
  1320. pPropPageStores[0] = pStore->GetStoreHandle ();
  1321. ::ZeroMemory (&sps, sizeof (sps));
  1322. sps.dwSize = sizeof (sps);
  1323. sps.pMMCCallback = m_pCryptUIMMCCallbackStruct;
  1324. sps.pCertContext = pCert->GetNewCertContext ();
  1325. sps.cStores = 1;
  1326. sps.rghStores = pPropPageStores;
  1328. // All dialogs should be read-only under RSOP
  1329. if ( m_bIsRSOP || pCert->IsReadOnly () )
  1330. sps.dwFlags |= CRYPTUI_DISABLE_EDITPROPERTIES;
  1332. _TRACE (0, L"Calling CryptUIGetCertificatePropertiesPages()\n");
  1333. BOOL bReturn = ::CryptUIGetCertificatePropertiesPages (
  1334. &sps,
  1335. NULL,
  1336. &ppsp,
  1337. &dwPageCnt);
  1338. ASSERT (bReturn);
  1339. if ( bReturn )
  1340. {
  1341. HPROPSHEETPAGE hPage = 0;
  1342. for (DWORD dwIndex = 0; dwIndex < dwPageCnt; dwIndex++)
  1343. {
  1344. _TRACE (0, L"Calling CreatePropertySheetPage()\n");
  1345. // Not necessary to call MyCreatePropertySheetPage here
  1346. // as these are not MFC-based property pages
  1347. hPage = ::CreatePropertySheetPage (&ppsp[dwIndex]);
  1348. if ( hPage )
  1349. {
  1350. hr = pCallback->AddPage (hPage);
  1351. ASSERT (SUCCEEDED (hr));
  1352. if ( FAILED (hr) )
  1353. {
  1354. VERIFY (::DestroyPropertySheetPage (hPage));
  1355. break;
  1356. }
  1357. }
  1358. else
  1359. {
  1360. hr = HRESULT_FROM_WIN32 (GetLastError ());
  1361. break;
  1362. }
  1363. }
  1364. }
  1365. else
  1366. {
  1367. hr = E_UNEXPECTED;
  1368. GlobalFree (m_pCryptUIMMCCallbackStruct);
  1369. ::CertFreeCertificateContext (sps.pCertContext);
  1370. }
  1371. }
  1372. }
  1373. else
  1374. {
  1375. hr = E_OUTOFMEMORY;
  1376. }
  1378. if ( E_OUTOFMEMORY == hr && ppsp )
  1379. free (ppsp); // source uses malloc
  1381. delete [] pPropPageStores;
  1382. }
  1383. else
  1384. hr = E_OUTOFMEMORY;
  1385. }
  1386. else
  1387. hr = E_POINTER;
  1390. _TRACE (-1, L"Leaving CCertMgrComponentData::AddCertPropPages: 0x%x\n", hr);
  1391. return hr;
  1392. }
  1395. HRESULT CCertMgrComponentData::AddContainersToScopePane (
  1396. HSCOPEITEM hParent,
  1397. CCertMgrCookie& parentCookie,
  1398. bool bDeleteAndExpand)
  1399. {
  1400. _TRACE (1, L"Entering CCertMgrComponentData::AddContainersToScopePane\n");
  1401. AFX_MANAGE_STATE (AfxGetStaticModuleState ());
  1403. LPCONSOLENAMESPACE2 pConsoleNameSpace2 = 0;
  1404. HRESULT hr = m_pConsoleNameSpace->QueryInterface (
  1405. IID_PPV_ARG (IConsoleNameSpace2, &pConsoleNameSpace2));
  1406. if ( SUCCEEDED (hr) && pConsoleNameSpace2 )
  1407. {
  1408. hr = pConsoleNameSpace2->Expand (hParent);
  1409. ASSERT (SUCCEEDED (hr));
  1410. pConsoleNameSpace2->Release ();
  1411. pConsoleNameSpace2 = 0;
  1412. }
  1414. if ( CERTMGR_PHYS_STORE == parentCookie.m_objecttype ||
  1415. (CERTMGR_LOG_STORE == parentCookie.m_objecttype && !m_bShowPhysicalStoresPersist) )
  1416. {
  1417. CCertStore* pStore =
  1418. reinterpret_cast <CCertStore*> (&parentCookie);
  1419. ASSERT (pStore);
  1420. if ( pStore )
  1421. {
  1422. CString objectName;
  1423. if ( pStore->ContainsCRLs () &&
  1424. !ContainerExists (hParent, CERTMGR_CRL_CONTAINER) )
  1425. {
  1426. VERIFY (objectName.LoadString (IDS_CERTIFICATE_REVOCATION_LIST));
  1427. hr = AddScopeNode (new CContainerCookie (
  1428. *pStore,
  1429. CERTMGR_CRL_CONTAINER,
  1430. pStore->QueryNonNULLMachineName (),
  1431. objectName), L"", hParent);
  1432. }
  1434. if ( SUCCEEDED (hr) && pStore->ContainsCTLs () &&
  1435. !ContainerExists (hParent, CERTMGR_CTL_CONTAINER) )
  1436. {
  1437. VERIFY (objectName.LoadString (IDS_CERTIFICATE_TRUST_LIST));
  1438. hr = AddScopeNode (new CContainerCookie (
  1439. *pStore,
  1440. CERTMGR_CTL_CONTAINER,
  1441. pStore->QueryNonNULLMachineName (),
  1442. objectName), L"", hParent);
  1443. }
  1445. if ( SUCCEEDED (hr) && pStore->ContainsCertificates () &&
  1446. !ContainerExists (hParent, CERTMGR_CERT_CONTAINER) )
  1447. {
  1448. VERIFY (objectName.LoadString (IDS_CERTIFICATES));
  1449. hr = AddScopeNode (new CContainerCookie (
  1450. *pStore,
  1451. CERTMGR_CERT_CONTAINER,
  1452. pStore->QueryNonNULLMachineName (),
  1453. objectName), L"", hParent);
  1454. }
  1455. }
  1456. else
  1457. hr = E_UNEXPECTED;
  1458. }
  1459. else if ( CERTMGR_LOG_STORE == parentCookie.m_objecttype && m_bShowPhysicalStoresPersist )
  1460. {
  1461. if ( bDeleteAndExpand )
  1462. {
  1463. hr = DeleteChildren (hParent);
  1464. if ( SUCCEEDED (hr) )
  1465. {
  1466. GUID guid;
  1467. hr = ExpandScopeNodes (&parentCookie, hParent, _T (""), 0, guid);
  1468. }
  1469. }
  1470. }
  1472. _TRACE (-1, L"Leaving CCertMgrComponentData::AddContainersToScopePane: 0x%x\n", hr);
  1473. return hr;
  1474. }
  1476. typedef struct _ENUM_ARG {
  1477. DWORD m_dwFlags;
  1478. LPCONSOLENAMESPACE m_pConsoleNameSpace;
  1479. HSCOPEITEM m_hParent;
  1480. CCertMgrComponentData* m_pCompData;
  1481. PCWSTR m_pcszMachineName;
  1482. CCertMgrCookie* m_pParentCookie;
  1483. SPECIAL_STORE_TYPE m_storeType;
  1484. LPCONSOLE m_pConsole;
  1485. } ENUM_ARG, *PENUM_ARG;
  1487. static BOOL WINAPI EnumPhyCallback (
  1488. IN const void *pvSystemStore,
  1489. IN DWORD dwFlags,
  1490. IN PCWSTR pwszStoreName,
  1491. IN PCERT_PHYSICAL_STORE_INFO pStoreInfo,
  1492. IN OPTIONAL void* /*pvReserved*/,
  1493. IN OPTIONAL void *pvArg
  1494. )
  1495. {
  1496. _TRACE (1, L"Entering EnumPhyCallback\n");
  1498. if ( ! (pStoreInfo->dwFlags & CERT_PHYSICAL_STORE_OPEN_DISABLE_FLAG) )
  1499. {
  1500. PENUM_ARG pEnumArg = (PENUM_ARG) pvArg;
  1501. SCOPEDATAITEM tSDItem;
  1503. ::ZeroMemory (&tSDItem,sizeof (tSDItem));
  1504. tSDItem.mask = SDI_STR | SDI_IMAGE | SDI_STATE | SDI_PARAM | SDI_PARENT;
  1505. tSDItem.displayname = MMC_CALLBACK;
  1506. tSDItem.relativeID = pEnumArg->m_hParent;
  1507. tSDItem.nState = 0;
  1509. if ( pEnumArg->m_pCompData->ShowArchivedCerts () )
  1510. dwFlags |= CERT_STORE_ENUM_ARCHIVED_FLAG;
  1512. // Create new cookies
  1513. CCertStore* pNewCookie = new CCertStore (
  1514. CERTMGR_PHYS_STORE,
  1515. CERT_STORE_PROV_PHYSICAL,
  1516. dwFlags,
  1517. pEnumArg->m_pcszMachineName,
  1518. pwszStoreName, (PCWSTR) pvSystemStore, pwszStoreName,
  1519. pEnumArg->m_storeType,
  1520. dwFlags,
  1521. pEnumArg->m_pConsole);
  1522. if ( pNewCookie )
  1523. {
  1524. // pEnumArg->m_pParentCookie->m_listScopeCookieBlocks.AddHead (
  1525. // (CBaseCookieBlock*) pNewCookie);
  1526. // WARNING cookie cast
  1527. tSDItem.lParam = reinterpret_cast<LPARAM> ( (CCookie*) pNewCookie);
  1528. tSDItem.nImage = pEnumArg->m_pCompData->QueryImage (*pNewCookie, FALSE);
  1529. HRESULT hr = pEnumArg->m_pConsoleNameSpace->InsertItem (&tSDItem);
  1530. ASSERT (SUCCEEDED (hr));
  1531. if ( SUCCEEDED (hr) )
  1532. pNewCookie->m_hScopeItem = tSDItem.ID;
  1533. }
  1534. }
  1536. _TRACE (-1, L"Leaving EnumPhyCallback\n");
  1537. return TRUE;
  1538. }
  1540. HRESULT CCertMgrComponentData::AddPhysicalStoresToScopePane (HSCOPEITEM hParent, CCertMgrCookie& parentCookie, const SPECIAL_STORE_TYPE storeType)
  1541. {
  1542. _TRACE (1, L"Entering CCertMgrComponentData::AddPhysicalStoresToScopePane\n");
  1543. CWaitCursor cursor;
  1544. HRESULT hr = S_OK;
  1545. DWORD dwFlags = 0;
  1546. ENUM_ARG enumArg;
  1549. dwFlags &= ~CERT_SYSTEM_STORE_LOCATION_MASK;
  1550. dwFlags |= CERT_STORE_READONLY_FLAG | m_dwLocationPersist;
  1552. ::ZeroMemory (&enumArg, sizeof (enumArg));
  1553. enumArg.m_dwFlags = dwFlags;
  1554. enumArg.m_pConsoleNameSpace = m_pConsoleNameSpace;
  1555. enumArg.m_hParent = hParent;
  1556. enumArg.m_pCompData = this;
  1557. enumArg.m_pcszMachineName = parentCookie.QueryNonNULLMachineName ();
  1558. enumArg.m_pParentCookie = &parentCookie;
  1559. enumArg.m_storeType = storeType;
  1560. enumArg.m_pConsole = m_pConsole;
  1562. if (!::CertEnumPhysicalStore (
  1563. (PWSTR) (PCWSTR) parentCookie.GetObjectName (),
  1564. dwFlags,
  1565. &enumArg,
  1566. EnumPhyCallback))
  1567. {
  1568. DWORD dwErr = GetLastError ();
  1569. DisplaySystemError (dwErr);
  1570. hr = HRESULT_FROM_WIN32 (dwErr);
  1571. }
  1573. _TRACE (-1, L"Leaving CCertMgrComponentData::AddPhysicalStoresToScopePane: 0x%x\n", hr);
  1574. return hr;
  1575. }
  1577. static BOOL WINAPI EnumIComponentDataSysCallback (
  1578. IN const void* pwszSystemStore,
  1579. IN DWORD dwFlags,
  1580. IN PCERT_SYSTEM_STORE_INFO /*pStoreInfo*/,
  1581. IN OPTIONAL void* /*pvReserved*/,
  1582. IN OPTIONAL void *pvArg
  1583. )
  1584. {
  1585. _TRACE (1, L"Entering EnumIComponentDataSysCallback\n");
  1586. PENUM_ARG pEnumArg = (PENUM_ARG) pvArg;
  1587. SCOPEDATAITEM tSDItem;
  1588. ::ZeroMemory (&tSDItem,sizeof (tSDItem));
  1589. tSDItem.mask = SDI_STR | SDI_IMAGE | SDI_STATE | SDI_PARAM | SDI_PARENT;
  1590. tSDItem.displayname = MMC_CALLBACK;
  1591. tSDItem.relativeID = pEnumArg->m_hParent;
  1592. tSDItem.nState = 0;
  1595. // Create new cookies
  1596. SPECIAL_STORE_TYPE storeType = GetSpecialStoreType ((PWSTR) pwszSystemStore);
  1598. //
  1599. // We will not expose the ACRS store for machines or users. It is not
  1600. // interesting or useful at this level. All Auto Cert Requests should
  1601. // be managed only at the policy level.
  1602. //
  1603. if ( ACRS_STORE != storeType )
  1604. {
  1605. if ( pEnumArg->m_pCompData->ShowArchivedCerts () )
  1606. dwFlags |= CERT_STORE_ENUM_ARCHIVED_FLAG;
  1607. CCertStore* pNewCookie = new CCertStore (
  1608. CERTMGR_LOG_STORE,
  1609. CERT_STORE_PROV_SYSTEM,
  1610. dwFlags,
  1611. pEnumArg->m_pcszMachineName,
  1612. (PCWSTR) pwszSystemStore,
  1613. (PCWSTR) pwszSystemStore,
  1614. _T (""),
  1615. storeType,
  1616. pEnumArg->m_dwFlags,
  1617. pEnumArg->m_pConsole);
  1618. if ( pNewCookie )
  1619. {
  1620. pEnumArg->m_pParentCookie->m_listScopeCookieBlocks.AddHead (
  1621. (CBaseCookieBlock*) pNewCookie);
  1622. // WARNING cookie cast
  1623. tSDItem.lParam = reinterpret_cast<LPARAM> ( (CCookie*) pNewCookie);
  1624. tSDItem.nImage = pEnumArg->m_pCompData->QueryImage (*pNewCookie, FALSE);
  1625. HRESULT hr = pEnumArg->m_pConsoleNameSpace->InsertItem (&tSDItem);
  1626. ASSERT (SUCCEEDED (hr));
  1627. if ( SUCCEEDED (hr) )
  1628. pNewCookie->m_hScopeItem = tSDItem.ID;
  1629. }
  1630. }
  1632. _TRACE (-1, L"Leaving EnumIComponentDataSysCallback\n");
  1633. return TRUE;
  1634. }
  1638. HRESULT CCertMgrComponentData::AddLogicalStoresToScopePane (HSCOPEITEM hParent, CCertMgrCookie& parentCookie)
  1639. {
  1640. _TRACE (1, L"Entering CCertMgrComponentData::AddLogicalStoresToScopePane\n");
  1641. CWaitCursor cursor;
  1642. HRESULT hr = S_OK;
  1644. // If m_dwLocationPersist is 0 but the file name is empty, this means the
  1645. // user launched certmgr.msc without providing a target file. Launch
  1646. // certificates snapin as the current user instead.
  1647. if ( !m_dwLocationPersist && m_szFileName.IsEmpty () )
  1648. {
  1649. m_dwLocationPersist = CERT_SYSTEM_STORE_CURRENT_USER;
  1650. ChangeRootNodeName (L"");
  1651. }
  1652. DWORD dwFlags = m_dwLocationPersist;
  1653. ENUM_ARG enumArg;
  1655. ::ZeroMemory (&enumArg, sizeof (enumArg));
  1656. enumArg.m_dwFlags = dwFlags;
  1657. enumArg.m_pConsoleNameSpace = m_pConsoleNameSpace;
  1658. enumArg.m_hParent = hParent;
  1659. enumArg.m_pCompData = this;
  1660. enumArg.m_pcszMachineName = parentCookie.QueryNonNULLMachineName ();
  1661. enumArg.m_pParentCookie = &parentCookie;
  1662. enumArg.m_pConsole = m_pConsole;
  1663. CString location;
  1664. void* pvPara = 0;
  1666. switch (m_dwLocationPersist)
  1667. {
  1668. case CERT_SYSTEM_STORE_CURRENT_USER:
  1669. case CERT_SYSTEM_STORE_LOCAL_MACHINE:
  1670. if ( !m_szManagedServicePersist.IsEmpty () )
  1671. m_szManagedServicePersist.Empty ();
  1672. break;
  1674. case CERT_SYSTEM_STORE_CURRENT_SERVICE:
  1675. case CERT_SYSTEM_STORE_SERVICES:
  1676. break;
  1678. default:
  1679. ASSERT (0);
  1680. break;
  1681. }
  1683. if ( !m_szManagedServicePersist.IsEmpty () )
  1684. {
  1685. if ( m_szManagedComputer.CompareNoCase (m_szThisComputer) ) //!=
  1686. {
  1687. location = m_szManagedComputer + _T ("\\") +
  1688. m_szManagedServicePersist;
  1689. pvPara = (void *) (PCWSTR) location;
  1690. }
  1691. else
  1692. pvPara = (void *) (PCWSTR) m_szManagedServicePersist;
  1693. }
  1694. else if ( m_szManagedComputer.CompareNoCase (m_szThisComputer) ) //!=
  1695. {
  1696. pvPara = (void *) (PCWSTR) m_szManagedComputer;
  1697. }
  1700. if ( m_szFileName.IsEmpty () )
  1701. {
  1702. // Ensure creation of MY store
  1703. HCERTSTORE hTempStore = ::CertOpenStore (CERT_STORE_PROV_SYSTEM,
  1704. X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
  1705. NULL,
  1706. dwFlags | CERT_STORE_SET_LOCALIZED_NAME_FLAG,
  1707. MY_SYSTEM_STORE_NAME);
  1708. if ( hTempStore ) // otherwise, store is read only
  1709. {
  1710. VERIFY (::CertCloseStore (hTempStore, CERT_CLOSE_STORE_CHECK_FLAG));
  1711. }
  1712. else
  1713. {
  1714. _TRACE (0, L"CertOpenStore (%s) failed: 0x%x\n",
  1715. MY_SYSTEM_STORE_NAME, GetLastError ());
  1716. }
  1718. if ( !::CertEnumSystemStore (dwFlags, pvPara, &enumArg,
  1719. EnumIComponentDataSysCallback) )
  1720. {
  1721. DWORD dwErr = GetLastError ();
  1722. CString text;
  1723. CString caption;
  1725. VERIFY (caption.LoadString (IDS_CERTIFICATE_MANAGER));
  1726. if ( ERROR_ACCESS_DENIED == dwErr )
  1727. {
  1728. VERIFY (text.LoadString (IDS_NO_PERMISSION));
  1730. }
  1731. else
  1732. {
  1733. text.FormatMessage (IDS_CANT_ENUMERATE_SYSTEM_STORES, GetSystemMessage (dwErr));
  1734. }
  1735. int iRetVal = 0;
  1736. VERIFY (SUCCEEDED (m_pConsole->MessageBox (text, caption,
  1737. MB_OK, &iRetVal)));
  1738. hr = HRESULT_FROM_WIN32 (dwErr);
  1740. if ( ERROR_BAD_NETPATH == dwErr )
  1741. {
  1742. m_fInvalidComputer = true;
  1743. }
  1744. }
  1745. }
  1746. else
  1747. {
  1748. // CertOpenStore with provider type of:
  1749. // CERT_STORE_PROV_FILE or CERT_STORE_PROV_FILENAME_A
  1750. // or CERT_STORE_PROV_FILENAME_W.
  1751. // See online documentation or wincrypt.h for more info.
  1752. // Create new cookies
  1753. dwFlags = 0;
  1754. if ( ShowArchivedCerts () )
  1755. dwFlags |= CERT_STORE_ENUM_ARCHIVED_FLAG;
  1757. ASSERT (!m_pFileBasedStore);
  1758. m_pFileBasedStore = new CCertStore (
  1759. CERTMGR_LOG_STORE,
  1760. CERT_STORE_PROV_FILENAME_W,
  1761. dwFlags,
  1762. parentCookie.QueryNonNULLMachineName (),
  1763. m_szFileName, m_szFileName, L"", NO_SPECIAL_TYPE,
  1764. m_dwLocationPersist,
  1765. m_pConsole);
  1766. if ( m_pFileBasedStore )
  1767. {
  1768. m_pFileBasedStore->AddRef ();
  1769. hr = AddScopeNode (m_pFileBasedStore,
  1770. L"", hParent);
  1771. }
  1772. else
  1773. {
  1774. hr = E_OUTOFMEMORY;
  1775. }
  1776. }
  1778. _TRACE (-1, L"Leaving CCertMgrComponentData::AddLogicalStoresToScopePane: 0x%x\n", hr);
  1779. return hr;
  1780. }
  1783. // If the callback returns FALSE, stops the enumeration.
  1784. BOOL EnumOIDInfo (PCCRYPT_OID_INFO pInfo, void *pvArg)
  1785. {
  1786. _TRACE (1, L"Entering EnumOIDInfo\n");
  1787. ENUM_ARG* pEnumArg = (ENUM_ARG*) pvArg;
  1788. SCOPEDATAITEM tSDItem;
  1789. ::ZeroMemory (&tSDItem,sizeof (tSDItem));
  1790. tSDItem.mask = SDI_STR | SDI_IMAGE | SDI_STATE | SDI_PARAM | SDI_PARENT;
  1791. tSDItem.displayname = MMC_CALLBACK;
  1792. tSDItem.relativeID = pEnumArg->m_hParent;
  1793. tSDItem.nState = 0;
  1795. // See if this usage is already listed by name. If so, just add the
  1796. // additional OID, otherwise, create a new cookie.
  1797. CUsageCookie* pUsageCookie =
  1798. pEnumArg->m_pCompData->FindDuplicateUsage (pEnumArg->m_hParent,
  1799. pInfo->pwszName);
  1800. if ( !pUsageCookie )
  1801. {
  1802. pUsageCookie= new CUsageCookie (CERTMGR_USAGE,
  1803. pEnumArg->m_pcszMachineName,
  1804. pInfo->pwszName);
  1805. if ( pUsageCookie )
  1806. {
  1807. pEnumArg->m_pCompData->GetRootCookie ()->m_listScopeCookieBlocks.AddHead ( (CBaseCookieBlock*) pUsageCookie);
  1809. // WARNING cookie cast
  1810. tSDItem.mask |= SDI_CHILDREN;
  1811. tSDItem.cChildren = 0;
  1812. tSDItem.lParam = reinterpret_cast<LPARAM> ( (CCookie*) pUsageCookie);
  1813. tSDItem.nImage = pEnumArg->m_pCompData->QueryImage (*pUsageCookie, FALSE);
  1814. HRESULT hr = pEnumArg->m_pConsoleNameSpace->InsertItem (&tSDItem);
  1815. ASSERT (SUCCEEDED (hr));
  1816. }
  1817. }
  1818. pUsageCookie->AddOID (pInfo->pszOID);
  1821. _TRACE (-1, L"Leaving EnumOIDInfo\n");
  1822. return TRUE;
  1823. }
  1826. HRESULT CCertMgrComponentData::AddUsagesToScopePane (HSCOPEITEM hParent, CCertMgrCookie& parentCookie)
  1827. {
  1828. _TRACE (1, L"Entering CCertMgrComponentData::AddUsagesToScopePane\n");
  1829. HRESULT hr = S_OK;
  1830. ENUM_ARG enumArg;
  1832. ::ZeroMemory (&enumArg, sizeof (enumArg));
  1833. enumArg.m_dwFlags = 0;
  1834. enumArg.m_pConsoleNameSpace = m_pConsoleNameSpace;
  1835. enumArg.m_hParent = hParent;
  1836. enumArg.m_pCompData = this;
  1837. enumArg.m_pcszMachineName = parentCookie.QueryNonNULLMachineName ();
  1838. enumArg.m_pParentCookie = &parentCookie;
  1839. enumArg.m_pConsole = m_pConsole;
  1840. BOOL bResult = ::CryptEnumOIDInfo (CRYPT_ENHKEY_USAGE_OID_GROUP_ID, 0,
  1841. &enumArg, EnumOIDInfo);
  1842. ASSERT (bResult);
  1845. _TRACE (-1, L"Leaving CCertMgrComponentData::AddUsagesToScopePane: 0x%x\n", hr);
  1846. return hr;
  1847. }
  1850. BOOL IsMMCMultiSelectDataObject(IDataObject* pDataObject)
  1851. {
  1852. _TRACE (1, L"Entering IsMMCMultiSelectDataObject\n");
  1853. if (pDataObject == NULL)
  1854. return FALSE;
  1856. CLIPFORMAT s_cf = 0;
  1857. if (s_cf == 0)
  1858. {
  1859. USES_CONVERSION;
  1860. s_cf = (CLIPFORMAT)RegisterClipboardFormat(W2T(CCF_MMC_MULTISELECT_DATAOBJECT));
  1861. }
  1863. FORMATETC fmt = {s_cf, NULL, DVASPECT_CONTENT, -1, TYMED_HGLOBAL};
  1865. BOOL bResult = ((pDataObject->QueryGetData(&fmt) == S_OK));
  1866. _TRACE (-1, L"Leaving IsMMCMultiSelectDataObject - return %d\n", bResult);
  1867. return bResult;
  1868. }
  1872. STDMETHODIMP CCertMgrComponentData::Command (long nCommandID, LPDATAOBJECT pDataObject)
  1873. {
  1874. _TRACE (1, L"Entering CCertMgrComponentData::Command\n");
  1875. HRESULT hr = S_OK;
  1877. switch (nCommandID)
  1878. {
  1879. case IDM_TASK_RENEW_SAME_KEY:
  1880. hr = OnRenew (pDataObject, false);
  1881. break;
  1883. case IDM_TASK_RENEW_NEW_KEY:
  1884. hr = OnRenew (pDataObject, true);
  1885. break;
  1887. case IDM_TASK_IMPORT:
  1888. hr = OnImport (pDataObject);
  1889. break;
  1891. case IDM_TASK_EXPORT:
  1892. hr = OnExport (pDataObject);
  1893. break;
  1895. case IDM_CTL_EDIT:
  1896. hr = OnCTLEdit (pDataObject);
  1897. break;
  1899. case IDM_EDIT_ACRS:
  1900. hr = OnACRSEdit (pDataObject);
  1901. break;
  1903. case IDM_NEW_CTL:
  1904. hr = OnNewCTL (pDataObject);
  1905. break;
  1907. case IDM_TASK_CTL_EXPORT:
  1908. case IDM_TASK_CRL_EXPORT:
  1909. hr = OnExport (pDataObject);
  1910. break;
  1912. case IDM_TASK_EXPORT_STORE:
  1913. hr = OnExport (pDataObject);
  1914. break;
  1916. case IDM_TOP_FIND:
  1917. case IDM_TASK_FIND:
  1918. hr = OnFind (pDataObject);
  1919. break;
  1921. case IDM_TASK_PULSEAUTOENROLL:
  1922. hr = OnPulseAutoEnroll();
  1923. break;
  1925. case IDM_TOP_CHANGE_COMPUTER:
  1926. case IDM_TASK_CHANGE_COMPUTER:
  1927. hr = OnChangeComputer (pDataObject);
  1928. break;
  1930. case IDM_ENROLL_NEW_CERT:
  1931. hr = OnEnroll (pDataObject, true);
  1932. break;
  1934. case IDM_ENROLL_NEW_CERT_SAME_KEY:
  1935. hr = OnEnroll (pDataObject, false);
  1936. break;
  1938. case IDM_ENROLL_NEW_CERT_NEW_KEY:
  1939. hr = OnEnroll (pDataObject, true);
  1940. break;
  1942. case IDM_OPTIONS:
  1943. hr = OnOptions (pDataObject);
  1944. break;
  1946. case IDM_INIT_POLICY:
  1947. hr = OnInitEFSPolicy (pDataObject);
  1948. break;
  1950. case IDM_DEL_POLICY:
  1951. case IDM_DEL_POLICY1:
  1952. {
  1953. AFX_MANAGE_STATE (AfxGetStaticModuleState ());
  1954. CString text;
  1955. CString caption;
  1956. int iRetVal = 0;
  1959. VERIFY (text.LoadString (IDS_CONFIRM_DELETE_EFS_POLICY));
  1960. VERIFY (caption.LoadString (IDS_CERTIFICATE_MANAGER));
  1961. hr = m_pConsole->MessageBox (text, caption,
  1962. MB_YESNO, &iRetVal);
  1963. ASSERT (SUCCEEDED (hr));
  1964. if ( SUCCEEDED (hr) && IDYES == iRetVal )
  1965. hr = OnDeleteEFSPolicy (pDataObject, true);
  1966. }
  1967. break;
  1969. case IDM_ADD_DOMAIN_ENCRYPTED_RECOVERY_AGENT:
  1970. case IDM_ADD_DOMAIN_ENCRYPTED_RECOVERY_AGENT1:
  1971. case IDM_ADD_DOMAIN_ENCRYPTED_RECOVERY_AGENT2:
  1972. hr = OnAddDomainEncryptedDataRecoveryAgent (pDataObject);
  1973. break;
  1975. case IDM_CREATE_DOMAIN_ENCRYPTED_RECOVERY_AGENT:
  1976. hr = OnEnroll (pDataObject, true);
  1977. break;
  1979. case IDM_NEW_ACRS:
  1980. hr = OnNewACRS (pDataObject);
  1981. break;
  1983. case IDM_SAFER_LEVEL_SET_DEFAULT:
  1984. hr = OnSetSaferLevelDefault (pDataObject);
  1985. break;
  1987. case IDM_SAFER_NEW_ENTRY_PATH:
  1988. case IDM_SAFER_NEW_ENTRY_HASH:
  1989. case IDM_SAFER_NEW_ENTRY_CERTIFICATE:
  1990. case IDM_SAFER_NEW_ENTRY_INTERNET_ZONE:
  1991. hr = OnNewSaferEntry (nCommandID, pDataObject);
  1992. break;
  1994. case IDM_TOP_CREATE_NEW_SAFER_POLICY:
  1995. case IDM_TASK_CREATE_NEW_SAFER_POLICY:
  1996. hr = OnCreateNewSaferPolicy (pDataObject);
  1997. break;
  1999. case -1: // Received on forward/back buttons from toolbar
  2000. break;
  2002. default:
  2003. ASSERT (0);
  2004. break;
  2005. }
  2007. _TRACE (-1, L"Leaving CCertMgrComponentData::Command: 0x%x\n", hr);
  2008. return hr;
  2009. }
  2011. HRESULT CCertMgrComponentData::OnNewACRS (LPDATAOBJECT pDataObject)
  2012. {
  2013. _TRACE (1, L"Entering CCertMgrComponentData::OnNewACRS\n");
  2014. ASSERT (pDataObject);
  2015. if ( !pDataObject )
  2016. return E_POINTER;
  2017. AFX_MANAGE_STATE (AfxGetStaticModuleState ());
  2018. HRESULT hr = S_OK;
  2019. CCertMgrCookie* pCookie = ConvertCookie (pDataObject);
  2020. ASSERT (pCookie);
  2021. if ( pCookie )
  2022. {
  2023. if ( CERTMGR_LOG_STORE_GPE == pCookie->m_objecttype )
  2024. {
  2025. CCertStoreGPE* pStore = reinterpret_cast <CCertStoreGPE*> (pCookie);
  2026. ASSERT (pStore);
  2027. if ( pStore )
  2028. {
  2029. HWND hwndConsole = 0;
  2030. hr = m_pConsole->GetMainWindow (&hwndConsole);
  2031. ASSERT (SUCCEEDED (hr));
  2032. if ( SUCCEEDED (hr) )
  2033. {
  2034. ACRSWizardPropertySheet sheet (pStore, NULL);
  2036. ACRSWizardWelcomePage welcomePage;
  2037. ACRSWizardTypePage typePage;
  2038. ACRSCompletionPage completionPage;
  2040. sheet.AddPage (&welcomePage);
  2041. sheet.AddPage (&typePage);
  2042. sheet.AddPage (&completionPage);
  2044. if ( sheet.DoWizard (hwndConsole) )
  2045. {
  2046. pStore->SetDirty ();
  2047. hr = m_pConsole->UpdateAllViews (pDataObject, 0, 0);
  2048. ASSERT (SUCCEEDED (hr));
  2049. }
  2050. }
  2051. }
  2052. else
  2053. hr = E_UNEXPECTED;
  2054. }
  2055. else
  2056. hr = E_UNEXPECTED;
  2058. }
  2059. else
  2060. hr = E_UNEXPECTED;
  2062. _TRACE (-1, L"Leaving CCertMgrComponentData::OnNewACRS: 0x%x\n", hr);
  2063. return hr;
  2064. }
  2067. HRESULT CCertMgrComponentData::RefreshScopePane (LPDATAOBJECT pDataObject)
  2068. {
  2069. _TRACE (1, L"Entering CCertMgrComponentData::RefreshScopePane\n");
  2070. HRESULT hr = S_OK;
  2071. CCertMgrCookie* pCookie = 0;
  2073. if ( pDataObject )
  2074. pCookie = ConvertCookie (pDataObject);
  2075. if ( !pDataObject || ( pCookie && ((CCertMgrCookie*) CERTMGR_NULL_POLICY) != pCookie) )
  2076. {
  2077. // If m_hRootScopeItem is NULL, then this is an extension and we don't want to go in here.
  2078. if ( !pDataObject || (m_hRootScopeItem && pCookie->m_hScopeItem == m_hRootScopeItem) )
  2079. {
  2080. hr = DeleteScopeItems ();
  2081. ASSERT (SUCCEEDED (hr));
  2082. if ( 1 ) //SUCCEEDED (hr) )
  2083. {
  2084. GUID guid;
  2085. hr = ExpandScopeNodes (m_pRootCookie, m_hRootScopeItem,
  2086. _T (""), 0, guid);
  2087. }
  2088. else if ( E_UNEXPECTED == hr )
  2089. {
  2090. ASSERT (0);
  2091. }
  2092. else if ( E_INVALIDARG == hr )
  2093. {
  2094. ASSERT (0);
  2095. }
  2097. }
  2098. else
  2099. {
  2100. switch (pCookie->m_objecttype)
  2101. {
  2102. case CERTMGR_LOG_STORE_GPE:
  2103. case CERTMGR_LOG_STORE_RSOP:
  2104. case CERTMGR_USAGE:
  2105. case CERTMGR_LOG_STORE:
  2106. case CERTMGR_PHYS_STORE:
  2107. case CERTMGR_CRL_CONTAINER:
  2108. case CERTMGR_CTL_CONTAINER:
  2109. case CERTMGR_CERT_CONTAINER:
  2110. hr = DeleteChildren (pCookie->m_hScopeItem);
  2111. break;
  2113. default:
  2114. break;
  2115. }
  2116. }
  2117. }
  2118. _TRACE (-1, L"Leaving CCertMgrComponentData::RefreshScopePane: 0x%x\n", hr);
  2119. return hr;
  2120. }
  2123. HRESULT CCertMgrComponentData::ExpandScopeNodes (
  2124. CCertMgrCookie* pParentCookie,
  2125. HSCOPEITEM hParent,
  2126. const CString& strServerName,
  2127. DWORD dwLocation,
  2128. const GUID& guidObjectType)
  2129. {
  2130. _TRACE (1, L"Entering CCertMgrComponentData::ExpandScopeNodes\n");
  2131. ASSERT (hParent);
  2132. AFX_MANAGE_STATE (AfxGetStaticModuleState ());
  2133. CWaitCursor waitCursor;
  2134. HRESULT hr = S_OK;
  2136. if ( pParentCookie )
  2137. {
  2138. CString objectName;
  2140. switch ( pParentCookie->m_objecttype )
  2141. {
  2142. // These node types have no children yet
  2143. case CERTMGR_SNAPIN:
  2144. // We don't expect the handle of the root scope item to change, ever!
  2145. ASSERT ( m_hRootScopeItem ? (m_hRootScopeItem == hParent) : 1);
  2146. if ( !m_hRootScopeItem )
  2147. m_hRootScopeItem = hParent;
  2149. switch (m_activeViewPersist)
  2150. {
  2151. case IDM_USAGE_VIEW:
  2152. hr = AddUsagesToScopePane (hParent, *pParentCookie);
  2153. break;
  2155. case IDM_STORE_VIEW:
  2156. hr = AddLogicalStoresToScopePane (hParent, *pParentCookie);
  2157. break;
  2159. default:
  2160. ASSERT (0);
  2161. hr = E_UNEXPECTED;
  2162. break;
  2163. }
  2164. break;
  2166. // This node type has no children
  2167. case CERTMGR_USAGE:
  2168. case CERTMGR_CRL_CONTAINER:
  2169. case CERTMGR_CTL_CONTAINER:
  2170. case CERTMGR_CERT_CONTAINER:
  2171. break;
  2173. case CERTMGR_PHYS_STORE:
  2174. // Create one each of a CRL_CONTAINER node, CTL_CONTAINER
  2175. // node and CERT container node.
  2176. hr = AddContainersToScopePane (hParent, *pParentCookie,
  2177. false);
  2178. break;
  2180. case CERTMGR_LOG_STORE_RSOP:
  2181. case CERTMGR_LOG_STORE_GPE:
  2182. // This is the Group Policy Editor extension
  2183. // This node type has no children
  2184. break;
  2186. case CERTMGR_LOG_STORE:
  2187. if ( m_bShowPhysicalStoresPersist )
  2188. {
  2189. SPECIAL_STORE_TYPE storeType = NO_SPECIAL_TYPE;
  2190. CCertStore* pCertStoreCookie =
  2191. reinterpret_cast <CCertStore*> (pParentCookie);
  2192. ASSERT (pCertStoreCookie);
  2193. if ( pCertStoreCookie )
  2194. storeType = pCertStoreCookie->GetStoreType ();
  2195. hr = AddPhysicalStoresToScopePane (hParent, *pParentCookie,
  2196. storeType);
  2197. }
  2198. else
  2199. {
  2200. // Create one each of a CRL_CONTAINER node, CTL_CONTAINER
  2201. // node and CERT container node.
  2202. hr = AddContainersToScopePane (hParent, *pParentCookie,
  2203. false);
  2204. }
  2205. break;
  2207. case CERTMGR_CERT_POLICIES_USER:
  2208. // Don't add these nodes for local machine policy
  2209. if ( SCE_MODE_LOCAL_COMPUTER != m_dwSCEMode )
  2210. {
  2211. // Add "Trusted Certificate Authorities"
  2212. VERIFY (objectName.LoadString (IDS_CERTIFICATE_TRUST_LISTS));
  2214. if ( SUCCEEDED (hr) )
  2215. {
  2216. if ( m_pGPEInformation )
  2217. {
  2218. hr = AddScopeNode (new CCertStoreGPE (
  2219. CERT_SYSTEM_STORE_RELOCATE_FLAG,
  2220. _T (""),
  2221. (PCWSTR) objectName,
  2222. TRUST_SYSTEM_STORE_NAME,
  2223. _T (""),
  2224. m_pGPEInformation,
  2225. NODEID_User,
  2226. m_pConsole),
  2227. strServerName,
  2228. hParent);
  2229. }
  2230. else if ( m_pRSOPInformationUser )
  2231. {
  2232. hr = AddScopeNode (new CCertStoreRSOP (
  2233. CERT_SYSTEM_STORE_RELOCATE_FLAG,
  2234. _T (""),
  2235. (PCWSTR) objectName,
  2236. TRUST_SYSTEM_STORE_NAME,
  2237. _T (""),
  2238. m_rsopObjectArrayUser,
  2239. NODEID_User,
  2240. m_pConsole),
  2241. strServerName,
  2242. hParent);
  2243. }
  2244. }
  2245. }
  2246. break;
  2248. case CERTMGR_CERT_POLICIES_COMPUTER:
  2249. // Add only this node for local machine policy
  2250. // Add "Encrypting File System"
  2252. VERIFY (objectName.LoadString (IDS_ENCRYPTING_FILE_SYSTEM_NODE_NAME));
  2254. if ( m_pGPEInformation )
  2255. {
  2256. hr = AddScopeNode (new CCertStoreGPE (
  2257. CERT_SYSTEM_STORE_RELOCATE_FLAG,
  2258. _T (""),
  2259. (PCWSTR) objectName,
  2260. EFS_SYSTEM_STORE_NAME,
  2261. _T (""),
  2262. m_pGPEInformation,
  2263. NODEID_Machine,
  2264. m_pConsole),
  2265. strServerName,
  2266. hParent);
  2267. }
  2268. else if ( m_pRSOPInformationComputer )
  2269. {
  2270. hr = AddScopeNode (new CCertStoreRSOP (
  2271. CERT_SYSTEM_STORE_RELOCATE_FLAG,
  2272. _T (""),
  2273. (PCWSTR) objectName,
  2274. EFS_SYSTEM_STORE_NAME,
  2275. _T (""),
  2276. m_rsopObjectArrayComputer,
  2277. NODEID_Machine,
  2278. m_pConsole),
  2279. strServerName,
  2280. hParent);
  2281. }
  2283. if ( SCE_MODE_LOCAL_COMPUTER != m_dwSCEMode )
  2284. {
  2285. // Add these policies if this is the domain policy
  2286. if ( SUCCEEDED (hr) )
  2287. {
  2288. // Add "Automatic Certificate Request Settings"
  2289. VERIFY (objectName.LoadString (IDS_AUTOMATIC_CERT_REQUEST_SETTINGS_NODE_NAME));
  2290. if ( m_pGPEInformation )
  2291. {
  2292. m_pGPEACRSComputerStore = new CCertStoreGPE (
  2293. CERT_SYSTEM_STORE_RELOCATE_FLAG,
  2294. _T (""),
  2295. (PCWSTR) objectName,
  2296. ACRS_SYSTEM_STORE_NAME,
  2297. _T (""),
  2298. m_pGPEInformation,
  2299. NODEID_Machine,
  2300. m_pConsole);
  2301. }
  2302. else if ( m_pRSOPInformationComputer )
  2303. {
  2304. m_pGPEACRSComputerStore = new CCertStoreRSOP (
  2305. CERT_SYSTEM_STORE_RELOCATE_FLAG,
  2306. _T (""),
  2307. (PCWSTR) objectName,
  2308. ACRS_SYSTEM_STORE_NAME,
  2309. _T (""),
  2310. m_rsopObjectArrayComputer,
  2311. NODEID_Machine,
  2312. m_pConsole);
  2313. }
  2314. if ( m_pGPEACRSComputerStore )
  2315. {
  2316. m_pGPEACRSComputerStore->AddRef ();
  2317. hr = AddScopeNode (m_pGPEACRSComputerStore,
  2318. strServerName, hParent);
  2319. }
  2320. else
  2321. {
  2322. hr = E_OUTOFMEMORY;
  2323. }
  2324. }
  2327. if ( SUCCEEDED (hr) )
  2328. {
  2329. // Add "Domain Root Certificate Authorities"
  2330. VERIFY (objectName.LoadString (IDS_DOMAIN_ROOT_CERT_AUTHS_NODE_NAME));
  2332. ASSERT (!m_pGPERootStore);
  2333. if ( m_pGPEInformation )
  2334. {
  2335. m_pGPERootStore = new CCertStoreGPE (
  2336. CERT_SYSTEM_STORE_RELOCATE_FLAG,
  2337. _T (""),
  2338. (PCWSTR) objectName,
  2339. ROOT_SYSTEM_STORE_NAME,
  2340. _T (""),
  2341. m_pGPEInformation,
  2342. NODEID_Machine,
  2343. m_pConsole);
  2344. }
  2345. else if ( m_pRSOPInformationComputer )
  2346. {
  2347. m_pGPERootStore = new CCertStoreRSOP (
  2348. CERT_SYSTEM_STORE_RELOCATE_FLAG,
  2349. _T (""),
  2350. (PCWSTR) objectName,
  2351. ROOT_SYSTEM_STORE_NAME,
  2352. _T (""),
  2353. m_rsopObjectArrayComputer,
  2354. NODEID_Machine,
  2355. m_pConsole);
  2356. }
  2358. if ( m_pGPERootStore )
  2359. {
  2360. m_pGPERootStore->AddRef ();
  2361. hr = AddScopeNode (m_pGPERootStore,
  2362. strServerName, hParent);
  2363. }
  2364. else
  2365. {
  2366. hr = E_OUTOFMEMORY;
  2367. }
  2368. }
  2370. if ( SUCCEEDED (hr) )
  2371. {
  2372. // Add "Trusted Certificate Authorities"
  2373. VERIFY (objectName.LoadString (IDS_CERTIFICATE_TRUST_LISTS));
  2375. ASSERT (!m_pGPETrustStore);
  2376. if ( m_pGPEInformation )
  2377. {
  2378. m_pGPETrustStore = new CCertStoreGPE (
  2379. CERT_SYSTEM_STORE_RELOCATE_FLAG,
  2380. _T (""),
  2381. (PCWSTR) objectName,
  2382. TRUST_SYSTEM_STORE_NAME,
  2383. _T (""),
  2384. m_pGPEInformation,
  2385. NODEID_Machine,
  2386. m_pConsole);
  2387. }
  2388. else if ( m_pRSOPInformationComputer )
  2389. {
  2390. m_pGPETrustStore = new CCertStoreRSOP (
  2391. CERT_SYSTEM_STORE_RELOCATE_FLAG,
  2392. _T (""),
  2393. (PCWSTR) objectName,
  2394. TRUST_SYSTEM_STORE_NAME,
  2395. _T (""),
  2396. m_rsopObjectArrayComputer,
  2397. NODEID_Machine,
  2398. m_pConsole);
  2399. }
  2400. if ( m_pGPETrustStore )
  2401. {
  2402. m_pGPETrustStore->AddRef ();
  2403. hr = AddScopeNode (m_pGPETrustStore,
  2404. strServerName, hParent);
  2405. }
  2406. else
  2407. {
  2408. hr = E_OUTOFMEMORY;
  2409. }
  2410. }
  2411. }
  2412. break;
  2414. case CERTMGR_SAFER_COMPUTER_ROOT:
  2415. case CERTMGR_SAFER_USER_ROOT:
  2416. {
  2417. CSaferRootCookie* pSaferRootCookie =
  2418. dynamic_cast <CSaferRootCookie*> (pParentCookie);
  2419. if ( pSaferRootCookie )
  2420. {
  2421. bool bIsComputer =
  2422. (CERTMGR_SAFER_COMPUTER_ROOT == pParentCookie->m_objecttype);
  2423. if ( !m_bIsRSOP )
  2424. {
  2425. // Find out if Safer is supported by the OS
  2426. m_bSaferSupported = false;
  2427. SAFER_LEVEL_HANDLE hLevel = 0;
  2428. CPolicyKey policyKey (m_pGPEInformation,
  2429. SAFER_HKLM_REGBASE,
  2430. CERTMGR_SAFER_COMPUTER_ROOT == pParentCookie->m_objecttype);
  2431. SetRegistryScope (policyKey.GetKey (),
  2432. CERTMGR_SAFER_COMPUTER_ROOT == pParentCookie->m_objecttype);
  2434. BOOL bRVal = SaferCreateLevel (SAFER_SCOPEID_REGISTRY,
  2435. SAFER_LEVELID_FULLYTRUSTED,
  2436. SAFER_LEVEL_OPEN,
  2437. &hLevel,
  2438. policyKey.GetKey ());
  2439. if ( bRVal )
  2440. {
  2441. m_bSaferSupported = true;
  2442. VERIFY (SaferCloseLevel (hLevel));
  2443. }
  2444. else
  2445. {
  2446. DWORD dwErr = GetLastError ();
  2447. _TRACE (0, L"SaferCreateLevel () failed: 0x%x\n", dwErr);
  2448. }
  2450. // Install default file types
  2451. if ( m_bSaferSupported && m_pGPEInformation )
  2452. {
  2453. HKEY hGroupPolicyKey = 0;
  2454. hr = m_pGPEInformation->GetRegistryKey (
  2455. bIsComputer ?
  2456. GPO_SECTION_MACHINE : GPO_SECTION_USER,
  2457. &hGroupPolicyKey);
  2458. if ( SUCCEEDED (hr) )
  2459. {
  2460. // Check to see if safer defaults have already
  2461. // been defined. If not, prompt the user
  2462. // for confirmation. If the response is "no"
  2463. // then do not create the nodes
  2464. PCWSTR pszKeyName = bIsComputer ?
  2465. SAFER_COMPUTER_CODEIDS_REGKEY :
  2466. SAFER_USER_CODEIDS_REGKEY;
  2468. HKEY hCodeIDsKey = 0;
  2469. LONG lResult = RegOpenKeyEx (hGroupPolicyKey,
  2470. pszKeyName, 0, KEY_READ, &hCodeIDsKey);
  2471. if ( ERROR_FILE_NOT_FOUND == lResult )
  2472. {
  2473. pSaferRootCookie->m_bCreateSaferNodes = false;
  2474. break;
  2475. }
  2476. else if ( hCodeIDsKey )
  2477. {
  2478. ::RegCloseKey (hCodeIDsKey);
  2479. hCodeIDsKey = 0;
  2480. }
  2481. ::RegCloseKey (hGroupPolicyKey);
  2482. }
  2483. }
  2484. }
  2486. if ( m_bSaferSupported || m_bIsRSOP )
  2487. {
  2488. // Add "Levels" node
  2489. VERIFY (objectName.LoadString (IDS_SAFER_LEVELS_NODE_NAME));
  2490. hr = AddScopeNode (new CCertMgrCookie (
  2491. bIsComputer ?
  2492. CERTMGR_SAFER_COMPUTER_LEVELS : CERTMGR_SAFER_USER_LEVELS,
  2493. 0,
  2494. (PCWSTR) objectName), strServerName, hParent);
  2496. // Add "Entries" node
  2497. if ( SUCCEEDED (hr) )
  2498. {
  2499. VERIFY (objectName.LoadString (IDS_SAFER_ENTRIES_NODE_NAME));
  2500. hr = AddScopeNode (new CSaferEntries (
  2501. bIsComputer,
  2502. strServerName,
  2503. objectName,
  2504. m_pGPEInformation,
  2505. bIsComputer ? m_pRSOPInformationComputer : m_pRSOPInformationUser,
  2506. bIsComputer ? m_rsopObjectArrayComputer : m_rsopObjectArrayUser,
  2507. m_pConsole),
  2508. strServerName, hParent);
  2510. if ( SUCCEEDED (hr) )
  2511. {
  2512. hr = SaferEnumerateLevels (bIsComputer);
  2513. }
  2514. }
  2515. }
  2516. }
  2517. }
  2518. break;
  2520. case CERTMGR_SAFER_COMPUTER_LEVELS:
  2521. break;
  2523. case CERTMGR_SAFER_USER_LEVELS:
  2524. // TODO: Enumerate user levels
  2525. break;
  2527. case CERTMGR_SAFER_COMPUTER_ENTRIES:
  2528. // TODO: Enumerate computer entries
  2529. break;
  2531. case CERTMGR_SAFER_USER_ENTRIES:
  2532. // TODO: Enumerate user entries
  2533. break;
  2535. case CERTMGR_CERTIFICATE: // not expected in scope pane
  2536. case CERTMGR_CRL:
  2537. case CERTMGR_CTL:
  2538. case CERTMGR_AUTO_CERT_REQUEST:
  2539. case CERTMGR_PKP_AUTOENROLLMENT_COMPUTER_SETTINGS:
  2540. case CERTMGR_PKP_AUTOENROLLMENT_USER_SETTINGS:
  2541. ASSERT (0);
  2542. hr = E_UNEXPECTED;
  2543. break;
  2545. default:
  2546. _TRACE (0, L"CCertMgrComponentData::EnumerateScopeChildren bad parent type\n");
  2547. ASSERT (0);
  2548. hr = S_OK;
  2549. break;
  2550. }
  2551. }
  2552. else
  2553. {
  2554. // If parentCookie not passed in, then this is an extension snap-in
  2555. m_dwLocationPersist = dwLocation;
  2558. if ( m_pGPEInformation || m_pRSOPInformationComputer || m_pRSOPInformationUser )
  2559. {
  2560. CString objectName;
  2563. if ( ::IsEqualGUID (guidObjectType, NODEID_Machine) )
  2564. {
  2565. if ( SUCCEEDED (hr) )
  2566. {
  2567. CLSID classID;
  2568. GetClassID (&classID);
  2570. if ( ::IsEqualGUID (classID, CLSID_CertificateManagerPKPOLExt) )
  2571. {
  2572. // Add "Public Key Policies" node
  2573. VERIFY (objectName.LoadString (IDS_PUBLIC_KEY_POLICIES_NODE_NAME));
  2574. hr = AddScopeNode (new CCertMgrCookie (
  2575. CERTMGR_CERT_POLICIES_COMPUTER,
  2576. 0,
  2577. (PCWSTR) objectName),
  2578. strServerName, hParent);
  2579. }
  2580. else if ( ::IsEqualGUID (classID, CLSID_SaferWindowsExtension) )
  2581. {
  2582. // Add "Software Restriction Policies" node
  2583. VERIFY (objectName.LoadString (IDS_SAFER_WINDOWS_NODE_NAME));
  2584. hr = AddScopeNode (new CSaferRootCookie (
  2585. CERTMGR_SAFER_COMPUTER_ROOT,
  2586. 0,
  2587. (PCWSTR) objectName),
  2588. strServerName, hParent);
  2589. }
  2590. }
  2592. }
  2593. else if ( ::IsEqualGUID (guidObjectType, NODEID_User) )
  2594. {
  2595. if ( SUCCEEDED (hr) )
  2596. {
  2597. CLSID classID;
  2598. GetClassID (&classID);
  2600. if ( ::IsEqualGUID (classID, CLSID_CertificateManagerPKPOLExt) )
  2601. {
  2602. // Add "Public Key Policies" node
  2603. VERIFY (objectName.LoadString (IDS_PUBLIC_KEY_POLICIES_NODE_NAME));
  2604. hr = AddScopeNode (new CCertMgrCookie (
  2605. CERTMGR_CERT_POLICIES_USER,
  2606. 0,
  2607. (PCWSTR) objectName), strServerName, hParent);
  2608. }
  2609. else if ( ::IsEqualGUID (classID, CLSID_SaferWindowsExtension) )
  2610. {
  2611. if ( SCE_MODE_LOCAL_USER != m_dwSCEMode )
  2612. {
  2613. // Add "Software Restriction Policies" node
  2614. VERIFY (objectName.LoadString (IDS_SAFER_WINDOWS_NODE_NAME));
  2615. hr = AddScopeNode (new CSaferRootCookie (
  2616. CERTMGR_SAFER_USER_ROOT,
  2617. 0,
  2618. (PCWSTR) objectName), strServerName, hParent);
  2619. }
  2620. }
  2621. }
  2622. }
  2623. }
  2624. }
  2626. _TRACE (-1, L"Leaving CCertMgrComponentData::ExpandScopeNodes: 0x%x\n", hr);
  2627. return hr;
  2628. }
  2631. HRESULT CCertMgrComponentData::DeleteScopeItems (HSCOPEITEM hScopeItem /* = 0 */)
  2632. {
  2633. _TRACE (1, L"Entering CCertMgrComponentData::DeleteScopeItems\n");
  2634. HRESULT hr = S_OK;
  2636. if ( m_pGPERootStore )
  2637. {
  2638. m_pGPERootStore->Release ();
  2639. m_pGPERootStore = 0;
  2640. }
  2642. if ( m_pGPETrustStore )
  2643. {
  2644. m_pGPETrustStore->Release ();
  2645. m_pGPETrustStore = 0;
  2646. }
  2648. if ( m_pGPEACRSComputerStore )
  2649. {
  2650. m_pGPEACRSComputerStore->Release ();
  2651. m_pGPEACRSComputerStore = 0;
  2652. }
  2654. if ( m_pGPEACRSUserStore )
  2655. {
  2656. m_pGPEACRSUserStore->Release ();
  2657. m_pGPEACRSUserStore = 0;
  2658. }
  2660. if ( m_pFileBasedStore )
  2661. {
  2662. m_pFileBasedStore->Release ();
  2663. m_pFileBasedStore = 0;
  2664. }
  2666. hr = DeleteChildren (hScopeItem ? hScopeItem : m_hRootScopeItem);
  2668. _TRACE (-1, L"Leaving CCertMgrComponentData::DeleteScopeItems: 0x%x\n", hr);
  2669. return hr;
  2670. }
  2673. HRESULT CCertMgrComponentData::DeleteChildren (HSCOPEITEM hParent)
  2674. {
  2675. _TRACE (1, L"Entering CCertMgrComponentData::DeleteChildren\n");
  2676. if ( !hParent )
  2677. return S_OK;
  2679. HSCOPEITEM hChild = 0;
  2680. HSCOPEITEM hNextChild = 0;
  2681. MMC_COOKIE lCookie = 0;
  2682. CCertMgrCookie* pCookie = 0;
  2683. HRESULT hr = S_OK;
  2684. CCookie& rootCookie = QueryBaseRootCookie ();
  2686. // Optimization: If we're deleting everything below the root, free all
  2687. // the result items here so we don't have to go looking for them later by
  2688. // store
  2689. if ( hParent == m_hRootScopeItem )
  2690. {
  2691. LPRESULTDATA pResultData = 0;
  2692. hr = GetResultData (&pResultData);
  2693. if ( SUCCEEDED (hr) )
  2694. {
  2695. hr = pResultData->DeleteAllRsltItems ();
  2696. if ( SUCCEEDED (hr) || E_UNEXPECTED == hr ) // returns E_UNEXPECTED if console shutting down
  2697. {
  2698. RemoveResultCookies (pResultData);
  2699. }
  2700. else
  2701. {
  2702. _TRACE (0, L"IResultData::DeleteAllRsltItems () failed: 0x%x\n", hr);
  2703. }
  2704. pResultData->Release ();
  2705. }
  2706. }
  2709. hr = m_pConsoleNameSpace->GetChildItem (hParent, &hChild, &lCookie);
  2710. ASSERT (SUCCEEDED (hr) || E_FAIL == hr); // appears to return E_FAIL when there are no children
  2711. while ( SUCCEEDED (hr) && hChild )
  2712. {
  2713. pCookie = reinterpret_cast <CCertMgrCookie*> (lCookie);
  2715. hr = DeleteChildren (hChild);
  2716. if ( !SUCCEEDED (hr) )
  2717. break;
  2719. hNextChild = 0;
  2720. hr = m_pConsoleNameSpace->GetNextItem (hChild, &hNextChild, &lCookie);
  2721. ASSERT (SUCCEEDED (hr));
  2723. hr = m_pConsoleNameSpace->DeleteItem (hChild, TRUE);
  2724. ASSERT (SUCCEEDED (hr));
  2726. switch (pCookie->m_objecttype)
  2727. {
  2728. case CERTMGR_LOG_STORE:
  2729. case CERTMGR_LOG_STORE_GPE:
  2730. case CERTMGR_LOG_STORE_RSOP:
  2731. case CERTMGR_PHYS_STORE:
  2732. {
  2733. // If this is a store, delete all the result nodes that belong to this
  2734. // store. We can tell if objects were enumerated from this store simply
  2735. // by comparing the store handles.
  2736. CCertStore* pStore = reinterpret_cast <CCertStore*> (pCookie);
  2737. ASSERT (pStore);
  2738. if ( pStore )
  2739. {
  2740. // If the store is not 'open' (it's HCERTSTORE handle is still '0')
  2741. // then we can skip checking this list. We haven't enumerated anything
  2742. // in this store.
  2743. if ( pStore->IsOpen () )
  2744. {
  2745. POSITION pos1 = 0;
  2746. POSITION pos2 = 0;
  2747. CBaseCookieBlock* pResultCookie = 0;
  2748. HCERTSTORE hStoreHandle = pStore->GetStoreHandle ();
  2750. // As an optimization, if DeleteChildren was originally called with
  2751. // the root scope item, all the result cookies have already been
  2752. // deleted since we're going to delete them all anyway.
  2753. for (pos1 = rootCookie.m_listResultCookieBlocks.GetHeadPosition();
  2754. (pos2 = pos1) != NULL; )
  2755. {
  2756. pResultCookie = rootCookie.m_listResultCookieBlocks.GetNext (pos1);
  2757. ASSERT (pResultCookie);
  2758. if ( pResultCookie )
  2759. {
  2760. hr = ReleaseResultCookie (pResultCookie,
  2761. rootCookie, hStoreHandle, pos2);
  2762. }
  2763. }
  2764. pStore->Close ();
  2765. }
  2766. }
  2767. }
  2768. // fall through
  2770. case CERTMGR_CRL_CONTAINER:
  2771. case CERTMGR_CTL_CONTAINER:
  2772. case CERTMGR_CERT_CONTAINER:
  2773. case CERTMGR_USAGE:
  2774. {
  2775. POSITION pos1 = 0;
  2776. POSITION pos2 = 0;
  2777. CBaseCookieBlock* pResultCookie = 0;
  2779. // Find and remove this cookie from the scope cookie list
  2780. for (pos1 = rootCookie.m_listScopeCookieBlocks.GetHeadPosition();
  2781. pos1 != NULL; )
  2782. {
  2783. pos2 = pos1;
  2784. pResultCookie = rootCookie.m_listResultCookieBlocks.GetNext (pos1);
  2785. ASSERT (pResultCookie);
  2786. if ( pResultCookie )
  2787. {
  2788. if ( pResultCookie->QueryBaseCookie (0) == pCookie )
  2789. {
  2790. rootCookie.m_listScopeCookieBlocks.RemoveAt (pos2);
  2791. pResultCookie->Release ();
  2792. break;
  2793. }
  2794. }
  2795. }
  2796. }
  2797. break;
  2799. default:
  2800. break;
  2801. }
  2803. hChild = hNextChild;
  2804. }
  2807. _TRACE (-1, L"Leaving CCertMgrComponentData::DeleteChildren: 0x%x\n", hr);
  2808. return hr;
  2809. }
  2812. CertificateManagerObjectType CCertMgrComponentData::GetObjectType (LPDATAOBJECT pDataObject)
  2813. {
  2814. _TRACE (1, L"Entering CCertMgrComponentData::GetObjectType\n");
  2815. CertificateManagerObjectType objType = CERTMGR_INVALID;
  2817. ASSERT (pDataObject);
  2818. CCertMgrCookie* pCookie = ConvertCookie (pDataObject);
  2819. if ( ((CCertMgrCookie*) MMC_MULTI_SELECT_COOKIE) == pCookie )
  2820. objType = CERTMGR_MULTISEL;
  2821. else if ( pCookie )
  2822. objType = pCookie->m_objecttype;
  2824. _TRACE (-1, L"Leaving CCertMgrComponentData::GetObjectType\n");
  2825. return objType;
  2826. }
  2830. HRESULT CCertMgrComponentData::OnPulseAutoEnroll()
  2831. {
  2832. _TRACE (1, L"Entering CCertMgrComponentData::OnPulseAutoEnroll\n");
  2833. HRESULT hr = S_OK;
  2834. AFX_MANAGE_STATE (AfxGetStaticModuleState ());
  2836. HANDLE hEvent = NULL;
  2837. LPWSTR wszEventName;
  2840. // pulse autoenroll event here, choose between machine or user
  2842. // user or machine pulse?
  2843. wszEventName = L"Global\\" MACHINE_AUTOENROLLMENT_TRIGGER_EVENT;
  2844. if (CERT_SYSTEM_STORE_CURRENT_USER == m_dwLocationPersist)
  2845. wszEventName = USER_AUTOENROLLMENT_TRIGGER_EVENT;
  2847. hEvent=OpenEvent(EVENT_MODIFY_STATE, false, wszEventName);
  2848. if (NULL==hEvent)
  2849. {
  2850. DWORD dwErr = GetLastError();
  2852. CString text;
  2853. CString caption;
  2855. VERIFY (caption.LoadString (IDS_CERTIFICATE_MANAGER));
  2856. text.FormatMessage (IDS_CANT_OPEN_AUTOENROLL_EVENT, GetSystemMessage (dwErr));
  2858. int iRetVal = 0;
  2859. VERIFY (SUCCEEDED (m_pConsole->MessageBox (text, caption, MB_OK, &iRetVal)));
  2861. hr=HRESULT_FROM_WIN32(dwErr);
  2862. _TRACE (0, L"OpenEvent(%s) failed with 0x%08X.\n", wszEventName, hr);
  2863. goto error;
  2864. }
  2866. if (!SetEvent(hEvent))
  2867. {
  2868. DWORD dwErr = GetLastError();
  2869. DisplaySystemError (dwErr);
  2870. hr=HRESULT_FROM_WIN32(dwErr);
  2871. _TRACE (0, L"SetEvent failed with 0x%08X.\n", hr);
  2872. goto error;
  2873. }
  2876. error:
  2877. if (NULL!=hEvent)
  2878. CloseHandle(hEvent);
  2880. _TRACE (-1, L"Leaving CCertMgrComponentData::OnPulseAutoEnroll: 0x%x\n", hr);
  2881. return hr;
  2882. }
  2884. HRESULT CCertMgrComponentData::OnFind (LPDATAOBJECT pDataObject)
  2885. {
  2886. _TRACE (1, L"Entering CCertMgrComponentData::OnFind\n");
  2887. HRESULT hr = S_OK;
  2888. ASSERT (pDataObject);
  2889. AFX_MANAGE_STATE (AfxGetStaticModuleState ());
  2890. HWND hParent = 0;
  2893. ASSERT (pDataObject);
  2894. CCertMgrCookie* pParentCookie = ConvertCookie (pDataObject);
  2895. if ( pParentCookie )
  2896. {
  2897. switch (pParentCookie->m_objecttype)
  2898. {
  2899. case CERTMGR_SNAPIN:
  2900. case CERTMGR_PHYS_STORE:
  2901. case CERTMGR_LOG_STORE:
  2902. case CERTMGR_LOG_STORE_GPE:
  2903. case CERTMGR_LOG_STORE_RSOP:
  2904. case CERTMGR_USAGE:
  2905. {
  2906. // Get parent window handle and attach to a CWnd object
  2907. hr = m_pConsole->GetMainWindow (&hParent);
  2908. ASSERT (SUCCEEDED (hr));
  2909. if ( SUCCEEDED (hr) )
  2910. {
  2911. CWnd parentWnd;
  2912. VERIFY (parentWnd.Attach (hParent));
  2913. CFindDialog findDlg (&parentWnd,
  2914. pParentCookie->QueryNonNULLMachineName (),
  2915. m_szFileName,
  2916. this);
  2917. CThemeContextActivator activator;
  2918. INT_PTR iReturn = findDlg.DoModal ();
  2919. ASSERT (-1 != iReturn && IDABORT != iReturn);
  2920. if ( -1 == iReturn || IDABORT == iReturn )
  2921. hr = E_UNEXPECTED;
  2922. else
  2923. {
  2924. if ( findDlg.ConsoleRefreshRequired () )
  2925. {
  2926. hr = m_pConsole->UpdateAllViews (pDataObject, 0,
  2927. HINT_REFRESH_STORES);
  2928. }
  2929. }
  2931. parentWnd.Detach ();
  2934. }
  2935. }
  2936. break;
  2938. case CERTMGR_CERTIFICATE:
  2939. case CERTMGR_CRL:
  2940. case CERTMGR_CTL:
  2941. case CERTMGR_AUTO_CERT_REQUEST:
  2942. ASSERT (0);
  2943. hr = E_UNEXPECTED;
  2944. break;
  2946. case CERTMGR_PKP_AUTOENROLLMENT_COMPUTER_SETTINGS:
  2947. case CERTMGR_PKP_AUTOENROLLMENT_USER_SETTINGS:
  2948. ASSERT (0);
  2949. break;
  2951. case CERTMGR_CRL_CONTAINER:
  2952. case CERTMGR_CTL_CONTAINER:
  2953. case CERTMGR_CERT_CONTAINER:
  2954. break;
  2956. default:
  2957. ASSERT (0);
  2958. hr = E_UNEXPECTED;
  2959. }
  2960. }
  2962. _TRACE (-1, L"Leaving CCertMgrComponentData::OnFind: 0x%x\n", hr);
  2963. return hr;
  2964. }
  2966. HRESULT CCertMgrComponentData::OnChangeComputer (LPDATAOBJECT pDataObject)
  2967. {
  2968. if ( !pDataObject )
  2969. return E_POINTER;
  2971. _TRACE (1, L"Entering CCertMgrComponentData::OnChangeComputer\n");
  2972. HRESULT hr = S_OK;
  2973. ASSERT (pDataObject);
  2974. AFX_MANAGE_STATE (AfxGetStaticModuleState ());
  2977. ASSERT (pDataObject);
  2978. CCertMgrCookie* pParentCookie = ConvertCookie (pDataObject);
  2979. if ( pParentCookie && CERTMGR_SNAPIN == pParentCookie->m_objecttype )
  2980. {
  2981. HWND hWndParent = NULL;
  2982. hr = m_pConsole->GetMainWindow (&hWndParent);
  2983. CString machineName;
  2984. hr = ComputerNameFromObjectPicker (hWndParent, machineName);
  2985. if ( S_OK == hr ) // S_FALSE means user pressed "Cancel"
  2986. {
  2987. machineName.MakeUpper ();
  2989. // added IsLocalComputername 1/27/99 JonN
  2990. // If the user chooses the local computer, treat that as if they had chosen
  2991. // "Local Computer" in Snapin Manager. This means that there is no way to
  2992. // reset the snapin to target explicitly at this computer without either
  2993. // reloading the snapin from Snapin Manager, or going to a different computer.
  2994. // When the Choose Target Computer UI is revised, we can make this more
  2995. // consistent with Snapin Manager.
  2996. if ( IsLocalComputername( machineName ) )
  2997. machineName = L"";
  2999. QueryRootCookie().SetMachineName (machineName);
  3001. // Set the persistent name. If we are managing the local computer
  3002. // this name should be empty.
  3003. m_strMachineNamePersist = machineName;
  3005. hr = ChangeRootNodeName (machineName);
  3006. if ( SUCCEEDED(hr) )
  3007. {
  3008. hr = m_pConsole->UpdateAllViews (pDataObject, 0, HINT_CHANGE_COMPUTER);
  3009. }
  3010. }
  3011. }
  3012. else
  3013. hr = E_UNEXPECTED;
  3016. _TRACE (-1, L"Leaving CCertMgrComponentData::OnChangeComputer: 0x%x\n", hr);
  3017. return hr;
  3018. }
  3021. HRESULT CCertMgrComponentData::IsUserAdministrator (BOOL & bIsAdministrator)
  3022. {
  3023. _TRACE (1, L"Entering CCertMgrComponentData::IsUserAdministrator\n");
  3024. HRESULT hr = S_OK;
  3025. DWORD dwErr = 0;
  3027. bIsAdministrator = FALSE;
  3028. if ( IsWindowsNT () )
  3029. {
  3030. PSID psidAdministrators;
  3031. SID_IDENTIFIER_AUTHORITY siaNtAuthority = SECURITY_NT_AUTHORITY;
  3033. BOOL bResult = AllocateAndInitializeSid (&siaNtAuthority, 2,
  3034. SECURITY_BUILTIN_DOMAIN_RID, DOMAIN_ALIAS_RID_ADMINS,
  3035. 0, 0, 0, 0, 0, 0, &psidAdministrators);
  3036. if ( bResult )
  3037. {
  3038. bResult = CheckTokenMembership (0, psidAdministrators,
  3039. &bIsAdministrator);
  3040. ASSERT (bResult);
  3041. if ( !bResult )
  3042. {
  3043. dwErr = GetLastError ();
  3044. DisplaySystemError (dwErr);
  3045. hr = HRESULT_FROM_WIN32 (dwErr);
  3046. }
  3047. FreeSid (psidAdministrators);
  3048. }
  3049. else
  3050. {
  3051. dwErr = GetLastError ();
  3052. DisplaySystemError (dwErr);
  3053. hr = HRESULT_FROM_WIN32 (dwErr);
  3054. }
  3055. }
  3057. _TRACE (-1, L"Leaving CCertMgrComponentData::IsUserAdministrator: 0x%x\n", hr);
  3058. return hr;
  3059. }
  3062. void CCertMgrComponentData::DisplaySystemError (DWORD dwErr)
  3063. {
  3064. _TRACE (1, L"Entering CCertMgrComponentData::DisplaySystemError\n");
  3065. AFX_MANAGE_STATE (AfxGetStaticModuleState ());
  3066. LPVOID lpMsgBuf;
  3068. FormatMessage (FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM,
  3069. NULL,
  3070. dwErr,
  3071. MAKELANGID (LANG_NEUTRAL, SUBLANG_DEFAULT), // Default language
  3072. (PWSTR) &lpMsgBuf, 0, NULL );
  3074. // Display the string.
  3075. CString caption;
  3076. VERIFY (caption.LoadString (IDS_CERTIFICATE_MANAGER));
  3077. int iRetVal = 0;
  3078. if ( m_pConsole )
  3079. {
  3080. HRESULT hr = m_pConsole->MessageBox ( (PWSTR) lpMsgBuf, caption,
  3081. MB_ICONWARNING | MB_OK, &iRetVal);
  3082. ASSERT (SUCCEEDED (hr));
  3083. }
  3084. else
  3085. {
  3086. CThemeContextActivator activator;
  3087. ::MessageBox (NULL, (PWSTR) lpMsgBuf, caption, MB_ICONWARNING | MB_OK);
  3088. }
  3089. // Free the buffer.
  3090. LocalFree (lpMsgBuf);
  3091. _TRACE (-1, L"Leaving CCertMgrComponentData::DisplaySystemError\n");
  3092. }
  3094. CString CCertMgrComponentData::GetCommandLineFileName () const
  3095. {
  3096. _TRACE (0, L"Entering and leaving CCertMgrComponentData::GetCommandLineFileName\n");
  3097. return m_szFileName;
  3098. }
  3100. //
  3101. // GetManagedComputer ()
  3102. //
  3103. // Returns the name of the managed computer. If we are managing the local machine
  3104. // returns an empty string. (As required by a number of Crypt32 APIs
  3105. //
  3106. CString CCertMgrComponentData::GetManagedComputer () const
  3107. {
  3108. _TRACE (0, L"Entering and leaving CCertMgrComponentData::GetManagedComputer\n");
  3109. if ( m_szManagedComputer.CompareNoCase (m_szThisComputer) ) // !=
  3110. {
  3111. return m_szManagedComputer;
  3112. }
  3113. else
  3114. return _T ("");
  3115. }
  3117. CString CCertMgrComponentData::GetManagedService () const
  3118. {
  3119. _TRACE (0, L"Entering and leaving CCertMgrComponentData::GetManagedService\n");
  3120. return m_szManagedServicePersist;
  3121. }
  3123. DWORD CCertMgrComponentData::GetLocation () const
  3124. {
  3125. _TRACE (0, L"Entering and leaving CCertMgrComponentData::GetLocation\n");
  3126. return m_dwLocationPersist;
  3127. }
  3129. LPCONSOLENAMESPACE CCertMgrComponentData::GetConsoleNameSpace () const
  3130. {
  3131. _TRACE (0, L"Entering and leaving CCertMgrComponentData::GetConsoleNameSpace\n");
  3132. return m_pConsoleNameSpace;
  3133. }
  3136. CUsageCookie* CCertMgrComponentData::FindDuplicateUsage (HSCOPEITEM hParent, PCWSTR pszName)
  3137. {
  3138. _TRACE (1, L"Entering CCertMgrComponentData::FindDuplicateUsage\n");
  3139. CUsageCookie* pUsageCookie = 0;
  3141. MMC_COOKIE lCookie = 0;
  3142. HSCOPEITEM hChildItem = 0;
  3143. bool bFound = false;
  3145. HRESULT hr = m_pConsoleNameSpace->GetChildItem (hParent, &hChildItem, &lCookie);
  3146. ASSERT (SUCCEEDED (hr));
  3147. while ( hChildItem && SUCCEEDED (hr) )
  3148. {
  3149. pUsageCookie = reinterpret_cast <CUsageCookie*> (lCookie);
  3150. if ( !wcscoll (pszName, pUsageCookie->GetObjectName ()) )
  3151. {
  3152. bFound = true;
  3153. break;
  3154. }
  3156. hr = m_pConsoleNameSpace->GetNextItem (hChildItem, &hChildItem, &lCookie);
  3157. ASSERT (SUCCEEDED (hr));
  3158. }
  3160. _TRACE (-1, L"Leaving CCertMgrComponentData::FindDuplicateUsage\n");
  3161. if ( bFound )
  3162. return pUsageCookie;
  3163. else
  3164. return NULL;
  3165. }
  3168. bool CCertMgrComponentData::IsSecurityConfigurationEditorNodetype (const GUID& refguid) const
  3169. {
  3170. _TRACE (0, L"Entering and leaving CCertMgrComponentData::IsSecurityConfigurationEditorNodetype\n");
  3171. return ::IsEqualGUID (refguid, cNodetypeSceTemplate) ? true : false;
  3172. }
  3175. HRESULT CCertMgrComponentData::OnEnroll (LPDATAOBJECT pDataObject, bool bNewKey)
  3176. {
  3177. _TRACE (1, L"Entering CCertMgrComponentData::OnEnroll\n");
  3178. AFX_MANAGE_STATE (AfxGetStaticModuleState ());
  3179. ASSERT (pDataObject);
  3180. if ( !pDataObject )
  3181. return E_POINTER;
  3183. HRESULT hr = S_OK;
  3184. CCertMgrCookie* pParentCookie = ConvertCookie (pDataObject);
  3185. if ( pParentCookie )
  3186. {
  3187. CCertStore* pStore = 0;
  3188. CCertificate* pCert = 0;
  3189. CCertStoreGPE* pGPEStore = 0;
  3190. bool bParentIsStoreOrContainer = false;
  3191. HSCOPEITEM hScopeItem = 0;
  3192. bool bEFSPolicyTurnedOn = false;
  3194. switch (pParentCookie->m_objecttype)
  3195. {
  3196. case CERTMGR_CERTIFICATE:
  3197. pCert = reinterpret_cast <CCertificate*> (pParentCookie);
  3198. ASSERT (pCert);
  3199. break;
  3201. case CERTMGR_PHYS_STORE:
  3202. case CERTMGR_LOG_STORE:
  3203. if ( !m_pGPEInformation ) // If we are not extending the GPE/SCE
  3204. {
  3205. hScopeItem = pParentCookie->m_hScopeItem; // = 0;
  3206. pStore = reinterpret_cast <CCertStore*> (pParentCookie);
  3207. ASSERT (pStore);
  3208. }
  3209. bParentIsStoreOrContainer = true;
  3210. break;
  3212. case CERTMGR_CERT_CONTAINER:
  3213. if ( !m_pGPEInformation ) // If we are not extending the GPE/SCE
  3214. {
  3215. CContainerCookie* pContainer = reinterpret_cast <CContainerCookie*> (pParentCookie);
  3216. ASSERT (pContainer);
  3217. if ( pContainer )
  3218. {
  3219. MMC_COOKIE lCookie = 0;
  3220. hr = m_pConsoleNameSpace->GetParentItem (
  3221. pContainer->m_hScopeItem, &hScopeItem, &lCookie);
  3222. ASSERT (SUCCEEDED (hr));
  3223. pStore = &pContainer->GetCertStore ();
  3224. }
  3225. }
  3226. bParentIsStoreOrContainer = true;
  3227. break;
  3229. case CERTMGR_USAGE:
  3230. break;
  3232. case CERTMGR_LOG_STORE_RSOP:
  3233. ASSERT (0);
  3234. return E_FAIL;
  3235. break;
  3237. case CERTMGR_PKP_AUTOENROLLMENT_COMPUTER_SETTINGS:
  3238. case CERTMGR_PKP_AUTOENROLLMENT_USER_SETTINGS:
  3239. ASSERT (0);
  3240. break;
  3242. case CERTMGR_LOG_STORE_GPE:
  3243. pGPEStore = reinterpret_cast <CCertStoreGPE*> (pParentCookie);
  3244. ASSERT (pGPEStore);
  3245. if ( pGPEStore )
  3246. {
  3247. if ( pGPEStore->IsNullEFSPolicy () )
  3248. {
  3249. pGPEStore->AllowEmptyEFSPolicy ();
  3250. bEFSPolicyTurnedOn = true;
  3251. }
  3252. }
  3253. else
  3254. return E_FAIL;
  3255. break;
  3257. default:
  3258. ASSERT (0);
  3259. return E_UNEXPECTED;
  3260. }
  3261. HWND hwndParent = 0;
  3262. hr = m_pConsole->GetMainWindow (&hwndParent);
  3263. ASSERT (SUCCEEDED (hr));
  3264. CRYPTUI_WIZ_CERT_REQUEST_PVK_CERT pvkCert;
  3265. CRYPTUI_WIZ_CERT_REQUEST_PVK_NEW pvkNew;
  3266. CRYPTUI_WIZ_CERT_REQUEST_INFO certRequestInfo;
  3267. CRYPT_KEY_PROV_INFO provInfo;
  3269. // For EFS Recovery Agent
  3270. CRYPTUI_WIZ_CERT_TYPE certType;
  3271. PWSTR rgwszCertType = wszCERTTYPE_EFS_RECOVERY;
  3273. ::ZeroMemory (&certRequestInfo, sizeof (certRequestInfo));
  3274. certRequestInfo.dwSize = sizeof (certRequestInfo);
  3275. certRequestInfo.dwPurpose = CRYPTUI_WIZ_CERT_ENROLL;
  3277. // User wants to manage user account
  3278. // pass in NULL to machine name and to account name
  3279. // User wants to manage local machine account
  3280. // pass in NULL for account name and result of ::GetComputerName ()
  3281. // to machine name
  3282. // User want to manage remote machine
  3283. // pass in NULL for account name and machine name for machineName
  3284. // User wants to manage remote account on remote machine
  3285. // pass in account name for accountName and machine name for machineName
  3286. switch (m_dwLocationPersist)
  3287. {
  3288. case CERT_SYSTEM_STORE_CURRENT_SERVICE:
  3289. case CERT_SYSTEM_STORE_SERVICES:
  3290. certRequestInfo.pwszMachineName = (PCWSTR) m_szManagedComputer;
  3291. certRequestInfo.pwszAccountName = (PCWSTR) m_szManagedServicePersist;
  3292. break;
  3294. case CERT_SYSTEM_STORE_CURRENT_USER:
  3295. certRequestInfo.pwszMachineName = NULL;
  3296. certRequestInfo.pwszAccountName = NULL;
  3297. break;
  3299. case CERT_SYSTEM_STORE_LOCAL_MACHINE:
  3300. certRequestInfo.pwszMachineName = (PCWSTR) m_szManagedComputer;
  3301. certRequestInfo.pwszAccountName = NULL;
  3302. break;
  3304. case CERT_SYSTEM_STORE_CURRENT_USER_GROUP_POLICY:
  3305. case CERT_SYSTEM_STORE_LOCAL_MACHINE_GROUP_POLICY:
  3306. certRequestInfo.pwszMachineName = NULL;
  3307. certRequestInfo.pwszAccountName = NULL;
  3308. certRequestInfo.pwszDesStore = 0;
  3309. certRequestInfo.dwCertOpenStoreFlag = 0;
  3310. break;
  3312. default:
  3313. ASSERT (0);
  3314. return E_UNEXPECTED;
  3315. break;
  3316. }
  3319. if ( !pCert || bNewKey )
  3320. {
  3321. // Request a certificate with a new key
  3322. certRequestInfo.dwPvkChoice = CRYPTUI_WIZ_CERT_REQUEST_PVK_CHOICE_NEW;
  3323. ::ZeroMemory (&pvkNew, sizeof (pvkNew));
  3324. pvkNew.dwSize = sizeof (pvkNew);
  3325. certRequestInfo.pPvkNew = &pvkNew;
  3326. if ( CERT_SYSTEM_STORE_LOCAL_MACHINE == m_dwLocationPersist )
  3327. {
  3328. ::ZeroMemory (&provInfo, sizeof (provInfo));
  3330. provInfo.dwFlags = CRYPT_MACHINE_KEYSET;
  3331. pvkNew.pKeyProvInfo = &provInfo;
  3332. }
  3334. if ( pGPEStore && EFS_STORE == pGPEStore->GetStoreType () )
  3335. {
  3336. // This creates an Encryption Recovery Agent.
  3337. ::ZeroMemory (&certType, sizeof (CRYPTUI_WIZ_CERT_TYPE));
  3338. certType.dwSize = sizeof (CRYPTUI_WIZ_CERT_TYPE);
  3339. certType.cCertType = 1;
  3340. certType.rgwszCertType = &rgwszCertType;
  3343. certRequestInfo.dwCertChoice = CRYPTUI_WIZ_CERT_REQUEST_CERT_TYPE;
  3344. certRequestInfo.pCertType = &certType;
  3345. ::ZeroMemory (&provInfo, sizeof (provInfo));
  3346. provInfo.pwszProvName = MS_DEF_PROV_W;
  3347. provInfo.dwProvType = PROV_RSA_FULL;
  3349. pvkNew.pKeyProvInfo = &provInfo;
  3350. pvkNew.dwGenKeyFlags = CRYPT_EXPORTABLE;
  3351. }
  3352. }
  3353. else
  3354. {
  3355. // Request a certificate with the same key as an existing certificate
  3356. if ( IsLocalComputername (m_szManagedComputer) )
  3357. {
  3358. // Find out if the cert has a private key before continuing.
  3359. DWORD dwFlags = 0;
  3361. if ( CERT_SYSTEM_STORE_LOCAL_MACHINE == m_dwLocationPersist )
  3362. dwFlags = CRYPT_FIND_MACHINE_KEYSET_FLAG;
  3363. if ( !::CryptFindCertificateKeyProvInfo (
  3364. pCert->GetCertContext (), dwFlags, 0) )
  3365. {
  3366. CString text;
  3367. CString caption;
  3368. CThemeContextActivator activator;
  3370. VERIFY (text.LoadString (IDS_NO_PRIVATE_KEY));
  3371. VERIFY (caption.LoadString (IDS_REQUEST_CERT_SAME_KEY));
  3372. ::MessageBox (hwndParent, text, caption, MB_OK);
  3373. return hr;
  3374. }
  3375. }
  3376. certRequestInfo.dwPvkChoice = CRYPTUI_WIZ_CERT_REQUEST_PVK_CHOICE_CERT;
  3377. ::ZeroMemory (&pvkCert, sizeof (pvkCert));
  3378. pvkCert.dwSize = sizeof (pvkCert);
  3379. pvkCert.pCertContext = pCert->GetCertContext ();
  3380. certRequestInfo.pPvkCert = &pvkCert;
  3381. }
  3383. certRequestInfo.pwszCertDNName = NULL;
  3385. // Now that all the preliminaries are out of they way and the data is
  3386. // all set up, call the enrollment wizard.
  3387. DWORD status = 0;
  3388. PCCERT_CONTEXT pNewCertContext = 0;
  3389. BOOL bResult = FALSE;
  3390. CThemeContextActivator activator;
  3392. while (1)
  3393. {
  3394. bResult = ::CryptUIWizCertRequest (
  3395. bNewKey ? CRYPTUI_WIZ_CERT_REQUEST_REQUIRE_NEW_KEY : 0,
  3396. hwndParent, NULL,
  3397. &certRequestInfo, &pNewCertContext, &status);
  3398. DWORD dwErr = GetLastError ();
  3399. if ( !bResult && HRESULT_FROM_WIN32 (NTE_TOKEN_KEYSET_STORAGE_FULL) == dwErr )
  3400. {
  3401. // NTRAID# 299089 Enrollment Wizard: Should return some
  3402. // meaningful message when users fail to enroll/renew on a
  3403. // smart card
  3404. if ( !bNewKey )
  3405. break;
  3407. CString text;
  3408. CString caption;
  3409. int iRetVal = 0;
  3411. VERIFY (text.LoadString (IDS_SMARTCARD_FULL_REUSE_PRIVATE_KEY));
  3412. VERIFY (caption.LoadString (IDS_CERTIFICATE_MANAGER));
  3413. hr = m_pConsole->MessageBox (text, caption,
  3414. MB_YESNO, &iRetVal);
  3415. ASSERT (SUCCEEDED (hr));
  3416. if ( IDYES == iRetVal )
  3417. {
  3418. bNewKey = false;
  3419. }
  3420. else
  3421. break;
  3422. }
  3423. else
  3424. break;
  3425. }
  3427. if ( bResult && (CRYPTUI_WIZ_CERT_REQUEST_STATUS_SUCCEEDED == status) && pNewCertContext )
  3428. {
  3429. if ( bEFSPolicyTurnedOn )
  3430. hr = m_pConsole->UpdateAllViews (pDataObject, 0, HINT_EFS_ADD_DEL_POLICY);
  3432. ASSERT (!(pStore && pGPEStore)); // these can't both be true
  3433. if ( pStore )
  3434. {
  3435. pStore->IncrementCertCount ();
  3436. pStore->SetDirty ();
  3437. pStore->Resync ();
  3439. }
  3440. else if ( pGPEStore )
  3441. {
  3442. pGPEStore->InvalidateCertCount ();
  3443. pGPEStore->SetDirty ();
  3444. pGPEStore->Resync ();
  3447. if ( EFS_STORE == pGPEStore->GetStoreType () )
  3448. {
  3449. hr = CompleteEFSRecoveryAgent (pGPEStore, pNewCertContext);
  3450. }
  3451. }
  3452. else if ( pCert && pCert->GetCertStore ())
  3453. {
  3454. pCert->GetCertStore ()->Resync ();
  3455. }
  3457. if ( !m_pGPEInformation ) // If we are not extending the GPE/SCE
  3458. {
  3459. if ( bParentIsStoreOrContainer )
  3460. {
  3461. ASSERT (hScopeItem);
  3462. ASSERT (pStore);
  3463. hr = CreateContainers (hScopeItem, *pStore);
  3464. if ( CERTMGR_CERT_CONTAINER == pParentCookie->m_objecttype )
  3465. {
  3466. // Add certificate to result pane
  3467. RESULTDATAITEM rdItem;
  3468. CCookie& rootCookie = QueryBaseRootCookie ();
  3470. ::ZeroMemory (&rdItem, sizeof (rdItem));
  3471. rdItem.mask = RDI_STR | RDI_IMAGE | RDI_PARAM | RDI_STATE;
  3472. rdItem.nImage = iIconCertificate;
  3473. rdItem.nCol = 0;
  3474. rdItem.nState = LVIS_SELECTED | LVIS_FOCUSED;
  3475. rdItem.str = MMC_TEXTCALLBACK;
  3477. PCCERT_CONTEXT pFoundCertContext =
  3478. pStore->FindCertificate (0, CERT_FIND_EXISTING,
  3479. (void*) pNewCertContext, NULL);
  3480. if ( pFoundCertContext )
  3481. {
  3482. pCert = new CCertificate (pFoundCertContext, pStore);
  3483. if ( pCert )
  3484. {
  3485. rootCookie.m_listResultCookieBlocks.AddHead (pCert);
  3486. rdItem.lParam = (LPARAM) pCert;
  3487. pCert->m_resultDataID = m_pResultData;
  3488. hr = m_pResultData->InsertItem (&rdItem);
  3489. if ( FAILED (hr) )
  3490. {
  3491. _TRACE (0, L"IResultData::InsertItem () failed: 0x%x\n", hr);
  3492. }
  3493. else
  3494. {
  3495. hr = DisplayCertificateCountByStore (
  3496. m_pComponentConsole, pStore, false);
  3497. }
  3498. }
  3499. else
  3500. hr = E_OUTOFMEMORY;
  3502. ::CertFreeCertificateContext (pFoundCertContext);
  3503. }
  3504. else
  3505. {
  3506. hr = HRESULT_FROM_WIN32 (GetLastError ());
  3507. }
  3509. ASSERT (SUCCEEDED (hr));
  3510. }
  3511. hr = DisplayCertificateCountByStore (m_pComponentConsole, pStore);
  3512. }
  3513. else
  3514. {
  3515. hr = m_pConsole->UpdateAllViews (pDataObject, 0,
  3516. HINT_CERT_ENROLLED_USAGE_MODE);
  3517. ASSERT (SUCCEEDED (hr));
  3518. }
  3519. }
  3520. else
  3521. {
  3522. hr = m_pConsole->UpdateAllViews (pDataObject, 0, 0);
  3523. ASSERT (SUCCEEDED (hr));
  3524. hr = DisplayCertificateCountByStore (m_pComponentConsole, pGPEStore, true);
  3525. }
  3526. ::CertFreeCertificateContext (pNewCertContext);
  3527. }
  3528. else if ( bEFSPolicyTurnedOn )
  3529. {
  3530. // If we allowed policy creation just for this enrollment, but
  3531. // nothing was enrolled, go ahead and delete the policy.
  3532. hr = OnDeleteEFSPolicy (pDataObject, false);
  3533. }
  3534. }
  3535. else
  3536. hr = E_POINTER;
  3538. _TRACE (-1, L"Leaving CCertMgrComponentData::OnEnroll: 0x%x\n", hr);
  3539. return hr;
  3540. }
  3543. HRESULT RenewCertificate (
  3544. CCertificate* pCert,
  3545. bool bNewKey,
  3546. const CString& machineName,
  3547. DWORD dwLocation,
  3548. const CString& managedComputer,
  3549. const CString& managedService,
  3550. HWND hwndParent,
  3551. LPCONSOLE pConsole,
  3552. LPDATAOBJECT pDataObject)
  3553. {
  3554. HRESULT hr = S_OK;
  3556. if ( pCert )
  3557. {
  3558. CRYPTUI_WIZ_CERT_REQUEST_PVK_CERT pvkCert;
  3559. CRYPTUI_WIZ_CERT_REQUEST_PVK_NEW pvkNew;
  3560. CRYPTUI_WIZ_CERT_REQUEST_INFO certRequestInfo;
  3561. CRYPT_KEY_PROV_INFO provInfo;
  3564. ::ZeroMemory (&certRequestInfo, sizeof (certRequestInfo));
  3565. certRequestInfo.dwSize = sizeof (certRequestInfo);
  3566. certRequestInfo.dwPurpose = CRYPTUI_WIZ_CERT_RENEW;
  3567. // User wants to manage user account
  3568. // pass in NULL to machine name and to account name
  3569. // User wants to manage local machine account
  3570. // pass in NULL for account name and result of ::GetComputerName ()
  3571. // to machine name
  3572. // User want to manage remote machine
  3573. // pass in NULL for account name and machine name for machineName
  3574. // User wants to manage remote account on remote machine
  3575. // pass in account name for accountName and machine name for machineName
  3576. // TODO: Ensure that this is NULL if the local machine
  3577. BOOL bIsLocalMachine = IsLocalComputername (machineName);
  3578. switch (dwLocation)
  3579. {
  3580. case CERT_SYSTEM_STORE_CURRENT_SERVICE:
  3581. case CERT_SYSTEM_STORE_SERVICES:
  3582. certRequestInfo.pwszMachineName = (PCWSTR) managedComputer;
  3583. certRequestInfo.pwszAccountName = (PCWSTR) managedService;
  3584. break;
  3586. case CERT_SYSTEM_STORE_CURRENT_USER:
  3587. certRequestInfo.pwszMachineName = NULL;
  3588. certRequestInfo.pwszAccountName = NULL;
  3589. break;
  3591. case CERT_SYSTEM_STORE_LOCAL_MACHINE:
  3592. certRequestInfo.pwszMachineName = (PCWSTR) managedComputer;
  3593. certRequestInfo.pwszAccountName = NULL;
  3594. break;
  3596. default:
  3597. ASSERT (0);
  3598. return E_UNEXPECTED;
  3599. break;
  3600. }
  3601. certRequestInfo.pRenewCertContext = pCert->GetCertContext ();
  3602. if ( bNewKey )
  3603. {
  3604. certRequestInfo.dwPvkChoice = CRYPTUI_WIZ_CERT_REQUEST_PVK_CHOICE_NEW;
  3605. ::ZeroMemory (&pvkNew, sizeof (pvkNew));
  3606. pvkNew.dwSize = sizeof (pvkNew);
  3607. if ( CERT_SYSTEM_STORE_LOCAL_MACHINE == dwLocation )
  3608. {
  3609. ::ZeroMemory (&provInfo, sizeof (provInfo));
  3610. provInfo.dwFlags = CRYPT_MACHINE_KEYSET;
  3611. pvkNew.pKeyProvInfo = &provInfo;
  3612. }
  3613. certRequestInfo.pPvkNew = &pvkNew;
  3614. }
  3615. else
  3616. {
  3617. if ( bIsLocalMachine )
  3618. {
  3619. DWORD dwFlags = 0;
  3621. if ( CERT_SYSTEM_STORE_LOCAL_MACHINE == dwLocation )
  3622. dwFlags = CRYPT_FIND_MACHINE_KEYSET_FLAG;
  3623. if ( !::CryptFindCertificateKeyProvInfo (
  3624. pCert->GetCertContext (), dwFlags, 0) )
  3625. {
  3626. CString text;
  3627. CString caption;
  3628. CThemeContextActivator activator;
  3630. VERIFY (text.LoadString (IDS_NO_PRIVATE_KEY));
  3631. VERIFY (caption.LoadString (IDS_RENEW_CERT_SAME_KEY));
  3632. ::MessageBox (hwndParent, text, caption, MB_OK);
  3633. return hr;
  3634. }
  3635. }
  3637. certRequestInfo.dwPvkChoice = CRYPTUI_WIZ_CERT_REQUEST_PVK_CHOICE_CERT;
  3638. ::ZeroMemory (&pvkCert, sizeof (pvkCert));
  3639. pvkCert.dwSize = sizeof (pvkCert);
  3640. pvkCert.pCertContext = pCert->GetCertContext ();
  3641. certRequestInfo.pPvkCert = &pvkCert;
  3642. }
  3645. DWORD status = 0;
  3646. PCCERT_CONTEXT pNewCertContext = 0;
  3647. BOOL bResult = FALSE;
  3648. CThemeContextActivator activator;
  3650. while (1)
  3651. {
  3652. bResult = ::CryptUIWizCertRequest (
  3653. bNewKey ? CRYPTUI_WIZ_CERT_REQUEST_REQUIRE_NEW_KEY : 0,
  3654. hwndParent, NULL,
  3655. &certRequestInfo, &pNewCertContext, &status);
  3656. if ( !bResult && HRESULT_FROM_WIN32 (NTE_TOKEN_KEYSET_STORAGE_FULL) == GetLastError () )
  3657. {
  3658. // NTRAID# 299089 Enrollment Wizard: Should return some
  3659. // meaningful message when users fail to enroll/renew on a
  3660. // smart card
  3661. if ( !bNewKey )
  3662. break;
  3664. CString text;
  3665. CString caption;
  3666. int iRetVal = 0;
  3668. VERIFY (text.LoadString (IDS_SMARTCARD_FULL_REUSE_PRIVATE_KEY));
  3669. VERIFY (caption.LoadString (IDS_CERTIFICATE_MANAGER));
  3670. if ( pConsole )
  3671. {
  3672. hr = pConsole->MessageBox (text, caption, MB_YESNO, &iRetVal);
  3673. ASSERT (SUCCEEDED (hr));
  3674. }
  3675. else
  3676. {
  3677. CThemeContextActivator activator;
  3678. iRetVal = ::MessageBox (hwndParent, text, caption, MB_OK);
  3679. }
  3680. if ( IDYES == iRetVal )
  3681. {
  3682. bNewKey = false;
  3683. }
  3684. else
  3685. break;
  3686. }
  3687. else
  3688. break;
  3689. }
  3691. if ( bResult && (CRYPTUI_WIZ_CERT_REQUEST_STATUS_SUCCEEDED == status) && pNewCertContext )
  3692. {
  3693. CCertStore* pStore = pCert->GetCertStore ();
  3694. if ( pStore )
  3695. {
  3696. pStore->SetDirty ();
  3697. pStore->Resync ();
  3698. if ( pConsole )
  3699. hr = pConsole->UpdateAllViews (pDataObject, 0, 0);
  3700. }
  3702. CertFreeCertificateContext (pNewCertContext);
  3703. ASSERT (SUCCEEDED (hr));
  3704. }
  3705. }
  3706. else
  3707. hr = E_POINTER;
  3709. return hr;
  3710. }
  3712. HRESULT CCertMgrComponentData::OnRenew (LPDATAOBJECT pDataObject, bool bNewKey)
  3713. {
  3714. _TRACE (1, L"Entering CCertMgrComponentData::OnRenew\n");
  3715. AFX_MANAGE_STATE (AfxGetStaticModuleState ());
  3716. HRESULT hr = S_OK;
  3717. HWND hwndParent = 0;
  3718. VERIFY (SUCCEEDED (m_pConsole->GetMainWindow (&hwndParent)));
  3719. CCertMgrCookie* pParentCookie = ConvertCookie (pDataObject);
  3720. if ( pParentCookie && CERTMGR_CERTIFICATE == pParentCookie->m_objecttype )
  3721. {
  3722. CCertificate* pCert = reinterpret_cast <CCertificate*> (pParentCookie);
  3723. ASSERT (pCert);
  3724. if ( pCert )
  3725. {
  3726. hr = RenewCertificate (pCert, bNewKey, m_strMachineNamePersist,
  3727. m_dwLocationPersist, m_szManagedComputer,
  3728. m_szManagedServicePersist, hwndParent, m_pConsole, pDataObject);
  3729. }
  3730. }
  3731. else
  3732. hr = E_POINTER;
  3734. _TRACE (-1, L"Leaving CCertMgrComponentData::OnRenew: 0x%x\n", hr);
  3735. return hr;
  3736. }
  3739. CCertMgrCookie* CCertMgrComponentData::ConvertCookie (LPDATAOBJECT pDataObject)
  3740. {
  3741. CCertMgrCookie* pParentCookie = 0;
  3742. CCookie* pBaseParentCookie = 0;
  3743. HRESULT hr = ExtractData (pDataObject,
  3744. CCertMgrDataObject::m_CFRawCookie,
  3745. &pBaseParentCookie,
  3746. sizeof (pBaseParentCookie) );
  3747. if ( SUCCEEDED (hr) )
  3748. {
  3749. pParentCookie = ActiveCookie (pBaseParentCookie);
  3750. ASSERT (pParentCookie);
  3751. }
  3752. return pParentCookie;
  3753. }
  3756. HRESULT CCertMgrComponentData::OnImport (LPDATAOBJECT pDataObject)
  3757. {
  3758. _TRACE (1, L"Entering CCertMgrComponentData::OnImport\n");
  3759. AFX_MANAGE_STATE (AfxGetStaticModuleState ());
  3760. HRESULT hr = S_OK;
  3761. ASSERT (m_szFileName.IsEmpty ());
  3762. if ( !m_szFileName.IsEmpty () )
  3763. return E_UNEXPECTED;
  3764. ASSERT (pDataObject);
  3765. if ( !pDataObject )
  3766. return E_POINTER;
  3769. DWORD dwFlags = 0;
  3771. if ( CERT_SYSTEM_STORE_CURRENT_USER == m_dwLocationPersist )
  3772. {
  3773. // We're managing the user's certificate store
  3774. dwFlags |= CRYPTUI_WIZ_IMPORT_TO_CURRENTUSER;
  3775. }
  3776. else
  3777. {
  3778. // We're managing certificates on a machine
  3779. dwFlags |= CRYPTUI_WIZ_IMPORT_TO_LOCALMACHINE;
  3781. if ( !IsLocalComputername (m_szManagedComputer) )
  3782. {
  3783. // We're managing certificates on a remote machine
  3784. dwFlags |= CRYPTUI_WIZ_IMPORT_REMOTE_DEST_STORE;
  3785. }
  3786. }
  3788. HCERTSTORE hDestStore = 0;
  3789. CCertStore* pDestStore = 0;
  3790. HSCOPEITEM hScopeItem = 0;
  3791. int nOriginalCertCount = 0;
  3793. CCertMgrCookie* pParentCookie = ConvertCookie (pDataObject);
  3794. if ( pParentCookie )
  3795. {
  3796. hScopeItem = pParentCookie->m_hScopeItem;
  3797. switch (pParentCookie->m_objecttype)
  3798. {
  3799. case CERTMGR_PKP_AUTOENROLLMENT_COMPUTER_SETTINGS:
  3800. case CERTMGR_PKP_AUTOENROLLMENT_USER_SETTINGS:
  3801. ASSERT (0);
  3802. break;
  3804. case CERTMGR_LOG_STORE_RSOP:
  3805. ASSERT (0);
  3806. return E_FAIL;
  3807. break;
  3809. case CERTMGR_LOG_STORE_GPE:
  3810. {
  3811. dwFlags |= CRYPTUI_WIZ_IMPORT_NO_CHANGE_DEST_STORE;
  3812. pDestStore = reinterpret_cast <CCertStore*> (pParentCookie);
  3813. ASSERT (pDestStore);
  3814. if ( pDestStore )
  3815. {
  3816. nOriginalCertCount = pDestStore->GetCertCount ();
  3817. hDestStore = pDestStore->GetStoreHandle ();
  3819. switch (pDestStore->GetStoreType ())
  3820. {
  3821. case ACRS_STORE:
  3822. break;
  3824. case TRUST_STORE:
  3825. dwFlags |= CRYPTUI_WIZ_IMPORT_ALLOW_CTL;
  3826. break;
  3828. case ROOT_STORE:
  3829. dwFlags |= CRYPTUI_WIZ_IMPORT_ALLOW_CERT;
  3830. break;
  3832. case EFS_STORE:
  3833. break;
  3835. default:
  3836. ASSERT (0);
  3837. break;
  3838. }
  3839. }
  3840. else
  3841. hr = E_UNEXPECTED;
  3842. }
  3843. break;
  3845. case CERTMGR_LOG_STORE:
  3846. case CERTMGR_PHYS_STORE:
  3847. {
  3848. pDestStore = reinterpret_cast <CCertStore*> (pParentCookie);
  3849. ASSERT (pDestStore);
  3850. if ( pDestStore )
  3851. {
  3852. nOriginalCertCount = pDestStore->GetCertCount ();
  3853. hDestStore = pDestStore->GetStoreHandle ();
  3854. }
  3855. else
  3856. hr = E_UNEXPECTED;
  3857. }
  3858. break;
  3860. case CERTMGR_CERT_CONTAINER:
  3861. case CERTMGR_CTL_CONTAINER:
  3862. {
  3863. CContainerCookie* pContainer = reinterpret_cast <CContainerCookie*> (pParentCookie);
  3864. ASSERT (pContainer);
  3865. if ( pContainer )
  3866. {
  3867. MMC_COOKIE lCookie = 0;
  3868. hr = m_pConsoleNameSpace->GetParentItem (
  3869. pContainer->m_hScopeItem, &hScopeItem, &lCookie);
  3870. ASSERT (SUCCEEDED (hr));
  3871. pDestStore = &pContainer->GetCertStore ();
  3872. nOriginalCertCount = pDestStore->GetCertCount ();
  3873. hDestStore = pDestStore->GetStoreHandle ();
  3874. }
  3875. else
  3876. hr = E_UNEXPECTED;
  3877. }
  3878. break;
  3880. case CERTMGR_USAGE:
  3881. pDestStore = 0;
  3882. hDestStore = 0;
  3883. break;
  3885. default:
  3886. ASSERT (0);
  3887. hr = E_UNEXPECTED;
  3888. }
  3889. }
  3890. else
  3891. hr = E_UNEXPECTED;
  3894. if ( SUCCEEDED (hr) )
  3895. {
  3896. HWND hwndParent = 0;
  3897. hr = m_pConsole->GetMainWindow (&hwndParent);
  3898. ASSERT (SUCCEEDED (hr));
  3900. // Now that all the data is set up and everything is in readiness,
  3901. // call the Import Wizard
  3902. CThemeContextActivator activator;
  3903. BOOL bResult = ::CryptUIWizImport (dwFlags, hwndParent, 0, NULL, hDestStore);
  3904. if ( bResult )
  3905. {
  3906. bool bWizardCancelled = false;
  3907. CCertStore* pStore = 0;
  3909. switch (pParentCookie->m_objecttype)
  3910. {
  3911. case CERTMGR_LOG_STORE_RSOP:
  3912. ASSERT (0);
  3913. return E_FAIL;
  3914. break;
  3916. case CERTMGR_LOG_STORE_GPE:
  3917. case CERTMGR_LOG_STORE:
  3918. case CERTMGR_PHYS_STORE:
  3919. {
  3920. pStore = reinterpret_cast <CCertStore*> (pParentCookie);
  3921. ASSERT (pStore);
  3922. if ( pStore )
  3923. {
  3924. pStore->InvalidateCertCount ();
  3925. if ( pStore->GetCertCount () != nOriginalCertCount )
  3926. {
  3927. pStore->SetDirty ();
  3928. hr = pStore->Commit ();
  3929. }
  3930. else
  3931. bWizardCancelled = true;
  3932. }
  3933. else
  3934. hr = E_UNEXPECTED;
  3935. }
  3936. break;
  3938. case CERTMGR_CERT_CONTAINER:
  3939. case CERTMGR_CTL_CONTAINER:
  3940. {
  3941. CContainerCookie* pContainer = reinterpret_cast <CContainerCookie*> (pParentCookie);
  3942. ASSERT (pContainer);
  3943. if ( pContainer )
  3944. {
  3945. pStore = &pContainer->GetCertStore ();
  3947. pStore->InvalidateCertCount ();
  3948. if ( pStore->GetCertCount () != nOriginalCertCount )
  3949. {
  3950. pStore->SetDirty ();
  3951. hr = pStore->Commit ();
  3952. }
  3953. else
  3954. bWizardCancelled = true;
  3955. }
  3956. else
  3957. hr = E_UNEXPECTED;
  3958. }
  3959. break;
  3961. case CERTMGR_USAGE:
  3962. break;
  3964. default:
  3965. ASSERT (0);
  3966. hr = E_UNEXPECTED;
  3967. }
  3969. if ( !bWizardCancelled )
  3970. {
  3971. if ( pStore )
  3972. {
  3973. if ( SUCCEEDED (hr) )
  3974. pStore->Resync ();
  3975. }
  3977. if ( CERTMGR_LOG_STORE == pParentCookie->m_objecttype ||
  3978. (CERTMGR_LOG_STORE == pParentCookie->m_objecttype && !m_bShowPhysicalStoresPersist) )
  3979. {
  3980. if ( pStore )
  3981. hr = CreateContainers (hScopeItem, *pStore);
  3982. }
  3984. hr = m_pConsole->UpdateAllViews (pDataObject, 0, HINT_IMPORT);
  3985. ASSERT (SUCCEEDED (hr));
  3986. }
  3987. }
  3988. if ( pDestStore )
  3989. pDestStore->Close ();
  3990. }
  3991. _TRACE (-1, L"Leaving CCertMgrComponentData::OnImport: 0x%x\n", hr);
  3992. return hr;
  3993. }
  3995. HRESULT CCertMgrComponentData::OnExport (LPDATAOBJECT pDataObject)
  3996. {
  3997. _TRACE (1, L"Entering CCertMgrComponentData::OnExport\n");
  3998. AFX_MANAGE_STATE (AfxGetStaticModuleState ());
  3999. HRESULT hr = S_OK;
  4001. LPDATAOBJECT pMSDO = ExtractMultiSelect (pDataObject);
  4002. m_bMultipleObjectsSelected = false;
  4004. if ( pMSDO )
  4005. {
  4006. // Iterate through list of selected objects -
  4007. // Add them to a memory store
  4008. // Export to PFX file through wizard with new
  4009. // "export from store - certs only" flag
  4010. m_bMultipleObjectsSelected = true;
  4011. HCERTSTORE hCertStore = ::CertOpenStore (CERT_STORE_PROV_MEMORY,
  4012. 0, NULL, 0, NULL);
  4013. ASSERT (hCertStore);
  4014. if ( hCertStore )
  4015. {
  4016. CCertMgrCookie* pCookie = 0;
  4017. CCertMgrDataObject* pDO = reinterpret_cast <CCertMgrDataObject*>(pMSDO);
  4018. ASSERT (pDO);
  4019. if ( pDO )
  4020. {
  4021. BOOL bResult = FALSE;
  4022. pDO->Reset();
  4023. while (pDO->Next(1, reinterpret_cast<MMC_COOKIE*>(&pCookie), NULL) != S_FALSE)
  4024. {
  4025. ASSERT (CERTMGR_CERTIFICATE == pCookie->m_objecttype);
  4026. if ( CERTMGR_CERTIFICATE == pCookie->m_objecttype )
  4027. {
  4028. CCertificate* pCert = reinterpret_cast <CCertificate*> (pCookie);
  4029. ASSERT (pCert);
  4030. if ( pCert )
  4031. {
  4032. bResult = ::CertAddCertificateContextToStore (
  4033. hCertStore,
  4034. ::CertDuplicateCertificateContext (pCert->GetCertContext ()),
  4035. CERT_STORE_ADD_NEW, 0);
  4036. ASSERT (bResult);
  4037. if ( !bResult )
  4038. break;
  4039. }
  4040. }
  4041. }
  4043. // Call Export Wizard
  4044. CRYPTUI_WIZ_EXPORT_INFO cwi;
  4045. ::ZeroMemory (&cwi, sizeof (cwi));
  4046. cwi.dwSize = sizeof (cwi);
  4047. cwi.dwSubjectChoice = CRYPTUI_WIZ_EXPORT_CERT_STORE_CERTIFICATES_ONLY;
  4048. cwi.hCertStore = hCertStore;
  4050. HWND hwndParent = 0;
  4051. hr = m_pConsole->GetMainWindow (&hwndParent);
  4052. ASSERT (SUCCEEDED (hr));
  4053. CThemeContextActivator activator;
  4054. bResult = ::CryptUIWizExport (
  4055. 0,
  4056. hwndParent,
  4057. 0,
  4058. &cwi,
  4059. NULL);
  4061. VERIFY (::CertCloseStore (hCertStore, CERT_CLOSE_STORE_CHECK_FLAG));
  4062. }
  4063. else
  4064. hr = E_FAIL;
  4066. return hr;
  4067. }
  4068. else
  4069. {
  4071. _TRACE (0, L"CertOpenStore (%s) failed: 0x%x\n",
  4072. CERT_STORE_PROV_MEMORY, GetLastError ());
  4073. }
  4074. }
  4077. CRYPTUI_WIZ_EXPORT_INFO cwi;
  4078. CCertificate* pCert = 0;
  4079. CCRL* pCRL = 0;
  4080. CCTL* pCTL = 0;
  4081. CCertStore* pCertStore = 0;
  4082. CCertMgrCookie* pCookie = ConvertCookie (pDataObject);
  4083. ASSERT (pCookie);
  4084. if ( !pCookie )
  4085. return E_UNEXPECTED;
  4087. ::ZeroMemory (&cwi, sizeof (cwi));
  4088. cwi.dwSize = sizeof (cwi);
  4089. switch (pCookie->m_objecttype)
  4090. {
  4091. case CERTMGR_CERTIFICATE:
  4092. cwi.dwSubjectChoice = CRYPTUI_WIZ_EXPORT_CERT_CONTEXT;
  4093. pCert = reinterpret_cast <CCertificate*> (pCookie);
  4094. ASSERT (pCert);
  4095. if ( pCert )
  4096. cwi.pCertContext = pCert->GetCertContext ();
  4097. else
  4098. return E_UNEXPECTED;
  4099. break;
  4101. case CERTMGR_CRL:
  4102. cwi.dwSubjectChoice = CRYPTUI_WIZ_EXPORT_CRL_CONTEXT;
  4103. pCRL = reinterpret_cast <CCRL*> (pCookie);
  4104. ASSERT (pCRL);
  4105. if ( pCRL )
  4106. cwi.pCRLContext = pCRL->GetCRLContext ();
  4107. else
  4108. return E_UNEXPECTED;
  4109. break;
  4111. case CERTMGR_CTL:
  4112. cwi.dwSubjectChoice = CRYPTUI_WIZ_EXPORT_CTL_CONTEXT;
  4113. pCTL = reinterpret_cast <CCTL*> (pCookie);
  4114. ASSERT (pCTL);
  4115. if ( pCTL )
  4116. cwi.pCTLContext = pCTL->GetCTLContext ();
  4117. else
  4118. return E_UNEXPECTED;
  4119. break;
  4121. case CERTMGR_LOG_STORE:
  4122. case CERTMGR_PHYS_STORE:
  4123. cwi.dwSubjectChoice = CRYPTUI_WIZ_EXPORT_CERT_STORE;
  4124. pCertStore = reinterpret_cast <CCertStore*> (pCookie);
  4125. ASSERT (pCertStore);
  4126. if ( pCertStore )
  4127. cwi.hCertStore = pCertStore->GetStoreHandle ();
  4128. else
  4129. return E_UNEXPECTED;
  4130. break;
  4132. default:
  4133. ASSERT (0);
  4134. return E_UNEXPECTED;
  4135. }
  4137. HWND hwndParent = 0;
  4138. hr = m_pConsole->GetMainWindow (&hwndParent);
  4139. ASSERT (SUCCEEDED (hr));
  4140. CThemeContextActivator activator;
  4141. ::CryptUIWizExport (
  4142. 0,
  4143. hwndParent,
  4144. 0,
  4145. &cwi,
  4146. NULL);
  4148. if ( pCertStore )
  4149. pCertStore->Close ();
  4150. _TRACE (-1, L"Leaving CCertMgrComponentData::OnExport: 0x%x\n", hr);
  4151. return hr;
  4152. }
  4155. HRESULT CCertMgrComponentData::OnNewCTL (LPDATAOBJECT pDataObject)
  4156. {
  4157. _TRACE (1, L"Entering CCertMgrComponentData::OnNewCTL\n");
  4158. AFX_MANAGE_STATE (AfxGetStaticModuleState ());
  4159. ASSERT (pDataObject);
  4160. if ( !pDataObject )
  4161. return E_POINTER;
  4162. HRESULT hr = S_OK;
  4163. CCertMgrCookie* pCookie = ConvertCookie (pDataObject);
  4164. ASSERT (pCookie);
  4165. if ( !pCookie )
  4166. return E_UNEXPECTED;
  4168. CCertStore* pStore = 0;
  4169. CContainerCookie* pCont = 0;
  4171. switch ( pCookie->m_objecttype )
  4172. {
  4173. case CERTMGR_CTL_CONTAINER:
  4174. {
  4175. pCont = reinterpret_cast <CContainerCookie*> (pCookie);
  4176. ASSERT (pCont);
  4177. if ( pCont )
  4178. {
  4179. pStore = &(pCont->GetCertStore ());
  4180. }
  4181. else
  4182. return E_UNEXPECTED;
  4183. }
  4184. break;
  4186. case CERTMGR_LOG_STORE_RSOP:
  4187. ASSERT (0);
  4188. return E_UNEXPECTED;
  4189. break;
  4191. case CERTMGR_LOG_STORE:
  4192. case CERTMGR_LOG_STORE_GPE:
  4193. case CERTMGR_PHYS_STORE:
  4194. {
  4195. pStore = reinterpret_cast <CCertStore*> (pCookie);
  4196. ASSERT (pStore);
  4197. if ( !pStore )
  4198. return E_UNEXPECTED;
  4199. }
  4200. break;
  4202. default:
  4203. ASSERT (0);
  4204. return E_UNEXPECTED;
  4205. }
  4207. ASSERT (pStore);
  4208. if ( !pStore )
  4209. return E_UNEXPECTED;
  4211. pStore->Lock ();
  4213. CRYPTUI_WIZ_BUILDCTL_DEST_INFO destInfo;
  4215. ::ZeroMemory (&destInfo, sizeof (destInfo));
  4216. destInfo.dwSize = sizeof (destInfo);
  4217. destInfo.dwDestinationChoice = CRYPTUI_WIZ_BUILDCTL_DEST_CERT_STORE;
  4218. destInfo.hCertStore = pStore->GetStoreHandle ();
  4219. ASSERT (destInfo.hCertStore);
  4220. if ( !destInfo.hCertStore )
  4221. return E_UNEXPECTED;
  4223. HWND hwndParent = 0;
  4224. hr = m_pConsole->GetMainWindow (&hwndParent);
  4225. ASSERT (SUCCEEDED (hr));
  4226. PCCTL_CONTEXT pCTLContext = 0;
  4227. CThemeContextActivator activator;
  4228. BOOL bResult = ::CryptUIWizBuildCTL (
  4229. CRYPTUI_WIZ_BUILDCTL_SKIP_DESTINATION,
  4230. hwndParent,
  4231. 0,
  4232. NULL,
  4233. &destInfo,
  4234. &pCTLContext);
  4235. if ( bResult )
  4236. {
  4237. // If pCTLContext, then the wizard completed
  4238. if ( pCTLContext )
  4239. {
  4240. pStore->SetDirty ();
  4241. pStore->Commit ();
  4242. hr = m_pConsole->UpdateAllViews (pDataObject, 0, 0);
  4243. ASSERT (SUCCEEDED (hr));
  4244. ::CertFreeCTLContext (pCTLContext);
  4245. }
  4246. }
  4248. pStore->Unlock ();
  4249. pStore->Close ();
  4250. _TRACE (-1, L"Leaving CCertMgrComponentData::OnNewCTL: 0x%x\n", hr);
  4251. return hr;
  4252. }
  4254. HRESULT CCertMgrComponentData::OnACRSEdit (LPDATAOBJECT pDataObject)
  4255. {
  4256. _TRACE (1, L"Entering CCertMgrComponentData::OnACRSEdit\n");
  4257. AFX_MANAGE_STATE (AfxGetStaticModuleState ());
  4258. HRESULT hr = S_OK;
  4259. CCertMgrCookie* pCookie = ConvertCookie (pDataObject);
  4260. ASSERT (pCookie);
  4261. if ( !pCookie )
  4262. return E_UNEXPECTED;
  4264. switch ( pCookie->m_objecttype )
  4265. {
  4266. case CERTMGR_AUTO_CERT_REQUEST:
  4267. {
  4268. CAutoCertRequest* pACR = reinterpret_cast <CAutoCertRequest*> (pCookie);
  4269. ASSERT (pACR);
  4270. if ( pACR )
  4271. {
  4272. CCertStore& rStore = pACR->GetCertStore ();
  4273. CCertStoreGPE* pStore = reinterpret_cast <CCertStoreGPE*> (&rStore);
  4274. ASSERT (pStore);
  4275. if ( pStore )
  4276. {
  4277. HWND hwndConsole = 0;
  4278. hr = m_pConsole->GetMainWindow (&hwndConsole);
  4279. ASSERT (SUCCEEDED (hr));
  4280. if ( SUCCEEDED (hr) )
  4281. {
  4282. ACRSWizardPropertySheet sheet (pStore, pACR);
  4284. ACRSWizardWelcomePage welcomePage;
  4285. ACRSWizardTypePage typePage;
  4286. ACRSCompletionPage completionPage;
  4288. sheet.AddPage (&welcomePage);
  4289. sheet.AddPage (&typePage);
  4290. sheet.AddPage (&completionPage);
  4292. if ( sheet.DoWizard (hwndConsole) )
  4293. {
  4294. pStore->SetDirty ();
  4295. hr = DeleteCTLFromResultPane (pACR, pDataObject);
  4296. hr = m_pConsole->UpdateAllViews (pDataObject, 0, 0);
  4297. ASSERT (SUCCEEDED (hr));
  4298. }
  4299. }
  4300. }
  4301. else
  4302. hr = E_UNEXPECTED;
  4303. }
  4304. else
  4305. return E_UNEXPECTED;
  4306. }
  4307. break;
  4309. default:
  4310. ASSERT (0);
  4311. return E_UNEXPECTED;
  4312. }
  4314. _TRACE (-1, L"Leaving CCertMgrComponentData::OnACRSEdit: 0x%x\n", hr);
  4315. return hr;
  4316. }
  4318. HRESULT CCertMgrComponentData::OnCTLEdit (LPDATAOBJECT pDataObject)
  4319. {
  4320. _TRACE (1, L"Entering CCertMgrComponentData::OnCTLEdit\n");
  4321. AFX_MANAGE_STATE (AfxGetStaticModuleState ());
  4322. ASSERT (pDataObject);
  4323. if ( !pDataObject )
  4324. return E_POINTER;
  4325. HRESULT hr = S_OK;
  4326. CCertMgrCookie* pCookie = ConvertCookie (pDataObject);
  4327. ASSERT (pCookie);
  4328. if ( !pCookie )
  4329. return E_UNEXPECTED;
  4331. switch ( pCookie->m_objecttype )
  4332. {
  4333. case CERTMGR_CTL:
  4334. {
  4335. CCTL* pCTL = reinterpret_cast <CCTL*> (pCookie);
  4336. ASSERT (pCTL);
  4337. if ( pCTL )
  4338. {
  4339. CCertStore& rStore = pCTL->GetCertStore ();
  4340. CRYPTUI_WIZ_BUILDCTL_SRC_INFO srcInfo;
  4342. ::ZeroMemory (&srcInfo, sizeof (srcInfo));
  4343. srcInfo.dwSize = sizeof (srcInfo);
  4344. srcInfo.pCTLContext = pCTL->GetCTLContext ();
  4345. srcInfo.dwSourceChoice = CRYPTUI_WIZ_BUILDCTL_SRC_EXISTING_CTL;
  4347. HWND hwndParent = 0;
  4348. hr = m_pConsole->GetMainWindow (&hwndParent);
  4349. ASSERT (SUCCEEDED (hr));
  4350. PCCTL_CONTEXT pNewCTLContext = 0;
  4351. CThemeContextActivator activator;
  4352. BOOL bResult = ::CryptUIWizBuildCTL (
  4353. CRYPTUI_WIZ_BUILDCTL_SKIP_DESTINATION,
  4354. hwndParent,
  4355. 0,
  4356. &srcInfo,
  4357. NULL,
  4358. &pNewCTLContext);
  4359. ASSERT (bResult);
  4360. if ( bResult && pNewCTLContext )
  4361. {
  4362. rStore.SetDirty ();
  4363. // Delete old CTL and add the new one.
  4364. if ( pCTL->DeleteFromStore () )
  4365. {
  4366. if ( !rStore.AddCTLContext (pNewCTLContext) )
  4367. {
  4368. DWORD dwErr = GetLastError ();
  4369. if ( CRYPT_E_EXISTS == dwErr )
  4370. {
  4371. CString text;
  4372. CString caption;
  4373. int iRetVal = 0;
  4376. VERIFY (text.LoadString (IDS_DUPLICATE_CTL));
  4377. VERIFY (caption.LoadString (IDS_CERTIFICATE_MANAGER));
  4378. hr = m_pConsole->MessageBox (text, caption,
  4379. MB_OK, &iRetVal);
  4380. ASSERT (SUCCEEDED (hr));
  4381. hr = E_FAIL;
  4382. }
  4383. else
  4384. {
  4385. DisplaySystemError (dwErr);
  4386. hr = HRESULT_FROM_WIN32 (dwErr);
  4387. }
  4388. }
  4389. rStore.Commit ();
  4390. hr = m_pConsole->UpdateAllViews (pDataObject, 0, 0);
  4391. ASSERT (SUCCEEDED (hr));
  4392. }
  4393. else
  4394. {
  4395. DWORD dwErr = GetLastError ();
  4396. DisplaySystemError (dwErr);
  4397. hr = HRESULT_FROM_WIN32 (dwErr);
  4398. }
  4399. }
  4400. }
  4401. else
  4402. return E_UNEXPECTED;
  4403. }
  4404. break;
  4406. default:
  4407. ASSERT (0);
  4408. return E_UNEXPECTED;
  4409. }
  4411. _TRACE (-1, L"Leaving CCertMgrComponentData::OnCTLEdit: 0x%x\n", hr);
  4412. return hr;
  4413. }
  4416. HRESULT CCertMgrComponentData::OnAddDomainEncryptedDataRecoveryAgent (LPDATAOBJECT pDataObject)
  4417. {
  4418. _TRACE (1, L"Entering CCertMgrComponentData::OnAddDomainEncryptedDataRecoveryAgent\n");
  4419. AFX_MANAGE_STATE (AfxGetStaticModuleState ());
  4420. ASSERT (pDataObject);
  4421. if ( !pDataObject )
  4422. return E_POINTER;
  4424. HRESULT hr = S_OK;
  4425. CCertMgrCookie* pCookie = ConvertCookie (pDataObject);
  4426. ASSERT (pCookie);
  4427. if ( pCookie )
  4428. {
  4429. CCertStoreGPE* pStore = reinterpret_cast <CCertStoreGPE*> (pCookie);
  4430. ASSERT (pStore && EFS_STORE == pStore->GetStoreType ());
  4431. if ( pStore && EFS_STORE == pStore->GetStoreType () )
  4432. {
  4433. HWND hwndConsole = 0;
  4434. hr = m_pConsole->GetMainWindow (&hwndConsole);
  4435. ASSERT (SUCCEEDED (hr));
  4436. if ( SUCCEEDED (hr) )
  4437. {
  4438. CUsers EFSUsers;
  4439. CAddEFSWizSheet efsAddSheet (IDS_ADDTITLE, EFSUsers, m_bMachineIsStandAlone);
  4441. if ( efsAddSheet.DoWizard (hwndConsole) )
  4442. {
  4443. pStore->SetDirty ();
  4445. CString szUserName;
  4446. CString szCertName;
  4447. PUSERSONFILE pUser = EFSUsers.StartEnum ();
  4449. if ( pStore->IsNullEFSPolicy () )
  4450. {
  4451. pStore->AllowEmptyEFSPolicy ();
  4452. hr = m_pConsole->UpdateAllViews (pDataObject, 0, HINT_EFS_ADD_DEL_POLICY);
  4453. ASSERT (SUCCEEDED (hr));
  4454. }
  4456. // If the store is an empty store, we need to delete it before adding
  4457. // the first cert. Otherwise CertAddCertificateContextToStore () fails
  4458. // with E_ACCESS_DENIED
  4459. if ( 0 == pStore->GetCertCount () )
  4460. pStore->DeleteEFSPolicy (false);
  4462. while ( pUser )
  4463. {
  4464. hr = pStore->AddCertificateContext (
  4465. pUser->m_pCertContext, m_pConsole, false);
  4466. if ( SUCCEEDED (hr) )
  4467. {
  4468. pStore->AddCertToList (pUser->m_pCertContext, pUser->m_UserSid);
  4470. hr = AddCertChainToPolicy (pUser->m_pCertContext);
  4471. hr = m_pConsole->UpdateAllViews (pDataObject, 0, 0);
  4472. ASSERT (SUCCEEDED (hr));
  4473. }
  4474. else
  4475. break;
  4476. pUser = EFSUsers.GetNextUser (pUser, szUserName, szCertName);
  4477. }
  4478. pStore->Commit ();
  4479. hr = DisplayCertificateCountByStore (m_pComponentConsole, pStore, true);
  4480. }
  4481. }
  4482. }
  4483. else
  4484. hr = E_UNEXPECTED;
  4485. }
  4486. _TRACE (-1, L"Leaving CCertMgrComponentData::OnAddDomainEncryptedDataRecoveryAgent: 0x%x\n", hr);
  4487. return hr;
  4488. }
  4491. // This code from Robert Reichel
  4492. /*++
  4494. Routine Description:
  4496. This routine returns the TOKEN_USER structure for the
  4497. current user, and optionally, the AuthenticationId from his
  4498. token.
  4500. Arguments:
  4502. AuthenticationId - Supplies an optional pointer to return the
  4503. AuthenticationId.
  4505. Return Value:
  4507. On success, returns a pointer to a TOKEN_USER structure.
  4509. On failure, returns NULL. Call GetLastError() for more
  4510. detailed error information.
  4512. --*/
  4514. PTOKEN_USER EfspGetTokenUser ()
  4515. {
  4516. _TRACE (1, L"Entering EfspGetTokenUser\n");
  4517. HANDLE hToken = 0;
  4518. DWORD dwReturnLength = 0;
  4519. PTOKEN_USER pTokenUser = NULL;
  4521. BOOL bResult = ::OpenProcessToken (GetCurrentProcess (), TOKEN_QUERY, &hToken);
  4522. if ( bResult )
  4523. {
  4524. bResult = ::GetTokenInformation (
  4525. hToken,
  4526. TokenUser,
  4527. NULL,
  4528. 0,
  4529. &dwReturnLength
  4530. );
  4532. if ( !bResult && dwReturnLength > 0 )
  4533. {
  4534. pTokenUser = (PTOKEN_USER) malloc (dwReturnLength);
  4536. if (pTokenUser)
  4537. {
  4538. bResult = GetTokenInformation (
  4539. hToken,
  4540. TokenUser,
  4541. pTokenUser,
  4542. dwReturnLength,
  4543. &dwReturnLength
  4544. );
  4546. if ( !bResult)
  4547. {
  4548. DWORD dwErr = GetLastError ();
  4549. DisplaySystemError (NULL, dwErr);
  4550. free (pTokenUser);
  4551. pTokenUser = NULL;
  4552. }
  4553. }
  4554. }
  4555. else
  4556. {
  4557. DWORD dwErr = GetLastError ();
  4558. DisplaySystemError (NULL, dwErr);
  4559. }
  4561. ::CloseHandle (hToken);
  4562. }
  4563. else
  4564. {
  4565. DWORD dwErr = GetLastError ();
  4566. DisplaySystemError (NULL, dwErr);
  4567. }
  4569. _TRACE (-1, L"Leaving EfspGetTokenUser\n");
  4570. return pTokenUser;
  4571. }
  4574. HRESULT CCertMgrComponentData::CompleteEFSRecoveryAgent(CCertStoreGPE* pStore, PCCERT_CONTEXT pCertContext)
  4575. {
  4576. _TRACE (1, L"Entering CCertMgrComponentData::CompleteEFSRecoveryAgent\n");
  4577. HRESULT hr = S_OK;
  4578. ASSERT (pCertContext);
  4579. if ( !pCertContext || !pStore )
  4580. return E_POINTER;
  4582. // This is using to Enroll to create a new EFS Recovery Agent.
  4583. // Get PSID of logged-in user and save to store
  4586. // If the store is an empty store, we need to delete it before adding
  4587. // the first cert. Otherwise CertAddCertificateContextToStore () fails
  4588. // with E_ACCESS_DENIED
  4589. if ( 0 == pStore->GetCertCount () )
  4590. pStore->DeleteEFSPolicy (false);
  4591. hr = pStore->AddCertificateContext (pCertContext, m_pConsole, false);
  4592. if ( SUCCEEDED (hr) )
  4593. {
  4594. pStore->Commit ();
  4596. PTOKEN_USER pTokenUser = ::EfspGetTokenUser ();
  4597. if ( pTokenUser )
  4598. {
  4599. pStore->AddCertToList (pCertContext, pTokenUser->User.Sid);
  4600. free (pTokenUser);
  4601. }
  4603. if ( SUCCEEDED (hr) )
  4604. {
  4605. hr = AddCertChainToPolicy (pCertContext);
  4606. }
  4607. }
  4608. else
  4609. {
  4610. int iRetVal = 0;
  4611. CString text;
  4612. CString caption;
  4614. text.FormatMessage (IDS_CANT_ADD_CERT, pStore->GetLocalizedName (),
  4615. GetSystemMessage (hr));
  4616. VERIFY (caption.LoadString (IDS_CERTIFICATE_MANAGER));
  4618. m_pConsole->MessageBox (text, caption,
  4619. MB_OK | MB_ICONWARNING, &iRetVal);
  4620. }
  4623. // Exportable keys are not currently supported. We can uncomment this code if this
  4624. // feature becomes available again in the future.
  4625. /*
  4626. int iRetVal = 0;
  4627. CString text;
  4628. CString caption;
  4630. VERIFY (text.LoadString (IDS_EXPORT_AND_DELETE_EFS_KEY));
  4631. VERIFY (caption.LoadString (IDS_CREATE_AUTO_CERT_REQUEST));
  4633. hr = m_pConsole->MessageBox (text, caption,
  4634. MB_YESNO | MB_ICONQUESTION, &iRetVal);
  4635. ASSERT (SUCCEEDED (hr));
  4636. if ( SUCCEEDED (hr) && IDYES == iRetVal )
  4637. {
  4638. // Remove the private key from the cert.
  4639. hr = CertSetCertificateContextProperty (pCertContext,
  4640. CERT_KEY_PROV_INFO_PROP_ID, 0, 0);
  4641. ASSERT (SUCCEEDED (hr));
  4643. // Bring up the common file open dialog to get a filename
  4644. // and the standard password dialog to get a password so
  4645. // that I can write out the PFX file.
  4646. HWND hwndConsole = 0;
  4647. hr = m_pConsole->GetMainWindow (&hwndConsole);
  4648. ASSERT (SUCCEEDED (hr));
  4649. if ( SUCCEEDED (hr) )
  4650. {
  4651. CString szFilter;
  4652. VERIFY (szFilter.LoadString (IDS_SAVE_PFX_FILTER));
  4654. CWnd mainWindow;
  4655. if ( mainWindow.Attach (hwndConsole) )
  4656. {
  4657. CFileDialog* pFileDlg = new CFileDialog (FALSE, // use as File Save As
  4658. L"pfx", // default extension
  4659. NULL, // preferred file name
  4660. OFN_HIDEREADONLY | OFN_OVERWRITEPROMPT | OFN_CREATEPROMPT | OFN_NOREADONLYRETURN,
  4661. (PCWSTR) szFilter,
  4662. &mainWindow);
  4663. if ( pFileDlg )
  4664. {
  4665. CThemeContextActivator activator;
  4666. if ( IDOK == pFileDlg->DoModal () )
  4667. {
  4668. CString pathName = pFileDlg->GetPathName ();
  4669. CRYPTUI_WIZ_EXPORT_INFO cwi;
  4670. CRYPTUI_WIZ_EXPORT_CERTCONTEXT_INFO cci;
  4672. ::ZeroMemory (&cwi, sizeof (cwi));
  4673. cwi.dwSize = sizeof (cwi);
  4674. cwi.pwszExportFileName = (PCWSTR) pathName;
  4675. cwi.dwSubjectChoice = CRYPTUI_WIZ_EXPORT_CERT_CONTEXT;
  4676. cwi.pCertContext = pCertContext;
  4678. ::ZeroMemory (&cci, sizeof (cci));
  4679. cci.dwSize = sizeof (cci);
  4680. cci.dwExportFormat = CRYPTUI_WIZ_EXPORT_FORMAT_PFX;
  4681. cci.fExportChain = TRUE;
  4682. cci.fExportPrivateKeys = TRUE;
  4684. CPassword passwordDlg;
  4687. // Launch password dialog
  4688. CThemeContextActivator activator;
  4689. if ( IDOK == passwordDlg.DoModal () )
  4690. {
  4691. if ( !wcslen (passwordDlg.GetPassword ()) )
  4692. {
  4693. // If password string is empty, pass NULL.
  4694. cci.pwszPassword = 0;
  4695. }
  4696. else
  4697. cci.pwszPassword = passwordDlg.GetPassword ();
  4699. CThemeContextActivator activator;
  4700. BOOL bResult = ::CryptUIWizExport (
  4701. CRYPTUI_WIZ_NO_UI,
  4702. 0, // hwndParent ignored
  4703. 0, // pwszWizardTitle ignored
  4704. &cwi,
  4705. (void*) &cci);
  4706. if ( bResult )
  4707. {
  4708. hr = DeleteKeyFromRSABASE (pCertContext);
  4709. }
  4710. else
  4711. {
  4712. DWORD dwErr = GetLastError ();
  4713. DisplaySystemError (dwErr);
  4714. }
  4715. }
  4716. }
  4718. delete pFileDlg;
  4719. }
  4720. else
  4721. {
  4722. hr = E_OUTOFMEMORY;
  4723. }
  4725. }
  4726. else
  4727. ASSERT (0);
  4728. VERIFY (mainWindow.Detach () == hwndConsole);
  4729. }
  4730. }
  4731. */
  4733. _TRACE (-1, L"Leaving CCertMgrComponentData::CompleteEFSRecoveryAgent: 0x%x\n", hr);
  4734. return hr;
  4735. }
  4737. HRESULT CCertMgrComponentData::AddScopeNode(CCertMgrCookie * pNewCookie, const CString & strServerName, HSCOPEITEM hParent)
  4738. {
  4739. _TRACE (1, L"Entering CCertMgrComponentData::AddScopeNode\n");
  4740. ASSERT (pNewCookie);
  4741. if ( !pNewCookie )
  4742. return E_POINTER;
  4744. HRESULT hr = S_OK;
  4747. SCOPEDATAITEM tSDItem;
  4749. ::ZeroMemory (&tSDItem,sizeof (tSDItem));
  4750. tSDItem.mask = SDI_STR | SDI_IMAGE | SDI_STATE | SDI_PARAM | SDI_PARENT;
  4751. tSDItem.displayname = MMC_CALLBACK;
  4752. tSDItem.relativeID = hParent;
  4753. tSDItem.nState = 0;
  4755. switch (pNewCookie->m_objecttype)
  4756. {
  4757. case CERTMGR_USAGE:
  4758. case CERTMGR_CRL_CONTAINER:
  4759. case CERTMGR_CTL_CONTAINER:
  4760. case CERTMGR_CERT_CONTAINER:
  4761. case CERTMGR_LOG_STORE_GPE:
  4762. case CERTMGR_LOG_STORE_RSOP:
  4763. case CERTMGR_SAFER_COMPUTER_LEVELS:
  4764. case CERTMGR_SAFER_USER_LEVELS:
  4765. case CERTMGR_SAFER_COMPUTER_ENTRIES:
  4766. case CERTMGR_SAFER_USER_ENTRIES:
  4767. tSDItem.mask |= SDI_CHILDREN;
  4768. tSDItem.cChildren = 0;
  4769. break;
  4771. case CERTMGR_PKP_AUTOENROLLMENT_COMPUTER_SETTINGS:
  4772. case CERTMGR_PKP_AUTOENROLLMENT_USER_SETTINGS:
  4773. ASSERT (0);
  4774. break;
  4776. default:
  4777. break;
  4778. }
  4779. if ( pNewCookie != m_pRootCookie && m_pRootCookie )
  4780. m_pRootCookie->m_listScopeCookieBlocks.AddHead ( (CBaseCookieBlock*) pNewCookie);
  4781. if ( !strServerName.IsEmpty () )
  4782. pNewCookie->m_strMachineName = strServerName;
  4783. tSDItem.lParam = reinterpret_cast<LPARAM> ( (CCookie*) pNewCookie);
  4784. tSDItem.nImage = QueryImage (*pNewCookie, FALSE);
  4785. hr = m_pConsoleNameSpace->InsertItem (&tSDItem);
  4786. if ( SUCCEEDED (hr) )
  4787. pNewCookie->m_hScopeItem = tSDItem.ID;
  4789. _TRACE (-1, L"Leaving CCertMgrComponentData::AddScopeNode: 0x%x\n", hr);
  4790. return hr;
  4791. }
  4793. HRESULT CCertMgrComponentData::DeleteKeyFromRSABASE(PCCERT_CONTEXT pCertContext)
  4794. {
  4795. _TRACE (1, L"Entering CCertMgrComponentData::DeleteKeyFromRSABASE\n");
  4796. ASSERT (pCertContext);
  4797. if ( !pCertContext )
  4798. return E_POINTER;
  4799. HRESULT hr = S_OK;
  4800. DWORD cbData = 0;
  4802. BOOL bResult = ::CertGetCertificateContextProperty (pCertContext,
  4803. CERT_KEY_PROV_INFO_PROP_ID, 0, &cbData);
  4804. ASSERT (bResult);
  4805. if ( bResult )
  4806. {
  4807. PCRYPT_KEY_PROV_INFO pKeyProvInfo = (PCRYPT_KEY_PROV_INFO) ::LocalAlloc (LPTR, cbData);
  4808. if ( pKeyProvInfo )
  4809. {
  4810. bResult = ::CertGetCertificateContextProperty (pCertContext,
  4811. CERT_KEY_PROV_INFO_PROP_ID, pKeyProvInfo, &cbData);
  4812. ASSERT (bResult);
  4813. if ( bResult )
  4814. {
  4815. HCRYPTPROV hProv = 0;
  4816. bResult = ::CryptAcquireContext (&hProv,
  4817. pKeyProvInfo->pwszContainerName,
  4818. pKeyProvInfo->pwszProvName,
  4819. pKeyProvInfo->dwProvType,
  4820. CRYPT_DELETEKEYSET);
  4821. ASSERT (bResult);
  4822. if ( !bResult )
  4823. {
  4824. DWORD dwErr = GetLastError ();
  4825. hr = HRESULT_FROM_WIN32 (dwErr);
  4826. DisplaySystemError (dwErr);
  4827. }
  4828. }
  4829. else
  4830. {
  4831. DWORD dwErr = GetLastError ();
  4832. hr = HRESULT_FROM_WIN32 (dwErr);
  4833. DisplaySystemError (dwErr);
  4834. }
  4836. ::LocalFree (pKeyProvInfo);
  4837. }
  4838. else
  4839. {
  4840. hr = E_OUTOFMEMORY;
  4841. }
  4842. }
  4843. else
  4844. {
  4845. DWORD dwErr = GetLastError ();
  4846. hr = HRESULT_FROM_WIN32 (dwErr);
  4847. DisplaySystemError (dwErr);
  4848. }
  4851. _TRACE (-1, L"Leaving CCertMgrComponentData::DeleteKeyFromRSABASE: 0x%x\n", hr);
  4852. return hr;
  4853. }
  4855. HRESULT CCertMgrComponentData::ReleaseResultCookie (
  4856. CBaseCookieBlock * pResultCookie,
  4857. CCookie& rootCookie,
  4858. HCERTSTORE hStoreHandle,
  4859. POSITION pos2)
  4860. {
  4861. // _TRACE (1, L"Entering CCertMgrComponentData::ReleaseResultCookie\n");
  4862. CCertMgrCookie* pCookie = reinterpret_cast <CCertMgrCookie*> (pResultCookie);
  4863. ASSERT (pCookie);
  4864. if ( pCookie )
  4865. {
  4866. switch (pCookie->m_objecttype)
  4867. {
  4868. case CERTMGR_CERTIFICATE:
  4869. {
  4870. CCertificate* pCert = reinterpret_cast <CCertificate*> (pCookie);
  4871. ASSERT (pCert);
  4872. if ( pCert && pCert->GetCertStore () )
  4873. {
  4874. if ( pCert->GetCertStore ()->GetStoreHandle () == hStoreHandle )
  4875. {
  4876. // pCookie and pCert point to the same object
  4877. pResultCookie = rootCookie.m_listResultCookieBlocks.GetAt (pos2);
  4878. ASSERT (pResultCookie);
  4879. rootCookie.m_listResultCookieBlocks.RemoveAt (pos2);
  4880. if ( pResultCookie )
  4881. {
  4882. pResultCookie->Release ();
  4883. }
  4884. }
  4885. pCert->GetCertStore ()->Close ();
  4886. }
  4887. }
  4888. break;
  4890. case CERTMGR_CTL:
  4891. case CERTMGR_AUTO_CERT_REQUEST:
  4892. {
  4893. CCTL* pCTL = reinterpret_cast <CCTL*> (pCookie);
  4894. ASSERT (pCTL);
  4895. if ( pCTL )
  4896. {
  4897. if ( pCTL->GetCertStore ().GetStoreHandle () == hStoreHandle )
  4898. {
  4899. // pCookie and pCert point to the same object
  4900. pResultCookie = rootCookie.m_listResultCookieBlocks.GetAt (pos2);
  4901. ASSERT (pResultCookie);
  4902. rootCookie.m_listResultCookieBlocks.RemoveAt (pos2);
  4903. if ( pResultCookie )
  4904. {
  4905. pResultCookie->Release ();
  4906. }
  4907. }
  4908. pCTL->GetCertStore ().Close ();
  4909. }
  4910. }
  4911. break;
  4913. case CERTMGR_CRL:
  4914. {
  4915. CCRL* pCRL = reinterpret_cast <CCRL*> (pCookie);
  4916. ASSERT (pCRL);
  4917. if ( pCRL )
  4918. {
  4919. if ( pCRL->GetCertStore ().GetStoreHandle () == hStoreHandle )
  4920. {
  4921. // pCookie and pCert point to the same object
  4922. pResultCookie = rootCookie.m_listResultCookieBlocks.GetAt (pos2);
  4923. ASSERT (pResultCookie);
  4924. rootCookie.m_listResultCookieBlocks.RemoveAt (pos2);
  4925. if ( pResultCookie )
  4926. {
  4927. pResultCookie->Release ();
  4928. }
  4929. }
  4930. pCRL->GetCertStore ().Close ();
  4931. }
  4932. }
  4933. break;
  4935. default:
  4936. // _TRACE (0, L"CCertMgrComponentData::ReleaseResultCookie () - bad cookie type: 0x%x\n",
  4937. // pCookie->m_objecttype);
  4938. break;
  4939. }
  4940. }
  4942. // _TRACE (-1, L"Leaving CCertMgrComponentData::ReleaseResultCookie: S_OK\n");
  4943. return S_OK;
  4944. }
  4946. void CCertMgrComponentData::SetResultData(LPRESULTDATA pResultData)
  4947. {
  4948. _TRACE (1, L"Entering CCertMgrComponentData::SetResultData\n");
  4949. ASSERT (pResultData);
  4950. if ( pResultData && !m_pResultData )
  4951. {
  4952. m_pResultData = pResultData;
  4953. m_pResultData->AddRef ();
  4954. }
  4955. _TRACE (-1, L"Leaving CCertMgrComponentData::SetResultData\n");
  4956. }
  4958. HRESULT CCertMgrComponentData::GetResultData(LPRESULTDATA* ppResultData)
  4959. {
  4960. HRESULT hr = S_OK;
  4962. if ( !ppResultData )
  4963. hr = E_POINTER;
  4964. else if ( !m_pResultData )
  4965. {
  4966. if ( m_pConsole )
  4967. {
  4968. hr = m_pConsole->QueryInterface(IID_PPV_ARG (IResultData, &m_pResultData));
  4969. _ASSERT (SUCCEEDED (hr));
  4970. }
  4971. else
  4972. hr = E_FAIL;
  4973. }
  4975. if ( SUCCEEDED (hr) && m_pResultData )
  4976. {
  4977. *ppResultData = m_pResultData;
  4978. m_pResultData->AddRef ();
  4979. }
  4981. return hr;
  4982. }
  4983. ///////////////////////////////////////////////////////////////////////////////
  4984. //
  4985. // Check to see if a child scope pane object exists of the desired type
  4986. // immediately below hParent
  4987. //
  4988. ///////////////////////////////////////////////////////////////////////////////
  4989. bool CCertMgrComponentData::ContainerExists(HSCOPEITEM hParent, CertificateManagerObjectType objectType)
  4990. {
  4991. _TRACE (1, L"Entering CCertMgrComponentData::ContainerExists\n");
  4992. bool bExists = false;
  4993. CCertMgrCookie* pCookie = 0;
  4994. HSCOPEITEM hChild = 0;
  4995. MMC_COOKIE lCookie = 0;
  4996. HRESULT hr = m_pConsoleNameSpace->GetChildItem (hParent,
  4997. &hChild, &lCookie);
  4998. ASSERT (SUCCEEDED (hr));
  4999. while ( SUCCEEDED (hr) && hChild )
  5000. {
  5001. pCookie = reinterpret_cast <CCertMgrCookie*> (lCookie);
  5002. ASSERT (pCookie);
  5003. if ( pCookie )
  5004. {
  5005. if ( pCookie->m_objecttype == objectType )
  5006. {
  5007. bExists = true;
  5008. break;
  5009. }
  5010. }
  5011. hr = m_pConsoleNameSpace->GetNextItem (hChild, &hChild, &lCookie);
  5012. ASSERT (SUCCEEDED (hr));
  5013. }
  5015. _TRACE (-1, L"Leaving CCertMgrComponentData::ContainerExists\n");
  5016. return bExists;
  5017. }
  5020. void CCertMgrComponentData::DisplayAccessDenied ()
  5021. {
  5022. _TRACE (1, L"Entering CCertMgrComponentData::DisplayAccessDenied\n");
  5023. DWORD dwErr = GetLastError ();
  5024. ASSERT (E_ACCESSDENIED == dwErr);
  5025. if ( E_ACCESSDENIED == dwErr )
  5026. {
  5027. LPVOID lpMsgBuf;
  5029. FormatMessage (FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM,
  5030. NULL,
  5031. GetLastError (),
  5032. MAKELANGID (LANG_NEUTRAL, SUBLANG_DEFAULT), // Default language
  5033. (PWSTR) &lpMsgBuf, 0, NULL );
  5035. // Display the string.
  5036. CString caption;
  5037. VERIFY (caption.LoadString (IDS_CERTIFICATE_MANAGER));
  5038. int iRetVal = 0;
  5039. VERIFY (SUCCEEDED (m_pConsole->MessageBox ( (PWSTR) lpMsgBuf, caption,
  5040. MB_ICONWARNING | MB_OK, &iRetVal)));
  5042. // Free the buffer.
  5043. LocalFree (lpMsgBuf);
  5044. }
  5045. _TRACE (-1, L"Leaving CCertMgrComponentData::DisplayAccessDenied\n");
  5046. }
  5049. HRESULT CCertMgrComponentData::DeleteCTLFromResultPane (CCTL * pCTL, LPDATAOBJECT pDataObject)
  5050. {
  5051. _TRACE (1, L"Entering CCertMgrComponentData::DeleteCTLFromResultPane\n");
  5052. ASSERT (pCTL);
  5053. ASSERT (pDataObject);
  5054. if ( !pCTL || !pDataObject )
  5055. return E_POINTER;
  5057. HRESULT hr = S_OK;
  5058. if ( pCTL->DeleteFromStore () )
  5059. {
  5060. hr = pCTL->GetCertStore ().Commit ();
  5061. ASSERT (SUCCEEDED (hr));
  5062. if ( SUCCEEDED (hr) )
  5063. {
  5064. HRESULTITEM itemID = 0;
  5065. hr = m_pResultData->FindItemByLParam ( (LPARAM) pCTL, &itemID);
  5066. if ( SUCCEEDED (hr) )
  5067. {
  5068. hr = m_pResultData->DeleteItem (itemID, 0);
  5069. ASSERT (SUCCEEDED (hr));
  5070. }
  5072. // If we can't succeed in removing this one item, then update the whole panel.
  5073. if ( !SUCCEEDED (hr) )
  5074. {
  5075. hr = m_pConsole->UpdateAllViews (pDataObject, 0, 0);
  5076. }
  5077. }
  5078. }
  5079. else
  5080. {
  5081. DisplayAccessDenied ();
  5082. }
  5084. _TRACE (-1, L"LeavingLeaving CCertMgrComponentData::DeleteCTLFromResultPane: 0x%x\n", hr);
  5085. return hr;
  5086. }
  5089. /*
  5090. HRESULT CCertMgrComponentData::OnSetAsRecoveryCert(LPDATAOBJECT pDataObject)
  5091. {
  5092. HRESULT hr = S_OK;
  5094. CCertMgrCookie* pParentCookie = ConvertCookie (pDataObject);
  5095. if ( pParentCookie && CERTMGR_CERTIFICATE == pParentCookie->m_objecttype )
  5096. {
  5097. CCertificate* pCert = reinterpret_cast <CCertificate*> (pParentCookie);
  5098. ASSERT (pCert);
  5099. if ( pCert )
  5100. {
  5101. PTOKEN_USER pTokenUser = ::EfspGetTokenUser ();
  5102. if ( pTokenUser )
  5103. {
  5104. ASSERT (::CertHasEFSKeyUsage (pCert->GetCertContext ()));
  5105. PCCERT_CONTEXT pCertContext = pCert->GetCertContext ();
  5107. EFS_CERTIFICATE_BLOB efsCertBlob;
  5108. ::ZeroMemory (&efsCertBlob, sizeof (efsCertBlob));
  5109. efsCertBlob.dwCertEncodingType = pCertContext->dwCertEncodingType;
  5110. efsCertBlob.cbData = pCertContext->cbCertEncoded;
  5111. efsCertBlob.pbData = pCertContext->pbCertEncoded;
  5113. ENCRYPTION_CERTIFICATE encryptionCert;
  5114. ::ZeroMemory (&encryptionCert, sizeof (encryptionCert));
  5115. encryptionCert.cbTotalLength = sizeof (encryptionCert);
  5116. encryptionCert.pUserSid = (SID*) pTokenUser->User.Sid;
  5117. encryptionCert.pCertBlob = &efsCertBlob;
  5120. DWORD dwResult = ::SetUserFileEncryptionKey (&encryptionCert);
  5121. if ( dwResult )
  5122. {
  5123. // The most likely error here is that the user doesn't have the
  5124. // private key of this certificate. In that case, put up a special
  5125. // message box to that effect.
  5126. // TODO: Get the return code from RobertRe for this case. As of
  5127. // 3/4/98 he doesn't yet know what it is.
  5128. DisplaySystemError (dwResult);
  5129. }
  5130. }
  5131. else
  5132. hr = E_FAIL;
  5133. }
  5134. else
  5135. hr = E_UNEXPECTED;
  5136. }
  5137. else
  5138. hr = E_UNEXPECTED;
  5140. return hr;
  5141. }
  5142. */
  5144. CString CCertMgrComponentData::GetThisComputer() const
  5145. {
  5146. _TRACE (0, L"Entering and leaving CCertMgrComponentData::GetThisComputer\n");
  5147. return m_szThisComputer;
  5148. }
  5150. typedef struct _ENUM_LOG_ARG {
  5151. DWORD m_dwFlags;
  5152. CTypedPtrList<CPtrList, CCertStore*>* m_pStoreList;
  5153. PCWSTR m_pcszMachineName;
  5154. CCertMgrComponentData* m_pCompData;
  5155. LPCONSOLE m_pConsole;
  5156. } ENUM_LOG_ARG, *PENUM_LOG_ARG;
  5160. static BOOL WINAPI EnumLogCallback (
  5161. IN const void* pwszSystemStore,
  5162. IN DWORD dwFlags,
  5163. IN PCERT_SYSTEM_STORE_INFO /*pStoreInfo*/,
  5164. IN OPTIONAL void* /*pvReserved*/,
  5165. IN OPTIONAL void *pvArg
  5166. )
  5167. {
  5168. _TRACE (1, L"Entering EnumLogCallback\n");
  5169. BOOL bResult = TRUE;
  5170. PENUM_LOG_ARG pEnumArg = (PENUM_LOG_ARG) pvArg;
  5172. // Create new cookies
  5173. SPECIAL_STORE_TYPE storeType = GetSpecialStoreType ((PWSTR) pwszSystemStore);
  5175. //
  5176. // We will not expose the ACRS store for machines or users. It is not
  5177. // interesting or useful at this level. All Auto Cert Requests should
  5178. // be managed only at the policy level.
  5179. //
  5180. if ( ACRS_STORE != storeType )
  5181. {
  5182. if ( pEnumArg->m_pCompData->ShowArchivedCerts () )
  5183. dwFlags |= CERT_STORE_ENUM_ARCHIVED_FLAG;
  5184. CCertStore* pStore = new CCertStore (
  5185. CERTMGR_LOG_STORE,
  5186. CERT_STORE_PROV_SYSTEM,
  5187. dwFlags,
  5188. pEnumArg->m_pcszMachineName,
  5189. (PCWSTR) pwszSystemStore,
  5190. (PCWSTR) pwszSystemStore,
  5191. _T (""), storeType,
  5192. pEnumArg->m_dwFlags,
  5193. pEnumArg->m_pConsole);
  5194. if ( pStore )
  5195. {
  5196. pEnumArg->m_pStoreList->AddTail (pStore);
  5197. }
  5198. }
  5200. _TRACE (-1, L"Leaving EnumLogCallback\n");
  5201. return bResult;
  5202. }
  5205. HRESULT CCertMgrComponentData::EnumerateLogicalStores (CTypedPtrList<CPtrList, CCertStore*>* pStoreList)
  5206. {
  5207. _TRACE (1, L"Entering CCertMgrComponentData::EnumerateLogicalStores\n");
  5208. CWaitCursor cursor;
  5209. HRESULT hr = S_OK;
  5210. ENUM_LOG_ARG enumArg;
  5211. DWORD dwFlags = GetLocation ();
  5213. ::ZeroMemory (&enumArg, sizeof (enumArg));
  5214. enumArg.m_dwFlags = dwFlags;
  5215. enumArg.m_pStoreList = pStoreList;
  5216. enumArg.m_pcszMachineName =
  5217. QueryRootCookie ().QueryNonNULLMachineName ();
  5218. enumArg.m_pCompData = this;
  5219. enumArg.m_pConsole = m_pConsole;
  5220. CString location;
  5221. void* pvPara = 0;
  5225. if ( !GetManagedService ().IsEmpty () )
  5226. {
  5227. if ( !GetManagedComputer ().IsEmpty () )
  5228. {
  5229. location = GetManagedComputer () + _T("\\") +
  5230. GetManagedComputer ();
  5231. pvPara = (void *) (PCWSTR) location;
  5232. }
  5233. else
  5234. pvPara = (void *) (PCWSTR) GetManagedService ();
  5235. }
  5236. else if ( !GetManagedComputer ().IsEmpty () )
  5237. {
  5238. pvPara = (void *) (PCWSTR) GetManagedComputer ();
  5239. }
  5241. CString fileName = GetCommandLineFileName ();
  5242. if ( fileName.IsEmpty () )
  5243. {
  5244. // Ensure creation of MY store
  5245. HCERTSTORE hTempStore = ::CertOpenStore (CERT_STORE_PROV_SYSTEM,
  5246. X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
  5247. NULL,
  5248. dwFlags | CERT_STORE_SET_LOCALIZED_NAME_FLAG,
  5249. MY_SYSTEM_STORE_NAME);
  5250. if ( hTempStore ) // otherwise, store is read only
  5251. {
  5252. VERIFY (::CertCloseStore (hTempStore, CERT_CLOSE_STORE_CHECK_FLAG));
  5253. }
  5254. else
  5255. {
  5256. _TRACE (0, L"CertOpenStore (%s) failed: 0x%x\n",
  5257. MY_SYSTEM_STORE_NAME, GetLastError ());
  5258. }
  5260. if ( !::CertEnumSystemStore (dwFlags, pvPara, &enumArg, EnumLogCallback) )
  5261. {
  5262. DWORD dwErr = GetLastError ();
  5263. CString text;
  5264. CString caption;
  5266. VERIFY (caption.LoadString (IDS_CERTIFICATE_MANAGER));
  5267. if ( ERROR_ACCESS_DENIED == dwErr )
  5268. {
  5269. VERIFY (text.LoadString (IDS_NO_PERMISSION));
  5271. }
  5272. else
  5273. {
  5274. text.FormatMessage (IDS_CANT_ENUMERATE_SYSTEM_STORES, GetSystemMessage (dwErr));
  5275. }
  5276. int iRetVal = 0;
  5277. VERIFY (SUCCEEDED (m_pConsole->MessageBox (text, caption,
  5278. MB_OK, &iRetVal)));
  5279. hr = HRESULT_FROM_WIN32 (dwErr);
  5280. hr = HRESULT_FROM_WIN32 (dwErr);
  5281. }
  5282. }
  5283. else
  5284. {
  5285. // Create new cookies
  5286. dwFlags = 0;
  5288. // If there is a class file-based store, use that, otherwise allocate
  5289. // a new one.
  5290. CCertStore* pStore = m_pFileBasedStore;
  5291. if ( !pStore )
  5292. pStore = new CCertStore (
  5293. CERTMGR_LOG_STORE,
  5294. CERT_STORE_PROV_FILENAME_W,
  5295. dwFlags,
  5296. QueryRootCookie ().QueryNonNULLMachineName (),
  5297. fileName, fileName, _T (""), NO_SPECIAL_TYPE,
  5298. m_dwLocationPersist,
  5299. m_pConsole);
  5300. else
  5301. pStore->AddRef ();
  5302. if ( pStore )
  5303. {
  5304. pStoreList->AddTail (pStore);
  5305. }
  5306. }
  5308. _TRACE (-1, L"LeavingLeaving CCertMgrComponentData::EnumerateLogicalStores: 0x%x\n", hr);
  5309. return hr;
  5310. }
  5312. HRESULT CCertMgrComponentData::OnNotifyPreload(
  5313. LPDATAOBJECT /*lpDataObject*/,
  5314. HSCOPEITEM hRootScopeItem)
  5315. {
  5316. _TRACE (1, L"Entering CCertMgrComponentData::OnNotifyPreload\n");
  5317. ASSERT (m_fAllowOverrideMachineName);
  5318. HRESULT hr = S_OK;
  5320. QueryBaseRootCookie ().m_hScopeItem = hRootScopeItem;
  5322. // The machine name will be changed only if the stores are machine-based
  5323. // stores.
  5324. if ( CERT_SYSTEM_STORE_LOCAL_MACHINE == m_dwLocationPersist )
  5325. {
  5327. CString machineName = QueryRootCookie ().QueryNonNULLMachineName();
  5329. hr = ChangeRootNodeName (machineName);
  5330. }
  5332. _TRACE (-1, L"LeavingLeaving CCertMgrComponentData::OnNotifyPreload: 0x%x\n", hr);
  5333. return hr;
  5334. }
  5336. ///////////////////////////////////////////////////////////////////////////////
  5337. //
  5338. // ChangeRootNodeName ()
  5339. //
  5340. // Purpose: Change the text of the root node
  5341. //
  5342. // Input: newName - the new machine name that the snapin manages
  5343. // Output: Returns S_OK on success
  5344. //
  5345. ///////////////////////////////////////////////////////////////////////////////
  5346. HRESULT CCertMgrComponentData::ChangeRootNodeName(const CString & newName)
  5347. {
  5348. _TRACE (1, L"Entering CCertMgrComponentData::ChangeRootNodeName\n");
  5350. if ( !QueryBaseRootCookie ().m_hScopeItem )
  5351. {
  5352. if ( m_hRootScopeItem )
  5353. QueryBaseRootCookie ().m_hScopeItem = m_hRootScopeItem;
  5354. else
  5355. return E_UNEXPECTED;
  5356. }
  5358. CString formattedName;
  5360. switch (m_dwLocationPersist)
  5361. {
  5362. case CERT_SYSTEM_STORE_LOCAL_MACHINE:
  5363. {
  5364. CString machineName (newName);
  5366. // If machineName is empty, then this manages the local machine. Get
  5367. // the local machine name. Then format the computer name with the snapin
  5368. // name
  5369. if ( IsLocalComputername (machineName) )
  5370. {
  5371. formattedName.LoadString (IDS_SCOPE_SNAPIN_TITLE_LOCAL_MACHINE);
  5372. m_szManagedComputer = L"";
  5373. }
  5374. else
  5375. {
  5376. machineName.MakeUpper ();
  5377. formattedName.FormatMessage (IDS_SCOPE_SNAPIN_TITLE_MACHINE, machineName);
  5378. m_szManagedComputer = machineName;
  5379. }
  5380. }
  5381. break;
  5383. case CERT_SYSTEM_STORE_CURRENT_SERVICE:
  5384. case CERT_SYSTEM_STORE_SERVICES:
  5385. {
  5386. CString machineName (newName);
  5388. // If machineName is empty, then this manages the local machine. Get
  5389. // the local machine name. Then format the computer name with the snapin
  5390. // name
  5391. if ( IsLocalComputername (machineName) )
  5392. {
  5393. // Get this machine name and add it to the string.
  5394. formattedName.FormatMessage (IDS_SCOPE_SNAPIN_TITLE_SERVICE_LOCAL_MACHINE,
  5395. m_szManagedServiceDisplayName);
  5396. m_szManagedComputer = L"";
  5397. }
  5398. else
  5399. {
  5400. formattedName.FormatMessage (IDS_SCOPE_SNAPIN_TITLE_SERVICE,
  5401. m_szManagedServiceDisplayName, machineName);
  5402. m_szManagedComputer = machineName;
  5403. }
  5404. }
  5405. break;
  5407. case CERT_SYSTEM_STORE_CURRENT_USER:
  5408. VERIFY (formattedName.LoadString (IDS_SCOPE_SNAPIN_TITLE_USER));
  5409. break;
  5411. default:
  5412. return S_OK;
  5413. }
  5416. SCOPEDATAITEM item;
  5417. ::ZeroMemory (&item, sizeof (SCOPEDATAITEM));
  5418. item.mask = SDI_STR;
  5419. item.displayname = (PWSTR) (PCWSTR) formattedName;
  5420. item.ID = QueryBaseRootCookie ().m_hScopeItem;
  5422. HRESULT hr = m_pConsoleNameSpace->SetItem (&item);
  5423. if ( FAILED (hr) )
  5424. {
  5425. _TRACE (0, L"IConsoleNameSpace2::SetItem () failed: 0x%x\n", hr);
  5426. }
  5427. _TRACE (-1, L"LeavingLeaving CCertMgrComponentData::ChangeRootNodeName: 0x%x\n", hr);
  5428. return hr;
  5429. }
  5431. HRESULT CCertMgrComponentData::CreateContainers(
  5432. HSCOPEITEM hScopeItem,
  5433. CCertStore& rTargetStore)
  5434. {
  5435. _TRACE (1, L"Entering CCertMgrComponentData::CreateContainers\n");
  5436. HRESULT hr = S_OK;
  5438. // If the container was a cert store and it does not
  5439. // already have Certs/CRLs/CTLs, instantiate a new CRL container
  5440. // in the scope pane.
  5441. if ( -1 != hScopeItem )
  5442. {
  5443. SCOPEDATAITEM item;
  5445. ::ZeroMemory (&item, sizeof (item));
  5446. item.mask = SDI_STATE;
  5447. item.nState = 0;
  5448. item.ID = hScopeItem;
  5450. hr = m_pConsoleNameSpace->SetItem (&item);
  5451. if ( FAILED (hr) )
  5452. {
  5453. _TRACE (0, L"IConsoleNameSpace2::SetItem () failed: 0x%x\n", hr);
  5454. }
  5455. if ( CERTMGR_LOG_STORE_GPE != rTargetStore.m_objecttype &&
  5456. CERTMGR_LOG_STORE_RSOP != rTargetStore.m_objecttype)
  5457. {
  5458. AddContainersToScopePane (hScopeItem,
  5459. rTargetStore, true);
  5460. }
  5461. }
  5463. _TRACE (-1, L"LeavingLeaving CCertMgrComponentData::CreateContainers: 0x%x\n", hr);
  5464. return hr;
  5465. }
  5469. HRESULT CCertMgrComponentData::OnOptions(LPDATAOBJECT pDataObject)
  5470. {
  5471. _TRACE (1, L"Entering CCertMgrComponentData::OnOptions\n");
  5472. AFX_MANAGE_STATE (AfxGetStaticModuleState ());
  5473. HWND hParent = 0;
  5476. // Get parent window handle and attach to a CWnd object
  5477. HRESULT hr = m_pConsole->GetMainWindow (&hParent);
  5478. ASSERT (SUCCEEDED (hr));
  5479. if ( SUCCEEDED (hr) )
  5480. {
  5481. int activeView = m_activeViewPersist;
  5482. BOOL bShowPhysicalStores = m_bShowPhysicalStoresPersist;
  5483. BOOL bShowArchivedCerts = m_bShowArchivedCertsPersist;
  5484. CWnd parentWnd;
  5485. VERIFY (parentWnd.Attach (hParent));
  5486. CViewOptionsDlg optionsDlg (&parentWnd,
  5487. this);
  5489. CThemeContextActivator activator;
  5490. INT_PTR iReturn = optionsDlg.DoModal ();
  5491. ASSERT (-1 != iReturn);
  5492. if ( -1 == iReturn )
  5493. hr = (HRESULT)iReturn;
  5495. if ( IDOK == iReturn )
  5496. {
  5497. long hint = 0;
  5499. if ( activeView != m_activeViewPersist )
  5500. {
  5501. hint |= HINT_CHANGE_VIEW_TYPE;
  5502. if ( IDM_USAGE_VIEW == m_activeViewPersist )
  5503. {
  5504. // view by usage
  5505. ASSERT (m_pHeader);
  5506. if ( m_pHeader && GetObjectType (pDataObject) == CERTMGR_SNAPIN )
  5507. {
  5508. CString str;
  5509. VERIFY (str.LoadString (IDS_COLUMN_PURPOSE) );
  5510. hr = m_pHeader->SetColumnText (0,
  5511. const_cast<PWSTR> ( (PCWSTR) str));
  5512. }
  5513. }
  5514. else
  5515. {
  5516. // View by stores
  5517. ASSERT (m_pHeader);
  5518. if ( m_pHeader && GetObjectType (pDataObject) == CERTMGR_SNAPIN )
  5519. {
  5520. CString str;
  5521. VERIFY (str.LoadString (IDS_COLUMN_LOG_CERTIFICATE_STORE));
  5522. hr = m_pHeader->SetColumnText (0,
  5523. const_cast<PWSTR> ( (PCWSTR) str));
  5524. }
  5525. }
  5526. }
  5528. if ( bShowPhysicalStores != m_bShowPhysicalStoresPersist )
  5529. hint |= HINT_CHANGE_STORE_TYPE;
  5531. if ( bShowArchivedCerts != m_bShowArchivedCertsPersist )
  5532. hint |= HINT_SHOW_ARCHIVE_CERTS;
  5534. if ( hint )
  5535. {
  5536. hr = m_pConsole->UpdateAllViews (pDataObject, 0, hint);
  5537. ASSERT (SUCCEEDED (hr));
  5538. m_fDirty = TRUE;
  5539. }
  5540. }
  5541. parentWnd.Detach ();
  5542. }
  5544. _TRACE (-1, L"LeavingLeaving CCertMgrComponentData::OnOptions: 0x%x\n", hr);
  5545. return hr;
  5546. }
  5548. bool CCertMgrComponentData::ShowArchivedCerts() const
  5549. {
  5550. _TRACE (0, L"Entering and leaving CCertMgrComponentData::ShowArchivedCerts\n");
  5551. if ( m_bShowArchivedCertsPersist )
  5552. return true;
  5553. else
  5554. return false;
  5555. }
  5558. HRESULT CCertMgrComponentData::OnPropertyChange (LPARAM param)
  5559. {
  5560. _TRACE (1, L"Entering CCertMgrComponentData::OnPropertyChange\n");
  5561. ASSERT (param);
  5562. if ( !param )
  5563. return E_FAIL;
  5565. HRESULT hr = S_OK;
  5566. LPDATAOBJECT pDataObject = reinterpret_cast<LPDATAOBJECT>(param);
  5567. bool bHandled = false;
  5569. CCertMgrCookie* pCookie = ConvertCookie (pDataObject);
  5570. if ( pCookie )
  5571. {
  5572. switch (pCookie->m_objecttype)
  5573. {
  5574. case CERTMGR_SAFER_COMPUTER_ENTRY:
  5575. case CERTMGR_SAFER_USER_ENTRY:
  5576. {
  5577. HRESULTITEM itemID = 0;
  5579. if ( m_pResultData )
  5580. {
  5581. pCookie->Refresh ();
  5582. hr = m_pResultData->FindItemByLParam ( (LPARAM) pCookie, &itemID);
  5583. if ( SUCCEEDED (hr) )
  5584. {
  5585. hr = m_pResultData->UpdateItem (itemID);
  5586. if ( FAILED (hr) )
  5587. {
  5588. _TRACE (0, L"IResultData::UpdateItem () failed: 0x%x\n", hr);
  5589. }
  5590. }
  5591. else
  5592. {
  5593. _TRACE (0, L"IResultData::FindItemByLParam () failed: 0x%x\n", hr);
  5594. }
  5595. }
  5596. else
  5597. {
  5598. _TRACE (0, L"Unexpected error: m_pResultData was NULL\n");
  5599. hr = E_FAIL;
  5600. }
  5601. bHandled = true;
  5602. }
  5603. break;
  5605. case CERTMGR_SAFER_COMPUTER_LEVEL:
  5606. case CERTMGR_SAFER_USER_LEVEL:
  5607. if ( m_pConsole )
  5608. hr = m_pConsole->UpdateAllViews (pDataObject, 0, 0);
  5609. break;
  5611. default:
  5612. break;
  5613. }
  5614. }
  5616. if ( !bHandled && m_pCryptUIMMCCallbackStruct )
  5617. {
  5619. if ( pDataObject == reinterpret_cast<LPDATAOBJECT>(m_pCryptUIMMCCallbackStruct->param) )
  5620. {
  5621. ::MMCFreeNotifyHandle (m_pCryptUIMMCCallbackStruct->lNotifyHandle);
  5622. pCookie = ConvertCookie (pDataObject);
  5623. if ( pCookie )
  5624. {
  5625. ASSERT (CERTMGR_CERTIFICATE == pCookie->m_objecttype);
  5626. if ( CERTMGR_CERTIFICATE == pCookie->m_objecttype )
  5627. {
  5628. CCertificate* pCert = reinterpret_cast<CCertificate*>(pCookie);
  5629. ASSERT (pCert);
  5630. if ( pCert && pCert->GetCertStore () )
  5631. {
  5632. pCert->GetCertStore ()->SetDirty ();
  5633. pCert->GetCertStore ()->Commit ();
  5634. pCert->GetCertStore ()->Close ();
  5635. }
  5636. }
  5637. }
  5639. pDataObject->Release ();
  5640. ::GlobalFree (m_pCryptUIMMCCallbackStruct);
  5641. m_pCryptUIMMCCallbackStruct = 0;
  5642. m_pConsole->UpdateAllViews (pDataObject, 0, 0);
  5643. }
  5644. }
  5647. _TRACE (-1, L"LeavingLeaving CCertMgrComponentData::OnPropertyChange: 0x%x\n", hr);
  5648. return hr;
  5649. }
  5651. HRESULT CCertMgrComponentData::OnDeleteEFSPolicy(LPDATAOBJECT pDataObject, bool bCommitChanges)
  5652. {
  5653. _TRACE (1, L"Entering CCertMgrComponentData::OnDeleteEFSPolicy\n");
  5654. AFX_MANAGE_STATE (AfxGetStaticModuleState ());
  5655. ASSERT (pDataObject);
  5656. if ( !pDataObject )
  5657. return E_POINTER;
  5659. HRESULT hr = S_OK;
  5660. CCertMgrCookie* pCookie = ConvertCookie (pDataObject);
  5661. ASSERT (pCookie);
  5662. if ( pCookie )
  5663. {
  5664. CCertStoreGPE* pStore = reinterpret_cast <CCertStoreGPE*> (pCookie);
  5665. ASSERT (pStore && EFS_STORE == pStore->GetStoreType () && !pStore->IsNullEFSPolicy () );
  5666. if ( pStore && EFS_STORE == pStore->GetStoreType () && !pStore->IsNullEFSPolicy () )
  5667. {
  5668. pStore->DeleteEFSPolicy (bCommitChanges);
  5669. hr = m_pConsole->UpdateAllViews (pDataObject, 0, HINT_EFS_ADD_DEL_POLICY);
  5670. }
  5671. }
  5673. _TRACE (-1, L"LeavingLeaving CCertMgrComponentData::OnDeleteEFSPolicy: 0x%x\n", hr);
  5674. return hr;
  5675. }
  5677. HRESULT CCertMgrComponentData::OnInitEFSPolicy(LPDATAOBJECT pDataObject)
  5678. {
  5679. _TRACE (1, L"Entering CCertMgrComponentData::OnInitEFSPolicy\n");
  5680. AFX_MANAGE_STATE (AfxGetStaticModuleState ());
  5681. ASSERT (pDataObject);
  5682. if ( !pDataObject )
  5683. return E_POINTER;
  5685. HRESULT hr = S_OK;
  5686. CCertMgrCookie* pCookie = ConvertCookie (pDataObject);
  5687. ASSERT (pCookie);
  5688. if ( pCookie )
  5689. {
  5690. CCertStoreGPE* pStore = reinterpret_cast <CCertStoreGPE*> (pCookie);
  5691. ASSERT (pStore && EFS_STORE == pStore->GetStoreType () && pStore->IsNullEFSPolicy () );
  5692. if ( pStore && EFS_STORE == pStore->GetStoreType () && pStore->IsNullEFSPolicy () )
  5693. {
  5694. pStore->SetDirty ();
  5695. pStore->AllowEmptyEFSPolicy ();
  5696. pStore->PolicyChanged ();
  5697. pStore->Commit ();
  5698. hr = m_pConsole->UpdateAllViews (pDataObject, 0, HINT_EFS_ADD_DEL_POLICY);
  5699. }
  5700. }
  5702. _TRACE (-1, L"LeavingLeaving CCertMgrComponentData::OnInitEFSPolicy: 0x%x\n", hr);
  5703. return hr;
  5704. }
  5706. ///////////////////////////////////////////////////////////////////////////////
  5707. //
  5708. // CCertMgrComponentData::RemoveResultCookies
  5709. //
  5710. // Remove and delete all the result cookies corresponding to the LPRESULTDATA
  5711. // object passed in. Thus all cookies added to pResultData are released and
  5712. // removed from the master list.
  5713. //
  5714. ///////////////////////////////////////////////////////////////////////////////
  5715. void CCertMgrComponentData::RemoveResultCookies(LPRESULTDATA pResultData)
  5716. {
  5717. _TRACE (1, L"Entering CCertMgrComponentData::RemoveResultCookies\n");
  5718. CCertMgrCookie* pCookie = 0;
  5720. CCookie& rootCookie = QueryBaseRootCookie ();
  5722. POSITION curPos = 0;
  5724. for (POSITION nextPos = rootCookie.m_listResultCookieBlocks.GetHeadPosition (); nextPos; )
  5725. {
  5726. curPos = nextPos;
  5727. pCookie = reinterpret_cast <CCertMgrCookie*> (rootCookie.m_listResultCookieBlocks.GetNext (nextPos));
  5728. ASSERT (pCookie);
  5729. if ( pCookie )
  5730. {
  5731. if ( pCookie->m_resultDataID == pResultData )
  5732. {
  5733. pCookie->Release ();
  5734. rootCookie.m_listResultCookieBlocks.RemoveAt (curPos);
  5735. }
  5736. }
  5737. }
  5738. _TRACE (-1, L"Leaving CCertMgrComponentData::RemoveResultCookies\n");
  5739. }
  5742. HRESULT CCertMgrComponentData::AddCertChainToPolicy(PCCERT_CONTEXT pCertContext)
  5743. {
  5744. _TRACE (1, L"Entering CCertMgrComponentData::AddCertChainToPolicy\n");
  5745. HRESULT hr = S_OK;
  5746. ASSERT (pCertContext);
  5747. if ( !pCertContext )
  5748. return E_POINTER;
  5750. CERT_CHAIN_PARA certChainPara;
  5751. ::ZeroMemory (&certChainPara, sizeof (CERT_CHAIN_PARA));
  5752. certChainPara.cbSize = sizeof (CERT_CHAIN_PARA);
  5753. certChainPara.RequestedUsage.Usage.cUsageIdentifier = 1;
  5754. certChainPara.RequestedUsage.Usage.rgpszUsageIdentifier = new LPSTR[1];
  5755. if ( !certChainPara.RequestedUsage.Usage.rgpszUsageIdentifier )
  5756. return E_OUTOFMEMORY;
  5757. certChainPara.RequestedUsage.Usage.rgpszUsageIdentifier[0] = szOID_EFS_RECOVERY;
  5759. PCCERT_CHAIN_CONTEXT pChainContext = 0;
  5760. BOOL bValidated = ::CertGetCertificateChain (
  5761. HCCE_LOCAL_MACHINE, // HCERTCHAINENGINE hChainEngine,
  5762. pCertContext,
  5763. 0, // LPFILETIME pTime,
  5764. 0, // HCERTSTORE hAdditionalStore,
  5765. &certChainPara,
  5766. 0, // dwFlags,
  5767. 0, // pvReserved,
  5768. &pChainContext);
  5769. if ( bValidated )
  5770. {
  5771. // NTRAID# 310388 CRYPTUI: Chain validation failing for self-signed certificates
  5772. // Check to see if cert is self-signed
  5773. PCERT_SIMPLE_CHAIN pChain = pChainContext->rgpChain[pChainContext->cChain - 1];
  5774. if ( pChain )
  5775. {
  5776. PCERT_CHAIN_ELEMENT pElement = pChain->rgpElement[pChain->cElement - 1];
  5777. if ( pElement )
  5778. {
  5779. BOOL bSelfSigned = pElement->TrustStatus.dwInfoStatus & CERT_TRUST_IS_SELF_SIGNED;
  5781. DWORD dwErrorStatus = pChainContext->TrustStatus.dwErrorStatus;
  5783. bValidated = ((0 == dwErrorStatus) ||
  5784. (dwErrorStatus == CERT_TRUST_IS_UNTRUSTED_ROOT) && bSelfSigned);
  5785. if ( bValidated )
  5786. {
  5787. // NTRAID# 301213 EFS Recovery Agent Import:
  5788. // Should not import the whole chain by default
  5789. /*
  5791. CString objectName;
  5792. CCertStoreGPE CAStore (
  5793. CERT_SYSTEM_STORE_RELOCATE_FLAG,
  5794. _T (""),
  5795. _T (""),
  5796. CA_SYSTEM_STORE_NAME,
  5797. _T (""),
  5798. m_pGPEInformation,
  5799. NODEID_Machine,
  5800. m_pConsole);
  5801. CCertStoreGPE* pRootStore = dynamic_cast <CCertStoreGPE*> (m_pGPERootStore);
  5802. if ( !pRootStore )
  5803. {
  5804. VERIFY (objectName.LoadString (IDS_DOMAIN_ROOT_CERT_AUTHS_NODE_NAME));
  5805. pRootStore = new CCertStoreGPE (CERT_SYSTEM_STORE_RELOCATE_FLAG,
  5806. _T (""),
  5807. (PCWSTR) objectName,
  5808. ROOT_SYSTEM_STORE_NAME,
  5809. _T (""),
  5810. m_pGPEInformation,
  5811. NODEID_Machine,
  5812. m_pConsole);
  5813. if ( !pRootStore )
  5814. {
  5815. hr = E_OUTOFMEMORY;
  5816. }
  5817. }
  5819. CCertStoreGPE* pTrustStore = dynamic_cast<CCertStoreGPE*> (m_pGPETrustStore);
  5820. if ( !pTrustStore )
  5821. {
  5822. VERIFY (objectName.LoadString (IDS_CERTIFICATE_TRUST_LISTS));
  5823. pTrustStore = new CCertStoreGPE (CERT_SYSTEM_STORE_RELOCATE_FLAG,
  5824. _T (""),
  5825. (PCWSTR) objectName,
  5826. TRUST_SYSTEM_STORE_NAME,
  5827. _T (""),
  5828. m_pGPEInformation,
  5829. NODEID_Machine,
  5830. m_pConsole);
  5831. if ( !pTrustStore )
  5832. {
  5833. hr = E_OUTOFMEMORY;
  5834. }
  5835. }
  5837. //
  5838. // Copy all certs from all simple chains to the CA store, except the
  5839. // last cert on the last chain: copy that to the root store.
  5840. // If any CTLs are found, copy those to the trust store.
  5841. //
  5842. for (DWORD dwIndex = 0; dwIndex < pChainContext->cChain; dwIndex++)
  5843. {
  5844. DWORD i = 0;
  5845. if ( pChainContext->rgpChain[dwIndex]->pTrustListInfo )
  5846. {
  5847. // Add to Trust Store
  5848. if ( pChainContext->rgpChain[dwIndex]->pTrustListInfo->pCtlContext )
  5849. {
  5850. pTrustStore->AddCTLContext(
  5851. pChainContext->rgpChain[dwIndex]->pTrustListInfo->pCtlContext);
  5852. }
  5853. }
  5854. while (i < pChainContext->rgpChain[dwIndex]->cElement)
  5855. {
  5856. //
  5857. // If we are on the root cert, then add to the root store,
  5858. // otherwise, add to the CA store
  5859. //
  5860. // The last element is the self-signed cert if
  5861. // CERT_TRUST_NO_ERROR was returned
  5862. if ( (dwIndex == pChainContext->cChain - 1) &&
  5863. (i == pChainContext->rgpChain[dwIndex]->cElement - 1) )
  5864. {
  5865. pRootStore->AddCertificateContext(
  5866. pChainContext->rgpChain[dwIndex]->rgpElement[i]->pCertContext,
  5867. 0, false);
  5868. }
  5869. else
  5870. {
  5871. CAStore.AddCertificateContext(
  5872. pChainContext->rgpChain[dwIndex]->rgpElement[i]->pCertContext,
  5873. 0, false);
  5874. }
  5876. i++;
  5877. }
  5878. }
  5880. pRootStore->Commit ();
  5881. pTrustStore->Commit ();
  5882. CAStore.Commit ();
  5884. pRootStore->Commit ();
  5885. pTrustStore->Commit ();
  5886. CAStore.Commit ();
  5887. ::CertFreeCertificateChain(pCertChainContext);
  5888. pCertChainContext = 0;
  5890. if ( pRootStore && !m_pGPERootStore )
  5891. pRootStore->Release ();
  5892. if ( pTrustStore && !m_pGPETrustStore )
  5893. pTrustStore->Release ();
  5894. */
  5895. ::CertFreeCertificateChain(pChainContext);
  5896. pChainContext = 0;
  5897. }
  5898. }
  5899. else
  5900. bValidated = FALSE;
  5901. }
  5902. else
  5903. bValidated = FALSE;
  5904. }
  5905. else
  5906. bValidated = FALSE;
  5908. if ( pChainContext )
  5909. ::CertFreeCertificateChain(pChainContext);
  5911. if ( !bValidated )
  5912. {
  5913. int iRetVal = 0;
  5914. CString text;
  5915. CString caption;
  5917. VERIFY (text.LoadString (IDS_CERT_COULD_NOT_BE_VALIDATED));
  5918. VERIFY (caption.LoadString (IDS_CERTIFICATE_MANAGER));
  5920. hr = m_pConsole->MessageBox (text, caption,
  5921. MB_OK, &iRetVal);
  5922. }
  5924. delete [] certChainPara.RequestedUsage.Usage.rgpszUsageIdentifier;
  5926. _TRACE (-1, L"LeavingLeaving CCertMgrComponentData::AddCertChainToPolicy: 0x%x\n", hr);
  5927. return hr;
  5928. }
  5931. STDMETHODIMP CCertMgrComponentData::GetLinkedTopics(LPOLESTR* lpCompiledHelpFiles)
  5932. {
  5933. HRESULT hr = S_OK;
  5936. if ( lpCompiledHelpFiles )
  5937. {
  5938. CString strLinkedTopic;
  5940. UINT nLen = ::GetSystemWindowsDirectory (strLinkedTopic.GetBufferSetLength(2 * MAX_PATH), 2 * MAX_PATH);
  5941. strLinkedTopic.ReleaseBuffer();
  5942. if ( nLen )
  5943. {
  5944. strLinkedTopic += L"\\help\\";
  5945. strLinkedTopic += m_strLinkedHelpFile;
  5947. *lpCompiledHelpFiles = reinterpret_cast<LPOLESTR>
  5948. (CoTaskMemAlloc((strLinkedTopic.GetLength() + 1)* sizeof(wchar_t)));
  5950. if ( *lpCompiledHelpFiles )
  5951. {
  5952. wcscpy(*lpCompiledHelpFiles, (PWSTR)(PCWSTR)strLinkedTopic);
  5953. }
  5954. else
  5955. hr = E_OUTOFMEMORY;
  5956. }
  5957. else
  5958. hr = E_FAIL;
  5959. }
  5960. else
  5961. return E_POINTER;
  5964. return hr;
  5965. }
  5967. STDMETHODIMP CCertMgrComponentData::GetHelpTopic(LPOLESTR* lpCompiledHelpFile)
  5968. {
  5969. return CComponentData::GetHelpTopic (lpCompiledHelpFile);
  5970. }