archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
0 Tags
2.0 GiB
Tree: daad8a087a
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'daad8a087a'
${ noResults }
windows-xp/Source/XPSP1/NT/inetsrv/iis/iisrearc/iisplus/ulw3/certmapprovider.cxx

281 lines
5.6 KiB
Raw Normal View History

Add source files
4 years ago
  1. /*++
  2. Copyright (c) 1999 Microsoft Corporation
  4. Module Name :
  5. certmapprovider.cxx
  7. Abstract:
  8. Active Directory Certificate Mapper provider
  10. Author:
  11. Bilal Alam (balam) 10-Jan-2000
  13. Environment:
  14. Win32 - User Mode
  16. Project:
  17. ULW3.DLL
  18. --*/
  20. #include "precomp.hxx"
  21. #include "certmapprovider.hxx"
  23. HRESULT
  24. CERTMAP_AUTH_PROVIDER::DoesApply(
  25. W3_MAIN_CONTEXT * pMainContext,
  26. BOOL * pfApplies
  27. )
  28. /*++
  30. Routine Description:
  32. Does certificate map authentication apply?
  34. Arguments:
  36. pMainContext - Main context
  37. pfApplies - Set to TRUE if cert map auth applies
  39. Return Value:
  41. HRESULT
  43. --*/
  44. {
  45. CERTIFICATE_CONTEXT * pCertificateContext;
  46. URL_CONTEXT * pUrlContext = NULL;
  47. W3_METADATA * pMetaData = NULL;
  48. BOOL fApplies = FALSE;
  50. if ( pMainContext == NULL ||
  51. pfApplies == NULL )
  52. {
  53. DBG_ASSERT( FALSE );
  54. return HRESULT_FROM_WIN32( ERROR_INVALID_PARAMETER );
  55. }
  57. //
  58. // If cert mapping is not allowed for this vroot, then ignore client
  59. // cert token and let other authentication mechanisms do their thing
  60. //
  62. pUrlContext = pMainContext->QueryUrlContext();
  63. DBG_ASSERT( pUrlContext != NULL );
  65. pMetaData = pUrlContext->QueryMetaData();
  66. DBG_ASSERT( pMetaData != NULL );
  68. DBG_ASSERT( pMainContext->QuerySite() );
  70. if ( !pMainContext->QuerySite()->QueryUseDSMapper() )
  71. {
  72. fApplies = FALSE;
  73. }
  74. else if ( pMetaData->QuerySslAccessPerms() & VROOT_MASK_MAP_CERT )
  75. {
  76. pCertificateContext = pMainContext->QueryCertificateContext();
  77. if ( pCertificateContext != NULL )
  78. {
  79. if ( pCertificateContext->QueryImpersonationToken() != NULL )
  80. {
  81. fApplies = TRUE;
  82. }
  83. }
  84. }
  86. *pfApplies = fApplies;
  88. return NO_ERROR;
  89. }
  91. HRESULT
  92. CERTMAP_AUTH_PROVIDER::DoAuthenticate(
  93. W3_MAIN_CONTEXT * pMainContext
  94. )
  95. /*++
  97. Routine Description:
  99. Create a user context representing a cert mapped token
  101. Arguments:
  103. pMainContext - Main context
  105. Return Value:
  107. HRESULT
  109. --*/
  110. {
  111. CERTMAP_USER_CONTEXT * pUserContext = NULL;
  112. CERTIFICATE_CONTEXT * pCertificateContext = NULL;
  113. HANDLE hImpersonation;
  114. BOOL fDelegatable = FALSE;
  115. HRESULT hr = NO_ERROR;
  117. if ( pMainContext == NULL )
  118. {
  119. DBG_ASSERT( FALSE );
  120. return HRESULT_FROM_WIN32( ERROR_INVALID_PARAMETER );
  121. }
  123. pCertificateContext = pMainContext->QueryCertificateContext();
  124. DBG_ASSERT( pCertificateContext != NULL );
  126. hImpersonation = pCertificateContext->QueryImpersonationToken();
  127. DBG_ASSERT( hImpersonation != NULL );
  129. //
  130. // Create the user context for this request
  131. //
  133. pUserContext = new CERTMAP_USER_CONTEXT( this );
  134. if ( pUserContext == NULL )
  135. {
  136. return HRESULT_FROM_WIN32( GetLastError() );
  137. }
  139. //
  140. // Is this a delegatable token? Put another way is this token mapped
  141. // using an IIS cert mapper (IIS cert mapper creates delegatable token,
  142. // the DS mapper does not)
  143. //
  145. fDelegatable = FALSE;
  147. hr = pUserContext->Create( hImpersonation, fDelegatable );
  148. if ( FAILED( hr ) )
  149. {
  150. pUserContext->DereferenceUserContext();
  151. pUserContext = NULL;
  152. return hr;
  153. }
  155. pMainContext->SetUserContext( pUserContext );
  157. return NO_ERROR;
  158. }
  160. HRESULT
  161. CERTMAP_AUTH_PROVIDER::OnAccessDenied(
  162. W3_MAIN_CONTEXT * pMainContext
  163. )
  164. /*++
  166. Routine Description:
  168. NOP since we have nothing to do on access denied
  170. Arguments:
  172. pMainContext - Main context
  174. Return Value:
  176. HRESULT
  178. --*/
  179. {
  180. //
  181. // No headers to add
  182. //
  184. return NO_ERROR;
  185. }
  187. HRESULT
  188. CERTMAP_USER_CONTEXT::Create(
  189. HANDLE hImpersonation,
  190. BOOL fDelegatable
  191. )
  192. /*++
  194. Routine Description:
  196. Create a certificate mapped user context
  198. Arguments:
  200. hImpersonation - Impersonation token
  201. fDelegatable - Is this token delegatable?
  203. Return Value:
  205. HRESULT
  207. --*/
  208. {
  209. DWORD cchUserName = sizeof( _achUserName ) / sizeof( WCHAR );
  211. if ( hImpersonation == NULL )
  212. {
  213. DBG_ASSERT( FALSE );
  214. return HRESULT_FROM_WIN32( ERROR_INVALID_PARAMETER );
  215. }
  217. //
  218. // First the easy stuff
  219. //
  221. _fDelegatable = fDelegatable;
  223. _hImpersonationToken = hImpersonation;
  225. //
  226. // Now get the user name
  227. //
  229. if ( !SetThreadToken( NULL, _hImpersonationToken ) )
  230. {
  231. return HRESULT_FROM_WIN32( GetLastError() );
  232. }
  234. if ( !GetUserNameEx( NameSamCompatible,
  235. _achUserName,
  236. &cchUserName ) )
  237. {
  238. RevertToSelf();
  239. return HRESULT_FROM_WIN32( GetLastError() );
  240. }
  242. RevertToSelf();
  244. return NO_ERROR;
  245. }
  247. HANDLE
  248. CERTMAP_USER_CONTEXT::QueryPrimaryToken(
  249. VOID
  250. )
  251. /*++
  253. Routine Description:
  255. Get a primary token
  257. Arguments:
  259. None
  261. Return Value:
  263. HANDLE
  265. --*/
  266. {
  267. if ( _hPrimaryToken == NULL )
  268. {
  269. if ( DuplicateTokenEx( _hImpersonationToken,
  270. TOKEN_ALL_ACCESS,
  271. NULL,
  272. SecurityImpersonation,
  273. TokenPrimary,
  274. &_hPrimaryToken ) )
  275. {
  276. DBG_ASSERT( _hPrimaryToken != NULL );
  277. }
  278. }
  280. return _hPrimaryToken;
  281. }