archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
0 Tags
2.0 GiB
Tree: daad8a087a
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'daad8a087a'
${ noResults }
windows-xp/Source/XPSP1/NT/inetsrv/iis/ui/admin/w3scfg/security.cpp

816 lines
15 KiB
Raw Normal View History

Add source files
4 years ago
  1. /*++
  3. Copyright (c) 1994-1998 Microsoft Corporation
  5. Module Name :
  7. security.cpp
  9. Abstract:
  11. WWW Security Property Page
  13. Author:
  15. Ronald Meijer (ronaldm)
  17. Project:
  19. Internet Services Manager
  21. Revision History:
  23. --*/
  25. //
  26. // Include Files
  27. //
  28. #include "stdafx.h"
  29. #include "wincrypt.h"
  31. #include "w3scfg.h"
  32. #include "security.h"
  33. #include "authent.h"
  34. #include "seccom.h"
  35. #include "ipdomdlg.h"
  37. #include "cryptui.h"
  39. #ifdef _DEBUG
  40. #define new DEBUG_NEW
  41. #undef THIS_FILE
  42. static char THIS_FILE[] = __FILE__;
  43. #endif
  45. //
  46. // CW3SecurityPage property page
  47. //
  48. IMPLEMENT_DYNCREATE(CW3SecurityPage, CInetPropertyPage)
  52. CW3SecurityPage::CW3SecurityPage(
  53. IN CInetPropertySheet * pSheet,
  54. IN BOOL fHome,
  55. IN DWORD dwAttributes
  56. )
  57. /*++
  59. Routine Description:
  61. Constructor
  63. Arguments:
  65. CInetPropertySheet * pSheet : Sheet object
  66. BOOL fHome : TRUE if this is a home directory
  67. DWORD dwAttributes : Attributes
  69. Return Value:
  71. N/A
  73. --*/
  74. : CInetPropertyPage(CW3SecurityPage::IDD, pSheet,
  75. IS_FILE(dwAttributes)
  76. ? IDS_TAB_FILE_SECURITY
  77. : IDS_TAB_DIR_SECURITY
  78. ),
  79. m_oblAccessList(),
  80. m_fU2Installed(FALSE),
  81. m_fIpDirty(FALSE),
  82. m_fHome(fHome),
  83. //
  84. // By default, we grant access
  85. //
  86. m_fOldDefaultGranted(TRUE),
  87. m_fDefaultGranted(TRUE)
  88. {
  90. #if 0 // Keep class wizard happy
  92. //{{AFX_DATA_INIT(CW3SecurityPage)
  93. m_fUseNTMapper = FALSE;
  94. //}}AFX_DATA_INIT
  96. #endif // 0
  98. }
  101. CW3SecurityPage::~CW3SecurityPage()
  102. /*++
  104. Routine Description:
  106. Destructor
  108. Arguments:
  110. N/A
  112. Return Value:
  114. N/A
  116. --*/
  117. {
  118. }
  122. void
  123. CW3SecurityPage::DoDataExchange(
  124. IN CDataExchange * pDX
  125. )
  126. /*++
  128. Routine Description:
  130. Initialise/Store control data
  132. Arguments:
  134. CDataExchange * pDX - DDX/DDV control structure
  136. Return Value:
  138. None
  140. --*/
  141. {
  142. CInetPropertyPage::DoDataExchange(pDX);
  144. //{{AFX_DATA_MAP(CW3SecurityPage)
  145. DDX_Check(pDX, IDC_CHECK_ENABLE_DS, m_fUseNTMapper);
  146. DDX_Control(pDX, IDC_ICON_SECURE, m_icon_Secure);
  147. DDX_Control(pDX, IDC_STATIC_SSL_PROMPT, m_static_SSLPrompt);
  148. DDX_Control(pDX, IDC_CHECK_ENABLE_DS, m_check_EnableDS);
  149. DDX_Control(pDX, IDC_BUTTON_GET_CERTIFICATES, m_button_GetCertificates);
  150. DDX_Control(pDX, IDC_VIEW_CERTIFICATE, m_button_ViewCertificates);
  151. DDX_Control(pDX, IDC_BUTTON_COMMUNICATIONS, m_button_Communications);
  152. //}}AFX_DATA_MAP
  153. }
  157. //
  158. // Message Map
  159. //
  160. BEGIN_MESSAGE_MAP(CW3SecurityPage, CInetPropertyPage)
  161. //{{AFX_MSG_MAP(CW3SecurityPage)
  162. ON_BN_CLICKED(IDC_BUTTON_AUTHENTICATION, OnButtonAuthentication)
  163. ON_BN_CLICKED(IDC_BUTTON_COMMUNICATIONS, OnButtonCommunications)
  164. ON_BN_CLICKED(IDC_BUTTON_IP_SECURITY, OnButtonIpSecurity)
  165. ON_BN_CLICKED(IDC_BUTTON_GET_CERTIFICATES, OnButtonGetCertificates)
  166. ON_BN_CLICKED(IDC_VIEW_CERTIFICATE, OnButtonViewCertificates)
  167. //}}AFX_MSG_MAP
  169. ON_BN_CLICKED(IDC_CHECK_ENABLE_DS, OnItemChanged)
  171. END_MESSAGE_MAP()
  175. /* virtual */
  176. HRESULT
  177. CW3SecurityPage::FetchLoadedValues()
  178. /*++
  180. Routine Description:
  182. Move configuration data from sheet to dialog controls
  184. Arguments:
  186. None
  188. Return Value:
  190. HRESULT
  192. --*/
  193. {
  194. CError err;
  196. BEGIN_META_DIR_READ(CW3Sheet)
  197. FETCH_DIR_DATA_FROM_SHEET(m_dwAuthFlags);
  198. FETCH_DIR_DATA_FROM_SHEET(m_dwSSLAccessPermissions);
  199. FETCH_DIR_DATA_FROM_SHEET(m_strBasicDomain);
  200. FETCH_DIR_DATA_FROM_SHEET(m_strAnonUserName);
  201. FETCH_DIR_DATA_FROM_SHEET(m_strAnonPassword);
  202. FETCH_DIR_DATA_FROM_SHEET(m_fPasswordSync);
  203. FETCH_DIR_DATA_FROM_SHEET(m_fU2Installed);
  204. FETCH_DIR_DATA_FROM_SHEET(m_fUseNTMapper);
  205. END_META_DIR_READ(err)
  207. //
  208. // First we need to read in the hash and the name of the store. If either
  209. // is not there then there is no certificate.
  210. //
  211. BEGIN_META_INST_READ(CW3Sheet)
  212. FETCH_INST_DATA_FROM_SHEET(m_strCertStoreName);
  213. FETCH_INST_DATA_FROM_SHEET(m_strCTLIdentifier);
  214. FETCH_INST_DATA_FROM_SHEET(m_strCTLStoreName);
  215. END_META_INST_READ(err)
  217. //
  218. // Build the IPL list
  219. //
  220. err = BuildIplOblistFromBlob(
  221. GetIPL(),
  222. m_oblAccessList,
  223. m_fDefaultGranted
  224. );
  226. m_fOldDefaultGranted = m_fDefaultGranted;
  229. return err;
  230. }
  234. /* virtual */
  235. HRESULT
  236. CW3SecurityPage::SaveInfo()
  237. /*++
  239. Routine Description:
  241. Save the information on this property page
  243. Arguments:
  245. None
  247. Return Value:
  249. Error return code
  251. --*/
  252. {
  253. ASSERT(IsDirty());
  255. TRACEEOLID("Saving W3 security page now...");
  257. CError err;
  259. //
  260. // Check to see if the ip access list needs saving.
  261. //
  262. BOOL fIplDirty = m_fIpDirty || (m_fOldDefaultGranted != m_fDefaultGranted);
  264. //
  265. // Use m_ notation because the message crackers require it
  266. //
  267. CBlob m_ipl;
  269. if (fIplDirty)
  270. {
  271. BuildIplBlob(m_oblAccessList, m_fDefaultGranted, m_ipl);
  272. }
  274. BeginWaitCursor();
  276. BEGIN_META_DIR_WRITE(CW3Sheet)
  277. STORE_DIR_DATA_ON_SHEET(m_dwSSLAccessPermissions)
  278. STORE_DIR_DATA_ON_SHEET(m_dwAuthFlags)
  279. STORE_DIR_DATA_ON_SHEET(m_strBasicDomain)
  281. if (fIplDirty)
  282. {
  283. STORE_DIR_DATA_ON_SHEET(m_ipl)
  284. }
  285. STORE_DIR_DATA_ON_SHEET(m_strAnonUserName)
  286. STORE_DIR_DATA_ON_SHEET(m_fPasswordSync)
  287. STORE_DIR_DATA_ON_SHEET(m_fUseNTMapper)
  288. if (m_fPasswordSync)
  289. {
  290. //
  291. // Delete password
  292. //
  293. // CODEWORK: Shouldn't need to know ID number.
  294. // Implement m_fDelete flag in CMP template maybe?
  295. //
  296. FLAG_DIR_DATA_FOR_DELETION(MD_ANONYMOUS_PWD);
  297. }
  298. else
  299. {
  300. STORE_DIR_DATA_ON_SHEET(m_strAnonPassword);
  301. }
  302. END_META_DIR_WRITE(err)
  304. if (err.Succeeded())
  305. {
  306. BEGIN_META_INST_WRITE(CW3Sheet)
  307. if ( m_strCTLIdentifier.IsEmpty() )
  308. {
  309. FLAG_INST_DATA_FOR_DELETION( MD_SSL_CTL_IDENTIFIER )
  310. }
  311. else
  312. {
  313. STORE_INST_DATA_ON_SHEET(m_strCTLIdentifier)
  314. }
  316. if ( m_strCTLStoreName.IsEmpty() )
  317. {
  318. FLAG_INST_DATA_FOR_DELETION( MD_SSL_CTL_STORE_NAME )
  319. }
  320. else
  321. {
  322. STORE_INST_DATA_ON_SHEET(m_strCTLStoreName)
  323. }
  324. END_META_INST_WRITE(err)
  325. }
  327. EndWaitCursor();
  329. if (err.Succeeded())
  330. {
  331. m_fIpDirty = FALSE;
  332. m_fOldDefaultGranted = m_fDefaultGranted;
  333. }
  335. return err;
  336. }
  340. BOOL
  341. CW3SecurityPage::FetchSSLState()
  342. /*++
  344. Routine Description:
  346. Obtain the state of the dialog depending on whether certificates
  347. are installed or not.
  349. Arguments:
  351. None
  353. Return Value:
  355. TRUE if certificates are installed, FALSE otherwise
  357. --*/
  358. {
  359. BeginWaitCursor();
  360. m_fCertInstalled = ::IsCertInstalledOnServer(
  361. GetServerName(),
  362. QueryInstance()
  363. );
  364. EndWaitCursor();
  366. return m_fCertInstalled;
  367. }
  371. void
  372. CW3SecurityPage::SetSSLControlState()
  373. /*++
  375. Routine Description:
  377. Enable/disable supported controls depending on what's installed.
  378. Only available on non-master instance nodes.
  380. Arguments:
  382. None
  384. Return Value:
  386. None
  388. --*/
  389. {
  390. m_static_SSLPrompt.EnableWindow(!IsMasterInstance());
  391. m_button_GetCertificates.EnableWindow(
  392. !IsMasterInstance()
  393. && m_fHome
  394. && IsLocal()
  395. );
  396. m_button_Communications.EnableWindow(
  397. !IsMasterInstance()
  398. && IsSSLSupported()
  399. && FetchSSLState()
  400. );
  401. m_button_ViewCertificates.EnableWindow(m_fCertInstalled);
  402. }
  406. //
  407. // Message Handlers
  408. //
  409. // <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
  411. BOOL
  412. CW3SecurityPage::OnSetActive()
  413. /*++
  415. Routine Description:
  417. Page got activated -- set the SSL state depending on whether a
  418. certificate is installed or not.
  420. Arguments:
  422. None
  424. Return Value:
  426. TRUE to activate the page, FALSE otherwise.
  428. --*/
  429. {
  430. //
  431. // Enable/disable ssl controls
  432. //
  433. SetSSLControlState();
  435. return CInetPropertyPage::OnSetActive();
  436. }
  440. BOOL
  441. CW3SecurityPage::OnInitDialog()
  442. /*++
  444. Routine Description:
  446. WM_INITDIALOG handler. Initialize the dialog.
  448. Arguments:
  450. None.
  452. Return Value:
  454. TRUE if no focus is to be set automatically, FALSE if the focus
  455. is already set.
  457. --*/
  458. {
  459. CInetPropertyPage::OnInitDialog();
  461. //
  462. // Initialize certificate authorities ocx
  463. //
  464. CRect rc(0, 0, 0, 0);
  465. m_ocx_CertificateAuthorities.Create(
  466. _T("CertWiz"),
  467. WS_BORDER,
  468. rc,
  469. this,
  470. IDC_APPSCTRL
  471. );
  473. GetDlgItem(IDC_GROUP_IP)->EnableWindow(HasIPAccessCheck());
  474. GetDlgItem(IDC_ICON_IP)->EnableWindow(HasIPAccessCheck());
  475. GetDlgItem(IDC_STATIC_IP)->EnableWindow(HasIPAccessCheck());
  476. GetDlgItem(IDC_BUTTON_IP_SECURITY)->EnableWindow(HasIPAccessCheck());
  477. GetDlgItem(IDC_BUTTON_AUTHENTICATION)->EnableWindow(!m_fU2Installed);
  479. //
  480. // Configure for either master or non-master display.
  481. //
  482. m_check_EnableDS.ShowWindow(IsMasterInstance() ? SW_SHOW : SW_HIDE);
  483. m_check_EnableDS.EnableWindow(
  484. HasAdminAccess()
  485. && IsMasterInstance()
  486. && HasNTCertMapper()
  487. );
  489. #define SHOW_NON_MASTER(x)\
  490. (x).ShowWindow(IsMasterInstance() ? SW_HIDE : SW_SHOW)
  492. SHOW_NON_MASTER(m_static_SSLPrompt);
  493. SHOW_NON_MASTER(m_icon_Secure);
  494. SHOW_NON_MASTER(m_button_GetCertificates);
  495. SHOW_NON_MASTER(m_button_Communications);
  496. SHOW_NON_MASTER(m_button_ViewCertificates);
  498. #undef SHOW_NON_MASTER
  500. return TRUE;
  501. }
  505. void
  506. CW3SecurityPage::OnButtonAuthentication()
  507. /*++
  509. Routine Description:
  511. 'Authentication' button hander
  513. Arguments:
  515. None
  517. Return Value:
  519. None
  521. --*/
  522. {
  523. CAuthenticationDlg dlg(
  524. GetServerName(),
  525. QueryInstance(),
  526. m_strBasicDomain,
  527. m_dwAuthFlags,
  528. m_dwSSLAccessPermissions,
  529. m_strAnonUserName,
  530. m_strAnonPassword,
  531. m_fPasswordSync,
  532. HasAdminAccess(),
  533. HasDigest(),
  534. this
  535. );
  537. DWORD dwOldAccess = m_dwSSLAccessPermissions;
  538. DWORD dwOldAuth = m_dwAuthFlags;
  539. CString strOldDomain = m_strBasicDomain;
  540. CString strOldUserName = m_strAnonUserName;
  541. CString strOldPassword = m_strAnonPassword;
  542. BOOL fOldPasswordSync = m_fPasswordSync;
  544. if (dlg.DoModal() == IDOK)
  545. {
  546. //
  547. // See if anything has changed
  548. //
  549. if (dwOldAccess != m_dwSSLAccessPermissions
  550. || dwOldAuth != m_dwAuthFlags
  551. || m_strBasicDomain != strOldDomain
  552. || m_strAnonUserName != strOldUserName
  553. || m_strAnonPassword != strOldPassword
  554. || m_fPasswordSync != fOldPasswordSync
  555. )
  556. {
  557. //
  558. // Mark as dirty
  559. //
  560. OnItemChanged();
  561. }
  562. }
  563. }
  567. void
  568. CW3SecurityPage::OnButtonCommunications()
  569. /*++
  571. Routine Description:
  573. 'Communications' button handler
  575. Arguments:
  577. None
  579. Return Value:
  581. None
  583. --*/
  584. {
  585. //
  586. // Prep the flag for if we can edit CTLs or not
  587. //
  588. BOOL fEditCTLs = IsMasterInstance() || m_fHome;
  590. //
  591. // Prep the communications dialog
  592. //
  593. CSecCommDlg dlg(
  594. GetServerName(),
  595. QueryInstanceMetaPath(),
  596. m_strBasicDomain,
  597. m_dwAuthFlags,
  598. m_dwSSLAccessPermissions,
  599. IsMasterInstance(),
  600. IsSSLSupported(),
  601. IsSSL128Supported(),
  602. m_fU2Installed,
  603. m_strCTLIdentifier,
  604. m_strCTLStoreName,
  605. fEditCTLs,
  606. IsLocal(),
  607. this
  608. );
  610. DWORD dwOldAccess = m_dwSSLAccessPermissions;
  611. DWORD dwOldAuth = m_dwAuthFlags;
  613. if (dlg.DoModal() == IDOK)
  614. {
  615. //
  616. // See if anything has changed
  617. //
  618. if (dwOldAccess != m_dwSSLAccessPermissions
  619. || dwOldAuth != m_dwAuthFlags
  620. )
  621. {
  622. //
  623. // Mark as dirty
  624. //
  625. OnItemChanged();
  626. }
  628. //
  629. // See if the CTL information has changed
  630. //
  631. if (dlg.m_bCTLDirty)
  632. {
  633. m_strCTLIdentifier = dlg.m_strCTLIdentifier;
  634. m_strCTLStoreName = dlg.m_strCTLStoreName;
  635. OnItemChanged();
  636. }
  637. }
  638. }
  642. void
  643. CW3SecurityPage::OnButtonIpSecurity()
  644. /*++
  646. Routine Description:
  648. 'tcpip' button handler
  650. Arguments:
  652. None
  654. Return Value:
  656. None
  658. --*/
  659. {
  660. CIPDomainDlg dlg(
  661. m_fIpDirty,
  662. m_fDefaultGranted,
  663. m_fOldDefaultGranted,
  664. m_oblAccessList,
  665. this
  666. );
  668. if (dlg.DoModal() == IDOK)
  669. {
  670. //
  671. // Rebuild the list. Temporarily reset ownership, otherwise
  672. // RemoveAll() will destroy the pointers which are shared with the
  673. // new list.
  674. //
  675. BOOL fOwn = m_oblAccessList.SetOwnership(FALSE);
  676. m_oblAccessList.RemoveAll();
  677. m_oblAccessList.AddTail(&dlg.GetAccessList());
  678. m_oblAccessList.SetOwnership(fOwn);
  680. if (m_fIpDirty || m_fOldDefaultGranted != m_fDefaultGranted)
  681. {
  682. OnItemChanged();
  683. }
  684. }
  685. }
  689. void
  690. CW3SecurityPage::OnButtonGetCertificates()
  691. /*++
  693. Routine Description:
  695. "get certicate" button handler
  697. Arguments:
  699. None
  701. Return Value:
  703. None
  705. --*/
  706. {
  707. m_ocx_CertificateAuthorities.SetMachineName(GetServerName());
  708. m_ocx_CertificateAuthorities.SetServerInstance(QueryInstanceMetaPath());
  709. m_ocx_CertificateAuthorities.DoClick();
  711. //
  712. // There may now be a certificate. See if we should enable the edit button.
  713. //
  714. SetSSLControlState();
  715. }
  718. void
  719. CW3SecurityPage::OnButtonViewCertificates()
  720. /*++
  722. Routine Description:
  724. "view certicate" button handler
  726. Arguments:
  728. None
  730. Return Value:
  732. None
  734. --*/
  735. {
  736. HCERTSTORE hStore = NULL;
  737. PCCERT_CONTEXT pCert = NULL;
  738. CMetaKey key(GetServerName(),
  739. METADATA_PERMISSION_READ | METADATA_PERMISSION_WRITE,
  740. METADATA_MASTER_ROOT_HANDLE,
  741. QueryInstanceMetaPath());
  742. if (key.Succeeded())
  743. {
  744. CString store_name;
  745. CBlob hash;
  746. if ( SUCCEEDED(key.QueryValue(MD_SSL_CERT_STORE_NAME, store_name))
  747. && SUCCEEDED(key.QueryValue(MD_SSL_CERT_HASH, hash))
  748. )
  749. {
  750. hStore = CertOpenStore(
  751. CERT_STORE_PROV_SYSTEM,
  752. PKCS_7_ASN_ENCODING | X509_ASN_ENCODING,
  753. NULL,
  754. CERT_SYSTEM_STORE_LOCAL_MACHINE,
  755. store_name
  756. );
  757. if (hStore != NULL)
  758. {
  759. // Now we need to find cert by hash
  760. CRYPT_HASH_BLOB crypt_hash;
  761. crypt_hash.cbData = hash.GetSize();
  762. crypt_hash.pbData = hash.GetData();
  763. pCert = CertFindCertificateInStore(
  764. hStore,
  765. X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
  766. 0, CERT_FIND_HASH, (LPVOID)&crypt_hash, NULL);
  767. }
  768. }
  769. }
  770. if (pCert)
  771. {
  772. BOOL fPropertiesChanged;
  773. CRYPTUI_VIEWCERTIFICATE_STRUCT vcs;
  774. HCERTSTORE hCertStore = ::CertDuplicateStore(hStore);
  775. ::ZeroMemory (&vcs, sizeof (vcs));
  776. vcs.dwSize = sizeof (vcs);
  777. vcs.hwndParent = GetParent()->GetSafeHwnd();
  778. vcs.dwFlags = 0;
  779. vcs.cStores = 1;
  780. vcs.rghStores = &hCertStore;
  781. vcs.pCertContext = pCert;
  782. ::CryptUIDlgViewCertificate(&vcs, &fPropertiesChanged);
  783. ::CertCloseStore (hCertStore, 0);
  784. }
  785. else
  786. {
  787. }
  788. if (pCert != NULL)
  789. ::CertFreeCertificateContext(pCert);
  790. if (hStore != NULL)
  791. ::CertCloseStore(hStore, 0);
  792. }
  794. void
  795. CW3SecurityPage::OnItemChanged()
  796. /*++
  798. Routine Description:
  800. All EN_CHANGE messages map to this function
  802. Arguments:
  804. None
  806. Return Value:
  808. None
  810. --*/
  811. {
  812. SetModified(TRUE);
  813. }