archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
0 Tags
2.0 GiB
Tree: daad8a087a
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'daad8a087a'
${ noResults }
windows-xp/Source/XPSP1/NT/shell/osshell/encrypt/users.cpp

632 lines
17 KiB
Raw Normal View History

Add source files
4 years ago
  1. // Users.cpp: implementation of the CUsers class.
  2. //
  3. //////////////////////////////////////////////////////////////////////
  5. #include "stdafx.h"
  6. #include "efsadu.h"
  7. #include "Users.h"
  8. #include <wincrypt.h>
  10. #ifdef _DEBUG
  11. #undef THIS_FILE
  12. static char THIS_FILE[]=__FILE__;
  13. #define new DEBUG_NEW
  14. #endif
  16. //////////////////////////////////////////////////////////////////////
  17. // Construction/Destruction
  18. //////////////////////////////////////////////////////////////////////
  20. CUsers::CUsers()
  21. {
  22. m_UsersRoot = NULL;
  23. m_UserAddedCnt = 0;
  24. m_UserRemovedCnt = 0;
  25. }
  27. //////////////////////////////////////////////////////////////////////
  28. // Walk through the chain to free the memory
  29. //////////////////////////////////////////////////////////////////////
  31. CUsers::~CUsers()
  32. {
  33. Clear();
  34. }
  36. PUSERSONFILE
  37. CUsers::RemoveItemFromHead(void)
  38. {
  39. PUSERSONFILE PItem = m_UsersRoot;
  40. if (m_UsersRoot){
  41. m_UsersRoot = m_UsersRoot->Next;
  42. if ((PItem->Flag & USERADDED) && !(PItem->Flag & USERREMOVED)){
  43. m_UserAddedCnt--;
  44. }
  45. if ((PItem->Flag & USERINFILE) && (PItem->Flag & USERREMOVED)){
  46. m_UserRemovedCnt--;
  47. }
  48. }
  49. return PItem;
  50. }
  52. DWORD
  53. CUsers::Add( CUsers &NewUsers )
  54. {
  55. PUSERSONFILE NewItem;
  57. while (NewItem = NewUsers.RemoveItemFromHead()){
  58. PUSERSONFILE TmpItem = m_UsersRoot;
  60. while ( TmpItem ){
  62. if ((NewItem->UserName && TmpItem->UserName && !_tcsicmp(NewItem->UserName, TmpItem->UserName)) ||
  63. ((NULL == NewItem->UserName) && (TmpItem->UserName == NULL))){
  65. //
  66. // User exist
  67. //
  69. if ( TmpItem->Flag & USERREMOVED ){
  71. if ( TmpItem->Flag & USERADDED ){
  73. ASSERT(!(TmpItem->Flag & USERINFILE));
  75. //
  76. // User added and removed
  77. //
  78. m_UserAddedCnt++;
  80. } else if ( TmpItem->Flag & USERINFILE ){
  82. //
  83. // User added and removed
  84. //
  85. m_UserRemovedCnt--;
  87. }
  88. TmpItem->Flag &= ~USERREMOVED;
  89. }
  91. //
  92. // The caller will count on CUsers to release the memory
  93. //
  95. if (NewItem->UserName){
  96. delete [] NewItem->UserName;
  97. }
  98. if ( NewItem->Context ) {
  99. CertFreeCertificateContext((PCCERT_CONTEXT)NewItem->Context);
  100. }
  101. delete [] NewItem->Cert;
  102. if (NewItem->UserSid){
  103. delete [] NewItem->UserSid;
  104. }
  105. delete NewItem;
  106. NewItem = NULL;
  107. break;
  108. }
  109. TmpItem = TmpItem->Next;
  110. }
  112. if (NewItem ){
  113. //
  114. // New item. Insert into the head.
  115. //
  117. NewItem->Next = m_UsersRoot;
  118. m_UsersRoot = NewItem;
  119. m_UserAddedCnt++;
  120. }
  122. }
  124. return ERROR_SUCCESS;
  125. }
  127. DWORD
  128. CUsers::Add(
  129. LPTSTR UserName,
  130. PVOID UserCert,
  131. PSID UserSid, /* = NULL */
  132. DWORD Flag, /* = USERINFILE */
  133. PVOID Context /* = NULL */
  134. )
  135. //////////////////////////////////////////////////////////////////////
  136. // Routine Description:
  137. // Create an item for a user
  138. // Arguments:
  139. // UserName -- User's name
  140. // UserCert -- User's certificate blob or hash
  141. // UserSid -- User's ID. Can be NULL
  142. // Flag -- Indicate if the item is existing in the file, to be added or removed
  143. // Return Value:
  144. // NO_ERROR if succeed.
  145. // Will throw exception if memory allocation fails. ( From new.)
  146. //
  147. //////////////////////////////////////////////////////////////////////
  148. {
  150. PUSERSONFILE UserItem;
  151. PUSERSONFILE TmpUserItem = m_UsersRoot;
  152. PEFS_CERTIFICATE_BLOB CertBlob;
  153. PEFS_HASH_BLOB CertHashBlob;
  154. DWORD CertSize;
  155. DWORD SidSize;
  157. if ( !UserCert ){
  158. return ERROR_INVALID_PARAMETER;
  159. }
  161. ASSERT ( (( Flag & USERADDED ) || ( Flag & USERINFILE )) &&
  162. ( (Flag & (USERADDED | USERINFILE)) != (USERADDED | USERINFILE)));
  165. //
  166. // If the user already in the memory, no new item is to be created except for unknown user
  167. //
  169. while ( TmpUserItem ){
  170. if ( (UserName && TmpUserItem->UserName && !_tcsicmp(UserName, TmpUserItem->UserName)) ||
  171. ((NULL == UserName) && (TmpUserItem->UserName == NULL))){
  173. //
  174. // User exist
  175. //
  177. if ( TmpUserItem->Flag & USERREMOVED ){
  179. if ( TmpUserItem->Flag & USERADDED ){
  181. ASSERT(!(TmpUserItem->Flag & USERINFILE));
  183. //
  184. // User added and removed
  185. //
  186. m_UserAddedCnt++;
  188. } else if ( TmpUserItem->Flag & USERINFILE ){
  190. //
  191. // User added and removed
  192. //
  193. m_UserRemovedCnt--;
  195. }
  196. TmpUserItem->Flag &= ~USERREMOVED;
  197. }
  199. //
  200. // The caller will count on CUsers to release
  201. // the context if the call returns CRYPT_E_EXISTS. This is just for
  202. // performance reason.
  203. //
  204. /*
  205. if (UserName){
  206. delete [] UserName;
  207. }
  208. */
  209. if ( Context ) {
  210. CertFreeCertificateContext((PCCERT_CONTEXT)Context);
  211. Context = NULL;
  212. }
  213. return CRYPT_E_EXISTS;
  214. }
  215. TmpUserItem = TmpUserItem->Next;
  216. }
  218. try {
  219. UserItem = new USERSONFILE;
  220. if ( NULL == UserItem ){
  221. AfxThrowMemoryException( );
  222. }
  224. UserItem->Next = NULL;
  226. //
  227. // In case exception raised, we can call delete.
  228. // Delete NULL is OK, but random data is not OK.
  229. //
  231. UserItem->UserSid = NULL;
  232. UserItem->Cert = NULL;
  233. UserItem->Context = NULL;
  235. if ( UserSid ){
  236. SidSize = GetLengthSid( UserSid );
  237. if ( SidSize > 0 ){
  238. UserItem->UserSid = new BYTE[SidSize];
  239. if ( NULL == UserItem->UserSid ){
  240. AfxThrowMemoryException( );
  241. }
  242. if ( !CopySid(SidSize, UserItem->UserSid, UserSid)){
  243. delete [] UserItem->UserSid;
  244. delete UserItem;
  245. return GetLastError();
  246. }
  248. } else {
  249. delete UserItem;
  250. return GetLastError();
  251. }
  252. } else {
  253. UserItem->UserSid = NULL;
  254. }
  256. if ( Flag & USERINFILE ){
  258. //
  259. // The info is from the file. Use the hash structure
  260. //
  262. CertHashBlob = ( PEFS_HASH_BLOB ) UserCert;
  263. CertSize = sizeof(EFS_HASH_BLOB) + CertHashBlob->cbData;
  264. UserItem->Cert = new BYTE[CertSize];
  265. if ( NULL == UserItem->Cert ){
  266. AfxThrowMemoryException( );
  267. }
  268. ((PEFS_HASH_BLOB)UserItem->Cert)->cbData = CertHashBlob->cbData;
  269. ((PEFS_HASH_BLOB)UserItem->Cert)->pbData = (PBYTE)(UserItem->Cert) + sizeof(EFS_HASH_BLOB);
  270. memcpy(((PEFS_HASH_BLOB)UserItem->Cert)->pbData,
  271. CertHashBlob->pbData,
  272. CertHashBlob->cbData
  273. );
  274. } else {
  276. //
  277. // The info is from the user picked cert. Use Cert Blob structure
  278. //
  280. CertBlob = ( PEFS_CERTIFICATE_BLOB ) UserCert;
  281. CertSize = sizeof(EFS_CERTIFICATE_BLOB) + CertBlob->cbData;
  282. UserItem->Cert = new BYTE[CertSize];
  283. if ( NULL == UserItem->Cert ){
  284. AfxThrowMemoryException( );
  285. }
  286. ((PEFS_CERTIFICATE_BLOB)UserItem->Cert)->cbData = CertBlob->cbData;
  287. ((PEFS_CERTIFICATE_BLOB)UserItem->Cert)->dwCertEncodingType = CertBlob->dwCertEncodingType;
  288. ((PEFS_CERTIFICATE_BLOB)UserItem->Cert)->pbData = (PBYTE)(UserItem->Cert) + sizeof(EFS_CERTIFICATE_BLOB);
  289. memcpy(((PEFS_CERTIFICATE_BLOB)UserItem->Cert)->pbData,
  290. CertBlob->pbData,
  291. CertBlob->cbData
  292. );
  294. }
  296. UserItem->UserName = UserName;
  297. UserItem->Context = Context;
  298. UserItem->Flag = Flag;
  299. if ( Flag & USERADDED ){
  300. m_UserAddedCnt ++;
  301. }
  302. }
  303. catch (...) {
  304. delete [] UserItem->UserSid;
  305. delete [] UserItem->Cert;
  306. delete UserItem;
  307. AfxThrowMemoryException( );
  308. return ERROR_NOT_ENOUGH_MEMORY;
  309. }
  311. //
  312. // Add to the head
  313. //
  315. if ( NULL != m_UsersRoot ){
  316. UserItem->Next = m_UsersRoot;
  317. }
  318. m_UsersRoot = UserItem;
  320. return NO_ERROR;
  321. }
  323. DWORD
  324. CUsers::Remove(
  325. LPCTSTR UserName
  326. )
  327. //////////////////////////////////////////////////////////////////////
  328. // Routine Description:
  329. // Remove a user from the list. Actually just mark for remove.
  330. // Arguments:
  331. // UserName -- User's name
  332. // Return Value:
  333. // NO_ERROR if succeed.
  334. // ERROR_NOT_FOUND if the user cannot be found.
  335. //
  336. //////////////////////////////////////////////////////////////////////
  337. {
  338. PUSERSONFILE TmpUserItem = m_UsersRoot;
  340. BOOL UserMatched =FALSE;
  342. while ( TmpUserItem ){
  343. if (((NULL==UserName) && ( NULL == TmpUserItem->UserName)) ||
  344. ( UserName && TmpUserItem->UserName && !_tcsicmp(UserName, TmpUserItem->UserName))){
  346. //
  347. // User exist, mark it for remove
  348. //
  350. if ( TmpUserItem->Flag & USERINFILE ){
  351. m_UserRemovedCnt++;
  352. } else if ( TmpUserItem->Flag & USERADDED ) {
  353. m_UserAddedCnt--;
  354. }
  355. TmpUserItem->Flag |= USERREMOVED;
  356. return NO_ERROR;
  357. }
  358. TmpUserItem = TmpUserItem->Next;
  359. }
  360. return ERROR_NOT_FOUND;
  361. }
  363. PVOID
  364. CUsers::StartEnum()
  365. //////////////////////////////////////////////////////////////////////
  366. // Routine Description:
  367. // Prepare for GetNextUser
  368. // Arguments:
  369. //
  370. // Return Value:
  371. // A pointer used for GetNextUser
  372. //
  373. //////////////////////////////////////////////////////////////////////
  374. {
  375. return ((PVOID)m_UsersRoot);
  376. }
  378. PVOID
  379. CUsers::GetNextUser(
  380. PVOID Token,
  381. CString &UserName,
  382. CString &CertHash
  383. )
  384. //////////////////////////////////////////////////////////////////////
  385. // Routine Description:
  386. // Get next user in the list.(Not removed).
  387. // Arguments:
  388. // UserName -- Next User's name
  389. // CertHash -- Certificate Thumbprinter
  390. // Token -- A pointer returned by previous GetNextUser or StartEnum.
  391. // Return Value:
  392. // A pointer for GetNextUser()
  393. //
  394. //////////////////////////////////////////////////////////////////////
  395. {
  397. PUSERSONFILE TmpItem = (PUSERSONFILE) Token;
  398. PVOID RetPointer = NULL;
  400. while ( TmpItem ){
  402. if ( TmpItem->Flag & USERREMOVED ){
  403. TmpItem = TmpItem->Next;
  404. continue;
  405. }
  407. try{
  408. LPWSTR HashString = NULL;
  410. UserName = TmpItem->UserName;
  412. if (TmpItem->Flag & USERINFILE){
  414. PEFS_HASH_BLOB UserHashBlob;
  416. UserHashBlob = (PEFS_HASH_BLOB)TmpItem->Cert;
  417. HashString = new WCHAR[((((UserHashBlob->cbData + 1)/2) * 5) + 1)];
  418. if (HashString) {
  419. ConvertHashToStr(UserHashBlob->pbData, UserHashBlob->cbData, HashString);
  420. }
  422. } else if ( TmpItem->Context ){
  424. DWORD cbHash;
  425. PBYTE pbHash;
  427. if (CertGetCertificateContextProperty(
  428. (PCCERT_CONTEXT)TmpItem->Context,
  429. CERT_HASH_PROP_ID,
  430. NULL,
  431. &cbHash
  432. )) {
  434. pbHash = (PBYTE)new BYTE[cbHash];
  436. if (pbHash != NULL) {
  438. if (CertGetCertificateContextProperty(
  439. (PCCERT_CONTEXT)TmpItem->Context,
  440. CERT_HASH_PROP_ID,
  441. pbHash,
  442. &cbHash
  443. )) {
  445. HashString = new WCHAR[((((cbHash + 1)/2) * 5) + 1)];
  446. if (HashString) {
  447. ConvertHashToStr(pbHash, cbHash, HashString);
  448. }
  449. }
  451. delete [] pbHash;
  453. }
  454. }
  456. }
  458. CertHash = HashString;
  459. if (HashString){
  460. delete [] HashString;
  461. }
  462. RetPointer = TmpItem->Next;
  463. }
  464. catch (...){
  466. //
  467. // Out of memory
  468. //
  470. TmpItem = NULL;
  471. RetPointer = NULL;
  472. }
  473. break;
  474. }
  476. if ( NULL == TmpItem ){
  477. UserName.Empty();
  478. CertHash.Empty();
  479. }
  480. return RetPointer;
  482. }
  484. DWORD CUsers::GetUserAddedCnt()
  485. {
  486. return m_UserAddedCnt;
  487. }
  489. DWORD CUsers::GetUserRemovedCnt()
  490. {
  491. return m_UserRemovedCnt;
  492. }
  494. PVOID
  495. CUsers::GetNextChangedUser(
  496. PVOID Token,
  497. LPTSTR * UserName,
  498. PSID * UserSid,
  499. PVOID * CertData,
  500. DWORD * Flag
  501. )
  502. //////////////////////////////////////////////////////////////////////
  503. // Routine Description:
  504. // Get the info for changed users. This method is not well behaved in the
  505. // sense of OOP. It exposes internal pointers to the ouside world. The gain
  506. // is performance. At this moment, CUsers is a supporting class and used only
  507. // by USERLIST and CAddSheet (single thread). We can make USERLIST a
  508. // friend of CUsers if such concerns are raised in the future or reimplement this.
  509. // The same issue applies to the enumerate methods.
  510. //
  511. // Arguments:
  512. // Token -- A pointer to the item returned in previous GetNextChangedUser or StartEnum.
  513. // UserName -- User's name
  514. // CertData -- User's certificate blob or hash
  515. // UserSid -- User's ID. Can be NULL
  516. // Flag -- Indicate if the item is existing in the file, to be added or removed
  517. // Return Value:
  518. // Next item pointer.
  519. //
  520. //////////////////////////////////////////////////////////////////////
  521. {
  522. BOOL ChangedUserFound = FALSE;
  524. while ( Token ){
  526. *Flag = ((PUSERSONFILE) Token)->Flag;
  528. if ( ( *Flag & USERADDED ) && !( *Flag & USERREMOVED )){
  530. //
  531. // The user is to to be added to the file
  532. //
  534. *Flag = USERADDED;
  535. ChangedUserFound = TRUE;
  537. } else if ( ( *Flag & USERREMOVED ) && ( *Flag & USERINFILE)){
  539. //
  540. // The user is to be removed from the file
  541. //
  543. *Flag = USERREMOVED;
  544. ChangedUserFound = TRUE;
  546. }
  548. if ( ChangedUserFound ){
  550. *UserName = ((PUSERSONFILE) Token)->UserName;
  551. *UserSid = ((PUSERSONFILE) Token)->UserSid;
  552. *CertData = ((PUSERSONFILE) Token)->Cert;
  553. return ((PUSERSONFILE) Token)->Next;
  555. } else {
  557. Token = ((PUSERSONFILE) Token)->Next;
  559. }
  561. }
  563. *UserName = NULL;
  564. *UserSid = NULL;
  565. *CertData = NULL;
  566. *Flag = 0;
  567. return NULL;
  568. }
  570. void CUsers::Clear()
  571. {
  573. PUSERSONFILE TmpUserItem = m_UsersRoot;
  574. while (TmpUserItem){
  575. m_UsersRoot = TmpUserItem->Next;
  576. delete [] TmpUserItem->UserName;
  577. delete [] TmpUserItem->Cert;
  578. if (TmpUserItem->UserSid){
  579. delete [] TmpUserItem->UserSid;
  580. }
  581. if (TmpUserItem->Context){
  582. CertFreeCertificateContext((PCCERT_CONTEXT)TmpUserItem->Context);
  583. }
  584. delete TmpUserItem;
  585. TmpUserItem = m_UsersRoot;
  586. }
  588. m_UsersRoot = NULL;
  589. m_UserAddedCnt = 0;
  590. m_UserRemovedCnt = 0;
  592. }
  594. void CUsers::ConvertHashToStr(
  595. PBYTE pHashData,
  596. DWORD cbData,
  597. LPWSTR OutHashStr
  598. )
  599. {
  601. DWORD Index = 0;
  602. BOOLEAN NoLastZero = FALSE;
  604. for (; Index < cbData; Index+=2) {
  606. BYTE HashByteLow = pHashData[Index] & 0x0f;
  607. BYTE HashByteHigh = (pHashData[Index] & 0xf0) >> 4;
  609. OutHashStr[Index * 5/2] = HashByteHigh > 9 ? (WCHAR)(HashByteHigh - 9 + 0x40): (WCHAR)(HashByteHigh + 0x30);
  610. OutHashStr[Index * 5/2 + 1] = HashByteLow > 9 ? (WCHAR)(HashByteLow - 9 + 0x40): (WCHAR)(HashByteLow + 0x30);
  612. if (Index + 1 < cbData) {
  613. HashByteLow = pHashData[Index+1] & 0x0f;
  614. HashByteHigh = (pHashData[Index+1] & 0xf0) >> 4;
  616. OutHashStr[Index * 5/2 + 2] = HashByteHigh > 9 ? (WCHAR)(HashByteHigh - 9 + 0x40): (WCHAR)(HashByteHigh + 0x30);
  617. OutHashStr[Index * 5/2 + 3] = HashByteLow > 9 ? (WCHAR)(HashByteLow - 9 + 0x40): (WCHAR)(HashByteLow + 0x30);
  619. OutHashStr[Index * 5/2 + 4] = L' ';
  621. } else {
  622. OutHashStr[Index * 5/2 + 2] = 0;
  623. NoLastZero = TRUE;
  624. }
  626. }
  628. if (!NoLastZero) {
  629. OutHashStr[Index*5/2] = 0;
  630. }
  632. }