mirror of https://github.com/tongzx/nt5src
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5577 lines
195 KiB
5577 lines
195 KiB
/*++
|
|
|
|
Copyright (c) Microsoft Corporation. All rights reserved.
|
|
|
|
Module Name:
|
|
|
|
fileutil.c
|
|
|
|
Abstract:
|
|
|
|
File-related functions for Windows NT Setup API dll.
|
|
|
|
Author:
|
|
|
|
Ted Miller (tedm) 11-Jan-1995
|
|
|
|
Revision History:
|
|
|
|
--*/
|
|
|
|
|
|
#include "precomp.h"
|
|
#pragma hdrstop
|
|
#include <ntverp.h>
|
|
|
|
//
|
|
// This guid is used for file signing/verification.
|
|
//
|
|
GUID DriverVerifyGuid = DRIVER_ACTION_VERIFY;
|
|
|
|
//
|
|
// Instantiate exception class GUID.
|
|
//
|
|
#include <initguid.h>
|
|
DEFINE_GUID( GUID_DEVCLASS_WINDOWS_COMPONENT_PUBLISHER, 0xF5776D81L, 0xAE53, 0x4935, 0x8E, 0x84, 0xB0, 0xB2, 0x83, 0xD8, 0xBC, 0xEF );
|
|
|
|
// Bit 0 indicates policy for filters (0 = critical, 1 = non-critical)
|
|
#define DDB_DRIVER_POLICY_CRITICAL_BIT (1 << 0)
|
|
// Bit 1 indicates policy for user-mode setup blocking (0 = block, 1 = no-block)
|
|
#define DDB_DRIVER_POLICY_SETUP_NO_BLOCK_BIT (1 << 1)
|
|
|
|
|
|
//
|
|
// Global list of device setup classes subject to driver signing policy, along
|
|
// validation platform overrides (where applicable).
|
|
//
|
|
DRVSIGN_POLICY_LIST GlobalDrvSignPolicyList;
|
|
|
|
//
|
|
// private function prototypes
|
|
//
|
|
BOOL
|
|
ClassGuidInDrvSignPolicyList(
|
|
IN PSETUP_LOG_CONTEXT LogContext, OPTIONAL
|
|
IN CONST GUID *DeviceSetupClassGuid, OPTIONAL
|
|
OUT PSP_ALTPLATFORM_INFO_V2 *ValidationPlatform OPTIONAL
|
|
);
|
|
|
|
//
|
|
// helper to determine log level to use
|
|
//
|
|
__inline
|
|
DWORD
|
|
GetCatLogLevel(DWORD Err)
|
|
{
|
|
switch(Err) {
|
|
case ERROR_FILE_NOT_FOUND:
|
|
case ERROR_PATH_NOT_FOUND:
|
|
case E_NOTIMPL:
|
|
return SETUP_LOG_VVERBOSE;
|
|
|
|
default:
|
|
return SETUP_LOG_INFO;
|
|
}
|
|
}
|
|
|
|
DWORD
|
|
ReadAsciiOrUnicodeTextFile(
|
|
IN HANDLE FileHandle,
|
|
OUT PTEXTFILE_READ_BUFFER Result,
|
|
IN PSETUP_LOG_CONTEXT LogContext OPTIONAL
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Read in a text file that may be in either ascii or unicode format.
|
|
#ifdef UNICODE
|
|
If the file is ascii, it is assumed to be ANSI format and is converted
|
|
to Unicode.
|
|
#else
|
|
If the file is unicode, it will be converted to ascii using the ANSI
|
|
codepage.
|
|
|
|
NOTE: On Windows 95, the IsTextUnicode API is not implemented, thus
|
|
the unicode file must have a byte order mark (BOM) in order for us to
|
|
recognize it under Win95.
|
|
#endif
|
|
|
|
Arguments:
|
|
|
|
FileHandle - Supplies the handle of the text file to be read.
|
|
|
|
Result - supplies the address of a TEXTFILE_READ_BUFFER structure that
|
|
receives information about the text file buffer read. The structure
|
|
is defined as follows:
|
|
|
|
typedef struct _TEXTFILE_READ_BUFFER {
|
|
PCTSTR TextBuffer;
|
|
DWORD TextBufferSize;
|
|
HANDLE FileHandle;
|
|
HANDLE MappingHandle;
|
|
PVOID ViewAddress;
|
|
} TEXTFILE_READ_BUFFER, *PTEXTFILE_READ_BUFFER;
|
|
|
|
TextBuffer - pointer to the read-only character string containing
|
|
the entire text of the file.
|
|
(NOTE: If the file is a Unicode file with a Byte Order Mark
|
|
prefix, this Unicode character is not included in the returned
|
|
buffer.)
|
|
TextBufferSize - size of the TextBuffer (in characters).
|
|
FileHandle - If this is a valid handle (i.e., it's not equal to
|
|
INVALID_HANDLE_VALUE), then the file was already the native
|
|
character type, so the TextBuffer is simply the mapped-in image
|
|
of the file. This field is reserved for use by the
|
|
DestroyTextFileReadBuffer routine, and should not be accessed.
|
|
MappingHandle - If FileHandle is valid, then this contains the
|
|
mapping handle for the file image mapping.
|
|
This field is reserved for use by the DestroyTextFileReadBuffer
|
|
routine, and should not be accessed.
|
|
ViewAddress - If FileHandle is valid, then this contains the
|
|
starting memory address where the file image was mapped in.
|
|
This field is reserved for use by the DestroyTextFileReadBuffer
|
|
routine, and should not be accessed.
|
|
|
|
LogContext - for logging of errors/tracing
|
|
|
|
Return Value:
|
|
|
|
Win32 error value indicating the outcome.
|
|
|
|
Remarks:
|
|
|
|
Upon return from this routine, the caller MUST NOT attempt to close FileHandle.
|
|
This routine with either close the handle itself (after it's finished with it, or
|
|
upon error), or it will store the handle away in the TEXTFILE_READ_BUFFER struct,
|
|
to be later closed via DestroyTextFileReadBuffer().
|
|
|
|
--*/
|
|
|
|
{
|
|
DWORD rc;
|
|
DWORD FileSize;
|
|
HANDLE MappingHandle;
|
|
PVOID ViewAddress, TextStartAddress;
|
|
BOOL IsNativeChar;
|
|
#ifdef UNICODE
|
|
UINT SysCodePage = CP_ACP;
|
|
#endif
|
|
//
|
|
// Map the file for read access.
|
|
//
|
|
rc = pSetupMapFileForRead(
|
|
FileHandle,
|
|
&FileSize,
|
|
&MappingHandle,
|
|
&ViewAddress
|
|
);
|
|
|
|
if(rc != NO_ERROR) {
|
|
//
|
|
// We couldn't map the file--close the file handle now.
|
|
//
|
|
CloseHandle(FileHandle);
|
|
|
|
} else {
|
|
|
|
//
|
|
// Determine whether the file is unicode. Guard with try/except in
|
|
// case we get an inpage error.
|
|
//
|
|
try {
|
|
//
|
|
// Check to see if the file starts with a Unicode Byte Order Mark
|
|
// (BOM) character (0xFEFF). If so, then we know that the file
|
|
// is Unicode, and don't have to go through the slow process of
|
|
// trying to figure it out.
|
|
//
|
|
TextStartAddress = ViewAddress;
|
|
|
|
if((FileSize >= sizeof(WCHAR)) && (*(PWCHAR)TextStartAddress == 0xFEFF)) {
|
|
//
|
|
// The file has the BOM prefix. Adjust the pointer to the
|
|
// start of the text, so that we don't include the marker
|
|
// in the text buffer we return.
|
|
//
|
|
#ifdef UNICODE
|
|
IsNativeChar = TRUE;
|
|
#else
|
|
IsNativeChar = FALSE;
|
|
#endif // UNICODE
|
|
|
|
((PWCHAR)TextStartAddress)++;
|
|
FileSize -= sizeof(WCHAR);
|
|
} else {
|
|
|
|
IsNativeChar = IsTextUnicode(TextStartAddress,FileSize,NULL);
|
|
#ifndef UNICODE
|
|
IsNativeChar = !IsNativeChar;
|
|
#endif // !UNICODE
|
|
|
|
}
|
|
|
|
} except(EXCEPTION_EXECUTE_HANDLER) {
|
|
rc = ERROR_READ_FAULT;
|
|
}
|
|
|
|
if(rc == NO_ERROR) {
|
|
|
|
if(IsNativeChar) {
|
|
//
|
|
// No conversion is required--we'll just use the mapped-in
|
|
// image in memory.
|
|
//
|
|
Result->TextBuffer = TextStartAddress;
|
|
Result->TextBufferSize = FileSize / sizeof(TCHAR);
|
|
Result->FileHandle = FileHandle;
|
|
Result->MappingHandle = MappingHandle;
|
|
Result->ViewAddress = ViewAddress;
|
|
|
|
} else {
|
|
|
|
DWORD NativeCharCount;
|
|
PTCHAR Buffer;
|
|
|
|
//
|
|
// Need to convert the file to the native character type.
|
|
// Allocate a buffer that is maximally sized.
|
|
#ifdef UNICODE
|
|
// The maximum size of the unicode text is
|
|
// double the size of the oem text, and would occur
|
|
// when each oem character is single-byte.
|
|
#else
|
|
// The maximum size of the ANSI text is the same number
|
|
// of bytes that the Unicode text occupies.
|
|
//
|
|
#endif // UNICODE
|
|
|
|
if(Buffer = MyMalloc(FileSize * sizeof(TCHAR))) {
|
|
try {
|
|
#ifdef UNICODE
|
|
//
|
|
// RAID#397463-1999/09/01-JamieHun Implement ANSI Inf Language=xxxx
|
|
// come up with a better way of determining what code-page to interpret INF file under
|
|
// currently we use the install-base
|
|
//
|
|
SysCodePage = CP_ACP;
|
|
NativeCharCount = MultiByteToWideChar(SysCodePage,
|
|
MB_PRECOMPOSED,
|
|
TextStartAddress,
|
|
FileSize,
|
|
Buffer,
|
|
FileSize
|
|
);
|
|
#else
|
|
NativeCharCount = WideCharToMultiByte(CP_ACP,
|
|
0,
|
|
TextStartAddress,
|
|
FileSize / sizeof(WCHAR),
|
|
Buffer,
|
|
FileSize,
|
|
NULL,
|
|
NULL
|
|
);
|
|
#endif // UNICODE
|
|
if(!NativeCharCount) {
|
|
rc = GetLastError();
|
|
}
|
|
} except(EXCEPTION_EXECUTE_HANDLER) {
|
|
rc = ERROR_READ_FAULT;
|
|
}
|
|
} else {
|
|
rc = ERROR_NOT_ENOUGH_MEMORY;
|
|
}
|
|
|
|
if(rc == NO_ERROR) {
|
|
//
|
|
// If the converted buffer doesn't require the entire block
|
|
// we allocated, attempt to reallocate the buffer to its
|
|
// correct size. We don't care if this fails, since the
|
|
// buffer we have is perfectly fine (just bigger than we
|
|
// need).
|
|
//
|
|
if(!(Result->TextBuffer = MyRealloc(Buffer, NativeCharCount * sizeof(TCHAR)))) {
|
|
Result->TextBuffer = Buffer;
|
|
}
|
|
|
|
Result->TextBufferSize = NativeCharCount;
|
|
Result->FileHandle = INVALID_HANDLE_VALUE;
|
|
|
|
} else {
|
|
//
|
|
// Free the buffer, if it was previously allocated.
|
|
//
|
|
if(Buffer) {
|
|
MyFree(Buffer);
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
//
|
|
// If the file was already in native character form and we didn't
|
|
// enounter any errors, then we don't want to close it, because we
|
|
// use the mapped-in view directly.
|
|
//
|
|
if((rc != NO_ERROR) || !IsNativeChar) {
|
|
pSetupUnmapAndCloseFile(FileHandle, MappingHandle, ViewAddress);
|
|
}
|
|
}
|
|
|
|
return rc;
|
|
}
|
|
|
|
|
|
BOOL
|
|
DestroyTextFileReadBuffer(
|
|
IN PTEXTFILE_READ_BUFFER ReadBuffer
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Destroy a textfile read buffer created by ReadAsciiOrUnicodeTextFile.
|
|
|
|
Arguments:
|
|
|
|
ReadBuffer - supplies the address of a TEXTFILE_READ_BUFFER structure
|
|
for the buffer to be destroyed.
|
|
|
|
Return Value:
|
|
|
|
BOOLean value indicating success or failure.
|
|
|
|
--*/
|
|
{
|
|
//
|
|
// If our ReadBuffer structure has a valid FileHandle, then we must
|
|
// unmap and close the file, otherwise, we simply need to free the
|
|
// allocated buffer.
|
|
//
|
|
if(ReadBuffer->FileHandle != INVALID_HANDLE_VALUE) {
|
|
|
|
return pSetupUnmapAndCloseFile(ReadBuffer->FileHandle,
|
|
ReadBuffer->MappingHandle,
|
|
ReadBuffer->ViewAddress
|
|
);
|
|
|
|
} else {
|
|
|
|
MyFree(ReadBuffer->TextBuffer);
|
|
return TRUE;
|
|
|
|
}
|
|
}
|
|
|
|
|
|
BOOL
|
|
GetVersionInfoFromImage(
|
|
IN PCTSTR FileName,
|
|
OUT PDWORDLONG Version,
|
|
OUT LANGID *Language
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Retrieve file version and language info from a file.
|
|
|
|
The version is specified in the dwFileVersionMS and dwFileVersionLS fields
|
|
of a VS_FIXEDFILEINFO, as filled in by the win32 version APIs. For the
|
|
language we look at the translation table in the version resources and assume
|
|
that the first langid/codepage pair specifies the language.
|
|
|
|
If the file is not a coff image or does not have version resources,
|
|
the function fails. The function does not fail if we are able to retrieve
|
|
the version but not the language.
|
|
|
|
Arguments:
|
|
|
|
FileName - supplies the full path of the file whose version data is desired.
|
|
|
|
Version - receives the version stamp of the file. If the file is not a coff image
|
|
or does not contain the appropriate version resource data, the function fails.
|
|
|
|
Language - receives the language id of the file. If the file is not a coff image
|
|
or does not contain the appropriate version resource data, this will be 0
|
|
and the function succeeds.
|
|
|
|
Return Value:
|
|
|
|
TRUE if we were able to retreive at least the version stamp.
|
|
FALSE otherwise.
|
|
|
|
--*/
|
|
|
|
{
|
|
DWORD d;
|
|
PVOID VersionBlock;
|
|
VS_FIXEDFILEINFO *FixedVersionInfo;
|
|
UINT DataLength;
|
|
BOOL b;
|
|
PWORD Translation;
|
|
DWORD Ignored;
|
|
|
|
//
|
|
// Assume failure
|
|
//
|
|
b = FALSE;
|
|
|
|
//
|
|
// Get the size of version info block.
|
|
//
|
|
if(d = GetFileVersionInfoSize((PTSTR)FileName,&Ignored)) {
|
|
//
|
|
// Allocate memory block of sufficient size to hold version info block
|
|
//
|
|
VersionBlock = MyMalloc(d*sizeof(TCHAR));
|
|
if(VersionBlock) {
|
|
|
|
//
|
|
// Get the version block from the file.
|
|
//
|
|
if(GetFileVersionInfo((PTSTR)FileName,0,d*sizeof(TCHAR),VersionBlock)) {
|
|
|
|
//
|
|
// Get fixed version info.
|
|
//
|
|
if(VerQueryValue(VersionBlock,TEXT("\\"),&FixedVersionInfo,&DataLength)) {
|
|
|
|
//
|
|
// If we get here, we declare success, even if there is
|
|
// no language.
|
|
//
|
|
b = TRUE;
|
|
|
|
//
|
|
// Return version to caller.
|
|
//
|
|
*Version = (((DWORDLONG)FixedVersionInfo->dwFileVersionMS) << 32)
|
|
+ FixedVersionInfo->dwFileVersionLS;
|
|
|
|
//
|
|
// Attempt to get language of file. We'll simply ask for the
|
|
// translation table and use the first language id we find in there
|
|
// as *the* language of the file.
|
|
//
|
|
// The translation table consists of LANGID/Codepage pairs.
|
|
//
|
|
if(VerQueryValue(VersionBlock,TEXT("\\VarFileInfo\\Translation"),&Translation,&DataLength)
|
|
&& (DataLength >= (2*sizeof(WORD)))) {
|
|
|
|
*Language = Translation[0];
|
|
} else {
|
|
//
|
|
// No language
|
|
//
|
|
*Language = 0;
|
|
}
|
|
}
|
|
}
|
|
|
|
MyFree(VersionBlock);
|
|
}
|
|
}
|
|
|
|
return(b);
|
|
}
|
|
|
|
BOOL
|
|
pSetupGetVersionInfoFromImage(
|
|
IN PCTSTR FileName,
|
|
OUT PULARGE_INTEGER Version,
|
|
OUT LANGID *Language
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
See GetVersionInfoFromImage for description
|
|
Semi-public version that uses the more friendly ULARGE_INTEGER
|
|
|
|
Arguments:
|
|
|
|
FileName - supplies the full path of the file whose version data is desired.
|
|
|
|
Version - receives the version stamp of the file. If the file is not a coff image
|
|
or does not contain the appropriate version resource data, the function fails.
|
|
|
|
Language - receives the language id of the file. If the file is not a coff image
|
|
or does not contain the appropriate version resource data, this will be 0
|
|
and the function succeeds.
|
|
|
|
Return Value:
|
|
|
|
TRUE if we were able to retreive at least the version stamp.
|
|
FALSE otherwise.
|
|
|
|
--*/
|
|
{
|
|
DWORDLONG privateVersion=0;
|
|
BOOL result;
|
|
|
|
result = GetVersionInfoFromImage(FileName,&privateVersion,Language);
|
|
if (result && Version) {
|
|
Version->QuadPart = privateVersion;
|
|
}
|
|
return result;
|
|
}
|
|
|
|
DWORD
|
|
GetSetFileTimestamp(
|
|
IN PCTSTR FileName,
|
|
OUT FILETIME *CreateTime, OPTIONAL
|
|
OUT FILETIME *AccessTime, OPTIONAL
|
|
OUT FILETIME *WriteTime, OPTIONAL
|
|
IN BOOL Set
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Get or set a file's timestamp values.
|
|
|
|
Arguments:
|
|
|
|
FileName - supplies full path of file to get or set timestamps
|
|
|
|
CreateTime - if specified and the underlying filesystem supports it,
|
|
receives the creation time of the file.
|
|
|
|
AccessTime - if specified and the underlying filesystem supports it,
|
|
receives the last access time of the file.
|
|
|
|
WriteTime - if specified, receives the last write time of the file.
|
|
|
|
Return Value:
|
|
|
|
If successful, returns NO_ERROR, otherwise returns the Win32 error
|
|
indicating the cause of failure.
|
|
|
|
--*/
|
|
|
|
{
|
|
HANDLE h;
|
|
DWORD d;
|
|
BOOL b;
|
|
|
|
h = CreateFile(
|
|
FileName,
|
|
Set ? GENERIC_WRITE : GENERIC_READ,
|
|
FILE_SHARE_READ | FILE_SHARE_WRITE,
|
|
NULL,
|
|
OPEN_EXISTING,
|
|
0,
|
|
NULL
|
|
);
|
|
|
|
if(h == INVALID_HANDLE_VALUE) {
|
|
return(GetLastError());
|
|
}
|
|
|
|
b = Set
|
|
? SetFileTime(h,CreateTime,AccessTime,WriteTime)
|
|
: GetFileTime(h,CreateTime,AccessTime,WriteTime);
|
|
|
|
d = b ? NO_ERROR : GetLastError();
|
|
|
|
CloseHandle(h);
|
|
|
|
return(d);
|
|
}
|
|
|
|
|
|
DWORD
|
|
RetreiveFileSecurity(
|
|
IN PCTSTR FileName,
|
|
OUT PSECURITY_DESCRIPTOR *SecurityDescriptor
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Retreive security information from a file and place it into a buffer.
|
|
|
|
Arguments:
|
|
|
|
FileName - supplies name of file whose security information is desired.
|
|
|
|
SecurityDescriptor - If the function is successful, receives pointer
|
|
to buffer containing security information for the file. The pointer
|
|
may be NULL, indicating that there is no security information
|
|
associated with the file or that the underlying filesystem does not
|
|
support file security.
|
|
|
|
Return Value:
|
|
|
|
Win32 error code indicating outcome. If NO_ERROR check the value returned
|
|
in SecurityDescriptor.
|
|
|
|
The caller can free the buffer with MyFree() when done with it.
|
|
|
|
--*/
|
|
|
|
{
|
|
BOOL b;
|
|
DWORD d;
|
|
DWORD BytesRequired;
|
|
PSECURITY_DESCRIPTOR p;
|
|
|
|
|
|
BytesRequired = 1024;
|
|
|
|
while (TRUE) {
|
|
|
|
//
|
|
// Allocate a buffer of the required size.
|
|
//
|
|
p = MyMalloc(BytesRequired);
|
|
if(!p) {
|
|
return(ERROR_NOT_ENOUGH_MEMORY);
|
|
}
|
|
|
|
//
|
|
// Get the security.
|
|
//
|
|
b = GetFileSecurity(
|
|
FileName,
|
|
OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION,
|
|
p,
|
|
BytesRequired,
|
|
&BytesRequired
|
|
);
|
|
|
|
//
|
|
// Return with sucess
|
|
//
|
|
if(b) {
|
|
*SecurityDescriptor = p;
|
|
return(NO_ERROR);
|
|
}
|
|
|
|
//
|
|
// Return an error code, unless we just need a bigger buffer
|
|
//
|
|
MyFree(p);
|
|
d = GetLastError();
|
|
if(d != ERROR_INSUFFICIENT_BUFFER) {
|
|
return (d);
|
|
}
|
|
|
|
//
|
|
// There's a bug in GetFileSecurity that can cause it to ask for a
|
|
// REALLY big buffer. In that case, we return an error.
|
|
//
|
|
if (BytesRequired > 0xF0000000) {
|
|
return (ERROR_INVALID_DATA);
|
|
}
|
|
|
|
//
|
|
// Otherwise, we'll try again with a bigger buffer
|
|
//
|
|
}
|
|
}
|
|
|
|
|
|
DWORD
|
|
StampFileSecurity(
|
|
IN PCTSTR FileName,
|
|
IN PSECURITY_DESCRIPTOR SecurityInfo
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Set security information on a file.
|
|
|
|
Arguments:
|
|
|
|
FileName - supplies name of file whose security information is desired.
|
|
|
|
SecurityDescriptor - supplies pointer to buffer containing security information
|
|
for the file. This buffer should have been returned by a call to
|
|
RetreiveFileSecurity. If the underlying filesystem does not support
|
|
file security, the function fails.
|
|
|
|
Return Value:
|
|
|
|
Win32 error code indicating outcome.
|
|
|
|
--*/
|
|
|
|
{
|
|
BOOL b;
|
|
|
|
b = SetFileSecurity(
|
|
FileName,
|
|
OWNER_SECURITY_INFORMATION | GROUP_SECURITY_INFORMATION | DACL_SECURITY_INFORMATION,
|
|
SecurityInfo
|
|
);
|
|
|
|
return(b ? NO_ERROR : GetLastError());
|
|
}
|
|
|
|
|
|
DWORD
|
|
TakeOwnershipOfFile(
|
|
IN PCTSTR Filename
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Sets the owner of a given file to the default owner specified in
|
|
the current process token.
|
|
|
|
Arguments:
|
|
|
|
FileName - supplies name of the file of which to take ownership.
|
|
|
|
Return Value:
|
|
|
|
Win32 error code indicating outcome.
|
|
|
|
--*/
|
|
|
|
{
|
|
BOOL b;
|
|
SECURITY_DESCRIPTOR SecurityDescriptor;
|
|
DWORD Err;
|
|
HANDLE Token;
|
|
DWORD BytesRequired;
|
|
PTOKEN_OWNER OwnerInfo;
|
|
|
|
//
|
|
// Open the process token.
|
|
//
|
|
if(!OpenProcessToken(GetCurrentProcess(),TOKEN_QUERY,&Token)) {
|
|
Err = GetLastError();
|
|
goto clean0;
|
|
}
|
|
|
|
//
|
|
// Get the current process's default owner sid.
|
|
//
|
|
GetTokenInformation(Token,TokenOwner,NULL,0,&BytesRequired);
|
|
Err = GetLastError();
|
|
if(Err != ERROR_INSUFFICIENT_BUFFER) {
|
|
goto clean1;
|
|
}
|
|
|
|
OwnerInfo = MyMalloc(BytesRequired);
|
|
if(!OwnerInfo) {
|
|
Err = ERROR_NOT_ENOUGH_MEMORY;
|
|
goto clean1;
|
|
}
|
|
|
|
b = GetTokenInformation(Token,TokenOwner,OwnerInfo,BytesRequired,&BytesRequired);
|
|
if(!b) {
|
|
Err = GetLastError();
|
|
goto clean2;
|
|
}
|
|
|
|
//
|
|
// Initialize the security descriptor.
|
|
//
|
|
if(!InitializeSecurityDescriptor(&SecurityDescriptor,SECURITY_DESCRIPTOR_REVISION)
|
|
|| !SetSecurityDescriptorOwner(&SecurityDescriptor,OwnerInfo->Owner,FALSE)) {
|
|
|
|
Err = GetLastError();
|
|
goto clean2;
|
|
}
|
|
|
|
//
|
|
// Set file security.
|
|
//
|
|
Err = SetFileSecurity(Filename,OWNER_SECURITY_INFORMATION,&SecurityDescriptor)
|
|
? NO_ERROR
|
|
: GetLastError();
|
|
|
|
//
|
|
// Not all filesystems support this operation.
|
|
//
|
|
if(Err == ERROR_NOT_SUPPORTED) {
|
|
Err = NO_ERROR;
|
|
}
|
|
|
|
clean2:
|
|
MyFree(OwnerInfo);
|
|
clean1:
|
|
CloseHandle(Token);
|
|
clean0:
|
|
return(Err);
|
|
}
|
|
|
|
|
|
DWORD
|
|
SearchForInfFile(
|
|
IN PCTSTR InfName,
|
|
OUT LPWIN32_FIND_DATA FindData,
|
|
IN DWORD SearchControl,
|
|
OUT PTSTR FullInfPath,
|
|
IN UINT FullInfPathSize,
|
|
OUT PUINT RequiredSize OPTIONAL
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine searches for an INF file in the manner specified
|
|
by the SearchControl parameter. If the file is found, its
|
|
full path is returned.
|
|
|
|
Arguments:
|
|
|
|
InfName - Supplies name of INF to search for. This name is simply
|
|
appended to the two search directory paths, so if the name
|
|
contains directories, the file will searched for in the
|
|
subdirectory under the search directory. I.e.:
|
|
|
|
\foo\bar.inf
|
|
|
|
will be searched for as %windir%\inf\foo\bar.inf and
|
|
%windir%\system32\foo\bar.inf.
|
|
|
|
FindData - Supplies the address of a Win32 Find Data structure that
|
|
receives information about the file specified (if it is found).
|
|
|
|
SearchControl - Specifies the order in which directories should
|
|
be searched:
|
|
|
|
INFINFO_DEFAULT_SEARCH : search %windir%\inf, then %windir%\system32
|
|
|
|
INFINFO_REVERSE_DEFAULT_SEARCH : reverse of the above
|
|
|
|
INFINFO_INF_PATH_LIST_SEARCH : search for the INF in each of the
|
|
directories listed in the DevicePath value entry under:
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion.
|
|
|
|
FullInfPath - If the file is found, receives the full path of the INF.
|
|
|
|
FullInfPathSize - Supplies the size of the FullInfPath buffer (in
|
|
characters).
|
|
|
|
RequiredSize - Optionally, receives the number of characters (including
|
|
terminating NULL) required to store the FullInfPath.
|
|
|
|
Return Value:
|
|
|
|
Win32 error code indicating whether the function was successful. Common
|
|
return values are:
|
|
|
|
NO_ERROR if the file was found, and the INF file path returned
|
|
successfully.
|
|
|
|
ERROR_INSUFFICIENT_BUFFER if the supplied buffer was not large enough
|
|
to hold the full INF path (RequiredSize will indicated how large
|
|
the buffer needs to be)
|
|
|
|
ERROR_FILE_NOT_FOUND if the file was not found.
|
|
|
|
ERROR_INVALID_PARAMETER if the SearchControl parameter is invalid.
|
|
|
|
--*/
|
|
|
|
{
|
|
PCTSTR PathList;
|
|
TCHAR CurInfPath[MAX_PATH];
|
|
PCTSTR PathPtr, InfPathLocation;
|
|
DWORD PathLength;
|
|
BOOL b, FreePathList;
|
|
DWORD d;
|
|
|
|
//
|
|
// Retrieve the path list.
|
|
//
|
|
if(SearchControl == INFINFO_INF_PATH_LIST_SEARCH) {
|
|
//
|
|
// Just use our global list of INF search paths.
|
|
//
|
|
PathList = InfSearchPaths;
|
|
FreePathList = FALSE;
|
|
} else {
|
|
if(!(PathList = AllocAndReturnDriverSearchList(SearchControl))) {
|
|
return ERROR_NOT_ENOUGH_MEMORY;
|
|
}
|
|
FreePathList = TRUE;
|
|
}
|
|
|
|
//
|
|
// Now look for the INF in each path in our MultiSz list.
|
|
//
|
|
InfPathLocation = NULL;
|
|
d = NO_ERROR;
|
|
|
|
for(PathPtr = PathList; *PathPtr; PathPtr += (lstrlen(PathPtr) + 1)) {
|
|
//
|
|
// Concatenate the INF file name with the current search path.
|
|
//
|
|
lstrcpy(CurInfPath, PathPtr);
|
|
pSetupConcatenatePaths(CurInfPath,
|
|
InfName,
|
|
SIZECHARS(CurInfPath),
|
|
&PathLength
|
|
);
|
|
|
|
if(b = FileExists(CurInfPath, FindData)) {
|
|
if(!(FindData->dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY)) {
|
|
InfPathLocation = CurInfPath;
|
|
break;
|
|
}
|
|
} else {
|
|
//
|
|
// See if we got a 'real' error
|
|
//
|
|
d = GetLastError();
|
|
if((d == ERROR_NO_MORE_FILES) || (d == ERROR_FILE_NOT_FOUND) || (d == ERROR_PATH_NOT_FOUND)) {
|
|
//
|
|
// Not really an error--continue looking.
|
|
//
|
|
d = NO_ERROR;
|
|
|
|
} else {
|
|
//
|
|
// This is a 'real' error, abort the search.
|
|
//
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
|
|
//
|
|
// Whatever the outcome, we're through with the PathList buffer.
|
|
//
|
|
if(FreePathList) {
|
|
MyFree(PathList);
|
|
}
|
|
|
|
if(d != NO_ERROR) {
|
|
return d;
|
|
} else if(!InfPathLocation) {
|
|
return ERROR_FILE_NOT_FOUND;
|
|
}
|
|
|
|
if(RequiredSize) {
|
|
*RequiredSize = PathLength;
|
|
}
|
|
|
|
if(PathLength > FullInfPathSize) {
|
|
return ERROR_INSUFFICIENT_BUFFER;
|
|
}
|
|
|
|
CopyMemory(FullInfPath,
|
|
InfPathLocation,
|
|
PathLength * sizeof(TCHAR)
|
|
);
|
|
|
|
return NO_ERROR;
|
|
}
|
|
|
|
|
|
DWORD
|
|
MultiSzFromSearchControl(
|
|
IN DWORD SearchControl,
|
|
OUT PTCHAR PathList,
|
|
IN DWORD PathListSize,
|
|
OUT PDWORD RequiredSize OPTIONAL
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine takes a search control ordinal and builds a MultiSz list
|
|
based on the search list it specifies.
|
|
|
|
Arguments:
|
|
|
|
SearchControl - Specifies the directory list to be built. May be one
|
|
of the following values:
|
|
|
|
INFINFO_DEFAULT_SEARCH : %windir%\inf, then %windir%\system32
|
|
|
|
INFINFO_REVERSE_DEFAULT_SEARCH : reverse of the above
|
|
|
|
INFINFO_INF_PATH_LIST_SEARCH : Each of the directories listed in
|
|
the DevicePath value entry under:
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion.
|
|
|
|
PathList - Supplies the address of a character buffer that will receive
|
|
the MultiSz list.
|
|
|
|
PathListSize - Supplies the size, in characters, of the PathList buffer.
|
|
|
|
RequiredSize - Optionally, receives the number of characters required
|
|
to store the MultiSz PathList.
|
|
|
|
(NOTE: The user-supplied buffer is used to retrieve the value entry
|
|
from the registry. Therefore, if the value is a REG_EXPAND_SZ entry,
|
|
the RequiredSize parameter may be set too small on an
|
|
ERROR_INSUFFICIENT_BUFFER error. This will happen if the buffer was
|
|
too small to retrieve the value entry, before expansion. In this case,
|
|
calling the API again with a buffer sized according to the RequiredSize
|
|
output may fail with an ERROR_INSUFFICIENT_BUFFER yet again, since
|
|
expansion may require an even larger buffer.)
|
|
|
|
Return Value:
|
|
|
|
If successful, returns NO_ERROR.
|
|
If failure, returns an ERROR_* status code.
|
|
--*/
|
|
|
|
{
|
|
HKEY hk;
|
|
PCTSTR Path1, Path2;
|
|
PTSTR PathBuffer;
|
|
DWORD RegDataType, PathLength, PathLength1, PathLength2;
|
|
DWORD NumPaths, Err;
|
|
BOOL UseDefaultDevicePath;
|
|
|
|
if(PathList) {
|
|
Err = NO_ERROR; // assume success.
|
|
} else {
|
|
return ERROR_INVALID_PARAMETER;
|
|
}
|
|
|
|
UseDefaultDevicePath = FALSE;
|
|
|
|
if(SearchControl == INFINFO_INF_PATH_LIST_SEARCH) {
|
|
//
|
|
// Retrieve the INF search path list from the registry.
|
|
//
|
|
if(RegOpenKeyEx(HKEY_LOCAL_MACHINE,
|
|
pszPathSetup,
|
|
0,
|
|
KEY_READ,
|
|
&hk) != ERROR_SUCCESS) {
|
|
//
|
|
// Fall back to default (just the Inf directory).
|
|
//
|
|
UseDefaultDevicePath = TRUE;
|
|
|
|
} else {
|
|
|
|
PathBuffer = NULL;
|
|
|
|
try {
|
|
//
|
|
// Get the DevicePath value entry. Support REG_SZ or REG_EXPAND_SZ data.
|
|
//
|
|
PathLength = PathListSize * sizeof(TCHAR);
|
|
Err = RegQueryValueEx(hk,
|
|
pszDevicePath,
|
|
NULL,
|
|
&RegDataType,
|
|
(LPBYTE)PathList,
|
|
&PathLength
|
|
);
|
|
//
|
|
// Need path length in characters from now on.
|
|
//
|
|
PathLength /= sizeof(TCHAR);
|
|
|
|
if(Err == ERROR_SUCCESS) {
|
|
|
|
//
|
|
// Check if the callers buffer has room for extra NULL terminator.
|
|
//
|
|
if (PathLength >= PathListSize) {
|
|
|
|
PathLength++;
|
|
Err = ERROR_INSUFFICIENT_BUFFER;
|
|
|
|
} else if((RegDataType == REG_SZ) || (RegDataType == REG_EXPAND_SZ)) {
|
|
//
|
|
// Convert this semicolon-delimited list to a REG_MULTI_SZ.
|
|
//
|
|
NumPaths = DelimStringToMultiSz(PathList,
|
|
PathLength,
|
|
TEXT(';')
|
|
);
|
|
|
|
#if 0
|
|
if(RegDataType == REG_EXPAND_SZ) {
|
|
#endif
|
|
//
|
|
// Allocate a temporary buffer large enough to hold the number
|
|
// of paths in the MULTI_SZ list, each having maximum length
|
|
// (plus an extra terminating NULL at the end).
|
|
//
|
|
if(!(PathBuffer = MyMalloc((NumPaths * MAX_PATH * sizeof(TCHAR))
|
|
+ sizeof(TCHAR)))) {
|
|
Err = ERROR_NOT_ENOUGH_MEMORY;
|
|
goto clean0;
|
|
}
|
|
|
|
PathLength = 0;
|
|
for(Path1 = PathList;
|
|
*Path1;
|
|
Path1 += lstrlen(Path1) + 1) {
|
|
|
|
if(RegDataType == REG_EXPAND_SZ) {
|
|
PathLength += ExpandEnvironmentStrings(Path1,
|
|
PathBuffer + PathLength,
|
|
MAX_PATH
|
|
);
|
|
} else {
|
|
lstrcpy(PathBuffer + PathLength, Path1);
|
|
PathLength += lstrlen(Path1) + 1;
|
|
}
|
|
//
|
|
// If the last character in this path is a backslash, then strip
|
|
// it off.
|
|
// PathLength at this point includes terminating NULL
|
|
// char at PathBuffer[PathLength-1] is (or should be) NULL
|
|
// char at PathBuffer[PathLength-2] may be '\'
|
|
//
|
|
|
|
if(*CharPrev(PathBuffer,PathBuffer + PathLength - 1) == TEXT('\\')) {
|
|
*(PathBuffer + PathLength - 2) = TEXT('\0');
|
|
PathLength--;
|
|
}
|
|
}
|
|
//
|
|
// Add additional terminating NULL at the end.
|
|
//
|
|
*(PathBuffer + PathLength) = TEXT('\0');
|
|
|
|
if(++PathLength > PathListSize) {
|
|
Err = ERROR_INSUFFICIENT_BUFFER;
|
|
} else {
|
|
CopyMemory(PathList,
|
|
PathBuffer,
|
|
PathLength * sizeof(TCHAR)
|
|
);
|
|
}
|
|
|
|
MyFree(PathBuffer);
|
|
PathBuffer = NULL;
|
|
#if 0
|
|
}
|
|
#endif
|
|
|
|
} else {
|
|
//
|
|
// Bad data type--just use the Inf directory.
|
|
//
|
|
UseDefaultDevicePath = TRUE;
|
|
}
|
|
|
|
} else if(Err == ERROR_MORE_DATA){
|
|
Err = ERROR_INSUFFICIENT_BUFFER;
|
|
} else {
|
|
//
|
|
// Fall back to default (just the Inf directory).
|
|
//
|
|
UseDefaultDevicePath = TRUE;
|
|
}
|
|
|
|
clean0: ; // nothing to do
|
|
|
|
} except(EXCEPTION_EXECUTE_HANDLER) {
|
|
//
|
|
// Fall back to default (just the Inf directory).
|
|
//
|
|
UseDefaultDevicePath = TRUE;
|
|
|
|
if(PathBuffer) {
|
|
MyFree(PathBuffer);
|
|
}
|
|
}
|
|
|
|
RegCloseKey(hk);
|
|
}
|
|
}
|
|
|
|
if(UseDefaultDevicePath) {
|
|
|
|
PathLength = lstrlen(InfDirectory) + 2;
|
|
|
|
if(PathLength > PathListSize) {
|
|
Err = ERROR_INSUFFICIENT_BUFFER;
|
|
} else {
|
|
Err = NO_ERROR;
|
|
CopyMemory(PathList, InfDirectory, (PathLength - 1) * sizeof(TCHAR));
|
|
//
|
|
// Add extra NULL to terminate the list.
|
|
//
|
|
PathList[PathLength - 1] = TEXT('\0');
|
|
}
|
|
|
|
} else if((Err == NO_ERROR) && (SearchControl != INFINFO_INF_PATH_LIST_SEARCH)) {
|
|
|
|
switch(SearchControl) {
|
|
|
|
case INFINFO_DEFAULT_SEARCH :
|
|
Path1 = InfDirectory;
|
|
Path2 = SystemDirectory;
|
|
break;
|
|
|
|
case INFINFO_REVERSE_DEFAULT_SEARCH :
|
|
Path1 = SystemDirectory;
|
|
Path2 = InfDirectory;
|
|
break;
|
|
|
|
default :
|
|
return ERROR_INVALID_PARAMETER;
|
|
}
|
|
|
|
PathLength1 = lstrlen(Path1) + 1;
|
|
PathLength2 = lstrlen(Path2) + 1;
|
|
PathLength = PathLength1 + PathLength2 + 1;
|
|
|
|
if(PathLength > PathListSize) {
|
|
Err = ERROR_INSUFFICIENT_BUFFER;
|
|
} else {
|
|
|
|
CopyMemory(PathList, Path1, PathLength1 * sizeof(TCHAR));
|
|
CopyMemory(&(PathList[PathLength1]), Path2, PathLength2 * sizeof(TCHAR));
|
|
//
|
|
// Add additional terminating NULL at the end.
|
|
//
|
|
PathList[PathLength - 1] = 0;
|
|
}
|
|
}
|
|
|
|
if(((Err == NO_ERROR) || (Err == ERROR_INSUFFICIENT_BUFFER)) && RequiredSize) {
|
|
*RequiredSize = PathLength;
|
|
}
|
|
|
|
return Err;
|
|
}
|
|
|
|
|
|
PTSTR
|
|
AllocAndReturnDriverSearchList(
|
|
IN DWORD SearchControl
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine returns a buffer contains a multi-sz list of all directory paths in our
|
|
driver search path list.
|
|
|
|
The buffer returned must be freed with MyFree().
|
|
|
|
Arguments:
|
|
|
|
SearchControl - Specifies the directory list to be retrieved. May be one
|
|
of the following values:
|
|
|
|
INFINFO_DEFAULT_SEARCH : %windir%\inf, then %windir%\system32
|
|
|
|
INFINFO_REVERSE_DEFAULT_SEARCH : reverse of the above
|
|
|
|
INFINFO_INF_PATH_LIST_SEARCH : Each of the directories listed in
|
|
the DevicePath value entry under:
|
|
|
|
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion.
|
|
|
|
Returns:
|
|
|
|
Pointer to the allocated buffer containing the list, or NULL if out-of-memory.
|
|
|
|
--*/
|
|
{
|
|
PTSTR PathListBuffer, TrimBuffer;
|
|
DWORD BufferSize;
|
|
DWORD Err;
|
|
|
|
//
|
|
// Start out with a buffer of MAX_PATH length, which should cover most cases.
|
|
//
|
|
BufferSize = MAX_PATH;
|
|
if(PathListBuffer = MyMalloc((BufferSize+2) * sizeof(TCHAR))) {
|
|
//
|
|
// Loop on a call to MultiSzFromSearchControl until we succeed or hit some
|
|
// error other than buffer-too-small. There are two reasons for this. 1st, it
|
|
// is possible that someone could have added a new path to the registry list
|
|
// between calls, and 2nd, since that routine uses our buffer to retrieve the
|
|
// original (non-expanded) list, it can only report the size it needs to retrieve
|
|
// the unexpanded list. After it is given enough space to retrieve it, _then_ it
|
|
// can tell us how much space we really need.
|
|
//
|
|
// With all that said, we'll almost never see this call made more than once.
|
|
//
|
|
while(TRUE) {
|
|
|
|
if((Err = MultiSzFromSearchControl(SearchControl,
|
|
PathListBuffer,
|
|
BufferSize,
|
|
&BufferSize)) == NO_ERROR) {
|
|
//
|
|
// We've successfully retrieved the path list. If the list is larger
|
|
// than necessary (the normal case), then trim it down before returning.
|
|
// (If this fails it's no big deal--we'll just keep on using the original
|
|
// buffer.)
|
|
//
|
|
if(TrimBuffer = MyRealloc(PathListBuffer, (BufferSize+2) * sizeof(TCHAR))) {
|
|
return TrimBuffer;
|
|
} else {
|
|
return PathListBuffer;
|
|
}
|
|
|
|
} else {
|
|
//
|
|
// Free our current buffer before we find out what went wrong.
|
|
//
|
|
MyFree(PathListBuffer);
|
|
|
|
if((Err != ERROR_INSUFFICIENT_BUFFER) ||
|
|
!(PathListBuffer = MyMalloc((BufferSize+2) * sizeof(TCHAR)))) {
|
|
//
|
|
// We failed.
|
|
//
|
|
return NULL;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
return NULL;
|
|
}
|
|
|
|
|
|
BOOL
|
|
DoMove(
|
|
IN PCTSTR CurrentName,
|
|
IN PCTSTR NewName
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Wrapper for MoveFileEx on NT, DeleteFile followed by MoveFile on Win9x.
|
|
|
|
Arguments:
|
|
|
|
CurrentName - supplies the name of the file as it exists currently.
|
|
|
|
NewName - supplies the new name
|
|
|
|
Returns:
|
|
|
|
Boolean value indicating outcome. If failure, last error is set.
|
|
|
|
--*/
|
|
{
|
|
BOOL b;
|
|
|
|
//
|
|
// Try to be as efficient as possible on Windows NT.
|
|
//
|
|
if(OSVersionInfo.dwPlatformId == VER_PLATFORM_WIN32_NT) {
|
|
b = MoveFileEx(CurrentName,NewName,MOVEFILE_REPLACE_EXISTING);
|
|
} else {
|
|
DeleteFile(NewName);
|
|
b = MoveFile(CurrentName,NewName);
|
|
}
|
|
|
|
return(b);
|
|
}
|
|
|
|
|
|
BOOL
|
|
DelayedMove(
|
|
IN PCTSTR CurrentName,
|
|
IN PCTSTR NewName OPTIONAL
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Queue a file for copy or delete on next reboot.
|
|
|
|
On Windows NT this means using MoveFileEx(). On Win95 this means
|
|
using the wininit.ini mechanism.
|
|
|
|
It is assumed that the target file already exists. On Win95, we need
|
|
to know the short filename since the wininit.ini mechanism only understands
|
|
SFNs and we have to do a bunch of special crud to make this all work.
|
|
Note: we do NOT attempt to deal with the long filename of the target
|
|
when renaming on Win95. In other words, if the target name is not 8.3,
|
|
it will wind up as 8.3 after processing of wininit.ini is done!
|
|
If a referenced file does not exist we have no choice but to use
|
|
the name passed in, which better be 8.3!
|
|
|
|
Arguments:
|
|
|
|
CurrentName - supplies the name of the file as it exists currently.
|
|
|
|
NewName - if specified supplies the new name. If not specified
|
|
then the file named by CurrentName is deleted on next reboot.
|
|
|
|
Returns:
|
|
|
|
Boolean value indicating outcome. If failure, last error is set.
|
|
|
|
--*/
|
|
|
|
{
|
|
BOOL b;
|
|
DWORD err;
|
|
|
|
if(OSVersionInfo.dwPlatformId == VER_PLATFORM_WIN32_NT) {
|
|
|
|
b = MoveFileEx(
|
|
CurrentName,
|
|
NewName,
|
|
MOVEFILE_REPLACE_EXISTING | MOVEFILE_DELAY_UNTIL_REBOOT
|
|
);
|
|
|
|
} else {
|
|
|
|
#ifdef UNICODE
|
|
//
|
|
// The code below runs only on Win95 because of the version check
|
|
// just above. Thus we should never get here. The code below makes
|
|
// assumptions about maximum section lengths, etc, that are only
|
|
// valid on Win95. The SDK says that sections are limited to 32K,
|
|
// for example, and there are several hard-coded constants that take
|
|
// advantage of this.
|
|
//
|
|
b = FALSE;
|
|
err = ERROR_CALL_NOT_IMPLEMENTED;
|
|
#else
|
|
CHAR WininitFile[MAX_PATH];
|
|
CHAR NewSFN[MAX_PATH];
|
|
CHAR CurrentSFN[MAX_PATH];
|
|
CHAR *Buffer;
|
|
CHAR *p,*q;
|
|
DWORD Size;
|
|
DWORD d;
|
|
|
|
//
|
|
// Calculate full path of wininit.ini and get short filenames.
|
|
// We want to calculate the length of the data we're adding to
|
|
// wininit.ini up front, so we can leave room in the buffer
|
|
// (taking advantage of the 32K max section size on Win95).
|
|
// Trial and error dictates that when you get to that magic 32K
|
|
// number things can go really haywire unless you ensure you
|
|
// don't overflow a 16 bit signed 16-bit number, so we limit
|
|
// everything to 32767 to be safe.
|
|
//
|
|
// For renames, we add a line to delete the target file first.
|
|
// Not sure if this is really necessary, but it won't hurt anything.
|
|
//
|
|
if(Buffer = MyMalloc(32767)) {
|
|
|
|
lstrcpyn(WininitFile,WindowsDirectory,MAX_PATH);
|
|
pSetupConcatenatePaths(WininitFile,"WININIT.INI",MAX_PATH,NULL);
|
|
|
|
if(!GetShortPathName(CurrentName,CurrentSFN,MAX_PATH)) {
|
|
lstrcpyn(CurrentSFN,CurrentName,MAX_PATH);
|
|
}
|
|
if(NewName) {
|
|
if(!GetShortPathName(NewName,NewSFN,MAX_PATH)) {
|
|
lstrcpyn(NewSFN,NewName,MAX_PATH);
|
|
}
|
|
|
|
//
|
|
// NUL=NewSFN
|
|
// NewSFN=CurrentSFN
|
|
//
|
|
// plus terminating nul chars for each line.
|
|
//
|
|
Size = 3 + 1 + lstrlen(NewSFN) + 1
|
|
+ lstrlen(NewSFN) + 1 + lstrlen(CurrentSFN) + 1;
|
|
|
|
} else {
|
|
//
|
|
// NUL=CurrentSFN
|
|
//
|
|
// plus terminating nul char for the line
|
|
//
|
|
Size = 3 + 1 + lstrlen(CurrentSFN) + 1;
|
|
lstrcpy(NewSFN,"NUL");
|
|
}
|
|
|
|
//
|
|
// Fetch the section and see if the line is already in there.
|
|
// If so, we're done.
|
|
//
|
|
d = GetPrivateProfileSection("Rename",Buffer,32767,WininitFile);
|
|
for(p=Buffer; *p; p+=lstrlen(p)+1) {
|
|
if(q = _mbschr(p,'=')) {
|
|
*q = 0;
|
|
if(!lstrcmpi(p,NewSFN) && !lstrcmpi(q+1,CurrentSFN)) {
|
|
break;
|
|
}
|
|
*q = '=';
|
|
}
|
|
}
|
|
|
|
if((*p == 0) && (Size <= 32766-d)) {
|
|
//
|
|
// Add our line(s), and make sure we have that extra nul
|
|
// to terminate things properly. We guaranteed that there'd be
|
|
// enough room by the checks above.
|
|
//
|
|
if(NewName) {
|
|
d += wsprintf(Buffer+d,"NUL=%s",NewSFN) + 1;
|
|
d += wsprintf(Buffer+d,"%s=%s",NewSFN,CurrentSFN) + 1;
|
|
} else {
|
|
d += wsprintf(Buffer+d,"NUL=%s",CurrentSFN) + 1;
|
|
}
|
|
|
|
Buffer[d] = 0;
|
|
|
|
//
|
|
// Write the section back out.
|
|
//
|
|
b = WritePrivateProfileSection("Rename",Buffer,WininitFile);
|
|
err = b ? NO_ERROR : GetLastError();
|
|
} else {
|
|
//
|
|
// The section is full or the line was already there.
|
|
// Just ignore it (in the section full case there's nothing
|
|
// the user can do anyway).
|
|
//
|
|
b = TRUE;
|
|
err = NO_ERROR;
|
|
}
|
|
|
|
MyFree(Buffer);
|
|
} else {
|
|
b = FALSE;
|
|
err = ERROR_NOT_ENOUGH_MEMORY;
|
|
}
|
|
#endif
|
|
SetLastError(err);
|
|
|
|
}
|
|
|
|
return(b);
|
|
}
|
|
|
|
|
|
DWORD
|
|
IsInstalledCatalogFromOem(
|
|
IN PCTSTR CatalogFile
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Determin if a catalog is an OEM catalog.
|
|
|
|
Arguments:
|
|
|
|
CatalogFile - supplies name of catalog file.
|
|
|
|
Return Value:
|
|
|
|
BOOL. TRUE if the CatalogFile is an OEM Catalog file, and FALSE otherwise.
|
|
|
|
--*/
|
|
|
|
{
|
|
PTSTR p;
|
|
|
|
//
|
|
// First check that the first 3 characters are OEM
|
|
//
|
|
if (_tcsnicmp(CatalogFile, TEXT("oem"), 3)) {
|
|
|
|
return FALSE;
|
|
}
|
|
|
|
//
|
|
// Next verify that any characters after "oem" and before ".cat"
|
|
// are digits.
|
|
//
|
|
p = (PTSTR)CatalogFile;
|
|
p = CharNext(p);
|
|
p = CharNext(p);
|
|
p = CharNext(p);
|
|
|
|
while ((*p != TEXT('\0')) && (*p != TEXT('.'))) {
|
|
|
|
if ((*p < TEXT('0')) || (*p > TEXT('9'))) {
|
|
|
|
return FALSE;
|
|
}
|
|
|
|
p = CharNext(p);
|
|
}
|
|
|
|
//
|
|
// Finally, verify that the last 4 characters are ".cat"
|
|
//
|
|
if (lstrcmpi(p, TEXT(".cat"))) {
|
|
|
|
return FALSE;
|
|
}
|
|
|
|
//
|
|
// This is an OEM catalog file
|
|
//
|
|
return TRUE;
|
|
}
|
|
|
|
|
|
DWORD
|
|
pSetupInstallCatalog(
|
|
IN LPCTSTR CatalogFullPath,
|
|
IN LPCTSTR NewBaseName, OPTIONAL
|
|
OUT LPTSTR NewCatalogFullPath OPTIONAL
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine installs a catalog file. The file is copied by the system
|
|
into a special directory, and is optionally renamed.
|
|
|
|
Arguments:
|
|
|
|
CatalogFullPath - supplies the fully-qualified win32 path of the catalog
|
|
to be installed on the system.
|
|
|
|
NewBaseName - optionally specifies the new base name to use when the
|
|
catalog file is copied into the catalog store. If not specified,
|
|
the basename will be generated by CryptCATAdminAddCatalog.
|
|
|
|
NewCatalogFullPath - optionally receives the fully-qualified path of the
|
|
catalog file within the catalog store. This buffer should be at least
|
|
MAX_PATH bytes (ANSI version) or chars (Unicode version).
|
|
|
|
** NOTE: If we're running in "minimal embedded" mode, then we don't **
|
|
** actually call any of the Crypto APIs, and instead always simply **
|
|
** report success. In this case, the caller had better not have **
|
|
** specified an OUT buffer for NewCatalogFullPath, because we won't **
|
|
** have a path to report. If we run into this case, we'll instead **
|
|
** report failure. What this really says is that nobody other than **
|
|
** setupapi should ever be passing a non-NULL value for this arg. **
|
|
|
|
Return Value:
|
|
|
|
If successful, the return value is NO_ERROR.
|
|
If failure, the return value is a Win32 error code indicating the cause of
|
|
the failure.
|
|
|
|
--*/
|
|
|
|
{
|
|
DWORD Err;
|
|
HCATADMIN hCatAdmin;
|
|
HCATINFO hCatInfo;
|
|
CATALOG_INFO CatalogInfo;
|
|
LPWSTR catalogFullPath;
|
|
LPWSTR newBaseName;
|
|
|
|
if(GlobalSetupFlags & PSPGF_MINIMAL_EMBEDDED) {
|
|
//
|
|
// If someone called us expecting the new catalog's full path to be
|
|
// returned, they're outta luck...
|
|
//
|
|
MYASSERT(!NewCatalogFullPath);
|
|
if(NewCatalogFullPath) {
|
|
//
|
|
// In minimal embedded mode, a non-NULL NewCatalogFullPath arg is
|
|
// an invalid parameter...
|
|
//
|
|
return ERROR_INVALID_PARAMETER;
|
|
|
|
} else {
|
|
//
|
|
// Simply report success.
|
|
//
|
|
return NO_ERROR;
|
|
}
|
|
}
|
|
|
|
if(GlobalSetupFlags & PSPGF_AUTOFAIL_VERIFIES) {
|
|
return TRUST_E_FAIL;
|
|
}
|
|
|
|
Err = NO_ERROR;
|
|
catalogFullPath = NULL;
|
|
newBaseName = NULL;
|
|
|
|
if(!CryptCATAdminAcquireContext(&hCatAdmin,&DriverVerifyGuid,0)) {
|
|
Err = GetLastError();
|
|
MYASSERT(Err != NO_ERROR);
|
|
if(Err == NO_ERROR) {
|
|
Err = ERROR_INVALID_DATA;
|
|
}
|
|
} else {
|
|
|
|
#ifdef UNICODE
|
|
//
|
|
// We do this even for the Unicode case because CryptCATAdminAddCatalog
|
|
// takes non-const strings and I have no idea whatsoever whether this
|
|
// was just sloppiness or a real requirement, and no desire to mess
|
|
// around trying to figure it out.
|
|
//
|
|
if(catalogFullPath = DuplicateString(CatalogFullPath)) {
|
|
if(NewBaseName) {
|
|
newBaseName = DuplicateString(NewBaseName);
|
|
if(!newBaseName) {
|
|
Err = ERROR_NOT_ENOUGH_MEMORY;
|
|
}
|
|
}
|
|
} else {
|
|
Err = ERROR_NOT_ENOUGH_MEMORY;
|
|
}
|
|
#else
|
|
if(catalogFullPath = pSetupAnsiToUnicode(CatalogFullPath)) {
|
|
if(NewBaseName) {
|
|
newBaseName = pSetupAnsiToUnicode(NewBaseName);
|
|
if(!newBaseName) {
|
|
Err = ERROR_NOT_ENOUGH_MEMORY;
|
|
}
|
|
}
|
|
} else {
|
|
Err = ERROR_NOT_ENOUGH_MEMORY;
|
|
}
|
|
#endif
|
|
|
|
if(Err == NO_ERROR) {
|
|
|
|
hCatInfo = CryptCATAdminAddCatalog(hCatAdmin,catalogFullPath,newBaseName,0);
|
|
|
|
if(!hCatInfo) {
|
|
Err = GetLastError();
|
|
MYASSERT(Err != NO_ERROR);
|
|
if(Err == NO_ERROR) {
|
|
Err = ERROR_INVALID_DATA;
|
|
}
|
|
|
|
//
|
|
// If the error we received is ERROR_ALREADY_EXISTS, then that
|
|
// indicates that the exact same catalog was already present
|
|
// (and installed under the same name). Treat this as a
|
|
// success (assuming we can get the full pathname of the
|
|
// existing catalog).
|
|
//
|
|
if(Err == ERROR_ALREADY_EXISTS) {
|
|
//
|
|
// We should never get this if we asked crypto to auto-
|
|
// generate a name for us...
|
|
//
|
|
MYASSERT(newBaseName);
|
|
|
|
if(NewCatalogFullPath) {
|
|
|
|
if(newBaseName) {
|
|
//
|
|
// Resolve the catalog base filename to a fully-
|
|
// qualified path.
|
|
//
|
|
CatalogInfo.cbStruct = sizeof(CATALOG_INFO);
|
|
|
|
if(CryptCATAdminResolveCatalogPath(hCatAdmin,
|
|
newBaseName,
|
|
&CatalogInfo,
|
|
0)) {
|
|
//
|
|
// We successfully resolved the filename, so we
|
|
// can report success
|
|
//
|
|
Err = NO_ERROR;
|
|
}
|
|
}
|
|
|
|
} else {
|
|
//
|
|
// Caller isn't interested in finding out what pathname
|
|
// the catalog was installed under...
|
|
//
|
|
Err = NO_ERROR;
|
|
}
|
|
}
|
|
|
|
} else {
|
|
//
|
|
// If the caller wants to know the full path under which the
|
|
// catalog got installed, then find that out now.
|
|
//
|
|
if(NewCatalogFullPath) {
|
|
|
|
CatalogInfo.cbStruct = sizeof(CATALOG_INFO);
|
|
if(!CryptCATCatalogInfoFromContext(hCatInfo,&CatalogInfo,0)) {
|
|
Err = GetLastError();
|
|
MYASSERT(Err != NO_ERROR);
|
|
if(Err == NO_ERROR) {
|
|
Err = ERROR_INVALID_DATA;
|
|
}
|
|
}
|
|
}
|
|
|
|
CryptCATAdminReleaseCatalogContext(hCatAdmin, hCatInfo, 0);
|
|
}
|
|
|
|
//
|
|
// If we succeeded in retrieving the installed catalog's full path
|
|
// (and the caller requested it), fill in the caller's buffer now.
|
|
//
|
|
if((Err == NO_ERROR) && NewCatalogFullPath) {
|
|
|
|
#ifdef UNICODE
|
|
lstrcpyn(NewCatalogFullPath, CatalogInfo.wszCatalogFile, MAX_PATH);
|
|
#else
|
|
WideCharToMultiByte(
|
|
CP_ACP,
|
|
0,
|
|
CatalogInfo.wszCatalogFile,
|
|
-1,
|
|
NewCatalogFullPath,
|
|
MAX_PATH,
|
|
NULL,
|
|
NULL
|
|
);
|
|
#endif
|
|
}
|
|
}
|
|
CryptCATAdminReleaseContext(hCatAdmin, 0);
|
|
}
|
|
|
|
if(catalogFullPath) {
|
|
MyFree(catalogFullPath);
|
|
}
|
|
if(newBaseName) {
|
|
MyFree(newBaseName);
|
|
}
|
|
|
|
return Err;
|
|
}
|
|
|
|
|
|
DWORD
|
|
pSetupVerifyCatalogFile(
|
|
IN LPCTSTR CatalogFullPath
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine verifies a single catalog file. A catalog file is
|
|
"self-verifying" in that there is no additional file or data required
|
|
to verify it.
|
|
|
|
Arguments:
|
|
|
|
CatalogFullPath - supplies the fully-qualified Win32 path of
|
|
the catalog file to be verified.
|
|
|
|
Return Value:
|
|
|
|
If successful, the return value is ERROR_SUCCESS.
|
|
If failure, the return value is the error returned from WinVerifyTrust.
|
|
|
|
--*/
|
|
|
|
{
|
|
WINTRUST_DATA WintrustData;
|
|
WINTRUST_FILE_INFO WintrustFileInfo;
|
|
#ifndef UNICODE
|
|
WCHAR UnicodeBuffer[MAX_PATH];
|
|
#endif
|
|
|
|
if(GlobalSetupFlags & PSPGF_MINIMAL_EMBEDDED) {
|
|
return ERROR_SUCCESS;
|
|
}
|
|
|
|
if(GlobalSetupFlags & PSPGF_AUTOFAIL_VERIFIES) {
|
|
return TRUST_E_FAIL;
|
|
}
|
|
|
|
ZeroMemory(&WintrustData, sizeof(WINTRUST_DATA));
|
|
WintrustData.cbStruct = sizeof(WINTRUST_DATA);
|
|
WintrustData.dwUIChoice = WTD_UI_NONE;
|
|
WintrustData.fdwRevocationChecks = WTD_REVOKE_NONE;
|
|
WintrustData.dwUnionChoice = WTD_CHOICE_FILE;
|
|
WintrustData.pFile = &WintrustFileInfo;
|
|
WintrustData.dwProvFlags = WTD_REVOCATION_CHECK_NONE;
|
|
ZeroMemory(&WintrustFileInfo, sizeof(WINTRUST_FILE_INFO));
|
|
WintrustFileInfo.cbStruct = sizeof(WINTRUST_FILE_INFO);
|
|
|
|
#ifdef UNICODE
|
|
WintrustFileInfo.pcwszFilePath = CatalogFullPath;
|
|
#else
|
|
MultiByteToWideChar(CP_ACP, 0, CatalogFullPath, -1, UnicodeBuffer, MAX_PATH);
|
|
WintrustFileInfo.pcwszFilePath = UnicodeBuffer;
|
|
#endif
|
|
|
|
return (DWORD)WinVerifyTrust(NULL, &DriverVerifyGuid, &WintrustData);
|
|
}
|
|
|
|
|
|
DWORD
|
|
pSetupUninstallCatalog(
|
|
IN LPCTSTR CatalogFilename
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine uninstalls a catalog, so it can no longer be used to validate
|
|
digital signatures.
|
|
|
|
Arguments:
|
|
|
|
CatalogFilename - supplies the simple filename of the catalog to be
|
|
uninstalled.
|
|
|
|
Return Value:
|
|
|
|
If successful, the return value is NO_ERROR.
|
|
If failure, the return value is a Win32 error code indicating the cause of
|
|
the failure.
|
|
|
|
--*/
|
|
|
|
{
|
|
DWORD Err;
|
|
HCATADMIN hCatAdmin;
|
|
#ifdef UNICODE
|
|
//
|
|
// Presently, the crypto API CryptCATAdminRemoveCatalog defines its 2nd
|
|
// parameter as a PWSTR, even though it's an IN param that should be CONST.
|
|
// ReidK is going to fix this to be PCWSTR instead, so I'm safe in casting
|
|
// away the const-ness of my CatalogFilename arg here. (Once Reid's
|
|
// check-in happens, I can remove this cast.)
|
|
//
|
|
#define LocalCatName ((PWSTR)CatalogFilename)
|
|
#else
|
|
WCHAR LocalCatName[MAX_PATH];
|
|
|
|
//
|
|
// Crypto APIs are Unicode-only, so convert the catalog filename from
|
|
// ANSI to Unicode...
|
|
//
|
|
if(!MultiByteToWideChar(CP_ACP,
|
|
MB_PRECOMPOSED,
|
|
CatalogFilename,
|
|
-1,
|
|
LocalCatName,
|
|
SIZECHARS(LocalCatName))) {
|
|
|
|
return GetLastError();
|
|
}
|
|
#endif
|
|
|
|
if(GlobalSetupFlags & PSPGF_MINIMAL_EMBEDDED) {
|
|
return NO_ERROR;
|
|
}
|
|
|
|
if(GlobalSetupFlags & PSPGF_AUTOFAIL_VERIFIES) {
|
|
return TRUST_E_FAIL;
|
|
}
|
|
|
|
Err = NO_ERROR;
|
|
|
|
if(!CryptCATAdminAcquireContext(&hCatAdmin, &DriverVerifyGuid, 0)) {
|
|
Err = GetLastError();
|
|
MYASSERT(Err != NO_ERROR);
|
|
if(Err == NO_ERROR) {
|
|
Err = ERROR_INVALID_DATA;
|
|
}
|
|
} else {
|
|
|
|
if(!CryptCATAdminRemoveCatalog(hCatAdmin, LocalCatName, 0)) {
|
|
Err = GetLastError();
|
|
MYASSERT(Err != NO_ERROR);
|
|
if(Err == NO_ERROR) {
|
|
Err = ERROR_INVALID_DATA;
|
|
}
|
|
}
|
|
CryptCATAdminReleaseContext(hCatAdmin, 0);
|
|
}
|
|
|
|
return Err;
|
|
}
|
|
|
|
|
|
BOOL
|
|
pAnyDeviceUsingInf(
|
|
IN LPCTSTR InfFullPath,
|
|
IN PSETUP_LOG_CONTEXT LogContext OPTIONAL
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine checks if any device, live or phantom, is using this INF file,
|
|
and logs if they are.
|
|
|
|
Arguments:
|
|
|
|
InfFullPath - supplies the full path of the INF.
|
|
|
|
LogContext - optionally, Supplies the log context to be used if
|
|
a device using this INF is encountered.
|
|
|
|
Return Value:
|
|
|
|
TRUE if any device is still using this INF, FALSE if no devices are using
|
|
this INF.
|
|
|
|
--*/
|
|
|
|
{
|
|
DWORD Err = NO_ERROR;
|
|
HDEVINFO DeviceInfoSet;
|
|
SP_DEVINFO_DATA DeviceInfoData;
|
|
DWORD MemberIndex = 0;
|
|
HKEY hkey;
|
|
TCHAR CurrentDeviceInfFile[MAX_PATH];
|
|
TCHAR DeviceId[MAX_DEVICE_ID_LEN];
|
|
DWORD cbSize, dwType;
|
|
PTSTR pInfFile;
|
|
|
|
//
|
|
// If we are passed a NULL InfFullPath or an enpty string then just
|
|
// return FALSE since nobody is using this.
|
|
//
|
|
if (!InfFullPath || (InfFullPath[0] == TEXT('\0'))) {
|
|
return FALSE;
|
|
}
|
|
|
|
pInfFile = (PTSTR)pSetupGetFileTitle(InfFullPath);
|
|
|
|
DeviceInfoSet = SetupDiGetClassDevs(NULL, NULL, NULL, DIGCF_ALLCLASSES);
|
|
|
|
if (DeviceInfoSet != INVALID_HANDLE_VALUE) {
|
|
DeviceInfoData.cbSize = sizeof(DeviceInfoData);
|
|
|
|
while (SetupDiEnumDeviceInfo(DeviceInfoSet,
|
|
MemberIndex++,
|
|
&DeviceInfoData)) {
|
|
|
|
//
|
|
// Open the 'driver' key for this device.
|
|
//
|
|
hkey = SetupDiOpenDevRegKey(DeviceInfoSet,
|
|
&DeviceInfoData,
|
|
DICS_FLAG_GLOBAL,
|
|
0,
|
|
DIREG_DRV,
|
|
KEY_READ);
|
|
|
|
if (hkey != INVALID_HANDLE_VALUE) {
|
|
|
|
cbSize = sizeof(CurrentDeviceInfFile);
|
|
dwType = REG_SZ;
|
|
|
|
if ((RegQueryValueEx(hkey,
|
|
pszInfPath,
|
|
NULL,
|
|
&dwType,
|
|
(LPBYTE)CurrentDeviceInfFile,
|
|
&cbSize) == ERROR_SUCCESS) &&
|
|
(lstrcmpi(CurrentDeviceInfFile, pInfFile) == 0)) {
|
|
//
|
|
// This key is using this INF file so the INF can't be
|
|
// deleted.
|
|
//
|
|
Err = ERROR_SHARING_VIOLATION;
|
|
|
|
if (LogContext) {
|
|
if(CM_Get_Device_ID(DeviceInfoData.DevInst,
|
|
DeviceId,
|
|
SIZECHARS(DeviceId),
|
|
0
|
|
) != CR_SUCCESS ) {
|
|
DeviceId[0] = TEXT('\0');
|
|
}
|
|
|
|
WriteLogEntry(LogContext,
|
|
SETUP_LOG_WARNING,
|
|
MSG_LOG_INF_IN_USE,
|
|
NULL,
|
|
pInfFile,
|
|
DeviceId
|
|
);
|
|
}
|
|
}
|
|
|
|
|
|
RegCloseKey(hkey);
|
|
}
|
|
}
|
|
} else {
|
|
Err = ERROR_OUTOFMEMORY;
|
|
}
|
|
|
|
return (Err != ERROR_SUCCESS);
|
|
}
|
|
|
|
|
|
VOID
|
|
pSetupUninstallOEMInf(
|
|
IN LPCTSTR InfFullPath,
|
|
IN PSETUP_LOG_CONTEXT LogContext, OPTIONAL
|
|
IN DWORD Flags,
|
|
OUT PDWORD InfDeleteErr OPTIONAL
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine uninstalls a 3rd-party INF, PNF, and CAT (if one exists).
|
|
|
|
By default this routine will first verify that there aren't any other
|
|
device's, live and phantom, that are pointing their InfPath to this
|
|
INF. This behavior can be overridden by the SUOI_FORCEDELETE flag.
|
|
|
|
Arguments:
|
|
|
|
InfFullPath - supplies the full path of the INF to be uninstalled.
|
|
|
|
LogContext - optionally, supplies the log context to be used if we
|
|
encounter an error when attempting to delete the catalog.
|
|
|
|
Flags - the following flags are supported:
|
|
SUOI_FORCEDELETE - delete the INF even if other driver keys are
|
|
have their InfPath pointing to it.
|
|
|
|
InfDeleteErr - optionally, supplies the address of a variable that receives
|
|
the error (if any) encountered when attempting to delete the INF.
|
|
Note that we delete the INF last (to avoid race conditions), so the
|
|
corresponding CAT and PNF may have already been deleted at this point.
|
|
|
|
Return Value:
|
|
|
|
None.
|
|
|
|
--*/
|
|
|
|
{
|
|
DWORD Err;
|
|
TCHAR FileNameBuffer[MAX_PATH+4]; // +4 in case filename is blahblah. not blahblah.inf
|
|
BOOL FreeLogContext = FALSE;
|
|
LPTSTR ExtPtr= NULL;
|
|
|
|
if(InfDeleteErr) {
|
|
*InfDeleteErr = NO_ERROR;
|
|
}
|
|
|
|
if(!LogContext) {
|
|
|
|
if(NO_ERROR == CreateLogContext(NULL, TRUE, &LogContext)) {
|
|
//
|
|
// Remember that we created this log context locally, so we can
|
|
// free it when we're done with this routine.
|
|
//
|
|
FreeLogContext = TRUE;
|
|
|
|
} else {
|
|
//
|
|
// Ensure LogContext is still NULL so we won't try to use it.
|
|
//
|
|
LogContext = NULL;
|
|
}
|
|
}
|
|
|
|
//
|
|
// Unless the caller passed in the SUOI_FORCEDELETE flag first check that
|
|
// no devices are using this INF file.
|
|
//
|
|
if (!(Flags & SUOI_FORCEDELETE) &&
|
|
pAnyDeviceUsingInf(InfFullPath, LogContext)) {
|
|
//
|
|
// Some device is still using this INF so we can't delete it. We don't
|
|
// need to log anything at this point since we log every device using
|
|
// this INF in pAnyDevicesUsingInf().
|
|
//
|
|
*InfDeleteErr = GetLastError();
|
|
goto clean0;
|
|
}
|
|
|
|
//
|
|
// Copy the caller-supplied INF name into a local buffer, so we can modify
|
|
// it when deleting the various files (INF, PNF, and CAT).
|
|
//
|
|
lstrcpyn(FileNameBuffer, InfFullPath, SIZECHARS(FileNameBuffer));
|
|
|
|
//
|
|
// Uninstall the catalog (if any) first, because as soon as we delete the
|
|
// INF, that slot is "open" for use by another INF, and we wouldn't want to
|
|
// inadvertently delete someone else's catalog due to a race condition.
|
|
//
|
|
ExtPtr = _tcsrchr(FileNameBuffer, TEXT('.'));
|
|
if(!ExtPtr) {
|
|
//
|
|
// not xxx.inf, so we know there is no catalog to delete
|
|
//
|
|
return;
|
|
}
|
|
lstrcpy(ExtPtr, pszCatSuffix);
|
|
Err = pSetupUninstallCatalog(pSetupGetFileTitle(FileNameBuffer));
|
|
|
|
if((Err != NO_ERROR) && LogContext) {
|
|
//
|
|
// It's kinda important that we were unable to delete the catalog, but
|
|
// not important enough to fail the routine. Log this fact to
|
|
// setupapi.log...
|
|
//
|
|
WriteLogEntry(LogContext,
|
|
DEL_ERR_LOG_LEVEL(Err) | SETUP_LOG_BUFFER,
|
|
MSG_LOG_CAT_UNINSTALL_FAILED,
|
|
NULL,
|
|
pSetupGetFileTitle(FileNameBuffer)
|
|
);
|
|
|
|
WriteLogError(LogContext,
|
|
DEL_ERR_LOG_LEVEL(Err),
|
|
Err
|
|
);
|
|
}
|
|
|
|
//
|
|
// Now delete the PNF (we don't care so much if this succeeds or fails)...
|
|
//
|
|
lstrcpy(_tcsrchr(FileNameBuffer, TEXT('.')), pszPnfSuffix);
|
|
DeleteFile(FileNameBuffer);
|
|
|
|
//
|
|
// and finally the INF itself...
|
|
//
|
|
lstrcpy(_tcsrchr(FileNameBuffer, TEXT('.')), pszInfSuffix);
|
|
|
|
if(!DeleteFile(FileNameBuffer) && InfDeleteErr) {
|
|
*InfDeleteErr = GetLastError();
|
|
}
|
|
|
|
clean0:
|
|
if(FreeLogContext) {
|
|
DeleteLogContext(LogContext);
|
|
}
|
|
}
|
|
|
|
|
|
DWORD
|
|
_VerifyFile(
|
|
IN PSETUP_LOG_CONTEXT LogContext,
|
|
IN OUT HCATADMIN *hCatAdmin, OPTIONAL
|
|
IN OUT HSDB *hSDBDrvMain, OPTIONAL
|
|
IN LPCTSTR Catalog, OPTIONAL
|
|
IN PVOID CatalogBaseAddress, OPTIONAL
|
|
IN DWORD CatalogImageSize,
|
|
IN LPCTSTR Key,
|
|
IN LPCTSTR FileFullPath,
|
|
OUT SetupapiVerifyProblem *Problem, OPTIONAL
|
|
OUT LPTSTR ProblemFile, OPTIONAL
|
|
IN BOOL CatalogAlreadyVerified,
|
|
IN PSP_ALTPLATFORM_INFO_V2 AltPlatformInfo, OPTIONAL
|
|
IN DWORD Flags, OPTIONAL
|
|
OUT LPTSTR CatalogFileUsed, OPTIONAL
|
|
OUT PDWORD NumCatalogsConsidered, OPTIONAL
|
|
OUT LPTSTR DigitalSigner, OPTIONAL
|
|
OUT LPTSTR SignerVersion OPTIONAL
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine verifies a single file against a particular catalog file, or
|
|
against any installed catalog file.
|
|
|
|
Arguments:
|
|
|
|
LogContext - supplies the context to be used when logging information about
|
|
the routine's activities.
|
|
|
|
hCatAdmin - optionally, supplies the address of an HCATADMIN handle. If
|
|
the handle pointed to is NULL, a handle will be acquired (if possible)
|
|
via CryptCATAdminAcquireContext and returned to the caller. If the
|
|
handle pointed to is non-NULL, then that handle will be used for any
|
|
validation done via this routine. If the pointer itself is NULL, then
|
|
an hCatAdmin will be acquired for the duration of this call, and
|
|
released before returning.
|
|
|
|
NOTE: it is the caller's responsibility to free the crypto context
|
|
handle returned by this routine by calling CryptCATAdminReleaseContext.
|
|
This handle may be opened in either success or failure cases, so the
|
|
caller must check for non-NULL returned handle in both cases.
|
|
|
|
hSDBDrvMain - optionally, supplies the address of a handle to the
|
|
drvmain.sdb database. If the handle pointed to is NULL, a handle will
|
|
be acquired (if possible) via SdbInitDatabase and returned to the
|
|
caller. If the handle pointed to is non-NULL, then that handle will be
|
|
used for bad driver database lookup (if requested) in this routine. If
|
|
the pointer itself is NULL, then an HSDB will be acquired for the
|
|
duration of this call (if needed), and released before returning.
|
|
|
|
NOTE: it is the caller's responsibility to free the handle returned by
|
|
this routine by calling SdbReleaseDatabase. This handle may be opened
|
|
in either success or failure cases, so the caller must check for
|
|
non-NULL returned handle in both cases.
|
|
|
|
Catalog - optionally, supplies the path of the catalog file to be used for
|
|
the verification. If this argument is not specified, then this routine
|
|
will attempt to find a catalog that can verify it from among all
|
|
catalogs installed in the system.
|
|
|
|
If this path is a simple filename (no path components), then we'll look
|
|
up that catalog file in the CatAdmin's list of installed catalogs, else
|
|
we'll use the name as-is.
|
|
|
|
CatalogBaseAddress - optionally, supplies the address of a buffer containing
|
|
the entire catalog image with which our enumerated catalog must match
|
|
before being considered a correct validation. This is used when copying
|
|
OEM INFs, for example, when there may be multiple installed catalogs
|
|
that can validate an INF, but we want to make sure that we pick _the_
|
|
catalog that matches the one we're contemplating installing before we'll
|
|
consider our INF/CAT files to be duplicates of the previously-existing
|
|
files.
|
|
|
|
This parameter (and its partner, CatalogImageSize) are only used when
|
|
Catalog doesn't specify a file path.
|
|
|
|
CatalogImageSize - if CatalogBaseAddress is specified, this parameter give
|
|
the size, in bytes, of that buffer.
|
|
|
|
Key - supplies a value that "indexes" the catalog, telling the verify APIs
|
|
which signature datum within the catalog it should use. Typically
|
|
the key is the (original) filename of a file.
|
|
|
|
FileFullPath - supplies the full path of the file to be verified.
|
|
|
|
Problem - if supplied, this parameter points to a variable that will be
|
|
filled in upon unsuccessful return with the cause of failure. If this
|
|
parameter is not supplied, then the ProblemFile parameter is ignored.
|
|
|
|
ProblemFile - if supplied, this parameter points to a character buffer of at
|
|
least MAX_PATH characters that receives the name of the file for which
|
|
a verification error occurred (the contents of this buffer are undefined
|
|
if verification succeeds.
|
|
|
|
If the Problem parameter is supplied, then the ProblemFile parameter
|
|
must also be specified.
|
|
|
|
CatalogAlreadyVerified - if TRUE, then verification won't be done on the
|
|
catalog--we'll just use that catalog to validate the file of interest.
|
|
If this is TRUE, then Catalog must be specified, must contain the path
|
|
to the catalog file (i.e., it can't be a simple filename).
|
|
|
|
AltPlatformInfo - optionally, supplies alternate platform information used
|
|
to fill in a DRIVER_VER_INFO structure (defined in sdk\inc\softpub.h)
|
|
that is passed to WinVerifyTrust.
|
|
|
|
** NOTE: This structure _must_ have its cbSize field set to **
|
|
** sizeof(SP_ALTPLATFORM_INFO_V2) -- validation on client-supplied **
|
|
** buffer is the responsibility of the caller. **
|
|
|
|
Flags - supplies flags that alter that behavior of this routine. May be a
|
|
combination of the following values:
|
|
|
|
VERIFY_FILE_IGNORE_SELFSIGNED - if this bit is set, then this routine
|
|
will fail validation for self-signed
|
|
binaries.
|
|
|
|
VERIFY_FILE_USE_OEM_CATALOGS - if this bit is set, then all catalogs
|
|
installed in the system will be scanned
|
|
to verify the given file. Otherwise,
|
|
OEM (3rd party) catalogs will NOT be
|
|
scanned to verify the given file. This
|
|
is only applicable if a catalog is not
|
|
specified.
|
|
|
|
VERIFY_FILE_FAIL_COPIED_INFS - This flag is ignored. (It is only used
|
|
by the VerifySourceFile routine.)
|
|
|
|
VERIFY_FILE_DRIVERBLOCKED_ONLY - Only check if the file is in the bad
|
|
driver database, don't do any digital
|
|
sigature validation.
|
|
|
|
VERIFY_FILE_NO_DRIVERBLOCKED_CHECK - Don't check if the file is blocked
|
|
via the Bad Driver Database.
|
|
|
|
CatalogFileUsed - if supplied, this parameter points to a character buffer
|
|
at least MAX_PATH characters big that receives the name of the catalog
|
|
file used to verify the specified file. This is only filled in upon
|
|
successful return, or when the Problem is SetupapiVerifyFileProblem
|
|
(i.e., the catalog verified, but the file did not). If this buffer is
|
|
set to the empty string upon a SetupapiVerifyFileProblem failure, then
|
|
we didn't find any applicable catalogs to use for validation.
|
|
|
|
Also, this buffer will contain an empty string upon successful return
|
|
if the file was validated without using a catalog (i.e., the file
|
|
contains its own signature).
|
|
|
|
NumCatalogsConsidered - if supplied, this parameter receives a count of the
|
|
number of catalogs against which verification was attempted. Of course,
|
|
if Catalog is specified, this number will always be either zero or one.
|
|
|
|
DigitalSigner - if supplied, this parameter points to a character buffer of
|
|
at least MAX_PATH characters that receives the name of who digitally
|
|
signed the specified file. This value is only set if the Key is
|
|
correctly signed (i.e. the function returns NO_ERROR).
|
|
|
|
SignerVersion - if supplied, this parameter points to a character buffer of
|
|
at least MAX_PATH characters that receives the the signer version as
|
|
returned in the szwVerion field of the DRIVER_VER_INFO structure in
|
|
our call to WinVerifyTrust.
|
|
|
|
Return Value:
|
|
|
|
If successful, the return value is NO_ERROR.
|
|
If failure, the return value is a Win32 error code indicating the cause of
|
|
the failure.
|
|
|
|
--*/
|
|
|
|
{
|
|
LPBYTE Hash;
|
|
DWORD HashSize;
|
|
CATALOG_INFO CatInfo;
|
|
HANDLE hFile = INVALID_HANDLE_VALUE;
|
|
HCATINFO hCatInfo;
|
|
HCATINFO PrevCat;
|
|
DWORD Err;
|
|
WINTRUST_DATA WintrustData;
|
|
WINTRUST_CATALOG_INFO WintrustCatalogInfo;
|
|
WINTRUST_FILE_INFO WintrustFileInfo;
|
|
DRIVER_VER_INFO VersionInfo;
|
|
LPTSTR CatalogFullPath;
|
|
WCHAR UnicodeKey[MAX_PATH];
|
|
#ifndef UNICODE
|
|
CHAR AnsiBuffer[MAX_PATH];
|
|
#endif
|
|
WIN32_FILE_ATTRIBUTE_DATA FileAttribData;
|
|
BOOL FoundMatchingImage;
|
|
DWORD CurCatFileSize;
|
|
HANDLE CurCatFileHandle, CurCatMappingHandle;
|
|
PVOID CurCatBaseAddress;
|
|
BOOL LoggedWarning;
|
|
BOOL TrySelfSign;
|
|
DWORD AltPlatSlot;
|
|
TAGREF tagref = TAGREF_NULL;
|
|
HCATADMIN LocalhCatAdmin = NULL;
|
|
#ifdef UNICODE
|
|
HSDB LocalhSDBDrvMain = NULL;
|
|
#endif
|
|
|
|
//
|
|
// Initialize the CatalogFileUsed parameter to an empty string (i.e., no
|
|
// applicable catalog at this point).
|
|
//
|
|
if(CatalogFileUsed) {
|
|
*CatalogFileUsed = TEXT('\0');
|
|
}
|
|
|
|
//
|
|
// Initialize the output counter indicating the number of catalog files we
|
|
// processed during the attempted verification.
|
|
//
|
|
if(NumCatalogsConsidered) {
|
|
*NumCatalogsConsidered = 0;
|
|
}
|
|
|
|
if(GlobalSetupFlags & PSPGF_MINIMAL_EMBEDDED) {
|
|
//
|
|
// The existing behavior of this API in the ANSI case where the crypto
|
|
// APIs aren't available is to set the CatalogFileUsed OUT param to an
|
|
// empty string and report NO_ERROR. We'll do the same thing here (but
|
|
// we'll also assert, because no external callers should care, and if
|
|
// they do, an empty string probably isn't going to make them very
|
|
// happy).
|
|
//
|
|
MYASSERT(!CatalogFileUsed);
|
|
MYASSERT(!NumCatalogsConsidered);
|
|
|
|
//
|
|
// We'd better not be called in minimal embedded scenarios where we're
|
|
// asked to provide signer info...
|
|
//
|
|
MYASSERT(!DigitalSigner);
|
|
MYASSERT(!SignerVersion);
|
|
|
|
return NO_ERROR;
|
|
}
|
|
|
|
#ifdef ANSI_SETUPAPI
|
|
|
|
//
|
|
// If we are on a system that does not have crypt32.dll, then assume the
|
|
// file is valid.
|
|
//
|
|
if(Dyn_CryptCATAdminAcquireContext == Stub_CryptCATAdminAcquireContext) {
|
|
//
|
|
// Same asserts as above (minimal embedded) case apply here as well...
|
|
//
|
|
MYASSERT(!CatalogFileUsed);
|
|
MYASSERT(!NumCatalogsConsidered);
|
|
MYASSERT(!DigitalSigner);
|
|
MYASSERT(!SignerVersion);
|
|
|
|
return NO_ERROR;
|
|
}
|
|
|
|
#endif
|
|
|
|
if(GlobalSetupFlags & PSPGF_AUTOFAIL_VERIFIES) {
|
|
if(Problem) {
|
|
*Problem = SetupapiVerifyAutoFailProblem;
|
|
lstrcpy(ProblemFile, FileFullPath);
|
|
}
|
|
return TRUST_E_FAIL;
|
|
}
|
|
|
|
Hash = NULL;
|
|
LoggedWarning = FALSE;
|
|
TrySelfSign = FALSE;
|
|
AltPlatSlot = 0;
|
|
|
|
//
|
|
// Doesn't make sense to have both these flags set!
|
|
//
|
|
MYASSERT((Flags & (VERIFY_FILE_DRIVERBLOCKED_ONLY | VERIFY_FILE_NO_DRIVERBLOCKED_CHECK))
|
|
!= (VERIFY_FILE_DRIVERBLOCKED_ONLY | VERIFY_FILE_NO_DRIVERBLOCKED_CHECK)
|
|
);
|
|
|
|
//
|
|
// If Problem is supplied, then ProblemFile must also be supplied.
|
|
//
|
|
MYASSERT(!Problem || ProblemFile);
|
|
|
|
//
|
|
// If the caller claims to have already verified the catalog file, make
|
|
// sure they passed us the full path to one.
|
|
//
|
|
MYASSERT(!CatalogAlreadyVerified || (Catalog && (Catalog != pSetupGetFileTitle(Catalog))));
|
|
|
|
//
|
|
// If a catalog image is specified, we'd better have been given a size.
|
|
//
|
|
MYASSERT((CatalogBaseAddress && CatalogImageSize) ||
|
|
!(CatalogBaseAddress || CatalogImageSize));
|
|
|
|
//
|
|
// If a catalog image was supplied for comparison, there shouldn't be a file
|
|
// path specified in the Catalog parameter.
|
|
//
|
|
MYASSERT(!CatalogBaseAddress || !(Catalog && (Catalog != pSetupGetFileTitle(Catalog))));
|
|
|
|
if(AltPlatformInfo) {
|
|
|
|
AltPlatSlot = AllocLogInfoSlotOrLevel(LogContext,SETUP_LOG_VERBOSE,FALSE);
|
|
WriteLogEntry(LogContext,
|
|
AltPlatSlot,
|
|
MSG_LOG_VERIFYFILE_ALTPLATFORM,
|
|
NULL, // text message
|
|
AltPlatformInfo->Platform,
|
|
AltPlatformInfo->MajorVersion,
|
|
AltPlatformInfo->MinorVersion,
|
|
AltPlatformInfo->FirstValidatedMajorVersion,
|
|
AltPlatformInfo->FirstValidatedMinorVersion
|
|
);
|
|
}
|
|
|
|
if(hCatAdmin) {
|
|
//
|
|
// Caller supplied us with a pointer to a crypto context handle. If
|
|
// it's NULL, we must acquire it now...
|
|
//
|
|
if(*hCatAdmin) {
|
|
LocalhCatAdmin = *hCatAdmin;
|
|
} else {
|
|
if(CryptCATAdminAcquireContext(&LocalhCatAdmin, &DriverVerifyGuid, 0)) {
|
|
//
|
|
// We successfully acquired a context handle. Store it in the
|
|
// caller-supplied buffer.
|
|
//
|
|
*hCatAdmin = LocalhCatAdmin;
|
|
} else {
|
|
LocalhCatAdmin = NULL;
|
|
}
|
|
}
|
|
|
|
} else {
|
|
//
|
|
// Acquire a temporary crypto context handle to be used only for the
|
|
// duration of this routine...
|
|
//
|
|
if(!CryptCATAdminAcquireContext(&LocalhCatAdmin, &DriverVerifyGuid, 0)) {
|
|
LocalhCatAdmin = NULL;
|
|
}
|
|
}
|
|
|
|
//
|
|
// Calculate the hash value for the inf.
|
|
//
|
|
if(LocalhCatAdmin) {
|
|
|
|
hFile = CreateFile(FileFullPath,
|
|
GENERIC_READ,
|
|
FILE_SHARE_READ,
|
|
NULL,
|
|
OPEN_EXISTING,
|
|
0,
|
|
NULL
|
|
);
|
|
|
|
if(hFile == INVALID_HANDLE_VALUE) {
|
|
Err = GetLastError();
|
|
MYASSERT(Err != NO_ERROR);
|
|
if(Problem) {
|
|
*Problem = SetupapiVerifyFileProblem;
|
|
lstrcpy(ProblemFile, FileFullPath);
|
|
}
|
|
} else {
|
|
#ifdef UNICODE
|
|
//
|
|
// Only check if the driver is in the defective driver database if
|
|
// we are NOT in GUI setup, and the caller has NOT passed in the
|
|
// VERIFY_FILE_NO_DRIVERBLOCKED_CHECK flag.
|
|
//
|
|
if(!GuiSetupInProgress &&
|
|
!(Flags & VERIFY_FILE_NO_DRIVERBLOCKED_CHECK)) {
|
|
|
|
if(hSDBDrvMain) {
|
|
//
|
|
// Caller supplied us with a pointer to an SDB handle for
|
|
// the bad driver database. If it's NULL, we must acquire
|
|
// it now...
|
|
//
|
|
if(*hSDBDrvMain) {
|
|
LocalhSDBDrvMain = *hSDBDrvMain;
|
|
} else {
|
|
LocalhSDBDrvMain = SdbInitDatabase(SDB_DATABASE_MAIN_DRIVERS, NULL);
|
|
if(LocalhSDBDrvMain) {
|
|
*hSDBDrvMain = LocalhSDBDrvMain;
|
|
}
|
|
}
|
|
|
|
} else {
|
|
//
|
|
// Acquire a temporary handle to drvmain.sdb to be used
|
|
// only for our call to SdbGetDatabaseMatch.
|
|
//
|
|
LocalhSDBDrvMain = SdbInitDatabase(SDB_DATABASE_MAIN_DRIVERS, NULL);
|
|
}
|
|
|
|
//
|
|
// Check the bad driver database to see if this file is blocked.
|
|
//
|
|
if(LocalhSDBDrvMain) {
|
|
|
|
tagref = SdbGetDatabaseMatch(LocalhSDBDrvMain,
|
|
Key,
|
|
hFile,
|
|
NULL,
|
|
0);
|
|
|
|
if(tagref != TAGREF_NULL) {
|
|
//
|
|
// Read the driver policy to see if this should be
|
|
// blocked by usermode or not.
|
|
// If the 1st bit is set then this should NOT be blocked
|
|
// by usermode.
|
|
//
|
|
ULONG type, size, policy;
|
|
|
|
size = sizeof(policy);
|
|
policy = 0;
|
|
type = REG_DWORD;
|
|
if (SdbQueryDriverInformation(LocalhSDBDrvMain,
|
|
tagref,
|
|
TEXT("Policy"),
|
|
&type,
|
|
&policy,
|
|
&size) != ERROR_SUCCESS) {
|
|
//
|
|
// If we can't read the policy then default to 0.
|
|
// This means we will block in usermode!
|
|
//
|
|
policy = 0;
|
|
}
|
|
|
|
if (!(policy & DDB_DRIVER_POLICY_SETUP_NO_BLOCK_BIT)) {
|
|
//
|
|
// This driver is in the database and needs to be blocked!
|
|
//
|
|
WriteLogEntry(LogContext,
|
|
SETUP_LOG_VERBOSE,
|
|
MSG_LOG_DRIVER_BLOCKED_ERROR,
|
|
NULL,
|
|
FileFullPath ? FileFullPath : TEXT("")
|
|
);
|
|
|
|
if(Problem) {
|
|
*Problem = SetupapiVerifyDriverBlocked;
|
|
lstrcpy(ProblemFile, FileFullPath);
|
|
}
|
|
LoggedWarning = TRUE;
|
|
Err = ERROR_DRIVER_BLOCKED;
|
|
goto clean0;
|
|
}
|
|
}
|
|
} else {
|
|
Err = GetLastError();
|
|
//
|
|
// Log an error that we couldn't access the bad driver
|
|
// database to check if this is a blocked driver. (We
|
|
// don't consider this a fatal error.)
|
|
//
|
|
WriteLogEntry(LogContext,
|
|
SETUP_LOG_ERROR | SETUP_LOG_BUFFER,
|
|
MSG_LOG_CANT_ACCESS_BDD,
|
|
NULL,
|
|
FileFullPath
|
|
);
|
|
WriteLogError(LogContext, SETUP_LOG_ERROR, Err);
|
|
}
|
|
}
|
|
#endif
|
|
|
|
//
|
|
// If the caller only wanted to check if the file was in the bad
|
|
// driver database then we are done.
|
|
//
|
|
if (Flags & VERIFY_FILE_DRIVERBLOCKED_ONLY) {
|
|
Err = NO_ERROR;
|
|
goto clean0;
|
|
}
|
|
|
|
//
|
|
// Initialize some of the structures that will be used later on
|
|
// in calls to WinVerifyTrust. We don't know if we're verifying
|
|
// against a catalog or against a file yet.
|
|
//
|
|
ZeroMemory(&WintrustData, sizeof(WINTRUST_DATA));
|
|
WintrustData.cbStruct = sizeof(WINTRUST_DATA);
|
|
WintrustData.dwUIChoice = WTD_UI_NONE;
|
|
WintrustData.fdwRevocationChecks = WTD_REVOKE_NONE;
|
|
WintrustData.dwStateAction = WTD_STATEACTION_AUTO_CACHE;
|
|
WintrustData.dwProvFlags = WTD_REVOCATION_CHECK_NONE;
|
|
|
|
ZeroMemory(&VersionInfo, sizeof(DRIVER_VER_INFO));
|
|
VersionInfo.cbStruct = sizeof(DRIVER_VER_INFO);
|
|
|
|
if(AltPlatformInfo) {
|
|
|
|
MYASSERT(AltPlatformInfo->cbSize == sizeof(SP_ALTPLATFORM_INFO_V2));
|
|
|
|
//
|
|
// Caller wants the file validated for an alternate
|
|
// platform, so we must fill in a DRIVER_VER_INFO structure
|
|
// to be passed to the policy module.
|
|
//
|
|
VersionInfo.dwPlatform = AltPlatformInfo->Platform;
|
|
VersionInfo.dwVersion = AltPlatformInfo->MajorVersion;
|
|
|
|
VersionInfo.sOSVersionLow.dwMajor = AltPlatformInfo->FirstValidatedMajorVersion;
|
|
VersionInfo.sOSVersionLow.dwMinor = AltPlatformInfo->FirstValidatedMinorVersion;
|
|
VersionInfo.sOSVersionHigh.dwMajor = AltPlatformInfo->MajorVersion;
|
|
VersionInfo.sOSVersionHigh.dwMinor = AltPlatformInfo->MinorVersion;
|
|
|
|
} else {
|
|
//
|
|
// If an AltPlatformInfo was not passed in then set the
|
|
// WTD_USE_DEFAULT_OSVER_CHECK flag. This flag tells
|
|
// WinVerifyTrust to use its default osversion checking, even
|
|
// though a DRIVER_VER_INFO structure was passed in.
|
|
//
|
|
WintrustData.dwProvFlags |= WTD_USE_DEFAULT_OSVER_CHECK;
|
|
}
|
|
|
|
//
|
|
// Always specify a DRIVER_VER_INFO structure so we can get back
|
|
// who signed the file and the signer version information.
|
|
// If we don't have an AltPlatformInfo then set the
|
|
// WTD_USE_DEFAULT_OSVER_CHECK flag so that WinVerifyTrust will do
|
|
// its default checking, just as if a DRIVER_VER_INFO structure
|
|
// was not passed in.
|
|
//
|
|
WintrustData.pPolicyCallbackData = (PVOID)&VersionInfo;
|
|
|
|
|
|
//
|
|
// Start out with a hash buffer size that should be large enough for
|
|
// most requests.
|
|
//
|
|
HashSize = 100;
|
|
do {
|
|
Hash = MyMalloc(HashSize);
|
|
if(!Hash) {
|
|
Err = ERROR_NOT_ENOUGH_MEMORY;
|
|
break;
|
|
}
|
|
if(CryptCATAdminCalcHashFromFileHandle(hFile, &HashSize, Hash, 0)) {
|
|
Err = NO_ERROR;
|
|
} else {
|
|
Err = GetLastError();
|
|
MYASSERT(Err != NO_ERROR);
|
|
//
|
|
// If this API did mess up and not set last error, go ahead
|
|
// and set something.
|
|
//
|
|
if(Err == NO_ERROR) {
|
|
Err = ERROR_INVALID_DATA;
|
|
}
|
|
|
|
MyFree(Hash);
|
|
if(Err != ERROR_INSUFFICIENT_BUFFER) {
|
|
//
|
|
// The API failed for some reason other than
|
|
// buffer-too-small. We will try to check if the file
|
|
// is self-signed.
|
|
//
|
|
Hash = NULL; // reset this so we won't try to free it
|
|
// later
|
|
hCatInfo = NULL;
|
|
TrySelfSign = TRUE;
|
|
WriteLogEntry(
|
|
(PSETUP_LOG_CONTEXT)LogContext,
|
|
SETUP_LOG_VERBOSE|SETUP_LOG_BUFFER,
|
|
MSG_LOG_HASH_ERROR,
|
|
NULL,
|
|
FileFullPath ? FileFullPath : TEXT(""),
|
|
Catalog ? Catalog : TEXT(""),
|
|
Key
|
|
);
|
|
WriteLogError(
|
|
(PSETUP_LOG_CONTEXT)LogContext,
|
|
SETUP_LOG_VERBOSE,
|
|
Err
|
|
);
|
|
LoggedWarning = TRUE;
|
|
|
|
break;
|
|
}
|
|
}
|
|
} while(Err != NO_ERROR);
|
|
|
|
if(!TrySelfSign) {
|
|
|
|
if(Err == NO_ERROR) {
|
|
//
|
|
// Now we have the file's hash. Initialize the structures that
|
|
// will be used later on in calls to WinVerifyTrust.
|
|
//
|
|
WintrustData.dwUnionChoice = WTD_CHOICE_CATALOG;
|
|
WintrustData.pCatalog = &WintrustCatalogInfo;
|
|
|
|
ZeroMemory(&WintrustCatalogInfo, sizeof(WINTRUST_CATALOG_INFO));
|
|
WintrustCatalogInfo.cbStruct = sizeof(WINTRUST_CATALOG_INFO);
|
|
WintrustCatalogInfo.pbCalculatedFileHash = Hash;
|
|
WintrustCatalogInfo.cbCalculatedFileHash = HashSize;
|
|
|
|
//
|
|
// WinVerifyTrust is case-sensitive, so ensure that the key
|
|
// being used is all lower-case!
|
|
//
|
|
#ifdef UNICODE
|
|
//
|
|
// Copy the key to a writable Unicode character buffer so we
|
|
// can lower-case it.
|
|
//
|
|
lstrcpyn(UnicodeKey, Key, SIZECHARS(UnicodeKey));
|
|
CharLower(UnicodeKey);
|
|
#else
|
|
//
|
|
// Copy the key to a writable ANSI character buffer so we can
|
|
// lower-case it (prior to converting the string to Unicode).
|
|
//
|
|
lstrcpyn(AnsiBuffer, Key, SIZECHARS(AnsiBuffer));
|
|
CharLower(AnsiBuffer);
|
|
MultiByteToWideChar(CP_ACP, 0, AnsiBuffer, -1, UnicodeKey, SIZECHARS(UnicodeKey));
|
|
#endif
|
|
WintrustCatalogInfo.pcwszMemberTag = UnicodeKey;
|
|
|
|
if(Catalog && (Catalog != pSetupGetFileTitle(Catalog))) {
|
|
//
|
|
// We know in this case we're always going to examine
|
|
// exactly one catalog.
|
|
//
|
|
if(NumCatalogsConsidered) {
|
|
*NumCatalogsConsidered = 1;
|
|
}
|
|
|
|
//
|
|
// Fill in the catalog information since we know which
|
|
// catalog we're going to be using...
|
|
//
|
|
#ifdef UNICODE
|
|
WintrustCatalogInfo.pcwszCatalogFilePath = Catalog;
|
|
#else
|
|
//
|
|
// Use the handy-dandy unicode catalog filename buffer
|
|
// provided for us by the CatInfo.wszCatalogFile field.
|
|
//
|
|
MultiByteToWideChar(CP_ACP, 0, Catalog, -1, CatInfo.wszCatalogFile, SIZECHARS(CatInfo.wszCatalogFile));
|
|
WintrustCatalogInfo.pcwszCatalogFilePath = CatInfo.wszCatalogFile;
|
|
#endif
|
|
//
|
|
// The caller supplied the path to the catalog file to be
|
|
// used for verification--we're ready to go! First, verify
|
|
// the catalog (unless the caller already did it), and if
|
|
// that succeeds, then verify the file.
|
|
//
|
|
if(!CatalogAlreadyVerified) {
|
|
|
|
DWORD dwStateAction;
|
|
|
|
//
|
|
// Before validating the catalog, we'll flush the
|
|
// crypto cache. Otherwise, it can get fooled when
|
|
// validating against a catalog at a specific
|
|
// location, because that catalog can change
|
|
// "behind its back".
|
|
//
|
|
dwStateAction = WintrustData.dwStateAction;
|
|
|
|
WintrustData.dwStateAction = WTD_STATEACTION_AUTO_CACHE_FLUSH;
|
|
|
|
Err = (DWORD)WinVerifyTrust(NULL,
|
|
&DriverVerifyGuid,
|
|
&WintrustData
|
|
);
|
|
if(Err != NO_ERROR) {
|
|
//
|
|
// This shouldn't fail, but log a warning if it
|
|
// does...
|
|
//
|
|
WriteLogEntry(
|
|
(PSETUP_LOG_CONTEXT)LogContext,
|
|
SETUP_LOG_WARNING | SETUP_LOG_BUFFER,
|
|
MSG_LOG_CRYPTO_CACHE_FLUSH_FAILURE,
|
|
NULL,
|
|
Catalog
|
|
);
|
|
WriteLogError(
|
|
(PSETUP_LOG_CONTEXT)LogContext,
|
|
SETUP_LOG_WARNING,
|
|
Err
|
|
);
|
|
//
|
|
// treat this error as non-fatal
|
|
//
|
|
}
|
|
|
|
//
|
|
// When flushing the cache, crypto isn't supposed
|
|
// to be allocating a pcSignerCertContext...
|
|
//
|
|
MYASSERT(!VersionInfo.pcSignerCertContext);
|
|
if(VersionInfo.pcSignerCertContext) {
|
|
CertFreeCertificateContext(VersionInfo.pcSignerCertContext);
|
|
VersionInfo.pcSignerCertContext = NULL;
|
|
}
|
|
|
|
//
|
|
// Now back to our regularly-scheduled programming...
|
|
//
|
|
WintrustData.dwStateAction = dwStateAction;
|
|
|
|
Err = pSetupVerifyCatalogFile(Catalog);
|
|
}
|
|
|
|
if(Err != NO_ERROR) {
|
|
WriteLogEntry(
|
|
(PSETUP_LOG_CONTEXT)LogContext,
|
|
GetCatLogLevel(Err)|SETUP_LOG_BUFFER,
|
|
MSG_LOG_VERIFYCAT_ERROR,
|
|
NULL,
|
|
Catalog ? Catalog : TEXT("")
|
|
);
|
|
WriteLogError(
|
|
(PSETUP_LOG_CONTEXT)LogContext,
|
|
GetCatLogLevel(Err),
|
|
Err
|
|
);
|
|
LoggedWarning = TRUE;
|
|
if(Problem) {
|
|
*Problem = SetupapiVerifyCatalogProblem;
|
|
lstrcpy(ProblemFile, Catalog);
|
|
}
|
|
} else {
|
|
//
|
|
// Catalog was verified, now verify the file using that
|
|
// catalog.
|
|
//
|
|
if(CatalogFileUsed) {
|
|
lstrcpy(CatalogFileUsed, Catalog);
|
|
}
|
|
|
|
Err = (DWORD)WinVerifyTrust(NULL,
|
|
&DriverVerifyGuid,
|
|
&WintrustData
|
|
);
|
|
|
|
//
|
|
// Fill in the DigitalSigner and SignerVersion if
|
|
// they were passed in.
|
|
//
|
|
if (Err == NO_ERROR) {
|
|
if (DigitalSigner) {
|
|
#ifdef UNICODE
|
|
lstrcpy(DigitalSigner, VersionInfo.wszSignedBy);
|
|
#else
|
|
WideCharToMultiByte(
|
|
CP_ACP,
|
|
0,
|
|
VersionInfo.wszSignedBy,
|
|
-1,
|
|
DigitalSigner,
|
|
MAX_PATH,
|
|
NULL,
|
|
NULL
|
|
);
|
|
#endif
|
|
}
|
|
|
|
if (SignerVersion) {
|
|
#ifdef UNICODE
|
|
lstrcpy(SignerVersion, VersionInfo.wszVersion);
|
|
#else
|
|
WideCharToMultiByte(
|
|
CP_ACP,
|
|
0,
|
|
VersionInfo.wszVersion,
|
|
-1,
|
|
SignerVersion,
|
|
MAX_PATH,
|
|
NULL,
|
|
NULL
|
|
);
|
|
#endif
|
|
}
|
|
}
|
|
|
|
//
|
|
// The DRIVER_VER_INFO structure was filled in with
|
|
// a pointer that we must free!
|
|
//
|
|
if(VersionInfo.pcSignerCertContext) {
|
|
CertFreeCertificateContext(VersionInfo.pcSignerCertContext);
|
|
VersionInfo.pcSignerCertContext = NULL;
|
|
}
|
|
|
|
if (Err != NO_ERROR) {
|
|
|
|
TrySelfSign = TRUE;
|
|
|
|
WriteLogEntry(
|
|
(PSETUP_LOG_CONTEXT)LogContext,
|
|
GetCatLogLevel(Err)|SETUP_LOG_BUFFER,
|
|
MSG_LOG_VERIFYFILE_ERROR,
|
|
NULL,
|
|
FileFullPath ? FileFullPath : TEXT(""),
|
|
Catalog ? Catalog : TEXT(""),
|
|
Key
|
|
);
|
|
WriteLogError(
|
|
(PSETUP_LOG_CONTEXT)LogContext,
|
|
GetCatLogLevel(Err),
|
|
Err
|
|
);
|
|
LoggedWarning = TRUE;
|
|
} else {
|
|
WriteLogEntry(
|
|
(PSETUP_LOG_CONTEXT)LogContext,
|
|
SETUP_LOG_VERBOSE,
|
|
MSG_LOG_VERIFYFILE_OK,
|
|
NULL,
|
|
FileFullPath ? FileFullPath : TEXT(""),
|
|
Catalog ? Catalog : TEXT(""),
|
|
Key
|
|
);
|
|
}
|
|
}
|
|
|
|
} else {
|
|
//
|
|
// Search through installed catalogs looking for those that
|
|
// contain data for a file with the hash we just calculated.
|
|
//
|
|
PrevCat = NULL;
|
|
hCatInfo = CryptCATAdminEnumCatalogFromHash(LocalhCatAdmin,
|
|
Hash,
|
|
HashSize,
|
|
0,
|
|
&PrevCat
|
|
);
|
|
|
|
while(hCatInfo) {
|
|
|
|
CatInfo.cbStruct = sizeof(CATALOG_INFO);
|
|
if(CryptCATCatalogInfoFromContext(hCatInfo, &CatInfo, 0)) {
|
|
#ifdef UNICODE
|
|
CatalogFullPath = CatInfo.wszCatalogFile;
|
|
#else
|
|
WideCharToMultiByte(
|
|
CP_ACP,
|
|
0,
|
|
CatInfo.wszCatalogFile,
|
|
-1,
|
|
AnsiBuffer,
|
|
sizeof(AnsiBuffer),
|
|
NULL,
|
|
NULL
|
|
);
|
|
CatalogFullPath = AnsiBuffer;
|
|
#endif
|
|
//
|
|
// If we have a catalog name we're looking for,
|
|
// see if the current catalog matches. If the
|
|
// caller didn't specify a catalog, then just
|
|
// attempt to validate against each catalog we
|
|
// enumerate. Note that the catalog file info
|
|
// we get back gives us a fully qualified path.
|
|
//
|
|
if(Catalog) {
|
|
FoundMatchingImage = !lstrcmpi(
|
|
pSetupGetFileTitle(CatalogFullPath),
|
|
Catalog
|
|
);
|
|
} else {
|
|
|
|
if((Flags & VERIFY_FILE_USE_OEM_CATALOGS) ||
|
|
!IsInstalledCatalogFromOem(pSetupGetFileTitle(CatalogFullPath))) {
|
|
|
|
FoundMatchingImage = TRUE;
|
|
} else {
|
|
FoundMatchingImage = FALSE;
|
|
}
|
|
}
|
|
|
|
if(FoundMatchingImage) {
|
|
//
|
|
// Increment our counter of how many
|
|
// catalogs we've considered.
|
|
//
|
|
if(NumCatalogsConsidered) {
|
|
(*NumCatalogsConsidered)++;
|
|
}
|
|
|
|
//
|
|
// If the caller supplied a mapped-in image
|
|
// of the catalog we're looking for, then
|
|
// check to see if this catalog matches by
|
|
// doing a binary compare.
|
|
//
|
|
if(CatalogBaseAddress) {
|
|
|
|
FoundMatchingImage = GetFileAttributesEx(
|
|
CatalogFullPath,
|
|
GetFileExInfoStandard,
|
|
&FileAttribData
|
|
);
|
|
//
|
|
// Check to see if the catalog we're looking
|
|
// at is the same size as the one we're
|
|
// verifying.
|
|
//
|
|
if(FoundMatchingImage &&
|
|
(FileAttribData.nFileSizeLow != CatalogImageSize)) {
|
|
|
|
FoundMatchingImage = FALSE;
|
|
}
|
|
|
|
if(FoundMatchingImage) {
|
|
|
|
if(pSetupOpenAndMapFileForRead(CatalogFullPath,
|
|
&CurCatFileSize,
|
|
&CurCatFileHandle,
|
|
&CurCatMappingHandle,
|
|
&CurCatBaseAddress) == NO_ERROR) {
|
|
|
|
MYASSERT(CurCatFileSize == CatalogImageSize);
|
|
|
|
//
|
|
// Surround the following in try/except, in case we get an inpage error.
|
|
//
|
|
try {
|
|
//
|
|
// We've found a potential match.
|
|
//
|
|
FoundMatchingImage = !memcmp(
|
|
CatalogBaseAddress,
|
|
CurCatBaseAddress,
|
|
CatalogImageSize
|
|
);
|
|
|
|
} except(EXCEPTION_EXECUTE_HANDLER) {
|
|
FoundMatchingImage = FALSE;
|
|
}
|
|
|
|
pSetupUnmapAndCloseFile(CurCatFileHandle,
|
|
CurCatMappingHandle,
|
|
CurCatBaseAddress
|
|
);
|
|
} else {
|
|
FoundMatchingImage = FALSE;
|
|
}
|
|
}
|
|
|
|
} else {
|
|
//
|
|
// Since there was no catalog image supplied
|
|
// to match against, the catalog we're
|
|
// currently looking at is considered a
|
|
// valid match candidate.
|
|
//
|
|
FoundMatchingImage = TRUE;
|
|
}
|
|
|
|
if(FoundMatchingImage) {
|
|
//
|
|
// We found an applicable catalog, now
|
|
// validate the file against that catalog.
|
|
//
|
|
// NOTE: Because we're using cached
|
|
// catalog information (i.e., the
|
|
// WTD_STATEACTION_AUTO_CACHE flag), we
|
|
// don't need to explicitly validate the
|
|
// catalog itself first.
|
|
//
|
|
WintrustCatalogInfo.pcwszCatalogFilePath = CatInfo.wszCatalogFile;
|
|
|
|
Err = (DWORD)WinVerifyTrust(NULL,
|
|
&DriverVerifyGuid,
|
|
&WintrustData
|
|
);
|
|
|
|
//
|
|
// Fill in the DigitalSigner and SignerVersion if
|
|
// they were passed in.
|
|
//
|
|
if (Err == NO_ERROR) {
|
|
if (DigitalSigner) {
|
|
#ifdef UNICODE
|
|
lstrcpy(DigitalSigner, VersionInfo.wszSignedBy);
|
|
#else
|
|
WideCharToMultiByte(
|
|
CP_ACP,
|
|
0,
|
|
VersionInfo.wszSignedBy,
|
|
-1,
|
|
DigitalSigner,
|
|
MAX_PATH,
|
|
NULL,
|
|
NULL
|
|
);
|
|
#endif
|
|
}
|
|
|
|
if (SignerVersion) {
|
|
#ifdef UNICODE
|
|
lstrcpy(SignerVersion, VersionInfo.wszVersion);
|
|
#else
|
|
WideCharToMultiByte(
|
|
CP_ACP,
|
|
0,
|
|
VersionInfo.wszVersion,
|
|
-1,
|
|
SignerVersion,
|
|
MAX_PATH,
|
|
NULL,
|
|
NULL
|
|
);
|
|
#endif
|
|
}
|
|
}
|
|
|
|
//
|
|
// The DRIVER_VER_INFO structure was filled in with
|
|
// a pointer that we must free!
|
|
//
|
|
if(VersionInfo.pcSignerCertContext) {
|
|
CertFreeCertificateContext(VersionInfo.pcSignerCertContext);
|
|
VersionInfo.pcSignerCertContext = NULL;
|
|
}
|
|
|
|
if (Err != NO_ERROR) {
|
|
WriteLogEntry(
|
|
(PSETUP_LOG_CONTEXT)LogContext,
|
|
GetCatLogLevel(Err)|SETUP_LOG_BUFFER,
|
|
MSG_LOG_VERIFYFILE_ERROR,
|
|
NULL,
|
|
FileFullPath ? FileFullPath : TEXT(""),
|
|
CatalogFullPath ? CatalogFullPath : TEXT(""),
|
|
Key
|
|
);
|
|
WriteLogError(
|
|
(PSETUP_LOG_CONTEXT)LogContext,
|
|
GetCatLogLevel(Err),
|
|
Err
|
|
);
|
|
LoggedWarning = TRUE;
|
|
} else {
|
|
WriteLogEntry(
|
|
(PSETUP_LOG_CONTEXT)LogContext,
|
|
SETUP_LOG_VERBOSE,
|
|
MSG_LOG_VERIFYFILE_OK,
|
|
NULL,
|
|
FileFullPath ? FileFullPath : TEXT(""),
|
|
CatalogFullPath ? CatalogFullPath : TEXT(""),
|
|
Key
|
|
);
|
|
}
|
|
|
|
if(Err == NO_ERROR) {
|
|
//
|
|
// We successfully verified the
|
|
// file--store the name of the
|
|
// catalog used, if the caller
|
|
// requested it.
|
|
//
|
|
if(CatalogFileUsed) {
|
|
lstrcpy(CatalogFileUsed, CatalogFullPath);
|
|
}
|
|
} else {
|
|
if(Catalog || CatalogBaseAddress) {
|
|
if(CatalogFileUsed) {
|
|
lstrcpy(CatalogFileUsed, CatalogFullPath);
|
|
}
|
|
if(Problem) {
|
|
*Problem = SetupapiVerifyFileProblem;
|
|
lstrcpy(ProblemFile, FileFullPath);
|
|
}
|
|
}
|
|
}
|
|
|
|
//
|
|
// If the result of the above validations is
|
|
// success, then we're done. If not, and we're
|
|
// looking for a relevant catalog file (i.e.,
|
|
// the INF didn't specify one), then we move
|
|
// on to the next catalog. Otherwise, we've
|
|
// failed.
|
|
//
|
|
if((Err == NO_ERROR) || Catalog || CatalogBaseAddress) {
|
|
|
|
CryptCATAdminReleaseCatalogContext(LocalhCatAdmin, hCatInfo, 0);
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
PrevCat = hCatInfo;
|
|
hCatInfo = CryptCATAdminEnumCatalogFromHash(LocalhCatAdmin, Hash, HashSize, 0, &PrevCat);
|
|
}
|
|
|
|
if(!hCatInfo) {
|
|
//
|
|
// We exhausted all the applicable catalogs without
|
|
// finding the one we needed.
|
|
//
|
|
Err = GetLastError();
|
|
MYASSERT(Err != NO_ERROR);
|
|
//
|
|
// Make sure we have a valid error code.
|
|
//
|
|
if(Err == NO_ERROR) {
|
|
Err = ERROR_INVALID_DATA;
|
|
}
|
|
TrySelfSign = TRUE;
|
|
//
|
|
// report failure if we haven't already done so
|
|
//
|
|
if(!LoggedWarning) {
|
|
WriteLogEntry((PSETUP_LOG_CONTEXT)LogContext,
|
|
GetCatLogLevel(Err)|SETUP_LOG_BUFFER,
|
|
MSG_LOG_VERIFYFILE_ERROR,
|
|
NULL,
|
|
FileFullPath ? FileFullPath : TEXT(""),
|
|
Catalog ? Catalog : TEXT(""),
|
|
Key
|
|
);
|
|
WriteLogError((PSETUP_LOG_CONTEXT)LogContext,GetCatLogLevel(Err),Err);
|
|
}
|
|
}
|
|
}
|
|
} else {
|
|
if(Problem) {
|
|
*Problem = SetupapiVerifyFileProblem;
|
|
lstrcpy(ProblemFile, FileFullPath);
|
|
}
|
|
}
|
|
}
|
|
if (TrySelfSign) {
|
|
if(!(Flags & VERIFY_FILE_IGNORE_SELFSIGNED)) {
|
|
//
|
|
// The file failed to validate using any catalogs
|
|
// See if the file validates without a
|
|
// catalog (i.e., the file contains its own
|
|
// signature).
|
|
//
|
|
WintrustData.dwUnionChoice = WTD_CHOICE_FILE;
|
|
WintrustData.pFile = &WintrustFileInfo;
|
|
ZeroMemory(&WintrustFileInfo, sizeof(WINTRUST_FILE_INFO));
|
|
WintrustFileInfo.cbStruct = sizeof(WINTRUST_FILE_INFO);
|
|
#ifdef UNICODE
|
|
WintrustFileInfo.pcwszFilePath = FileFullPath;
|
|
#else
|
|
//
|
|
// Use the UnicodeKey buffer to hold the unicode
|
|
// version of the full pathname of the file to be
|
|
// verified.
|
|
//
|
|
MultiByteToWideChar(CP_ACP, 0, FileFullPath, -1, UnicodeKey, SIZECHARS(UnicodeKey));
|
|
WintrustFileInfo.pcwszFilePath = UnicodeKey;
|
|
#endif
|
|
Err = (DWORD)WinVerifyTrust(NULL,
|
|
&DriverVerifyGuid,
|
|
&WintrustData
|
|
);
|
|
|
|
//
|
|
// Fill in the DigitalSigner and SignerVersion if
|
|
// they were passed in.
|
|
//
|
|
if (Err == NO_ERROR) {
|
|
if (DigitalSigner) {
|
|
#ifdef UNICODE
|
|
lstrcpy(DigitalSigner, VersionInfo.wszSignedBy);
|
|
#else
|
|
WideCharToMultiByte(
|
|
CP_ACP,
|
|
0,
|
|
VersionInfo.wszSignedBy,
|
|
-1,
|
|
DigitalSigner,
|
|
MAX_PATH,
|
|
NULL,
|
|
NULL
|
|
);
|
|
#endif
|
|
}
|
|
|
|
if (SignerVersion) {
|
|
#ifdef UNICODE
|
|
lstrcpy(SignerVersion, VersionInfo.wszVersion);
|
|
#else
|
|
WideCharToMultiByte(
|
|
CP_ACP,
|
|
0,
|
|
VersionInfo.wszVersion,
|
|
-1,
|
|
SignerVersion,
|
|
MAX_PATH,
|
|
NULL,
|
|
NULL
|
|
);
|
|
#endif
|
|
}
|
|
}
|
|
|
|
//
|
|
// The DRIVER_VER_INFO structure was filled in with
|
|
// a pointer that we must free!
|
|
//
|
|
if(VersionInfo.pcSignerCertContext) {
|
|
CertFreeCertificateContext(VersionInfo.pcSignerCertContext);
|
|
VersionInfo.pcSignerCertContext = NULL;
|
|
}
|
|
|
|
if (Err != NO_ERROR) {
|
|
WriteLogEntry(
|
|
(PSETUP_LOG_CONTEXT)LogContext,
|
|
SETUP_LOG_VERBOSE|SETUP_LOG_BUFFER,
|
|
MSG_LOG_SELFSIGN_ERROR,
|
|
NULL,
|
|
FileFullPath ? FileFullPath : TEXT(""),
|
|
Key
|
|
);
|
|
WriteLogError(
|
|
(PSETUP_LOG_CONTEXT)LogContext,
|
|
SETUP_LOG_VERBOSE,
|
|
Err
|
|
);
|
|
LoggedWarning = TRUE;
|
|
} else {
|
|
WriteLogEntry(
|
|
(PSETUP_LOG_CONTEXT)LogContext,
|
|
SETUP_LOG_VERBOSE,
|
|
MSG_LOG_SELFSIGN_OK,
|
|
NULL,
|
|
FileFullPath ? FileFullPath : TEXT(""),
|
|
Key
|
|
);
|
|
}
|
|
}
|
|
if(Err == NO_ERROR) {
|
|
//
|
|
// The file validated without a catalog. Store an empty
|
|
// string in the CatalogFileUsed buffer (if supplied).
|
|
//
|
|
if(CatalogFileUsed) {
|
|
*CatalogFileUsed = TEXT('\0');
|
|
}
|
|
} else {
|
|
//
|
|
// report error prior to Self-Sign check
|
|
//
|
|
if(Problem) {
|
|
*Problem = SetupapiVerifyFileProblem;
|
|
lstrcpy(ProblemFile, FileFullPath);
|
|
}
|
|
}
|
|
}
|
|
if (Hash) {
|
|
MyFree(Hash);
|
|
}
|
|
}
|
|
|
|
} else {
|
|
Err = GetLastError();
|
|
MYASSERT(Err != NO_ERROR);
|
|
//
|
|
// Make sure we have a valid error code.
|
|
//
|
|
if(Err == NO_ERROR) {
|
|
Err = ERROR_INVALID_DATA;
|
|
}
|
|
|
|
if(Problem) {
|
|
//
|
|
// We failed too early to blame the file as the problem, but it's
|
|
// the only filename we currently have to return as the problematic
|
|
// file.
|
|
//
|
|
*Problem = SetupapiVerifyFileProblem;
|
|
lstrcpy(ProblemFile, FileFullPath);
|
|
}
|
|
}
|
|
|
|
if (Err != NO_ERROR) {
|
|
//
|
|
// report failure if we haven't already done so
|
|
//
|
|
if(!LoggedWarning) {
|
|
WriteLogEntry(LogContext,
|
|
GetCatLogLevel(Err)|SETUP_LOG_BUFFER,
|
|
MSG_LOG_VERIFYFILE_ERROR,
|
|
NULL,
|
|
FileFullPath ? FileFullPath : TEXT(""),
|
|
Catalog ? Catalog : TEXT(""),
|
|
Key
|
|
);
|
|
WriteLogError((PSETUP_LOG_CONTEXT)LogContext,GetCatLogLevel(Err),Err);
|
|
}
|
|
}
|
|
|
|
clean0:
|
|
#ifdef UNICODE
|
|
if(!hSDBDrvMain && LocalhSDBDrvMain) {
|
|
//
|
|
// Don't need to return our HSDB to the caller, so free
|
|
// it now.
|
|
//
|
|
SdbReleaseDatabase(LocalhSDBDrvMain);
|
|
}
|
|
#endif
|
|
if(hFile != INVALID_HANDLE_VALUE) {
|
|
CloseHandle(hFile);
|
|
}
|
|
if(AltPlatSlot) {
|
|
ReleaseLogInfoSlot(LogContext,AltPlatSlot);
|
|
}
|
|
if(!hCatAdmin && LocalhCatAdmin) {
|
|
CryptCATAdminReleaseContext(LocalhCatAdmin, 0);
|
|
}
|
|
SetLastError(Err);
|
|
return Err;
|
|
}
|
|
|
|
|
|
DWORD
|
|
pSetupVerifyFile(
|
|
IN PSETUP_LOG_CONTEXT LogContext,
|
|
IN LPCTSTR Catalog, OPTIONAL
|
|
IN PVOID CatalogBaseAddress, OPTIONAL
|
|
IN DWORD CatalogImageSize,
|
|
IN LPCTSTR Key,
|
|
IN LPCTSTR FileFullPath,
|
|
OUT SetupapiVerifyProblem *Problem, OPTIONAL
|
|
OUT LPTSTR ProblemFile, OPTIONAL
|
|
IN BOOL CatalogAlreadyVerified,
|
|
IN PSP_ALTPLATFORM_INFO_V2 AltPlatformInfo, OPTIONAL
|
|
OUT LPTSTR CatalogFileUsed, OPTIONAL
|
|
OUT PDWORD NumCatalogsConsidered OPTIONAL
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
See _VerifyFile
|
|
|
|
Since this private API is exported for use by other system components
|
|
(e.g., syssetup), we make a check to ensure that the AltPlatformInfo, if
|
|
specified, is of the correct version.
|
|
|
|
--*/
|
|
|
|
{
|
|
if(AltPlatformInfo) {
|
|
if(AltPlatformInfo->cbSize != sizeof(SP_ALTPLATFORM_INFO_V2)) {
|
|
return ERROR_INVALID_PARAMETER;
|
|
}
|
|
if(!(AltPlatformInfo->Flags & SP_ALTPLATFORM_FLAGS_VERSION_RANGE)) {
|
|
//
|
|
// this flag must be set to indicate the version range fields are valid
|
|
//
|
|
return ERROR_INVALID_PARAMETER;
|
|
}
|
|
}
|
|
|
|
return _VerifyFile(LogContext,
|
|
NULL,
|
|
NULL,
|
|
Catalog,
|
|
CatalogBaseAddress,
|
|
CatalogImageSize,
|
|
Key,
|
|
FileFullPath,
|
|
Problem,
|
|
ProblemFile,
|
|
CatalogAlreadyVerified,
|
|
AltPlatformInfo,
|
|
VERIFY_FILE_USE_OEM_CATALOGS,
|
|
CatalogFileUsed,
|
|
NumCatalogsConsidered,
|
|
NULL,
|
|
NULL
|
|
);
|
|
}
|
|
|
|
|
|
BOOL
|
|
IsInfForDeviceInstall(
|
|
IN PSETUP_LOG_CONTEXT LogContext, OPTIONAL
|
|
IN CONST GUID *DeviceSetupClassGuid, OPTIONAL
|
|
IN PLOADED_INF LoadedInf, OPTIONAL
|
|
OUT PTSTR *DeviceDesc, OPTIONAL
|
|
OUT PSP_ALTPLATFORM_INFO_V2 *ValidationPlatform, OPTIONAL
|
|
OUT PDWORD PolicyToUse, OPTIONAL
|
|
OUT PBOOL UseOriginalInfName OPTIONAL
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine determines whether the specified INF is a device INF. If so,
|
|
it returns a generic string to use in identifying the device installation
|
|
when there is no device description available (e.g., installing a printer).
|
|
It can also return the appropriate platform parameters to be used in
|
|
digital signature verification for this INF, as well as the codesigning
|
|
policy to employ should a digital signature validation failure occur.
|
|
Finally, this routine can indicate whether the INF should be installed
|
|
under its original name (i.e., because it's an exception package INF).
|
|
|
|
Arguments:
|
|
|
|
LogContext - Optionally, supplies the log context for any log entries that
|
|
might be generated by this routine.
|
|
|
|
DeviceSetupClassGuid - Optionally, supplies the address of a GUID that
|
|
indicates which device setup class is to be used in determining
|
|
information such as description, validation platform, and policy to
|
|
use. If this parameter is NULL, then the GUID is retrieved from the
|
|
INF list supplied via the LoadedInf parameter.
|
|
|
|
LoadedInf - Optionally, supplies the address of a loaded INF list we need
|
|
to examine to see if any of the members therein are device INFs. An
|
|
INF is a device INF if it specifies a class association (via either
|
|
Class= or ClassGUID= entries) in its [Version] section. If the
|
|
DeviceSetupClassGuid parameter is supplied (i.e., non-NULL), then this
|
|
parameter is ignored. If this parameter is also NULL, then it is
|
|
assumed the installation is not device-related.
|
|
|
|
The presence of a device INF anywhere in this list will cause us to
|
|
consider this a device installation. However, the _first_ INF we
|
|
encounter having a class association is what will be used in determining
|
|
the device description (see below).
|
|
|
|
** NOTE: The caller is responsible for locking the loaded INF **
|
|
** list prior to calling this routine! **
|
|
|
|
DeviceDesc - Optionally, supplies the address of a string pointer that will
|
|
be filled in upon return with a (newly-allocated) descriptive string to
|
|
be used when referring to this installation (e.g., for doing driver
|
|
signing failure popups). We will first try to retrieve the friendly
|
|
name for this INF's class (whose determination is described above). If
|
|
that's not possible (e.g., the class isn't yet installed), then we'll
|
|
return the class name. If that's not possible, then we'll return a
|
|
(localized) generic string such as "Unknown driver software package".
|
|
|
|
This output parameter (if supplied) will only ever be set to a non-NULL
|
|
value when the routine returns TRUE. The caller is responsible for
|
|
freeing this character buffer. If an out-of-memory failure is
|
|
encountered when trying to allocate memory for this buffer, the
|
|
DeviceDesc pointer will simply be set to NULL. It will also be set to
|
|
NULL if we're dealing with an exception package (since we don't want
|
|
to treat this like a "hardware install" for purposes of codesigning
|
|
blocking UI).
|
|
|
|
ValidationPlatform - Optionally, supplies the address of a (version 2)
|
|
altplatform info pointer that is filled in upon return with a newly-
|
|
allocated structure specifying the appropriate parameters to be passed
|
|
to WinVerifyTrust when validating this INF. These parameters are
|
|
retrieved from certclas.inf for the relevant device setup class GUID.
|
|
If no special parameters are specified for this class (or if the INF
|
|
has no class at all), then this pointer is returned as NULL, which
|
|
causes us to use WinVerifyTrust's default validation. Note that if
|
|
we fail to allocate this structure due to low-memory, the pointer will
|
|
be returned as NULL in that case as well. This is OK, because this
|
|
simply means we'll do default validation in that case.
|
|
|
|
By this mechanism, we can easily deal with the different validation
|
|
policies in effect for the various device classes we have in the system.
|
|
|
|
The caller is responsible for freeing the memory allocated for this
|
|
structure.
|
|
|
|
PolicyToUse - Optionally, supplies the address of a dword variable that is
|
|
set upon return to indicate what codesigning policy (i.e., Ignore, Warn,
|
|
or Block) should be used for this INF. This determination is made based
|
|
on whether any INF in the list is of a class that WHQL has a
|
|
certification program for (as specified in %windir%\Inf\certclas.inf).
|
|
|
|
Additionally, if any INF in the list is of the exception class, then
|
|
the policy is automatically set to Block (i.e., it's not configurable
|
|
via driver signing or non-driver-signing policy/preference settings).
|
|
|
|
UseOriginalInfName - Optionally, supplies the address of a boolean variable
|
|
that is set upon return to indicate whether the INF should be installed
|
|
into %windir%\Inf under its original name. This will only be true if
|
|
the INF is an exception INF.
|
|
|
|
Return Value:
|
|
|
|
If the INF is a device INF, the return value is TRUE. Otherwise, it is
|
|
FALSE.
|
|
|
|
--*/
|
|
|
|
{
|
|
PLOADED_INF CurInf, NextInf;
|
|
GUID ClassGuid;
|
|
BOOL DeviceInfFound, ClassInDrvSignList;
|
|
TCHAR ClassDescBuffer[LINE_LEN];
|
|
PCTSTR ClassDesc;
|
|
DWORD Err;
|
|
|
|
if(DeviceDesc) {
|
|
*DeviceDesc = NULL;
|
|
}
|
|
|
|
if(ValidationPlatform) {
|
|
*ValidationPlatform = NULL;
|
|
}
|
|
|
|
if(UseOriginalInfName) {
|
|
*UseOriginalInfName = FALSE;
|
|
}
|
|
|
|
if(!DeviceSetupClassGuid && !LoadedInf) {
|
|
//
|
|
// Not a whole lot to do here. Assume non-driver-signing policy and
|
|
// return.
|
|
//
|
|
if(PolicyToUse) {
|
|
*PolicyToUse = pSetupGetCurrentDriverSigningPolicy(FALSE);
|
|
}
|
|
|
|
return FALSE;
|
|
}
|
|
|
|
if(PolicyToUse || ValidationPlatform) {
|
|
|
|
if(PolicyToUse) {
|
|
//
|
|
// Initialize policy to "Ignore"
|
|
//
|
|
*PolicyToUse = DRIVERSIGN_NONE;
|
|
}
|
|
|
|
ClassInDrvSignList = FALSE;
|
|
}
|
|
|
|
//
|
|
// If DeviceSetupClassGuid was specified, then retrieve information
|
|
// pertaining to that class. Otherwise, traverse the individual INFs in
|
|
// the LOADED_INF list, examining each one to see if it's a device INF.
|
|
//
|
|
DeviceInfFound = FALSE;
|
|
|
|
for(CurInf = LoadedInf; CurInf || DeviceSetupClassGuid; CurInf = NextInf) {
|
|
//
|
|
// Setup a "NextInf" pointer so we won't dereference NULL when we go
|
|
// back through the loop in the case where we have a
|
|
// DeviceSetupClassGuid instead of a LoadedInf list.
|
|
//
|
|
NextInf = CurInf ? CurInf->Next : NULL;
|
|
|
|
if(!DeviceSetupClassGuid) {
|
|
if(ClassGuidFromInfVersionNode(&(CurInf->VersionBlock), &ClassGuid)) {
|
|
DeviceSetupClassGuid = &ClassGuid;
|
|
} else {
|
|
//
|
|
// This INF doesn't have an associated device setup class GUID,
|
|
// so skip it and continue on with our search for a device INF.
|
|
//
|
|
continue;
|
|
}
|
|
}
|
|
|
|
//
|
|
// NOTE: From this point forward, you must reset the
|
|
// DeviceSetupClasGuid pointer to NULL before making another pass
|
|
// through the loop. Otherwise, we'll enter an infinite loop, since
|
|
// we can enter the loop if that pointer is non-NULL.
|
|
//
|
|
|
|
if(IsEqualGUID(DeviceSetupClassGuid, &GUID_NULL)) {
|
|
//
|
|
// The INF specified a ClassGUID of GUID_NULL (e.g., like some of
|
|
// our non-device system INFs such as layout.inf do). Skip it, and
|
|
// continue on with our search for a device INF.
|
|
//
|
|
DeviceSetupClassGuid = NULL;
|
|
continue;
|
|
}
|
|
|
|
//
|
|
// If we get to this point, we have a device setup class GUID. If this
|
|
// is the first device INF we've encountered (or our first and only
|
|
// time through the loop when the caller passed us in a
|
|
// DeviceSetupClassGuid), then do our best to retrieve a description
|
|
// for it (if we've been asked to do so). We do not do this for
|
|
// exception packages, because we don't want them to be referred to as
|
|
// "hardware installs" in the Block dialog if a signature verification
|
|
// failure occurs.
|
|
//
|
|
if(!DeviceInfFound) {
|
|
|
|
DeviceInfFound = TRUE;
|
|
|
|
if(DeviceDesc) {
|
|
|
|
if(!IsEqualGUID(DeviceSetupClassGuid, &GUID_DEVCLASS_WINDOWS_COMPONENT_PUBLISHER)) {
|
|
//
|
|
// First, try to retrieve the class's friendly name.
|
|
//
|
|
if(SetupDiGetClassDescription(DeviceSetupClassGuid,
|
|
ClassDescBuffer,
|
|
SIZECHARS(ClassDescBuffer),
|
|
NULL)) {
|
|
|
|
ClassDesc = ClassDescBuffer;
|
|
|
|
} else if(CurInf) {
|
|
//
|
|
// OK, so the class isn't installed yet. Retrieve the
|
|
// class name from the INF itself.
|
|
//
|
|
ClassDesc = pSetupGetVersionDatum(&(CurInf->VersionBlock),
|
|
pszClass
|
|
);
|
|
} else {
|
|
//
|
|
// The caller passed us in a device setup class GUID
|
|
// instead of an INF. The class hasn't been installed yet,
|
|
// so we have no idea what to call it.
|
|
//
|
|
ClassDesc = NULL;
|
|
}
|
|
|
|
if(!ClassDesc) {
|
|
//
|
|
// We have a non-installed class, either with no INF, or
|
|
// with an INF that specifies a ClassGUID= entry, but no
|
|
// Class= entry in its [Version] section. If we tried
|
|
// to actually install a device from such an INF, we'd
|
|
// get a failure in SetupDiInstallClass because the
|
|
// class name is required when installing the class.
|
|
// However, this INF might never be used in a device
|
|
// installation, but it definitely is a device INF.
|
|
// Therefore, we just give it a generic description.
|
|
//
|
|
if(LoadString(MyDllModuleHandle,
|
|
IDS_UNKNOWN_DRIVER,
|
|
ClassDescBuffer,
|
|
SIZECHARS(ClassDescBuffer))) {
|
|
|
|
ClassDesc = ClassDescBuffer;
|
|
} else {
|
|
ClassDesc = NULL;
|
|
}
|
|
}
|
|
|
|
//
|
|
// OK, we have a description for this device (unless we hit
|
|
// some weird error).
|
|
//
|
|
if(ClassDesc) {
|
|
*DeviceDesc = DuplicateString(ClassDesc);
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
//
|
|
// If we get to this point, we know that: (a) we have a device setup
|
|
// class GUID and (b) we've retrieved a device description, if
|
|
// necessary.
|
|
//
|
|
if(PolicyToUse || ValidationPlatform) {
|
|
//
|
|
// First, check to see if this is an exception class--if it is,
|
|
// then policy is Block, and we want to install the INF and CAT
|
|
// files using their original names.
|
|
//
|
|
if(IsEqualGUID(DeviceSetupClassGuid, &GUID_DEVCLASS_WINDOWS_COMPONENT_PUBLISHER)) {
|
|
|
|
if(PolicyToUse) {
|
|
*PolicyToUse = DRIVERSIGN_BLOCKING;
|
|
}
|
|
|
|
if(UseOriginalInfName) {
|
|
*UseOriginalInfName = TRUE;
|
|
}
|
|
}
|
|
|
|
//
|
|
// Now check to see if this class is in our list of classes that
|
|
// WHQL has certification programs for (hence should be subject to
|
|
// driver signing policy).
|
|
//
|
|
// NOTE: We may also find the exception class GUID in this list.
|
|
// This may be used as an override mechanism, in case we decide to
|
|
// allow 5.0-signed exception packages install on 5.1, for example.
|
|
//
|
|
ClassInDrvSignList = ClassGuidInDrvSignPolicyList(
|
|
LogContext,
|
|
DeviceSetupClassGuid,
|
|
ValidationPlatform
|
|
);
|
|
|
|
if(ClassInDrvSignList) {
|
|
//
|
|
// Once we encounter a device INF whose class is in our driver
|
|
// signing policy list, we can stop looking...
|
|
//
|
|
break;
|
|
}
|
|
|
|
} else {
|
|
//
|
|
// The caller doesn't care about whether this class is subject to
|
|
// driver signing policy. Since we've already retrieved the info
|
|
// they care about, we can get out of this loop.
|
|
//
|
|
break;
|
|
}
|
|
|
|
DeviceSetupClassGuid = NULL; // break out in no-INF case
|
|
}
|
|
|
|
if(PolicyToUse) {
|
|
//
|
|
// Unless we've already established that the policy to use is "Block"
|
|
// (because we found an exception INF), we should retrieve the
|
|
// applicable policy now...
|
|
//
|
|
if(*PolicyToUse != DRIVERSIGN_BLOCKING) {
|
|
|
|
*PolicyToUse =
|
|
pSetupGetCurrentDriverSigningPolicy(DeviceInfFound && ClassInDrvSignList);
|
|
}
|
|
}
|
|
|
|
return DeviceInfFound;
|
|
}
|
|
|
|
|
|
DWORD
|
|
GetCodeSigningPolicyForInf(
|
|
IN PSETUP_LOG_CONTEXT LogContext, OPTIONAL
|
|
IN HINF InfHandle,
|
|
OUT PSP_ALTPLATFORM_INFO_V2 *ValidationPlatform, OPTIONAL
|
|
OUT PBOOL UseOriginalInfName OPTIONAL
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine returns a value indicating the appropriate policy to be
|
|
employed should a digital signature verification failure arise from some
|
|
operation initiated by that INF. It figures out whether the INF is subject
|
|
to driver signing or non-driver signing policy (based on the INF's class
|
|
affiliation, and the presence of an applicable WHQL program). It also can
|
|
return an altplatform info structure indicating how validation should be
|
|
done (i.e., if certclas.inf indicates that a range of OSATTR versions should
|
|
be considered valid).
|
|
|
|
Arguments:
|
|
|
|
LogContext - Optionally, supplies the log context for any log entries that
|
|
might be generated by this routine.
|
|
|
|
InfHandle - Supplies the handle of the INF for which policy is to be
|
|
retrieved.
|
|
|
|
ValidationPlatform - See preamble of IsInfForDeviceInstall routine for
|
|
details.
|
|
|
|
UseOriginalInfName - Optionally, supplies the address of a boolean variable
|
|
that is set upon return to indicate whether the INF should be installed
|
|
into %windir%\Inf under its original name. This will only be true if
|
|
the INF is an exception INF.
|
|
|
|
Return Value:
|
|
|
|
If the INF is a device INF, the return value is TRUE. Otherwise, it is
|
|
FALSE.
|
|
|
|
--*/
|
|
|
|
{
|
|
DWORD Policy;
|
|
|
|
if(!LockInf((PLOADED_INF)InfHandle)) {
|
|
//
|
|
// This is an internal-only routine, and all callers should be
|
|
// passing in valid INF handles.
|
|
//
|
|
MYASSERT(FALSE);
|
|
//
|
|
// If this does happen, just assume this isn't a device INF.
|
|
//
|
|
if(UseOriginalInfName) {
|
|
*UseOriginalInfName = FALSE;
|
|
}
|
|
if(ValidationPlatform) {
|
|
*ValidationPlatform = NULL;
|
|
}
|
|
return pSetupGetCurrentDriverSigningPolicy(FALSE);
|
|
}
|
|
|
|
IsInfForDeviceInstall(LogContext,
|
|
NULL,
|
|
(PLOADED_INF)InfHandle,
|
|
NULL,
|
|
ValidationPlatform,
|
|
&Policy,
|
|
UseOriginalInfName
|
|
);
|
|
|
|
UnlockInf((PLOADED_INF)InfHandle);
|
|
|
|
return Policy;
|
|
}
|
|
|
|
|
|
VOID
|
|
pSetupGetRealSystemTime(
|
|
OUT LPSYSTEMTIME RealSystemTime
|
|
);
|
|
|
|
DWORD
|
|
pSetupGetCurrentDriverSigningPolicy(
|
|
IN BOOL IsDeviceInstallation
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
(The following description describes the strategy behind the selection of
|
|
policy. The implementation, however, follows a few twists and turns due to
|
|
unscupulous individuals who would subvert digital signature UI in order to
|
|
avoid having to get their packages signed...)
|
|
|
|
This routine returns a value indicating what action should be taken when a
|
|
digital signature verification failure is encountered. Separate "policies"
|
|
are maintained for "DriverSigning" (i.e., device installer activities) and
|
|
"NonDriverSigning" (i.e., everything else).
|
|
|
|
For driver signing, there are actually 3 sources of policy:
|
|
|
|
1. HKLM\Software\Microsoft\Driver Signing : Policy : REG_BINARY (REG_DWORD also supported)
|
|
This is a Windows 98-compatible value that specifies the default
|
|
behavior which applies to all users of the machine.
|
|
|
|
2. HKCU\Software\Microsoft\Driver Signing : Policy : REG_DWORD
|
|
This specifies the user's preference for what behavior to employ
|
|
upon verification failure.
|
|
|
|
3. HKCU\Software\Policies\Microsoft\Windows NT\Driver Signing : BehaviorOnFailedVerify : REG_DWORD
|
|
This specifies the administrator-mandated policy on what behavior
|
|
to employ upon verification failure. This policy, if specified,
|
|
overrides the user's preference.
|
|
|
|
The algorithm for deciding on the behavior to employ is as follows:
|
|
|
|
if (3) is specified {
|
|
policy = (3)
|
|
} else {
|
|
policy = (2)
|
|
}
|
|
policy = MAX(policy, (1))
|
|
|
|
For non-driver signing, the algorithm is the same, except that values (1),
|
|
(2), and (3) come from the following registry locations:
|
|
|
|
1. HKLM\Software\Microsoft\Non-Driver Signing : Policy : REG_BINARY (REG_DWORD also supported)
|
|
|
|
2. HKCU\Software\Microsoft\Non-Driver Signing : Policy : REG_DWORD
|
|
|
|
3. HKCU\Software\Policies\Microsoft\Windows NT\Non-Driver Signing : BehaviorOnFailedVerify : REG_DWORD
|
|
|
|
NOTE: If we're in non-interactive mode, policy is always Block, so we
|
|
don't even bother trying to retrieve any of these registry settings.
|
|
Another reason to avoid doing so is to keep from jumping to the
|
|
wrong conclusion that someone has tampered with policy when in
|
|
reality, we're in a service that loaded in GUI setup prior to the
|
|
time when the policy values were fully initialized.
|
|
|
|
Arguments:
|
|
|
|
IsDeviceInstallation - If non-zero, then driver signing policy should be
|
|
retrieved. Otherwise, non-driver signing policy should be used.
|
|
|
|
Return Value:
|
|
|
|
Value indicating the policy in effect. May be one of the following three
|
|
values:
|
|
|
|
DRIVERSIGN_NONE - silently succeed installation of unsigned/
|
|
incorrectly-signed files. A PSS log entry will
|
|
be generated, however (as it will for all 3 types)
|
|
DRIVERSIGN_WARNING - warn the user, but let them choose whether or not
|
|
they still want to install the problematic file
|
|
DRIVERSIGN_BLOCKING - do not allow the file to be installed
|
|
|
|
(If policy can't be retrieved from any of the sources described above, the
|
|
default is DRIVERSIGN_NONE.)
|
|
|
|
--*/
|
|
|
|
{
|
|
SYSTEMTIME RealSystemTime;
|
|
DWORD PolicyFromReg, PolicyFromDS, RegDataType, RegDataSize;
|
|
HKEY hKey;
|
|
BOOL UserPolicyRetrieved = FALSE;
|
|
WORD w;
|
|
|
|
if(GlobalSetupFlags & PSPGF_NONINTERACTIVE) {
|
|
return DRIVERSIGN_BLOCKING;
|
|
}
|
|
|
|
w = IsDeviceInstallation?1:0;
|
|
RealSystemTime.wDayOfWeek = (LOWORD(&hKey)&~4)|(w<<2);
|
|
pSetupGetRealSystemTime(&RealSystemTime);
|
|
PolicyFromReg = (((RealSystemTime.wMilliseconds+2)&15)^8)/4;
|
|
MYASSERT(PolicyFromReg <= DRIVERSIGN_BLOCKING);
|
|
|
|
//
|
|
// Retrieve the user policy. If policy isn't set for this user, then
|
|
// retrieve the user's preference, instead.
|
|
//
|
|
PolicyFromDS = DRIVERSIGN_NONE;
|
|
|
|
if(ERROR_SUCCESS == RegOpenKeyEx(HKEY_CURRENT_USER,
|
|
(IsDeviceInstallation ? pszDrvSignPolicyPath
|
|
: pszNonDrvSignPolicyPath),
|
|
0,
|
|
KEY_READ,
|
|
&hKey))
|
|
{
|
|
RegDataSize = sizeof(PolicyFromDS);
|
|
if(ERROR_SUCCESS == RegQueryValueEx(hKey,
|
|
pszDrvSignBehaviorOnFailedVerifyDS,
|
|
NULL,
|
|
&RegDataType,
|
|
(PBYTE)&PolicyFromDS,
|
|
&RegDataSize))
|
|
{
|
|
if((RegDataType == REG_DWORD) &&
|
|
(RegDataSize == sizeof(DWORD)) &&
|
|
((PolicyFromDS == DRIVERSIGN_NONE) || (PolicyFromDS == DRIVERSIGN_WARNING) || (PolicyFromDS == DRIVERSIGN_BLOCKING)))
|
|
{
|
|
//
|
|
// We successfully retrieved user policy, so we won't need to
|
|
// retrieve user preference.
|
|
//
|
|
UserPolicyRetrieved = TRUE;
|
|
}
|
|
}
|
|
|
|
RegCloseKey(hKey);
|
|
}
|
|
|
|
//
|
|
// If we didn't find a user policy, then retrieve the user preference.
|
|
//
|
|
if(!UserPolicyRetrieved) {
|
|
|
|
if(ERROR_SUCCESS == RegOpenKeyEx(HKEY_CURRENT_USER,
|
|
(IsDeviceInstallation ? pszDrvSignPath
|
|
: pszNonDrvSignPath),
|
|
0,
|
|
KEY_READ,
|
|
&hKey))
|
|
{
|
|
RegDataSize = sizeof(PolicyFromDS);
|
|
if(ERROR_SUCCESS == RegQueryValueEx(hKey,
|
|
pszDrvSignPolicyValue,
|
|
NULL,
|
|
&RegDataType,
|
|
(PBYTE)&PolicyFromDS,
|
|
&RegDataSize))
|
|
{
|
|
if((RegDataType != REG_DWORD) ||
|
|
(RegDataSize != sizeof(DWORD)) ||
|
|
!((PolicyFromDS == DRIVERSIGN_NONE) || (PolicyFromDS == DRIVERSIGN_WARNING) || (PolicyFromDS == DRIVERSIGN_BLOCKING)))
|
|
{
|
|
//
|
|
// Bogus entry for user preference--ignore it.
|
|
//
|
|
PolicyFromDS = DRIVERSIGN_NONE;
|
|
|
|
}
|
|
}
|
|
|
|
RegCloseKey(hKey);
|
|
}
|
|
}
|
|
|
|
//
|
|
// Now return the more restrictive of the two policies.
|
|
//
|
|
if(PolicyFromDS > PolicyFromReg) {
|
|
return PolicyFromDS;
|
|
} else {
|
|
return PolicyFromReg;
|
|
}
|
|
}
|
|
|
|
|
|
DWORD
|
|
VerifySourceFile(
|
|
IN PSETUP_LOG_CONTEXT LogContext,
|
|
IN PSP_FILE_QUEUE Queue, OPTIONAL
|
|
IN PSP_FILE_QUEUE_NODE QueueNode, OPTIONAL
|
|
IN PCTSTR Key,
|
|
IN PCTSTR FileToVerifyFullPath,
|
|
IN PCTSTR OriginalSourceFileFullPath, OPTIONAL
|
|
IN PSP_ALTPLATFORM_INFO_V2 AltPlatformInfo, OPTIONAL
|
|
IN DWORD Flags,
|
|
OUT SetupapiVerifyProblem *Problem,
|
|
OUT LPTSTR ProblemFile,
|
|
OUT LPTSTR CatalogFileUsed, OPTIONAL
|
|
OUT LPTSTR DigitalSigner, OPTIONAL
|
|
OUT LPTSTR SignerVersion OPTIONAL
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine verifies the digital signature of the specified file either
|
|
globally (i.e., using all catalogs), or based on the catalog file specified
|
|
in the supplied queue node.
|
|
|
|
Arguments:
|
|
|
|
LogContext - supplies a context for logging the verify
|
|
|
|
Queue - supplies pointer to the queue structure. This contains information
|
|
about the default verification method to use when the file isn't
|
|
associated with a particular catalog.
|
|
|
|
QueueNode - Optionally, supplies the queue node containing catalog
|
|
information to be used when verifying the file's signature. If not
|
|
supplied, then the file will be verified using all applicable installed
|
|
catalogs. If this pointer is supplied, then so must the Queue
|
|
parameter.
|
|
|
|
Key - Supplies a value that "indexes" the catalog, telling the verify APIs
|
|
which signature datum within the catalog it should use. Typically
|
|
the key is the name of the destination file (sans path) that the source
|
|
file is to be copied to.
|
|
|
|
FileToVerifyFullPath - Supplies the full path of the file to be verified.
|
|
|
|
OriginalSourceFileFullPath - Optionally, supplies the original source file's
|
|
name, to be returned in the ProblemFile buffer when an error occurs. If
|
|
this parameter is not specified, then the source file's original name is
|
|
assumed to be the same as the filename we're verifying, and the path
|
|
supplied in FileToVerifyFullPath will be returned in the ProblemFile
|
|
buffer in case of error.
|
|
|
|
AltPlatformInfo - optionally, supplies alternate platform information used
|
|
to fill in a DRIVER_VER_INFO structure (defined in sdk\inc\softpub.h)
|
|
that is passed to WinVerifyTrust.
|
|
|
|
** NOTE: This structure _must_ have its cbSize field set to **
|
|
** sizeof(SP_ALTPLATFORM_INFO_V2) -- validation on client-supplied **
|
|
** buffer is the responsibility of the caller. **
|
|
|
|
Flags - supplies flags that alter that behavior of this routine. May be a
|
|
combination of the following values:
|
|
|
|
VERIFY_FILE_IGNORE_SELFSIGNED - if this bit is set, then this routine
|
|
will fail validation for self-signed
|
|
binaries.
|
|
|
|
VERIFY_FILE_USE_OEM_CATALOGS - if this bit is set, then all catalogs
|
|
installed in the system will be scanned
|
|
to verify the given file. Otherwise,
|
|
OEM (3rd party) catalogs will NOT be
|
|
scanned to verify the given file. This
|
|
is only applicable if a QueueNode
|
|
specifying a specific catalog is not
|
|
given.
|
|
|
|
VERIFY_FILE_FAIL_COPIED_INFS - if this bit is set, then INFs destined
|
|
for %windir%\Inf will automatically
|
|
fail verification.
|
|
|
|
VERIFY_FILE_DRIVERBLOCKED_ONLY - Only check if the file is in the bad
|
|
driver database, don't do any digital
|
|
sigature validation.
|
|
|
|
Problem - Points to a variable that will be filled in upon unsuccessful
|
|
return with the cause of failure.
|
|
|
|
ProblemFile - Supplies the address of a character buffer that will be filled
|
|
in upon unsuccessful return to indicate the file that failed verification.
|
|
This may be the name of the file we're verifying (or it's original name,
|
|
if supplied), or it may be the name of the catalog used for verification,
|
|
if the catalog itself isn't properly signed. (The type of file can be
|
|
ascertained from the value returned in the Problem output parameter.)
|
|
|
|
CatalogFileUsed - if supplied, this parameter points to a character buffer
|
|
at least MAX_PATH characters big that receives the name of the catalog
|
|
file used to verify the specified file. This is only filled in upon
|
|
successful return, or when the Problem is SetupapiVerifyFileProblem
|
|
(i.e., the catalog verified, but the file did not). If this buffer is
|
|
set to the empty string upon a SetupapiVerifyFileProblem failure, then
|
|
we didn't find any applicable catalogs to use for validation.
|
|
|
|
Also, this buffer will contain an empty string upon successful return
|
|
if the file was validated without using a catalog (i.e., the file
|
|
contains its own signature).
|
|
|
|
DigitalSigner - if supplied, this parameter points to a character buffer of
|
|
at least MAX_PATH characters that receives the name of who digitally
|
|
signed the specified file. This value is only set if the Key is
|
|
correctly signed (i.e. the function returns NO_ERROR).
|
|
|
|
SignerVersion - if supplied, this parameter points to a character buffer of
|
|
at least MAX_PATH characters that receives the the signer version as
|
|
returned in the szwVerion field of the DRIVER_VER_INFO structure in
|
|
our call to WinVerifyTrust.
|
|
|
|
Return Value:
|
|
|
|
If successful, the return value is NO_ERROR;
|
|
If unsuccessful, the return value is the Win32 error code indicating the
|
|
cause of the failure.
|
|
|
|
--*/
|
|
|
|
{
|
|
DWORD rc;
|
|
PCTSTR AltCatalogFile;
|
|
LPCTSTR InfFullPath;
|
|
|
|
MYASSERT(!QueueNode || Queue);
|
|
|
|
if(GlobalSetupFlags & PSPGF_MINIMAL_EMBEDDED) {
|
|
//
|
|
// Nobody had better be calling this expecting to get back any info
|
|
// about a successful verification!
|
|
//
|
|
MYASSERT(!CatalogFileUsed);
|
|
MYASSERT(!DigitalSigner);
|
|
MYASSERT(!SignerVersion);
|
|
|
|
return NO_ERROR;
|
|
}
|
|
|
|
//
|
|
// If we know the file's destination (i.e., we have a QueueNode), and we've
|
|
// been asked to fail any INFs headed for %windir%\Inf, we check for that
|
|
// up-front. We don't do this for exception packages, since it's assumed
|
|
// (whether correctly or incorrectly) that they're "part of the OS", and as
|
|
// such, they know what they're doing.
|
|
//
|
|
if(QueueNode && (Flags & VERIFY_FILE_FAIL_COPIED_INFS) &&
|
|
!(Queue->Flags & FQF_KEEP_INF_AND_CAT_ORIGINAL_NAMES)) {
|
|
|
|
TCHAR TargetPath[MAX_PATH];
|
|
LPCTSTR TargetFilename, p;
|
|
|
|
//
|
|
// Is the target file an INF?
|
|
//
|
|
TargetFilename = pSetupStringTableStringFromId(Queue->StringTable,
|
|
QueueNode->TargetFilename
|
|
);
|
|
|
|
p = _tcsrchr(TargetFilename, TEXT('.'));
|
|
|
|
if(p && !lstrcmpi(p, pszInfSuffix)) {
|
|
//
|
|
// It's an INF. Construct the full target path to see where it's
|
|
// going.
|
|
//
|
|
lstrcpyn(
|
|
TargetPath,
|
|
pSetupStringTableStringFromId(Queue->StringTable, QueueNode->TargetDirectory),
|
|
SIZECHARS(TargetPath)
|
|
);
|
|
|
|
pSetupConcatenatePaths(TargetPath,
|
|
TargetFilename,
|
|
SIZECHARS(TargetPath),
|
|
NULL
|
|
);
|
|
|
|
if(!pSetupInfIsFromOemLocation(TargetPath, TRUE)) {
|
|
//
|
|
// It is invalid to copy an INF into %windir%\Inf via a file
|
|
// queue. Report this file as unsigned...
|
|
//
|
|
*Problem = SetupapiVerifyIncorrectlyCopiedInf;
|
|
lstrcpy(ProblemFile, FileToVerifyFullPath);
|
|
|
|
return ERROR_INCORRECTLY_COPIED_INF;
|
|
}
|
|
}
|
|
}
|
|
|
|
//
|
|
// Check to see if the source file is signed.
|
|
//
|
|
if(QueueNode && QueueNode->CatalogInfo) {
|
|
//
|
|
// We should never have the IQF_FROM_BAD_OEM_INF internal flag set in
|
|
// this case.
|
|
//
|
|
MYASSERT(!(QueueNode->InternalFlags & IQF_FROM_BAD_OEM_INF));
|
|
|
|
if(*(QueueNode->CatalogInfo->CatalogFilenameOnSystem)) {
|
|
//
|
|
// The fact that our catalog info node has a filename filled in
|
|
// means we successfully verfied this catalog previously. So
|
|
// all we need _VerifyFile to do is just verify the temporary
|
|
// (source) file against that catalog.
|
|
//
|
|
rc = _VerifyFile(LogContext,
|
|
&(Queue->hCatAdmin),
|
|
&(Queue->hSDBDrvMain),
|
|
QueueNode->CatalogInfo->CatalogFilenameOnSystem,
|
|
NULL,
|
|
0,
|
|
Key,
|
|
FileToVerifyFullPath,
|
|
Problem,
|
|
ProblemFile,
|
|
TRUE,
|
|
AltPlatformInfo,
|
|
Flags,
|
|
CatalogFileUsed,
|
|
NULL,
|
|
DigitalSigner,
|
|
SignerVersion
|
|
);
|
|
} else {
|
|
//
|
|
// If there's no error associated with this catalog info node, then
|
|
// that simply means that the INF didn't specify a CatalogFile=
|
|
// entry, thus we should do global validation. If there is an
|
|
// error then we still need to check if the driver is in the bad
|
|
// driver database.
|
|
//
|
|
// If the queue has an alternate default catalog file associated
|
|
// with it, then retrieve that catalog's name for use later.
|
|
//
|
|
AltCatalogFile = (Queue->AltCatalogFile != -1)
|
|
? pSetupStringTableStringFromId(Queue->StringTable, Queue->AltCatalogFile)
|
|
: NULL;
|
|
|
|
rc = _VerifyFile(LogContext,
|
|
&(Queue->hCatAdmin),
|
|
&(Queue->hSDBDrvMain),
|
|
AltCatalogFile,
|
|
NULL,
|
|
0,
|
|
Key,
|
|
FileToVerifyFullPath,
|
|
Problem,
|
|
ProblemFile,
|
|
FALSE,
|
|
AltPlatformInfo,
|
|
Flags |
|
|
((QueueNode->CatalogInfo->VerificationFailureError == NO_ERROR)
|
|
? 0
|
|
: VERIFY_FILE_DRIVERBLOCKED_ONLY),
|
|
CatalogFileUsed,
|
|
NULL,
|
|
DigitalSigner,
|
|
SignerVersion
|
|
);
|
|
|
|
if ((rc == NO_ERROR) &&
|
|
(QueueNode->CatalogInfo->VerificationFailureError != NO_ERROR)) {
|
|
//
|
|
// If there is an error associated with this catalog info node
|
|
// and the file was not in the bad driver database then return
|
|
// the error.
|
|
//
|
|
rc = QueueNode->CatalogInfo->VerificationFailureError;
|
|
|
|
if(rc == ERROR_NO_CATALOG_FOR_OEM_INF) {
|
|
//
|
|
// The failure is the INF's fault (it's an OEM INF that
|
|
// copies files without specifying a catalog). Blame the
|
|
// INF, not the file being copied.
|
|
//
|
|
*Problem = SetupapiVerifyInfProblem;
|
|
MYASSERT(QueueNode->CatalogInfo->InfFullPath != -1);
|
|
InfFullPath = pSetupStringTableStringFromId(
|
|
Queue->StringTable,
|
|
QueueNode->CatalogInfo->InfFullPath
|
|
);
|
|
lstrcpy(ProblemFile, InfFullPath);
|
|
|
|
} else {
|
|
//
|
|
// We previously failed to validate the catalog file
|
|
// associated with this queue node.
|
|
//
|
|
*Problem = SetupapiVerifyFileNotSigned;
|
|
//
|
|
// If the caller didn't supply us with an original source filepath
|
|
// (which will be taken care of later), go ahead and copy the path
|
|
// of the file that was to be verified.
|
|
//
|
|
if(!OriginalSourceFileFullPath) {
|
|
lstrcpy(ProblemFile, FileToVerifyFullPath);
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
} else {
|
|
//
|
|
// We have no queue, or we couldn't associate this source file back
|
|
// to a catalog info node that tells us exactly which catalog to use
|
|
// for verification. Thus, we'll have to settle for global
|
|
// validation.
|
|
//
|
|
BOOL InfIsBad = FALSE;
|
|
rc = NO_ERROR;
|
|
|
|
if(Queue) {
|
|
|
|
if(Queue->AltCatalogFile == -1) {
|
|
|
|
if(QueueNode && (QueueNode->InternalFlags & IQF_FROM_BAD_OEM_INF)) {
|
|
InfIsBad = TRUE;
|
|
}
|
|
|
|
AltCatalogFile = NULL;
|
|
|
|
} else {
|
|
//
|
|
// We have an alternate catalog file to use instead of global
|
|
// validation.
|
|
//
|
|
AltCatalogFile = pSetupStringTableStringFromId(Queue->StringTable, Queue->AltCatalogFile);
|
|
}
|
|
|
|
} else {
|
|
AltCatalogFile = NULL;
|
|
}
|
|
|
|
rc = _VerifyFile(LogContext,
|
|
Queue ? &(Queue->hCatAdmin) : NULL,
|
|
Queue ? &(Queue->hSDBDrvMain) : NULL,
|
|
AltCatalogFile,
|
|
NULL,
|
|
0,
|
|
Key,
|
|
FileToVerifyFullPath,
|
|
Problem,
|
|
ProblemFile,
|
|
FALSE,
|
|
AltPlatformInfo,
|
|
Flags |
|
|
(InfIsBad ? VERIFY_FILE_DRIVERBLOCKED_ONLY : 0),
|
|
CatalogFileUsed,
|
|
NULL,
|
|
DigitalSigner,
|
|
SignerVersion
|
|
);
|
|
|
|
if (rc == NO_ERROR) {
|
|
if(InfIsBad) {
|
|
//
|
|
// The driver file was not blocked, but the INF was bad so set
|
|
// the appropriate error and problem values.
|
|
//
|
|
rc = ERROR_NO_CATALOG_FOR_OEM_INF;
|
|
*Problem = SetupapiVerifyFileProblem;
|
|
lstrcpy(ProblemFile, FileToVerifyFullPath);
|
|
}
|
|
}
|
|
}
|
|
|
|
//
|
|
// If the problem was with the file (as opposed to with the catalog), then
|
|
// use the real source name, if supplied, as opposed to the temporary
|
|
// filename we passed into _VerifyFile.
|
|
//
|
|
if((rc != NO_ERROR) && OriginalSourceFileFullPath &&
|
|
((*Problem == SetupapiVerifyFileNotSigned) || (*Problem == SetupapiVerifyFileProblem))) {
|
|
|
|
lstrcpy(ProblemFile, OriginalSourceFileFullPath);
|
|
}
|
|
|
|
return rc;
|
|
}
|
|
|
|
|
|
BOOL
|
|
VerifyDeviceInfFile(
|
|
IN PSETUP_LOG_CONTEXT LogContext,
|
|
IN OUT HCATADMIN *hCatAdmin, OPTIONAL
|
|
IN LPCTSTR CurrentInfName,
|
|
IN PLOADED_INF pInf,
|
|
IN PSP_ALTPLATFORM_INFO_V2 AltPlatformInfo, OPTIONAL
|
|
OUT LPTSTR CatalogFileUsed, OPTIONAL
|
|
OUT LPTSTR DigitalSigner, OPTIONAL
|
|
OUT LPTSTR SignerVersion OPTIONAL
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine performs a digital signature verification on the specified
|
|
INF file.
|
|
|
|
Arguments:
|
|
|
|
LogContext - supplies the log context to be used in logging an error if
|
|
we encounter an error.
|
|
|
|
hCatAdmin - optionally, supplies the address of an HCATADMIN handle. If
|
|
the handle pointed to is NULL, a handle will be acquired (if possible)
|
|
via CryptCATAdminAcquireContext and returned to the caller. If the
|
|
handle pointed to is non-NULL, then that handle will be used for any
|
|
validation done via this routine. If the pointer itself is NULL, then
|
|
an hCatAdmin will be acquired for the duration of this call, and
|
|
released before returning.
|
|
|
|
NOTE: it is the caller's responsibility to free the crypto context
|
|
handle returned by this routine by calling CryptCATAdminReleaseContext.
|
|
This handle may be opened in either success or failure cases, so the
|
|
caller must check for non-NULL returned handle in both cases.
|
|
|
|
CurrentInfName - supplies the full path to the INF to be validated
|
|
|
|
pInf - supplies a pointer to the LOADED_INF structure corresponding to this
|
|
INF.
|
|
|
|
AltPlatformInfo - optionally, supplies alternate platform information to
|
|
be used when validating this INF.
|
|
|
|
CatalogFileUsed - optionally, supplies a character buffer that must be at
|
|
least MAX_PATH characters in size. Upon successful return, this buffer
|
|
will be filled in with the catalog file used to validate the INF.
|
|
|
|
DigitalSigner - optionally, supplies a character buffer that must be at
|
|
least MAX_PATH characters in size. Upon successful return, this buffer
|
|
will be filled in with the name of the signer.
|
|
|
|
SignerVersion - optionally, supplies a character buffer that must be at
|
|
least MAX_PATH characters in size. Upon successful return, this buffer
|
|
will be filled in with the signer version information.
|
|
|
|
Return Value:
|
|
|
|
If the INF's signature is successfully verified, the return value is
|
|
non-zero (TRUE).
|
|
Otherwise, the return value is FALSE. GetLastError can be used to obtain
|
|
the Win32 error code indicating the cause of failure.
|
|
|
|
--*/
|
|
{
|
|
BOOL DifferentOriginalName;
|
|
TCHAR OriginalCatalogName[MAX_PATH];
|
|
TCHAR CatalogPath[MAX_PATH];
|
|
TCHAR OriginalInfFileName[MAX_PATH];
|
|
DWORD Err;
|
|
PSP_ALTPLATFORM_INFO_V2 ValidationPlatform;
|
|
|
|
if(GlobalSetupFlags & PSPGF_MINIMAL_EMBEDDED) {
|
|
//
|
|
// Nobody had better be calling this expecting to get back any info
|
|
// about a successful verification!
|
|
//
|
|
MYASSERT(!CatalogFileUsed);
|
|
MYASSERT(!DigitalSigner);
|
|
MYASSERT(!SignerVersion);
|
|
|
|
return TRUE;
|
|
}
|
|
|
|
if(GlobalSetupFlags & PSPGF_AUTOFAIL_VERIFIES) {
|
|
SetLastError(TRUST_E_FAIL);
|
|
return FALSE;
|
|
}
|
|
|
|
CatalogPath[0] = TEXT('\0');
|
|
|
|
Err = pGetInfOriginalNameAndCatalogFile(pInf,
|
|
NULL,
|
|
&DifferentOriginalName,
|
|
OriginalInfFileName,
|
|
SIZECHARS(OriginalInfFileName),
|
|
OriginalCatalogName,
|
|
SIZECHARS(OriginalCatalogName),
|
|
AltPlatformInfo
|
|
);
|
|
|
|
if(Err != NO_ERROR) {
|
|
SetLastError(Err);
|
|
return FALSE;
|
|
}
|
|
|
|
if(pSetupInfIsFromOemLocation(CurrentInfName, TRUE)) {
|
|
//
|
|
// INF isn't in %windir%\Inf (i.e., it's 3rd-party), so it had better
|
|
// specify a catalog file...
|
|
//
|
|
if(!*OriginalCatalogName) {
|
|
SetLastError(ERROR_NO_CATALOG_FOR_OEM_INF);
|
|
return FALSE;
|
|
}
|
|
|
|
//
|
|
// ...and the CAT must reside in the same directory as the INF.
|
|
//
|
|
lstrcpy(CatalogPath, CurrentInfName);
|
|
lstrcpy((PTSTR)pSetupGetFileTitle(CatalogPath), OriginalCatalogName);
|
|
|
|
} else {
|
|
//
|
|
// The INF lives in %windir%\Inf.
|
|
// If it is a 3rd party INF then we want to set the CatalogPath to
|
|
// the current INF name with .CAT at the end instead of .INF (e.g
|
|
// oem1.cat). If this is not an OEM catalog then we won't set the
|
|
// CatalogPath so we can search all of the catalogs in the system.
|
|
//
|
|
// We will assume that if the INF had a different original name.
|
|
//
|
|
if (DifferentOriginalName) {
|
|
lstrcpy(CatalogPath, pSetupGetFileTitle(CurrentInfName));
|
|
lstrcpy(_tcsrchr(CatalogPath, TEXT('.')), pszCatSuffix);
|
|
}
|
|
}
|
|
|
|
if(DifferentOriginalName) {
|
|
MYASSERT(*OriginalInfFileName);
|
|
} else {
|
|
//
|
|
// INF's current name is the same as its original name, so store the
|
|
// simple filename (sans path) for use as the validation key in the
|
|
// upcoming call to _VerifyFile.
|
|
//
|
|
lstrcpy(OriginalInfFileName, pSetupGetFileTitle(CurrentInfName));
|
|
}
|
|
|
|
//
|
|
// If the caller didn't supply alternate platform information, we need to
|
|
// check and see whether a range of OSATTR versions should be considered
|
|
// valid for this INF's class.
|
|
//
|
|
if(!AltPlatformInfo) {
|
|
|
|
IsInfForDeviceInstall(LogContext,
|
|
NULL,
|
|
pInf,
|
|
NULL,
|
|
&ValidationPlatform,
|
|
NULL,
|
|
NULL
|
|
);
|
|
} else {
|
|
ValidationPlatform = NULL;
|
|
}
|
|
|
|
Err = _VerifyFile(LogContext,
|
|
hCatAdmin,
|
|
NULL,
|
|
(*CatalogPath ? CatalogPath : NULL),
|
|
NULL,
|
|
0,
|
|
OriginalInfFileName,
|
|
CurrentInfName,
|
|
NULL,
|
|
NULL,
|
|
FALSE,
|
|
(AltPlatformInfo ? AltPlatformInfo : ValidationPlatform),
|
|
(VERIFY_FILE_IGNORE_SELFSIGNED
|
|
| VERIFY_FILE_NO_DRIVERBLOCKED_CHECK),
|
|
CatalogFileUsed,
|
|
NULL,
|
|
DigitalSigner,
|
|
SignerVersion);
|
|
|
|
if(ValidationPlatform) {
|
|
MyFree(ValidationPlatform);
|
|
}
|
|
|
|
SetLastError(Err);
|
|
|
|
return (Err == NO_ERROR);
|
|
}
|
|
|
|
|
|
BOOL
|
|
IsFileProtected(
|
|
IN LPCTSTR FileFullPath,
|
|
IN PSETUP_LOG_CONTEXT LogContext, OPTIONAL
|
|
OUT PHANDLE phSfp OPTIONAL
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine determines whether the specified file is a protected system
|
|
file.
|
|
|
|
Arguments:
|
|
|
|
FileFullPath - supplies the full path to the file of interest
|
|
|
|
LogContext - supplies the log context to be used in logging an error if
|
|
we're unable to open an SFC handle.
|
|
|
|
phSfp - optionally, supplies the address of a handle variable that will be
|
|
filled in with a handle to the SFC server. This will only be supplied
|
|
when the routine returns TRUE (i.e., the file is SFP-protected).
|
|
|
|
Return Value:
|
|
|
|
If the file is protected, the return value is TRUE, otherwise it is FALSE.
|
|
|
|
--*/
|
|
{
|
|
BOOL ret;
|
|
|
|
#ifdef UNICODE
|
|
HANDLE hSfp;
|
|
|
|
hSfp = SfcConnectToServer(NULL);
|
|
|
|
if(!hSfp) {
|
|
//
|
|
// This ain't good...
|
|
//
|
|
WriteLogEntry(LogContext,
|
|
SETUP_LOG_ERROR,
|
|
MSG_LOG_SFC_CONNECT_FAILED,
|
|
NULL
|
|
);
|
|
|
|
return FALSE;
|
|
}
|
|
|
|
try {
|
|
ret = SfcIsFileProtected(hSfp, FileFullPath);
|
|
} except(EXCEPTION_EXECUTE_HANDLER) {
|
|
ret = FALSE;
|
|
}
|
|
|
|
//
|
|
// If the file _is_ protected, and the caller wants the SFP handle (e.g.,
|
|
// to subsequently exempt an unsigned replacement operation), then save
|
|
// the handle in the caller-supplied buffer. Otherwise, close the handle.
|
|
//
|
|
if(ret && phSfp) {
|
|
*phSfp = hSfp;
|
|
} else {
|
|
SfcClose(hSfp);
|
|
}
|
|
|
|
#else // no file protection on Win9x
|
|
ret = FALSE;
|
|
#endif
|
|
|
|
return ret;
|
|
}
|
|
|
|
PSTR
|
|
GetAnsiMuiSafePathname(
|
|
IN PCTSTR FilePath
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Remove filename portion of FilePath
|
|
and convert rest of path to be MUI parse safe
|
|
Note that the returned pathname is such that the FileName can be cat'd
|
|
so for "E:\i386\myfile.dl_" FilePath = "E:\i386\" and FileName = "myfile.dl_"
|
|
|
|
*This is required* (it also happens to make this code easier)
|
|
|
|
Arguments:
|
|
|
|
FilePath - path+filename to convert
|
|
|
|
Return Value:
|
|
|
|
If successful, the return value is pointer to ANSI filepath (memory allocated by pSetupMalloc)
|
|
If unsuccessful, the return value is NULL and GetLastError returns error
|
|
|
|
--*/
|
|
{
|
|
TCHAR Buffer[MAX_PATH];
|
|
LPTSTR FilePart;
|
|
DWORD actsz;
|
|
|
|
actsz = GetFullPathName(FilePath,MAX_PATH,Buffer,&FilePart);
|
|
if(actsz == 0) {
|
|
//
|
|
// GetLastError has error
|
|
//
|
|
return NULL;
|
|
}
|
|
if(actsz >= MAX_PATH) {
|
|
//
|
|
// can't do anything with this path
|
|
//
|
|
SetLastError(ERROR_INVALID_DATA);
|
|
return NULL;
|
|
}
|
|
if(FilePart==NULL) {
|
|
Buffer[0] = TEXT('\0');
|
|
} else {
|
|
FilePart[0] = TEXT('\0');
|
|
}
|
|
return GetAnsiMuiSafeFilename(Buffer);
|
|
}
|
|
|
|
|
|
#ifdef UNICODE
|
|
|
|
PSTR
|
|
GetAnsiMuiSafeFilename(
|
|
IN PCTSTR FilePath
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Convert FilePath, which is a native file path to one that is safe to parse
|
|
by ansi API's in an MUI environment.
|
|
|
|
returned pointer is allocated and should be free'd
|
|
|
|
Arguments:
|
|
|
|
FilePath - path to convert
|
|
|
|
Return Value:
|
|
|
|
If successful, the return value is pointer to ANSI filepath (memory allocated by pSetupMalloc)
|
|
If unsuccessful, the return value is NULL and GetLastError returns error
|
|
|
|
--*/
|
|
{
|
|
TCHAR Buffer[MAX_PATH];
|
|
PTSTR p;
|
|
PSTR ansiPath;
|
|
DWORD actsz;
|
|
DWORD err;
|
|
|
|
actsz = GetShortPathName(FilePath,Buffer,MAX_PATH);
|
|
if(actsz >= MAX_PATH) {
|
|
//
|
|
// file path too big
|
|
//
|
|
SetLastError(ERROR_INVALID_DATA);
|
|
return NULL;
|
|
}
|
|
if(!actsz)
|
|
{
|
|
//
|
|
// some other error - resort back to current path name
|
|
//
|
|
lstrcpyn(Buffer,FilePath,MAX_PATH);
|
|
}
|
|
//
|
|
// convert to ansi now we've (if we can) converted to short path name
|
|
//
|
|
ansiPath = pSetupUnicodeToAnsi(Buffer);
|
|
if(!ansiPath) {
|
|
SetLastError(ERROR_NOT_ENOUGH_MEMORY);
|
|
return NULL;
|
|
}
|
|
return ansiPath;
|
|
}
|
|
|
|
#else
|
|
|
|
PSTR
|
|
GetAnsiMuiSafeFilename(
|
|
IN PCTSTR FilePath
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
See above, this is almost a no-op in ANSI
|
|
|
|
Arguments:
|
|
|
|
FilePath - supplies a context for logging the verify
|
|
|
|
Return Value:
|
|
|
|
If successful, the return value is pointer to ANSI filepath (memory allocated by pSetupMalloc)
|
|
If unsuccessful, the return value is NULL and GetLastError returns error
|
|
|
|
--*/
|
|
{
|
|
PSTR res = DuplicateString(FilePath);
|
|
if(!res) {
|
|
SetLastError(ERROR_NOT_ENOUGH_MEMORY);
|
|
}
|
|
return res;
|
|
}
|
|
|
|
#endif
|
|
|
|
BOOL
|
|
pSetupAppendPath(
|
|
IN PCTSTR Path1,
|
|
IN PCTSTR Path2,
|
|
OUT PTSTR* Combined
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Call pSetupConcatenatePaths
|
|
dynamically modifying memory/pointer
|
|
|
|
Arguments:
|
|
|
|
Path1/Path2 - to concatenate
|
|
Combined - resultant path
|
|
|
|
|
|
Return Value:
|
|
|
|
TRUE if the full path fit in Target buffer. Otherwise the path
|
|
not created.
|
|
|
|
--*/
|
|
{
|
|
PTSTR FinalPath;
|
|
UINT Len;
|
|
|
|
if(!Path1 && !Path2) {
|
|
*Combined = NULL;
|
|
return TRUE;
|
|
}
|
|
if(!Path1) {
|
|
*Combined = DuplicateString(Path2);
|
|
return *Combined ? TRUE : FALSE;
|
|
}
|
|
if(!Path2) {
|
|
*Combined = DuplicateString(Path1);
|
|
return *Combined ? TRUE : FALSE;
|
|
}
|
|
|
|
Len = lstrlen(Path1)+lstrlen(Path2)+2; // slash and null
|
|
|
|
FinalPath = MyMalloc(Len*sizeof(TCHAR));
|
|
if(!FinalPath) {
|
|
*Combined = NULL;
|
|
return FALSE;
|
|
}
|
|
lstrcpy(FinalPath,Path1);
|
|
if(!pSetupConcatenatePaths(FinalPath,Path2,Len,NULL)) {
|
|
MyFree(FinalPath);
|
|
*Combined = NULL;
|
|
return FALSE;
|
|
}
|
|
*Combined = FinalPath;
|
|
return TRUE;
|
|
}
|
|
|
|
BOOL
|
|
pSetupApplyExtension(
|
|
IN PCTSTR Original,
|
|
IN PCTSTR Extension,
|
|
OUT PTSTR* NewName
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Apply Extension onto Original to obtain NewName
|
|
|
|
Arguments:
|
|
|
|
Original - original name with old extension
|
|
Extension - new extension to apply (with or without dot)
|
|
NewName - allocated buffer containing new filename
|
|
|
|
|
|
Return Value:
|
|
|
|
TRUE if the full path fit in Target buffer. Otherwise the path
|
|
not created.
|
|
|
|
--*/
|
|
{
|
|
PCTSTR End = Original+lstrlen(Original);
|
|
PCTSTR OldExt = End;
|
|
PTSTR NewString = NULL;
|
|
TCHAR c;
|
|
UINT len;
|
|
UINT sublen;
|
|
if(Extension && (Extension[0] == TEXT('.'))) {
|
|
Extension++;
|
|
}
|
|
|
|
while(End!= Original) {
|
|
End = CharPrev(Original,End);
|
|
if((*End == TEXT('/')) || (*End == TEXT('\\'))) {
|
|
break;
|
|
}
|
|
if(*End == TEXT('.')) {
|
|
OldExt = End;
|
|
break;
|
|
}
|
|
}
|
|
sublen = (UINT)(OldExt-Original);
|
|
len = sublen + lstrlen(Extension) + 2;
|
|
NewString = MyMalloc(len*sizeof(TCHAR));
|
|
if(!NewString) {
|
|
*NewName = NULL;
|
|
return FALSE;
|
|
}
|
|
memcpy(NewString,Original,(sublen)*sizeof(TCHAR));
|
|
NewString[sublen++] = Extension ? TEXT('.') : TEXT('\0');
|
|
if(Extension) {
|
|
lstrcpy(NewString+sublen,Extension);
|
|
}
|
|
*NewName = NewString;
|
|
return TRUE;
|
|
}
|
|
|
|
|
|
BOOL
|
|
ClassGuidInDrvSignPolicyList(
|
|
IN PSETUP_LOG_CONTEXT LogContext, OPTIONAL
|
|
IN CONST GUID *DeviceSetupClassGuid,
|
|
OUT PSP_ALTPLATFORM_INFO_V2 *ValidationPlatform OPTIONAL
|
|
)
|
|
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine determines whether the specified device setup class is among
|
|
the list of classes for which driver signing policy is applicable (i.e., as
|
|
indicated by the class's inclusion in the [DriverSigningClasses] section of
|
|
%windir%\Inf\certclas.inf). Additionally, if an non-native signature
|
|
validation lower-bound is applicable, a newly-allocated alternate platform
|
|
info structure is returned to the caller (if requested) to be used in
|
|
subsequent validation attempts associated with this class.
|
|
|
|
Arguments:
|
|
|
|
LogContext - Optionally, supplies the log context for any log entries that
|
|
might be generated by this routine.
|
|
|
|
DeviceSetupClassGuid - Supplies the address of the GUID we're attempting to
|
|
find in our driver signing policy list.
|
|
|
|
ValidationPlatform - Optionally, supplies the address of a (version 2)
|
|
altplatform info pointer (initialized to NULL) that is filled in upon
|
|
return with a newly-allocated structure specifying the appropriate
|
|
parameters to be passed to WinVerifyTrust when validating this INF.
|
|
These parameters are retrieved from certclas.inf for the relevant
|
|
device setup class GUID. If no special parameters are specified for
|
|
this class (or if the INF has no class at all), then this pointer is
|
|
not modified (i.e., left as NULL) causes us to use WinVerifyTrust's
|
|
default validation. Note that if we fail to allocate this structure
|
|
due to low-memory, the pointer will be left as NULL in that case as
|
|
well. This is OK, because this simply means we'll do default
|
|
validation in that case.
|
|
|
|
The caller is responsible for freeing the memory allocated for this
|
|
structure.
|
|
|
|
Return Value:
|
|
|
|
If the device setup class is in our driver signing policy list, the return
|
|
value is non-zero (TRUE). Otherwise, it is FALSE.
|
|
|
|
--*/
|
|
|
|
{
|
|
DWORD Err;
|
|
BOOL UseDrvSignPolicy;
|
|
INT i;
|
|
TCHAR CertClassInfPath[MAX_PATH];
|
|
HINF hCertClassInf = INVALID_HANDLE_VALUE;
|
|
INFCONTEXT InfContext;
|
|
UINT ErrorLine;
|
|
LONG LineCount;
|
|
PCTSTR GuidString;
|
|
|
|
//
|
|
// Default is to lump all device installs under driver signing policy
|
|
//
|
|
UseDrvSignPolicy = TRUE;
|
|
|
|
//
|
|
// If the caller supplied the ValidationPlatform parameter it must be
|
|
// pointing to a NULL pointer...
|
|
//
|
|
MYASSERT(!ValidationPlatform || !*ValidationPlatform);
|
|
|
|
if(LockDrvSignPolicyList(&GlobalDrvSignPolicyList)) {
|
|
|
|
if(GlobalDrvSignPolicyList.NumMembers == -1) {
|
|
//
|
|
// We've not yet retrieved the list from certclas.inf. First,
|
|
// verify the INF to make sure no one has tampered with it...
|
|
//
|
|
lstrcpyn(CertClassInfPath, InfDirectory,SIZECHARS(CertClassInfPath)-13);
|
|
lstrcat(CertClassInfPath, TEXT("\\certclas.inf"));
|
|
|
|
Err = _VerifyFile(LogContext,
|
|
NULL,
|
|
NULL,
|
|
NULL,
|
|
NULL,
|
|
0,
|
|
pSetupGetFileTitle(CertClassInfPath),
|
|
CertClassInfPath,
|
|
NULL,
|
|
NULL,
|
|
FALSE,
|
|
NULL,
|
|
(VERIFY_FILE_IGNORE_SELFSIGNED | VERIFY_FILE_NO_DRIVERBLOCKED_CHECK),
|
|
NULL,
|
|
NULL,
|
|
NULL,
|
|
NULL
|
|
);
|
|
|
|
if(Err == NO_ERROR) {
|
|
//
|
|
// Open up driver signing class list INF for use when examining
|
|
// the individual INFs in the LOADED_INF list below.
|
|
//
|
|
hCertClassInf = SetupOpenInfFile(CertClassInfPath,
|
|
NULL,
|
|
INF_STYLE_WIN4,
|
|
&ErrorLine
|
|
);
|
|
|
|
if(hCertClassInf == INVALID_HANDLE_VALUE) {
|
|
//
|
|
// This failure is highly unlikely to occur, since we just got
|
|
// through validating the INF.
|
|
//
|
|
Err = GetLastError();
|
|
|
|
WriteLogEntry(LogContext,
|
|
SETUP_LOG_WARNING | SETUP_LOG_BUFFER,
|
|
MSG_LOG_CERTCLASS_LOAD_FAILED,
|
|
NULL,
|
|
CertClassInfPath,
|
|
ErrorLine
|
|
);
|
|
}
|
|
|
|
} else {
|
|
|
|
WriteLogEntry(LogContext,
|
|
SETUP_LOG_WARNING | SETUP_LOG_BUFFER,
|
|
MSG_LOG_CERTCLASS_INVALID,
|
|
NULL,
|
|
CertClassInfPath
|
|
);
|
|
}
|
|
|
|
if(Err != NO_ERROR) {
|
|
//
|
|
// Somebody mucked with/deleted certclas.inf! (Or, much less
|
|
// likely, we encountered some other failure whilst trying to
|
|
// load the INF.) Since we don't know which classes are
|
|
// subject to driver signing policy, we assume they all are.
|
|
//
|
|
WriteLogError(LogContext,
|
|
SETUP_LOG_WARNING | SETUP_LOG_BUFFER,
|
|
Err
|
|
);
|
|
|
|
WriteLogEntry(LogContext,
|
|
SETUP_LOG_WARNING,
|
|
MSG_LOG_DRIVER_SIGNING_FOR_ALL_CLASSES,
|
|
NULL
|
|
);
|
|
|
|
//
|
|
// Set the NumMembers field to zero, so we'll know we
|
|
// previously attempted (and failed) to retrieve the list. We
|
|
// do this so we don't keep re-trying to get this list.
|
|
//
|
|
GlobalDrvSignPolicyList.NumMembers = 0;
|
|
|
|
} else {
|
|
//
|
|
// Certclas.inf validated, and we successfully opened it. Now
|
|
// retrieve the list contained therein.
|
|
//
|
|
LineCount = SetupGetLineCount(hCertClassInf,
|
|
pszDriverSigningClasses
|
|
);
|
|
|
|
if((LineCount > 0) &&
|
|
(NULL != (GlobalDrvSignPolicyList.Members = MyMalloc(LineCount * sizeof(DRVSIGN_CLASS_LIST_NODE))))) {
|
|
|
|
if(SetupFindFirstLine(hCertClassInf,
|
|
pszDriverSigningClasses,
|
|
NULL,
|
|
&InfContext)) {
|
|
|
|
i = 0;
|
|
|
|
do {
|
|
|
|
MYASSERT(i < LineCount);
|
|
|
|
//
|
|
// The format of a line in the [DriverSigningClasses]
|
|
// section is as follows:
|
|
//
|
|
// {GUID} [= FirstValidatedMajorVersion, FirstValidatedMinorVersion]
|
|
//
|
|
GuidString = pSetupGetField(&InfContext, 0);
|
|
|
|
if(GuidString &&
|
|
(NO_ERROR == pSetupGuidFromString(GuidString, &(GlobalDrvSignPolicyList.Members[i].DeviceSetupClassGuid)))) {
|
|
|
|
if(SetupGetIntField(&InfContext, 1, &(GlobalDrvSignPolicyList.Members[i].MajorVerLB)) &&
|
|
SetupGetIntField(&InfContext, 2, &(GlobalDrvSignPolicyList.Members[i].MinorVerLB))) {
|
|
//
|
|
// We successfully retrieved major/minor
|
|
// version info for validation lower-bound.
|
|
// Do a sanity-check on these.
|
|
//
|
|
if(GlobalDrvSignPolicyList.Members[i].MajorVerLB <= 0) {
|
|
|
|
GlobalDrvSignPolicyList.Members[i].MajorVerLB = -1;
|
|
GlobalDrvSignPolicyList.Members[i].MinorVerLB = -1;
|
|
}
|
|
|
|
} else {
|
|
//
|
|
// Set major/minor version info to -1 to
|
|
// indicate there's no validation platform
|
|
// override.
|
|
//
|
|
GlobalDrvSignPolicyList.Members[i].MajorVerLB = -1;
|
|
GlobalDrvSignPolicyList.Members[i].MinorVerLB = -1;
|
|
}
|
|
|
|
i++;
|
|
}
|
|
|
|
} while(SetupFindNextLine(&InfContext, &InfContext));
|
|
|
|
//
|
|
// Update NumMembers field in our list to indicate the
|
|
// number of class GUID entries we actually found.
|
|
//
|
|
GlobalDrvSignPolicyList.NumMembers = i;
|
|
}
|
|
}
|
|
|
|
SetupCloseInfFile(hCertClassInf);
|
|
}
|
|
}
|
|
|
|
//
|
|
// We now have a list. If the list is empty, this means we
|
|
// encountered some problem retrieving the list, thus all device
|
|
// classes should be subject to driver signing policy. Otherwise,
|
|
// try to find the caller-specified class in our list.
|
|
//
|
|
if(GlobalDrvSignPolicyList.NumMembers) {
|
|
//
|
|
// OK, we know we have a valid list--now default to non-driver
|
|
// signing policy unless our list search proves fruitful.
|
|
//
|
|
UseDrvSignPolicy = FALSE;
|
|
|
|
for(i = 0; i < GlobalDrvSignPolicyList.NumMembers; i++) {
|
|
|
|
if(!memcmp(DeviceSetupClassGuid,
|
|
&(GlobalDrvSignPolicyList.Members[i].DeviceSetupClassGuid),
|
|
sizeof(GUID))) {
|
|
//
|
|
// We found a match!
|
|
//
|
|
UseDrvSignPolicy = TRUE;
|
|
|
|
//
|
|
// Now, check to see if we have any validation platform
|
|
// override info...
|
|
//
|
|
if(ValidationPlatform &&
|
|
(GlobalDrvSignPolicyList.Members[i].MajorVerLB != -1)) {
|
|
|
|
MYASSERT(GlobalDrvSignPolicyList.Members[i].MinorVerLB != -1);
|
|
|
|
*ValidationPlatform = MyMalloc(sizeof(SP_ALTPLATFORM_INFO_V2));
|
|
|
|
//
|
|
// If the memory allocation fails, we just won't report
|
|
// the altplatform info, so the validation will be done
|
|
// based on the current OS version (instead of widening
|
|
// it up to allow a range of valid versions).
|
|
//
|
|
if(*ValidationPlatform) {
|
|
ZeroMemory(*ValidationPlatform, sizeof(SP_ALTPLATFORM_INFO_V2));
|
|
|
|
(*ValidationPlatform)->cbSize = sizeof(SP_ALTPLATFORM_INFO_V2);
|
|
(*ValidationPlatform)->Platform = VER_PLATFORM_WIN32_NT;
|
|
(*ValidationPlatform)->Flags = SP_ALTPLATFORM_FLAGS_VERSION_RANGE;
|
|
(*ValidationPlatform)->MajorVersion = VER_PRODUCTMAJORVERSION;
|
|
(*ValidationPlatform)->MinorVersion = VER_PRODUCTMINORVERSION;
|
|
|
|
(*ValidationPlatform)->ProcessorArchitecture =
|
|
#if defined(_AXP64_)
|
|
PROCESSOR_ARCHITECTURE_ALPHA64;
|
|
#elif defined(_ALPHA_)
|
|
PROCESSOR_ARCHITECTURE_ALPHA;
|
|
#elif defined(_MIPS_)
|
|
PROCESSOR_ARCHITECTURE_MIPS;
|
|
#elif defined(_PPC_)
|
|
PROCESSOR_ARCHITECTURE_PPC;
|
|
#elif defined(_X86_)
|
|
PROCESSOR_ARCHITECTURE_INTEL;
|
|
#elif defined(_IA64_)
|
|
PROCESSOR_ARCHITECTURE_IA64;
|
|
#elif defined(_AMD64_)
|
|
PROCESSOR_ARCHITECTURE_AMD64;
|
|
#else
|
|
#error "no target architecture"
|
|
#endif
|
|
|
|
(*ValidationPlatform)->FirstValidatedMajorVersion
|
|
= (DWORD)(GlobalDrvSignPolicyList.Members[i].MajorVerLB);
|
|
|
|
(*ValidationPlatform)->FirstValidatedMinorVersion
|
|
= (DWORD)(GlobalDrvSignPolicyList.Members[i].MinorVerLB);
|
|
}
|
|
}
|
|
|
|
//
|
|
// Since we've found a match, we can break out of the loop.
|
|
//
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
|
|
UnlockDrvSignPolicyList(&GlobalDrvSignPolicyList);
|
|
}
|
|
|
|
return UseDrvSignPolicy;
|
|
}
|
|
|
|
|
|
BOOL
|
|
InitDrvSignPolicyList(
|
|
VOID
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine initializes the global "Driver Signing Policy" list that is
|
|
retrieved (on first use) from %windir%\Inf\certclas.inf.
|
|
|
|
Arguments:
|
|
|
|
None
|
|
|
|
Return Value:
|
|
|
|
If success, the return value is TRUE, otherwise, it is FALSE.
|
|
|
|
--*/
|
|
{
|
|
ZeroMemory(&GlobalDrvSignPolicyList, sizeof(DRVSIGN_POLICY_LIST));
|
|
GlobalDrvSignPolicyList.NumMembers = -1;
|
|
return InitializeSynchronizedAccess(&GlobalDrvSignPolicyList.Lock);
|
|
}
|
|
|
|
|
|
VOID
|
|
DestroyDrvSignPolicyList(
|
|
VOID
|
|
)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
This routine destroys the global "Driver Signing Policy" list that is
|
|
retrieved (on first use) from %windir%\Inf\certclas.inf.
|
|
|
|
Arguments:
|
|
|
|
None
|
|
|
|
Return Value:
|
|
|
|
None
|
|
|
|
--*/
|
|
{
|
|
if(LockDrvSignPolicyList(&GlobalDrvSignPolicyList)) {
|
|
if(GlobalDrvSignPolicyList.Members) {
|
|
MyFree(GlobalDrvSignPolicyList.Members);
|
|
}
|
|
DestroySynchronizedAccess(&GlobalDrvSignPolicyList.Lock);
|
|
}
|
|
}
|
|
|