mirror of https://github.com/tongzx/nt5src
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1804 lines
51 KiB
1804 lines
51 KiB
// USERLIST.cpp : implementation file
|
|
//
|
|
|
|
#include "stdafx.h"
|
|
#include "EFSADU.h"
|
|
#include "USERLIST.h"
|
|
#include "cryptui.h"
|
|
#include "objsel.h"
|
|
#include <winefs.h>
|
|
#include "efsui.h"
|
|
|
|
|
|
#ifdef _DEBUG
|
|
#define new DEBUG_NEW
|
|
#undef THIS_FILE
|
|
static char THIS_FILE[] = __FILE__;
|
|
#endif
|
|
|
|
#define OTHERPEOPLE L"AddressBook"
|
|
#define TRUSTEDPEOPLE L"TrustedPeople"
|
|
|
|
|
|
LPSTR EfsOidlpstr = szOID_KP_EFS;
|
|
|
|
/////////////////////////////////////////////////////////////////////////////
|
|
// USERLIST dialog
|
|
|
|
|
|
USERLIST::USERLIST(CWnd* pParent /*=NULL*/)
|
|
: CDialog(USERLIST::IDD, pParent)
|
|
{
|
|
//{{AFX_DATA_INIT(USERLIST)
|
|
//}}AFX_DATA_INIT
|
|
}
|
|
|
|
USERLIST::USERLIST(LPCTSTR FileName, CWnd* pParent /*=NULL*/)
|
|
: CDialog(USERLIST::IDD, pParent)
|
|
{
|
|
m_FileName = FileName;
|
|
}
|
|
|
|
|
|
void USERLIST::DoDataExchange(CDataExchange* pDX)
|
|
{
|
|
CDialog::DoDataExchange(pDX);
|
|
//{{AFX_DATA_MAP(USERLIST)
|
|
DDX_Control(pDX, IDC_LISTRA, m_RecoveryListCtrl);
|
|
DDX_Control(pDX, IDC_LISTUSER, m_UserListCtrl);
|
|
DDX_Control(pDX, IDC_ADD, m_AddButton);
|
|
DDX_Control(pDX, IDC_REMOVE, m_RemoveButton);
|
|
//}}AFX_DATA_MAP
|
|
}
|
|
|
|
|
|
BEGIN_MESSAGE_MAP(USERLIST, CDialog)
|
|
//{{AFX_MSG_MAP(USERLIST)
|
|
ON_BN_CLICKED(IDC_REMOVE, OnRemove)
|
|
ON_BN_CLICKED(IDC_ADD, OnAdd)
|
|
ON_NOTIFY(NM_SETFOCUS, IDC_LISTUSER, OnSetfocusListuser)
|
|
ON_NOTIFY(NM_KILLFOCUS, IDC_LISTUSER, OnKillfocusListuser)
|
|
ON_NOTIFY(LVN_ITEMCHANGED, IDC_LISTUSER, OnItemchangedListuser)
|
|
//}}AFX_MSG_MAP
|
|
END_MESSAGE_MAP()
|
|
|
|
/////////////////////////////////////////////////////////////////////////////
|
|
// USERLIST message handlers
|
|
|
|
void USERLIST::OnRemove()
|
|
{
|
|
int ItemPos;
|
|
BOOL NoAction = FALSE;
|
|
CString NoCertName;
|
|
|
|
try{
|
|
NoCertName.LoadString(IDS_NOCERTNAME);
|
|
}
|
|
catch(...){
|
|
NoAction = TRUE;
|
|
}
|
|
|
|
if (NoAction){
|
|
return;
|
|
}
|
|
|
|
ItemPos = m_UserListCtrl.GetNextItem( -1, LVNI_SELECTED );
|
|
while ( ItemPos != -1 ){
|
|
|
|
CString CertName;
|
|
LPTSTR pCertName;
|
|
|
|
|
|
CertName = m_UserListCtrl.GetItemText( ItemPos, 0 );
|
|
if ( !CertName.Compare(NoCertName) ){
|
|
pCertName = NULL;
|
|
} else {
|
|
pCertName = CertName.GetBuffer(CertName.GetLength() + 1);
|
|
}
|
|
|
|
m_Users.Remove( pCertName);
|
|
m_UserListCtrl.DeleteItem( ItemPos );
|
|
if (pCertName){
|
|
CertName.ReleaseBuffer();
|
|
}
|
|
|
|
//
|
|
// Because we have deleted the item. We have to start from -1 again.
|
|
//
|
|
|
|
ItemPos = m_UserListCtrl.GetNextItem( -1, LVNI_SELECTED );
|
|
|
|
}
|
|
|
|
m_AddButton.SetFocus();
|
|
|
|
}
|
|
|
|
void USERLIST::OnCancel()
|
|
{
|
|
// TODO: Add extra cleanup here
|
|
|
|
CDialog::OnCancel();
|
|
}
|
|
|
|
void USERLIST::OnOK()
|
|
{
|
|
// TODO: Add extra validation here
|
|
|
|
LONG NoUsersToAdd = m_Users.GetUserAddedCnt();
|
|
LONG NoUsersToRemove = m_Users.GetUserRemovedCnt();
|
|
|
|
if ( (NoUsersToRemove - NoUsersToAdd) >= m_CurrentUsers) {
|
|
|
|
//
|
|
// All the users are going to be removed from the file. Do not allow.
|
|
//
|
|
|
|
CString ErrMsg;
|
|
|
|
if (ErrMsg.LoadString(IDS_NOREMOVEALL)){
|
|
MessageBox(ErrMsg);
|
|
}
|
|
return;
|
|
}
|
|
|
|
CDialog::OnOK();
|
|
}
|
|
|
|
STDAPI_(void) EfsDetail(HWND hwndParent, LPCWSTR FileName)
|
|
{
|
|
INT_PTR RetCode;
|
|
|
|
AFX_MANAGE_STATE(AfxGetStaticModuleState());
|
|
|
|
DWORD FileAttributes = GetFileAttributes(FileName);
|
|
|
|
if ( (-1 != FileAttributes) && ( FileAttributes & FILE_ATTRIBUTE_DIRECTORY)){
|
|
|
|
CString ErrMsg;
|
|
|
|
if (ErrMsg.LoadString(IDS_NOADDUSERDIR)){
|
|
MessageBox(hwndParent, ErrMsg, NULL, MB_OK);
|
|
}
|
|
return;
|
|
}
|
|
|
|
CWnd cwnd;
|
|
cwnd.FromHandle(hwndParent);
|
|
|
|
USERLIST DetailDialog(FileName, &cwnd);
|
|
|
|
RetCode = DetailDialog.DoModal();
|
|
if ( IDOK == RetCode ){
|
|
|
|
//
|
|
// Commit the change
|
|
//
|
|
|
|
DetailDialog.ApplyChanges( FileName );
|
|
|
|
} else if (IDCANCEL == RetCode) {
|
|
|
|
//
|
|
// Nothing needs to be done
|
|
//
|
|
|
|
}
|
|
|
|
}
|
|
|
|
BOOL WINAPI EfsFilter(
|
|
PCCERT_CONTEXT pCertContext,
|
|
BOOL *pfInitialSelectedCert,
|
|
void *pvCallbackData
|
|
)
|
|
{
|
|
BOOL disp = FALSE;
|
|
PCERT_ENHKEY_USAGE pUsage = NULL;
|
|
DWORD cbUsage = 0;
|
|
|
|
if (CertGetEnhancedKeyUsage(
|
|
pCertContext,
|
|
0,
|
|
NULL,
|
|
&cbUsage) && 0 != cbUsage){
|
|
|
|
pUsage = (PCERT_ENHKEY_USAGE) new BYTE[cbUsage];
|
|
|
|
if (pUsage){
|
|
|
|
if (CertGetEnhancedKeyUsage(
|
|
pCertContext,
|
|
0,
|
|
pUsage,
|
|
&cbUsage)){
|
|
|
|
//
|
|
// Search for EFS usage
|
|
//
|
|
|
|
DWORD cUsages = pUsage->cUsageIdentifier;
|
|
while (cUsages){
|
|
if (!strcmp(szOID_KP_EFS, pUsage->rgpszUsageIdentifier[cUsages-1])){
|
|
disp = TRUE;
|
|
break;
|
|
}
|
|
cUsages--;
|
|
}
|
|
|
|
|
|
}
|
|
|
|
delete [] pUsage;
|
|
|
|
}
|
|
}
|
|
|
|
return disp;
|
|
|
|
}
|
|
|
|
|
|
BOOL USERLIST::OnInitDialog()
|
|
{
|
|
CDialog::OnInitDialog();
|
|
CString WinTitle;
|
|
RECT ListRect;
|
|
DWORD ColWidth;
|
|
CString ColName;
|
|
CString ColCert;
|
|
CString RecName;
|
|
|
|
LPTSTR UserCertName = NULL;
|
|
BOOL EnableAddButton = FALSE;
|
|
PENCRYPTION_CERTIFICATE_HASH_LIST pUsers = NULL;
|
|
PENCRYPTION_CERTIFICATE_HASH_LIST pRecs = NULL;
|
|
|
|
try {
|
|
|
|
DWORD RetCode;
|
|
|
|
AfxFormatString1( WinTitle, IDS_DETAILWINTITLE, m_FileName );
|
|
SetWindowText( WinTitle );
|
|
|
|
m_CertChainPara.cbSize = sizeof(CERT_CHAIN_PARA);
|
|
m_CertChainPara.RequestedUsage.dwType = USAGE_MATCH_TYPE_AND;
|
|
|
|
//
|
|
// Check EFS EKU
|
|
//
|
|
|
|
m_CertChainPara.RequestedUsage.Usage.cUsageIdentifier = 1;
|
|
m_CertChainPara.RequestedUsage.Usage.rgpszUsageIdentifier=&EfsOidlpstr;
|
|
|
|
m_UserListCtrl.GetClientRect(&ListRect);
|
|
ColName.LoadString(IDS_USERCOLTITLE);
|
|
ColCert.LoadString(IDS_CERTCOLTITLE);
|
|
RecName.LoadString(IDS_RECCOLTITLE);
|
|
ColWidth = ( ListRect.right - ListRect.left ) / 4;
|
|
m_UserListCtrl.InsertColumn(0, ColName, LVCFMT_LEFT, ColWidth*3 );
|
|
m_UserListCtrl.InsertColumn(1, ColCert, LVCFMT_LEFT, ColWidth );
|
|
|
|
m_RecoveryListCtrl.GetClientRect(&ListRect);
|
|
ColWidth = ( ListRect.right - ListRect.left ) / 4;
|
|
m_RecoveryListCtrl.InsertColumn(0, RecName, LVCFMT_LEFT, ColWidth*3 );
|
|
m_RecoveryListCtrl.InsertColumn(1, ColCert, LVCFMT_LEFT, ColWidth );
|
|
|
|
RetCode = QueryUsersOnEncryptedFile( (LPWSTR)(LPCWSTR) m_FileName, &pUsers);
|
|
if ( !RetCode ){
|
|
|
|
RetCode = QueryRecoveryAgentsOnEncryptedFile( (LPWSTR)(LPCWSTR) m_FileName, &pRecs);
|
|
|
|
if ( !RetCode ){
|
|
|
|
//
|
|
// Got the info about the encrypted file
|
|
//
|
|
|
|
|
|
DWORD NUsers = pUsers->nCert_Hash;
|
|
BOOL RecDone = FALSE;
|
|
PENCRYPTION_CERTIFICATE_HASH_LIST pCertHashList = pUsers;
|
|
|
|
m_CurrentUsers = (LONG) NUsers;
|
|
|
|
//
|
|
// Get all the users
|
|
//
|
|
|
|
while ( NUsers > 0 ){
|
|
|
|
|
|
UserCertName = new TCHAR[_tcslen(pCertHashList->pUsers[NUsers - 1]->lpDisplayInformation) + 1];
|
|
if (UserCertName){
|
|
_tcscpy(UserCertName, pCertHashList->pUsers[NUsers - 1]->lpDisplayInformation);
|
|
} else {
|
|
AfxThrowMemoryException( );
|
|
}
|
|
|
|
//
|
|
// We got the user name
|
|
//
|
|
|
|
if (RecDone){
|
|
RetCode = m_Recs.Add(
|
|
UserCertName,
|
|
pCertHashList->pUsers[NUsers - 1]->pHash,
|
|
NULL
|
|
);
|
|
} else {
|
|
|
|
//
|
|
// Try to get a better name from the cert
|
|
//
|
|
|
|
LPTSTR UserName;
|
|
|
|
RetCode = TryGetBetterNameInCert(pCertHashList->pUsers[NUsers - 1]->pHash, &UserName);
|
|
if (ERROR_SUCCESS == RetCode){
|
|
|
|
//
|
|
// We get a better name from the certs
|
|
//
|
|
|
|
delete [] UserCertName;
|
|
UserCertName = UserName;
|
|
|
|
}
|
|
|
|
RetCode = m_Users.Add(
|
|
UserCertName,
|
|
pCertHashList->pUsers[NUsers - 1]->pHash,
|
|
NULL
|
|
);
|
|
}
|
|
|
|
if ( NO_ERROR != RetCode ) {
|
|
delete [] UserCertName;
|
|
UserCertName = NULL;
|
|
}
|
|
|
|
NUsers--;
|
|
if (NUsers == 0 && !RecDone){
|
|
|
|
//
|
|
// Let's deal with the recovery agents.
|
|
//
|
|
|
|
RecDone = TRUE;
|
|
pCertHashList = pRecs;
|
|
NUsers = pRecs->nCert_Hash;
|
|
}
|
|
}
|
|
|
|
|
|
if ( pRecs ){
|
|
FreeEncryptionCertificateHashList( pRecs );
|
|
pRecs = NULL;
|
|
}
|
|
|
|
//
|
|
// In memory intial list established
|
|
//
|
|
|
|
SetUpListBox(&EnableAddButton);
|
|
} else {
|
|
|
|
//
|
|
// Cannot get recovery info
|
|
//
|
|
CString ErrMsg;
|
|
|
|
if (ErrMsg.LoadString(IDS_NORECINFO)){
|
|
MessageBox(ErrMsg);
|
|
}
|
|
|
|
}
|
|
|
|
if ( pUsers ){
|
|
FreeEncryptionCertificateHashList( pUsers );
|
|
pUsers = NULL;
|
|
}
|
|
|
|
} else {
|
|
|
|
//
|
|
// Cannot get user info
|
|
//
|
|
|
|
CString ErrMsg;
|
|
|
|
if (ErrMsg.LoadString(IDS_NOINFO)){
|
|
MessageBox(ErrMsg);
|
|
}
|
|
}
|
|
|
|
}
|
|
catch (...) {
|
|
//
|
|
// The exception mostly is caused by out of memory.
|
|
// We can not prevent the page to be displayed from this routine,
|
|
// So we just go ahead with empty list
|
|
//
|
|
|
|
m_UserListCtrl.DeleteAllItems( );
|
|
m_RecoveryListCtrl.DeleteAllItems( );
|
|
|
|
|
|
//
|
|
// Delete works even if UserCertName == NULL
|
|
//
|
|
|
|
delete [] UserCertName;
|
|
if ( pUsers ){
|
|
FreeEncryptionCertificateHashList( pUsers );
|
|
}
|
|
if ( pRecs ){
|
|
FreeEncryptionCertificateHashList( pRecs );
|
|
}
|
|
|
|
}
|
|
|
|
m_RemoveButton.EnableWindow( FALSE );
|
|
if ( !EnableAddButton ){
|
|
m_AddButton.EnableWindow( FALSE );
|
|
}
|
|
|
|
return TRUE; // return TRUE unless you set the focus to a control
|
|
// EXCEPTION: OCX Property Pages should return FALSE
|
|
}
|
|
|
|
void USERLIST::ShowRemove()
|
|
{
|
|
if (m_UserListCtrl.GetSelectedCount() > 0){
|
|
|
|
//
|
|
// Enable the Remove Button
|
|
//
|
|
|
|
m_RemoveButton.EnableWindow( TRUE );
|
|
|
|
} else {
|
|
|
|
//
|
|
// Disable the Remove Button
|
|
//
|
|
|
|
m_RemoveButton.EnableWindow( FALSE );
|
|
|
|
}
|
|
}
|
|
|
|
DWORD
|
|
USERLIST::ApplyChanges(
|
|
LPCTSTR FileName
|
|
)
|
|
{
|
|
DWORD RetCode = NO_ERROR;
|
|
DWORD NoUsersToRemove;
|
|
DWORD NoUsersToAdd;
|
|
DWORD RemoveUserIndex;
|
|
DWORD AddUserIndex;
|
|
PENCRYPTION_CERTIFICATE_HASH_LIST RemoveUserList = NULL;
|
|
PENCRYPTION_CERTIFICATE_LIST AddUserList = NULL;
|
|
PVOID EnumHandle;
|
|
|
|
|
|
//
|
|
// Get all the users to be added or removed first
|
|
//
|
|
|
|
NoUsersToAdd = m_Users.GetUserAddedCnt();
|
|
NoUsersToRemove = m_Users.GetUserRemovedCnt();
|
|
|
|
if ( (NoUsersToAdd == 0) && (NoUsersToRemove == 0)){
|
|
return NO_ERROR;
|
|
}
|
|
|
|
if ( NoUsersToAdd ) {
|
|
|
|
//
|
|
// At least one user is to be added
|
|
//
|
|
|
|
DWORD BytesToAllocate;
|
|
|
|
BytesToAllocate = sizeof ( ENCRYPTION_CERTIFICATE_LIST ) +
|
|
NoUsersToAdd * sizeof ( PENCRYPTION_CERTIFICATE ) +
|
|
NoUsersToAdd * sizeof (ENCRYPTION_CERTIFICATE);
|
|
AddUserList = (PENCRYPTION_CERTIFICATE_LIST) new BYTE[BytesToAllocate];
|
|
if ( NULL == AddUserList ){
|
|
|
|
//
|
|
// Out of memory. Try our best to display the error message.
|
|
//
|
|
|
|
try {
|
|
|
|
CString ErrMsg;
|
|
|
|
if (ErrMsg.LoadString(IDS_ERRORMEM)){
|
|
::MessageBox(NULL, ErrMsg, NULL, MB_OK);
|
|
}
|
|
}
|
|
catch (...) {
|
|
}
|
|
|
|
return ERROR_NOT_ENOUGH_MEMORY;
|
|
}
|
|
|
|
AddUserList->nUsers = NoUsersToAdd;
|
|
AddUserList->pUsers = (PENCRYPTION_CERTIFICATE *)(((PBYTE) AddUserList) +
|
|
sizeof ( ENCRYPTION_CERTIFICATE_LIST ));
|
|
}
|
|
|
|
if ( NoUsersToRemove ){
|
|
|
|
//
|
|
// At least one user is to be removed
|
|
//
|
|
|
|
DWORD BytesToAllocate;
|
|
|
|
BytesToAllocate = sizeof ( ENCRYPTION_CERTIFICATE_HASH_LIST ) +
|
|
NoUsersToRemove * sizeof ( PENCRYPTION_CERTIFICATE_HASH) +
|
|
NoUsersToRemove * sizeof (ENCRYPTION_CERTIFICATE_HASH);
|
|
|
|
|
|
RemoveUserList = (PENCRYPTION_CERTIFICATE_HASH_LIST) new BYTE[BytesToAllocate];
|
|
if ( NULL == RemoveUserList ){
|
|
|
|
//
|
|
// Out of memory. Try our best to display the error message.
|
|
//
|
|
|
|
if (AddUserList){
|
|
delete [] AddUserList;
|
|
AddUserList = NULL;
|
|
}
|
|
|
|
try {
|
|
|
|
CString ErrMsg;
|
|
|
|
if (ErrMsg.LoadString(IDS_ERRORMEM)){
|
|
::MessageBox(NULL, ErrMsg, NULL, MB_OK);
|
|
}
|
|
}
|
|
catch (...) {
|
|
}
|
|
|
|
return ERROR_NOT_ENOUGH_MEMORY;
|
|
}
|
|
|
|
RemoveUserList->nCert_Hash = NoUsersToRemove;
|
|
RemoveUserList->pUsers = (PENCRYPTION_CERTIFICATE_HASH *)(((PBYTE) RemoveUserList) +
|
|
sizeof ( ENCRYPTION_CERTIFICATE_HASH_LIST ));
|
|
}
|
|
|
|
EnumHandle = m_Users.StartEnum();
|
|
RemoveUserIndex = 0;
|
|
AddUserIndex = 0;
|
|
while ( EnumHandle ){
|
|
|
|
DWORD Flag;
|
|
PSID UserSid;
|
|
PVOID CertData;
|
|
LPTSTR UserName;
|
|
|
|
EnumHandle = m_Users.GetNextChangedUser(
|
|
EnumHandle,
|
|
&UserName,
|
|
&UserSid,
|
|
&CertData,
|
|
&Flag
|
|
);
|
|
|
|
if ( Flag ){
|
|
|
|
//
|
|
// We get our changed user
|
|
//
|
|
|
|
if ( Flag & USERADDED ){
|
|
|
|
ASSERT( AddUserList );
|
|
|
|
//
|
|
// Add the user to the adding list
|
|
//
|
|
|
|
PENCRYPTION_CERTIFICATE EfsCert;
|
|
|
|
ASSERT (AddUserIndex < NoUsersToAdd);
|
|
|
|
EfsCert= (PENCRYPTION_CERTIFICATE)(((PBYTE) AddUserList) +
|
|
sizeof ( ENCRYPTION_CERTIFICATE_LIST ) +
|
|
NoUsersToAdd * sizeof ( PENCRYPTION_CERTIFICATE) +
|
|
AddUserIndex * sizeof (ENCRYPTION_CERTIFICATE));
|
|
|
|
AddUserList->pUsers[AddUserIndex] = EfsCert;
|
|
EfsCert->pUserSid = (SID *) UserSid;
|
|
EfsCert->cbTotalLength = sizeof (ENCRYPTION_CERTIFICATE);
|
|
EfsCert->pCertBlob = (PEFS_CERTIFICATE_BLOB) CertData;
|
|
|
|
AddUserIndex++;
|
|
|
|
} else if ( Flag & USERREMOVED ) {
|
|
|
|
ASSERT (RemoveUserList);
|
|
|
|
//
|
|
// Add the user to the removing list
|
|
//
|
|
|
|
PENCRYPTION_CERTIFICATE_HASH EfsCertHash;
|
|
|
|
ASSERT (RemoveUserIndex < NoUsersToRemove);
|
|
|
|
EfsCertHash= (PENCRYPTION_CERTIFICATE_HASH)(((PBYTE) RemoveUserList) +
|
|
sizeof ( ENCRYPTION_CERTIFICATE_HASH_LIST ) +
|
|
NoUsersToRemove * sizeof ( PENCRYPTION_CERTIFICATE_HASH) +
|
|
RemoveUserIndex * sizeof (ENCRYPTION_CERTIFICATE_HASH));
|
|
|
|
RemoveUserList->pUsers[RemoveUserIndex] = EfsCertHash;
|
|
EfsCertHash->cbTotalLength = sizeof (ENCRYPTION_CERTIFICATE_HASH);
|
|
EfsCertHash->pUserSid = (SID *)UserSid;
|
|
EfsCertHash->pHash = (PEFS_HASH_BLOB) CertData;
|
|
EfsCertHash->lpDisplayInformation = NULL;
|
|
|
|
RemoveUserIndex++;
|
|
} else {
|
|
ASSERT(FALSE);
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
ASSERT(RemoveUserIndex == NoUsersToRemove);
|
|
ASSERT(AddUserIndex == NoUsersToAdd);
|
|
|
|
if ( AddUserIndex && AddUserList ){
|
|
|
|
//
|
|
// Add the user to the file list
|
|
//
|
|
|
|
RetCode = AddUsersToEncryptedFile(FileName, AddUserList);
|
|
if ( NO_ERROR != RetCode ){
|
|
|
|
CString ErrMsg;
|
|
TCHAR ErrCode[16];
|
|
|
|
_ltot(RetCode, ErrCode, 10 );
|
|
AfxFormatString1( ErrMsg, IDS_ADDUSERERR, ErrCode );
|
|
MessageBox(ErrMsg);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if ( RemoveUserIndex && RemoveUserList){
|
|
|
|
//
|
|
// Remove the user from the list
|
|
//
|
|
|
|
DWORD RetCodeBak = RetCode;
|
|
|
|
RetCode = RemoveUsersFromEncryptedFile(FileName, RemoveUserList);
|
|
if ( NO_ERROR != RetCode ){
|
|
|
|
CString ErrMsg;
|
|
TCHAR ErrCode[16];
|
|
|
|
_ltot(RetCode, ErrCode, 10 );
|
|
AfxFormatString1( ErrMsg, IDS_REMOVEUSERERR, ErrCode );
|
|
MessageBox(ErrMsg);
|
|
|
|
} else {
|
|
|
|
//
|
|
// Reflect the error happened
|
|
//
|
|
|
|
RetCode = RetCodeBak;
|
|
}
|
|
|
|
}
|
|
|
|
if (AddUserList){
|
|
delete [] AddUserList;
|
|
}
|
|
if (RemoveUserList){
|
|
delete [] RemoveUserList;
|
|
}
|
|
|
|
return RetCode;
|
|
}
|
|
|
|
DWORD
|
|
USERLIST::AddNewUsers(CUsers &NewUser)
|
|
{
|
|
DWORD RetCode = ERROR_SUCCESS;
|
|
|
|
m_UserListCtrl.DeleteAllItems( );
|
|
RetCode = m_Users.Add(NewUser);
|
|
SetUpListBox(NULL);
|
|
|
|
return RetCode;
|
|
}
|
|
|
|
|
|
void USERLIST::SetUpListBox(BOOL *EnableAdd)
|
|
{
|
|
PVOID EnumHandle;
|
|
|
|
try{
|
|
CString NoCertName;
|
|
|
|
NoCertName.LoadString(IDS_NOCERTNAME);
|
|
|
|
if (EnumHandle = m_Users.StartEnum()){
|
|
|
|
LV_ITEM fillItem;
|
|
|
|
fillItem.mask = LVIF_TEXT;
|
|
|
|
|
|
//
|
|
// At least one user is available
|
|
//
|
|
while ( EnumHandle ){
|
|
CString CertName;
|
|
CString CertHash;
|
|
|
|
fillItem.iItem = 0;
|
|
fillItem.iSubItem = 0;
|
|
|
|
EnumHandle = m_Users.GetNextUser(EnumHandle, CertName, CertHash);
|
|
if (!EnumHandle && CertName.IsEmpty() && CertHash.IsEmpty()) {
|
|
//
|
|
// No more items.
|
|
//
|
|
|
|
break;
|
|
|
|
}
|
|
if (CertName.IsEmpty()){
|
|
fillItem.pszText = NoCertName.GetBuffer(NoCertName.GetLength() + 1);
|
|
} else {
|
|
fillItem.pszText = CertName.GetBuffer(CertName.GetLength() + 1);
|
|
}
|
|
|
|
//
|
|
// Add the user to the list
|
|
//
|
|
|
|
fillItem.iItem = m_UserListCtrl.InsertItem(&fillItem);
|
|
|
|
if (CertName.IsEmpty()){
|
|
NoCertName.ReleaseBuffer();
|
|
} else {
|
|
CertName.ReleaseBuffer();
|
|
}
|
|
|
|
if ( fillItem.iItem != -1 ){
|
|
if ( EnableAdd ){
|
|
*EnableAdd = TRUE;
|
|
}
|
|
|
|
if (CertHash.IsEmpty()){
|
|
fillItem.pszText = NULL;
|
|
} else {
|
|
fillItem.pszText = CertHash.GetBuffer(CertHash.GetLength() + 1);
|
|
}
|
|
|
|
fillItem.iSubItem = 1;
|
|
m_UserListCtrl.SetItem(&fillItem);
|
|
|
|
if (!CertHash.IsEmpty()){
|
|
CertHash.ReleaseBuffer();
|
|
}
|
|
}
|
|
|
|
}
|
|
}
|
|
|
|
if (EnableAdd){
|
|
|
|
//
|
|
// From the dialog init. Do the Rec list as well
|
|
//
|
|
|
|
if (EnumHandle = m_Recs.StartEnum()){
|
|
|
|
LV_ITEM fillItem;
|
|
|
|
fillItem.mask = LVIF_TEXT;
|
|
|
|
//
|
|
// At least one user is available
|
|
//
|
|
|
|
while ( EnumHandle ){
|
|
|
|
CString CertName;
|
|
CString CertHash;
|
|
|
|
fillItem.iItem = 0;
|
|
fillItem.iSubItem = 0;
|
|
|
|
EnumHandle = m_Recs.GetNextUser(EnumHandle, CertName, CertHash);
|
|
|
|
if (!EnumHandle && CertName.IsEmpty() && CertHash.IsEmpty()) {
|
|
//
|
|
// No more items.
|
|
//
|
|
|
|
break;
|
|
|
|
}
|
|
//
|
|
// Add the agent to the list
|
|
//
|
|
|
|
if (CertName.IsEmpty()){
|
|
fillItem.pszText = NoCertName.GetBuffer(NoCertName.GetLength() + 1);
|
|
} else {
|
|
fillItem.pszText = CertName.GetBuffer(CertName.GetLength() + 1);
|
|
}
|
|
|
|
fillItem.iItem = m_RecoveryListCtrl.InsertItem(&fillItem);
|
|
|
|
if (CertName.IsEmpty()){
|
|
NoCertName.ReleaseBuffer();
|
|
} else {
|
|
CertName.ReleaseBuffer();
|
|
}
|
|
|
|
if ( fillItem.iItem != -1 ){
|
|
|
|
if (CertHash.IsEmpty()){
|
|
fillItem.pszText = NULL;
|
|
} else {
|
|
fillItem.pszText = CertHash.GetBuffer(CertHash.GetLength() + 1);
|
|
}
|
|
|
|
fillItem.iSubItem = 1;
|
|
m_RecoveryListCtrl.SetItem(&fillItem);
|
|
|
|
if (!CertHash.IsEmpty()){
|
|
CertHash.ReleaseBuffer();
|
|
}
|
|
}
|
|
|
|
}
|
|
}
|
|
}
|
|
}
|
|
catch(...){
|
|
m_UserListCtrl.DeleteAllItems( );
|
|
m_RecoveryListCtrl.DeleteAllItems( );
|
|
if ( EnableAdd ){
|
|
*EnableAdd = FALSE;
|
|
}
|
|
}
|
|
|
|
}
|
|
|
|
DWORD
|
|
USERLIST::GetCertNameFromCertContext(
|
|
PCCERT_CONTEXT CertContext,
|
|
LPTSTR * UserDispName
|
|
)
|
|
//////////////////////////////////////////////////////////////////////
|
|
// Routine Description:
|
|
// Get the user name from the certificate
|
|
// Arguments:
|
|
// CertContext -- Cert Context
|
|
// UserCertName -- User Common Name
|
|
// ( Caller is responsible to delete this memory using delete [] )
|
|
// Return Value:
|
|
// ERROR_SUCCESS if succeed.
|
|
// If No Name found. "USER_UNKNOWN is returned".
|
|
//
|
|
//////////////////////////////////////////////////////////////////////
|
|
{
|
|
DWORD NameLength;
|
|
DWORD UserNameBufLen = 0;
|
|
DWORD BlobLen = 0;
|
|
PCERT_EXTENSION AlterNameExt = NULL;
|
|
BOOL b;
|
|
LPTSTR DNSName = NULL;
|
|
LPTSTR UPNName = NULL;
|
|
LPTSTR CommonName = NULL;
|
|
|
|
if ( NULL == UserDispName ){
|
|
return ERROR_SUCCESS;
|
|
}
|
|
|
|
*UserDispName = NULL;
|
|
|
|
AlterNameExt = CertFindExtension(
|
|
szOID_SUBJECT_ALT_NAME2,
|
|
CertContext->pCertInfo->cExtension,
|
|
CertContext->pCertInfo->rgExtension
|
|
);
|
|
|
|
if (AlterNameExt){
|
|
|
|
//
|
|
// Find the alternative name
|
|
//
|
|
|
|
b = CryptDecodeObject(
|
|
X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
|
|
szOID_SUBJECT_ALT_NAME ,
|
|
AlterNameExt->Value.pbData,
|
|
AlterNameExt->Value.cbData,
|
|
0,
|
|
NULL,
|
|
&BlobLen
|
|
);
|
|
if (b){
|
|
|
|
//
|
|
// Let's decode it
|
|
//
|
|
|
|
CERT_ALT_NAME_INFO *AltNameInfo = NULL;
|
|
|
|
AltNameInfo = (CERT_ALT_NAME_INFO *) new BYTE[BlobLen];
|
|
|
|
if (AltNameInfo){
|
|
|
|
b = CryptDecodeObject(
|
|
X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
|
|
szOID_SUBJECT_ALT_NAME,
|
|
AlterNameExt->Value.pbData,
|
|
AlterNameExt->Value.cbData,
|
|
0,
|
|
AltNameInfo,
|
|
&BlobLen
|
|
);
|
|
if (b){
|
|
|
|
//
|
|
// Now search for the UPN, SPN, DNS, EFS name
|
|
//
|
|
|
|
DWORD cAltEntry = AltNameInfo->cAltEntry;
|
|
DWORD ii = 0;
|
|
|
|
while (ii < cAltEntry){
|
|
if ((AltNameInfo->rgAltEntry[ii].dwAltNameChoice == CERT_ALT_NAME_OTHER_NAME ) &&
|
|
!strcmp(szOID_NT_PRINCIPAL_NAME, AltNameInfo->rgAltEntry[ii].pOtherName->pszObjId)
|
|
){
|
|
|
|
//
|
|
// We found the UPN name
|
|
//
|
|
|
|
CERT_NAME_VALUE* CertUPNName = NULL;
|
|
|
|
b = CryptDecodeObject(
|
|
X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
|
|
X509_UNICODE_ANY_STRING,
|
|
AltNameInfo->rgAltEntry[ii].pOtherName->Value.pbData,
|
|
AltNameInfo->rgAltEntry[ii].pOtherName->Value.cbData,
|
|
0,
|
|
NULL,
|
|
&BlobLen
|
|
);
|
|
if (b){
|
|
|
|
CertUPNName = (CERT_NAME_VALUE *) new BYTE[BlobLen];
|
|
if (CertUPNName){
|
|
b = CryptDecodeObject(
|
|
X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
|
|
X509_UNICODE_ANY_STRING,
|
|
AltNameInfo->rgAltEntry[ii].pOtherName->Value.pbData,
|
|
AltNameInfo->rgAltEntry[ii].pOtherName->Value.cbData,
|
|
0,
|
|
CertUPNName,
|
|
&BlobLen
|
|
);
|
|
if (b){
|
|
UPNName = (LPTSTR)new BYTE[CertUPNName->Value.cbData + sizeof(WCHAR)];
|
|
if (UPNName){
|
|
wcscpy(UPNName, (LPCTSTR) CertUPNName->Value.pbData);
|
|
}
|
|
}
|
|
delete [] CertUPNName;
|
|
if (UPNName){
|
|
|
|
//
|
|
// Got the UPN name. Stop searching.
|
|
//
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
|
|
|
|
} else {
|
|
|
|
//
|
|
// Check for other alternative name
|
|
//
|
|
|
|
if (AltNameInfo->rgAltEntry[ii].dwAltNameChoice == CERT_ALT_NAME_DNS_NAME){
|
|
DNSName = AltNameInfo->rgAltEntry[ii].pwszDNSName;
|
|
}
|
|
|
|
}
|
|
|
|
ii++;
|
|
|
|
}
|
|
|
|
if ( NULL == UPNName ){
|
|
|
|
//
|
|
// No UPN name, let's get the other option
|
|
//
|
|
|
|
if (DNSName){
|
|
UPNName = (LPTSTR)new TCHAR[wcslen( DNSName ) + 1];
|
|
if (UPNName){
|
|
wcscpy(UPNName, DNSName);
|
|
}
|
|
}
|
|
|
|
}
|
|
}
|
|
delete [] AltNameInfo;
|
|
}
|
|
|
|
}
|
|
}
|
|
|
|
|
|
NameLength = CertGetNameString(
|
|
CertContext,
|
|
CERT_NAME_SIMPLE_DISPLAY_TYPE,
|
|
0,
|
|
NULL,
|
|
NULL,
|
|
0
|
|
);
|
|
|
|
if ( NameLength > 1){
|
|
|
|
//
|
|
// The display name exist. Go get the display name.
|
|
//
|
|
|
|
CommonName = new TCHAR[NameLength];
|
|
if ( NULL == CommonName ){
|
|
if (UPNName){
|
|
delete [] UPNName;
|
|
}
|
|
return ERROR_NOT_ENOUGH_MEMORY;
|
|
}
|
|
UserNameBufLen = NameLength;
|
|
NameLength = CertGetNameString(
|
|
CertContext,
|
|
CERT_NAME_SIMPLE_DISPLAY_TYPE,
|
|
0,
|
|
NULL,
|
|
CommonName,
|
|
UserNameBufLen
|
|
);
|
|
|
|
ASSERT (NameLength == UserNameBufLen);
|
|
|
|
}
|
|
|
|
|
|
if (CommonName || UPNName){
|
|
|
|
NameLength = 3;
|
|
if (CommonName){
|
|
NameLength += wcslen(CommonName);
|
|
}
|
|
if (UPNName){
|
|
NameLength += wcslen(UPNName);
|
|
}
|
|
|
|
|
|
*UserDispName = new TCHAR[NameLength];
|
|
if (CommonName){
|
|
wcscpy(*UserDispName, CommonName);
|
|
if (UPNName){
|
|
wcscat(*UserDispName, L"(");
|
|
wcscat(*UserDispName, UPNName);
|
|
wcscat(*UserDispName, L")");
|
|
}
|
|
} else {
|
|
wcscpy(*UserDispName, UPNName);
|
|
}
|
|
|
|
if (CommonName){
|
|
delete [] CommonName;
|
|
}
|
|
if (UPNName){
|
|
delete [] UPNName;
|
|
}
|
|
return ERROR_SUCCESS;
|
|
}
|
|
|
|
try {
|
|
|
|
CString UnknownCertName;
|
|
|
|
UnknownCertName.LoadString(IDS_NOCERTNAME);
|
|
|
|
UserNameBufLen = UnknownCertName.GetLength();
|
|
|
|
*UserDispName = new TCHAR[UserNameBufLen + 1];
|
|
_tcscpy( *UserDispName, UnknownCertName);
|
|
|
|
}
|
|
catch (...){
|
|
return ERROR_NOT_ENOUGH_MEMORY;
|
|
}
|
|
|
|
return ERROR_SUCCESS;
|
|
|
|
}
|
|
|
|
void USERLIST::OnAdd()
|
|
{
|
|
CRYPTUI_SELECTCERTIFICATE_STRUCTW cryptUI;
|
|
HCERTSTORE otherStore;
|
|
HCERTSTORE trustedStore;
|
|
HCERTSTORE memStore;
|
|
HCERTSTORE localStore[2];
|
|
PCCERT_CONTEXT selectedCert;
|
|
CString DlgTitle;
|
|
CString DispText;
|
|
LPTSTR UserDispName;
|
|
HRESULT hr;
|
|
DWORD rc;
|
|
DWORD StoreNum = 0;
|
|
DWORD StoreIndex = 0xffffffff;
|
|
BOOL EfsEkuExist = FALSE;
|
|
DWORD ii;
|
|
BOOL ContinueProcess = TRUE;
|
|
|
|
otherStore = CertOpenStore(
|
|
CERT_STORE_PROV_SYSTEM_W,
|
|
0, // dwEncodingType
|
|
0, // hCryptProv,
|
|
CERT_SYSTEM_STORE_CURRENT_USER | CERT_STORE_MAXIMUM_ALLOWED_FLAG,
|
|
OTHERPEOPLE
|
|
);
|
|
|
|
trustedStore = CertOpenStore(
|
|
CERT_STORE_PROV_SYSTEM_W,
|
|
0, // dwEncodingType
|
|
0, // hCryptProv,
|
|
CERT_SYSTEM_STORE_CURRENT_USER | CERT_STORE_MAXIMUM_ALLOWED_FLAG,
|
|
TRUSTEDPEOPLE
|
|
);
|
|
|
|
if (otherStore) {
|
|
localStore[0] = otherStore;
|
|
StoreNum++;
|
|
}
|
|
if (trustedStore) {
|
|
localStore[StoreNum] = trustedStore;
|
|
StoreNum++;
|
|
}
|
|
|
|
memStore = CertOpenStore(
|
|
CERT_STORE_PROV_MEMORY,
|
|
0,
|
|
0,
|
|
CERT_STORE_MAXIMUM_ALLOWED_FLAG,
|
|
NULL
|
|
);
|
|
if (!memStore) {
|
|
|
|
CString ErrMsg;
|
|
TCHAR ErrCode[16];
|
|
|
|
|
|
_ltot(GetLastError(), ErrCode, 10 );
|
|
AfxFormatString1( ErrMsg, IDS_INTERNALERROR, ErrCode );
|
|
MessageBox(ErrMsg);
|
|
|
|
if (otherStore) {
|
|
CertCloseStore( otherStore, 0 );
|
|
}
|
|
if (trustedStore) {
|
|
CertCloseStore( trustedStore, 0 );
|
|
}
|
|
return;
|
|
}
|
|
|
|
//
|
|
// Let's put it into a memory store to eliminate the redundancy
|
|
//
|
|
|
|
ii = 0;
|
|
while ( (ii < StoreNum) && ContinueProcess ) {
|
|
|
|
PCCERT_CONTEXT pCertContext = NULL;
|
|
|
|
while (pCertContext = CertEnumCertificatesInStore(
|
|
localStore[ii],
|
|
pCertContext
|
|
)) {
|
|
|
|
if (!CertAddCertificateLinkToStore(
|
|
memStore,
|
|
pCertContext,
|
|
CERT_STORE_ADD_USE_EXISTING,
|
|
NULL
|
|
)){
|
|
|
|
CString ErrMsg;
|
|
TCHAR ErrCode[16];
|
|
|
|
|
|
_ltot(GetLastError(), ErrCode, 10 );
|
|
AfxFormatString1( ErrMsg, IDS_INTERNALERROR, ErrCode );
|
|
MessageBox(ErrMsg);
|
|
ContinueProcess = FALSE;
|
|
break;
|
|
}
|
|
|
|
}
|
|
ii++;
|
|
}
|
|
|
|
if (!ContinueProcess) {
|
|
if (otherStore) {
|
|
CertCloseStore( otherStore, 0 );
|
|
}
|
|
if (trustedStore) {
|
|
CertCloseStore( trustedStore, 0 );
|
|
}
|
|
CertCloseStore( memStore, 0 );
|
|
return;
|
|
}
|
|
|
|
if (StoreNum != 0) {
|
|
RtlZeroMemory(&cryptUI, sizeof (CRYPTUI_SELECTCERTIFICATE_STRUCTW));
|
|
cryptUI.dwSize = sizeof (CRYPTUI_SELECTCERTIFICATE_STRUCTW);
|
|
cryptUI.dwFlags = CRYPTUI_SELECTCERT_ADDFROMDS;
|
|
cryptUI.cDisplayStores = 1;
|
|
cryptUI.rghDisplayStores = &memStore;
|
|
cryptUI.pFilterCallback = EfsFilter;
|
|
cryptUI.dwDontUseColumn = CRYPTUI_SELECT_LOCATION_COLUMN | CRYPTUI_SELECT_ISSUEDBY_COLUMN | CRYPTUI_SELECT_INTENDEDUSE_COLUMN;
|
|
if (DlgTitle.LoadString(IDS_DLGTITLE)){
|
|
cryptUI.szTitle = (LPCWSTR) DlgTitle.GetBuffer(DlgTitle.GetLength() + 1);
|
|
}
|
|
if (DispText.LoadString(IDS_DISPTEXT)){
|
|
cryptUI.szDisplayString = (LPCWSTR) DispText.GetBuffer(DispText.GetLength() + 1);
|
|
}
|
|
selectedCert = CryptUIDlgSelectCertificateW(&cryptUI);
|
|
if ( selectedCert ){
|
|
|
|
PCCERT_CHAIN_CONTEXT pChainContext;
|
|
|
|
//
|
|
// Let's first see if the cert is from DS, if Yes, add the EFS EKU first if no EKU.
|
|
//
|
|
|
|
StoreIndex = CertInStore(localStore, StoreNum, selectedCert);
|
|
|
|
if (StoreIndex >= StoreNum){
|
|
|
|
//
|
|
// The cert is not in the local stores. Let's see if we need add the EKU or not.
|
|
//
|
|
|
|
EfsEkuExist = EfsFilter(selectedCert, NULL, NULL);
|
|
if (!EfsEkuExist) {
|
|
|
|
//
|
|
// Let's add the EFS EKU
|
|
//
|
|
|
|
CTL_USAGE EfsEkuUsage;
|
|
DWORD cbEncoded;
|
|
void *pbEncoded;
|
|
CRYPT_DATA_BLOB EfsEkuBlob;
|
|
|
|
EfsEkuUsage.cUsageIdentifier = 1; // Only adding EFS EKU
|
|
EfsEkuUsage.rgpszUsageIdentifier = &EfsOidlpstr;
|
|
if(!CryptEncodeObjectEx(
|
|
X509_ASN_ENCODING,
|
|
szOID_ENHANCED_KEY_USAGE,
|
|
&EfsEkuUsage,
|
|
CRYPT_ENCODE_ALLOC_FLAG,
|
|
NULL, // Use LocalFree
|
|
&pbEncoded,
|
|
&cbEncoded
|
|
)){
|
|
|
|
//
|
|
// Failed to encode the EFS EKU
|
|
//
|
|
CString ErrMsg;
|
|
TCHAR ErrCode[16];
|
|
|
|
|
|
ContinueProcess = FALSE;
|
|
_ltot(GetLastError(), ErrCode, 10 );
|
|
AfxFormatString1( ErrMsg, IDS_ADDEFSEKUFAIL, ErrCode );
|
|
MessageBox(ErrMsg);
|
|
|
|
|
|
} else {
|
|
//
|
|
// Now let's add the EKU to the cert
|
|
//
|
|
|
|
EfsEkuBlob.cbData=cbEncoded;
|
|
EfsEkuBlob.pbData=(BYTE *)pbEncoded;
|
|
|
|
if(!CertSetCertificateContextProperty(
|
|
selectedCert,
|
|
CERT_ENHKEY_USAGE_PROP_ID,
|
|
0,
|
|
&EfsEkuBlob)){
|
|
|
|
//
|
|
// Failed to add the EFS EKU
|
|
//
|
|
|
|
CString ErrMsg;
|
|
TCHAR ErrCode[16];
|
|
|
|
|
|
ContinueProcess = FALSE;
|
|
_ltot(GetLastError(), ErrCode, 10 );
|
|
AfxFormatString1( ErrMsg, IDS_ADDEFSEKUFAIL, ErrCode );
|
|
MessageBox(ErrMsg);
|
|
|
|
|
|
}
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
//
|
|
// Let's validate the cert first
|
|
//
|
|
|
|
if (ContinueProcess && CertGetCertificateChain (
|
|
HCCE_CURRENT_USER,
|
|
selectedCert,
|
|
NULL,
|
|
NULL,
|
|
&m_CertChainPara,
|
|
CERT_CHAIN_REVOCATION_CHECK_CHAIN,
|
|
NULL,
|
|
&pChainContext
|
|
)) {
|
|
|
|
PCERT_SIMPLE_CHAIN pChain = pChainContext->rgpChain[ pChainContext->cChain - 1 ];
|
|
PCERT_CHAIN_ELEMENT pElement = pChain->rgpElement[ pChain->cElement - 1 ];
|
|
BOOL bSelfSigned = pElement->TrustStatus.dwInfoStatus & CERT_TRUST_IS_SELF_SIGNED;
|
|
BOOL ContinueAdd = TRUE;
|
|
|
|
DWORD dwErrorStatus = pChainContext->TrustStatus.dwErrorStatus;
|
|
|
|
|
|
if (0 == (dwErrorStatus & ~CERT_TRUST_REVOCATION_STATUS_UNKNOWN)) {
|
|
|
|
|
|
|
|
//
|
|
// The validation succeed. If the cert is from the DS (not in the store we opened), we will put it
|
|
// in the my Other People's store
|
|
//
|
|
|
|
|
|
if (StoreIndex >= StoreNum) {
|
|
|
|
//
|
|
// The cert is not in our local stores. Add it to the other people
|
|
//
|
|
|
|
if (otherStore) {
|
|
if(!CertAddCertificateContextToStore(
|
|
otherStore,
|
|
selectedCert,
|
|
CERT_STORE_ADD_NEW,
|
|
NULL) ) {
|
|
|
|
//
|
|
// The error code is only for debug.
|
|
// If we failed to add the cert to other People store,
|
|
// it is fine to continue
|
|
//
|
|
|
|
rc = GetLastError();
|
|
|
|
}
|
|
}
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
//
|
|
// The cert validation failed, as the user if we will accept the cert. If yes, the cert
|
|
// will be added to my TrustedPeople.
|
|
//
|
|
|
|
if (((dwErrorStatus & ~CERT_TRUST_REVOCATION_STATUS_UNKNOWN) == CERT_TRUST_IS_UNTRUSTED_ROOT) && bSelfSigned) {
|
|
|
|
//
|
|
// A self signed cert. Ask the user if he would like to accept.
|
|
// If it is already in the trusted store, we can skip the pop up.
|
|
//
|
|
|
|
|
|
DWORD StoreIndex;
|
|
|
|
|
|
if (trustedStore) {
|
|
StoreIndex = CertInStore(&trustedStore, 1, selectedCert);
|
|
}
|
|
|
|
if (StoreIndex >= 1) {
|
|
|
|
CString ErrMsg;
|
|
TCHAR ErrCode[16];
|
|
int buttonID;
|
|
|
|
_ltot(GetLastError(), ErrCode, 10 );
|
|
AfxFormatString1( ErrMsg, IDS_ACCEPTSELFCERT, ErrCode );
|
|
buttonID = MessageBox(ErrMsg, NULL, MB_ICONQUESTION | MB_YESNO);
|
|
if (IDYES == buttonID) {
|
|
|
|
//
|
|
// User Accepted the cert.
|
|
//
|
|
if (trustedStore) {
|
|
if(!CertAddCertificateContextToStore(
|
|
trustedStore,
|
|
selectedCert,
|
|
CERT_STORE_ADD_NEW,
|
|
NULL) ) {
|
|
|
|
//
|
|
// The error code is only for debug.
|
|
// If we failed to add the cert to other People store,
|
|
// it is fine to continue
|
|
//
|
|
|
|
rc = GetLastError();
|
|
|
|
}
|
|
}
|
|
|
|
} else {
|
|
|
|
//
|
|
// User declined the cert.
|
|
//
|
|
|
|
ContinueAdd = FALSE;
|
|
}
|
|
}
|
|
|
|
|
|
} else {
|
|
|
|
//
|
|
// Let's get the error code of the chain building.
|
|
//
|
|
|
|
CERT_CHAIN_POLICY_PARA PolicyPara;
|
|
CERT_CHAIN_POLICY_STATUS PolicyStatus;
|
|
|
|
ContinueAdd = FALSE;
|
|
|
|
RtlZeroMemory(&PolicyPara, sizeof(CERT_CHAIN_POLICY_PARA));
|
|
RtlZeroMemory(&PolicyStatus, sizeof(CERT_CHAIN_POLICY_STATUS));
|
|
|
|
PolicyPara.cbSize = sizeof(CERT_CHAIN_POLICY_PARA);
|
|
PolicyStatus.cbSize = sizeof(CERT_CHAIN_POLICY_STATUS);
|
|
|
|
if (CertVerifyCertificateChainPolicy(
|
|
CERT_CHAIN_POLICY_BASE,
|
|
pChainContext,
|
|
&PolicyPara,
|
|
&PolicyStatus
|
|
) && PolicyStatus.dwError ) {
|
|
|
|
//
|
|
// Display the error to the user.
|
|
//
|
|
|
|
DWORD len;
|
|
LPWSTR DisplayBuffer;
|
|
|
|
len = FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_ALLOCATE_BUFFER,
|
|
NULL, PolicyStatus.dwError, 0,
|
|
(LPWSTR)&DisplayBuffer, 0, NULL);
|
|
|
|
|
|
if (len && DisplayBuffer) {
|
|
|
|
MessageBox(DisplayBuffer);
|
|
|
|
LocalFree(DisplayBuffer);
|
|
}
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
CertFreeCertificateChain( pChainContext );
|
|
|
|
if (ContinueAdd) {
|
|
hr = GetCertNameFromCertContext(selectedCert, &UserDispName);
|
|
if ( ERROR_SUCCESS == hr ){
|
|
|
|
EFS_CERTIFICATE_BLOB CertBlob;
|
|
|
|
CertBlob.cbData = selectedCert->cbCertEncoded;
|
|
CertBlob.pbData = selectedCert->pbCertEncoded;
|
|
CertBlob.dwCertEncodingType = selectedCert->dwCertEncodingType;
|
|
hr = m_Users.Add(
|
|
UserDispName,
|
|
(PVOID)&CertBlob,
|
|
NULL,
|
|
USERADDED,
|
|
(PVOID)selectedCert
|
|
);
|
|
|
|
if ( (ERROR_SUCCESS != hr) && (CRYPT_E_EXISTS != hr) ){
|
|
|
|
//
|
|
// Error in adding the user
|
|
//
|
|
|
|
CertFreeCertificateContext(selectedCert);
|
|
selectedCert = NULL;
|
|
|
|
} else {
|
|
|
|
//
|
|
// We could just insert the items here to improve the performace.
|
|
// But we don't have the time right now. We could fix this later
|
|
// if performance is a problem here.
|
|
//
|
|
|
|
m_UserListCtrl.DeleteAllItems( );
|
|
SetUpListBox(NULL);
|
|
|
|
if ( hr == ERROR_SUCCESS ){
|
|
|
|
//
|
|
// UserDispName is used in m_Users.Add
|
|
//
|
|
|
|
UserDispName = NULL;
|
|
}
|
|
|
|
/* This is the old code when we have the single list.
|
|
//
|
|
// Add the user to the list box.
|
|
//
|
|
if ( hr == ERROR_SUCCESS ){
|
|
|
|
if (m_UsersList.AddString(UserDispName) < 0){
|
|
|
|
//
|
|
// Error to add to the list box
|
|
//
|
|
|
|
m_Users.Remove(UserDispName);
|
|
}
|
|
|
|
UserDispName = NULL;
|
|
|
|
} else {
|
|
|
|
//
|
|
// Let's check if we need to add this to the list box.
|
|
//
|
|
if (m_UsersList.FindStringExact( 0, UserDispName ) < 0){
|
|
|
|
//
|
|
// Not found
|
|
//
|
|
|
|
if (m_UsersList.AddString(UserDispName) < 0){
|
|
|
|
//
|
|
// Error to add to the list box
|
|
//
|
|
|
|
m_Users.Remove(UserDispName);
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
*/
|
|
}
|
|
if (UserDispName){
|
|
delete [] UserDispName;
|
|
}
|
|
|
|
} else {
|
|
CertFreeCertificateContext(selectedCert);
|
|
}
|
|
}
|
|
} else {
|
|
|
|
CString ErrMsg;
|
|
TCHAR ErrCode[16];
|
|
|
|
CertFreeCertificateContext(selectedCert);
|
|
|
|
if (ContinueProcess) {
|
|
|
|
//
|
|
// The error has not been processed.
|
|
//
|
|
|
|
_ltot(GetLastError(), ErrCode, 10 );
|
|
AfxFormatString1( ErrMsg, IDS_COULDNOTVERIFYCERT, ErrCode );
|
|
MessageBox(ErrMsg);
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
if (!DlgTitle.IsEmpty()){
|
|
DlgTitle.ReleaseBuffer();
|
|
}
|
|
if (!DispText.IsEmpty()){
|
|
DispText.ReleaseBuffer();
|
|
}
|
|
if (otherStore) {
|
|
CertCloseStore( otherStore, 0 );
|
|
}
|
|
if (trustedStore) {
|
|
CertCloseStore( trustedStore, 0 );
|
|
}
|
|
}
|
|
|
|
CertCloseStore( memStore, 0 );
|
|
|
|
return;
|
|
}
|
|
|
|
DWORD USERLIST::TryGetBetterNameInCert(PEFS_HASH_BLOB HashData, LPTSTR *UserName)
|
|
{
|
|
|
|
HCERTSTORE localStore;
|
|
PCCERT_CONTEXT pCertContext;
|
|
DWORD retCode;
|
|
|
|
|
|
//
|
|
// We will add the remote case later
|
|
//
|
|
|
|
localStore = CertOpenStore(
|
|
CERT_STORE_PROV_SYSTEM_W,
|
|
0, // dwEncodingType
|
|
0, // hCryptProv,
|
|
CERT_SYSTEM_STORE_CURRENT_USER | CERT_STORE_MAXIMUM_ALLOWED_FLAG,
|
|
TRUSTEDPEOPLE
|
|
);
|
|
|
|
if (localStore != NULL) {
|
|
|
|
//
|
|
// Let's try to the cert in the store
|
|
//
|
|
pCertContext = CertFindCertificateInStore( localStore,
|
|
CRYPT_ASN_ENCODING,
|
|
0,
|
|
CERT_FIND_HASH,
|
|
(CRYPT_HASH_BLOB *)HashData,
|
|
NULL
|
|
);
|
|
if ( pCertContext ){
|
|
|
|
retCode = GetCertNameFromCertContext(
|
|
pCertContext,
|
|
UserName
|
|
);
|
|
CertFreeCertificateContext(pCertContext);
|
|
|
|
}
|
|
else {
|
|
retCode = GetLastError();
|
|
}
|
|
|
|
CertCloseStore( localStore, 0 );
|
|
|
|
} else {
|
|
|
|
retCode = GetLastError();
|
|
|
|
}
|
|
|
|
return retCode;
|
|
|
|
}
|
|
|
|
DWORD USERLIST::CertInStore(HCERTSTORE *pStores, DWORD StoreNum, PCCERT_CONTEXT selectedCert)
|
|
{
|
|
DWORD ii = 0;
|
|
PCCERT_CONTEXT pCert = NULL;
|
|
|
|
while (ii < StoreNum) {
|
|
pCert = CertFindCertificateInStore(
|
|
pStores[ii],
|
|
X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
|
|
0,
|
|
CERT_FIND_EXISTING,
|
|
selectedCert,
|
|
pCert
|
|
);
|
|
if (pCert) {
|
|
|
|
//
|
|
// We found it.
|
|
//
|
|
CertFreeCertificateContext(pCert);
|
|
break;
|
|
}
|
|
ii++;
|
|
}
|
|
|
|
return ii;
|
|
}
|
|
|
|
void USERLIST::OnSetfocusListuser(NMHDR* pNMHDR, LRESULT* pResult)
|
|
{
|
|
int ItemPos;
|
|
|
|
ShowRemove();
|
|
|
|
ItemPos = m_UserListCtrl.GetNextItem( -1, LVNI_SELECTED );
|
|
if ( ItemPos == -1 ){
|
|
m_UserListCtrl.SetItem(0, 0, LVIF_STATE, NULL, 0, LVIS_SELECTED, LVIS_SELECTED, 0);
|
|
|
|
}
|
|
|
|
*pResult = 0;
|
|
}
|
|
|
|
void USERLIST::OnKillfocusListuser(NMHDR* pNMHDR, LRESULT* pResult)
|
|
{
|
|
|
|
ShowRemove();
|
|
|
|
*pResult = 0;
|
|
|
|
}
|
|
|
|
void USERLIST::OnItemchangedListuser(NMHDR* pNMHDR, LRESULT* pResult)
|
|
{
|
|
NM_LISTVIEW* pNMListView = (NM_LISTVIEW*)pNMHDR;
|
|
|
|
ShowRemove();
|
|
|
|
*pResult = 0;
|
|
}
|