Ros-diffs December 2009

ros-diffs@reactos.org

22 participants
501 discussions

[tkreuzer] 44429: - unhack the rbuild file - move some architecture specific stuff out of ReactOS-generic.rbuild

by tkreuzer＠svn.reactos.org

Author: tkreuzer Date: Sun Dec 6 02:11:32 2009 New Revision: 44429 URL: http://svn.reactos.org/svn/reactos?rev=44429&view=rev Log: - unhack the rbuild file - move some architecture specific stuff out of ReactOS-generic.rbuild Modified: branches/ros-amd64-bringup/reactos/ReactOS-amd64.rbuild branches/ros-amd64-bringup/reactos/ReactOS-generic.rbuild branches/ros-amd64-bringup/reactos/ReactOS-i386.rbuild Modified: branches/ros-amd64-bringup/reactos/ReactOS-amd64.rbuild URL: http://svn.reactos.org/svn/reactos/branches/ros-amd64-bringup/reactos/React… ============================================================================== --- branches/ros-amd64-bringup/reactos/ReactOS-amd64.rbuild [iso-8859-1] (original) +++ branches/ros-amd64-bringup/reactos/ReactOS-amd64.rbuild [iso-8859-1] Sun Dec 6 02:11:32 2009 @@ -6,6 +6,8 @@ <xi:include href="config-amd64.template.rbuild" /> </xi:fallback> </xi:include> + + <xi:include href="ReactOS-generic.rbuild" /> <define name="_M_AMD64" /> <define name="_AMD64_" /> @@ -21,133 +23,31 @@ <property name="usewrc" value="false"/> <property name="WINEBUILD_FLAGS" value="--kill-at"/> - <if property="OPTIMIZE" value="1"> - <compilerflag>-Os</compilerflag> - <compilerflag>-ftracer</compilerflag> - <compilerflag>-momit-leaf-frame-pointer</compilerflag> - </if> - <if property="OPTIMIZE" value="2"> - <compilerflag>-Os</compilerflag> - </if> - <if property="OPTIMIZE" value="3"> - <compilerflag>-O1</compilerflag> - </if> - <if property="OPTIMIZE" value="4"> - <compilerflag>-O2</compilerflag> - </if> - <if property="OPTIMIZE" value="5"> - <compilerflag>-O3</compilerflag> - </if> - - <compilerflag>-U_X86_</compilerflag> - <compilerflag>-mpreferred-stack-boundary=4</compilerflag> - <compilerflag compiler="midl">-m64 --win64</compilerflag> - <compilerflag>-fno-strict-aliasing</compilerflag> - <compilerflag>-Wno-strict-aliasing</compilerflag> - <compilerflag>-Wpointer-arith</compilerflag> - <compilerflag>-Wno-multichar</compilerflag> - <compilerflag>-Wno-format</compilerflag> -  + <group compilerset="gcc"> + <if property="OPTIMIZE" value="1"> + <compilerflag>-ftracer</compilerflag> + <compilerflag>-momit-leaf-frame-pointer</compilerflag> + </if> + <compilerflag>-mpreferred-stack-boundary=4</compilerflag> + <compilerflag compiler="midl">-m64 --win64</compilerflag> +  +  + <compilerflag>-U_X86_</compilerflag> + <compilerflag>-Wno-format</compilerflag> + </group> <group linkerset="ld"> - <linkerflag>-disable-stdcall-fixup</linkerflag> - <linkerflag>-static</linkerflag> - <linkerflag>--unique=.eh_frame</linkerflag> - <linkerflag>-file-alignment=0x1000</linkerflag> - <linkerflag>-section-alignment=0x1000</linkerflag> + <linkerflag>-disable-stdcall-fixup</linkerflag> + <linkerflag>-file-alignment=0x1000</linkerflag> + <linkerflag>-section-alignment=0x1000</linkerflag> + <linkerflag>--unique=.eh_frame</linkerflag> + <linkerflag>-static</linkerflag> </group> - - - - <xi:include href="baseaddress.rbuild" /> - - <define name="__REACTOS__" /> - <define name="__REACTOS__" host="true" /> - - <if property="DBG" value="1"> - <define name="DBG">1</define> - <define name="_SEH_ENABLE_TRACE" /> - <property name="DBG_OR_KDBG" value="true" /> - </if> - <if property="DBG" value="0"> - <define name="DBG">0</define> - </if> - - <if property="KDBG" value="1"> - <define name="KDBG">1</define> - <property name="DBG_OR_KDBG" value="true" /> - </if> - -  - <property name="VERSION_TARGET" value="NT52" /> - - <if property="VERSION_TARGET" value="NT4"> - <define name="WINVER">0x400</define> - <define name="_WIN32_IE">0x600</define> - <define name="_WIN32_WINNT">0x400</define> - <define name="_WIN32_WINDOWS">0x400</define> - <define name="_SETUPAPI_VER">0x400</define> - </if> - - <if property="VERSION_TARGET" value="NT5"> - <define name="WINVER">0x500</define> - <define name="_WIN32_IE">0x600</define> - <define name="_WIN32_WINNT">0x500</define> - <define name="_WIN32_WINDOWS">0x500</define> - <define name="_SETUPAPI_VER">0x500</define> - </if> - - <if property="VERSION_TARGET" value="NT51"> - <define name="WINVER">0x501</define> - <define name="_WIN32_IE">0x600</define> - <define name="_WIN32_WINNT">0x501</define> - <define name="_WIN32_WINDOWS">0x501</define> - <define name="_SETUPAPI_VER">0x501</define> - </if> - - <if property="VERSION_TARGET" value="NT52"> - <define name="WINVER">0x502</define> - <define name="_WIN32_IE">0x600</define> - <define name="_WIN32_WINNT">0x502</define> - <define name="_WIN32_WINDOWS">0x502</define> - <define name="_SETUPAPI_VER">0x502</define> - </if> - - <if property="VERSION_TARGET" value="NT6"> - <define name="WINVER">0x600</define> - <define name="_WIN32_IE">0x600</define> - <define name="_WIN32_WINNT">0x600</define> - <define name="_WIN32_WINDOWS">0x600</define> - <define name="_SETUPAPI_VER">0x600</define> - </if> - - <include>.</include> - <include>include</include> - <include root="intermediate">include</include> - <include>include/psdk</include> - <include root="intermediate">include/psdk</include> - <include>include/dxsdk</include> - <include root="intermediate">include/dxsdk</include> - <include>include/crt</include> - <include>include/crt/mingw32</include> - <include>include/ddk</include> - <include>include/GL</include> - <include>include/ndk</include> - <include>include/reactos</include> - <include root="intermediate">include/reactos</include> - <include root="intermediate">include/reactos/mc</include> - <include>include/reactos/libs</include> - - <include host="true">include</include> - <include host="true" root="intermediate">include</include> - <include host="true">include/reactos</include> - <include host="true">include/reactos/wine</include> <if property="USERMODE" value="1"> <directory name="base"> <xi:include href="base/base.rbuild" /> </directory> - <directory name="dll"> <xi:include href="dll/dll.rbuild" /> </directory> @@ -156,180 +56,35 @@ <directory name="boot"> <xi:include href="boot/boot.rbuild" /> </directory> - <directory name="drivers"> - <directory name="base"> - <xi:include href="drivers/base/directory.rbuild" /> - </directory> - <directory name="bus"> - <xi:include href="drivers/bus/directory.rbuild" /> - </directory> - <directory name="directx"> - <xi:include href="drivers/directx/directory.rbuild" /> - </directory> - <directory name="filesystems"> - <xi:include href="drivers/filesystems/directory.rbuild" /> - </directory> - <directory name="input"> - <xi:include href="drivers/input/directory.rbuild" /> - </directory> - <directory name="ksfilter"> - <xi:include href="drivers/ksfilter/directory.rbuild" /> - </directory> - - <directory name="multimedia"> - <xi:include href="drivers/multimedia/directory.rbuild" /> - </directory > - - <directory name="network"> - <xi:include href="drivers/network/directory.rbuild" /> - </directory> - <directory name="parallel"> - <xi:include href="drivers/parallel/directory.rbuild" /> - </directory> - <directory name="serial"> - <xi:include href="drivers/serial/directory.rbuild" /> - </directory> - <directory name="setup"> - <xi:include href="drivers/setup/directory.rbuild" /> - </directory> - <directory name="storage"> - <xi:include href="drivers/storage/directory.rbuild" /> - </directory> - <directory name="usb"> - <xi:include href="drivers/usb/directory.rbuild" /> - </directory> - <directory name="video"> - <xi:include href="drivers/video/directory.rbuild" /> - </directory> - <directory name="wdm"> - <xi:include href="drivers/wdm/wdm.rbuild" /> - </directory> - <directory name="wmi"> - <xi:include href="drivers/wmi/wmilib.rbuild" /> - </directory> + <xi:include href="drivers/drivers.rbuild" /> </directory> - <directory name="hal"> <xi:include href="hal/hal.rbuild" /> </directory> - <directory name="include"> <xi:include href="include/directory.rbuild" /> </directory> - <directory name="lib"> - <directory name="3rdparty"> - <directory name="adns"> - <xi:include href="lib/3rdparty/adns/adns.rbuild" /> - </directory> - <directory name="bzip2"> - <xi:include href="lib/3rdparty/bzip2/bzip2.rbuild" /> - </directory> - <if property="USERMODE" value="1"> - <directory name="cardlib"> - <xi:include href="lib/3rdparty/cardlib/cardlib.rbuild" /> - </directory> - </if> - <directory name="expat"> - <xi:include href="lib/3rdparty/expat/expat.rbuild" /> - </directory> - <directory name="freetype"> - <xi:include href="lib/3rdparty/freetype/freetype.rbuild" /> - </directory> - <directory name="icu4ros"> - <xi:include href="lib/3rdparty/icu4ros/icu4ros.rbuild" /> - </directory> - <directory name="libsamplerate"> - <xi:include href="lib/3rdparty/libsamplerate/libsamplerate.rbuild" /> - </directory> - <directory name="libwine"> - <xi:include href="lib/3rdparty/libwine/libwine.rbuild" /> - </directory> - <directory name="libxml2"> - <xi:include href="lib/3rdparty/libxml2/libxml2.rbuild" /> - </directory> - - <if property="USERMODE" value="1"> - <directory name="mingw"> - <xi:include href="lib/3rdparty/mingw/mingw.rbuild" /> - </directory> - </if> - <directory name="zlib"> - <xi:include href="lib/3rdparty/zlib/zlib.rbuild" /> - </directory> - </directory> - <if property="USERMODE" value="1"> - <directory name="atl"> - <xi:include href="lib/atl/atl.rbuild" /> - </directory> - </if> - <directory name="sdk"> - <xi:include href="lib/sdk/sdk.rbuild" /> - </directory> - <directory name="cmlib"> - <xi:include href="lib/cmlib/cmlib.rbuild" /> - </directory> - <directory name="debugsup"> - <xi:include href="lib/debugsup/debugsup.rbuild" /> - </directory> - <directory name="drivers"> - <xi:include href="lib/drivers/directory.rbuild" /> - </directory> - <directory name="epsapi"> - <xi:include href="lib/epsapi/epsapi.rbuild" /> - </directory> - <directory name="fslib"> - <xi:include href="lib/fslib/directory.rbuild" /> - </directory> - <directory name="host"> - <xi:include href="lib/host/directory.rbuild" /> - </directory> - <directory name="inflib"> - <xi:include href="lib/inflib/inflib.rbuild" /> - </directory> - <directory name="nls"> - <xi:include href="lib/nls/nls.rbuild" /> - </directory> - <directory name="ntdllsys"> - <xi:include href="lib/ntdllsys/ntdllsys.rbuild" /> - </directory> - <directory name="pseh"> - <xi:include href="lib/pseh/pseh.rbuild" /> - </directory> - <directory name="recyclebin"> - <xi:include href="lib/recyclebin/recyclebin.rbuild" /> - </directory> - <directory name="rossym"> - <xi:include href="lib/rossym/rossym.rbuild" /> - </directory> - <directory name="rtl"> - <xi:include href="lib/rtl/rtl.rbuild" /> - </directory> - <directory name="smlib"> - <xi:include href="lib/smlib/smlib.rbuild" /> - </directory> - <directory name="win32ksys"> - <xi:include href="lib/win32ksys/win32ksys.rbuild" /> - </directory> + <xi:include href="lib/lib.rbuild" /> </directory> - <directory name="media"> <xi:include href="media/media.rbuild" /> </directory> - + <directory name="modules"> + <xi:include href="modules/directory.rbuild" /> + </directory> <directory name="ntoskrnl"> <xi:include href="ntoskrnl/ntoskrnl.rbuild" /> + <if property="BUILD_MP" value="1"> + <xi:include href="ntoskrnl/ntkrnlmp.rbuild" /> + </if> </directory> - <directory name="subsystems"> <xi:include href="subsystems/subsystems.rbuild" /> </directory> - <directory name="tools"> <xi:include href="tools/tools.rbuild" /> </directory> - - </project> Modified: branches/ros-amd64-bringup/reactos/ReactOS-generic.rbuild URL: http://svn.reactos.org/svn/reactos/branches/ros-amd64-bringup/reactos/React… ============================================================================== --- branches/ros-amd64-bringup/reactos/ReactOS-generic.rbuild [iso-8859-1] (original) +++ branches/ros-amd64-bringup/reactos/ReactOS-generic.rbuild [iso-8859-1] Sun Dec 6 02:11:32 2009 @@ -89,8 +89,6 @@ <group compilerset="gcc"> <compilerflag>-Wall</compilerflag> <compilerflag compiler="cxx">-Wno-non-virtual-dtor</compilerflag> - <compilerflag compiler="cc,cxx">-gstabs+</compilerflag> - <compilerflag compiler="as">-gstabs+</compilerflag> </group> <group compilerset="msc"> @@ -156,5 +154,4 @@ <compilerflag>/GS-</compilerflag> </group> - <define name="_USE_32BIT_TIME_T" /> </group> Modified: branches/ros-amd64-bringup/reactos/ReactOS-i386.rbuild URL: http://svn.reactos.org/svn/reactos/branches/ros-amd64-bringup/reactos/React… ============================================================================== --- branches/ros-amd64-bringup/reactos/ReactOS-i386.rbuild [iso-8859-1] (original) +++ branches/ros-amd64-bringup/reactos/ReactOS-i386.rbuild [iso-8859-1] Sun Dec 6 02:11:32 2009 @@ -15,6 +15,7 @@ <define name="TARGET_i386" host="true" /> <define name="USE_COMPILER_EXCEPTIONS" /> + <define name="_USE_32BIT_TIME_T" /> <property name="PLATFORM" value="PC"/> @@ -25,6 +26,8 @@ </if> <compilerflag>-mpreferred-stack-boundary=2</compilerflag> <compilerflag compiler="midl">-m32 --win32</compilerflag> + <compilerflag compiler="cc,cxx">-gstabs+</compilerflag> + <compilerflag compiler="as">-gstabs+</compilerflag> </group> <group linkerset="ld">

15 years

[tkreuzer] 44428: Fix uninitialized variable

by tkreuzer＠svn.reactos.org

Author: tkreuzer Date: Sat Dec 5 23:48:43 2009 New Revision: 44428 URL: http://svn.reactos.org/svn/reactos?rev=44428&view=rev Log: Fix uninitialized variable Modified: branches/ros-amd64-bringup/reactos/lib/rtl/amd64/unwind.c Modified: branches/ros-amd64-bringup/reactos/lib/rtl/amd64/unwind.c URL: http://svn.reactos.org/svn/reactos/branches/ros-amd64-bringup/reactos/lib/r… ============================================================================== --- branches/ros-amd64-bringup/reactos/lib/rtl/amd64/unwind.c [iso-8859-1] (original) +++ branches/ros-amd64-bringup/reactos/lib/rtl/amd64/unwind.c [iso-8859-1] Sat Dec 5 23:48:43 2009 @@ -623,7 +623,7 @@ RtlRaiseException(IN PEXCEPTION_RECORD ExceptionRecord) { CONTEXT Context; - NTSTATUS Status; + NTSTATUS Status = STATUS_INVALID_DISPOSITION; ULONG64 ImageBase; PRUNTIME_FUNCTION FunctionEntry; PVOID HandlerData;

15 years

[tkreuzer] 44427: Fix a typo

by tkreuzer＠svn.reactos.org

Author: tkreuzer Date: Sat Dec 5 23:40:03 2009 New Revision: 44427 URL: http://svn.reactos.org/svn/reactos?rev=44427&view=rev Log: Fix a typo Modified: branches/ros-amd64-bringup/reactos/ntoskrnl/include/internal/amd64/intrin_i.h Modified: branches/ros-amd64-bringup/reactos/ntoskrnl/include/internal/amd64/intrin_i.h URL: http://svn.reactos.org/svn/reactos/branches/ros-amd64-bringup/reactos/ntosk… ============================================================================== --- branches/ros-amd64-bringup/reactos/ntoskrnl/include/internal/amd64/intrin_i.h [iso-8859-1] (original) +++ branches/ros-amd64-bringup/reactos/ntoskrnl/include/internal/amd64/intrin_i.h [iso-8859-1] Sat Dec 5 23:40:03 2009 @@ -36,7 +36,7 @@ Entry->BaseUpper = Base >> 32; } -PVOID +VOID FORCEINLINE KiSetGdtDescriptorLimit(PKGDTENTRY Entry, ULONG Limit) {

15 years

[tkreuzer] 44426: remove unused variables

by tkreuzer＠svn.reactos.org

Author: tkreuzer Date: Sat Dec 5 23:39:17 2009 New Revision: 44426 URL: http://svn.reactos.org/svn/reactos?rev=44426&view=rev Log: remove unused variables Modified: branches/ros-amd64-bringup/reactos/boot/freeldr/freeldr/windows/amd64/wlmemory.c Modified: branches/ros-amd64-bringup/reactos/boot/freeldr/freeldr/windows/amd64/wlmemory.c URL: http://svn.reactos.org/svn/reactos/branches/ros-amd64-bringup/reactos/boot/… ============================================================================== --- branches/ros-amd64-bringup/reactos/boot/freeldr/freeldr/windows/amd64/wlmemory.c [iso-8859-1] (original) +++ branches/ros-amd64-bringup/reactos/boot/freeldr/freeldr/windows/amd64/wlmemory.c [iso-8859-1] Sat Dec 5 23:39:17 2009 @@ -28,9 +28,6 @@ BOOLEAN MempAllocatePageTables() { - ULONG KernelPages; - PVOID UserSharedData; - DPRINTM(DPRINT_WINDOWS,">>> MempAllocatePageTables\n"); /* Allocate a page for the PML4 */

15 years

[tkreuzer] 44424: [EX] - Fix calculation of PCR pointer from PRCB pointer

by tkreuzer＠svn.reactos.org

Author: tkreuzer Date: Sat Dec 5 22:33:31 2009 New Revision: 44424 URL: http://svn.reactos.org/svn/reactos?rev=44424&view=rev Log: [EX] - Fix calculation of PCR pointer from PRCB pointer Modified: trunk/reactos/ntoskrnl/ex/sysinfo.c Modified: trunk/reactos/ntoskrnl/ex/sysinfo.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/ntoskrnl/ex/sysinfo.c?rev=… ============================================================================== --- trunk/reactos/ntoskrnl/ex/sysinfo.c [iso-8859-1] (original) +++ trunk/reactos/ntoskrnl/ex/sysinfo.c [iso-8859-1] Sat Dec 5 22:33:31 2009 @@ -1253,7 +1253,7 @@ for (i = 0; i < KeNumberProcessors; i++) { Prcb = KiProcessorBlock[i]; - Pcr = CONTAINING_RECORD(Prcb, KPCR, Prcb); + Pcr = (PKPCR)CONTAINING_RECORD(Prcb, KIPCR, PrcbData); #ifdef _M_ARM // This code should probably be done differently sii->ContextSwitches = Pcr->ContextSwitches; #else

15 years

[jimtabor] 44423: - [Win32k] Return invalid index.

by jimtabor＠svn.reactos.org

Author: jimtabor Date: Sat Dec 5 21:45:07 2009 New Revision: 44423 URL: http://svn.reactos.org/svn/reactos?rev=44423&view=rev Log: - [Win32k] Return invalid index. Modified: trunk/reactos/subsystems/win32/win32k/ntuser/window.c Modified: trunk/reactos/subsystems/win32/win32k/ntuser/window.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/subsystems/win32/win32k/nt… ============================================================================== --- trunk/reactos/subsystems/win32/win32k/ntuser/window.c [iso-8859-1] (original) +++ trunk/reactos/subsystems/win32/win32k/ntuser/window.c [iso-8859-1] Sat Dec 5 21:45:07 2009 @@ -3854,7 +3854,7 @@ { if ((Index + sizeof(LONG)) > Wnd->cbwndExtra) { - SetLastWin32Error(ERROR_INVALID_PARAMETER); + SetLastWin32Error(ERROR_INVALID_INDEX); return( 0); }

15 years

[cwittich] 44422: sync crypt32 to wine 1.1.34

by cwittich＠svn.reactos.org

Author: cwittich Date: Sat Dec 5 21:37:08 2009 New Revision: 44422 URL: http://svn.reactos.org/svn/reactos?rev=44422&view=rev Log: sync crypt32 to wine 1.1.34 Modified: trunk/reactos/dll/win32/crypt32/cert.c trunk/reactos/dll/win32/crypt32/chain.c trunk/reactos/dll/win32/crypt32/crl.c trunk/reactos/dll/win32/crypt32/crypt32.spec trunk/reactos/dll/win32/crypt32/decode.c trunk/reactos/dll/win32/crypt32/encode.c trunk/reactos/dll/win32/crypt32/oid.c trunk/reactos/dll/win32/crypt32/rootstore.c Modified: trunk/reactos/dll/win32/crypt32/cert.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/crypt32/cert.c?r… ============================================================================== --- trunk/reactos/dll/win32/crypt32/cert.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/crypt32/cert.c [iso-8859-1] Sat Dec 5 21:37:08 2009 @@ -1829,6 +1829,92 @@ if (pName->rgRDN[i].rgRDNAttr[j].pszObjId && !strcmp(pszObjId, pName->rgRDN[i].rgRDNAttr[j].pszObjId)) ret = &pName->rgRDN[i].rgRDNAttr[j]; + return ret; +} + +static BOOL find_matching_rdn_attr(DWORD dwFlags, const CERT_NAME_INFO *name, + const CERT_RDN_ATTR *attr) +{ + DWORD i, j; + BOOL match = FALSE; + + for (i = 0; !match && i < name->cRDN; i++) + { + for (j = 0; j < name->rgRDN[i].cRDNAttr; j++) + { + if (!strcmp(name->rgRDN[i].rgRDNAttr[j].pszObjId, + attr->pszObjId) && + name->rgRDN[i].rgRDNAttr[j].dwValueType == + attr->dwValueType) + { + if (dwFlags & CERT_UNICODE_IS_RDN_ATTRS_FLAG) + { + LPCWSTR nameStr = + (LPCWSTR)name->rgRDN[i].rgRDNAttr[j].Value.pbData; + LPCWSTR attrStr = (LPCWSTR)attr->Value.pbData; + + if (attr->Value.cbData != + name->rgRDN[i].rgRDNAttr[j].Value.cbData) + match = FALSE; + else if (dwFlags & CERT_CASE_INSENSITIVE_IS_RDN_ATTRS_FLAG) + match = !strncmpiW(nameStr, attrStr, + attr->Value.cbData / sizeof(WCHAR)); + else + match = !strncmpW(nameStr, attrStr, + attr->Value.cbData / sizeof(WCHAR)); + TRACE("%s : %s => %d\n", + debugstr_wn(nameStr, attr->Value.cbData / sizeof(WCHAR)), + debugstr_wn(attrStr, attr->Value.cbData / sizeof(WCHAR)), + match); + } + else + { + LPCSTR nameStr = + (LPCSTR)name->rgRDN[i].rgRDNAttr[j].Value.pbData; + LPCSTR attrStr = (LPCSTR)attr->Value.pbData; + + if (attr->Value.cbData != + name->rgRDN[i].rgRDNAttr[j].Value.cbData) + match = FALSE; + else if (dwFlags & CERT_CASE_INSENSITIVE_IS_RDN_ATTRS_FLAG) + match = !strncasecmp(nameStr, attrStr, + attr->Value.cbData); + else + match = !strncmp(nameStr, attrStr, attr->Value.cbData); + TRACE("%s : %s => %d\n", + debugstr_an(nameStr, attr->Value.cbData), + debugstr_an(attrStr, attr->Value.cbData), match); + } + } + } + } + return match; +} + +BOOL WINAPI CertIsRDNAttrsInCertificateName(DWORD dwCertEncodingType, + DWORD dwFlags, PCERT_NAME_BLOB pCertName, PCERT_RDN pRDN) +{ + CERT_NAME_INFO *name; + LPCSTR type; + DWORD size; + BOOL ret; + + TRACE("(%08x, %08x, %p, %p)\n", dwCertEncodingType, dwFlags, pCertName, + pRDN); + + type = dwFlags & CERT_UNICODE_IS_RDN_ATTRS_FLAG ? X509_UNICODE_NAME : + X509_NAME; + if ((ret = CryptDecodeObjectEx(dwCertEncodingType, type, pCertName->pbData, + pCertName->cbData, CRYPT_DECODE_ALLOC_FLAG, NULL, &name, &size))) + { + DWORD i; + + for (i = 0; ret && i < pRDN->cRDNAttr; i++) + ret = find_matching_rdn_attr(dwFlags, name, &pRDN->rgRDNAttr[i]); + if (!ret) + SetLastError(CRYPT_E_NO_MATCH); + LocalFree(name); + } return ret; } Modified: trunk/reactos/dll/win32/crypt32/chain.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/crypt32/chain.c?… ============================================================================== --- trunk/reactos/dll/win32/crypt32/chain.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/crypt32/chain.c [iso-8859-1] Sat Dec 5 21:37:08 2009 @@ -506,6 +506,41 @@ return validBasicConstraints; } +static BOOL domain_name_matches(LPCWSTR constraint, LPCWSTR name) +{ + BOOL match; + + /* RFC 5280, section 4.2.1.10: + * "For URIs, the constraint applies to the host part of the name... + * When the constraint begins with a period, it MAY be expanded with one + * or more labels. That is, the constraint ".example.com" is satisfied by + * both host.example.com and my.host.example.com. However, the constraint + * ".example.com" is not satisfied by "example.com". When the constraint + * does not begin with a period, it specifies a host." + * and for email addresses, + * "To indicate all Internet mail addresses on a particular host, the + * constraint is specified as the host name. For example, the constraint + * "example.com" is satisfied by any mail address at the host + * "example.com". To specify any address within a domain, the constraint + * is specified with a leading period (as with URIs)." + */ + if (constraint[0] == '.') + { + /* Must be strictly greater than, a name can't begin with '.' */ + if (lstrlenW(name) > lstrlenW(constraint)) + match = !lstrcmpiW(name + lstrlenW(name) - lstrlenW(constraint), + constraint); + else + { + /* name is too short, no match */ + match = FALSE; + } + } + else + match = !lstrcmpiW(name, constraint); + return match; +} + static BOOL url_matches(LPCWSTR constraint, LPCWSTR name, DWORD *trustErrorStatus) { @@ -517,14 +552,58 @@ *trustErrorStatus |= CERT_TRUST_INVALID_NAME_CONSTRAINTS; else if (!name) ; /* no match */ - else if (constraint[0] == '.') - { - if (lstrlenW(name) > lstrlenW(constraint)) - match = !lstrcmpiW(name + lstrlenW(name) - lstrlenW(constraint), - constraint); - } else - match = !lstrcmpiW(constraint, name); + { + LPCWSTR colon, authority_end, at, hostname = NULL; + /* The maximum length for a hostname is 254 in the DNS, see RFC 1034 */ + WCHAR hostname_buf[255]; + + /* RFC 5280: only the hostname portion of the URL is compared. From + * section 4.2.1.10: + * "For URIs, the constraint applies to the host part of the name. + * The constraint MUST be specified as a fully qualified domain name + * and MAY specify a host or a domain." + * The format for URIs is in RFC 2396. + * + * First, remove any scheme that's present. */ + colon = strchrW(name, ':'); + if (colon && *(colon + 1) == '/' && *(colon + 2) == '/') + name = colon + 3; + /* Next, find the end of the authority component. (The authority is + * generally just the hostname, but it may contain a username or a port. + * Those are removed next.) + */ + authority_end = strchrW(name, '/'); + if (!authority_end) + authority_end = strchrW(name, '?'); + if (!authority_end) + authority_end = name + strlenW(name); + /* Remove any port number from the authority */ + for (colon = authority_end; colon >= name && *colon != ':'; colon--) + ; + if (*colon == ':') + authority_end = colon; + /* Remove any username from the authority */ + if ((at = strchrW(name, '@'))) + name = at; + /* Ignore any path or query portion of the URL. */ + if (*authority_end) + { + if (authority_end - name < sizeof(hostname_buf) / + sizeof(hostname_buf[0])) + { + memcpy(hostname_buf, name, + (authority_end - name) * sizeof(WCHAR)); + hostname_buf[authority_end - name] = 0; + hostname = hostname_buf; + } + /* else: Hostname is too long, not a match */ + } + else + hostname = name; + if (hostname) + match = domain_name_matches(constraint, hostname); + } return match; } @@ -545,7 +624,7 @@ else { if ((at = strchrW(name, '@'))) - match = url_matches(constraint, at + 1, trustErrorStatus); + match = domain_name_matches(constraint, at + 1); else match = !lstrcmpiW(constraint, name); } @@ -563,9 +642,35 @@ *trustErrorStatus |= CERT_TRUST_INVALID_NAME_CONSTRAINTS; else if (!name) ; /* no match */ - else if (lstrlenW(name) >= lstrlenW(constraint)) + /* RFC 5280, section 4.2.1.10: + * "DNS name restrictions are expressed as host.example.com. Any DNS name + * that can be constructed by simply adding zero or more labels to the + * left-hand side of the name satisfies the name constraint. For example, + * www.host.example.com would satisfy the constraint but host1.example.com + * would not." + */ + else if (lstrlenW(name) == lstrlenW(constraint)) + match = !lstrcmpiW(name, constraint); + else if (lstrlenW(name) > lstrlenW(constraint)) + { match = !lstrcmpiW(name + lstrlenW(name) - lstrlenW(constraint), constraint); + if (match) + { + BOOL dot = FALSE; + LPCWSTR ptr; + + /* This only matches if name is a subdomain of constraint, i.e. + * there's a '.' between the beginning of the name and the + * matching portion of the name. + */ + for (ptr = name + lstrlenW(name) - lstrlenW(constraint); + !dot && ptr >= name; ptr--) + if (*ptr == '.') + dot = TRUE; + match = dot; + } + } /* else: name is too short, no match */ return match; @@ -615,46 +720,95 @@ return match; } -static void CRYPT_FindMatchingNameEntry(const CERT_ALT_NAME_ENTRY *constraint, - const CERT_ALT_NAME_INFO *subjectName, DWORD *trustErrorStatus, - DWORD errorIfFound, DWORD errorIfNotFound) +static BOOL directory_name_matches(const CERT_NAME_BLOB *constraint, + const CERT_NAME_BLOB *name) +{ + CERT_NAME_INFO *constraintName; + DWORD size; + BOOL match = FALSE; + + if (CryptDecodeObjectEx(X509_ASN_ENCODING, X509_NAME, constraint->pbData, + constraint->cbData, CRYPT_DECODE_ALLOC_FLAG, NULL, &constraintName, &size)) + { + DWORD i; + + match = TRUE; + for (i = 0; match && i < constraintName->cRDN; i++) + match = CertIsRDNAttrsInCertificateName(X509_ASN_ENCODING, + CERT_CASE_INSENSITIVE_IS_RDN_ATTRS_FLAG, + (CERT_NAME_BLOB *)name, &constraintName->rgRDN[i]); + LocalFree(constraintName); + } + return match; +} + +static BOOL alt_name_matches(const CERT_ALT_NAME_ENTRY *name, + const CERT_ALT_NAME_ENTRY *constraint, DWORD *trustErrorStatus, BOOL *present) +{ + BOOL match = FALSE; + + if (name->dwAltNameChoice == constraint->dwAltNameChoice) + { + if (present) + *present = TRUE; + switch (constraint->dwAltNameChoice) + { + case CERT_ALT_NAME_RFC822_NAME: + match = rfc822_name_matches(constraint->u.pwszURL, + name->u.pwszURL, trustErrorStatus); + break; + case CERT_ALT_NAME_DNS_NAME: + match = dns_name_matches(constraint->u.pwszURL, + name->u.pwszURL, trustErrorStatus); + break; + case CERT_ALT_NAME_URL: + match = url_matches(constraint->u.pwszURL, + name->u.pwszURL, trustErrorStatus); + break; + case CERT_ALT_NAME_IP_ADDRESS: + match = ip_address_matches(&constraint->u.IPAddress, + &name->u.IPAddress, trustErrorStatus); + break; + case CERT_ALT_NAME_DIRECTORY_NAME: + match = directory_name_matches(&constraint->u.DirectoryName, + &name->u.DirectoryName); + break; + default: + ERR("name choice %d unsupported in this context\n", + constraint->dwAltNameChoice); + *trustErrorStatus |= + CERT_TRUST_HAS_NOT_SUPPORTED_NAME_CONSTRAINT; + } + } + else if (present) + *present = FALSE; + return match; +} + +static BOOL alt_name_matches_excluded_name(const CERT_ALT_NAME_ENTRY *name, + const CERT_NAME_CONSTRAINTS_INFO *nameConstraints, DWORD *trustErrorStatus) { DWORD i; BOOL match = FALSE; - for (i = 0; i < subjectName->cAltEntry; i++) - { - if (subjectName->rgAltEntry[i].dwAltNameChoice == - constraint->dwAltNameChoice) - { - switch (constraint->dwAltNameChoice) - { - case CERT_ALT_NAME_RFC822_NAME: - match = rfc822_name_matches(constraint->u.pwszURL, - subjectName->rgAltEntry[i].u.pwszURL, trustErrorStatus); - break; - case CERT_ALT_NAME_DNS_NAME: - match = dns_name_matches(constraint->u.pwszURL, - subjectName->rgAltEntry[i].u.pwszURL, trustErrorStatus); - break; - case CERT_ALT_NAME_URL: - match = url_matches(constraint->u.pwszURL, - subjectName->rgAltEntry[i].u.pwszURL, trustErrorStatus); - break; - case CERT_ALT_NAME_IP_ADDRESS: - match = ip_address_matches(&constraint->u.IPAddress, - &subjectName->rgAltEntry[i].u.IPAddress, trustErrorStatus); - break; - case CERT_ALT_NAME_DIRECTORY_NAME: - default: - ERR("name choice %d unsupported in this context\n", - constraint->dwAltNameChoice); - *trustErrorStatus |= - CERT_TRUST_HAS_NOT_SUPPORTED_NAME_CONSTRAINT; - } - } - } - *trustErrorStatus |= match ? errorIfFound : errorIfNotFound; + for (i = 0; !match && i < nameConstraints->cExcludedSubtree; i++) + match = alt_name_matches(name, + &nameConstraints->rgExcludedSubtree[i].Base, trustErrorStatus, NULL); + return match; +} + +static BOOL alt_name_matches_permitted_name(const CERT_ALT_NAME_ENTRY *name, + const CERT_NAME_CONSTRAINTS_INFO *nameConstraints, DWORD *trustErrorStatus, + BOOL *present) +{ + DWORD i; + BOOL match = FALSE; + + for (i = 0; !match && i < nameConstraints->cPermittedSubtree; i++) + match = alt_name_matches(name, + &nameConstraints->rgPermittedSubtree[i].Base, trustErrorStatus, + present); + return match; } static inline PCERT_EXTENSION get_subject_alt_name_ext(const CERT_INFO *cert) @@ -669,55 +823,251 @@ return ext; } +static void compare_alt_name_with_constraints(const CERT_EXTENSION *altNameExt, + const CERT_NAME_CONSTRAINTS_INFO *nameConstraints, DWORD *trustErrorStatus) +{ + CERT_ALT_NAME_INFO *subjectAltName; + DWORD size; + + if (CryptDecodeObjectEx(X509_ASN_ENCODING, X509_ALTERNATE_NAME, + altNameExt->Value.pbData, altNameExt->Value.cbData, + CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_NOCOPY_FLAG, NULL, + &subjectAltName, &size)) + { + DWORD i; + + for (i = 0; i < subjectAltName->cAltEntry; i++) + { + BOOL nameFormPresent; + + /* A name constraint only applies if the name form is present. + * From RFC 5280, section 4.2.1.10: + * "Restrictions apply only when the specified name form is + * present. If no name of the type is in the certificate, + * the certificate is acceptable." + */ + if (alt_name_matches_excluded_name( + &subjectAltName->rgAltEntry[i], nameConstraints, + trustErrorStatus)) + { + TRACE_(chain)("subject alternate name form %d excluded\n", + subjectAltName->rgAltEntry[i].dwAltNameChoice); + *trustErrorStatus |= + CERT_TRUST_HAS_EXCLUDED_NAME_CONSTRAINT; + } + nameFormPresent = FALSE; + if (!alt_name_matches_permitted_name( + &subjectAltName->rgAltEntry[i], nameConstraints, + trustErrorStatus, &nameFormPresent) && nameFormPresent) + { + TRACE_(chain)("subject alternate name form %d not permitted\n", + subjectAltName->rgAltEntry[i].dwAltNameChoice); + *trustErrorStatus |= + CERT_TRUST_HAS_NOT_PERMITTED_NAME_CONSTRAINT; + } + } + LocalFree(subjectAltName); + } + else + *trustErrorStatus |= + CERT_TRUST_INVALID_EXTENSION | CERT_TRUST_INVALID_NAME_CONSTRAINTS; +} + +static BOOL rfc822_attr_matches_excluded_name(const CERT_RDN_ATTR *attr, + const CERT_NAME_CONSTRAINTS_INFO *nameConstraints, DWORD *trustErrorStatus) +{ + DWORD i; + BOOL match = FALSE; + + for (i = 0; !match && i < nameConstraints->cExcludedSubtree; i++) + { + const CERT_ALT_NAME_ENTRY *constraint = + &nameConstraints->rgExcludedSubtree[i].Base; + + if (constraint->dwAltNameChoice == CERT_ALT_NAME_RFC822_NAME) + match = rfc822_name_matches(constraint->u.pwszRfc822Name, + (LPCWSTR)attr->Value.pbData, trustErrorStatus); + } + return match; +} + +static BOOL rfc822_attr_matches_permitted_name(const CERT_RDN_ATTR *attr, + const CERT_NAME_CONSTRAINTS_INFO *nameConstraints, DWORD *trustErrorStatus, + BOOL *present) +{ + DWORD i; + BOOL match = FALSE; + + for (i = 0; !match && i < nameConstraints->cPermittedSubtree; i++) + { + const CERT_ALT_NAME_ENTRY *constraint = + &nameConstraints->rgPermittedSubtree[i].Base; + + if (constraint->dwAltNameChoice == CERT_ALT_NAME_RFC822_NAME) + { + *present = TRUE; + match = rfc822_name_matches(constraint->u.pwszRfc822Name, + (LPCWSTR)attr->Value.pbData, trustErrorStatus); + } + } + return match; +} + +static void compare_subject_with_email_constraints( + const CERT_NAME_BLOB *subjectName, + const CERT_NAME_CONSTRAINTS_INFO *nameConstraints, DWORD *trustErrorStatus) +{ + CERT_NAME_INFO *name; + DWORD size; + + if (CryptDecodeObjectEx(X509_ASN_ENCODING, X509_UNICODE_NAME, + subjectName->pbData, subjectName->cbData, + CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_NOCOPY_FLAG, NULL, &name, &size)) + { + DWORD i, j; + + for (i = 0; i < name->cRDN; i++) + for (j = 0; j < name->rgRDN[i].cRDNAttr; j++) + if (!strcmp(name->rgRDN[i].rgRDNAttr[j].pszObjId, + szOID_RSA_emailAddr)) + { + BOOL nameFormPresent; + + /* A name constraint only applies if the name form is + * present. From RFC 5280, section 4.2.1.10: + * "Restrictions apply only when the specified name form is + * present. If no name of the type is in the certificate, + * the certificate is acceptable." + */ + if (rfc822_attr_matches_excluded_name( + &name->rgRDN[i].rgRDNAttr[j], nameConstraints, + trustErrorStatus)) + { + TRACE_(chain)( + "email address in subject name is excluded\n"); + *trustErrorStatus |= + CERT_TRUST_HAS_EXCLUDED_NAME_CONSTRAINT; + } + nameFormPresent = FALSE; + if (!rfc822_attr_matches_permitted_name( + &name->rgRDN[i].rgRDNAttr[j], nameConstraints, + trustErrorStatus, &nameFormPresent) && nameFormPresent) + { + TRACE_(chain)( + "email address in subject name is not permitted\n"); + *trustErrorStatus |= + CERT_TRUST_HAS_NOT_PERMITTED_NAME_CONSTRAINT; + } + } + LocalFree(name); + } + else + *trustErrorStatus |= + CERT_TRUST_INVALID_EXTENSION | CERT_TRUST_INVALID_NAME_CONSTRAINTS; +} + +static BOOL CRYPT_IsEmptyName(const CERT_NAME_BLOB *name) +{ + BOOL empty; + + if (!name->cbData) + empty = TRUE; + else if (name->cbData == 2 && name->pbData[1] == 0) + { + /* An empty sequence is also empty */ + empty = TRUE; + } + else + empty = FALSE; + return empty; +} + +static void compare_subject_with_constraints(const CERT_NAME_BLOB *subjectName, + const CERT_NAME_CONSTRAINTS_INFO *nameConstraints, DWORD *trustErrorStatus) +{ + BOOL hasEmailConstraint = FALSE; + DWORD i; + + /* In general, a subject distinguished name only matches a directory name + * constraint. However, an exception exists for email addresses. + * From RFC 5280, section 4.2.1.6: + * "Legacy implementations exist where an electronic mail address is + * embedded in the subject distinguished name as an emailAddress + * attribute [RFC2985]." + * If an email address constraint exists, check that constraint separately. + */ + for (i = 0; !hasEmailConstraint && i < nameConstraints->cExcludedSubtree; + i++) + if (nameConstraints->rgExcludedSubtree[i].Base.dwAltNameChoice == + CERT_ALT_NAME_RFC822_NAME) + hasEmailConstraint = TRUE; + for (i = 0; !hasEmailConstraint && i < nameConstraints->cPermittedSubtree; + i++) + if (nameConstraints->rgPermittedSubtree[i].Base.dwAltNameChoice == + CERT_ALT_NAME_RFC822_NAME) + hasEmailConstraint = TRUE; + if (hasEmailConstraint) + compare_subject_with_email_constraints(subjectName, nameConstraints, + trustErrorStatus); + for (i = 0; i < nameConstraints->cExcludedSubtree; i++) + { + CERT_ALT_NAME_ENTRY *constraint = + &nameConstraints->rgExcludedSubtree[i].Base; + + if (constraint->dwAltNameChoice == CERT_ALT_NAME_DIRECTORY_NAME && + directory_name_matches(&constraint->u.DirectoryName, subjectName)) + { + TRACE_(chain)("subject name is excluded\n"); + *trustErrorStatus |= + CERT_TRUST_HAS_EXCLUDED_NAME_CONSTRAINT; + } + } + /* RFC 5280, section 4.2.1.10: + * "Restrictions apply only when the specified name form is present. + * If no name of the type is in the certificate, the certificate is + * acceptable." + * An empty name can't have the name form present, so don't check it. + */ + if (nameConstraints->cPermittedSubtree && !CRYPT_IsEmptyName(subjectName)) + { + BOOL match = FALSE, hasDirectoryConstraint = FALSE; + + for (i = 0; !match && i < nameConstraints->cPermittedSubtree; i++) + { + CERT_ALT_NAME_ENTRY *constraint = + &nameConstraints->rgPermittedSubtree[i].Base; + + if (constraint->dwAltNameChoice == CERT_ALT_NAME_DIRECTORY_NAME) + { + hasDirectoryConstraint = TRUE; + match = directory_name_matches(&constraint->u.DirectoryName, + subjectName); + } + } + if (hasDirectoryConstraint && !match) + { + TRACE_(chain)("subject name is not permitted\n"); + *trustErrorStatus |= CERT_TRUST_HAS_NOT_PERMITTED_NAME_CONSTRAINT; + } + } +} + static void CRYPT_CheckNameConstraints( const CERT_NAME_CONSTRAINTS_INFO *nameConstraints, const CERT_INFO *cert, DWORD *trustErrorStatus) { - /* If there aren't any existing constraints, don't bother checking */ - if (nameConstraints->cPermittedSubtree || nameConstraints->cExcludedSubtree) - { - CERT_EXTENSION *ext = get_subject_alt_name_ext(cert); - - if (ext) - { - CERT_ALT_NAME_INFO *subjectName; - DWORD size; - - if (CryptDecodeObjectEx(X509_ASN_ENCODING, X509_ALTERNATE_NAME, - ext->Value.pbData, ext->Value.cbData, - CRYPT_DECODE_ALLOC_FLAG | CRYPT_DECODE_NOCOPY_FLAG, NULL, - &subjectName, &size)) - { - DWORD i; - - for (i = 0; i < nameConstraints->cExcludedSubtree; i++) - CRYPT_FindMatchingNameEntry( - &nameConstraints->rgExcludedSubtree[i].Base, subjectName, - trustErrorStatus, - CERT_TRUST_HAS_EXCLUDED_NAME_CONSTRAINT, 0); - for (i = 0; i < nameConstraints->cPermittedSubtree; i++) - CRYPT_FindMatchingNameEntry( - &nameConstraints->rgPermittedSubtree[i].Base, subjectName, - trustErrorStatus, 0, - CERT_TRUST_HAS_NOT_PERMITTED_NAME_CONSTRAINT); - LocalFree(subjectName); - } - else - *trustErrorStatus |= - CERT_TRUST_INVALID_EXTENSION | - CERT_TRUST_INVALID_NAME_CONSTRAINTS; - } - else - { - if (nameConstraints->cPermittedSubtree) - *trustErrorStatus |= - CERT_TRUST_HAS_NOT_DEFINED_NAME_CONSTRAINT | - CERT_TRUST_HAS_NOT_PERMITTED_NAME_CONSTRAINT; - if (nameConstraints->cExcludedSubtree) - *trustErrorStatus |= - CERT_TRUST_HAS_EXCLUDED_NAME_CONSTRAINT; - } - } + CERT_EXTENSION *ext = get_subject_alt_name_ext(cert); + + if (ext) + compare_alt_name_with_constraints(ext, nameConstraints, + trustErrorStatus); + /* Name constraints apply to the subject alternative name as well as the + * subject name. From RFC 5280, section 4.2.1.10: + * "Restrictions apply to the subject distinguished name and apply to + * subject alternative names." + */ + compare_subject_with_constraints(&cert->Subject, nameConstraints, + trustErrorStatus); } /* Gets cert's name constraints, if any. Free with LocalFree. */ @@ -745,6 +1095,17 @@ DWORD i; BOOL ret = TRUE; + /* Make sure at least one permitted or excluded subtree is present. From + * RFC 5280, section 4.2.1.10: + * "Conforming CAs MUST NOT issue certificates where name constraints is an + * empty sequence. That is, either the permittedSubtrees field or the + * excludedSubtrees MUST be present." + */ + if (!info->cPermittedSubtree && !info->cExcludedSubtree) + { + WARN_(chain)("constraints contain no permitted nor excluded subtree\n"); + ret = FALSE; + } /* Check that none of the constraints specifies a minimum or a maximum. * See RFC 5280, section 4.2.1.10: * "Within this profile, the minimum and maximum fields are not used with @@ -815,8 +1176,16 @@ CRYPT_CheckNameConstraints(nameConstraints, chain->rgpElement[j]->pCertContext->pCertInfo, &errorStatus); - chain->rgpElement[i]->TrustStatus.dwErrorStatus |= - errorStatus; + if (errorStatus) + { + chain->rgpElement[i]->TrustStatus.dwErrorStatus |= + errorStatus; + CRYPT_CombineTrustStatus(&chain->TrustStatus, + &chain->rgpElement[i]->TrustStatus); + } + else + chain->rgpElement[i]->TrustStatus.dwInfoStatus |= + CERT_TRUST_HAS_VALID_NAME_CONSTRAINTS; } } } @@ -1235,58 +1604,6 @@ return ret; } -static BOOL CRYPT_ExtendedKeyUsageValidForCA(PCCERT_CONTEXT cert) -{ - PCERT_EXTENSION ext; - BOOL ret; - - /* RFC 5280, section 4.2.1.12: "In general, this extension will only - * appear in end entity certificates." And, "If a certificate contains - * both a key usage extension and an extended key usage extension, then - * both extensions MUST be processed independently and the certificate MUST - * only be used for a purpose consistent with both extensions." This seems - * to imply that it should be checked if present, and ignored if not. - * Unfortunately some CAs, e.g. the Thawte SGC CA, don't include the code - * signing extended key usage, whereas they do include the keyCertSign - * key usage. Thus, when checking for a CA, we only require the - * code signing extended key usage if the extended key usage is critical. - */ - ext = CertFindExtension(szOID_ENHANCED_KEY_USAGE, - cert->pCertInfo->cExtension, cert->pCertInfo->rgExtension); - if (ext && ext->fCritical) - { - CERT_ENHKEY_USAGE *usage; - DWORD size; - - ret = CryptDecodeObjectEx(cert->dwCertEncodingType, - X509_ENHANCED_KEY_USAGE, ext->Value.pbData, ext->Value.cbData, - CRYPT_DECODE_ALLOC_FLAG, NULL, &usage, &size); - if (ret) - { - DWORD i; - - /* Explicitly require the code signing extended key usage for a CA - * with an extended key usage extension. That is, don't assume - * a cert is allowed to be a CA if it specifies the - * anyExtendedKeyUsage usage oid. See again RFC 5280, section - * 4.2.1.12: "Applications that require the presence of a - * particular purpose MAY reject certificates that include the - * anyExtendedKeyUsage OID but not the particular OID expected for - * the application." - */ - ret = FALSE; - for (i = 0; !ret && i < usage->cUsageIdentifier; i++) - if (!strcmp(usage->rgpszUsageIdentifier[i], - szOID_PKIX_KP_CODE_SIGNING)) - ret = TRUE; - LocalFree(usage); - } - } - else - ret = TRUE; - return ret; -} - static BOOL CRYPT_CriticalExtensionsSupported(PCCERT_CONTEXT cert) { BOOL ret = TRUE; @@ -1435,11 +1752,6 @@ isRoot, constraints.fCA, i)) chain->rgpElement[i]->TrustStatus.dwErrorStatus |= CERT_TRUST_IS_NOT_VALID_FOR_USAGE; - if (i != 0) - if (!CRYPT_ExtendedKeyUsageValidForCA( - chain->rgpElement[i]->pCertContext)) - chain->rgpElement[i]->TrustStatus.dwErrorStatus |= - CERT_TRUST_IS_NOT_VALID_FOR_USAGE; if (CRYPT_IsSimpleChainCyclic(chain)) { /* If the chain is cyclic, then the path length constraints @@ -1501,7 +1813,10 @@ subject->dwCertEncodingType, 0, CERT_FIND_CERT_ID, &id, prevIssuer); if (issuer) + { + TRACE_(chain)("issuer found by issuer/serial number\n"); *infoStatus = CERT_TRUST_HAS_EXACT_MATCH_ISSUER; + } } else if (info->KeyId.cbData) { @@ -1511,7 +1826,10 @@ subject->dwCertEncodingType, 0, CERT_FIND_CERT_ID, &id, prevIssuer); if (issuer) + { + TRACE_(chain)("issuer found by key id\n"); *infoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER; + } } LocalFree(info); } @@ -1554,7 +1872,10 @@ subject->dwCertEncodingType, 0, CERT_FIND_CERT_ID, &id, prevIssuer); if (issuer) + { + TRACE_(chain)("issuer found by directory name\n"); *infoStatus = CERT_TRUST_HAS_EXACT_MATCH_ISSUER; + } } else FIXME("no supported name type in authority key id2\n"); @@ -1567,7 +1888,10 @@ subject->dwCertEncodingType, 0, CERT_FIND_CERT_ID, &id, prevIssuer); if (issuer) + { + TRACE_(chain)("issuer found by key id\n"); *infoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER; + } } LocalFree(info); } @@ -1577,6 +1901,7 @@ issuer = CertFindCertificateInStore(store, subject->dwCertEncodingType, 0, CERT_FIND_SUBJECT_NAME, &subject->pCertInfo->Issuer, prevIssuer); + TRACE_(chain)("issuer found by name\n"); *infoStatus = CERT_TRUST_HAS_NAME_MATCH_ISSUER; } return issuer; @@ -2054,7 +2379,7 @@ if (cContext) { PCCERT_CONTEXT *contexts = - CryptMemAlloc(cContext * sizeof(PCCERT_CONTEXT *)); + CryptMemAlloc(cContext * sizeof(PCCERT_CONTEXT)); if (contexts) { @@ -2101,7 +2426,11 @@ case CRYPT_E_NO_REVOCATION_CHECK: case CRYPT_E_NO_REVOCATION_DLL: case CRYPT_E_NOT_IN_REVOCATION_DATABASE: - error = CERT_TRUST_REVOCATION_STATUS_UNKNOWN; + /* If the revocation status is unknown, it's assumed to be + * offline too. + */ + error = CERT_TRUST_REVOCATION_STATUS_UNKNOWN | + CERT_TRUST_IS_OFFLINE_REVOCATION; break; case CRYPT_E_REVOCATION_OFFLINE: error = CERT_TRUST_IS_OFFLINE_REVOCATION; @@ -2125,14 +2454,122 @@ } } +static void CRYPT_CheckUsages(PCERT_CHAIN_CONTEXT chain, + const CERT_CHAIN_PARA *pChainPara) +{ + if (pChainPara->cbSize >= sizeof(CERT_CHAIN_PARA_NO_EXTRA_FIELDS) && + pChainPara->RequestedUsage.Usage.cUsageIdentifier) + { + PCCERT_CONTEXT endCert; + PCERT_EXTENSION ext; + BOOL validForUsage; + + /* A chain, if created, always includes the end certificate */ + endCert = chain->rgpChain[0]->rgpElement[0]->pCertContext; + /* The extended key usage extension specifies how a certificate's + * public key may be used. From RFC 5280, section 4.2.1.12: + * "This extension indicates one or more purposes for which the + * certified public key may be used, in addition to or in place of the + * basic purposes indicated in the key usage extension." + * If the extension is present, it only satisfies the requested usage + * if that usage is included in the extension: + * "If the extension is present, then the certificate MUST only be used + * for one of the purposes indicated." + * There is also the special anyExtendedKeyUsage OID, but it doesn't + * have to be respected: + * "Applications that require the presence of a particular purpose + * MAY reject certificates that include the anyExtendedKeyUsage OID + * but not the particular OID expected for the application." + * For now, I'm being more conservative and ignoring the presence of + * the anyExtendedKeyUsage OID. + */ + if ((ext = CertFindExtension(szOID_ENHANCED_KEY_USAGE, + endCert->pCertInfo->cExtension, endCert->pCertInfo->rgExtension))) + { + const CERT_ENHKEY_USAGE *requestedUsage = + &pChainPara->RequestedUsage.Usage; + CERT_ENHKEY_USAGE *usage; + DWORD size; + + if (CryptDecodeObjectEx(X509_ASN_ENCODING, + X509_ENHANCED_KEY_USAGE, ext->Value.pbData, ext->Value.cbData, + CRYPT_DECODE_ALLOC_FLAG, NULL, &usage, &size)) + { + if (pChainPara->RequestedUsage.dwType == USAGE_MATCH_TYPE_AND) + { + DWORD i, j; + + /* For AND matches, all usages must be present */ + validForUsage = TRUE; + for (i = 0; validForUsage && + i < requestedUsage->cUsageIdentifier; i++) + { + BOOL match = FALSE; + + for (j = 0; !match && j < usage->cUsageIdentifier; j++) + match = !strcmp(usage->rgpszUsageIdentifier[j], + requestedUsage->rgpszUsageIdentifier[i]); + if (!match) + validForUsage = FALSE; + } + } + else + { + DWORD i, j; + + /* For OR matches, any matching usage suffices */ + validForUsage = FALSE; + for (i = 0; !validForUsage && + i < requestedUsage->cUsageIdentifier; i++) + { + for (j = 0; !validForUsage && + j < usage->cUsageIdentifier; j++) + validForUsage = + !strcmp(usage->rgpszUsageIdentifier[j], + requestedUsage->rgpszUsageIdentifier[i]); + } + } + LocalFree(usage); + } + else + validForUsage = FALSE; + } + else + { + /* If the extension isn't present, any interpretation is valid: + * "Certificate using applications MAY require that the extended + * key usage extension be present and that a particular purpose + * be indicated in order for the certificate to be acceptable to + * that application." + * For now I'm being more conservative and disallowing it. + */ + WARN_(chain)("requested usage from a certificate with no usages\n"); + validForUsage = FALSE; + } + if (!validForUsage) + { + chain->TrustStatus.dwErrorStatus |= + CERT_TRUST_IS_NOT_VALID_FOR_USAGE; + chain->rgpChain[0]->rgpElement[0]->TrustStatus.dwErrorStatus |= + CERT_TRUST_IS_NOT_VALID_FOR_USAGE; + } + } + if (pChainPara->cbSize >= sizeof(CERT_CHAIN_PARA) && + pChainPara->RequestedIssuancePolicy.Usage.cUsageIdentifier) + FIXME("unimplemented for RequestedIssuancePolicy\n"); +} + static void dump_usage_match(LPCSTR name, const CERT_USAGE_MATCH *usageMatch) { - DWORD i; - - TRACE_(chain)("%s: %s\n", name, - usageMatch->dwType == USAGE_MATCH_TYPE_AND ? "AND" : "OR"); - for (i = 0; i < usageMatch->Usage.cUsageIdentifier; i++) - TRACE_(chain)("%s\n", usageMatch->Usage.rgpszUsageIdentifier[i]); + if (usageMatch->Usage.cUsageIdentifier) + { + DWORD i; + + TRACE_(chain)("%s: %s\n", name, + usageMatch->dwType == USAGE_MATCH_TYPE_AND ? "AND" : "OR"); + for (i = 0; i < usageMatch->Usage.cUsageIdentifier; i++) + TRACE_(chain)("%s\n", usageMatch->Usage.rgpszUsageIdentifier[i]); + } } static void dump_chain_para(const CERT_CHAIN_PARA *pChainPara) @@ -2201,7 +2638,9 @@ if (!(dwFlags & CERT_CHAIN_RETURN_LOWER_QUALITY_CONTEXTS)) CRYPT_FreeLowerQualityChains(chain); pChain = (PCERT_CHAIN_CONTEXT)chain; - CRYPT_VerifyChainRevocation(pChain, pTime, pChainPara, dwFlags); + if (!pChain->TrustStatus.dwErrorStatus) + CRYPT_VerifyChainRevocation(pChain, pTime, pChainPara, dwFlags); + CRYPT_CheckUsages(pChain, pChainPara); if (ppChainContext) *ppChainContext = pChain; else @@ -2378,8 +2817,8 @@ * in section 4.2.1.6: * "Multiple name forms, and multiple instances of each name form, * MAY be included." - * It doesn't specify the behavior in such cases, but common usage is - * to accept a certificate if any name matches. + * It doesn't specify the behavior in such cases, but both RFC 2818 + * and RFC 2595 explicitly accept a certificate if any name matches. */ for (i = 0; !matches && i < subjectName->cAltEntry; i++) { Modified: trunk/reactos/dll/win32/crypt32/crl.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/crypt32/crl.c?re… ============================================================================== --- trunk/reactos/dll/win32/crypt32/crl.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/crypt32/crl.c [iso-8859-1] Sat Dec 5 21:37:08 2009 @@ -19,10 +19,12 @@ #include <assert.h> #include <stdarg.h> +#define NONAMELESSUNION #include "windef.h" #include "winbase.h" #include "wincrypt.h" #include "wine/debug.h" +#include "wine/unicode.h" #include "crypt32_private.h" WINE_DEFAULT_DEBUG_CHANNEL(crypt); @@ -113,7 +115,82 @@ PCCERT_CONTEXT issuer = pvPara; ret = CertCompareCertificateName(issuer->dwCertEncodingType, - &issuer->pCertInfo->Issuer, &pCrlContext->pCrlInfo->Issuer); + &issuer->pCertInfo->Subject, &pCrlContext->pCrlInfo->Issuer); + if (ret && (dwFlags & CRL_FIND_ISSUED_BY_SIGNATURE_FLAG)) + ret = CryptVerifyCertificateSignatureEx(0, + issuer->dwCertEncodingType, + CRYPT_VERIFY_CERT_SIGN_SUBJECT_CRL, (void *)pCrlContext, + CRYPT_VERIFY_CERT_SIGN_ISSUER_CERT, (void *)issuer, 0, NULL); + if (ret && (dwFlags & CRL_FIND_ISSUED_BY_AKI_FLAG)) + { + PCERT_EXTENSION ext = CertFindExtension( + szOID_AUTHORITY_KEY_IDENTIFIER2, pCrlContext->pCrlInfo->cExtension, + pCrlContext->pCrlInfo->rgExtension); + + if (ext) + { + CERT_AUTHORITY_KEY_ID2_INFO *info; + DWORD size; + + if ((ret = CryptDecodeObjectEx(X509_ASN_ENCODING, + X509_AUTHORITY_KEY_ID2, ext->Value.pbData, ext->Value.cbData, + CRYPT_DECODE_ALLOC_FLAG, NULL, &info, &size))) + { + if (info->AuthorityCertIssuer.cAltEntry && + info->AuthorityCertSerialNumber.cbData) + { + PCERT_ALT_NAME_ENTRY directoryName = NULL; + DWORD i; + + for (i = 0; !directoryName && + i < info->AuthorityCertIssuer.cAltEntry; i++) + if (info->AuthorityCertIssuer.rgAltEntry[i]. + dwAltNameChoice == CERT_ALT_NAME_DIRECTORY_NAME) + directoryName = + &info->AuthorityCertIssuer.rgAltEntry[i]; + if (directoryName) + { + ret = CertCompareCertificateName( + issuer->dwCertEncodingType, + &issuer->pCertInfo->Subject, + &directoryName->u.DirectoryName); + if (ret) + ret = CertCompareIntegerBlob( + &issuer->pCertInfo->SerialNumber, + &info->AuthorityCertSerialNumber); + } + else + { + FIXME("no supported name type in authority key id2\n"); + ret = FALSE; + } + } + else if (info->KeyId.cbData) + { + if ((ext = CertFindExtension( + szOID_SUBJECT_KEY_IDENTIFIER, + issuer->pCertInfo->cExtension, + issuer->pCertInfo->rgExtension))) + { + if (info->KeyId.cbData == ext->Value.cbData) + ret = !memcmp(info->KeyId.pbData, + ext->Value.pbData, info->KeyId.cbData); + else + ret = FALSE; + } + else + ret = FALSE; + } + else + { + FIXME("unsupported value for AKI extension\n"); + ret = FALSE; + } + LocalFree(info); + } + } + /* else: a CRL without an AKI matches any cert */ + } } else ret = TRUE; @@ -134,6 +211,17 @@ } else ret = TRUE; + return ret; +} + +static BOOL compare_crl_issued_for(PCCRL_CONTEXT pCrlContext, DWORD dwType, + DWORD dwFlags, const void *pvPara) +{ + const CRL_FIND_ISSUED_FOR_PARA *para = pvPara; + BOOL ret; + + ret = CertCompareCertificateName(para->pIssuerCert->dwCertEncodingType, + &para->pIssuerCert->pCertInfo->Issuer, &pCrlContext->pCrlInfo->Issuer); return ret; } @@ -157,6 +245,9 @@ break; case CRL_FIND_EXISTING: compare = compare_crl_existing; + break; + case CRL_FIND_ISSUED_FOR: + compare = compare_crl_issued_for; break; default: FIXME("find type %08x unimplemented\n", dwFindType); @@ -467,11 +558,151 @@ return ret; } +static BOOL compare_dist_point_name(const CRL_DIST_POINT_NAME *name1, + const CRL_DIST_POINT_NAME *name2) +{ + BOOL match; + + if (name1->dwDistPointNameChoice == name2->dwDistPointNameChoice) + { + match = TRUE; + if (name1->dwDistPointNameChoice == CRL_DIST_POINT_FULL_NAME) + { + if (name1->u.FullName.cAltEntry == name2->u.FullName.cAltEntry) + { + DWORD i; + + for (i = 0; match && i < name1->u.FullName.cAltEntry; i++) + { + const CERT_ALT_NAME_ENTRY *entry1 = + &name1->u.FullName.rgAltEntry[i]; + const CERT_ALT_NAME_ENTRY *entry2 = + &name2->u.FullName.rgAltEntry[i]; + + if (entry1->dwAltNameChoice == entry2->dwAltNameChoice) + { + switch (entry1->dwAltNameChoice) + { + case CERT_ALT_NAME_URL: + match = !strcmpiW(entry1->u.pwszURL, + entry2->u.pwszURL); + break; + case CERT_ALT_NAME_DIRECTORY_NAME: + match = (entry1->u.DirectoryName.cbData == + entry2->u.DirectoryName.cbData) && + !memcmp(entry1->u.DirectoryName.pbData, + entry2->u.DirectoryName.pbData, + entry1->u.DirectoryName.cbData); + break; + default: + FIXME("unimplemented for type %d\n", + entry1->dwAltNameChoice); + match = FALSE; + } + } + else + match = FALSE; + } + } + else + match = FALSE; + } + } + else + match = FALSE; + return match; +} + +static BOOL match_dist_point_with_issuing_dist_point( + const CRL_DIST_POINT *distPoint, const CRL_ISSUING_DIST_POINT *idp) +{ + BOOL match; + + /* While RFC 5280, section 4.2.1.13 recommends against segmenting + * CRL distribution points by reasons, it doesn't preclude doing so. + * "This profile RECOMMENDS against segmenting CRLs by reason code." + * If the issuing distribution point for this CRL is only valid for + * some reasons, only match if the reasons covered also match the + * reasons in the CRL distribution point. + */ + if (idp->OnlySomeReasonFlags.cbData) + { + if (idp->OnlySomeReasonFlags.cbData == distPoint->ReasonFlags.cbData) + { + DWORD i; + + match = TRUE; + for (i = 0; match && i < distPoint->ReasonFlags.cbData; i++) + if (idp->OnlySomeReasonFlags.pbData[i] != + distPoint->ReasonFlags.pbData[i]) + match = FALSE; + } + else + match = FALSE; + } + else + match = TRUE; + if (match) + match = compare_dist_point_name(&idp->DistPointName, + &distPoint->DistPointName); + return match; +} + BOOL WINAPI CertIsValidCRLForCertificate(PCCERT_CONTEXT pCert, PCCRL_CONTEXT pCrl, DWORD dwFlags, void *pvReserved) { + PCERT_EXTENSION ext; + BOOL ret; + TRACE("(%p, %p, %08x, %p)\n", pCert, pCrl, dwFlags, pvReserved); - return TRUE; + + if (!pCert) + return TRUE; + + if ((ext = CertFindExtension(szOID_ISSUING_DIST_POINT, + pCrl->pCrlInfo->cExtension, pCrl->pCrlInfo->rgExtension))) + { + CRL_ISSUING_DIST_POINT *idp; + DWORD size; + + if ((ret = CryptDecodeObjectEx(pCrl->dwCertEncodingType, + X509_ISSUING_DIST_POINT, ext->Value.pbData, ext->Value.cbData, + CRYPT_DECODE_ALLOC_FLAG, NULL, &idp, &size))) + { + if ((ext = CertFindExtension(szOID_CRL_DIST_POINTS, + pCert->pCertInfo->cExtension, pCert->pCertInfo->rgExtension))) + { + CRL_DIST_POINTS_INFO *distPoints; + + if ((ret = CryptDecodeObjectEx(pCert->dwCertEncodingType, + X509_CRL_DIST_POINTS, ext->Value.pbData, ext->Value.cbData, + CRYPT_DECODE_ALLOC_FLAG, NULL, &distPoints, &size))) + { + DWORD i; + + ret = FALSE; + for (i = 0; !ret && i < distPoints->cDistPoint; i++) + ret = match_dist_point_with_issuing_dist_point( + &distPoints->rgDistPoint[i], idp); + if (!ret) + SetLastError(CRYPT_E_NO_MATCH); + LocalFree(distPoints); + } + } + else + { + /* no CRL dist points extension in cert, can't match the CRL + * (which has an issuing dist point extension) + */ + ret = FALSE; + SetLastError(CRYPT_E_NO_MATCH); + } + LocalFree(idp); + } + } + else + ret = TRUE; + return ret; } static PCRL_ENTRY CRYPT_FindCertificateInCRL(PCERT_INFO cert, const CRL_INFO *crl) Modified: trunk/reactos/dll/win32/crypt32/crypt32.spec URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/crypt32/crypt32.… ============================================================================== --- trunk/reactos/dll/win32/crypt32/crypt32.spec [iso-8859-1] (original) +++ trunk/reactos/dll/win32/crypt32/crypt32.spec [iso-8859-1] Sat Dec 5 21:37:08 2009 @@ -66,7 +66,7 @@ @ stdcall CertGetStoreProperty(ptr long ptr ptr) @ stdcall CertGetSubjectCertificateFromStore(ptr long ptr) @ stdcall CertGetValidUsages(long ptr ptr ptr ptr) -@ stub CertIsRDNAttrsInCertificateName +@ stdcall CertIsRDNAttrsInCertificateName(long long ptr ptr) @ stdcall CertIsValidCRLForCertificate(ptr ptr long ptr) @ stdcall CertNameToStrA(long ptr long ptr long) @ stdcall CertNameToStrW(long ptr long ptr long) Modified: trunk/reactos/dll/win32/crypt32/decode.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/crypt32/decode.c… ============================================================================== --- trunk/reactos/dll/win32/crypt32/decode.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/crypt32/decode.c [iso-8859-1] Sat Dec 5 21:37:08 2009 @@ -3106,43 +3106,6 @@ return ret; } -/* Like CRYPT_AsnDecodeIntegerInternal, but swaps the bytes */ -static BOOL CRYPT_AsnDecodeIntegerSwapBytes(const BYTE *pbEncoded, - DWORD cbEncoded, DWORD dwFlags, void *pvStructInfo, DWORD *pcbStructInfo, - DWORD *pcbDecoded) -{ - BOOL ret; - - TRACE("(%p, %d, 0x%08x, %p, %d, %p)\n", pbEncoded, cbEncoded, dwFlags, - pvStructInfo, *pcbStructInfo, pcbDecoded); - - /* Can't use the CRYPT_DECODE_NOCOPY_FLAG, because we modify the bytes in- - * place. - */ - ret = CRYPT_AsnDecodeIntegerInternal(pbEncoded, cbEncoded, - dwFlags & ~CRYPT_DECODE_NOCOPY_FLAG, pvStructInfo, pcbStructInfo, - pcbDecoded); - if (ret && pvStructInfo) - { - CRYPT_DATA_BLOB *blob = pvStructInfo; - - if (blob->cbData) - { - DWORD i; - BYTE temp; - - for (i = 0; i < blob->cbData / 2; i++) - { - temp = blob->pbData[i]; - blob->pbData[i] = blob->pbData[blob->cbData - i - 1]; - blob->pbData[blob->cbData - i - 1] = temp; - } - } - } - TRACE("returning %d (%08x)\n", ret, GetLastError()); - return ret; -} - static BOOL WINAPI CRYPT_AsnDecodeAuthorityKeyId(DWORD dwCertEncodingType, LPCSTR lpszStructType, const BYTE *pbEncoded, DWORD cbEncoded, DWORD dwFlags, PCRYPT_DECODE_PARA pDecodePara, void *pvStructInfo, DWORD *pcbStructInfo) @@ -3153,7 +3116,7 @@ { struct AsnDecodeSequenceItem items[] = { { ASN_CONTEXT | 0, offsetof(CERT_AUTHORITY_KEY_ID_INFO, KeyId), - CRYPT_AsnDecodeIntegerSwapBytes, sizeof(CRYPT_DATA_BLOB), + CRYPT_AsnDecodeOctetsInternal, sizeof(CRYPT_DATA_BLOB), TRUE, TRUE, offsetof(CERT_AUTHORITY_KEY_ID_INFO, KeyId.pbData), 0 }, { ASN_CONTEXT | ASN_CONSTRUCTOR| 1, offsetof(CERT_AUTHORITY_KEY_ID_INFO, CertIssuer), @@ -3188,7 +3151,7 @@ { struct AsnDecodeSequenceItem items[] = { { ASN_CONTEXT | 0, offsetof(CERT_AUTHORITY_KEY_ID2_INFO, KeyId), - CRYPT_AsnDecodeIntegerSwapBytes, sizeof(CRYPT_DATA_BLOB), + CRYPT_AsnDecodeOctetsInternal, sizeof(CRYPT_DATA_BLOB), TRUE, TRUE, offsetof(CERT_AUTHORITY_KEY_ID2_INFO, KeyId.pbData), 0 }, { ASN_CONTEXT | ASN_CONSTRUCTOR| 1, offsetof(CERT_AUTHORITY_KEY_ID2_INFO, AuthorityCertIssuer), Modified: trunk/reactos/dll/win32/crypt32/encode.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/crypt32/encode.c… ============================================================================== --- trunk/reactos/dll/win32/crypt32/encode.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/crypt32/encode.c [iso-8859-1] Sat Dec 5 21:37:08 2009 @@ -2438,45 +2438,6 @@ return ret; } -static BOOL WINAPI CRYPT_AsnEncodeIntegerSwapBytes(DWORD dwCertEncodingType, - LPCSTR lpszStructType, const void *pvStructInfo, DWORD dwFlags, - PCRYPT_ENCODE_PARA pEncodePara, BYTE *pbEncoded, DWORD *pcbEncoded) -{ - BOOL ret; - - __TRY - { - const CRYPT_DATA_BLOB *blob = pvStructInfo; - CRYPT_DATA_BLOB newBlob = { blob->cbData, NULL }; - - ret = TRUE; - if (newBlob.cbData) - { - newBlob.pbData = CryptMemAlloc(newBlob.cbData); - if (newBlob.pbData) - { - DWORD i; - - for (i = 0; i < newBlob.cbData; i++) - newBlob.pbData[newBlob.cbData - i - 1] = blob->pbData[i]; - } - else - ret = FALSE; - } - if (ret) - ret = CRYPT_AsnEncodeInteger(dwCertEncodingType, lpszStructType, - &newBlob, dwFlags, pEncodePara, pbEncoded, pcbEncoded); - CryptMemFree(newBlob.pbData); - } - __EXCEPT_PAGE_FAULT - { - SetLastError(STATUS_ACCESS_VIOLATION); - ret = FALSE; - } - __ENDTRY - return ret; -} - static BOOL WINAPI CRYPT_AsnEncodeAuthorityKeyId(DWORD dwCertEncodingType, LPCSTR lpszStructType, const void *pvStructInfo, DWORD dwFlags, PCRYPT_ENCODE_PARA pEncodePara, BYTE *pbEncoded, DWORD *pcbEncoded) @@ -2495,7 +2456,7 @@ { swapped[cSwapped].tag = ASN_CONTEXT | 0; swapped[cSwapped].pvStructInfo = &info->KeyId; - swapped[cSwapped].encodeFunc = CRYPT_AsnEncodeIntegerSwapBytes; + swapped[cSwapped].encodeFunc = CRYPT_AsnEncodeOctets; items[cItem].pvStructInfo = &swapped[cSwapped]; items[cItem].encodeFunc = CRYPT_AsnEncodeSwapTag; cSwapped++; @@ -2626,7 +2587,7 @@ { swapped[cSwapped].tag = ASN_CONTEXT | 0; swapped[cSwapped].pvStructInfo = &info->KeyId; - swapped[cSwapped].encodeFunc = CRYPT_AsnEncodeIntegerSwapBytes; + swapped[cSwapped].encodeFunc = CRYPT_AsnEncodeOctets; items[cItem].pvStructInfo = &swapped[cSwapped]; items[cItem].encodeFunc = CRYPT_AsnEncodeSwapTag; cSwapped++; Modified: trunk/reactos/dll/win32/crypt32/oid.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/crypt32/oid.c?re… ============================================================================== --- trunk/reactos/dll/win32/crypt32/oid.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/crypt32/oid.c [iso-8859-1] Sat Dec 5 21:37:08 2009 @@ -881,9 +881,11 @@ } else { + LPCWSTR nextStr = spotToRemove + lstrlenW(toRemove) + 1; + /* Copy remainder of string "left" */ - memmove(spotToRemove, spotToRemove + lstrlenW(toRemove) + 1, - (len - (spotToRemove - multi)) * sizeof(WCHAR)); + memmove(spotToRemove, nextStr, + (len - (nextStr - multi)) * sizeof(WCHAR)); } ret = TRUE; } Modified: trunk/reactos/dll/win32/crypt32/rootstore.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/crypt32/rootstor… ============================================================================== --- trunk/reactos/dll/win32/crypt32/rootstore.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/crypt32/rootstore.c [iso-8859-1] Sat Dec 5 21:37:08 2009 @@ -40,6 +40,9 @@ #include "winternl.h" #include "wine/debug.h" #include "crypt32_private.h" +#ifdef __APPLE__ +#include <Security/Security.h> +#endif WINE_DEFAULT_DEBUG_CHANNEL(crypt); @@ -713,6 +716,35 @@ DWORD i; BOOL ret = FALSE; +#ifdef __APPLE__ + OSStatus status; + CFArrayRef rootCerts; + + status = SecTrustCopyAnchorCertificates(&rootCerts); + if (status == noErr) + { + int i; + for (i = 0; i < CFArrayGetCount(rootCerts); i++) + { + SecCertificateRef cert = (SecCertificateRef)CFArrayGetValueAtIndex(rootCerts, i); + CFDataRef certData; + if ((status = SecKeychainItemExport(cert, kSecFormatX509Cert, 0, NULL, &certData)) == noErr) + { + if (CertAddEncodedCertificateToStore(store, X509_ASN_ENCODING, + CFDataGetBytePtr(certData), CFDataGetLength(certData), + CERT_STORE_ADD_NEW, NULL)) + ret = TRUE; + else + WARN("adding root cert %d failed: %08x\n", i, GetLastError()); + CFRelease(certData); + } + else + WARN("could not export certificate %d to X509 format: 0x%08x\n", i, (unsigned int)status); + } + CFRelease(rootCerts); + } +#endif + for (i = 0; !ret && i < sizeof(CRYPT_knownLocations) / sizeof(CRYPT_knownLocations[0]); i++)

15 years

[cwittich] 44421: sync dde.c to wine 1.1.34

by cwittich＠svn.reactos.org

Author: cwittich Date: Sat Dec 5 21:04:54 2009 New Revision: 44421 URL: http://svn.reactos.org/svn/reactos?rev=44421&view=rev Log: sync dde.c to wine 1.1.34 Modified: trunk/reactos/dll/win32/user32/misc/dde.c Modified: trunk/reactos/dll/win32/user32/misc/dde.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/user32/misc/dde.… ============================================================================== --- trunk/reactos/dll/win32/user32/misc/dde.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/user32/misc/dde.c [iso-8859-1] Sat Dec 5 21:04:54 2009 @@ -1971,7 +1971,13 @@ /* FIXME: should do better checking */ if (pConv == NULL || pConv->magic != WDML_CONV_MAGIC) return NULL; - if (!pConv->instance || pConv->instance->threadID != GetCurrentThreadId()) + if (!pConv->instance) + { + WARN("wrong thread ID, no instance\n"); + return NULL; + } + + if (pConv->instance->threadID != GetCurrentThreadId()) { WARN("wrong thread ID\n"); pConv->instance->lastError = DMLERR_INVALIDPARAMETER; /* FIXME: check */

15 years

[cwittich] 44420: sync mapi32 with wine 1.1.34

by cwittich＠svn.reactos.org

Author: cwittich Date: Sat Dec 5 20:47:30 2009 New Revision: 44420 URL: http://svn.reactos.org/svn/reactos?rev=44420&view=rev Log: sync mapi32 with wine 1.1.34 Modified: trunk/reactos/dll/win32/mapi32/imalloc.c trunk/reactos/dll/win32/mapi32/mapi32_main.c trunk/reactos/dll/win32/mapi32/sendmail.c trunk/reactos/dll/win32/mapi32/util.c trunk/reactos/dll/win32/mapi32/util.h Modified: trunk/reactos/dll/win32/mapi32/imalloc.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/mapi32/imalloc.c… ============================================================================== --- trunk/reactos/dll/win32/mapi32/imalloc.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/mapi32/imalloc.c [iso-8859-1] Sat Dec 5 20:47:30 2009 @@ -32,6 +32,7 @@ #include "objbase.h" #include "shlwapi.h" #include "mapiutil.h" +#include "util.h" #include "wine/debug.h" WINE_DEFAULT_DEBUG_CHANNEL(mapi); @@ -62,6 +63,9 @@ LPMALLOC WINAPI MAPIGetDefaultMalloc(void) { TRACE("()\n"); + + if (mapiFunctions.MAPIGetDefaultMalloc) + return mapiFunctions.MAPIGetDefaultMalloc(); IMalloc_AddRef((LPMALLOC)&MAPI_IMalloc); return (LPMALLOC)&MAPI_IMalloc; Modified: trunk/reactos/dll/win32/mapi32/mapi32_main.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/mapi32/mapi32_ma… ============================================================================== --- trunk/reactos/dll/win32/mapi32/mapi32_main.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/mapi32/mapi32_main.c [iso-8859-1] Sat Dec 5 20:47:30 2009 @@ -89,7 +89,15 @@ */ HRESULT WINAPI DllCanUnloadNow(void) { - return MAPI_ObjectCount == 0 ? S_OK : S_FALSE; + HRESULT ret = S_OK; + + if (mapiFunctions.DllCanUnloadNow) + { + ret = mapiFunctions.DllCanUnloadNow(); + TRACE("(): provider returns %d\n", ret); + } + + return MAPI_ObjectCount == 0 ? ret : S_FALSE; } /*********************************************************************** @@ -167,6 +175,9 @@ HRESULT WINAPI MAPIOpenLocalFormContainer(LPVOID *ppfcnt) { + if (mapiFunctions.MAPIOpenLocalFormContainer) + return mapiFunctions.MAPIOpenLocalFormContainer(ppfcnt); + FIXME("(%p) Stub\n", ppfcnt); return E_FAIL; } @@ -189,6 +200,9 @@ HRESULT WINAPI MAPIAdminProfiles(ULONG ulFlags, LPPROFADMIN *lppProfAdmin) { + if (mapiFunctions.MAPIAdminProfiles) + return mapiFunctions.MAPIAdminProfiles(ulFlags, lppProfAdmin); + FIXME("(%u, %p): stub\n", ulFlags, lppProfAdmin); *lppProfAdmin = NULL; return E_FAIL; Modified: trunk/reactos/dll/win32/mapi32/sendmail.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/mapi32/sendmail.… ============================================================================== --- trunk/reactos/dll/win32/mapi32/sendmail.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/mapi32/sendmail.c [iso-8859-1] Sat Dec 5 20:47:30 2009 @@ -59,7 +59,7 @@ IMAPITable* msg_table; LPSRowSet rows = NULL; IMsgStore* msg_store; - IMAPIFolder* folder = NULL; + IMAPIFolder* folder = NULL, *draft_folder = NULL; LPENTRYID entry_id; LPSPropValue props; ULONG entry_len; @@ -151,10 +151,10 @@ goto logoff; IMsgStore_OpenEntry(msg_store, props[0].Value.bin.cb, (LPENTRYID) props[0].Value.bin.lpb, - NULL, MAPI_MODIFY, &obj_type, (LPUNKNOWN *) &folder); + NULL, MAPI_MODIFY, &obj_type, (LPUNKNOWN *) &draft_folder); /* Create a new message */ - if (IMAPIFolder_CreateMessage(folder, NULL, 0, &msg) == S_OK) + if (IMAPIFolder_CreateMessage(draft_folder, NULL, 0, &msg) == S_OK) { ULONG token; SPropValue p; @@ -329,7 +329,7 @@ { /* Show the message form (edit window) */ - ret = IMAPISession_ShowForm(session, 0, msg_store, folder, NULL, + ret = IMAPISession_ShowForm(session, 0, msg_store, draft_folder, NULL, token, NULL, 0, status, flags, access, props->Value.lpszA); @@ -354,7 +354,8 @@ } /* Free up the resources we've used */ - IMAPIFolder_Release(folder); + IMAPIFolder_Release(draft_folder); + if (folder) IMAPIFolder_Release(folder); IMsgStore_Release(msg_store); logoff: ; Modified: trunk/reactos/dll/win32/mapi32/util.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/mapi32/util.c?re… ============================================================================== --- trunk/reactos/dll/win32/mapi32/util.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/mapi32/util.c [iso-8859-1] Sat Dec 5 20:47:30 2009 @@ -68,6 +68,9 @@ */ SCODE WINAPI ScInitMapiUtil(ULONG ulReserved) { + if (mapiFunctions.ScInitMapiUtil) + return mapiFunctions.ScInitMapiUtil(ulReserved); + FIXME("(0x%08x)stub!\n", ulReserved); if (ulReserved) return MAPI_E_INVALID_PARAMETER; @@ -91,7 +94,10 @@ */ VOID WINAPI DeinitMapiUtil(void) { - FIXME("()stub!\n"); + if (mapiFunctions.DeinitMapiUtil) + mapiFunctions.DeinitMapiUtil(); + else + FIXME("()stub!\n"); } typedef LPVOID *LPMAPIALLOCBUFFER; @@ -124,6 +130,9 @@ TRACE("(%d,%p)\n", cbSize, lppBuffer); + if (mapiFunctions.MAPIAllocateBuffer) + return mapiFunctions.MAPIAllocateBuffer(cbSize, lppBuffer); + if (!lppBuffer) return E_INVALIDARG; @@ -163,6 +172,9 @@ LPMAPIALLOCBUFFER lpBuff = lpOrig; TRACE("(%d,%p,%p)\n", cbSize, lpOrig, lppBuffer); + + if (mapiFunctions.MAPIAllocateMore) + return mapiFunctions.MAPIAllocateMore(cbSize, lpOrig, lppBuffer); if (!lppBuffer || !lpBuff || !--lpBuff) return E_INVALIDARG; @@ -200,6 +212,9 @@ TRACE("(%p)\n", lpBuffer); + if (mapiFunctions.MAPIFreeBuffer) + return mapiFunctions.MAPIFreeBuffer(lpBuffer); + if (lpBuff && --lpBuff) { while (lpBuff) @@ -239,6 +254,9 @@ */ HRESULT WINAPI HrThisThreadAdviseSink(LPMAPIADVISESINK lpSink, LPMAPIADVISESINK* lppNewSink) { + if (mapiFunctions.HrThisThreadAdviseSink) + return mapiFunctions.HrThisThreadAdviseSink(lpSink, lppNewSink); + FIXME("(%p,%p)semi-stub\n", lpSink, lppNewSink); if (!lpSink || !lppNewSink) @@ -695,6 +713,9 @@ TRACE("(%p,%p,0x%08x,%s,%s,%p)\n", lpAlloc, lpFree, ulFlags, debugstr_a((LPSTR)lpszPath), debugstr_a((LPSTR)lpszPrefix), lppStream); + if (mapiFunctions.OpenStreamOnFile) + return mapiFunctions.OpenStreamOnFile(lpAlloc, lpFree, ulFlags, lpszPath, lpszPrefix, lppStream); + if (lppStream) *lppStream = NULL; @@ -857,6 +878,9 @@ TRACE("%s %s %p %u %d\n", component, qualifier, dll_path, dll_path_length, install); + if (mapiFunctions.FGetComponentPath) + return mapiFunctions.FGetComponentPath(component, qualifier, dll_path, dll_path_length, install); + dll_path[0] = 0; hmsi = LoadLibraryA("msi.dll"); @@ -903,6 +927,9 @@ LPSRestriction lpRestriction, LPSSortOrderSet lpSortOrderSet, LONG crowsMax, LPSRowSet *lppRows) { + if (mapiFunctions.HrQueryAllRows) + return mapiFunctions.HrQueryAllRows(lpTable, lpPropTags, lpRestriction, lpSortOrderSet, crowsMax, lppRows); + FIXME("(%p, %p, %p, %p, %d, %p): stub\n", lpTable, lpPropTags, lpRestriction, lpSortOrderSet, crowsMax, lppRows); *lppRows = NULL; return MAPI_E_CALL_FAILED; @@ -1057,7 +1084,20 @@ mapiFunctions.MAPILogonEx = (void*) GetProcAddress(mapi_ex_provider, "MAPILogonEx"); mapiFunctions.MAPIUninitialize = (void*) GetProcAddress(mapi_ex_provider, "MAPIUninitialize"); + mapiFunctions.DeinitMapiUtil = (void*) GetProcAddress(mapi_ex_provider, "DeinitMapiUtil@0"); + mapiFunctions.DllCanUnloadNow = (void*) GetProcAddress(mapi_ex_provider, "DllCanUnloadNow"); mapiFunctions.DllGetClassObject = (void*) GetProcAddress(mapi_ex_provider, "DllGetClassObject"); + mapiFunctions.FGetComponentPath = (void*) GetProcAddress(mapi_ex_provider, "FGetComponentPath"); + mapiFunctions.HrThisThreadAdviseSink = (void*) GetProcAddress(mapi_ex_provider, "HrThisThreadAdviseSink@8"); + mapiFunctions.HrQueryAllRows = (void*) GetProcAddress(mapi_ex_provider, "HrQueryAllRows@24"); + mapiFunctions.MAPIAdminProfiles = (void*) GetProcAddress(mapi_ex_provider, "MAPIAdminProfiles"); + mapiFunctions.MAPIAllocateBuffer = (void*) GetProcAddress(mapi_ex_provider, "MAPIAllocateBuffer"); + mapiFunctions.MAPIAllocateMore = (void*) GetProcAddress(mapi_ex_provider, "MAPIAllocateMore"); + mapiFunctions.MAPIFreeBuffer = (void*) GetProcAddress(mapi_ex_provider, "MAPIFreeBuffer"); + mapiFunctions.MAPIGetDefaultMalloc = (void*) GetProcAddress(mapi_ex_provider, "MAPIGetDefaultMalloc@0"); + mapiFunctions.MAPIOpenLocalFormContainer = (void *) GetProcAddress(mapi_ex_provider, "MAPIOpenLocalFormContainer"); + mapiFunctions.OpenStreamOnFile = (void*) GetProcAddress(mapi_ex_provider, "OpenStreamOnFile@24"); + mapiFunctions.ScInitMapiUtil = (void*) GetProcAddress(mapi_ex_provider, "ScInitMapiUtil@4"); } cleanUp: Modified: trunk/reactos/dll/win32/mapi32/util.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/mapi32/util.h?re… ============================================================================== --- trunk/reactos/dll/win32/mapi32/util.h [iso-8859-1] (original) +++ trunk/reactos/dll/win32/mapi32/util.h [iso-8859-1] Sat Dec 5 20:47:30 2009 @@ -44,7 +44,20 @@ LPMAPISENDDOCUMENTS MAPISendDocuments; LPMAPIUNINITIALIZE MAPIUninitialize; - HRESULT (WINAPI *DllGetClassObject)(REFCLSID, REFIID, LPVOID *); + VOID (WINAPI *DeinitMapiUtil) (void); + HRESULT (WINAPI *DllCanUnloadNow) (void); + HRESULT (WINAPI *DllGetClassObject) (REFCLSID, REFIID, LPVOID *); + BOOL (WINAPI *FGetComponentPath) (LPCSTR, LPCSTR, LPSTR, DWORD, BOOL); + HRESULT (WINAPI *MAPIAdminProfiles) (ULONG, LPPROFADMIN *); + SCODE (WINAPI *MAPIAllocateBuffer) (ULONG, LPVOID *); + SCODE (WINAPI *MAPIAllocateMore) (ULONG, LPVOID, LPVOID *); + ULONG (WINAPI *MAPIFreeBuffer) (LPVOID); + LPMALLOC (WINAPI *MAPIGetDefaultMalloc) (void); + HRESULT (WINAPI *MAPIOpenLocalFormContainer) (LPVOID *); + HRESULT (WINAPI *HrThisThreadAdviseSink) (LPMAPIADVISESINK, LPMAPIADVISESINK*); + HRESULT (WINAPI *HrQueryAllRows) (LPMAPITABLE, LPSPropTagArray, LPSRestriction, LPSSortOrderSet, LONG, LPSRowSet *); + HRESULT (WINAPI *OpenStreamOnFile) (LPALLOCATEBUFFER, LPFREEBUFFER, ULONG, LPWSTR, LPWSTR, LPSTREAM *); + SCODE (WINAPI *ScInitMapiUtil) (ULONG ulReserved); } MAPI_FUNCTIONS; extern MAPI_FUNCTIONS mapiFunctions;

15 years

[gadamopoulos] 44419: [kernel32] Enable code to initialize the activation context when calling CreateThread See issue #4983 for more details.

by gadamopoulos＠svn.reactos.org

Author: gadamopoulos Date: Sat Dec 5 20:46:33 2009 New Revision: 44419 URL: http://svn.reactos.org/svn/reactos?rev=44419&view=rev Log: [kernel32] Enable code to initialize the activation context when calling CreateThread See issue #4983 for more details. Modified: trunk/reactos/dll/win32/kernel32/thread/thread.c Modified: trunk/reactos/dll/win32/kernel32/thread/thread.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/kernel32/thread/… ============================================================================== --- trunk/reactos/dll/win32/kernel32/thread/thread.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/kernel32/thread/thread.c [iso-8859-1] Sat Dec 5 20:46:33 2009 @@ -158,7 +158,6 @@ return NULL; } - #ifdef SXS_SUPPORT_ENABLED /* Are we in the same process? */ if (hProcess == NtCurrentProcess()) { @@ -215,7 +214,6 @@ else DPRINT1("RtlAllocateActivationContextStack failed %x\n", Status); } - #endif /* FIXME: Notify CSR */

15 years

← Newer
1
...
39
40
41
42
43
44
45
...
51
Older →

Jump to page:

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

Ros-diffs December 2009