Juan Lang : crypt32: Partially implement checking name constraints with directory names.

Wed Nov 18 09:40:39 CST 2009

Module: wine
Branch: master
Commit: f6d3348b7c52cb00f1d21bdbe4241296eb0ba2a6
URL:    http://source.winehq.org/git/wine.git/?a=commit;h=f6d3348b7c52cb00f1d21bdbe4241296eb0ba2a6

Author: Juan Lang <juan.lang at gmail.com>
Date:   Tue Nov 17 11:25:13 2009 -0800

crypt32: Partially implement checking name constraints with directory names.

---

 dlls/crypt32/chain.c |   25 +++++++++++++++++++++++++
 1 files changed, 25 insertions(+), 0 deletions(-)

diff --git a/dlls/crypt32/chain.c b/dlls/crypt32/chain.c
index 2965a56..704d974 100644
--- a/dlls/crypt32/chain.c
+++ b/dlls/crypt32/chain.c
@@ -720,6 +720,28 @@ static BOOL ip_address_matches(const CRYPT_DATA_BLOB *constraint,
     return match;
 }
 
+static BOOL directory_name_matches(const CERT_NAME_BLOB *constraint,
+ const CERT_NAME_BLOB *name)
+{
+    CERT_NAME_INFO *constraintName;
+    DWORD size;
+    BOOL match = FALSE;
+
+    if (CryptDecodeObjectEx(X509_ASN_ENCODING, X509_NAME, constraint->pbData,
+     constraint->cbData, CRYPT_DECODE_ALLOC_FLAG, NULL, &constraintName, &size))
+    {
+        DWORD i;
+
+        match = TRUE;
+        for (i = 0; match && i < constraintName->cRDN; i++)
+            match = CertIsRDNAttrsInCertificateName(X509_ASN_ENCODING,
+             CERT_CASE_INSENSITIVE_IS_RDN_ATTRS_FLAG,
+             (CERT_NAME_BLOB *)name, &constraintName->rgRDN[i]);
+        LocalFree(constraintName);
+    }
+    return match;
+}
+
 static BOOL alt_name_matches(const CERT_ALT_NAME_ENTRY *name,
  const CERT_ALT_NAME_ENTRY *constraint, DWORD *trustErrorStatus)
 {
@@ -746,6 +768,9 @@ static BOOL alt_name_matches(const CERT_ALT_NAME_ENTRY *name,
              &name->u.IPAddress, trustErrorStatus);
             break;
         case CERT_ALT_NAME_DIRECTORY_NAME:
+            match = directory_name_matches(&constraint->u.DirectoryName,
+             &name->u.DirectoryName);
+            break;
         default:
             ERR("name choice %d unsupported in this context\n",
              constraint->dwAltNameChoice);


