Juan Lang : crypt32: Partially implement checking name constraints with directory names.
Alexandre Julliard
julliard at winehq.org
Wed Nov 18 09:40:39 CST 2009
Module: wine
Branch: master
Commit: f6d3348b7c52cb00f1d21bdbe4241296eb0ba2a6
URL: http://source.winehq.org/git/wine.git/?a=commit;h=f6d3348b7c52cb00f1d21bdbe4241296eb0ba2a6
Author: Juan Lang <juan.lang at gmail.com>
Date: Tue Nov 17 11:25:13 2009 -0800
crypt32: Partially implement checking name constraints with directory names.
---
dlls/crypt32/chain.c | 25 +++++++++++++++++++++++++
1 files changed, 25 insertions(+), 0 deletions(-)
diff --git a/dlls/crypt32/chain.c b/dlls/crypt32/chain.c
index 2965a56..704d974 100644
--- a/dlls/crypt32/chain.c
+++ b/dlls/crypt32/chain.c
@@ -720,6 +720,28 @@ static BOOL ip_address_matches(const CRYPT_DATA_BLOB *constraint,
return match;
}
+static BOOL directory_name_matches(const CERT_NAME_BLOB *constraint,
+ const CERT_NAME_BLOB *name)
+{
+ CERT_NAME_INFO *constraintName;
+ DWORD size;
+ BOOL match = FALSE;
+
+ if (CryptDecodeObjectEx(X509_ASN_ENCODING, X509_NAME, constraint->pbData,
+ constraint->cbData, CRYPT_DECODE_ALLOC_FLAG, NULL, &constraintName, &size))
+ {
+ DWORD i;
+
+ match = TRUE;
+ for (i = 0; match && i < constraintName->cRDN; i++)
+ match = CertIsRDNAttrsInCertificateName(X509_ASN_ENCODING,
+ CERT_CASE_INSENSITIVE_IS_RDN_ATTRS_FLAG,
+ (CERT_NAME_BLOB *)name, &constraintName->rgRDN[i]);
+ LocalFree(constraintName);
+ }
+ return match;
+}
+
static BOOL alt_name_matches(const CERT_ALT_NAME_ENTRY *name,
const CERT_ALT_NAME_ENTRY *constraint, DWORD *trustErrorStatus)
{
@@ -746,6 +768,9 @@ static BOOL alt_name_matches(const CERT_ALT_NAME_ENTRY *name,
&name->u.IPAddress, trustErrorStatus);
break;
case CERT_ALT_NAME_DIRECTORY_NAME:
+ match = directory_name_matches(&constraint->u.DirectoryName,
+ &name->u.DirectoryName);
+ break;
default:
ERR("name choice %d unsupported in this context\n",
constraint->dwAltNameChoice);
More information about the wine-cvs
mailing list