/// <summary>
/// Central store path for certificates. Returns exception if not configured or cannot be returned.
/// </summary>
public static string CentralStorePath(ILoggerInterface logger)
{
if (!CentralStoreEnabled())
{
throw new Exception(
"IIS Central store path not enabled or installed. Please check https://blogs.msdn.microsoft.com/kaushal/2012/10/11/central-certificate-store-ccs-with-iis-8-windows-server-2012/");
}
string certStoreLocation = Convert.ToString(UtilsRegistry.GetRegistryKeyValue64(
RegistryHive.LocalMachine,
"SOFTWARE\\Microsoft\\IIS\\CentralCertProvider",
"CertStoreLocation",
string.Empty));
if (string.IsNullOrWhiteSpace(certStoreLocation))
{
throw new Exception("IIS Central store location not configured");
}
var resolvedCertStoreLocation = certStoreLocation;
if (UtilsJunction.IsJunctionOrSymlink(certStoreLocation))
{
resolvedCertStoreLocation = UtilsJunction.ResolvePath(resolvedCertStoreLocation);
}
if (UtilsSystem.IsNetworkPath(resolvedCertStoreLocation))
{
logger.LogWarning(true, "Central Certificate Store Path is located on a network share [{0}]. This has proven to be unstable as CCS will cache corrupted certificates when it is unable to read from the network share.", certStoreLocation);
}
return(certStoreLocation);
}
/// <summary>
/// Check if central certificate store is enabled
/// </summary>
/// <returns></returns>
public static bool CentralStoreEnabled()
{
// We need to read the registry to check that this is enabled
// in IIS and that the path is properly configured
int.TryParse(
UtilsRegistry.GetRegistryKeyValue64(
RegistryHive.LocalMachine,
"SOFTWARE\\Microsoft\\IIS\\CentralCertProvider",
"Enabled",
0)?.ToString(), out int enabled);
return(enabled == 1);
}
/// <summary>
/// https://serverfault.com/questions/89245/how-to-move-c-inetpub-temp-apppools-to-another-disk
/// https://support.microsoft.com/es-es/help/954864/description-of-the-registry-keys-that-are-used-by-iis-7-0-iis-7-5-and
/// </summary>
/// <returns></returns>
public static string GetConfigIsolationPath()
{
var path = Convert.ToString(UtilsRegistry.GetRegistryKeyValue64(
RegistryHive.LocalMachine,
"System\\CurrentControlSet\\Services\\WAS\\Parameters",
"ConfigIsolationPath",
(string)null));
if (string.IsNullOrWhiteSpace(path))
{
path = Environment.ExpandEnvironmentVariables("%systemdrive%\\inetpub\\temp\\apppools");
}
return(path);
}
private static List <Handle> GetProcessesThatBlockPathHandle(string path, ILoggerInterface logger, bool logDetails = false)
{
if (!File.Exists(path) && !Directory.Exists(path))
{
return(new List <Handle>());
}
string key = "SOFTWARE\\Sysinternals\\Handle";
string name = "EulaAccepted";
// This Utility has an EULA GUI on first run... try to avoid that
// by manually setting the registry
int?eulaaccepted64 = (int?)UtilsRegistry.GetRegistryKeyValue64(RegistryHive.CurrentUser, key, name, null);
int?eulaaccepted32 = (int?)UtilsRegistry.GetRegistryKeyValue32(RegistryHive.CurrentUser, key, name, null);
bool eulaaccepted = (eulaaccepted32 == 1 && eulaaccepted64 == 1);
if (!eulaaccepted)
{
UtilsRegistry.SetRegistryValue(RegistryHive.CurrentUser, key, name, 1, RegistryValueKind.DWord);
}
// Normalize the path, to ensure that long path is not used, otherwise handle.exe won't work as expected
string fileName = UtilsSystem.RemoveLongPathSupport(path);
List <Handle> result = new List <Handle>();
string outputTool = string.Empty;
// Gather the handle.exe from the embeded resource and into a temp file
var handleexe = UtilsSystem.GetTempPath("handle") + Guid.NewGuid().ToString().Replace("-", "_") + ".exe";
UtilsSystem.EmbededResourceToFile(Assembly.GetExecutingAssembly(), "_Resources.Handle.exe", handleexe);
try
{
using (Process tool = new Process())
{
tool.StartInfo.FileName = handleexe;
tool.StartInfo.Arguments = fileName;
tool.StartInfo.UseShellExecute = false;
tool.StartInfo.Verb = "runas";
tool.StartInfo.RedirectStandardOutput = true;
tool.Start();
outputTool = tool.StandardOutput.ReadToEnd();
tool.WaitForExit(1000);
if (!tool.HasExited)
{
tool.Kill();
}
}
}
catch (Exception e)
{
logger.LogException(e, EventLogEntryType.Warning);
}
finally
{
UtilsSystem.DeleteFile(handleexe, logger, 5);
}
string matchPattern = @"(?<=\s+pid:\s+)\b(\d+)\b(?=\s+)";
foreach (Match match in Regex.Matches(outputTool, matchPattern))
{
if (int.TryParse(match.Value, out var pid))
{
if (result.All(i => i.pid != pid))
{
result.Add(new Handle()
{
pid = pid
});
}
}
}
if (result.Any() && logDetails)
{
logger?.LogInfo(true, outputTool);
}
return(result);
}
