archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 5c6fe3db62
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c6fe3db62'
${ noResults }
windows-server-2003/admin/admt/arext/scmmigr/crypt.cxx

307 lines
6.2 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (c) 2002 Microsoft Corporation
  5. Module Name:
  7. crypt.hxx
  9. Abstract:
  11. CSecureString: Encrypted string for holding passwords
  13. History:
  15. 12-April-2002 MattRim Created
  16. 6-June-2002 MattRim Adapted for ADMT use
  18. --*/
  21. #include "stdafx.h"
  22. #include <wincrypt.h>
  23. #include <comutil.h>
  24. #include "crypt.hxx"
  26. #define BAIL() goto exit;
  28. CSecureString::CSecureString() :
  29. m_fEncrypted(false),
  30. m_fEmpty(true),
  31. m_pszUnencryptedString(NULL)
  32. {
  33. m_EncryptedData.pbData = NULL;
  34. m_EncryptedData.cbData = 0;
  36. return;
  37. }
  40. CSecureString::~CSecureString()
  41. {
  42. Reset();
  44. return;
  45. }
  48. void
  49. CSecureString::Reset()
  50. {
  51. if (m_pszUnencryptedString) {
  53. SecureZeroMemory(m_pszUnencryptedString, wcslen(m_pszUnencryptedString) * sizeof(WCHAR));
  54. delete [] m_pszUnencryptedString;
  55. m_pszUnencryptedString = NULL;
  56. }
  58. if (m_EncryptedData.pbData) {
  60. SecureZeroMemory(m_EncryptedData.pbData, m_EncryptedData.cbData);
  61. LocalFree(m_EncryptedData.pbData);
  63. m_EncryptedData.pbData = NULL;
  64. m_EncryptedData.cbData = 0;
  65. }
  67. m_fEmpty = true;
  69. return;
  70. }
  72. CSecureString&
  73. CSecureString::operator=(const CSecureString& rhs)
  74. {
  75. bool fSucceeded = false;
  77. //
  78. // Free up our existing contents and reset to an empty state
  79. //
  80. Reset();
  83. //
  84. // Copy the object
  85. //
  86. m_fEncrypted = rhs.m_fEncrypted;
  87. m_fEmpty = rhs.m_fEmpty;
  89. if (rhs.m_pszUnencryptedString) {
  91. m_pszUnencryptedString = new WCHAR[wcslen(rhs.m_pszUnencryptedString)+1];
  92. if (!m_pszUnencryptedString) {
  94. BAIL();
  95. }
  97. wcscpy(m_pszUnencryptedString, rhs.m_pszUnencryptedString);
  98. }
  101. if (rhs.m_EncryptedData.pbData) {
  103. m_EncryptedData.pbData = new BYTE[rhs.m_EncryptedData.cbData];
  104. if (!m_EncryptedData.pbData) {
  106. BAIL();
  107. }
  109. m_EncryptedData.cbData = rhs.m_EncryptedData.cbData;
  110. memcpy(m_EncryptedData.pbData, rhs.m_EncryptedData.pbData, rhs.m_EncryptedData.cbData);
  111. }
  113. fSucceeded = true;
  115. exit:
  117. if (!fSucceeded) {
  119. Reset();
  120. _com_issue_error(E_OUTOFMEMORY);
  121. }
  123. return *this;
  124. }
  127. CSecureString&
  128. CSecureString::operator=(const PWCHAR& rhs)
  129. {
  130. bool fSucceeded = false;
  132. //
  133. // Free up our existing contents and reset to an empty state
  134. //
  135. Reset();
  137. //
  138. // If we're being set to an empty string, nothing much
  139. // to do.
  140. //
  142. if (rhs == NULL || rhs[0] == L'\0') {
  144. // we're done, empty string
  145. return *this;
  146. }
  148. //
  149. // Non-empty string, do the encryption
  150. //
  151. if (GenerateEncryptedData(rhs)) {
  153. fSucceeded = true;
  154. }
  157. if (!fSucceeded) {
  159. Reset();
  160. _com_issue_error(E_OUTOFMEMORY);
  161. }
  163. m_fEncrypted = true;
  164. m_fEmpty = false;
  166. return *this;
  167. }
  170. bool
  171. CSecureString::Decrypt()
  172. {
  174. DATA_BLOB DecryptedData = {0, NULL};
  175. DWORD dwStringLength = 0;
  177. bool fSuccess = false;
  179. //
  180. // Validate
  181. //
  183. // if already decrypted, or nothing to decrypt, nothing to do
  184. if (!m_fEncrypted || m_EncryptedData.pbData == NULL) {
  186. m_fEncrypted = false;
  187. fSuccess = true;
  188. BAIL();
  189. }
  192. //
  193. // Try to decrypt the data
  194. //
  195. if (!CryptUnprotectData(&m_EncryptedData, // encrypted data
  196. NULL, // description
  197. NULL, // entropy
  198. NULL, // reserved
  199. NULL, // prompt structure
  200. CRYPTPROTECT_UI_FORBIDDEN, // no UI
  201. &DecryptedData)) {
  203. BAIL()
  204. }
  207. //
  208. // Copy the decrypted string into m_pszUnencryptedString
  209. //
  210. dwStringLength = DecryptedData.cbData / sizeof(WCHAR);
  211. m_pszUnencryptedString = new WCHAR[dwStringLength];
  212. if (!m_pszUnencryptedString) {
  214. BAIL();
  215. }
  217. memcpy(m_pszUnencryptedString, DecryptedData.pbData, DecryptedData.cbData);
  219. m_fEncrypted = false;
  220. fSuccess = true;
  222. exit:
  224. if (DecryptedData.pbData) {
  226. SecureZeroMemory (DecryptedData.pbData, DecryptedData.cbData);
  227. LocalFree(DecryptedData.pbData);
  228. }
  230. return fSuccess;
  231. }
  234. void
  235. CSecureString::ReleaseString()
  236. {
  238. //
  239. // We always store an encrypted copy of the data, so this is basically a no-op.
  240. // We just need to destroy the unencrypted buffer.
  241. //
  243. if (m_pszUnencryptedString) {
  245. SecureZeroMemory(m_pszUnencryptedString, wcslen(m_pszUnencryptedString) * sizeof(WCHAR));
  246. delete [] m_pszUnencryptedString;
  247. m_pszUnencryptedString = NULL;
  248. }
  250. m_fEncrypted = true;
  252. return;
  253. }
  256. bool
  257. CSecureString::GetString(PWCHAR *ppszString)
  258. {
  260. *ppszString = NULL;
  262. if (m_fEncrypted) {
  264. if (!Decrypt()) {
  266. return false;
  267. }
  268. }
  270. *ppszString = m_pszUnencryptedString;
  272. return true;
  273. }
  276. bool
  277. CSecureString::GenerateEncryptedData(const PWCHAR pszSource)
  278. {
  279. DATA_BLOB RawData = {0, NULL};
  280. bool fSuccess = false;
  282. _ASSERT(pszSource != NULL);
  284. RawData.pbData = reinterpret_cast<PBYTE>(const_cast<PWCHAR>(pszSource));
  285. RawData.cbData = (wcslen(pszSource)+1) * sizeof(WCHAR);
  287. if (!CryptProtectData(&RawData, // unencrypted data
  288. L"", // description -- note: this cannot be NULL before XP
  289. NULL, // entropy
  290. NULL, // reserved
  291. NULL, // prompt structure
  292. CRYPTPROTECT_UI_FORBIDDEN | CRYPTPROTECT_LOCAL_MACHINE, // flags
  293. &m_EncryptedData)) {
  295. BAIL()
  296. }
  298. _ASSERT(m_EncryptedData.pbData != NULL);
  299. _ASSERT(m_EncryptedData.cbData != 0);
  301. fSuccess = true;
  303. exit:
  305. return fSuccess;
  306. }