archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 5c6fe3db62
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c6fe3db62'
${ noResults }
windows-server-2003/inetsrv/iis/setup/osrc/setpass.cpp

310 lines
7.8 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. #include "stdafx.h"
  2. #include "setpass.h"
  4. #ifndef _CHICAGO_
  6. #include "inetinfo.h"
  7. #include "inetcom.h"
  9. //
  10. // Quick macro to initialize a unicode string
  11. //
  13. #define InitUnicodeString( pUnicode, pwch ) \
  14. { \
  15. (pUnicode)->Buffer = (PWCH)pwch; \
  16. (pUnicode)->Length = (pwch == NULL )? 0: (wcslen( pwch ) * sizeof(WCHAR)); \
  17. (pUnicode)->MaximumLength = (pUnicode)->Length + sizeof(WCHAR);\
  18. }
  20. BOOL GetSecret(
  21. IN LPCTSTR pszSecretName,
  22. OUT TSTR *strSecret
  23. )
  24. /*++
  25. Description:
  27. Retrieves the specified unicode secret
  29. Arguments:
  31. pszSecretName - LSA Secret to retrieve
  32. pbufSecret - Receives found secret
  34. Returns:
  35. TRUE on success and FALSE if any failure.
  37. --*/
  38. {
  39. BOOL fResult;
  40. NTSTATUS ntStatus;
  41. PUNICODE_STRING punicodePassword = NULL;
  42. UNICODE_STRING unicodeSecret;
  43. LSA_HANDLE hPolicy;
  44. OBJECT_ATTRIBUTES ObjectAttributes;
  45. WCHAR wszSecretName[_MAX_PATH];
  47. if ( ( _tcslen( wszSecretName ) / sizeof (TCHAR) ) >= MAXUSHORT )
  48. {
  49. // Lets check to make sure that the implicit conversion in
  50. // InitUnicodeString further down is not a problem
  51. return FALSE;
  52. }
  54. #if defined(UNICODE) || defined(_UNICODE)
  55. _tcscpy(wszSecretName, pszSecretName);
  56. #else
  57. MultiByteToWideChar(CP_ACP, 0, (LPCSTR)pszSecretName, -1, (LPWSTR)wszSecretName, _MAX_PATH);
  58. #endif
  60. //
  61. // Open a policy to the remote LSA
  62. //
  64. InitializeObjectAttributes( &ObjectAttributes,
  65. NULL,
  66. 0L,
  67. NULL,
  68. NULL );
  70. ntStatus = LsaOpenPolicy( NULL,
  71. &ObjectAttributes,
  72. POLICY_ALL_ACCESS,
  73. &hPolicy );
  75. if ( !NT_SUCCESS( ntStatus ) )
  76. {
  77. SetLastError( LsaNtStatusToWinError( ntStatus ) );
  78. return FALSE;
  79. }
  81. #pragma warning( disable : 4244 )
  82. // InitUnicodeString is a #def, that does a implicit conversion from size_t to
  83. // USHORT. Since I can not change the #def, I am disabling the warning
  84. InitUnicodeString( &unicodeSecret, wszSecretName );
  85. #pragma warning( default : 4244 )
  87. //
  88. // Query the secret value.
  89. //
  91. ntStatus = LsaRetrievePrivateData( hPolicy,
  92. &unicodeSecret,
  93. &punicodePassword );
  95. if( NT_SUCCESS(ntStatus) && (NULL !=punicodePassword))
  96. {
  97. DWORD cbNeeded;
  99. cbNeeded = punicodePassword->Length + sizeof(WCHAR);
  101. strSecret->MarkSensitiveData( TRUE );
  103. if ( !strSecret->Resize( cbNeeded ) )
  104. {
  105. ntStatus = STATUS_NO_MEMORY;
  106. goto Failure;
  107. }
  109. memcpy( strSecret->QueryStr(),
  110. punicodePassword->Buffer,
  111. punicodePassword->Length );
  113. *((WCHAR *) strSecret->QueryStr() +
  114. punicodePassword->Length / sizeof(WCHAR)) = L'\0';
  116. SecureZeroMemory( punicodePassword->Buffer,
  117. punicodePassword->MaximumLength );
  118. }
  119. else if ( !NT_SUCCESS(ntStatus) )
  120. {
  121. ntStatus = STATUS_UNSUCCESSFUL;
  122. }
  124. Failure:
  126. fResult = NT_SUCCESS(ntStatus);
  128. //
  129. // Cleanup & exit.
  130. //
  132. if( punicodePassword != NULL )
  133. {
  134. LsaFreeMemory( (PVOID)punicodePassword );
  135. }
  137. LsaClose( hPolicy );
  139. if ( !fResult )
  140. SetLastError( LsaNtStatusToWinError( ntStatus ));
  142. return fResult;
  144. }
  146. BOOL GetAnonymousSecret(
  147. IN LPCTSTR pszSecretName,
  148. OUT TSTR *pstrPassword
  149. )
  150. {
  151. LPWSTR pwsz = NULL;
  152. BOOL bRet = FALSE;
  153. BUFFER bufSecret;
  155. // Mark this password as sensitive data
  156. pstrPassword->MarkSensitiveData( TRUE );
  158. if ( !GetSecret( pszSecretName, pstrPassword ))
  159. {
  160. return FALSE;
  161. }
  163. return TRUE;
  164. }
  166. BOOL GetRootSecret(
  167. IN LPCTSTR pszRoot,
  168. IN LPCTSTR pszSecretName,
  169. OUT LPTSTR pszPassword
  170. )
  171. /*++
  172. Description:
  174. This function retrieves the password for the specified root & address
  176. Arguments:
  178. pszRoot - Name of root + address in the form "/root,<address>".
  179. pszSecretName - Virtual Root password secret name
  180. pszPassword - Receives password, must be at least PWLEN+1 characters
  182. Returns:
  183. TRUE on success and FALSE if any failure.
  185. --*/
  186. {
  187. TSTR strSecret;
  188. LPWSTR pwsz;
  189. LPWSTR pwszTerm;
  190. LPWSTR pwszNextLine;
  191. WCHAR wszRoot[_MAX_PATH];
  194. if ( !GetSecret( pszSecretName, &strSecret ))
  195. return FALSE;
  197. pwsz = strSecret.QueryStr();
  199. //
  200. // Scan the list of roots looking for a match. The list looks like:
  201. //
  202. // <root>,<address>=<password>\0
  203. // <root>,<address>=<password>\0
  204. // \0
  205. //
  207. #if defined(UNICODE) || defined(_UNICODE)
  208. _tcscpy(wszRoot, pszRoot);
  209. #else
  210. MultiByteToWideChar(CP_ACP, 0, (LPCSTR)pszRoot, -1, (LPWSTR)wszRoot, _MAX_PATH);
  211. #endif
  213. while ( *pwsz )
  214. {
  215. pwszNextLine = pwsz + wcslen(pwsz) + 1;
  217. pwszTerm = wcschr( pwsz, L'=' );
  219. if ( !pwszTerm )
  220. goto NextLine;
  222. *pwszTerm = L'\0';
  224. if ( !_wcsicmp( wszRoot, pwsz ) )
  225. {
  226. //
  227. // We found a match, copy the password
  228. //
  230. #if defined(UNICODE) || defined(_UNICODE)
  231. _tcscpy(pszPassword, pwszTerm+1);
  232. #else
  233. cch = WideCharToMultiByte( CP_ACP,
  234. WC_COMPOSITECHECK,
  235. pwszTerm + 1,
  236. -1,
  237. pszPassword,
  238. PWLEN + sizeof(CHAR),
  239. NULL,
  240. NULL );
  241. pszPassword[cch] = '\0';
  242. #endif
  243. return TRUE;
  244. }
  246. NextLine:
  247. pwsz = pwszNextLine;
  248. }
  250. //
  251. // If the matching root wasn't found, default to the empty password
  252. //
  254. *pszPassword = _T('\0');
  256. return TRUE;
  257. }
  260. //
  261. // Saves password in LSA private data (LSA Secret).
  262. //
  263. DWORD SetSecret(IN LPCTSTR pszKeyName,IN LPCTSTR pszPassword)
  264. {
  265. DWORD dwError = ERROR_NOT_ENOUGH_MEMORY;
  266. LSA_HANDLE hPolicy = NULL;
  267. DWORD dwPasswordSize = wcslen(pszPassword) * sizeof(WCHAR);
  268. DWORD dwKeyNameSize = wcslen(pszKeyName) * sizeof(WCHAR);
  270. if ( ( dwPasswordSize >= MAXUSHORT ) ||
  271. ( dwKeyNameSize >= MAXUSHORT )
  272. )
  273. {
  274. return dwError;
  275. }
  277. try
  278. {
  279. LSA_OBJECT_ATTRIBUTES lsaoa = { sizeof(LSA_OBJECT_ATTRIBUTES), NULL, NULL, 0, NULL, NULL };
  281. dwError = LsaNtStatusToWinError( LsaOpenPolicy(NULL, &lsaoa, POLICY_CREATE_SECRET, &hPolicy) );
  283. if ( dwError != ERROR_SUCCESS )
  284. {
  285. return dwError;
  286. }
  288. LSA_UNICODE_STRING lsausKeyName = { (USHORT) dwKeyNameSize,
  289. (USHORT) dwKeyNameSize,
  290. const_cast<PWSTR>(pszKeyName) };
  291. LSA_UNICODE_STRING lsausPrivateData = { (USHORT) dwPasswordSize,
  292. (USHORT) dwPasswordSize,
  293. const_cast<PWSTR>(pszPassword) };
  295. dwError = LsaNtStatusToWinError( LsaStorePrivateData(hPolicy, &lsausKeyName, &lsausPrivateData) );
  296. }
  297. catch (...)
  298. {
  299. dwError = ERROR_NOT_ENOUGH_MEMORY;
  300. }
  302. if (hPolicy)
  303. {
  304. LsaClose(hPolicy);
  305. }
  307. return dwError;
  308. }
  310. #endif //_CHICAGO_