archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 5c6fe3db62
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c6fe3db62'
${ noResults }
windows-server-2003/net/rras/ras/rassfm/cleartxt.c

669 lines
15 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. ///////////////////////////////////////////////////////////////////////////////
  2. //
  3. // Copyright (c) Microsoft Corp. All rights reserved.
  4. //
  5. // FILE
  6. //
  7. // cleartxt.c
  8. //
  9. // SYNOPSIS
  10. //
  11. // Defines functions for storing and retrieving cleartext passwords.
  12. //
  13. // MODIFICATION HISTORY
  14. //
  15. // 08/31/1998 Original version.
  16. //
  17. ///////////////////////////////////////////////////////////////////////////////
  19. #include <nt.h>
  20. #include <ntrtl.h>
  21. #include <nturtl.h>
  22. #include <ntlsa.h>
  23. #include <windows.h>
  24. #include <wincrypt.h>
  26. #include <rassfmhp.h>
  27. #include <usrprop.h>
  28. #include <cleartxt.h>
  30. // Name of the private key stored as LSA private data.
  31. UNICODE_STRING PRIVATE_KEY_NAME = { 34, 36, L"G$MSRADIUSPRIVKEY" };
  33. // Length of the private key.
  34. #define PRIVATE_KEY_LENGTH 256
  36. // Length of the user-specific key.
  37. #define USER_KEY_LENGTH 16
  39. // Properties stored in UserParameters.
  40. #define PROPERTY_USER_KEY L"G$RADIUSCHAPKEY"
  41. #define PROPERTY_PASSWORD L"G$RADIUSCHAP"
  43. // Fixed key used for decrypting the private key.
  44. BYTE FIXED_KEY[] =
  45. {
  46. 0x05, 0x56, 0xF6, 0x07, 0xC6, 0x56, 0x02, 0x94, 0x02,
  47. 0xC6, 0xF6, 0x67, 0x56, 0x02, 0xC6, 0x96, 0xB6, 0x56,
  48. 0x02, 0x34, 0x86, 0x16, 0xE6, 0x46, 0x27, 0x16, 0xC2,
  49. 0x02, 0x14, 0x46, 0x96, 0x47, 0x96, 0xC2, 0x02, 0x74,
  50. 0x27, 0x56, 0x47, 0x16, 0x02, 0x16, 0x27, 0x56, 0x02,
  51. 0x47, 0x86, 0x56, 0x02, 0x07, 0x56, 0xF6, 0x07, 0xC6,
  52. 0x56, 0x02, 0x94, 0x02, 0x47, 0x27, 0x57, 0x37, 0x47
  53. };
  55. // Shared handle to the cryptographic provider.
  56. HCRYPTPROV theContext;
  58. // Private key used for encrypting/decrypting cleartext passwords.
  59. PLSA_UNICODE_STRING thePrivateKey;
  61. // TRUE if this API has been successfully initialized.
  62. static BOOL theInitFlag;
  64. // Non-zero if the API is locked.
  65. static LONG theLock;
  67. //////////
  68. // Macros to lock/unlock the API during intialization.
  69. //////////
  70. #define API_LOCK() \
  71. while (InterlockedExchange(&theLock, 1)) Sleep(5)
  73. #define API_UNLOCK() \
  74. InterlockedExchange(&theLock, 0)
  76. //////////
  77. // Macro that ensures the API has been initialized and bails on failure.
  78. //////////
  79. #define CHECK_INIT() \
  80. if (!theInitFlag) { \
  81. status = IASParmsInitialize(); \
  82. if (status != NO_ERROR) { return status; } \
  83. }
  85. //////////
  86. // Creates the private key. Should only be called if the key doesn't exist.
  87. //////////
  88. DWORD
  89. WINAPI
  90. IASCreatePrivateKey(
  91. IN LSA_HANDLE hPolicy
  92. )
  93. {
  94. DWORD status;
  95. BYTE newKey[PRIVATE_KEY_LENGTH];
  96. LSA_UNICODE_STRING privateData;
  98. //////////
  99. // Generate a random key.
  100. //////////
  102. if (!CryptGenRandom(
  103. theContext,
  104. sizeof(newKey),
  105. newKey
  106. ))
  107. { return GetLastError(); }
  109. //////////
  110. // Store it as LSA private data.
  111. //////////
  113. privateData.Length = sizeof(newKey);
  114. privateData.MaximumLength = sizeof(newKey);
  115. privateData.Buffer = (PWSTR)newKey;
  117. status = LsaStorePrivateData(
  118. hPolicy,
  119. &PRIVATE_KEY_NAME,
  120. &privateData
  121. );
  122. if (NT_SUCCESS(status))
  123. {
  124. status = LsaRetrievePrivateData(
  125. hPolicy,
  126. &PRIVATE_KEY_NAME,
  127. &thePrivateKey
  128. );
  129. }
  131. return NT_SUCCESS(status) ? NO_ERROR : RtlNtStatusToDosError(status);
  132. }
  134. //////////
  135. // Derives a cryptographic key from an octet string.
  136. //////////
  137. BOOL
  138. WINAPI
  139. IASDeriveUserCryptKey(
  140. IN PBYTE pbUserKey,
  141. OUT HCRYPTKEY *phKey
  142. )
  143. {
  144. BOOL success;
  145. HCRYPTHASH hHash;
  147. success = CryptCreateHash(
  148. theContext,
  149. CALG_MD5,
  150. 0,
  151. 0,
  152. &hHash
  153. );
  154. if (!success) { goto exit; }
  156. success = CryptHashData(
  157. hHash,
  158. (PBYTE)thePrivateKey->Buffer,
  159. thePrivateKey->Length,
  160. 0
  161. );
  162. if (!success) { goto destroy_hash; }
  164. success = CryptHashData(
  165. hHash,
  166. pbUserKey,
  167. USER_KEY_LENGTH,
  168. 0
  169. );
  170. if (!success) { goto destroy_hash; }
  172. success = CryptDeriveKey(
  173. theContext,
  174. CALG_RC4,
  175. hHash,
  176. CRYPT_EXPORTABLE,
  177. phKey
  178. );
  180. destroy_hash:
  181. CryptDestroyHash(hHash);
  183. exit:
  184. return success;
  185. }
  187. DWORD
  188. WINAPI
  189. IASParmsInitialize( VOID )
  190. {
  191. DWORD status, nbyte;
  192. OBJECT_ATTRIBUTES objAttribs;
  193. LSA_HANDLE hPolicy;
  194. HCRYPTHASH hHash;
  195. HCRYPTKEY hKey;
  197. API_LOCK();
  199. // If we've already been initialized, there's nothing to do.
  200. if (theInitFlag)
  201. {
  202. status = NO_ERROR;
  203. goto exit;
  204. }
  206. /////////
  207. // Acquire a cryptographic context.
  208. /////////
  210. if (!CryptAcquireContext(
  211. &theContext,
  212. NULL,
  213. NULL,
  214. PROV_RSA_FULL,
  215. CRYPT_VERIFYCONTEXT
  216. ))
  217. {
  218. status = GetLastError();
  219. goto exit;
  220. }
  222. /////////
  223. // Open a handle to the LSA.
  224. /////////
  226. InitializeObjectAttributes(
  227. &objAttribs,
  228. NULL,
  229. 0,
  230. NULL,
  231. NULL
  232. );
  234. status = LsaOpenPolicy(
  235. NULL,
  236. &objAttribs,
  237. POLICY_ALL_ACCESS,
  238. &hPolicy
  239. );
  240. if (!NT_SUCCESS(status))
  241. {
  242. status = RtlNtStatusToDosError(status);
  243. goto exit;
  244. }
  246. /////////
  247. // Retrieve the private key.
  248. /////////
  250. status = LsaRetrievePrivateData(
  251. hPolicy,
  252. &PRIVATE_KEY_NAME,
  253. &thePrivateKey
  254. );
  255. if ( (status == STATUS_OBJECT_NAME_NOT_FOUND) ||
  256. (NT_SUCCESS(status) &&
  257. (
  258. (thePrivateKey != NULL && thePrivateKey->Length == 0) ||
  259. (thePrivateKey == NULL)
  260. )
  261. )
  262. )
  263. {
  264. // If it doesn't exist, create a new one.
  265. status = IASCreatePrivateKey(
  266. hPolicy
  267. );
  268. }
  269. else if (!NT_SUCCESS(status))
  270. {
  271. status = RtlNtStatusToDosError(status);
  272. }
  274. if (status != NO_ERROR) { goto close_policy; }
  276. /////////
  277. // Derive a crypto key from the fixed key.
  278. /////////
  280. if (!CryptCreateHash(
  281. theContext,
  282. CALG_MD5,
  283. 0,
  284. 0,
  285. &hHash
  286. ))
  287. {
  288. status = GetLastError();
  289. goto close_policy;
  290. }
  292. if (!CryptHashData(
  293. hHash,
  294. FIXED_KEY,
  295. sizeof(FIXED_KEY),
  296. 0
  297. ))
  298. {
  299. status = GetLastError();
  300. goto destroy_hash;
  301. }
  303. if (!CryptDeriveKey(
  304. theContext,
  305. CALG_RC4,
  306. hHash,
  307. CRYPT_EXPORTABLE,
  308. &hKey
  309. ))
  310. {
  311. status = GetLastError();
  312. goto destroy_hash;
  313. }
  315. /////////
  316. // Decrypt the private key.
  317. /////////
  319. nbyte = thePrivateKey->Length;
  321. if (!CryptDecrypt(
  322. hKey,
  323. 0,
  324. TRUE,
  325. 0,
  326. (PBYTE)thePrivateKey->Buffer,
  327. &nbyte
  328. ))
  329. {
  330. status = GetLastError();
  331. goto destroy_key;
  332. }
  334. thePrivateKey->Length = (USHORT)nbyte;
  336. destroy_key:
  337. CryptDestroyKey(hKey);
  339. destroy_hash:
  340. CryptDestroyHash(hHash);
  342. close_policy:
  343. LsaClose(hPolicy);
  345. exit:
  346. if (status == NO_ERROR)
  347. {
  348. // We succeeded, so set theInitFlag.
  349. theInitFlag = TRUE;
  350. }
  351. else
  352. {
  353. // We failed, so clean up.
  354. if (thePrivateKey)
  355. {
  356. LsaFreeMemory(thePrivateKey);
  357. thePrivateKey = NULL;
  358. }
  360. if (theContext)
  361. {
  362. CryptReleaseContext(theContext, 0);
  363. theContext = 0;
  364. }
  365. }
  367. API_UNLOCK();
  368. return status;
  369. }
  371. DWORD
  372. WINAPI
  373. IASParmsClearUserPassword(
  374. IN PCWSTR szUserParms,
  375. OUT PWSTR *pszNewUserParms
  376. )
  377. {
  378. DWORD status;
  379. UNICODE_STRING property;
  380. PWSTR tempUserParms;
  381. BOOL updateKey, updatePwd;
  383. // Check the in parameters.
  384. if (pszNewUserParms == NULL) { return ERROR_INVALID_PARAMETER; }
  386. /////////
  387. // Write a null string to the relevant properties.
  388. /////////
  390. memset(&property, 0, sizeof(property));
  392. status = NetpParmsSetUserProperty(
  393. (PWSTR)szUserParms,
  394. PROPERTY_PASSWORD,
  395. property,
  396. 0,
  397. &tempUserParms,
  398. &updatePwd
  399. );
  400. if (!NT_SUCCESS(status)) { return RtlNtStatusToDosError(status); }
  402. status = NetpParmsSetUserProperty(
  403. tempUserParms,
  404. PROPERTY_USER_KEY,
  405. property,
  406. 0,
  407. pszNewUserParms,
  408. &updateKey
  409. );
  411. NetpParmsUserPropertyFree(tempUserParms);
  413. if (NT_SUCCESS(status))
  414. {
  415. if (!updatePwd && !updateKey)
  416. {
  417. // Nothing changed so don't return the NewUserParms.
  418. NetpParmsUserPropertyFree(*pszNewUserParms);
  419. *pszNewUserParms = NULL;
  420. }
  422. return NO_ERROR;
  423. }
  425. return RtlNtStatusToDosError(status);
  426. }
  428. DWORD
  429. WINAPI
  430. IASParmsGetUserPassword(
  431. IN PCWSTR szUserParms,
  432. OUT PWSTR *pszPassword
  433. )
  434. {
  435. DWORD status, nbyte;
  436. UNICODE_STRING userKey, encryptedPwd;
  437. WCHAR propFlag;
  438. HCRYPTKEY hKey;
  440. // Check the in parameters.
  441. if (pszPassword == NULL) { return ERROR_INVALID_PARAMETER; }
  443. // Make sure we're initialized.
  444. CHECK_INIT();
  446. // Read the user key.
  447. status = NetpParmsQueryUserProperty(
  448. (PWSTR)szUserParms,
  449. PROPERTY_USER_KEY,
  450. &propFlag,
  451. &userKey
  452. );
  453. if (!NT_SUCCESS(status))
  454. {
  455. status = RtlNtStatusToDosError(status);
  456. goto exit;
  457. }
  459. // Read the encrypted password.
  460. status = NetpParmsQueryUserProperty(
  461. (PWSTR)szUserParms,
  462. PROPERTY_PASSWORD,
  463. &propFlag,
  464. &encryptedPwd
  465. );
  466. if (!NT_SUCCESS(status))
  467. {
  468. status = RtlNtStatusToDosError(status);
  469. goto free_key;
  470. }
  472. // If they're both NULL, it's not an error. It just means the cleartext
  473. // password was never set.
  474. if (userKey.Buffer == NULL && encryptedPwd.Buffer == NULL)
  475. {
  476. *pszPassword = NULL;
  477. goto exit;
  478. }
  480. // Make sure the user key is the correct length.
  481. if (userKey.Length != USER_KEY_LENGTH)
  482. {
  483. status = ERROR_INVALID_DATA;
  484. goto free_password;
  485. }
  487. // Convert the user key to a cryptographic key.
  488. if (!IASDeriveUserCryptKey(
  489. (PBYTE)userKey.Buffer,
  490. &hKey
  491. ))
  492. {
  493. status = GetLastError();
  494. goto free_password;
  495. }
  497. // Decrypt the password.
  498. nbyte = encryptedPwd.Length;
  499. if (!CryptDecrypt(
  500. hKey,
  501. 0,
  502. TRUE,
  503. 0,
  504. (PBYTE)encryptedPwd.Buffer,
  505. &nbyte
  506. ))
  507. {
  508. status = GetLastError();
  509. goto destroy_key;
  510. }
  512. // We encrypted the terminating null, so it should still be there.
  513. if (encryptedPwd.Buffer[nbyte / sizeof(WCHAR) - 1] != L'\0')
  514. {
  515. status = ERROR_INVALID_DATA;
  516. goto destroy_key;
  517. }
  519. // Return the cleartext password to the caller.
  520. *pszPassword = encryptedPwd.Buffer;
  521. encryptedPwd.Buffer = NULL;
  523. destroy_key:
  524. CryptDestroyKey(hKey);
  526. free_password:
  527. LocalFree(encryptedPwd.Buffer);
  529. free_key:
  530. LocalFree(userKey.Buffer);
  532. exit:
  533. return status;
  534. }
  536. DWORD
  537. WINAPI
  538. IASParmsSetUserPassword(
  539. IN PCWSTR szUserParms,
  540. IN PCWSTR szPassword,
  541. OUT PWSTR *pszNewUserParms
  542. )
  543. {
  544. DWORD status;
  545. BYTE userKey[USER_KEY_LENGTH];
  546. HCRYPTKEY hKey;
  547. DWORD nbyte;
  548. PBYTE encryptedPwd;
  549. UNICODE_STRING property;
  550. PWSTR tempUserParms;
  551. BOOL update;
  553. // Check the in parameters.
  554. if (szPassword == NULL) { return ERROR_INVALID_PARAMETER; }
  556. // Make sure we're initialized.
  557. CHECK_INIT();
  559. // Generate a user key.
  560. if (!CryptGenRandom(
  561. theContext,
  562. USER_KEY_LENGTH,
  563. userKey
  564. ))
  565. {
  566. status = GetLastError();
  567. goto exit;
  568. }
  570. // Convert the user key to a cryptographic key.
  571. if (!IASDeriveUserCryptKey(
  572. userKey,
  573. &hKey
  574. ))
  575. {
  576. status = GetLastError();
  577. goto exit;
  578. }
  580. // Allocate a buffer for the encrypted password.
  581. nbyte = sizeof(WCHAR) * (lstrlenW(szPassword) + 1);
  582. encryptedPwd = RtlAllocateHeap(
  583. RasSfmHeap(),
  584. 0,
  585. nbyte
  586. );
  587. if (encryptedPwd == NULL)
  588. {
  589. status = ERROR_NOT_ENOUGH_MEMORY;
  590. goto destroy_key;
  591. }
  593. memcpy(encryptedPwd, szPassword, nbyte);
  595. // Encrypt the password.
  596. if (!CryptEncrypt(
  597. hKey,
  598. 0,
  599. TRUE,
  600. 0,
  601. encryptedPwd,
  602. &nbyte,
  603. nbyte
  604. ))
  605. {
  606. status = GetLastError();
  607. goto free_encrypted_password;
  608. }
  610. /////////
  611. // Store the encrypted password.
  612. /////////
  614. property.Buffer = (PWCHAR)encryptedPwd;
  615. property.Length = (USHORT)nbyte;
  616. property.MaximumLength = (USHORT)nbyte;
  618. status = NetpParmsSetUserProperty(
  619. (PWSTR)szUserParms,
  620. PROPERTY_PASSWORD,
  621. property,
  622. 0,
  623. &tempUserParms,
  624. &update
  625. );
  626. if (!NT_SUCCESS(status))
  627. {
  628. status = RtlNtStatusToDosError(status);
  629. goto free_encrypted_password;
  630. }
  632. /////////
  633. // Store the user key.
  634. /////////
  636. property.Buffer = (PWSTR)userKey;
  637. property.Length = USER_KEY_LENGTH;
  638. property.MaximumLength = USER_KEY_LENGTH;
  640. status = NetpParmsSetUserProperty(
  641. tempUserParms,
  642. PROPERTY_USER_KEY,
  643. property,
  644. 0,
  645. pszNewUserParms,
  646. &update
  647. );
  648. if (!NT_SUCCESS(status)) { status = RtlNtStatusToDosError(status); }
  650. NetpParmsUserPropertyFree(tempUserParms);
  652. free_encrypted_password:
  653. RtlFreeHeap(RasSfmHeap(), 0, encryptedPwd);
  655. destroy_key:
  656. CryptDestroyKey(hKey);
  658. exit:
  659. return status;
  660. }
  662. VOID
  663. WINAPI
  664. IASParmsFreeUserParms(
  665. IN LPWSTR szNewUserParms
  666. )
  667. {
  668. NetpParmsUserPropertyFree(szNewUserParms);
  669. }