archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 5c6fe3db62
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c6fe3db62'
${ noResults }
windows-server-2003/termsrv/tsuserex/creden.cpp

759 lines
16 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /*++
  4. Copyright (c) 2001 Microsoft Corporation
  6. Module Name:
  8. creden.cpp
  10. Abstract:
  12. This module abstracts user credentials for the multiple credential support.
  14. Author:
  16. Rashmi Patankar (RashmiP) 10-Aug-2001
  18. Revision History:
  20. --*/
  21. #include "stdafx.h"
  22. #include <basetyps.h>
  23. #include <des.h>
  25. typedef long HRESULT;
  26. #include "creden.h"
  27. #include <ntsecapi.h>
  28. typedef NTSTATUS SECURITY_STATUS;
  30. UCHAR g_seed = 0 ;
  32. #define BAIL_ON_FAILURE(hr) \
  33. if (FAILED(hr)) \
  34. { \
  35. goto error; \
  36. }
  39. //
  40. // This routine allocates and stores the password in the
  41. // passed in pointer. The assumption here is that pszString
  42. // is valid, it can be an empty string but not NULL.
  43. // Note that this code cannot be used as is on Win2k and below
  44. // as they do not support the newer functions.
  45. //
  47. HRESULT
  48. EncryptString(
  49. LPWSTR pszString,
  50. LPWSTR *ppszSafeString,
  51. PDWORD pdwLen
  52. )
  53. {
  54. HRESULT hr = S_OK;
  55. DWORD dwLenStr = 0;
  56. DWORD dwPwdLen = 0;
  57. LPWSTR pszTempStr = NULL;
  58. NTSTATUS errStatus = S_OK;
  59. FNRTLINITUNICODESTRING pRtlInitUnicodeString = NULL;
  60. FRTLRUNENCODEUNICODESTRING pRtlRunEncodeUnicodeString = NULL;
  61. FRTLENCRYPTMEMORY pRtlEncryptMemory = NULL;
  63. BOOLEAN GlobalUseScrambling = FALSE;
  65. if (!pszString || !ppszSafeString)
  66. {
  67. return(E_FAIL);
  68. }
  70. *ppszSafeString = NULL;
  71. *pdwLen = 0;
  73. //
  74. // If the string is valid, then we need to get the length
  75. // and initialize the unicode string.
  76. //
  78. UNICODE_STRING Password;
  80. //
  81. // Determine the length of buffer taking padding into account.
  82. //
  83. dwLenStr = wcslen(pszString);
  85. dwPwdLen = (dwLenStr + 1) * sizeof(WCHAR) + (DES_BLOCKLEN -1);
  87. pszTempStr = (LPWSTR) AllocADsMem(dwPwdLen);
  89. if (!pszTempStr)
  90. {
  91. hr = E_OUTOFMEMORY;
  92. goto error;
  93. }
  95. wcscpy(pszTempStr, pszString);
  97. if(g_ScramblingLibraryHandle)
  98. {
  99. pRtlInitUnicodeString = (FNRTLINITUNICODESTRING) GetProcAddress( g_ScramblingLibraryHandle, "RtlInitUnicodeString" );
  100. }
  102. if(!pRtlInitUnicodeString)
  103. {
  104. hr = E_FAIL;
  105. goto error;
  106. }
  108. (*pRtlInitUnicodeString)(&Password, pszTempStr);
  111. USHORT usExtra = 0;
  113. if (usExtra = (Password.MaximumLength % DES_BLOCKLEN))
  114. {
  115. Password.MaximumLength += (DES_BLOCKLEN - usExtra);
  116. }
  118. *pdwLen = Password.MaximumLength;
  120. if (g_AdvApi32LibraryHandle || g_ScramblingLibraryHandle)
  121. {
  123. GlobalUseScrambling = FALSE;
  125. if (g_AdvApi32LibraryHandle)
  126. {
  127. //
  128. // Try to get the advapi32.dll RtlEncryptMemory/RtlDecryptMemory functions,
  129. // Note that RtlEncryptMemory and RtlDecryptMemory are really named
  130. // SystemFunction040/041, hence the macros.
  131. //
  133. pRtlEncryptMemory = (FRTLENCRYPTMEMORY) GetProcAddress( g_AdvApi32LibraryHandle, (LPCSTR) 619 );
  135. if (pRtlEncryptMemory)
  136. {
  138. // We want to use scrambling
  140. GlobalUseScrambling = TRUE;
  142. // Using strong scrambling
  144. errStatus = (*pRtlEncryptMemory)( Password.Buffer,
  145. Password.MaximumLength,
  146. 0
  147. );
  149. if (errStatus)
  150. {
  151. if(pszTempStr)
  152. {
  153. FreeADsMem(pszTempStr);
  154. pszTempStr = NULL;
  155. }
  157. hr = HRESULT_FROM_NT(errStatus);
  158. goto error;
  159. }
  162. }
  163. else if (g_ScramblingLibraryHandle)
  164. {
  165. //
  166. // Clean up so we can try falling back to the run-encode scrambling functions
  167. // (we keep the AdvApi32LibraryHandle around since we'll probably need it
  168. // later anyway)
  169. //
  171. pRtlRunEncodeUnicodeString = (FRTLRUNENCODEUNICODESTRING) GetProcAddress( g_ScramblingLibraryHandle, "RtlRunEncodeUnicodeString" );
  173. if(_tcslen(Password.Buffer) && pRtlRunEncodeUnicodeString)
  174. {
  176. // encrypt password in place
  178. (*pRtlRunEncodeUnicodeString)( &g_seed, &Password );
  179. }
  180. else
  181. {
  182. hr = E_FAIL;
  183. goto error;
  184. }
  185. }
  186. else
  187. {
  188. hr = E_FAIL;
  189. goto error;
  190. }
  191. }
  192. else
  193. {
  194. hr = E_FAIL;
  195. goto error;
  196. }
  197. }
  198. else
  199. {
  200. hr = E_FAIL;
  201. goto error;
  202. }
  204. *ppszSafeString = pszTempStr;
  206. error:
  208. if (FAILED(hr) && pszTempStr)
  209. {
  210. FreeADsMem(pszTempStr);
  211. pszTempStr = NULL;
  212. }
  214. return(hr);
  215. }
  218. HRESULT
  219. DecryptString(
  220. LPWSTR pszEncodedString,
  221. LPWSTR *ppszString,
  222. DWORD dwLen
  223. )
  224. {
  225. HRESULT hr = E_FAIL;
  226. LPWSTR pszTempStr = NULL;
  227. NTSTATUS errStatus;
  228. BOOLEAN GlobalUseScrambling = FALSE;
  229. FNRTLINITUNICODESTRING pRtlInitUnicodeString = NULL;
  230. FRTLRUNDECODEUNICODESTRING pRtlRunDecodeUnicodeString = NULL;
  231. FRTLDECRYPTMEMORY pRtlDecryptMemory = NULL;
  232. UNICODE_STRING UnicodePassword;
  235. if (!dwLen || !ppszString)
  236. {
  237. return(E_FAIL);
  238. }
  240. *ppszString = NULL;
  242. if (dwLen)
  243. {
  244. pszTempStr = (LPWSTR) AllocADsMem(dwLen);
  246. if (!pszTempStr)
  247. {
  248. hr = E_OUTOFMEMORY;
  249. goto error;
  250. }
  252. memcpy(pszTempStr, pszEncodedString, dwLen);
  255. if (g_AdvApi32LibraryHandle || g_ScramblingLibraryHandle)
  256. {
  257. hr = S_OK;
  259. GlobalUseScrambling = FALSE;
  261. if (g_AdvApi32LibraryHandle)
  262. {
  263. //
  264. // Try to get the advapi32.dll RtlEncryptMemory/RtlDecryptMemory functions,
  265. // along with ntdll's RtlInitUnicodeString. Note that RtlEncryptMemory
  266. // and RtlDecryptMemory are really named SystemFunction040/041, hence
  267. // the macros.
  268. //
  270. pRtlDecryptMemory = (FRTLDECRYPTMEMORY) GetProcAddress( g_AdvApi32LibraryHandle, (LPCSTR) 620 );
  272. if (pRtlDecryptMemory)
  273. {
  274. //
  275. // We want to use scrambling
  276. //
  278. GlobalUseScrambling = TRUE;
  280. // Using strong scrambling
  282. errStatus = (*pRtlDecryptMemory)( pszTempStr,
  283. dwLen,
  284. 0
  285. );
  287. if (errStatus)
  288. {
  289. if (NULL != pszTempStr)
  290. {
  291. FreeADsStr(pszTempStr);
  292. pszTempStr = NULL;
  293. }
  295. hr = HRESULT_FROM_NT(errStatus);
  296. goto error;
  297. }
  298. }
  300. else if(g_ScramblingLibraryHandle)
  301. {
  302. //
  303. // Clean up so we can try falling back to the run-encode scrambling functions
  304. // (we keep the AdvApi32LibraryHandle around since we'll probably need it
  305. // later anyway)
  306. //
  308. pRtlRunDecodeUnicodeString = (FRTLRUNDECODEUNICODESTRING) GetProcAddress( g_ScramblingLibraryHandle, "RtlRunDecodeUnicodeString" );
  310. pRtlInitUnicodeString = (FNRTLINITUNICODESTRING) GetProcAddress( g_ScramblingLibraryHandle, "RtlInitUnicodeString" );
  312. if(_tcslen(pszTempStr) && pRtlRunDecodeUnicodeString && pRtlInitUnicodeString)
  313. {
  314. (*pRtlInitUnicodeString)( &UnicodePassword, pszTempStr );
  316. // encrypt password in place
  318. (*pRtlRunDecodeUnicodeString)(g_seed, &UnicodePassword);
  319. }
  320. else
  321. {
  322. hr = E_FAIL;
  323. goto error;
  324. }
  325. }
  326. else
  327. {
  328. hr = E_FAIL;
  329. goto error;
  330. }
  331. }
  332. else
  333. {
  334. hr = E_FAIL;
  335. goto error;
  336. }
  337. }
  338. else
  339. {
  340. hr = E_FAIL;
  341. goto error;
  342. }
  344. *ppszString = pszTempStr;
  345. }
  347. error:
  349. if (FAILED(hr) && (NULL != pszTempStr))
  350. {
  351. FreeADsStr(pszTempStr);
  352. pszTempStr = NULL;
  353. }
  355. return(hr);
  356. }
  358. //
  359. // Static member of the class
  360. //
  361. CCredentials::CCredentials():
  362. _lpszUserName(NULL),
  363. _lpszPassword(NULL),
  364. _dwAuthFlags(0),
  365. _dwPasswordLen(0)
  366. {
  367. }
  369. CCredentials::CCredentials(
  370. LPWSTR lpszUserName,
  371. LPWSTR lpszPassword,
  372. DWORD dwAuthFlags
  373. ):
  374. _lpszUserName(NULL),
  375. _lpszPassword(NULL),
  376. _dwAuthFlags(0),
  377. _dwPasswordLen(0)
  378. {
  380. //
  381. // AjayR 10-04-99 we need a way to bail if the
  382. // alloc's fail. Since it is in the constructor this is
  383. // not very easy to do.
  384. //
  386. if (lpszUserName)
  387. {
  388. _lpszUserName = AllocADsStr(lpszUserName);
  389. }
  390. else
  391. {
  392. _lpszUserName = NULL;
  393. }
  395. if (lpszPassword)
  396. {
  397. //
  398. // The call can fail but we cannot recover from this.
  399. //
  400. EncryptString(
  401. lpszPassword,
  402. &_lpszPassword,
  403. &_dwPasswordLen
  404. );
  406. }
  407. else
  408. {
  409. _lpszPassword = NULL;
  410. }
  412. _dwAuthFlags = dwAuthFlags;
  414. }
  416. CCredentials::~CCredentials()
  417. {
  418. if (_lpszUserName)
  419. {
  420. FreeADsStr(_lpszUserName);
  421. }
  423. if (_lpszPassword)
  424. {
  425. FreeADsStr(_lpszPassword);
  426. }
  427. }
  431. HRESULT
  432. CCredentials::GetUserName(
  433. LPWSTR *lppszUserName
  434. )
  435. {
  436. if (!lppszUserName)
  437. {
  438. return(E_FAIL);
  439. }
  442. if (!_lpszUserName)
  443. {
  444. *lppszUserName = NULL;
  445. }
  446. else
  447. {
  448. *lppszUserName = AllocADsStr(_lpszUserName);
  450. if (!*lppszUserName)
  451. {
  452. return(E_OUTOFMEMORY);
  453. }
  454. }
  456. return(S_OK);
  457. }
  460. HRESULT
  461. CCredentials::GetPassword(
  462. LPWSTR * lppszPassword
  463. )
  464. {
  465. if (!lppszPassword)
  466. {
  467. return(E_FAIL);
  468. }
  470. if (!_lpszPassword)
  471. {
  472. *lppszPassword = NULL;
  473. }
  474. else
  475. {
  477. return( DecryptString( _lpszPassword,
  478. lppszPassword,
  479. _dwPasswordLen
  480. )
  481. );
  482. }
  484. return(S_OK);
  485. }
  488. HRESULT
  489. CCredentials::SetUserName(
  490. LPWSTR lpszUserName
  491. )
  492. {
  493. if (_lpszUserName)
  494. {
  495. FreeADsStr(_lpszUserName);
  496. }
  498. if (!lpszUserName)
  499. {
  500. _lpszUserName = NULL;
  501. return(S_OK);
  502. }
  504. _lpszUserName = AllocADsStr(
  505. lpszUserName
  506. );
  507. if(!_lpszUserName)
  508. {
  509. return(E_FAIL);
  510. }
  512. return(S_OK);
  513. }
  516. HRESULT
  517. CCredentials::SetPassword(
  518. LPWSTR lpszPassword
  519. )
  520. {
  522. if (_lpszPassword)
  523. {
  524. FreeADsStr(_lpszPassword);
  525. }
  527. if (!lpszPassword)
  528. {
  529. _lpszPassword = NULL;
  530. return(S_OK);
  531. }
  533. return( EncryptString( lpszPassword,
  534. &_lpszPassword,
  535. &_dwPasswordLen
  536. )
  537. );
  538. }
  540. CCredentials::CCredentials(
  541. const CCredentials& Credentials
  542. )
  543. {
  544. HRESULT hr = S_OK;
  545. LPWSTR pszTmpPwd = NULL;
  547. _lpszUserName = NULL;
  548. _lpszPassword = NULL;
  550. _lpszUserName = AllocADsStr(
  551. Credentials._lpszUserName
  552. );
  555. if (Credentials._lpszPassword)
  556. {
  557. hr = DecryptString(
  558. Credentials._lpszPassword,
  559. &pszTmpPwd,
  560. Credentials._dwPasswordLen
  561. );
  562. }
  564. if (SUCCEEDED(hr) && pszTmpPwd)
  565. {
  566. hr = EncryptString(
  567. pszTmpPwd,
  568. &_lpszPassword,
  569. &_dwPasswordLen
  570. );
  571. }
  572. else
  573. {
  574. pszTmpPwd = NULL;
  575. }
  577. if (pszTmpPwd)
  578. {
  579. FreeADsStr(pszTmpPwd);
  580. }
  582. _dwAuthFlags = Credentials._dwAuthFlags;
  585. }
  588. void
  589. CCredentials::operator=(
  590. const CCredentials& other
  591. )
  592. {
  593. HRESULT hr = S_OK;
  594. LPWSTR pszTmpPwd = NULL;
  596. if ( &other == this)
  597. {
  598. return;
  599. }
  601. if (_lpszUserName)
  602. {
  603. FreeADsStr(_lpszUserName);
  604. }
  606. if (_lpszPassword)
  607. {
  608. FreeADsStr(_lpszPassword);
  609. }
  611. _lpszUserName = AllocADsStr(
  612. other._lpszUserName
  613. );
  616. if (other._lpszPassword)
  617. {
  618. hr = DecryptString(
  619. other._lpszPassword,
  620. &pszTmpPwd,
  621. other._dwPasswordLen
  622. );
  623. }
  625. if (SUCCEEDED(hr) && pszTmpPwd)
  626. {
  627. hr = EncryptString(
  628. pszTmpPwd,
  629. &_lpszPassword,
  630. &_dwPasswordLen
  631. );
  632. }
  633. else
  634. {
  635. pszTmpPwd = NULL;
  636. }
  638. if (pszTmpPwd)
  639. {
  640. FreeADsStr(pszTmpPwd);
  641. }
  643. _dwAuthFlags = other._dwAuthFlags;
  645. return;
  646. }
  649. BOOL
  650. operator==(
  651. CCredentials& x,
  652. CCredentials& y
  653. )
  654. {
  655. BOOL bEqualUser = FALSE;
  656. BOOL bEqualPassword = FALSE;
  657. BOOL bEqualFlags = FALSE;
  659. LPWSTR lpszXPassword = NULL;
  660. LPWSTR lpszYPassword = NULL;
  661. BOOL bReturnCode = FALSE;
  662. HRESULT hr = S_OK;
  665. if (x._lpszUserName && y._lpszUserName)
  666. {
  667. bEqualUser = !(wcscmp(x._lpszUserName, y._lpszUserName));
  668. }
  669. else if (!x._lpszUserName && !y._lpszUserName)
  670. {
  671. bEqualUser = TRUE;
  672. }
  674. hr = x.GetPassword(&lpszXPassword);
  675. if (FAILED(hr))
  676. {
  677. goto error;
  678. }
  680. hr = y.GetPassword(&lpszYPassword);
  681. if (FAILED(hr))
  682. {
  683. goto error;
  684. }
  687. if ((lpszXPassword && lpszYPassword))
  688. {
  689. bEqualPassword = !(wcscmp(lpszXPassword, lpszYPassword));
  690. }
  691. else if (!lpszXPassword && !lpszYPassword)
  692. {
  693. bEqualPassword = TRUE;
  694. }
  697. if (x._dwAuthFlags == y._dwAuthFlags)
  698. {
  699. bEqualFlags = TRUE;
  700. }
  703. if (bEqualUser && bEqualPassword && bEqualFlags)
  704. {
  706. bReturnCode = TRUE;
  707. }
  710. error:
  712. if (lpszXPassword)
  713. {
  714. FreeADsStr(lpszXPassword);
  715. }
  717. if (lpszYPassword)
  718. {
  719. FreeADsStr(lpszYPassword);
  720. }
  722. return(bReturnCode);
  724. }
  727. BOOL
  728. CCredentials::IsNullCredentials(
  729. )
  730. {
  731. // The function will return true even if the flags are set
  732. // this is because we want to try and get the default credentials
  733. // even if the flags were set
  734. if (!_lpszUserName && !_lpszPassword)
  735. {
  736. return(TRUE);
  737. }
  738. else
  739. {
  740. return(FALSE);
  741. }
  743. }
  746. DWORD
  747. CCredentials::GetAuthFlags()
  748. {
  749. return(_dwAuthFlags);
  750. }
  753. void
  754. CCredentials::SetAuthFlags(
  755. DWORD dwAuthFlags
  756. )
  757. {
  758. _dwAuthFlags = dwAuthFlags;
  759. }