archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 7b07a90fc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7b07a90fc1'
${ noResults }
windows-server-2003/base/cluster/resdll/netname/crypto.c

911 lines
28 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (c) 2001 Microsoft Corporation
  5. Module Name:
  7. crypto.c
  9. Abstract:
  11. routines for encrypting/decrypting resource data blob. uses crypto API to
  12. generate the key used to encrypt/decrypt the CO password. Key is stored as
  13. a crypto checkpoint associated with the resource.
  15. Author:
  17. Charlie Wickham (charlwi) 14-Feb-2001
  19. Environment:
  21. User Mode
  23. Revision History:
  25. --*/
  27. #define UNICODE 1
  28. #define _UNICODE 1
  30. #include "clusres.h"
  31. #include "clusrtl.h"
  32. #include "netname.h"
  34. #include <wincrypt.h>
  35. #include <lm.h>
  37. //
  38. // defines
  39. //
  41. #define NN_GUID_STRING_BUFFER_LENGTH 37 // includes the terminating NULL
  43. //
  44. // header for encrypted data.
  45. //
  47. typedef struct _NETNAME_ENCRYPTED_DATA {
  48. DWORD Version;
  49. BYTE Data[0];
  50. } NETNAME_ENCRYPTED_DATA, *PNETNAME_ENCRYPTED_DATA;
  52. #define NETNAME_ENCRYPTED_DATA_VERSION 1
  54. //
  55. // Container name is the resource's GUID followed by this decoration
  56. //
  57. WCHAR KeyDecoration[] = L"-Netname Resource Data";
  59. DWORD
  60. BuildKeyName(
  61. IN HRESOURCE ResourceHandle,
  62. IN LPWSTR KeyName,
  63. IN DWORD KeyNameChars
  64. )
  66. /*++
  68. Routine Description:
  70. build the key name (resource GUID followed by decoration)
  72. Arguments:
  74. ResourceHandle - handle to the cluster resource (not the one given to us
  75. by resmon)
  77. KeyName - buffer to receive the constructed name
  79. KeyNameChars - size, in characteres, of KeyName
  81. Return Value:
  83. success, otherwise Win32 error
  85. --*/
  87. {
  88. DWORD status;
  89. DWORD bytesReturned;
  90. DWORD charsReturned;
  92. //
  93. // sanity check
  94. //
  95. if ( KeyNameChars < ( NN_GUID_STRING_BUFFER_LENGTH + COUNT_OF( KeyDecoration ))) {
  96. return ERROR_INSUFFICIENT_BUFFER;
  97. }
  99. //
  100. // get our GUID (ID) to uniquely identify this resource throughout renames
  101. //
  102. status = ClusterResourceControl(ResourceHandle,
  103. NULL,
  104. CLUSCTL_RESOURCE_GET_ID,
  105. NULL,
  106. 0,
  107. KeyName,
  108. KeyNameChars * sizeof( WCHAR ),
  109. &bytesReturned);
  111. charsReturned = bytesReturned / sizeof( WCHAR );
  113. if ( status == ERROR_SUCCESS ) {
  114. if (( charsReturned + COUNT_OF( KeyDecoration )) <= KeyNameChars ) {
  115. wcscat( KeyName, KeyDecoration );
  116. } else {
  117. status = ERROR_INSUFFICIENT_BUFFER;
  118. }
  119. }
  121. return status;
  122. } // BuildKeyName
  124. DWORD
  125. FindNNCryptoContainer(
  126. IN PNETNAME_RESOURCE Resource,
  127. OUT LPWSTR * ContainerName
  128. )
  130. /*++
  132. Routine Description:
  134. find our key name in the list of crypto checkpoints associated with this
  135. resource.
  137. Arguments:
  139. Resource - pointer to resource context info
  141. ContainerName - address of pointer that gets pointer to container name
  143. Return Value:
  145. success if it worked, otherwise Win32 error
  147. --*/
  149. {
  150. DWORD status;
  151. DWORD bytesReturned;
  152. LPWSTR checkpointInfo = NULL;
  153. LPWSTR chkpt;
  154. WCHAR keyName[ NN_GUID_STRING_BUFFER_LENGTH + COUNT_OF( KeyDecoration ) ];
  156. RESOURCE_HANDLE resourceHandle = Resource->ResourceHandle;
  158. //
  159. // get our GUID (ID) to uniquely identify this resource throughout renames
  160. //
  161. status = ClusterResourceControl(Resource->ClusterResourceHandle,
  162. NULL,
  163. CLUSCTL_RESOURCE_GET_CRYPTO_CHECKPOINTS,
  164. NULL,
  165. 0,
  166. NULL,
  167. 0,
  168. &bytesReturned);
  170. if ( status != ERROR_SUCCESS ) {
  171. (NetNameLogEvent)(resourceHandle,
  172. LOG_ERROR,
  173. L"Couldn't get size of crypto checkpoint info. status %1!u!.\n",
  174. status);
  176. return status;
  177. }
  179. if ( bytesReturned == 0 ) {
  180. return ERROR_FILE_NOT_FOUND;
  181. }
  183. checkpointInfo = LocalAlloc( LMEM_FIXED, bytesReturned );
  184. if ( checkpointInfo == NULL ) {
  185. status = ERROR_NOT_ENOUGH_MEMORY;
  186. (NetNameLogEvent)(resourceHandle,
  187. LOG_ERROR,
  188. L"Couldn't allocate memory for resource's crypto checkpoint info. status %1!u!.\n",
  189. status);
  190. return status;
  191. }
  193. status = ClusterResourceControl(Resource->ClusterResourceHandle,
  194. NULL,
  195. CLUSCTL_RESOURCE_GET_CRYPTO_CHECKPOINTS,
  196. NULL,
  197. 0,
  198. checkpointInfo,
  199. bytesReturned,
  200. &bytesReturned);
  202. if ( status != ERROR_SUCCESS ) {
  203. (NetNameLogEvent)(resourceHandle,
  204. LOG_ERROR,
  205. L"Couldn't get crypto checkpoint info. status %1!u!.\n",
  206. status);
  208. goto cleanup;
  209. }
  211. //
  212. // build our key name and look for it by walking the list of checkpoints
  213. //
  214. status = BuildKeyName(Resource->ClusterResourceHandle, keyName, COUNT_OF( keyName ));
  215. if ( status != ERROR_SUCCESS ) {
  216. (NetNameLogEvent)(resourceHandle,
  217. LOG_ERROR,
  218. L"Couldn't build key name for crypto checkpoint. status %1!u!.\n",
  219. status);
  221. goto cleanup;
  222. }
  224. chkpt = wcsstr( checkpointInfo, keyName );
  225. if ( chkpt == NULL ) {
  226. (NetNameLogEvent)(resourceHandle,
  227. LOG_ERROR,
  228. L"Couldn't find key name (%1!ws!) in list of crypto checkpoints.\n",
  229. keyName);
  231. status = ERROR_INVALID_DATA;
  232. goto cleanup;
  233. }
  235. //
  236. // find the beginning of the string or the buffer, get the size, and move
  237. // our string to the beginning of the buffer (which is freed by the
  238. // caller)
  239. //
  240. while ( chkpt != checkpointInfo && *chkpt != UNICODE_NULL ) {
  241. --chkpt;
  242. }
  244. if ( chkpt != checkpointInfo ) {
  245. DWORD stringBytes;
  247. ++chkpt;
  248. stringBytes = (wcslen( chkpt ) + 1 ) * sizeof( WCHAR );
  249. memmove( checkpointInfo, chkpt, stringBytes );
  250. }
  252. *ContainerName = checkpointInfo;
  254. cleanup:
  255. if ( status != ERROR_SUCCESS && checkpointInfo != NULL ) {
  256. LocalFree( checkpointInfo );
  257. *ContainerName = NULL;
  258. }
  260. return status;
  261. } // FindNNCryptoContainer
  264. //
  265. // exported routines
  266. //
  268. DWORD
  269. EncryptNNResourceData(
  270. PNETNAME_RESOURCE Resource,
  271. LPWSTR MachinePwd,
  272. PBYTE * EncryptedInfo,
  273. PDWORD EncryptedInfoLength
  274. )
  276. /*++
  278. Routine Description:
  280. encrypt the password, set a pointer to the encrypted data and store it in
  281. the registry.
  283. Arguments:
  285. ResourceHandle - for logging to the cluster log
  287. MachinePwd - pointer to unicode string password
  289. EncryptedInfo - address of a pointer that receives a pointer to the encrypted blob
  291. EncryptedInfoLength - pointer to a DWORD that receives the length of the blob
  293. Key - handle to netname parameters key where the data is stored
  295. Return Value:
  297. ERROR_SUCCESS, otherwise Win32 error
  299. --*/
  301. {
  302. DWORD status;
  303. DWORD encInfoLength;
  304. DWORD encDataLength = 0;
  305. BOOL success;
  306. DWORD pwdLength = ( wcslen( MachinePwd ) + 1 ) * sizeof( WCHAR );
  307. DWORD provNameLength = 0;
  308. PCHAR provName = NULL;
  309. DWORD provTypeLength;
  310. WCHAR typeBuffer[ 256 ];
  311. DWORD containerNameChars;
  312. PWCHAR containerName = NULL;
  313. WCHAR keyName[ NN_GUID_STRING_BUFFER_LENGTH + COUNT_OF( KeyDecoration ) ];
  315. HCRYPTPROV cryptoProvider = 0;
  316. HCRYPTKEY encryptKey = 0;
  318. RESOURCE_HANDLE resourceHandle = Resource->ResourceHandle;
  320. NETNAME_ENCRYPTED_DATA keyGenBuffer; // temp header buffer to generate key
  321. PNETNAME_ENCRYPTED_DATA encryptedInfo = NULL; // final data area
  323. //
  324. // there shouldn't be a checkpoint on the resource but just in case, let's
  325. // cleanup what might be there.
  326. //
  327. RemoveNNCryptoCheckpoint( Resource );
  329. //
  330. // get our GUID (ID) to uniquely identify this resource throughout renames
  331. //
  332. status = BuildKeyName( Resource->ClusterResourceHandle, keyName, COUNT_OF( keyName ));
  333. if ( status != ERROR_SUCCESS ) {
  334. (NetNameLogEvent)(resourceHandle,
  335. LOG_ERROR,
  336. L"Couldn't get resource ID to build crypto container name. status %1!u!.\n",
  337. status);
  339. return status;
  340. }
  342. //
  343. // get a handle to the full RSA provider
  344. //
  345. if ( !CryptAcquireContext(&cryptoProvider,
  346. keyName,
  347. MS_ENHANCED_PROV,
  348. PROV_RSA_FULL,
  349. CRYPT_MACHINE_KEYSET | CRYPT_SILENT))
  350. {
  351. status = GetLastError();
  352. if ( status == NTE_BAD_KEYSET ) {
  353. success = CryptAcquireContext(&cryptoProvider,
  354. keyName,
  355. MS_ENHANCED_PROV,
  356. PROV_RSA_FULL,
  357. CRYPT_MACHINE_KEYSET |
  358. CRYPT_SILENT |
  359. CRYPT_NEWKEYSET);
  361. status = success ? ERROR_SUCCESS : GetLastError();
  362. }
  364. if ( status != ERROR_SUCCESS ) {
  365. (NetNameLogEvent)(resourceHandle,
  366. LOG_ERROR,
  367. L"Can't acquire crypto context for encrypt. status %1!u!.\n",
  368. status);
  369. return status;
  370. }
  371. }
  373. //
  374. // generate a 1024 bit, exportable exchange key pair
  375. //
  376. if ( !CryptGenKey(cryptoProvider,
  377. AT_KEYEXCHANGE,
  378. ( 1024 << 16 ) | CRYPT_EXPORTABLE,
  379. &encryptKey)) {
  381. status = GetLastError();
  382. if ( status != ERROR_SUCCESS ) {
  383. (NetNameLogEvent)(resourceHandle,
  384. LOG_ERROR,
  385. L"Can't generate exchange key for encryption. status %1!u!.\n",
  386. status);
  387. goto cleanup;
  388. }
  389. }
  391. //
  392. // find the size we need for the buffer to receive the encrypted data
  393. //
  394. encDataLength = pwdLength;
  395. if ( CryptEncrypt(encryptKey,
  396. 0,
  397. TRUE,
  398. 0,
  399. NULL,
  400. &encDataLength,
  401. 0))
  402. {
  403. //
  404. // alloc a buffer large enough to hold the data and copy the password into it.
  405. //
  406. ASSERT( encDataLength >= pwdLength );
  408. encInfoLength = sizeof( NETNAME_ENCRYPTED_DATA ) + encDataLength;
  410. encryptedInfo = LocalAlloc( LMEM_FIXED, encInfoLength );
  411. if ( encryptedInfo != NULL ) {
  412. wcscpy( (PWCHAR)encryptedInfo->Data, MachinePwd );
  414. if ( CryptEncrypt(encryptKey,
  415. 0,
  416. TRUE,
  417. 0,
  418. encryptedInfo->Data,
  419. &pwdLength,
  420. encDataLength))
  421. {
  422. encryptedInfo->Version = NETNAME_ENCRYPTED_DATA_VERSION;
  424. status = ResUtilSetBinaryValue(Resource->ParametersKey,
  425. PARAM_NAME__RESOURCE_DATA,
  426. (const LPBYTE)encryptedInfo,
  427. encInfoLength,
  428. NULL,
  429. NULL);
  431. if ( status != ERROR_SUCCESS ) {
  432. (NetNameLogEvent)(resourceHandle,
  433. LOG_ERROR,
  434. L"Can't write %1!u! bytes of data to registry. status %2!u!.\n",
  435. encInfoLength,
  436. status);
  437. goto cleanup;
  438. }
  439. }
  440. else {
  441. status = GetLastError();
  442. (NetNameLogEvent)(resourceHandle,
  443. LOG_ERROR,
  444. L"Can't encrypt %1!u! bytes. status %2!u!.\n",
  445. pwdLength,
  446. status);
  447. goto cleanup;
  448. }
  449. }
  450. else {
  451. status = ERROR_NOT_ENOUGH_MEMORY;
  452. (NetNameLogEvent)(resourceHandle,
  453. LOG_ERROR,
  454. L"Can't allocate %1!u! bytes for encrypted data. status %2!u!.\n",
  455. encInfoLength,
  456. status);
  457. goto cleanup;
  458. }
  459. }
  460. else {
  461. status = GetLastError();
  462. (NetNameLogEvent)(resourceHandle,
  463. LOG_ERROR,
  464. L"Can't determine size of encrypted data buffer for %1!u! bytes of data. status %2!u!.\n",
  465. pwdLength,
  466. status);
  467. goto cleanup;
  468. }
  470. *EncryptedInfoLength = encInfoLength;
  471. *EncryptedInfo = (PBYTE)encryptedInfo;
  473. //
  474. // it all worked; build the key container string and add a crypto
  475. // checkpoint to the resource. Note that provider name is always returned
  476. // as an ANSI string.
  477. //
  478. typeBuffer[ COUNT_OF( typeBuffer ) - 1 ] = UNICODE_NULL;
  479. _snwprintf( typeBuffer, COUNT_OF( typeBuffer ) - 1, L"%u", PROV_RSA_FULL );
  481. if ( !CryptGetProvParam(cryptoProvider,
  482. PP_NAME,
  483. NULL,
  484. &provNameLength,
  485. 0))
  486. {
  487. status = GetLastError();
  488. (NetNameLogEvent)(resourceHandle,
  489. LOG_ERROR,
  490. L"Couldn't get length of provider name. status %1!u!.\n",
  491. status);
  492. goto cleanup;
  493. }
  495. provName = LocalAlloc( LMEM_FIXED, provNameLength );
  496. if ( provName == NULL ) {
  497. status = ERROR_NOT_ENOUGH_MEMORY;
  498. (NetNameLogEvent)(resourceHandle,
  499. LOG_ERROR,
  500. L"Couldn't allocate memory for provider name. status %1!u!.\n",
  501. status);
  502. goto cleanup;
  503. }
  505. if ( !CryptGetProvParam(cryptoProvider,
  506. PP_NAME,
  507. provName,
  508. &provNameLength,
  509. 0))
  510. {
  511. status = GetLastError();
  512. (NetNameLogEvent)(resourceHandle,
  513. LOG_ERROR,
  514. L"Couldn't get provider name. status %1!u!.\n",
  515. status);
  516. goto cleanup;
  517. }
  519. //
  520. // add 2 for the slashes in the key name plus one for the trailing null
  521. //
  522. containerNameChars = wcslen( typeBuffer ) + provNameLength + wcslen( keyName ) + 3;
  523. containerName = LocalAlloc( LMEM_FIXED, containerNameChars * sizeof( WCHAR ));
  524. if ( containerName == NULL ) {
  525. status = ERROR_NOT_ENOUGH_MEMORY;
  526. (NetNameLogEvent)(resourceHandle,
  527. LOG_ERROR,
  528. L"Couldn't allocate memory for checkpoint name. status %1!u!.\n",
  529. status);
  530. goto cleanup;
  531. }
  533. containerName[ containerNameChars - 1 ] = UNICODE_NULL;
  534. containerNameChars = _snwprintf(containerName,
  535. containerNameChars,
  536. L"%ws%\\%hs\\%ws",
  537. typeBuffer,
  538. provName,
  539. keyName );
  541. status = ClusterResourceControl(Resource->ClusterResourceHandle,
  542. NULL,
  543. CLUSCTL_RESOURCE_ADD_CRYPTO_CHECKPOINT,
  544. (PVOID)containerName,
  545. ( containerNameChars + 1 ) * sizeof( WCHAR ),
  546. NULL,
  547. 0,
  548. NULL);
  550. if ( status != ERROR_SUCCESS ) {
  551. (NetNameLogEvent)(resourceHandle,
  552. LOG_ERROR,
  553. L"Couldn't set crypto checkpoint. status %1!u!.\n",
  554. status);
  555. }
  557. cleanup:
  559. if ( status != ERROR_SUCCESS && encryptedInfo != NULL ) {
  560. LocalFree( encryptedInfo );
  561. *EncryptedInfo = NULL;
  562. }
  564. if ( encryptKey != 0 ) {
  565. if ( !CryptDestroyKey( encryptKey )) {
  566. (NetNameLogEvent)(resourceHandle,
  567. LOG_WARNING,
  568. L"Couldn't destory encryption key. status %1!u!.\n",
  569. GetLastError());
  570. }
  571. }
  573. if ( !CryptReleaseContext( cryptoProvider, 0 )) {
  574. (NetNameLogEvent)(resourceHandle,
  575. LOG_WARNING,
  576. L"Can't release crypto context. status %1!u!.\n",
  577. GetLastError());
  578. }
  580. if ( provName != NULL ) {
  581. LocalFree( provName );
  582. }
  584. if ( containerName != NULL ) {
  585. LocalFree( containerName );
  586. }
  588. return status;
  589. } // EncryptNNResourceData
  591. DWORD
  592. DecryptNNResourceData(
  593. PNETNAME_RESOURCE Resource,
  594. PBYTE EncryptedInfo,
  595. DWORD EncryptedInfoLength,
  596. LPWSTR MachinePwd
  597. )
  599. /*++
  601. Routine Description:
  603. Reverse of encrypt routine - find our crypto checkpoint container and
  604. decrypt random blob and hand back the password
  606. Arguments:
  608. resourceHandle - used to log into the cluster log
  610. EncryptedInfo - pointer to encrypted info header and data
  612. EncryptedInfoLength - # of bytes in EncryptedInfo
  614. MachinePwd - pointer to buffer that receives the unicode password
  616. Return Value:
  618. ERROR_SUCCESS, otherwise Win32 error
  620. --*/
  622. {
  623. DWORD status = ERROR_SUCCESS;
  624. DWORD encDataLength = EncryptedInfoLength - sizeof( NETNAME_ENCRYPTED_DATA );
  625. DWORD pwdByteLength;
  626. DWORD pwdBufferSize;
  627. PWCHAR machinePwd = NULL;
  628. PWCHAR containerName = NULL;
  629. DWORD providerType;
  630. PWCHAR providerName;
  631. PWCHAR keyName;
  632. PWCHAR p; // for scanning checkpointInfo
  633. DWORD scanCount;
  635. HCRYPTPROV cryptoProvider = 0;
  636. HCRYPTKEY encryptKey = 0;
  638. RESOURCE_HANDLE resourceHandle = Resource->ResourceHandle;
  640. PNETNAME_ENCRYPTED_DATA encryptedInfo = (PNETNAME_ENCRYPTED_DATA)EncryptedInfo;
  642. //
  643. // find our container name in this resource's list of crypto checkpoints
  644. //
  645. status = FindNNCryptoContainer( Resource, &containerName );
  646. if ( status != ERROR_SUCCESS ) {
  647. (NetNameLogEvent)(resourceHandle,
  648. LOG_ERROR,
  649. L"Couldn't find resource's container in crypto checkpoint info. status %1!u!.\n",
  650. status);
  652. return status;
  653. }
  655. //
  656. // break returned data into component parts
  657. //
  658. scanCount = swscanf( containerName, L"%d", &providerType );
  659. if ( scanCount == 0 || scanCount == EOF ) {
  660. (NetNameLogEvent)(resourceHandle,
  661. LOG_ERROR,
  662. L"Improperly formatted crypto checkpoint info \"%1!ws!\"\n",
  663. containerName);
  665. status = ERROR_INVALID_PARAMETER;
  666. goto cleanup;
  667. }
  669. p = containerName;
  670. while ( *p != L'\\' && *p != UNICODE_NULL ) ++p; // find backslash
  671. if ( *p == UNICODE_NULL ) {
  672. (NetNameLogEvent)(resourceHandle,
  673. LOG_ERROR,
  674. L"Improperly formatted crypto checkpoint info \"%1!ws!\"\n",
  675. containerName);
  677. status = ERROR_INVALID_PARAMETER;
  678. goto cleanup;
  679. }
  681. ++p; // skip over slash
  682. providerName = p; // remember beginning of provider name
  683. while ( *p != L'\\' && *p != UNICODE_NULL ) ++p; // find backslash
  684. if ( *p == UNICODE_NULL ) {
  685. (NetNameLogEvent)(resourceHandle,
  686. LOG_ERROR,
  687. L"Improperly formatted crypto checkpoint info \"%1!ws!\"\n",
  688. containerName);
  690. status = ERROR_INVALID_PARAMETER;
  691. goto cleanup;
  692. }
  694. *p++ = UNICODE_NULL; // terminate provider name and skip over NULL
  695. keyName = p; // remember container name
  697. //
  698. // get a handle to what was checkpointed
  699. //
  700. if ( !CryptAcquireContext(&cryptoProvider,
  701. keyName,
  702. providerName,
  703. providerType,
  704. CRYPT_MACHINE_KEYSET | CRYPT_SILENT))
  705. {
  706. status = GetLastError();
  707. (NetNameLogEvent)(resourceHandle,
  708. LOG_ERROR,
  709. L"Can't acquire crypto context for container %1!ws! with provider "
  710. L"\"%2!u!\\%3!ws!\". status %4!u!.\n",
  711. keyName,
  712. providerType,
  713. providerName,
  714. status);
  716. goto cleanup;
  717. }
  719. //
  720. // now get a handle to the exchange key
  721. //
  722. if ( ! CryptGetUserKey(cryptoProvider,
  723. AT_KEYEXCHANGE,
  724. &encryptKey))
  725. {
  726. status = GetLastError();
  727. (NetNameLogEvent)(resourceHandle,
  728. LOG_ERROR,
  729. L"Couldn't get size of crypto checkpoint info. status %1!u!.\n",
  730. status);
  731. goto cleanup;
  732. }
  734. //
  735. // CryptDecrypt writes the decrypted data back into the buffer that was
  736. // holding the encrypted data. For this reason, allocate a new buffer that
  737. // will eventually contain the password.
  738. //
  739. pwdByteLength = ( LM20_PWLEN + 1 ) * sizeof( WCHAR );
  740. pwdBufferSize = ( pwdByteLength > encDataLength ? pwdByteLength : encDataLength );
  742. machinePwd = LocalAlloc( LMEM_FIXED, pwdBufferSize );
  743. if ( machinePwd != NULL ) {
  744. RtlCopyMemory( machinePwd, encryptedInfo->Data, encDataLength );
  746. if ( CryptDecrypt(encryptKey,
  747. 0,
  748. TRUE,
  749. 0,
  750. (PBYTE)machinePwd,
  751. &encDataLength))
  752. {
  753. p = machinePwd;
  755. ASSERT( pwdByteLength == encDataLength );
  756. wcscpy( MachinePwd, machinePwd );
  758. while ( *p != UNICODE_NULL ) {
  759. *p++ = UNICODE_NULL;
  760. }
  761. }
  762. else {
  763. status = GetLastError();
  764. (NetNameLogEvent)(resourceHandle,
  765. LOG_ERROR,
  766. L"Can't decrypt %1!u! bytes of data. status %2!u!.\n",
  767. encDataLength,
  768. status);
  769. goto cleanup;
  770. }
  771. }
  772. else {
  773. status = ERROR_NOT_ENOUGH_MEMORY;
  774. (NetNameLogEvent)(resourceHandle,
  775. LOG_ERROR,
  776. L"Can't allocate %1!u! bytes for decrypt. status %2!u!.\n",
  777. pwdBufferSize,
  778. status);
  779. }
  781. cleanup:
  783. if ( machinePwd != NULL) {
  784. LocalFree( machinePwd );
  785. }
  787. if ( encryptKey != 0 ) {
  788. if ( !CryptDestroyKey( encryptKey )) {
  789. (NetNameLogEvent)(resourceHandle,
  790. LOG_WARNING,
  791. L"Couldn't destory session key. status %1!u!.\n",
  792. GetLastError());
  793. }
  794. }
  796. if ( cryptoProvider != 0 ) {
  797. if ( !CryptReleaseContext( cryptoProvider, 0 )) {
  798. (NetNameLogEvent)(resourceHandle,
  799. LOG_WARNING,
  800. L"Can't release crypto context. status %1!u!.\n",
  801. GetLastError());
  802. }
  803. }
  805. if ( containerName != NULL ) {
  806. LocalFree( containerName );
  807. }
  809. return status;
  810. } // DecryptNNResourceData
  812. VOID
  813. RemoveNNCryptoCheckpoint(
  814. PNETNAME_RESOURCE Resource
  815. )
  817. /*++
  819. Routine Description:
  821. Remove any crypto checkpoints associated with this resource. Delete the
  822. crypto container.
  824. Arguments:
  826. Resource - pointer to resource context block
  828. Return Value:
  830. None
  832. --*/
  834. {
  835. PWCHAR containerName = NULL;
  836. DWORD containerLength;
  837. DWORD status;
  838. WCHAR keyName[ NN_GUID_STRING_BUFFER_LENGTH + COUNT_OF( KeyDecoration ) ];
  840. HCRYPTPROV cryptoProvider;
  842. RESOURCE_HANDLE resourceHandle = Resource->ResourceHandle;
  844. //
  845. // find our container name in this resource's list of crypto checkpoints
  846. //
  847. status = FindNNCryptoContainer( Resource, &containerName );
  848. if ( status != ERROR_SUCCESS ) {
  849. return;
  850. }
  852. //
  853. // remove our container
  854. //
  855. containerLength = ( wcslen( containerName ) + 1 ) * sizeof( WCHAR );
  856. status = ClusterResourceControl(Resource->ClusterResourceHandle,
  857. NULL,
  858. CLUSCTL_RESOURCE_DELETE_CRYPTO_CHECKPOINT,
  859. containerName,
  860. containerLength,
  861. NULL,
  862. 0,
  863. NULL);
  865. if ( status != ERROR_SUCCESS ) {
  866. (NetNameLogEvent)(resourceHandle,
  867. LOG_WARNING,
  868. L"Couldn't remove crypto checkpoint \"%1!ws!\". status %2!u!.\n",
  869. containerName,
  870. status);
  871. }
  873. //
  874. // now delete the container; first, reconstruct the key name
  875. //
  876. status = BuildKeyName(Resource->ClusterResourceHandle, keyName, COUNT_OF( keyName ));
  877. if ( status == ERROR_SUCCESS ) {
  879. if ( CryptAcquireContext(&cryptoProvider,
  880. keyName,
  881. MS_ENHANCED_PROV,
  882. PROV_RSA_FULL,
  883. CRYPT_DELETEKEYSET | CRYPT_MACHINE_KEYSET))
  884. {
  885. (NetNameLogEvent)(resourceHandle,
  886. LOG_INFORMATION,
  887. L"Deleted crypto container \"%1!ws!\".\n",
  888. keyName);
  889. } else {
  890. status = GetLastError();
  891. (NetNameLogEvent)(resourceHandle,
  892. LOG_ERROR,
  893. L"Couldn't delete crypto container \"%1!ws!\". status %2!08X!.\n",
  894. keyName,
  895. status);
  896. }
  897. } else {
  898. (NetNameLogEvent)(resourceHandle,
  899. LOG_WARNING,
  900. L"Couldn't build key container name to delete crypto container. status %1!u!.\n",
  901. status);
  902. }
  904. if ( containerName != NULL ) {
  905. LocalFree( containerName );
  906. }
  908. } // RemoveNNCryptoCheckpoint
  911. /* end crypto.c */