archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 7b07a90fc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7b07a90fc1'
${ noResults }
windows-server-2003/ds/security/cryptoapi/secstor/dpapisvc/keycache.cpp

507 lines
12 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (c) 1998 Microsoft Corporation
  5. Module Name:
  7. keycache.h
  9. Abstract:
  11. This module contains routines for accessing cached masterkeys.
  13. Author:
  15. Scott Field (sfield) 07-Nov-98
  17. Revision History:
  19. --*/
  21. #include <pch.cpp>
  22. #pragma hdrstop
  24. //
  25. // masterkey cache.
  26. //
  28. typedef struct {
  29. LIST_ENTRY Next;
  30. LUID LogonId;
  31. GUID guidMasterKey;
  32. FILETIME ftLastAccess;
  33. DWORD cbMasterKey;
  34. BYTE pbMasterKey[ 64 ];
  35. } MASTERKEY_CACHE_ENTRY, *PMASTERKEY_CACHE_ENTRY, *LPMASTERKEY_CACHE_ENTRY;
  37. RTL_CRITICAL_SECTION g_MasterKeyCacheCritSect;
  38. LIST_ENTRY g_MasterKeyCacheList;
  42. BOOL
  43. RemoveMasterKeyCache(
  44. IN PLUID pLogonId
  45. );
  48. #if DBG
  49. void
  50. DumpMasterKeyEntry(
  51. PMASTERKEY_CACHE_ENTRY pCacheEntry)
  52. {
  53. WCHAR wszguidMasterKey[MAX_GUID_SZ_CHARS];
  54. #if 0
  55. BYTE rgbMasterKey[256];
  56. DWORD cbMasterKey;
  57. #endif
  59. D_DebugLog((DEB_TRACE, "LogonId: %d.%d\n", pCacheEntry->LogonId.LowPart, pCacheEntry->LogonId.HighPart));
  61. if( MyGuidToStringW( &pCacheEntry->guidMasterKey, wszguidMasterKey ) != 0 )
  62. {
  63. D_DebugLog((DEB_TRACE, "Invalid GUID:\n"));
  64. D_DPAPIDumpHexData(DEB_TRACE, " ", (PBYTE)&pCacheEntry->guidMasterKey, sizeof(pCacheEntry->guidMasterKey));
  65. }
  66. else
  67. {
  68. D_DebugLog((DEB_TRACE, "GUID: %ws\n", wszguidMasterKey));
  69. }
  71. #if 0
  72. cbMasterKey = min(pCacheEntry->cbMasterKey, sizeof(rgbMasterKey));
  73. CopyMemory(rgbMasterKey, pCacheEntry->pbMasterKey, cbMasterKey);
  75. LsaProtectMemory(rgbMasterKey, cbMasterKey);
  77. D_DebugLog((DEB_TRACE, "Master key:\n"));
  78. D_DPAPIDumpHexData(DEB_TRACE, " ", rgbMasterKey, cbMasterKey);
  79. #endif
  80. }
  81. #endif
  83. #if DBG
  84. void
  85. DumpMasterKeyCache(void)
  86. {
  87. PLIST_ENTRY ListEntry;
  88. PLIST_ENTRY ListHead;
  89. PMASTERKEY_CACHE_ENTRY pCacheEntry;
  90. ULONG i = 0;
  92. RtlEnterCriticalSection( &g_MasterKeyCacheCritSect );
  94. D_DebugLog((DEB_TRACE, "Master key cache\n"));
  96. ListHead = &g_MasterKeyCacheList;
  98. for( ListEntry = ListHead->Flink;
  99. ListEntry != ListHead;
  100. ListEntry = ListEntry->Flink )
  101. {
  102. pCacheEntry = CONTAINING_RECORD( ListEntry, MASTERKEY_CACHE_ENTRY, Next );
  104. D_DebugLog((DEB_TRACE, "---- %d ----\n", ++i));
  106. DumpMasterKeyEntry(pCacheEntry);
  107. }
  109. RtlLeaveCriticalSection( &g_MasterKeyCacheCritSect );
  110. }
  111. #endif
  114. BOOL
  115. SearchMasterKeyCache(
  116. IN PLUID pLogonId,
  117. IN GUID *pguidMasterKey,
  118. IN OUT PBYTE *ppbMasterKey,
  119. OUT PDWORD pcbMasterKey
  120. )
  121. /*++
  123. Search the masterkey sorted masterkey cache by pLogonId then by
  124. pguidMasterKey.
  126. On success, return value is true, and ppbMasterKey will point to a buffer
  127. allocated on behalf of the caller containing the specified masterkey.
  128. The caller must free the buffer using SSFree().
  130. --*/
  131. {
  132. PLIST_ENTRY ListEntry;
  133. PLIST_ENTRY ListHead;
  134. BOOL fSuccess = FALSE;
  136. #if DBG
  137. WCHAR wszguidMasterKey[MAX_GUID_SZ_CHARS];
  138. #endif
  140. RtlEnterCriticalSection( &g_MasterKeyCacheCritSect );
  142. #if DBG
  143. D_DebugLog((DEB_TRACE, "SearchMasterKeyCache\n"));
  144. D_DebugLog((DEB_TRACE, "LogonId: %d.%d\n", pLogonId->LowPart, pLogonId->HighPart));
  146. if( MyGuidToStringW( pguidMasterKey, wszguidMasterKey ) != 0 )
  147. {
  148. D_DebugLog((DEB_TRACE, "Invalid GUID:\n"));
  149. D_DPAPIDumpHexData(DEB_TRACE, " ", (PBYTE)pguidMasterKey, sizeof(GUID));
  150. }
  151. else
  152. {
  153. D_DebugLog((DEB_TRACE, "GUID: %ws\n", wszguidMasterKey));
  154. }
  156. //DumpMasterKeyCache();
  157. #endif
  159. ListHead = &g_MasterKeyCacheList;
  161. for( ListEntry = ListHead->Flink;
  162. ListEntry != ListHead;
  163. ListEntry = ListEntry->Flink ) {
  165. PMASTERKEY_CACHE_ENTRY pCacheEntry;
  166. signed int comparator;
  168. pCacheEntry = CONTAINING_RECORD( ListEntry, MASTERKEY_CACHE_ENTRY, Next );
  170. //
  171. // search by LogonId, then by GUID.
  172. //
  174. comparator = memcmp(pLogonId, &pCacheEntry->LogonId, sizeof(LUID));
  176. if( comparator < 0 )
  177. continue;
  179. if( comparator > 0 )
  180. break;
  182. comparator = memcmp(pguidMasterKey, &pCacheEntry->guidMasterKey, sizeof(GUID));
  184. if( comparator < 0 )
  185. continue;
  187. if( comparator > 0 )
  188. break;
  190. //
  191. // match found.
  192. //
  194. *pcbMasterKey = pCacheEntry->cbMasterKey;
  195. *ppbMasterKey = (PBYTE)SSAlloc( *pcbMasterKey );
  196. if( *ppbMasterKey != NULL ) {
  197. CopyMemory( *ppbMasterKey, pCacheEntry->pbMasterKey, *pcbMasterKey );
  198. fSuccess = TRUE;
  199. }
  202. //
  203. // update last access time.
  204. //
  206. GetSystemTimeAsFileTime( &pCacheEntry->ftLastAccess );
  208. break;
  209. }
  212. RtlLeaveCriticalSection( &g_MasterKeyCacheCritSect );
  214. if( fSuccess ) {
  216. //
  217. // decrypt (in-place) the returned encrypted cache entry.
  218. //
  220. LsaUnprotectMemory( *ppbMasterKey, *pcbMasterKey );
  221. }
  223. D_DebugLog((DEB_TRACE, "SearchMasterKeyCache returned %s\n", fSuccess ? "FOUND" : "NOT FOUND"));
  225. return fSuccess;
  226. }
  229. BOOL
  230. InsertMasterKeyCache(
  231. IN PLUID pLogonId,
  232. IN GUID *pguidMasterKey,
  233. IN PBYTE pbMasterKey,
  234. IN DWORD cbMasterKey
  235. )
  236. /*++
  238. Insert the specified masterkey into the cahce sorted by pLogonId then by
  239. pguidMasterKey.
  241. The return value is TRUE on success.
  243. --*/
  244. {
  245. PLIST_ENTRY ListEntry;
  246. PLIST_ENTRY ListHead;
  247. PMASTERKEY_CACHE_ENTRY pCacheEntry;
  248. PMASTERKEY_CACHE_ENTRY pThisCacheEntry = NULL;
  249. BOOL fInserted = FALSE;
  251. D_DebugLog((DEB_TRACE, "InsertMasterKeyCache\n"));
  253. if( cbMasterKey > sizeof(pCacheEntry->pbMasterKey) )
  254. return FALSE;
  256. pCacheEntry = (PMASTERKEY_CACHE_ENTRY)SSAlloc( sizeof( MASTERKEY_CACHE_ENTRY ) );
  257. if( pCacheEntry == NULL )
  258. return FALSE;
  260. CopyMemory( &pCacheEntry->LogonId, pLogonId, sizeof(LUID) );
  261. CopyMemory( &pCacheEntry->guidMasterKey, pguidMasterKey, sizeof(GUID) );
  262. pCacheEntry->cbMasterKey = cbMasterKey;
  263. CopyMemory( pCacheEntry->pbMasterKey, pbMasterKey, cbMasterKey );
  265. LsaProtectMemory( pCacheEntry->pbMasterKey, cbMasterKey );
  267. GetSystemTimeAsFileTime( &pCacheEntry->ftLastAccess );
  269. RtlEnterCriticalSection( &g_MasterKeyCacheCritSect );
  271. #if DBG
  272. DumpMasterKeyEntry(pCacheEntry);
  273. #endif
  275. ListHead = &g_MasterKeyCacheList;
  277. for( ListEntry = ListHead->Flink;
  278. ListEntry != ListHead;
  279. ListEntry = ListEntry->Flink ) {
  281. signed int comparator;
  283. pThisCacheEntry = CONTAINING_RECORD( ListEntry, MASTERKEY_CACHE_ENTRY, Next );
  285. //
  286. // insert into list sorted by LogonId, then sorted by GUID.
  287. //
  289. comparator = memcmp(pLogonId, &pThisCacheEntry->LogonId, sizeof(LUID));
  291. if( comparator < 0 )
  292. continue;
  294. if( comparator == 0 ) {
  295. comparator = memcmp( pguidMasterKey, &pThisCacheEntry->guidMasterKey, sizeof(GUID));
  297. if( comparator < 0 )
  298. continue;
  300. if( comparator == 0 ) {
  302. //
  303. // don't insert duplicate records.
  304. // this would only happen in a race condition with multiple threads.
  305. //
  307. RtlSecureZeroMemory( pCacheEntry, sizeof(MASTERKEY_CACHE_ENTRY) );
  308. SSFree( pCacheEntry );
  309. fInserted = TRUE;
  310. break;
  311. }
  312. }
  315. //
  316. // insert prior to current record.
  317. //
  319. InsertHeadList( pThisCacheEntry->Next.Blink, &pCacheEntry->Next );
  320. fInserted = TRUE;
  321. break;
  322. }
  324. if( !fInserted ) {
  325. if( pThisCacheEntry == NULL ) {
  326. InsertHeadList( ListHead, &pCacheEntry->Next );
  327. } else {
  328. InsertHeadList( &pThisCacheEntry->Next, &pCacheEntry->Next );
  329. }
  330. }
  332. #if DBG
  333. //DumpMasterKeyCache();
  334. #endif
  336. RtlLeaveCriticalSection( &g_MasterKeyCacheCritSect );
  338. return TRUE;
  339. }
  341. BOOL
  342. PurgeMasterKeyCache(
  343. VOID
  344. )
  345. /*++
  347. Purge masterkey cache of timed-out entries, or entries associated with
  348. terminated logon sessions.
  350. --*/
  351. {
  352. //
  353. // build active session table.
  354. //
  356. // don't touch entries that have an entry in active session table.
  357. // assume LUID_SYSTEM in table.
  358. //
  360. // entries not in table: discard after 15 minute timeout.
  361. //
  364. // if entry in table, find next LUID
  365. // else, if entry expired, check timeout. if expired, remove.
  366. //
  368. PLIST_ENTRY ListEntry;
  369. PLIST_ENTRY ListHead;
  372. RtlEnterCriticalSection( &g_MasterKeyCacheCritSect );
  374. ListHead = &g_MasterKeyCacheList;
  376. for( ListEntry = ListHead->Flink;
  377. ListEntry != ListHead;
  378. ListEntry = ListEntry->Flink ) {
  380. PMASTERKEY_CACHE_ENTRY pCacheEntry;
  381. // signed int comparator;
  383. pCacheEntry = CONTAINING_RECORD( ListEntry, MASTERKEY_CACHE_ENTRY, Next );
  384. }
  387. RtlLeaveCriticalSection( &g_MasterKeyCacheCritSect );
  389. return FALSE;
  390. }
  392. BOOL
  393. RemoveMasterKeyCache(
  394. IN PLUID pLogonId
  395. )
  396. /*++
  398. Remove all entries from the masterkey cache corresponding to the specified
  399. pLogonId.
  401. The purpose of this routine is to purge the masterkey cache of entries
  402. associated with (now) non-existent logon sessions.
  404. --*/
  405. {
  407. PLIST_ENTRY ListEntry;
  408. PLIST_ENTRY ListHead;
  410. RtlEnterCriticalSection( &g_MasterKeyCacheCritSect );
  412. D_DebugLog((DEB_TRACE, "RemoveMasterKeyCache\n"));
  413. D_DebugLog((DEB_TRACE, "LogonId: %d.%d\n", pLogonId->LowPart, pLogonId->HighPart));
  415. ListHead = &g_MasterKeyCacheList;
  417. for( ListEntry = ListHead->Flink;
  418. ListEntry != ListHead;
  419. ListEntry = ListEntry->Flink ) {
  421. PMASTERKEY_CACHE_ENTRY pCacheEntry;
  422. signed int comparator;
  424. pCacheEntry = CONTAINING_RECORD( ListEntry, MASTERKEY_CACHE_ENTRY, Next );
  426. //
  427. // remove all entries with matching LogonId.
  428. //
  430. comparator = memcmp(pLogonId, &pCacheEntry->LogonId, sizeof(LUID));
  432. if( comparator > 0 )
  433. break;
  435. if( comparator < 0 )
  436. continue;
  438. //
  439. // match found.
  440. //
  442. RemoveEntryList( &pCacheEntry->Next );
  444. RtlSecureZeroMemory( pCacheEntry, sizeof(MASTERKEY_CACHE_ENTRY) );
  445. SSFree( pCacheEntry );
  446. }
  449. RtlLeaveCriticalSection( &g_MasterKeyCacheCritSect );
  451. return TRUE;
  452. }
  456. BOOL
  457. InitializeKeyCache(
  458. VOID
  459. )
  460. {
  461. NTSTATUS Status;
  463. Status = RtlInitializeCriticalSection( &g_MasterKeyCacheCritSect );
  464. if(!NT_SUCCESS(Status))
  465. {
  466. return FALSE;
  467. }
  469. InitializeListHead( &g_MasterKeyCacheList );
  471. return TRUE;
  472. }
  475. VOID
  476. DeleteKeyCache(
  477. VOID
  478. )
  479. {
  481. //
  482. // remove all list entries.
  483. //
  485. RtlEnterCriticalSection( &g_MasterKeyCacheCritSect );
  487. while ( !IsListEmpty( &g_MasterKeyCacheList ) ) {
  489. PMASTERKEY_CACHE_ENTRY pCacheEntry;
  491. pCacheEntry = CONTAINING_RECORD(
  492. g_MasterKeyCacheList.Flink,
  493. MASTERKEY_CACHE_ENTRY,
  494. Next
  495. );
  497. RemoveEntryList( &pCacheEntry->Next );
  499. RtlSecureZeroMemory( pCacheEntry, sizeof(MASTERKEY_CACHE_ENTRY) );
  500. SSFree( pCacheEntry );
  501. }
  503. RtlLeaveCriticalSection( &g_MasterKeyCacheCritSect );
  505. RtlDeleteCriticalSection( &g_MasterKeyCacheCritSect );
  506. }