archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 7b07a90fc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7b07a90fc1'
${ noResults }
windows-server-2003/inetsrv/pop3/shared/pop3auth/authmd5hash.cpp

449 lines
11 KiB
Raw Normal View History

commiting as it is
4 years ago
  2. #include "stdafx.h"
  3. #include <stdio.h>
  4. #include <WinCrypt.h>
  5. #include <mailbox.h>
  6. #include <Pop3RegKeys.h>
  7. #include "Pop3Auth.h"
  8. #include "AuthMD5Hash.h"
  9. #include <MD5.h>
  10. #include "authutil.h"
  12. CAuthMD5Hash::CAuthMD5Hash()
  13. {
  14. m_wszMailRoot[0]=0;
  15. m_bstrServerName=NULL;
  16. InitializeCriticalSection(&m_csConfig);
  17. }
  20. CAuthMD5Hash::~CAuthMD5Hash()
  21. {
  22. if(m_bstrServerName!=NULL)
  23. {
  24. SysFreeString(m_bstrServerName);
  25. m_bstrServerName=NULL;
  26. }
  27. DeleteCriticalSection(&m_csConfig);
  28. }
  30. STDMETHODIMP CAuthMD5Hash::Authenticate(/*[in]*/BSTR bstrUserName,/*[in]*/VARIANT vPassword)
  31. {
  32. //Either the password is clear text or it is the MD5 hash
  33. //the user will be authenticated.
  34. HRESULT hr=S_OK;
  35. char szPassword[MAX_PATH];
  36. WCHAR wszResult[MD5_HASH_SIZE+1];
  37. char szHashBuffer[HASH_BUFFER_SIZE];
  38. BSTR bstrPwd;
  39. if(vPassword.vt != VT_BSTR )
  40. {
  41. return E_INVALIDARG;
  42. }
  43. if(vPassword.bstrVal==NULL )
  44. {
  45. bstrPwd=L"";
  46. }
  47. else
  48. {
  49. bstrPwd=vPassword.bstrVal;
  50. }
  51. hr=GetPassword(bstrUserName, szPassword);
  52. if(S_OK==hr)
  53. {
  55. //Not a hash
  56. // Compare the with the stored password
  57. UnicodeToAnsi(szHashBuffer, HASH_BUFFER_SIZE,bstrPwd, -1);
  58. if(0!=strcmp(szHashBuffer, szPassword))
  59. {
  61. if(wcslen(bstrPwd)>MD5_HASH_SIZE) //Can be a hash
  62. {
  63. if(HASH_BUFFER_SIZE <= wcslen(vPassword.bstrVal) + strlen(szPassword) - MD5_HASH_SIZE )
  64. {
  65. //Error!
  66. hr=E_INVALIDARG;
  67. }
  68. else
  69. {
  70. if( 0>_snprintf(szHashBuffer,
  71. HASH_BUFFER_SIZE,
  72. "%S%s",
  73. vPassword.bstrVal+MD5_HASH_SIZE, //The time stamp
  74. szPassword) )
  75. {
  76. //The hashed password is too long to be correct
  77. return E_FAIL;
  78. }
  79. if(MD5Hash((const unsigned char*)szHashBuffer, wszResult))
  80. {
  81. if(0!=wcsncmp(wszResult, vPassword.bstrVal, MD5_HASH_SIZE))
  82. {
  83. hr=E_FAIL;
  84. }
  85. }
  86. else
  87. {
  88. hr=E_FAIL;
  89. }
  90. }
  91. }
  92. else
  93. {
  94. hr=E_FAIL;
  95. }
  96. }
  97. }
  99. //Clean the password in memory
  100. SecureZeroMemory(szPassword,sizeof(szPassword));
  101. SecureZeroMemory(szHashBuffer, sizeof(szHashBuffer));
  102. SecureZeroMemory(wszResult, sizeof(wszResult));
  104. return hr;
  105. }
  108. STDMETHODIMP CAuthMD5Hash::get_Name(/*[out]*/BSTR *pVal)
  109. {
  110. WCHAR wszBuffer[MAX_PATH+1];
  111. if(NULL==pVal)
  112. {
  113. return E_POINTER;
  114. }
  115. if(LoadString(_Module.GetResourceInstance(), IDS_AUTH_MD5_HASH, wszBuffer, MAX_PATH))
  116. {
  117. *pVal=SysAllocString(wszBuffer);
  118. if(NULL==*pVal)
  119. {
  120. return E_OUTOFMEMORY;
  121. }
  122. else
  123. {
  124. return S_OK;
  125. }
  126. }
  127. else
  128. {
  129. return E_FAIL;
  130. }
  131. }
  133. STDMETHODIMP CAuthMD5Hash::get_ID(/*[out]*/BSTR *pVal)
  134. {
  135. if(NULL==pVal)
  136. {
  137. return E_POINTER;
  138. }
  139. *pVal=SysAllocString(SZ_AUTH_ID_MD5_HASH);
  140. if(NULL==*pVal)
  141. {
  142. return E_OUTOFMEMORY;
  143. }
  144. else
  145. {
  146. return S_OK;
  147. }
  148. }
  151. STDMETHODIMP CAuthMD5Hash::Get(/*[in]*/BSTR bstrName, /*[out]*/VARIANT *pVal)
  152. {
  153. return E_NOTIMPL;
  154. }
  156. STDMETHODIMP CAuthMD5Hash::Put(/*[in]*/BSTR bstrName, /*[in]*/VARIANT vVal)
  157. {
  159. if( NULL == bstrName )
  160. {
  161. return E_INVALIDARG;
  162. }
  163. if(0==wcscmp(bstrName,SZ_SERVER_NAME ))
  164. {
  165. if( (vVal.vt!=VT_BSTR) ||
  166. (vVal.bstrVal==NULL ) )
  167. {
  168. return E_INVALIDARG;
  169. }
  170. else
  171. {
  172. if(m_bstrServerName!=NULL)
  173. {
  174. SysFreeString(m_bstrServerName);
  175. m_bstrServerName=NULL;
  176. }
  177. m_bstrServerName = SysAllocString(vVal.bstrVal);
  178. if(NULL == m_bstrServerName)
  179. {
  180. return E_OUTOFMEMORY;
  181. }
  182. return S_OK;
  183. }
  184. }
  185. else if(0==wcscmp(bstrName, SZ_PROPNAME_MAIL_ROOT))
  186. {
  187. if( (vVal.vt!=VT_BSTR) ||
  188. (vVal.bstrVal==NULL ) )
  189. {
  190. return E_INVALIDARG;
  191. }
  192. else if(0==m_wszMailRoot[0])
  193. {
  194. EnterCriticalSection(&m_csConfig);
  195. if(0==m_wszMailRoot[0])
  196. {
  197. if(wcslen(vVal.bstrVal)>=sizeof(m_wszMailRoot)/sizeof(WCHAR))
  198. {
  199. return E_INVALIDARG;
  200. }
  201. wcsncpy(m_wszMailRoot, vVal.bstrVal, sizeof(m_wszMailRoot)/sizeof(WCHAR));
  202. }
  203. LeaveCriticalSection(&m_csConfig);
  204. }
  205. }
  206. else
  207. {
  208. return S_FALSE;
  209. }
  211. return S_OK;
  212. }
  214. BOOL CAuthMD5Hash::MD5Hash(const unsigned char *pOriginal, WCHAR wszResult[MD5_HASH_SIZE+1])
  215. {
  218. MD5_CTX md5;
  219. unsigned char hash[16];
  220. WCHAR *p;
  221. int i;
  222. BOOL bRtVal=FALSE;
  223. if(NULL == pOriginal)
  224. {
  225. return bRtVal;
  226. }
  228. /*
  229. * Take the MD5 hash of the string argument.
  230. */
  232. MD5Init(&md5);
  233. MD5Update(&md5, pOriginal, strlen((char*)pOriginal));
  234. MD5Final(&md5);
  235. bRtVal=TRUE;
  236. if(bRtVal)
  237. {
  238. for (i=0, p=wszResult; i<16; i++, p+=2)
  239. wsprintf(p, L"%02x", md5.digest[i]);
  240. *p = L'\0';
  241. }
  243. return bRtVal;
  244. }
  247. HRESULT CAuthMD5Hash::GetPassword(BSTR bstrUserName, char szPassword[MAX_PATH])
  248. {
  249. return GetMD5Password( bstrUserName, szPassword );
  250. }
  252. HRESULT CAuthMD5Hash::SetPassword(/*[in]*/BSTR bstrUserName,/*[in]*/VARIANT vPassword)
  253. {
  254. // The mailbox should already been created
  255. WCHAR wszAuthGuid[MAX_PATH];
  256. WCHAR wszMailRoot[POP3_MAX_MAILROOT_LENGTH];
  257. DWORD dwAuthDataLen=sizeof(wszAuthGuid)/sizeof(WCHAR);
  258. DWORD dwBytes=0;
  259. DWORD dwCryptDataLen;
  260. DWORD dwRt;
  261. BYTE szEncryptedPswd[MAX_PATH];
  262. HRESULT hr = E_FAIL;
  263. CMailBox mailboxX;
  264. HCRYPTPROV hProv=NULL;
  265. HCRYPTHASH hHash=NULL;
  266. HCRYPTKEY hKey=NULL;
  267. if( ( NULL == bstrUserName ) ||
  268. ( vPassword.vt != VT_BSTR ) ||
  269. ( vPassword.bstrVal==NULL) )
  270. {
  271. return E_INVALIDARG;
  272. }
  274. if( L'\0'== *(vPassword.bstrVal))
  275. {
  276. return E_INVALIDARG;
  277. }
  279. if(m_bstrServerName)
  280. {
  281. dwRt=RegQueryMailRoot(wszMailRoot, sizeof(wszMailRoot)/sizeof(WCHAR) , m_bstrServerName );
  282. if( ERROR_SUCCESS == dwRt )
  283. {
  284. // Replace drive: with drive$
  285. if ( L':' == wszMailRoot[1] )
  286. {
  287. wszMailRoot[1] = L'$';
  288. if ( sizeof(m_wszMailRoot)/sizeof(WCHAR) > (wcslen( wszMailRoot ) + wcslen( m_bstrServerName ) + 3) )
  289. {
  290. wcscpy( m_wszMailRoot, L"\\\\" );
  291. wcscat( m_wszMailRoot, m_bstrServerName );
  292. wcscat( m_wszMailRoot, L"\\" );
  293. wcscat( m_wszMailRoot, wszMailRoot );
  295. if( ! mailboxX.SetMailRoot(m_wszMailRoot) )
  296. {
  297. dwRt= GetLastError();
  298. }
  299. }
  300. else
  301. dwRt = ERROR_INSUFFICIENT_BUFFER;
  302. }
  303. else
  304. dwRt = ERROR_INVALID_DATA;
  305. }
  307. if( ERROR_SUCCESS == dwRt)
  308. {
  309. hr = HRESULT_FROM_WIN32( dwRt );
  310. goto EXIT;
  311. }
  312. }
  315. if ( mailboxX.OpenMailBox( bstrUserName ))
  316. {
  317. if ( mailboxX.LockMailBox())
  318. {
  319. //Set the password
  320. if(ERROR_SUCCESS == RegQueryAuthGuid(wszAuthGuid, &dwAuthDataLen, m_bstrServerName) )
  321. {
  322. if(!CryptAcquireContext(&hProv, NULL, MS_ENHANCED_PROV, PROV_RSA_FULL, CRYPT_VERIFYCONTEXT))
  323. {
  324. goto EXIT;
  325. }
  326. if(!CryptCreateHash(hProv, CALG_MD5, 0, 0, &hHash))
  327. {
  328. goto EXIT;
  329. }
  330. if(!CryptHashData(hHash, (LPBYTE)wszAuthGuid, dwAuthDataLen, 0))
  331. {
  332. goto EXIT;
  333. }
  334. if(!CryptDeriveKey(hProv, CALG_RC4, hHash, (128<<16),&hKey))
  335. {
  336. goto EXIT;
  337. }
  338. dwCryptDataLen=( wcslen(vPassword.bstrVal) +1 ) * sizeof(WCHAR);
  339. if(dwCryptDataLen > MAX_PATH )
  340. {
  341. //Exceed buffer size
  342. goto EXIT;
  343. }
  344. wcscpy((LPWSTR)szEncryptedPswd, vPassword.bstrVal);
  345. if(CryptEncrypt(hKey, 0, FALSE, 0, szEncryptedPswd, &dwCryptDataLen, dwCryptDataLen))
  346. {
  347. if ( mailboxX.SetEncyptedPassword( szEncryptedPswd, dwCryptDataLen, &dwBytes ))
  348. {
  349. hr = S_OK;
  350. }
  351. }
  352. }
  353. mailboxX.UnlockMailBox();
  354. }
  355. }
  356. EXIT:
  357. if(hKey)
  358. {
  359. CryptDestroyKey(hKey);
  360. }
  361. if(hHash)
  362. {
  363. CryptDestroyHash(hHash);
  364. }
  365. if(hProv)
  366. {
  367. CryptReleaseContext(hProv, 0);
  368. }
  370. return hr;
  371. }
  374. STDMETHODIMP CAuthMD5Hash::CreateUser(/*[in]*/BSTR bstrUserName,/*[in]*/VARIANT vPassword)
  375. {
  376. return SetPassword(bstrUserName, vPassword);
  377. }
  380. STDMETHODIMP CAuthMD5Hash::DeleteUser(/*[in]*/BSTR bstrUserName)
  381. {
  382. // Nothing to do in this.
  383. return S_FALSE;
  384. }
  387. STDMETHODIMP CAuthMD5Hash::ChangePassword(/*[in]*/BSTR bstrUserName,/*[in]*/VARIANT vNewPassword,/*[in]*/VARIANT vOldPassword)
  388. {
  389. //This function does not verify old password
  390. return SetPassword(bstrUserName, vNewPassword);
  391. }
  393. STDMETHODIMP CAuthMD5Hash::AssociateEmailWithUser(/*[in]*/BSTR bstrEmailAddr)
  394. {
  395. CMailBox mailboxX;
  396. DWORD dwRt=ERROR_SUCCESS;
  397. WCHAR wszMailRoot[POP3_MAX_MAILROOT_LENGTH];
  400. if(m_bstrServerName)
  401. {
  403. dwRt=RegQueryMailRoot(wszMailRoot,sizeof(wszMailRoot)/sizeof(WCHAR) , m_bstrServerName );
  404. if( ERROR_SUCCESS == dwRt )
  405. {
  406. // Replace drive: with drive$
  407. if ( L':' == wszMailRoot[1] )
  408. {
  409. wszMailRoot[1] = L'$';
  410. if ( sizeof(m_wszMailRoot)/sizeof(WCHAR) > (wcslen( wszMailRoot ) + wcslen( m_bstrServerName ) + 3) )
  411. {
  412. wcscpy( m_wszMailRoot, L"\\\\" );
  413. wcscat( m_wszMailRoot, m_bstrServerName );
  414. wcscat( m_wszMailRoot, L"\\" );
  415. wcscat( m_wszMailRoot, wszMailRoot );
  417. if( ! mailboxX.SetMailRoot(m_wszMailRoot) )
  418. {
  419. dwRt= GetLastError();
  420. }
  421. }
  422. else
  423. dwRt = ERROR_INSUFFICIENT_BUFFER;
  424. }
  425. else
  426. dwRt = ERROR_INVALID_DATA;
  427. }
  428. }
  430. if (ERROR_SUCCESS == dwRt)
  431. {
  432. if ( mailboxX.OpenMailBox( bstrEmailAddr ))
  433. {
  434. return S_OK;
  435. }
  436. else
  437. {
  438. dwRt=GetLastError();
  439. }
  440. }
  443. return HRESULT_FROM_WIN32( dwRt);
  444. }
  446. STDMETHODIMP CAuthMD5Hash::UnassociateEmailWithUser(/*[in]*/BSTR bstrEmailAddr)
  447. {
  448. return AssociateEmailWithUser( bstrEmailAddr );
  449. }