archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3 Commits
1 Branch
0 Tags
3.3 GiB
Tree: 827363a95b
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '827363a95b'
${ noResults }
windows-server-2003/ds/security/cryptoapi/common/dpapi/passrec.cpp

706 lines
17 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (c) 2000 Microsoft Corporation
  5. Module Name:
  7. passrec.c
  9. Abstract:
  11. This module contains client side code to handle the local key recovery case.
  13. Author:
  15. Pete Skelly (petesk) May 9, 2000
  17. --*/
  19. #include <nt.h>
  20. #include <ntrtl.h>
  21. #include <nturtl.h>
  22. #include <windows.h>
  23. #include <lm.h>
  24. #include <rpc.h>
  26. #include <shlobj.h>
  27. #include <userenv.h>
  29. #include <wincrypt.h>
  30. #include "passrecp.h"
  31. #include "dpapiprv.h"
  32. #include "pasrec.h"
  33. #include "passrec.h"
  35. #define FILETIME_TICKS_PER_SECOND 10000000
  36. #define RECOVERYKEY_LIFETIME (60*60*24*365*5) // 5 Years
  39. DWORD
  40. PRRecoverPassword(
  41. IN LPWSTR pszUsername,
  42. IN PBYTE pbRecoveryPrivate,
  43. IN DWORD cbRecoveryPrivate,
  44. IN LPWSTR pszNewPassword)
  45. {
  46. DWORD dwError = ERROR_SUCCESS;
  47. RPC_BINDING_HANDLE h;
  48. unsigned short *pszBinding;
  51. if((NULL == pszUsername) ||
  52. (NULL == pbRecoveryPrivate) ||
  53. (NULL == pszNewPassword))
  54. {
  55. return ERROR_INVALID_PARAMETER;
  56. }
  59. dwError = RpcStringBindingComposeW(
  60. NULL,
  61. (unsigned short*)DPAPI_LOCAL_PROT_SEQ,
  62. NULL,
  63. (unsigned short*)DPAPI_LOCAL_ENDPOINT,
  64. NULL,
  65. &pszBinding
  66. );
  69. if (RPC_S_OK != dwError)
  70. {
  71. return(dwError);
  72. }
  74. dwError = RpcBindingFromStringBindingW(pszBinding, &h);
  75. if (RPC_S_OK != dwError)
  76. {
  77. goto error;
  78. }
  80. dwError = RpcEpResolveBinding(
  81. h,
  82. PasswordRecovery_v1_0_c_ifspec);
  83. if (RPC_S_OK != dwError)
  84. {
  85. goto error;
  86. }
  88. __try
  89. {
  90. dwError = SSRecoverPassword(h,
  91. (PBYTE)pszUsername,
  92. (wcslen(pszUsername) + 1) * sizeof(WCHAR),
  93. pbRecoveryPrivate,
  94. cbRecoveryPrivate,
  95. (PBYTE)pszNewPassword,
  96. (wcslen(pszNewPassword) + 1) * sizeof(WCHAR));
  97. }
  98. __except ( EXCEPTION_EXECUTE_HANDLER )
  99. {
  100. dwError = _exception_code();
  101. }
  103. error:
  105. if(pszBinding)
  106. {
  107. RpcStringFreeW(&pszBinding);
  108. }
  109. if(h)
  110. {
  111. RpcBindingFree(&h);
  112. }
  114. return dwError;
  115. }
  118. DWORD
  119. PRQueryStatus(
  120. IN OPTIONAL LPWSTR pszDomain,
  121. IN OPTIONAL LPWSTR pszUserName,
  122. OUT DWORD *pdwStatus)
  123. {
  124. DWORD dwError = ERROR_SUCCESS;
  125. RPC_BINDING_HANDLE h;
  126. WCHAR *pszBinding;
  127. WCHAR szUserName[UNLEN + 1];
  128. DWORD cchUserName;
  130. if(NULL == pdwStatus)
  131. {
  132. return ERROR_INVALID_PARAMETER;
  133. }
  135. //
  136. // If the caller didn't specify a username, then use the
  137. // username of the calling thread.
  138. //
  140. if(pszUserName == NULL)
  141. {
  142. pszUserName = szUserName;
  144. cchUserName = sizeof(szUserName) / sizeof(WCHAR);
  145. if(!GetUserNameW(szUserName, &cchUserName))
  146. {
  147. return GetLastError();
  148. }
  149. }
  152. dwError = RpcStringBindingComposeW(
  153. NULL,
  154. (unsigned short*)DPAPI_LOCAL_PROT_SEQ,
  155. NULL,
  156. (unsigned short*)DPAPI_LOCAL_ENDPOINT,
  157. NULL,
  158. &pszBinding
  159. );
  162. if (RPC_S_OK != dwError)
  163. {
  164. return(dwError);
  165. }
  167. dwError = RpcBindingFromStringBindingW(pszBinding, &h);
  168. if (RPC_S_OK != dwError)
  169. {
  170. goto error;
  171. }
  173. dwError = RpcEpResolveBinding(
  174. h,
  175. PasswordRecovery_v1_0_c_ifspec);
  176. if (RPC_S_OK != dwError)
  177. {
  178. goto error;
  179. }
  181. __try
  182. {
  183. dwError = SSRecoverQueryStatus(
  184. h,
  185. (PBYTE)pszUserName,
  186. (wcslen(pszUserName) + 1) * sizeof(WCHAR),
  187. pdwStatus);
  189. }
  190. __except ( EXCEPTION_EXECUTE_HANDLER )
  191. {
  192. dwError = _exception_code();
  193. }
  195. error:
  197. if(pszBinding)
  198. {
  199. RpcStringFreeW(&pszBinding);
  200. }
  201. if(h)
  202. {
  203. RpcBindingFree(&h);
  204. }
  206. return dwError;
  207. }
  211. DWORD
  212. PRImportRecoveryKey(
  213. IN LPWSTR pszUsername,
  214. IN LPWSTR pszCurrentPassword,
  215. IN BYTE* pbRecoveryPublic,
  216. IN DWORD cbRecoveryPublic)
  217. {
  218. DWORD dwError = ERROR_SUCCESS;
  219. RPC_BINDING_HANDLE h;
  220. unsigned short *pszBinding;
  222. if((NULL == pbRecoveryPublic) ||
  223. (0 == cbRecoveryPublic) ||
  224. (NULL == pszUsername) ||
  225. (NULL == pszCurrentPassword))
  226. {
  227. return ERROR_INVALID_PARAMETER;
  228. }
  232. dwError = RpcStringBindingComposeW(
  233. NULL,
  234. (unsigned short*)DPAPI_LOCAL_PROT_SEQ,
  235. NULL,
  236. (unsigned short*)DPAPI_LOCAL_ENDPOINT,
  237. NULL,
  238. &pszBinding
  239. );
  242. if (RPC_S_OK != dwError)
  243. {
  244. return(dwError);
  245. }
  247. dwError = RpcBindingFromStringBindingW(pszBinding, &h);
  248. if (RPC_S_OK != dwError)
  249. {
  250. goto error;
  251. }
  253. dwError = RpcEpResolveBinding(
  254. h,
  255. PasswordRecovery_v1_0_c_ifspec);
  256. if (RPC_S_OK != dwError)
  257. {
  258. goto error;
  259. }
  261. __try
  262. {
  264. dwError = SSRecoverImportRecoveryKey(
  265. h,
  266. (PBYTE)pszUsername,
  267. (wcslen(pszUsername) + 1) * sizeof(WCHAR),
  268. (PBYTE)pszCurrentPassword,
  269. (wcslen(pszCurrentPassword) + 1) * sizeof(WCHAR),
  270. pbRecoveryPublic,
  271. cbRecoveryPublic);
  273. }
  274. __except ( EXCEPTION_EXECUTE_HANDLER )
  275. {
  276. dwError = _exception_code();
  277. }
  279. error:
  281. if(pszBinding)
  282. {
  283. RpcStringFreeW(&pszBinding);
  284. }
  285. if(h)
  286. {
  287. RpcBindingFree(&h);
  288. }
  290. return dwError;
  291. }
  294. DWORD GenerateRecoveryCert(HCRYPTPROV hCryptProv,
  295. HCRYPTKEY hCryptKey,
  296. LPWSTR pszUsername,
  297. PSID pSid,
  298. PBYTE *ppbPublicExportData,
  299. DWORD *pcbPublicExportLength)
  300. {
  302. DWORD dwError = ERROR_SUCCESS;
  304. CERT_INFO CertInfo;
  305. CERT_PUBLIC_KEY_INFO *pKeyInfo = NULL;
  306. DWORD cbKeyInfo = 0;
  307. CERT_NAME_BLOB CertName;
  308. CERT_RDN_ATTR RDNAttributes[1];
  309. CERT_RDN CertRDN[] = {1, RDNAttributes} ;
  310. CERT_NAME_INFO NameInfo = {1, CertRDN};
  311. PCCERT_CONTEXT pCertContext = NULL;
  313. GUID GuidKey;
  316. CertName.pbData = NULL;
  317. CertName.cbData = 0;
  319. RDNAttributes[0].Value.pbData = NULL;
  320. RDNAttributes[0].Value.cbData = 0;
  322. DWORD cbCertSize = 0;
  323. PBYTE pbCert = NULL;
  324. DWORD cSize = 0;
  327. dwError = UuidCreate( &GuidKey );
  329. if(ERROR_SUCCESS != dwError)
  330. {
  331. goto error;
  332. }
  334. // Generate a self-signed cert structure
  336. RDNAttributes[0].dwValueType = CERT_RDN_PRINTABLE_STRING;
  337. RDNAttributes[0].pszObjId = szOID_COMMON_NAME;
  340. RDNAttributes[0].Value.cbData = wcslen(pszUsername) * sizeof(WCHAR);
  342. RDNAttributes[0].Value.pbData = (PBYTE)pszUsername;
  345. //
  346. // Get the actual public key info from the key
  347. //
  348. if(!CryptExportPublicKeyInfo(hCryptProv,
  349. AT_KEYEXCHANGE,
  350. X509_ASN_ENCODING,
  351. NULL,
  352. &cbKeyInfo))
  353. {
  354. dwError = GetLastError();
  355. goto error;
  356. }
  357. pKeyInfo = (CERT_PUBLIC_KEY_INFO *)midl_user_allocate(cbKeyInfo);
  358. if(NULL == pKeyInfo)
  359. {
  360. dwError = ERROR_NOT_ENOUGH_MEMORY;
  361. goto error;
  362. }
  363. if(!CryptExportPublicKeyInfo(hCryptProv,
  364. AT_KEYEXCHANGE,
  365. X509_ASN_ENCODING,
  366. pKeyInfo,
  367. &cbKeyInfo))
  368. {
  369. dwError = GetLastError();
  370. goto error;
  372. }
  374. //
  375. // Generate the certificate name
  376. //
  378. if(!CryptEncodeObject(X509_ASN_ENCODING,
  379. X509_NAME,
  380. &NameInfo,
  381. NULL,
  382. &CertName.cbData))
  383. {
  384. dwError = GetLastError();
  385. goto error;
  386. }
  388. CertName.pbData = (PBYTE)midl_user_allocate(CertName.cbData);
  389. if(NULL == CertName.pbData)
  390. {
  391. dwError = ERROR_NOT_ENOUGH_MEMORY;
  392. goto error;
  393. }
  394. if(!CryptEncodeObject(X509_ASN_ENCODING,
  395. X509_NAME,
  396. &NameInfo,
  397. CertName.pbData,
  398. &CertName.cbData))
  399. {
  400. dwError = GetLastError();
  401. goto error;
  402. }
  406. CertInfo.dwVersion = CERT_V3;
  407. CertInfo.SerialNumber.pbData = (PBYTE)&GuidKey;
  408. CertInfo.SerialNumber.cbData = sizeof(GUID);
  409. CertInfo.SignatureAlgorithm.pszObjId = szOID_OIWSEC_sha1RSASign;
  410. CertInfo.SignatureAlgorithm.Parameters.cbData = 0;
  411. CertInfo.SignatureAlgorithm.Parameters.pbData = NULL;
  412. CertInfo.Issuer.pbData = CertName.pbData;
  413. CertInfo.Issuer.cbData = CertName.cbData;
  415. GetSystemTimeAsFileTime(&CertInfo.NotBefore);
  416. CertInfo.NotAfter = CertInfo.NotBefore;
  417. ((LARGE_INTEGER * )&CertInfo.NotAfter)->QuadPart +=
  418. Int32x32To64(FILETIME_TICKS_PER_SECOND, RECOVERYKEY_LIFETIME);
  422. CertInfo.Subject.pbData = CertName.pbData;
  423. CertInfo.Subject.cbData = CertName.cbData;
  424. CertInfo.SubjectPublicKeyInfo = *pKeyInfo;
  425. CertInfo.SubjectUniqueId.pbData = (PBYTE)pSid;
  426. CertInfo.SubjectUniqueId.cbData = GetLengthSid(pSid);
  427. CertInfo.SubjectUniqueId.cUnusedBits = 0;
  428. CertInfo.IssuerUniqueId.pbData = (PBYTE)pSid;
  429. CertInfo.IssuerUniqueId.cbData = GetLengthSid(pSid);
  430. CertInfo.IssuerUniqueId.cUnusedBits = 0;
  431. CertInfo.cExtension = 0;
  432. CertInfo.rgExtension = NULL;
  434. if(!CryptSignAndEncodeCertificate(hCryptProv,
  435. AT_KEYEXCHANGE,
  436. X509_ASN_ENCODING,
  437. X509_CERT_TO_BE_SIGNED,
  438. &CertInfo,
  439. &CertInfo.SignatureAlgorithm,
  440. NULL,
  441. NULL,
  442. &cbCertSize))
  443. {
  444. dwError = GetLastError();
  445. goto error;
  446. }
  448. pbCert = (PBYTE)midl_user_allocate(cbCertSize);
  449. if(NULL == pbCert)
  450. {
  451. dwError = ERROR_NOT_ENOUGH_MEMORY;
  452. goto error;
  453. }
  455. if(!CryptSignAndEncodeCertificate(hCryptProv,
  456. AT_KEYEXCHANGE,
  457. X509_ASN_ENCODING,
  458. X509_CERT_TO_BE_SIGNED,
  459. &CertInfo,
  460. &CertInfo.SignatureAlgorithm,
  461. NULL,
  462. pbCert,
  463. &cbCertSize))
  464. {
  465. dwError = GetLastError();
  466. goto error;
  467. }
  469. *pcbPublicExportLength = cbCertSize;
  471. *ppbPublicExportData = pbCert;
  473. // Double-check to make sure certificate is valid
  474. pCertContext = CertCreateCertificateContext(X509_ASN_ENCODING, pbCert, cbCertSize);
  475. if(pCertContext == NULL)
  476. {
  477. dwError = GetLastError();
  478. goto error;
  479. }
  480. else
  481. {
  482. CertFreeCertificateContext(pCertContext);
  483. }
  485. pbCert = NULL;
  487. error:
  488. if(pbCert)
  489. {
  490. midl_user_free(pbCert);
  491. }
  492. if(pKeyInfo)
  493. {
  494. midl_user_free(pKeyInfo);
  495. }
  496. if(CertName.pbData)
  497. {
  498. midl_user_free(CertName.pbData);
  499. }
  501. return dwError;
  502. }
  504. DWORD
  505. PRGenerateRecoveryKey(
  506. IN LPWSTR pszUsername,
  507. IN LPWSTR pszCurrentPassword,
  508. OUT PBYTE *ppbRecoveryPrivate,
  509. OUT DWORD *pcbRecoveryPrivate)
  510. {
  511. DWORD dwError = 0;
  512. HCRYPTPROV hProv = 0;
  513. HCRYPTKEY hKey = 0;
  514. DWORD dwDefaultKeySize = 2048;
  515. DWORD cbPrivateExportLength = 0;
  516. DWORD cbPublic = 0;
  517. PBYTE pbPublic = NULL;
  518. PBYTE pbRecoveryPrivate = NULL;
  519. DWORD cbRecoveryPrivate = 0;
  520. PSID pSid = NULL;
  521. DWORD cbSid;
  522. WCHAR szDomain[MAX_COMPUTERNAME_LENGTH + 1];
  523. DWORD cchDomain;
  524. SID_NAME_USE AcctType;
  527. //
  528. // Obtain SID of current user.
  529. //
  531. cchDomain = MAX_COMPUTERNAME_LENGTH + 1;
  532. if(!GetComputerNameW(szDomain, &cchDomain))
  533. {
  534. dwError = GetLastError();
  535. goto error;
  536. }
  538. if(!LookupAccountNameW(szDomain,
  539. pszUsername,
  540. NULL,
  541. &cbSid,
  542. NULL,
  543. &cchDomain,
  544. &AcctType))
  545. {
  546. dwError = GetLastError();
  548. if(dwError != ERROR_INSUFFICIENT_BUFFER)
  549. {
  550. goto error;
  551. }
  552. }
  554. pSid = (PBYTE)LocalAlloc(LPTR, cbSid);
  555. if(pSid == NULL)
  556. {
  557. dwError = ERROR_NOT_ENOUGH_MEMORY;
  558. goto error;
  559. }
  561. if(cchDomain > MAX_COMPUTERNAME_LENGTH + 1)
  562. {
  563. dwError = ERROR_NOT_ENOUGH_MEMORY;
  564. goto error;
  565. }
  567. if(!LookupAccountNameW(szDomain,
  568. pszUsername,
  569. pSid,
  570. &cbSid,
  571. szDomain,
  572. &cchDomain,
  573. &AcctType))
  574. {
  575. dwError = GetLastError();
  576. goto error;
  577. }
  580. //
  581. // Create recovery private key.
  582. //
  584. if(!CryptAcquireContext(&hProv,
  585. NULL,
  586. MS_STRONG_PROV,
  587. PROV_RSA_FULL,
  588. CRYPT_VERIFYCONTEXT))
  589. {
  590. dwError = GetLastError();
  591. goto error;
  592. }
  594. if(!CryptGenKey(hProv,
  595. AT_KEYEXCHANGE,
  596. CRYPT_EXPORTABLE | (dwDefaultKeySize << 16),
  597. &hKey))
  598. {
  599. dwError = GetLastError();
  600. goto error;
  601. }
  603. dwError = GenerateRecoveryCert(hProv,
  604. hKey,
  605. pszUsername,
  606. pSid,
  607. &pbPublic,
  608. &cbPublic);
  610. if(ERROR_SUCCESS != dwError)
  611. {
  612. goto error;
  613. }
  616. //
  617. // Get the private key size
  618. //
  620. if(!CryptExportKey(hKey,
  621. NULL,
  622. PRIVATEKEYBLOB,
  623. 0,
  624. NULL,
  625. &cbPrivateExportLength))
  626. {
  627. dwError = GetLastError();
  628. goto error;
  629. }
  630. cbRecoveryPrivate = 2*sizeof(DWORD) + cbPrivateExportLength;
  632. pbRecoveryPrivate = (PBYTE)LocalAlloc(LMEM_FIXED, cbRecoveryPrivate);
  633. if(NULL == pbRecoveryPrivate)
  634. {
  635. dwError = ERROR_NOT_ENOUGH_MEMORY;
  636. goto error;
  637. }
  640. *(DWORD *)pbRecoveryPrivate = RECOVERY_BLOB_MAGIC;
  641. *(DWORD *)(pbRecoveryPrivate + sizeof(DWORD)) = RECOVERY_BLOB_VERSION;
  644. //
  645. // Export the private key
  646. //
  648. if(!CryptExportKey(hKey,
  649. NULL,
  650. PRIVATEKEYBLOB,
  651. 0,
  652. pbRecoveryPrivate + 2*sizeof(DWORD),
  653. &cbPrivateExportLength))
  654. {
  655. dwError = GetLastError();
  656. goto error;
  657. }
  659. dwError = PRImportRecoveryKey(
  660. pszUsername,
  661. pszCurrentPassword,
  662. pbPublic,
  663. cbPublic);
  665. if(ERROR_SUCCESS != dwError)
  666. {
  667. goto error;
  668. }
  670. *ppbRecoveryPrivate = pbRecoveryPrivate;
  671. *pcbRecoveryPrivate = cbRecoveryPrivate;
  673. pbRecoveryPrivate = NULL;
  676. error:
  678. if(pbRecoveryPrivate)
  679. {
  680. RtlSecureZeroMemory(pbRecoveryPrivate, cbRecoveryPrivate);
  681. LocalFree(pbRecoveryPrivate);
  682. }
  684. if(pbPublic)
  685. {
  686. LocalFree(pbPublic);
  687. }
  689. if(hKey)
  690. {
  691. CryptDestroyKey(hKey);
  692. }
  693. if(hProv)
  694. {
  695. CryptReleaseContext(hProv, 0);
  696. }
  698. if(pSid)
  699. {
  700. LocalFree(pSid);
  701. }
  703. return dwError;
  704. }