archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 827363a95b
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '827363a95b'
${ noResults }
windows-server-2003/ds/security/services/smartcrd/sclogon2/sclogon2.cpp

1762 lines
49 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (C) Microsoft Corporation, 1996 - 1999
  5. Module Name:
  7. ScLogon2
  9. Abstract:
  13. Author:
  15. reidk
  17. Environment:
  19. Win32, C++ w/ Exceptions
  21. --*/
  23. /////////////////////////////////////////////////////////////////////////////
  24. //
  25. // Includes
  27. #if !defined(_X86_) && !defined(_AMD64_) && !defined(_IA64_)
  28. #define _X86_ 1
  29. #endif
  30. #ifndef _WIN32_WINNT
  31. #define _WIN32_WINNT 0x0400
  32. #ifndef UNICODE
  33. #define UNICODE
  34. #endif
  35. #endif
  36. #ifndef WIN32_LEAN_AND_MEAN
  37. #define WIN32_LEAN_AND_MEAN 1
  38. #endif
  41. extern "C" {
  42. #include <nt.h>
  43. #include <ntrtl.h>
  44. #include <nturtl.h>
  45. #include <ntlsa.h>
  46. }
  48. #include <windows.h>
  49. #include <winscard.h>
  50. #include <wincrypt.h>
  51. #include <softpub.h>
  52. #include <stddef.h>
  53. #include <crtdbg.h>
  54. #include "sclogon.h"
  55. #include "sclogon2.h"
  56. #include "unicodes.h"
  57. #include <stdlib.h>
  58. #include <stdio.h>
  59. #include <time.h>
  60. #include <tchar.h>
  62. #include "sclgnrpc.h"
  65. typedef struct _KERB_PUBLIC_KEY_HPROV {
  66. RPC_BINDING_HANDLE hRPCBinding;
  67. BINDING_CONTEXT hCertAndKey;
  68. } KERB_PUBLIC_KEY_HPROV, *PKERB_PUBLIC_KEY_HPROV;
  71. //
  72. // from secpkg.h
  73. //
  74. typedef NTSTATUS (NTAPI LSA_IMPERSONATE_CLIENT) (VOID);
  75. typedef LSA_IMPERSONATE_CLIENT * PLSA_IMPERSONATE_CLIENT;
  78. bool
  79. GetImpersonationToken(HANDLE *phThreadToken)
  80. {
  81. bool ret = false;
  83. //
  84. // This will fail if not impersonating.
  85. //
  86. if (OpenThreadToken(
  87. GetCurrentThread(),
  88. TOKEN_IMPERSONATE | TOKEN_QUERY,
  89. TRUE,
  90. phThreadToken))
  91. {
  92. ret = true;
  93. }
  94. else if (GetLastError() == ERROR_NO_TOKEN)
  95. {
  96. ret = true;
  97. }
  98. else
  99. {
  100. DbgPrint("OpenThreadToken failed - %lx\n", GetLastError());
  101. }
  103. return (ret);
  104. }
  106. DWORD
  107. GetTSSessionID(HANDLE hThreadToken)
  108. {
  109. bool fRet = false;
  110. PLIST_ENTRY Module;
  111. PLDR_DATA_TABLE_ENTRY Entry;
  112. BOOL fRunningInLsa = false;
  113. HMODULE hLsa = NULL;
  114. PLSA_IMPERSONATE_CLIENT pLsaImpersonateClient = NULL;
  115. bool bImpersonating = false;
  116. HANDLE hLocalThreadToken = INVALID_HANDLE_VALUE;
  117. DWORD dwTSSessionID = 0;
  118. DWORD dwSize;
  119. bool fAlreadyImpersonating;
  121. //
  122. // Make sure we are running in LSA
  123. //
  124. Module = NtCurrentPeb()->Ldr->InLoadOrderModuleList.Flink;
  125. Entry = CONTAINING_RECORD(Module,
  126. LDR_DATA_TABLE_ENTRY,
  127. InLoadOrderLinks);
  129. fRunningInLsa = (0 == _wcsicmp(Entry->BaseDllName.Buffer, L"lsass.exe"));
  131. if (!fRunningInLsa)
  132. {
  133. return (0);
  134. }
  136. //
  137. // Check to see if we are already impersonating by checking the thread token passed in
  138. //
  139. if(hThreadToken == INVALID_HANDLE_VALUE)
  140. {
  141. //
  142. // If we aren't already impernonating, then we need to call the special LssImpersonateClient
  143. //
  144. hLsa = GetModuleHandleW(L"lsasrv.dll");
  145. if (hLsa == NULL)
  146. {
  147. DbgPrint("failed to get lsa module handle\n");
  148. goto Return;
  149. }
  151. pLsaImpersonateClient = (PLSA_IMPERSONATE_CLIENT) GetProcAddress(hLsa, "LsaIImpersonateClient");
  152. if (pLsaImpersonateClient == NULL)
  153. {
  154. DbgPrint("failed to get proc address\n");
  155. goto Return;
  156. }
  158. if (pLsaImpersonateClient() != STATUS_SUCCESS)
  159. {
  160. DbgPrint("failed to impersonate\n");
  161. goto Return;
  162. }
  163. bImpersonating = true;
  165. if (!OpenThreadToken(
  166. GetCurrentThread(),
  167. TOKEN_QUERY,
  168. FALSE,
  169. &hLocalThreadToken))
  170. {
  171. DbgPrint("OpenThreadToken failed\n");
  172. goto Return;
  173. }
  174. }
  176. //
  177. // see if the calling thread token has a TS session ID...
  178. // if so, then we are being called on behalf of a process in a TS session
  179. //
  180. if (!GetTokenInformation(
  181. (hThreadToken == INVALID_HANDLE_VALUE) ? hLocalThreadToken : hThreadToken,
  182. TokenSessionId,
  183. &dwTSSessionID,
  184. sizeof(dwTSSessionID),
  185. &dwSize))
  186. {
  187. DbgPrint("GetTokenInformation failed\n");
  188. }
  190. Return:
  192. if (hLocalThreadToken != INVALID_HANDLE_VALUE)
  193. {
  194. CloseHandle(hLocalThreadToken);
  195. }
  197. if (bImpersonating)
  198. {
  199. RevertToSelf();
  200. }
  202. return (dwTSSessionID);
  203. }
  205. void
  206. _TeardownRPCConnection(
  207. RPC_BINDING_HANDLE *phRPCBinding)
  208. {
  209. __try
  210. {
  211. RpcBindingFree(phRPCBinding);
  212. }
  213. __except (EXCEPTION_EXECUTE_HANDLER)
  214. {
  215. DbgPrint("Exception occurred during RpcBindingFree - %lx\n", _exception_code());
  216. }
  217. }
  220. NTSTATUS
  221. _SetupRPCConnection(
  222. RPC_BINDING_HANDLE *phRPCBinding,
  223. HANDLE hThreadToken)
  224. {
  225. LPWSTR pStringBinding = NULL;
  226. NTSTATUS status = STATUS_SUCCESS;
  227. RPC_STATUS rpcStatus = RPC_S_OK;
  228. DWORD dwTSSessionID = 0;
  229. WCHAR wszLocalEndpoint[256];
  230. LPWSTR pwszLocalEndpoint = NULL;
  231. RPC_SECURITY_QOS RpcSecurityQOS;
  232. SID_IDENTIFIER_AUTHORITY SIDAuth = SECURITY_NT_AUTHORITY;
  233. PSID pSID = NULL;
  234. WCHAR szName[64]; // SYSTEM
  235. DWORD cbName = 64;
  236. WCHAR szDomainName[256]; // max domain is 255
  237. DWORD cbDomainName = 256;
  238. SID_NAME_USE Use;
  240. //
  241. // Get the ID of the winlogon RPC server to connect to
  242. //
  243. dwTSSessionID = GetTSSessionID(hThreadToken);
  245. if (dwTSSessionID != 0)
  246. {
  247. wsprintfW(
  248. wszLocalEndpoint,
  249. SZ_ENDPOINT_NAME_FORMAT,
  250. SCLOGONRPC_LOCAL_ENDPOINT,
  251. dwTSSessionID);
  253. pwszLocalEndpoint = wszLocalEndpoint;
  254. }
  255. else
  256. {
  257. pwszLocalEndpoint = SCLOGONRPC_LOCAL_ENDPOINT;
  258. }
  260. //
  261. // get a binding handle
  262. //
  263. if (RPC_S_OK != (rpcStatus = RpcStringBindingComposeW(
  264. NULL,
  265. SCLOGONRPC_LOCAL_PROT_SEQ,
  266. NULL, //LPC - no machine name
  267. pwszLocalEndpoint,
  268. 0,
  269. &pStringBinding)))
  270. {
  271. DbgPrint("RpcStringBindingComposeW failed\n");
  273. status = I_RpcMapWin32Status(rpcStatus);
  274. //
  275. // if I_RpcMapWin32Status() can't map the error code it returns
  276. // the same error back, so check for that
  277. //
  278. if (status == rpcStatus)
  279. {
  280. status = STATUS_SMARTCARD_SUBSYSTEM_FAILURE;
  281. }
  282. goto Return;
  283. }
  285. if (RPC_S_OK != (rpcStatus = RpcBindingFromStringBindingW(
  286. pStringBinding,
  287. phRPCBinding)))
  288. {
  289. DbgPrint("RpcBindingFromStringBindingW failed\n");
  290. status = I_RpcMapWin32Status(rpcStatus);
  291. //
  292. // if I_RpcMapWin32Status() can't map the error code it returns
  293. // the same error back, so check for that
  294. //
  295. if (status == rpcStatus)
  296. {
  297. status = STATUS_SMARTCARD_SUBSYSTEM_FAILURE;
  298. }
  299. goto Return;
  300. }
  302. if (RPC_S_OK != (rpcStatus = RpcEpResolveBinding(
  303. *phRPCBinding,
  304. IRPCSCLogon_v1_0_c_ifspec)))
  305. {
  306. DbgPrint("RpcEpResolveBinding failed\n");
  307. status = I_RpcMapWin32Status(rpcStatus);
  308. //
  309. // if I_RpcMapWin32Status() can't map the error code it returns
  310. // the same error back, so check for that
  311. //
  312. if (status == rpcStatus)
  313. {
  314. status = STATUS_SMARTCARD_SUBSYSTEM_FAILURE;
  315. }
  316. _TeardownRPCConnection(phRPCBinding);
  317. goto Return;
  318. }
  320. //
  321. // Set the autorization so that we will only call a Local System process
  322. //
  323. memset(&RpcSecurityQOS, 0, sizeof(RpcSecurityQOS));
  324. RpcSecurityQOS.Version = RPC_C_SECURITY_QOS_VERSION;
  325. RpcSecurityQOS.Capabilities = RPC_C_QOS_CAPABILITIES_MUTUAL_AUTH;
  326. RpcSecurityQOS.IdentityTracking = RPC_C_QOS_IDENTITY_STATIC;
  327. RpcSecurityQOS.ImpersonationType = RPC_C_IMP_LEVEL_DELEGATE;
  329. if (AllocateAndInitializeSid(&SIDAuth, 1,
  330. SECURITY_LOCAL_SYSTEM_RID,
  331. 0, 0, 0, 0, 0, 0, 0,
  332. &pSID) == 0)
  333. {
  334. DbgPrint("AllocateAndInitializeSid failed\n");
  335. status = STATUS_SMARTCARD_SUBSYSTEM_FAILURE;
  336. goto Return;
  337. }
  339. if (LookupAccountSid(NULL,
  340. pSID,
  341. szName,
  342. &cbName,
  343. szDomainName,
  344. &cbDomainName,
  345. &Use) == 0)
  346. {
  347. DbgPrint("LookupAccountSid failed\n");
  348. status = STATUS_SMARTCARD_SUBSYSTEM_FAILURE;
  349. goto Return;
  350. }
  352. if (RPC_S_OK != (rpcStatus = RpcBindingSetAuthInfoEx(
  353. *phRPCBinding,
  354. szName,
  355. RPC_C_AUTHN_LEVEL_PKT_PRIVACY,
  356. RPC_C_AUTHN_WINNT,
  357. NULL,
  358. 0,
  359. &RpcSecurityQOS)))
  360. {
  361. DbgPrint("RpcBindingSetAuthInfoEx failed\n");
  362. status = I_RpcMapWin32Status(rpcStatus);
  363. goto Return;
  364. }
  366. Return:
  367. if (pStringBinding != NULL)
  368. {
  369. RpcStringFreeW(&pStringBinding);
  370. }
  372. if (pSID != NULL)
  373. {
  374. FreeSid( pSID );
  375. }
  377. return (status);
  378. }
  381. typedef struct _SCLOGON_PIPE
  382. {
  383. RPC_BINDING_HANDLE hRPCBinding;
  384. BINDING_CONTEXT BindingContext;
  385. } SCLOGON_PIPE;
  388. ///////////////////////////////////////////////////////////////////////////////
  389. //
  390. // ScLogon APIs
  391. //
  394. //***************************************************************************************
  395. //
  396. // __ScHelperInitializeContext:
  397. //
  398. //***************************************************************************************
  399. NTSTATUS WINAPI
  400. __ScHelperInitializeContext(
  401. IN OUT PBYTE pbLogonInfo,
  402. IN ULONG cbLogonInfo
  403. )
  404. {
  405. SCLOGON_PIPE *pSCLogonPipe;
  406. NTSTATUS status = STATUS_SUCCESS;
  407. BOOL fRPCBindingInitialized = FALSE;
  408. LogonInfo *pLI = (LogonInfo *)pbLogonInfo;
  410. if ((cbLogonInfo < sizeof(ULONG)) ||
  411. (cbLogonInfo != pLI->dwLogonInfoLen))
  412. {
  413. return(STATUS_INVALID_PARAMETER);
  414. }
  416. pLI->ContextInformation = malloc(sizeof(SCLOGON_PIPE));
  417. if (pLI->ContextInformation == NULL)
  418. {
  419. return(STATUS_INSUFFICIENT_RESOURCES);
  420. }
  422. pSCLogonPipe = (SCLOGON_PIPE *) pLI->ContextInformation;
  424. status = _SetupRPCConnection(&(pSCLogonPipe->hRPCBinding), INVALID_HANDLE_VALUE);
  425. if (!NT_SUCCESS(status))
  426. {
  427. goto ErrorReturn;
  428. }
  429. fRPCBindingInitialized = TRUE;
  431. pSCLogonPipe->BindingContext = NULL;
  433. __try
  434. {
  435. status = RPC_ScHelperInitializeContext(
  436. pSCLogonPipe->hRPCBinding,
  437. cbLogonInfo,
  438. pbLogonInfo,
  439. &(pSCLogonPipe->BindingContext));
  440. }
  441. __except (EXCEPTION_EXECUTE_HANDLER)
  442. {
  443. status = STATUS_SMARTCARD_SUBSYSTEM_FAILURE;
  444. DbgPrint("Exception occurred during RPC_ScHelperInitializeContext - %lx\n", _exception_code());
  445. }
  447. if (!NT_SUCCESS(status))
  448. {
  449. DbgPrint("RPC_ScHelperInitializeContext failed - %lx\n", status);
  450. goto ErrorReturn;
  451. }
  453. Return:
  455. return (status);
  457. ErrorReturn:
  459. if (pSCLogonPipe != NULL)
  460. {
  461. if (fRPCBindingInitialized)
  462. {
  463. _TeardownRPCConnection(&(pSCLogonPipe->hRPCBinding));
  464. }
  466. free(pSCLogonPipe);
  467. }
  469. goto Return;
  470. }
  473. //***************************************************************************************
  474. //
  475. // __ScHelperRelease:
  476. //
  477. //***************************************************************************************
  478. VOID WINAPI
  479. __ScHelperRelease(
  480. IN OUT PBYTE pbLogonInfo
  481. )
  482. {
  483. _ASSERTE(NULL != pbLogonInfo);
  484. LogonInfo *pLI = (LogonInfo *)pbLogonInfo;
  485. SCLOGON_PIPE * pSCLogonPipe = (SCLOGON_PIPE *) pLI->ContextInformation;
  486. BOOL fReleaseFailed = TRUE;
  488. if (pSCLogonPipe != NULL)
  489. {
  490. __try
  491. {
  492. RPC_ScHelperRelease(
  493. pSCLogonPipe->hRPCBinding,
  494. &(pSCLogonPipe->BindingContext));
  496. fReleaseFailed = FALSE;
  497. }
  498. __except (EXCEPTION_EXECUTE_HANDLER)
  499. {
  500. DbgPrint("Exception occurred during RPC_ScHelperRelease - %lx\n", _exception_code());
  501. }
  503. //
  504. // RPC_ScHelperRelease will throw an exception if the winlogon process it is trying
  505. // to talk to has gone away. If that is the case, then we need to manually free
  506. // the BINDING_CONTEXT since it won't get free'd by RPC.
  507. //
  508. // NOTE: RPC will free the BINDING_CONTEXT when the server sets it to NULL, which
  509. // does happen if the RPC_ScHelperRelease function executes
  510. //
  511. if (fReleaseFailed)
  512. {
  513. __try
  514. {
  515. RpcSsDestroyClientContext(&(pSCLogonPipe->BindingContext));
  516. }
  517. __except (EXCEPTION_EXECUTE_HANDLER)
  518. {
  519. DbgPrint("Exception occurred during RpcSsDestroyClientContext - %lx\n", _exception_code());
  520. }
  521. }
  523. _TeardownRPCConnection(&(pSCLogonPipe->hRPCBinding));
  525. free(pSCLogonPipe);
  526. pLI->ContextInformation = NULL;
  527. }
  528. }
  531. //***************************************************************************************
  532. //
  533. // __ScHelperGetCertFromLogonInfo:
  534. //
  535. //***************************************************************************************
  536. NTSTATUS WINAPI
  537. __ScHelperGetCertFromLogonInfo(
  538. IN PBYTE pbLogonInfo,
  539. IN PUNICODE_STRING pucPIN,
  540. OUT PCCERT_CONTEXT *CertificateContext
  541. )
  542. {
  543. _ASSERTE(NULL != pbLogonInfo);
  545. LogonInfo *pLI = (LogonInfo *)pbLogonInfo;
  546. SCLOGON_PIPE *pSCLogonPipe = (SCLOGON_PIPE *) pLI->ContextInformation;
  547. NTSTATUS status = STATUS_SUCCESS;
  548. PCCERT_CONTEXT pCertCtx = NULL;
  549. OUT_BUFFER1 CertBytes;
  550. CUnicodeString szPIN(pucPIN);
  552. memset(&CertBytes, 0, sizeof(CertBytes));
  554. //
  555. // Make sure pin got initialized correctly in constructor
  556. //
  557. if (NULL != pucPIN)
  558. {
  559. if (!szPIN.Valid())
  560. {
  561. status = STATUS_INSUFFICIENT_RESOURCES;
  562. goto Return;
  563. }
  564. }
  566. //
  567. // Make the call
  568. //
  569. __try
  570. {
  571. status = RPC_ScHelperGetCertFromLogonInfo(
  572. pSCLogonPipe->hRPCBinding,
  573. pSCLogonPipe->BindingContext,
  574. (LPCWSTR)szPIN,
  575. &CertBytes);
  576. }
  577. __except (EXCEPTION_EXECUTE_HANDLER)
  578. {
  579. status = STATUS_SMARTCARD_SUBSYSTEM_FAILURE;
  580. DbgPrint("Exception occurred during RPC_ScHelperGetCertFromLogonInfo - %lx\n", _exception_code());
  581. }
  583. if (!NT_SUCCESS(status))
  584. {
  585. DbgPrint("RPC_ScHelperGetCertFromLogonInfo failed - %lx\n", status);
  586. goto Return;
  587. }
  589. //
  590. // Create the return CertContext based on the bytes returned
  591. //
  592. pCertCtx = CertCreateCertificateContext(
  593. X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
  594. CertBytes.pb,
  595. CertBytes.cb);
  596. if (pCertCtx == NULL)
  597. {
  598. status = STATUS_SMARTCARD_SUBSYSTEM_FAILURE;
  599. }
  601. Return:
  603. if (CertBytes.pb != NULL)
  604. {
  605. MIDL_user_free(CertBytes.pb);
  606. }
  608. *CertificateContext = pCertCtx;
  610. return (status);
  611. }
  614. //***************************************************************************************
  615. //
  616. // __ScHelperGetProvParam:
  617. //
  618. //***************************************************************************************
  619. NTSTATUS WINAPI
  620. __ScHelperGetProvParam(
  621. IN PUNICODE_STRING pucPIN,
  622. IN PBYTE pbLogonInfo,
  623. IN ULONG_PTR KerbHProv,
  624. DWORD dwParam,
  625. BYTE *pbData,
  626. DWORD *pdwDataLen,
  627. DWORD dwFlags
  628. )
  629. {
  630. _ASSERTE(NULL != pbLogonInfo);
  632. LogonInfo *pLI;
  633. SCLOGON_PIPE *pSCLogonPipe;
  634. NTSTATUS status = STATUS_SUCCESS;
  635. CUnicodeString szPIN(pucPIN);
  636. OUT_BUFFER1 Data;
  637. PKERB_PUBLIC_KEY_HPROV pKerbHProv;
  638. handle_t hRPCBinding;
  639. BINDING_CONTEXT BindingContext;
  640. BOOL fBindingIsCertAndKey = FALSE;
  642. //
  643. // Decide which rpc binding to use
  644. //
  645. if (KerbHProv != NULL)
  646. {
  647. pKerbHProv = (PKERB_PUBLIC_KEY_HPROV) KerbHProv;
  648. hRPCBinding = pKerbHProv->hRPCBinding;
  649. BindingContext = pKerbHProv->hCertAndKey;
  650. fBindingIsCertAndKey = TRUE;
  651. }
  652. else
  653. {
  654. pLI = (LogonInfo *)pbLogonInfo;
  655. pSCLogonPipe = (SCLOGON_PIPE *) pLI->ContextInformation;
  656. hRPCBinding = pSCLogonPipe->hRPCBinding;
  657. BindingContext = pSCLogonPipe->BindingContext;
  658. }
  660. memset(&Data, 0, sizeof(Data));
  662. //
  663. // Make sure pin got initialized correctly in constructor
  664. //
  665. if (NULL != pucPIN)
  666. {
  667. if (!szPIN.Valid())
  668. {
  669. status = STATUS_INSUFFICIENT_RESOURCES;
  670. goto Return;
  671. }
  672. }
  674. //
  675. // Make the call
  676. //
  677. __try
  678. {
  679. status = RPC_ScHelperGetProvParam(
  680. hRPCBinding,
  681. BindingContext,
  682. (LPCWSTR)szPIN,
  683. fBindingIsCertAndKey,
  684. dwParam,
  685. pdwDataLen,
  686. &Data,
  687. dwFlags);
  688. }
  689. __except (EXCEPTION_EXECUTE_HANDLER)
  690. {
  691. if ((_exception_code() == RPC_S_CALL_FAILED_DNE) ||
  692. (_exception_code() == RPC_S_SERVER_UNAVAILABLE))
  693. {
  694. // Special case to trigger the balloon when the session
  695. // went away (transfer of credentials case)
  696. status = STATUS_SMARTCARD_CARD_NOT_AUTHENTICATED;
  697. }
  698. else
  699. {
  700. status = STATUS_SMARTCARD_SUBSYSTEM_FAILURE;
  701. }
  702. DbgPrint("Exception occurred during RPC_ScHelperGetProvParam - %lx\n", _exception_code());
  703. }
  705. if (!NT_SUCCESS(status))
  706. {
  707. DbgPrint("RPC_ScHelperGetProvParam failed - %lx\n", status);
  708. goto Return;
  709. }
  711. //
  712. // if Data.cb is not 0, then the called is getting back data
  713. //
  714. if (Data.cb != 0)
  715. {
  716. memcpy(pbData, Data.pb, Data.cb);
  717. }
  719. Return:
  721. if (Data.pb != NULL)
  722. {
  723. MIDL_user_free(Data.pb);
  724. }
  726. return (status);
  727. }
  730. //***************************************************************************************
  731. //
  732. // __ScHelperGenRandBits:
  733. //
  734. //***************************************************************************************
  735. NTSTATUS WINAPI
  736. __ScHelperGenRandBits(
  737. IN PBYTE pbLogonInfo,
  738. IN OUT ScHelper_RandomCredBits* psc_rcb
  739. )
  740. {
  741. _ASSERTE(NULL != pbLogonInfo);
  743. NTSTATUS status = STATUS_SUCCESS;
  744. LogonInfo *pLI = (LogonInfo *)pbLogonInfo;
  745. SCLOGON_PIPE *pSCLogonPipe = (SCLOGON_PIPE *) pLI->ContextInformation;
  747. __try
  748. {
  749. status = RPC_ScHelperGenRandBits(
  750. pSCLogonPipe->hRPCBinding,
  751. pSCLogonPipe->BindingContext,
  752. psc_rcb->bR1,
  753. psc_rcb->bR2);
  754. }
  755. __except (EXCEPTION_EXECUTE_HANDLER)
  756. {
  757. status = STATUS_SMARTCARD_SUBSYSTEM_FAILURE;
  758. DbgPrint("Exception occurred during RPC_ScHelperGenRandBits - %lx\n", _exception_code());
  759. }
  761. return (status);
  762. }
  765. //***************************************************************************************
  766. //
  767. // __ScHelperVerifyCardAndCreds:
  768. //
  769. //***************************************************************************************
  770. NTSTATUS WINAPI
  771. __ScHelperVerifyCardAndCreds(
  772. IN PUNICODE_STRING pucPIN,
  773. IN PCCERT_CONTEXT CertificateContext,
  774. IN PBYTE pbLogonInfo,
  775. IN PBYTE EncryptedData,
  776. IN ULONG EncryptedDataSize,
  777. OUT OPTIONAL PBYTE CleartextData,
  778. OUT PULONG CleartextDataSize
  779. )
  780. {
  781. _ASSERTE(NULL != pbLogonInfo);
  783. LogonInfo *pLI = (LogonInfo *)pbLogonInfo;
  784. SCLOGON_PIPE *pSCLogonPipe = (SCLOGON_PIPE *) pLI->ContextInformation;
  785. NTSTATUS status = STATUS_SUCCESS;
  786. CUnicodeString szPIN(pucPIN);
  787. OUT_BUFFER2 CleartextDataBuffer;
  789. memset(&CleartextDataBuffer, 0, sizeof(CleartextDataBuffer));
  791. //
  792. // Make sure pin got initialized correctly in constructor
  793. //
  794. if (NULL != pucPIN)
  795. {
  796. if (!szPIN.Valid())
  797. {
  798. status = STATUS_INSUFFICIENT_RESOURCES;
  799. goto Return;
  800. }
  801. }
  803. //
  804. // Make the call
  805. //
  806. __try
  807. {
  808. status = RPC_ScHelperVerifyCardAndCreds(
  809. pSCLogonPipe->hRPCBinding,
  810. pSCLogonPipe->BindingContext,
  811. (LPCWSTR)szPIN,
  812. EncryptedDataSize,
  813. EncryptedData,
  814. CleartextDataSize,
  815. &CleartextDataBuffer);
  816. }
  817. __except (EXCEPTION_EXECUTE_HANDLER)
  818. {
  819. status = STATUS_SMARTCARD_SUBSYSTEM_FAILURE;
  820. DbgPrint("Exception occurred during RPC_ScHelperVerifyCardAndCreds - %lx\n", _exception_code());
  821. }
  823. if (!NT_SUCCESS(status))
  824. {
  825. DbgPrint("RPC_ScHelperVerifyCardAndCreds failed - %lx\n", status);
  826. goto Return;
  827. }
  829. //
  830. // if CleartextData.cb is not 0, then the called is getting back data
  831. //
  832. if (CleartextDataBuffer.cb != 0)
  833. {
  834. memcpy(CleartextData, CleartextDataBuffer.pb, CleartextDataBuffer.cb);
  835. }
  837. Return:
  839. if (CleartextDataBuffer.pb != NULL)
  840. {
  841. MIDL_user_free(CleartextDataBuffer.pb);
  842. }
  844. return (status);
  845. }
  848. //***************************************************************************************
  849. //
  850. // __ScHelperEncryptCredentials:
  851. //
  852. //***************************************************************************************
  853. NTSTATUS WINAPI
  854. __ScHelperEncryptCredentials(
  855. IN PUNICODE_STRING pucPIN,
  856. IN PCCERT_CONTEXT CertificateContext,
  857. IN ScHelper_RandomCredBits* psch_rcb,
  858. IN PBYTE pbLogonInfo,
  859. IN PBYTE CleartextData,
  860. IN ULONG CleartextDataSize,
  861. OUT OPTIONAL PBYTE EncryptedData,
  862. OUT PULONG EncryptedDataSize)
  863. {
  864. _ASSERTE(NULL != pbLogonInfo);
  866. LogonInfo *pLI = (LogonInfo *)pbLogonInfo;
  867. SCLOGON_PIPE *pSCLogonPipe = (SCLOGON_PIPE *) pLI->ContextInformation;
  868. NTSTATUS status = STATUS_SUCCESS;
  869. CUnicodeString szPIN(pucPIN);
  870. OUT_BUFFER2 EncryptedDataBuffer;
  872. memset(&EncryptedDataBuffer, 0, sizeof(EncryptedDataBuffer));
  874. //
  875. // Make sure pin got initialized correctly in constructor
  876. //
  877. if (NULL != pucPIN)
  878. {
  879. if (!szPIN.Valid())
  880. {
  881. status = STATUS_INSUFFICIENT_RESOURCES;
  882. goto Return;
  883. }
  884. }
  886. //
  887. // Make the call
  888. //
  889. __try
  890. {
  891. status = RPC_ScHelperEncryptCredentials(
  892. pSCLogonPipe->hRPCBinding,
  893. pSCLogonPipe->BindingContext,
  894. (LPCWSTR)szPIN,
  895. psch_rcb->bR1,
  896. psch_rcb->bR2,
  897. CleartextDataSize,
  898. CleartextData,
  899. EncryptedDataSize,
  900. &EncryptedDataBuffer);
  901. }
  902. __except (EXCEPTION_EXECUTE_HANDLER)
  903. {
  904. status = STATUS_SMARTCARD_SUBSYSTEM_FAILURE;
  905. DbgPrint("Exception occurred during RPC_ScHelperEncryptCredentials - %lx\n", _exception_code());
  906. }
  908. if (!NT_SUCCESS(status))
  909. {
  910. if (status != STATUS_BUFFER_TOO_SMALL)
  911. {
  912. DbgPrint("RPC_ScHelperEncryptCredentials failed - %lx\n", status);
  913. }
  914. goto Return;
  915. }
  917. //
  918. // if EncryptedDataBuffer.cb is not 0, then the called is getting back data
  919. //
  920. if (EncryptedDataBuffer.cb != 0)
  921. {
  922. memcpy(EncryptedData, EncryptedDataBuffer.pb, EncryptedDataBuffer.cb);
  923. }
  925. Return:
  927. if (EncryptedDataBuffer.pb != NULL)
  928. {
  929. MIDL_user_free(EncryptedDataBuffer.pb);
  930. }
  932. return (status);
  933. }
  936. //***************************************************************************************
  937. //
  938. // __ScHelperSignMessage:
  939. //
  940. //***************************************************************************************
  941. NTSTATUS WINAPI
  942. __ScHelperSignMessage(
  943. IN PUNICODE_STRING pucPIN,
  944. IN OPTIONAL PBYTE pbLogonInfo,
  945. IN OPTIONAL ULONG_PTR KerbHProv,
  946. IN ULONG Algorithm,
  947. IN PBYTE Buffer,
  948. IN ULONG BufferLength,
  949. OUT PBYTE Signature,
  950. OUT PULONG SignatureLength
  951. )
  952. {
  953. LogonInfo *pLI;
  954. SCLOGON_PIPE *pSCLogonPipe;
  955. NTSTATUS status = STATUS_SUCCESS;
  956. CUnicodeString szPIN(pucPIN);
  957. OUT_BUFFER2 SignatureBuffer;
  958. PKERB_PUBLIC_KEY_HPROV pKerbHProv;
  959. handle_t hRPCBinding;
  960. BINDING_CONTEXT BindingContext;
  961. BOOL fBindingIsCertAndKey = FALSE;
  963. //
  964. // Decide which rpc binding to use
  965. //
  966. if (KerbHProv != NULL)
  967. {
  968. pKerbHProv = (PKERB_PUBLIC_KEY_HPROV) KerbHProv;
  969. hRPCBinding = pKerbHProv->hRPCBinding;
  970. BindingContext = pKerbHProv->hCertAndKey;
  971. fBindingIsCertAndKey = TRUE;
  972. }
  973. else
  974. {
  975. pLI = (LogonInfo *)pbLogonInfo;
  976. pSCLogonPipe = (SCLOGON_PIPE *) pLI->ContextInformation;
  977. hRPCBinding = pSCLogonPipe->hRPCBinding;
  978. BindingContext = pSCLogonPipe->BindingContext;
  979. }
  981. memset(&SignatureBuffer, 0, sizeof(SignatureBuffer));
  983. //
  984. // Make sure pin got initialized correctly in constructor
  985. //
  986. if (NULL != pucPIN)
  987. {
  988. if (!szPIN.Valid())
  989. {
  990. status = STATUS_INSUFFICIENT_RESOURCES;
  991. goto Return;
  992. }
  993. }
  995. //
  996. // Make the call
  997. //
  998. __try
  999. {
  1000. status = RPC_ScHelperSignMessage(
  1001. hRPCBinding,
  1002. BindingContext,
  1003. (LPCWSTR)szPIN,
  1004. fBindingIsCertAndKey,
  1005. Algorithm,
  1006. BufferLength,
  1007. Buffer,
  1008. SignatureLength,
  1009. &SignatureBuffer);
  1010. }
  1011. __except (EXCEPTION_EXECUTE_HANDLER)
  1012. {
  1013. status = STATUS_SMARTCARD_SUBSYSTEM_FAILURE;
  1014. DbgPrint("Exception occurred during RPC_ScHelperSignMessage - %lx\n", _exception_code());
  1015. }
  1017. if (!NT_SUCCESS(status))
  1018. {
  1019. DbgPrint("RPC_ScHelperSignMessage failed - %lx\n", status);
  1020. goto Return;
  1021. }
  1023. //
  1024. // if SignatureBuffer.cb is not 0, then the called is getting back data
  1025. //
  1026. if (SignatureBuffer.cb != 0)
  1027. {
  1028. memcpy(Signature, SignatureBuffer.pb, SignatureBuffer.cb);
  1029. }
  1031. Return:
  1033. if (SignatureBuffer.pb != NULL)
  1034. {
  1035. MIDL_user_free(SignatureBuffer.pb);
  1036. }
  1038. return (status);
  1039. }
  1042. //***************************************************************************************
  1043. //
  1044. // __ScHelperVerifyMessage:
  1045. //
  1046. //***************************************************************************************
  1047. NTSTATUS WINAPI
  1048. __ScHelperVerifyMessage(
  1049. IN OPTIONAL PBYTE pbLogonInfo,
  1050. IN PCCERT_CONTEXT CertificateContext,
  1051. IN ULONG Algorithm,
  1052. IN PBYTE Buffer,
  1053. IN ULONG BufferLength,
  1054. IN PBYTE Signature,
  1055. IN ULONG SignatureLength
  1056. )
  1057. {
  1058. _ASSERTE(NULL != pbLogonInfo);
  1060. LogonInfo *pLI = (LogonInfo *)pbLogonInfo;
  1061. SCLOGON_PIPE *pSCLogonPipe = (SCLOGON_PIPE *) pLI->ContextInformation;
  1062. NTSTATUS status = STATUS_SUCCESS;
  1064. __try
  1065. {
  1066. status = RPC_ScHelperVerifyMessage(
  1067. pSCLogonPipe->hRPCBinding,
  1068. pSCLogonPipe->BindingContext,
  1069. Algorithm,
  1070. BufferLength,
  1071. Buffer,
  1072. SignatureLength,
  1073. Signature);
  1074. }
  1075. __except (EXCEPTION_EXECUTE_HANDLER)
  1076. {
  1077. status = STATUS_SMARTCARD_SUBSYSTEM_FAILURE;
  1078. DbgPrint("Exception occurred during RPC_ScHelperVerifyMessage - %lx\n", _exception_code());
  1079. }
  1081. return (status);
  1082. }
  1085. //***************************************************************************************
  1086. //
  1087. // __ScHelperSignPkcsMessage:
  1088. //
  1089. //***************************************************************************************
  1090. NTSTATUS WINAPI
  1091. __ScHelperSignPkcsMessage(
  1092. IN OPTIONAL PUNICODE_STRING pucPIN,
  1093. IN OPTIONAL PBYTE pbLogonInfo,
  1094. IN OPTIONAL ULONG_PTR KerbHProv,
  1095. IN PCCERT_CONTEXT Certificate,
  1096. IN PCRYPT_ALGORITHM_IDENTIFIER Algorithm,
  1097. IN DWORD dwSignMessageFlags,
  1098. IN PBYTE Buffer,
  1099. IN ULONG BufferLength,
  1100. OUT OPTIONAL PBYTE SignedBuffer,
  1101. OUT OPTIONAL PULONG SignedBufferLength
  1102. )
  1103. {
  1104. LogonInfo *pLI;
  1105. SCLOGON_PIPE *pSCLogonPipe;
  1106. NTSTATUS status = STATUS_SUCCESS;
  1107. CUnicodeString szPIN(pucPIN);
  1108. OUT_BUFFER2 SignedBufferBuffer;
  1109. PKERB_PUBLIC_KEY_HPROV pKerbHProv;
  1110. handle_t hRPCBinding;
  1111. BINDING_CONTEXT BindingContext;
  1112. BOOL fBindingIsCertAndKey = FALSE;
  1114. //
  1115. // Decide which rpc binding to use
  1116. //
  1117. if (KerbHProv != NULL)
  1118. {
  1119. pKerbHProv = (PKERB_PUBLIC_KEY_HPROV) KerbHProv;
  1120. hRPCBinding = pKerbHProv->hRPCBinding;
  1121. BindingContext = pKerbHProv->hCertAndKey;
  1122. fBindingIsCertAndKey = TRUE;
  1123. }
  1124. else
  1125. {
  1126. pLI = (LogonInfo *)pbLogonInfo;
  1127. pSCLogonPipe = (SCLOGON_PIPE *) pLI->ContextInformation;
  1128. hRPCBinding = pSCLogonPipe->hRPCBinding;
  1129. BindingContext = pSCLogonPipe->BindingContext;
  1130. }
  1132. memset(&SignedBufferBuffer, 0, sizeof(SignedBufferBuffer));
  1134. //
  1135. // Make sure pin got initialized correctly in constructor
  1136. //
  1137. if (NULL != pucPIN)
  1138. {
  1139. if (!szPIN.Valid())
  1140. {
  1141. status = STATUS_INSUFFICIENT_RESOURCES;
  1142. goto Return;
  1143. }
  1144. }
  1146. //
  1147. // Make the call
  1148. //
  1149. __try
  1150. {
  1151. status = RPC_ScHelperSignPkcsMessage(
  1152. hRPCBinding,
  1153. BindingContext,
  1154. (LPCWSTR)szPIN,
  1155. fBindingIsCertAndKey,
  1156. Algorithm->pszObjId,
  1157. Algorithm->Parameters.cbData,
  1158. Algorithm->Parameters.pbData,
  1159. dwSignMessageFlags,
  1160. BufferLength,
  1161. Buffer,
  1162. SignedBufferLength,
  1163. &SignedBufferBuffer);
  1164. }
  1165. __except (EXCEPTION_EXECUTE_HANDLER)
  1166. {
  1167. status = STATUS_SMARTCARD_SUBSYSTEM_FAILURE;
  1168. DbgPrint("Exception occurred during RPC_ScHelperSignPkcsMessage - %lx\n", _exception_code());
  1169. }
  1171. if (!NT_SUCCESS(status))
  1172. {
  1173. if (status != STATUS_BUFFER_TOO_SMALL)
  1174. {
  1175. DbgPrint("RPC_ScHelperSignPkcsMessage failed - %lx\n", status);
  1176. }
  1177. goto Return;
  1178. }
  1180. //
  1181. // if SignedBufferBuffer.cb is not 0, then the called is getting back data
  1182. //
  1183. if (SignedBufferBuffer.cb != 0)
  1184. {
  1185. memcpy(SignedBuffer, SignedBufferBuffer.pb, SignedBufferBuffer.cb);
  1186. }
  1188. Return:
  1190. if (SignedBufferBuffer.pb != NULL)
  1191. {
  1192. MIDL_user_free(SignedBufferBuffer.pb);
  1193. }
  1195. return (status);
  1196. }
  1199. //***************************************************************************************
  1200. //
  1201. // __ScHelperVerifyPkcsMessage:
  1202. //
  1203. //***************************************************************************************
  1204. /*NTSTATUS WINAPI
  1205. __ScHelperVerifyPkcsMessage(
  1206. IN OPTIONAL PBYTE pbLogonInfo,
  1207. IN OPTIONAL HCRYPTPROV Provider,
  1208. IN PBYTE Buffer,
  1209. IN ULONG BufferLength,
  1210. OUT OPTIONAL PBYTE DecodedBuffer,
  1211. OUT OPTIONAL PULONG DecodedBufferLength,
  1212. OUT OPTIONAL PCCERT_CONTEXT * CertificateContext
  1213. )
  1214. {
  1215. if (Provider != NULL)
  1216. {
  1217. return (ScHelperVerifyPkcsMessage(
  1218. pbLogonInfo,
  1219. Provider,
  1220. Buffer,
  1221. BufferLength,
  1222. DecodedBuffer,
  1223. DecodedBufferLength,
  1224. CertificateContext));
  1225. }
  1227. _ASSERTE(NULL != pbLogonInfo);
  1229. LogonInfo *pLI = (LogonInfo *)pbLogonInfo;
  1230. SCLOGON_PIPE *pSCLogonPipe = (SCLOGON_PIPE *) pLI->ContextInformation;
  1231. NTSTATUS status = STATUS_SUCCESS;
  1232. PCCERT_CONTEXT pCertCtx = NULL;
  1233. OUT_BUFFER2 DecodedBufferBuffer;
  1234. OUT_BUFFER1 CertBytes;
  1235. BOOL fCertificateContextRequested = (CertificateContext != NULL);
  1237. memset(&DecodedBufferBuffer, 0, sizeof(DecodedBufferBuffer));
  1238. memset(&CertBytes, 0, sizeof(CertBytes));
  1240. //
  1241. // Make the call
  1242. //
  1243. __try
  1244. {
  1245. status = RPC_ScHelperVerifyPkcsMessage(
  1246. pSCLogonPipe->hRPCBinding,
  1247. pSCLogonPipe->BindingContext,
  1248. BufferLength,
  1249. Buffer,
  1250. DecodedBufferLength,
  1251. &DecodedBufferBuffer,
  1252. fCertificateContextRequested,
  1253. &CertBytes);
  1254. }
  1255. __except (EXCEPTION_EXECUTE_HANDLER)
  1256. {
  1257. status = STATUS_SMARTCARD_SUBSYSTEM_FAILURE;
  1258. DbgPrint("Exception occurred during RPC_ScHelperVerifyPkcsMessage - %lx\n", _exception_code());
  1259. }
  1261. if (!NT_SUCCESS(status))
  1262. {
  1263. goto Return;
  1264. }
  1266. //
  1267. // Create the return CertContext based on the bytes returned
  1268. //
  1269. if (fCertificateContextRequested)
  1270. {
  1271. pCertCtx = CertCreateCertificateContext(
  1272. X509_ASN_ENCODING | PKCS_7_ASN_ENCODING,
  1273. CertBytes.pb,
  1274. CertBytes.cb);
  1275. if (pCertCtx == NULL)
  1276. {
  1277. status = STATUS_SMARTCARD_SUBSYSTEM_FAILURE;
  1278. goto Return;
  1279. }
  1280. }
  1282. //
  1283. // if DecodedBufferBuffer.cb is not 0, then the called is getting back data
  1284. //
  1285. if (DecodedBufferBuffer.cb != 0)
  1286. {
  1287. memcpy(DecodedBuffer, DecodedBufferBuffer.pb, DecodedBufferBuffer.cb);
  1288. }
  1290. Return:
  1292. if (fCertificateContextRequested)
  1293. {
  1294. *CertificateContext = pCertCtx;
  1295. }
  1297. if (DecodedBufferBuffer.pb != NULL)
  1298. {
  1299. MIDL_user_free(DecodedBufferBuffer.pb);
  1300. }
  1302. if (CertBytes.pb != NULL)
  1303. {
  1304. MIDL_user_free(CertBytes.pb);
  1305. }
  1307. return (status);
  1308. }*/
  1312. //***************************************************************************************
  1313. //
  1314. // __ScHelperDecryptMessage:
  1315. //
  1316. //***************************************************************************************
  1317. NTSTATUS WINAPI
  1318. __ScHelperDecryptMessage(
  1319. IN PUNICODE_STRING pucPIN,
  1320. IN OPTIONAL PBYTE pbLogonInfo,
  1321. IN OPTIONAL ULONG_PTR KerbHProv,
  1322. IN PCCERT_CONTEXT CertificateContext,
  1323. IN PBYTE CipherText, // Supplies formatted CipherText
  1324. IN ULONG CipherLength, // Supplies the length of the CiperText
  1325. OUT PBYTE ClearText, // Receives decrypted message
  1326. IN OUT PULONG pClearLength // Supplies length of buffer, receives actual length
  1327. )
  1328. {
  1329. LogonInfo *pLI;
  1330. SCLOGON_PIPE *pSCLogonPipe;
  1331. NTSTATUS status = STATUS_SUCCESS;
  1332. CUnicodeString szPIN(pucPIN);
  1333. OUT_BUFFER2 ClearTextBuffer;
  1334. PKERB_PUBLIC_KEY_HPROV pKerbHProv;
  1335. handle_t hRPCBinding;
  1336. BINDING_CONTEXT BindingContext;
  1337. BOOL fBindingIsCertAndKey = FALSE;
  1339. //
  1340. // Decide which rpc binding to use
  1341. //
  1342. if (KerbHProv != NULL)
  1343. {
  1344. pKerbHProv = (PKERB_PUBLIC_KEY_HPROV) KerbHProv;
  1345. hRPCBinding = pKerbHProv->hRPCBinding;
  1346. BindingContext = pKerbHProv->hCertAndKey;
  1347. fBindingIsCertAndKey = TRUE;
  1348. }
  1349. else
  1350. {
  1351. pLI = (LogonInfo *)pbLogonInfo;
  1352. pSCLogonPipe = (SCLOGON_PIPE *) pLI->ContextInformation;
  1353. hRPCBinding = pSCLogonPipe->hRPCBinding;
  1354. BindingContext = pSCLogonPipe->BindingContext;
  1355. }
  1357. memset(&ClearTextBuffer, 0, sizeof(ClearTextBuffer));
  1359. //
  1360. // Make sure pin got initialized correctly in constructor
  1361. //
  1362. if (NULL != pucPIN)
  1363. {
  1364. if (!szPIN.Valid())
  1365. {
  1366. status = STATUS_INSUFFICIENT_RESOURCES;
  1367. goto Return;
  1368. }
  1369. }
  1371. //
  1372. // Make the call
  1373. //
  1374. __try
  1375. {
  1376. status = RPC_ScHelperDecryptMessage(
  1377. hRPCBinding,
  1378. BindingContext,
  1379. (LPCWSTR)szPIN,
  1380. fBindingIsCertAndKey,
  1381. CipherLength,
  1382. CipherText,
  1383. pClearLength,
  1384. &ClearTextBuffer);
  1385. }
  1386. __except (EXCEPTION_EXECUTE_HANDLER)
  1387. {
  1388. status = STATUS_SMARTCARD_SUBSYSTEM_FAILURE;
  1389. DbgPrint("Exception occurred during RPC_ScHelperDecryptMessage - %lx\n", _exception_code());
  1390. }
  1392. if (!NT_SUCCESS(status))
  1393. {
  1394. if (status != STATUS_BUFFER_TOO_SMALL)
  1395. {
  1396. DbgPrint("RPC_ScHelperDecryptMessage failed - %lx\n", status);
  1397. }
  1398. goto Return;
  1399. }
  1401. //
  1402. // if ClearTextBuffer.cb is not 0, then the call is getting back data
  1403. //
  1404. if (ClearTextBuffer.cb != 0)
  1405. {
  1406. memcpy(ClearText, ClearTextBuffer.pb, ClearTextBuffer.cb);
  1407. }
  1409. Return:
  1411. if (ClearTextBuffer.pb != NULL)
  1412. {
  1413. MIDL_user_free(ClearTextBuffer.pb);
  1414. }
  1416. return (status);
  1417. }
  1421. //***************************************************************************************
  1422. //
  1423. // __ScHelper_CryptAcquireCertificatePrivateKey:
  1424. //
  1425. //***************************************************************************************
  1426. NTSTATUS WINAPI
  1427. __ScHelper_CryptAcquireCertificatePrivateKey(
  1428. IN PCCERT_CONTEXT CertificateContext,
  1429. OUT ULONG_PTR *pKerbHProv,
  1430. OUT DWORD *pLastError
  1431. )
  1432. {
  1433. NTSTATUS status = STATUS_SUCCESS;
  1434. PKERB_PUBLIC_KEY_HPROV pProv = NULL;
  1435. BOOL fRPCBindingInitialized = FALSE;
  1436. CRYPT_KEY_PROV_INFO *pKeyProvInfo = NULL;
  1437. DWORD cbKeyProvInfo = 0;
  1438. HANDLE hThreadToken = INVALID_HANDLE_VALUE;
  1439. BOOL fImpersonatingAnonymous = FALSE;
  1440. HANDLE hNULL = NULL;
  1442. *pLastError = 0;
  1444. //
  1445. // If we are already impersonating, then we need to do things slightly
  1446. // differently... starting with getting the current thread token
  1447. //
  1448. if (!GetImpersonationToken(&hThreadToken))
  1449. {
  1450. status = STATUS_SMARTCARD_SUBSYSTEM_FAILURE;
  1451. goto Return;
  1452. }
  1454. //
  1455. // If we are impersonating, then revert to anonymous
  1456. //
  1457. if (hThreadToken != INVALID_HANDLE_VALUE)
  1458. {
  1459. if (!SetThreadToken(NULL, NULL))
  1460. {
  1461. status = STATUS_SMARTCARD_SUBSYSTEM_FAILURE;
  1462. goto Return;
  1463. }
  1465. fImpersonatingAnonymous = TRUE;
  1466. }
  1468. //
  1469. // Allocate the new KERB_PUBLIC_KEY_HPROV struct
  1470. //
  1471. pProv = (PKERB_PUBLIC_KEY_HPROV) MIDL_user_allocate(sizeof(KERB_PUBLIC_KEY_HPROV));
  1472. if (pProv == NULL)
  1473. {
  1474. *pLastError = ERROR_NOT_ENOUGH_MEMORY;
  1475. status = STATUS_INSUFFICIENT_RESOURCES;
  1476. goto Return;
  1477. }
  1478. pProv->hCertAndKey = NULL;
  1480. //
  1481. // Setup the RPC binding
  1482. //
  1483. status = _SetupRPCConnection(&(pProv->hRPCBinding), hThreadToken);
  1484. if (!NT_SUCCESS(status))
  1485. {
  1486. goto Return;
  1487. }
  1488. fRPCBindingInitialized = TRUE;
  1490. //
  1491. // Get the key prov info from the cert context
  1492. //
  1493. if (!CertGetCertificateContextProperty(
  1494. CertificateContext,
  1495. CERT_KEY_PROV_INFO_PROP_ID,
  1496. NULL,
  1497. &cbKeyProvInfo))
  1498. {
  1499. *pLastError = GetLastError();
  1500. status = STATUS_INSUFFICIENT_RESOURCES;
  1501. goto Return;
  1502. }
  1504. pKeyProvInfo = (CRYPT_KEY_PROV_INFO *) MIDL_user_allocate(cbKeyProvInfo);
  1505. if (pKeyProvInfo == NULL)
  1506. {
  1507. *pLastError = ERROR_NOT_ENOUGH_MEMORY;
  1508. status = STATUS_INSUFFICIENT_RESOURCES;
  1509. goto Return;
  1510. }
  1512. if (!CertGetCertificateContextProperty(
  1513. CertificateContext,
  1514. CERT_KEY_PROV_INFO_PROP_ID,
  1515. pKeyProvInfo,
  1516. &cbKeyProvInfo))
  1517. {
  1518. *pLastError = GetLastError();
  1519. status = STATUS_INSUFFICIENT_RESOURCES;
  1520. goto Return;
  1521. }
  1523. //
  1524. // Create the hProv in the winlogon process
  1525. //
  1526. __try
  1527. {
  1528. status = RPC_ScHelper_CryptAcquireCertificatePrivateKey(
  1529. pProv->hRPCBinding,
  1530. CertificateContext->cbCertEncoded,
  1531. CertificateContext->pbCertEncoded,
  1532. pKeyProvInfo->pwszContainerName,
  1533. pKeyProvInfo->pwszProvName,
  1534. pKeyProvInfo->dwProvType,
  1535. pKeyProvInfo->dwFlags,
  1536. pKeyProvInfo->dwKeySpec,
  1537. &(pProv->hCertAndKey),
  1538. pLastError);
  1539. }
  1540. __except (EXCEPTION_EXECUTE_HANDLER)
  1541. {
  1542. status = STATUS_SMARTCARD_SUBSYSTEM_FAILURE;
  1543. DbgPrint("Exception occurred during RPC_ScHelper_CryptAcquireCertificatePrivateKey - %lx\n", _exception_code());
  1544. }
  1546. Return:
  1548. if (NT_SUCCESS(status))
  1549. {
  1550. *pKerbHProv = (ULONG_PTR) pProv;
  1551. }
  1552. else
  1553. {
  1554. DbgPrint("RPC_ScHelper_CryptAcquireCertificatePrivateKey failed - %lx\n", status);
  1556. if (fRPCBindingInitialized)
  1557. {
  1558. _TeardownRPCConnection(&(pProv->hRPCBinding));
  1559. }
  1561. if (pProv != NULL)
  1562. {
  1563. MIDL_user_free(pProv);
  1564. }
  1565. }
  1567. if (pKeyProvInfo != NULL)
  1568. {
  1569. MIDL_user_free(pKeyProvInfo);
  1570. }
  1572. //
  1573. // Reset impersonation if needed
  1574. //
  1575. if (fImpersonatingAnonymous)
  1576. {
  1577. if (!SetThreadToken(NULL, hThreadToken))
  1578. {
  1579. status = STATUS_SMARTCARD_SUBSYSTEM_FAILURE;
  1580. DbgPrint("SetThreadToken failed, we are now in a BOGUS STATE!! - %lx\n", status);
  1581. }
  1582. }
  1584. if (hThreadToken != INVALID_HANDLE_VALUE)
  1585. {
  1586. CloseHandle(hThreadToken);
  1587. }
  1589. return (status);
  1590. }
  1594. //***************************************************************************************
  1595. //
  1596. // __ScHelper_CryptSetProvParam:
  1597. //
  1598. //***************************************************************************************
  1599. NTSTATUS WINAPI
  1600. __ScHelper_CryptSetProvParam(
  1601. IN ULONG_PTR KerbHProv,
  1602. IN LPSTR pszPIN,
  1603. OUT DWORD *pLastError
  1604. )
  1605. {
  1606. NTSTATUS status = STATUS_SUCCESS;
  1607. PKERB_PUBLIC_KEY_HPROV pKerbHProv = (PKERB_PUBLIC_KEY_HPROV) KerbHProv;
  1608. HANDLE hThreadToken = INVALID_HANDLE_VALUE;
  1609. BOOL fImpersonatingAnonymous = FALSE;
  1610. HANDLE hNULL = NULL;
  1612. *pLastError = 0;
  1614. //
  1615. // If we are already impersonating, then we need to do things slightly
  1616. // differently... starting with getting the current thread token
  1617. //
  1618. if (!GetImpersonationToken(&hThreadToken))
  1619. {
  1620. status = STATUS_SMARTCARD_SUBSYSTEM_FAILURE;
  1621. goto Return;
  1622. }
  1624. //
  1625. // If we are impersonating, then revert to anonymous
  1626. //
  1627. if (hThreadToken != INVALID_HANDLE_VALUE)
  1628. {
  1629. if (!SetThreadToken(NULL, NULL))
  1630. {
  1631. status = STATUS_SMARTCARD_SUBSYSTEM_FAILURE;
  1632. goto Return;
  1633. }
  1635. fImpersonatingAnonymous = TRUE;
  1636. }
  1638. //
  1639. // Set the prov param on the hProv in the winlogon process
  1640. //
  1641. __try
  1642. {
  1643. status = RPC_ScHelper_CryptSetProvParam(
  1644. pKerbHProv->hRPCBinding,
  1645. pKerbHProv->hCertAndKey,
  1646. pszPIN,
  1647. pLastError);
  1648. }
  1649. __except (EXCEPTION_EXECUTE_HANDLER)
  1650. {
  1651. status = STATUS_SMARTCARD_SUBSYSTEM_FAILURE;
  1652. DbgPrint("Exception occurred during RPC_ScHelper_CryptSetProvParam - %lx\n", _exception_code());
  1653. goto Return;
  1654. }
  1656. Return:
  1658. //
  1659. // Reset impersonation if needed
  1660. //
  1661. if (fImpersonatingAnonymous)
  1662. {
  1663. if (!SetThreadToken(NULL, hThreadToken))
  1664. {
  1665. status = STATUS_SMARTCARD_SUBSYSTEM_FAILURE;
  1666. DbgPrint("SetThreadToken failed, we are now in a BOGUS STATE!! - %lx\n", status);
  1667. }
  1668. }
  1670. if (hThreadToken != INVALID_HANDLE_VALUE)
  1671. {
  1672. CloseHandle(hThreadToken);
  1673. }
  1675. return (status);
  1676. }
  1680. //***************************************************************************************
  1681. //
  1682. // __ScHelper_CryptReleaseContext:
  1683. //
  1684. //***************************************************************************************
  1685. NTSTATUS WINAPI
  1686. __ScHelper_CryptReleaseContext(
  1687. IN ULONG_PTR KerbHProv
  1688. )
  1689. {
  1690. NTSTATUS status = STATUS_SUCCESS;
  1691. PKERB_PUBLIC_KEY_HPROV pKerbHProv = (PKERB_PUBLIC_KEY_HPROV) KerbHProv;
  1692. HANDLE hThreadToken = INVALID_HANDLE_VALUE;
  1693. BOOL fImpersonatingAnonymous = FALSE;
  1694. HANDLE hNULL = NULL;
  1696. //
  1697. // If we are already impersonating, then we need to do things slightly
  1698. // differently... starting with getting the current thread token
  1699. //
  1700. if (!GetImpersonationToken(&hThreadToken))
  1701. {
  1702. status = STATUS_SMARTCARD_SUBSYSTEM_FAILURE;
  1703. goto Return;
  1704. }
  1706. //
  1707. // If we are impersonating, then revert to anonymous
  1708. //
  1709. if (hThreadToken != INVALID_HANDLE_VALUE)
  1710. {
  1711. if (!SetThreadToken(NULL, NULL))
  1712. {
  1713. status = STATUS_SMARTCARD_SUBSYSTEM_FAILURE;
  1714. goto Return;
  1715. }
  1717. fImpersonatingAnonymous = TRUE;
  1718. }
  1720. //
  1721. // release hProv in the winlogon process
  1722. //
  1723. __try
  1724. {
  1725. status = RPC_ScHelper_CryptReleaseContext(
  1726. pKerbHProv->hRPCBinding,
  1727. &(pKerbHProv->hCertAndKey));
  1728. }
  1729. __except (EXCEPTION_EXECUTE_HANDLER)
  1730. {
  1731. status = STATUS_SMARTCARD_SUBSYSTEM_FAILURE;
  1732. DbgPrint("Exception occurred during RPC_ScHelper_CryptReleaseContext - %lx\n", _exception_code());
  1733. goto Return;
  1734. }
  1736. Return:
  1738. _TeardownRPCConnection(&(pKerbHProv->hRPCBinding));
  1739. MIDL_user_free(pKerbHProv);
  1741. //
  1742. // Reset impersonation if needed
  1743. //
  1744. if (fImpersonatingAnonymous)
  1745. {
  1746. if (!SetThreadToken(NULL, hThreadToken))
  1747. {
  1748. status = STATUS_SMARTCARD_SUBSYSTEM_FAILURE;
  1749. DbgPrint("SetThreadToken failed, we are now in a BOGUS STATE!! - %lx\n", status);
  1750. }
  1751. }
  1753. if (hThreadToken != INVALID_HANDLE_VALUE)
  1754. {
  1755. CloseHandle(hThreadToken);
  1756. }
  1758. return (status);
  1759. }