|
|
/*++
Copyright (c) 1997-1999 Microsoft Corporation
Module Name:
efssrv.hxx
Abstract:
EFS (Encrypting File System) defines, data and function prototypes.
Author:
Robert Reichel (RobertRe) Robert Gu (RobertG)
Environment:
Revision History:
--*/
#ifndef _EFSSRV_
#define _EFSSRV_
#include <efsstruc.h>
#include <wincrypt.h>
#include <winefs.h>
#include <des.h>
#include <des3.h>
#include <aes.h>
#ifdef __cplusplus
extern "C" {#endif
#define FILE_SIGNATURE L"ROBS"
#define STREAM_SIGNATURE L"NTFS"
#define DATA_SIGNATURE L"GURE"
#define DEFAULT_STREAM L"::$DATA"
#define DEF_STR_LEN 14
#define MAX_PATH_LENGTH 1024
#define EFSDIR L"\\System Volume Information"
#define EFSLOGPATTERN L"\\EFS*.LOG"
#define EFSSOURCE L"EFS"
#define LOGEXT L"LOG"
#define LOGSIG L"GUJR"
#define LOGSIGLEN 4
#define LOGVERID 100
#define EFSDIRLEN (sizeof(EFSDIR) - sizeof (WCHAR))
#define DAVHEADER 0x01
#define WEBDAVPATH 0x0001
#define OPEN_FOR_ENC 0x00000001
#define OPEN_FOR_DEC 0x00000002
#define OPEN_FOR_REC 0x00000004
#define OPEN_FOR_EXP 0x00000008
#define OPEN_FOR_IMP 0x00000010
#define OPEN_FOR_FTR 0x00000020
#define CERT_NOT_VALIDATED 0
#define CERT_VALIDATION_FAILED 1
#define CERT_VALIDATED 2
#define RECOVERY_POLICY_EMPTY 0x01
#define RECOVERY_POLICY_NULL 0x02
#define RECOVERY_POLICY_NO_AGENT 0x04
#define RECOVERY_POLICY_OK 0x20
#define RECOVERY_POLICY_EXPIRED_CERTS 0x100
#define RECOVERY_POLICY_NOT_EFFECT_CERTS 0x200
#define RECOVERY_POLICY_BAD_POLICY 0x400
#define RECOVERY_POLICY_UNKNOWN_BAD 0x800
#define RECOVERY_POLICY_NO_MEMORY 0x1000
#define RECOVERY_POLICY_STATUS_CHANGE 0x80000000
#define USER_INTERACTIVE 2
#define USER_REMOTE 1
#define USER_UNKNOWN 0
#define CERTINLMTRUSTEDSTORE 2
extern DESTable DesTable;extern UCHAR DriverSessionKey[];extern HCRYPTPROV hProvVerify;extern WCHAR EfsComputerName[];extern LIST_ENTRY UserCacheList;extern RTL_CRITICAL_SECTION GuardCacheListLock;extern LONG UserCacheListLimit;extern LONG UserCacheListCount;extern LONGLONG CACHE_CERT_VALID_TIME;
//
// Useful flags for passing around what we're doing.
//
typedef enum _EFSP_OPERATION { Encrypting, Decrypting, EncryptRecovering, DecryptRecovering} EFSP_OPERATION;
typedef enum _EFS_ACTION_STATUS { BeginEncryptDir, BeginDecryptDir, BeginEncryptFile, BeginDecryptFile, EncryptTmpFileWritten, DecryptTmpFileWritten, EncryptionDone, DecryptionDone, EncryptionBackout, EncryptionMessup, EncryptionSrcDone,} EFS_ACTION_STATUS;
//
// Common log file header
//
#define LOG_DECRYPTION 0x00000001
#define LOG_DIRECTORY 0x00000002
typedef struct _LOGHEADER { WCHAR SIGNATURE[4]; ULONG VerID; ULONG SectorSize; ULONG HeaderSize; //Size in bytes. Including the padding zero of TempFilePath
ULONG HeaderBlockSize; //Size in bytes including the checksum. Multiple of SectorSize
ULONG Flag; //Encryption or Decryption, File or Directory
ULONG TargetFilePathOffset; //Offset to Target file name in user readable format
ULONG TargetFilePathLength; //The length of the above name including ending 0
ULONG TempFilePathOffset; //Offset to Temp file name in user readable format
ULONG TempFilePathLength; //The length of the above name including ending 0
ULONG OffsetStatus1; //Point to the first copy of the status info
ULONG OffsetStatus2; //Point to the second copy of the status info
ULONG Reserved[3]; ULONG LengthOfTargetFileInternalName; //Size in bytes ( 8 for V 1.0)
LARGE_INTEGER TargetFileInternalName; //Use File ID for V 1.0
ULONG LengthOfTempFileInternalName; //Size in bytes ( 8 for V 1.0)
LARGE_INTEGER TempFileInternalName; //Use File ID for V 1.0
} LOGHEADER, *PLOGHEADER;
//
// Local structure containing recovery information.
// More easily digestable than the stuff we get out
// of the policy.
//
typedef struct _CURRENT_RECOVERY_POLICY { PBYTE Base; LARGE_INTEGER TimeStamp; LONG CertValidated; DWORD dwKeyCount; DWORD PolicyStatus; PBYTE * pbHash; DWORD * cbHash; PBYTE * pbPublicKeys; DWORD * cbPublicKeys; LPWSTR * lpDisplayInfo; PCCERT_CONTEXT * pCertContext; PSID * pSid;} CURRENT_RECOVERY_POLICY, *PCURRENT_RECOVERY_POLICY;
//
// User Cache Node
//
typedef struct _USER_CACHE {
LUID AuthId; LONG UseRefCount; LONG StopUseCount; //For the purpose of free the cache
PBYTE pbHash; DWORD cbHash; LONG CertValidated; LPWSTR ContainerName; LPWSTR DisplayInformation; LPWSTR ProviderName; PCCERT_CONTEXT pCertContext; HCRYPTPROV hProv; HCRYPTKEY hUserKey; LARGE_INTEGER TimeStamp; LIST_ENTRY CacheChain;
} USER_CACHE, *PUSER_CACHE;
typedef struct _EFS_USER_INFO { LPWSTR lpUserName; LPWSTR lpDomainName; LPWSTR lpProfilePath; // may be NULL
LPWSTR lpUserSid; LPWSTR lpKeyPath; PTOKEN_USER pTokenUser; PUSER_CACHE pUserCache; LUID AuthId; LONG InterActiveUser; BOOLEAN bDomainAccount; BOOLEAN bIsSystem; BOOLEAN UserCacheStop; BOOLEAN Reserved;} EFS_USER_INFO, *PEFS_USER_INFO;
typedef struct _EFS_POL_CALLBACK { HANDLE *EfsPolicyEventHandle; BOOLEAN *EfsDisable;} EFS_POL_CALLBACK, *PEFS_POL_CALLBACK;
BOOLEANEfspIsSystem( PEFS_USER_INFO pEfsUserInfo, OUT PBOOLEAN System );
BOOLEANEfspGetUserInfo( IN OUT PEFS_USER_INFO pEfsUserInfo );
VOIDEfspFreeUserInfo( IN PEFS_USER_INFO pEfsUserInfo );
BOOLEAN EfspInitUserCacheNode( IN OUT PUSER_CACHE pCacheNode, IN PBYTE pbHash, IN DWORD cbHash, IN LPWSTR ContainerName, IN LPWSTR ProviderName, IN LPWSTR DisplayInformation, IN PCCERT_CONTEXT pCertContext, IN HCRYPTKEY hKey, IN HCRYPTPROV hProv, IN LUID *AuthId, IN LONG CertValidated );
BOOLEANEfspAddUserCache( IN PUSER_CACHE pUserCache );
VOIDEfspReleaseUserCache( IN PUSER_CACHE pUserCache );
DWORDGenerateDRF( IN PEFS_KEY Fek, OUT PENCRYPTED_KEYS *pNewDRF, OUT DWORD *cbDRF ); BOOLEANGenerateFEK( IN OUT PEFS_KEY *Key );
BOOLEANConstructEFS( PEFS_USER_INFO pEfsUserInfo, PEFS_KEY Fek, PEFS_DATA_STREAM_HEADER ParentEfsStreamHeader, PEFS_DATA_STREAM_HEADER * EfsStreamHeader );
BOOLEANConstructDirectoryEFS( PEFS_USER_INFO pEfsUserInfo, PEFS_KEY Fek, PEFS_DATA_STREAM_HEADER * ChildEfs );
DWORDDecryptFek( PEFS_USER_INFO pEfsUserInfo, PEFS_DATA_STREAM_HEADER EfsStream, PEFS_KEY * Fek, PEFS_DATA_STREAM_HEADER * NewEfs, ULONG OpenType );
DWORDEfsGetFek( IN PEFS_USER_INFO pEfsUserInfo, IN PEFS_DATA_STREAM_HEADER EfsStream, OUT PEFS_KEY * Fek );
NTSTATUSInitDriverSessionKey( VOID );
NTSTATUSGenerateDriverSessionKey( PEFS_INIT_DATAEXG InitDataExg );
NTSTATUSEfsServerInit( VOID );
DWORD WINAPIEFSRecover( IN LPVOID Param );
VOIDDumpBytes( PBYTE Blob, ULONG Length );
VOIDDumpEFS( PEFS_DATA_STREAM_HEADER Efs );
NTSTATUSEfspGetTokenUser( IN OUT PEFS_USER_INFO pEfsUserInfo );
NTSTATUSEfspGetUserName( IN OUT PEFS_USER_INFO pEfsUserInfo );
PWCHARConvertSidToWideCharString( PSID Sid );
BOOLEfsErrorToNtStatus( IN DWORD WinError, OUT PNTSTATUS NtStatus );
DWORDEfspInstallCertAsUserKey( PEFS_USER_INFO pEfsUserInfo, PENCRYPTION_CERTIFICATE pEncryptionCertificate );
DWORDEfspReplaceUserKeyInformation( PEFS_USER_INFO pEfsUserInfo );
VOIDMarkFileForDelete( HANDLE FileHandle );
DWORDGetVolumeRoot( IN PUNICODE_STRING SrcFileName, OUT PUNICODE_STRING RootPath);
NTSTATUSGetLogFile( IN PUNICODE_STRING RootPath, OUT HANDLE *LogFile);
NTSTATUSMakeSystemFullControlSD( OUT PSECURITY_DESCRIPTOR *ppSD);
NTSTATUSCreateLogFile( IN PUNICODE_STRING FileName, IN PSECURITY_DESCRIPTOR SD, OUT HANDLE *LogFile);
NTSTATUSCreateLogHeader( IN HANDLE LogFile, IN ULONG SectorSize, IN PLARGE_INTEGER TragetID, IN PLARGE_INTEGER TempID OPTIONAL, IN LPCWSTR SrcFileName, IN LPCWSTR TempFileName OPTIONAL, IN EFSP_OPERATION Operation, IN EFS_ACTION_STATUS Action, OUT ULONG *LogInfoOffset );
ULONGGetCheckSum( IN BYTE *WorkBuffer, IN ULONG Length );
VOIDCreateBlockSum( IN BYTE *WorkBuffer, IN ULONG Length, IN ULONG SectorSize );
NTSTATUSCreateBackupFile( IN PUNICODE_STRING SourceFileNameU, OUT HANDLE *hBackupFile, OUT FILE_INTERNAL_INFORMATION *BackupID, OUT LPWSTR *BackupFileName );
NTSTATUSWriteLogFile( IN HANDLE LogFileH, IN ULONG SectorSize, IN ULONG StartOffset, IN EFS_ACTION_STATUS Action );
voidTryRecoverVol( IN const WCHAR *VolumeName, IN WCHAR *CacheDir );
voidTryRecoverFile( IN const WCHAR *VolumeName, IN LPWIN32_FIND_DATA FindFileInfo, IN HANDLE EventHandleLog );
NTSTATUSReadLogFile( IN HANDLE LogFile, OUT BYTE* ReadBuffer, IN ULONG FirstCopy, IN ULONG SecondCopy );
NTSTATUSDoRecover( IN HANDLE Target, IN HANDLE TmpFile OPTIONAL, IN HANDLE LogFile, IN LPCWSTR TargetName, IN LPCWSTR TmpName OPTIONAL, IN ULONG StatusCopySize, IN ULONG StatusStartOffset, IN ULONG Action, IN HANDLE EventHandleLog );
ULONGGetCheckSum( IN BYTE *WorkBuffer, IN ULONG Length );
NTSTATUSDecryptDir( IN HANDLE Target, IN LPCWSTR TargetName );
NTSTATUSSendGenFsctl( IN HANDLE Target, IN ULONG Psc, IN ULONG Csc, IN ULONG EfsCode, IN ULONG FsCode );
NTSTATUSRestoreTarget( IN HANDLE Target, IN HANDLE TmpFile, IN LPCWSTR TargetName, IN LPCWSTR TmpName, IN HANDLE EventHandleLog, EFSP_OPERATION Operation );
DWORDEFSSendPipeData( char *DataBuf, ULONG DataLength, PVOID Context );
DWORDEFSReceivePipeData( char *DataBuf, ULONG* DataLength, PVOID Context );
DWORDGetOverWriteEfsAttrFsctlInput( ULONG Flag, ULONG AccessFlag, char *InputData, ULONG InputDataLength, char *OutputData, ULONG *OutputDataLength );
PBYTEGetCertHashFromCertContext( IN PCCERT_CONTEXT pCertContext, OUT PDWORD pcbHash );
PCRYPT_KEY_PROV_INFOGetKeyProvInfo( PCCERT_CONTEXT pCertContext );
PCERT_PUBLIC_KEY_INFOExportPublicKeyInfo( IN HCRYPTPROV hProv, IN DWORD dwKeySpec, IN DWORD dwCertEncodingType, IN OUT DWORD *pcbInfo );
BOOLEANAddUserToEFS( IN PEFS_DATA_STREAM_HEADER EfsStream, IN PSID NewUserSid OPTIONAL, IN PEFS_KEY Fek, IN PBYTE pbCert, IN DWORD cbCert, OUT PEFS_DATA_STREAM_HEADER * NewEfs );
BOOLRemoveUsersFromEfsStream( IN PEFS_DATA_STREAM_HEADER pEfsStream, IN DWORD nHashes, IN PENCRYPTION_CERTIFICATE_HASH * pHashes, IN PEFS_KEY Fek, OUT PEFS_DATA_STREAM_HEADER * pNewEfsStream );
BOOLQueryCertsFromEncryptedKeys( IN PENCRYPTED_KEYS pEncryptedKeys, OUT PDWORD pnUsers, OUT PENCRYPTION_CERTIFICATE_HASH ** pHashes );
PCCERT_CONTEXTGetCertContextFromCertHash( IN PBYTE pbHash, IN DWORD cbHash, IN DWORD dwFlags );
LPWSTREfspGetCertDisplayInformation( IN PCCERT_CONTEXT pCertContext );
VOIDRecoveryInformationCallback( POLICY_NOTIFICATION_INFORMATION_CLASS ChangedInfoClass );
VOIDEfspRoleChangeCallback( POLICY_NOTIFICATION_INFORMATION_CLASS ChangedInfoClass );
BOOLUpdateRecoveryPolicy( PLSAPR_POLICY_DOMAIN_EFS_INFO * PolicyEfsInfo, PBOOLEAN Reformatted );
VOIDFreeParsedRecoveryPolicy( PCURRENT_RECOVERY_POLICY ParsedRecoveryPolicy );
BOOLGetPublicKey( HCRYPTKEY hKey, PBYTE * PublicKeyBlob, PDWORD KeyLength );
DWORDCreatePublicKeyInformationCertificate( IN PSID pUserSid OPTIONAL, PBYTE pbCert, DWORD cbCert, OUT PEFS_PUBLIC_KEY_INFO * PublicKeyInformation );
BOOLParseRecoveryCertificate( IN PEFS_PUBLIC_KEY_INFO pPublicKeyInfo, OUT PBYTE * pbHash, OUT PDWORD cbHash, OUT PBYTE * pbPublicKey, OUT PDWORD cbPublicKey, OUT LPWSTR * lpDisplayInfo, OUT PCCERT_CONTEXT * pCertContext, OUT PSID * pSid );
VOIDFreeParsedRecoveryPolicy( PCURRENT_RECOVERY_POLICY ParsedRecoveryPolicy );
NTSTATUSGetStreamInformation( IN HANDLE SourceFile, OUT PFILE_STREAM_INFORMATION * StreamInfoBase, PULONG StreamInfoSize );
DWORDOpenFileStreams( IN HANDLE hSourceFile, IN ULONG ShareMode, IN ULONG Flag, IN PFILE_STREAM_INFORMATION StreamInfoBase, IN ULONG FileAccess, IN ULONG CreateDisposition, IN ULONG CreateOption, IN PFILE_FS_SIZE_INFORMATION VolInfo, OUT PUNICODE_STRING * StreamNames, OUT PHANDLE * StreamHandles, OUT PEFS_STREAM_SIZE * StreamSizes, OUT PULONG StreamCount );
BOOLEANGetDecryptFsInput( IN HANDLE Handle, OUT PUCHAR InputData, OUT PULONG InputDataSize );
DWORDCopyFileStreams( PHANDLE SourceStreams, PHANDLE StreamHandles, ULONG StreamCount, PEFS_STREAM_SIZE StreamSizes, EFSP_OPERATION Operation, PUCHAR FsInputData, ULONG FsInputDataSize, PBOOLEAN CleanupSuccessful );
BOOLEANEfspValidateEfsStream( PEFS_DATA_STREAM_HEADER pEFS, PEFS_KEY Fek );
BOOLEANEfspChecksumEfs( PEFS_DATA_STREAM_HEADER pEFS, PEFS_KEY Fek );
voidDumpRecoveryKey( PRECOVERY_KEY_1_1 pRecoveryKey );
LPWSTRMakeDNName( BOOLEAN RecoveryKey, IN PEFS_USER_INFO pEfsUserInfo );
BOOLEncodeAndAlloc( DWORD dwEncodingType, LPCSTR lpszStructType, const void * pvStructInfo, PBYTE * pbEncoded, PDWORD pcbEncoded );
BOOLEfspIsDomainUser( IN LPWSTR lpDomainName, OUT PBOOLEAN IsDomain );
VOIDEfspUnloadUserProfile( IN HANDLE hToken, IN HANDLE hProfile );
BOOLEfspLoadUserProfile( IN PEFS_USER_INFO pEfsUserInfo, OUT PHANDLE hToken, OUT PHANDLE hProfile );
PWCHARConstructKeyPath( PWCHAR SidString );
VOIDEfsLogEntry ( WORD wType, WORD wCategory, DWORD dwEventID, WORD wNumStrings, DWORD dwDataSize, LPCTSTR *lpStrings, LPVOID lpRawData );
DWORDEfsGetCertNameFromCertContext( IN PCCERT_CONTEXT CertContext, OUT LPWSTR * UserDispName );
DWORDEfsAddCertToTrustStoreStore( IN PCCERT_CONTEXT pCert, OUT DWORD *ImpersonationError );
BOOLEfsGetBasicConstraintExt( IN OUT PCERT_EXTENSION *basicRestraint ); BOOLEfsGetAltNameExt( IN OUT PCERT_EXTENSION *altNameExt, IN LPWSTR UPNName );
DWORDEfsMakeCertNames( IN PEFS_USER_INFO pEfsUserInfo, OUT LPWSTR *DispInfo, OUT LPWSTR *SubjectName, OUT LPWSTR *UPNName );
DWORDEfsFindCertOid( IN LPSTR pEfsCertOid, IN PCCERT_CONTEXT pCertContext, OUT BOOL *OidFound );
VOIDEfsMarkCertAddedToStore( IN PEFS_USER_INFO pEfsUserInfo ); /////////////////////////////////////////////////////////////////////////////////////
// /
// /
// Entry points for exported API /
// /
// /
/////////////////////////////////////////////////////////////////////////////////////
DWORDEncryptFileSrv( IN PEFS_USER_INFO pEfsUserData, IN PUNICODE_STRING SourceFileName, IN HANDLE LogFile );
DWORDDecryptFileSrv( IN PUNICODE_STRING SourceFileName, IN HANDLE LogFileH, IN ULONG Recovery );
DWORDAddUsersToFileSrv( IN PEFS_USER_INFO pEfsUserInfo, IN LPCWSTR lpFileName, IN DWORD nUsers, IN PENCRYPTION_CERTIFICATE * pEncryptionCertificates );
DWORDQueryUsersOnFileSrv( IN LPCWSTR lpFileName, OUT PDWORD pnUsers, OUT PENCRYPTION_CERTIFICATE_HASH ** pUsers );
DWORDQueryRecoveryAgentsSrv( IN LPCWSTR lpFileName, OUT PDWORD pnRecoveryAgents, OUT PENCRYPTION_CERTIFICATE_HASH ** pRecoveryAgents );
DWORDRemoveUsersFromFileSrv( IN PEFS_USER_INFO PEfsUserInfo, IN LPCWSTR lpFileName, IN DWORD nUsers, IN PENCRYPTION_CERTIFICATE_HASH * pHashes );
DWORDSetFileEncryptionKeySrv( IN PEFS_USER_INFO PEfsUserInfo, IN PENCRYPTION_CERTIFICATE pEncryptionCertificate );
DWORDDuplicateEncryptionInfoFileSrv ( PEFS_USER_INFO pEfsUserInfo, LPCWSTR lpSrcFileName, LPCWSTR lpDestFileName, LPCWSTR lpDestUncName, DWORD dwCreationDistribution, DWORD dwAttributes, PEFS_RPC_BLOB pRelativeSD, BOOL bInheritHandle ); DWORDEfsFileKeyInfoSrv( IN LPCWSTR lpFileName, IN DWORD InfoClass, OUT PDWORD nbData, OUT PBYTE *pbData ); DWORDEfsOpenFileRaw( IN LPCWSTR FileName, IN LPCWSTR LocalFileName, IN BOOL NetSession, IN ULONG Flags, OUT PVOID * Context );
VOIDEfsCloseFileRaw( IN PVOID Context );
longEfsReadFileRaw( PVOID Context, PVOID EfsOutPipe );
longEfsWriteFileRaw( PVOID Context, PVOID EfsInPipe );
BOOLGetSaltLength( ALG_ID AlgID, DWORD *SaltLength, DWORD *SaltBlockLength );
DWORDEfsAlignBlock( IN PVOID InKey, OUT PVOID *OutKey, OUT BOOLEAN *NewKey );
VOIDEfsGetPolRegSettings( IN PVOID lpThreadData, IN BOOLEAN timeExpired ); VOIDEfsApplyLastPolicy( IN BOOLEAN* pEfsDisabled ); VOIDEfsRemoveKey( VOID ); extern LONG EFSDebugLevel;
extern DESTable DesTable;extern UCHAR DriverSessionKey[DES_BLOCKLEN];extern HANDLE LsaPid;
extern BOOLEAN EfspInDomain;
#ifdef __cplusplus
} // extern C
#endif
#endif // _EFSSRV_
|
