archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8 Commits
1 Branch
0 Tags
2.0 GiB
Tree: 744f0b4006
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '744f0b4006'
${ noResults }
windows-xp/Source/XPSP1/NT/ds/nw/svcdlls/nwwks/lib/lsa.c

537 lines
12 KiB
Raw Normal View History

Add source files
4 years ago
  1. /*++
  3. Copyright (c) 1993 Microsoft Corporation
  5. Module Name:
  7. lsa.c
  9. Abstract:
  11. This module provides helpers to call LSA, particularly for
  12. manipulating secret objects.
  14. Author:
  16. Rita Wong (ritaw) 22-Apr-1993
  18. --*/
  20. #include <stdlib.h>
  22. #include <nt.h>
  23. #include <ntrtl.h>
  24. #include <nturtl.h>
  26. #include <windef.h>
  27. #include <winerror.h>
  28. #include <winbase.h>
  30. #include <nwlsa.h>
  32. //-------------------------------------------------------------------//
  33. // //
  34. // Constants and Macros //
  35. // //
  36. //-------------------------------------------------------------------//
  38. #define NW_SECRET_PREFIX L"_MS_NWCS_"
  41. DWORD
  42. NwOpenPolicy(
  43. IN ACCESS_MASK DesiredAccess,
  44. OUT LSA_HANDLE *PolicyHandle
  45. )
  46. /*++
  48. Routine Description:
  50. This function gets a handle to the local security policy by calling
  51. LsaOpenPolicy.
  53. Arguments:
  55. DesiredAccess - Supplies the desired access to the local security
  56. policy.
  58. PolicyHandle - Receives a handle to the opened policy.
  60. Return Value:
  62. NO_ERROR - Policy handle is returned.
  64. Error from LSA.
  66. --*/
  67. {
  68. NTSTATUS ntstatus;
  69. OBJECT_ATTRIBUTES ObjAttributes;
  72. //
  73. // Open a handle to the local security policy. Initialize the
  74. // objects attributes structure first.
  75. //
  76. InitializeObjectAttributes(
  77. &ObjAttributes,
  78. NULL,
  79. 0L,
  80. NULL,
  81. NULL
  82. );
  84. ntstatus = LsaOpenPolicy(
  85. NULL,
  86. &ObjAttributes,
  87. DesiredAccess,
  88. PolicyHandle
  89. );
  91. if (! NT_SUCCESS(ntstatus)) {
  92. KdPrint(("NWWORKSTATION: LsaOpenPolicy returns %08lx\n",
  93. ntstatus));
  95. return RtlNtStatusToDosError(ntstatus);
  96. }
  98. return NO_ERROR;
  99. }
  102. DWORD
  103. NwOpenSecret(
  104. IN ACCESS_MASK DesiredAccess,
  105. IN LSA_HANDLE PolicyHandle,
  106. IN LPWSTR LsaSecretName,
  107. OUT PLSA_HANDLE SecretHandle
  108. )
  109. /*++
  111. Routine Description:
  113. This function opens a handle to the specified secret object.
  115. Arguments:
  117. DesiredAccess - Supplies the desired access to the secret object.
  119. PolicyHandle - Supplies a handle to an already opened LSA policy.
  121. LsaSecretName - Supplies the name of the secret to open.
  123. SecretHandle - Receives the handle of the opened secret.
  125. Return Value:
  127. NO_ERROR - Secret handle is returned.
  129. Error from LSA.
  131. --*/
  132. {
  133. NTSTATUS ntstatus;
  134. UNICODE_STRING SecretNameString;
  137. RtlInitUnicodeString(&SecretNameString, LsaSecretName);
  139. ntstatus = LsaOpenSecret(
  140. PolicyHandle,
  141. &SecretNameString,
  142. DesiredAccess,
  143. SecretHandle
  144. );
  147. if (! NT_SUCCESS(ntstatus)) {
  148. KdPrint(("NWWORKSTATION: LsaOpenSecret %ws returns %08lx\n",
  149. LsaSecretName, ntstatus));
  151. return RtlNtStatusToDosError(ntstatus);
  152. }
  154. return NO_ERROR;
  155. }
  158. DWORD
  159. NwFormSecretName(
  160. IN LPWSTR Qualifier,
  161. OUT LPWSTR *LsaSecretName
  162. )
  163. /*++
  165. Routine Description:
  167. This function creates a secret name from the user name.
  168. It also allocates the buffer to return the created secret name which
  169. must be freed by the caller using LocalFree when done with it.
  171. Arguments:
  173. Qualifier - Supplies the qualifier which forms part of part of the secret
  174. object name we are creating.
  176. LsaSecretName - Receives a pointer to the buffer which contains the
  177. secret object name.
  179. Return Value:
  181. NO_ERROR - Successfully returned secret name.
  183. ERROR_NOT_ENOUGH_MEMORY - Failed to allocate buffer to hold the secret
  184. name.
  186. --*/
  187. {
  188. if ((*LsaSecretName = (LPWSTR)LocalAlloc(
  189. 0,
  190. (wcslen(NW_SECRET_PREFIX) +
  191. wcslen(Qualifier) +
  192. 1) * sizeof(WCHAR)
  193. )) == NULL) {
  195. KdPrint(("NWWORKSTATION: NwFormSecretName: LocalAlloc failed %lu\n",
  196. GetLastError()));
  197. return ERROR_NOT_ENOUGH_MEMORY;
  198. }
  200. wcscpy(*LsaSecretName, NW_SECRET_PREFIX);
  201. wcscat(*LsaSecretName, Qualifier);
  203. return NO_ERROR;
  204. }
  208. DWORD
  209. NwSetPassword(
  210. IN LPWSTR Qualifier,
  211. IN LPWSTR Password
  212. )
  213. /*++
  215. Routine Description:
  217. This function opens ( creates one if needed ) the LSA secret object,
  218. and sets it with the specified password.
  220. Arguments:
  222. Qualifier - Supplies the qualifier which forms part of part of the secret
  223. object name to be created.
  225. Password - Supplies the user specified password for an account.
  227. Return Value:
  229. NO_ERROR - Secret object for the password is created and set with new value.
  231. Error from LSA.
  233. --*/
  234. {
  235. DWORD status;
  236. NTSTATUS ntstatus;
  237. LSA_HANDLE PolicyHandle;
  239. LSA_HANDLE SecretHandle;
  240. UNICODE_STRING SecretNameString;
  241. LPWSTR LsaSecretName;
  243. UNICODE_STRING NewPasswordString;
  244. UNICODE_STRING OldPasswordString;
  247. //
  248. // Open a handle to the local security policy.
  249. //
  250. if ((status = NwOpenPolicy(
  251. POLICY_CREATE_SECRET,
  252. &PolicyHandle
  253. )) != NO_ERROR) {
  254. KdPrint(("NWWORKSTATION: NwCreatePassword: NwOpenPolicy failed\n"));
  255. return status;
  256. }
  258. //
  259. // Create the LSA secret object. But first, form a secret name.
  260. //
  261. if ((status = NwFormSecretName(
  262. Qualifier,
  263. &LsaSecretName
  264. )) != NO_ERROR) {
  265. (void) LsaClose(PolicyHandle);
  266. return status;
  267. }
  269. RtlInitUnicodeString(&SecretNameString, LsaSecretName);
  271. ntstatus = LsaCreateSecret(
  272. PolicyHandle,
  273. &SecretNameString,
  274. SECRET_SET_VALUE | DELETE,
  275. &SecretHandle
  276. );
  279. //
  280. // note: ignore object already exists error. just use the existing
  281. // object. this could be because the user didnt completely cleanup
  282. // during deinstall. the unique names makes it unlikely to be a real
  283. // collision.
  284. //
  285. if ( ntstatus == STATUS_OBJECT_NAME_COLLISION ) {
  286. ntstatus = NwOpenSecret(
  287. SECRET_SET_VALUE,
  288. PolicyHandle,
  289. LsaSecretName,
  290. &SecretHandle
  291. );
  292. }
  294. //
  295. // Don't need the name or policy handle anymore.
  296. //
  297. (void) LocalFree((HLOCAL) LsaSecretName);
  298. (void) LsaClose(PolicyHandle);
  300. if (! NT_SUCCESS(ntstatus)) {
  302. KdPrint(("NWWORKSTATION: NwCreatePassword: LsaCreateSecret or LsaOpenSecret returned %08lx for %ws\n", ntstatus, LsaSecretName));
  304. return RtlNtStatusToDosError(ntstatus);
  305. }
  308. RtlInitUnicodeString(&OldPasswordString, NULL);
  309. RtlInitUnicodeString(&NewPasswordString, Password);
  311. ntstatus = LsaSetSecret(
  312. SecretHandle,
  313. &NewPasswordString,
  314. &OldPasswordString
  315. );
  317. if (! NT_SUCCESS(ntstatus)) {
  318. KdPrint(("NWWORKSTATION NwCreatePassword: LsaSetSecret returned %08lx\n",
  319. ntstatus));
  321. status = RtlNtStatusToDosError(ntstatus);
  323. //
  324. // Delete the secret object
  325. //
  326. ntstatus = LsaDelete(SecretHandle);
  328. if (! NT_SUCCESS(ntstatus)) {
  329. KdPrint(("NWWORKSTATION: NwCreatePassword: LsaDelete to restore back to original returned %08lx\n",
  330. ntstatus));
  331. (void) LsaClose(SecretHandle);
  332. }
  334. //
  335. // Secret handle is closed by LsaDelete if successfully deleted.
  336. //
  337. return status;
  338. }
  340. (void) LsaClose(SecretHandle);
  342. return NO_ERROR;
  343. }
  347. DWORD
  348. NwDeletePassword(
  349. IN LPWSTR Qualifier
  350. )
  351. /*++
  353. Routine Description:
  355. This function deletes the LSA secret object whose name is derived
  356. from the specified Qualifier.
  358. Arguments:
  360. Qualifier - Supplies the qualifier which forms part of part of the secret
  361. object name to be deleted.
  363. Return Value:
  365. NO_ERROR - Secret object for password is deleted.
  367. Error from LSA.
  369. --*/
  370. {
  371. DWORD status;
  372. NTSTATUS ntstatus;
  374. LSA_HANDLE PolicyHandle;
  376. LSA_HANDLE SecretHandle;
  377. LPWSTR LsaSecretName;
  380. //
  381. // Open a handle to the local security policy.
  382. //
  383. if ((status = NwOpenPolicy(
  384. POLICY_VIEW_LOCAL_INFORMATION,
  385. &PolicyHandle
  386. )) != NO_ERROR) {
  387. KdPrint(("NWWORKSTATION: NwDeletePassword: NwOpenPolicy failed\n"));
  388. return status;
  389. }
  391. //
  392. // Get the secret object name from the specified user name.
  393. //
  394. if ((status = NwFormSecretName(
  395. Qualifier,
  396. &LsaSecretName
  397. )) != NO_ERROR) {
  398. (void) LsaClose(PolicyHandle);
  399. return status;
  400. }
  402. status = NwOpenSecret(
  403. DELETE,
  404. PolicyHandle,
  405. LsaSecretName,
  406. &SecretHandle
  407. );
  409. //
  410. // Don't need the name or policy handle anymore.
  411. //
  412. (void) LocalFree((HLOCAL) LsaSecretName);
  413. (void) LsaClose(PolicyHandle);
  415. if (status != NO_ERROR) {
  416. KdPrint(("NWWORKSTATION: NwDeletePassword: NwOpenSecret failed\n"));
  417. return status;
  418. }
  420. ntstatus = LsaDelete(SecretHandle);
  422. if (! NT_SUCCESS(ntstatus)) {
  423. KdPrint(("NWWORKSTATION: NwDeletePassword: LsaDelete returned %08lx\n",
  424. ntstatus));
  425. (void) LsaClose(SecretHandle);
  426. return RtlNtStatusToDosError(ntstatus);
  427. }
  429. return NO_ERROR;
  430. }
  434. DWORD
  435. NwGetPassword(
  436. IN LPWSTR Qualifier,
  437. OUT PUNICODE_STRING *Password,
  438. OUT PUNICODE_STRING *OldPassword
  439. )
  440. /*++
  442. Routine Description:
  444. This function retrieves the current password and old password
  445. values from the service secret object given the user name.
  447. Arguments:
  449. Qualifier - Supplies the qualifier which forms part of the key to the
  450. secret object name.
  452. Password - Receives a pointer to the string structure that contains
  453. the password.
  455. OldPassword - Receives a pointer to the string structure that
  456. contains the old password.
  458. Return Value:
  460. NO_ERROR - Secret object for password is changed to new value.
  462. Error from LSA.
  464. --*/
  465. {
  466. DWORD status;
  467. NTSTATUS ntstatus;
  469. LSA_HANDLE PolicyHandle;
  470. LSA_HANDLE SecretHandle;
  472. LPWSTR LsaSecretName;
  475. //
  476. // Open a handle to the local security policy to read the
  477. // value of the secret.
  478. //
  479. if ((status = NwOpenPolicy(
  480. POLICY_VIEW_LOCAL_INFORMATION,
  481. &PolicyHandle
  482. )) != NO_ERROR) {
  483. return status;
  484. }
  486. //
  487. // Get the secret object name from the specified user name.
  488. //
  489. if ((status = NwFormSecretName(
  490. Qualifier,
  491. &LsaSecretName
  492. )) != NO_ERROR) {
  493. (void) LsaClose(PolicyHandle);
  494. return status;
  495. }
  497. status = NwOpenSecret(
  498. SECRET_QUERY_VALUE,
  499. PolicyHandle,
  500. LsaSecretName,
  501. &SecretHandle
  502. );
  504. //
  505. // Don't need the name or policy handle anymore.
  506. //
  507. (void) LocalFree((HLOCAL) LsaSecretName);
  508. (void) LsaClose(PolicyHandle);
  510. if (status != NO_ERROR) {
  511. KdPrint(("NWWORKSTATION: ScGetSecret: ScOpenSecret failed\n"));
  512. return status;
  513. }
  515. //
  516. // Query the old value of the secret object so that we can
  517. // we can restore it if we fail to change the password later.
  518. //
  519. ntstatus = LsaQuerySecret(
  520. SecretHandle,
  521. Password,
  522. NULL, // don't need set time
  523. OldPassword,
  524. NULL // don't need set time
  525. );
  527. (void) LsaClose(SecretHandle);
  529. if (! NT_SUCCESS(ntstatus)) {
  530. KdPrint(("NWWORKSTATION: NwGetPassword: LsaQuerySecret for previous values returned %08lx\n",
  531. ntstatus));
  533. return RtlNtStatusToDosError(ntstatus);
  534. }
  536. return NO_ERROR;
  537. }