archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8 Commits
1 Branch
0 Tags
2.0 GiB
Tree: 744f0b4006
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '744f0b4006'
${ noResults }
windows-xp/Source/XPSP1/NT/enduser/troubleshoot/tshoot/registrypasswords.cpp

368 lines
10 KiB
Raw Normal View History

Add source files
4 years ago
  1. //
  2. // MODULE: RegistryPasswords.cpp
  3. //
  4. // PURPOSE: Handles the storing and retrieval of encrypted passwords in the registry.
  5. //
  6. // COMPANY: Saltmine Creative, Inc. (206)-284-7511 [email protected]
  7. //
  8. // AUTHOR: Randy Biley
  9. //
  10. // ORIGINAL DATE: 10-23-98
  11. //
  12. // NOTES: See RegistryPasswords.h
  13. //
  14. //
  15. // Version Date By Comments
  16. //--------------------------------------------------------------------
  17. // V3.0 10-23-98 RAB
  18. //
  19. #include "stdafx.h"
  20. #include "RegistryPasswords.h"
  21. #include "BaseException.h"
  22. #include "Event.h"
  23. #include "regutil.h"
  26. #ifndef CRYPT_MACHINE_KEYSET
  27. // This flag was exposed in Windows NT 4.0 Service Pack 2.
  28. #define CRYPT_MACHINE_KEYSET 0x00000020
  29. // By default, keys are stored in the HKEY_CURRENT_USER portion of the registry.
  30. // The CRYPT_MACHINE_KEYSET flag can be combined with all of the other flags,
  31. // indicating that the location for the key of interest is HKEY_LOCAL_MACHINE.
  32. // When combined with the CRYPT_NEW_KEYSET flag, the CRYPT_MACHINE_KEYSET flag
  33. // is useful when access is being performed from a service or user account that
  34. // did not log on interactively. This combination enables access to user specific
  35. // keys under HKEY_LOCAL_MACHINE.
  36. //
  37. // This setting is necessary in the the online troubleshooter in all
  38. // CryptAcquireContext() calls.
  39. #endif
  42. CRegistryPasswords::CRegistryPasswords(
  43. LPCTSTR szRegSoftwareLoc /* =REG_SOFTWARE_LOC */, // Registry Software Key location.
  44. LPCTSTR szRegThisProgram /* =REG_THIS_PROGRAM */, // Registry Program Name.
  45. LPCTSTR szKeyContainer /* =REG_THIS_PROGRAM */, // Key Container Name.
  46. LPCTSTR szHashString /* =HASH_SEED */ // Value used to seed the hash.
  47. )
  48. : m_hProv( NULL ), m_hHash( NULL ), m_hKey( NULL ), m_bAllValid( false )
  49. {
  50. try
  51. {
  52. m_strRegSoftwareLoc= szRegSoftwareLoc;
  53. m_strRegThisProgram= szRegThisProgram;
  55. // Attempt to acquire a handle to a particular key container.
  56. if (::CryptAcquireContext( &m_hProv, szKeyContainer,
  57. MS_DEF_PROV, // "Microsoft Base Cryptographic Provider v1.0"
  58. PROV_RSA_FULL, // This provider type supports both digital signatures
  59. // and data encryption, and is considered general purpose.
  60. // The RSA public-key algorithm is used for all public-key operations.
  61. CRYPT_MACHINE_KEYSET ) == FALSE)
  62. {
  63. // Attempt to create a particular key container and acquire handle
  64. if (::CryptAcquireContext( &m_hProv, szKeyContainer,
  65. MS_DEF_PROV,
  66. PROV_RSA_FULL,
  67. CRYPT_NEWKEYSET | CRYPT_MACHINE_KEYSET ) == FALSE)
  68. {
  69. throw CGenSysException( __FILE__, __LINE__, _T("AcquireContext"), ::GetLastError() );
  70. }
  71. }
  73. // Attempt to acquire a handle to a CSP hash object.
  74. /***
  75. Available hashing algorithms.
  76. CALG_HMACHMAC, a keyed hash algorithm
  77. CALG_MAC Message Authentication Code
  78. CALG_MD2 MD2
  79. CALG_MD5 MD5
  80. CALG_SHA US DSA Secure Hash Algorithm
  81. CALG_SHA1 Same as CALG_SHA
  82. CALG_SSL3_SHAMD5 SSL3 client authentication
  83. ***/
  84. if (::CryptCreateHash( m_hProv, CALG_SHA, 0, NULL, &m_hHash ) == FALSE)
  85. throw CGenSysException( __FILE__, __LINE__, _T("CreateHash"), ::GetLastError() );
  87. // Hash a string.
  88. if (::CryptHashData( m_hHash, (BYTE *) szHashString, _tcslen( szHashString ),
  89. NULL ) == FALSE)
  90. {
  91. throw CGenSysException( __FILE__, __LINE__, _T("HashData"), ::GetLastError() );
  92. }
  94. // Generate a cryptographic key derived from base data.
  95. if (::CryptDeriveKey( m_hProv,
  96. CALG_RC4, // RC4 stream encryption algorithm
  97. m_hHash, NULL, &m_hKey ) == FALSE)
  98. {
  99. throw CGenSysException( __FILE__, __LINE__, _T("DeriveKey"), ::GetLastError() );
  100. }
  102. // Toggle on flag to indicate that all Crypto handles have been initialized.
  103. m_bAllValid= true;
  104. }
  105. catch (CGenSysException& x)
  106. {
  107. // Log the error.
  108. LPVOID lpErrorMsgBuf;
  109. CString strErrorMsg;
  110. ::FormatMessage( FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM,
  111. NULL, x.GetErrorCode(),
  112. MAKELANGID( LANG_NEUTRAL, SUBLANG_DEFAULT ),
  113. (LPTSTR) &lpErrorMsgBuf, 0, NULL );
  114. strErrorMsg.Format(_T("Encryption failure: %s"), (char *) lpErrorMsgBuf);
  116. CBuildSrcFileLinenoStr SrcLoc( __FILE__, __LINE__ );
  117. CEvent::ReportWFEvent( x.GetSrcFileLineStr(),
  118. SrcLoc.GetSrcFileLineStr(),
  119. strErrorMsg, x.GetSystemErrStr(),
  120. EV_GTS_ERROR_ENCRYPTION );
  121. ::LocalFree(lpErrorMsgBuf);
  123. // Perform any cleanup.
  124. Destroy();
  125. }
  126. catch (...)
  127. {
  128. // Catch any other exceptions and do nothing.
  129. }
  130. }
  133. CRegistryPasswords::~CRegistryPasswords()
  134. {
  135. // Utilize function destroy to avoid potentially throwing an exception
  136. // within the destructor.
  137. Destroy();
  138. }
  141. bool CRegistryPasswords::WriteKey( const CString& RegKey, const CString& RegValue )
  142. {
  143. bool bRetVal= false;
  145. // Verify that the constructor worked properly.
  146. if (!m_bAllValid)
  147. return( bRetVal );
  149. // Verify that a key and a value were passed in.
  150. if ((!RegValue.IsEmpty()) && (!RegKey.IsEmpty()))
  151. {
  152. TCHAR *pBuffer;
  153. DWORD dwSize;
  155. if (EncryptKey( RegValue, &pBuffer, (LONG *)&dwSize ))
  156. {
  157. // Write the encrypted string to the registry.
  158. CRegUtil reg;
  159. bool was_created = false;
  161. if (reg.Create( HKEY_LOCAL_MACHINE, m_strRegSoftwareLoc, &was_created, KEY_QUERY_VALUE | KEY_WRITE))
  162. {
  163. if (reg.Create( m_strRegThisProgram, &was_created, KEY_READ | KEY_WRITE ))
  164. {
  165. if (reg.SetBinaryValue( RegKey, pBuffer, dwSize ))
  166. bRetVal= true;
  167. }
  168. }
  169. delete [] pBuffer;
  170. }
  171. }
  173. return( bRetVal );
  174. }
  176. // Note that if this returns true, *ppBuf will point to a new buffer on the heap.
  177. // The caller of this function is responsible for deleting that.
  178. bool CRegistryPasswords::EncryptKey( const CString& RegValue, char** ppBuf, long* plBufLen )
  179. {
  180. bool bRetVal= false;
  182. // Verify that the constructor worked properly.
  183. if (!m_bAllValid)
  184. return( bRetVal );
  186. if (!RegValue.IsEmpty())
  187. {
  188. BYTE* pData= NULL;
  189. DWORD dwSize= 0;
  191. // Set variable to length of data in buffer.
  192. dwSize= RegValue.GetLength();
  194. // Have API return us the required buffer size for encryption.
  195. if (::CryptEncrypt( m_hKey, 0, TRUE, NULL, NULL, &dwSize, dwSize ) == FALSE)
  196. {
  197. DWORD dwErr= ::GetLastError();
  198. CString strCryptErr;
  200. strCryptErr.Format( _T("%lu"), dwErr );
  201. CBuildSrcFileLinenoStr SrcLoc( __FILE__, __LINE__ );
  202. CEvent::ReportWFEvent( SrcLoc.GetSrcFileLineStr(),
  203. SrcLoc.GetSrcFileLineStr(),
  204. RegValue, strCryptErr,
  205. EV_GTS_ERROR_ENCRYPTION );
  206. return( bRetVal );
  207. }
  209. // We now have a size for the output buffer, so create buffer.
  210. try
  211. {
  212. pData= new BYTE[ dwSize + 1 ];
  213. //[BC-03022001] - added check for NULL ptr to satisfy MS code analysis tool.
  214. if(!pData)
  215. throw bad_alloc();
  216. }
  217. catch (bad_alloc&)
  218. {
  219. CBuildSrcFileLinenoStr SrcLoc( __FILE__, __LINE__ );
  220. CEvent::ReportWFEvent( SrcLoc.GetSrcFileLineStr(),
  221. SrcLoc.GetSrcFileLineStr(),
  222. _T("Failure to allocate"),
  223. _T("space to encrypt key"),
  224. EV_GTS_ERROR_ENCRYPTION );
  225. return( bRetVal );
  226. }
  227. memcpy( pData, RegValue, dwSize );
  228. pData[ dwSize ]= NULL;
  230. // Encrypt the passed in string.
  231. if (::CryptEncrypt( m_hKey, 0, TRUE, NULL, (BYTE *)pData, &dwSize, dwSize + 1 ) == FALSE)
  232. {
  233. // Log failure to encrypt.
  234. DWORD dwErr= ::GetLastError();
  235. CString strCryptErr;
  237. strCryptErr.Format( _T("%lu"), dwErr );
  238. CBuildSrcFileLinenoStr SrcLoc( __FILE__, __LINE__ );
  239. CEvent::ReportWFEvent( SrcLoc.GetSrcFileLineStr(),
  240. SrcLoc.GetSrcFileLineStr(),
  241. RegValue, strCryptErr,
  242. EV_GTS_ERROR_ENCRYPTION );
  243. delete [] pData;
  244. }
  245. else
  246. {
  247. pData[ dwSize ]= 0;
  248. *ppBuf= (char*)pData;
  249. *plBufLen = dwSize;
  250. bRetVal= true;
  251. }
  252. }
  254. return( bRetVal );
  255. }
  257. bool CRegistryPasswords::KeyValidate( const CString& RegKey, const CString& RegValue )
  258. {
  259. bool bRetVal= false;
  261. // Verify that the constructor worked properly.
  262. if (!m_bAllValid)
  263. return( bRetVal );
  265. // Verify that a key and a value were passed in.
  266. if ((!RegValue.IsEmpty()) && (!RegKey.IsEmpty()))
  267. {
  268. CRegUtil reg;
  270. // Open up the desired key.
  271. if (reg.Open( HKEY_LOCAL_MACHINE, m_strRegSoftwareLoc, KEY_QUERY_VALUE ))
  272. {
  273. if (reg.Open( m_strRegThisProgram, KEY_QUERY_VALUE ))
  274. {
  275. TCHAR *pRegEncrypted;
  276. DWORD dwRegSize;
  277. TCHAR *pChkEncrypted;
  278. DWORD dwChkSize;
  280. // Attempt to read the current setting from the registry.
  281. if (reg.GetBinaryValue( RegKey, &pRegEncrypted, (LONG *)&dwRegSize ))
  282. {
  283. // Verify that the registry key had a previous value.
  284. if (dwRegSize < 1)
  285. {
  286. delete [] pRegEncrypted;
  287. return( bRetVal );
  288. }
  291. // Encrypt the passed in value.
  292. if (EncryptKey( RegValue, &pChkEncrypted, (LONG *)&dwChkSize ))
  293. {
  294. // Compare the two unencrypted strings.
  295. if (dwRegSize == dwChkSize)
  296. {
  297. if (!memcmp( pRegEncrypted, pChkEncrypted, dwRegSize ))
  298. bRetVal= true;
  299. }
  300. delete [] pChkEncrypted;
  301. }
  303. delete [] pRegEncrypted;
  304. }
  305. }
  306. }
  307. }
  309. return( bRetVal );
  310. }
  313. // This function is used to clean up from any potential exceptions thrown within the
  314. // ctor as well as standing in for the dtor.
  315. void CRegistryPasswords::Destroy()
  316. {
  317. try
  318. {
  319. // Toggle off flag that indicates valid Crypto handles.
  320. m_bAllValid= false;
  322. if (m_hKey)
  323. {
  324. if (::CryptDestroyKey( m_hKey ) == FALSE)
  325. throw CGenSysException( __FILE__, __LINE__,
  326. _T("Failure to destroy key"),
  327. EV_GTS_PASSWORD_EXCEPTION );
  328. m_hKey= NULL;
  329. }
  331. if (m_hHash)
  332. {
  333. if (::CryptDestroyHash( m_hHash ) == FALSE)
  334. throw CGenSysException( __FILE__, __LINE__,
  335. _T("Failure to destroy hash"),
  336. EV_GTS_PASSWORD_EXCEPTION );
  337. m_hHash= NULL;
  338. }
  340. if (m_hProv)
  341. {
  342. if (::CryptReleaseContext( m_hProv, 0 ) == FALSE)
  343. throw CGenSysException( __FILE__, __LINE__,
  344. _T("Failure to release context"),
  345. EV_GTS_PASSWORD_EXCEPTION );
  346. m_hProv= NULL;
  347. }
  348. }
  349. catch (CGenSysException& x)
  350. {
  351. CBuildSrcFileLinenoStr SrcLoc( __FILE__, __LINE__ );
  352. CEvent::ReportWFEvent( x.GetSrcFileLineStr(),
  353. SrcLoc.GetSrcFileLineStr(),
  354. x.GetErrorMsg(), x.GetSystemErrStr(),
  355. x.GetErrorCode() );
  356. }
  357. catch (...)
  358. {
  359. // Catch any other exceptions and do nothing.
  360. }
  362. return;
  363. }
  366. //
  367. // EOF.
  368. //