archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
8 Commits
1 Branch
0 Tags
2.0 GiB
Tree: 744f0b4006
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '744f0b4006'
${ noResults }
windows-xp/Source/XPSP1/NT/net/rras/ras/rassfm/cleartxt.c

663 lines
14 KiB
Raw Normal View History

Add source files
4 years ago
  1. ///////////////////////////////////////////////////////////////////////////////
  2. //
  3. // Copyright (c) 1998, Microsoft Corp. All rights reserved.
  4. //
  5. // FILE
  6. //
  7. // cleartxt.c
  8. //
  9. // SYNOPSIS
  10. //
  11. // Defines functions for storing and retrieving cleartext passwords.
  12. //
  13. // MODIFICATION HISTORY
  14. //
  15. // 08/31/1998 Original version.
  16. //
  17. ///////////////////////////////////////////////////////////////////////////////
  19. #include <nt.h>
  20. #include <ntrtl.h>
  21. #include <nturtl.h>
  22. #include <ntlsa.h>
  23. #include <windows.h>
  24. #include <wincrypt.h>
  26. #include <rassfmhp.h>
  27. #include <usrprop.h>
  28. #include <cleartxt.h>
  30. // Name of the private key stored as LSA private data.
  31. UNICODE_STRING PRIVATE_KEY_NAME = { 34, 36, L"G$MSRADIUSPRIVKEY" };
  33. // Length of the private key.
  34. #define PRIVATE_KEY_LENGTH 256
  36. // Length of the user-specific key.
  37. #define USER_KEY_LENGTH 16
  39. // Properties stored in UserParameters.
  40. #define PROPERTY_USER_KEY L"G$RADIUSCHAPKEY"
  41. #define PROPERTY_PASSWORD L"G$RADIUSCHAP"
  43. // Fixed key used for decrypting the private key.
  44. BYTE FIXED_KEY[] =
  45. {
  46. 0x05, 0x56, 0xF6, 0x07, 0xC6, 0x56, 0x02, 0x94, 0x02,
  47. 0xC6, 0xF6, 0x67, 0x56, 0x02, 0xC6, 0x96, 0xB6, 0x56,
  48. 0x02, 0x34, 0x86, 0x16, 0xE6, 0x46, 0x27, 0x16, 0xC2,
  49. 0x02, 0x14, 0x46, 0x96, 0x47, 0x96, 0xC2, 0x02, 0x74,
  50. 0x27, 0x56, 0x47, 0x16, 0x02, 0x16, 0x27, 0x56, 0x02,
  51. 0x47, 0x86, 0x56, 0x02, 0x07, 0x56, 0xF6, 0x07, 0xC6,
  52. 0x56, 0x02, 0x94, 0x02, 0x47, 0x27, 0x57, 0x37, 0x47
  53. };
  55. // Shared handle to the cryptographic provider.
  56. HCRYPTPROV theContext;
  58. // Private key used for encrypting/decrypting cleartext passwords.
  59. PLSA_UNICODE_STRING thePrivateKey;
  61. // TRUE if this API has been successfully initialized.
  62. static BOOL theInitFlag;
  64. // Non-zero if the API is locked.
  65. static LONG theLock;
  67. //////////
  68. // Macros to lock/unlock the API during intialization.
  69. //////////
  70. #define API_LOCK() \
  71. while (InterlockedExchange(&theLock, 1)) Sleep(5)
  73. #define API_UNLOCK() \
  74. InterlockedExchange(&theLock, 0)
  76. //////////
  77. // Macro that ensures the API has been initialized and bails on failure.
  78. //////////
  79. #define CHECK_INIT() \
  80. if (!theInitFlag) { \
  81. status = IASParmsInitialize(); \
  82. if (status != NO_ERROR) { return status; } \
  83. }
  85. //////////
  86. // Creates the private key. Should only be called if the key doesn't exist.
  87. //////////
  88. DWORD
  89. WINAPI
  90. IASCreatePrivateKey(
  91. IN LSA_HANDLE hPolicy
  92. )
  93. {
  94. DWORD status;
  95. BYTE newKey[PRIVATE_KEY_LENGTH];
  96. LSA_UNICODE_STRING privateData;
  98. //////////
  99. // Generate a random key.
  100. //////////
  102. if (!CryptGenRandom(
  103. theContext,
  104. sizeof(newKey),
  105. newKey
  106. ))
  107. { return GetLastError(); }
  109. //////////
  110. // Store it as LSA private data.
  111. //////////
  113. privateData.Length = sizeof(newKey);
  114. privateData.MaximumLength = sizeof(newKey);
  115. privateData.Buffer = (PWSTR)newKey;
  117. status = LsaStorePrivateData(
  118. hPolicy,
  119. &PRIVATE_KEY_NAME,
  120. &privateData
  121. );
  122. if (NT_SUCCESS(status))
  123. {
  124. status = LsaRetrievePrivateData(
  125. hPolicy,
  126. &PRIVATE_KEY_NAME,
  127. &thePrivateKey
  128. );
  129. }
  131. return NT_SUCCESS(status) ? NO_ERROR : RtlNtStatusToDosError(status);
  132. }
  134. //////////
  135. // Derives a cryptographic key from an octet string.
  136. //////////
  137. BOOL
  138. WINAPI
  139. IASDeriveUserCryptKey(
  140. IN PBYTE pbUserKey,
  141. OUT HCRYPTKEY *phKey
  142. )
  143. {
  144. BOOL success;
  145. HCRYPTHASH hHash;
  147. success = CryptCreateHash(
  148. theContext,
  149. CALG_MD5,
  150. 0,
  151. 0,
  152. &hHash
  153. );
  154. if (!success) { goto exit; }
  156. success = CryptHashData(
  157. hHash,
  158. (PBYTE)thePrivateKey->Buffer,
  159. thePrivateKey->Length,
  160. 0
  161. );
  162. if (!success) { goto destroy_hash; }
  164. success = CryptHashData(
  165. hHash,
  166. pbUserKey,
  167. USER_KEY_LENGTH,
  168. 0
  169. );
  170. if (!success) { goto destroy_hash; }
  172. success = CryptDeriveKey(
  173. theContext,
  174. CALG_RC4,
  175. hHash,
  176. CRYPT_EXPORTABLE,
  177. phKey
  178. );
  180. destroy_hash:
  181. CryptDestroyHash(hHash);
  183. exit:
  184. return success;
  185. }
  187. DWORD
  188. WINAPI
  189. IASParmsInitialize( VOID )
  190. {
  191. DWORD status, nbyte;
  192. OBJECT_ATTRIBUTES objAttribs;
  193. LSA_HANDLE hPolicy;
  194. HCRYPTHASH hHash;
  195. HCRYPTKEY hKey;
  197. API_LOCK();
  199. // If we've already been initialized, there's nothing to do.
  200. if (theInitFlag)
  201. {
  202. status = NO_ERROR;
  203. goto exit;
  204. }
  206. /////////
  207. // Acquire a cryptographic context.
  208. /////////
  210. if (!CryptAcquireContext(
  211. &theContext,
  212. NULL,
  213. NULL,
  214. PROV_RSA_FULL,
  215. CRYPT_VERIFYCONTEXT
  216. ))
  217. {
  218. status = GetLastError();
  219. goto exit;
  220. }
  222. /////////
  223. // Open a handle to the LSA.
  224. /////////
  226. InitializeObjectAttributes(
  227. &objAttribs,
  228. NULL,
  229. 0,
  230. NULL,
  231. NULL
  232. );
  234. status = LsaOpenPolicy(
  235. NULL,
  236. &objAttribs,
  237. POLICY_ALL_ACCESS,
  238. &hPolicy
  239. );
  240. if (!NT_SUCCESS(status))
  241. {
  242. status = RtlNtStatusToDosError(status);
  243. goto exit;
  244. }
  246. /////////
  247. // Retrieve the private key.
  248. /////////
  250. status = LsaRetrievePrivateData(
  251. hPolicy,
  252. &PRIVATE_KEY_NAME,
  253. &thePrivateKey
  254. );
  255. if (status == STATUS_OBJECT_NAME_NOT_FOUND ||
  256. (NT_SUCCESS(status) && thePrivateKey->Length == 0))
  257. {
  258. // If it doesn't exist, create a new one.
  259. status = IASCreatePrivateKey(
  260. hPolicy
  261. );
  262. }
  263. else if (!NT_SUCCESS(status))
  264. {
  265. status = RtlNtStatusToDosError(status);
  266. }
  268. if (status != NO_ERROR) { goto close_policy; }
  270. /////////
  271. // Derive a crypto key from the fixed key.
  272. /////////
  274. if (!CryptCreateHash(
  275. theContext,
  276. CALG_MD5,
  277. 0,
  278. 0,
  279. &hHash
  280. ))
  281. {
  282. status = GetLastError();
  283. goto close_policy;
  284. }
  286. if (!CryptHashData(
  287. hHash,
  288. FIXED_KEY,
  289. sizeof(FIXED_KEY),
  290. 0
  291. ))
  292. {
  293. status = GetLastError();
  294. goto destroy_hash;
  295. }
  297. if (!CryptDeriveKey(
  298. theContext,
  299. CALG_RC4,
  300. hHash,
  301. CRYPT_EXPORTABLE,
  302. &hKey
  303. ))
  304. {
  305. status = GetLastError();
  306. goto destroy_hash;
  307. }
  309. /////////
  310. // Decrypt the private key.
  311. /////////
  313. nbyte = thePrivateKey->Length;
  315. if (!CryptDecrypt(
  316. hKey,
  317. 0,
  318. TRUE,
  319. 0,
  320. (PBYTE)thePrivateKey->Buffer,
  321. &nbyte
  322. ))
  323. {
  324. status = GetLastError();
  325. goto destroy_key;
  326. }
  328. thePrivateKey->Length = (USHORT)nbyte;
  330. destroy_key:
  331. CryptDestroyKey(hKey);
  333. destroy_hash:
  334. CryptDestroyHash(hHash);
  336. close_policy:
  337. LsaClose(hPolicy);
  339. exit:
  340. if (status == NO_ERROR)
  341. {
  342. // We succeeded, so set theInitFlag.
  343. theInitFlag = TRUE;
  344. }
  345. else
  346. {
  347. // We failed, so clean up.
  348. if (thePrivateKey)
  349. {
  350. LsaFreeMemory(thePrivateKey);
  351. thePrivateKey = NULL;
  352. }
  354. if (theContext)
  355. {
  356. CryptReleaseContext(theContext, 0);
  357. theContext = 0;
  358. }
  359. }
  361. API_UNLOCK();
  362. return status;
  363. }
  365. DWORD
  366. WINAPI
  367. IASParmsClearUserPassword(
  368. IN PCWSTR szUserParms,
  369. OUT PWSTR *pszNewUserParms
  370. )
  371. {
  372. DWORD status;
  373. UNICODE_STRING property;
  374. PWSTR tempUserParms;
  375. BOOL updateKey, updatePwd;
  377. // Check the in parameters.
  378. if (pszNewUserParms == NULL) { return ERROR_INVALID_PARAMETER; }
  380. /////////
  381. // Write a null string to the relevant properties.
  382. /////////
  384. memset(&property, 0, sizeof(property));
  386. status = NetpParmsSetUserProperty(
  387. (PWSTR)szUserParms,
  388. PROPERTY_PASSWORD,
  389. property,
  390. 0,
  391. &tempUserParms,
  392. &updatePwd
  393. );
  394. if (!NT_SUCCESS(status)) { return RtlNtStatusToDosError(status); }
  396. status = NetpParmsSetUserProperty(
  397. tempUserParms,
  398. PROPERTY_USER_KEY,
  399. property,
  400. 0,
  401. pszNewUserParms,
  402. &updateKey
  403. );
  405. NetpParmsUserPropertyFree(tempUserParms);
  407. if (NT_SUCCESS(status))
  408. {
  409. if (!updatePwd && !updateKey)
  410. {
  411. // Nothing changed so don't return the NewUserParms.
  412. NetpParmsUserPropertyFree(*pszNewUserParms);
  413. *pszNewUserParms = NULL;
  414. }
  416. return NO_ERROR;
  417. }
  419. return RtlNtStatusToDosError(status);
  420. }
  422. DWORD
  423. WINAPI
  424. IASParmsGetUserPassword(
  425. IN PCWSTR szUserParms,
  426. OUT PWSTR *pszPassword
  427. )
  428. {
  429. DWORD status, nbyte;
  430. UNICODE_STRING userKey, encryptedPwd;
  431. WCHAR propFlag;
  432. HCRYPTKEY hKey;
  434. // Check the in parameters.
  435. if (pszPassword == NULL) { return ERROR_INVALID_PARAMETER; }
  437. // Make sure we're initialized.
  438. CHECK_INIT();
  440. // Read the user key.
  441. status = NetpParmsQueryUserProperty(
  442. (PWSTR)szUserParms,
  443. PROPERTY_USER_KEY,
  444. &propFlag,
  445. &userKey
  446. );
  447. if (!NT_SUCCESS(status))
  448. {
  449. status = RtlNtStatusToDosError(status);
  450. goto exit;
  451. }
  453. // Read the encrypted password.
  454. status = NetpParmsQueryUserProperty(
  455. (PWSTR)szUserParms,
  456. PROPERTY_PASSWORD,
  457. &propFlag,
  458. &encryptedPwd
  459. );
  460. if (!NT_SUCCESS(status))
  461. {
  462. status = RtlNtStatusToDosError(status);
  463. goto free_key;
  464. }
  466. // If they're both NULL, it's not an error. It just means the cleartext
  467. // password was never set.
  468. if (userKey.Buffer == NULL && encryptedPwd.Buffer == NULL)
  469. {
  470. *pszPassword = NULL;
  471. goto exit;
  472. }
  474. // Make sure the user key is the correct length.
  475. if (userKey.Length != USER_KEY_LENGTH)
  476. {
  477. status = ERROR_INVALID_DATA;
  478. goto free_password;
  479. }
  481. // Convert the user key to a cryptographic key.
  482. if (!IASDeriveUserCryptKey(
  483. (PBYTE)userKey.Buffer,
  484. &hKey
  485. ))
  486. {
  487. status = GetLastError();
  488. goto free_password;
  489. }
  491. // Decrypt the password.
  492. nbyte = encryptedPwd.Length;
  493. if (!CryptDecrypt(
  494. hKey,
  495. 0,
  496. TRUE,
  497. 0,
  498. (PBYTE)encryptedPwd.Buffer,
  499. &nbyte
  500. ))
  501. {
  502. status = GetLastError();
  503. goto destroy_key;
  504. }
  506. // We encrypted the terminating null, so it should still be there.
  507. if (encryptedPwd.Buffer[nbyte / sizeof(WCHAR) - 1] != L'\0')
  508. {
  509. status = ERROR_INVALID_DATA;
  510. goto destroy_key;
  511. }
  513. // Return the cleartext password to the caller.
  514. *pszPassword = encryptedPwd.Buffer;
  515. encryptedPwd.Buffer = NULL;
  517. destroy_key:
  518. CryptDestroyKey(hKey);
  520. free_password:
  521. LocalFree(encryptedPwd.Buffer);
  523. free_key:
  524. LocalFree(userKey.Buffer);
  526. exit:
  527. return status;
  528. }
  530. DWORD
  531. WINAPI
  532. IASParmsSetUserPassword(
  533. IN PCWSTR szUserParms,
  534. IN PCWSTR szPassword,
  535. OUT PWSTR *pszNewUserParms
  536. )
  537. {
  538. DWORD status;
  539. BYTE userKey[USER_KEY_LENGTH];
  540. HCRYPTKEY hKey;
  541. DWORD nbyte;
  542. PBYTE encryptedPwd;
  543. UNICODE_STRING property;
  544. PWSTR tempUserParms;
  545. BOOL update;
  547. // Check the in parameters.
  548. if (szPassword == NULL) { return ERROR_INVALID_PARAMETER; }
  550. // Make sure we're initialized.
  551. CHECK_INIT();
  553. // Generate a user key.
  554. if (!CryptGenRandom(
  555. theContext,
  556. USER_KEY_LENGTH,
  557. userKey
  558. ))
  559. {
  560. status = GetLastError();
  561. goto exit;
  562. }
  564. // Convert the user key to a cryptographic key.
  565. if (!IASDeriveUserCryptKey(
  566. userKey,
  567. &hKey
  568. ))
  569. {
  570. status = GetLastError();
  571. goto exit;
  572. }
  574. // Allocate a buffer for the encrypted password.
  575. nbyte = sizeof(WCHAR) * (lstrlenW(szPassword) + 1);
  576. encryptedPwd = RtlAllocateHeap(
  577. RasSfmHeap(),
  578. 0,
  579. nbyte
  580. );
  581. if (encryptedPwd == NULL)
  582. {
  583. status = ERROR_NOT_ENOUGH_MEMORY;
  584. goto destroy_key;
  585. }
  587. memcpy(encryptedPwd, szPassword, nbyte);
  589. // Encrypt the password.
  590. if (!CryptEncrypt(
  591. hKey,
  592. 0,
  593. TRUE,
  594. 0,
  595. encryptedPwd,
  596. &nbyte,
  597. nbyte
  598. ))
  599. {
  600. status = GetLastError();
  601. goto free_encrypted_password;
  602. }
  604. /////////
  605. // Store the encrypted password.
  606. /////////
  608. property.Buffer = (PWCHAR)encryptedPwd;
  609. property.Length = (USHORT)nbyte;
  610. property.MaximumLength = (USHORT)nbyte;
  612. status = NetpParmsSetUserProperty(
  613. (PWSTR)szUserParms,
  614. PROPERTY_PASSWORD,
  615. property,
  616. 0,
  617. &tempUserParms,
  618. &update
  619. );
  620. if (!NT_SUCCESS(status))
  621. {
  622. status = RtlNtStatusToDosError(status);
  623. goto free_encrypted_password;
  624. }
  626. /////////
  627. // Store the user key.
  628. /////////
  630. property.Buffer = (PWSTR)userKey;
  631. property.Length = USER_KEY_LENGTH;
  632. property.MaximumLength = USER_KEY_LENGTH;
  634. status = NetpParmsSetUserProperty(
  635. tempUserParms,
  636. PROPERTY_USER_KEY,
  637. property,
  638. 0,
  639. pszNewUserParms,
  640. &update
  641. );
  642. if (!NT_SUCCESS(status)) { status = RtlNtStatusToDosError(status); }
  644. NetpParmsUserPropertyFree(tempUserParms);
  646. free_encrypted_password:
  647. RtlFreeHeap(RasSfmHeap(), 0, encryptedPwd);
  649. destroy_key:
  650. CryptDestroyKey(hKey);
  652. exit:
  653. return status;
  654. }
  656. VOID
  657. WINAPI
  658. IASParmsFreeUserParms(
  659. IN LPWSTR szNewUserParms
  660. )
  661. {
  662. NetpParmsUserPropertyFree(szNewUserParms);
  663. }