archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
0 Tags
2.0 GiB
Tree: daad8a087a
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'daad8a087a'
${ noResults }
windows-xp/Source/XPSP1/NT/ds/security/csps/pincache/pincache.c

398 lines
11 KiB
Raw Normal View History

Add source files
4 years ago
  1. /*
  2. * PinCache.c
  3. */
  5. #include <windows.h>
  6. #include "pincache.h"
  8. #if defined(DBG) || defined(DEBUG)
  9. #define DebugPrint(a) (OutputDebugString(a))
  11. #if TEST_DEBUG
  12. #include <stdio.h>
  14. #define CROW 8
  15. void PCPrintBytes(LPSTR pszHdr, BYTE *pb, DWORD cbSize)
  16. {
  17. ULONG cb, i;
  18. CHAR rgsz[1024];
  20. sprintf(rgsz, "\n %s, %d bytes ::\n", pszHdr, cbSize);
  21. DebugPrint(rgsz);
  23. while (cbSize > 0)
  24. {
  25. // Start every row with an extra space
  26. DebugPrint(" ");
  28. cb = min(CROW, cbSize);
  29. cbSize -= cb;
  30. for (i = 0; i < cb; i++)
  31. sprintf(rgsz + (3*i), " %02x", pb[i]);
  32. DebugPrint(rgsz);
  33. for (i = cb; i < CROW; i++)
  34. DebugPrint(" ");
  35. DebugPrint(" '");
  36. for (i = 0; i < cb; i++)
  37. {
  38. if (pb[i] >= 0x20 && pb[i] <= 0x7f)
  39. sprintf(rgsz+i, "%c", pb[i]);
  40. else
  41. sprintf(rgsz+i, ".");
  42. }
  43. sprintf(rgsz+i, "\n");
  44. DebugPrint(rgsz);
  45. pb += cb;
  46. }
  47. }
  49. BOOL MyGetTokenInformation(
  50. HANDLE TokenHandle,
  51. TOKEN_INFORMATION_CLASS TokenInformationClass,
  52. LPVOID TokenInformation,
  53. DWORD TokenInformationLength,
  54. PDWORD ReturnLength);
  56. #define GetTokenInformation(A, B, C, D, E) MyGetTokenInformation(A, B, C, D, E)
  57. #define TestDebugPrint(a) (OutputDebugString(a))
  58. #else
  59. #define TestDebugPrint(a)
  60. #endif // TEST_DEBUG
  62. #else
  63. #define DebugPrint(a)
  64. #define TestDebugPrint(a)
  65. #endif // DBG || DEBUG
  67. typedef struct _PINCACHEITEM
  68. {
  69. LUID luid;
  70. PBYTE pbPin;
  71. DWORD cbPin;
  72. } PINCACHEITEM, *PPINCACHEITEM;
  74. #define CacheAlloc(X) (HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, X))
  75. #define CacheFree(X) (HeapFree(GetProcessHeap(), 0, X))
  77. #define INIT_PIN_ATTACK_SLEEP 3000 // milliseconds
  78. #define MAX_PIN_ATTACK_SLEEP 24000 // milliseconds
  79. #define MAX_FREE_BAD_TRIES 3
  81. /**
  82. * Function: PinCacheFlush
  83. */
  84. void PinCacheFlush(
  85. IN OUT PINCACHE_HANDLE *phCache)
  86. {
  87. PPINCACHEITEM pCache = (PPINCACHEITEM) *phCache;
  89. if (NULL == pCache)
  90. return;
  92. TestDebugPrint(("PinCacheFlush: deleting cache\n"));
  94. ZeroMemory(pCache->pbPin, pCache->cbPin);
  95. ZeroMemory(pCache, sizeof(PINCACHEITEM));
  97. CacheFree(pCache->pbPin);
  98. CacheFree(pCache);
  100. *phCache = NULL;
  101. }
  103. /**
  104. * Function: PinCacheAdd
  105. */
  106. DWORD PinCacheAdd(
  107. IN PINCACHE_HANDLE *phCache,
  108. IN PPINCACHE_PINS pPins,
  109. IN PFN_VERIFYPIN_CALLBACK pfnVerifyPinCallback,
  110. IN PVOID pvCallbackCtx)
  111. {
  112. HANDLE hThreadToken = 0;
  113. TOKEN_STATISTICS stats;
  114. DWORD dwError = ERROR_SUCCESS;
  115. DWORD cb = 0;
  116. PPINCACHEITEM pCache = (PPINCACHEITEM) *phCache;
  117. DWORD cbPinToCache = 0;
  118. PBYTE pbPinToCache = NULL;
  119. BOOL fRefreshPin = FALSE;
  120. static DWORD dwSleep = INIT_PIN_ATTACK_SLEEP;
  121. static DWORD dwBadTries = 0;
  123. if (NULL != pCache &&
  124. (0 != memcmp(pCache->pbPin, pPins->pbCurrentPin, pCache->cbPin)
  125. || pPins->cbCurrentPin != pCache->cbPin))
  126. {
  128. // The caller hasn't supplied the correct Pin, according to the current
  129. // cache state. Perhaps the user accidently typed the wrong pin, in which
  130. // case the caller's logon LUID should be the same as the cached LUID.
  131. // If the LUID's don't match, this could still be an attack or a legitimate
  132. // attempt from a different logon with a mis-typed pin.
  134. if (! OpenThreadToken(GetCurrentThread(), TOKEN_QUERY, TRUE, &hThreadToken))
  135. {
  136. if (! OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hThreadToken))
  137. {
  138. dwError = GetLastError();
  139. goto Ret;
  140. }
  141. }
  143. if (! GetTokenInformation(
  144. hThreadToken, TokenStatistics, &stats, sizeof(stats), &cb))
  145. {
  146. dwError = GetLastError();
  147. goto Ret;
  148. }
  151. if (0 != memcmp(&stats.AuthenticationId, &pCache->luid, sizeof(LUID)) &&
  152. ++dwBadTries > MAX_FREE_BAD_TRIES)
  153. {
  154. // Current caller is a different luid from the cached one,
  155. // and it's happened a few times already, so this call is suspicious.
  156. // Start delaying.
  158. DebugPrint(("PinCacheAdd: error - calling SleepEx(). Currently cached pin doesn't match\n"));
  160. SleepEx(dwSleep, FALSE);
  162. if (dwSleep < MAX_PIN_ATTACK_SLEEP)
  163. dwSleep *= 2;
  164. }
  166. dwError = SCARD_W_WRONG_CHV;
  167. goto Ret;
  168. }
  169. else if (0 != dwBadTries)
  170. {
  171. dwSleep = INIT_PIN_ATTACK_SLEEP;
  172. dwBadTries = 0;
  173. }
  175. if (pPins->pbNewPin)
  176. {
  177. fRefreshPin = TRUE;
  178. cbPinToCache = pPins->cbNewPin;
  179. pbPinToCache = pPins->pbNewPin;
  180. }
  181. else
  182. {
  183. cbPinToCache = pPins->cbCurrentPin;
  184. pbPinToCache = pPins->pbCurrentPin;
  185. }
  187. if (fRefreshPin || NULL == pCache)
  188. {
  189. // Check the pin
  190. if (ERROR_SUCCESS != (dwError =
  191. pfnVerifyPinCallback(pPins, pvCallbackCtx)))
  192. {
  193. TestDebugPrint(("PinCacheAdd: pfnVerifyPinCallback failed\n"));
  194. return dwError;
  195. }
  196. }
  198. if (! OpenThreadToken(GetCurrentThread(), TOKEN_QUERY, TRUE, &hThreadToken))
  199. {
  200. if (! OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hThreadToken))
  201. {
  202. TestDebugPrint(("PinCacheAdd: failed to open thread or process token\n"));
  203. dwError = GetLastError();
  204. goto Ret;
  205. }
  206. }
  208. if (! GetTokenInformation(
  209. hThreadToken, TokenStatistics, &stats, sizeof(stats), &cb))
  210. {
  211. TestDebugPrint(("PinCacheAdd: GetTokenInformation failed\n"));
  212. dwError = GetLastError();
  213. goto Ret;
  214. }
  216. #if TEST_DEBUG
  217. PCPrintBytes("PinCache LUID", (PBYTE) &stats.AuthenticationId, sizeof(LUID));
  218. #endif
  220. // Now the current ID is in stats.AuthenticationId
  222. if (NULL == pCache)
  223. {
  224. TestDebugPrint(("PinCacheAdd: initializing new cache\n"));
  226. // Initialize new cache
  227. if (NULL == (pCache = (PPINCACHEITEM) CacheAlloc(sizeof(PINCACHEITEM))))
  228. {
  229. dwError = ERROR_NOT_ENOUGH_MEMORY;
  230. goto Ret;
  231. }
  233. CopyMemory(&pCache->luid, &stats.AuthenticationId, sizeof(LUID));
  234. *phCache = (PINCACHE_HANDLE) pCache;
  235. fRefreshPin = TRUE;
  236. }
  237. else
  238. {
  239. // Compare ID's
  240. if (0 != memcmp(&stats.AuthenticationId, &pCache->luid, sizeof(LUID)))
  241. {
  242. // PIN's are the same, so cache the new ID
  243. TestDebugPrint(("PinCacheAdd: same Pin, different Logon as cached values\n"));
  244. CopyMemory(&pCache->luid, &stats.AuthenticationId, sizeof(LUID));
  245. }
  246. }
  248. if (fRefreshPin)
  249. {
  250. if (pCache->pbPin)
  251. CacheFree(pCache->pbPin);
  253. pCache->cbPin = cbPinToCache;
  254. if (NULL == (pCache->pbPin = (PBYTE) CacheAlloc(cbPinToCache)))
  255. {
  256. dwError = ERROR_NOT_ENOUGH_MEMORY;
  257. goto Ret;
  258. }
  259. CopyMemory(pCache->pbPin, pbPinToCache, cbPinToCache);
  260. }
  262. Ret:
  263. if (hThreadToken)
  264. CloseHandle(hThreadToken);
  266. return dwError;
  267. }
  269. /**
  270. * Function: PinCacheQuery
  271. */
  272. DWORD PinCacheQuery(
  273. IN PINCACHE_HANDLE hCache,
  274. IN OUT PBYTE pbPin,
  275. IN OUT PDWORD pcbPin)
  276. {
  277. HANDLE hThreadToken = 0;
  278. TOKEN_STATISTICS stats;
  279. DWORD dwError = ERROR_SUCCESS;
  280. DWORD cb = 0;
  281. PPINCACHEITEM pCache = (PPINCACHEITEM) hCache;
  283. if (NULL == pCache)
  284. {
  285. *pcbPin = 0;
  286. return ERROR_EMPTY;
  287. }
  289. if (! OpenThreadToken(GetCurrentThread(), TOKEN_QUERY, TRUE, &hThreadToken))
  290. {
  291. if (! OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hThreadToken))
  292. {
  293. TestDebugPrint(("PinCacheQuery: failed to open thread or process token\n"));
  294. dwError = GetLastError();
  295. goto Ret;
  296. }
  297. }
  299. if (! GetTokenInformation(
  300. hThreadToken, TokenStatistics, &stats, sizeof(stats), &cb))
  301. {
  302. TestDebugPrint(("PinCacheQuery: GetTokenInformation failed\n"));
  303. dwError = GetLastError();
  304. goto Ret;
  305. }
  307. // Now the current ID is in stats.AuthenticationId
  309. if (0 != memcmp(&stats.AuthenticationId, &pCache->luid, sizeof(LUID)))
  310. {
  311. // ID's are different, so ignore cache
  312. TestDebugPrint(("PinCacheQuery: different Logon from cached value\n"));
  313. *pcbPin = 0;
  314. goto Ret;
  315. }
  317. // ID's are the same, so return cached PIN
  318. TestDebugPrint(("PinCacheQuery: same Logon as cached value\n"));
  320. if (NULL != pbPin)
  321. {
  322. if (*pcbPin >= pCache->cbPin)
  323. CopyMemory(pbPin, pCache->pbPin, pCache->cbPin);
  324. else
  325. dwError = ERROR_MORE_DATA;
  326. }
  328. *pcbPin = pCache->cbPin;
  330. Ret:
  331. if (hThreadToken)
  332. CloseHandle(hThreadToken);
  334. return dwError;
  335. }
  337. /**
  338. * Function: PinCachePresentPin
  339. */
  340. DWORD PinCachePresentPin(
  341. IN PINCACHE_HANDLE hCache,
  342. IN PFN_VERIFYPIN_CALLBACK pfnVerifyPinCallback,
  343. IN PVOID pvCallbackCtx)
  344. {
  345. HANDLE hThreadToken = 0;
  346. TOKEN_STATISTICS stats;
  347. DWORD cb = 0;
  348. DWORD dwError = ERROR_SUCCESS;
  349. PPINCACHEITEM pCache = (PPINCACHEITEM) hCache;
  350. PINCACHE_PINS Pins;
  352. if (NULL == pCache)
  353. return ERROR_EMPTY;
  355. if (! OpenThreadToken(GetCurrentThread(), TOKEN_QUERY, TRUE, &hThreadToken))
  356. {
  357. if (! OpenProcessToken(GetCurrentProcess(), TOKEN_QUERY, &hThreadToken))
  358. {
  359. TestDebugPrint(("PinCachePresentPin: failed to open thread or process token\n"));
  360. dwError = GetLastError();
  361. goto Ret;
  362. }
  363. }
  365. if (! GetTokenInformation(
  366. hThreadToken, TokenStatistics, &stats, sizeof(stats), &cb))
  367. {
  368. TestDebugPrint(("PinCachePresentPin: GetTokenInformation failed\n"));
  369. dwError = GetLastError();
  370. goto Ret;
  371. }
  373. // Now the current ID is in stats.AuthenticationId
  375. if (0 != memcmp(&stats.AuthenticationId, &pCache->luid, sizeof(LUID)))
  376. {
  377. // ID's are different, so ignore cache
  378. TestDebugPrint(("PinCachePresentPin: different Logon from cached value\n"));
  379. dwError = SCARD_W_CARD_NOT_AUTHENTICATED;
  380. goto Ret;
  381. }
  383. // ID's are the same, so return cached PIN
  384. TestDebugPrint(("PinCachePresentPin: same Logon as cached value\n"));
  386. Pins.cbCurrentPin = pCache->cbPin;
  387. Pins.pbCurrentPin = pCache->pbPin;
  388. Pins.cbNewPin = 0;
  389. Pins.pbNewPin = NULL;
  391. dwError = (*pfnVerifyPinCallback)(&Pins, pvCallbackCtx);
  393. Ret:
  394. if (hThreadToken)
  395. CloseHandle(hThreadToken);
  397. return dwError;
  398. }