Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

1008 lines
19 KiB

/*++
Copyright (c) 1997-1999 Microsoft Corporation
Module Name:
efs.c
Abstract:
EFS (Encrypting File System) API Interfaces
Author:
Robert Reichel (RobertRe)
Robert Gu (RobertG)
Environment:
Revision History:
--*/
#undef WIN32_LEAN_AND_MEAN
#include "advapi.h"
#include <windows.h>
#include <feclient.h>
#define FE_CLIENT_DLL L"feclient.dll"
//
// Global Variables
//
LPFE_CLIENT_INFO FeClientInfo = NULL;
HMODULE FeClientModule = NULL;
CRITICAL_SECTION FeClientLoadCritical;
LPWSTR
GetFeClientDll(
VOID
)
/*++
Routine Description:
This routine obtains the name of the currently installed client
encryption dll (which is currently hardcoded).
Arguments:
None.
Return Value:
Returns the name of the current DLL, or NULL on error.
--*/
{
return( FE_CLIENT_DLL );
}
BOOL
LoadAndInitFeClient(
VOID
)
/*++
Routine Description:
This routine finds the name of the proper client dll (by some as of
yet unspecified means) and proceeds to load it and initialize it.
Arguments:
None.
Return Value:
TRUE on success, FALSE on failure. Callers may call GetLastError()
for more error information.
--*/
{
LPWSTR FeClientDllName;
LPFEAPI_CLIENT_INITIALIZE ClientInitRoutine;
BOOL Inited;
//
// GetFeClientDll returns a hard coded name.
// If we get this name dynamically later, we will
// need to free FeClientDllName.
//
FeClientDllName = GetFeClientDll();
EnterCriticalSection(&FeClientLoadCritical);
if (FeClientInfo) {
LeaveCriticalSection(&FeClientLoadCritical);
return( TRUE );
}
if (FeClientDllName) {
FeClientModule = LoadLibraryW( FeClientDllName );
if (FeClientModule == NULL) {
DbgPrint("Unable to load client dll, error = %d\n",GetLastError());
LeaveCriticalSection(&FeClientLoadCritical);
return( FALSE );
}
}
ClientInitRoutine = (LPFEAPI_CLIENT_INITIALIZE) GetProcAddress( FeClientModule, (LPCSTR)"FeClientInitialize");
if (NULL == ClientInitRoutine) {
FreeLibrary( FeClientModule );
DbgPrint("Unable to locate init routine, error = %d\n",GetLastError());
LeaveCriticalSection(&FeClientLoadCritical);
return( FALSE );
}
Inited = (*ClientInitRoutine)( FE_REVISION_1_0, &FeClientInfo );
LeaveCriticalSection(&FeClientLoadCritical);
if (!Inited) {
FreeLibrary( FeClientModule );
return( FALSE );
}
return( TRUE );
}
BOOL
WINAPI
EncryptFileA (
LPCSTR lpFileName
)
/*++
Routine Description:
ANSI Stub to EncryptFileW
Arguments:
lpFileName - The name of the file to be encrypted.
Return Value:
TRUE on success, FALSE on failure. Callers may call GetLastError()
for more information.
--*/
{
UNICODE_STRING Unicode;
WCHAR UnicodeBuffer[STATIC_UNICODE_BUFFER_LENGTH];
ANSI_STRING AnsiString;
NTSTATUS Status;
Unicode.Length = 0;
Unicode.MaximumLength = STATIC_UNICODE_BUFFER_LENGTH * sizeof( WCHAR );
Unicode.Buffer = UnicodeBuffer;
RtlInitAnsiString(&AnsiString,lpFileName);
Status = RtlAnsiStringToUnicodeString(&Unicode,&AnsiString,FALSE);
if ( !NT_SUCCESS(Status) ) {
if ( Status == STATUS_BUFFER_OVERFLOW ) {
SetLastError(ERROR_FILENAME_EXCED_RANGE);
} else {
BaseSetLastNTError(Status);
}
return FALSE;
}
return ( EncryptFileW( Unicode.Buffer ));
}
BOOL
WINAPI
EncryptFileW (
LPCWSTR lpFileName
)
/*++
Routine Description:
Win32 EncryptFile API
Arguments:
lpFileName - Supplies the name of the file to be encrypted.
Return Value:
TRUE on success, FALSE on failure. Callers may call GetLastError()
for more information.
--*/
{
BOOL rc;
DWORD Result;
//
// See if the module has been loaded, and if not, load it into this
// process.
//
if (FeClientInfo == NULL) {
rc = LoadAndInitFeClient();
if (!rc) {
return(rc);
}
}
Result = FeClientInfo->lpServices->EncryptFile( lpFileName );
if (ERROR_SUCCESS != Result) {
SetLastError( Result );
return( FALSE );
}
return( TRUE );
}
BOOL
WINAPI
DecryptFileA (
IN LPCSTR lpFileName,
IN DWORD dwRecovery
)
/*++
Routine Description:
ANSI Stub for the DecryptFileW API
Arguments:
lpFileName - Supplies the name of the file to be decrypted.
dwRecover - Supplies whether this is a recovery operation or a
normal decryption operation.
Return Value:
TRUE on success, FALSE on failure. Callers may call GetLastError()
for more information.
--*/
{
UNICODE_STRING Unicode;
WCHAR UnicodeBuffer[STATIC_UNICODE_BUFFER_LENGTH];
ANSI_STRING AnsiString;
NTSTATUS Status;
Unicode.Length = 0;
Unicode.MaximumLength = STATIC_UNICODE_BUFFER_LENGTH * sizeof( WCHAR );
Unicode.Buffer = UnicodeBuffer;
RtlInitAnsiString(&AnsiString,lpFileName);
Status = RtlAnsiStringToUnicodeString(&Unicode,&AnsiString,FALSE);
if ( !NT_SUCCESS(Status) ) {
if ( Status == STATUS_BUFFER_OVERFLOW ) {
SetLastError(ERROR_FILENAME_EXCED_RANGE);
} else {
BaseSetLastNTError(Status);
}
return FALSE;
}
return ( DecryptFileW( Unicode.Buffer, dwRecovery ));
}
BOOL
WINAPI
DecryptFileW (
IN LPCWSTR lpFileName,
IN DWORD dwRecovery
)
/*++
Routine Description:
Win32 DecryptFile API
Arguments:
lpFileName - Supplies the name of the file to be encrypted.
Return Value:
TRUE on success, FALSE on failure. Callers may call GetLastError()
for more information.
--*/
{
BOOL rc;
DWORD Result;
//
// See if the module has been loaded, and if not, load it into this
// process.
//
if (FeClientInfo == NULL) {
rc = LoadAndInitFeClient();
if (!rc) {
return(rc);
}
}
Result = FeClientInfo->lpServices->DecryptFile( lpFileName, dwRecovery );
if (ERROR_SUCCESS != Result) {
SetLastError( Result );
return( FALSE );
}
return( TRUE );
}
BOOL
WINAPI
FileEncryptionStatusA (
LPCSTR lpFileName,
LPDWORD lpStatus
)
/*++
Routine Description:
ANSI Stub to FileEncryptionStatusW
Arguments:
lpFileName - The name of the file to be checked.
lpStatus - The status of the file.
Return Value:
TRUE on success, FALSE on failure. Callers may call GetLastError() for more information.
--*/
{
ANSI_STRING AnsiString;
NTSTATUS Status;
UNICODE_STRING Unicode;
WCHAR UnicodeBuffer[STATIC_UNICODE_BUFFER_LENGTH];
Unicode.Length = 0;
Unicode.MaximumLength = STATIC_UNICODE_BUFFER_LENGTH * sizeof( WCHAR );
Unicode.Buffer = UnicodeBuffer;
RtlInitAnsiString(&AnsiString,lpFileName);
Status = RtlAnsiStringToUnicodeString(&Unicode,&AnsiString,FALSE);
if ( !NT_SUCCESS(Status) ) {
if ( Status == STATUS_BUFFER_OVERFLOW ) {
SetLastError(ERROR_FILENAME_EXCED_RANGE);
} else {
BaseSetLastNTError(Status);
}
return FALSE;
}
return ( FileEncryptionStatusW( Unicode.Buffer, lpStatus ));
}
BOOL
WINAPI
FileEncryptionStatusW (
LPCWSTR lpFileName,
LPDWORD lpStatus
)
/*++
Routine Description:
Win32 FileEncryptionStatus API
Arguments:
lpFileName - Supplies the name of the file to be encrypted.
lpStatus - The status of the file.
Return Value:
TRUE on success, FALSE on failure. Callers may call GetLastError()
for more information.
--*/
{
BOOL rc;
DWORD Result;
//
// See if the module has been loaded, and if not, load it into this
// process.
//
if (FeClientInfo == NULL) {
rc = LoadAndInitFeClient();
if (!rc) {
return(rc);
}
}
return (FeClientInfo->lpServices->FileEncryptionStatus( lpFileName, lpStatus ));
}
DWORD
WINAPI
OpenEncryptedFileRawA(
LPCSTR lpFileName,
ULONG Flags,
PVOID * Context
)
{
ANSI_STRING AnsiString;
NTSTATUS Status;
UNICODE_STRING Unicode;
WCHAR UnicodeBuffer[STATIC_UNICODE_BUFFER_LENGTH];
Unicode.Length = 0;
Unicode.MaximumLength = STATIC_UNICODE_BUFFER_LENGTH * sizeof( WCHAR );
Unicode.Buffer = UnicodeBuffer;
RtlInitAnsiString(&AnsiString,lpFileName);
Status = RtlAnsiStringToUnicodeString(&Unicode,&AnsiString,FALSE);
if ( !NT_SUCCESS(Status) ) {
if ( Status == STATUS_BUFFER_OVERFLOW ) {
SetLastError(ERROR_FILENAME_EXCED_RANGE);
} else {
BaseSetLastNTError(Status);
}
return FALSE;
}
return ( OpenEncryptedFileRawW( Unicode.Buffer, Flags, Context ));
}
DWORD
WINAPI
OpenEncryptedFileRawW(
LPCWSTR lpFileName,
ULONG Flags,
PVOID * Context
)
{
BOOL rc;
DWORD Result;
//
// See if the module has been loaded, and if not, load it into this
// process.
//
if (FeClientInfo == NULL) {
rc = LoadAndInitFeClient();
if (!rc) {
return(GetLastError());
}
}
return (FeClientInfo->lpServices->OpenFileRaw( lpFileName, Flags, Context ));
}
DWORD
WINAPI
ReadEncryptedFileRaw(
PFE_EXPORT_FUNC ExportCallback,
PVOID CallbackContext,
PVOID Context
)
{
//
// It doesn't make sense to call this before calling OpenRaw, so don't
// bother checking to see if the module is loaded or not. We'll fault
// in the user process if it isn't.
//
return (FeClientInfo->lpServices->ReadFileRaw( ExportCallback, CallbackContext, Context ));
}
DWORD
WINAPI
WriteEncryptedFileRaw(
PFE_IMPORT_FUNC ImportCallback,
PVOID CallbackContext,
PVOID Context
)
{
//
// It doesn't make sense to call this before calling OpenRaw, so don't
// bother checking to see if the module is loaded or not. We'll fault
// in the user process if it isn't.
//
return (FeClientInfo->lpServices->WriteFileRaw( ImportCallback, CallbackContext, Context ));
}
VOID
WINAPI
CloseEncryptedFileRaw(
PVOID Context
)
{
FeClientInfo->lpServices->CloseFileRaw( Context );
return;
}
DWORD
QueryUsersOnEncryptedFile(
IN LPCWSTR lpFileName,
OUT PENCRYPTION_CERTIFICATE_HASH_LIST * pUsers
)
/*++
Routine Description:
Win32 interface for adding users to an encrypted file.
Arguments:
lpFileName - Supplies the name of the file to be modified.
pUsers - Returns a list of users on the file. This parameter
must be passed to FreeEncryptionCertificateHashList() when
no longer needed.
Return Value:
Win32 error.
--*/
{
DWORD rc;
//
// See if the module has been loaded, and if not, load it into this
// process.
//
if (FeClientInfo == NULL) {
rc = LoadAndInitFeClient();
if (!rc) {
return(rc);
}
}
if ((lpFileName != NULL) && (pUsers != NULL)) {
return(FeClientInfo->lpServices->QueryUsers( lpFileName, pUsers ));
} else {
return( ERROR_INVALID_PARAMETER );
}
}
VOID
FreeEncryptionCertificateHashList(
IN PENCRYPTION_CERTIFICATE_HASH_LIST pUsers
)
/*++
Routine Description:
Frees a certificate hash list as returned by QueryUsersOnEncryptedFile()
and QueryRecoveryAgentsOnEncryptedFile().
Arguments:
Supplies a list of users returned from QueryUsersOnEncryptedFile().
Return Value:
Win32 error.
--*/
{
//
// It is probably safe to assume that feclient.dll is loaded,
// since we wouldn't have one of these structures to free
// if it weren't.
//
if (pUsers != NULL) {
FeClientInfo->lpServices->FreeCertificateHashList( pUsers );
} else {
//
// nothing to do
//
}
return;
}
DWORD
QueryRecoveryAgentsOnEncryptedFile(
IN LPCWSTR lpFileName,
OUT PENCRYPTION_CERTIFICATE_HASH_LIST * pRecoveryAgents
)
/*++
Routine Description:
This routine returns a list of recovery agents on an encrypted
file.
Arguments:
lpFileName - Supplies the name of the file to be examined.
pRecoveryAgents - Returns a list of recovery agents, represented
by certificate hashes on the file. This list should be freed
by calling FreeEncryptionCertificateHashList().
Return Value:
return-value - Description of conditions needed to return value. - or -
None.
--*/
{
DWORD rc;
//
// See if the module has been loaded, and if not, load it into this
// process.
//
if (FeClientInfo == NULL) {
rc = LoadAndInitFeClient();
if (!rc) {
return(rc);
}
}
if ((lpFileName != NULL) && (pRecoveryAgents != NULL)) {
return(FeClientInfo->lpServices->QueryRecoveryAgents( lpFileName, pRecoveryAgents ));
} else {
return( ERROR_INVALID_PARAMETER );
}
}
DWORD
RemoveUsersFromEncryptedFile(
IN LPCWSTR lpFileName,
IN PENCRYPTION_CERTIFICATE_HASH_LIST pHashes
)
/*++
Routine Description:
Takes a list of certificate hashes to be removed
from the passed file. Any that are found are removed,
the rest are ignored with no error return.
Arguments:
lpFileName - Supplies the name of the file to be modified.
pHashes - Supplies the list of hashes to be removed.
Return Value:
Win32 Error
--*/
{
DWORD rc;
//
// See if the module has been loaded, and if not, load it into this
// process.
//
if (FeClientInfo == NULL) {
rc = LoadAndInitFeClient();
if (!rc) {
return(rc);
}
}
if ((lpFileName != NULL) && (pHashes != NULL)) {
return(FeClientInfo->lpServices->RemoveUsers( lpFileName, pHashes ));
} else {
return( ERROR_INVALID_PARAMETER );
}
}
DWORD
AddUsersToEncryptedFile(
IN LPCWSTR lpFileName,
IN PENCRYPTION_CERTIFICATE_LIST pEncryptionCertificates
)
/*++
Routine Description:
This routine adds user keys to the passed encrypted file.
Arguments:
lpFileName - Supplies the name of the file to be encrypted.
pEncryptionCertificates - Supplies the list of certificates for
new users to be added to the file.
Return Value:
Win32 Error
--*/
{
DWORD rc;
//
// See if the module has been loaded, and if not, load it into this
// process.
//
if (FeClientInfo == NULL) {
rc = LoadAndInitFeClient();
if (!rc) {
return(rc);
}
}
if ((lpFileName != NULL) && (pEncryptionCertificates != NULL)) {
return(FeClientInfo->lpServices->AddUsers( lpFileName, pEncryptionCertificates ));
} else {
return( ERROR_INVALID_PARAMETER );
}
}
DWORD
SetUserFileEncryptionKey(
PENCRYPTION_CERTIFICATE pEncryptionCertificate
)
/*++
Routine Description:
This routine will set the user's current EFS key to the one
contained in the passed certificate. If no certificate is
passed, a new key will be generated automatically.
Arguments:
pEncryptionCertificate - Optionally supplies the certificate
containing the new public key.
Return Value:
Win32 error
--*/
{
DWORD rc;
//
// See if the module has been loaded, and if not, load it into this
// process.
//
if (FeClientInfo == NULL) {
rc = LoadAndInitFeClient();
if (!rc) {
return(rc);
}
}
return(FeClientInfo->lpServices->SetKey( pEncryptionCertificate ));
/*
if (pEncryptionCertificate != NULL) {
return(FeClientInfo->lpServices->SetKey( pEncryptionCertificate ));
} else {
return( ERROR_INVALID_PARAMETER );
}*/
}
DWORD
DuplicateEncryptionInfoFile(
IN LPCWSTR SrcFileName,
IN LPCWSTR DstFileName,
IN DWORD dwCreationDistribution,
IN DWORD dwAttributes,
IN LPSECURITY_ATTRIBUTES lpSecurityAttributes
)
/*++
Routine Description:
This routine duplicates the encryption information from the source file to the
destination file. Destination file will be created if not existing.
The destination file is overwritten.
Arguments:
SrcFileName - Supplies the source of the encryption information.
DstFileName - Supplies the target file, exclusive open is required on this file.
dwCreationDistribution - Create options.
If dwCreationDistribution != CREATE_NEW, dwCreationDistribution = CREATE_ALWAYS
dwAttributes - File attributes.
lpSecurityAttributes - Security attributes.
Return Value:
Win32 error on failure.
--*/
{
DWORD rc;
if (FeClientModule == NULL) {
rc = LoadAndInitFeClient();
if (!rc) {
return(rc);
}
}
if (SrcFileName && DstFileName) {
return(FeClientInfo->lpServices->DuplicateEncryptionInfo( SrcFileName,
DstFileName,
dwCreationDistribution,
dwAttributes,
lpSecurityAttributes
));
} else {
return( ERROR_INVALID_PARAMETER );
}
}
BOOL
WINAPI
EncryptionDisable(
IN LPCWSTR DirPath,
IN BOOL Disable
)
/*++
Routine Description:
This routine disable and enable EFS in the directory DirPath.
Arguments:
DirPath - Directory path.
Disable - TRUE to disable
Return Value:
TRUE for SUCCESS
--*/
{
DWORD rc;
//
// See if the module has been loaded, and if not, load it into this
// process.
//
if (FeClientInfo == NULL) {
rc = LoadAndInitFeClient();
if (!rc) {
return(rc);
}
}
return(FeClientInfo->lpServices->DisableDir( DirPath, Disable ));
}
WINADVAPI
DWORD
WINAPI
EncryptedFileKeyInfo(
IN LPCWSTR lpFileName,
IN DWORD InfoClass,
OUT PEFS_RPC_BLOB * KeyInfo
)
/*++
Routine Description:
Win32 interface for adding users to an encrypted file.
Arguments:
lpFileName - Supplies the name of the file to be modified.
InfoClass - Information requested. Only support 1 for now.
KeyInfo - Returns Key info
Return Value:
Win32 error.
--*/
{
DWORD rc;
//
// See if the module has been loaded, and if not, load it into this
// process.
//
if (FeClientInfo == NULL) {
rc = LoadAndInitFeClient();
if (!rc) {
return(rc);
}
}
if ((lpFileName != NULL) && (KeyInfo != NULL)) {
return(FeClientInfo->lpServices->GetKeyInfo( lpFileName, InfoClass, KeyInfo ));
} else {
return( ERROR_INVALID_PARAMETER );
}
}
WINADVAPI
VOID
WINAPI
FreeEncryptedFileKeyInfo(
IN PEFS_RPC_BLOB pKeyInfo
)
/*++
Routine Description:
Frees a KeyInfo as returned by EncryptedFileKeyInfo();
Arguments:
pKeyInfo - Supplies a KeyInfo returned from EncryptedFileKeyInfo().
Return Value:
No.
--*/
{
//
// It is probably safe to assume that feclient.dll is loaded,
// since we wouldn't have one of these structures to free
// if it weren't.
//
if (pKeyInfo != NULL) {
FeClientInfo->lpServices->FreeKeyInfo( pKeyInfo );
} else {
//
// nothing to do
//
}
return;
}