windows-nt/Source/XPSP1/NT/ds/adsi/noole/creden.cxx

533 lines
9.2 KiB
C++
Raw Permalink Normal View History

2020-09-26 03:20:57 -05:00
/*++
Copyright (c) 1990 Microsoft Corporation
Module Name:
creden.cxx
Abstract:
This module abstracts user credentials for the multiple credential support.
Author:
Krishna Ganugapati (KrishnaG) 03-Aug-1996
Revision History:
--*/
extern "C" {
#include <nt.h>
#include <ntrtl.h>
#include <nturtl.h>
#include <windows.h>
#include <imagehlp.h>
#include <stdio.h>
#include <stdlib.h>
#include "memory.h"
}
#include <basetyps.h>
#include <des.h>
#include <crypt.h>
typedef long HRESULT;
#include "misc.hxx"
#include "creden.hxx"
#include "macro.h"
//
// This routine allocates and stores the password in the
// passed in pointer. The assumption here is that pszString
// is valid, it can be an empty string but not NULL.
// Note that this code cannot be used as is on Win2k and below
// as they do not support the newer functions.
//
HRESULT
EncryptString(
LPWSTR pszString,
LPWSTR *ppszSafeString,
PDWORD pdwLen
)
{
HRESULT hr = S_OK;
DWORD dwLenStr = 0;
DWORD dwPwdLen = 0;
LPWSTR pszTempStr = NULL;
NTSTATUS errStatus = STATUS_SUCCESS;
*ppszSafeString = NULL;
*pdwLen = 0;
//
// If the string is valid, then we need to get the length
// and initialize the unicode string.
//
if (pszString) {
UNICODE_STRING Password;
//
// Determine the length of buffer taking padding into account.
//
dwLenStr = wcslen(pszString);
dwPwdLen = (dwLenStr + 1) * sizeof(WCHAR) + (DES_BLOCKLEN -1);
pszTempStr = (LPWSTR) AllocADsMem(dwPwdLen);
if (!pszTempStr) {
BAIL_ON_FAILURE(hr = E_OUTOFMEMORY);
}
wcscpy(pszTempStr, pszString);
RtlInitUnicodeString(&Password, pszTempStr);
USHORT usExtra = 0;
if (usExtra = (Password.MaximumLength % DES_BLOCKLEN)) {
Password.MaximumLength += (DES_BLOCKLEN - usExtra);
}
errStatus = RtlEncryptMemory(
Password.Buffer,
Password.MaximumLength,
0
);
if (errStatus != STATUS_SUCCESS) {
BAIL_ON_FAILURE(hr = HRESULT_FROM_NT(errStatus));
}
*pdwLen = Password.MaximumLength;
*ppszSafeString = pszTempStr;
}
error:
if (FAILED(hr) && pszTempStr) {
FreeADsMem(pszTempStr);
}
RRETURN(hr);
}
HRESULT
DecryptString(
LPWSTR pszEncodedString,
LPWSTR *ppszString,
DWORD dwLen
)
{
HRESULT hr = S_OK;
LPWSTR pszTempStr = NULL;
UNICODE_STRING Password;
NTSTATUS errStatus;
if (!dwLen || !ppszString) {
RRETURN(E_FAIL);
}
*ppszString = NULL;
if (dwLen) {
pszTempStr = (LPWSTR) AllocADsMem(dwLen);
if (!pszTempStr) {
BAIL_ON_FAILURE(hr = E_OUTOFMEMORY);
}
memcpy(pszTempStr, pszEncodedString, dwLen);
errStatus = RtlDecryptMemory(pszTempStr, dwLen, 0);
if (errStatus != STATUS_SUCCESS) {
BAIL_ON_FAILURE(hr = HRESULT_FROM_NT(errStatus));
}
*ppszString = pszTempStr;
}
error:
if (FAILED(hr)) {
FreeADsStr(pszTempStr);
}
RRETURN(hr);
}
//
// Static member of the class
//
CCredentials::CCredentials():
_lpszUserName(NULL),
_lpszPassword(NULL),
_dwAuthFlags(0),
_dwPasswordLen(0)
{
}
CCredentials::CCredentials(
LPWSTR lpszUserName,
LPWSTR lpszPassword,
DWORD dwAuthFlags
):
_lpszUserName(NULL),
_lpszPassword(NULL),
_dwAuthFlags(0),
_dwPasswordLen(0)
{
//
// AjayR 10-04-99 we need a way to bail if the
// alloc's fail. Since it is in the constructor this is
// not very easy to do.
//
if (lpszUserName) {
_lpszUserName = AllocADsStr(lpszUserName);
}
else {
_lpszUserName = NULL;
}
if (lpszPassword) {
//
// The call can fail but we cannot recover from this.
//
EncryptString(
lpszPassword,
&_lpszPassword,
&_dwPasswordLen
);
}else {
_lpszPassword = NULL;
}
_dwAuthFlags = dwAuthFlags;
}
CCredentials::~CCredentials()
{
if (_lpszUserName) {
FreeADsStr(_lpszUserName);
}
if (_lpszPassword) {
FreeADsStr(_lpszPassword);
}
}
HRESULT
CCredentials::GetUserName(
LPWSTR *lppszUserName
)
{
if (!lppszUserName) {
RRETURN(E_FAIL);
}
if (!_lpszUserName) {
*lppszUserName = NULL;
}else {
*lppszUserName = AllocADsStr(_lpszUserName);
if (!*lppszUserName) {
RRETURN(E_OUTOFMEMORY);
}
}
RRETURN(S_OK);
}
HRESULT
CCredentials::GetPassword(
LPWSTR * lppszPassword
)
{
UNICODE_STRING Password;
LPWSTR lpTempPassword = NULL;
Password.Length = 0;
if (!lppszPassword) {
RRETURN(E_FAIL);
}
if (!_lpszPassword) {
*lppszPassword = NULL;
}else {
RRETURN(
DecryptString(
_lpszPassword,
lppszPassword,
_dwPasswordLen
)
);
}
RRETURN(S_OK);
}
HRESULT
CCredentials::SetUserName(
LPWSTR lpszUserName
)
{
if (_lpszUserName) {
FreeADsStr(_lpszUserName);
}
if (!lpszUserName) {
_lpszUserName = NULL;
RRETURN(S_OK);
}
_lpszUserName = AllocADsStr(
lpszUserName
);
if(!_lpszUserName) {
RRETURN(E_FAIL);
}
RRETURN(S_OK);
}
HRESULT
CCredentials::SetPassword(
LPWSTR lpszPassword
)
{
if (_lpszPassword) {
FreeADsStr(_lpszPassword);
}
if (!lpszPassword) {
_lpszPassword = NULL;
RRETURN(S_OK);
}
RRETURN(
EncryptString(
lpszPassword,
&_lpszPassword,
&_dwPasswordLen
)
);
}
CCredentials::CCredentials(
const CCredentials& Credentials
)
{
HRESULT hr = S_OK;
LPWSTR pszTmpPwd = NULL;
_lpszUserName = NULL;
_lpszPassword = NULL;
_lpszUserName = AllocADsStr(
Credentials._lpszUserName
);
if (Credentials._lpszPassword) {
hr = DecryptString(
Credentials._lpszPassword,
&pszTmpPwd,
Credentials._dwPasswordLen
);
}
if (SUCCEEDED(hr) && pszTmpPwd) {
hr = EncryptString(
pszTmpPwd,
&_lpszPassword,
&_dwPasswordLen
);
}
if (pszTmpPwd) {
FreeADsStr(pszTmpPwd);
}
_dwAuthFlags = Credentials._dwAuthFlags;
}
void
CCredentials::operator=(
const CCredentials& other
)
{
HRESULT hr = S_OK;
LPWSTR pszTmpPwd = NULL;
if ( &other == this) {
return;
}
if (_lpszUserName) {
FreeADsStr(_lpszUserName);
}
if (_lpszPassword) {
FreeADsStr(_lpszPassword);
}
_lpszUserName = AllocADsStr(
other._lpszUserName
);
if (other._lpszPassword) {
hr = DecryptString(
other._lpszPassword,
&pszTmpPwd,
other._dwPasswordLen
);
}
if (SUCCEEDED(hr) && pszTmpPwd) {
hr = EncryptString(
pszTmpPwd,
&_lpszPassword,
&_dwPasswordLen
);
}
if (pszTmpPwd) {
FreeADsStr(pszTmpPwd);
}
_dwAuthFlags = other._dwAuthFlags;
return;
}
BOOL
operator==(
CCredentials& x,
CCredentials& y
)
{
BOOL bEqualUser = FALSE;
BOOL bEqualPassword = FALSE;
BOOL bEqualFlags = FALSE;
LPWSTR lpszXPassword = NULL;
LPWSTR lpszYPassword = NULL;
BOOL bReturnCode = FALSE;
HRESULT hr = S_OK;
if (x._lpszUserName && y._lpszUserName) {
bEqualUser = !(wcscmp(x._lpszUserName, y._lpszUserName));
}else if (!x._lpszUserName && !y._lpszUserName){
bEqualUser = TRUE;
}
hr = x.GetPassword(&lpszXPassword);
if (FAILED(hr)) {
goto error;
}
hr = y.GetPassword(&lpszYPassword);
if (FAILED(hr)) {
goto error;
}
if ((lpszXPassword && lpszYPassword)) {
bEqualPassword = !(wcscmp(lpszXPassword, lpszYPassword));
}else if (!lpszXPassword && !lpszYPassword) {
bEqualPassword = TRUE;
}
if (x._dwAuthFlags == y._dwAuthFlags) {
bEqualFlags = TRUE;
}
if (bEqualUser && bEqualPassword && bEqualFlags) {
bReturnCode = TRUE;
}
error:
if (lpszXPassword) {
FreeADsStr(lpszXPassword);
}
if (lpszYPassword) {
FreeADsStr(lpszYPassword);
}
return(bReturnCode);
}
BOOL
CCredentials::IsNullCredentials(
)
{
// The function will return true even if the flags are set
// this is because we want to try and get the default credentials
// even if the flags were set
if (!_lpszUserName && !_lpszPassword) {
return(TRUE);
}else {
return(FALSE);
}
}
DWORD
CCredentials::GetAuthFlags()
{
return(_dwAuthFlags);
}
void
CCredentials::SetAuthFlags(
DWORD dwAuthFlags
)
{
_dwAuthFlags = dwAuthFlags;
}