/*
File: Passwd.cpp
Title: Protected Storage User Confirm wrappers
Author: Matt Thomlinson
Date: 2/25/97
Passwd.cpp simply houses a few of the password-management
functions. These functions are called on to return the
user-confirmation derived buffer, and check synchronization
in certain cases.
As the Authentication provider interface gets defined, this
could end up getting moved into a seperate provider.
*/
#include <pch.cpp>
#pragma hdrstop
#include "provui.h"
#include "storage.h"
#include "passwd.h"
extern DISPIF_CALLBACKS g_sCallbacks;
extern PRIVATE_CALLBACKS g_sPrivateCallbacks;
extern CUAList* g_pCUAList;
///////////////////////////////////////////////////////////////////////
// non-user editable passwords
BOOL FIsUserMasterKey(LPCWSTR szMasterKey)
{
if (0 == wcscmp(szMasterKey, WSZ_PASSWORD_WINDOWS))
return FALSE;
return TRUE;
}
BOOL FMyGetWinPassword(
PST_PROVIDER_HANDLE* phPSTProv,
LPCWSTR szUser,
BYTE rgbPwd[A_SHA_DIGEST_LEN] )
{
// nab pwd
if (0 == wcscmp(szUser, WSZ_LOCAL_MACHINE))
{
CopyMemory(rgbPwd, RGB_LOCALMACHINE_KEY, A_SHA_DIGEST_LEN);
}
else
{
/*
if (! g_sPrivateCallbacks.pfnFGetWindowsPassword(
phPSTProv,
rgbPwd,
A_SHA_DIGEST_LEN))
return FALSE;
*/
A_SHA_CTX context;
DWORD cb = lstrlenW(szUser) * sizeof(WCHAR);
BYTE Magic1[] = {0x66, 0x41, 0xa3, 0x29};
BYTE Magic2[] = {0x14, 0x9a, 0xef, 0x82};
A_SHAInit(&context);
// note: the three Update calls get buffered up internally to
// multiples of 64 bytes.
//
A_SHAUpdate(&context, Magic1, sizeof(Magic1));
A_SHAUpdate(&context, (LPBYTE)szUser, cb);
A_SHAUpdate(&context, Magic2, (cb+sizeof(Magic2)) % sizeof(Magic2));
A_SHAFinal(&context, rgbPwd);
}
return TRUE;
}
// Base Provider specific fxn: check the password
DWORD BPVerifyPwd(
PST_PROVIDER_HANDLE* phPSTProv,
LPCWSTR szUser,
LPCWSTR szMasterKey,
BYTE rgbPwd[],
DWORD dwPasswordOption)
{
DWORD dwRet = (DWORD)PST_E_WRONG_PASSWORD;
if (dwPasswordOption != BP_CONFIRM_PASSWORDUI)
{
// only non-user keys can be silent (WinPWs only, to be exact)
if (FIsUserMasterKey(szMasterKey))
goto Ret;
// get the Windows pwd
if (!FMyGetWinPassword(phPSTProv, szUser, rgbPwd))
goto Ret;
// check
if (!FCheckPWConfirm(
szUser,
szMasterKey,
rgbPwd))
{
dwRet = (DWORD)PST_E_WRONG_PASSWORD;
goto Ret;
}
}
else // UI wanted
{
// is it the windows password?
if (0 == wcscmp(szMasterKey, WSZ_PASSWORD_WINDOWS))
{
BYTE rgbWinPwd[A_SHA_DIGEST_LEN];
// we need to keep user, WinPW in sync
if(!FMyGetWinPassword(
phPSTProv,
szUser,
rgbWinPwd
))
{
dwRet = (DWORD)PST_E_WRONG_PASSWORD;
goto Ret;
}
if (0 != memcmp(rgbWinPwd, rgbPwd, sizeof(rgbWinPwd) ))
{
// no match: user entered old password?
if (FCheckPWConfirm(
szUser,
szMasterKey,
rgbPwd))
{
// err: user entered neither old nor new password
dwRet = (DWORD)PST_E_WRONG_PASSWORD;
goto Ret;
}
}
else
{
// matched: user entered password we consider good
if (!FCheckPWConfirm(
szUser,
szMasterKey,
rgbPwd))
{
dwRet = (DWORD)PST_E_WRONG_PASSWORD;
goto Ret;
}
}
}
else
{
// else: not win pw, just do pw correctness check
if (!FCheckPWConfirm(
szUser,
szMasterKey,
rgbPwd))
{
dwRet = (DWORD)PST_E_WRONG_PASSWORD;
goto Ret;
}
}
}
dwRet = (DWORD)PST_E_OK;
Ret:
return dwRet;
}
HRESULT GetUserConfirmDefaults(
PST_PROVIDER_HANDLE* phPSTProv,
DWORD* pdwDefaultConfirmationStyle,
LPWSTR* ppszMasterKey)
{
SS_ASSERT(ppszMasterKey != NULL);
SS_ASSERT(pdwDefaultConfirmationStyle != NULL);
PBYTE pbData = NULL;
DWORD cbData;
HRESULT hr = PST_E_FAIL;
// if not found, restore the machine defaults
// alloc sizeof string + dword
cbData = sizeof(WSZ_PASSWORD_WINDOWS) + sizeof(DWORD);
pbData = (PBYTE)SSAlloc(cbData);
if(pbData == NULL)
return PST_E_FAIL;
// copy string, DWORD confirmation type
*(DWORD*)pbData = BP_CONFIRM_OKCANCEL;
CopyMemory(pbData+sizeof(DWORD), WSZ_PASSWORD_WINDOWS, sizeof(WSZ_PASSWORD_WINDOWS));
// format: confirmation style DWORD, sz
*pdwDefaultConfirmationStyle = *(DWORD*)pbData;
*ppszMasterKey = (LPWSTR)SSAlloc(WSZ_BYTECOUNT((LPWSTR)(pbData+sizeof(DWORD))));
if(*ppszMasterKey != NULL) {
wcscpy(*ppszMasterKey, (LPWSTR) (pbData+sizeof(DWORD)) );
hr = PST_E_OK;
}
// free what ConfigData returned
if (pbData)
SSFree(pbData);
return hr;
}
void NotifyOfWrongPassword(
HWND hwnd,
LPCWSTR szItemName,
LPCWSTR szPasswordName)
{
LPWSTR szMessage;
if (0 == wcscmp(szPasswordName, WSZ_PASSWORD_WINDOWS))
szMessage = g_PasswordWinNoVerify;
else
szMessage = g_PasswordNoVerify; // error doesn't deal with win pw
MessageBoxW(hwnd, szMessage, szItemName, MB_OK | MB_SERVICE_NOTIFICATION);
}
// #define to force an unreadable confirmation to bail from read proc
#define PST_CF_STORED_ONLY 0xcf000001
HRESULT GetUserConfirmBuf(
PST_PROVIDER_HANDLE* phPSTProv,
LPCWSTR szUser,
PST_KEY Key,
LPCWSTR szType,
const GUID* pguidType,
LPCWSTR szSubtype,
const GUID* pguidSubtype,
LPCWSTR szItemName,
PPST_PROMPTINFO psPrompt,
LPCWSTR szAction,
LPWSTR* ppszMasterKey,
BYTE rgbPwd[A_SHA_DIGEST_LEN],
DWORD dwFlags)
{
return GetUserConfirmBuf(
phPSTProv,
szUser,
Key,
szType,
pguidType,
szSubtype,
pguidSubtype,
szItemName,
psPrompt,
szAction,
PST_CF_STORED_ONLY, // hardcoded: must be able to retreive in order to show ui
ppszMasterKey,
rgbPwd,
dwFlags);
}
#define MAX_PASSWD_TRIALS 3
HRESULT GetUserConfirmBuf(
PST_PROVIDER_HANDLE* phPSTProv,
LPCWSTR szUser,
PST_KEY Key,
LPCWSTR szType,
const GUID* pguidType,
LPCWSTR szSubtype,
const GUID* pguidSubtype,
LPCWSTR szItemName,
PPST_PROMPTINFO psPrompt,
LPCWSTR szAction,
DWORD dwDefaultConfirmationStyle,
LPWSTR* ppszMasterKey,
BYTE rgbOutPwd[A_SHA_DIGEST_LEN],
DWORD dwFlags)
{
HRESULT hr;
DWORD dwStoredConfirm, dwChosenConfirm;
LPWSTR szCallerName = NULL;
BOOL fPromptedUser = FALSE;
BOOL fIsCached = FALSE;
BOOL fCacheItNow = FALSE;
BOOL fPwdVerified = FALSE;
SS_ASSERT(*ppszMasterKey == NULL); // don't whack existing memory
if (Key == PST_KEY_LOCAL_MACHINE)
{
// short-circuit password gathering, setting
*ppszMasterKey = (LPWSTR) SSAlloc(sizeof(WSZ_PASSWORD_WINDOWS));
if( *ppszMasterKey == NULL )
{
hr = PST_E_FAIL;
goto Ret;
}
wcscpy(*ppszMasterKey, WSZ_PASSWORD_WINDOWS);
CopyMemory(rgbOutPwd, RGB_LOCALMACHINE_KEY, A_SHA_DIGEST_LEN);
// done
hr = PST_E_OK;
goto Ret;
}
if (!g_sCallbacks.pfnFGetCallerName(phPSTProv, &szCallerName, NULL)) {
hr = PST_E_FAIL;
goto Ret;
}
// Which is this: item creation, item access?
// item access does user authentication
SS_ASSERT(szItemName != NULL);
// per-item key
if (PST_E_OK != (hr =
BPGetItemConfirm(
phPSTProv,
szUser,
pguidType,
pguidSubtype,
szItemName,
&dwStoredConfirm,
ppszMasterKey)) )
{
// this could be a failure in
// * confirmation: tampering detected!!
// * password: couldn't grab user pwd
if (dwDefaultConfirmationStyle == PST_CF_STORED_ONLY)
goto Ret;
//
// if UI is not allowed (eg, Local System account), over-ride
// confirmation style.
//
if (dwDefaultConfirmationStyle != PST_CF_NONE)
{
if(!FIsProviderUIAllowed( szUser ))
dwDefaultConfirmationStyle = PST_CF_NONE;
}
// if app asked to have no confirm, set item that way
if (dwDefaultConfirmationStyle == PST_CF_NONE)
{
dwChosenConfirm = BP_CONFIRM_NONE;
// short-circuit password gathering, setting
*ppszMasterKey = (LPWSTR) SSAlloc(sizeof(WSZ_PASSWORD_WINDOWS));
if(*ppszMasterKey == NULL)
{
hr = PST_E_FAIL;
goto Ret;
}
wcscpy(*ppszMasterKey, WSZ_PASSWORD_WINDOWS);
}
else // app allows user to decide
{
// get user default
if (PST_E_OK != (hr = GetUserConfirmDefaults(
phPSTProv,
&dwChosenConfirm,
ppszMasterKey)) )
goto Ret;
}
// if user default is silent, don't bother user
switch(dwChosenConfirm)
{
// if no confirm
case BP_CONFIRM_NONE:
break;
// if we know the confirm type
case BP_CONFIRM_PASSWORDUI:
{
// make sure we're not asking the user for a password he can't satisfy
if (!FIsUserMasterKey(*ppszMasterKey))
{
hr = PST_E_NO_PERMISSIONS;
goto Ret;
}
// else fall through to prompting case
}
case BP_CONFIRM_OKCANCEL:
{
int i;
fPromptedUser = TRUE;
for(i=1; ; i++)
{
BYTE rgbOutPwdLowerCase[A_SHA_DIGEST_LEN];
// Request the user apply a new password
if (!FSimplifiedPasswordConfirm(
phPSTProv,
szUser,
szCallerName,
szType,
szSubtype,
szItemName,
psPrompt,
szAction,
ppszMasterKey,
&dwChosenConfirm,
TRUE, // user select which pwd
rgbOutPwd,
A_SHA_DIGEST_LEN,
rgbOutPwdLowerCase,
A_SHA_DIGEST_LEN,
dwFlags
))
{
hr = PST_E_NO_PERMISSIONS;
goto Ret;
}
// verify whatever password we got
if (PST_E_OK != (hr =
BPVerifyPwd(
phPSTProv,
szUser,
*ppszMasterKey,
rgbOutPwd,
dwChosenConfirm)) )
{
//
// try lower-case form to handle Win9x migration case.
//
if (PST_E_OK != (hr =
BPVerifyPwd(
phPSTProv,
szUser,
*ppszMasterKey,
rgbOutPwdLowerCase,
dwChosenConfirm)) )
{
// too many trials? break out of loop
if (i < MAX_PASSWD_TRIALS)
{
// notify user, give them another chance
NotifyOfWrongPassword((HWND)psPrompt->hwndApp, szItemName, *ppszMasterKey);
continue;
} else {
break; // break out
}
} else {
CopyMemory( rgbOutPwd, rgbOutPwdLowerCase, A_SHA_DIGEST_LEN );
}
}
// passed verify password test: break out of loop!
fPwdVerified = TRUE;
break;
}
if (!fPwdVerified)
{
hr = PST_E_NO_PERMISSIONS;
goto Ret;
}
}
}
// and remember the selections made
if (PST_E_OK != (hr =
BPSetItemConfirm(
phPSTProv,
szUser,
pguidType,
pguidSubtype,
szItemName,
dwChosenConfirm,
*ppszMasterKey)) )
goto Ret;
// now, _this_ is the stored confirm
dwStoredConfirm = dwChosenConfirm;
}
else
{
// keep a copy of the stored key
LPWSTR szStoredMasterKey = (LPWSTR)SSAlloc(WSZ_BYTECOUNT(*ppszMasterKey));
if(NULL != szStoredMasterKey)
{
CopyMemory(szStoredMasterKey, *ppszMasterKey, WSZ_BYTECOUNT(*ppszMasterKey));
}
// we retrieved confirmation behavior
dwChosenConfirm = dwStoredConfirm; // already chosen for you
switch (dwStoredConfirm)
{
// if no confirm
case BP_CONFIRM_NONE:
break;
// if we know the confirm type
case BP_CONFIRM_PASSWORDUI:
{
// else fall through to prompting case
}
case BP_CONFIRM_OKCANCEL:
{
// retrieved item, must show ui, but not allowed to show ui
if (psPrompt->dwPromptFlags & PST_PF_NEVER_SHOW)
{
hr = ERROR_PASSWORD_RESTRICTION;
goto Ret;
}
// found that a pwd is req'd
fPromptedUser = TRUE;
fCacheItNow = fIsCached;
int i;
for(i=1; ; i++)
{
BYTE rgbOutPwdLowerCase[A_SHA_DIGEST_LEN];
// ask the user for it
if (!FSimplifiedPasswordConfirm(
phPSTProv,
szUser,
szCallerName,
szType,
szSubtype,
szItemName,
psPrompt,
szAction,
ppszMasterKey,
&dwChosenConfirm,
TRUE, // allow user to select pwd
rgbOutPwd,
A_SHA_DIGEST_LEN,
rgbOutPwdLowerCase,
A_SHA_DIGEST_LEN,
dwFlags
))
{
hr = PST_E_NO_PERMISSIONS;
goto Ret;
}
// if we got it from the cache and user left it alone
{
// verify whatever password we got
if (PST_E_OK != (hr =
BPVerifyPwd(
phPSTProv,
szUser,
*ppszMasterKey,
rgbOutPwd,
dwChosenConfirm)) )
{
//
// check lower case form.
//
if (PST_E_OK != (hr =
BPVerifyPwd(
phPSTProv,
szUser,
*ppszMasterKey,
rgbOutPwdLowerCase,
dwChosenConfirm)) )
{
// too many trials? break out of loop
if (i < MAX_PASSWD_TRIALS)
{
// notify user, give them another chance
NotifyOfWrongPassword((HWND)psPrompt->hwndApp, szItemName, *ppszMasterKey);
continue;
}
else
{
hr = PST_E_NO_PERMISSIONS;
goto Ret;
}
} else {
CopyMemory( rgbOutPwd, rgbOutPwdLowerCase, A_SHA_DIGEST_LEN );
}
}
fPwdVerified = TRUE;
}
// passed verify password test: break out of loop!
break;
}
break;
}
} // end switch
// have we received all data we need from the user?
// user may choose to change the way items are encrypted;
// if stored under password, we must make them enter the old pwd
if ((dwStoredConfirm != dwChosenConfirm) || // confirm type changed OR
(NULL == szStoredMasterKey) ||
(0 != wcscmp(*ppszMasterKey, szStoredMasterKey)) ) // difft master key
{
BYTE rgbOldPwd[A_SHA_DIGEST_LEN];
BOOL fDontAllowCache = FALSE;
BOOL fOldPwdVerified = FALSE;
PST_PROMPTINFO sGetOldPWPrompt = {sizeof(PST_PROMPTINFO), psPrompt->dwPromptFlags, psPrompt->hwndApp, g_PasswordSolicitOld};
// only re-display if originally passworded
if (dwStoredConfirm == BP_CONFIRM_PASSWORDUI)
{
for(int i=1; ; i++)
{
BYTE rgbOldPwdLowerCase[A_SHA_DIGEST_LEN];
// ask the user for it
if (!FSimplifiedPasswordConfirm(
phPSTProv,
szUser,
szCallerName,
szType,
szSubtype,
szItemName,
&sGetOldPWPrompt,
szAction,
&szStoredMasterKey,
&dwStoredConfirm,
FALSE, // don't allow user to get around this one
rgbOldPwd,
sizeof(rgbOldPwd),
rgbOldPwdLowerCase,
sizeof(rgbOldPwdLowerCase),
dwFlags
))
{
hr = PST_E_NO_PERMISSIONS;
goto Ret;
}
// verify whatever password we got
if (PST_E_OK != (hr =
BPVerifyPwd(
phPSTProv,
szUser,
szStoredMasterKey,
rgbOldPwd,
dwStoredConfirm)) )
{
if (PST_E_OK != (hr =
BPVerifyPwd(
phPSTProv,
szUser,
szStoredMasterKey,
rgbOldPwdLowerCase,
dwStoredConfirm)) )
{
// too many trials? break out of loop
if (i < MAX_PASSWD_TRIALS)
{
// notify user, give them another chance
NotifyOfWrongPassword((HWND)sGetOldPWPrompt.hwndApp, szItemName, szStoredMasterKey);
continue;
} else {
break; // break out
}
} else {
CopyMemory( rgbOldPwd, rgbOldPwdLowerCase, A_SHA_DIGEST_LEN );
}
}
// passed verify password test: break out of loop!
fOldPwdVerified = TRUE;
break;
}
if (!fOldPwdVerified)
{
hr = PST_E_NO_PERMISSIONS;
goto Ret;
}
}
else
{
// ok/cancel; silent pwd usage
// use VerifyPwd fxn to retrieve the pwd
if (PST_E_OK != (hr =
BPVerifyPwd(
phPSTProv,
szUser,
szStoredMasterKey,
rgbOldPwd,
dwStoredConfirm)) )
{
hr = PST_E_NO_PERMISSIONS;
goto Ret;
}
}
//////
// execute pwd change HERE
{
PBYTE pbData = NULL;
DWORD cbData;
// FBPGetSecuredItemData // decrypt data with old
if (!FBPGetSecuredItemData(
szUser,
szStoredMasterKey,
rgbOldPwd,
pguidType,
pguidSubtype,
szItemName,
&pbData,
&cbData))
{
hr = PST_E_STORAGE_ERROR;
goto Ret;
}
// FBPSetSecuredItemData // encrypt data with new
if (!FBPSetSecuredItemData(
szUser,
*ppszMasterKey,
rgbOutPwd,
pguidType,
pguidSubtype,
szItemName,
pbData,
cbData))
{
hr = PST_E_STORAGE_ERROR;
goto Ret;
}
if (pbData)
SSFree(pbData);
// BPSetItemConfirm // store new confirm type
if (PST_E_OK !=
BPSetItemConfirm(
phPSTProv,
szUser,
pguidType,
pguidSubtype,
szItemName,
dwChosenConfirm,
*ppszMasterKey))
{
hr = PST_E_STORAGE_ERROR;
goto Ret;
}
}
}
if (szStoredMasterKey)
{
SSFree(szStoredMasterKey);
szStoredMasterKey = NULL;
}
}
// verify whatever password we got if not yet verified
if (!fPwdVerified)
{
if (PST_E_OK != (hr =
BPVerifyPwd(
phPSTProv,
szUser,
*ppszMasterKey,
rgbOutPwd,
dwChosenConfirm)) )
goto Ret;
}
// Now correct pwd is in rgbOutPwd ALWAYS
// if we haven't prompted user and were supposed to
if (!fPromptedUser && (psPrompt->dwPromptFlags == PST_PF_ALWAYS_SHOW))
{
// we must've retrieved from cache OR Automagic WinPW
SS_ASSERT(fIsCached || (BP_CONFIRM_NONE == dwStoredConfirm));
BYTE rgbBarfPwd[A_SHA_DIGEST_LEN*2];
BYTE rgbBarfPwdLowerCase[A_SHA_DIGEST_LEN];
// haven't prompted user but must confirm
if (!FSimplifiedPasswordConfirm(
phPSTProv,
szUser,
szCallerName,
szType,
szSubtype,
szItemName,
psPrompt,
szAction,
ppszMasterKey,
&dwChosenConfirm,
FALSE,
rgbBarfPwd,
sizeof(rgbBarfPwd),
rgbBarfPwdLowerCase,
sizeof(rgbBarfPwdLowerCase),
dwFlags
) )
{
hr = PST_E_NO_PERMISSIONS;
goto Ret;
}
}
hr = PST_E_OK;
Ret:
if (szCallerName)
SSFree(szCallerName);
return hr;
}
HRESULT ShowOKCancelUI(
PST_PROVIDER_HANDLE* phPSTProv,
LPCWSTR szUser,
PST_KEY Key,
LPCWSTR szType,
LPCWSTR szSubtype,
LPCWSTR szItemName,
PPST_PROMPTINFO psPrompt,
LPCWSTR szAction)
{
BOOL fCache = FALSE;
BYTE rgbTrash[A_SHA_DIGEST_LEN*2];
BYTE rgbTrashLowerCase[A_SHA_DIGEST_LEN];
DWORD dwConfirmOptions = BP_CONFIRM_OKCANCEL;
LPWSTR szMasterKey = NULL;
LPWSTR szCallerName = NULL;
DWORD dwRet = PST_E_FAIL;
if (Key == PST_KEY_LOCAL_MACHINE)
{
// done
dwRet = PST_E_OK;
goto Ret;
}
szMasterKey = (LPWSTR)SSAlloc(sizeof(WSZ_NULLSTRING));
if(szMasterKey)
{
wcscpy(szMasterKey, WSZ_NULLSTRING);
}
if (!g_sCallbacks.pfnFGetCallerName(phPSTProv, &szCallerName, NULL))
goto Ret;
if (!FSimplifiedPasswordConfirm(
phPSTProv,
szUser,
szCallerName,
szType,
szSubtype,
szItemName,
psPrompt,
szAction,
&szMasterKey,
&dwConfirmOptions,
FALSE,
rgbTrash,
sizeof(rgbTrash),
rgbTrashLowerCase,
sizeof(rgbTrashLowerCase),
0
) )
goto Ret;
dwRet = PST_E_OK;
Ret:
if (szCallerName)
SSFree(szCallerName);
if (szMasterKey)
SSFree(szMasterKey);
return dwRet;
}