[ADVAPI32][SERVICES] Pass encrypted passwords to the service manager.

- Encrypt passwords before passing them to the service manager. Right now, we are using a fixed encryption key. This will be fixed later. - Replace the calls to ZeroMemory which are used to wipe the password buffers by calls to SecureZeroMemory.
2025-08-03 18:06:04 +00:00 · 2018-09-18 21:33:29 +02:00 · 2018-09-18 21:33:29 +02:00 · e5fcda922b
commit e5fcda922b
parent da73c81259
2 changed files with 106 additions and 19 deletions
--- a/base/system/services/config.c
+++ b/base/system/services/config.c
@ -15,6 +15,20 @@
 #define NDEBUG
 #include <debug.h>

+struct ustring
+{
+    DWORD Length;
+    DWORD MaximumLength;
+    unsigned char *Buffer;
+};
+
+NTSTATUS
+WINAPI
+SystemFunction005(
+    const struct ustring *in,
+    const struct ustring *key,
+    struct ustring *out);
+

 /* FUNCTIONS *****************************************************************/

@ -684,17 +698,51 @@ ScmDecryptPassword(
    _In_ DWORD dwPasswordSize,
    _Out_ PWSTR *pClearTextPassword)
 {
+    struct ustring inData, keyData, outData;
+    PCHAR pszKey = "TestEncryptionKey";
    PWSTR pBuffer;
+    NTSTATUS Status;

-    /* Allocate a buffer for the decrypted password */
-    pBuffer = HeapAlloc(GetProcessHeap(), 0, dwPasswordSize);
+    inData.Length = dwPasswordSize;
+    inData.MaximumLength = inData.Length;
+    inData.Buffer = pPassword;
+
+    keyData.Length = strlen(pszKey);
+    keyData.MaximumLength = keyData.Length;
+    keyData.Buffer = (unsigned char *)pszKey;
+
+    outData.Length = 0;
+    outData.MaximumLength = 0;
+    outData.Buffer = NULL;
+
+    /* Get the required buffer size */
+    Status = SystemFunction005(&inData,
+                               &keyData,
+                               &outData);
+    if (Status != STATUS_BUFFER_TOO_SMALL)
+    {
+        DPRINT1("SystemFunction005 failed (Status 0x%08lx)\n", Status);
+        return RtlNtStatusToDosError(Status);
+    }
+
+    /* Allocate a buffer for the clear text password */
+    pBuffer = HeapAlloc(GetProcessHeap(), 0, outData.Length);
    if (pBuffer == NULL)
        return ERROR_OUTOFMEMORY;

+    outData.MaximumLength = outData.Length;
+    outData.Buffer = (unsigned char *)pBuffer;
+
    /* Decrypt the password */
-    CopyMemory(pBuffer,
-               pPassword,
-               dwPasswordSize);
+    Status = SystemFunction005(&inData,
+                               &keyData,
+                               &outData);
+    if (!NT_SUCCESS(Status))
+    {
+        DPRINT1("SystemFunction005 failed (Status 0x%08lx)\n", Status);
+        HeapFree(GetProcessHeap(), 0, pBuffer);
+        return RtlNtStatusToDosError(Status);
+    }

    *pClearTextPassword = pBuffer;