14 Sep
2014
14 Sep
'14
7:40 p.m.
Author: tkreuzer
Date: Sun Sep 14 19:40:15 2014
New Revision: 64153
URL: http://svn.reactos.org/svn/reactos?rev=64153&view=rev
Log:
[KSECDD]
- Fix a typo in KsecQueryFileInformation
- Implement missing ioctls in KsecDeviceControl
- Support METHOD_OUT_DIRECT for IRP_MJ_DEVICE_CONTROL
- Add stubs for KsecEn/DecryptMemory
[ADVAPI32]
- Use ksecdd to handle SystemFunction040 (RtlEncryptMemory) and SystemFunction041
(RtlDecryptMemory) (they still do nothing, but at least they do it in kenrnel mode now
;-))
Added:
trunk/reactos/drivers/crypto/ksecdd/crypt.c (with props)
Modified:
trunk/reactos/dll/win32/advapi32/CMakeLists.txt
trunk/reactos/dll/win32/advapi32/misc/dllmain.c
trunk/reactos/dll/win32/advapi32/misc/sysfunc.c
trunk/reactos/drivers/crypto/ksecdd/CMakeLists.txt
trunk/reactos/drivers/crypto/ksecdd/dispatch.c
trunk/reactos/drivers/crypto/ksecdd/ksecdd.h
trunk/reactos/include/reactos/drivers/ksecdd/ksecioctl.h
Modified: trunk/reactos/dll/win32/advapi32/CMakeLists.txt
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/advapi32/CMakeLi…
==============================================================================
--- trunk/reactos/dll/win32/advapi32/CMakeLists.txt [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/advapi32/CMakeLists.txt [iso-8859-1] Sun Sep 14 19:40:15 2014
@@ -8,6 +8,7 @@
include_directories(
${REACTOS_SOURCE_DIR}/include/reactos/idl
+ ${REACTOS_SOURCE_DIR}/include/reactos/drivers/ksecdd
${REACTOS_SOURCE_DIR}/lib/cryptlib
${CMAKE_CURRENT_BINARY_DIR})
Modified: trunk/reactos/dll/win32/advapi32/misc/dllmain.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/advapi32/misc/dl…
==============================================================================
--- trunk/reactos/dll/win32/advapi32/misc/dllmain.c [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/advapi32/misc/dllmain.c [iso-8859-1] Sun Sep 14 19:40:15 2014
@@ -14,6 +14,7 @@
extern BOOL RegInitialize(VOID);
extern BOOL RegCleanup(VOID);
extern VOID UnloadNtMarta(VOID);
+extern VOID CloseKsecDdHandle(VOID);
BOOL
WINAPI
@@ -33,6 +34,7 @@
CloseLogonLsaHandle();
RegCleanup();
UnloadNtMarta();
+ CloseKsecDdHandle();
break;
}
Modified: trunk/reactos/dll/win32/advapi32/misc/sysfunc.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/advapi32/misc/sy…
==============================================================================
--- trunk/reactos/dll/win32/advapi32/misc/sysfunc.c [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/advapi32/misc/sysfunc.c [iso-8859-1] Sun Sep 14 19:40:15 2014
@@ -12,9 +12,15 @@
*/
#include <advapi32.h>
+#include <ksecioctl.h>
#include <md4.h>
#include <md5.h>
#include <rc4.h>
+
+/* FIXME: this should be in some shared header */
+#define RTL_ENCRYPT_OPTION_SAME_PROCESS 0
+#define RTL_ENCRYPT_OPTION_CROSS_PROCESS 1
+#define RTL_ENCRYPT_OPTION_SAME_LOGON 2
static const unsigned char CRYPT_LMhash_Magic[8] =
{ 'K', 'G', 'S', '!', '@', '#',
'$', '%' };
@@ -615,6 +621,93 @@
return TRUE;
}
+HANDLE KsecDeviceHandle;
+
+static
+NTSTATUS
+KsecOpenDevice()
+{
+ UNICODE_STRING DeviceName = RTL_CONSTANT_STRING(L"\\Device\\KsecDD");
+ OBJECT_ATTRIBUTES ObjectAttributes;
+ IO_STATUS_BLOCK IoStatusBlock;
+ HANDLE DeviceHandle;
+ NTSTATUS Status;
+
+ InitializeObjectAttributes(&ObjectAttributes,
+ &DeviceName,
+ 0x18,
+ NULL,
+ NULL);
+ Status = NtOpenFile(&DeviceHandle,
+ 0x100001,
+ &ObjectAttributes,
+ &IoStatusBlock,
+ FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE,
+ FILE_SYNCHRONOUS_IO_NONALERT);
+ if (!NT_SUCCESS(Status))
+ {
+ return Status;
+ }
+
+ if (InterlockedCompareExchangePointer(&KsecDeviceHandle, DeviceHandle, NULL) !=
NULL)
+ {
+ NtClose(DeviceHandle);
+ }
+
+ return STATUS_SUCCESS;
+}
+
+VOID
+CloseKsecDdHandle(VOID)
+{
+ /* Check if we already opened a handle to ksecdd */
+ if (KsecDeviceHandle != NULL)
+ {
+ /* Close it */
+ CloseHandle(KsecDeviceHandle);
+ KsecDeviceHandle = NULL;
+ }
+}
+
+static
+NTSTATUS
+KsecDeviceIoControl(
+ ULONG IoControlCode,
+ PVOID InputBuffer,
+ SIZE_T InputBufferLength,
+ PVOID OutputBuffer,
+ SIZE_T OutputBufferLength)
+{
+ IO_STATUS_BLOCK IoStatusBlock;
+ NTSTATUS Status;
+
+ /* Check if we already have a handle */
+ if (KsecDeviceHandle == NULL)
+ {
+ /* Try to open the device */
+ Status = KsecOpenDevice();
+ if (!NT_SUCCESS(Status))
+ {
+ //ERR("Failed to open handle to KsecDd driver!\n");
+ return Status;
+ }
+ }
+
+ /* Call the driver */
+ Status = NtDeviceIoControlFile(KsecDeviceHandle,
+ NULL,
+ NULL,
+ NULL,
+ &IoStatusBlock,
+ IoControlCode,
+ InputBuffer,
+ InputBufferLength,
+ OutputBuffer,
+ OutputBufferLength);
+
+ return Status;
+}
+
/*
These functions have nearly identical prototypes to CryptProtectMemory and
CryptUnprotectMemory,
in crypt32.dll.
@@ -642,10 +735,36 @@
* If flags are specified when encrypting, the same flag value must be given
* when decrypting the memory.
*/
-NTSTATUS WINAPI SystemFunction040(PVOID memory, ULONG length, ULONG flags)
-{
+NTSTATUS
+WINAPI
+SystemFunction040(
+ _Inout_ PVOID Memory,
+ _In_ ULONG MemoryLength,
+ _In_ ULONG OptionFlags)
+{
+ ULONG IoControlCode;
+
//FIXME("(%p, %x, %x): stub [RtlEncryptMemory]\n", memory, length, flags);
return STATUS_SUCCESS;
+
+ if (OptionFlags == RTL_ENCRYPT_OPTION_SAME_PROCESS)
+ {
+ IoControlCode = IOCTL_KSEC_ENCRYPT_SAME_PROCESS;
+ }
+ else if (OptionFlags == RTL_ENCRYPT_OPTION_CROSS_PROCESS)
+ {
+ IoControlCode = IOCTL_KSEC_ENCRYPT_CROSS_PROCESS;
+ }
+ else if (OptionFlags == RTL_ENCRYPT_OPTION_SAME_LOGON)
+ {
+ IoControlCode = IOCTL_KSEC_ENCRYPT_SAME_LOGON;
+ }
+ else
+ {
+ return STATUS_INVALID_PARAMETER;
+ }
+
+ return KsecDeviceIoControl(IoControlCode, Memory, MemoryLength, Memory, MemoryLength);
}
/******************************************************************************
@@ -670,10 +789,36 @@
* If flags are specified when encrypting, the same flag value must be given
* when decrypting the memory.
*/
-NTSTATUS WINAPI SystemFunction041(PVOID memory, ULONG length, ULONG flags)
-{
+NTSTATUS
+WINAPI
+SystemFunction041(
+ _Inout_ PVOID Memory,
+ _In_ ULONG MemoryLength,
+ _In_ ULONG OptionFlags)
+{
+ ULONG IoControlCode;
+
//FIXME("(%p, %x, %x): stub [RtlDecryptMemory]\n", memory, length, flags);
return STATUS_SUCCESS;
+
+ if (OptionFlags == RTL_ENCRYPT_OPTION_SAME_PROCESS)
+ {
+ IoControlCode = IOCTL_KSEC_DECRYPT_SAME_PROCESS;
+ }
+ else if (OptionFlags == RTL_ENCRYPT_OPTION_CROSS_PROCESS)
+ {
+ IoControlCode = IOCTL_KSEC_DECRYPT_CROSS_PROCESS;
+ }
+ else if (OptionFlags == RTL_ENCRYPT_OPTION_SAME_LOGON)
+ {
+ IoControlCode = IOCTL_KSEC_DECRYPT_SAME_LOGON;
+ }
+ else
+ {
+ return STATUS_INVALID_PARAMETER;
+ }
+
+ return KsecDeviceIoControl(IoControlCode, Memory, MemoryLength, Memory, MemoryLength);
}
/* EOF */
Modified: trunk/reactos/drivers/crypto/ksecdd/CMakeLists.txt
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/crypto/ksecdd/CMak…
==============================================================================
--- trunk/reactos/drivers/crypto/ksecdd/CMakeLists.txt [iso-8859-1] (original)
+++ trunk/reactos/drivers/crypto/ksecdd/CMakeLists.txt [iso-8859-1] Sun Sep 14 19:40:15
2014
@@ -8,6 +8,7 @@
list(APPEND SOURCE
ksecdd.c
dispatch.c
+ crypt.c
random.c
stubs.c
ksecdd.rc
Added: trunk/reactos/drivers/crypto/ksecdd/crypt.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/crypto/ksecdd/cryp…
==============================================================================
--- trunk/reactos/drivers/crypto/ksecdd/crypt.c (added)
+++ trunk/reactos/drivers/crypto/ksecdd/crypt.c [iso-8859-1] Sun Sep 14 19:40:15 2014
@@ -0,0 +1,31 @@
+/*
+ * PROJECT: ReactOS Drivers
+ * COPYRIGHT: See COPYING in the top level directory
+ * PURPOSE: Kernel Security Support Provider Interface Driver
+ *
+ * PROGRAMMERS: Timo Kreuzer (timo.kreuzer(a)reactos.org)
+ */
+
+/* INCLUDES *******************************************************************/
+
+#include "ksecdd.h"
+
+NTSTATUS
+NTAPI
+KsecEncryptMemory (
+ _Inout_ PVOID Buffer,
+ _In_ ULONG Length,
+ _In_ ULONG OptionFlags)
+{
+ return STATUS_SUCCESS;
+}
+
+NTSTATUS
+NTAPI
+KsecDecryptMemory (
+ _Inout_ PVOID Buffer,
+ _In_ ULONG Length,
+ _In_ ULONG OptionFlags)
+{
+ return STATUS_SUCCESS;
+}
Propchange: trunk/reactos/drivers/crypto/ksecdd/crypt.c
------------------------------------------------------------------------------
svn:eol-style = native
Modified: trunk/reactos/drivers/crypto/ksecdd/dispatch.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/crypto/ksecdd/disp…
==============================================================================
--- trunk/reactos/drivers/crypto/ksecdd/dispatch.c [iso-8859-1] (original)
+++ trunk/reactos/drivers/crypto/ksecdd/dispatch.c [iso-8859-1] Sun Sep 14 19:40:15 2014
@@ -33,7 +33,7 @@
}
/* Validate buffer size */
- if (*BufferLength >= sizeof(FILE_STANDARD_INFORMATION))
+ if (*BufferLength < sizeof(FILE_STANDARD_INFORMATION))
{
*BufferLength = sizeof(FILE_STANDARD_INFORMATION);
return STATUS_INFO_LENGTH_MISMATCH;
@@ -92,7 +92,28 @@
{
NTSTATUS Status;
- Status = STATUS_SUCCESS;
+ if ((IoControlCode == IOCTL_KSEC_RANDOM_FILL_BUFFER) ||
+ (IoControlCode == IOCTL_KSEC_ENCRYPT_SAME_PROCESS) ||
+ (IoControlCode == IOCTL_KSEC_DECRYPT_SAME_PROCESS) ||
+ (IoControlCode == IOCTL_KSEC_ENCRYPT_CROSS_PROCESS) ||
+ (IoControlCode == IOCTL_KSEC_DECRYPT_CROSS_PROCESS) ||
+ (IoControlCode == IOCTL_KSEC_ENCRYPT_SAME_LOGON) ||
+ (IoControlCode == IOCTL_KSEC_DECRYPT_SAME_LOGON))
+ {
+ /* Make sure we have a valid output buffer */
+ if ((Buffer == NULL) || (OutputLength == NULL))
+ {
+ return STATUS_INVALID_PARAMETER;
+ }
+
+ /* Check if the input is smaller than the output */
+ if (InputLength < *OutputLength)
+ {
+ /* We might have uninitialized memory, zero it out */
+ RtlSecureZeroMemory((PUCHAR)Buffer + InputLength,
+ *OutputLength - InputLength);
+ }
+ }
/* Check ioctl code */
switch (IoControlCode)
@@ -105,6 +126,48 @@
case IOCTL_KSEC_RANDOM_FILL_BUFFER:
Status = KsecGenRandom(Buffer, *OutputLength);
+ break;
+
+ case IOCTL_KSEC_ENCRYPT_SAME_PROCESS:
+
+ Status = KsecEncryptMemory(Buffer,
+ *OutputLength,
+ RTL_ENCRYPT_OPTION_SAME_PROCESS);
+ break;
+
+ case IOCTL_KSEC_DECRYPT_SAME_PROCESS:
+
+ Status = KsecDecryptMemory(Buffer,
+ *OutputLength,
+ RTL_ENCRYPT_OPTION_SAME_PROCESS);
+ break;
+
+ case IOCTL_KSEC_ENCRYPT_CROSS_PROCESS:
+
+ Status = KsecEncryptMemory(Buffer,
+ *OutputLength,
+ RTL_ENCRYPT_OPTION_CROSS_PROCESS);
+ break;
+
+ case IOCTL_KSEC_DECRYPT_CROSS_PROCESS:
+
+ Status = KsecDecryptMemory(Buffer,
+ *OutputLength,
+ RTL_ENCRYPT_OPTION_CROSS_PROCESS);
+ break;
+
+ case IOCTL_KSEC_ENCRYPT_SAME_LOGON:
+
+ Status = KsecEncryptMemory(Buffer,
+ *OutputLength,
+ RTL_ENCRYPT_OPTION_SAME_LOGON);
+ break;
+
+ case IOCTL_KSEC_DECRYPT_SAME_LOGON:
+
+ Status = KsecDecryptMemory(Buffer,
+ *OutputLength,
+ RTL_ENCRYPT_OPTION_SAME_LOGON);
break;
default:
@@ -188,10 +251,30 @@
case IRP_MJ_DEVICE_CONTROL:
/* Extract the parameters */
- Buffer = Irp->AssociatedIrp.SystemBuffer;
InputLength =
IoStackLocation->Parameters.DeviceIoControl.InputBufferLength;
OutputLength =
IoStackLocation->Parameters.DeviceIoControl.OutputBufferLength;
IoControlCode =
IoStackLocation->Parameters.DeviceIoControl.IoControlCode;
+
+ /* Check for METHOD_OUT_DIRECT method */
+ if ((METHOD_FROM_CTL_CODE(IoControlCode) == METHOD_OUT_DIRECT) &&
+ (OutputLength != 0))
+ {
+ /* Use the provided MDL */
+ OutputLength = Irp->MdlAddress->ByteCount;
+ Buffer = MmGetSystemAddressForMdlSafe(Irp->MdlAddress,
+ NormalPagePriority);
+ if (Buffer == NULL)
+ {
+ Status = STATUS_INSUFFICIENT_RESOURCES;
+ Information = 0;
+ break;
+ }
+ }
+ else
+ {
+ /* Otherwise this is METHOD_BUFFERED, use the SystemBuffer */
+ Buffer = Irp->AssociatedIrp.SystemBuffer;
+ }
/* Call the internal function */
Status = KsecDeviceControl(IoControlCode,
@@ -205,6 +288,7 @@
DPRINT1("Unhandled major function %lu!\n",
IoStackLocation->MajorFunction);
ASSERT(FALSE);
+ return STATUS_INVALID_DEVICE_REQUEST;
}
/* Return the information */
Modified: trunk/reactos/drivers/crypto/ksecdd/ksecdd.h
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/drivers/crypto/ksecdd/ksec…
==============================================================================
--- trunk/reactos/drivers/crypto/ksecdd/ksecdd.h [iso-8859-1] (original)
+++ trunk/reactos/drivers/crypto/ksecdd/ksecdd.h [iso-8859-1] Sun Sep 14 19:40:15 2014
@@ -9,6 +9,26 @@
#define _NO_KSECDD_IMPORT_
#include <ntifs.h>
#include <ndk/extypes.h>
+#include <ndk/rtlfuncs.h>
+#include <ndk/lpcfuncs.h>
+#include <ndk/obfuncs.h>
+#include <ntstrsafe.h>
+
+#define STATUS_KSEC_INTERNAL_ERROR ((NTSTATUS)0x80090304)
+
+/* FIXME: this should be in some shared header */
+#define RTL_ENCRYPT_OPTION_SAME_PROCESS 0
+#define RTL_ENCRYPT_OPTION_CROSS_PROCESS 1
+#define RTL_ENCRYPT_OPTION_SAME_LOGON 2
+
+typedef struct _KSEC_CONNECTION_INFO
+{
+ ULONG Unknown0;
+ NTSTATUS Status;
+ ULONG_PTR Information;
+ CHAR ConnectionString[128];
+ ULONG Flags;
+} KSEC_CONNECTION_INFO;
#if defined(_M_IX86) || defined(_M_AMD64)
typedef struct _KSEC_MACHINE_SPECIFIC_COUNTERS
@@ -41,6 +61,9 @@
SYSTEM_PROCESS_INFORMATION SystemProcessInformation;
} KSEC_ENTROPY_DATA, *PKSEC_ENTROPY_DATA;
+extern PEPROCESS KsecLsaProcess;;
+extern HANDLE KsecLsaProcessHandle;
+
NTSTATUS
NTAPI
KsecDdDispatch(
@@ -54,3 +77,37 @@
PVOID Buffer,
SIZE_T Length);
+NTSTATUS
+NTAPI
+KsecEncryptMemory (
+ _Inout_ PVOID Buffer,
+ _In_ ULONG Length,
+ _In_ ULONG OptionFlags);
+
+NTSTATUS
+NTAPI
+KsecDecryptMemory (
+ _Inout_ PVOID Buffer,
+ _In_ ULONG Length,
+ _In_ ULONG OptionFlags);
+
+NTSTATUS
+NTAPI
+KsecInitLsaMemory(VOID);
+
+///
+PVOID
+NTAPI
+PsGetProcessSecurityPort(
+ PEPROCESS Process);
+
+NTSTATUS
+NTAPI
+PsSetProcessSecurityPort(
+ PEPROCESS Process,
+ PVOID SecurityPort);
+
+HANDLE
+NTAPI
+PsGetCurrentThreadProcessId(VOID);
+
Modified: trunk/reactos/include/reactos/drivers/ksecdd/ksecioctl.h
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/include/reactos/drivers/ks…
==============================================================================
--- trunk/reactos/include/reactos/drivers/ksecdd/ksecioctl.h [iso-8859-1] (original)
+++ trunk/reactos/include/reactos/drivers/ksecdd/ksecioctl.h [iso-8859-1] Sun Sep 14
19:40:15 2014
@@ -15,11 +15,11 @@
CTL_CODE(FILE_DEVICE_KSEC, 0x02, METHOD_BUFFERED, FILE_ANY_ACCESS)
// 3: 0x39000E - called from SystemFunction040 aka RtlEncryptMemory with OptionFlags ==
0
-#define IOCTL_KSEC_ENCRYPT_PROCESS \
+#define IOCTL_KSEC_ENCRYPT_SAME_PROCESS \
CTL_CODE(FILE_DEVICE_KSEC, 0x03, METHOD_OUT_DIRECT, FILE_ANY_ACCESS)
// 4: 0x390012 - called from SystemFunction041 aka RtlDecryptMemory with OptionFlags ==
0
-#define IOCTL_KSEC_DECRYPT_PROCESS \
+#define IOCTL_KSEC_DECRYPT_SAME_PROCESS \
CTL_CODE(FILE_DEVICE_KSEC, 0x04, METHOD_OUT_DIRECT, FILE_ANY_ACCESS)
// 5: 0x390016 - called from SystemFunction040 aka RtlEncryptMemory with OptionFlags ==
1