01/01: [ADVAPI32][SERVICES] Use the session key provided by SystemFunction028 to encrypt and decrypt the service passwords. - Ros-diffs

19 Sep 2018

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=76588be0d1a4b271dc489a...
commit 76588be0d1a4b271dc489a838967bee0a45f4c99
Author:     Eric Kohl eric.kohl@reactos.org
AuthorDate: Wed Sep 19 12:28:58 2018 +0200
Commit:     Eric Kohl eric.kohl@reactos.org
CommitDate: Wed Sep 19 12:30:33 2018 +0200
[ADVAPI32][SERVICES] Use the session key provided by SystemFunction028 to encrypt and decrypt the service passwords.
---
 base/system/services/config.c    | 20 +++++++++++++++++---
 dll/win32/advapi32/service/scm.c | 21 ++++++++++++++++++---
 2 files changed, 35 insertions(+), 6 deletions(-)

diff --git a/base/system/services/config.c b/base/system/services/config.c
index 4d1f2471c6..a4b809b76f 100644
--- a/base/system/services/config.c
+++ b/base/system/services/config.c
@@ -29,6 +29,11 @@ SystemFunction005(
     const struct ustring *key,
     struct ustring *out);
+NTSTATUS
+WINAPI
+SystemFunction028(
+    IN PVOID ContextHandle,
+    OUT LPBYTE SessionKey);
/* FUNCTIONS *****************************************************************/
@@ -699,17 +704,26 @@ ScmDecryptPassword(
     _Out_ PWSTR *pClearTextPassword)
 {
     struct ustring inData, keyData, outData;
-    PCHAR pszKey = "TestEncryptionKey";
+    BYTE SessionKey[16];
     PWSTR pBuffer;
     NTSTATUS Status;
+    /* Get the session key */
+    Status = SystemFunction028(NULL,
+                               SessionKey);
+    if (!NT_SUCCESS(Status))
+    {
+        DPRINT1("SystemFunction028 failed (Status 0x%08lx)\n", Status);
+        return RtlNtStatusToDosError(Status);
+    }
+
     inData.Length = dwPasswordSize;
     inData.MaximumLength = inData.Length;
     inData.Buffer = pPassword;
-    keyData.Length = strlen(pszKey);
+    keyData.Length = sizeof(SessionKey);
     keyData.MaximumLength = keyData.Length;
-    keyData.Buffer = (unsigned char *)pszKey;
+    keyData.Buffer = SessionKey;
outData.Length = 0;
     outData.MaximumLength = 0;
diff --git a/dll/win32/advapi32/service/scm.c b/dll/win32/advapi32/service/scm.c
index efa19f2b35..b28055a968 100644
--- a/dll/win32/advapi32/service/scm.c
+++ b/dll/win32/advapi32/service/scm.c
@@ -19,6 +19,12 @@ SystemFunction004(
     const struct ustring *key,
     struct ustring *out);
+NTSTATUS
+WINAPI
+SystemFunction028(
+    IN PVOID ContextHandle,
+    OUT LPBYTE SessionKey);
+
 /* FUNCTIONS *****************************************************************/
handle_t __RPC_USER
@@ -169,17 +175,26 @@ ScmEncryptPassword(
     _Out_ PDWORD pEncryptedPasswordSize)
 {
     struct ustring inData, keyData, outData;
-    PCHAR pszKey = "TestEncryptionKey";
+    BYTE SessionKey[16];
     PBYTE pBuffer;
     NTSTATUS Status;
+    /* Get the session key */
+    Status = SystemFunction028(NULL,
+                               SessionKey);
+    if (!NT_SUCCESS(Status))
+    {
+        ERR("SystemFunction028 failed (Status 0x%08lx)\n", Status);
+        return RtlNtStatusToDosError(Status);
+    }
+
     inData.Length = (wcslen(pClearTextPassword) + 1) * sizeof(WCHAR);
     inData.MaximumLength = inData.Length;
     inData.Buffer = (unsigned char *)pClearTextPassword;
-    keyData.Length = strlen(pszKey);
+    keyData.Length = sizeof(SessionKey);
     keyData.MaximumLength = keyData.Length;
-    keyData.Buffer = (unsigned char *)pszKey;
+    keyData.Buffer = SessionKey;
outData.Length = 0;
     outData.MaximumLength = 0;

    