archive
/
windows-nt-4.0
mirror of https://github.com/lianthony/NT4.0
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Windows NT 4.0 source code leak
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
0 Tags
184 MiB
Tree: b4a8d373d8
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'b4a8d373d8'
${ noResults }
windows-nt-4.0/private/lsa/client/ssp/support.c

432 lines
9.2 KiB
Raw Normal View History

initial commit
4 years ago
  1. //+-----------------------------------------------------------------------
  2. //
  3. // Microsoft Windows
  4. //
  5. // Copyright (c) Microsoft Corporation 1992 - 1994
  6. //
  7. // File: support.cxx
  8. //
  9. // Contents: support routines for ksecdd.sys
  10. //
  11. //
  12. // History: 3-7-94 Created MikeSw
  13. //
  14. //------------------------------------------------------------------------
  16. #include <sspdrv.h>
  20. //
  21. // Global Variables:
  22. //
  25. BOOLEAN fInitialized = FALSE;
  30. SecurityFunctionTable SecTable = {SECURITY_SUPPORT_PROVIDER_INTERFACE_VERSION,
  31. EnumerateSecurityPackages,
  32. NULL, // LogonUser,
  33. AcquireCredentialsHandle,
  34. FreeCredentialsHandle,
  35. NULL, // QueryCredentialAttributes,
  36. InitializeSecurityContext,
  37. AcceptSecurityContext,
  38. CompleteAuthToken,
  39. DeleteSecurityContext,
  40. ApplyControlToken,
  41. QueryContextAttributes,
  42. ImpersonateSecurityContext,
  43. RevertSecurityContext,
  44. MakeSignature,
  45. VerifySignature,
  46. FreeContextBuffer,
  47. NULL, // QuerySecurityPackageInfo
  48. SealMessage,
  49. UnsealMessage
  50. };
  55. #pragma alloc_text(PAGE, SecAllocate)
  56. #pragma alloc_text(PAGE, SecFree)
  57. #pragma alloc_text(PAGE, IsOkayToExec)
  58. #pragma alloc_text(PAGE, InitSecurityInterfaceW)
  59. #pragma alloc_text(PAGE, MapSecurityError)
  60. #pragma alloc_text(PAGE, GetTokenBuffer)
  61. #pragma alloc_text(PAGE, GetSecurityToken)
  65. //+-------------------------------------------------------------------------
  66. //
  67. // Function: SecAllocate
  68. //
  69. // Synopsis:
  70. //
  71. // Effects:
  72. //
  73. // Arguments:
  74. //
  75. // Requires:
  76. //
  77. // Returns:
  78. //
  79. // Notes:
  80. //
  81. //
  82. //--------------------------------------------------------------------------
  85. VOID * SEC_ENTRY
  86. SecAllocate(ULONG cbMemory)
  87. {
  88. PAGED_CODE();
  89. return(ExAllocatePool(PagedPool, cbMemory));
  90. }
  94. //+-------------------------------------------------------------------------
  95. //
  96. // Function: SecFree
  97. //
  98. // Synopsis:
  99. //
  100. // Effects:
  101. //
  102. // Arguments:
  103. //
  104. // Requires:
  105. //
  106. // Returns:
  107. //
  108. // Notes:
  109. //
  110. //
  111. //--------------------------------------------------------------------------
  114. void SEC_ENTRY
  115. SecFree(PVOID pvMemory)
  116. {
  117. PAGED_CODE();
  118. ExFreePool(pvMemory);
  119. }
  123. //+-------------------------------------------------------------------------
  124. //
  125. // Function: IsOkayToExec
  126. //
  127. // Synopsis: Determines if it is okay to make a call to the SPM
  128. //
  129. // Effects: Binds if necessary to the SPM
  130. //
  131. // Arguments:
  132. //
  133. // Requires:
  134. //
  135. // Returns:
  136. //
  137. // Notes: uses IsSPMgrReady and InitState
  138. //
  139. //--------------------------------------------------------------------------
  140. SECURITY_STATUS
  141. IsOkayToExec(PClient * ppClient)
  142. {
  143. SECURITY_STATUS scRet;
  144. PClient pClient;
  146. PAGED_CODE();
  147. if (NT_SUCCESS(LocateClient(&pClient)))
  148. {
  149. if (ppClient)
  150. *ppClient = pClient;
  151. return(STATUS_SUCCESS);
  152. }
  153. scRet = CreateClient(&pClient);
  154. if (!NT_SUCCESS(scRet))
  155. {
  156. return(scRet);
  157. }
  158. if (ppClient)
  159. *ppClient = pClient;
  160. return(STATUS_SUCCESS);
  161. }
  166. //+-------------------------------------------------------------------------
  167. //
  168. // Function: InitSecurityInterfaceW
  169. //
  170. // Synopsis: returns function table of all the security function and,
  171. // more importantly, create a client session.
  172. //
  173. // Effects:
  174. //
  175. // Arguments:
  176. //
  177. // Requires:
  178. //
  179. // Returns:
  180. //
  181. // Notes:
  182. //
  183. //--------------------------------------------------------------------------
  185. PSecurityFunctionTableW SEC_ENTRY
  186. InitSecurityInterfaceW(void)
  187. {
  188. SECURITY_STATUS scRet;
  190. PAGED_CODE();
  191. scRet = IsOkayToExec(NULL);
  192. if (!NT_SUCCESS(scRet))
  193. {
  194. DebugLog((DEB_ERROR, "Failed to init security interface: 0x%x\n",scRet));
  195. return(NULL);
  196. }
  197. return(&SecTable);
  198. }
  203. //+-------------------------------------------------------------------------
  204. //
  205. // Function: MapSecurityError
  206. //
  207. // Synopsis: maps a HRESULT from the security interface to a NTSTATUS
  208. //
  209. // Effects:
  210. //
  211. // Arguments:
  212. //
  213. // Requires:
  214. //
  215. // Returns:
  216. //
  217. // Notes:
  218. //
  219. //
  220. //--------------------------------------------------------------------------
  221. NTSTATUS SEC_ENTRY
  222. MapSecurityError(HRESULT Error)
  223. {
  224. PAGED_CODE();
  225. return((NTSTATUS) Error);
  226. }
  229. //+-------------------------------------------------------------------------
  230. //
  231. // Function: GetTokenBuffer
  232. //
  233. // Synopsis:
  234. //
  235. // This routine parses a Token Descriptor and pulls out the useful
  236. // information.
  237. //
  238. // Effects:
  239. //
  240. // Arguments:
  241. //
  242. // TokenDescriptor - Descriptor of the buffer containing (or to contain) the
  243. // token. If not specified, TokenBuffer and TokenSize will be returned
  244. // as NULL.
  245. //
  246. // BufferIndex - Index of the token buffer to find (0 for first, 1 for
  247. // second).
  248. //
  249. // TokenBuffer - Returns a pointer to the buffer for the token.
  250. //
  251. // TokenSize - Returns a pointer to the location of the size of the buffer.
  252. //
  253. // ReadonlyOK - TRUE if the token buffer may be readonly.
  254. //
  255. // Requires:
  256. //
  257. // Returns:
  258. //
  259. // TRUE - If token buffer was properly found.
  260. //
  261. // Notes:
  262. //
  263. //
  264. //--------------------------------------------------------------------------
  267. BOOLEAN
  268. GetTokenBuffer(
  269. IN PSecBufferDesc TokenDescriptor OPTIONAL,
  270. IN ULONG BufferIndex,
  271. OUT PVOID * TokenBuffer,
  272. OUT PULONG TokenSize,
  273. IN BOOLEAN ReadonlyOK
  274. )
  275. {
  276. ULONG i, Index = 0;
  278. PAGED_CODE();
  280. //
  281. // If there is no TokenDescriptor passed in,
  282. // just pass out NULL to our caller.
  283. //
  285. if ( !ARGUMENT_PRESENT( TokenDescriptor) ) {
  286. *TokenBuffer = NULL;
  287. *TokenSize = 0;
  288. return TRUE;
  289. }
  291. //
  292. // Check the version of the descriptor.
  293. //
  295. if ( TokenDescriptor->ulVersion != SECBUFFER_VERSION ) {
  296. return FALSE;
  297. }
  299. //
  300. // Loop through each described buffer.
  301. //
  303. for ( i=0; i<TokenDescriptor->cBuffers ; i++ ) {
  304. PSecBuffer Buffer = &TokenDescriptor->pBuffers[i];
  305. if ( (Buffer->BufferType & (~SECBUFFER_READONLY)) == SECBUFFER_TOKEN ) {
  307. //
  308. // If the buffer is readonly and readonly isn't OK,
  309. // reject the buffer.
  310. //
  312. if ( !ReadonlyOK && (Buffer->BufferType & SECBUFFER_READONLY) ) {
  313. return FALSE;
  314. }
  316. if (Index != BufferIndex)
  317. {
  318. Index++;
  319. continue;
  320. }
  322. //
  323. // Return the requested information
  324. //
  326. *TokenBuffer = Buffer->pvBuffer;
  327. *TokenSize = Buffer->cbBuffer;
  328. return TRUE;
  329. }
  331. }
  333. return FALSE;
  334. }
  336. //+-------------------------------------------------------------------------
  337. //
  338. // Function: GetSecurityToken
  339. //
  340. // Synopsis:
  341. // This routine parses a Token Descriptor and pulls out the useful
  342. // information.
  343. //
  344. // Effects:
  345. //
  346. // Arguments:
  347. // TokenDescriptor - Descriptor of the buffer containing (or to contain) the
  348. // token. If not specified, TokenBuffer and TokenSize will be returned
  349. // as NULL.
  350. //
  351. // BufferIndex - Index of the token buffer to find (0 for first, 1 for
  352. // second).
  353. //
  354. // TokenBuffer - Returns a pointer to the buffer for the token.
  355. //
  356. // Requires:
  357. //
  358. // Returns:
  359. //
  360. // TRUE - If token buffer was properly found.
  361. //
  362. // Notes:
  363. //
  364. //
  365. //--------------------------------------------------------------------------
  368. BOOLEAN
  369. GetSecurityToken(
  370. IN PSecBufferDesc TokenDescriptor OPTIONAL,
  371. IN ULONG BufferIndex,
  372. OUT PSecBuffer * TokenBuffer
  373. )
  374. {
  375. ULONG i;
  376. ULONG Index = 0;
  378. PAGED_CODE();
  380. //
  381. // If there is no TokenDescriptor passed in,
  382. // just pass out NULL to our caller.
  383. //
  385. if ( !ARGUMENT_PRESENT( TokenDescriptor) ) {
  386. *TokenBuffer = NULL;
  387. return TRUE;
  388. }
  390. //
  391. // Check the version of the descriptor.
  392. //
  394. if ( TokenDescriptor->ulVersion != SECBUFFER_VERSION ) {
  395. return FALSE;
  396. }
  398. //
  399. // Loop through each described buffer.
  400. //
  402. for ( i=0; i<TokenDescriptor->cBuffers ; i++ ) {
  403. PSecBuffer Buffer = &TokenDescriptor->pBuffers[i];
  404. if ( (Buffer->BufferType & (~SECBUFFER_READONLY)) == SECBUFFER_TOKEN ) {
  406. //
  407. // If the buffer is readonly and readonly isn't OK,
  408. // reject the buffer.
  409. //
  411. if ( Buffer->BufferType & SECBUFFER_READONLY ) {
  412. return FALSE;
  413. }
  415. if (Index != BufferIndex)
  416. {
  417. Index++;
  418. continue;
  419. }
  420. //
  421. // Return the requested information
  422. //
  424. *TokenBuffer = Buffer;
  425. return TRUE;
  426. }
  428. }
  430. return FALSE;
  431. }