archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-server-2003/ds/security/base/itgras/itgrasxp.cpp

354 lines
11 KiB
Raw Permalink Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (c) 2001 Microsoft Corporation
  5. Module Name:
  7. ItgRasXp
  9. File Name:
  11. ItgRasXp.cpp
  13. Abstract:
  15. This is the entry point file for the ITG RAS Smartcard Support Applet. This app
  16. prompts the user for his domain\username and password credentials, and uses
  17. these to create a *Session credential that is used for NTLM authentication for
  18. servers on the network which do not use Kerberos.
  20. Author:
  23. Environment:
  25. Win32, C++
  27. Revision History:
  29. none
  31. Notes:
  33. --*/
  35. #include <nt.h>
  36. #include <ntrtl.h>
  37. #include <nturtl.h>
  39. #include <windows.h>
  40. #include <commdlg.h>
  41. #include <commctrl.h>
  42. #include <ole2.h>
  43. #include <stdio.h>
  45. #include <lmcons.h>
  46. #include <wincred.h>
  47. #include <wincrui.h>
  49. #define SECURITY_WIN32
  50. #include <security.h>
  51. #include "testaudit.h"
  53. #include "res.h"
  55. BOOL gfSuccess = FALSE;
  56. HINSTANCE ghInstance = NULL;
  58. #if 0
  60. #define TESTKEY L"Environment"
  62. #else
  64. #define TESTKEY L"Software\\Microsoft\\Connection Manager\\Worldwide Dial-Up RAS to MS Corp"
  66. #endif
  69. // see if name valid - check for common mistakes. At the moment, we merely insist that
  70. // the user fill in both username and password, and that the username contains the '\'
  71. // character, making it more likely that it is an approved domain\usernaem form.
  72. BOOL CheckUsername(WCHAR *pszUsername,WCHAR *pszPassword)
  73. {
  74. ASSERT(pszUsername);
  75. ASSERT(pszPassword);
  76. if ((0 == wcslen(pszUsername)) || (0 == wcslen(pszPassword)))
  77. {
  78. CHECKPOINT(2,"Username and password not both filled in.");
  79. MessageBox(NULL,L"Both username and password must be specified.",L"Error",MB_ICONHAND);
  80. return FALSE;
  81. }
  82. if (NULL == wcschr(pszUsername,L'\\'))
  83. {
  84. CHECKPOINT(3,"Username not domain\\username.");
  85. MessageBox(NULL,L"The username format must be \"domain\\username\".",L"Error",MB_ICONHAND);
  86. return FALSE;
  87. }
  88. else return TRUE;
  89. }
  91. // Attempt to use the credentials that the user entered and return FALSE if they do not
  92. // appear to be valid on the net. Show the user any errors that arise from trying to validate
  93. // his credentials. In the event that validation is impossible owing to a network error or some
  94. // other error not the fault of his credentials, save them anyway, though with a warning.
  96. #define DEFAULTSERVER L"\\\\products\\public"
  98. BOOL IsCredentialOK(WCHAR *pszUsername,WCHAR *pszPassword)
  99. {
  100. ASSERT(pszUsername);
  101. ASSERT(pszPassword);
  102. NETRESOURCE stNetResource;
  103. WCHAR szServer[MAX_PATH + 1]; // to hold test host string from registry
  104. BOOL fKeyFound = FALSE;
  105. DWORD dwErr = 0;
  106. DWORD dwSize = 0; // for return from open connection
  107. DWORD dwResult = 0; // for return from open connection
  108. HKEY hKey= NULL; // reg key rread
  109. DWORD dwType; // reg key read return
  110. DWORD dwDataSize = 0; // reg key read in/out
  112. memset(&stNetResource,0,sizeof(NETRESOURCE));
  114. // prepare the servername preset to the default
  115. wcsncpy(szServer,DEFAULTSERVER,MAX_PATH);
  117. // Look for server in registry HKCU. If found, use it to overwrite the default server
  118. if ((!fKeyFound) && (ERROR_SUCCESS == RegOpenKeyEx(HKEY_CURRENT_USER,TESTKEY,0,KEY_READ,&hKey)))
  119. {
  120. if ((hKey) && (ERROR_SUCCESS == RegQueryValueEx(hKey,L"RAS Test Host",0,&dwType,(LPBYTE) NULL,&dwDataSize)))
  121. {
  122. // key value exists and is of size dwDataSize
  123. WCHAR *pString = (WCHAR *) LocalAlloc(LMEM_FIXED,dwDataSize);
  124. ASSERT(pString);
  125. ASSERT(dwType == REG_SZ);
  126. if (pString)
  127. {
  128. if (ERROR_SUCCESS == RegQueryValueEx(hKey,L"RAS Test Host",0,&dwType,(LPBYTE) pString,&dwDataSize))
  129. {
  130. CHECKPOINT(9,"Override server found in registry in HKCU");
  131. wcsncpy(szServer,pString,dwDataSize / sizeof(WCHAR));
  132. fKeyFound = TRUE;
  133. }
  134. LocalFree(pString);
  135. }
  136. }
  137. RegCloseKey(hKey);
  138. hKey = NULL;
  139. }
  141. // Look for server in registry HKLM.
  142. if ((!fKeyFound) && (ERROR_SUCCESS == RegOpenKeyEx(HKEY_LOCAL_MACHINE,TESTKEY,0,KEY_READ,&hKey)))
  143. {
  144. if ((hKey) && (ERROR_SUCCESS == RegQueryValueEx(hKey,L"RAS Test Host",0,&dwType,(LPBYTE) NULL,&dwDataSize)))
  145. {
  146. // key value exists and is of size dwDataSize
  147. WCHAR *pString = (WCHAR *) LocalAlloc(LMEM_FIXED,dwDataSize);
  148. ASSERT(pString);
  149. ASSERT(dwType == REG_SZ);
  150. if (pString)
  151. {
  152. if (ERROR_SUCCESS == RegQueryValueEx(hKey,L"RAS Test Host",0,&dwType,(LPBYTE) pString,&dwDataSize))
  153. {
  154. CHECKPOINT(8,"Override server found in registry in HKLM");
  155. wcsncpy(szServer,pString,dwDataSize / sizeof(WCHAR));
  156. fKeyFound = TRUE;
  157. }
  158. LocalFree(pString);
  159. }
  160. }
  161. RegCloseKey(hKey);
  162. hKey = NULL;
  163. }
  165. #if TESTAUDIT
  166. if (!fKeyFound) CHECKPOINT(10,"No override server found in registry");
  167. #endif
  169. stNetResource.dwType = RESOURCETYPE_DISK;
  170. stNetResource.lpLocalName = NULL;
  171. stNetResource.lpRemoteName = szServer;
  172. stNetResource.lpProvider = NULL;
  174. dwErr = WNetUseConnection( NULL,
  175. &stNetResource,
  176. pszPassword,
  177. pszUsername,
  178. 0,
  179. NULL, // lpAccessName
  180. &dwSize, // size of lpAccessName buffer
  181. &dwResult);
  183. if (dwErr == S_OK)
  184. {
  185. // On successful connection, tear down the connection and return success
  186. WNetCancelConnection2(szServer, 0, TRUE);
  187. return TRUE;
  188. }
  190. // Errors are handled by presenting a message box. If the server was found and rejected
  191. // the creds, don't save them - give the user a chance to correct. If the server was
  192. // unavailable, save the creds anyway, but warn the user that they were unvalidated.
  193. switch (dwErr)
  194. {
  195. case ERROR_ACCESS_DENIED:
  196. case ERROR_INVALID_PASSWORD:
  197. // announce that the password is no good
  198. CHECKPOINT(7,"Reached the server, but the creds were no good");
  199. MessageBox(NULL,L"The entered username and password are not correct",L"Error",MB_ICONHAND);
  200. break;
  202. case ERROR_NO_NET_OR_BAD_PATH:
  203. case ERROR_NO_NETWORK:
  204. case ERROR_EXTENDED_ERROR:
  205. case ERROR_BAD_NET_NAME:
  206. case ERROR_BAD_PROVIDER:
  207. default:
  208. CHECKPOINT(6,"Not able to validate - server unreachable");
  209. MessageBox(NULL,L"Your username and password will be saved for this session, though they could not be verified. They may be incorrect.",L"Error",MB_ICONHAND);
  210. return TRUE; // permit them to be saved anyway
  211. // announce that we cannot validate, and let them save it anyway
  212. break;
  214. }
  215. return FALSE;
  216. }
  218. // Store the user's entered credentials on the keyring as a session persisted *Session cred.
  219. // Call IsCredentialOK() before storing. If the credentials don't appear correct, present
  220. // a message box describing the error and leave the dialog up.
  222. BOOL WriteDomainCreds(WCHAR *pszUsername,WCHAR *pszPassword)
  223. {
  224. CREDENTIAL cred;
  226. if (!CheckUsername(pszUsername,pszPassword))
  227. {
  228. return FALSE;
  229. }
  230. if (!IsCredentialOK(pszUsername,pszPassword))
  231. {
  232. return FALSE;
  233. }
  235. memset(&cred,0,sizeof(CREDENTIAL));
  236. cred.TargetName = CRED_SESSION_WILDCARD_NAME_W;
  237. cred.UserName = pszUsername;
  238. cred.CredentialBlob = (LPBYTE) pszPassword;
  239. cred.CredentialBlobSize = (wcslen(pszPassword) * sizeof(WCHAR));
  240. cred.Type = CRED_TYPE_DOMAIN_PASSWORD;
  241. cred.Persist = CRED_PERSIST_SESSION;
  242. return CredWrite(&cred,0);
  243. }
  245. INT_PTR CALLBACK DialogProc(
  246. HWND hwnd,
  247. UINT msg,
  248. WPARAM wparam,
  249. LPARAM lparam)
  250. {
  251. INT_PTR ret;
  252. HWND hwndCred = NULL;
  254. switch (msg)
  255. {
  256. case WM_COMMAND:
  257. // Button clicks.
  258. switch(LOWORD(wparam))
  259. {
  260. case IDOK:
  261. if (HIWORD(wparam) == BN_CLICKED)
  262. {
  263. WCHAR szUser[UNLEN + 1];
  264. WCHAR szPass[PWLEN + 1];
  265. szUser[0] = 0;
  266. szPass[0] = 0;
  267. HWND hCc = GetDlgItem(hwnd,IDC_CRED);
  268. ASSERT(hCc);
  269. Credential_GetUserName(hCc,szUser,UNLEN);
  270. Credential_GetPassword(hCc,szPass,PWLEN);
  271. // Get contents of the cred control controls and write the session cred
  272. gfSuccess = WriteDomainCreds(szUser,szPass);
  273. SecureZeroMemory(szPass,sizeof(szPass));
  274. if (gfSuccess)
  275. {
  276. EndDialog(hwnd,IDOK);
  277. }
  278. }
  279. break;
  280. case IDCANCEL:
  281. if (HIWORD(wparam) == BN_CLICKED)
  282. {
  283. CHECKPOINT(5,"Leave the dialog by cancel.");
  284. // Exit doing nothing
  285. EndDialog(hwnd,IDCANCEL);
  286. }
  287. break;
  288. default:
  289. break;
  290. }
  291. break;
  293. default:
  294. break;
  295. }
  296. //return DefWindowProc(hwnd, msg, wparam, lparam);
  297. return FALSE;
  298. }
  300. int WINAPI WinMain (
  301. HINSTANCE hInstance,
  302. HINSTANCE hPrevInstance,
  303. LPSTR lpszCmdParam,
  304. int nCmdShow)
  305. {
  306. CHECKPOINTINIT;
  307. ghInstance = hInstance;
  308. //OleInitialize(NULL);
  310. INITCOMMONCONTROLSEX stICC;
  311. BOOL fICC;
  312. stICC.dwSize = sizeof(INITCOMMONCONTROLSEX);
  313. stICC.dwICC = ICC_WIN95_CLASSES | ICC_STANDARD_CLASSES;
  314. fICC = InitCommonControlsEx(&stICC);
  316. // Silent fail if there is no preexisting cert credential.
  317. CREDENTIAL *pCred = NULL;
  318. BOOL fOK = CredRead(L"*Session",CRED_TYPE_DOMAIN_CERTIFICATE,0,&pCred);
  319. CredFree(pCred);
  320. if (!fOK)
  321. {
  322. CHECKPOINT(1,"No preexisting certificate cred for *Session");
  323. CHECKPOINTFINISH;
  324. return 1;
  325. }
  327. // Gen up credui
  328. if (!CredUIInitControls())
  329. {
  330. return 1;
  331. }
  333. // show the ui
  334. INT_PTR iErr = DialogBoxParam(
  335. hInstance,
  336. MAKEINTRESOURCE(IDD_MAINDIALOG),
  337. GetForegroundWindow(),
  338. DialogProc,
  339. NULL);
  341. if (iErr != IDOK && iErr != IDCANCEL)
  342. {
  343. MessageBox(NULL,L"An error occurred saving credential information.",L"Error",MB_OK);
  344. CHECKPOINTFINISH;
  345. return 0;
  346. }
  347. else
  348. {
  349. CHECKPOINT(4,"Sucessfully saved a cred.");
  350. CHECKPOINTFINISH;
  351. return 1;
  352. }
  353. }