archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-server-2003/ds/security/protocols/digest/user.cxx

701 lines
20 KiB
Raw Permalink Normal View History

commiting as it is
4 years ago
  1. //+-----------------------------------------------------------------------
  2. //
  3. // Microsoft Windows
  4. //
  5. // Copyright (c) Microsoft Corporation 2000
  6. //
  7. // File: user.cxx
  8. //
  9. // Contents: Context manipulation functions
  10. //
  11. //
  12. // History: KDamour 15Mar00 Derrived from NTLM context.cxx
  13. //
  14. //------------------------------------------------------------------------
  15. #include "global.h"
  17. // This list contains all of the User Contexts
  18. LIST_ENTRY l_UserCtxtList;
  20. // Lock for access to UserCtxtList
  21. RTL_CRITICAL_SECTION l_UserCtxtCritSect;
  24. // Indicate if completed Initialization of Credential Handler
  25. BOOL g_bUserContextInitialized = FALSE;
  29. //+--------------------------------------------------------------------
  30. //
  31. // Function: UserCtxtHandlerInit
  32. //
  33. // Synopsis: Initializes the context manager package
  34. //
  35. // Arguments: none
  36. //
  37. // Returns: NTSTATUS
  38. //
  39. // Notes: Called by SpInstanceInit
  40. //
  41. //---------------------------------------------------------------------
  42. NTSTATUS
  43. UserCtxtHandlerInit(VOID)
  44. {
  45. NTSTATUS Status = STATUS_SUCCESS;
  47. //
  48. // Initialize the Context list to be empty.
  49. //
  51. Status = RtlInitializeCriticalSection(&l_UserCtxtCritSect);
  52. if (!NT_SUCCESS(Status))
  53. {
  54. DebugLog((DEB_ERROR, "UserCtxtHandlerInit: Failed to initialize critsec 0x%x\n", Status));
  55. goto CleanUp;
  56. }
  58. InitializeListHead( &l_UserCtxtList );
  61. // Simple variable test to make sure all initialized;
  62. g_bUserContextInitialized = TRUE;
  64. CleanUp:
  66. return Status;
  67. }
  70. // Add a Context into the UserMode Context List
  71. NTSTATUS
  72. UserCtxtHandlerInsertCred(
  73. IN PDIGEST_USERCONTEXT pUserContext
  74. )
  75. {
  76. RtlEnterCriticalSection( &l_UserCtxtCritSect );
  77. DebugLog((DEB_TRACE, "UserCtxtHandlerRelease: (RefCount) linked 0x%x\n", pUserContext->LsaContext));
  78. InsertHeadList( &l_UserCtxtList, &pUserContext->Next );
  79. RtlLeaveCriticalSection( &l_UserCtxtCritSect );
  81. return STATUS_SUCCESS;
  82. }
  85. // Initialize a UserMode Context
  86. NTSTATUS NTAPI
  87. UserCtxtInit(
  88. PDIGEST_USERCONTEXT pContext
  89. )
  90. {
  92. NTSTATUS Status = STATUS_SUCCESS;
  94. DebugLog((DEB_TRACE_FUNC, "UserCtxtInit: Entering\n"));
  95. ASSERT(pContext);
  97. if (!pContext)
  98. {
  99. return STATUS_INVALID_PARAMETER;
  100. }
  102. ZeroMemory(pContext, sizeof(DIGEST_USERCONTEXT));
  104. DebugLog((DEB_TRACE_FUNC, "UserCtxtInit: Leaving \n"));
  105. return Status;
  106. }
  109. // Once done with a context - release the resouces
  110. NTSTATUS NTAPI
  111. UserCtxtFree(
  112. IN PDIGEST_USERCONTEXT pContext
  113. )
  114. {
  115. NTSTATUS Status = STATUS_SUCCESS;
  116. int i = 0;
  118. DebugLog((DEB_TRACE_FUNC, "UserCtxtFree: Entering with LSA context 0x%x\n", pContext->LsaContext));
  119. ASSERT(pContext);
  120. ASSERT(pContext->lReferences == 0);
  121. ASSERT(pContext->lReferenceHandles == 0);
  123. if (!pContext)
  124. {
  125. return STATUS_INVALID_PARAMETER;
  126. }
  128. if (pContext->ClientTokenHandle)
  129. {
  130. NTSTATUS IgnoreStatus;
  131. IgnoreStatus = NtClose(pContext->ClientTokenHandle);
  132. // ASSERT (NT_SUCCESS (IgnoreStatus));
  133. if (!NT_SUCCESS(IgnoreStatus))
  134. {
  135. DebugLog((DEB_ERROR, "UserCtxtFree: Could not Close the TokenHandle!!!!\n"));
  136. }
  137. pContext->ClientTokenHandle = NULL;
  138. }
  140. if (pContext->hSealCryptKey)
  141. {
  142. CryptDestroyKey( pContext->hSealCryptKey );
  143. pContext->hSealCryptKey = NULL;
  144. }
  146. if (pContext->hUnsealCryptKey)
  147. {
  148. CryptDestroyKey( pContext->hUnsealCryptKey );
  149. pContext->hUnsealCryptKey = NULL;
  150. }
  152. StringFree(&(pContext->strSessionKey));
  153. UnicodeStringFree(&(pContext->ustrAccountName));
  155. //
  156. // Values utilized in the Initial Digest Auth ChallResponse
  157. // Can be utilized for defaults in future MakeSignature/VerifySignature
  158. //
  159. for (i=0; i < MD5_AUTH_LAST; i++)
  160. {
  161. StringFree(&(pContext->strParam[i]));
  162. }
  164. DigestFreeMemory(pContext);
  166. DebugLog((DEB_TRACE_FUNC, "UserCtxtFree: Leaving\n"));
  167. return Status;
  168. }
  172. /*++
  174. Routine Description:
  176. This routine checks to see if the Context is for the specified
  177. Client Connection, and references the Context if it is valid.
  179. The caller may optionally request that the Context be
  180. removed from the list of valid Contexts - preventing future
  181. requests from finding this Context.
  183. Arguments:
  185. ContextHandle - Points to the ContextHandle of the Context
  186. to be referenced.
  188. DerefContext - This boolean value indicates whether the caller
  189. wants the Context to be removed from the list
  190. of Contexts. TRUE indicates the Context is to be removed.
  191. FALSE indicates the Context is not to be removed.
  194. Return Value:
  196. NULL - the Context was not found.
  198. Otherwise - returns a pointer to the referenced Context.
  200. --*/
  201. NTSTATUS NTAPI
  202. UserCtxtHandlerHandleToContext(
  203. IN ULONG_PTR ContextHandle,
  204. IN BOOLEAN fDerefContextHandle,
  205. IN BOOLEAN fRefContextHandle,
  206. OUT PDIGEST_USERCONTEXT *ppContext
  207. )
  208. {
  209. NTSTATUS Status = STATUS_SUCCESS;
  210. PLIST_ENTRY ListEntry = NULL;
  211. PDIGEST_USERCONTEXT pContext = NULL;
  213. ASSERT(!(fDerefContextHandle & fRefContextHandle)); // should not ref and deref at same time
  215. DebugLog((DEB_TRACE_FUNC, "UserCtxtHandlerHandleToContext: Entering\n" ));
  218. //
  219. // Acquire exclusive access to the Context list
  220. // For performance, this could be distributed into a set of CritSects for preventing contention
  221. //
  223. RtlEnterCriticalSection( &l_UserCtxtCritSect );
  225. //
  226. // Now walk the list of Contexts looking for a match.
  227. //
  229. for ( ListEntry = l_UserCtxtList.Flink;
  230. ListEntry != &l_UserCtxtList;
  231. ListEntry = ListEntry->Flink )
  232. {
  234. pContext = CONTAINING_RECORD( ListEntry, DIGEST_USERCONTEXT, Next );
  236. //
  237. // Found a match ... reference this Context
  238. // (if the Context is being removed, we would increment
  239. // and then decrement the reference, so don't bother doing
  240. // either - since they cancel each other out).
  241. //
  243. DebugLog((DEB_TRACE, "UserCtxtHandlerHandleToContext: Checking context %lx for userctxt %lx\n",
  244. pContext->LsaContext, ContextHandle ));
  246. if (pContext->LsaContext != ContextHandle)
  247. {
  248. continue;
  249. }
  252. // Called to dereference an application SecurityContext Handle
  253. if (fDerefContextHandle)
  254. {
  255. if (pContext->lReferenceHandles > 0)
  256. {
  257. pContext->lReferenceHandles--; // thread safe due to l_UserCtxtCritSect
  258. }
  259. else
  260. {
  261. DebugLog((DEB_ERROR, "UserCtxtHandlerHandleToContext: nonpositive App SecurityCtxt count Context = 0x%x, References = %ld, ReferenceHandles = %ld\n",
  262. pContext, pContext->lReferences, pContext->lReferenceHandles));
  263. Status = STATUS_OBJECT_NAME_NOT_FOUND;
  264. *ppContext = NULL;
  265. goto CleanUp;
  266. }
  267. }
  269. // Called to add in a Reference an application SecurityContext Handle
  270. if (fRefContextHandle)
  271. {
  272. pContext->lReferenceHandles++; // thread safe due to l_UserCtxtCritSect
  273. }
  275. DebugLog((DEB_TRACE, "UserCtxtHandlerHandleToContext: Context = 0x%x, References = %ld, ReferenceHandles = %ld\n",
  276. pContext, pContext->lReferences, pContext->lReferenceHandles));
  278. pContext->lReferences++; // reference counters are thread safe due to l_UserCtxtCritSect
  279. *ppContext = pContext;
  280. goto CleanUp;
  282. }
  284. //
  285. // No match found
  286. //
  288. DebugLog((DEB_WARN, "UserCtxtHandlerHandleToContext: Tried to reference unknown Context 0x%lx\n", ContextHandle ));
  289. Status = STATUS_OBJECT_NAME_NOT_FOUND;
  290. *ppContext = NULL;
  292. CleanUp:
  294. RtlLeaveCriticalSection( &l_UserCtxtCritSect );
  295. DebugLog((DEB_TRACE_FUNC, "UserCtxtHandlerHandleToContext: Leaving Status 0x%x\n", Status ));
  297. return(Status);
  298. }
  302. // Check the Creation time with the Current time.
  303. // If the difference is greater than the MAX allowed, Context is no longer valid
  304. BOOL
  305. UserCtxtHandlerTimeHasElapsed(
  306. PDIGEST_USERCONTEXT pContext)
  307. {
  308. UNREFERENCED_PARAMETER(pContext);
  310. return (FALSE); // no expiration at this time
  311. }
  315. //+--------------------------------------------------------------------
  316. //
  317. // Function: CtxtHandlerRelease
  318. //
  319. // Synopsis: Releases the Context by decreasing reference counter
  320. //
  321. // Arguments: pContext - pointer to credential to de-reference
  322. //
  323. // Returns: NTSTATUS
  324. //
  325. // Notes: Since multiple threads must wait for ownership
  326. // of a context, reference count must be either 0 (unused) or 1 (in process)
  327. //
  328. //---------------------------------------------------------------------
  329. NTSTATUS
  330. UserCtxtHandlerRelease(
  331. PDIGEST_USERCONTEXT pUserContext)
  332. {
  333. NTSTATUS Status = STATUS_SUCCESS;
  335. DebugLog((DEB_TRACE_FUNC, "UserCtxtHandlerRelease: Entering\n" ));
  337. ASSERT( pUserContext->lReferences > 0);
  339. //
  340. // Acquire exclusive access to the Context list
  341. // For performance, this could be distributed into a set of CritSects for preventing contention
  342. //
  344. RtlEnterCriticalSection( &l_UserCtxtCritSect );
  346. pUserContext->lReferences--;
  348. DebugLog((DEB_TRACE, "UserCtxtHandlerRelease: UserContextInit Context 0x%x references %ld\n",
  349. pUserContext->LsaContext, pUserContext->lReferences));
  351. //
  352. // If the count has dropped to zero for both application SecurityContext handles and internal SSP references
  353. // then delink from the list and free up context
  354. //
  356. if (!pUserContext->lReferences && !pUserContext->lReferenceHandles)
  357. {
  358. DebugLog((DEB_TRACE, "UserCtxtHandlerRelease: UserContextInit unlinked and freed userContext 0x%x\n", pUserContext));
  359. RemoveEntryList( &pUserContext->Next );
  360. Status = UserCtxtFree(pUserContext);
  361. if (!NT_SUCCESS (Status))
  362. {
  363. DebugLog((DEB_ERROR, "UserCtxtHandlerRelease: UserCtxtFree error 0x%x\n", Status));
  364. }
  365. }
  367. RtlLeaveCriticalSection( &l_UserCtxtCritSect );
  369. DebugLog((DEB_TRACE_FUNC, "UserCtxtHandlerRelease: Leaving Status 0x%x\n", Status ));
  371. return(Status);
  372. }
  375. // Following functions make use of the lock for insuring single threaded operation
  378. /*++
  380. RoutineDescription:
  382. Creates a new DACL for the token granting the server and client
  383. all access to the token.
  385. Arguments:
  387. Token - Handle to an impersonation token open for TOKEN_QUERY and
  388. WRITE_DAC
  390. Return Value:
  392. STATUS_INSUFFICIENT_RESOURCES - insufficient memory to complete
  393. the function.
  395. Errors from NtSetSecurityObject
  397. --*/
  398. NTSTATUS
  399. SspCreateTokenDacl(
  400. HANDLE Token
  401. )
  402. {
  403. NTSTATUS Status = STATUS_SUCCESS;
  404. PTOKEN_USER ProcessTokenUser = NULL;
  405. PTOKEN_USER ThreadTokenUser = NULL;
  406. PTOKEN_USER ImpersonationTokenUser = NULL;
  407. HANDLE ProcessToken = NULL;
  408. HANDLE ImpersonationToken = NULL;
  409. BOOL fInsertImpersonatingUser = FALSE;
  410. SID_IDENTIFIER_AUTHORITY NtAuthority = SECURITY_NT_AUTHORITY;
  411. ULONG AclLength = 0;
  412. PACL NewDacl = NULL;
  413. SECURITY_DESCRIPTOR SecurityDescriptor;
  415. BOOL fReleaseContextLock = FALSE;
  418. DebugLog((DEB_TRACE_FUNC, "SspCreateTokenDacl: Entering Token is 0x%x\n", Token));
  420. //
  421. // Build the two well known sids we need.
  422. //
  424. if (g_NtDigestGlobalLocalSystemSid == NULL || g_NtDigestGlobalAliasAdminsSid == NULL ) {
  426. RtlEnterCriticalSection(&l_UserCtxtCritSect);
  427. fReleaseContextLock = TRUE;
  429. if (g_NtDigestGlobalLocalSystemSid == NULL)
  430. {
  431. PSID pLocalSidSystem = NULL;
  432. DebugLog((DEB_TRACE, "SspCreateTokenDacl: Allocate and Init LocalSystem SID\n"));
  433. Status = RtlAllocateAndInitializeSid(
  434. &NtAuthority,
  435. 1,
  436. SECURITY_LOCAL_SYSTEM_RID,
  437. 0,0,0,0,0,0,0,
  438. &pLocalSidSystem
  439. );
  440. if (!NT_SUCCESS(Status))
  441. {
  442. DebugLog((DEB_ERROR, "SspCreateTokenDacl: RtlAllocateAndInitializeSid returns 0x%lx\n", Status ));
  443. goto Cleanup;
  444. }
  445. DebugLog((DEB_TRACE, "SspCreateTokenDacl: Allocate and Init LocalSystem SID DONE\n"));
  446. g_NtDigestGlobalLocalSystemSid = pLocalSidSystem;
  447. }
  449. if (g_NtDigestGlobalAliasAdminsSid == NULL)
  450. {
  451. PSID pLocalSidAdmins = NULL;
  453. DebugLog((DEB_TRACE, "SspCreateTokenDacl: Allocate and Init AliasAdmin SID\n"));
  454. Status = RtlAllocateAndInitializeSid(
  455. &NtAuthority,
  456. 2,
  457. SECURITY_BUILTIN_DOMAIN_RID,
  458. DOMAIN_ALIAS_RID_ADMINS,
  459. 0,0,0,0,0,0,
  460. &pLocalSidAdmins
  461. );
  462. if (!NT_SUCCESS(Status))
  463. {
  464. DebugLog((DEB_ERROR, "SspCreateTokenDacl, RtlAllocateAndInitializeSid returns 0x%lx\n", Status ));
  465. goto Cleanup;
  466. }
  468. DebugLog((DEB_TRACE, "SspCreateTokenDacl: Allocate and Init AliasAdmin SID DONE\n"));
  469. g_NtDigestGlobalAliasAdminsSid = pLocalSidAdmins;
  470. }
  472. RtlLeaveCriticalSection(&l_UserCtxtCritSect);
  473. fReleaseContextLock = FALSE;
  474. }
  476. //
  477. // it's possible that the current thread is impersonating a user.
  478. // if that's the case, get it's token user, and revert to insure we
  479. // can open the process token.
  480. //
  482. Status = NtOpenThreadToken(
  483. NtCurrentThread(),
  484. TOKEN_QUERY | TOKEN_IMPERSONATE,
  485. TRUE,
  486. &ImpersonationToken
  487. );
  489. if( NT_SUCCESS(Status) )
  490. {
  491. //
  492. // stop impersonating.
  493. //
  495. RevertToSelf();
  497. //
  498. // get the token user for the impersonating user.
  499. //
  500. Status = SspGetTokenUser(
  501. ImpersonationToken,
  502. &ImpersonationTokenUser
  503. );
  505. if (!NT_SUCCESS(Status))
  506. {
  507. DebugLog((DEB_ERROR, "SspCreateTokenDacl: SspGetTokenUser (1) returns 0x%lx\n", Status ));
  508. goto Cleanup;
  509. }
  510. }
  512. //
  513. // Open the process token to find out the user sid
  514. //
  516. Status = NtOpenProcessToken(
  517. NtCurrentProcess(),
  518. TOKEN_QUERY,
  519. &ProcessToken
  520. );
  522. if(!NT_SUCCESS(Status))
  523. {
  524. DebugLog((DEB_ERROR, "SspCreateTokenDacl: NtOpenProcessToken returns 0x%lx\n", Status ));
  525. goto Cleanup;
  526. }
  528. //
  529. // get the token user for the process token.
  530. //
  531. Status = SspGetTokenUser(
  532. ProcessToken,
  533. &ProcessTokenUser
  534. );
  536. if (!NT_SUCCESS(Status))
  537. {
  538. DebugLog((DEB_ERROR, "SspCreateTokenDacl: SspGetTokenUser (2) returns 0x%lx\n", Status ));
  539. goto Cleanup;
  540. }
  543. //
  544. // Now get the token user for the thread.
  545. //
  546. Status = SspGetTokenUser(
  547. Token,
  548. &ThreadTokenUser
  549. );
  551. if (!NT_SUCCESS(Status))
  552. {
  553. DebugLog((DEB_ERROR, "SspCreateTokenDacl: SspGetTokenUser (3) returns 0x%lx\n", Status ));
  554. goto Cleanup;
  555. }
  558. AclLength = 4 * sizeof( ACCESS_ALLOWED_ACE ) - 4 * sizeof( ULONG ) +
  559. RtlLengthSid( ProcessTokenUser->User.Sid ) +
  560. RtlLengthSid( ThreadTokenUser->User.Sid ) +
  561. RtlLengthSid( g_NtDigestGlobalLocalSystemSid ) +
  562. RtlLengthSid( g_NtDigestGlobalAliasAdminsSid ) +
  563. sizeof( ACL );
  565. //
  566. // determine if we need to add impersonation token sid onto the token Dacl.
  567. //
  569. if( ImpersonationTokenUser &&
  570. !RtlEqualSid( ImpersonationTokenUser->User.Sid, ProcessTokenUser->User.Sid ) &&
  571. !RtlEqualSid( ImpersonationTokenUser->User.Sid, ThreadTokenUser->User.Sid )
  572. )
  573. {
  574. AclLength += (sizeof(ACCESS_ALLOWED_ACE) - sizeof( ULONG )) +
  575. RtlLengthSid( ImpersonationTokenUser->User.Sid );
  577. fInsertImpersonatingUser = TRUE;
  578. }
  581. NewDacl = (PACL)DigestAllocateMemory(AclLength );
  583. if (NewDacl == NULL) {
  585. Status = STATUS_INSUFFICIENT_RESOURCES;
  586. DebugLog((DEB_ERROR, "SspCreateTokenDacl: NtLmallocate returns 0x%lx\n", NewDacl));
  587. goto Cleanup;
  588. }
  590. Status = RtlCreateAcl( NewDacl, AclLength, ACL_REVISION2 );
  591. ASSERT(NT_SUCCESS( Status ));
  593. Status = RtlAddAccessAllowedAce (
  594. NewDacl,
  595. ACL_REVISION2,
  596. TOKEN_ALL_ACCESS,
  597. ProcessTokenUser->User.Sid
  598. );
  599. ASSERT( NT_SUCCESS( Status ));
  601. Status = RtlAddAccessAllowedAce (
  602. NewDacl,
  603. ACL_REVISION2,
  604. TOKEN_ALL_ACCESS,
  605. ThreadTokenUser->User.Sid
  606. );
  607. ASSERT( NT_SUCCESS( Status ));
  609. if( fInsertImpersonatingUser )
  610. {
  611. Status = RtlAddAccessAllowedAce (
  612. NewDacl,
  613. ACL_REVISION2,
  614. TOKEN_ALL_ACCESS,
  615. ImpersonationTokenUser->User.Sid
  616. );
  617. ASSERT( NT_SUCCESS( Status ));
  618. }
  620. Status = RtlAddAccessAllowedAce (
  621. NewDacl,
  622. ACL_REVISION2,
  623. TOKEN_ALL_ACCESS,
  624. g_NtDigestGlobalAliasAdminsSid
  625. );
  626. ASSERT( NT_SUCCESS( Status ));
  628. Status = RtlAddAccessAllowedAce (
  629. NewDacl,
  630. ACL_REVISION2,
  631. TOKEN_ALL_ACCESS,
  632. g_NtDigestGlobalLocalSystemSid
  633. );
  634. ASSERT( NT_SUCCESS( Status ));
  636. Status = RtlCreateSecurityDescriptor (
  637. &SecurityDescriptor,
  638. SECURITY_DESCRIPTOR_REVISION
  639. );
  640. ASSERT( NT_SUCCESS( Status ));
  642. Status = RtlSetDaclSecurityDescriptor(
  643. &SecurityDescriptor,
  644. TRUE,
  645. NewDacl,
  646. FALSE
  647. );
  649. ASSERT( NT_SUCCESS( Status ));
  651. Status = NtSetSecurityObject(
  652. Token,
  653. DACL_SECURITY_INFORMATION,
  654. &SecurityDescriptor
  655. );
  657. ASSERT( NT_SUCCESS( Status ));
  660. Cleanup:
  662. if( fReleaseContextLock )
  663. RtlLeaveCriticalSection(&l_UserCtxtCritSect);
  665. if (ImpersonationToken != NULL)
  666. {
  667. //
  668. // put the thread token back if we were impersonating.
  669. //
  671. (void)SetThreadToken( NULL, ImpersonationToken );
  672. NtClose(ImpersonationToken);
  673. }
  675. if (ThreadTokenUser != NULL) {
  676. DigestFreeMemory( ThreadTokenUser );
  677. }
  679. if (ProcessTokenUser != NULL) {
  680. DigestFreeMemory( ProcessTokenUser );
  681. }
  683. if (ImpersonationTokenUser != NULL) {
  685. DigestFreeMemory( ImpersonationTokenUser );
  686. }
  688. if (NewDacl != NULL) {
  689. DigestFreeMemory( NewDacl );
  690. }
  692. if (ProcessToken != NULL)
  693. {
  694. NtClose(ProcessToken);
  695. }
  697. DebugLog((DEB_TRACE_FUNC, "SspCreateTokenDacl: Leaving Token is 0x%x\n", Token));
  699. return( Status );
  700. }