archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
4.9 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-server-2003/ds/security/protocols/kerberos/server/transit.cxx

764 lines
20 KiB
Raw Permalink Normal View History

commiting as it is
4 years ago
  1. //+-----------------------------------------------------------------------
  2. //
  3. // Microsoft Windows
  4. //
  5. // Copyright (c) Microsoft Corporation 1992 - 1997
  6. //
  7. // File: transit.cxx
  8. //
  9. // Contents: Code for compressing transitive realm list
  10. //
  11. //
  12. // History:
  13. //
  14. //------------------------------------------------------------------------
  15. #include "kdcsvr.hxx"
  16. #include <alloca.h>
  18. //+-----------------------------------------------------------------------
  19. //
  20. // Function: KerbAppendString
  21. //
  22. // Synopsis: Appends to unicode strings together and allocates the output
  23. //
  24. // Effects:
  25. //
  26. // Parameters: Output - Output appended String
  27. // InputTail - Trailing portion of input
  28. // InputHead - Head potion of input
  29. //
  30. //
  31. // Return:
  32. //
  33. // Notes:
  34. //
  35. //------------------------------------------------------------------------
  36. NTSTATUS
  37. KerbAppendString(
  38. OUT PUNICODE_STRING Output,
  39. IN PUNICODE_STRING InputTail,
  40. IN PUNICODE_STRING InputHead
  41. )
  42. {
  43. Output->Buffer = NULL;
  44. Output->Length = InputHead->Length + InputTail->Length;
  45. if ((InputHead->Buffer == NULL) && (InputTail->Buffer == NULL))
  46. {
  47. Output->MaximumLength = 0;
  48. return(STATUS_SUCCESS);
  49. }
  50. else
  51. {
  52. Output->MaximumLength = Output->Length + sizeof(WCHAR);
  53. }
  55. Output->Buffer = (LPWSTR) MIDL_user_allocate(Output->MaximumLength);
  56. if (Output->Buffer == NULL)
  57. {
  58. return(STATUS_INSUFFICIENT_RESOURCES);
  59. }
  61. RtlCopyMemory(
  62. Output->Buffer,
  63. InputHead->Buffer,
  64. InputHead->Length
  65. );
  66. RtlCopyMemory(
  67. Output->Buffer + InputHead->Length / sizeof(WCHAR),
  68. InputTail->Buffer,
  69. InputTail->Length
  70. );
  71. Output->Buffer[Output->Length/sizeof(WCHAR)] = L'\0';
  72. return(STATUS_SUCCESS);
  73. }
  76. typedef enum _KERB_DOMAIN_COMPARISON {
  77. Above,
  78. Below,
  79. Equal,
  80. NotEqual
  81. } KERB_DOMAIN_COMPARISON, *PKERB_DOMAIN_COMPARISON;
  83. //+-----------------------------------------------------------------------
  84. //
  85. // Function: KerbCompareDomains
  86. //
  87. // Synopsis: Compares two domain names and returns whether one is a
  88. // prefix of the other, and the offset of the prefix.
  89. //
  90. // Effects:
  91. //
  92. // Parameters:
  93. //
  94. // Return: Above - domain1 is a postfix of domain2
  95. // Below - domain2 is a postfix of domain1
  96. // Equal - the domains are equal
  97. // NotEqual - the domains are not equal and not above or below
  98. //
  99. // Notes: This does not work for x-500 realm names (/foo/bar)
  100. //
  101. //------------------------------------------------------------------------
  103. KERB_DOMAIN_COMPARISON
  104. KerbCompareDomains(
  105. IN PUNICODE_STRING Domain1,
  106. IN PUNICODE_STRING Domain2,
  107. OUT PULONG PostfixOffset
  108. )
  109. {
  110. UNICODE_STRING TempString;
  112. if (Domain1->Length > Domain2->Length)
  113. {
  114. TempString.Length = TempString.MaximumLength = Domain2->Length;
  115. TempString.Buffer = Domain1->Buffer + (Domain1->Length - Domain2->Length) / sizeof(WCHAR);
  117. if (RtlEqualUnicodeString(
  118. &TempString,
  119. Domain2,
  120. TRUE) && TempString.Buffer[-1] == '.')
  121. {
  122. *PostfixOffset = (Domain1->Length - Domain2->Length) / sizeof(WCHAR);
  123. return(Below);
  124. }
  125. else
  126. {
  127. return(NotEqual);
  128. }
  129. }
  130. else if (Domain1->Length < Domain2->Length)
  131. {
  132. TempString.Length = TempString.MaximumLength = Domain1->Length;
  133. TempString.Buffer = Domain2->Buffer + (Domain2->Length - Domain1->Length) / sizeof(WCHAR);
  135. if (RtlEqualUnicodeString(
  136. &TempString,
  137. Domain1,
  138. TRUE) && TempString.Buffer[-1] == '.')
  139. {
  140. *PostfixOffset = (Domain2->Length - Domain1->Length) / sizeof(WCHAR);
  141. return(Above);
  142. }
  143. else
  144. {
  145. return(NotEqual);
  146. }
  148. }
  149. else if (RtlEqualUnicodeString(Domain1,Domain2, TRUE))
  150. {
  151. *PostfixOffset = 0;
  152. return(Equal);
  153. }
  154. else
  155. {
  156. return(NotEqual);
  157. }
  158. }
  160. //+-----------------------------------------------------------------------
  161. //
  162. // Function: KdcExpandTranistedRealms
  163. //
  164. // Synopsis: Expands the transited realm field into an array of realms
  165. //
  166. // Effects: Allocates an array of realm names
  167. //
  168. // Parameters: FullRealmList - receives the full list of realms
  169. // CountOfRealms - receveies the number of entries in the list
  170. // TranistedList - The transited field to expand
  171. //
  172. // Return:
  173. //
  174. // Notes:
  175. //
  176. //------------------------------------------------------------------------
  178. KERBERR
  179. KdcExpandTransitedRealms(
  180. OUT PUNICODE_STRING * FullRealmList,
  181. OUT PULONG CountOfRealms,
  182. IN PUNICODE_STRING TransitedList
  183. )
  184. {
  185. KERBERR KerbErr = KDC_ERR_NONE;
  186. ULONG RealmCount;
  187. ULONG Index;
  188. ULONG RealmIndex;
  189. PUNICODE_STRING RealmList = NULL;
  190. UNICODE_STRING CurrentRealm;
  192. *FullRealmList = NULL;
  193. *CountOfRealms = 0;
  195. //
  196. // First count the number of realms in the tranisted list. We can do
  197. // this by counting the number of ',' in the list. Note: if the encoding
  198. // is compressed by using a null entry to include all domains in a path
  199. // up or down a hierarchy, this code will fail.
  200. //
  202. if (TransitedList->Length == 0)
  203. {
  204. return(KDC_ERR_NONE);
  205. }
  208. RealmCount = 1;
  209. for (Index = 0; Index < TransitedList->Length / sizeof(WCHAR) ; Index++ )
  210. {
  211. if (TransitedList->Buffer[Index] == ',')
  212. {
  213. RealmCount++;
  215. //
  216. // Check for a ',,' compression indicating that all the
  217. // realms between two names have been traversed.
  218. // BUG 453997: we don't handle this yet.
  219. //
  221. if ( (Index == 0) ||
  222. (Index == (TransitedList->Length / sizeof(WCHAR)) -1) ||
  223. (TransitedList->Buffer[Index-1] == L','))
  225. {
  226. DebugLog((DEB_ERROR,"BUG 453997:: hit overcompressed transited encoding: %wZ\n",
  227. TransitedList ));
  228. KerbErr = KRB_ERR_GENERIC;
  229. goto Cleanup;
  230. }
  231. }
  232. }
  234. //
  235. // We now have a the count of realms. Allocate an array of UNICODE_STRING
  236. // structures to hold the realms.
  237. //
  239. RealmList = (PUNICODE_STRING) MIDL_user_allocate(RealmCount * sizeof(UNICODE_STRING));
  240. if (RealmList == NULL)
  241. {
  242. KerbErr = KRB_ERR_GENERIC;
  243. goto Cleanup;
  244. }
  245. RtlZeroMemory(
  246. RealmList,
  247. RealmCount * sizeof(UNICODE_STRING)
  248. );
  252. //
  253. // Now loop through and insert the full names of all the domains into
  254. // the list
  255. //
  257. RealmIndex = 0;
  258. CurrentRealm = *TransitedList;
  259. for (Index = 0; Index <= TransitedList->Length / sizeof(WCHAR) ; Index++ )
  260. {
  261. //
  262. // If we hit the end of the string or found a ',', split off a
  263. // new realm.
  264. //
  266. if ((Index == TransitedList->Length / sizeof(WCHAR)) ||
  267. (TransitedList->Buffer[Index] == ',' ))
  268. {
  270. //
  271. // Check for a ',,' compression indicating that all the
  272. // realms between two names have been traversed.
  273. // BUG 453997:: we don't handle this yet.
  274. //
  276. if ( (Index == 0) ||
  277. (Index == (TransitedList->Length / sizeof(WCHAR)) -1) ||
  278. (TransitedList->Buffer[Index-1] == L','))
  280. {
  281. DebugLog((DEB_ERROR,"BUG 453997:: hit overcompressed transited encoding: %wZ\n",
  282. TransitedList ));
  283. KerbErr = KRB_ERR_GENERIC;
  284. goto Cleanup;
  285. }
  287. CurrentRealm.Length = CurrentRealm.MaximumLength =
  288. (USHORT)(&TransitedList->Buffer[Index] - CurrentRealm.Buffer) * sizeof(WCHAR);
  290. //
  291. // Check for a trailing '.' - if so, append it
  292. // to the parent
  293. //
  295. if (TransitedList->Buffer[Index-1] == '.')
  296. {
  297. //
  298. // This is a compressed name, so append it to the previous
  299. // name
  300. //
  301. if (RealmIndex == 0)
  302. {
  303. DebugLog((DEB_ERROR,"First element in transited encoding has a trailing '.': %wZ\n",
  304. TransitedList ));
  305. KerbErr = KRB_ERR_GENERIC;
  306. goto Cleanup;
  307. }
  308. if (!NT_SUCCESS(KerbAppendString(
  309. &RealmList[RealmIndex],
  310. &RealmList[RealmIndex-1],
  311. &CurrentRealm)))
  312. {
  313. KerbErr = KRB_ERR_GENERIC;
  314. goto Cleanup;
  315. }
  316. }
  317. else if ((RealmIndex != 0) && (CurrentRealm.Buffer[0] == '/'))
  318. {
  319. if (!NT_SUCCESS(KerbAppendString(
  320. &RealmList[RealmIndex],
  321. &CurrentRealm,
  322. &RealmList[RealmIndex-1]
  323. )))
  324. {
  325. KerbErr = KRB_ERR_GENERIC;
  326. goto Cleanup;
  327. }
  328. }
  329. else if (!NT_SUCCESS(KerbDuplicateString(
  330. &RealmList[RealmIndex],
  331. &CurrentRealm)))
  332. {
  333. KerbErr = KRB_ERR_GENERIC;
  334. goto Cleanup;
  335. }
  337. CurrentRealm.Buffer =CurrentRealm.Buffer + 1 + CurrentRealm.Length/sizeof(WCHAR);
  338. RealmIndex++;
  339. }
  340. }
  341. DsysAssert(RealmIndex == RealmCount);
  343. *FullRealmList = RealmList;
  344. *CountOfRealms = RealmCount;
  345. Cleanup:
  347. if (!KERB_SUCCESS(KerbErr))
  348. {
  349. if (RealmList != NULL)
  350. {
  351. for (RealmIndex = 0; RealmIndex < RealmCount ; RealmIndex++ )
  352. {
  353. KerbFreeString(&RealmList[RealmIndex]);
  354. }
  355. MIDL_user_free(RealmList);
  356. }
  357. }
  359. return(KerbErr);
  360. }
  363. //+-----------------------------------------------------------------------
  364. //
  365. // Function: KdcCompressTransitedRealms
  366. //
  367. // Synopsis: Compresses an ordered list of realms by removing
  368. // redundant information.
  369. //
  370. // Effects: Allocates an output string
  371. //
  372. // Parameters: CompressedRealms - receives the compressed list of realms
  373. // RealmList - List of domains to compress
  374. // RealmCount - number of entries in realm list
  375. // NewRealm - new realm to add to the lsit
  376. // NewRealmIndex - Location before which to insert the new
  377. // realm
  378. //
  379. // Return:
  380. //
  381. // Notes:
  382. //
  383. //------------------------------------------------------------------------
  385. KERBERR
  386. KdcCompressTransitedRealms(
  387. OUT PUNICODE_STRING CompressedRealms,
  388. IN PUNICODE_STRING RealmList,
  389. IN ULONG RealmCount,
  390. IN PUNICODE_STRING NewRealm,
  391. IN ULONG NewRealmIndex
  392. )
  393. {
  394. UNICODE_STRING OutputRealms = {0};
  395. ULONG OutputRealmLength = 0;
  396. KERBERR KerbErr = KDC_ERR_NONE;
  397. ULONG Index;
  398. ULONG InsertionIndex;
  399. PWCHAR Where;
  400. PUNICODE_STRING PreviousName = NULL;
  401. PUNICODE_STRING CurrentName;
  402. ULONG PostfixOffset;
  403. UNICODE_STRING NameToAdd;
  405. RtlInitUnicodeString(
  406. CompressedRealms,
  407. NULL
  408. );
  410. //
  411. // Initialize all variables
  412. //
  414. Index = 0;
  415. CurrentName = NULL;
  416. InsertionIndex = NewRealmIndex;
  418. //
  419. // First, compute the length of compressed output realms
  420. //
  422. while (Index <= RealmCount)
  423. {
  424. PreviousName = CurrentName;
  426. //
  427. // If this is the index to insert, add the new realm
  428. //
  430. if (InsertionIndex == Index)
  431. {
  432. CurrentName = NewRealm;
  433. }
  434. else if (Index == RealmCount)
  435. {
  436. //
  437. // If we already added all the original realms, get out now
  438. //
  440. break;
  441. }
  442. else
  443. {
  444. CurrentName = &RealmList[Index];
  445. }
  447. NameToAdd = *CurrentName;
  449. //
  450. // If the previous name is above this one, lop off the postfix from
  451. // this name
  452. //
  454. if ((PreviousName != NULL) &&
  455. KerbCompareDomains(
  456. PreviousName,
  457. CurrentName,
  458. &PostfixOffset
  459. ) == Above)
  460. {
  461. NameToAdd.Length = (USHORT) PostfixOffset * sizeof(WCHAR);
  462. }
  464. if ( OutputRealmLength != 0 )
  465. {
  466. OutputRealmLength += sizeof( WCHAR );
  467. }
  469. OutputRealmLength += NameToAdd.Length;
  471. //
  472. // If we inserted the transited realm here, run through the loop
  473. // again with the same index.
  474. //
  476. if (InsertionIndex == Index)
  477. {
  478. InsertionIndex = 0xffffffff;
  479. }
  480. else
  481. {
  482. Index++;
  483. }
  484. }
  486. //
  487. // Account for the trailing NULL
  488. //
  490. OutputRealmLength += sizeof( WCHAR );
  492. //
  493. // Output must fit inside a UNICODE_STRING
  494. //
  496. if ( OutputRealmLength > MAXUSHORT )
  497. {
  498. KerbErr = KRB_ERR_GENERIC;
  499. goto Cleanup;
  500. }
  502. //
  503. // Re-initialize all variables
  504. //
  506. Index = 0;
  507. CurrentName = NULL;
  508. InsertionIndex = NewRealmIndex;
  510. SafeAllocaAllocate( OutputRealms.Buffer, OutputRealmLength );
  512. if ( OutputRealms.Buffer == NULL ) {
  514. KerbErr = KRB_ERR_GENERIC;
  515. goto Cleanup;
  516. }
  518. OutputRealms.MaximumLength = (USHORT)OutputRealmLength;
  519. OutputRealms.Length = 0;
  520. Where = OutputRealms.Buffer;
  522. //
  523. // Now, on to actual copying
  524. //
  526. while (Index <= RealmCount)
  527. {
  528. PreviousName = CurrentName;
  530. //
  531. // If this is the index to insert, add the new realm
  532. //
  534. if (InsertionIndex == Index)
  535. {
  536. CurrentName = NewRealm;
  537. }
  538. else if (Index == RealmCount)
  539. {
  540. //
  541. // If we already added all the original realms, get out now
  542. //
  544. break;
  545. }
  546. else
  547. {
  548. CurrentName = &RealmList[Index];
  549. }
  551. NameToAdd = *CurrentName;
  553. //
  554. // If the previous name is above this one, lop off the postfix from
  555. // this name
  556. //
  558. if ((PreviousName != NULL) &&
  559. KerbCompareDomains(
  560. PreviousName,
  561. CurrentName,
  562. &PostfixOffset
  563. ) == Above)
  564. {
  565. NameToAdd.Length = (USHORT) PostfixOffset * sizeof(WCHAR);
  566. }
  568. if (OutputRealms.Length != 0)
  569. {
  570. *Where++ = L',';
  571. OutputRealms.Length += sizeof(WCHAR);
  572. }
  574. DsysAssert(OutputRealms.Length + NameToAdd.Length < OutputRealms.MaximumLength);
  576. RtlCopyMemory(
  577. Where,
  578. NameToAdd.Buffer,
  579. NameToAdd.Length
  580. );
  582. Where += NameToAdd.Length/sizeof(WCHAR);
  583. OutputRealms.Length = OutputRealms.Length + NameToAdd.Length;
  585. //
  586. // If we inserted the transited realm here, run through the loop
  587. // again with the same index.
  588. //
  590. if (InsertionIndex == Index)
  591. {
  592. InsertionIndex = 0xffffffff;
  593. }
  594. else
  595. {
  596. Index++;
  597. }
  598. }
  600. *Where++ = L'\0';
  602. if (!NT_SUCCESS(KerbDuplicateString(
  603. CompressedRealms,
  604. &OutputRealms)))
  605. {
  606. KerbErr = KRB_ERR_GENERIC;
  607. goto Cleanup;
  608. }
  610. Cleanup:
  612. SafeAllocaFree( OutputRealms.Buffer );
  614. return(KerbErr);
  615. }
  618. //+-----------------------------------------------------------------------
  619. //
  620. // Function: KdcInsertTransitedRealm
  621. //
  622. // Synopsis: Inserts the referree's realm into the tranisted encoding
  623. // in a ticket. This uses domain-x500-compress which
  624. // eliminates redundant information when one domain is the
  625. // prefix or suffix of another.
  626. //
  627. // Effects: Allocates output buffer
  628. //
  629. // Parameters: NewTransitedField - receives the new tranisted field, to
  630. // be freed with KerbFreeString
  631. // OldTransitedField - the existing transited frield.
  632. // ClientRealm - Realm of client (from ticket)
  633. // TransitedRealm - Realm of referring domain
  634. // OurRealm - Our realm name
  635. //
  636. // Return:
  637. //
  638. // Notes:
  639. //
  640. //------------------------------------------------------------------------
  642. KERBERR
  643. KdcInsertTransitedRealm(
  644. OUT PUNICODE_STRING NewTransitedField,
  645. IN PUNICODE_STRING OldTransitedField,
  646. IN PUNICODE_STRING ClientRealm,
  647. IN PUNICODE_STRING TransitedRealm,
  648. IN PUNICODE_STRING OurRealm
  649. )
  650. {
  651. KERBERR KerbErr = KDC_ERR_NONE;
  652. PUNICODE_STRING FullDomainList = NULL;
  653. ULONG CountOfDomains;
  654. ULONG NewEntryIndex = 0xffffffff;
  655. ULONG PostfixOffset;
  656. ULONG Index;
  657. KERB_DOMAIN_COMPARISON Comparison = NotEqual;
  658. KERB_DOMAIN_COMPARISON LastComparison;
  660. //
  661. // The first thing to do is to expand the existing transited field. This
  662. // is because the compression scheme does not allow new domains to simply
  663. // append or insert information - the encoding of existing realms
  664. // can change. For example, going from a domain to its parent means
  665. // that the original domain can be encoded as a prefix of the parent
  666. // whereas originally it was a name unto itself.
  667. //
  669. D_DebugLog((DEB_T_TRANSIT, "Inserted realm %wZ into list %wZ for client fomr %wZ\n",
  670. TransitedRealm, OldTransitedField, ClientRealm ));
  672. KerbErr = KdcExpandTransitedRealms(
  673. &FullDomainList,
  674. &CountOfDomains,
  675. OldTransitedField
  676. );
  677. if (!KERB_SUCCESS(KerbErr))
  678. {
  679. goto Cleanup;
  680. }
  682. //
  683. // Now loop through the domains. Based on the compression, we know that
  684. // higher up domains come first.
  685. //
  687. for (Index = 0; Index < CountOfDomains ; Index++ )
  688. {
  689. LastComparison = Comparison;
  691. Comparison = KerbCompareDomains(
  692. TransitedRealm,
  693. &FullDomainList[Index],
  694. &PostfixOffset
  695. );
  696. if (Comparison == Above)
  697. {
  698. //
  699. // If the new domain is above an existing domain, it gets inserted
  700. // before the existing domain because all the existing domains
  701. // are ordered from top to bottom
  702. //
  703. NewEntryIndex = Index;
  704. break;
  705. }
  706. else if (Comparison == Below)
  707. {
  708. //
  709. // There may be other domains below which are closer, so
  710. // store the result and continue.
  711. //
  712. LastComparison = Comparison;
  713. }
  714. else if (Comparison == NotEqual)
  715. {
  716. //
  717. // The domains aren't above or below each other. If the last
  718. // comparison was below, stick the domain underneath it.
  719. //
  720. if (LastComparison == Below)
  721. {
  722. NewEntryIndex = Index;
  723. break;
  724. }
  725. }
  726. }
  728. //
  729. // If we didn't find a place for it, stick it in at the end.
  730. //
  732. if (NewEntryIndex == 0xffffffff)
  733. {
  734. NewEntryIndex = Index;
  735. }
  737. //
  738. // Now build the new encoding
  739. //
  741. KerbErr = KdcCompressTransitedRealms(
  742. NewTransitedField,
  743. FullDomainList,
  744. CountOfDomains,
  745. TransitedRealm,
  746. NewEntryIndex
  747. );
  748. if (!KERB_SUCCESS(KerbErr))
  749. {
  750. goto Cleanup;
  751. }
  753. Cleanup:
  754. if (FullDomainList != NULL)
  755. {
  756. for (Index = 0; Index < CountOfDomains ; Index++ )
  757. {
  758. KerbFreeString(&FullDomainList[Index]);
  759. }
  760. MIDL_user_free(FullDomainList);
  761. }
  763. return(KerbErr);
  764. }