archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 5c6fe3db62
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c6fe3db62'
${ noResults }
windows-server-2003/admin/cys/dsrestore/passfilt/main.cpp

650 lines
22 KiB
Raw Normal View History

commiting as it is
4 years ago
  2. extern "C"
  3. {
  4. // include NT and SAM headers here,
  5. // order of these files DOES matter
  6. #include <nt.h>
  7. #include <ntrtl.h>
  8. #include <nturtl.h>
  9. #include <rpc.h>
  10. #include <string.h>
  11. #include <stdio.h>
  12. #include <assert.h>
  13. #include <samrpc.h>
  14. #include <ntlsa.h>
  15. #define SECURITY_WIN32
  16. #define SECURITY_PACKAGE
  17. #include <security.h>
  18. #include <secint.h>
  19. #include <samisrv.h>
  20. #include <lsarpc.h>
  21. #include <lsaisrv.h>
  22. #include <ntsam.h>
  23. #include <ntsamp.h>
  24. #include <netlib.h>
  25. #include <windows.h>
  26. #include <lmerr.h>
  27. #include <lmcons.h>
  28. #include <netlib.h>
  29. #include <ntdef.h>
  30. }
  33. #ifndef OEM_STRING
  34. typedef STRING OEM_STRING;
  35. #endif
  39. #include "main.h"
  40. #include "Clogger.h"
  42. #include "DSREvents.h"
  44. static WCHAR g_wszLSAKey[] = L"SYSTEM\\CurrentControlSet\\Control\\Lsa";
  45. static WCHAR g_wszNotPac[] = L"Notification Packages";
  46. static WCHAR g_wszName[] = L"dsrestor";
  47. static WCHAR g_wszEventLog[] = L"SYSTEM\\CurrentControlSet\\Services\\EventLog\\Application";
  48. static WCHAR g_wszEventFileName[] = L"EventMessageFile";
  49. static WCHAR g_wszTypesSupported[] = L"TypesSupported";
  50. static WCHAR g_wszEventFilePath[] = L"%SystemRoot%\\System32\\DSREvt.dll";
  51. static DWORD g_dwTypesSupported = 0x7;
  53. //For comparison of OLD_LARGE_INTEGER
  54. BOOL operator > ( OLD_LARGE_INTEGER li1, OLD_LARGE_INTEGER li2 )
  55. {
  56. return( li1.HighPart > li2.HighPart ||
  57. ( li1.HighPart ==li2.HighPart && li1.LowPart > li2.LowPart ) );
  58. }
  62. //Generate Domain Admin Sid based on Domain Sid
  63. NTSTATUS CreateDomainAdminSid(PSID *ppDomainAdminSid, //[Out] return Domain Admin Sid
  64. PSID pDomainSid) //[in] Domain Sid
  65. {
  66. NTSTATUS NtStatus = STATUS_SUCCESS;
  67. UCHAR AccountSubAuthorityCount;
  68. ULONG AccountSidLength;
  69. PULONG RidLocation;
  71. if (!ppDomainAdminSid || !pDomainSid)
  72. return STATUS_INSUFFICIENT_RESOURCES;
  74. // Calculate the size of the new sid
  76. AccountSubAuthorityCount = *RtlSubAuthorityCountSid(pDomainSid) + (UCHAR)1;
  77. AccountSidLength = RtlLengthRequiredSid(AccountSubAuthorityCount);
  79. // Allocate space for the account sid
  81. *ppDomainAdminSid = RtlAllocateHeap(RtlProcessHeap(), 0, AccountSidLength);
  83. if (*ppDomainAdminSid == NULL)
  84. {
  86. NtStatus = STATUS_INSUFFICIENT_RESOURCES;
  87. }
  88. else
  89. {
  90. // Copy the domain sid into the first part of the account sid
  92. NTSTATUS IgnoreStatus = RtlCopySid(AccountSidLength, *ppDomainAdminSid, pDomainSid);
  94. // Increment the account sid sub-authority count
  96. if (RtlSubAuthorityCountSid(*ppDomainAdminSid))
  97. *RtlSubAuthorityCountSid(*ppDomainAdminSid) = AccountSubAuthorityCount;
  99. // Add the rid as the final sub-authority
  101. RidLocation = RtlSubAuthoritySid(*ppDomainAdminSid, AccountSubAuthorityCount-1);
  102. if (RidLocation)
  103. *RidLocation = DOMAIN_USER_RID_ADMIN;
  105. NtStatus = STATUS_SUCCESS;
  106. }
  108. return NtStatus;
  110. }
  115. // Create a thread to run PassCheck()
  116. BOOL NTAPI InitializeChangeNotify( void )
  117. {
  118. ULONG ulID = 0;
  119. HANDLE hThread = CreateThread( NULL, 0, PassCheck, NULL, 0, &ulID );
  120. if (hThread && (hThread != INVALID_HANDLE_VALUE))
  121. CloseHandle( hThread );
  123. return TRUE;
  124. }
  128. NTSTATUS NTAPI PasswordChangeNotify( PUNICODE_STRING UserName,
  129. ULONG RelativeId,
  130. PUNICODE_STRING NewPassword )
  131. {
  132. return STATUS_SUCCESS;
  133. }
  137. BOOL NTAPI PasswordFilter( PUNICODE_STRING AccountName,
  138. PUNICODE_STRING FullName,
  139. PUNICODE_STRING Password,
  140. BOOLEAN SetOperation )
  141. {
  142. return TRUE;
  143. }
  148. // Get Password for DSRestoreMode and DomainAdmin and set to same if not already
  149. // then sleep for 30 minutes
  150. DWORD WINAPI PassCheck( LPVOID lpParameter )
  151. {
  152. CEventLogger EventLogger;
  153. DWORD dwRt=0; //Return Value
  154. DWORD dwSleepTime = 30*60*1000;
  155. // 30 min * 60 sec * 1000 msec
  156. NTSTATUS RtVal = STATUS_SUCCESS;
  157. OLD_LARGE_INTEGER liPasswordLastSet = {0,0};
  158. SAMPR_HANDLE hSAMPR = NULL;
  159. PSAMPR_SERVER_NAME pSvrName = NULL;
  160. SAMPR_HANDLE hServerHandle = NULL;
  161. SAMPR_HANDLE hDomainHandle = NULL;
  162. PSAMPR_USER_INFO_BUFFER pUserBuffer = NULL;
  163. LSA_HANDLE hPolicyHd = NULL;
  164. LSA_OBJECT_ATTRIBUTES ObjAttr;
  165. PPOLICY_PRIMARY_DOMAIN_INFO pDomainInfo=NULL;
  166. WCHAR szSvrName[MAX_COMPUTERNAME_LENGTH + 1];
  167. DWORD dwSvrName = MAX_COMPUTERNAME_LENGTH + 1;
  168. LSA_UNICODE_STRING ServerName;
  169. SID_IDENTIFIER_AUTHORITY sia = SECURITY_NT_AUTHORITY;
  170. PSID pDomainAdminSid = NULL;
  171. NT_OWF_PASSWORD Password;
  172. SID_AND_ATTRIBUTES_LIST GroupMembership;
  173. SAMPR_HANDLE UserHandle = NULL;
  174. UNICODE_STRING PsudoUserName;
  177. //Get ready for event logging
  178. EventLogger.InitEventLog(g_wszName ,0, LOGGING_LEVEL_3);
  179. EventLogger.LogEvent(LOGTYPE_INFORMATION,
  180. EVENTDSR_FILTER_STARTED);
  182. //Required by LsaOpenPolicy
  183. ZeroMemory(&ObjAttr,sizeof(LSA_OBJECT_ATTRIBUTES));
  184. ServerName.MaximumLength=sizeof(WCHAR)*(MAX_COMPUTERNAME_LENGTH + 1);
  185. GroupMembership.Count = 0;
  186. GroupMembership.SidAndAttributes = NULL;
  189. // First get the local server name
  190. if( !GetComputerName(szSvrName, &dwSvrName))
  191. {
  192. dwRt = GetLastError();
  193. EventLogger.LogEvent(LOGTYPE_FORCE_ERROR,
  194. EVENTDSR_FILTER_NO_HOST_NAME,
  195. dwRt);
  196. goto EXIT;
  197. }
  199. ServerName.Buffer=szSvrName;
  200. ServerName.Length=(USHORT)(sizeof(WCHAR)*dwSvrName);
  202. // To get the Policy Handle
  203. if( STATUS_SUCCESS != (RtVal=LsaOpenPolicy(
  204. &ServerName,
  205. &ObjAttr,
  206. POLICY_VIEW_LOCAL_INFORMATION,
  207. &hPolicyHd
  208. )) )
  209. {
  210. //Error output RtVal
  211. dwRt = GetLastError();
  212. EventLogger.LogEvent(LOGTYPE_FORCE_ERROR,
  213. EVENTDSR_FILTER_NO_LOCAL_POLICY,
  214. dwRt);
  216. goto EXIT;
  217. }
  219. // Get the Primary Domain information
  220. if( STATUS_SUCCESS != (RtVal=LsaQueryInformationPolicy(
  221. hPolicyHd,
  222. PolicyPrimaryDomainInformation,
  223. reinterpret_cast<PVOID *> (&pDomainInfo) ) ))
  224. {
  225. //Error, log return value RtVal
  226. EventLogger.LogEvent(LOGTYPE_FORCE_ERROR,
  227. EVENTDSR_FILTER_NO_DOMAIN_INFO,
  228. RtVal);
  229. goto EXIT;
  230. }
  232. if( NULL == pDomainInfo->Sid )
  233. {
  234. // If we are running in the DS Restore mode, the Domain sid will be NULL
  235. // No need to run in this case.
  236. goto EXIT;
  237. }
  239. //Build the sid for domain admin
  240. if( STATUS_SUCCESS != CreateDomainAdminSid(&pDomainAdminSid, pDomainInfo->Sid) )
  241. {
  242. //Error output RtVal
  243. dwRt = GetLastError();
  244. EventLogger.LogEvent(LOGTYPE_FORCE_ERROR,
  245. EVENTDSR_FILTER_NO_ADMIN_SID,
  246. dwRt);
  247. goto EXIT;
  248. }
  250. //Check if the domain admin Sid just generated is valid
  251. if(! IsValidSid( pDomainAdminSid ))
  252. {
  253. dwRt = GetLastError();
  254. EventLogger.LogEvent(LOGTYPE_FORCE_ERROR,
  255. EVENTDSR_FILTER_NO_ADMIN_SID,
  256. dwRt);
  257. goto EXIT;
  258. }
  260. // Starting the loop of polling domain admin password
  261. while( TRUE )
  262. {
  264. //Get the server handle
  265. if(STATUS_SUCCESS != SamIConnect(
  266. pSvrName,
  267. &hServerHandle,
  268. POLICY_ALL_ACCESS,
  269. TRUE) )
  270. {
  271. dwRt = GetLastError();
  272. EventLogger.LogEvent(LOGTYPE_FORCE_ERROR,
  273. EVENTDSR_FILTER_CONNECT_SAM_FAIL,
  274. dwRt);
  275. break;
  276. }
  279. // Get the domain handle
  280. if(STATUS_SUCCESS != SamrOpenDomain(
  281. hServerHandle,
  282. POLICY_ALL_ACCESS,
  283. (PRPC_SID)(pDomainInfo->Sid),
  284. //PSID and PRPC_SID are basically the same
  285. &hDomainHandle) )
  286. {
  287. dwRt = GetLastError();
  288. EventLogger.LogEvent(LOGTYPE_FORCE_ERROR,
  289. EVENTDSR_FILTER_CONNECT_DOMAIN_FAIL,
  290. dwRt);
  291. break;
  292. }
  294. PsudoUserName.Buffer = reinterpret_cast<PWSTR> (pDomainAdminSid);
  295. PsudoUserName.Length = (USHORT)GetLengthSid(pDomainAdminSid);
  296. PsudoUserName.MaximumLength = PsudoUserName.Length;
  298. //Get accout info for Domain Admin
  299. if(STATUS_SUCCESS != ( RtVal= SamIGetUserLogonInformation(
  300. hDomainHandle,
  301. SAM_OPEN_BY_SID,
  302. &PsudoUserName,
  303. &pUserBuffer,
  304. &GroupMembership,
  305. &UserHandle) ) )
  306. {
  307. dwRt = GetLastError();
  308. EventLogger.LogEvent(LOGTYPE_FORCE_ERROR,
  309. EVENTDSR_FILTER_NO_DOMAIN_ADMIN_INFO,
  310. dwRt);
  311. break;
  312. }
  315. // Check if the password of the Domain Admin was changed in
  316. // the last sleep period.
  317. // The first time, always set the password.
  318. if( pUserBuffer->All.PasswordLastSet > liPasswordLastSet )
  319. {
  320. RtlCopyMemory(
  321. &Password,
  322. pUserBuffer->All.NtOwfPassword.Buffer,
  323. NT_OWF_PASSWORD_LENGTH);
  325. if(STATUS_SUCCESS != SamiSetDSRMPasswordOWF(
  326. &ServerName,
  327. DOMAIN_USER_RID_ADMIN,
  328. &Password
  329. ) )
  330. {
  331. dwRt = GetLastError();
  332. EventLogger.LogEvent(LOGTYPE_FORCE_ERROR,
  333. EVENTDSR_FILTER_SET_PAWD_FAIL,
  334. dwRt);
  335. break;
  336. }
  338. liPasswordLastSet=pUserBuffer->All.PasswordLastSet;
  339. }
  341. // Clean up for next loop
  342. SamIFree_SAMPR_USER_INFO_BUFFER(pUserBuffer, UserAllInformation);
  343. RtlZeroMemory(&Password, NT_OWF_PASSWORD_LENGTH);
  344. SamrCloseHandle(&hServerHandle);
  345. SamrCloseHandle(&hDomainHandle);
  346. pUserBuffer = NULL;
  347. hServerHandle=NULL;
  348. hDomainHandle=NULL;
  350. // Sleep 30 minutes
  351. Sleep( dwSleepTime );
  352. }
  354. EXIT:
  355. //Clean up
  357. if( NULL != pUserBuffer )
  358. {
  359. SamIFree_SAMPR_USER_INFO_BUFFER(
  360. pUserBuffer, UserAllInformation);
  361. }
  362. if( NULL != hServerHandle )
  363. {
  364. SamrCloseHandle(&hServerHandle);
  365. }
  366. if( NULL != hDomainHandle )
  367. {
  368. SamrCloseHandle(&hDomainHandle);
  369. }
  371. if( NULL != pDomainAdminSid )
  372. {
  373. RtlFreeHeap( RtlProcessHeap(), 0, (PVOID)pDomainAdminSid);
  374. }
  375. if( NULL != pDomainInfo )
  376. {
  377. LsaFreeMemory(pDomainInfo);
  378. }
  379. if( NULL != hPolicyHd )
  380. {
  381. LsaClose(hPolicyHd);
  382. }
  384. return dwRt;
  385. }
  388. HRESULT NTAPI RegisterFilter( void )
  389. {
  390. DWORD dwType = 0;
  391. DWORD dwcbSize = 0;
  392. HKEY hLSAKey = NULL;
  393. HKEY hEventLogKey = NULL;
  394. HKEY hDSEvtKey = NULL;
  395. BOOL bSuccess = FALSE;
  396. BOOL bRegistered = FALSE;
  398. LONG lRetVal = RegOpenKeyEx( HKEY_LOCAL_MACHINE,
  399. g_wszLSAKey,
  400. 0,
  401. KEY_ALL_ACCESS,
  402. &hLSAKey );
  403. if (ERROR_SUCCESS == lRetVal)
  404. {
  405. ULONG ulStrLen = wcslen( g_wszName );
  406. lRetVal = RegQueryValueEx( hLSAKey,
  407. g_wszNotPac,
  408. NULL,
  409. &dwType,
  410. NULL,
  411. &dwcbSize );
  412. if (ERROR_SUCCESS == lRetVal) // Key exists, must add my value to the end
  413. {
  414. WCHAR *pwsz = NULL;
  415. DWORD dwBufSize = dwcbSize + (ulStrLen+1)*sizeof(WCHAR);
  416. BYTE *pbyVal = new BYTE[dwBufSize];
  417. if (NULL != pbyVal)
  418. {
  419. lRetVal = RegQueryValueEx( hLSAKey,
  420. g_wszNotPac,
  421. NULL,
  422. &dwType,
  423. pbyVal,
  424. &dwcbSize );
  425. if (ERROR_SUCCESS == lRetVal)
  426. {
  427. //First, check if we have already registered
  428. pwsz = (WCHAR *)pbyVal;
  429. while( *pwsz != 0 )
  430. {
  431. if (0 == wcscmp( pwsz, g_wszName ))
  432. {
  433. //It is already registered
  434. bRegistered = TRUE;
  435. bSuccess = TRUE;
  436. break;
  437. }
  438. pwsz += (wcslen( pwsz ) + 1);
  439. }
  441. if(! bRegistered)
  442. {
  443. // Got the value, now I need to add myself to the end
  444. pwsz = (WCHAR *)&(pbyVal[dwcbSize - 2]);
  445. wcscpy( pwsz, g_wszName );
  446. // Make sure we're termintate by 2 UNICODE NULLs (REG_MULTI_SZ)
  447. pwsz += ulStrLen + 1;
  448. *pwsz = 0;
  449. lRetVal = RegSetValueEx( hLSAKey,
  450. g_wszNotPac,
  451. 0,
  452. (DWORD)REG_MULTI_SZ,
  453. pbyVal,
  454. dwBufSize );
  455. if (ERROR_SUCCESS == lRetVal)
  456. bSuccess = TRUE;
  457. }
  458. }
  459. delete[] pbyVal;
  460. }
  461. }
  462. else // Key doesn't exist. Have to create it
  463. {
  464. DWORD dwBufSize=(ulStrLen+2)*sizeof(WCHAR);
  465. BYTE *rgbyVal= new BYTE[dwBufSize];
  466. if( NULL != rgbyVal )
  467. {
  468. WCHAR *pwsz = (WCHAR *)rgbyVal;
  469. wcscpy( pwsz, g_wszName );
  471. // Make sure we're terminated by two UNICODE NULLs (REG_MULTI_SZ)
  472. pwsz += ulStrLen + 1;
  473. *pwsz = 0;
  475. lRetVal = RegSetValueEx( hLSAKey,
  476. g_wszNotPac,
  477. 0,
  478. (DWORD)REG_MULTI_SZ,
  479. rgbyVal,
  480. dwBufSize );
  481. if (ERROR_SUCCESS == lRetVal)
  482. bSuccess = TRUE;
  483. delete[] rgbyVal;
  484. }
  485. }
  487. RegCloseKey( hLSAKey );
  488. }
  490. if( bSuccess )
  491. {
  493. lRetVal = RegOpenKeyEx(HKEY_LOCAL_MACHINE,
  494. g_wszEventLog,
  495. 0,
  496. KEY_ALL_ACCESS,
  497. &hEventLogKey);
  498. if ( ERROR_SUCCESS == lRetVal )
  499. {
  500. //Create the Reg Key for eventlogging
  501. lRetVal = RegCreateKeyEx(hEventLogKey,
  502. g_wszName,
  503. 0,
  504. NULL,
  505. 0,
  506. KEY_ALL_ACCESS,
  507. NULL,
  508. &hDSEvtKey,
  509. NULL);
  510. if ( ERROR_SUCCESS == lRetVal )
  511. {
  512. lRetVal = RegSetValueEx(hDSEvtKey,
  513. g_wszEventFileName,
  514. 0,
  515. REG_SZ,
  516. reinterpret_cast<CONST BYTE*>(g_wszEventFilePath),
  517. sizeof(WCHAR)*wcslen(g_wszEventFilePath));
  518. if (ERROR_SUCCESS == lRetVal )
  519. {
  520. lRetVal = RegSetValueEx(hDSEvtKey,
  521. g_wszTypesSupported,
  522. 0,
  523. REG_DWORD,
  524. reinterpret_cast<CONST BYTE*>(&g_dwTypesSupported),
  525. sizeof(DWORD));
  526. }
  527. RegCloseKey(hDSEvtKey);
  528. }
  530. if (ERROR_SUCCESS != lRetVal)
  531. {
  532. bSuccess = FALSE;
  533. }
  534. }
  535. RegCloseKey(hEventLogKey);
  536. }
  539. return bSuccess ? (bRegistered ? S_FALSE : S_OK ) : E_FAIL;
  540. }
  543. HRESULT NTAPI UnRegisterFilter( void )
  544. {
  545. DWORD dwType = 0;
  546. DWORD dwcbSize = 0;
  547. HKEY hLSAKey = NULL;
  548. HKEY hEventLogKey =NULL;
  549. BOOL bSuccess = FALSE;
  551. LONG lRetVal = RegOpenKeyEx( HKEY_LOCAL_MACHINE,
  552. g_wszLSAKey,
  553. 0,
  554. KEY_ALL_ACCESS,
  555. &hLSAKey );
  556. if (ERROR_SUCCESS == lRetVal)
  557. {
  558. lRetVal = RegQueryValueEx( hLSAKey,
  559. g_wszNotPac,
  560. NULL,
  561. &dwType,
  562. NULL,
  563. &dwcbSize );
  564. // Key exists, must delete my value from the end
  565. if (ERROR_SUCCESS == lRetVal)
  566. {
  567. ULONG ulStrLen = wcslen( g_wszName );
  568. BYTE *pbyVal = new BYTE[dwcbSize];
  569. if (pbyVal)
  570. {
  571. lRetVal = RegQueryValueEx( hLSAKey,
  572. g_wszNotPac,
  573. NULL,
  574. &dwType,
  575. pbyVal,
  576. &dwcbSize );
  578. if (ERROR_SUCCESS == lRetVal)
  579. {
  580. // Got the old key,
  581. // now step through and remove my part of the key
  582. WCHAR *pwsz = (WCHAR *)pbyVal;
  583. WCHAR *wszNewRegVal = new WCHAR[dwcbSize];
  584. WCHAR *pwszNewVal = wszNewRegVal;
  585. DWORD dwLen = 0;
  587. if (wszNewRegVal)
  588. {
  589. *pwszNewVal = 0;
  590. while( *pwsz != 0 )
  591. {
  592. if (wcscmp( pwsz, g_wszName ))
  593. {
  594. wcscpy( pwszNewVal, pwsz );
  595. dwLen += wcslen( pwsz ) + 1;
  596. pwszNewVal += (wcslen( pwsz ) + 1);
  597. }
  598. pwsz += (wcslen( pwsz ) + 1);
  599. }
  601. // if we got here and there's nothing in the buffer,
  602. // we were the only one installed,
  603. // now we must delete the key, else set it to the old value
  604. wszNewRegVal[dwLen] = 0; // add the last NULL
  605. dwLen++; // account for that last NULL
  606. lRetVal = RegSetValueEx(hLSAKey,
  607. g_wszNotPac,
  608. 0,
  609. (DWORD)REG_MULTI_SZ,
  610. reinterpret_cast<CONST BYTE*>(wszNewRegVal),
  611. dwLen*sizeof(WCHAR));
  612. if (ERROR_SUCCESS == lRetVal)
  613. bSuccess = TRUE;
  614. delete[] wszNewRegVal;
  615. }
  616. }
  617. delete[] pbyVal;
  618. }
  619. // NTRAID#NTBUG9-655545-2002/07/05-artm
  620. RegCloseKey( hLSAKey );
  621. }
  622. }
  624. if( bSuccess )
  625. {
  626. //Delete the Reg Key for eventlogging
  627. lRetVal=RegOpenKeyEx(HKEY_LOCAL_MACHINE,
  628. g_wszEventLog,
  629. 0,
  630. KEY_ALL_ACCESS,
  631. &hEventLogKey);
  632. if (ERROR_SUCCESS == lRetVal)
  633. {
  634. RegDeleteKey(hEventLogKey, g_wszName );
  635. if( ERROR_SUCCESS != lRetVal &&
  636. ERROR_FILE_NOT_FOUND != lRetVal )
  637. // If the key does not exist, ERROR_FILE_NOT_FOUND wii be returened
  638. {
  639. bSuccess = FALSE;
  640. }
  641. RegCloseKey( hEventLogKey );
  642. }
  643. else
  644. {
  645. bSuccess = FALSE;
  646. }
  647. }
  649. return bSuccess ? S_OK : E_FAIL;
  650. }