|
|
/*++
Copyright (c) 2000 Microsoft Corporation
Module Name:
credapi.c
Abstract:
Credential Manager RPC API Interfaces
Author:
Cliff Van Dyke (CliffV)
Environment:
Revision History:
--*/
#include <lsapch2.h>
#include <credp.hxx>
#include <windns.h>
NTSTATUSCrediGetLogonId( OUT PLUID LogonId )/*++
Routine Description:
This routine impersonates the client then gets the logon id from the impersonated token. This routine also checks to ensure the user sid isn't restricted.
On successful return, we are still imperonating the client. The caller should call RpcRevertToSelf();
Arguments:
LogonId - Returns the logon ID.
Return Value:
Status of the operation.
--*/
{ NTSTATUS Status;
//
// Impersonate
//
Status = I_RpcMapWin32Status( RpcImpersonateClient( 0 ) );
if ( NT_SUCCESS(Status) ) { HANDLE ClientToken;
//
// Open the token
//
Status = NtOpenThreadToken( NtCurrentThread(), TOKEN_QUERY, TRUE, &ClientToken );
if ( NT_SUCCESS( Status ) ) { TOKEN_STATISTICS TokenStats; ULONG ReturnedSize;
//
// Get the LogonId
//
Status = NtQueryInformationToken( ClientToken, TokenStatistics, &TokenStats, sizeof( TokenStats ), &ReturnedSize );
if ( NT_SUCCESS( Status ) ) {
//
// Save the logon id
//
*LogonId = TokenStats.AuthenticationId;
//
// Get the user sid
//
Status = NtQueryInformationToken ( ClientToken, TokenUser, NULL, 0, &ReturnedSize );
if ( Status == STATUS_BUFFER_TOO_SMALL ) { PTOKEN_USER UserSid;
UserSid = LsapAllocateLsaHeap( ReturnedSize );
if ( UserSid == NULL ) { Status = STATUS_NO_MEMORY; } else {
Status = NtQueryInformationToken ( ClientToken, TokenUser, UserSid, ReturnedSize, &ReturnedSize );
if ( NT_SUCCESS( Status )) { BOOL IsMember;
//
// Ensure the user sid isn't restricted.
//
if ( !CheckTokenMembership( ClientToken, UserSid->User.Sid, &IsMember ) ) {
Status = I_RpcMapWin32Status( GetLastError() );
} else {
//
// If not, fail
//
if ( !IsMember ) { Status = STATUS_ACCESS_DENIED; } else {
BOOLEAN IsNetworkClient;
//
// Don't allow the caller to have come in from the network.
//
Status = LsapDbIsRpcClientNetworkClient( &IsNetworkClient );
if ( NT_SUCCESS(Status ) ) { if ( IsNetworkClient ) { Status = STATUS_ACCESS_DENIED; } else { Status = STATUS_SUCCESS; } } } } }
LsapFreeLsaHeap( UserSid ); }
} }
NtClose( ClientToken );
}
if ( !NT_SUCCESS(Status) ) { RpcRevertToSelf(); }
}
return Status;}
NTSTATUSCredrWrite( IN LPWSTR ServerName, IN PENCRYPTED_CREDENTIALW Credential, IN ULONG Flags )
/*++
Routine Description:
The CredWrite API creates a new credential or modifies an existing credential in the user's credential set. The new credential is associated with the logon session of the current token. The token must not have the user's SID disabled.
The CredWrite API creates a credential if none already exists by the specified TargetName. If the specified TargetName already exists, the specified credential replaces the existing one.
Arguments:
ServerName - Name of server this APi was remoted to. Must be NULL.
Credential - Specifies the credential to be written.
Flags - Specifies flags to control the operation of the API. The following flags are defined:
CRED_PRESERVE_CREDENTIAL_BLOB: The credential blob should be preserved from the already existing credential with the same credential name and credential type.
Return Values:
The following status codes may be returned:
STATUS_NO_SUCH_LOGON_SESSION - The logon session does not exist or there is no credential set associated with this logon session. Network logon sessions do not have an associated credential set.
STATUS_INVALID_PARAMETER - Certain fields may not be changed in an existing credential. If such a field does not match the value specified in the existing credential, this error is returned.
STATUS_NOT_FOUND - There is no credential with the specified TargetName. Returned only if CRED_PRESERVE_CREDENTIAL_BLOB was specified.
--*/
{ NTSTATUS Status; LUID LogonId;
//
// Ensure this is a local call.
//
if ( ServerName != NULL ) { Status = STATUS_INVALID_COMPUTER_NAME; goto Cleanup; }
//
// Get the LogonId for the caller.
//
Status = CrediGetLogonId( &LogonId );
if ( !NT_SUCCESS(Status) ) { goto Cleanup; }
//
// Call the internal routine
//
Status = CrediWrite( &LogonId, CREDP_FLAGS_USER_ENCRYPTED_PASSWORD, Credential, Flags );
RpcRevertToSelf();
//
// Cleanup
//
Cleanup: return Status;}
NTSTATUSCredrRead ( IN LPWSTR ServerName, IN LPWSTR TargetName, IN ULONG Type, IN ULONG Flags, OUT PENCRYPTED_CREDENTIALW *Credential )
/*++
Routine Description:
The CredRead API reads a credential from the user's credential set. The credential set used is the one associated with the logon session of the current token. The token must not have the user's SID disabled.
Arguments:
ServerName - Name of server this APi was remoted to. Must be NULL.
TargetName - Specifies the name of the credential to read.
Type - Specifies the Type of the credential to find. One of the CRED_TYPE_* values should be specified.
Flags - Specifies flags to control the operation of the API. Reserved. Must be zero.
Credential - Returns a pointer to the credential. The returned buffer must be freed by calling CredFree.
Return Values:
The following status codes may be returned:
STATUS_NOT_FOUND - There is no credential with the specified TargetName.
STATUS_NO_SUCH_LOGON_SESSION - The logon session does not exist or there is no credential set associated with this logon session. Network logon sessions do not have an associated credential set.
--*/
{ NTSTATUS Status; LUID LogonId;
//
// Ensure this is a local call.
//
if ( ServerName != NULL ) { Status = STATUS_INVALID_COMPUTER_NAME; goto Cleanup; }
//
// Get the LogonId for the caller.
//
Status = CrediGetLogonId( &LogonId );
if ( !NT_SUCCESS(Status) ) { goto Cleanup; }
//
// Call the internal routine
//
Status = CrediRead( &LogonId, CREDP_FLAGS_USE_MIDL_HEAP, // Use MIDL_user_allocate
TargetName, Type, Flags, Credential ); RpcRevertToSelf();
//
// Cleanup
//
Cleanup: return Status;}
NTSTATUSCredrEnumerate ( IN LPWSTR ServerName, IN LPWSTR Filter, IN ULONG Flags, OUT PCREDENTIAL_ARRAY CredentialArray )
/*++
Routine Description:
The CredEnumerate API enumerates the credentials from the user's credential set. The credential set used is the one associated with the logon session of the current token. The token must not have the user's SID disabled.
Arguments:
ServerName - Name of server this APi was remoted to. Must be NULL.
Filter - Specifies a filter for the returned credentials. Only credentials with a TargetName matching the filter will be returned. The filter specifies a name prefix followed by an asterisk. For instance, the filter "FRED*" will return all credentials with a TargetName beginning with the string "FRED".
If NULL is specified, all credentials will be returned.
Flags - Specifies flags to control the operation of the API. Reserved. Must be zero.
Count - Returns a count of the number of credentials returned in Credentials.
Credentials - Returns a pointer to an array of pointers to credentials. The returned buffer must be freed by calling CredFree.
Return Values:
On success, TRUE is returned. On failure, FALSE is returned. GetLastError() may be called to get a more specific status code. The following status codes may be returned:
STATUS_NOT_FOUND - There is no credentials matching the specified Filter.
STATUS_NO_SUCH_LOGON_SESSION - The logon session does not exist or there is no credential set associated with this logon session. Network logon sessions do not have an associated credential set.
--*/
{ NTSTATUS Status;
LUID LogonId;
//
// Ensure this is a local call.
//
if ( ServerName != NULL ) { Status = STATUS_INVALID_COMPUTER_NAME; goto Cleanup; }
//
// Validate the credential array.
//
if ( CredentialArray == NULL || CredentialArray->CredentialCount != 0 || CredentialArray->Credentials != NULL ) {
Status = STATUS_INVALID_PARAMETER; goto Cleanup; }
//
// Get the LogonId for the caller.
//
Status = CrediGetLogonId( &LogonId );
if ( !NT_SUCCESS(Status) ) { goto Cleanup; }
//
// Call the internal routine
//
Status = CrediEnumerate( &LogonId, 0, Filter, Flags, &CredentialArray->CredentialCount, &CredentialArray->Credentials ); RpcRevertToSelf();
//
// Cleanup
//
Cleanup: return Status;}
NTSTATUSCredrWriteDomainCredentials ( IN LPWSTR ServerName, IN PCREDENTIAL_TARGET_INFORMATIONW TargetInfo, IN PENCRYPTED_CREDENTIALW Credential, IN ULONG Flags )
/*++
Routine Description:
The CredWriteDomainCredentials API writes a new domain credential to the user's credential set. The new credential is associated with the logon session of the current token. The token must not have the user's SID disabled.
CredWriteDomainCredentials differs from CredWrite in that it handles the idiosyncrasies of domain (CRED_TYPE_DOMAIN_PASSWORD or CRED_TYPE_DOMAIN_CERTIFICATE) credentials. Domain credentials contain more than one target field.
At least one of the naming parameters must be specified: NetbiosServerName, DnsServerName, NetbiosDomainName, DnsDomainName or DnsForestName.
Arguments:
ServerName - Name of server this APi was remoted to. Must be NULL.
TargetInfo - Specifies the target information identifying the target server.
Credential - Specifies the credential to be written.
Flags - Specifies flags to control the operation of the API. Reserved. Must be zero.
Return Values:
The following status codes may be returned:
STATUS_NO_SUCH_LOGON_SESSION - The logon session does not exist or there is no credential set associated with this logon session. Network logon sessions do not have an associated credential set.
STATUS_INVALID_PARAMETER - Certain fields may not be changed in an existing credential. If such a field does not match the value specified in the existing credential, this error is returned.
STATUS_INVALID_PARAMETER - None of the naming parameters were specified or the credential specified did not have the Type field set to CRED_TYPE_DOMAIN_PASSWORD or CRED_TYPE_DOMAIN_CERTIFICATE.
--*/
{ NTSTATUS Status; LUID LogonId;
//
// Ensure this is a local call.
//
if ( ServerName != NULL ) { Status = STATUS_INVALID_COMPUTER_NAME; goto Cleanup; }
//
// Get the LogonId for the caller.
//
Status = CrediGetLogonId( &LogonId );
if ( !NT_SUCCESS(Status) ) { goto Cleanup; }
//
// Call the internal routine
//
Status = CrediWriteDomainCredentials( &LogonId, CREDP_FLAGS_USER_ENCRYPTED_PASSWORD, TargetInfo, Credential, Flags ); RpcRevertToSelf();
//
// Cleanup
//
Cleanup: return Status;}
NTSTATUSCredrReadDomainCredentials ( IN LPWSTR ServerName, IN PCREDENTIAL_TARGET_INFORMATIONW TargetInfo, IN ULONG Flags, OUT PCREDENTIAL_ARRAY CredentialArray )
/*++
Routine Description:
The CredReadDomainCredentials API reads the domain credentials from the user's credential set. The credential set used is the one associated with the logon session of the current token. The token must not have the user's SID disabled.
CredReadDomainCredentials differs from CredRead in that it handles the idiosyncrasies of domain (CRED_TYPE_DOMAIN_PASSWORD or CRED_TYPE_DOMAIN_CERTIFICATE) credentials. Domain credentials contain more than one target field.
At least one of the naming parameters must be specified: NetbiosServerName, DnsServerName, NetbiosDomainName, DnsDomainName or DnsForestName. This API returns the most specific credentials that match the naming parameters. That is, if there is a credential that matches the target server name and a credential that matches the target domain name, only the server specific credential is returned. This is the credential that would be used.
Arguments:
ServerName - Name of server this APi was remoted to. Must be NULL.
TargetInfo - Specifies the target information identifying the target ser
Flags - Specifies flags to control the operation of the API. The following flags are defined:
CRED_CACHE_TARGET_INFORMATION: The TargetInfo should be cached for a subsequent read via CredGetTargetInfo.
Count - Returns a count of the number of credentials returned in Credentials.
Credentials - Returns a pointer to an array of pointers to credentials. The most specific existing credential matching the TargetInfo is returned. If there is both a CRED_TYPE_DOMAIN_PASSWORD and CRED_TYPE_DOMAIN_CERTIFICATE credential, both are returned. If a connection were to be made to the named target, this most-specific credential would be used.
The returned buffer must be freed by calling CredFree.
Return Values:
The following status codes may be returned:
STATUS_INVALID_PARAMETER - None of the naming parameters were specified.
STATUS_NOT_FOUND - There are no credentials matching the specified naming parameters.
STATUS_NO_SUCH_LOGON_SESSION - The logon session does not exist or there is no credential set associated with this logon session. Network logon sessions do not have an associated credential set.
--*/
{ NTSTATUS Status; LUID LogonId; ULONG CredFlags = 0;
//
// Ensure this is a local call.
//
if ( ServerName != NULL ) { Status = STATUS_INVALID_COMPUTER_NAME; goto Cleanup; }
//
// Validate the credential array.
//
if ( CredentialArray == NULL || CredentialArray->CredentialCount != 0 || CredentialArray->Credentials != NULL ) {
Status = STATUS_INVALID_PARAMETER; goto Cleanup; }
//
// Get the LogonId for the caller.
//
Status = CrediGetLogonId( &LogonId );
if ( !NT_SUCCESS(Status) ) { goto Cleanup; }
//
// Handle caching target info.
//
// The Credi* routine caches by default and has to be asked to not cache.
// Whereas the public API doesn't cache by default.
//
if ( Flags & CRED_CACHE_TARGET_INFORMATION ) { Flags &= ~CRED_CACHE_TARGET_INFORMATION; } else { CredFlags |= CREDP_FLAGS_DONT_CACHE_TI; }
//
// Call the internal routine
//
Status = CrediReadDomainCredentials( &LogonId, CredFlags, TargetInfo, Flags, &CredentialArray->CredentialCount, &CredentialArray->Credentials ); RpcRevertToSelf();
//
// Cleanup
//
Cleanup: return Status;}
NTSTATUSCredrDelete ( IN LPWSTR ServerName, IN LPWSTR TargetName, IN ULONG Type, IN ULONG Flags )
/*++
Routine Description:
The CredDelete API deletes a credential from the user's credential set. The credential set used is the one associated with the logon session of the current token. The token must not have the user's SID disabled.
Arguments:
ServerName - Name of server this APi was remoted to. Must be NULL.
TargetName - Specifies the name of the credential to delete.
Type - Specifies the Type of the credential to find. One of the CRED_TYPE_* values should be specified.
Flags - Specifies flags to control the operation of the API. Reserved. Must be zero.
Return Values:
The following status codes may be returned:
STATUS_NOT_FOUND - There is no credential with the specified TargetName.
STATUS_NO_SUCH_LOGON_SESSION - The logon session does not exist or there is no credential set associated with this logon session. Network logon sessions do not have an associated credential set.
--*/
{ NTSTATUS Status; LUID LogonId;
//
// Ensure this is a local call.
//
if ( ServerName != NULL ) { Status = STATUS_INVALID_COMPUTER_NAME; goto Cleanup; }
//
// Get the LogonId for the caller.
//
Status = CrediGetLogonId( &LogonId );
if ( !NT_SUCCESS(Status) ) { goto Cleanup; }
//
// Call the internal routine
//
Status = CrediDelete( &LogonId, 0, TargetName, Type, Flags ); RpcRevertToSelf();
//
// Cleanup
//
Cleanup: return Status;}
NTSTATUSCredrRename ( IN LPWSTR ServerName, IN LPWSTR OldTargetName, IN LPWSTR NewTargetName, IN ULONG Type, IN ULONG Flags )
/*++
Routine Description:
The CredRename API renames a credential in the user's credential set. The credential set used is the one associated with the logon session of the current token. The token must not have the user's SID disabled.
Arguments:
ServerName - Name of server this APi was remoted to. Must be NULL.
OldTargetName - Specifies the current name of the credential to rename.
NewTargetName - Specifies the new name of the credential.
Type - Specifies the Type of the credential to rename One of the CRED_TYPE_* values should be specified.
Flags - Specifies flags to control the operation of the API. Reserved. Must be zero.
Return Values: The following status codes may be returned:
STATUS_NOT_FOUND - There is no credential with the specified OldTargetName.
STATUS_OBJECT_NAME_COLLISION - There is already a credential named NewTargetName.
STATUS_NO_SUCH_LOGON_SESSION - The logon session does not exist or there is no credential set associated with this logon session. Network logon sessions do not have an associated credential set.
--*/
{ NTSTATUS Status; LUID LogonId;
//
// Ensure this is a local call.
//
if ( ServerName != NULL ) { Status = STATUS_INVALID_COMPUTER_NAME; goto Cleanup; }
//
// Get the LogonId for the caller.
//
Status = CrediGetLogonId( &LogonId );
if ( !NT_SUCCESS(Status) ) { goto Cleanup; }
//
// Call the internal routine
//
Status = CrediRename( &LogonId, OldTargetName, NewTargetName, Type, Flags ); RpcRevertToSelf();
//
// Cleanup
//
Cleanup: return Status;}
NTSTATUSCredrGetTargetInfo ( IN LPWSTR ServerName, IN LPWSTR TargetServerName, IN ULONG Flags, OUT PCREDENTIAL_TARGET_INFORMATIONW *TargetInfo )
/*++
Routine Description:
The CredGetTargetInfo API gets all of the known target name information for the named target machine. This executed locally and does not need any particular privilege. The information returned is expected to be passed to the CredReadDomainCredentials and CredWriteDomainCredentials APIs. The information should not be used for any other purpose.
Authentication packages compute TargetInfo when attempting to authenticate to ServerName. The authentication packages cache this target information to make it available to CredGetTargetInfo. Therefore, the target information will only be available if we've recently attempted to authenticate to ServerName.
Arguments:
ServerName - Name of server this APi was remoted to. Must be NULL.
TargetServerName - This parameter specifies the name of the machine to get the information for.
Flags - Specifies flags to control the operation of the API.
CRED_ALLOW_NAME_RESOLUTION - Specifies that if no target info can be found for TargetName, then name resolution should be done on TargetName to convert it to other forms. If target info exists for any of those other forms, that target info is returned. Currently only DNS name resolution is done.
This bit is useful if the application doesn't call the authentication package directly. The application might pass the TargetName to another layer of software to authenticate to the server. That layer of software might resolve the name and pass the resolved name to the authentication package. As such, there will be no target info for the original TargetName.
TargetInfo - Returns a pointer to the target information. At least one of the returned fields of TargetInfo will be non-NULL.
Return Values:
The following status codes may be returned:
STATUS_NO_MEMORY - There isn't enough memory to complete the operation.
STATUS_NOT_FOUND - There is no credential with the specified TargetName.
--*/
{ NTSTATUS Status; LUID LogonId;
//
// Ensure this is a local call.
//
if ( ServerName != NULL ) { return STATUS_INVALID_COMPUTER_NAME; }
//
// Get the LogonId for the caller.
//
Status = CrediGetLogonId( &LogonId );
if ( !NT_SUCCESS(Status) ) { goto Cleanup; }
//
// Call the internal routine
//
Status = CrediGetTargetInfo( &LogonId, TargetServerName, Flags, TargetInfo );
RpcRevertToSelf();
//
// Cleanup
//
Cleanup: return Status;}
NTSTATUSCredrGetSessionTypes ( IN LPWSTR ServerName, IN DWORD MaximumPersistCount, OUT LPDWORD MaximumPersist )
/*++
Routine Description:
CredGetSessionTypes returns the maximum persistence supported by the current logon session.
For whistler, CRED_PERSIST_LOCAL_MACHINE and CRED_PERSIST_ENTERPRISE credentials can not be stored for sessions where the profile is not loaded. If future releases, credentials might not be associated with the user's profile.
Arguments:
ServerName - Name of server this APi was remoted to. Must be NULL.
MaximumPersistCount - Specifies the number of elements in the MaximumPersist array. The caller should specify CRED_TYPE_MAXIMUM for this parameter.
MaximumPersist - Returns the maximum persistance supported by the current logon session for each credential type. Index into the array with one of the CRED_TYPE_* defines. Returns CRED_PERSIST_NONE if no credential of this type can be stored. Returns CRED_PERSIST_SESSION if only session specific credential may be stored. Returns CRED_PERSIST_LOCAL_MACHINE if session specific and machine specific credentials may be stored. Returns CRED_PERSIST_ENTERPRISE if any credential may be stored.
Return Values:
STATUS_NO_SUCH_LOGON_SESSION - The logon session does not exist or there is no credential set associated with this logon session. Network logon sessions do not have an associated credential set.
--*/
{ NTSTATUS Status; LUID LogonId;
//
// Ensure this is a local call.
//
if ( ServerName != NULL ) { Status = STATUS_INVALID_COMPUTER_NAME; goto Cleanup; }
//
// Get the LogonId for the caller.
//
Status = CrediGetLogonId( &LogonId );
if ( !NT_SUCCESS(Status) ) { goto Cleanup; }
//
// Call the internal routine
//
Status = CrediGetSessionTypes( &LogonId, MaximumPersistCount, MaximumPersist );
RpcRevertToSelf();
//
// Cleanup
//
Cleanup: return Status;}
NTSTATUSCredrProfileLoaded ( IN LPWSTR ServerName )
/*++
Routine Description:
The CredProfileLoaded API is a private API used by LoadUserProfile to notify the credential manager that the profile for the current user has been loaded.
The caller must be impersonating the logged on user.
Arguments:
ServerName - Name of server this APi was remoted to. Must be NULL.
Return Values:
The following status codes may be returned:
STATUS_NO_SUCH_LOGON_SESSION - The logon session does not exist or there is no credential set associated with this logon session. Network logon sessions do not have an associated credential set.
--*/{ NTSTATUS Status; LUID LogonId;
//
// Ensure this is a local call.
//
if ( ServerName != NULL ) { Status = STATUS_INVALID_COMPUTER_NAME; goto Cleanup; }
//
// Get the LogonId for the caller.
//
Status = CrediGetLogonId( &LogonId );
if ( !NT_SUCCESS(Status) ) {
//
// This is a notification API. Don't bother the caller with trivia.
// This might be a network token. Network tokens don't have credentials.
//
if ( Status == STATUS_ACCESS_DENIED ) { Status = STATUS_SUCCESS; } goto Cleanup; }
//
// Call the internal routine
//
Status = CrediProfileLoaded( &LogonId );
RpcRevertToSelf();
//
// Cleanup
//
Cleanup: return Status;}
|
