archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 5c6fe3db62
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c6fe3db62'
${ noResults }
windows-server-2003/ds/security/protocols/kerberos/client2/userlist.cxx

657 lines
16 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. //+-----------------------------------------------------------------------
  2. //
  3. // Microsoft Windows
  4. //
  5. // Copyright (c) Microsoft Corporation 1992 - 1997
  6. //
  7. // File: userlist.cxx
  8. //
  9. // Contents: Routines for logging a client with a PAC onto an existing
  10. // NT account.
  11. //
  12. //
  13. // History: 21-Febuary-1997 Created MikeSw
  14. //
  15. //------------------------------------------------------------------------
  17. #include <kerb.hxx>
  18. #include <kerbp.h>
  19. #ifndef WIN32_CHICAGO
  20. extern "C"
  21. {
  22. #include <samrpc.h>
  23. #include <lsaisrv.h>
  24. #include <samisrv.h>
  25. }
  26. #include <userall.h>
  28. //+-------------------------------------------------------------------------
  29. //
  30. // Function: KerbReadRegistryString
  31. //
  32. // Synopsis: Reads & allocates a string from the registry
  33. //
  34. // Effects:
  35. //
  36. // Arguments:
  37. //
  38. // Requires:
  39. //
  40. // Returns: STATUS_SUCCESS - the value was found
  41. // STATUS_NO_SUCH_USER - the value was not found
  42. // STATUS_INSUFFICIENT_RESOURCES - memory allocation failure
  43. //
  44. // Notes:
  45. //
  46. //
  47. //--------------------------------------------------------------------------
  50. NTSTATUS
  51. KerbReadRegistryString(
  52. IN HKEY Key,
  53. IN LPWSTR Value,
  54. IN OUT PUNICODE_STRING String
  55. )
  56. {
  57. ULONG Type;
  58. ULONG WinError = ERROR_SUCCESS;
  59. ULONG StringSize = 0;
  60. NTSTATUS Status = STATUS_NO_SUCH_USER;
  62. WinError = RegQueryValueEx(
  63. Key,
  64. Value,
  65. NULL,
  66. &Type,
  67. NULL,
  68. &StringSize
  69. );
  70. if ((WinError == ERROR_MORE_DATA) || (WinError == ERROR_SUCCESS))
  71. {
  72. //
  73. // The value exists - get the name from it
  74. //
  76. String->Buffer = (LPWSTR) KerbAllocate(StringSize);
  77. if (String->Buffer == NULL)
  78. {
  79. Status = STATUS_INSUFFICIENT_RESOURCES;
  80. goto Cleanup;
  81. }
  83. WinError = RegQueryValueEx(
  84. Key,
  85. Value,
  86. NULL,
  87. &Type,
  88. (PUCHAR) String->Buffer,
  89. &StringSize
  90. );
  91. if (WinError != ERROR_SUCCESS)
  92. {
  93. goto Cleanup;
  94. }
  96. RtlInitUnicodeString(
  97. String,
  98. String->Buffer
  99. );
  100. Status = STATUS_SUCCESS;
  101. }
  103. Cleanup:
  104. if (!NT_SUCCESS(Status) && (String->Buffer != NULL))
  105. {
  106. KerbFreeString(String);
  107. }
  108. return(Status);
  109. }
  111. //+-------------------------------------------------------------------------
  112. //
  113. // Function: KerbMapClientName
  114. //
  115. // Synopsis: Maps a Kerberos client name to an NT user name. First it
  116. // tries converting the name to a string and looking for a
  117. // value with that name. If that fails, it looks for a
  118. // value with the client realm name.
  119. //
  120. // Effects:
  121. //
  122. // Arguments: MappedName - receives the name of the local account the
  123. // client maps to
  124. // ClientName - Kerberos principal name of the client
  125. // ClientRealm - Kerberos realm of the client
  126. //
  127. // Requires:
  128. //
  129. // Returns:
  130. //
  131. // Notes:
  132. //
  133. //
  134. //--------------------------------------------------------------------------
  136. NTSTATUS
  137. KerbMapClientName(
  138. OUT PUNICODE_STRING MappedName,
  139. IN PKERB_INTERNAL_NAME ClientName,
  140. IN PUNICODE_STRING ClientRealm
  141. )
  142. {
  144. LPWSTR UserName = NULL;
  145. DWORD WinError;
  146. NTSTATUS Status = STATUS_NO_SUCH_USER;
  147. HKEY Key = NULL;
  148. UNICODE_STRING ClientString = {0};
  150. EMPTY_UNICODE_STRING( MappedName );
  153. //
  154. // First convert the MIT client name to a registry value name. We do
  155. // this by adding a '/' between every component of the client name
  156. // and appending "@ClientRealm"
  157. //
  159. //
  160. // Make sure the client realm is null terminated
  161. //
  163. DsysAssert(ClientRealm->Length == 0 || (ClientRealm->MaximumLength >= ClientRealm->Length + sizeof(WCHAR)));
  164. DsysAssert(ClientRealm->Length == 0 || (ClientRealm->Buffer[ClientRealm->Length/sizeof(WCHAR)] == L'\0'));
  166. //
  167. // The value length is the length of all the components of the names,
  168. // all the '/' separtors, and the name of the domain name plus '@'
  169. //
  172. if (!KERB_SUCCESS(KerbConvertKdcNameToString(
  173. &ClientString,
  174. ClientName,
  175. ClientRealm)))
  176. {
  177. Status = STATUS_INSUFFICIENT_RESOURCES;
  178. goto Cleanup;
  179. }
  181. D_DebugLog((DEB_TRACE,"Mapping client name %wZ\n",&ClientString ));
  183. //
  184. // Also build just the username, which is used when users are mapped
  185. // back to their own name
  186. //
  188. UserName = (LPWSTR) KerbAllocate(ClientName->Names[0].Length + sizeof(WCHAR));
  189. if (UserName == NULL)
  190. {
  191. Status = STATUS_INSUFFICIENT_RESOURCES;
  192. goto Cleanup;
  194. }
  196. RtlCopyMemory(
  197. UserName,
  198. ClientName->Names[0].Buffer,
  199. ClientName->Names[0].Length
  200. );
  201. UserName[ClientName->Names[0].Length / sizeof(WCHAR)] = L'\0';
  203. //
  204. // Now check the registry for a mapping for this name
  205. //
  207. WinError = RegOpenKey(
  208. HKEY_LOCAL_MACHINE,
  209. KERB_USERLIST_KEY,
  210. &Key
  211. );
  212. if (WinError != ERROR_SUCCESS)
  213. {
  214. goto Cleanup;
  215. }
  217. //
  218. // Read out the value
  219. //
  221. Status = KerbReadRegistryString(
  222. Key,
  223. ClientString.Buffer,
  224. MappedName
  225. );
  226. if (Status == STATUS_NO_SUCH_USER)
  227. {
  229. //
  230. // Try again with just the domain name - this allows all users in
  231. // a domain to be mapped
  232. //
  233. Status = KerbReadRegistryString(
  234. Key,
  235. ClientRealm->Buffer,
  236. MappedName
  237. );
  239. }
  240. if (Status == STATUS_NO_SUCH_USER)
  241. {
  242. Status = KerbReadRegistryString(
  243. Key,
  244. KERB_ALL_USERS_VALUE,
  245. MappedName
  246. );
  247. }
  249. if (!NT_SUCCESS(Status))
  250. {
  251. goto Cleanup;
  252. }
  254. //
  255. // If the mapped name is '*', then use the client's name
  256. //
  258. if (_wcsicmp(MappedName->Buffer,KERB_MATCH_ALL_NAME) == 0)
  259. {
  260. KerbFree(MappedName->Buffer);
  261. RtlInitUnicodeString(
  262. MappedName,
  263. UserName
  264. );
  265. UserName = NULL;
  266. }
  269. Status = STATUS_SUCCESS;
  271. Cleanup:
  272. if (!NT_SUCCESS(Status))
  273. {
  274. KerbFreeString(MappedName);
  275. }
  276. KerbFreeString(&ClientString);
  277. if (UserName != NULL)
  278. {
  279. KerbFree(UserName);
  280. }
  281. if (Key != NULL)
  282. {
  283. RegCloseKey(Key);
  284. }
  285. return(Status);
  286. }
  289. //+-------------------------------------------------------------------------
  290. //
  291. // Function: KerbCreatePacForKerbClient
  292. //
  293. // Synopsis: Creates a PAC structure for a kerb client without a PAC
  294. //
  295. // Effects:
  296. //
  297. // Arguments:
  298. //
  299. // Requires:
  300. //
  301. // Returns:
  302. //
  303. // Notes:
  304. //
  305. //
  306. //--------------------------------------------------------------------------
  308. NTSTATUS
  309. KerbCreatePacForKerbClient(
  310. OUT PPACTYPE * Pac,
  311. IN PKERB_INTERNAL_NAME ClientName,
  312. IN PUNICODE_STRING ClientRealm,
  313. IN OPTIONAL PUNICODE_STRING MappedClientName
  314. )
  315. {
  316. NTSTATUS Status = STATUS_SUCCESS;
  317. PLSAPR_POLICY_INFORMATION PolicyInfo = NULL;
  318. SAMPR_HANDLE SamHandle = NULL;
  319. SAMPR_HANDLE DomainHandle = NULL;
  320. SAMPR_HANDLE UserHandle = NULL;
  321. PSAMPR_GET_GROUPS_BUFFER Groups = NULL;
  322. SID_AND_ATTRIBUTES_LIST TransitiveGroups = {0};
  323. PSAMPR_USER_INFO_BUFFER UserInfo = NULL;
  324. PPACTYPE LocalPac = NULL;
  325. SAMPR_ULONG_ARRAY RidArray;
  326. SAMPR_ULONG_ARRAY UseArray;
  327. SECPKG_CLIENT_INFO ClientInfo;
  329. //
  330. // local variables containing copy of globals.
  331. //
  333. UNICODE_STRING LocalMachineName;
  334. UNICODE_STRING LocalDomainName;
  335. UNICODE_STRING LocalAccountName = NULL_UNICODE_STRING;
  336. KERBEROS_MACHINE_ROLE LocalRole = KerbRoleWorkstation;
  337. BOOLEAN GlobalsLocked = FALSE;
  339. RidArray.Element = NULL;
  340. UseArray.Element = NULL;
  342. LocalMachineName.Buffer = NULL;
  343. LocalDomainName.Buffer = NULL;
  345. //
  346. // Verify that the caller has TCB privilege. Otherwise anyone can forge
  347. // a ticket to themselves to logon with any name in the list.
  348. //
  350. Status = LsaFunctions->GetClientInfo(&ClientInfo);
  351. if (!NT_SUCCESS(Status))
  352. {
  353. return(Status);
  354. }
  356. if (!ClientInfo.HasTcbPrivilege)
  357. {
  358. return(STATUS_PRIVILEGE_NOT_HELD);
  359. }
  361. //
  362. // If we are a domain controller, call SAM to do the mapping.
  363. // Otherwise, do it ourselves.
  364. //
  366. //
  367. // Common code for both wksta and DC - open SAM
  368. // However, if we're a realmless wksta, we know we have a client
  369. // mapping to a local account so skip lookup on DC
  370. //
  372. //
  373. // Call the LSA to get our domain sid
  374. //
  377. Status = LsaIQueryInformationPolicyTrusted(
  378. PolicyAccountDomainInformation,
  379. &PolicyInfo
  380. );
  381. if (!NT_SUCCESS(Status))
  382. {
  383. goto Cleanup;
  384. }
  386. //
  387. // Open SAM to get the account information
  388. //
  391. Status = SamIConnect(
  392. NULL, // no server name
  393. &SamHandle,
  394. 0, // no desired access
  395. TRUE // trusted caller
  396. );
  398. if (!NT_SUCCESS(Status))
  399. {
  400. goto Cleanup;
  401. }
  403. Status = SamrOpenDomain(
  404. SamHandle,
  405. 0, // no desired access
  406. (PRPC_SID) PolicyInfo->PolicyAccountDomainInfo.DomainSid,
  407. &DomainHandle
  408. );
  410. if (!NT_SUCCESS(Status))
  411. {
  412. goto Cleanup;
  413. }
  416. //
  417. // grab the globals while holding the lock.
  418. // ... then release the lock prior to making the call!
  419. //
  421. KerbGlobalReadLock();
  422. GlobalsLocked = TRUE;
  424. LocalRole = KerbGlobalRole;
  426. Status = KerbDuplicateString( &LocalMachineName, &KerbGlobalMachineName );
  427. if(!NT_SUCCESS(Status))
  428. {
  429. DebugLog((DEB_ERROR, "Failed to duplicate KerbGlobalMachineName\n"));
  430. goto Cleanup;
  431. }
  433. if( LocalRole == KerbRoleDomainController )
  434. {
  435. Status = KerbDuplicateString( &LocalDomainName, &KerbGlobalDomainName );
  436. if(!NT_SUCCESS(Status))
  437. {
  438. DebugLog((DEB_ERROR, "Failed to duplicate KerbGlobalDomainName\n"));
  439. goto Cleanup;
  440. }
  441. }
  443. KerbGlobalReleaseLock();
  444. GlobalsLocked = FALSE;
  446. //
  447. // If the is a DC, try to look up the name in SAM as an AltSecId.
  448. // If that fails, we will try looking at the registry mapping.
  449. //
  451. if (LocalRole == KerbRoleDomainController)
  452. {
  453. UNICODE_STRING AltSecId = {0};
  454. KERBERR KerbErr;
  456. KerbErr = KerbBuildAltSecId(
  457. &AltSecId,
  458. ClientName,
  459. NULL, // no unicode realm
  460. ClientRealm
  461. );
  463. if (!KERB_SUCCESS(KerbErr))
  464. {
  465. Status = KerbMapKerbError(KerbErr);
  466. goto Cleanup;
  467. }
  469. Status = SamIGetUserLogonInformationEx(
  470. SamHandle,
  471. SAM_OPEN_BY_ALTERNATE_ID,
  472. &AltSecId,
  473. USER_ALL_PAC_INIT,
  474. &UserInfo,
  475. &TransitiveGroups,
  476. NULL // no user handle
  477. );
  479. KerbFreeString(&AltSecId);
  481. }
  485. if (!NT_SUCCESS(Status) || (UserInfo == NULL))
  486. {
  487. if (!ARGUMENT_PRESENT(MappedClientName) || MappedClientName->Buffer == NULL)
  488. {
  489. Status = KerbMapClientName(
  490. &LocalAccountName,
  491. ClientName,
  492. ClientRealm
  493. );
  495. if (!NT_SUCCESS(Status))
  496. {
  497. goto Cleanup;
  498. }
  499. }
  500. else
  501. {
  502. KerbDuplicateString(
  503. &LocalAccountName,
  504. MappedClientName
  505. );
  507. }
  510. Status = SamrLookupNamesInDomain(
  511. DomainHandle,
  512. 1,
  513. (PRPC_UNICODE_STRING) &LocalAccountName,
  514. &RidArray,
  515. &UseArray
  516. );
  518. if (!NT_SUCCESS(Status))
  519. {
  520. goto Cleanup;
  521. }
  523. if ((UseArray.Element[0] != SidTypeUser) &&
  524. (UseArray.Element[0] != SidTypeComputer))
  525. {
  526. Status = STATUS_NONE_MAPPED;
  527. goto Cleanup;
  528. }
  530. //
  531. // Finally open the user
  532. //
  533. Status = SamrOpenUser(
  534. DomainHandle,
  535. 0, // no desired access,
  536. RidArray.Element[0],
  537. &UserHandle
  538. );
  539. if (!NT_SUCCESS(Status))
  540. {
  541. goto Cleanup;
  542. }
  543. Status = SamrQueryInformationUser(
  544. UserHandle,
  545. UserAllInformation,
  546. &UserInfo
  547. );
  548. if (!NT_SUCCESS(Status))
  549. {
  550. goto Cleanup;
  551. }
  553. Status = SamrGetGroupsForUser(
  554. UserHandle,
  555. &Groups
  556. );
  558. if (!NT_SUCCESS(Status))
  559. {
  560. goto Cleanup;
  561. }
  564. }
  566. //
  567. // This is common code
  568. //
  571. //
  572. // Set the password must changes time to inifinite because we don't
  573. // want spurious password must change popups
  574. //
  576. UserInfo->All.PasswordMustChange = *(POLD_LARGE_INTEGER) &KerbGlobalWillNeverTime;
  578. //
  579. // Finally build the PAC
  580. //
  583. Status = PAC_Init(
  584. &UserInfo->All,
  585. Groups,
  586. &TransitiveGroups, // no extra groups
  587. PolicyInfo->PolicyAccountDomainInfo.DomainSid,
  588. ((LocalRole == KerbRoleDomainController) ?
  589. &LocalDomainName : &LocalMachineName),
  590. &LocalMachineName,
  591. 0, // no signature
  592. 0, // no additional data
  593. NULL, // no additional data
  594. &LocalPac
  595. );
  597. if (!NT_SUCCESS(Status))
  598. {
  599. goto Cleanup;
  600. }
  601. *Pac = LocalPac;
  602. LocalPac = NULL;
  604. Cleanup:
  606. if( GlobalsLocked )
  607. {
  608. KerbGlobalReleaseLock();
  609. }
  611. KerbFreeString( &LocalMachineName );
  612. KerbFreeString( &LocalDomainName );
  613. KerbFreeString( &LocalAccountName );
  616. if (UserHandle != NULL)
  617. {
  618. SamrCloseHandle( &UserHandle );
  619. }
  620. if (DomainHandle != NULL)
  621. {
  622. SamrCloseHandle( &DomainHandle );
  623. }
  624. if (SamHandle != NULL)
  625. {
  626. SamrCloseHandle( &SamHandle );
  627. }
  628. if (Groups != NULL)
  629. {
  630. SamIFree_SAMPR_GET_GROUPS_BUFFER( Groups );
  631. }
  633. SamIFreeSidAndAttributesList(&TransitiveGroups);
  635. if (UserInfo != NULL)
  636. {
  637. SamIFree_SAMPR_USER_INFO_BUFFER( UserInfo, UserAllInformation );
  638. }
  639. if (PolicyInfo != NULL)
  640. {
  641. LsaIFree_LSAPR_POLICY_INFORMATION(
  642. PolicyAccountDomainInformation,
  643. PolicyInfo
  644. );
  645. }
  646. SamIFree_SAMPR_ULONG_ARRAY( &UseArray );
  647. SamIFree_SAMPR_ULONG_ARRAY( &RidArray );
  649. if (LocalPac != NULL)
  650. {
  651. MIDL_user_free(LocalPac);
  652. }
  654. return(Status);
  656. }
  657. #endif // WIN32_CHICAGO