archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 5c6fe3db62
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c6fe3db62'
${ noResults }
windows-server-2003/ds/security/protocols/kerberos/kerbproxy/kpkdc.cxx

553 lines
13 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. //+-----------------------------------------------------------------------
  2. //
  3. // Microsoft Windows
  4. //
  5. // Copyright (c) Microsoft Corporation
  6. //
  7. // File: kpkdc.h
  8. //
  9. // Contents: routines for communicating with the kdc
  10. //
  11. // History: 10-Jul-2001 t-ryanj Created
  12. //
  13. //------------------------------------------------------------------------
  14. #include <nt.h>
  15. #include <ntrtl.h>
  16. #include <nturtl.h>
  17. #include <windows.h>
  18. #ifndef SECURITY_WIN32
  19. #define SECURITY_WIN32
  20. #endif
  21. #include <kerbcomm.h>
  22. #include <dsgetdc.h>
  23. #include <lm.h> /* for NetApiBufferFree */
  24. #include "kpkdc.h"
  25. #include "kpcontext.h"
  26. #include "kpcore.h"
  28. #define KDC_SERVICE_NAME "kerberos"
  29. #define KDC_FALLBACK_PORT 88
  31. SHORT KpDefaultKdcPort;
  32. BOOL KpWSAStarted = FALSE;
  34. ULONG
  35. KpGetPduValue(
  36. PKPCONTEXT pContext
  37. );
  39. VOID
  40. KpInitDefaultKdcPort(
  41. VOID
  42. );
  44. //+-------------------------------------------------------------------------
  45. //
  46. // Function: KpInitWinsock
  47. //
  48. // Synopsis: Starts winsock
  49. //
  50. // Effects:
  51. //
  52. // Arguments:
  53. //
  54. // Requires:
  55. //
  56. // Returns: Success value. If FALSE, GetLastError() for details.
  57. //
  58. // Notes:
  59. //
  60. //
  61. //--------------------------------------------------------------------------
  62. BOOL
  63. KpInitWinsock(
  64. VOID
  65. )
  66. {
  67. WORD wWinsockVersionRequested = MAKEWORD( 2,2 );
  68. WSADATA wsaData;
  69. DWORD WSAStartError;
  71. DsysAssert(!KpWSAStarted);
  72. WSAStartError = WSAStartup( wWinsockVersionRequested, &wsaData );
  73. if( WSAStartError == SOCKET_ERROR )
  74. {
  75. DebugLog( DEB_ERROR, "%s(%d): Error starting winsock: 0x%x.\n", __FILE__, __LINE__, WSAGetLastError() );
  76. SetLastError(WSAGetLastError());
  77. goto Cleanup;
  78. }
  80. KpWSAStarted = TRUE;
  82. KpInitDefaultKdcPort();
  84. Cleanup:
  85. return KpWSAStarted;
  86. }
  88. //+-------------------------------------------------------------------------
  89. //
  90. // Function: KpCleanupWinsock
  91. //
  92. // Synopsis: Cleans up winsock.
  93. //
  94. // Effects:
  95. //
  96. // Arguments:
  97. //
  98. // Requires:
  99. //
  100. // Returns:
  101. //
  102. // Notes:
  103. //
  104. //
  105. //--------------------------------------------------------------------------
  106. VOID
  107. KpCleanupWinsock(
  108. VOID
  109. )
  110. {
  111. if( KpWSAStarted )
  112. {
  113. WSACleanup();
  114. KpWSAStarted = FALSE;
  115. }
  116. }
  118. //+-------------------------------------------------------------------------
  119. //
  120. // Function: KpInitDefaultKdcPort
  121. //
  122. // Synopsis: Finds the appropriate port for talking to kdcs.
  123. //
  124. // Effects:
  125. //
  126. // Arguments:
  127. //
  128. // Requires:
  129. //
  130. // Returns:
  131. //
  132. // Notes:
  133. //
  134. //
  135. //--------------------------------------------------------------------------
  136. VOID
  137. KpInitDefaultKdcPort(
  138. VOID
  139. )
  140. {
  141. PSERVENT krb5;
  143. /* TODO: Read from registry. */
  145. //
  146. // Ask winsock what port kerberos works on. This should be defined in
  147. // %systemroot%\system32\drivers\etc\services
  148. // Note that winsock manages the servent struct, we don't need to free it.
  149. //
  151. if( krb5 = getservbyname( KDC_SERVICE_NAME, NULL ) )
  152. {
  153. KpDefaultKdcPort = krb5->s_port;
  154. }
  155. else
  156. {
  157. DebugLog( DEB_WARN, "%s(%d): Could not determine kerberos port; falling back to port %d.\n", __FILE__, __LINE__, KDC_FALLBACK_PORT );
  158. KpDefaultKdcPort = htons( KDC_FALLBACK_PORT );
  159. }
  160. }
  162. //+-------------------------------------------------------------------------
  163. //
  164. // Function: KpKdcWrite
  165. //
  166. // Synopsis: Writes the response to the KDC.
  167. //
  168. // Effects:
  169. //
  170. // Arguments: pContext - the context
  171. //
  172. // Requires:
  173. //
  174. // Returns:
  175. //
  176. // Notes:
  177. //
  178. //
  179. //--------------------------------------------------------------------------
  180. VOID
  181. KpKdcWrite(
  182. PKPCONTEXT pContext
  183. )
  184. {
  185. PKERB_KDC_REQUEST pKdcReq = NULL;
  186. KERBERR KerbErr;
  187. ULONG PduValue = 0; /* compiler stupid, insists on =0 */
  188. PDOMAIN_CONTROLLER_INFOA pKdcInfo = NULL;
  189. DWORD DsError;
  190. sockaddr_in KdcAddr;
  191. int connecterr;
  192. BOOL WriteSuccess;
  194. DebugLog( DEB_TRACE, "%s(%d): %d bytes read from http.\n", __FILE__, __LINE__, pContext->pECB->cbTotalBytes );
  196. //
  197. // First we need to find the PduValue for the request so we can unpack.
  198. //
  200. PduValue = KpGetPduValue(pContext);
  202. if( !PduValue )
  203. goto Error;
  205. //
  206. // Unpack the request.
  207. //
  209. KerbErr = KerbUnpackData( pContext->databuf + sizeof(DWORD),
  210. pContext->buflen - sizeof(DWORD),
  211. PduValue,
  212. (PVOID*)&pKdcReq );
  214. if( !KERB_SUCCESS(KerbErr) )
  215. {
  216. DebugLog( DEB_ERROR, "%s(%d): Kerberos Error: 0x%x\n", __FILE__, __LINE__, KerbErr );
  217. goto Error;
  218. }
  220. //
  221. // Now we need to look for a KDC for the realm specified in the request.
  222. //
  224. DebugLog( DEB_TRACE, "%s(%d): Realm found to be %s.\n", __FILE__, __LINE__, pKdcReq->request_body.realm );
  226. DsError = DsGetDcNameA( NULL, /* Computer Name */
  227. pKdcReq->request_body.realm,
  228. NULL, /* Domain GUID */
  229. NULL, /* Site Name */
  230. DS_IP_REQUIRED | DS_KDC_REQUIRED,
  231. &pKdcInfo );
  233. if( DsError != NO_ERROR )
  234. {
  235. DebugLog( DEB_ERROR, "%s(%d): Error from DsGetDcName: 0x%x\n", __FILE__, __LINE__, DsError );
  236. goto Error;
  237. }
  239. DebugLog( DEB_TRACE, "%s(%d): DC found. %s\n", __FILE__, __LINE__, pKdcInfo->DomainControllerAddress );
  241. //
  242. // Construct the SOCKADDR_IN to connect to the kdc.
  243. //
  245. KdcAddr.sin_family = AF_INET;
  246. KdcAddr.sin_port = KpDefaultKdcPort;
  247. KdcAddr.sin_addr.s_addr = inet_addr(pKdcInfo->DomainControllerAddress+2 /* past the \\ */ );
  249. //
  250. // Create the socket.
  251. //
  253. pContext->KdcSock = socket( AF_INET, SOCK_STREAM, IPPROTO_TCP );
  255. if( !pContext->KdcSock )
  256. {
  257. DebugLog( DEB_ERROR, "%s(%d): Error creating socket: 0x%x\n", __FILE__, __LINE__, WSAGetLastError() );
  258. goto Error;
  259. }
  261. //
  262. // Connect the socket.
  263. //
  265. connecterr = connect( pContext->KdcSock, (sockaddr*)&KdcAddr, sizeof(sockaddr_in) );
  267. if( connecterr )
  268. {
  269. DebugLog( DEB_ERROR, "%s(%d): Error connecting to Kdc: 0x%x\n", __FILE__, __LINE__, WSAGetLastError() );
  270. goto Error;
  271. }
  273. //
  274. // Associate the socket with the iocp.
  275. //
  277. /* if( KpGlobalIocp != CreateIoCompletionPort( (HANDLE)pContext->KdcSock,
  278. KpGlobalIocp,
  279. KPCK_CHECK_CONTEXT,
  280. 0 ) ) */
  281. if( !BindIoCompletionCallback( (HANDLE)pContext->KdcSock,
  282. KpIoCompletionRoutine,
  283. 0 ) )
  284. {
  285. DebugLog( DEB_ERROR, "%s(%d): Error associating Iocp with Kdc socket: 0x%x.\n", __FILE__, __LINE__, GetLastError() );
  286. goto Error;
  287. }
  289. //
  290. // Write the request asynchronously.
  291. //
  293. ZeroMemory( &(pContext->ol), sizeof(OVERLAPPED) );
  294. pContext->dwStatus = KP_KDC_WRITE;
  296. WriteSuccess = WriteFile( (HANDLE)pContext->KdcSock,
  297. pContext->databuf,
  298. pContext->buflen,
  299. NULL, /* bytes written - not used in async */
  300. &(pContext->ol) );
  302. if( !WriteSuccess )
  303. {
  304. if( GetLastError() != ERROR_IO_PENDING )
  305. {
  306. DebugLog( DEB_ERROR, "%s(%d): Error issuing socket write: 0x%x\n", __FILE__, __LINE__, GetLastError() );
  307. goto Error;
  308. }
  309. }
  312. Cleanup:
  313. if( pKdcInfo )
  314. NetApiBufferFree( pKdcInfo );
  315. if( pKdcReq )
  316. KerbFreeData( PduValue, pKdcReq );
  317. return;
  319. Error:
  320. KpReleaseContext(pContext);
  321. goto Cleanup;
  322. }
  324. //+-------------------------------------------------------------------------
  325. //
  326. // Function: KpKdcRead
  327. //
  328. // Synopsis: Reads the response from the KDC.
  329. //
  330. // Effects:
  331. //
  332. // Arguments: pContext
  333. //
  334. // Requires:
  335. //
  336. // Returns:
  337. //
  338. // Notes: Just a stub now.
  339. //
  340. //
  341. //--------------------------------------------------------------------------
  342. VOID
  343. KpKdcRead(
  344. PKPCONTEXT pContext
  345. )
  346. {
  347. BOOL ReadSuccess;
  349. //
  350. // Read as much data as possible from the socket asynchronously.
  351. //
  353. ZeroMemory( &(pContext->ol), sizeof(OVERLAPPED) );
  355. pContext->dwStatus = KP_KDC_READ;
  357. DebugLog( DEB_PEDANTIC, "%s(%d): Reading up to %d bytes from Kdc socket.\n", __FILE__, __LINE__, pContext->buflen - pContext->bytesReceived );
  359. ReadSuccess = ReadFile( (HANDLE)pContext->KdcSock,
  360. pContext->databuf + pContext->bytesReceived,
  361. pContext->buflen - pContext->bytesReceived,
  362. NULL, /* bytes read - not used in async */
  363. &(pContext->ol) );
  365. if( !ReadSuccess )
  366. {
  367. if( GetLastError() != ERROR_IO_PENDING )
  368. {
  369. DebugLog( DEB_ERROR, "%s(%d): Error issuing read: 0x%x\n", __FILE__, __LINE__, GetLastError() );
  370. goto Error;
  371. }
  372. }
  374. Cleanup:
  375. return;
  377. Error:
  378. KpReleaseContext(pContext);
  379. goto Cleanup;
  380. }
  382. //+-------------------------------------------------------------------------
  383. //
  384. // Function: KpKdcReadDone
  385. //
  386. // Synopsis: Checks to see if enough data has been read.
  387. //
  388. // Effects:
  389. //
  390. // Arguments: pContext
  391. //
  392. // Requires:
  393. //
  394. // Returns: TRUE of reading is complete.
  395. //
  396. // Notes:
  397. //
  398. //--------------------------------------------------------------------------
  399. BOOL
  400. KpKdcReadDone(
  401. PKPCONTEXT pContext
  402. )
  403. {
  404. InterlockedExchangeAdd( (LONG*)&(pContext->bytesReceived), (LONG)pContext->ol.InternalHigh );
  405. return pContext->bytesReceived == pContext->buflen;
  406. }
  408. //+-------------------------------------------------------------------------
  409. //
  410. // Function: KpCalcLength
  411. //
  412. // Synopsis: Calculates the length of the incoming request.
  413. //
  414. // Effects:
  415. //
  416. // Arguments: pContext
  417. //
  418. // Requires:
  419. //
  420. // Returns: Success value.
  421. //
  422. // Notes:
  423. //
  424. //--------------------------------------------------------------------------
  425. BOOL
  426. KpCalcLength(
  427. PKPCONTEXT pContext
  428. )
  429. {
  430. BOOL fRet = TRUE;
  431. DWORD cbContent;
  432. LPBYTE newbuf = NULL;
  434. //
  435. // Spec says that all requests that we recieve should be in TCP form,
  436. // meaning they are preceeded by at least 4 bytes in network byte order
  437. // indicating the length of the message. So if we don't have at least
  438. // four bytes of data, we're toast.
  439. //
  441. if( pContext->ol.InternalHigh < sizeof(DWORD) )
  442. {
  443. DebugLog( DEB_TRACE, "%s(%d): Less than sizeof(DWORD) bytes received. CalcLength failed.\n", __FILE__, __LINE__ );
  444. goto Error;
  445. }
  447. //
  448. // Convert the four bytes to host byte order.
  449. //
  451. cbContent = ntohl(*(u_long*)pContext->databuf);
  453. //
  454. // If the sign bit is set, that means that another four bytes are
  455. // needed for the length of the message. That's too long, so
  456. // we'll just punt.
  457. //
  459. if( cbContent & 0x80000000 ) /* high bit set */
  460. {
  461. DebugLog( DEB_TRACE, "%s(%d): Length won't fit in DWORD.\n", __FILE__, __LINE__ );
  462. goto Error;
  463. }
  465. //
  466. // So we're expecting as a total length, the length of the length
  467. // plus the length of the content.
  468. //
  470. pContext->bytesExpected = sizeof(DWORD) + cbContent;
  472. //
  473. // Realloc our buffer to be large enough to hold the whole message.
  474. //
  476. pContext->buflen = sizeof(DWORD) + cbContent;
  477. newbuf = (LPBYTE)KpReAlloc( pContext->databuf, pContext->buflen );
  478. if( !newbuf )
  479. {
  480. DebugLog( DEB_TRACE, "%s(%d): Realloc failed. CalcLength failed.\n", __FILE__, __LINE__ );
  481. goto Error;
  482. }
  483. pContext->databuf = newbuf;
  485. DebugLog( DEB_TRACE, "%s(%d): Looking for reply of length %d.\n", __FILE__, __LINE__, pContext->bytesExpected );
  487. Cleanup:
  488. return fRet;
  490. Error:
  491. fRet = FALSE;
  492. goto Cleanup;
  493. }
  495. //+-------------------------------------------------------------------------
  496. //
  497. // Function: KpGetPduValue
  498. //
  499. // Synopsis: Looks at the first byte of the request to determine the
  500. // message type, and returns the appropriate PduValue for
  501. // unpacking.
  502. //
  503. // Effects:
  504. //
  505. // Arguments: pContext
  506. //
  507. // Requires:
  508. //
  509. // Returns: The appropriate PduValue, or 0 on failure. Note that 0
  510. // is a valid PduValue, but since we're only concerned with
  511. // AS-REQ and TGS-REQ, we can ignore it.
  512. //
  513. // Notes:
  514. //
  515. //--------------------------------------------------------------------------
  516. ULONG
  517. KpGetPduValue(
  518. PKPCONTEXT pContext
  519. )
  520. {
  521. ULONG PduValue = 0;
  523. //
  524. // If we don't have the first byte, we can't exactly parse it.
  525. //
  527. if( pContext->buflen < 1 + sizeof(DWORD) )
  528. goto Cleanup;
  530. //
  531. // The last five bits of the first byte signify the message type.
  532. //
  534. switch( pContext->databuf[sizeof(DWORD)] & 0x1f ) /* last 5 bits */
  535. {
  536. case 0xa: /* AS-REQUEST */
  537. DebugLog( DEB_TRACE, "%s(%d): Processing AS-REQUEST.\n", __FILE__, __LINE__ );
  538. PduValue = KERB_AS_REQUEST_PDU;
  539. break;
  541. case 0xc: /* TGS-REQUEST */
  542. DebugLog( DEB_TRACE, "%s(%d): Processing TGS-REQUEST.\n", __FILE__, __LINE__ );
  543. PduValue = KERB_TGS_REQUEST_PDU;
  544. break;
  546. default:
  547. DebugLog( DEB_ERROR, "%s(%d): Not an AS or TGS request.\n", __FILE__, __LINE__ );
  548. goto Cleanup;
  549. }
  551. Cleanup:
  552. return PduValue;
  553. }