archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
4.9 GiB
Tree: 5c6fe3db62
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c6fe3db62'
${ noResults }
windows-server-2003/ds/security/protocols/kerberos/parser/kerbparser.cxx

730 lines
17 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. //=============================================================================
  2. //
  3. // MODULE: Kerbparser.cxx
  4. //
  5. // Description:
  6. //
  7. // Bloodhound Parser DLL for Kerberos Authentication Protocol
  8. //
  9. // Modification History
  10. //
  11. // Michael Webb & Kris Frost Date: 06/04/99
  12. // Mark Pustilnik Date: 02/04/02 - Clean-up / rewrite
  13. //
  14. //=============================================================================
  16. #include "ASN1Parser.hxx"
  18. //
  19. // Protocol entry points.
  20. //
  22. VOID
  23. WINAPI
  24. KerberosRegister(
  25. IN HPROTOCOL hKerberosProtocol
  26. );
  28. VOID
  29. WINAPI
  30. KerberosDeregister(
  31. IN HPROTOCOL hKerberosProtocol
  32. );
  34. LPBYTE
  35. WINAPI
  36. KerberosRecognizeFrame(
  37. IN HFRAME hFrame,
  38. IN ULPBYTE MacFrame,
  39. IN ULPBYTE KerberosFrame,
  40. IN DWORD MacType,
  41. IN DWORD BytesLeft,
  42. IN HPROTOCOL hPreviousProtocol,
  43. IN DWORD nPreviousProtocolOffset,
  44. OUT LPDWORD ProtocolStatusCode,
  45. OUT LPHPROTOCOL hNextProtocol,
  46. OUT PDWORD_PTR InstData
  47. );
  49. LPBYTE
  50. WINAPI
  51. KerberosAttachProperties(
  52. IN HFRAME hFrame,
  53. IN ULPBYTE MacFrame,
  54. IN ULPBYTE KerberosFrame,
  55. IN DWORD MacType,
  56. IN DWORD BytesLeft,
  57. IN HPROTOCOL hPreviousProtocol,
  58. IN DWORD nPreviousProtocolOffset,
  59. IN DWORD_PTR InstData
  60. );
  62. DWORD
  63. WINAPI
  64. KerberosFormatProperties(
  65. IN HFRAME hFrame,
  66. IN ULPBYTE MacFrame,
  67. IN ULPBYTE FrameData,
  68. IN DWORD nPropertyInsts,
  69. IN LPPROPERTYINST p
  70. );
  72. ENTRYPOINTS g_KerberosEntryPoints =
  73. {
  74. KerberosRegister,
  75. KerberosDeregister,
  76. KerberosRecognizeFrame,
  77. KerberosAttachProperties,
  78. KerberosFormatProperties
  79. };
  81. //
  82. // Protocol handle
  83. //
  85. HPROTOCOL g_hKerberos = NULL;
  87. //
  88. // Protocol status
  89. //
  91. DWORD g_Attached = 0;
  93. //
  94. // Protocol handles used to check for continuation packets.
  95. //
  97. HPROTOCOL g_hTCP = NULL;
  98. HPROTOCOL g_hUDP = NULL;
  100. //
  101. // Definitions of exported functions
  102. //
  104. //-----------------------------------------------------------------------------
  105. //
  106. // Routine name: ParserAutoInstallInfo
  107. //
  108. // Routine description:
  109. //
  110. // Sets up a parser information structure describing which ports are
  111. // being listened on, etc.
  112. //
  113. // Arguments:
  114. //
  115. // None
  116. //
  117. // Returns:
  118. //
  119. // Pointer to a PF_PARSERDLLINFO structure describing the protocol
  120. //
  121. //-----------------------------------------------------------------------------
  123. PPF_PARSERDLLINFO
  124. ParserAutoInstallInfo()
  125. {
  126. PPF_PARSERDLLINFO pParserDllInfo = NULL;
  127. PPF_PARSERINFO pParserInfo = NULL;
  128. PPF_HANDOFFSET pHandoffSet = NULL;
  129. PPF_HANDOFFENTRY pHandoffEntry = NULL;
  130. DWORD NumProtocols, NumHandoffs;
  132. //
  133. // Allocate memory for parser info
  134. //
  136. NumProtocols = 1;
  137. pParserDllInfo = (PPF_PARSERDLLINFO)HeapAlloc(
  138. GetProcessHeap(),
  139. HEAP_ZERO_MEMORY,
  140. sizeof( PF_PARSERDLLINFO ) +
  141. NumProtocols * sizeof( PF_PARSERINFO )
  142. );
  144. if ( pParserDllInfo == NULL )
  145. {
  146. goto Error;
  147. }
  149. //
  150. // Fill in the parser DLL info
  151. //
  153. pParserDllInfo->nParsers = NumProtocols;
  155. pParserInfo = &(pParserDllInfo->ParserInfo[0]);
  157. strncpy(
  158. pParserInfo->szProtocolName,
  159. "KERBEROS",
  160. sizeof( pParserInfo->szProtocolName )
  161. );
  163. strncpy(
  164. pParserInfo->szComment,
  165. "Kerberos Authentication Protocol",
  166. sizeof( pParserInfo->szComment )
  167. );
  169. strncpy(
  170. pParserInfo->szHelpFile,
  171. "",
  172. sizeof( pParserInfo->szHelpFile )
  173. );
  175. NumHandoffs = 2;
  176. pHandoffSet = (PPF_HANDOFFSET)HeapAlloc(
  177. GetProcessHeap(),
  178. HEAP_ZERO_MEMORY,
  179. sizeof( PF_HANDOFFSET ) +
  180. NumHandoffs * sizeof( PF_HANDOFFENTRY )
  181. );
  184. if ( pHandoffSet == NULL )
  185. {
  186. goto Error;
  187. }
  189. pParserInfo->pWhoHandsOffToMe = pHandoffSet;
  190. pHandoffSet->nEntries = NumHandoffs;
  192. //
  193. // UDP port 88
  194. //
  196. pHandoffEntry = &(pHandoffSet->Entry[0]);
  198. strncpy(
  199. pHandoffEntry->szIniFile,
  200. "TCPIP.INI",
  201. sizeof( pHandoffEntry->szIniFile )
  202. );
  204. strncpy(
  205. pHandoffEntry->szIniSection,
  206. "UDP_HandoffSet",
  207. sizeof( pHandoffEntry->szIniSection )
  208. );
  210. strncpy(
  211. pHandoffEntry->szProtocol,
  212. "KERBEROS",
  213. sizeof( pHandoffEntry->szProtocol )
  214. );
  216. pHandoffEntry->dwHandOffValue = 88; // TODO: make configurable?
  217. pHandoffEntry->ValueFormatBase = HANDOFF_VALUE_FORMAT_BASE_DECIMAL;
  219. //
  220. // TCP port 88
  221. //
  223. pHandoffEntry = &(pHandoffSet->Entry[0]);
  225. strncpy(
  226. pHandoffEntry->szIniFile,
  227. "TCPIP.INI",
  228. sizeof( pHandoffEntry->szIniFile )
  229. );
  231. strncpy(
  232. pHandoffEntry->szIniSection,
  233. "TCP_HandoffSet",
  234. sizeof( pHandoffEntry->szIniSection )
  235. );
  237. strncpy(
  238. pHandoffEntry->szProtocol,
  239. "KERBEROS",
  240. sizeof( pHandoffEntry->szProtocol )
  241. );
  243. pHandoffEntry->dwHandOffValue = 88; // TODO: make configurable?
  244. pHandoffEntry->ValueFormatBase = HANDOFF_VALUE_FORMAT_BASE_DECIMAL;
  246. Cleanup:
  248. return pParserDllInfo;
  250. Error:
  252. HeapFree( GetProcessHeap(), 0, pHandoffSet );
  253. pHandoffSet = NULL;
  255. HeapFree( GetProcessHeap(), 0, pParserDllInfo );
  256. pParserDllInfo = NULL;
  258. goto Cleanup;
  259. }
  262. //-----------------------------------------------------------------------------
  263. //
  264. // Routine name: DllEntry
  265. //
  266. // Routine description:
  267. //
  268. // Mail DLL entrypoint
  269. //
  270. // Arguments:
  271. //
  272. // hInstance process instance
  273. // Command ATTACH/DETACH/etc.
  274. // Reserved Reserved
  275. //
  276. // Returns:
  277. //
  278. // Standard DllEntry TRUE or FALSE
  279. //
  280. //-----------------------------------------------------------------------------
  282. extern "C" {
  284. BOOL
  285. WINAPI
  286. DLLEntry(
  287. IN HANDLE hInstance,
  288. IN ULONG Command,
  289. IN LPVOID Reserved
  290. )
  291. {
  292. if ( Command == DLL_PROCESS_ATTACH )
  293. {
  294. if ( g_Attached++ == 0 )
  295. {
  296. g_hKerberos = CreateProtocol(
  297. "KERBEROS",
  298. &g_KerberosEntryPoints,
  299. ENTRYPOINTS_SIZE
  300. );
  301. }
  302. }
  303. else if ( Command == DLL_PROCESS_DETACH )
  304. {
  305. if ( --g_Attached == 0 )
  306. {
  307. DestroyProtocol( g_hKerberos );
  308. g_hKerberos = NULL;
  309. }
  310. }
  312. return TRUE; //... Bloodhound parsers ALWAYS return TRUE.
  313. }
  315. } // extern "C"
  317. //-----------------------------------------------------------------------------
  318. //
  319. // Routine name: KerberosRegister
  320. //
  321. // Routine description:
  322. //
  323. // Registers the Kerberos protocol with the parser
  324. //
  325. // Arguments:
  326. //
  327. // hKerberosProtocol protocol handle
  328. //
  329. // Returns:
  330. //
  331. // Nothing
  332. //
  333. //-----------------------------------------------------------------------------
  335. VOID
  336. WINAPI
  337. KerberosRegister(
  338. IN HPROTOCOL hKerberosProtocol
  339. )
  340. {
  341. DWORD NmErr;
  343. //
  344. // Start by creating the property database
  345. //
  347. NmErr = CreatePropertyDatabase(
  348. hKerberosProtocol,
  349. ARRAY_COUNT( g_KerberosDatabase )
  350. );
  352. if ( NmErr != NMERR_SUCCESS )
  353. {
  354. SetLastError( NmErr );
  355. return;
  356. }
  358. for ( DWORD i = 0;
  359. i < ARRAY_COUNT( g_KerberosDatabase );
  360. i++ )
  361. {
  362. if ( NULL == AddProperty(
  363. hKerberosProtocol,
  364. &g_KerberosDatabase[i] ))
  365. {
  366. // TODO: find a better way to report this error
  367. SetLastError( ERROR_INTERNAL_ERROR );
  368. return;
  369. }
  370. }
  372. //
  373. // Check to see whether TCP or UDP are being used
  374. //
  376. g_hTCP = GetProtocolFromName( "TCP" );
  377. g_hUDP = GetProtocolFromName( "UDP" );
  379. return;
  380. }
  383. //-----------------------------------------------------------------------------
  384. //
  385. // Routine name: KerberosDeregister
  386. //
  387. // Routine description:
  388. //
  389. // Unregisters the Kerberos protocol from the parser
  390. //
  391. // Arguments:
  392. //
  393. // hKerberosProtocol protocol handle
  394. //
  395. // Returns:
  396. //
  397. // Nothing
  398. //
  399. //-----------------------------------------------------------------------------
  401. VOID
  402. WINAPI
  403. KerberosDeregister(
  404. IN HPROTOCOL hKerberosProtocol
  405. )
  406. {
  407. DestroyPropertyDatabase( hKerberosProtocol );
  408. }
  411. //-----------------------------------------------------------------------------
  412. //
  413. // Routine name: KerberosRecognizeFrame
  414. //
  415. // Routine description:
  416. //
  417. // Looks at a frame with the purpose of "recognizing it".
  418. // Kerberos has no sub-protocols, so every frame is claimed.
  419. //
  420. // Arguments:
  421. //
  422. // hFrame frame handle
  423. // MacFrame frame pointer
  424. // KerberosFrame relative pointer
  425. // MacType MAC type
  426. // BytesLeft bytes left
  427. // hPreviousProtocol previous protocol or NULL if none
  428. // nPreviousProtocolOffset offset of previous protocols
  429. // ProtocolStatusCode used to return the status code
  430. // hNextProtocol next protocol to call (optional)
  431. // InstData next protocol instance data
  432. //
  433. // Returns:
  434. //
  435. // Nothing
  436. //
  437. //-----------------------------------------------------------------------------
  439. LPBYTE
  440. WINAPI
  441. KerberosRecognizeFrame(
  442. IN HFRAME hFrame,
  443. IN ULPBYTE MacFrame,
  444. IN ULPBYTE KerberosFrame,
  445. IN DWORD MacType,
  446. IN DWORD BytesLeft,
  447. IN HPROTOCOL hPreviousProtocol,
  448. IN DWORD nPreviousProtocolOffset,
  449. OUT LPDWORD ProtocolStatusCode,
  450. OUT LPHPROTOCOL hNextProtocol,
  451. OUT PDWORD_PTR InstData
  452. )
  453. {
  454. //
  455. // There are no sub-protocols; claim every frame
  456. //
  458. *ProtocolStatusCode = PROTOCOL_STATUS_CLAIMED;
  459. return NULL;
  460. }
  463. //-----------------------------------------------------------------------------
  464. //
  465. // Routine name: KerberosAttachProperties
  466. //
  467. // Routine description:
  468. //
  469. // Parses out the frame given the request type
  470. //
  471. // Arguments:
  472. //
  473. // hFrame frame handle
  474. // MacFrame frame pointer
  475. // KerberosFrame relative pointer
  476. // MacType MAC type
  477. // BytesLeft bytes left
  478. // hPreviousProtocol previous protocol or NULL if none
  479. // nPreviousProtocolOffset offset of previous protocols
  480. // InstData next protocol instance data
  481. //
  482. // Returns:
  483. //
  484. // Pointer to data just past whatever was consumed or NULL on error
  485. //
  486. //-----------------------------------------------------------------------------
  488. LPBYTE
  489. WINAPI
  490. KerberosAttachProperties(
  491. IN HFRAME hFrame,
  492. IN ULPBYTE MacFrame,
  493. IN ULPBYTE KerberosFrame,
  494. IN DWORD MacType,
  495. IN DWORD BytesLeft,
  496. IN HPROTOCOL hPreviousProtocol,
  497. IN DWORD nPreviousProtocolOffset,
  498. IN DWORD_PTR InstData
  499. )
  500. {
  501. LPBYTE pKerberosFrame; // pointer to a TCP or UDP frame
  502. LPBYTE Address;
  504. //
  505. // Check to see if first two octets of the frame are equal to 00 00 which
  506. // would be the case should the packet be the first of TCP
  507. //
  509. if( KerberosFrame[0] == 0x00 &&
  510. KerberosFrame[1] == 0x00 )
  511. {
  512. Address = KerberosFrame+4; // TODO: add frame length check?
  513. pKerberosFrame = Address;
  514. }
  515. else
  516. {
  517. Address = KerberosFrame;
  518. pKerberosFrame = Address;
  519. }
  521. //
  522. // Here we are going to do a check to see if the packet is TCP and
  523. // check to see if the first two octets of the packet don't have the
  524. // value of 00 00. If not, then we mark the frame as a continuation
  525. // packet. Reason for doing this is because, sometimes 0x1F of the
  526. // first packet can still match one of the case statements which
  527. // erroneously displays a continuation packet.
  528. //
  530. if( hPreviousProtocol == g_hTCP &&
  531. KerberosFrame[0] != 0 &&
  532. KerberosFrame[1] != 0 )
  533. {
  534. //
  535. // Treat this as a continutation packet
  536. //
  538. if ( FALSE == AttachPropertyInstance(
  539. hFrame,
  540. g_KerberosDatabase[ContinuationPacket].hProperty,
  541. BytesLeft,
  542. Address,
  543. 0,
  544. 0,
  545. 0 ))
  546. {
  547. return NULL;
  548. }
  549. }
  550. else
  551. {
  552. //
  553. // pKerberosFrame is a local variable and is used
  554. // to display TCP data as well.
  555. //
  557. switch (*(pKerberosFrame) & 0x1F)
  558. {
  559. case ASN1_KRB_AS_REQ:
  560. case ASN1_KRB_TGS_REQ:
  561. {
  562. //
  563. // AS-REQ ::= [APPLICATION 10] KDC-REQ
  564. // TGS-REQ ::= [APPLICATION 12] KDC-REQ
  565. //
  567. DWORD dw;
  568. ASN1FRAME Frame;
  569. HPROPERTY hProp;
  571. Frame.Address = Address;
  572. Frame.hFrame = hFrame;
  573. Frame.Level = 0;
  575. if (( *(pKerberosFrame) & 0x1F ) == ASN1_KRB_AS_REQ )
  576. {
  577. hProp = PROP( KRB_AS_REQ );
  578. }
  579. else
  580. {
  581. hProp = PROP( KRB_TGS_REQ );
  582. }
  584. ASN1ParserKdcReq
  585. KdcReq(
  586. FALSE,
  587. BuildDescriptor( ctApplication, pcConstructed, (*(pKerberosFrame) & 0x1F)),
  588. hProp );
  590. dw = KdcReq.Parse( &Frame );
  592. //
  593. // TODO: display "data in error" if unhappy
  594. //
  596. break;
  597. }
  599. case ASN1_KRB_AS_REP:
  600. case ASN1_KRB_TGS_REP:
  601. {
  602. //
  603. // AS-REP ::= [APPLICATION 11] KDC-REP
  604. // TGS-REP ::= [APPLICATION 13] KDC-REP
  605. //
  607. DWORD dw;
  608. ASN1FRAME Frame;
  609. HPROPERTY hProp;
  611. Frame.Address = Address;
  612. Frame.hFrame = hFrame;
  613. Frame.Level = 0;
  615. if (( *(pKerberosFrame) & 0x1F ) == ASN1_KRB_AS_REP )
  616. {
  617. hProp = PROP( KRB_AS_REP );
  618. }
  619. else
  620. {
  621. hProp = PROP( KRB_TGS_REP );
  622. }
  624. ASN1ParserKdcRep
  625. KdcRep(
  626. FALSE,
  627. BuildDescriptor( ctApplication, pcConstructed, (*(pKerberosFrame) & 0x1F)),
  628. hProp );
  630. dw = KdcRep.Parse( &Frame );
  632. //
  633. // TODO: display "data in error" if unhappy
  634. //
  636. break;
  637. }
  639. case ASN1_KRB_ERROR:
  640. {
  641. DWORD dw;
  642. ASN1FRAME Frame;
  644. Frame.Address = Address;
  645. Frame.hFrame = hFrame;
  646. Frame.Level = 0;
  648. ASN1ParserKrbError
  649. KrbError(
  650. FALSE,
  651. BuildDescriptor( ctApplication, pcConstructed, (*(pKerberosFrame) & 0x1F)),
  652. PROP( KRB_ERROR ));
  654. dw = KrbError.Parse( &Frame );
  656. //
  657. // TODO: display "data in error" if unhappy
  658. //
  660. break;
  661. }
  663. case ASN1_KRB_AP_REQ:
  664. case ASN1_KRB_AP_REP:
  665. case ASN1_KRB_SAFE:
  666. case ASN1_KRB_PRIV:
  667. case ASN1_KRB_CRED:
  668. default:
  670. //
  671. // TODO: this is most certainly wrong; use a different property handle
  672. //
  674. if ( FALSE == AttachPropertyInstance(hFrame,
  675. g_KerberosDatabase[ContinuationPacket].hProperty,
  676. BytesLeft,
  677. Address,
  678. 0,
  679. 0,
  680. 0 ))
  681. {
  682. return NULL;
  683. }
  685. break;
  686. }
  687. }
  689. return (LPBYTE) KerberosFrame + BytesLeft;
  690. }
  693. DWORD
  694. WINAPI
  695. KerberosFormatProperties(
  696. IN HFRAME hFrame,
  697. IN ULPBYTE MacFrame,
  698. IN ULPBYTE FrameData,
  699. IN DWORD nPropertyInsts,
  700. IN LPPROPERTYINST p
  701. )
  702. {
  703. //=========================================================================
  704. // Format each property in the property instance table.
  705. //
  706. // The property-specific instance data was used to store the address of a
  707. // property-specific formatting function so all we do here is call each
  708. // function via the instance data pointer.
  709. //=========================================================================
  711. //
  712. // Doing a check here for TCP packets. If it's the first packet,
  713. // we increment FrameData by 4 to get past the length header
  714. //
  716. if ( FrameData[0] == 0x00 &&
  717. FrameData[1] == 0x00 )
  718. {
  719. FrameData += 4;
  720. }
  722. while ( nPropertyInsts-- )
  723. {
  724. ((FORMAT) p->lpPropertyInfo->InstanceData)(p);
  726. p++;
  727. }
  729. return NMERR_SUCCESS;
  730. }