archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 5c6fe3db62
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c6fe3db62'
${ noResults }
windows-server-2003/ds/security/protocols/msv_sspi/test/msvlogon/msvlogon.cxx

505 lines
14 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (c) 2001 Microsoft Corporation
  5. Module Name:
  7. msvlogon.cxx
  9. Abstract:
  11. logon
  13. Author:
  15. Larry Zhu (LZhu) December 1, 2001 Created
  17. Environment:
  19. User Mode
  21. Revision History:
  23. --*/
  25. #include "precomp.hxx"
  26. #pragma hdrstop
  28. #include "msvlogon.hxx"
  30. VOID
  31. Usage(
  32. IN PCSTR pszApp
  33. )
  34. {
  35. DebugPrintf(SSPI_ERROR, "\n\nUsage: %s [-p<ParameterControl>] -s<server> -S<server domain> "
  36. "-c<client name> -C<client realm> -k<password> -h<LogonId.highpart> -l<LognId.LowPart> "
  37. "-H<challeng HighPart> -L<challenge LowPart> -w<Workstation> -a<application>\n\n",
  38. pszApp);
  39. exit(-1);
  40. }
  42. NTSTATUS
  43. GetMsvLogonInfo(
  44. IN HANDLE hLogonHandle,
  45. IN ULONG PackageId,
  46. IN LUID* pLogonId,
  47. IN ULONG ParameterControl,
  48. IN UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH],
  49. IN UNICODE_STRING* pUserName,
  50. IN UNICODE_STRING* pUserDomain,
  51. IN UNICODE_STRING* pPassword,
  52. IN UNICODE_STRING* pServerName,
  53. IN UNICODE_STRING* pServerDomain,
  54. IN UNICODE_STRING* pWorkstation,
  55. OUT ULONG* pcbLogonInfo,
  56. OUT MSV1_0_LM20_LOGON** ppLogonInfo
  57. )
  58. {
  59. TNtStatus Status;
  60. NTSTATUS AuthPackageStatus = STATUS_UNSUCCESSFUL;
  62. MSV1_0_GETCHALLENRESP_REQUEST* pRequest = NULL;
  63. MSV1_0_GETCHALLENRESP_RESPONSE* pResponse = NULL;
  64. ULONG cbResponse = 0;
  65. ULONG cbRequest = 0;
  66. WCHAR* pWhere = NULL;
  67. UNICODE_STRING NtlmServerName = {0};
  68. ULONG cbLogonInfo = 0;
  69. MSV1_0_LM20_LOGON* pLogonInfo = NULL;
  71. NtlmServerName.Length = (pServerDomain->Length ? pServerDomain->Length + sizeof(WCHAR) : 0)
  72. + pServerName->Length;
  73. NtlmServerName.MaximumLength = NtlmServerName.Length + sizeof(WCHAR);
  75. NtlmServerName.Buffer = (PWSTR) new CHAR[NtlmServerName.MaximumLength];
  77. Status DBGCHK = NtlmServerName.Buffer ? STATUS_SUCCESS : STATUS_NO_MEMORY;
  79. if (NT_SUCCESS(Status))
  80. {
  81. RtlZeroMemory(NtlmServerName.Buffer, NtlmServerName.MaximumLength);
  83. if (pServerDomain->Length)
  84. {
  85. RtlCopyMemory(NtlmServerName.Buffer, pServerDomain->Buffer, pServerDomain->Length);
  86. RtlCopyMemory(NtlmServerName.Buffer + (pServerDomain->Length / sizeof(WCHAR)) + 1,
  87. pServerName->Buffer, pServerName->Length);
  88. }
  89. else
  90. {
  91. RtlCopyMemory(NtlmServerName.Buffer, pServerName->Buffer, pServerName->Length);
  92. }
  94. cbRequest = ROUND_UP_COUNT(sizeof(MSV1_0_GETCHALLENRESP_REQUEST), sizeof(ULONG_PTR))
  95. + pUserName->Length + sizeof(WCHAR)
  96. + pUserDomain->Length + sizeof(WCHAR)
  97. + NtlmServerName.Length + sizeof(WCHAR)
  98. + pPassword->Length + sizeof(WCHAR);
  100. pRequest = (MSV1_0_GETCHALLENRESP_REQUEST*) new CHAR[cbRequest];
  102. Status DBGCHK = pRequest ? STATUS_SUCCESS : STATUS_NO_MEMORY;
  103. }
  105. if (NT_SUCCESS(Status))
  106. {
  107. RtlZeroMemory(pRequest, cbRequest);
  109. pWhere = (WCHAR*) (pRequest + 1);
  111. pRequest->MessageType = MsV1_0Lm20GetChallengeResponse;
  112. pRequest->ParameterControl = ParameterControl;
  113. pRequest->LogonId = *pLogonId;
  114. RtlCopyMemory(pRequest->ChallengeToClient, ChallengeToClient, MSV1_0_CHALLENGE_LENGTH);
  116. PackUnicodeStringAsUnicodeStringZ(pUserName, &pWhere, &pRequest->UserName);
  117. PackUnicodeStringAsUnicodeStringZ(pUserDomain, &pWhere, &pRequest->LogonDomainName);
  118. PackUnicodeStringAsUnicodeStringZ(&NtlmServerName, &pWhere, &pRequest->ServerName);
  119. PackUnicodeStringAsUnicodeStringZ(pPassword, &pWhere, &pRequest->Password);
  121. DebugPrintf(SSPI_LOG, "MsvLsaLogonUser PackageId %#x, "
  122. "UserName %wZ, DomainName %wZ, Password %wZ, "
  123. "ParameterControl %#x, LogonId %#x:%#x\n",
  124. PackageId, &pRequest->UserName, &pRequest->LogonDomainName, &pRequest->Password,
  125. pRequest->ParameterControl, pRequest->LogonId.HighPart,
  126. pRequest->LogonId.LowPart);
  128. DebugPrintHex(SSPI_LOG, "pRequest->ServerName:", pRequest->ServerName.MaximumLength, pRequest->ServerName.Buffer);
  129. DebugPrintHex(SSPI_LOG, "ChallengeToClient:", MSV1_0_CHALLENGE_LENGTH, pRequest->ChallengeToClient);
  131. Status DBGCHK = LsaCallAuthenticationPackage(
  132. hLogonHandle,
  133. PackageId,
  134. pRequest,
  135. cbRequest,
  136. (VOID**) &pResponse,
  137. &cbResponse,
  138. &AuthPackageStatus
  139. );
  140. }
  142. if (NT_SUCCESS(Status))
  143. {
  144. Status DBGCHK = AuthPackageStatus;
  145. }
  147. if (NT_SUCCESS(Status))
  148. {
  149. DebugPrintf(SSPI_LOG, "GetMsvLogonInfo response LogonDomain %wZ, UserName %wZ\n",
  150. pResponse->LogonDomainName, pResponse->UserName);
  152. DebugPrintHex(SSPI_LOG, "CaseSensitiveChallengeResponse:",
  153. pResponse->CaseSensitiveChallengeResponse.Length,
  154. pResponse->CaseSensitiveChallengeResponse.Buffer);
  156. DebugPrintHex(SSPI_LOG, "CaseInsensitiveChallengeResponse:",
  157. pResponse->CaseInsensitiveChallengeResponse.Length,
  158. pResponse->CaseInsensitiveChallengeResponse.Buffer);
  160. DebugPrintHex(SSPI_LOG, "UserSessionKey:", MSV1_0_USER_SESSION_KEY_LENGTH, pResponse->UserSessionKey);
  161. DebugPrintHex(SSPI_LOG, "LanmanSessionKey:", MSV1_0_USER_SESSION_KEY_LENGTH, pResponse->LanmanSessionKey);
  163. cbLogonInfo = ROUND_UP_COUNT(sizeof(MSV1_0_LM20_LOGON), sizeof(ULONG_PTR))
  164. + pUserDomain->Length + sizeof(WCHAR)
  165. + pWorkstation->Length + sizeof(WCHAR)
  166. + pUserName->Length + sizeof(WCHAR)
  167. + pResponse->CaseSensitiveChallengeResponse.Length + sizeof(WCHAR)
  168. + pResponse->CaseInsensitiveChallengeResponse.Length + sizeof(WCHAR);
  170. pLogonInfo = (MSV1_0_LM20_LOGON*) new CHAR[cbLogonInfo];
  172. Status DBGCHK = pLogonInfo ? STATUS_SUCCESS : STATUS_NO_MEMORY;
  173. }
  175. if (NT_SUCCESS(Status))
  176. {
  177. RtlZeroMemory(pLogonInfo, cbLogonInfo);
  179. pLogonInfo->MessageType = MsV1_0NetworkLogon;
  181. pLogonInfo->ParameterControl = ParameterControl;
  182. RtlCopyMemory(pLogonInfo->ChallengeToClient, ChallengeToClient, MSV1_0_CHALLENGE_LENGTH);
  184. pWhere = (PWSTR) (pLogonInfo + 1);
  186. PackUnicodeStringAsUnicodeStringZ(pUserDomain, &pWhere, &pLogonInfo->LogonDomainName);
  187. PackUnicodeStringAsUnicodeStringZ(pUserName, &pWhere, &pLogonInfo->UserName);
  188. PackUnicodeStringAsUnicodeStringZ(pWorkstation, &pWhere, &pLogonInfo->Workstation);
  190. PackString(
  191. &pResponse->CaseSensitiveChallengeResponse,
  192. (CHAR**) &pWhere,
  193. &pLogonInfo->CaseSensitiveChallengeResponse
  194. );
  195. PackString(
  196. &pResponse->CaseSensitiveChallengeResponse,
  197. (CHAR**) &pWhere,
  198. &pLogonInfo->CaseSensitiveChallengeResponse
  199. );
  201. DebugPrintf(SSPI_LOG, "pLogonInfo ParameterControl %#x, LogonDomain %wZ, UserName %wZ, Workstation %wZ\n",
  202. pLogonInfo->ParameterControl,
  203. &pLogonInfo->LogonDomainName,
  204. &pLogonInfo->UserName,
  205. &pLogonInfo->Workstation);
  206. DebugPrintHex(SSPI_LOG, "ChallengeToClient:", MSV1_0_CHALLENGE_LENGTH, pLogonInfo->ChallengeToClient);
  208. DebugPrintHex(SSPI_LOG, "CaseSensitiveChallengeResponse:",
  209. pLogonInfo->CaseSensitiveChallengeResponse.Length,
  210. pLogonInfo->CaseSensitiveChallengeResponse.Buffer);
  212. DebugPrintHex(SSPI_LOG, "CaseInsensitiveChallengeResponse:",
  213. pLogonInfo->CaseInsensitiveChallengeResponse.Length,
  214. pLogonInfo->CaseInsensitiveChallengeResponse.Buffer);
  216. *ppLogonInfo = pLogonInfo;
  217. pLogonInfo = NULL;
  218. *pcbLogonInfo = cbLogonInfo;
  219. }
  221. if (pRequest)
  222. {
  223. delete [] pRequest;
  224. }
  226. if (pLogonInfo)
  227. {
  228. delete [] pLogonInfo;
  229. }
  231. if (pResponse)
  232. {
  233. LsaFreeReturnBuffer(pResponse);
  234. }
  236. return Status;
  237. }
  239. NTSTATUS
  240. MsvLsaLogon(
  241. IN HANDLE hLogonHandle,
  242. IN ULONG PackageId,
  243. IN LUID* pLogonId,
  244. IN ULONG ParameterControl,
  245. IN UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH],
  246. IN UNICODE_STRING* pUserName,
  247. IN UNICODE_STRING* pUserDomain,
  248. IN UNICODE_STRING* pPassword,
  249. IN UNICODE_STRING* pServerName,
  250. IN UNICODE_STRING* pServerDomain,
  251. IN UNICODE_STRING* pWorkstation,
  252. OUT HANDLE* pTokenHandle
  253. )
  254. {
  255. TNtStatus Status;
  256. NTSTATUS SubStatus = STATUS_UNSUCCESSFUL;
  258. MSV1_0_LM20_LOGON* pLogonInfo = NULL;
  259. ULONG cbLogonInfoSize = 0;
  260. LSA_STRING Name = {0};
  262. TOKEN_SOURCE SourceContext = {0};
  263. VOID* pProfile = NULL;
  264. ULONG cbProfileSize = 0;
  265. LUID LogonId = {0};
  266. QUOTA_LIMITS Quotas = {0};
  269. Status DBGCHK = GetMsvLogonInfo(
  270. hLogonHandle,
  271. PackageId,
  272. pLogonId,
  273. ParameterControl,
  274. ChallengeToClient,
  275. pUserName,
  276. pUserDomain,
  277. pPassword,
  278. pServerName,
  279. pServerDomain,
  280. pWorkstation,
  281. &cbLogonInfoSize,
  282. &pLogonInfo
  283. );
  285. if (NT_SUCCESS(Status))
  286. {
  287. strncpy(
  288. SourceContext.SourceName,
  289. "ssptest",
  290. sizeof(SourceContext.SourceName)
  291. );
  292. NtAllocateLocallyUniqueId(&SourceContext.SourceIdentifier);
  294. //
  295. // Now call LsaLogonUser
  296. //
  298. RtlInitString(
  299. &Name,
  300. "ssptest"
  301. );
  303. Status DBGCHK = LsaLogonUser(
  304. hLogonHandle,
  305. &Name,
  306. Network,
  307. PackageId,
  308. pLogonInfo,
  309. cbLogonInfoSize,
  310. NULL, // no token groups
  311. &SourceContext,
  312. (VOID**) &pProfile,
  313. &cbProfileSize,
  314. &LogonId,
  315. pTokenHandle,
  316. &Quotas,
  317. &SubStatus
  318. );
  319. }
  321. if (NT_SUCCESS(Status))
  322. {
  323. Status DBGCHK = SubStatus;
  324. }
  326. if (NT_SUCCESS(Status))
  327. {
  328. DebugPrintf(SSPI_LOG, "LogonId %#x:%#x\n", LogonId.HighPart, LogonId.LowPart);
  329. DebugPrintf(SSPI_LOG, "TokenHandle %p\n", *pTokenHandle);
  330. DebugPrintProfileAndQuotas(SSPI_LOG, pProfile, &Quotas);
  331. }
  333. if (pProfile)
  334. {
  335. LsaFreeReturnBuffer(pProfile);
  336. }
  338. if (pLogonInfo)
  339. {
  340. delete [] pLogonInfo;
  341. }
  343. return Status;
  344. }
  346. VOID __cdecl
  347. main(
  348. IN INT argc,
  349. IN PSTR argv[]
  350. )
  351. {
  352. TNtStatus Status = STATUS_SUCCESS;
  354. UNICODE_STRING UserName = {0};
  355. UNICODE_STRING UserDomain = {0};
  356. UNICODE_STRING Password = {0};
  357. UNICODE_STRING Application = {0};
  358. UNICODE_STRING ServerName = {0};
  359. UNICODE_STRING ServerDomain = {0};
  360. UNICODE_STRING Workstation = {0};
  361. ULONG ParameterControl = 0;
  362. LUID LogonId = {0};
  363. LUID ChallengeToClient = {0};
  365. C_ASSERT(MSV1_0_CHALLENGE_LENGTH == sizeof(LUID));
  367. HANDLE hToken = NULL;
  369. HANDLE hLogonHandle = NULL;
  370. ULONG PackageId = 0;
  372. RtlGenRandom(&ChallengeToClient, sizeof(ChallengeToClient));
  374. for (INT i = 1; NT_SUCCESS(Status) && (i < argc); i++)
  375. {
  376. if ((*argv[i] == '-') || (*argv[i] == '/'))
  377. {
  378. switch (argv[i][1])
  379. {
  380. case 'c':
  381. Status DBGCHK = CreateUnicodeStringFromAsciiz(argv[i] + 2, &UserName);
  382. break;
  384. case 'C':
  385. Status DBGCHK = CreateUnicodeStringFromAsciiz(argv[i] + 2, &UserDomain);
  386. break;
  388. case 'a':
  389. Status DBGCHK = CreateUnicodeStringFromAsciiz(argv[i] + 2, &Application);
  390. break;
  392. case 'k':
  393. Status DBGCHK = CreateUnicodeStringFromAsciiz(argv[i] + 2, &Password);
  394. break;
  396. case 'p':
  397. ParameterControl = strtol(argv[i] + 2, NULL, 0);
  398. break;
  400. case 'h':
  401. LogonId.HighPart = strtol(argv[i] + 2, NULL, 0);
  402. break;
  404. case 'l':
  405. LogonId.LowPart = strtol(argv[i] + 2, NULL, 0);
  406. break;
  408. case 'H':
  409. ChallengeToClient.HighPart = strtol(argv[i] + 2, NULL, 0);
  410. break;
  412. case 'L':
  413. ChallengeToClient.LowPart = strtol(argv[i] + 2, NULL, 0);
  414. break;
  416. case 's':
  417. Status DBGCHK = CreateUnicodeStringFromAsciiz(argv[i] + 2, &ServerName);
  418. break;
  420. case 'S':
  421. Status DBGCHK = CreateUnicodeStringFromAsciiz(argv[i] + 2, &ServerDomain);
  422. break;
  424. case 'w':
  425. Status DBGCHK = CreateUnicodeStringFromAsciiz(argv[i] + 2, &Workstation);
  426. break;
  428. case '?':
  429. default:
  430. Usage(argv[0]);
  431. break;
  432. }
  433. }
  434. else
  435. {
  436. Usage(argv[0]);
  437. }
  438. }
  440. DebugLogOpen(NULL, SSPI_LOG | SSPI_WARN | SSPI_ERROR);
  442. if (NT_SUCCESS(Status))
  443. {
  444. Status DBGCHK = GetLsaHandleAndPackageId(
  445. NTLMSP_NAME_A,
  446. &hLogonHandle,
  447. &PackageId
  448. );
  449. }
  451. if (NT_SUCCESS(Status))
  452. {
  453. Status DBGCHK = MsvLsaLogon(
  454. hLogonHandle,
  455. PackageId,
  456. &LogonId,
  457. ParameterControl,
  458. (UCHAR*) &ChallengeToClient,
  459. &UserName,
  460. &UserDomain,
  461. &Password,
  462. &ServerName,
  463. &ServerDomain,
  464. &Workstation,
  465. &hToken
  466. );
  467. }
  469. if (NT_SUCCESS(Status))
  470. {
  471. Status DBGCHK = CheckUserToken(hToken);
  472. }
  474. if (NT_SUCCESS(Status) && Application.Length && Application.Buffer)
  475. {
  476. Status DBGCHK = StartInteractiveClientProcessAsUser(hToken, Application.Buffer);
  477. }
  479. if (NT_SUCCESS(Status))
  480. {
  481. DebugPrintf(SSPI_LOG, "Operation succeeded\n");
  482. }
  483. else
  484. {
  485. DebugPrintf(SSPI_ERROR, "Operation failed\n");
  486. }
  488. if (hLogonHandle)
  489. {
  490. LsaDeregisterLogonProcess(hLogonHandle);
  491. }
  493. if (hToken)
  494. {
  495. CloseHandle(hToken);
  496. }
  498. RtlFreeUnicodeString(&UserName);
  499. RtlFreeUnicodeString(&UserDomain);
  500. RtlFreeUnicodeString(&Password);
  501. RtlFreeUnicodeString(&ServerName);
  502. RtlFreeUnicodeString(&ServerDomain);
  503. RtlFreeUnicodeString(&Application);
  504. RtlFreeUnicodeString(&Workstation);
  505. }