archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 5c6fe3db62
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c6fe3db62'
${ noResults }
windows-server-2003/ds/security/tools/keytab2/keytab/lib/mkkey.c

483 lines
13 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /*++
  3. mkkey.c
  5. routines to create the key in the keytab.
  7. 3/27/1997 - Created from routines in munge.c, DavidCHR
  9. CONTENTS: CreateUnicodeStringFromAnsiString
  11. --*/
  13. #include "master.h"
  14. #include "defs.h"
  15. #include "keytab.h"
  16. #include "keytypes.h"
  18. /******************************************************************
  19. * hack to preserve our debugging macro because asn1code.h *
  20. * will redefine it... egads, I thought everyone used DEBUG *
  21. * only for debugging... (it still ends up redefined...) *
  22. ******************************************************************/
  23. #ifdef DEBUG
  24. #define OLDDEBUG DEBUG
  25. #endif
  27. #include <kerbcon.h>
  28. #undef _KERBCOMM_H_ /* WASBUG 73905 */
  29. #include "kerbcomm.h"
  31. #undef DEBUG
  33. #ifdef OLDDEBUG
  34. #define DEBUG OLDDEBUG
  35. #endif
  37. /******************************************************************/
  38. BOOL KtDumpSalt = (
  39. #if DBG
  40. TRUE
  41. #else
  42. FALSE
  43. #endif
  44. );
  46. /* This is the character we separate principal components with */
  48. #define COMPONENT_SEPARATOR '/'
  50. /*++**************************************************************
  51. NAME: CreateUnicodeStringFromAnsiString
  53. allocates a unicode string from an ANSI string.
  55. MODIFIES: ppUnicodeString -- returned unicode string
  56. TAKES: AnsiString -- ansi string to convert
  58. RETURNS: TRUE when the function succeeds.
  59. FALSE otherwise.
  60. LASTERROR: not set
  62. LOGGING: fprintf on failure
  63. CREATED: Feb 8, 1999
  64. LOCKING: none
  65. CALLED BY: anyone
  66. FREE WITH: free()
  68. **************************************************************--*/
  70. BOOL
  71. CreateUnicodeStringFromAnsiString( IN PCHAR AnsiString,
  72. OUT PUNICODE_STRING *ppUnicodeString ) {
  74. USHORT StringLength;
  75. LPBYTE pbString;
  76. PUNICODE_STRING pu;
  78. StringLength = (USHORT)lstrlen( AnsiString ); // does not include null byte
  80. pbString = (PBYTE) malloc( ( ( ( StringLength ) +1 ) * sizeof( WCHAR ) ) +
  81. sizeof( UNICODE_STRING ) );
  83. if ( pbString ) {
  85. pu = (PUNICODE_STRING) pbString;
  86. pbString += sizeof( *pu );
  87. pu->Buffer = (LPWSTR) pbString;
  88. pu->Length = StringLength * sizeof( WCHAR );
  89. pu->MaximumLength = pu->Length + sizeof( WCHAR );
  91. wsprintfW( pu->Buffer,
  92. L"%hs",
  93. AnsiString );
  95. *ppUnicodeString = pu;
  97. return TRUE;
  99. } else {
  101. fprintf( stderr,
  102. "Failed to make unicode string from \"%hs\".\n",
  103. AnsiString );
  105. }
  107. return FALSE;
  109. }
  114. /* KtCreateKey:
  116. create a keytab entry from the given data.
  117. returns TRUE on success, FALSE on failure.
  119. *ppKeyEntry must be freed with FreeKeyEntry when you're done with it.
  121. */
  123. LPWSTR RawHash = NULL;
  125. BOOL
  126. KtCreateKey( PKTENT *ppKeyEntry,
  127. PCHAR principal,
  128. PCHAR password,
  129. PCHAR realmname,
  131. K5_OCTET keyVersionNumber,
  132. ULONG principalType,
  133. ULONG keyType,
  134. ULONG cryptosystem
  136. ) {
  138. PKTENT pEntry = NULL;
  139. PCHAR ioBuffer = NULL;
  140. ULONG i;
  141. ULONG compCounter = 0;
  142. USHORT buffCounter = 0;
  143. BOOL ret = FALSE;
  144. BOOL FreeUnicodeSalt = FALSE;
  146. UNICODE_STRING UnicodePassword = { 0 };
  147. UNICODE_STRING UnicodePrincipal = { 0 };
  148. UNICODE_STRING UnicodeSalt = { 0 };
  149. PWCHAR tmpUnicodeBuffer = NULL;
  150. KERB_ENCRYPTION_KEY KerbKey = { 0 };
  151. WCHAR wSaltBuffer [BUFFER_SIZE];
  153. #ifdef BUILD_SALT
  154. LONG32 saltCounter = 0;
  155. CHAR saltBuffer [BUFFER_SIZE];
  156. #endif
  158. /* you must actually provide these parameters */
  160. ASSERT( ppKeyEntry != NULL );
  161. ASSERT( principal != NULL );
  162. ASSERT( realmname != NULL );
  163. ASSERT( password != NULL );
  165. ASSERT( strlen( password ) < BUFFER_SIZE );
  166. ASSERT( strlen( principal ) < BUFFER_SIZE );
  167. ASSERT( strlen( realmname ) < BUFFER_SIZE );
  169. #ifdef BUILD_SALT
  170. /* if we're building the salt ourselves, initialize the keysalt */
  171. sprintf( saltBuffer, "%s", realmname );
  172. saltCounter = strlen( realmname );
  173. #endif
  175. BREAK_IF( !ONEALLOC( pEntry, KTENT, KEYTAB_ALLOC),
  176. "Failed to allocate base keytab element",
  177. cleanup );
  179. /* zero out the structure, so we know what we have and
  180. haven't allocated if the function fails */
  182. memset( pEntry, 0, sizeof( KTENT ) );
  184. /* first, count the principal components */
  186. for( i = 0 ; principal[i] != '\0' ; i++ ) {
  187. if (principal[i] == COMPONENT_SEPARATOR) {
  188. pEntry->cEntries++;
  189. }
  190. }
  192. pEntry->cEntries++; /* don't forget the final component, which is not
  193. bounded by the separator, but by the NULL */
  195. BREAK_IF( !MYALLOC( pEntry->Components, KTCOMPONENT,
  196. pEntry->cEntries, KEYTAB_ALLOC ),
  197. "Failed to allocate keytab component vector",
  198. cleanup );
  200. /* allocate the buffer for the principal components.
  201. We allocate it the same size as the principal, because
  202. that's the maximum size any single component could be--
  203. the principal could be a one component princ. */
  205. BREAK_IF( !MYALLOC( ioBuffer, CHAR,
  206. strlen(principal)+1, KEYTAB_ALLOC ),
  207. "Failed to allocate local buffer for storage",
  208. cleanup );
  210. /* now, we copy the components themselves, using the iobuffer to
  211. marshall the individual data elements--
  213. basically, add a char to the iobuffer for every char in the principal
  214. until you hit a / (component separator) or the trailing null.
  216. in those cases, we now know the size of the component and we have
  217. the text in a local buffer. allocate a buffer for it, save the size
  218. and strcpy the data itself. */
  220. i = 0;
  222. do {
  224. debug( "%c", principal[i] );
  226. if( (principal[i] == COMPONENT_SEPARATOR) ||
  227. (principal[i] == '\0' /* delimit final component */ ) ) {
  229. /* this component is done. Save and reset the buffer. */
  231. pEntry->Components[compCounter].szComponentData = buffCounter;
  233. #if 0
  234. debug( " --> component boundary for component %d.\n"
  235. " size = %d, value = %*s\n",
  237. compCounter,
  238. buffCounter,
  239. buffCounter,
  240. ioBuffer );
  241. #endif
  243. BREAK_IF( !MYALLOC( pEntry->Components[compCounter].Component,
  244. CHAR, buffCounter+1, KEYTAB_ALLOC ),
  245. "Failed to allocate marshalled component data",
  246. cleanup );
  248. memcpy( pEntry->Components[compCounter].Component,
  249. ioBuffer, buffCounter );
  251. pEntry->Components[compCounter].Component[buffCounter] = '\0';
  252. buffCounter = 0;
  253. compCounter ++;
  255. } else {
  257. ioBuffer[buffCounter] = principal[i];
  258. buffCounter++;
  260. #ifdef BUILD_SALT
  262. /* also send the principal characters WITHOUT SLASHES
  263. to the salt initializer.
  265. WASBUG 73909: the %wc doesn't look right here.
  266. Sure enough, it wasn't. So we removed it. */
  268. sprintf( saltBuffer+saltCounter, "%c", principal[i] );
  269. ASSERT( saltCounter < BUFFER_SIZE ); /* not a very strong assert,
  270. but useful */
  271. saltCounter ++;
  272. ASSERT( saltBuffer[saltCounter] == '\0' ); /* assert that it stays
  273. null terminated at the
  274. saltCounter */
  276. #endif
  278. }
  280. i++;
  282. } while ( principal[i-1] != '\0' );
  285. /* there's still a component in the buffer. Save that component
  286. by assigning the pointer, rather than allocating more memory.
  288. WASBUG 73911: may waste large amounts of memory if the principal is
  289. really big. However, it probably won't be-- we're talking about
  290. strings that humans would generally have to type, so the waste is
  291. going to be in bytes. Also, most of the time, the last component
  292. is the biggest; of the form:
  294. sample/<hostname> or host/<hostname>
  296. ...hostname is generally going to be much larger than sample or host.
  298. */
  300. pEntry->Components[compCounter].szComponentData = buffCounter;
  301. pEntry->Components[compCounter].Component = ioBuffer;
  302. ioBuffer[buffCounter] = '\0';
  303. ioBuffer = NULL; /* keep from
  304. deallocating */
  305. pEntry->Version = keyVersionNumber;
  306. pEntry->szRealm = (K5_INT16) strlen(realmname);
  307. pEntry->KeyType = (unsigned short)keyType;
  308. pEntry->PrincType = principalType;
  310. /* copy the realm name */
  312. BREAK_IF( !MYALLOC( pEntry->Realm, CHAR, pEntry->szRealm+1, KEYTAB_ALLOC),
  313. "Failed to allocate destination realm data", cleanup );
  315. memcpy( pEntry->Realm, realmname, pEntry->szRealm+1 ); /* copy the null */
  319. /***********************************************************************/
  320. /*** ***/
  321. /*** Windows NT Key Creation Side ***/
  322. /*** ***/
  323. /***********************************************************************/
  325. /* create unicode variants of the input parameters */
  327. BREAK_IF( !MYALLOC( tmpUnicodeBuffer, WCHAR,
  328. strlen( password )+1, KEYTAB_ALLOC ),
  329. "Failed to alloc buffer for password", cleanup );
  331. wsprintfW( tmpUnicodeBuffer, L"%hs", password );
  332. RtlInitUnicodeString( &UnicodePassword, tmpUnicodeBuffer );
  335. BREAK_IF( !MYALLOC( tmpUnicodeBuffer, WCHAR,
  336. strlen( principal )+1, KEYTAB_ALLOC ),
  337. "Failed to alloc buffer for principal", cleanup );
  339. wsprintfW( tmpUnicodeBuffer, L"%hs", principal );
  340. RtlInitUnicodeString( &UnicodePrincipal, tmpUnicodeBuffer );
  342. wsprintfW( wSaltBuffer, L"%hs", realmname );
  344. RtlInitUnicodeString( &UnicodeSalt, wSaltBuffer );
  346. {
  347. KERB_ACCOUNT_TYPE acctType;
  349. acctType = UnknownAccount;
  351. if ( RawHash ) {
  353. if ( KtDumpSalt ) {
  355. fprintf( stderr,
  356. "Using supplied salt.\n" );
  358. }
  360. RtlInitUnicodeString( &UnicodeSalt,
  361. RawHash );
  363. } else {
  365. PUNICODE_STRING pRealmString;
  367. if ( CreateUnicodeStringFromAnsiString( realmname,
  368. &pRealmString ) ) {
  370. KERBERR kerberr;
  372. if ( KtDumpSalt ) {
  374. fprintf( stderr,
  375. "Building salt with principalname %wZ"
  376. " and domain %wZ...\n",
  377. &UnicodePrincipal,
  378. pRealmString );
  380. }
  382. debug( "KerbBuildKeySalt( Realm = %wZ\n"
  383. " Princ = %wZ\n"
  384. " acctType = %d.\n",
  386. pRealmString,
  387. &UnicodePrincipal,
  388. acctType );
  390. kerberr = KerbBuildKeySalt( pRealmString,
  391. &UnicodePrincipal,
  392. acctType,
  393. &UnicodeSalt );
  395. free( pRealmString );
  397. BREAK_IF( kerberr,
  398. "Failed to KerbBuildKeySalt",
  399. cleanup );
  401. FreeUnicodeSalt = TRUE;
  403. }
  404. }
  405. } // scope block.
  407. if ( KtDumpSalt ) {
  409. fprintf( stderr,
  410. "Hashing password with salt \"%wZ\".\n",
  411. &UnicodeSalt );
  413. }
  415. debug( "KerbHashPasswordEx( UnicodePassword = %wZ \n"
  416. " UnicodeSalt = %wZ \n"
  417. " cryptosystem = 0x%x\n"
  418. " &KerbKey = 0x%p )...\n",
  420. &UnicodePassword,
  421. &UnicodeSalt,
  422. cryptosystem,
  423. &KerbKey );
  425. BREAK_IF( KerbHashPasswordEx( &UnicodePassword,
  426. &UnicodeSalt,
  427. cryptosystem,
  428. &KerbKey ),
  429. "KerbHashPasswordEx failed.",
  430. cleanup );
  432. pEntry->KeyLength = (USHORT)KerbKey.keyvalue.length;
  434. BREAK_IF( !MYALLOC( pEntry->KeyData, K5_OCTET,
  435. pEntry->KeyLength, KEYTAB_ALLOC ),
  436. "Failed to allocate keydata", cleanup );
  438. memcpy( pEntry->KeyData, KerbKey.keyvalue.value,
  439. pEntry->KeyLength );
  441. /* NOTE: no keyentry changes beyond this line.
  442. we must compute the key size LAST! */
  444. pEntry->keySize = ComputeKeytabLength( pEntry );
  446. *ppKeyEntry = pEntry; /* save this */
  447. pEntry = NULL; /* save us from freeing it */
  449. ret = TRUE;
  451. cleanup:
  452. #define FREE_IF_NOT_NULL( element ) { if ( element != NULL ) { KEYTAB_FREE( element ); } }
  454. if ( pEntry ) {
  455. FreeKeyEntry (pEntry );
  456. }
  458. WINNT_ONLY( FREE_IF_NOT_NULL( UnicodePassword.Buffer ) );
  459. WINNT_ONLY( FREE_IF_NOT_NULL( UnicodePrincipal.Buffer ) );
  461. #ifndef BUILD_KEYSALT
  462. /* WASBUG 73915: how to free UnicodeSalt?
  463. ...with KerbFreeString. */
  465. ASSERT( FreeUnicodeSalt );
  466. KerbFreeString( &UnicodeSalt );
  468. #else
  470. /* Check my logic. */
  472. ASSERT( !FreeUnicodeSalt );
  474. #endif
  476. /* WASBUG 73918: how do I get rid of the data in KerbKey?
  477. ...with KerbFreeKey. */
  479. KerbFreeKey( &KerbKey );
  481. return ret;
  483. }