|
|
/*++
Copyright (c) 1996 Microsoft Corporation
Module Name:
logon32.cxx
Abstract:
Provide a replacement for LogonUser to login a user as a net logon. Also support sub-authentication DLL IDs
Author:
Philippe Choquier (phillich) 10-january-1996 Created from base\advapi\logon32.c
--*/
#include "lonsint.hxx"
#pragma hdrstop
extern "C" {
#include <ntsam.h>
#include <ntlsa.h>
#include <ntmsv1_0.h>
#include <kerberos.h>
#include <crypt.h>
#include <logonmsv.h>
#include <inetsec.h>
#define SECURITY_WIN32
#include <sspi.h> // Security Support Provider APIs
#include <issperr.h>
}#include <svcloc.h>
#include <lonsi.hxx>
#include <tslogon.hxx>
#include <buffer.hxx>
#if !defined(MSV1_0_RETURN_PASSWORD_EXPIRY)
#define MSV1_0_RETURN_PASSWORD_EXPIRY 0x40
#endif
//
// We dynamically load mpr.dll (no big surprise there), in order to call
// WNetLogonNotify, as defined in private\inc\mpr.h. This prototype matches
// it -- consult the header file for all the parameters.
//
typedef (* LOGONNOTIFYFN)(LPCWSTR, PLUID, LPCWSTR, LPVOID, LPCWSTR, LPVOID, LPWSTR, LPVOID, LPWSTR *);
#define LEN_ALIGN(a,b) (((a)+b-1)&~(b-1))
ULONGBaseSetLastNTError( IN NTSTATUS Status )
/*++
Routine Description:
This API sets the "last error value" and the "last error string" based on the value of Status. For status codes that don't have a corresponding error string, the string is set to null.
Arguments:
Status - Supplies the status value to store as the last error value.
Return Value:
The corresponding Win32 error code that was stored in the "last error value" thread variable.
--*/
{ ULONG dwErrorCode;
dwErrorCode = RtlNtStatusToDosError( Status ); SetLastError( dwErrorCode ); return( dwErrorCode );}
//
// The QuotaLimits are global, because the defaults
// are always used for accounts, based on server/wksta, and no one ever
// calls lsasetaccountquota
//
HANDLE Logon32LsaHandle = NULL;ULONG Logon32MsvHandle = 0xFFFFFFFF;ULONG Logon32KerberosHandle = 0xFFFFFFFF;WCHAR Logon32DomainName[16] = L""; // NOTE: This should be DNLEN from
// lmcons.h, but that would be a
// lot of including
QUOTA_LIMITS Logon32QuotaLimits;LOGONNOTIFYFN Logon32LogonNotify = NULL;HINSTANCE Logon32MprHandle = NULL;
CRITICAL_SECTION Logon32Lock;
BOOL fLsaInitialized = FALSE;
#define LockLogon() EnterCriticalSection( &Logon32Lock )
#define UnlockLogon() LeaveCriticalSection( &Logon32Lock )
SID_IDENTIFIER_AUTHORITY L32SystemSidAuthority = SECURITY_NT_AUTHORITY;SID_IDENTIFIER_AUTHORITY L32LocalSidAuthority = SECURITY_LOCAL_SID_AUTHORITY;
#define COMMON_CREATE_SUSPENDED 0x00000001 // Suspended, do not Resume()
#define COMMON_CREATE_PROCESSSD 0x00000002 // Whack the process SD
#define COMMON_CREATE_THREADSD 0x00000004 // Whack the thread SD
BOOLIISLogon32Initialize( IN PVOID hMod, IN ULONG Reason, IN PCONTEXT Context)/*++
Routine Description:
Initializes the critical section
Arguments:
hMod -- reserved, must be NULL Reason -- DLL_PROCESS_ATTACH or DLL_PROCESS_DETACH Context -- reserved, must be NULL
Returns:
TRUE if initialization success, else FALSE
--*/{ return( TRUE );}
PSIDL32CreateLogonSid( PLUID LogonId OPTIONAL )/*++
Routine Description:
Creates a logon sid for a new logon.
Arguments:
LogonId -- If non NULL, on return the LUID that is part of the logon sid is returned here.
Returns:
Logon SID or NULL if error
--*/{ NTSTATUS Status; ULONG Length; PSID Sid; LUID Luid;
//
// Generate a locally unique id to include in the logon sid
//
Status = NtAllocateLocallyUniqueId(&Luid); if (!NT_SUCCESS(Status)) { return(NULL); }
//
// Allocate space for the sid and fill it in.
//
Length = RtlLengthRequiredSid(SECURITY_LOGON_IDS_RID_COUNT);
Sid = (PSID)LocalAlloc(LMEM_FIXED, Length);
if (Sid != NULL) {
RtlInitializeSid(Sid, &L32SystemSidAuthority, SECURITY_LOGON_IDS_RID_COUNT);
ASSERT(SECURITY_LOGON_IDS_RID_COUNT == 3);
*(RtlSubAuthoritySid(Sid, 0)) = SECURITY_LOGON_IDS_RID; *(RtlSubAuthoritySid(Sid, 1 )) = Luid.HighPart; *(RtlSubAuthoritySid(Sid, 2 )) = Luid.LowPart; }
//
// Return the logon LUID if required.
//
if (LogonId != NULL) { *LogonId = Luid; }
return(Sid);}
BOOLL32pInitLsa( void )/*++
Routine Description:
Initialize connection with LSA
Arguments:
None
Returns:
TRUE if success, FALSE if error
--*/{ char MyName[MAX_PATH]; char * ModuleName; STRING LogonProcessName; STRING PackageName; ULONG dummy; NTSTATUS Status; BOOLEAN WasEnabled;
Status = RtlAdjustPrivilege(SE_TCB_PRIVILEGE, TRUE, FALSE, &WasEnabled); if (!NT_SUCCESS(Status)) { BaseSetLastNTError(Status); return(FALSE); }
if (GetModuleFileNameA(NULL, MyName, MAX_PATH)) { ModuleName = strrchr(MyName, '\\'); if (!ModuleName) { ModuleName = MyName; } } else { BaseSetLastNTError(STATUS_OBJECT_NAME_NOT_FOUND); return(FALSE); }
//
// Hookup to the LSA and locate our authentication package.
//
RtlInitString(&LogonProcessName, ModuleName); Status = LsaRegisterLogonProcess( &LogonProcessName, &Logon32LsaHandle, &dummy );
//
// Turn off the privilege now.
//
if (!WasEnabled) { (VOID) RtlAdjustPrivilege(SE_TCB_PRIVILEGE, FALSE, FALSE, &WasEnabled); }
if (!NT_SUCCESS(Status)) { BaseSetLastNTError(Status); return(FALSE); }
//
// Connect with the MSV1_0 authentication package
//
RtlInitString(&PackageName, "MICROSOFT_AUTHENTICATION_PACKAGE_V1_0"); Status = LsaLookupAuthenticationPackage ( Logon32LsaHandle, &PackageName, &Logon32MsvHandle ); if (!NT_SUCCESS(Status)) { BaseSetLastNTError(Status); (VOID) LsaDeregisterLogonProcess( Logon32LsaHandle ); Logon32LsaHandle = NULL; return(FALSE); } //
// Get the kerberos package
//
RtlInitString(&PackageName, MICROSOFT_KERBEROS_NAME_A); Status = LsaLookupAuthenticationPackage ( Logon32LsaHandle, &PackageName, &Logon32KerberosHandle );
if (!NT_SUCCESS(Status)) { BaseSetLastNTError(Status); (VOID) LsaDeregisterLogonProcess( Logon32LsaHandle ); Logon32LsaHandle = NULL; Logon32MsvHandle = 0xFFFFFFFF; return(FALSE); } //
// We are now initialized (duh)
//
fLsaInitialized = TRUE;
return(TRUE);}
//+---------------------------------------------------------------------------
//
// Function: L32pNotifyMpr
//
// Synopsis: Loads the MPR DLL and notifies the network providers (like
// csnw) so they know about this logon session and the credentials
//
// Arguments: [NewLogon] -- New logon information
// [LogonId] -- Logon ID
//
// History: 4-24-95 RichardW Created
//
// Notes:
//
//----------------------------------------------------------------------------
BOOLL32pNotifyMpr( PMSV1_0_INTERACTIVE_LOGON NewLogon, PLUID LogonId ){ MSV1_0_INTERACTIVE_LOGON OldLogon; LPWSTR LogonScripts; DWORD status;
if ( Logon32MprHandle == NULL ) { LockLogon();
if ( Logon32MprHandle == NULL) { Logon32MprHandle = LoadLibrary("mpr.dll"); if (Logon32MprHandle != NULL) {
Logon32LogonNotify = (LOGONNOTIFYFN) GetProcAddress( Logon32MprHandle, "WNetLogonNotify");
} }
UnlockLogon();
}
if ( Logon32LogonNotify != NULL ) {
CopyMemory(&OldLogon, NewLogon, sizeof(OldLogon));
status = Logon32LogonNotify( L"Windows NT Network Provider", LogonId, L"MSV1_0:Interactive", (LPVOID)NewLogon, L"MSV1_0:Interactive", (LPVOID)&OldLogon, L"SvcCtl", // StationName
NULL, // StationHandle
&LogonScripts); // LogonScripts
if (status == NO_ERROR) { if (LogonScripts != NULL ) { (void) LocalFree(LogonScripts); } }
return( TRUE ); }
return( FALSE );}
NTSTATUSL32pLogonNetUser( IN HANDLE LsaHandle, IN ULONG AuthenticationPackage, IN SECURITY_LOGON_TYPE LogonType, IN PUNICODE_STRING UserName, IN PUNICODE_STRING Domain, IN PSTRING Password, IN PUNICODE_STRING Workstation, IN DWORD dwSubAuth, IN PSID LogonSid, OUT PLUID LogonId, OUT PHANDLE LogonToken, OUT PQUOTA_LIMITS Quotas, OUT PVOID *pProfileBuffer, OUT PULONG pProfileBufferLength, OUT PNTSTATUS pSubStatus )/*++
Routine Description:
Wraps up the call to LsaLogonUser
Arguments:
LsaHandle -- handle to LSA package AuthenticationPackage -- ID of authentication package to use LogonType -- Interactive, network, ... UserName -- User Name Domain -- Domain validating the user name Password -- clear text password, can be empty if a sub-auth package is used Workstation -- workstation where the login take place, can be NULL if local login dwSubAuth -- Sub-authentication DLL ID LogonSid -- Logon SID for this session LogonId -- created logon ID LogonToken -- created logon token Quotas -- quota info pProfileBuffer -- account profile pProfileBufferLength -- account profile length pSubStatus -- substatus for authentication failure
Returns:
0 if success, else NT status
--*/{ NTSTATUS Status; STRING OriginName; TOKEN_SOURCE SourceContext; PMSV1_0_LM20_LOGON MsvAuthInfo; PMSV1_0_LM20_LOGON MsvNetAuthInfo; PMSV1_0_INTERACTIVE_LOGON MsvInterAuthInfo; PMSV1_0_SUBAUTH_LOGON MsvSubAuthInfo; PVOID AuthInfoBuf; ULONG AuthInfoSize; PTOKEN_GROUPS TokenGroups; PSID LocalSid; UNICODE_STRING UnicodePassword; //WCHAR ComputerName[ MAX_COMPUTERNAME_LENGTH + 1 ];
DWORD ComputerNameLength;
NT_RESPONSE NtResponse; LM_RESPONSE LmResponse;
union { LUID Luid; NT_CHALLENGE NtChallenge; } Challenge;
NT_OWF_PASSWORD PasswordHash; OEM_STRING LmPassword; UCHAR LmPasswordBuf[ LM20_PWLEN + 1 ]; LM_OWF_PASSWORD LmPasswordHash;
#if DBG
if (!RtlValidSid(LogonSid)) { return(STATUS_INVALID_PARAMETER); }#endif
//
// Initialize source context structure
//
strncpy(SourceContext.SourceName, "IIS ", sizeof(SourceContext.SourceName)); // LATER from res file
Status = NtAllocateLocallyUniqueId(&SourceContext.SourceIdentifier);
if (!NT_SUCCESS(Status)) { return(Status); }
UnicodePassword.Buffer = NULL;
//
// Set logon origin
//
RtlInitString(&OriginName, "IIS security API");
//
// For network logons, do the magic.
//
if ( LogonType == Network ) {#if 0
ComputerNameLength = MAX_COMPUTERNAME_LENGTH + 1;
if (!GetComputerNameW( ComputerName, &ComputerNameLength ) ) { return( STATUS_INVALID_PARAMETER ); }#else
ComputerNameLength = wcslen( Workstation->Buffer );#endif
if (!RtlCreateUnicodeStringFromAsciiz( &UnicodePassword, Password->Buffer )) { return STATUS_NO_MEMORY; }
AuthInfoSize = sizeof( MSV1_0_LM20_LOGON ) + sizeof( WCHAR ) * ( wcslen( UserName->Buffer ) + 1 + wcslen( Domain->Buffer ) + 1 + ComputerNameLength + 1) + NT_RESPONSE_LENGTH + LM_RESPONSE_LENGTH ;
MsvNetAuthInfo = (PMSV1_0_LM20_LOGON) (AuthInfoBuf = RtlAllocateHeap( RtlProcessHeap(), HEAP_ZERO_MEMORY, AuthInfoSize ));
if ( !MsvNetAuthInfo ) { return( STATUS_NO_MEMORY ); }
//
// Start packing in the string
//
MsvNetAuthInfo->MessageType = MsV1_0NetworkLogon;
//
// Copy the user name into the authentication buffer
//
MsvNetAuthInfo->UserName.Length = (USHORT)sizeof(WCHAR)*wcslen(UserName->Buffer); MsvNetAuthInfo->UserName.MaximumLength = MsvNetAuthInfo->UserName.Length + sizeof(WCHAR);
MsvNetAuthInfo->UserName.Buffer = (PWSTR)(MsvNetAuthInfo+1); wcscpy(MsvNetAuthInfo->UserName.Buffer, UserName->Buffer);
//
// Copy the domain name into the authentication buffer
//
MsvNetAuthInfo->LogonDomainName.Length = (USHORT)sizeof(WCHAR)*wcslen(Domain->Buffer); MsvNetAuthInfo->LogonDomainName.MaximumLength = MsvNetAuthInfo->LogonDomainName.Length + sizeof(WCHAR);
MsvNetAuthInfo->LogonDomainName.Buffer = (PWSTR) ((PBYTE)(MsvNetAuthInfo->UserName.Buffer) + MsvNetAuthInfo->UserName.MaximumLength);
wcscpy(MsvNetAuthInfo->LogonDomainName.Buffer, Domain->Buffer);
//
// Copy the workstation name into the buffer
//
MsvNetAuthInfo->Workstation.Length = (USHORT) (sizeof(WCHAR) * ComputerNameLength);
MsvNetAuthInfo->Workstation.MaximumLength = MsvNetAuthInfo->Workstation.Length + sizeof(WCHAR);
MsvNetAuthInfo->Workstation.Buffer = (PWSTR) ((PBYTE) (MsvNetAuthInfo->LogonDomainName.Buffer) + MsvNetAuthInfo->LogonDomainName.MaximumLength );
wcscpy( MsvNetAuthInfo->Workstation.Buffer, Workstation->Buffer );
//
// Now, generate the bits for the challenge
//
Status = NtAllocateLocallyUniqueId( &Challenge.Luid );
if ( !NT_SUCCESS(Status) ) { RtlFreeHeap( RtlProcessHeap(), 0, MsvNetAuthInfo );
return( Status ); }
RtlCopyMemory( MsvNetAuthInfo->ChallengeToClient, & Challenge, MSV1_0_CHALLENGE_LENGTH );
//
// Set up space for response
//
MsvNetAuthInfo->CaseSensitiveChallengeResponse.Buffer = (PCHAR) ((PBYTE) (MsvNetAuthInfo->Workstation.Buffer) + MsvNetAuthInfo->Workstation.MaximumLength );
MsvNetAuthInfo->CaseSensitiveChallengeResponse.Length = NT_RESPONSE_LENGTH;
MsvNetAuthInfo->CaseSensitiveChallengeResponse.MaximumLength = NT_RESPONSE_LENGTH;
RtlCalculateNtOwfPassword( & UnicodePassword, & PasswordHash );
RtlCalculateNtResponse( & Challenge.NtChallenge, & PasswordHash, & NtResponse );
RtlCopyMemory( MsvNetAuthInfo->CaseSensitiveChallengeResponse.Buffer, & NtResponse, NT_RESPONSE_LENGTH );
//
// Now do the painful LM compatible hash, so anyone who is maintaining
// their account from a WfW machine will still have a password.
//
LmPassword.Buffer = (CHAR*)LmPasswordBuf; LmPassword.Length = LmPassword.MaximumLength = LM20_PWLEN + 1;
Status = RtlUpcaseUnicodeStringToOemString( & LmPassword, & UnicodePassword, FALSE );
if ( NT_SUCCESS(Status) ) {
MsvNetAuthInfo->CaseInsensitiveChallengeResponse.Buffer = (PCHAR) ((PBYTE) (MsvNetAuthInfo->CaseSensitiveChallengeResponse.Buffer) + MsvNetAuthInfo->CaseSensitiveChallengeResponse.MaximumLength );
MsvNetAuthInfo->CaseInsensitiveChallengeResponse.Length = LM_RESPONSE_LENGTH;
MsvNetAuthInfo->CaseInsensitiveChallengeResponse.MaximumLength = LM_RESPONSE_LENGTH;
RtlCalculateLmOwfPassword( LmPassword.Buffer, & LmPasswordHash );
ZeroMemory( LmPassword.Buffer, LmPassword.Length );
RtlCalculateLmResponse( & Challenge.NtChallenge, & LmPasswordHash, & LmResponse );
RtlCopyMemory( MsvNetAuthInfo->CaseInsensitiveChallengeResponse.Buffer, & LmResponse, LM_RESPONSE_LENGTH ); } else { //
// If we're here, the NT (supplied) password is longer than the
// limit allowed for LM passwords. NULL out the field, so that
// MSV knows not to worry about it.
//
RtlZeroMemory( &MsvNetAuthInfo->CaseInsensitiveChallengeResponse, sizeof( STRING ) ); }
MsvNetAuthInfo->ParameterControl = MSV1_0_RETURN_PASSWORD_EXPIRY; } else if ( LogonType == (SECURITY_LOGON_TYPE)IIS_Network ) { if (!RtlCreateUnicodeStringFromAsciiz( &UnicodePassword, Password->Buffer )) { return STATUS_NO_MEMORY; }
//
// Build logon structure for IIS network logons. We'll be using the subauth DLL
// in this case
//
AuthInfoSize = sizeof(MSV1_0_SUBAUTH_LOGON) + sizeof(WCHAR)*(wcslen(UserName->Buffer) + 1 + wcslen(Domain->Buffer) + 1 + wcslen(Workstation->Buffer) + 1 ) + sizeof(WCHAR)*wcslen(UnicodePassword.Buffer) + LEN_ALIGN(strlen(Password->Buffer),sizeof(WCHAR));
AuthInfoBuf = RtlAllocateHeap( RtlProcessHeap(), HEAP_ZERO_MEMORY, AuthInfoSize); MsvSubAuthInfo = (PMSV1_0_SUBAUTH_LOGON)AuthInfoBuf;
if (MsvSubAuthInfo == NULL) { return(STATUS_NO_MEMORY); }
//
// This authentication buffer will be used for a logon attempt
//
MsvSubAuthInfo->MessageType = MsV1_0SubAuthLogon;
MsvSubAuthInfo->SubAuthPackageId = dwSubAuth;
//
// Copy the domain name into the authentication buffer
//
MsvSubAuthInfo->LogonDomainName.Length = (USHORT)sizeof(WCHAR)*wcslen(Domain->Buffer); MsvSubAuthInfo->LogonDomainName.MaximumLength = MsvSubAuthInfo->LogonDomainName.Length + sizeof(WCHAR); MsvSubAuthInfo->LogonDomainName.Buffer = (PWSTR)(MsvSubAuthInfo+1);
wcscpy(MsvSubAuthInfo->LogonDomainName.Buffer, Domain->Buffer);
//
// Copy the user name into the authentication buffer
//
MsvSubAuthInfo->UserName.Length = (USHORT)sizeof(WCHAR)*wcslen(UserName->Buffer); MsvSubAuthInfo->UserName.MaximumLength = MsvSubAuthInfo->UserName.Length + sizeof(WCHAR); MsvSubAuthInfo->UserName.Buffer = (PWSTR) ((PBYTE)(MsvSubAuthInfo->LogonDomainName.Buffer) + MsvSubAuthInfo->LogonDomainName.MaximumLength); wcscpy(MsvSubAuthInfo->UserName.Buffer, UserName->Buffer);
//
// Copy the workstation
//
MsvSubAuthInfo->Workstation.Length = (USHORT)sizeof(WCHAR)*wcslen(Workstation->Buffer); MsvSubAuthInfo->Workstation.MaximumLength = MsvSubAuthInfo->Workstation.Length + sizeof(WCHAR);
MsvSubAuthInfo->Workstation.Buffer = (PWSTR) ((PBYTE)(MsvSubAuthInfo->UserName.Buffer) + MsvSubAuthInfo->UserName.MaximumLength); wcscpy(MsvSubAuthInfo->Workstation.Buffer, Workstation->Buffer);
memset( MsvSubAuthInfo->ChallengeToClient, '\0', sizeof(MsvSubAuthInfo->ChallengeToClient) );
MsvSubAuthInfo->AuthenticationInfo1.Buffer = ((PCHAR)(MsvSubAuthInfo->Workstation.Buffer) + MsvSubAuthInfo->Workstation.MaximumLength); MsvSubAuthInfo->AuthenticationInfo1.Length = (USHORT)sizeof(WCHAR)*wcslen(UnicodePassword.Buffer);
MsvSubAuthInfo->AuthenticationInfo1.MaximumLength = MsvSubAuthInfo->AuthenticationInfo1.Length;
memcpy( MsvSubAuthInfo->AuthenticationInfo1.Buffer, UnicodePassword.Buffer, MsvSubAuthInfo->AuthenticationInfo1.Length );
MsvSubAuthInfo->AuthenticationInfo2.Buffer = ((PCHAR)(MsvSubAuthInfo->AuthenticationInfo1.Buffer) + MsvSubAuthInfo->AuthenticationInfo1.MaximumLength);
MsvSubAuthInfo->AuthenticationInfo2.Length = (USHORT)strlen(Password->Buffer);
MsvSubAuthInfo->AuthenticationInfo2.MaximumLength = LEN_ALIGN(MsvSubAuthInfo->AuthenticationInfo2.Length,sizeof(WCHAR));
memcpy( MsvSubAuthInfo->AuthenticationInfo2.Buffer, Password->Buffer, MsvSubAuthInfo->AuthenticationInfo2.Length );
MsvSubAuthInfo->ParameterControl = (dwSubAuth << MSV1_0_SUBAUTHENTICATION_DLL_SHIFT) | MSV1_0_UPDATE_LOGON_STATISTICS | MSV1_0_DONT_TRY_GUEST_ACCOUNT | MSV1_0_CLEARTEXT_PASSWORD_ALLOWED | MSV1_0_RETURN_PASSWORD_EXPIRY | MSV1_0_SUBAUTHENTICATION_DLL_EX | MSV1_0_DISABLE_PERSONAL_FALLBACK ;
LogonType = Network; } else { //
// Build logon structure for non-network logons - service,
// batch, interactive
//
if (!RtlCreateUnicodeStringFromAsciiz( &UnicodePassword, Password->Buffer )) { return STATUS_NO_MEMORY; }
AuthInfoSize = sizeof(MSV1_0_INTERACTIVE_LOGON) + sizeof(WCHAR)*(wcslen(UserName->Buffer) + 1 + wcslen(Domain->Buffer) + 1 + wcslen(UnicodePassword.Buffer) + 1 );
AuthInfoBuf = RtlAllocateHeap( RtlProcessHeap(), HEAP_ZERO_MEMORY, AuthInfoSize); MsvInterAuthInfo = (PMSV1_0_INTERACTIVE_LOGON)AuthInfoBuf;
if (MsvInterAuthInfo == NULL) { return STATUS_NO_MEMORY; }
//
// This authentication buffer will be used for a logon attempt
//
MsvInterAuthInfo->MessageType = MsV1_0InteractiveLogon;
//
// Copy the user name into the authentication buffer
//
MsvInterAuthInfo->UserName.Length = (USHORT)sizeof(WCHAR)*wcslen(UserName->Buffer); MsvInterAuthInfo->UserName.MaximumLength = MsvInterAuthInfo->UserName.Length + sizeof(WCHAR);
MsvInterAuthInfo->UserName.Buffer = (PWSTR)(MsvInterAuthInfo+1); wcscpy(MsvInterAuthInfo->UserName.Buffer, UserName->Buffer);
//
// Copy the domain name into the authentication buffer
//
MsvInterAuthInfo->LogonDomainName.Length = (USHORT)sizeof(WCHAR)*wcslen(Domain->Buffer); MsvInterAuthInfo->LogonDomainName.MaximumLength = MsvInterAuthInfo->LogonDomainName.Length + sizeof(WCHAR);
MsvInterAuthInfo->LogonDomainName.Buffer = (PWSTR) ((PBYTE)(MsvInterAuthInfo->UserName.Buffer) + MsvInterAuthInfo->UserName.MaximumLength);
wcscpy(MsvInterAuthInfo->LogonDomainName.Buffer, Domain->Buffer);
//
// Copy the password into the authentication buffer
// Hide it once we have copied it. Use the same seed value
// that we used for the original password in pGlobals.
//
MsvInterAuthInfo->Password.Length = (USHORT)sizeof(WCHAR)*wcslen(UnicodePassword.Buffer); MsvInterAuthInfo->Password.MaximumLength = MsvInterAuthInfo->Password.Length + sizeof(WCHAR);
MsvInterAuthInfo->Password.Buffer = (PWSTR) ((PBYTE)(MsvInterAuthInfo->LogonDomainName.Buffer) + MsvInterAuthInfo->LogonDomainName.MaximumLength);
wcscpy(MsvInterAuthInfo->Password.Buffer, UnicodePassword.Buffer); }
//
// Create logon token groups
//
#define TOKEN_GROUP_COUNT 2 // We'll add the local SID and the logon SID
TokenGroups = (PTOKEN_GROUPS) RtlAllocateHeap(RtlProcessHeap(), 0, sizeof(TOKEN_GROUPS) + (TOKEN_GROUP_COUNT - ANYSIZE_ARRAY) * sizeof(SID_AND_ATTRIBUTES));
if (TokenGroups == NULL) { RtlFreeHeap(RtlProcessHeap(), 0, AuthInfoBuf); return(STATUS_NO_MEMORY); }
//
// Fill in the logon token group list
//
Status = RtlAllocateAndInitializeSid( &L32LocalSidAuthority, 1, SECURITY_LOCAL_RID, 0, 0, 0, 0, 0, 0, 0, &LocalSid );
TokenGroups->GroupCount = TOKEN_GROUP_COUNT; TokenGroups->Groups[0].Sid = LogonSid; TokenGroups->Groups[0].Attributes = SE_GROUP_MANDATORY | SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_LOGON_ID; TokenGroups->Groups[1].Sid = LocalSid; TokenGroups->Groups[1].Attributes = SE_GROUP_MANDATORY | SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT;
//
// Now try to log this one on
//
Status = LsaLogonUser ( LsaHandle, &OriginName, LogonType, AuthenticationPackage, AuthInfoBuf, AuthInfoSize, TokenGroups, &SourceContext, pProfileBuffer, pProfileBufferLength, LogonId, LogonToken, Quotas, pSubStatus );
//
// Discard token group list
//
RtlFreeHeap(RtlProcessHeap(), 0, TokenGroups);
//
// Notify all the network providers, if this is a NON network logon
//
if ( NT_SUCCESS( Status ) && LogonType != Network && LogonType != IIS_Network ) { L32pNotifyMpr( (PMSV1_0_INTERACTIVE_LOGON)AuthInfoBuf, LogonId ); }
//
// Discard authentication buffer
//
RtlFreeHeap(RtlProcessHeap(), 0, AuthInfoBuf);
if ( UnicodePassword.Buffer != NULL ) { RtlFreeUnicodeString(&UnicodePassword); }
RtlFreeSid(LocalSid);
return(Status);}
BOOLWINAPIIISLogonNetUserW( PWSTR lpszUsername, PWSTR lpszDomain, PSTR lpszPassword, PWSTR lpszWorkstation, DWORD dwSubAuth, DWORD dwLogonType, DWORD dwLogonProvider, HANDLE * phToken, LARGE_INTEGER * pExpiry )/*++
Routine Description:
Logs a user on via username and domain name via the LSA.
Arguments:
lpszUsername -- user name lpszDomain -- domain validating the user name lpszPassword -- clear text password, can be empty if a sub-auth DLL is used lpszWorkstation -- workstation requesting the login, can be NULL for local workstation dwSubAuth -- sub-auth DLL ID dwLogonType -- one of LOGON32_LOGON_NETWORK, LOGON32_LOGON_IIS_NETWORK dwLogonProvider -- must be LOGON32_PROVIDER_DEFAULT phToken -- created access token pExpiry -- ptr to pwd expiration time
Returns:
TRUE if success, FALSE if error
--*/{
NTSTATUS Status; ULONG PackageId; UNICODE_STRING Username; UNICODE_STRING Domain; STRING Password; UNICODE_STRING Workstation; LUID LogonId; PSID pLogonSid; PVOID Profile; ULONG ProfileLength; NTSTATUS SubStatus; SECURITY_LOGON_TYPE LogonType; WCHAR achComputerName[MAX_COMPUTERNAME_LENGTH+1];
//
// Validate the provider
//
if (dwLogonProvider == LOGON32_PROVIDER_DEFAULT) { dwLogonProvider = LOGON32_PROVIDER_WINNT35; }
if (dwLogonProvider != LOGON32_PROVIDER_WINNT35) { BaseSetLastNTError(STATUS_INVALID_PARAMETER); return(FALSE); }
switch (dwLogonType) { case LOGON32_LOGON_IIS_NETWORK: LogonType = (SECURITY_LOGON_TYPE)IIS_Network; break;
case LOGON32_LOGON_NETWORK: LogonType = Network; break;
case LOGON32_LOGON_INTERACTIVE: LogonType = Interactive; break;
case LOGON32_LOGON_BATCH: LogonType = Batch; break;
case LOGON32_LOGON_SERVICE: LogonType = Service; break; case LOGON32_LOGON_NETWORK_CLEARTEXT: LogonType = NetworkCleartext; break;
default: BaseSetLastNTError(STATUS_INVALID_PARAMETER); return(FALSE); break; }
if ( lpszWorkstation == NULL ) { DWORD dwL = MAX_COMPUTERNAME_LENGTH+1; if ( !GetComputerNameW( achComputerName, &dwL ) ) { return(FALSE); } lpszWorkstation = achComputerName; }
//
// Initialize LSA stuff only once
//
if ( !fLsaInitialized ) { LockLogon();
if ( !fLsaInitialized ) { if ( !L32pInitLsa() ) { UnlockLogon(); return FALSE; } }
UnlockLogon(); }
//
// Validate the parameters. NULL or empty domain or NULL or empty
// user name is invalid.
//
RtlInitUnicodeString(&Username, lpszUsername); if (Username.Length == 0) { BaseSetLastNTError(STATUS_INVALID_PARAMETER); return(FALSE); }
RtlInitUnicodeString(&Domain, lpszDomain); RtlInitString(&Password, lpszPassword);
//
// Finally, init the workstation
//
RtlInitUnicodeString(&Workstation, lpszWorkstation);
//
// Get a logon sid to refer to this guy (not that anyone will be able to
// use it...
//
pLogonSid = L32CreateLogonSid(NULL); if (!pLogonSid) { BaseSetLastNTError(STATUS_NO_MEMORY); return(FALSE); }
//
// Attempt the logon
//
Status = L32pLogonNetUser( Logon32LsaHandle, Logon32MsvHandle, LogonType, &Username, &Domain, &Password, &Workstation, dwSubAuth, pLogonSid, &LogonId, phToken, &Logon32QuotaLimits, &Profile, &ProfileLength, &SubStatus);
//
// Done with logon sid, regardless of result:
//
LocalFree( pLogonSid );
if (!NT_SUCCESS(Status)) { if (Status == STATUS_ACCOUNT_RESTRICTION) { BaseSetLastNTError(SubStatus); } else { BaseSetLastNTError(Status); }
return(FALSE); }
if (Profile != NULL) { if ( pExpiry != NULL ) { switch ( dwLogonType ) { case LOGON32_LOGON_IIS_NETWORK: case LOGON32_LOGON_NETWORK: memcpy( pExpiry, &(((PMSV1_0_LM20_LOGON_PROFILE)Profile) ->LogoffTime), sizeof(LARGE_INTEGER) ); break;
default: //
// if pwd never expire, MustChange.HighPart == 0x7fffffff
// if user cannot change pwd, CanChange == LastSet
//
if ( ((PMSV1_0_INTERACTIVE_PROFILE)Profile) ->PasswordMustChange.HighPart != 0x7fffffff ) { memcpy( pExpiry, &(((PMSV1_0_INTERACTIVE_PROFILE)Profile) ->PasswordMustChange), sizeof(LARGE_INTEGER) ); } else { ((PMSV1_0_INTERACTIVE_PROFILE)Profile) ->PasswordMustChange.LowPart = 0xffffffff; ((PMSV1_0_INTERACTIVE_PROFILE)Profile) ->PasswordMustChange.HighPart = 0x7fffffff; } break; } }
LsaFreeReturnBuffer(Profile); }
return(TRUE);}
BOOLWINAPIIISLogonNetUserA( PSTR lpszUsername, PSTR lpszDomain, PSTR lpszPassword, PSTR lpszWorkstation, DWORD dwSubAuth, DWORD dwLogonType, DWORD dwLogonProvider, HANDLE * phToken, LARGE_INTEGER * pExpiry )/*++
Routine Description:
Logs a user on via username and domain name via the LSA.
Arguments:
lpszUsername -- user name lpszDomain -- domain validating the user name lpszPassword -- clear text password, can be empty if a sub-auth DLL is used lpszWorkstation -- workstation requesting the login, can be NULL for local workstation dwSubAuth -- sub-auth DLL ID dwLogonType -- one of LOGON32_LOGON_NETWORK, LOGON32_LOGON_IIS_NETWORK dwLogonProvider -- must be LOGON32_PROVIDER_DEFAULT phToken -- created access token pExpiry -- ptr to pwd expiration time
Returns:
TRUE if success, FALSE if error
--*/{ UNICODE_STRING Username; UNICODE_STRING Domain; UNICODE_STRING Workstation; NTSTATUS Status; BOOL bRet;
Username.Buffer = NULL; Domain.Buffer = NULL; Workstation.Buffer = NULL;
if ( !RtlCreateUnicodeStringFromAsciiz(&Username, lpszUsername) ) { bRet = FALSE; goto Cleanup; }
if (!RtlCreateUnicodeStringFromAsciiz(&Domain, lpszDomain)) { bRet = FALSE; goto Cleanup; }
if ( lpszWorkstation ) { if (!RtlCreateUnicodeStringFromAsciiz(&Workstation, lpszWorkstation)) { bRet = FALSE; goto Cleanup; } }
bRet = IISLogonNetUserW( Username.Buffer, Domain.Buffer, lpszPassword, Workstation.Buffer, dwSubAuth, dwLogonType, dwLogonProvider, phToken, pExpiry ) ;
Cleanup:
if (Username.Buffer) { RtlFreeUnicodeString(&Username); }
if (Domain.Buffer) { RtlFreeUnicodeString(&Domain); }
if (Workstation.Buffer) { RtlFreeUnicodeString(&Workstation); }
return bRet;}
BOOLWINAPIIISNetUserCookieA( LPSTR lpszUsername, DWORD dwSeed, LPSTR lpszCookieBuff, DWORD dwBuffSize )/*++
Routine Description:
Compute logon validator ( to be used as password ) for IISSuba
Arguments:
lpszUsername -- user name dwSeed -- start value of cookie
Returns:
TRUE if success, FALSE if error
--*/{ UNICODE_STRING Username; LPWSTR lpwszUserName; NTSTATUS Status;#define TOHEX(a) ((a)>=10 ? 'a'+(a)-10 : '0'+(a))
if ( dwBuffSize < sizeof(dwSeed)*2 + 1 ) { SetLastError( ERROR_INSUFFICIENT_BUFFER ); return FALSE; }
if ( !RtlCreateUnicodeStringFromAsciiz(&Username, lpszUsername) ) { return FALSE; }
lpwszUserName = Username.Buffer; while ( *lpwszUserName ) { dwSeed = ((dwSeed << 5) | ( dwSeed >> 27 )) ^ ((*lpwszUserName++)&0xff); }
RtlFreeUnicodeString(&Username);
lpszCookieBuff[0] = '0' + IISSUBA_COOKIE; lpszCookieBuff[1] = '"';
for ( UINT x = 0, y = 2 ; x < sizeof(dwSeed) ; ++x ) { UINT v; v = ((LPBYTE)&dwSeed)[x]>>4; lpszCookieBuff[y++] = TOHEX( v ); v = ((LPBYTE)&dwSeed)[x]&0x0f; lpszCookieBuff[y++] = TOHEX( v ); } lpszCookieBuff[y] = '\0';
return TRUE;}
BOOLWINAPIIISLogonDigestUserA( PDIGEST_LOGON_INFO pDigestLogonInfo, DWORD dwAlgo, HANDLE * phToken )/*++
Routine Description:
Logs a user on via username and domain name via the LSA using Digest authentication
Arguments:
pDigestLogonInfo - Digest parameters for use in logon dwAlgo - type of logon phToken -- created access token
Returns:
TRUE if success, FALSE if error
--*/{ UNICODE_STRING Username; UNICODE_STRING Domain; STRING Password; NTSTATUS Status; BOOL bRet; char achA[3]; int l;
Username.Buffer = NULL; Domain.Buffer = NULL; Password.Buffer = NULL;
if (!RtlCreateUnicodeStringFromAsciiz(&Username, pDigestLogonInfo->pszNtUser)) { bRet = FALSE; goto Cleanup; }
if (!RtlCreateUnicodeStringFromAsciiz(&Domain, pDigestLogonInfo->pszDomain)) { bRet = FALSE; goto Cleanup; }
achA[0] = (int)dwAlgo + '0'; achA[1] = '"'; achA[2] = '\0';
l = strlen(achA) + strlen(pDigestLogonInfo->pszRealm) + strlen(pDigestLogonInfo->pszURI) + strlen(pDigestLogonInfo->pszMethod) + strlen(pDigestLogonInfo->pszNonce) + strlen(pDigestLogonInfo->pszCurrentNonce) + strlen(pDigestLogonInfo->pszResponse) + strlen(pDigestLogonInfo->pszUser) + strlen(pDigestLogonInfo->pszQOP) + strlen(pDigestLogonInfo->pszCNonce) + strlen(pDigestLogonInfo->pszNC) + 32; if ( Password.Buffer = (CHAR*)RtlAllocateHeap( RtlProcessHeap(), HEAP_ZERO_MEMORY, l) ) { Password.MaximumLength = (USHORT)l; } else { Password.MaximumLength = 0; } Password.Length = 0;
if( !NT_SUCCESS( Status = RtlAppendAsciizToString( &Password, achA)) || !NT_SUCCESS( Status = RtlAppendAsciizToString( &Password, pDigestLogonInfo->pszRealm)) || !NT_SUCCESS( Status = RtlAppendAsciizToString( &Password, "\"")) || !NT_SUCCESS( Status = RtlAppendAsciizToString( &Password, pDigestLogonInfo->pszURI)) || !NT_SUCCESS( Status = RtlAppendAsciizToString( &Password, "\"")) || !NT_SUCCESS( Status = RtlAppendAsciizToString( &Password, pDigestLogonInfo->pszMethod)) || !NT_SUCCESS( Status = RtlAppendAsciizToString( &Password, "\"")) || !NT_SUCCESS( Status = RtlAppendAsciizToString( &Password, pDigestLogonInfo->pszNonce)) || !NT_SUCCESS( Status = RtlAppendAsciizToString( &Password, "\"")) || !NT_SUCCESS( Status = RtlAppendAsciizToString( &Password, pDigestLogonInfo->pszCurrentNonce)) || !NT_SUCCESS( Status = RtlAppendAsciizToString( &Password, "\"")) || !NT_SUCCESS( Status = RtlAppendAsciizToString( &Password, pDigestLogonInfo->pszResponse)) || !NT_SUCCESS( Status = RtlAppendAsciizToString( &Password, "\"")) || !NT_SUCCESS( Status = RtlAppendAsciizToString( &Password, pDigestLogonInfo->pszUser)) || !NT_SUCCESS( Status = RtlAppendAsciizToString( &Password, "\"")) || !NT_SUCCESS( Status = RtlAppendAsciizToString( &Password, pDigestLogonInfo->pszQOP)) || !NT_SUCCESS( Status = RtlAppendAsciizToString( &Password, "\"")) || !NT_SUCCESS( Status = RtlAppendAsciizToString( &Password, pDigestLogonInfo->pszCNonce)) || !NT_SUCCESS( Status = RtlAppendAsciizToString( &Password, "\"")) || !NT_SUCCESS( Status = RtlAppendAsciizToString( &Password, pDigestLogonInfo->pszNC)) || !NT_SUCCESS( Status = RtlAppendAsciizToString( &Password, "\"")) ) { BaseSetLastNTError(Status); bRet = FALSE; goto Cleanup; }
bRet = IISLogonNetUserW( Username.Buffer, Domain.Buffer, Password.Buffer, NULL, IIS_SUBAUTH_ID, LOGON32_LOGON_IIS_NETWORK, LOGON32_PROVIDER_DEFAULT, phToken, NULL ) ;
Cleanup:
if (Username.Buffer) { RtlFreeUnicodeString(&Username); }
if (Domain.Buffer) { RtlFreeUnicodeString(&Domain); }
if ( Password.Buffer ) { RtlFreeHeap(RtlProcessHeap(), 0, Password.Buffer ); }
return bRet;}
BOOLWINAPIIISLogonPassportUserW( WCHAR * pszUserName, WCHAR * pszDomainName, HANDLE * phToken )/*++
Routine Description:
Get a passport user
Arguments:
pszUserName - User name pszDomainName - Domain name phToken - Receives token
Returns:
TRUE if success, FALSE if error
--*/{
BOOL bRet; STRING OriginName; NTSTATUS Status; KERB_S4U_LOGON* pLogonInfo; ULONG cbLogonInfo; STACK_BUFFER( buffLogonInfo, 256 ); DWORD cchUserName; DWORD cchDomainName; HANDLE hToken; TOKEN_SOURCE SourceContext; PKERB_INTERACTIVE_PROFILE pProfile = NULL; LUID LogonId; QUOTA_LIMITS Quotas; NTSTATUS SubStatus; DWORD cbProfile;
//
// Initialize LSA stuff only once
//
if ( !fLsaInitialized ) { LockLogon();
if ( !fLsaInitialized ) { if ( !L32pInitLsa() ) { UnlockLogon(); return FALSE; } }
UnlockLogon(); DBG_ASSERT( fLsaInitialized == TRUE ); }
//
// Set logon origin
//
RtlInitString(&OriginName, "IIS security API");
//
// Determine the size of the logon buffer
//
cchUserName = wcslen( pszUserName ); cchDomainName = wcslen( pszDomainName ); cbLogonInfo = sizeof( KERB_S4U_LOGON ); cbLogonInfo += ( cchUserName + 1 ) * sizeof( WCHAR ); cbLogonInfo += ( cchDomainName + 1 ) * sizeof( WCHAR );
bRet = buffLogonInfo.Resize( cbLogonInfo ); if ( !bRet ) { return FALSE; } pLogonInfo = (KERB_S4U_LOGON*) buffLogonInfo.QueryPtr(); //
// Setup the logon buffer
//
pLogonInfo->MessageType = KerbS4ULogon; pLogonInfo->Flags = 0;
memcpy( pLogonInfo + 1, pszUserName, ( cchUserName + 1 ) * sizeof( WCHAR ) ); memcpy( (PBYTE)( pLogonInfo + 1 ) + ( cchUserName + 1 ) * sizeof( WCHAR ), pszDomainName, ( cchDomainName + 1 ) );
pLogonInfo->ClientUpn.Length = (USHORT) cchUserName * sizeof( WCHAR ); pLogonInfo->ClientUpn.MaximumLength = (USHORT) cchUserName * sizeof( WCHAR ); pLogonInfo->ClientUpn.Buffer = (WCHAR*) (pLogonInfo + 1); pLogonInfo->ClientRealm.Length = (USHORT) cchDomainName * sizeof( WCHAR ); pLogonInfo->ClientRealm.MaximumLength = (USHORT) cchDomainName * sizeof( WCHAR ); pLogonInfo->ClientRealm.Buffer = (WCHAR*) ((PBYTE)(pLogonInfo+1) + (cchUserName + 1)*sizeof(WCHAR));
//
// Do the logon
//
Status = LsaLogonUser( Logon32LsaHandle, &OriginName, Network, Logon32KerberosHandle, pLogonInfo, cbLogonInfo, NULL, &SourceContext, (PVOID*) &pProfile, &cbProfile, &LogonId, &hToken, &Quotas, &SubStatus );
if ( !NT_SUCCESS( Status ) ) { SetLastError( Status ); return FALSE; }
DBG_ASSERT( hToken != NULL );
*phToken = hToken; return TRUE;}
�/*******************************************************************
NAME: GetDefaultDomainName
SYNOPSIS: Fills in the given array with the name of the default domain to use for logon validation.
ENTRY: pszDomainName - Pointer to a buffer that will receive the default domain name.
cchDomainName - The size (in charactesr) of the domain name buffer.
RETURNS: TRUE if successful, FALSE if not.
HISTORY: KeithMo 05-Dec-1994 Created.
********************************************************************/BOOLIISGetDefaultDomainName( CHAR * pszDomainName, DWORD cchDomainName ){ OBJECT_ATTRIBUTES ObjectAttributes; NTSTATUS NtStatus; INT Result; DWORD err = 0; LSA_HANDLE LsaPolicyHandle = NULL; PPOLICY_ACCOUNT_DOMAIN_INFO DomainInfo = NULL;
//
// Open a handle to the local machine's LSA policy object.
//
InitializeObjectAttributes( &ObjectAttributes, // object attributes
NULL, // name
0L, // attributes
NULL, // root directory
NULL ); // security descriptor
NtStatus = LsaOpenPolicy( NULL, // system name
&ObjectAttributes, // object attributes
POLICY_EXECUTE, // access mask
&LsaPolicyHandle ); // policy handle
if( !NT_SUCCESS( NtStatus ) ) { DBGPRINTF(( DBG_CONTEXT, "cannot open lsa policy, error %08lX\n", NtStatus ));
err = LsaNtStatusToWinError( NtStatus );
// Failure LsaOpenPolicy() does not guarantee that
// LsaPolicyHandle was not touched.
LsaPolicyHandle = NULL;
goto Cleanup; }
//
// Query the domain information from the policy object.
//
NtStatus = LsaQueryInformationPolicy( LsaPolicyHandle, PolicyAccountDomainInformation, (PVOID *)&DomainInfo );
if( !NT_SUCCESS( NtStatus ) ) {
DBGPRINTF(( DBG_CONTEXT, "cannot query lsa policy info, error %08lX\n", NtStatus ));
err = LsaNtStatusToWinError( NtStatus ); goto Cleanup; }
//
// Convert the name from UNICODE to ANSI.
//
Result = WideCharToMultiByte( CP_ACP, 0, // flags
(LPCWSTR)DomainInfo->DomainName.Buffer, DomainInfo->DomainName.Length / sizeof(WCHAR), pszDomainName, cchDomainName - 1, // save room for '\0'
NULL, NULL );
if( Result <= 0 ) { err = GetLastError();
DBGPRINTF(( DBG_CONTEXT, "cannot convert domain name to ANSI, error %d\n", err ));
goto Cleanup; }
//
// Ensure the ANSI string is zero terminated.
//
DBG_ASSERT( (DWORD)Result < cchDomainName );
pszDomainName[Result] = '\0';
//
// Success!
//
DBG_ASSERT( err == 0 );
Cleanup:
if( DomainInfo != NULL ) { LsaFreeMemory( (PVOID)DomainInfo ); }
if( LsaPolicyHandle != NULL ) { LsaClose( LsaPolicyHandle ); }
if ( err ) { SetLastError( err ); return FALSE; }
return TRUE;
} // IISGetDefaultDomainName
|
