Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

722 lines
22 KiB

  1. /* Copyright (c) 1993, Microsoft Corporation, all rights reserved
  2. **
  3. ** clsa.c
  4. ** Client-side LSA Authentication Utilities
  5. **
  6. ** 11/12/93 MikeSa Pulled from NT 3.1 RAS authentication.
  7. */
  8. #define UNICODE
  9. #include <nt.h>
  10. #include <ntrtl.h>
  11. #include <nturtl.h>
  12. #include <ntlsa.h>
  13. #include <ntmsv1_0.h>
  14. #include <crypt.h>
  15. #include <windows.h>
  16. #include <lmcons.h>
  17. #include <string.h>
  18. #include <stdlib.h>
  19. #include <rasman.h>
  20. #include <raserror.h>
  21. #include <rtutils.h>
  22. //
  23. //Revisit the tracing for common components
  24. //in BC timeframe.
  25. //This really sucks...
  26. BOOL GetDESChallengeResponse(
  27. IN DWORD dwTraceId,
  28. IN PCHAR pszPassword,
  29. IN PBYTE pchChallenge,
  30. OUT PBYTE pchChallengeResponse
  31. );
  32. BOOL GetMD5ChallengeResponse(
  33. IN DWORD dwTraceId,
  34. IN PCHAR pszPassword,
  35. IN PBYTE pchChallenge,
  36. OUT PBYTE pchChallengeResponse
  37. );
  38. BOOL Uppercase(IN DWORD dwTraceId, PBYTE pString);
  39. #define GCR_MACHINE_CREDENTIAL 0x400
  40. DWORD
  41. RegisterLSA (DWORD dwTraceId,
  42. OUT HANDLE * phLsa,
  43. OUT DWORD * pdwAuthPkgId)
  44. {
  45. NTSTATUS ntstatus;
  46. STRING LsaName;
  47. LSA_OPERATIONAL_MODE LSASecurityMode ;
  48. TracePrintfExA (dwTraceId, 0x00010000|TRACE_USE_MASK|TRACE_USE_MSEC, "RegisterLSA" );
  49. //
  50. // To be able to do authentications, we have to
  51. // register with the Lsa as a logon process.
  52. //
  53. RtlInitString(&LsaName, "CCHAP");
  54. *phLsa = NULL;
  55. ntstatus = LsaRegisterLogonProcess(&LsaName,
  56. phLsa,
  57. &LSASecurityMode);
  58. if (ntstatus != STATUS_SUCCESS)
  59. {
  60. TracePrintfExA (dwTraceId, 0x00010000|TRACE_USE_MASK|TRACE_USE_MSEC, "LsaregisterLogonProcess Failed" );
  61. return (1);
  62. }
  63. //
  64. // We use the MSV1_0 authentication package for LM2.x
  65. // logons. We get to MSV1_0 via the Lsa. So we call
  66. // Lsa to get MSV1_0's package id, which we'll use in
  67. // later calls to Lsa.
  68. //
  69. RtlInitString(&LsaName, MSV1_0_PACKAGE_NAME);
  70. ntstatus = LsaLookupAuthenticationPackage(*phLsa,
  71. &LsaName,
  72. pdwAuthPkgId);
  73. if (ntstatus != STATUS_SUCCESS)
  74. {
  75. TracePrintfExA (dwTraceId, 0x00010000|TRACE_USE_MASK|TRACE_USE_MSEC, "LsaLookupAuthenticationPackage Failed" );
  76. return (1);
  77. }
  78. return NO_ERROR;
  79. }
  80. DWORD
  81. GetMachineCredentials
  82. (
  83. IN DWORD dwTraceId,
  84. IN PBYTE pszMachineName,
  85. IN PLUID pLuid,
  86. IN PBYTE pbChallenge,
  87. OUT PBYTE CaseInsensitiveChallengeResponse,
  88. OUT PBYTE CaseSensitiveChallengeResponse,
  89. OUT PBYTE pLmSessionKey,
  90. OUT PBYTE pUserSessionKey
  91. )
  92. {
  93. DWORD dwRetCode = NO_ERROR;
  94. DWORD dwChallengeResponseRequestLength;
  95. DWORD dwChallengeResponseLength;
  96. MSV1_0_GETCHALLENRESP_REQUEST ChallengeResponseRequest;
  97. PMSV1_0_GETCHALLENRESP_RESPONSE pChallengeResponse;
  98. NTSTATUS status;
  99. NTSTATUS substatus;
  100. HANDLE hLsa = NULL;
  101. DWORD dwAuthPkgId = 0;
  102. dwRetCode = RegisterLSA ( dwTraceId,
  103. &hLsa,
  104. &dwAuthPkgId
  105. );
  106. if ( NO_ERROR != dwRetCode )
  107. goto LDone;
  108. ZeroMemory( &ChallengeResponseRequest, sizeof(ChallengeResponseRequest) );
  109. dwChallengeResponseRequestLength =
  110. sizeof(MSV1_0_GETCHALLENRESP_REQUEST);
  111. ChallengeResponseRequest.MessageType =
  112. MsV1_0Lm20GetChallengeResponse;
  113. ChallengeResponseRequest.ParameterControl =
  114. RETURN_PRIMARY_LOGON_DOMAINNAME |
  115. RETURN_PRIMARY_USERNAME |
  116. USE_PRIMARY_PASSWORD|
  117. GCR_MACHINE_CREDENTIAL;
  118. ChallengeResponseRequest.LogonId = *pLuid;
  119. ChallengeResponseRequest.Password.Length = 0;
  120. ChallengeResponseRequest.Password.MaximumLength = 0;
  121. ChallengeResponseRequest.Password.Buffer = NULL;
  122. RtlMoveMemory( ChallengeResponseRequest.ChallengeToClient,
  123. pbChallenge,
  124. (DWORD) MSV1_0_CHALLENGE_LENGTH);
  125. status = LsaCallAuthenticationPackage(hLsa,
  126. dwAuthPkgId,
  127. &ChallengeResponseRequest,
  128. dwChallengeResponseRequestLength,
  129. (PVOID *) &pChallengeResponse,
  130. &dwChallengeResponseLength,
  131. &substatus);
  132. if ( (status != STATUS_SUCCESS)
  133. || (substatus != STATUS_SUCCESS))
  134. {
  135. TracePrintfExA ( dwTraceId,
  136. 0x00010000|TRACE_USE_MASK|TRACE_USE_MSEC,
  137. "LsaCallAuthenticationPackage failed status:0x%x substatus:0x%x", status, substatus );
  138. dwRetCode = 1 ;
  139. }
  140. else
  141. {
  142. if(NULL !=
  143. pChallengeResponse->CaseInsensitiveChallengeResponse.Buffer)
  144. {
  145. RtlMoveMemory(CaseInsensitiveChallengeResponse,
  146. pChallengeResponse->CaseInsensitiveChallengeResponse.Buffer,
  147. SESSION_PWLEN);
  148. }
  149. else
  150. {
  151. ZeroMemory(CaseInsensitiveChallengeResponse,
  152. SESSION_PWLEN);
  153. }
  154. if(NULL !=
  155. pChallengeResponse->CaseSensitiveChallengeResponse.Buffer)
  156. {
  157. RtlMoveMemory(CaseSensitiveChallengeResponse,
  158. pChallengeResponse->CaseSensitiveChallengeResponse.Buffer,
  159. SESSION_PWLEN);
  160. }
  161. else
  162. {
  163. ZeroMemory(CaseSensitiveChallengeResponse,
  164. SESSION_PWLEN);
  165. }
  166. RtlMoveMemory(pLmSessionKey,
  167. pChallengeResponse->LanmanSessionKey,
  168. MAX_SESSIONKEY_SIZE);
  169. RtlMoveMemory(pUserSessionKey,
  170. pChallengeResponse->UserSessionKey,
  171. MAX_USERSESSIONKEY_SIZE);
  172. LsaFreeReturnBuffer(pChallengeResponse);
  173. }
  174. LDone:
  175. if ( hLsa )
  176. {
  177. LsaDeregisterLogonProcess (hLsa);
  178. }
  179. return dwRetCode;
  180. }
  181. DWORD
  182. GetChallengeResponse(
  183. IN DWORD dwTraceId,
  184. IN PBYTE pszUsername,
  185. IN PBYTE pszPassword,
  186. IN PLUID pLuid,
  187. IN PBYTE pbChallenge,
  188. IN BOOL fMachineAuth,
  189. OUT PBYTE CaseInsensitiveChallengeResponse,
  190. OUT PBYTE CaseSensitiveChallengeResponse,
  191. OUT PBYTE pfUseNtResponse,
  192. OUT PBYTE pLmSessionKey,
  193. OUT PBYTE pUserSessionKey
  194. )
  195. {
  196. DWORD dwRetCode = ERROR_SUCCESS;
  197. *pfUseNtResponse = TRUE;
  198. TracePrintfExA (dwTraceId, 0x00010000|TRACE_USE_MASK|TRACE_USE_MSEC, "GetChallengeResponse" );
  199. //
  200. // Check if we're supposed to get credentials from the system
  201. //
  202. if ( fMachineAuth )
  203. {
  204. if ( ( dwRetCode = GetMachineCredentials (
  205. dwTraceId,
  206. pszUsername,
  207. pLuid,
  208. pbChallenge,
  209. CaseInsensitiveChallengeResponse,
  210. CaseSensitiveChallengeResponse,
  211. pLmSessionKey,
  212. pUserSessionKey
  213. ) ) )
  214. {
  215. TracePrintfExA (dwTraceId,
  216. 0x00010000|TRACE_USE_MASK|TRACE_USE_MSEC,
  217. "GetMachineCredentials Failed ErrorCode: 0x%x",
  218. dwRetCode );
  219. return (ERROR_AUTH_INTERNAL);
  220. }
  221. }
  222. else if (lstrlenA(pszUsername))
  223. {
  224. if (lstrlenA(pszPassword) <= LM20_PWLEN)
  225. {
  226. if (!GetDESChallengeResponse(dwTraceId, pszPassword, pbChallenge,
  227. CaseInsensitiveChallengeResponse))
  228. {
  229. //We dont want to send back the error that
  230. //this function must have failed with
  231. //but just log it in our logs...
  232. TracePrintfExA (dwTraceId, 0x00010000|TRACE_USE_MASK|TRACE_USE_MSEC, "GetDESChallangeResponse Failed" );
  233. return (ERROR_AUTH_INTERNAL);
  234. }
  235. }
  236. //
  237. // And we'll always get the case sensitive response.
  238. //
  239. if (!GetMD5ChallengeResponse(dwTraceId, pszPassword, pbChallenge,
  240. CaseSensitiveChallengeResponse))
  241. {
  242. TracePrintfExA (dwTraceId, 0x00010000|TRACE_USE_MASK|TRACE_USE_MSEC, "GetMD5ChallangeResponse Failed" );
  243. return (ERROR_AUTH_INTERNAL);
  244. }
  245. }
  246. else
  247. {
  248. WCHAR Username[UNLEN + DNLEN + 1];
  249. //
  250. // need to make sure that Rasman is started
  251. //
  252. dwRetCode = RasInitialize();
  253. if ( NO_ERROR != dwRetCode )
  254. {
  255. TracePrintfExA (dwTraceId, 0x00010000|TRACE_USE_MASK|TRACE_USE_MSEC, "RasInitialize Failed ErrorCode: 0x%x", dwRetCode );
  256. return dwRetCode;
  257. }
  258. dwRetCode = RasReferenceRasman(TRUE);
  259. if ( NO_ERROR != dwRetCode )
  260. {
  261. TracePrintfExA (dwTraceId, 0x00010000|TRACE_USE_MASK|TRACE_USE_MSEC, "RasReferenceRasman Failed ErrorCode: 0x%x", dwRetCode );
  262. return dwRetCode;
  263. }
  264. //
  265. // We can get credentials from the system
  266. //
  267. if ( ( dwRetCode = RasGetUserCredentials(
  268. pbChallenge,
  269. pLuid,
  270. Username,
  271. CaseSensitiveChallengeResponse,
  272. CaseInsensitiveChallengeResponse,
  273. pLmSessionKey,
  274. pUserSessionKey
  275. ) ) )
  276. {
  277. TracePrintfExA (dwTraceId, 0x00010000|TRACE_USE_MASK|TRACE_USE_MSEC, "RasGetUserCredentials Failed ErrorCode: 0x%x", dwRetCode );
  278. RasReferenceRasman(FALSE);
  279. return (ERROR_AUTH_INTERNAL);
  280. }
  281. WideCharToMultiByte(
  282. CP_ACP,
  283. 0,
  284. Username,
  285. -1,
  286. pszUsername,
  287. UNLEN + 1,
  288. NULL,
  289. NULL);
  290. //
  291. // What if the conversion fails?
  292. //
  293. pszUsername[UNLEN] = 0;
  294. RasReferenceRasman(FALSE);
  295. }
  296. TracePrintfExA (dwTraceId, 0x00010000|TRACE_USE_MASK|TRACE_USE_MSEC, "GetChallengeResponse Success");
  297. return (0L);
  298. }
  299. BOOL GetDESChallengeResponse(
  300. IN DWORD dwTraceId,
  301. IN PCHAR pszPassword,
  302. IN PBYTE pchChallenge,
  303. OUT PBYTE pchChallengeResponse
  304. )
  305. {
  306. CHAR LocalPassword[LM20_PWLEN + 1];
  307. DWORD dwRetCode = ERROR_SUCCESS;
  308. LM_OWF_PASSWORD LmOwfPassword;
  309. TracePrintfExA (dwTraceId, 0x00010000|TRACE_USE_MASK|TRACE_USE_MSEC, "GetDESChallengeResponse" );
  310. if (lstrlenA(pszPassword) > LM20_PWLEN)
  311. {
  312. TracePrintfExA (dwTraceId, 0x00010000|TRACE_USE_MASK|TRACE_USE_MSEC, "too big" );
  313. return (FALSE);
  314. }
  315. lstrcpyA(LocalPassword, pszPassword);
  316. if (!Uppercase(dwTraceId, LocalPassword))
  317. {
  318. TracePrintfExA (dwTraceId, 0x00010000|TRACE_USE_MASK|TRACE_USE_MSEC, "UpperCase Fail" );
  319. RtlSecureZeroMemory( LocalPassword, LM20_PWLEN );
  320. return (FALSE);
  321. }
  322. //
  323. // Encrypt standard text with the password as a key
  324. //
  325. if (( dwRetCode = RtlCalculateLmOwfPassword((PLM_PASSWORD) LocalPassword, &LmOwfPassword) ))
  326. {
  327. TracePrintfExA (dwTraceId, 0x00010000|TRACE_USE_MASK|TRACE_USE_MSEC, "GetDesChallengeResponse Fail 1. ErrorCode: 0x%x", dwRetCode );
  328. RtlSecureZeroMemory( LocalPassword, LM20_PWLEN );
  329. return (FALSE);
  330. }
  331. //
  332. // Use the challenge sent by the gateway to encrypt the
  333. // password digest from above.
  334. //
  335. if ( ( dwRetCode = RtlCalculateLmResponse((PLM_CHALLENGE) pchChallenge,
  336. &LmOwfPassword, (PLM_RESPONSE) pchChallengeResponse) ) )
  337. {
  338. TracePrintfExA (dwTraceId, 0x00010000|TRACE_USE_MASK|TRACE_USE_MSEC, "GetDesChallengeResponse Fail 2. ErrorCode: 0x%x", dwRetCode );
  339. RtlSecureZeroMemory( LocalPassword, LM20_PWLEN );
  340. return (FALSE);
  341. }
  342. #ifdef CHAPSAMPLES
  343. TRACE( "LM challenge..." );
  344. DUMPB( pchChallenge, sizeof(LM_CHALLENGE) );
  345. TRACE( "LM password..." );
  346. DUMPB( LocalPassword, LM20_PWLEN );
  347. TRACE( "LM OWF password..." );
  348. DUMPB( &LmOwfPassword, sizeof(LM_OWF_PASSWORD) );
  349. TRACE( "LM Response..." );
  350. DUMPB( pchChallengeResponse, sizeof(LM_RESPONSE) );
  351. #endif
  352. RtlSecureZeroMemory( LocalPassword, LM20_PWLEN );
  353. TracePrintfExA (dwTraceId, 0x00010000|TRACE_USE_MASK|TRACE_USE_MSEC, "GetDESChallengeResponse Success" );
  354. return (TRUE);
  355. }
  356. BOOL GetMD5ChallengeResponse(
  357. IN DWORD dwTraceId,
  358. IN PCHAR pszPassword,
  359. IN PBYTE pchChallenge,
  360. OUT PBYTE pchChallengeResponse
  361. )
  362. {
  363. NT_PASSWORD NtPassword;
  364. NT_OWF_PASSWORD NtOwfPassword;
  365. DWORD dwRetCode = ERROR_SUCCESS;
  366. TracePrintfExA (dwTraceId, 0x00010000|TRACE_USE_MASK|TRACE_USE_MSEC, "GetMD5ChallengeResponse Success" );
  367. RtlCreateUnicodeStringFromAsciiz(&NtPassword, pszPassword);
  368. //
  369. // Encrypt standard text with the password as a key
  370. //
  371. if (( dwRetCode = RtlCalculateNtOwfPassword(&NtPassword, &NtOwfPassword) ) )
  372. {
  373. TracePrintfExA (dwTraceId, 0x00010000|TRACE_USE_MASK|TRACE_USE_MSEC, "GetMD5ChallengeResponse Fail 1. ErrorCode:0x%x", dwRetCode );
  374. return (FALSE);
  375. }
  376. //
  377. // Use the challenge sent by the gateway to encrypt the
  378. // password digest from above.
  379. //
  380. if (( dwRetCode = RtlCalculateNtResponse((PNT_CHALLENGE) pchChallenge,
  381. &NtOwfPassword, (PNT_RESPONSE) pchChallengeResponse) ) )
  382. {
  383. TracePrintfExA (dwTraceId, 0x00010000|TRACE_USE_MASK|TRACE_USE_MSEC, "GetMD5ChallengeResponse Fail 2. ErrorCode:0x%x", dwRetCode );
  384. return (FALSE);
  385. }
  386. #ifdef CHAPSAMPLES
  387. TRACE( "NT Challenge..." );
  388. DUMPB( pchChallenge, sizeof(NT_CHALLENGE) );
  389. TRACE( "NT password..." );
  390. DUMPB( NtPassword.Buffer, NtPassword.MaximumLength );
  391. TRACE( "NT OWF password..." );
  392. DUMPB( &NtOwfPassword, sizeof(NT_OWF_PASSWORD) );
  393. TRACE( "NT Response..." );
  394. DUMPB( pchChallengeResponse, sizeof(NT_RESPONSE) );
  395. #endif
  396. RtlFreeUnicodeString(&NtPassword);
  397. TracePrintfExA (dwTraceId, 0x00010000|TRACE_USE_MASK|TRACE_USE_MSEC, "GetMD5ChallengeResponse Success" );
  398. return (TRUE);
  399. }
  400. DWORD GetEncryptedOwfPasswordsForChangePassword(
  401. IN PCHAR pClearTextOldPassword,
  402. IN PCHAR pClearTextNewPassword,
  403. IN PLM_SESSION_KEY pLmSessionKey,
  404. OUT PENCRYPTED_LM_OWF_PASSWORD pEncryptedLmOwfOldPassword,
  405. OUT PENCRYPTED_LM_OWF_PASSWORD pEncryptedLmOwfNewPassword,
  406. OUT PENCRYPTED_NT_OWF_PASSWORD pEncryptedNtOwfOldPassword,
  407. OUT PENCRYPTED_NT_OWF_PASSWORD pEncryptedNtOwfNewPassword
  408. )
  409. {
  410. NT_PASSWORD NtPassword;
  411. NT_OWF_PASSWORD NtOwfPassword;
  412. DWORD rc;
  413. if ((lstrlenA(pClearTextOldPassword) <= LM20_PWLEN) &&
  414. (lstrlenA(pClearTextNewPassword) <= LM20_PWLEN))
  415. {
  416. CHAR LmPassword[LM20_PWLEN + 1] = {0};
  417. LM_OWF_PASSWORD LmOwfPassword;
  418. //
  419. // Make an uppercased-version of old password
  420. //
  421. lstrcpynA ( LmPassword, pClearTextOldPassword, LM20_PWLEN );
  422. if (!Uppercase(0, LmPassword))
  423. {
  424. //memset(LmPassword, 0, lstrlenA(LmPassword));
  425. RtlSecureZeroMemory(LmPassword, lstrlenA(LmPassword));
  426. return (1L);
  427. }
  428. //
  429. // We need to calculate the OWF's for the old and new passwords
  430. //
  431. rc = RtlCalculateLmOwfPassword((PLM_PASSWORD) LmPassword,
  432. &LmOwfPassword);
  433. if (!NT_SUCCESS(rc))
  434. {
  435. // memset(LmPassword, 0, lstrlenA(LmPassword));
  436. RtlSecureZeroMemory(LmPassword, lstrlenA(LmPassword));
  437. return (rc);
  438. }
  439. rc = RtlEncryptLmOwfPwdWithLmSesKey(&LmOwfPassword, pLmSessionKey,
  440. pEncryptedLmOwfOldPassword);
  441. if (!NT_SUCCESS(rc))
  442. {
  443. // memset(LmPassword, 0, lstrlenA(LmPassword));
  444. RtlSecureZeroMemory(LmPassword, lstrlenA(LmPassword));
  445. return (rc);
  446. }
  447. //
  448. // Make an uppercased-version of new password
  449. //
  450. lstrcpynA ( LmPassword, pClearTextNewPassword, LM20_PWLEN );
  451. if (!Uppercase(0, LmPassword))
  452. {
  453. // memset(LmPassword, 0, lstrlenA(LmPassword));
  454. RtlSecureZeroMemory(LmPassword, lstrlenA(LmPassword));
  455. return (1L);
  456. }
  457. rc = RtlCalculateLmOwfPassword((PLM_PASSWORD) LmPassword,
  458. &LmOwfPassword);
  459. if (!NT_SUCCESS(rc))
  460. {
  461. // memset(LmPassword, 0, lstrlenA(LmPassword));
  462. RtlSecureZeroMemory(LmPassword, lstrlenA(LmPassword));
  463. return (rc);
  464. }
  465. rc = RtlEncryptLmOwfPwdWithLmSesKey(&LmOwfPassword, pLmSessionKey,
  466. pEncryptedLmOwfNewPassword);
  467. if (!NT_SUCCESS(rc))
  468. {
  469. // memset(LmPassword, 0, lstrlenA(LmPassword));
  470. RtlSecureZeroMemory(LmPassword, lstrlenA(LmPassword));
  471. return (rc);
  472. }
  473. }
  474. RtlCreateUnicodeStringFromAsciiz(&NtPassword, pClearTextOldPassword);
  475. rc = RtlCalculateNtOwfPassword(&NtPassword, &NtOwfPassword);
  476. if (!NT_SUCCESS(rc))
  477. {
  478. // memset(NtPassword.Buffer, 0, NtPassword.Length);
  479. RtlSecureZeroMemory(NtPassword.Buffer, NtPassword.Length);
  480. return (rc);
  481. }
  482. rc = RtlEncryptNtOwfPwdWithNtSesKey(&NtOwfPassword, pLmSessionKey,
  483. pEncryptedNtOwfOldPassword);
  484. if (!NT_SUCCESS(rc))
  485. {
  486. // memset(NtPassword.Buffer, 0, NtPassword.Length);
  487. RtlSecureZeroMemory(NtPassword.Buffer, NtPassword.Length);
  488. return (rc);
  489. }
  490. RtlCreateUnicodeStringFromAsciiz(&NtPassword, pClearTextNewPassword);
  491. rc = RtlCalculateNtOwfPassword(&NtPassword, &NtOwfPassword);
  492. if (!NT_SUCCESS(rc))
  493. {
  494. // memset(NtPassword.Buffer, 0, NtPassword.Length);
  495. RtlSecureZeroMemory(NtPassword.Buffer, NtPassword.Length);
  496. return (rc);
  497. }
  498. rc = RtlEncryptNtOwfPwdWithNtSesKey(&NtOwfPassword, pLmSessionKey,
  499. pEncryptedNtOwfNewPassword);
  500. if (!NT_SUCCESS(rc))
  501. {
  502. // memset(NtPassword.Buffer, 0, NtPassword.Length);
  503. RtlSecureZeroMemory(NtPassword.Buffer, NtPassword.Length);
  504. return (rc);
  505. }
  506. return (0L);
  507. }
  508. BOOL Uppercase(DWORD dwTraceId, PBYTE pString)
  509. {
  510. OEM_STRING OemString;
  511. ANSI_STRING AnsiString;
  512. UNICODE_STRING UnicodeString;
  513. NTSTATUS rc;
  514. RtlInitAnsiString(&AnsiString, pString);
  515. rc = RtlAnsiStringToUnicodeString(&UnicodeString, &AnsiString, TRUE);
  516. if (!NT_SUCCESS(rc))
  517. {
  518. if ( dwTraceId )
  519. TracePrintfExA (dwTraceId, 0x00010000|TRACE_USE_MASK|TRACE_USE_MSEC, "UpperCase Fail 1. ErrorCode:%x", rc );
  520. return (FALSE);
  521. }
  522. rc = RtlUpcaseUnicodeStringToOemString(&OemString, &UnicodeString, TRUE);
  523. if (!NT_SUCCESS(rc))
  524. {
  525. if ( dwTraceId )
  526. TracePrintfExA (dwTraceId, 0x00010000|TRACE_USE_MASK|TRACE_USE_MSEC, "UpperCase Fail 2. ErrorCode:%x", rc );
  527. RtlFreeUnicodeString(&UnicodeString);
  528. return (FALSE);
  529. }
  530. OemString.Buffer[OemString.Length] = '\0';
  531. lstrcpyA(pString, OemString.Buffer);
  532. RtlFreeOemString(&OemString);
  533. RtlFreeUnicodeString(&UnicodeString);
  534. return (TRUE);
  535. }
  536. VOID
  537. CGetSessionKeys(
  538. IN CHAR* pszPw,
  539. OUT LM_SESSION_KEY* pLmKey,
  540. OUT USER_SESSION_KEY* pUserKey )
  541. /* Loads caller's 'pLmKey' buffer with the LAN Manager session key and
  542. ** caller's 'pUserKey' buffer with the user session key associated with
  543. ** password 'pszPw'. If a session key cannot be calculated, that key is
  544. ** returned as all zeros.
  545. */
  546. {
  547. /* The Lanman session key is the first 8 bytes of the Lanman
  548. ** one-way-function password.
  549. */
  550. {
  551. CHAR szPw[ LM20_PWLEN + 1 ];
  552. LM_OWF_PASSWORD lmowf;
  553. memset( pLmKey, '\0', sizeof(*pLmKey) );
  554. if (strlen( pszPw ) <= LM20_PWLEN )
  555. {
  556. memset( szPw, '\0', LM20_PWLEN + 1 );
  557. strcpy( szPw, pszPw );
  558. if (Uppercase( 0, szPw ))
  559. {
  560. if (RtlCalculateLmOwfPassword(
  561. (PLM_PASSWORD )szPw, &lmowf ) == 0)
  562. {
  563. memcpy( pLmKey, &lmowf, sizeof(*pLmKey) );
  564. }
  565. }
  566. memset( szPw, '\0', sizeof(szPw) );
  567. }
  568. }
  569. /* The user session key is the NT one-way-function of the NT
  570. ** one-way-function password.
  571. */
  572. {
  573. WCHAR szPw[ PWLEN + 1 ];
  574. NT_PASSWORD ntpw;
  575. NT_OWF_PASSWORD ntowf;
  576. ANSI_STRING ansi;
  577. memset( pUserKey, '\0', sizeof(pUserKey) );
  578. /* NT_PASSWORD is really a UNICODE_STRING, so we need to convert our
  579. ** ANSI password.
  580. */
  581. ntpw.Length = 0;
  582. ntpw.MaximumLength = sizeof(szPw);
  583. ntpw.Buffer = szPw;
  584. RtlInitAnsiString( &ansi, pszPw );
  585. RtlAnsiStringToUnicodeString( &ntpw, &ansi, FALSE );
  586. RtlCalculateNtOwfPassword( &ntpw, &ntowf );
  587. /* The first argument to RtlCalculateUserSessionKeyNt is the NT
  588. ** response, but it is not used internally.
  589. */
  590. RtlCalculateUserSessionKeyNt( NULL, &ntowf, pUserKey );
  591. // memset( szPw, '\0', sizeof(szPw) );
  592. RtlSecureZeroMemory(szPw, sizeof(szPw));
  593. }
  594. }