Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

1114 lines
29 KiB

  1. /*++
  2. Copyright (c) 1993 Microsoft Corporation
  3. Module Name:
  4. Security.c
  5. Abstract:
  6. This module implements security related tasks in the
  7. NetWare redirector.
  8. Author:
  9. Colin Watson [ColinW] 05-Nov-1993
  10. Revision History:
  11. --*/
  12. #include "Procs.h"
  13. #include <stdio.h>
  14. PLOGON
  15. FindUserByName(
  16. IN PUNICODE_STRING UserName
  17. );
  18. //
  19. // The local debug trace level
  20. //
  21. #define Dbg (DEBUG_TRACE_SECURITY)
  22. #ifdef ALLOC_PRAGMA
  23. #pragma alloc_text( PAGE, CreateAnsiUid )
  24. #pragma alloc_text( PAGE, MakeUidServer )
  25. #pragma alloc_text( PAGE, FindUser )
  26. #pragma alloc_text( PAGE, FindUserByName )
  27. #pragma alloc_text( PAGE, GetUid )
  28. #pragma alloc_text( PAGE, FreeLogon )
  29. #pragma alloc_text( PAGE, Logon )
  30. #pragma alloc_text( PAGE, Logoff )
  31. #pragma alloc_text( PAGE, GetDriveMapTable )
  32. #endif
  33. VOID
  34. CreateAnsiUid(
  35. OUT PCHAR aUid,
  36. IN PLARGE_INTEGER Uid
  37. )
  38. /*++
  39. Routine Description:
  40. This routine converts the Uid into an array of ansi characters,
  41. preserving the uniqueness and allocating the buffer in the process.
  42. Note: aUid needs to be 17 bytes long.
  43. Arguments:
  44. OUT PCHAR aUid,
  45. IN PLARGE_INTEGER Uid
  46. Return Value:
  47. Status
  48. --*/
  49. {
  50. PAGED_CODE();
  51. if (Uid->HighPart != 0) {
  52. sprintf( aUid, "%lx%08lx\\", Uid->HighPart, Uid->LowPart );
  53. } else {
  54. sprintf( aUid, "%lx\\", Uid->LowPart );
  55. }
  56. return;
  57. }
  58. NTSTATUS
  59. MakeUidServer(
  60. PUNICODE_STRING UidServer,
  61. PLARGE_INTEGER Uid,
  62. PUNICODE_STRING Server
  63. )
  64. /*++
  65. Routine Description:
  66. This routine makes a Unicode string of the form 3e7\servername
  67. Arguments:
  68. OUT PUNICODE_STRING UidServer,
  69. IN PLARGE_INTEGER Uid,
  70. IN PUNICODE_STRING Server
  71. Return Value:
  72. Status
  73. --*/
  74. {
  75. //
  76. // Translate the servername into the form 3e7\Server where 3e7
  77. // is the value of the Uid.
  78. //
  79. UCHAR aUid[17];
  80. ANSI_STRING AnsiString;
  81. ULONG UnicodeLength;
  82. NTSTATUS Status;
  83. PAGED_CODE();
  84. CreateAnsiUid( aUid, Uid);
  85. RtlInitAnsiString( &AnsiString, aUid );
  86. UnicodeLength = RtlAnsiStringToUnicodeSize(&AnsiString);
  87. //
  88. // Ensuring we don't cause overflow, corrupting memory
  89. //
  90. if ( (UnicodeLength + (ULONG)Server->Length) > 0xFFFF ) {
  91. return STATUS_INSUFFICIENT_RESOURCES;
  92. }
  93. UidServer->MaximumLength = (USHORT)UnicodeLength + Server->Length;
  94. UidServer->Buffer = ALLOCATE_POOL(PagedPool,UidServer->MaximumLength);
  95. if (UidServer->Buffer == NULL) {
  96. DebugTrace(-1, Dbg, "MakeUidServer -> %08lx\n", STATUS_INSUFFICIENT_RESOURCES);
  97. return STATUS_INSUFFICIENT_RESOURCES;
  98. }
  99. Status = RtlAnsiStringToUnicodeString( UidServer, &AnsiString, FALSE);
  100. ASSERT(NT_SUCCESS(Status) && "MakeUidServer failed!");
  101. Status = RtlAppendStringToString( (PSTRING)UidServer, (PSTRING)Server);
  102. ASSERT(NT_SUCCESS(Status) && "MakeUidServer part 2 failed!");
  103. return STATUS_SUCCESS;
  104. }
  105. PLOGON
  106. FindUser(
  107. IN PLARGE_INTEGER Uid,
  108. IN BOOLEAN ExactMatch
  109. )
  110. /*++
  111. Routine Description:
  112. This routine searches the LogonList for the user entry corresponding
  113. to Uid.
  114. Note: Rcb must be held to prevent LogonList being changed.
  115. Arguments:
  116. IN PLARGE_INTEGER Uid
  117. IN BOOLEAN ExactMatch - if TRUE, don't return a default
  118. Return Value:
  119. None
  120. --*/
  121. {
  122. PLIST_ENTRY LogonQueueEntry = LogonList.Flink;
  123. PLOGON DefaultLogon = NULL;
  124. PAGED_CODE();
  125. DebugTrace(+1, Dbg, "FindUser...\n", 0);
  126. DebugTrace( 0, Dbg, " ->UserUidHigh = %08lx\n", Uid->HighPart);
  127. DebugTrace( 0, Dbg, " ->UserUidLow = %08lx\n", Uid->LowPart);
  128. while ( LogonQueueEntry != &LogonList ) {
  129. PLOGON Logon = CONTAINING_RECORD( LogonQueueEntry, LOGON, Next );
  130. if ( (*Uid).QuadPart == Logon->UserUid.QuadPart ) {
  131. DebugTrace(-1, Dbg, " ... %x\n", Logon );
  132. return Logon;
  133. }
  134. LogonQueueEntry = Logon->Next.Flink;
  135. }
  136. if (ExactMatch) {
  137. DebugTrace(-1, Dbg, " ... DefaultLogon NULL\n", 0 );
  138. return NULL;
  139. }
  140. LogonQueueEntry = LogonList.Flink;
  141. while ( LogonQueueEntry != &LogonList ) {
  142. PLOGON Logon = CONTAINING_RECORD( LogonQueueEntry, LOGON, Next );
  143. if (Logon->UserUid.QuadPart == DefaultLuid.QuadPart) {
  144. //
  145. // This is the first Default Logon entry. If this UID is not
  146. // in the table then this is the one to use.
  147. //
  148. DebugTrace(-1, Dbg, " ... DefaultLogon %lx\n", Logon );
  149. return Logon;
  150. }
  151. LogonQueueEntry = Logon->Next.Flink;
  152. }
  153. ASSERT( FALSE && "Couldn't find the Id" );
  154. DebugTrace(-1, Dbg, " ... DefaultLogon NULL\n", 0 );
  155. return NULL;
  156. }
  157. PLOGON
  158. FindUserByName(
  159. IN PUNICODE_STRING UserName
  160. )
  161. /*++
  162. Routine Description:
  163. This routine searches the LogonList for the user entry corresponding
  164. to Username.
  165. Note: Rcb must be held to prevent LogonList being changed.
  166. Arguments:
  167. UserName - The user name to find.
  168. Return Value:
  169. If found, a pointer to the logon structure
  170. NULL, if no match
  171. --*/
  172. {
  173. PLIST_ENTRY LogonQueueEntry = LogonList.Flink;
  174. PLOGON Logon;
  175. PAGED_CODE();
  176. DebugTrace(+1, Dbg, "FindUserByName...\n", 0);
  177. DebugTrace( 0, Dbg, " ->UserName = %wZ\n", UserName);
  178. while ( LogonQueueEntry != &LogonList ) {
  179. Logon = CONTAINING_RECORD( LogonQueueEntry, LOGON, Next );
  180. if ( RtlEqualUnicodeString( UserName, &Logon->UserName, TRUE ) ) {
  181. DebugTrace(-1, Dbg, " ... %x\n", Logon );
  182. return Logon;
  183. }
  184. LogonQueueEntry = Logon->Next.Flink;
  185. }
  186. DebugTrace(-1, Dbg, " ... NULL\n", 0 );
  187. return NULL;
  188. }
  189. PVCB *
  190. GetDriveMapTable (
  191. IN LARGE_INTEGER Uid
  192. )
  193. /*++
  194. Routine Description:
  195. This routine searches the LogonList for the user entry corresponding
  196. to Uid and returns the drive map table.
  197. Note: Rcb must be held to prevent LogonList being changed.
  198. Arguments:
  199. Uid - The user ID to find.
  200. Return Value:
  201. Always returns a value, even if the default
  202. --*/
  203. {
  204. PLOGON Logon;
  205. PAGED_CODE();
  206. Logon = FindUser(&Uid, TRUE);
  207. if ( Logon != NULL )
  208. return Logon->DriveMapTable;
  209. else {
  210. DebugTrace(+1, Dbg, "Using Global Drive Map Table.\n", 0);
  211. return GlobalDriveMapTable;
  212. }
  213. }
  214. LARGE_INTEGER
  215. GetUid(
  216. IN PSECURITY_SUBJECT_CONTEXT SubjectSecurityContext
  217. )
  218. /*++
  219. Routine Description:
  220. This routine gets the effective UID to be used for this create.
  221. Arguments:
  222. SubjectSecurityContext - Supplies the information from IrpSp.
  223. Return Value:
  224. None
  225. --*/
  226. {
  227. LARGE_INTEGER LogonId;
  228. PAGED_CODE();
  229. DebugTrace(+1, Dbg, "GetUid ... \n", 0);
  230. // Is the thread currently impersonating someone else?
  231. if (SubjectSecurityContext->ClientToken != NULL) {
  232. //
  233. // If its impersonating someone that is logged in locally then use
  234. // the local id.
  235. //
  236. SeQueryAuthenticationIdToken(SubjectSecurityContext->ClientToken, (PLUID)&LogonId);
  237. if (FindUser(&LogonId, TRUE) == NULL) {
  238. //
  239. // Not logged on locally, use the processes LogonId so that the
  240. // gateway will work.
  241. //
  242. SeQueryAuthenticationIdToken(SubjectSecurityContext->PrimaryToken, (PLUID)&LogonId);
  243. }
  244. } else {
  245. //
  246. // Use the processes LogonId
  247. //
  248. SeQueryAuthenticationIdToken(SubjectSecurityContext->PrimaryToken, (PLUID)&LogonId);
  249. }
  250. DebugTrace( 0, Dbg, " ->UserUidHigh = %08lx\n", LogonId.HighPart);
  251. DebugTrace(-1, Dbg, " ->UserUidLow = %08lx\n", LogonId.LowPart);
  252. return LogonId;
  253. }
  254. VOID
  255. FreeLogon(
  256. IN PLOGON Logon
  257. )
  258. /*++
  259. Routine Description:
  260. This routine free's all the strings inside Logon and the structure itself.
  261. Arguments:
  262. IN PLOGON Logon
  263. Return Value:
  264. None
  265. --*/
  266. {
  267. PLIST_ENTRY pListEntry;
  268. PNDS_SECURITY_CONTEXT pContext;
  269. PAGED_CODE();
  270. if ((Logon == NULL) ||
  271. (Logon == &Guest)) {
  272. return;
  273. }
  274. if ( Logon->UserName.Buffer != NULL ) {
  275. FREE_POOL( Logon->UserName.Buffer );
  276. }
  277. if ( Logon->PassWord.Buffer != NULL ) {
  278. FREE_POOL( Logon->PassWord.Buffer );
  279. }
  280. if ( Logon->ServerName.Buffer != NULL ) {
  281. FREE_POOL( Logon->ServerName.Buffer );
  282. }
  283. while ( !IsListEmpty(&Logon->NdsCredentialList) ) {
  284. pListEntry = RemoveHeadList( &Logon->NdsCredentialList );
  285. pContext = CONTAINING_RECORD(pListEntry, NDS_SECURITY_CONTEXT, Next );
  286. FreeNdsContext( pContext );
  287. }
  288. ExDeleteResourceLite( &Logon->CredentialListResource );
  289. FREE_POOL( Logon );
  290. }
  291. NTSTATUS
  292. Logon(
  293. IN PIRP_CONTEXT IrpContext
  294. )
  295. /*++
  296. Routine Description:
  297. This routine takes the username and password supplied and makes
  298. them the default to be used for all connections.
  299. Arguments:
  300. IN PIRP_CONTEXT IrpContext - Io Request Packet for request
  301. Return Value:
  302. NTSTATUS
  303. --*/
  304. {
  305. NTSTATUS Status = STATUS_SUCCESS;
  306. PLOGON Logon = NULL;
  307. PIRP Irp = IrpContext->pOriginalIrp;
  308. PIO_STACK_LOCATION IrpSp = IoGetCurrentIrpStackLocation(Irp);
  309. PNWR_REQUEST_PACKET InputBuffer = Irp->AssociatedIrp.SystemBuffer;
  310. ULONGLONG InputBufferLength = IrpSp->Parameters.FileSystemControl.InputBufferLength;
  311. UNICODE_STRING ServerName;
  312. PNDS_SECURITY_CONTEXT pNdsContext;
  313. WCHAR FirstServerNameChar;
  314. PAGED_CODE();
  315. DebugTrace(+1, Dbg, "Logon\n", 0);
  316. try {
  317. //
  318. // Check some fields in the input buffer.
  319. //
  320. if (InputBufferLength < sizeof(NWR_REQUEST_PACKET)) {
  321. try_return(Status = STATUS_BUFFER_TOO_SMALL);
  322. }
  323. if (InputBuffer->Version != REQUEST_PACKET_VERSION) {
  324. try_return(Status = STATUS_INVALID_PARAMETER);
  325. }
  326. if (InputBufferLength <
  327. (ULONGLONG)(FIELD_OFFSET(NWR_REQUEST_PACKET,Parameters.Logon.UserName)) +
  328. (ULONGLONG)InputBuffer->Parameters.Logon.UserNameLength +
  329. (ULONGLONG)InputBuffer->Parameters.Logon.PasswordLength +
  330. (ULONGLONG)InputBuffer->Parameters.Logon.ServerNameLength +
  331. (ULONGLONG)InputBuffer->Parameters.Logon.ReplicaAddrLength) {
  332. try_return(Status = STATUS_INVALID_PARAMETER);
  333. }
  334. if ((InputBuffer->Parameters.Logon.UserNameLength % 2) ||
  335. (InputBuffer->Parameters.Logon.PasswordLength % 2) ||
  336. (InputBuffer->Parameters.Logon.ServerNameLength % 2) ||
  337. (InputBuffer->Parameters.Logon.ReplicaAddrLength % 2)) {
  338. try_return(Status = STATUS_INVALID_PARAMETER);
  339. }
  340. Logon = ALLOCATE_POOL(NonPagedPool,sizeof(LOGON));
  341. if (Logon == NULL) {
  342. try_return( Status = STATUS_INSUFFICIENT_RESOURCES );
  343. }
  344. RtlZeroMemory(Logon, sizeof(LOGON));
  345. Logon->NodeTypeCode = NW_NTC_LOGON;
  346. Logon->NodeByteSize = sizeof(LOGON);
  347. InitializeListHead( &Logon->NdsCredentialList );
  348. ExInitializeResourceLite( &Logon->CredentialListResource );
  349. Status = SetUnicodeString(&Logon->UserName,
  350. InputBuffer->Parameters.Logon.UserNameLength,
  351. InputBuffer->Parameters.Logon.UserName);
  352. if (!NT_SUCCESS(Status)) {
  353. try_return( Status );
  354. }
  355. Status = SetUnicodeString(&Logon->PassWord,
  356. InputBuffer->Parameters.Logon.PasswordLength,
  357. (PWCHAR)
  358. ((PUCHAR)InputBuffer->Parameters.Logon.UserName +
  359. InputBuffer->Parameters.Logon.UserNameLength));
  360. if (!NT_SUCCESS(Status)) {
  361. try_return( Status );
  362. }
  363. ServerName.Buffer =
  364. (PWCHAR)
  365. ((PUCHAR)InputBuffer->Parameters.Logon.UserName +
  366. InputBuffer->Parameters.Logon.UserNameLength +
  367. InputBuffer->Parameters.Logon.PasswordLength);
  368. ServerName.Length =
  369. (USHORT)InputBuffer->Parameters.Logon.ServerNameLength;
  370. ServerName.MaximumLength =
  371. (USHORT)InputBuffer->Parameters.Logon.ServerNameLength;
  372. if ( ServerName.Length &&
  373. ServerName.Buffer[0] != L'*' ) {
  374. //
  375. // Only set this as the preferred server if it's not
  376. // a default tree. Default tree requests start with a '*'.
  377. //
  378. Status = SetUnicodeString(&Logon->ServerName,
  379. ServerName.Length,
  380. ServerName.Buffer );
  381. if (!NT_SUCCESS(Status)) {
  382. try_return( Status );
  383. }
  384. }
  385. //
  386. // Store the unique userid in both unicode and large integer form
  387. // the unicode form is used as a prefix to the servername in all
  388. // paths so that each userid gets their own connection to the server.
  389. //
  390. *((PLUID)(&Logon->UserUid)) = InputBuffer->Parameters.Logon.LogonId;
  391. Logon->NwPrintOptions = InputBuffer->Parameters.Logon.PrintOption;
  392. // Save Uid for CreateScb
  393. *((PLUID)(&IrpContext->Specific.Create.UserUid)) =
  394. InputBuffer->Parameters.Logon.LogonId;
  395. if ( ServerName.Length) {
  396. FirstServerNameChar = ServerName.Buffer[0];
  397. }
  398. else {
  399. FirstServerNameChar = (WCHAR)0;
  400. }
  401. try_exit:NOTHING;
  402. } except (EXCEPTION_EXECUTE_HANDLER) {
  403. Status = GetExceptionCode();
  404. }
  405. NwAcquireExclusiveRcb( &NwRcb, TRUE );
  406. if (NT_SUCCESS(Status)) {
  407. DebugTrace( 0, Dbg, " ->UserName = %wZ\n", &Logon->UserName );
  408. DebugTrace( 0, Dbg, " ->PassWord = %wZ\n", &Logon->PassWord );
  409. if ( ServerName.Length && FirstServerNameChar == L'*' ) {
  410. DebugTrace( 0, Dbg, " ->DefaultTree = %wZ\n", &ServerName );
  411. } else {
  412. DebugTrace( 0, Dbg, " ->ServerName = %wZ\n", &Logon->ServerName );
  413. }
  414. DebugTrace( 0, Dbg, " ->UserUidHigh = %08lx\n", Logon->UserUid.HighPart);
  415. DebugTrace( 0, Dbg, " ->UserUidLow = %08lx\n", Logon->UserUid.LowPart);
  416. InsertHeadList( &LogonList, &Logon->Next );
  417. NwReleaseRcb( &NwRcb );
  418. if ( ServerName.Length &&
  419. FirstServerNameChar != L'*' ) {
  420. PSCB Scb;
  421. // See if we can login as this user.
  422. try {
  423. Status = CreateScb(
  424. &Scb,
  425. IrpContext,
  426. &ServerName,
  427. NULL,
  428. NULL,
  429. NULL,
  430. FALSE,
  431. FALSE );
  432. }
  433. except (EXCEPTION_EXECUTE_HANDLER) {
  434. Status = GetExceptionCode();
  435. }
  436. if (NT_SUCCESS(Status)) {
  437. //
  438. // CreateScb has already boosted the reference count
  439. // because this is a preferred server so it will not go
  440. // away. We need to dereference it here because there is
  441. // no handle associated with the CreateScb
  442. //
  443. NwDereferenceScb(Scb->pNpScb);
  444. }
  445. }
  446. if ( ServerName.Length &&
  447. FirstServerNameChar == L'*' ) {
  448. PSCB Scb;
  449. BOOL SetContext;
  450. UINT ContextLength;
  451. UNICODE_STRING DefaultContext;
  452. IPXaddress *ReplicaAddr;
  453. //
  454. // Ok, this is a little confusing. On Login, the provider can
  455. // specify the address of the replica that we should use to log
  456. // in. If this is the case, then we do pre-connect that replica.
  457. // Otherwise, we do the standard login to any replica. The
  458. // reason for this is that standard replica location uses the
  459. // bindery and doesn't always get us the nearest dir server.
  460. //
  461. try {
  462. if ( InputBuffer->Parameters.Logon.ReplicaAddrLength ==
  463. sizeof( TDI_ADDRESS_IPX ) ) {
  464. ReplicaAddr = (IPXaddress*)
  465. ((PUCHAR) InputBuffer->Parameters.Logon.UserName +
  466. InputBuffer->Parameters.Logon.UserNameLength +
  467. InputBuffer->Parameters.Logon.PasswordLength +
  468. InputBuffer->Parameters.Logon.ServerNameLength);
  469. ReplicaAddr->Socket = NCP_SOCKET;
  470. Status = CreateScb(
  471. &Scb,
  472. IrpContext,
  473. NULL, // anonymous create
  474. ReplicaAddr, // nearest replica add
  475. NULL, // no user name
  476. NULL, // no password
  477. TRUE, // defer the login
  478. FALSE ); // we are not deleting the connection
  479. if (NT_SUCCESS(Status)) {
  480. //
  481. // CreateScb has already boosted the reference count
  482. // because this is a preferred server so it will not go
  483. // away. We need to dereference it here because there is
  484. // no handle associated with the CreateScb
  485. //
  486. NwDereferenceScb(Scb->pNpScb);
  487. }
  488. }
  489. }
  490. except (EXCEPTION_EXECUTE_HANDLER) {
  491. Status = GetExceptionCode();
  492. }
  493. //
  494. // Set if this includes a default context.
  495. //
  496. try {
  497. ServerName.Buffer += 1;
  498. ServerName.Length -= sizeof( WCHAR );
  499. ServerName.MaximumLength -= sizeof( WCHAR );
  500. SetContext = FALSE;
  501. ContextLength = 0;
  502. while ( ContextLength < ServerName.Length / sizeof( WCHAR ) ) {
  503. if ( ServerName.Buffer[ContextLength] == L'\\' ) {
  504. SetContext = TRUE;
  505. ContextLength++;
  506. //
  507. // Skip any leading periods.
  508. //
  509. if ( ServerName.Buffer[ContextLength] == L'.' ) {
  510. DefaultContext.Buffer = &ServerName.Buffer[ContextLength + 1];
  511. ServerName.Length -= sizeof ( WCHAR ) ;
  512. ServerName.MaximumLength -= sizeof ( WCHAR );
  513. } else {
  514. DefaultContext.Buffer = &ServerName.Buffer[ContextLength];
  515. }
  516. ContextLength *= sizeof( WCHAR );
  517. DefaultContext.Length = ServerName.Length - ContextLength;
  518. DefaultContext.MaximumLength = ServerName.MaximumLength - ContextLength;
  519. ServerName.Length -= ( DefaultContext.Length + sizeof( WCHAR ) );
  520. ServerName.MaximumLength -= ( DefaultContext.Length + sizeof( WCHAR ) );
  521. }
  522. ContextLength++;
  523. }
  524. //
  525. // Verify that this context is valid before we acquire
  526. // the credentials and really set the context.
  527. //
  528. if ( SetContext ) {
  529. Status = NdsVerifyContext( IrpContext, &ServerName, &DefaultContext );
  530. if ( !NT_SUCCESS( Status )) {
  531. SetContext = FALSE;
  532. }
  533. }
  534. }
  535. except (EXCEPTION_EXECUTE_HANDLER) {
  536. Status = GetExceptionCode();
  537. SetContext = FALSE;
  538. }
  539. //
  540. // Generate the credential shell for the default tree and
  541. // set the context if appropriate.
  542. //
  543. try {
  544. Status = NdsLookupCredentials(
  545. IrpContext,
  546. &ServerName,
  547. Logon,
  548. &pNdsContext,
  549. CREDENTIAL_WRITE,
  550. TRUE );
  551. }
  552. except (EXCEPTION_EXECUTE_HANDLER) {
  553. Status = GetExceptionCode();
  554. }
  555. if ( NT_SUCCESS( Status ) ) {
  556. //
  557. // Set the context. It doesn't matter if the
  558. // credential is locked or not.
  559. //
  560. if ( SetContext ) {
  561. RtlCopyUnicodeString( &pNdsContext->CurrentContext,
  562. &DefaultContext );
  563. DebugTrace( 0, Dbg, "Default Context: %wZ\n", &DefaultContext );
  564. }
  565. NwReleaseCredList( Logon, IrpContext );
  566. //
  567. // RELAX! The credential list is free.
  568. //
  569. DebugTrace( 0, Dbg, "Default Tree: %wZ\n", &ServerName );
  570. Status = NdsCreateTreeScb( IrpContext,
  571. &Scb,
  572. &ServerName,
  573. NULL,
  574. NULL,
  575. FALSE,
  576. FALSE );
  577. if (NT_SUCCESS(Status)) {
  578. NwDereferenceScb(Scb->pNpScb);
  579. }
  580. }
  581. }
  582. //
  583. // No login requested.
  584. //
  585. } else {
  586. FreeLogon( Logon );
  587. NwReleaseRcb( &NwRcb );
  588. }
  589. DebugTrace(-1, Dbg, "Logon %lx\n", Status);
  590. return Status;
  591. }
  592. NTSTATUS
  593. Logoff(
  594. IN PIRP_CONTEXT IrpContext
  595. )
  596. /*++
  597. Routine Description:
  598. This routine sets the username back to guest and removes the password.
  599. Arguments:
  600. IN PIRP_CONTEXT IrpContext - Io Request Packet for request
  601. Return Value:
  602. NTSTATUS
  603. --*/
  604. {
  605. BOOLEAN Locked = FALSE;
  606. NTSTATUS Status = STATUS_SUCCESS;
  607. PIRP Irp = IrpContext->pOriginalIrp;
  608. PIO_STACK_LOCATION IrpSp = IoGetCurrentIrpStackLocation(Irp);
  609. PNWR_REQUEST_PACKET InputBuffer = Irp->AssociatedIrp.SystemBuffer;
  610. ULONG InputBufferLength = IrpSp->Parameters.FileSystemControl.InputBufferLength;
  611. LARGE_INTEGER User;
  612. PLOGON Logon;
  613. PAGED_CODE();
  614. DebugTrace(+1, Dbg, "Logoff...\n", 0);
  615. try {
  616. //
  617. // Check some fields in the input buffer.
  618. //
  619. if (InputBufferLength < sizeof(NWR_REQUEST_PACKET)) {
  620. try_return(Status = STATUS_BUFFER_TOO_SMALL);
  621. }
  622. if (InputBuffer->Version != REQUEST_PACKET_VERSION) {
  623. try_return(Status = STATUS_INVALID_PARAMETER);
  624. }
  625. try {
  626. *((PLUID)(&User)) = InputBuffer->Parameters.Logoff.LogonId;
  627. }
  628. except (EXCEPTION_EXECUTE_HANDLER) {
  629. try_return(Status = GetExceptionCode());
  630. }
  631. NwAcquireExclusiveRcb( &NwRcb, TRUE );
  632. Locked = TRUE;
  633. Logon = FindUser(&User, TRUE);
  634. if ( Logon != NULL ) {
  635. LARGE_INTEGER Uid = Logon->UserUid;
  636. //
  637. // We have found the right user.
  638. //
  639. ASSERT( Logon != &Guest);
  640. NwReleaseRcb( &NwRcb );
  641. Locked = FALSE;
  642. DebugTrace( 0, Dbg, " ->UserName = %wZ\n", &Logon->UserName );
  643. DebugTrace( 0, Dbg, " ->ServerName = %wZ\n", &Logon->ServerName );
  644. DebugTrace( 0, Dbg, " ->UserUidHigh = %08lx\n", Logon->UserUid.HighPart);
  645. DebugTrace( 0, Dbg, " ->UserUidLow = %08lx\n", Logon->UserUid.LowPart);
  646. //
  647. // Invalidating all the handles for this user will also cause logoffs
  648. // to all the servers in question.
  649. //
  650. NwInvalidateAllHandles(&Uid, IrpContext);
  651. NwAcquireExclusiveRcb( &NwRcb, TRUE );
  652. Locked = TRUE;
  653. Logon = FindUser(&User, TRUE);
  654. if (Logon != NULL) {
  655. RemoveEntryList( &Logon->Next );
  656. FreeLogon( Logon );
  657. } else {
  658. ASSERT( FALSE && "Double logoff!");
  659. }
  660. Status = STATUS_SUCCESS;
  661. } else {
  662. Status = STATUS_UNSUCCESSFUL;
  663. }
  664. try_exit:NOTHING;
  665. } finally {
  666. if (Locked == TRUE ) {
  667. NwReleaseRcb( &NwRcb );
  668. }
  669. }
  670. DebugTrace(-1, Dbg, "Logoff %lx\n", Status);
  671. return Status;
  672. }
  673. NTSTATUS
  674. UpdateUsersPassword(
  675. IN PUNICODE_STRING UserName,
  676. IN PUNICODE_STRING Password,
  677. OUT PLARGE_INTEGER Uid
  678. )
  679. /*++
  680. Routine Description:
  681. This routine updates the cached password for a given user.
  682. If the named user is not logged in, an error is returned.
  683. Arguments:
  684. UserName - Supplies the name of the user
  685. Password - Supplies the new password
  686. Uid - Returns the LUID of the updated user.
  687. Return Value:
  688. NTSTATUS
  689. --*/
  690. {
  691. PLOGON Logon;
  692. NTSTATUS Status;
  693. NwAcquireExclusiveRcb( &NwRcb, TRUE );
  694. Logon = FindUserByName( UserName );
  695. if ( Logon != NULL ) {
  696. if ( Logon->PassWord.Buffer != NULL ) {
  697. FREE_POOL( Logon->PassWord.Buffer );
  698. }
  699. Status = SetUnicodeString(
  700. &Logon->PassWord,
  701. Password->Length,
  702. Password->Buffer );
  703. *Uid = Logon->UserUid;
  704. } else {
  705. Status = STATUS_UNSUCCESSFUL;
  706. }
  707. NwReleaseRcb( &NwRcb );
  708. return( Status );
  709. }
  710. NTSTATUS
  711. UpdateServerPassword(
  712. PIRP_CONTEXT IrpContext,
  713. IN PUNICODE_STRING ServerName,
  714. IN PUNICODE_STRING UserName,
  715. IN PUNICODE_STRING Password,
  716. IN PLARGE_INTEGER Uid
  717. )
  718. /*++
  719. Routine Description:
  720. This routine updates the cached password for a named server connection.
  721. If the server does not exist in the server table, an error is returned.
  722. Arguments:
  723. ServerName - Supplies the name of the server
  724. UserName - Supplies the name of the user
  725. Password - Supplies the new password
  726. Uid - The LUID of the user.
  727. Return Value:
  728. NTSTATUS
  729. --*/
  730. {
  731. UNICODE_STRING UidServer;
  732. NTSTATUS Status;
  733. PUNICODE_PREFIX_TABLE_ENTRY PrefixEntry;
  734. PSCB pScb;
  735. PNONPAGED_SCB pNpScb;
  736. PVOID Buffer;
  737. Status = MakeUidServer(
  738. &UidServer,
  739. Uid,
  740. ServerName );
  741. if ( !NT_SUCCESS( Status )) {
  742. return( Status );
  743. }
  744. DebugTrace( 0, Dbg, " ->UidServer = %wZ\n", &UidServer );
  745. NwAcquireExclusiveRcb( &NwRcb, TRUE );
  746. PrefixEntry = RtlFindUnicodePrefix( &NwRcb.ServerNameTable, &UidServer, 0 );
  747. if ( PrefixEntry != NULL ) {
  748. pScb = CONTAINING_RECORD( PrefixEntry, SCB, PrefixEntry );
  749. pNpScb = pScb->pNpScb;
  750. NwReferenceScb( pNpScb );
  751. //
  752. // Release the RCB.
  753. //
  754. NwReleaseRcb( &NwRcb );
  755. } else {
  756. NwReleaseRcb( &NwRcb );
  757. FREE_POOL(UidServer.Buffer);
  758. return( STATUS_BAD_NETWORK_PATH );
  759. }
  760. IrpContext->pNpScb = pNpScb;
  761. NwAppendToQueueAndWait( IrpContext );
  762. //
  763. // Free the old username password, allocate a new one.
  764. //
  765. if ( pScb->UserName.Buffer != NULL ) {
  766. FREE_POOL( pScb->UserName.Buffer );
  767. }
  768. Buffer = ALLOCATE_POOL_EX( NonPagedPool, UserName->Length + Password->Length );
  769. pScb->UserName.Buffer = Buffer;
  770. pScb->UserName.Length = pScb->UserName.MaximumLength = UserName->Length;
  771. RtlMoveMemory( pScb->UserName.Buffer, UserName->Buffer, UserName->Length );
  772. pScb->Password.Buffer = (PWCHAR)((PCHAR)Buffer + UserName->Length);
  773. pScb->Password.Length = pScb->Password.MaximumLength = Password->Length;
  774. RtlMoveMemory( pScb->Password.Buffer, Password->Buffer, Password->Length );
  775. FREE_POOL(UidServer.Buffer);
  776. return( STATUS_SUCCESS );
  777. }