|
|
//+-----------------------------------------------------------------------
//
// Microsoft Windows
//
// Copyright (c) Microsoft Corporation 1992 - 1996
//
// File: kerbwow.cxx
//
// Contents: Code for 32-64 bit interop for the Kerberos package
//
//
// History: 25-Oct-2000 JSchwart Created
//
//------------------------------------------------------------------------
#include <kerb.hxx>
#include <kerbp.h>
#ifdef _WIN64
#ifdef DEBUG_SUPPORT
static TCHAR THIS_FILE[]=TEXT(__FILE__); #endif
#define FILENO FILENO_KERBWOW
//
// WOW versions of public Kerberos logon buffer structures. These MUST
// be kept in sync with their public counterparts!
//
typedef struct _KERB_INTERACTIVE_LOGON_WOW64 { KERB_LOGON_SUBMIT_TYPE MessageType; UNICODE_STRING_WOW64 LogonDomainName; UNICODE_STRING_WOW64 UserName; UNICODE_STRING_WOW64 Password; } KERB_INTERACTIVE_LOGON_WOW64, *PKERB_INTERACTIVE_LOGON_WOW64;
typedef struct _KERB_INTERACTIVE_UNLOCK_LOGON_WOW64 { KERB_INTERACTIVE_LOGON_WOW64 Logon; LUID LogonId; } KERB_INTERACTIVE_UNLOCK_LOGON_WOW64, *PKERB_INTERACTIVE_UNLOCK_LOGON_WOW64;
typedef struct _KERB_SMART_CARD_LOGON_WOW64 { KERB_LOGON_SUBMIT_TYPE MessageType; UNICODE_STRING_WOW64 Pin; ULONG CspDataLength; ULONG CspData; } KERB_SMART_CARD_LOGON_WOW64, *PKERB_SMART_CARD_LOGON_WOW64;
typedef struct _KERB_SMART_CARD_UNLOCK_LOGON_WOW64 { KERB_SMART_CARD_LOGON_WOW64 Logon; LUID LogonId; } KERB_SMART_CARD_UNLOCK_LOGON_WOW64, *PKERB_SMART_CARD_UNLOCK_LOGON_WOW64;
typedef struct _KERB_TICKET_LOGON_WOW64 { KERB_LOGON_SUBMIT_TYPE MessageType; ULONG Flags; ULONG ServiceTicketLength; ULONG TicketGrantingTicketLength; ULONG ServiceTicket; ULONG TicketGrantingTicket; } KERB_TICKET_LOGON_WOW64, *PKERB_TICKET_LOGON_WOW64;
typedef struct _KERB_TICKET_UNLOCK_LOGON_WOW64 { KERB_TICKET_LOGON_WOW64 Logon; LUID LogonId; } KERB_TICKET_UNLOCK_LOGON_WOW64, *PKERB_TICKET_UNLOCK_LOGON_WOW64;
//
// WOW versions of public Kerberos profile buffer structures. These MUST
// be kept in sync with their public counterparts!
//
typedef struct _KERB_INTERACTIVE_PROFILE_WOW64 { KERB_PROFILE_BUFFER_TYPE MessageType; USHORT LogonCount; USHORT BadPasswordCount; LARGE_INTEGER LogonTime; LARGE_INTEGER LogoffTime; LARGE_INTEGER KickOffTime; LARGE_INTEGER PasswordLastSet; LARGE_INTEGER PasswordCanChange; LARGE_INTEGER PasswordMustChange; UNICODE_STRING_WOW64 LogonScript; UNICODE_STRING_WOW64 HomeDirectory; UNICODE_STRING_WOW64 FullName; UNICODE_STRING_WOW64 ProfilePath; UNICODE_STRING_WOW64 HomeDirectoryDrive; UNICODE_STRING_WOW64 LogonServer; ULONG UserFlags; } KERB_INTERACTIVE_PROFILE_WOW64, *PKERB_INTERACTIVE_PROFILE_WOW64;
typedef struct _KERB_SMART_CARD_PROFILE_WOW64 { KERB_INTERACTIVE_PROFILE_WOW64 Profile; ULONG CertificateSize; ULONG CertificateData; } KERB_SMART_CARD_PROFILE_WOW64, *PKERB_SMART_CARD_PROFILE_WOW64;
typedef struct KERB_CRYPTO_KEY_WOW64 { LONG KeyType; ULONG Length; ULONG Value; } KERB_CRYPTO_KEY_WOW64, *PKERB_CRYPTO_KEY_WOW64;
typedef struct _KERB_TICKET_PROFILE_WOW64 { KERB_INTERACTIVE_PROFILE_WOW64 Profile; KERB_CRYPTO_KEY_WOW64 SessionKey; } KERB_TICKET_PROFILE_WOW64, *PKERB_TICKET_PROFILE_WOW64;
typedef struct _KERB_INTERNAL_NAME_WOW64 { SHORT NameType; USHORT NameCount; UNICODE_STRING_WOW64 Names[ANYSIZE_ARRAY]; } KERB_INTERNAL_NAME_WOW64, *PKERB_INTERNAL_NAME_WOW64;
typedef struct _KERB_EXTERNAL_NAME_WOW64 { SHORT NameType; USHORT NameCount; UNICODE_STRING_WOW64 Names[ANYSIZE_ARRAY]; } KERB_EXTERNAL_NAME_WOW64, *PKERB_EXTERNAL_NAME_WOW64;
typedef struct _KERB_EXTERNAL_TICKET_WOW64 { ULONG ServiceName; ULONG TargetName; ULONG ClientName; UNICODE_STRING_WOW64 DomainName; UNICODE_STRING_WOW64 TargetDomainName; UNICODE_STRING_WOW64 AltTargetDomainName; KERB_CRYPTO_KEY_WOW64 SessionKey; ULONG TicketFlags; ULONG Flags; LARGE_INTEGER StartTime; LARGE_INTEGER EndTime; LARGE_INTEGER RenewUntil; LARGE_INTEGER TimeSkew; ULONG EncodedTicketSize; ULONG EncodedTicket; } KERB_EXTERNAL_TICKET_WOW64, *PKERB_EXTERNAL_TICKET_WOW64;
#if 0
typedef struct _KERB_EXTERNAL_TICKET_EX_WOW64 { PKERB_EXTERNAL_NAME_WOW64 ClientName; PKERB_EXTERNAL_NAME_WOW64 ServiceName; PKERB_EXTERNAL_NAME_WOW64 TargetName; UNICODE_STRING_WOW64 ClientRealm; UNICODE_STRING_WOW64 ServiceRealm; UNICODE_STRING_WOW64 TargetDomainName; UNICODE_STRING_WOW64 AltTargetDomainName; KERB_CRYPTO_KEY_WOW64 SessionKey; ULONG TicketFlags; ULONG Flags; LARGE_INTEGER StartTime; LARGE_INTEGER EndTime; LARGE_INTEGER RenewUntil; LARGE_INTEGER TimeSkew; PKERB_NET_ADDRESSES TicketAddresses; PKERB_AUTH_DATA AuthorizationData; _KERB_EXTERNAL_TICKET_EX_WOW64 * SecondTicket; ULONG EncodedTicketSize; PUCHAR EncodedTicket; } KERB_EXTERNAL_TICKET_EX_WOW64, *PKERB_EXTERNAL_TICKET_EX_WOW64; #endif // 0
#define RELOCATE_WOW_UNICODE_STRING(WOWString, NativeString, Offset) \
NativeString.Length = WOWString.Length; \ NativeString.MaximumLength = WOWString.MaximumLength; \ NativeString.Buffer = (LPWSTR) ((LPBYTE) UlongToPtr(WOWString.Buffer) + Offset);
//+-------------------------------------------------------------------------
//
// Function: KerbPutWOWString
//
// Synopsis: Copies a UNICODE_STRING into a buffer
//
// Effects:
//
// Arguments: InputString - String to 'put'
// OutputString - Receives 'put' string
// Offset - Difference in addresses of local and client buffers.
// Where - Location in local buffer to place string.
//
// Requires:
//
// Returns:
//
// Notes: This code is (effectively) duplicated in
// KerbPutString. Make sure any changes
// made here are applied there as well.
//
//--------------------------------------------------------------------------
VOID KerbPutWOWString( IN PUNICODE_STRING InputString, OUT PUNICODE_STRING_WOW64 OutputString, IN LONG_PTR Offset, IN OUT PBYTE * Where ) { OutputString->Length = OutputString->MaximumLength = InputString->Length; OutputString->Buffer = PtrToUlong (*Where + Offset); RtlCopyMemory( *Where, InputString->Buffer, InputString->Length ); *Where += InputString->Length; }
//+-------------------------------------------------------------------------
//
// Function: KerbPutWOWKdcName
//
// Synopsis: Copies a Kdc name to a buffer
//
// Effects:
//
// Arguments:
//
// Requires:
//
// Returns:
//
// Notes: This code is (effectively) duplicated in
// KerbPutKdcName. Make sure any changes
// made here are applied there as well.
//
//--------------------------------------------------------------------------
VOID KerbPutWOWKdcName( IN PKERB_INTERNAL_NAME InputName, OUT PULONG OutputName, IN LONG_PTR Offset, IN OUT PBYTE * Where ) { ULONG Index; PKERB_INTERNAL_NAME_WOW64 LocalName = (PKERB_INTERNAL_NAME_WOW64) *Where;
if (!ARGUMENT_PRESENT(InputName)) { *OutputName = NULL; return; }
*Where += sizeof(KERB_INTERNAL_NAME_WOW64) - sizeof(UNICODE_STRING_WOW64) + InputName->NameCount * sizeof(UNICODE_STRING_WOW64);
LocalName->NameType = InputName->NameType; LocalName->NameCount = InputName->NameCount;
for (Index = 0; Index < InputName->NameCount ; Index++ ) { LocalName->Names[Index].Length = LocalName->Names[Index].MaximumLength = InputName->Names[Index].Length;
LocalName->Names[Index].Buffer = PtrToUlong(*Where + Offset);
RtlCopyMemory(*Where, InputName->Names[Index].Buffer, InputName->Names[Index].Length);
*Where += InputName->Names[Index].Length; }
*Where = (PBYTE) ROUND_UP_POINTER(*Where, sizeof(ULONG));
*OutputName = PtrToUlong((PBYTE) LocalName + Offset); }
//+-------------------------------------------------------------------------
//
// Function: KerbPutKdcNameAsWOWString
//
// Synopsis: Copies a KERB_INTERNAL_NAME into a buffer
//
// Effects:
//
// Arguments: InputString - String to 'put'
// OutputString - Receives 'put' string
// Offset - Difference in addresses of local and client buffers.
// Where - Location in local buffer to place string.
//
// Requires:
//
// Returns:
//
// Notes: This code is (effectively) duplicated in
// KerbPutKdcNameAsString. Make sure any
// changes made here are applied there as well.
//
//--------------------------------------------------------------------------
VOID KerbPutKdcNameAsWOWString( IN PKERB_INTERNAL_NAME InputName, OUT PUNICODE_STRING_WOW64 OutputName, IN LONG_PTR Offset, IN OUT PBYTE * Where ) { USHORT Index;
OutputName->Buffer = PtrToUlong (*Where + Offset); OutputName->Length = 0; OutputName->MaximumLength = 0;
for (Index = 0; Index < InputName->NameCount ; Index++ ) { RtlCopyMemory( *Where, InputName->Names[Index].Buffer, InputName->Names[Index].Length ); *Where += InputName->Names[Index].Length; OutputName->Length = OutputName->Length + InputName->Names[Index].Length; if (Index == (InputName->NameCount - 1)) { *((LPWSTR) *Where) = L'\0'; OutputName->MaximumLength = OutputName->Length + sizeof(WCHAR); } else { *((LPWSTR) *Where) = L'/'; OutputName->Length += sizeof(WCHAR); } *Where += sizeof(WCHAR); } }
//+-------------------------------------------------------------------------
//
// Function: KerbPutWOWClientString
//
// Synopsis: Copies a string into a buffer that will be copied to the
// 32-bit client's address space
//
// Effects:
//
// Arguments: Where - Location in local buffer to place string.
// Delta - Difference in addresses of local and client buffers.
// OutString - Receives 'put' string
// InString - String to 'put'
//
// Requires:
//
// Returns:
//
// Notes: This code is (effectively) duplicated in
// KerbPutClientString. Make sure any changes
// made here are applied there as well.
//
//--------------------------------------------------------------------------
VOID KerbPutWOWClientString( IN OUT PUCHAR * Where, IN LONG_PTR Delta, IN PUNICODE_STRING_WOW64 OutString, IN PUNICODE_STRING InString ) { if (InString->Length == 0) { OutString->Buffer = 0; OutString->Length = OutString->MaximumLength = 0; } else { RtlCopyMemory(*Where, InString->Buffer, InString->Length);
OutString->Buffer = PtrToUlong(*Where + Delta); OutString->Length = InString->Length; *Where += InString->Length; *(LPWSTR) (*Where) = L'\0'; *Where += sizeof(WCHAR); OutString->MaximumLength = OutString->Length + sizeof(WCHAR); } }
//+-------------------------------------------------------------------------
//
// Function: KerbWOWNameLength
//
// Synopsis: returns length in bytes of variable portion
// of KERB_INTERNAL_NAME
//
// Effects:
//
// Arguments:
//
// Requires:
//
// Returns:
//
// Notes: This code is (effectively) duplicated in
// KerbNameLength. Make sure any changes
// made here are applied there as well.
//
//--------------------------------------------------------------------------
ULONG KerbWOWNameLength( IN PKERB_INTERNAL_NAME Name ) { ULONG Length = 0; ULONG Index;
if (!ARGUMENT_PRESENT(Name)) { return 0; }
Length = sizeof(KERB_INTERNAL_NAME_WOW64) - sizeof(UNICODE_STRING_WOW64) + Name->NameCount * sizeof(UNICODE_STRING_WOW64);
for (Index = 0; Index < Name->NameCount ;Index++ ) { Length += Name->Names[Index].Length; }
Length = ROUND_UP_COUNT(Length, sizeof(ULONG));
return Length; }
//+-------------------------------------------------------------------------
//
// Function: KerbConvertWOWLogonBuffer
//
// Synopsis: Converts logon buffers passed in from WOW clients to 64-bit
//
// Effects:
//
// Arguments: ProtocolSubmitBuffer -- original 32-bit logon buffer
// pSubmitBufferSize -- size of the 32-bit logon buffer
// MessageType -- format of the logon buffer
// ppTempSubmitBuffer -- filled in with the converted buffer
//
// Requires:
//
// Returns:
//
// Notes: This routine allocates the converted buffer and returns it
// on success. It is the caller's responsibility to free it.
//
//
//--------------------------------------------------------------------------
NTSTATUS KerbConvertWOWLogonBuffer( IN PVOID ProtocolSubmitBuffer, IN PVOID ClientBufferBase, IN OUT PULONG pSubmitBufferSize, IN KERB_LOGON_SUBMIT_TYPE MessageType, OUT PVOID *ppTempSubmitBuffer ) { NTSTATUS Status = STATUS_SUCCESS; PVOID pTempBuffer = NULL; ULONG dwBufferSize = *pSubmitBufferSize;
switch (MessageType) { case KerbInteractiveLogon: case KerbWorkstationUnlockLogon: { PKERB_INTERACTIVE_LOGON Logon; PKERB_INTERACTIVE_LOGON_WOW64 LogonWOW; DWORD dwOffset; DWORD dwWOWOffset;
//
// Scale up the size and add on 3 PVOIDs for the worst-case
// scenario to align the three embedded UNICODE_STRINGs
//
dwBufferSize += sizeof(KERB_INTERACTIVE_LOGON) - sizeof(KERB_INTERACTIVE_LOGON_WOW64);
if (dwBufferSize < sizeof(KERB_INTERACTIVE_LOGON)) { DebugLog((DEB_ERROR, "Submit buffer to logon too small: %d. %ws, line %d\n", dwBufferSize, THIS_FILE, __LINE__));
Status = STATUS_INVALID_PARAMETER; goto Cleanup; }
pTempBuffer = KerbAllocate(dwBufferSize);
if (pTempBuffer == NULL) { Status = STATUS_INSUFFICIENT_RESOURCES; goto Cleanup; }
Logon = (PKERB_INTERACTIVE_LOGON) pTempBuffer; LogonWOW = (PKERB_INTERACTIVE_LOGON_WOW64) ProtocolSubmitBuffer;
Logon->MessageType = LogonWOW->MessageType;
dwOffset = sizeof(KERB_INTERACTIVE_LOGON); dwWOWOffset = sizeof(KERB_INTERACTIVE_LOGON_WOW64);
if (MessageType == KerbWorkstationUnlockLogon) { if (dwBufferSize < sizeof(KERB_INTERACTIVE_UNLOCK_LOGON)) { DebugLog((DEB_ERROR, "Submit buffer to logon too small: %d. %ws, line %d\n", dwBufferSize, THIS_FILE, __LINE__));
Status = STATUS_INVALID_PARAMETER; goto Cleanup; }
//
// One additional field for this type (a LUID)
//
PKERB_INTERACTIVE_UNLOCK_LOGON Unlock; PKERB_INTERACTIVE_UNLOCK_LOGON_WOW64 UnlockWOW;
Unlock = (PKERB_INTERACTIVE_UNLOCK_LOGON) pTempBuffer; UnlockWOW = (PKERB_INTERACTIVE_UNLOCK_LOGON_WOW64) ProtocolSubmitBuffer;
Unlock->LogonId = UnlockWOW->LogonId;
dwOffset = sizeof(KERB_INTERACTIVE_UNLOCK_LOGON); dwWOWOffset = sizeof(KERB_INTERACTIVE_UNLOCK_LOGON_WOW64); }
//
// Copy the variable-length data
//
RtlCopyMemory((LPBYTE) Logon + dwOffset, (LPBYTE) LogonWOW + dwWOWOffset, *pSubmitBufferSize - dwWOWOffset);
//
// Set up the pointers in the native struct
//
RELOCATE_WOW_UNICODE_STRING(LogonWOW->LogonDomainName, Logon->LogonDomainName, dwOffset - dwWOWOffset);
RELOCATE_WOW_UNICODE_STRING(LogonWOW->UserName, Logon->UserName, dwOffset - dwWOWOffset);
RELOCATE_WOW_UNICODE_STRING(LogonWOW->Password, Logon->Password, dwOffset - dwWOWOffset);
break; }
case KerbSmartCardLogon: case KerbSmartCardUnlockLogon: { PKERB_SMART_CARD_LOGON Logon; PKERB_SMART_CARD_LOGON_WOW64 LogonWOW; DWORD dwOffset; DWORD dwWOWOffset;
//
// Scale up the size and add on 2 PVOIDs for the worst-case
// scenario to align the embedded UNICODE_STRING and CspData
//
dwBufferSize += sizeof(KERB_SMART_CARD_LOGON) - sizeof(KERB_SMART_CARD_LOGON_WOW64);
if (dwBufferSize < sizeof(KERB_SMART_CARD_LOGON)) { DebugLog((DEB_ERROR, "Submit buffer to logon too small: %d. %ws, line %d\n", dwBufferSize, THIS_FILE, __LINE__));
Status = STATUS_INVALID_PARAMETER; goto Cleanup; }
pTempBuffer = KerbAllocate(dwBufferSize);
if (pTempBuffer == NULL) { Status = STATUS_INSUFFICIENT_RESOURCES; goto Cleanup; }
Logon = (PKERB_SMART_CARD_LOGON) pTempBuffer; LogonWOW = (PKERB_SMART_CARD_LOGON_WOW64) ProtocolSubmitBuffer;
Logon->MessageType = LogonWOW->MessageType; Logon->CspDataLength = LogonWOW->CspDataLength;
dwOffset = sizeof(KERB_SMART_CARD_LOGON); dwWOWOffset = sizeof(KERB_SMART_CARD_LOGON_WOW64);
if (MessageType == KerbSmartCardUnlockLogon) { if (dwBufferSize < sizeof(KERB_SMART_CARD_UNLOCK_LOGON)) { DebugLog((DEB_ERROR, "Submit buffer to logon too small: %d. %ws, line %d\n", dwBufferSize, THIS_FILE, __LINE__));
Status = STATUS_INVALID_PARAMETER; goto Cleanup; }
//
// One additional field for this type (a LUID)
//
PKERB_SMART_CARD_UNLOCK_LOGON Unlock; PKERB_SMART_CARD_UNLOCK_LOGON_WOW64 UnlockWOW;
Unlock = (PKERB_SMART_CARD_UNLOCK_LOGON) pTempBuffer; UnlockWOW = (PKERB_SMART_CARD_UNLOCK_LOGON_WOW64) ProtocolSubmitBuffer;
Unlock->LogonId = UnlockWOW->LogonId;
dwOffset = sizeof(KERB_SMART_CARD_UNLOCK_LOGON); dwWOWOffset = sizeof(KERB_SMART_CARD_UNLOCK_LOGON_WOW64); }
//
// Copy the variable-length data
//
RtlCopyMemory((LPBYTE) Logon + dwOffset, (LPBYTE) LogonWOW + dwWOWOffset, *pSubmitBufferSize - dwWOWOffset);
//
// Set up the pointers in the native struct
//
RELOCATE_WOW_UNICODE_STRING(LogonWOW->Pin, Logon->Pin, dwOffset - dwWOWOffset);
Logon->CspData = (PUCHAR) ((LPBYTE) UlongToPtr(LogonWOW->CspData) + (dwOffset - dwWOWOffset));
break; }
case KerbTicketLogon: case KerbTicketUnlockLogon: { PKERB_TICKET_LOGON Logon; PKERB_TICKET_LOGON_WOW64 LogonWOW; DWORD dwOffset; DWORD dwWOWOffset;
//
// Scale up the size and add on 2 PVOIDs for the worst-case
// scenario to align the two embedded pointers
//
dwBufferSize += sizeof(KERB_TICKET_LOGON) - sizeof(KERB_TICKET_LOGON_WOW64);
if (dwBufferSize < sizeof(KERB_TICKET_LOGON)) { DebugLog((DEB_ERROR, "Submit buffer to logon too small: %d. %ws, line %d\n", dwBufferSize, THIS_FILE, __LINE__));
Status = STATUS_INVALID_PARAMETER; goto Cleanup; }
pTempBuffer = KerbAllocate(dwBufferSize);
if (pTempBuffer == NULL) { Status = STATUS_INSUFFICIENT_RESOURCES; goto Cleanup; }
Logon = (PKERB_TICKET_LOGON) pTempBuffer; LogonWOW = (PKERB_TICKET_LOGON_WOW64) ProtocolSubmitBuffer;
Logon->MessageType = LogonWOW->MessageType; Logon->Flags = LogonWOW->Flags; Logon->ServiceTicketLength = LogonWOW->ServiceTicketLength; Logon->TicketGrantingTicketLength = LogonWOW->TicketGrantingTicketLength;
dwOffset = sizeof(KERB_TICKET_LOGON); dwWOWOffset = sizeof(KERB_TICKET_LOGON_WOW64);
if (MessageType == KerbTicketUnlockLogon) { if (dwBufferSize < sizeof(KERB_TICKET_UNLOCK_LOGON)) { DebugLog((DEB_ERROR, "Submit buffer to logon too small: %d. %ws, line %d\n", dwBufferSize, THIS_FILE, __LINE__));
Status = STATUS_INVALID_PARAMETER; goto Cleanup; }
//
// One additional field for this type (a LUID)
//
PKERB_TICKET_UNLOCK_LOGON Unlock; PKERB_TICKET_UNLOCK_LOGON_WOW64 UnlockWOW;
Unlock = (PKERB_TICKET_UNLOCK_LOGON) pTempBuffer; UnlockWOW = (PKERB_TICKET_UNLOCK_LOGON_WOW64) ProtocolSubmitBuffer;
Unlock->LogonId = UnlockWOW->LogonId;
dwOffset = sizeof(KERB_TICKET_UNLOCK_LOGON); dwWOWOffset = sizeof(KERB_TICKET_UNLOCK_LOGON_WOW64); }
//
// Copy the variable-length data
//
RtlCopyMemory((LPBYTE) Logon + dwOffset, (LPBYTE) LogonWOW + dwWOWOffset, *pSubmitBufferSize - dwWOWOffset);
//
// Set up the pointers in the native struct
//
Logon->ServiceTicket = (PUCHAR) ((LPBYTE) UlongToPtr(LogonWOW->ServiceTicket) + (dwOffset - dwWOWOffset));
Logon->TicketGrantingTicket = (PUCHAR) ((LPBYTE) UlongToPtr(LogonWOW->TicketGrantingTicket) + (dwOffset - dwWOWOffset));
break; }
default:
DebugLog((DEB_ERROR, "Invalid info class to logon: %d. %ws, line %d\n", MessageType, THIS_FILE, __LINE__));
Status = STATUS_INVALID_INFO_CLASS; goto Cleanup; }
*pSubmitBufferSize = dwBufferSize; *ppTempSubmitBuffer = pTempBuffer;
return STATUS_SUCCESS;
Cleanup:
ASSERT(!NT_SUCCESS(Status));
if (pTempBuffer) { KerbFree(pTempBuffer); }
return Status; }
//+-------------------------------------------------------------------------
//
// Function: KerbAllocateInteractiveWOWProfile
//
// Synopsis: This allocates and fills in the interactive profile for
// a WOW64 client.
//
// Effects:
//
// Arguments:
//
// Requires:
//
// Returns: STATUS_SUCCESS or STATUS_INSUFFICIENT_RESOURCES
//
// Notes: This code is (effectively) duplicated in
// KerbAllocateInteractiveBuffer. Make sure any
// changes made here are applied there as well.
//
//--------------------------------------------------------------------------
NTSTATUS KerbAllocateInteractiveWOWBuffer( OUT PKERB_INTERACTIVE_PROFILE *ProfileBuffer, OUT PULONG ProfileBufferSize, IN PNETLOGON_VALIDATION_SAM_INFO3 UserInfo, IN PKERB_LOGON_SESSION LogonSession, IN OPTIONAL PKERB_ENCRYPTED_TICKET LogonTicket, IN OPTIONAL PKERB_INTERACTIVE_LOGON KerbLogonInfo, IN PUCHAR *pClientBufferBase, IN BOOLEAN BuildSmartCardProfile, IN BOOLEAN BuildTicketProfile ) { NTSTATUS Status = STATUS_SUCCESS; PKERB_INTERACTIVE_PROFILE_WOW64 LocalProfileBuffer = NULL; PKERB_SMART_CARD_PROFILE_WOW64 SmartCardProfile = NULL; PKERB_TICKET_PROFILE_WOW64 TicketProfile = NULL; LONG_PTR Delta = 0; PUCHAR Where = NULL;
if (BuildSmartCardProfile) { *ProfileBufferSize = sizeof(KERB_SMART_CARD_PROFILE_WOW64) + LogonSession->PrimaryCredentials.PublicKeyCreds->CertContext->cbCertEncoded; } else if (BuildTicketProfile) { *ProfileBufferSize = sizeof(KERB_TICKET_PROFILE_WOW64) + LogonTicket->key.keyvalue.length; } else { *ProfileBufferSize = sizeof(KERB_INTERACTIVE_PROFILE_WOW64); }
*ProfileBufferSize += UserInfo->LogonScript.Length + sizeof(WCHAR) + UserInfo->HomeDirectory.Length + sizeof(WCHAR) + UserInfo->HomeDirectoryDrive.Length + sizeof(WCHAR) + UserInfo->FullName.Length + sizeof(WCHAR) + UserInfo->ProfilePath.Length + sizeof(WCHAR) + UserInfo->LogonServer.Length + sizeof(WCHAR);
LocalProfileBuffer = (PKERB_INTERACTIVE_PROFILE_WOW64) KerbAllocate(*ProfileBufferSize);
if (LocalProfileBuffer == NULL) { Status = STATUS_INSUFFICIENT_RESOURCES; goto Cleanup; }
Status = LsaFunctions->AllocateClientBuffer( NULL, *ProfileBufferSize, (PVOID *) pClientBufferBase );
if ( !NT_SUCCESS( Status ) ) { goto Cleanup; }
Delta = (LONG_PTR) (*pClientBufferBase - (PUCHAR) LocalProfileBuffer) ;
//
// Don't walk over smart card data
//
if (BuildSmartCardProfile) { Where = (PUCHAR) ((PKERB_SMART_CARD_PROFILE_WOW64) LocalProfileBuffer + 1); } else if (BuildTicketProfile) { Where = (PUCHAR) ((PKERB_TICKET_PROFILE_WOW64) LocalProfileBuffer + 1); } else { Where = (PUCHAR) (LocalProfileBuffer + 1); }
//
// Copy the scalar fields into the profile buffer.
//
LocalProfileBuffer->MessageType = KerbInteractiveProfile; LocalProfileBuffer->LogonCount = UserInfo->LogonCount; LocalProfileBuffer->BadPasswordCount= UserInfo->BadPasswordCount; OLD_TO_NEW_LARGE_INTEGER( UserInfo->LogonTime, LocalProfileBuffer->LogonTime ); OLD_TO_NEW_LARGE_INTEGER( UserInfo->LogoffTime, LocalProfileBuffer->LogoffTime ); OLD_TO_NEW_LARGE_INTEGER( UserInfo->KickOffTime, LocalProfileBuffer->KickOffTime ); OLD_TO_NEW_LARGE_INTEGER( UserInfo->PasswordLastSet, LocalProfileBuffer->PasswordLastSet ); OLD_TO_NEW_LARGE_INTEGER( UserInfo->PasswordCanChange, LocalProfileBuffer->PasswordCanChange ); OLD_TO_NEW_LARGE_INTEGER( UserInfo->PasswordMustChange, LocalProfileBuffer->PasswordMustChange ); LocalProfileBuffer->UserFlags = UserInfo->UserFlags;
//
// Copy the Unicode strings into the profile buffer.
//
KerbPutWOWClientString(&Where, Delta, &LocalProfileBuffer->LogonScript, &UserInfo->LogonScript );
KerbPutWOWClientString(&Where, Delta, &LocalProfileBuffer->HomeDirectory, &UserInfo->HomeDirectory );
KerbPutWOWClientString(&Where, Delta, &LocalProfileBuffer->HomeDirectoryDrive, &UserInfo->HomeDirectoryDrive );
KerbPutWOWClientString(&Where, Delta, &LocalProfileBuffer->FullName, &UserInfo->FullName );
KerbPutWOWClientString(&Where, Delta, &LocalProfileBuffer->ProfilePath, &UserInfo->ProfilePath );
KerbPutWOWClientString(&Where, Delta, &LocalProfileBuffer->LogonServer, &UserInfo->LogonServer );
if (BuildSmartCardProfile) { LocalProfileBuffer->MessageType = KerbSmartCardProfile; SmartCardProfile = (PKERB_SMART_CARD_PROFILE_WOW64) LocalProfileBuffer; SmartCardProfile->CertificateSize = LogonSession->PrimaryCredentials.PublicKeyCreds->CertContext->cbCertEncoded; SmartCardProfile->CertificateData = PtrToUlong(Where + Delta);
RtlCopyMemory(Where, LogonSession->PrimaryCredentials.PublicKeyCreds->CertContext->pbCertEncoded, SmartCardProfile->CertificateSize);
Where += SmartCardProfile->CertificateSize; } else if (BuildTicketProfile) { LocalProfileBuffer->MessageType = KerbTicketProfile; TicketProfile = (PKERB_TICKET_PROFILE_WOW64) LocalProfileBuffer;
TicketProfile->SessionKey.KeyType = LogonTicket->key.keytype; TicketProfile->SessionKey.Length = LogonTicket->key.keyvalue.length; TicketProfile->SessionKey.Value = PtrToUlong(Where + Delta);
RtlCopyMemory(Where, LogonTicket->key.keyvalue.value, LogonTicket->key.keyvalue.length);
Where += TicketProfile->SessionKey.Length; }
Cleanup:
if (!NT_SUCCESS(Status)) { LsaFunctions->FreeClientBuffer(NULL, *pClientBufferBase);
if (LocalProfileBuffer != NULL) { KerbFree(LocalProfileBuffer); } } else { *ProfileBuffer = (PKERB_INTERACTIVE_PROFILE) LocalProfileBuffer; }
return Status;
}
//+-------------------------------------------------------------------------
//
// Function: KerbPackExternalWOWTicket
//
// Synopsis: This allocates and fills in the external ticket for
// a WOW64 client.
//
// Effects:
//
// Arguments:
//
// Requires:
//
// Returns: STATUS_SUCCESS or STATUS_INSUFFICIENT_RESOURCES
//
// Notes: This code is (effectively) duplicated in
// KerbPackExternalTicket. Make sure any
// changes made here are applied there as well.
//
//--------------------------------------------------------------------------
NTSTATUS KerbPackExternalWOWTicket( IN PKERB_TICKET_CACHE_ENTRY pCacheEntry, IN PKERB_MESSAGE_BUFFER pEncodedTicket, OUT PKERB_EXTERNAL_TICKET *pTicketResponse, OUT PBYTE *pClientTicketResponse, OUT PULONG pTicketSize ) { PKERB_EXTERNAL_TICKET_WOW64 TicketResponseWOW = NULL; PBYTE ClientTicketResponseWOW = NULL; ULONG ulTicketSize; ULONG Offset; PUCHAR Where; NTSTATUS Status;
ulTicketSize = sizeof(KERB_EXTERNAL_TICKET_WOW64) + pCacheEntry->DomainName.Length + pCacheEntry->TargetDomainName.Length + pCacheEntry->ClientDomainName.Length + pCacheEntry->SessionKey.keyvalue.length + KerbWOWNameLength(pCacheEntry->ServiceName) + KerbWOWNameLength(pCacheEntry->TargetName) + KerbWOWNameLength(pCacheEntry->ClientName) + pEncodedTicket->BufferSize;
//
// Now allocate two copies of the structure - one in our process,
// one in the client's process. We then build the structure in our
// process but with pointer valid in the client's process
//
TicketResponseWOW = (PKERB_EXTERNAL_TICKET_WOW64) KerbAllocate(ulTicketSize);
if (TicketResponseWOW == NULL) { Status = STATUS_INSUFFICIENT_RESOURCES; goto Cleanup; }
Status = LsaFunctions->AllocateClientBuffer(NULL, ulTicketSize, (PVOID *) &ClientTicketResponseWOW);
if (!NT_SUCCESS(Status)) { goto Cleanup; }
Offset = (ULONG) (ClientTicketResponseWOW - (PBYTE) TicketResponseWOW);
Where = ((PUCHAR) (TicketResponseWOW + 1));
//
// Copy the non-pointer fields
//
TicketResponseWOW->TicketFlags = pCacheEntry->TicketFlags; TicketResponseWOW->Flags = 0; TicketResponseWOW->StartTime = pCacheEntry->StartTime; TicketResponseWOW->EndTime = pCacheEntry->EndTime; TicketResponseWOW->RenewUntil = pCacheEntry->RenewUntil; TicketResponseWOW->TimeSkew = pCacheEntry->TimeSkew; TicketResponseWOW->SessionKey.KeyType = pCacheEntry->SessionKey.keytype;
//
// Copy the structure to the client's address space
//
//
// These are 32-bit PVOID (i.e., ULONG) aligned
//
//
// Make sure the two name types are the same
//
DsysAssert(sizeof(KERB_INTERNAL_NAME_WOW64) == sizeof(KERB_EXTERNAL_NAME_WOW64)); DsysAssert(FIELD_OFFSET(KERB_INTERNAL_NAME_WOW64,NameType) == FIELD_OFFSET(KERB_EXTERNAL_NAME_WOW64,NameType)); DsysAssert(FIELD_OFFSET(KERB_INTERNAL_NAME_WOW64,NameCount) == FIELD_OFFSET(KERB_EXTERNAL_NAME_WOW64,NameCount)); DsysAssert(FIELD_OFFSET(KERB_INTERNAL_NAME_WOW64,Names) == FIELD_OFFSET(KERB_EXTERNAL_NAME_WOW64,Names));
KerbPutWOWKdcName(pCacheEntry->ServiceName, &TicketResponseWOW->ServiceName, Offset, &Where);
KerbPutWOWKdcName(pCacheEntry->TargetName, &TicketResponseWOW->TargetName, Offset, &Where);
KerbPutWOWKdcName(pCacheEntry->ClientName, &TicketResponseWOW->ClientName, Offset, &Where);
//
// From here on, they are WCHAR aligned
//
KerbPutWOWString(&pCacheEntry->DomainName, &TicketResponseWOW->DomainName, Offset, &Where);
KerbPutWOWString(&pCacheEntry->TargetDomainName, &TicketResponseWOW->TargetDomainName, Offset, &Where);
KerbPutWOWString(&pCacheEntry->ClientDomainName, // bug # 488056
&TicketResponseWOW->AltTargetDomainName, Offset, &Where);
//
// And from here they are BYTE aligned
//
TicketResponseWOW->SessionKey.Value = PtrToUlong(Where + Offset);
RtlCopyMemory(Where, pCacheEntry->SessionKey.keyvalue.value, pCacheEntry->SessionKey.keyvalue.length);
Where += pCacheEntry->SessionKey.keyvalue.length;
TicketResponseWOW->SessionKey.Length = pCacheEntry->SessionKey.keyvalue.length;
TicketResponseWOW->EncodedTicketSize = pEncodedTicket->BufferSize; TicketResponseWOW->EncodedTicket = PtrToUlong(Where + Offset);
RtlCopyMemory(Where, pEncodedTicket->Buffer, pEncodedTicket->BufferSize);
Where += pEncodedTicket->BufferSize;
DsysAssert(Where - ((PUCHAR) TicketResponseWOW) == (LONG_PTR) ulTicketSize);
*pTicketResponse = (PKERB_EXTERNAL_TICKET) TicketResponseWOW; *pClientTicketResponse = ClientTicketResponseWOW; *pTicketSize = ulTicketSize;
return STATUS_SUCCESS;
Cleanup:
if (TicketResponseWOW != NULL) { KerbFree(TicketResponseWOW); }
if (ClientTicketResponseWOW != NULL) { LsaFunctions->FreeClientBuffer(NULL, ClientTicketResponseWOW); }
*pTicketResponse = NULL; *pClientTicketResponse = NULL; *pTicketSize = 0;
return Status; }
#endif // _WIN64
|