archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 7b07a90fc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7b07a90fc1'
${ noResults }
windows-server-2003/ds/security/protocols/kerberos/client2/tktlogon.cxx

358 lines
9.6 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. //+-----------------------------------------------------------------------
  2. //
  3. // Microsoft Windows
  4. //
  5. // Copyright (c) Microsoft Corporation 1992 - 1999
  6. //
  7. // File: tktlogon.cxx
  8. //
  9. // Contents: Code for proxy logon for the Kerberos package
  10. //
  11. //
  12. // History: 15-March Created MikeSw
  13. //
  14. //------------------------------------------------------------------------
  15. #include <kerb.hxx>
  16. #include <kerbp.h>
  18. #ifdef RETAIL_LOG_SUPPORT
  19. static TCHAR THIS_FILE[]=TEXT(__FILE__);
  20. #endif
  22. //+-------------------------------------------------------------------------
  23. //
  24. // Function: KerbCreateTicketLogonSession
  25. //
  26. // Synopsis: Does all the work for a ticket logon, removing it from
  27. // LsaApLogonUserEx2
  28. //
  29. // Effects:
  30. //
  31. // Arguments: WorkstationTicket - ticket to workstation. The ticket
  32. // cache entry is pretty much empty except for
  33. // the ticket, and is not linked
  34. // ForwardedTgt - receives pointers into the Protocol
  35. // SubmitBuffer to the forwarded TGT.
  36. //
  37. // Requires:
  38. //
  39. // Returns:
  40. //
  41. // Notes:
  42. //
  43. //
  44. //--------------------------------------------------------------------------
  46. NTSTATUS
  47. KerbCreateTicketLogonSession(
  48. IN PVOID ProtocolSubmitBuffer,
  49. IN PVOID ClientBufferBase,
  50. IN ULONG SubmitBufferSize,
  51. IN SECURITY_LOGON_TYPE LogonType,
  52. OUT PKERB_LOGON_SESSION * NewLogonSession,
  53. OUT PLUID LogonId,
  54. OUT PKERB_TICKET_CACHE_ENTRY * WorkstationTicket,
  55. OUT PKERB_MESSAGE_BUFFER ForwardedTgt
  56. )
  57. {
  58. NTSTATUS Status = STATUS_SUCCESS;
  59. PKERB_TICKET_LOGON LogonInfo = NULL;
  60. PKERB_LOGON_SESSION LogonSession = NULL;
  61. KERB_KDC_REPLY KdcReply = {0};
  62. ULONG_PTR Offset;
  63. UNICODE_STRING EmptyString = {0};
  64. PKERB_TICKET Ticket = NULL;
  65. KERBERR KerbErr;
  69. *WorkstationTicket = NULL;
  70. ForwardedTgt->Buffer = NULL;
  71. ForwardedTgt->BufferSize = 0;
  73. //
  74. // Pull the interesting information out of the submit buffer
  75. //
  77. if (SubmitBufferSize < sizeof(KERB_TICKET_LOGON))
  78. {
  79. DebugLog((DEB_ERROR,"Submit buffer to logon too small: %d. %ws, line %d\n",SubmitBufferSize, THIS_FILE, __LINE__));
  80. Status = STATUS_INVALID_PARAMETER;
  81. goto Cleanup;
  82. }
  84. LogonInfo = (PKERB_TICKET_LOGON) ProtocolSubmitBuffer;
  86. DsysAssert((LogonInfo->MessageType == KerbTicketLogon) || (LogonInfo->MessageType == KerbTicketUnlockLogon));
  91. //
  92. // Relocate any pointers to be relative to 'LogonInfo'
  93. //
  96. Offset = ((PUCHAR) LogonInfo->ServiceTicket) - ((PUCHAR)ClientBufferBase);
  97. if ( (Offset >= SubmitBufferSize) ||
  98. (Offset + LogonInfo->ServiceTicketLength > SubmitBufferSize))
  99. {
  100. Status = STATUS_INVALID_PARAMETER;
  101. goto Cleanup;
  102. }
  103. LogonInfo->ServiceTicket = (PUCHAR) ProtocolSubmitBuffer + Offset;
  105. if (LogonInfo->TicketGrantingTicketLength != 0)
  106. {
  107. if (LogonInfo->TicketGrantingTicket == NULL)
  108. {
  109. Status = STATUS_INVALID_PARAMETER;
  110. goto Cleanup;
  111. }
  113. Offset = ((PUCHAR) LogonInfo->TicketGrantingTicket) - ((PUCHAR)ClientBufferBase);
  114. if ( (Offset >= SubmitBufferSize) ||
  115. (Offset + LogonInfo->TicketGrantingTicketLength > SubmitBufferSize))
  116. {
  117. Status = STATUS_INVALID_PARAMETER;
  118. goto Cleanup;
  119. }
  120. LogonInfo->TicketGrantingTicket = (PUCHAR) ProtocolSubmitBuffer + Offset;
  121. ForwardedTgt->BufferSize = LogonInfo->TicketGrantingTicketLength;
  122. ForwardedTgt->Buffer = LogonInfo->TicketGrantingTicket;
  123. }
  126. //
  127. // Allocate a locally unique ID for this logon session. We will
  128. // create it in the LSA just before returning.
  129. //
  131. Status = NtAllocateLocallyUniqueId( LogonId );
  132. if (!NT_SUCCESS(Status))
  133. {
  134. DebugLog((DEB_ERROR,"Failed to allocate locally unique ID: 0x%x. %ws, line %d\n",Status, THIS_FILE, __LINE__));
  135. goto Cleanup;
  136. }
  139. //
  140. // Build a logon session to hold all this information
  141. //
  143. Status = KerbCreateLogonSession(
  144. LogonId,
  145. &EmptyString,
  146. &EmptyString,
  147. NULL, // no password
  148. NULL, // no old password
  149. 0, // no password options
  150. 0,
  151. FALSE, // no dups - this is a primary logon
  152. &LogonSession
  153. );
  154. if (!NT_SUCCESS(Status))
  155. {
  156. goto Cleanup;
  157. }
  159. //
  160. // Unpack the supplied service ticket
  161. //
  164. KerbErr = KerbUnpackData(
  165. LogonInfo->ServiceTicket,
  166. LogonInfo->ServiceTicketLength,
  167. KERB_TICKET_PDU,
  168. (PVOID *) &Ticket
  169. );
  170. if (!KERB_SUCCESS(KerbErr))
  171. {
  172. DebugLog((DEB_ERROR,"Failed to unpack service ticket in ticket logon\n"));
  173. Status = KerbMapKerbError(KerbErr);
  174. goto Cleanup;
  175. }
  177. //
  178. // Build a ticket structure from the service ticket.
  179. //
  181. KdcReply.ticket = *Ticket;
  183. Status = KerbCreateTicketCacheEntry(
  184. &KdcReply,
  185. NULL, // no kdc reply
  186. NULL, // no target name
  187. NULL, // no target realm
  188. 0, // no flags
  189. NULL, // no ticket cache
  190. NULL, // no credential key
  191. WorkstationTicket
  192. );
  194. if (!NT_SUCCESS(Status))
  195. {
  196. goto Cleanup;
  197. }
  199. //
  200. // Return the new logon session.
  201. //
  203. *NewLogonSession = LogonSession;
  204. LogonSession = NULL;
  206. Cleanup:
  208. if (!NT_SUCCESS(Status))
  209. {
  210. if (LogonSession != NULL)
  211. {
  212. KerbReferenceLogonSessionByPointer(LogonSession, TRUE);
  213. KerbDereferenceLogonSession(LogonSession);
  214. }
  215. }
  217. if (Ticket != NULL)
  218. {
  219. KerbFreeData(KERB_TICKET_PDU, Ticket);
  220. }
  222. return(Status);
  223. }
  226. //+-------------------------------------------------------------------------
  227. //
  228. // Function: KerbExtractForwardedTgt
  229. //
  230. // Synopsis: Extracts a forwarded TGT from its encoded representation
  231. // and sticks it in the logon session ticket cache. This
  232. // also updates the user name & domain name in the
  233. // logon session, if they aren't present.
  234. //
  235. // Effects:
  236. //
  237. // Arguments:
  238. //
  239. // Requires:
  240. //
  241. // Returns:
  242. //
  243. // Notes:
  244. //
  245. //
  246. //--------------------------------------------------------------------------
  248. NTSTATUS
  249. KerbExtractForwardedTgt(
  250. IN PKERB_LOGON_SESSION LogonSession,
  251. IN PKERB_MESSAGE_BUFFER ForwardedTgt,
  252. IN PKERB_ENCRYPTED_TICKET WorkstationTicket
  253. )
  254. {
  255. PKERB_CRED KerbCred = NULL;
  256. PKERB_ENCRYPTED_CRED EncryptedCred = NULL;
  257. KERBERR KerbErr;
  258. NTSTATUS Status = STATUS_SUCCESS;
  260. D_DebugLog((DEB_TRACE, "Extracting a forwarded TGT\n"));
  262. KerbErr = KerbUnpackKerbCred(
  263. ForwardedTgt->Buffer,
  264. ForwardedTgt->BufferSize,
  265. &KerbCred
  266. );
  267. if (!KERB_SUCCESS(KerbErr))
  268. {
  269. DebugLog((DEB_WARN, "Failed to unpack kerb cred for forwaded tgt\n"));
  270. Status = KerbMapKerbError(KerbErr);
  271. goto Cleanup;
  273. }
  275. //
  276. // Now decrypt the encrypted part of the KerbCred.
  277. //
  279. KerbErr = KerbDecryptDataEx(
  280. &KerbCred->encrypted_part,
  281. &WorkstationTicket->key,
  282. KERB_CRED_SALT,
  283. (PULONG) &KerbCred->encrypted_part.cipher_text.length,
  284. KerbCred->encrypted_part.cipher_text.value
  285. );
  288. if (!KERB_SUCCESS(KerbErr))
  289. {
  290. DebugLog((DEB_ERROR,"Failed to decrypt KERB_CRED: 0x%x. %ws, line %d\n",KerbErr, THIS_FILE, __LINE__));
  291. if (KerbErr == KRB_ERR_GENERIC)
  292. {
  293. Status = KerbMapKerbError(KerbErr);
  294. goto Cleanup;
  295. }
  296. else
  297. {
  298. Status = STATUS_LOGON_FAILURE;
  300. //
  301. // MIT clients don't encrypt the encrypted part, so drop through
  302. //
  304. }
  305. }
  307. //
  308. // Now unpack the encrypted part.
  309. //
  311. KerbErr = KerbUnpackEncryptedCred(
  312. KerbCred->encrypted_part.cipher_text.value,
  313. KerbCred->encrypted_part.cipher_text.length,
  314. &EncryptedCred
  315. );
  316. if (!KERB_SUCCESS(KerbErr))
  317. {
  318. //
  319. // Use the old status if it is available.
  320. //
  322. if (NT_SUCCESS(Status))
  323. {
  324. Status = KerbMapKerbError(KerbErr);
  325. }
  326. DebugLog((DEB_WARN, "Failed to unpack encrypted cred\n"));
  327. goto Cleanup;
  328. }
  330. //
  331. // Now build a logon session.
  332. //
  334. Status = KerbCreateLogonSessionFromKerbCred(
  335. NULL,
  336. WorkstationTicket,
  337. KerbCred,
  338. EncryptedCred,
  339. &LogonSession
  340. );
  341. if (!NT_SUCCESS(Status))
  342. {
  343. DebugLog((DEB_ERROR,"Failed to create logon session from kerb cred: 0x%x. %ws, line %d\n",Status, THIS_FILE, __LINE__));
  344. goto Cleanup;
  345. }
  347. Cleanup:
  348. if (EncryptedCred != NULL)
  349. {
  350. KerbFreeEncryptedCred(EncryptedCred);
  351. }
  352. if (KerbCred != NULL)
  353. {
  354. KerbFreeKerbCred(KerbCred);
  355. }
  356. return(Status);
  358. }