archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 7b07a90fc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7b07a90fc1'
${ noResults }
windows-server-2003/ds/security/protocols/kerberos/common2/utils.cxx

507 lines
12 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. //+-----------------------------------------------------------------------
  2. //
  3. // Microsoft Windows
  4. //
  5. // Copyright (c) Microsoft Corporation 1991 - 1992
  6. //
  7. // File: utils.cxx
  8. //
  9. // Contents: utilities
  10. //
  11. // History: LZhu Feb 1, 2002 Created
  12. //
  13. // Notes:
  14. //
  15. //--------------------------------------------------------------------------
  17. #ifdef WIN32_CHICAGO
  18. #include<kerb.hxx>
  19. #include<kerbp.h>
  20. #endif // WIN32_CHICAGO
  22. extern "C"
  23. {
  24. #include <nt.h>
  25. #include <ntrtl.h>
  26. #include <nturtl.h>
  27. #include <windows.h>
  28. #include <ntlsa.h>
  29. #include <samrpc.h>
  30. #include <samisrv.h>
  31. #include <lsarpc.h>
  32. #include <lsaisrv.h>
  33. #include <lsaitf.h>
  34. #include <wincrypt.h>
  35. }
  36. #include <kerbcomm.h>
  37. #include <kerberr.h>
  38. #include <kerbcon.h>
  39. #include <midles.h>
  40. #include <authen.hxx>
  41. #include <kerberos.h>
  42. #include "debug.h"
  43. #include <fileno.h>
  44. #include <pac.hxx>
  45. #include <utils.hxx>
  47. #define FILENO FILENO_COMMON_UTILS
  49. //+-------------------------------------------------------------------------
  50. //
  51. // Function: KerbUnpackErrorData
  52. //
  53. // Synopsis: This routine unpacks error information from a KERB_ERROR message
  54. //
  55. // Effects:
  56. //
  57. // Arguments: Unpacked error data. Returns extended error to
  58. // be freed using KerbFreeData with KERB_EXT_ERROR_PDU
  59. //
  60. // Requires:
  61. //
  62. // Returns: KERB_ERROR
  63. //
  64. // Notes:
  65. //
  66. //
  67. //--------------------------------------------------------------------------
  69. KERBERR
  70. KerbUnpackErrorData(
  71. IN OUT PKERB_ERROR ErrorMessage,
  72. IN OUT PKERB_EXT_ERROR * ExtendedError
  73. )
  74. {
  75. KERBERR KerbErr = KDC_ERR_NONE;
  77. TYPED_DATA_Element* TypedDataElem = NULL;
  80. TYPED_DATA_Element* ErrorData = NULL;
  81. KERB_ERROR_METHOD_DATA* ErrorMethodData = NULL;
  83. UCHAR* ExtErrTemp = NULL; // need to free it
  85. UCHAR* ExtErr = NULL;
  86. ULONG ExtErrSize = 0;
  88. *ExtendedError = NULL;
  90. if ((ErrorMessage->bit_mask & error_data_present) == 0)
  91. {
  92. KerbErr = (KRB_ERR_GENERIC);
  93. goto Cleanup;
  94. }
  96. KerbErr = KerbUnpackData(
  97. ErrorMessage->error_data.value,
  98. ErrorMessage->error_data.length,
  99. TYPED_DATA_PDU,
  100. (VOID**) &ErrorData
  101. );
  103. if (!KERB_SUCCESS(KerbErr))
  104. {
  105. //
  106. // we do not use error method data from kdc any more, but need to watch
  107. // for those slipped into clients with ServicePacks
  108. //
  110. DebugLog((DEB_WARN, "KerbUnpackData failed to unpack typed data, trying error method data\n"));
  112. KerbErr = KerbUnpackData(
  113. ErrorMessage->error_data.value,
  114. ErrorMessage->error_data.length,
  115. KERB_ERROR_METHOD_DATA_PDU,
  116. (VOID**) &ErrorMethodData
  117. );
  119. if (!KERB_SUCCESS(KerbErr))
  120. {
  121. goto Cleanup;
  122. }
  124. if ((ErrorMethodData->bit_mask & data_value_present)
  125. && (KERB_ERR_TYPE_EXTENDED == ErrorMethodData->data_type)
  126. && ErrorMethodData->data_value.length >= sizeof(KERB_EXT_ERROR))
  127. {
  128. //
  129. // pack the raw data
  130. //
  132. KerbErr = KerbPackData(
  133. ErrorMethodData->data_value.value,
  134. KERB_EXT_ERROR_PDU,
  135. &ExtErrSize,
  136. &ExtErrTemp
  137. );
  138. if (!KERB_SUCCESS(KerbErr))
  139. {
  140. goto Cleanup;
  141. }
  143. ExtErr = ExtErrTemp;
  144. }
  145. }
  146. else
  147. {
  148. TypedDataElem = TypedDataListFind(ErrorData, TD_EXTENDED_ERROR);
  149. if (TypedDataElem)
  150. {
  151. ExtErrSize = TypedDataElem->value.data_value.length;
  152. ExtErr = TypedDataElem->value.data_value.value;
  153. }
  155. if ((KDC_ERR_S_PRINCIPAL_UNKNOWN == ErrorMessage->error_code)
  156. && (NULL != TypedDataListFind(ErrorData, TD_MUST_USE_USER2USER)))
  157. {
  158. DebugLog((DEB_WARN, "KerbUnpackData remap KDC_ERR_S_PRINCIPAL_UNKNOWN to KDC_ERR_MUST_USE_USER2USER\n"));
  160. ErrorMessage->error_code = KDC_ERR_MUST_USE_USER2USER;
  161. }
  162. }
  164. if (ExtErr && ExtErrSize)
  165. {
  166. KerbErr = KerbUnpackData(
  167. ExtErr,
  168. ExtErrSize,
  169. KERB_EXT_ERROR_PDU,
  170. (VOID**)ExtendedError
  171. );
  172. if (!KERB_SUCCESS(KerbErr))
  173. {
  174. goto Cleanup;
  175. }
  176. }
  178. if (*ExtendedError)
  179. {
  180. DebugLog((DEB_ERROR, "KerbUnpackErrorData received failure from kdc %#x KLIN(%#x) NTSTATUS(%#x)\n",
  181. ErrorMessage->error_code, (*ExtendedError)->klininfo, (*ExtendedError)->status));
  182. }
  184. Cleanup:
  186. if (NULL != ErrorMethodData)
  187. {
  188. KerbFreeData(KERB_ERROR_METHOD_DATA_PDU, ErrorMethodData);
  189. }
  191. if (NULL != ErrorData)
  192. {
  193. KerbFreeData(TYPED_DATA_PDU, ErrorData);
  194. }
  196. if (NULL != ExtErrTemp)
  197. {
  198. MIDL_user_free(ExtErrTemp);
  199. }
  201. return (KerbErr);
  202. }
  204. //+-------------------------------------------------------------------------
  205. //
  206. // Function: TypedDataListFind
  207. //
  208. // Synopsis: find a kerb typed data from a type data list
  209. //
  210. // Effects: none
  211. //
  212. // Arguments:
  213. //
  214. // Requires:
  215. //
  216. // Returns: TYPED_DATA_Element that is found, NULL otherwise
  217. //
  218. // Notes:
  219. //
  220. //
  221. //--------------------------------------------------------------------------
  223. TYPED_DATA_Element*
  224. TypedDataListFind(
  225. IN OPTIONAL TYPED_DATA_Element* InputDataList,
  226. IN LONG Type
  227. )
  228. {
  229. for (TYPED_DATA_Element* p = InputDataList; p != NULL; p = p->next)
  230. {
  231. if (p->value.data_type == Type)
  232. {
  233. return p;
  234. }
  235. }
  237. return NULL;
  238. }
  240. //+-------------------------------------------------------------------------
  241. //
  242. // Function: TypedDataListPushFront
  243. //
  244. // Synopsis: Insert a kerb typed data to a type data list
  245. //
  246. // Effects: none
  247. //
  248. // Arguments:
  249. //
  250. // Requires:
  251. //
  252. // Returns: KERBERR
  253. //
  254. // Notes:
  255. //
  256. //
  257. //--------------------------------------------------------------------------
  259. KERBERR
  260. TypedDataListPushFront(
  261. IN OPTIONAL TYPED_DATA_Element* InputDataList,
  262. IN KERB_TYPED_DATA* Data,
  263. OUT ULONG* OutputDataListSize,
  264. OUT UCHAR** OutputDataList
  265. )
  266. {
  267. KERBERR KerbErr = KDC_ERR_NONE;
  269. TYPED_DATA_Element TypedDataElem = {0};
  270. TYPED_DATA_Element* TypedDataList = &TypedDataElem;
  272. TypedDataElem.value = *Data;
  273. TypedDataElem.next = InputDataList;
  275. KerbErr = KerbPackData(
  276. &TypedDataList,
  277. TYPED_DATA_PDU,
  278. OutputDataListSize,
  279. OutputDataList
  280. );
  282. if (!KERB_SUCCESS(KerbErr))
  283. {
  284. D_DebugLog((DEB_ERROR, "KdcGetTicket faild to pack error data as typed data %#x\n", KLIN(FILENO, __LINE__)));
  285. goto Cleanup;
  286. }
  288. Cleanup:
  290. return KerbErr;
  291. }
  293. //+-------------------------------------------------------------------------
  294. //
  295. // Function: PackUnicodeStringAsUnicodeStringZ
  296. //
  297. // Synopsis: Pack a unicode string as null-terminated
  298. //
  299. // Effects:
  300. //
  301. // Arguments:
  302. //
  303. // Requires:
  304. //
  305. // Returns:
  306. //
  307. // Notes:
  308. //
  309. //
  310. //-------------------------------------------------------------------------
  312. VOID
  313. PackUnicodeStringAsUnicodeStringZ(
  314. IN UNICODE_STRING* pString,
  315. IN OUT WCHAR** ppWhere,
  316. OUT UNICODE_STRING* pDestString
  317. )
  318. {
  319. RtlCopyMemory(*ppWhere, pString->Buffer, pString->Length);
  320. pDestString->Buffer = *ppWhere;
  322. pDestString->Length = pString->Length;
  323. pDestString->MaximumLength = pString->Length + sizeof(WCHAR);
  325. *ppWhere += pDestString->MaximumLength / sizeof(WCHAR);
  327. //
  328. // add unicode NULL
  329. //
  331. pDestString->Buffer[(pDestString->MaximumLength / sizeof(WCHAR)) - 1] = UNICODE_NULL;
  332. }
  334. //+-------------------------------------------------------------------------
  335. //
  336. // Function: PackS4UDelegationInformation
  337. //
  338. // Synopsis: Pack S4U DelegationInformation
  339. //
  340. // Effects:
  341. //
  342. // Arguments:
  343. //
  344. // Requires:
  345. //
  346. // Returns:
  347. //
  348. // Notes:
  349. //
  350. //
  351. //-------------------------------------------------------------------------
  353. NTSTATUS
  354. PackS4UDelegationInformation(
  355. IN OPTIONAL PS4U_DELEGATION_INFO DelegationInfo,
  356. OUT PS4U_DELEGATION_INFO* NewDelegationInfo
  357. )
  358. {
  359. ULONG NewDelegationInfoSize = 0;
  360. WCHAR* Where = NULL;
  362. *NewDelegationInfo = NULL;
  363. if (DelegationInfo)
  364. {
  365. NewDelegationInfoSize = ROUND_UP_COUNT(sizeof(S4U_DELEGATION_INFO), ALIGN_QUAD)
  366. + ROUND_UP_COUNT(DelegationInfo->S4U2proxyTarget.Length + sizeof(WCHAR), ALIGN_QUAD);
  368. if (DelegationInfo->TransitedListSize)
  369. {
  370. NewDelegationInfoSize += ROUND_UP_COUNT(NewDelegationInfoSize, ALIGN_QUAD);
  372. for (ULONG i = 0; i < DelegationInfo->TransitedListSize; i++)
  373. {
  374. NewDelegationInfoSize += ROUND_UP_COUNT(sizeof(UNICODE_STRING), ALIGN_QUAD)
  375. + ROUND_UP_COUNT(DelegationInfo->S4UTransitedServices[i].Length + sizeof(WCHAR), ALIGN_QUAD);
  376. }
  377. }
  379. *NewDelegationInfo = (PS4U_DELEGATION_INFO) MIDL_user_allocate(NewDelegationInfoSize);
  381. if (NULL == *NewDelegationInfo)
  382. {
  383. return STATUS_NO_MEMORY;
  384. }
  386. RtlZeroMemory(*NewDelegationInfo, NewDelegationInfoSize);
  387. Where = (WCHAR*) (*NewDelegationInfo + 1);
  388. PackUnicodeStringAsUnicodeStringZ(&DelegationInfo->S4U2proxyTarget, &Where, &(*NewDelegationInfo)->S4U2proxyTarget);
  390. (*NewDelegationInfo)->TransitedListSize = DelegationInfo->TransitedListSize;
  391. (*NewDelegationInfo)->S4UTransitedServices = (UNICODE_STRING*) ROUND_UP_POINTER(Where, ALIGN_QUAD);
  392. Where = (WCHAR*) ((*NewDelegationInfo)->S4UTransitedServices + DelegationInfo->TransitedListSize);
  394. for (ULONG j = 0; j < DelegationInfo->TransitedListSize; j++)
  395. {
  396. PackUnicodeStringAsUnicodeStringZ(
  397. &DelegationInfo->S4UTransitedServices[j],
  398. &Where,
  399. &(*NewDelegationInfo)->S4UTransitedServices[j]
  400. );
  401. }
  402. }
  404. return STATUS_SUCCESS;
  405. }
  407. //+-------------------------------------------------------------------------
  408. //
  409. // Function: PackS4UDelegationInformation
  410. //
  411. // Synopsis: Pack S4U DelegationInformation
  412. //
  413. // Effects:
  414. //
  415. // Arguments:
  416. //
  417. // Requires:
  418. //
  419. // Returns:
  420. //
  421. // Notes:
  422. //
  423. //
  424. //-------------------------------------------------------------------------
  426. NTSTATUS
  427. UnmarshalS4UDelegationInformation(
  428. IN ULONG DelegInfoMarshalledSize,
  429. IN OPTIONAL BYTE* DelegInfoMarshalled,
  430. OUT PS4U_DELEGATION_INFO* S4UDelegationInfo
  431. )
  432. {
  433. NTSTATUS Status;
  435. PS4U_DELEGATION_INFO RawDelegInfo = NULL;
  437. Status = PAC_UnmarshallS4UDelegationInfo(
  438. &RawDelegInfo,
  439. DelegInfoMarshalled,
  440. DelegInfoMarshalledSize
  441. );
  443. if (!NT_SUCCESS(Status))
  444. {
  445. DebugLog((DEB_ERROR, "KdcUpdateAndValidateS4UProxyPAC failed to unmarshall S4U delgation info %#x\n", Status));
  446. goto Cleanup;
  447. }
  449. Status = PackS4UDelegationInformation(
  450. RawDelegInfo,
  451. S4UDelegationInfo
  452. );
  453. if (!NT_SUCCESS( Status ))
  454. {
  455. DebugLog((DEB_ERROR, "KdcUpdateAndValidateS4UProxyPAC: PackS4UDelegationInformation failed - %#x\n", Status));
  456. goto Cleanup;
  457. }
  459. Cleanup:
  461. if (RawDelegInfo != NULL)
  462. {
  463. MIDL_user_free(RawDelegInfo);
  464. }
  466. return Status;
  467. }
  469. //+-------------------------------------------------------------------------
  470. //
  471. // Function: KerbMapStatusToKerbError
  472. //
  473. // Synopsis: Maps an NTSTATUS or SECURITY_STATUS to a KERBERR
  474. //
  475. // Effects:
  476. //
  477. // Arguments:
  478. //
  479. // Requires:
  480. //
  481. // Returns:
  482. //
  483. // Notes:
  484. //
  485. //
  486. //--------------------------------------------------------------------------
  488. KERBERR
  489. KerbMapStatusToKerbError(
  490. IN LONG Status
  491. )
  492. {
  493. KERBERR KerbError = KRB_ERR_GENERIC;
  494. switch (Status) {
  495. case SEC_E_ETYPE_NOT_SUPP:
  496. KerbError = KDC_ERR_ETYPE_NOTSUPP;
  497. break;
  498. case SEC_E_OK:
  499. KerbError = KDC_ERR_NONE;
  500. break;
  501. default:
  502. KerbError = KRB_ERR_GENERIC;
  503. break;
  504. }
  505. return KerbError;
  506. }