archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
0 Tags
3.3 GiB
Tree: 7b07a90fc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7b07a90fc1'
${ noResults }
windows-server-2003/ds/security/protocols/msv_sspi/utility.cxx

400 lines
8.6 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (c) 1987-1993 Microsoft Corporation
  5. Module Name:
  7. utility.cxx
  9. Abstract:
  11. Private NtLmSsp service utility routines.
  13. Author:
  15. Cliff Van Dyke (cliffv) 9-Jun-1993
  17. Environment:
  19. User mode only.
  20. Contains NT-specific code.
  21. Requires ANSI C extensions: slash-slash comments, long external names.
  23. Revision History:
  24. ChandanS 06-Aug-1996 Stolen from net\svcdlls\ntlmssp\common\utility.c
  26. --*/
  28. //
  29. // Common include files.
  30. //
  32. #include <global.h>
  34. //
  35. // Include files specific to this .c file
  36. //
  38. #include <netlib.h> // NetpMemoryFree()
  39. #include <secobj.h> // ACE_DATA ...
  40. #include <stdio.h> // vsprintf().
  41. #include <tstr.h> // TCHAR_ equates.
  43. #define SSP_TOKEN_ACCESS (READ_CONTROL |\
  44. WRITE_DAC |\
  45. TOKEN_DUPLICATE |\
  46. TOKEN_IMPERSONATE |\
  47. TOKEN_QUERY |\
  48. TOKEN_QUERY_SOURCE |\
  49. TOKEN_ADJUST_PRIVILEGES |\
  50. TOKEN_ADJUST_GROUPS |\
  51. TOKEN_ADJUST_DEFAULT)
  54. #if DBG
  57. SECURITY_STATUS
  58. SspNtStatusToSecStatus(
  59. IN NTSTATUS NtStatus,
  60. IN SECURITY_STATUS DefaultStatus
  61. )
  62. /*++
  64. Routine Description:
  66. Convert an NtStatus code to the corresponding Security status code. For
  67. particular errors that are required to be returned as is (for setup code)
  68. don't map the errors.
  71. Arguments:
  73. NtStatus - NT status to convert
  75. Return Value:
  77. Returns security status code.
  79. --*/
  80. {
  81. //
  82. // this routine is left here for DBG builds to enable the developer
  83. // to ASSERT on status codes, etc.
  84. //
  86. return(NtStatus);
  87. }
  89. #endif
  92. BOOLEAN
  93. SspTimeHasElapsed(
  94. IN ULONG TickStart,
  95. IN ULONG Timeout
  96. )
  97. /*++
  99. Routine Description:
  101. Determine if "Timeout" milliseconds have elapsed since TickStart.
  103. Arguments:
  105. TickStart - Specifies a tick count when the event started in milliseconds.
  107. Timeout - Specifies a relative time in milliseconds. 0xFFFFFFFF indicates
  108. that the time will never expire.
  110. Return Value:
  112. TRUE -- iff Timeout milliseconds have elapsed since TickStart.
  114. --*/
  115. {
  116. ULONG TickNow = 0;
  118. TickNow = GetTickCount();
  120. //
  121. // TickNow < TickStart means TickCount is wrapped around (happens very
  122. // 49.7 days)
  123. //
  124. // We assume the interim between the Init/Accept calls with the same
  125. // context can have at most one wrapping around
  126. //
  128. if ( (TickNow > TickStart && TickNow - TickStart > TickNow) ||
  129. (TickNow < TickStart && 0xFFFFFFFF - TickStart + TickNow > Timeout) ) {
  130. return TRUE;
  131. }
  133. return FALSE;
  134. }
  137. SECURITY_STATUS
  138. SspDuplicateToken(
  139. IN HANDLE OriginalToken,
  140. IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,
  141. OUT PHANDLE DuplicatedToken
  142. )
  143. /*++
  145. Routine Description:
  147. Duplicates a token
  149. Arguments:
  151. OriginalToken - Token to duplicate
  152. DuplicatedToken - Receives handle to duplicated token
  154. Return Value:
  156. Any error from NtDuplicateToken
  158. --*/
  159. {
  160. NTSTATUS Status;
  161. OBJECT_ATTRIBUTES ObjectAttributes;
  162. SECURITY_QUALITY_OF_SERVICE QualityOfService;
  164. InitializeObjectAttributes(
  165. &ObjectAttributes,
  166. NULL,
  167. 0,
  168. NULL,
  169. NULL
  170. );
  172. QualityOfService.Length = sizeof(SECURITY_QUALITY_OF_SERVICE);
  173. QualityOfService.EffectiveOnly = FALSE;
  174. QualityOfService.ContextTrackingMode = SECURITY_STATIC_TRACKING;
  175. QualityOfService.ImpersonationLevel = ImpersonationLevel;
  176. ObjectAttributes.SecurityQualityOfService = &QualityOfService;
  178. Status = NtDuplicateToken(
  179. OriginalToken,
  180. SSP_TOKEN_ACCESS,
  181. &ObjectAttributes,
  182. FALSE,
  183. TokenImpersonation,
  184. DuplicatedToken
  185. );
  187. return(SspNtStatusToSecStatus(Status, SEC_E_NO_IMPERSONATION));
  188. }
  191. LPWSTR
  192. SspAllocWStrFromWStr(
  193. IN LPWSTR Unicode
  194. )
  196. /*++
  198. Routine Description:
  200. Allocate and copy unicode string (wide character strdup)
  202. Arguments:
  204. Unicode - pointer to wide character string to make copy of
  206. Return Value:
  208. NULL - There was some error in the conversion.
  210. Otherwise, it returns a pointer to the zero terminated UNICODE string in
  211. an allocated buffer. The buffer must be freed using NtLmFree.
  213. --*/
  215. {
  216. DWORD Size;
  217. LPWSTR ptr;
  219. Size = (DWORD) WCSSIZE(Unicode);
  220. ptr = (LPWSTR)NtLmAllocate(Size);
  221. if ( ptr != NULL) {
  222. RtlCopyMemory(ptr, Unicode, Size);
  223. }
  224. return ptr;
  225. }
  228. VOID
  229. SspHidePassword(
  230. IN OUT PUNICODE_STRING Password
  231. )
  232. /*++
  234. Routine Description:
  236. Run-encodes the password so that it is not very visually
  237. distinguishable. This is so that if it makes it to a
  238. paging file, it wont be obvious.
  241. WARNING - This routine will use the upper portion of the
  242. password's length field to store the seed used in encoding
  243. password. Be careful you don't pass such a string to
  244. a routine that looks at the length (like and RPC routine).
  246. Arguments:
  248. Seed - The seed to use to hide the password.
  250. PasswordSource - Contains password to hide.
  252. Return Value:
  255. --*/
  256. {
  257. SspPrint((SSP_API_MORE, "Entering SspHidePassword\n"));
  259. if( (Password->Length != 0) && (Password->MaximumLength != 0) )
  260. {
  261. LsaFunctions->LsaProtectMemory( Password->Buffer, (ULONG)Password->MaximumLength );
  262. }
  264. SspPrint((SSP_API_MORE, "Leaving SspHidePassword\n"));
  265. }
  268. VOID
  269. SspRevealPassword(
  270. IN OUT PUNICODE_STRING HiddenPassword
  271. )
  272. /*++
  274. Routine Description
  276. Reveals a previously hidden password so that it
  277. is plain text once again.
  279. Arguments:
  281. HiddenPassword - Contains the password to reveal
  283. Return Value
  285. --*/
  286. {
  287. SspPrint((SSP_API_MORE, "Entering SspRevealPassword\n"));
  289. if( (HiddenPassword->Length != 0) && (HiddenPassword->MaximumLength != 0) )
  290. {
  291. LsaFunctions->LsaUnprotectMemory( HiddenPassword->Buffer, (ULONG)HiddenPassword->MaximumLength );
  292. }
  294. SspPrint((SSP_API_MORE, "Leaving SspRevealPassword\n"));
  295. }
  298. BOOLEAN
  299. SspGetTokenBuffer(
  300. IN PSecBufferDesc TokenDescriptor OPTIONAL,
  301. IN ULONG BufferIndex,
  302. OUT PSecBuffer * Token,
  303. IN BOOLEAN ReadonlyOK
  304. )
  306. /*++
  308. Routine Description:
  310. This routine parses a Token Descriptor and pulls out the useful
  311. information.
  313. Arguments:
  315. TokenDescriptor - Descriptor of the buffer containing (or to contain) the
  316. token. If not specified, TokenBuffer and TokenSize will be returned
  317. as NULL.
  319. TokenBuffer - Returns a pointer to the buffer for the token.
  321. TokenSize - Returns a pointer to the location of the size of the buffer.
  323. ReadonlyOK - TRUE if the token buffer may be readonly.
  325. Return Value:
  327. TRUE - If token buffer was properly found.
  329. --*/
  331. {
  332. ULONG i, Index = 0;
  334. //
  335. // If there is no TokenDescriptor passed in,
  336. // just pass out NULL to our caller.
  337. //
  339. ASSERT(*Token != NULL);
  340. if ( !ARGUMENT_PRESENT( TokenDescriptor) ) {
  341. return TRUE;
  342. }
  344. if (TokenDescriptor->ulVersion != SECBUFFER_VERSION)
  345. {
  346. return FALSE;
  347. }
  349. //
  350. // Loop through each described buffer.
  351. //
  353. for ( i=0; i<TokenDescriptor->cBuffers ; i++ ) {
  354. PSecBuffer Buffer = &TokenDescriptor->pBuffers[i];
  355. if ( (Buffer->BufferType & (~SECBUFFER_ATTRMASK)) == SECBUFFER_TOKEN ) {
  357. //
  358. // If the buffer is readonly and readonly isn't OK,
  359. // reject the buffer.
  360. //
  362. if (!ReadonlyOK && (Buffer->BufferType & SECBUFFER_READONLY))
  363. {
  364. return FALSE;
  365. }
  367. //
  368. // It is possible that there are > 1 buffers of type SECBUFFER_TOKEN
  369. // eg, the rdr
  370. //
  372. if (Index != BufferIndex)
  373. {
  374. Index++;
  375. continue;
  376. }
  378. //
  379. // Return the requested information
  380. //
  382. if (!NT_SUCCESS(LsaFunctions->MapBuffer(Buffer, Buffer)))
  383. {
  384. return FALSE;
  385. }
  386. *Token = Buffer;
  387. return TRUE;
  388. }
  390. }
  392. //
  393. // If we didn't have a buffer, fine.
  394. //
  396. SspPrint((SSP_API_MORE, "SspGetTokenBuffer: No token passed in\n"));
  398. return TRUE;
  399. }