archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 7b07a90fc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7b07a90fc1'
${ noResults }
windows-server-2003/ds/win32/credui/pswchg.cpp

422 lines
12 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. #include "precomp.hpp"
  2. //#include <nt.h>
  3. //#include <ntrtl.h>
  4. //#include <nturtl.h>
  5. //#include <windows.h>
  6. #include <wincred.h>
  7. #include <align.h>
  8. #include <lm.h>
  9. #include <ntsecapi.h>
  10. #include <dsgetdc.h>
  11. #include <stdlib.h>
  12. //#include <stdio.h>
  13. #include <string.h>
  15. // !!!!!
  16. // this file is a duplicate of a nearly identical file in the keymgr project. It should be removed when
  17. // the implementation of NetUserChangePassword() is updated to handle unc names and MIT Kerberos
  18. // realms properly. For now, it wraps NetUserChangePassword() to handle the extra cases.
  20. // Dependent libraries:
  21. // secur32.lib, netapi32.lib
  23. // external fn: NET_API_STATUS NetUserChangePasswordEy(LPCWSTR,LPCWSTR,LPCWSTR,LPCWSTR)
  25. BOOL
  26. IsMITName (
  27. LPCWSTR UserName
  28. )
  29. {
  30. BOOL fReturn = FALSE;
  31. HKEY MitKey;
  32. DWORD Index;
  33. PWSTR Realms;
  34. DWORD RealmSize;
  35. int err;
  36. DWORD NumRealms;
  37. DWORD MaxRealmLength;
  38. FILETIME KeyTime;
  39. WCHAR *szUncTail;
  41. if (NULL == UserName) return FALSE;
  43. szUncTail = wcschr(UserName,'@');
  44. if (NULL == szUncTail) return FALSE;
  45. szUncTail++; // point to char following @
  47. err = RegOpenKeyEx(
  48. HKEY_LOCAL_MACHINE,
  49. TEXT("System\\CurrentControlSet\\Control\\Lsa\\Kerberos\\Domains"),
  50. 0,
  51. KEY_READ,
  52. &MitKey );
  54. if ( err == 0 )
  55. {
  56. #ifdef LOUDLY
  57. CreduiDebugLog("Kerberos domains key opened\n");
  58. #endif
  59. err = RegQueryInfoKey( MitKey,
  60. NULL,
  61. NULL,
  62. NULL,
  63. &NumRealms,
  64. &MaxRealmLength,
  65. NULL,
  66. NULL,
  67. NULL,
  68. NULL,
  69. NULL,
  70. NULL );
  72. MaxRealmLength++ ;
  74. MaxRealmLength *= sizeof( WCHAR );
  76. Realms = (PWSTR) malloc(MaxRealmLength );
  79. if ( Realms)
  80. {
  81. #ifdef LOUDLY
  82. CreduiDebugLog("Kerberos realms found\n");
  83. #endif
  85. for ( Index = 0 ; Index < NumRealms ; Index++ )
  86. {
  87. RealmSize = MaxRealmLength ;
  89. err = RegEnumKeyEx( MitKey,
  90. Index,
  91. Realms,
  92. &RealmSize,
  93. NULL,
  94. NULL,
  95. NULL,
  96. &KeyTime );
  97. if (err == 0)
  98. {
  99. #ifdef LOUDLY
  100. CreduiDebugLog("Fetched realm: ");
  101. CreduiDebugLog(Realms);
  102. CreduiDebugLog("\n");
  103. CreduiDebugLog("Username suffix: ");
  104. CreduiDebugLog(szUncTail);
  105. CreduiDebugLog("\n");
  106. #endif
  107. if (0 == _wcsicmp(szUncTail, Realms))
  108. {
  109. #ifdef LOUDLY
  110. CreduiDebugLog("Username maps to an MIT realm\n");
  111. #endif
  112. fReturn = TRUE;
  113. break;
  114. }
  115. }
  116. }
  117. }
  118. free(Realms);
  119. }
  120. return fReturn;
  121. }
  123. NTSTATUS
  124. MitChangePasswordEy(
  125. LPCWSTR DomainName,
  126. LPCWSTR UserName,
  127. LPCWSTR OldPassword,
  128. LPCWSTR NewPassword,
  129. NTSTATUS *pSubStatus
  130. )
  131. {
  132. HANDLE hLsa = NULL;
  133. NTSTATUS Status;
  134. NTSTATUS SubStatus;
  136. STRING Name;
  137. ULONG PackageId;
  139. PVOID Response = NULL ;
  140. ULONG ResponseSize;
  142. PKERB_CHANGEPASSWORD_REQUEST ChangeRequest = NULL;
  143. ULONG ChangeSize = 0;
  145. UNICODE_STRING User,Domain,OldPass,NewPass;
  147. Status = LsaConnectUntrusted(&hLsa);
  148. if (!SUCCEEDED(Status)) goto Cleanup;
  149. #ifdef LOUDLY
  150. CreduiDebugLog("We have an LSA handle\n");
  151. #endif
  153. RtlInitString(
  154. &Name,
  155. MICROSOFT_KERBEROS_NAME_A
  156. );
  158. Status = LsaLookupAuthenticationPackage(
  159. hLsa,
  160. &Name,
  161. &PackageId
  162. );
  163. if (!NT_SUCCESS(Status))
  164. {
  165. goto Cleanup;
  166. }
  167. #ifdef LOUDLY
  168. CreduiDebugLog("Authentication package found\n");
  169. #endif
  171. RtlInitUnicodeString(
  172. &User,
  173. UserName
  174. );
  175. RtlInitUnicodeString(
  176. &Domain,
  177. DomainName
  178. );
  179. RtlInitUnicodeString(
  180. &OldPass,
  181. OldPassword
  182. );
  183. RtlInitUnicodeString(
  184. &NewPass,
  185. NewPassword
  186. );
  188. ChangeSize = ROUND_UP_COUNT(sizeof(KERB_CHANGEPASSWORD_REQUEST),4)+
  189. User.Length +
  190. Domain.Length +
  191. OldPass.Length +
  192. NewPass.Length ;
  193. ChangeRequest = (PKERB_CHANGEPASSWORD_REQUEST) LocalAlloc(LMEM_ZEROINIT, ChangeSize );
  195. if ( ChangeRequest == NULL )
  196. {
  197. Status = STATUS_NO_MEMORY ;
  198. goto Cleanup ;
  199. }
  201. ChangeRequest->MessageType = KerbChangePasswordMessage;
  203. ChangeRequest->AccountName = User;
  204. ChangeRequest->AccountName.Buffer = (LPWSTR) ROUND_UP_POINTER(sizeof(KERB_CHANGEPASSWORD_REQUEST) + (PBYTE) ChangeRequest,4);
  206. RtlCopyMemory(
  207. ChangeRequest->AccountName.Buffer,
  208. User.Buffer,
  209. User.Length
  210. );
  212. ChangeRequest->DomainName = Domain;
  213. ChangeRequest->DomainName.Buffer = ChangeRequest->AccountName.Buffer + ChangeRequest->AccountName.Length / sizeof(WCHAR);
  215. RtlCopyMemory(
  216. ChangeRequest->DomainName.Buffer,
  217. Domain.Buffer,
  218. Domain.Length
  219. );
  221. ChangeRequest->OldPassword = OldPass;
  222. ChangeRequest->OldPassword.Buffer = ChangeRequest->DomainName.Buffer + ChangeRequest->DomainName.Length / sizeof(WCHAR);
  224. RtlCopyMemory(
  225. ChangeRequest->OldPassword.Buffer,
  226. OldPass.Buffer,
  227. OldPass.Length
  228. );
  230. ChangeRequest->NewPassword = NewPass;
  231. ChangeRequest->NewPassword.Buffer = ChangeRequest->OldPassword.Buffer + ChangeRequest->OldPassword.Length / sizeof(WCHAR);
  233. RtlCopyMemory(
  234. ChangeRequest->NewPassword.Buffer,
  235. NewPass.Buffer,
  236. NewPass.Length
  237. );
  240. //
  241. // We are running as the caller, so state we are impersonating
  242. //
  244. //ChangeRequest->Impersonating = TRUE;
  245. #ifdef LOUDLY
  246. CreduiDebugLog("Attempting to call the authentication package\n");
  247. #endif
  248. Status = LsaCallAuthenticationPackage(
  249. hLsa,
  250. PackageId,
  251. ChangeRequest,
  252. ChangeSize,
  253. &Response,
  254. &ResponseSize,
  255. &SubStatus
  256. );
  257. if (!NT_SUCCESS(Status) || !NT_SUCCESS(SubStatus))
  258. {
  259. #ifdef LOUDLY
  260. WCHAR szsz[200];
  261. swprintf(szsz,L"Call failed. Status %x SubStatus %x\n",Status, SubStatus);
  262. CreduiDebugLog(szsz);
  263. #endif
  264. if (NT_SUCCESS(Status))
  265. {
  266. Status = SubStatus;
  267. *pSubStatus = STATUS_UNSUCCESSFUL ;
  268. }
  269. else
  270. {
  271. *pSubStatus = SubStatus;
  272. }
  273. }
  275. Cleanup:
  277. if (hLsa) LsaDeregisterLogonProcess(hLsa);
  279. if (Response != NULL) LsaFreeReturnBuffer(Response);
  281. if (ChangeRequest != NULL)
  282. {
  283. SecureZeroMemory(ChangeRequest, ChangeSize);
  284. ChangeSize = 0;
  285. LocalFree(ChangeRequest);
  286. }
  288. return(Status);
  289. }
  291. /*
  293. NetUserChangePasswordEy()
  295. A wrapper function to superset the functionality of NetUserChangePassword(), specifically
  296. by adding support for changing the account password for an MIT Kerberos principal.
  298. This routine accepts:
  300. 1. uncracked username, with NULL domain
  301. 2. cracked username, with domain portion routed to the domain argument
  303. In case 1, it handles all cases, including MIT realm password changes
  304. In case 2, it will not handle MIT realms.
  306. Case 2 is provided for backwards compatibility with NetUserChangePassword(). It is intended
  307. that callers should pass the uncracked name, and remove the cracking code from the client.
  309. */
  310. NET_API_STATUS
  311. NetUserChangePasswordEy (
  312. LPCWSTR domainname,
  313. LPCWSTR username,
  314. LPCWSTR oldpassword,
  315. LPCWSTR newpassword
  316. )
  317. {
  318. NTSTATUS ns; // status from call
  319. NET_API_STATUS nas;
  320. NTSTATUS ss; // substatus
  321. #ifdef LOUDLY
  322. CreduiDebugLog("NetUserChangePasswordEy called for ");
  323. CreduiDebugLog(username);
  324. CreduiDebugLog("\n");
  325. #endif
  326. // domainname may be a kerberos realm
  327. // If not a UNC name, call through to NetUserChangePassword
  328. // else
  329. // locate UNC suffix
  330. // search all domains returned by DsEnumerateDomainTrusts() for a match
  331. // On match, if is kerberos realm, call MitChangePasswordEy()
  332. // else call NetUserChangePassword
  333. if ((domainname == NULL) && IsMITName(username))
  334. {
  335. ns = MitChangePasswordEy(domainname, username, oldpassword, newpassword, &ss);
  336. // remap certain errors returned by MitChangePasswordEy to coincide with those of NetUserChangePassword
  337. if (NT_SUCCESS(ns)) nas = NERR_Success;
  338. else
  339. {
  340. switch (ns)
  341. {
  342. case STATUS_CANT_ACCESS_DOMAIN_INFO:
  343. case STATUS_NO_SUCH_DOMAIN:
  344. {
  345. nas = NERR_InvalidComputer;
  346. break;
  347. }
  348. case STATUS_NO_SUCH_USER:
  349. case STATUS_WRONG_PASSWORD_CORE:
  350. case STATUS_WRONG_PASSWORD:
  351. {
  352. nas = ERROR_INVALID_PASSWORD;
  353. break;
  354. }
  355. case STATUS_ACCOUNT_RESTRICTION:
  356. case STATUS_ACCESS_DENIED:
  357. case STATUS_BACKUP_CONTROLLER:
  358. {
  359. nas = ERROR_ACCESS_DENIED;
  360. break;
  361. }
  362. case STATUS_PASSWORD_RESTRICTION:
  363. {
  364. nas = NERR_PasswordTooShort;
  365. break;
  366. }
  368. default:
  369. nas = -1; // will produce omnibus error message when found (none of the above)
  370. break;
  371. }
  372. }
  373. }
  374. else if (NULL == domainname)
  375. {
  376. WCHAR RetUserName[CRED_MAX_USERNAME_LENGTH + 1];
  377. WCHAR RetDomainName[CRED_MAX_USERNAME_LENGTH + 1];
  378. RetDomainName[0] = 0;
  379. DWORD Status = CredUIParseUserNameW(
  380. username,
  381. RetUserName,
  382. CRED_MAX_USERNAME_LENGTH,
  383. RetDomainName,
  384. CRED_MAX_USERNAME_LENGTH);
  385. switch (Status)
  386. {
  387. case NO_ERROR:
  388. {
  389. #ifdef LOUDLY
  390. CreduiDebugLog("Non-MIT password change for ");
  391. CreduiDebugLog(RetUserName);
  392. CreduiDebugLog(" of domain ");
  393. CreduiDebugLog(RetDomainName);
  394. CreduiDebugLog("\n");
  395. #endif
  396. nas = NetUserChangePassword(RetDomainName,RetUserName,oldpassword,newpassword);
  397. break;
  398. }
  399. case ERROR_INSUFFICIENT_BUFFER:
  400. nas = ERROR_INVALID_PARAMETER;
  401. break;
  402. case ERROR_INVALID_ACCOUNT_NAME:
  403. default:
  404. nas = NERR_UserNotFound;
  405. break;
  406. }
  408. }
  409. else
  410. {
  411. // both username and domainname passed.
  412. nas = NetUserChangePassword(domainname,username,oldpassword,newpassword);
  413. }
  414. #ifdef LOUDLY
  415. WCHAR szsz[200];
  416. swprintf(szsz,L"NUCPEy returns %x\n",nas);
  417. CreduiDebugLog(szsz);
  418. #endif
  419. return nas;
  420. }