archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3 Commits
1 Branch
0 Tags
4.9 GiB
Tree: 827363a95b
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '827363a95b'
${ noResults }
windows-server-2003/net/ias/providers/ntuser/dll/samutil.cpp

223 lines
5.4 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. ///////////////////////////////////////////////////////////////////////////////
  2. //
  3. // Copyright (c) Microsoft Corporation
  4. //
  5. // SYNOPSIS
  6. //
  7. // Defines the functions IASEncryptAttribute & IASProcessFailure.
  8. //
  9. ///////////////////////////////////////////////////////////////////////////////
  11. #include <ias.h>
  12. #include <lm.h>
  13. #include <ntdsapi.h>
  14. #include <sdoias.h>
  16. #include <samutil.h>
  18. HRESULT
  19. WINAPI
  20. IASStoreFQUserName(
  21. IAttributesRaw* request,
  22. DS_NAME_FORMAT format,
  23. PCWSTR fqdn
  24. ) throw ()
  25. {
  26. // Check the arguments.
  27. if (!request || !fqdn) { return E_POINTER; }
  29. // Convert DN's to canonical names.
  30. PDS_NAME_RESULTW result = NULL;
  31. if (format == DS_FQDN_1779_NAME)
  32. {
  33. DWORD err = DsCrackNamesW(
  34. NULL,
  35. DS_NAME_FLAG_SYNTACTICAL_ONLY,
  36. format,
  37. DS_CANONICAL_NAME,
  38. 1,
  39. &fqdn,
  40. &result
  41. );
  42. if (err == NO_ERROR &&
  43. result->cItems == 1 &&
  44. result->rItems[0].status == DS_NAME_NO_ERROR)
  45. {
  46. fqdn = result->rItems[0].pName;
  47. }
  48. }
  50. HRESULT hr;
  52. // Allocate an attribute.
  53. PIASATTRIBUTE attr;
  54. if (IASAttributeAlloc(1, &attr) == NO_ERROR)
  55. {
  56. // Allocate memory for the string.
  57. ULONG nbyte = (wcslen(fqdn) + 1) * sizeof(WCHAR);
  58. attr->Value.String.pszWide = (PWSTR)CoTaskMemAlloc(nbyte);
  60. if (attr->Value.String.pszWide)
  61. {
  62. // Copy in the value.
  63. memcpy(attr->Value.String.pszWide, fqdn, nbyte);
  64. attr->Value.String.pszAnsi = NULL;
  66. // Set the other fields of the struct.
  67. attr->Value.itType = IASTYPE_STRING;
  68. attr->dwId = IAS_ATTRIBUTE_FULLY_QUALIFIED_USER_NAME;
  70. // Remove any existing attributes of this type.
  71. request->RemoveAttributesByType(1, &attr->dwId);
  73. // Store the attribute in the request.
  74. ATTRIBUTEPOSITION pos = { 0, attr };
  75. hr = request->AddAttributes(1, &pos);
  76. }
  77. else
  78. {
  79. // CoTaskMemAlloc failed.
  80. hr = E_OUTOFMEMORY;
  81. }
  83. // Free up the attribute.
  84. IASAttributeRelease(attr);
  85. }
  86. else
  87. {
  88. // IASAttributeAlloc failed.
  89. hr = E_OUTOFMEMORY;
  90. }
  92. DsFreeNameResult(result);
  94. return hr;
  95. }
  97. VOID
  98. WINAPI
  99. IASEncryptBuffer(
  100. IAttributesRaw* request,
  101. BOOL salted,
  102. PBYTE buf,
  103. ULONG buflen
  104. ) throw ()
  105. {
  106. /////////
  107. // Do we have the attributes required for encryption.
  108. /////////
  110. PIASATTRIBUTE secret, header;
  112. secret = IASPeekAttribute(
  113. request,
  114. IAS_ATTRIBUTE_SHARED_SECRET,
  115. IASTYPE_OCTET_STRING
  116. );
  118. header = IASPeekAttribute(
  119. request,
  120. IAS_ATTRIBUTE_CLIENT_PACKET_HEADER,
  121. IASTYPE_OCTET_STRING
  122. );
  124. if (secret && header)
  125. {
  126. IASRadiusCrypt(
  127. TRUE,
  128. salted,
  129. secret->Value.OctetString.lpValue,
  130. secret->Value.OctetString.dwLength,
  131. header->Value.OctetString.lpValue + 4,
  132. buf,
  133. buflen
  134. );
  135. }
  136. }
  138. IASREQUESTSTATUS
  139. WINAPI
  140. IASProcessFailure(
  141. IRequest* pRequest,
  142. HRESULT hrError
  143. )
  144. {
  145. if (pRequest == NULL)
  146. {
  147. return IAS_REQUEST_STATUS_CONTINUE;
  148. }
  150. IASRESPONSE response;
  151. switch (hrError)
  152. {
  153. // Errors which cause a reject.
  154. case IAS_NO_SUCH_DOMAIN:
  155. case IAS_NO_SUCH_USER:
  156. case IAS_AUTH_FAILURE:
  157. case IAS_CHANGE_PASSWORD_FAILURE:
  158. case IAS_UNSUPPORTED_AUTH_TYPE:
  159. case IAS_NO_CLEARTEXT_PASSWORD:
  160. case IAS_LM_NOT_ALLOWED:
  161. case IAS_LOCAL_USERS_ONLY:
  162. case IAS_PASSWORD_MUST_CHANGE:
  163. case IAS_ACCOUNT_DISABLED:
  164. case IAS_ACCOUNT_EXPIRED:
  165. case IAS_ACCOUNT_LOCKED_OUT:
  166. case IAS_INVALID_LOGON_HOURS:
  167. case IAS_ACCOUNT_RESTRICTION:
  168. case IAS_EAP_NEGOTIATION_FAILED:
  169. {
  170. response = IAS_RESPONSE_ACCESS_REJECT;
  171. break;
  172. }
  174. case HRESULT_FROM_WIN32(ERROR_MORE_DATA):
  175. {
  176. hrError = IAS_MALFORMED_REQUEST;
  177. response = IAS_RESPONSE_DISCARD_PACKET;
  178. break;
  179. }
  181. // Everything else we discard.
  182. default:
  183. {
  184. // Make sure we report an appropriate reason code.
  185. if ((hrError == IAS_SUCCESS) || (hrError >= IAS_MAX_REASON_CODE))
  186. {
  187. hrError = IAS_INTERNAL_ERROR;
  188. }
  190. response = IAS_RESPONSE_DISCARD_PACKET;
  191. break;
  192. }
  193. }
  195. pRequest->SetResponse(response, hrError);
  196. return IAS_REQUEST_STATUS_CONTINUE;
  197. }
  200. SamExtractor::SamExtractor(const IASATTRIBUTE& identity)
  201. {
  202. if (identity.Value.itType != IASTYPE_STRING)
  203. {
  204. IASTL::issue_error(E_INVALIDARG);
  205. }
  207. // This is conceptually a const operation since we're not really changing
  208. // the value of the attribute.
  209. DWORD error = IASAttributeUnicodeAlloc(
  210. const_cast<IASATTRIBUTE*>(&identity)
  211. );
  212. if (error != NO_ERROR)
  213. {
  214. IASTL::issue_error(HRESULT_FROM_WIN32(error));
  215. }
  217. begin = identity.Value.String.pszWide;
  218. delim = wcschr(begin, L'\\');
  219. if (delim != 0)
  220. {
  221. *delim = L'\0';
  222. }
  223. }