You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1235 lines
39 KiB
1235 lines
39 KiB
//+-----------------------------------------------------------------------
|
|
//
|
|
// Microsoft Windows
|
|
//
|
|
// Copyright (c) Microsoft Corporation 1992 - 1996
|
|
//
|
|
// File: kerbwow.cxx
|
|
//
|
|
// Contents: Code for 32-64 bit interop for the Kerberos package
|
|
//
|
|
//
|
|
// History: 25-Oct-2000 JSchwart Created
|
|
//
|
|
//------------------------------------------------------------------------
|
|
|
|
#include <kerb.hxx>
|
|
#include <kerbp.h>
|
|
|
|
#ifdef _WIN64
|
|
|
|
#ifdef DEBUG_SUPPORT
|
|
static TCHAR THIS_FILE[]=TEXT(__FILE__);
|
|
#endif
|
|
|
|
#define FILENO FILENO_KERBWOW
|
|
|
|
|
|
|
|
//
|
|
// WOW versions of public Kerberos logon buffer structures. These MUST
|
|
// be kept in sync with their public counterparts!
|
|
//
|
|
|
|
typedef struct _KERB_INTERACTIVE_LOGON_WOW64
|
|
{
|
|
KERB_LOGON_SUBMIT_TYPE MessageType;
|
|
UNICODE_STRING_WOW64 LogonDomainName;
|
|
UNICODE_STRING_WOW64 UserName;
|
|
UNICODE_STRING_WOW64 Password;
|
|
}
|
|
KERB_INTERACTIVE_LOGON_WOW64, *PKERB_INTERACTIVE_LOGON_WOW64;
|
|
|
|
|
|
typedef struct _KERB_INTERACTIVE_UNLOCK_LOGON_WOW64
|
|
{
|
|
KERB_INTERACTIVE_LOGON_WOW64 Logon;
|
|
LUID LogonId;
|
|
}
|
|
KERB_INTERACTIVE_UNLOCK_LOGON_WOW64, *PKERB_INTERACTIVE_UNLOCK_LOGON_WOW64;
|
|
|
|
|
|
typedef struct _KERB_SMART_CARD_LOGON_WOW64
|
|
{
|
|
KERB_LOGON_SUBMIT_TYPE MessageType;
|
|
UNICODE_STRING_WOW64 Pin;
|
|
ULONG CspDataLength;
|
|
ULONG CspData;
|
|
}
|
|
KERB_SMART_CARD_LOGON_WOW64, *PKERB_SMART_CARD_LOGON_WOW64;
|
|
|
|
|
|
typedef struct _KERB_SMART_CARD_UNLOCK_LOGON_WOW64
|
|
{
|
|
KERB_SMART_CARD_LOGON_WOW64 Logon;
|
|
LUID LogonId;
|
|
}
|
|
KERB_SMART_CARD_UNLOCK_LOGON_WOW64, *PKERB_SMART_CARD_UNLOCK_LOGON_WOW64;
|
|
|
|
|
|
typedef struct _KERB_TICKET_LOGON_WOW64
|
|
{
|
|
KERB_LOGON_SUBMIT_TYPE MessageType;
|
|
ULONG Flags;
|
|
ULONG ServiceTicketLength;
|
|
ULONG TicketGrantingTicketLength;
|
|
ULONG ServiceTicket;
|
|
ULONG TicketGrantingTicket;
|
|
}
|
|
KERB_TICKET_LOGON_WOW64, *PKERB_TICKET_LOGON_WOW64;
|
|
|
|
typedef struct _KERB_TICKET_UNLOCK_LOGON_WOW64
|
|
{
|
|
KERB_TICKET_LOGON_WOW64 Logon;
|
|
LUID LogonId;
|
|
}
|
|
KERB_TICKET_UNLOCK_LOGON_WOW64, *PKERB_TICKET_UNLOCK_LOGON_WOW64;
|
|
|
|
|
|
//
|
|
// WOW versions of public Kerberos profile buffer structures. These MUST
|
|
// be kept in sync with their public counterparts!
|
|
//
|
|
|
|
typedef struct _KERB_INTERACTIVE_PROFILE_WOW64
|
|
{
|
|
KERB_PROFILE_BUFFER_TYPE MessageType;
|
|
USHORT LogonCount;
|
|
USHORT BadPasswordCount;
|
|
LARGE_INTEGER LogonTime;
|
|
LARGE_INTEGER LogoffTime;
|
|
LARGE_INTEGER KickOffTime;
|
|
LARGE_INTEGER PasswordLastSet;
|
|
LARGE_INTEGER PasswordCanChange;
|
|
LARGE_INTEGER PasswordMustChange;
|
|
UNICODE_STRING_WOW64 LogonScript;
|
|
UNICODE_STRING_WOW64 HomeDirectory;
|
|
UNICODE_STRING_WOW64 FullName;
|
|
UNICODE_STRING_WOW64 ProfilePath;
|
|
UNICODE_STRING_WOW64 HomeDirectoryDrive;
|
|
UNICODE_STRING_WOW64 LogonServer;
|
|
ULONG UserFlags;
|
|
}
|
|
KERB_INTERACTIVE_PROFILE_WOW64, *PKERB_INTERACTIVE_PROFILE_WOW64;
|
|
|
|
typedef struct _KERB_SMART_CARD_PROFILE_WOW64
|
|
{
|
|
KERB_INTERACTIVE_PROFILE_WOW64 Profile;
|
|
ULONG CertificateSize;
|
|
ULONG CertificateData;
|
|
}
|
|
KERB_SMART_CARD_PROFILE_WOW64, *PKERB_SMART_CARD_PROFILE_WOW64;
|
|
|
|
typedef struct KERB_CRYPTO_KEY_WOW64
|
|
{
|
|
LONG KeyType;
|
|
ULONG Length;
|
|
ULONG Value;
|
|
}
|
|
KERB_CRYPTO_KEY_WOW64, *PKERB_CRYPTO_KEY_WOW64;
|
|
|
|
typedef struct _KERB_TICKET_PROFILE_WOW64
|
|
{
|
|
KERB_INTERACTIVE_PROFILE_WOW64 Profile;
|
|
KERB_CRYPTO_KEY_WOW64 SessionKey;
|
|
}
|
|
KERB_TICKET_PROFILE_WOW64, *PKERB_TICKET_PROFILE_WOW64;
|
|
|
|
typedef struct _KERB_INTERNAL_NAME_WOW64
|
|
{
|
|
SHORT NameType;
|
|
USHORT NameCount;
|
|
UNICODE_STRING_WOW64 Names[ANYSIZE_ARRAY];
|
|
}
|
|
KERB_INTERNAL_NAME_WOW64, *PKERB_INTERNAL_NAME_WOW64;
|
|
|
|
typedef struct _KERB_EXTERNAL_NAME_WOW64
|
|
{
|
|
SHORT NameType;
|
|
USHORT NameCount;
|
|
UNICODE_STRING_WOW64 Names[ANYSIZE_ARRAY];
|
|
}
|
|
KERB_EXTERNAL_NAME_WOW64, *PKERB_EXTERNAL_NAME_WOW64;
|
|
|
|
typedef struct _KERB_EXTERNAL_TICKET_WOW64
|
|
{
|
|
ULONG ServiceName;
|
|
ULONG TargetName;
|
|
ULONG ClientName;
|
|
UNICODE_STRING_WOW64 DomainName;
|
|
UNICODE_STRING_WOW64 TargetDomainName;
|
|
UNICODE_STRING_WOW64 AltTargetDomainName;
|
|
KERB_CRYPTO_KEY_WOW64 SessionKey;
|
|
ULONG TicketFlags;
|
|
ULONG Flags;
|
|
LARGE_INTEGER StartTime;
|
|
LARGE_INTEGER EndTime;
|
|
LARGE_INTEGER RenewUntil;
|
|
LARGE_INTEGER TimeSkew;
|
|
ULONG EncodedTicketSize;
|
|
ULONG EncodedTicket;
|
|
}
|
|
KERB_EXTERNAL_TICKET_WOW64, *PKERB_EXTERNAL_TICKET_WOW64;
|
|
|
|
#if 0
|
|
typedef struct _KERB_EXTERNAL_TICKET_EX_WOW64
|
|
{
|
|
PKERB_EXTERNAL_NAME_WOW64 ClientName;
|
|
PKERB_EXTERNAL_NAME_WOW64 ServiceName;
|
|
PKERB_EXTERNAL_NAME_WOW64 TargetName;
|
|
UNICODE_STRING_WOW64 ClientRealm;
|
|
UNICODE_STRING_WOW64 ServiceRealm;
|
|
UNICODE_STRING_WOW64 TargetDomainName;
|
|
UNICODE_STRING_WOW64 AltTargetDomainName;
|
|
KERB_CRYPTO_KEY_WOW64 SessionKey;
|
|
ULONG TicketFlags;
|
|
ULONG Flags;
|
|
LARGE_INTEGER StartTime;
|
|
LARGE_INTEGER EndTime;
|
|
LARGE_INTEGER RenewUntil;
|
|
LARGE_INTEGER TimeSkew;
|
|
PKERB_NET_ADDRESSES TicketAddresses;
|
|
PKERB_AUTH_DATA AuthorizationData;
|
|
_KERB_EXTERNAL_TICKET_EX_WOW64 * SecondTicket;
|
|
ULONG EncodedTicketSize;
|
|
PUCHAR EncodedTicket;
|
|
}
|
|
KERB_EXTERNAL_TICKET_EX_WOW64, *PKERB_EXTERNAL_TICKET_EX_WOW64;
|
|
#endif // 0
|
|
|
|
#define RELOCATE_WOW_UNICODE_STRING(WOWString, NativeString, Offset) \
|
|
NativeString.Length = WOWString.Length; \
|
|
NativeString.MaximumLength = WOWString.MaximumLength; \
|
|
NativeString.Buffer = (LPWSTR) ((LPBYTE) UlongToPtr(WOWString.Buffer) + Offset);
|
|
|
|
|
|
//+-------------------------------------------------------------------------
|
|
//
|
|
// Function: KerbPutWOWString
|
|
//
|
|
// Synopsis: Copies a UNICODE_STRING into a buffer
|
|
//
|
|
// Effects:
|
|
//
|
|
// Arguments: InputString - String to 'put'
|
|
// OutputString - Receives 'put' string
|
|
// Offset - Difference in addresses of local and client buffers.
|
|
// Where - Location in local buffer to place string.
|
|
//
|
|
// Requires:
|
|
//
|
|
// Returns:
|
|
//
|
|
// Notes: This code is (effectively) duplicated in
|
|
// KerbPutString. Make sure any changes
|
|
// made here are applied there as well.
|
|
//
|
|
//--------------------------------------------------------------------------
|
|
|
|
VOID
|
|
KerbPutWOWString(
|
|
IN PUNICODE_STRING InputString,
|
|
OUT PUNICODE_STRING_WOW64 OutputString,
|
|
IN LONG_PTR Offset,
|
|
IN OUT PBYTE * Where
|
|
)
|
|
{
|
|
OutputString->Length = OutputString->MaximumLength = InputString->Length;
|
|
OutputString->Buffer = PtrToUlong (*Where + Offset);
|
|
RtlCopyMemory(
|
|
*Where,
|
|
InputString->Buffer,
|
|
InputString->Length
|
|
);
|
|
*Where += InputString->Length;
|
|
}
|
|
|
|
|
|
//+-------------------------------------------------------------------------
|
|
//
|
|
// Function: KerbPutWOWKdcName
|
|
//
|
|
// Synopsis: Copies a Kdc name to a buffer
|
|
//
|
|
// Effects:
|
|
//
|
|
// Arguments:
|
|
//
|
|
// Requires:
|
|
//
|
|
// Returns:
|
|
//
|
|
// Notes: This code is (effectively) duplicated in
|
|
// KerbPutKdcName. Make sure any changes
|
|
// made here are applied there as well.
|
|
//
|
|
//--------------------------------------------------------------------------
|
|
|
|
VOID
|
|
KerbPutWOWKdcName(
|
|
IN PKERB_INTERNAL_NAME InputName,
|
|
OUT PULONG OutputName,
|
|
IN LONG_PTR Offset,
|
|
IN OUT PBYTE * Where
|
|
)
|
|
{
|
|
ULONG Index;
|
|
PKERB_INTERNAL_NAME_WOW64 LocalName = (PKERB_INTERNAL_NAME_WOW64) *Where;
|
|
|
|
if (!ARGUMENT_PRESENT(InputName))
|
|
{
|
|
*OutputName = NULL;
|
|
return;
|
|
}
|
|
|
|
*Where += sizeof(KERB_INTERNAL_NAME_WOW64) - sizeof(UNICODE_STRING_WOW64) +
|
|
InputName->NameCount * sizeof(UNICODE_STRING_WOW64);
|
|
|
|
LocalName->NameType = InputName->NameType;
|
|
LocalName->NameCount = InputName->NameCount;
|
|
|
|
for (Index = 0; Index < InputName->NameCount ; Index++ )
|
|
{
|
|
LocalName->Names[Index].Length =
|
|
LocalName->Names[Index].MaximumLength =
|
|
InputName->Names[Index].Length;
|
|
|
|
LocalName->Names[Index].Buffer = PtrToUlong(*Where + Offset);
|
|
|
|
RtlCopyMemory(*Where,
|
|
InputName->Names[Index].Buffer,
|
|
InputName->Names[Index].Length);
|
|
|
|
*Where += InputName->Names[Index].Length;
|
|
}
|
|
|
|
*Where = (PBYTE) ROUND_UP_POINTER(*Where, sizeof(ULONG));
|
|
|
|
*OutputName = PtrToUlong((PBYTE) LocalName + Offset);
|
|
}
|
|
|
|
|
|
//+-------------------------------------------------------------------------
|
|
//
|
|
// Function: KerbPutKdcNameAsWOWString
|
|
//
|
|
// Synopsis: Copies a KERB_INTERNAL_NAME into a buffer
|
|
//
|
|
// Effects:
|
|
//
|
|
// Arguments: InputString - String to 'put'
|
|
// OutputString - Receives 'put' string
|
|
// Offset - Difference in addresses of local and client buffers.
|
|
// Where - Location in local buffer to place string.
|
|
//
|
|
// Requires:
|
|
//
|
|
// Returns:
|
|
//
|
|
// Notes: This code is (effectively) duplicated in
|
|
// KerbPutKdcNameAsString. Make sure any
|
|
// changes made here are applied there as well.
|
|
//
|
|
//--------------------------------------------------------------------------
|
|
|
|
VOID
|
|
KerbPutKdcNameAsWOWString(
|
|
IN PKERB_INTERNAL_NAME InputName,
|
|
OUT PUNICODE_STRING_WOW64 OutputName,
|
|
IN LONG_PTR Offset,
|
|
IN OUT PBYTE * Where
|
|
)
|
|
{
|
|
USHORT Index;
|
|
|
|
OutputName->Buffer = PtrToUlong (*Where + Offset);
|
|
OutputName->Length = 0;
|
|
OutputName->MaximumLength = 0;
|
|
|
|
for (Index = 0; Index < InputName->NameCount ; Index++ )
|
|
{
|
|
RtlCopyMemory(
|
|
*Where,
|
|
InputName->Names[Index].Buffer,
|
|
InputName->Names[Index].Length
|
|
);
|
|
*Where += InputName->Names[Index].Length;
|
|
OutputName->Length = OutputName->Length + InputName->Names[Index].Length;
|
|
if (Index == (InputName->NameCount - 1))
|
|
{
|
|
*((LPWSTR) *Where) = L'\0';
|
|
OutputName->MaximumLength = OutputName->Length + sizeof(WCHAR);
|
|
}
|
|
else
|
|
{
|
|
*((LPWSTR) *Where) = L'/';
|
|
OutputName->Length += sizeof(WCHAR);
|
|
}
|
|
*Where += sizeof(WCHAR);
|
|
}
|
|
}
|
|
|
|
|
|
//+-------------------------------------------------------------------------
|
|
//
|
|
// Function: KerbPutWOWClientString
|
|
//
|
|
// Synopsis: Copies a string into a buffer that will be copied to the
|
|
// 32-bit client's address space
|
|
//
|
|
// Effects:
|
|
//
|
|
// Arguments: Where - Location in local buffer to place string.
|
|
// Delta - Difference in addresses of local and client buffers.
|
|
// OutString - Receives 'put' string
|
|
// InString - String to 'put'
|
|
//
|
|
// Requires:
|
|
//
|
|
// Returns:
|
|
//
|
|
// Notes: This code is (effectively) duplicated in
|
|
// KerbPutClientString. Make sure any changes
|
|
// made here are applied there as well.
|
|
//
|
|
//--------------------------------------------------------------------------
|
|
|
|
VOID
|
|
KerbPutWOWClientString(
|
|
IN OUT PUCHAR * Where,
|
|
IN LONG_PTR Delta,
|
|
IN PUNICODE_STRING_WOW64 OutString,
|
|
IN PUNICODE_STRING InString
|
|
)
|
|
{
|
|
if (InString->Length == 0)
|
|
{
|
|
OutString->Buffer = 0;
|
|
OutString->Length = OutString->MaximumLength = 0;
|
|
}
|
|
else
|
|
{
|
|
RtlCopyMemory(*Where,
|
|
InString->Buffer,
|
|
InString->Length);
|
|
|
|
OutString->Buffer = PtrToUlong(*Where + Delta);
|
|
OutString->Length = InString->Length;
|
|
*Where += InString->Length;
|
|
*(LPWSTR) (*Where) = L'\0';
|
|
*Where += sizeof(WCHAR);
|
|
OutString->MaximumLength = OutString->Length + sizeof(WCHAR);
|
|
}
|
|
}
|
|
|
|
|
|
//+-------------------------------------------------------------------------
|
|
//
|
|
// Function: KerbWOWNameLength
|
|
//
|
|
// Synopsis: returns length in bytes of variable portion
|
|
// of KERB_INTERNAL_NAME
|
|
//
|
|
// Effects:
|
|
//
|
|
// Arguments:
|
|
//
|
|
// Requires:
|
|
//
|
|
// Returns:
|
|
//
|
|
// Notes: This code is (effectively) duplicated in
|
|
// KerbNameLength. Make sure any changes
|
|
// made here are applied there as well.
|
|
//
|
|
//--------------------------------------------------------------------------
|
|
|
|
ULONG
|
|
KerbWOWNameLength(
|
|
IN PKERB_INTERNAL_NAME Name
|
|
)
|
|
{
|
|
ULONG Length = 0;
|
|
ULONG Index;
|
|
|
|
if (!ARGUMENT_PRESENT(Name))
|
|
{
|
|
return 0;
|
|
}
|
|
|
|
Length = sizeof(KERB_INTERNAL_NAME_WOW64)
|
|
- sizeof(UNICODE_STRING_WOW64)
|
|
+ Name->NameCount * sizeof(UNICODE_STRING_WOW64);
|
|
|
|
for (Index = 0; Index < Name->NameCount ;Index++ )
|
|
{
|
|
Length += Name->Names[Index].Length;
|
|
}
|
|
|
|
Length = ROUND_UP_COUNT(Length, sizeof(ULONG));
|
|
|
|
return Length;
|
|
}
|
|
|
|
|
|
//+-------------------------------------------------------------------------
|
|
//
|
|
// Function: KerbConvertWOWLogonBuffer
|
|
//
|
|
// Synopsis: Converts logon buffers passed in from WOW clients to 64-bit
|
|
//
|
|
// Effects:
|
|
//
|
|
// Arguments: ProtocolSubmitBuffer -- original 32-bit logon buffer
|
|
// pSubmitBufferSize -- size of the 32-bit logon buffer
|
|
// MessageType -- format of the logon buffer
|
|
// ppTempSubmitBuffer -- filled in with the converted buffer
|
|
//
|
|
// Requires:
|
|
//
|
|
// Returns:
|
|
//
|
|
// Notes: This routine allocates the converted buffer and returns it
|
|
// on success. It is the caller's responsibility to free it.
|
|
//
|
|
//
|
|
//--------------------------------------------------------------------------
|
|
|
|
NTSTATUS
|
|
KerbConvertWOWLogonBuffer(
|
|
IN PVOID ProtocolSubmitBuffer,
|
|
IN PVOID ClientBufferBase,
|
|
IN OUT PULONG pSubmitBufferSize,
|
|
IN KERB_LOGON_SUBMIT_TYPE MessageType,
|
|
OUT PVOID *ppTempSubmitBuffer
|
|
)
|
|
{
|
|
NTSTATUS Status = STATUS_SUCCESS;
|
|
PVOID pTempBuffer = NULL;
|
|
ULONG dwBufferSize = *pSubmitBufferSize;
|
|
|
|
switch (MessageType)
|
|
{
|
|
case KerbInteractiveLogon:
|
|
case KerbWorkstationUnlockLogon:
|
|
{
|
|
PKERB_INTERACTIVE_LOGON Logon;
|
|
PKERB_INTERACTIVE_LOGON_WOW64 LogonWOW;
|
|
DWORD dwOffset;
|
|
DWORD dwWOWOffset;
|
|
|
|
//
|
|
// Scale up the size and add on 3 PVOIDs for the worst-case
|
|
// scenario to align the three embedded UNICODE_STRINGs
|
|
//
|
|
|
|
dwBufferSize += sizeof(KERB_INTERACTIVE_LOGON)
|
|
- sizeof(KERB_INTERACTIVE_LOGON_WOW64);
|
|
|
|
if (dwBufferSize < sizeof(KERB_INTERACTIVE_LOGON))
|
|
{
|
|
DebugLog((DEB_ERROR,
|
|
"Submit buffer to logon too small: %d. %ws, line %d\n",
|
|
dwBufferSize,
|
|
THIS_FILE,
|
|
__LINE__));
|
|
|
|
Status = STATUS_INVALID_PARAMETER;
|
|
goto Cleanup;
|
|
}
|
|
|
|
pTempBuffer = KerbAllocate(dwBufferSize);
|
|
|
|
if (pTempBuffer == NULL)
|
|
{
|
|
Status = STATUS_INSUFFICIENT_RESOURCES;
|
|
goto Cleanup;
|
|
}
|
|
|
|
Logon = (PKERB_INTERACTIVE_LOGON) pTempBuffer;
|
|
LogonWOW = (PKERB_INTERACTIVE_LOGON_WOW64) ProtocolSubmitBuffer;
|
|
|
|
Logon->MessageType = LogonWOW->MessageType;
|
|
|
|
dwOffset = sizeof(KERB_INTERACTIVE_LOGON);
|
|
dwWOWOffset = sizeof(KERB_INTERACTIVE_LOGON_WOW64);
|
|
|
|
if (MessageType == KerbWorkstationUnlockLogon)
|
|
{
|
|
if (dwBufferSize < sizeof(KERB_INTERACTIVE_UNLOCK_LOGON))
|
|
{
|
|
DebugLog((DEB_ERROR,
|
|
"Submit buffer to logon too small: %d. %ws, line %d\n",
|
|
dwBufferSize,
|
|
THIS_FILE,
|
|
__LINE__));
|
|
|
|
Status = STATUS_INVALID_PARAMETER;
|
|
goto Cleanup;
|
|
}
|
|
|
|
//
|
|
// One additional field for this type (a LUID)
|
|
//
|
|
|
|
PKERB_INTERACTIVE_UNLOCK_LOGON Unlock;
|
|
PKERB_INTERACTIVE_UNLOCK_LOGON_WOW64 UnlockWOW;
|
|
|
|
Unlock = (PKERB_INTERACTIVE_UNLOCK_LOGON) pTempBuffer;
|
|
UnlockWOW = (PKERB_INTERACTIVE_UNLOCK_LOGON_WOW64) ProtocolSubmitBuffer;
|
|
|
|
Unlock->LogonId = UnlockWOW->LogonId;
|
|
|
|
dwOffset = sizeof(KERB_INTERACTIVE_UNLOCK_LOGON);
|
|
dwWOWOffset = sizeof(KERB_INTERACTIVE_UNLOCK_LOGON_WOW64);
|
|
}
|
|
|
|
//
|
|
// Copy the variable-length data
|
|
//
|
|
|
|
RtlCopyMemory((LPBYTE) Logon + dwOffset,
|
|
(LPBYTE) LogonWOW + dwWOWOffset,
|
|
*pSubmitBufferSize - dwWOWOffset);
|
|
|
|
//
|
|
// Set up the pointers in the native struct
|
|
//
|
|
|
|
RELOCATE_WOW_UNICODE_STRING(LogonWOW->LogonDomainName,
|
|
Logon->LogonDomainName,
|
|
dwOffset - dwWOWOffset);
|
|
|
|
RELOCATE_WOW_UNICODE_STRING(LogonWOW->UserName,
|
|
Logon->UserName,
|
|
dwOffset - dwWOWOffset);
|
|
|
|
RELOCATE_WOW_UNICODE_STRING(LogonWOW->Password,
|
|
Logon->Password,
|
|
dwOffset - dwWOWOffset);
|
|
|
|
break;
|
|
}
|
|
|
|
case KerbSmartCardLogon:
|
|
case KerbSmartCardUnlockLogon:
|
|
{
|
|
PKERB_SMART_CARD_LOGON Logon;
|
|
PKERB_SMART_CARD_LOGON_WOW64 LogonWOW;
|
|
DWORD dwOffset;
|
|
DWORD dwWOWOffset;
|
|
|
|
//
|
|
// Scale up the size and add on 2 PVOIDs for the worst-case
|
|
// scenario to align the embedded UNICODE_STRING and CspData
|
|
//
|
|
|
|
dwBufferSize += sizeof(KERB_SMART_CARD_LOGON)
|
|
- sizeof(KERB_SMART_CARD_LOGON_WOW64);
|
|
|
|
if (dwBufferSize < sizeof(KERB_SMART_CARD_LOGON))
|
|
{
|
|
DebugLog((DEB_ERROR,
|
|
"Submit buffer to logon too small: %d. %ws, line %d\n",
|
|
dwBufferSize,
|
|
THIS_FILE,
|
|
__LINE__));
|
|
|
|
Status = STATUS_INVALID_PARAMETER;
|
|
goto Cleanup;
|
|
}
|
|
|
|
pTempBuffer = KerbAllocate(dwBufferSize);
|
|
|
|
if (pTempBuffer == NULL)
|
|
{
|
|
Status = STATUS_INSUFFICIENT_RESOURCES;
|
|
goto Cleanup;
|
|
}
|
|
|
|
Logon = (PKERB_SMART_CARD_LOGON) pTempBuffer;
|
|
LogonWOW = (PKERB_SMART_CARD_LOGON_WOW64) ProtocolSubmitBuffer;
|
|
|
|
Logon->MessageType = LogonWOW->MessageType;
|
|
Logon->CspDataLength = LogonWOW->CspDataLength;
|
|
|
|
dwOffset = sizeof(KERB_SMART_CARD_LOGON);
|
|
dwWOWOffset = sizeof(KERB_SMART_CARD_LOGON_WOW64);
|
|
|
|
if (MessageType == KerbSmartCardUnlockLogon)
|
|
{
|
|
if (dwBufferSize < sizeof(KERB_SMART_CARD_UNLOCK_LOGON))
|
|
{
|
|
DebugLog((DEB_ERROR,
|
|
"Submit buffer to logon too small: %d. %ws, line %d\n",
|
|
dwBufferSize,
|
|
THIS_FILE,
|
|
__LINE__));
|
|
|
|
Status = STATUS_INVALID_PARAMETER;
|
|
goto Cleanup;
|
|
}
|
|
|
|
//
|
|
// One additional field for this type (a LUID)
|
|
//
|
|
|
|
PKERB_SMART_CARD_UNLOCK_LOGON Unlock;
|
|
PKERB_SMART_CARD_UNLOCK_LOGON_WOW64 UnlockWOW;
|
|
|
|
Unlock = (PKERB_SMART_CARD_UNLOCK_LOGON) pTempBuffer;
|
|
UnlockWOW = (PKERB_SMART_CARD_UNLOCK_LOGON_WOW64) ProtocolSubmitBuffer;
|
|
|
|
Unlock->LogonId = UnlockWOW->LogonId;
|
|
|
|
dwOffset = sizeof(KERB_SMART_CARD_UNLOCK_LOGON);
|
|
dwWOWOffset = sizeof(KERB_SMART_CARD_UNLOCK_LOGON_WOW64);
|
|
}
|
|
|
|
//
|
|
// Copy the variable-length data
|
|
//
|
|
|
|
RtlCopyMemory((LPBYTE) Logon + dwOffset,
|
|
(LPBYTE) LogonWOW + dwWOWOffset,
|
|
*pSubmitBufferSize - dwWOWOffset);
|
|
|
|
//
|
|
// Set up the pointers in the native struct
|
|
//
|
|
|
|
RELOCATE_WOW_UNICODE_STRING(LogonWOW->Pin,
|
|
Logon->Pin,
|
|
dwOffset - dwWOWOffset);
|
|
|
|
Logon->CspData = (PUCHAR) ((LPBYTE) UlongToPtr(LogonWOW->CspData) + (dwOffset - dwWOWOffset));
|
|
|
|
break;
|
|
}
|
|
|
|
case KerbTicketLogon:
|
|
case KerbTicketUnlockLogon:
|
|
{
|
|
PKERB_TICKET_LOGON Logon;
|
|
PKERB_TICKET_LOGON_WOW64 LogonWOW;
|
|
DWORD dwOffset;
|
|
DWORD dwWOWOffset;
|
|
|
|
//
|
|
// Scale up the size and add on 2 PVOIDs for the worst-case
|
|
// scenario to align the two embedded pointers
|
|
//
|
|
|
|
dwBufferSize += sizeof(KERB_TICKET_LOGON)
|
|
- sizeof(KERB_TICKET_LOGON_WOW64);
|
|
|
|
if (dwBufferSize < sizeof(KERB_TICKET_LOGON))
|
|
{
|
|
DebugLog((DEB_ERROR,
|
|
"Submit buffer to logon too small: %d. %ws, line %d\n",
|
|
dwBufferSize,
|
|
THIS_FILE,
|
|
__LINE__));
|
|
|
|
Status = STATUS_INVALID_PARAMETER;
|
|
goto Cleanup;
|
|
}
|
|
|
|
pTempBuffer = KerbAllocate(dwBufferSize);
|
|
|
|
if (pTempBuffer == NULL)
|
|
{
|
|
Status = STATUS_INSUFFICIENT_RESOURCES;
|
|
goto Cleanup;
|
|
}
|
|
|
|
Logon = (PKERB_TICKET_LOGON) pTempBuffer;
|
|
LogonWOW = (PKERB_TICKET_LOGON_WOW64) ProtocolSubmitBuffer;
|
|
|
|
Logon->MessageType = LogonWOW->MessageType;
|
|
Logon->Flags = LogonWOW->Flags;
|
|
Logon->ServiceTicketLength = LogonWOW->ServiceTicketLength;
|
|
Logon->TicketGrantingTicketLength = LogonWOW->TicketGrantingTicketLength;
|
|
|
|
dwOffset = sizeof(KERB_TICKET_LOGON);
|
|
dwWOWOffset = sizeof(KERB_TICKET_LOGON_WOW64);
|
|
|
|
if (MessageType == KerbTicketUnlockLogon)
|
|
{
|
|
if (dwBufferSize < sizeof(KERB_TICKET_UNLOCK_LOGON))
|
|
{
|
|
DebugLog((DEB_ERROR,
|
|
"Submit buffer to logon too small: %d. %ws, line %d\n",
|
|
dwBufferSize,
|
|
THIS_FILE,
|
|
__LINE__));
|
|
|
|
Status = STATUS_INVALID_PARAMETER;
|
|
goto Cleanup;
|
|
}
|
|
|
|
//
|
|
// One additional field for this type (a LUID)
|
|
//
|
|
|
|
PKERB_TICKET_UNLOCK_LOGON Unlock;
|
|
PKERB_TICKET_UNLOCK_LOGON_WOW64 UnlockWOW;
|
|
|
|
Unlock = (PKERB_TICKET_UNLOCK_LOGON) pTempBuffer;
|
|
UnlockWOW = (PKERB_TICKET_UNLOCK_LOGON_WOW64) ProtocolSubmitBuffer;
|
|
|
|
Unlock->LogonId = UnlockWOW->LogonId;
|
|
|
|
dwOffset = sizeof(KERB_TICKET_UNLOCK_LOGON);
|
|
dwWOWOffset = sizeof(KERB_TICKET_UNLOCK_LOGON_WOW64);
|
|
}
|
|
|
|
//
|
|
// Copy the variable-length data
|
|
//
|
|
|
|
RtlCopyMemory((LPBYTE) Logon + dwOffset,
|
|
(LPBYTE) LogonWOW + dwWOWOffset,
|
|
*pSubmitBufferSize - dwWOWOffset);
|
|
|
|
//
|
|
// Set up the pointers in the native struct
|
|
//
|
|
|
|
Logon->ServiceTicket = (PUCHAR) ((LPBYTE) UlongToPtr(LogonWOW->ServiceTicket)
|
|
+ (dwOffset - dwWOWOffset));
|
|
|
|
Logon->TicketGrantingTicket = (PUCHAR) ((LPBYTE) UlongToPtr(LogonWOW->TicketGrantingTicket)
|
|
+ (dwOffset - dwWOWOffset));
|
|
|
|
break;
|
|
}
|
|
|
|
default:
|
|
|
|
DebugLog((DEB_ERROR,
|
|
"Invalid info class to logon: %d. %ws, line %d\n",
|
|
MessageType,
|
|
THIS_FILE,
|
|
__LINE__));
|
|
|
|
Status = STATUS_INVALID_INFO_CLASS;
|
|
goto Cleanup;
|
|
}
|
|
|
|
*pSubmitBufferSize = dwBufferSize;
|
|
*ppTempSubmitBuffer = pTempBuffer;
|
|
|
|
return STATUS_SUCCESS;
|
|
|
|
|
|
Cleanup:
|
|
|
|
ASSERT(!NT_SUCCESS(Status));
|
|
|
|
if (pTempBuffer)
|
|
{
|
|
KerbFree(pTempBuffer);
|
|
}
|
|
|
|
return Status;
|
|
}
|
|
|
|
|
|
//+-------------------------------------------------------------------------
|
|
//
|
|
// Function: KerbAllocateInteractiveWOWProfile
|
|
//
|
|
// Synopsis: This allocates and fills in the interactive profile for
|
|
// a WOW64 client.
|
|
//
|
|
// Effects:
|
|
//
|
|
// Arguments:
|
|
//
|
|
// Requires:
|
|
//
|
|
// Returns: STATUS_SUCCESS or STATUS_INSUFFICIENT_RESOURCES
|
|
//
|
|
// Notes: This code is (effectively) duplicated in
|
|
// KerbAllocateInteractiveBuffer. Make sure any
|
|
// changes made here are applied there as well.
|
|
//
|
|
//--------------------------------------------------------------------------
|
|
|
|
|
|
NTSTATUS
|
|
KerbAllocateInteractiveWOWBuffer(
|
|
OUT PKERB_INTERACTIVE_PROFILE *ProfileBuffer,
|
|
OUT PULONG ProfileBufferSize,
|
|
IN PNETLOGON_VALIDATION_SAM_INFO3 UserInfo,
|
|
IN PKERB_LOGON_SESSION LogonSession,
|
|
IN OPTIONAL PKERB_ENCRYPTED_TICKET LogonTicket,
|
|
IN OPTIONAL PKERB_INTERACTIVE_LOGON KerbLogonInfo,
|
|
IN PUCHAR *pClientBufferBase,
|
|
IN BOOLEAN BuildSmartCardProfile,
|
|
IN BOOLEAN BuildTicketProfile
|
|
)
|
|
{
|
|
NTSTATUS Status = STATUS_SUCCESS;
|
|
PKERB_INTERACTIVE_PROFILE_WOW64 LocalProfileBuffer = NULL;
|
|
PKERB_SMART_CARD_PROFILE_WOW64 SmartCardProfile = NULL;
|
|
PKERB_TICKET_PROFILE_WOW64 TicketProfile = NULL;
|
|
LONG_PTR Delta = 0;
|
|
PUCHAR Where = NULL;
|
|
|
|
if (BuildSmartCardProfile)
|
|
{
|
|
*ProfileBufferSize = sizeof(KERB_SMART_CARD_PROFILE_WOW64) +
|
|
LogonSession->PrimaryCredentials.PublicKeyCreds->CertContext->cbCertEncoded;
|
|
}
|
|
else if (BuildTicketProfile)
|
|
{
|
|
*ProfileBufferSize = sizeof(KERB_TICKET_PROFILE_WOW64) +
|
|
LogonTicket->key.keyvalue.length;
|
|
}
|
|
else
|
|
{
|
|
*ProfileBufferSize = sizeof(KERB_INTERACTIVE_PROFILE_WOW64);
|
|
}
|
|
|
|
*ProfileBufferSize +=
|
|
UserInfo->LogonScript.Length + sizeof(WCHAR) +
|
|
UserInfo->HomeDirectory.Length + sizeof(WCHAR) +
|
|
UserInfo->HomeDirectoryDrive.Length + sizeof(WCHAR) +
|
|
UserInfo->FullName.Length + sizeof(WCHAR) +
|
|
UserInfo->ProfilePath.Length + sizeof(WCHAR) +
|
|
UserInfo->LogonServer.Length + sizeof(WCHAR);
|
|
|
|
LocalProfileBuffer = (PKERB_INTERACTIVE_PROFILE_WOW64) KerbAllocate(*ProfileBufferSize);
|
|
|
|
if (LocalProfileBuffer == NULL)
|
|
{
|
|
Status = STATUS_INSUFFICIENT_RESOURCES;
|
|
goto Cleanup;
|
|
}
|
|
|
|
Status = LsaFunctions->AllocateClientBuffer(
|
|
NULL,
|
|
*ProfileBufferSize,
|
|
(PVOID *) pClientBufferBase
|
|
);
|
|
|
|
if ( !NT_SUCCESS( Status ) )
|
|
{
|
|
goto Cleanup;
|
|
}
|
|
|
|
Delta = (LONG_PTR) (*pClientBufferBase - (PUCHAR) LocalProfileBuffer) ;
|
|
|
|
//
|
|
// Don't walk over smart card data
|
|
//
|
|
|
|
if (BuildSmartCardProfile)
|
|
{
|
|
Where = (PUCHAR) ((PKERB_SMART_CARD_PROFILE_WOW64) LocalProfileBuffer + 1);
|
|
}
|
|
else if (BuildTicketProfile)
|
|
{
|
|
Where = (PUCHAR) ((PKERB_TICKET_PROFILE_WOW64) LocalProfileBuffer + 1);
|
|
}
|
|
else
|
|
{
|
|
Where = (PUCHAR) (LocalProfileBuffer + 1);
|
|
}
|
|
|
|
//
|
|
// Copy the scalar fields into the profile buffer.
|
|
//
|
|
|
|
LocalProfileBuffer->MessageType = KerbInteractiveProfile;
|
|
LocalProfileBuffer->LogonCount = UserInfo->LogonCount;
|
|
LocalProfileBuffer->BadPasswordCount= UserInfo->BadPasswordCount;
|
|
OLD_TO_NEW_LARGE_INTEGER( UserInfo->LogonTime,
|
|
LocalProfileBuffer->LogonTime );
|
|
OLD_TO_NEW_LARGE_INTEGER( UserInfo->LogoffTime,
|
|
LocalProfileBuffer->LogoffTime );
|
|
OLD_TO_NEW_LARGE_INTEGER( UserInfo->KickOffTime,
|
|
LocalProfileBuffer->KickOffTime );
|
|
OLD_TO_NEW_LARGE_INTEGER( UserInfo->PasswordLastSet,
|
|
LocalProfileBuffer->PasswordLastSet );
|
|
OLD_TO_NEW_LARGE_INTEGER( UserInfo->PasswordCanChange,
|
|
LocalProfileBuffer->PasswordCanChange );
|
|
OLD_TO_NEW_LARGE_INTEGER( UserInfo->PasswordMustChange,
|
|
LocalProfileBuffer->PasswordMustChange );
|
|
LocalProfileBuffer->UserFlags = UserInfo->UserFlags;
|
|
|
|
//
|
|
// Copy the Unicode strings into the profile buffer.
|
|
//
|
|
|
|
KerbPutWOWClientString(&Where,
|
|
Delta,
|
|
&LocalProfileBuffer->LogonScript,
|
|
&UserInfo->LogonScript );
|
|
|
|
KerbPutWOWClientString(&Where,
|
|
Delta,
|
|
&LocalProfileBuffer->HomeDirectory,
|
|
&UserInfo->HomeDirectory );
|
|
|
|
KerbPutWOWClientString(&Where,
|
|
Delta,
|
|
&LocalProfileBuffer->HomeDirectoryDrive,
|
|
&UserInfo->HomeDirectoryDrive );
|
|
|
|
KerbPutWOWClientString(&Where,
|
|
Delta,
|
|
&LocalProfileBuffer->FullName,
|
|
&UserInfo->FullName );
|
|
|
|
KerbPutWOWClientString(&Where,
|
|
Delta,
|
|
&LocalProfileBuffer->ProfilePath,
|
|
&UserInfo->ProfilePath );
|
|
|
|
KerbPutWOWClientString(&Where,
|
|
Delta,
|
|
&LocalProfileBuffer->LogonServer,
|
|
&UserInfo->LogonServer );
|
|
|
|
if (BuildSmartCardProfile)
|
|
{
|
|
LocalProfileBuffer->MessageType = KerbSmartCardProfile;
|
|
SmartCardProfile = (PKERB_SMART_CARD_PROFILE_WOW64) LocalProfileBuffer;
|
|
SmartCardProfile->CertificateSize = LogonSession->PrimaryCredentials.PublicKeyCreds->CertContext->cbCertEncoded;
|
|
SmartCardProfile->CertificateData = PtrToUlong(Where + Delta);
|
|
|
|
RtlCopyMemory(Where,
|
|
LogonSession->PrimaryCredentials.PublicKeyCreds->CertContext->pbCertEncoded,
|
|
SmartCardProfile->CertificateSize);
|
|
|
|
Where += SmartCardProfile->CertificateSize;
|
|
}
|
|
else if (BuildTicketProfile)
|
|
{
|
|
LocalProfileBuffer->MessageType = KerbTicketProfile;
|
|
TicketProfile = (PKERB_TICKET_PROFILE_WOW64) LocalProfileBuffer;
|
|
|
|
TicketProfile->SessionKey.KeyType = LogonTicket->key.keytype;
|
|
TicketProfile->SessionKey.Length = LogonTicket->key.keyvalue.length;
|
|
TicketProfile->SessionKey.Value = PtrToUlong(Where + Delta);
|
|
|
|
RtlCopyMemory(Where,
|
|
LogonTicket->key.keyvalue.value,
|
|
LogonTicket->key.keyvalue.length);
|
|
|
|
Where += TicketProfile->SessionKey.Length;
|
|
}
|
|
|
|
Cleanup:
|
|
|
|
if (!NT_SUCCESS(Status))
|
|
{
|
|
LsaFunctions->FreeClientBuffer(NULL, *pClientBufferBase);
|
|
|
|
if (LocalProfileBuffer != NULL)
|
|
{
|
|
KerbFree(LocalProfileBuffer);
|
|
}
|
|
}
|
|
else
|
|
{
|
|
*ProfileBuffer = (PKERB_INTERACTIVE_PROFILE) LocalProfileBuffer;
|
|
}
|
|
|
|
return Status;
|
|
|
|
}
|
|
|
|
|
|
//+-------------------------------------------------------------------------
|
|
//
|
|
// Function: KerbPackExternalWOWTicket
|
|
//
|
|
// Synopsis: This allocates and fills in the external ticket for
|
|
// a WOW64 client.
|
|
//
|
|
// Effects:
|
|
//
|
|
// Arguments:
|
|
//
|
|
// Requires:
|
|
//
|
|
// Returns: STATUS_SUCCESS or STATUS_INSUFFICIENT_RESOURCES
|
|
//
|
|
// Notes: This code is (effectively) duplicated in
|
|
// KerbPackExternalTicket. Make sure any
|
|
// changes made here are applied there as well.
|
|
//
|
|
//--------------------------------------------------------------------------
|
|
|
|
NTSTATUS
|
|
KerbPackExternalWOWTicket(
|
|
IN PKERB_TICKET_CACHE_ENTRY pCacheEntry,
|
|
IN PKERB_MESSAGE_BUFFER pEncodedTicket,
|
|
OUT PKERB_EXTERNAL_TICKET *pTicketResponse,
|
|
OUT PBYTE *pClientTicketResponse,
|
|
OUT PULONG pTicketSize
|
|
)
|
|
{
|
|
PKERB_EXTERNAL_TICKET_WOW64 TicketResponseWOW = NULL;
|
|
PBYTE ClientTicketResponseWOW = NULL;
|
|
ULONG ulTicketSize;
|
|
ULONG Offset;
|
|
PUCHAR Where;
|
|
NTSTATUS Status;
|
|
|
|
ulTicketSize = sizeof(KERB_EXTERNAL_TICKET_WOW64) +
|
|
pCacheEntry->DomainName.Length +
|
|
pCacheEntry->TargetDomainName.Length +
|
|
pCacheEntry->ClientDomainName.Length +
|
|
pCacheEntry->SessionKey.keyvalue.length +
|
|
KerbWOWNameLength(pCacheEntry->ServiceName) +
|
|
KerbWOWNameLength(pCacheEntry->TargetName) +
|
|
KerbWOWNameLength(pCacheEntry->ClientName) +
|
|
pEncodedTicket->BufferSize;
|
|
|
|
//
|
|
// Now allocate two copies of the structure - one in our process,
|
|
// one in the client's process. We then build the structure in our
|
|
// process but with pointer valid in the client's process
|
|
//
|
|
|
|
TicketResponseWOW = (PKERB_EXTERNAL_TICKET_WOW64) KerbAllocate(ulTicketSize);
|
|
|
|
if (TicketResponseWOW == NULL)
|
|
{
|
|
Status = STATUS_INSUFFICIENT_RESOURCES;
|
|
goto Cleanup;
|
|
}
|
|
|
|
Status = LsaFunctions->AllocateClientBuffer(NULL,
|
|
ulTicketSize,
|
|
(PVOID *) &ClientTicketResponseWOW);
|
|
|
|
if (!NT_SUCCESS(Status))
|
|
{
|
|
goto Cleanup;
|
|
}
|
|
|
|
Offset = (ULONG) (ClientTicketResponseWOW - (PBYTE) TicketResponseWOW);
|
|
|
|
Where = ((PUCHAR) (TicketResponseWOW + 1));
|
|
|
|
//
|
|
// Copy the non-pointer fields
|
|
//
|
|
|
|
TicketResponseWOW->TicketFlags = pCacheEntry->TicketFlags;
|
|
TicketResponseWOW->Flags = 0;
|
|
TicketResponseWOW->StartTime = pCacheEntry->StartTime;
|
|
TicketResponseWOW->EndTime = pCacheEntry->EndTime;
|
|
TicketResponseWOW->RenewUntil = pCacheEntry->RenewUntil;
|
|
TicketResponseWOW->TimeSkew = pCacheEntry->TimeSkew;
|
|
TicketResponseWOW->SessionKey.KeyType = pCacheEntry->SessionKey.keytype;
|
|
|
|
|
|
//
|
|
// Copy the structure to the client's address space
|
|
//
|
|
|
|
//
|
|
// These are 32-bit PVOID (i.e., ULONG) aligned
|
|
//
|
|
|
|
//
|
|
// Make sure the two name types are the same
|
|
//
|
|
|
|
DsysAssert(sizeof(KERB_INTERNAL_NAME_WOW64) == sizeof(KERB_EXTERNAL_NAME_WOW64));
|
|
DsysAssert(FIELD_OFFSET(KERB_INTERNAL_NAME_WOW64,NameType) == FIELD_OFFSET(KERB_EXTERNAL_NAME_WOW64,NameType));
|
|
DsysAssert(FIELD_OFFSET(KERB_INTERNAL_NAME_WOW64,NameCount) == FIELD_OFFSET(KERB_EXTERNAL_NAME_WOW64,NameCount));
|
|
DsysAssert(FIELD_OFFSET(KERB_INTERNAL_NAME_WOW64,Names) == FIELD_OFFSET(KERB_EXTERNAL_NAME_WOW64,Names));
|
|
|
|
KerbPutWOWKdcName(pCacheEntry->ServiceName,
|
|
&TicketResponseWOW->ServiceName,
|
|
Offset,
|
|
&Where);
|
|
|
|
KerbPutWOWKdcName(pCacheEntry->TargetName,
|
|
&TicketResponseWOW->TargetName,
|
|
Offset,
|
|
&Where);
|
|
|
|
KerbPutWOWKdcName(pCacheEntry->ClientName,
|
|
&TicketResponseWOW->ClientName,
|
|
Offset,
|
|
&Where);
|
|
|
|
//
|
|
// From here on, they are WCHAR aligned
|
|
//
|
|
|
|
KerbPutWOWString(&pCacheEntry->DomainName,
|
|
&TicketResponseWOW->DomainName,
|
|
Offset,
|
|
&Where);
|
|
|
|
KerbPutWOWString(&pCacheEntry->TargetDomainName,
|
|
&TicketResponseWOW->TargetDomainName,
|
|
Offset,
|
|
&Where);
|
|
|
|
KerbPutWOWString(&pCacheEntry->ClientDomainName, // bug # 488056
|
|
&TicketResponseWOW->AltTargetDomainName,
|
|
Offset,
|
|
&Where);
|
|
|
|
//
|
|
// And from here they are BYTE aligned
|
|
//
|
|
|
|
TicketResponseWOW->SessionKey.Value = PtrToUlong(Where + Offset);
|
|
|
|
RtlCopyMemory(Where,
|
|
pCacheEntry->SessionKey.keyvalue.value,
|
|
pCacheEntry->SessionKey.keyvalue.length);
|
|
|
|
Where += pCacheEntry->SessionKey.keyvalue.length;
|
|
|
|
TicketResponseWOW->SessionKey.Length = pCacheEntry->SessionKey.keyvalue.length;
|
|
|
|
TicketResponseWOW->EncodedTicketSize = pEncodedTicket->BufferSize;
|
|
TicketResponseWOW->EncodedTicket = PtrToUlong(Where + Offset);
|
|
|
|
RtlCopyMemory(Where,
|
|
pEncodedTicket->Buffer,
|
|
pEncodedTicket->BufferSize);
|
|
|
|
Where += pEncodedTicket->BufferSize;
|
|
|
|
DsysAssert(Where - ((PUCHAR) TicketResponseWOW) == (LONG_PTR) ulTicketSize);
|
|
|
|
*pTicketResponse = (PKERB_EXTERNAL_TICKET) TicketResponseWOW;
|
|
*pClientTicketResponse = ClientTicketResponseWOW;
|
|
*pTicketSize = ulTicketSize;
|
|
|
|
return STATUS_SUCCESS;
|
|
|
|
Cleanup:
|
|
|
|
if (TicketResponseWOW != NULL)
|
|
{
|
|
KerbFree(TicketResponseWOW);
|
|
}
|
|
|
|
if (ClientTicketResponseWOW != NULL)
|
|
{
|
|
LsaFunctions->FreeClientBuffer(NULL, ClientTicketResponseWOW);
|
|
}
|
|
|
|
*pTicketResponse = NULL;
|
|
*pClientTicketResponse = NULL;
|
|
*pTicketSize = 0;
|
|
|
|
return Status;
|
|
}
|
|
|
|
#endif // _WIN64
|