Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

2473 lines
65 KiB

//+-----------------------------------------------------------------------
//
// Microsoft Windows
//
// Copyright (c) Microsoft Corporation 1992 - 1996
//
// File: userapi.cxx
//
// Contents: User-mode APIs to Kerberos package
//
//
// History: 17-April-1996 Created MikeSw
//
//------------------------------------------------------------------------
#include "krbprgma.h"
#include <kerbkrnl.h>
extern "C"
{
#include <cryptdll.h>
}
#include "krnlapi.h"
#define DONT_SUPPORT_OLD_TYPES_USER 1
//
// Make these extern "C" to allow them to be pageable.
//
extern "C"
{
KspInitPackageFn KerbInitKernelPackage;
KspDeleteContextFn KerbDeleteKernelContext;
KspInitContextFn KerbInitKernelContext;
KspMapHandleFn KerbMapKernelHandle;
KspMakeSignatureFn KerbMakeSignature;
KspVerifySignatureFn KerbVerifySignature;
KspSealMessageFn KerbSealMessage;
KspUnsealMessageFn KerbUnsealMessage;
KspGetTokenFn KerbGetContextToken;
KspQueryAttributesFn KerbQueryContextAttributes;
KspCompleteTokenFn KerbCompleteToken;
SpExportSecurityContextFn KerbExportContext;
SpImportSecurityContextFn KerbImportContext;
KspSetPagingModeFn KerbSetPageMode ;
NTSTATUS
KerbMakeSignatureToken(
IN PKERB_KERNEL_CONTEXT Context,
IN ULONG QualityOfProtection,
IN PSecBuffer SignatureBuffer,
IN ULONG TotalBufferSize,
IN BOOLEAN Encrypt,
IN ULONG SuppliedNonce,
OUT PKERB_GSS_SIGNATURE * OutputSignature,
OUT PLONG ChecksumType,
OUT PLONG EncryptionType,
OUT PULONG SequenceNumber
);
NTSTATUS
KerbVerifySignatureToken(
IN PKERB_KERNEL_CONTEXT Context,
IN PSecBuffer SignatureBuffer,
IN ULONG TotalBufferSize,
IN BOOLEAN Decrypt,
IN ULONG SuppliedNonce,
OUT PKERB_GSS_SIGNATURE * OutputSignature,
OUT PULONG QualityOfProtection,
OUT PLONG ChecksumType,
OUT PCRYPTO_SYSTEM * CryptSystem,
OUT PULONG SequenceNumber
);
NTSTATUS NTAPI
KerbInitDefaults();
}
#ifdef ALLOC_PRAGMA
#pragma alloc_text(PAGE, KerbInitKernelPackage)
#pragma alloc_text(PAGE, KerbDeleteKernelContext)
#pragma alloc_text(PAGE, KerbInitKernelContext)
#pragma alloc_text(PAGE, KerbMapKernelHandle)
#pragma alloc_text(PAGEMSG, KerbMakeSignature)
#pragma alloc_text(PAGEMSG, KerbVerifySignature)
#pragma alloc_text(PAGEMSG, KerbSealMessage)
#pragma alloc_text(PAGEMSG, KerbUnsealMessage)
#pragma alloc_text(PAGEMSG, KerbGetContextToken)
#pragma alloc_text(PAGEMSG, KerbQueryContextAttributes)
#pragma alloc_text(PAGEMSG, KerbMakeSignatureToken)
#pragma alloc_text(PAGEMSG, KerbVerifySignatureToken)
#pragma alloc_text(PAGE, KerbCompleteToken)
#pragma alloc_text(PAGE, KerbExportContext)
#pragma alloc_text(PAGE, KerbImportContext)
#pragma alloc_text(PAGE, KerbInitDefaults)
#endif
SECPKG_KERNEL_FUNCTION_TABLE KerberosFunctionTable = {
KerbInitKernelPackage,
KerbDeleteKernelContext,
KerbInitKernelContext,
KerbMapKernelHandle,
KerbMakeSignature,
KerbVerifySignature,
KerbSealMessage,
KerbUnsealMessage,
KerbGetContextToken,
KerbQueryContextAttributes,
KerbCompleteToken,
KerbExportContext,
KerbImportContext,
KerbSetPageMode
};
POOL_TYPE KerbPoolType ;
#define MAYBE_PAGED_CODE() \
if ( KerbPoolType == PagedPool ) \
{ \
PAGED_CODE(); \
}
PVOID KerbPagedList ;
PVOID KerbNonPagedList ;
PVOID KerbActiveList ;
ERESOURCE KerbGlobalResource;
BOOLEAN KerbCryptInitialized;
ULONG KerbMaxTokenSize = KERBEROS_MAX_TOKEN;
extern "C"
{
int LibAttach(HANDLE, PVOID);
}
#define KerbWriteLockGlobals() \
{ \
DebugLog((DEB_TRACE_LOCKS,"Write locking Globals\n")); \
KeEnterCriticalRegion(); \
ExAcquireResourceExclusiveLite(&KerbGlobalResource,TRUE); \
}
#define KerbReadLockGlobals() \
{ \
DebugLog((DEB_TRACE_LOCKS,"Read locking Globals\n")); \
KeEnterCriticalRegion(); \
ExAcquireSharedWaitForExclusive(&KerbGlobalResource, TRUE); \
}
#define KerbUnlockGlobals() \
{ \
DebugLog((DEB_TRACE_LOCKS,"Unlocking Globals\n")); \
ExReleaseResourceLite(&KerbGlobalResource); \
KeLeaveCriticalRegion(); \
}
//
// Common GSS object IDs, taken from MIT kerberos distribution.
//
gss_OID_desc oids[] = {
{5, "\053\005\001\005\002"}, // original mech id
{9, "\052\206\110\206\367\022\001\002\002"}, // standard mech id
{10, "\052\206\110\206\367\022\001\002\002\001"}, // krb5_name type
{10, "\052\206\110\206\367\022\001\002\002\002"}, // krb5_principal type
{10, "\052\206\110\206\367\022\001\002\002\003"}, // user2user mech id
};
gss_OID_desc * gss_mech_krb5 = oids;
gss_OID_desc * gss_mech_krb5_new = oids+1;
gss_OID_desc * gss_mech_krb5_u2u = oids+4;
#define KERB_MAX_CHECKSUM_LENGTH 24
//+-------------------------------------------------------------------------
//
// Function: KerbInitDefaults
//
// Synopsis: Opens registry key, and gets custom defaults
//
// Effects: Changes MaxTokenSize
//
// Arguments: None
//
// Requires:
//
// Returns: STATUS_SUCCESS on success
//
// Notes:
//
//
//--------------------------------------------------------------------------
NTSTATUS NTAPI
KerbInitDefaults()
{
UNICODE_STRING ParameterPath;
UNICODE_STRING MaxTokenValue;
OBJECT_ATTRIBUTES oa;
ULONG BytesRead;
NTSTATUS Status;
HANDLE hParamKey = INVALID_HANDLE_VALUE;
KEY_VALUE_PARTIAL_INFORMATION KeyPartialInformation;
PAGED_CODE();
RtlInitUnicodeString(&ParameterPath, KERB_PARAMETER_PATH);
RtlInitUnicodeString(&MaxTokenValue, KERB_PARAMETER_MAX_TOKEN_SIZE);
InitializeObjectAttributes(
&oa,
&ParameterPath,
OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE,
NULL,
NULL
);
Status = ZwOpenKey(
&hParamKey,
KEY_READ,
&oa
);
if (!NT_SUCCESS(Status))
{
DebugLog((DEB_WARN, "KerbInitDefault:OpenKey failed:0x%x\n",Status));
goto Cleanup;
}
Status = ZwQueryValueKey(
hParamKey,
&MaxTokenValue,
KeyValuePartialInformation,
(PVOID)&KeyPartialInformation,
sizeof(KeyPartialInformation),
&BytesRead
);
if (!NT_SUCCESS(Status) || KeyPartialInformation.Type != REG_DWORD)
{
DebugLog((DEB_WARN, "KerbInitDefault:QueryValueKey failed:0x%x\n",Status));
goto Cleanup;
} else {
PULONG Value = (PULONG) &KeyPartialInformation.Data;
KerbMaxTokenSize = *((PULONG)Value);
}
Cleanup:
if (INVALID_HANDLE_VALUE != hParamKey)
{
ZwClose(hParamKey);
}
return Status;
}
//+-------------------------------------------------------------------------
//
// Function: KerbInitKernelPackage
//
// Synopsis: Initialize an instance of the Kerberos package in the kernel
//
// Effects:
//
// Arguments: Version - Version of the security dll loading the package
// FunctionTable - Contains helper routines for use by Kerberos
// UserFunctions - Receives a copy of Kerberos's user mode
// function table
//
// Requires:
//
// Returns: STATUS_SUCCESS
//
// Notes:
//
//
//--------------------------------------------------------------------------
NTSTATUS NTAPI
KerbInitKernelPackage(
PSECPKG_KERNEL_FUNCTIONS FunctionTable
)
{
NTSTATUS Status = STATUS_SUCCESS;
PAGED_CODE();
KerbPoolType = PagedPool ;
KerbPagedList = KSecCreateContextList( KSecPaged );
if ( !KerbPagedList )
{
return STATUS_NO_MEMORY ;
}
KerbActiveList = KerbPagedList ;
Status = ExInitializeResourceLite(&KerbGlobalResource);
if (!NT_SUCCESS(Status))
{
return Status;
}
Status = KerbInitContextList();
if (!NT_SUCCESS(Status))
{
ExDeleteResourceLite(&KerbGlobalResource);
return Status;
}
// Get registry values, ignore failures
KerbInitDefaults();
return STATUS_SUCCESS ;
}
//+-------------------------------------------------------------------------
//
// Function: KerbDeleteKernelContext
//
// Synopsis: Deletes a kernel mode context by unlinking it and then
// dereferencing it.
//
// Effects:
//
// Arguments: ContextHandle - Kernel context handle of the context to delete
// LsaContextHandle - Receives LSA context handle of the context
// to delete
//
// Requires:
//
// Returns: STATUS_SUCCESS on success
//
// Notes:
//
//
//--------------------------------------------------------------------------
NTSTATUS NTAPI
KerbDeleteKernelContext(
IN LSA_SEC_HANDLE ContextHandle,
OUT PLSA_SEC_HANDLE LsaContextHandle
)
{
PKERB_KERNEL_CONTEXT Context = NULL;
NTSTATUS SaveStatus = STATUS_SUCCESS;
DebugLog((DEB_TRACE,"KerbDeleteUserModeContext called\n"));
Context = KerbReferenceContext(
ContextHandle,
TRUE // unlink it
);
if (Context == NULL)
{
DebugLog((DEB_WARN,"Failed to reference context 0x%x by lsa handle\n",
ContextHandle ));
*LsaContextHandle = ContextHandle;
return(STATUS_INVALID_HANDLE);
}
KerbReadLockContexts();
*LsaContextHandle = Context->LsaContextHandle;
if ((Context->ContextAttributes & KERB_CONTEXT_EXPORTED) != 0)
{
SaveStatus = SEC_I_NO_LSA_CONTEXT;
}
KerbUnlockContexts();
KerbDereferenceContext(
Context
);
return((SaveStatus == SEC_I_NO_LSA_CONTEXT) ?
SEC_I_NO_LSA_CONTEXT :
STATUS_SUCCESS);
}
//+-------------------------------------------------------------------------
//
// Function: KerbInitKernelContext
//
// Synopsis: Creates a kernel-mode context from a packed LSA mode context
//
// Effects:
//
// Arguments: ContextHandle - Lsa mode context handle for the context
// PackedContext - A marshalled buffer containing the LSA
// mode context.
// NewContextHandle - Receives kernel mode context handle
//
// Requires:
//
// Returns: STATUS_SUCCESS or STATUS_INSUFFICIENT_RESOURCES
//
// Notes:
//
//
//--------------------------------------------------------------------------
NTSTATUS NTAPI
KerbInitKernelContext(
IN LSA_SEC_HANDLE LsaContextHandle,
IN PSecBuffer PackedContext,
OUT PLSA_SEC_HANDLE NewContextHandle
)
{
NTSTATUS Status;
PKERB_KERNEL_CONTEXT Context = NULL;
PAGED_CODE();
DebugLog((DEB_TRACE,"KerbInitUserModeContex called\n"));
Status = KerbCreateKernelModeContext(
LsaContextHandle,
PackedContext,
&Context
);
if (!NT_SUCCESS(Status))
{
DebugLog((DEB_ERROR,"Failed to create kernel mode context: 0x%x\n",
Status));
goto Cleanup;
}
*NewContextHandle = KerbGetContextHandle(Context);
Cleanup:
if (Context != NULL)
{
KerbDereferenceContext(Context);
}
if (PackedContext->pvBuffer != NULL)
{
KspKernelFunctions.FreeHeap(PackedContext->pvBuffer);
PackedContext->pvBuffer = NULL;
}
return(Status);
}
//+-------------------------------------------------------------------------
//
// Function: KerbMapKernelHandle
//
// Synopsis: Maps a kernel handle into an LSA handle
//
// Effects:
//
// Arguments: ContextHandle - Kernel context handle of the context to map
// LsaContextHandle - Receives LSA context handle of the context
// to map
//
// Requires:
//
// Returns: STATUS_SUCCESS on success
//
// Notes:
//
//
//--------------------------------------------------------------------------
NTSTATUS NTAPI
KerbMapKernelHandle(
IN LSA_SEC_HANDLE ContextHandle,
OUT PLSA_SEC_HANDLE LsaContextHandle
)
{
PKERB_KERNEL_CONTEXT Context = NULL;
DebugLog((DEB_TRACE,"KerbMapKernelhandle called\n"));
PAGED_CODE();
Context = KerbReferenceContext(
ContextHandle,
FALSE // don't it
);
if (Context == NULL)
{
DebugLog((DEB_WARN,"Failed to reference context 0x%x by lsa handle\n",
ContextHandle ));
*LsaContextHandle = ContextHandle;
}
else
{
*LsaContextHandle = Context->LsaContextHandle;
KerbDereferenceContext(
Context
);
//
// If the lsa context handle is zero, this is an imported context
// so there is no lsa context
//
if (*LsaContextHandle == 0)
{
return(SEC_E_UNSUPPORTED_FUNCTION);
}
}
return(STATUS_SUCCESS);
}
//+-------------------------------------------------------------------------
//
// Function: KerbRandomFill
//
// Synopsis: Generates random data in the buffer.
//
// Arguments: [pbBuffer] --
// [cbBuffer] --
//
// History: 5-20-93 RichardW Created
//
// Notes:
//
//--------------------------------------------------------------------------
BOOLEAN
KerbRandomFill( PUCHAR pbBuffer,
ULONG cbBuffer)
{
return CDGenerateRandomBits(pbBuffer, cbBuffer);
}
//+-------------------------------------------------------------------------
//
// Function: KerbMakeSignatureToken
//
// Synopsis: Makes the signature token for a signed or sealed message
//
// Effects:
//
// Arguments: Context - Context to use for signing
// QualityOfProtection - flags indicating what kind of checksum
// to use
// SignatureBuffer - Buffer in which to place signature
// TotalBufferSize - Total size of all buffers to be signed
// Encrypt - if TRUE, then prepare a header for an encrypted buffer
// SuppliedNonce - Nonce supplied by caller, used for datagram
// ChecksumType - Receives the type of checksum to use
// EncryptionType - Receives the type of encryption to use
//
// Requires: The context must be write locked
//
// Returns:
//
// Notes:
//
//
//--------------------------------------------------------------------------
NTSTATUS
KerbMakeSignatureToken(
IN PKERB_KERNEL_CONTEXT Context,
IN ULONG QualityOfProtection,
IN PSecBuffer SignatureBuffer,
IN ULONG TotalBufferSize,
IN BOOLEAN Encrypt,
IN ULONG SuppliedNonce,
OUT PKERB_GSS_SIGNATURE * OutputSignature,
OUT PLONG ChecksumType,
OUT PLONG EncryptionType,
OUT PULONG SequenceNumber
)
{
NTSTATUS Status = STATUS_SUCCESS;
PKERB_GSS_SIGNATURE Signature;
PKERB_GSS_SEAL_SIGNATURE SealSignature;
ULONG MessageSize;
ULONG SignatureSize = 0;
PULONG Nonce;
gss_OID MechUsed;
BOOLEAN GssCompatible = TRUE;
//
// Make sure that cryptdll stuff is initialized.
//
MAYBE_PAGED_CODE();
if (!KerbCryptInitialized)
{
KerbWriteLockGlobals();
if ( !KerbCryptInitialized )
{
if (LibAttach(NULL, NULL))
{
KerbCryptInitialized = TRUE;
}
}
KerbUnlockGlobals();
}
//
// Compute the size of the header. For encryption headers, we need
// to round up the size of the data & add 8 bytes for a confounder.
//
if (QualityOfProtection == GSS_KRB5_INTEG_C_QOP_DEFAULT)
{
GssCompatible = FALSE;
}
//
// Since RPC doesn't carry around the size of the size of the
// signature bufer, we use it in the header. This break rfc1964 compat.
//
if (!Encrypt || !GssCompatible)
{
TotalBufferSize = 0;
}
if ((Context->ContextAttributes & KERB_CONTEXT_USER_TO_USER) != 0)
{
MechUsed = gss_mech_krb5_u2u;
}
else
{
MechUsed = gss_mech_krb5_new;
}
if (Encrypt)
{
//
// NOTE: according to rfc1964, buffers that are an even multiple of
// 8 bytes have 8 bytes of zeros appended. Because we cannot modify
// the input buffers, the caller will have to do this for us.
//
MessageSize = TotalBufferSize + sizeof(KERB_GSS_SEAL_SIGNATURE);
}
else
{
MessageSize = TotalBufferSize + sizeof(KERB_GSS_SIGNATURE);
}
SignatureSize = g_token_size(MechUsed, MessageSize) - TotalBufferSize;
//
// Make Dave happy (verify that the supplied signature buffer is large
// enough for a signature):
//
if (SignatureBuffer->cbBuffer < SignatureSize)
{
Status = STATUS_BUFFER_TOO_SMALL;
goto Cleanup;
}
//
// create the header with the GSS oid
//
Signature = (PKERB_GSS_SIGNATURE) SignatureBuffer->pvBuffer;
g_make_token_header(
MechUsed,
MessageSize,
(PUCHAR *) &Signature,
(Encrypt ? KG_TOK_WRAP_MSG : KG_TOK_MIC_MSG)
);
//
// Fill in the header information according to RFC1964
//
Signature->SignatureAlgorithm[1] = KERB_GSS_SIG_SECOND;
//
// If the keytype is an MS keytype, we need to use an MS encryption
// scheme.
//
if (!KERB_IS_DES_ENCRYPTION(Context->SessionKey.keytype))
{
#ifndef DONT_SUPPORT_OLD_TYPES_USER
if (Context->SessionKey.keytype == KERB_ETYPE_RC4_HMAC_OLD)
{
*ChecksumType = KERB_CHECKSUM_HMAC_MD5;
*EncryptionType = KERB_ETYPE_RC4_PLAIN_OLD;
Signature->SignatureAlgorithm[0] = KERB_GSS_SIG_HMAC;
if (Encrypt)
{
Signature->SealAlgorithm[1] = KERB_GSS_SIG_SECOND;
Signature->SealAlgorithm[0] = KERB_GSS_SEAL_RC4_OLD;
}
}
else if (Context->SessionKey.keytype == KERB_ETYPE_RC4_HMAC_OLD_EXP)
{
*ChecksumType = KERB_CHECKSUM_HMAC_MD5;
*EncryptionType = KERB_ETYPE_RC4_PLAIN_OLD_EXP;
Signature->SignatureAlgorithm[0] = KERB_GSS_SIG_HMAC;
if (Encrypt)
{
Signature->SealAlgorithm[1] = KERB_GSS_SIG_SECOND;
Signature->SealAlgorithm[0] = KERB_GSS_SEAL_RC4_OLD;
}
}
else
#endif
if (Context->SessionKey.keytype == KERB_ETYPE_RC4_HMAC_NT)
{
*ChecksumType = KERB_CHECKSUM_HMAC_MD5;
*EncryptionType = KERB_ETYPE_RC4_PLAIN;
Signature->SignatureAlgorithm[0] = KERB_GSS_SIG_HMAC;
if (Encrypt)
{
Signature->SealAlgorithm[1] = KERB_GSS_SIG_SECOND;
Signature->SealAlgorithm[0] = KERB_GSS_SEAL_RC4;
}
}
else
{
ASSERT (Context->SessionKey.keytype == KERB_ETYPE_RC4_HMAC_NT_EXP);
*ChecksumType = KERB_CHECKSUM_HMAC_MD5;
*EncryptionType = KERB_ETYPE_RC4_PLAIN_EXP;
Signature->SignatureAlgorithm[0] = KERB_GSS_SIG_HMAC;
if (Encrypt)
{
Signature->SealAlgorithm[1] = KERB_GSS_SIG_SECOND;
Signature->SealAlgorithm[0] = KERB_GSS_SEAL_RC4;
}
}
}
else
{
if (Encrypt)
{
Signature->SealAlgorithm[1] = KERB_GSS_SIG_SECOND;
Signature->SealAlgorithm[0] = KERB_GSS_SEAL_DES_CBC;
}
//
// Use the exportable version if necessasry
//
*EncryptionType = KERB_ETYPE_DES_PLAIN;
switch(QualityOfProtection)
{
case GSS_KRB5_INTEG_C_QOP_MD5:
Signature->SignatureAlgorithm[0] = KERB_GSS_SIG_MD25;
*ChecksumType = KERB_CHECKSUM_MD25;
break;
case GSS_KRB5_INTEG_C_QOP_DEFAULT:
case GSS_KRB5_INTEG_C_QOP_DES_MD5:
Signature->SignatureAlgorithm[0] = KERB_GSS_SIG_DES_MAC_MD5;
*ChecksumType = KERB_CHECKSUM_DES_MAC_MD5;
break;
case GSS_KRB5_INTEG_C_QOP_DES_MAC:
Signature->SignatureAlgorithm[0] = KERB_GSS_SIG_DES_MAC;
*ChecksumType = KERB_CHECKSUM_DES_MAC;
break;
default:
DebugLog((DEB_ERROR,"Invalid quality of protection sent to MakeSignature: %d.\n",
QualityOfProtection ));
Status = STATUS_INVALID_PARAMETER;
goto Cleanup;
}
}
//
// Put in the filler - it is different for signing & sealing
//
if (Encrypt)
{
memset(Signature->SealFiller,0xff,2);
}
else
{
memset(Signature->SignFiller,0xff,4);
}
//
// Inbound contexts get a high dword of 0xffffffff, outbound gets
// 0x00000000.
//
if (Context->ContextAttributes & KERB_CONTEXT_INBOUND)
{
*(PULONG)(&Signature->SequenceNumber[4]) = 0xffffffff;
Nonce = &Context->ReceiveNonce;
}
else
{
ASSERT((Context->ContextAttributes & KERB_CONTEXT_OUTBOUND) != 0);
*(PULONG)(&Signature->SequenceNumber[4]) = 0x00000000;
Nonce = &Context->Nonce;
}
//
// If this is datagram, or integrity without replay & sequence detection,
// use the nonce from the caller
//
if (((Context->ContextFlags & ISC_RET_DATAGRAM) != 0) ||
((Context->ContextFlags & (ISC_RET_INTEGRITY | ISC_RET_SEQUENCE_DETECT | ISC_RET_REPLAY_DETECT)) == ISC_RET_INTEGRITY))
{
Nonce = &SuppliedNonce;
}
Signature->SequenceNumber[0] = (UCHAR) ((*Nonce & 0xff000000) >> 24);
Signature->SequenceNumber[1] = (UCHAR) ((*Nonce & 0x00ff0000) >> 16);
Signature->SequenceNumber[2] = (UCHAR) ((*Nonce & 0x0000ff00) >> 8);
Signature->SequenceNumber[3] = (UCHAR) (*Nonce & 0x000000ff);
(*Nonce)++;
*SequenceNumber = *(PULONG)Signature->SequenceNumber;
//
// If we are encrypting, add the confounder to the end of the signature
//
if (Encrypt)
{
SealSignature = (PKERB_GSS_SEAL_SIGNATURE) Signature;
if (!KerbRandomFill(SealSignature->Confounder,KERB_GSS_SIG_CONFOUNDER_SIZE))
{
Status = STATUS_INTERNAL_ERROR;
goto Cleanup;
}
}
//
// Set the size of the signature
//
SignatureBuffer->cbBuffer = SignatureSize;
*OutputSignature = Signature;
Cleanup:
return(Status);
}
//+-------------------------------------------------------------------------
//
// Function: KerbVerifySignatureToken
//
// Synopsis: Verifies the header on a signed or sealed message
//
// Effects:
//
// Arguments: Context - context to use for verification
// SignatureBuffer - Buffer containing signature
// TotalBufferSize - Size of all buffers signed/encrypted
// Decrypt - TRUE if we are unsealing
// SuppliedNonce - Nonce supplied by caller, used for datagram
// QualityOfProtection - returns GSS quality of protection flags
// ChecksumType - Type of checksum used in this signature
// EncryptionType - Type of encryption used in this signature
//
// Requires:
//
// Returns:
//
// Notes:
//
//
//--------------------------------------------------------------------------
NTSTATUS
KerbVerifySignatureToken(
IN PKERB_KERNEL_CONTEXT Context,
IN PSecBuffer SignatureBuffer,
IN ULONG TotalBufferSize,
IN BOOLEAN Decrypt,
IN ULONG SuppliedNonce,
OUT PKERB_GSS_SIGNATURE * OutputSignature,
OUT PULONG QualityOfProtection,
OUT PLONG ChecksumType,
OUT PCRYPTO_SYSTEM * CryptSystem,
OUT PULONG SequenceNumber
)
{
NTSTATUS Status = STATUS_SUCCESS;
ULONG SignatureSize = 0;
UCHAR Nonce[8];
PCRYPT_STATE_BUFFER CryptBuffer = NULL;
ULONG OutputSize;
LONG EncryptionType;
PCRYPTO_SYSTEM LocalCryptSystem = NULL ;
PKERB_GSS_SIGNATURE Signature;
PULONG ContextNonce;
gss_OID MechUsed;
//
// Make sure that cryptdll stuff is initialized.
//
MAYBE_PAGED_CODE();
if (!KerbCryptInitialized)
{
KerbWriteLockGlobals();
if ( !KerbCryptInitialized )
{
if (LibAttach(NULL, NULL))
{
KerbCryptInitialized = TRUE;
}
}
KerbUnlockGlobals();
}
//
// Since RPC doesn't carry around the size of the size of the
// signature bufer, we use it in the header. This break rfc1964 compat.
//
if (!Decrypt ||
((Context->ContextFlags & ISC_RET_USED_DCE_STYLE) != 0) ||
((Context->ContextFlags & ISC_RET_DATAGRAM) != 0))
{
TotalBufferSize = 0;
}
//
// Verify the signature header
//
if ((Context->ContextAttributes & KERB_CONTEXT_USER_TO_USER) != 0)
{
MechUsed = gss_mech_krb5_u2u;
}
else
{
MechUsed = gss_mech_krb5_new;
}
Signature = (PKERB_GSS_SIGNATURE) SignatureBuffer->pvBuffer;
if (!g_verify_token_header(
MechUsed,
(int *) &SignatureSize,
(PUCHAR *) &Signature,
(Decrypt ? KG_TOK_WRAP_MSG : KG_TOK_MIC_MSG),
SignatureBuffer->cbBuffer + TotalBufferSize))
{
Status = SEC_E_MESSAGE_ALTERED;
}
//
// If that didn't work, try with the old mech. Need this is for DCE clients
// for whom we can't tell what mech they use.
//
if (!NT_SUCCESS(Status) && ((Context->ContextFlags & ISC_RET_USED_DCE_STYLE) != 0))
{
Signature = (PKERB_GSS_SIGNATURE) SignatureBuffer->pvBuffer;
if (!g_verify_token_header(
gss_mech_krb5,
(int *) &SignatureSize,
(PUCHAR *) &Signature,
(Decrypt ? KG_TOK_WRAP_MSG : KG_TOK_MIC_MSG),
SignatureBuffer->cbBuffer + TotalBufferSize))
{
Status = SEC_E_MESSAGE_ALTERED;
}
else
{
Status = STATUS_SUCCESS;
}
}
//
// MS RPC clients don't send the size properly, so set the total size
// to zero and try again.
//
if (Decrypt && !NT_SUCCESS(Status))
{
TotalBufferSize = 0;
Signature = (PKERB_GSS_SIGNATURE) SignatureBuffer->pvBuffer;
if (!g_verify_token_header(
MechUsed,
(int *) &SignatureSize,
(PUCHAR *) &Signature,
(Decrypt ? KG_TOK_WRAP_MSG : KG_TOK_MIC_MSG),
SignatureBuffer->cbBuffer + TotalBufferSize))
{
Status = SEC_E_MESSAGE_ALTERED;
}
else
{
Status = STATUS_SUCCESS;
}
//
// If that didn't work, try with the old mech. Need this is for DCE clients
// for whom we can't tell what mech they use.
//
if (!NT_SUCCESS(Status) && ((Context->ContextFlags & ISC_RET_USED_DCE_STYLE) != 0))
{
Signature = (PKERB_GSS_SIGNATURE) SignatureBuffer->pvBuffer;
if (!g_verify_token_header(
gss_mech_krb5,
(int *) &SignatureSize,
(PUCHAR *) &Signature,
(Decrypt ? KG_TOK_WRAP_MSG : KG_TOK_MIC_MSG),
SignatureBuffer->cbBuffer + TotalBufferSize))
{
Status = SEC_E_MESSAGE_ALTERED;
}
else
{
Status = STATUS_SUCCESS;
}
}
}
//
// Protection from bad Signature Size
//
if (SignatureSize == 0)
{
Status = SEC_E_MESSAGE_ALTERED;
goto Cleanup;
}
//
// Subtract the total buffer size from Signature size to get the real
// size of the signature.
//
SignatureSize -= TotalBufferSize;
//
// Make sure the signature is big enough. We can't enforce a strict
// size because RPC will transmit the maximum number of bytes instead
// of the actual number.
//
if ((Decrypt && (SignatureSize < sizeof(KERB_GSS_SEAL_SIGNATURE))) ||
(!Decrypt && (SignatureSize < sizeof(KERB_GSS_SIGNATURE))))
{
Status = SEC_E_MESSAGE_ALTERED;
goto Cleanup;
}
//
// Verify the sequence number
//
if (Signature->SignatureAlgorithm[1] != KERB_GSS_SIG_SECOND)
{
Status = SEC_E_MESSAGE_ALTERED;
goto Cleanup;
}
//
// Figure out the algorithm
//
switch(Context->SessionKey.keytype) {
case KERB_ETYPE_DES_CBC_MD5:
case KERB_ETYPE_DES_CBC_CRC:
EncryptionType = KERB_ETYPE_DES_PLAIN;
break;
case KERB_ETYPE_RC4_HMAC_OLD_EXP:
EncryptionType = KERB_ETYPE_RC4_PLAIN_OLD_EXP;
break;
case KERB_ETYPE_RC4_HMAC_OLD:
EncryptionType = KERB_ETYPE_RC4_PLAIN_OLD;
break;
case KERB_ETYPE_RC4_HMAC_NT_EXP:
EncryptionType = KERB_ETYPE_RC4_PLAIN_EXP;
break;
case KERB_ETYPE_RC4_HMAC_NT:
EncryptionType = KERB_ETYPE_RC4_PLAIN;
break;
default:
DebugLog((DEB_ERROR,"Unknown key type: %d\n",
Context->SessionKey.keytype ));
Status = STATUS_INTERNAL_ERROR;
goto Cleanup;
}
//
// if the key is exportable, make sure to use the exportable plain
// version.
//
switch(Signature->SignatureAlgorithm[0]) {
case KERB_GSS_SIG_MD25:
*QualityOfProtection = GSS_KRB5_INTEG_C_QOP_MD5;
*ChecksumType = KERB_CHECKSUM_MD25;
break;
case KERB_GSS_SIG_DES_MAC_MD5:
*QualityOfProtection = GSS_KRB5_INTEG_C_QOP_DES_MD5;
*ChecksumType = KERB_CHECKSUM_DES_MAC_MD5;
break;
case KERB_GSS_SIG_DES_MAC:
*QualityOfProtection = GSS_KRB5_INTEG_C_QOP_DES_MAC;
*ChecksumType = KERB_CHECKSUM_DES_MAC;
break;
case KERB_GSS_SIG_HMAC:
*QualityOfProtection = GSS_KRB5_INTEG_C_QOP_DEFAULT;
*ChecksumType = KERB_CHECKSUM_HMAC_MD5;
break;
default:
DebugLog((DEB_ERROR,"Invalid signature type to VerifySignature: %d\n",
Signature->SignatureAlgorithm[0]));
Status = SEC_E_MESSAGE_ALTERED;
goto Cleanup;
}
if (Decrypt)
{
if (Signature->SealAlgorithm[1] != KERB_GSS_SIG_SECOND)
{
Status = SEC_E_MESSAGE_ALTERED;
goto Cleanup;
}
//
// Verify the seal algorithm
//
switch(EncryptionType) {
case KERB_ETYPE_DES_PLAIN:
if (Signature->SealAlgorithm[0] != KERB_GSS_SEAL_DES_CBC)
{
DebugLog((DEB_ERROR,"Trying to mix encryption types\n" ));
Status = SEC_E_MESSAGE_ALTERED;
goto Cleanup;
}
break;
case KERB_ETYPE_RC4_PLAIN_OLD_EXP:
case KERB_ETYPE_RC4_PLAIN_OLD:
if (Signature->SealAlgorithm[0] != KERB_GSS_SEAL_RC4_OLD)
{
DebugLog((DEB_ERROR,"Trying to mix encryption types\n"));
Status = SEC_E_MESSAGE_ALTERED;
goto Cleanup;
}
break;
case KERB_ETYPE_RC4_PLAIN_EXP:
case KERB_ETYPE_RC4_PLAIN:
if (Signature->SealAlgorithm[0] != KERB_GSS_SEAL_RC4)
{
DebugLog((DEB_ERROR,"Trying to mix encryption types\n"));
Status = SEC_E_MESSAGE_ALTERED;
goto Cleanup;
}
break;
default:
DebugLog((DEB_ERROR,"Invalid seal type to VerifySignature: %d, %d\n", Signature->SealAlgorithm[0], EncryptionType));
Status = SEC_E_MESSAGE_ALTERED;
goto Cleanup;
}
}
//
// Check the filler
//
if ((Decrypt && (*(PUSHORT) Signature->SealFiller != 0xffff)) ||
(!Decrypt && (*(PULONG) Signature->SignFiller != 0xffffffff)))
{
Status = SEC_E_MESSAGE_ALTERED;
goto Cleanup;
}
//
// Verify the sequence number. To do this we need to decrypt it with
// the session key with the checksum as the IV.
//
Status = CDLocateCSystem(EncryptionType, &LocalCryptSystem);
if (!NT_SUCCESS(Status))
{
DebugLog((DEB_ERROR,"Failed to load %d crypt system: 0x%x\n", EncryptionType,Status));
goto Cleanup;
}
//
// Now we need to Decrypt the sequence number, using the checksum as the
// IV
//
Status = LocalCryptSystem->Initialize(
Context->SessionKey.keyvalue.value,
Context->SessionKey.keyvalue.length,
0, // no flags
&CryptBuffer
);
if (!NT_SUCCESS(Status))
{
goto Cleanup;
}
//
// Set the initial vector
//
Status = LocalCryptSystem->Control(
CRYPT_CONTROL_SET_INIT_VECT,
CryptBuffer,
Signature->Checksum,
8
);
if (!NT_SUCCESS(Status))
{
goto Cleanup;
}
//
// Now encrypt the sequence number
//
OutputSize = 8;
Status = LocalCryptSystem->Decrypt(
CryptBuffer,
Signature->SequenceNumber,
8,
Signature->SequenceNumber,
&OutputSize
);
if (!NT_SUCCESS(Status))
{
goto Cleanup;
}
//
// For datagram or integrity only, we use just the supplied nonce.
//
if (((Context->ContextFlags & ISC_RET_DATAGRAM) != 0) ||
((Context->ContextFlags & (ISC_RET_INTEGRITY | ISC_RET_SEQUENCE_DETECT | ISC_RET_REPLAY_DETECT)) == ISC_RET_INTEGRITY))
{
ContextNonce = &SuppliedNonce;
}
else
{
if ((Context->ContextAttributes & KERB_CONTEXT_OUTBOUND) != 0)
{
ContextNonce = &Context->ReceiveNonce;
}
else
{
ContextNonce = &Context->Nonce;
}
}
Nonce[0] = (UCHAR) ((*ContextNonce & 0xff000000) >> 24);
Nonce[1] = (UCHAR) ((*ContextNonce & 0x00ff0000) >> 16);
Nonce[2] = (UCHAR) ((*ContextNonce & 0x0000ff00) >> 8);
Nonce[3] = (UCHAR) (*ContextNonce & 0x000000ff);
*SequenceNumber = *(PULONG) Nonce;
if (!RtlEqualMemory(
Nonce,
Signature->SequenceNumber,
4))
{
Status = SEC_E_OUT_OF_SEQUENCE;
goto Cleanup;
}
(*ContextNonce)++;
//
// Inbound contexts send a high dword of 0xffffffff, outbound gets
// 0x00000000.
//
if (Context->ContextAttributes & KERB_CONTEXT_OUTBOUND)
{
if (*(PULONG)(&Signature->SequenceNumber[4]) != 0xffffffff)
{
Status = SEC_E_MESSAGE_ALTERED;
goto Cleanup;
}
}
else
{
ASSERT((Context->ContextAttributes & KERB_CONTEXT_INBOUND) != 0);
if (*(PULONG)(&Signature->SequenceNumber[4]) != 0)
{
Status = SEC_E_MESSAGE_ALTERED;
goto Cleanup;
}
}
if (ARGUMENT_PRESENT(CryptSystem))
{
*CryptSystem = LocalCryptSystem;
}
*OutputSignature = Signature;
Cleanup:
if ( ( CryptBuffer != NULL) &&
( LocalCryptSystem != NULL ) )
{
LocalCryptSystem->Discard(&CryptBuffer);
}
return(Status);
}
//+-------------------------------------------------------------------------
//
// Function: KerbMakeSignature
//
// Synopsis: Signs a message buffer by calculatinga checksum over all
// the non-read only data buffers and encrypting the checksum
// along with a nonce.
//
// Effects:
//
// Arguments: ContextHandle - Handle of the context to use to sign the
// message.
// QualityOfProtection - Unused flags.
// MessageBuffers - Contains an array of buffers to sign and
// to store the signature.
// MessageSequenceNumber - Sequence number for this message,
// only used in datagram cases.
//
// Requires: STATUS_INVALID_HANDLE - the context could not be found or
// was not configured for message integrity.
// STATUS_INVALID_PARAMETER - the signature buffer could not
// be found.
// STATUS_BUFFER_TOO_SMALL - the signature buffer is too small
// to hold the signature
//
// Returns:
//
// Notes: Cluster folks need to run this at dpc level (non paged)
//
//
//--------------------------------------------------------------------------
NTSTATUS NTAPI
KerbMakeSignature(
IN LSA_SEC_HANDLE ContextHandle,
IN ULONG QualityOfProtection,
IN PSecBufferDesc MessageBuffers,
IN ULONG MessageSequenceNumber
)
{
NTSTATUS Status = STATUS_SUCCESS;
PKERB_KERNEL_CONTEXT Context = NULL;
PCHECKSUM_FUNCTION Check;
PCRYPTO_SYSTEM CryptSystem = NULL ;
PSecBuffer SignatureBuffer = NULL;
ULONG Index;
PCHECKSUM_BUFFER CheckBuffer = NULL;
PCRYPT_STATE_BUFFER CryptBuffer = NULL;
PKERB_GSS_SIGNATURE Signature;
UCHAR LocalChecksum[KERB_MAX_CHECKSUM_LENGTH];
BOOLEAN ContextsLocked = FALSE;
LONG ChecksumType = 0;
LONG EncryptType;
ULONG TotalBufferSize = 0;
ULONG OutputSize;
ULONG SequenceNumber;
MAYBE_PAGED_CODE();
DebugLog((DEB_TRACE,"KerbMakeSignature Called\n"));
Context = KerbReferenceContext(
ContextHandle,
FALSE // don't unlink
);
if (Context == NULL)
{
DebugLog((DEB_ERROR, "Invalid handle supplied for MakeSignature(0x%x)\n",
ContextHandle));
Status = STATUS_INVALID_HANDLE;
goto Cleanup;
}
//
// Find the body and signature SecBuffers from pMessage
//
for (Index = 0; Index < MessageBuffers->cBuffers ; Index++ )
{
if (BUFFERTYPE(MessageBuffers->pBuffers[Index]) == SECBUFFER_TOKEN)
{
SignatureBuffer = &MessageBuffers->pBuffers[Index];
}
else if ((BUFFERTYPE(MessageBuffers->pBuffers[Index]) != SECBUFFER_TOKEN) &&
(!(MessageBuffers->pBuffers[Index].BufferType & SECBUFFER_READONLY)))
{
TotalBufferSize += MessageBuffers->pBuffers[Index].cbBuffer;
}
}
if (SignatureBuffer == NULL)
{
DebugLog((DEB_ERROR, "No signature buffer found\n"));
Status = STATUS_INVALID_PARAMETER;
goto Cleanup;
}
KerbWriteLockContexts();
ContextsLocked = TRUE;
//
// Verify that the context was created with the integrity bit
//
if ((Context->ContextFlags & KERB_SIGN_FLAGS) == 0)
{
if (SignatureBuffer->cbBuffer < sizeof(KERB_NULL_SIGNATURE))
{
Status = SEC_E_BUFFER_TOO_SMALL;
goto Cleanup;
}
SignatureBuffer->cbBuffer = sizeof(KERB_NULL_SIGNATURE);
*(PKERB_NULL_SIGNATURE) SignatureBuffer->pvBuffer = 0;
Status = STATUS_SUCCESS;
goto Cleanup;
}
Status = KerbMakeSignatureToken(
Context,
QualityOfProtection,
SignatureBuffer,
TotalBufferSize,
FALSE, // don't encrypt
MessageSequenceNumber,
&Signature,
&ChecksumType,
&EncryptType,
&SequenceNumber
);
if (!NT_SUCCESS(Status))
{
goto Cleanup;
}
//
// Locate the checksum for the context, loading it if necessary from the
// the crypto support DLL
//
Status = CDLocateCheckSum(ChecksumType, &Check);
if (!NT_SUCCESS(Status))
{
DebugLog((DEB_ERROR,"Failed to load %d checksum: 0x%x.\n ",ChecksumType,Status ));
goto Cleanup;
}
ASSERT(Check->CheckSumSize <= sizeof(LocalChecksum));
Status = CDLocateCSystem(EncryptType, &CryptSystem);
if (!NT_SUCCESS(Status))
{
DebugLog((DEB_ERROR,"Failed to load %d crypt system: 0x%x.\n",EncryptType,Status ));
goto Cleanup;
}
//
// Generate a check sum of the message, and store it into the signature
// buffer.
//
if (NULL != Check->InitializeEx2)
{
Status = Check->InitializeEx2(
Context->SessionKey.keyvalue.value,
(ULONG) Context->SessionKey.keyvalue.length,
NULL,
KERB_SAFE_SALT,
&CheckBuffer
);
}
else
{
Status = Check->InitializeEx(
Context->SessionKey.keyvalue.value,
(ULONG) Context->SessionKey.keyvalue.length,
KERB_SAFE_SALT,
&CheckBuffer
);
}
if (!NT_SUCCESS(Status))
{
goto Cleanup;
}
KerbUnlockContexts();
ContextsLocked = FALSE;
//
// Sum in 8 bytes of the signature
//
Check->Sum(
CheckBuffer,
8,
((PUCHAR) Signature) -2
);
for (Index = 0; Index < MessageBuffers->cBuffers; Index++ )
{
if ((BUFFERTYPE(MessageBuffers->pBuffers[Index]) != SECBUFFER_TOKEN) &&
(!(MessageBuffers->pBuffers[Index].BufferType & SECBUFFER_READONLY)) &&
(MessageBuffers->pBuffers[Index].cbBuffer != 0))
{
Check->Sum(
CheckBuffer,
MessageBuffers->pBuffers[Index].cbBuffer,
(PBYTE) MessageBuffers->pBuffers[Index].pvBuffer
);
}
}
(void) Check->Finalize(CheckBuffer, LocalChecksum);
Status = Check->Finish(&CheckBuffer);
if (!NT_SUCCESS(Status))
{
goto Cleanup;
}
//
// Copy in the first 8 bytes of the checksum
//
RtlCopyMemory(
Signature->Checksum,
LocalChecksum,
8
);
//
// Now we need to encrypt the sequence number, using the checksum as the
// IV
//
Status = CryptSystem->Initialize(
Context->SessionKey.keyvalue.value,
Context->SessionKey.keyvalue.length,
0, // no options
&CryptBuffer
);
if (!NT_SUCCESS(Status))
{
goto Cleanup;
}
//
// Set the initial vector
//
Status = CryptSystem->Control(
CRYPT_CONTROL_SET_INIT_VECT,
CryptBuffer,
LocalChecksum,
8
);
if (!NT_SUCCESS(Status))
{
goto Cleanup;
}
//
// Now encrypt the sequence number
//
Status = CryptSystem->Encrypt(
CryptBuffer,
Signature->SequenceNumber,
8,
Signature->SequenceNumber,
&OutputSize
);
if (!NT_SUCCESS(Status))
{
goto Cleanup;
}
Cleanup:
if ( ( CryptBuffer != NULL ) &&
( CryptSystem != NULL ) )
{
CryptSystem->Discard(&CryptBuffer);
}
if (ContextsLocked)
{
KerbUnlockContexts();
}
if (Context != NULL)
{
KerbDereferenceContext(Context);
}
return(Status);
}
//+-------------------------------------------------------------------------
//
// Function: KerbVerifySignature
//
// Synopsis: Verifies a signed message buffer by calculating a checksum over all
// the non-read only data buffers and encrypting the checksum
// along with a nonce.
//
// Effects:
//
// Arguments: ContextHandle - Handle of the context to use to sign the
// message.
// MessageBuffers - Contains an array of signed buffers and
// a signature buffer.
// MessageSequenceNumber - Sequence number for this message,
// only used in datagram cases.
// QualityOfProtection - Unused flags.
//
// Requires: STATUS_INVALID_HANDLE - the context could not be found or
// was not configured for message integrity.
// STATUS_INVALID_PARAMETER - the signature buffer could not
// be found or was too small.
//
// Returns:
//
// Notes: Cluster folks need to run this at dpc level (non paged)
//
//
//--------------------------------------------------------------------------
NTSTATUS NTAPI
KerbVerifySignature(
IN LSA_SEC_HANDLE ContextHandle,
IN PSecBufferDesc MessageBuffers,
IN ULONG MessageSequenceNumber,
OUT PULONG QualityOfProtection
)
{
NTSTATUS Status = STATUS_SUCCESS;
PKERB_KERNEL_CONTEXT Context = NULL;
PCHECKSUM_FUNCTION Check;
PSecBuffer SignatureBuffer = NULL;
ULONG Index;
PCHECKSUM_BUFFER CheckBuffer = NULL;
PKERB_GSS_SIGNATURE Signature;
LONG ChecksumType;
BOOLEAN ContextsLocked = FALSE;
UCHAR LocalChecksum[KERB_MAX_CHECKSUM_LENGTH];
ULONG Protection;
ULONG TotalBufferSize = 0;
ULONG SequenceNumber;
MAYBE_PAGED_CODE();
DebugLog((DEB_TRACE,"KerbVerifySignature Called\n"));
Context = KerbReferenceContext(
ContextHandle,
FALSE // don't unlink
);
if (Context == NULL)
{
DebugLog((DEB_ERROR, "Invalid handle supplied for VerifySignature(0x%x)\n",
ContextHandle));
Status = STATUS_INVALID_HANDLE;
goto Cleanup;
}
//
// Find the body and signature SecBuffers from pMessage
//
for (Index = 0; Index < MessageBuffers->cBuffers ; Index++ )
{
if (BUFFERTYPE(MessageBuffers->pBuffers[Index]) == SECBUFFER_TOKEN)
{
SignatureBuffer = &MessageBuffers->pBuffers[Index];
}
else if ((BUFFERTYPE(MessageBuffers->pBuffers[Index]) != SECBUFFER_TOKEN) &&
(!(MessageBuffers->pBuffers[Index].BufferType & SECBUFFER_READONLY)))
{
TotalBufferSize += MessageBuffers->pBuffers[Index].cbBuffer;
}
}
if (SignatureBuffer == NULL)
{
DebugLog((DEB_ERROR, "No signature buffer found\n"));
Status = STATUS_INVALID_PARAMETER;
goto Cleanup;
}
KerbWriteLockContexts();
ContextsLocked = TRUE;
//
// Also, verify that the context was created with the integrity bit
//
if ((Context->ContextFlags & KERB_SIGN_FLAGS) == 0)
{
PKERB_NULL_SIGNATURE NullSignature = (PKERB_NULL_SIGNATURE) SignatureBuffer->pvBuffer;
if (SignatureBuffer->cbBuffer >= sizeof(KERB_NULL_SIGNATURE) &&
(*NullSignature == 0))
{
Status = STATUS_SUCCESS;
}
else
{
Status = SEC_E_MESSAGE_ALTERED;
}
goto Cleanup;
}
//
// Verify the signature header
//
Status = KerbVerifySignatureToken(
Context,
SignatureBuffer,
TotalBufferSize,
FALSE, // don't decrypt
MessageSequenceNumber,
&Signature,
&Protection,
&ChecksumType,
NULL, // don't need crypt system
&SequenceNumber
);
if (!NT_SUCCESS(Status))
{
DebugLog((DEB_ERROR, "Failed to verify signature token: 0x%x\n", Status));
goto Cleanup;
}
//
// Now compute the checksum and verify it
//
Status = CDLocateCheckSum(ChecksumType, &Check);
if (!NT_SUCCESS(Status))
{
DebugLog((DEB_ERROR,"Failed to load MD5 checksum: 0x%x\n", Status));
goto Cleanup;
}
ASSERT(Check->CheckSumSize <= sizeof(LocalChecksum));
//
// Generate a check sum of the message, and store it into the signature
// buffer.
//
//
// if available use the Ex2 version for keyed checksums where checksum
// must be passed in on verification
//
if (NULL != Check->InitializeEx2)
{
Status = Check->InitializeEx2(
Context->SessionKey.keyvalue.value,
(ULONG) Context->SessionKey.keyvalue.length,
Signature->Checksum,
KERB_SAFE_SALT,
&CheckBuffer
);
}
else
{
Status = Check->InitializeEx(
Context->SessionKey.keyvalue.value,
(ULONG) Context->SessionKey.keyvalue.length,
KERB_SAFE_SALT,
&CheckBuffer
);
}
if (!NT_SUCCESS(Status))
{
goto Cleanup;
}
KerbUnlockContexts();
ContextsLocked = FALSE;
//
// Sum in 8 bytes of the signature
//
Check->Sum(
CheckBuffer,
8,
((PUCHAR) Signature) -2
);
for (Index = 0; Index < MessageBuffers->cBuffers; Index++ )
{
if ((BUFFERTYPE(MessageBuffers->pBuffers[Index]) != SECBUFFER_TOKEN) &&
(!(MessageBuffers->pBuffers[Index].BufferType & SECBUFFER_READONLY)) &&
(MessageBuffers->pBuffers[Index].cbBuffer != 0))
{
Check->Sum(
CheckBuffer,
MessageBuffers->pBuffers[Index].cbBuffer,
(PBYTE) MessageBuffers->pBuffers[Index].pvBuffer
);
}
}
(void) Check->Finalize(CheckBuffer, LocalChecksum);
Status = Check->Finish(&CheckBuffer);
if (!NT_SUCCESS(Status))
{
goto Cleanup;
}
if (!RtlEqualMemory(
LocalChecksum,
Signature->Checksum,
8))
{
Status = SEC_E_MESSAGE_ALTERED;
goto Cleanup;
}
if (ARGUMENT_PRESENT(QualityOfProtection))
{
*QualityOfProtection = Protection;
}
Cleanup:
if (ContextsLocked)
{
KerbUnlockContexts();
}
if (Context != NULL)
{
KerbDereferenceContext(Context);
}
DebugLog((DEB_TRACE, "SpVerifySignature returned 0x%x\n", Status));
return(Status);
}
NTSTATUS NTAPI
KerbSealMessage(
IN LSA_SEC_HANDLE ContextHandle,
IN ULONG QualityOfProtection,
IN PSecBufferDesc MessageBuffers,
IN ULONG MessageSequenceNumber
)
{
MAYBE_PAGED_CODE();
return(STATUS_NOT_SUPPORTED);
}
NTSTATUS NTAPI
KerbUnsealMessage(
IN LSA_SEC_HANDLE ContextHandle,
IN PSecBufferDesc MessageBuffers,
IN ULONG MessageSequenceNumber,
OUT PULONG QualityOfProtection
)
{
MAYBE_PAGED_CODE();
return(STATUS_NOT_SUPPORTED);
}
//+-------------------------------------------------------------------------
//
// Function: KerbGetContextToken
//
// Synopsis: returns a pointer to the token for a server-side context
//
// Effects:
//
// Arguments:
//
// Requires:
//
// Returns:
//
// Notes:
//
//
//--------------------------------------------------------------------------
NTSTATUS NTAPI
KerbGetContextToken(
IN LSA_SEC_HANDLE ContextHandle,
OUT OPTIONAL PHANDLE ImpersonationToken,
OUT OPTIONAL PACCESS_TOKEN * RawToken
)
{
NTSTATUS Status = STATUS_SUCCESS;
PKERB_KERNEL_CONTEXT Context = NULL;
PAGED_CODE();
DebugLog((DEB_TRACE,"KerbGetContextToken Called\n"));
Context = KerbReferenceContext(
ContextHandle,
FALSE // don't unlink
);
if (Context == NULL)
{
DebugLog((DEB_ERROR, "Invalid handle supplied for GetContextToken(0x%x)\n",
ContextHandle));
return(STATUS_INVALID_HANDLE);
}
KerbReadLockContexts();
if (Context->TokenHandle == NULL)
{
Status = SEC_E_NO_IMPERSONATION;
KerbUnlockContexts();
goto Cleanup;
}
if (ARGUMENT_PRESENT(ImpersonationToken))
{
*ImpersonationToken = Context->TokenHandle;
}
if (ARGUMENT_PRESENT(RawToken))
{
if (Context->TokenHandle != NULL)
{
if (Context->AccessToken == NULL)
{
Status = ObReferenceObjectByHandle(
Context->TokenHandle,
TOKEN_IMPERSONATE,
NULL,
ExGetPreviousMode(),
(PVOID *) &Context->AccessToken,
NULL // no handle information
);
}
}
if (NT_SUCCESS(Status))
{
*RawToken = Context->AccessToken;
}
}
KerbUnlockContexts();
Cleanup:
if (Context != NULL)
{
//
// Note: once we dereference the context the handle we return
// may go away or be re-used. That is the price we have to pay
// to avoid duplicating it.
//
KerbDereferenceContext(Context);
}
return(Status);
}
//+-------------------------------------------------------------------------
//
// Function: KerbQueryContextAttributes
//
// Synopsis: Querys attributes of the specified context
//
// Effects:
//
// Arguments:
//
// Requires:
//
// Returns:
//
// Notes:
//
//
//--------------------------------------------------------------------------
NTSTATUS NTAPI
KerbQueryContextAttributes(
IN LSA_SEC_HANDLE ContextHandle,
IN ULONG ContextAttribute,
IN OUT PVOID Buffer
)
{
NTSTATUS Status = STATUS_SUCCESS;
PKERB_KERNEL_CONTEXT Context = NULL;
PSecPkgContext_Sizes SizeInfo;
PSecPkgContext_Names NameInfo;
PSecPkgContext_Lifespan LifespanInfo;
PSecPkgContext_Flags FlagsInfo;
PSecPkgContext_SessionKey SessionKeyInfo;
PSecPkgContext_UserFlags UserFlagsInfo ;
PSecPkgContext_PackageInfo PackageInfo = NULL;
PSecPkgContext_TargetInformation TargetInformation = NULL;
PAGED_CODE();
DebugLog((DEB_TRACE,"SpQueryContextAttributes Called\n"));
Context = KerbReferenceContext(
ContextHandle,
FALSE // don't unlink
);
//
// allow PACKAGE_INFO or NEGOTIATION_INFO to be queried against
// incomplete contexts.
//
if( (Context == NULL) &&
(ContextAttribute != SECPKG_ATTR_PACKAGE_INFO) &&
(ContextAttribute != SECPKG_ATTR_NEGOTIATION_INFO)
) {
DebugLog((DEB_ERROR, "Invalid handle supplied for QueryContextAttributes(0x%x)\n",
ContextHandle));
return(STATUS_INVALID_HANDLE);
}
//
// Return the appropriate information
//
switch(ContextAttribute)
{
case SECPKG_ATTR_SIZES:
//
// The sizes returned are used by RPC to determine whether to call
// MakeSignature or SealMessage. The signature size should be zero
// if neither is to be called, and the block size and trailer size
// should be zero if SignMessage is not to be called.
//
SizeInfo = (PSecPkgContext_Sizes) Buffer;
SizeInfo->cbMaxToken = KerbMaxTokenSize;
// if ((Context->ContextFlags & (ISC_RET_CONFIDENTIALITY | ISC_RET_SEQUENCE_DETECT)) != 0)
// {
SizeInfo->cbMaxSignature = KERB_SIGNATURE_SIZE;
// }
// else
// {
// SizeInfo->cbMaxSignature = 0;
// }
if ((Context->ContextFlags & ISC_RET_CONFIDENTIALITY) != 0)
{
SizeInfo->cbBlockSize = 1;
SizeInfo->cbSecurityTrailer = KERB_SIGNATURE_SIZE;
}
else
{
SizeInfo->cbBlockSize = 0;
SizeInfo->cbSecurityTrailer = 0;
}
break;
case SECPKG_ATTR_NAMES:
NameInfo = (PSecPkgContext_Names) Buffer;
NameInfo->sUserName = (LPWSTR) KspKernelFunctions.AllocateHeap(Context->FullName.Length + sizeof(WCHAR));
if (NameInfo->sUserName != NULL)
{
RtlCopyMemory(
NameInfo->sUserName,
Context->FullName.Buffer,
Context->FullName.Length
);
NameInfo->sUserName[Context->FullName.Length/sizeof(WCHAR)] = L'\0';
}
else
{
Status = STATUS_INSUFFICIENT_RESOURCES;
}
break;
case SECPKG_ATTR_TARGET_INFORMATION:
TargetInformation = (PSecPkgContext_TargetInformation) Buffer;
if (TargetInformation == NULL)
{
Status = STATUS_INVALID_PARAMETER;
break;
}
TargetInformation->MarshalledTargetInfo = NULL;
if (Context->pbMarshalledTargetInfo == NULL)
{
Status = STATUS_NOT_FOUND;
break;
}
TargetInformation->MarshalledTargetInfo = (PUCHAR) KspKernelFunctions.AllocateHeap(
Context->cbMarshalledTargetInfo
);
if (TargetInformation->MarshalledTargetInfo != NULL)
{
RtlCopyMemory(
TargetInformation->MarshalledTargetInfo,
Context->pbMarshalledTargetInfo,
Context->cbMarshalledTargetInfo
);
TargetInformation->MarshalledTargetInfoLength = Context->cbMarshalledTargetInfo;
}
else
{
Status = STATUS_INSUFFICIENT_RESOURCES;
}
break;
case SECPKG_ATTR_LIFESPAN:
LifespanInfo = (PSecPkgContext_Lifespan) Buffer;
//
// BUG 454552: set start time properly.
//
LifespanInfo->tsStart.QuadPart = 0;
LifespanInfo->tsExpiry = Context->Lifetime;
break;
case SECPKG_ATTR_FLAGS:
FlagsInfo = (PSecPkgContext_Flags) Buffer;
FlagsInfo->Flags = Context->ContextFlags;
break;
case SECPKG_ATTR_SESSION_KEY:
SessionKeyInfo = (PSecPkgContext_SessionKey) Buffer;
SessionKeyInfo->SessionKeyLength = Context->SessionKey.keyvalue.length;
if (SessionKeyInfo->SessionKeyLength != 0)
{
SessionKeyInfo->SessionKey = (PUCHAR) KspKernelFunctions.AllocateHeap(SessionKeyInfo->SessionKeyLength);
if (SessionKeyInfo->SessionKey != NULL)
{
RtlCopyMemory(
SessionKeyInfo->SessionKey,
Context->SessionKey.keyvalue.value,
Context->SessionKey.keyvalue.length
);
}
else
{
Status = STATUS_INSUFFICIENT_RESOURCES;
}
}
else
{
SessionKeyInfo->SessionKey = (PUCHAR) KspKernelFunctions.AllocateHeap(1);
if (SessionKeyInfo->SessionKey != NULL)
{
*(PUCHAR) SessionKeyInfo->SessionKey = 0;
}
else
{
Status = STATUS_INSUFFICIENT_RESOURCES;
}
}
break;
case SECPKG_ATTR_USER_FLAGS:
UserFlagsInfo = (PSecPkgContext_UserFlags) Buffer ;
UserFlagsInfo->UserFlags = 0 ;
Status = STATUS_SUCCESS ;
break;
case SECPKG_ATTR_PACKAGE_INFO:
case SECPKG_ATTR_NEGOTIATION_INFO:
//
// Return the information about this package. This is useful for
// callers who used SPNEGO and don't know what package they got.
//
PackageInfo = (PSecPkgContext_PackageInfo) Buffer;
PackageInfo->PackageInfo = (PSecPkgInfo) KspKernelFunctions.AllocateHeap(
sizeof(SecPkgInfo) +
sizeof(KERBEROS_PACKAGE_NAME) +
sizeof(KERBEROS_PACKAGE_COMMENT)
);
if (PackageInfo->PackageInfo == NULL)
{
Status = STATUS_INSUFFICIENT_RESOURCES;
break;
}
PackageInfo->PackageInfo->Name = (LPTSTR) (PackageInfo->PackageInfo + 1);
PackageInfo->PackageInfo->Comment = (LPTSTR) (((PBYTE) PackageInfo->PackageInfo->Name) + sizeof(KERBEROS_PACKAGE_NAME));
wcscpy(
PackageInfo->PackageInfo->Name,
KERBEROS_PACKAGE_NAME
);
wcscpy(
PackageInfo->PackageInfo->Comment,
KERBEROS_PACKAGE_COMMENT
);
PackageInfo->PackageInfo->wVersion = SECURITY_SUPPORT_PROVIDER_INTERFACE_VERSION;
PackageInfo->PackageInfo->wRPCID = KERBEROS_RPCID;
PackageInfo->PackageInfo->fCapabilities = KERBEROS_CAPABILITIES;
PackageInfo->PackageInfo->cbMaxToken = KerbMaxTokenSize;
if ( ContextAttribute == SECPKG_ATTR_NEGOTIATION_INFO )
{
PSecPkgContext_NegotiationInfo NegInfo ;
NegInfo = (PSecPkgContext_NegotiationInfo) PackageInfo ;
if( Context != NULL ) {
NegInfo->NegotiationState = SECPKG_NEGOTIATION_COMPLETE ;
} else {
NegInfo->NegotiationState = 0;
}
}
break;
default:
Status = STATUS_NOT_SUPPORTED;
break;
}
if (Context != NULL)
{
KerbDereferenceContext(Context);
}
return(Status);
}
//+-------------------------------------------------------------------------
//
// Function: KerbCompleteToken
//
// Synopsis:
//
// Effects:
//
// Arguments:
//
// Requires:
//
// Returns:
//
// Notes:
//
//
//--------------------------------------------------------------------------
NTSTATUS NTAPI
KerbCompleteToken(
IN LSA_SEC_HANDLE ContextId,
IN PSecBufferDesc Token
)
{
PAGED_CODE();
return(SEC_E_UNSUPPORTED_FUNCTION);
}
//+-------------------------------------------------------------------------
//
// Function:
//
// Synopsis:
//
// Effects:
//
// Arguments:
//
// Requires:
//
// Returns:
//
// Notes:
//
//
//--------------------------------------------------------------------------
NTSTATUS
KerbExportContext(
IN LSA_SEC_HANDLE Context,
IN ULONG Flags,
OUT PSecBuffer PackedContext,
IN OUT PHANDLE TokenHandle
)
{
return(SEC_E_UNSUPPORTED_FUNCTION);
}
//+-------------------------------------------------------------------------
//
// Function:
//
// Synopsis:
//
// Effects:
//
// Arguments:
//
// Requires:
//
// Returns:
//
// Notes:
//
//
//--------------------------------------------------------------------------
NTSTATUS
KerbImportContext(
IN PSecBuffer PackedContext,
IN OPTIONAL HANDLE TokenHandle,
OUT PLSA_SEC_HANDLE ContextHandle
)
{
NTSTATUS Status;
PKERB_KERNEL_CONTEXT Context = NULL;
PAGED_CODE();
DebugLog((DEB_TRACE,"KerbInitUserModeContext called\n"));
Status = KerbCreateKernelModeContext(
0, // LsaContextHandle not present
PackedContext,
&Context
);
if (!NT_SUCCESS(Status))
{
DebugLog((DEB_ERROR,"Failed to create kernel mode context: 0x%x\n",
Status));
goto Cleanup;
}
if (!KerbCryptInitialized)
{
KerbWriteLockGlobals();
if ( !KerbCryptInitialized )
{
if (LibAttach(NULL, NULL))
{
KerbCryptInitialized = TRUE;
}
}
KerbUnlockGlobals();
}
KerbWriteLockContexts();
Context->TokenHandle = TokenHandle;
*ContextHandle = KerbGetContextHandle(Context);
Context->ContextAttributes |= KERB_CONTEXT_IMPORTED;
KerbUnlockContexts();
Cleanup:
if (Context != NULL)
{
KerbDereferenceContext(Context);
}
return(Status);
}
NTSTATUS
KerbSetPageMode(
BOOLEAN Pagable
)
{
if ( Pagable )
{
KerbPoolType = PagedPool ;
KerbActiveList = KerbPagedList ;
}
else
{
if ( KerbNonPagedList == NULL )
{
KerbNonPagedList = KSecCreateContextList( KSecNonPaged );
if ( KerbNonPagedList == NULL )
{
return STATUS_NO_MEMORY ;
}
}
KerbActiveList = KerbNonPagedList ;
KerbPoolType = NonPagedPool ;
}
return STATUS_SUCCESS ;
}