archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
0 Tags
3.8 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-xp/Source/XPSP1/NT/base/cluster/resdll/ndquorum/lsa.c

733 lines
17 KiB
Raw Permalink Normal View History

Add source files
4 years ago
  1. /*++
  3. Copyright (c) 2000 Microsoft Corporation
  5. Module Name:
  7. lsa.c
  9. Abstract:
  11. Implements security network logon
  13. Author:
  15. Ahmed Mohamed (ahmedm) 1-Feb-2000
  17. Revision History:
  19. --*/
  20. #include <nt.h>
  21. #include <ntdef.h>
  22. #include <ntrtl.h>
  23. #include <nturtl.h>
  25. #include <ntlsa.h>
  26. #include <ntmsv1_0.h>
  28. #include <windows.h>
  30. #include <stdio.h>
  31. #include <stdlib.h>
  32. #include <stdarg.h>
  33. #include <string.h>
  34. #include <fcntl.h>
  35. #include <io.h>
  37. //int lstrlenW(char *);
  39. typedef int BOOL;
  40. typedef unsigned int UINT;
  41. typedef unsigned int *PUINT;
  42. typedef unsigned char *LPBYTE;
  45. #define LocalLSAInit() (LsaHandle != NULL)
  47. #ifdef LSA_AUDIT_FLAG
  48. int LsaAuditFlag = 0;
  49. #endif
  51. #define BUF_SIZ 512
  54. void
  55. replstar(
  56. IN char * starred,
  57. OUT LPWSTR UnicodeOut
  58. )
  59. /*++ replstar
  61. Routine Description:
  63. replaces the '*' in the string with either spaces or NULL
  64. if it's the only memeber of the string. Used by parse().
  66. Converts the resultant string to unicode.
  68. Arguments:
  70. char * starred -
  72. Return Value:
  74. void -
  75. Warnings:
  76. --*/
  77. {
  78. char *cp;
  79. STRING AnsiString;
  80. UNICODE_STRING UnicodeString;
  82. if ( !strcmp(starred,"*") ) {
  83. *starred = '\0';
  84. } else {
  85. for ( cp = starred; *cp; ++cp )
  86. if (*cp == '*')
  87. *cp = ' ';
  88. }
  90. //
  91. // Convert the result to unicode
  92. //
  94. AnsiString.Buffer = starred;
  95. AnsiString.Length = AnsiString.MaximumLength =
  96. (USHORT) strlen( starred );
  98. UnicodeString.Buffer = UnicodeOut;
  99. UnicodeString.Length = 0;
  100. UnicodeString.MaximumLength = BUF_SIZ * sizeof(WCHAR);
  102. (VOID) RtlAnsiStringToUnicodeString( &UnicodeString, &AnsiString, FALSE );
  103. return;
  104. }
  106. VOID
  107. NlpPutString(
  108. IN PUNICODE_STRING OutString,
  109. IN PUNICODE_STRING InString,
  110. IN PUCHAR *Where
  111. )
  112. /*++ NlpPutString
  114. Routine Description:
  116. This routine copies the InString string to the memory pointed to by
  117. the Where parameter, and fixes the OutString string to point to that
  118. new copy.
  120. Parameters:
  122. OutString - A pointer to a destination NT string
  124. InString - A pointer to an NT string to be copied
  126. Where - A pointer to space to put the actual string for the
  127. OutString. The pointer is adjusted to point to the first byte
  128. following the copied string.
  130. Return Values:
  132. None.
  134. --*/
  136. {
  137. ASSERT( OutString != NULL );
  138. ASSERT( InString != NULL );
  139. ASSERT( Where != NULL && *Where != NULL);
  141. if ( InString->Length > 0 )
  142. {
  144. OutString->Buffer = (PWCH) *Where;
  145. OutString->MaximumLength = InString->Length;
  146. *Where += OutString->MaximumLength;
  148. RtlCopyString( (PSTRING) OutString, (PSTRING) InString );
  150. }
  151. else
  152. {
  153. RtlInitUnicodeString(OutString, NULL);
  154. }
  156. return;
  157. }
  160. BOOL
  161. LsapLogonNetwork(
  162. IN HANDLE LsaHandle,
  163. IN ULONG AuthenticationPackage,
  164. IN LPWSTR Username,
  165. IN PUCHAR ChallengeToClient,
  166. IN PMSV1_0_GETCHALLENRESP_RESPONSE ChallengeResponse,
  167. IN UINT cbChallengeResponse,
  168. IN LPWSTR Domain,
  169. OUT PLUID LogonId,
  170. OUT PHANDLE TokenHandle
  171. )
  172. /*++ LogonNetwork
  174. Routine Description:
  176. Logs a user onto the network
  178. Arguments:
  179. IN LPWSTR Username - self explanatory
  180. IN ChallengeToClient - The challenge sent to the client
  181. IN ChallengeResponse - The response sent from the client
  182. IN LPWSTR Domain - Logon Domain Name
  183. OUT PLUID LogonId - Unique generated logon id
  184. OUT PHANDLE TokenHandle - handle to the logon token
  186. Return Value:
  188. BOOL -
  190. Warnings:
  192. --*/
  193. {
  194. NTSTATUS Status;
  195. UNICODE_STRING TempString;
  196. UNICODE_STRING TempString2;
  197. UNICODE_STRING OriginName;
  198. PMSV1_0_LM20_LOGON Auth;
  199. PCHAR Auth1[MSV1_0_CHALLENGE_LENGTH + BUF_SIZ*2];
  200. PUCHAR Strings;
  201. PMSV1_0_LM20_LOGON_PROFILE ProfileBuffer;
  202. ULONG ProfileBufferSize;
  203. NTSTATUS SubStatus;
  204. TOKEN_SOURCE SourceContext;
  205. QUOTA_LIMITS QuotaLimits;
  208. /*
  209. * Fill in the Authentication structure.
  210. */
  211. Auth = (PMSV1_0_LM20_LOGON) Auth1;
  213. Strings = (PUCHAR)(Auth + 1);
  215. Auth->MessageType = MsV1_0Lm20Logon;
  216. RtlMoveMemory( Auth->ChallengeToClient,
  217. ChallengeToClient,
  218. MSV1_0_CHALLENGE_LENGTH );
  220. /* Init Strings
  221. * username
  222. */
  223. RtlInitUnicodeString( &TempString, Username );
  224. NlpPutString( &Auth->UserName, &TempString, &Strings );
  226. /*
  227. * workstation name
  228. */
  229. RtlInitUnicodeString( &TempString, L"NetQFS" );
  230. NlpPutString( &Auth->Workstation, &TempString, &Strings );
  232. /*
  233. * Challenge Response
  234. */
  236. Auth->CaseSensitiveChallengeResponse.Length = 0;
  237. Auth->CaseSensitiveChallengeResponse.MaximumLength = 0;
  238. Auth->CaseSensitiveChallengeResponse.Buffer = NULL;
  241. #ifdef OLD
  242. RtlInitUnicodeString(
  243. (PUNICODE_STRING)&TempString2,
  244. (PCWSTR)ChallengeResponse );
  245. #else
  246. TempString2.Buffer = (PWSTR)ChallengeResponse;
  247. TempString2.Length = (USHORT)cbChallengeResponse;
  248. TempString2.MaximumLength = TempString2.Length;
  249. #endif
  250. if( TempString2.Length > 24 ) {
  251. TempString2.Length = 24;
  252. }
  253. NlpPutString(
  254. (PUNICODE_STRING)&Auth->CaseInsensitiveChallengeResponse,
  255. (PUNICODE_STRING)&TempString2,
  256. &Strings );
  257. /*
  258. * domain
  259. */
  260. RtlInitUnicodeString( &TempString, Domain );
  261. NlpPutString( &Auth->LogonDomainName, &TempString, &Strings );
  264. RtlInitUnicodeString( &OriginName, L"NetQFS" );
  265. Status = LsaLogonUser(
  266. LsaHandle,
  267. (PSTRING)&OriginName,
  268. Network,
  269. AuthenticationPackage,
  270. // LATER? AuthenticationPackage | LSA_CALL_LICENSE_SERVER,
  271. Auth,
  272. (ULONG)(Strings - (PUCHAR)Auth),
  273. NULL,
  274. &SourceContext,
  275. (PVOID *)&ProfileBuffer,
  276. &ProfileBufferSize,
  277. LogonId,
  278. TokenHandle,
  279. &QuotaLimits,
  280. &SubStatus );
  282. if ( !NT_SUCCESS( Status ) )
  283. {
  284. extern void WINAPI debug_log(char *,...);
  286. debug_log("Logon failed %x\n",Status);
  287. // LSA Can't be trusted to not scrog our variables
  288. *TokenHandle = NULL;
  289. return( FALSE );
  290. }
  291. LsaFreeReturnBuffer( ProfileBuffer );
  293. return( TRUE );
  294. }
  296. BOOL
  297. LsapChallenge(
  298. HANDLE LsaHandle,
  299. ULONG AuthenticationPackage,
  300. UCHAR *ChallengeToClient
  301. )
  302. /*++ Challenge
  304. Routine Description:
  306. get a challenge
  308. Arguments:
  309. OUT ChallengeToClient - Returns the challenge to send to the client
  311. Return Value:
  312. NTSTATUS -
  313. Warnings:
  314. --*/
  315. {
  316. NTSTATUS Status;
  317. NTSTATUS ProtocolStatus;
  318. ULONG ResponseSize;
  319. MSV1_0_LM20_CHALLENGE_REQUEST Request;
  320. PMSV1_0_LM20_CHALLENGE_RESPONSE Response;
  322. /*
  323. * Fill in the Authentication structure.
  324. */
  326. Request.MessageType = MsV1_0Lm20ChallengeRequest;
  328. Status = LsaCallAuthenticationPackage (
  329. LsaHandle,
  330. AuthenticationPackage,
  331. &Request,
  332. sizeof(Request),
  333. (PVOID *)&Response,
  334. &ResponseSize,
  335. &ProtocolStatus );
  337. if ( !NT_SUCCESS( Status ) || !NT_SUCCESS( ProtocolStatus) )
  338. {
  339. printf("ChallengeRequest failed %x\n",Status);
  340. return( FALSE );
  341. }
  343. RtlMoveMemory( ChallengeToClient,
  344. Response->ChallengeToClient,
  345. MSV1_0_CHALLENGE_LENGTH );
  347. LsaFreeReturnBuffer( Response );
  349. return( TRUE );
  350. }
  353. BOOL
  354. LsaGetChallenge(
  355. HANDLE LsaHandle,
  356. ULONG AuthenticationPackage,
  357. LPBYTE lpChallenge,
  358. UINT cbSize,
  359. PUINT lpcbChallengeSize
  360. )
  361. {
  362. #ifdef LSA_AUDIT_FLAG
  363. if (LsaAuditFlag == TRUE) {
  364. memset(lpChallenge, 0, MSV1_0_CHALLENGE_LENGTH);
  365. *lpcbChallengeSize = MSV1_0_CHALLENGE_LENGTH;
  366. return TRUE;
  367. }
  368. #endif
  370. if( LocalLSAInit() ) {
  371. *lpcbChallengeSize = MSV1_0_CHALLENGE_LENGTH;
  372. return LsapChallenge( LsaHandle, AuthenticationPackage, lpChallenge );
  373. } else {
  374. return( FALSE );
  375. }
  376. }
  378. BOOL
  379. LsaValidateLogon(
  380. HANDLE LsaHandle,
  381. ULONG AuthenticationPackage,
  382. LPBYTE lpChallenge,
  383. UINT cbChallengeSize,
  384. LPBYTE lpResponse,
  385. UINT cbResponseSize,
  386. LPSTR lpszUserName,
  387. LPSTR lpszDomainName,
  388. LUID *pLogonId,
  389. PHANDLE phLogonToken
  390. )
  391. {
  392. WCHAR wcUser[ BUF_SIZ ];
  393. WCHAR wcDomain[ BUF_SIZ ];
  394. BOOL nlRet;
  395. DWORD sz = BUF_SIZ;
  397. #ifdef LSA_AUDIT_FLAG
  398. if (LsaAuditFlag == 1) {
  399. pLogonId->LowPart = 10;
  400. pLogonId->HighPart = 0;
  401. *phLogonToken = INVALID_HANDLE_VALUE;
  402. return TRUE;
  403. }
  404. #endif
  406. if (GetUserName((LPSTR)wcUser, &sz)) {
  407. if (lpszUserName != NULL && *lpszUserName != '\0' &&
  408. _stricmp(lpszUserName, (LPSTR)wcUser) &&
  409. _stricmp(lpszUserName, "administrator")) {
  410. return FALSE;
  411. }
  412. }
  414. if( !LocalLSAInit() ) {
  415. return( FALSE );
  416. }
  417. replstar( lpszUserName, wcUser );
  418. replstar( lpszDomainName, wcDomain );
  419. nlRet = LsapLogonNetwork( LsaHandle, AuthenticationPackage,
  420. wcUser, lpChallenge,
  421. (PMSV1_0_GETCHALLENRESP_RESPONSE)lpResponse,
  422. cbResponseSize, wcDomain, pLogonId, phLogonToken );
  423. return( nlRet );
  424. }
  426. BOOL
  427. LsaGetChallengeResponse(
  428. HANDLE LsaHandle,
  429. ULONG AuthenticationPackage,
  430. LUID LogonId,
  431. LPSTR lpszPasswordK1,
  432. int cbPasswordK1,
  433. LPSTR lpszChallenge,
  434. int cbChallenge,
  435. int *pcbPasswordK1,
  436. BOOL *pbHasPasswordK1 )
  437. {
  438. NTSTATUS Status;
  439. NTSTATUS ProtocolStatus;
  440. ULONG ResponseSize;
  441. PMSV1_0_GETCHALLENRESP_RESPONSE Response;
  442. PMSV1_0_GETCHALLENRESP_REQUEST Request;
  444. PCHAR Auth1[BUF_SIZ];
  445. PUCHAR Strings;
  448. if( !LocalLSAInit() ) {
  449. *pbHasPasswordK1 = FALSE;
  450. return( FALSE );
  451. }
  452. Request = (PMSV1_0_GETCHALLENRESP_REQUEST) Auth1;
  453. Request->MessageType = MsV1_0Lm20GetChallengeResponse;
  454. Request->ParameterControl = 0;
  455. Request->ParameterControl |= USE_PRIMARY_PASSWORD;
  456. Request->LogonId = LogonId;
  457. Strings = (PUCHAR)(Request + 1);
  458. RtlMoveMemory( Request->ChallengeToClient,
  459. lpszChallenge,
  460. cbChallenge );
  462. RtlInitUnicodeString( &Request->Password, NULL );
  463. Status = LsaCallAuthenticationPackage (
  464. LsaHandle,
  465. AuthenticationPackage,
  466. Request,
  467. sizeof(MSV1_0_GETCHALLENRESP_REQUEST),
  468. (PVOID *)&Response,
  469. &ResponseSize,
  470. &ProtocolStatus );
  471. if ( !NT_SUCCESS( Status ) || !NT_SUCCESS( ProtocolStatus) )
  472. {
  473. return( FALSE );
  474. }
  476. *pcbPasswordK1 = (Response)->CaseInsensitiveChallengeResponse.Length;
  477. memcpy( lpszPasswordK1,
  478. (Response)->CaseInsensitiveChallengeResponse.Buffer,
  479. (Response)->CaseInsensitiveChallengeResponse.Length );
  480. *pbHasPasswordK1 = TRUE;
  482. LsaFreeReturnBuffer( Response );
  484. return( TRUE );
  485. }
  487. #ifdef QON_TCB_REQUIRED
  488. // When we have support for untrusted on REQUEST we disable this. Till then we need TCB.
  489. // I am disabling this since the we don't need TCB anymore. Note if we
  490. // want to run in win2k then we must have TCB and this code path reenabled.
  492. NTSTATUS
  493. LsaInit(HANDLE *pLsaHandle, ULONG *pAuthenticationPackage)
  494. {
  495. char MyName[MAX_PATH];
  496. char * ModuleName;
  497. STRING LogonProcessName;
  498. STRING PackageName;
  499. ULONG dummy;
  500. NTSTATUS Status;
  501. NTSTATUS TempStatus;
  502. BOOLEAN WasEnabled;
  503. HANDLE LsaHandle = NULL;
  504. ULONG AuthenticationPackage;
  506. BOOLEAN fThread = FALSE; // did we enable privilege in thread token?
  507. BOOL fReverted = FALSE; // did we RevertToSelf() during call?
  508. HANDLE hPreviousToken = NULL;
  510. #ifdef LSA_AUDIT_FLAG
  511. if (LsaAuditFlag == TRUE) {
  512. *pLsaHandle = 0;
  513. *pAuthenticationPackage = 0;
  514. return STATUS_SUCCESS;
  515. }
  516. #endif
  518. //
  519. // three SeTcbPrivilege scenarios:
  520. // 1. present in process token, thread not impersonating.
  521. // 2. present in process token, thread is impersonating.
  522. // 3. present in thread token.
  523. //
  525. //
  526. // try in this order:
  527. // process token (original method).
  528. // if thread impersonating, thread token
  529. // if thread impersonating, process token after reverting.
  530. //
  532. Status = RtlAdjustPrivilege(SE_TCB_PRIVILEGE, TRUE, FALSE, &WasEnabled);
  534. if (!NT_SUCCESS(Status))
  535. {
  536. TempStatus = NtOpenThreadToken(
  537. NtCurrentThread(),
  538. TOKEN_IMPERSONATE,
  539. FALSE,
  540. &hPreviousToken
  541. );
  543. if( !NT_SUCCESS(TempStatus) ) {
  545. //
  546. // retry with accesscheck against process.
  547. //
  549. if( TempStatus != STATUS_ACCESS_DENIED )
  550. goto Cleanup;
  552. TempStatus = NtOpenThreadToken(
  553. NtCurrentThread(),
  554. TOKEN_IMPERSONATE,
  555. TRUE,
  556. &hPreviousToken
  557. );
  559. if( !NT_SUCCESS(TempStatus) )
  560. goto Cleanup;
  561. }
  563. //
  564. // thread token is present.
  565. // first, try enabling the privilege in the thread token.
  566. //
  568. fThread = TRUE;
  570. Status = RtlAdjustPrivilege(SE_TCB_PRIVILEGE, TRUE, fThread, &WasEnabled);
  572. if( !NT_SUCCESS(Status) ) {
  574. HANDLE NewToken = NULL;
  576. //
  577. // if that fails, try reverting and enabling privilege in process token.
  578. //
  580. TempStatus = NtSetInformationThread(
  581. NtCurrentThread(),
  582. ThreadImpersonationToken,
  583. &NewToken,
  584. sizeof(NewToken)
  585. );
  587. if( !NT_SUCCESS(TempStatus) )
  588. goto Cleanup;
  590. fThread = FALSE;
  591. fReverted = TRUE;
  593. Status = RtlAdjustPrivilege(SE_TCB_PRIVILEGE, TRUE, fThread, &WasEnabled);
  594. if( !NT_SUCCESS(Status) )
  595. goto Cleanup;
  596. }
  597. }
  599. GetModuleFileNameA(NULL, MyName, MAX_PATH);
  600. ModuleName = strrchr(MyName, '\\');
  601. if (!ModuleName)
  602. {
  603. ModuleName = MyName;
  604. }
  607. //
  608. // Hookup to the LSA and locate our authentication package.
  609. //
  611. RtlInitString(&LogonProcessName, ModuleName);
  613. Status = LsaRegisterLogonProcess(
  614. &LogonProcessName,
  615. &LsaHandle,
  616. &dummy
  617. );
  620. //
  621. // Turn off the privilege now.
  622. //
  624. if( !WasEnabled ) {
  626. (VOID) RtlAdjustPrivilege(SE_TCB_PRIVILEGE, FALSE, fThread, &WasEnabled);
  627. }
  629. if (!NT_SUCCESS(Status)) {
  630. LsaHandle = NULL;
  631. goto Cleanup;
  632. }
  635. //
  636. // Connect with the MSV1_0 authentication package
  637. //
  638. RtlInitString(&PackageName, MSV1_0_PACKAGE_NAME); //"MICROSOFT_AUTHENTICATION_PACKAGE_V1_0");
  639. Status = LsaLookupAuthenticationPackage (
  640. LsaHandle,
  641. &PackageName,
  642. &AuthenticationPackage
  643. );
  645. if (!NT_SUCCESS(Status)) {
  646. goto Cleanup;
  647. }
  649. *pLsaHandle = LsaHandle;
  650. *pAuthenticationPackage = AuthenticationPackage;
  652. Cleanup:
  654. if( hPreviousToken ) {
  656. if( fReverted ) {
  658. //
  659. // put old token back...
  660. //
  662. (VOID) NtSetInformationThread(
  663. NtCurrentThread(),
  664. ThreadImpersonationToken,
  665. &hPreviousToken,
  666. sizeof(hPreviousToken)
  667. );
  668. }
  670. NtClose( hPreviousToken );
  671. }
  674. if( !NT_SUCCESS(Status) ) {
  676. if( LsaHandle ) {
  677. (VOID) LsaDeregisterLogonProcess( LsaHandle );
  678. LsaHandle = NULL;
  679. }
  681. }
  683. return Status;
  684. }
  686. #else
  688. NTSTATUS
  689. LsaInit(HANDLE *pLsaHandle, ULONG *pAuthenticationPackage)
  690. {
  691. char MyName[MAX_PATH];
  692. char * ModuleName;
  693. STRING LogonProcessName;
  694. STRING PackageName;
  695. ULONG dummy;
  696. NTSTATUS Status;
  697. NTSTATUS TempStatus;
  698. BOOLEAN WasEnabled;
  699. HANDLE LsaHandle;
  700. ULONG AuthenticationPackage;
  702. BOOLEAN fThread = FALSE; // did we enable privilege in thread token?
  703. BOOL fReverted = FALSE; // did we RevertToSelf() during call?
  704. HANDLE hPreviousToken = NULL;
  706. //
  707. // Connect with LSA process
  708. //
  709. Status = LsaConnectUntrusted(&LsaHandle);
  710. if (!NT_SUCCESS(Status))
  711. return Status;
  713. //
  714. // Connect with the MSV1_0 authentication package
  715. //
  716. RtlInitString(&PackageName, MSV1_0_PACKAGE_NAME); //"MICROSOFT_AUTHENTICATION_PACKAGE_V1_0");
  717. Status = LsaLookupAuthenticationPackage (
  718. LsaHandle,
  719. &PackageName,
  720. &AuthenticationPackage
  721. );
  723. if (NT_SUCCESS(Status)) {
  724. *pLsaHandle = LsaHandle;
  725. *pAuthenticationPackage = AuthenticationPackage;
  726. } else {
  727. (VOID) LsaDeregisterLogonProcess( LsaHandle );
  728. }
  730. return Status;
  731. }
  732. #endif