archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
0 Tags
4.0 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-xp/Source/XPSP1/NT/base/fs/rdr2/rdbss/smb.mrx/ntsecure.c

544 lines
20 KiB
Raw Permalink Normal View History

Add source files
4 years ago
  1. /*++ BUILD Version: 0009 // Increment this if a change has global effects
  2. Copyright (c) 1987-1993 Microsoft Corporation
  4. Module Name:
  6. sessetup.c
  8. Abstract:
  10. This module implements the Session setup related routines
  12. Author:
  14. Balan Sethu Raman (SethuR) 06-Mar-95 Created
  16. --*/
  18. #include "precomp.h"
  19. #pragma hdrstop
  21. #include <exsessup.h>
  22. #include "ntlsapi.h"
  23. #include "mrxsec.h"
  25. #ifdef ALLOC_PRAGMA
  26. #pragma alloc_text(PAGE, BuildSessionSetupSecurityInformation)
  27. #pragma alloc_text(PAGE, BuildTreeConnectSecurityInformation)
  28. #endif
  30. extern BOOLEAN EnablePlainTextPassword;
  32. NTSTATUS
  33. BuildSessionSetupSecurityInformation(
  34. PSMB_EXCHANGE pExchange,
  35. PBYTE pSmbBuffer,
  36. PULONG pSmbBufferSize)
  37. /*++
  39. Routine Description:
  41. This routine builds the security related information for the session setup SMB
  43. Arguments:
  45. pServer - the server instance
  47. pSmbBuffer - the SMB buffer
  49. pSmbBufferSize - the size of the buffer on input ( modified to size remaining on
  50. output)
  52. Return Value:
  54. RXSTATUS - The return status for the operation
  56. Notes:
  58. Eventhough the genral structure of the code tries to isolate dialect specific issues
  59. as much as possible this routine takes the opposite approach. This is because of the
  60. preamble and prologue to security interaction which far outweigh the dialect specific
  61. work required to be done. Therefore in the interests of a smaller footprint this approach
  62. has been adopted.
  64. --*/
  65. {
  66. NTSTATUS Status = STATUS_SUCCESS;
  68. UNICODE_STRING UserName;
  69. UNICODE_STRING DomainName;
  71. STRING CaseSensitiveResponse;
  72. STRING CaseInsensitiveResponse;
  74. PVOID pSecurityBlob;
  75. USHORT SecurityBlobSize;
  77. PSMBCE_SERVER pServer = SmbCeGetExchangeServer(pExchange);
  78. PSMBCE_SESSION pSession = SmbCeGetExchangeSession(pExchange);
  79. PSMBCEDB_SERVER_ENTRY pServerEntry = SmbCeGetExchangeServerEntry(pExchange);
  81. SECURITY_RESPONSE_CONTEXT ResponseContext;
  83. KAPC_STATE ApcState;
  84. BOOLEAN AttachToSystemProcess = FALSE;
  85. ULONG BufferSize = *pSmbBufferSize;
  87. PAGED_CODE();
  88. RxDbgTrace( +1, Dbg, ("BuildSessionSetupSecurityInformation -- Entry\n"));
  90. SmbLog(LOG,
  91. BuildSessionSetupSecurityInformation,
  92. LOGPTR(pSession)
  93. LOGULONG(pSession->LogonId.HighPart)
  94. LOGULONG(pSession->LogonId.LowPart));
  96. if ((pServer->DialectFlags & DF_EXTENDED_SECURITY) &&
  97. !FlagOn(pSession->Flags,SMBCE_SESSION_FLAGS_REMOTE_BOOT_SESSION)) {
  99. //
  100. // For uplevel servers, this gets handled all at once:
  101. //
  103. PREQ_NT_EXTENDED_SESSION_SETUP_ANDX pExtendedNtSessionSetupReq;
  104. PBYTE pBuffer = pSmbBuffer;
  106. // Position the buffer for copying the security blob
  107. pBuffer += FIELD_OFFSET(REQ_NT_EXTENDED_SESSION_SETUP_ANDX,Buffer);
  108. BufferSize -= FIELD_OFFSET(REQ_NT_EXTENDED_SESSION_SETUP_ANDX,Buffer);
  110. pExtendedNtSessionSetupReq = (PREQ_NT_EXTENDED_SESSION_SETUP_ANDX)pSmbBuffer;
  112. pSecurityBlob = pBuffer ;
  113. SecurityBlobSize = (USHORT) BufferSize ;
  115. Status = BuildExtendedSessionSetupResponsePrologue(
  116. pExchange,
  117. pSecurityBlob,
  118. &SecurityBlobSize,
  119. &ResponseContext);
  121. if ( NT_SUCCESS( Status ) )
  122. {
  123. SmbPutUshort(
  124. &pExtendedNtSessionSetupReq->SecurityBlobLength,
  125. SecurityBlobSize);
  127. BufferSize -= SecurityBlobSize;
  128. }
  130. } else {
  131. if (!MRxSmbUseKernelModeSecurity &&
  132. !FlagOn(pSession->Flags,SMBCE_SESSION_FLAGS_REMOTE_BOOT_SESSION)) {
  133. //NTRAID-455636-2/2/2000-yunlin We should consolidate three routines calling LSA into one
  134. Status = BuildExtendedSessionSetupResponsePrologueFake(pExchange);
  136. if (Status != STATUS_SUCCESS) {
  137. goto FINALLY;
  138. }
  139. }
  141. Status = BuildNtLanmanResponsePrologue(
  142. pExchange,
  143. &UserName,
  144. &DomainName,
  145. &CaseSensitiveResponse,
  146. &CaseInsensitiveResponse,
  147. &ResponseContext);
  149. if (Status == STATUS_SUCCESS) {
  150. // If the security package returns us the credentials corresponding to a
  151. // NULL session mark the session as a NULL session. This will avoid
  152. // conflicts with the user trying to present the credentials for a NULL
  153. // session, i.e., explicitly specified zero length passwords, user name
  154. // and domain name.
  156. RxDbgTrace(0,Dbg,("Session %lx UN Length %lx DN length %ld IR length %ld SR length %ld\n",
  157. pSession,UserName.Length,DomainName.Length,
  158. CaseInsensitiveResponse.Length,CaseSensitiveResponse.Length));
  160. if ((UserName.Length == 0) &&
  161. (DomainName.Length == 0) &&
  162. (CaseSensitiveResponse.Length == 0) &&
  163. (CaseInsensitiveResponse.Length == 1)) {
  164. RxDbgTrace(0,Dbg,("Implicit NULL session setup\n"));
  165. pSession->Flags |= SMBCE_SESSION_FLAGS_NULL_CREDENTIALS;
  166. } else {
  167. if( pServerEntry->SecuritySignaturesEnabled == TRUE &&
  168. pServerEntry->SecuritySignaturesActive == FALSE &&
  169. !FlagOn(pSession->Flags, SMBCE_SESSION_FLAGS_GUEST_SESSION)) {
  171. if (FlagOn(pSession->Flags, SMBCE_SESSION_FLAGS_LANMAN_SESSION_KEY_USED)) {
  172. UCHAR SessionKey[MSV1_0_USER_SESSION_KEY_LENGTH];
  174. RtlZeroMemory(SessionKey, sizeof(SessionKey));
  175. RtlCopyMemory(SessionKey, pSession->LanmanSessionKey, MSV1_0_LANMAN_SESSION_KEY_LENGTH);
  177. SmbInitializeSmbSecuritySignature(pServer,
  178. SessionKey,
  179. CaseInsensitiveResponse.Buffer,
  180. CaseInsensitiveResponse.Length);
  181. } else{
  182. SmbInitializeSmbSecuritySignature(pServer,
  183. pSession->UserSessionKey,
  184. CaseSensitiveResponse.Buffer,
  185. CaseSensitiveResponse.Length);
  186. }
  187. }
  188. }
  189. }
  190. }
  192. if (NT_SUCCESS(Status)) {
  193. PBYTE pBuffer = pSmbBuffer;
  195. if (pServer->Dialect == NTLANMAN_DIALECT) {
  196. if (FlagOn(pServer->DialectFlags,DF_EXTENDED_SECURITY) &&
  197. !FlagOn(pSession->Flags,SMBCE_SESSION_FLAGS_REMOTE_BOOT_SESSION)) {
  199. //
  200. // Already done above
  201. //
  202. NOTHING ;
  203. } else {
  204. //PREQ_SESSION_SETUP_ANDX pSessionSetupReq = (PREQ_SESSION_SETUP_ANDX)pSmbBuffer;
  205. PREQ_NT_SESSION_SETUP_ANDX pNtSessionSetupReq = (PREQ_NT_SESSION_SETUP_ANDX)pSmbBuffer;
  207. // It it is a NT server both the case insensitive and case sensitive passwords
  208. // need to be copied. for share-level, just copy a token 1-byte NULL password
  210. // Position the buffer for copying the password.
  211. pBuffer += FIELD_OFFSET(REQ_NT_SESSION_SETUP_ANDX,Buffer);
  212. BufferSize -= FIELD_OFFSET(REQ_NT_SESSION_SETUP_ANDX,Buffer);
  213. SmbPutUlong(&pNtSessionSetupReq->Reserved,0);
  215. if (pServer->SecurityMode == SECURITY_MODE_USER_LEVEL){
  216. RxDbgTrace( 0, Dbg, ("BuildSessionSetupSecurityInformation -- NtUserPasswords\n"));
  218. if (pServer->EncryptPasswords) {
  220. SmbPutUshort(
  221. &pNtSessionSetupReq->CaseInsensitivePasswordLength,
  222. CaseInsensitiveResponse.Length);
  224. SmbPutUshort(
  225. &pNtSessionSetupReq->CaseSensitivePasswordLength,
  226. CaseSensitiveResponse.Length);
  228. Status = SmbPutString(
  229. &pBuffer,
  230. &CaseInsensitiveResponse,
  231. &BufferSize);
  233. if (NT_SUCCESS(Status)) {
  234. Status = SmbPutString(
  235. &pBuffer,
  236. &CaseSensitiveResponse,
  237. &BufferSize);
  238. }
  239. } else if (EnablePlainTextPassword) {
  240. if (pSession->pPassword != NULL) {
  241. if (FlagOn(pServer->DialectFlags,DF_UNICODE)) {
  242. PBYTE pTempBuffer = pBuffer;
  244. *pBuffer = 0;
  245. pBuffer = ALIGN_SMB_WSTR(pBuffer);
  246. BufferSize -= (ULONG)(pBuffer - pTempBuffer);
  248. SmbPutUshort(
  249. &pNtSessionSetupReq->CaseInsensitivePasswordLength,
  250. 0);
  252. SmbPutUshort(
  253. &pNtSessionSetupReq->CaseSensitivePasswordLength,
  254. pSession->pPassword->Length + 2);
  256. Status = SmbPutUnicodeString(
  257. &pBuffer,
  258. pSession->pPassword,
  259. &BufferSize);
  260. } else {
  261. SmbPutUshort(
  262. &pNtSessionSetupReq->CaseInsensitivePasswordLength,
  263. pSession->pPassword->Length/2 + 1);
  265. SmbPutUshort(
  266. &pNtSessionSetupReq->CaseSensitivePasswordLength,
  267. 0);
  269. Status = SmbPutUnicodeStringAsOemString(
  270. &pBuffer,
  271. pSession->pPassword,
  272. &BufferSize);
  273. }
  274. } else {
  275. SmbPutUshort(&pNtSessionSetupReq->CaseSensitivePasswordLength,0);
  276. SmbPutUshort(&pNtSessionSetupReq->CaseInsensitivePasswordLength,1);
  277. *pBuffer++ = '\0';
  278. BufferSize -= sizeof(CHAR);
  279. }
  280. } else {
  281. Status = STATUS_LOGIN_WKSTA_RESTRICTION;
  282. }
  283. } else {
  284. RxDbgTrace( 0, Dbg, ("BuildSessionSetupSecurityInformation -- NtSharePasswords\n"));
  286. SmbPutUshort(&pNtSessionSetupReq->CaseInsensitivePasswordLength, 1);
  287. SmbPutUshort(&pNtSessionSetupReq->CaseSensitivePasswordLength, 1);
  288. *pBuffer = 0;
  289. *(pBuffer+1) = 0;
  290. pBuffer += 2;
  291. BufferSize -= 2;
  292. }
  293. }
  294. } else {
  295. PREQ_SESSION_SETUP_ANDX pSessionSetupReq = (PREQ_SESSION_SETUP_ANDX)pSmbBuffer;
  297. // Position the buffer for copying the password.
  298. pBuffer += FIELD_OFFSET(REQ_SESSION_SETUP_ANDX,Buffer);
  299. BufferSize -= FIELD_OFFSET(REQ_SESSION_SETUP_ANDX,Buffer);
  301. if ( (pServer->SecurityMode == SECURITY_MODE_USER_LEVEL)
  302. && (CaseInsensitiveResponse.Length > 0)) {
  304. if (pServer->EncryptPasswords) {
  305. // For other lanman servers only the case insensitive password is required.
  306. SmbPutUshort(
  307. &pSessionSetupReq->PasswordLength,
  308. CaseInsensitiveResponse.Length);
  310. // Copy the password
  311. Status = SmbPutString(
  312. &pBuffer,
  313. &CaseInsensitiveResponse,
  314. &BufferSize);
  315. } else {
  316. if (EnablePlainTextPassword) {
  317. if (pSession->pPassword != NULL) {
  318. SmbPutUshort(
  319. &pSessionSetupReq->PasswordLength,
  320. pSession->pPassword->Length/2 + 1);
  322. Status = SmbPutUnicodeStringAsOemString(
  323. &pBuffer,
  324. pSession->pPassword,
  325. &BufferSize);
  326. } else {
  327. SmbPutUshort(&pSessionSetupReq->PasswordLength,1);
  328. *pBuffer++ = '\0';
  329. BufferSize -= sizeof(CHAR);
  330. }
  331. } else {
  332. Status = STATUS_LOGIN_WKSTA_RESTRICTION;
  333. }
  334. }
  335. } else {
  336. // Share level security. Send a null string for the password
  337. SmbPutUshort(&pSessionSetupReq->PasswordLength,1);
  338. *pBuffer++ = '\0';
  339. BufferSize -= sizeof(CHAR);
  340. }
  341. }
  343. // The User name and the domain name strings can be either copied from
  344. // the information returned in the request response or the information
  345. // that is already present in the session entry.
  346. if (NT_SUCCESS(Status) &&
  347. (!FlagOn(pServer->DialectFlags,DF_EXTENDED_SECURITY) ||
  348. FlagOn(pSession->Flags,SMBCE_SESSION_FLAGS_REMOTE_BOOT_SESSION))) {
  349. if ((pServer->Dialect == NTLANMAN_DIALECT) &&
  350. (pServer->NtServer.NtCapabilities & CAP_UNICODE)) {
  351. // Copy the account/domain names as UNICODE strings
  352. PBYTE pTempBuffer = pBuffer;
  354. RxDbgTrace( 0, Dbg, ("BuildSessionSetupSecurityInformation -- account/domain as unicode\n"));
  355. *pBuffer = 0;
  356. pBuffer = ALIGN_SMB_WSTR(pBuffer);
  357. BufferSize -= (ULONG)(pBuffer - pTempBuffer);
  359. Status = SmbPutUnicodeString(
  360. &pBuffer,
  361. &UserName,
  362. &BufferSize);
  364. if (NT_SUCCESS(Status)) {
  365. Status = SmbPutUnicodeString(
  366. &pBuffer,
  367. &DomainName,
  368. &BufferSize);
  370. }
  371. } else {
  372. // Copy the account/domain names as ASCII strings.
  373. RxDbgTrace( 0, Dbg, ("BuildSessionSetupSecurityInformation -- account/domain as ascii\n"));
  374. Status = SmbPutUnicodeStringAsOemString(
  375. &pBuffer,
  376. &UserName,
  377. &BufferSize);
  379. if (NT_SUCCESS(Status)) {
  380. Status = SmbPutUnicodeStringAsOemString(
  381. &pBuffer,
  382. &DomainName,
  383. &BufferSize);
  384. }
  385. }
  386. }
  388. if (NT_SUCCESS(Status)) {
  389. *pSmbBufferSize = BufferSize;
  390. }
  391. }
  393. // Free the buffer allocated by the security package.
  394. if ((pServer->DialectFlags & DF_EXTENDED_SECURITY) &&
  395. !FlagOn(pSession->Flags,SMBCE_SESSION_FLAGS_REMOTE_BOOT_SESSION)) {
  396. BuildExtendedSessionSetupResponseEpilogue(&ResponseContext);
  397. } else {
  398. BuildNtLanmanResponseEpilogue(pExchange, &ResponseContext);
  399. }
  401. // Detach from the rdr process.
  402. FINALLY:
  403. RxDbgTrace( -1, Dbg, ("BuildSessionSetupSecurityInformation -- Exit, status=%08lx\n",Status));
  404. return Status;
  405. }
  407. NTSTATUS
  408. BuildTreeConnectSecurityInformation(
  409. PSMB_EXCHANGE pExchange,
  410. PBYTE pBuffer,
  411. PBYTE pPasswordLength,
  412. PULONG pSmbBufferSize)
  413. /*++
  415. Routine Description:
  417. This routine builds the security related information for the session setup SMB
  419. Arguments:
  421. pServer - the server instance
  423. pLogonId - the logon id. for which the session is being setup
  425. pPassword - the user supplied password if any
  427. pBuffer - the password buffer
  429. pPasswordLength - where the password length is to be stored
  431. pSmbBufferSize - the size of the buffer on input ( modified to size remaining on
  432. output)
  434. Return Value:
  436. NTSTATUS - The return status for the operation
  438. Notes:
  440. Eventhough the genral structure of the code tries to isolate dialect specific issues
  441. as much as possible this routine takes the opposite approach. This is because of the
  442. preamble and prologue to security interaction which far outweigh the dialect specific
  443. work required to be done. Therefore in the interests of a smaller footprint this approach
  444. has been adopted.
  446. --*/
  447. {
  448. NTSTATUS FinalStatus,Status;
  450. UNICODE_STRING UserName,DomainName;
  451. STRING CaseSensitiveChallengeResponse,CaseInsensitiveChallengeResponse;
  453. SECURITY_RESPONSE_CONTEXT ResponseContext;
  455. ULONG PasswordLength = 0;
  457. PSMBCE_SERVER pServer = SmbCeGetExchangeServer(pExchange);
  458. PSMBCE_SESSION pSession = SmbCeGetExchangeSession(pExchange);
  460. KAPC_STATE ApcState;
  461. BOOLEAN AttachToSystemProcess = FALSE;
  463. PAGED_CODE();
  465. Status = STATUS_SUCCESS;
  467. if (pServer->EncryptPasswords) {
  469. Status = BuildNtLanmanResponsePrologue(
  470. pExchange,
  471. &UserName,
  472. &DomainName,
  473. &CaseSensitiveChallengeResponse,
  474. &CaseInsensitiveChallengeResponse,
  475. &ResponseContext);
  477. if (NT_SUCCESS(Status)) {
  478. if (FlagOn(pServer->DialectFlags,DF_MIXEDCASEPW)) {
  479. RxDbgTrace( 0, Dbg, ("BuildTreeConnectSecurityInformation -- case sensitive password\n"));
  480. // Copy the password length onto the SMB buffer
  481. PasswordLength = CaseSensitiveChallengeResponse.Length;
  483. // Copy the password
  484. Status = SmbPutString(
  485. &pBuffer,
  486. &CaseSensitiveChallengeResponse,
  487. pSmbBufferSize);
  488. } else {
  489. RxDbgTrace( 0, Dbg, ("BuildTreeConnectSecurityInformation -- case insensitive password\n"));
  490. // Copy the password length onto the SMB buffer
  491. PasswordLength = CaseInsensitiveChallengeResponse.Length;
  493. // Copy the password
  494. Status = SmbPutString(
  495. &pBuffer,
  496. &CaseInsensitiveChallengeResponse,
  497. pSmbBufferSize);
  498. }
  500. BuildNtLanmanResponseEpilogue(pExchange, &ResponseContext);
  501. }
  503. } else {
  504. if (pSession->pPassword == NULL) {
  505. // The logon password cannot be sent as plain text. Send a Null string as password.
  507. PasswordLength = 1;
  508. if (*pSmbBufferSize >= 1) {
  509. *((PCHAR)pBuffer) = '\0';
  510. pBuffer += sizeof(CHAR);
  511. Status = STATUS_SUCCESS;
  512. } else {
  513. Status = STATUS_BUFFER_OVERFLOW;
  514. }
  515. } else {
  516. if (EnablePlainTextPassword) {
  517. OEM_STRING OemString;
  519. OemString.Length = OemString.MaximumLength = (USHORT)(*pSmbBufferSize - sizeof(CHAR));
  520. OemString.Buffer = pBuffer;
  521. Status = RtlUnicodeStringToOemString(
  522. &OemString,
  523. pSession->pPassword,
  524. FALSE);
  526. if (NT_SUCCESS(Status)) {
  527. PasswordLength = OemString.Length+1;
  528. }
  529. } else {
  530. Status = STATUS_LOGON_FAILURE;
  531. }
  532. }
  534. // reduce the byte count
  535. *pSmbBufferSize -= PasswordLength;
  536. }
  538. SmbPutUshort(pPasswordLength,(USHORT)PasswordLength);
  540. return Status;
  541. }