archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7 Commits
1 Branch
0 Tags
2.0 GiB
Tree: 1b390dddff
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '1b390dddff'
${ noResults }
windows-xp/Source/XPSP1/NT/ds/security/protocols/msv_sspi/utility.cxx

422 lines
8.7 KiB
Raw Normal View History

Add source files
4 years ago
  1. /*++
  3. Copyright (c) 1987-1993 Microsoft Corporation
  5. Module Name:
  7. utility.cxx
  9. Abstract:
  11. Private NtLmSsp service utility routines.
  13. Author:
  15. Cliff Van Dyke (cliffv) 9-Jun-1993
  17. Environment:
  19. User mode only.
  20. Contains NT-specific code.
  21. Requires ANSI C extensions: slash-slash comments, long external names.
  23. Revision History:
  24. ChandanS 06-Aug-1996 Stolen from net\svcdlls\ntlmssp\common\utility.c
  26. --*/
  28. //
  29. // Common include files.
  30. //
  32. #include <global.h>
  34. //
  35. // Include files specific to this .c file
  36. //
  38. #include <netlib.h> // NetpMemoryFree()
  39. #include <secobj.h> // ACE_DATA ...
  40. #include <stdio.h> // vsprintf().
  41. #include <tstr.h> // TCHAR_ equates.
  43. #define SSP_TOKEN_ACCESS (READ_CONTROL |\
  44. WRITE_DAC |\
  45. TOKEN_DUPLICATE |\
  46. TOKEN_IMPERSONATE |\
  47. TOKEN_QUERY |\
  48. TOKEN_QUERY_SOURCE |\
  49. TOKEN_ADJUST_PRIVILEGES |\
  50. TOKEN_ADJUST_GROUPS |\
  51. TOKEN_ADJUST_DEFAULT)
  54. #if DBG
  57. SECURITY_STATUS
  58. SspNtStatusToSecStatus(
  59. IN NTSTATUS NtStatus,
  60. IN SECURITY_STATUS DefaultStatus
  61. )
  62. /*++
  64. Routine Description:
  66. Convert an NtStatus code to the corresponding Security status code. For
  67. particular errors that are required to be returned as is (for setup code)
  68. don't map the errors.
  71. Arguments:
  73. NtStatus - NT status to convert
  75. Return Value:
  77. Returns security status code.
  79. --*/
  80. {
  81. //
  82. // this routine is left here for DBG builds to enable the developer
  83. // to ASSERT on status codes, etc.
  84. //
  86. return(NtStatus);
  87. }
  89. #endif
  92. BOOLEAN
  93. SspTimeHasElapsed(
  94. IN LARGE_INTEGER StartTime,
  95. IN DWORD Timeout
  96. )
  97. /*++
  99. Routine Description:
  101. Determine if "Timeout" milliseconds have elapsed since StartTime.
  103. Arguments:
  105. StartTime - Specifies an absolute time when the event started (100ns units).
  107. Timeout - Specifies a relative time in milliseconds. 0xFFFFFFFF indicates
  108. that the time will never expire.
  110. Return Value:
  112. TRUE -- iff Timeout milliseconds have elapsed since StartTime.
  114. --*/
  115. {
  116. LARGE_INTEGER TimeNow;
  117. LARGE_INTEGER ElapsedTime;
  118. LARGE_INTEGER Period;
  120. //
  121. // If the period to too large to handle (i.e., 0xffffffff is forever),
  122. // just indicate that the timer has not expired.
  123. //
  124. // (0x7fffffff is a little over 24 days).
  125. //
  127. if ( Timeout> 0x7fffffff ) {
  128. return FALSE;
  129. }
  131. //
  132. // Compute the elapsed time
  133. //
  135. NtQuerySystemTime( &TimeNow );
  136. ElapsedTime.QuadPart = TimeNow.QuadPart - StartTime.QuadPart;
  138. //
  139. // Convert Timeout from milliseconds into 100ns units.
  140. //
  142. Period.QuadPart = Int32x32To64( (LONG)Timeout, 10000 );
  145. //
  146. // If the elapsed time is negative (totally bogus),
  147. // or greater than the maximum allowed,
  148. // indicate the period has elapsed.
  149. //
  151. if ( ElapsedTime.QuadPart < 0 || ElapsedTime.QuadPart > Period.QuadPart ) {
  152. return TRUE;
  153. }
  155. return FALSE;
  156. }
  159. SECURITY_STATUS
  160. SspDuplicateToken(
  161. IN HANDLE OriginalToken,
  162. IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,
  163. OUT PHANDLE DuplicatedToken
  164. )
  165. /*++
  167. Routine Description:
  169. Duplicates a token
  171. Arguments:
  173. OriginalToken - Token to duplicate
  174. DuplicatedToken - Receives handle to duplicated token
  176. Return Value:
  178. Any error from NtDuplicateToken
  180. --*/
  181. {
  182. NTSTATUS Status;
  183. OBJECT_ATTRIBUTES ObjectAttributes;
  184. SECURITY_QUALITY_OF_SERVICE QualityOfService;
  186. InitializeObjectAttributes(
  187. &ObjectAttributes,
  188. NULL,
  189. 0,
  190. NULL,
  191. NULL
  192. );
  194. QualityOfService.Length = sizeof(SECURITY_QUALITY_OF_SERVICE);
  195. QualityOfService.EffectiveOnly = FALSE;
  196. QualityOfService.ContextTrackingMode = SECURITY_STATIC_TRACKING;
  197. QualityOfService.ImpersonationLevel = ImpersonationLevel;
  198. ObjectAttributes.SecurityQualityOfService = &QualityOfService;
  200. Status = NtDuplicateToken(
  201. OriginalToken,
  202. SSP_TOKEN_ACCESS,
  203. &ObjectAttributes,
  204. FALSE,
  205. TokenImpersonation,
  206. DuplicatedToken
  207. );
  209. return(SspNtStatusToSecStatus(Status, SEC_E_NO_IMPERSONATION));
  210. }
  213. LPWSTR
  214. SspAllocWStrFromWStr(
  215. IN LPWSTR Unicode
  216. )
  218. /*++
  220. Routine Description:
  222. Allocate and copy unicode string (wide character strdup)
  224. Arguments:
  226. Unicode - pointer to wide character string to make copy of
  228. Return Value:
  230. NULL - There was some error in the conversion.
  232. Otherwise, it returns a pointer to the zero terminated UNICODE string in
  233. an allocated buffer. The buffer must be freed using NtLmFree.
  235. --*/
  237. {
  238. DWORD Size;
  239. LPWSTR ptr;
  241. Size = WCSSIZE(Unicode);
  242. ptr = (LPWSTR)NtLmAllocate(Size);
  243. if ( ptr != NULL) {
  244. RtlCopyMemory(ptr, Unicode, Size);
  245. }
  246. return ptr;
  247. }
  250. VOID
  251. SspHidePassword(
  252. IN OUT PUNICODE_STRING Password
  253. )
  254. /*++
  256. Routine Description:
  258. Run-encodes the password so that it is not very visually
  259. distinguishable. This is so that if it makes it to a
  260. paging file, it wont be obvious.
  263. WARNING - This routine will use the upper portion of the
  264. password's length field to store the seed used in encoding
  265. password. Be careful you don't pass such a string to
  266. a routine that looks at the length (like and RPC routine).
  268. Arguments:
  270. Seed - The seed to use to hide the password.
  272. PasswordSource - Contains password to hide.
  274. Return Value:
  277. --*/
  278. {
  279. SspPrint((SSP_API_MORE, "Entering SspHidePassword\n"));
  281. if( (Password->Length != 0) && (Password->MaximumLength != 0) )
  282. {
  283. LsaFunctions->LsaProtectMemory( Password->Buffer, (ULONG)Password->MaximumLength );
  284. }
  286. SspPrint((SSP_API_MORE, "Leaving SspHidePassword\n"));
  287. }
  290. VOID
  291. SspRevealPassword(
  292. IN OUT PUNICODE_STRING HiddenPassword
  293. )
  294. /*++
  296. Routine Description
  298. Reveals a previously hidden password so that it
  299. is plain text once again.
  301. Arguments:
  303. HiddenPassword - Contains the password to reveal
  305. Return Value
  307. --*/
  308. {
  309. SspPrint((SSP_API_MORE, "Entering SspRevealPassword\n"));
  311. if( (HiddenPassword->Length != 0) && (HiddenPassword->MaximumLength != 0) )
  312. {
  313. LsaFunctions->LsaUnprotectMemory( HiddenPassword->Buffer, (ULONG)HiddenPassword->MaximumLength );
  314. }
  316. SspPrint((SSP_API_MORE, "Leaving SspRevealPassword\n"));
  317. }
  320. BOOLEAN
  321. SspGetTokenBuffer(
  322. IN PSecBufferDesc TokenDescriptor OPTIONAL,
  323. IN ULONG BufferIndex,
  324. OUT PSecBuffer * Token,
  325. IN BOOLEAN ReadonlyOK
  326. )
  328. /*++
  330. Routine Description:
  332. This routine parses a Token Descriptor and pulls out the useful
  333. information.
  335. Arguments:
  337. TokenDescriptor - Descriptor of the buffer containing (or to contain) the
  338. token. If not specified, TokenBuffer and TokenSize will be returned
  339. as NULL.
  341. TokenBuffer - Returns a pointer to the buffer for the token.
  343. TokenSize - Returns a pointer to the location of the size of the buffer.
  345. ReadonlyOK - TRUE if the token buffer may be readonly.
  347. Return Value:
  349. TRUE - If token buffer was properly found.
  351. --*/
  353. {
  354. ULONG i, Index = 0;
  356. //
  357. // If there is no TokenDescriptor passed in,
  358. // just pass out NULL to our caller.
  359. //
  361. ASSERT(*Token != NULL);
  362. if ( !ARGUMENT_PRESENT( TokenDescriptor) ) {
  363. return TRUE;
  364. }
  366. if (TokenDescriptor->ulVersion != SECBUFFER_VERSION)
  367. {
  368. return FALSE;
  369. }
  371. //
  372. // Loop through each described buffer.
  373. //
  375. for ( i=0; i<TokenDescriptor->cBuffers ; i++ ) {
  376. PSecBuffer Buffer = &TokenDescriptor->pBuffers[i];
  377. if ( (Buffer->BufferType & (~SECBUFFER_ATTRMASK)) == SECBUFFER_TOKEN ) {
  379. //
  380. // If the buffer is readonly and readonly isn't OK,
  381. // reject the buffer.
  382. //
  384. if (!ReadonlyOK && (Buffer->BufferType & SECBUFFER_READONLY))
  385. {
  386. return FALSE;
  387. }
  389. //
  390. // It is possible that there are > 1 buffers of type SECBUFFER_TOKEN
  391. // eg, the rdr
  392. //
  394. if (Index != BufferIndex)
  395. {
  396. Index++;
  397. continue;
  398. }
  400. //
  401. // Return the requested information
  402. //
  404. if (!NT_SUCCESS(LsaFunctions->MapBuffer(Buffer, Buffer)))
  405. {
  406. return FALSE;
  407. }
  408. *Token = Buffer;
  409. return TRUE;
  410. }
  412. }
  414. //
  415. // If we didn't have a buffer, fine.
  416. //
  418. SspPrint((SSP_API_MORE, "SspGetTokenBuffer: No token passed in\n"));
  420. return TRUE;
  421. }