archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
9 Commits
1 Branch
0 Tags
2.0 GiB
Tree: 75c48ba87f
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '75c48ba87f'
${ noResults }
windows-xp/Source/XPSP1/NT/ds/security/base/keymgr/pswchg.cpp

415 lines
12 KiB
Raw Normal View History

Add source files
4 years ago
  1. #include <nt.h>
  2. #include <ntrtl.h>
  3. #include <nturtl.h>
  4. #include <windows.h>
  5. #include <wincred.h>
  6. #include <align.h>
  7. #include <lm.h>
  8. #include <ntsecapi.h>
  9. #include <dsgetdc.h>
  10. #include <stdlib.h>
  11. #include <stdio.h>
  12. #include <string.h>
  14. // !!!!!
  15. // this file is a duplicate of a nearly identical file in the credui project. It should be removed when
  16. // the implementation of NetUserChangePassword() is updated to handle unc names and MIT Kerberos
  17. // realms properly. For now, it wraps NetUserChangePassword() to handle the extra cases.
  19. // Dependent libraries:
  20. // secur32.lib, netapi32.lib
  22. // external fn: NET_API_STATUS NetUserChangePasswordEy(LPCWSTR,LPCWSTR,LPCWSTR,LPCWSTR)
  24. BOOL
  25. IsMITName (
  26. LPCWSTR UserName
  27. )
  28. {
  29. BOOL fReturn = FALSE;
  30. HKEY MitKey;
  31. DWORD Index;
  32. PWSTR Realms;
  33. DWORD RealmSize;
  34. int err;
  35. DWORD NumRealms;
  36. DWORD MaxRealmLength;
  37. FILETIME KeyTime;
  38. WCHAR *szUncTail;
  40. if (NULL == UserName) return FALSE;
  42. szUncTail = wcschr(UserName,'@');
  43. if (NULL == szUncTail) return FALSE;
  44. szUncTail++; // point to char following @
  46. err = RegOpenKeyEx(
  47. HKEY_LOCAL_MACHINE,
  48. TEXT("System\\CurrentControlSet\\Control\\Lsa\\Kerberos\\Domains"),
  49. 0,
  50. KEY_READ,
  51. &MitKey );
  53. if ( err == 0 )
  54. {
  55. #ifdef LOUDLY
  56. OutputDebugString(L"Kerberos domains key opened\n");
  57. #endif
  58. err = RegQueryInfoKey( MitKey,
  59. NULL,
  60. NULL,
  61. NULL,
  62. &NumRealms,
  63. &MaxRealmLength,
  64. NULL,
  65. NULL,
  66. NULL,
  67. NULL,
  68. NULL,
  69. NULL );
  71. MaxRealmLength++ ;
  73. MaxRealmLength *= sizeof( WCHAR );
  75. Realms = (PWSTR) malloc(MaxRealmLength );
  78. if ( Realms)
  79. {
  80. #ifdef LOUDLY
  81. OutputDebugString(L"Kerberos realms found\n");
  82. #endif
  84. for ( Index = 0 ; Index < NumRealms ; Index++ )
  85. {
  86. RealmSize = MaxRealmLength ;
  88. err = RegEnumKeyEx( MitKey,
  89. Index,
  90. Realms,
  91. &RealmSize,
  92. NULL,
  93. NULL,
  94. NULL,
  95. &KeyTime );
  96. if (err == 0)
  97. {
  98. #ifdef LOUDLY
  99. OutputDebugString(L"Fetched realm: ");
  100. OutputDebugString(Realms);
  101. OutputDebugString(L"\n");
  102. OutputDebugString(L"Username suffix: ");
  103. OutputDebugString(szUncTail);
  104. OutputDebugString(L"\n");
  105. #endif
  106. if (0 == _wcsicmp(szUncTail, Realms))
  107. {
  108. #ifdef LOUDLY
  109. OutputDebugString(L"Username maps to an MIT realm\n");
  110. #endif
  111. fReturn = TRUE;
  112. break;
  113. }
  114. }
  115. }
  116. }
  117. free(Realms);
  118. }
  119. return fReturn;
  120. }
  122. NTSTATUS
  123. MitChangePasswordEy(
  124. LPCWSTR DomainName,
  125. LPCWSTR UserName,
  126. LPCWSTR OldPassword,
  127. LPCWSTR NewPassword,
  128. NTSTATUS *pSubStatus
  129. )
  130. {
  131. HANDLE hLsa = NULL;
  132. NTSTATUS Status;
  133. NTSTATUS SubStatus;
  135. STRING Name;
  136. ULONG PackageId;
  138. PVOID Response = NULL ;
  139. ULONG ResponseSize;
  141. PKERB_CHANGEPASSWORD_REQUEST ChangeRequest = NULL;
  142. ULONG ChangeSize;
  144. UNICODE_STRING User,Domain,OldPass,NewPass;
  146. Status = LsaConnectUntrusted(&hLsa);
  147. if (!SUCCEEDED(Status)) goto Cleanup;
  148. #ifdef LOUDLY
  149. OutputDebugString(L"We have an LSA handle\n");
  150. #endif
  152. RtlInitString(
  153. &Name,
  154. MICROSOFT_KERBEROS_NAME_A
  155. );
  157. Status = LsaLookupAuthenticationPackage(
  158. hLsa,
  159. &Name,
  160. &PackageId
  161. );
  162. if (!NT_SUCCESS(Status))
  163. {
  164. goto Cleanup;
  165. }
  166. #ifdef LOUDLY
  167. OutputDebugString(L"Authentication package found\n");
  168. #endif
  170. RtlInitUnicodeString(
  171. &User,
  172. UserName
  173. );
  174. RtlInitUnicodeString(
  175. &Domain,
  176. DomainName
  177. );
  178. RtlInitUnicodeString(
  179. &OldPass,
  180. OldPassword
  181. );
  182. RtlInitUnicodeString(
  183. &NewPass,
  184. NewPassword
  185. );
  187. ChangeSize = ROUND_UP_COUNT(sizeof(KERB_CHANGEPASSWORD_REQUEST),4)+
  188. User.Length +
  189. Domain.Length +
  190. OldPass.Length +
  191. NewPass.Length ;
  192. ChangeRequest = (PKERB_CHANGEPASSWORD_REQUEST) LocalAlloc(LMEM_ZEROINIT, ChangeSize );
  194. if ( ChangeRequest == NULL )
  195. {
  196. Status = STATUS_NO_MEMORY ;
  197. goto Cleanup ;
  198. }
  200. ChangeRequest->MessageType = KerbChangePasswordMessage;
  202. ChangeRequest->AccountName = User;
  203. ChangeRequest->AccountName.Buffer = (LPWSTR) ROUND_UP_POINTER(sizeof(KERB_CHANGEPASSWORD_REQUEST) + (PBYTE) ChangeRequest,4);
  205. RtlCopyMemory(
  206. ChangeRequest->AccountName.Buffer,
  207. User.Buffer,
  208. User.Length
  209. );
  211. ChangeRequest->DomainName = Domain;
  212. ChangeRequest->DomainName.Buffer = ChangeRequest->AccountName.Buffer + ChangeRequest->AccountName.Length / sizeof(WCHAR);
  214. RtlCopyMemory(
  215. ChangeRequest->DomainName.Buffer,
  216. Domain.Buffer,
  217. Domain.Length
  218. );
  220. ChangeRequest->OldPassword = OldPass;
  221. ChangeRequest->OldPassword.Buffer = ChangeRequest->DomainName.Buffer + ChangeRequest->DomainName.Length / sizeof(WCHAR);
  223. RtlCopyMemory(
  224. ChangeRequest->OldPassword.Buffer,
  225. OldPass.Buffer,
  226. OldPass.Length
  227. );
  229. ChangeRequest->NewPassword = NewPass;
  230. ChangeRequest->NewPassword.Buffer = ChangeRequest->OldPassword.Buffer + ChangeRequest->OldPassword.Length / sizeof(WCHAR);
  232. RtlCopyMemory(
  233. ChangeRequest->NewPassword.Buffer,
  234. NewPass.Buffer,
  235. NewPass.Length
  236. );
  239. //
  240. // We are running as the caller, so state we are impersonating
  241. //
  243. //ChangeRequest->Impersonating = TRUE;
  244. #ifdef LOUDLY
  245. OutputDebugString(L"Attempting to call the authentication package\n");
  246. #endif
  247. Status = LsaCallAuthenticationPackage(
  248. hLsa,
  249. PackageId,
  250. ChangeRequest,
  251. ChangeSize,
  252. &Response,
  253. &ResponseSize,
  254. &SubStatus
  255. );
  256. if (!NT_SUCCESS(Status) || !NT_SUCCESS(SubStatus))
  257. {
  258. #ifdef LOUDLY
  259. WCHAR szsz[200];
  260. swprintf(szsz,L"Call failed. Status %x SubStatus %x\n",Status, SubStatus);
  261. OutputDebugString(szsz);
  262. #endif
  263. if (NT_SUCCESS(Status))
  264. {
  265. Status = SubStatus;
  266. *pSubStatus = STATUS_UNSUCCESSFUL ;
  267. }
  268. else
  269. {
  270. *pSubStatus = SubStatus;
  271. }
  272. }
  274. Cleanup:
  276. if (hLsa) LsaDeregisterLogonProcess(hLsa);
  278. if (Response != NULL) LsaFreeReturnBuffer(Response);
  279. if (ChangeRequest != NULL) LocalFree(ChangeRequest);
  281. return(Status);
  282. }
  284. /*
  286. NetUserChangePasswordEy()
  288. A wrapper function to superset the functionality of NetUserChangePassword(), specifically
  289. by adding support for changing the account password for an MIT Kerberos principal.
  291. This routine accepts:
  293. 1. uncracked username, with NULL domain
  294. 2. cracked username, with domain portion routed to the domain argument
  296. In case 1, it handles all cases, including MIT realm password changes
  297. In case 2, it will not handle MIT realms.
  299. Case 2 is provided for backwards compatibility with NetUserChangePassword(). It is intended
  300. that callers should pass the uncracked name, and remove the cracking code from the client.
  302. */
  303. NET_API_STATUS
  304. NetUserChangePasswordEy (
  305. LPCWSTR domainname,
  306. LPCWSTR username,
  307. LPCWSTR oldpassword,
  308. LPCWSTR newpassword
  309. )
  310. {
  311. NTSTATUS ns; // status from call
  312. NET_API_STATUS nas;
  313. NTSTATUS ss; // substatus
  314. #ifdef LOUDLY
  315. OutputDebugString(L"NetUserChangePasswordEy called for ");
  316. OutputDebugString(username);
  317. OutputDebugString(L"\n");
  318. #endif
  319. // domainname may be a kerberos realm
  320. // If not a UNC name, call through to NetUserChangePassword
  321. // else
  322. // locate UNC suffix
  323. // search all domains returned by DsEnumerateDomainTrusts() for a match
  324. // On match, if is kerberos realm, call MitChangePasswordEy()
  325. // else call NetUserChangePassword
  326. if ((domainname == NULL) && IsMITName(username))
  327. {
  328. ns = MitChangePasswordEy(domainname, username, oldpassword, newpassword, &ss);
  329. // remap certain errors returned by MitChangePasswordEy to coincide with those of NetUserChangePassword
  330. if (NT_SUCCESS(ns)) nas = NERR_Success;
  331. else
  332. {
  333. switch (ns)
  334. {
  335. case STATUS_CANT_ACCESS_DOMAIN_INFO:
  336. case STATUS_NO_SUCH_DOMAIN:
  337. {
  338. nas = NERR_InvalidComputer;
  339. break;
  340. }
  341. case STATUS_NO_SUCH_USER:
  342. case STATUS_WRONG_PASSWORD_CORE:
  343. case STATUS_WRONG_PASSWORD:
  344. {
  345. nas = ERROR_INVALID_PASSWORD;
  346. break;
  347. }
  348. case STATUS_ACCOUNT_RESTRICTION:
  349. case STATUS_ACCESS_DENIED:
  350. case STATUS_BACKUP_CONTROLLER:
  351. {
  352. nas = ERROR_ACCESS_DENIED;
  353. break;
  354. }
  355. case STATUS_PASSWORD_RESTRICTION:
  356. {
  357. nas = NERR_PasswordTooShort;
  358. break;
  359. }
  361. default:
  362. nas = -1; // will produce omnibus error message when found (none of the above)
  363. break;
  364. }
  365. }
  366. }
  367. else if (NULL == domainname)
  368. {
  369. WCHAR RetUserName[CRED_MAX_USERNAME_LENGTH + 1];
  370. WCHAR RetDomainName[CRED_MAX_USERNAME_LENGTH + 1];
  371. RetDomainName[0] = 0;
  372. DWORD Status = CredUIParseUserNameW(
  373. username,
  374. RetUserName,
  375. CRED_MAX_USERNAME_LENGTH,
  376. RetDomainName,
  377. CRED_MAX_USERNAME_LENGTH);
  378. switch (Status)
  379. {
  380. case NO_ERROR:
  381. {
  382. #ifdef LOUDLY
  383. OutputDebugString(L"Non-MIT password change for ");
  384. OutputDebugString(RetUserName);
  385. OutputDebugString(L" of domain ");
  386. OutputDebugString(RetDomainName);
  387. OutputDebugString(L"\n");
  388. #endif
  389. nas = NetUserChangePassword(RetDomainName,RetUserName,oldpassword,newpassword);
  390. break;
  391. }
  392. case ERROR_INSUFFICIENT_BUFFER:
  393. nas = ERROR_INVALID_PARAMETER;
  394. break;
  395. case ERROR_INVALID_ACCOUNT_NAME:
  396. default:
  397. nas = NERR_UserNotFound;
  398. break;
  399. }
  401. }
  402. else
  403. {
  404. // both username and domainname passed.
  405. nas = NetUserChangePassword(domainname,username,oldpassword,newpassword);
  406. }
  407. #ifdef LOUDLY
  408. WCHAR szsz[200];
  409. swprintf(szsz,L"NUCPEy returns %x\n",nas);
  410. OutputDebugString(szsz);
  411. #endif
  412. return nas;
  413. }