archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
9 Commits
1 Branch
0 Tags
2.0 GiB
Tree: 75c48ba87f
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '75c48ba87f'
${ noResults }
windows-xp/Source/XPSP1/NT/ds/security/protocols/digest/lsaap.cxx

622 lines
18 KiB
Raw Normal View History

Add source files
4 years ago
  2. //+--------------------------------------------------------------------
  3. //
  4. // Microsoft Windows
  5. //
  6. // Copyright (c) Microsoft Corporation 2000
  7. //
  8. // File: lsaap.cxx
  9. //
  10. // Contents: Authentication package dispatch routines
  11. // LsaApInitializePackage (Not needed done in SpInitialize)
  12. // LsaApLogonUser2
  13. // LsaApCallPackage
  14. // LsaApCallPackagePassthrough
  15. // LsaApLogonTerminated
  16. //
  17. // Helper functions:
  18. //
  19. // History: KDamour 10Mar00 Stolen from msv_sspi\msv1_0.c
  20. //
  21. //---------------------------------------------------------------------
  24. #include "global.h"
  26. #include <samisrv.h>
  28. #define SAM_CLEARTEXT_CREDENTIAL_NAME L"CLEARTEXT"
  29. #define SAM_WDIGEST_CREDENTIAL_NAME WDIGEST_SP_NAME // Name of the Supplemental (primary) cred blob for MD5 hashes
  32. /*++
  34. Routine Description:
  36. This routine is the dispatch routine for
  37. LsaCallAuthenticationPackage().
  39. --*/
  40. NTSTATUS
  41. LsaApCallPackage (
  42. IN PLSA_CLIENT_REQUEST ClientRequest,
  43. IN PVOID ProtocolSubmitBuffer,
  44. IN PVOID ClientBufferBase,
  45. IN ULONG SubmitBufferLength,
  46. OUT PVOID *ProtocolReturnBuffer,
  47. OUT PULONG ReturnBufferLength,
  48. OUT PNTSTATUS ProtocolStatus
  49. )
  51. {
  52. ULONG MessageType;
  54. DebugLog((DEB_TRACE_FUNC, "LsaApCallPackage: Entering/Leaving \n"));
  55. return(SEC_E_UNSUPPORTED_FUNCTION);
  56. }
  60. /*++
  62. Routine Description:
  64. This routine is the dispatch routine for
  65. LsaCallAuthenticationPackage() for untrusted clients.
  68. --*/
  69. NTSTATUS
  70. LsaApCallPackageUntrusted (
  71. IN PLSA_CLIENT_REQUEST ClientRequest,
  72. IN PVOID ProtocolSubmitBuffer,
  73. IN PVOID ClientBufferBase,
  74. IN ULONG SubmitBufferLength,
  75. OUT PVOID *ProtocolReturnBuffer,
  76. OUT PULONG ReturnBufferLength,
  77. OUT PNTSTATUS ProtocolStatus
  78. )
  80. {
  81. ULONG MessageType;
  83. DebugLog((DEB_TRACE_FUNC, "LsaApCallPackageUntrusted: Entering/Leaving \n"));
  84. return(SEC_E_UNSUPPORTED_FUNCTION);
  85. }
  89. /*++
  91. Routine Description:
  93. This routine is the dispatch routine for
  94. LsaCallAuthenticationPackage() for passthrough logon requests.
  95. When the passthrough is called (from AcceptSecurityCOntext)
  96. a databuffer is sent to the DC and this function is called.
  98. Arguments:
  100. ClientRequest - Is a pointer to an opaque data structure
  101. representing the client's request.
  103. ProtocolSubmitBuffer - Supplies a protocol message specific to
  104. the authentication package.
  106. ClientBufferBase - Provides the address within the client
  107. process at which the protocol message was resident.
  108. This may be necessary to fix-up any pointers within the
  109. protocol message buffer.
  111. SubmitBufferLength - Indicates the length of the submitted
  112. protocol message buffer.
  114. ProtocolReturnBuffer - Is used to return the address of the
  115. protocol buffer in the client process. The authentication
  116. package is responsible for allocating and returning the
  117. protocol buffer within the client process. This buffer is
  118. expected to have been allocated with the
  119. AllocateClientBuffer() service.
  121. The format and semantics of this buffer are specific to the
  122. authentication package.
  124. ReturnBufferLength - Receives the length (in bytes) of the
  125. returned protocol buffer.
  127. ProtocolStatus - Assuming the services completion is
  128. STATUS_SUCCESS, this parameter will receive completion status
  129. returned by the specified authentication package. The list
  130. of status values that may be returned are authentication
  131. package specific.
  133. Return Status:
  135. STATUS_SUCCESS - The call was made to the authentication package.
  136. The ProtocolStatus parameter must be checked to see what the
  137. completion status from the authentication package is.
  139. STATUS_QUOTA_EXCEEDED - This error indicates that the return
  140. buffer could not could not be allocated because the client
  141. does not have sufficient quota.
  146. --*/
  147. NTSTATUS
  148. LsaApCallPackagePassthrough (
  149. IN PLSA_CLIENT_REQUEST ClientRequest,
  150. IN PVOID ProtocolSubmitBuffer,
  151. IN PVOID ClientBufferBase,
  152. IN ULONG SubmitBufferLength,
  153. OUT PVOID *ProtocolReturnBuffer,
  154. OUT PULONG ReturnBufferLength,
  155. OUT PNTSTATUS ProtocolStatus
  156. )
  157. {
  158. NTSTATUS Status = STATUS_SUCCESS;
  159. NTSTATUS StatusProtocol = STATUS_SUCCESS;
  160. PDIGEST_BLOB_REQUEST pDigestBlob = NULL;
  161. ULONG MessageType = 0;
  162. USHORT i = 0;
  163. ULONG ulReturnBuffer = 0;
  164. BYTE *pReturnBuffer = NULL;
  167. DebugLog((DEB_TRACE_FUNC, "LsaApCallPackagePassthrough: Entering \n"));
  170. //
  171. // Get the messsage type from the protocol submit buffer.
  172. //
  174. if ( SubmitBufferLength < sizeof(ULONG) ) {
  175. DebugLog((DEB_ERROR, "FAILED message size to contain MessageType\n"));
  176. return STATUS_INVALID_PARAMETER;
  177. }
  179. memcpy((char *)&MessageType, (char *)ProtocolSubmitBuffer, sizeof(MessageType));
  181. if ( MessageType != VERIFY_DIGEST_MESSAGE)
  182. {
  183. DebugLog((DEB_ERROR, "FAILED to have correct message type\n"));
  184. return STATUS_ACCESS_DENIED;
  185. }
  187. //
  188. // Allow the DigestCalc routine to only set the return buffer information
  189. // on success conditions.
  190. //
  192. DebugLog((DEB_TRACE, "LsaApCallPackagePassthrough: setting return buffers to NULL\n"));
  193. *ProtocolReturnBuffer = NULL;
  194. *ReturnBufferLength = 0;
  196. // We will need to free any memory allocated in the Returnbuffer
  197. StatusProtocol = DigestPackagePassthrough((USHORT)SubmitBufferLength, (BYTE *)ProtocolSubmitBuffer,
  198. &ulReturnBuffer, &pReturnBuffer);
  199. if (!NT_SUCCESS(StatusProtocol))
  200. {
  201. DebugLog((DEB_ERROR,"LsaApCallPackagePassthrough: DigestPackagePassthrough failed 0x%x\n",Status));
  202. ulReturnBuffer = 0;
  203. goto CleanUp;
  204. }
  206. // DebugLog((DEB_TRACE, "LsaApCallPackagePassthrough: setting return auth status to STATUS_SUCCEED\n"));
  207. // DebugLog((DEB_TRACE, "LsaApCallPackagePassthrough: Total Return Buffer size %ld bytes\n", ulReturnBuffer));
  209. // Now place the data back to the client (the server calling this)
  210. Status = g_LsaFunctions->AllocateClientBuffer(
  211. NULL,
  212. ulReturnBuffer,
  213. ProtocolReturnBuffer
  214. );
  215. if (!NT_SUCCESS(Status))
  216. {
  217. goto CleanUp;
  218. }
  219. Status = g_LsaFunctions->CopyToClientBuffer(
  220. NULL,
  221. ulReturnBuffer,
  222. *ProtocolReturnBuffer,
  223. pReturnBuffer
  224. );
  225. if (!NT_SUCCESS(Status))
  226. { // Failed to copy over the data to the client
  227. g_LsaFunctions->FreeClientBuffer(
  228. NULL,
  229. *ProtocolReturnBuffer
  230. );
  231. *ProtocolReturnBuffer = NULL;
  232. }
  233. else
  234. {
  235. *ReturnBufferLength = ulReturnBuffer;
  236. }
  238. CleanUp:
  240. *ProtocolStatus = StatusProtocol;
  242. if (pReturnBuffer)
  243. {
  244. DigestFreeMemory(pReturnBuffer);
  245. pReturnBuffer = NULL;
  246. ulReturnBuffer = 0;
  247. }
  249. DebugLog((DEB_TRACE_FUNC, "LsaApCallPackagePassthrough: Leaving Status 0x%x\n", Status));
  250. return(Status);
  251. }
  254. /*++
  256. Routine Description:
  258. This routine is used to authenticate a user logon attempt. This is
  259. the user's initial logon. A new LSA logon session will be established
  260. for the user and validation information for the user will be returned.
  263. --*/
  264. NTSTATUS
  265. LsaApLogonUserEx2 (
  266. IN PLSA_CLIENT_REQUEST ClientRequest,
  267. IN SECURITY_LOGON_TYPE LogonType,
  268. IN PVOID ProtocolSubmitBuffer,
  269. IN PVOID ClientBufferBase,
  270. IN ULONG SubmitBufferSize,
  271. OUT PVOID *ProfileBuffer,
  272. OUT PULONG ProfileBufferSize,
  273. OUT PLUID LogonId,
  274. OUT PNTSTATUS SubStatus,
  275. OUT PLSA_TOKEN_INFORMATION_TYPE TokenInformationType,
  276. OUT PVOID *TokenInformation,
  277. OUT PUNICODE_STRING *AccountName,
  278. OUT PUNICODE_STRING *AuthenticatingAuthority,
  279. OUT PUNICODE_STRING *MachineName,
  280. OUT PSECPKG_PRIMARY_CRED PrimaryCredentials,
  281. OUT PSECPKG_SUPPLEMENTAL_CRED_ARRAY * SupplementalCredentials
  282. )
  285. {
  286. NTSTATUS Status = STATUS_SUCCESS;
  288. DebugLog((DEB_TRACE_FUNC, "LsaApLogonUserEx2: Entering/Leaving \n"));
  290. //
  291. // Return status to the caller
  292. //
  294. return (SEC_E_UNSUPPORTED_FUNCTION);
  296. }
  299. /*++
  301. Routine Description:
  303. This routine is used to notify each authentication package when a logon
  304. session terminates. A logon session terminates when the last token
  305. referencing the logon session is deleted.
  307. Arguments:
  309. LogonId - Is the logon ID that just logged off.
  311. Return Status:
  313. None.
  314. --*/
  315. VOID
  316. LsaApLogonTerminated (
  317. IN PLUID pLogonId
  318. )
  319. {
  320. NTSTATUS Status = STATUS_SUCCESS;
  321. PDIGEST_LOGONSESSION pLogonSession = NULL;
  322. LONG lReferences = 0;
  324. DebugLog((DEB_TRACE_FUNC, "LsaApLogonTerminated: Entering LogonID (%x:%lx) \n",
  325. pLogonId->HighPart, pLogonId->LowPart));
  327. //
  328. // Find the entry, dereference, and de-link it from the active logon table.
  329. //
  331. Status = LogSessHandlerLogonIdToPtr(pLogonId, TRUE, &pLogonSession);
  332. if (!NT_SUCCESS(Status))
  333. {
  334. goto CleanUp; // No LongonID found in Active list - simply exit quietly
  335. }
  337. DebugLog((DEB_TRACE, "LsaApLogonTerminated: Found LogonID (%x:%lx) \n",
  338. pLogonId->HighPart, pLogonId->LowPart));
  341. // This relies on the LSA terminating all of the credentials before killing off
  342. // the LogonSession.
  344. lReferences = InterlockedDecrement(&pLogonSession->lReferences);
  346. DebugLog((DEB_TRACE, "LsaApLogonTerminated: Refcount %ld \n", lReferences));
  348. ASSERT( lReferences >= 0 );
  350. if (lReferences)
  351. {
  352. DebugLog((DEB_WARN, "LsaApLogonTerminated: WARNING Terminate LogonID (%x:%lx) non-zero RefCount!\n",
  353. pLogonId->HighPart, pLogonId->LowPart));
  354. }
  355. else
  356. {
  357. DebugLog((DEB_TRACE, "LsaApLogonTerminated: Removed LogonID (%x:%lx) from Active List! \n",
  358. pLogonId->HighPart, pLogonId->LowPart));
  360. LogonSessionFree(pLogonSession);
  361. }
  363. CleanUp:
  365. DebugLog((DEB_TRACE_FUNC, "LsaApLogonTerminated: Exiting LogonID (%x:%lx) \n",
  366. pLogonId->HighPart, pLogonId->LowPart));
  368. return;
  369. }
  372. // Routine to acquire the plaintext password for a given user
  373. // If supplemental credentials exist that contain the Digest Hash values
  374. // then return them also.
  375. // This routine runs on the domain controller
  376. // Must provide STRING strPasswd
  377. // If ppucUserAuthData pointer is NULL - do not retrieve UserAuthData
  379. NTSTATUS
  380. DigestGetPasswd(
  381. IN PUSER_CREDENTIALS pUserCreds,
  382. OUT PUCHAR * ppucUserAuthData,
  383. OUT PULONG pulAuthDataSize
  384. )
  385. {
  387. NTSTATUS Status = STATUS_SUCCESS;
  388. SAMPR_HANDLE UserHandle = NULL;
  389. UNICODE_STRING ustrcPackageName;
  391. UNICODE_STRING ustrcTemp;
  392. STRING strcTemp;
  393. PVOID pvPlainPwd = NULL;
  394. PVOID pvHashCred = NULL;
  395. ULONG ulLenPassword = 0;
  396. ULONG ulLenHash = 0;
  397. ULONG ulVersion = 0;
  398. BOOL bOpenedSAM = FALSE;
  400. DebugLog((DEB_TRACE_FUNC,"DigestGetPasswd: Entering\n"));
  402. RtlZeroMemory(&ustrcTemp, sizeof(ustrcTemp));
  403. RtlZeroMemory(&strcTemp, sizeof(strcTemp));
  404. RtlZeroMemory(&ustrcPackageName, sizeof(ustrcPackageName));
  405. pUserCreds->fIsValidDigestHash = FALSE;
  406. pUserCreds->fIsValidPasswd = FALSE;
  408. *pulAuthDataSize = 0L;
  409. *ppucUserAuthData = NULL;
  411. DebugLog((DEB_TRACE,"DigestGetPasswd: looking for username (unicode) %wZ\n", &(pUserCreds->ustrUsername)));
  413. if (!g_fDomainController)
  414. {
  415. DebugLog((DEB_ERROR,"DigestGetPasswd: Not on a domaincontroller - can not get credentials\n"));
  416. Status = STATUS_INVALID_SERVER_STATE;
  417. goto CleanUp;
  418. }
  420. // Call LsaOpenSamUser()
  421. Status = g_LsaFunctions->OpenSamUser(&(pUserCreds->ustrUsername), SecNameSamCompatible,
  422. NULL, FALSE, 0, &UserHandle);
  423. if ( !NT_SUCCESS( Status ) )
  424. {
  425. DebugLog((DEB_ERROR, "DigestGetPasswd: Failed to open SAM for user %wZ, Status = 0x%x\n",
  426. &(pUserCreds->ustrUsername), Status));
  427. goto CleanUp;
  428. }
  429. bOpenedSAM = TRUE;
  432. DebugLog((DEB_TRACE,"DigestGetPasswd: Have a valid UserHandle\n"));
  434. //
  435. // Retrieve the MD5 hashed pre-calculated values if they exist for this user
  436. //
  437. // NOTE : On NT 5, this API only works on Domain Controllers !!
  438. //
  439. RtlInitUnicodeString(&ustrcPackageName, SAM_WDIGEST_CREDENTIAL_NAME);
  441. Status = SamIRetrievePrimaryCredentials( (SAMPR_HANDLE) UserHandle,
  442. &ustrcPackageName,
  443. &pvHashCred,
  444. &ulLenHash);
  446. if (!NT_SUCCESS( Status ))
  447. {
  448. pvHashCred = NULL;
  449. DebugLog((DEB_TRACE,"DigestGetPasswd: NO Pre-calc Hashes were found for user\n"));
  450. }
  451. else
  452. {
  454. strcTemp.Buffer = (PCHAR) pvHashCred;
  455. strcTemp.Length = strcTemp.MaximumLength = (USHORT) ulLenHash;
  457. Status = StringDuplicate(&(pUserCreds->strDigestHash), &strcTemp);
  458. if (!NT_SUCCESS( Status ))
  459. {
  460. DebugLog((DEB_ERROR, "DigestGetPasswd: Failed to copy plaintext password, error 0x%x\n", Status));
  461. goto CleanUp;
  462. }
  464. // DebugLog((DEB_TRACE,"DigestGetPasswd: Have the PASSWORD %wZ\n", &(pUserCreds->ustrPasswd)));
  467. Status = RtlCharToInteger(pUserCreds->strDigestHash.Buffer, TENBASE, &ulVersion);
  468. if (!NT_SUCCESS(Status))
  469. {
  470. Status = STATUS_INVALID_PARAMETER;
  471. DebugLog((DEB_ERROR, "DigestGetPasswd: Badly formatted pre-calc version\n"));
  472. goto CleanUp;
  473. }
  475. // Check version and size of credentials
  476. if ((ulVersion != SUPPCREDS_VERSION) || (ulLenHash < (TOTALPRECALC_HEADERS * MD5_HASH_BYTESIZE)))
  477. {
  478. DebugLog((DEB_ERROR, "DigestGetPasswd: Invalid precalc version or size\n"));
  479. pUserCreds->fIsValidDigestHash = FALSE;
  480. }
  481. else
  482. {
  483. pUserCreds->fIsValidDigestHash = TRUE;
  484. // setup the hashes to utilize - get format from the notify.cxx hash calcs
  485. switch (pUserCreds->typeName)
  486. {
  487. case NAMEFORMAT_ACCOUNTNAME:
  488. pUserCreds->sHashTags[NAME_ACCT] = 1;
  489. pUserCreds->sHashTags[NAME_ACCT_DOWNCASE] = 1;
  490. pUserCreds->sHashTags[NAME_ACCT_UPCASE] = 1;
  491. break;
  492. case NAMEFORMAT_UPN:
  493. pUserCreds->sHashTags[NAME_UPN] = 1;
  494. pUserCreds->sHashTags[NAME_UPN_DOWNCASE] = 1;
  495. pUserCreds->sHashTags[NAME_UPN_UPCASE] = 1;
  496. break;
  497. case NAMEFORMAT_NETBIOS:
  498. pUserCreds->sHashTags[NAME_NT4] = 1;
  499. pUserCreds->sHashTags[NAME_NT4_DOWNCASE] = 1;
  500. pUserCreds->sHashTags[NAME_NT4_UPCASE] = 1;
  501. break;
  502. default:
  503. break;
  504. }
  505. }
  508. DebugLog((DEB_TRACE,"DigestGetPasswd: Read in Pre-calc Hashes size = %lu\n", ulLenHash));
  509. }
  511. //
  512. // Retrieve the plaintext password
  513. //
  514. // NOTE : On NT 5, this API only works on Domain Controllers !!
  515. //
  516. RtlInitUnicodeString(&ustrcPackageName, SAM_CLEARTEXT_CREDENTIAL_NAME);
  518. // Note: Would be nice to have this as a LSAFunction
  519. Status = SamIRetrievePrimaryCredentials( (SAMPR_HANDLE) UserHandle,
  520. &ustrcPackageName,
  521. &pvPlainPwd,
  522. &ulLenPassword);
  524. if (!NT_SUCCESS( Status ))
  525. {
  526. DebugLog((DEB_ERROR, "DigestGetPasswd: Failed to retrieve plaintext password, error 0x%x\n", Status));
  528. if (pUserCreds->fIsValidDigestHash == FALSE)
  529. {
  530. // We have no pre-computed MD5 hashes and also no cleartext password
  531. // we can not perform any Digest Auth operations
  532. //
  533. // Explicitly set the status to be "wrong password" instead of whatever
  534. // is returned by SamIRetrievePrimaryCredentials
  535. //
  536. Status = STATUS_WRONG_PASSWORD;
  537. DebugLog((DEB_ERROR,"DigestGetPasswd: Can not obtain cleartext or Hashed Creds\n"));
  538. goto CleanUp;
  539. }
  541. }
  542. else
  543. {
  544. ustrcTemp.Buffer = (PUSHORT) pvPlainPwd;
  545. ustrcTemp.Length = ustrcTemp.MaximumLength = (USHORT) ulLenPassword;
  547. Status = UnicodeStringDuplicate(&(pUserCreds->ustrPasswd), &ustrcTemp);
  548. if (!NT_SUCCESS( Status ))
  549. {
  550. DebugLog((DEB_ERROR, "DigestGetPasswd: Failed to copy plaintext password, error 0x%x\n", Status));
  551. goto CleanUp;
  552. }
  554. // DebugLog((DEB_TRACE,"DigestGetPasswd: Have the PASSWORD %wZ\n", &(pUserCreds->ustrPasswd)));
  556. pUserCreds->fIsValidPasswd = TRUE;
  558. DebugLog((DEB_TRACE,"DigestGetPasswd: Password retrieved\n"));
  559. }
  561. // We have some form of credentials based on password (either cleartext or pre-computed)
  563. if (ppucUserAuthData)
  564. { // Go fetch the AuthData to marshall back to the server for Token creation
  565. *ppucUserAuthData = NULL;
  566. *pulAuthDataSize = 0;
  567. // Calling LsaGetUserAuthData()
  568. Status = g_LsaFunctions->GetUserAuthData(UserHandle, ppucUserAuthData, pulAuthDataSize);
  569. if (!NT_SUCCESS(Status))
  570. {
  571. DebugLog((DEB_ERROR,"DigestGetPasswd: failed acquire UseAuthData 0x%x\n", Status));
  572. goto CleanUp;
  573. }
  574. }
  576. CleanUp:
  578. // Release any memory from SamI* calls Would be nice to have this as a LSAFunction
  580. if (pvPlainPwd)
  581. {
  582. if (ulLenPassword > 0)
  583. {
  584. ZeroMemory(pvPlainPwd, ulLenPassword);
  585. }
  586. LocalFree(pvPlainPwd);
  587. pvPlainPwd = NULL;
  588. }
  590. if (pvHashCred)
  591. {
  592. LocalFree(pvHashCred);
  593. pvHashCred = NULL;
  594. }
  597. if (bOpenedSAM == TRUE)
  598. {
  599. // LsaCloseSamUser()
  600. Status = g_LsaFunctions->CloseSamUser(UserHandle);
  601. if (!NT_SUCCESS(Status))
  602. {
  603. DebugLog((DEB_ERROR,"DigestGetPasswd: failed LsaCloseSamUser 0x%x\n", Status));
  604. }
  605. bOpenedSAM = FALSE;
  606. }
  608. if (!NT_SUCCESS(Status))
  609. { // Cleanup functions since there was a failure
  610. if (*ppucUserAuthData)
  611. {
  612. g_LsaFunctions->FreeLsaHeap(*ppucUserAuthData);
  613. *ppucUserAuthData = NULL;
  614. *pulAuthDataSize = 0L;
  615. }
  616. }
  618. DebugLog((DEB_TRACE_FUNC,"DigestGetPasswd: Leaving\n"));
  620. return(Status);
  621. }