archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
9 Commits
1 Branch
0 Tags
2.0 GiB
Tree: 75c48ba87f
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '75c48ba87f'
${ noResults }
windows-xp/Source/XPSP1/NT/ds/security/protocols/kerberos/client2/mitutil.cxx

1268 lines
32 KiB
Raw Normal View History

Add source files
4 years ago
  1. //+-----------------------------------------------------------------------
  2. //
  3. // Microsoft Windows
  4. //
  5. // Copyright (c) Microsoft Corporation 1992 - 1997
  6. //
  7. // File: mitutil.cxx
  8. //
  9. // Contents: Routines for talking to MIT KDCs
  10. //
  11. //
  12. // History: 4-March-1997 Created MikeSw
  13. // 26-Sep-1998 ChandanS
  14. // Added more debugging support etc.
  15. //
  16. //------------------------------------------------------------------------
  18. #include <kerb.hxx>
  19. #include <kerbp.h>
  21. #ifdef RETAIL_LOG_SUPPORT
  22. static TCHAR THIS_FILE[]=TEXT(__FILE__);
  23. #endif
  25. static HKEY KerbMITRealmRootKey = NULL;
  26. static HANDLE hKerbMITRealmWaitEvent = NULL;
  27. static HANDLE hKerbMITRealmWaitObject = NULL;
  29. KERBEROS_LIST KerbMitRealmList;
  31. #define MAX_DOMAIN_NAME_LEN 128 // number of characters
  35. //+-------------------------------------------------------------------------
  36. //
  37. // Function: KerbReadMitRealmList
  38. //
  39. // Synopsis: Loads the list of MIT realms from the registry
  40. //
  41. // Effects: Initialize and links domains to KerbMitRealmList
  42. //
  43. // Arguments:
  44. //
  45. // Requires:
  46. //
  47. // Returns:
  48. //
  49. // Notes:
  50. //
  51. //
  52. //--------------------------------------------------------------------------
  54. NTSTATUS
  55. KerbReadMitRealmList(
  56. )
  57. {
  58. NTSTATUS Status = STATUS_SUCCESS;
  59. ULONG WinError;
  60. HKEY DomainKey = NULL;
  61. LPWSTR KdcNames = NULL;
  62. LPWSTR KpasswdNames = NULL;
  63. LPWSTR AlternateRealmNames = NULL;
  64. TCHAR DomainName[MAX_DOMAIN_NAME_LEN]; // max domain name length
  65. PKERB_MIT_REALM MitRealm = NULL;
  66. ULONG Index,Index2;
  67. ULONG Type;
  68. ULONG NameSize;
  69. ULONG KdcNameSize = 0;
  70. ULONG AltRealmSize = 0;
  71. ULONG KpasswdNameSize = 0;
  72. LPWSTR Where;
  73. ULONG NameCount, tmp;
  74. UNICODE_STRING TempString;
  75. ULONG Flags = 0;
  76. ULONG FlagSize = sizeof(ULONG);
  77. ULONG ApReqChecksumType = 0;
  78. ULONG PreAuthType = 0;
  79. BOOLEAN fListLocked = FALSE;
  81. //
  82. // If it is there, we now want to enumerate all the child keys.
  83. //
  84. KerbLockList(&KerbMitRealmList);
  85. fListLocked = TRUE;
  87. for (Index = 0; TRUE ; Index++ )
  88. {
  89. //
  90. // Enumerate through all the keys
  91. //
  92. NameSize = MAX_DOMAIN_NAME_LEN;
  93. WinError = RegEnumKeyEx(
  94. KerbMITRealmRootKey,
  95. Index,
  96. DomainName,
  97. &NameSize,
  98. NULL,
  99. NULL,
  100. NULL,
  101. NULL
  102. );
  104. if (WinError != ERROR_SUCCESS)
  105. {
  106. //
  107. // nothing more to do.
  108. //
  110. Status = STATUS_SUCCESS;
  111. goto Cleanup;
  112. }
  114. //
  115. // Open the domain key to read the values under it
  116. //
  117. if( DomainKey != NULL )
  118. {
  119. RegCloseKey( DomainKey );
  120. DomainKey = NULL;
  121. }
  123. WinError = RegOpenKey(
  124. KerbMITRealmRootKey,
  125. DomainName,
  126. &DomainKey
  127. );
  128. if (WinError != ERROR_SUCCESS)
  129. {
  130. D_DebugLog((DEB_ERROR,"Failed to open key %ws \\ %ws: %d. %ws, line %d\n",
  131. KERB_DOMAINS_KEY, DomainName, WinError, THIS_FILE, __LINE__ ));
  133. //
  134. // keep going.
  135. //
  137. continue;
  138. }
  140. //
  141. // Now read the values from the domain
  142. //
  144. KdcNameSize = 0;
  145. WinError = RegQueryValueEx(
  146. DomainKey,
  147. KERB_DOMAIN_KDC_NAMES_VALUE,
  148. NULL,
  149. &Type,
  150. NULL,
  151. &KdcNameSize
  152. );
  153. if (WinError == ERROR_SUCCESS)
  154. {
  155. KdcNames = (LPWSTR) KerbAllocate(KdcNameSize);
  156. if (KdcNames == NULL)
  157. {
  158. Status = STATUS_INSUFFICIENT_RESOURCES;
  159. goto Cleanup;
  160. }
  161. WinError = RegQueryValueEx(
  162. DomainKey,
  163. KERB_DOMAIN_KDC_NAMES_VALUE,
  164. NULL,
  165. &Type,
  166. (PUCHAR) KdcNames,
  167. &KdcNameSize
  168. );
  169. if (WinError != ERROR_SUCCESS)
  170. {
  171. D_DebugLog((DEB_ERROR,"Failed to query value %ws\\%ws: %d. %ws, line %d\n",
  172. DomainName, KERB_DOMAIN_KDC_NAMES_VALUE, WinError, THIS_FILE, __LINE__ ));
  173. Status = STATUS_UNSUCCESSFUL;
  174. goto Cleanup;
  175. }
  176. }
  178. //
  179. // Now read the Kpasswd values from the domain
  180. //
  182. KpasswdNameSize = 0;
  183. WinError = RegQueryValueEx(
  184. DomainKey,
  185. KERB_DOMAIN_KPASSWD_NAMES_VALUE,
  186. NULL,
  187. &Type,
  188. NULL,
  189. &KpasswdNameSize
  190. );
  191. if (WinError == ERROR_SUCCESS)
  192. {
  193. KpasswdNames = (LPWSTR) KerbAllocate(KpasswdNameSize);
  194. if (KpasswdNames == NULL)
  195. {
  196. Status = STATUS_INSUFFICIENT_RESOURCES;
  197. goto Cleanup;
  198. }
  199. WinError = RegQueryValueEx(
  200. DomainKey,
  201. KERB_DOMAIN_KPASSWD_NAMES_VALUE,
  202. NULL,
  203. &Type,
  204. (PUCHAR) KpasswdNames,
  205. &KpasswdNameSize
  206. );
  207. if (WinError != ERROR_SUCCESS)
  208. {
  209. D_DebugLog((DEB_ERROR,"Failed to query value %ws\\%ws: %d. %ws, line %d\n",
  210. DomainName, KERB_DOMAIN_KPASSWD_NAMES_VALUE, WinError, THIS_FILE, __LINE__ ));
  211. Status = STATUS_UNSUCCESSFUL;
  212. goto Cleanup;
  213. }
  214. }
  216. //
  217. // Get any alternate domain names
  218. //
  220. AltRealmSize = 0;
  221. WinError = RegQueryValueEx(
  222. DomainKey,
  223. KERB_DOMAIN_ALT_NAMES_VALUE,
  224. NULL,
  225. &Type,
  226. NULL,
  227. &AltRealmSize
  228. );
  229. if (WinError == ERROR_SUCCESS)
  230. {
  231. AlternateRealmNames = (LPWSTR) KerbAllocate(AltRealmSize);
  232. if (AlternateRealmNames == NULL)
  233. {
  234. Status = STATUS_INSUFFICIENT_RESOURCES;
  235. goto Cleanup;
  236. }
  237. WinError = RegQueryValueEx(
  238. DomainKey,
  239. KERB_DOMAIN_ALT_NAMES_VALUE,
  240. NULL,
  241. &Type,
  242. (PUCHAR) AlternateRealmNames,
  243. &AltRealmSize
  244. );
  246. if (WinError != ERROR_SUCCESS)
  247. {
  248. D_DebugLog((DEB_ERROR,"Failed to query value %ws\\%ws: %d. %ws, line %d\n",
  249. DomainName, KERB_DOMAIN_KDC_NAMES_VALUE, WinError, THIS_FILE, __LINE__ ));
  250. Status = STATUS_UNSUCCESSFUL;
  251. goto Cleanup;
  252. }
  254. }
  256. //
  257. // Read the flags
  258. //
  260. FlagSize = sizeof(ULONG);
  261. Flags = 0;
  263. WinError = RegQueryValueEx(
  264. DomainKey,
  265. KERB_DOMAIN_FLAGS_VALUE,
  266. NULL,
  267. &Type,
  268. (PUCHAR) &Flags,
  269. &FlagSize
  270. );
  271. if (WinError == ERROR_SUCCESS)
  272. {
  273. if (Type != REG_DWORD)
  274. {
  275. Flags = 0;
  276. }
  277. }
  279. //
  280. // Read the ApReq checksum type
  281. //
  283. FlagSize = sizeof(ULONG);
  284. ApReqChecksumType = KERB_DEFAULT_AP_REQ_CSUM;
  286. WinError = RegQueryValueEx(
  287. DomainKey,
  288. KERB_DOMAIN_AP_REQ_CSUM_VALUE,
  289. NULL,
  290. &Type,
  291. (PUCHAR) &ApReqChecksumType,
  292. &FlagSize
  293. );
  294. if (WinError == ERROR_SUCCESS)
  295. {
  296. if (Type != REG_DWORD)
  297. {
  298. ApReqChecksumType = KERB_DEFAULT_AP_REQ_CSUM;
  299. }
  300. }
  302. //
  303. // Read the ApReq checksum type
  304. //
  306. FlagSize = sizeof(ULONG);
  307. PreAuthType = KERB_DEFAULT_PREAUTH_TYPE;;
  309. WinError = RegQueryValueEx(
  310. DomainKey,
  311. KERB_DOMAIN_PREAUTH_VALUE,
  312. NULL,
  313. &Type,
  314. (PUCHAR) &PreAuthType,
  315. &FlagSize
  316. );
  317. if (WinError == ERROR_SUCCESS)
  318. {
  319. if (Type != REG_DWORD)
  320. {
  321. PreAuthType = KERB_DEFAULT_PREAUTH_TYPE;
  322. }
  323. }
  326. //
  327. // Now build the domain structure
  328. //
  330. MitRealm = (PKERB_MIT_REALM) KerbAllocate(sizeof(KERB_MIT_REALM));
  331. if (MitRealm == NULL)
  332. {
  333. Status = STATUS_INSUFFICIENT_RESOURCES;
  334. goto Cleanup;
  335. }
  337. MitRealm->Flags = Flags;
  338. MitRealm->ApReqChecksumType = ApReqChecksumType;
  339. MitRealm->PreAuthType = PreAuthType;
  340. #ifdef WIN32_CHICAGO
  341. RtlCreateUnicodeStringFromAsciiz(
  342. &TempString,
  343. DomainName
  344. );
  345. #else // WIN32_CHICAGO
  346. RtlInitUnicodeString(
  347. &TempString,
  348. DomainName
  349. );
  350. #endif // WIN32_CHICAGO
  352. Status = KerbDuplicateString(
  353. &MitRealm->RealmName,
  354. &TempString
  355. );
  357. if (!NT_SUCCESS(Status))
  358. {
  359. goto Cleanup;
  360. }
  363. //
  364. // Fill in the KDC names etc.
  365. //
  367. NameCount = 0;
  368. if ((AlternateRealmNames != NULL ) && (AltRealmSize != 0))
  369. {
  370. Where = AlternateRealmNames;
  371. NameCount ++;
  372. while (Where + wcslen(Where) + 1 < (AlternateRealmNames + AltRealmSize /sizeof(WCHAR)))
  373. {
  374. NameCount++;
  375. Where += wcslen(Where)+1;
  376. }
  377. MitRealm->AlternateRealmNames = (PUNICODE_STRING) KerbAllocate(NameCount * sizeof(UNICODE_STRING));
  378. if (MitRealm->AlternateRealmNames == NULL)
  379. {
  380. Status = STATUS_INSUFFICIENT_RESOURCES;
  381. goto Cleanup;
  382. }
  384. MitRealm->RealmNameCount = NameCount;
  385. Where = AlternateRealmNames;
  386. for (Index2 = 0;Index2 < NameCount; Index2++)
  387. {
  388. RtlInitUnicodeString(
  389. &MitRealm->AlternateRealmNames[Index2],
  390. Where
  391. );
  392. Where += MitRealm->AlternateRealmNames[Index2].Length / sizeof(WCHAR) + 1;
  393. }
  395. AlternateRealmNames = NULL;
  396. }
  398. NameCount = 0;
  399. if ((KdcNames != NULL ) && (KdcNameSize != 0))
  400. {
  401. Where = KdcNames;
  402. while (Where + wcslen(Where) + 1 < (KdcNames + KdcNameSize /sizeof(WCHAR)))
  403. {
  404. // There's a bug in ksetup which adds a couple of "" strings to this, so...
  405. tmp = wcslen(Where) + 1;
  407. if (tmp > 1)
  408. {
  409. NameCount++;
  410. }
  411. Where += tmp;
  412. }
  413. MitRealm->KdcNames.ServerNames = (PUNICODE_STRING) KerbAllocate(NameCount * sizeof(UNICODE_STRING));
  414. if (MitRealm->KdcNames.ServerNames == NULL)
  415. {
  416. Status = STATUS_INSUFFICIENT_RESOURCES;
  417. goto Cleanup;
  418. }
  420. MitRealm->KdcNames.ServerCount = NameCount;
  422. Where = KdcNames;
  423. for (Index2 = 0;Index2 < NameCount; Index2++)
  424. {
  425. RtlInitUnicodeString(
  426. &MitRealm->KdcNames.ServerNames[Index2],
  427. Where
  428. );
  430. // ugh. Didn't want to have to allocate, but keep it simple.
  431. MitRealm->KdcNames.ServerNames[Index2].Buffer = (LPWSTR)KerbAllocate(sizeof(WCHAR)*(wcslen(Where)+2));
  432. if (NULL == MitRealm->KdcNames.ServerNames[Index2].Buffer)
  433. {
  434. Status = STATUS_INSUFFICIENT_RESOURCES;
  435. goto Cleanup;
  436. }
  438. wcscpy(MitRealm->KdcNames.ServerNames[Index2].Buffer, Where);
  439. Where += MitRealm->KdcNames.ServerNames[Index2].Length / sizeof(WCHAR) + 1;
  440. }
  442. KerbFree(KdcNames);
  443. KdcNames = NULL;
  444. }
  447. if (NameCount == 0)
  448. {
  449. MitRealm->Flags |= KERB_MIT_REALM_KDC_LOOKUP;
  450. }
  453. NameCount = 0;
  454. if ((KpasswdNames != NULL ) && (KpasswdNameSize != 0))
  455. {
  456. Where = KpasswdNames;
  457. NameCount ++;
  458. while (Where + wcslen(Where) + 1 - (KpasswdNames + KpasswdNameSize /sizeof(WCHAR)) > 0)
  459. {
  460. NameCount++;
  461. Where += wcslen(Where)+1;
  462. }
  463. MitRealm->KpasswdNames.ServerNames = (PUNICODE_STRING) KerbAllocate(NameCount * sizeof(UNICODE_STRING));
  464. if (MitRealm->KpasswdNames.ServerNames == NULL)
  465. {
  466. Status = STATUS_INSUFFICIENT_RESOURCES;
  467. goto Cleanup;
  468. }
  470. MitRealm->KpasswdNames.ServerCount = NameCount;
  472. Where = KpasswdNames;
  473. for (Index2 = 0;Index2 < NameCount; Index2++)
  474. {
  475. RtlInitUnicodeString(
  476. &MitRealm->KpasswdNames.ServerNames[Index2],
  477. Where
  478. );
  480. // ugh. Didn't want to have to allocate, but keep it simple.
  481. MitRealm->KpasswdNames.ServerNames[Index2].Buffer = (LPWSTR) KerbAllocate(sizeof(WCHAR)*(wcslen(Where)+2));
  482. if (NULL == MitRealm->KpasswdNames.ServerNames[Index2].Buffer)
  483. {
  484. Status = STATUS_INSUFFICIENT_RESOURCES;
  485. goto Cleanup;
  486. }
  488. wcscpy(MitRealm->KpasswdNames.ServerNames[Index2].Buffer, Where);
  489. Where += MitRealm->KpasswdNames.ServerNames[Index2].Length / sizeof(WCHAR) + 1;
  490. }
  492. KerbFree(KpasswdNames);
  493. KpasswdNames = NULL;
  494. }
  496. if (NameCount == 0)
  497. {
  498. MitRealm->Flags |= KERB_MIT_REALM_KPWD_LOOKUP;
  499. }
  501. KerbInsertListEntry(
  502. &MitRealm->Next,
  503. &KerbMitRealmList
  504. );
  505. MitRealm = NULL;
  506. }
  509. Cleanup:
  511. if (fListLocked)
  512. {
  513. KerbUnlockList(&KerbMitRealmList);
  514. }
  516. if( DomainKey != NULL )
  517. {
  518. RegCloseKey( DomainKey );
  519. }
  521. if (KdcNames != NULL)
  522. {
  523. KerbFree(KdcNames);
  524. }
  525. if (KpasswdNames != NULL)
  526. {
  527. KerbFree(KpasswdNames);
  528. }
  529. if (AlternateRealmNames != NULL)
  530. {
  531. KerbFree(AlternateRealmNames);
  532. }
  533. if (MitRealm != NULL)
  534. {
  535. if (MitRealm->AlternateRealmNames != NULL)
  536. {
  537. #if 0 // note: embededded buffers are all enclosed within AlternateRealmNames[0]
  538. for(Index = 0 ; Index < MitRealm->RealmNameCount ; Index++)
  539. {
  540. if (MitRealm->AlternateRealmNames[Index].Buffer != NULL)
  541. {
  542. KerbFree(MitRealm->AlternateRealmNames[Index].Buffer);
  543. }
  544. }
  545. #else
  546. if (MitRealm->AlternateRealmNames[0].Buffer != NULL)
  547. {
  548. KerbFree(MitRealm->AlternateRealmNames[0].Buffer);
  549. }
  550. #endif
  552. KerbFree(MitRealm->AlternateRealmNames);
  553. }
  554. if (MitRealm->KdcNames.ServerNames != NULL)
  555. {
  556. LONG lIndex;
  558. for(lIndex = 0 ; lIndex < MitRealm->KdcNames.ServerCount ; lIndex++)
  559. {
  560. if (MitRealm->KdcNames.ServerNames[lIndex].Buffer != NULL)
  561. {
  562. KerbFree(MitRealm->KdcNames.ServerNames[lIndex].Buffer);
  563. }
  564. }
  566. KerbFree(MitRealm->KdcNames.ServerNames);
  567. }
  568. if (MitRealm->KpasswdNames.ServerNames != NULL)
  569. {
  570. LONG lIndex;
  572. for(lIndex = 0 ; lIndex < MitRealm->KpasswdNames.ServerCount ; lIndex++)
  573. {
  574. if (MitRealm->KpasswdNames.ServerNames[lIndex].Buffer != NULL)
  575. {
  576. KerbFree(MitRealm->KpasswdNames.ServerNames[lIndex].Buffer);
  577. }
  578. }
  580. KerbFree(MitRealm->KpasswdNames.ServerNames);
  581. }
  582. KerbFree(MitRealm);
  583. }
  584. return(Status);
  586. }
  589. //+-------------------------------------------------------------------------
  590. //
  591. // Function: KerbCleanupMitRealmList
  592. //
  593. // Synopsis: Frees the list of MIT realms
  594. //
  595. // Effects:
  596. //
  597. // Arguments:
  598. //
  599. // Requires:
  600. //
  601. // Returns:
  602. //
  603. // Notes:
  604. //
  605. //
  606. //--------------------------------------------------------------------------
  608. VOID
  609. KerbCleanupMitRealmList(
  610. )
  611. {
  612. PKERB_MIT_REALM MitRealm;
  614. KerbLockList(&KerbMitRealmList);
  616. if (KerbMitRealmList.List.Flink == NULL)
  617. {
  618. goto Cleanup;
  619. }
  621. while (!IsListEmpty(&KerbMitRealmList.List))
  622. {
  623. MitRealm = CONTAINING_RECORD(
  624. KerbMitRealmList.List.Flink,
  625. KERB_MIT_REALM,
  626. Next
  627. );
  629. KerbReferenceListEntry(
  630. &KerbMitRealmList,
  631. &MitRealm->Next,
  632. TRUE
  633. );
  635. if (MitRealm->AlternateRealmNames != NULL)
  636. {
  637. if (MitRealm->AlternateRealmNames[0].Buffer != NULL)
  638. {
  639. KerbFree(MitRealm->AlternateRealmNames[0].Buffer);
  640. }
  641. KerbFree(MitRealm->AlternateRealmNames);
  642. }
  644. if (MitRealm->KdcNames.ServerNames != NULL)
  645. {
  646. LONG lIndex;
  648. for(lIndex = 0 ; lIndex < MitRealm->KdcNames.ServerCount ; lIndex++)
  649. {
  650. if (MitRealm->KdcNames.ServerNames[lIndex].Buffer != NULL)
  651. {
  652. KerbFree(MitRealm->KdcNames.ServerNames[lIndex].Buffer);
  653. }
  654. }
  656. KerbFree(MitRealm->KdcNames.ServerNames);
  657. }
  658. if (MitRealm->KpasswdNames.ServerNames != NULL)
  659. {
  660. LONG lIndex;
  662. for(lIndex = 0 ; lIndex < MitRealm->KpasswdNames.ServerCount ; lIndex++)
  663. {
  664. if (MitRealm->KpasswdNames.ServerNames[lIndex].Buffer != NULL)
  665. {
  666. KerbFree(MitRealm->KpasswdNames.ServerNames[lIndex].Buffer);
  667. }
  668. }
  670. KerbFree(MitRealm->KpasswdNames.ServerNames);
  671. }
  673. if (MitRealm->RealmName.Buffer != NULL)
  674. {
  675. MIDL_user_free(MitRealm->RealmName.Buffer);
  677. }
  679. KerbFree(MitRealm);
  680. }
  682. Cleanup:
  684. KerbUnlockList(&KerbMitRealmList);
  685. }
  687. //+-------------------------------------------------------------------------
  688. //
  689. // Function: KerbLookupMitRealm
  690. //
  691. // Synopsis: Looks up an MIT realm name
  692. //
  693. // Effects:
  694. //
  695. // Arguments:
  696. //
  697. // Requires:
  698. //
  699. // Returns:
  700. //
  701. // Notes:
  702. //
  703. //
  704. //--------------------------------------------------------------------------
  706. BOOLEAN
  707. KerbLookupMitRealm(
  708. IN PUNICODE_STRING RealmName,
  709. OUT PKERB_MIT_REALM * MitRealm,
  710. OUT PBOOLEAN UsedAlternateName
  711. )
  712. {
  713. ULONG Index;
  714. PLIST_ENTRY ListEntry;
  715. PKERB_MIT_REALM CurrentRealm;
  716. BOOLEAN fReturn = FALSE;
  717. BOOLEAN fListLocked = FALSE;
  719. *UsedAlternateName = FALSE;
  720. *MitRealm = NULL;
  722. if (RealmName->Length == 0)
  723. {
  724. goto Cleanup;
  725. }
  727. KerbLockList(&KerbMitRealmList);
  728. fListLocked = TRUE;
  731. for (ListEntry = KerbMitRealmList.List.Flink ;
  732. ListEntry != &KerbMitRealmList.List ;
  733. ListEntry = ListEntry->Flink )
  734. {
  735. CurrentRealm = CONTAINING_RECORD(ListEntry, KERB_MIT_REALM, Next);
  737. if (RtlEqualUnicodeString(
  738. RealmName,
  739. &CurrentRealm->RealmName,
  740. TRUE))
  741. {
  742. *MitRealm = CurrentRealm;
  743. fReturn = TRUE;
  744. goto Cleanup;
  745. }
  747. //
  748. // Check for an alternate name for the realm
  749. //
  751. for (Index = 0; Index < CurrentRealm->RealmNameCount ; Index++ )
  752. {
  753. if (RtlEqualUnicodeString(
  754. RealmName,
  755. &CurrentRealm->AlternateRealmNames[Index],
  756. TRUE))
  757. {
  758. *UsedAlternateName = TRUE;
  759. *MitRealm = CurrentRealm;
  760. fReturn = TRUE;
  761. goto Cleanup;
  762. }
  764. }
  766. }
  767. Cleanup:
  768. if (fListLocked)
  769. {
  770. KerbUnlockList(&KerbMitRealmList);
  771. }
  772. return(fReturn);
  774. }
  776. ////////////////////////////////////////////////////////////////////
  777. //
  778. // Name: KerbWatchMITKey
  779. //
  780. // Synopsis: Sets RegNotifyChangeKeyValue() on MIT key and
  781. // utilizes thread pool to wait on changes to this
  782. // registry key. Enables dynamic changing of MIT
  783. // realms as this function will also be callback
  784. // if the registry key is modified.
  785. //
  786. // Arguments: pCtxt is actually a HANDLE to an event. This event
  787. // will be triggered when key is modified.
  788. //
  789. // Notes: .
  790. //
  792. void
  793. KerbWatchMITKey(PVOID pCtxt,
  794. BOOLEAN fWaitStatus)
  795. {
  796. NTSTATUS Status = STATUS_SUCCESS;
  797. ULONG Error;
  800. KerbCleanupMitRealmList();
  801. Status = KerbReadMitRealmList();
  802. if (!NT_SUCCESS(Status))
  803. {
  804. D_DebugLog((DEB_ERROR,"Debug reading MIT realm list failed: 0x%x\n", Status));
  805. }
  807. if (NULL != hKerbMITRealmWaitEvent)
  808. {
  809. Error = RegNotifyChangeKeyValue(
  810. KerbMITRealmRootKey,
  811. TRUE,
  812. REG_NOTIFY_CHANGE_LAST_SET | REG_NOTIFY_CHANGE_NAME,
  813. hKerbMITRealmWaitEvent,
  814. TRUE);
  816. if (ERROR_SUCCESS != Error)
  817. {
  818. D_DebugLog((DEB_ERROR,"Debug RegNotify setup failed: 0x%x\n", Status));
  819. // we're tanked now. No further notifications, so get this one
  820. }
  821. }
  823. return;
  824. }
  826. //+-------------------------------------------------------------------------
  827. //
  828. // Function: KerbInitializeMitRealmList
  829. //
  830. // Synopsis: Loads the list of MIT realms from the registry
  831. //
  832. // Effects: Initialize and links domains to KerbMitRealmList
  833. //
  834. // Arguments:
  835. //
  836. // Requires:
  837. //
  838. // Returns:
  839. //
  840. // Notes:
  841. //
  842. //
  843. //--------------------------------------------------------------------------
  845. NTSTATUS
  846. KerbInitializeMitRealmList(
  847. )
  848. {
  849. ULONG Disposition;
  850. ULONG Error;
  851. HKEY RootKey = NULL;
  852. NTSTATUS Status = STATUS_SUCCESS;
  854. //
  855. // Open the domains root key - if it is not there, so be it.
  856. //
  858. Error = RegCreateKeyEx(
  859. HKEY_LOCAL_MACHINE,
  860. KERB_DOMAINS_KEY,
  861. 0,
  862. NULL,
  863. 0,
  864. KEY_READ,
  865. NULL,
  866. &RootKey,
  867. &Disposition);
  869. if (ERROR_SUCCESS != Error)
  870. {
  871. D_DebugLog((DEB_WARN,"Failed to open MIT realm key: 0x%x\n", Status));
  872. Status = STATUS_UNSUCCESSFUL;
  873. goto Cleanup;
  874. }
  876. //
  877. // Initialize the list
  878. //
  879. Status = KerbInitializeList( &KerbMitRealmList );
  880. if (!NT_SUCCESS(Status))
  881. {
  882. D_DebugLog((DEB_ERROR, "Intialization of MIT realm list failed - 0x%x\n", Status));
  883. goto Cleanup;
  884. }
  886. hKerbMITRealmWaitEvent = CreateEventW( NULL, FALSE, FALSE, NULL );
  888. if (NULL == hKerbMITRealmWaitEvent)
  889. {
  890. D_DebugLog((DEB_ERROR, "CreateEvent for MIT realm list wait failed - 0x%x\n", GetLastError()));
  891. Status = STATUS_NO_MEMORY;
  892. goto Cleanup;
  893. }
  896. KerbMITRealmRootKey = RootKey;
  897. RootKey = NULL;
  899. //
  900. // read in the list and setup the RegNotify
  901. //
  902. KerbWatchMITKey(NULL, FALSE);
  904. hKerbMITRealmWaitObject = RegisterWaitForSingleObjectEx(
  905. hKerbMITRealmWaitEvent,
  906. KerbWatchMITKey,
  907. NULL,
  908. INFINITE,
  909. 0 // dwFlags
  910. );
  912. Cleanup:
  914. if( RootKey != NULL )
  915. {
  916. RegCloseKey( RootKey );
  917. }
  919. return Status;
  920. }
  922. //+-------------------------------------------------------------------------
  923. //
  924. // Function: KerbUninitializeMitRealmList
  925. //
  926. // Synopsis: Loads the list of MIT realms from the registry
  927. //
  928. // Effects: Initialize and links domains to KerbMitRealmList
  929. //
  930. // Arguments:
  931. //
  932. // Requires:
  933. //
  934. // Returns:
  935. //
  936. // Notes:
  937. //
  938. //
  939. //--------------------------------------------------------------------------
  941. VOID
  942. KerbUninitializeMitRealmList(
  943. )
  944. {
  945. if( hKerbMITRealmWaitObject )
  946. UnregisterWait( hKerbMITRealmWaitObject );
  948. if( hKerbMITRealmWaitEvent )
  949. CloseHandle( hKerbMITRealmWaitEvent );
  951. KerbCleanupMitRealmList();
  953. return;
  954. }
  956. //+-------------------------------------------------------------------------
  957. //
  958. // Function: KerbLookupMitSrvRecords
  959. //
  960. // Synopsis: Looks up MIT KDCs / Kpassword in DNS
  961. //
  962. // Effects: Builds MIT_SERVER_LIST for specified realm, and adds it to
  963. // MIT REALM LIST
  964. //
  965. // Arguments:
  966. //
  967. // Requires:
  968. //
  969. // Returns:
  970. //
  971. // Notes:
  972. //
  973. //
  974. //--------------------------------------------------------------------------
  975. NTSTATUS
  976. KerbLookupMitSrvRecords(IN PKERB_MIT_REALM RealmEntry,
  977. IN BOOLEAN Kpasswd,
  978. IN BOOLEAN UseTcp
  979. )
  980. {
  982. ANSI_STRING DnsRecordName;
  983. ANSI_STRING AnsiRealmName;
  984. HANDLE SrvContext = NULL;
  985. BOOLEAN UsedAlternateName, ListLocked = FALSE;
  986. NTSTATUS Status = STATUS_SUCCESS;
  987. ULONG AddressCount = 0, SrvCount = 0;
  988. ULONG Index = 0, uBuff = 0;
  989. LPSOCKET_ADDRESS Addresses = NULL;
  990. NET_API_STATUS NetApiStatus = NERR_Success;
  991. LPSTR pDnsName[MAX_SRV_RECORDS];
  993. PKERB_MIT_SERVER_LIST ServerList = NULL;
  994. PUNICODE_STRING ServerNames = NULL, ptr = NULL;
  996. TimeStamp CurrentTime, Timeout;
  999. //
  1000. // Test to see if we need to do a lookup, or if its time to try again
  1001. //
  1002. if (RealmEntry->LastLookup.QuadPart != 0 )
  1003. {
  1004. GetSystemTimeAsFileTime((PFILETIME) &CurrentTime );
  1005. KerbSetTimeInMinutes(&Timeout, DNS_LOOKUP_TIMEOUT);
  1007. if (KerbGetTime(RealmEntry->LastLookup) + KerbGetTime(Timeout) < KerbGetTime(CurrentTime))
  1008. {
  1009. return STATUS_SUCCESS;
  1010. }
  1011. }
  1012. // Kpasswd only uses UDP
  1013. if (Kpasswd)
  1014. {
  1015. UseTcp = FALSE;
  1016. }
  1019. RtlInitAnsiString(&DnsRecordName,NULL);
  1020. RtlInitAnsiString(&AnsiRealmName,NULL);
  1021. DnsRecordName.Length = (RealmEntry->RealmName.Length / sizeof(WCHAR)) + DNS_MAX_PREFIX + 1;
  1022. DnsRecordName.MaximumLength = DnsRecordName.Length;
  1023. DnsRecordName.Buffer = (PCHAR) KerbAllocate(DnsRecordName.Length);
  1024. if (NULL == DnsRecordName.Buffer)
  1025. {
  1026. return STATUS_INSUFFICIENT_RESOURCES;
  1027. }
  1029. RtlUnicodeStringToAnsiString(
  1030. &AnsiRealmName,
  1031. &RealmEntry->RealmName,
  1032. TRUE
  1033. );
  1036. sprintf(DnsRecordName.Buffer,
  1037. "%s%s%s",
  1038. (Kpasswd ? DNS_KPASSWD : DNS_KERBEROS),
  1039. (UseTcp ? DNS_TCP : DNS_UDP),
  1040. AnsiRealmName.Buffer
  1041. );
  1043. NetApiStatus = NetpSrvOpen(
  1044. DnsRecordName.Buffer,
  1045. 0,
  1046. &SrvContext
  1047. );
  1049. if (NERR_Success != NetApiStatus)
  1050. {
  1051. D_DebugLog((DEB_WARN,
  1052. "No SRV records for MIT Realm %wZ - %x\n",
  1053. RealmEntry->RealmName,
  1054. NetApiStatus
  1055. ));
  1057. Status = STATUS_SUCCESS;
  1058. goto Cleanup;
  1059. }
  1061. // Loop and update server list for realm
  1062. for (SrvCount = 0; SrvCount < MAX_SRV_RECORDS; SrvCount++)
  1063. {
  1065. NetApiStatus = NetpSrvNext(
  1066. SrvContext,
  1067. &AddressCount,
  1068. &Addresses,
  1069. &pDnsName[SrvCount]
  1070. );
  1072. if (NERR_Success != NetApiStatus)
  1073. {
  1074. if( ERROR_NO_MORE_ITEMS == NetApiStatus) // we're through
  1075. {
  1076. NetApiStatus = NERR_Success;
  1077. break;
  1078. }
  1080. D_DebugLog((DEB_ERROR, "NetpSrvNext failed: %s - %x\n",DnsRecordName.Buffer, NetApiStatus));
  1081. Status = NetApiStatus;
  1082. goto Cleanup;
  1083. }
  1085. }
  1088. KerbLockList(&KerbMitRealmList);
  1089. ListLocked = TRUE;
  1090. // Loop through available server names, and copy
  1091. if (Kpasswd)
  1092. {
  1093. ServerList = &RealmEntry->KpasswdNames;
  1094. }
  1095. else
  1096. {
  1097. ServerList = &RealmEntry->KdcNames;
  1098. }
  1100. // reg entries are always at beginning of server list.
  1101. uBuff = ( SrvCount * sizeof(UNICODE_STRING));
  1103. ServerNames = (PUNICODE_STRING) KerbAllocate(uBuff);
  1104. if (NULL == ServerNames)
  1105. {
  1106. Status = STATUS_INSUFFICIENT_RESOURCES;
  1107. goto Cleanup;
  1108. }
  1111. for (Index = 0; Index < SrvCount;Index++)
  1112. {
  1113. if (!KerbMbStringToUnicodeString(
  1114. &ServerNames[Index ],
  1115. pDnsName[Index]
  1116. ))
  1117. {
  1118. D_DebugLog((DEB_ERROR,"KerbConvertMbStringToUnicodeString failed!\n"));
  1119. continue; // let's keep going. Maybe we're not hosed.
  1120. }
  1122. }
  1124. KerbFreeServerNames(ServerList);
  1125. ServerList->ServerCount = SrvCount;
  1126. ServerList->ServerNames = ServerNames;
  1128. RealmEntry->Flags
  1129. &= ~( Kpasswd ? KERB_MIT_REALM_KPWD_LOOKUP : KERB_MIT_REALM_KDC_LOOKUP );
  1131. Cleanup:
  1133. // always update realm entry, even on failure
  1134. if (!ListLocked)
  1135. {
  1136. KerbLockList(&KerbMitRealmList);
  1137. ListLocked = TRUE;
  1138. }
  1140. GetSystemTimeAsFileTime((PFILETIME) &RealmEntry->LastLookup);
  1142. if (ListLocked)
  1143. {
  1144. KerbUnlockList(&KerbMitRealmList);
  1145. }
  1147. if (AnsiRealmName.Buffer != NULL)
  1148. {
  1149. RtlFreeAnsiString(&AnsiRealmName);
  1150. }
  1152. if (DnsRecordName.Buffer != NULL)
  1153. {
  1154. KerbFree(DnsRecordName.Buffer);
  1155. }
  1157. if (SrvContext != NULL)
  1158. {
  1159. NetpSrvClose(SrvContext);
  1160. }
  1162. return Status;
  1164. }
  1166. //+-------------------------------------------------------------------------
  1167. //
  1168. // Function: KerbFreeServerNames
  1169. //
  1170. // Synopsis: Frees server names PUNICODE_STRING array
  1171. //
  1172. // Effects:
  1173. //
  1174. //
  1175. // Arguments:
  1176. //
  1177. // Requires:
  1178. //
  1179. // Returns:
  1180. //
  1181. // Notes:
  1182. //
  1183. //
  1184. //--------------------------------------------------------------------------
  1185. void
  1186. KerbFreeServerNames(PKERB_MIT_SERVER_LIST ServerList)
  1187. {
  1188. LONG Index = 0;
  1190. for (Index = 0; Index < ServerList->ServerCount; Index++)
  1191. {
  1192. if (ServerList->ServerNames[Index].Buffer != NULL)
  1193. {
  1194. KerbFree(ServerList->ServerNames[Index].Buffer);
  1195. }
  1196. }
  1198. KerbFree(ServerList->ServerNames); // free UNICODE_STRING array
  1199. }
  1203. //+-------------------------------------------------------------------------
  1204. //
  1205. // Function: KerbLookupMitRealmWithSrvLookup
  1206. //
  1207. // Synopsis: Frees server names PUNICODE_STRING array
  1208. //
  1209. // Effects:
  1210. //
  1211. //
  1212. // Arguments:
  1213. //
  1214. // Requires:
  1215. //
  1216. // Returns:
  1217. //
  1218. // Notes:
  1219. //
  1220. //
  1221. //--------------------------------------------------------------------------
  1222. BOOLEAN
  1223. KerbLookupMitRealmWithSrvLookup(PUNICODE_STRING RealmName,
  1224. PKERB_MIT_REALM* MitRealm,
  1225. BOOLEAN Kpasswd,
  1226. BOOLEAN UseTcp)
  1227. {
  1228. BOOLEAN UsedAlternateName, fRet = FALSE;
  1229. NTSTATUS Status;
  1231. fRet = KerbLookupMitRealm(
  1232. RealmName,
  1233. MitRealm,
  1234. &UsedAlternateName
  1235. );
  1237. //
  1238. // Found an MIT realm. See if its time to check on SRV records
  1239. //
  1240. if ( fRet )
  1241. {
  1243. if ((((*MitRealm)->Flags & KERB_MIT_REALM_KDC_LOOKUP) && !Kpasswd ) ||
  1244. (((*MitRealm)->Flags & KERB_MIT_REALM_KPWD_LOOKUP) && Kpasswd ))
  1245. {
  1246. Status = KerbLookupMitSrvRecords(
  1247. (*MitRealm),
  1248. Kpasswd,
  1249. UseTcp
  1250. );
  1252. if (Status != STATUS_SUCCESS)
  1253. {
  1254. D_DebugLog((DEB_TRACE, "KerbLookupMitRealmWIthSrvLookup failed - %x\n", Status));
  1255. }
  1256. }
  1257. }
  1259. return fRet;
  1260. }