archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
9 Commits
1 Branch
0 Tags
2.0 GiB
Tree: 75c48ba87f
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '75c48ba87f'
${ noResults }
windows-xp/Source/XPSP1/NT/ds/security/protocols/kerberos/client2/tktlogon.cxx

359 lines
9.2 KiB
Raw Normal View History

Add source files
4 years ago
  1. //+-----------------------------------------------------------------------
  2. //
  3. // Microsoft Windows
  4. //
  5. // Copyright (c) Microsoft Corporation 1992 - 1999
  6. //
  7. // File: tktlogon.cxx
  8. //
  9. // Contents: Code for proxy logon for the Kerberos package
  10. //
  11. //
  12. // History: 15-March Created MikeSw
  13. //
  14. //------------------------------------------------------------------------
  15. #include <kerb.hxx>
  16. #include <kerbp.h>
  18. #ifdef RETAIL_LOG_SUPPORT
  19. static TCHAR THIS_FILE[]=TEXT(__FILE__);
  20. #endif
  22. //+-------------------------------------------------------------------------
  23. //
  24. // Function: KerbCreateTicketLogonSession
  25. //
  26. // Synopsis: Does all the work for a ticket logon, removing it from
  27. // LsaApLogonUserEx2
  28. //
  29. // Effects:
  30. //
  31. // Arguments: WorkstationTicket - ticket to workstation. The ticket
  32. // cache entry is pretty much empty except for
  33. // the ticket, and is not linked
  34. // ForwardedTgt - receives pointers into the Protocol
  35. // SubmitBuffer to the forwarded TGT.
  36. //
  37. // Requires:
  38. //
  39. // Returns:
  40. //
  41. // Notes:
  42. //
  43. //
  44. //--------------------------------------------------------------------------
  46. NTSTATUS
  47. KerbCreateTicketLogonSession(
  48. IN PVOID ProtocolSubmitBuffer,
  49. IN PVOID ClientBufferBase,
  50. IN ULONG SubmitBufferSize,
  51. IN SECURITY_LOGON_TYPE LogonType,
  52. OUT PKERB_LOGON_SESSION * NewLogonSession,
  53. OUT PLUID LogonId,
  54. OUT PKERB_TICKET_CACHE_ENTRY * WorkstationTicket,
  55. OUT PKERB_MESSAGE_BUFFER ForwardedTgt
  56. )
  57. {
  58. NTSTATUS Status = STATUS_SUCCESS;
  59. PKERB_TICKET_LOGON LogonInfo = NULL;
  60. PKERB_LOGON_SESSION LogonSession = NULL;
  61. KERB_KDC_REPLY KdcReply = {0};
  62. ULONG_PTR Offset;
  63. UNICODE_STRING EmptyString = {0};
  64. PKERB_TICKET Ticket = NULL;
  65. KERBERR KerbErr;
  69. *WorkstationTicket = NULL;
  70. ForwardedTgt->Buffer = NULL;
  71. ForwardedTgt->BufferSize = 0;
  73. //
  74. // Pull the interesting information out of the submit buffer
  75. //
  77. if (SubmitBufferSize < sizeof(KERB_TICKET_LOGON))
  78. {
  79. DebugLog((DEB_ERROR,"Submit buffer to logon too small: %d. %ws, line %d\n",SubmitBufferSize, THIS_FILE, __LINE__));
  80. Status = STATUS_INVALID_PARAMETER;
  81. goto Cleanup;
  82. }
  84. LogonInfo = (PKERB_TICKET_LOGON) ProtocolSubmitBuffer;
  86. DsysAssert((LogonInfo->MessageType == KerbTicketLogon) || (LogonInfo->MessageType == KerbTicketUnlockLogon));
  91. //
  92. // Relocate any pointers to be relative to 'LogonInfo'
  93. //
  96. Offset = ((PUCHAR) LogonInfo->ServiceTicket) - ((PUCHAR)ClientBufferBase);
  97. if ( (Offset >= SubmitBufferSize) ||
  98. (Offset + LogonInfo->ServiceTicketLength > SubmitBufferSize))
  99. {
  100. Status = STATUS_INVALID_PARAMETER;
  101. goto Cleanup;
  102. }
  103. LogonInfo->ServiceTicket = (PUCHAR) ProtocolSubmitBuffer + Offset;
  105. if (LogonInfo->TicketGrantingTicketLength != 0)
  106. {
  107. if (LogonInfo->TicketGrantingTicket == NULL)
  108. {
  109. Status = STATUS_INVALID_PARAMETER;
  110. goto Cleanup;
  111. }
  113. Offset = ((PUCHAR) LogonInfo->TicketGrantingTicket) - ((PUCHAR)ClientBufferBase);
  114. if ( (Offset >= SubmitBufferSize) ||
  115. (Offset + LogonInfo->TicketGrantingTicketLength > SubmitBufferSize))
  116. {
  117. Status = STATUS_INVALID_PARAMETER;
  118. goto Cleanup;
  119. }
  120. LogonInfo->TicketGrantingTicket = (PUCHAR) ProtocolSubmitBuffer + Offset;
  121. ForwardedTgt->BufferSize = LogonInfo->TicketGrantingTicketLength;
  122. ForwardedTgt->Buffer = LogonInfo->TicketGrantingTicket;
  123. }
  126. //
  127. // Allocate a locally unique ID for this logon session. We will
  128. // create it in the LSA just before returning.
  129. //
  131. Status = NtAllocateLocallyUniqueId( LogonId );
  132. if (!NT_SUCCESS(Status))
  133. {
  134. DebugLog((DEB_ERROR,"Failed to allocate locally unique ID: 0x%x. %ws, line %d\n",Status, THIS_FILE, __LINE__));
  135. goto Cleanup;
  136. }
  139. //
  140. // Build a logon session to hold all this information
  141. //
  143. Status = KerbCreateLogonSession(
  144. LogonId,
  145. &EmptyString,
  146. &EmptyString,
  147. NULL, // no password
  148. NULL, // no old password
  149. 0, // no password options
  150. LogonType,
  151. &LogonSession
  152. );
  153. if (!NT_SUCCESS(Status))
  154. {
  155. goto Cleanup;
  156. }
  158. //
  159. // Unpack the supplied service ticket
  160. //
  163. KerbErr = KerbUnpackData(
  164. LogonInfo->ServiceTicket,
  165. LogonInfo->ServiceTicketLength,
  166. KERB_TICKET_PDU,
  167. (PVOID *) &Ticket
  168. );
  169. if (!KERB_SUCCESS(KerbErr))
  170. {
  171. DebugLog((DEB_ERROR,"Failed to unpack service ticket in ticket logon\n"));
  172. Status = KerbMapKerbError(KerbErr);
  173. goto Cleanup;
  174. }
  176. //
  177. // Build a ticket structure from the service ticket.
  178. //
  181. KdcReply.ticket = *Ticket;
  182. Status = KerbCacheTicket(
  183. NULL, // no ticket cache
  184. &KdcReply,
  185. NULL, // no kdc reply
  186. NULL, // no target name
  187. NULL, // no target realm
  188. 0, // no flags
  189. FALSE, // don't link entry
  190. WorkstationTicket
  191. );
  192. if (!NT_SUCCESS(Status))
  193. {
  194. goto Cleanup;
  195. }
  198. //
  199. // Return the new logon session.
  200. //
  202. *NewLogonSession = LogonSession;
  203. LogonSession = NULL;
  207. Cleanup:
  209. if (!NT_SUCCESS(Status))
  210. {
  211. if (LogonSession != NULL)
  212. {
  213. KerbReferenceLogonSessionByPointer(LogonSession, TRUE);
  214. KerbDereferenceLogonSession(LogonSession);
  215. }
  217. }
  219. if (Ticket != NULL)
  220. {
  221. KerbFreeData(KERB_TICKET_PDU, Ticket);
  222. }
  223. return(Status);
  224. }
  227. //+-------------------------------------------------------------------------
  228. //
  229. // Function: KerbExtractForwardedTgt
  230. //
  231. // Synopsis: Extracts a forwarded TGT from its encoded representation
  232. // and sticks it in the logon session ticket cache. This
  233. // also updates the user name & domain name in the
  234. // logon session, if they aren't present.
  235. //
  236. // Effects:
  237. //
  238. // Arguments:
  239. //
  240. // Requires:
  241. //
  242. // Returns:
  243. //
  244. // Notes:
  245. //
  246. //
  247. //--------------------------------------------------------------------------
  249. NTSTATUS
  250. KerbExtractForwardedTgt(
  251. IN PKERB_LOGON_SESSION LogonSession,
  252. IN PKERB_MESSAGE_BUFFER ForwardedTgt,
  253. IN PKERB_ENCRYPTED_TICKET WorkstationTicket
  254. )
  255. {
  256. PKERB_CRED KerbCred = NULL;
  257. PKERB_ENCRYPTED_CRED EncryptedCred = NULL;
  258. KERBERR KerbErr;
  259. NTSTATUS Status = STATUS_SUCCESS;
  261. D_DebugLog((DEB_TRACE, "Extracting a forwarded TGT\n"));
  263. KerbErr = KerbUnpackKerbCred(
  264. ForwardedTgt->Buffer,
  265. ForwardedTgt->BufferSize,
  266. &KerbCred
  267. );
  268. if (!KERB_SUCCESS(KerbErr))
  269. {
  270. DebugLog((DEB_WARN, "Failed to unpack kerb cred for forwaded tgt\n"));
  271. Status = KerbMapKerbError(KerbErr);
  272. goto Cleanup;
  274. }
  276. //
  277. // Now decrypt the encrypted part of the KerbCred.
  278. //
  280. KerbErr = KerbDecryptDataEx(
  281. &KerbCred->encrypted_part,
  282. &WorkstationTicket->key,
  283. KERB_CRED_SALT,
  284. (PULONG) &KerbCred->encrypted_part.cipher_text.length,
  285. KerbCred->encrypted_part.cipher_text.value
  286. );
  289. if (!KERB_SUCCESS(KerbErr))
  290. {
  291. DebugLog((DEB_ERROR,"Failed to decrypt KERB_CRED: 0x%x. %ws, line %d\n",KerbErr, THIS_FILE, __LINE__));
  292. if (KerbErr == KRB_ERR_GENERIC)
  293. {
  294. Status = KerbMapKerbError(KerbErr);
  295. goto Cleanup;
  296. }
  297. else
  298. {
  299. Status = STATUS_LOGON_FAILURE;
  301. //
  302. // MIT clients don't encrypt the encrypted part, so drop through
  303. //
  305. }
  306. }
  308. //
  309. // Now unpack the encrypted part.
  310. //
  312. KerbErr = KerbUnpackEncryptedCred(
  313. KerbCred->encrypted_part.cipher_text.value,
  314. KerbCred->encrypted_part.cipher_text.length,
  315. &EncryptedCred
  316. );
  317. if (!KERB_SUCCESS(KerbErr))
  318. {
  319. //
  320. // Use the old status if it is available.
  321. //
  323. if (NT_SUCCESS(Status))
  324. {
  325. Status = KerbMapKerbError(KerbErr);
  326. }
  327. DebugLog((DEB_WARN, "Failed to unpack encrypted cred\n"));
  328. goto Cleanup;
  329. }
  331. //
  332. // Now build a logon session.
  333. //
  335. Status = KerbCreateLogonSessionFromKerbCred(
  336. NULL,
  337. WorkstationTicket,
  338. KerbCred,
  339. EncryptedCred,
  340. &LogonSession
  341. );
  342. if (!NT_SUCCESS(Status))
  343. {
  344. DebugLog((DEB_ERROR,"Failed to create logon session from kerb cred: 0x%x. %ws, line %d\n",Status, THIS_FILE, __LINE__));
  345. goto Cleanup;
  346. }
  348. Cleanup:
  349. if (EncryptedCred != NULL)
  350. {
  351. KerbFreeEncryptedCred(EncryptedCred);
  352. }
  353. if (KerbCred != NULL)
  354. {
  355. KerbFreeKerbCred(KerbCred);
  356. }
  357. return(Status);
  359. }