|
|
/*++
Copyright (c) 1993-2000 Microsoft Corporation
Module Name:
ctxtsrv.cxx
Abstract:
API and support routines for handling security contexts.
Author:
Cliff Van Dyke (CliffV) 13-Jul-1993
Revision History: ChandanS 03-Aug-1996 Stolen from net\svcdlls\ntlmssp\common\context.c JClark 28-Jun-2000 Added WMI Trace Logging Support
--*/
//
// Common include files.
//
#include <global.h>
#include <align.h> // ALIGN_WCHAR, etc
#include "Trace.h"
�NTSTATUSSsprHandleNegotiateMessage( IN ULONG_PTR CredentialHandle, IN OUT PULONG_PTR ContextHandle, IN ULONG ContextReqFlags, IN ULONG InputTokenSize, IN PVOID InputToken, IN OUT PULONG OutputTokenSize, OUT PVOID *OutputToken, OUT PULONG ContextAttributes, OUT PTimeStamp ExpirationTime )
/*++
Routine Description:
Handle the Negotiate message part of AcceptSecurityContext.
Arguments:
All arguments same as for AcceptSecurityContext
Return Value:
STATUS_SUCCESS - Message handled SEC_I_CONTINUE_NEEDED -- Caller should call again later
SEC_E_INVALID_TOKEN -- Token improperly formatted SEC_E_INVALID_HANDLE -- Credential/Context Handle is invalid SEC_E_BUFFER_TOO_SMALL -- Buffer for output token isn't big enough SEC_E_INSUFFICIENT_MEMORY -- Not enough memory
--*/
{ NTSTATUS Status = STATUS_SUCCESS; PSSP_CONTEXT Context = NULL; PSSP_CREDENTIAL Credential = NULL; STRING TargetName; ULONG TargetFlags = 0;
PNEGOTIATE_MESSAGE NegotiateMessage = NULL;
PCHALLENGE_MESSAGE ChallengeMessage = NULL; ULONG ChallengeMessageSize = 0; PCHAR Where = NULL;
ULONG NegotiateFlagsKeyStrength;
UNICODE_STRING NtLmLocalUnicodeTargetName; UNICODE_STRING TargetInfo; STRING NtLmLocalOemTargetName; STRING OemWorkstationName; STRING OemDomainName;
SspPrint(( SSP_API_MORE, "Entering SsprNegotiateMessage\n" )); //
// Initialization
//
*ContextAttributes = 0;
RtlInitString( &TargetName, NULL );
RtlInitUnicodeString( &NtLmLocalUnicodeTargetName, NULL ); RtlInitString( &NtLmLocalOemTargetName, NULL );
RtlInitUnicodeString( &TargetInfo, NULL );
//
// Get a pointer to the credential
//
Status = SspCredentialReferenceCredential( CredentialHandle, FALSE, &Credential );
if ( !NT_SUCCESS( Status ) ) { SspPrint(( SSP_CRITICAL, "SsprHandleNegotiateMessage: invalid credential handle.\n" )); goto Cleanup; }
if ( (Credential->CredentialUseFlags & SECPKG_CRED_INBOUND) == 0 ) { Status = SEC_E_INVALID_CREDENTIAL_USE; SspPrint(( SSP_CRITICAL, "SsprHandleNegotiateMessage: invalid credential use.\n" )); goto Cleanup; }
//
// Allocate a new context
//
Context = SspContextAllocateContext( );
if ( Context == NULL ) { Status = STATUS_NO_MEMORY; SspPrint(( SSP_CRITICAL, "SsprHandleNegotiateMessage: SspContextAllocateContext() returned NULL.\n" )); goto Cleanup; }
//
// Build a handle to the newly created context.
//
*ContextHandle = (ULONG_PTR) Context;
if ( (ContextReqFlags & ASC_REQ_IDENTIFY) != 0 ) {
*ContextAttributes |= ASC_RET_IDENTIFY; Context->ContextFlags |= ASC_RET_IDENTIFY; }
if ( (ContextReqFlags & ASC_REQ_DATAGRAM) != 0 ) {
*ContextAttributes |= ASC_RET_DATAGRAM; Context->ContextFlags |= ASC_RET_DATAGRAM; }
if ( (ContextReqFlags & ASC_REQ_CONNECTION) != 0 ) {
*ContextAttributes |= ASC_RET_CONNECTION; Context->ContextFlags |= ASC_RET_CONNECTION; }
if ( (ContextReqFlags & ASC_REQ_INTEGRITY) != 0 ) {
*ContextAttributes |= ASC_RET_INTEGRITY; Context->ContextFlags |= ASC_RET_INTEGRITY; }
if ( (ContextReqFlags & ASC_REQ_REPLAY_DETECT) != 0){
*ContextAttributes |= ASC_RET_REPLAY_DETECT; Context->ContextFlags |= ASC_RET_REPLAY_DETECT; }
if ( (ContextReqFlags & ASC_REQ_SEQUENCE_DETECT ) != 0) {
*ContextAttributes |= ASC_RET_SEQUENCE_DETECT; Context->ContextFlags |= ASC_RET_SEQUENCE_DETECT; }
// Nothing to return, we might need this on the next server side call.
if ( (ContextReqFlags & ASC_REQ_ALLOW_NULL_SESSION ) != 0) {
Context->ContextFlags |= ASC_REQ_ALLOW_NULL_SESSION; }
if ( (ContextReqFlags & ASC_REQ_ALLOW_NON_USER_LOGONS ) != 0) {
*ContextAttributes |= ASC_RET_ALLOW_NON_USER_LOGONS; Context->ContextFlags |= ASC_RET_ALLOW_NON_USER_LOGONS; }
if ( ContextReqFlags & ASC_REQ_CONFIDENTIALITY ) {
if (NtLmGlobalEncryptionEnabled) { *ContextAttributes |= ASC_RET_CONFIDENTIALITY; Context->ContextFlags |= ASC_RET_CONFIDENTIALITY; } else { Status = STATUS_NOT_SUPPORTED; SspPrint(( SSP_CRITICAL, "SsprHandleNegotiateMessage: invalid ContextReqFlags 0x%lx\n", ContextReqFlags )); goto Cleanup; } }
//
// Supported key strength(s)
//
NegotiateFlagsKeyStrength = NTLMSSP_NEGOTIATE_56;
if( NtLmSecPkg.MachineState & SECPKG_STATE_STRONG_ENCRYPTION_PERMITTED ) { NegotiateFlagsKeyStrength |= NTLMSSP_NEGOTIATE_128; }
//
// Get the NegotiateMessage. If we are re-establishing a datagram
// context then there may not be one.
//
if ( InputTokenSize >= sizeof(OLD_NEGOTIATE_MESSAGE) ) {
Status = SspContextGetMessage( InputToken, InputTokenSize, NtLmNegotiate, (PVOID *)&NegotiateMessage );
if ( !NT_SUCCESS(Status) ) { SspPrint(( SSP_CRITICAL, "SsprHandleNegotiateMessage: " "NegotiateMessage GetMessage returns 0x%lx\n", Status )); goto Cleanup; }
//
// Compute the TargetName to return in the ChallengeMessage.
//
if ( NegotiateMessage->NegotiateFlags & NTLMSSP_REQUEST_TARGET || NegotiateMessage->NegotiateFlags & NTLMSSP_NEGOTIATE_NTLM2 ) {
RtlAcquireResourceShared(&NtLmGlobalCritSect, TRUE); if ( NegotiateMessage->NegotiateFlags & NTLMSSP_NEGOTIATE_UNICODE) { Status = NtLmDuplicateUnicodeString( &NtLmLocalUnicodeTargetName, &NtLmGlobalUnicodeTargetName ); TargetName = *((PSTRING)&NtLmLocalUnicodeTargetName); } else { Status = NtLmDuplicateString( &NtLmLocalOemTargetName, &NtLmGlobalOemTargetName ); TargetName = NtLmLocalOemTargetName; }
//
// if client is NTLM2-aware, send it target info AV pairs
//
if(NT_SUCCESS(Status)) { Status = NtLmDuplicateUnicodeString( &TargetInfo, &NtLmGlobalNtLm3TargetInfo ); }
TargetFlags = NtLmGlobalTargetFlags; RtlReleaseResource (&NtLmGlobalCritSect);
TargetFlags |= NTLMSSP_REQUEST_TARGET | NTLMSSP_NEGOTIATE_TARGET_INFO;
if(!NT_SUCCESS(Status)) { SspPrint(( SSP_CRITICAL, "SsprHandleNegotiateMessage: " "failed to duplicate UnicodeTargetName or OemTargetName error 0x%lx\n", Status ));
goto Cleanup; }
} else { TargetFlags = 0; }
//
// Allocate a Challenge message
//
ChallengeMessageSize = sizeof(*ChallengeMessage) + TargetName.Length + TargetInfo.Length ;
if ((ContextReqFlags & ASC_REQ_ALLOCATE_MEMORY) == 0) { if ( ChallengeMessageSize > *OutputTokenSize ) { SspPrint(( SSP_CRITICAL, "SsprHandleNegotiateMessage: invalid ChallengeMessageSize\n")); Status = SEC_E_BUFFER_TOO_SMALL; goto Cleanup; } }
ChallengeMessage = (PCHALLENGE_MESSAGE) NtLmAllocateLsaHeap( ChallengeMessageSize );
if ( ChallengeMessage == NULL ) { SspPrint(( SSP_CRITICAL, "SsprHandleNegotiateMessage: Error allocating ChallengeMessage.\n" )); Status = STATUS_NO_MEMORY; goto Cleanup; }
ChallengeMessage->NegotiateFlags = 0;
//
// Check that both sides can use the same authentication model. For
// compatibility with beta 1 and 2 (builds 612 and 683), no requested
// authentication type is assumed to be NTLM. If NetWare is explicitly
// asked for, it is assumed that NTLM would have been also, so if it
// wasn't, return an error.
//
if ( (NegotiateMessage->NegotiateFlags & NTLMSSP_NEGOTIATE_NETWARE) && ((NegotiateMessage->NegotiateFlags & NTLMSSP_NEGOTIATE_NTLM) == 0) && ((NegotiateMessage->NegotiateFlags & NTLMSSP_NEGOTIATE_NTLM2) == 0) ) { Status = STATUS_NOT_SUPPORTED; SspPrint(( SSP_CRITICAL, "SsprHandleNegotiateMessage: " "NegotiateMessage asked for Netware only.\n" )); goto Cleanup; } else { ChallengeMessage->NegotiateFlags |= NTLMSSP_NEGOTIATE_NTLM; }
//
// if client can do NTLM2, nuke LM_KEY
//
if (NegotiateMessage->NegotiateFlags & NTLMSSP_NEGOTIATE_NTLM2) { NegotiateMessage->NegotiateFlags &= ~NTLMSSP_NEGOTIATE_LM_KEY;
ChallengeMessage->NegotiateFlags |= NTLMSSP_NEGOTIATE_NTLM2; } else if (NegotiateMessage->NegotiateFlags & NTLMSSP_NEGOTIATE_LM_KEY) { ChallengeMessage->NegotiateFlags |= NTLMSSP_NEGOTIATE_LM_KEY; }
//
// If the client wants to always sign messages, so be it.
//
if (NegotiateMessage->NegotiateFlags & NTLMSSP_NEGOTIATE_ALWAYS_SIGN ) { ChallengeMessage->NegotiateFlags |= NTLMSSP_NEGOTIATE_ALWAYS_SIGN; }
//
// If the caller wants identify level, so be it.
//
if (NegotiateMessage->NegotiateFlags & NTLMSSP_NEGOTIATE_IDENTIFY ) { ChallengeMessage->NegotiateFlags |= NTLMSSP_NEGOTIATE_IDENTIFY;
*ContextAttributes |= ASC_RET_IDENTIFY; Context->ContextFlags |= ASC_RET_IDENTIFY;
}
//
// Determine if the caller wants OEM or UNICODE
//
// Prefer UNICODE if caller allows both.
//
if ( NegotiateMessage->NegotiateFlags & NTLMSSP_NEGOTIATE_UNICODE ) { ChallengeMessage->NegotiateFlags |= NTLMSSP_NEGOTIATE_UNICODE; } else if ( NegotiateMessage->NegotiateFlags & NTLMSSP_NEGOTIATE_OEM ){ ChallengeMessage->NegotiateFlags |= NTLMSSP_NEGOTIATE_OEM; } else { Status = SEC_E_INVALID_TOKEN; SspPrint(( SSP_CRITICAL, "SsprHandleNegotiateMessage: " "NegotiateMessage bad NegotiateFlags 0x%lx\n", NegotiateMessage->NegotiateFlags )); goto Cleanup; }
//
// Client wants Sign capability, OK.
//
if (NegotiateMessage->NegotiateFlags & NTLMSSP_NEGOTIATE_SIGN) { ChallengeMessage->NegotiateFlags |= NTLMSSP_NEGOTIATE_SIGN;
*ContextAttributes |= (ASC_RET_SEQUENCE_DETECT | ASC_RET_REPLAY_DETECT); Context->ContextFlags |= (ASC_RET_SEQUENCE_DETECT | ASC_RET_REPLAY_DETECT);
}
//
// Client wants Seal, OK.
//
if (NegotiateMessage->NegotiateFlags & NTLMSSP_NEGOTIATE_SEAL) { ChallengeMessage->NegotiateFlags |= NTLMSSP_NEGOTIATE_SEAL;
*ContextAttributes |= ASC_RET_CONFIDENTIALITY; Context->ContextFlags |= ASC_RET_CONFIDENTIALITY; }
if(NegotiateMessage->NegotiateFlags & NTLMSSP_NEGOTIATE_KEY_EXCH) { ChallengeMessage->NegotiateFlags |= NTLMSSP_NEGOTIATE_KEY_EXCH;
}
if( (NegotiateMessage->NegotiateFlags & NTLMSSP_NEGOTIATE_56) && (NegotiateFlagsKeyStrength & NTLMSSP_NEGOTIATE_56) ) { ChallengeMessage->NegotiateFlags |= NTLMSSP_NEGOTIATE_56; }
if( (NegotiateMessage->NegotiateFlags & NTLMSSP_NEGOTIATE_128) && (NegotiateFlagsKeyStrength & NTLMSSP_NEGOTIATE_128) ) { ChallengeMessage->NegotiateFlags |= NTLMSSP_NEGOTIATE_128; }
//
// If the client supplied the Domain Name and User Name,
// and did not request datagram, see if the client is running
// on this local machine.
//
if ( ( (NegotiateMessage->NegotiateFlags & NTLMSSP_NEGOTIATE_DATAGRAM) == 0) && ( (NegotiateMessage->NegotiateFlags & (NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED| NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED)) == (NTLMSSP_NEGOTIATE_OEM_DOMAIN_SUPPLIED| NTLMSSP_NEGOTIATE_OEM_WORKSTATION_SUPPLIED) ) ) {
//
// The client must pass the new negotiate message if they pass
// these flags
//
if (InputTokenSize < sizeof(NEGOTIATE_MESSAGE)) { Status = SEC_E_INVALID_TOKEN; SspPrint(( SSP_CRITICAL, "SsprHandleNegotiateMessage: invalid InputTokenSize.\n" )); goto Cleanup; }
//
// Convert the names to absolute references so we
// can compare them
//
if ( !SspConvertRelativeToAbsolute( NegotiateMessage, InputTokenSize, &NegotiateMessage->OemDomainName, &OemDomainName, FALSE, // No special alignment
FALSE ) ) { // NULL not OK
Status = SEC_E_INVALID_TOKEN; SspPrint(( SSP_CRITICAL, "SsprHandleNegotiateMessage: Error from SspConvertRelativeToAbsolute.\n" )); goto Cleanup; }
if ( !SspConvertRelativeToAbsolute( NegotiateMessage, InputTokenSize, &NegotiateMessage->OemWorkstationName, &OemWorkstationName, FALSE, // No special alignment
FALSE ) ) { // NULL not OK
Status = SEC_E_INVALID_TOKEN; SspPrint(( SSP_CRITICAL, "SsprHandleNegotiateMessage: Error from SspConvertRelativeToAbsolute.\n" )); goto Cleanup; }
//
// If both strings match,
// this is a local call.
// The strings have already been uppercased.
//
RtlAcquireResourceShared(&NtLmGlobalCritSect, TRUE);
if ( RtlEqualString( &OemWorkstationName, &NtLmGlobalOemComputerNameString, FALSE ) && RtlEqualString( &OemDomainName, &NtLmGlobalOemPrimaryDomainNameString, FALSE ) ) {#if DBG
IF_DEBUG( NO_LOCAL ) { // nothing.
} else {#endif
ChallengeMessage->NegotiateFlags |= NTLMSSP_NEGOTIATE_LOCAL_CALL; SspPrint(( SSP_MISC, "SsprHandleNegotiateMessage: Local Call.\n" ));
ChallengeMessage->ServerContextHandle = (ULONG64)*ContextHandle;#if DBG
}#endif
} RtlReleaseResource (&NtLmGlobalCritSect); }
//
// Check if datagram is being negotiated
//
if ( (NegotiateMessage->NegotiateFlags & NTLMSSP_NEGOTIATE_DATAGRAM) == NTLMSSP_NEGOTIATE_DATAGRAM) { ChallengeMessage->NegotiateFlags |= NTLMSSP_NEGOTIATE_DATAGRAM; }
} else {
//
// No negotiate message. We need to check if the caller is asking
// for datagram.
//
if ((ContextReqFlags & ASC_REQ_DATAGRAM) == 0 ) { SspPrint(( SSP_CRITICAL, "SsprHandleNegotiateMessage: " "NegotiateMessage size wrong %ld\n", InputTokenSize )); Status = SEC_E_INVALID_TOKEN; goto Cleanup; }
//
// Allocate a Challenge message
//
//
// always send target info -- new for NTLM3!
//
TargetFlags = NTLMSSP_NEGOTIATE_TARGET_INFO;
ChallengeMessageSize = sizeof(*ChallengeMessage) + TargetInfo.Length;
if ((ContextReqFlags & ASC_REQ_ALLOCATE_MEMORY) == 0) { if ( ChallengeMessageSize > *OutputTokenSize ) { Status = SEC_E_BUFFER_TOO_SMALL; SspPrint(( SSP_CRITICAL, "SsprHandleNegotiateMessage: invalid ChallengeMessageSize.\n" )); goto Cleanup; } }
ChallengeMessage = (PCHALLENGE_MESSAGE) NtLmAllocateLsaHeap(ChallengeMessageSize );
if ( ChallengeMessage == NULL ) { Status = STATUS_NO_MEMORY; SspPrint(( SSP_CRITICAL, "SsprHandleNegotiateMessage: Error allocating ChallengeMessage.\n" )); goto Cleanup; }
//
// Record in the context that we are doing datagram. We will tell
// the client everything we can negotiate and let it decide what
// to negotiate.
//
ChallengeMessage->NegotiateFlags = NTLMSSP_NEGOTIATE_DATAGRAM | NTLMSSP_NEGOTIATE_UNICODE | NTLMSSP_NEGOTIATE_OEM | NTLMSSP_NEGOTIATE_SIGN | NTLMSSP_NEGOTIATE_LM_KEY | NTLMSSP_NEGOTIATE_NTLM | NTLMSSP_NEGOTIATE_ALWAYS_SIGN | NTLMSSP_NEGOTIATE_IDENTIFY | NTLMSSP_NEGOTIATE_NTLM2 | NTLMSSP_NEGOTIATE_KEY_EXCH | NegotiateFlagsKeyStrength ;
if (NtLmGlobalEncryptionEnabled) { ChallengeMessage->NegotiateFlags |= NTLMSSP_NEGOTIATE_SEAL; }
}
//
// Build the Challenge Message
//
strcpy( (char *) ChallengeMessage->Signature, NTLMSSP_SIGNATURE ); ChallengeMessage->MessageType = NtLmChallenge; Status = SspGenerateRandomBits( (UCHAR*)ChallengeMessage->Challenge, MSV1_0_CHALLENGE_LENGTH ); if( !NT_SUCCESS( Status ) ) { SspPrint(( SSP_CRITICAL, "SsprHandleNegotiateMessage: SspGenerateRandomBits failed\n")); goto Cleanup; }
Where = (PCHAR)(ChallengeMessage+1);
SspContextCopyString( ChallengeMessage, &ChallengeMessage->TargetName, &TargetName, &Where );
SspContextCopyString( ChallengeMessage, &ChallengeMessage->TargetInfo, (PSTRING)&TargetInfo, &Where );
ChallengeMessage->NegotiateFlags |= TargetFlags;
//
// Save the Challenge and Negotiate Flags in the Context so it
// is available when the authenticate message comes in.
//
RtlCopyMemory( Context->Challenge, ChallengeMessage->Challenge, sizeof( Context->Challenge ) );
Context->NegotiateFlags = ChallengeMessage->NegotiateFlags;
if (!SsprCheckMinimumSecurity( Context->NegotiateFlags, NtLmGlobalMinimumServerSecurity)) {
Status = SEC_E_UNSUPPORTED_FUNCTION; SspPrint(( SSP_CRITICAL, "SsprHandleNegotiateMessage: " "NegotiateMessage didn't support minimum security requirements. (caller=0x%lx wanted=0x%lx\n", Context->NegotiateFlags, NtLmGlobalMinimumServerSecurity )); goto Cleanup; }
if ((ContextReqFlags & ASC_REQ_ALLOCATE_MEMORY) == 0) { RtlCopyMemory( *OutputToken, ChallengeMessage, ChallengeMessageSize );
} else { *OutputToken = ChallengeMessage; ChallengeMessage = NULL; *ContextAttributes |= ASC_RET_ALLOCATED_MEMORY; }
*OutputTokenSize = ChallengeMessageSize;
//
// Return output parameters to the caller.
//
*ExpirationTime = SspContextGetTimeStamp( Context, TRUE ); Context->State = ChallengeSentState;
Status = SEC_I_CONTINUE_NEEDED;
//
// Free and locally used resources.
//
Cleanup:
if ( Context != NULL ) {
//
// If we failed, deallocate the context we allocated above.
// Delinking is a side effect of referencing, so do that.
//
if ( !NT_SUCCESS(Status) ) { PSSP_CONTEXT LocalContext;
SspContextReferenceContext( *ContextHandle, TRUE, &LocalContext );
ASSERT( LocalContext != NULL ); if ( LocalContext != NULL ) { SspContextDereferenceContext( LocalContext ); } }
// Always dereference it.
SspContextDereferenceContext( Context ); }
if ( NegotiateMessage != NULL ) { (VOID) NtLmFreePrivateHeap( NegotiateMessage ); }
if ( ChallengeMessage != NULL ) { (VOID) NtLmFreeLsaHeap( ChallengeMessage ); }
if ( Credential != NULL ) { SspCredentialDereferenceCredential( Credential ); }
if ( NtLmLocalUnicodeTargetName.Buffer != NULL ) { (VOID) NtLmFreePrivateHeap( NtLmLocalUnicodeTargetName.Buffer ); }
if ( NtLmLocalOemTargetName.Buffer != NULL ) { (VOID) NtLmFreePrivateHeap( NtLmLocalOemTargetName.Buffer ); }
if (TargetInfo.Buffer != NULL ) { (VOID) NtLmFreePrivateHeap( TargetInfo.Buffer ); }
SspPrint(( SSP_API_MORE, "Leaving SsprHandleNegotiateMessage: 0x%lx\n", Status ));
return Status;}
�NTSTATUSSsprHandleAuthenticateMessage( IN LSA_SEC_HANDLE CredentialHandle, IN OUT PLSA_SEC_HANDLE ContextHandle, IN ULONG ContextReqFlags, IN ULONG InputTokenSize, IN PVOID InputToken, IN ULONG SecondInputTokenSize, IN PVOID SecondInputToken, IN OUT PULONG OutputTokenSize, OUT PVOID *OutputToken, OUT PULONG ContextAttributes, OUT PTimeStamp ExpirationTime, OUT PUCHAR SessionKey, OUT PULONG NegotiateFlags, OUT PHANDLE TokenHandle, OUT PNTSTATUS ApiSubStatus, OUT PTimeStamp PasswordExpiry, OUT PULONG UserFlags )
/*++
Routine Description:
Handle the authenticate message part of AcceptSecurityContext.
Arguments:
SessionKey - The session key for the context, used for signing and sealing
NegotiateFlags - The flags negotiated for the context, used for sign & seal
ApiSubStatus - Returns the substatus for why the logon failed.
PasswordExpiry - Contains the time that the authenticated user's password expires, or 0x7fffffff ffffffff for local callers.
UserFlags - UserFlags returned in LogonProfile.
All other arguments same as for AcceptSecurityContext
Return Value:
STATUS_SUCCESS - Message handled
SEC_E_INVALID_TOKEN -- Token improperly formatted SEC_E_INVALID_HANDLE -- Credential/Context Handle is invalid SEC_E_BUFFER_TOO_SMALL -- Buffer for output token isn't big enough SEC_E_LOGON_DENIED -- User is no allowed to logon to this server SEC_E_INSUFFICIENT_MEMORY -- Not enough memory
--*/
{ SECURITY_STATUS SecStatus = STATUS_SUCCESS; NTSTATUS Status = STATUS_SUCCESS; PSSP_CONTEXT Context = NULL;
PNEGOTIATE_MESSAGE NegotiateMessage = NULL; PAUTHENTICATE_MESSAGE AuthenticateMessage = NULL; PNTLM_AUTHENTICATE_MESSAGE NtLmAuthenticateMessage = NULL; PNTLM_ACCEPT_RESPONSE NtLmAcceptResponse = NULL; ULONG MsvLogonMessageSize = 0; PMSV1_0_LM20_LOGON MsvLogonMessage = NULL; ULONG MsvSubAuthLogonMessageSize = 0; PMSV1_0_SUBAUTH_LOGON MsvSubAuthLogonMessage = NULL; ULONG LogonProfileMessageSize; PMSV1_0_LM20_LOGON_PROFILE LogonProfileMessage = NULL;
BOOLEAN DoUnicode = FALSE; STRING DomainName2; STRING UserName2; STRING Workstation2; STRING SessionKeyString; UNICODE_STRING DomainName; UNICODE_STRING UserName; UNICODE_STRING Workstation; LARGE_INTEGER KickOffTime;
LUID LogonId = {0}; HANDLE LocalTokenHandle = NULL; BOOLEAN LocalTokenHandleOpenned = FALSE; TOKEN_SOURCE SourceContext; QUOTA_LIMITS Quotas; NTSTATUS SubStatus; STRING OriginName; PCHAR Where; UCHAR LocalSessionKey[LM_RESPONSE_LENGTH]; PSSP_CREDENTIAL Credential = NULL; BOOLEAN fCallFromSrv = FALSE; PUNICODE_STRING AccountName = NULL; PUNICODE_STRING AuthenticatingAuthority = NULL; PUNICODE_STRING WorkstationName = NULL; STRING NtChallengeResponse; STRING LmChallengeResponse; BOOL fSubAuth = FALSE; ULONG SubAuthPackageId = 0; PSID AllocatedAuditSid = NULL ; PSID AuditSid = NULL; BOOLEAN fAvoidGuestAudit = FALSE; SECPKG_PRIMARY_CRED PrimaryCredentials;
//Tracing State
NTLM_TRACE_INFO TraceInfo = {0}; PLSA_SEC_HANDLE TraceOldContextHandle = ContextHandle;
ASSERT(LM_RESPONSE_LENGTH >= MSV1_0_USER_SESSION_KEY_LENGTH);
SspPrint(( SSP_API_MORE, "Entering SsprHandleAuthenticateMessage\n")); //
// Initialization
//
*ContextAttributes = 0; RtlInitUnicodeString( &DomainName, NULL ); RtlInitUnicodeString( &UserName, NULL ); RtlInitUnicodeString( &Workstation, NULL ); *ApiSubStatus = STATUS_SUCCESS; PasswordExpiry->LowPart = 0xffffffff; PasswordExpiry->HighPart = 0x7fffffff; *UserFlags = 0;
RtlZeroMemory(&PrimaryCredentials, sizeof(SECPKG_PRIMARY_CRED));
if (*ContextHandle == NULL) { // This is possibly an old style srv call (for 4.0 and before)
// so, alloc the context and replace the creds if new ones exists
fCallFromSrv = TRUE;
SspPrint((SSP_API_MORE, "SsprHandleAuthenticateMessage: *ContextHandle is NULL (old style SRV)\n"));
SECPKG_CALL_INFO CallInfo = {0};
//
// Client must have TCB, otherwise an un-trusted LSA-client could use a
// stolen challenge/response pair to network logon any user
//
if ( !LsaFunctions->GetCallInfo( &CallInfo ) || ((CallInfo.Attributes & SECPKG_CALL_IS_TCB) == 0) ) { Status = STATUS_PRIVILEGE_NOT_HELD; SspPrint((SSP_CRITICAL, "SsprHandleAuthenticateMessage: Client does not hold Tcb\n")); goto Cleanup; }
SecStatus = SspCredentialReferenceCredential( CredentialHandle, FALSE, &Credential );
if ( !NT_SUCCESS( SecStatus ) ) { SspPrint(( SSP_CRITICAL, "SsprHandleAuthenticateMessage: SspCredentialReferenceCredential returns %x.\n", SecStatus )); goto Cleanup; }
// check the validity of the NtlmAuthenticateMessage
if (SecondInputTokenSize < sizeof(NTLM_AUTHENTICATE_MESSAGE)) { SspPrint(( SSP_CRITICAL, "SsprHandleAuthenticateMessage: NtlmAuthenticateMessage size if bogus.\n" )); SecStatus = SEC_E_INVALID_TOKEN; goto Cleanup;
}
// This is a superflous check since we alloc only if the caller
// has asked us too. This is to make sure that the srv always allocs
if (ContextReqFlags & ISC_REQ_ALLOCATE_MEMORY) { SspPrint(( SSP_CRITICAL, "SsprHandleAuthenticateMessage: ContextReqFlags has ISC_REQ_ALLOCATE_MEMORY.\n" )); SecStatus = STATUS_NOT_SUPPORTED; goto Cleanup; }
if (*OutputTokenSize < sizeof(NTLM_ACCEPT_RESPONSE)) { SspPrint(( SSP_CRITICAL, "SsprHandleAuthenticateMessage: NtlmAcceptResponse size if bogus.\n" )); SecStatus = SEC_E_INVALID_TOKEN; goto Cleanup; }
//
// Allocate a new context
//
Context = SspContextAllocateContext();
if (Context == NULL) { SspPrint(( SSP_CRITICAL, "SsprHandleAuthenticateMessage: SspContextAllocateContext returns NULL.\n" )); SecStatus = STATUS_NO_MEMORY; goto Cleanup; }
// We've just added a context, we don't nornally add and then
// reference it.
SspContextDereferenceContext( Context );
*ContextHandle = (LSA_SEC_HANDLE) Context;
// Assign the Credential
Context->Credential = Credential; Credential = NULL;
NtLmAuthenticateMessage = (PNTLM_AUTHENTICATE_MESSAGE) SecondInputToken; if (NtLmAuthenticateMessage == NULL) { SspPrint(( SSP_CRITICAL, "SsprHandleAuthenticateMessage: Error while assigning NtLmAuthenticateMessage\n" )); SecStatus = STATUS_NO_MEMORY; goto Cleanup; }
// copy challenge from NTLM_AUTHENTICATE_MESSAGE
RtlCopyMemory(Context->Challenge, NtLmAuthenticateMessage->ChallengeToClient, MSV1_0_CHALLENGE_LENGTH);
if (NtLmAuthenticateMessage->ParameterControl & MSV1_0_SUBAUTHENTICATION_FLAGS) { fSubAuth = TRUE; SubAuthPackageId = (NtLmAuthenticateMessage->ParameterControl >> MSV1_0_SUBAUTHENTICATION_DLL_SHIFT) ; } Context->State = ChallengeSentState; Context->NegotiateFlags = NTLMSSP_NEGOTIATE_UNICODE ;
//
// The server may request this option with a <= 4.0 client, in
// which case HandleNegotiateMessage, which normally sets
// this flag, won't have been called.
//
if ( (ContextReqFlags & ASC_REQ_ALLOW_NON_USER_LOGONS ) != 0) {
*ContextAttributes |= ASC_RET_ALLOW_NON_USER_LOGONS; Context->ContextFlags |= ASC_RET_ALLOW_NON_USER_LOGONS; }
}
//
// Find the currently existing context.
//
SecStatus = SspContextReferenceContext( *ContextHandle, FALSE, &Context );
if ( !NT_SUCCESS(SecStatus) ) { SspPrint(( SSP_CRITICAL, "SsprHandleAuthenticateMessage: Error from SspContextReferenceContext.\n" ));
goto Cleanup; }
if ( ( Context->State != ChallengeSentState) && ( Context->State != AuthenticatedState) ) { SspPrint(( SSP_CRITICAL, "SsprHandleAuthenticateMessage: " "Context not in ChallengeSentState\n" )); SecStatus = SEC_E_OUT_OF_SEQUENCE; goto Cleanup; }
//
// Ignore the Credential Handle.
//
// Since this is the second call,
// the credential is implied by the Context.
// We could double check that the Credential Handle is either NULL or
// correct. However, our implementation doesn't maintain a close
// association between the two (actually no association) so checking
// would require a lot of overhead.
//
UNREFERENCED_PARAMETER( CredentialHandle );
//
// Get the AuthenticateMessage.
//
if ( InputTokenSize < sizeof(OLD_AUTHENTICATE_MESSAGE) ) { SspPrint(( SSP_CRITICAL, "SsprHandleAuthenticateMessage: " "AuthenticateMessage size wrong %ld\n", InputTokenSize )); SecStatus = SEC_E_INVALID_TOKEN; goto Cleanup; }
SecStatus = SspContextGetMessage( InputToken, InputTokenSize, NtLmAuthenticate, (PVOID *)&AuthenticateMessage );
if ( !NT_SUCCESS(SecStatus) ) { SspPrint(( SSP_CRITICAL, "SsprHandleAuthenticateMessage: " "AuthenticateMessage GetMessage returns 0x%lx\n", SecStatus )); goto Cleanup; }
if (fCallFromSrv) { // Copy the Context Negotiate Flags from what's sent in
Context->NegotiateFlags |= AuthenticateMessage->NegotiateFlags; } //
// If the call comes and we have already authenticated, then it is
// probably RPC trying to reauthenticate, which happens when someone
// calls two interfaces on the same connection. In this case we don't
// have to do anything - we just return success and let them get on
// with it. We do want to check that the input token is all zeros,
// though.
//
if ( Context->State == AuthenticatedState ) { AUTHENTICATE_MESSAGE NullMessage;
*OutputTokenSize = 0;
//
// Check that all the fields are null. There are 5 strings
// in the Authenticate message that have to be set to zero.
//
RtlZeroMemory(&NullMessage.LmChallengeResponse,5*sizeof(STRING32));
if (memcmp(&AuthenticateMessage->LmChallengeResponse, &NullMessage.LmChallengeResponse, sizeof(STRING32) * 5) ) { SecStatus = SEC_E_INVALID_TOKEN; SspPrint(( SSP_CRITICAL, "SsprHandleAuthenticateMessage: " "AuthenticateMessage->LmChallengeResponse is not zeroed\n")); } else { *ContextAttributes = SSP_RET_REAUTHENTICATION; SecStatus = STATUS_SUCCESS; } goto Cleanup; }
//
// If we are re-establishing a datagram context, get the negotiate flags
// out of this message.
//
if ((Context->NegotiateFlags & NTLMSSP_NEGOTIATE_DATAGRAM) != 0) {
if ((InputTokenSize < sizeof(AUTHENTICATE_MESSAGE)) || ((AuthenticateMessage->NegotiateFlags & NTLMSSP_NEGOTIATE_DATAGRAM) == 0) ) { SecStatus = SEC_E_INVALID_TOKEN; goto Cleanup; }
Context->NegotiateFlags = AuthenticateMessage->NegotiateFlags;
//
// always do key exchange with datagram if we need a key (for SIGN or SEAL)
//
if (Context->NegotiateFlags & (NTLMSSP_NEGOTIATE_SIGN | NTLMSSP_NEGOTIATE_SEAL)) { Context->NegotiateFlags |= NTLMSSP_NEGOTIATE_KEY_EXCH; }
//
// if got NTLM2, don't use LM_KEY
//
if ( (Context->NegotiateFlags & NTLMSSP_NEGOTIATE_NTLM2) != 0 ) { if( Context->NegotiateFlags & NTLMSSP_NEGOTIATE_LM_KEY ) { SspPrint(( SSP_NEGOTIATE_FLAGS, "SsprHandleAuthenticateMessage: " "AuthenticateMessage (datagram) NTLM2 caused LM_KEY to be disabled.\n" )); }
Context->NegotiateFlags &= ~NTLMSSP_NEGOTIATE_LM_KEY; }
}
//
// Check that client asked for minimum security required.
// not done for legacy down-level case, as, NegotiateFlags are
// constructed from incomplete information.
//
if( !fCallFromSrv ) { if (!SsprCheckMinimumSecurity( AuthenticateMessage->NegotiateFlags, NtLmGlobalMinimumServerSecurity)) {
SecStatus = SEC_E_UNSUPPORTED_FUNCTION; SspPrint(( SSP_CRITICAL, "SsprHandleAuthenticateMessage: " "client didn't support minimum security requirements.\n" )); goto Cleanup; }
}
//
// Convert relative pointers to absolute.
//
DoUnicode = ( Context->NegotiateFlags & NTLMSSP_NEGOTIATE_UNICODE ) != 0;
if (!SspConvertRelativeToAbsolute(AuthenticateMessage, InputTokenSize, &AuthenticateMessage->LmChallengeResponse, (PSTRING) &LmChallengeResponse, FALSE, // No special alignment
TRUE ) ) { // NULL OK
SecStatus = SEC_E_INVALID_TOKEN; goto Cleanup; }
if (!SspConvertRelativeToAbsolute(AuthenticateMessage, InputTokenSize, &AuthenticateMessage->NtChallengeResponse, (PSTRING) &NtChallengeResponse, FALSE, // No special alignment
TRUE ) ) { // NULL OK
SecStatus = SEC_E_INVALID_TOKEN; goto Cleanup; }
if (!SspConvertRelativeToAbsolute(AuthenticateMessage, InputTokenSize, &AuthenticateMessage->DomainName, &DomainName2, DoUnicode, // Unicode alignment
TRUE ) ) { // NULL OK
SecStatus = SEC_E_INVALID_TOKEN; goto Cleanup; }
if ( !SspConvertRelativeToAbsolute( AuthenticateMessage, InputTokenSize, &AuthenticateMessage->UserName, &UserName2, DoUnicode, // Unicode alignment
#ifdef notdef
//
// Allow null sessions. The server should guard against them if
// it doesn't want them.
//
FALSE )) { // User name cannot be NULL
#endif // notdef
TRUE ) ) { // NULL OK
SecStatus = SEC_E_INVALID_TOKEN; goto Cleanup; }
if ( !SspConvertRelativeToAbsolute( AuthenticateMessage, InputTokenSize, &AuthenticateMessage->Workstation, &Workstation2, DoUnicode, // Unicode alignment
TRUE ) ) { // NULL OK
SecStatus = SEC_E_INVALID_TOKEN; goto Cleanup; }
//
// If this is datagram, get the session key
//
/// if ((Context->NegotiateFlags & NTLMSSP_NEGOTIATE_DATAGRAM) != 0) {
if ((Context->NegotiateFlags & NTLMSSP_NEGOTIATE_KEY_EXCH) != 0) {
if ( !SspConvertRelativeToAbsolute( AuthenticateMessage, InputTokenSize, &AuthenticateMessage->SessionKey, &SessionKeyString, FALSE, // No special alignment
TRUE) ) { // NULL OK
SecStatus = SEC_E_INVALID_TOKEN; goto Cleanup; }
//
// It should be NULL if this is a local call
//
if (((Context->NegotiateFlags & NTLMSSP_NEGOTIATE_LOCAL_CALL) == 0) && (SessionKeyString.Buffer == NULL)) { SecStatus = SEC_E_INVALID_TOKEN; goto Cleanup; }
if(Context->NegotiateFlags & NTLMSSP_NEGOTIATE_LOCAL_CALL) { static const UCHAR FixedSessionKey[MSV1_0_USER_SESSION_KEY_LENGTH] = { 'S', 'y', 's', 't', 'e', 'm', 'L', 'i', 'b', 'r', 'a', 'r', 'y', 'D', 'T', 'C' };
RtlCopyMemory(Context->SessionKey, FixedSessionKey, MSV1_0_USER_SESSION_KEY_LENGTH); }
}
//
// Convert the domainname/user name/workstation to the right character set.
//
if ( DoUnicode ) {
DomainName = *((PUNICODE_STRING) &DomainName2); UserName = *((PUNICODE_STRING) &UserName2); Workstation = *((PUNICODE_STRING) &Workstation2);
} else {
SspPrint(( SSP_API_MORE, "SsprHandleAuthenticateMessage: Not doing Unicode\n")); Status = RtlOemStringToUnicodeString( &DomainName, &DomainName2, TRUE);
if ( !NT_SUCCESS(Status) ) { SecStatus = SspNtStatusToSecStatus( Status, SEC_E_INSUFFICIENT_MEMORY ); goto Cleanup; }
Status = RtlOemStringToUnicodeString( &UserName, &UserName2, TRUE);
if ( !NT_SUCCESS(Status) ) { SecStatus = SspNtStatusToSecStatus( Status, SEC_E_INSUFFICIENT_MEMORY ); goto Cleanup; }
Status = RtlOemStringToUnicodeString( &Workstation, &Workstation2, TRUE);
if ( !NT_SUCCESS(Status) ) { SecStatus = SspNtStatusToSecStatus( Status, SEC_E_INSUFFICIENT_MEMORY ); goto Cleanup; }
}
//
// Trace the username, domain name and workstation
//
if (NtlmGlobalEventTraceFlag){
//Header goo
SET_TRACE_HEADER(TraceInfo, NtlmAcceptGuid, EVENT_TRACE_TYPE_INFO, WNODE_FLAG_TRACED_GUID|WNODE_FLAG_USE_MOF_PTR, 10);
int TraceHint = TRACE_ACCEPT_INFO; SET_TRACE_DATA(TraceInfo, TRACE_INITACC_STAGEHINT, TraceHint);
SET_TRACE_DATAPTR(TraceInfo, TRACE_INITACC_INCONTEXT, TraceOldContextHandle);
SET_TRACE_DATAPTR(TraceInfo, TRACE_INITACC_OUTCONTEXT, ContextHandle);
// lets see the negotiate flags here
SET_TRACE_DATA(TraceInfo, TRACE_INITACC_STATUS, Context->NegotiateFlags);
SET_TRACE_USTRING(TraceInfo, TRACE_INITACC_CLIENTNAME, UserName);
SET_TRACE_USTRING(TraceInfo, TRACE_INITACC_CLIENTDOMAIN, DomainName);
SET_TRACE_USTRING(TraceInfo, TRACE_INITACC_WORKSTATION, Workstation);
TraceEvent( NtlmGlobalTraceLoggerHandle, (PEVENT_TRACE_HEADER)&TraceInfo ); }
//
// If the client is on the same machine as we are, just
// use the token the client has already placed in our context structure,
//
if ( (Context->NegotiateFlags & NTLMSSP_NEGOTIATE_LOCAL_CALL ) && Context->TokenHandle != NULL && DomainName.Length == 0 && UserName.Length == 0 && Workstation.Length == 0 && AuthenticateMessage->NtChallengeResponse.Length == 0 && AuthenticateMessage->LmChallengeResponse.Length == 0 ) {
static const UCHAR FixedSessionKey[MSV1_0_USER_SESSION_KEY_LENGTH] = { 'S', 'y', 's', 't', 'e', 'm', 'L', 'i', 'b', 'r', 'a', 'r', 'y', 'D', 'T', 'C' };
LocalTokenHandle = Context->TokenHandle; Context->TokenHandle = NULL;
KickOffTime.HighPart = 0x7FFFFFFF; KickOffTime.LowPart = 0xFFFFFFFF;
RtlCopyMemory(Context->SessionKey, FixedSessionKey, MSV1_0_USER_SESSION_KEY_LENGTH); SspPrint(( SSP_MISC, "SsprHandleAuthenticateMessage: Local Call\n"));
if( (ContextReqFlags & ASC_REQ_DELEGATE) ) { //
// can support another hop if loopback.
//
*ContextAttributes |= ASC_RET_DELEGATE; Context->ContextFlags |= ASC_RET_DELEGATE; }
//
// If the client is on a different machine than we are,
// use LsaLogonUser to create a token for the client.
//
} else {
//
// Store user name and domain name
//
SecStatus = NtLmDuplicateUnicodeString( &Context->UserName, &UserName); if (!NT_SUCCESS(SecStatus)) { goto Cleanup; }
SecStatus = NtLmDuplicateUnicodeString( &Context->DomainName, &DomainName); if (!NT_SUCCESS(SecStatus)) { goto Cleanup; }
//
// Allocate an MSV1_0 network logon message
//
if (!fSubAuth) {
//
// The string buffers may be used as structure pointers later on.
// Align them to pointer boundaries to avoid alignment problems.
//
MsvLogonMessageSize = ROUND_UP_COUNT(sizeof(*MsvLogonMessage) + DomainName.Length + UserName.Length + Workstation.Length, ALIGN_LPVOID) + ROUND_UP_COUNT(AuthenticateMessage->NtChallengeResponse.Length, ALIGN_LPVOID) + AuthenticateMessage->LmChallengeResponse.Length;
MsvLogonMessage = (PMSV1_0_LM20_LOGON) NtLmAllocatePrivateHeap(MsvLogonMessageSize );
if ( MsvLogonMessage == NULL ) { SecStatus = STATUS_NO_MEMORY; SspPrint(( SSP_CRITICAL, "SsprHandleAuthenticateMessage: Error allocating MsvLogonMessage")); goto Cleanup; }
//
// Build the MSV1_0 network logon message to pass to the LSA.
//
MsvLogonMessage->MessageType = MsV1_0NetworkLogon;
Where = (PCHAR)(MsvLogonMessage+1);
SspContextCopyStringAbsolute( MsvLogonMessage, (PSTRING)&MsvLogonMessage->LogonDomainName, (PSTRING)&DomainName, &Where );
SspContextCopyStringAbsolute( MsvLogonMessage, (PSTRING)&MsvLogonMessage->UserName, (PSTRING)&UserName, &Where );
SspContextCopyStringAbsolute( MsvLogonMessage, (PSTRING)&MsvLogonMessage->Workstation, (PSTRING)&Workstation, &Where );
RtlCopyMemory( MsvLogonMessage->ChallengeToClient, Context->Challenge, sizeof( MsvLogonMessage->ChallengeToClient ) );
Where = (PCHAR) ROUND_UP_POINTER(Where, ALIGN_LPVOID); SspContextCopyStringAbsolute( MsvLogonMessage, &MsvLogonMessage->CaseSensitiveChallengeResponse, &NtChallengeResponse, &Where );
Where = (PCHAR) ROUND_UP_POINTER(Where, ALIGN_LPVOID); SspContextCopyStringAbsolute(MsvLogonMessage, &MsvLogonMessage->CaseInsensitiveChallengeResponse, &LmChallengeResponse, &Where );
MsvLogonMessage->ParameterControl = MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT;
// This is required by the pre 4.0 server
if (fCallFromSrv) { MsvLogonMessage->ParameterControl = MSV1_0_CLEARTEXT_PASSWORD_ALLOWED | NtLmAuthenticateMessage->ParameterControl;
if ( (Context->ContextFlags & ASC_RET_ALLOW_NON_USER_LOGONS ) != 0) { MsvLogonMessage->ParameterControl |= MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT; } } else { MsvLogonMessage->ParameterControl |= MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT; }
//
// Get the profile path for EFS
//
MsvLogonMessage->ParameterControl |= MSV1_0_RETURN_PROFILE_PATH;
//
// By passing in the RETURN_PASSWORD_EXPIRY flag, the password
// expiration time is returned in the logoff time
//
MsvLogonMessage->ParameterControl |= MSV1_0_RETURN_PASSWORD_EXPIRY;
//
// for Personal easy file/print sharing, hint to LsaLogonUser
// that Forced Guest may occur.
//
MsvLogonMessage->ParameterControl |= MSV1_0_ALLOW_FORCE_GUEST; } else {
MsvSubAuthLogonMessageSize = ROUND_UP_COUNT(sizeof(*MsvSubAuthLogonMessage) + DomainName.Length + UserName.Length + Workstation.Length, ALIGN_LPVOID) + ROUND_UP_COUNT(AuthenticateMessage->NtChallengeResponse.Length, ALIGN_LPVOID) + AuthenticateMessage->LmChallengeResponse.Length;
MsvSubAuthLogonMessage = (PMSV1_0_SUBAUTH_LOGON) NtLmAllocatePrivateHeap(MsvSubAuthLogonMessageSize );
if ( MsvSubAuthLogonMessage == NULL ) { SecStatus = STATUS_NO_MEMORY; SspPrint(( SSP_CRITICAL, "SsprHandleAuthenticateMessage: Error allocating MsvSubAuthLogonMessage")); goto Cleanup; }
//
// Build the MSV1_0 subauth logon message to pass to the LSA.
//
MsvSubAuthLogonMessage->MessageType = MsV1_0SubAuthLogon;
Where = (PCHAR)(MsvSubAuthLogonMessage+1);
SspContextCopyStringAbsolute( MsvSubAuthLogonMessage, (PSTRING)&MsvSubAuthLogonMessage->LogonDomainName, (PSTRING)&DomainName, &Where );
SspContextCopyStringAbsolute( MsvSubAuthLogonMessage, (PSTRING)&MsvSubAuthLogonMessage->UserName, (PSTRING)&UserName, &Where );
SspContextCopyStringAbsolute( MsvSubAuthLogonMessage, (PSTRING)&MsvSubAuthLogonMessage->Workstation, (PSTRING)&Workstation, &Where );
RtlCopyMemory( MsvSubAuthLogonMessage->ChallengeToClient, Context->Challenge, sizeof( MsvSubAuthLogonMessage->ChallengeToClient ) );
Where = (PCHAR) ROUND_UP_POINTER(Where, ALIGN_LPVOID); SspContextCopyStringAbsolute( MsvSubAuthLogonMessage, &MsvSubAuthLogonMessage->AuthenticationInfo1, &LmChallengeResponse, &Where );
Where = (PCHAR) ROUND_UP_POINTER(Where, ALIGN_LPVOID); SspContextCopyStringAbsolute(MsvSubAuthLogonMessage, &MsvSubAuthLogonMessage->AuthenticationInfo2, &NtChallengeResponse, &Where );
MsvSubAuthLogonMessage->ParameterControl = MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT;
MsvSubAuthLogonMessage->SubAuthPackageId = SubAuthPackageId;
// This is required by the pre 4.0 server
if (fCallFromSrv) { MsvSubAuthLogonMessage->ParameterControl = MSV1_0_CLEARTEXT_PASSWORD_ALLOWED | NtLmAuthenticateMessage->ParameterControl; }
if ( (Context->ContextFlags & ASC_RET_ALLOW_NON_USER_LOGONS ) != 0) { MsvSubAuthLogonMessage->ParameterControl |= MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT; }
//
// By passing in the RETURN_PASSWORD_EXPIRY flag, the password
// expiration time is returned in the logoff time
//
MsvSubAuthLogonMessage->ParameterControl |= MSV1_0_RETURN_PASSWORD_EXPIRY;
//
// for Personal easy file/print sharing, hint to LsaLogonUser
// that Forced Guest may occur.
//
MsvSubAuthLogonMessage->ParameterControl |= MSV1_0_ALLOW_FORCE_GUEST; }
//
// if NTLM2 is negotiated, then mix my challenge with the client's...
// But, special case for null sessions. since we already negotiated
// NTLM2, but the LmChallengeResponse field is actually used
// here. REVIEW -- maybe don't negotiate NTLM2 if NULL session
//
if((Context->NegotiateFlags & NTLMSSP_NEGOTIATE_NTLM2) && (AuthenticateMessage->LmChallengeResponse.Length >= MSV1_0_CHALLENGE_LENGTH)) { MsvLogonMessage->ParameterControl |= MSV1_0_USE_CLIENT_CHALLENGE; }
//
// Log this user on.
//
// No origin (could use F(workstaion))
RtlInitString( &OriginName, NULL );
strncpy( SourceContext.SourceName, "NtLmSsp ", sizeof(SourceContext.SourceName) );
RtlZeroMemory( &SourceContext.SourceIdentifier, sizeof(SourceContext.SourceIdentifier) );
{ PVOID TokenInformation; LSA_TOKEN_INFORMATION_TYPE TokenInformationType; LSA_TOKEN_INFORMATION_TYPE OriginalTokenType; PSECPKG_SUPPLEMENTAL_CRED_ARRAY Credentials = NULL; PPRIVILEGE_SET PrivilegesAssigned = NULL;
if (!fSubAuth) { Status = LsaApLogonUserEx2( (PLSA_CLIENT_REQUEST) (-1), Network, MsvLogonMessage, MsvLogonMessage, MsvLogonMessageSize, (PVOID *) &LogonProfileMessage, &LogonProfileMessageSize, &LogonId, &SubStatus, &TokenInformationType, &TokenInformation, &AccountName, &AuthenticatingAuthority, &WorkstationName, &PrimaryCredentials, &Credentials ); } else { Status = LsaApLogonUserEx2( (PLSA_CLIENT_REQUEST) (-1), Network, MsvSubAuthLogonMessage, MsvSubAuthLogonMessage, MsvSubAuthLogonMessageSize, (PVOID *) &LogonProfileMessage, &LogonProfileMessageSize, &LogonId, &SubStatus, &TokenInformationType, &TokenInformation, &AccountName, &AuthenticatingAuthority, &WorkstationName, &PrimaryCredentials, &Credentials ); }
if ( !NT_SUCCESS(Status) ) { SspPrint(( SSP_CRITICAL, "SsprHandleAuthenticateMessage: " "LsaApLogonUserEx2 returns 0x%lx for context 0x%x\n", Status, Context )); SecStatus = SspNtStatusToSecStatus( Status, SEC_E_LOGON_DENIED ); if (Status == STATUS_PASSWORD_MUST_CHANGE) { *ApiSubStatus = Status; } else if (Status == STATUS_ACCOUNT_RESTRICTION) { *ApiSubStatus = SubStatus; } else { *ApiSubStatus = Status; }
goto Cleanup; }
if ( !NT_SUCCESS(SubStatus) ) { SspPrint(( SSP_CRITICAL, "SsprHandleAuthenticateMessage: " "LsaApLogonUserEx2 returns SubStatus of 0x%lx\n", SubStatus )); SecStatus = SspNtStatusToSecStatus( SubStatus, SEC_E_LOGON_DENIED ); goto Cleanup; }
//
// Check if this was a null session. The TokenInformationType will
// be LsaTokenInformationNull if it is. If so, we may need to fail
// the logon.
//
if (TokenInformationType == LsaTokenInformationNull) {
//
// RESTRICT_NULL_SESSIONS deemed too risky because legacy behavior of package
// allows null sessions from SYSTEM.
//
#ifdef RESTRICT_NULL_SESSIONS
if ((Context->ContextFlags & ASC_REQ_ALLOW_NULL_SESSION) == 0) { SspPrint(( SSP_CRITICAL, "SsprHandleAuthenticateMessage: " "Null session logon attempted but not allowed\n" )); SecStatus = SEC_E_LOGON_DENIED; goto Cleanup; }#endif
*ContextAttributes |= ASC_RET_NULL_SESSION; Context->ContextFlags |= ASC_RET_NULL_SESSION; Context->NegotiateFlags |= NTLMSSP_NEGOTIATE_NULL_SESSION;
AuditSid = NtLmGlobalAnonymousSid; } else { PLSA_TOKEN_INFORMATION_V2 TokenInfoV2 ;
TokenInfoV2 = (PLSA_TOKEN_INFORMATION_V2) TokenInformation ;
SafeAllocaAllocate( AllocatedAuditSid, RtlLengthSid( TokenInfoV2->User.User.Sid ) );
if ( AllocatedAuditSid ) {
RtlCopyMemory( AllocatedAuditSid, TokenInfoV2->User.User.Sid, RtlLengthSid( TokenInfoV2->User.User.Sid ) );
}
AuditSid = AllocatedAuditSid; }
Status = LsaFunctions->CreateTokenEx( &LogonId, &SourceContext, Network, (((Context->NegotiateFlags & NTLMSSP_NEGOTIATE_IDENTIFY) != 0) ? SecurityIdentification : SecurityImpersonation), TokenInformationType, TokenInformation, NULL, WorkstationName, ((LogonProfileMessage->UserFlags & LOGON_PROFILE_PATH_RETURNED) != 0) ? &LogonProfileMessage->UserParameters : NULL, &PrimaryCredentials, SecSessionPrimaryCred, &LocalTokenHandle, &SubStatus);
} // end of block for LsaLogonUser
if ( !NT_SUCCESS(Status) ) { SspPrint(( SSP_CRITICAL, "SsprHandleAuthenticateMessage: " "CreateToken returns 0x%lx\n", Status )); SecStatus = Status; goto Cleanup; }
if ( !NT_SUCCESS(SubStatus) ) { SspPrint(( SSP_CRITICAL, "SsprHandleAuthenticateMessage: " "CreateToken returns SubStatus of 0x%lx\n", SubStatus )); SecStatus = SubStatus; goto Cleanup; }
LocalTokenHandleOpenned = TRUE;
//
// Don't allow cleartext password on the logon.
// Except if called from Downlevel
if (!fCallFromSrv) { if ( LogonProfileMessage->UserFlags & LOGON_NOENCRYPTION ) { SspPrint(( SSP_CRITICAL, "SsprHandleAuthenticateMessage: " "LsaLogonUser used cleartext password\n" )); SecStatus = SEC_E_LOGON_DENIED; goto Cleanup;
} }
//
// If we did a guest logon, set the substatus to be STATUS_NO_SUCH_USER
//
if ( LogonProfileMessage->UserFlags & LOGON_GUEST ) { fAvoidGuestAudit = TRUE; *ApiSubStatus = STATUS_NO_SUCH_USER;
#if 0
//
// If caller required Sign/Seal, fail them here
//
if ( (!NtLmGlobalForceGuest) && (Context->NegotiateFlags & NTLMSSP_NEGOTIATE_SEAL) ) { SspPrint(( SSP_CRITICAL, "SsprHandleAuthenticateMessage: " "LsaLogonUser logged user as a guest but seal is requested\n" )); SecStatus = SEC_E_LOGON_DENIED; goto Cleanup; }#endif
}
//
// Save important information about the caller.
//
KickOffTime = LogonProfileMessage->KickOffTime;
//
// By passing in the RETURN_PASSWORD_EXPIRY flag, the password
// expiration time is returned in the logoff time
//
*PasswordExpiry = LogonProfileMessage->LogoffTime; *UserFlags = LogonProfileMessage->UserFlags;
//
// set the session key to what the client sent us (if anything)
//
if (Context->NegotiateFlags & NTLMSSP_NEGOTIATE_KEY_EXCH && AuthenticateMessage->SessionKey.Length == MSV1_0_USER_SESSION_KEY_LENGTH) { RtlCopyMemory( Context->SessionKey, SessionKeyString.Buffer, MSV1_0_USER_SESSION_KEY_LENGTH ); }
//
// Generate the session key, or decrypt the generated random one sent to
// us by the client, from various bits of info
//
SecStatus = SsprMakeSessionKey( Context, &LmChallengeResponse, LogonProfileMessage->UserSessionKey, LogonProfileMessage->LanmanSessionKey, NULL );
if ( !NT_SUCCESS(SecStatus) ) { SspPrint(( SSP_CRITICAL, "SsprHandleAuthenticateMessage: " "SsprMakeSessionKey failed.\n" )); goto Cleanup; }
}
//
// Copy the logon domain name returned by the LSA if it is different.
// from the one the caller passed in. This may happen with temp duplicate
// accounts and local account
//
if ((LogonProfileMessage != NULL) && (LogonProfileMessage->LogonDomainName.Length != 0) && !RtlEqualUnicodeString( &Context->DomainName, &LogonProfileMessage->LogonDomainName, TRUE // case insensitive
)) { //
// erase the old domain name
//
if (Context->DomainName.Buffer != NULL) { NtLmFreePrivateHeap(Context->DomainName.Buffer); Context->DomainName.Buffer = NULL; }
SecStatus = NtLmDuplicateUnicodeString( &Context->DomainName, &LogonProfileMessage->LogonDomainName );
if (!NT_SUCCESS(SecStatus)) { goto Cleanup; }
}
//
// Allow the context to live until kickoff time.
//
SspContextSetTimeStamp( Context, KickOffTime );
//
// Return output parameters to the caller.
//
*ExpirationTime = SspContextGetTimeStamp( Context, TRUE );
//
// Return output token
//
if (fCallFromSrv) { NtLmAcceptResponse = (PNTLM_ACCEPT_RESPONSE) *OutputToken; if (NtLmAcceptResponse == NULL) { SecStatus = SEC_E_INSUFFICIENT_MEMORY; goto Cleanup; }
LUID UNALIGNED * TempLogonId = (LUID UNALIGNED *) &NtLmAcceptResponse->LogonId; *TempLogonId = LogonId; NtLmAcceptResponse->UserFlags = LogonProfileMessage->UserFlags;
RtlCopyMemory( NtLmAcceptResponse->UserSessionKey, LogonProfileMessage->UserSessionKey, MSV1_0_USER_SESSION_KEY_LENGTH );
RtlCopyMemory( NtLmAcceptResponse->LanmanSessionKey, LogonProfileMessage->LanmanSessionKey, MSV1_0_LANMAN_SESSION_KEY_LENGTH );
LARGE_INTEGER UNALIGNED *TempKickoffTime = (LARGE_INTEGER UNALIGNED *) &NtLmAcceptResponse->KickoffTime; *TempKickoffTime = LogonProfileMessage->KickOffTime;
} else { *OutputTokenSize = 0; }
//
// We don't support sign/seal options if fallback to Guest
// this is because the client and server won't have a matched session-key
// AND even if they did match (ie: blank password), the session-key
// would likely be well-known.
//
if ( Context->NegotiateFlags & NTLMSSP_NEGOTIATE_SIGN ) { *ContextAttributes |= ASC_RET_REPLAY_DETECT | ASC_RET_SEQUENCE_DETECT | ASC_RET_INTEGRITY; }
if( !fAvoidGuestAudit ) { if ( Context->NegotiateFlags & NTLMSSP_NEGOTIATE_SEAL ) { *ContextAttributes |= ASC_RET_CONFIDENTIALITY; } }
if( Context->NegotiateFlags & NTLMSSP_NEGOTIATE_IDENTIFY ) { *ContextAttributes |= ASC_RET_IDENTIFY; }
if( Context->NegotiateFlags & NTLMSSP_NEGOTIATE_DATAGRAM ) { *ContextAttributes |= ASC_RET_DATAGRAM; }
if ( ContextReqFlags & ASC_REQ_REPLAY_DETECT ) { *ContextAttributes |= ASC_RET_REPLAY_DETECT; }
if ( ContextReqFlags & ASC_REQ_SEQUENCE_DETECT ) { *ContextAttributes |= ASC_RET_SEQUENCE_DETECT; }
if ( ContextReqFlags & ASC_REQ_ALLOW_NON_USER_LOGONS ) { *ContextAttributes |= ASC_RET_ALLOW_NON_USER_LOGONS; }
SecStatus = STATUS_SUCCESS;
//
// Free and locally used resources.
//
Cleanup:
//
// Audit this logon
//
if (NT_SUCCESS(SecStatus)) {
//
// If we don't have an account name, this was a local connection
// and we didn't build a new token, so don't bother auditing.
// also, don't bother auditing logons that fellback to guest.
//
if ( (AccountName != NULL) && ((AccountName->Length != 0) || (*ContextAttributes & ASC_RET_NULL_SESSION)) && !fAvoidGuestAudit ) {
LsaFunctions->AuditLogon( STATUS_SUCCESS, STATUS_SUCCESS, AccountName, AuthenticatingAuthority, WorkstationName, AuditSid, Network, &SourceContext, &LogonId ); } } else { LsaFunctions->AuditLogon( !NT_SUCCESS(Status) ? Status : SecStatus, SubStatus, &UserName, &DomainName, &Workstation, NULL, Network, &SourceContext, &LogonId );
}
if ( Context != NULL ) {
Context->Server = TRUE; Context->LastStatus = SecStatus; Context->DownLevel = fCallFromSrv;
//
// Don't allow this context to be used again.
//
if ( NT_SUCCESS(SecStatus) ) { Context->State = AuthenticatedState;
if ( LocalTokenHandle ) { *TokenHandle = LocalTokenHandle; }
LocalTokenHandle = NULL;
RtlCopyMemory( SessionKey, Context->SessionKey, MSV1_0_USER_SESSION_KEY_LENGTH );
*NegotiateFlags = Context->NegotiateFlags;
//
// if caller wants only INTEGRITY, then wants application
// supplied sequence numbers...
//
if ((Context->ContextFlags & (ASC_REQ_INTEGRITY | ASC_REQ_REPLAY_DETECT | ASC_REQ_SEQUENCE_DETECT)) == ASC_REQ_INTEGRITY) { *NegotiateFlags |= NTLMSSP_APP_SEQ; }
} else { Context->State = IdleState; }
// If we just created this context, then we need to dereference it
// once more with feeling
if (fCallFromSrv && !NT_SUCCESS(SecStatus)) { PSSP_CONTEXT LocalContext; SspContextReferenceContext (*ContextHandle, TRUE, &LocalContext); ASSERT (LocalContext != NULL); if (LocalContext != NULL) { SspContextDereferenceContext( LocalContext ); }
} SspContextDereferenceContext( Context );
}
if ( NegotiateMessage != NULL ) { (VOID) NtLmFreePrivateHeap( NegotiateMessage ); }
if ( AuthenticateMessage != NULL ) { (VOID) NtLmFreePrivateHeap( AuthenticateMessage ); }
if ( MsvLogonMessage != NULL ) { (VOID) NtLmFreePrivateHeap( MsvLogonMessage ); }
if ( MsvSubAuthLogonMessage != NULL ) { (VOID) NtLmFreePrivateHeap( MsvSubAuthLogonMessage ); }
if ( LogonProfileMessage != NULL ) { (VOID) LsaFunctions->FreeLsaHeap( LogonProfileMessage ); }
if ( LocalTokenHandle != NULL && LocalTokenHandleOpenned ) { (VOID) NtClose( LocalTokenHandle ); }
if ( !DoUnicode ) { if ( DomainName.Buffer != NULL) { RtlFreeUnicodeString( &DomainName ); } if ( UserName.Buffer != NULL) { RtlFreeUnicodeString( &UserName ); } if ( Workstation.Buffer != NULL) { RtlFreeUnicodeString( &Workstation ); } }
if (AccountName != NULL) { if (AccountName->Buffer != NULL) { LsaFunctions->FreeLsaHeap(AccountName->Buffer); } LsaFunctions->FreeLsaHeap(AccountName); } if (AuthenticatingAuthority != NULL) { if (AuthenticatingAuthority->Buffer != NULL) { LsaFunctions->FreeLsaHeap(AuthenticatingAuthority->Buffer); } LsaFunctions->FreeLsaHeap(AuthenticatingAuthority); } if (WorkstationName != NULL) { if (WorkstationName->Buffer != NULL) { LsaFunctions->FreeLsaHeap(WorkstationName->Buffer); } LsaFunctions->FreeLsaHeap(WorkstationName); }
if ( AllocatedAuditSid ) { SafeAllocaFree( AllocatedAuditSid ); }
//
// need to free the PrimaryCredentials fields filled in by LsaApLogonUserEx2
//
if( PrimaryCredentials.DownlevelName.Buffer ) { LsaFunctions->FreeLsaHeap(PrimaryCredentials.DownlevelName.Buffer); }
if( PrimaryCredentials.DomainName.Buffer ) { LsaFunctions->FreeLsaHeap(PrimaryCredentials.DomainName.Buffer); }
if( PrimaryCredentials.UserSid ) { LsaFunctions->FreeLsaHeap(PrimaryCredentials.UserSid); }
if( PrimaryCredentials.LogonServer.Buffer ) { LsaFunctions->FreeLsaHeap(PrimaryCredentials.LogonServer.Buffer); }
//
// Set a flag telling RPC not to destroy the connection yet
//
if (!NT_SUCCESS(SecStatus)) { *ContextAttributes |= ASC_RET_THIRD_LEG_FAILED; }
SspPrint(( SSP_API_MORE, "Leaving SsprHandleAutheticateMessage: 0x%lx\n", SecStatus )); return SecStatus;}
|
