archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7 Commits
1 Branch
0 Tags
2.0 GiB
Tree: 9769ad7c3d
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '9769ad7c3d'
${ noResults }
windows-xp/Source/XPSP1/NT/net/ias/providers/ntuser/dll/samutil.cpp

198 lines
4.7 KiB
Raw Normal View History

Add source files
4 years ago
  1. ///////////////////////////////////////////////////////////////////////////////
  2. //
  3. // Copyright (c) 1998, Microsoft Corp. All rights reserved.
  4. //
  5. // FILE
  6. //
  7. // samutil.cpp
  8. //
  9. // SYNOPSIS
  10. //
  11. // Defines the functions IASEncryptAttribute & IASProcessFailure.
  12. //
  13. // MODIFICATION HISTORY
  14. //
  15. // 08/24/1998 Original version.
  16. // 02/13/1999 Check for VSAs in IASEncryptAttribute.
  17. // 03/23/1999 Added IASStoreFQUserName.
  18. // 05/04/1999 New reason codes.
  19. // 05/11/1999 Fix RADIUS encryption.
  20. // 07/09/1999 IAS_ATTRIBUTE_FULLY_QUALIFIED_USER_NAME is internal.
  21. // 10/21/1999 Add support for IAS_NO_CLEARTEXT_PASSWORD.
  22. //
  23. ///////////////////////////////////////////////////////////////////////////////
  25. #include <ias.h>
  26. #include <lm.h>
  27. #include <ntdsapi.h>
  28. #include <sdoias.h>
  30. #include <samutil.h>
  32. HRESULT
  33. WINAPI
  34. IASStoreFQUserName(
  35. IAttributesRaw* request,
  36. DS_NAME_FORMAT format,
  37. PCWSTR fqdn
  38. ) throw ()
  39. {
  40. // Check the arguments.
  41. if (!request || !fqdn) { return E_POINTER; }
  43. // Convert DN's to canonical names.
  44. PDS_NAME_RESULTW result = NULL;
  45. if (format == DS_FQDN_1779_NAME)
  46. {
  47. DWORD err = DsCrackNamesW(
  48. NULL,
  49. DS_NAME_FLAG_SYNTACTICAL_ONLY,
  50. format,
  51. DS_CANONICAL_NAME,
  52. 1,
  53. &fqdn,
  54. &result
  55. );
  56. if (err == NO_ERROR &&
  57. result->cItems == 1 &&
  58. result->rItems[0].status == DS_NAME_NO_ERROR)
  59. {
  60. fqdn = result->rItems[0].pName;
  61. }
  62. }
  64. HRESULT hr;
  66. // Allocate an attribute.
  67. PIASATTRIBUTE attr;
  68. if (IASAttributeAlloc(1, &attr) == NO_ERROR)
  69. {
  70. // Allocate memory for the string.
  71. ULONG nbyte = (wcslen(fqdn) + 1) * sizeof(WCHAR);
  72. attr->Value.String.pszWide = (PWSTR)CoTaskMemAlloc(nbyte);
  74. if (attr->Value.String.pszWide)
  75. {
  76. // Copy in the value.
  77. memcpy(attr->Value.String.pszWide, fqdn, nbyte);
  78. attr->Value.String.pszAnsi = NULL;
  80. // Set the other fields of the struct.
  81. attr->Value.itType = IASTYPE_STRING;
  82. attr->dwId = IAS_ATTRIBUTE_FULLY_QUALIFIED_USER_NAME;
  84. // Remove any existing attributes of this type.
  85. request->RemoveAttributesByType(1, &attr->dwId);
  87. // Store the attribute in the request.
  88. ATTRIBUTEPOSITION pos = { 0, attr };
  89. hr = request->AddAttributes(1, &pos);
  90. }
  91. else
  92. {
  93. // CoTaskMemAlloc failed.
  94. hr = E_OUTOFMEMORY;
  95. }
  97. // Free up the attribute.
  98. IASAttributeRelease(attr);
  99. }
  100. else
  101. {
  102. // IASAttributeAlloc failed.
  103. hr = E_OUTOFMEMORY;
  104. }
  106. DsFreeNameResult(result);
  108. return hr;
  109. }
  111. VOID
  112. WINAPI
  113. IASEncryptBuffer(
  114. IAttributesRaw* request,
  115. BOOL salted,
  116. PBYTE buf,
  117. ULONG buflen
  118. ) throw ()
  119. {
  120. /////////
  121. // Do we have the attributes required for encryption.
  122. /////////
  124. PIASATTRIBUTE secret, header;
  126. secret = IASPeekAttribute(
  127. request,
  128. IAS_ATTRIBUTE_SHARED_SECRET,
  129. IASTYPE_OCTET_STRING
  130. );
  132. header = IASPeekAttribute(
  133. request,
  134. IAS_ATTRIBUTE_CLIENT_PACKET_HEADER,
  135. IASTYPE_OCTET_STRING
  136. );
  138. if (secret && header)
  139. {
  140. IASRadiusCrypt(
  141. TRUE,
  142. salted,
  143. secret->Value.OctetString.lpValue,
  144. secret->Value.OctetString.dwLength,
  145. header->Value.OctetString.lpValue + 4,
  146. buf,
  147. buflen
  148. );
  149. }
  150. }
  152. IASREQUESTSTATUS
  153. WINAPI
  154. IASProcessFailure(
  155. IRequest* pRequest,
  156. HRESULT hrError
  157. )
  158. {
  159. if (pRequest == NULL) { return IAS_REQUEST_STATUS_ABORT; }
  160. if (hrError == S_OK) { hrError = E_FAIL; }
  162. IASRESPONSE response;
  163. IASREQUESTSTATUS status;
  165. switch (hrError)
  166. {
  167. // Errors which cause a reject.
  168. case IAS_NO_SUCH_DOMAIN:
  169. case IAS_NO_SUCH_USER:
  170. case IAS_AUTH_FAILURE:
  171. case IAS_CHANGE_PASSWORD_FAILURE:
  172. case IAS_UNSUPPORTED_AUTH_TYPE:
  173. case IAS_NO_CLEARTEXT_PASSWORD:
  174. case IAS_LM_NOT_ALLOWED:
  175. case IAS_LOCAL_USERS_ONLY:
  176. case IAS_PASSWORD_MUST_CHANGE:
  177. case IAS_ACCOUNT_DISABLED:
  178. case IAS_ACCOUNT_EXPIRED:
  179. case IAS_ACCOUNT_LOCKED_OUT:
  180. case IAS_INVALID_LOGON_HOURS:
  181. case IAS_ACCOUNT_RESTRICTION:
  182. {
  183. response = IAS_RESPONSE_ACCESS_REJECT;
  184. status = IAS_REQUEST_STATUS_HANDLED;
  185. break;
  186. }
  188. // Everything else we discard.
  189. default:
  190. {
  191. response = IAS_RESPONSE_DISCARD_PACKET;
  192. status = IAS_REQUEST_STATUS_ABORT;
  193. }
  194. }
  196. HRESULT hr = pRequest->SetResponse(response, hrError);
  197. return (FAILED(hr)) ? IAS_REQUEST_STATUS_ABORT : status;
  198. }