mirror of https://github.com/tongzx/nt5src
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
419 lines
9.1 KiB
419 lines
9.1 KiB
//+-----------------------------------------------------------------------
|
|
//
|
|
// Microsoft Windows
|
|
//
|
|
// Copyright (c) Microsoft Corporation 1992 - 1993
|
|
//
|
|
// File: suppcred.cxx
|
|
//
|
|
// Contents: Code to retrieve/store supplemental credentials
|
|
//
|
|
//
|
|
// History: 9/23/93 Created MikeSw
|
|
//
|
|
//------------------------------------------------------------------------
|
|
|
|
#include <lsapch.hxx>
|
|
extern "C"
|
|
{
|
|
#include "sesmgr.h" // PSession
|
|
#include "suppcred.h" // supp. cred. apis
|
|
}
|
|
|
|
|
|
typedef struct _DomainSuppCreds {
|
|
UNICODE_STRING ssUserName;
|
|
UNICODE_STRING ssDomainName;
|
|
HANDLE hClientToken;
|
|
SECPKG_SUPPLEMENTAL_CRED SupplementalCredential;
|
|
} DomainSuppCreds, *PDomainSuppCreds;
|
|
|
|
|
|
//+-------------------------------------------------------------------------
|
|
//
|
|
// Function: LsapSaveSupplementalCredentials
|
|
//
|
|
// Synopsis: Saves supplemental credentials
|
|
//
|
|
// Effects:
|
|
//
|
|
// Arguments:
|
|
//
|
|
// Requires:
|
|
//
|
|
// Returns:
|
|
//
|
|
// Notes:
|
|
//
|
|
//
|
|
//--------------------------------------------------------------------------
|
|
|
|
|
|
NTSTATUS SEC_ENTRY
|
|
LsapSaveSupplementalCredentials(
|
|
IN PLUID LogonId,
|
|
IN ULONG SupplementalCredSize,
|
|
IN PVOID SupplementalCreds,
|
|
IN BOOLEAN Synchronous
|
|
)
|
|
{
|
|
//
|
|
// obsolete by credmgr
|
|
//
|
|
|
|
return(STATUS_SUCCESS);
|
|
}
|
|
|
|
|
|
|
|
//+-------------------------------------------------------------------------
|
|
//
|
|
// Function: WLsaSaveSupplementalCredentials
|
|
//
|
|
// Synopsis: worker function to call package to set supp. creds
|
|
//
|
|
// Effects:
|
|
//
|
|
// Arguments:
|
|
//
|
|
// Requires:
|
|
//
|
|
// Returns:
|
|
//
|
|
// Notes:
|
|
//
|
|
//
|
|
//--------------------------------------------------------------------------
|
|
extern "C"
|
|
NTSTATUS
|
|
WLsaSaveSupplementalCredentials(
|
|
IN PCredHandle pCredHandle,
|
|
IN PSecBuffer pCredentials
|
|
)
|
|
{
|
|
NTSTATUS scRet;
|
|
PLSAP_SECURITY_PACKAGE pspPackage;
|
|
PSession pSession = GetCurrentSession();
|
|
|
|
|
|
//
|
|
// Make sure we can exec.
|
|
//
|
|
|
|
IsOkayToExec(0);
|
|
|
|
pspPackage = SpmpValidRequest( pCredHandle->dwLower, SP_ORDINAL_SAVECRED);
|
|
if (!pspPackage)
|
|
{
|
|
return( STATUS_INVALID_HANDLE );
|
|
}
|
|
|
|
SetCurrentPackageId(pCredHandle->dwLower);
|
|
|
|
DebugLog((DEB_TRACE,"WLsaSaveSupplementalCredentials %x,%x\n",
|
|
pCredHandle->dwUpper,pCredHandle->dwLower));
|
|
DebugLog((DEB_TRACE_VERB, "\tPackage = %ws\n", pspPackage->Name.Buffer));
|
|
|
|
__try
|
|
{
|
|
|
|
scRet = pspPackage->FunctionTable.SaveCredentials(
|
|
pCredHandle->dwUpper,
|
|
pCredentials);
|
|
}
|
|
__except (SP_EXCEPTION)
|
|
{
|
|
scRet = GetExceptionCode();
|
|
scRet = SPException(scRet, pspPackage->dwPackageID);
|
|
}
|
|
|
|
|
|
DebugLog((DEB_TRACE_VERB,"WLsaSaveSupplementalCredentials returning %x\n",scRet));
|
|
return(scRet);
|
|
}
|
|
|
|
|
|
|
|
//+-------------------------------------------------------------------------
|
|
//
|
|
// Function: WLsaGetSupplementalCredentials
|
|
//
|
|
// Synopsis: worker function to call package to get supp. credentials
|
|
//
|
|
// Effects:
|
|
//
|
|
// Arguments:
|
|
//
|
|
// Requires:
|
|
//
|
|
// Returns:
|
|
//
|
|
// Notes: allocates virtual memory in client process
|
|
//
|
|
//
|
|
//--------------------------------------------------------------------------
|
|
extern "C"
|
|
NTSTATUS
|
|
WLsaGetSupplementalCredentials(
|
|
PCredHandle pCredHandle,
|
|
PSecBuffer pCreds)
|
|
{
|
|
NTSTATUS scRet;
|
|
PLSAP_SECURITY_PACKAGE pspPackage;
|
|
PSession pSession = GetCurrentSession();
|
|
|
|
|
|
//
|
|
// Make sure we can exec.
|
|
//
|
|
|
|
IsOkayToExec(0);
|
|
|
|
pspPackage = SpmpValidRequest( pCredHandle->dwLower, SP_ORDINAL_GETCRED);
|
|
if (!pspPackage)
|
|
{
|
|
return( STATUS_INVALID_HANDLE );
|
|
}
|
|
|
|
|
|
SetCurrentPackageId(pCredHandle->dwLower);
|
|
|
|
DebugLog((DEB_TRACE,"WLsaGetSupplementalCredentials %x,%x\n",
|
|
pCredHandle->dwUpper,pCredHandle->dwLower));
|
|
DebugLog((DEB_TRACE_VERB, "\tPackage = %ws\n", pspPackage->Name.Buffer));
|
|
|
|
__try
|
|
{
|
|
|
|
scRet = pspPackage->FunctionTable.GetCredentials(
|
|
pCredHandle->dwUpper,
|
|
pCreds);
|
|
}
|
|
__except (SP_EXCEPTION)
|
|
{
|
|
scRet = GetExceptionCode();
|
|
scRet = SPException(scRet, pspPackage->dwPackageID);
|
|
}
|
|
|
|
|
|
DebugLog((DEB_TRACE_VERB,"WLsaGetSupplementalCredentials returning %x\n",scRet));
|
|
return(scRet);
|
|
}
|
|
|
|
|
|
|
|
|
|
//+-------------------------------------------------------------------------
|
|
//
|
|
// Function: WLsaDeleteSupplementalCredentials
|
|
//
|
|
// Synopsis: worker function to call package to delete credentials
|
|
//
|
|
// Effects:
|
|
//
|
|
// Arguments:
|
|
//
|
|
// Requires:
|
|
//
|
|
// Returns:
|
|
//
|
|
// Notes:
|
|
//
|
|
//
|
|
//--------------------------------------------------------------------------
|
|
extern "C"
|
|
NTSTATUS
|
|
WLsaDeleteSupplementalCredentials(
|
|
PCredHandle pCredHandle,
|
|
PSecBuffer pKey)
|
|
{
|
|
NTSTATUS scRet;
|
|
PLSAP_SECURITY_PACKAGE pspPackage;
|
|
PSession pSession = GetCurrentSession();
|
|
|
|
|
|
//
|
|
// Make sure we can exec.
|
|
//
|
|
|
|
IsOkayToExec(0);
|
|
|
|
pspPackage = SpmpValidRequest( pCredHandle->dwLower, SP_ORDINAL_DELETECRED);
|
|
if (!pspPackage)
|
|
{
|
|
return( STATUS_INVALID_HANDLE );
|
|
}
|
|
|
|
SetCurrentPackageId(pCredHandle->dwLower);
|
|
|
|
DebugLog((DEB_TRACE,"WLsaDeleteSupplementalCredentials %x,%x\n",
|
|
pCredHandle->dwUpper,pCredHandle->dwLower));
|
|
DebugLog((DEB_TRACE_VERB, "\tPackage = %ws\n", pspPackage->Name.Buffer));
|
|
|
|
__try
|
|
{
|
|
|
|
scRet = pspPackage->FunctionTable.DeleteCredentials(
|
|
pCredHandle->dwUpper,
|
|
pKey);
|
|
}
|
|
__except (SP_EXCEPTION)
|
|
{
|
|
scRet = GetExceptionCode();
|
|
scRet = SPException(scRet, pspPackage->dwPackageID);
|
|
}
|
|
|
|
|
|
DebugLog((DEB_TRACE_VERB,"WLsaDeleteSupplementalCredentials returning %x\n",scRet));
|
|
return(scRet);
|
|
}
|
|
|
|
|
|
|
|
//+-------------------------------------------------------------------------
|
|
//
|
|
// Function: FreeSupplementalCredentials
|
|
//
|
|
// Synopsis: frees supplemental credentials
|
|
//
|
|
// Effects:
|
|
//
|
|
// Arguments:
|
|
//
|
|
// Requires:
|
|
//
|
|
// Returns:
|
|
//
|
|
// Notes:
|
|
//
|
|
//
|
|
//--------------------------------------------------------------------------
|
|
void
|
|
LsapFreeSupplementalCredentials(
|
|
IN ULONG CredentialCount,
|
|
IN PSECPKG_SUPPLEMENTAL_CRED pCredArray
|
|
)
|
|
{
|
|
ULONG cIndex;
|
|
|
|
if ((pCredArray == NULL) || (CredentialCount == 0))
|
|
{
|
|
return;
|
|
}
|
|
for (cIndex = 0; cIndex < CredentialCount ; cIndex++)
|
|
{
|
|
if (pCredArray[cIndex].PackageName.Buffer != NULL)
|
|
{
|
|
LsapFreeLsaHeap(pCredArray[cIndex].PackageName.Buffer);
|
|
}
|
|
if (pCredArray[cIndex].Credentials != NULL)
|
|
{
|
|
LsapFreeLsaHeap(pCredArray[cIndex].Credentials);
|
|
}
|
|
}
|
|
LsapFreeLsaHeap(pCredArray);
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
//+-------------------------------------------------------------------------
|
|
//
|
|
// Function: ReformatSupplementalCredentials
|
|
//
|
|
// Synopsis: Takes a an array of SupplementalCred structures and
|
|
// converts it to the CREDENTIAL** used by WLsaLogonUser.
|
|
//
|
|
//
|
|
// Effects:
|
|
//
|
|
// Arguments:
|
|
//
|
|
// Requires:
|
|
//
|
|
// Returns:
|
|
//
|
|
// Notes:
|
|
//
|
|
//
|
|
//--------------------------------------------------------------------------
|
|
|
|
|
|
NTSTATUS
|
|
LsapReformatSupplementalCredentials(
|
|
IN ULONG cSupplementalCreds,
|
|
IN PSECPKG_SUPPLEMENTAL_CRED pSupplementalCreds,
|
|
OUT PULONG CredentialCount,
|
|
OUT PSECPKG_SUPPLEMENTAL_CRED * Credentials
|
|
)
|
|
{
|
|
|
|
|
|
NTSTATUS scRet;
|
|
ULONG cIndex;
|
|
ULONG cCredIndex;
|
|
PLSAP_SECURITY_PACKAGE pPackage;
|
|
PSECPKG_SUPPLEMENTAL_CRED TempSuppCreds = NULL;
|
|
|
|
TempSuppCreds = (PSECPKG_SUPPLEMENTAL_CRED) LsapAllocateLsaHeap(
|
|
sizeof(SECPKG_SUPPLEMENTAL_CRED) * lsState.cPackages);
|
|
if (TempSuppCreds == NULL)
|
|
{
|
|
scRet = STATUS_INSUFFICIENT_RESOURCES;
|
|
goto Cleanup;
|
|
}
|
|
|
|
RtlZeroMemory(
|
|
TempSuppCreds,
|
|
sizeof(SECPKG_SUPPLEMENTAL_CRED) * lsState.cPackages
|
|
);
|
|
|
|
|
|
//
|
|
// Scan through the packages looking for matching credentials
|
|
//
|
|
|
|
pPackage = SpmpIteratePackages( NULL );
|
|
|
|
while (pPackage)
|
|
{
|
|
cIndex = pPackage->dwPackageID;
|
|
|
|
|
|
|
|
//
|
|
// Scan through the credentials looking for the one matching
|
|
// the package name
|
|
//
|
|
|
|
for (cCredIndex = 0; cCredIndex < cSupplementalCreds ; cCredIndex++ )
|
|
{
|
|
if ( RtlCompareUnicodeString(
|
|
&pPackage->Name,
|
|
&pSupplementalCreds[cCredIndex].PackageName,
|
|
TRUE // CaseInsensitive
|
|
) == 0 )
|
|
{
|
|
DebugLog((DEB_TRACE_CRED, "Read credentials for packages %wZ\n",
|
|
&pPackage->Name));
|
|
TempSuppCreds[cIndex] = pSupplementalCreds[cCredIndex];
|
|
}
|
|
|
|
}
|
|
|
|
pPackage = SpmpIteratePackages( pPackage );
|
|
|
|
}
|
|
|
|
*Credentials = TempSuppCreds;
|
|
*CredentialCount = lsState.cPackages;
|
|
|
|
scRet = STATUS_SUCCESS;
|
|
|
|
Cleanup:
|
|
|
|
|
|
return(scRet);
|
|
}
|
|
|