mirror of https://github.com/tongzx/nt5src
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
421 lines
11 KiB
421 lines
11 KiB
#include <stdio.h>
|
|
#include <windows.h>
|
|
#include <winver.h>
|
|
#include <tchar.h>
|
|
#include <ole2.h>
|
|
#include <shlobj.h>
|
|
|
|
#include <winnt.h>
|
|
#include <subauth.h>
|
|
|
|
#include <lmaccess.h>
|
|
#include <lmserver.h>
|
|
#include <lmapibuf.h>
|
|
#include <lmerr.h>
|
|
|
|
#include <basetsd.h>
|
|
|
|
#define SECURITY_WIN32
|
|
#define ISSP_LEVEL 32
|
|
#define ISSP_MODE 1
|
|
#include <sspi.h>
|
|
|
|
#include "other.h"
|
|
|
|
//#ifdef UNICODE
|
|
BOOL ValidatePassword(IN LPCWSTR UserName,IN LPCWSTR Domain,IN LPCWSTR Password)
|
|
/*++
|
|
|
|
Routine Description:
|
|
|
|
Uses SSPI to validate the specified password
|
|
|
|
Arguments:
|
|
|
|
UserName - Supplies the user name
|
|
|
|
Domain - Supplies the user's domain
|
|
|
|
Password - Supplies the password
|
|
|
|
Return Value:
|
|
|
|
TRUE if the password is valid.
|
|
|
|
FALSE otherwise.
|
|
|
|
--*/
|
|
{
|
|
SECURITY_STATUS SecStatus;
|
|
SECURITY_STATUS AcceptStatus;
|
|
SECURITY_STATUS InitStatus;
|
|
CredHandle ClientCredHandle;
|
|
CredHandle ServerCredHandle;
|
|
BOOL ClientCredAllocated = FALSE;
|
|
BOOL ServerCredAllocated = FALSE;
|
|
CtxtHandle ClientContextHandle;
|
|
CtxtHandle ServerContextHandle;
|
|
TimeStamp Lifetime;
|
|
ULONG ContextAttributes;
|
|
PSecPkgInfo PackageInfo = NULL;
|
|
ULONG ClientFlags;
|
|
ULONG ServerFlags;
|
|
TCHAR TargetName[100];
|
|
SEC_WINNT_AUTH_IDENTITY_W AuthIdentity;
|
|
BOOL Validated = FALSE;
|
|
|
|
SecBufferDesc NegotiateDesc;
|
|
SecBuffer NegotiateBuffer;
|
|
|
|
SecBufferDesc ChallengeDesc;
|
|
SecBuffer ChallengeBuffer;
|
|
|
|
SecBufferDesc AuthenticateDesc;
|
|
SecBuffer AuthenticateBuffer;
|
|
|
|
AuthIdentity.User = (LPWSTR)UserName;
|
|
AuthIdentity.UserLength = lstrlenW(UserName);
|
|
AuthIdentity.Domain = (LPWSTR)Domain;
|
|
AuthIdentity.DomainLength = lstrlenW(Domain);
|
|
AuthIdentity.Password = (LPWSTR)Password;
|
|
AuthIdentity.PasswordLength = lstrlenW(Password);
|
|
AuthIdentity.Flags = SEC_WINNT_AUTH_IDENTITY_UNICODE;
|
|
|
|
NegotiateBuffer.pvBuffer = NULL;
|
|
ChallengeBuffer.pvBuffer = NULL;
|
|
AuthenticateBuffer.pvBuffer = NULL;
|
|
|
|
//
|
|
// Get info about the security packages.
|
|
//
|
|
|
|
SecStatus = QuerySecurityPackageInfo( _T("NTLM"), &PackageInfo );
|
|
|
|
if ( SecStatus != STATUS_SUCCESS ) {
|
|
goto error_exit;
|
|
}
|
|
|
|
//
|
|
// Acquire a credential handle for the server side
|
|
//
|
|
SecStatus = AcquireCredentialsHandle(
|
|
NULL,
|
|
_T("NTLM"),
|
|
SECPKG_CRED_INBOUND,
|
|
NULL,
|
|
&AuthIdentity,
|
|
NULL,
|
|
NULL,
|
|
&ServerCredHandle,
|
|
&Lifetime );
|
|
|
|
if ( SecStatus != STATUS_SUCCESS ) {
|
|
goto error_exit;
|
|
}
|
|
ServerCredAllocated = TRUE;
|
|
|
|
//
|
|
// Acquire a credential handle for the client side
|
|
//
|
|
|
|
SecStatus = AcquireCredentialsHandle(
|
|
NULL, // New principal
|
|
_T("NTLM"),
|
|
SECPKG_CRED_OUTBOUND,
|
|
NULL,
|
|
&AuthIdentity,
|
|
NULL,
|
|
NULL,
|
|
&ClientCredHandle,
|
|
&Lifetime );
|
|
|
|
if ( SecStatus != STATUS_SUCCESS ) {
|
|
goto error_exit;
|
|
}
|
|
ClientCredAllocated = TRUE;
|
|
|
|
//
|
|
// Get the NegotiateMessage (ClientSide)
|
|
//
|
|
|
|
NegotiateDesc.ulVersion = 0;
|
|
NegotiateDesc.cBuffers = 1;
|
|
NegotiateDesc.pBuffers = &NegotiateBuffer;
|
|
|
|
NegotiateBuffer.cbBuffer = PackageInfo->cbMaxToken;
|
|
NegotiateBuffer.BufferType = SECBUFFER_TOKEN;
|
|
NegotiateBuffer.pvBuffer = LocalAlloc( 0, NegotiateBuffer.cbBuffer );
|
|
if ( NegotiateBuffer.pvBuffer == NULL ) {
|
|
goto error_exit;
|
|
}
|
|
|
|
ClientFlags = ISC_REQ_MUTUAL_AUTH | ISC_REQ_REPLAY_DETECT;
|
|
|
|
InitStatus = InitializeSecurityContext(
|
|
&ClientCredHandle,
|
|
NULL, // No Client context yet
|
|
NULL,
|
|
ClientFlags,
|
|
0, // Reserved 1
|
|
SECURITY_NATIVE_DREP,
|
|
NULL, // No initial input token
|
|
0, // Reserved 2
|
|
&ClientContextHandle,
|
|
&NegotiateDesc,
|
|
&ContextAttributes,
|
|
&Lifetime );
|
|
|
|
if ( !NT_SUCCESS(InitStatus) ) {
|
|
goto error_exit;
|
|
}
|
|
|
|
//
|
|
// Get the ChallengeMessage (ServerSide)
|
|
//
|
|
|
|
NegotiateBuffer.BufferType |= SECBUFFER_READONLY;
|
|
ChallengeDesc.ulVersion = 0;
|
|
ChallengeDesc.cBuffers = 1;
|
|
ChallengeDesc.pBuffers = &ChallengeBuffer;
|
|
|
|
ChallengeBuffer.cbBuffer = PackageInfo->cbMaxToken;
|
|
ChallengeBuffer.BufferType = SECBUFFER_TOKEN;
|
|
ChallengeBuffer.pvBuffer = LocalAlloc( 0, ChallengeBuffer.cbBuffer );
|
|
if ( ChallengeBuffer.pvBuffer == NULL ) {
|
|
goto error_exit;
|
|
}
|
|
ServerFlags = ASC_REQ_EXTENDED_ERROR;
|
|
|
|
AcceptStatus = AcceptSecurityContext(
|
|
&ServerCredHandle,
|
|
NULL, // No Server context yet
|
|
&NegotiateDesc,
|
|
ServerFlags,
|
|
SECURITY_NATIVE_DREP,
|
|
&ServerContextHandle,
|
|
&ChallengeDesc,
|
|
&ContextAttributes,
|
|
&Lifetime );
|
|
|
|
if ( !NT_SUCCESS(AcceptStatus) ) {
|
|
goto error_exit;
|
|
}
|
|
|
|
if (InitStatus != STATUS_SUCCESS)
|
|
{
|
|
|
|
//
|
|
// Get the AuthenticateMessage (ClientSide)
|
|
//
|
|
|
|
ChallengeBuffer.BufferType |= SECBUFFER_READONLY;
|
|
AuthenticateDesc.ulVersion = 0;
|
|
AuthenticateDesc.cBuffers = 1;
|
|
AuthenticateDesc.pBuffers = &AuthenticateBuffer;
|
|
|
|
AuthenticateBuffer.cbBuffer = PackageInfo->cbMaxToken;
|
|
AuthenticateBuffer.BufferType = SECBUFFER_TOKEN;
|
|
AuthenticateBuffer.pvBuffer = LocalAlloc( 0, AuthenticateBuffer.cbBuffer );
|
|
if ( AuthenticateBuffer.pvBuffer == NULL ) {
|
|
goto error_exit;
|
|
}
|
|
|
|
SecStatus = InitializeSecurityContext(
|
|
NULL,
|
|
&ClientContextHandle,
|
|
TargetName,
|
|
0,
|
|
0, // Reserved 1
|
|
SECURITY_NATIVE_DREP,
|
|
&ChallengeDesc,
|
|
0, // Reserved 2
|
|
&ClientContextHandle,
|
|
&AuthenticateDesc,
|
|
&ContextAttributes,
|
|
&Lifetime );
|
|
|
|
if ( !NT_SUCCESS(SecStatus) ) {
|
|
goto error_exit;
|
|
}
|
|
|
|
if (AcceptStatus != STATUS_SUCCESS) {
|
|
|
|
//
|
|
// Finally authenticate the user (ServerSide)
|
|
//
|
|
|
|
AuthenticateBuffer.BufferType |= SECBUFFER_READONLY;
|
|
|
|
SecStatus = AcceptSecurityContext(
|
|
NULL,
|
|
&ServerContextHandle,
|
|
&AuthenticateDesc,
|
|
ServerFlags,
|
|
SECURITY_NATIVE_DREP,
|
|
&ServerContextHandle,
|
|
NULL,
|
|
&ContextAttributes,
|
|
&Lifetime );
|
|
|
|
if ( !NT_SUCCESS(SecStatus) ) {
|
|
goto error_exit;
|
|
}
|
|
Validated = TRUE;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
error_exit:
|
|
if (ServerCredAllocated) {
|
|
FreeCredentialsHandle( &ServerCredHandle );
|
|
}
|
|
if (ClientCredAllocated) {
|
|
FreeCredentialsHandle( &ClientCredHandle );
|
|
}
|
|
|
|
//
|
|
// Final Cleanup
|
|
//
|
|
|
|
if ( NegotiateBuffer.pvBuffer != NULL ) {
|
|
(VOID) LocalFree( NegotiateBuffer.pvBuffer );
|
|
}
|
|
|
|
if ( ChallengeBuffer.pvBuffer != NULL ) {
|
|
(VOID) LocalFree( ChallengeBuffer.pvBuffer );
|
|
}
|
|
|
|
if ( AuthenticateBuffer.pvBuffer != NULL ) {
|
|
(VOID) LocalFree( AuthenticateBuffer.pvBuffer );
|
|
}
|
|
return(Validated);
|
|
}
|
|
//#endif
|
|
|
|
BOOL IsUserExist(LPWSTR strUsername)
|
|
{
|
|
BYTE *pBuffer;
|
|
INT err = NERR_Success;
|
|
|
|
do
|
|
{
|
|
const unsigned short *pMachineName = NULL;
|
|
|
|
// make sure we are not backup docmain first
|
|
if (( err = NetServerGetInfo( NULL, 101, &pBuffer )) != NERR_Success )
|
|
{
|
|
printf("NetServerGetInfo:failed.Do not call this on PDC or BDC takes too long.This must be a PDC or BDC.");
|
|
break;
|
|
}
|
|
|
|
//
|
|
// Check if domain controller or backup domain controller
|
|
//
|
|
LPSERVER_INFO_101 pInfo = (LPSERVER_INFO_101)pBuffer;
|
|
if (( pInfo->sv101_type & SV_TYPE_DOMAIN_BAKCTRL ) != 0 )
|
|
{
|
|
printf("Backupdomaincontroller.NetGetDCName.start.");
|
|
NetGetDCName( NULL, NULL, (LPBYTE*)&pMachineName );
|
|
printf((char*) pMachineName);
|
|
printf("NetGetDCName.end.");
|
|
}
|
|
else
|
|
{
|
|
if (( pInfo->sv101_type & SV_TYPE_DOMAIN_CTRL ) != 0 )
|
|
{
|
|
printf("Domaincontroller.NetGetDCName.start.");
|
|
NetGetDCName( NULL, NULL, (LPBYTE*)&pMachineName );
|
|
printf((char*) pMachineName);
|
|
printf("NetGetDCName.end.");
|
|
}
|
|
}
|
|
|
|
NetApiBufferFree( pBuffer );
|
|
|
|
// old for testing
|
|
/*
|
|
char buf[ CNLEN + 10 ];
|
|
DWORD dwLen = CNLEN + 10;
|
|
if ( GetComputerName( buf, &dwLen ))
|
|
{
|
|
printf((char*) buf);
|
|
pMachineName = (const unsigned short *) buf;
|
|
printf((char*) buf);
|
|
}
|
|
*/
|
|
|
|
if (pMachineName)
|
|
{
|
|
printf("MachineName="); printf((char*) pMachineName);
|
|
printf("Username="); //printf((char*) strUsername);
|
|
}
|
|
else
|
|
{
|
|
printf("MachineName=(null)");
|
|
printf("Username="); //printf((char*) strUsername);
|
|
}
|
|
|
|
printf("\n");
|
|
err = NetUserGetInfo( pMachineName, strUsername, 3, &pBuffer );
|
|
char szTheError[255];
|
|
sprintf(szTheError, "TheErrCode=0x%x\n",err);
|
|
printf(szTheError);
|
|
if (err == ERROR_ACCESS_DENIED)
|
|
{
|
|
printf("ERROR_ACCESS_DENIED.The user does not have access to the requested information. \n");
|
|
printf("\n");
|
|
}
|
|
if (err == NERR_InvalidComputer)
|
|
{
|
|
printf("ERROR_ACCESS_DENIED.The computer name is invalid.\n");
|
|
printf("\n");
|
|
}
|
|
if (err == NERR_UserNotFound)
|
|
{
|
|
printf("NERR_UserNotFound.The user name could not be found.\n");
|
|
printf("\n");
|
|
}
|
|
|
|
//if (pMachineName){iisDebugOut((_T("NetUserGetInfo:[%s\\%s].End.Ret=0x%x.\n"),pMachineName,strUsername,err));}
|
|
//else{iisDebugOut((_T("NetUserGetInfo:[(null)\\%s].End.\n"),strUsername));}
|
|
|
|
if ( err == NERR_Success ){NetApiBufferFree( pBuffer );}
|
|
if ( pMachineName != NULL ){NetApiBufferFree( (void*) pMachineName );}
|
|
|
|
} while (FALSE);
|
|
|
|
if (err == NERR_Success )
|
|
{
|
|
return TRUE;
|
|
}
|
|
else
|
|
{
|
|
return FALSE;
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
void DoStuff99(LPCTSTR lpUserName)
|
|
{
|
|
//printf("DoStuff99.Start.\n");
|
|
WCHAR wchUsername[UNLEN+1];
|
|
|
|
MultiByteToWideChar(CP_ACP, 0, (LPCSTR)lpUserName, -1, (LPWSTR)wchUsername, UNLEN);
|
|
|
|
//if (TRUE == IsUserExist((const unsigned short *) lpUserName))
|
|
if (TRUE == IsUserExist(wchUsername))
|
|
{
|
|
printf("IsUserExist.TRUE.\n");
|
|
}
|
|
else
|
|
{
|
|
printf("IsUserExist.FAILED.\n");
|
|
}
|
|
|
|
//printf("DoStuff99.End.\n");
|
|
return;
|
|
}
|
|
|