Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

1375 lines
36 KiB

/*
Copyright (c) 1992 Microsoft Corporation
Module Name:
fsp_srv.c
Abstract:
This module contains the entry points for the AFP server APIs queued to
the FSP. These are all callable from FSP Only.
Author:
Jameel Hyder (microsoft!jameelh)
Revision History:
25 Apr 1992 Initial Version
Notes: Tab stop: 4
--*/
#define FILENUM FILE_FSP_SRV
#include <afp.h>
#include <gendisp.h>
#include <client.h>
#include <scavengr.h>
#include <secutil.h>
LOCAL BOOLEAN
afpGetUserNameAndPwdOrWSName(
IN PANSI_STRING Block,
IN BOOLEAN Password,
OUT PUNICODE_STRING pUserName,
OUT PUNICODE_STRING pDomainName,
OUT PVOID pParm
);
LOCAL BOOLEAN
afpGetNameAndDomain(
IN PANSI_STRING pDomainNUser,
OUT PUNICODE_STRING pUserName,
OUT PUNICODE_STRING pDomainName
);
#ifdef ALLOC_PRAGMA
#pragma alloc_text( PAGE, AfpFspDispLogin)
#pragma alloc_text( PAGE, AfpFspDispLoginCont)
#pragma alloc_text( PAGE, AfpFspDispLogout)
#pragma alloc_text( PAGE, AfpFspDispChangePassword)
#pragma alloc_text( PAGE, AfpFspDispMapName)
#pragma alloc_text( PAGE, AfpFspDispMapId)
#pragma alloc_text( PAGE, AfpFspDispGetUserInfo)
#pragma alloc_text( PAGE, afpGetUserNameAndPwdOrWSName)
#pragma alloc_text( PAGE, afpGetNameAndDomain)
#endif
/*** AfpFspDispLogin
*
* This is the worker routine for the AfpLogin API.
*
* The request packet is represented below.
*
* sda_Name1 ANSI_STRING AFP Version
* sda_Name2 ANSI_STRING UAM String
* sda_Name3 BLOCK Depends on the UAM used
* NO_USER_AUTHENT Not used
* CLEAR_TEXT_AUTHENT User Name & Password string
* CUSTOM_UAM User Name & Machine Name
* Both the ClearText and the Custom UAM case are treated identically
* except for validation.
*
* LOCKS: sda_Lock (SPIN)
*/
AFPSTATUS FASTCALL
AfpFspDispLogin(
IN PSDA pSda
)
{
LONG i;
ANSI_STRING UserPasswd;
AFPSTATUS Status = AFP_ERR_NONE;
IPADDRESS IpAddress;
struct _AppleUamRespPacket
{
BYTE _LogonId[2];
BYTE _ChallengeToClient[1];
};
struct _AppleUamRespPacket *pAppleUamRespPacket;
struct _ResponsePacket
{
BYTE _ChallengeToClient[MSV1_0_CHALLENGE_LENGTH];
BYTE _TranslationTable[1];
};
PAGED_CODE( );
DBGPRINT(DBG_COMP_AFPAPI_SRV, DBG_LEVEL_INFO,
("AfpFspDispLogin: Entered\n"));
UserPasswd.Length = 0;
UserPasswd.MaximumLength = 0;
UserPasswd.Buffer = NULL;
AfpSetEmptyAnsiString(&UserPasswd, 0, NULL);
do
{
// First validate whether the call is allowed at this time. If a user
// is either already logged on OR if we are awaiting a response after
// a challenge has already been given, then this goes no further.
if ((pSda->sda_Flags & SDA_LOGIN_MASK) != SDA_USER_NOT_LOGGEDIN)
{
Status = AFP_ERR_MISC;
break;
}
// Validate the AFP Version
for (i = 0; i < AFP_NUM_VERSIONS; i++)
{
if (RtlEqualString(&pSda->sda_Name1, &AfpVersions[i], True))
{
pSda->sda_ClientVersion = (BYTE)i;
break;
}
}
if (i == AFP_NUM_VERSIONS)
{
Status = AFP_ERR_BAD_VERSION;
break;
}
#if DBG
if (pSda->sda_Flags & SDA_SESSION_OVER_TCP)
{
PTCPCONN pTcpConn;
pTcpConn = (PTCPCONN)(pSda->sda_SessHandle);
IpAddress = pTcpConn->con_DestIpAddr;
DBGPRINT(DBG_COMP_STACKIF, DBG_LEVEL_WARN,
("AFP/TCP: Mac client version 2.%d (%d.%d.%d.%d) connected (%lx)\n",
pTcpConn->con_pSda->sda_ClientVersion,(IpAddress>>24)&0xFF,
(IpAddress>>16)&0xFF,(IpAddress>>8)&0xFF,IpAddress&0xFF,pTcpConn));
}
else if (pSda->sda_ClientVersion >= AFP_VER_22)
{
DBGPRINT(DBG_COMP_STACKIF, DBG_LEVEL_WARN,
("AFP/Appletalk: Mac client version 2.%d connected\n",
pSda->sda_ClientVersion));
}
#endif
// Validate the UAM string
for (i = 0; i < AFP_NUM_UAMS; i++)
{
if (RtlEqualString(&pSda->sda_Name2, &AfpUamStrings[i], True))
{
pSda->sda_ClientType = (BYTE)i;
break;
}
}
if (i == AFP_NUM_UAMS)
{
DBGPRINT(DBG_COMP_STACKIF, DBG_LEVEL_ERR,
("AfpFspDispLogin: unknown UAM, ignoring!\n"));
Status = AFP_ERR_BAD_UAM;
break;
}
// All seems OK so far. Handle the simple GUEST logon case first.
pSda->sda_DomainName.Length = 0;
pSda->sda_DomainName.Buffer = NULL;
if (pSda->sda_ClientType == SDA_CLIENT_GUEST)
{
if (!(AfpServerOptions & AFP_SRVROPT_GUESTLOGONALLOWED))
{
Status = AFP_ERR_BAD_UAM;
break;
}
// Lookup the current Guest account name
if (1)
{
ULONG64 TempBuffer[16];
PSID GuestSid;
ULONG NameSize;
ULONG DomainSize;
UNICODE_STRING Name;
SID_NAME_USE NameUse;
WCHAR NameString[UNLEN+1];
SID_IDENTIFIER_AUTHORITY NtAuthority = SECURITY_NT_AUTHORITY;
NTSTATUS TempStatus = STATUS_SUCCESS;
GuestSid = (PSID)TempBuffer;
RtlInitializeSid (
GuestSid,
&NtAuthority,
2
);
*(RtlSubAuthoritySid (GuestSid, 0)) = SECURITY_BUILTIN_DOMAIN_RID;
*(RtlSubAuthoritySid (GuestSid, 1)) = DOMAIN_USER_RID_GUEST;
Name.Buffer = NameString;
Name.Length = sizeof (NameString);
Name.MaximumLength = Name.Length;
TempStatus = SecLookupAccountSid (
GuestSid,
&NameSize,
&Name,
&DomainSize,
NULL,
&NameUse
);
if (TempStatus != STATUS_SUCCESS)
{
DBGPRINT(DBG_COMP_STACKIF, DBG_LEVEL_ERR,
("AfpFspDispLogin: SecLookupAccountSid failed with error %ld\n",
TempStatus));
Status = AFP_ERR_MISC;
break;
}
DBGPRINT(DBG_COMP_STACKIF, DBG_LEVEL_ERR,
("AfpFspDispLogin: SecLookupAccountSid returned GuestName = %Z, Guestname Size = %d\n",
&Name, Name.Length));
if ((pSda->sda_UserName.Buffer =
(PWSTR)AfpAllocNonPagedMemory(Name.Length)) == NULL)
{
Status = AFP_ERR_MISC;
break;
}
memcpy ((BYTE *)(pSda->sda_UserName.Buffer), (BYTE *)Name.Buffer,
Name.Length);
pSda->sda_UserName.Length = Name.Length;
pSda->sda_UserName.MaximumLength = Name.Length;
}
// Consider the guest as a cleartext client from this point on
// with NULL password
pSda->sda_ClientType = SDA_CLIENT_CLEARTEXT;
Status = AfpLogonUser(pSda, &UserPasswd);
break;
}
// Take apart the sda_Name3 block. The block looks as follows. We have
// already eliminated the possibility of a GUEST login.
// 1. ClearText/Custom UAM PASCALSTR - UserName (+DomainName)
// 2. ClearText PASCALSTR - Password
// Custom UAM PASCALSTR - MachineName
if (pSda->sda_ClientType == SDA_CLIENT_CLEARTEXT)
{
if (!(AfpServerOptions & AFP_SRVROPT_CLEARTEXTLOGONALLOWED))
{
Status = AFP_ERR_BAD_UAM;
break;
}
}
if (!afpGetUserNameAndPwdOrWSName(&pSda->sda_Name3,
(BOOLEAN)(pSda->sda_ClientType == SDA_CLIENT_CLEARTEXT),
&pSda->sda_UserName,
&pSda->sda_DomainName,
(pSda->sda_ClientType == SDA_CLIENT_CLEARTEXT) ?
(PVOID)&UserPasswd : (PVOID)&pSda->sda_WSName))
{
DBGPRINT(DBG_COMP_SECURITY, DBG_LEVEL_ERR,
("AfpFspDispLogin: afpGetUserNameAndPwdOrWSName failed\n"));
Status = AFP_ERR_USER_NOT_AUTH;
break;
}
// Attempt to logon user for Cleartext case
if (pSda->sda_ClientType == SDA_CLIENT_CLEARTEXT)
{
// The user password as we have it is potentially padded with nulls
// if it is less than 8 chars. Get the length right
UserPasswd.Length = strlen(UserPasswd.Buffer) + 1;
Status = AfpLogonUser(pSda, &UserPasswd);
// Free the buffer for the password
AfpFreeMemory(UserPasswd.Buffer);
break;
}
else
{
// Using the custom UAM, ship the challenge token
pSda->sda_ReplySize = MSV1_0_CHALLENGE_LENGTH;
// is this MS-UAM client? if so, need room for translation table
if ((pSda->sda_ClientType == SDA_CLIENT_MSUAM_V1) ||
(pSda->sda_ClientType == SDA_CLIENT_MSUAM_V2))
{
pSda->sda_ReplySize += AFP_XLAT_TABLE_SIZE;
}
else
{
pSda->sda_ReplySize += sizeof(USHORT); // space for LogonId
}
if (AfpAllocReplyBuf(pSda) != AFP_ERR_NONE)
{
DBGPRINT(DBG_COMP_SECURITY, DBG_LEVEL_ERR,
("AfpFspDispLogin: AfpAllocReplyBuf failed\n"));
Status = AFP_ERR_USER_NOT_AUTH;
break;
}
if ((pSda->sda_Challenge = AfpGetChallenge()) == NULL)
{
DBGPRINT(DBG_COMP_SECURITY, DBG_LEVEL_ERR,
("AfpFspDispLogin: AfpGetChallenge failed\n"));
Status = AFP_ERR_USER_NOT_AUTH;
AfpFreeReplyBuf(pSda, FALSE);
break;
}
Status = AFP_ERR_AUTH_CONTINUE;
// MS-UAM client? copy challenge and translation table
if ((pSda->sda_ClientType == SDA_CLIENT_MSUAM_V1) ||
(pSda->sda_ClientType == SDA_CLIENT_MSUAM_V2))
{
RtlCopyMemory(pRspPkt->_ChallengeToClient, pSda->sda_Challenge,
MSV1_0_CHALLENGE_LENGTH);
RtlCopyMemory(pRspPkt->_TranslationTable,
AfpTranslationTable+AFP_XLAT_TABLE_SIZE,
AFP_XLAT_TABLE_SIZE);
}
else
{
pAppleUamRespPacket = (struct _AppleUamRespPacket *)(pSda->sda_ReplyBuf);
// copy the LogonId (make one up, using the sda pointer itself!)
//*(USHORT *)(&pAppleUamRespPacket->_LogonId[0]) = (USHORT)pSda;
pAppleUamRespPacket->_LogonId[0] = 0;
pAppleUamRespPacket->_LogonId[1] = 0;
// copy the challenge
RtlCopyMemory(&pAppleUamRespPacket->_ChallengeToClient[0],
pSda->sda_Challenge,
MSV1_0_CHALLENGE_LENGTH);
}
}
} while (False);
// Set the SDA in the right state
if (Status == AFP_ERR_NONE)
{
AfpInterlockedSetNClearDword(&pSda->sda_Flags,
SDA_USER_LOGGEDIN,
SDA_LOGIN_FAILED,
&pSda->sda_Lock);
pSda->sda_WSName.Length = 0;
pSda->sda_WSName.MaximumLength = 0;
pSda->sda_WSName.Buffer = NULL;
if (pSda->sda_tTillKickOff < MAXLONG)
AfpScavengerScheduleEvent(
AfpSdaCheckSession,
(PVOID)((ULONG_PTR)(pSda->sda_SessionId)),
(pSda->sda_tTillKickOff > SESSION_WARN_TIME) ?
(pSda->sda_tTillKickOff - SESSION_WARN_TIME) :
SESSION_CHECK_TIME,
True);
}
else if (Status == AFP_ERR_AUTH_CONTINUE)
{
// Login is half-way done. Set to receive a FPLoginCont call
AfpInterlockedSetDword(&pSda->sda_Flags,
SDA_USER_LOGIN_PARTIAL,
&pSda->sda_Lock);
}
else if (Status == AFP_ERR_PWD_EXPIRED)
{
AfpInterlockedSetDword(&pSda->sda_Flags,
SDA_LOGIN_FAILED,
&pSda->sda_Lock);
Status = AFP_ERR_NONE;
}
return Status;
}
/*** AfpFspDispLoginCont
*
* This is the worker routine for the AfpLoginCont API.
*
* The request packet is represented below.
*
* sda_Name1 BLOCK Response to challenge (24 bytes)
*/
AFPSTATUS FASTCALL
AfpFspDispLoginCont(
IN PSDA pSda
)
{
AFPSTATUS Status = AFP_ERR_NONE;
ANSI_STRING Passwd;
struct _AppleUamReqPkt
{
BYTE _LogonId[2];
BYTE _ChallengeResponse[1];
};
struct _AppleUamReqPkt *pAppleUamReqPkt;
struct _RequestPacket
{
DWORD _ChallengeResponse[1];
};
PAGED_CODE( );
DBGPRINT(DBG_COMP_AFPAPI_SRV, DBG_LEVEL_INFO,
("AfpFspDispLoginCont: Entered\n"));
if ((pSda->sda_Flags & SDA_LOGIN_MASK) != SDA_USER_LOGIN_PARTIAL)
{
Status = AFP_ERR_USER_NOT_AUTH;
}
else
{
if ((pSda->sda_ClientType == SDA_CLIENT_MSUAM_V1) ||
(pSda->sda_ClientType == SDA_CLIENT_MSUAM_V2))
{
Passwd.Length = Passwd.MaximumLength = LM_RESPONSE_LENGTH;
Passwd.Buffer = (PBYTE)&pReqPkt->_ChallengeResponse[0];
}
else
{
pAppleUamReqPkt = (struct _AppleUamReqPkt *)(pSda->sda_ReqBlock);
Passwd.Buffer = (PBYTE)&pAppleUamReqPkt->_ChallengeResponse[0];
if (pSda->sda_ClientType == SDA_CLIENT_RANDNUM)
{
Passwd.Length = Passwd.MaximumLength = RANDNUM_RESP_LEN;
}
else
{
Passwd.Length = Passwd.MaximumLength = TWOWAY_RESP_LEN;
}
}
ASSERT (pSda->sda_Challenge != NULL);
Status = AfpLogonUser(pSda, &Passwd);
AfpFreeMemory(pSda->sda_Challenge);
pSda->sda_Challenge = NULL;
}
// Set the SDA in the right state
if (Status == AFP_ERR_NONE)
{
AfpInterlockedSetNClearDword(&pSda->sda_Flags,
SDA_USER_LOGGEDIN,
SDA_USER_LOGIN_PARTIAL,
&pSda->sda_Lock);
if (pSda->sda_tTillKickOff < MAXLONG)
AfpScavengerScheduleEvent(
AfpSdaCheckSession,
(PVOID)((ULONG_PTR)(pSda->sda_SessionId)),
(pSda->sda_tTillKickOff > SESSION_WARN_TIME) ?
(pSda->sda_tTillKickOff - SESSION_WARN_TIME) :
SESSION_CHECK_TIME,
True);
}
return Status;
}
/*** AfpFspDispLogout
*
* This is the worker routine for the AfpLogout API.
*
* There is no request packet for this API.
*/
AFPSTATUS FASTCALL
AfpFspDispLogout(
IN PSDA pSda
)
{
AFP_SESSION_INFO SessInfo;
PAGED_CODE( );
DBGPRINT(DBG_COMP_AFPAPI_SRV, DBG_LEVEL_INFO,
("AfpFspDispLogout: Entered\n"));
AfpInterlockedClearDword(&pSda->sda_Flags, SDA_LOGIN_MASK, &pSda->sda_Lock);
return AFP_ERR_NONE;
}
/*** AfpFspDispChangePassword
*
* This is the worker routine for the AfpChangePassword API.
*
* The request packet is represented below.
*
* sda_AfpSubFunc BYTE New password length - UAM
* sda_Name1 ANSI_STRING UAM String
* sda_Name2 ANSI_STRING User Name [and domain]
* sda_Name3 BLOCK Old and New passwords
* Format depends on the UAM
* ClearText Old Password (8 bytes, 0 padded)
* New Password (8 bytes, 0 padded)
* Encrypted Old Password LM_OWF_PASSWORD (16)
* New Password LM_OWF_PASSWORD (16)
*
* All we do here is package the user name, domain name, old and new password
* and give it up to user mode to attempt the password change since we cannot
* do it in kernel mode.
*/
AFPSTATUS FASTCALL
AfpFspDispChangePassword(
IN PSDA pSda
)
{
AFPSTATUS Status;
PAFP_PASSWORD_DESC pPwdDesc=NULL;
ANSI_STRING NewPwd;
UNICODE_STRING UserName;
UNICODE_STRING DomainName;
BYTE Method;
struct _ResponsePacket
{
BYTE __ExtendedErrorCode[4];
};
PAGED_CODE( );
DBGPRINT(DBG_COMP_AFPAPI_SRV, DBG_LEVEL_INFO,
("AfpFspDispChangePassword: Entered\n"));
if ((pPwdDesc =
(PAFP_PASSWORD_DESC)AfpAllocPagedMemory(sizeof(AFP_PASSWORD_DESC))) == NULL)
{
return AFP_ERR_MISC;
}
AfpSetEmptyUnicodeString(&DomainName,
sizeof(pPwdDesc->DomainName),
pPwdDesc->DomainName);
AfpSetEmptyUnicodeString(&UserName,
sizeof(pPwdDesc->UserName),
pPwdDesc->UserName);
do
{
Status = AFP_ERR_BAD_UAM; // Default
// Validate the UAM string, cannot be 'No User Authent'
for (Method = CLEAR_TEXT_AUTHENT; Method < AFP_NUM_UAMS; Method++)
{
if (RtlEqualString(&pSda->sda_Name1,
&AfpUamStrings[Method],
True))
{
if (pSda->sda_Flags & SDA_USER_LOGGEDIN)
{
// if the client is logged in using TWOWAY_EXCHANGE, the
// UAM specified in password change is still RANDNUM_EXCHANGE
// so, hack it, so rest of our logic works!
//
if ((Method == RANDNUM_EXCHANGE) &&
(pSda->sda_ClientType == TWOWAY_EXCHANGE))
{
Method = TWOWAY_EXCHANGE;
}
if (pSda->sda_ClientType == Method)
{
Status = AFP_ERR_NONE;
}
else
{
Status = AFP_ERR_PARAM;
}
}
else
{
pSda->sda_ClientType = Method;
Status = AFP_ERR_NONE;
}
break;
}
}
if ((Status != AFP_ERR_NONE) ||
((Method == CLEAR_TEXT_AUTHENT) &&
!(AfpServerOptions & AFP_SRVROPT_CLEARTEXTLOGONALLOWED)))
{
break;
}
Status = AFP_ERR_PARAM; // Assume failure
RtlZeroMemory(pPwdDesc, sizeof(AFP_PASSWORD_DESC));
// Validate and Convert user name to unicode. If the user is already
// logged in, make sure the user name matches what we already know
if (!afpGetNameAndDomain(&pSda->sda_Name2,
&UserName,
&DomainName) ||
!RtlEqualUnicodeString(&UserName,
&pSda->sda_UserName,
True) ||
!RtlEqualUnicodeString(&DomainName,
&pSda->sda_DomainName,
True))
{
DBGPRINT(DBG_COMP_AFPAPI_SRV, DBG_LEVEL_ERR,
("AfpFspDispChangePassword: afpGetNameAndDomain failed\n"));
break;
}
pPwdDesc->AuthentMode = Method;
if (Method == CLEAR_TEXT_AUTHENT)
{
ANSI_STRING OldPwd;
// Make sure the old and new passwords are atleast the min. size
if (pSda->sda_Name3.Length < (2 * sizeof(AFP_MAXPWDSIZE)))
break;
// Translate both passwords to host ansi (upper case)
OldPwd.Buffer = pPwdDesc->OldPassword;
OldPwd.Length = sizeof(pPwdDesc->OldPassword);
OldPwd.MaximumLength = sizeof(pPwdDesc->OldPassword);
RtlCopyMemory(pPwdDesc->OldPassword,
pSda->sda_Name3.Buffer,
AFP_MAXPWDSIZE);
if (AfpConvertMacAnsiToHostAnsi(&OldPwd) != AFP_ERR_NONE)
{
break;
}
NewPwd.Buffer = pPwdDesc->NewPassword;
NewPwd.Length = sizeof(pPwdDesc->NewPassword);
NewPwd.MaximumLength = sizeof(pPwdDesc->NewPassword);
RtlCopyMemory(pPwdDesc->NewPassword,
pSda->sda_Name3.Buffer+AFP_MAXPWDSIZE,
AFP_MAXPWDSIZE);
if (AfpConvertMacAnsiToHostAnsi(&NewPwd) != AFP_ERR_NONE)
{
break;
}
}
//
// if this is a client using Apple's native UAM, parms are different!
//
else if ((Method == RANDNUM_EXCHANGE) ||
(Method == TWOWAY_EXCHANGE))
{
// Make sure the old and new passwords are atleast the min. size
if (pSda->sda_Name3.Length < (2 * MAX_MAC_PWD_LEN))
{
ASSERT(0);
break;
}
RtlCopyMemory(pPwdDesc->OldPassword,
pSda->sda_Name3.Buffer,
MAX_MAC_PWD_LEN);
RtlCopyMemory(pPwdDesc->NewPassword,
pSda->sda_Name3.Buffer + RANDNUM_RESP_LEN,
MAX_MAC_PWD_LEN);
}
else if (Method == SDA_CLIENT_MSUAM_V1)
{
// Make sure the old and new passwords are atleast the min. size
if (pSda->sda_Name3.Length < (2 * LM_OWF_PASSWORD_LENGTH))
{
break;
}
pPwdDesc->bPasswordLength = pSda->sda_AfpSubFunc;
RtlCopyMemory(pPwdDesc->OldPassword,
pSda->sda_Name3.Buffer,
LM_OWF_PASSWORD_LENGTH);
RtlCopyMemory(pPwdDesc->NewPassword,
pSda->sda_Name3.Buffer + LM_OWF_PASSWORD_LENGTH,
LM_OWF_PASSWORD_LENGTH);
}
else if (Method == SDA_CLIENT_MSUAM_V2)
{
// the data expected here is large (532 bytes) here
try {
RtlCopyMemory(pPwdDesc->OldPassword,
pSda->sda_Name3.Buffer,
LM_OWF_PASSWORD_LENGTH);
RtlCopyMemory(pPwdDesc->NewPassword,
pSda->sda_Name3.Buffer + LM_OWF_PASSWORD_LENGTH,
(SAM_MAX_PASSWORD_LENGTH * 2) + 4);
} except( EXCEPTION_EXECUTE_HANDLER ) {
ASSERT(0);
break;
}
}
else
{
DBGPRINT(DBG_COMP_AFPAPI_SRV, DBG_LEVEL_ERR,
("AfpFspDispChangePassword: unknown method %d\n",Method));
ASSERT(0);
}
Status = AfpChangePassword(pSda, pPwdDesc);
DBGPRINT(DBG_COMP_AFPAPI_SRV, DBG_LEVEL_ERR,
("AfpFspDispChangePassword: AfpChangePassword returned %lx\n",
Status));
} while (False);
if (NT_SUCCESS(Status))
{
// Check if we are here because the login returned password expired.
// If this is Afp 2.1 chooser, we also need to logon this fella
if (pSda->sda_Flags & SDA_LOGIN_FAILED)
{
AfpInterlockedClearDword(&pSda->sda_Flags,
SDA_LOGIN_FAILED,
&pSda->sda_Lock);
// The user password as we have it is potentially padded with nulls
// if it is less than 8 chars. Get the length right
NewPwd.Length = strlen(NewPwd.Buffer) + 1;
Status = AfpLogonUser(pSda, &NewPwd);
if (Status == AFP_ERR_NONE)
{
AfpInterlockedSetDword(&pSda->sda_Flags,
SDA_USER_LOGGEDIN,
&pSda->sda_Lock);
pSda->sda_WSName.Length = 0;
pSda->sda_WSName.MaximumLength = 0;
pSda->sda_WSName.Buffer = NULL;
if (pSda->sda_tTillKickOff < MAXLONG)
AfpScavengerScheduleEvent(
AfpSdaCheckSession,
(PVOID)((ULONG_PTR)(pSda->sda_SessionId)),
(pSda->sda_tTillKickOff > SESSION_WARN_TIME) ?
(pSda->sda_tTillKickOff - SESSION_WARN_TIME) :
SESSION_CHECK_TIME,
True);
}
}
}
else // Failure - convert to right status code
{
if ((pSda->sda_ClientType == SDA_CLIENT_MSUAM_V1) ||
(pSda->sda_ClientType == SDA_CLIENT_MSUAM_V2))
{
if (Status == STATUS_PASSWORD_EXPIRED)
Status = AFP_ERR_PASSWORD_EXPIRED;
else if (Status == STATUS_ACCOUNT_DISABLED)
Status = AFP_ERR_ACCOUNT_DISABLED;
else if (Status == STATUS_INVALID_LOGON_HOURS)
Status = AFP_ERR_INVALID_LOGON_HOURS;
else if (Status == STATUS_INVALID_WORKSTATION)
Status = AFP_ERR_INVALID_WORKSTATION;
else if (Status == STATUS_PASSWORD_RESTRICTION)
Status = AFP_ERR_PASSWORD_RESTRICTED;
else if (Status == STATUS_PWD_TOO_SHORT)
Status = AFP_ERR_PASSWORD_TOO_SHORT;
else if (Status == STATUS_ACCOUNT_RESTRICTION)
Status = AFP_ERR_ACCOUNT_RESTRICTED;
else if (Status == STATUS_ACCESS_DENIED)
Status = AFP_ERR_PASSWORD_CANT_CHANGE;
else if ((Status != AFP_ERR_BAD_UAM) &&
(Status != AFP_ERR_PARAM))
Status = AFP_ERR_MISC;
}
else
{
if (Status == STATUS_WRONG_PASSWORD)
Status = AFP_ERR_USER_NOT_AUTH;
else if ((Status == STATUS_PASSWORD_RESTRICTION) ||
(Status == STATUS_ACCOUNT_DISABLED))
Status = AFP_ERR_ACCESS_DENIED;
else if (Status == STATUS_PWD_TOO_SHORT)
{
if ((pSda->sda_Flags & SDA_USER_LOGGEDIN) &&
(pSda->sda_ClientVersion >= AFP_VER_21))
{
Status = AFP_ERR_PWD_TOO_SHORT;
}
else
Status = AFP_ERR_ACCESS_DENIED;
}
else if ((Status == STATUS_NONE_MAPPED) ||
(Status == STATUS_NO_SUCH_USER))
Status = AFP_ERR_PARAM;
else if ((Status != AFP_ERR_BAD_UAM) &&
(Status != AFP_ERR_PARAM))
Status = AFP_ERR_MISC;
}
}
if (pPwdDesc)
{
AfpFreeMemory(pPwdDesc);
}
return Status;
}
/*** AfpFspDispMapName
*
* This is the worker routine for the AfpMapName API.
*
* The request packet is represented below.
*
* sda_SubFunc BYTE User/Group Flag
* sda_Name1 ANSI_STRING Name of user/group
*/
AFPSTATUS FASTCALL
AfpFspDispMapName(
IN PSDA pSda
)
{
AFPSTATUS Status = AFP_ERR_NONE;
UNICODE_STRING Us;
DWORD UserOrGroupId = 0;
struct _ResponsePacket
{
BYTE __UserOrGroupId[4];
};
PAGED_CODE( );
DBGPRINT(DBG_COMP_AFPAPI_SRV, DBG_LEVEL_INFO,
("AfpFspDispMapName: Entered\n"));
if ((pSda->sda_AfpSubFunc != MAP_USER_NAME) &&
(pSda->sda_AfpSubFunc != MAP_GROUP_NAME))
return AFP_ERR_PARAM;
AfpSetEmptyUnicodeString(&Us, 0, NULL);
// If this is the first time we are asking for the name to be translated.
if ((pSda->sda_Name1.Length != 0) &&
(pSda->sda_SecUtilSid == NULL) &&
(NT_SUCCESS(pSda->sda_SecUtilResult)))
{
Us.MaximumLength = (pSda->sda_Name1.Length + 1) * sizeof(WCHAR);
if ((Us.Buffer = (LPWSTR)AfpAllocPagedMemory(Us.MaximumLength)) == NULL)
{
return AFP_ERR_MISC;
}
if (!NT_SUCCESS(Status = AfpConvertStringToUnicode(&pSda->sda_Name1, &Us)))
{
AfpFreeMemory(Us.Buffer);
return AFP_ERR_MISC;
}
Status = AfpNameToSid( pSda, &Us );
AfpFreeMemory(Us.Buffer);
if (!NT_SUCCESS(Status))
{
if (Status != AFP_ERR_EXTENDED)
Status = AFP_ERR_MISC;
}
return Status;
}
// If we have successfully translated the name
if (pSda->sda_Name1.Length != 0)
{
if ((pSda->sda_SecUtilSid != NULL) &&
(NT_SUCCESS( pSda->sda_SecUtilResult)))
Status = AfpSidToMacId(pSda->sda_SecUtilSid, &UserOrGroupId);
else Status = AFP_ERR_ITEM_NOT_FOUND;
}
if (NT_SUCCESS(Status))
{
pSda->sda_ReplySize = SIZE_RESPPKT;
if ((Status = AfpAllocReplyBuf(pSda)) == AFP_ERR_NONE)
{
PUTDWORD2DWORD(pRspPkt->__UserOrGroupId, UserOrGroupId);
}
}
if (pSda->sda_SecUtilSid != NULL)
{
AfpFreeMemory(pSda->sda_SecUtilSid);
pSda->sda_SecUtilSid = NULL;
}
return Status;
}
/*** AfpFspDispMapId
*
* This is the worker routine for the AfpMapId API.
*
* The request packet is represented below.
*
* sda_SubFunc BYTE User/Group Flag
* sda_ReqBlock DWORD UserId
*
* We do not use the UserId field since it is invalid anyway !!
*/
AFPSTATUS FASTCALL
AfpFspDispMapId(
IN PSDA pSda
)
{
AFPSTATUS Status = AFP_ERR_NONE;
PAFP_SID_NAME pSidName = NULL;
PSID pSid; // Sid of user or group
struct _RequestPacket
{
DWORD _UserOrGroupId;
};
struct _ResponsePacket
{
BYTE __NameLength[1];
BYTE __Name[1];
};
PAGED_CODE( );
DBGPRINT(DBG_COMP_AFPAPI_SRV, DBG_LEVEL_INFO,
("AfpFspDispMapId: Entered\n"));
if ((pSda->sda_AfpSubFunc != MAP_USER_ID) &&
(pSda->sda_AfpSubFunc != MAP_GROUP_ID))
return AFP_ERR_PARAM;
Status = AFP_ERR_ITEM_NOT_FOUND; // Assume failure
if (NT_SUCCESS(pSda->sda_SecUtilResult)) do
{
ANSI_STRING As;
As.Length = 0;
As.MaximumLength = 1;
As.Buffer = "";
if (pReqPkt->_UserOrGroupId != 0)
{
Status = AfpMacIdToSid(pReqPkt->_UserOrGroupId, &pSid);
if (!NT_SUCCESS(Status))
{
Status = AFP_ERR_ITEM_NOT_FOUND;
break;
}
Status = AfpSidToName(pSda, pSid, &pSidName);
if (!NT_SUCCESS(Status))
{
if (Status != AFP_ERR_EXTENDED)
Status = AFP_ERR_MISC;
break;
}
/* MSKK hideyukn, Unicode char length not eqaul to ansi byte length in DBCS, 08/07/95 */
#ifdef DBCS
pSda->sda_ReplySize = pSidName->Name.Length + SIZE_RESPPKT;
#else
pSda->sda_ReplySize = pSidName->Name.Length/sizeof(WCHAR) + SIZE_RESPPKT;
#endif // DBCS
}
else pSda->sda_ReplySize = SIZE_RESPPKT; // For an id of 0
if ((Status = AfpAllocReplyBuf(pSda)) == AFP_ERR_NONE)
{
if (pSidName != NULL)
{
As.MaximumLength = pSda->sda_ReplySize - 1;
As.Buffer = pRspPkt->__Name;
if ((Status = AfpConvertStringToAnsi(&pSidName->Name, &As)) != AFP_ERR_NONE)
{
AfpFreeReplyBuf(pSda, FALSE);
}
PUTBYTE2BYTE(pRspPkt->__NameLength, As.Length);
}
else PUTBYTE2BYTE(pRspPkt->__NameLength, 0);
}
} while (False);
return Status;
}
/*** AfpFspDispGetUserInfo
*
* This routine implements the AfpGetUserInfo API.
*
* The request packet is represented below.
*
* sda_AfpSubFunc BYTE ThisUser flag
* sda_ReqBlock DWORD UserId
* sda_ReqBlock DWORD Bitmap
*
* We do not use the UserId field since it is invalid anyway !!
*/
AFPSTATUS FASTCALL
AfpFspDispGetUserInfo(
IN PSDA pSda
)
{
DWORD Bitmap;
PBYTE pTemp;
AFPSTATUS Status = AFP_ERR_PARAM;
DWORD Uid, Gid;
struct _RequestPacket
{
DWORD _UserId;
DWORD _Bitmap;
};
struct _ResponsePacket
{
BYTE __Bitmap[2];
BYTE __Id1[4];
BYTE __Id2[4];
};
PAGED_CODE( );
DBGPRINT(DBG_COMP_AFPAPI_SRV, DBG_LEVEL_INFO,
("AfpFspDispGetUserInfo: Entered\n"));
do
{
if (!(pSda->sda_AfpSubFunc & USERINFO_THISUSER))
break;
Bitmap = pReqPkt->_Bitmap;
if (Bitmap & ~(USERINFO_BITMAP_USERID | USERINFO_BITMAP_PRIGID))
{
Status = AFP_ERR_BITMAP;
break;
}
if (Bitmap & USERINFO_BITMAP_USERID)
{
if (!NT_SUCCESS(Status = AfpSidToMacId(pSda->sda_UserSid, &Uid)))
{
Status = AFP_ERR_MISC;
break;
}
}
if (Bitmap & USERINFO_BITMAP_PRIGID)
{
if (!NT_SUCCESS(Status = AfpSidToMacId(pSda->sda_GroupSid, &Gid)))
{
Status = AFP_ERR_MISC;
break;
}
}
pSda->sda_ReplySize = SIZE_RESPPKT;
if ((Status = AfpAllocReplyBuf(pSda)) == AFP_ERR_NONE)
{
PUTSHORT2SHORT(pRspPkt->__Bitmap, Bitmap);
pTemp = pRspPkt->__Id1;
if (Bitmap & USERINFO_BITMAP_USERID)
{
PUTDWORD2DWORD(pTemp, Uid);
pTemp = pRspPkt->__Id2;
}
else pSda->sda_ReplySize -= sizeof(DWORD);
if (Bitmap & USERINFO_BITMAP_PRIGID)
{
PUTDWORD2DWORD(pTemp, Gid);
}
else pSda->sda_ReplySize -= sizeof(DWORD);
}
} while (False);
return Status;
}
/*** afpGetUserNameAndPwdOrWSName
*
* Unmarshall the block containing UserName and either password or WS Name
* into unicode/ansi strings. Allocate memory for the output strings.
*
* The layout of the Buffer is as follows:
* User Name and an optional pad
* Workstation name or user password depending on the UAM.
*
* The optional pad is not directly determined since this buffer has been
* copied and we do not know at this point whether this started at an odd
* or an even boundary. We get to it indirectly from the size.
*/
LOCAL BOOLEAN
afpGetUserNameAndPwdOrWSName(
IN PANSI_STRING Block,
IN BYTE ClientType,
OUT PUNICODE_STRING pUserName,
OUT PUNICODE_STRING pDomainName,
OUT PVOID pParm // Either password or WSName
)
{
ANSI_STRING UserName;
#define pPwd ((PANSI_STRING)pParm)
#define pWS ((PUNICODE_STRING)pParm)
PBYTE pTmp;
BOOLEAN RetCode = False;
PAGED_CODE( );
do
{
pPwd->Buffer = NULL;
pPwd->Length = 0;
pUserName->Buffer = NULL;
if (Block->Buffer == NULL)
{
ASSERT(0);
return(False);
}
pTmp = Block->Buffer;
UserName.Length = (USHORT)*pTmp;
UserName.Buffer = ++pTmp;
// Sanity check
if ((USHORT)(UserName.Length + 1) > Block->Length)
break;
pTmp += UserName.Length;
// make sure we are within bounds!
if (pTmp <= (Block->Buffer + Block->Length))
{
// If there is a NULL pad, go past it.
if (*pTmp == '\0')
pTmp++;
}
pUserName->Buffer = NULL; // Force allocation
pDomainName->Buffer = NULL; // Force allocation
if (!afpGetNameAndDomain(&UserName, pUserName, pDomainName))
break;
// Make sure we do not have a name of the form "DOMAIN\" i.e. a
// valid domain name and a NULL user name, disallow that explicitly
// so that we don't logon such users with a NULL session
if (pUserName->Length == 0)
{
if (pUserName->Buffer != NULL)
{
AfpFreeMemory(pUserName->Buffer);
pUserName->Buffer = NULL;
}
if (pDomainName->Buffer != NULL)
{
AfpFreeMemory(pDomainName->Buffer);
pDomainName->Buffer = NULL;
}
return False;
}
// The balance of the buffer is the block, if it is a password. Else
// it is the machine name string which is a PASCALSTR.
pPwd->MaximumLength = (USHORT)(Block->Length - (pTmp - Block->Buffer) + 1);
if (ClientType != SDA_CLIENT_CLEARTEXT)
{
// in case of Apple UAM (scrambled or 2-way), machine name won't
// be present, so check only for MS-UAM
//
if ((ClientType == SDA_CLIENT_MSUAM_V1) ||
(ClientType == SDA_CLIENT_MSUAM_V2))
{
pWS->MaximumLength = (USHORT)((*pTmp + 1) * sizeof(WCHAR));
if (pWS->MaximumLength < (USHORT)((Block->Length -
(pTmp - Block->Buffer + 1)) *sizeof(WCHAR)))
{
return False;
}
}
else
{
pWS->MaximumLength = ((sizeof(AFP_DEFAULT_WORKSTATION_A) + 1) *
sizeof(WCHAR));
}
}
if ((pPwd->Buffer = AfpAllocNonPagedMemory(pPwd->MaximumLength)) == NULL)
break;
if (ClientType == SDA_CLIENT_CLEARTEXT)
{
// We are dealing with a clear text password
pPwd->Length = pPwd->MaximumLength - 1;
RtlCopyMemory(pPwd->Buffer, pTmp, pPwd->Length);
if (AfpConvertMacAnsiToHostAnsi(pPwd) != AFP_ERR_NONE)
break;
pPwd->Buffer[pPwd->Length] = 0;
}
else
{
ANSI_STRING AS;
if ((ClientType == SDA_CLIENT_MSUAM_V1) ||
(ClientType == SDA_CLIENT_MSUAM_V2))
{
AS.Buffer = ++pTmp;
AS.MaximumLength = pWS->MaximumLength/sizeof(WCHAR);
AS.Length = AS.MaximumLength - 1;
}
//
// for scrambled and 2-way exchange, use default wksta name since
// we don't know what it is
//
else
{
AS.Buffer = AFP_DEFAULT_WORKSTATION_A;
AS.MaximumLength = pWS->MaximumLength/sizeof(WCHAR);
AS.Length = AS.MaximumLength - 1;
}
// We have potentially a workstation name here. Since this is a
// pascal string, adjust the length etc.
AfpConvertStringToUnicode(&AS, pWS);
pWS->Buffer[pWS->Length/sizeof(WCHAR)] = L'\0';
}
RetCode = True;
} while (False);
if (!RetCode)
{
if (pUserName->Buffer != NULL)
{
AfpFreeMemory(pUserName->Buffer);
pUserName->Buffer = NULL;
}
if (pPwd->Buffer != NULL)
{
AfpFreeMemory(pPwd->Buffer);
pPwd->Buffer = NULL;
}
if (pDomainName->Buffer != NULL)
{
AfpFreeMemory(pDomainName->Buffer);
pDomainName->Buffer = NULL;
}
}
return RetCode;
}
/*** afpGetNameAndDomain
*
* Extract the name and domain from a string formed as DOMAIN\NAME.
*/
BOOLEAN
afpGetNameAndDomain(
IN PANSI_STRING pDomainNUser,
OUT PUNICODE_STRING pUserName,
OUT PUNICODE_STRING pDomainName
)
{
BYTE c;
ANSI_STRING User, Domain;
BOOLEAN fDomainBuffAlloc=FALSE;
// Check if the user name has a '\' character in it. If it does,
// seperate the domain name from user name. The Username string is
// not ASCIIZ. Before we search for a '\', make it ASCIIZ w/o trashing
// whatever is there.
PAGED_CODE( );
User.Buffer = AfpStrChr(pDomainNUser->Buffer, pDomainNUser->Length, '\\');
if (User.Buffer != NULL)
{
(User.Buffer) ++; // Past the '\'
Domain.Buffer = pDomainNUser->Buffer;
Domain.Length = (USHORT)(User.Buffer - Domain.Buffer - 1);
User.Length = pDomainNUser->Length - Domain.Length - 1;
if (Domain.Length > DNLEN)
{
DBGPRINT(DBG_COMP_AFPAPI_SRV, DBG_LEVEL_ERR,
("afpGetNameAndDomain: domain name too long (%d vs. max %d): rejecting\n",
Domain.Length, DNLEN));
return(False);
}
Domain.MaximumLength = Domain.Length + 1;
pDomainName->MaximumLength = Domain.MaximumLength * sizeof(WCHAR);
if (pDomainName->Buffer == NULL)
{
if ((pDomainName->Buffer =
(PWSTR)AfpAllocNonPagedMemory(pDomainName->MaximumLength)) == NULL)
{
return False;
}
fDomainBuffAlloc = TRUE;
}
AfpConvertStringToUnicode(&Domain, pDomainName);
}
else User = *pDomainNUser;
if (User.Length > LM20_UNLEN)
{
DBGPRINT(DBG_COMP_AFPAPI_SRV, DBG_LEVEL_ERR,
("afpGetNameAndDomain: user name too long (%d vs. max %d): rejecting\n",
User.Length,LM20_UNLEN));
return(False);
}
User.MaximumLength = User.Length + 1;
pUserName->MaximumLength = User.MaximumLength * sizeof(WCHAR);
if ((pUserName->Buffer == NULL) &&
(pUserName->Buffer =
(PWSTR)AfpAllocNonPagedMemory(pUserName->MaximumLength)) == NULL)
{
if (fDomainBuffAlloc)
{
AfpFreeMemory(pDomainName->Buffer);
pDomainName->Buffer = NULL;
}
return False;
}
AfpConvertStringToUnicode(&User, pUserName);
return True;
}