📄 ssptest.c
字号:
&ExportedBuffer,
NULL,
&NewClientContextHandle);
if ( SecStatus != STATUS_SUCCESS ) {
printf( "ImportSecurityContext: " );
PrintStatus( SecStatus );
if ( !NT_SUCCESS(SecStatus) ) {
return;
}
}
SecStatus = FreeContextBuffer(ExportedBuffer.pvBuffer);
if ( SecStatus != STATUS_SUCCESS ) {
printf( "FreeContextBuffer: " );
PrintStatus( SecStatus );
if ( !NT_SUCCESS(SecStatus) ) {
return;
}
}
SecStatus = QueryContextAttributes(
&NewClientContextHandle,
SECPKG_ATTR_NAMES,
ContextNamesBuffer );
if ( SecStatus != STATUS_SUCCESS ) {
printf( "QueryContextAttributes (names): " );
PrintStatus( SecStatus );
if ( !NT_SUCCESS(SecStatus) ) {
return;
}
}
if ( !QuietMode ) {
printf( "QueryNames: %ws\n", ContextNames->sUserName );
}
// Export client context while deleting the old one.
SecStatus = ExportSecurityContext(
&ServerContextHandle,
SECPKG_CONTEXT_EXPORT_DELETE_OLD,
&ExportedBuffer,
NULL);
if ( SecStatus != STATUS_SUCCESS ) {
printf( "ExportSecurityContext: " );
PrintStatus( SecStatus );
if ( !NT_SUCCESS(SecStatus) ) {
return;
}
}
SecStatus = ImportSecurityContext(
NTLMSP_NAME, // Package Name
&ExportedBuffer,
NULL,
&NewServerContextHandle);
if ( SecStatus != STATUS_SUCCESS ) {
printf( "ImportSecurityContext: " );
PrintStatus( SecStatus );
if ( !NT_SUCCESS(SecStatus) ) {
return;
}
}
SecStatus = FreeContextBuffer(ExportedBuffer.pvBuffer);
if ( SecStatus != STATUS_SUCCESS ) {
printf( "FreeContextBuffer: " );
PrintStatus( SecStatus );
if ( !NT_SUCCESS(SecStatus) ) {
return;
}
}
SecStatus = QueryContextAttributes(
&NewServerContextHandle,
SECPKG_ATTR_NAMES,
ContextNamesBuffer );
if ( SecStatus != STATUS_SUCCESS ) {
printf( "QueryContextAttributes (names): " );
PrintStatus( SecStatus );
if ( !NT_SUCCESS(SecStatus) ) {
return;
}
}
if ( !QuietMode ) {
printf( "QueryNames: %ws\n", ContextNames->sUserName );
}
//
// Delete only the client context. The server context has already been deleted.
//
SecStatus = DeleteSecurityContext( &ClientContextHandle );
if ( SecStatus != STATUS_SUCCESS ) {
printf( "DeleteSecurityContext failed: " );
PrintStatus( SecStatus );
return;
}
//
// Delete imported contexts
//
SecStatus = DeleteSecurityContext( &NewClientContextHandle );
if ( SecStatus != STATUS_SUCCESS ) {
printf( "DeleteSecurityContext failed: " );
PrintStatus( SecStatus );
return;
}
SecStatus = DeleteSecurityContext( &NewServerContextHandle );
if ( SecStatus != STATUS_SUCCESS ) {
printf( "DeleteSecurityContext failed: " );
PrintStatus( SecStatus );
return;
}
//
// Free both credential handles
//
SecStatus = FreeCredentialsHandle( &CredentialHandle1 );
if ( SecStatus != STATUS_SUCCESS ) {
printf( "FreeCredentialsHandle failed: " );
PrintStatus( SecStatus );
return;
}
SecStatus = FreeCredentialsHandle( &CredentialHandle2 );
if ( SecStatus != STATUS_SUCCESS ) {
printf( "FreeCredentialsHandle failed: " );
PrintStatus( SecStatus );
return;
}
//
// Final Cleanup
//
if ( NegotiateBuffer.pvBuffer != NULL ) {
(VOID) LocalFree( NegotiateBuffer.pvBuffer );
}
if ( ChallengeBuffer.pvBuffer != NULL ) {
(VOID) LocalFree( ChallengeBuffer.pvBuffer );
}
if ( AuthenticateBuffer.pvBuffer != NULL ) {
(VOID) LocalFree( AuthenticateBuffer.pvBuffer );
}
}
VOID
TestLogonRoutine(
IN LPWSTR UserName,
IN LPWSTR DomainName,
IN LPWSTR Password
)
{
NTSTATUS Status;
PMSV1_0_INTERACTIVE_LOGON LogonInfo;
ULONG LogonInfoSize = sizeof(MSV1_0_INTERACTIVE_LOGON);
BOOLEAN WasEnabled;
UNICODE_STRING Name;
STRING TempName;
ULONG Dummy;
HANDLE LogonHandle = NULL;
ULONG PackageId;
TOKEN_SOURCE SourceContext;
PMSV1_0_INTERACTIVE_PROFILE Profile = NULL;
ULONG ProfileSize;
LUID LogonId;
HANDLE TokenHandle = NULL;
QUOTA_LIMITS Quotas;
NTSTATUS SubStatus;
WCHAR UserNameString[100];
ULONG NameLength = 100;
PUCHAR Where;
LogonInfoSize += (wcslen(UserName) + ((DomainName == NULL)? 0 : wcslen(DomainName)) + wcslen(Password) + 3 ) * sizeof(WCHAR);
LogonInfo = (PMSV1_0_INTERACTIVE_LOGON) LocalAlloc(LMEM_ZEROINIT, LogonInfoSize);
LogonInfo->MessageType = MsV1_0InteractiveLogon;
RtlInitUnicodeString(
&Name,
UserName
);
Where = (PUCHAR) (LogonInfo + 1);
LogonInfo->UserName.Buffer = (LPWSTR) Where;
LogonInfo->UserName.Length = Name.Length;
LogonInfo->UserName.MaximumLength = Name.MaximumLength;
RtlCopyMemory(
Where,
Name.Buffer,
Name.Length
);
Where += LogonInfo->UserName.Length + sizeof(WCHAR);
RtlInitUnicodeString(
&Name,
DomainName
);
LogonInfo->LogonDomainName.Buffer = (LPWSTR) Where;
LogonInfo->LogonDomainName.Length = Name.Length;
LogonInfo->LogonDomainName.MaximumLength = Name.MaximumLength;
RtlCopyMemory(
Where,
Name.Buffer,
Name.Length
);
Where += LogonInfo->LogonDomainName.Length + sizeof(WCHAR);
RtlInitUnicodeString(
&Name,
Password
);
LogonInfo->Password.Buffer = (LPWSTR) Where;
LogonInfo->Password.Length = Name.Length;
LogonInfo->Password.Length = Name.MaximumLength;
RtlCopyMemory(
Where,
Name.Buffer,
Name.Length
);
Where += LogonInfo->Password.Length + sizeof(WCHAR);
LogonInfo->MessageType = MsV1_0InteractiveLogon;
//
// Turn on the TCB privilege
//
Status = RtlAdjustPrivilege(SE_TCB_PRIVILEGE, TRUE, FALSE, &WasEnabled);
if (!NT_SUCCESS(Status))
{
printf("Failed to adjust privilege: GetLastError = 0x%x\n",GetLastError());
printf("Failed to adjust privilege: 0x%x\n",Status);
return;
}
RtlInitString(
&TempName,
"SspTest"
);
Status = LsaRegisterLogonProcess(
&TempName,
&LogonHandle,
&Dummy
);
if (!NT_SUCCESS(Status))
{
printf("Failed to register as a logon process: 0x%x\n",Status);
return;
}
strncpy(
SourceContext.SourceName,
"ssptest ",sizeof(SourceContext.SourceName)
);
NtAllocateLocallyUniqueId(
&SourceContext.SourceIdentifier
);
RtlInitString(
&TempName,
NTLMSP_NAME_A
);
Status = LsaLookupAuthenticationPackage(
LogonHandle,
&TempName,
&PackageId
);
if (!NT_SUCCESS(Status))
{
printf("Failed to lookup package %Z: 0x%x\n",&TempName, Status);
return;
}
//
// Now call LsaLogonUser
//
RtlInitString(
&TempName,
"ssptest"
);
Status = LsaLogonUser(
LogonHandle,
&TempName,
Interactive,
PackageId,
LogonInfo,
LogonInfoSize,
NULL, // no token groups
&SourceContext,
(PVOID *) &Profile,
&ProfileSize,
&LogonId,
&TokenHandle,
&Quotas,
&SubStatus
);
if (!NT_SUCCESS(Status))
{
printf("lsalogonuser failed: 0x%x\n",Status);
return;
}
if (!NT_SUCCESS(SubStatus))
{
printf("LsalogonUser failed: substatus = 0x%x\n",SubStatus);
return;
}
ImpersonateLoggedOnUser( TokenHandle );
GetUserName(UserNameString,&NameLength);
printf("Username = %ws\n",UserNameString);
RevertToSelf();
NtClose(TokenHandle);
}
DWORD
JunkTest()
{
return 1;
}
int __cdecl
main(
IN int argc,
IN char ** argv
)
/*++
Routine Description:
Drive the NtLmSsp service
Arguments:
int __cdecl
main(
IN int argc,
IN char ** argv
)
/*++
Routine Description:
Drive the NtLmSsp service
Arguments:
argc - the number of command-line arguments.
argv - an array of pointers to the arguments.
Return Value:
Exit status
--*/
{
LPSTR argument;
int i;
ULONG j;
ULONG Iterations = 0;
LPWSTR DomainName = NULL;
LPWSTR UserName = NULL;
LPWSTR Password = NULL;
enum {
NoAction,
ConfigureService,
#define CONFIG_PARAM "/ConfigureService"
TestSsp,
#define TESTSSP_PARAM "/TestSsp"
#define TESTSSP2_PARAM "/TestSsp:"
#define LOGON_PARAM "/TestLogon"
TestLogon,
} Action = NoAction;
#define QUIET_PARAM "/Q"
//
// Loop through the arguments handle each in turn
//
for ( i=1; i<argc; i++ ) {
argument = argv[i];
//
// Handle /TestSsp
//
if ( _stricmp( argument, TESTSSP_PARAM ) == 0 ) {
if ( Action != NoAction ) {
goto Usage;
}
Action = TestSsp;
Iterations = 1;
//
// Handle /TestSsp:
//
} else if ( _strnicmp( argument,
TESTSSP2_PARAM,
sizeof(TESTSSP2_PARAM)-1 ) == 0 ){
char *end;
if ( Action != NoAction ) {
goto Usage;
}
Action = TestSsp;
Iterations = strtoul( &argument[sizeof(TESTSSP2_PARAM)-1], &end, 10 );
i++;
if ( i < argc ) {
argument = argv[i];
DomainName = NetpAllocWStrFromStr( argument );
i++;
if ( i < argc ) {
argument = argv[i];
UserName = NetpAllocWStrFromStr( argument );
i++;
if ( i < argc ) {
argument = argv[i];
Password = NetpAllocWStrFromStr( argument );
}
}
}
} else if ( _strnicmp( argument,
LOGON_PARAM,
sizeof(LOGON_PARAM)-1 ) == 0 ){
//
// Handle /TestLogon
//
if ( Action != NoAction ) {
goto Usage;
}
Action = TestLogon;
Iterations = 1;
if (argc < i + 2)
{
goto Usage;
}
argument = argv[++i];
Password = NetpAllocWStrFromStr( argument );
argument = argv[++i];
UserName = NetpAllocWStrFromStr( argument );
if (i < argc)
{
argument = argv[++i];
DomainName = NetpAllocWStrFromStr( argument );
}
else
{
DomainName = NULL;
}
} else {
//
// Handle all other parameters
//
Usage:
fprintf( stderr, "Usage: ssptest [/OPTIONS]\n\n" );
fprintf(
stderr,
"\n"
" " TESTSSP_PARAM "[:<iterations> <DomainName> <UserName> <Password>] - Test basic SSPI.\n"
" " LOGON_PARAM "<Password> <UserName> [<DomainName>] - Test LogonUser.\n"
" " QUIET_PARAM " - Don't be so verbose\n"
"\n"
"\n" );
return(1);
}
}
//
// Perform the action requested
//
switch ( Action )
{
case TestSsp:
{
for ( j=0; j<Iterations ; j++ ) {
TestSspRoutine( DomainName, UserName, Password );
}
break;
}
case TestLogon:
{
TestLogonRoutine( UserName, DomainName, Password );
}
}
return 0;
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -