📄 subauth.c
字号:
OUT PLARGE_INTEGER LogoffTime,
OUT PLARGE_INTEGER KickoffTime
)
{
PNETLOGON_LOGON_IDENTITY_INFO LogonInfo;
ULONG DllNumber;
LogonInfo = (PNETLOGON_LOGON_IDENTITY_INFO) LogonInformation;
DllNumber = LogonInfo->ParameterControl >> MSV1_0_SUBAUTHENTICATION_DLL_SHIFT;
if( DllNumber != 0 ) {
return STATUS_SUCCESS;
}
return Msv1_0SubAuthenticationRoutine(
LogonLevel,
LogonInformation,
Flags,
UserAll,
WhichFields,
UserFlags,
Authoritative,
LogoffTime,
KickoffTime
);
}
NTSTATUS
Msv1_0SubAuthenticationRoutine(
IN NETLOGON_LOGON_INFO_CLASS LogonLevel,
IN PVOID LogonInformation,
IN ULONG Flags,
IN PUSER_ALL_INFORMATION UserAll,
OUT PULONG WhichFields,
OUT PULONG UserFlags,
OUT PBOOLEAN Authoritative,
OUT PLARGE_INTEGER LogoffTime,
OUT PLARGE_INTEGER KickoffTime
)
/*++
Routine Description:
The subauthentication routine does client/server specific authentication
of a user. This stub routine loads the appropriate subauthentication
package DLL and calls out to that DLL to do the actuall validation.
Arguments:
LogonLevel -- Specifies the level of information given in
LogonInformation.
LogonInformation -- Specifies the description for the user
logging on. The LogonDomainName field should be ignored.
Flags - Flags describing the circumstances of the logon.
MSV1_0_PASSTHRU -- This is a PassThru authenication. (i.e., the
user isn't connecting to this machine.)
MSV1_0_GUEST_LOGON -- This is a retry of the logon using the GUEST
user account.
UserAll -- The description of the user as returned from SAM.
WhichFields -- Returns which fields from UserAllInfo are to be written
back to SAM. The fields will only be written if MSV returns success
to it's caller. Only the following bits are valid.
USER_ALL_PARAMETERS - Write UserAllInfo->Parameters back to SAM. If
the size of the buffer is changed, Msv1_0SubAuthenticationRoutine
must delete the old buffer using MIDL_user_free() and reallocate the
buffer using MIDL_user_allocate().
UserFlags -- Returns UserFlags to be returned from LsaLogonUser in the
LogonProfile. The following bits are currently defined:
LOGON_GUEST -- This was a guest logon
LOGON_NOENCRYPTION -- The caller didn't specify encrypted credentials
LOGON_GRACE_LOGON -- The caller's password has expired but logon
was allowed during a grace period following the expiration.
SubAuthentication packages should restrict themselves to returning
bits in the high order byte of UserFlags. However, this convention
isn't enforced giving the SubAuthentication package more flexibility.
Authoritative -- Returns whether the status returned is an
authoritative status which should be returned to the original
caller. If not, this logon request may be tried again on another
domain controller. This parameter is returned regardless of the
status code.
LogoffTime - Receives the time at which the user should logoff the
system. This time is specified as a GMT relative NT system time.
KickoffTime - Receives the time at which the user should be kicked
off the system. This time is specified as a GMT relative NT system
time. Specify, a full scale positive number if the user isn't to
be kicked off.
Return Value:
STATUS_SUCCESS: if there was no error.
STATUS_NO_SUCH_USER: The specified user has no account.
STATUS_WRONG_PASSWORD: The password was invalid.
STATUS_INVALID_INFO_CLASS: LogonLevel is invalid.
STATUS_ACCOUNT_LOCKED_OUT: The account is locked out
STATUS_ACCOUNT_DISABLED: The account is disabled
STATUS_ACCOUNT_EXPIRED: The account has expired.
STATUS_PASSWORD_MUST_CHANGE: Account is marked as Password must change
on next logon.
STATUS_PASSWORD_EXPIRED: The Password is expired.
STATUS_INVALID_LOGON_HOURS - The user is not authorized to logon at
this time.
STATUS_INVALID_WORKSTATION - The user is not authorized to logon to
the specified workstation.
--*/
{
NTSTATUS Status;
NTSTATUS SubStatus;
ULONG DllNumber;
PSUBAUTHENTICATION_DLL SubAuthenticationDll;
PSUBAUTHENTICATION_ROUTINE SubAuthenticationRoutine;
PNETLOGON_LOGON_IDENTITY_INFO LogonInfo;
BOOLEAN CritSectLocked = FALSE;
//
// Initialization
//
LogonInfo = (PNETLOGON_LOGON_IDENTITY_INFO) LogonInformation;
DllNumber = LogonInfo->ParameterControl >> MSV1_0_SUBAUTHENTICATION_DLL_SHIFT;
*Authoritative = TRUE;
EnterCriticalSection( &SubAuthenticationCritSect );
CritSectLocked = TRUE;
//
// Find the SubAuthentication Dll.
//
SubAuthenticationDll = ReferenceSubAuth ( DllNumber, &SubStatus);
//
// If this was package zero and we didn't find it, remember it for
// next time.
//
if ( (DllNumber == 0) && (SubAuthenticationDll == NULL) ) {
NlpSubAuthZeroExists = FALSE;
Status = STATUS_SUCCESS;
goto Cleanup;
}
if (SubStatus != STATUS_SUCCESS)
{
KdPrint(( "MSV1_0: SubAuth Error value is %ld.\n", SubStatus));
Status = SubStatus;
goto Cleanup;
}
//
// Leave the crit sect while calling the DLL
//
SubAuthenticationRoutine = SubAuthenticationDll->SubAuthenticationRoutine;
LeaveCriticalSection( &SubAuthenticationCritSect );
CritSectLocked = FALSE;
if (SubAuthenticationRoutine == NULL)
{
if( DllNumber == 0 ) {
//
// If this was package zero and we didn't find it, remember it for
// next time.
//
NlpSubAuthZeroExists = FALSE;
Status = STATUS_SUCCESS;
} else {
Status = STATUS_PROCEDURE_NOT_FOUND;
}
goto Cleanup;
}
//
// Call the actual authentication routine.
//
Status = (*SubAuthenticationRoutine)(
LogonLevel,
LogonInformation,
Flags,
UserAll,
WhichFields,
UserFlags,
Authoritative,
LogoffTime,
KickoffTime );
//
// Cleanup up before returning.
//
Cleanup:
if ( CritSectLocked ) {
LeaveCriticalSection( &SubAuthenticationCritSect );
}
return Status;
}
NTSTATUS
Msv1_0ExportSubAuthenticationRoutine(
IN NETLOGON_LOGON_INFO_CLASS LogonLevel,
IN PVOID LogonInformation,
IN ULONG Flags,
IN ULONG DllNumber,
IN PUSER_ALL_INFORMATION UserAll,
OUT PULONG WhichFields,
OUT PULONG UserFlags,
OUT PBOOLEAN Authoritative,
OUT PLARGE_INTEGER LogoffTime,
OUT PLARGE_INTEGER KickoffTime
)
/*++
Routine Description:
The subauthentication routine does client/server specific authentication
of a user. This stub routine loads the appropriate subauthentication
package DLL and calls out to that DLL to do the actuall validation.
Arguments:
LogonLevel -- Specifies the level of information given in
LogonInformation.
LogonInformation -- Specifies the description for the user
logging on. The LogonDomainName field should be ignored.
Flags -- Flags describing the circumstances of the logon.
MSV1_0_PASSTHRU -- This is a PassThru authenication. (i.e., the
user isn't connecting to this machine.)
MSV1_0_GUEST_LOGON -- This is a retry of the logon using the GUEST
user account.
DllNumber - The number of the subauthentication DLL to call.
UserAll -- The description of the user as returned from SAM.
WhichFields -- Returns which fields from UserAllInfo are to be written
back to SAM. The fields will only be written if MSV returns success
to it's caller. Only the following bits are valid.
USER_ALL_PARAMETERS - Write UserAllInfo->Parameters back to SAM. If
the size of the buffer is changed, Msv1_0SubAuthenticationRoutine
must delete the old buffer using MIDL_user_free() and reallocate the
buffer using MIDL_user_allocate().
UserFlags -- Returns UserFlags to be returned from LsaLogonUser in the
LogonProfile. The following bits are currently defined:
LOGON_GUEST -- This was a guest logon
LOGON_NOENCRYPTION -- The caller didn't specify encrypted credentials
LOGON_GRACE_LOGON -- The caller's password has expired but logon
was allowed during a grace period following the expiration.
SubAuthentication packages should restrict themselves to returning
bits in the high order byte of UserFlags. However, this convention
isn't enforced giving the SubAuthentication package more flexibility.
Authoritative -- Returns whether the status returned is an
authoritative status which should be returned to the original
caller. If not, this logon request may be tried again on another
domain controller. This parameter is returned regardless of the
status code.
LogoffTime - Receives the time at which the user should logoff the
system. This time is specified as a GMT relative NT system time.
KickoffTime - Receives the time at which the user should be kicked
off the system. This time is specified as a GMT relative NT system
time. Specify, a full scale positive number if the user isn't to
be kicked off.
Return Value:
STATUS_SUCCESS: if there was no error.
STATUS_NO_SUCH_USER: The specified user has no account.
STATUS_WRONG_PASSWORD: The password was invalid.
STATUS_INVALID_INFO_CLASS: LogonLevel is invalid.
STATUS_ACCOUNT_LOCKED_OUT: The account is locked out
STATUS_ACCOUNT_DISABLED: The account is disabled
STATUS_ACCOUNT_EXPIRED: The account has expired.
STATUS_PASSWORD_MUST_CHANGE: Account is marked as Password must change
on next logon.
STATUS_PASSWORD_EXPIRED: The Password is expired.
STATUS_INVALID_LOGON_HOURS - The user is not authorized to logon at
this time.
STATUS_INVALID_WORKSTATION - The user is not authorized to logon to
the specified workstation.
--*/
{
NTSTATUS Status;
NTSTATUS SubStatus;
PSUBAUTHENTICATION_DLL SubAuthenticationDll;
PSUBAUTHENTICATION_ROUTINE SubAuthenticationRoutine;
PNETLOGON_LOGON_IDENTITY_INFO LogonInfo;
BOOLEAN CritSectLocked = FALSE;
//
// Initialization
//
LogonInfo = (PNETLOGON_LOGON_IDENTITY_INFO) LogonInformation;
*Authoritative = TRUE;
EnterCriticalSection( &SubAuthenticationCritSect );
CritSectLocked = TRUE;
//
// Find the SubAuthentication Dll.
//
SubAuthenticationDll = ReferenceSubAuth ( DllNumber, &SubStatus);
if (SubStatus != STATUS_SUCCESS)
{
KdPrint(( "MSV1_0: SubAuth Error value is %ld.\n", SubStatus));
Status = SubStatus;
goto Cleanup;
}
//
// Leave the crit sect while calling the DLL
//
SubAuthenticationRoutine = SubAuthenticationDll->SubAuthenticationRoutine;
LeaveCriticalSection( &SubAuthenticationCritSect );
CritSectLocked = FALSE;
if (SubAuthenticationRoutine == NULL)
{
Status = STATUS_PROCEDURE_NOT_FOUND;
goto Cleanup;
}
//
// Call the actual authentication routine.
//
Status = (*SubAuthenticationRoutine)(
LogonLevel,
LogonInformation,
Flags,
UserAll,
WhichFields,
UserFlags,
Authoritative,
LogoffTime,
KickoffTime );
//
// Cleanup up before returning.
//
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -