📄 msvpaswd.c
字号:
/*++
Copyright (c) 1989 Microsoft Corporation
Module Name:
msvpaswd.c
Abstract:
This file contains the MSV1_0 Authentication Package password routines.
Author:
Dave Hart (davehart) 12-Mar-1992
Revision History:
Chandana Surlu 21-Jul-96 Stolen from \\kernel\razzle3\src\security\msv1_0\msvpaswd.c
--*/
#include <global.h>
#include "msp.h"
#include "nlp.h"
#include <lmcons.h>
#include <lmerr.h>
#include <lmapibuf.h>
#include <lmremutl.h>
#include <lmwksta.h>
NTSTATUS
MspStopImpersonating (
VOID
)
/*++
Routine Description:
Stop impersonating. This is used to stop impersonating either
ourselves (see MspDisableAdminsAlis) or a client.
Arguments:
None.
Return Value:
STATUS_SUCCESS - Indicates the service completed successfully.
Other values are unexpected, but will be those returned by
NtSetInformationThread.
--*/
{
NTSTATUS
NtStatus;
HANDLE
Token = NULL;
NtStatus = NtSetInformationThread(
NtCurrentThread(),
ThreadImpersonationToken,
(PVOID)&Token,
sizeof(Token)
);
#if DBG
if ( !NT_SUCCESS(NtStatus) ) {
KdPrint(("MspStopImpersonating: Cannot stop impersonating, status %x\n",
NtStatus));
}
#endif \\DBG
return( NtStatus );
}
NTSTATUS
MspDisableAdminsAlias (
VOID
)
/*++
Routine Description:
Remove the current thread from the Administrators alias. This
is accomplished by impersonating our own thread, then removing
the Administrators alias membership from the impersonation
token. Use MspStopImpersonating() to stop impersonating and
thereby restore the thread to the Administrators alias.
Arguments:
None.
Return Value:
STATUS_SUCCESS - Indicates the service completed successfully.
--*/
{
NTSTATUS Status;
HANDLE TokenHandle = NULL;
HANDLE FilteredToken = NULL;
SID_IDENTIFIER_AUTHORITY IdentifierAuthority = SECURITY_NT_AUTHORITY;
PSID AdminSid = NULL;
SID LocalSystemSid = {SID_REVISION, 1, SECURITY_NT_AUTHORITY, SECURITY_LOCAL_SYSTEM_RID};
BYTE GroupBuffer[sizeof(TOKEN_GROUPS) + sizeof(SID_AND_ATTRIBUTES)];
PTOKEN_GROUPS TokenGroups = (PTOKEN_GROUPS) GroupBuffer;
//
// Make sure we aren't impersonating anyone else
// (that will prevent the RtlImpersonateSelf() call from succeeding).
//
Status = MspStopImpersonating();
if ( !NT_SUCCESS(Status) ) {
goto Cleanup;
}
//
// Open our process token so we can filter it to disable the
// Administrators and LocalSystem SIDs
//
Status = RtlImpersonateSelf(SecurityDelegation);
if (!NT_SUCCESS(Status)) {
goto Cleanup;
}
Status = NtOpenThreadToken(
NtCurrentThread(),
TOKEN_DUPLICATE | TOKEN_IMPERSONATE | TOKEN_QUERY,
TRUE, // open as self
&TokenHandle
);
if ( !NT_SUCCESS(Status) ) {
goto Cleanup;
}
//
// Build the SID for the Administrators alias. The Administrators
// alias SID is well known, S-1-5-32-544.
//
Status = RtlAllocateAndInitializeSid(
&IdentifierAuthority, // SECURITY_NT_AUTHORITY (5)
2, // SubAuthorityCount
SECURITY_BUILTIN_DOMAIN_RID, // 32
DOMAIN_ALIAS_RID_ADMINS, // 544
0,0,0,0,0,0,
&AdminSid
);
if ( !NT_SUCCESS(Status) ) {
KdPrint(("MspDisableAdminsAlias: RtlAllocateAndInitializeSid returns %x\n",
Status));
goto Cleanup;
}
//
// Disable the Administrators and LocalSystem aliases.
//
TokenGroups->GroupCount = 2;
TokenGroups->Groups[0].Sid = AdminSid;
TokenGroups->Groups[0].Attributes = 0; // SE_GROUP_ENABLED not on.
TokenGroups->Groups[1].Sid = &LocalSystemSid;
TokenGroups->Groups[1].Attributes = 0; // SE_GROUP_ENABLED not on.
Status = NtFilterToken(
TokenHandle,
0, // no flags
TokenGroups,
NULL, // no privileges
NULL, // no restricted sids
&FilteredToken
);
if ( !NT_SUCCESS(Status) ) {
KdPrint(("MspDisableAdminsAlias: NtFilter returns %x\n",
Status));
goto Cleanup;
}
Status = NtSetInformationThread(
NtCurrentThread(),
ThreadImpersonationToken,
&FilteredToken,
sizeof(HANDLE)
);
if (!NT_SUCCESS(Status)) {
goto Cleanup;
}
Cleanup:
if (AdminSid) {
RtlFreeSid(AdminSid);
}
if (TokenHandle) {
NtClose(TokenHandle);
}
if (FilteredToken) {
NtClose(FilteredToken);
}
return Status;
}
NTSTATUS
MspAddBackslashesComputerName(
IN PUNICODE_STRING ComputerName,
OUT PUNICODE_STRING UncComputerName
)
/*++
Routine Description:
This function makes a copy of a Computer Name, prepending backslashes
if they are not already present.
Arguments:
ComputerName - Pointer to Computer Name without backslashes.
UncComputerName - Pointer to Unicode String structure that will be
initialized to reference the computerName with backslashes
prepended if not already present. The Unicode Buffer will be
terminated with a Unicode NULL, so that it can be passed as
a parameter to routines expecting a null terminated Wide String.
When this string is finished with, the caller must free its
memory via RtlFreeHeap.
--*/
{
NTSTATUS Status = STATUS_SUCCESS;
BOOLEAN HasBackslashes = FALSE;
BOOLEAN IsNullTerminated = FALSE;
USHORT OutputNameLength;
USHORT OutputNameMaximumLength;
PWSTR StartBuffer = NULL;
//
// If the computername is NULL, a zero length string, or the name already begins with
// backslashes and is wide char null terminated, just use it unmodified.
//
if( (!ARGUMENT_PRESENT(ComputerName)) || ComputerName->Length == 0 ) {
UncComputerName->Buffer = NULL;
UncComputerName->Length = 0;
UncComputerName->MaximumLength = 0;
goto AddBackslashesComputerNameFinish;
}
//
// Name is not NULL or zero length. Check if name already has
// backslashes and a trailing Unicode Null
//
OutputNameLength = ComputerName->Length + (2 * sizeof(WCHAR));
OutputNameMaximumLength = OutputNameLength + sizeof(WCHAR);
if ((ComputerName && ComputerName->Length >= 2 * sizeof(WCHAR)) &&
(ComputerName->Buffer[0] == L'\\') &&
(ComputerName->Buffer[1] == L'\\')) {
HasBackslashes = TRUE;
OutputNameLength -= (2 * sizeof(WCHAR));
OutputNameMaximumLength -= (2 * sizeof(WCHAR));
}
if ((ComputerName->Length + (USHORT) sizeof(WCHAR) <= ComputerName->MaximumLength) &&
(ComputerName->Buffer[ComputerName->Length/sizeof(WCHAR)] == UNICODE_NULL)) {
IsNullTerminated = TRUE;
}
if (HasBackslashes && IsNullTerminated) {
*UncComputerName = *ComputerName;
goto AddBackslashesComputerNameFinish;
}
//
// Name either does not have backslashes or is not NULL terminated.
// Make a copy with leading backslashes and a wide NULL terminator.
//
UncComputerName->Length = OutputNameLength;
UncComputerName->MaximumLength = OutputNameMaximumLength;
UncComputerName->Buffer = RtlAllocateHeap(
MspHeap,
0,
OutputNameMaximumLength
);
if (UncComputerName->Buffer == NULL) {
KdPrint(("MspAddBackslashes...: Out of memory copying ComputerName.\n"));
Status = STATUS_NO_MEMORY;
goto AddBackslashesComputerNameError;
}
StartBuffer = UncComputerName->Buffer;
if (!HasBackslashes) {
UncComputerName->Buffer[0] = UncComputerName->Buffer[1] = L'\\';
StartBuffer +=2;
}
RtlCopyMemory(
StartBuffer,
ComputerName->Buffer,
ComputerName->Length
);
UncComputerName->Buffer[UncComputerName->Length / sizeof(WCHAR)] = UNICODE_NULL;
AddBackslashesComputerNameFinish:
return(Status);
AddBackslashesComputerNameError:
goto AddBackslashesComputerNameFinish;
}
#ifndef DONT_LOG_PASSWORD_CHANGES
#include <stdio.h>
HANDLE MsvPaswdLogFile = NULL;
#define MSVPASWD_LOGNAME L"\\debug\\PASSWD.LOG"
#define MSVPASWD_BAKNAME L"\\debug\\PASSWD.BAK"
ULONG
MsvPaswdInitializeLog(
VOID
)
/*++
Routine Description:
Initializes the debugging log file used by DCPROMO and the dssetup apis
Arguments:
None
Returns:
ERROR_SUCCESS - Success
--*/
{
ULONG dwErr = ERROR_SUCCESS;
WCHAR LogFileName[ MAX_PATH + 1 ], BakFileName[ MAX_PATH + 1 ];
if ( !GetWindowsDirectoryW( LogFileName,
sizeof( LogFileName )/sizeof( WCHAR ) ) ) {
dwErr = GetLastError();
} else {
wcscpy( BakFileName, LogFileName );
wcscat( LogFileName, MSVPASWD_LOGNAME );
wcscat( BakFileName, MSVPASWD_BAKNAME );
//
// Copy the existing (maybe) log file to a backup
//
//if ( CopyFile( LogFileName, BakFileName, FALSE ) == FALSE ) {
//
// }
MsvPaswdLogFile = CreateFileW( LogFileName,
GENERIC_WRITE,
FILE_SHARE_READ | FILE_SHARE_WRITE,
NULL,
CREATE_ALWAYS,
FILE_ATTRIBUTE_NORMAL,
NULL );
if ( MsvPaswdLogFile == INVALID_HANDLE_VALUE ) {
dwErr = GetLastError();
MsvPaswdLogFile = NULL;
} else {
if( SetFilePointer( MsvPaswdLogFile,
0, 0,
FILE_END ) == 0xFFFFFFFF ) {
dwErr = GetLastError();
CloseHandle( MsvPaswdLogFile );
MsvPaswdLogFile = NULL;
}
}
}
return( dwErr );
}
ULONG
MsvPaswdCloseLog(
VOID
)
/*++
Routine Description:
Closes the debugging log file used by DCPROMO and the dssetup apis
Arguments:
None
Returns:
ERROR_SUCCESS - Success
--*/
{
ULONG dwErr = ERROR_SUCCESS;
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -