📄 ntlm.cxx
字号:
VOID NTAPI
NtLmPolicyChangeCallback(
IN POLICY_NOTIFICATION_INFORMATION_CLASS ChangedInfoClass
)
{
NTSTATUS Status = STATUS_SUCCESS;
PLSAPR_POLICY_INFORMATION Policy = NULL;
switch (ChangedInfoClass)
{
case PolicyNotifyDnsDomainInformation:
{
WCHAR UnicodeDnsComputerName[DNS_MAX_NAME_LENGTH + 1];
UNICODE_STRING UnicodeDnsComputerNameString;
ULONG DnsComputerNameLength = sizeof(UnicodeDnsComputerName) / sizeof(WCHAR);
//
// Get the new domain information
//
Status = I_LsaIQueryInformationPolicyTrusted(
PolicyDnsDomainInformation,
&Policy
);
if (!NT_SUCCESS(Status))
{
SspPrint((SSP_CRITICAL, "NtLmPolicyChangeCallback, Error from I_LsaIQueryInformationPolicyTrusted is %d\n", Status));
goto Cleanup;
}
//
// get the new DNS computer name
//
if ( !GetComputerNameExW( ComputerNameDnsFullyQualified,
UnicodeDnsComputerName,
&DnsComputerNameLength ) )
{
UnicodeDnsComputerName[ 0 ] = L'\0';
}
RtlInitUnicodeString( &UnicodeDnsComputerNameString,
UnicodeDnsComputerName);
Status = NtLmSetPolicyInfo(
&UnicodeDnsComputerNameString,
NULL,
(PUNICODE_STRING) &Policy->PolicyDnsDomainInfo.DnsDomainName,
(PUNICODE_STRING) &Policy->PolicyDnsDomainInfo.Name,
(PSID) Policy->PolicyDnsDomainInfo.Sid,
ChangedInfoClass,
FALSE);
if (!NT_SUCCESS(Status))
{
SspPrint((SSP_CRITICAL, "NtLmPolicyChangeCallback, Error from NtLmSetDomainName is %d\n", Status));
goto Cleanup;
}
}
break;
default:
break;
}
Cleanup:
if (Policy != NULL)
{
switch (ChangedInfoClass)
{
case PolicyNotifyDnsDomainInformation:
{
I_LsaIFree_LSAPR_POLICY_INFORMATION(
PolicyDnsDomainInformation,
Policy
);
}
break;
default:
break;
}
}
return;
}
//+-------------------------------------------------------------------------
//
// Function: NtLmRegisterForPolicyChange
//
// Synopsis: Register with the LSA to be notified of policy changes
//
// Effects:
//
// Arguments:
//
// Requires:
//
// Returns:
//
// Notes:
//
//
//--------------------------------------------------------------------------
NTSTATUS
NtLmRegisterForPolicyChange(
IN POLICY_NOTIFICATION_INFORMATION_CLASS ChangedInfoClass
)
{
NTSTATUS Status = STATUS_SUCCESS;
Status = I_LsaIRegisterPolicyChangeNotificationCallback(
NtLmPolicyChangeCallback,
ChangedInfoClass
);
if (!NT_SUCCESS(Status))
{
SspPrint((SSP_CRITICAL, "NtLmRegisterForPolicyChange, Error from I_LsaIRegisterPolicyChangeNotificationCallback is %d\n", Status));
}
SspPrint((SSP_MISC, "I_LsaIRegisterPolicyChangeNotificationCallback called with %d\n", ChangedInfoClass));
return(Status);
}
//+-------------------------------------------------------------------------
//
// Function: NtLmUnregisterForPolicyChange
//
// Synopsis: Unregister for policy change notification
//
// Effects:
//
// Arguments:
//
// Requires:
//
// Returns:
//
// Notes:
//
//
//--------------------------------------------------------------------------
VOID
NtLmUnregisterForPolicyChange(
IN POLICY_NOTIFICATION_INFORMATION_CLASS ChangedInfoClass
)
{
(VOID) I_LsaIUnregisterPolicyChangeNotificationCallback(
NtLmPolicyChangeCallback,
ChangedInfoClass
);
}
//+--------------------------------------------------------------------
//
// Function: SpInitialize
//
// Synopsis: Initializes the Security package
//
// Arguments: PackageId - Contains ID for this package assigned by LSA
// Parameters - Contains machine-specific information
// FunctionTable - Contains table of LSA helper routines
//
// Returns: None
//
// Notes: Everything that was done in LsaApInitializePackage
// should be done here. Lsa assures us that only
// one thread is executing this at a time. Don't
// have to worry about concurrency problems.(BUGBUG verify)
// Most of the stuff was taken from SspCommonInitialize()
// from svcdlls\ntlmssp\common\initcomn.c
//
//---------------------------------------------------------------------
NTSTATUS NTAPI
SpInitialize(
IN ULONG_PTR PackageId,
IN PSECPKG_PARAMETERS Parameters,
IN PLSA_SECPKG_FUNCTION_TABLE FunctionTable
)
{
SspPrint((SSP_API, "Entering SpInitialize\n"));
SECURITY_STATUS Status = SEC_E_OK;
WCHAR UnicodeComputerName[CNLEN + 1];
UNICODE_STRING UnicodeComputerNameString;
ULONG ComputerNameLength =
(sizeof(UnicodeComputerName)/sizeof(WCHAR));
WCHAR UnicodeDnsComputerName[DNS_MAX_NAME_LENGTH + 1];
UNICODE_STRING UnicodeDnsComputerNameString;
ULONG DnsComputerNameLength = sizeof(UnicodeDnsComputerName) / sizeof(WCHAR);
//
// Init the global crit section
//
InitializeCriticalSection(&NtLmGlobalCritSect);
//
// All the following are global
//
NtLmState = NtLmLsaMode;
NtLmPackageId = PackageId;
// We really need this to be a day less than maxtime so when callers
// of sspi convert to utc, they won't get time in the past.
NtLmGlobalForever.HighPart = 0x7FFFFF36;
NtLmGlobalForever.LowPart = 0xD5969FFF;
//
// Following are local
//
NtLmCredentialInitialized = FALSE;
NtLmContextInitialized = FALSE;
NtLmRNGInitialized = FALSE;
//
// Save away the Lsa functions
//
LsaFunctions = FunctionTable;
//
// Save the Parameters info
//
NtLmSecPkg.MachineState = Parameters->MachineState;
NtLmSecPkg.SetupMode = Parameters->SetupMode;
//
// allocate a locally unique ID rereferencing the machine logon.
//
Status = NtAllocateLocallyUniqueId( &NtLmGlobalLuidMachineLogon );
if (!NT_SUCCESS (Status))
{
SspPrint((SSP_CRITICAL, "SpInitialize, Error from NtAllocateLocallyUniqueId is %d\n", Status));
goto CleanUp;
}
//
// create a logon session for the machine logon.
//
Status = LsaFunctions->CreateLogonSession( &NtLmGlobalLuidMachineLogon );
if( !NT_SUCCESS(Status) ) {
SspPrint((SSP_CRITICAL, "SpInitialize, Error from CreateLogonSession is %d\n", Status));
goto CleanUp;
}
Status = NtLmDuplicateUnicodeString(
&NtLmSecPkg.DomainName,
&Parameters->DomainName);
if (!NT_SUCCESS (Status))
{
SspPrint((SSP_CRITICAL, "SpInitialize, Error from NtLmDuplicateUnicodeString is %d\n", Status));
goto CleanUp;
}
Status = NtLmDuplicateUnicodeString(
&NtLmSecPkg.DnsDomainName,
&Parameters->DnsDomainName);
if (!NT_SUCCESS (Status))
{
SspPrint((SSP_CRITICAL, "SpInitialize, Error from NtLmDuplicateUnicodeString is %d\n", Status));
goto CleanUp;
}
if (Parameters->DomainSid != NULL) {
Status = NtLmDuplicateSid( &NtLmSecPkg.DomainSid,
Parameters->DomainSid );
if (!NT_SUCCESS (Status))
{
SspPrint((SSP_CRITICAL, "SpInitialize, Error from NtLmDuplicateSid is %d\n", Status));
goto CleanUp;
}
}
//
// Determine if this machine is running NT Workstation or NT Server
//
if (!RtlGetNtProductType (&NtLmGlobalNtProductType))
{
SspPrint((SSP_API_MORE, "RtlGetNtProductType defaults to NtProductWinNt\n"));
}
if ( !GetComputerNameW( UnicodeComputerName,
&ComputerNameLength ) ) {
Status = STATUS_INVALID_COMPUTER_NAME;
SspPrint((SSP_CRITICAL, "SpInitialize, Error from GetComputerNameW is %d\n", Status));
goto CleanUp;
}
if ( !GetComputerNameExW( ComputerNameDnsFullyQualified,
UnicodeDnsComputerName,
&DnsComputerNameLength ) )
{
//
// per CliffV, failure is legal.
//
UnicodeDnsComputerName[ 0 ] = L'\0';
}
//
// Set all the globals relating to computer name, domain name, sid etc.
// This routine is also used by the callback for notifications from the lsa
//
RtlInitUnicodeString( &UnicodeComputerNameString,
UnicodeComputerName);
RtlInitUnicodeString( &UnicodeDnsComputerNameString,
UnicodeDnsComputerName);
Status = NtLmSetPolicyInfo( &UnicodeDnsComputerNameString,
&UnicodeComputerNameString,
&NtLmSecPkg.DnsDomainName,
&NtLmSecPkg.DomainName,
NtLmSecPkg.DomainSid,
PolicyNotifyAuditEventsInformation, // Ignored
TRUE ); // yes, package init
if (!NT_SUCCESS (Status))
{
SspPrint((SSP_CRITICAL, "SpInitialize, Error from NtLmSetDomainInfo %d\n", Status));
goto CleanUp;
}
//
// pickup a copy of the Local System access token.
//
{
HANDLE hProcessToken;
NTSTATUS StatusToken;
StatusToken = NtOpenProcessToken(
NtCurrentProcess(),
TOKEN_QUERY | TOKEN_DUPLICATE,
&hProcessToken
);
if( NT_SUCCESS( StatusToken ) ) {
TOKEN_STATISTICS LocalTokenStatistics;
DWORD TokenStatisticsSize = sizeof(LocalTokenStatistics);
LUID LogonIdSystem = SYSTEM_LUID;
Status = NtQueryInformationToken(
hProcessToken,
TokenStatistics,
&LocalTokenStatistics,
TokenStatisticsSize,
&TokenStatisticsSize
);
if( NT_SUCCESS( Status ) ) {
//
// see if it's SYSTEM.
//
if(RtlEqualLuid(
&LogonIdSystem,
&(LocalTokenStatistics.AuthenticationId)
)) {
Status = SspDuplicateToken(
hProcessToken,
SecurityImpersonation,
&NtLmGlobalAccessTokenSystem
);
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -