📄 ntlm.cxx
字号:
ULONG
NtLmValidMinimumSecurityFlagsMask(
IN ULONG MinimumSecurity
)
/*++
This routine takes a NtLmMinimumClientSec or NtLmMinimumServerSec registry
value and masks off the bits that are not relevant for enforcing the
supported options.
--*/
{
return (MinimumSecurity & (
NTLMSSP_NEGOTIATE_UNICODE |
NTLMSSP_NEGOTIATE_SIGN |
NTLMSSP_NEGOTIATE_SEAL |
NTLMSSP_NEGOTIATE_NTLM2 |
NTLMSSP_NEGOTIATE_128 |
NTLMSSP_NEGOTIATE_KEY_EXCH |
NTLMSSP_NEGOTIATE_56
));
}
VOID
NTAPI
NtLmQueryDynamicGlobals(
PVOID pvContext,
BOOLEAN f
)
{
SspPrint((SSP_API, "Entering NtLmQueryDynamicGlobals\n"));
HKEY KeyHandle; // open registry key to Lsa\MSV1_0
LONG RegStatus;
DWORD RegValueType;
DWORD RegValue;
DWORD RegValueSize;
KeyHandle = NtLmGlobalLsaKey;
if( KeyHandle != NULL )
{
//
// lm compatibility level.
//
RegValueSize = sizeof( RegValue );
RegStatus = RegQueryValueExW(
KeyHandle,
L"LmCompatibilityLevel",
NULL,
&RegValueType,
(PUCHAR)&RegValue,
&RegValueSize
);
if ( RegStatus == ERROR_SUCCESS ) {
//
// Check that the data is the correct size and type - a ULONG.
//
if ((RegValueSize >= sizeof(ULONG)) &&
(RegValueType == REG_DWORD)) {
NtLmGlobalLmProtocolSupported = (ULONG)RegValue;
}
} else if( RegStatus == ERROR_FILE_NOT_FOUND ) {
//
// value was deleted - resort to default.
//
NtLmGlobalLmProtocolSupported = 0;
}
}
KeyHandle = NtLmGlobalLsaMsv1_0Key;
if( KeyHandle != NULL )
{
//
// get minimum client security flag.
//
RegValueSize = sizeof( RegValue );
RegStatus = RegQueryValueExW(
KeyHandle,
L"NtlmMinClientSec",
NULL,
&RegValueType,
(PUCHAR)&RegValue,
&RegValueSize
);
if ( RegStatus == ERROR_SUCCESS ) {
//
// Check that the data is the correct size and type - a ULONG.
//
if ((RegValueSize >= sizeof(ULONG)) &&
(RegValueType == REG_DWORD)) {
NtLmGlobalMinimumClientSecurity =
NtLmValidMinimumSecurityFlagsMask( (ULONG)RegValue );
}
} else if( RegStatus == ERROR_FILE_NOT_FOUND ) {
//
// value was deleted - resort to default.
//
NtLmGlobalMinimumClientSecurity = 0 ;
}
//
// get minimum server security flags.
//
RegValueSize = sizeof( RegValueSize );
RegStatus = RegQueryValueExW(
KeyHandle,
L"NtlmMinServerSec",
NULL,
&RegValueType,
(PUCHAR)&RegValue,
&RegValueSize
);
if ( RegStatus == ERROR_SUCCESS ) {
//
// Check that the data is the correct size and type - a ULONG.
//
if ((RegValueSize >= sizeof(ULONG)) &&
(RegValueType == REG_DWORD)) {
NtLmGlobalMinimumServerSecurity =
NtLmValidMinimumSecurityFlagsMask( (ULONG)RegValue );
}
} else if( RegStatus == ERROR_FILE_NOT_FOUND ) {
//
// value was deleted - resort to default.
//
NtLmGlobalMinimumServerSecurity = 0;
}
//
// All datagram related flags need to be set.
//
if (NtLmGlobalMinimumClientSecurity & NTLMSSP_NEGOTIATE_NTLM2)
{
NtLmGlobalRequireNtlm2 = TRUE;
}
if ((NtLmGlobalMinimumClientSecurity & NTLMSSP_NEGOTIATE_128) &&
(NtLmSecPkg.MachineState & SECPKG_STATE_STRONG_ENCRYPTION_PERMITTED))
{
NtLmGlobalDatagramUse128BitEncryption = TRUE;
} else if (NtLmGlobalMinimumClientSecurity & NTLMSSP_NEGOTIATE_56) {
NtLmGlobalDatagramUse56BitEncryption = TRUE;
}
#if DBG
//
// get the debugging flag
//
RegValueSize = sizeof( RegValueSize );
RegStatus = RegQueryValueExW(
KeyHandle,
L"DBFlag",
NULL,
&RegValueType,
(PUCHAR)&RegValue,
&RegValueSize
);
if ( RegStatus == ERROR_SUCCESS ) {
//
// Check that the data is the correct size and type - a ULONG.
//
if ((RegValueSize >= sizeof(ULONG)) &&
(RegValueType == REG_DWORD)) {
SspGlobalDbflag = (ULONG)RegValue;
}
}
#endif
}
//
// (re)register the wait events.
//
if( NtLmGlobalRegChangeNotifyEvent )
{
if( NtLmGlobalLsaKey )
{
RegNotifyChangeKeyValue(
NtLmGlobalLsaKey,
FALSE,
REG_NOTIFY_CHANGE_LAST_SET,
NtLmGlobalRegChangeNotifyEvent,
TRUE
);
}
#if DBG
if( NtLmGlobalLsaMsv1_0Key )
{
RegNotifyChangeKeyValue(
NtLmGlobalLsaMsv1_0Key,
FALSE,
REG_NOTIFY_CHANGE_LAST_SET,
NtLmGlobalRegChangeNotifyEvent,
TRUE
);
}
#endif
}
SspPrint((SSP_API, "Leaving NtLmQueryDynamicGlobals\n"));
return;
}
VOID
NtLmQueryMappedDomains(
VOID
)
{
HKEY KeyHandle; // open registry key to Lsa\MSV1_0
LONG RegStatus;
DWORD RegValueType;
WCHAR RegDomainName[DNS_MAX_NAME_LENGTH+1];
DWORD RegDomainSize;
//
// register the workitem that waits for the RegChangeNotifyEvent
// to be signalled. This supports dynamic refresh of configuration
// parameters.
//
NtLmGlobalRegChangeNotifyEvent = CreateEvent( NULL, FALSE, FALSE, NULL );
//
// query the globals once prior to registering the wait
// if a registry change occurs, the globals will be re-read by the worker
// thread.
//
NtLmQueryDynamicGlobals( NULL, FALSE );
NtLmGlobalRegWaitObject = RegisterWaitForSingleObjectEx(
NtLmGlobalRegChangeNotifyEvent,
NtLmQueryDynamicGlobals,
NULL,
INFINITE,
0 // dwFlags
);
KeyHandle = NtLmGlobalLsaMsv1_0Key;
if( KeyHandle == NULL )
return;
//
// we only support loading the following globals once during initialization;
// they are not re-read until next reboot.
//
//
// Check the registry for a domain name to map
//
RegDomainSize = sizeof( RegDomainName );
RegStatus = RegQueryValueExW(
KeyHandle,
L"MappedDomain",
NULL,
&RegValueType,
(PUCHAR) RegDomainName,
&RegDomainSize
);
if (RegStatus == ERROR_SUCCESS && RegDomainSize <= 0xFFFF) {
NtLmLocklessGlobalMappedDomainString.Length = (USHORT)(RegDomainSize - sizeof(WCHAR));
NtLmLocklessGlobalMappedDomainString.MaximumLength = (USHORT)RegDomainSize;
NtLmLocklessGlobalMappedDomainString.Buffer = (PWSTR)NtLmAllocate( RegDomainSize );
if( NtLmLocklessGlobalMappedDomainString.Buffer != NULL )
CopyMemory( NtLmLocklessGlobalMappedDomainString.Buffer,
RegDomainName,
RegDomainSize );
} else {
RtlInitUnicodeString(
&NtLmLocklessGlobalMappedDomainString,
NULL
);
}
//
// Check the registry for a domain name to use
//
RegDomainSize = sizeof( RegDomainName );
RegStatus = RegQueryValueExW(
KeyHandle,
L"PreferredDomain",
NULL,
&RegValueType,
(PUCHAR) RegDomainName,
&RegDomainSize
);
if (RegStatus == ERROR_SUCCESS && RegDomainSize <= 0xFFFF) {
NtLmLocklessGlobalPreferredDomainString.Length = (USHORT)(RegDomainSize - sizeof(WCHAR));
NtLmLocklessGlobalPreferredDomainString.MaximumLength = (USHORT)RegDomainSize;
NtLmLocklessGlobalPreferredDomainString.Buffer = (PWSTR)NtLmAllocate( RegDomainSize );
if( NtLmLocklessGlobalPreferredDomainString.Buffer != NULL )
CopyMemory( NtLmLocklessGlobalPreferredDomainString.Buffer,
RegDomainName,
RegDomainSize );
} else {
RtlInitUnicodeString(
&NtLmLocklessGlobalPreferredDomainString,
NULL
);
}
return;
}
VOID
NtLmFreeMappedDomains(
VOID
)
{
if( NtLmGlobalRegWaitObject )
UnregisterWait( NtLmGlobalRegWaitObject );
if( NtLmGlobalRegChangeNotifyEvent )
CloseHandle( NtLmGlobalRegChangeNotifyEvent );
if( NtLmLocklessGlobalMappedDomainString.Buffer ) {
NtLmFree( NtLmLocklessGlobalMappedDomainString.Buffer );
NtLmLocklessGlobalMappedDomainString.Buffer = NULL;
}
if( NtLmLocklessGlobalPreferredDomainString.Buffer ) {
NtLmFree( NtLmLocklessGlobalPreferredDomainString.Buffer );
NtLmLocklessGlobalPreferredDomainString.Buffer = NULL;
}
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -