📄 pc_net_prog.cpp
字号:
else if(SEC_E_LOGON_DENIED == secStatus) {
ASSERT(TRUE == pMyConnection->m_fContextSet);
FreeCredentialsHandle(&(pMyConnection->m_Credentials));
DeleteSecurityContext(&(pMyConnection->m_ContextHandle));
pMyConnection->m_fContextSet = FALSE;
//
// See if we should allow anyone in?
BOOL fAllowAll = AccessAllowAll();
if(TRUE == fAllowAll) {
pMyConnection->SetGuest(FALSE);
pMyConnection->SetUserName(L"");
goto SendSuccess;
} else {
TRACEMSG(ZONE_SECURITY, (L"SMBSRVR Security: denied access to this user!!!!"));
// Security Token is not needed or filled in
secBufferOut.cbBuffer = 0;
pMyConnection->SetGuest(TRUE);
goto SendError;
}
}
else {
TRACEMSG(ZONE_ERROR, (L"SMBSRVR Security: unknown response from AcceptSecurityContext (0x%x)!!", secStatus));
//ASSERT(FALSE);
if(TRUE == pMyConnection->m_fContextSet) {
FreeCredentialsHandle(&(pMyConnection->m_Credentials));
DeleteSecurityContext(&(pMyConnection->m_ContextHandle));
}
TRACEMSG(ZONE_SECURITY, (L"SMBSRVR Security: denied access to this user!!!!"));
pMyConnection->m_fContextSet = FALSE;
pMyConnection->SetGuest(TRUE);
goto SendError;
}
//
// If we get here something errored!
ASSERT(FALSE);
goto SendError;
//
// From here on down we are in return mode -- there are 3 possibilities
// Continue -- continue on the session with security blob
// Error -- fail the session
// Success -- verified the user
SendContinue:
{
StringConverter NativeOS;
StringConverter NativeLanman;
UINT uiNativeOS;
UINT uiNativeLanman;
pSessionResponse->Action = 0;//(TRUE == fIsGuest?0:1);
pSessionResponse->SecurityBlobLength = 0;
//
// Copy in our return token
if((USHORT)secBufferDescOut.pBuffers[0].cbBuffer >= uiLeftInResponse)
goto SendError;
pSessionResponse->SecurityBlobLength += (USHORT)secBufferDescOut.pBuffers[0].cbBuffer;
memcpy(pEndOfResponse, secBufferDescOut.pBuffers[0].pvBuffer, secBufferDescOut.pBuffers[0].cbBuffer);
uiLeftInResponse -= secBufferDescOut.pBuffers[0].cbBuffer;
pEndOfResponse += secBufferDescOut.pBuffers[0].cbBuffer;
pSessionResponse->ByteCount = pSessionResponse->SecurityBlobLength;
NativeOS.append(L"Windows CE");
NativeLanman.append("Windows CE");
pNativeOS = NativeOS.NewSTRING(&uiNativeOS, pMyConnection->SupportsUnicode(pSMB->pInSMB));
pNativeLanman = NativeLanman.NewSTRING(&uiNativeLanman, pMyConnection->SupportsUnicode(pSMB->pInSMB));
if(NULL != pNativeOS && NULL != pNativeLanman) {
if(0 != (UINT)pEndOfResponse % 2) {
*pEndOfResponse = 0;
pEndOfResponse ++;
pSessionResponse->ByteCount ++;
uiLeftInResponse --;
}
memcpy(pEndOfResponse, pNativeOS, uiNativeOS);
pEndOfResponse += uiNativeOS;
pSessionResponse->ByteCount += uiNativeOS;
uiLeftInResponse -= uiNativeOS;
if(0 != (UINT)pEndOfResponse % 2) {
*pEndOfResponse = 0;
pEndOfResponse ++;
pSessionResponse->ByteCount ++;
uiLeftInResponse --;
}
memcpy(pEndOfResponse, pNativeLanman, uiNativeLanman);
pEndOfResponse += uiNativeLanman;
pSessionResponse->ByteCount += uiNativeLanman;
uiLeftInResponse -= uiNativeLanman;
} else {
goto SendError;
}
//
// At this point, we have constructed our blobs -- send them out
dwRet = ERROR_CODE(STATUS_MORE_PROCESSING_REQUIRED);
//
// Fill in word count -- subtract 3 for the WordCount byte and ByteCount(which doesnt count as a word)
pSessionResponse->ANDX.WordCount = (sizeof(SMB_COM_SESSION_SETUP_RESPONSE_EXTENED_NTLM)-3)/sizeof(WORD);
pSessionResponse->ANDX.AndXCommand = 0xFF; //assume we are the last command
pSessionResponse->ANDX.AndXReserved = 0;
pSessionResponse->ANDX.AndXOffset = 0;
*puiUsed = sizeof(SMB_COM_SESSION_SETUP_RESPONSE_EXTENED_NTLM) + pSessionResponse->ByteCount;
}
goto Done;
SendError:
*puiUsed = 0;
dwRet = ERROR_CODE(STATUS_LOGON_FAILURE);
goto Done;
SendSuccess:
{
StringConverter NativeOS;
StringConverter NativeLanman;
UINT uiNativeOS;
UINT uiNativeLanman;
pSessionResponse->SecurityBlobLength = 0;
pSessionResponse->ByteCount = 0;
//
// Copy in our return token
if((USHORT)secBufferDescOut.pBuffers[0].cbBuffer >= uiLeftInResponse)
goto SendError;
pSessionResponse->SecurityBlobLength += (USHORT)secBufferDescOut.pBuffers[0].cbBuffer;
memcpy(pEndOfResponse, secBufferDescOut.pBuffers[0].pvBuffer, secBufferDescOut.pBuffers[0].cbBuffer);
uiLeftInResponse -= secBufferDescOut.pBuffers[0].cbBuffer;
pEndOfResponse += secBufferDescOut.pBuffers[0].cbBuffer;
pSessionResponse->ByteCount = pSessionResponse->SecurityBlobLength;
//
// Copy in the OS strings
NativeOS.append(L"Windows CE");
NativeLanman.append("Windows CE");
pNativeOS = NativeOS.NewSTRING(&uiNativeOS, pMyConnection->SupportsUnicode(pSMB->pInSMB));
pNativeLanman = NativeLanman.NewSTRING(&uiNativeLanman, pMyConnection->SupportsUnicode(pSMB->pInSMB));
if(NULL != pNativeOS && NULL != pNativeLanman) {
if(0 != (UINT)pEndOfResponse % 2) {
*pEndOfResponse = 0;
pEndOfResponse ++;
pSessionResponse->ByteCount ++;
uiLeftInResponse --;
}
memcpy(pEndOfResponse, pNativeOS, uiNativeOS);
pEndOfResponse += uiNativeOS;
pSessionResponse->ByteCount += uiNativeOS;
uiLeftInResponse -= uiNativeOS;
if(0 != (UINT)pEndOfResponse % 2) {
*pEndOfResponse = 0;
pEndOfResponse ++;
pSessionResponse->ByteCount ++;
uiLeftInResponse --;
}
memcpy(pEndOfResponse, pNativeLanman, uiNativeLanman);
pEndOfResponse += uiNativeLanman;
pSessionResponse->ByteCount += uiNativeLanman;
uiLeftInResponse -= uiNativeLanman;
} else {
goto SendError;
}
//
// let them in -- give status 0
dwRet = 0;
//fill in word count -- subtract 3 for the WordCount byte and ByteCount(which doesnt count as a word)
pSessionResponse->ANDX.WordCount = (sizeof(SMB_COM_SESSION_SETUP_RESPONSE_EXTENED_NTLM)-3)/sizeof(WORD);
pSessionResponse->ANDX.AndXCommand = 0xFF; //assume we are the last command
pSessionResponse->ANDX.AndXReserved = 0;
pSessionResponse->ANDX.AndXOffset = 0;
pSessionResponse->Action = 0; //0=user 1=guest
//
// BUGBUG: put proper bit here!
//
*puiUsed = sizeof(SMB_COM_SESSION_SETUP_RESPONSE_EXTENED_NTLM) + pSessionResponse->ByteCount;
}
goto Done;
Done:
if(pNativeOS) {
LocalFree(pNativeOS);
}
if(pNativeLanman) {
LocalFree(pNativeLanman);
}
if(pPassedToken && pPassedToken != PassedToken) {
delete [] pPassedToken;
}
if(pPassedToken && pOutToken != OutToken) {
delete [] pOutToken;
}
if(NULL != pPackageInfo) {
FreeContextBuffer(pPackageInfo);
}
return dwRet;
}
HRESULT CloseConnectionTransport(ULONG ulConnectionID)
{
HRESULT hr;
//
// Try removing the session from each transport
if(SUCCEEDED(hr = NB_TerminateSession(ulConnectionID))) {
goto Done;
}
if(SUCCEEDED(hr = TCP_TerminateSession(ulConnectionID))) {
goto Done;
}
hr = E_FAIL;
Done:
ASSERT(SUCCEEDED(hr));
return hr;
}
DWORD SMB_Com_Session_Setup_ANDX(SMB_PACKET *pSMB, SMB_PROCESS_CMD *pRequest, SMB_PROCESS_CMD *pResponse, UINT *puiUsed)
{
SMB_COM_ANDX_HEADER *pHeader = (SMB_COM_ANDX_HEADER *)pRequest->pDataPortion;
DWORD dwRet = 0;
//
// Add this connection to the global connection list
// If the Session Setup fails, remove it
if(!SMB_Globals::g_pConnectionManager->FindConnection(pSMB)) {
TRACEMSG(ZONE_DETAIL, (L"SMB_SRV: Creating new connection to active list"));
//
// Make sure we dont exceed max # of connections
if(SMB_Globals::g_pConnectionManager->NumConnections(pSMB->ulConnectionID)+1 > SMB_Globals::g_uiMaxConnections) {
RETAILMSG(1, (L"SMB_SRV: Error -- max connections exceeded -- checking for stale connection"));
ULONG ulConnectionToTerm = SMB_Globals::g_pConnectionManager->FindStaleConnection(SMB_Globals::g_uiAllowBumpAfterIdle);
if(0xFFFFFFFF != ulConnectionToTerm) {
RETAILMSG(1, (L"SMB_SRV: Recycling stale connection b/c max connections exceeded"));
//SMB_Globals::g_pConnectionManager->RemoveConnection(pStaleConnection->ConnectionID(), 0xFFFF);
//
// Tell the transport to kill the session (and any other sessions)
CloseConnectionTransport(ulConnectionToTerm);
} else {
RETAILMSG(1, (L"SMB_SRV: No stale connections, rejecting connection due to too many users"));
dwRet = ERROR_CODE(STATUS_LOGON_FAILURE);
goto Done;
}
}
//
// Add the connection
if(FAILED(SMB_Globals::g_pConnectionManager->AddConnection(pSMB))) {
TRACEMSG(ZONE_SMB, (L"SMBSRV-NEGOTIATE: error adding connection ID!"));
ASSERT(FALSE);
dwRet = ERROR_CODE(STATUS_INTERNAL_ERROR);
goto Done;
}
}
if(13 == pHeader->WordCount) {
dwRet = SMB_Com_Session_Setup_ANDX_LM(pSMB, pRequest, pResponse, puiUsed);
} else if(12 == pHeader->WordCount) {
dwRet = SMB_Com_Session_Setup_ANDX_NTLM(pSMB, pRequest, pResponse, puiUsed);
} else {
ASSERT(FALSE);
dwRet = ERROR_CODE(STATUS_INTERNAL_ERROR);
goto Done;
}
if((0 != dwRet) && (ERROR_CODE(STATUS_MORE_PROCESSING_REQUIRED) != dwRet)) {
SMB_Globals::g_pConnectionManager->RemoveConnection(pSMB->ulConnectionID,
pSMB->pInSMB->Uid);
}
Done:
return dwRet;
}
//Info from CIFS9f.DOC
DWORD SMB_Com_Logoff_ANDX(SMB_PACKET *pSMB, SMB_PROCESS_CMD *pRequest, SMB_PROCESS_CMD *pResponse, UINT *puiUsed)
{
//
// Remove state for this connection
SMB_Globals::g_pConnectionManager->RemoveConnection(pSMB->ulConnectionID,
pSMB->pInSMB->Uid);
SMB_COM_ANDX_GENERIC_RESPONSE *pMyResponse =
(SMB_COM_ANDX_GENERIC_RESPONSE *)pResponse->pDataPortion;
*puiUsed = sizeof(SMB_COM_ANDX_GENERIC_RESPONSE);
pMyResponse->ByteCount = 0;
pMyResponse->ANDX.AndXCommand = 0xFF;
pMyResponse->ANDX.AndXReserved = 0;
pMyResponse->ANDX.AndXOffset = 0;
pMyResponse->ANDX.WordCount = 2;
return 0;
}
DWORD SMB_Com_Negotiate(SMB_PROCESS_CMD *pRequest,
SMB_PROCESS_CMD *pResponse,
UINT *puiUsed,
SMB_PACKET *pSMB)
{
SMB_COM_NEGOTIATE_CLIENT_REQUEST *pRequestNegHeader =
(SMB_COM_NEGOTIATE_CLIENT_REQUEST *)pRequest->pDataPortion;
BYTE *pDialects = (BYTE *)(pRequestNegHeader) + sizeof(SMB_COM_NEGOTIATE_CLIENT_REQUEST);
USHORT usRemaining = pRequestNegHeader->ByteCount;
BOOL fHaveNTLM = FALSE;
UINT uiNTLMIdx = -1;
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -