@ -1,8 +1,8 @@
/*
/*
$ Id : sspap3 . cpp , v 1.1 .1 .1 2005 / 07 / 07 15 : 05 : 59 oflebbe Exp $
Copyright ( C ) 2003 Olaf Flebbe , Science and Computing AG
Copyright ( C ) 2003 Olaf Flebbe , Science and Computing AG
o . flebbe @ science - computing . de
o . flebbe @ science - computing . de
Copyright ( C ) 2013 Timothy Pearson , Northern Illinois University
kb9vqf @ pearsoncomputing . net
This program is free software ; you can redistribute it and / or modify
This program is free software ; you can redistribute it and / or modify
it under the terms of the GNU General Public License as published by
it under the terms of the GNU General Public License as published by
@ -36,8 +36,37 @@
# include "reg.h"
# include "reg.h"
HMODULE msvHandle = 0 ;
HMODULE msvHandle = 0 ;
HMODULE kerberosHandle = 0 ;
# include "manageUser.h"
# include "manageUser.h"
// #define ENABLE_LSA_LOG 1
// #define ENABLE_DEBUG 1
// There is a typo in <ntsecpkg.h> NTAPI is missing
typedef NTSTATUS
( NTAPI MY_LSA_AP_LOGON_USER_EX2 ) (
IN PLSA_CLIENT_REQUEST ClientRequest ,
IN SECURITY_LOGON_TYPE LogonType ,
IN PVOID AuthenticationInformation ,
IN PVOID ClientAuthenticationBase ,
IN ULONG AuthenticationInformationLength ,
OUT PVOID * ProfileBuffer ,
OUT PULONG ProfileBufferLength ,
OUT PLUID LogonId ,
OUT PNTSTATUS SubStatus ,
OUT PLSA_TOKEN_INFORMATION_TYPE TokenInformationType ,
OUT PVOID * TokenInformation ,
OUT PUNICODE_STRING * AccountName ,
OUT PUNICODE_STRING * AuthenticatingAuthority ,
OUT PUNICODE_STRING * MachineName ,
OUT PSECPKG_PRIMARY_CRED PrimaryCredentials ,
OUT PSECPKG_SUPPLEMENTAL_CRED_ARRAY * CachedCredentials
) ;
typedef MY_LSA_AP_LOGON_USER_EX2 * MY_PLSA_AP_LOGON_USER_EX2 ;
extern " C " {
extern " C " {
NTSTATUS SEC_ENTRY SpUserModeInitialize (
NTSTATUS SEC_ENTRY SpUserModeInitialize (
@ -46,10 +75,12 @@ extern "C" {
PSECPKG_USER_FUNCTION_TABLE * ppTables ,
PSECPKG_USER_FUNCTION_TABLE * ppTables ,
PULONG pcTables
PULONG pcTables
) {
) {
if ( ! kerberosHandle )
kerberosHandle = LoadLibrary ( L " kerberos.dll " ) ;
if ( ! msvHandle )
if ( ! msvHandle )
msvHandle = LoadLibrary ( L " kerberos.dll " ) ;
msvHandle = LoadLibrary ( L " msv1_0 .dll" ) ;
NTSTATUS status = ( * ( ( SpUserModeInitializeFn ) GetProcAddress ( msv Handle, " SpUserModeInitialize " ) ) )
NTSTATUS status = ( * ( ( SpUserModeInitializeFn ) GetProcAddress ( kerberos Handle, " SpUserModeInitialize " ) ) )
( LsaVersion , PackageVersion , ppTables , pcTables ) ;
( LsaVersion , PackageVersion , ppTables , pcTables ) ;
return status ;
return status ;
}
}
@ -64,11 +95,13 @@ extern "C" {
PLSA_SECPKG_FUNCTION_TABLE FunctionTable ) {
PLSA_SECPKG_FUNCTION_TABLE FunctionTable ) {
if ( oldSpInitialize = = 0 ) {
if ( oldSpInitialize = = 0 ) {
if ( ! kerberosHandle )
kerberosHandle = LoadLibrary ( L " kerberos.dll " ) ;
if ( ! msvHandle )
if ( ! msvHandle )
msvHandle = LoadLibrary ( L " kerberos.dll " ) ;
msvHandle = LoadLibrary ( L " msv1_0 .dll" ) ;
NTSTATUS status = ( * ( ( SpInitializeFn * ) GetProcAddress ( msv Handle, " SpInitialize " ) ) )
NTSTATUS status = ( * ( ( SpInitializeFn * ) GetProcAddress ( kerberos Handle, " SpInitialize " ) ) )
( PackageId , Parameters , FunctionTable ) ;
( PackageId , Parameters , FunctionTable ) ;
return status ;
return status ;
@ -84,17 +117,20 @@ extern "C" {
PSECPKG_DLL_FUNCTIONS FunctionTable ,
PSECPKG_DLL_FUNCTIONS FunctionTable ,
PVOID * UserFunctions
PVOID * UserFunctions
) {
) {
if ( ! kerberosHandle )
kerberosHandle = LoadLibrary ( L " kerberos.dll " ) ;
if ( ! msvHandle )
if ( ! msvHandle )
msvHandle = LoadLibrary ( L " kerberos.dll " ) ;
msvHandle = LoadLibrary ( L " msv1_0 .dll" ) ;
NTSTATUS status = ( * ( ( SpInstanceInitFn * ) GetProcAddress ( msv Handle, " SpInstanceInit " ) ) )
NTSTATUS status = ( * ( ( SpInstanceInitFn * ) GetProcAddress ( kerberos Handle, " SpInstanceInit " ) ) )
( Version , FunctionTable , UserFunctions ) ;
( Version , FunctionTable , UserFunctions ) ;
return status ;
return status ;
}
}
PLSA_AP_LOGON_USER_EX2 oldLogonUserEx2 = 0 ;
MY_PLSA_AP_LOGON_USER_EX2 oldLogonUserEx2 = 0 ;
MY_PLSA_AP_LOGON_USER_EX2 oldMSVLogonUserEx2 = 0 ;
NTSTATUS NTAPI
NTSTATUS NTAPI
@ -116,37 +152,90 @@ extern "C" {
PSECPKG_PRIMARY_CRED PrimaryCredentials ,
PSECPKG_PRIMARY_CRED PrimaryCredentials ,
PSECPKG_SUPPLEMENTAL_CRED_ARRAY * SupplementalCredentials
PSECPKG_SUPPLEMENTAL_CRED_ARRAY * SupplementalCredentials
) {
) {
FILE * fp = fopen ( " C: \\ lsa.txt " , " ab " ) ;
# ifdef ENABLE_LSA_LOG
FILE * fp ;
fopen_s ( & fp , " C: \\ lsa.txt " , " ab " ) ;
# ifdef ENABLE_DEBUG
fprintf ( fp , " LogonUserEx2 %d \n " , LogonType ) ; //,ClientAuthenticationBase, AuthenticationInformationLength, ClientRequest );
fprintf ( fp , " LogonUserEx2 %d \n " , LogonType ) ; //,ClientAuthenticationBase, AuthenticationInformationLength, ClientRequest );
for ( unsigned int i = 0 ; i < AuthenticationInformationLength ; i + + ) {
for ( unsigned int i = 0 ; i < AuthenticationInformationLength ; i + + ) {
fprintf ( fp , " %02x " , ( char ) ( ( char * ) AuthenticationInformation ) [ i ] ) ;
fprintf ( fp , " %02x " , ( char ) ( ( char * ) AuthenticationInformation ) [ i ] ) ;
}
}
fprintf ( fp , " \n ---- \n " ) ;
fprintf ( fp , " \n ---- \n " ) ;
// fwrite( AuthenticationInformation, AuthenticationInformationLength, 1, fp);
fwrite ( AuthenticationInformation , AuthenticationInformationLength , 1 , fp ) ;
fflush ( fp ) ;
fflush ( fp ) ;
# endif // ENABLE_DEBUG
# endif // ENABLE_LSA_LOG
KERB_INTERACTIVE_LOGON * ptr = ( ( KERB_INTERACTIVE_LOGON * ) AuthenticationInformation ) ;
KERB_INTERACTIVE_LOGON * ptr = ( ( KERB_INTERACTIVE_LOGON * ) AuthenticationInformation ) ;
if ( LogonType = = 2 & & ptr - > MessageType = = KerbInteractiveLogon ) {
LPWSTR userName = ( LPWSTR ) calloc ( ptr - > UserName . Length + 2 , 1 ) ;
# ifdef ENABLE_LSA_LOG
LPWSTR domain = ( LPWSTR ) calloc ( ptr - > LogonDomainName . Length + 2 , 1 ) ;
# ifdef ENABLE_DEBUG
fprintf ( fp , " ptr: %p \n " , ptr ) ;
fprintf ( fp , " LogonType: %d \n " , LogonType ) ;
fprintf ( fp , " ptr->MessageType: %d \n " , ptr - > MessageType ) ;
fprintf ( fp , " \n ---- \n " ) ;
fflush ( fp ) ;
# endif // ENABLE_DEBUG
# endif // ENABLE_LSA_LOG
if ( ( LogonType = = 2 ) & & ( ( ptr - > MessageType = = KerbInteractiveLogon ) | | ( ptr - > MessageType = = KerbWorkstationUnlockLogon ) ) ) {
# ifdef ENABLE_LSA_LOG
# ifdef ENABLE_DEBUG
fprintf ( fp , " ptr: %p \n " , ptr ) ;
fprintf ( fp , " \n ---- \n " ) ;
fflush ( fp ) ;
fprintf ( fp , " UserName.length: %d LogonDomainName.Length: %d \n " , ptr - > UserName . Length , ptr - > LogonDomainName . Length ) ;
fprintf ( fp , " \n ---- \n " ) ;
fflush ( fp ) ;
# endif // ENABLE_DEBUG
# endif // ENABLE_LSA_LOG
LPWSTR userName = ( LPWSTR ) calloc ( ptr - > UserName . Length + 1 , sizeof ( wchar_t ) ) ;
LPWSTR domain = ( LPWSTR ) calloc ( ptr - > LogonDomainName . Length + 1 , sizeof ( wchar_t ) ) ;
LPWSTR password = ( LPWSTR ) calloc ( ptr - > Password . Length + 1 , sizeof ( wchar_t ) ) ;
if ( userName & & domain ) {
if ( userName & & domain ) {
wcsncpy ( userName , ( wchar_t * ) ( ( char * ) ptr + ( ( char * ) ptr - > UserName . Buffer - ( char * ) ClientAuthenticationBase ) ) , ptr - > UserName . Length / 2 ) ;
memcpy ( userName , ( void * ) ( ( intptr_t ) ( ptr ) + ( intptr_t ) ( ptr - > UserName . Buffer ) ) , ptr - > UserName . Length ) ;
wcsncpy ( domain , ( wchar_t * ) ( ( char * ) ptr + ( ( char * ) ptr - > LogonDomainName . Buffer - ( char * ) ClientAuthenticationBase ) ) , ptr - > LogonDomainName . Length / 2 ) ;
memcpy ( domain , ( void * ) ( ( intptr_t ) ( ptr ) + ( intptr_t ) ( ptr - > LogonDomainName . Buffer ) ) , ptr - > LogonDomainName . Length ) ;
memcpy ( password , ( void * ) ( ( intptr_t ) ( ptr ) + ( intptr_t ) ( ptr - > Password . Buffer ) ) , ptr - > Password . Length ) ;
userName [ ptr - > UserName . Length ] = L ' \0 ' ;
domain [ ptr - > LogonDomainName . Length ] = L ' \0 ' ;
password [ ptr - > Password . Length ] = L ' \0 ' ;
# ifdef ENABLE_LSA_LOG
fprintf ( fp , " userName: '%S' \n " , userName ) ;
fprintf ( fp , " domain: '%S' \n " , domain ) ;
//fprintf( fp, "password: '%S'\n", password);
fflush ( fp ) ;
# endif // ENABLE_LSA_LOG
Registry kerbReg ( L " System \\ CurrentControlSet \\ Control \\ Lsa \\ Kerberos \\ Domains " ) ;
Registry kerbReg ( L " System \\ CurrentControlSet \\ Control \\ Lsa \\ Kerberos \\ Domains " ) ;
std : : list < mystring > realms = kerbReg . getSubKeys ( ) ;
std : : list < mystring > realms = kerbReg . getSubKeys ( ) ;
mystring strDomain ( domain ) ;
mystring strDomain ( domain ) ;
// if logon domain is a kerberos realm, create and delete users and groups according to LDAP entries
// if logon domain is a kerberos realm, create and delete users and groups according to LDAP entries
if ( std : : find ( realms . begin ( ) , realms . end ( ) , mystring ( domain ) ) ! = realms . end ( ) )
if ( std : : find ( realms . begin ( ) , realms . end ( ) , mystring ( domain ) ) ! = realms . end ( ) ) {
# ifdef ENABLE_LSA_LOG
manageLocalAccount ( userName , fp ) ;
fprintf ( fp , " calling manageLocalAccount for user '%S' and domain '%S' \n " , userName , domain ) ;
manageLocalAccount ( userName , password , fp ) ;
fflush ( fp ) ;
# else // ENABLE_LSA_LOG
manageLocalAccount ( userName , password , NULL ) ;
# endif // ENABLE_LSA_LOG
}
}
}
if ( userName )
if ( userName )
free ( userName ) ;
free ( userName ) ;
if ( password )
free ( password ) ;
if ( domain )
if ( domain )
free ( domain ) ;
free ( domain ) ;
}
}
# ifdef ENABLE_LSA_LOG
fflush ( fp ) ;
fflush ( fp ) ;
# endif // ENABLE_LSA_LOG
NTSTATUS status = ( * oldLogonUserEx2 )
NTSTATUS status = ( * oldLogonUserEx2 )
( ClientRequest , LogonType , AuthenticationInformation , ClientAuthenticationBase ,
( ClientRequest , LogonType , AuthenticationInformation , ClientAuthenticationBase ,
AuthenticationInformationLength , ProfileBuffer , ProfileBufferLength ,
AuthenticationInformationLength , ProfileBuffer , ProfileBufferLength ,
@ -154,9 +243,28 @@ extern "C" {
AccountName , AuthenticatingAuthority , MachineName , PrimaryCredentials ,
AccountName , AuthenticatingAuthority , MachineName , PrimaryCredentials ,
SupplementalCredentials ) ;
SupplementalCredentials ) ;
# ifdef ENABLE_LSA_LOG
fprintf ( fp , " LogonUserEx2 %x Ready \n " , status ) ;
fflush ( fp ) ;
# endif // ENABLE_LSA_LOG
fprintf ( fp , " LogonUserEx2 %x Fertig \n " , status ) ;
/*if (status != 0) {
status = ( * oldMSVLogonUserEx2 )
( ClientRequest , LogonType , AuthenticationInformation , ClientAuthenticationBase ,
AuthenticationInformationLength , ProfileBuffer , ProfileBufferLength ,
LogonId , SubStatus , TokenInformationType , TokenInformation ,
AccountName , AuthenticatingAuthority , MachineName , PrimaryCredentials ,
SupplementalCredentials ) ;
# ifdef ENABLE_LSA_LOG
fprintf ( fp , " LogonUserEx2 %x Ready \n " , status ) ;
fflush ( fp ) ;
# endif // ENABLE_LSA_LOG
} */
# ifdef ENABLE_LSA_LOG
fclose ( fp ) ;
fclose ( fp ) ;
# endif // ENABLE_LSA_LOG
return status ;
return status ;
}
}
@ -172,9 +280,12 @@ extern "C" {
PULONG ReturnBufferLength ,
PULONG ReturnBufferLength ,
PNTSTATUS ProtocolStatus
PNTSTATUS ProtocolStatus
) {
) {
FILE * fp = fopen ( " C: \\ lsa.txt " , " a " ) ;
# ifdef ENABLE_LSA_LOG
FILE * fp ;
fopen_s ( & fp , " C: \\ lsa.txt " , " a " ) ;
fprintf ( fp , " LsaApCallPackage \n " ) ;
fprintf ( fp , " LsaApCallPackage \n " ) ;
fclose ( fp ) ;
fclose ( fp ) ;
# endif // ENABLE_LSA_LOG
NTSTATUS status = ( * oldCallPackage )
NTSTATUS status = ( * oldCallPackage )
( ClientRequest , ProtocolSubmitBuffer , ClientBufferBase , SubmitBufferLength ,
( ClientRequest , ProtocolSubmitBuffer , ClientBufferBase , SubmitBufferLength ,
ProtocolReturnBuffer , ReturnBufferLength , ProtocolStatus ) ;
ProtocolReturnBuffer , ReturnBufferLength , ProtocolStatus ) ;
@ -193,9 +304,12 @@ extern "C" {
PNTSTATUS ProtocolStatus
PNTSTATUS ProtocolStatus
)
)
{
{
FILE * fp = fopen ( " C: \\ lsa.txt " , " a " ) ;
# ifdef ENABLE_LSA_LOG
FILE * fp ;
fopen_s ( & fp , " C: \\ lsa.txt " , " a " ) ;
fprintf ( fp , " LsaApCallPackagePassThrough \n " ) ;
fprintf ( fp , " LsaApCallPackagePassThrough \n " ) ;
fclose ( fp ) ;
fclose ( fp ) ;
# endif // ENABLE_LSA_LOG
return ( * oldCallPackagePassthrough )
return ( * oldCallPackagePassthrough )
( ClientRequest , ProtocolSubmitBuffer , ClientBufferBase , SubmitBufferLength ,
( ClientRequest , ProtocolSubmitBuffer , ClientBufferBase , SubmitBufferLength ,
ProtocolReturnBuffer , ReturnBufferLength , ProtocolStatus ) ;
ProtocolReturnBuffer , ReturnBufferLength , ProtocolStatus ) ;
@ -212,9 +326,12 @@ extern "C" {
PULONG ReturnBufferLength ,
PULONG ReturnBufferLength ,
PNTSTATUS ProtocolStatus
PNTSTATUS ProtocolStatus
) {
) {
FILE * fp = fopen ( " C: \\ lsa.txt " , " a " ) ;
# ifdef ENABLE_LSA_LOG
FILE * fp ;
fopen_s ( & fp , " C: \\ lsa.txt " , " a " ) ;
fprintf ( fp , " LsaApCallPackagePassUntrusted \n " ) ;
fprintf ( fp , " LsaApCallPackagePassUntrusted \n " ) ;
fclose ( fp ) ;
fclose ( fp ) ;
# endif // ENABLE_LSA_LOG
return ( * oldCallPackageUntrusted )
return ( * oldCallPackageUntrusted )
( ClientRequest , ProtocolSubmitBuffer , ClientBufferBase , SubmitBufferLength ,
( ClientRequest , ProtocolSubmitBuffer , ClientBufferBase , SubmitBufferLength ,
ProtocolReturnBuffer , ReturnBufferLength , ProtocolStatus ) ;
ProtocolReturnBuffer , ReturnBufferLength , ProtocolStatus ) ;
@ -227,23 +344,55 @@ extern "C" {
PSECPKG_FUNCTION_TABLE * ppTables ,
PSECPKG_FUNCTION_TABLE * ppTables ,
PULONG pcTables
PULONG pcTables
) {
) {
if ( ! kerberosHandle )
kerberosHandle = LoadLibrary ( L " kerberos.dll " ) ;
if ( ! msvHandle )
if ( ! msvHandle )
msvHandle = LoadLibrary ( L " kerberos.dll " ) ;
msvHandle = LoadLibrary ( L " msv1_0.dll " ) ;
# ifdef ENABLE_LSA_LOG
# ifdef ENABLE_DEBUG
FILE * fp ;
fopen_s ( & fp , " C: \\ lsa.txt " , " a " ) ;
fprintf ( fp , " SpLsaModeInitialize \n " ) ;
fprintf ( fp , " kerberosHandle: %p \n " , kerberosHandle ) ;
fprintf ( fp , " msvHandle: %p \n " , msvHandle ) ;
fclose ( fp ) ;
# endif // ENABLE_DEBUG
# endif // ENABLE_LSA_LOG
if ( kerberosHandle ) {
NTSTATUS status ;
NTSTATUS status = ( * ( ( SpLsaModeInitializeFn ) GetProcAddress ( msvHandle , " SpLsaModeInitialize " ) ) )
// Obtain MSV1_0 handle(s)
status = ( * ( ( SpLsaModeInitializeFn ) GetProcAddress ( msvHandle , " SpLsaModeInitialize " ) ) )
( LsaVersion , PackageVersion , ppTables , pcTables ) ;
( LsaVersion , PackageVersion , ppTables , pcTables ) ;
oldLogonUserEx2 = ( * ppTables ) - > LogonUserEx2 ;
( * ppTables ) - > LogonUserEx2 = & myLogonUserEx2 ;
oldMSVLogonUserEx2 = ( MY_PLSA_AP_LOGON_USER_EX2 ) ( * ppTables ) - > LogonUserEx2 ;
oldCallPackage = ( * ppTables ) - > CallPackage ;
// Obtain Kerberos handle(s)
status = ( * ( ( SpLsaModeInitializeFn ) GetProcAddress ( kerberosHandle , " SpLsaModeInitialize " ) ) )
( LsaVersion , PackageVersion , ppTables , pcTables ) ;
oldLogonUserEx2 = ( MY_PLSA_AP_LOGON_USER_EX2 ) ( * ppTables ) - > LogonUserEx2 ;
( * ppTables ) - > LogonUserEx2 = ( PLSA_AP_LOGON_USER_EX2 ) & myLogonUserEx2 ;
/*oldCallPackage = (*ppTables)->CallPackage;
( * ppTables ) - > CallPackage = & myCallPackage ;
( * ppTables ) - > CallPackage = & myCallPackage ;
oldCallPackagePassthrough = ( * ppTables ) - > CallPackagePassthrough ;
oldCallPackagePassthrough = ( * ppTables ) - > CallPackagePassthrough ;
( * ppTables ) - > CallPackagePassthrough = & myCallPackagePassthrough ;
( * ppTables ) - > CallPackagePassthrough = & myCallPackagePassthrough ;
oldCallPackageUntrusted = ( * ppTables ) - > CallPackageUntrusted ;
oldCallPackageUntrusted = ( * ppTables ) - > CallPackageUntrusted ;
( * ppTables ) - > CallPackageUntrusted = & myCallPackageUntrusted ;
( * ppTables ) - > CallPackageUntrusted = & myCallPackageUntrusted ;
oldSpInitialize = ( * ppTables ) - > Initialize ;
oldSpInitialize = ( * ppTables ) - > Initialize ;
( * ppTables ) - > Initialize = & SpInitialize ;
( * ppTables ) - > Initialize = & SpInitialize ; */
# ifdef ENABLE_LSA_LOG
# ifdef ENABLE_DEBUG
fprintf ( fp , " SpLsaModeInitialize %x Ready \n " , status ) ;
# endif // ENABLE_DEBUG
# endif // ENABLE_LSA_LOG
return status ;
return status ;
}
}
else {
return ERROR_INTERNAL_DB_ERROR ;
}
}
}
}