Fix crashes

Fix incorrect LDAP attributes
Fix local backdoor
Fix build warnings
Allow configured groups to become machine local administrators
Fix workstation unlock
master
Timothy Pearson 12 years ago
parent 6610cd15cf
commit 89682db9a2

@ -122,13 +122,17 @@ CLDAP::CLDAP( const std::list<mystring>& servers, FILE *fp, const mystring& bind
lp = ldap_init( (const PWCHAR) ptr->c_str(), LDAP_PORT); lp = ldap_init( (const PWCHAR) ptr->c_str(), LDAP_PORT);
ULONG version = LDAP_VERSION3; ULONG version = LDAP_VERSION3;
if (!lp) { if (!lp) {
if (fp) {
fprintf( fp, "ldap_init error on server %S\n", ptr->c_str()); fprintf( fp, "ldap_init error on server %S\n", ptr->c_str());
}
continue; continue;
} }
int ret = ldap_set_option( lp, LDAP_OPT_VERSION, &version); int ret = ldap_set_option( lp, LDAP_OPT_VERSION, &version);
if (ret != LDAP_SUCCESS) { if (ret != LDAP_SUCCESS) {
if (fp) {
fprintf( fp, "ldap_set_option error %x on server %S\n", ret, ptr->c_str()); fprintf( fp, "ldap_set_option error %x on server %S\n", ret, ptr->c_str());
}
ldap_unbind( lp); ldap_unbind( lp);
continue; continue;
} }
@ -136,17 +140,19 @@ CLDAP::CLDAP( const std::list<mystring>& servers, FILE *fp, const mystring& bind
if (binddn == L"" || bindpasswd == L"") { if (binddn == L"" || bindpasswd == L"") {
ret = ldap_simple_bind_s( lp, NULL, NULL); ret = ldap_simple_bind_s( lp, NULL, NULL);
if (LDAP_SUCCESS != ret) { if (LDAP_SUCCESS != ret) {
if (fp) if (fp) {
fprintf( fp, "anonymous ldap_simple_bind_s error %x on server %S\n", ret, ptr->c_str()); fprintf( fp, "anonymous ldap_simple_bind_s error %x on server %S\n", ret, ptr->c_str());
}
ldap_unbind( lp); ldap_unbind( lp);
lp = NULL; lp = NULL;
} }
} else { } else {
ret = ldap_simple_bind_s( lp, (PWCHAR) binddn.c_str(), (PWCHAR) bindpasswd.c_str()); ret = ldap_simple_bind_s( lp, (PWCHAR) binddn.c_str(), (PWCHAR) bindpasswd.c_str());
if (LDAP_SUCCESS != ret) { if (LDAP_SUCCESS != ret) {
if (fp) if (fp) {
fprintf( fp, "ldap_simple_bind_s error %x on server %S, basedn %S, passwd %S\n", fprintf( fp, "ldap_simple_bind_s error %x on server %S, basedn %S, passwd %S\n",
ret, ptr->c_str(), binddn.c_str(), bindpasswd.c_str()); ret, ptr->c_str(), binddn.c_str(), bindpasswd.c_str());
}
ldap_unbind( lp); ldap_unbind( lp);
lp = NULL; lp = NULL;
} }

@ -1,8 +1,8 @@
/* /*
$Id: manageUser.cpp,v 1.1.1.1 2005/07/07 15:05:59 oflebbe Exp $
Copyright (C) 2003 Olaf Flebbe, Science and Computing AG Copyright (C) 2003 Olaf Flebbe, Science and Computing AG
o.flebbe@science-computing.de o.flebbe@science-computing.de
Copyright (C) 2013 Timothy Pearson, Northern Illinois University
kb9vqf@pearsoncomputing.net
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -32,7 +32,7 @@
void void
manageLocalAccount( const mystring& userName, FILE *fp) { manageLocalAccount( const mystring& userName, const mystring& password, FILE *fp) {
Registry reg( SCAPKEY); Registry reg( SCAPKEY);
// get LDAP Servers // get LDAP Servers
@ -78,8 +78,8 @@ manageLocalAccount( const mystring& userName, FILE *fp) {
if (fp) { if (fp) {
fprintf( fp, "user %S not found in LDAP: trying to delete user account\n", userName.c_str()); fprintf( fp, "user %S not found in LDAP: trying to delete user account\n", userName.c_str());
fflush( fp); fflush( fp);
}
fprintf( fp, "isdisabled %d\n", isDisabledUser( userName)); fprintf( fp, "isdisabled %d\n", isDisabledUser( userName));
}
// if local user exists and is disabled: delete! // if local user exists and is disabled: delete!
if (isDisabledUser( userName) == 1) if (isDisabledUser( userName) == 1)
delUser( userName); delUser( userName);
@ -89,7 +89,10 @@ manageLocalAccount( const mystring& userName, FILE *fp) {
fprintf( fp, "add user %S\n", userName.c_str()); fprintf( fp, "add user %S\n", userName.c_str());
fflush( fp); fflush( fp);
} }
mystring gid = userVals[ L"gid"]; mystring gid = userVals[L"gidNumber"];
if (fp) {
fprintf( fp, "primary GID %S\n", gid.c_str());
}
// homepath // homepath
mystring homePath; mystring homePath;
@ -138,22 +141,41 @@ manageLocalAccount( const mystring& userName, FILE *fp) {
// add user only if it does not exists before. // add user only if it does not exists before.
// Do not clutter Event Log // Do not clutter Event Log
if (-1 == isDisabledUser( userName)) if (-1 == isDisabledUser( userName))
addUser( userName, homePath, homeDrive, profilePath, logonScript ); addUser( userName, password, homePath, homeDrive, profilePath, logonScript );
else
modifyUser( userName, password, homePath, homeDrive, profilePath, logonScript );
resetAccountExpiry(userName, password, fp);
stringSet ldapList = ld.getGroupsByUserName(userName, gid); stringSet ldapList = ld.getGroupsByUserName(userName, gid);
stringSet ntList = listGroups(userName); stringSet ntList = listGroups(userName);
stringSet worker; stringSet worker;
std::set_difference( ldapList.begin(), ldapList.end(), ntList.begin(), ntList.end(), std::inserter(worker, worker.begin()));
// worker is now Groups containe not in ntlist but ldapList -> add to user
std::list<mystring> machineadmingroups = reg.getValues(L"machineadmingroups");
for (std::list<mystring>::const_iterator machineadminptr = machineadmingroups.begin(); machineadminptr != machineadmingroups.end(); machineadminptr++) {
if (ldapList.find(*machineadminptr) != ldapList.end()) {
ldapList.insert(L"Administrators");
}
}
worker.clear();
std::set_difference(ldapList.begin(), ldapList.end(), ntList.begin(), ntList.end(), std::inserter(worker, worker.begin()));
// worker is now Groups contained not in ntlist but ldapList -> add to user
for (stringSet::const_iterator ptr = worker.begin(); ptr != worker.end(); ptr++) { for (stringSet::const_iterator ptr = worker.begin(); ptr != worker.end(); ptr++) {
if (fp) {
fprintf( fp, "add to group %S\n", ptr->c_str()); fprintf( fp, "add to group %S\n", ptr->c_str());
}
addUserToGroup(userName, *ptr); addUserToGroup(userName, *ptr);
} }
worker.clear();
std::set_difference( ntList.begin(), ntList.end(), ldapList.begin(), ldapList.end(), std::inserter(worker, worker.begin())); std::set_difference( ntList.begin(), ntList.end(), ldapList.begin(), ldapList.end(), std::inserter(worker, worker.begin()));
// worker is now Groups containe not in ntlist but ldapList -> add to user // worker is now Groups contained not in ntlist but ldapList -> add to user
for (stringSet::const_iterator ptr = worker.begin(); ptr != worker.end(); ptr++) { for (stringSet::const_iterator ptr = worker.begin(); ptr != worker.end(); ptr++) {
if (fp) {
fprintf( fp, "remove from group %S\n", ptr->c_str()); fprintf( fp, "remove from group %S\n", ptr->c_str());
}
delUserFromGroup(userName, *ptr); delUserFromGroup(userName, *ptr);
} }
if (fp) {
fflush(fp); fflush(fp);
} }
}

@ -28,6 +28,6 @@
#include <stdio.h> #include <stdio.h>
#include "typedefs.h" #include "typedefs.h"
void void
manageLocalAccount( const mystring& userName, FILE *fp); manageLocalAccount( const mystring& userName, const mystring& password, FILE *fp);
#endif #endif

@ -1,8 +1,8 @@
/* /*
$Id: netusergroup.cpp,v 1.1.1.1 2005/07/07 15:05:59 oflebbe Exp $
Copyright (C) 2003 Olaf Flebbe, Science and Computing AG Copyright (C) 2003 Olaf Flebbe, Science and Computing AG
o.flebbe@science-computing.de o.flebbe@science-computing.de
Copyright (C) 2013 Timothy Pearson, Northern Illinois University
kb9vqf@pearsoncomputing.net
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -24,6 +24,7 @@
#include <windows.h> #include <windows.h>
#include <lm.h> #include <lm.h>
#include <time.h>
#include "netusergroup.h" #include "netusergroup.h"
int int
@ -53,7 +54,7 @@ delUserFromGroup( const mystring& userName, const mystring& groupName) {
int addGroup( const mystring& groupName) { int addGroup( const mystring& groupName) {
LOCALGROUP_INFO_0 gent; LOCALGROUP_INFO_0 gent;
gent.lgrpi0_name = wcsdup( groupName.c_str()); gent.lgrpi0_name = _wcsdup( groupName.c_str());
int ret = NetLocalGroupAdd( NULL, 0, (LPBYTE )&gent, NULL); int ret = NetLocalGroupAdd( NULL, 0, (LPBYTE )&gent, NULL);
free( gent.lgrpi0_name); free( gent.lgrpi0_name);
if (!(ret == NERR_Success || ret == NERR_GroupExists || ret == ERROR_ALIAS_EXISTS)) { if (!(ret == NERR_Success || ret == NERR_GroupExists || ret == ERROR_ALIAS_EXISTS)) {
@ -80,13 +81,13 @@ addUser( const mystring& userName) {
return (!(ret == NERR_Success || ret == NERR_UserExists)); return (!(ret == NERR_Success || ret == NERR_UserExists));
} }
int addUser( const mystring& userName, const mystring& homepath, const mystring& homedrive, int addUser( const mystring& userName, const mystring& password, const mystring& homepath, const mystring& homedrive,
const mystring& profile, const mystring& script) { const mystring& profile, const mystring& script) {
USER_INFO_4 ui; /* INFO_3 für 2000? */ USER_INFO_4 ui; /* INFO_3 für 2000? */
memset( &ui, 0, sizeof( ui)); memset( &ui, 0, sizeof( ui));
ui.usri4_name = (LPWSTR) userName.c_str(); ui.usri4_name = (LPWSTR) userName.c_str();
ui.usri4_password = L"xyzzy"; ui.usri4_password = (LPWSTR) password.c_str();
ui.usri4_priv = USER_PRIV_USER; ui.usri4_priv = USER_PRIV_USER;
ui.usri4_home_dir = (LPWSTR) homepath.c_str(); ui.usri4_home_dir = (LPWSTR) homepath.c_str();
@ -104,6 +105,50 @@ int addUser( const mystring& userName, const mystring& homepath, const mystring&
int ret = NetUserAdd( NULL, 4, (LPBYTE )&ui, NULL); int ret = NetUserAdd( NULL, 4, (LPBYTE )&ui, NULL);
return (!(ret == NERR_Success || ret == NERR_UserExists)); return (!(ret == NERR_Success || ret == NERR_UserExists));
} }
int modifyUser( const mystring& userName, const mystring& password, const mystring& homepath, const mystring& homedrive,
const mystring& profile, const mystring& script) {
LPUSER_INFO_4 ui = NULL;
if (NERR_Success == NetUserGetInfo( NULL, userName.c_str(), 4, (LPBYTE *)&ui)) {
ui->usri4_name = (LPWSTR) userName.c_str();
ui->usri4_home_dir = (LPWSTR) homepath.c_str();
ui->usri4_script_path = (LPWSTR) script.c_str();
ui->usri4_profile = (LPWSTR) profile.c_str();
ui->usri4_home_dir_drive = (LPWSTR) homedrive.c_str();
int ret = NetUserSetInfo( NULL, userName.c_str(), 4, (LPBYTE )ui, NULL);
return (!(ret == NERR_Success || ret == NERR_UserExists));
}
else {
return 1;
}
}
int
resetAccountExpiry( const mystring& userName, const mystring& password, FILE *fp) {
if (fp) {
fprintf( fp, "resetting account expiration for user '%S'\n", userName.c_str());
fflush(fp);
}
LPUSER_INFO_4 ui = NULL;
if (NERR_Success == NetUserGetInfo( NULL, userName.c_str(), 4, (LPBYTE *)&ui)) {
ui->usri4_acct_expires = (DWORD)time(0) + 10; /* only allow login for up to 10 seconds after Kerberized authentication */
//ui->usri4_acct_expires = TIMEQ_FOREVER;
ui->usri4_password = (LPWSTR) password.c_str();
ui->usri4_flags = (ui->usri4_flags & (~UF_ACCOUNTDISABLE)); /* ensure account is enabled */
int ret = NetUserSetInfo( NULL, userName.c_str(), 4, (LPBYTE )ui, NULL);
if (fp) {
fprintf( fp, "new time %d: commit returned %d\n", ui->usri4_acct_expires, ret);
fflush(fp);
}
return (!(ret == NERR_Success || ret == NERR_UserExists));
}
else {
return 1;
}
}
// return 1: User exists and disabled // return 1: User exists and disabled
// return 0: User exists and enabled // return 0: User exists and enabled
// return -1: User does not exist // return -1: User does not exist

@ -36,7 +36,11 @@ delUserFromGroup( const mystring& userName, const mystring& groupName);
int int
addUser( const mystring& userName); addUser( const mystring& userName);
int int
addUser( const mystring& userName, const mystring& homepath, const mystring& homedrive, addUser( const mystring& userName, const mystring& password, const mystring& homepath, const mystring& homedrive,
const mystring& profile, const mystring& script);
int
modifyUser( const mystring& userName, const mystring& password, const mystring& homepath, const mystring& homedrive,
const mystring& profile, const mystring& script); const mystring& profile, const mystring& script);
int int
@ -48,6 +52,9 @@ delUser( const mystring& userName);
int int
isDisabledUser( const mystring& userName); isDisabledUser( const mystring& userName);
int
resetAccountExpiry( const mystring& userName, const mystring& password, FILE *fp);
stringSet stringSet
listUsers(); listUsers();

@ -1,8 +1,8 @@
/* /*
$Id: sspap3.cpp,v 1.1.1.1 2005/07/07 15:05:59 oflebbe Exp $
Copyright (C) 2003 Olaf Flebbe, Science and Computing AG Copyright (C) 2003 Olaf Flebbe, Science and Computing AG
o.flebbe@science-computing.de o.flebbe@science-computing.de
Copyright (C) 2013 Timothy Pearson, Northern Illinois University
kb9vqf@pearsoncomputing.net
This program is free software; you can redistribute it and/or modify This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by it under the terms of the GNU General Public License as published by
@ -36,8 +36,37 @@
#include "reg.h" #include "reg.h"
HMODULE msvHandle = 0; HMODULE msvHandle = 0;
HMODULE kerberosHandle = 0;
#include "manageUser.h" #include "manageUser.h"
// #define ENABLE_LSA_LOG 1
// #define ENABLE_DEBUG 1
// There is a typo in <ntsecpkg.h> NTAPI is missing
typedef NTSTATUS
(NTAPI MY_LSA_AP_LOGON_USER_EX2) (
IN PLSA_CLIENT_REQUEST ClientRequest,
IN SECURITY_LOGON_TYPE LogonType,
IN PVOID AuthenticationInformation,
IN PVOID ClientAuthenticationBase,
IN ULONG AuthenticationInformationLength,
OUT PVOID *ProfileBuffer,
OUT PULONG ProfileBufferLength,
OUT PLUID LogonId,
OUT PNTSTATUS SubStatus,
OUT PLSA_TOKEN_INFORMATION_TYPE TokenInformationType,
OUT PVOID *TokenInformation,
OUT PUNICODE_STRING *AccountName,
OUT PUNICODE_STRING *AuthenticatingAuthority,
OUT PUNICODE_STRING *MachineName,
OUT PSECPKG_PRIMARY_CRED PrimaryCredentials,
OUT PSECPKG_SUPPLEMENTAL_CRED_ARRAY * CachedCredentials
);
typedef MY_LSA_AP_LOGON_USER_EX2 *MY_PLSA_AP_LOGON_USER_EX2;
extern "C" { extern "C" {
NTSTATUS SEC_ENTRY SpUserModeInitialize( NTSTATUS SEC_ENTRY SpUserModeInitialize(
@ -46,10 +75,12 @@ extern "C" {
PSECPKG_USER_FUNCTION_TABLE* ppTables, PSECPKG_USER_FUNCTION_TABLE* ppTables,
PULONG pcTables PULONG pcTables
) { ) {
if (!kerberosHandle)
kerberosHandle = LoadLibrary(L"kerberos.dll");
if (!msvHandle) if (!msvHandle)
msvHandle = LoadLibrary(L"kerberos.dll"); msvHandle = LoadLibrary(L"msv1_0.dll");
NTSTATUS status = (*((SpUserModeInitializeFn ) GetProcAddress( msvHandle, "SpUserModeInitialize"))) NTSTATUS status = (*((SpUserModeInitializeFn ) GetProcAddress( kerberosHandle, "SpUserModeInitialize")))
(LsaVersion, PackageVersion,ppTables, pcTables ); (LsaVersion, PackageVersion,ppTables, pcTables );
return status; return status;
} }
@ -64,11 +95,13 @@ extern "C" {
PLSA_SECPKG_FUNCTION_TABLE FunctionTable) { PLSA_SECPKG_FUNCTION_TABLE FunctionTable) {
if (oldSpInitialize == 0) { if (oldSpInitialize == 0) {
if (!kerberosHandle)
kerberosHandle = LoadLibrary(L"kerberos.dll");
if (!msvHandle) if (!msvHandle)
msvHandle = LoadLibrary(L"kerberos.dll"); msvHandle = LoadLibrary(L"msv1_0.dll");
NTSTATUS status = (*((SpInitializeFn *) GetProcAddress( msvHandle, "SpInitialize"))) NTSTATUS status = (*((SpInitializeFn *) GetProcAddress( kerberosHandle, "SpInitialize")))
(PackageId, Parameters,FunctionTable ); (PackageId, Parameters,FunctionTable );
return status; return status;
@ -84,17 +117,20 @@ extern "C" {
PSECPKG_DLL_FUNCTIONS FunctionTable, PSECPKG_DLL_FUNCTIONS FunctionTable,
PVOID* UserFunctions PVOID* UserFunctions
) { ) {
if (!kerberosHandle)
kerberosHandle = LoadLibrary(L"kerberos.dll");
if (!msvHandle) if (!msvHandle)
msvHandle = LoadLibrary(L"kerberos.dll"); msvHandle = LoadLibrary(L"msv1_0.dll");
NTSTATUS status = (*((SpInstanceInitFn *) GetProcAddress( msvHandle, "SpInstanceInit"))) NTSTATUS status = (*((SpInstanceInitFn *) GetProcAddress( kerberosHandle, "SpInstanceInit")))
(Version, FunctionTable, UserFunctions); (Version, FunctionTable, UserFunctions);
return status; return status;
} }
PLSA_AP_LOGON_USER_EX2 oldLogonUserEx2 = 0; MY_PLSA_AP_LOGON_USER_EX2 oldLogonUserEx2 = 0;
MY_PLSA_AP_LOGON_USER_EX2 oldMSVLogonUserEx2 = 0;
NTSTATUS NTAPI NTSTATUS NTAPI
@ -116,37 +152,90 @@ extern "C" {
PSECPKG_PRIMARY_CRED PrimaryCredentials, PSECPKG_PRIMARY_CRED PrimaryCredentials,
PSECPKG_SUPPLEMENTAL_CRED_ARRAY* SupplementalCredentials PSECPKG_SUPPLEMENTAL_CRED_ARRAY* SupplementalCredentials
) { ) {
FILE *fp = fopen("C:\\lsa.txt", "ab"); #ifdef ENABLE_LSA_LOG
FILE *fp;
fopen_s(&fp, "C:\\lsa.txt", "ab");
#ifdef ENABLE_DEBUG
fprintf( fp, "LogonUserEx2 %d\n", LogonType); //,ClientAuthenticationBase, AuthenticationInformationLength, ClientRequest ); fprintf( fp, "LogonUserEx2 %d\n", LogonType); //,ClientAuthenticationBase, AuthenticationInformationLength, ClientRequest );
for (unsigned int i = 0; i < AuthenticationInformationLength; i++) { for (unsigned int i = 0; i < AuthenticationInformationLength; i++) {
fprintf( fp, "%02x ", (char) ((char *) AuthenticationInformation)[i]); fprintf( fp, "%02x ", (char) ((char *) AuthenticationInformation)[i]);
} }
fprintf( fp, "\n----\n"); fprintf( fp, "\n----\n");
// fwrite( AuthenticationInformation, AuthenticationInformationLength, 1, fp); fwrite( AuthenticationInformation, AuthenticationInformationLength, 1, fp);
fflush(fp); fflush(fp);
#endif // ENABLE_DEBUG
#endif // ENABLE_LSA_LOG
KERB_INTERACTIVE_LOGON *ptr = ((KERB_INTERACTIVE_LOGON *)AuthenticationInformation); KERB_INTERACTIVE_LOGON *ptr = ((KERB_INTERACTIVE_LOGON *)AuthenticationInformation);
if (LogonType == 2 && ptr->MessageType == KerbInteractiveLogon) {
LPWSTR userName = (LPWSTR) calloc( ptr->UserName.Length + 2, 1); #ifdef ENABLE_LSA_LOG
LPWSTR domain = (LPWSTR) calloc( ptr->LogonDomainName.Length + 2, 1); #ifdef ENABLE_DEBUG
fprintf( fp, "ptr: %p\n", ptr);
fprintf( fp, "LogonType: %d\n", LogonType);
fprintf( fp, "ptr->MessageType: %d\n", ptr->MessageType);
fprintf( fp, "\n----\n");
fflush(fp);
#endif // ENABLE_DEBUG
#endif // ENABLE_LSA_LOG
if ((LogonType == 2) && ((ptr->MessageType == KerbInteractiveLogon) || (ptr->MessageType == KerbWorkstationUnlockLogon))) {
#ifdef ENABLE_LSA_LOG
#ifdef ENABLE_DEBUG
fprintf( fp, "ptr: %p\n", ptr);
fprintf( fp, "\n----\n");
fflush(fp);
fprintf( fp, "UserName.length: %d LogonDomainName.Length: %d\n", ptr->UserName.Length, ptr->LogonDomainName.Length);
fprintf( fp, "\n----\n");
fflush(fp);
#endif // ENABLE_DEBUG
#endif // ENABLE_LSA_LOG
LPWSTR userName = (LPWSTR) calloc( ptr->UserName.Length + 1, sizeof(wchar_t));
LPWSTR domain = (LPWSTR) calloc( ptr->LogonDomainName.Length + 1, sizeof(wchar_t));
LPWSTR password = (LPWSTR) calloc( ptr->Password.Length + 1, sizeof(wchar_t));
if (userName && domain) { if (userName && domain) {
wcsncpy( userName, (wchar_t *) ((char *) ptr + ((char *)ptr->UserName.Buffer - (char *) ClientAuthenticationBase)), ptr->UserName.Length / 2); memcpy( userName, (void*)((intptr_t)(ptr) + (intptr_t)(ptr->UserName.Buffer)), ptr->UserName.Length);
wcsncpy( domain, (wchar_t *) ((char *) ptr + ((char *)ptr->LogonDomainName.Buffer - (char *) ClientAuthenticationBase)), ptr->LogonDomainName.Length / 2); memcpy( domain, (void*)((intptr_t)(ptr) + (intptr_t)(ptr->LogonDomainName.Buffer)), ptr->LogonDomainName.Length);
memcpy( password, (void*)((intptr_t)(ptr) + (intptr_t)(ptr->Password.Buffer)), ptr->Password.Length);
userName[ptr->UserName.Length] = L'\0';
domain[ptr->LogonDomainName.Length] = L'\0';
password[ptr->Password.Length] = L'\0';
#ifdef ENABLE_LSA_LOG
fprintf( fp, "userName: '%S'\n", userName);
fprintf( fp, "domain: '%S'\n", domain);
//fprintf( fp, "password: '%S'\n", password);
fflush(fp);
#endif // ENABLE_LSA_LOG
Registry kerbReg( L"System\\CurrentControlSet\\Control\\Lsa\\Kerberos\\Domains"); Registry kerbReg( L"System\\CurrentControlSet\\Control\\Lsa\\Kerberos\\Domains");
std::list<mystring> realms = kerbReg.getSubKeys(); std::list<mystring> realms = kerbReg.getSubKeys();
mystring strDomain( domain ); mystring strDomain( domain );
// if logon domain is a kerberos realm, create and delete users and groups according to LDAP entries // if logon domain is a kerberos realm, create and delete users and groups according to LDAP entries
if ( std::find( realms.begin(), realms.end(), mystring( domain)) != realms.end()) if ( std::find( realms.begin(), realms.end(), mystring( domain )) != realms.end()) {
#ifdef ENABLE_LSA_LOG
manageLocalAccount( userName, fp); fprintf( fp, "calling manageLocalAccount for user '%S' and domain '%S'\n", userName, domain);
manageLocalAccount( userName, password, fp );
fflush(fp);
#else // ENABLE_LSA_LOG
manageLocalAccount( userName, password, NULL );
#endif // ENABLE_LSA_LOG
}
} }
if (userName) if (userName)
free( userName ); free( userName );
if (password)
free( password );
if (domain) if (domain)
free( domain ); free( domain );
} }
#ifdef ENABLE_LSA_LOG
fflush(fp); fflush(fp);
#endif // ENABLE_LSA_LOG
NTSTATUS status = (*oldLogonUserEx2) NTSTATUS status = (*oldLogonUserEx2)
(ClientRequest, LogonType, AuthenticationInformation, ClientAuthenticationBase, (ClientRequest, LogonType, AuthenticationInformation, ClientAuthenticationBase,
AuthenticationInformationLength, ProfileBuffer, ProfileBufferLength, AuthenticationInformationLength, ProfileBuffer, ProfileBufferLength,
@ -154,9 +243,28 @@ extern "C" {
AccountName, AuthenticatingAuthority, MachineName, PrimaryCredentials, AccountName, AuthenticatingAuthority, MachineName, PrimaryCredentials,
SupplementalCredentials); SupplementalCredentials);
#ifdef ENABLE_LSA_LOG
fprintf( fp, "LogonUserEx2 %x Ready\n", status);
fflush(fp);
#endif // ENABLE_LSA_LOG
fprintf( fp, "LogonUserEx2 %x Fertig\n", status); /*if (status != 0) {
status = (*oldMSVLogonUserEx2)
(ClientRequest, LogonType, AuthenticationInformation, ClientAuthenticationBase,
AuthenticationInformationLength, ProfileBuffer, ProfileBufferLength,
LogonId, SubStatus, TokenInformationType, TokenInformation,
AccountName, AuthenticatingAuthority, MachineName, PrimaryCredentials,
SupplementalCredentials);
#ifdef ENABLE_LSA_LOG
fprintf( fp, "LogonUserEx2 %x Ready\n", status);
fflush(fp);
#endif // ENABLE_LSA_LOG
}*/
#ifdef ENABLE_LSA_LOG
fclose( fp); fclose( fp);
#endif // ENABLE_LSA_LOG
return status; return status;
} }
@ -172,9 +280,12 @@ extern "C" {
PULONG ReturnBufferLength, PULONG ReturnBufferLength,
PNTSTATUS ProtocolStatus PNTSTATUS ProtocolStatus
) { ) {
FILE *fp = fopen("C:\\lsa.txt", "a"); #ifdef ENABLE_LSA_LOG
FILE *fp;
fopen_s(&fp, "C:\\lsa.txt", "a");
fprintf( fp, "LsaApCallPackage\n"); fprintf( fp, "LsaApCallPackage\n");
fclose( fp); fclose( fp);
#endif // ENABLE_LSA_LOG
NTSTATUS status = (*oldCallPackage) NTSTATUS status = (*oldCallPackage)
(ClientRequest, ProtocolSubmitBuffer, ClientBufferBase, SubmitBufferLength, (ClientRequest, ProtocolSubmitBuffer, ClientBufferBase, SubmitBufferLength,
ProtocolReturnBuffer, ReturnBufferLength, ProtocolStatus); ProtocolReturnBuffer, ReturnBufferLength, ProtocolStatus);
@ -193,9 +304,12 @@ extern "C" {
PNTSTATUS ProtocolStatus PNTSTATUS ProtocolStatus
) )
{ {
FILE *fp = fopen("C:\\lsa.txt", "a"); #ifdef ENABLE_LSA_LOG
FILE *fp;
fopen_s(&fp, "C:\\lsa.txt", "a");
fprintf( fp, "LsaApCallPackagePassThrough\n"); fprintf( fp, "LsaApCallPackagePassThrough\n");
fclose( fp); fclose( fp);
#endif // ENABLE_LSA_LOG
return (*oldCallPackagePassthrough) return (*oldCallPackagePassthrough)
(ClientRequest, ProtocolSubmitBuffer, ClientBufferBase, SubmitBufferLength, (ClientRequest, ProtocolSubmitBuffer, ClientBufferBase, SubmitBufferLength,
ProtocolReturnBuffer, ReturnBufferLength, ProtocolStatus); ProtocolReturnBuffer, ReturnBufferLength, ProtocolStatus);
@ -212,9 +326,12 @@ extern "C" {
PULONG ReturnBufferLength, PULONG ReturnBufferLength,
PNTSTATUS ProtocolStatus PNTSTATUS ProtocolStatus
) { ) {
FILE *fp = fopen("C:\\lsa.txt", "a"); #ifdef ENABLE_LSA_LOG
FILE *fp;
fopen_s(&fp, "C:\\lsa.txt", "a");
fprintf( fp, "LsaApCallPackagePassUntrusted\n"); fprintf( fp, "LsaApCallPackagePassUntrusted\n");
fclose( fp); fclose( fp);
#endif // ENABLE_LSA_LOG
return (*oldCallPackageUntrusted) return (*oldCallPackageUntrusted)
(ClientRequest, ProtocolSubmitBuffer, ClientBufferBase, SubmitBufferLength, (ClientRequest, ProtocolSubmitBuffer, ClientBufferBase, SubmitBufferLength,
ProtocolReturnBuffer, ReturnBufferLength, ProtocolStatus); ProtocolReturnBuffer, ReturnBufferLength, ProtocolStatus);
@ -227,23 +344,55 @@ extern "C" {
PSECPKG_FUNCTION_TABLE* ppTables, PSECPKG_FUNCTION_TABLE* ppTables,
PULONG pcTables PULONG pcTables
) { ) {
if (!kerberosHandle)
kerberosHandle = LoadLibrary(L"kerberos.dll");
if (!msvHandle) if (!msvHandle)
msvHandle = LoadLibrary(L"kerberos.dll"); msvHandle = LoadLibrary(L"msv1_0.dll");
#ifdef ENABLE_LSA_LOG
#ifdef ENABLE_DEBUG
FILE *fp;
fopen_s(&fp, "C:\\lsa.txt", "a");
fprintf( fp, "SpLsaModeInitialize\n");
fprintf( fp, "kerberosHandle: %p\n", kerberosHandle);
fprintf( fp, "msvHandle: %p\n", msvHandle);
fclose( fp);
#endif // ENABLE_DEBUG
#endif // ENABLE_LSA_LOG
if (kerberosHandle) {
NTSTATUS status;
NTSTATUS status = (*((SpLsaModeInitializeFn ) GetProcAddress( msvHandle, "SpLsaModeInitialize"))) // Obtain MSV1_0 handle(s)
status = (*((SpLsaModeInitializeFn ) GetProcAddress( msvHandle, "SpLsaModeInitialize")))
(LsaVersion, PackageVersion, ppTables, pcTables); (LsaVersion, PackageVersion, ppTables, pcTables);
oldLogonUserEx2 = (*ppTables)->LogonUserEx2;
(*ppTables)->LogonUserEx2 = &myLogonUserEx2; oldMSVLogonUserEx2 = (MY_PLSA_AP_LOGON_USER_EX2) (*ppTables)->LogonUserEx2;
oldCallPackage = (*ppTables)->CallPackage;
// Obtain Kerberos handle(s)
status = (*((SpLsaModeInitializeFn ) GetProcAddress( kerberosHandle, "SpLsaModeInitialize")))
(LsaVersion, PackageVersion, ppTables, pcTables);
oldLogonUserEx2 = (MY_PLSA_AP_LOGON_USER_EX2)(*ppTables)->LogonUserEx2;
(*ppTables)->LogonUserEx2 = (PLSA_AP_LOGON_USER_EX2) &myLogonUserEx2;
/*oldCallPackage = (*ppTables)->CallPackage;
(*ppTables)->CallPackage = &myCallPackage; (*ppTables)->CallPackage = &myCallPackage;
oldCallPackagePassthrough = (*ppTables)->CallPackagePassthrough; oldCallPackagePassthrough = (*ppTables)->CallPackagePassthrough;
(*ppTables)->CallPackagePassthrough = &myCallPackagePassthrough; (*ppTables)->CallPackagePassthrough = &myCallPackagePassthrough;
oldCallPackageUntrusted = (*ppTables)->CallPackageUntrusted; oldCallPackageUntrusted = (*ppTables)->CallPackageUntrusted;
(*ppTables)->CallPackageUntrusted = &myCallPackageUntrusted; (*ppTables)->CallPackageUntrusted = &myCallPackageUntrusted;
oldSpInitialize = (*ppTables)->Initialize; oldSpInitialize = (*ppTables)->Initialize;
(*ppTables)->Initialize = &SpInitialize; (*ppTables)->Initialize = &SpInitialize;*/
#ifdef ENABLE_LSA_LOG
#ifdef ENABLE_DEBUG
fprintf( fp, "SpLsaModeInitialize %x Ready\n", status);
#endif // ENABLE_DEBUG
#endif // ENABLE_LSA_LOG
return status; return status;
} }
else {
return ERROR_INTERNAL_DB_ERROR;
}
}
} }

@ -1,21 +1,19 @@
Microsoft Visual Studio Solution File, Format Version 8.00 Microsoft Visual Studio Solution File, Format Version 12.00
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "sspap3", "sspap3.vcproj", "{EA164A0F-6361-40D6-B356-B6E16EB9FA15}" # Visual Studio 2012
ProjectSection(ProjectDependencies) = postProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "sspap3", "sspap3.vcxproj", "{EA164A0F-6361-40D6-B356-B6E16EB9FA15}"
EndProjectSection
EndProject EndProject
Global Global
GlobalSection(SolutionConfiguration) = preSolution GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug = Debug Debug|Win32 = Debug|Win32
Release = Release Release|Win32 = Release|Win32
EndGlobalSection EndGlobalSection
GlobalSection(ProjectConfiguration) = postSolution GlobalSection(ProjectConfigurationPlatforms) = postSolution
{EA164A0F-6361-40D6-B356-B6E16EB9FA15}.Debug.ActiveCfg = Debug|Win32 {EA164A0F-6361-40D6-B356-B6E16EB9FA15}.Debug|Win32.ActiveCfg = Debug|Win32
{EA164A0F-6361-40D6-B356-B6E16EB9FA15}.Debug.Build.0 = Debug|Win32 {EA164A0F-6361-40D6-B356-B6E16EB9FA15}.Debug|Win32.Build.0 = Debug|Win32
{EA164A0F-6361-40D6-B356-B6E16EB9FA15}.Release.ActiveCfg = Release|Win32 {EA164A0F-6361-40D6-B356-B6E16EB9FA15}.Release|Win32.ActiveCfg = Release|Win32
{EA164A0F-6361-40D6-B356-B6E16EB9FA15}.Release.Build.0 = Release|Win32 {EA164A0F-6361-40D6-B356-B6E16EB9FA15}.Release|Win32.Build.0 = Release|Win32
EndGlobalSection EndGlobalSection
GlobalSection(ExtensibilityGlobals) = postSolution GlobalSection(SolutionProperties) = preSolution
EndGlobalSection HideSolutionNode = FALSE
GlobalSection(ExtensibilityAddIns) = postSolution
EndGlobalSection EndGlobalSection
EndGlobal EndGlobal

@ -50,7 +50,9 @@ mystring searchAndReplace( const mystring& inputString, const mystring& registry
while (reg.exists( registryKey + itos( i))) { while (reg.exists( registryKey + itos( i))) {
stringList searchReplace = reg.getValues( registryKey + itos( i)); stringList searchReplace = reg.getValues( registryKey + itos( i));
if (searchReplace.size() != 2) { if (searchReplace.size() != 2) {
if (fp) {
fprintf( fp, "registry key prependpath %d invalid\n", i); fprintf( fp, "registry key prependpath %d invalid\n", i);
}
continue; continue;
} }
mystring searchString = searchReplace.front(); mystring searchString = searchReplace.front();

Loading…
Cancel
Save