uLab
/
windows-ldap-integration
mirror of https://mirror.git.trinitydesktop.org/gitea/uLab/windows-ldap-integration
0
0
Fork 0
Code Issues Releases Wiki Activity

Fix crashes

Browse Source 
Fix incorrect LDAP attributes
Fix local backdoor
Fix build warnings
Allow configured groups to become machine local administrators
Fix workstation unlock
master
Timothy Pearson 11 years ago
parent 6610cd15cf
commit 89682db9a2
8 changed files with 719 additions and 490 deletions
Show Stats Download Patch File Download Diff File

18
sc-ap/ldap1.cpp
Unescape View File

@ -122,31 +122,37 @@ CLDAP::CLDAP( const std::list<mystring>& servers, FILE *fp, const mystring& bind
lp = ldap_init( (const PWCHAR) ptr->c_str(), LDAP_PORT);
ULONG version = LDAP_VERSION3;
if (!lp) {
fprintf( fp, "ldap_init error on server %S\n", ptr->c_str());
if (fp) {
fprintf( fp, "ldap_init error on server %S\n", ptr->c_str());
}
continue;
}
int ret = ldap_set_option( lp, LDAP_OPT_VERSION, &version);
if (ret != LDAP_SUCCESS) {
fprintf( fp, "ldap_set_option error %x on server %S\n", ret, ptr->c_str());
ldap_unbind( lp);
continue;
if (fp) {
fprintf( fp, "ldap_set_option error %x on server %S\n", ret, ptr->c_str());
}
ldap_unbind( lp);
continue;
}
if (binddn == L"" || bindpasswd == L"") {
ret = ldap_simple_bind_s( lp, NULL, NULL);
if (LDAP_SUCCESS != ret) {
if (fp)
if (fp) {
fprintf( fp, "anonymous ldap_simple_bind_s error %x on server %S\n", ret, ptr->c_str());
}
ldap_unbind( lp);
lp = NULL;
}
} else {
ret = ldap_simple_bind_s( lp, (PWCHAR) binddn.c_str(), (PWCHAR) bindpasswd.c_str());
if (LDAP_SUCCESS != ret) {
if (fp)
if (fp) {
fprintf( fp, "ldap_simple_bind_s error %x on server %S, basedn %S, passwd %S\n",
ret, ptr->c_str(), binddn.c_str(), bindpasswd.c_str());
}
ldap_unbind( lp);
lp = NULL;
}

66
sc-ap/manageUser.cpp
Unescape View File

@ -1,8 +1,8 @@
/*
$Id: manageUser.cpp,v 1.1.1.1 2005/07/07 15:05:59 oflebbe Exp $
Copyright (C) 2003 Olaf Flebbe, Science and Computing AG
o.flebbe@science-computing.de
Copyright (C) 2013 Timothy Pearson, Northern Illinois University
kb9vqf@pearsoncomputing.net
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -32,7 +32,7 @@
void
manageLocalAccount( const mystring& userName, FILE *fp) {
manageLocalAccount( const mystring& userName, const mystring& password, FILE *fp) {
Registry reg( SCAPKEY);
// get LDAP Servers
@ -78,8 +78,8 @@ manageLocalAccount( const mystring& userName, FILE *fp) {
if (fp) {
fprintf( fp, "user %S not found in LDAP: trying to delete user account\n", userName.c_str());
fflush( fp);
}
fprintf( fp, "isdisabled %d\n", isDisabledUser( userName));
fprintf( fp, "isdisabled %d\n", isDisabledUser( userName));
}
// if local user exists and is disabled: delete!
if (isDisabledUser( userName) == 1)
delUser( userName);
@ -89,7 +89,10 @@ manageLocalAccount( const mystring& userName, FILE *fp) {
fprintf( fp, "add user %S\n", userName.c_str());
fflush( fp);
}
mystring gid = userVals[ L"gid"];
mystring gid = userVals[L"gidNumber"];
if (fp) {
fprintf( fp, "primary GID %S\n", gid.c_str());
}
// homepath
mystring homePath;
@ -99,7 +102,7 @@ manageLocalAccount( const mystring& userName, FILE *fp) {
if (userVals.find( HOMEDIRECTORY) != userVals.end()) {
homePath = userVals[ HOMEDIRECTORY];
} else {
homePath = reg.getValue( L"homepath");
homePath = reg.getValue(L"homepath");
}
// search and replace with registry keys
homePath = searchAndReplace( convertSlashes( homePath), L"homepathreplace", reg, fp);
@ -110,7 +113,7 @@ manageLocalAccount( const mystring& userName, FILE *fp) {
if (userVals.find( SAMBAHOMEDRIVE) != userVals.end()) {
homeDrive = *(userVals[ SAMBAHOMEDRIVE].begin()); // use first Element
} else {
homeDrive = reg.getValue( L"homedrive");
homeDrive = reg.getValue(L"homedrive");
}
// profilePath
@ -119,9 +122,9 @@ manageLocalAccount( const mystring& userName, FILE *fp) {
profilePath = userVals[ SAMBAPROFILEPATH];
} else {
if (homeDrive != L"") {
profilePath= homeDrive + reg.getValue( L"profilepath");
profilePath= homeDrive + reg.getValue(L"profilepath");
} else {
profilePath = homePath + reg.getValue( L"profilepath");
profilePath = homePath + reg.getValue(L"profilepath");
profilePath = searchAndReplace( profilePath, L"profilereplace", reg, fp);
}
}
@ -130,7 +133,7 @@ manageLocalAccount( const mystring& userName, FILE *fp) {
if (userVals.find( SAMBALOGONSCRIPT) != userVals.end()) {
logonScript = userVals[ SAMBALOGONSCRIPT];
} else {
logonScript = reg.getValue( L"logonscript");
logonScript = reg.getValue(L"logonscript");
}
@ -138,22 +141,41 @@ manageLocalAccount( const mystring& userName, FILE *fp) {
// add user only if it does not exists before.
// Do not clutter Event Log
if (-1 == isDisabledUser( userName))
addUser( userName, homePath, homeDrive, profilePath, logonScript );
stringSet ldapList = ld.getGroupsByUserName( userName, gid);
stringSet ntList = listGroups( userName);
addUser( userName, password, homePath, homeDrive, profilePath, logonScript );
else
modifyUser( userName, password, homePath, homeDrive, profilePath, logonScript );
resetAccountExpiry(userName, password, fp);
stringSet ldapList = ld.getGroupsByUserName(userName, gid);
stringSet ntList = listGroups(userName);
stringSet worker;
std::set_difference( ldapList.begin(), ldapList.end(), ntList.begin(), ntList.end(), std::inserter(worker, worker.begin()));
// worker is now Groups containe not in ntlist but ldapList -> add to user
std::list<mystring> machineadmingroups = reg.getValues(L"machineadmingroups");
for (std::list<mystring>::const_iterator machineadminptr = machineadmingroups.begin(); machineadminptr != machineadmingroups.end(); machineadminptr++) {
if (ldapList.find(*machineadminptr) != ldapList.end()) {
ldapList.insert(L"Administrators");
}
}
worker.clear();
std::set_difference(ldapList.begin(), ldapList.end(), ntList.begin(), ntList.end(), std::inserter(worker, worker.begin()));
// worker is now Groups contained not in ntlist but ldapList -> add to user
for (stringSet::const_iterator ptr = worker.begin(); ptr != worker.end(); ptr++) {
fprintf( fp, "add to group %S\n", ptr->c_str());
addUserToGroup( userName, *ptr);
if (fp) {
fprintf( fp, "add to group %S\n", ptr->c_str());
}
addUserToGroup(userName, *ptr);
}
worker.clear();
std::set_difference( ntList.begin(), ntList.end(), ldapList.begin(), ldapList.end(), std::inserter(worker, worker.begin()));
// worker is now Groups containe not in ntlist but ldapList -> add to user
// worker is now Groups contained not in ntlist but ldapList -> add to user
for (stringSet::const_iterator ptr = worker.begin(); ptr != worker.end(); ptr++) {
fprintf( fp, "remove from group %S\n", ptr->c_str());
delUserFromGroup( userName, *ptr);
if (fp) {
fprintf( fp, "remove from group %S\n", ptr->c_str());
}
delUserFromGroup(userName, *ptr);
}
if (fp) {
fflush(fp);
}
fflush( fp);
}

2
sc-ap/manageUser.h
Unescape View File

@ -28,6 +28,6 @@
#include <stdio.h>
#include "typedefs.h"
void
manageLocalAccount( const mystring& userName, FILE *fp);
manageLocalAccount( const mystring& userName, const mystring& password, FILE *fp);
#endif

55
sc-ap/netusergroup.cpp
Unescape View File

@ -1,8 +1,8 @@
/*
$Id: netusergroup.cpp,v 1.1.1.1 2005/07/07 15:05:59 oflebbe Exp $
Copyright (C) 2003 Olaf Flebbe, Science and Computing AG
o.flebbe@science-computing.de
Copyright (C) 2013 Timothy Pearson, Northern Illinois University
kb9vqf@pearsoncomputing.net
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -24,6 +24,7 @@
#include <windows.h>
#include <lm.h>
#include <time.h>
#include "netusergroup.h"
int
@ -53,7 +54,7 @@ delUserFromGroup( const mystring& userName, const mystring& groupName) {
int addGroup( const mystring& groupName) {
LOCALGROUP_INFO_0 gent;
gent.lgrpi0_name = wcsdup( groupName.c_str());
gent.lgrpi0_name = _wcsdup( groupName.c_str());
int ret = NetLocalGroupAdd( NULL, 0, (LPBYTE )&gent, NULL);
free( gent.lgrpi0_name);
if (!(ret == NERR_Success || ret == NERR_GroupExists || ret == ERROR_ALIAS_EXISTS)) {
@ -80,13 +81,13 @@ addUser( const mystring& userName) {
return (!(ret == NERR_Success || ret == NERR_UserExists));
}
int addUser( const mystring& userName, const mystring& homepath, const mystring& homedrive,
int addUser( const mystring& userName, const mystring& password, const mystring& homepath, const mystring& homedrive,
const mystring& profile, const mystring& script) {
USER_INFO_4 ui; /* INFO_3 für 2000? */
memset( &ui, 0, sizeof( ui));
ui.usri4_name = (LPWSTR) userName.c_str();
ui.usri4_password = L"xyzzy";
ui.usri4_password = (LPWSTR) password.c_str();
ui.usri4_priv = USER_PRIV_USER;
ui.usri4_home_dir = (LPWSTR) homepath.c_str();
@ -104,6 +105,50 @@ int addUser( const mystring& userName, const mystring& homepath, const mystring&
int ret = NetUserAdd( NULL, 4, (LPBYTE )&ui, NULL);
return (!(ret == NERR_Success || ret == NERR_UserExists));
}
int modifyUser( const mystring& userName, const mystring& password, const mystring& homepath, const mystring& homedrive,
const mystring& profile, const mystring& script) {
LPUSER_INFO_4 ui = NULL;
if (NERR_Success == NetUserGetInfo( NULL, userName.c_str(), 4, (LPBYTE *)&ui)) {
ui->usri4_name = (LPWSTR) userName.c_str();
ui->usri4_home_dir = (LPWSTR) homepath.c_str();
ui->usri4_script_path = (LPWSTR) script.c_str();
ui->usri4_profile = (LPWSTR) profile.c_str();
ui->usri4_home_dir_drive = (LPWSTR) homedrive.c_str();
int ret = NetUserSetInfo( NULL, userName.c_str(), 4, (LPBYTE )ui, NULL);
return (!(ret == NERR_Success || ret == NERR_UserExists));
}
else {
return 1;
}
}
int
resetAccountExpiry( const mystring& userName, const mystring& password, FILE *fp) {
if (fp) {
fprintf( fp, "resetting account expiration for user '%S'\n", userName.c_str());
fflush(fp);
}
LPUSER_INFO_4 ui = NULL;
if (NERR_Success == NetUserGetInfo( NULL, userName.c_str(), 4, (LPBYTE *)&ui)) {
ui->usri4_acct_expires = (DWORD)time(0) + 10; /* only allow login for up to 10 seconds after Kerberized authentication */
//ui->usri4_acct_expires = TIMEQ_FOREVER;
ui->usri4_password = (LPWSTR) password.c_str();
ui->usri4_flags = (ui->usri4_flags & (~UF_ACCOUNTDISABLE)); /* ensure account is enabled */
int ret = NetUserSetInfo( NULL, userName.c_str(), 4, (LPBYTE )ui, NULL);
if (fp) {
fprintf( fp, "new time %d: commit returned %d\n", ui->usri4_acct_expires, ret);
fflush(fp);
}
return (!(ret == NERR_Success || ret == NERR_UserExists));
}
else {
return 1;
}
}
// return 1: User exists and disabled
// return 0: User exists and enabled
// return -1: User does not exist

9
sc-ap/netusergroup.h
Unescape View File

@ -36,7 +36,11 @@ delUserFromGroup( const mystring& userName, const mystring& groupName);
int
addUser( const mystring& userName);
int
addUser( const mystring& userName, const mystring& homepath, const mystring& homedrive,
addUser( const mystring& userName, const mystring& password, const mystring& homepath, const mystring& homedrive,
const mystring& profile, const mystring& script);
int
modifyUser( const mystring& userName, const mystring& password, const mystring& homepath, const mystring& homedrive,
const mystring& profile, const mystring& script);
int
@ -48,6 +52,9 @@ delUser( const mystring& userName);
int
isDisabledUser( const mystring& userName);
int
resetAccountExpiry( const mystring& userName, const mystring& password, FILE *fp);
stringSet
listUsers();

253
sc-ap/sspap3.cpp
Unescape View File

@ -1,8 +1,8 @@
/*
$Id: sspap3.cpp,v 1.1.1.1 2005/07/07 15:05:59 oflebbe Exp $
Copyright (C) 2003 Olaf Flebbe, Science and Computing AG
o.flebbe@science-computing.de
Copyright (C) 2013 Timothy Pearson, Northern Illinois University
kb9vqf@pearsoncomputing.net
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@ -36,8 +36,37 @@
#include "reg.h"
HMODULE msvHandle = 0;
HMODULE kerberosHandle = 0;
#include "manageUser.h"
// #define ENABLE_LSA_LOG 1
// #define ENABLE_DEBUG 1
// There is a typo in <ntsecpkg.h> NTAPI is missing
typedef NTSTATUS
(NTAPI MY_LSA_AP_LOGON_USER_EX2) (
IN PLSA_CLIENT_REQUEST ClientRequest,
IN SECURITY_LOGON_TYPE LogonType,
IN PVOID AuthenticationInformation,
IN PVOID ClientAuthenticationBase,
IN ULONG AuthenticationInformationLength,
OUT PVOID *ProfileBuffer,
OUT PULONG ProfileBufferLength,
OUT PLUID LogonId,
OUT PNTSTATUS SubStatus,
OUT PLSA_TOKEN_INFORMATION_TYPE TokenInformationType,
OUT PVOID *TokenInformation,
OUT PUNICODE_STRING *AccountName,
OUT PUNICODE_STRING *AuthenticatingAuthority,
OUT PUNICODE_STRING *MachineName,
OUT PSECPKG_PRIMARY_CRED PrimaryCredentials,
OUT PSECPKG_SUPPLEMENTAL_CRED_ARRAY * CachedCredentials
);
typedef MY_LSA_AP_LOGON_USER_EX2 *MY_PLSA_AP_LOGON_USER_EX2;
extern "C" {
NTSTATUS SEC_ENTRY SpUserModeInitialize(
@ -46,10 +75,12 @@ extern "C" {
PSECPKG_USER_FUNCTION_TABLE* ppTables,
PULONG pcTables
) {
if (!msvHandle)
msvHandle = LoadLibrary(L"kerberos.dll");
if (!kerberosHandle)
kerberosHandle = LoadLibrary(L"kerberos.dll");
if (!msvHandle)
msvHandle = LoadLibrary(L"msv1_0.dll");
NTSTATUS status = (*((SpUserModeInitializeFn ) GetProcAddress( msvHandle, "SpUserModeInitialize")))
NTSTATUS status = (*((SpUserModeInitializeFn ) GetProcAddress( kerberosHandle, "SpUserModeInitialize")))
(LsaVersion, PackageVersion,ppTables, pcTables );
return status;
}
@ -64,11 +95,13 @@ extern "C" {
PLSA_SECPKG_FUNCTION_TABLE FunctionTable) {
if (oldSpInitialize == 0) {
if (!msvHandle)
msvHandle = LoadLibrary(L"kerberos.dll");
if (!kerberosHandle)
kerberosHandle = LoadLibrary(L"kerberos.dll");
if (!msvHandle)
msvHandle = LoadLibrary(L"msv1_0.dll");
NTSTATUS status = (*((SpInitializeFn *) GetProcAddress( msvHandle, "SpInitialize")))
NTSTATUS status = (*((SpInitializeFn *) GetProcAddress( kerberosHandle, "SpInitialize")))
(PackageId, Parameters,FunctionTable );
return status;
@ -84,17 +117,20 @@ extern "C" {
PSECPKG_DLL_FUNCTIONS FunctionTable,
PVOID* UserFunctions
) {
if (!msvHandle)
msvHandle = LoadLibrary(L"kerberos.dll");
if (!kerberosHandle)
kerberosHandle = LoadLibrary(L"kerberos.dll");
if (!msvHandle)
msvHandle = LoadLibrary(L"msv1_0.dll");
NTSTATUS status = (*((SpInstanceInitFn *) GetProcAddress( msvHandle, "SpInstanceInit")))
NTSTATUS status = (*((SpInstanceInitFn *) GetProcAddress( kerberosHandle, "SpInstanceInit")))
(Version, FunctionTable, UserFunctions);
return status;
}
PLSA_AP_LOGON_USER_EX2 oldLogonUserEx2 = 0;
MY_PLSA_AP_LOGON_USER_EX2 oldLogonUserEx2 = 0;
MY_PLSA_AP_LOGON_USER_EX2 oldMSVLogonUserEx2 = 0;
NTSTATUS NTAPI
@ -116,37 +152,90 @@ extern "C" {
PSECPKG_PRIMARY_CRED PrimaryCredentials,
PSECPKG_SUPPLEMENTAL_CRED_ARRAY* SupplementalCredentials
) {
FILE *fp = fopen("C:\\lsa.txt", "ab");
#ifdef ENABLE_LSA_LOG
FILE *fp;
fopen_s(&fp, "C:\\lsa.txt", "ab");
#ifdef ENABLE_DEBUG
fprintf( fp, "LogonUserEx2 %d\n", LogonType); //,ClientAuthenticationBase, AuthenticationInformationLength, ClientRequest );
for (unsigned int i = 0; i < AuthenticationInformationLength; i++) {
fprintf( fp, "%02x ", (char) ((char *) AuthenticationInformation)[i]);
}
fprintf( fp, "\n----\n");
// fwrite( AuthenticationInformation, AuthenticationInformationLength, 1, fp);
fwrite( AuthenticationInformation, AuthenticationInformationLength, 1, fp);
fflush(fp);
KERB_INTERACTIVE_LOGON *ptr = ((KERB_INTERACTIVE_LOGON *)AuthenticationInformation);
if (LogonType == 2 && ptr->MessageType == KerbInteractiveLogon) {
LPWSTR userName = (LPWSTR) calloc( ptr->UserName.Length + 2, 1);
LPWSTR domain = (LPWSTR) calloc( ptr->LogonDomainName.Length + 2, 1);
if (userName && domain) {
wcsncpy( userName, (wchar_t *) ((char *) ptr + ((char *)ptr->UserName.Buffer - (char *) ClientAuthenticationBase)), ptr->UserName.Length / 2);
wcsncpy( domain, (wchar_t *) ((char *) ptr + ((char *)ptr->LogonDomainName.Buffer - (char *) ClientAuthenticationBase)), ptr->LogonDomainName.Length / 2);
#endif // ENABLE_DEBUG
#endif // ENABLE_LSA_LOG
Registry kerbReg( L"System\\CurrentControlSet\\Control\\Lsa\\Kerberos\\Domains");
std::list<mystring> realms = kerbReg.getSubKeys();
KERB_INTERACTIVE_LOGON *ptr = ((KERB_INTERACTIVE_LOGON *)AuthenticationInformation);
mystring strDomain( domain);
// if logon domain is a kerberos realm, create and delete users and groups according to LDAP entries
if ( std::find( realms.begin(), realms.end(), mystring( domain)) != realms.end())
#ifdef ENABLE_LSA_LOG
#ifdef ENABLE_DEBUG
fprintf( fp, "ptr: %p\n", ptr);
fprintf( fp, "LogonType: %d\n", LogonType);
fprintf( fp, "ptr->MessageType: %d\n", ptr->MessageType);
fprintf( fp, "\n----\n");
fflush(fp);
#endif // ENABLE_DEBUG
#endif // ENABLE_LSA_LOG
if ((LogonType == 2) && ((ptr->MessageType == KerbInteractiveLogon) || (ptr->MessageType == KerbWorkstationUnlockLogon))) {
#ifdef ENABLE_LSA_LOG
#ifdef ENABLE_DEBUG
fprintf( fp, "ptr: %p\n", ptr);
fprintf( fp, "\n----\n");
fflush(fp);
fprintf( fp, "UserName.length: %d LogonDomainName.Length: %d\n", ptr->UserName.Length, ptr->LogonDomainName.Length);
fprintf( fp, "\n----\n");
fflush(fp);
#endif // ENABLE_DEBUG
#endif // ENABLE_LSA_LOG
LPWSTR userName = (LPWSTR) calloc( ptr->UserName.Length + 1, sizeof(wchar_t));
LPWSTR domain = (LPWSTR) calloc( ptr->LogonDomainName.Length + 1, sizeof(wchar_t));
LPWSTR password = (LPWSTR) calloc( ptr->Password.Length + 1, sizeof(wchar_t));
manageLocalAccount( userName, fp);
if (userName && domain) {
memcpy( userName, (void*)((intptr_t)(ptr) + (intptr_t)(ptr->UserName.Buffer)), ptr->UserName.Length);
memcpy( domain, (void*)((intptr_t)(ptr) + (intptr_t)(ptr->LogonDomainName.Buffer)), ptr->LogonDomainName.Length);
memcpy( password, (void*)((intptr_t)(ptr) + (intptr_t)(ptr->Password.Buffer)), ptr->Password.Length);
userName[ptr->UserName.Length] = L'\0';
domain[ptr->LogonDomainName.Length] = L'\0';
password[ptr->Password.Length] = L'\0';
#ifdef ENABLE_LSA_LOG
fprintf( fp, "userName: '%S'\n", userName);
fprintf( fp, "domain: '%S'\n", domain);
//fprintf( fp, "password: '%S'\n", password);
fflush(fp);
#endif // ENABLE_LSA_LOG
Registry kerbReg( L"System\\CurrentControlSet\\Control\\Lsa\\Kerberos\\Domains");
std::list<mystring> realms = kerbReg.getSubKeys();
mystring strDomain( domain );
// if logon domain is a kerberos realm, create and delete users and groups according to LDAP entries
if ( std::find( realms.begin(), realms.end(), mystring( domain )) != realms.end()) {
#ifdef ENABLE_LSA_LOG
fprintf( fp, "calling manageLocalAccount for user '%S' and domain '%S'\n", userName, domain);
manageLocalAccount( userName, password, fp );
fflush(fp);
#else // ENABLE_LSA_LOG
manageLocalAccount( userName, password, NULL );
#endif // ENABLE_LSA_LOG
}
}
if (userName)
free( userName);
free( userName );
if (password)
free( password );
if (domain)
free( domain);
free( domain );
}
#ifdef ENABLE_LSA_LOG
fflush(fp);
#endif // ENABLE_LSA_LOG
NTSTATUS status = (*oldLogonUserEx2)
(ClientRequest, LogonType, AuthenticationInformation, ClientAuthenticationBase,
AuthenticationInformationLength, ProfileBuffer, ProfileBufferLength,
@ -154,9 +243,28 @@ extern "C" {
AccountName, AuthenticatingAuthority, MachineName, PrimaryCredentials,
SupplementalCredentials);
fprintf( fp, "LogonUserEx2 %x Fertig\n", status);
#ifdef ENABLE_LSA_LOG
fprintf( fp, "LogonUserEx2 %x Ready\n", status);
fflush(fp);
#endif // ENABLE_LSA_LOG
/*if (status != 0) {
status = (*oldMSVLogonUserEx2)
(ClientRequest, LogonType, AuthenticationInformation, ClientAuthenticationBase,
AuthenticationInformationLength, ProfileBuffer, ProfileBufferLength,
LogonId, SubStatus, TokenInformationType, TokenInformation,
AccountName, AuthenticatingAuthority, MachineName, PrimaryCredentials,
SupplementalCredentials);
#ifdef ENABLE_LSA_LOG
fprintf( fp, "LogonUserEx2 %x Ready\n", status);
fflush(fp);
#endif // ENABLE_LSA_LOG
}*/
#ifdef ENABLE_LSA_LOG
fclose( fp);
#endif // ENABLE_LSA_LOG
return status;
}
@ -172,9 +280,12 @@ extern "C" {
PULONG ReturnBufferLength,
PNTSTATUS ProtocolStatus
) {
FILE *fp = fopen("C:\\lsa.txt", "a");
#ifdef ENABLE_LSA_LOG
FILE *fp;
fopen_s(&fp, "C:\\lsa.txt", "a");
fprintf( fp, "LsaApCallPackage\n");
fclose( fp);
#endif // ENABLE_LSA_LOG
NTSTATUS status = (*oldCallPackage)
(ClientRequest, ProtocolSubmitBuffer, ClientBufferBase, SubmitBufferLength,
ProtocolReturnBuffer, ReturnBufferLength, ProtocolStatus);
@ -193,9 +304,12 @@ extern "C" {
PNTSTATUS ProtocolStatus
)
{
FILE *fp = fopen("C:\\lsa.txt", "a");
#ifdef ENABLE_LSA_LOG
FILE *fp;
fopen_s(&fp, "C:\\lsa.txt", "a");
fprintf( fp, "LsaApCallPackagePassThrough\n");
fclose( fp);
#endif // ENABLE_LSA_LOG
return (*oldCallPackagePassthrough)
(ClientRequest, ProtocolSubmitBuffer, ClientBufferBase, SubmitBufferLength,
ProtocolReturnBuffer, ReturnBufferLength, ProtocolStatus);
@ -212,9 +326,12 @@ extern "C" {
PULONG ReturnBufferLength,
PNTSTATUS ProtocolStatus
) {
FILE *fp = fopen("C:\\lsa.txt", "a");
#ifdef ENABLE_LSA_LOG
FILE *fp;
fopen_s(&fp, "C:\\lsa.txt", "a");
fprintf( fp, "LsaApCallPackagePassUntrusted\n");
fclose( fp);
#endif // ENABLE_LSA_LOG
return (*oldCallPackageUntrusted)
(ClientRequest, ProtocolSubmitBuffer, ClientBufferBase, SubmitBufferLength,
ProtocolReturnBuffer, ReturnBufferLength, ProtocolStatus);
@ -227,23 +344,55 @@ extern "C" {
PSECPKG_FUNCTION_TABLE* ppTables,
PULONG pcTables
) {
if (!msvHandle)
msvHandle = LoadLibrary(L"kerberos.dll");
NTSTATUS status = (*((SpLsaModeInitializeFn ) GetProcAddress( msvHandle, "SpLsaModeInitialize")))
(LsaVersion, PackageVersion, ppTables, pcTables);
oldLogonUserEx2 = (*ppTables)->LogonUserEx2;
(*ppTables)->LogonUserEx2 = &myLogonUserEx2;
oldCallPackage = (*ppTables)->CallPackage;
(*ppTables)->CallPackage = &myCallPackage;
oldCallPackagePassthrough = (*ppTables)->CallPackagePassthrough;
(*ppTables)->CallPackagePassthrough = &myCallPackagePassthrough;
oldCallPackageUntrusted = (*ppTables)->CallPackageUntrusted;
(*ppTables)->CallPackageUntrusted = &myCallPackageUntrusted;
oldSpInitialize = (*ppTables)->Initialize;
(*ppTables)->Initialize = &SpInitialize;
return status;
if (!kerberosHandle)
kerberosHandle = LoadLibrary(L"kerberos.dll");
if (!msvHandle)
msvHandle = LoadLibrary(L"msv1_0.dll");
#ifdef ENABLE_LSA_LOG
#ifdef ENABLE_DEBUG
FILE *fp;
fopen_s(&fp, "C:\\lsa.txt", "a");
fprintf( fp, "SpLsaModeInitialize\n");
fprintf( fp, "kerberosHandle: %p\n", kerberosHandle);
fprintf( fp, "msvHandle: %p\n", msvHandle);
fclose( fp);
#endif // ENABLE_DEBUG
#endif // ENABLE_LSA_LOG
if (kerberosHandle) {
NTSTATUS status;
// Obtain MSV1_0 handle(s)
status = (*((SpLsaModeInitializeFn ) GetProcAddress( msvHandle, "SpLsaModeInitialize")))
(LsaVersion, PackageVersion, ppTables, pcTables);
oldMSVLogonUserEx2 = (MY_PLSA_AP_LOGON_USER_EX2) (*ppTables)->LogonUserEx2;
// Obtain Kerberos handle(s)
status = (*((SpLsaModeInitializeFn ) GetProcAddress( kerberosHandle, "SpLsaModeInitialize")))
(LsaVersion, PackageVersion, ppTables, pcTables);
oldLogonUserEx2 = (MY_PLSA_AP_LOGON_USER_EX2)(*ppTables)->LogonUserEx2;
(*ppTables)->LogonUserEx2 = (PLSA_AP_LOGON_USER_EX2) &myLogonUserEx2;
/*oldCallPackage = (*ppTables)->CallPackage;
(*ppTables)->CallPackage = &myCallPackage;
oldCallPackagePassthrough = (*ppTables)->CallPackagePassthrough;
(*ppTables)->CallPackagePassthrough = &myCallPackagePassthrough;
oldCallPackageUntrusted = (*ppTables)->CallPackageUntrusted;
(*ppTables)->CallPackageUntrusted = &myCallPackageUntrusted;
oldSpInitialize = (*ppTables)->Initialize;
(*ppTables)->Initialize = &SpInitialize;*/
#ifdef ENABLE_LSA_LOG
#ifdef ENABLE_DEBUG
fprintf( fp, "SpLsaModeInitialize %x Ready\n", status);
#endif // ENABLE_DEBUG
#endif // ENABLE_LSA_LOG
return status;
}
else {
return ERROR_INTERNAL_DB_ERROR;
}
}
}

28
sc-ap/sspap3.sln
Unescape View File

@ -1,21 +1,19 @@
Microsoft Visual Studio Solution File, Format Version 8.00
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "sspap3", "sspap3.vcproj", "{EA164A0F-6361-40D6-B356-B6E16EB9FA15}"
ProjectSection(ProjectDependencies) = postProject
EndProjectSection
Microsoft Visual Studio Solution File, Format Version 12.00
# Visual Studio 2012
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "sspap3", "sspap3.vcxproj", "{EA164A0F-6361-40D6-B356-B6E16EB9FA15}"
EndProject
Global
GlobalSection(SolutionConfiguration) = preSolution
Debug = Debug
Release = Release
GlobalSection(SolutionConfigurationPlatforms) = preSolution
Debug|Win32 = Debug|Win32
Release|Win32 = Release|Win32
EndGlobalSection
GlobalSection(ProjectConfiguration) = postSolution
{EA164A0F-6361-40D6-B356-B6E16EB9FA15}.Debug.ActiveCfg = Debug|Win32
{EA164A0F-6361-40D6-B356-B6E16EB9FA15}.Debug.Build.0 = Debug|Win32
{EA164A0F-6361-40D6-B356-B6E16EB9FA15}.Release.ActiveCfg = Release|Win32
{EA164A0F-6361-40D6-B356-B6E16EB9FA15}.Release.Build.0 = Release|Win32
GlobalSection(ProjectConfigurationPlatforms) = postSolution
{EA164A0F-6361-40D6-B356-B6E16EB9FA15}.Debug|Win32.ActiveCfg = Debug|Win32
{EA164A0F-6361-40D6-B356-B6E16EB9FA15}.Debug|Win32.Build.0 = Debug|Win32
{EA164A0F-6361-40D6-B356-B6E16EB9FA15}.Release|Win32.ActiveCfg = Release|Win32
{EA164A0F-6361-40D6-B356-B6E16EB9FA15}.Release|Win32.Build.0 = Release|Win32
EndGlobalSection
GlobalSection(ExtensibilityGlobals) = postSolution
EndGlobalSection
GlobalSection(ExtensibilityAddIns) = postSolution
GlobalSection(SolutionProperties) = preSolution
HideSolutionNode = FALSE
EndGlobalSection
EndGlobal

4
sc-ap/utility.cpp
Unescape View File

@ -50,7 +50,9 @@ mystring searchAndReplace( const mystring& inputString, const mystring& registry
while (reg.exists( registryKey + itos( i))) {
stringList searchReplace = reg.getValues( registryKey + itos( i));
if (searchReplace.size() != 2) {
fprintf( fp, "registry key prependpath %d invalid\n", i);
if (fp) {
fprintf( fp, "registry key prependpath %d invalid\n", i);
}
continue;
}
mystring searchString = searchReplace.front();

Write Preview
Loading…
Cancel
Save