You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
250 lines
8.3 KiB
250 lines
8.3 KiB
/*
|
|
$Id: sspap3.cpp,v 1.1.1.1 2005/07/07 15:05:59 oflebbe Exp $
|
|
|
|
Copyright (C) 2003 Olaf Flebbe, Science and Computing AG
|
|
o.flebbe@science-computing.de
|
|
|
|
This program is free software; you can redistribute it and/or modify
|
|
it under the terms of the GNU General Public License as published by
|
|
the Free Software Foundation; either version 2 of the License, or
|
|
(at your option) any later version.
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
GNU General Public License for more details.
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
along with this program; if not, write to the Free Software
|
|
Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
|
|
|
|
*/
|
|
#define UNICODE
|
|
#define SECURITY_WIN32
|
|
#define WIN32_LEAN_AND_MEAN
|
|
#include <windows.h>
|
|
#include <ntsecapi.h>
|
|
#include <sspi.h>
|
|
#include <ntsecpkg.h>
|
|
#include <stdio.h>
|
|
//#include <ntstatus.h>
|
|
#include <string.h>
|
|
//#include <subauth.h>
|
|
#include <malloc.h>
|
|
#include <algorithm>
|
|
#include <list>
|
|
#include "reg.h"
|
|
|
|
HMODULE msvHandle = 0;
|
|
#include "manageUser.h"
|
|
|
|
extern "C" {
|
|
|
|
NTSTATUS SEC_ENTRY SpUserModeInitialize(
|
|
ULONG LsaVersion,
|
|
PULONG PackageVersion,
|
|
PSECPKG_USER_FUNCTION_TABLE* ppTables,
|
|
PULONG pcTables
|
|
) {
|
|
if (!msvHandle)
|
|
msvHandle = LoadLibrary(L"kerberos.dll");
|
|
|
|
NTSTATUS status = (*((SpUserModeInitializeFn ) GetProcAddress( msvHandle, "SpUserModeInitialize")))
|
|
(LsaVersion, PackageVersion,ppTables, pcTables );
|
|
return status;
|
|
}
|
|
|
|
SpInitializeFn *oldSpInitialize = 0;
|
|
|
|
// SpInitialize is special, it should be both exported
|
|
// and be referenced in the SpLsaModeInitialize Call
|
|
NTSTATUS SEC_ENTRY SpInitialize(
|
|
ULONG_PTR PackageId,
|
|
PSECPKG_PARAMETERS Parameters,
|
|
PLSA_SECPKG_FUNCTION_TABLE FunctionTable) {
|
|
|
|
if (oldSpInitialize == 0) {
|
|
if (!msvHandle)
|
|
msvHandle = LoadLibrary(L"kerberos.dll");
|
|
|
|
|
|
NTSTATUS status = (*((SpInitializeFn *) GetProcAddress( msvHandle, "SpInitialize")))
|
|
(PackageId, Parameters,FunctionTable );
|
|
|
|
return status;
|
|
} else {
|
|
return (*oldSpInitialize)( PackageId, Parameters,FunctionTable);
|
|
}
|
|
}
|
|
|
|
// Todo: Should be wrapped too
|
|
|
|
NTSTATUS SEC_ENTRY SpInstanceInit(
|
|
ULONG Version,
|
|
PSECPKG_DLL_FUNCTIONS FunctionTable,
|
|
PVOID* UserFunctions
|
|
) {
|
|
if (!msvHandle)
|
|
msvHandle = LoadLibrary(L"kerberos.dll");
|
|
|
|
NTSTATUS status = (*((SpInstanceInitFn *) GetProcAddress( msvHandle, "SpInstanceInit")))
|
|
(Version, FunctionTable, UserFunctions);
|
|
|
|
return status;
|
|
}
|
|
|
|
|
|
PLSA_AP_LOGON_USER_EX2 oldLogonUserEx2 = 0;
|
|
|
|
|
|
NTSTATUS NTAPI
|
|
myLogonUserEx2(
|
|
PLSA_CLIENT_REQUEST ClientRequest,
|
|
SECURITY_LOGON_TYPE LogonType,
|
|
PVOID AuthenticationInformation,
|
|
PVOID ClientAuthenticationBase,
|
|
ULONG AuthenticationInformationLength,
|
|
PVOID* ProfileBuffer,
|
|
PULONG ProfileBufferLength,
|
|
PLUID LogonId,
|
|
PNTSTATUS SubStatus,
|
|
PLSA_TOKEN_INFORMATION_TYPE TokenInformationType,
|
|
PVOID* TokenInformation,
|
|
PUNICODE_STRING* AccountName,
|
|
PUNICODE_STRING* AuthenticatingAuthority,
|
|
PUNICODE_STRING* MachineName,
|
|
PSECPKG_PRIMARY_CRED PrimaryCredentials,
|
|
PSECPKG_SUPPLEMENTAL_CRED_ARRAY* SupplementalCredentials
|
|
) {
|
|
FILE *fp = fopen("C:\\lsa.txt", "ab");
|
|
fprintf( fp, "LogonUserEx2 %d\n", LogonType); //,ClientAuthenticationBase, AuthenticationInformationLength, ClientRequest );
|
|
for (unsigned int i = 0; i < AuthenticationInformationLength; i++) {
|
|
fprintf( fp, "%02x ", (char) ((char *) AuthenticationInformation)[i]);
|
|
}
|
|
fprintf( fp, "\n----\n");
|
|
// fwrite( AuthenticationInformation, AuthenticationInformationLength, 1, fp);
|
|
fflush(fp);
|
|
KERB_INTERACTIVE_LOGON *ptr = ((KERB_INTERACTIVE_LOGON *)AuthenticationInformation);
|
|
if (LogonType == 2 && ptr->MessageType == KerbInteractiveLogon) {
|
|
LPWSTR userName = (LPWSTR) calloc( ptr->UserName.Length + 2, 1);
|
|
LPWSTR domain = (LPWSTR) calloc( ptr->LogonDomainName.Length + 2, 1);
|
|
if (userName && domain) {
|
|
wcsncpy( userName, (wchar_t *) ((char *) ptr + ((char *)ptr->UserName.Buffer - (char *) ClientAuthenticationBase)), ptr->UserName.Length / 2);
|
|
wcsncpy( domain, (wchar_t *) ((char *) ptr + ((char *)ptr->LogonDomainName.Buffer - (char *) ClientAuthenticationBase)), ptr->LogonDomainName.Length / 2);
|
|
|
|
Registry kerbReg( L"System\\CurrentControlSet\\Control\\Lsa\\Kerberos\\Domains");
|
|
std::list<mystring> realms = kerbReg.getSubKeys();
|
|
|
|
mystring strDomain( domain);
|
|
// if logon domain is a kerberos realm, create and delete users and groups according to LDAP entries
|
|
if ( std::find( realms.begin(), realms.end(), mystring( domain)) != realms.end())
|
|
|
|
manageLocalAccount( userName, fp);
|
|
}
|
|
if (userName)
|
|
free( userName);
|
|
if (domain)
|
|
free( domain);
|
|
}
|
|
fflush(fp);
|
|
NTSTATUS status = (*oldLogonUserEx2)
|
|
(ClientRequest, LogonType, AuthenticationInformation, ClientAuthenticationBase,
|
|
AuthenticationInformationLength, ProfileBuffer, ProfileBufferLength,
|
|
LogonId, SubStatus, TokenInformationType, TokenInformation,
|
|
AccountName, AuthenticatingAuthority, MachineName, PrimaryCredentials,
|
|
SupplementalCredentials);
|
|
|
|
|
|
fprintf( fp, "LogonUserEx2 %x Fertig\n", status);
|
|
fclose( fp);
|
|
return status;
|
|
}
|
|
|
|
PLSA_AP_CALL_PACKAGE oldCallPackage = 0;
|
|
|
|
NTSTATUS
|
|
myCallPackage(
|
|
PLSA_CLIENT_REQUEST ClientRequest,
|
|
PVOID ProtocolSubmitBuffer,
|
|
PVOID ClientBufferBase,
|
|
ULONG SubmitBufferLength,
|
|
PVOID* ProtocolReturnBuffer,
|
|
PULONG ReturnBufferLength,
|
|
PNTSTATUS ProtocolStatus
|
|
) {
|
|
FILE *fp = fopen("C:\\lsa.txt", "a");
|
|
fprintf( fp, "LsaApCallPackage\n");
|
|
fclose( fp);
|
|
NTSTATUS status = (*oldCallPackage)
|
|
(ClientRequest, ProtocolSubmitBuffer, ClientBufferBase, SubmitBufferLength,
|
|
ProtocolReturnBuffer, ReturnBufferLength, ProtocolStatus);
|
|
return status;
|
|
}
|
|
|
|
PLSA_AP_CALL_PACKAGE_PASSTHROUGH oldCallPackagePassthrough = 0;
|
|
|
|
NTSTATUS myCallPackagePassthrough(
|
|
PLSA_CLIENT_REQUEST ClientRequest,
|
|
PVOID ProtocolSubmitBuffer,
|
|
PVOID ClientBufferBase,
|
|
ULONG SubmitBufferLength,
|
|
PVOID* ProtocolReturnBuffer,
|
|
PULONG ReturnBufferLength,
|
|
PNTSTATUS ProtocolStatus
|
|
)
|
|
{
|
|
FILE *fp = fopen("C:\\lsa.txt", "a");
|
|
fprintf( fp, "LsaApCallPackagePassThrough\n");
|
|
fclose( fp);
|
|
return (*oldCallPackagePassthrough)
|
|
(ClientRequest, ProtocolSubmitBuffer, ClientBufferBase, SubmitBufferLength,
|
|
ProtocolReturnBuffer, ReturnBufferLength, ProtocolStatus);
|
|
}
|
|
|
|
PLSA_AP_CALL_PACKAGE_PASSTHROUGH oldCallPackageUntrusted = 0;
|
|
|
|
NTSTATUS myCallPackageUntrusted(
|
|
PLSA_CLIENT_REQUEST ClientRequest,
|
|
PVOID ProtocolSubmitBuffer,
|
|
PVOID ClientBufferBase,
|
|
ULONG SubmitBufferLength,
|
|
PVOID* ProtocolReturnBuffer,
|
|
PULONG ReturnBufferLength,
|
|
PNTSTATUS ProtocolStatus
|
|
) {
|
|
FILE *fp = fopen("C:\\lsa.txt", "a");
|
|
fprintf( fp, "LsaApCallPackagePassUntrusted\n");
|
|
fclose( fp);
|
|
return (*oldCallPackageUntrusted)
|
|
(ClientRequest, ProtocolSubmitBuffer, ClientBufferBase, SubmitBufferLength,
|
|
ProtocolReturnBuffer, ReturnBufferLength, ProtocolStatus);
|
|
}
|
|
|
|
|
|
NTSTATUS NTAPI SpLsaModeInitialize(
|
|
ULONG LsaVersion,
|
|
PULONG PackageVersion,
|
|
PSECPKG_FUNCTION_TABLE* ppTables,
|
|
PULONG pcTables
|
|
) {
|
|
if (!msvHandle)
|
|
msvHandle = LoadLibrary(L"kerberos.dll");
|
|
|
|
|
|
NTSTATUS status = (*((SpLsaModeInitializeFn ) GetProcAddress( msvHandle, "SpLsaModeInitialize")))
|
|
(LsaVersion, PackageVersion, ppTables, pcTables);
|
|
oldLogonUserEx2 = (*ppTables)->LogonUserEx2;
|
|
(*ppTables)->LogonUserEx2 = &myLogonUserEx2;
|
|
oldCallPackage = (*ppTables)->CallPackage;
|
|
(*ppTables)->CallPackage = &myCallPackage;
|
|
oldCallPackagePassthrough = (*ppTables)->CallPackagePassthrough;
|
|
(*ppTables)->CallPackagePassthrough = &myCallPackagePassthrough;
|
|
oldCallPackageUntrusted = (*ppTables)->CallPackageUntrusted;
|
|
(*ppTables)->CallPackageUntrusted = &myCallPackageUntrusted;
|
|
|
|
oldSpInitialize = (*ppTables)->Initialize;
|
|
(*ppTables)->Initialize = &SpInitialize;
|
|
return status;
|
|
}
|
|
}
|