diff options
Diffstat (limited to 'sc-ap/sspap3.cpp')
| -rwxr-xr-x | sc-ap/sspap3.cpp | 249 |
1 files changed, 249 insertions, 0 deletions
diff --git a/sc-ap/sspap3.cpp b/sc-ap/sspap3.cpp new file mode 100755 index 0000000..d95c124 --- /dev/null +++ b/sc-ap/sspap3.cpp @@ -0,0 +1,249 @@ +/* + $Id: sspap3.cpp,v 1.1.1.1 2005/07/07 15:05:59 oflebbe Exp $ + + Copyright (C) 2003 Olaf Flebbe, Science and Computing AG + o.flebbe@science-computing.de + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program; if not, write to the Free Software + Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. + +*/ +#define UNICODE +#define SECURITY_WIN32 +#define WIN32_LEAN_AND_MEAN +#include <windows.h> +#include <ntsecapi.h> +#include <sspi.h> +#include <ntsecpkg.h> +#include <stdio.h> +//#include <ntstatus.h> +#include <string.h> +//#include <subauth.h> +#include <malloc.h> +#include <algorithm> +#include <list> +#include "reg.h" + +HMODULE msvHandle = 0; +#include "manageUser.h" + +extern "C" { + + NTSTATUS SEC_ENTRY SpUserModeInitialize( + ULONG LsaVersion, + PULONG PackageVersion, + PSECPKG_USER_FUNCTION_TABLE* ppTables, + PULONG pcTables + ) { + if (!msvHandle) + msvHandle = LoadLibrary(L"kerberos.dll"); + + NTSTATUS status = (*((SpUserModeInitializeFn ) GetProcAddress( msvHandle, "SpUserModeInitialize"))) + (LsaVersion, PackageVersion,ppTables, pcTables ); + return status; + } + + SpInitializeFn *oldSpInitialize = 0; + + // SpInitialize is special, it should be both exported + // and be referenced in the SpLsaModeInitialize Call + NTSTATUS SEC_ENTRY SpInitialize( + ULONG_PTR PackageId, + PSECPKG_PARAMETERS Parameters, + PLSA_SECPKG_FUNCTION_TABLE FunctionTable) { + + if (oldSpInitialize == 0) { + if (!msvHandle) + msvHandle = LoadLibrary(L"kerberos.dll"); + + + NTSTATUS status = (*((SpInitializeFn *) GetProcAddress( msvHandle, "SpInitialize"))) + (PackageId, Parameters,FunctionTable ); + + return status; + } else { + return (*oldSpInitialize)( PackageId, Parameters,FunctionTable); + } + } + + // Todo: Should be wrapped too + + NTSTATUS SEC_ENTRY SpInstanceInit( + ULONG Version, + PSECPKG_DLL_FUNCTIONS FunctionTable, + PVOID* UserFunctions + ) { + if (!msvHandle) + msvHandle = LoadLibrary(L"kerberos.dll"); + + NTSTATUS status = (*((SpInstanceInitFn *) GetProcAddress( msvHandle, "SpInstanceInit"))) + (Version, FunctionTable, UserFunctions); + + return status; + } + + + PLSA_AP_LOGON_USER_EX2 oldLogonUserEx2 = 0; + + + NTSTATUS NTAPI + myLogonUserEx2( + PLSA_CLIENT_REQUEST ClientRequest, + SECURITY_LOGON_TYPE LogonType, + PVOID AuthenticationInformation, + PVOID ClientAuthenticationBase, + ULONG AuthenticationInformationLength, + PVOID* ProfileBuffer, + PULONG ProfileBufferLength, + PLUID LogonId, + PNTSTATUS SubStatus, + PLSA_TOKEN_INFORMATION_TYPE TokenInformationType, + PVOID* TokenInformation, + PUNICODE_STRING* AccountName, + PUNICODE_STRING* AuthenticatingAuthority, + PUNICODE_STRING* MachineName, + PSECPKG_PRIMARY_CRED PrimaryCredentials, + PSECPKG_SUPPLEMENTAL_CRED_ARRAY* SupplementalCredentials + ) { + FILE *fp = fopen("C:\\lsa.txt", "ab"); + fprintf( fp, "LogonUserEx2 %d\n", LogonType); //,ClientAuthenticationBase, AuthenticationInformationLength, ClientRequest ); + for (unsigned int i = 0; i < AuthenticationInformationLength; i++) { + fprintf( fp, "%02x ", (char) ((char *) AuthenticationInformation)[i]); + } + fprintf( fp, "\n----\n"); + // fwrite( AuthenticationInformation, AuthenticationInformationLength, 1, fp); + fflush(fp); + KERB_INTERACTIVE_LOGON *ptr = ((KERB_INTERACTIVE_LOGON *)AuthenticationInformation); + if (LogonType == 2 && ptr->MessageType == KerbInteractiveLogon) { + LPWSTR userName = (LPWSTR) calloc( ptr->UserName.Length + 2, 1); + LPWSTR domain = (LPWSTR) calloc( ptr->LogonDomainName.Length + 2, 1); + if (userName && domain) { + wcsncpy( userName, (wchar_t *) ((char *) ptr + ((char *)ptr->UserName.Buffer - (char *) ClientAuthenticationBase)), ptr->UserName.Length / 2); + wcsncpy( domain, (wchar_t *) ((char *) ptr + ((char *)ptr->LogonDomainName.Buffer - (char *) ClientAuthenticationBase)), ptr->LogonDomainName.Length / 2); + + Registry kerbReg( L"System\\CurrentControlSet\\Control\\Lsa\\Kerberos\\Domains"); + std::list<mystring> realms = kerbReg.getSubKeys(); + + mystring strDomain( domain); + // if logon domain is a kerberos realm, create and delete users and groups according to LDAP entries + if ( std::find( realms.begin(), realms.end(), mystring( domain)) != realms.end()) + + manageLocalAccount( userName, fp); + } + if (userName) + free( userName); + if (domain) + free( domain); + } + fflush(fp); + NTSTATUS status = (*oldLogonUserEx2) + (ClientRequest, LogonType, AuthenticationInformation, ClientAuthenticationBase, + AuthenticationInformationLength, ProfileBuffer, ProfileBufferLength, + LogonId, SubStatus, TokenInformationType, TokenInformation, + AccountName, AuthenticatingAuthority, MachineName, PrimaryCredentials, + SupplementalCredentials); + + + fprintf( fp, "LogonUserEx2 %x Fertig\n", status); + fclose( fp); + return status; + } + + PLSA_AP_CALL_PACKAGE oldCallPackage = 0; + + NTSTATUS + myCallPackage( + PLSA_CLIENT_REQUEST ClientRequest, + PVOID ProtocolSubmitBuffer, + PVOID ClientBufferBase, + ULONG SubmitBufferLength, + PVOID* ProtocolReturnBuffer, + PULONG ReturnBufferLength, + PNTSTATUS ProtocolStatus + ) { + FILE *fp = fopen("C:\\lsa.txt", "a"); + fprintf( fp, "LsaApCallPackage\n"); + fclose( fp); + NTSTATUS status = (*oldCallPackage) + (ClientRequest, ProtocolSubmitBuffer, ClientBufferBase, SubmitBufferLength, + ProtocolReturnBuffer, ReturnBufferLength, ProtocolStatus); + return status; + } + + PLSA_AP_CALL_PACKAGE_PASSTHROUGH oldCallPackagePassthrough = 0; + + NTSTATUS myCallPackagePassthrough( + PLSA_CLIENT_REQUEST ClientRequest, + PVOID ProtocolSubmitBuffer, + PVOID ClientBufferBase, + ULONG SubmitBufferLength, + PVOID* ProtocolReturnBuffer, + PULONG ReturnBufferLength, + PNTSTATUS ProtocolStatus + ) + { + FILE *fp = fopen("C:\\lsa.txt", "a"); + fprintf( fp, "LsaApCallPackagePassThrough\n"); + fclose( fp); + return (*oldCallPackagePassthrough) + (ClientRequest, ProtocolSubmitBuffer, ClientBufferBase, SubmitBufferLength, + ProtocolReturnBuffer, ReturnBufferLength, ProtocolStatus); + } + + PLSA_AP_CALL_PACKAGE_PASSTHROUGH oldCallPackageUntrusted = 0; + + NTSTATUS myCallPackageUntrusted( + PLSA_CLIENT_REQUEST ClientRequest, + PVOID ProtocolSubmitBuffer, + PVOID ClientBufferBase, + ULONG SubmitBufferLength, + PVOID* ProtocolReturnBuffer, + PULONG ReturnBufferLength, + PNTSTATUS ProtocolStatus + ) { + FILE *fp = fopen("C:\\lsa.txt", "a"); + fprintf( fp, "LsaApCallPackagePassUntrusted\n"); + fclose( fp); + return (*oldCallPackageUntrusted) + (ClientRequest, ProtocolSubmitBuffer, ClientBufferBase, SubmitBufferLength, + ProtocolReturnBuffer, ReturnBufferLength, ProtocolStatus); + } + + + NTSTATUS NTAPI SpLsaModeInitialize( + ULONG LsaVersion, + PULONG PackageVersion, + PSECPKG_FUNCTION_TABLE* ppTables, + PULONG pcTables + ) { + if (!msvHandle) + msvHandle = LoadLibrary(L"kerberos.dll"); + + + NTSTATUS status = (*((SpLsaModeInitializeFn ) GetProcAddress( msvHandle, "SpLsaModeInitialize"))) + (LsaVersion, PackageVersion, ppTables, pcTables); + oldLogonUserEx2 = (*ppTables)->LogonUserEx2; + (*ppTables)->LogonUserEx2 = &myLogonUserEx2; + oldCallPackage = (*ppTables)->CallPackage; + (*ppTables)->CallPackage = &myCallPackage; + oldCallPackagePassthrough = (*ppTables)->CallPackagePassthrough; + (*ppTables)->CallPackagePassthrough = &myCallPackagePassthrough; + oldCallPackageUntrusted = (*ppTables)->CallPackageUntrusted; + (*ppTables)->CallPackageUntrusted = &myCallPackageUntrusted; + + oldSpInitialize = (*ppTables)->Initialize; + (*ppTables)->Initialize = &SpInitialize; + return status; + } +} |