This commit is contained in:
manojampalam 2016-05-14 14:27:26 -07:00
parent bf41884f36
commit 64b305b3b2
3 changed files with 713 additions and 715 deletions

View File

@ -54,36 +54,36 @@ extern "C" {
NTSTATUS LsaAllocUnicodeString(PUNICODE_STRING *lsaStr, DWORD maxLen) NTSTATUS LsaAllocUnicodeString(PUNICODE_STRING *lsaStr, DWORD maxLen)
{ {
NTSTATUS ntStat = STATUS_NO_MEMORY; NTSTATUS ntStat = STATUS_NO_MEMORY;
FAIL(lsaStr == NULL); FAIL(lsaStr == NULL);
*lsaStr = (PUNICODE_STRING)LsaApi.AllocateLsaHeap(sizeof(UNICODE_STRING));
FAIL((*lsaStr) == NULL);
(*lsaStr)->Buffer = (WCHAR *)LsaApi.AllocateLsaHeap(sizeof(maxLen));
(*lsaStr)->Length = 0;
(*lsaStr)->MaximumLength = maxLen;
FAIL((*lsaStr)->Buffer == NULL);
ntStat = 0;
*lsaStr = (PUNICODE_STRING) LsaApi.AllocateLsaHeap(sizeof(UNICODE_STRING));
FAIL((*lsaStr) == NULL);
(*lsaStr) -> Buffer = (WCHAR *) LsaApi.AllocateLsaHeap(sizeof(maxLen));
(*lsaStr) -> Length = 0;
(*lsaStr) -> MaximumLength = maxLen;
FAIL((*lsaStr) -> Buffer == NULL);
ntStat = 0;
fail: fail:
if (ntStat) if (ntStat)
{ {
if (lsaStr && (*lsaStr)) if (lsaStr && (*lsaStr))
{ {
LsaApi.FreeLsaHeap((*lsaStr) -> Buffer); LsaApi.FreeLsaHeap((*lsaStr)->Buffer);
LsaApi.FreeLsaHeap((*lsaStr));
}
} LsaApi.FreeLsaHeap((*lsaStr));
}
return ntStat;
}
return ntStat;
} }
// //
@ -94,15 +94,15 @@ fail:
void LsaFreeUnicodeString(PUNICODE_STRING lsaStr) void LsaFreeUnicodeString(PUNICODE_STRING lsaStr)
{ {
if (lsaStr) if (lsaStr)
{ {
if (lsaStr -> Buffer) if (lsaStr->Buffer)
{ {
LsaApi.FreeLsaHeap(lsaStr -> Buffer); LsaApi.FreeLsaHeap(lsaStr->Buffer);
} }
LsaApi.FreeLsaHeap(lsaStr); LsaApi.FreeLsaHeap(lsaStr);
} }
} }
// //
@ -116,46 +116,46 @@ void LsaFreeUnicodeString(PUNICODE_STRING lsaStr)
NTSTATUS FillUnicodeString(UNICODE_STRING *lsaStr, const Char *str) NTSTATUS FillUnicodeString(UNICODE_STRING *lsaStr, const Char *str)
{ {
NTSTATUS ntStat = STATUS_NO_MEMORY; NTSTATUS ntStat = STATUS_NO_MEMORY;
DWORD cbSize = 0; DWORD cbSize = 0;
// //
// Is arguments ok? // Is arguments ok?
// //
FAIL(lsaStr == NULL); FAIL(lsaStr == NULL);
FAIL(lsaStr -> Buffer == NULL); FAIL(lsaStr->Buffer == NULL);
FAIL(str == NULL);
//
// Is string buffer too small?
//
cbSize = strlen(str);
FAIL(cbSize >= lsaStr->MaximumLength);
//
// Fill string buffer.
//
FAIL(str == NULL);
//
// Is string buffer too small?
//
cbSize = strlen(str);
FAIL(cbSize >= lsaStr -> MaximumLength);
//
// Fill string buffer.
//
#ifdef __VS_BUILD__ #ifdef __VS_BUILD__
_swprintf(lsaStr -> Buffer, L"%hs", str); _swprintf(lsaStr->Buffer, L"%hs", str);
#else #else
swprintf(lsaStr->Buffer, L"%hs", str); swprintf(lsaStr->Buffer, L"%hs", str);
#endif #endif
lsaStr -> Length = cbSize * 2; lsaStr->Length = cbSize * 2;
lsaStr -> Buffer[cbSize * 2] = 0x0000; lsaStr->Buffer[cbSize * 2] = 0x0000;
ntStat = STATUS_SUCCESS; ntStat = STATUS_SUCCESS;
fail: fail:
return ntStat; return ntStat;
} }

File diff suppressed because it is too large Load Diff

View File

@ -56,18 +56,22 @@ generate_user_token(wchar_t* user) {
LSA_OPERATIONAL_MODE mode; LSA_OPERATIONAL_MODE mode;
ULONG auth_package_id; ULONG auth_package_id;
NTSTATUS ret, subStatus; NTSTATUS ret, subStatus;
KERB_S4U_LOGON *s4u_logon = NULL; void * logon_info = NULL;
size_t logon_info_size; size_t logon_info_size;
LSA_STRING logon_process_name, auth_package_name, originName; LSA_STRING logon_process_name, auth_package_name, originName;
TOKEN_SOURCE sourceContext; TOKEN_SOURCE sourceContext;
PKERB_INTERACTIVE_PROFILE pProfile = NULL; PKERB_INTERACTIVE_PROFILE pProfile = NULL;
LUID logonId; LUID logonId;
QUOTA_LIMITS quotas; QUOTA_LIMITS quotas;
DWORD cbProfile; DWORD cbProfile;
BOOL domain_user = (wcschr(user, L'@') != NULL)? TRUE : FALSE;
InitLsaString(&logon_process_name, "ssh-agent"); InitLsaString(&logon_process_name, "ssh-agent");
//InitLsaString(&auth_package_name, MICROSOFT_KERBEROS_NAME_A); if (domain_user)
InitLsaString(&auth_package_name, "Negotiate"); InitLsaString(&auth_package_name, MICROSOFT_KERBEROS_NAME_A);
else
InitLsaString(&auth_package_name, "SSH-LSA");
InitLsaString(&originName, "sshd"); InitLsaString(&originName, "sshd");
if (ret = LsaRegisterLogonProcess(&logon_process_name, &lsa_handle, &mode) != STATUS_SUCCESS) if (ret = LsaRegisterLogonProcess(&logon_process_name, &lsa_handle, &mode) != STATUS_SUCCESS)
goto done; goto done;
@ -75,23 +79,33 @@ generate_user_token(wchar_t* user) {
if (ret = LsaLookupAuthenticationPackage(lsa_handle, &auth_package_name, &auth_package_id) != STATUS_SUCCESS) if (ret = LsaLookupAuthenticationPackage(lsa_handle, &auth_package_name, &auth_package_id) != STATUS_SUCCESS)
goto done; goto done;
logon_info_size = sizeof(KERB_S4U_LOGON); if (domain_user) {
logon_info_size += (wcslen(user) * 2 + 2); KERB_S4U_LOGON *s4u_logon;
s4u_logon = malloc(logon_info_size); logon_info_size = sizeof(KERB_S4U_LOGON);
if (s4u_logon == NULL) logon_info_size += (wcslen(user) * 2 + 2);
goto done; logon_info = malloc(logon_info_size);
if (logon_info == NULL)
goto done;
s4u_logon = (KERB_S4U_LOGON*)logon_info;
s4u_logon->MessageType = KerbS4ULogon;
s4u_logon->Flags = 0;
s4u_logon->ClientUpn.Length = wcslen(user) * 2;
s4u_logon->ClientUpn.MaximumLength = s4u_logon->ClientUpn.Length;
s4u_logon->ClientUpn.Buffer = (WCHAR*)(s4u_logon + 1);
memcpy(s4u_logon->ClientUpn.Buffer, user, s4u_logon->ClientUpn.Length + 2);
s4u_logon->ClientRealm.Length = 0;
s4u_logon->ClientRealm.MaximumLength = 0;
s4u_logon->ClientRealm.Buffer = 0;
}
else {
logon_info_size = (wcslen(user) + 1)*sizeof(wchar_t);
logon_info = malloc(logon_info_size);
if (logon_info == NULL)
goto done;
memcpy(logon_info, user, logon_info_size);
}
s4u_logon->MessageType = KerbS4ULogon; memcpy(sourceContext.SourceName,"sshagent", sizeof(sourceContext.SourceName));
s4u_logon->Flags = 0;
s4u_logon->ClientUpn.Length = wcslen(user) * 2;
s4u_logon->ClientUpn.MaximumLength = s4u_logon->ClientUpn.Length;
s4u_logon->ClientUpn.Buffer = (WCHAR*)(s4u_logon + 1);
memcpy(s4u_logon->ClientUpn.Buffer, user, s4u_logon->ClientUpn.Length + 2);
s4u_logon->ClientRealm.Length = 0;
s4u_logon->ClientRealm.MaximumLength = 0;
s4u_logon->ClientRealm.Buffer = 0;
memcpy(sourceContext.SourceName,".Jobs ", sizeof(sourceContext.SourceName));
if (AllocateLocallyUniqueId(&sourceContext.SourceIdentifier) != TRUE) if (AllocateLocallyUniqueId(&sourceContext.SourceIdentifier) != TRUE)
goto done; goto done;
@ -100,7 +114,7 @@ generate_user_token(wchar_t* user) {
&originName, &originName,
Network, Network,
auth_package_id, auth_package_id,
s4u_logon, logon_info,
logon_info_size, logon_info_size,
NULL, NULL,
&sourceContext, &sourceContext,
@ -115,8 +129,8 @@ generate_user_token(wchar_t* user) {
done: done:
if (lsa_handle) if (lsa_handle)
LsaDeregisterLogonProcess(lsa_handle); LsaDeregisterLogonProcess(lsa_handle);
if (s4u_logon) if (logon_info)
free(s4u_logon); free(logon_info);
if (pProfile) if (pProfile)
LsaFreeReturnBuffer(pProfile); LsaFreeReturnBuffer(pProfile);