2020-09-30 16:53:55 +02:00

775 lines
22 KiB
C++

/******************************************************************************
*
* Copyright (c) 2000 Microsoft Corporation
*
* Module Name:
* srpasswd.cpp
*
* Abstract:
* password filter routines to restore user's latest passwords
*
* Revision History:
* Henry Lee (henrylee) 06/27/2000 created
*
*****************************************************************************/
#include "stdwin.h"
#include <ntlsa.h>
#include <ntsam.h>
extern "C"
{
#include <ntsamp.h>
#include <recovery.h>
}
#include "rstrcore.h"
extern CSRClientLoader g_CSRClientLoader;
//+---------------------------------------------------------------------------
//
// Function: RegisterNotificationDLL
//
// Synopsis: registers/unregisters this DLL
//
// Arguments: [fRegister] -- TRUE to register, FALSE to unregister
// [hKeyLM] -- key for HKEY_LOCAL_MACHINE or System
//
// History: 12-Apr-2000 HenryLee Created
//
//----------------------------------------------------------------------------
DWORD RegisterNotificationDLL (HKEY hKeyLM, BOOL fRegister)
{
HKEY hKey = NULL;
DWORD dwErr = ERROR_SUCCESS;
ULONG ulType;
ULONG ulSize = MAX_PATH * sizeof(WCHAR);
WCHAR wcsBuffer[MAX_PATH];
WCHAR wcsFileName[MAX_PATH];
GetModuleFileNameW (g_hInst, wcsFileName, MAX_PATH);
const ULONG ccFileName = lstrlenW (wcsFileName) + 1;
if (hKeyLM == HKEY_LOCAL_MACHINE)
{
lstrcpy (wcsBuffer, L"System\\CurrentControlSet\\Control\\Lsa");
}
else
{
lstrcpy(wcsBuffer, L"CurrentControlSet\\Control\\Lsa");
ChangeCCS(hKeyLM, wcsBuffer);
}
dwErr = RegOpenKeyExW (hKeyLM, wcsBuffer,
0, KEY_READ | KEY_WRITE, &hKey);
if (dwErr != ERROR_SUCCESS)
goto Err;
dwErr = RegQueryValueEx (hKey, L"Notification Packages",
0, &ulType, (BYTE *) wcsBuffer, &ulSize);
if (dwErr != ERROR_SUCCESS)
goto Err;
for (ULONG i=0; i < ulSize/sizeof(WCHAR); i += lstrlenW(&wcsBuffer[i])+1)
{
if (fRegister) // append at end
{
if (lstrcmpi (&wcsBuffer[i], wcsFileName) == 0)
goto Err; // it's already registered
if (wcsBuffer[i] == L'\0') // end of list
{
lstrcpy (&wcsBuffer[i], wcsFileName);
wcsBuffer[ i + ccFileName ] = L'\0'; // add double NULL
ulSize += ccFileName * sizeof(WCHAR);
break;
}
}
else // remove from the end
{
if (lstrcmpi (&wcsBuffer[i], wcsFileName) == 0)
{
wcsBuffer[i] = L'\0';
ulSize -= ccFileName * sizeof(WCHAR);
break;
}
}
}
dwErr = RegSetValueExW (hKey, L"Notification Packages",
0, ulType, (BYTE *) wcsBuffer, ulSize);
Err:
if (hKey != NULL)
RegCloseKey (hKey);
return dwErr;
}
//+---------------------------------------------------------------------------
//
// Function: GetDomainId
//
// Synopsis: stolen from setup, get the local domain ID
//
// Arguments: [ServerHandle] -- handle to the local SAM server
// [pDomainId] -- output domain ID
//
// History: 12-Apr-2000 HenryLee Created
//
//----------------------------------------------------------------------------
NTSTATUS GetDomainId (SAM_HANDLE ServerHandle, PSID * pDomainId )
{
NTSTATUS status = STATUS_SUCCESS;
SAM_ENUMERATE_HANDLE EnumContext;
PSAM_RID_ENUMERATION EnumBuffer = NULL;
DWORD CountReturned = 0;
PSID LocalDomainId = NULL;
DWORD LocalBuiltinDomainSid[sizeof(SID) / sizeof(DWORD) +
SID_MAX_SUB_AUTHORITIES];
SID_IDENTIFIER_AUTHORITY BuiltinAuthority = SECURITY_NT_AUTHORITY;
BOOL bExit = FALSE;
//
// Compute the builtin domain sid.
//
RtlInitializeSid((PSID) LocalBuiltinDomainSid, &BuiltinAuthority, 1);
*(RtlSubAuthoritySid((PSID)LocalBuiltinDomainSid, 0)) = SECURITY_BUILTIN_DOMAIN_RID;
//
// Loop getting the list of domain ids from SAM
//
EnumContext = 0;
do
{
//
// Get several domain names.
//
status = SamEnumerateDomainsInSamServer (
ServerHandle,
&EnumContext,
(PVOID *) &EnumBuffer,
8192,
&CountReturned );
if (!NT_SUCCESS (status))
{
goto exit;
}
if (status != STATUS_MORE_ENTRIES)
{
bExit = TRUE;
}
//
// Lookup the domain ids for the domains
//
for (ULONG i = 0; i < CountReturned; i++)
{
//
// Free the sid from the previous iteration.
//
if (LocalDomainId != NULL)
{
SamFreeMemory (LocalDomainId);
LocalDomainId = NULL;
}
//
// Lookup the domain id
//
status = SamLookupDomainInSamServer (
ServerHandle,
&EnumBuffer[i].Name,
&LocalDomainId );
if (!NT_SUCCESS (status))
{
goto exit;
}
if (RtlEqualSid ((PSID)LocalBuiltinDomainSid, LocalDomainId))
{
continue;
}
*pDomainId = LocalDomainId;
LocalDomainId = NULL;
status = STATUS_SUCCESS;
goto exit;
}
SamFreeMemory(EnumBuffer);
EnumBuffer = NULL;
}
while (!bExit);
status = STATUS_NO_SUCH_DOMAIN;
exit:
if (EnumBuffer != NULL)
SamFreeMemory(EnumBuffer);
return status;
}
//+---------------------------------------------------------------------------
//
// Function: ForAllUsers
//
// Synopsis: iterate password changing for all local users
//
// Arguments: [hSam] -- handle to open SAM hive
// [hSecurity] -- handle to open SECURITY hive
// [hSystem] -- handle to open SYSTEM hive
//
// History: 12-Apr-2000 HenryLee Created
//
//----------------------------------------------------------------------------
NTSTATUS ForAllUsers (HKEY hSam, HKEY hSecurity, HKEY hSystem)
{
NTSTATUS nts = STATUS_SUCCESS;
NTSTATUS ntsEnum = STATUS_SUCCESS;
BOOLEAN bPresent;
BOOLEAN bNonNull;
SAM_HANDLE ServerHandle = NULL;
SAM_HANDLE DomainHandle = NULL;
SAM_HANDLE UserHandle;
SAM_ENUMERATE_HANDLE EnumerationContext = NULL;
SAM_RID_ENUMERATION *SamRidEnumeration;
ULONG CountOfEntries;
ULONG UserRid;
UNICODE_STRING us;
PSID LocalDomainId = NULL;
USER_INTERNAL1_INFORMATION UserPasswordInfo;
RtlInitUnicodeString (&us, L""); // this machine
nts = SamConnect (&us, &ServerHandle,
SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN |
SAM_SERVER_ENUMERATE_DOMAINS,
NULL);
if (!NT_SUCCESS(nts))
goto Err;
nts = GetDomainId (ServerHandle, &LocalDomainId);
if (!NT_SUCCESS(nts))
goto Err;
nts = SamOpenDomain( ServerHandle,
DOMAIN_READ | DOMAIN_LIST_ACCOUNTS | DOMAIN_LOOKUP |
DOMAIN_READ_PASSWORD_PARAMETERS,
LocalDomainId,
&DomainHandle );
if (!NT_SUCCESS(nts))
goto Err;
do
{
ntsEnum = nts = SamEnumerateUsersInDomain (
DomainHandle,
&EnumerationContext,
0,
(PVOID *) &SamRidEnumeration,
0,
&CountOfEntries);
if (nts != STATUS_MORE_ENTRIES && !NT_SUCCESS(nts))
{
goto Err;
}
for (UINT i=0; i < CountOfEntries; i++)
{
ULONG UserRid = SamRidEnumeration[i].RelativeId;
nts = SamRetrieveOwfPasswordUser( UserRid,
hSecurity,
hSam,
hSystem,
NULL, /* boot key not supported */
0, /* boot key not supported */
&UserPasswordInfo.NtOwfPassword,
&bPresent,
&bNonNull);
if (!NT_SUCCESS(nts))
continue;
nts = SamOpenUser (DomainHandle,
USER_READ_ACCOUNT | USER_WRITE_ACCOUNT |
USER_CHANGE_PASSWORD |
USER_FORCE_PASSWORD_CHANGE,
UserRid,
&UserHandle);
if (NT_SUCCESS(nts))
{
UserPasswordInfo.NtPasswordPresent = bPresent;
UserPasswordInfo.LmPasswordPresent = FALSE;
UserPasswordInfo.PasswordExpired = FALSE;
nts = SamSetInformationUser(UserHandle,
UserInternal1Information,
&UserPasswordInfo);
SamCloseHandle (UserHandle);
}
}
SamFreeMemory (SamRidEnumeration);
}
while (ntsEnum == STATUS_MORE_ENTRIES);
Err:
if (ServerHandle != NULL)
SamCloseHandle (ServerHandle);
if (DomainHandle != NULL)
SamCloseHandle (DomainHandle);
if (LocalDomainId != NULL)
SamFreeMemory (LocalDomainId);
return nts;
}
//+---------------------------------------------------------------------------
//
// Function: RestoreLsaSecrets
//
// Synopsis: restore machine account and autologon passwords
//
// Arguments:
//
// History: 12-Apr-2000 HenryLee Created
//
//----------------------------------------------------------------------------
DWORD RestoreLsaSecrets ()
{
HKEY hKey = NULL;
LSA_OBJECT_ATTRIBUTES loa;
LSA_HANDLE hLsa = NULL;
DWORD dwErr = ERROR_SUCCESS;
ULONG ulSize = 0;
ULONG ulType = 0;
WCHAR wcsBuffer [MAX_PATH];
loa.Length = sizeof(LSA_OBJECT_ATTRIBUTES);
loa.RootDirectory = NULL;
loa.ObjectName = NULL;
loa.Attributes = 0;
loa.SecurityDescriptor = NULL;
loa.SecurityQualityOfService = NULL;
if (LSA_SUCCESS (LsaOpenPolicy(NULL, &loa,
POLICY_VIEW_LOCAL_INFORMATION, &hLsa)))
{
dwErr = RegOpenKeyExW (HKEY_LOCAL_MACHINE, s_cszSRRegKey,
0, KEY_READ | KEY_WRITE, &hKey);
if (dwErr != ERROR_SUCCESS)
goto Err;
ulSize = MAX_PATH * sizeof(WCHAR);
if (ERROR_SUCCESS == RegQueryValueEx (hKey, s_cszMachineSecret,
0, &ulType, (BYTE *) wcsBuffer, &ulSize))
{
wcsBuffer [ulSize / 2] = L'\0';
dwErr = SetLsaSecret (hLsa, s_cszMachineSecret, wcsBuffer);
if (ERROR_SUCCESS != dwErr)
goto Err;
RegDeleteValueW (hKey, s_cszMachineSecret);
}
ulSize = MAX_PATH * sizeof(WCHAR);
if (ERROR_SUCCESS == RegQueryValueEx (hKey, s_cszAutologonSecret,
0, &ulType, (BYTE *) wcsBuffer, &ulSize))
{
wcsBuffer [ulSize / 2] = L'\0';
dwErr = SetLsaSecret (hLsa, s_cszAutologonSecret, wcsBuffer);
if (ERROR_SUCCESS != dwErr)
goto Err;
RegDeleteValueW (hKey, s_cszAutologonSecret);
}
}
Err:
if (hKey != NULL)
RegCloseKey (hKey);
return dwErr;
}
//+---------------------------------------------------------------------------
//
// Function: RestoreRIDs
//
// Synopsis: restore next availble RID and password
//
// Arguments:
//
// History: 12-Apr-2000 HenryLee Created
//
//----------------------------------------------------------------------------
DWORD RestoreRIDs (WCHAR *pszSamPath)
{
HKEY hKeySam = NULL;
DWORD dwErr = ERROR_SUCCESS;
ULONG ulNextRid = 0;
ULONG ulOldRid = 0;
TENTER("RestoreRIDs");
dwErr = RegLoadKeyW (HKEY_LOCAL_MACHINE, s_cszRestoreSAMHiveName,
pszSamPath);
if (dwErr != ERROR_SUCCESS)
{
trace(0, "! RegLoadKeyW : %ld", dwErr);
goto Err;
}
dwErr = RegOpenKeyW (HKEY_LOCAL_MACHINE, s_cszSamHiveName, &hKeySam);
if (dwErr != ERROR_SUCCESS)
{
trace(0, "! RegOpenKeyW on %S: %ld", s_cszSamHiveName, dwErr);
goto Err;
}
dwErr = RtlNtStatusToDosError(SamGetNextAvailableRid (hKeySam, &ulNextRid));
if (dwErr != ERROR_SUCCESS)
{
trace(0, "! SamGetNextAvailableRid : %ld", dwErr);
goto Err;
}
RegCloseKey (hKeySam);
hKeySam = NULL;
dwErr = RegOpenKeyW (HKEY_LOCAL_MACHINE, s_cszRestoreSAMHiveName, &hKeySam);
if (dwErr != ERROR_SUCCESS)
{
trace(0, "! RegOpenKeyW on %S: %ld", s_cszRestoreSAMHiveName, dwErr);
goto Err;
}
// as an optimization we don't set the RID if it didn't change
if (NT_SUCCESS(SamGetNextAvailableRid (hKeySam, &ulOldRid)) &&
ulNextRid > ulOldRid)
{
dwErr = RtlNtStatusToDosError(SamSetNextAvailableRid (hKeySam,
ulNextRid));
if (dwErr != ERROR_SUCCESS)
{
trace(0, "! SamSetNextAvailableRid : %ld", dwErr);
}
}
Err:
if (hKeySam != NULL)
{
RegCloseKey (hKeySam);
}
RegUnLoadKeyW (HKEY_LOCAL_MACHINE, s_cszRestoreSAMHiveName);
TLEAVE();
return dwErr;
}
DWORD RestorePasswords ()
{
HKEY hKeySam = NULL, hKeySecurity = NULL, hKeySystem = NULL;
DWORD dwErr = ERROR_SUCCESS;
WCHAR wcsSystem [MAX_PATH];
WCHAR wcsPath [MAX_PATH];
BOOLEAN OldPriv;
CRestorePoint rp;
DWORD dwTemp;
InitAsyncTrace();
TENTER("RestorePasswords");
// Attempt to get restore privilege
dwErr = RtlNtStatusToDosError (RtlAdjustPrivilege(SE_RESTORE_PRIVILEGE,
TRUE,
FALSE,
&OldPriv));
if (dwErr != ERROR_SUCCESS)
{
trace(0, "! RtlAdjustPrivilege : %ld", dwErr);
goto Err0;
}
if (FALSE == GetSystemDrive (wcsSystem))
{
dwErr = GetLastError();
trace(0, "! GetSystemDrive : %ld", dwErr);
goto Err;
}
dwErr = GetCurrentRestorePoint(rp);
if (dwErr != ERROR_SUCCESS)
{
trace(0, "! GetCurrentRestorePoint : %ld", dwErr);
goto Err;
}
MakeRestorePath (wcsPath, wcsSystem, rp.GetDir());
lstrcatW (wcsPath, SNAPSHOT_DIR_NAME);
lstrcatW (wcsPath, L"\\");
lstrcatW (wcsPath, s_cszHKLMFilePrefix);
lstrcatW (wcsPath, s_cszSamHiveName);
dwErr = RegLoadKeyW (HKEY_LOCAL_MACHINE, s_cszRestoreSAMHiveName, wcsPath);
if (dwErr != ERROR_SUCCESS)
{
trace(0, "! RegLoadKeyW on %S: %ld", s_cszRestoreSAMHiveName, dwErr);
goto Err;
}
dwErr = RegOpenKeyW (HKEY_LOCAL_MACHINE, s_cszRestoreSAMHiveName, &hKeySam);
if (dwErr != ERROR_SUCCESS)
{
trace(0, "! RegOpenKeyW on %S: %ld", s_cszRestoreSAMHiveName, dwErr);
goto Err;
}
MakeRestorePath (wcsPath, wcsSystem, rp.GetDir());
lstrcatW (wcsPath, SNAPSHOT_DIR_NAME);
lstrcatW (wcsPath, L"\\");
lstrcatW (wcsPath, s_cszHKLMFilePrefix);
lstrcatW (wcsPath, s_cszSecurityHiveName);
dwErr = RegLoadKeyW (HKEY_LOCAL_MACHINE, s_cszRestoreSECURITYHiveName, wcsPath);
if (dwErr != ERROR_SUCCESS)
{
trace(0, "! RegLoadKeyW on %S: %ld", s_cszRestoreSECURITYHiveName, dwErr);
goto Err;
}
dwErr = RegOpenKeyW (HKEY_LOCAL_MACHINE, s_cszRestoreSECURITYHiveName,&hKeySecurity);
if (dwErr != ERROR_SUCCESS)
{
trace(0, "! RegOpenKeyW on %S: %ld", s_cszRestoreSECURITYHiveName, dwErr);
goto Err;
}
MakeRestorePath (wcsPath, wcsSystem, rp.GetDir());
lstrcatW (wcsPath, SNAPSHOT_DIR_NAME);
lstrcatW (wcsPath, L"\\");
lstrcatW (wcsPath, s_cszHKLMFilePrefix);
lstrcatW (wcsPath, s_cszSystemHiveName);
dwErr = RegLoadKeyW (HKEY_LOCAL_MACHINE, s_cszRestoreSYSTEMHiveName, wcsPath);
if (dwErr != ERROR_SUCCESS)
{
trace(0, "! RegLoadKeyW on %S: %ld", s_cszRestoreSYSTEMHiveName, dwErr);
goto Err;
}
dwErr = RegOpenKeyW (HKEY_LOCAL_MACHINE, s_cszRestoreSYSTEMHiveName, &hKeySystem);
if (dwErr != ERROR_SUCCESS)
{
trace(0, "! RegOpenKeyW on %S: %ld", s_cszRestoreSYSTEMHiveName, dwErr);
goto Err;
}
dwErr = RtlNtStatusToDosError(ForAllUsers(hKeySam,hKeySecurity,hKeySystem));
if (dwErr != ERROR_SUCCESS)
{
trace(0, "! ForAllUsers : %ld", dwErr);
goto Err;
}
dwErr = RestoreLsaSecrets ();
if (dwErr != ERROR_SUCCESS)
{
trace(0, "! RestoreLsaSecrets : %ld", dwErr);
}
Err:
if (hKeySam != NULL)
{
RegCloseKey (hKeySam);
}
dwTemp = RegUnLoadKeyW (HKEY_LOCAL_MACHINE, s_cszRestoreSAMHiveName);
if (ERROR_SUCCESS != dwTemp)
{
trace(0, "! RegUnLoadKeyW 0n %S : %ld", s_cszRestoreSAMHiveName, dwTemp);
}
if (hKeySecurity != NULL)
{
RegCloseKey (hKeySecurity);
}
dwTemp = RegUnLoadKeyW (HKEY_LOCAL_MACHINE, s_cszRestoreSECURITYHiveName);
if (ERROR_SUCCESS != dwTemp)
{
trace(0, "! RegUnLoadKeyW 0n %S : %ld", s_cszRestoreSECURITYHiveName, dwTemp);
}
if (hKeySystem != NULL)
{
RegCloseKey (hKeySystem);
}
dwTemp = RegUnLoadKeyW (HKEY_LOCAL_MACHINE, s_cszRestoreSYSTEMHiveName);
if (ERROR_SUCCESS != dwTemp)
{
trace(0, "! RegUnLoadKeyW 0n %S : %ld", s_cszRestoreSYSTEMHiveName, dwTemp);
}
// restore the old privilege
RtlAdjustPrivilege(SE_RESTORE_PRIVILEGE, OldPriv, FALSE, &OldPriv);
Err0:
// unregister this notification package
RegisterNotificationDLL (HKEY_LOCAL_MACHINE, FALSE);
TermAsyncTrace();
return dwErr;
}
//+---------------------------------------------------------------------------
//
// Function: WaitForSAM
//
// Synopsis: waits for SAM database to initialize
//
// Arguments:
//
// History: 12-Apr-2000 HenryLee Created
//
//----------------------------------------------------------------------------
DWORD WINAPI WaitForSAM (VOID *pv)
{
NTSTATUS nts = STATUS_SUCCESS;
DWORD dwErr = ERROR_SUCCESS;
DWORD WaitStatus;
UNICODE_STRING EventName;
HANDLE EventHandle;
OBJECT_ATTRIBUTES EventAttributes;
// Load SRClient
g_CSRClientLoader.LoadSrClient();
//
// open SAM event
//
RtlInitUnicodeString( &EventName, L"\\SAM_SERVICE_STARTED");
InitializeObjectAttributes( &EventAttributes, &EventName, 0, 0, NULL );
nts = NtOpenEvent( &EventHandle,
SYNCHRONIZE|EVENT_MODIFY_STATE,
&EventAttributes );
if ( !NT_SUCCESS(nts))
{
if( nts == STATUS_OBJECT_NAME_NOT_FOUND )
{
//
// SAM hasn't created this event yet, let us create it now.
// SAM opens this event to set it.
//
nts = NtCreateEvent( &EventHandle,
SYNCHRONIZE|EVENT_MODIFY_STATE,
&EventAttributes,
NotificationEvent,
FALSE ); // The event is initially not signaled
if( nts == STATUS_OBJECT_NAME_EXISTS ||
nts == STATUS_OBJECT_NAME_COLLISION )
{
//
// second chance, if the SAM created the event before we did
//
nts = NtOpenEvent( &EventHandle,
SYNCHRONIZE|EVENT_MODIFY_STATE,
&EventAttributes );
}
}
}
//
// Loop waiting.
//
if (NT_SUCCESS(nts))
{
WaitStatus = WaitForSingleObject( EventHandle, 60*1000 ); // 60 Seconds
if ( WaitStatus == WAIT_TIMEOUT )
{
nts = STATUS_TIMEOUT;
}
else if ( WaitStatus != WAIT_OBJECT_0 )
{
nts = STATUS_UNSUCCESSFUL;
}
}
(VOID) NtClose( EventHandle );
if (NT_SUCCESS(nts)) // Okay, SAM is available
{
dwErr = RestorePasswords();
}
else
{
dwErr = RtlNtStatusToDosError (nts);
}
return dwErr;
}
//+---------------------------------------------------------------------------
//
// Function: InitializeChangeNotify and PasswordChangeNotify
//
// Synopsis: callback functions from SAM
//
// Arguments:
//
// History: 12-Apr-2000 HenryLee Created
//
//----------------------------------------------------------------------------
BOOLEAN NTAPI InitializeChangeNotify ()
{
// we will call LoadSRClient from WaitForSAM
HANDLE hThread = CreateThread (NULL,
0,
WaitForSAM,
NULL,
0,
NULL);
return TRUE;
}
NTSTATUS NTAPI PasswordChangeNotify ( PUNICODE_STRING UserName,
ULONG RelativeId,
PUNICODE_STRING NewPassword )
{
return STATUS_SUCCESS;
}