windows-nt/Source/XPSP1/NT/net/rras/ras/ppp/raschap/ntauth.c
2020-09-26 16:20:57 +08:00

996 lines
30 KiB
C
Raw Permalink Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

/* Copyright (c) 1993, Microsoft Corporation, all rights reserved
**
** ntauth.c
** Remote Access PPP Challenge Handshake Authentication Protocol
** NT Authentication routines
**
** These routines are specific to the NT platform.
**
** 11/05/93 Steve Cobb (from MikeSa's AMB authentication code)
*/
#include <nt.h>
#include <ntrtl.h>
#include <nturtl.h>
#include <ntlsa.h>
#include <ntmsv1_0.h>
#include <crypt.h>
#include <windows.h>
#include <lmcons.h>
#include <lmapibuf.h>
#include <lmaccess.h>
#include <raserror.h>
#include <string.h>
#include <stdlib.h>
#include <rasman.h>
#include <rasppp.h>
#include <pppcp.h>
#include <rtutils.h>
#include <rasauth.h>
#define INCL_CLSA
#define INCL_RASAUTHATTRIBUTES
#define INCL_HOSTWIRE
#define INCL_MISC
#include <ppputil.h>
#include "sha.h"
#include "raschap.h"
//**
//
// Call: MakeChangePasswordV1RequestAttributes
//
// Returns: NO_ERROR - Success
// Non-zero returns - Failure
//
// Description:
//
DWORD
MakeChangePasswordV1RequestAttributes(
IN CHAPWB* pwb,
IN BYTE bId,
IN PCHAR pchIdentity,
IN PBYTE Challenge,
IN PENCRYPTED_LM_OWF_PASSWORD pEncryptedLmOwfOldPassword,
IN PENCRYPTED_LM_OWF_PASSWORD pEncryptedLmOwfNewPassword,
IN PENCRYPTED_NT_OWF_PASSWORD pEncryptedNtOwfOldPassword,
IN PENCRYPTED_NT_OWF_PASSWORD pEncryptedNtOwfNewPassword,
IN WORD LenPassword,
IN WORD wFlags,
IN DWORD cbChallenge,
IN BYTE * pbChallenge
)
{
DWORD dwRetCode;
BYTE MsChapChangePw1[72+6];
BYTE MsChapChallenge[MAXCHALLENGELEN+6];
if ( pwb->pUserAttributes != NULL )
{
RasAuthAttributeDestroy( pwb->pUserAttributes );
pwb->pUserAttributes = NULL;
}
//
// Allocate the appropriate amount
//
if ( ( pwb->pUserAttributes = RasAuthAttributeCreate( 3 ) ) == NULL )
{
return( GetLastError() );
}
dwRetCode = RasAuthAttributeInsert( 0,
pwb->pUserAttributes,
raatUserName,
FALSE,
strlen( pchIdentity ),
pchIdentity );
if ( dwRetCode != NO_ERROR )
{
RasAuthAttributeDestroy( pwb->pUserAttributes );
pwb->pUserAttributes = NULL;
return( dwRetCode );
}
//
// Build vendor specific attribute for MS-CHAP challenge
//
HostToWireFormat32( 311, MsChapChallenge ); // Vendor Id
MsChapChallenge[4] = 11; // Vendor Type
MsChapChallenge[5] = 2+(BYTE)cbChallenge; // Vendor Length
CopyMemory( MsChapChallenge+6, pbChallenge, cbChallenge );
dwRetCode = RasAuthAttributeInsert( 1,
pwb->pUserAttributes,
raatVendorSpecific,
FALSE,
cbChallenge+6,
MsChapChallenge);
if ( dwRetCode != NO_ERROR )
{
RasAuthAttributeDestroy( pwb->pUserAttributes );
pwb->pUserAttributes = NULL;
return( dwRetCode );
}
//
// Insert change password attribute
//
HostToWireFormat32( 311, MsChapChangePw1 ); // Vendor Id
MsChapChangePw1[4] = 3; // Vendor Type
MsChapChangePw1[5] = 72; // Vendor Length
MsChapChangePw1[6] = 5; // Code
MsChapChangePw1[7] = bId; // Identifier
CopyMemory( MsChapChangePw1+8,
pEncryptedLmOwfOldPassword,
16 );
CopyMemory( MsChapChangePw1+8+16,
pEncryptedLmOwfNewPassword,
16 );
CopyMemory( MsChapChangePw1+8+16+16,
pEncryptedNtOwfOldPassword,
16 );
CopyMemory( MsChapChangePw1+8+16+16+16,
pEncryptedNtOwfNewPassword,
16 );
HostToWireFormat16( LenPassword, MsChapChangePw1+8+16+16+16+16 );
HostToWireFormat16( wFlags, MsChapChangePw1+8+16+16+16+16+2 );
//
// Build vendor specific attribute for MS-CHAP change password 1
//
dwRetCode = RasAuthAttributeInsert( 2,
pwb->pUserAttributes,
raatVendorSpecific,
FALSE,
72+4,
MsChapChangePw1);
if ( dwRetCode != NO_ERROR )
{
RasAuthAttributeDestroy( pwb->pUserAttributes );
pwb->pUserAttributes = NULL;
return( dwRetCode );
}
return( dwRetCode );
}
//**
//
// Call: MakeChangePasswordV2RequestAttributes
//
// Returns: NO_ERROR - Success
// Non-zero returns - Failure
//
// Description:
//
DWORD
MakeChangePasswordV2RequestAttributes(
IN CHAPWB* pwb,
IN BYTE bId,
IN CHAR* pchIdentity,
IN SAMPR_ENCRYPTED_USER_PASSWORD* pNewEncryptedWithOldNtOwf,
IN ENCRYPTED_NT_OWF_PASSWORD* pOldNtOwfEncryptedWithNewNtOwf,
IN SAMPR_ENCRYPTED_USER_PASSWORD* pNewEncryptedWithOldLmOwf,
IN ENCRYPTED_NT_OWF_PASSWORD* pOldLmOwfEncryptedWithNewNtOwf,
IN DWORD cbChallenge,
IN BYTE * pbChallenge,
IN BYTE * pbResponse,
IN WORD wFlags
)
{
DWORD dwRetCode;
BYTE MsChapChallenge[MAXCHALLENGELEN+6];
BYTE MsChapChangePw2[86+4];
BYTE NtPassword1[250+4];
BYTE NtPassword2[250+4];
BYTE NtPassword3[34+4];
BYTE LmPassword1[250+4];
BYTE LmPassword2[250+4];
BYTE LmPassword3[34+4];
if ( pwb->pUserAttributes != NULL )
{
RasAuthAttributeDestroy( pwb->pUserAttributes );
pwb->pUserAttributes = NULL;
}
//
// Allocate the appropriate amount
//
pwb->pUserAttributes = RasAuthAttributeCreate( 9 );
if ( pwb->pUserAttributes == NULL )
{
return( GetLastError() );
}
dwRetCode = RasAuthAttributeInsert( 0,
pwb->pUserAttributes,
raatUserName,
FALSE,
strlen( pchIdentity ),
pchIdentity );
if ( dwRetCode != NO_ERROR )
{
RasAuthAttributeDestroy( pwb->pUserAttributes );
pwb->pUserAttributes = NULL;
return( dwRetCode );
}
//
// Build vendor specific attribute for MS-CHAP challenge
//
HostToWireFormat32( 311, MsChapChallenge ); // Vendor Id
MsChapChallenge[4] = 11; // Vendor Type
MsChapChallenge[5] = 2+(BYTE)cbChallenge; // Vendor Length
CopyMemory( MsChapChallenge+6, pbChallenge, cbChallenge );
dwRetCode = RasAuthAttributeInsert( 1,
pwb->pUserAttributes,
raatVendorSpecific,
FALSE,
cbChallenge+6,
MsChapChallenge);
if ( dwRetCode != NO_ERROR )
{
RasAuthAttributeDestroy( pwb->pUserAttributes );
pwb->pUserAttributes = NULL;
return( dwRetCode );
}
//
// Insert change password attribute
//
HostToWireFormat32( 311, MsChapChangePw2 ); // Vendor Id
MsChapChangePw2[4] = 4; // Vendor Type
MsChapChangePw2[5] = 86; // Vendor Length
MsChapChangePw2[6] = 6; // Code
MsChapChangePw2[7] = bId; // Identifier
CopyMemory( MsChapChangePw2+8,
pOldNtOwfEncryptedWithNewNtOwf,
16 );
CopyMemory( MsChapChangePw2+8+16,
pOldLmOwfEncryptedWithNewNtOwf,
16 );
CopyMemory( MsChapChangePw2+8+16+16, pbResponse, 24+24 );
HostToWireFormat16( (WORD)wFlags, MsChapChangePw2+8+16+16+24+24 );
//
// Build vendor specific attribute for MS-CHAP change password 2
//
dwRetCode = RasAuthAttributeInsert( 2,
pwb->pUserAttributes,
raatVendorSpecific,
FALSE,
86+4,
MsChapChangePw2);
if ( dwRetCode != NO_ERROR )
{
RasAuthAttributeDestroy( pwb->pUserAttributes );
pwb->pUserAttributes = NULL;
return( dwRetCode );
}
//
// Insert the new password attributes
//
HostToWireFormat32( 311, NtPassword1 ); // Vendor Id
NtPassword1[4] = 6; // Vendor Type
NtPassword1[5] = 249; // Vendor Length
NtPassword1[6] = 6; // Code
NtPassword1[7] = bId; // Identifier
HostToWireFormat16( (WORD)1, NtPassword1+8 ); // Sequence number
CopyMemory( NtPassword1+10, (PBYTE)pNewEncryptedWithOldNtOwf, 243 );
dwRetCode = RasAuthAttributeInsert( 3,
pwb->pUserAttributes,
raatVendorSpecific,
FALSE,
249+4,
NtPassword1);
if ( dwRetCode != NO_ERROR )
{
RasAuthAttributeDestroy( pwb->pUserAttributes );
pwb->pUserAttributes = NULL;
return( dwRetCode );
}
HostToWireFormat32( 311, NtPassword2 ); // Vendor Id
NtPassword2[4] = 6; // Vendor Type
NtPassword2[5] = 249; // Vendor Length
NtPassword2[6] = 6; // Code
NtPassword2[7] = bId; // Identifier
HostToWireFormat16( (WORD)2, NtPassword2+8 ); // Sequence number
CopyMemory( NtPassword2+10,
((PBYTE)pNewEncryptedWithOldNtOwf)+243,
243 );
dwRetCode = RasAuthAttributeInsert( 4,
pwb->pUserAttributes,
raatVendorSpecific,
FALSE,
249+4,
NtPassword2 );
if ( dwRetCode != NO_ERROR )
{
RasAuthAttributeDestroy( pwb->pUserAttributes );
pwb->pUserAttributes = NULL;
return( dwRetCode );
}
HostToWireFormat32( 311, NtPassword3 ); // Vendor Id
NtPassword3[4] = 6; // Vendor Type
NtPassword3[5] = 36; // Vendor Length
NtPassword3[6] = 6; // Code
NtPassword3[7] = bId; // Identifier
HostToWireFormat16( (WORD)3, NtPassword3+8 ); // Sequence number
CopyMemory( NtPassword3+10,
((PBYTE)pNewEncryptedWithOldNtOwf)+486,
30 );
dwRetCode = RasAuthAttributeInsert( 5,
pwb->pUserAttributes,
raatVendorSpecific,
FALSE,
36+4,
NtPassword3 );
if ( dwRetCode != NO_ERROR )
{
RasAuthAttributeDestroy( pwb->pUserAttributes );
pwb->pUserAttributes = NULL;
return( dwRetCode );
}
HostToWireFormat32( 311, LmPassword1 ); // Vendor Id
LmPassword1[4] = 5; // Vendor Type
LmPassword1[5] = 249; // Vendor Length
LmPassword1[6] = 6; // Code
LmPassword1[7] = bId; // Identifier
HostToWireFormat16( (WORD)1, LmPassword1+8 ); // Sequence number
CopyMemory( LmPassword1+10, pNewEncryptedWithOldLmOwf, 243 );
dwRetCode = RasAuthAttributeInsert( 6,
pwb->pUserAttributes,
raatVendorSpecific,
FALSE,
249+4,
LmPassword1);
if ( dwRetCode != NO_ERROR )
{
RasAuthAttributeDestroy( pwb->pUserAttributes );
pwb->pUserAttributes = NULL;
return( dwRetCode );
}
HostToWireFormat32( 311, LmPassword2 ); // Vendor Id
LmPassword2[4] = 5; // Vendor Type
LmPassword2[5] = 249; // Vendor Length
LmPassword2[6] = 6; // Code
LmPassword2[7] = bId; // Identifier
HostToWireFormat16( (WORD)2, LmPassword2+8 ); // Sequence number
CopyMemory( LmPassword2+10,
((PBYTE)pNewEncryptedWithOldLmOwf)+243,
243 );
dwRetCode = RasAuthAttributeInsert( 7,
pwb->pUserAttributes,
raatVendorSpecific,
FALSE,
249+4,
LmPassword2 );
if ( dwRetCode != NO_ERROR )
{
RasAuthAttributeDestroy( pwb->pUserAttributes );
pwb->pUserAttributes = NULL;
return( dwRetCode );
}
HostToWireFormat32( 311, LmPassword3 ); // Vendor Id
LmPassword3[4] = 5; // Vendor Type
LmPassword3[5] = 36; // Vendor Length
LmPassword3[6] = 6; // Code
LmPassword3[7] = bId; // Identifier
HostToWireFormat16( (WORD)3, LmPassword3+8 ); // Sequence number
CopyMemory( LmPassword3+10,
((PBYTE)pNewEncryptedWithOldLmOwf)+486,
30 );
dwRetCode = RasAuthAttributeInsert( 8,
pwb->pUserAttributes,
raatVendorSpecific,
FALSE,
36+4,
LmPassword3 );
if ( dwRetCode != NO_ERROR )
{
RasAuthAttributeDestroy( pwb->pUserAttributes );
pwb->pUserAttributes = NULL;
return( dwRetCode );
}
return( dwRetCode );
}
//**
//
// Call: MakeChangePasswordV3RequestAttributes
//
// Returns: NO_ERROR - Success
// Non-zero returns - Failure
//
// Description:
//
DWORD
MakeChangePasswordV3RequestAttributes(
IN CHAPWB* pwb,
IN BYTE bId,
IN CHAR* pchIdentity,
IN CHANGEPW3* pchangepw3,
IN DWORD cbChallenge,
IN BYTE * pbChallenge
)
{
DWORD dwRetCode;
BYTE MsChapChallenge[MAXCHALLENGELEN+6];
BYTE MsChapChangePw3[70+4];
BYTE NtPassword1[250+4];
BYTE NtPassword2[250+4];
BYTE NtPassword3[34+4];
if ( pwb->pUserAttributes != NULL )
{
RasAuthAttributeDestroy( pwb->pUserAttributes );
pwb->pUserAttributes = NULL;
}
//
// Allocate the appropriate amount
//
pwb->pUserAttributes = RasAuthAttributeCreate( 6 );
if ( pwb->pUserAttributes == NULL )
{
return( GetLastError() );
}
dwRetCode = RasAuthAttributeInsert( 0,
pwb->pUserAttributes,
raatUserName,
FALSE,
strlen( pchIdentity ),
pchIdentity );
if ( dwRetCode != NO_ERROR )
{
RasAuthAttributeDestroy( pwb->pUserAttributes );
pwb->pUserAttributes = NULL;
return( dwRetCode );
}
//
// Build vendor specific attribute for MS-CHAP challenge
//
HostToWireFormat32( 311, MsChapChallenge ); // Vendor Id
MsChapChallenge[4] = 11; // Vendor Type
MsChapChallenge[5] = 2+(BYTE)cbChallenge; // Vendor Length
CopyMemory( MsChapChallenge+6, pbChallenge, cbChallenge );
dwRetCode = RasAuthAttributeInsert( 1,
pwb->pUserAttributes,
raatVendorSpecific,
FALSE,
cbChallenge+6,
MsChapChallenge);
if ( dwRetCode != NO_ERROR )
{
RasAuthAttributeDestroy( pwb->pUserAttributes );
pwb->pUserAttributes = NULL;
return( dwRetCode );
}
//
// Insert change password attribute
//
HostToWireFormat32( 311, MsChapChangePw3 ); // Vendor Id
MsChapChangePw3[4] = 27; // Vendor Type
MsChapChangePw3[5] = 70; // Vendor Length
MsChapChangePw3[6] = 7; // Code
MsChapChangePw3[7] = bId; // Identifier
CopyMemory( MsChapChangePw3+8, pchangepw3->abEncryptedHash, 16 );
CopyMemory( MsChapChangePw3+8+16, pchangepw3->abPeerChallenge, 24 );
CopyMemory( MsChapChangePw3+8+16+24, pchangepw3->abNTResponse, 24 );
HostToWireFormat16( (WORD)0, MsChapChangePw3+8+16+24+24 );
//
// Build vendor specific attribute for MS-CHAP2-PW
//
dwRetCode = RasAuthAttributeInsert( 2,
pwb->pUserAttributes,
raatVendorSpecific,
FALSE,
70+4,
MsChapChangePw3);
if ( dwRetCode != NO_ERROR )
{
RasAuthAttributeDestroy( pwb->pUserAttributes );
pwb->pUserAttributes = NULL;
return( dwRetCode );
}
//
// Insert the new password attributes
//
HostToWireFormat32( 311, NtPassword1 ); // Vendor Id
NtPassword1[4] = 6; // Vendor Type
NtPassword1[5] = 249; // Vendor Length
NtPassword1[6] = 6; // Code
NtPassword1[7] = bId; // Identifier
HostToWireFormat16( (WORD)1, NtPassword1+8 ); // Sequence number
CopyMemory( NtPassword1+10, pchangepw3->abEncryptedPassword, 243 );
dwRetCode = RasAuthAttributeInsert( 3,
pwb->pUserAttributes,
raatVendorSpecific,
FALSE,
249+4,
NtPassword1);
if ( dwRetCode != NO_ERROR )
{
RasAuthAttributeDestroy( pwb->pUserAttributes );
pwb->pUserAttributes = NULL;
return( dwRetCode );
}
HostToWireFormat32( 311, NtPassword2 ); // Vendor Id
NtPassword2[4] = 6; // Vendor Type
NtPassword2[5] = 249; // Vendor Length
NtPassword2[6] = 6; // Code
NtPassword2[7] = bId; // Identifier
HostToWireFormat16( (WORD)2, NtPassword2+8 ); // Sequence number
CopyMemory( NtPassword2+10,
pchangepw3->abEncryptedPassword+243,
243 );
dwRetCode = RasAuthAttributeInsert( 4,
pwb->pUserAttributes,
raatVendorSpecific,
FALSE,
249+4,
NtPassword2 );
if ( dwRetCode != NO_ERROR )
{
RasAuthAttributeDestroy( pwb->pUserAttributes );
pwb->pUserAttributes = NULL;
return( dwRetCode );
}
HostToWireFormat32( 311, NtPassword3 ); // Vendor Id
NtPassword3[4] = 6; // Vendor Type
NtPassword3[5] = 36; // Vendor Length
NtPassword3[6] = 6; // Code
NtPassword3[7] = bId; // Identifier
HostToWireFormat16( (WORD)3, NtPassword3+8 ); // Sequence number
CopyMemory( NtPassword3+10,
pchangepw3->abEncryptedPassword+486,
30 );
dwRetCode = RasAuthAttributeInsert( 5,
pwb->pUserAttributes,
raatVendorSpecific,
FALSE,
36+4,
NtPassword3 );
if ( dwRetCode != NO_ERROR )
{
RasAuthAttributeDestroy( pwb->pUserAttributes );
pwb->pUserAttributes = NULL;
return( dwRetCode );
}
return( dwRetCode );
}
//**
//
// Call: MakeAuthenticationRequestAttributes
//
// Returns: NO_ERROR - Success
// Non-zero returns - Failure
//
// Description:
//
DWORD
MakeAuthenticationRequestAttributes(
IN CHAPWB * pwb,
IN BOOL fMSChap,
IN BYTE bAlgorithm,
IN CHAR* szUserName,
IN BYTE* pbChallenge,
IN DWORD cbChallenge,
IN BYTE* pbResponse,
IN DWORD cbResponse,
IN BYTE bId
)
{
DWORD dwRetCode;
BYTE abResponse[MD5RESPONSELEN+1];
if ( pwb->pUserAttributes != NULL )
{
RasAuthAttributeDestroy( pwb->pUserAttributes );
pwb->pUserAttributes = NULL;
}
//
// Allocate the appropriate amount
//
if ( ( pwb->pUserAttributes = RasAuthAttributeCreate( 3 ) ) == NULL )
{
return( GetLastError() );
}
dwRetCode = RasAuthAttributeInsert( 0,
pwb->pUserAttributes,
raatUserName,
FALSE,
strlen( szUserName ),
szUserName );
if ( dwRetCode != NO_ERROR )
{
RasAuthAttributeDestroy( pwb->pUserAttributes );
pwb->pUserAttributes = NULL;
return( dwRetCode );
}
if ( fMSChap )
{
BYTE MsChapChallenge[MAXCHALLENGELEN+6];
HostToWireFormat32( 311, MsChapChallenge ); // Vendor Id
MsChapChallenge[4] = 11; // Vendor Type
MsChapChallenge[5] = 2+(BYTE)cbChallenge; // Vendor Length
CopyMemory( MsChapChallenge+6, pbChallenge, cbChallenge );
//
// Build vendor specific attribute for MS-CHAP challenge
//
dwRetCode = RasAuthAttributeInsert( 1,
pwb->pUserAttributes,
raatVendorSpecific,
FALSE,
cbChallenge+6,
MsChapChallenge );
}
else
{
dwRetCode = RasAuthAttributeInsert( 1,
pwb->pUserAttributes,
raatMD5CHAPChallenge,
FALSE,
cbChallenge,
pbChallenge );
}
if ( dwRetCode != NO_ERROR )
{
RasAuthAttributeDestroy( pwb->pUserAttributes );
pwb->pUserAttributes = NULL;
return( dwRetCode );
}
if ( fMSChap && ( bAlgorithm == PPP_CHAP_DIGEST_MSEXT ) )
{
BYTE MsChapResponse[56];
HostToWireFormat32( 311, MsChapResponse ); // Vendor Id
MsChapResponse[4] = 1; // Vendor Type
MsChapResponse[5] = (BYTE)52; // Vendor Length
MsChapResponse[6] = bId; // Ident
MsChapResponse[7] = pbResponse[cbResponse-1]; // Flags
CopyMemory( MsChapResponse+8, pbResponse, cbResponse-1 );
dwRetCode = RasAuthAttributeInsert( 2,
pwb->pUserAttributes,
raatVendorSpecific,
FALSE,
56,
MsChapResponse);
}
else if ( fMSChap && ( bAlgorithm == PPP_CHAP_DIGEST_MSEXT_NEW ) )
{
BYTE MsChap2Response[56];
HostToWireFormat32( 311, MsChap2Response ); // Vendor Id
MsChap2Response[4] = 25; // Vendor Type
MsChap2Response[5] = (BYTE)52; // Vendor Length
MsChap2Response[6] = bId; // Ident
MsChap2Response[7] = 0; // Flags
CopyMemory( MsChap2Response+8, pbResponse, cbResponse-1 );
dwRetCode = RasAuthAttributeInsert( 2,
pwb->pUserAttributes,
raatVendorSpecific,
FALSE,
56,
MsChap2Response);
}
else
{
abResponse[0] = bId;
CopyMemory( abResponse+1, pbResponse, cbResponse );
dwRetCode = RasAuthAttributeInsert( 2,
pwb->pUserAttributes,
raatMD5CHAPPassword,
FALSE,
cbResponse+1,
abResponse );
}
if ( dwRetCode != NO_ERROR )
{
RasAuthAttributeDestroy( pwb->pUserAttributes );
pwb->pUserAttributes = NULL;
return( dwRetCode );
}
return( dwRetCode );
}
//**
//
// Call: GetErrorCodeFromAttributes
//
// Returns: NO_ERROR - Success
// Non-zero returns - Failure
//
// Description: Will extract the error code returned from the authentication
// provider and insert it into the reponse sent to the client
//
DWORD
GetErrorCodeFromAttributes(
IN CHAPWB* pwb
)
{
RAS_AUTH_ATTRIBUTE * pAttribute;
RAS_AUTH_ATTRIBUTE * pAttributes = pwb->pAttributesFromAuthenticator;
DWORD dwRetCode = NO_ERROR;
//
// Search for MS-CHAP Error attributes
//
pAttribute = RasAuthAttributeGetVendorSpecific( 311, 2, pAttributes );
if ( pAttribute != NULL )
{
CHAR chErrorBuffer[150];
CHAR* pszValue;
DWORD cbError = (DWORD)*(((PBYTE)(pAttribute->Value))+5);
//
// Leave one byte for NULL terminator
//
if ( cbError > sizeof( chErrorBuffer ) - 1 )
{
cbError = sizeof( chErrorBuffer ) - 1;
}
ZeroMemory( chErrorBuffer, sizeof( chErrorBuffer ) );
CopyMemory( chErrorBuffer,
(CHAR *)((PBYTE)(pAttribute->Value) + 7),
cbError );
pszValue = strstr( chErrorBuffer, "E=" );
if ( pszValue )
{
pwb->result.dwError = (DWORD )atol( pszValue + 2 );
}
pszValue = strstr( chErrorBuffer, "R=1" );
if ( pszValue )
{
pwb->dwTriesLeft = 1;
}
}
else
{
//
// If we did not get an error code attribute back then assume an
// access denied
//
TRACE("No error code attribute returned, assuming access denied");
pwb->result.dwError = ERROR_AUTHENTICATION_FAILURE;
}
return( dwRetCode );
}
//**
//
// Call: GetEncryptedPasswordsForChangePassword2
//
// Returns: NO_ERROR - Success
// Non-zero returns - Failure
//
// Description:
//
DWORD
GetEncryptedPasswordsForChangePassword2(
IN CHAR* pszOldPassword,
IN CHAR* pszNewPassword,
OUT SAMPR_ENCRYPTED_USER_PASSWORD* pNewEncryptedWithOldNtOwf,
OUT ENCRYPTED_NT_OWF_PASSWORD* pOldNtOwfEncryptedWithNewNtOwf,
OUT SAMPR_ENCRYPTED_USER_PASSWORD* pNewEncryptedWithOldLmOwf,
OUT ENCRYPTED_NT_OWF_PASSWORD* pOldLmOwfEncryptedWithNewNtOwf,
OUT BOOLEAN* pfLmPresent )
{
DWORD dwErr;
BOOL fLmPresent;
UNICODE_STRING uniOldPassword;
UNICODE_STRING uniNewPassword;
TRACE("GetEncryptedPasswordsForChangePassword2...");
uniOldPassword.Buffer = NULL;
uniNewPassword.Buffer = NULL;
if (!RtlCreateUnicodeStringFromAsciiz(
&uniOldPassword, pszOldPassword )
|| !RtlCreateUnicodeStringFromAsciiz(
&uniNewPassword, pszNewPassword ))
{
dwErr = ERROR_NOT_ENOUGH_MEMORY;
}
else
{
dwErr =
SamiEncryptPasswords(
&uniOldPassword,
&uniNewPassword,
pNewEncryptedWithOldNtOwf,
pOldNtOwfEncryptedWithNewNtOwf,
pfLmPresent,
pNewEncryptedWithOldLmOwf,
pOldLmOwfEncryptedWithNewNtOwf );
}
/* Erase password buffers.
*/
if (uniOldPassword.Buffer)
{
ZeroMemory( uniOldPassword.Buffer,
lstrlenW( uniOldPassword.Buffer ) * sizeof( WCHAR ) );
}
if (uniNewPassword.Buffer)
{
ZeroMemory( uniNewPassword.Buffer,
lstrlenW( uniNewPassword.Buffer ) * sizeof( WCHAR ) );
}
RtlFreeUnicodeString( &uniOldPassword );
RtlFreeUnicodeString( &uniNewPassword );
TRACE1("GetEncryptedPasswordsForChangePassword2 done(%d)",dwErr);
return dwErr;
}