代码
1
/*
2 You can get a locally valid logon session (a network logon session) by using SSPI.
3 Simply specify alternate credentials when you call AcquireCredentialsHandle,
4 and then after you follow the normal InitializeSecurityContext/AcceptSecurityContext
5 handshake, you'll end up with a logon session for the user,
6 without having to have the TCB privilege.
7
8 See the attached example...
9
10 Keith
11 */
12
13 // this version requires Windows 2000
14 #define _WIN32_WINNT 0x500
15 #define UNICODE
16 #include < windows.h >
17 #include < stdio.h >
18 #define SECURITY_WIN32
19 #include < security.h >
20 #pragma comment(lib, "secur32.lib")
21
22 // brain-dead error routine that dumps the last error and exits
23 void _err( const wchar_t * pszFcn, DWORD nErr = GetLastError())
24 {
25
26 wchar_t szErr[ 256 ];
27 if (FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM, 0 , nErr, 0 ,
28 szErr, sizeof szErr / sizeof * szErr, 0 ))
29 wprintf(L " %s failed: %s " , pszFcn, szErr);
30 else wprintf(L " %s failed: 0x%08X " , nErr);
31 exit( 1 );
32 }
33
34 // Upon success, returns a handle to a NETWORK logon session
35 // for the specified principal (it will *not* have network
36 // credentials). Call CloseHandle to dispose of it when
37 // you are finished.
38 HANDLE _logonUserWithSSPI(wchar_t * pszSSP,
39 DWORD grfDesiredAccessToToken,
40 wchar_t * pszAuthority,
41 wchar_t * pszPrincipal,
42 wchar_t * pszPassword) {
43
44 // the following code loads the SSPI interface DLL
45 // and initializes it, getting a table of function ptrs
46 HINSTANCE hdll = LoadLibrary(L " security.dll " );
47 if ( ! hdll)
48 _err(L " LoadLibrary " );
49 INIT_SECURITY_INTERFACE_W initSecurityInterface =
50 (INIT_SECURITY_INTERFACE_W)GetProcAddress(hdll,
51 SECURITY_ENTRYPOINT_ANSIW);
52 if ( ! initSecurityInterface)
53 _err(L " GetProcAddress " );
54 PSecurityFunctionTable pSSPI = initSecurityInterface();
55
56 // here's where we specify the credentials to verify
57 SEC_WINNT_AUTH_IDENTITY_EX authIdent = {
58 SEC_WINNT_AUTH_IDENTITY_VERSION,
59 sizeof authIdent,
60 pszPrincipal, lstrlenW(pszPrincipal),
61 pszAuthority, lstrlenW(pszAuthority),
62 pszPassword, lstrlenW(pszPassword),
63 SEC_WINNT_AUTH_IDENTITY_UNICODE,
64 0 , 0
65 };
66
67 // get an SSPI handle for these credentials
68 CredHandle hcredClient;
69 TimeStamp expiryClient;
70 SECURITY_STATUS err =
71 pSSPI -> AcquireCredentialsHandle( 0 , pszSSP,
72 SECPKG_CRED_OUTBOUND,
73 0 , & authIdent,
74 0 , 0 ,
75 & hcredClient,
76 & expiryClient);
77 if (err)
78 _err(L " AcquireCredentialsHandle for client " , err);
79
80 // use the caller's credentials for the server
81 CredHandle hcredServer;
82 TimeStamp expiryServer;
83 err = pSSPI -> AcquireCredentialsHandle( 0 , pszSSP,
84 SECPKG_CRED_INBOUND,
85 0 , 0 , 0 , 0 ,
86 & hcredServer,
87 & expiryServer);
88 if (err)
89 _err(L " AcquireCredentialsHandle for server " , err);
90
91 CtxtHandle hctxClient;
92 CtxtHandle hctxServer;
93
94 // create two buffers:
95 // one for the client sending tokens to the server,
96 // one for the server sending tokens to the client
97 // (buffer size chosen based on current Kerb SSP setting
98 // for cbMaxToken - you may need to adjust this)
99 BYTE bufC2S[ 8000 ];
100 BYTE bufS2C[ 8000 ];
101 SecBuffer sbufC2S = { sizeof bufC2S, SECBUFFER_TOKEN, bufC2S };
102 SecBuffer sbufS2C = { sizeof bufS2C, SECBUFFER_TOKEN, bufS2C };
103 SecBufferDesc bdC2S = { SECBUFFER_VERSION, 1 , & sbufC2S };
104 SecBufferDesc bdS2C = { SECBUFFER_VERSION, 1 , & sbufS2C };
105
106 // don't really need any special context attributes
107 DWORD grfRequiredCtxAttrsClient = ISC_REQ_DATAGRAM; // ISC_REQ_DELEGATE
108 DWORD grfRequiredCtxAttrsServer = ASC_REQ_DATAGRAM;
109
110 // set up some aliases to make it obvious what's happening
111 PCtxtHandle pClientCtxHandleIn = 0 ;
112 PCtxtHandle pClientCtxHandleOut = & hctxClient;
113 PCtxtHandle pServerCtxHandleIn = 0 ;
114 PCtxtHandle pServerCtxHandleOut = & hctxServer;
115 SecBufferDesc * pClientInput = 0 ;
116 SecBufferDesc * pClientOutput = & bdC2S;
117 SecBufferDesc * pServerInput = & bdC2S;
118 SecBufferDesc * pServerOutput = & bdS2C;
119 DWORD grfCtxAttrsClient = 0 ;
120 DWORD grfCtxAttrsServer = 0 ;
121 TimeStamp expiryClientCtx;
122 TimeStamp expiryServerCtx;
123
124 // since the caller is acting as the server, we need
125 // a server principal name so that the client will
126 // be able to get a Kerb ticket (if Kerb is used)
127 wchar_t szSPN[ 256 ] = { 0 };
128 ULONG cchSPN = sizeof szSPN / sizeof * szSPN;
129 GetUserNameEx(NameSamCompatible, szSPN, & cchSPN);
130
131 // sevice class / host: port / service instance
132
133 // wcscpy (szSPN, TEXT("192.168.1.11"));
134 // wcscpy (szSPN, TEXT("testwork-AD11.testwork.com"));
135 // wcscpy (szSPN, TEXT("192.168.1.11"));
136 // wcscpy (szSPN, TEXT("TESTWORK\\administrator"));
137 // wcscpy (szSPN, TEXT("..."));
138 printf( " %ws\n " ,szSPN);
139 // perform the authentication handshake, playing the
140 // role of both client *and* server.
141 bool bClientContinue = true ;
142 bool bServerContinue = true ;
143 int count = 1 ;
144 while (bClientContinue || bServerContinue) {
145
146 if (bClientContinue) {
147
148 sbufC2S.cbBuffer = sizeof bufC2S;
149 err = pSSPI -> InitializeSecurityContext(
150 & hcredClient, pClientCtxHandleIn,
151 szSPN,
152 grfRequiredCtxAttrsClient,
153 0 , SECURITY_NETWORK_DREP,
154 pClientInput, 0 ,
155 pClientCtxHandleOut,
156 pClientOutput,
157 & grfCtxAttrsClient,
158 & expiryClientCtx);
159 switch (err) {
160 case 0 :
161 bClientContinue = false ;
162 break ;
163 case SEC_I_CONTINUE_NEEDED:
164 pClientCtxHandleIn = pClientCtxHandleOut;
165 pClientInput = pServerOutput;
166 break ;
167 default :
168 printf( " err=%x\n " ,err);
169 _err(L " InitializeSecurityContext " , err);
170 }
171 }
172
173 if (bServerContinue) {
174 sbufS2C.cbBuffer = sizeof bufS2C;
175 err = pSSPI -> AcceptSecurityContext(
176 & hcredServer, pServerCtxHandleIn,
177 pServerInput,
178 grfRequiredCtxAttrsServer,
179 SECURITY_NETWORK_DREP,
180 pServerCtxHandleOut,
181 pServerOutput,
182 & grfCtxAttrsServer,
183 & expiryServerCtx);
184 switch (err) {
185 case 0 :
186 bServerContinue = false ;
187 break ;
188 case SEC_I_CONTINUE_NEEDED:
189 pServerCtxHandleIn = pServerCtxHandleOut;
190 break ;
191 default :
192 _err(L " AcceptSecurityContext " , err);
193 }
194 }
195 printf( " %d bClientContinue %d bServerContinue %d\n " ,count ++ ,bClientContinue,bServerContinue);
196 }
197 // if everything has gone smoothly, we've now got a logon
198 // session for the client - let's grab the token now
199 pSSPI -> ImpersonateSecurityContext(pServerCtxHandleOut);
200 HANDLE htok;
201 if ( ! OpenThreadToken(GetCurrentThread(),
202 grfDesiredAccessToToken,
203 TRUE, & htok))
204 _err(L " OpenThreadToken " );
205 pSSPI -> RevertSecurityContext(pServerCtxHandleOut);
206
207 // clean up
208 pSSPI -> FreeCredentialsHandle( & hcredClient);
209 pSSPI -> FreeCredentialsHandle( & hcredServer);
210 pSSPI -> DeleteSecurityContext(pServerCtxHandleOut);
211 pSSPI -> DeleteSecurityContext(pClientCtxHandleOut);
212
213 return htok;
214 }
215
216 // here's an example of usage
217 void main() {
218 // use "NTLM" or "Kerberos"
219
220 // Kerbero需要在加入域或者有域环境下才能正确运行
221 HANDLE htok = _logonUserWithSSPI(L " Kerberos " ,
222 TOKEN_QUERY,
223 NULL,
224 L " administrator " ,
225 L " !QAZsx " );
226 if (htok) {
227 // password is valid!
228 CloseHandle(htok);
229 }
230 }
231
232
2 You can get a locally valid logon session (a network logon session) by using SSPI.
3 Simply specify alternate credentials when you call AcquireCredentialsHandle,
4 and then after you follow the normal InitializeSecurityContext/AcceptSecurityContext
5 handshake, you'll end up with a logon session for the user,
6 without having to have the TCB privilege.
7
8 See the attached example...
9
10 Keith
11 */
12
13 // this version requires Windows 2000
14 #define _WIN32_WINNT 0x500
15 #define UNICODE
16 #include < windows.h >
17 #include < stdio.h >
18 #define SECURITY_WIN32
19 #include < security.h >
20 #pragma comment(lib, "secur32.lib")
21
22 // brain-dead error routine that dumps the last error and exits
23 void _err( const wchar_t * pszFcn, DWORD nErr = GetLastError())
24 {
25
26 wchar_t szErr[ 256 ];
27 if (FormatMessage(FORMAT_MESSAGE_FROM_SYSTEM, 0 , nErr, 0 ,
28 szErr, sizeof szErr / sizeof * szErr, 0 ))
29 wprintf(L " %s failed: %s " , pszFcn, szErr);
30 else wprintf(L " %s failed: 0x%08X " , nErr);
31 exit( 1 );
32 }
33
34 // Upon success, returns a handle to a NETWORK logon session
35 // for the specified principal (it will *not* have network
36 // credentials). Call CloseHandle to dispose of it when
37 // you are finished.
38 HANDLE _logonUserWithSSPI(wchar_t * pszSSP,
39 DWORD grfDesiredAccessToToken,
40 wchar_t * pszAuthority,
41 wchar_t * pszPrincipal,
42 wchar_t * pszPassword) {
43
44 // the following code loads the SSPI interface DLL
45 // and initializes it, getting a table of function ptrs
46 HINSTANCE hdll = LoadLibrary(L " security.dll " );
47 if ( ! hdll)
48 _err(L " LoadLibrary " );
49 INIT_SECURITY_INTERFACE_W initSecurityInterface =
50 (INIT_SECURITY_INTERFACE_W)GetProcAddress(hdll,
51 SECURITY_ENTRYPOINT_ANSIW);
52 if ( ! initSecurityInterface)
53 _err(L " GetProcAddress " );
54 PSecurityFunctionTable pSSPI = initSecurityInterface();
55
56 // here's where we specify the credentials to verify
57 SEC_WINNT_AUTH_IDENTITY_EX authIdent = {
58 SEC_WINNT_AUTH_IDENTITY_VERSION,
59 sizeof authIdent,
60 pszPrincipal, lstrlenW(pszPrincipal),
61 pszAuthority, lstrlenW(pszAuthority),
62 pszPassword, lstrlenW(pszPassword),
63 SEC_WINNT_AUTH_IDENTITY_UNICODE,
64 0 , 0
65 };
66
67 // get an SSPI handle for these credentials
68 CredHandle hcredClient;
69 TimeStamp expiryClient;
70 SECURITY_STATUS err =
71 pSSPI -> AcquireCredentialsHandle( 0 , pszSSP,
72 SECPKG_CRED_OUTBOUND,
73 0 , & authIdent,
74 0 , 0 ,
75 & hcredClient,
76 & expiryClient);
77 if (err)
78 _err(L " AcquireCredentialsHandle for client " , err);
79
80 // use the caller's credentials for the server
81 CredHandle hcredServer;
82 TimeStamp expiryServer;
83 err = pSSPI -> AcquireCredentialsHandle( 0 , pszSSP,
84 SECPKG_CRED_INBOUND,
85 0 , 0 , 0 , 0 ,
86 & hcredServer,
87 & expiryServer);
88 if (err)
89 _err(L " AcquireCredentialsHandle for server " , err);
90
91 CtxtHandle hctxClient;
92 CtxtHandle hctxServer;
93
94 // create two buffers:
95 // one for the client sending tokens to the server,
96 // one for the server sending tokens to the client
97 // (buffer size chosen based on current Kerb SSP setting
98 // for cbMaxToken - you may need to adjust this)
99 BYTE bufC2S[ 8000 ];
100 BYTE bufS2C[ 8000 ];
101 SecBuffer sbufC2S = { sizeof bufC2S, SECBUFFER_TOKEN, bufC2S };
102 SecBuffer sbufS2C = { sizeof bufS2C, SECBUFFER_TOKEN, bufS2C };
103 SecBufferDesc bdC2S = { SECBUFFER_VERSION, 1 , & sbufC2S };
104 SecBufferDesc bdS2C = { SECBUFFER_VERSION, 1 , & sbufS2C };
105
106 // don't really need any special context attributes
107 DWORD grfRequiredCtxAttrsClient = ISC_REQ_DATAGRAM; // ISC_REQ_DELEGATE
108 DWORD grfRequiredCtxAttrsServer = ASC_REQ_DATAGRAM;
109
110 // set up some aliases to make it obvious what's happening
111 PCtxtHandle pClientCtxHandleIn = 0 ;
112 PCtxtHandle pClientCtxHandleOut = & hctxClient;
113 PCtxtHandle pServerCtxHandleIn = 0 ;
114 PCtxtHandle pServerCtxHandleOut = & hctxServer;
115 SecBufferDesc * pClientInput = 0 ;
116 SecBufferDesc * pClientOutput = & bdC2S;
117 SecBufferDesc * pServerInput = & bdC2S;
118 SecBufferDesc * pServerOutput = & bdS2C;
119 DWORD grfCtxAttrsClient = 0 ;
120 DWORD grfCtxAttrsServer = 0 ;
121 TimeStamp expiryClientCtx;
122 TimeStamp expiryServerCtx;
123
124 // since the caller is acting as the server, we need
125 // a server principal name so that the client will
126 // be able to get a Kerb ticket (if Kerb is used)
127 wchar_t szSPN[ 256 ] = { 0 };
128 ULONG cchSPN = sizeof szSPN / sizeof * szSPN;
129 GetUserNameEx(NameSamCompatible, szSPN, & cchSPN);
130
131 // sevice class / host: port / service instance
132
133 // wcscpy (szSPN, TEXT("192.168.1.11"));
134 // wcscpy (szSPN, TEXT("testwork-AD11.testwork.com"));
135 // wcscpy (szSPN, TEXT("192.168.1.11"));
136 // wcscpy (szSPN, TEXT("TESTWORK\\administrator"));
137 // wcscpy (szSPN, TEXT("..."));
138 printf( " %ws\n " ,szSPN);
139 // perform the authentication handshake, playing the
140 // role of both client *and* server.
141 bool bClientContinue = true ;
142 bool bServerContinue = true ;
143 int count = 1 ;
144 while (bClientContinue || bServerContinue) {
145
146 if (bClientContinue) {
147
148 sbufC2S.cbBuffer = sizeof bufC2S;
149 err = pSSPI -> InitializeSecurityContext(
150 & hcredClient, pClientCtxHandleIn,
151 szSPN,
152 grfRequiredCtxAttrsClient,
153 0 , SECURITY_NETWORK_DREP,
154 pClientInput, 0 ,
155 pClientCtxHandleOut,
156 pClientOutput,
157 & grfCtxAttrsClient,
158 & expiryClientCtx);
159 switch (err) {
160 case 0 :
161 bClientContinue = false ;
162 break ;
163 case SEC_I_CONTINUE_NEEDED:
164 pClientCtxHandleIn = pClientCtxHandleOut;
165 pClientInput = pServerOutput;
166 break ;
167 default :
168 printf( " err=%x\n " ,err);
169 _err(L " InitializeSecurityContext " , err);
170 }
171 }
172
173 if (bServerContinue) {
174 sbufS2C.cbBuffer = sizeof bufS2C;
175 err = pSSPI -> AcceptSecurityContext(
176 & hcredServer, pServerCtxHandleIn,
177 pServerInput,
178 grfRequiredCtxAttrsServer,
179 SECURITY_NETWORK_DREP,
180 pServerCtxHandleOut,
181 pServerOutput,
182 & grfCtxAttrsServer,
183 & expiryServerCtx);
184 switch (err) {
185 case 0 :
186 bServerContinue = false ;
187 break ;
188 case SEC_I_CONTINUE_NEEDED:
189 pServerCtxHandleIn = pServerCtxHandleOut;
190 break ;
191 default :
192 _err(L " AcceptSecurityContext " , err);
193 }
194 }
195 printf( " %d bClientContinue %d bServerContinue %d\n " ,count ++ ,bClientContinue,bServerContinue);
196 }
197 // if everything has gone smoothly, we've now got a logon
198 // session for the client - let's grab the token now
199 pSSPI -> ImpersonateSecurityContext(pServerCtxHandleOut);
200 HANDLE htok;
201 if ( ! OpenThreadToken(GetCurrentThread(),
202 grfDesiredAccessToToken,
203 TRUE, & htok))
204 _err(L " OpenThreadToken " );
205 pSSPI -> RevertSecurityContext(pServerCtxHandleOut);
206
207 // clean up
208 pSSPI -> FreeCredentialsHandle( & hcredClient);
209 pSSPI -> FreeCredentialsHandle( & hcredServer);
210 pSSPI -> DeleteSecurityContext(pServerCtxHandleOut);
211 pSSPI -> DeleteSecurityContext(pClientCtxHandleOut);
212
213 return htok;
214 }
215
216 // here's an example of usage
217 void main() {
218 // use "NTLM" or "Kerberos"
219
220 // Kerbero需要在加入域或者有域环境下才能正确运行
221 HANDLE htok = _logonUserWithSSPI(L " Kerberos " ,
222 TOKEN_QUERY,
223 NULL,
224 L " administrator " ,
225 L " !QAZsx " );
226 if (htok) {
227 // password is valid!
228 CloseHandle(htok);
229 }
230 }
231
232
扫一扫
1601
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
