/****************************************************************************++
Routine Description:
Deletes the key container and the keys
Arguments:
pwzContainer -
Notes:
-
Return Value:
- S_OK
- or -
- no other errors are expected
--*****************************************************************************/
HRESULT
DeleteKeys(
IN PCWSTR pwzContainer)
{
HRESULT hr = S_OK;
HCRYPTPROV hCryptProv = NULL;
BOOL fServiceAccount = FALSE;
hr = IsServiceAccount(&fServiceAccount);
if (FAILED(hr))
{
goto Cleanup;
}
//
// this is the most counter-intuitive API that i have seen in my life
// in order to delete the contanier and all the keys in it, i have to call CryptAcquireContext
//
if (!CryptAcquireContextW(&hCryptProv,
pwzContainer,
NULL,
DEFAULT_PROV_TYPE,
fServiceAccount ?
(CRYPT_DELETEKEYSET | CRYPT_MACHINE_KEYSET) :
(CRYPT_DELETEKEYSET)))
{
hr = HRESULT_FROM_WIN32(GetLastError());
}
Cleanup:
return hr;
}
INT_PTR CALLBACK PhpRunAsDlgProc(
_In_ HWND hwndDlg,
_In_ UINT uMsg,
_In_ WPARAM wParam,
_In_ LPARAM lParam
)
{
PRUNAS_DIALOG_CONTEXT context;
if (uMsg != WM_INITDIALOG)
{
context = (PRUNAS_DIALOG_CONTEXT)GetProp(hwndDlg, PhMakeContextAtom());
}
else
{
context = (PRUNAS_DIALOG_CONTEXT)lParam;
SetProp(hwndDlg, PhMakeContextAtom(), (HANDLE)context);
}
if (!context)
return FALSE;
switch (uMsg)
{
case WM_INITDIALOG:
{
HWND typeComboBoxHandle = GetDlgItem(hwndDlg, IDC_TYPE);
HWND userNameComboBoxHandle = GetDlgItem(hwndDlg, IDC_USERNAME);
ULONG sessionId;
PhCenterWindow(hwndDlg, GetParent(hwndDlg));
if (SHAutoComplete_I)
{
SHAutoComplete_I(
GetDlgItem(hwndDlg, IDC_PROGRAM),
SHACF_AUTOAPPEND_FORCE_ON | SHACF_AUTOSUGGEST_FORCE_ON | SHACF_FILESYS_ONLY
);
}
ComboBox_AddString(typeComboBoxHandle, L"Batch");
ComboBox_AddString(typeComboBoxHandle, L"Interactive");
ComboBox_AddString(typeComboBoxHandle, L"Network");
ComboBox_AddString(typeComboBoxHandle, L"New credentials");
ComboBox_AddString(typeComboBoxHandle, L"Service");
PhSelectComboBoxString(typeComboBoxHandle, L"Interactive", FALSE);
ComboBox_AddString(userNameComboBoxHandle, L"NT AUTHORITY\\SYSTEM");
ComboBox_AddString(userNameComboBoxHandle, L"NT AUTHORITY\\LOCAL SERVICE");
ComboBox_AddString(userNameComboBoxHandle, L"NT AUTHORITY\\NETWORK SERVICE");
PhpAddAccountsToComboBox(userNameComboBoxHandle);
if (NT_SUCCESS(PhGetProcessSessionId(NtCurrentProcess(), &sessionId)))
SetDlgItemInt(hwndDlg, IDC_SESSIONID, sessionId, FALSE);
SetDlgItemText(hwndDlg, IDC_DESKTOP, L"WinSta0\\Default");
SetDlgItemText(hwndDlg, IDC_PROGRAM, PhaGetStringSetting(L"RunAsProgram")->Buffer);
if (!context->ProcessId)
{
SetDlgItemText(hwndDlg, IDC_USERNAME,
PH_AUTO_T(PH_STRING, PhGetStringSetting(L"RunAsUserName"))->Buffer);
// Fire the user name changed event so we can fix the logon type.
SendMessage(hwndDlg, WM_COMMAND, MAKEWPARAM(IDC_USERNAME, CBN_EDITCHANGE), 0);
}
else
{
HANDLE processHandle;
HANDLE tokenHandle;
PTOKEN_USER user;
PPH_STRING userName;
if (NT_SUCCESS(PhOpenProcess(
&processHandle,
ProcessQueryAccess,
context->ProcessId
)))
{
if (NT_SUCCESS(PhOpenProcessToken(
processHandle,
TOKEN_QUERY,
&tokenHandle
)))
{
if (NT_SUCCESS(PhGetTokenUser(tokenHandle, &user)))
{
if (userName = PhGetSidFullName(user->User.Sid, TRUE, NULL))
{
SetDlgItemText(hwndDlg, IDC_USERNAME, userName->Buffer);
PhDereferenceObject(userName);
}
PhFree(user);
}
NtClose(tokenHandle);
}
NtClose(processHandle);
}
EnableWindow(GetDlgItem(hwndDlg, IDC_USERNAME), FALSE);
EnableWindow(GetDlgItem(hwndDlg, IDC_PASSWORD), FALSE);
EnableWindow(GetDlgItem(hwndDlg, IDC_TYPE), FALSE);
}
SendMessage(hwndDlg, WM_NEXTDLGCTL, (WPARAM)GetDlgItem(hwndDlg, IDC_PROGRAM), TRUE);
Edit_SetSel(GetDlgItem(hwndDlg, IDC_PROGRAM), 0, -1);
//if (!PhGetOwnTokenAttributes().Elevated)
// SendMessage(GetDlgItem(hwndDlg, IDOK), BCM_SETSHIELD, 0, TRUE);
if (!WINDOWS_HAS_UAC)
ShowWindow(GetDlgItem(hwndDlg, IDC_TOGGLEELEVATION), SW_HIDE);
}
break;
case WM_DESTROY:
{
if (context->DesktopList)
PhDereferenceObject(context->DesktopList);
RemoveProp(hwndDlg, PhMakeContextAtom());
}
break;
case WM_COMMAND:
{
switch (LOWORD(wParam))
{
case IDCANCEL:
EndDialog(hwndDlg, IDCANCEL);
break;
case IDOK:
{
NTSTATUS status;
PPH_STRING program;
PPH_STRING userName;
PPH_STRING password;
PPH_STRING logonTypeString;
ULONG logonType;
ULONG sessionId;
PPH_STRING desktopName;
BOOLEAN useLinkedToken;
program = PhaGetDlgItemText(hwndDlg, IDC_PROGRAM);
userName = PhaGetDlgItemText(hwndDlg, IDC_USERNAME);
logonTypeString = PhaGetDlgItemText(hwndDlg, IDC_TYPE);
// Fix up the user name if it doesn't have a domain.
if (PhFindCharInString(userName, 0, '\\') == -1)
{
PSID sid;
PPH_STRING newUserName;
if (NT_SUCCESS(PhLookupName(&userName->sr, &sid, NULL, NULL)))
{
if (newUserName = PH_AUTO(PhGetSidFullName(sid, TRUE, NULL)))
userName = newUserName;
PhFree(sid);
}
}
if (!IsServiceAccount(userName))
password = PhGetWindowText(GetDlgItem(hwndDlg, IDC_PASSWORD));
else
password = NULL;
sessionId = GetDlgItemInt(hwndDlg, IDC_SESSIONID, NULL, FALSE);
desktopName = PhaGetDlgItemText(hwndDlg, IDC_DESKTOP);
if (WINDOWS_HAS_UAC)
useLinkedToken = Button_GetCheck(GetDlgItem(hwndDlg, IDC_TOGGLEELEVATION)) == BST_CHECKED;
else
useLinkedToken = FALSE;
if (PhFindIntegerSiKeyValuePairs(
PhpLogonTypePairs,
sizeof(PhpLogonTypePairs),
logonTypeString->Buffer,
&logonType
))
{
if (
logonType == LOGON32_LOGON_INTERACTIVE &&
!context->ProcessId &&
sessionId == NtCurrentPeb()->SessionId &&
!useLinkedToken
)
{
// We are eligible to load the user profile.
// This must be done here, not in the service, because
// we need to be in the target session.
PH_CREATE_PROCESS_AS_USER_INFO createInfo;
PPH_STRING domainPart;
PPH_STRING userPart;
PhpSplitUserName(userName->Buffer, &domainPart, &userPart);
memset(&createInfo, 0, sizeof(PH_CREATE_PROCESS_AS_USER_INFO));
createInfo.CommandLine = program->Buffer;
createInfo.UserName = userPart->Buffer;
createInfo.DomainName = domainPart->Buffer;
createInfo.Password = PhGetStringOrEmpty(password);
// Whenever we can, try not to set the desktop name; it breaks a lot of things.
// Note that on XP we must set it, otherwise the program doesn't display correctly.
if (WindowsVersion < WINDOWS_VISTA || (desktopName->Length != 0 && !PhEqualString2(desktopName, L"WinSta0\\Default", TRUE)))
createInfo.DesktopName = desktopName->Buffer;
PhSetDesktopWinStaAccess();
status = PhCreateProcessAsUser(
&createInfo,
PH_CREATE_PROCESS_WITH_PROFILE,
NULL,
NULL,
NULL
);
if (domainPart) PhDereferenceObject(domainPart);
if (userPart) PhDereferenceObject(userPart);
}
else
{
status = PhExecuteRunAsCommand2(
hwndDlg,
program->Buffer,
userName->Buffer,
PhGetStringOrEmpty(password),
logonType,
context->ProcessId,
sessionId,
desktopName->Buffer,
useLinkedToken
);
}
}
else
{
status = STATUS_INVALID_PARAMETER;
}
if (password)
{
RtlSecureZeroMemory(password->Buffer, password->Length);
PhDereferenceObject(password);
}
if (!NT_SUCCESS(status))
{
if (status != STATUS_CANCELLED)
PhShowStatus(hwndDlg, L"Unable to start the program", status, 0);
}
else if (status != STATUS_TIMEOUT)
{
PhSetStringSetting2(L"RunAsProgram", &program->sr);
PhSetStringSetting2(L"RunAsUserName", &userName->sr);
EndDialog(hwndDlg, IDOK);
}
}
break;
case IDC_BROWSE:
{
static PH_FILETYPE_FILTER filters[] =
{
{ L"Programs (*.exe;*.pif;*.com;*.bat)", L"*.exe;*.pif;*.com;*.bat" },
{ L"All files (*.*)", L"*.*" }
};
PVOID fileDialog;
fileDialog = PhCreateOpenFileDialog();
PhSetFileDialogFilter(fileDialog, filters, sizeof(filters) / sizeof(PH_FILETYPE_FILTER));
PhSetFileDialogFileName(fileDialog, PhaGetDlgItemText(hwndDlg, IDC_PROGRAM)->Buffer);
if (PhShowFileDialog(hwndDlg, fileDialog))
{
PPH_STRING fileName;
fileName = PhGetFileDialogFileName(fileDialog);
SetDlgItemText(hwndDlg, IDC_PROGRAM, fileName->Buffer);
PhDereferenceObject(fileName);
}
PhFreeFileDialog(fileDialog);
}
break;
case IDC_USERNAME:
{
PPH_STRING userName = NULL;
if (!context->ProcessId && HIWORD(wParam) == CBN_SELCHANGE)
{
userName = PH_AUTO(PhGetComboBoxString(GetDlgItem(hwndDlg, IDC_USERNAME), -1));
}
else if (!context->ProcessId && (
HIWORD(wParam) == CBN_EDITCHANGE ||
HIWORD(wParam) == CBN_CLOSEUP
))
{
userName = PhaGetDlgItemText(hwndDlg, IDC_USERNAME);
}
if (userName)
{
if (IsServiceAccount(userName))
{
EnableWindow(GetDlgItem(hwndDlg, IDC_PASSWORD), FALSE);
// Hack for Windows XP
if (
PhEqualString2(userName, L"NT AUTHORITY\\SYSTEM", TRUE) &&
WindowsVersion <= WINDOWS_XP
)
{
PhSelectComboBoxString(GetDlgItem(hwndDlg, IDC_TYPE), L"New credentials", FALSE);
}
else
{
PhSelectComboBoxString(GetDlgItem(hwndDlg, IDC_TYPE), L"Service", FALSE);
}
}
else
{
EnableWindow(GetDlgItem(hwndDlg, IDC_PASSWORD), TRUE);
PhSelectComboBoxString(GetDlgItem(hwndDlg, IDC_TYPE), L"Interactive", FALSE);
}
}
}
break;
case IDC_SESSIONS:
{
PPH_EMENU sessionsMenu;
PSESSIONIDW sessions;
ULONG numberOfSessions;
ULONG i;
RECT buttonRect;
PPH_EMENU_ITEM selectedItem;
sessionsMenu = PhCreateEMenu();
if (WinStationEnumerateW(NULL, &sessions, &numberOfSessions))
{
for (i = 0; i < numberOfSessions; i++)
{
PPH_STRING menuString;
WINSTATIONINFORMATION winStationInfo;
ULONG returnLength;
if (!WinStationQueryInformationW(
NULL,
sessions[i].SessionId,
WinStationInformation,
&winStationInfo,
sizeof(WINSTATIONINFORMATION),
&returnLength
))
{
winStationInfo.Domain[0] = 0;
winStationInfo.UserName[0] = 0;
}
if (
winStationInfo.UserName[0] != 0 &&
sessions[i].WinStationName[0] != 0
)
{
menuString = PhaFormatString(
L"%u: %s (%s\\%s)",
sessions[i].SessionId,
sessions[i].WinStationName,
winStationInfo.Domain,
winStationInfo.UserName
);
}
else if (winStationInfo.UserName[0] != 0)
{
menuString = PhaFormatString(
L"%u: %s\\%s",
sessions[i].SessionId,
winStationInfo.Domain,
winStationInfo.UserName
);
}
else if (sessions[i].WinStationName[0] != 0)
{
menuString = PhaFormatString(
L"%u: %s",
sessions[i].SessionId,
sessions[i].WinStationName
);
}
else
{
menuString = PhaFormatString(L"%u", sessions[i].SessionId);
}
PhInsertEMenuItem(sessionsMenu,
PhCreateEMenuItem(0, 0, menuString->Buffer, NULL, UlongToPtr(sessions[i].SessionId)), -1);
}
WinStationFreeMemory(sessions);
GetWindowRect(GetDlgItem(hwndDlg, IDC_SESSIONS), &buttonRect);
selectedItem = PhShowEMenu(
sessionsMenu,
hwndDlg,
PH_EMENU_SHOW_LEFTRIGHT,
PH_ALIGN_LEFT | PH_ALIGN_TOP,
buttonRect.right,
buttonRect.top
);
if (selectedItem)
{
SetDlgItemInt(
hwndDlg,
IDC_SESSIONID,
PtrToUlong(selectedItem->Context),
FALSE
);
}
PhDestroyEMenu(sessionsMenu);
}
}
break;
case IDC_DESKTOPS:
{
PPH_EMENU desktopsMenu;
ULONG i;
RECT buttonRect;
PPH_EMENU_ITEM selectedItem;
desktopsMenu = PhCreateEMenu();
if (!context->DesktopList)
context->DesktopList = PhCreateList(10);
context->CurrentWinStaName = GetCurrentWinStaName();
EnumDesktops(GetProcessWindowStation(), EnumDesktopsCallback, (LPARAM)context);
for (i = 0; i < context->DesktopList->Count; i++)
{
PhInsertEMenuItem(
desktopsMenu,
PhCreateEMenuItem(0, 0, ((PPH_STRING)context->DesktopList->Items[i])->Buffer, NULL, NULL),
-1
);
}
GetWindowRect(GetDlgItem(hwndDlg, IDC_DESKTOPS), &buttonRect);
selectedItem = PhShowEMenu(
desktopsMenu,
hwndDlg,
PH_EMENU_SHOW_LEFTRIGHT,
PH_ALIGN_LEFT | PH_ALIGN_TOP,
buttonRect.right,
buttonRect.top
);
if (selectedItem)
{
SetDlgItemText(
hwndDlg,
IDC_DESKTOP,
selectedItem->Text
);
}
for (i = 0; i < context->DesktopList->Count; i++)
PhDereferenceObject(context->DesktopList->Items[i]);
PhClearList(context->DesktopList);
PhDereferenceObject(context->CurrentWinStaName);
PhDestroyEMenu(desktopsMenu);
}
break;
}
}
break;
}
return FALSE;
}
/****************************************************************************++
Routine Description:
Creates a handle to the CSP
Arguments:
pwzContainerName - name of the container to be created. if NULL, GUID is generated
for the name of the container
fCreateNewKeys - forces new keys to be created
phCryptProv - pointer to the location, where handle should be returned
Notes:
-
Return Value:
- S_OK
- or -
- CAPI error returned by CryptAcquireContextW
--*****************************************************************************/
HRESULT
CreateCryptProv(
IN PCWSTR pwzContainerName,
IN BOOL fCreateNewKeys,
OUT HCRYPTPROV* phCryptProv)
{
HRESULT hr = S_OK;
HCRYPTKEY hKey = NULL;
RPC_STATUS status = RPC_S_OK;
BOOL fCreatedContainer = FALSE;
WCHAR* pwzNewContainerName = NULL;
*phCryptProv = NULL;
if (NULL == pwzContainerName)
{
UUID uuid;
BOOL fServiceAccount = FALSE;
//
// generate container name from the UUID
//
status = UuidCreate(&uuid);
hr = HRESULT_FROM_RPCSTATUS(status);
if (FAILED(hr))
{
goto Cleanup;
}
status = UuidToStringW(&uuid, (unsigned short**)&pwzNewContainerName);
hr = HRESULT_FROM_RPCSTATUS(status);
if (FAILED(hr))
{
goto Cleanup;
}
pwzContainerName = pwzNewContainerName;
hr = IsServiceAccount(&fServiceAccount);
if (FAILED(hr))
{
goto Cleanup;
}
//
// open the clean key container
//
// note: CRYPT_NEW_KEYSET is not creating new keys, it just
// creates new key container. duh.
//
if (!CryptAcquireContextW(phCryptProv,
pwzNewContainerName,
NULL, // default provider name
DEFAULT_PROV_TYPE,
fServiceAccount ?
(CRYPT_SILENT | CRYPT_NEWKEYSET | CRYPT_MACHINE_KEYSET) :
(CRYPT_SILENT | CRYPT_NEWKEYSET)))
{
hr = HRESULT_FROM_WIN32(GetLastError());
//
// we are seeing that CryptAcquireContextW returns NTE_FAIL under low
// memory condition, so we just mask the error
//
if (NTE_FAIL == hr)
{
hr = E_OUTOFMEMORY;
}
goto Cleanup;
}
fCreatedContainer = TRUE;
}
else
{
BOOL fServiceAccount = FALSE;
hr = IsServiceAccount(&fServiceAccount);
if (FAILED(hr))
{
goto Cleanup;
}
//
// open the provider first, create the keys too
//
if (!CryptAcquireContextW(phCryptProv,
pwzContainerName,
NULL, // default provider name
DEFAULT_PROV_TYPE,
fServiceAccount ?
(CRYPT_SILENT | CRYPT_MACHINE_KEYSET) :
(CRYPT_SILENT)))
{
hr = HRESULT_FROM_WIN32(GetLastError());
//
// we are seeing that CryptAcquireContextW returns NTE_FAIL under low
// memory condition, so we just mask the error
//
if (NTE_FAIL == hr)
{
hr = E_OUTOFMEMORY;
}
goto Cleanup;
}
}
if (fCreateNewKeys)
{
//
// make sure keys exist
//
if (!CryptGetUserKey(*phCryptProv,
DEFAULT_KEY_SPEC,
&hKey))
{
hr = HRESULT_FROM_WIN32(GetLastError());
// if key does not exist, create it
if (HRESULT_FROM_WIN32((unsigned long)NTE_NO_KEY) == hr)
{
hr = S_OK;
if (!CryptGenKey(*phCryptProv,
DEFAULT_KEY_SPEC,
CRYPT_EXPORTABLE,
&hKey))
{
hr = HRESULT_FROM_WIN32(GetLastError());
//
// we are seeing that CryptGenKey returns ERROR_CANTOPEN under low
// memory condition, so we just mask the error
//
if (HRESULT_FROM_WIN32(ERROR_CANTOPEN) == hr)
{
hr = E_OUTOFMEMORY;
}
goto Cleanup;
}
}
else
{
// failed to get user key by some misterious reason, so bail out
goto Cleanup;
}
}
}
Cleanup:
DestroyKey(hKey);
if (FAILED(hr))
{
//
// release the context
//
ReleaseCryptProv(*phCryptProv);
*phCryptProv = NULL;
//
// delete the keys, if we created them
//
if (fCreatedContainer)
{
DeleteKeys(pwzContainerName);
}
}
if (NULL != pwzNewContainerName)
{
// this always returns RPC_S_OK
status = RpcStringFreeW((unsigned short**)&pwzNewContainerName);
USES(status);
}
return hr;
}
