Created
August 4, 2023 13:06
-
-
Save awakecoding/9ba01506210b3e732e84e83da558a598 to your computer and use it in GitHub Desktop.
kdcsvc.dll (NTDS) certificate loading functions
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| __int64 KdcInitializeCerts(void) | |
| { | |
| unsigned __int8 v0; // cl | |
| int v1; // r12d | |
| HANDLE EventW; // rax | |
| unsigned int v3; // r14d | |
| char *Heap; // rax | |
| char *v5; // r15 | |
| const char *v6; // r9 | |
| const char *v7; // rdi | |
| char v8; // al | |
| char v9; // cl | |
| __int64 v10; // rsi | |
| __int64 v11; // rbx | |
| char LastError; // al | |
| int v14; // r8d | |
| int v15; // r9d | |
| v1 = RtlInitializeCriticalSection(&KdcGlobalCertCritSect); | |
| if ( v1 >= 0 ) | |
| { | |
| KdcGlobalCertCritSectInitialized = 1; | |
| RtlInitializeResource(&KdcGlobalDHParametersLock); | |
| KdcGlobalDHParametersLockInitialized = 1; | |
| KdcCertStore = CertOpenStore((LPCSTR)0xA, 0, 0i64, 0x24001u, L"MY");// CERT_STORE_PROV_SYSTEM_W | |
| if ( !KdcCertStore ) | |
| { | |
| LastError = GetLastError(); | |
| v0 = (unsigned __int8)WPP_GLOBAL_Control; | |
| if ( WPP_GLOBAL_Control != (CSecurityData *)&WPP_GLOBAL_Control && (*((_BYTE *)WPP_GLOBAL_Control + 28) & 1) != 0 ) | |
| WPP_SF_SD(*((_QWORD *)WPP_GLOBAL_Control + 2), (unsigned int)&WPP_GLOBAL_Control, v14, v15, LastError); | |
| v1 = -1073741772; | |
| goto LABEL_21; | |
| } | |
| EventW = CreateEventW(0i64, 0, 0, 0i64); | |
| KdcCertStoreChangeEvent = EventW; | |
| if ( EventW | |
| && (KdcCertStoreWait = (void *)RegisterWaitForSingleObjectEx(EventW, KdcMyStoreWaitHandler, 0i64, 36000000i64, 0)) != 0i64 | |
| && CertControlStore(KdcCertStore, 0, 2u, &KdcCertStoreChangeEvent) ) | |
| { | |
| v3 = 0; | |
| Heap = (char *)RtlAllocateHeap(NtCurrentPeb()->ProcessHeap, 8u, 0x18ui64); | |
| v5 = Heap; | |
| if ( !Heap ) | |
| { | |
| v1 = 0xC000009A; | |
| goto LABEL_21; | |
| } | |
| strcpy_s(Heap, 0x15ui64, "1.2.840.113549.1.1.4"); | |
| v6 = v5; | |
| v7 = v5; | |
| do | |
| { | |
| v8 = *v7; | |
| if ( *v7 ) | |
| { | |
| v9 = *v7; | |
| do | |
| { | |
| v8 = v9; | |
| if ( v9 == 46 ) | |
| break; | |
| v8 = *++v7; | |
| v9 = *v7; | |
| } | |
| while ( *v7 ); | |
| } | |
| if ( v8 == 46 ) | |
| *v7++ = 0; | |
| else | |
| v7 = 0i64; | |
| v10 = v3; | |
| v11 = 2i64 * v3; | |
| *((_DWORD *)&KdcSignatureAlg + 4 * v3++ + 2) = (unsigned __int16)strtol(v6, 0i64, 0); | |
| *((_QWORD *)&KdcSignatureAlg + v11) = (char *)&KdcSignatureAlg + 16 * v3; | |
| v6 = v7; | |
| } | |
| while ( v7 ); | |
| if ( v3 ) | |
| *((_QWORD *)&KdcSignatureAlg + 2 * v10) = 0i64; | |
| RtlFreeHeap(NtCurrentPeb()->ProcessHeap, 0, v5); | |
| } | |
| else | |
| { | |
| v1 = GetLastError(); | |
| } | |
| } | |
| if ( v1 < 0 ) | |
| LABEL_21: | |
| KdcCleanupCerts(v0); | |
| return (unsigned int)v1; | |
| } | |
| void __fastcall KdcMyStoreWaitHandler(PVOID a1, char a2) | |
| { | |
| PCCERT_CONTEXT v3; // rbx | |
| CSecurityData *v4; // rcx | |
| const CERT_CONTEXT *v5; // rax | |
| unsigned int v6; // edx | |
| const struct _CERT_CONTEXT *v7; // rcx | |
| DWORD LastError; // eax | |
| int v9; // eax | |
| int v10; // r14d | |
| const CERT_CONTEXT *i; // rdx | |
| PCCERT_CONTEXT v12; // rax | |
| PCCERT_CONTEXT *v13; // rax | |
| unsigned int v14; // r14d | |
| PCCERT_CONTEXT *v15; // rax | |
| unsigned int v16; // r14d | |
| const CERT_CONTEXT *v17; // rbx | |
| DWORD v18; // eax | |
| PCCERT_CHAIN_CONTEXT v19; // rcx | |
| PCERT_SIMPLE_CHAIN *rgpChain; // r8 | |
| DWORD v21; // ebx | |
| PCCERT_CONTEXT pCertContext; // rcx | |
| BOOL v23; // eax | |
| unsigned int v24; // edx | |
| DWORD v25; // eax | |
| __int64 v26; // rdx | |
| DWORD v27; // ebx | |
| PCERT_SIMPLE_CHAIN *v28; // rdx | |
| PCCERT_CONTEXT v29; // rcx | |
| PCCERT_CONTEXT v30; // rax | |
| DWORD v31; // eax | |
| struct _CERT_CHAIN_POLICY_STATUS v32; // [rsp+40h] [rbp-89h] BYREF | |
| struct _CERT_CHAIN_POLICY_STATUS v33; // [rsp+58h] [rbp-71h] BYREF | |
| struct _CERT_CHAIN_POLICY_STATUS v34; // [rsp+70h] [rbp-59h] BYREF | |
| struct _CERT_CHAIN_PARA pChainPara; // [rsp+90h] [rbp-39h] BYREF | |
| unsigned int v36; // [rsp+C8h] [rbp-1h] | |
| DWORD pcbData; // [rsp+140h] [rbp+77h] BYREF | |
| PCCERT_CHAIN_CONTEXT pChainContext; // [rsp+148h] [rbp+7Fh] BYREF | |
| pChainContext = 0i64; | |
| memset(&v32, 0, sizeof(v32)); | |
| pcbData = 0; | |
| _InterlockedExchange((volatile __int32 *)&KdcGlobalKdcCertWarningType, 0); | |
| v3 = 0i64; | |
| _InterlockedExchange((volatile __int32 *)&KdcGlobalKdcCertWarningState, 1); | |
| if ( !KdcCertStoreWait ) | |
| return; | |
| GetSystemTimeAsFileTime(&KdcLastChangeEventTime); | |
| if ( !a2 || CertControlStore(KdcCertStore, 0, 5u, &KdcCertStoreChangeEvent) ) | |
| goto LABEL_4; | |
| v4 = WPP_GLOBAL_Control; | |
| if ( WPP_GLOBAL_Control == (CSecurityData *)&WPP_GLOBAL_Control ) | |
| goto LABEL_8; | |
| if ( (*((_BYTE *)WPP_GLOBAL_Control + 28) & 1) != 0 ) | |
| { | |
| LastError = GetLastError(); | |
| WPP_SF_D(*((_QWORD *)WPP_GLOBAL_Control + 2), 111i64, &WPP_8a977ff03c4b314070aa26be22303ae2_Traceguids, LastError); | |
| LABEL_4: | |
| v4 = WPP_GLOBAL_Control; | |
| } | |
| if ( v4 != (CSecurityData *)&WPP_GLOBAL_Control && (*((_DWORD *)v4 + 7) & 0x1000) != 0 ) | |
| WPP_SF_(*((_QWORD *)v4 + 2), 112i64, &WPP_8a977ff03c4b314070aa26be22303ae2_Traceguids); | |
| LABEL_8: | |
| RtlEnterCriticalSection(&KdcGlobalCertCritSect); | |
| CertControlStore(KdcCertStore, 0, 2u, &KdcCertStoreChangeEvent); | |
| CertControlStore(KdcCertStore, 0, 1u, 0i64); | |
| if ( !KdcGlobalCert ) | |
| goto LABEL_9; | |
| v9 = KdcCheckKdcCertificate(KdcGlobalCert, &v32); | |
| v10 = v9; | |
| if ( !v9 ) | |
| { | |
| for ( i = 0i64; ; i = v3 ) | |
| { | |
| v12 = CertEnumCertificatesInStore(KdcCertStore, i); | |
| v3 = v12; | |
| if ( !v12 ) | |
| goto LABEL_9; | |
| if ( CertCompareCertificate(0x10001u, KdcGlobalCert->pCertInfo, v12->pCertInfo) ) | |
| break; | |
| } | |
| CertFreeCertificateContext(v3); | |
| v7 = KdcGlobalCert; | |
| v6 = 1; | |
| LABEL_12: | |
| KdcEventWriteKdcCertLog(v7, v6, 0, 0i64); | |
| goto LABEL_13; | |
| } | |
| if ( v9 == 77 || (KdcEventWriteKdcCertLog(KdcGlobalCert, 2u, v9, &v32), v10 != 74) ) | |
| { | |
| if ( KdcGlobalCert ) | |
| { | |
| CertFreeCertificateContext(KdcGlobalCert); | |
| KdcGlobalCert = 0i64; | |
| } | |
| v13 = (PCCERT_CONTEXT *)KdcGlobalAdditionalCertificates; | |
| if ( KdcGlobalAdditionalCertificates ) | |
| { | |
| v14 = 0; | |
| if ( KdcGlobalAdditionalCertificatesCount ) | |
| { | |
| while ( 1 ) | |
| { | |
| CertFreeCertificateContext(v13[v14++]); | |
| if ( v14 >= KdcGlobalAdditionalCertificatesCount ) | |
| break; | |
| v13 = (PCCERT_CONTEXT *)KdcGlobalAdditionalCertificates; | |
| } | |
| } | |
| RtlFreeHeap(NtCurrentPeb()->ProcessHeap, 0, KdcGlobalAdditionalCertificates); | |
| KdcGlobalAdditionalCertificates = 0i64; | |
| } | |
| KdcGlobalAdditionalCertificatesCount = 0; | |
| if ( KdcGlobalCertOcspResponse ) | |
| { | |
| CertCloseServerOcspResponse(KdcGlobalCertOcspResponse, 0); | |
| KdcGlobalCertOcspResponse = 0i64; | |
| } | |
| } | |
| do | |
| { | |
| LABEL_9: | |
| v5 = CertEnumCertificatesInStore(KdcCertStore, v3); | |
| v3 = v5; | |
| if ( !v5 ) | |
| { | |
| while ( 1 ) | |
| { | |
| v3 = CertEnumCertificatesInStore(KdcCertStore, v3); | |
| if ( !v3 ) | |
| break; | |
| memset(&v33, 0, sizeof(v33)); | |
| if ( CertGetCertificateContextProperty(v3, 2u, 0i64, &pcbData) | |
| && !(unsigned int)KdcCheckLegacyKdcCertificate(v3, &v33) ) | |
| { | |
| _InterlockedExchange((volatile __int32 *)&KdcGlobalKdcCertWarningType, 2); | |
| _InterlockedExchange((volatile __int32 *)&KdcGlobalKdcCertWarningState, 2); | |
| goto LABEL_43; | |
| } | |
| } | |
| v6 = 3; | |
| v7 = 0i64; | |
| KdcGlobalKdcCertChainStatus = v32; | |
| _InterlockedExchange((volatile __int32 *)&KdcGlobalKdcCertWarningType, 1); | |
| _InterlockedExchange((volatile __int32 *)&KdcGlobalKdcCertWarningState, 2); | |
| goto LABEL_12; | |
| } | |
| } | |
| while ( !CertGetCertificateContextProperty(v5, 2u, 0i64, &pcbData) || (unsigned int)KdcCheckKdcCertificate(v3, &v34) ); | |
| LABEL_43: | |
| if ( WPP_GLOBAL_Control != (CSecurityData *)&WPP_GLOBAL_Control && (*((_DWORD *)WPP_GLOBAL_Control + 7) & 0x1000) != 0 ) | |
| WPP_SF_(*((_QWORD *)WPP_GLOBAL_Control + 2), 113i64, &WPP_8a977ff03c4b314070aa26be22303ae2_Traceguids); | |
| if ( KdcGlobalCert ) | |
| { | |
| CertFreeCertificateContext(KdcGlobalCert); | |
| KdcGlobalCert = 0i64; | |
| } | |
| v15 = (PCCERT_CONTEXT *)KdcGlobalAdditionalCertificates; | |
| if ( KdcGlobalAdditionalCertificates ) | |
| { | |
| v16 = 0; | |
| if ( KdcGlobalAdditionalCertificatesCount ) | |
| { | |
| while ( 1 ) | |
| { | |
| CertFreeCertificateContext(v15[v16++]); | |
| if ( v16 >= KdcGlobalAdditionalCertificatesCount ) | |
| break; | |
| v15 = (PCCERT_CONTEXT *)KdcGlobalAdditionalCertificates; | |
| } | |
| } | |
| RtlFreeHeap(NtCurrentPeb()->ProcessHeap, 0, KdcGlobalAdditionalCertificates); | |
| KdcGlobalAdditionalCertificates = 0i64; | |
| } | |
| KdcGlobalAdditionalCertificatesCount = 0; | |
| if ( KdcGlobalCertOcspResponse ) | |
| { | |
| CertCloseServerOcspResponse(KdcGlobalCertOcspResponse, 0); | |
| KdcGlobalCertOcspResponse = 0i64; | |
| } | |
| KdcGlobalCert = v3; | |
| KdcEventWriteKdcCertLog(v3, 1u, 0, 0i64); | |
| v17 = KdcGlobalCert; | |
| if ( !KdcGlobalCert ) | |
| goto LABEL_13; | |
| memset_0(&pChainPara, 0, 0x60ui64); | |
| pChainPara.cbSize = 96; | |
| v36 = 1000 * KdcGlobalCRLRetrievalTimeout; | |
| if ( CertGetCertificateChain((HCERTCHAINENGINE)1, v17, 0i64, 0i64, &pChainPara, 0xC0000000, 0i64, &pChainContext) ) | |
| { | |
| v19 = pChainContext; | |
| } | |
| else | |
| { | |
| if ( WPP_GLOBAL_Control != (CSecurityData *)&WPP_GLOBAL_Control && (*((_BYTE *)WPP_GLOBAL_Control + 28) & 2) != 0 ) | |
| { | |
| v18 = GetLastError(); | |
| WPP_SF_D(*((_QWORD *)WPP_GLOBAL_Control + 2), 114i64, &WPP_8a977ff03c4b314070aa26be22303ae2_Traceguids, v18); | |
| } | |
| v19 = 0i64; | |
| pChainContext = 0i64; | |
| } | |
| if ( v19 && v19->cChain && (rgpChain = v19->rgpChain, v21 = 0, (*rgpChain)->cElement) ) | |
| { | |
| do | |
| { | |
| pCertContext = (*rgpChain)->rgpElement[v21]->pCertContext; | |
| v23 = CertCompareCertificateName( | |
| pCertContext->dwCertEncodingType, | |
| &pCertContext->pCertInfo->Issuer, | |
| &pCertContext->pCertInfo->Subject); | |
| v24 = KdcGlobalAdditionalCertificatesCount; | |
| if ( !v23 ) | |
| v24 = ++KdcGlobalAdditionalCertificatesCount; | |
| v19 = pChainContext; | |
| ++v21; | |
| rgpChain = pChainContext->rgpChain; | |
| } | |
| while ( v21 < (*rgpChain)->cElement ); | |
| } | |
| else | |
| { | |
| v24 = KdcGlobalAdditionalCertificatesCount; | |
| } | |
| if ( !v24 ) | |
| goto LABEL_81; | |
| KdcGlobalAdditionalCertificates = MIDL_user_allocate(8i64 * v24); | |
| KdcGlobalAdditionalCertificatesCount = 0; | |
| if ( !KdcGlobalAdditionalCertificates ) | |
| { | |
| if ( WPP_GLOBAL_Control != (CSecurityData *)&WPP_GLOBAL_Control && (*((_BYTE *)WPP_GLOBAL_Control + 28) & 2) != 0 ) | |
| { | |
| v25 = GetLastError(); | |
| v26 = 115i64; | |
| goto LABEL_75; | |
| } | |
| goto LABEL_13; | |
| } | |
| v19 = pChainContext; | |
| v27 = 0; | |
| v28 = pChainContext->rgpChain; | |
| if ( !(*v28)->cElement ) | |
| { | |
| LABEL_81: | |
| KdcGlobalCertOcspResponse = CertOpenServerOcspResponse(v19, 0, 0i64); | |
| if ( !KdcGlobalCertOcspResponse | |
| && WPP_GLOBAL_Control != (CSecurityData *)&WPP_GLOBAL_Control | |
| && (*((_BYTE *)WPP_GLOBAL_Control + 28) & 2) != 0 ) | |
| { | |
| v31 = GetLastError(); | |
| WPP_SF_D(*((_QWORD *)WPP_GLOBAL_Control + 2), 117i64, &WPP_8a977ff03c4b314070aa26be22303ae2_Traceguids, v31); | |
| } | |
| RtlLeaveCriticalSection(&KdcGlobalCertCritSect); | |
| if ( !KdcGlobalDHParametersInitialized ) | |
| KdcCacheDHParameters(); | |
| goto LABEL_14; | |
| } | |
| while ( 2 ) | |
| { | |
| v29 = (*v28)->rgpElement[v27]->pCertContext; | |
| if ( CertCompareCertificateName(v29->dwCertEncodingType, &v29->pCertInfo->Issuer, &v29->pCertInfo->Subject) ) | |
| { | |
| LABEL_80: | |
| v19 = pChainContext; | |
| ++v27; | |
| v28 = pChainContext->rgpChain; | |
| if ( v27 >= (*v28)->cElement ) | |
| goto LABEL_81; | |
| continue; | |
| } | |
| break; | |
| } | |
| v30 = CertDuplicateCertificateContext((*pChainContext->rgpChain)->rgpElement[v27]->pCertContext); | |
| *((_QWORD *)KdcGlobalAdditionalCertificates + KdcGlobalAdditionalCertificatesCount) = v30; | |
| if ( v30 ) | |
| { | |
| ++KdcGlobalAdditionalCertificatesCount; | |
| goto LABEL_80; | |
| } | |
| if ( WPP_GLOBAL_Control != (CSecurityData *)&WPP_GLOBAL_Control && (*((_BYTE *)WPP_GLOBAL_Control + 28) & 2) != 0 ) | |
| { | |
| v25 = GetLastError(); | |
| v26 = 116i64; | |
| LABEL_75: | |
| WPP_SF_D(*((_QWORD *)WPP_GLOBAL_Control + 2), v26, &WPP_8a977ff03c4b314070aa26be22303ae2_Traceguids, v25); | |
| } | |
| LABEL_13: | |
| RtlLeaveCriticalSection(&KdcGlobalCertCritSect); | |
| LABEL_14: | |
| if ( pChainContext ) | |
| CertFreeCertificateChain(pChainContext); | |
| } | |
| void __fastcall KdcEventWriteKdcCertLog( | |
| const struct _CERT_CONTEXT *a1, | |
| int a2, | |
| char a3, | |
| struct _CERT_CHAIN_POLICY_STATUS *a4) | |
| { | |
| int v8; // edx | |
| unsigned __int64 v9; // rcx | |
| __int64 v10; // rbx | |
| int CertLogInfo; // eax | |
| struct _UNICODE_STRING v12; // [rsp+40h] [rbp-40h] BYREF | |
| unsigned __int16 v13; // [rsp+50h] [rbp-30h] | |
| __int64 v14; // [rsp+58h] [rbp-28h] | |
| unsigned __int16 v15; // [rsp+60h] [rbp-20h] | |
| __int64 v16; // [rsp+68h] [rbp-18h] | |
| unsigned __int16 v17; // [rsp+70h] [rbp-10h] | |
| __int64 v18; // [rsp+78h] [rbp-8h] | |
| memset_0(&v12, 0, 0x40ui64); | |
| v10 = 0i64; | |
| if ( !a1 ) | |
| goto LABEL_2; | |
| CertLogInfo = KdcGetCertLogInfo(a1, &v12); | |
| if ( CertLogInfo >= 0 ) | |
| { | |
| if ( v12.Length ) | |
| { | |
| v9 = (unsigned __int64)v12.Length >> 1; | |
| v12.Buffer[v9] = 0; | |
| } | |
| else | |
| { | |
| v12.Buffer = 0i64; | |
| } | |
| if ( v13 ) | |
| { | |
| v9 = (unsigned __int64)v13 >> 1; | |
| *(_WORD *)(v14 + 2 * v9) = 0; | |
| } | |
| else | |
| { | |
| v14 = 0i64; | |
| } | |
| if ( v15 ) | |
| { | |
| v9 = (unsigned __int64)v15 >> 1; | |
| *(_WORD *)(v16 + 2 * v9) = 0; | |
| } | |
| else | |
| { | |
| v16 = 0i64; | |
| } | |
| if ( !v17 ) | |
| { | |
| v18 = 0i64; | |
| LABEL_3: | |
| if ( a2 == 1 ) | |
| { | |
| if ( (Microsoft_Windows_Kerberos_Key_Distribution_CenterEnableBits & 0x10) != 0 ) | |
| McTemplateU0zzzz_EtwEventWriteTransfer(v9, v8, v12.Buffer, v14, v16, v10); | |
| } | |
| else if ( a2 == 2 ) | |
| { | |
| if ( (Microsoft_Windows_Kerberos_Key_Distribution_CenterEnableBits & 4) != 0 ) | |
| McTemplateU0zzzzqq_EtwEventWriteTransfer( | |
| v9, | |
| (unsigned int)&KdcCertValidationFailure, | |
| v12.Buffer, | |
| v14, | |
| v16, | |
| v10, | |
| a3, | |
| a4->dwError); | |
| } | |
| else if ( a2 == 3 && (Microsoft_Windows_Kerberos_Key_Distribution_CenterEnableBits & 8) != 0 ) | |
| { | |
| McTemplateK0_EtwWriteTransfer(v9, &KdcCertNotFound); | |
| } | |
| goto LABEL_8; | |
| } | |
| v9 = (unsigned __int64)v17 >> 1; | |
| *(_WORD *)(v18 + 2 * v9) = 0; | |
| LABEL_2: | |
| v10 = v18; | |
| goto LABEL_3; | |
| } | |
| if ( WPP_GLOBAL_Control != (CSecurityData *)&WPP_GLOBAL_Control && (*((_BYTE *)WPP_GLOBAL_Control + 28) & 1) != 0 ) | |
| WPP_SF_D( | |
| *((_QWORD *)WPP_GLOBAL_Control + 2), | |
| 110i64, | |
| &WPP_8a977ff03c4b314070aa26be22303ae2_Traceguids, | |
| (unsigned int)CertLogInfo); | |
| LABEL_8: | |
| SQEX::Luminous::Math::LmMatrix4::Print((SQEX::Luminous::Math::LmMatrix4 *)&v12); | |
| } | |
| __int64 __fastcall KdcGetKdcCertificate( | |
| const struct _CERT_CONTEXT **a1, | |
| const struct _CERT_CONTEXT ***a2, | |
| unsigned int *a3, | |
| const struct _CERT_SERVER_OCSP_RESPONSE_CONTEXT **a4) | |
| { | |
| int v4; // edi | |
| const struct _CERT_CONTEXT *v10; // rax | |
| DWORD v11; // eax | |
| const struct _CERT_CONTEXT **v12; // rax | |
| DWORD LastError; // eax | |
| unsigned int v14; // eax | |
| __int64 v15; // rbp | |
| void *v16; // r8 | |
| __int64 v17; // rbx | |
| DWORD v18; // eax | |
| v4 = 0; | |
| if ( a2 ) | |
| *a2 = 0i64; | |
| if ( a4 ) | |
| *a4 = 0i64; | |
| *a3 = 0; | |
| if ( !KdcGlobalCertCritSectInitialized ) | |
| return 3221225524i64; | |
| RtlEnterCriticalSection(&KdcGlobalCertCritSect); | |
| if ( !KdcGlobalCert ) | |
| { | |
| if ( WPP_GLOBAL_Control != (CSecurityData *)&WPP_GLOBAL_Control && (*((_BYTE *)WPP_GLOBAL_Control + 28) & 2) != 0 ) | |
| WPP_SF_(*((_QWORD *)WPP_GLOBAL_Control + 2), 118i64, &WPP_8a977ff03c4b314070aa26be22303ae2_Traceguids); | |
| v4 = -1073741772; | |
| goto LABEL_29; | |
| } | |
| v10 = CertDuplicateCertificateContext(KdcGlobalCert); | |
| *a1 = v10; | |
| if ( v10 ) | |
| { | |
| *a3 = 0; | |
| if ( a2 ) | |
| { | |
| v12 = (const struct _CERT_CONTEXT **)MIDL_user_allocate(8i64 * KdcGlobalAdditionalCertificatesCount); | |
| *a2 = v12; | |
| if ( !v12 ) | |
| { | |
| if ( WPP_GLOBAL_Control != (CSecurityData *)&WPP_GLOBAL_Control | |
| && (*((_BYTE *)WPP_GLOBAL_Control + 28) & 1) != 0 ) | |
| { | |
| LastError = GetLastError(); | |
| WPP_SF_D( | |
| *((_QWORD *)WPP_GLOBAL_Control + 2), | |
| 120i64, | |
| &WPP_8a977ff03c4b314070aa26be22303ae2_Traceguids, | |
| LastError); | |
| } | |
| v4 = -1073741801; | |
| goto LABEL_29; | |
| } | |
| v14 = KdcGlobalAdditionalCertificatesCount; | |
| v15 = 0i64; | |
| if ( KdcGlobalAdditionalCertificatesCount ) | |
| { | |
| while ( 1 ) | |
| { | |
| (*a2)[v15] = CertDuplicateCertificateContext(*((PCCERT_CONTEXT *)KdcGlobalAdditionalCertificates + v15)); | |
| if ( !(*a2)[v15] ) | |
| break; | |
| v14 = KdcGlobalAdditionalCertificatesCount; | |
| v15 = (unsigned int)(v15 + 1); | |
| if ( (unsigned int)v15 >= KdcGlobalAdditionalCertificatesCount ) | |
| goto LABEL_26; | |
| } | |
| if ( WPP_GLOBAL_Control != (CSecurityData *)&WPP_GLOBAL_Control | |
| && (*((_BYTE *)WPP_GLOBAL_Control + 28) & 1) != 0 ) | |
| { | |
| v18 = GetLastError(); | |
| WPP_SF_DD_4( | |
| *((_QWORD *)WPP_GLOBAL_Control + 2), | |
| 121i64, | |
| &WPP_8a977ff03c4b314070aa26be22303ae2_Traceguids, | |
| (unsigned int)v15, | |
| v18); | |
| } | |
| goto LABEL_16; | |
| } | |
| LABEL_26: | |
| *a3 = v14; | |
| } | |
| if ( a4 ) | |
| *a4 = CertGetServerOcspResponseContext(KdcGlobalCertOcspResponse, 0, 0i64); | |
| goto LABEL_29; | |
| } | |
| if ( WPP_GLOBAL_Control != (CSecurityData *)&WPP_GLOBAL_Control && (*((_BYTE *)WPP_GLOBAL_Control + 28) & 1) != 0 ) | |
| { | |
| v11 = GetLastError(); | |
| WPP_SF_D(*((_QWORD *)WPP_GLOBAL_Control + 2), 119i64, &WPP_8a977ff03c4b314070aa26be22303ae2_Traceguids, v11); | |
| } | |
| LABEL_16: | |
| v4 = -1073741670; | |
| LABEL_29: | |
| RtlLeaveCriticalSection(&KdcGlobalCertCritSect); | |
| if ( v4 < 0 ) | |
| { | |
| if ( a2 ) | |
| { | |
| v16 = *a2; | |
| if ( *a2 ) | |
| { | |
| v17 = 0i64; | |
| if ( *a3 ) | |
| { | |
| do | |
| { | |
| CertFreeCertificateContext((*a2)[v17]); | |
| v17 = (unsigned int)(v17 + 1); | |
| } | |
| while ( (unsigned int)v17 < *a3 ); | |
| v16 = *a2; | |
| } | |
| RtlFreeHeap(NtCurrentPeb()->ProcessHeap, 0, v16); | |
| *a2 = 0i64; | |
| } | |
| } | |
| *a3 = 0; | |
| } | |
| return (unsigned int)v4; | |
| } | |
| void __fastcall KdcCleanupCerts() | |
| { | |
| PCCERT_CONTEXT *v0; // rax | |
| unsigned int v1; // ebx | |
| if ( KdcCertStoreWait ) | |
| UnregisterWaitEx( | |
| (HANDLE)_InterlockedExchange64((volatile __int64 *)&KdcCertStoreWait, 0i64), | |
| (HANDLE)0xFFFFFFFFFFFFFFFFi64); | |
| if ( KdcGlobalCertCritSectInitialized ) | |
| RtlEnterCriticalSection(&KdcGlobalCertCritSect); | |
| if ( KdcGlobalCert ) | |
| { | |
| CertFreeCertificateContext(KdcGlobalCert); | |
| KdcGlobalCert = 0i64; | |
| } | |
| v0 = (PCCERT_CONTEXT *)KdcGlobalAdditionalCertificates; | |
| if ( KdcGlobalAdditionalCertificates ) | |
| { | |
| v1 = 0; | |
| if ( KdcGlobalAdditionalCertificatesCount ) | |
| { | |
| while ( 1 ) | |
| { | |
| CertFreeCertificateContext(v0[v1++]); | |
| if ( v1 >= KdcGlobalAdditionalCertificatesCount ) | |
| break; | |
| v0 = (PCCERT_CONTEXT *)KdcGlobalAdditionalCertificates; | |
| } | |
| } | |
| RtlFreeHeap(NtCurrentPeb()->ProcessHeap, 0, KdcGlobalAdditionalCertificates); | |
| KdcGlobalAdditionalCertificates = 0i64; | |
| } | |
| KdcGlobalAdditionalCertificatesCount = 0; | |
| if ( KdcGlobalCertOcspResponse ) | |
| { | |
| CertCloseServerOcspResponse(KdcGlobalCertOcspResponse, 0); | |
| KdcGlobalCertOcspResponse = 0i64; | |
| } | |
| if ( KdcCertStore ) | |
| { | |
| CertCloseStore(KdcCertStore, 0); | |
| KdcCertStore = 0i64; | |
| } | |
| if ( KdcCertStoreChangeEvent ) | |
| { | |
| CloseHandle(KdcCertStoreChangeEvent); | |
| KdcCertStoreChangeEvent = 0i64; | |
| } | |
| if ( KdcGlobalCertCritSectInitialized ) | |
| { | |
| RtlLeaveCriticalSection(&KdcGlobalCertCritSect); | |
| RtlDeleteCriticalSection(&KdcGlobalCertCritSect); | |
| KdcGlobalCertCritSectInitialized = 0; | |
| } | |
| if ( KdcGlobalDHParametersInitialized ) | |
| { | |
| RtlAcquireResourceExclusive(&KdcGlobalDHParametersLock, 1u); | |
| KdcFreeCachedKeys(); | |
| RtlReleaseResource(&KdcGlobalDHParametersLock); | |
| KdcGlobalDHParametersInitialized = 0; | |
| } | |
| if ( KdcGlobalDHParametersLockInitialized ) | |
| { | |
| RtlDeleteResource(&KdcGlobalDHParametersLock); | |
| KdcGlobalDHParametersLockInitialized = 0; | |
| } | |
| } | |
| __int64 __fastcall KdcCheckPkinitPreAuthData( | |
| struct _KERB_MESSAGE_BUFFER *a1, | |
| struct _KDC_TICKET_INFO *a2, | |
| void *a3, | |
| int a4, | |
| struct KERB_KDC_REQUEST_preauth_data_s *a5, | |
| struct KERB_KDC_REQUEST_BODY *a6, | |
| struct KERB_KDC_REQUEST_preauth_data_s *a7, | |
| PCCERT_CONTEXT a8, | |
| unsigned __int8 *a9, | |
| unsigned int a10, | |
| void *a11, | |
| const struct _CERT_CHAIN_CONTEXT *a12, | |
| struct sockaddr *a13, | |
| struct KERB_KDC_REQUEST_preauth_data_s **a14, | |
| struct KERB_KDC_REQUEST_preauth_data_s **a15, | |
| unsigned int *a16, | |
| struct _KERB_ENCRYPTION_KEY *a17, | |
| struct _UNICODE_STRING *a18, | |
| struct _UNICODE_STRING *a19, | |
| struct KERB_EXT_ERROR *a20, | |
| struct _KERB_MESSAGE_BUFFER *a21) | |
| { | |
| int v21; // r13d | |
| unsigned __int8 *v24; // r14 | |
| CSecurityData **v25; // r8 | |
| unsigned int *v26; // rax | |
| __int32 v27; // eax | |
| __int64 PreAuthDataEntry; // rax | |
| void **v29; // rdx | |
| unsigned int v31; // eax | |
| PCCERT_CONTEXT *v32; // rsi | |
| unsigned int v33; // ebx | |
| void *v34; // r14 | |
| int v35; // ebx | |
| DWORD LastError; // eax | |
| unsigned int v37; // esi | |
| unsigned int v38; // eax | |
| unsigned int v39; // eax | |
| __int64 v40; // rax | |
| struct KERB_ALGORITHM_IDENTIFIER *GlobalECDHEmpheralAlg; // rax | |
| unsigned int v42; // r13d | |
| struct KERB_ALGORITHM_IDENTIFIER *GlobalEphemeralDHAlg; // rax | |
| CSecurityData *v44; // rcx | |
| __int64 v45; // rdx | |
| ULONG v46; // r14d | |
| struct _KERB_ECC_CURVE_INFO *v47; // rax | |
| HCRYPTKEY v48; // rsi | |
| CHAR *v49; // rax | |
| CSecurityData *v50; // rcx | |
| PCCERT_CONTEXT *v51; // rdi | |
| __int64 v52; // rsi | |
| BCRYPT_KEY_HANDLE v53; // rbx | |
| int v54; // eax | |
| DWORD v55; // eax | |
| __int64 v56; // rdx | |
| __int64 v57; // rsi | |
| CSecurityData *v58; // rcx | |
| __int64 v59; // rdx | |
| CSecurityData *v60; // rcx | |
| __int64 v61; // r8 | |
| CSecurityData *v62; // rcx | |
| __int64 v63; // rdx | |
| unsigned int v64; // eax | |
| unsigned int *v65; // rsi | |
| __int64 v66; // rbx | |
| int v67; // r14d | |
| int v68; // esi | |
| unsigned __int8 *v69; // r8 | |
| unsigned int v70; // r9d | |
| struct _KERB_ENCRYPTION_KEY *v71; // r12 | |
| unsigned int KeyEx3; // eax | |
| __int64 v73; // r8 | |
| int v74; // edx | |
| _QWORD *v75; // rax | |
| unsigned int v76; // r8d | |
| _QWORD *v77; // rdx | |
| int v78; // ecx | |
| bool v79; // zf | |
| int v80; // eax | |
| unsigned int v81; // eax | |
| int v82; // ebx | |
| DWORD v83; // eax | |
| unsigned int v84; // eax | |
| DWORD v85; // eax | |
| __int64 v86; // rax | |
| struct KERB_KDC_REQUEST_BODY *v87; // rsi | |
| unsigned int v88; // eax | |
| unsigned int v89; // ebx | |
| DWORD v90; // eax | |
| void *v91; // rsi | |
| int v92; // ebx | |
| DWORD v93; // eax | |
| PCCERT_SERVER_OCSP_RESPONSE_CONTEXT v94; // rdi | |
| _DWORD *v95; // rax | |
| _QWORD *v96; // [rsp+50h] [rbp-B0h] | |
| void *v97; // [rsp+58h] [rbp-A8h] BYREF | |
| __int64 v98; // [rsp+60h] [rbp-A0h] BYREF | |
| unsigned int v99; // [rsp+68h] [rbp-98h] BYREF | |
| size_t size; // [rsp+6Ch] [rbp-94h] BYREF | |
| int v101; // [rsp+74h] [rbp-8Ch] | |
| PCCERT_CONTEXT v102; // [rsp+78h] [rbp-88h] BYREF | |
| __int64 v103; // [rsp+80h] [rbp-80h] BYREF | |
| int v104; // [rsp+88h] [rbp-78h] | |
| unsigned int v105; // [rsp+8Ch] [rbp-74h] | |
| unsigned int v106; // [rsp+90h] [rbp-70h] BYREF | |
| unsigned int v107; // [rsp+94h] [rbp-6Ch] BYREF | |
| __int64 v108; // [rsp+98h] [rbp-68h] BYREF | |
| PCCERT_SERVER_OCSP_RESPONSE_CONTEXT pServerOcspResponseContext; // [rsp+A0h] [rbp-60h] BYREF | |
| unsigned int *v110; // [rsp+A8h] [rbp-58h] | |
| __int64 v111; // [rsp+B0h] [rbp-50h] BYREF | |
| unsigned __int8 *v112; // [rsp+B8h] [rbp-48h] BYREF | |
| struct KERB_KDC_REQUEST_BODY *v113; // [rsp+C0h] [rbp-40h] | |
| __int128 v114; // [rsp+C8h] [rbp-38h] | |
| __int64 v115; // [rsp+D8h] [rbp-28h] | |
| struct _FILETIME SystemTimeAsFileTime; // [rsp+E0h] [rbp-20h] BYREF | |
| __int64 v117; // [rsp+E8h] [rbp-18h] BYREF | |
| __int64 v118; // [rsp+F0h] [rbp-10h] BYREF | |
| __int64 v119; // [rsp+F8h] [rbp-8h] BYREF | |
| PCCERT_CONTEXT pCertContext; // [rsp+100h] [rbp+0h] BYREF | |
| union _LARGE_INTEGER Time; // [rsp+108h] [rbp+8h] BYREF | |
| void *v122; // [rsp+110h] [rbp+10h] BYREF | |
| HCRYPTKEY hKey; // [rsp+118h] [rbp+18h] BYREF | |
| BCRYPT_KEY_HANDLE phKey; // [rsp+120h] [rbp+20h] BYREF | |
| HCERTSTORE hCertStore; // [rsp+128h] [rbp+28h] BYREF | |
| BCRYPT_SECRET_HANDLE hSecret; // [rsp+130h] [rbp+30h] BYREF | |
| struct _CRYPTOAPI_BLOB v127; // [rsp+138h] [rbp+38h] BYREF | |
| UNICODE_STRING String2; // [rsp+148h] [rbp+48h] BYREF | |
| void *v129; // [rsp+158h] [rbp+58h] | |
| __int64 v130; // [rsp+160h] [rbp+60h] | |
| struct _KERB_ENCRYPTION_KEY *v131; // [rsp+168h] [rbp+68h] | |
| struct KERB_KDC_REQUEST_preauth_data_s *v132; // [rsp+170h] [rbp+70h] | |
| struct KERB_KDC_REQUEST_preauth_data_s **v133; // [rsp+178h] [rbp+78h] | |
| void *v134; // [rsp+180h] [rbp+80h] | |
| __int128 *v135; // [rsp+188h] [rbp+88h] BYREF | |
| BCRYPT_KEY_HANDLE hPrivKey; // [rsp+190h] [rbp+90h] BYREF | |
| struct _CRYPTOAPI_BLOB pcbEncoded; // [rsp+198h] [rbp+98h] BYREF | |
| struct _CRYPTOAPI_BLOB v138; // [rsp+1A8h] [rbp+A8h] BYREF | |
| unsigned __int8 *v139[2]; // [rsp+1B8h] [rbp+B8h] BYREF | |
| __int64 v140[2]; // [rsp+1C8h] [rbp+C8h] BYREF | |
| HCRYPTKEY hPubKey; // [rsp+1D8h] [rbp+D8h] BYREF | |
| int v142[4]; // [rsp+1E0h] [rbp+E0h] BYREF | |
| __int64 v143; // [rsp+1F0h] [rbp+F0h] | |
| struct _CRYPT_ALGORITHM_IDENTIFIER v144; // [rsp+1F8h] [rbp+F8h] BYREF | |
| __int128 v145; // [rsp+210h] [rbp+110h] BYREF | |
| __int128 v146; // [rsp+220h] [rbp+120h] | |
| __int128 v147; // [rsp+230h] [rbp+130h] | |
| struct sockaddr *v148; // [rsp+240h] [rbp+140h] | |
| unsigned int *v149; // [rsp+248h] [rbp+148h] | |
| struct KERB_KDC_REQUEST_preauth_data_s **v150; // [rsp+250h] [rbp+150h] | |
| __int64 v151; // [rsp+258h] [rbp+158h] | |
| struct _UNICODE_STRING *v152; // [rsp+260h] [rbp+160h] | |
| PCCERT_CHAIN_CONTEXT pChainContext; // [rsp+268h] [rbp+168h] | |
| struct KERB_KDC_REQUEST_preauth_data_s *v154; // [rsp+270h] [rbp+170h] | |
| struct _KERB_MESSAGE_BUFFER *v155; // [rsp+278h] [rbp+178h] | |
| char v156[24]; // [rsp+280h] [rbp+180h] BYREF | |
| __int64 v157; // [rsp+298h] [rbp+198h] | |
| __int128 v158; // [rsp+2A0h] [rbp+1A0h] BYREF | |
| BYTE *pbEncodedOcspResponse; // [rsp+2B0h] [rbp+1B0h] | |
| char v160[24]; // [rsp+2B8h] [rbp+1B8h] BYREF | |
| __int128 v161; // [rsp+2D0h] [rbp+1D0h] BYREF | |
| void *v162; // [rsp+2E0h] [rbp+1E0h] | |
| struct _CERT_CHAIN_POLICY_STATUS v163; // [rsp+2E8h] [rbp+1E8h] BYREF | |
| const char *v164; // [rsp+300h] [rbp+200h] BYREF | |
| __int128 v165; // [rsp+308h] [rbp+208h] | |
| __int128 v166[2]; // [rsp+318h] [rbp+218h] BYREF | |
| struct _CERT_X942_DH_PARAMETERS v167; // [rsp+340h] [rbp+240h] BYREF | |
| __int128 v168; // [rsp+390h] [rbp+290h] BYREF | |
| __int128 v169; // [rsp+3A0h] [rbp+2A0h] | |
| __int128 v170; // [rsp+3B0h] [rbp+2B0h] | |
| char v171[32]; // [rsp+3C0h] [rbp+2C0h] BYREF | |
| v21 = 0; | |
| v24 = a9; | |
| v113 = a6; | |
| v132 = a7; | |
| v129 = a11; | |
| pChainContext = a12; | |
| v148 = a13; | |
| v133 = a14; | |
| v150 = a15; | |
| v110 = a16; | |
| v152 = a19; | |
| v149 = (unsigned int *)a21; | |
| v155 = a1; | |
| v157 = 0i64; | |
| v162 = 0i64; | |
| v101 = a4; | |
| v154 = a5; | |
| v131 = a17; | |
| v117 = 0i64; | |
| pCertContext = 0i64; | |
| v102 = 0i64; | |
| v112 = 0i64; | |
| v111 = 0i64; | |
| v151 = 0i64; | |
| v130 = 0i64; | |
| memset(&v163, 0, sizeof(v163)); | |
| v122 = 0i64; | |
| String2 = 0i64; | |
| *(_DWORD *)v156 = 0; | |
| *(_OWORD *)&v156[8] = 0i64; | |
| *(_DWORD *)v160 = 0; | |
| *(_OWORD *)&v160[8] = 0i64; | |
| size = 0i64; | |
| v161 = 0i64; | |
| v134 = 0i64; | |
| v96 = 0i64; | |
| v165 = 0i64; | |
| v119 = 0i64; | |
| v98 = 0i64; | |
| v118 = 0i64; | |
| v103 = 0i64; | |
| v167.p.cbData = 0; | |
| memset_0(&v167.p.pbData, 0, 0x40ui64); | |
| hKey = 0i64; | |
| phKey = 0i64; | |
| pcbEncoded = 0i64; | |
| hPubKey = 0i64; | |
| v138 = 0i64; | |
| hPrivKey = 0i64; | |
| *(_OWORD *)v139 = 0i64; | |
| v97 = 0i64; | |
| *(_OWORD *)v140 = 0i64; | |
| v99 = 0; | |
| v168 = 0i64; | |
| pServerOcspResponseContext = 0i64; | |
| v169 = 0i64; | |
| v170 = 0i64; | |
| v25 = &WPP_GLOBAL_Control; | |
| hCertStore = 0i64; | |
| pbEncodedOcspResponse = 0i64; | |
| *a14 = 0i64; | |
| *(_OWORD *)a17 = 0i64; | |
| v144.pszObjId = "1.3.14.3.2.26"; | |
| v26 = v110; | |
| *((_OWORD *)a17 + 1) = 0i64; | |
| hSecret = 0i64; | |
| v105 = 0; | |
| *v26 = 0; | |
| v104 = 0; | |
| v158 = 0i64; | |
| v144.Parameters = 0i64; | |
| v145 = 0i64; | |
| v146 = 0i64; | |
| v147 = 0i64; | |
| if ( _InterlockedExchange((volatile __int32 *)&KdcGlobalKdcCertWarningState, 1) == 2 ) | |
| { | |
| v27 = _InterlockedExchange((volatile __int32 *)&KdcGlobalKdcCertWarningType, 0); | |
| if ( v27 == 1 ) | |
| { | |
| if ( WPP_GLOBAL_Control != (CSecurityData *)&WPP_GLOBAL_Control && (*((_BYTE *)WPP_GLOBAL_Control + 28) & 1) != 0 ) | |
| WPP_SF_(*((_QWORD *)WPP_GLOBAL_Control + 2), 71i64, &WPP_8a977ff03c4b314070aa26be22303ae2_Traceguids); | |
| ReportServiceEvent( | |
| 2u, | |
| 0x8000001D, | |
| KdcGlobalKdcCertChainStatus.dwError != 0 ? 0x10 : 0, | |
| &KdcGlobalKdcCertChainStatus, | |
| 0); | |
| } | |
| else if ( v27 == 2 ) | |
| { | |
| if ( WPP_GLOBAL_Control != (CSecurityData *)&WPP_GLOBAL_Control && (*((_BYTE *)WPP_GLOBAL_Control + 28) & 1) != 0 ) | |
| WPP_SF_(*((_QWORD *)WPP_GLOBAL_Control + 2), 72i64, &WPP_8a977ff03c4b314070aa26be22303ae2_Traceguids); | |
| ReportServiceEvent(2u, 0x80000020, 0, 0i64, 0); | |
| } | |
| } | |
| PreAuthDataEntry = KerbFindPreAuthDataEntry(18i64, v132, v25); | |
| v29 = &v97; | |
| if ( KdcGlobalSendOnlyLeafCertificate ) | |
| v29 = 0i64; | |
| if ( (int)KdcGetKdcCertificate( | |
| &v102, | |
| (const struct _CERT_CONTEXT ***)v29, | |
| &v99, | |
| (const struct _CERT_SERVER_OCSP_RESPONSE_CONTEXT **)((unsigned __int64)&pServerOcspResponseContext & -(__int64)(PreAuthDataEntry != 0))) < 0 ) | |
| { | |
| ReportServiceEvent(1u, 0x80000013, 0, 0i64, 0); | |
| FillExtendedError(-1073741024, 1u, 0x40Au, 0xA24u, a20); | |
| return 16i64; | |
| } | |
| GetSystemTimeAsFileTime(&SystemTimeAsFileTime); | |
| v31 = KerbUnpackData(*((_QWORD *)a5 + 3), *((unsigned int *)a5 + 4), 23i64, &v117); | |
| v32 = (PCCERT_CONTEXT *)v97; | |
| v33 = v31; | |
| if ( v31 ) | |
| { | |
| if ( WPP_GLOBAL_Control == (CSecurityData *)&WPP_GLOBAL_Control || (*((_BYTE *)WPP_GLOBAL_Control + 28) & 1) == 0 ) | |
| { | |
| v34 = 0i64; | |
| goto LABEL_95; | |
| } | |
| WPP_SF_D(*((_QWORD *)WPP_GLOBAL_Control + 2), 73i64, &WPP_8a977ff03c4b314070aa26be22303ae2_Traceguids, v31); | |
| goto LABEL_20; | |
| } | |
| if ( a9 ) | |
| { | |
| v37 = a10; | |
| } | |
| else | |
| { | |
| v35 = ScHelperVerifyPkcsMessage( | |
| *(BYTE **)(v117 + 16), | |
| *(_DWORD *)(v117 + 8), | |
| (__int64)&v118, | |
| (__int64)&v103, | |
| (__int64)&pCertContext, | |
| (__int64)&hCertStore); | |
| if ( v35 < 0 ) | |
| { | |
| if ( WPP_GLOBAL_Control != (CSecurityData *)&WPP_GLOBAL_Control && (*((_BYTE *)WPP_GLOBAL_Control + 28) & 1) != 0 ) | |
| { | |
| LastError = GetLastError(); | |
| WPP_SF_DD( | |
| *((_QWORD *)WPP_GLOBAL_Control + 2), | |
| 74i64, | |
| &WPP_8a977ff03c4b314070aa26be22303ae2_Traceguids, | |
| (unsigned int)v35, | |
| LastError); | |
| } | |
| if ( (KDCInfoLevel & 0x10000000) != 0 ) | |
| { | |
| *(_DWORD *)a20 = v35; | |
| *((_DWORD *)a20 + 2) = 2; | |
| *((_DWORD *)a20 + 1) = 67766867; | |
| } | |
| v33 = 41; | |
| LABEL_20: | |
| v34 = 0i64; | |
| goto LABEL_95; | |
| } | |
| a8 = pCertContext; | |
| v24 = (unsigned __int8 *)v118; | |
| v37 = v103; | |
| v129 = hCertStore; | |
| if ( (*((_BYTE *)a2 + 112) & 1) == 0 ) | |
| { | |
| v33 = KdcVerifyClientCertDnsName(pCertContext, a2); | |
| if ( v33 ) | |
| goto LABEL_264; | |
| } | |
| } | |
| if ( !a8 ) | |
| { | |
| v33 = 60; | |
| LABEL_36: | |
| v34 = 0i64; | |
| LABEL_94: | |
| v32 = (PCCERT_CONTEXT *)v97; | |
| goto LABEL_95; | |
| } | |
| if ( v101 == 16 ) | |
| { | |
| v142[1] = 0; | |
| v142[3] = 0; | |
| memset(v166, 0, sizeof(v166)); | |
| v38 = KerbUnpackData(v24, v37, 60i64, &v98); | |
| v34 = 0i64; | |
| v33 = v38; | |
| if ( v38 ) | |
| goto LABEL_36; | |
| if ( *(char *)(v98 + 8) >= 0 ) | |
| { | |
| if ( WPP_GLOBAL_Control != (CSecurityData *)&WPP_GLOBAL_Control | |
| && ((unsigned __int8)(v38 + 1) & *((_BYTE *)WPP_GLOBAL_Control + 28)) != 0 ) | |
| { | |
| WPP_SF_(*((_QWORD *)WPP_GLOBAL_Control + 2), v38 + 75, &WPP_8a977ff03c4b314070aa26be22303ae2_Traceguids); | |
| } | |
| v33 = 79; | |
| goto LABEL_36; | |
| } | |
| v142[0] = -131; | |
| v143 = *(_QWORD *)(v98 + 48); | |
| v142[2] = *(_DWORD *)(v98 + 40); | |
| if ( KdcGlobalKrbtgtFullPacSignature ) | |
| { | |
| v39 = KdcVerifyTgsChecksum(v113, (struct _KERB_ENCRYPTION_KEY *)v166, (struct KERB_CHECKSUM *)v142); | |
| v33 = v39; | |
| if ( v39 ) | |
| { | |
| if ( WPP_GLOBAL_Control != (CSecurityData *)&WPP_GLOBAL_Control | |
| && (*((_BYTE *)WPP_GLOBAL_Control + 28) & 4) != 0 ) | |
| { | |
| WPP_SF_D(*((_QWORD *)WPP_GLOBAL_Control + 2), 76i64, &WPP_8a977ff03c4b314070aa26be22303ae2_Traceguids, v39); | |
| } | |
| if ( v33 == 41 ) | |
| { | |
| v33 = 31; | |
| goto LABEL_36; | |
| } | |
| goto LABEL_93; | |
| } | |
| } | |
| else if ( (int)KdcVerifyTgsChecksum(v113, (struct _KERB_ENCRYPTION_KEY *)v166, (struct KERB_CHECKSUM *)v142) < 0 ) | |
| { | |
| if ( WPP_GLOBAL_Control != (CSecurityData *)&WPP_GLOBAL_Control && (*((_BYTE *)WPP_GLOBAL_Control + 28) & 4) != 0 ) | |
| { | |
| WPP_SF_D(*((_QWORD *)WPP_GLOBAL_Control + 2), 77i64, &WPP_8a977ff03c4b314070aa26be22303ae2_Traceguids, 0i64); | |
| goto LABEL_36; | |
| } | |
| goto LABEL_93; | |
| } | |
| v40 = v98; | |
| v130 = v98 + 8; | |
| if ( (*(_BYTE *)v98 & 0x80) == 0 ) | |
| { | |
| LABEL_181: | |
| *((_DWORD *)a2 + 28) &= ~0x100u; | |
| if ( KdcGlobalRequireFreshness ) | |
| { | |
| if ( (*(_BYTE *)(v40 + 8) & 0x40) != 0 ) | |
| { | |
| v33 = KdcVerifyFreshnessToken(*(unsigned __int8 **)(v40 + 64), *(_DWORD *)(v40 + 56), a20); | |
| if ( v33 ) | |
| goto LABEL_93; | |
| *((_DWORD *)a2 + 28) |= 0x100u; | |
| } | |
| else | |
| { | |
| if ( KdcGlobalRequireFreshness < 2 ) | |
| goto LABEL_186; | |
| if ( (unsigned int)KdcIsThresholdFunctionalLevel() ) | |
| { | |
| v33 = 25; | |
| if ( WPP_GLOBAL_Control != (CSecurityData *)&WPP_GLOBAL_Control | |
| && (*((_BYTE *)WPP_GLOBAL_Control + 28) & 1) != 0 ) | |
| { | |
| WPP_SF_(*((_QWORD *)WPP_GLOBAL_Control + 2), 89i64, &WPP_8a977ff03c4b314070aa26be22303ae2_Traceguids); | |
| } | |
| goto LABEL_93; | |
| } | |
| } | |
| v40 = v98; | |
| } | |
| LABEL_186: | |
| v57 = v151; | |
| v21 = *(_WORD *)v40 & 0x40; | |
| goto LABEL_199; | |
| } | |
| GlobalECDHEmpheralAlg = KerbGetGlobalECDHEmpheralAlg(); | |
| v105 = KerbEqualOID( | |
| *(struct ASN1objectidentifier_s **)(v98 + 80), | |
| *((struct ASN1objectidentifier_s **)GlobalECDHEmpheralAlg + 1)); | |
| v42 = v105; | |
| if ( !v105 | |
| && (GlobalEphemeralDHAlg = KerbGetGlobalEphemeralDHAlg(), | |
| !(unsigned int)KerbEqualOID( | |
| *(struct ASN1objectidentifier_s **)(v98 + 80), | |
| *((struct ASN1objectidentifier_s **)GlobalEphemeralDHAlg + 1))) | |
| || (*(_BYTE *)(v98 + 72) & 0x80) == 0 ) | |
| { | |
| if ( WPP_GLOBAL_Control != (CSecurityData *)&WPP_GLOBAL_Control && (*((_BYTE *)WPP_GLOBAL_Control + 28) & 1) != 0 ) | |
| WPP_SF_(*((_QWORD *)WPP_GLOBAL_Control + 2), 78i64, &WPP_8a977ff03c4b314070aa26be22303ae2_Traceguids); | |
| v33 = 60; | |
| goto LABEL_94; | |
| } | |
| v127.cbData = *(_DWORD *)(v98 + 88); | |
| v127.pbData = *(BYTE **)(v98 + 96); | |
| if ( v42 ) | |
| { | |
| v33 = KerbDecodeECDHParameters(&v127, (unsigned int *)&size + 1); | |
| if ( v33 ) | |
| { | |
| v44 = WPP_GLOBAL_Control; | |
| if ( WPP_GLOBAL_Control == (CSecurityData *)&WPP_GLOBAL_Control | |
| || (*((_BYTE *)WPP_GLOBAL_Control + 28) & 1) == 0 ) | |
| { | |
| goto LABEL_93; | |
| } | |
| v45 = 79i64; | |
| LABEL_68: | |
| WPP_SF_D(*((_QWORD *)v44 + 2), v45, &WPP_8a977ff03c4b314070aa26be22303ae2_Traceguids, v33); | |
| goto LABEL_94; | |
| } | |
| v46 = HIDWORD(size); | |
| v47 = KerbLookupCurveInfo(HIDWORD(size)); | |
| LODWORD(v48) = 0; | |
| if ( v47 ) | |
| v49 = (CHAR *)*((_QWORD *)v47 + 2); | |
| else | |
| v49 = 0i64; | |
| v144.pszObjId = v49; | |
| if ( !v49 ) | |
| { | |
| v50 = WPP_GLOBAL_Control; | |
| if ( WPP_GLOBAL_Control != (CSecurityData *)&WPP_GLOBAL_Control | |
| && (*((_BYTE *)WPP_GLOBAL_Control + 28) & 2) != 0 ) | |
| { | |
| WPP_SF_D_0(*((_QWORD *)WPP_GLOBAL_Control + 2), 80i64, &WPP_8a977ff03c4b314070aa26be22303ae2_Traceguids, v46); | |
| v50 = WPP_GLOBAL_Control; | |
| } | |
| v144.pszObjId = "1.3.14.3.2.26"; | |
| LABEL_83: | |
| if ( (*(_BYTE *)v98 & 0x20) != 0 ) | |
| { | |
| if ( v50 != (CSecurityData *)&WPP_GLOBAL_Control && (*((_DWORD *)v50 + 7) & 0x100000) != 0 ) | |
| WPP_SF_(*((_QWORD *)v50 + 2), 82i64, &WPP_8a977ff03c4b314070aa26be22303ae2_Traceguids); | |
| if ( KdcGlobalDHParametersInitialized || (KdcCacheDHParameters(), KdcGlobalDHParametersInitialized) ) | |
| { | |
| v33 = KerbCheckCachedKeys( | |
| v42, | |
| (union _LARGE_INTEGER *)&SystemTimeAsFileTime, | |
| (struct KERB_ALGORITHM_IDENTIFIER *)(v98 + 72), | |
| (struct KDCDHKeyInfo *)&v168, | |
| &v167, | |
| &hPubKey, | |
| &hPrivKey); | |
| if ( v33 ) | |
| { | |
| if ( WPP_GLOBAL_Control != (CSecurityData *)&WPP_GLOBAL_Control | |
| && (*((_BYTE *)WPP_GLOBAL_Control + 28) & 1) != 0 ) | |
| { | |
| WPP_SF_DD_4( | |
| *((_QWORD *)WPP_GLOBAL_Control + 2), | |
| 83i64, | |
| &WPP_8a977ff03c4b314070aa26be22303ae2_Traceguids, | |
| v42, | |
| v33); | |
| } | |
| goto LABEL_93; | |
| } | |
| v48 = hPubKey; | |
| v53 = hPrivKey; | |
| if ( hPubKey || hPrivKey ) | |
| { | |
| v104 = 1; | |
| goto LABEL_161; | |
| } | |
| } | |
| v50 = WPP_GLOBAL_Control; | |
| } | |
| if ( v42 ) | |
| { | |
| if ( KdcGlobalModpDHOnly != (_DWORD)v48 ) | |
| { | |
| v33 = 65; | |
| goto LABEL_155; | |
| } | |
| v54 = KerbGenerateECDHKey(v46, &phKey); | |
| } | |
| else | |
| { | |
| v54 = KerbGenerateDHKey(&v167, KdcGlobalUseWellknownDHDomainParametersOnly, &hKey); | |
| } | |
| v33 = v54; | |
| if ( v54 ) | |
| { | |
| v50 = WPP_GLOBAL_Control; | |
| LABEL_155: | |
| if ( v50 != (CSecurityData *)&WPP_GLOBAL_Control && (*((_BYTE *)v50 + 28) & 1) != 0 ) | |
| WPP_SF_DD_4(*((_QWORD *)v50 + 2), 84i64, &WPP_8a977ff03c4b314070aa26be22303ae2_Traceguids, v42, v33); | |
| if ( v33 == 65 ) | |
| KerbEncodeWellknownDHDomainParameters((int)v50, v149, (unsigned __int8 **)v149 + 1, v150); | |
| goto LABEL_93; | |
| } | |
| v48 = hKey; | |
| v53 = phKey; | |
| LABEL_161: | |
| v127.cbData = *(_DWORD *)(v98 + 104) >> 3; | |
| v127.pbData = *(BYTE **)(v98 + 112); | |
| if ( v42 ) | |
| { | |
| if ( !(unsigned int)KerbGetECDHPublicKey(v53, &pcbEncoded) ) | |
| { | |
| if ( WPP_GLOBAL_Control == (CSecurityData *)&WPP_GLOBAL_Control | |
| || (*((_BYTE *)WPP_GLOBAL_Control + 28) & 1) == 0 ) | |
| { | |
| goto LABEL_167; | |
| } | |
| v55 = GetLastError(); | |
| v56 = 85i64; | |
| goto LABEL_166; | |
| } | |
| if ( !(unsigned int)KerbGetSharedECDHKey(v53, &v127, &hSecret) ) | |
| { | |
| if ( WPP_GLOBAL_Control == (CSecurityData *)&WPP_GLOBAL_Control | |
| || (*((_BYTE *)WPP_GLOBAL_Control + 28) & 1) == 0 ) | |
| { | |
| goto LABEL_167; | |
| } | |
| v55 = GetLastError(); | |
| v56 = 86i64; | |
| goto LABEL_166; | |
| } | |
| goto LABEL_180; | |
| } | |
| if ( (unsigned int)KerbGetDHPublicKey(v48, &pcbEncoded.cbData) ) | |
| { | |
| if ( (unsigned int)KerbGetSharedKey(v48, &v127, &v138) ) | |
| { | |
| LABEL_180: | |
| v40 = v98; | |
| goto LABEL_181; | |
| } | |
| if ( WPP_GLOBAL_Control == (CSecurityData *)&WPP_GLOBAL_Control | |
| || (*((_BYTE *)WPP_GLOBAL_Control + 28) & 1) == 0 ) | |
| { | |
| goto LABEL_167; | |
| } | |
| v55 = GetLastError(); | |
| v56 = 88i64; | |
| } | |
| else | |
| { | |
| if ( WPP_GLOBAL_Control == (CSecurityData *)&WPP_GLOBAL_Control | |
| || (*((_BYTE *)WPP_GLOBAL_Control + 28) & 1) == 0 ) | |
| { | |
| goto LABEL_167; | |
| } | |
| v55 = GetLastError(); | |
| v56 = 87i64; | |
| } | |
| LABEL_166: | |
| WPP_SF_D(*((_QWORD *)WPP_GLOBAL_Control + 2), v56, &WPP_8a977ff03c4b314070aa26be22303ae2_Traceguids, v55); | |
| LABEL_167: | |
| v33 = 60; | |
| goto LABEL_93; | |
| } | |
| } | |
| else | |
| { | |
| v33 = KerbDecodeDHParameters(&v127, &v167); | |
| if ( v33 ) | |
| { | |
| v44 = WPP_GLOBAL_Control; | |
| if ( WPP_GLOBAL_Control == (CSecurityData *)&WPP_GLOBAL_Control | |
| || (*((_BYTE *)WPP_GLOBAL_Control + 28) & 1) == 0 ) | |
| { | |
| goto LABEL_93; | |
| } | |
| v45 = 81i64; | |
| goto LABEL_68; | |
| } | |
| v46 = HIDWORD(size); | |
| LODWORD(v48) = 0; | |
| } | |
| v50 = WPP_GLOBAL_Control; | |
| goto LABEL_83; | |
| } | |
| if ( KdcGlobalRequireFreshness >= 2 && (unsigned int)KdcIsThresholdFunctionalLevel() ) | |
| { | |
| v33 = 25; | |
| if ( WPP_GLOBAL_Control != (CSecurityData *)&WPP_GLOBAL_Control && (*((_BYTE *)WPP_GLOBAL_Control + 28) & 1) != 0 ) | |
| { | |
| WPP_SF_(*((_QWORD *)WPP_GLOBAL_Control + 2), 90i64, &WPP_8a977ff03c4b314070aa26be22303ae2_Traceguids); | |
| goto LABEL_36; | |
| } | |
| goto LABEL_93; | |
| } | |
| v33 = KerbUnpackData(v24, v37, 59i64, &v119); | |
| if ( v33 ) | |
| goto LABEL_36; | |
| v57 = v119 + 8; | |
| LABEL_199: | |
| v33 = KdcFillPkiAuditInfo(a8, v152); | |
| if ( v33 ) | |
| { | |
| v58 = WPP_GLOBAL_Control; | |
| if ( WPP_GLOBAL_Control == (CSecurityData *)&WPP_GLOBAL_Control || (*((_BYTE *)WPP_GLOBAL_Control + 28) & 1) == 0 ) | |
| goto LABEL_93; | |
| v59 = 91i64; | |
| goto LABEL_203; | |
| } | |
| v33 = KdcVerifyClientCertName(a8, a2, a20); | |
| if ( v33 ) | |
| { | |
| v58 = WPP_GLOBAL_Control; | |
| if ( WPP_GLOBAL_Control == (CSecurityData *)&WPP_GLOBAL_Control || (*((_BYTE *)WPP_GLOBAL_Control + 28) & 1) == 0 ) | |
| goto LABEL_93; | |
| v59 = 92i64; | |
| goto LABEL_203; | |
| } | |
| v33 = KdcCheckClientAuthCertificate(a2, a8, v129, pChainContext, a20, &v163); | |
| if ( v33 ) | |
| { | |
| KdcReportBadClientCertificate((struct _UNICODE_STRING *)a2, &v163, v61, *(_DWORD *)a20); | |
| v58 = WPP_GLOBAL_Control; | |
| if ( WPP_GLOBAL_Control == (CSecurityData *)&WPP_GLOBAL_Control || (*((_BYTE *)WPP_GLOBAL_Control + 28) & 1) == 0 ) | |
| goto LABEL_93; | |
| v59 = 93i64; | |
| LABEL_203: | |
| WPP_SF_D(*((_QWORD *)v58 + 2), v59, &WPP_8a977ff03c4b314070aa26be22303ae2_Traceguids, v33); | |
| goto LABEL_93; | |
| } | |
| if ( v57 ) | |
| { | |
| if ( !CSecurityData::IsOurRealm(v60, (char **)(v57 + 16)) ) | |
| { | |
| if ( WPP_GLOBAL_Control != (CSecurityData *)&WPP_GLOBAL_Control && (*((_BYTE *)WPP_GLOBAL_Control + 28) & 1) != 0 ) | |
| WPP_SF_s( | |
| *((_QWORD *)WPP_GLOBAL_Control + 2), | |
| 94i64, | |
| &WPP_8a977ff03c4b314070aa26be22303ae2_Traceguids, | |
| *(_QWORD *)(v57 + 16)); | |
| v33 = 7; | |
| goto LABEL_93; | |
| } | |
| v33 = KerbConvertPrincipalNameToString(&String2, &v135, v57); | |
| if ( v33 ) | |
| { | |
| LABEL_93: | |
| v34 = v96; | |
| goto LABEL_94; | |
| } | |
| if ( !RtlEqualUnicodeString(&stru_18009D430, &String2, 1u) | |
| && !RtlEqualUnicodeString(&stru_18009D440, &String2, 1u) | |
| && !RtlEqualUnicodeString(&stru_18009D420, &String2, 1u) | |
| && !RtlEqualUnicodeString(&stru_18009D410, &String2, 1u) ) | |
| { | |
| if ( WPP_GLOBAL_Control != (CSecurityData *)&WPP_GLOBAL_Control && (*((_BYTE *)WPP_GLOBAL_Control + 28) & 1) != 0 ) | |
| WPP_SF_Z(*((_QWORD *)WPP_GLOBAL_Control + 2), 95i64, &WPP_8a977ff03c4b314070aa26be22303ae2_Traceguids, &String2); | |
| v33 = 76; | |
| goto LABEL_93; | |
| } | |
| KerbConvertGeneralizedTimeToLargeInt(&Time); | |
| if ( !(unsigned __int8)KerbCheckTimeSkew(&SystemTimeAsFileTime, &Time) ) | |
| { | |
| v62 = WPP_GLOBAL_Control; | |
| if ( WPP_GLOBAL_Control == (CSecurityData *)&WPP_GLOBAL_Control || (*((_BYTE *)WPP_GLOBAL_Control + 28) & 1) == 0 ) | |
| goto LABEL_232; | |
| v63 = 96i64; | |
| LABEL_231: | |
| WPP_SF_(*((_QWORD *)v62 + 2), v63, &WPP_8a977ff03c4b314070aa26be22303ae2_Traceguids); | |
| LABEL_232: | |
| v33 = 37; | |
| goto LABEL_93; | |
| } | |
| v64 = *(_DWORD *)(v57 + 44); | |
| v65 = v110; | |
| *v110 = v64; | |
| } | |
| else | |
| { | |
| v65 = v110; | |
| } | |
| v66 = v130; | |
| if ( v130 ) | |
| { | |
| KerbConvertGeneralizedTimeToLargeInt(&Time); | |
| if ( !(unsigned __int8)KerbCheckTimeSkew(&SystemTimeAsFileTime, &Time) ) | |
| { | |
| v62 = WPP_GLOBAL_Control; | |
| if ( WPP_GLOBAL_Control == (CSecurityData *)&WPP_GLOBAL_Control || (*((_BYTE *)WPP_GLOBAL_Control + 28) & 1) == 0 ) | |
| goto LABEL_232; | |
| v63 = 97i64; | |
| goto LABEL_231; | |
| } | |
| *v65 = *(_DWORD *)(v66 + 24); | |
| } | |
| if ( KerbFindPreAuthDataEntry(131i64, v154, v61) ) | |
| { | |
| if ( (*((_BYTE *)a2 + 112) & 1) != 0 ) | |
| { | |
| v33 = KdcCheckAccountMappingDuplicates(a8, a20); | |
| if ( v33 ) | |
| goto LABEL_93; | |
| } | |
| } | |
| v33 = KerbConvertCryptListToArray(&v122, (char *)&v103 + 4, *((_QWORD *)v113 + 14)); | |
| if ( v33 ) | |
| goto LABEL_93; | |
| if ( (int)CDFindCommonCSystem(HIDWORD(v103), v122, &v106) < 0 ) | |
| { | |
| LABEL_246: | |
| v33 = 14; | |
| goto LABEL_93; | |
| } | |
| v67 = v104; | |
| if ( v104 && !(unsigned __int8)CDGenerateRandomBits(v171, 32i64) ) | |
| goto LABEL_167; | |
| v68 = v105; | |
| if ( v105 ) | |
| { | |
| if ( v67 ) | |
| { | |
| v69 = *(unsigned __int8 **)(v98 + 136); | |
| v70 = *(_DWORD *)(v98 + 128); | |
| } | |
| else | |
| { | |
| v69 = 0i64; | |
| v70 = 0; | |
| } | |
| v71 = v131; | |
| KeyEx3 = KerbMakeKeyEx3( | |
| BCryptDeriveKey, | |
| hSecret, | |
| v106, | |
| v70, | |
| v69, | |
| v67 != 0 ? 0x20 : 0, | |
| (unsigned __int8 *)((unsigned __int64)v171 & -(__int64)(v67 != 0)), | |
| v131); | |
| } | |
| else | |
| { | |
| if ( v67 ) | |
| { | |
| v73 = *(_QWORD *)(v98 + 136); | |
| v74 = *(_DWORD *)(v98 + 128); | |
| } | |
| else | |
| { | |
| LODWORD(v73) = 0; | |
| v74 = 0; | |
| } | |
| v71 = v131; | |
| KeyEx3 = KerbMakeKeyEx( | |
| v106, | |
| v74, | |
| v73, | |
| v67 != 0 ? 0x20 : 0, | |
| (unsigned __int64)v171 & -(__int64)(v67 != 0), | |
| v138.cbData, | |
| (__int64)v138.pbData, | |
| (__int64)v131); | |
| } | |
| v33 = KeyEx3; | |
| if ( KeyEx3 ) | |
| { | |
| if ( WPP_GLOBAL_Control != (CSecurityData *)&WPP_GLOBAL_Control && (*((_BYTE *)WPP_GLOBAL_Control + 28) & 1) != 0 ) | |
| WPP_SF_ddd_0( | |
| *((_QWORD *)WPP_GLOBAL_Control + 2), | |
| 98i64, | |
| &WPP_8a977ff03c4b314070aa26be22303ae2_Traceguids, | |
| KeyEx3, | |
| v68, | |
| v67); | |
| goto LABEL_93; | |
| } | |
| v75 = MIDL_user_allocate(0x20ui64); | |
| v76 = 0; | |
| v96 = v75; | |
| v77 = v75; | |
| if ( !v75 ) | |
| { | |
| v33 = 60; | |
| LABEL_264: | |
| v34 = 0i64; | |
| goto LABEL_94; | |
| } | |
| v78 = v101; | |
| v79 = v101 == 16; | |
| *(_QWORD *)((char *)v75 + 12) = 0i64; | |
| *(_QWORD *)((char *)v75 + 20) = 0i64; | |
| *((_DWORD *)v75 + 7) = 0; | |
| *v75 = 0i64; | |
| v80 = 17; | |
| if ( !v79 ) | |
| v80 = 15; | |
| *((_DWORD *)v77 + 2) = v80; | |
| if ( !v138.cbData && !v68 || !KdcGlobalUseDH ) | |
| { | |
| if ( v78 == 16 || KerbFindPreAuthDataEntry(132i64, v132, 0i64) ) | |
| { | |
| LODWORD(v114) = *((_DWORD *)v71 + 3); | |
| DWORD2(v114) = *((_DWORD *)v71 + 4); | |
| v86 = *((_QWORD *)v71 + 3); | |
| DWORD1(v114) = v76; | |
| HIDWORD(v114) = v76; | |
| v115 = v86; | |
| *(_QWORD *)&v160[16] = v86; | |
| *(_OWORD *)v160 = v114; | |
| if ( (int)KerbComputeChecksum(v155, v71, v76, (struct KERB_CHECKSUM *)&v161) < 0 ) | |
| goto LABEL_167; | |
| v84 = KerbPackData(v160, 19i64, &v107, &v112); | |
| } | |
| else | |
| { | |
| DWORD1(v114) = v76; | |
| HIDWORD(v114) = v76; | |
| LODWORD(v157) = *v110; | |
| LODWORD(v114) = *((_DWORD *)v71 + 3); | |
| DWORD2(v114) = *((_DWORD *)v71 + 4); | |
| v115 = *((_QWORD *)v71 + 3); | |
| *(_QWORD *)&v156[16] = v115; | |
| *(_OWORD *)v156 = v114; | |
| v84 = KerbPackData(v156, 18i64, &v107, &v112); | |
| } | |
| v33 = v84; | |
| if ( v84 ) | |
| goto LABEL_93; | |
| v32 = (PCCERT_CONTEXT *)v97; | |
| v82 = ScHelperSignPkcsMessage( | |
| (int)v102, | |
| (int)v97, | |
| v99, | |
| v21, | |
| &v144, | |
| (__int64)"1.3.6.1.5.2.3.3", | |
| v112, | |
| v107, | |
| (__int64)&v111, | |
| (__int64)&v108); | |
| if ( v82 < 0 ) | |
| { | |
| if ( WPP_GLOBAL_Control != (CSecurityData *)&WPP_GLOBAL_Control && (*((_BYTE *)WPP_GLOBAL_Control + 28) & 1) != 0 ) | |
| { | |
| v85 = GetLastError(); | |
| WPP_SF_DD( | |
| *((_QWORD *)WPP_GLOBAL_Control + 2), | |
| 100i64, | |
| &WPP_8a977ff03c4b314070aa26be22303ae2_Traceguids, | |
| (unsigned int)v82, | |
| v85); | |
| } | |
| if ( (KDCInfoLevel & 0x10000000) == 0 ) | |
| goto LABEL_278; | |
| *((_DWORD *)a20 + 1) = 67767630; | |
| goto LABEL_277; | |
| } | |
| v87 = v113; | |
| if ( KdcCheckForEtype(*((struct KERB_KDC_REQUEST_BODY_encryption_type_s **)v113 + 14), 0xFu) ) | |
| { | |
| v164 = "1.2.840.113549.3.7"; | |
| LODWORD(size) = 0; | |
| v88 = ScHelperEncryptMessage(a8, &v164, v111, (unsigned int)v108, 0i64, &size); | |
| v89 = v88; | |
| if ( v88 == 234 || !v88 ) | |
| { | |
| v134 = MIDL_user_allocate((unsigned int)size); | |
| v91 = v134; | |
| if ( !v134 ) | |
| goto LABEL_167; | |
| v92 = ScHelperEncryptMessage(a8, &v164, v111, (unsigned int)v108, v134, &size); | |
| if ( v92 >= 0 ) | |
| { | |
| DWORD2(v145) = size; | |
| *(_QWORD *)&v146 = v91; | |
| v32 = (PCCERT_CONTEXT *)v97; | |
| LOWORD(v145) = 2; | |
| goto LABEL_315; | |
| } | |
| if ( WPP_GLOBAL_Control != (CSecurityData *)&WPP_GLOBAL_Control | |
| && (*((_BYTE *)WPP_GLOBAL_Control + 28) & 1) != 0 ) | |
| { | |
| v93 = GetLastError(); | |
| WPP_SF_DD( | |
| *((_QWORD *)WPP_GLOBAL_Control + 2), | |
| 104i64, | |
| &WPP_8a977ff03c4b314070aa26be22303ae2_Traceguids, | |
| (unsigned int)v92, | |
| v93); | |
| } | |
| if ( (KDCInfoLevel & 0x10000000) != 0 ) | |
| { | |
| *(_DWORD *)a20 = v92; | |
| *((_DWORD *)a20 + 2) = 2; | |
| *((_DWORD *)a20 + 1) = 67767710; | |
| } | |
| } | |
| else | |
| { | |
| if ( v88 == -2146893816 ) | |
| { | |
| if ( WPP_GLOBAL_Control != (CSecurityData *)&WPP_GLOBAL_Control | |
| && (*((_BYTE *)WPP_GLOBAL_Control + 28) & 1) != 0 ) | |
| { | |
| WPP_SF_(*((_QWORD *)WPP_GLOBAL_Control + 2), 102i64, &WPP_8a977ff03c4b314070aa26be22303ae2_Traceguids); | |
| } | |
| goto LABEL_246; | |
| } | |
| if ( WPP_GLOBAL_Control != (CSecurityData *)&WPP_GLOBAL_Control | |
| && (*((_BYTE *)WPP_GLOBAL_Control + 28) & 1) != 0 ) | |
| { | |
| v90 = GetLastError(); | |
| WPP_SF_DD( | |
| *((_QWORD *)WPP_GLOBAL_Control + 2), | |
| 103i64, | |
| &WPP_8a977ff03c4b314070aa26be22303ae2_Traceguids, | |
| v89, | |
| v90); | |
| } | |
| FillExtendedError(v89, 1u, 0x40Au, 0xD7Du, a20); | |
| } | |
| v33 = 41; | |
| } | |
| else | |
| { | |
| if ( WPP_GLOBAL_Control != (CSecurityData *)&WPP_GLOBAL_Control && (*((_BYTE *)WPP_GLOBAL_Control + 28) & 1) != 0 ) | |
| WPP_SF_(*((_QWORD *)WPP_GLOBAL_Control + 2), 101i64, &WPP_8a977ff03c4b314070aa26be22303ae2_Traceguids); | |
| v33 = 14; | |
| KdcLogEncryptionModeNonConformingClient(v87, v148); | |
| } | |
| v34 = v96; | |
| v32 = (PCCERT_CONTEXT *)v97; | |
| goto LABEL_95; | |
| } | |
| DWORD2(v169) = *v110; | |
| DWORD2(v168) = 8 * pcbEncoded.cbData; | |
| *(_QWORD *)&v169 = pcbEncoded.pbData; | |
| v81 = KerbPackData(&v168, 20i64, v139, &v139[1]); | |
| v32 = (PCCERT_CONTEXT *)v97; | |
| v33 = v81; | |
| if ( v81 ) | |
| { | |
| LABEL_279: | |
| v34 = v96; | |
| goto LABEL_95; | |
| } | |
| v82 = ScHelperSignPkcsMessage( | |
| (int)v102, | |
| (int)v97, | |
| v99, | |
| 0, | |
| &v144, | |
| (__int64)"1.3.6.1.5.2.3.2", | |
| v139[1], | |
| (unsigned int)v139[0], | |
| (__int64)&v140[1], | |
| (__int64)v140); | |
| if ( v82 < 0 ) | |
| { | |
| if ( WPP_GLOBAL_Control != (CSecurityData *)&WPP_GLOBAL_Control && (*((_BYTE *)WPP_GLOBAL_Control + 28) & 1) != 0 ) | |
| { | |
| v83 = GetLastError(); | |
| WPP_SF_DD( | |
| *((_QWORD *)WPP_GLOBAL_Control + 2), | |
| 99i64, | |
| &WPP_8a977ff03c4b314070aa26be22303ae2_Traceguids, | |
| (unsigned int)v82, | |
| v83); | |
| } | |
| if ( (KDCInfoLevel & 0x10000000) == 0 ) | |
| goto LABEL_278; | |
| *((_DWORD *)a20 + 1) = 67767540; | |
| LABEL_277: | |
| *(_DWORD *)a20 = v82; | |
| *((_DWORD *)a20 + 2) = 2; | |
| LABEL_278: | |
| v33 = 60; | |
| goto LABEL_279; | |
| } | |
| LOWORD(v145) = 1; | |
| *((_QWORD *)&v146 + 1) = v140[1]; | |
| LODWORD(v146) = v140[0]; | |
| if ( v67 ) | |
| { | |
| LODWORD(v147) = 32; | |
| WORD4(v145) |= 0x80u; | |
| *((_QWORD *)&v147 + 1) = v171; | |
| } | |
| LABEL_315: | |
| v34 = v96; | |
| v33 = KerbPackData(&v145, 54i64, v96 + 2, v96 + 3); | |
| if ( !v33 ) | |
| { | |
| v94 = pServerOcspResponseContext; | |
| if ( pServerOcspResponseContext ) | |
| { | |
| v135 = &v158; | |
| if ( WPP_GLOBAL_Control != (CSecurityData *)&WPP_GLOBAL_Control | |
| && (*((_DWORD *)WPP_GLOBAL_Control + 7) & 0x80000) != 0 ) | |
| { | |
| WPP_SF_(*((_QWORD *)WPP_GLOBAL_Control + 2), v33 + 105, &WPP_8a977ff03c4b314070aa26be22303ae2_Traceguids); | |
| } | |
| v95 = MIDL_user_allocate(0x20ui64); | |
| if ( !v95 ) | |
| { | |
| v33 = 60; | |
| goto LABEL_95; | |
| } | |
| v95[2] = 18; | |
| *(_QWORD *)v95 = 0i64; | |
| *v96 = v95; | |
| pbEncodedOcspResponse = v94->pbEncodedOcspResponse; | |
| DWORD2(v158) = v94->cbEncodedOcspResponse; | |
| v33 = KerbPackData(&v135, 36i64, v95 + 4, v95 + 6); | |
| if ( v33 ) | |
| goto LABEL_95; | |
| } | |
| *v133 = (struct KERB_KDC_REQUEST_preauth_data_s *)v96; | |
| v34 = 0i64; | |
| } | |
| LABEL_95: | |
| if ( v162 ) | |
| KdcFree(v162); | |
| if ( v32 ) | |
| { | |
| if ( v99 ) | |
| { | |
| v51 = v32; | |
| v52 = v99; | |
| do | |
| { | |
| CertFreeCertificateContext(*v51++); | |
| --v52; | |
| } | |
| while ( v52 ); | |
| v32 = (PCCERT_CONTEXT *)v97; | |
| } | |
| KdcFree(v32); | |
| } | |
| if ( v117 ) | |
| KerbFreeData(23i64); | |
| if ( v111 ) | |
| ScHelperFree(); | |
| if ( v112 ) | |
| KdcFree(v112); | |
| if ( v118 ) | |
| ScHelperFree(); | |
| if ( v119 ) | |
| KerbFreeData(59i64); | |
| if ( v98 ) | |
| KerbFreeData(60i64); | |
| if ( pCertContext ) | |
| CertFreeCertificateContext(pCertContext); | |
| if ( v102 ) | |
| CertFreeCertificateContext(v102); | |
| if ( v134 ) | |
| KdcFree(v134); | |
| if ( v122 ) | |
| KdcFree(v122); | |
| KerbFreeString(&String2); | |
| if ( hKey ) | |
| CryptDestroyKey(hKey); | |
| if ( phKey ) | |
| BCryptDestroyKey(phKey); | |
| if ( pcbEncoded.pbData ) | |
| KdcFree(pcbEncoded.pbData); | |
| if ( v138.pbData ) | |
| KdcFree(v138.pbData); | |
| KerbFreeDHParameters(&v167); | |
| if ( v139[1] ) | |
| KdcFree(v139[1]); | |
| if ( v140[1] ) | |
| ScHelperFree(); | |
| if ( pServerOcspResponseContext ) | |
| CertFreeServerOcspResponseContext(pServerOcspResponseContext); | |
| if ( hCertStore ) | |
| CertCloseStore(hCertStore, 1u); | |
| if ( v34 ) | |
| KerbFreePreAuthData(v34); | |
| if ( hSecret ) | |
| BCryptDestroySecret(hSecret); | |
| return v33; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment