Win2K3 extra patches

Anon-maintained list of their own patches.

Changelog

2021-10-21: Initial upload.

2021-10-23: Added "Fixes for decompiled winlogon".

Use long-term test certificates

This is a quite large guide, moved to the separate page.

Identify as Windows XP instead of Windows 2000

Updates string formatter to identify the OS name in systeminfo and msinfo32 as Windows XP instead of Windows 2000.

|---------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| 1 2 3 4 5 6 7 8 9 10 11 | --- a/admin/wmi/wbem/providers/win32provider/providers/systemname.cpp +++ b/admin/wmi/wbem/providers/win32provider/providers/systemname.cpp @@ -372,7 +372,7 @@ CHString CSystemName::GetLocalizedName(void) #else if( IsWinNT5() ) { - if ( IsWinNT51() ) + if ( IsWinNT51() || IsWinNT52() ) { if (VER_SUITE_PERSONAL & t_ku.SuiteMask()) { |

Support for SHA-2 RSA signatures in crypt32.dll

Support for SHA-2 RSA certificate signatures was added in XP SP3 only. Without this patch, modern certificates (like ISRG Root X1 from Let's Encrypt) won't be verified.

|---------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 | --- a/ds/security/cryptoapi/pki/certstor/oidinfo.cpp +++ b/ds/security/cryptoapi/pki/certstor/oidinfo.cpp @@ -140,6 +140,11 @@ static CCRYPT_OID_INFO PubKeyAlgTable[] = { // Signature Algorithm Table //-------------------------------------------------------------------------- static const ALG_ID aiRsaPubKey = CALG_RSA_SIGN; +static const DWORD rgdwRsaSha2Sign[] = { + CALG_RSA_SIGN, + 0, + PROV_RSA_AES +}; static const DWORD rgdwMosaicSign[] = { CALG_DSS_SIGN, CRYPT_OID_INHIBIT_SIGNATURE_FORMAT_FLAG | @@ -160,12 +165,17 @@ static const DWORD rgdwDssSign[] = { OID_INFO_LEN, pszOID, pwszName, CRYPT_SIGN_ALG_OID_GROUP_ID, aiHash, sizeof(rgdwExtra), (BYTE *) rgdwExtra +#define RSA_SHA2_SIGN_ALG_ENTRY(pszOID, pwszName, aiHash)+ SIGN_EXTRA_ALG_ENTRY(pszOID, pwszName, aiHash, rgdwRsaSha2Sign) #define DSS_SIGN_ALG_ENTRY(pszOID, pwszName) SIGN_EXTRA_ALG_ENTRY(pszOID, pwszName, CALG_SHA1, rgdwDssSign) static CCRYPT_OID_INFO SignAlgTable[] = { RSA_SIGN_ALG_ENTRY(szOID_RSA_SHA1RSA, L"sha1RSA", CALG_SHA1), RSA_SIGN_ALG_ENTRY(szOID_RSA_MD5RSA, L"md5RSA", CALG_MD5), + RSA_SHA2_SIGN_ALG_ENTRY("1.2.840.113549.1.1.11", L"sha256RSA", CALG_SHA_256), + RSA_SHA2_SIGN_ALG_ENTRY("1.2.840.113549.1.1.12", L"sha384RSA", CALG_SHA_384), + RSA_SHA2_SIGN_ALG_ENTRY("1.2.840.113549.1.1.13", L"sha512RSA", CALG_SHA_512), DSS_SIGN_ALG_ENTRY(szOID_X957_SHA1DSA, L"sha1DSA"), RSA_SIGN_ALG_ENTRY(szOID_OIWSEC_sha1RSASign, L"sha1RSA", CALG_SHA1), RSA_SIGN_ALG_ENTRY(szOID_OIWSEC_sha1RSASign, L"shaRSA", CALG_SHA1), |

It also probably requires relatively modern rsaenh.dll, but the one provided by win2003_x86-missing-binaries_v2.7z should be enough. Binary only, yes.

Remove "For testing purposes only" message from desktop

Just skip the check for test certificate (which you probably use for builds).

|---------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| 1 2 3 4 5 6 7 8 9 10 11 | --- a/windows/core/ntuser/kernel/init.c +++ b/windows/core/ntuser/kernel/init.c @@ -3100,7 +3100,7 @@ BOOL xxxUpdatePerUserSystemParameters( /* * Desktop Build Number Painting */ - if (USER_SHARED_DATA->SystemExpirationDate.QuadPart || gfUnsignedDrivers) { + if (0 && (USER_SHARED_DATA->SystemExpirationDate.QuadPart || gfUnsignedDrivers)) { gdwCanPaintDesktop = 1; } else { FastGetProfileDwordW(pProfileUserName, PMAP_DESKTOP, L"PaintDesktopVersion", 0, &gdwCanPaintDesktop, dwPolicyFlags); |

Disable waiting for network in ported winlogon

Just reorders some stuff and disables the network check (which is not really needed). For those who still use the ported version of winlogon (Winlogon200X_v3c.zip).

Fixes for decompiled winlogon

This version of winlogon (ds.zip_decompiled_XPSP1_winlogon.zip) can't be built without additional fixes. Moreover, it has some controversial stuff which can be easily removed.

Everything in licensing is completely unnecessary. It contains a lot of unreadable disassembled code (and it's explained why in the included readme file). This directory can be easily removed with some code changes.
Smartcard logon (sclogon2.c) is incomplete and conflicts with definitions from sclgnrpc.h. I decided to just remove it intead of trying to fix.
Windows 3.1 migration code is incomplete and of course it's not needed at all. Moreover, even the ported version of winlogon doesn't have it (it was replaced with stubs, so I did the same).
Some minor fixes here and there to make it buildable.

⎗

|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 | --- a/ds/security/gina/winlogon/sas.c +++ b/ds/security/gina/winlogon/sas.c @@ -10,8 +10,6 @@ #include <tsperf.h> #include <rdfilter.h> -#include "../../licensing/explib/checkstatus.h" - #define SHELL_RESTART_TIMER_ID 100 //#define EVENT_SHELL_RESTARTED (1002 | 0x40000000) @@ -1294,13 +1292,10 @@ LRESULT SASWndProc( if ( pTerm->UserLoggedOn && !IsLocked( pTerm->WinlogonState )) { - DWORD val = 0; - if (!sub_1043104(978, &val) && val) { StartApplication(pTerm, szDesktop, pTerm->pWinStaWinlogon->UserProcessData.pEnvironment, szTaskMgr); - } } return(0); } @@ -1814,6 +1809,7 @@ LRESULT SASWndProc( DWORD dwType, dwSize; +#if 0 if (wParam == 977) { DWORD val = 0; // licensing check timer @@ -1836,6 +1832,7 @@ LRESULT SASWndProc( SetTimer(hwnd, 976, 3600000, NULL); return 0; } +#endif if (wParam != SHELL_RESTART_TIMER_ID) { break; --- a/ds/security/gina/winlogon/sources +++ b/ds/security/gina/winlogon/sources @@ -75,7 +75,6 @@ SOURCES= secboot.c notify.c sc.c- sclogon2.c wlxutil.c jobwait.c samwait.c@@ -115,8 +114,6 @@ TARGETLIBS= $(DS_GLOBAL_LIB_PATH)\wxapisrv.lib $(SHELL_LIB_PATH)\shguidp.lib $(SDK_LIB_PATH)\uuid.lib- $(SECURITY_LIB_PATH)\sclgnrpc.lib- $(SDK_LIB_PATH)\sclogon.lib $(SDK_LIB_PATH)\advapip.lib $(DS_LIB_PATH)\rsa32.lib $(DS_LIB_PATH)\bignum.lib@@ -125,12 +122,6 @@ TARGETLIBS= $(NET_LIB_PATH)\mprp.lib $(SDK_LIB_PATH)\psapi.lib $(SDK_LIB_PATH)\version.lib- ..\..\licensing\shortsig\$(O)\shortsig.lib- ..\..\licensing\shortsig00\$(O)\shortsig00.lib- ..\..\licensing\lib\$(O)\license.lib- ..\..\licensing\pidlib\$(O)\pidlib.lib- ..\..\licensing\explib\$(O)\explib.lib- ..\..\licensing\liclib\$(O)\liclib.lib $(SDK_LIB_PATH)\oleaut32.lib $(WINDOWS_LIB_PATH)\user32p.lib $(SDK_LIB_PATH)\ws2_32.lib--- a/ds/security/gina/winlogon/termutil.c +++ b/ds/security/gina/winlogon/termutil.c @@ -790,6 +790,7 @@ DWORD CALLBACK DeferredTSNotify(LPVOID pVoid) { HANDLE HandlesToWait[2]; DWORD dwWaitResult = WAIT_FAILED; HANDLE hTermSrvReadyEvent; + BOOLEAN pfIsRedirected; ASSERT(g_Console); // line 2050 ASSERT(g_hUserLogoffEvent); // line 2051 @@ -824,7 +825,8 @@ DWORD CALLBACK DeferredTSNotify(LPVOID pVoid) { g_TSNotifyData.UserName, L"", 0, - &g_pTerminals->MuGlobals.UserConfig)) + &g_pTerminals->MuGlobals.UserConfig, + &pfIsRedirected)) { DebugLog((DEB_ERROR, "FAILED DeferredTSNotify - _WinStationNotifyLogon\n")); dwResult = GetLastError(); @@ -1295,6 +1297,7 @@ int MultiUserLogonAttempt( PDOMAIN_CONTROLLER_INFO DcInfo = NULL ; DWORD Error; BOOLEAN WinStaResult; + BOOLEAN pfIsRedirected; ASSERT(!g_hDeferredTSNotifyThread); // line 1518 @@ -1525,11 +1528,11 @@ int MultiUserLogonAttempt( if (!IsAppServer()) { WinStaResult = _WinStationNotifyLogon( (BOOLEAN)TestTokenForAdmin(hToken), hToken, pMprInfo->pszDomain, - pMprInfo->pszUserName, L"", 0, &pTerm->MuGlobals.UserConfig); + pMprInfo->pszUserName, L"", 0, &pTerm->MuGlobals.UserConfig, &pfIsRedirected); } else { WinStaResult = _WinStationNotifyLogon( (BOOLEAN)TestTokenForAdmin(hToken), hToken, pMprInfo->pszDomain, - pMprInfo->pszUserName, pMprInfo->pszPassword, 0, &pTerm->MuGlobals.UserConfig); + pMprInfo->pszUserName, pMprInfo->pszPassword, 0, &pTerm->MuGlobals.UserConfig, &pfIsRedirected); } if (!WinStaResult) { LONG error; --- a/ds/security/gina/winlogon/win31mig.c +++ b/ds/security/gina/winlogon/win31mig.c @@ -114,6 +114,7 @@ Windows31Migration( PTERMINAL pTerm ) { +#if 0 HANDLE ImpersonationHandle; WIN31_MIGRATION_DIALOG DialogInfo; DWORD Win31MigrationFlags; @@ -151,6 +152,8 @@ Windows31Migration( Win31MigrationDlgProc, (LPARAM)&DialogInfo ); +#endif + return FALSE; } @@ -188,6 +191,7 @@ Win31MigrationDlgProc( LPARAM lParam ) { +#if 0 PWIN31_MIGRATION_DIALOG pDialogInfo = (PWIN31_MIGRATION_DIALOG) GetWindowLongPtr(hDlg, GWLP_USERDATA); HANDLE ImpersonationHandle; UINT idFocus = (UINT) -1; @@ -331,6 +335,7 @@ Win31MigrationDlgProc( break; // Fall through to do default processing // We may have validated part of the window. } +#endif // We didn't process the message return(FALSE); --- a/ds/security/gina/winlogon/winlogon.c +++ b/ds/security/gina/winlogon/winlogon.c @@ -1180,7 +1180,6 @@ int WINAPI WinMain (HINSTANCE hInstance, HINSTANCE hPrevInstance, InitializeUserProfile(); } - SclogonInit(); if (!g_fHelpAssistantSession) { BaseInitAppcompatCacheSupport(); @@ -1693,7 +1692,6 @@ VOID PostSetupShutdown(PTERMINAL pTerm, SHUTDOWN_ACTION Action) { VOID MiscInitialization (PTERMINAL pTerm) { - DWORD Win31MigrationFlags; DWORD SetupShutdownRequired; @@ -1744,6 +1742,7 @@ VOID MiscInitialization (PTERMINAL pTerm) } +#if 0 if (!IsWin9xUpgrade()) { // // Check to see if there is any WIN.INI or REG.DAT to migrate into @@ -1762,6 +1761,7 @@ VOID MiscInitialization (PTERMINAL pTerm) InitSystemFontInfo(); } } +#endif // --- a/ds/security/gina/winlogon/wlx.c +++ b/ds/security/gina/winlogon/wlx.c @@ -14,7 +14,6 @@ #include <commctrl.h> #define NO_COMMCTRL_ALLOCFCNS #include <comctrlp.h> -#include "../../licensing/explib/checkstatus.h" #define _MSGINA_ #include <msginaexports.h> #include <shellapi.h> @@ -83,7 +82,6 @@ extern TCHAR szNoPageFile[]; TCHAR szAdminName[ MAX_STRING_BYTES ]; BOOL g_fReadyForShutdown = FALSE; -HANDLE dword_1075C6C = NULL; HINSTANCE hShell32Module = NULL; HANDLE g_hEventReconnect = NULL; @@ -1479,7 +1477,6 @@ DoStartShell( WCHAR szDesktop[MAX_PATH]; PWINDOWSTATION pWS = pTerm->pWinStaWinlogon; UINT ErrorMode ; - BOOL fWPABlockedShell = FALSE; HANDLE hUserLogonEvent; @@ -1535,6 +1532,7 @@ DoStartShell( InitMultimediaForStartShell(pTerm); } +#if 0 if (dword_1075C6C && WaitForSingleObject(dword_1075C6C, 0)) { fWPABlockedShell = TRUE; } else { @@ -1575,9 +1573,7 @@ DoStartShell( CloseHandle(dword_1075C6C); } dword_1075C6C = NULL; - - if (!fWPABlockedShell) - { +#endif StatusMessage(TRUE, 0, IDS_STATUS_RESTORE_NET); @@ -1683,9 +1679,7 @@ DoStartShell( SetErrorMode( ErrorMode ); - } - - return fWPABlockedShell ? FALSE : StartStatus ; + return StartStatus; } //+--------------------------------------------------------------------------- @@ -3241,17 +3235,6 @@ MainLoop(PTERMINAL pTerm) fIsIdleLogonTimeoutDisabled = IsIdleLogonTimeoutDisabled(); } - if (g_Console) { - dword_1075C6C = CreateEvent(NULL, FALSE, FALSE, NULL); - if (dword_1075C6C == NULL) { - return; - } - if (!QueueUserWorkItem(sub_10470D2, (PVOID)dword_1075C6C, 0)) { - return; - } - SetTimer(pTerm->hwndSAS, 977, 60000, NULL); - } - // // Start profile mapping APIs // @@ -3620,10 +3603,6 @@ MainLoop(PTERMINAL pTerm) if (WlxResult == WLX_SAS_ACTION_LOGON) { - sub_10432CC(978, 0); - sub_10432CC(977, 0); - SetTimer(pTerm->hwndSAS, 977, 60000, NULL); - if (IsPerOrProTerminalServer() && !pTerm->MuGlobals.field_E68 && (IsActiveConsoleSession() || !g_fHelpAssistantSession)) { |