2 * PROJECT: Local Security Authority Server DLL
3 * LICENSE: GPL - See COPYING in the top level directory
4 * FILE: dll/win32/lsasrv/authpackage.c
5 * PURPOSE: Authenticaton package management routines
6 * COPYRIGHT: Copyright 2013 Eric Kohl
11 #include <ndk/sefuncs.h>
12 #include <ndk/umfuncs.h>
14 typedef enum _LSA_TOKEN_INFORMATION_TYPE
16 LsaTokenInformationNull
,
18 } LSA_TOKEN_INFORMATION_TYPE
, *PLSA_TOKEN_INFORMATION_TYPE
;
20 typedef struct _LSA_TOKEN_INFORMATION_V1
22 LARGE_INTEGER ExpirationTime
;
25 TOKEN_PRIMARY_GROUP PrimaryGroup
;
26 PTOKEN_PRIVILEGES Privileges
;
28 TOKEN_DEFAULT_DACL DefaultDacl
;
29 } LSA_TOKEN_INFORMATION_V1
, *PLSA_TOKEN_INFORMATION_V1
;
31 typedef PVOID PLSA_CLIENT_REQUEST
;
33 typedef NTSTATUS (NTAPI
*PLSA_CREATE_LOGON_SESSION
)(PLUID
);
34 typedef NTSTATUS (NTAPI
*PLSA_DELETE_LOGON_SESSION
)(PLUID
);
36 typedef PVOID (NTAPI
*PLSA_ALLOCATE_LSA_HEAP
)(ULONG
);
37 typedef VOID (NTAPI
*PLSA_FREE_LSA_HEAP
)(PVOID
);
38 typedef NTSTATUS (NTAPI
*PLSA_ALLOCATE_CLIENT_BUFFER
)(PLSA_CLIENT_REQUEST
, ULONG
, PVOID
*);
39 typedef NTSTATUS (NTAPI
*PLSA_FREE_CLIENT_BUFFER
)(PLSA_CLIENT_REQUEST
, PVOID
);
40 typedef NTSTATUS (NTAPI
*PLSA_COPY_TO_CLIENT_BUFFER
)(PLSA_CLIENT_REQUEST
, ULONG
,
42 typedef NTSTATUS (NTAPI
*PLSA_COPY_FROM_CLIENT_BUFFER
)(PLSA_CLIENT_REQUEST
,
45 typedef struct LSA_DISPATCH_TABLE
47 PLSA_CREATE_LOGON_SESSION CreateLogonSession
;
48 PLSA_DELETE_LOGON_SESSION DeleteLogonSession
;
49 PVOID
/*PLSA_ADD_CREDENTIAL */ AddCredential
;
50 PVOID
/*PLSA_GET_CREDENTIALS */ GetCredentials
;
51 PVOID
/*PLSA_DELETE_CREDENTIAL */ DeleteCredential
;
52 PLSA_ALLOCATE_LSA_HEAP AllocateLsaHeap
;
53 PLSA_FREE_LSA_HEAP FreeLsaHeap
;
54 PLSA_ALLOCATE_CLIENT_BUFFER AllocateClientBuffer
;
55 PLSA_FREE_CLIENT_BUFFER FreeClientBuffer
;
56 PLSA_COPY_TO_CLIENT_BUFFER CopyToClientBuffer
;
57 PLSA_COPY_FROM_CLIENT_BUFFER CopyFromClientBuffer
;
58 } LSA_DISPATCH_TABLE
, *PLSA_DISPATCH_TABLE
;
61 typedef NTSTATUS (NTAPI
*PLSA_AP_INITIALIZE_PACKAGE
)(ULONG
, PLSA_DISPATCH_TABLE
,
62 PLSA_STRING
, PLSA_STRING
, PLSA_STRING
*);
63 typedef NTSTATUS (NTAPI
*PLSA_AP_CALL_PACKAGE_INTERNAL
)(PLSA_CLIENT_REQUEST
, PVOID
, PVOID
,
64 ULONG
, PVOID
*, PULONG
, PNTSTATUS
);
65 typedef NTSTATUS (NTAPI
*PLSA_AP_CALL_PACKAGE_PASSTHROUGH
)(PLSA_CLIENT_REQUEST
,
66 PVOID
, PVOID
, ULONG
, PVOID
*, PULONG
, PNTSTATUS
);
67 typedef NTSTATUS (NTAPI
*PLSA_AP_CALL_PACKAGE_UNTRUSTED
)(PLSA_CLIENT_REQUEST
,
68 PVOID
, PVOID
, ULONG
, PVOID
*, PULONG
, PNTSTATUS
);
69 typedef VOID (NTAPI
*PLSA_AP_LOGON_TERMINATED
)(PLUID
);
70 typedef NTSTATUS (NTAPI
*PLSA_AP_LOGON_USER_EX2
)(PLSA_CLIENT_REQUEST
,
71 SECURITY_LOGON_TYPE
, PVOID
, PVOID
, ULONG
, PVOID
*, PULONG
, PLUID
, PNTSTATUS
,
72 PLSA_TOKEN_INFORMATION_TYPE
, PVOID
*, PUNICODE_STRING
*, PUNICODE_STRING
*,
73 PUNICODE_STRING
*, PVOID
/*PSECPKG_PRIMARY_CRED*/, PVOID
/*PSECPKG_SUPPLEMENTAL_CRED_ARRAY **/);
74 typedef NTSTATUS (NTAPI
*PLSA_AP_LOGON_USER_EX
)(PLSA_CLIENT_REQUEST
,
75 SECURITY_LOGON_TYPE
, PVOID
, PVOID
, ULONG
, PVOID
*, PULONG
, PLUID
, PNTSTATUS
,
76 PLSA_TOKEN_INFORMATION_TYPE
, PVOID
*, PUNICODE_STRING
*, PUNICODE_STRING
*,
79 typedef NTSTATUS (NTAPI
*PLSA_AP_LOGON_USER_INTERNAL
)(PLSA_CLIENT_REQUEST
, SECURITY_LOGON_TYPE
,
80 PVOID
, PVOID
, ULONG
, PVOID
*, PULONG
, PLUID
, PNTSTATUS
, PLSA_TOKEN_INFORMATION_TYPE
,
81 PVOID
*, PUNICODE_STRING
*, PUNICODE_STRING
*);
83 typedef struct _AUTH_PACKAGE
90 PLSA_AP_INITIALIZE_PACKAGE LsaApInitializePackage
;
91 PLSA_AP_CALL_PACKAGE_INTERNAL LsaApCallPackage
;
92 PLSA_AP_CALL_PACKAGE_PASSTHROUGH LsaApCallPackagePassthrough
;
93 PLSA_AP_CALL_PACKAGE_UNTRUSTED LsaApCallPackageUntrusted
;
94 PLSA_AP_LOGON_TERMINATED LsaApLogonTerminated
;
95 PLSA_AP_LOGON_USER_EX2 LsaApLogonUserEx2
;
96 PLSA_AP_LOGON_USER_EX LsaApLogonUserEx
;
97 PLSA_AP_LOGON_USER_INTERNAL LsaApLogonUser
;
98 } AUTH_PACKAGE
, *PAUTH_PACKAGE
;
102 LsaIFree_LSAPR_PRIVILEGE_SET(IN PLSAPR_PRIVILEGE_SET Ptr
);
104 typedef wchar_t *PSAMPR_SERVER_NAME
;
105 typedef void *SAMPR_HANDLE
;
107 typedef struct _SAMPR_ULONG_ARRAY
110 unsigned long *Element
;
111 } SAMPR_ULONG_ARRAY
, *PSAMPR_ULONG_ARRAY
;
113 typedef struct _SAMPR_SID_INFORMATION
116 } SAMPR_SID_INFORMATION
, *PSAMPR_SID_INFORMATION
;
118 typedef struct _SAMPR_PSID_ARRAY
121 PSAMPR_SID_INFORMATION Sids
;
122 } SAMPR_PSID_ARRAY
, *PSAMPR_PSID_ARRAY
;
127 PSAMPR_SERVER_NAME ServerName
,
128 SAMPR_HANDLE
*ServerHandle
,
129 ACCESS_MASK DesiredAccess
,
134 SamIFree_SAMPR_ULONG_ARRAY(
135 PSAMPR_ULONG_ARRAY Ptr
);
140 SAMPR_HANDLE
*SamHandle
);
145 SAMPR_HANDLE ServerHandle
,
146 ACCESS_MASK DesiredAccess
,
148 SAMPR_HANDLE
*DomainHandle
);
152 SamrGetAliasMembership(
153 SAMPR_HANDLE DomainHandle
,
154 PSAMPR_PSID_ARRAY SidArray
,
155 PSAMPR_ULONG_ARRAY Membership
);
158 /* GLOBALS *****************************************************************/
160 static LIST_ENTRY PackageListHead
;
161 static ULONG PackageId
;
162 static LSA_DISPATCH_TABLE DispatchTable
;
164 #define CONST_LUID(x1, x2) {x1, x2}
165 static const LUID SeChangeNotifyPrivilege
= CONST_LUID(SE_CHANGE_NOTIFY_PRIVILEGE
, 0);
166 static const LUID SeCreateGlobalPrivilege
= CONST_LUID(SE_CREATE_GLOBAL_PRIVILEGE
, 0);
167 static const LUID SeImpersonatePrivilege
= CONST_LUID(SE_IMPERSONATE_PRIVILEGE
, 0);
170 /* FUNCTIONS ***************************************************************/
175 LsapAddAuthPackage(IN PWSTR ValueName
,
178 IN ULONG ValueLength
,
180 IN PVOID EntryContext
)
182 PAUTH_PACKAGE Package
= NULL
;
183 UNICODE_STRING PackageName
;
186 NTSTATUS Status
= STATUS_SUCCESS
;
188 TRACE("LsapAddAuthPackage()\n");
190 PackageName
.Length
= (USHORT
)ValueLength
- sizeof(WCHAR
);
191 PackageName
.MaximumLength
= (USHORT
)ValueLength
;
192 PackageName
.Buffer
= ValueData
;
194 Id
= (PULONG
)Context
;
196 Package
= RtlAllocateHeap(RtlGetProcessHeap(),
198 sizeof(AUTH_PACKAGE
));
200 return STATUS_INSUFFICIENT_RESOURCES
;
202 Status
= LdrLoadDll(NULL
,
205 &Package
->ModuleHandle
);
206 if (!NT_SUCCESS(Status
))
208 TRACE("LdrLoadDll failed (Status 0x%08lx)\n", Status
);
212 RtlInitAnsiString(&ProcName
, "LsaApInitializePackage");
213 Status
= LdrGetProcedureAddress(Package
->ModuleHandle
,
216 (PVOID
*)&Package
->LsaApInitializePackage
);
217 if (!NT_SUCCESS(Status
))
219 TRACE("LdrGetProcedureAddress() failed (Status 0x%08lx)\n", Status
);
223 RtlInitAnsiString(&ProcName
, "LsaApCallPackage");
224 Status
= LdrGetProcedureAddress(Package
->ModuleHandle
,
227 (PVOID
*)&Package
->LsaApCallPackage
);
228 if (!NT_SUCCESS(Status
))
230 TRACE("LdrGetProcedureAddress() failed (Status 0x%08lx)\n", Status
);
234 RtlInitAnsiString(&ProcName
, "LsaApCallPackagePassthrough");
235 Status
= LdrGetProcedureAddress(Package
->ModuleHandle
,
238 (PVOID
*)&Package
->LsaApCallPackagePassthrough
);
239 if (!NT_SUCCESS(Status
))
241 TRACE("LdrGetProcedureAddress() failed (Status 0x%08lx)\n", Status
);
245 RtlInitAnsiString(&ProcName
, "LsaApCallPackageUntrusted");
246 Status
= LdrGetProcedureAddress(Package
->ModuleHandle
,
249 (PVOID
*)&Package
->LsaApCallPackageUntrusted
);
250 if (!NT_SUCCESS(Status
))
252 TRACE("LdrGetProcedureAddress() failed (Status 0x%08lx)\n", Status
);
256 RtlInitAnsiString(&ProcName
, "LsaApLogonTerminated");
257 Status
= LdrGetProcedureAddress(Package
->ModuleHandle
,
260 (PVOID
*)&Package
->LsaApLogonTerminated
);
261 if (!NT_SUCCESS(Status
))
263 TRACE("LdrGetProcedureAddress() failed (Status 0x%08lx)\n", Status
);
267 RtlInitAnsiString(&ProcName
, "LsaApLogonUserEx2");
268 Status
= LdrGetProcedureAddress(Package
->ModuleHandle
,
271 (PVOID
*)&Package
->LsaApLogonUserEx2
);
272 if (!NT_SUCCESS(Status
))
274 RtlInitAnsiString(&ProcName
, "LsaApLogonUserEx");
275 Status
= LdrGetProcedureAddress(Package
->ModuleHandle
,
278 (PVOID
*)&Package
->LsaApLogonUserEx
);
279 if (!NT_SUCCESS(Status
))
281 RtlInitAnsiString(&ProcName
, "LsaApLogonUser");
282 Status
= LdrGetProcedureAddress(Package
->ModuleHandle
,
285 (PVOID
*)&Package
->LsaApLogonUser
);
286 if (!NT_SUCCESS(Status
))
288 TRACE("LdrGetProcedureAddress() failed (Status 0x%08lx)\n", Status
);
294 /* Initialize the current package */
295 Status
= Package
->LsaApInitializePackage(*Id
,
300 if (!NT_SUCCESS(Status
))
302 TRACE("Package->LsaApInitializePackage() failed (Status 0x%08lx)\n", Status
);
306 TRACE("Package Name: %s\n", Package
->Name
->Buffer
);
311 InsertTailList(&PackageListHead
, &Package
->Entry
);
314 if (!NT_SUCCESS(Status
))
318 if (Package
->ModuleHandle
!= NULL
)
319 LdrUnloadDll(Package
->ModuleHandle
);
321 if (Package
->Name
!= NULL
)
323 if (Package
->Name
->Buffer
!= NULL
)
324 RtlFreeHeap(RtlGetProcessHeap(), 0, Package
->Name
->Buffer
);
326 RtlFreeHeap(RtlGetProcessHeap(), 0, Package
->Name
);
329 RtlFreeHeap(RtlGetProcessHeap(), 0, Package
);
339 LsapGetAuthenticationPackage(IN ULONG PackageId
)
341 PLIST_ENTRY ListEntry
;
342 PAUTH_PACKAGE Package
;
344 ListEntry
= PackageListHead
.Flink
;
345 while (ListEntry
!= &PackageListHead
)
347 Package
= CONTAINING_RECORD(ListEntry
, AUTH_PACKAGE
, Entry
);
349 if (Package
->Id
== PackageId
)
354 ListEntry
= ListEntry
->Flink
;
364 LsapAllocateHeap(IN ULONG Length
)
366 return RtlAllocateHeap(RtlGetProcessHeap(),
375 LsapFreeHeap(IN PVOID Base
)
377 RtlFreeHeap(RtlGetProcessHeap(),
386 LsapAllocateClientBuffer(IN PLSA_CLIENT_REQUEST ClientRequest
,
387 IN ULONG LengthRequired
,
388 OUT PVOID
*ClientBaseAddress
)
390 PLSAP_LOGON_CONTEXT LogonContext
;
393 *ClientBaseAddress
= NULL
;
395 LogonContext
= (PLSAP_LOGON_CONTEXT
)ClientRequest
;
397 Length
= LengthRequired
;
398 return NtAllocateVirtualMemory(LogonContext
->ClientProcessHandle
,
410 LsapFreeClientBuffer(IN PLSA_CLIENT_REQUEST ClientRequest
,
411 IN PVOID ClientBaseAddress
)
413 PLSAP_LOGON_CONTEXT LogonContext
;
416 if (ClientBaseAddress
== NULL
)
417 return STATUS_SUCCESS
;
419 LogonContext
= (PLSAP_LOGON_CONTEXT
)ClientRequest
;
422 return NtFreeVirtualMemory(LogonContext
->ClientProcessHandle
,
432 LsapCopyToClientBuffer(IN PLSA_CLIENT_REQUEST ClientRequest
,
434 IN PVOID ClientBaseAddress
,
435 IN PVOID BufferToCopy
)
437 PLSAP_LOGON_CONTEXT LogonContext
;
439 LogonContext
= (PLSAP_LOGON_CONTEXT
)ClientRequest
;
441 return NtWriteVirtualMemory(LogonContext
->ClientProcessHandle
,
452 LsapCopyFromClientBuffer(IN PLSA_CLIENT_REQUEST ClientRequest
,
454 IN PVOID BufferToCopy
,
455 IN PVOID ClientBaseAddress
)
457 PLSAP_LOGON_CONTEXT LogonContext
;
459 LogonContext
= (PLSAP_LOGON_CONTEXT
)ClientRequest
;
461 return NtReadVirtualMemory(LogonContext
->ClientProcessHandle
,
470 LsapInitAuthPackages(VOID
)
472 RTL_QUERY_REGISTRY_TABLE AuthPackageTable
[] = {
473 {LsapAddAuthPackage
, 0, L
"Authentication Packages", NULL
, REG_NONE
, NULL
, 0},
474 {NULL
, 0, NULL
, NULL
, REG_NONE
, NULL
, 0}};
478 InitializeListHead(&PackageListHead
);
481 /* Initialize the dispatch table */
482 DispatchTable
.CreateLogonSession
= &LsapCreateLogonSession
;
483 DispatchTable
.DeleteLogonSession
= &LsapDeleteLogonSession
;
484 DispatchTable
.AddCredential
= NULL
;
485 DispatchTable
.GetCredentials
= NULL
;
486 DispatchTable
.DeleteCredential
= NULL
;
487 DispatchTable
.AllocateLsaHeap
= &LsapAllocateHeap
;
488 DispatchTable
.FreeLsaHeap
= &LsapFreeHeap
;
489 DispatchTable
.AllocateClientBuffer
= &LsapAllocateClientBuffer
;
490 DispatchTable
.FreeClientBuffer
= &LsapFreeClientBuffer
;
491 DispatchTable
.CopyToClientBuffer
= &LsapCopyToClientBuffer
;
492 DispatchTable
.CopyFromClientBuffer
= &LsapCopyFromClientBuffer
;
494 /* Add registered authentication packages */
495 Status
= RtlQueryRegistryValues(RTL_REGISTRY_CONTROL
,
506 LsapLookupAuthenticationPackage(PLSA_API_MSG RequestMsg
,
507 PLSAP_LOGON_CONTEXT LogonContext
)
509 PLIST_ENTRY ListEntry
;
510 PAUTH_PACKAGE Package
;
511 ULONG PackageNameLength
;
514 TRACE("(%p %p)\n", RequestMsg
, LogonContext
);
516 PackageNameLength
= RequestMsg
->LookupAuthenticationPackage
.Request
.PackageNameLength
;
517 PackageName
= RequestMsg
->LookupAuthenticationPackage
.Request
.PackageName
;
519 TRACE("PackageName: %s\n", PackageName
);
521 ListEntry
= PackageListHead
.Flink
;
522 while (ListEntry
!= &PackageListHead
)
524 Package
= CONTAINING_RECORD(ListEntry
, AUTH_PACKAGE
, Entry
);
526 if ((PackageNameLength
== Package
->Name
->Length
) &&
527 (_strnicmp(PackageName
, Package
->Name
->Buffer
, Package
->Name
->Length
) == 0))
529 RequestMsg
->LookupAuthenticationPackage
.Reply
.Package
= Package
->Id
;
530 return STATUS_SUCCESS
;
533 ListEntry
= ListEntry
->Flink
;
536 return STATUS_NO_SUCH_PACKAGE
;
541 LsapCallAuthenticationPackage(PLSA_API_MSG RequestMsg
,
542 PLSAP_LOGON_CONTEXT LogonContext
)
544 PAUTH_PACKAGE Package
;
545 PVOID LocalBuffer
= NULL
;
549 TRACE("(%p %p)\n", RequestMsg
, LogonContext
);
551 PackageId
= RequestMsg
->CallAuthenticationPackage
.Request
.AuthenticationPackage
;
553 /* Get the right authentication package */
554 Package
= LsapGetAuthenticationPackage(PackageId
);
557 TRACE("LsapGetAuthenticationPackage() failed to find a package\n");
558 return STATUS_NO_SUCH_PACKAGE
;
561 if (RequestMsg
->CallAuthenticationPackage
.Request
.SubmitBufferLength
> 0)
563 LocalBuffer
= RtlAllocateHeap(RtlGetProcessHeap(),
565 RequestMsg
->CallAuthenticationPackage
.Request
.SubmitBufferLength
);
566 if (LocalBuffer
== NULL
)
568 return STATUS_INSUFFICIENT_RESOURCES
;
571 Status
= NtReadVirtualMemory(LogonContext
->ClientProcessHandle
,
572 RequestMsg
->CallAuthenticationPackage
.Request
.ProtocolSubmitBuffer
,
574 RequestMsg
->CallAuthenticationPackage
.Request
.SubmitBufferLength
,
576 if (!NT_SUCCESS(Status
))
578 TRACE("NtReadVirtualMemory() failed (Status 0x%08lx)\n", Status
);
579 RtlFreeHeap(RtlGetProcessHeap(), 0, LocalBuffer
);
584 Status
= Package
->LsaApCallPackage((PLSA_CLIENT_REQUEST
)LogonContext
,
586 RequestMsg
->CallAuthenticationPackage
.Request
.ProtocolSubmitBuffer
,
587 RequestMsg
->CallAuthenticationPackage
.Request
.SubmitBufferLength
,
588 &RequestMsg
->CallAuthenticationPackage
.Reply
.ProtocolReturnBuffer
,
589 &RequestMsg
->CallAuthenticationPackage
.Reply
.ReturnBufferLength
,
590 &RequestMsg
->CallAuthenticationPackage
.Reply
.ProtocolStatus
);
591 if (!NT_SUCCESS(Status
))
593 TRACE("Package->LsaApCallPackage() failed (Status 0x%08lx)\n", Status
);
596 if (LocalBuffer
!= NULL
)
597 RtlFreeHeap(RtlGetProcessHeap(), 0, LocalBuffer
);
606 IN PLSAP_LOGON_CONTEXT LogonContext
,
607 IN PTOKEN_GROUPS ClientGroups
,
608 IN ULONG ClientGroupsCount
,
609 OUT PTOKEN_GROUPS
*TokenGroups
)
611 ULONG LocalGroupsLength
= 0;
612 PTOKEN_GROUPS LocalGroups
= NULL
;
613 ULONG SidHeaderLength
= 0;
614 PSID SidHeader
= NULL
;
617 ULONG AllocatedSids
= 0;
621 LocalGroupsLength
= sizeof(TOKEN_GROUPS
) +
622 (ClientGroupsCount
- ANYSIZE_ARRAY
) * sizeof(SID_AND_ATTRIBUTES
);
623 LocalGroups
= RtlAllocateHeap(RtlGetProcessHeap(),
626 if (LocalGroups
== NULL
)
628 TRACE("RtlAllocateHeap() failed\n");
629 return STATUS_INSUFFICIENT_RESOURCES
;
632 Status
= NtReadVirtualMemory(LogonContext
->ClientProcessHandle
,
637 if (!NT_SUCCESS(Status
))
641 SidHeaderLength
= RtlLengthRequiredSid(0);
642 SidHeader
= RtlAllocateHeap(RtlGetProcessHeap(),
645 if (SidHeader
== NULL
)
647 Status
= STATUS_INSUFFICIENT_RESOURCES
;
651 for (i
= 0; i
< ClientGroupsCount
; i
++)
653 SrcSid
= LocalGroups
->Groups
[i
].Sid
;
655 Status
= NtReadVirtualMemory(LogonContext
->ClientProcessHandle
,
660 if (!NT_SUCCESS(Status
))
663 SidLength
= RtlLengthSid(SidHeader
);
664 TRACE("Sid %lu: Length %lu\n", i
, SidLength
);
666 DstSid
= RtlAllocateHeap(RtlGetProcessHeap(),
671 Status
= STATUS_INSUFFICIENT_RESOURCES
;
675 Status
= NtReadVirtualMemory(LogonContext
->ClientProcessHandle
,
680 if (!NT_SUCCESS(Status
))
682 RtlFreeHeap(RtlGetProcessHeap(), 0, DstSid
);
686 LocalGroups
->Groups
[i
].Sid
= DstSid
;
690 *TokenGroups
= LocalGroups
;
693 if (SidHeader
!= NULL
)
694 RtlFreeHeap(RtlGetProcessHeap(), 0, SidHeader
);
696 if (!NT_SUCCESS(Status
))
698 if (LocalGroups
!= NULL
)
700 for (i
= 0; i
< AllocatedSids
; i
++)
701 RtlFreeHeap(RtlGetProcessHeap(), 0, LocalGroups
->Groups
[i
].Sid
);
703 RtlFreeHeap(RtlGetProcessHeap(), 0, LocalGroups
);
714 IN PVOID TokenInformation
,
715 IN LSA_TOKEN_INFORMATION_TYPE TokenInformationType
,
716 IN PTOKEN_GROUPS LocalGroups
)
718 PLSA_TOKEN_INFORMATION_V1 TokenInfo1
;
719 PTOKEN_GROUPS Groups
;
724 if (LocalGroups
== NULL
|| LocalGroups
->GroupCount
== 0)
725 return STATUS_SUCCESS
;
727 if (TokenInformationType
== LsaTokenInformationV1
)
729 TokenInfo1
= (PLSA_TOKEN_INFORMATION_V1
)TokenInformation
;
731 if (TokenInfo1
->Groups
!= NULL
)
733 Length
= sizeof(TOKEN_GROUPS
) +
734 (LocalGroups
->GroupCount
+ TokenInfo1
->Groups
->GroupCount
- ANYSIZE_ARRAY
) * sizeof(SID_AND_ATTRIBUTES
);
736 Groups
= RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY
, Length
);
739 ERR("Group buffer allocation failed!\n");
740 return STATUS_INSUFFICIENT_RESOURCES
;
743 Groups
->GroupCount
= LocalGroups
->GroupCount
+ TokenInfo1
->Groups
->GroupCount
;
745 for (i
= 0; i
< TokenInfo1
->Groups
->GroupCount
; i
++)
747 Groups
->Groups
[i
].Sid
= TokenInfo1
->Groups
->Groups
[i
].Sid
;
748 Groups
->Groups
[i
].Attributes
= TokenInfo1
->Groups
->Groups
[i
].Attributes
;
751 for (j
= 0; j
< LocalGroups
->GroupCount
; i
++, j
++)
753 Groups
->Groups
[i
].Sid
= LocalGroups
->Groups
[j
].Sid
;
754 Groups
->Groups
[i
].Attributes
= LocalGroups
->Groups
[j
].Attributes
;
755 LocalGroups
->Groups
[j
].Sid
= NULL
;
758 RtlFreeHeap(RtlGetProcessHeap(), 0, TokenInfo1
->Groups
);
760 TokenInfo1
->Groups
= Groups
;
764 Length
= sizeof(TOKEN_GROUPS
) +
765 (LocalGroups
->GroupCount
- ANYSIZE_ARRAY
) * sizeof(SID_AND_ATTRIBUTES
);
767 Groups
= RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY
, Length
);
770 ERR("Group buffer allocation failed!\n");
771 return STATUS_INSUFFICIENT_RESOURCES
;
774 Groups
->GroupCount
= LocalGroups
->GroupCount
;
776 for (i
= 0; i
< LocalGroups
->GroupCount
; i
++)
778 Groups
->Groups
[i
].Sid
= LocalGroups
->Groups
[i
].Sid
;
779 Groups
->Groups
[i
].Attributes
= LocalGroups
->Groups
[i
].Attributes
;
782 TokenInfo1
->Groups
= Groups
;
787 FIXME("TokenInformationType %d is not supported!\n", TokenInformationType
);
788 return STATUS_NOT_IMPLEMENTED
;
791 return STATUS_SUCCESS
;
796 LsapAddDefaultGroups(
797 IN PVOID TokenInformation
,
798 IN LSA_TOKEN_INFORMATION_TYPE TokenInformationType
,
799 IN SECURITY_LOGON_TYPE LogonType
)
801 PLSA_TOKEN_INFORMATION_V1 TokenInfo1
;
802 PTOKEN_GROUPS Groups
;
806 if (TokenInformationType
== LsaTokenInformationV1
)
808 TokenInfo1
= (PLSA_TOKEN_INFORMATION_V1
)TokenInformation
;
810 if (TokenInfo1
->Groups
!= NULL
)
812 Length
= sizeof(TOKEN_GROUPS
) +
813 (TokenInfo1
->Groups
->GroupCount
+ 2 - ANYSIZE_ARRAY
) * sizeof(SID_AND_ATTRIBUTES
);
815 Groups
= RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY
, Length
);
818 ERR("Group buffer allocation failed!\n");
819 return STATUS_INSUFFICIENT_RESOURCES
;
822 Groups
->GroupCount
= TokenInfo1
->Groups
->GroupCount
;
824 for (i
= 0; i
< TokenInfo1
->Groups
->GroupCount
; i
++)
826 Groups
->Groups
[i
].Sid
= TokenInfo1
->Groups
->Groups
[i
].Sid
;
827 Groups
->Groups
[i
].Attributes
= TokenInfo1
->Groups
->Groups
[i
].Attributes
;
830 RtlFreeHeap(RtlGetProcessHeap(), 0, TokenInfo1
->Groups
);
832 TokenInfo1
->Groups
= Groups
;
837 Length
= sizeof(TOKEN_GROUPS
) +
838 (2 - ANYSIZE_ARRAY
) * sizeof(SID_AND_ATTRIBUTES
);
840 Groups
= RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY
, Length
);
843 ERR("Group buffer allocation failed!\n");
844 return STATUS_INSUFFICIENT_RESOURCES
;
847 TokenInfo1
->Groups
= Groups
;
850 /* Append the World SID (aka Everyone) */
851 Length
= RtlLengthSid(LsapWorldSid
);
852 Groups
->Groups
[Groups
->GroupCount
].Sid
= RtlAllocateHeap(RtlGetProcessHeap(),
855 if (Groups
->Groups
[Groups
->GroupCount
].Sid
== NULL
)
856 return STATUS_INSUFFICIENT_RESOURCES
;
858 RtlCopyMemory(Groups
->Groups
[Groups
->GroupCount
].Sid
,
862 Groups
->Groups
[Groups
->GroupCount
].Attributes
=
863 SE_GROUP_ENABLED
| SE_GROUP_ENABLED_BY_DEFAULT
| SE_GROUP_MANDATORY
;
865 Groups
->GroupCount
++;
867 /* Append the logon type SID */
871 SrcSid
= LsapInteractiveSid
;
875 SrcSid
= LsapNetworkSid
;
879 SrcSid
= LsapBatchSid
;
883 SrcSid
= LsapServiceSid
;
887 FIXME("LogonType %d is not supported!\n", LogonType
);
888 return STATUS_NOT_IMPLEMENTED
;
891 Length
= RtlLengthSid(SrcSid
);
892 Groups
->Groups
[Groups
->GroupCount
].Sid
= RtlAllocateHeap(RtlGetProcessHeap(),
895 if (Groups
->Groups
[Groups
->GroupCount
].Sid
== NULL
)
896 return STATUS_INSUFFICIENT_RESOURCES
;
898 RtlCopyMemory(Groups
->Groups
[Groups
->GroupCount
].Sid
,
902 Groups
->Groups
[Groups
->GroupCount
].Attributes
=
903 SE_GROUP_ENABLED
| SE_GROUP_ENABLED_BY_DEFAULT
| SE_GROUP_MANDATORY
;
905 Groups
->GroupCount
++;
909 FIXME("TokenInformationType %d is not supported!\n", TokenInformationType
);
910 return STATUS_NOT_IMPLEMENTED
;
913 return STATUS_SUCCESS
;
919 LsapAppendSidToGroups(
920 IN PTOKEN_GROUPS
*TokenGroups
,
924 PTOKEN_GROUPS Groups
;
929 Sid
= LsapAppendRidToSid(DomainSid
, RelativeId
);
932 ERR("Group SID creation failed!\n");
933 return STATUS_INSUFFICIENT_RESOURCES
;
936 if (*TokenGroups
== NULL
)
938 Length
= sizeof(TOKEN_GROUPS
) +
939 (1 - ANYSIZE_ARRAY
) * sizeof(SID_AND_ATTRIBUTES
);
941 Groups
= RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY
, Length
);
944 ERR("Group buffer allocation failed!\n");
945 return STATUS_INSUFFICIENT_RESOURCES
;
948 Groups
->GroupCount
= 1;
950 Groups
->Groups
[0].Sid
= Sid
;
951 Groups
->Groups
[0].Attributes
=
952 SE_GROUP_ENABLED
| SE_GROUP_ENABLED_BY_DEFAULT
| SE_GROUP_MANDATORY
;
954 *TokenGroups
= Groups
;
958 for (i
= 0; i
< (*TokenGroups
)->GroupCount
; i
++)
960 if (RtlEqualSid((*TokenGroups
)->Groups
[i
].Sid
, Sid
))
962 RtlFreeHeap(RtlGetProcessHeap(), 0, Sid
);
963 return STATUS_SUCCESS
;
967 Length
= sizeof(TOKEN_GROUPS
) +
968 ((*TokenGroups
)->GroupCount
+ 1 - ANYSIZE_ARRAY
) * sizeof(SID_AND_ATTRIBUTES
);
970 Groups
= RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY
, Length
);
973 ERR("Group buffer allocation failed!\n");
974 return STATUS_INSUFFICIENT_RESOURCES
;
977 Groups
->GroupCount
= (*TokenGroups
)->GroupCount
;
979 for (i
= 0; i
< (*TokenGroups
)->GroupCount
; i
++)
981 Groups
->Groups
[i
].Sid
= (*TokenGroups
)->Groups
[i
].Sid
;
982 Groups
->Groups
[i
].Attributes
= (*TokenGroups
)->Groups
[i
].Attributes
;
985 Groups
->Groups
[Groups
->GroupCount
].Sid
= Sid
;
986 Groups
->Groups
[Groups
->GroupCount
].Attributes
=
987 SE_GROUP_ENABLED
| SE_GROUP_ENABLED_BY_DEFAULT
| SE_GROUP_MANDATORY
;
989 Groups
->GroupCount
++;
991 RtlFreeHeap(RtlGetProcessHeap(), 0, *TokenGroups
);
993 *TokenGroups
= Groups
;
996 return STATUS_SUCCESS
;
1003 IN PVOID TokenInformation
,
1004 IN LSA_TOKEN_INFORMATION_TYPE TokenInformationType
)
1006 PLSA_TOKEN_INFORMATION_V1 TokenInfo1
;
1007 SAMPR_HANDLE ServerHandle
= NULL
;
1008 SAMPR_HANDLE BuiltinDomainHandle
= NULL
;
1009 SAMPR_HANDLE AccountDomainHandle
= NULL
;
1010 SAMPR_PSID_ARRAY SidArray
;
1011 SAMPR_ULONG_ARRAY BuiltinMembership
;
1012 SAMPR_ULONG_ARRAY AccountMembership
;
1014 NTSTATUS Status
= STATUS_SUCCESS
;
1016 if (TokenInformationType
!= LsaTokenInformationV1
)
1017 return STATUS_SUCCESS
;
1019 TokenInfo1
= (PLSA_TOKEN_INFORMATION_V1
)TokenInformation
;
1021 SidArray
.Count
= TokenInfo1
->Groups
->GroupCount
+ 1;
1022 SidArray
.Sids
= RtlAllocateHeap(RtlGetProcessHeap(),
1024 (TokenInfo1
->Groups
->GroupCount
+ 1) * sizeof(PRPC_SID
));
1025 if (SidArray
.Sids
== NULL
)
1026 return STATUS_INSUFFICIENT_RESOURCES
;
1028 SidArray
.Sids
[0].SidPointer
= TokenInfo1
->User
.User
.Sid
;
1029 for (i
= 0; i
< TokenInfo1
->Groups
->GroupCount
; i
++)
1030 SidArray
.Sids
[i
+ 1].SidPointer
= TokenInfo1
->Groups
->Groups
[i
].Sid
;
1032 Status
= SamIConnect(NULL
,
1034 SAM_SERVER_CONNECT
| SAM_SERVER_LOOKUP_DOMAIN
,
1036 if (!NT_SUCCESS(Status
))
1038 TRACE("SamIConnect failed (Status %08lx)\n", Status
);
1042 Status
= SamrOpenDomain(ServerHandle
,
1043 DOMAIN_GET_ALIAS_MEMBERSHIP
,
1045 &BuiltinDomainHandle
);
1046 if (!NT_SUCCESS(Status
))
1048 TRACE("SamrOpenDomain failed (Status %08lx)\n", Status
);
1052 Status
= SamrOpenDomain(ServerHandle
,
1053 DOMAIN_GET_ALIAS_MEMBERSHIP
,
1055 &AccountDomainHandle
);
1056 if (!NT_SUCCESS(Status
))
1058 TRACE("SamrOpenDomain failed (Status %08lx)\n", Status
);
1062 BuiltinMembership
.Element
= NULL
;
1063 Status
= SamrGetAliasMembership(BuiltinDomainHandle
,
1065 &BuiltinMembership
);
1066 if (!NT_SUCCESS(Status
))
1068 TRACE("SamrGetAliasMembership failed (Status %08lx)\n", Status
);
1072 AccountMembership
.Element
= NULL
;
1073 Status
= SamrGetAliasMembership(AccountDomainHandle
,
1075 &AccountMembership
);
1076 if (!NT_SUCCESS(Status
))
1078 TRACE("SamrGetAliasMembership failed (Status %08lx)\n", Status
);
1082 TRACE("Builtin Memberships: %lu\n", BuiltinMembership
.Count
);
1083 for (i
= 0; i
< BuiltinMembership
.Count
; i
++)
1085 TRACE("RID %lu: %lu (0x%lx)\n", i
, BuiltinMembership
.Element
[i
], BuiltinMembership
.Element
[i
]);
1086 Status
= LsapAppendSidToGroups(&TokenInfo1
->Groups
,
1088 BuiltinMembership
.Element
[i
]);
1089 if (!NT_SUCCESS(Status
))
1091 TRACE("LsapAppendSidToGroups failed (Status %08lx)\n", Status
);
1096 TRACE("Account Memberships: %lu\n", AccountMembership
.Count
);
1097 for (i
= 0; i
< AccountMembership
.Count
; i
++)
1099 TRACE("RID %lu: %lu (0x%lx)\n", i
, AccountMembership
.Element
[i
], AccountMembership
.Element
[i
]);
1100 Status
= LsapAppendSidToGroups(&TokenInfo1
->Groups
,
1102 AccountMembership
.Element
[i
]);
1103 if (!NT_SUCCESS(Status
))
1105 TRACE("LsapAppendSidToGroups failed (Status %08lx)\n", Status
);
1111 RtlFreeHeap(RtlGetProcessHeap(), 0, SidArray
.Sids
);
1113 if (AccountMembership
.Element
!= NULL
)
1114 SamIFree_SAMPR_ULONG_ARRAY(&AccountMembership
);
1116 if (BuiltinMembership
.Element
!= NULL
)
1117 SamIFree_SAMPR_ULONG_ARRAY(&BuiltinMembership
);
1119 if (AccountDomainHandle
!= NULL
)
1120 SamrCloseHandle(&AccountDomainHandle
);
1122 if (BuiltinDomainHandle
!= NULL
)
1123 SamrCloseHandle(&BuiltinDomainHandle
);
1125 if (ServerHandle
!= NULL
)
1126 SamrCloseHandle(&ServerHandle
);
1130 return STATUS_SUCCESS
;
1137 IN PVOID TokenInformation
,
1138 IN LSA_TOKEN_INFORMATION_TYPE TokenInformationType
)
1140 PLSA_TOKEN_INFORMATION_V1 TokenInfo1
;
1141 PSID OwnerSid
= NULL
;
1144 if (TokenInformationType
== LsaTokenInformationV1
)
1146 TokenInfo1
= (PLSA_TOKEN_INFORMATION_V1
)TokenInformation
;
1148 if (TokenInfo1
->Owner
.Owner
!= NULL
)
1149 return STATUS_SUCCESS
;
1151 OwnerSid
= TokenInfo1
->User
.User
.Sid
;
1152 for (i
= 0; i
< TokenInfo1
->Groups
->GroupCount
; i
++)
1154 if (EqualSid(TokenInfo1
->Groups
->Groups
[i
].Sid
, LsapAdministratorsSid
))
1156 OwnerSid
= LsapAdministratorsSid
;
1161 Length
= RtlLengthSid(OwnerSid
);
1162 TokenInfo1
->Owner
.Owner
= DispatchTable
.AllocateLsaHeap(Length
);
1163 if (TokenInfo1
->Owner
.Owner
== NULL
)
1164 return STATUS_INSUFFICIENT_RESOURCES
;
1166 RtlCopyMemory(TokenInfo1
->Owner
.Owner
,
1171 return STATUS_SUCCESS
;
1177 LsapAddTokenDefaultDacl(
1178 IN PVOID TokenInformation
,
1179 IN LSA_TOKEN_INFORMATION_TYPE TokenInformationType
)
1181 PLSA_TOKEN_INFORMATION_V1 TokenInfo1
;
1185 if (TokenInformationType
== LsaTokenInformationV1
)
1187 TokenInfo1
= (PLSA_TOKEN_INFORMATION_V1
)TokenInformation
;
1189 if (TokenInfo1
->DefaultDacl
.DefaultDacl
!= NULL
)
1190 return STATUS_SUCCESS
;
1192 Length
= sizeof(ACL
) +
1193 (2 * sizeof(ACCESS_ALLOWED_ACE
)) +
1194 RtlLengthSid(TokenInfo1
->Owner
.Owner
) +
1195 RtlLengthSid(LsapLocalSystemSid
);
1197 Dacl
= DispatchTable
.AllocateLsaHeap(Length
);
1199 return STATUS_INSUFFICIENT_RESOURCES
;
1201 RtlCreateAcl(Dacl
, Length
, ACL_REVISION
);
1203 RtlAddAccessAllowedAce(Dacl
,
1206 TokenInfo1
->Owner
.Owner
);
1209 RtlAddAccessAllowedAce(Dacl
,
1212 LsapLocalSystemSid
);
1214 TokenInfo1
->DefaultDacl
.DefaultDacl
= Dacl
;
1217 return STATUS_SUCCESS
;
1223 LsapAddPrivilegeToTokenPrivileges(PTOKEN_PRIVILEGES
*TokenPrivileges
,
1224 PLSAPR_LUID_AND_ATTRIBUTES Privilege
)
1226 PTOKEN_PRIVILEGES LocalPrivileges
;
1227 ULONG Length
, TokenPrivilegeCount
, i
;
1228 NTSTATUS Status
= STATUS_SUCCESS
;
1230 if (*TokenPrivileges
== NULL
)
1232 Length
= sizeof(TOKEN_PRIVILEGES
) +
1233 (1 - ANYSIZE_ARRAY
) * sizeof(LUID_AND_ATTRIBUTES
);
1234 LocalPrivileges
= RtlAllocateHeap(RtlGetProcessHeap(),
1237 if (LocalPrivileges
== NULL
)
1238 return STATUS_INSUFFICIENT_RESOURCES
;
1240 LocalPrivileges
->PrivilegeCount
= 1;
1241 LocalPrivileges
->Privileges
[0].Luid
= Privilege
->Luid
;
1242 LocalPrivileges
->Privileges
[0].Attributes
= Privilege
->Attributes
;
1246 TokenPrivilegeCount
= (*TokenPrivileges
)->PrivilegeCount
;
1248 for (i
= 0; i
< TokenPrivilegeCount
; i
++)
1250 if (RtlEqualLuid(&(*TokenPrivileges
)->Privileges
[i
].Luid
, &Privilege
->Luid
))
1251 return STATUS_SUCCESS
;
1254 Length
= sizeof(TOKEN_PRIVILEGES
) +
1255 (TokenPrivilegeCount
+ 1 - ANYSIZE_ARRAY
) * sizeof(LUID_AND_ATTRIBUTES
);
1256 LocalPrivileges
= RtlAllocateHeap(RtlGetProcessHeap(),
1259 if (LocalPrivileges
== NULL
)
1260 return STATUS_INSUFFICIENT_RESOURCES
;
1262 LocalPrivileges
->PrivilegeCount
= TokenPrivilegeCount
+ 1;
1263 for (i
= 0; i
< TokenPrivilegeCount
; i
++)
1265 LocalPrivileges
->Privileges
[i
].Luid
= (*TokenPrivileges
)->Privileges
[i
].Luid
;
1266 LocalPrivileges
->Privileges
[i
].Attributes
= (*TokenPrivileges
)->Privileges
[i
].Attributes
;
1269 LocalPrivileges
->Privileges
[TokenPrivilegeCount
].Luid
= Privilege
->Luid
;
1270 LocalPrivileges
->Privileges
[TokenPrivilegeCount
].Attributes
= Privilege
->Attributes
;
1272 RtlFreeHeap(RtlGetProcessHeap(), 0, *TokenPrivileges
);
1275 *TokenPrivileges
= LocalPrivileges
;
1283 IN PVOID TokenInformation
,
1284 IN LSA_TOKEN_INFORMATION_TYPE TokenInformationType
)
1286 PLSA_TOKEN_INFORMATION_V1 TokenInfo1
;
1287 LSAPR_HANDLE PolicyHandle
= NULL
;
1288 LSAPR_HANDLE AccountHandle
= NULL
;
1289 PLSAPR_PRIVILEGE_SET Privileges
= NULL
;
1293 if (TokenInformationType
== LsaTokenInformationV1
)
1295 TokenInfo1
= (PLSA_TOKEN_INFORMATION_V1
)TokenInformation
;
1297 Status
= LsarOpenPolicy(NULL
,
1301 if (!NT_SUCCESS(Status
))
1304 for (i
= 0; i
< TokenInfo1
->Groups
->GroupCount
; i
++)
1306 Status
= LsarOpenAccount(PolicyHandle
,
1307 TokenInfo1
->Groups
->Groups
[i
].Sid
,
1310 if (!NT_SUCCESS(Status
))
1313 Status
= LsarEnumeratePrivilegesAccount(AccountHandle
,
1315 if (NT_SUCCESS(Status
))
1317 for (j
= 0; j
< Privileges
->PrivilegeCount
; j
++)
1319 Status
= LsapAddPrivilegeToTokenPrivileges(&TokenInfo1
->Privileges
,
1320 &(Privileges
->Privilege
[j
]));
1321 if (!NT_SUCCESS(Status
))
1323 /* We failed, clean everything and return */
1324 LsaIFree_LSAPR_PRIVILEGE_SET(Privileges
);
1325 LsarClose(&AccountHandle
);
1326 LsarClose(&PolicyHandle
);
1332 LsaIFree_LSAPR_PRIVILEGE_SET(Privileges
);
1336 LsarClose(&AccountHandle
);
1339 LsarClose(&PolicyHandle
);
1341 if (TokenInfo1
->Privileges
!= NULL
)
1343 for (i
= 0; i
< TokenInfo1
->Privileges
->PrivilegeCount
; i
++)
1345 if (RtlEqualLuid(&TokenInfo1
->Privileges
->Privileges
[i
].Luid
, &SeChangeNotifyPrivilege
) ||
1346 RtlEqualLuid(&TokenInfo1
->Privileges
->Privileges
[i
].Luid
, &SeCreateGlobalPrivilege
) ||
1347 RtlEqualLuid(&TokenInfo1
->Privileges
->Privileges
[i
].Luid
, &SeImpersonatePrivilege
))
1349 TokenInfo1
->Privileges
->Privileges
[i
].Attributes
|= SE_PRIVILEGE_ENABLED
| SE_PRIVILEGE_ENABLED_BY_DEFAULT
;
1355 return STATUS_SUCCESS
;
1360 LsapLogonUser(PLSA_API_MSG RequestMsg
,
1361 PLSAP_LOGON_CONTEXT LogonContext
)
1363 PAUTH_PACKAGE Package
;
1364 OBJECT_ATTRIBUTES ObjectAttributes
;
1365 SECURITY_QUALITY_OF_SERVICE Qos
;
1366 LSA_TOKEN_INFORMATION_TYPE TokenInformationType
;
1367 PVOID TokenInformation
= NULL
;
1368 PLSA_TOKEN_INFORMATION_V1 TokenInfo1
= NULL
;
1369 PUNICODE_STRING AccountName
= NULL
;
1370 PUNICODE_STRING AuthenticatingAuthority
= NULL
;
1371 PUNICODE_STRING MachineName
= NULL
;
1372 PVOID LocalAuthInfo
= NULL
;
1373 PTOKEN_GROUPS LocalGroups
= NULL
;
1374 HANDLE TokenHandle
= NULL
;
1377 SECURITY_LOGON_TYPE LogonType
;
1380 TRACE("(%p %p)\n", RequestMsg
, LogonContext
);
1382 PackageId
= RequestMsg
->LogonUser
.Request
.AuthenticationPackage
;
1383 LogonType
= RequestMsg
->LogonUser
.Request
.LogonType
;
1385 /* Get the right authentication package */
1386 Package
= LsapGetAuthenticationPackage(PackageId
);
1387 if (Package
== NULL
)
1389 ERR("LsapGetAuthenticationPackage() failed to find a package\n");
1390 return STATUS_NO_SUCH_PACKAGE
;
1393 if (RequestMsg
->LogonUser
.Request
.AuthenticationInformationLength
> 0)
1395 /* Allocate the local authentication info buffer */
1396 LocalAuthInfo
= RtlAllocateHeap(RtlGetProcessHeap(),
1398 RequestMsg
->LogonUser
.Request
.AuthenticationInformationLength
);
1399 if (LocalAuthInfo
== NULL
)
1401 ERR("RtlAllocateHeap() failed\n");
1402 return STATUS_INSUFFICIENT_RESOURCES
;
1405 /* Read the authentication info from the callers adress space */
1406 Status
= NtReadVirtualMemory(LogonContext
->ClientProcessHandle
,
1407 RequestMsg
->LogonUser
.Request
.AuthenticationInformation
,
1409 RequestMsg
->LogonUser
.Request
.AuthenticationInformationLength
,
1411 if (!NT_SUCCESS(Status
))
1413 ERR("NtReadVirtualMemory() failed (Status 0x%08lx)\n", Status
);
1414 RtlFreeHeap(RtlGetProcessHeap(), 0, LocalAuthInfo
);
1419 if (RequestMsg
->LogonUser
.Request
.LocalGroupsCount
> 0)
1421 Status
= LsapCopyLocalGroups(LogonContext
,
1422 RequestMsg
->LogonUser
.Request
.LocalGroups
,
1423 RequestMsg
->LogonUser
.Request
.LocalGroupsCount
,
1425 if (!NT_SUCCESS(Status
))
1427 ERR("LsapCopyLocalGroups failed (Status 0x%08lx)\n", Status
);
1431 TRACE("GroupCount: %lu\n", LocalGroups
->GroupCount
);
1434 if (Package
->LsaApLogonUserEx2
!= NULL
)
1436 Status
= Package
->LsaApLogonUserEx2((PLSA_CLIENT_REQUEST
)LogonContext
,
1437 RequestMsg
->LogonUser
.Request
.LogonType
,
1439 RequestMsg
->LogonUser
.Request
.AuthenticationInformation
,
1440 RequestMsg
->LogonUser
.Request
.AuthenticationInformationLength
,
1441 &RequestMsg
->LogonUser
.Reply
.ProfileBuffer
,
1442 &RequestMsg
->LogonUser
.Reply
.ProfileBufferLength
,
1443 &RequestMsg
->LogonUser
.Reply
.LogonId
,
1444 &RequestMsg
->LogonUser
.Reply
.SubStatus
,
1445 &TokenInformationType
,
1448 &AuthenticatingAuthority
,
1450 NULL
, /* FIXME: PSECPKG_PRIMARY_CRED PrimaryCredentials */
1451 NULL
); /* FIXME: PSECPKG_SUPPLEMENTAL_CRED_ARRAY *SupplementalCredentials */
1453 else if (Package
->LsaApLogonUserEx
!= NULL
)
1455 Status
= Package
->LsaApLogonUserEx((PLSA_CLIENT_REQUEST
)LogonContext
,
1456 RequestMsg
->LogonUser
.Request
.LogonType
,
1458 RequestMsg
->LogonUser
.Request
.AuthenticationInformation
,
1459 RequestMsg
->LogonUser
.Request
.AuthenticationInformationLength
,
1460 &RequestMsg
->LogonUser
.Reply
.ProfileBuffer
,
1461 &RequestMsg
->LogonUser
.Reply
.ProfileBufferLength
,
1462 &RequestMsg
->LogonUser
.Reply
.LogonId
,
1463 &RequestMsg
->LogonUser
.Reply
.SubStatus
,
1464 &TokenInformationType
,
1467 &AuthenticatingAuthority
,
1472 Status
= Package
->LsaApLogonUser((PLSA_CLIENT_REQUEST
)LogonContext
,
1473 RequestMsg
->LogonUser
.Request
.LogonType
,
1475 RequestMsg
->LogonUser
.Request
.AuthenticationInformation
,
1476 RequestMsg
->LogonUser
.Request
.AuthenticationInformationLength
,
1477 &RequestMsg
->LogonUser
.Reply
.ProfileBuffer
,
1478 &RequestMsg
->LogonUser
.Reply
.ProfileBufferLength
,
1479 &RequestMsg
->LogonUser
.Reply
.LogonId
,
1480 &RequestMsg
->LogonUser
.Reply
.SubStatus
,
1481 &TokenInformationType
,
1484 &AuthenticatingAuthority
);
1487 if (!NT_SUCCESS(Status
))
1489 ERR("LsaApLogonUser/Ex/2 failed (Status 0x%08lx)\n", Status
);
1493 if (LocalGroups
->GroupCount
> 0)
1495 /* Add local groups to the token information */
1496 Status
= LsapAddLocalGroups(TokenInformation
,
1497 TokenInformationType
,
1499 if (!NT_SUCCESS(Status
))
1501 ERR("LsapAddLocalGroupsToTokenInfo() failed (Status 0x%08lx)\n", Status
);
1506 Status
= LsapAddDefaultGroups(TokenInformation
,
1507 TokenInformationType
,
1509 if (!NT_SUCCESS(Status
))
1511 ERR("LsapAddDefaultGroups() failed (Status 0x%08lx)\n", Status
);
1515 Status
= LsapAddSamGroups(TokenInformation
,
1516 TokenInformationType
);
1517 if (!NT_SUCCESS(Status
))
1519 ERR("LsapAddSamGroups() failed (Status 0x%08lx)\n", Status
);
1523 Status
= LsapSetTokenOwner(TokenInformation
,
1524 TokenInformationType
);
1525 if (!NT_SUCCESS(Status
))
1527 ERR("LsapSetTokenOwner() failed (Status 0x%08lx)\n", Status
);
1531 Status
= LsapAddTokenDefaultDacl(TokenInformation
,
1532 TokenInformationType
);
1533 if (!NT_SUCCESS(Status
))
1535 ERR("LsapAddTokenDefaultDacl() failed (Status 0x%08lx)\n", Status
);
1539 Status
= LsapSetPrivileges(TokenInformation
,
1540 TokenInformationType
);
1541 if (!NT_SUCCESS(Status
))
1543 ERR("LsapSetPrivileges() failed (Status 0x%08lx)\n", Status
);
1547 if (TokenInformationType
== LsaTokenInformationV1
)
1549 TokenInfo1
= (PLSA_TOKEN_INFORMATION_V1
)TokenInformation
;
1551 Qos
.Length
= sizeof(SECURITY_QUALITY_OF_SERVICE
);
1552 Qos
.ImpersonationLevel
= SecurityImpersonation
;
1553 Qos
.ContextTrackingMode
= SECURITY_DYNAMIC_TRACKING
;
1554 Qos
.EffectiveOnly
= FALSE
;
1556 ObjectAttributes
.Length
= sizeof(OBJECT_ATTRIBUTES
);
1557 ObjectAttributes
.RootDirectory
= NULL
;
1558 ObjectAttributes
.ObjectName
= NULL
;
1559 ObjectAttributes
.Attributes
= 0;
1560 ObjectAttributes
.SecurityDescriptor
= NULL
;
1561 ObjectAttributes
.SecurityQualityOfService
= &Qos
;
1563 /* Create the logon token */
1564 Status
= NtCreateToken(&TokenHandle
,
1568 &RequestMsg
->LogonUser
.Reply
.LogonId
,
1569 &TokenInfo1
->ExpirationTime
,
1572 TokenInfo1
->Privileges
,
1574 &TokenInfo1
->PrimaryGroup
,
1575 &TokenInfo1
->DefaultDacl
,
1576 &RequestMsg
->LogonUser
.Request
.SourceContext
);
1577 if (!NT_SUCCESS(Status
))
1579 ERR("NtCreateToken failed (Status 0x%08lx)\n", Status
);
1585 FIXME("TokenInformationType %d is not supported!\n", TokenInformationType
);
1586 Status
= STATUS_NOT_IMPLEMENTED
;
1590 /* Duplicate the token handle into the client process */
1591 Status
= NtDuplicateObject(NtCurrentProcess(),
1593 LogonContext
->ClientProcessHandle
,
1594 &RequestMsg
->LogonUser
.Reply
.Token
,
1597 DUPLICATE_SAME_ACCESS
| DUPLICATE_SAME_ATTRIBUTES
| DUPLICATE_CLOSE_SOURCE
);
1598 if (!NT_SUCCESS(Status
))
1600 ERR("NtDuplicateObject failed (Status 0x%08lx)\n", Status
);
1606 Status
= LsapSetLogonSessionData(&RequestMsg
->LogonUser
.Reply
.LogonId
);
1607 if (!NT_SUCCESS(Status
))
1609 ERR("LsapSetLogonSessionData failed (Status 0x%08lx)\n", Status
);
1614 if (!NT_SUCCESS(Status
))
1616 if (TokenHandle
!= NULL
)
1617 NtClose(TokenHandle
);
1620 /* Free the local groups */
1621 if (LocalGroups
!= NULL
)
1623 for (i
= 0; i
< LocalGroups
->GroupCount
; i
++)
1625 if (LocalGroups
->Groups
[i
].Sid
!= NULL
)
1626 RtlFreeHeap(RtlGetProcessHeap(), 0, LocalGroups
->Groups
[i
].Sid
);
1629 RtlFreeHeap(RtlGetProcessHeap(), 0, LocalGroups
);
1632 /* Free the local authentication info buffer */
1633 if (LocalAuthInfo
!= NULL
)
1634 RtlFreeHeap(RtlGetProcessHeap(), 0, LocalAuthInfo
);
1636 /* Free the token information */
1637 if (TokenInformation
!= NULL
)
1639 if (TokenInformationType
== LsaTokenInformationV1
)
1641 TokenInfo1
= (PLSA_TOKEN_INFORMATION_V1
)TokenInformation
;
1643 if (TokenInfo1
!= NULL
)
1645 if (TokenInfo1
->User
.User
.Sid
!= NULL
)
1646 LsapFreeHeap(TokenInfo1
->User
.User
.Sid
);
1648 if (TokenInfo1
->Groups
!= NULL
)
1650 for (i
= 0; i
< TokenInfo1
->Groups
->GroupCount
; i
++)
1652 if (TokenInfo1
->Groups
->Groups
[i
].Sid
!= NULL
)
1653 LsapFreeHeap(TokenInfo1
->Groups
->Groups
[i
].Sid
);
1656 LsapFreeHeap(TokenInfo1
->Groups
);
1659 if (TokenInfo1
->PrimaryGroup
.PrimaryGroup
!= NULL
)
1660 LsapFreeHeap(TokenInfo1
->PrimaryGroup
.PrimaryGroup
);
1662 if (TokenInfo1
->Privileges
!= NULL
)
1663 LsapFreeHeap(TokenInfo1
->Privileges
);
1665 if (TokenInfo1
->Owner
.Owner
!= NULL
)
1666 LsapFreeHeap(TokenInfo1
->Owner
.Owner
);
1668 if (TokenInfo1
->DefaultDacl
.DefaultDacl
!= NULL
)
1669 LsapFreeHeap(TokenInfo1
->DefaultDacl
.DefaultDacl
);
1671 LsapFreeHeap(TokenInfo1
);
1676 FIXME("TokenInformationType %d is not supported!\n", TokenInformationType
);
1680 /* Free the account name */
1681 if (AccountName
!= NULL
)
1683 if (AccountName
->Buffer
!= NULL
)
1684 LsapFreeHeap(AccountName
->Buffer
);
1686 LsapFreeHeap(AccountName
);
1689 /* Free the authentication authority */
1690 if (AuthenticatingAuthority
!= NULL
)
1692 if (AuthenticatingAuthority
!= NULL
)
1693 LsapFreeHeap(AuthenticatingAuthority
->Buffer
);
1695 LsapFreeHeap(AuthenticatingAuthority
);
1698 /* Free the machine name */
1699 if (MachineName
!= NULL
)
1701 if (MachineName
->Buffer
!= NULL
)
1702 LsapFreeHeap(MachineName
->Buffer
);
1704 LsapFreeHeap(MachineName
);
1707 TRACE("LsapLogonUser done (Status 0x%08lx)\n", Status
);