2 * PROJECT: Local Security Authority Server DLL
3 * LICENSE: GPL - See COPYING in the top level directory
4 * FILE: dll/win32/lsasrv/authpackage.c
5 * PURPOSE: Authenticaton package management routines
6 * COPYRIGHT: Copyright 2013 Eric Kohl
11 #include <ndk/mmfuncs.h>
12 #include <ndk/sefuncs.h>
13 #include <ndk/umfuncs.h>
15 typedef enum _LSA_TOKEN_INFORMATION_TYPE
17 LsaTokenInformationNull
,
19 } LSA_TOKEN_INFORMATION_TYPE
, *PLSA_TOKEN_INFORMATION_TYPE
;
21 typedef struct _LSA_TOKEN_INFORMATION_V1
23 LARGE_INTEGER ExpirationTime
;
26 TOKEN_PRIMARY_GROUP PrimaryGroup
;
27 PTOKEN_PRIVILEGES Privileges
;
29 TOKEN_DEFAULT_DACL DefaultDacl
;
30 } LSA_TOKEN_INFORMATION_V1
, *PLSA_TOKEN_INFORMATION_V1
;
32 typedef PVOID PLSA_CLIENT_REQUEST
;
34 typedef NTSTATUS (NTAPI
*PLSA_CREATE_LOGON_SESSION
)(PLUID
);
35 typedef NTSTATUS (NTAPI
*PLSA_DELETE_LOGON_SESSION
)(PLUID
);
37 typedef PVOID (NTAPI
*PLSA_ALLOCATE_LSA_HEAP
)(ULONG
);
38 typedef VOID (NTAPI
*PLSA_FREE_LSA_HEAP
)(PVOID
);
39 typedef NTSTATUS (NTAPI
*PLSA_ALLOCATE_CLIENT_BUFFER
)(PLSA_CLIENT_REQUEST
, ULONG
, PVOID
*);
40 typedef NTSTATUS (NTAPI
*PLSA_FREE_CLIENT_BUFFER
)(PLSA_CLIENT_REQUEST
, PVOID
);
41 typedef NTSTATUS (NTAPI
*PLSA_COPY_TO_CLIENT_BUFFER
)(PLSA_CLIENT_REQUEST
, ULONG
,
43 typedef NTSTATUS (NTAPI
*PLSA_COPY_FROM_CLIENT_BUFFER
)(PLSA_CLIENT_REQUEST
,
46 typedef struct LSA_DISPATCH_TABLE
48 PLSA_CREATE_LOGON_SESSION CreateLogonSession
;
49 PLSA_DELETE_LOGON_SESSION DeleteLogonSession
;
50 PVOID
/*PLSA_ADD_CREDENTIAL */ AddCredential
;
51 PVOID
/*PLSA_GET_CREDENTIALS */ GetCredentials
;
52 PVOID
/*PLSA_DELETE_CREDENTIAL */ DeleteCredential
;
53 PLSA_ALLOCATE_LSA_HEAP AllocateLsaHeap
;
54 PLSA_FREE_LSA_HEAP FreeLsaHeap
;
55 PLSA_ALLOCATE_CLIENT_BUFFER AllocateClientBuffer
;
56 PLSA_FREE_CLIENT_BUFFER FreeClientBuffer
;
57 PLSA_COPY_TO_CLIENT_BUFFER CopyToClientBuffer
;
58 PLSA_COPY_FROM_CLIENT_BUFFER CopyFromClientBuffer
;
59 } LSA_DISPATCH_TABLE
, *PLSA_DISPATCH_TABLE
;
62 typedef NTSTATUS (NTAPI
*PLSA_AP_INITIALIZE_PACKAGE
)(ULONG
, PLSA_DISPATCH_TABLE
,
63 PLSA_STRING
, PLSA_STRING
, PLSA_STRING
*);
64 typedef NTSTATUS (NTAPI
*PLSA_AP_CALL_PACKAGE_INTERNAL
)(PLSA_CLIENT_REQUEST
, PVOID
, PVOID
,
65 ULONG
, PVOID
*, PULONG
, PNTSTATUS
);
66 typedef NTSTATUS (NTAPI
*PLSA_AP_CALL_PACKAGE_PASSTHROUGH
)(PLSA_CLIENT_REQUEST
,
67 PVOID
, PVOID
, ULONG
, PVOID
*, PULONG
, PNTSTATUS
);
68 typedef NTSTATUS (NTAPI
*PLSA_AP_CALL_PACKAGE_UNTRUSTED
)(PLSA_CLIENT_REQUEST
,
69 PVOID
, PVOID
, ULONG
, PVOID
*, PULONG
, PNTSTATUS
);
70 typedef VOID (NTAPI
*PLSA_AP_LOGON_TERMINATED
)(PLUID
);
71 typedef NTSTATUS (NTAPI
*PLSA_AP_LOGON_USER_EX2
)(PLSA_CLIENT_REQUEST
,
72 SECURITY_LOGON_TYPE
, PVOID
, PVOID
, ULONG
, PVOID
*, PULONG
, PLUID
, PNTSTATUS
,
73 PLSA_TOKEN_INFORMATION_TYPE
, PVOID
*, PUNICODE_STRING
*, PUNICODE_STRING
*,
74 PUNICODE_STRING
*, PVOID
/*PSECPKG_PRIMARY_CRED*/, PVOID
/*PSECPKG_SUPPLEMENTAL_CRED_ARRAY **/);
75 typedef NTSTATUS (NTAPI
*PLSA_AP_LOGON_USER_EX
)(PLSA_CLIENT_REQUEST
,
76 SECURITY_LOGON_TYPE
, PVOID
, PVOID
, ULONG
, PVOID
*, PULONG
, PLUID
, PNTSTATUS
,
77 PLSA_TOKEN_INFORMATION_TYPE
, PVOID
*, PUNICODE_STRING
*, PUNICODE_STRING
*,
80 typedef NTSTATUS (NTAPI
*PLSA_AP_LOGON_USER_INTERNAL
)(PLSA_CLIENT_REQUEST
, SECURITY_LOGON_TYPE
,
81 PVOID
, PVOID
, ULONG
, PVOID
*, PULONG
, PLUID
, PNTSTATUS
, PLSA_TOKEN_INFORMATION_TYPE
,
82 PVOID
*, PUNICODE_STRING
*, PUNICODE_STRING
*);
84 typedef struct _AUTH_PACKAGE
91 PLSA_AP_INITIALIZE_PACKAGE LsaApInitializePackage
;
92 PLSA_AP_CALL_PACKAGE_INTERNAL LsaApCallPackage
;
93 PLSA_AP_CALL_PACKAGE_PASSTHROUGH LsaApCallPackagePassthrough
;
94 PLSA_AP_CALL_PACKAGE_UNTRUSTED LsaApCallPackageUntrusted
;
95 PLSA_AP_LOGON_TERMINATED LsaApLogonTerminated
;
96 PLSA_AP_LOGON_USER_EX2 LsaApLogonUserEx2
;
97 PLSA_AP_LOGON_USER_EX LsaApLogonUserEx
;
98 PLSA_AP_LOGON_USER_INTERNAL LsaApLogonUser
;
99 } AUTH_PACKAGE
, *PAUTH_PACKAGE
;
103 LsaIFree_LSAPR_PRIVILEGE_SET(IN PLSAPR_PRIVILEGE_SET Ptr
);
105 typedef wchar_t *PSAMPR_SERVER_NAME
;
106 typedef void *SAMPR_HANDLE
;
108 typedef struct _SAMPR_ULONG_ARRAY
111 unsigned long *Element
;
112 } SAMPR_ULONG_ARRAY
, *PSAMPR_ULONG_ARRAY
;
114 typedef struct _SAMPR_SID_INFORMATION
117 } SAMPR_SID_INFORMATION
, *PSAMPR_SID_INFORMATION
;
119 typedef struct _SAMPR_PSID_ARRAY
122 PSAMPR_SID_INFORMATION Sids
;
123 } SAMPR_PSID_ARRAY
, *PSAMPR_PSID_ARRAY
;
128 PSAMPR_SERVER_NAME ServerName
,
129 SAMPR_HANDLE
*ServerHandle
,
130 ACCESS_MASK DesiredAccess
,
135 SamIFree_SAMPR_ULONG_ARRAY(
136 PSAMPR_ULONG_ARRAY Ptr
);
141 SAMPR_HANDLE
*SamHandle
);
146 SAMPR_HANDLE ServerHandle
,
147 ACCESS_MASK DesiredAccess
,
149 SAMPR_HANDLE
*DomainHandle
);
153 SamrGetAliasMembership(
154 SAMPR_HANDLE DomainHandle
,
155 PSAMPR_PSID_ARRAY SidArray
,
156 PSAMPR_ULONG_ARRAY Membership
);
159 /* GLOBALS *****************************************************************/
161 static LIST_ENTRY PackageListHead
;
162 static ULONG PackageId
;
163 static LSA_DISPATCH_TABLE DispatchTable
;
165 #define CONST_LUID(x1, x2) {x1, x2}
166 static const LUID SeChangeNotifyPrivilege
= CONST_LUID(SE_CHANGE_NOTIFY_PRIVILEGE
, 0);
167 static const LUID SeCreateGlobalPrivilege
= CONST_LUID(SE_CREATE_GLOBAL_PRIVILEGE
, 0);
168 static const LUID SeImpersonatePrivilege
= CONST_LUID(SE_IMPERSONATE_PRIVILEGE
, 0);
171 /* FUNCTIONS ***************************************************************/
176 LsapAddAuthPackage(IN PWSTR ValueName
,
179 IN ULONG ValueLength
,
181 IN PVOID EntryContext
)
183 PAUTH_PACKAGE Package
= NULL
;
184 UNICODE_STRING PackageName
;
187 NTSTATUS Status
= STATUS_SUCCESS
;
189 TRACE("LsapAddAuthPackage()\n");
191 PackageName
.Length
= (USHORT
)ValueLength
- sizeof(WCHAR
);
192 PackageName
.MaximumLength
= (USHORT
)ValueLength
;
193 PackageName
.Buffer
= ValueData
;
195 Id
= (PULONG
)Context
;
197 Package
= RtlAllocateHeap(RtlGetProcessHeap(),
199 sizeof(AUTH_PACKAGE
));
201 return STATUS_INSUFFICIENT_RESOURCES
;
203 Status
= LdrLoadDll(NULL
,
206 &Package
->ModuleHandle
);
207 if (!NT_SUCCESS(Status
))
209 TRACE("LdrLoadDll failed (Status 0x%08lx)\n", Status
);
213 RtlInitAnsiString(&ProcName
, "LsaApInitializePackage");
214 Status
= LdrGetProcedureAddress(Package
->ModuleHandle
,
217 (PVOID
*)&Package
->LsaApInitializePackage
);
218 if (!NT_SUCCESS(Status
))
220 TRACE("LdrGetProcedureAddress() failed (Status 0x%08lx)\n", Status
);
224 RtlInitAnsiString(&ProcName
, "LsaApCallPackage");
225 Status
= LdrGetProcedureAddress(Package
->ModuleHandle
,
228 (PVOID
*)&Package
->LsaApCallPackage
);
229 if (!NT_SUCCESS(Status
))
231 TRACE("LdrGetProcedureAddress() failed (Status 0x%08lx)\n", Status
);
235 RtlInitAnsiString(&ProcName
, "LsaApCallPackagePassthrough");
236 Status
= LdrGetProcedureAddress(Package
->ModuleHandle
,
239 (PVOID
*)&Package
->LsaApCallPackagePassthrough
);
240 if (!NT_SUCCESS(Status
))
242 TRACE("LdrGetProcedureAddress() failed (Status 0x%08lx)\n", Status
);
246 RtlInitAnsiString(&ProcName
, "LsaApCallPackageUntrusted");
247 Status
= LdrGetProcedureAddress(Package
->ModuleHandle
,
250 (PVOID
*)&Package
->LsaApCallPackageUntrusted
);
251 if (!NT_SUCCESS(Status
))
253 TRACE("LdrGetProcedureAddress() failed (Status 0x%08lx)\n", Status
);
257 RtlInitAnsiString(&ProcName
, "LsaApLogonTerminated");
258 Status
= LdrGetProcedureAddress(Package
->ModuleHandle
,
261 (PVOID
*)&Package
->LsaApLogonTerminated
);
262 if (!NT_SUCCESS(Status
))
264 TRACE("LdrGetProcedureAddress() failed (Status 0x%08lx)\n", Status
);
268 RtlInitAnsiString(&ProcName
, "LsaApLogonUserEx2");
269 Status
= LdrGetProcedureAddress(Package
->ModuleHandle
,
272 (PVOID
*)&Package
->LsaApLogonUserEx2
);
273 if (!NT_SUCCESS(Status
))
275 RtlInitAnsiString(&ProcName
, "LsaApLogonUserEx");
276 Status
= LdrGetProcedureAddress(Package
->ModuleHandle
,
279 (PVOID
*)&Package
->LsaApLogonUserEx
);
280 if (!NT_SUCCESS(Status
))
282 RtlInitAnsiString(&ProcName
, "LsaApLogonUser");
283 Status
= LdrGetProcedureAddress(Package
->ModuleHandle
,
286 (PVOID
*)&Package
->LsaApLogonUser
);
287 if (!NT_SUCCESS(Status
))
289 TRACE("LdrGetProcedureAddress() failed (Status 0x%08lx)\n", Status
);
295 /* Initialize the current package */
296 Status
= Package
->LsaApInitializePackage(*Id
,
301 if (!NT_SUCCESS(Status
))
303 TRACE("Package->LsaApInitializePackage() failed (Status 0x%08lx)\n", Status
);
307 TRACE("Package Name: %s\n", Package
->Name
->Buffer
);
312 InsertTailList(&PackageListHead
, &Package
->Entry
);
315 if (!NT_SUCCESS(Status
))
319 if (Package
->ModuleHandle
!= NULL
)
320 LdrUnloadDll(Package
->ModuleHandle
);
322 if (Package
->Name
!= NULL
)
324 if (Package
->Name
->Buffer
!= NULL
)
325 RtlFreeHeap(RtlGetProcessHeap(), 0, Package
->Name
->Buffer
);
327 RtlFreeHeap(RtlGetProcessHeap(), 0, Package
->Name
);
330 RtlFreeHeap(RtlGetProcessHeap(), 0, Package
);
340 LsapGetAuthenticationPackage(IN ULONG PackageId
)
342 PLIST_ENTRY ListEntry
;
343 PAUTH_PACKAGE Package
;
345 ListEntry
= PackageListHead
.Flink
;
346 while (ListEntry
!= &PackageListHead
)
348 Package
= CONTAINING_RECORD(ListEntry
, AUTH_PACKAGE
, Entry
);
350 if (Package
->Id
== PackageId
)
355 ListEntry
= ListEntry
->Flink
;
365 LsapAllocateHeap(IN ULONG Length
)
367 return RtlAllocateHeap(RtlGetProcessHeap(),
376 LsapFreeHeap(IN PVOID Base
)
378 RtlFreeHeap(RtlGetProcessHeap(),
387 LsapAllocateClientBuffer(IN PLSA_CLIENT_REQUEST ClientRequest
,
388 IN ULONG LengthRequired
,
389 OUT PVOID
*ClientBaseAddress
)
391 PLSAP_LOGON_CONTEXT LogonContext
;
394 *ClientBaseAddress
= NULL
;
396 LogonContext
= (PLSAP_LOGON_CONTEXT
)ClientRequest
;
398 Length
= LengthRequired
;
399 return NtAllocateVirtualMemory(LogonContext
->ClientProcessHandle
,
411 LsapFreeClientBuffer(IN PLSA_CLIENT_REQUEST ClientRequest
,
412 IN PVOID ClientBaseAddress
)
414 PLSAP_LOGON_CONTEXT LogonContext
;
417 if (ClientBaseAddress
== NULL
)
418 return STATUS_SUCCESS
;
420 LogonContext
= (PLSAP_LOGON_CONTEXT
)ClientRequest
;
423 return NtFreeVirtualMemory(LogonContext
->ClientProcessHandle
,
433 LsapCopyToClientBuffer(IN PLSA_CLIENT_REQUEST ClientRequest
,
435 IN PVOID ClientBaseAddress
,
436 IN PVOID BufferToCopy
)
438 PLSAP_LOGON_CONTEXT LogonContext
;
440 LogonContext
= (PLSAP_LOGON_CONTEXT
)ClientRequest
;
442 return NtWriteVirtualMemory(LogonContext
->ClientProcessHandle
,
453 LsapCopyFromClientBuffer(IN PLSA_CLIENT_REQUEST ClientRequest
,
455 IN PVOID BufferToCopy
,
456 IN PVOID ClientBaseAddress
)
458 PLSAP_LOGON_CONTEXT LogonContext
;
460 LogonContext
= (PLSAP_LOGON_CONTEXT
)ClientRequest
;
462 return NtReadVirtualMemory(LogonContext
->ClientProcessHandle
,
471 LsapInitAuthPackages(VOID
)
473 RTL_QUERY_REGISTRY_TABLE AuthPackageTable
[] = {
474 {LsapAddAuthPackage
, 0, L
"Authentication Packages", NULL
, REG_NONE
, NULL
, 0},
475 {NULL
, 0, NULL
, NULL
, REG_NONE
, NULL
, 0}};
479 InitializeListHead(&PackageListHead
);
482 /* Initialize the dispatch table */
483 DispatchTable
.CreateLogonSession
= &LsapCreateLogonSession
;
484 DispatchTable
.DeleteLogonSession
= &LsapDeleteLogonSession
;
485 DispatchTable
.AddCredential
= NULL
;
486 DispatchTable
.GetCredentials
= NULL
;
487 DispatchTable
.DeleteCredential
= NULL
;
488 DispatchTable
.AllocateLsaHeap
= &LsapAllocateHeap
;
489 DispatchTable
.FreeLsaHeap
= &LsapFreeHeap
;
490 DispatchTable
.AllocateClientBuffer
= &LsapAllocateClientBuffer
;
491 DispatchTable
.FreeClientBuffer
= &LsapFreeClientBuffer
;
492 DispatchTable
.CopyToClientBuffer
= &LsapCopyToClientBuffer
;
493 DispatchTable
.CopyFromClientBuffer
= &LsapCopyFromClientBuffer
;
495 /* Add registered authentication packages */
496 Status
= RtlQueryRegistryValues(RTL_REGISTRY_CONTROL
,
507 LsapLookupAuthenticationPackage(PLSA_API_MSG RequestMsg
,
508 PLSAP_LOGON_CONTEXT LogonContext
)
510 PLIST_ENTRY ListEntry
;
511 PAUTH_PACKAGE Package
;
512 ULONG PackageNameLength
;
515 TRACE("(%p %p)\n", RequestMsg
, LogonContext
);
517 PackageNameLength
= RequestMsg
->LookupAuthenticationPackage
.Request
.PackageNameLength
;
518 PackageName
= RequestMsg
->LookupAuthenticationPackage
.Request
.PackageName
;
520 TRACE("PackageName: %s\n", PackageName
);
522 ListEntry
= PackageListHead
.Flink
;
523 while (ListEntry
!= &PackageListHead
)
525 Package
= CONTAINING_RECORD(ListEntry
, AUTH_PACKAGE
, Entry
);
527 if ((PackageNameLength
== Package
->Name
->Length
) &&
528 (_strnicmp(PackageName
, Package
->Name
->Buffer
, Package
->Name
->Length
) == 0))
530 RequestMsg
->LookupAuthenticationPackage
.Reply
.Package
= Package
->Id
;
531 return STATUS_SUCCESS
;
534 ListEntry
= ListEntry
->Flink
;
537 return STATUS_NO_SUCH_PACKAGE
;
542 LsapCallAuthenticationPackage(PLSA_API_MSG RequestMsg
,
543 PLSAP_LOGON_CONTEXT LogonContext
)
545 PAUTH_PACKAGE Package
;
546 PVOID LocalBuffer
= NULL
;
550 TRACE("(%p %p)\n", RequestMsg
, LogonContext
);
552 PackageId
= RequestMsg
->CallAuthenticationPackage
.Request
.AuthenticationPackage
;
554 /* Get the right authentication package */
555 Package
= LsapGetAuthenticationPackage(PackageId
);
558 TRACE("LsapGetAuthenticationPackage() failed to find a package\n");
559 return STATUS_NO_SUCH_PACKAGE
;
562 if (RequestMsg
->CallAuthenticationPackage
.Request
.SubmitBufferLength
> 0)
564 LocalBuffer
= RtlAllocateHeap(RtlGetProcessHeap(),
566 RequestMsg
->CallAuthenticationPackage
.Request
.SubmitBufferLength
);
567 if (LocalBuffer
== NULL
)
569 return STATUS_INSUFFICIENT_RESOURCES
;
572 Status
= NtReadVirtualMemory(LogonContext
->ClientProcessHandle
,
573 RequestMsg
->CallAuthenticationPackage
.Request
.ProtocolSubmitBuffer
,
575 RequestMsg
->CallAuthenticationPackage
.Request
.SubmitBufferLength
,
577 if (!NT_SUCCESS(Status
))
579 TRACE("NtReadVirtualMemory() failed (Status 0x%08lx)\n", Status
);
580 RtlFreeHeap(RtlGetProcessHeap(), 0, LocalBuffer
);
585 Status
= Package
->LsaApCallPackage((PLSA_CLIENT_REQUEST
)LogonContext
,
587 RequestMsg
->CallAuthenticationPackage
.Request
.ProtocolSubmitBuffer
,
588 RequestMsg
->CallAuthenticationPackage
.Request
.SubmitBufferLength
,
589 &RequestMsg
->CallAuthenticationPackage
.Reply
.ProtocolReturnBuffer
,
590 &RequestMsg
->CallAuthenticationPackage
.Reply
.ReturnBufferLength
,
591 &RequestMsg
->CallAuthenticationPackage
.Reply
.ProtocolStatus
);
592 if (!NT_SUCCESS(Status
))
594 TRACE("Package->LsaApCallPackage() failed (Status 0x%08lx)\n", Status
);
597 if (LocalBuffer
!= NULL
)
598 RtlFreeHeap(RtlGetProcessHeap(), 0, LocalBuffer
);
607 IN PLSAP_LOGON_CONTEXT LogonContext
,
608 IN PTOKEN_GROUPS ClientGroups
,
609 IN ULONG ClientGroupsCount
,
610 OUT PTOKEN_GROUPS
*TokenGroups
)
612 ULONG LocalGroupsLength
= 0;
613 PTOKEN_GROUPS LocalGroups
= NULL
;
614 ULONG SidHeaderLength
= 0;
615 PSID SidHeader
= NULL
;
618 ULONG AllocatedSids
= 0;
622 LocalGroupsLength
= sizeof(TOKEN_GROUPS
) +
623 (ClientGroupsCount
- ANYSIZE_ARRAY
) * sizeof(SID_AND_ATTRIBUTES
);
624 LocalGroups
= RtlAllocateHeap(RtlGetProcessHeap(),
627 if (LocalGroups
== NULL
)
629 TRACE("RtlAllocateHeap() failed\n");
630 return STATUS_INSUFFICIENT_RESOURCES
;
633 Status
= NtReadVirtualMemory(LogonContext
->ClientProcessHandle
,
638 if (!NT_SUCCESS(Status
))
642 SidHeaderLength
= RtlLengthRequiredSid(0);
643 SidHeader
= RtlAllocateHeap(RtlGetProcessHeap(),
646 if (SidHeader
== NULL
)
648 Status
= STATUS_INSUFFICIENT_RESOURCES
;
652 for (i
= 0; i
< ClientGroupsCount
; i
++)
654 SrcSid
= LocalGroups
->Groups
[i
].Sid
;
656 Status
= NtReadVirtualMemory(LogonContext
->ClientProcessHandle
,
661 if (!NT_SUCCESS(Status
))
664 SidLength
= RtlLengthSid(SidHeader
);
665 TRACE("Sid %lu: Length %lu\n", i
, SidLength
);
667 DstSid
= RtlAllocateHeap(RtlGetProcessHeap(),
672 Status
= STATUS_INSUFFICIENT_RESOURCES
;
676 Status
= NtReadVirtualMemory(LogonContext
->ClientProcessHandle
,
681 if (!NT_SUCCESS(Status
))
683 RtlFreeHeap(RtlGetProcessHeap(), 0, DstSid
);
687 LocalGroups
->Groups
[i
].Sid
= DstSid
;
691 *TokenGroups
= LocalGroups
;
694 if (SidHeader
!= NULL
)
695 RtlFreeHeap(RtlGetProcessHeap(), 0, SidHeader
);
697 if (!NT_SUCCESS(Status
))
699 if (LocalGroups
!= NULL
)
701 for (i
= 0; i
< AllocatedSids
; i
++)
702 RtlFreeHeap(RtlGetProcessHeap(), 0, LocalGroups
->Groups
[i
].Sid
);
704 RtlFreeHeap(RtlGetProcessHeap(), 0, LocalGroups
);
715 IN PVOID TokenInformation
,
716 IN LSA_TOKEN_INFORMATION_TYPE TokenInformationType
,
717 IN PTOKEN_GROUPS LocalGroups
)
719 PLSA_TOKEN_INFORMATION_V1 TokenInfo1
;
720 PTOKEN_GROUPS Groups
;
725 if (LocalGroups
== NULL
|| LocalGroups
->GroupCount
== 0)
726 return STATUS_SUCCESS
;
728 if (TokenInformationType
== LsaTokenInformationV1
)
730 TokenInfo1
= (PLSA_TOKEN_INFORMATION_V1
)TokenInformation
;
732 if (TokenInfo1
->Groups
!= NULL
)
734 Length
= sizeof(TOKEN_GROUPS
) +
735 (LocalGroups
->GroupCount
+ TokenInfo1
->Groups
->GroupCount
- ANYSIZE_ARRAY
) * sizeof(SID_AND_ATTRIBUTES
);
737 Groups
= RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY
, Length
);
740 ERR("Group buffer allocation failed!\n");
741 return STATUS_INSUFFICIENT_RESOURCES
;
744 Groups
->GroupCount
= LocalGroups
->GroupCount
+ TokenInfo1
->Groups
->GroupCount
;
746 for (i
= 0; i
< TokenInfo1
->Groups
->GroupCount
; i
++)
748 Groups
->Groups
[i
].Sid
= TokenInfo1
->Groups
->Groups
[i
].Sid
;
749 Groups
->Groups
[i
].Attributes
= TokenInfo1
->Groups
->Groups
[i
].Attributes
;
752 for (j
= 0; j
< LocalGroups
->GroupCount
; i
++, j
++)
754 Groups
->Groups
[i
].Sid
= LocalGroups
->Groups
[j
].Sid
;
755 Groups
->Groups
[i
].Attributes
= LocalGroups
->Groups
[j
].Attributes
;
756 LocalGroups
->Groups
[j
].Sid
= NULL
;
759 RtlFreeHeap(RtlGetProcessHeap(), 0, TokenInfo1
->Groups
);
761 TokenInfo1
->Groups
= Groups
;
765 Length
= sizeof(TOKEN_GROUPS
) +
766 (LocalGroups
->GroupCount
- ANYSIZE_ARRAY
) * sizeof(SID_AND_ATTRIBUTES
);
768 Groups
= RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY
, Length
);
771 ERR("Group buffer allocation failed!\n");
772 return STATUS_INSUFFICIENT_RESOURCES
;
775 Groups
->GroupCount
= LocalGroups
->GroupCount
;
777 for (i
= 0; i
< LocalGroups
->GroupCount
; i
++)
779 Groups
->Groups
[i
].Sid
= LocalGroups
->Groups
[i
].Sid
;
780 Groups
->Groups
[i
].Attributes
= LocalGroups
->Groups
[i
].Attributes
;
783 TokenInfo1
->Groups
= Groups
;
788 FIXME("TokenInformationType %d is not supported!\n", TokenInformationType
);
789 return STATUS_NOT_IMPLEMENTED
;
792 return STATUS_SUCCESS
;
797 LsapAddDefaultGroups(
798 IN PVOID TokenInformation
,
799 IN LSA_TOKEN_INFORMATION_TYPE TokenInformationType
,
800 IN SECURITY_LOGON_TYPE LogonType
)
802 PLSA_TOKEN_INFORMATION_V1 TokenInfo1
;
803 PTOKEN_GROUPS Groups
;
807 if (TokenInformationType
== LsaTokenInformationV1
)
809 TokenInfo1
= (PLSA_TOKEN_INFORMATION_V1
)TokenInformation
;
811 if (TokenInfo1
->Groups
!= NULL
)
813 Length
= sizeof(TOKEN_GROUPS
) +
814 (TokenInfo1
->Groups
->GroupCount
+ 2 - ANYSIZE_ARRAY
) * sizeof(SID_AND_ATTRIBUTES
);
816 Groups
= RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY
, Length
);
819 ERR("Group buffer allocation failed!\n");
820 return STATUS_INSUFFICIENT_RESOURCES
;
823 Groups
->GroupCount
= TokenInfo1
->Groups
->GroupCount
;
825 for (i
= 0; i
< TokenInfo1
->Groups
->GroupCount
; i
++)
827 Groups
->Groups
[i
].Sid
= TokenInfo1
->Groups
->Groups
[i
].Sid
;
828 Groups
->Groups
[i
].Attributes
= TokenInfo1
->Groups
->Groups
[i
].Attributes
;
831 RtlFreeHeap(RtlGetProcessHeap(), 0, TokenInfo1
->Groups
);
833 TokenInfo1
->Groups
= Groups
;
838 Length
= sizeof(TOKEN_GROUPS
) +
839 (2 - ANYSIZE_ARRAY
) * sizeof(SID_AND_ATTRIBUTES
);
841 Groups
= RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY
, Length
);
844 ERR("Group buffer allocation failed!\n");
845 return STATUS_INSUFFICIENT_RESOURCES
;
848 TokenInfo1
->Groups
= Groups
;
851 /* Append the World SID (aka Everyone) */
852 Length
= RtlLengthSid(LsapWorldSid
);
853 Groups
->Groups
[Groups
->GroupCount
].Sid
= RtlAllocateHeap(RtlGetProcessHeap(),
856 if (Groups
->Groups
[Groups
->GroupCount
].Sid
== NULL
)
857 return STATUS_INSUFFICIENT_RESOURCES
;
859 RtlCopyMemory(Groups
->Groups
[Groups
->GroupCount
].Sid
,
863 Groups
->Groups
[Groups
->GroupCount
].Attributes
=
864 SE_GROUP_ENABLED
| SE_GROUP_ENABLED_BY_DEFAULT
| SE_GROUP_MANDATORY
;
866 Groups
->GroupCount
++;
868 /* Append the logon type SID */
872 SrcSid
= LsapInteractiveSid
;
876 SrcSid
= LsapNetworkSid
;
880 SrcSid
= LsapBatchSid
;
884 SrcSid
= LsapServiceSid
;
888 FIXME("LogonType %d is not supported!\n", LogonType
);
889 return STATUS_NOT_IMPLEMENTED
;
892 Length
= RtlLengthSid(SrcSid
);
893 Groups
->Groups
[Groups
->GroupCount
].Sid
= RtlAllocateHeap(RtlGetProcessHeap(),
896 if (Groups
->Groups
[Groups
->GroupCount
].Sid
== NULL
)
897 return STATUS_INSUFFICIENT_RESOURCES
;
899 RtlCopyMemory(Groups
->Groups
[Groups
->GroupCount
].Sid
,
903 Groups
->Groups
[Groups
->GroupCount
].Attributes
=
904 SE_GROUP_ENABLED
| SE_GROUP_ENABLED_BY_DEFAULT
| SE_GROUP_MANDATORY
;
906 Groups
->GroupCount
++;
910 FIXME("TokenInformationType %d is not supported!\n", TokenInformationType
);
911 return STATUS_NOT_IMPLEMENTED
;
914 return STATUS_SUCCESS
;
920 LsapAppendSidToGroups(
921 IN PTOKEN_GROUPS
*TokenGroups
,
925 PTOKEN_GROUPS Groups
;
930 Sid
= LsapAppendRidToSid(DomainSid
, RelativeId
);
933 ERR("Group SID creation failed!\n");
934 return STATUS_INSUFFICIENT_RESOURCES
;
937 if (*TokenGroups
== NULL
)
939 Length
= sizeof(TOKEN_GROUPS
) +
940 (1 - ANYSIZE_ARRAY
) * sizeof(SID_AND_ATTRIBUTES
);
942 Groups
= RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY
, Length
);
945 ERR("Group buffer allocation failed!\n");
946 return STATUS_INSUFFICIENT_RESOURCES
;
949 Groups
->GroupCount
= 1;
951 Groups
->Groups
[0].Sid
= Sid
;
952 Groups
->Groups
[0].Attributes
=
953 SE_GROUP_ENABLED
| SE_GROUP_ENABLED_BY_DEFAULT
| SE_GROUP_MANDATORY
;
955 *TokenGroups
= Groups
;
959 for (i
= 0; i
< (*TokenGroups
)->GroupCount
; i
++)
961 if (RtlEqualSid((*TokenGroups
)->Groups
[i
].Sid
, Sid
))
963 RtlFreeHeap(RtlGetProcessHeap(), 0, Sid
);
964 return STATUS_SUCCESS
;
968 Length
= sizeof(TOKEN_GROUPS
) +
969 ((*TokenGroups
)->GroupCount
+ 1 - ANYSIZE_ARRAY
) * sizeof(SID_AND_ATTRIBUTES
);
971 Groups
= RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY
, Length
);
974 ERR("Group buffer allocation failed!\n");
975 return STATUS_INSUFFICIENT_RESOURCES
;
978 Groups
->GroupCount
= (*TokenGroups
)->GroupCount
;
980 for (i
= 0; i
< (*TokenGroups
)->GroupCount
; i
++)
982 Groups
->Groups
[i
].Sid
= (*TokenGroups
)->Groups
[i
].Sid
;
983 Groups
->Groups
[i
].Attributes
= (*TokenGroups
)->Groups
[i
].Attributes
;
986 Groups
->Groups
[Groups
->GroupCount
].Sid
= Sid
;
987 Groups
->Groups
[Groups
->GroupCount
].Attributes
=
988 SE_GROUP_ENABLED
| SE_GROUP_ENABLED_BY_DEFAULT
| SE_GROUP_MANDATORY
;
990 Groups
->GroupCount
++;
992 RtlFreeHeap(RtlGetProcessHeap(), 0, *TokenGroups
);
994 *TokenGroups
= Groups
;
997 return STATUS_SUCCESS
;
1004 IN PVOID TokenInformation
,
1005 IN LSA_TOKEN_INFORMATION_TYPE TokenInformationType
)
1007 PLSA_TOKEN_INFORMATION_V1 TokenInfo1
;
1008 SAMPR_HANDLE ServerHandle
= NULL
;
1009 SAMPR_HANDLE BuiltinDomainHandle
= NULL
;
1010 SAMPR_HANDLE AccountDomainHandle
= NULL
;
1011 SAMPR_PSID_ARRAY SidArray
;
1012 SAMPR_ULONG_ARRAY BuiltinMembership
;
1013 SAMPR_ULONG_ARRAY AccountMembership
;
1015 NTSTATUS Status
= STATUS_SUCCESS
;
1017 if (TokenInformationType
!= LsaTokenInformationV1
)
1018 return STATUS_SUCCESS
;
1020 TokenInfo1
= (PLSA_TOKEN_INFORMATION_V1
)TokenInformation
;
1022 SidArray
.Count
= TokenInfo1
->Groups
->GroupCount
+ 1;
1023 SidArray
.Sids
= RtlAllocateHeap(RtlGetProcessHeap(),
1025 (TokenInfo1
->Groups
->GroupCount
+ 1) * sizeof(PRPC_SID
));
1026 if (SidArray
.Sids
== NULL
)
1027 return STATUS_INSUFFICIENT_RESOURCES
;
1029 SidArray
.Sids
[0].SidPointer
= TokenInfo1
->User
.User
.Sid
;
1030 for (i
= 0; i
< TokenInfo1
->Groups
->GroupCount
; i
++)
1031 SidArray
.Sids
[i
+ 1].SidPointer
= TokenInfo1
->Groups
->Groups
[i
].Sid
;
1033 Status
= SamIConnect(NULL
,
1035 SAM_SERVER_CONNECT
| SAM_SERVER_LOOKUP_DOMAIN
,
1037 if (!NT_SUCCESS(Status
))
1039 TRACE("SamIConnect failed (Status %08lx)\n", Status
);
1043 Status
= SamrOpenDomain(ServerHandle
,
1044 DOMAIN_GET_ALIAS_MEMBERSHIP
,
1046 &BuiltinDomainHandle
);
1047 if (!NT_SUCCESS(Status
))
1049 TRACE("SamrOpenDomain failed (Status %08lx)\n", Status
);
1053 Status
= SamrOpenDomain(ServerHandle
,
1054 DOMAIN_GET_ALIAS_MEMBERSHIP
,
1056 &AccountDomainHandle
);
1057 if (!NT_SUCCESS(Status
))
1059 TRACE("SamrOpenDomain failed (Status %08lx)\n", Status
);
1063 BuiltinMembership
.Element
= NULL
;
1064 Status
= SamrGetAliasMembership(BuiltinDomainHandle
,
1066 &BuiltinMembership
);
1067 if (!NT_SUCCESS(Status
))
1069 TRACE("SamrGetAliasMembership failed (Status %08lx)\n", Status
);
1073 AccountMembership
.Element
= NULL
;
1074 Status
= SamrGetAliasMembership(AccountDomainHandle
,
1076 &AccountMembership
);
1077 if (!NT_SUCCESS(Status
))
1079 TRACE("SamrGetAliasMembership failed (Status %08lx)\n", Status
);
1083 TRACE("Builtin Memberships: %lu\n", BuiltinMembership
.Count
);
1084 for (i
= 0; i
< BuiltinMembership
.Count
; i
++)
1086 TRACE("RID %lu: %lu (0x%lx)\n", i
, BuiltinMembership
.Element
[i
], BuiltinMembership
.Element
[i
]);
1087 Status
= LsapAppendSidToGroups(&TokenInfo1
->Groups
,
1089 BuiltinMembership
.Element
[i
]);
1090 if (!NT_SUCCESS(Status
))
1092 TRACE("LsapAppendSidToGroups failed (Status %08lx)\n", Status
);
1097 TRACE("Account Memberships: %lu\n", AccountMembership
.Count
);
1098 for (i
= 0; i
< AccountMembership
.Count
; i
++)
1100 TRACE("RID %lu: %lu (0x%lx)\n", i
, AccountMembership
.Element
[i
], AccountMembership
.Element
[i
]);
1101 Status
= LsapAppendSidToGroups(&TokenInfo1
->Groups
,
1103 AccountMembership
.Element
[i
]);
1104 if (!NT_SUCCESS(Status
))
1106 TRACE("LsapAppendSidToGroups failed (Status %08lx)\n", Status
);
1112 RtlFreeHeap(RtlGetProcessHeap(), 0, SidArray
.Sids
);
1114 if (AccountMembership
.Element
!= NULL
)
1115 SamIFree_SAMPR_ULONG_ARRAY(&AccountMembership
);
1117 if (BuiltinMembership
.Element
!= NULL
)
1118 SamIFree_SAMPR_ULONG_ARRAY(&BuiltinMembership
);
1120 if (AccountDomainHandle
!= NULL
)
1121 SamrCloseHandle(&AccountDomainHandle
);
1123 if (BuiltinDomainHandle
!= NULL
)
1124 SamrCloseHandle(&BuiltinDomainHandle
);
1126 if (ServerHandle
!= NULL
)
1127 SamrCloseHandle(&ServerHandle
);
1131 return STATUS_SUCCESS
;
1138 IN PVOID TokenInformation
,
1139 IN LSA_TOKEN_INFORMATION_TYPE TokenInformationType
)
1141 PLSA_TOKEN_INFORMATION_V1 TokenInfo1
;
1142 PSID OwnerSid
= NULL
;
1145 if (TokenInformationType
== LsaTokenInformationV1
)
1147 TokenInfo1
= (PLSA_TOKEN_INFORMATION_V1
)TokenInformation
;
1149 if (TokenInfo1
->Owner
.Owner
!= NULL
)
1150 return STATUS_SUCCESS
;
1152 OwnerSid
= TokenInfo1
->User
.User
.Sid
;
1153 for (i
= 0; i
< TokenInfo1
->Groups
->GroupCount
; i
++)
1155 if (EqualSid(TokenInfo1
->Groups
->Groups
[i
].Sid
, LsapAdministratorsSid
))
1157 OwnerSid
= LsapAdministratorsSid
;
1162 Length
= RtlLengthSid(OwnerSid
);
1163 TokenInfo1
->Owner
.Owner
= DispatchTable
.AllocateLsaHeap(Length
);
1164 if (TokenInfo1
->Owner
.Owner
== NULL
)
1165 return STATUS_INSUFFICIENT_RESOURCES
;
1167 RtlCopyMemory(TokenInfo1
->Owner
.Owner
,
1172 return STATUS_SUCCESS
;
1178 LsapAddTokenDefaultDacl(
1179 IN PVOID TokenInformation
,
1180 IN LSA_TOKEN_INFORMATION_TYPE TokenInformationType
)
1182 PLSA_TOKEN_INFORMATION_V1 TokenInfo1
;
1186 if (TokenInformationType
== LsaTokenInformationV1
)
1188 TokenInfo1
= (PLSA_TOKEN_INFORMATION_V1
)TokenInformation
;
1190 if (TokenInfo1
->DefaultDacl
.DefaultDacl
!= NULL
)
1191 return STATUS_SUCCESS
;
1193 Length
= sizeof(ACL
) +
1194 (2 * sizeof(ACCESS_ALLOWED_ACE
)) +
1195 RtlLengthSid(TokenInfo1
->Owner
.Owner
) +
1196 RtlLengthSid(LsapLocalSystemSid
);
1198 Dacl
= DispatchTable
.AllocateLsaHeap(Length
);
1200 return STATUS_INSUFFICIENT_RESOURCES
;
1202 RtlCreateAcl(Dacl
, Length
, ACL_REVISION
);
1204 RtlAddAccessAllowedAce(Dacl
,
1207 TokenInfo1
->Owner
.Owner
);
1210 RtlAddAccessAllowedAce(Dacl
,
1213 LsapLocalSystemSid
);
1215 TokenInfo1
->DefaultDacl
.DefaultDacl
= Dacl
;
1218 return STATUS_SUCCESS
;
1224 LsapAddPrivilegeToTokenPrivileges(PTOKEN_PRIVILEGES
*TokenPrivileges
,
1225 PLSAPR_LUID_AND_ATTRIBUTES Privilege
)
1227 PTOKEN_PRIVILEGES LocalPrivileges
;
1228 ULONG Length
, TokenPrivilegeCount
, i
;
1229 NTSTATUS Status
= STATUS_SUCCESS
;
1231 if (*TokenPrivileges
== NULL
)
1233 Length
= sizeof(TOKEN_PRIVILEGES
) +
1234 (1 - ANYSIZE_ARRAY
) * sizeof(LUID_AND_ATTRIBUTES
);
1235 LocalPrivileges
= RtlAllocateHeap(RtlGetProcessHeap(),
1238 if (LocalPrivileges
== NULL
)
1239 return STATUS_INSUFFICIENT_RESOURCES
;
1241 LocalPrivileges
->PrivilegeCount
= 1;
1242 LocalPrivileges
->Privileges
[0].Luid
= Privilege
->Luid
;
1243 LocalPrivileges
->Privileges
[0].Attributes
= Privilege
->Attributes
;
1247 TokenPrivilegeCount
= (*TokenPrivileges
)->PrivilegeCount
;
1249 for (i
= 0; i
< TokenPrivilegeCount
; i
++)
1251 if (RtlEqualLuid(&(*TokenPrivileges
)->Privileges
[i
].Luid
, &Privilege
->Luid
))
1252 return STATUS_SUCCESS
;
1255 Length
= sizeof(TOKEN_PRIVILEGES
) +
1256 (TokenPrivilegeCount
+ 1 - ANYSIZE_ARRAY
) * sizeof(LUID_AND_ATTRIBUTES
);
1257 LocalPrivileges
= RtlAllocateHeap(RtlGetProcessHeap(),
1260 if (LocalPrivileges
== NULL
)
1261 return STATUS_INSUFFICIENT_RESOURCES
;
1263 LocalPrivileges
->PrivilegeCount
= TokenPrivilegeCount
+ 1;
1264 for (i
= 0; i
< TokenPrivilegeCount
; i
++)
1266 LocalPrivileges
->Privileges
[i
].Luid
= (*TokenPrivileges
)->Privileges
[i
].Luid
;
1267 LocalPrivileges
->Privileges
[i
].Attributes
= (*TokenPrivileges
)->Privileges
[i
].Attributes
;
1270 LocalPrivileges
->Privileges
[TokenPrivilegeCount
].Luid
= Privilege
->Luid
;
1271 LocalPrivileges
->Privileges
[TokenPrivilegeCount
].Attributes
= Privilege
->Attributes
;
1273 RtlFreeHeap(RtlGetProcessHeap(), 0, *TokenPrivileges
);
1276 *TokenPrivileges
= LocalPrivileges
;
1284 IN PVOID TokenInformation
,
1285 IN LSA_TOKEN_INFORMATION_TYPE TokenInformationType
)
1287 PLSA_TOKEN_INFORMATION_V1 TokenInfo1
;
1288 LSAPR_HANDLE PolicyHandle
= NULL
;
1289 LSAPR_HANDLE AccountHandle
= NULL
;
1290 PLSAPR_PRIVILEGE_SET Privileges
= NULL
;
1294 if (TokenInformationType
== LsaTokenInformationV1
)
1296 TokenInfo1
= (PLSA_TOKEN_INFORMATION_V1
)TokenInformation
;
1298 Status
= LsarOpenPolicy(NULL
,
1302 if (!NT_SUCCESS(Status
))
1305 for (i
= 0; i
< TokenInfo1
->Groups
->GroupCount
; i
++)
1307 Status
= LsarOpenAccount(PolicyHandle
,
1308 TokenInfo1
->Groups
->Groups
[i
].Sid
,
1311 if (!NT_SUCCESS(Status
))
1314 Status
= LsarEnumeratePrivilegesAccount(AccountHandle
,
1316 if (NT_SUCCESS(Status
))
1318 for (j
= 0; j
< Privileges
->PrivilegeCount
; j
++)
1320 Status
= LsapAddPrivilegeToTokenPrivileges(&TokenInfo1
->Privileges
,
1321 &(Privileges
->Privilege
[j
]));
1322 if (!NT_SUCCESS(Status
))
1324 /* We failed, clean everything and return */
1325 LsaIFree_LSAPR_PRIVILEGE_SET(Privileges
);
1326 LsarClose(&AccountHandle
);
1327 LsarClose(&PolicyHandle
);
1333 LsaIFree_LSAPR_PRIVILEGE_SET(Privileges
);
1337 LsarClose(&AccountHandle
);
1340 LsarClose(&PolicyHandle
);
1342 if (TokenInfo1
->Privileges
!= NULL
)
1344 for (i
= 0; i
< TokenInfo1
->Privileges
->PrivilegeCount
; i
++)
1346 if (RtlEqualLuid(&TokenInfo1
->Privileges
->Privileges
[i
].Luid
, &SeChangeNotifyPrivilege
) ||
1347 RtlEqualLuid(&TokenInfo1
->Privileges
->Privileges
[i
].Luid
, &SeCreateGlobalPrivilege
) ||
1348 RtlEqualLuid(&TokenInfo1
->Privileges
->Privileges
[i
].Luid
, &SeImpersonatePrivilege
))
1350 TokenInfo1
->Privileges
->Privileges
[i
].Attributes
|= SE_PRIVILEGE_ENABLED
| SE_PRIVILEGE_ENABLED_BY_DEFAULT
;
1356 return STATUS_SUCCESS
;
1361 LsapLogonUser(PLSA_API_MSG RequestMsg
,
1362 PLSAP_LOGON_CONTEXT LogonContext
)
1364 PAUTH_PACKAGE Package
;
1365 OBJECT_ATTRIBUTES ObjectAttributes
;
1366 SECURITY_QUALITY_OF_SERVICE Qos
;
1367 LSA_TOKEN_INFORMATION_TYPE TokenInformationType
;
1368 PVOID TokenInformation
= NULL
;
1369 PLSA_TOKEN_INFORMATION_V1 TokenInfo1
= NULL
;
1370 PUNICODE_STRING AccountName
= NULL
;
1371 PUNICODE_STRING AuthenticatingAuthority
= NULL
;
1372 PUNICODE_STRING MachineName
= NULL
;
1373 PVOID LocalAuthInfo
= NULL
;
1374 PTOKEN_GROUPS LocalGroups
= NULL
;
1375 HANDLE TokenHandle
= NULL
;
1378 SECURITY_LOGON_TYPE LogonType
;
1381 TRACE("(%p %p)\n", RequestMsg
, LogonContext
);
1383 PackageId
= RequestMsg
->LogonUser
.Request
.AuthenticationPackage
;
1384 LogonType
= RequestMsg
->LogonUser
.Request
.LogonType
;
1386 /* Get the right authentication package */
1387 Package
= LsapGetAuthenticationPackage(PackageId
);
1388 if (Package
== NULL
)
1390 ERR("LsapGetAuthenticationPackage() failed to find a package\n");
1391 return STATUS_NO_SUCH_PACKAGE
;
1394 if (RequestMsg
->LogonUser
.Request
.AuthenticationInformationLength
> 0)
1396 /* Allocate the local authentication info buffer */
1397 LocalAuthInfo
= RtlAllocateHeap(RtlGetProcessHeap(),
1399 RequestMsg
->LogonUser
.Request
.AuthenticationInformationLength
);
1400 if (LocalAuthInfo
== NULL
)
1402 ERR("RtlAllocateHeap() failed\n");
1403 return STATUS_INSUFFICIENT_RESOURCES
;
1406 /* Read the authentication info from the callers adress space */
1407 Status
= NtReadVirtualMemory(LogonContext
->ClientProcessHandle
,
1408 RequestMsg
->LogonUser
.Request
.AuthenticationInformation
,
1410 RequestMsg
->LogonUser
.Request
.AuthenticationInformationLength
,
1412 if (!NT_SUCCESS(Status
))
1414 ERR("NtReadVirtualMemory() failed (Status 0x%08lx)\n", Status
);
1415 RtlFreeHeap(RtlGetProcessHeap(), 0, LocalAuthInfo
);
1420 if (RequestMsg
->LogonUser
.Request
.LocalGroupsCount
> 0)
1422 Status
= LsapCopyLocalGroups(LogonContext
,
1423 RequestMsg
->LogonUser
.Request
.LocalGroups
,
1424 RequestMsg
->LogonUser
.Request
.LocalGroupsCount
,
1426 if (!NT_SUCCESS(Status
))
1428 ERR("LsapCopyLocalGroups failed (Status 0x%08lx)\n", Status
);
1432 TRACE("GroupCount: %lu\n", LocalGroups
->GroupCount
);
1435 if (Package
->LsaApLogonUserEx2
!= NULL
)
1437 Status
= Package
->LsaApLogonUserEx2((PLSA_CLIENT_REQUEST
)LogonContext
,
1438 RequestMsg
->LogonUser
.Request
.LogonType
,
1440 RequestMsg
->LogonUser
.Request
.AuthenticationInformation
,
1441 RequestMsg
->LogonUser
.Request
.AuthenticationInformationLength
,
1442 &RequestMsg
->LogonUser
.Reply
.ProfileBuffer
,
1443 &RequestMsg
->LogonUser
.Reply
.ProfileBufferLength
,
1444 &RequestMsg
->LogonUser
.Reply
.LogonId
,
1445 &RequestMsg
->LogonUser
.Reply
.SubStatus
,
1446 &TokenInformationType
,
1449 &AuthenticatingAuthority
,
1451 NULL
, /* FIXME: PSECPKG_PRIMARY_CRED PrimaryCredentials */
1452 NULL
); /* FIXME: PSECPKG_SUPPLEMENTAL_CRED_ARRAY *SupplementalCredentials */
1454 else if (Package
->LsaApLogonUserEx
!= NULL
)
1456 Status
= Package
->LsaApLogonUserEx((PLSA_CLIENT_REQUEST
)LogonContext
,
1457 RequestMsg
->LogonUser
.Request
.LogonType
,
1459 RequestMsg
->LogonUser
.Request
.AuthenticationInformation
,
1460 RequestMsg
->LogonUser
.Request
.AuthenticationInformationLength
,
1461 &RequestMsg
->LogonUser
.Reply
.ProfileBuffer
,
1462 &RequestMsg
->LogonUser
.Reply
.ProfileBufferLength
,
1463 &RequestMsg
->LogonUser
.Reply
.LogonId
,
1464 &RequestMsg
->LogonUser
.Reply
.SubStatus
,
1465 &TokenInformationType
,
1468 &AuthenticatingAuthority
,
1473 Status
= Package
->LsaApLogonUser((PLSA_CLIENT_REQUEST
)LogonContext
,
1474 RequestMsg
->LogonUser
.Request
.LogonType
,
1476 RequestMsg
->LogonUser
.Request
.AuthenticationInformation
,
1477 RequestMsg
->LogonUser
.Request
.AuthenticationInformationLength
,
1478 &RequestMsg
->LogonUser
.Reply
.ProfileBuffer
,
1479 &RequestMsg
->LogonUser
.Reply
.ProfileBufferLength
,
1480 &RequestMsg
->LogonUser
.Reply
.LogonId
,
1481 &RequestMsg
->LogonUser
.Reply
.SubStatus
,
1482 &TokenInformationType
,
1485 &AuthenticatingAuthority
);
1488 if (!NT_SUCCESS(Status
))
1490 ERR("LsaApLogonUser/Ex/2 failed (Status 0x%08lx)\n", Status
);
1494 if (LocalGroups
->GroupCount
> 0)
1496 /* Add local groups to the token information */
1497 Status
= LsapAddLocalGroups(TokenInformation
,
1498 TokenInformationType
,
1500 if (!NT_SUCCESS(Status
))
1502 ERR("LsapAddLocalGroupsToTokenInfo() failed (Status 0x%08lx)\n", Status
);
1507 Status
= LsapAddDefaultGroups(TokenInformation
,
1508 TokenInformationType
,
1510 if (!NT_SUCCESS(Status
))
1512 ERR("LsapAddDefaultGroups() failed (Status 0x%08lx)\n", Status
);
1516 Status
= LsapAddSamGroups(TokenInformation
,
1517 TokenInformationType
);
1518 if (!NT_SUCCESS(Status
))
1520 ERR("LsapAddSamGroups() failed (Status 0x%08lx)\n", Status
);
1524 Status
= LsapSetTokenOwner(TokenInformation
,
1525 TokenInformationType
);
1526 if (!NT_SUCCESS(Status
))
1528 ERR("LsapSetTokenOwner() failed (Status 0x%08lx)\n", Status
);
1532 Status
= LsapAddTokenDefaultDacl(TokenInformation
,
1533 TokenInformationType
);
1534 if (!NT_SUCCESS(Status
))
1536 ERR("LsapAddTokenDefaultDacl() failed (Status 0x%08lx)\n", Status
);
1540 Status
= LsapSetPrivileges(TokenInformation
,
1541 TokenInformationType
);
1542 if (!NT_SUCCESS(Status
))
1544 ERR("LsapSetPrivileges() failed (Status 0x%08lx)\n", Status
);
1548 if (TokenInformationType
== LsaTokenInformationV1
)
1550 TokenInfo1
= (PLSA_TOKEN_INFORMATION_V1
)TokenInformation
;
1552 Qos
.Length
= sizeof(SECURITY_QUALITY_OF_SERVICE
);
1553 Qos
.ImpersonationLevel
= SecurityImpersonation
;
1554 Qos
.ContextTrackingMode
= SECURITY_DYNAMIC_TRACKING
;
1555 Qos
.EffectiveOnly
= FALSE
;
1557 ObjectAttributes
.Length
= sizeof(OBJECT_ATTRIBUTES
);
1558 ObjectAttributes
.RootDirectory
= NULL
;
1559 ObjectAttributes
.ObjectName
= NULL
;
1560 ObjectAttributes
.Attributes
= 0;
1561 ObjectAttributes
.SecurityDescriptor
= NULL
;
1562 ObjectAttributes
.SecurityQualityOfService
= &Qos
;
1564 /* Create the logon token */
1565 Status
= NtCreateToken(&TokenHandle
,
1569 &RequestMsg
->LogonUser
.Reply
.LogonId
,
1570 &TokenInfo1
->ExpirationTime
,
1573 TokenInfo1
->Privileges
,
1575 &TokenInfo1
->PrimaryGroup
,
1576 &TokenInfo1
->DefaultDacl
,
1577 &RequestMsg
->LogonUser
.Request
.SourceContext
);
1578 if (!NT_SUCCESS(Status
))
1580 ERR("NtCreateToken failed (Status 0x%08lx)\n", Status
);
1586 FIXME("TokenInformationType %d is not supported!\n", TokenInformationType
);
1587 Status
= STATUS_NOT_IMPLEMENTED
;
1591 /* Duplicate the token handle into the client process */
1592 Status
= NtDuplicateObject(NtCurrentProcess(),
1594 LogonContext
->ClientProcessHandle
,
1595 &RequestMsg
->LogonUser
.Reply
.Token
,
1598 DUPLICATE_SAME_ACCESS
| DUPLICATE_SAME_ATTRIBUTES
| DUPLICATE_CLOSE_SOURCE
);
1599 if (!NT_SUCCESS(Status
))
1601 ERR("NtDuplicateObject failed (Status 0x%08lx)\n", Status
);
1607 Status
= LsapSetLogonSessionData(&RequestMsg
->LogonUser
.Reply
.LogonId
);
1608 if (!NT_SUCCESS(Status
))
1610 ERR("LsapSetLogonSessionData failed (Status 0x%08lx)\n", Status
);
1615 if (!NT_SUCCESS(Status
))
1617 if (TokenHandle
!= NULL
)
1618 NtClose(TokenHandle
);
1621 /* Free the local groups */
1622 if (LocalGroups
!= NULL
)
1624 for (i
= 0; i
< LocalGroups
->GroupCount
; i
++)
1626 if (LocalGroups
->Groups
[i
].Sid
!= NULL
)
1627 RtlFreeHeap(RtlGetProcessHeap(), 0, LocalGroups
->Groups
[i
].Sid
);
1630 RtlFreeHeap(RtlGetProcessHeap(), 0, LocalGroups
);
1633 /* Free the local authentication info buffer */
1634 if (LocalAuthInfo
!= NULL
)
1635 RtlFreeHeap(RtlGetProcessHeap(), 0, LocalAuthInfo
);
1637 /* Free the token information */
1638 if (TokenInformation
!= NULL
)
1640 if (TokenInformationType
== LsaTokenInformationV1
)
1642 TokenInfo1
= (PLSA_TOKEN_INFORMATION_V1
)TokenInformation
;
1644 if (TokenInfo1
!= NULL
)
1646 if (TokenInfo1
->User
.User
.Sid
!= NULL
)
1647 LsapFreeHeap(TokenInfo1
->User
.User
.Sid
);
1649 if (TokenInfo1
->Groups
!= NULL
)
1651 for (i
= 0; i
< TokenInfo1
->Groups
->GroupCount
; i
++)
1653 if (TokenInfo1
->Groups
->Groups
[i
].Sid
!= NULL
)
1654 LsapFreeHeap(TokenInfo1
->Groups
->Groups
[i
].Sid
);
1657 LsapFreeHeap(TokenInfo1
->Groups
);
1660 if (TokenInfo1
->PrimaryGroup
.PrimaryGroup
!= NULL
)
1661 LsapFreeHeap(TokenInfo1
->PrimaryGroup
.PrimaryGroup
);
1663 if (TokenInfo1
->Privileges
!= NULL
)
1664 LsapFreeHeap(TokenInfo1
->Privileges
);
1666 if (TokenInfo1
->Owner
.Owner
!= NULL
)
1667 LsapFreeHeap(TokenInfo1
->Owner
.Owner
);
1669 if (TokenInfo1
->DefaultDacl
.DefaultDacl
!= NULL
)
1670 LsapFreeHeap(TokenInfo1
->DefaultDacl
.DefaultDacl
);
1672 LsapFreeHeap(TokenInfo1
);
1677 FIXME("TokenInformationType %d is not supported!\n", TokenInformationType
);
1681 /* Free the account name */
1682 if (AccountName
!= NULL
)
1684 if (AccountName
->Buffer
!= NULL
)
1685 LsapFreeHeap(AccountName
->Buffer
);
1687 LsapFreeHeap(AccountName
);
1690 /* Free the authentication authority */
1691 if (AuthenticatingAuthority
!= NULL
)
1693 if (AuthenticatingAuthority
!= NULL
)
1694 LsapFreeHeap(AuthenticatingAuthority
->Buffer
);
1696 LsapFreeHeap(AuthenticatingAuthority
);
1699 /* Free the machine name */
1700 if (MachineName
!= NULL
)
1702 if (MachineName
->Buffer
!= NULL
)
1703 LsapFreeHeap(MachineName
->Buffer
);
1705 LsapFreeHeap(MachineName
);
1708 TRACE("LsapLogonUser done (Status 0x%08lx)\n", Status
);