[MOUNTMGR] QueryPointsFromMemory: take into account the multiple MOUNTMGR_MOUNT_POINT
[reactos.git] / dll / win32 / lsasrv / authpackage.c
1 /*
2 * PROJECT: Local Security Authority Server DLL
3 * LICENSE: GPL - See COPYING in the top level directory
4 * FILE: dll/win32/lsasrv/authpackage.c
5 * PURPOSE: Authentication package management routines
6 * COPYRIGHT: Copyright 2013 Eric Kohl
7 */
8
9 #include "lsasrv.h"
10
11 #include <ndk/sefuncs.h>
12 #include <ndk/umfuncs.h>
13
14 typedef enum _LSA_TOKEN_INFORMATION_TYPE
15 {
16 LsaTokenInformationNull,
17 LsaTokenInformationV1
18 } LSA_TOKEN_INFORMATION_TYPE, *PLSA_TOKEN_INFORMATION_TYPE;
19
20 typedef struct _LSA_TOKEN_INFORMATION_NULL
21 {
22 LARGE_INTEGER ExpirationTime;
23 PTOKEN_GROUPS Groups;
24 } LSA_TOKEN_INFORMATION_NULL, *PLSA_TOKEN_INFORMATION_NULL;
25
26 typedef struct _LSA_TOKEN_INFORMATION_V1
27 {
28 LARGE_INTEGER ExpirationTime;
29 TOKEN_USER User;
30 PTOKEN_GROUPS Groups;
31 TOKEN_PRIMARY_GROUP PrimaryGroup;
32 PTOKEN_PRIVILEGES Privileges;
33 TOKEN_OWNER Owner;
34 TOKEN_DEFAULT_DACL DefaultDacl;
35 } LSA_TOKEN_INFORMATION_V1, *PLSA_TOKEN_INFORMATION_V1;
36
37 typedef PVOID PLSA_CLIENT_REQUEST;
38
39 typedef NTSTATUS (NTAPI *PLSA_CREATE_LOGON_SESSION)(PLUID);
40 typedef NTSTATUS (NTAPI *PLSA_DELETE_LOGON_SESSION)(PLUID);
41 typedef NTSTATUS (NTAPI *PLSA_ADD_CREDENTIAL)(PLUID, ULONG, PLSA_STRING, PLSA_STRING);
42 typedef NTSTATUS (NTAPI *PLSA_GET_CREDENTIALS)(PLUID, ULONG, PULONG, BOOLEAN, PLSA_STRING, PULONG, PLSA_STRING);
43 typedef NTSTATUS (NTAPI *PLSA_DELETE_CREDENTIAL)(PLUID, ULONG, PLSA_STRING);
44 typedef PVOID (NTAPI *PLSA_ALLOCATE_LSA_HEAP)(ULONG);
45 typedef VOID (NTAPI *PLSA_FREE_LSA_HEAP)(PVOID);
46 typedef NTSTATUS (NTAPI *PLSA_ALLOCATE_CLIENT_BUFFER)(PLSA_CLIENT_REQUEST, ULONG, PVOID*);
47 typedef NTSTATUS (NTAPI *PLSA_FREE_CLIENT_BUFFER)(PLSA_CLIENT_REQUEST, PVOID);
48 typedef NTSTATUS (NTAPI *PLSA_COPY_TO_CLIENT_BUFFER)(PLSA_CLIENT_REQUEST, ULONG,
49 PVOID, PVOID);
50 typedef NTSTATUS (NTAPI *PLSA_COPY_FROM_CLIENT_BUFFER)(PLSA_CLIENT_REQUEST,
51 ULONG, PVOID, PVOID);
52
53 typedef struct LSA_DISPATCH_TABLE
54 {
55 PLSA_CREATE_LOGON_SESSION CreateLogonSession;
56 PLSA_DELETE_LOGON_SESSION DeleteLogonSession;
57 PLSA_ADD_CREDENTIAL AddCredential;
58 PLSA_GET_CREDENTIALS GetCredentials;
59 PLSA_DELETE_CREDENTIAL DeleteCredential;
60 PLSA_ALLOCATE_LSA_HEAP AllocateLsaHeap;
61 PLSA_FREE_LSA_HEAP FreeLsaHeap;
62 PLSA_ALLOCATE_CLIENT_BUFFER AllocateClientBuffer;
63 PLSA_FREE_CLIENT_BUFFER FreeClientBuffer;
64 PLSA_COPY_TO_CLIENT_BUFFER CopyToClientBuffer;
65 PLSA_COPY_FROM_CLIENT_BUFFER CopyFromClientBuffer;
66 } LSA_DISPATCH_TABLE, *PLSA_DISPATCH_TABLE;
67
68
69 typedef NTSTATUS (NTAPI *PLSA_AP_INITIALIZE_PACKAGE)(ULONG, PLSA_DISPATCH_TABLE,
70 PLSA_STRING, PLSA_STRING, PLSA_STRING *);
71 typedef NTSTATUS (NTAPI *PLSA_AP_CALL_PACKAGE_INTERNAL)(PLSA_CLIENT_REQUEST, PVOID, PVOID,
72 ULONG, PVOID *, PULONG, PNTSTATUS);
73 typedef NTSTATUS (NTAPI *PLSA_AP_CALL_PACKAGE_PASSTHROUGH)(PLSA_CLIENT_REQUEST,
74 PVOID, PVOID, ULONG, PVOID *, PULONG, PNTSTATUS);
75 typedef NTSTATUS (NTAPI *PLSA_AP_CALL_PACKAGE_UNTRUSTED)(PLSA_CLIENT_REQUEST,
76 PVOID, PVOID, ULONG, PVOID *, PULONG, PNTSTATUS);
77 typedef VOID (NTAPI *PLSA_AP_LOGON_TERMINATED)(PLUID);
78 typedef NTSTATUS (NTAPI *PLSA_AP_LOGON_USER_EX2)(PLSA_CLIENT_REQUEST,
79 SECURITY_LOGON_TYPE, PVOID, PVOID, ULONG, PVOID *, PULONG, PLUID, PNTSTATUS,
80 PLSA_TOKEN_INFORMATION_TYPE, PVOID *, PUNICODE_STRING *, PUNICODE_STRING *,
81 PUNICODE_STRING *, PVOID /*PSECPKG_PRIMARY_CRED*/, PVOID /*PSECPKG_SUPPLEMENTAL_CRED_ARRAY **/);
82 typedef NTSTATUS (NTAPI *PLSA_AP_LOGON_USER_EX)(PLSA_CLIENT_REQUEST,
83 SECURITY_LOGON_TYPE, PVOID, PVOID, ULONG, PVOID *, PULONG, PLUID, PNTSTATUS,
84 PLSA_TOKEN_INFORMATION_TYPE, PVOID *, PUNICODE_STRING *, PUNICODE_STRING *,
85 PUNICODE_STRING *);
86
87 typedef NTSTATUS (NTAPI *PLSA_AP_LOGON_USER_INTERNAL)(PLSA_CLIENT_REQUEST, SECURITY_LOGON_TYPE,
88 PVOID, PVOID, ULONG, PVOID *, PULONG, PLUID, PNTSTATUS, PLSA_TOKEN_INFORMATION_TYPE,
89 PVOID *, PUNICODE_STRING *, PUNICODE_STRING *);
90
91 typedef struct _AUTH_PACKAGE
92 {
93 LIST_ENTRY Entry;
94 PSTRING Name;
95 ULONG Id;
96 PVOID ModuleHandle;
97
98 PLSA_AP_INITIALIZE_PACKAGE LsaApInitializePackage;
99 PLSA_AP_CALL_PACKAGE_INTERNAL LsaApCallPackage;
100 PLSA_AP_CALL_PACKAGE_PASSTHROUGH LsaApCallPackagePassthrough;
101 PLSA_AP_CALL_PACKAGE_UNTRUSTED LsaApCallPackageUntrusted;
102 PLSA_AP_LOGON_TERMINATED LsaApLogonTerminated;
103 PLSA_AP_LOGON_USER_EX2 LsaApLogonUserEx2;
104 PLSA_AP_LOGON_USER_EX LsaApLogonUserEx;
105 PLSA_AP_LOGON_USER_INTERNAL LsaApLogonUser;
106 } AUTH_PACKAGE, *PAUTH_PACKAGE;
107
108 VOID
109 NTAPI
110 LsaIFree_LSAPR_PRIVILEGE_SET(IN PLSAPR_PRIVILEGE_SET Ptr);
111
112 typedef wchar_t *PSAMPR_SERVER_NAME;
113 typedef void *SAMPR_HANDLE;
114
115 typedef struct _SAMPR_SID_INFORMATION
116 {
117 PRPC_SID SidPointer;
118 } SAMPR_SID_INFORMATION, *PSAMPR_SID_INFORMATION;
119
120 typedef struct _SAMPR_PSID_ARRAY
121 {
122 unsigned long Count;
123 PSAMPR_SID_INFORMATION Sids;
124 } SAMPR_PSID_ARRAY, *PSAMPR_PSID_ARRAY;
125
126 NTSTATUS
127 NTAPI
128 SamIConnect(
129 PSAMPR_SERVER_NAME ServerName,
130 SAMPR_HANDLE *ServerHandle,
131 ACCESS_MASK DesiredAccess,
132 BOOLEAN Trusted);
133
134 VOID
135 NTAPI
136 SamIFree_SAMPR_ULONG_ARRAY(
137 PSAMPR_ULONG_ARRAY Ptr);
138
139 NTSTATUS
140 __stdcall
141 SamrCloseHandle(
142 SAMPR_HANDLE *SamHandle);
143
144 NTSTATUS
145 __stdcall
146 SamrOpenDomain(
147 SAMPR_HANDLE ServerHandle,
148 ACCESS_MASK DesiredAccess,
149 PRPC_SID DomainId,
150 SAMPR_HANDLE *DomainHandle);
151
152 NTSTATUS
153 __stdcall
154 SamrGetAliasMembership(
155 SAMPR_HANDLE DomainHandle,
156 PSAMPR_PSID_ARRAY SidArray,
157 PSAMPR_ULONG_ARRAY Membership);
158
159
160 /* GLOBALS *****************************************************************/
161
162 static LIST_ENTRY PackageListHead;
163 static ULONG PackageId;
164 static LSA_DISPATCH_TABLE DispatchTable;
165
166 #define CONST_LUID(x1, x2) {x1, x2}
167 static const LUID SeChangeNotifyPrivilege = CONST_LUID(SE_CHANGE_NOTIFY_PRIVILEGE, 0);
168 static const LUID SeCreateGlobalPrivilege = CONST_LUID(SE_CREATE_GLOBAL_PRIVILEGE, 0);
169 static const LUID SeImpersonatePrivilege = CONST_LUID(SE_IMPERSONATE_PRIVILEGE, 0);
170
171
172 /* FUNCTIONS ***************************************************************/
173
174 static
175 NTSTATUS
176 NTAPI
177 LsapAddAuthPackage(IN PWSTR ValueName,
178 IN ULONG ValueType,
179 IN PVOID ValueData,
180 IN ULONG ValueLength,
181 IN PVOID Context,
182 IN PVOID EntryContext)
183 {
184 PAUTH_PACKAGE Package = NULL;
185 UNICODE_STRING PackageName;
186 STRING ProcName;
187 PULONG Id;
188 NTSTATUS Status = STATUS_SUCCESS;
189
190 TRACE("LsapAddAuthPackage()\n");
191
192 PackageName.Length = (USHORT)ValueLength - sizeof(WCHAR);
193 PackageName.MaximumLength = (USHORT)ValueLength;
194 PackageName.Buffer = ValueData;
195
196 Id = (PULONG)Context;
197
198 Package = RtlAllocateHeap(RtlGetProcessHeap(),
199 HEAP_ZERO_MEMORY,
200 sizeof(AUTH_PACKAGE));
201 if (Package == NULL)
202 return STATUS_INSUFFICIENT_RESOURCES;
203
204 Status = LdrLoadDll(NULL,
205 NULL,
206 &PackageName,
207 &Package->ModuleHandle);
208 if (!NT_SUCCESS(Status))
209 {
210 TRACE("LdrLoadDll failed (Status 0x%08lx)\n", Status);
211 goto done;
212 }
213
214 RtlInitAnsiString(&ProcName, "LsaApInitializePackage");
215 Status = LdrGetProcedureAddress(Package->ModuleHandle,
216 &ProcName,
217 0,
218 (PVOID *)&Package->LsaApInitializePackage);
219 if (!NT_SUCCESS(Status))
220 {
221 TRACE("LdrGetProcedureAddress() failed (Status 0x%08lx)\n", Status);
222 goto done;
223 }
224
225 RtlInitAnsiString(&ProcName, "LsaApCallPackage");
226 Status = LdrGetProcedureAddress(Package->ModuleHandle,
227 &ProcName,
228 0,
229 (PVOID *)&Package->LsaApCallPackage);
230 if (!NT_SUCCESS(Status))
231 {
232 TRACE("LdrGetProcedureAddress() failed (Status 0x%08lx)\n", Status);
233 goto done;
234 }
235
236 RtlInitAnsiString(&ProcName, "LsaApCallPackagePassthrough");
237 Status = LdrGetProcedureAddress(Package->ModuleHandle,
238 &ProcName,
239 0,
240 (PVOID *)&Package->LsaApCallPackagePassthrough);
241 if (!NT_SUCCESS(Status))
242 {
243 TRACE("LdrGetProcedureAddress() failed (Status 0x%08lx)\n", Status);
244 goto done;
245 }
246
247 RtlInitAnsiString(&ProcName, "LsaApCallPackageUntrusted");
248 Status = LdrGetProcedureAddress(Package->ModuleHandle,
249 &ProcName,
250 0,
251 (PVOID *)&Package->LsaApCallPackageUntrusted);
252 if (!NT_SUCCESS(Status))
253 {
254 TRACE("LdrGetProcedureAddress() failed (Status 0x%08lx)\n", Status);
255 goto done;
256 }
257
258 RtlInitAnsiString(&ProcName, "LsaApLogonTerminated");
259 Status = LdrGetProcedureAddress(Package->ModuleHandle,
260 &ProcName,
261 0,
262 (PVOID *)&Package->LsaApLogonTerminated);
263 if (!NT_SUCCESS(Status))
264 {
265 TRACE("LdrGetProcedureAddress() failed (Status 0x%08lx)\n", Status);
266 goto done;
267 }
268
269 RtlInitAnsiString(&ProcName, "LsaApLogonUserEx2");
270 Status = LdrGetProcedureAddress(Package->ModuleHandle,
271 &ProcName,
272 0,
273 (PVOID *)&Package->LsaApLogonUserEx2);
274 if (!NT_SUCCESS(Status))
275 {
276 RtlInitAnsiString(&ProcName, "LsaApLogonUserEx");
277 Status = LdrGetProcedureAddress(Package->ModuleHandle,
278 &ProcName,
279 0,
280 (PVOID *)&Package->LsaApLogonUserEx);
281 if (!NT_SUCCESS(Status))
282 {
283 RtlInitAnsiString(&ProcName, "LsaApLogonUser");
284 Status = LdrGetProcedureAddress(Package->ModuleHandle,
285 &ProcName,
286 0,
287 (PVOID *)&Package->LsaApLogonUser);
288 if (!NT_SUCCESS(Status))
289 {
290 TRACE("LdrGetProcedureAddress() failed (Status 0x%08lx)\n", Status);
291 goto done;
292 }
293 }
294 }
295
296 /* Initialize the current package */
297 Status = Package->LsaApInitializePackage(*Id,
298 &DispatchTable,
299 NULL,
300 NULL,
301 &Package->Name);
302 if (!NT_SUCCESS(Status))
303 {
304 TRACE("Package->LsaApInitializePackage() failed (Status 0x%08lx)\n", Status);
305 goto done;
306 }
307
308 TRACE("Package Name: %s\n", Package->Name->Buffer);
309
310 Package->Id = *Id;
311 (*Id)++;
312
313 InsertTailList(&PackageListHead, &Package->Entry);
314
315 done:
316 if (!NT_SUCCESS(Status))
317 {
318 if (Package != NULL)
319 {
320 if (Package->ModuleHandle != NULL)
321 LdrUnloadDll(Package->ModuleHandle);
322
323 if (Package->Name != NULL)
324 {
325 if (Package->Name->Buffer != NULL)
326 RtlFreeHeap(RtlGetProcessHeap(), 0, Package->Name->Buffer);
327
328 RtlFreeHeap(RtlGetProcessHeap(), 0, Package->Name);
329 }
330
331 RtlFreeHeap(RtlGetProcessHeap(), 0, Package);
332 }
333 }
334
335 return Status;
336 }
337
338
339 static
340 PAUTH_PACKAGE
341 LsapGetAuthenticationPackage(IN ULONG PackageId)
342 {
343 PLIST_ENTRY ListEntry;
344 PAUTH_PACKAGE Package;
345
346 ListEntry = PackageListHead.Flink;
347 while (ListEntry != &PackageListHead)
348 {
349 Package = CONTAINING_RECORD(ListEntry, AUTH_PACKAGE, Entry);
350
351 if (Package->Id == PackageId)
352 {
353 return Package;
354 }
355
356 ListEntry = ListEntry->Flink;
357 }
358
359 return NULL;
360 }
361
362
363 PVOID
364 NTAPI
365 LsapAllocateHeap(IN ULONG Length)
366 {
367 return RtlAllocateHeap(RtlGetProcessHeap(), 0, Length);
368 }
369
370
371 PVOID
372 NTAPI
373 LsapAllocateHeapZero(IN ULONG Length)
374 {
375 return RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, Length);
376 }
377
378
379 VOID
380 NTAPI
381 LsapFreeHeap(IN PVOID Base)
382 {
383 RtlFreeHeap(RtlGetProcessHeap(), 0, Base);
384 }
385
386
387 static
388 NTSTATUS
389 NTAPI
390 LsapAllocateClientBuffer(IN PLSA_CLIENT_REQUEST ClientRequest,
391 IN ULONG LengthRequired,
392 OUT PVOID *ClientBaseAddress)
393 {
394 PLSAP_LOGON_CONTEXT LogonContext;
395 SIZE_T Length;
396
397 *ClientBaseAddress = NULL;
398
399 LogonContext = (PLSAP_LOGON_CONTEXT)ClientRequest;
400
401 Length = LengthRequired;
402 return NtAllocateVirtualMemory(LogonContext->ClientProcessHandle,
403 ClientBaseAddress,
404 0,
405 &Length,
406 MEM_COMMIT,
407 PAGE_READWRITE);
408 }
409
410
411 static
412 NTSTATUS
413 NTAPI
414 LsapFreeClientBuffer(IN PLSA_CLIENT_REQUEST ClientRequest,
415 IN PVOID ClientBaseAddress)
416 {
417 PLSAP_LOGON_CONTEXT LogonContext;
418 SIZE_T Length;
419
420 if (ClientBaseAddress == NULL)
421 return STATUS_SUCCESS;
422
423 LogonContext = (PLSAP_LOGON_CONTEXT)ClientRequest;
424
425 Length = 0;
426 return NtFreeVirtualMemory(LogonContext->ClientProcessHandle,
427 &ClientBaseAddress,
428 &Length,
429 MEM_RELEASE);
430 }
431
432
433 static
434 NTSTATUS
435 NTAPI
436 LsapCopyToClientBuffer(IN PLSA_CLIENT_REQUEST ClientRequest,
437 IN ULONG Length,
438 IN PVOID ClientBaseAddress,
439 IN PVOID BufferToCopy)
440 {
441 PLSAP_LOGON_CONTEXT LogonContext;
442
443 LogonContext = (PLSAP_LOGON_CONTEXT)ClientRequest;
444
445 return NtWriteVirtualMemory(LogonContext->ClientProcessHandle,
446 ClientBaseAddress,
447 BufferToCopy,
448 Length,
449 NULL);
450 }
451
452
453 static
454 NTSTATUS
455 NTAPI
456 LsapCopyFromClientBuffer(IN PLSA_CLIENT_REQUEST ClientRequest,
457 IN ULONG Length,
458 IN PVOID BufferToCopy,
459 IN PVOID ClientBaseAddress)
460 {
461 PLSAP_LOGON_CONTEXT LogonContext;
462
463 LogonContext = (PLSAP_LOGON_CONTEXT)ClientRequest;
464
465 return NtReadVirtualMemory(LogonContext->ClientProcessHandle,
466 ClientBaseAddress,
467 BufferToCopy,
468 Length,
469 NULL);
470 }
471
472
473 NTSTATUS
474 LsapInitAuthPackages(VOID)
475 {
476 RTL_QUERY_REGISTRY_TABLE AuthPackageTable[] = {
477 {LsapAddAuthPackage, 0, L"Authentication Packages", NULL, REG_NONE, NULL, 0},
478 {NULL, 0, NULL, NULL, REG_NONE, NULL, 0}};
479
480 NTSTATUS Status;
481
482 InitializeListHead(&PackageListHead);
483 PackageId = 0;
484
485 /* Initialize the dispatch table */
486 DispatchTable.CreateLogonSession = &LsapCreateLogonSession;
487 DispatchTable.DeleteLogonSession = &LsapDeleteLogonSession;
488 DispatchTable.AddCredential = &LsapAddCredential;
489 DispatchTable.GetCredentials = &LsapGetCredentials;
490 DispatchTable.DeleteCredential = &LsapDeleteCredential;
491 DispatchTable.AllocateLsaHeap = &LsapAllocateHeapZero;
492 DispatchTable.FreeLsaHeap = &LsapFreeHeap;
493 DispatchTable.AllocateClientBuffer = &LsapAllocateClientBuffer;
494 DispatchTable.FreeClientBuffer = &LsapFreeClientBuffer;
495 DispatchTable.CopyToClientBuffer = &LsapCopyToClientBuffer;
496 DispatchTable.CopyFromClientBuffer = &LsapCopyFromClientBuffer;
497
498 /* Add registered authentication packages */
499 Status = RtlQueryRegistryValues(RTL_REGISTRY_CONTROL,
500 L"Lsa",
501 AuthPackageTable,
502 &PackageId,
503 NULL);
504
505 return Status;
506 }
507
508
509 NTSTATUS
510 LsapLookupAuthenticationPackage(PLSA_API_MSG RequestMsg,
511 PLSAP_LOGON_CONTEXT LogonContext)
512 {
513 PLIST_ENTRY ListEntry;
514 PAUTH_PACKAGE Package;
515 ULONG PackageNameLength;
516 PCHAR PackageName;
517
518 TRACE("(%p %p)\n", RequestMsg, LogonContext);
519
520 PackageNameLength = RequestMsg->LookupAuthenticationPackage.Request.PackageNameLength;
521 PackageName = RequestMsg->LookupAuthenticationPackage.Request.PackageName;
522
523 TRACE("PackageName: %s\n", PackageName);
524
525 ListEntry = PackageListHead.Flink;
526 while (ListEntry != &PackageListHead)
527 {
528 Package = CONTAINING_RECORD(ListEntry, AUTH_PACKAGE, Entry);
529
530 if ((PackageNameLength == Package->Name->Length) &&
531 (_strnicmp(PackageName, Package->Name->Buffer, Package->Name->Length) == 0))
532 {
533 RequestMsg->LookupAuthenticationPackage.Reply.Package = Package->Id;
534 return STATUS_SUCCESS;
535 }
536
537 ListEntry = ListEntry->Flink;
538 }
539
540 return STATUS_NO_SUCH_PACKAGE;
541 }
542
543
544 NTSTATUS
545 LsapCallAuthenticationPackage(PLSA_API_MSG RequestMsg,
546 PLSAP_LOGON_CONTEXT LogonContext)
547 {
548 PAUTH_PACKAGE Package;
549 PVOID LocalBuffer = NULL;
550 ULONG PackageId;
551 NTSTATUS Status;
552
553 TRACE("(%p %p)\n", RequestMsg, LogonContext);
554
555 PackageId = RequestMsg->CallAuthenticationPackage.Request.AuthenticationPackage;
556
557 /* Get the right authentication package */
558 Package = LsapGetAuthenticationPackage(PackageId);
559 if (Package == NULL)
560 {
561 TRACE("LsapGetAuthenticationPackage() failed to find a package\n");
562 return STATUS_NO_SUCH_PACKAGE;
563 }
564
565 if (RequestMsg->CallAuthenticationPackage.Request.SubmitBufferLength > 0)
566 {
567 LocalBuffer = RtlAllocateHeap(RtlGetProcessHeap(),
568 HEAP_ZERO_MEMORY,
569 RequestMsg->CallAuthenticationPackage.Request.SubmitBufferLength);
570 if (LocalBuffer == NULL)
571 {
572 return STATUS_INSUFFICIENT_RESOURCES;
573 }
574
575 Status = NtReadVirtualMemory(LogonContext->ClientProcessHandle,
576 RequestMsg->CallAuthenticationPackage.Request.ProtocolSubmitBuffer,
577 LocalBuffer,
578 RequestMsg->CallAuthenticationPackage.Request.SubmitBufferLength,
579 NULL);
580 if (!NT_SUCCESS(Status))
581 {
582 TRACE("NtReadVirtualMemory() failed (Status 0x%08lx)\n", Status);
583 RtlFreeHeap(RtlGetProcessHeap(), 0, LocalBuffer);
584 return Status;
585 }
586 }
587
588 if (LogonContext->Untrusted)
589 Status = Package->LsaApCallPackageUntrusted((PLSA_CLIENT_REQUEST)LogonContext,
590 LocalBuffer,
591 RequestMsg->CallAuthenticationPackage.Request.ProtocolSubmitBuffer,
592 RequestMsg->CallAuthenticationPackage.Request.SubmitBufferLength,
593 &RequestMsg->CallAuthenticationPackage.Reply.ProtocolReturnBuffer,
594 &RequestMsg->CallAuthenticationPackage.Reply.ReturnBufferLength,
595 &RequestMsg->CallAuthenticationPackage.Reply.ProtocolStatus);
596 else
597 Status = Package->LsaApCallPackage((PLSA_CLIENT_REQUEST)LogonContext,
598 LocalBuffer,
599 RequestMsg->CallAuthenticationPackage.Request.ProtocolSubmitBuffer,
600 RequestMsg->CallAuthenticationPackage.Request.SubmitBufferLength,
601 &RequestMsg->CallAuthenticationPackage.Reply.ProtocolReturnBuffer,
602 &RequestMsg->CallAuthenticationPackage.Reply.ReturnBufferLength,
603 &RequestMsg->CallAuthenticationPackage.Reply.ProtocolStatus);
604 if (!NT_SUCCESS(Status))
605 {
606 TRACE("Package->LsaApCallPackage() failed (Status 0x%08lx)\n", Status);
607 }
608
609 if (LocalBuffer != NULL)
610 RtlFreeHeap(RtlGetProcessHeap(), 0, LocalBuffer);
611
612 return Status;
613 }
614
615
616 static
617 NTSTATUS
618 LsapCopyLocalGroups(
619 IN PLSAP_LOGON_CONTEXT LogonContext,
620 IN PTOKEN_GROUPS ClientGroups,
621 IN ULONG ClientGroupsCount,
622 OUT PTOKEN_GROUPS *TokenGroups)
623 {
624 ULONG LocalGroupsLength = 0;
625 PTOKEN_GROUPS LocalGroups = NULL;
626 ULONG SidHeaderLength = 0;
627 PSID SidHeader = NULL;
628 PSID SrcSid, DstSid;
629 ULONG SidLength;
630 ULONG AllocatedSids = 0;
631 ULONG i;
632 NTSTATUS Status;
633
634 LocalGroupsLength = sizeof(TOKEN_GROUPS) +
635 (ClientGroupsCount - ANYSIZE_ARRAY) * sizeof(SID_AND_ATTRIBUTES);
636 LocalGroups = RtlAllocateHeap(RtlGetProcessHeap(),
637 HEAP_ZERO_MEMORY,
638 LocalGroupsLength);
639 if (LocalGroups == NULL)
640 {
641 TRACE("RtlAllocateHeap() failed\n");
642 return STATUS_INSUFFICIENT_RESOURCES;
643 }
644
645 Status = NtReadVirtualMemory(LogonContext->ClientProcessHandle,
646 ClientGroups,
647 LocalGroups,
648 LocalGroupsLength,
649 NULL);
650 if (!NT_SUCCESS(Status))
651 goto done;
652
653
654 SidHeaderLength = RtlLengthRequiredSid(0);
655 SidHeader = RtlAllocateHeap(RtlGetProcessHeap(),
656 HEAP_ZERO_MEMORY,
657 SidHeaderLength);
658 if (SidHeader == NULL)
659 {
660 Status = STATUS_INSUFFICIENT_RESOURCES;
661 goto done;
662 }
663
664 for (i = 0; i < ClientGroupsCount; i++)
665 {
666 SrcSid = LocalGroups->Groups[i].Sid;
667
668 Status = NtReadVirtualMemory(LogonContext->ClientProcessHandle,
669 SrcSid,
670 SidHeader,
671 SidHeaderLength,
672 NULL);
673 if (!NT_SUCCESS(Status))
674 goto done;
675
676 SidLength = RtlLengthSid(SidHeader);
677 TRACE("Sid %lu: Length %lu\n", i, SidLength);
678
679 DstSid = RtlAllocateHeap(RtlGetProcessHeap(),
680 HEAP_ZERO_MEMORY,
681 SidLength);
682 if (DstSid == NULL)
683 {
684 Status = STATUS_INSUFFICIENT_RESOURCES;
685 goto done;
686 }
687
688 Status = NtReadVirtualMemory(LogonContext->ClientProcessHandle,
689 SrcSid,
690 DstSid,
691 SidLength,
692 NULL);
693 if (!NT_SUCCESS(Status))
694 {
695 RtlFreeHeap(RtlGetProcessHeap(), 0, DstSid);
696 goto done;
697 }
698
699 LocalGroups->Groups[i].Sid = DstSid;
700 AllocatedSids++;
701 }
702
703 *TokenGroups = LocalGroups;
704
705 done:
706 if (SidHeader != NULL)
707 RtlFreeHeap(RtlGetProcessHeap(), 0, SidHeader);
708
709 if (!NT_SUCCESS(Status))
710 {
711 if (LocalGroups != NULL)
712 {
713 for (i = 0; i < AllocatedSids; i++)
714 RtlFreeHeap(RtlGetProcessHeap(), 0, LocalGroups->Groups[i].Sid);
715
716 RtlFreeHeap(RtlGetProcessHeap(), 0, LocalGroups);
717 }
718 }
719
720 return Status;
721 }
722
723
724 static
725 NTSTATUS
726 LsapAddLocalGroups(
727 IN PVOID TokenInformation,
728 IN LSA_TOKEN_INFORMATION_TYPE TokenInformationType,
729 IN PTOKEN_GROUPS LocalGroups)
730 {
731 PLSA_TOKEN_INFORMATION_V1 TokenInfo1;
732 PTOKEN_GROUPS Groups;
733 ULONG Length;
734 ULONG i;
735 ULONG j;
736
737 if (LocalGroups == NULL || LocalGroups->GroupCount == 0)
738 return STATUS_SUCCESS;
739
740 if (TokenInformationType == LsaTokenInformationV1)
741 {
742 TokenInfo1 = (PLSA_TOKEN_INFORMATION_V1)TokenInformation;
743
744 if (TokenInfo1->Groups != NULL)
745 {
746 Length = sizeof(TOKEN_GROUPS) +
747 (LocalGroups->GroupCount + TokenInfo1->Groups->GroupCount - ANYSIZE_ARRAY) * sizeof(SID_AND_ATTRIBUTES);
748
749 Groups = RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, Length);
750 if (Groups == NULL)
751 {
752 ERR("Group buffer allocation failed!\n");
753 return STATUS_INSUFFICIENT_RESOURCES;
754 }
755
756 Groups->GroupCount = LocalGroups->GroupCount + TokenInfo1->Groups->GroupCount;
757
758 for (i = 0; i < TokenInfo1->Groups->GroupCount; i++)
759 {
760 Groups->Groups[i].Sid = TokenInfo1->Groups->Groups[i].Sid;
761 Groups->Groups[i].Attributes = TokenInfo1->Groups->Groups[i].Attributes;
762 }
763
764 for (j = 0; j < LocalGroups->GroupCount; i++, j++)
765 {
766 Groups->Groups[i].Sid = LocalGroups->Groups[j].Sid;
767 Groups->Groups[i].Attributes = LocalGroups->Groups[j].Attributes;
768 LocalGroups->Groups[j].Sid = NULL;
769 }
770
771 RtlFreeHeap(RtlGetProcessHeap(), 0, TokenInfo1->Groups);
772
773 TokenInfo1->Groups = Groups;
774 }
775 else
776 {
777 Length = sizeof(TOKEN_GROUPS) +
778 (LocalGroups->GroupCount - ANYSIZE_ARRAY) * sizeof(SID_AND_ATTRIBUTES);
779
780 Groups = RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, Length);
781 if (Groups == NULL)
782 {
783 ERR("Group buffer allocation failed!\n");
784 return STATUS_INSUFFICIENT_RESOURCES;
785 }
786
787 Groups->GroupCount = LocalGroups->GroupCount;
788
789 for (i = 0; i < LocalGroups->GroupCount; i++)
790 {
791 Groups->Groups[i].Sid = LocalGroups->Groups[i].Sid;
792 Groups->Groups[i].Attributes = LocalGroups->Groups[i].Attributes;
793 }
794
795 TokenInfo1->Groups = Groups;
796 }
797 }
798 else
799 {
800 FIXME("TokenInformationType %d is not supported!\n", TokenInformationType);
801 return STATUS_NOT_IMPLEMENTED;
802 }
803
804 return STATUS_SUCCESS;
805 }
806
807 static
808 NTSTATUS
809 LsapAddDefaultGroups(
810 IN PVOID TokenInformation,
811 IN LSA_TOKEN_INFORMATION_TYPE TokenInformationType,
812 IN SECURITY_LOGON_TYPE LogonType)
813 {
814 PLSA_TOKEN_INFORMATION_V1 TokenInfo1;
815 PTOKEN_GROUPS Groups;
816 ULONG i, Length;
817 PSID SrcSid;
818
819 if (TokenInformationType == LsaTokenInformationV1)
820 {
821 TokenInfo1 = (PLSA_TOKEN_INFORMATION_V1)TokenInformation;
822
823 if (TokenInfo1->Groups != NULL)
824 {
825 Length = sizeof(TOKEN_GROUPS) +
826 (TokenInfo1->Groups->GroupCount + 2 - ANYSIZE_ARRAY) * sizeof(SID_AND_ATTRIBUTES);
827
828 Groups = RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, Length);
829 if (Groups == NULL)
830 {
831 ERR("Group buffer allocation failed!\n");
832 return STATUS_INSUFFICIENT_RESOURCES;
833 }
834
835 Groups->GroupCount = TokenInfo1->Groups->GroupCount;
836
837 for (i = 0; i < TokenInfo1->Groups->GroupCount; i++)
838 {
839 Groups->Groups[i].Sid = TokenInfo1->Groups->Groups[i].Sid;
840 Groups->Groups[i].Attributes = TokenInfo1->Groups->Groups[i].Attributes;
841 }
842
843 RtlFreeHeap(RtlGetProcessHeap(), 0, TokenInfo1->Groups);
844
845 TokenInfo1->Groups = Groups;
846
847 }
848 else
849 {
850 Length = sizeof(TOKEN_GROUPS) +
851 (2 - ANYSIZE_ARRAY) * sizeof(SID_AND_ATTRIBUTES);
852
853 Groups = RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, Length);
854 if (Groups == NULL)
855 {
856 ERR("Group buffer allocation failed!\n");
857 return STATUS_INSUFFICIENT_RESOURCES;
858 }
859
860 TokenInfo1->Groups = Groups;
861 }
862
863 /* Append the World SID (aka Everyone) */
864 Length = RtlLengthSid(LsapWorldSid);
865 Groups->Groups[Groups->GroupCount].Sid = RtlAllocateHeap(RtlGetProcessHeap(),
866 HEAP_ZERO_MEMORY,
867 Length);
868 if (Groups->Groups[Groups->GroupCount].Sid == NULL)
869 return STATUS_INSUFFICIENT_RESOURCES;
870
871 RtlCopyMemory(Groups->Groups[Groups->GroupCount].Sid,
872 LsapWorldSid,
873 Length);
874
875 Groups->Groups[Groups->GroupCount].Attributes =
876 SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
877
878 Groups->GroupCount++;
879
880 /* Append the logon type SID */
881 switch (LogonType)
882 {
883 case Interactive:
884 SrcSid = LsapInteractiveSid;
885 break;
886
887 case Network:
888 SrcSid = LsapNetworkSid;
889 break;
890
891 case Batch:
892 SrcSid = LsapBatchSid;
893 break;
894
895 case Service:
896 SrcSid = LsapServiceSid;
897 break;
898
899 default:
900 FIXME("LogonType %d is not supported!\n", LogonType);
901 return STATUS_NOT_IMPLEMENTED;
902 }
903
904 Length = RtlLengthSid(SrcSid);
905 Groups->Groups[Groups->GroupCount].Sid = RtlAllocateHeap(RtlGetProcessHeap(),
906 HEAP_ZERO_MEMORY,
907 Length);
908 if (Groups->Groups[Groups->GroupCount].Sid == NULL)
909 return STATUS_INSUFFICIENT_RESOURCES;
910
911 RtlCopyMemory(Groups->Groups[Groups->GroupCount].Sid,
912 SrcSid,
913 Length);
914
915 Groups->Groups[Groups->GroupCount].Attributes =
916 SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
917
918 Groups->GroupCount++;
919 }
920 else
921 {
922 FIXME("TokenInformationType %d is not supported!\n", TokenInformationType);
923 return STATUS_NOT_IMPLEMENTED;
924 }
925
926 return STATUS_SUCCESS;
927 }
928
929
930 static
931 NTSTATUS
932 LsapAppendSidToGroups(
933 IN PTOKEN_GROUPS *TokenGroups,
934 IN PSID DomainSid,
935 IN ULONG RelativeId)
936 {
937 PTOKEN_GROUPS Groups;
938 PSID Sid;
939 ULONG Length;
940 ULONG i;
941
942 Sid = LsapAppendRidToSid(DomainSid, RelativeId);
943 if (Sid == NULL)
944 {
945 ERR("Group SID creation failed!\n");
946 return STATUS_INSUFFICIENT_RESOURCES;
947 }
948
949 if (*TokenGroups == NULL)
950 {
951 Length = sizeof(TOKEN_GROUPS) +
952 (1 - ANYSIZE_ARRAY) * sizeof(SID_AND_ATTRIBUTES);
953
954 Groups = RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, Length);
955 if (Groups == NULL)
956 {
957 ERR("Group buffer allocation failed!\n");
958 return STATUS_INSUFFICIENT_RESOURCES;
959 }
960
961 Groups->GroupCount = 1;
962
963 Groups->Groups[0].Sid = Sid;
964 Groups->Groups[0].Attributes =
965 SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
966
967 *TokenGroups = Groups;
968 }
969 else
970 {
971 for (i = 0; i < (*TokenGroups)->GroupCount; i++)
972 {
973 if (RtlEqualSid((*TokenGroups)->Groups[i].Sid, Sid))
974 {
975 RtlFreeHeap(RtlGetProcessHeap(), 0, Sid);
976 return STATUS_SUCCESS;
977 }
978 }
979
980 Length = sizeof(TOKEN_GROUPS) +
981 ((*TokenGroups)->GroupCount + 1 - ANYSIZE_ARRAY) * sizeof(SID_AND_ATTRIBUTES);
982
983 Groups = RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, Length);
984 if (Groups == NULL)
985 {
986 ERR("Group buffer allocation failed!\n");
987 return STATUS_INSUFFICIENT_RESOURCES;
988 }
989
990 Groups->GroupCount = (*TokenGroups)->GroupCount;
991
992 for (i = 0; i < (*TokenGroups)->GroupCount; i++)
993 {
994 Groups->Groups[i].Sid = (*TokenGroups)->Groups[i].Sid;
995 Groups->Groups[i].Attributes = (*TokenGroups)->Groups[i].Attributes;
996 }
997
998 Groups->Groups[Groups->GroupCount].Sid = Sid;
999 Groups->Groups[Groups->GroupCount].Attributes =
1000 SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
1001
1002 Groups->GroupCount++;
1003
1004 RtlFreeHeap(RtlGetProcessHeap(), 0, *TokenGroups);
1005
1006 *TokenGroups = Groups;
1007 }
1008
1009 return STATUS_SUCCESS;
1010 }
1011
1012
1013 static
1014 NTSTATUS
1015 LsapAddSamGroups(
1016 IN PVOID TokenInformation,
1017 IN LSA_TOKEN_INFORMATION_TYPE TokenInformationType)
1018 {
1019 PLSA_TOKEN_INFORMATION_V1 TokenInfo1;
1020 SAMPR_HANDLE ServerHandle = NULL;
1021 SAMPR_HANDLE BuiltinDomainHandle = NULL;
1022 SAMPR_HANDLE AccountDomainHandle = NULL;
1023 SAMPR_PSID_ARRAY SidArray;
1024 SAMPR_ULONG_ARRAY BuiltinMembership;
1025 SAMPR_ULONG_ARRAY AccountMembership;
1026 ULONG i;
1027 NTSTATUS Status = STATUS_SUCCESS;
1028
1029 if (TokenInformationType != LsaTokenInformationV1)
1030 return STATUS_SUCCESS;
1031
1032 TokenInfo1 = (PLSA_TOKEN_INFORMATION_V1)TokenInformation;
1033
1034 SidArray.Count = TokenInfo1->Groups->GroupCount + 1;
1035 SidArray.Sids = RtlAllocateHeap(RtlGetProcessHeap(),
1036 HEAP_ZERO_MEMORY,
1037 (TokenInfo1->Groups->GroupCount + 1) * sizeof(PRPC_SID));
1038 if (SidArray.Sids == NULL)
1039 return STATUS_INSUFFICIENT_RESOURCES;
1040
1041 SidArray.Sids[0].SidPointer = TokenInfo1->User.User.Sid;
1042 for (i = 0; i < TokenInfo1->Groups->GroupCount; i++)
1043 SidArray.Sids[i + 1].SidPointer = TokenInfo1->Groups->Groups[i].Sid;
1044
1045 BuiltinMembership.Element = NULL;
1046 AccountMembership.Element = NULL;
1047
1048 Status = SamIConnect(NULL,
1049 &ServerHandle,
1050 SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN,
1051 FALSE);
1052 if (!NT_SUCCESS(Status))
1053 {
1054 TRACE("SamIConnect failed (Status %08lx)\n", Status);
1055 goto done;
1056 }
1057
1058 Status = SamrOpenDomain(ServerHandle,
1059 DOMAIN_GET_ALIAS_MEMBERSHIP,
1060 BuiltinDomainSid,
1061 &BuiltinDomainHandle);
1062 if (!NT_SUCCESS(Status))
1063 {
1064 TRACE("SamrOpenDomain failed (Status %08lx)\n", Status);
1065 goto done;
1066 }
1067
1068 Status = SamrOpenDomain(ServerHandle,
1069 DOMAIN_GET_ALIAS_MEMBERSHIP,
1070 AccountDomainSid,
1071 &AccountDomainHandle);
1072 if (!NT_SUCCESS(Status))
1073 {
1074 TRACE("SamrOpenDomain failed (Status %08lx)\n", Status);
1075 goto done;
1076 }
1077
1078 Status = SamrGetAliasMembership(BuiltinDomainHandle,
1079 &SidArray,
1080 &BuiltinMembership);
1081 if (!NT_SUCCESS(Status))
1082 {
1083 TRACE("SamrGetAliasMembership failed (Status %08lx)\n", Status);
1084 goto done;
1085 }
1086
1087 Status = SamrGetAliasMembership(AccountDomainHandle,
1088 &SidArray,
1089 &AccountMembership);
1090 if (!NT_SUCCESS(Status))
1091 {
1092 TRACE("SamrGetAliasMembership failed (Status %08lx)\n", Status);
1093 goto done;
1094 }
1095
1096 TRACE("Builtin Memberships: %lu\n", BuiltinMembership.Count);
1097 for (i = 0; i < BuiltinMembership.Count; i++)
1098 {
1099 TRACE("RID %lu: %lu (0x%lx)\n", i, BuiltinMembership.Element[i], BuiltinMembership.Element[i]);
1100 Status = LsapAppendSidToGroups(&TokenInfo1->Groups,
1101 BuiltinDomainSid,
1102 BuiltinMembership.Element[i]);
1103 if (!NT_SUCCESS(Status))
1104 {
1105 TRACE("LsapAppendSidToGroups failed (Status %08lx)\n", Status);
1106 goto done;
1107 }
1108 }
1109
1110 TRACE("Account Memberships: %lu\n", AccountMembership.Count);
1111 for (i = 0; i < AccountMembership.Count; i++)
1112 {
1113 TRACE("RID %lu: %lu (0x%lx)\n", i, AccountMembership.Element[i], AccountMembership.Element[i]);
1114 Status = LsapAppendSidToGroups(&TokenInfo1->Groups,
1115 AccountDomainSid,
1116 AccountMembership.Element[i]);
1117 if (!NT_SUCCESS(Status))
1118 {
1119 TRACE("LsapAppendSidToGroups failed (Status %08lx)\n", Status);
1120 goto done;
1121 }
1122 }
1123
1124 done:
1125 RtlFreeHeap(RtlGetProcessHeap(), 0, SidArray.Sids);
1126
1127 if (AccountMembership.Element != NULL)
1128 SamIFree_SAMPR_ULONG_ARRAY(&AccountMembership);
1129
1130 if (BuiltinMembership.Element != NULL)
1131 SamIFree_SAMPR_ULONG_ARRAY(&BuiltinMembership);
1132
1133 if (AccountDomainHandle != NULL)
1134 SamrCloseHandle(&AccountDomainHandle);
1135
1136 if (BuiltinDomainHandle != NULL)
1137 SamrCloseHandle(&BuiltinDomainHandle);
1138
1139 if (ServerHandle != NULL)
1140 SamrCloseHandle(&ServerHandle);
1141
1142 // return Status;
1143
1144 return STATUS_SUCCESS;
1145 }
1146
1147
1148 static
1149 NTSTATUS
1150 LsapSetTokenOwner(
1151 IN PVOID TokenInformation,
1152 IN LSA_TOKEN_INFORMATION_TYPE TokenInformationType)
1153 {
1154 PLSA_TOKEN_INFORMATION_V1 TokenInfo1;
1155 PSID_AND_ATTRIBUTES OwnerSid = NULL;
1156 ULONG i, Length;
1157
1158 if (TokenInformationType == LsaTokenInformationV1)
1159 {
1160 TokenInfo1 = (PLSA_TOKEN_INFORMATION_V1)TokenInformation;
1161
1162 if (TokenInfo1->Owner.Owner != NULL)
1163 return STATUS_SUCCESS;
1164
1165 OwnerSid = &TokenInfo1->User.User;
1166 for (i = 0; i < TokenInfo1->Groups->GroupCount; i++)
1167 {
1168 if (EqualSid(TokenInfo1->Groups->Groups[i].Sid, LsapAdministratorsSid))
1169 {
1170 OwnerSid = &TokenInfo1->Groups->Groups[i];
1171 break;
1172 }
1173 }
1174
1175 Length = RtlLengthSid(OwnerSid->Sid);
1176 TokenInfo1->Owner.Owner = DispatchTable.AllocateLsaHeap(Length);
1177 if (TokenInfo1->Owner.Owner == NULL)
1178 return STATUS_INSUFFICIENT_RESOURCES;
1179
1180 RtlCopyMemory(TokenInfo1->Owner.Owner,
1181 OwnerSid->Sid,
1182 Length);
1183 OwnerSid->Attributes |= SE_GROUP_OWNER;
1184 }
1185
1186 return STATUS_SUCCESS;
1187 }
1188
1189
1190 static
1191 NTSTATUS
1192 LsapAddTokenDefaultDacl(
1193 IN PVOID TokenInformation,
1194 IN LSA_TOKEN_INFORMATION_TYPE TokenInformationType)
1195 {
1196 PLSA_TOKEN_INFORMATION_V1 TokenInfo1;
1197 PACL Dacl = NULL;
1198 ULONG Length;
1199
1200 if (TokenInformationType == LsaTokenInformationV1)
1201 {
1202 TokenInfo1 = (PLSA_TOKEN_INFORMATION_V1)TokenInformation;
1203
1204 if (TokenInfo1->DefaultDacl.DefaultDacl != NULL)
1205 return STATUS_SUCCESS;
1206
1207 Length = sizeof(ACL) +
1208 (2 * sizeof(ACCESS_ALLOWED_ACE)) +
1209 RtlLengthSid(TokenInfo1->Owner.Owner) +
1210 RtlLengthSid(LsapLocalSystemSid);
1211
1212 Dacl = DispatchTable.AllocateLsaHeap(Length);
1213 if (Dacl == NULL)
1214 return STATUS_INSUFFICIENT_RESOURCES;
1215
1216 RtlCreateAcl(Dacl, Length, ACL_REVISION);
1217
1218 RtlAddAccessAllowedAce(Dacl,
1219 ACL_REVISION,
1220 GENERIC_ALL,
1221 TokenInfo1->Owner.Owner);
1222
1223 /* SID: S-1-5-18 */
1224 RtlAddAccessAllowedAce(Dacl,
1225 ACL_REVISION,
1226 GENERIC_ALL,
1227 LsapLocalSystemSid);
1228
1229 TokenInfo1->DefaultDacl.DefaultDacl = Dacl;
1230 }
1231
1232 return STATUS_SUCCESS;
1233 }
1234
1235
1236 static
1237 NTSTATUS
1238 LsapAddPrivilegeToTokenPrivileges(PTOKEN_PRIVILEGES *TokenPrivileges,
1239 PLSAPR_LUID_AND_ATTRIBUTES Privilege)
1240 {
1241 PTOKEN_PRIVILEGES LocalPrivileges;
1242 ULONG Length, TokenPrivilegeCount, i;
1243 NTSTATUS Status = STATUS_SUCCESS;
1244
1245 if (*TokenPrivileges == NULL)
1246 {
1247 Length = sizeof(TOKEN_PRIVILEGES) +
1248 (1 - ANYSIZE_ARRAY) * sizeof(LUID_AND_ATTRIBUTES);
1249 LocalPrivileges = RtlAllocateHeap(RtlGetProcessHeap(),
1250 0,
1251 Length);
1252 if (LocalPrivileges == NULL)
1253 return STATUS_INSUFFICIENT_RESOURCES;
1254
1255 LocalPrivileges->PrivilegeCount = 1;
1256 LocalPrivileges->Privileges[0].Luid = Privilege->Luid;
1257 LocalPrivileges->Privileges[0].Attributes = Privilege->Attributes;
1258 }
1259 else
1260 {
1261 TokenPrivilegeCount = (*TokenPrivileges)->PrivilegeCount;
1262
1263 for (i = 0; i < TokenPrivilegeCount; i++)
1264 {
1265 if (RtlEqualLuid(&(*TokenPrivileges)->Privileges[i].Luid, &Privilege->Luid))
1266 return STATUS_SUCCESS;
1267 }
1268
1269 Length = sizeof(TOKEN_PRIVILEGES) +
1270 (TokenPrivilegeCount + 1 - ANYSIZE_ARRAY) * sizeof(LUID_AND_ATTRIBUTES);
1271 LocalPrivileges = RtlAllocateHeap(RtlGetProcessHeap(),
1272 0,
1273 Length);
1274 if (LocalPrivileges == NULL)
1275 return STATUS_INSUFFICIENT_RESOURCES;
1276
1277 LocalPrivileges->PrivilegeCount = TokenPrivilegeCount + 1;
1278 for (i = 0; i < TokenPrivilegeCount; i++)
1279 {
1280 LocalPrivileges->Privileges[i].Luid = (*TokenPrivileges)->Privileges[i].Luid;
1281 LocalPrivileges->Privileges[i].Attributes = (*TokenPrivileges)->Privileges[i].Attributes;
1282 }
1283
1284 LocalPrivileges->Privileges[TokenPrivilegeCount].Luid = Privilege->Luid;
1285 LocalPrivileges->Privileges[TokenPrivilegeCount].Attributes = Privilege->Attributes;
1286
1287 RtlFreeHeap(RtlGetProcessHeap(), 0, *TokenPrivileges);
1288 }
1289
1290 *TokenPrivileges = LocalPrivileges;
1291
1292 return Status;
1293 }
1294
1295 static
1296 NTSTATUS
1297 LsapSetPrivileges(
1298 IN PVOID TokenInformation,
1299 IN LSA_TOKEN_INFORMATION_TYPE TokenInformationType)
1300 {
1301 PLSA_TOKEN_INFORMATION_V1 TokenInfo1;
1302 LSAPR_HANDLE PolicyHandle = NULL;
1303 LSAPR_HANDLE AccountHandle = NULL;
1304 PLSAPR_PRIVILEGE_SET Privileges = NULL;
1305 ULONG i, j;
1306 NTSTATUS Status;
1307
1308 if (TokenInformationType == LsaTokenInformationV1)
1309 {
1310 TokenInfo1 = (PLSA_TOKEN_INFORMATION_V1)TokenInformation;
1311
1312 Status = LsarOpenPolicy(NULL,
1313 NULL,
1314 0,
1315 &PolicyHandle);
1316 if (!NT_SUCCESS(Status))
1317 return Status;
1318
1319 for (i = 0; i < TokenInfo1->Groups->GroupCount; i++)
1320 {
1321 Status = LsarOpenAccount(PolicyHandle,
1322 TokenInfo1->Groups->Groups[i].Sid,
1323 ACCOUNT_VIEW,
1324 &AccountHandle);
1325 if (!NT_SUCCESS(Status))
1326 continue;
1327
1328 Status = LsarEnumeratePrivilegesAccount(AccountHandle,
1329 &Privileges);
1330 if (NT_SUCCESS(Status))
1331 {
1332 for (j = 0; j < Privileges->PrivilegeCount; j++)
1333 {
1334 Status = LsapAddPrivilegeToTokenPrivileges(&TokenInfo1->Privileges,
1335 &(Privileges->Privilege[j]));
1336 if (!NT_SUCCESS(Status))
1337 {
1338 /* We failed, clean everything and return */
1339 LsaIFree_LSAPR_PRIVILEGE_SET(Privileges);
1340 LsarClose(&AccountHandle);
1341 LsarClose(&PolicyHandle);
1342
1343 return Status;
1344 }
1345 }
1346
1347 LsaIFree_LSAPR_PRIVILEGE_SET(Privileges);
1348 Privileges = NULL;
1349 }
1350
1351 LsarClose(&AccountHandle);
1352 }
1353
1354 LsarClose(&PolicyHandle);
1355
1356 if (TokenInfo1->Privileges != NULL)
1357 {
1358 for (i = 0; i < TokenInfo1->Privileges->PrivilegeCount; i++)
1359 {
1360 if (RtlEqualLuid(&TokenInfo1->Privileges->Privileges[i].Luid, &SeChangeNotifyPrivilege) ||
1361 RtlEqualLuid(&TokenInfo1->Privileges->Privileges[i].Luid, &SeCreateGlobalPrivilege) ||
1362 RtlEqualLuid(&TokenInfo1->Privileges->Privileges[i].Luid, &SeImpersonatePrivilege))
1363 {
1364 TokenInfo1->Privileges->Privileges[i].Attributes |= SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT;
1365 }
1366 }
1367 }
1368 }
1369
1370 return STATUS_SUCCESS;
1371 }
1372
1373
1374 NTSTATUS
1375 LsapLogonUser(PLSA_API_MSG RequestMsg,
1376 PLSAP_LOGON_CONTEXT LogonContext)
1377 {
1378 PAUTH_PACKAGE Package;
1379 OBJECT_ATTRIBUTES ObjectAttributes;
1380 SECURITY_QUALITY_OF_SERVICE Qos;
1381 LSA_TOKEN_INFORMATION_TYPE TokenInformationType;
1382 PVOID TokenInformation = NULL;
1383 PLSA_TOKEN_INFORMATION_NULL TokenInfo0 = NULL;
1384 PLSA_TOKEN_INFORMATION_V1 TokenInfo1 = NULL;
1385 PUNICODE_STRING AccountName = NULL;
1386 PUNICODE_STRING AuthenticatingAuthority = NULL;
1387 PUNICODE_STRING MachineName = NULL;
1388 PVOID LocalAuthInfo = NULL;
1389 PTOKEN_GROUPS LocalGroups = NULL;
1390 HANDLE TokenHandle = NULL;
1391 ULONG i;
1392 ULONG PackageId;
1393 SECURITY_LOGON_TYPE LogonType;
1394 NTSTATUS Status;
1395
1396 PUNICODE_STRING UserName = NULL;
1397 PUNICODE_STRING LogonDomainName = NULL;
1398 // UNICODE_STRING LogonServer;
1399
1400
1401 TRACE("LsapLogonUser(%p %p)\n", RequestMsg, LogonContext);
1402
1403 PackageId = RequestMsg->LogonUser.Request.AuthenticationPackage;
1404 LogonType = RequestMsg->LogonUser.Request.LogonType;
1405
1406 /* Get the right authentication package */
1407 Package = LsapGetAuthenticationPackage(PackageId);
1408 if (Package == NULL)
1409 {
1410 ERR("LsapGetAuthenticationPackage() failed to find a package\n");
1411 return STATUS_NO_SUCH_PACKAGE;
1412 }
1413
1414 if (RequestMsg->LogonUser.Request.AuthenticationInformationLength > 0)
1415 {
1416 /* Allocate the local authentication info buffer */
1417 LocalAuthInfo = RtlAllocateHeap(RtlGetProcessHeap(),
1418 HEAP_ZERO_MEMORY,
1419 RequestMsg->LogonUser.Request.AuthenticationInformationLength);
1420 if (LocalAuthInfo == NULL)
1421 {
1422 ERR("RtlAllocateHeap() failed\n");
1423 return STATUS_INSUFFICIENT_RESOURCES;
1424 }
1425
1426 /* Read the authentication info from the callers address space */
1427 Status = NtReadVirtualMemory(LogonContext->ClientProcessHandle,
1428 RequestMsg->LogonUser.Request.AuthenticationInformation,
1429 LocalAuthInfo,
1430 RequestMsg->LogonUser.Request.AuthenticationInformationLength,
1431 NULL);
1432 if (!NT_SUCCESS(Status))
1433 {
1434 ERR("NtReadVirtualMemory() failed (Status 0x%08lx)\n", Status);
1435 RtlFreeHeap(RtlGetProcessHeap(), 0, LocalAuthInfo);
1436 return Status;
1437 }
1438 }
1439
1440 if (RequestMsg->LogonUser.Request.LocalGroupsCount > 0)
1441 {
1442 Status = LsapCopyLocalGroups(LogonContext,
1443 RequestMsg->LogonUser.Request.LocalGroups,
1444 RequestMsg->LogonUser.Request.LocalGroupsCount,
1445 &LocalGroups);
1446 if (!NT_SUCCESS(Status))
1447 {
1448 ERR("LsapCopyLocalGroups failed (Status 0x%08lx)\n", Status);
1449 goto done;
1450 }
1451
1452 TRACE("GroupCount: %lu\n", LocalGroups->GroupCount);
1453 }
1454
1455 if (Package->LsaApLogonUserEx2 != NULL)
1456 {
1457 Status = Package->LsaApLogonUserEx2((PLSA_CLIENT_REQUEST)LogonContext,
1458 RequestMsg->LogonUser.Request.LogonType,
1459 LocalAuthInfo,
1460 RequestMsg->LogonUser.Request.AuthenticationInformation,
1461 RequestMsg->LogonUser.Request.AuthenticationInformationLength,
1462 &RequestMsg->LogonUser.Reply.ProfileBuffer,
1463 &RequestMsg->LogonUser.Reply.ProfileBufferLength,
1464 &RequestMsg->LogonUser.Reply.LogonId,
1465 &RequestMsg->LogonUser.Reply.SubStatus,
1466 &TokenInformationType,
1467 &TokenInformation,
1468 &AccountName,
1469 &AuthenticatingAuthority,
1470 &MachineName,
1471 NULL, /* FIXME: PSECPKG_PRIMARY_CRED PrimaryCredentials */
1472 NULL); /* FIXME: PSECPKG_SUPPLEMENTAL_CRED_ARRAY *SupplementalCredentials */
1473 }
1474 else if (Package->LsaApLogonUserEx != NULL)
1475 {
1476 Status = Package->LsaApLogonUserEx((PLSA_CLIENT_REQUEST)LogonContext,
1477 RequestMsg->LogonUser.Request.LogonType,
1478 LocalAuthInfo,
1479 RequestMsg->LogonUser.Request.AuthenticationInformation,
1480 RequestMsg->LogonUser.Request.AuthenticationInformationLength,
1481 &RequestMsg->LogonUser.Reply.ProfileBuffer,
1482 &RequestMsg->LogonUser.Reply.ProfileBufferLength,
1483 &RequestMsg->LogonUser.Reply.LogonId,
1484 &RequestMsg->LogonUser.Reply.SubStatus,
1485 &TokenInformationType,
1486 &TokenInformation,
1487 &AccountName,
1488 &AuthenticatingAuthority,
1489 &MachineName);
1490 }
1491 else
1492 {
1493 Status = Package->LsaApLogonUser((PLSA_CLIENT_REQUEST)LogonContext,
1494 RequestMsg->LogonUser.Request.LogonType,
1495 LocalAuthInfo,
1496 RequestMsg->LogonUser.Request.AuthenticationInformation,
1497 RequestMsg->LogonUser.Request.AuthenticationInformationLength,
1498 &RequestMsg->LogonUser.Reply.ProfileBuffer,
1499 &RequestMsg->LogonUser.Reply.ProfileBufferLength,
1500 &RequestMsg->LogonUser.Reply.LogonId,
1501 &RequestMsg->LogonUser.Reply.SubStatus,
1502 &TokenInformationType,
1503 &TokenInformation,
1504 &AccountName,
1505 &AuthenticatingAuthority);
1506 }
1507
1508 if (!NT_SUCCESS(Status))
1509 {
1510 ERR("LsaApLogonUser/Ex/2 failed (Status 0x%08lx)\n", Status);
1511 goto done;
1512 }
1513
1514 if (LocalGroups->GroupCount > 0)
1515 {
1516 /* Add local groups to the token information */
1517 Status = LsapAddLocalGroups(TokenInformation,
1518 TokenInformationType,
1519 LocalGroups);
1520 if (!NT_SUCCESS(Status))
1521 {
1522 ERR("LsapAddLocalGroupsToTokenInfo() failed (Status 0x%08lx)\n", Status);
1523 goto done;
1524 }
1525 }
1526
1527 Status = LsapAddDefaultGroups(TokenInformation,
1528 TokenInformationType,
1529 LogonType);
1530 if (!NT_SUCCESS(Status))
1531 {
1532 ERR("LsapAddDefaultGroups() failed (Status 0x%08lx)\n", Status);
1533 goto done;
1534 }
1535
1536 Status = LsapAddSamGroups(TokenInformation,
1537 TokenInformationType);
1538 if (!NT_SUCCESS(Status))
1539 {
1540 ERR("LsapAddSamGroups() failed (Status 0x%08lx)\n", Status);
1541 goto done;
1542 }
1543
1544 Status = LsapSetTokenOwner(TokenInformation,
1545 TokenInformationType);
1546 if (!NT_SUCCESS(Status))
1547 {
1548 ERR("LsapSetTokenOwner() failed (Status 0x%08lx)\n", Status);
1549 goto done;
1550 }
1551
1552 Status = LsapAddTokenDefaultDacl(TokenInformation,
1553 TokenInformationType);
1554 if (!NT_SUCCESS(Status))
1555 {
1556 ERR("LsapAddTokenDefaultDacl() failed (Status 0x%08lx)\n", Status);
1557 goto done;
1558 }
1559
1560 Status = LsapSetPrivileges(TokenInformation,
1561 TokenInformationType);
1562 if (!NT_SUCCESS(Status))
1563 {
1564 ERR("LsapSetPrivileges() failed (Status 0x%08lx)\n", Status);
1565 goto done;
1566 }
1567
1568 if (TokenInformationType == LsaTokenInformationNull)
1569 {
1570 TOKEN_USER TokenUser;
1571 TOKEN_PRIMARY_GROUP TokenPrimaryGroup;
1572 TOKEN_GROUPS NoGroups = {0};
1573 TOKEN_PRIVILEGES NoPrivileges = {0};
1574
1575 TokenInfo0 = (PLSA_TOKEN_INFORMATION_NULL)TokenInformation;
1576
1577 TokenUser.User.Sid = LsapWorldSid;
1578 TokenUser.User.Attributes = 0;
1579 TokenPrimaryGroup.PrimaryGroup = LsapWorldSid;
1580
1581 Qos.Length = sizeof(SECURITY_QUALITY_OF_SERVICE);
1582 Qos.ImpersonationLevel = SecurityImpersonation;
1583 Qos.ContextTrackingMode = SECURITY_STATIC_TRACKING;
1584 Qos.EffectiveOnly = TRUE;
1585
1586 ObjectAttributes.Length = sizeof(OBJECT_ATTRIBUTES);
1587 ObjectAttributes.RootDirectory = NULL;
1588 ObjectAttributes.ObjectName = NULL;
1589 ObjectAttributes.Attributes = 0;
1590 ObjectAttributes.SecurityDescriptor = NULL;
1591 ObjectAttributes.SecurityQualityOfService = &Qos;
1592
1593 /* Create the logon token */
1594 Status = NtCreateToken(&TokenHandle,
1595 TOKEN_ALL_ACCESS,
1596 &ObjectAttributes,
1597 TokenImpersonation,
1598 &RequestMsg->LogonUser.Reply.LogonId,
1599 &TokenInfo0->ExpirationTime,
1600 &TokenUser,
1601 &NoGroups,
1602 &NoPrivileges,
1603 NULL,
1604 &TokenPrimaryGroup,
1605 NULL,
1606 &RequestMsg->LogonUser.Request.SourceContext);
1607 }
1608 else if (TokenInformationType == LsaTokenInformationV1)
1609 {
1610 TOKEN_PRIVILEGES NoPrivileges = {0};
1611
1612 TokenInfo1 = (PLSA_TOKEN_INFORMATION_V1)TokenInformation;
1613
1614 Qos.Length = sizeof(SECURITY_QUALITY_OF_SERVICE);
1615 Qos.ImpersonationLevel = SecurityImpersonation;
1616 Qos.ContextTrackingMode = SECURITY_DYNAMIC_TRACKING;
1617 Qos.EffectiveOnly = FALSE;
1618
1619 ObjectAttributes.Length = sizeof(OBJECT_ATTRIBUTES);
1620 ObjectAttributes.RootDirectory = NULL;
1621 ObjectAttributes.ObjectName = NULL;
1622 ObjectAttributes.Attributes = 0;
1623 ObjectAttributes.SecurityDescriptor = NULL;
1624 ObjectAttributes.SecurityQualityOfService = &Qos;
1625
1626 /* Create the logon token */
1627 Status = NtCreateToken(&TokenHandle,
1628 TOKEN_ALL_ACCESS,
1629 &ObjectAttributes,
1630 (RequestMsg->LogonUser.Request.LogonType == Network) ? TokenImpersonation : TokenPrimary,
1631 &RequestMsg->LogonUser.Reply.LogonId,
1632 &TokenInfo1->ExpirationTime,
1633 &TokenInfo1->User,
1634 TokenInfo1->Groups,
1635 TokenInfo1->Privileges ? TokenInfo1->Privileges : &NoPrivileges,
1636 &TokenInfo1->Owner,
1637 &TokenInfo1->PrimaryGroup,
1638 &TokenInfo1->DefaultDacl,
1639 &RequestMsg->LogonUser.Request.SourceContext);
1640 if (!NT_SUCCESS(Status))
1641 {
1642 ERR("NtCreateToken failed (Status 0x%08lx)\n", Status);
1643 goto done;
1644 }
1645 }
1646 else
1647 {
1648 FIXME("TokenInformationType %d is not supported!\n", TokenInformationType);
1649 Status = STATUS_NOT_IMPLEMENTED;
1650 goto done;
1651 }
1652
1653 if (LogonType == Interactive ||
1654 LogonType == Batch ||
1655 LogonType == Service)
1656 {
1657 UserName = &((PMSV1_0_INTERACTIVE_LOGON)LocalAuthInfo)->UserName;
1658 LogonDomainName = &((PMSV1_0_INTERACTIVE_LOGON)LocalAuthInfo)->LogonDomainName;
1659 }
1660 else
1661 {
1662 FIXME("LogonType %lu is not supported yet!\n", LogonType);
1663 }
1664
1665 Status = LsapSetLogonSessionData(&RequestMsg->LogonUser.Reply.LogonId,
1666 LogonType,
1667 UserName,
1668 LogonDomainName,
1669 TokenInfo1->User.User.Sid);
1670 if (!NT_SUCCESS(Status))
1671 {
1672 ERR("LsapSetLogonSessionData failed (Status 0x%08lx)\n", Status);
1673 goto done;
1674 }
1675
1676 /*
1677 * Duplicate the token handle into the client process.
1678 * This must be the last step because we cannot
1679 * close the duplicated token handle in case something fails.
1680 */
1681 Status = NtDuplicateObject(NtCurrentProcess(),
1682 TokenHandle,
1683 LogonContext->ClientProcessHandle,
1684 &RequestMsg->LogonUser.Reply.Token,
1685 0,
1686 0,
1687 DUPLICATE_SAME_ACCESS | DUPLICATE_SAME_ATTRIBUTES | DUPLICATE_CLOSE_SOURCE);
1688 if (!NT_SUCCESS(Status))
1689 {
1690 ERR("NtDuplicateObject failed (Status 0x%08lx)\n", Status);
1691 goto done;
1692 }
1693
1694 done:
1695 if (!NT_SUCCESS(Status))
1696 {
1697 /* Notify the authentification package of the failure */
1698 Package->LsaApLogonTerminated(&RequestMsg->LogonUser.Reply.LogonId);
1699
1700 /* Delete the logon session */
1701 LsapDeleteLogonSession(&RequestMsg->LogonUser.Reply.LogonId);
1702
1703 /* Release the profile buffer */
1704 LsapFreeClientBuffer((PLSA_CLIENT_REQUEST)LogonContext,
1705 RequestMsg->LogonUser.Reply.ProfileBuffer);
1706 RequestMsg->LogonUser.Reply.ProfileBuffer = NULL;
1707 }
1708
1709 if (TokenHandle != NULL)
1710 NtClose(TokenHandle);
1711
1712 /* Free the local groups */
1713 if (LocalGroups != NULL)
1714 {
1715 for (i = 0; i < LocalGroups->GroupCount; i++)
1716 {
1717 if (LocalGroups->Groups[i].Sid != NULL)
1718 RtlFreeHeap(RtlGetProcessHeap(), 0, LocalGroups->Groups[i].Sid);
1719 }
1720
1721 RtlFreeHeap(RtlGetProcessHeap(), 0, LocalGroups);
1722 }
1723
1724 /* Free the local authentication info buffer */
1725 if (LocalAuthInfo != NULL)
1726 RtlFreeHeap(RtlGetProcessHeap(), 0, LocalAuthInfo);
1727
1728 /* Free the token information */
1729 if (TokenInformation != NULL)
1730 {
1731 if (TokenInformationType == LsaTokenInformationNull)
1732 {
1733 TokenInfo0 = (PLSA_TOKEN_INFORMATION_NULL)TokenInformation;
1734
1735 if (TokenInfo0 != NULL)
1736 {
1737 if (TokenInfo0->Groups != NULL)
1738 {
1739 for (i = 0; i < TokenInfo0->Groups->GroupCount; i++)
1740 {
1741 if (TokenInfo0->Groups->Groups[i].Sid != NULL)
1742 LsapFreeHeap(TokenInfo0->Groups->Groups[i].Sid);
1743 }
1744
1745 LsapFreeHeap(TokenInfo0->Groups);
1746 }
1747
1748 LsapFreeHeap(TokenInfo0);
1749 }
1750 }
1751 else if (TokenInformationType == LsaTokenInformationV1)
1752 {
1753 TokenInfo1 = (PLSA_TOKEN_INFORMATION_V1)TokenInformation;
1754
1755 if (TokenInfo1 != NULL)
1756 {
1757 if (TokenInfo1->User.User.Sid != NULL)
1758 LsapFreeHeap(TokenInfo1->User.User.Sid);
1759
1760 if (TokenInfo1->Groups != NULL)
1761 {
1762 for (i = 0; i < TokenInfo1->Groups->GroupCount; i++)
1763 {
1764 if (TokenInfo1->Groups->Groups[i].Sid != NULL)
1765 LsapFreeHeap(TokenInfo1->Groups->Groups[i].Sid);
1766 }
1767
1768 LsapFreeHeap(TokenInfo1->Groups);
1769 }
1770
1771 if (TokenInfo1->PrimaryGroup.PrimaryGroup != NULL)
1772 LsapFreeHeap(TokenInfo1->PrimaryGroup.PrimaryGroup);
1773
1774 if (TokenInfo1->Privileges != NULL)
1775 LsapFreeHeap(TokenInfo1->Privileges);
1776
1777 if (TokenInfo1->Owner.Owner != NULL)
1778 LsapFreeHeap(TokenInfo1->Owner.Owner);
1779
1780 if (TokenInfo1->DefaultDacl.DefaultDacl != NULL)
1781 LsapFreeHeap(TokenInfo1->DefaultDacl.DefaultDacl);
1782
1783 LsapFreeHeap(TokenInfo1);
1784 }
1785 }
1786 else
1787 {
1788 FIXME("TokenInformationType %d is not supported!\n", TokenInformationType);
1789 }
1790 }
1791
1792 /* Free the account name */
1793 if (AccountName != NULL)
1794 {
1795 if (AccountName->Buffer != NULL)
1796 LsapFreeHeap(AccountName->Buffer);
1797
1798 LsapFreeHeap(AccountName);
1799 }
1800
1801 /* Free the authentication authority */
1802 if (AuthenticatingAuthority != NULL)
1803 {
1804 if (AuthenticatingAuthority != NULL)
1805 LsapFreeHeap(AuthenticatingAuthority->Buffer);
1806
1807 LsapFreeHeap(AuthenticatingAuthority);
1808 }
1809
1810 /* Free the machine name */
1811 if (MachineName != NULL)
1812 {
1813 if (MachineName->Buffer != NULL)
1814 LsapFreeHeap(MachineName->Buffer);
1815
1816 LsapFreeHeap(MachineName);
1817 }
1818
1819 TRACE("LsapLogonUser done (Status 0x%08lx)\n", Status);
1820
1821 return Status;
1822 }
1823
1824 /* EOF */