2 * PROJECT: Local Security Authority Server DLL
3 * LICENSE: GPL - See COPYING in the top level directory
4 * FILE: dll/win32/lsasrv/authpackage.c
5 * PURPOSE: Authenticaton package management routines
6 * COPYRIGHT: Copyright 2013 Eric Kohl
11 typedef enum _LSA_TOKEN_INFORMATION_TYPE
13 LsaTokenInformationNull
,
15 } LSA_TOKEN_INFORMATION_TYPE
, *PLSA_TOKEN_INFORMATION_TYPE
;
17 typedef struct _LSA_TOKEN_INFORMATION_V1
19 LARGE_INTEGER ExpirationTime
;
22 TOKEN_PRIMARY_GROUP PrimaryGroup
;
23 PTOKEN_PRIVILEGES Privileges
;
25 TOKEN_DEFAULT_DACL DefaultDacl
;
26 } LSA_TOKEN_INFORMATION_V1
, *PLSA_TOKEN_INFORMATION_V1
;
28 typedef PVOID PLSA_CLIENT_REQUEST
;
30 typedef NTSTATUS (NTAPI
*PLSA_CREATE_LOGON_SESSION
)(PLUID
);
31 typedef NTSTATUS (NTAPI
*PLSA_DELETE_LOGON_SESSION
)(PLUID
);
33 typedef PVOID (NTAPI
*PLSA_ALLOCATE_LSA_HEAP
)(ULONG
);
34 typedef VOID (NTAPI
*PLSA_FREE_LSA_HEAP
)(PVOID
);
35 typedef NTSTATUS (NTAPI
*PLSA_ALLOCATE_CLIENT_BUFFER
)(PLSA_CLIENT_REQUEST
, ULONG
, PVOID
*);
36 typedef NTSTATUS (NTAPI
*PLSA_FREE_CLIENT_BUFFER
)(PLSA_CLIENT_REQUEST
, PVOID
);
37 typedef NTSTATUS (NTAPI
*PLSA_COPY_TO_CLIENT_BUFFER
)(PLSA_CLIENT_REQUEST
, ULONG
,
39 typedef NTSTATUS (NTAPI
*PLSA_COPY_FROM_CLIENT_BUFFER
)(PLSA_CLIENT_REQUEST
,
42 typedef struct LSA_DISPATCH_TABLE
44 PLSA_CREATE_LOGON_SESSION CreateLogonSession
;
45 PLSA_DELETE_LOGON_SESSION DeleteLogonSession
;
46 PVOID
/*PLSA_ADD_CREDENTIAL */ AddCredential
;
47 PVOID
/*PLSA_GET_CREDENTIALS */ GetCredentials
;
48 PVOID
/*PLSA_DELETE_CREDENTIAL */ DeleteCredential
;
49 PLSA_ALLOCATE_LSA_HEAP AllocateLsaHeap
;
50 PLSA_FREE_LSA_HEAP FreeLsaHeap
;
51 PLSA_ALLOCATE_CLIENT_BUFFER AllocateClientBuffer
;
52 PLSA_FREE_CLIENT_BUFFER FreeClientBuffer
;
53 PLSA_COPY_TO_CLIENT_BUFFER CopyToClientBuffer
;
54 PLSA_COPY_FROM_CLIENT_BUFFER CopyFromClientBuffer
;
55 } LSA_DISPATCH_TABLE
, *PLSA_DISPATCH_TABLE
;
58 typedef NTSTATUS (NTAPI
*PLSA_AP_INITIALIZE_PACKAGE
)(ULONG
, PLSA_DISPATCH_TABLE
,
59 PLSA_STRING
, PLSA_STRING
, PLSA_STRING
*);
60 typedef NTSTATUS (NTAPI
*PLSA_AP_CALL_PACKAGE_INTERNAL
)(PLSA_CLIENT_REQUEST
, PVOID
, PVOID
,
61 ULONG
, PVOID
*, PULONG
, PNTSTATUS
);
62 typedef NTSTATUS (NTAPI
*PLSA_AP_CALL_PACKAGE_PASSTHROUGH
)(PLSA_CLIENT_REQUEST
,
63 PVOID
, PVOID
, ULONG
, PVOID
*, PULONG
, PNTSTATUS
);
64 typedef NTSTATUS (NTAPI
*PLSA_AP_CALL_PACKAGE_UNTRUSTED
)(PLSA_CLIENT_REQUEST
,
65 PVOID
, PVOID
, ULONG
, PVOID
*, PULONG
, PNTSTATUS
);
66 typedef VOID (NTAPI
*PLSA_AP_LOGON_TERMINATED
)(PLUID
);
67 typedef NTSTATUS (NTAPI
*PLSA_AP_LOGON_USER_EX2
)(PLSA_CLIENT_REQUEST
,
68 SECURITY_LOGON_TYPE
, PVOID
, PVOID
, ULONG
, PVOID
*, PULONG
, PLUID
, PNTSTATUS
,
69 PLSA_TOKEN_INFORMATION_TYPE
, PVOID
*, PUNICODE_STRING
*, PUNICODE_STRING
*,
70 PUNICODE_STRING
*, PVOID
/*PSECPKG_PRIMARY_CRED*/, PVOID
/*PSECPKG_SUPPLEMENTAL_CRED_ARRAY **/);
71 typedef NTSTATUS (NTAPI
*PLSA_AP_LOGON_USER_EX
)(PLSA_CLIENT_REQUEST
,
72 SECURITY_LOGON_TYPE
, PVOID
, PVOID
, ULONG
, PVOID
*, PULONG
, PLUID
, PNTSTATUS
,
73 PLSA_TOKEN_INFORMATION_TYPE
, PVOID
*, PUNICODE_STRING
*, PUNICODE_STRING
*,
76 typedef NTSTATUS (NTAPI
*PLSA_AP_LOGON_USER_INTERNAL
)(PLSA_CLIENT_REQUEST
, SECURITY_LOGON_TYPE
,
77 PVOID
, PVOID
, ULONG
, PVOID
*, PULONG
, PLUID
, PNTSTATUS
, PLSA_TOKEN_INFORMATION_TYPE
,
78 PVOID
*, PUNICODE_STRING
*, PUNICODE_STRING
*);
80 typedef struct _AUTH_PACKAGE
87 PLSA_AP_INITIALIZE_PACKAGE LsaApInitializePackage
;
88 PLSA_AP_CALL_PACKAGE_INTERNAL LsaApCallPackage
;
89 PLSA_AP_CALL_PACKAGE_PASSTHROUGH LsaApCallPackagePassthrough
;
90 PLSA_AP_CALL_PACKAGE_UNTRUSTED LsaApCallPackageUntrusted
;
91 PLSA_AP_LOGON_TERMINATED LsaApLogonTerminated
;
92 PLSA_AP_LOGON_USER_EX2 LsaApLogonUserEx2
;
93 PLSA_AP_LOGON_USER_EX LsaApLogonUserEx
;
94 PLSA_AP_LOGON_USER_INTERNAL LsaApLogonUser
;
95 } AUTH_PACKAGE
, *PAUTH_PACKAGE
;
98 /* GLOBALS *****************************************************************/
100 static LIST_ENTRY PackageListHead
;
101 static ULONG PackageId
;
102 static LSA_DISPATCH_TABLE DispatchTable
;
105 /* FUNCTIONS ***************************************************************/
110 LsapAddAuthPackage(IN PWSTR ValueName
,
113 IN ULONG ValueLength
,
115 IN PVOID EntryContext
)
117 PAUTH_PACKAGE Package
= NULL
;
118 UNICODE_STRING PackageName
;
121 NTSTATUS Status
= STATUS_SUCCESS
;
123 TRACE("LsapAddAuthPackage()\n");
125 PackageName
.Length
= (USHORT
)ValueLength
- sizeof(WCHAR
);
126 PackageName
.MaximumLength
= (USHORT
)ValueLength
;
127 PackageName
.Buffer
= ValueData
;
129 Id
= (PULONG
)Context
;
131 Package
= RtlAllocateHeap(RtlGetProcessHeap(),
133 sizeof(AUTH_PACKAGE
));
135 return STATUS_INSUFFICIENT_RESOURCES
;
137 Status
= LdrLoadDll(NULL
,
140 &Package
->ModuleHandle
);
141 if (!NT_SUCCESS(Status
))
143 TRACE("LdrLoadDll failed (Status 0x%08lx)\n", Status
);
147 RtlInitAnsiString(&ProcName
, "LsaApInitializePackage");
148 Status
= LdrGetProcedureAddress(Package
->ModuleHandle
,
151 (PVOID
*)&Package
->LsaApInitializePackage
);
152 if (!NT_SUCCESS(Status
))
154 TRACE("LdrGetProcedureAddress() failed (Status 0x%08lx)\n", Status
);
158 RtlInitAnsiString(&ProcName
, "LsaApCallPackage");
159 Status
= LdrGetProcedureAddress(Package
->ModuleHandle
,
162 (PVOID
*)&Package
->LsaApCallPackage
);
163 if (!NT_SUCCESS(Status
))
165 TRACE("LdrGetProcedureAddress() failed (Status 0x%08lx)\n", Status
);
169 RtlInitAnsiString(&ProcName
, "LsaApCallPackagePassthrough");
170 Status
= LdrGetProcedureAddress(Package
->ModuleHandle
,
173 (PVOID
*)&Package
->LsaApCallPackagePassthrough
);
174 if (!NT_SUCCESS(Status
))
176 TRACE("LdrGetProcedureAddress() failed (Status 0x%08lx)\n", Status
);
180 RtlInitAnsiString(&ProcName
, "LsaApCallPackageUntrusted");
181 Status
= LdrGetProcedureAddress(Package
->ModuleHandle
,
184 (PVOID
*)&Package
->LsaApCallPackageUntrusted
);
185 if (!NT_SUCCESS(Status
))
187 TRACE("LdrGetProcedureAddress() failed (Status 0x%08lx)\n", Status
);
191 RtlInitAnsiString(&ProcName
, "LsaApLogonTerminated");
192 Status
= LdrGetProcedureAddress(Package
->ModuleHandle
,
195 (PVOID
*)&Package
->LsaApLogonTerminated
);
196 if (!NT_SUCCESS(Status
))
198 TRACE("LdrGetProcedureAddress() failed (Status 0x%08lx)\n", Status
);
202 RtlInitAnsiString(&ProcName
, "LsaApLogonUserEx2");
203 Status
= LdrGetProcedureAddress(Package
->ModuleHandle
,
206 (PVOID
*)&Package
->LsaApLogonUserEx2
);
207 if (!NT_SUCCESS(Status
))
209 RtlInitAnsiString(&ProcName
, "LsaApLogonUserEx");
210 Status
= LdrGetProcedureAddress(Package
->ModuleHandle
,
213 (PVOID
*)&Package
->LsaApLogonUserEx
);
214 if (!NT_SUCCESS(Status
))
216 RtlInitAnsiString(&ProcName
, "LsaApLogonUser");
217 Status
= LdrGetProcedureAddress(Package
->ModuleHandle
,
220 (PVOID
*)&Package
->LsaApLogonUser
);
221 if (!NT_SUCCESS(Status
))
223 TRACE("LdrGetProcedureAddress() failed (Status 0x%08lx)\n", Status
);
229 /* Initialize the current package */
230 Status
= Package
->LsaApInitializePackage(*Id
,
235 if (!NT_SUCCESS(Status
))
237 TRACE("Package->LsaApInitializePackage() failed (Status 0x%08lx)\n", Status
);
241 TRACE("Package Name: %s\n", Package
->Name
->Buffer
);
246 InsertTailList(&PackageListHead
, &Package
->Entry
);
249 if (!NT_SUCCESS(Status
))
253 if (Package
->ModuleHandle
!= NULL
)
254 LdrUnloadDll(Package
->ModuleHandle
);
256 if (Package
->Name
!= NULL
)
258 if (Package
->Name
->Buffer
!= NULL
)
259 RtlFreeHeap(RtlGetProcessHeap(), 0, Package
->Name
->Buffer
);
261 RtlFreeHeap(RtlGetProcessHeap(), 0, Package
->Name
);
264 RtlFreeHeap(RtlGetProcessHeap(), 0, Package
);
274 LsapGetAuthenticationPackage(IN ULONG PackageId
)
276 PLIST_ENTRY ListEntry
;
277 PAUTH_PACKAGE Package
;
279 ListEntry
= PackageListHead
.Flink
;
280 while (ListEntry
!= &PackageListHead
)
282 Package
= CONTAINING_RECORD(ListEntry
, AUTH_PACKAGE
, Entry
);
284 if (Package
->Id
== PackageId
)
289 ListEntry
= ListEntry
->Flink
;
299 LsapAllocateHeap(IN ULONG Length
)
301 return RtlAllocateHeap(RtlGetProcessHeap(),
310 LsapFreeHeap(IN PVOID Base
)
312 RtlFreeHeap(RtlGetProcessHeap(),
321 LsapAllocateClientBuffer(IN PLSA_CLIENT_REQUEST ClientRequest
,
322 IN ULONG LengthRequired
,
323 OUT PVOID
*ClientBaseAddress
)
325 PLSAP_LOGON_CONTEXT LogonContext
;
328 *ClientBaseAddress
= NULL
;
330 LogonContext
= (PLSAP_LOGON_CONTEXT
)ClientRequest
;
332 Length
= LengthRequired
;
333 return NtAllocateVirtualMemory(LogonContext
->ClientProcessHandle
,
345 LsapFreeClientBuffer(IN PLSA_CLIENT_REQUEST ClientRequest
,
346 IN PVOID ClientBaseAddress
)
348 PLSAP_LOGON_CONTEXT LogonContext
;
351 if (ClientBaseAddress
== NULL
)
352 return STATUS_SUCCESS
;
354 LogonContext
= (PLSAP_LOGON_CONTEXT
)ClientRequest
;
357 return NtFreeVirtualMemory(LogonContext
->ClientProcessHandle
,
367 LsapCopyToClientBuffer(IN PLSA_CLIENT_REQUEST ClientRequest
,
369 IN PVOID ClientBaseAddress
,
370 IN PVOID BufferToCopy
)
372 PLSAP_LOGON_CONTEXT LogonContext
;
374 LogonContext
= (PLSAP_LOGON_CONTEXT
)ClientRequest
;
376 return NtWriteVirtualMemory(LogonContext
->ClientProcessHandle
,
387 LsapCopyFromClientBuffer(IN PLSA_CLIENT_REQUEST ClientRequest
,
389 IN PVOID BufferToCopy
,
390 IN PVOID ClientBaseAddress
)
392 PLSAP_LOGON_CONTEXT LogonContext
;
394 LogonContext
= (PLSAP_LOGON_CONTEXT
)ClientRequest
;
396 return NtReadVirtualMemory(LogonContext
->ClientProcessHandle
,
405 LsapInitAuthPackages(VOID
)
407 RTL_QUERY_REGISTRY_TABLE AuthPackageTable
[] = {
408 {LsapAddAuthPackage
, 0, L
"Authentication Packages", NULL
, REG_NONE
, NULL
, 0},
409 {NULL
, 0, NULL
, NULL
, REG_NONE
, NULL
, 0}};
413 InitializeListHead(&PackageListHead
);
416 /* Initialize the dispatch table */
417 DispatchTable
.CreateLogonSession
= &LsapCreateLogonSession
;
418 DispatchTable
.DeleteLogonSession
= &LsapDeleteLogonSession
;
419 DispatchTable
.AddCredential
= NULL
;
420 DispatchTable
.GetCredentials
= NULL
;
421 DispatchTable
.DeleteCredential
= NULL
;
422 DispatchTable
.AllocateLsaHeap
= &LsapAllocateHeap
;
423 DispatchTable
.FreeLsaHeap
= &LsapFreeHeap
;
424 DispatchTable
.AllocateClientBuffer
= &LsapAllocateClientBuffer
;
425 DispatchTable
.FreeClientBuffer
= &LsapFreeClientBuffer
;
426 DispatchTable
.CopyToClientBuffer
= &LsapCopyToClientBuffer
;
427 DispatchTable
.CopyFromClientBuffer
= &LsapCopyFromClientBuffer
;
429 /* Add registered authentication packages */
430 Status
= RtlQueryRegistryValues(RTL_REGISTRY_CONTROL
,
441 LsapLookupAuthenticationPackage(PLSA_API_MSG RequestMsg
,
442 PLSAP_LOGON_CONTEXT LogonContext
)
444 PLIST_ENTRY ListEntry
;
445 PAUTH_PACKAGE Package
;
446 ULONG PackageNameLength
;
449 TRACE("(%p %p)\n", RequestMsg
, LogonContext
);
451 PackageNameLength
= RequestMsg
->LookupAuthenticationPackage
.Request
.PackageNameLength
;
452 PackageName
= RequestMsg
->LookupAuthenticationPackage
.Request
.PackageName
;
454 TRACE("PackageName: %s\n", PackageName
);
456 ListEntry
= PackageListHead
.Flink
;
457 while (ListEntry
!= &PackageListHead
)
459 Package
= CONTAINING_RECORD(ListEntry
, AUTH_PACKAGE
, Entry
);
461 if ((PackageNameLength
== Package
->Name
->Length
) &&
462 (_strnicmp(PackageName
, Package
->Name
->Buffer
, Package
->Name
->Length
) == 0))
464 RequestMsg
->LookupAuthenticationPackage
.Reply
.Package
= Package
->Id
;
465 return STATUS_SUCCESS
;
468 ListEntry
= ListEntry
->Flink
;
471 return STATUS_NO_SUCH_PACKAGE
;
476 LsapCallAuthenticationPackage(PLSA_API_MSG RequestMsg
,
477 PLSAP_LOGON_CONTEXT LogonContext
)
479 PAUTH_PACKAGE Package
;
480 PVOID LocalBuffer
= NULL
;
484 TRACE("(%p %p)\n", RequestMsg
, LogonContext
);
486 PackageId
= RequestMsg
->CallAuthenticationPackage
.Request
.AuthenticationPackage
;
488 /* Get the right authentication package */
489 Package
= LsapGetAuthenticationPackage(PackageId
);
492 TRACE("LsapGetAuthenticationPackage() failed to find a package\n");
493 return STATUS_NO_SUCH_PACKAGE
;
496 if (RequestMsg
->CallAuthenticationPackage
.Request
.SubmitBufferLength
> 0)
498 LocalBuffer
= RtlAllocateHeap(RtlGetProcessHeap(),
500 RequestMsg
->CallAuthenticationPackage
.Request
.SubmitBufferLength
);
501 if (LocalBuffer
== NULL
)
503 return STATUS_INSUFFICIENT_RESOURCES
;
506 Status
= NtReadVirtualMemory(LogonContext
->ClientProcessHandle
,
507 RequestMsg
->CallAuthenticationPackage
.Request
.ProtocolSubmitBuffer
,
509 RequestMsg
->CallAuthenticationPackage
.Request
.SubmitBufferLength
,
511 if (!NT_SUCCESS(Status
))
513 TRACE("NtReadVirtualMemory() failed (Status 0x%08lx)\n", Status
);
514 RtlFreeHeap(RtlGetProcessHeap(), 0, LocalBuffer
);
519 Status
= Package
->LsaApCallPackage((PLSA_CLIENT_REQUEST
)LogonContext
,
521 RequestMsg
->CallAuthenticationPackage
.Request
.ProtocolSubmitBuffer
,
522 RequestMsg
->CallAuthenticationPackage
.Request
.SubmitBufferLength
,
523 &RequestMsg
->CallAuthenticationPackage
.Reply
.ProtocolReturnBuffer
,
524 &RequestMsg
->CallAuthenticationPackage
.Reply
.ReturnBufferLength
,
525 &RequestMsg
->CallAuthenticationPackage
.Reply
.ProtocolStatus
);
526 if (!NT_SUCCESS(Status
))
528 TRACE("Package->LsaApCallPackage() failed (Status 0x%08lx)\n", Status
);
531 if (LocalBuffer
!= NULL
)
532 RtlFreeHeap(RtlGetProcessHeap(), 0, LocalBuffer
);
541 IN PLSAP_LOGON_CONTEXT LogonContext
,
542 IN PTOKEN_GROUPS ClientGroups
,
543 IN ULONG ClientGroupsCount
,
544 OUT PTOKEN_GROUPS
*TokenGroups
)
546 ULONG LocalGroupsLength
= 0;
547 PTOKEN_GROUPS LocalGroups
= NULL
;
548 ULONG SidHeaderLength
= 0;
549 PSID SidHeader
= NULL
;
552 ULONG AllocatedSids
= 0;
556 LocalGroupsLength
= sizeof(TOKEN_GROUPS
) +
557 (ClientGroupsCount
- ANYSIZE_ARRAY
) * sizeof(SID_AND_ATTRIBUTES
);
558 LocalGroups
= RtlAllocateHeap(RtlGetProcessHeap(),
561 if (LocalGroups
== NULL
)
563 TRACE("RtlAllocateHeap() failed\n");
564 return STATUS_INSUFFICIENT_RESOURCES
;
567 Status
= NtReadVirtualMemory(LogonContext
->ClientProcessHandle
,
572 if (!NT_SUCCESS(Status
))
576 SidHeaderLength
= RtlLengthRequiredSid(0);
577 SidHeader
= RtlAllocateHeap(RtlGetProcessHeap(),
580 if (SidHeader
== NULL
)
582 Status
= STATUS_INSUFFICIENT_RESOURCES
;
586 for (i
= 0; i
< ClientGroupsCount
; i
++)
588 SrcSid
= LocalGroups
->Groups
[i
].Sid
;
590 Status
= NtReadVirtualMemory(LogonContext
->ClientProcessHandle
,
595 if (!NT_SUCCESS(Status
))
598 SidLength
= RtlLengthSid(SidHeader
);
599 TRACE("Sid %lu: Length %lu\n", i
, SidLength
);
601 DstSid
= RtlAllocateHeap(RtlGetProcessHeap(),
606 Status
= STATUS_INSUFFICIENT_RESOURCES
;
610 Status
= NtReadVirtualMemory(LogonContext
->ClientProcessHandle
,
615 if (!NT_SUCCESS(Status
))
617 RtlFreeHeap(RtlGetProcessHeap(), 0, DstSid
);
621 LocalGroups
->Groups
[i
].Sid
= DstSid
;
625 *TokenGroups
= LocalGroups
;
628 if (SidHeader
!= NULL
)
629 RtlFreeHeap(RtlGetProcessHeap(), 0, SidHeader
);
631 if (!NT_SUCCESS(Status
))
633 if (LocalGroups
!= NULL
)
635 for (i
= 0; i
< AllocatedSids
; i
++)
636 RtlFreeHeap(RtlGetProcessHeap(), 0, LocalGroups
->Groups
[i
].Sid
);
638 RtlFreeHeap(RtlGetProcessHeap(), 0, LocalGroups
);
648 LsapAddTokenDefaultDacl(
649 IN PVOID TokenInformation
,
650 IN LSA_TOKEN_INFORMATION_TYPE TokenInformationType
)
652 PLSA_TOKEN_INFORMATION_V1 TokenInfo1
;
656 if (TokenInformationType
== LsaTokenInformationV1
)
658 TokenInfo1
= (PLSA_TOKEN_INFORMATION_V1
)TokenInformation
;
660 if (TokenInfo1
->DefaultDacl
.DefaultDacl
!= NULL
)
661 return STATUS_SUCCESS
;
663 Length
= sizeof(ACL
) +
664 (2 * sizeof(ACCESS_ALLOWED_ACE
)) +
665 RtlLengthSid(TokenInfo1
->Owner
.Owner
) +
666 RtlLengthSid(LsapLocalSystemSid
);
668 Dacl
= DispatchTable
.AllocateLsaHeap(Length
);
670 return STATUS_INSUFFICIENT_RESOURCES
;
672 RtlCreateAcl(Dacl
, Length
, ACL_REVISION
);
674 RtlAddAccessAllowedAce(Dacl
,
677 TokenInfo1
->Owner
.Owner
);
680 RtlAddAccessAllowedAce(Dacl
,
685 TokenInfo1
->DefaultDacl
.DefaultDacl
= Dacl
;
688 return STATUS_SUCCESS
;
693 LsapLogonUser(PLSA_API_MSG RequestMsg
,
694 PLSAP_LOGON_CONTEXT LogonContext
)
696 PAUTH_PACKAGE Package
;
697 OBJECT_ATTRIBUTES ObjectAttributes
;
698 SECURITY_QUALITY_OF_SERVICE Qos
;
699 LSA_TOKEN_INFORMATION_TYPE TokenInformationType
;
700 PVOID TokenInformation
= NULL
;
701 PLSA_TOKEN_INFORMATION_V1 TokenInfo1
= NULL
;
702 PUNICODE_STRING AccountName
= NULL
;
703 PUNICODE_STRING AuthenticatingAuthority
= NULL
;
704 PUNICODE_STRING MachineName
= NULL
;
705 PVOID LocalAuthInfo
= NULL
;
706 PTOKEN_GROUPS LocalGroups
= NULL
;
707 HANDLE TokenHandle
= NULL
;
712 TRACE("(%p %p)\n", RequestMsg
, LogonContext
);
714 PackageId
= RequestMsg
->LogonUser
.Request
.AuthenticationPackage
;
716 /* Get the right authentication package */
717 Package
= LsapGetAuthenticationPackage(PackageId
);
720 ERR("LsapGetAuthenticationPackage() failed to find a package\n");
721 return STATUS_NO_SUCH_PACKAGE
;
724 if (RequestMsg
->LogonUser
.Request
.AuthenticationInformationLength
> 0)
726 /* Allocate the local authentication info buffer */
727 LocalAuthInfo
= RtlAllocateHeap(RtlGetProcessHeap(),
729 RequestMsg
->LogonUser
.Request
.AuthenticationInformationLength
);
730 if (LocalAuthInfo
== NULL
)
732 ERR("RtlAllocateHeap() failed\n");
733 return STATUS_INSUFFICIENT_RESOURCES
;
736 /* Read the authentication info from the callers adress space */
737 Status
= NtReadVirtualMemory(LogonContext
->ClientProcessHandle
,
738 RequestMsg
->LogonUser
.Request
.AuthenticationInformation
,
740 RequestMsg
->LogonUser
.Request
.AuthenticationInformationLength
,
742 if (!NT_SUCCESS(Status
))
744 ERR("NtReadVirtualMemory() failed (Status 0x%08lx)\n", Status
);
745 RtlFreeHeap(RtlGetProcessHeap(), 0, LocalAuthInfo
);
750 if (RequestMsg
->LogonUser
.Request
.LocalGroupsCount
> 0)
752 Status
= LsapCopyLocalGroups(LogonContext
,
753 RequestMsg
->LogonUser
.Request
.LocalGroups
,
754 RequestMsg
->LogonUser
.Request
.LocalGroupsCount
,
756 if (!NT_SUCCESS(Status
))
758 ERR("LsapCopyLocalGroups failed (Status 0x%08lx)\n", Status
);
762 TRACE("GroupCount: %lu\n", LocalGroups
->GroupCount
);
765 if (Package
->LsaApLogonUserEx2
!= NULL
)
767 Status
= Package
->LsaApLogonUserEx2((PLSA_CLIENT_REQUEST
)LogonContext
,
768 RequestMsg
->LogonUser
.Request
.LogonType
,
770 RequestMsg
->LogonUser
.Request
.AuthenticationInformation
,
771 RequestMsg
->LogonUser
.Request
.AuthenticationInformationLength
,
772 &RequestMsg
->LogonUser
.Reply
.ProfileBuffer
,
773 &RequestMsg
->LogonUser
.Reply
.ProfileBufferLength
,
774 &RequestMsg
->LogonUser
.Reply
.LogonId
,
775 &RequestMsg
->LogonUser
.Reply
.SubStatus
,
776 &TokenInformationType
,
779 &AuthenticatingAuthority
,
781 NULL
, /* FIXME: PSECPKG_PRIMARY_CRED PrimaryCredentials */
782 NULL
); /* FIXME: PSECPKG_SUPPLEMENTAL_CRED_ARRAY *SupplementalCredentials */
784 else if (Package
->LsaApLogonUserEx
!= NULL
)
786 Status
= Package
->LsaApLogonUserEx((PLSA_CLIENT_REQUEST
)LogonContext
,
787 RequestMsg
->LogonUser
.Request
.LogonType
,
789 RequestMsg
->LogonUser
.Request
.AuthenticationInformation
,
790 RequestMsg
->LogonUser
.Request
.AuthenticationInformationLength
,
791 &RequestMsg
->LogonUser
.Reply
.ProfileBuffer
,
792 &RequestMsg
->LogonUser
.Reply
.ProfileBufferLength
,
793 &RequestMsg
->LogonUser
.Reply
.LogonId
,
794 &RequestMsg
->LogonUser
.Reply
.SubStatus
,
795 &TokenInformationType
,
798 &AuthenticatingAuthority
,
803 Status
= Package
->LsaApLogonUser((PLSA_CLIENT_REQUEST
)LogonContext
,
804 RequestMsg
->LogonUser
.Request
.LogonType
,
806 RequestMsg
->LogonUser
.Request
.AuthenticationInformation
,
807 RequestMsg
->LogonUser
.Request
.AuthenticationInformationLength
,
808 &RequestMsg
->LogonUser
.Reply
.ProfileBuffer
,
809 &RequestMsg
->LogonUser
.Reply
.ProfileBufferLength
,
810 &RequestMsg
->LogonUser
.Reply
.LogonId
,
811 &RequestMsg
->LogonUser
.Reply
.SubStatus
,
812 &TokenInformationType
,
815 &AuthenticatingAuthority
);
818 if (!NT_SUCCESS(Status
))
820 ERR("LsaApLogonUser/Ex/2 failed (Status 0x%08lx)\n", Status
);
825 Status
= LsapAddTokenDefaultDacl(TokenInformation
,
826 TokenInformationType
);
827 if (!NT_SUCCESS(Status
))
829 ERR("LsapAddTokenDefaultDacl() failed (Status 0x%08lx)\n", Status
);
833 if (TokenInformationType
== LsaTokenInformationV1
)
835 TokenInfo1
= (PLSA_TOKEN_INFORMATION_V1
)TokenInformation
;
837 Qos
.Length
= sizeof(SECURITY_QUALITY_OF_SERVICE
);
838 Qos
.ImpersonationLevel
= SecurityImpersonation
;
839 Qos
.ContextTrackingMode
= SECURITY_DYNAMIC_TRACKING
;
840 Qos
.EffectiveOnly
= FALSE
;
842 ObjectAttributes
.Length
= sizeof(OBJECT_ATTRIBUTES
);
843 ObjectAttributes
.RootDirectory
= NULL
;
844 ObjectAttributes
.ObjectName
= NULL
;
845 ObjectAttributes
.Attributes
= 0;
846 ObjectAttributes
.SecurityDescriptor
= NULL
;
847 ObjectAttributes
.SecurityQualityOfService
= &Qos
;
849 /* Create the logon token */
850 Status
= NtCreateToken(&TokenHandle
,
854 &RequestMsg
->LogonUser
.Reply
.LogonId
,
855 &TokenInfo1
->ExpirationTime
,
858 TokenInfo1
->Privileges
,
860 &TokenInfo1
->PrimaryGroup
,
861 &TokenInfo1
->DefaultDacl
,
862 &RequestMsg
->LogonUser
.Request
.SourceContext
);
863 if (!NT_SUCCESS(Status
))
865 ERR("NtCreateToken failed (Status 0x%08lx)\n", Status
);
871 FIXME("TokenInformationType %d is not supported!\n", TokenInformationType
);
872 Status
= STATUS_NOT_IMPLEMENTED
;
876 /* Duplicate the token handle into the client process */
877 Status
= NtDuplicateObject(NtCurrentProcess(),
879 LogonContext
->ClientProcessHandle
,
880 &RequestMsg
->LogonUser
.Reply
.Token
,
883 DUPLICATE_SAME_ACCESS
| DUPLICATE_SAME_ATTRIBUTES
| DUPLICATE_CLOSE_SOURCE
);
884 if (!NT_SUCCESS(Status
))
886 ERR("NtDuplicateObject failed (Status 0x%08lx)\n", Status
);
892 Status
= LsapSetLogonSessionData(&RequestMsg
->LogonUser
.Reply
.LogonId
);
893 if (!NT_SUCCESS(Status
))
895 ERR("LsapSetLogonSessionData failed (Status 0x%08lx)\n", Status
);
900 if (!NT_SUCCESS(Status
))
902 if (TokenHandle
!= NULL
)
903 NtClose(TokenHandle
);
906 /* Free the local groups */
907 if (LocalGroups
!= NULL
)
909 for (i
= 0; i
< LocalGroups
->GroupCount
; i
++)
911 if (LocalGroups
->Groups
[i
].Sid
!= NULL
)
912 RtlFreeHeap(RtlGetProcessHeap(), 0, LocalGroups
->Groups
[i
].Sid
);
915 RtlFreeHeap(RtlGetProcessHeap(), 0, LocalGroups
);
918 /* Free the local authentication info buffer */
919 if (LocalAuthInfo
!= NULL
)
920 RtlFreeHeap(RtlGetProcessHeap(), 0, LocalAuthInfo
);
922 /* Free the token information */
923 if (TokenInformation
!= NULL
)
925 if (TokenInformationType
== LsaTokenInformationV1
)
927 TokenInfo1
= (PLSA_TOKEN_INFORMATION_V1
)TokenInformation
;
929 if (TokenInfo1
!= NULL
)
931 if (TokenInfo1
->User
.User
.Sid
!= NULL
)
932 LsapFreeHeap(TokenInfo1
->User
.User
.Sid
);
934 if (TokenInfo1
->Groups
!= NULL
)
936 for (i
= 0; i
< TokenInfo1
->Groups
->GroupCount
; i
++)
938 if (TokenInfo1
->Groups
->Groups
[i
].Sid
!= NULL
)
939 LsapFreeHeap(TokenInfo1
->Groups
->Groups
[i
].Sid
);
942 LsapFreeHeap(TokenInfo1
->Groups
);
945 if (TokenInfo1
->PrimaryGroup
.PrimaryGroup
!= NULL
)
946 LsapFreeHeap(TokenInfo1
->PrimaryGroup
.PrimaryGroup
);
948 if (TokenInfo1
->Privileges
!= NULL
)
949 LsapFreeHeap(TokenInfo1
->Privileges
);
951 if (TokenInfo1
->Owner
.Owner
!= NULL
)
952 LsapFreeHeap(TokenInfo1
->Owner
.Owner
);
954 if (TokenInfo1
->DefaultDacl
.DefaultDacl
!= NULL
)
955 LsapFreeHeap(TokenInfo1
->DefaultDacl
.DefaultDacl
);
957 LsapFreeHeap(TokenInfo1
);
962 FIXME("TokenInformationType %d is not supported!\n", TokenInformationType
);
966 /* Free the account name */
967 if (AccountName
!= NULL
)
969 if (AccountName
->Buffer
!= NULL
)
970 LsapFreeHeap(AccountName
->Buffer
);
972 LsapFreeHeap(AccountName
);
975 /* Free the authentication authority */
976 if (AuthenticatingAuthority
!= NULL
)
978 if (AuthenticatingAuthority
!= NULL
)
979 LsapFreeHeap(AuthenticatingAuthority
->Buffer
);
981 LsapFreeHeap(AuthenticatingAuthority
);
984 /* Free the machine name */
985 if (MachineName
!= NULL
)
987 if (MachineName
->Buffer
!= NULL
)
988 LsapFreeHeap(MachineName
->Buffer
);
990 LsapFreeHeap(MachineName
);
993 TRACE("LsapLogonUser done (Status 0x%08lx)\n", Status
);