2 * PROJECT: Local Security Authority Server DLL
3 * LICENSE: GPL - See COPYING in the top level directory
4 * FILE: dll/win32/lsasrv/authpackage.c
5 * PURPOSE: Authenticaton package management routines
6 * COPYRIGHT: Copyright 2013 Eric Kohl
11 typedef enum _LSA_TOKEN_INFORMATION_TYPE
13 LsaTokenInformationNull
,
15 } LSA_TOKEN_INFORMATION_TYPE
, *PLSA_TOKEN_INFORMATION_TYPE
;
17 typedef struct _LSA_TOKEN_INFORMATION_V1
19 LARGE_INTEGER ExpirationTime
;
22 TOKEN_PRIMARY_GROUP PrimaryGroup
;
23 PTOKEN_PRIVILEGES Privileges
;
25 TOKEN_DEFAULT_DACL DefaultDacl
;
26 } LSA_TOKEN_INFORMATION_V1
, *PLSA_TOKEN_INFORMATION_V1
;
28 typedef PVOID PLSA_CLIENT_REQUEST
;
30 typedef NTSTATUS (NTAPI
*PLSA_CREATE_LOGON_SESSION
)(PLUID
);
31 typedef NTSTATUS (NTAPI
*PLSA_DELETE_LOGON_SESSION
)(PLUID
);
33 typedef PVOID (NTAPI
*PLSA_ALLOCATE_LSA_HEAP
)(ULONG
);
34 typedef VOID (NTAPI
*PLSA_FREE_LSA_HEAP
)(PVOID
);
35 typedef NTSTATUS (NTAPI
*PLSA_ALLOCATE_CLIENT_BUFFER
)(PLSA_CLIENT_REQUEST
, ULONG
, PVOID
*);
36 typedef NTSTATUS (NTAPI
*PLSA_FREE_CLIENT_BUFFER
)(PLSA_CLIENT_REQUEST
, PVOID
);
37 typedef NTSTATUS (NTAPI
*PLSA_COPY_TO_CLIENT_BUFFER
)(PLSA_CLIENT_REQUEST
, ULONG
,
39 typedef NTSTATUS (NTAPI
*PLSA_COPY_FROM_CLIENT_BUFFER
)(PLSA_CLIENT_REQUEST
,
42 typedef struct LSA_DISPATCH_TABLE
44 PLSA_CREATE_LOGON_SESSION CreateLogonSession
;
45 PLSA_DELETE_LOGON_SESSION DeleteLogonSession
;
46 PVOID
/*PLSA_ADD_CREDENTIAL */ AddCredential
;
47 PVOID
/*PLSA_GET_CREDENTIALS */ GetCredentials
;
48 PVOID
/*PLSA_DELETE_CREDENTIAL */ DeleteCredential
;
49 PLSA_ALLOCATE_LSA_HEAP AllocateLsaHeap
;
50 PLSA_FREE_LSA_HEAP FreeLsaHeap
;
51 PLSA_ALLOCATE_CLIENT_BUFFER AllocateClientBuffer
;
52 PLSA_FREE_CLIENT_BUFFER FreeClientBuffer
;
53 PLSA_COPY_TO_CLIENT_BUFFER CopyToClientBuffer
;
54 PLSA_COPY_FROM_CLIENT_BUFFER CopyFromClientBuffer
;
55 } LSA_DISPATCH_TABLE
, *PLSA_DISPATCH_TABLE
;
58 typedef NTSTATUS (NTAPI
*PLSA_AP_INITIALIZE_PACKAGE
)(ULONG
, PLSA_DISPATCH_TABLE
,
59 PLSA_STRING
, PLSA_STRING
, PLSA_STRING
*);
60 typedef NTSTATUS (NTAPI
*PLSA_AP_CALL_PACKAGE_INTERNAL
)(PLSA_CLIENT_REQUEST
, PVOID
, PVOID
,
61 ULONG
, PVOID
*, PULONG
, PNTSTATUS
);
62 typedef NTSTATUS (NTAPI
*PLSA_AP_CALL_PACKAGE_PASSTHROUGH
)(PLSA_CLIENT_REQUEST
,
63 PVOID
, PVOID
, ULONG
, PVOID
*, PULONG
, PNTSTATUS
);
64 typedef NTSTATUS (NTAPI
*PLSA_AP_CALL_PACKAGE_UNTRUSTED
)(PLSA_CLIENT_REQUEST
,
65 PVOID
, PVOID
, ULONG
, PVOID
*, PULONG
, PNTSTATUS
);
66 typedef VOID (NTAPI
*PLSA_AP_LOGON_TERMINATED
)(PLUID
);
67 typedef NTSTATUS (NTAPI
*PLSA_AP_LOGON_USER_EX2
)(PLSA_CLIENT_REQUEST
,
68 SECURITY_LOGON_TYPE
, PVOID
, PVOID
, ULONG
, PVOID
*, PULONG
, PLUID
, PNTSTATUS
,
69 PLSA_TOKEN_INFORMATION_TYPE
, PVOID
*, PUNICODE_STRING
*, PUNICODE_STRING
*,
70 PUNICODE_STRING
*, PVOID
/*PSECPKG_PRIMARY_CRED*/, PVOID
/*PSECPKG_SUPPLEMENTAL_CRED_ARRAY **/);
71 typedef NTSTATUS (NTAPI
*PLSA_AP_LOGON_USER_EX
)(PLSA_CLIENT_REQUEST
,
72 SECURITY_LOGON_TYPE
, PVOID
, PVOID
, ULONG
, PVOID
*, PULONG
, PLUID
, PNTSTATUS
,
73 PLSA_TOKEN_INFORMATION_TYPE
, PVOID
*, PUNICODE_STRING
*, PUNICODE_STRING
*,
76 typedef NTSTATUS (NTAPI
*PLSA_AP_LOGON_USER_INTERNAL
)(PLSA_CLIENT_REQUEST
, SECURITY_LOGON_TYPE
,
77 PVOID
, PVOID
, ULONG
, PVOID
*, PULONG
, PLUID
, PNTSTATUS
, PLSA_TOKEN_INFORMATION_TYPE
,
78 PVOID
*, PUNICODE_STRING
*, PUNICODE_STRING
*);
80 typedef struct _AUTH_PACKAGE
87 PLSA_AP_INITIALIZE_PACKAGE LsaApInitializePackage
;
88 PLSA_AP_CALL_PACKAGE_INTERNAL LsaApCallPackage
;
89 PLSA_AP_CALL_PACKAGE_PASSTHROUGH LsaApCallPackagePassthrough
;
90 PLSA_AP_CALL_PACKAGE_UNTRUSTED LsaApCallPackageUntrusted
;
91 PLSA_AP_LOGON_TERMINATED LsaApLogonTerminated
;
92 PLSA_AP_LOGON_USER_EX2 LsaApLogonUserEx2
;
93 PLSA_AP_LOGON_USER_EX LsaApLogonUserEx
;
94 PLSA_AP_LOGON_USER_INTERNAL LsaApLogonUser
;
95 } AUTH_PACKAGE
, *PAUTH_PACKAGE
;
98 /* GLOBALS *****************************************************************/
100 static LIST_ENTRY PackageListHead
;
101 static ULONG PackageId
;
102 static LSA_DISPATCH_TABLE DispatchTable
;
105 /* FUNCTIONS ***************************************************************/
110 LsapAddAuthPackage(IN PWSTR ValueName
,
113 IN ULONG ValueLength
,
115 IN PVOID EntryContext
)
117 PAUTH_PACKAGE Package
= NULL
;
118 UNICODE_STRING PackageName
;
121 NTSTATUS Status
= STATUS_SUCCESS
;
123 TRACE("LsapAddAuthPackage()\n");
125 PackageName
.Length
= (USHORT
)ValueLength
- sizeof(WCHAR
);
126 PackageName
.MaximumLength
= (USHORT
)ValueLength
;
127 PackageName
.Buffer
= ValueData
;
129 Id
= (PULONG
)Context
;
131 Package
= RtlAllocateHeap(RtlGetProcessHeap(),
133 sizeof(AUTH_PACKAGE
));
135 return STATUS_INSUFFICIENT_RESOURCES
;
137 Status
= LdrLoadDll(NULL
,
140 &Package
->ModuleHandle
);
141 if (!NT_SUCCESS(Status
))
143 TRACE("LdrLoadDll failed (Status 0x%08lx)\n", Status
);
147 RtlInitAnsiString(&ProcName
, "LsaApInitializePackage");
148 Status
= LdrGetProcedureAddress(Package
->ModuleHandle
,
151 (PVOID
*)&Package
->LsaApInitializePackage
);
152 if (!NT_SUCCESS(Status
))
154 TRACE("LdrGetProcedureAddress() failed (Status 0x%08lx)\n", Status
);
158 RtlInitAnsiString(&ProcName
, "LsaApCallPackage");
159 Status
= LdrGetProcedureAddress(Package
->ModuleHandle
,
162 (PVOID
*)&Package
->LsaApCallPackage
);
163 if (!NT_SUCCESS(Status
))
165 TRACE("LdrGetProcedureAddress() failed (Status 0x%08lx)\n", Status
);
169 RtlInitAnsiString(&ProcName
, "LsaApCallPackagePassthrough");
170 Status
= LdrGetProcedureAddress(Package
->ModuleHandle
,
173 (PVOID
*)&Package
->LsaApCallPackagePassthrough
);
174 if (!NT_SUCCESS(Status
))
176 TRACE("LdrGetProcedureAddress() failed (Status 0x%08lx)\n", Status
);
180 RtlInitAnsiString(&ProcName
, "LsaApCallPackageUntrusted");
181 Status
= LdrGetProcedureAddress(Package
->ModuleHandle
,
184 (PVOID
*)&Package
->LsaApCallPackageUntrusted
);
185 if (!NT_SUCCESS(Status
))
187 TRACE("LdrGetProcedureAddress() failed (Status 0x%08lx)\n", Status
);
191 RtlInitAnsiString(&ProcName
, "LsaApLogonTerminated");
192 Status
= LdrGetProcedureAddress(Package
->ModuleHandle
,
195 (PVOID
*)&Package
->LsaApLogonTerminated
);
196 if (!NT_SUCCESS(Status
))
198 TRACE("LdrGetProcedureAddress() failed (Status 0x%08lx)\n", Status
);
202 RtlInitAnsiString(&ProcName
, "LsaApLogonUserEx2");
203 Status
= LdrGetProcedureAddress(Package
->ModuleHandle
,
206 (PVOID
*)&Package
->LsaApLogonUserEx2
);
207 if (!NT_SUCCESS(Status
))
209 RtlInitAnsiString(&ProcName
, "LsaApLogonUserEx");
210 Status
= LdrGetProcedureAddress(Package
->ModuleHandle
,
213 (PVOID
*)&Package
->LsaApLogonUserEx
);
214 if (!NT_SUCCESS(Status
))
216 RtlInitAnsiString(&ProcName
, "LsaApLogonUser");
217 Status
= LdrGetProcedureAddress(Package
->ModuleHandle
,
220 (PVOID
*)&Package
->LsaApLogonUser
);
221 if (!NT_SUCCESS(Status
))
223 TRACE("LdrGetProcedureAddress() failed (Status 0x%08lx)\n", Status
);
229 /* Initialize the current package */
230 Status
= Package
->LsaApInitializePackage(*Id
,
235 if (!NT_SUCCESS(Status
))
237 TRACE("Package->LsaApInitializePackage() failed (Status 0x%08lx)\n", Status
);
241 TRACE("Package Name: %s\n", Package
->Name
->Buffer
);
246 InsertTailList(&PackageListHead
, &Package
->Entry
);
249 if (!NT_SUCCESS(Status
))
253 if (Package
->ModuleHandle
!= NULL
)
254 LdrUnloadDll(Package
->ModuleHandle
);
256 if (Package
->Name
!= NULL
)
258 if (Package
->Name
->Buffer
!= NULL
)
259 RtlFreeHeap(RtlGetProcessHeap(), 0, Package
->Name
->Buffer
);
261 RtlFreeHeap(RtlGetProcessHeap(), 0, Package
->Name
);
264 RtlFreeHeap(RtlGetProcessHeap(), 0, Package
);
274 LsapGetAuthenticationPackage(IN ULONG PackageId
)
276 PLIST_ENTRY ListEntry
;
277 PAUTH_PACKAGE Package
;
279 ListEntry
= PackageListHead
.Flink
;
280 while (ListEntry
!= &PackageListHead
)
282 Package
= CONTAINING_RECORD(ListEntry
, AUTH_PACKAGE
, Entry
);
284 if (Package
->Id
== PackageId
)
289 ListEntry
= ListEntry
->Flink
;
299 LsapAllocateHeap(IN ULONG Length
)
301 return RtlAllocateHeap(RtlGetProcessHeap(),
310 LsapFreeHeap(IN PVOID Base
)
312 RtlFreeHeap(RtlGetProcessHeap(),
321 LsapAllocateClientBuffer(IN PLSA_CLIENT_REQUEST ClientRequest
,
322 IN ULONG LengthRequired
,
323 OUT PVOID
*ClientBaseAddress
)
325 PLSAP_LOGON_CONTEXT LogonContext
;
328 *ClientBaseAddress
= NULL
;
330 LogonContext
= (PLSAP_LOGON_CONTEXT
)ClientRequest
;
332 Length
= LengthRequired
;
333 return NtAllocateVirtualMemory(LogonContext
->ClientProcessHandle
,
345 LsapFreeClientBuffer(IN PLSA_CLIENT_REQUEST ClientRequest
,
346 IN PVOID ClientBaseAddress
)
348 PLSAP_LOGON_CONTEXT LogonContext
;
351 if (ClientBaseAddress
== NULL
)
352 return STATUS_SUCCESS
;
354 LogonContext
= (PLSAP_LOGON_CONTEXT
)ClientRequest
;
357 return NtFreeVirtualMemory(LogonContext
->ClientProcessHandle
,
367 LsapCopyToClientBuffer(IN PLSA_CLIENT_REQUEST ClientRequest
,
369 IN PVOID ClientBaseAddress
,
370 IN PVOID BufferToCopy
)
372 PLSAP_LOGON_CONTEXT LogonContext
;
374 LogonContext
= (PLSAP_LOGON_CONTEXT
)ClientRequest
;
376 return NtWriteVirtualMemory(LogonContext
->ClientProcessHandle
,
387 LsapCopyFromClientBuffer(IN PLSA_CLIENT_REQUEST ClientRequest
,
389 IN PVOID BufferToCopy
,
390 IN PVOID ClientBaseAddress
)
392 PLSAP_LOGON_CONTEXT LogonContext
;
394 LogonContext
= (PLSAP_LOGON_CONTEXT
)ClientRequest
;
396 return NtReadVirtualMemory(LogonContext
->ClientProcessHandle
,
405 LsapInitAuthPackages(VOID
)
407 RTL_QUERY_REGISTRY_TABLE AuthPackageTable
[] = {
408 {LsapAddAuthPackage
, 0, L
"Authentication Packages", NULL
, REG_NONE
, NULL
, 0},
409 {NULL
, 0, NULL
, NULL
, REG_NONE
, NULL
, 0}};
413 InitializeListHead(&PackageListHead
);
416 /* Initialize the dispatch table */
417 DispatchTable
.CreateLogonSession
= &LsapCreateLogonSession
;
418 DispatchTable
.DeleteLogonSession
= &LsapDeleteLogonSession
;
419 DispatchTable
.AddCredential
= NULL
;
420 DispatchTable
.GetCredentials
= NULL
;
421 DispatchTable
.DeleteCredential
= NULL
;
422 DispatchTable
.AllocateLsaHeap
= &LsapAllocateHeap
;
423 DispatchTable
.FreeLsaHeap
= &LsapFreeHeap
;
424 DispatchTable
.AllocateClientBuffer
= &LsapAllocateClientBuffer
;
425 DispatchTable
.FreeClientBuffer
= &LsapFreeClientBuffer
;
426 DispatchTable
.CopyToClientBuffer
= &LsapCopyToClientBuffer
;
427 DispatchTable
.CopyFromClientBuffer
= &LsapCopyFromClientBuffer
;
429 /* Add registered authentication packages */
430 Status
= RtlQueryRegistryValues(RTL_REGISTRY_CONTROL
,
441 LsapLookupAuthenticationPackage(PLSA_API_MSG RequestMsg
,
442 PLSAP_LOGON_CONTEXT LogonContext
)
444 PLIST_ENTRY ListEntry
;
445 PAUTH_PACKAGE Package
;
446 ULONG PackageNameLength
;
449 TRACE("(%p %p)\n", RequestMsg
, LogonContext
);
451 PackageNameLength
= RequestMsg
->LookupAuthenticationPackage
.Request
.PackageNameLength
;
452 PackageName
= RequestMsg
->LookupAuthenticationPackage
.Request
.PackageName
;
454 TRACE("PackageName: %s\n", PackageName
);
456 ListEntry
= PackageListHead
.Flink
;
457 while (ListEntry
!= &PackageListHead
)
459 Package
= CONTAINING_RECORD(ListEntry
, AUTH_PACKAGE
, Entry
);
461 if ((PackageNameLength
== Package
->Name
->Length
) &&
462 (_strnicmp(PackageName
, Package
->Name
->Buffer
, Package
->Name
->Length
) == 0))
464 RequestMsg
->LookupAuthenticationPackage
.Reply
.Package
= Package
->Id
;
465 return STATUS_SUCCESS
;
468 ListEntry
= ListEntry
->Flink
;
471 return STATUS_NO_SUCH_PACKAGE
;
476 LsapCallAuthenticationPackage(PLSA_API_MSG RequestMsg
,
477 PLSAP_LOGON_CONTEXT LogonContext
)
479 PAUTH_PACKAGE Package
;
480 PVOID LocalBuffer
= NULL
;
484 TRACE("(%p %p)\n", RequestMsg
, LogonContext
);
486 PackageId
= RequestMsg
->CallAuthenticationPackage
.Request
.AuthenticationPackage
;
488 /* Get the right authentication package */
489 Package
= LsapGetAuthenticationPackage(PackageId
);
492 TRACE("LsapGetAuthenticationPackage() failed to find a package\n");
493 return STATUS_NO_SUCH_PACKAGE
;
496 if (RequestMsg
->CallAuthenticationPackage
.Request
.SubmitBufferLength
> 0)
498 LocalBuffer
= RtlAllocateHeap(RtlGetProcessHeap(),
500 RequestMsg
->CallAuthenticationPackage
.Request
.SubmitBufferLength
);
501 if (LocalBuffer
== NULL
)
503 return STATUS_INSUFFICIENT_RESOURCES
;
506 Status
= NtReadVirtualMemory(LogonContext
->ClientProcessHandle
,
507 RequestMsg
->CallAuthenticationPackage
.Request
.ProtocolSubmitBuffer
,
509 RequestMsg
->CallAuthenticationPackage
.Request
.SubmitBufferLength
,
511 if (!NT_SUCCESS(Status
))
513 TRACE("NtReadVirtualMemory() failed (Status 0x%08lx)\n", Status
);
514 RtlFreeHeap(RtlGetProcessHeap(), 0, LocalBuffer
);
519 Status
= Package
->LsaApCallPackage((PLSA_CLIENT_REQUEST
)LogonContext
,
521 RequestMsg
->CallAuthenticationPackage
.Request
.ProtocolSubmitBuffer
,
522 RequestMsg
->CallAuthenticationPackage
.Request
.SubmitBufferLength
,
523 &RequestMsg
->CallAuthenticationPackage
.Reply
.ProtocolReturnBuffer
,
524 &RequestMsg
->CallAuthenticationPackage
.Reply
.ReturnBufferLength
,
525 &RequestMsg
->CallAuthenticationPackage
.Reply
.ProtocolStatus
);
526 if (!NT_SUCCESS(Status
))
528 TRACE("Package->LsaApCallPackage() failed (Status 0x%08lx)\n", Status
);
531 if (LocalBuffer
!= NULL
)
532 RtlFreeHeap(RtlGetProcessHeap(), 0, LocalBuffer
);
541 IN PLSAP_LOGON_CONTEXT LogonContext
,
542 IN PTOKEN_GROUPS ClientGroups
,
543 IN ULONG ClientGroupsCount
,
544 OUT PTOKEN_GROUPS
*TokenGroups
)
546 ULONG LocalGroupsLength
= 0;
547 PTOKEN_GROUPS LocalGroups
= NULL
;
548 ULONG SidHeaderLength
= 0;
549 PSID SidHeader
= NULL
;
552 ULONG CopiedSids
= 0;
556 LocalGroupsLength
= sizeof(TOKEN_GROUPS
) +
557 (ClientGroupsCount
- ANYSIZE_ARRAY
) * sizeof(SID_AND_ATTRIBUTES
);
558 LocalGroups
= RtlAllocateHeap(RtlGetProcessHeap(),
561 if (LocalGroups
== NULL
)
563 TRACE("RtlAllocateHeap() failed\n");
564 return STATUS_INSUFFICIENT_RESOURCES
;
567 Status
= NtReadVirtualMemory(LogonContext
->ClientProcessHandle
,
572 if (!NT_SUCCESS(Status
))
576 SidHeaderLength
= RtlLengthRequiredSid(0);
577 SidHeader
= RtlAllocateHeap(RtlGetProcessHeap(),
580 if (SidHeader
== NULL
)
582 Status
= STATUS_INSUFFICIENT_RESOURCES
;
586 for (i
= 0; i
< ClientGroupsCount
; i
++)
588 Status
= NtReadVirtualMemory(LogonContext
->ClientProcessHandle
,
589 LocalGroups
->Groups
[i
].Sid
,
593 if (!NT_SUCCESS(Status
))
596 SidLength
= RtlLengthSid(SidHeader
);
597 TRACE("Sid %lu: Length %lu\n", i
, SidLength
);
599 Sid
= RtlAllocateHeap(RtlGetProcessHeap(),
602 if (SidHeader
== NULL
)
604 Status
= STATUS_INSUFFICIENT_RESOURCES
;
608 Status
= NtReadVirtualMemory(LogonContext
->ClientProcessHandle
,
609 LocalGroups
->Groups
[i
].Sid
,
613 if (!NT_SUCCESS(Status
))
615 RtlFreeHeap(RtlGetProcessHeap(), 0, Sid
);
619 LocalGroups
->Groups
[i
].Sid
= Sid
;
623 *TokenGroups
= LocalGroups
;
626 if (SidHeader
!= NULL
)
627 RtlFreeHeap(RtlGetProcessHeap(), 0, SidHeader
);
629 if (!NT_SUCCESS(Status
))
631 if (LocalGroups
!= NULL
)
633 for (i
= 0; i
< CopiedSids
; i
++)
634 RtlFreeHeap(RtlGetProcessHeap(), 0, LocalGroups
->Groups
[i
].Sid
);
636 RtlFreeHeap(RtlGetProcessHeap(), 0, LocalGroups
);
645 LsapLogonUser(PLSA_API_MSG RequestMsg
,
646 PLSAP_LOGON_CONTEXT LogonContext
)
648 PAUTH_PACKAGE Package
;
649 OBJECT_ATTRIBUTES ObjectAttributes
;
650 SECURITY_QUALITY_OF_SERVICE Qos
;
651 LSA_TOKEN_INFORMATION_TYPE TokenInformationType
;
652 PVOID TokenInformation
= NULL
;
653 PLSA_TOKEN_INFORMATION_V1 TokenInfo1
= NULL
;
654 PUNICODE_STRING AccountName
= NULL
;
655 PUNICODE_STRING AuthenticatingAuthority
= NULL
;
656 PUNICODE_STRING MachineName
= NULL
;
657 PVOID LocalAuthInfo
= NULL
;
658 PTOKEN_GROUPS LocalGroups
= NULL
;
659 HANDLE TokenHandle
= NULL
;
664 TRACE("(%p %p)\n", RequestMsg
, LogonContext
);
666 PackageId
= RequestMsg
->LogonUser
.Request
.AuthenticationPackage
;
668 /* Get the right authentication package */
669 Package
= LsapGetAuthenticationPackage(PackageId
);
672 TRACE("LsapGetAuthenticationPackage() failed to find a package\n");
673 return STATUS_NO_SUCH_PACKAGE
;
676 if (RequestMsg
->LogonUser
.Request
.AuthenticationInformationLength
> 0)
678 /* Allocate the local authentication info buffer */
679 LocalAuthInfo
= RtlAllocateHeap(RtlGetProcessHeap(),
681 RequestMsg
->LogonUser
.Request
.AuthenticationInformationLength
);
682 if (LocalAuthInfo
== NULL
)
684 TRACE("RtlAllocateHeap() failed\n");
685 return STATUS_INSUFFICIENT_RESOURCES
;
688 /* Read the authentication info from the callers adress space */
689 Status
= NtReadVirtualMemory(LogonContext
->ClientProcessHandle
,
690 RequestMsg
->LogonUser
.Request
.AuthenticationInformation
,
692 RequestMsg
->LogonUser
.Request
.AuthenticationInformationLength
,
694 if (!NT_SUCCESS(Status
))
696 TRACE("NtReadVirtualMemory() failed (Status 0x%08lx)\n", Status
);
697 RtlFreeHeap(RtlGetProcessHeap(), 0, LocalAuthInfo
);
702 if (RequestMsg
->LogonUser
.Request
.LocalGroupsCount
> 0)
704 Status
= LsapCopyLocalGroups(LogonContext
,
705 RequestMsg
->LogonUser
.Request
.LocalGroups
,
706 RequestMsg
->LogonUser
.Request
.LocalGroupsCount
,
708 if (!NT_SUCCESS(Status
))
711 TRACE("GroupCount: %lu\n", LocalGroups
->GroupCount
);
714 if (Package
->LsaApLogonUserEx2
!= NULL
)
716 Status
= Package
->LsaApLogonUserEx2((PLSA_CLIENT_REQUEST
)LogonContext
,
717 RequestMsg
->LogonUser
.Request
.LogonType
,
719 RequestMsg
->LogonUser
.Request
.AuthenticationInformation
,
720 RequestMsg
->LogonUser
.Request
.AuthenticationInformationLength
,
721 &RequestMsg
->LogonUser
.Reply
.ProfileBuffer
,
722 &RequestMsg
->LogonUser
.Reply
.ProfileBufferLength
,
723 &RequestMsg
->LogonUser
.Reply
.LogonId
,
724 &RequestMsg
->LogonUser
.Reply
.SubStatus
,
725 &TokenInformationType
,
728 &AuthenticatingAuthority
,
730 NULL
, /* FIXME: PSECPKG_PRIMARY_CRED PrimaryCredentials */
731 NULL
); /* FIXME: PSECPKG_SUPPLEMENTAL_CRED_ARRAY *SupplementalCredentials */
733 else if (Package
->LsaApLogonUserEx
!= NULL
)
735 Status
= Package
->LsaApLogonUserEx((PLSA_CLIENT_REQUEST
)LogonContext
,
736 RequestMsg
->LogonUser
.Request
.LogonType
,
738 RequestMsg
->LogonUser
.Request
.AuthenticationInformation
,
739 RequestMsg
->LogonUser
.Request
.AuthenticationInformationLength
,
740 &RequestMsg
->LogonUser
.Reply
.ProfileBuffer
,
741 &RequestMsg
->LogonUser
.Reply
.ProfileBufferLength
,
742 &RequestMsg
->LogonUser
.Reply
.LogonId
,
743 &RequestMsg
->LogonUser
.Reply
.SubStatus
,
744 &TokenInformationType
,
747 &AuthenticatingAuthority
,
752 Status
= Package
->LsaApLogonUser((PLSA_CLIENT_REQUEST
)LogonContext
,
753 RequestMsg
->LogonUser
.Request
.LogonType
,
755 RequestMsg
->LogonUser
.Request
.AuthenticationInformation
,
756 RequestMsg
->LogonUser
.Request
.AuthenticationInformationLength
,
757 &RequestMsg
->LogonUser
.Reply
.ProfileBuffer
,
758 &RequestMsg
->LogonUser
.Reply
.ProfileBufferLength
,
759 &RequestMsg
->LogonUser
.Reply
.LogonId
,
760 &RequestMsg
->LogonUser
.Reply
.SubStatus
,
761 &TokenInformationType
,
764 &AuthenticatingAuthority
);
767 if (!NT_SUCCESS(Status
))
769 TRACE("LsaApLogonUser/Ex/2 failed (Status 0x%08lx)\n", Status
);
773 if (TokenInformationType
== LsaTokenInformationV1
)
775 TokenInfo1
= (PLSA_TOKEN_INFORMATION_V1
)TokenInformation
;
777 Qos
.Length
= sizeof(SECURITY_QUALITY_OF_SERVICE
);
778 Qos
.ImpersonationLevel
= SecurityImpersonation
;
779 Qos
.ContextTrackingMode
= SECURITY_DYNAMIC_TRACKING
;
780 Qos
.EffectiveOnly
= FALSE
;
782 ObjectAttributes
.Length
= sizeof(OBJECT_ATTRIBUTES
);
783 ObjectAttributes
.RootDirectory
= NULL
;
784 ObjectAttributes
.ObjectName
= NULL
;
785 ObjectAttributes
.Attributes
= 0;
786 ObjectAttributes
.SecurityDescriptor
= NULL
;
787 ObjectAttributes
.SecurityQualityOfService
= &Qos
;
789 /* Create the logon token */
790 Status
= NtCreateToken(&TokenHandle
,
794 &RequestMsg
->LogonUser
.Reply
.LogonId
,
795 &TokenInfo1
->ExpirationTime
,
798 TokenInfo1
->Privileges
,
800 &TokenInfo1
->PrimaryGroup
,
801 &TokenInfo1
->DefaultDacl
,
802 &RequestMsg
->LogonUser
.Request
.SourceContext
);
803 if (!NT_SUCCESS(Status
))
805 TRACE("NtCreateToken failed (Status 0x%08lx)\n", Status
);
811 FIXME("TokenInformationType %d is not supported!\n", TokenInformationType
);
812 Status
= STATUS_NOT_IMPLEMENTED
;
816 /* Duplicate the token handle into the client process */
817 Status
= NtDuplicateObject(NtCurrentProcess(),
819 LogonContext
->ClientProcessHandle
,
820 &RequestMsg
->LogonUser
.Reply
.Token
,
823 DUPLICATE_SAME_ACCESS
| DUPLICATE_SAME_ATTRIBUTES
| DUPLICATE_CLOSE_SOURCE
);
824 if (!NT_SUCCESS(Status
))
826 TRACE("NtDuplicateObject failed (Status 0x%08lx)\n", Status
);
832 Status
= LsapSetLogonSessionData(&RequestMsg
->LogonUser
.Reply
.LogonId
);
833 if (!NT_SUCCESS(Status
))
835 TRACE("LsapSetLogonSessionData failed (Status 0x%08lx)\n", Status
);
840 if (!NT_SUCCESS(Status
))
842 if (TokenHandle
!= NULL
)
843 NtClose(TokenHandle
);
846 /* Free the local groups */
847 if (LocalGroups
!= NULL
)
849 for (i
= 0; i
< LocalGroups
->GroupCount
; i
++)
850 RtlFreeHeap(RtlGetProcessHeap(), 0, LocalGroups
->Groups
[i
].Sid
);
852 RtlFreeHeap(RtlGetProcessHeap(), 0, LocalGroups
);
855 /* Free the local authentication info buffer */
856 if (LocalAuthInfo
!= NULL
)
857 RtlFreeHeap(RtlGetProcessHeap(), 0, LocalAuthInfo
);
859 /* Free the token information */
860 if (TokenInformation
!= NULL
)
862 if (TokenInformationType
== LsaTokenInformationV1
)
864 TokenInfo1
= (PLSA_TOKEN_INFORMATION_V1
)TokenInformation
;
866 if (TokenInfo1
!= NULL
)
868 if (TokenInfo1
->User
.User
.Sid
!= NULL
)
869 LsapFreeHeap(TokenInfo1
->User
.User
.Sid
);
871 if (TokenInfo1
->Groups
!= NULL
)
873 for (i
= 0; i
< TokenInfo1
->Groups
->GroupCount
; i
++)
875 if (TokenInfo1
->Groups
->Groups
[i
].Sid
!= NULL
)
876 LsapFreeHeap(TokenInfo1
->Groups
->Groups
[i
].Sid
);
879 LsapFreeHeap(TokenInfo1
->Groups
);
882 if (TokenInfo1
->PrimaryGroup
.PrimaryGroup
!= NULL
)
883 LsapFreeHeap(TokenInfo1
->PrimaryGroup
.PrimaryGroup
);
885 if (TokenInfo1
->Privileges
!= NULL
)
886 LsapFreeHeap(TokenInfo1
->Privileges
);
888 if (TokenInfo1
->Owner
.Owner
!= NULL
)
889 LsapFreeHeap(TokenInfo1
->Owner
.Owner
);
891 if (TokenInfo1
->DefaultDacl
.DefaultDacl
!= NULL
)
892 LsapFreeHeap(TokenInfo1
->DefaultDacl
.DefaultDacl
);
894 LsapFreeHeap(TokenInfo1
);
899 FIXME("TokenInformationType %d is not supported!\n", TokenInformationType
);
903 /* Free the account name */
904 if (AccountName
!= NULL
)
906 if (AccountName
->Buffer
!= NULL
)
907 LsapFreeHeap(AccountName
->Buffer
);
909 LsapFreeHeap(AccountName
);
912 /* Free the authentication authority */
913 if (AuthenticatingAuthority
!= NULL
)
915 if (AuthenticatingAuthority
!= NULL
)
916 LsapFreeHeap(AuthenticatingAuthority
->Buffer
);
918 LsapFreeHeap(AuthenticatingAuthority
);
921 /* Free the machine name */
922 if (MachineName
!= NULL
)
924 if (MachineName
->Buffer
!= NULL
)
925 LsapFreeHeap(MachineName
->Buffer
);
927 LsapFreeHeap(MachineName
);
930 TRACE("LsapLogonUser done (Status 0x%08lx)\n", Status
);