2 * PROJECT: Local Security Authority Server DLL
3 * LICENSE: GPL - See COPYING in the top level directory
4 * FILE: dll/win32/lsasrv/authpackage.c
5 * PURPOSE: Authenticaton package management routines
6 * COPYRIGHT: Copyright 2013 Eric Kohl
9 /* INCLUDES ****************************************************************/
13 WINE_DEFAULT_DEBUG_CHANNEL(lsasrv
);
15 typedef enum _LSA_TOKEN_INFORMATION_TYPE
17 LsaTokenInformationNull
,
19 } LSA_TOKEN_INFORMATION_TYPE
, *PLSA_TOKEN_INFORMATION_TYPE
;
21 typedef struct _LSA_TOKEN_INFORMATION_V1
23 LARGE_INTEGER ExpirationTime
;
26 TOKEN_PRIMARY_GROUP PrimaryGroup
;
27 PTOKEN_PRIVILEGES Privileges
;
29 TOKEN_DEFAULT_DACL DefaultDacl
;
30 } LSA_TOKEN_INFORMATION_V1
, *PLSA_TOKEN_INFORMATION_V1
;
32 typedef PVOID PLSA_CLIENT_REQUEST
;
34 typedef NTSTATUS (NTAPI
*PLSA_CREATE_LOGON_SESSION
)(PLUID
);
35 typedef NTSTATUS (NTAPI
*PLSA_DELETE_LOGON_SESSION
)(PLUID
);
37 typedef PVOID (NTAPI
*PLSA_ALLOCATE_LSA_HEAP
)(ULONG
);
38 typedef VOID (NTAPI
*PLSA_FREE_LSA_HEAP
)(PVOID
);
39 typedef NTSTATUS (NTAPI
*PLSA_ALLOCATE_CLIENT_BUFFER
)(PLSA_CLIENT_REQUEST
, ULONG
, PVOID
*);
40 typedef NTSTATUS (NTAPI
*PLSA_FREE_CLIENT_BUFFER
)(PLSA_CLIENT_REQUEST
, PVOID
);
41 typedef NTSTATUS (NTAPI
*PLSA_COPY_TO_CLIENT_BUFFER
)(PLSA_CLIENT_REQUEST
, ULONG
,
43 typedef NTSTATUS (NTAPI
*PLSA_COPY_FROM_CLIENT_BUFFER
)(PLSA_CLIENT_REQUEST
,
46 typedef struct LSA_DISPATCH_TABLE
48 PLSA_CREATE_LOGON_SESSION CreateLogonSession
;
49 PLSA_DELETE_LOGON_SESSION DeleteLogonSession
;
50 PVOID
/*PLSA_ADD_CREDENTIAL */ AddCredential
;
51 PVOID
/*PLSA_GET_CREDENTIALS */ GetCredentials
;
52 PVOID
/*PLSA_DELETE_CREDENTIAL */ DeleteCredential
;
53 PLSA_ALLOCATE_LSA_HEAP AllocateLsaHeap
;
54 PLSA_FREE_LSA_HEAP FreeLsaHeap
;
55 PLSA_ALLOCATE_CLIENT_BUFFER AllocateClientBuffer
;
56 PLSA_FREE_CLIENT_BUFFER FreeClientBuffer
;
57 PLSA_COPY_TO_CLIENT_BUFFER CopyToClientBuffer
;
58 PLSA_COPY_FROM_CLIENT_BUFFER CopyFromClientBuffer
;
59 } LSA_DISPATCH_TABLE
, *PLSA_DISPATCH_TABLE
;
62 typedef NTSTATUS (NTAPI
*PLSA_AP_INITIALIZE_PACKAGE
)(ULONG
, PLSA_DISPATCH_TABLE
,
63 PLSA_STRING
, PLSA_STRING
, PLSA_STRING
*);
64 typedef NTSTATUS (NTAPI
*PLSA_AP_CALL_PACKAGE_INTERNAL
)(PLSA_CLIENT_REQUEST
, PVOID
, PVOID
,
65 ULONG
, PVOID
*, PULONG
, PNTSTATUS
);
66 typedef NTSTATUS (NTAPI
*PLSA_AP_CALL_PACKAGE_PASSTHROUGH
)(PLSA_CLIENT_REQUEST
,
67 PVOID
, PVOID
, ULONG
, PVOID
*, PULONG
, PNTSTATUS
);
68 typedef NTSTATUS (NTAPI
*PLSA_AP_CALL_PACKAGE_UNTRUSTED
)(PLSA_CLIENT_REQUEST
,
69 PVOID
, PVOID
, ULONG
, PVOID
*, PULONG
, PNTSTATUS
);
70 typedef VOID (NTAPI
*PLSA_AP_LOGON_TERMINATED
)(PLUID
);
71 typedef NTSTATUS (NTAPI
*PLSA_AP_LOGON_USER_EX2
)(PLSA_CLIENT_REQUEST
,
72 SECURITY_LOGON_TYPE
, PVOID
, PVOID
, ULONG
, PVOID
*, PULONG
, PLUID
, PNTSTATUS
,
73 PLSA_TOKEN_INFORMATION_TYPE
, PVOID
*, PUNICODE_STRING
*, PUNICODE_STRING
*,
74 PUNICODE_STRING
*, PVOID
/*PSECPKG_PRIMARY_CRED*/, PVOID
/*PSECPKG_SUPPLEMENTAL_CRED_ARRAY **/);
75 typedef NTSTATUS (NTAPI
*PLSA_AP_LOGON_USER_EX
)(PLSA_CLIENT_REQUEST
,
76 SECURITY_LOGON_TYPE
, PVOID
, PVOID
, ULONG
, PVOID
*, PULONG
, PLUID
, PNTSTATUS
,
77 PLSA_TOKEN_INFORMATION_TYPE
, PVOID
*, PUNICODE_STRING
*, PUNICODE_STRING
*,
80 typedef NTSTATUS (NTAPI
*PLSA_AP_LOGON_USER_INTERNAL
)(PLSA_CLIENT_REQUEST
, SECURITY_LOGON_TYPE
,
81 PVOID
, PVOID
, ULONG
, PVOID
*, PULONG
, PLUID
, PNTSTATUS
, PLSA_TOKEN_INFORMATION_TYPE
,
82 PVOID
*, PUNICODE_STRING
*, PUNICODE_STRING
*);
84 typedef struct _AUTH_PACKAGE
91 PLSA_AP_INITIALIZE_PACKAGE LsaApInitializePackage
;
92 PLSA_AP_CALL_PACKAGE_INTERNAL LsaApCallPackage
;
93 PLSA_AP_CALL_PACKAGE_PASSTHROUGH LsaApCallPackagePassthrough
;
94 PLSA_AP_CALL_PACKAGE_UNTRUSTED LsaApCallPackageUntrusted
;
95 PLSA_AP_LOGON_TERMINATED LsaApLogonTerminated
;
96 PLSA_AP_LOGON_USER_EX2 LsaApLogonUserEx2
;
97 PLSA_AP_LOGON_USER_EX LsaApLogonUserEx
;
98 PLSA_AP_LOGON_USER_INTERNAL LsaApLogonUser
;
99 } AUTH_PACKAGE
, *PAUTH_PACKAGE
;
102 /* GLOBALS *****************************************************************/
104 static LIST_ENTRY PackageListHead
;
105 static ULONG PackageId
;
106 static LSA_DISPATCH_TABLE DispatchTable
;
109 /* FUNCTIONS ***************************************************************/
114 LsapAddAuthPackage(IN PWSTR ValueName
,
117 IN ULONG ValueLength
,
119 IN PVOID EntryContext
)
121 PAUTH_PACKAGE Package
= NULL
;
122 UNICODE_STRING PackageName
;
125 NTSTATUS Status
= STATUS_SUCCESS
;
127 TRACE("LsapAddAuthPackage()\n");
129 PackageName
.Length
= (USHORT
)ValueLength
- sizeof(WCHAR
);
130 PackageName
.MaximumLength
= (USHORT
)ValueLength
;
131 PackageName
.Buffer
= ValueData
;
133 Id
= (PULONG
)Context
;
135 Package
= RtlAllocateHeap(RtlGetProcessHeap(),
137 sizeof(AUTH_PACKAGE
));
139 return STATUS_INSUFFICIENT_RESOURCES
;
141 Status
= LdrLoadDll(NULL
,
144 &Package
->ModuleHandle
);
145 if (!NT_SUCCESS(Status
))
147 TRACE("LdrLoadDll failed (Status 0x%08lx)\n", Status
);
151 RtlInitAnsiString(&ProcName
, "LsaApInitializePackage");
152 Status
= LdrGetProcedureAddress(Package
->ModuleHandle
,
155 (PVOID
*)&Package
->LsaApInitializePackage
);
156 if (!NT_SUCCESS(Status
))
158 TRACE("LdrGetProcedureAddress() failed (Status 0x%08lx)\n", Status
);
162 RtlInitAnsiString(&ProcName
, "LsaApCallPackage");
163 Status
= LdrGetProcedureAddress(Package
->ModuleHandle
,
166 (PVOID
*)&Package
->LsaApCallPackage
);
167 if (!NT_SUCCESS(Status
))
169 TRACE("LdrGetProcedureAddress() failed (Status 0x%08lx)\n", Status
);
173 RtlInitAnsiString(&ProcName
, "LsaApCallPackagePassthrough");
174 Status
= LdrGetProcedureAddress(Package
->ModuleHandle
,
177 (PVOID
*)&Package
->LsaApCallPackagePassthrough
);
178 if (!NT_SUCCESS(Status
))
180 TRACE("LdrGetProcedureAddress() failed (Status 0x%08lx)\n", Status
);
184 RtlInitAnsiString(&ProcName
, "LsaApCallPackageUntrusted");
185 Status
= LdrGetProcedureAddress(Package
->ModuleHandle
,
188 (PVOID
*)&Package
->LsaApCallPackageUntrusted
);
189 if (!NT_SUCCESS(Status
))
191 TRACE("LdrGetProcedureAddress() failed (Status 0x%08lx)\n", Status
);
195 RtlInitAnsiString(&ProcName
, "LsaApLogonTerminated");
196 Status
= LdrGetProcedureAddress(Package
->ModuleHandle
,
199 (PVOID
*)&Package
->LsaApLogonTerminated
);
200 if (!NT_SUCCESS(Status
))
202 TRACE("LdrGetProcedureAddress() failed (Status 0x%08lx)\n", Status
);
206 RtlInitAnsiString(&ProcName
, "LsaApLogonUserEx2");
207 Status
= LdrGetProcedureAddress(Package
->ModuleHandle
,
210 (PVOID
*)&Package
->LsaApLogonUserEx2
);
211 if (!NT_SUCCESS(Status
))
213 RtlInitAnsiString(&ProcName
, "LsaApLogonUserEx");
214 Status
= LdrGetProcedureAddress(Package
->ModuleHandle
,
217 (PVOID
*)&Package
->LsaApLogonUserEx
);
218 if (!NT_SUCCESS(Status
))
220 RtlInitAnsiString(&ProcName
, "LsaApLogonUser");
221 Status
= LdrGetProcedureAddress(Package
->ModuleHandle
,
224 (PVOID
*)&Package
->LsaApLogonUser
);
225 if (!NT_SUCCESS(Status
))
227 TRACE("LdrGetProcedureAddress() failed (Status 0x%08lx)\n", Status
);
233 /* Initialize the current package */
234 Status
= Package
->LsaApInitializePackage(*Id
,
239 if (!NT_SUCCESS(Status
))
241 TRACE("Package->LsaApInitializePackage() failed (Status 0x%08lx)\n", Status
);
245 TRACE("Package Name: %s\n", Package
->Name
->Buffer
);
250 InsertTailList(&PackageListHead
, &Package
->Entry
);
253 if (!NT_SUCCESS(Status
))
257 if (Package
->ModuleHandle
!= NULL
)
258 LdrUnloadDll(Package
->ModuleHandle
);
260 if (Package
->Name
!= NULL
)
262 if (Package
->Name
->Buffer
!= NULL
)
263 RtlFreeHeap(RtlGetProcessHeap(), 0, Package
->Name
->Buffer
);
265 RtlFreeHeap(RtlGetProcessHeap(), 0, Package
->Name
);
268 RtlFreeHeap(RtlGetProcessHeap(), 0, Package
);
278 LsapGetAuthenticationPackage(IN ULONG PackageId
)
280 PLIST_ENTRY ListEntry
;
281 PAUTH_PACKAGE Package
;
283 ListEntry
= PackageListHead
.Flink
;
284 while (ListEntry
!= &PackageListHead
)
286 Package
= CONTAINING_RECORD(ListEntry
, AUTH_PACKAGE
, Entry
);
288 if (Package
->Id
== PackageId
)
293 ListEntry
= ListEntry
->Flink
;
303 LsapAllocateHeap(IN ULONG Length
)
305 return RtlAllocateHeap(RtlGetProcessHeap(),
314 LsapFreeHeap(IN PVOID Base
)
316 RtlFreeHeap(RtlGetProcessHeap(),
325 LsapAllocateClientBuffer(IN PLSA_CLIENT_REQUEST ClientRequest
,
326 IN ULONG LengthRequired
,
327 OUT PVOID
*ClientBaseAddress
)
329 PLSAP_LOGON_CONTEXT LogonContext
;
332 *ClientBaseAddress
= NULL
;
334 LogonContext
= (PLSAP_LOGON_CONTEXT
)ClientRequest
;
336 Length
= LengthRequired
;
337 return NtAllocateVirtualMemory(LogonContext
->ClientProcessHandle
,
349 LsapFreeClientBuffer(IN PLSA_CLIENT_REQUEST ClientRequest
,
350 IN PVOID ClientBaseAddress
)
352 PLSAP_LOGON_CONTEXT LogonContext
;
355 if (ClientBaseAddress
== NULL
)
356 return STATUS_SUCCESS
;
358 LogonContext
= (PLSAP_LOGON_CONTEXT
)ClientRequest
;
361 return NtFreeVirtualMemory(LogonContext
->ClientProcessHandle
,
371 LsapCopyToClientBuffer(IN PLSA_CLIENT_REQUEST ClientRequest
,
373 IN PVOID ClientBaseAddress
,
374 IN PVOID BufferToCopy
)
376 PLSAP_LOGON_CONTEXT LogonContext
;
378 LogonContext
= (PLSAP_LOGON_CONTEXT
)ClientRequest
;
380 return NtWriteVirtualMemory(LogonContext
->ClientProcessHandle
,
391 LsapCopyFromClientBuffer(IN PLSA_CLIENT_REQUEST ClientRequest
,
393 IN PVOID BufferToCopy
,
394 IN PVOID ClientBaseAddress
)
396 PLSAP_LOGON_CONTEXT LogonContext
;
398 LogonContext
= (PLSAP_LOGON_CONTEXT
)ClientRequest
;
400 return NtReadVirtualMemory(LogonContext
->ClientProcessHandle
,
409 LsapInitAuthPackages(VOID
)
411 RTL_QUERY_REGISTRY_TABLE AuthPackageTable
[] = {
412 {LsapAddAuthPackage
, 0, L
"Authentication Packages", NULL
, REG_NONE
, NULL
, 0},
413 {NULL
, 0, NULL
, NULL
, REG_NONE
, NULL
, 0}};
417 InitializeListHead(&PackageListHead
);
420 /* Initialize the dispatch table */
421 DispatchTable
.CreateLogonSession
= &LsapCreateLogonSession
;
422 DispatchTable
.DeleteLogonSession
= &LsapDeleteLogonSession
;
423 DispatchTable
.AddCredential
= NULL
;
424 DispatchTable
.GetCredentials
= NULL
;
425 DispatchTable
.DeleteCredential
= NULL
;
426 DispatchTable
.AllocateLsaHeap
= &LsapAllocateHeap
;
427 DispatchTable
.FreeLsaHeap
= &LsapFreeHeap
;
428 DispatchTable
.AllocateClientBuffer
= &LsapAllocateClientBuffer
;
429 DispatchTable
.FreeClientBuffer
= &LsapFreeClientBuffer
;
430 DispatchTable
.CopyToClientBuffer
= &LsapCopyToClientBuffer
;
431 DispatchTable
.CopyFromClientBuffer
= &LsapCopyFromClientBuffer
;
433 /* Add registered authentication packages */
434 Status
= RtlQueryRegistryValues(RTL_REGISTRY_CONTROL
,
445 LsapLookupAuthenticationPackage(PLSA_API_MSG RequestMsg
,
446 PLSAP_LOGON_CONTEXT LogonContext
)
448 PLIST_ENTRY ListEntry
;
449 PAUTH_PACKAGE Package
;
450 ULONG PackageNameLength
;
453 TRACE("(%p %p)\n", RequestMsg
, LogonContext
);
455 PackageNameLength
= RequestMsg
->LookupAuthenticationPackage
.Request
.PackageNameLength
;
456 PackageName
= RequestMsg
->LookupAuthenticationPackage
.Request
.PackageName
;
458 TRACE("PackageName: %s\n", PackageName
);
460 ListEntry
= PackageListHead
.Flink
;
461 while (ListEntry
!= &PackageListHead
)
463 Package
= CONTAINING_RECORD(ListEntry
, AUTH_PACKAGE
, Entry
);
465 if ((PackageNameLength
== Package
->Name
->Length
) &&
466 (_strnicmp(PackageName
, Package
->Name
->Buffer
, Package
->Name
->Length
) == 0))
468 RequestMsg
->LookupAuthenticationPackage
.Reply
.Package
= Package
->Id
;
469 return STATUS_SUCCESS
;
472 ListEntry
= ListEntry
->Flink
;
475 return STATUS_NO_SUCH_PACKAGE
;
480 LsapCallAuthenticationPackage(PLSA_API_MSG RequestMsg
,
481 PLSAP_LOGON_CONTEXT LogonContext
)
483 PAUTH_PACKAGE Package
;
484 PVOID LocalBuffer
= NULL
;
488 TRACE("(%p %p)\n", RequestMsg
, LogonContext
);
490 PackageId
= RequestMsg
->CallAuthenticationPackage
.Request
.AuthenticationPackage
;
492 /* Get the right authentication package */
493 Package
= LsapGetAuthenticationPackage(PackageId
);
496 TRACE("LsapGetAuthenticationPackage() failed to find a package\n");
497 return STATUS_NO_SUCH_PACKAGE
;
500 if (RequestMsg
->CallAuthenticationPackage
.Request
.SubmitBufferLength
> 0)
502 LocalBuffer
= RtlAllocateHeap(RtlGetProcessHeap(),
504 RequestMsg
->CallAuthenticationPackage
.Request
.SubmitBufferLength
);
505 if (LocalBuffer
== NULL
)
507 return STATUS_INSUFFICIENT_RESOURCES
;
510 Status
= NtReadVirtualMemory(LogonContext
->ClientProcessHandle
,
511 RequestMsg
->CallAuthenticationPackage
.Request
.ProtocolSubmitBuffer
,
513 RequestMsg
->CallAuthenticationPackage
.Request
.SubmitBufferLength
,
515 if (!NT_SUCCESS(Status
))
517 TRACE("NtReadVirtualMemory() failed (Status 0x%08lx)\n", Status
);
518 RtlFreeHeap(RtlGetProcessHeap(), 0, LocalBuffer
);
523 Status
= Package
->LsaApCallPackage((PLSA_CLIENT_REQUEST
)LogonContext
,
525 RequestMsg
->CallAuthenticationPackage
.Request
.ProtocolSubmitBuffer
,
526 RequestMsg
->CallAuthenticationPackage
.Request
.SubmitBufferLength
,
527 &RequestMsg
->CallAuthenticationPackage
.Reply
.ProtocolReturnBuffer
,
528 &RequestMsg
->CallAuthenticationPackage
.Reply
.ReturnBufferLength
,
529 &RequestMsg
->CallAuthenticationPackage
.Reply
.ProtocolStatus
);
530 if (!NT_SUCCESS(Status
))
532 TRACE("Package->LsaApCallPackage() failed (Status 0x%08lx)\n", Status
);
535 if (LocalBuffer
!= NULL
)
536 RtlFreeHeap(RtlGetProcessHeap(), 0, LocalBuffer
);
545 IN PLSAP_LOGON_CONTEXT LogonContext
,
546 IN PTOKEN_GROUPS ClientGroups
,
547 IN ULONG ClientGroupsCount
,
548 OUT PTOKEN_GROUPS
*TokenGroups
)
550 ULONG LocalGroupsLength
= 0;
551 PTOKEN_GROUPS LocalGroups
= NULL
;
552 ULONG SidHeaderLength
= 0;
553 PSID SidHeader
= NULL
;
556 ULONG CopiedSids
= 0;
560 LocalGroupsLength
= sizeof(TOKEN_GROUPS
) +
561 (ClientGroupsCount
- ANYSIZE_ARRAY
) * sizeof(SID_AND_ATTRIBUTES
);
562 LocalGroups
= RtlAllocateHeap(RtlGetProcessHeap(),
565 if (LocalGroups
== NULL
)
567 TRACE("RtlAllocateHeap() failed\n");
568 return STATUS_INSUFFICIENT_RESOURCES
;
571 Status
= NtReadVirtualMemory(LogonContext
->ClientProcessHandle
,
576 if (!NT_SUCCESS(Status
))
580 SidHeaderLength
= RtlLengthRequiredSid(0);
581 SidHeader
= RtlAllocateHeap(RtlGetProcessHeap(),
584 if (SidHeader
== NULL
)
586 Status
= STATUS_INSUFFICIENT_RESOURCES
;
590 for (i
= 0; i
< ClientGroupsCount
; i
++)
592 Status
= NtReadVirtualMemory(LogonContext
->ClientProcessHandle
,
593 LocalGroups
->Groups
[i
].Sid
,
597 if (!NT_SUCCESS(Status
))
600 SidLength
= RtlLengthSid(SidHeader
);
601 TRACE("Sid %lu: Length %lu\n", i
, SidLength
);
603 Sid
= RtlAllocateHeap(RtlGetProcessHeap(),
606 if (SidHeader
== NULL
)
608 Status
= STATUS_INSUFFICIENT_RESOURCES
;
612 Status
= NtReadVirtualMemory(LogonContext
->ClientProcessHandle
,
613 LocalGroups
->Groups
[i
].Sid
,
617 if (!NT_SUCCESS(Status
))
619 RtlFreeHeap(RtlGetProcessHeap(), 0, Sid
);
623 LocalGroups
->Groups
[i
].Sid
= Sid
;
627 *TokenGroups
= LocalGroups
;
630 if (SidHeader
!= NULL
)
631 RtlFreeHeap(RtlGetProcessHeap(), 0, SidHeader
);
633 if (!NT_SUCCESS(Status
))
635 if (LocalGroups
!= NULL
)
637 for (i
= 0; i
< CopiedSids
; i
++)
638 RtlFreeHeap(RtlGetProcessHeap(), 0, LocalGroups
->Groups
[i
].Sid
);
640 RtlFreeHeap(RtlGetProcessHeap(), 0, LocalGroups
);
649 LsapLogonUser(PLSA_API_MSG RequestMsg
,
650 PLSAP_LOGON_CONTEXT LogonContext
)
652 PAUTH_PACKAGE Package
;
653 OBJECT_ATTRIBUTES ObjectAttributes
;
654 SECURITY_QUALITY_OF_SERVICE Qos
;
655 LSA_TOKEN_INFORMATION_TYPE TokenInformationType
;
656 PVOID TokenInformation
= NULL
;
657 PLSA_TOKEN_INFORMATION_V1 TokenInfo1
= NULL
;
658 PUNICODE_STRING AccountName
= NULL
;
659 PUNICODE_STRING AuthenticatingAuthority
= NULL
;
660 PUNICODE_STRING MachineName
= NULL
;
661 PVOID LocalAuthInfo
= NULL
;
662 PTOKEN_GROUPS LocalGroups
= NULL
;
663 HANDLE TokenHandle
= NULL
;
668 TRACE("(%p %p)\n", RequestMsg
, LogonContext
);
670 PackageId
= RequestMsg
->LogonUser
.Request
.AuthenticationPackage
;
672 /* Get the right authentication package */
673 Package
= LsapGetAuthenticationPackage(PackageId
);
676 TRACE("LsapGetAuthenticationPackage() failed to find a package\n");
677 return STATUS_NO_SUCH_PACKAGE
;
680 if (RequestMsg
->LogonUser
.Request
.AuthenticationInformationLength
> 0)
682 /* Allocate the local authentication info buffer */
683 LocalAuthInfo
= RtlAllocateHeap(RtlGetProcessHeap(),
685 RequestMsg
->LogonUser
.Request
.AuthenticationInformationLength
);
686 if (LocalAuthInfo
== NULL
)
688 TRACE("RtlAllocateHeap() failed\n");
689 return STATUS_INSUFFICIENT_RESOURCES
;
692 /* Read the authentication info from the callers adress space */
693 Status
= NtReadVirtualMemory(LogonContext
->ClientProcessHandle
,
694 RequestMsg
->LogonUser
.Request
.AuthenticationInformation
,
696 RequestMsg
->LogonUser
.Request
.AuthenticationInformationLength
,
698 if (!NT_SUCCESS(Status
))
700 TRACE("NtReadVirtualMemory() failed (Status 0x%08lx)\n", Status
);
701 RtlFreeHeap(RtlGetProcessHeap(), 0, LocalAuthInfo
);
706 if (RequestMsg
->LogonUser
.Request
.LocalGroupsCount
> 0)
708 Status
= LsapCopyLocalGroups(LogonContext
,
709 RequestMsg
->LogonUser
.Request
.LocalGroups
,
710 RequestMsg
->LogonUser
.Request
.LocalGroupsCount
,
712 if (!NT_SUCCESS(Status
))
715 TRACE("GroupCount: %lu\n", LocalGroups
->GroupCount
);
718 if (Package
->LsaApLogonUserEx2
!= NULL
)
720 Status
= Package
->LsaApLogonUserEx2((PLSA_CLIENT_REQUEST
)LogonContext
,
721 RequestMsg
->LogonUser
.Request
.LogonType
,
723 RequestMsg
->LogonUser
.Request
.AuthenticationInformation
,
724 RequestMsg
->LogonUser
.Request
.AuthenticationInformationLength
,
725 &RequestMsg
->LogonUser
.Reply
.ProfileBuffer
,
726 &RequestMsg
->LogonUser
.Reply
.ProfileBufferLength
,
727 &RequestMsg
->LogonUser
.Reply
.LogonId
,
728 &RequestMsg
->LogonUser
.Reply
.SubStatus
,
729 &TokenInformationType
,
732 &AuthenticatingAuthority
,
734 NULL
, /* FIXME: PSECPKG_PRIMARY_CRED PrimaryCredentials */
735 NULL
); /* FIXME: PSECPKG_SUPPLEMENTAL_CRED_ARRAY *SupplementalCredentials */
737 else if (Package
->LsaApLogonUserEx
!= NULL
)
739 Status
= Package
->LsaApLogonUserEx((PLSA_CLIENT_REQUEST
)LogonContext
,
740 RequestMsg
->LogonUser
.Request
.LogonType
,
742 RequestMsg
->LogonUser
.Request
.AuthenticationInformation
,
743 RequestMsg
->LogonUser
.Request
.AuthenticationInformationLength
,
744 &RequestMsg
->LogonUser
.Reply
.ProfileBuffer
,
745 &RequestMsg
->LogonUser
.Reply
.ProfileBufferLength
,
746 &RequestMsg
->LogonUser
.Reply
.LogonId
,
747 &RequestMsg
->LogonUser
.Reply
.SubStatus
,
748 &TokenInformationType
,
751 &AuthenticatingAuthority
,
756 Status
= Package
->LsaApLogonUser((PLSA_CLIENT_REQUEST
)LogonContext
,
757 RequestMsg
->LogonUser
.Request
.LogonType
,
759 RequestMsg
->LogonUser
.Request
.AuthenticationInformation
,
760 RequestMsg
->LogonUser
.Request
.AuthenticationInformationLength
,
761 &RequestMsg
->LogonUser
.Reply
.ProfileBuffer
,
762 &RequestMsg
->LogonUser
.Reply
.ProfileBufferLength
,
763 &RequestMsg
->LogonUser
.Reply
.LogonId
,
764 &RequestMsg
->LogonUser
.Reply
.SubStatus
,
765 &TokenInformationType
,
768 &AuthenticatingAuthority
);
771 if (!NT_SUCCESS(Status
))
773 TRACE("LsaApLogonUser/Ex/2 failed (Status 0x%08lx)\n", Status
);
777 if (TokenInformationType
== LsaTokenInformationV1
)
779 TokenInfo1
= (PLSA_TOKEN_INFORMATION_V1
)TokenInformation
;
781 Qos
.Length
= sizeof(SECURITY_QUALITY_OF_SERVICE
);
782 Qos
.ImpersonationLevel
= SecurityImpersonation
;
783 Qos
.ContextTrackingMode
= SECURITY_DYNAMIC_TRACKING
;
784 Qos
.EffectiveOnly
= FALSE
;
786 ObjectAttributes
.Length
= sizeof(OBJECT_ATTRIBUTES
);
787 ObjectAttributes
.RootDirectory
= NULL
;
788 ObjectAttributes
.ObjectName
= NULL
;
789 ObjectAttributes
.Attributes
= 0;
790 ObjectAttributes
.SecurityDescriptor
= NULL
;
791 ObjectAttributes
.SecurityQualityOfService
= &Qos
;
793 /* Create the logon token */
794 Status
= NtCreateToken(&TokenHandle
,
798 &RequestMsg
->LogonUser
.Reply
.LogonId
,
799 &TokenInfo1
->ExpirationTime
,
802 TokenInfo1
->Privileges
,
804 &TokenInfo1
->PrimaryGroup
,
805 &TokenInfo1
->DefaultDacl
,
806 &RequestMsg
->LogonUser
.Request
.SourceContext
);
807 if (!NT_SUCCESS(Status
))
809 TRACE("NtCreateToken failed (Status 0x%08lx)\n", Status
);
815 FIXME("TokenInformationType %d is not supported!\n", TokenInformationType
);
816 Status
= STATUS_NOT_IMPLEMENTED
;
820 /* Duplicate the token handle into the client process */
821 Status
= NtDuplicateObject(NtCurrentProcess(),
823 LogonContext
->ClientProcessHandle
,
824 &RequestMsg
->LogonUser
.Reply
.Token
,
827 DUPLICATE_SAME_ACCESS
| DUPLICATE_SAME_ATTRIBUTES
| DUPLICATE_CLOSE_SOURCE
);
828 if (!NT_SUCCESS(Status
))
830 TRACE("NtDuplicateObject failed (Status 0x%08lx)\n", Status
);
836 Status
= LsapSetLogonSessionData(&RequestMsg
->LogonUser
.Reply
.LogonId
);
837 if (!NT_SUCCESS(Status
))
839 TRACE("LsapSetLogonSessionData failed (Status 0x%08lx)\n", Status
);
844 if (!NT_SUCCESS(Status
))
846 if (TokenHandle
!= NULL
)
847 NtClose(TokenHandle
);
850 /* Free the local groups */
851 if (LocalGroups
!= NULL
)
853 for (i
= 0; i
< LocalGroups
->GroupCount
; i
++)
854 RtlFreeHeap(RtlGetProcessHeap(), 0, LocalGroups
->Groups
[i
].Sid
);
856 RtlFreeHeap(RtlGetProcessHeap(), 0, LocalGroups
);
859 /* Free the local authentication info buffer */
860 if (LocalAuthInfo
!= NULL
)
861 RtlFreeHeap(RtlGetProcessHeap(), 0, LocalAuthInfo
);
863 /* Free the token information */
864 if (TokenInformation
!= NULL
)
866 if (TokenInformationType
== LsaTokenInformationV1
)
868 TokenInfo1
= (PLSA_TOKEN_INFORMATION_V1
)TokenInformation
;
870 if (TokenInfo1
!= NULL
)
872 if (TokenInfo1
->User
.User
.Sid
!= NULL
)
873 LsapFreeHeap(TokenInfo1
->User
.User
.Sid
);
875 if (TokenInfo1
->Groups
!= NULL
)
877 for (i
= 0; i
< TokenInfo1
->Groups
->GroupCount
; i
++)
879 if (TokenInfo1
->Groups
->Groups
[i
].Sid
!= NULL
)
880 LsapFreeHeap(TokenInfo1
->Groups
->Groups
[i
].Sid
);
883 LsapFreeHeap(TokenInfo1
->Groups
);
886 if (TokenInfo1
->PrimaryGroup
.PrimaryGroup
!= NULL
)
887 LsapFreeHeap(TokenInfo1
->PrimaryGroup
.PrimaryGroup
);
889 if (TokenInfo1
->Privileges
!= NULL
)
890 LsapFreeHeap(TokenInfo1
->Privileges
);
892 if (TokenInfo1
->Owner
.Owner
!= NULL
)
893 LsapFreeHeap(TokenInfo1
->Owner
.Owner
);
895 if (TokenInfo1
->DefaultDacl
.DefaultDacl
!= NULL
)
896 LsapFreeHeap(TokenInfo1
->DefaultDacl
.DefaultDacl
);
898 LsapFreeHeap(TokenInfo1
);
903 FIXME("TokenInformationType %d is not supported!\n", TokenInformationType
);
907 /* Free the account name */
908 if (AccountName
!= NULL
)
910 if (AccountName
->Buffer
!= NULL
)
911 LsapFreeHeap(AccountName
->Buffer
);
913 LsapFreeHeap(AccountName
);
916 /* Free the authentication authority */
917 if (AuthenticatingAuthority
!= NULL
)
919 if (AuthenticatingAuthority
!= NULL
)
920 LsapFreeHeap(AuthenticatingAuthority
->Buffer
);
922 LsapFreeHeap(AuthenticatingAuthority
);
925 /* Free the machine name */
926 if (MachineName
!= NULL
)
928 if (MachineName
->Buffer
!= NULL
)
929 LsapFreeHeap(MachineName
->Buffer
);
931 LsapFreeHeap(MachineName
);
934 TRACE("LsapLogonUser done (Status 0x%08lx)\n", Status
);