2 * PROJECT: Local Security Authority Server DLL
3 * LICENSE: GPL - See COPYING in the top level directory
4 * FILE: dll/win32/lsasrv/authpackage.c
5 * PURPOSE: Authenticaton package management routines
6 * COPYRIGHT: Copyright 2013 Eric Kohl
11 typedef enum _LSA_TOKEN_INFORMATION_TYPE
13 LsaTokenInformationNull
,
15 } LSA_TOKEN_INFORMATION_TYPE
, *PLSA_TOKEN_INFORMATION_TYPE
;
17 typedef struct _LSA_TOKEN_INFORMATION_V1
19 LARGE_INTEGER ExpirationTime
;
22 TOKEN_PRIMARY_GROUP PrimaryGroup
;
23 PTOKEN_PRIVILEGES Privileges
;
25 TOKEN_DEFAULT_DACL DefaultDacl
;
26 } LSA_TOKEN_INFORMATION_V1
, *PLSA_TOKEN_INFORMATION_V1
;
28 typedef PVOID PLSA_CLIENT_REQUEST
;
30 typedef NTSTATUS (NTAPI
*PLSA_CREATE_LOGON_SESSION
)(PLUID
);
31 typedef NTSTATUS (NTAPI
*PLSA_DELETE_LOGON_SESSION
)(PLUID
);
33 typedef PVOID (NTAPI
*PLSA_ALLOCATE_LSA_HEAP
)(ULONG
);
34 typedef VOID (NTAPI
*PLSA_FREE_LSA_HEAP
)(PVOID
);
35 typedef NTSTATUS (NTAPI
*PLSA_ALLOCATE_CLIENT_BUFFER
)(PLSA_CLIENT_REQUEST
, ULONG
, PVOID
*);
36 typedef NTSTATUS (NTAPI
*PLSA_FREE_CLIENT_BUFFER
)(PLSA_CLIENT_REQUEST
, PVOID
);
37 typedef NTSTATUS (NTAPI
*PLSA_COPY_TO_CLIENT_BUFFER
)(PLSA_CLIENT_REQUEST
, ULONG
,
39 typedef NTSTATUS (NTAPI
*PLSA_COPY_FROM_CLIENT_BUFFER
)(PLSA_CLIENT_REQUEST
,
42 typedef struct LSA_DISPATCH_TABLE
44 PLSA_CREATE_LOGON_SESSION CreateLogonSession
;
45 PLSA_DELETE_LOGON_SESSION DeleteLogonSession
;
46 PVOID
/*PLSA_ADD_CREDENTIAL */ AddCredential
;
47 PVOID
/*PLSA_GET_CREDENTIALS */ GetCredentials
;
48 PVOID
/*PLSA_DELETE_CREDENTIAL */ DeleteCredential
;
49 PLSA_ALLOCATE_LSA_HEAP AllocateLsaHeap
;
50 PLSA_FREE_LSA_HEAP FreeLsaHeap
;
51 PLSA_ALLOCATE_CLIENT_BUFFER AllocateClientBuffer
;
52 PLSA_FREE_CLIENT_BUFFER FreeClientBuffer
;
53 PLSA_COPY_TO_CLIENT_BUFFER CopyToClientBuffer
;
54 PLSA_COPY_FROM_CLIENT_BUFFER CopyFromClientBuffer
;
55 } LSA_DISPATCH_TABLE
, *PLSA_DISPATCH_TABLE
;
58 typedef NTSTATUS (NTAPI
*PLSA_AP_INITIALIZE_PACKAGE
)(ULONG
, PLSA_DISPATCH_TABLE
,
59 PLSA_STRING
, PLSA_STRING
, PLSA_STRING
*);
60 typedef NTSTATUS (NTAPI
*PLSA_AP_CALL_PACKAGE_INTERNAL
)(PLSA_CLIENT_REQUEST
, PVOID
, PVOID
,
61 ULONG
, PVOID
*, PULONG
, PNTSTATUS
);
62 typedef NTSTATUS (NTAPI
*PLSA_AP_CALL_PACKAGE_PASSTHROUGH
)(PLSA_CLIENT_REQUEST
,
63 PVOID
, PVOID
, ULONG
, PVOID
*, PULONG
, PNTSTATUS
);
64 typedef NTSTATUS (NTAPI
*PLSA_AP_CALL_PACKAGE_UNTRUSTED
)(PLSA_CLIENT_REQUEST
,
65 PVOID
, PVOID
, ULONG
, PVOID
*, PULONG
, PNTSTATUS
);
66 typedef VOID (NTAPI
*PLSA_AP_LOGON_TERMINATED
)(PLUID
);
67 typedef NTSTATUS (NTAPI
*PLSA_AP_LOGON_USER_EX2
)(PLSA_CLIENT_REQUEST
,
68 SECURITY_LOGON_TYPE
, PVOID
, PVOID
, ULONG
, PVOID
*, PULONG
, PLUID
, PNTSTATUS
,
69 PLSA_TOKEN_INFORMATION_TYPE
, PVOID
*, PUNICODE_STRING
*, PUNICODE_STRING
*,
70 PUNICODE_STRING
*, PVOID
/*PSECPKG_PRIMARY_CRED*/, PVOID
/*PSECPKG_SUPPLEMENTAL_CRED_ARRAY **/);
71 typedef NTSTATUS (NTAPI
*PLSA_AP_LOGON_USER_EX
)(PLSA_CLIENT_REQUEST
,
72 SECURITY_LOGON_TYPE
, PVOID
, PVOID
, ULONG
, PVOID
*, PULONG
, PLUID
, PNTSTATUS
,
73 PLSA_TOKEN_INFORMATION_TYPE
, PVOID
*, PUNICODE_STRING
*, PUNICODE_STRING
*,
76 typedef NTSTATUS (NTAPI
*PLSA_AP_LOGON_USER_INTERNAL
)(PLSA_CLIENT_REQUEST
, SECURITY_LOGON_TYPE
,
77 PVOID
, PVOID
, ULONG
, PVOID
*, PULONG
, PLUID
, PNTSTATUS
, PLSA_TOKEN_INFORMATION_TYPE
,
78 PVOID
*, PUNICODE_STRING
*, PUNICODE_STRING
*);
80 typedef struct _AUTH_PACKAGE
87 PLSA_AP_INITIALIZE_PACKAGE LsaApInitializePackage
;
88 PLSA_AP_CALL_PACKAGE_INTERNAL LsaApCallPackage
;
89 PLSA_AP_CALL_PACKAGE_PASSTHROUGH LsaApCallPackagePassthrough
;
90 PLSA_AP_CALL_PACKAGE_UNTRUSTED LsaApCallPackageUntrusted
;
91 PLSA_AP_LOGON_TERMINATED LsaApLogonTerminated
;
92 PLSA_AP_LOGON_USER_EX2 LsaApLogonUserEx2
;
93 PLSA_AP_LOGON_USER_EX LsaApLogonUserEx
;
94 PLSA_AP_LOGON_USER_INTERNAL LsaApLogonUser
;
95 } AUTH_PACKAGE
, *PAUTH_PACKAGE
;
99 LsaIFree_LSAPR_PRIVILEGE_SET(IN PLSAPR_PRIVILEGE_SET Ptr
);
101 /* GLOBALS *****************************************************************/
103 static LIST_ENTRY PackageListHead
;
104 static ULONG PackageId
;
105 static LSA_DISPATCH_TABLE DispatchTable
;
107 #define CONST_LUID(x1, x2) {x1, x2}
108 static const LUID SeChangeNotifyPrivilege
= CONST_LUID(SE_CHANGE_NOTIFY_PRIVILEGE
, 0);
109 static const LUID SeCreateGlobalPrivilege
= CONST_LUID(SE_CREATE_GLOBAL_PRIVILEGE
, 0);
110 static const LUID SeImpersonatePrivilege
= CONST_LUID(SE_IMPERSONATE_PRIVILEGE
, 0);
113 /* FUNCTIONS ***************************************************************/
118 LsapAddAuthPackage(IN PWSTR ValueName
,
121 IN ULONG ValueLength
,
123 IN PVOID EntryContext
)
125 PAUTH_PACKAGE Package
= NULL
;
126 UNICODE_STRING PackageName
;
129 NTSTATUS Status
= STATUS_SUCCESS
;
131 TRACE("LsapAddAuthPackage()\n");
133 PackageName
.Length
= (USHORT
)ValueLength
- sizeof(WCHAR
);
134 PackageName
.MaximumLength
= (USHORT
)ValueLength
;
135 PackageName
.Buffer
= ValueData
;
137 Id
= (PULONG
)Context
;
139 Package
= RtlAllocateHeap(RtlGetProcessHeap(),
141 sizeof(AUTH_PACKAGE
));
143 return STATUS_INSUFFICIENT_RESOURCES
;
145 Status
= LdrLoadDll(NULL
,
148 &Package
->ModuleHandle
);
149 if (!NT_SUCCESS(Status
))
151 TRACE("LdrLoadDll failed (Status 0x%08lx)\n", Status
);
155 RtlInitAnsiString(&ProcName
, "LsaApInitializePackage");
156 Status
= LdrGetProcedureAddress(Package
->ModuleHandle
,
159 (PVOID
*)&Package
->LsaApInitializePackage
);
160 if (!NT_SUCCESS(Status
))
162 TRACE("LdrGetProcedureAddress() failed (Status 0x%08lx)\n", Status
);
166 RtlInitAnsiString(&ProcName
, "LsaApCallPackage");
167 Status
= LdrGetProcedureAddress(Package
->ModuleHandle
,
170 (PVOID
*)&Package
->LsaApCallPackage
);
171 if (!NT_SUCCESS(Status
))
173 TRACE("LdrGetProcedureAddress() failed (Status 0x%08lx)\n", Status
);
177 RtlInitAnsiString(&ProcName
, "LsaApCallPackagePassthrough");
178 Status
= LdrGetProcedureAddress(Package
->ModuleHandle
,
181 (PVOID
*)&Package
->LsaApCallPackagePassthrough
);
182 if (!NT_SUCCESS(Status
))
184 TRACE("LdrGetProcedureAddress() failed (Status 0x%08lx)\n", Status
);
188 RtlInitAnsiString(&ProcName
, "LsaApCallPackageUntrusted");
189 Status
= LdrGetProcedureAddress(Package
->ModuleHandle
,
192 (PVOID
*)&Package
->LsaApCallPackageUntrusted
);
193 if (!NT_SUCCESS(Status
))
195 TRACE("LdrGetProcedureAddress() failed (Status 0x%08lx)\n", Status
);
199 RtlInitAnsiString(&ProcName
, "LsaApLogonTerminated");
200 Status
= LdrGetProcedureAddress(Package
->ModuleHandle
,
203 (PVOID
*)&Package
->LsaApLogonTerminated
);
204 if (!NT_SUCCESS(Status
))
206 TRACE("LdrGetProcedureAddress() failed (Status 0x%08lx)\n", Status
);
210 RtlInitAnsiString(&ProcName
, "LsaApLogonUserEx2");
211 Status
= LdrGetProcedureAddress(Package
->ModuleHandle
,
214 (PVOID
*)&Package
->LsaApLogonUserEx2
);
215 if (!NT_SUCCESS(Status
))
217 RtlInitAnsiString(&ProcName
, "LsaApLogonUserEx");
218 Status
= LdrGetProcedureAddress(Package
->ModuleHandle
,
221 (PVOID
*)&Package
->LsaApLogonUserEx
);
222 if (!NT_SUCCESS(Status
))
224 RtlInitAnsiString(&ProcName
, "LsaApLogonUser");
225 Status
= LdrGetProcedureAddress(Package
->ModuleHandle
,
228 (PVOID
*)&Package
->LsaApLogonUser
);
229 if (!NT_SUCCESS(Status
))
231 TRACE("LdrGetProcedureAddress() failed (Status 0x%08lx)\n", Status
);
237 /* Initialize the current package */
238 Status
= Package
->LsaApInitializePackage(*Id
,
243 if (!NT_SUCCESS(Status
))
245 TRACE("Package->LsaApInitializePackage() failed (Status 0x%08lx)\n", Status
);
249 TRACE("Package Name: %s\n", Package
->Name
->Buffer
);
254 InsertTailList(&PackageListHead
, &Package
->Entry
);
257 if (!NT_SUCCESS(Status
))
261 if (Package
->ModuleHandle
!= NULL
)
262 LdrUnloadDll(Package
->ModuleHandle
);
264 if (Package
->Name
!= NULL
)
266 if (Package
->Name
->Buffer
!= NULL
)
267 RtlFreeHeap(RtlGetProcessHeap(), 0, Package
->Name
->Buffer
);
269 RtlFreeHeap(RtlGetProcessHeap(), 0, Package
->Name
);
272 RtlFreeHeap(RtlGetProcessHeap(), 0, Package
);
282 LsapGetAuthenticationPackage(IN ULONG PackageId
)
284 PLIST_ENTRY ListEntry
;
285 PAUTH_PACKAGE Package
;
287 ListEntry
= PackageListHead
.Flink
;
288 while (ListEntry
!= &PackageListHead
)
290 Package
= CONTAINING_RECORD(ListEntry
, AUTH_PACKAGE
, Entry
);
292 if (Package
->Id
== PackageId
)
297 ListEntry
= ListEntry
->Flink
;
307 LsapAllocateHeap(IN ULONG Length
)
309 return RtlAllocateHeap(RtlGetProcessHeap(),
318 LsapFreeHeap(IN PVOID Base
)
320 RtlFreeHeap(RtlGetProcessHeap(),
329 LsapAllocateClientBuffer(IN PLSA_CLIENT_REQUEST ClientRequest
,
330 IN ULONG LengthRequired
,
331 OUT PVOID
*ClientBaseAddress
)
333 PLSAP_LOGON_CONTEXT LogonContext
;
336 *ClientBaseAddress
= NULL
;
338 LogonContext
= (PLSAP_LOGON_CONTEXT
)ClientRequest
;
340 Length
= LengthRequired
;
341 return NtAllocateVirtualMemory(LogonContext
->ClientProcessHandle
,
353 LsapFreeClientBuffer(IN PLSA_CLIENT_REQUEST ClientRequest
,
354 IN PVOID ClientBaseAddress
)
356 PLSAP_LOGON_CONTEXT LogonContext
;
359 if (ClientBaseAddress
== NULL
)
360 return STATUS_SUCCESS
;
362 LogonContext
= (PLSAP_LOGON_CONTEXT
)ClientRequest
;
365 return NtFreeVirtualMemory(LogonContext
->ClientProcessHandle
,
375 LsapCopyToClientBuffer(IN PLSA_CLIENT_REQUEST ClientRequest
,
377 IN PVOID ClientBaseAddress
,
378 IN PVOID BufferToCopy
)
380 PLSAP_LOGON_CONTEXT LogonContext
;
382 LogonContext
= (PLSAP_LOGON_CONTEXT
)ClientRequest
;
384 return NtWriteVirtualMemory(LogonContext
->ClientProcessHandle
,
395 LsapCopyFromClientBuffer(IN PLSA_CLIENT_REQUEST ClientRequest
,
397 IN PVOID BufferToCopy
,
398 IN PVOID ClientBaseAddress
)
400 PLSAP_LOGON_CONTEXT LogonContext
;
402 LogonContext
= (PLSAP_LOGON_CONTEXT
)ClientRequest
;
404 return NtReadVirtualMemory(LogonContext
->ClientProcessHandle
,
413 LsapInitAuthPackages(VOID
)
415 RTL_QUERY_REGISTRY_TABLE AuthPackageTable
[] = {
416 {LsapAddAuthPackage
, 0, L
"Authentication Packages", NULL
, REG_NONE
, NULL
, 0},
417 {NULL
, 0, NULL
, NULL
, REG_NONE
, NULL
, 0}};
421 InitializeListHead(&PackageListHead
);
424 /* Initialize the dispatch table */
425 DispatchTable
.CreateLogonSession
= &LsapCreateLogonSession
;
426 DispatchTable
.DeleteLogonSession
= &LsapDeleteLogonSession
;
427 DispatchTable
.AddCredential
= NULL
;
428 DispatchTable
.GetCredentials
= NULL
;
429 DispatchTable
.DeleteCredential
= NULL
;
430 DispatchTable
.AllocateLsaHeap
= &LsapAllocateHeap
;
431 DispatchTable
.FreeLsaHeap
= &LsapFreeHeap
;
432 DispatchTable
.AllocateClientBuffer
= &LsapAllocateClientBuffer
;
433 DispatchTable
.FreeClientBuffer
= &LsapFreeClientBuffer
;
434 DispatchTable
.CopyToClientBuffer
= &LsapCopyToClientBuffer
;
435 DispatchTable
.CopyFromClientBuffer
= &LsapCopyFromClientBuffer
;
437 /* Add registered authentication packages */
438 Status
= RtlQueryRegistryValues(RTL_REGISTRY_CONTROL
,
449 LsapLookupAuthenticationPackage(PLSA_API_MSG RequestMsg
,
450 PLSAP_LOGON_CONTEXT LogonContext
)
452 PLIST_ENTRY ListEntry
;
453 PAUTH_PACKAGE Package
;
454 ULONG PackageNameLength
;
457 TRACE("(%p %p)\n", RequestMsg
, LogonContext
);
459 PackageNameLength
= RequestMsg
->LookupAuthenticationPackage
.Request
.PackageNameLength
;
460 PackageName
= RequestMsg
->LookupAuthenticationPackage
.Request
.PackageName
;
462 TRACE("PackageName: %s\n", PackageName
);
464 ListEntry
= PackageListHead
.Flink
;
465 while (ListEntry
!= &PackageListHead
)
467 Package
= CONTAINING_RECORD(ListEntry
, AUTH_PACKAGE
, Entry
);
469 if ((PackageNameLength
== Package
->Name
->Length
) &&
470 (_strnicmp(PackageName
, Package
->Name
->Buffer
, Package
->Name
->Length
) == 0))
472 RequestMsg
->LookupAuthenticationPackage
.Reply
.Package
= Package
->Id
;
473 return STATUS_SUCCESS
;
476 ListEntry
= ListEntry
->Flink
;
479 return STATUS_NO_SUCH_PACKAGE
;
484 LsapCallAuthenticationPackage(PLSA_API_MSG RequestMsg
,
485 PLSAP_LOGON_CONTEXT LogonContext
)
487 PAUTH_PACKAGE Package
;
488 PVOID LocalBuffer
= NULL
;
492 TRACE("(%p %p)\n", RequestMsg
, LogonContext
);
494 PackageId
= RequestMsg
->CallAuthenticationPackage
.Request
.AuthenticationPackage
;
496 /* Get the right authentication package */
497 Package
= LsapGetAuthenticationPackage(PackageId
);
500 TRACE("LsapGetAuthenticationPackage() failed to find a package\n");
501 return STATUS_NO_SUCH_PACKAGE
;
504 if (RequestMsg
->CallAuthenticationPackage
.Request
.SubmitBufferLength
> 0)
506 LocalBuffer
= RtlAllocateHeap(RtlGetProcessHeap(),
508 RequestMsg
->CallAuthenticationPackage
.Request
.SubmitBufferLength
);
509 if (LocalBuffer
== NULL
)
511 return STATUS_INSUFFICIENT_RESOURCES
;
514 Status
= NtReadVirtualMemory(LogonContext
->ClientProcessHandle
,
515 RequestMsg
->CallAuthenticationPackage
.Request
.ProtocolSubmitBuffer
,
517 RequestMsg
->CallAuthenticationPackage
.Request
.SubmitBufferLength
,
519 if (!NT_SUCCESS(Status
))
521 TRACE("NtReadVirtualMemory() failed (Status 0x%08lx)\n", Status
);
522 RtlFreeHeap(RtlGetProcessHeap(), 0, LocalBuffer
);
527 Status
= Package
->LsaApCallPackage((PLSA_CLIENT_REQUEST
)LogonContext
,
529 RequestMsg
->CallAuthenticationPackage
.Request
.ProtocolSubmitBuffer
,
530 RequestMsg
->CallAuthenticationPackage
.Request
.SubmitBufferLength
,
531 &RequestMsg
->CallAuthenticationPackage
.Reply
.ProtocolReturnBuffer
,
532 &RequestMsg
->CallAuthenticationPackage
.Reply
.ReturnBufferLength
,
533 &RequestMsg
->CallAuthenticationPackage
.Reply
.ProtocolStatus
);
534 if (!NT_SUCCESS(Status
))
536 TRACE("Package->LsaApCallPackage() failed (Status 0x%08lx)\n", Status
);
539 if (LocalBuffer
!= NULL
)
540 RtlFreeHeap(RtlGetProcessHeap(), 0, LocalBuffer
);
549 IN PLSAP_LOGON_CONTEXT LogonContext
,
550 IN PTOKEN_GROUPS ClientGroups
,
551 IN ULONG ClientGroupsCount
,
552 OUT PTOKEN_GROUPS
*TokenGroups
)
554 ULONG LocalGroupsLength
= 0;
555 PTOKEN_GROUPS LocalGroups
= NULL
;
556 ULONG SidHeaderLength
= 0;
557 PSID SidHeader
= NULL
;
560 ULONG AllocatedSids
= 0;
564 LocalGroupsLength
= sizeof(TOKEN_GROUPS
) +
565 (ClientGroupsCount
- ANYSIZE_ARRAY
) * sizeof(SID_AND_ATTRIBUTES
);
566 LocalGroups
= RtlAllocateHeap(RtlGetProcessHeap(),
569 if (LocalGroups
== NULL
)
571 TRACE("RtlAllocateHeap() failed\n");
572 return STATUS_INSUFFICIENT_RESOURCES
;
575 Status
= NtReadVirtualMemory(LogonContext
->ClientProcessHandle
,
580 if (!NT_SUCCESS(Status
))
584 SidHeaderLength
= RtlLengthRequiredSid(0);
585 SidHeader
= RtlAllocateHeap(RtlGetProcessHeap(),
588 if (SidHeader
== NULL
)
590 Status
= STATUS_INSUFFICIENT_RESOURCES
;
594 for (i
= 0; i
< ClientGroupsCount
; i
++)
596 SrcSid
= LocalGroups
->Groups
[i
].Sid
;
598 Status
= NtReadVirtualMemory(LogonContext
->ClientProcessHandle
,
603 if (!NT_SUCCESS(Status
))
606 SidLength
= RtlLengthSid(SidHeader
);
607 TRACE("Sid %lu: Length %lu\n", i
, SidLength
);
609 DstSid
= RtlAllocateHeap(RtlGetProcessHeap(),
614 Status
= STATUS_INSUFFICIENT_RESOURCES
;
618 Status
= NtReadVirtualMemory(LogonContext
->ClientProcessHandle
,
623 if (!NT_SUCCESS(Status
))
625 RtlFreeHeap(RtlGetProcessHeap(), 0, DstSid
);
629 LocalGroups
->Groups
[i
].Sid
= DstSid
;
633 *TokenGroups
= LocalGroups
;
636 if (SidHeader
!= NULL
)
637 RtlFreeHeap(RtlGetProcessHeap(), 0, SidHeader
);
639 if (!NT_SUCCESS(Status
))
641 if (LocalGroups
!= NULL
)
643 for (i
= 0; i
< AllocatedSids
; i
++)
644 RtlFreeHeap(RtlGetProcessHeap(), 0, LocalGroups
->Groups
[i
].Sid
);
646 RtlFreeHeap(RtlGetProcessHeap(), 0, LocalGroups
);
657 IN PVOID TokenInformation
,
658 IN LSA_TOKEN_INFORMATION_TYPE TokenInformationType
,
659 IN PTOKEN_GROUPS LocalGroups
)
661 PLSA_TOKEN_INFORMATION_V1 TokenInfo1
;
662 PTOKEN_GROUPS Groups
;
667 if (LocalGroups
== NULL
|| LocalGroups
->GroupCount
== 0)
668 return STATUS_SUCCESS
;
670 if (TokenInformationType
== LsaTokenInformationV1
)
672 TokenInfo1
= (PLSA_TOKEN_INFORMATION_V1
)TokenInformation
;
674 if (TokenInfo1
->Groups
!= NULL
)
676 Length
= sizeof(TOKEN_GROUPS
) +
677 (LocalGroups
->GroupCount
+ TokenInfo1
->Groups
->GroupCount
- ANYSIZE_ARRAY
) * sizeof(SID_AND_ATTRIBUTES
);
679 Groups
= RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY
, Length
);
682 ERR("Group buffer allocation failed!\n");
683 return STATUS_INSUFFICIENT_RESOURCES
;
686 Groups
->GroupCount
= LocalGroups
->GroupCount
+ TokenInfo1
->Groups
->GroupCount
;
688 for (i
= 0; i
< TokenInfo1
->Groups
->GroupCount
; i
++)
690 Groups
->Groups
[i
].Sid
= TokenInfo1
->Groups
->Groups
[i
].Sid
;
691 Groups
->Groups
[i
].Attributes
= TokenInfo1
->Groups
->Groups
[i
].Attributes
;
694 for (j
= 0; j
< LocalGroups
->GroupCount
; i
++, j
++)
696 Groups
->Groups
[i
].Sid
= LocalGroups
->Groups
[j
].Sid
;
697 Groups
->Groups
[i
].Attributes
= LocalGroups
->Groups
[j
].Attributes
;
698 LocalGroups
->Groups
[j
].Sid
= NULL
;
701 RtlFreeHeap(RtlGetProcessHeap(), 0, TokenInfo1
->Groups
);
703 TokenInfo1
->Groups
= Groups
;
707 Length
= sizeof(TOKEN_GROUPS
) +
708 (LocalGroups
->GroupCount
- ANYSIZE_ARRAY
) * sizeof(SID_AND_ATTRIBUTES
);
710 Groups
= RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY
, Length
);
713 ERR("Group buffer allocation failed!\n");
714 return STATUS_INSUFFICIENT_RESOURCES
;
717 Groups
->GroupCount
= LocalGroups
->GroupCount
;
719 for (i
= 0; i
< LocalGroups
->GroupCount
; i
++)
721 Groups
->Groups
[i
].Sid
= LocalGroups
->Groups
[i
].Sid
;
722 Groups
->Groups
[i
].Attributes
= LocalGroups
->Groups
[i
].Attributes
;
725 TokenInfo1
->Groups
= Groups
;
730 FIXME("TokenInformationType %d is not supported!\n", TokenInformationType
);
731 return STATUS_NOT_IMPLEMENTED
;
734 return STATUS_SUCCESS
;
739 LsapAddDefaultGroups(
740 IN PVOID TokenInformation
,
741 IN LSA_TOKEN_INFORMATION_TYPE TokenInformationType
,
742 IN SECURITY_LOGON_TYPE LogonType
)
744 PLSA_TOKEN_INFORMATION_V1 TokenInfo1
;
745 PTOKEN_GROUPS Groups
;
749 if (TokenInformationType
== LsaTokenInformationV1
)
751 TokenInfo1
= (PLSA_TOKEN_INFORMATION_V1
)TokenInformation
;
753 if (TokenInfo1
->Groups
!= NULL
)
755 Length
= sizeof(TOKEN_GROUPS
) +
756 (TokenInfo1
->Groups
->GroupCount
+ 2 - ANYSIZE_ARRAY
) * sizeof(SID_AND_ATTRIBUTES
);
758 Groups
= RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY
, Length
);
761 ERR("Group buffer allocation failed!\n");
762 return STATUS_INSUFFICIENT_RESOURCES
;
765 Groups
->GroupCount
= TokenInfo1
->Groups
->GroupCount
;
767 for (i
= 0; i
< TokenInfo1
->Groups
->GroupCount
; i
++)
769 Groups
->Groups
[i
].Sid
= TokenInfo1
->Groups
->Groups
[i
].Sid
;
770 Groups
->Groups
[i
].Attributes
= TokenInfo1
->Groups
->Groups
[i
].Attributes
;
773 RtlFreeHeap(RtlGetProcessHeap(), 0, TokenInfo1
->Groups
);
775 TokenInfo1
->Groups
= Groups
;
780 Length
= sizeof(TOKEN_GROUPS
) +
781 (2 - ANYSIZE_ARRAY
) * sizeof(SID_AND_ATTRIBUTES
);
783 Groups
= RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY
, Length
);
786 ERR("Group buffer allocation failed!\n");
787 return STATUS_INSUFFICIENT_RESOURCES
;
790 TokenInfo1
->Groups
= Groups
;
793 /* Append the World SID (aka Everyone) */
794 Length
= RtlLengthSid(LsapWorldSid
);
795 Groups
->Groups
[Groups
->GroupCount
].Sid
= RtlAllocateHeap(RtlGetProcessHeap(),
798 if (Groups
->Groups
[Groups
->GroupCount
].Sid
== NULL
)
799 return STATUS_INSUFFICIENT_RESOURCES
;
801 RtlCopyMemory(Groups
->Groups
[Groups
->GroupCount
].Sid
,
805 Groups
->Groups
[Groups
->GroupCount
].Attributes
=
806 SE_GROUP_ENABLED
| SE_GROUP_ENABLED_BY_DEFAULT
| SE_GROUP_MANDATORY
;
808 Groups
->GroupCount
++;
810 /* Append the logon type SID */
814 SrcSid
= LsapInteractiveSid
;
818 SrcSid
= LsapNetworkSid
;
822 SrcSid
= LsapBatchSid
;
826 SrcSid
= LsapServiceSid
;
830 FIXME("LogonType %d is not supported!\n", LogonType
);
831 return STATUS_NOT_IMPLEMENTED
;
834 Length
= RtlLengthSid(SrcSid
);
835 Groups
->Groups
[Groups
->GroupCount
].Sid
= RtlAllocateHeap(RtlGetProcessHeap(),
838 if (Groups
->Groups
[Groups
->GroupCount
].Sid
== NULL
)
839 return STATUS_INSUFFICIENT_RESOURCES
;
841 RtlCopyMemory(Groups
->Groups
[Groups
->GroupCount
].Sid
,
845 Groups
->Groups
[Groups
->GroupCount
].Attributes
=
846 SE_GROUP_ENABLED
| SE_GROUP_ENABLED_BY_DEFAULT
| SE_GROUP_MANDATORY
;
848 Groups
->GroupCount
++;
852 FIXME("TokenInformationType %d is not supported!\n", TokenInformationType
);
853 return STATUS_NOT_IMPLEMENTED
;
856 return STATUS_SUCCESS
;
863 IN PVOID TokenInformation
,
864 IN LSA_TOKEN_INFORMATION_TYPE TokenInformationType
)
866 PLSA_TOKEN_INFORMATION_V1 TokenInfo1
;
867 PSID OwnerSid
= NULL
;
870 if (TokenInformationType
== LsaTokenInformationV1
)
872 TokenInfo1
= (PLSA_TOKEN_INFORMATION_V1
)TokenInformation
;
874 if (TokenInfo1
->Owner
.Owner
!= NULL
)
875 return STATUS_SUCCESS
;
877 OwnerSid
= TokenInfo1
->User
.User
.Sid
;
878 for (i
= 0; i
< TokenInfo1
->Groups
->GroupCount
; i
++)
880 if (EqualSid(TokenInfo1
->Groups
->Groups
[i
].Sid
, LsapAdministratorsSid
))
882 OwnerSid
= LsapAdministratorsSid
;
887 Length
= RtlLengthSid(OwnerSid
);
888 TokenInfo1
->Owner
.Owner
= DispatchTable
.AllocateLsaHeap(Length
);
889 if (TokenInfo1
->Owner
.Owner
== NULL
)
890 return STATUS_INSUFFICIENT_RESOURCES
;
892 RtlCopyMemory(TokenInfo1
->Owner
.Owner
,
897 return STATUS_SUCCESS
;
903 LsapAddTokenDefaultDacl(
904 IN PVOID TokenInformation
,
905 IN LSA_TOKEN_INFORMATION_TYPE TokenInformationType
)
907 PLSA_TOKEN_INFORMATION_V1 TokenInfo1
;
911 if (TokenInformationType
== LsaTokenInformationV1
)
913 TokenInfo1
= (PLSA_TOKEN_INFORMATION_V1
)TokenInformation
;
915 if (TokenInfo1
->DefaultDacl
.DefaultDacl
!= NULL
)
916 return STATUS_SUCCESS
;
918 Length
= sizeof(ACL
) +
919 (2 * sizeof(ACCESS_ALLOWED_ACE
)) +
920 RtlLengthSid(TokenInfo1
->Owner
.Owner
) +
921 RtlLengthSid(LsapLocalSystemSid
);
923 Dacl
= DispatchTable
.AllocateLsaHeap(Length
);
925 return STATUS_INSUFFICIENT_RESOURCES
;
927 RtlCreateAcl(Dacl
, Length
, ACL_REVISION
);
929 RtlAddAccessAllowedAce(Dacl
,
932 TokenInfo1
->Owner
.Owner
);
935 RtlAddAccessAllowedAce(Dacl
,
940 TokenInfo1
->DefaultDacl
.DefaultDacl
= Dacl
;
943 return STATUS_SUCCESS
;
949 LsapAddPrivilegeToTokenPrivileges(PTOKEN_PRIVILEGES
*TokenPrivileges
,
950 PLSAPR_LUID_AND_ATTRIBUTES Privilege
)
952 PTOKEN_PRIVILEGES LocalPrivileges
;
953 ULONG Length
, TokenPrivilegeCount
, i
;
954 NTSTATUS Status
= STATUS_SUCCESS
;
956 if (*TokenPrivileges
== NULL
)
958 Length
= sizeof(TOKEN_PRIVILEGES
) +
959 (1 - ANYSIZE_ARRAY
) * sizeof(LUID_AND_ATTRIBUTES
);
960 LocalPrivileges
= RtlAllocateHeap(RtlGetProcessHeap(),
963 if (LocalPrivileges
== NULL
)
964 return STATUS_INSUFFICIENT_RESOURCES
;
966 LocalPrivileges
->PrivilegeCount
= 1;
967 LocalPrivileges
->Privileges
[0].Luid
= Privilege
->Luid
;
968 LocalPrivileges
->Privileges
[0].Attributes
= Privilege
->Attributes
;
972 TokenPrivilegeCount
= (*TokenPrivileges
)->PrivilegeCount
;
974 for (i
= 0; i
< TokenPrivilegeCount
; i
++)
976 if (RtlEqualLuid(&(*TokenPrivileges
)->Privileges
[i
].Luid
, &Privilege
->Luid
))
977 return STATUS_SUCCESS
;
980 Length
= sizeof(TOKEN_PRIVILEGES
) +
981 (TokenPrivilegeCount
+ 1 - ANYSIZE_ARRAY
) * sizeof(LUID_AND_ATTRIBUTES
);
982 LocalPrivileges
= RtlAllocateHeap(RtlGetProcessHeap(),
985 if (LocalPrivileges
== NULL
)
986 return STATUS_INSUFFICIENT_RESOURCES
;
988 LocalPrivileges
->PrivilegeCount
= TokenPrivilegeCount
+ 1;
989 for (i
= 0; i
< TokenPrivilegeCount
; i
++)
991 LocalPrivileges
->Privileges
[i
].Luid
= (*TokenPrivileges
)->Privileges
[i
].Luid
;
992 LocalPrivileges
->Privileges
[i
].Attributes
= (*TokenPrivileges
)->Privileges
[i
].Attributes
;
995 LocalPrivileges
->Privileges
[TokenPrivilegeCount
].Luid
= Privilege
->Luid
;
996 LocalPrivileges
->Privileges
[TokenPrivilegeCount
].Attributes
= Privilege
->Attributes
;
998 RtlFreeHeap(RtlGetProcessHeap(), 0, *TokenPrivileges
);
1001 *TokenPrivileges
= LocalPrivileges
;
1009 IN PVOID TokenInformation
,
1010 IN LSA_TOKEN_INFORMATION_TYPE TokenInformationType
)
1012 PLSA_TOKEN_INFORMATION_V1 TokenInfo1
;
1013 LSAPR_HANDLE PolicyHandle
= NULL
;
1014 LSAPR_HANDLE AccountHandle
= NULL
;
1015 PLSAPR_PRIVILEGE_SET Privileges
= NULL
;
1019 if (TokenInformationType
== LsaTokenInformationV1
)
1021 TokenInfo1
= (PLSA_TOKEN_INFORMATION_V1
)TokenInformation
;
1023 Status
= LsarOpenPolicy(NULL
,
1027 if (!NT_SUCCESS(Status
))
1030 for (i
= 0; i
< TokenInfo1
->Groups
->GroupCount
; i
++)
1032 Status
= LsarOpenAccount(PolicyHandle
,
1033 TokenInfo1
->Groups
->Groups
[i
].Sid
,
1036 if (NT_SUCCESS(Status
))
1038 Status
= LsarEnumeratePrivilegesAccount(AccountHandle
,
1040 if (NT_SUCCESS(Status
))
1042 for (j
= 0; j
< Privileges
->PrivilegeCount
; j
++)
1044 Status
= LsapAddPrivilegeToTokenPrivileges(&TokenInfo1
->Privileges
,
1045 &(Privileges
->Privilege
[j
]));
1046 if (!NT_SUCCESS(Status
))
1050 LsaIFree_LSAPR_PRIVILEGE_SET(Privileges
);
1055 LsarClose(&AccountHandle
);
1058 LsarClose(&PolicyHandle
);
1060 if (TokenInfo1
->Privileges
!= NULL
)
1062 for (i
= 0; i
< TokenInfo1
->Privileges
->PrivilegeCount
; i
++)
1064 if (RtlEqualLuid(&TokenInfo1
->Privileges
->Privileges
[i
].Luid
, &SeChangeNotifyPrivilege
) ||
1065 RtlEqualLuid(&TokenInfo1
->Privileges
->Privileges
[i
].Luid
, &SeCreateGlobalPrivilege
) ||
1066 RtlEqualLuid(&TokenInfo1
->Privileges
->Privileges
[i
].Luid
, &SeImpersonatePrivilege
))
1068 TokenInfo1
->Privileges
->Privileges
[i
].Attributes
|= SE_PRIVILEGE_ENABLED
| SE_PRIVILEGE_ENABLED_BY_DEFAULT
;
1074 return STATUS_SUCCESS
;
1079 LsapLogonUser(PLSA_API_MSG RequestMsg
,
1080 PLSAP_LOGON_CONTEXT LogonContext
)
1082 PAUTH_PACKAGE Package
;
1083 OBJECT_ATTRIBUTES ObjectAttributes
;
1084 SECURITY_QUALITY_OF_SERVICE Qos
;
1085 LSA_TOKEN_INFORMATION_TYPE TokenInformationType
;
1086 PVOID TokenInformation
= NULL
;
1087 PLSA_TOKEN_INFORMATION_V1 TokenInfo1
= NULL
;
1088 PUNICODE_STRING AccountName
= NULL
;
1089 PUNICODE_STRING AuthenticatingAuthority
= NULL
;
1090 PUNICODE_STRING MachineName
= NULL
;
1091 PVOID LocalAuthInfo
= NULL
;
1092 PTOKEN_GROUPS LocalGroups
= NULL
;
1093 HANDLE TokenHandle
= NULL
;
1096 SECURITY_LOGON_TYPE LogonType
;
1099 TRACE("(%p %p)\n", RequestMsg
, LogonContext
);
1101 PackageId
= RequestMsg
->LogonUser
.Request
.AuthenticationPackage
;
1102 LogonType
= RequestMsg
->LogonUser
.Request
.LogonType
;
1104 /* Get the right authentication package */
1105 Package
= LsapGetAuthenticationPackage(PackageId
);
1106 if (Package
== NULL
)
1108 ERR("LsapGetAuthenticationPackage() failed to find a package\n");
1109 return STATUS_NO_SUCH_PACKAGE
;
1112 if (RequestMsg
->LogonUser
.Request
.AuthenticationInformationLength
> 0)
1114 /* Allocate the local authentication info buffer */
1115 LocalAuthInfo
= RtlAllocateHeap(RtlGetProcessHeap(),
1117 RequestMsg
->LogonUser
.Request
.AuthenticationInformationLength
);
1118 if (LocalAuthInfo
== NULL
)
1120 ERR("RtlAllocateHeap() failed\n");
1121 return STATUS_INSUFFICIENT_RESOURCES
;
1124 /* Read the authentication info from the callers adress space */
1125 Status
= NtReadVirtualMemory(LogonContext
->ClientProcessHandle
,
1126 RequestMsg
->LogonUser
.Request
.AuthenticationInformation
,
1128 RequestMsg
->LogonUser
.Request
.AuthenticationInformationLength
,
1130 if (!NT_SUCCESS(Status
))
1132 ERR("NtReadVirtualMemory() failed (Status 0x%08lx)\n", Status
);
1133 RtlFreeHeap(RtlGetProcessHeap(), 0, LocalAuthInfo
);
1138 if (RequestMsg
->LogonUser
.Request
.LocalGroupsCount
> 0)
1140 Status
= LsapCopyLocalGroups(LogonContext
,
1141 RequestMsg
->LogonUser
.Request
.LocalGroups
,
1142 RequestMsg
->LogonUser
.Request
.LocalGroupsCount
,
1144 if (!NT_SUCCESS(Status
))
1146 ERR("LsapCopyLocalGroups failed (Status 0x%08lx)\n", Status
);
1150 TRACE("GroupCount: %lu\n", LocalGroups
->GroupCount
);
1153 if (Package
->LsaApLogonUserEx2
!= NULL
)
1155 Status
= Package
->LsaApLogonUserEx2((PLSA_CLIENT_REQUEST
)LogonContext
,
1156 RequestMsg
->LogonUser
.Request
.LogonType
,
1158 RequestMsg
->LogonUser
.Request
.AuthenticationInformation
,
1159 RequestMsg
->LogonUser
.Request
.AuthenticationInformationLength
,
1160 &RequestMsg
->LogonUser
.Reply
.ProfileBuffer
,
1161 &RequestMsg
->LogonUser
.Reply
.ProfileBufferLength
,
1162 &RequestMsg
->LogonUser
.Reply
.LogonId
,
1163 &RequestMsg
->LogonUser
.Reply
.SubStatus
,
1164 &TokenInformationType
,
1167 &AuthenticatingAuthority
,
1169 NULL
, /* FIXME: PSECPKG_PRIMARY_CRED PrimaryCredentials */
1170 NULL
); /* FIXME: PSECPKG_SUPPLEMENTAL_CRED_ARRAY *SupplementalCredentials */
1172 else if (Package
->LsaApLogonUserEx
!= NULL
)
1174 Status
= Package
->LsaApLogonUserEx((PLSA_CLIENT_REQUEST
)LogonContext
,
1175 RequestMsg
->LogonUser
.Request
.LogonType
,
1177 RequestMsg
->LogonUser
.Request
.AuthenticationInformation
,
1178 RequestMsg
->LogonUser
.Request
.AuthenticationInformationLength
,
1179 &RequestMsg
->LogonUser
.Reply
.ProfileBuffer
,
1180 &RequestMsg
->LogonUser
.Reply
.ProfileBufferLength
,
1181 &RequestMsg
->LogonUser
.Reply
.LogonId
,
1182 &RequestMsg
->LogonUser
.Reply
.SubStatus
,
1183 &TokenInformationType
,
1186 &AuthenticatingAuthority
,
1191 Status
= Package
->LsaApLogonUser((PLSA_CLIENT_REQUEST
)LogonContext
,
1192 RequestMsg
->LogonUser
.Request
.LogonType
,
1194 RequestMsg
->LogonUser
.Request
.AuthenticationInformation
,
1195 RequestMsg
->LogonUser
.Request
.AuthenticationInformationLength
,
1196 &RequestMsg
->LogonUser
.Reply
.ProfileBuffer
,
1197 &RequestMsg
->LogonUser
.Reply
.ProfileBufferLength
,
1198 &RequestMsg
->LogonUser
.Reply
.LogonId
,
1199 &RequestMsg
->LogonUser
.Reply
.SubStatus
,
1200 &TokenInformationType
,
1203 &AuthenticatingAuthority
);
1206 if (!NT_SUCCESS(Status
))
1208 ERR("LsaApLogonUser/Ex/2 failed (Status 0x%08lx)\n", Status
);
1212 if (LocalGroups
->GroupCount
> 0)
1214 /* Add local groups to the token information */
1215 Status
= LsapAddLocalGroups(TokenInformation
,
1216 TokenInformationType
,
1218 if (!NT_SUCCESS(Status
))
1220 ERR("LsapAddLocalGroupsToTokenInfo() failed (Status 0x%08lx)\n", Status
);
1225 Status
= LsapAddDefaultGroups(TokenInformation
,
1226 TokenInformationType
,
1228 if (!NT_SUCCESS(Status
))
1230 ERR("LsapAddDefaultGroups() failed (Status 0x%08lx)\n", Status
);
1234 Status
= LsapSetTokenOwner(TokenInformation
,
1235 TokenInformationType
);
1236 if (!NT_SUCCESS(Status
))
1238 ERR("LsapSetTokenOwner() failed (Status 0x%08lx)\n", Status
);
1242 Status
= LsapAddTokenDefaultDacl(TokenInformation
,
1243 TokenInformationType
);
1244 if (!NT_SUCCESS(Status
))
1246 ERR("LsapAddTokenDefaultDacl() failed (Status 0x%08lx)\n", Status
);
1250 Status
= LsapSetPrivileges(TokenInformation
,
1251 TokenInformationType
);
1252 if (!NT_SUCCESS(Status
))
1254 ERR("LsapSetPrivileges() failed (Status 0x%08lx)\n", Status
);
1258 if (TokenInformationType
== LsaTokenInformationV1
)
1260 TokenInfo1
= (PLSA_TOKEN_INFORMATION_V1
)TokenInformation
;
1262 Qos
.Length
= sizeof(SECURITY_QUALITY_OF_SERVICE
);
1263 Qos
.ImpersonationLevel
= SecurityImpersonation
;
1264 Qos
.ContextTrackingMode
= SECURITY_DYNAMIC_TRACKING
;
1265 Qos
.EffectiveOnly
= FALSE
;
1267 ObjectAttributes
.Length
= sizeof(OBJECT_ATTRIBUTES
);
1268 ObjectAttributes
.RootDirectory
= NULL
;
1269 ObjectAttributes
.ObjectName
= NULL
;
1270 ObjectAttributes
.Attributes
= 0;
1271 ObjectAttributes
.SecurityDescriptor
= NULL
;
1272 ObjectAttributes
.SecurityQualityOfService
= &Qos
;
1274 /* Create the logon token */
1275 Status
= NtCreateToken(&TokenHandle
,
1279 &RequestMsg
->LogonUser
.Reply
.LogonId
,
1280 &TokenInfo1
->ExpirationTime
,
1283 TokenInfo1
->Privileges
,
1285 &TokenInfo1
->PrimaryGroup
,
1286 &TokenInfo1
->DefaultDacl
,
1287 &RequestMsg
->LogonUser
.Request
.SourceContext
);
1288 if (!NT_SUCCESS(Status
))
1290 ERR("NtCreateToken failed (Status 0x%08lx)\n", Status
);
1296 FIXME("TokenInformationType %d is not supported!\n", TokenInformationType
);
1297 Status
= STATUS_NOT_IMPLEMENTED
;
1301 /* Duplicate the token handle into the client process */
1302 Status
= NtDuplicateObject(NtCurrentProcess(),
1304 LogonContext
->ClientProcessHandle
,
1305 &RequestMsg
->LogonUser
.Reply
.Token
,
1308 DUPLICATE_SAME_ACCESS
| DUPLICATE_SAME_ATTRIBUTES
| DUPLICATE_CLOSE_SOURCE
);
1309 if (!NT_SUCCESS(Status
))
1311 ERR("NtDuplicateObject failed (Status 0x%08lx)\n", Status
);
1317 Status
= LsapSetLogonSessionData(&RequestMsg
->LogonUser
.Reply
.LogonId
);
1318 if (!NT_SUCCESS(Status
))
1320 ERR("LsapSetLogonSessionData failed (Status 0x%08lx)\n", Status
);
1325 if (!NT_SUCCESS(Status
))
1327 if (TokenHandle
!= NULL
)
1328 NtClose(TokenHandle
);
1331 /* Free the local groups */
1332 if (LocalGroups
!= NULL
)
1334 for (i
= 0; i
< LocalGroups
->GroupCount
; i
++)
1336 if (LocalGroups
->Groups
[i
].Sid
!= NULL
)
1337 RtlFreeHeap(RtlGetProcessHeap(), 0, LocalGroups
->Groups
[i
].Sid
);
1340 RtlFreeHeap(RtlGetProcessHeap(), 0, LocalGroups
);
1343 /* Free the local authentication info buffer */
1344 if (LocalAuthInfo
!= NULL
)
1345 RtlFreeHeap(RtlGetProcessHeap(), 0, LocalAuthInfo
);
1347 /* Free the token information */
1348 if (TokenInformation
!= NULL
)
1350 if (TokenInformationType
== LsaTokenInformationV1
)
1352 TokenInfo1
= (PLSA_TOKEN_INFORMATION_V1
)TokenInformation
;
1354 if (TokenInfo1
!= NULL
)
1356 if (TokenInfo1
->User
.User
.Sid
!= NULL
)
1357 LsapFreeHeap(TokenInfo1
->User
.User
.Sid
);
1359 if (TokenInfo1
->Groups
!= NULL
)
1361 for (i
= 0; i
< TokenInfo1
->Groups
->GroupCount
; i
++)
1363 if (TokenInfo1
->Groups
->Groups
[i
].Sid
!= NULL
)
1364 LsapFreeHeap(TokenInfo1
->Groups
->Groups
[i
].Sid
);
1367 LsapFreeHeap(TokenInfo1
->Groups
);
1370 if (TokenInfo1
->PrimaryGroup
.PrimaryGroup
!= NULL
)
1371 LsapFreeHeap(TokenInfo1
->PrimaryGroup
.PrimaryGroup
);
1373 if (TokenInfo1
->Privileges
!= NULL
)
1374 LsapFreeHeap(TokenInfo1
->Privileges
);
1376 if (TokenInfo1
->Owner
.Owner
!= NULL
)
1377 LsapFreeHeap(TokenInfo1
->Owner
.Owner
);
1379 if (TokenInfo1
->DefaultDacl
.DefaultDacl
!= NULL
)
1380 LsapFreeHeap(TokenInfo1
->DefaultDacl
.DefaultDacl
);
1382 LsapFreeHeap(TokenInfo1
);
1387 FIXME("TokenInformationType %d is not supported!\n", TokenInformationType
);
1391 /* Free the account name */
1392 if (AccountName
!= NULL
)
1394 if (AccountName
->Buffer
!= NULL
)
1395 LsapFreeHeap(AccountName
->Buffer
);
1397 LsapFreeHeap(AccountName
);
1400 /* Free the authentication authority */
1401 if (AuthenticatingAuthority
!= NULL
)
1403 if (AuthenticatingAuthority
!= NULL
)
1404 LsapFreeHeap(AuthenticatingAuthority
->Buffer
);
1406 LsapFreeHeap(AuthenticatingAuthority
);
1409 /* Free the machine name */
1410 if (MachineName
!= NULL
)
1412 if (MachineName
->Buffer
!= NULL
)
1413 LsapFreeHeap(MachineName
->Buffer
);
1415 LsapFreeHeap(MachineName
);
1418 TRACE("LsapLogonUser done (Status 0x%08lx)\n", Status
);