2 * PROJECT: Local Security Authority Server DLL
3 * LICENSE: GPL - See COPYING in the top level directory
4 * FILE: dll/win32/lsasrv/authpackage.c
5 * PURPOSE: Authenticaton package management routines
6 * COPYRIGHT: Copyright 2013 Eric Kohl
9 /* INCLUDES ****************************************************************/
13 WINE_DEFAULT_DEBUG_CHANNEL(lsasrv
);
15 typedef enum _LSA_TOKEN_INFORMATION_TYPE
17 LsaTokenInformationNull
,
19 } LSA_TOKEN_INFORMATION_TYPE
, *PLSA_TOKEN_INFORMATION_TYPE
;
21 typedef PVOID PLSA_CLIENT_REQUEST
;
23 typedef PVOID (NTAPI
*PLSA_ALLOCATE_LSA_HEAP
)(ULONG
);
24 typedef VOID (NTAPI
*PLSA_FREE_LSA_HEAP
)(PVOID
);
25 typedef NTSTATUS (NTAPI
*PLSA_ALLOCATE_CLIENT_BUFFER
)(PLSA_CLIENT_REQUEST
, ULONG
, PVOID
*);
26 typedef NTSTATUS (NTAPI
*PLSA_FREE_CLIENT_BUFFER
)(PLSA_CLIENT_REQUEST
, PVOID
);
28 typedef struct LSA_DISPATCH_TABLE
30 PVOID
/*PLSA_CREATE_LOGON_SESSION */ CreateLogonSession
;
31 PVOID
/*PLSA_DELETE_LOGON_SESSION */ DeleteLogonSession
;
32 PVOID
/*PLSA_ADD_CREDENTIAL */ AddCredential
;
33 PVOID
/*PLSA_GET_CREDENTIALS */ GetCredentials
;
34 PVOID
/*PLSA_DELETE_CREDENTIAL */ DeleteCredential
;
35 PLSA_ALLOCATE_LSA_HEAP AllocateLsaHeap
;
36 PLSA_FREE_LSA_HEAP FreeLsaHeap
;
37 PLSA_ALLOCATE_CLIENT_BUFFER AllocateClientBuffer
;
38 PLSA_FREE_CLIENT_BUFFER FreeClientBuffer
;
39 PVOID
/*PLSA_COPY_TO_CLIENT_BUFFER */ CopyToClientBuffer
;
40 PVOID
/*PLSA_COPY_FROM_CLIENT_BUFFER */ CopyFromClientBuffer
;
41 } LSA_DISPATCH_TABLE
, *PLSA_DISPATCH_TABLE
;
44 typedef NTSTATUS (NTAPI
*PLSA_AP_INITIALIZE_PACKAGE
)(ULONG
, PLSA_DISPATCH_TABLE
,
45 PLSA_STRING
, PLSA_STRING
, PLSA_STRING
*);
46 typedef NTSTATUS (NTAPI
*PLSA_AP_CALL_PACKAGE_INTERNAL
)(PLSA_CLIENT_REQUEST
, PVOID
, PVOID
,
47 ULONG
, PVOID
*, PULONG
, PNTSTATUS
);
48 typedef NTSTATUS (NTAPI
*PLSA_AP_CALL_PACKAGE_PASSTHROUGH
)(PLSA_CLIENT_REQUEST
,
49 PVOID
, PVOID
, ULONG
, PVOID
*, PULONG
, PNTSTATUS
);
50 typedef NTSTATUS (NTAPI
*PLSA_AP_CALL_PACKAGE_UNTRUSTED
)(PLSA_CLIENT_REQUEST
,
51 PVOID
, PVOID
, ULONG
, PVOID
*, PULONG
, PNTSTATUS
);
52 typedef VOID (NTAPI
*PLSA_AP_LOGON_TERMINATED
)(PLUID
);
53 typedef NTSTATUS (NTAPI
*PLSA_AP_LOGON_USER_EX2
)(PLSA_CLIENT_REQUEST
,
54 SECURITY_LOGON_TYPE
, PVOID
, PVOID
, ULONG
, PVOID
*, PULONG
, PLUID
, PNTSTATUS
,
55 PLSA_TOKEN_INFORMATION_TYPE
, PVOID
*, PUNICODE_STRING
*, PUNICODE_STRING
*,
56 PUNICODE_STRING
*, PVOID
/*PSECPKG_PRIMARY_CRED*/, PVOID
/*PSECPKG_SUPPLEMENTAL_CRED_ARRAY **/);
57 typedef NTSTATUS (NTAPI
*PLSA_AP_LOGON_USER_EX
)(PLSA_CLIENT_REQUEST
,
58 SECURITY_LOGON_TYPE
, PVOID
, PVOID
, ULONG
, PVOID
*, PULONG
, PLUID
, PNTSTATUS
,
59 PLSA_TOKEN_INFORMATION_TYPE
, PVOID
*, PUNICODE_STRING
*, PUNICODE_STRING
*,
62 typedef NTSTATUS (NTAPI
*PLSA_AP_LOGON_USER_INTERNAL
)(PLSA_CLIENT_REQUEST
, SECURITY_LOGON_TYPE
,
63 PVOID
, PVOID
, ULONG
, PVOID
*, PULONG
, PLUID
, PNTSTATUS
, PLSA_TOKEN_INFORMATION_TYPE
,
64 PVOID
*, PUNICODE_STRING
*, PUNICODE_STRING
*);
66 typedef struct _AUTH_PACKAGE
73 PLSA_AP_INITIALIZE_PACKAGE LsaApInitializePackage
;
74 PLSA_AP_CALL_PACKAGE_INTERNAL LsaApCallPackage
;
75 PLSA_AP_CALL_PACKAGE_PASSTHROUGH LsaApCallPackagePassthrough
;
76 PLSA_AP_CALL_PACKAGE_UNTRUSTED LsaApCallPackageUntrusted
;
77 PLSA_AP_LOGON_TERMINATED LsaApLogonTerminated
;
78 PLSA_AP_LOGON_USER_EX2 LsaApLogonUserEx2
;
79 PLSA_AP_LOGON_USER_EX LsaApLogonUserEx
;
80 PLSA_AP_LOGON_USER_INTERNAL LsaApLogonUser
;
81 } AUTH_PACKAGE
, *PAUTH_PACKAGE
;
84 /* GLOBALS *****************************************************************/
86 static LIST_ENTRY PackageListHead
;
87 static ULONG PackageId
;
88 static LSA_DISPATCH_TABLE DispatchTable
;
91 /* FUNCTIONS ***************************************************************/
96 LsapAddAuthPackage(IN PWSTR ValueName
,
101 IN PVOID EntryContext
)
103 PAUTH_PACKAGE Package
= NULL
;
104 UNICODE_STRING PackageName
;
107 NTSTATUS Status
= STATUS_SUCCESS
;
109 TRACE("LsapAddAuthPackage()\n");
111 PackageName
.Length
= (USHORT
)ValueLength
- sizeof(WCHAR
);
112 PackageName
.MaximumLength
= (USHORT
)ValueLength
;
113 PackageName
.Buffer
= ValueData
;
115 Id
= (PULONG
)Context
;
117 Package
= RtlAllocateHeap(RtlGetProcessHeap(),
119 sizeof(AUTH_PACKAGE
));
121 return STATUS_INSUFFICIENT_RESOURCES
;
123 Status
= LdrLoadDll(NULL
,
126 &Package
->ModuleHandle
);
127 if (!NT_SUCCESS(Status
))
129 TRACE("LdrLoadDll failed (Status 0x%08lx)\n", Status
);
133 RtlInitAnsiString(&ProcName
, "LsaApInitializePackage");
134 Status
= LdrGetProcedureAddress(Package
->ModuleHandle
,
137 (PVOID
*)&Package
->LsaApInitializePackage
);
138 if (!NT_SUCCESS(Status
))
140 TRACE("LdrGetProcedureAddress() failed (Status 0x%08lx)\n", Status
);
144 RtlInitAnsiString(&ProcName
, "LsaApCallPackage");
145 Status
= LdrGetProcedureAddress(Package
->ModuleHandle
,
148 (PVOID
*)&Package
->LsaApCallPackage
);
149 if (!NT_SUCCESS(Status
))
151 TRACE("LdrGetProcedureAddress() failed (Status 0x%08lx)\n", Status
);
155 RtlInitAnsiString(&ProcName
, "LsaApCallPackagePassthrough");
156 Status
= LdrGetProcedureAddress(Package
->ModuleHandle
,
159 (PVOID
*)&Package
->LsaApCallPackagePassthrough
);
160 if (!NT_SUCCESS(Status
))
162 TRACE("LdrGetProcedureAddress() failed (Status 0x%08lx)\n", Status
);
166 RtlInitAnsiString(&ProcName
, "LsaApCallPackageUntrusted");
167 Status
= LdrGetProcedureAddress(Package
->ModuleHandle
,
170 (PVOID
*)&Package
->LsaApCallPackageUntrusted
);
171 if (!NT_SUCCESS(Status
))
173 TRACE("LdrGetProcedureAddress() failed (Status 0x%08lx)\n", Status
);
177 RtlInitAnsiString(&ProcName
, "LsaApLogonTerminated");
178 Status
= LdrGetProcedureAddress(Package
->ModuleHandle
,
181 (PVOID
*)&Package
->LsaApLogonTerminated
);
182 if (!NT_SUCCESS(Status
))
184 TRACE("LdrGetProcedureAddress() failed (Status 0x%08lx)\n", Status
);
188 RtlInitAnsiString(&ProcName
, "LsaApLogonUserEx2");
189 Status
= LdrGetProcedureAddress(Package
->ModuleHandle
,
192 (PVOID
*)&Package
->LsaApLogonUserEx2
);
193 if (!NT_SUCCESS(Status
))
195 RtlInitAnsiString(&ProcName
, "LsaApLogonUserEx");
196 Status
= LdrGetProcedureAddress(Package
->ModuleHandle
,
199 (PVOID
*)&Package
->LsaApLogonUserEx
);
200 if (!NT_SUCCESS(Status
))
202 RtlInitAnsiString(&ProcName
, "LsaApLogonUser");
203 Status
= LdrGetProcedureAddress(Package
->ModuleHandle
,
206 (PVOID
*)&Package
->LsaApLogonUser
);
207 if (!NT_SUCCESS(Status
))
209 TRACE("LdrGetProcedureAddress() failed (Status 0x%08lx)\n", Status
);
215 /* Initialize the current package */
216 Status
= Package
->LsaApInitializePackage(*Id
,
221 if (!NT_SUCCESS(Status
))
223 TRACE("Package->LsaApInitializePackage() failed (Status 0x%08lx)\n", Status
);
227 TRACE("Package Name: %s\n", Package
->Name
->Buffer
);
232 InsertTailList(&PackageListHead
, &Package
->Entry
);
235 if (!NT_SUCCESS(Status
))
239 if (Package
->ModuleHandle
!= NULL
)
240 LdrUnloadDll(Package
->ModuleHandle
);
242 if (Package
->Name
!= NULL
)
244 if (Package
->Name
->Buffer
!= NULL
)
245 RtlFreeHeap(RtlGetProcessHeap(), 0, Package
->Name
->Buffer
);
247 RtlFreeHeap(RtlGetProcessHeap(), 0, Package
->Name
);
250 RtlFreeHeap(RtlGetProcessHeap(), 0, Package
);
260 LsapGetAuthenticationPackage(IN ULONG PackageId
)
262 PLIST_ENTRY ListEntry
;
263 PAUTH_PACKAGE Package
;
265 ListEntry
= PackageListHead
.Flink
;
266 while (ListEntry
!= &PackageListHead
)
268 Package
= CONTAINING_RECORD(ListEntry
, AUTH_PACKAGE
, Entry
);
270 if (Package
->Id
== PackageId
)
275 ListEntry
= ListEntry
->Flink
;
285 LsapAllocateHeap(IN ULONG Length
)
287 return RtlAllocateHeap(RtlGetProcessHeap(),
296 LsapFreeHeap(IN PVOID Base
)
298 RtlFreeHeap(RtlGetProcessHeap(),
307 LsapAllocateClientBuffer(IN PLSA_CLIENT_REQUEST ClientRequest
,
308 IN ULONG LengthRequired
,
309 OUT PVOID
*ClientBaseAddress
)
312 return STATUS_NOT_IMPLEMENTED
;
319 LsapFreeClientBuffer(IN PLSA_CLIENT_REQUEST ClientRequest
,
320 IN PVOID ClientBaseAddress
)
323 return STATUS_NOT_IMPLEMENTED
;
328 LsapInitAuthPackages(VOID
)
330 RTL_QUERY_REGISTRY_TABLE AuthPackageTable
[] = {
331 {LsapAddAuthPackage
, 0, L
"Authentication Packages", NULL
, REG_NONE
, NULL
, 0},
332 {NULL
, 0, NULL
, NULL
, REG_NONE
, NULL
, 0}};
336 InitializeListHead(&PackageListHead
);
339 /* Initialize the dispatch table */
340 DispatchTable
.CreateLogonSession
= NULL
;
341 DispatchTable
.DeleteLogonSession
= NULL
;
342 DispatchTable
.AddCredential
= NULL
;
343 DispatchTable
.GetCredentials
= NULL
;
344 DispatchTable
.DeleteCredential
= NULL
;
345 DispatchTable
.AllocateLsaHeap
= &LsapAllocateHeap
;
346 DispatchTable
.FreeLsaHeap
= &LsapFreeHeap
;
347 DispatchTable
.AllocateClientBuffer
= &LsapAllocateClientBuffer
;
348 DispatchTable
.FreeClientBuffer
= &LsapFreeClientBuffer
;
349 DispatchTable
.CopyToClientBuffer
= NULL
;
350 DispatchTable
.CopyFromClientBuffer
= NULL
;
352 /* Add registered authentication packages */
353 Status
= RtlQueryRegistryValues(RTL_REGISTRY_CONTROL
,
360 return STATUS_SUCCESS
;
365 LsapLookupAuthenticationPackage(PLSA_API_MSG RequestMsg
,
366 PLSAP_LOGON_CONTEXT LogonContext
)
368 PLIST_ENTRY ListEntry
;
369 PAUTH_PACKAGE Package
;
370 ULONG PackageNameLength
;
373 TRACE("(%p %p)\n", RequestMsg
, LogonContext
);
375 PackageNameLength
= RequestMsg
->LookupAuthenticationPackage
.Request
.PackageNameLength
;
376 PackageName
= RequestMsg
->LookupAuthenticationPackage
.Request
.PackageName
;
378 TRACE("PackageName: %s\n", PackageName
);
380 ListEntry
= PackageListHead
.Flink
;
381 while (ListEntry
!= &PackageListHead
)
383 Package
= CONTAINING_RECORD(ListEntry
, AUTH_PACKAGE
, Entry
);
385 if ((PackageNameLength
== Package
->Name
->Length
) &&
386 (_strnicmp(PackageName
, Package
->Name
->Buffer
, Package
->Name
->Length
) == 0))
388 RequestMsg
->LookupAuthenticationPackage
.Reply
.Package
= Package
->Id
;
389 return STATUS_SUCCESS
;
392 ListEntry
= ListEntry
->Flink
;
395 return STATUS_NO_SUCH_PACKAGE
;
400 LsapCallAuthenticationPackage(PLSA_API_MSG RequestMsg
,
401 PLSAP_LOGON_CONTEXT LogonContext
)
403 PAUTH_PACKAGE Package
;
408 TRACE("(%p %p)\n", RequestMsg
, LogonContext
);
410 PackageId
= RequestMsg
->CallAuthenticationPackage
.Request
.AuthenticationPackage
;
412 Package
= LsapGetAuthenticationPackage(PackageId
);
415 TRACE("LsapGetAuthenticationPackage() failed to find a package\n");
416 return STATUS_NO_SUCH_PACKAGE
;
419 Status
= Package
->LsaApCallPackage(NULL
, /* FIXME: PLSA_CLIENT_REQUEST ClientRequest */
420 RequestMsg
->CallAuthenticationPackage
.Request
.ProtocolSubmitBuffer
,
421 NULL
, /* FIXME: PVOID ClientBufferBase */
422 RequestMsg
->CallAuthenticationPackage
.Request
.SubmitBufferLength
,
423 &RequestMsg
->CallAuthenticationPackage
.Reply
.ProtocolReturnBuffer
,
424 &RequestMsg
->CallAuthenticationPackage
.Reply
.ReturnBufferLength
,
425 &RequestMsg
->CallAuthenticationPackage
.Reply
.ProtocolStatus
);
426 if (!NT_SUCCESS(Status
))
428 TRACE("Package->LsaApCallPackage() failed (Status 0x%08lx)\n", Status
);
436 LsapLogonUser(PLSA_API_MSG RequestMsg
,
437 PLSAP_LOGON_CONTEXT LogonContext
)
439 PAUTH_PACKAGE Package
;
443 LSA_TOKEN_INFORMATION_TYPE TokenInformationType
;
444 PVOID TokenInformation
= NULL
;
445 PUNICODE_STRING AccountName
= NULL
;
446 PUNICODE_STRING AuthenticatingAuthority
= NULL
;
447 PUNICODE_STRING MachineName
= NULL
;
449 TRACE("(%p %p)\n", RequestMsg
, LogonContext
);
451 PackageId
= RequestMsg
->LogonUser
.Request
.AuthenticationPackage
;
453 Package
= LsapGetAuthenticationPackage(PackageId
);
456 TRACE("LsapGetAuthenticationPackage() failed to find a package\n");
457 return STATUS_NO_SUCH_PACKAGE
;
460 if (Package
->LsaApLogonUserEx2
!= NULL
)
462 Status
= Package
->LsaApLogonUserEx2(NULL
, /* FIXME: PLSA_CLIENT_REQUEST ClientRequest */
463 RequestMsg
->LogonUser
.Request
.LogonType
,
464 RequestMsg
->LogonUser
.Request
.AuthenticationInformation
,
465 NULL
, /* FIXME: PVOID ClientBufferBase*/
466 RequestMsg
->LogonUser
.Request
.AuthenticationInformationLength
,
467 &RequestMsg
->LogonUser
.Reply
.ProfileBuffer
,
468 &RequestMsg
->LogonUser
.Reply
.ProfileBufferLength
,
469 &RequestMsg
->LogonUser
.Reply
.LogonId
,
470 &RequestMsg
->LogonUser
.Reply
.SubStatus
,
471 &TokenInformationType
,
474 &AuthenticatingAuthority
,
476 NULL
, /* FIXME: PSECPKG_PRIMARY_CRED PrimaryCredentials */
477 NULL
); /* FIXME: PSECPKG_SUPPLEMENTAL_CRED_ARRAY *SupplementalCredentials */
479 else if (Package
->LsaApLogonUserEx
!= NULL
)
481 Status
= Package
->LsaApLogonUserEx(NULL
, /* FIXME: PLSA_CLIENT_REQUEST ClientRequest */
482 RequestMsg
->LogonUser
.Request
.LogonType
,
483 RequestMsg
->LogonUser
.Request
.AuthenticationInformation
,
484 NULL
, /* FIXME: PVOID ClientBufferBase*/
485 RequestMsg
->LogonUser
.Request
.AuthenticationInformationLength
,
486 &RequestMsg
->LogonUser
.Reply
.ProfileBuffer
,
487 &RequestMsg
->LogonUser
.Reply
.ProfileBufferLength
,
488 &RequestMsg
->LogonUser
.Reply
.LogonId
,
489 &RequestMsg
->LogonUser
.Reply
.SubStatus
,
490 &TokenInformationType
,
493 &AuthenticatingAuthority
,
498 Status
= Package
->LsaApLogonUser(NULL
, /* FIXME: PLSA_CLIENT_REQUEST ClientRequest */
499 RequestMsg
->LogonUser
.Request
.LogonType
,
500 RequestMsg
->LogonUser
.Request
.AuthenticationInformation
,
501 NULL
, /* FIXME: PVOID ClientBufferBase*/
502 RequestMsg
->LogonUser
.Request
.AuthenticationInformationLength
,
503 &RequestMsg
->LogonUser
.Reply
.ProfileBuffer
,
504 &RequestMsg
->LogonUser
.Reply
.ProfileBufferLength
,
505 &RequestMsg
->LogonUser
.Reply
.LogonId
,
506 &RequestMsg
->LogonUser
.Reply
.SubStatus
,
507 &TokenInformationType
,
510 &AuthenticatingAuthority
);
514 if (TokenInformation
!= NULL
)
519 if (AuthenticatingAuthority
!= NULL
)
524 if (AccountName
!= NULL
)
529 if (MachineName
!= NULL
)