2 * PROJECT: Local Security Authority Server DLL
3 * LICENSE: GPL - See COPYING in the top level directory
4 * FILE: dll/win32/lsasrv/authpackage.c
5 * PURPOSE: Authenticaton package management routines
6 * COPYRIGHT: Copyright 2013 Eric Kohl
9 /* INCLUDES ****************************************************************/
13 WINE_DEFAULT_DEBUG_CHANNEL(lsasrv
);
15 typedef enum _LSA_TOKEN_INFORMATION_TYPE
17 LsaTokenInformationNull
,
19 } LSA_TOKEN_INFORMATION_TYPE
, *PLSA_TOKEN_INFORMATION_TYPE
;
21 typedef struct _LSA_TOKEN_INFORMATION_V1
23 LARGE_INTEGER ExpirationTime
;
26 TOKEN_PRIMARY_GROUP PrimaryGroup
;
27 PTOKEN_PRIVILEGES Privileges
;
29 TOKEN_DEFAULT_DACL DefaultDacl
;
30 } LSA_TOKEN_INFORMATION_V1
, *PLSA_TOKEN_INFORMATION_V1
;
32 typedef PVOID PLSA_CLIENT_REQUEST
;
34 typedef PVOID (NTAPI
*PLSA_ALLOCATE_LSA_HEAP
)(ULONG
);
35 typedef VOID (NTAPI
*PLSA_FREE_LSA_HEAP
)(PVOID
);
36 typedef NTSTATUS (NTAPI
*PLSA_ALLOCATE_CLIENT_BUFFER
)(PLSA_CLIENT_REQUEST
, ULONG
, PVOID
*);
37 typedef NTSTATUS (NTAPI
*PLSA_FREE_CLIENT_BUFFER
)(PLSA_CLIENT_REQUEST
, PVOID
);
38 typedef NTSTATUS (NTAPI
*PLSA_COPY_TO_CLIENT_BUFFER
)(PLSA_CLIENT_REQUEST
, ULONG
,
40 typedef NTSTATUS (NTAPI
*PLSA_COPY_FROM_CLIENT_BUFFER
)(PLSA_CLIENT_REQUEST
,
43 typedef struct LSA_DISPATCH_TABLE
45 PVOID
/*PLSA_CREATE_LOGON_SESSION */ CreateLogonSession
;
46 PVOID
/*PLSA_DELETE_LOGON_SESSION */ DeleteLogonSession
;
47 PVOID
/*PLSA_ADD_CREDENTIAL */ AddCredential
;
48 PVOID
/*PLSA_GET_CREDENTIALS */ GetCredentials
;
49 PVOID
/*PLSA_DELETE_CREDENTIAL */ DeleteCredential
;
50 PLSA_ALLOCATE_LSA_HEAP AllocateLsaHeap
;
51 PLSA_FREE_LSA_HEAP FreeLsaHeap
;
52 PLSA_ALLOCATE_CLIENT_BUFFER AllocateClientBuffer
;
53 PLSA_FREE_CLIENT_BUFFER FreeClientBuffer
;
54 PLSA_COPY_TO_CLIENT_BUFFER CopyToClientBuffer
;
55 PLSA_COPY_FROM_CLIENT_BUFFER CopyFromClientBuffer
;
56 } LSA_DISPATCH_TABLE
, *PLSA_DISPATCH_TABLE
;
59 typedef NTSTATUS (NTAPI
*PLSA_AP_INITIALIZE_PACKAGE
)(ULONG
, PLSA_DISPATCH_TABLE
,
60 PLSA_STRING
, PLSA_STRING
, PLSA_STRING
*);
61 typedef NTSTATUS (NTAPI
*PLSA_AP_CALL_PACKAGE_INTERNAL
)(PLSA_CLIENT_REQUEST
, PVOID
, PVOID
,
62 ULONG
, PVOID
*, PULONG
, PNTSTATUS
);
63 typedef NTSTATUS (NTAPI
*PLSA_AP_CALL_PACKAGE_PASSTHROUGH
)(PLSA_CLIENT_REQUEST
,
64 PVOID
, PVOID
, ULONG
, PVOID
*, PULONG
, PNTSTATUS
);
65 typedef NTSTATUS (NTAPI
*PLSA_AP_CALL_PACKAGE_UNTRUSTED
)(PLSA_CLIENT_REQUEST
,
66 PVOID
, PVOID
, ULONG
, PVOID
*, PULONG
, PNTSTATUS
);
67 typedef VOID (NTAPI
*PLSA_AP_LOGON_TERMINATED
)(PLUID
);
68 typedef NTSTATUS (NTAPI
*PLSA_AP_LOGON_USER_EX2
)(PLSA_CLIENT_REQUEST
,
69 SECURITY_LOGON_TYPE
, PVOID
, PVOID
, ULONG
, PVOID
*, PULONG
, PLUID
, PNTSTATUS
,
70 PLSA_TOKEN_INFORMATION_TYPE
, PVOID
*, PUNICODE_STRING
*, PUNICODE_STRING
*,
71 PUNICODE_STRING
*, PVOID
/*PSECPKG_PRIMARY_CRED*/, PVOID
/*PSECPKG_SUPPLEMENTAL_CRED_ARRAY **/);
72 typedef NTSTATUS (NTAPI
*PLSA_AP_LOGON_USER_EX
)(PLSA_CLIENT_REQUEST
,
73 SECURITY_LOGON_TYPE
, PVOID
, PVOID
, ULONG
, PVOID
*, PULONG
, PLUID
, PNTSTATUS
,
74 PLSA_TOKEN_INFORMATION_TYPE
, PVOID
*, PUNICODE_STRING
*, PUNICODE_STRING
*,
77 typedef NTSTATUS (NTAPI
*PLSA_AP_LOGON_USER_INTERNAL
)(PLSA_CLIENT_REQUEST
, SECURITY_LOGON_TYPE
,
78 PVOID
, PVOID
, ULONG
, PVOID
*, PULONG
, PLUID
, PNTSTATUS
, PLSA_TOKEN_INFORMATION_TYPE
,
79 PVOID
*, PUNICODE_STRING
*, PUNICODE_STRING
*);
81 typedef struct _AUTH_PACKAGE
88 PLSA_AP_INITIALIZE_PACKAGE LsaApInitializePackage
;
89 PLSA_AP_CALL_PACKAGE_INTERNAL LsaApCallPackage
;
90 PLSA_AP_CALL_PACKAGE_PASSTHROUGH LsaApCallPackagePassthrough
;
91 PLSA_AP_CALL_PACKAGE_UNTRUSTED LsaApCallPackageUntrusted
;
92 PLSA_AP_LOGON_TERMINATED LsaApLogonTerminated
;
93 PLSA_AP_LOGON_USER_EX2 LsaApLogonUserEx2
;
94 PLSA_AP_LOGON_USER_EX LsaApLogonUserEx
;
95 PLSA_AP_LOGON_USER_INTERNAL LsaApLogonUser
;
96 } AUTH_PACKAGE
, *PAUTH_PACKAGE
;
99 /* GLOBALS *****************************************************************/
101 static LIST_ENTRY PackageListHead
;
102 static ULONG PackageId
;
103 static LSA_DISPATCH_TABLE DispatchTable
;
106 /* FUNCTIONS ***************************************************************/
111 LsapAddAuthPackage(IN PWSTR ValueName
,
114 IN ULONG ValueLength
,
116 IN PVOID EntryContext
)
118 PAUTH_PACKAGE Package
= NULL
;
119 UNICODE_STRING PackageName
;
122 NTSTATUS Status
= STATUS_SUCCESS
;
124 TRACE("LsapAddAuthPackage()\n");
126 PackageName
.Length
= (USHORT
)ValueLength
- sizeof(WCHAR
);
127 PackageName
.MaximumLength
= (USHORT
)ValueLength
;
128 PackageName
.Buffer
= ValueData
;
130 Id
= (PULONG
)Context
;
132 Package
= RtlAllocateHeap(RtlGetProcessHeap(),
134 sizeof(AUTH_PACKAGE
));
136 return STATUS_INSUFFICIENT_RESOURCES
;
138 Status
= LdrLoadDll(NULL
,
141 &Package
->ModuleHandle
);
142 if (!NT_SUCCESS(Status
))
144 TRACE("LdrLoadDll failed (Status 0x%08lx)\n", Status
);
148 RtlInitAnsiString(&ProcName
, "LsaApInitializePackage");
149 Status
= LdrGetProcedureAddress(Package
->ModuleHandle
,
152 (PVOID
*)&Package
->LsaApInitializePackage
);
153 if (!NT_SUCCESS(Status
))
155 TRACE("LdrGetProcedureAddress() failed (Status 0x%08lx)\n", Status
);
159 RtlInitAnsiString(&ProcName
, "LsaApCallPackage");
160 Status
= LdrGetProcedureAddress(Package
->ModuleHandle
,
163 (PVOID
*)&Package
->LsaApCallPackage
);
164 if (!NT_SUCCESS(Status
))
166 TRACE("LdrGetProcedureAddress() failed (Status 0x%08lx)\n", Status
);
170 RtlInitAnsiString(&ProcName
, "LsaApCallPackagePassthrough");
171 Status
= LdrGetProcedureAddress(Package
->ModuleHandle
,
174 (PVOID
*)&Package
->LsaApCallPackagePassthrough
);
175 if (!NT_SUCCESS(Status
))
177 TRACE("LdrGetProcedureAddress() failed (Status 0x%08lx)\n", Status
);
181 RtlInitAnsiString(&ProcName
, "LsaApCallPackageUntrusted");
182 Status
= LdrGetProcedureAddress(Package
->ModuleHandle
,
185 (PVOID
*)&Package
->LsaApCallPackageUntrusted
);
186 if (!NT_SUCCESS(Status
))
188 TRACE("LdrGetProcedureAddress() failed (Status 0x%08lx)\n", Status
);
192 RtlInitAnsiString(&ProcName
, "LsaApLogonTerminated");
193 Status
= LdrGetProcedureAddress(Package
->ModuleHandle
,
196 (PVOID
*)&Package
->LsaApLogonTerminated
);
197 if (!NT_SUCCESS(Status
))
199 TRACE("LdrGetProcedureAddress() failed (Status 0x%08lx)\n", Status
);
203 RtlInitAnsiString(&ProcName
, "LsaApLogonUserEx2");
204 Status
= LdrGetProcedureAddress(Package
->ModuleHandle
,
207 (PVOID
*)&Package
->LsaApLogonUserEx2
);
208 if (!NT_SUCCESS(Status
))
210 RtlInitAnsiString(&ProcName
, "LsaApLogonUserEx");
211 Status
= LdrGetProcedureAddress(Package
->ModuleHandle
,
214 (PVOID
*)&Package
->LsaApLogonUserEx
);
215 if (!NT_SUCCESS(Status
))
217 RtlInitAnsiString(&ProcName
, "LsaApLogonUser");
218 Status
= LdrGetProcedureAddress(Package
->ModuleHandle
,
221 (PVOID
*)&Package
->LsaApLogonUser
);
222 if (!NT_SUCCESS(Status
))
224 TRACE("LdrGetProcedureAddress() failed (Status 0x%08lx)\n", Status
);
230 /* Initialize the current package */
231 Status
= Package
->LsaApInitializePackage(*Id
,
236 if (!NT_SUCCESS(Status
))
238 TRACE("Package->LsaApInitializePackage() failed (Status 0x%08lx)\n", Status
);
242 TRACE("Package Name: %s\n", Package
->Name
->Buffer
);
247 InsertTailList(&PackageListHead
, &Package
->Entry
);
250 if (!NT_SUCCESS(Status
))
254 if (Package
->ModuleHandle
!= NULL
)
255 LdrUnloadDll(Package
->ModuleHandle
);
257 if (Package
->Name
!= NULL
)
259 if (Package
->Name
->Buffer
!= NULL
)
260 RtlFreeHeap(RtlGetProcessHeap(), 0, Package
->Name
->Buffer
);
262 RtlFreeHeap(RtlGetProcessHeap(), 0, Package
->Name
);
265 RtlFreeHeap(RtlGetProcessHeap(), 0, Package
);
275 LsapGetAuthenticationPackage(IN ULONG PackageId
)
277 PLIST_ENTRY ListEntry
;
278 PAUTH_PACKAGE Package
;
280 ListEntry
= PackageListHead
.Flink
;
281 while (ListEntry
!= &PackageListHead
)
283 Package
= CONTAINING_RECORD(ListEntry
, AUTH_PACKAGE
, Entry
);
285 if (Package
->Id
== PackageId
)
290 ListEntry
= ListEntry
->Flink
;
300 LsapCreateLogonSession(IN PLUID LogonId
)
303 return STATUS_SUCCESS
;
310 LsapDeleteLogonSession(IN PLUID LogonId
)
313 return STATUS_SUCCESS
;
320 LsapAllocateHeap(IN ULONG Length
)
322 return RtlAllocateHeap(RtlGetProcessHeap(),
331 LsapFreeHeap(IN PVOID Base
)
333 RtlFreeHeap(RtlGetProcessHeap(),
342 LsapAllocateClientBuffer(IN PLSA_CLIENT_REQUEST ClientRequest
,
343 IN ULONG LengthRequired
,
344 OUT PVOID
*ClientBaseAddress
)
346 PLSAP_LOGON_CONTEXT LogonContext
;
349 *ClientBaseAddress
= NULL
;
351 LogonContext
= (PLSAP_LOGON_CONTEXT
)ClientRequest
;
353 Length
= LengthRequired
;
354 return NtAllocateVirtualMemory(LogonContext
->ClientProcessHandle
,
366 LsapFreeClientBuffer(IN PLSA_CLIENT_REQUEST ClientRequest
,
367 IN PVOID ClientBaseAddress
)
369 PLSAP_LOGON_CONTEXT LogonContext
;
372 if (ClientBaseAddress
== NULL
)
373 return STATUS_SUCCESS
;
375 LogonContext
= (PLSAP_LOGON_CONTEXT
)ClientRequest
;
378 return NtFreeVirtualMemory(LogonContext
->ClientProcessHandle
,
388 LsapCopyToClientBuffer(IN PLSA_CLIENT_REQUEST ClientRequest
,
390 IN PVOID ClientBaseAddress
,
391 IN PVOID BufferToCopy
)
393 PLSAP_LOGON_CONTEXT LogonContext
;
395 LogonContext
= (PLSAP_LOGON_CONTEXT
)ClientRequest
;
397 return NtWriteVirtualMemory(LogonContext
->ClientProcessHandle
,
408 LsapCopyFromClientBuffer(IN PLSA_CLIENT_REQUEST ClientRequest
,
410 IN PVOID BufferToCopy
,
411 IN PVOID ClientBaseAddress
)
413 PLSAP_LOGON_CONTEXT LogonContext
;
415 LogonContext
= (PLSAP_LOGON_CONTEXT
)ClientRequest
;
417 return NtReadVirtualMemory(LogonContext
->ClientProcessHandle
,
426 LsapInitAuthPackages(VOID
)
428 RTL_QUERY_REGISTRY_TABLE AuthPackageTable
[] = {
429 {LsapAddAuthPackage
, 0, L
"Authentication Packages", NULL
, REG_NONE
, NULL
, 0},
430 {NULL
, 0, NULL
, NULL
, REG_NONE
, NULL
, 0}};
434 InitializeListHead(&PackageListHead
);
437 /* Initialize the dispatch table */
438 DispatchTable
.CreateLogonSession
= &LsapCreateLogonSession
;
439 DispatchTable
.DeleteLogonSession
= &LsapDeleteLogonSession
;
440 DispatchTable
.AddCredential
= NULL
;
441 DispatchTable
.GetCredentials
= NULL
;
442 DispatchTable
.DeleteCredential
= NULL
;
443 DispatchTable
.AllocateLsaHeap
= &LsapAllocateHeap
;
444 DispatchTable
.FreeLsaHeap
= &LsapFreeHeap
;
445 DispatchTable
.AllocateClientBuffer
= &LsapAllocateClientBuffer
;
446 DispatchTable
.FreeClientBuffer
= &LsapFreeClientBuffer
;
447 DispatchTable
.CopyToClientBuffer
= &LsapCopyToClientBuffer
;
448 DispatchTable
.CopyFromClientBuffer
= &LsapCopyFromClientBuffer
;
450 /* Add registered authentication packages */
451 Status
= RtlQueryRegistryValues(RTL_REGISTRY_CONTROL
,
458 return STATUS_SUCCESS
;
463 LsapLookupAuthenticationPackage(PLSA_API_MSG RequestMsg
,
464 PLSAP_LOGON_CONTEXT LogonContext
)
466 PLIST_ENTRY ListEntry
;
467 PAUTH_PACKAGE Package
;
468 ULONG PackageNameLength
;
471 TRACE("(%p %p)\n", RequestMsg
, LogonContext
);
473 PackageNameLength
= RequestMsg
->LookupAuthenticationPackage
.Request
.PackageNameLength
;
474 PackageName
= RequestMsg
->LookupAuthenticationPackage
.Request
.PackageName
;
476 TRACE("PackageName: %s\n", PackageName
);
478 ListEntry
= PackageListHead
.Flink
;
479 while (ListEntry
!= &PackageListHead
)
481 Package
= CONTAINING_RECORD(ListEntry
, AUTH_PACKAGE
, Entry
);
483 if ((PackageNameLength
== Package
->Name
->Length
) &&
484 (_strnicmp(PackageName
, Package
->Name
->Buffer
, Package
->Name
->Length
) == 0))
486 RequestMsg
->LookupAuthenticationPackage
.Reply
.Package
= Package
->Id
;
487 return STATUS_SUCCESS
;
490 ListEntry
= ListEntry
->Flink
;
493 return STATUS_NO_SUCH_PACKAGE
;
498 LsapCallAuthenticationPackage(PLSA_API_MSG RequestMsg
,
499 PLSAP_LOGON_CONTEXT LogonContext
)
501 PAUTH_PACKAGE Package
;
502 PVOID LocalBuffer
= NULL
;
506 TRACE("(%p %p)\n", RequestMsg
, LogonContext
);
508 PackageId
= RequestMsg
->CallAuthenticationPackage
.Request
.AuthenticationPackage
;
510 /* Get the right authentication package */
511 Package
= LsapGetAuthenticationPackage(PackageId
);
514 TRACE("LsapGetAuthenticationPackage() failed to find a package\n");
515 return STATUS_NO_SUCH_PACKAGE
;
518 if (RequestMsg
->CallAuthenticationPackage
.Request
.SubmitBufferLength
> 0)
520 LocalBuffer
= RtlAllocateHeap(RtlGetProcessHeap(),
522 RequestMsg
->CallAuthenticationPackage
.Request
.SubmitBufferLength
);
523 if (LocalBuffer
== NULL
)
525 return STATUS_INSUFFICIENT_RESOURCES
;
528 Status
= NtReadVirtualMemory(LogonContext
->ClientProcessHandle
,
529 RequestMsg
->CallAuthenticationPackage
.Request
.ProtocolSubmitBuffer
,
531 RequestMsg
->CallAuthenticationPackage
.Request
.SubmitBufferLength
,
533 if (!NT_SUCCESS(Status
))
535 TRACE("NtReadVirtualMemory() failed (Status 0x%08lx)\n", Status
);
536 RtlFreeHeap(RtlGetProcessHeap(), 0, LocalBuffer
);
541 Status
= Package
->LsaApCallPackage((PLSA_CLIENT_REQUEST
)LogonContext
,
543 RequestMsg
->CallAuthenticationPackage
.Request
.ProtocolSubmitBuffer
,
544 RequestMsg
->CallAuthenticationPackage
.Request
.SubmitBufferLength
,
545 &RequestMsg
->CallAuthenticationPackage
.Reply
.ProtocolReturnBuffer
,
546 &RequestMsg
->CallAuthenticationPackage
.Reply
.ReturnBufferLength
,
547 &RequestMsg
->CallAuthenticationPackage
.Reply
.ProtocolStatus
);
548 if (!NT_SUCCESS(Status
))
550 TRACE("Package->LsaApCallPackage() failed (Status 0x%08lx)\n", Status
);
553 if (LocalBuffer
!= NULL
)
554 RtlFreeHeap(RtlGetProcessHeap(), 0, LocalBuffer
);
561 LsapLogonUser(PLSA_API_MSG RequestMsg
,
562 PLSAP_LOGON_CONTEXT LogonContext
)
564 PAUTH_PACKAGE Package
;
565 OBJECT_ATTRIBUTES ObjectAttributes
;
566 SECURITY_QUALITY_OF_SERVICE Qos
;
567 LSA_TOKEN_INFORMATION_TYPE TokenInformationType
;
568 PVOID TokenInformation
= NULL
;
569 PLSA_TOKEN_INFORMATION_V1 TokenInfo1
= NULL
;
570 PUNICODE_STRING AccountName
= NULL
;
571 PUNICODE_STRING AuthenticatingAuthority
= NULL
;
572 PUNICODE_STRING MachineName
= NULL
;
573 PVOID LocalAuthInfo
= NULL
;
574 HANDLE TokenHandle
= NULL
;
579 TRACE("(%p %p)\n", RequestMsg
, LogonContext
);
581 PackageId
= RequestMsg
->LogonUser
.Request
.AuthenticationPackage
;
583 /* Get the right authentication package */
584 Package
= LsapGetAuthenticationPackage(PackageId
);
587 TRACE("LsapGetAuthenticationPackage() failed to find a package\n");
588 return STATUS_NO_SUCH_PACKAGE
;
591 if (RequestMsg
->LogonUser
.Request
.AuthenticationInformationLength
> 0)
593 /* Allocate the local authentication info buffer */
594 LocalAuthInfo
= RtlAllocateHeap(RtlGetProcessHeap(),
596 RequestMsg
->LogonUser
.Request
.AuthenticationInformationLength
);
597 if (LocalAuthInfo
== NULL
)
599 TRACE("RtlAllocateHeap() failed\n");
600 return STATUS_INSUFFICIENT_RESOURCES
;
603 /* Read the authentication info from the callers adress space */
604 Status
= NtReadVirtualMemory(LogonContext
->ClientProcessHandle
,
605 RequestMsg
->LogonUser
.Request
.AuthenticationInformation
,
607 RequestMsg
->LogonUser
.Request
.AuthenticationInformationLength
,
609 if (!NT_SUCCESS(Status
))
611 TRACE("NtReadVirtualMemory() failed (Status 0x%08lx)\n", Status
);
612 RtlFreeHeap(RtlGetProcessHeap(), 0, LocalAuthInfo
);
617 if (Package
->LsaApLogonUserEx2
!= NULL
)
619 Status
= Package
->LsaApLogonUserEx2((PLSA_CLIENT_REQUEST
)LogonContext
,
620 RequestMsg
->LogonUser
.Request
.LogonType
,
622 RequestMsg
->LogonUser
.Request
.AuthenticationInformation
,
623 RequestMsg
->LogonUser
.Request
.AuthenticationInformationLength
,
624 &RequestMsg
->LogonUser
.Reply
.ProfileBuffer
,
625 &RequestMsg
->LogonUser
.Reply
.ProfileBufferLength
,
626 &RequestMsg
->LogonUser
.Reply
.LogonId
,
627 &RequestMsg
->LogonUser
.Reply
.SubStatus
,
628 &TokenInformationType
,
631 &AuthenticatingAuthority
,
633 NULL
, /* FIXME: PSECPKG_PRIMARY_CRED PrimaryCredentials */
634 NULL
); /* FIXME: PSECPKG_SUPPLEMENTAL_CRED_ARRAY *SupplementalCredentials */
636 else if (Package
->LsaApLogonUserEx
!= NULL
)
638 Status
= Package
->LsaApLogonUserEx((PLSA_CLIENT_REQUEST
)LogonContext
,
639 RequestMsg
->LogonUser
.Request
.LogonType
,
641 RequestMsg
->LogonUser
.Request
.AuthenticationInformation
,
642 RequestMsg
->LogonUser
.Request
.AuthenticationInformationLength
,
643 &RequestMsg
->LogonUser
.Reply
.ProfileBuffer
,
644 &RequestMsg
->LogonUser
.Reply
.ProfileBufferLength
,
645 &RequestMsg
->LogonUser
.Reply
.LogonId
,
646 &RequestMsg
->LogonUser
.Reply
.SubStatus
,
647 &TokenInformationType
,
650 &AuthenticatingAuthority
,
655 Status
= Package
->LsaApLogonUser((PLSA_CLIENT_REQUEST
)LogonContext
,
656 RequestMsg
->LogonUser
.Request
.LogonType
,
658 RequestMsg
->LogonUser
.Request
.AuthenticationInformation
,
659 RequestMsg
->LogonUser
.Request
.AuthenticationInformationLength
,
660 &RequestMsg
->LogonUser
.Reply
.ProfileBuffer
,
661 &RequestMsg
->LogonUser
.Reply
.ProfileBufferLength
,
662 &RequestMsg
->LogonUser
.Reply
.LogonId
,
663 &RequestMsg
->LogonUser
.Reply
.SubStatus
,
664 &TokenInformationType
,
667 &AuthenticatingAuthority
);
670 if (!NT_SUCCESS(Status
))
672 TRACE("LsaApLogonUser/Ex/2 failed (Status 0x%08lx)\n", Status
);
676 if (TokenInformationType
== LsaTokenInformationV1
)
678 TokenInfo1
= (PLSA_TOKEN_INFORMATION_V1
)TokenInformation
;
680 Qos
.Length
= sizeof(SECURITY_QUALITY_OF_SERVICE
);
681 Qos
.ImpersonationLevel
= SecurityImpersonation
;
682 Qos
.ContextTrackingMode
= SECURITY_DYNAMIC_TRACKING
;
683 Qos
.EffectiveOnly
= FALSE
;
685 ObjectAttributes
.Length
= sizeof(OBJECT_ATTRIBUTES
);
686 ObjectAttributes
.RootDirectory
= NULL
;
687 ObjectAttributes
.ObjectName
= NULL
;
688 ObjectAttributes
.Attributes
= 0;
689 ObjectAttributes
.SecurityDescriptor
= NULL
;
690 ObjectAttributes
.SecurityQualityOfService
= &Qos
;
692 /* Create the logon token */
693 Status
= NtCreateToken(&TokenHandle
,
697 &RequestMsg
->LogonUser
.Reply
.LogonId
,
698 &TokenInfo1
->ExpirationTime
,
701 TokenInfo1
->Privileges
,
703 &TokenInfo1
->PrimaryGroup
,
704 &TokenInfo1
->DefaultDacl
,
705 &RequestMsg
->LogonUser
.Request
.SourceContext
);
706 if (!NT_SUCCESS(Status
))
708 TRACE("NtCreateToken failed (Status 0x%08lx)\n", Status
);
714 FIXME("TokenInformationType %d is not supported!\n", TokenInformationType
);
715 Status
= STATUS_NOT_IMPLEMENTED
;
719 /* Duplicate the token handle into the client process */
720 Status
= NtDuplicateObject(NtCurrentProcess(),
722 LogonContext
->ClientProcessHandle
,
723 &RequestMsg
->LogonUser
.Reply
.Token
,
726 DUPLICATE_SAME_ACCESS
| DUPLICATE_SAME_ATTRIBUTES
| DUPLICATE_CLOSE_SOURCE
);
727 if (!NT_SUCCESS(Status
))
729 TRACE("NtDuplicateObject failed (Status 0x%08lx)\n", Status
);
736 if (!NT_SUCCESS(Status
))
738 if (TokenHandle
!= NULL
)
739 NtClose(TokenHandle
);
742 /* Free the local authentication info buffer */
743 if (LocalAuthInfo
!= NULL
)
744 RtlFreeHeap(RtlGetProcessHeap(), 0, LocalAuthInfo
);
746 /* Free the token information */
747 if (TokenInformation
!= NULL
)
749 if (TokenInformationType
== LsaTokenInformationV1
)
751 TokenInfo1
= (PLSA_TOKEN_INFORMATION_V1
)TokenInformation
;
753 if (TokenInfo1
!= NULL
)
755 if (TokenInfo1
->User
.User
.Sid
!= NULL
)
756 LsapFreeHeap(TokenInfo1
->User
.User
.Sid
);
758 if (TokenInfo1
->Groups
!= NULL
)
760 for (i
= 0; i
< TokenInfo1
->Groups
->GroupCount
; i
++)
762 if (TokenInfo1
->Groups
->Groups
[i
].Sid
!= NULL
)
763 LsapFreeHeap(TokenInfo1
->Groups
->Groups
[i
].Sid
);
766 LsapFreeHeap(TokenInfo1
->Groups
);
769 if (TokenInfo1
->PrimaryGroup
.PrimaryGroup
!= NULL
)
770 LsapFreeHeap(TokenInfo1
->PrimaryGroup
.PrimaryGroup
);
772 if (TokenInfo1
->Privileges
!= NULL
)
773 LsapFreeHeap(TokenInfo1
->Privileges
);
775 if (TokenInfo1
->Owner
.Owner
!= NULL
)
776 LsapFreeHeap(TokenInfo1
->Owner
.Owner
);
778 if (TokenInfo1
->DefaultDacl
.DefaultDacl
!= NULL
)
779 LsapFreeHeap(TokenInfo1
->DefaultDacl
.DefaultDacl
);
781 LsapFreeHeap(TokenInfo1
);
786 FIXME("TokenInformationType %d is not supported!\n", TokenInformationType
);
790 /* Free the account name */
791 if (AccountName
!= NULL
)
793 if (AccountName
->Buffer
!= NULL
)
794 LsapFreeHeap(AccountName
->Buffer
);
796 LsapFreeHeap(AccountName
);
799 /* Free the authentication authority */
800 if (AuthenticatingAuthority
!= NULL
)
802 if (AuthenticatingAuthority
!= NULL
)
803 LsapFreeHeap(AuthenticatingAuthority
->Buffer
);
805 LsapFreeHeap(AuthenticatingAuthority
);
808 /* Free the machine name */
809 if (MachineName
!= NULL
)
811 if (MachineName
->Buffer
!= NULL
)
812 LsapFreeHeap(MachineName
->Buffer
);
814 LsapFreeHeap(MachineName
);