2 * PROJECT: Authentication Package DLL
3 * LICENSE: GPL - See COPYING in the top level directory
4 * FILE: dll/win32/msv1_0/msv1_0.c
6 * COPYRIGHT: Copyright 2013 Eric Kohl
9 /* INCLUDES ****************************************************************/
13 WINE_DEFAULT_DEBUG_CHANNEL(msv1_0
);
16 /* GLOBALS *****************************************************************/
18 LSA_DISPATCH_TABLE DispatchTable
;
21 /* FUNCTIONS ***************************************************************/
25 GetDomainSid(PRPC_SID
*Sid
)
27 LSAPR_HANDLE PolicyHandle
= NULL
;
28 PLSAPR_POLICY_INFORMATION PolicyInfo
= NULL
;
32 Status
= LsaIOpenPolicyTrusted(&PolicyHandle
);
33 if (!NT_SUCCESS(Status
))
35 TRACE("LsaIOpenPolicyTrusted() failed (Status 0x%08lx)\n", Status
);
39 Status
= LsarQueryInformationPolicy(PolicyHandle
,
40 PolicyAccountDomainInformation
,
42 if (!NT_SUCCESS(Status
))
44 TRACE("LsarQueryInformationPolicy() failed (Status 0x%08lx)\n", Status
);
48 Length
= RtlLengthSid(PolicyInfo
->PolicyAccountDomainInfo
.Sid
);
50 *Sid
= RtlAllocateHeap(RtlGetProcessHeap(), 0, Length
);
53 ERR("Failed to allocate SID\n");
54 Status
= STATUS_INSUFFICIENT_RESOURCES
;
58 memcpy(*Sid
, PolicyInfo
->PolicyAccountDomainInfo
.Sid
, Length
);
61 if (PolicyInfo
!= NULL
)
62 LsaIFree_LSAPR_POLICY_INFORMATION(PolicyAccountDomainInformation
,
65 if (PolicyHandle
!= NULL
)
66 LsarClose(&PolicyHandle
);
74 BuildInteractiveProfileBuffer(IN PLSA_CLIENT_REQUEST ClientRequest
,
75 IN PSAMPR_USER_INFO_BUFFER UserInfo
,
76 IN PUNICODE_STRING LogonServer
,
77 OUT PMSV1_0_INTERACTIVE_PROFILE
*ProfileBuffer
,
78 OUT PULONG ProfileBufferLength
)
80 PMSV1_0_INTERACTIVE_PROFILE LocalBuffer
= NULL
;
81 PVOID ClientBaseAddress
= NULL
;
84 NTSTATUS Status
= STATUS_SUCCESS
;
86 *ProfileBuffer
= NULL
;
87 *ProfileBufferLength
= 0;
89 BufferLength
= sizeof(MSV1_0_INTERACTIVE_PROFILE
) +
90 UserInfo
->All
.FullName
.Length
+ sizeof(WCHAR
) +
91 UserInfo
->All
.HomeDirectory
.Length
+ sizeof(WCHAR
) +
92 UserInfo
->All
.HomeDirectoryDrive
.Length
+ sizeof(WCHAR
) +
93 UserInfo
->All
.ScriptPath
.Length
+ sizeof(WCHAR
) +
94 UserInfo
->All
.ProfilePath
.Length
+ sizeof(WCHAR
) +
95 LogonServer
->Length
+ sizeof(WCHAR
);
97 LocalBuffer
= DispatchTable
.AllocateLsaHeap(BufferLength
);
98 if (LocalBuffer
== NULL
)
100 TRACE("Failed to allocate the local buffer!\n");
101 Status
= STATUS_INSUFFICIENT_RESOURCES
;
105 Status
= DispatchTable
.AllocateClientBuffer(ClientRequest
,
108 if (!NT_SUCCESS(Status
))
110 TRACE("DispatchTable.AllocateClientBuffer failed (Status 0x%08lx)\n", Status
);
114 TRACE("ClientBaseAddress: %p\n", ClientBaseAddress
);
116 Ptr
= (LPWSTR
)((ULONG_PTR
)LocalBuffer
+ sizeof(MSV1_0_INTERACTIVE_PROFILE
));
118 LocalBuffer
->MessageType
= MsV1_0InteractiveProfile
;
119 LocalBuffer
->LogonCount
= UserInfo
->All
.LogonCount
;
120 LocalBuffer
->BadPasswordCount
= UserInfo
->All
.BadPasswordCount
;
122 LocalBuffer
->LogonTime
.LowPart
= UserInfo
->All
.LastLogon
.LowPart
;
123 LocalBuffer
->LogonTime
.HighPart
= UserInfo
->All
.LastLogon
.HighPart
;
125 // LocalBuffer->LogoffTime.LowPart =
126 // LocalBuffer->LogoffTime.HighPart =
128 // LocalBuffer->KickOffTime.LowPart =
129 // LocalBuffer->KickOffTime.HighPart =
131 LocalBuffer
->PasswordLastSet
.LowPart
= UserInfo
->All
.PasswordLastSet
.LowPart
;
132 LocalBuffer
->PasswordLastSet
.HighPart
= UserInfo
->All
.PasswordLastSet
.HighPart
;
134 LocalBuffer
->PasswordCanChange
.LowPart
= UserInfo
->All
.PasswordCanChange
.LowPart
;
135 LocalBuffer
->PasswordCanChange
.HighPart
= UserInfo
->All
.PasswordCanChange
.HighPart
;
137 LocalBuffer
->PasswordMustChange
.LowPart
= UserInfo
->All
.PasswordMustChange
.LowPart
;
138 LocalBuffer
->PasswordMustChange
.HighPart
= UserInfo
->All
.PasswordMustChange
.HighPart
;
140 LocalBuffer
->LogonScript
.Length
= UserInfo
->All
.ScriptPath
.Length
;
141 LocalBuffer
->LogonScript
.MaximumLength
= UserInfo
->All
.ScriptPath
.Length
+ sizeof(WCHAR
);
142 LocalBuffer
->LogonScript
.Buffer
= (LPWSTR
)((ULONG_PTR
)ClientBaseAddress
+ (ULONG_PTR
)Ptr
- (ULONG_PTR
)LocalBuffer
);
144 UserInfo
->All
.ScriptPath
.Buffer
,
145 UserInfo
->All
.ScriptPath
.Length
);
147 Ptr
= (LPWSTR
)((ULONG_PTR
)Ptr
+ LocalBuffer
->LogonScript
.MaximumLength
);
149 LocalBuffer
->HomeDirectory
.Length
= UserInfo
->All
.HomeDirectory
.Length
;
150 LocalBuffer
->HomeDirectory
.MaximumLength
= UserInfo
->All
.HomeDirectory
.Length
+ sizeof(WCHAR
);
151 LocalBuffer
->HomeDirectory
.Buffer
= (LPWSTR
)((ULONG_PTR
)ClientBaseAddress
+ (ULONG_PTR
)Ptr
- (ULONG_PTR
)LocalBuffer
);
153 UserInfo
->All
.HomeDirectory
.Buffer
,
154 UserInfo
->All
.HomeDirectory
.Length
);
156 Ptr
= (LPWSTR
)((ULONG_PTR
)Ptr
+ LocalBuffer
->HomeDirectory
.MaximumLength
);
158 LocalBuffer
->FullName
.Length
= UserInfo
->All
.FullName
.Length
;
159 LocalBuffer
->FullName
.MaximumLength
= UserInfo
->All
.FullName
.Length
+ sizeof(WCHAR
);
160 LocalBuffer
->FullName
.Buffer
= (LPWSTR
)((ULONG_PTR
)ClientBaseAddress
+ (ULONG_PTR
)Ptr
- (ULONG_PTR
)LocalBuffer
);
162 UserInfo
->All
.FullName
.Buffer
,
163 UserInfo
->All
.FullName
.Length
);
164 TRACE("FullName.Buffer: %p\n", LocalBuffer
->FullName
.Buffer
);
166 Ptr
= (LPWSTR
)((ULONG_PTR
)Ptr
+ LocalBuffer
->FullName
.MaximumLength
);
168 LocalBuffer
->ProfilePath
.Length
= UserInfo
->All
.ProfilePath
.Length
;
169 LocalBuffer
->ProfilePath
.MaximumLength
= UserInfo
->All
.ProfilePath
.Length
+ sizeof(WCHAR
);
170 LocalBuffer
->ProfilePath
.Buffer
= (LPWSTR
)((ULONG_PTR
)ClientBaseAddress
+ (ULONG_PTR
)Ptr
- (ULONG_PTR
)LocalBuffer
);
172 UserInfo
->All
.ProfilePath
.Buffer
,
173 UserInfo
->All
.ProfilePath
.Length
);
175 Ptr
= (LPWSTR
)((ULONG_PTR
)Ptr
+ LocalBuffer
->ProfilePath
.MaximumLength
);
177 LocalBuffer
->HomeDirectoryDrive
.Length
= UserInfo
->All
.HomeDirectoryDrive
.Length
;
178 LocalBuffer
->HomeDirectoryDrive
.MaximumLength
= UserInfo
->All
.HomeDirectoryDrive
.Length
+ sizeof(WCHAR
);
179 LocalBuffer
->HomeDirectoryDrive
.Buffer
= (LPWSTR
)((ULONG_PTR
)ClientBaseAddress
+ (ULONG_PTR
)Ptr
- (ULONG_PTR
)LocalBuffer
);
181 UserInfo
->All
.HomeDirectoryDrive
.Buffer
,
182 UserInfo
->All
.HomeDirectoryDrive
.Length
);
184 Ptr
= (LPWSTR
)((ULONG_PTR
)Ptr
+ LocalBuffer
->HomeDirectoryDrive
.MaximumLength
);
186 LocalBuffer
->LogonServer
.Length
= LogonServer
->Length
;
187 LocalBuffer
->LogonServer
.MaximumLength
= LogonServer
->Length
+ sizeof(WCHAR
);
188 LocalBuffer
->LogonServer
.Buffer
= (LPWSTR
)((ULONG_PTR
)ClientBaseAddress
+ (ULONG_PTR
)Ptr
- (ULONG_PTR
)LocalBuffer
);;
191 LogonServer
->Length
);
193 LocalBuffer
->UserFlags
= 0;
195 Status
= DispatchTable
.CopyToClientBuffer(ClientRequest
,
199 if (!NT_SUCCESS(Status
))
201 TRACE("DispatchTable.CopyToClientBuffer failed (Status 0x%08lx)\n", Status
);
205 *ProfileBuffer
= (PMSV1_0_INTERACTIVE_PROFILE
)ClientBaseAddress
;
206 *ProfileBufferLength
= BufferLength
;
209 if (LocalBuffer
!= NULL
)
210 DispatchTable
.FreeLsaHeap(LocalBuffer
);
212 if (!NT_SUCCESS(Status
))
214 if (ClientBaseAddress
!= NULL
)
215 DispatchTable
.FreeClientBuffer(ClientRequest
,
225 AppendRidToSid(PSID SrcSid
,
231 RidCount
= *RtlSubAuthorityCountSid(SrcSid
);
235 DstSid
= DispatchTable
.AllocateLsaHeap(RtlLengthRequiredSid(RidCount
+ 1));
239 RtlCopyMemory(DstSid
,
241 RtlLengthRequiredSid(RidCount
));
243 *RtlSubAuthorityCountSid(DstSid
) = RidCount
+ 1;
244 *RtlSubAuthoritySid(DstSid
, RidCount
) = Rid
;
251 BuildTokenUser(OUT PTOKEN_USER User
,
252 IN PSID AccountDomainSid
,
255 User
->User
.Sid
= AppendRidToSid(AccountDomainSid
,
257 if (User
->User
.Sid
== NULL
)
259 ERR("Could not create the user SID\n");
260 return STATUS_UNSUCCESSFUL
;
263 User
->User
.Attributes
= 0;
265 return STATUS_SUCCESS
;
271 BuildTokenGroups(IN PSID AccountDomainSid
,
273 OUT PTOKEN_GROUPS
*Groups
,
274 OUT PSID
*PrimaryGroupSid
,
277 SID_IDENTIFIER_AUTHORITY WorldAuthority
= {SECURITY_WORLD_SID_AUTHORITY
};
278 SID_IDENTIFIER_AUTHORITY LocalAuthority
= {SECURITY_LOCAL_SID_AUTHORITY
};
279 SID_IDENTIFIER_AUTHORITY SystemAuthority
= {SECURITY_NT_AUTHORITY
};
280 PTOKEN_GROUPS TokenGroups
;
282 DWORD GroupCount
= 0;
284 NTSTATUS Status
= STATUS_SUCCESS
;
286 TokenGroups
= DispatchTable
.AllocateLsaHeap(sizeof(TOKEN_GROUPS
) +
287 MAX_GROUPS
* sizeof(SID_AND_ATTRIBUTES
));
288 if (TokenGroups
== NULL
)
290 return STATUS_INSUFFICIENT_RESOURCES
;
293 Sid
= AppendRidToSid(AccountDomainSid
, DOMAIN_GROUP_RID_USERS
);
299 /* Member of the domain */
300 TokenGroups
->Groups
[GroupCount
].Sid
= Sid
;
301 TokenGroups
->Groups
[GroupCount
].Attributes
=
302 SE_GROUP_ENABLED
| SE_GROUP_ENABLED_BY_DEFAULT
| SE_GROUP_MANDATORY
;
303 *PrimaryGroupSid
= Sid
;
306 /* Member of 'Everyone' */
307 RtlAllocateAndInitializeSid(&WorldAuthority
,
318 TokenGroups
->Groups
[GroupCount
].Sid
= Sid
;
319 TokenGroups
->Groups
[GroupCount
].Attributes
=
320 SE_GROUP_ENABLED
| SE_GROUP_ENABLED_BY_DEFAULT
| SE_GROUP_MANDATORY
;
324 /* Member of 'Administrators' */
325 RtlAllocateAndInitializeSid(&SystemAuthority
,
327 SECURITY_BUILTIN_DOMAIN_RID
,
328 DOMAIN_ALIAS_RID_ADMINS
,
336 TokenGroups
->Groups
[GroupCount
].Sid
= Sid
;
337 TokenGroups
->Groups
[GroupCount
].Attributes
=
338 SE_GROUP_ENABLED
| SE_GROUP_ENABLED_BY_DEFAULT
| SE_GROUP_MANDATORY
;
341 TRACE("Not adding user to Administrators group\n");
344 /* Member of 'Users' */
345 RtlAllocateAndInitializeSid(&SystemAuthority
,
347 SECURITY_BUILTIN_DOMAIN_RID
,
348 DOMAIN_ALIAS_RID_USERS
,
356 TokenGroups
->Groups
[GroupCount
].Sid
= Sid
;
357 TokenGroups
->Groups
[GroupCount
].Attributes
=
358 SE_GROUP_ENABLED
| SE_GROUP_ENABLED_BY_DEFAULT
| SE_GROUP_MANDATORY
;
362 RtlAllocateAndInitializeSid(&SystemAuthority
,
363 SECURITY_LOGON_IDS_RID_COUNT
,
364 SECURITY_LOGON_IDS_RID
,
373 TokenGroups
->Groups
[GroupCount
].Sid
= Sid
;
374 TokenGroups
->Groups
[GroupCount
].Attributes
=
375 SE_GROUP_ENABLED
| SE_GROUP_ENABLED_BY_DEFAULT
| SE_GROUP_MANDATORY
| SE_GROUP_LOGON_ID
;
379 /* Member of 'Local users */
380 RtlAllocateAndInitializeSid(&LocalAuthority
,
391 TokenGroups
->Groups
[GroupCount
].Sid
= Sid
;
392 TokenGroups
->Groups
[GroupCount
].Attributes
=
393 SE_GROUP_ENABLED
| SE_GROUP_ENABLED_BY_DEFAULT
| SE_GROUP_MANDATORY
;
396 /* Member of 'Interactive users' */
397 RtlAllocateAndInitializeSid(&SystemAuthority
,
399 SECURITY_INTERACTIVE_RID
,
408 TokenGroups
->Groups
[GroupCount
].Sid
= Sid
;
409 TokenGroups
->Groups
[GroupCount
].Attributes
=
410 SE_GROUP_ENABLED
| SE_GROUP_ENABLED_BY_DEFAULT
| SE_GROUP_MANDATORY
;
413 /* Member of 'Authenticated users' */
414 RtlAllocateAndInitializeSid(&SystemAuthority
,
416 SECURITY_AUTHENTICATED_USER_RID
,
425 TokenGroups
->Groups
[GroupCount
].Sid
= Sid
;
426 TokenGroups
->Groups
[GroupCount
].Attributes
=
427 SE_GROUP_ENABLED
| SE_GROUP_ENABLED_BY_DEFAULT
| SE_GROUP_MANDATORY
;
430 TokenGroups
->GroupCount
= GroupCount
;
431 ASSERT(TokenGroups
->GroupCount
<= MAX_GROUPS
);
433 *Groups
= TokenGroups
;
441 BuildTokenPrimaryGroup(PTOKEN_PRIMARY_GROUP PrimaryGroup
,
442 PSID PrimaryGroupSid
)
447 RidCount
= *RtlSubAuthorityCountSid(PrimaryGroupSid
);
448 Size
= RtlLengthRequiredSid(RidCount
);
450 PrimaryGroup
->PrimaryGroup
= DispatchTable
.AllocateLsaHeap(Size
);
451 if (PrimaryGroup
->PrimaryGroup
== NULL
)
453 return STATUS_INSUFFICIENT_RESOURCES
;
456 RtlCopyMemory(PrimaryGroup
->PrimaryGroup
,
460 return STATUS_SUCCESS
;
465 BuildTokenPrivileges(PTOKEN_PRIVILEGES
*TokenPrivileges
)
467 /* FIXME shouldn't use hard-coded list of privileges */
475 { L
"SeMachineAccountPrivilege", 0 },
476 { L
"SeSecurityPrivilege", 0 },
477 { L
"SeTakeOwnershipPrivilege", 0 },
478 { L
"SeLoadDriverPrivilege", 0 },
479 { L
"SeSystemProfilePrivilege", 0 },
480 { L
"SeSystemtimePrivilege", 0 },
481 { L
"SeProfileSingleProcessPrivilege", 0 },
482 { L
"SeIncreaseBasePriorityPrivilege", 0 },
483 { L
"SeCreatePagefilePrivilege", 0 },
484 { L
"SeBackupPrivilege", 0 },
485 { L
"SeRestorePrivilege", 0 },
486 { L
"SeShutdownPrivilege", 0 },
487 { L
"SeDebugPrivilege", 0 },
488 { L
"SeSystemEnvironmentPrivilege", 0 },
489 { L
"SeChangeNotifyPrivilege", SE_PRIVILEGE_ENABLED
| SE_PRIVILEGE_ENABLED_BY_DEFAULT
},
490 { L
"SeRemoteShutdownPrivilege", 0 },
491 { L
"SeUndockPrivilege", 0 },
492 { L
"SeEnableDelegationPrivilege", 0 },
493 { L
"SeImpersonatePrivilege", SE_PRIVILEGE_ENABLED
| SE_PRIVILEGE_ENABLED_BY_DEFAULT
},
494 { L
"SeCreateGlobalPrivilege", SE_PRIVILEGE_ENABLED
| SE_PRIVILEGE_ENABLED_BY_DEFAULT
}
496 PTOKEN_PRIVILEGES Privileges
= NULL
;
498 RPC_UNICODE_STRING PrivilegeName
;
499 LSAPR_HANDLE PolicyHandle
= NULL
;
500 NTSTATUS Status
= STATUS_SUCCESS
;
502 Status
= LsaIOpenPolicyTrusted(&PolicyHandle
);
503 if (!NT_SUCCESS(Status
))
508 /* Allocate and initialize token privileges */
509 Privileges
= DispatchTable
.AllocateLsaHeap(sizeof(TOKEN_PRIVILEGES
) +
510 sizeof(DefaultPrivs
) / sizeof(DefaultPrivs
[0]) *
511 sizeof(LUID_AND_ATTRIBUTES
));
512 if (Privileges
== NULL
)
514 Status
= STATUS_INSUFFICIENT_RESOURCES
;
518 Privileges
->PrivilegeCount
= 0;
519 for (i
= 0; i
< sizeof(DefaultPrivs
) / sizeof(DefaultPrivs
[0]); i
++)
521 PrivilegeName
.Length
= wcslen(DefaultPrivs
[i
].PrivName
) * sizeof(WCHAR
);
522 PrivilegeName
.MaximumLength
= PrivilegeName
.Length
+ sizeof(WCHAR
);
523 PrivilegeName
.Buffer
= (LPWSTR
)DefaultPrivs
[i
].PrivName
;
525 Status
= LsarLookupPrivilegeValue(PolicyHandle
,
527 &Privileges
->Privileges
[Privileges
->PrivilegeCount
].Luid
);
528 if (!NT_SUCCESS(Status
))
530 WARN("Can't set privilege %S\n", DefaultPrivs
[i
].PrivName
);
534 Privileges
->Privileges
[Privileges
->PrivilegeCount
].Attributes
= DefaultPrivs
[i
].Attributes
;
535 Privileges
->PrivilegeCount
++;
539 *TokenPrivileges
= Privileges
;
542 if (PolicyHandle
!= NULL
)
543 LsarClose(PolicyHandle
);
551 BuildTokenOwner(PTOKEN_OWNER Owner
,
557 RidCount
= *RtlSubAuthorityCountSid(OwnerSid
);
558 Size
= RtlLengthRequiredSid(RidCount
);
560 Owner
->Owner
= DispatchTable
.AllocateLsaHeap(Size
);
561 if (Owner
->Owner
== NULL
)
563 return STATUS_INSUFFICIENT_RESOURCES
;
566 RtlCopyMemory(Owner
->Owner
,
570 return STATUS_SUCCESS
;
576 BuildTokenDefaultDacl(PTOKEN_DEFAULT_DACL DefaultDacl
,
579 SID_IDENTIFIER_AUTHORITY SystemAuthority
= {SECURITY_NT_AUTHORITY
};
580 PSID LocalSystemSid
= NULL
;
582 NTSTATUS Status
= STATUS_SUCCESS
;
584 RtlAllocateAndInitializeSid(&SystemAuthority
,
586 SECURITY_LOCAL_SYSTEM_RID
,
596 Dacl
= DispatchTable
.AllocateLsaHeap(1024);
599 Status
= STATUS_INSUFFICIENT_RESOURCES
;
603 Status
= RtlCreateAcl(Dacl
, 1024, ACL_REVISION
);
604 if (!NT_SUCCESS(Status
))
607 RtlAddAccessAllowedAce(Dacl
,
613 RtlAddAccessAllowedAce(Dacl
,
618 DefaultDacl
->DefaultDacl
= Dacl
;
621 if (!NT_SUCCESS(Status
))
624 DispatchTable
.FreeLsaHeap(Dacl
);
627 if (LocalSystemSid
!= NULL
)
628 RtlFreeSid(LocalSystemSid
);
636 BuildTokenInformationBuffer(PLSA_TOKEN_INFORMATION_V1
*TokenInformation
,
637 PRPC_SID AccountDomainSid
,
641 PLSA_TOKEN_INFORMATION_V1 Buffer
= NULL
;
642 PSID OwnerSid
= NULL
;
643 PSID PrimaryGroupSid
= NULL
;
645 NTSTATUS Status
= STATUS_SUCCESS
;
647 Buffer
= DispatchTable
.AllocateLsaHeap(sizeof(LSA_TOKEN_INFORMATION_V1
));
650 TRACE("Failed to allocate the local buffer!\n");
651 Status
= STATUS_INSUFFICIENT_RESOURCES
;
656 Buffer
->ExpirationTime
.QuadPart
= -1;
658 Status
= BuildTokenUser(&Buffer
->User
,
659 (PSID
)AccountDomainSid
,
661 if (!NT_SUCCESS(Status
))
664 Status
= BuildTokenGroups((PSID
)AccountDomainSid
,
669 if (!NT_SUCCESS(Status
))
672 Status
= BuildTokenPrimaryGroup(&Buffer
->PrimaryGroup
,
674 if (!NT_SUCCESS(Status
))
677 Status
= BuildTokenPrivileges(&Buffer
->Privileges
);
678 if (!NT_SUCCESS(Status
))
681 Status
= BuildTokenOwner(&Buffer
->Owner
,
683 if (!NT_SUCCESS(Status
))
686 Status
= BuildTokenDefaultDacl(&Buffer
->DefaultDacl
,
688 if (!NT_SUCCESS(Status
))
691 *TokenInformation
= Buffer
;
694 if (!NT_SUCCESS(Status
))
698 if (Buffer
->User
.User
.Sid
!= NULL
)
699 DispatchTable
.FreeLsaHeap(Buffer
->User
.User
.Sid
);
701 if (Buffer
->Groups
!= NULL
)
703 for (i
= 0; i
< Buffer
->Groups
->GroupCount
; i
++)
705 if (Buffer
->Groups
->Groups
[i
].Sid
!= NULL
)
706 DispatchTable
.FreeLsaHeap(Buffer
->Groups
->Groups
[i
].Sid
);
709 DispatchTable
.FreeLsaHeap(Buffer
->Groups
);
712 if (Buffer
->PrimaryGroup
.PrimaryGroup
!= NULL
)
713 DispatchTable
.FreeLsaHeap(Buffer
->PrimaryGroup
.PrimaryGroup
);
715 if (Buffer
->Privileges
!= NULL
)
716 DispatchTable
.FreeLsaHeap(Buffer
->Privileges
);
718 if (Buffer
->Owner
.Owner
!= NULL
)
719 DispatchTable
.FreeLsaHeap(Buffer
->Owner
.Owner
);
721 if (Buffer
->DefaultDacl
.DefaultDacl
!= NULL
)
722 DispatchTable
.FreeLsaHeap(Buffer
->DefaultDacl
.DefaultDacl
);
724 DispatchTable
.FreeLsaHeap(Buffer
);
737 LsaApCallPackage(IN PLSA_CLIENT_REQUEST ClientRequest
,
738 IN PVOID ProtocolSubmitBuffer
,
739 IN PVOID ClientBufferBase
,
740 IN ULONG SubmitBufferLength
,
741 OUT PVOID
*ProtocolReturnBuffer
,
742 OUT PULONG ReturnBufferLength
,
743 OUT PNTSTATUS ProtocolStatus
)
746 return STATUS_NOT_IMPLEMENTED
;
755 LsaApCallPackagePassthrough(IN PLSA_CLIENT_REQUEST ClientRequest
,
756 IN PVOID ProtocolSubmitBuffer
,
757 IN PVOID ClientBufferBase
,
758 IN ULONG SubmitBufferLength
,
759 OUT PVOID
*ProtocolReturnBuffer
,
760 OUT PULONG ReturnBufferLength
,
761 OUT PNTSTATUS ProtocolStatus
)
764 return STATUS_NOT_IMPLEMENTED
;
773 LsaApCallPackageUntrusted(IN PLSA_CLIENT_REQUEST ClientRequest
,
774 IN PVOID ProtocolSubmitBuffer
,
775 IN PVOID ClientBufferBase
,
776 IN ULONG SubmitBufferLength
,
777 OUT PVOID
*ProtocolReturnBuffer
,
778 OUT PULONG ReturnBufferLength
,
779 OUT PNTSTATUS ProtocolStatus
)
782 return STATUS_NOT_IMPLEMENTED
;
791 LsaApInitializePackage(IN ULONG AuthenticationPackageId
,
792 IN PLSA_DISPATCH_TABLE LsaDispatchTable
,
793 IN PLSA_STRING Database OPTIONAL
,
794 IN PLSA_STRING Confidentiality OPTIONAL
,
795 OUT PLSA_STRING
*AuthenticationPackageName
)
797 PANSI_STRING NameString
;
800 TRACE("(%lu %p %p %p %p)\n",
801 AuthenticationPackageId
, LsaDispatchTable
, Database
,
802 Confidentiality
, AuthenticationPackageName
);
804 /* Get the dispatch table entries */
805 DispatchTable
.AllocateLsaHeap
= LsaDispatchTable
->AllocateLsaHeap
;
806 DispatchTable
.FreeLsaHeap
= LsaDispatchTable
->FreeLsaHeap
;
807 DispatchTable
.AllocateClientBuffer
= LsaDispatchTable
->AllocateClientBuffer
;
808 DispatchTable
.FreeClientBuffer
= LsaDispatchTable
->FreeClientBuffer
;
809 DispatchTable
.CopyToClientBuffer
= LsaDispatchTable
->CopyToClientBuffer
;
810 DispatchTable
.CopyFromClientBuffer
= LsaDispatchTable
->CopyFromClientBuffer
;
813 /* Return the package name */
814 NameString
= DispatchTable
.AllocateLsaHeap(sizeof(LSA_STRING
));
815 if (NameString
== NULL
)
816 return STATUS_INSUFFICIENT_RESOURCES
;
818 NameBuffer
= DispatchTable
.AllocateLsaHeap(sizeof(MSV1_0_PACKAGE_NAME
));
819 if (NameBuffer
== NULL
)
821 DispatchTable
.FreeLsaHeap(NameString
);
822 return STATUS_INSUFFICIENT_RESOURCES
;
825 strcpy(NameBuffer
, MSV1_0_PACKAGE_NAME
);
827 RtlInitAnsiString(NameString
, NameBuffer
);
829 *AuthenticationPackageName
= (PLSA_STRING
)NameString
;
831 return STATUS_SUCCESS
;
840 LsaApLogonTerminated(IN PLUID LogonId
)
851 LsaApLogonUser(IN PLSA_CLIENT_REQUEST ClientRequest
,
852 IN SECURITY_LOGON_TYPE LogonType
,
853 IN PVOID AuthenticationInformation
,
854 IN PVOID ClientAuthenticationBase
,
855 IN ULONG AuthenticationInformationLength
,
856 OUT PVOID
*ProfileBuffer
,
857 OUT PULONG ProfileBufferLength
,
859 OUT PNTSTATUS SubStatus
,
860 OUT PLSA_TOKEN_INFORMATION_TYPE TokenInformationType
,
861 OUT PVOID
*TokenInformation
,
862 OUT PLSA_UNICODE_STRING
*AccountName
,
863 OUT PLSA_UNICODE_STRING
*AuthenticatingAuthority
)
865 PMSV1_0_INTERACTIVE_LOGON LogonInfo
;
867 SAMPR_HANDLE ServerHandle
= NULL
;
868 SAMPR_HANDLE DomainHandle
= NULL
;
869 SAMPR_HANDLE UserHandle
= NULL
;
870 PRPC_SID AccountDomainSid
= NULL
;
871 RPC_UNICODE_STRING Names
[1];
872 SAMPR_ULONG_ARRAY RelativeIds
= {0, NULL
};
873 SAMPR_ULONG_ARRAY Use
= {0, NULL
};
874 PSAMPR_USER_INFO_BUFFER UserInfo
= NULL
;
875 UNICODE_STRING LogonServer
;
880 TRACE("LogonType: %lu\n", LogonType
);
881 TRACE("AuthenticationInformation: %p\n", AuthenticationInformation
);
882 TRACE("AuthenticationInformationLength: %lu\n", AuthenticationInformationLength
);
885 *ProfileBuffer
= NULL
;
886 *ProfileBufferLength
= 0;
887 *SubStatus
= STATUS_SUCCESS
;
889 if (LogonType
== Interactive
||
890 LogonType
== Batch
||
891 LogonType
== Service
)
895 LogonInfo
= (PMSV1_0_INTERACTIVE_LOGON
)AuthenticationInformation
;
897 /* Fix-up pointers in the authentication info */
898 PtrOffset
= (ULONG_PTR
)AuthenticationInformation
- (ULONG_PTR
)ClientAuthenticationBase
;
900 LogonInfo
->LogonDomainName
.Buffer
= (PWSTR
)((ULONG_PTR
)LogonInfo
->LogonDomainName
.Buffer
+ PtrOffset
);
901 LogonInfo
->UserName
.Buffer
= (PWSTR
)((ULONG_PTR
)LogonInfo
->UserName
.Buffer
+ PtrOffset
);
902 LogonInfo
->Password
.Buffer
= (PWSTR
)((ULONG_PTR
)LogonInfo
->Password
.Buffer
+ PtrOffset
);
904 TRACE("Domain: %S\n", LogonInfo
->LogonDomainName
.Buffer
);
905 TRACE("User: %S\n", LogonInfo
->UserName
.Buffer
);
906 TRACE("Password: %S\n", LogonInfo
->Password
.Buffer
);
908 RtlInitUnicodeString(&LogonServer
, L
"Testserver");
912 FIXME("LogonType %lu is not supported yet!\n", LogonType
);
913 return STATUS_NOT_IMPLEMENTED
;
916 Status
= GetDomainSid(&AccountDomainSid
);
917 if (!NT_SUCCESS(Status
))
919 TRACE("GetDomainSid() failed (Status 0x%08lx)\n", Status
);
923 /* Connect to the SAM server */
924 Status
= SamIConnect(NULL
,
926 SAM_SERVER_CONNECT
| SAM_SERVER_LOOKUP_DOMAIN
,
928 if (!NT_SUCCESS(Status
))
930 TRACE("SamIConnect() failed (Status 0x%08lx)\n", Status
);
934 /* Open the account domain */
935 Status
= SamrOpenDomain(ServerHandle
,
939 if (!NT_SUCCESS(Status
))
941 TRACE("SamrOpenDomain failed (Status %08lx)\n", Status
);
945 Names
[0].Length
= LogonInfo
->UserName
.Length
;
946 Names
[0].MaximumLength
= LogonInfo
->UserName
.MaximumLength
;
947 Names
[0].Buffer
= LogonInfo
->UserName
.Buffer
;
949 /* Try to get the RID for the user name */
950 Status
= SamrLookupNamesInDomain(DomainHandle
,
955 if (!NT_SUCCESS(Status
))
957 TRACE("SamrLookupNamesInDomain failed (Status %08lx)\n", Status
);
958 Status
= STATUS_NO_SUCH_USER
;
962 /* Fail, if it is not a user account */
963 if (Use
.Element
[0] != SidTypeUser
)
965 TRACE("Account is not a user account!\n");
966 Status
= STATUS_NO_SUCH_USER
;
970 /* Open the user object */
971 Status
= SamrOpenUser(DomainHandle
,
972 USER_READ_GENERAL
| USER_READ_LOGON
|
973 USER_READ_ACCOUNT
| USER_READ_PREFERENCES
, /* FIXME */
974 RelativeIds
.Element
[0],
976 if (!NT_SUCCESS(Status
))
978 TRACE("SamrOpenUser failed (Status %08lx)\n", Status
);
982 Status
= SamrQueryInformationUser(UserHandle
,
985 if (!NT_SUCCESS(Status
))
987 TRACE("SamrQueryInformationUser failed (Status %08lx)\n", Status
);
992 TRACE("UserName: %S\n", UserInfo
->All
.UserName
.Buffer
);
994 /* FIXME: Check restrictions */
996 /* FIXME: Check the password */
997 if ((UserInfo
->All
.UserAccountControl
& USER_PASSWORD_NOT_REQUIRED
) == 0)
999 FIXME("Must check the password!\n");
1003 /* Return logon information */
1005 /* Create and return a new logon id */
1006 Status
= NtAllocateLocallyUniqueId(LogonId
);
1007 if (!NT_SUCCESS(Status
))
1009 TRACE("NtAllocateLocallyUniqueId failed (Status %08lx)\n", Status
);
1013 /* Build and fill the interactve profile buffer */
1014 Status
= BuildInteractiveProfileBuffer(ClientRequest
,
1017 (PMSV1_0_INTERACTIVE_PROFILE
*)ProfileBuffer
,
1018 ProfileBufferLength
);
1019 if (!NT_SUCCESS(Status
))
1021 TRACE("BuildInteractiveProfileBuffer failed (Status %08lx)\n", Status
);
1025 /* Return the token information type */
1026 *TokenInformationType
= LsaTokenInformationV1
;
1028 /* Build and fill the token information buffer */
1029 Status
= BuildTokenInformationBuffer((PLSA_TOKEN_INFORMATION_V1
*)TokenInformation
,
1031 RelativeIds
.Element
[0],
1033 if (!NT_SUCCESS(Status
))
1035 TRACE("BuildTokenInformationBuffer failed (Status %08lx)\n", Status
);
1039 *SubStatus
= STATUS_SUCCESS
;
1042 /* Return the account name */
1043 *AccountName
= DispatchTable
.AllocateLsaHeap(sizeof(UNICODE_STRING
));
1044 if (*AccountName
!= NULL
)
1046 (*AccountName
)->Buffer
= DispatchTable
.AllocateLsaHeap(LogonInfo
->UserName
.Length
+
1047 sizeof(UNICODE_NULL
));
1048 if ((*AccountName
)->Buffer
!= NULL
)
1050 (*AccountName
)->MaximumLength
= LogonInfo
->UserName
.Length
+
1051 sizeof(UNICODE_NULL
);
1052 RtlCopyUnicodeString(*AccountName
, &LogonInfo
->UserName
);
1056 if (!NT_SUCCESS(Status
))
1058 if (*ProfileBuffer
!= NULL
)
1060 DispatchTable
.FreeClientBuffer(ClientRequest
,
1062 *ProfileBuffer
= NULL
;
1066 if (UserHandle
!= NULL
)
1067 SamrCloseHandle(&UserHandle
);
1069 SamIFree_SAMPR_USER_INFO_BUFFER(UserInfo
,
1070 UserAllInformation
);
1071 SamIFree_SAMPR_ULONG_ARRAY(&RelativeIds
);
1072 SamIFree_SAMPR_ULONG_ARRAY(&Use
);
1074 if (DomainHandle
!= NULL
)
1075 SamrCloseHandle(&DomainHandle
);
1077 if (ServerHandle
!= NULL
)
1078 SamrCloseHandle(&ServerHandle
);
1080 if (AccountDomainSid
!= NULL
)
1081 RtlFreeHeap(RtlGetProcessHeap(), 0, AccountDomainSid
);
1083 TRACE("LsaApLogonUser done (Status %08lx)\n", Status
);
1094 LsaApLogonUserEx(IN PLSA_CLIENT_REQUEST ClientRequest
,
1095 IN SECURITY_LOGON_TYPE LogonType
,
1096 IN PVOID AuthenticationInformation
,
1097 IN PVOID ClientAuthenticationBase
,
1098 IN ULONG AuthenticationInformationLength
,
1099 OUT PVOID
*ProfileBuffer
,
1100 OUT PULONG ProfileBufferLength
,
1102 OUT PNTSTATUS SubStatus
,
1103 OUT PLSA_TOKEN_INFORMATION_TYPE TokenInformationType
,
1104 OUT PVOID
*TokenInformation
,
1105 OUT PUNICODE_STRING
*AccountName
,
1106 OUT PUNICODE_STRING
*AuthenticatingAuthority
,
1107 OUT PUNICODE_STRING
*MachineName
)
1111 TRACE("LogonType: %lu\n", LogonType
);
1112 TRACE("AuthenticationInformation: %p\n", AuthenticationInformation
);
1113 TRACE("AuthenticationInformationLength: %lu\n", AuthenticationInformationLength
);
1115 return STATUS_NOT_IMPLEMENTED
;
1124 LsaApLogonUserEx2(IN PLSA_CLIENT_REQUEST ClientRequest
,
1125 IN SECURITY_LOGON_TYPE LogonType
,
1126 IN PVOID ProtocolSubmitBuffer
,
1127 IN PVOID ClientBufferBase
,
1128 IN ULONG SubmitBufferSize
,
1129 OUT PVOID
*ProfileBuffer
,
1130 OUT PULONG ProfileBufferSize
,
1132 OUT PNTSTATUS SubStatus
,
1133 OUT PLSA_TOKEN_INFORMATION_TYPE TokenInformationType
,
1134 OUT PVOID
*TokenInformation
,
1135 OUT PUNICODE_STRING
*AccountName
,
1136 OUT PUNICODE_STRING
*AuthenticatingAuthority
,
1137 OUT PUNICODE_STRING
*MachineName
,
1138 OUT PSECPKG_PRIMARY_CRED PrimaryCredentials
,
1139 OUT PSECPKG_SUPPLEMENTAL_CRED_ARRAY
*SupplementalCredentials
)
1143 TRACE("LogonType: %lu\n", LogonType
);
1144 TRACE("ProtocolSubmitBuffer: %p\n", ProtocolSubmitBuffer
);
1145 TRACE("SubmitBufferSize: %lu\n", SubmitBufferSize
);
1148 return STATUS_NOT_IMPLEMENTED
;