projects / reactos.git / blob
? search:


b7ef433ccbc04daab3d94bebcace3544204cd781
[reactos.git] / reactos / dll / win32 / msv1_0 / msv1_0.c
1 /*
2 * PROJECT: Authentication Package DLL
3 * LICENSE: GPL - See COPYING in the top level directory
4 * FILE: dll/win32/msv1_0/msv1_0.c
5 * PURPOSE: Main file
6 * COPYRIGHT: Copyright 2013 Eric Kohl
7 */
8
9 /* INCLUDES ****************************************************************/
10
11 #include "msv1_0.h"
12
13 WINE_DEFAULT_DEBUG_CHANNEL(msv1_0);
14
15
16 /* GLOBALS *****************************************************************/
17
18 LSA_DISPATCH_TABLE DispatchTable;
19
20
21 /* FUNCTIONS ***************************************************************/
22
23 static
24 NTSTATUS
25 GetDomainSid(PRPC_SID *Sid)
26 {
27 LSAPR_HANDLE PolicyHandle = NULL;
28 PLSAPR_POLICY_INFORMATION PolicyInfo = NULL;
29 ULONG Length = 0;
30 NTSTATUS Status;
31
32 Status = LsaIOpenPolicyTrusted(&PolicyHandle);
33 if (!NT_SUCCESS(Status))
34 {
35 TRACE("LsaIOpenPolicyTrusted() failed (Status 0x%08lx)\n", Status);
36 return Status;
37 }
38
39 Status = LsarQueryInformationPolicy(PolicyHandle,
40 PolicyAccountDomainInformation,
41 &PolicyInfo);
42 if (!NT_SUCCESS(Status))
43 {
44 TRACE("LsarQueryInformationPolicy() failed (Status 0x%08lx)\n", Status);
45 goto done;
46 }
47
48 Length = RtlLengthSid(PolicyInfo->PolicyAccountDomainInfo.Sid);
49
50 *Sid = RtlAllocateHeap(RtlGetProcessHeap(), 0, Length);
51 if (*Sid == NULL)
52 {
53 ERR("Failed to allocate SID\n");
54 Status = STATUS_INSUFFICIENT_RESOURCES;
55 goto done;
56 }
57
58 memcpy(*Sid, PolicyInfo->PolicyAccountDomainInfo.Sid, Length);
59
60 done:
61 if (PolicyInfo != NULL)
62 LsaIFree_LSAPR_POLICY_INFORMATION(PolicyAccountDomainInformation,
63 PolicyInfo);
64
65 if (PolicyHandle != NULL)
66 LsarClose(&PolicyHandle);
67
68 return Status;
69 }
70
71
72 static
73 NTSTATUS
74 BuildInteractiveProfileBuffer(IN PLSA_CLIENT_REQUEST ClientRequest,
75 IN PSAMPR_USER_INFO_BUFFER UserInfo,
76 IN PUNICODE_STRING LogonServer,
77 OUT PMSV1_0_INTERACTIVE_PROFILE *ProfileBuffer,
78 OUT PULONG ProfileBufferLength)
79 {
80 PMSV1_0_INTERACTIVE_PROFILE LocalBuffer = NULL;
81 PVOID ClientBaseAddress = NULL;
82 LPWSTR Ptr;
83 ULONG BufferLength;
84 NTSTATUS Status = STATUS_SUCCESS;
85
86 *ProfileBuffer = NULL;
87 *ProfileBufferLength = 0;
88
89 BufferLength = sizeof(MSV1_0_INTERACTIVE_PROFILE) +
90 UserInfo->All.FullName.Length + sizeof(WCHAR) +
91 UserInfo->All.HomeDirectory.Length + sizeof(WCHAR) +
92 UserInfo->All.HomeDirectoryDrive.Length + sizeof(WCHAR) +
93 UserInfo->All.ScriptPath.Length + sizeof(WCHAR) +
94 UserInfo->All.ProfilePath.Length + sizeof(WCHAR) +
95 LogonServer->Length + sizeof(WCHAR);
96
97 LocalBuffer = DispatchTable.AllocateLsaHeap(BufferLength);
98 if (LocalBuffer == NULL)
99 {
100 TRACE("Failed to allocate the local buffer!\n");
101 Status = STATUS_INSUFFICIENT_RESOURCES;
102 goto done;
103 }
104
105 Status = DispatchTable.AllocateClientBuffer(ClientRequest,
106 BufferLength,
107 &ClientBaseAddress);
108 if (!NT_SUCCESS(Status))
109 {
110 TRACE("DispatchTable.AllocateClientBuffer failed (Status 0x%08lx)\n", Status);
111 goto done;
112 }
113
114 TRACE("ClientBaseAddress: %p\n", ClientBaseAddress);
115
116 Ptr = (LPWSTR)((ULONG_PTR)LocalBuffer + sizeof(MSV1_0_INTERACTIVE_PROFILE));
117
118 LocalBuffer->MessageType = MsV1_0InteractiveProfile;
119 LocalBuffer->LogonCount = UserInfo->All.LogonCount;
120 LocalBuffer->BadPasswordCount = UserInfo->All.BadPasswordCount;
121
122 LocalBuffer->LogonTime.LowPart = UserInfo->All.LastLogon.LowPart;
123 LocalBuffer->LogonTime.HighPart = UserInfo->All.LastLogon.HighPart;
124
125 // LocalBuffer->LogoffTime.LowPart =
126 // LocalBuffer->LogoffTime.HighPart =
127
128 // LocalBuffer->KickOffTime.LowPart =
129 // LocalBuffer->KickOffTime.HighPart =
130
131 LocalBuffer->PasswordLastSet.LowPart = UserInfo->All.PasswordLastSet.LowPart;
132 LocalBuffer->PasswordLastSet.HighPart = UserInfo->All.PasswordLastSet.HighPart;
133
134 LocalBuffer->PasswordCanChange.LowPart = UserInfo->All.PasswordCanChange.LowPart;
135 LocalBuffer->PasswordCanChange.HighPart = UserInfo->All.PasswordCanChange.HighPart;
136
137 LocalBuffer->PasswordMustChange.LowPart = UserInfo->All.PasswordMustChange.LowPart;
138 LocalBuffer->PasswordMustChange.HighPart = UserInfo->All.PasswordMustChange.HighPart;
139
140 LocalBuffer->LogonScript.Length = UserInfo->All.ScriptPath.Length;
141 LocalBuffer->LogonScript.MaximumLength = UserInfo->All.ScriptPath.Length + sizeof(WCHAR);
142 LocalBuffer->LogonScript.Buffer = (LPWSTR)((ULONG_PTR)ClientBaseAddress + (ULONG_PTR)Ptr - (ULONG_PTR)LocalBuffer);
143 memcpy(Ptr,
144 UserInfo->All.ScriptPath.Buffer,
145 UserInfo->All.ScriptPath.Length);
146
147 Ptr = (LPWSTR)((ULONG_PTR)Ptr + LocalBuffer->LogonScript.MaximumLength);
148
149 LocalBuffer->HomeDirectory.Length = UserInfo->All.HomeDirectory.Length;
150 LocalBuffer->HomeDirectory.MaximumLength = UserInfo->All.HomeDirectory.Length + sizeof(WCHAR);
151 LocalBuffer->HomeDirectory.Buffer = (LPWSTR)((ULONG_PTR)ClientBaseAddress + (ULONG_PTR)Ptr - (ULONG_PTR)LocalBuffer);
152 memcpy(Ptr,
153 UserInfo->All.HomeDirectory.Buffer,
154 UserInfo->All.HomeDirectory.Length);
155
156 Ptr = (LPWSTR)((ULONG_PTR)Ptr + LocalBuffer->HomeDirectory.MaximumLength);
157
158 LocalBuffer->FullName.Length = UserInfo->All.FullName.Length;
159 LocalBuffer->FullName.MaximumLength = UserInfo->All.FullName.Length + sizeof(WCHAR);
160 LocalBuffer->FullName.Buffer = (LPWSTR)((ULONG_PTR)ClientBaseAddress + (ULONG_PTR)Ptr - (ULONG_PTR)LocalBuffer);
161 memcpy(Ptr,
162 UserInfo->All.FullName.Buffer,
163 UserInfo->All.FullName.Length);
164 TRACE("FullName.Buffer: %p\n", LocalBuffer->FullName.Buffer);
165
166 Ptr = (LPWSTR)((ULONG_PTR)Ptr + LocalBuffer->FullName.MaximumLength);
167
168 LocalBuffer->ProfilePath.Length = UserInfo->All.ProfilePath.Length;
169 LocalBuffer->ProfilePath.MaximumLength = UserInfo->All.ProfilePath.Length + sizeof(WCHAR);
170 LocalBuffer->ProfilePath.Buffer = (LPWSTR)((ULONG_PTR)ClientBaseAddress + (ULONG_PTR)Ptr - (ULONG_PTR)LocalBuffer);
171 memcpy(Ptr,
172 UserInfo->All.ProfilePath.Buffer,
173 UserInfo->All.ProfilePath.Length);
174
175 Ptr = (LPWSTR)((ULONG_PTR)Ptr + LocalBuffer->ProfilePath.MaximumLength);
176
177 LocalBuffer->HomeDirectoryDrive.Length = UserInfo->All.HomeDirectoryDrive.Length;
178 LocalBuffer->HomeDirectoryDrive.MaximumLength = UserInfo->All.HomeDirectoryDrive.Length + sizeof(WCHAR);
179 LocalBuffer->HomeDirectoryDrive.Buffer = (LPWSTR)((ULONG_PTR)ClientBaseAddress + (ULONG_PTR)Ptr - (ULONG_PTR)LocalBuffer);
180 memcpy(Ptr,
181 UserInfo->All.HomeDirectoryDrive.Buffer,
182 UserInfo->All.HomeDirectoryDrive.Length);
183
184 Ptr = (LPWSTR)((ULONG_PTR)Ptr + LocalBuffer->HomeDirectoryDrive.MaximumLength);
185
186 LocalBuffer->LogonServer.Length = LogonServer->Length;
187 LocalBuffer->LogonServer.MaximumLength = LogonServer->Length + sizeof(WCHAR);
188 LocalBuffer->LogonServer.Buffer = (LPWSTR)((ULONG_PTR)ClientBaseAddress + (ULONG_PTR)Ptr - (ULONG_PTR)LocalBuffer);;
189 memcpy(Ptr,
190 LogonServer->Buffer,
191 LogonServer->Length);
192
193 LocalBuffer->UserFlags = 0;
194
195 Status = DispatchTable.CopyToClientBuffer(ClientRequest,
196 BufferLength,
197 ClientBaseAddress,
198 LocalBuffer);
199 if (!NT_SUCCESS(Status))
200 {
201 TRACE("DispatchTable.CopyToClientBuffer failed (Status 0x%08lx)\n", Status);
202 goto done;
203 }
204
205 *ProfileBuffer = (PMSV1_0_INTERACTIVE_PROFILE)ClientBaseAddress;
206 *ProfileBufferLength = BufferLength;
207
208 done:
209 if (LocalBuffer != NULL)
210 DispatchTable.FreeLsaHeap(LocalBuffer);
211
212 if (!NT_SUCCESS(Status))
213 {
214 if (ClientBaseAddress != NULL)
215 DispatchTable.FreeClientBuffer(ClientRequest,
216 ClientBaseAddress);
217 }
218
219 return Status;
220 }
221
222
223 static
224 PSID
225 AppendRidToSid(PSID SrcSid,
226 ULONG Rid)
227 {
228 PSID DstSid = NULL;
229 UCHAR RidCount;
230
231 RidCount = *RtlSubAuthorityCountSid(SrcSid);
232 if (RidCount >= 8)
233 return NULL;
234
235 DstSid = DispatchTable.AllocateLsaHeap(RtlLengthRequiredSid(RidCount + 1));
236 if (DstSid == NULL)
237 return NULL;
238
239 RtlCopyMemory(DstSid,
240 SrcSid,
241 RtlLengthRequiredSid(RidCount));
242
243 *RtlSubAuthorityCountSid(DstSid) = RidCount + 1;
244 *RtlSubAuthoritySid(DstSid, RidCount) = Rid;
245
246 return DstSid;
247 }
248
249 static
250 NTSTATUS
251 BuildTokenUser(OUT PTOKEN_USER User,
252 IN PSID AccountDomainSid,
253 IN ULONG RelativeId)
254 {
255 User->User.Sid = AppendRidToSid(AccountDomainSid,
256 RelativeId);
257 if (User->User.Sid == NULL)
258 {
259 ERR("Could not create the user SID\n");
260 return STATUS_UNSUCCESSFUL;
261 }
262
263 User->User.Attributes = 0;
264
265 return STATUS_SUCCESS;
266 }
267
268
269 static
270 NTSTATUS
271 BuildTokenGroups(IN PSID AccountDomainSid,
272 IN PLUID LogonId,
273 OUT PTOKEN_GROUPS *Groups,
274 OUT PSID *PrimaryGroupSid)
275 {
276 SID_IDENTIFIER_AUTHORITY SystemAuthority = {SECURITY_NT_AUTHORITY};
277 PTOKEN_GROUPS TokenGroups;
278 #define MAX_GROUPS 4
279 DWORD GroupCount = 0;
280 PSID Sid;
281 NTSTATUS Status = STATUS_SUCCESS;
282
283 TokenGroups = DispatchTable.AllocateLsaHeap(sizeof(TOKEN_GROUPS) +
284 MAX_GROUPS * sizeof(SID_AND_ATTRIBUTES));
285 if (TokenGroups == NULL)
286 {
287 return STATUS_INSUFFICIENT_RESOURCES;
288 }
289
290 Sid = AppendRidToSid(AccountDomainSid, DOMAIN_GROUP_RID_USERS);
291 if (Sid == NULL)
292 {
293
294 }
295
296 /* Member of the domain */
297 TokenGroups->Groups[GroupCount].Sid = Sid;
298 TokenGroups->Groups[GroupCount].Attributes =
299 SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
300 *PrimaryGroupSid = Sid;
301 GroupCount++;
302
303
304 #if 1
305 /* Member of 'Administrators' */
306 RtlAllocateAndInitializeSid(&SystemAuthority,
307 2,
308 SECURITY_BUILTIN_DOMAIN_RID,
309 DOMAIN_ALIAS_RID_ADMINS,
310 SECURITY_NULL_RID,
311 SECURITY_NULL_RID,
312 SECURITY_NULL_RID,
313 SECURITY_NULL_RID,
314 SECURITY_NULL_RID,
315 SECURITY_NULL_RID,
316 &Sid);
317 TokenGroups->Groups[GroupCount].Sid = Sid;
318 TokenGroups->Groups[GroupCount].Attributes =
319 SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
320 GroupCount++;
321 #else
322 TRACE("Not adding user to Administrators group\n");
323 #endif
324
325 /* Member of 'Users' */
326 RtlAllocateAndInitializeSid(&SystemAuthority,
327 2,
328 SECURITY_BUILTIN_DOMAIN_RID,
329 DOMAIN_ALIAS_RID_USERS,
330 SECURITY_NULL_RID,
331 SECURITY_NULL_RID,
332 SECURITY_NULL_RID,
333 SECURITY_NULL_RID,
334 SECURITY_NULL_RID,
335 SECURITY_NULL_RID,
336 &Sid);
337 TokenGroups->Groups[GroupCount].Sid = Sid;
338 TokenGroups->Groups[GroupCount].Attributes =
339 SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
340 GroupCount++;
341
342
343 /* Member of 'Authenticated users' */
344 RtlAllocateAndInitializeSid(&SystemAuthority,
345 1,
346 SECURITY_AUTHENTICATED_USER_RID,
347 SECURITY_NULL_RID,
348 SECURITY_NULL_RID,
349 SECURITY_NULL_RID,
350 SECURITY_NULL_RID,
351 SECURITY_NULL_RID,
352 SECURITY_NULL_RID,
353 SECURITY_NULL_RID,
354 &Sid);
355 TokenGroups->Groups[GroupCount].Sid = Sid;
356 TokenGroups->Groups[GroupCount].Attributes =
357 SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
358 GroupCount++;
359
360 TokenGroups->GroupCount = GroupCount;
361 ASSERT(TokenGroups->GroupCount <= MAX_GROUPS);
362
363 *Groups = TokenGroups;
364
365 return Status;
366 }
367
368
369 static
370 NTSTATUS
371 BuildTokenPrimaryGroup(PTOKEN_PRIMARY_GROUP PrimaryGroup,
372 PSID PrimaryGroupSid)
373 {
374 ULONG RidCount;
375 ULONG Size;
376
377 RidCount = *RtlSubAuthorityCountSid(PrimaryGroupSid);
378 Size = RtlLengthRequiredSid(RidCount);
379
380 PrimaryGroup->PrimaryGroup = DispatchTable.AllocateLsaHeap(Size);
381 if (PrimaryGroup->PrimaryGroup == NULL)
382 {
383 return STATUS_INSUFFICIENT_RESOURCES;
384 }
385
386 RtlCopyMemory(PrimaryGroup->PrimaryGroup,
387 PrimaryGroupSid,
388 Size);
389
390 return STATUS_SUCCESS;
391 }
392
393 static
394 NTSTATUS
395 BuildTokenPrivileges(PTOKEN_PRIVILEGES *TokenPrivileges)
396 {
397 /* FIXME shouldn't use hard-coded list of privileges */
398 static struct
399 {
400 LPCWSTR PrivName;
401 DWORD Attributes;
402 }
403 DefaultPrivs[] =
404 {
405 { L"SeMachineAccountPrivilege", 0 },
406 { L"SeSecurityPrivilege", 0 },
407 { L"SeTakeOwnershipPrivilege", 0 },
408 { L"SeLoadDriverPrivilege", 0 },
409 { L"SeSystemProfilePrivilege", 0 },
410 { L"SeSystemtimePrivilege", 0 },
411 { L"SeProfileSingleProcessPrivilege", 0 },
412 { L"SeIncreaseBasePriorityPrivilege", 0 },
413 { L"SeCreatePagefilePrivilege", 0 },
414 { L"SeBackupPrivilege", 0 },
415 { L"SeRestorePrivilege", 0 },
416 { L"SeShutdownPrivilege", 0 },
417 { L"SeDebugPrivilege", 0 },
418 { L"SeSystemEnvironmentPrivilege", 0 },
419 { L"SeChangeNotifyPrivilege", SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
420 { L"SeRemoteShutdownPrivilege", 0 },
421 { L"SeUndockPrivilege", 0 },
422 { L"SeEnableDelegationPrivilege", 0 },
423 { L"SeImpersonatePrivilege", SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
424 { L"SeCreateGlobalPrivilege", SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT }
425 };
426 PTOKEN_PRIVILEGES Privileges = NULL;
427 ULONG i;
428 RPC_UNICODE_STRING PrivilegeName;
429 LSAPR_HANDLE PolicyHandle = NULL;
430 NTSTATUS Status = STATUS_SUCCESS;
431
432 Status = LsaIOpenPolicyTrusted(&PolicyHandle);
433 if (!NT_SUCCESS(Status))
434 {
435 goto done;
436 }
437
438 /* Allocate and initialize token privileges */
439 Privileges = DispatchTable.AllocateLsaHeap(sizeof(TOKEN_PRIVILEGES) +
440 sizeof(DefaultPrivs) / sizeof(DefaultPrivs[0]) *
441 sizeof(LUID_AND_ATTRIBUTES));
442 if (Privileges == NULL)
443 {
444 Status = STATUS_INSUFFICIENT_RESOURCES;
445 goto done;
446 }
447
448 Privileges->PrivilegeCount = 0;
449 for (i = 0; i < sizeof(DefaultPrivs) / sizeof(DefaultPrivs[0]); i++)
450 {
451 PrivilegeName.Length = wcslen(DefaultPrivs[i].PrivName) * sizeof(WCHAR);
452 PrivilegeName.MaximumLength = PrivilegeName.Length + sizeof(WCHAR);
453 PrivilegeName.Buffer = (LPWSTR)DefaultPrivs[i].PrivName;
454
455 Status = LsarLookupPrivilegeValue(PolicyHandle,
456 &PrivilegeName,
457 &Privileges->Privileges[Privileges->PrivilegeCount].Luid);
458 if (!NT_SUCCESS(Status))
459 {
460 WARN("Can't set privilege %S\n", DefaultPrivs[i].PrivName);
461 }
462 else
463 {
464 Privileges->Privileges[Privileges->PrivilegeCount].Attributes = DefaultPrivs[i].Attributes;
465 Privileges->PrivilegeCount++;
466 }
467 }
468
469 *TokenPrivileges = Privileges;
470
471 done:
472 if (PolicyHandle != NULL)
473 LsarClose(&PolicyHandle);
474
475 return Status;
476 }
477
478
479 static
480 NTSTATUS
481 BuildTokenInformationBuffer(PLSA_TOKEN_INFORMATION_V1 *TokenInformation,
482 PRPC_SID AccountDomainSid,
483 ULONG RelativeId,
484 PLUID LogonId)
485 {
486 PLSA_TOKEN_INFORMATION_V1 Buffer = NULL;
487 PSID PrimaryGroupSid = NULL;
488 ULONG i;
489 NTSTATUS Status = STATUS_SUCCESS;
490
491 Buffer = DispatchTable.AllocateLsaHeap(sizeof(LSA_TOKEN_INFORMATION_V1));
492 if (Buffer == NULL)
493 {
494 TRACE("Failed to allocate the local buffer!\n");
495 Status = STATUS_INSUFFICIENT_RESOURCES;
496 goto done;
497 }
498
499 /* FIXME: */
500 Buffer->ExpirationTime.QuadPart = -1;
501
502 Status = BuildTokenUser(&Buffer->User,
503 (PSID)AccountDomainSid,
504 RelativeId);
505 if (!NT_SUCCESS(Status))
506 goto done;
507
508 Status = BuildTokenGroups((PSID)AccountDomainSid,
509 LogonId,
510 &Buffer->Groups,
511 &PrimaryGroupSid);
512 if (!NT_SUCCESS(Status))
513 goto done;
514
515 Status = BuildTokenPrimaryGroup(&Buffer->PrimaryGroup,
516 PrimaryGroupSid);
517 if (!NT_SUCCESS(Status))
518 goto done;
519
520 Status = BuildTokenPrivileges(&Buffer->Privileges);
521 if (!NT_SUCCESS(Status))
522 goto done;
523
524 *TokenInformation = Buffer;
525
526 done:
527 if (!NT_SUCCESS(Status))
528 {
529 if (Buffer != NULL)
530 {
531 if (Buffer->User.User.Sid != NULL)
532 DispatchTable.FreeLsaHeap(Buffer->User.User.Sid);
533
534 if (Buffer->Groups != NULL)
535 {
536 for (i = 0; i < Buffer->Groups->GroupCount; i++)
537 {
538 if (Buffer->Groups->Groups[i].Sid != NULL)
539 DispatchTable.FreeLsaHeap(Buffer->Groups->Groups[i].Sid);
540 }
541
542 DispatchTable.FreeLsaHeap(Buffer->Groups);
543 }
544
545 if (Buffer->PrimaryGroup.PrimaryGroup != NULL)
546 DispatchTable.FreeLsaHeap(Buffer->PrimaryGroup.PrimaryGroup);
547
548 if (Buffer->Privileges != NULL)
549 DispatchTable.FreeLsaHeap(Buffer->Privileges);
550
551 if (Buffer->DefaultDacl.DefaultDacl != NULL)
552 DispatchTable.FreeLsaHeap(Buffer->DefaultDacl.DefaultDacl);
553
554 DispatchTable.FreeLsaHeap(Buffer);
555 }
556 }
557
558 return Status;
559 }
560
561
562 static
563 NTSTATUS
564 MsvpChangePassword(IN PLSA_CLIENT_REQUEST ClientRequest,
565 IN PVOID ProtocolSubmitBuffer,
566 IN PVOID ClientBufferBase,
567 IN ULONG SubmitBufferLength,
568 OUT PVOID *ProtocolReturnBuffer,
569 OUT PULONG ReturnBufferLength,
570 OUT PNTSTATUS ProtocolStatus)
571 {
572 PMSV1_0_CHANGEPASSWORD_REQUEST RequestBuffer;
573 ULONG_PTR PtrOffset;
574
575 TRACE("()\n");
576
577 RequestBuffer = (PMSV1_0_CHANGEPASSWORD_REQUEST)ProtocolSubmitBuffer;
578
579 /* Fix-up pointers in the request buffer info */
580 PtrOffset = (ULONG_PTR)ProtocolSubmitBuffer - (ULONG_PTR)ClientBufferBase;
581
582 RequestBuffer->DomainName.Buffer = FIXUP_POINTER(RequestBuffer->DomainName.Buffer, PtrOffset);
583 RequestBuffer->AccountName.Buffer = FIXUP_POINTER(RequestBuffer->AccountName.Buffer, PtrOffset);
584 RequestBuffer->OldPassword.Buffer = FIXUP_POINTER(RequestBuffer->OldPassword.Buffer, PtrOffset);
585 RequestBuffer->NewPassword.Buffer = FIXUP_POINTER(RequestBuffer->NewPassword.Buffer, PtrOffset);
586
587 TRACE("Domain: %S\n", RequestBuffer->DomainName.Buffer);
588 TRACE("Account: %S\n", RequestBuffer->AccountName.Buffer);
589 TRACE("Old Password: %S\n", RequestBuffer->OldPassword.Buffer);
590 TRACE("New Password: %S\n", RequestBuffer->NewPassword.Buffer);
591
592
593 return STATUS_SUCCESS;
594 }
595
596
597 static
598 NTSTATUS
599 MsvpCheckPassword(PUNICODE_STRING UserPassword,
600 PSAMPR_USER_INFO_BUFFER UserInfo)
601 {
602 ENCRYPTED_NT_OWF_PASSWORD UserNtPassword;
603 ENCRYPTED_LM_OWF_PASSWORD UserLmPassword;
604 BOOLEAN UserLmPasswordPresent = FALSE;
605 BOOLEAN UserNtPasswordPresent = FALSE;
606 OEM_STRING LmPwdString;
607 CHAR LmPwdBuffer[15];
608 NTSTATUS Status;
609
610 TRACE("(%p %p)\n", UserPassword, UserInfo);
611
612 /* Calculate the LM password and hash for the users password */
613 LmPwdString.Length = 15;
614 LmPwdString.MaximumLength = 15;
615 LmPwdString.Buffer = LmPwdBuffer;
616 ZeroMemory(LmPwdString.Buffer, LmPwdString.MaximumLength);
617
618 Status = RtlUpcaseUnicodeStringToOemString(&LmPwdString,
619 UserPassword,
620 FALSE);
621 if (NT_SUCCESS(Status))
622 {
623 /* Calculate the LM hash value of the users password */
624 Status = SystemFunction006(LmPwdString.Buffer,
625 (LPSTR)&UserLmPassword);
626 if (NT_SUCCESS(Status))
627 {
628 UserLmPasswordPresent = TRUE;
629 }
630 }
631
632 /* Calculate the NT hash of the users password */
633 Status = SystemFunction007(UserPassword,
634 (LPBYTE)&UserNtPassword);
635 if (NT_SUCCESS(Status))
636 {
637 UserNtPasswordPresent = TRUE;
638 }
639
640 Status = STATUS_WRONG_PASSWORD;
641
642 /* Succeed, if no password has been set */
643 if (UserInfo->All.NtPasswordPresent == FALSE &&
644 UserInfo->All.LmPasswordPresent == FALSE)
645 {
646 TRACE("No password check!\n");
647 Status = STATUS_SUCCESS;
648 goto done;
649 }
650
651 /* Succeed, if NT password matches */
652 if (UserNtPasswordPresent && UserInfo->All.NtPasswordPresent)
653 {
654 TRACE("Check NT password hashes:\n");
655 if (RtlEqualMemory(&UserNtPassword,
656 UserInfo->All.NtOwfPassword.Buffer,
657 sizeof(ENCRYPTED_NT_OWF_PASSWORD)))
658 {
659 TRACE(" success!\n");
660 Status = STATUS_SUCCESS;
661 goto done;
662 }
663
664 TRACE(" failed!\n");
665 }
666
667 /* Succeed, if LM password matches */
668 if (UserLmPasswordPresent && UserInfo->All.LmPasswordPresent)
669 {
670 TRACE("Check LM password hashes:\n");
671 if (RtlEqualMemory(&UserLmPassword,
672 UserInfo->All.LmOwfPassword.Buffer,
673 sizeof(ENCRYPTED_LM_OWF_PASSWORD)))
674 {
675 TRACE(" success!\n");
676 Status = STATUS_SUCCESS;
677 goto done;
678 }
679 TRACE(" failed!\n");
680 }
681
682 done:
683 return Status;
684 }
685
686
687 /*
688 * @unimplemented
689 */
690 NTSTATUS
691 NTAPI
692 LsaApCallPackage(IN PLSA_CLIENT_REQUEST ClientRequest,
693 IN PVOID ProtocolSubmitBuffer,
694 IN PVOID ClientBufferBase,
695 IN ULONG SubmitBufferLength,
696 OUT PVOID *ProtocolReturnBuffer,
697 OUT PULONG ReturnBufferLength,
698 OUT PNTSTATUS ProtocolStatus)
699 {
700 ULONG MessageType;
701 NTSTATUS Status;
702
703 TRACE("()\n");
704
705 if (SubmitBufferLength < sizeof(MSV1_0_PROTOCOL_MESSAGE_TYPE))
706 return STATUS_INVALID_PARAMETER;
707
708 MessageType = (ULONG)*((PMSV1_0_PROTOCOL_MESSAGE_TYPE)ProtocolSubmitBuffer);
709
710 *ProtocolReturnBuffer = NULL;
711 *ReturnBufferLength = 0;
712
713 switch (MessageType)
714 {
715 case MsV1_0Lm20ChallengeRequest:
716 case MsV1_0Lm20GetChallengeResponse:
717 case MsV1_0EnumerateUsers:
718 case MsV1_0GetUserInfo:
719 case MsV1_0ReLogonUsers:
720 Status = STATUS_NOT_IMPLEMENTED;
721 break;
722
723 case MsV1_0ChangePassword:
724 Status = MsvpChangePassword(ClientRequest,
725 ProtocolSubmitBuffer,
726 ClientBufferBase,
727 SubmitBufferLength,
728 ProtocolReturnBuffer,
729 ReturnBufferLength,
730 ProtocolStatus);
731 break;
732
733 case MsV1_0ChangeCachedPassword:
734 case MsV1_0GenericPassthrough:
735 case MsV1_0CacheLogon:
736 case MsV1_0SubAuth:
737 case MsV1_0DeriveCredential:
738 case MsV1_0CacheLookup:
739 Status = STATUS_NOT_IMPLEMENTED;
740 break;
741
742 default:
743 return STATUS_INVALID_PARAMETER;
744 }
745
746 return Status;
747 }
748
749
750 /*
751 * @unimplemented
752 */
753 NTSTATUS
754 NTAPI
755 LsaApCallPackagePassthrough(IN PLSA_CLIENT_REQUEST ClientRequest,
756 IN PVOID ProtocolSubmitBuffer,
757 IN PVOID ClientBufferBase,
758 IN ULONG SubmitBufferLength,
759 OUT PVOID *ProtocolReturnBuffer,
760 OUT PULONG ReturnBufferLength,
761 OUT PNTSTATUS ProtocolStatus)
762 {
763 TRACE("()\n");
764 return STATUS_NOT_IMPLEMENTED;
765 }
766
767
768 /*
769 * @unimplemented
770 */
771 NTSTATUS
772 NTAPI
773 LsaApCallPackageUntrusted(IN PLSA_CLIENT_REQUEST ClientRequest,
774 IN PVOID ProtocolSubmitBuffer,
775 IN PVOID ClientBufferBase,
776 IN ULONG SubmitBufferLength,
777 OUT PVOID *ProtocolReturnBuffer,
778 OUT PULONG ReturnBufferLength,
779 OUT PNTSTATUS ProtocolStatus)
780 {
781 TRACE("()\n");
782 return STATUS_NOT_IMPLEMENTED;
783 }
784
785
786 /*
787 * @unimplemented
788 */
789 NTSTATUS
790 NTAPI
791 LsaApInitializePackage(IN ULONG AuthenticationPackageId,
792 IN PLSA_DISPATCH_TABLE LsaDispatchTable,
793 IN PLSA_STRING Database OPTIONAL,
794 IN PLSA_STRING Confidentiality OPTIONAL,
795 OUT PLSA_STRING *AuthenticationPackageName)
796 {
797 PANSI_STRING NameString;
798 PCHAR NameBuffer;
799
800 TRACE("(%lu %p %p %p %p)\n",
801 AuthenticationPackageId, LsaDispatchTable, Database,
802 Confidentiality, AuthenticationPackageName);
803
804 /* Get the dispatch table entries */
805 DispatchTable.CreateLogonSession = LsaDispatchTable->CreateLogonSession;
806 DispatchTable.DeleteLogonSession = LsaDispatchTable->DeleteLogonSession;
807 DispatchTable.AddCredential = LsaDispatchTable->AddCredential;
808 DispatchTable.GetCredentials = LsaDispatchTable->GetCredentials;
809 DispatchTable.DeleteCredential = LsaDispatchTable->DeleteCredential;
810 DispatchTable.AllocateLsaHeap = LsaDispatchTable->AllocateLsaHeap;
811 DispatchTable.FreeLsaHeap = LsaDispatchTable->FreeLsaHeap;
812 DispatchTable.AllocateClientBuffer = LsaDispatchTable->AllocateClientBuffer;
813 DispatchTable.FreeClientBuffer = LsaDispatchTable->FreeClientBuffer;
814 DispatchTable.CopyToClientBuffer = LsaDispatchTable->CopyToClientBuffer;
815 DispatchTable.CopyFromClientBuffer = LsaDispatchTable->CopyFromClientBuffer;
816
817 /* Return the package name */
818 NameString = DispatchTable.AllocateLsaHeap(sizeof(LSA_STRING));
819 if (NameString == NULL)
820 return STATUS_INSUFFICIENT_RESOURCES;
821
822 NameBuffer = DispatchTable.AllocateLsaHeap(sizeof(MSV1_0_PACKAGE_NAME));
823 if (NameBuffer == NULL)
824 {
825 DispatchTable.FreeLsaHeap(NameString);
826 return STATUS_INSUFFICIENT_RESOURCES;
827 }
828
829 strcpy(NameBuffer, MSV1_0_PACKAGE_NAME);
830
831 RtlInitAnsiString(NameString, NameBuffer);
832
833 *AuthenticationPackageName = (PLSA_STRING)NameString;
834
835 return STATUS_SUCCESS;
836 }
837
838
839 /*
840 * @unimplemented
841 */
842 VOID
843 NTAPI
844 LsaApLogonTerminated(IN PLUID LogonId)
845 {
846 TRACE("()\n");
847 }
848
849
850 /*
851 * @unimplemented
852 */
853 NTSTATUS
854 NTAPI
855 LsaApLogonUser(IN PLSA_CLIENT_REQUEST ClientRequest,
856 IN SECURITY_LOGON_TYPE LogonType,
857 IN PVOID AuthenticationInformation,
858 IN PVOID ClientAuthenticationBase,
859 IN ULONG AuthenticationInformationLength,
860 OUT PVOID *ProfileBuffer,
861 OUT PULONG ProfileBufferLength,
862 OUT PLUID LogonId,
863 OUT PNTSTATUS SubStatus,
864 OUT PLSA_TOKEN_INFORMATION_TYPE TokenInformationType,
865 OUT PVOID *TokenInformation,
866 OUT PLSA_UNICODE_STRING *AccountName,
867 OUT PLSA_UNICODE_STRING *AuthenticatingAuthority)
868 {
869 PMSV1_0_INTERACTIVE_LOGON LogonInfo;
870
871 SAMPR_HANDLE ServerHandle = NULL;
872 SAMPR_HANDLE DomainHandle = NULL;
873 SAMPR_HANDLE UserHandle = NULL;
874 PRPC_SID AccountDomainSid = NULL;
875 RPC_UNICODE_STRING Names[1];
876 SAMPR_ULONG_ARRAY RelativeIds = {0, NULL};
877 SAMPR_ULONG_ARRAY Use = {0, NULL};
878 PSAMPR_USER_INFO_BUFFER UserInfo = NULL;
879 UNICODE_STRING LogonServer;
880 BOOLEAN SessionCreated = FALSE;
881 NTSTATUS Status;
882
883 TRACE("()\n");
884
885 TRACE("LogonType: %lu\n", LogonType);
886 TRACE("AuthenticationInformation: %p\n", AuthenticationInformation);
887 TRACE("AuthenticationInformationLength: %lu\n", AuthenticationInformationLength);
888
889 *ProfileBuffer = NULL;
890 *ProfileBufferLength = 0;
891 *SubStatus = STATUS_SUCCESS;
892
893 if (LogonType == Interactive ||
894 LogonType == Batch ||
895 LogonType == Service)
896 {
897 ULONG_PTR PtrOffset;
898
899 LogonInfo = (PMSV1_0_INTERACTIVE_LOGON)AuthenticationInformation;
900
901 /* Fix-up pointers in the authentication info */
902 PtrOffset = (ULONG_PTR)AuthenticationInformation - (ULONG_PTR)ClientAuthenticationBase;
903
904 LogonInfo->LogonDomainName.Buffer = FIXUP_POINTER(LogonInfo->LogonDomainName.Buffer, PtrOffset);
905 LogonInfo->UserName.Buffer = FIXUP_POINTER(LogonInfo->UserName.Buffer, PtrOffset);
906 LogonInfo->Password.Buffer = FIXUP_POINTER(LogonInfo->Password.Buffer, PtrOffset);
907
908 TRACE("Domain: %S\n", LogonInfo->LogonDomainName.Buffer);
909 TRACE("User: %S\n", LogonInfo->UserName.Buffer);
910 TRACE("Password: %S\n", LogonInfo->Password.Buffer);
911
912 RtlInitUnicodeString(&LogonServer, L"Testserver");
913 }
914 else
915 {
916 FIXME("LogonType %lu is not supported yet!\n", LogonType);
917 return STATUS_NOT_IMPLEMENTED;
918 }
919
920 Status = GetDomainSid(&AccountDomainSid);
921 if (!NT_SUCCESS(Status))
922 {
923 TRACE("GetDomainSid() failed (Status 0x%08lx)\n", Status);
924 return Status;
925 }
926
927 /* Connect to the SAM server */
928 Status = SamIConnect(NULL,
929 &ServerHandle,
930 SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN,
931 TRUE);
932 if (!NT_SUCCESS(Status))
933 {
934 TRACE("SamIConnect() failed (Status 0x%08lx)\n", Status);
935 goto done;
936 }
937
938 /* Open the account domain */
939 Status = SamrOpenDomain(ServerHandle,
940 DOMAIN_LOOKUP,
941 AccountDomainSid,
942 &DomainHandle);
943 if (!NT_SUCCESS(Status))
944 {
945 TRACE("SamrOpenDomain failed (Status %08lx)\n", Status);
946 goto done;
947 }
948
949 Names[0].Length = LogonInfo->UserName.Length;
950 Names[0].MaximumLength = LogonInfo->UserName.MaximumLength;
951 Names[0].Buffer = LogonInfo->UserName.Buffer;
952
953 /* Try to get the RID for the user name */
954 Status = SamrLookupNamesInDomain(DomainHandle,
955 1,
956 Names,
957 &RelativeIds,
958 &Use);
959 if (!NT_SUCCESS(Status))
960 {
961 TRACE("SamrLookupNamesInDomain failed (Status %08lx)\n", Status);
962 Status = STATUS_NO_SUCH_USER;
963 goto done;
964 }
965
966 /* Fail, if it is not a user account */
967 if (Use.Element[0] != SidTypeUser)
968 {
969 TRACE("Account is not a user account!\n");
970 Status = STATUS_NO_SUCH_USER;
971 goto done;
972 }
973
974 /* Open the user object */
975 Status = SamrOpenUser(DomainHandle,
976 USER_READ_GENERAL | USER_READ_LOGON |
977 USER_READ_ACCOUNT | USER_READ_PREFERENCES, /* FIXME */
978 RelativeIds.Element[0],
979 &UserHandle);
980 if (!NT_SUCCESS(Status))
981 {
982 TRACE("SamrOpenUser failed (Status %08lx)\n", Status);
983 goto done;
984 }
985
986 Status = SamrQueryInformationUser(UserHandle,
987 UserAllInformation,
988 &UserInfo);
989 if (!NT_SUCCESS(Status))
990 {
991 TRACE("SamrQueryInformationUser failed (Status %08lx)\n", Status);
992 goto done;
993 }
994
995
996 TRACE("UserName: %S\n", UserInfo->All.UserName.Buffer);
997
998 /* FIXME: Check restrictions */
999
1000 /* Check the password */
1001 if ((UserInfo->All.UserAccountControl & USER_PASSWORD_NOT_REQUIRED) == 0)
1002 {
1003 Status = MsvpCheckPassword(&(LogonInfo->Password),
1004 UserInfo);
1005 if (!NT_SUCCESS(Status))
1006 {
1007 TRACE("MsvpCheckPassword failed (Status %08lx)\n", Status);
1008 goto done;
1009 }
1010 }
1011
1012 /* Return logon information */
1013
1014 /* Create and return a new logon id */
1015 Status = NtAllocateLocallyUniqueId(LogonId);
1016 if (!NT_SUCCESS(Status))
1017 {
1018 TRACE("NtAllocateLocallyUniqueId failed (Status %08lx)\n", Status);
1019 goto done;
1020 }
1021
1022 /* Create the logon session */
1023 Status = DispatchTable.CreateLogonSession(LogonId);
1024 if (!NT_SUCCESS(Status))
1025 {
1026 TRACE("CreateLogonSession failed (Status %08lx)\n", Status);
1027 goto done;
1028 }
1029
1030 SessionCreated = TRUE;
1031
1032 /* Build and fill the interactve profile buffer */
1033 Status = BuildInteractiveProfileBuffer(ClientRequest,
1034 UserInfo,
1035 &LogonServer,
1036 (PMSV1_0_INTERACTIVE_PROFILE*)ProfileBuffer,
1037 ProfileBufferLength);
1038 if (!NT_SUCCESS(Status))
1039 {
1040 TRACE("BuildInteractiveProfileBuffer failed (Status %08lx)\n", Status);
1041 goto done;
1042 }
1043
1044 /* Return the token information type */
1045 *TokenInformationType = LsaTokenInformationV1;
1046
1047 /* Build and fill the token information buffer */
1048 Status = BuildTokenInformationBuffer((PLSA_TOKEN_INFORMATION_V1*)TokenInformation,
1049 AccountDomainSid,
1050 RelativeIds.Element[0],
1051 LogonId);
1052 if (!NT_SUCCESS(Status))
1053 {
1054 TRACE("BuildTokenInformationBuffer failed (Status %08lx)\n", Status);
1055 goto done;
1056 }
1057
1058 done:
1059 /* Return the account name */
1060 *AccountName = DispatchTable.AllocateLsaHeap(sizeof(UNICODE_STRING));
1061 if (*AccountName != NULL)
1062 {
1063 (*AccountName)->Buffer = DispatchTable.AllocateLsaHeap(LogonInfo->UserName.Length +
1064 sizeof(UNICODE_NULL));
1065 if ((*AccountName)->Buffer != NULL)
1066 {
1067 (*AccountName)->MaximumLength = LogonInfo->UserName.Length +
1068 sizeof(UNICODE_NULL);
1069 RtlCopyUnicodeString(*AccountName, &LogonInfo->UserName);
1070 }
1071 }
1072
1073 if (!NT_SUCCESS(Status))
1074 {
1075 if (SessionCreated == TRUE)
1076 DispatchTable.DeleteLogonSession(LogonId);
1077
1078 if (*ProfileBuffer != NULL)
1079 {
1080 DispatchTable.FreeClientBuffer(ClientRequest,
1081 *ProfileBuffer);
1082 *ProfileBuffer = NULL;
1083 }
1084 }
1085
1086 if (UserHandle != NULL)
1087 SamrCloseHandle(&UserHandle);
1088
1089 SamIFree_SAMPR_USER_INFO_BUFFER(UserInfo,
1090 UserAllInformation);
1091 SamIFree_SAMPR_ULONG_ARRAY(&RelativeIds);
1092 SamIFree_SAMPR_ULONG_ARRAY(&Use);
1093
1094 if (DomainHandle != NULL)
1095 SamrCloseHandle(&DomainHandle);
1096
1097 if (ServerHandle != NULL)
1098 SamrCloseHandle(&ServerHandle);
1099
1100 if (AccountDomainSid != NULL)
1101 RtlFreeHeap(RtlGetProcessHeap(), 0, AccountDomainSid);
1102
1103 if (Status == STATUS_NO_SUCH_USER ||
1104 Status == STATUS_WRONG_PASSWORD)
1105 {
1106 *SubStatus = Status;
1107 Status = STATUS_LOGON_FAILURE;
1108 }
1109
1110 TRACE("LsaApLogonUser done (Status %08lx)\n", Status);
1111
1112 return Status;
1113 }
1114
1115
1116 /*
1117 * @unimplemented
1118 */
1119 #if 0
1120 NTSTATUS
1121 NTAPI
1122 LsaApLogonUserEx(IN PLSA_CLIENT_REQUEST ClientRequest,
1123 IN SECURITY_LOGON_TYPE LogonType,
1124 IN PVOID AuthenticationInformation,
1125 IN PVOID ClientAuthenticationBase,
1126 IN ULONG AuthenticationInformationLength,
1127 OUT PVOID *ProfileBuffer,
1128 OUT PULONG ProfileBufferLength,
1129 OUT PLUID LogonId,
1130 OUT PNTSTATUS SubStatus,
1131 OUT PLSA_TOKEN_INFORMATION_TYPE TokenInformationType,
1132 OUT PVOID *TokenInformation,
1133 OUT PUNICODE_STRING *AccountName,
1134 OUT PUNICODE_STRING *AuthenticatingAuthority,
1135 OUT PUNICODE_STRING *MachineName)
1136 {
1137 TRACE("()\n");
1138
1139 TRACE("LogonType: %lu\n", LogonType);
1140 TRACE("AuthenticationInformation: %p\n", AuthenticationInformation);
1141 TRACE("AuthenticationInformationLength: %lu\n", AuthenticationInformationLength);
1142
1143 return STATUS_NOT_IMPLEMENTED;
1144 }
1145
1146
1147 /*
1148 * @unimplemented
1149 */
1150 NTSTATUS
1151 NTAPI
1152 LsaApLogonUserEx2(IN PLSA_CLIENT_REQUEST ClientRequest,
1153 IN SECURITY_LOGON_TYPE LogonType,
1154 IN PVOID ProtocolSubmitBuffer,
1155 IN PVOID ClientBufferBase,
1156 IN ULONG SubmitBufferSize,
1157 OUT PVOID *ProfileBuffer,
1158 OUT PULONG ProfileBufferSize,
1159 OUT PLUID LogonId,
1160 OUT PNTSTATUS SubStatus,
1161 OUT PLSA_TOKEN_INFORMATION_TYPE TokenInformationType,
1162 OUT PVOID *TokenInformation,
1163 OUT PUNICODE_STRING *AccountName,
1164 OUT PUNICODE_STRING *AuthenticatingAuthority,
1165 OUT PUNICODE_STRING *MachineName,
1166 OUT PSECPKG_PRIMARY_CRED PrimaryCredentials,
1167 OUT PSECPKG_SUPPLEMENTAL_CRED_ARRAY *SupplementalCredentials)
1168 {
1169 TRACE("()\n");
1170
1171 TRACE("LogonType: %lu\n", LogonType);
1172 TRACE("ProtocolSubmitBuffer: %p\n", ProtocolSubmitBuffer);
1173 TRACE("SubmitBufferSize: %lu\n", SubmitBufferSize);
1174
1175
1176 return STATUS_NOT_IMPLEMENTED;
1177 }
1178 #endif
1179
1180 /* EOF */
A free Windows-compatible Operating System