2 * PROJECT: Authentication Package DLL
3 * LICENSE: GPL - See COPYING in the top level directory
4 * FILE: dll/win32/msv1_0/msv1_0.c
6 * COPYRIGHT: Copyright 2013 Eric Kohl
9 /* INCLUDES ****************************************************************/
13 WINE_DEFAULT_DEBUG_CHANNEL(msv1_0
);
16 /* GLOBALS *****************************************************************/
18 LSA_DISPATCH_TABLE DispatchTable
;
21 /* FUNCTIONS ***************************************************************/
25 GetDomainSid(PRPC_SID
*Sid
)
27 LSAPR_HANDLE PolicyHandle
= NULL
;
28 PLSAPR_POLICY_INFORMATION PolicyInfo
= NULL
;
32 Status
= LsaIOpenPolicyTrusted(&PolicyHandle
);
33 if (!NT_SUCCESS(Status
))
35 TRACE("LsaIOpenPolicyTrusted() failed (Status 0x%08lx)\n", Status
);
39 Status
= LsarQueryInformationPolicy(PolicyHandle
,
40 PolicyAccountDomainInformation
,
42 if (!NT_SUCCESS(Status
))
44 TRACE("LsarQueryInformationPolicy() failed (Status 0x%08lx)\n", Status
);
48 Length
= RtlLengthSid(PolicyInfo
->PolicyAccountDomainInfo
.Sid
);
50 *Sid
= RtlAllocateHeap(RtlGetProcessHeap(), 0, Length
);
53 ERR("Failed to allocate SID\n");
54 Status
= STATUS_INSUFFICIENT_RESOURCES
;
58 memcpy(*Sid
, PolicyInfo
->PolicyAccountDomainInfo
.Sid
, Length
);
61 if (PolicyInfo
!= NULL
)
62 LsaIFree_LSAPR_POLICY_INFORMATION(PolicyAccountDomainInformation
,
65 if (PolicyHandle
!= NULL
)
66 LsarClose(&PolicyHandle
);
74 BuildInteractiveProfileBuffer(IN PLSA_CLIENT_REQUEST ClientRequest
,
75 IN PSAMPR_USER_INFO_BUFFER UserInfo
,
76 IN PUNICODE_STRING LogonServer
,
77 OUT PMSV1_0_INTERACTIVE_PROFILE
*ProfileBuffer
,
78 OUT PULONG ProfileBufferLength
)
80 PMSV1_0_INTERACTIVE_PROFILE LocalBuffer
= NULL
;
81 PVOID ClientBaseAddress
= NULL
;
84 NTSTATUS Status
= STATUS_SUCCESS
;
86 *ProfileBuffer
= NULL
;
87 *ProfileBufferLength
= 0;
89 BufferLength
= sizeof(MSV1_0_INTERACTIVE_PROFILE
) +
90 UserInfo
->All
.FullName
.Length
+ sizeof(WCHAR
) +
91 UserInfo
->All
.HomeDirectory
.Length
+ sizeof(WCHAR
) +
92 UserInfo
->All
.HomeDirectoryDrive
.Length
+ sizeof(WCHAR
) +
93 UserInfo
->All
.ScriptPath
.Length
+ sizeof(WCHAR
) +
94 UserInfo
->All
.ProfilePath
.Length
+ sizeof(WCHAR
) +
95 LogonServer
->Length
+ sizeof(WCHAR
);
97 LocalBuffer
= DispatchTable
.AllocateLsaHeap(BufferLength
);
98 if (LocalBuffer
== NULL
)
100 TRACE("Failed to allocate the local buffer!\n");
101 Status
= STATUS_INSUFFICIENT_RESOURCES
;
105 Status
= DispatchTable
.AllocateClientBuffer(ClientRequest
,
108 if (!NT_SUCCESS(Status
))
110 TRACE("DispatchTable.AllocateClientBuffer failed (Status 0x%08lx)\n", Status
);
114 TRACE("ClientBaseAddress: %p\n", ClientBaseAddress
);
116 Ptr
= (LPWSTR
)((ULONG_PTR
)LocalBuffer
+ sizeof(MSV1_0_INTERACTIVE_PROFILE
));
118 LocalBuffer
->MessageType
= MsV1_0InteractiveProfile
;
119 LocalBuffer
->LogonCount
= UserInfo
->All
.LogonCount
;
120 LocalBuffer
->BadPasswordCount
= UserInfo
->All
.BadPasswordCount
;
122 LocalBuffer
->LogonTime
.LowPart
= UserInfo
->All
.LastLogon
.LowPart
;
123 LocalBuffer
->LogonTime
.HighPart
= UserInfo
->All
.LastLogon
.HighPart
;
125 // LocalBuffer->LogoffTime.LowPart =
126 // LocalBuffer->LogoffTime.HighPart =
128 // LocalBuffer->KickOffTime.LowPart =
129 // LocalBuffer->KickOffTime.HighPart =
131 LocalBuffer
->PasswordLastSet
.LowPart
= UserInfo
->All
.PasswordLastSet
.LowPart
;
132 LocalBuffer
->PasswordLastSet
.HighPart
= UserInfo
->All
.PasswordLastSet
.HighPart
;
134 LocalBuffer
->PasswordCanChange
.LowPart
= UserInfo
->All
.PasswordCanChange
.LowPart
;
135 LocalBuffer
->PasswordCanChange
.HighPart
= UserInfo
->All
.PasswordCanChange
.HighPart
;
137 LocalBuffer
->PasswordMustChange
.LowPart
= UserInfo
->All
.PasswordMustChange
.LowPart
;
138 LocalBuffer
->PasswordMustChange
.HighPart
= UserInfo
->All
.PasswordMustChange
.HighPart
;
140 LocalBuffer
->LogonScript
.Length
= UserInfo
->All
.ScriptPath
.Length
;
141 LocalBuffer
->LogonScript
.MaximumLength
= UserInfo
->All
.ScriptPath
.Length
+ sizeof(WCHAR
);
142 LocalBuffer
->LogonScript
.Buffer
= (LPWSTR
)((ULONG_PTR
)ClientBaseAddress
+ (ULONG_PTR
)Ptr
- (ULONG_PTR
)LocalBuffer
);
144 UserInfo
->All
.ScriptPath
.Buffer
,
145 UserInfo
->All
.ScriptPath
.Length
);
147 Ptr
= (LPWSTR
)((ULONG_PTR
)Ptr
+ LocalBuffer
->LogonScript
.MaximumLength
);
149 LocalBuffer
->HomeDirectory
.Length
= UserInfo
->All
.HomeDirectory
.Length
;
150 LocalBuffer
->HomeDirectory
.MaximumLength
= UserInfo
->All
.HomeDirectory
.Length
+ sizeof(WCHAR
);
151 LocalBuffer
->HomeDirectory
.Buffer
= (LPWSTR
)((ULONG_PTR
)ClientBaseAddress
+ (ULONG_PTR
)Ptr
- (ULONG_PTR
)LocalBuffer
);
153 UserInfo
->All
.HomeDirectory
.Buffer
,
154 UserInfo
->All
.HomeDirectory
.Length
);
156 Ptr
= (LPWSTR
)((ULONG_PTR
)Ptr
+ LocalBuffer
->HomeDirectory
.MaximumLength
);
158 LocalBuffer
->FullName
.Length
= UserInfo
->All
.FullName
.Length
;
159 LocalBuffer
->FullName
.MaximumLength
= UserInfo
->All
.FullName
.Length
+ sizeof(WCHAR
);
160 LocalBuffer
->FullName
.Buffer
= (LPWSTR
)((ULONG_PTR
)ClientBaseAddress
+ (ULONG_PTR
)Ptr
- (ULONG_PTR
)LocalBuffer
);
162 UserInfo
->All
.FullName
.Buffer
,
163 UserInfo
->All
.FullName
.Length
);
164 TRACE("FullName.Buffer: %p\n", LocalBuffer
->FullName
.Buffer
);
166 Ptr
= (LPWSTR
)((ULONG_PTR
)Ptr
+ LocalBuffer
->FullName
.MaximumLength
);
168 LocalBuffer
->ProfilePath
.Length
= UserInfo
->All
.ProfilePath
.Length
;
169 LocalBuffer
->ProfilePath
.MaximumLength
= UserInfo
->All
.ProfilePath
.Length
+ sizeof(WCHAR
);
170 LocalBuffer
->ProfilePath
.Buffer
= (LPWSTR
)((ULONG_PTR
)ClientBaseAddress
+ (ULONG_PTR
)Ptr
- (ULONG_PTR
)LocalBuffer
);
172 UserInfo
->All
.ProfilePath
.Buffer
,
173 UserInfo
->All
.ProfilePath
.Length
);
175 Ptr
= (LPWSTR
)((ULONG_PTR
)Ptr
+ LocalBuffer
->ProfilePath
.MaximumLength
);
177 LocalBuffer
->HomeDirectoryDrive
.Length
= UserInfo
->All
.HomeDirectoryDrive
.Length
;
178 LocalBuffer
->HomeDirectoryDrive
.MaximumLength
= UserInfo
->All
.HomeDirectoryDrive
.Length
+ sizeof(WCHAR
);
179 LocalBuffer
->HomeDirectoryDrive
.Buffer
= (LPWSTR
)((ULONG_PTR
)ClientBaseAddress
+ (ULONG_PTR
)Ptr
- (ULONG_PTR
)LocalBuffer
);
181 UserInfo
->All
.HomeDirectoryDrive
.Buffer
,
182 UserInfo
->All
.HomeDirectoryDrive
.Length
);
184 Ptr
= (LPWSTR
)((ULONG_PTR
)Ptr
+ LocalBuffer
->HomeDirectoryDrive
.MaximumLength
);
186 LocalBuffer
->LogonServer
.Length
= LogonServer
->Length
;
187 LocalBuffer
->LogonServer
.MaximumLength
= LogonServer
->Length
+ sizeof(WCHAR
);
188 LocalBuffer
->LogonServer
.Buffer
= (LPWSTR
)((ULONG_PTR
)ClientBaseAddress
+ (ULONG_PTR
)Ptr
- (ULONG_PTR
)LocalBuffer
);;
191 LogonServer
->Length
);
193 LocalBuffer
->UserFlags
= 0;
195 Status
= DispatchTable
.CopyToClientBuffer(ClientRequest
,
199 if (!NT_SUCCESS(Status
))
201 TRACE("DispatchTable.CopyToClientBuffer failed (Status 0x%08lx)\n", Status
);
205 *ProfileBuffer
= (PMSV1_0_INTERACTIVE_PROFILE
)ClientBaseAddress
;
206 *ProfileBufferLength
= BufferLength
;
209 if (LocalBuffer
!= NULL
)
210 DispatchTable
.FreeLsaHeap(LocalBuffer
);
212 if (!NT_SUCCESS(Status
))
214 if (ClientBaseAddress
!= NULL
)
215 DispatchTable
.FreeClientBuffer(ClientRequest
,
225 AppendRidToSid(PSID SrcSid
,
231 RidCount
= *RtlSubAuthorityCountSid(SrcSid
);
235 DstSid
= DispatchTable
.AllocateLsaHeap(RtlLengthRequiredSid(RidCount
+ 1));
239 RtlCopyMemory(DstSid
,
241 RtlLengthRequiredSid(RidCount
));
243 *RtlSubAuthorityCountSid(DstSid
) = RidCount
+ 1;
244 *RtlSubAuthoritySid(DstSid
, RidCount
) = Rid
;
251 BuildTokenUser(OUT PTOKEN_USER User
,
252 IN PSID AccountDomainSid
,
255 User
->User
.Sid
= AppendRidToSid(AccountDomainSid
,
257 if (User
->User
.Sid
== NULL
)
259 ERR("Could not create the user SID\n");
260 return STATUS_UNSUCCESSFUL
;
263 User
->User
.Attributes
= 0;
265 return STATUS_SUCCESS
;
271 BuildTokenGroups(IN PSID AccountDomainSid
,
273 OUT PTOKEN_GROUPS
*Groups
,
274 OUT PSID
*PrimaryGroupSid
)
276 SID_IDENTIFIER_AUTHORITY SystemAuthority
= {SECURITY_NT_AUTHORITY
};
277 PTOKEN_GROUPS TokenGroups
;
279 DWORD GroupCount
= 0;
281 NTSTATUS Status
= STATUS_SUCCESS
;
283 TokenGroups
= DispatchTable
.AllocateLsaHeap(sizeof(TOKEN_GROUPS
) +
284 MAX_GROUPS
* sizeof(SID_AND_ATTRIBUTES
));
285 if (TokenGroups
== NULL
)
287 return STATUS_INSUFFICIENT_RESOURCES
;
290 Sid
= AppendRidToSid(AccountDomainSid
, DOMAIN_GROUP_RID_USERS
);
296 /* Member of the domain */
297 TokenGroups
->Groups
[GroupCount
].Sid
= Sid
;
298 TokenGroups
->Groups
[GroupCount
].Attributes
=
299 SE_GROUP_ENABLED
| SE_GROUP_ENABLED_BY_DEFAULT
| SE_GROUP_MANDATORY
;
300 *PrimaryGroupSid
= Sid
;
305 /* Member of 'Administrators' */
306 RtlAllocateAndInitializeSid(&SystemAuthority
,
308 SECURITY_BUILTIN_DOMAIN_RID
,
309 DOMAIN_ALIAS_RID_ADMINS
,
317 TokenGroups
->Groups
[GroupCount
].Sid
= Sid
;
318 TokenGroups
->Groups
[GroupCount
].Attributes
=
319 SE_GROUP_ENABLED
| SE_GROUP_ENABLED_BY_DEFAULT
| SE_GROUP_MANDATORY
;
322 TRACE("Not adding user to Administrators group\n");
325 /* Member of 'Users' */
326 RtlAllocateAndInitializeSid(&SystemAuthority
,
328 SECURITY_BUILTIN_DOMAIN_RID
,
329 DOMAIN_ALIAS_RID_USERS
,
337 TokenGroups
->Groups
[GroupCount
].Sid
= Sid
;
338 TokenGroups
->Groups
[GroupCount
].Attributes
=
339 SE_GROUP_ENABLED
| SE_GROUP_ENABLED_BY_DEFAULT
| SE_GROUP_MANDATORY
;
343 /* Member of 'Authenticated users' */
344 RtlAllocateAndInitializeSid(&SystemAuthority
,
346 SECURITY_AUTHENTICATED_USER_RID
,
355 TokenGroups
->Groups
[GroupCount
].Sid
= Sid
;
356 TokenGroups
->Groups
[GroupCount
].Attributes
=
357 SE_GROUP_ENABLED
| SE_GROUP_ENABLED_BY_DEFAULT
| SE_GROUP_MANDATORY
;
360 TokenGroups
->GroupCount
= GroupCount
;
361 ASSERT(TokenGroups
->GroupCount
<= MAX_GROUPS
);
363 *Groups
= TokenGroups
;
371 BuildTokenPrimaryGroup(PTOKEN_PRIMARY_GROUP PrimaryGroup
,
372 PSID PrimaryGroupSid
)
377 RidCount
= *RtlSubAuthorityCountSid(PrimaryGroupSid
);
378 Size
= RtlLengthRequiredSid(RidCount
);
380 PrimaryGroup
->PrimaryGroup
= DispatchTable
.AllocateLsaHeap(Size
);
381 if (PrimaryGroup
->PrimaryGroup
== NULL
)
383 return STATUS_INSUFFICIENT_RESOURCES
;
386 RtlCopyMemory(PrimaryGroup
->PrimaryGroup
,
390 return STATUS_SUCCESS
;
395 BuildTokenPrivileges(PTOKEN_PRIVILEGES
*TokenPrivileges
)
397 /* FIXME shouldn't use hard-coded list of privileges */
405 { L
"SeMachineAccountPrivilege", 0 },
406 { L
"SeSecurityPrivilege", 0 },
407 { L
"SeTakeOwnershipPrivilege", 0 },
408 { L
"SeLoadDriverPrivilege", 0 },
409 { L
"SeSystemProfilePrivilege", 0 },
410 { L
"SeSystemtimePrivilege", 0 },
411 { L
"SeProfileSingleProcessPrivilege", 0 },
412 { L
"SeIncreaseBasePriorityPrivilege", 0 },
413 { L
"SeCreatePagefilePrivilege", 0 },
414 { L
"SeBackupPrivilege", 0 },
415 { L
"SeRestorePrivilege", 0 },
416 { L
"SeShutdownPrivilege", 0 },
417 { L
"SeDebugPrivilege", 0 },
418 { L
"SeSystemEnvironmentPrivilege", 0 },
419 { L
"SeChangeNotifyPrivilege", SE_PRIVILEGE_ENABLED
| SE_PRIVILEGE_ENABLED_BY_DEFAULT
},
420 { L
"SeRemoteShutdownPrivilege", 0 },
421 { L
"SeUndockPrivilege", 0 },
422 { L
"SeEnableDelegationPrivilege", 0 },
423 { L
"SeImpersonatePrivilege", SE_PRIVILEGE_ENABLED
| SE_PRIVILEGE_ENABLED_BY_DEFAULT
},
424 { L
"SeCreateGlobalPrivilege", SE_PRIVILEGE_ENABLED
| SE_PRIVILEGE_ENABLED_BY_DEFAULT
}
426 PTOKEN_PRIVILEGES Privileges
= NULL
;
428 RPC_UNICODE_STRING PrivilegeName
;
429 LSAPR_HANDLE PolicyHandle
= NULL
;
430 NTSTATUS Status
= STATUS_SUCCESS
;
432 Status
= LsaIOpenPolicyTrusted(&PolicyHandle
);
433 if (!NT_SUCCESS(Status
))
438 /* Allocate and initialize token privileges */
439 Privileges
= DispatchTable
.AllocateLsaHeap(sizeof(TOKEN_PRIVILEGES
) +
440 sizeof(DefaultPrivs
) / sizeof(DefaultPrivs
[0]) *
441 sizeof(LUID_AND_ATTRIBUTES
));
442 if (Privileges
== NULL
)
444 Status
= STATUS_INSUFFICIENT_RESOURCES
;
448 Privileges
->PrivilegeCount
= 0;
449 for (i
= 0; i
< sizeof(DefaultPrivs
) / sizeof(DefaultPrivs
[0]); i
++)
451 PrivilegeName
.Length
= wcslen(DefaultPrivs
[i
].PrivName
) * sizeof(WCHAR
);
452 PrivilegeName
.MaximumLength
= PrivilegeName
.Length
+ sizeof(WCHAR
);
453 PrivilegeName
.Buffer
= (LPWSTR
)DefaultPrivs
[i
].PrivName
;
455 Status
= LsarLookupPrivilegeValue(PolicyHandle
,
457 &Privileges
->Privileges
[Privileges
->PrivilegeCount
].Luid
);
458 if (!NT_SUCCESS(Status
))
460 WARN("Can't set privilege %S\n", DefaultPrivs
[i
].PrivName
);
464 Privileges
->Privileges
[Privileges
->PrivilegeCount
].Attributes
= DefaultPrivs
[i
].Attributes
;
465 Privileges
->PrivilegeCount
++;
469 *TokenPrivileges
= Privileges
;
472 if (PolicyHandle
!= NULL
)
473 LsarClose(&PolicyHandle
);
481 BuildTokenInformationBuffer(PLSA_TOKEN_INFORMATION_V1
*TokenInformation
,
482 PRPC_SID AccountDomainSid
,
486 PLSA_TOKEN_INFORMATION_V1 Buffer
= NULL
;
487 PSID PrimaryGroupSid
= NULL
;
489 NTSTATUS Status
= STATUS_SUCCESS
;
491 Buffer
= DispatchTable
.AllocateLsaHeap(sizeof(LSA_TOKEN_INFORMATION_V1
));
494 TRACE("Failed to allocate the local buffer!\n");
495 Status
= STATUS_INSUFFICIENT_RESOURCES
;
500 Buffer
->ExpirationTime
.QuadPart
= -1;
502 Status
= BuildTokenUser(&Buffer
->User
,
503 (PSID
)AccountDomainSid
,
505 if (!NT_SUCCESS(Status
))
508 Status
= BuildTokenGroups((PSID
)AccountDomainSid
,
512 if (!NT_SUCCESS(Status
))
515 Status
= BuildTokenPrimaryGroup(&Buffer
->PrimaryGroup
,
517 if (!NT_SUCCESS(Status
))
520 Status
= BuildTokenPrivileges(&Buffer
->Privileges
);
521 if (!NT_SUCCESS(Status
))
524 *TokenInformation
= Buffer
;
527 if (!NT_SUCCESS(Status
))
531 if (Buffer
->User
.User
.Sid
!= NULL
)
532 DispatchTable
.FreeLsaHeap(Buffer
->User
.User
.Sid
);
534 if (Buffer
->Groups
!= NULL
)
536 for (i
= 0; i
< Buffer
->Groups
->GroupCount
; i
++)
538 if (Buffer
->Groups
->Groups
[i
].Sid
!= NULL
)
539 DispatchTable
.FreeLsaHeap(Buffer
->Groups
->Groups
[i
].Sid
);
542 DispatchTable
.FreeLsaHeap(Buffer
->Groups
);
545 if (Buffer
->PrimaryGroup
.PrimaryGroup
!= NULL
)
546 DispatchTable
.FreeLsaHeap(Buffer
->PrimaryGroup
.PrimaryGroup
);
548 if (Buffer
->Privileges
!= NULL
)
549 DispatchTable
.FreeLsaHeap(Buffer
->Privileges
);
551 if (Buffer
->DefaultDacl
.DefaultDacl
!= NULL
)
552 DispatchTable
.FreeLsaHeap(Buffer
->DefaultDacl
.DefaultDacl
);
554 DispatchTable
.FreeLsaHeap(Buffer
);
564 MsvpChangePassword(IN PLSA_CLIENT_REQUEST ClientRequest
,
565 IN PVOID ProtocolSubmitBuffer
,
566 IN PVOID ClientBufferBase
,
567 IN ULONG SubmitBufferLength
,
568 OUT PVOID
*ProtocolReturnBuffer
,
569 OUT PULONG ReturnBufferLength
,
570 OUT PNTSTATUS ProtocolStatus
)
572 PMSV1_0_CHANGEPASSWORD_REQUEST RequestBuffer
;
577 RequestBuffer
= (PMSV1_0_CHANGEPASSWORD_REQUEST
)ProtocolSubmitBuffer
;
579 /* Fix-up pointers in the request buffer info */
580 PtrOffset
= (ULONG_PTR
)ProtocolSubmitBuffer
- (ULONG_PTR
)ClientBufferBase
;
582 RequestBuffer
->DomainName
.Buffer
= FIXUP_POINTER(RequestBuffer
->DomainName
.Buffer
, PtrOffset
);
583 RequestBuffer
->AccountName
.Buffer
= FIXUP_POINTER(RequestBuffer
->AccountName
.Buffer
, PtrOffset
);
584 RequestBuffer
->OldPassword
.Buffer
= FIXUP_POINTER(RequestBuffer
->OldPassword
.Buffer
, PtrOffset
);
585 RequestBuffer
->NewPassword
.Buffer
= FIXUP_POINTER(RequestBuffer
->NewPassword
.Buffer
, PtrOffset
);
587 TRACE("Domain: %S\n", RequestBuffer
->DomainName
.Buffer
);
588 TRACE("Account: %S\n", RequestBuffer
->AccountName
.Buffer
);
589 TRACE("Old Password: %S\n", RequestBuffer
->OldPassword
.Buffer
);
590 TRACE("New Password: %S\n", RequestBuffer
->NewPassword
.Buffer
);
593 return STATUS_SUCCESS
;
599 MsvpCheckPassword(PUNICODE_STRING UserPassword
,
600 PSAMPR_USER_INFO_BUFFER UserInfo
)
602 ENCRYPTED_NT_OWF_PASSWORD UserNtPassword
;
603 ENCRYPTED_LM_OWF_PASSWORD UserLmPassword
;
604 BOOLEAN UserLmPasswordPresent
= FALSE
;
605 BOOLEAN UserNtPasswordPresent
= FALSE
;
606 OEM_STRING LmPwdString
;
607 CHAR LmPwdBuffer
[15];
610 TRACE("(%p %p)\n", UserPassword
, UserInfo
);
612 /* Calculate the LM password and hash for the users password */
613 LmPwdString
.Length
= 15;
614 LmPwdString
.MaximumLength
= 15;
615 LmPwdString
.Buffer
= LmPwdBuffer
;
616 ZeroMemory(LmPwdString
.Buffer
, LmPwdString
.MaximumLength
);
618 Status
= RtlUpcaseUnicodeStringToOemString(&LmPwdString
,
621 if (NT_SUCCESS(Status
))
623 /* Calculate the LM hash value of the users password */
624 Status
= SystemFunction006(LmPwdString
.Buffer
,
625 (LPSTR
)&UserLmPassword
);
626 if (NT_SUCCESS(Status
))
628 UserLmPasswordPresent
= TRUE
;
632 /* Calculate the NT hash of the users password */
633 Status
= SystemFunction007(UserPassword
,
634 (LPBYTE
)&UserNtPassword
);
635 if (NT_SUCCESS(Status
))
637 UserNtPasswordPresent
= TRUE
;
640 Status
= STATUS_WRONG_PASSWORD
;
642 /* Succeed, if no password has been set */
643 if (UserInfo
->All
.NtPasswordPresent
== FALSE
&&
644 UserInfo
->All
.LmPasswordPresent
== FALSE
)
646 TRACE("No password check!\n");
647 Status
= STATUS_SUCCESS
;
651 /* Succeed, if NT password matches */
652 if (UserNtPasswordPresent
&& UserInfo
->All
.NtPasswordPresent
)
654 TRACE("Check NT password hashes:\n");
655 if (RtlEqualMemory(&UserNtPassword
,
656 UserInfo
->All
.NtOwfPassword
.Buffer
,
657 sizeof(ENCRYPTED_NT_OWF_PASSWORD
)))
659 TRACE(" success!\n");
660 Status
= STATUS_SUCCESS
;
667 /* Succeed, if LM password matches */
668 if (UserLmPasswordPresent
&& UserInfo
->All
.LmPasswordPresent
)
670 TRACE("Check LM password hashes:\n");
671 if (RtlEqualMemory(&UserLmPassword
,
672 UserInfo
->All
.LmOwfPassword
.Buffer
,
673 sizeof(ENCRYPTED_LM_OWF_PASSWORD
)))
675 TRACE(" success!\n");
676 Status
= STATUS_SUCCESS
;
692 LsaApCallPackage(IN PLSA_CLIENT_REQUEST ClientRequest
,
693 IN PVOID ProtocolSubmitBuffer
,
694 IN PVOID ClientBufferBase
,
695 IN ULONG SubmitBufferLength
,
696 OUT PVOID
*ProtocolReturnBuffer
,
697 OUT PULONG ReturnBufferLength
,
698 OUT PNTSTATUS ProtocolStatus
)
705 if (SubmitBufferLength
< sizeof(MSV1_0_PROTOCOL_MESSAGE_TYPE
))
706 return STATUS_INVALID_PARAMETER
;
708 MessageType
= (ULONG
)*((PMSV1_0_PROTOCOL_MESSAGE_TYPE
)ProtocolSubmitBuffer
);
710 *ProtocolReturnBuffer
= NULL
;
711 *ReturnBufferLength
= 0;
715 case MsV1_0Lm20ChallengeRequest
:
716 case MsV1_0Lm20GetChallengeResponse
:
717 case MsV1_0EnumerateUsers
:
718 case MsV1_0GetUserInfo
:
719 case MsV1_0ReLogonUsers
:
720 Status
= STATUS_NOT_IMPLEMENTED
;
723 case MsV1_0ChangePassword
:
724 Status
= MsvpChangePassword(ClientRequest
,
725 ProtocolSubmitBuffer
,
728 ProtocolReturnBuffer
,
733 case MsV1_0ChangeCachedPassword
:
734 case MsV1_0GenericPassthrough
:
735 case MsV1_0CacheLogon
:
737 case MsV1_0DeriveCredential
:
738 case MsV1_0CacheLookup
:
739 Status
= STATUS_NOT_IMPLEMENTED
;
743 return STATUS_INVALID_PARAMETER
;
755 LsaApCallPackagePassthrough(IN PLSA_CLIENT_REQUEST ClientRequest
,
756 IN PVOID ProtocolSubmitBuffer
,
757 IN PVOID ClientBufferBase
,
758 IN ULONG SubmitBufferLength
,
759 OUT PVOID
*ProtocolReturnBuffer
,
760 OUT PULONG ReturnBufferLength
,
761 OUT PNTSTATUS ProtocolStatus
)
764 return STATUS_NOT_IMPLEMENTED
;
773 LsaApCallPackageUntrusted(IN PLSA_CLIENT_REQUEST ClientRequest
,
774 IN PVOID ProtocolSubmitBuffer
,
775 IN PVOID ClientBufferBase
,
776 IN ULONG SubmitBufferLength
,
777 OUT PVOID
*ProtocolReturnBuffer
,
778 OUT PULONG ReturnBufferLength
,
779 OUT PNTSTATUS ProtocolStatus
)
782 return STATUS_NOT_IMPLEMENTED
;
791 LsaApInitializePackage(IN ULONG AuthenticationPackageId
,
792 IN PLSA_DISPATCH_TABLE LsaDispatchTable
,
793 IN PLSA_STRING Database OPTIONAL
,
794 IN PLSA_STRING Confidentiality OPTIONAL
,
795 OUT PLSA_STRING
*AuthenticationPackageName
)
797 PANSI_STRING NameString
;
800 TRACE("(%lu %p %p %p %p)\n",
801 AuthenticationPackageId
, LsaDispatchTable
, Database
,
802 Confidentiality
, AuthenticationPackageName
);
804 /* Get the dispatch table entries */
805 DispatchTable
.CreateLogonSession
= LsaDispatchTable
->CreateLogonSession
;
806 DispatchTable
.DeleteLogonSession
= LsaDispatchTable
->DeleteLogonSession
;
807 DispatchTable
.AddCredential
= LsaDispatchTable
->AddCredential
;
808 DispatchTable
.GetCredentials
= LsaDispatchTable
->GetCredentials
;
809 DispatchTable
.DeleteCredential
= LsaDispatchTable
->DeleteCredential
;
810 DispatchTable
.AllocateLsaHeap
= LsaDispatchTable
->AllocateLsaHeap
;
811 DispatchTable
.FreeLsaHeap
= LsaDispatchTable
->FreeLsaHeap
;
812 DispatchTable
.AllocateClientBuffer
= LsaDispatchTable
->AllocateClientBuffer
;
813 DispatchTable
.FreeClientBuffer
= LsaDispatchTable
->FreeClientBuffer
;
814 DispatchTable
.CopyToClientBuffer
= LsaDispatchTable
->CopyToClientBuffer
;
815 DispatchTable
.CopyFromClientBuffer
= LsaDispatchTable
->CopyFromClientBuffer
;
817 /* Return the package name */
818 NameString
= DispatchTable
.AllocateLsaHeap(sizeof(LSA_STRING
));
819 if (NameString
== NULL
)
820 return STATUS_INSUFFICIENT_RESOURCES
;
822 NameBuffer
= DispatchTable
.AllocateLsaHeap(sizeof(MSV1_0_PACKAGE_NAME
));
823 if (NameBuffer
== NULL
)
825 DispatchTable
.FreeLsaHeap(NameString
);
826 return STATUS_INSUFFICIENT_RESOURCES
;
829 strcpy(NameBuffer
, MSV1_0_PACKAGE_NAME
);
831 RtlInitAnsiString(NameString
, NameBuffer
);
833 *AuthenticationPackageName
= (PLSA_STRING
)NameString
;
835 return STATUS_SUCCESS
;
844 LsaApLogonTerminated(IN PLUID LogonId
)
855 LsaApLogonUser(IN PLSA_CLIENT_REQUEST ClientRequest
,
856 IN SECURITY_LOGON_TYPE LogonType
,
857 IN PVOID AuthenticationInformation
,
858 IN PVOID ClientAuthenticationBase
,
859 IN ULONG AuthenticationInformationLength
,
860 OUT PVOID
*ProfileBuffer
,
861 OUT PULONG ProfileBufferLength
,
863 OUT PNTSTATUS SubStatus
,
864 OUT PLSA_TOKEN_INFORMATION_TYPE TokenInformationType
,
865 OUT PVOID
*TokenInformation
,
866 OUT PLSA_UNICODE_STRING
*AccountName
,
867 OUT PLSA_UNICODE_STRING
*AuthenticatingAuthority
)
869 PMSV1_0_INTERACTIVE_LOGON LogonInfo
;
871 SAMPR_HANDLE ServerHandle
= NULL
;
872 SAMPR_HANDLE DomainHandle
= NULL
;
873 SAMPR_HANDLE UserHandle
= NULL
;
874 PRPC_SID AccountDomainSid
= NULL
;
875 RPC_UNICODE_STRING Names
[1];
876 SAMPR_ULONG_ARRAY RelativeIds
= {0, NULL
};
877 SAMPR_ULONG_ARRAY Use
= {0, NULL
};
878 PSAMPR_USER_INFO_BUFFER UserInfo
= NULL
;
879 UNICODE_STRING LogonServer
;
880 BOOLEAN SessionCreated
= FALSE
;
885 TRACE("LogonType: %lu\n", LogonType
);
886 TRACE("AuthenticationInformation: %p\n", AuthenticationInformation
);
887 TRACE("AuthenticationInformationLength: %lu\n", AuthenticationInformationLength
);
889 *ProfileBuffer
= NULL
;
890 *ProfileBufferLength
= 0;
891 *SubStatus
= STATUS_SUCCESS
;
893 if (LogonType
== Interactive
||
894 LogonType
== Batch
||
895 LogonType
== Service
)
899 LogonInfo
= (PMSV1_0_INTERACTIVE_LOGON
)AuthenticationInformation
;
901 /* Fix-up pointers in the authentication info */
902 PtrOffset
= (ULONG_PTR
)AuthenticationInformation
- (ULONG_PTR
)ClientAuthenticationBase
;
904 LogonInfo
->LogonDomainName
.Buffer
= FIXUP_POINTER(LogonInfo
->LogonDomainName
.Buffer
, PtrOffset
);
905 LogonInfo
->UserName
.Buffer
= FIXUP_POINTER(LogonInfo
->UserName
.Buffer
, PtrOffset
);
906 LogonInfo
->Password
.Buffer
= FIXUP_POINTER(LogonInfo
->Password
.Buffer
, PtrOffset
);
908 TRACE("Domain: %S\n", LogonInfo
->LogonDomainName
.Buffer
);
909 TRACE("User: %S\n", LogonInfo
->UserName
.Buffer
);
910 TRACE("Password: %S\n", LogonInfo
->Password
.Buffer
);
912 RtlInitUnicodeString(&LogonServer
, L
"Testserver");
916 FIXME("LogonType %lu is not supported yet!\n", LogonType
);
917 return STATUS_NOT_IMPLEMENTED
;
920 Status
= GetDomainSid(&AccountDomainSid
);
921 if (!NT_SUCCESS(Status
))
923 TRACE("GetDomainSid() failed (Status 0x%08lx)\n", Status
);
927 /* Connect to the SAM server */
928 Status
= SamIConnect(NULL
,
930 SAM_SERVER_CONNECT
| SAM_SERVER_LOOKUP_DOMAIN
,
932 if (!NT_SUCCESS(Status
))
934 TRACE("SamIConnect() failed (Status 0x%08lx)\n", Status
);
938 /* Open the account domain */
939 Status
= SamrOpenDomain(ServerHandle
,
943 if (!NT_SUCCESS(Status
))
945 TRACE("SamrOpenDomain failed (Status %08lx)\n", Status
);
949 Names
[0].Length
= LogonInfo
->UserName
.Length
;
950 Names
[0].MaximumLength
= LogonInfo
->UserName
.MaximumLength
;
951 Names
[0].Buffer
= LogonInfo
->UserName
.Buffer
;
953 /* Try to get the RID for the user name */
954 Status
= SamrLookupNamesInDomain(DomainHandle
,
959 if (!NT_SUCCESS(Status
))
961 TRACE("SamrLookupNamesInDomain failed (Status %08lx)\n", Status
);
962 Status
= STATUS_NO_SUCH_USER
;
966 /* Fail, if it is not a user account */
967 if (Use
.Element
[0] != SidTypeUser
)
969 TRACE("Account is not a user account!\n");
970 Status
= STATUS_NO_SUCH_USER
;
974 /* Open the user object */
975 Status
= SamrOpenUser(DomainHandle
,
976 USER_READ_GENERAL
| USER_READ_LOGON
|
977 USER_READ_ACCOUNT
| USER_READ_PREFERENCES
, /* FIXME */
978 RelativeIds
.Element
[0],
980 if (!NT_SUCCESS(Status
))
982 TRACE("SamrOpenUser failed (Status %08lx)\n", Status
);
986 Status
= SamrQueryInformationUser(UserHandle
,
989 if (!NT_SUCCESS(Status
))
991 TRACE("SamrQueryInformationUser failed (Status %08lx)\n", Status
);
996 TRACE("UserName: %S\n", UserInfo
->All
.UserName
.Buffer
);
998 /* FIXME: Check restrictions */
1000 /* Check the password */
1001 if ((UserInfo
->All
.UserAccountControl
& USER_PASSWORD_NOT_REQUIRED
) == 0)
1003 Status
= MsvpCheckPassword(&(LogonInfo
->Password
),
1005 if (!NT_SUCCESS(Status
))
1007 TRACE("MsvpCheckPassword failed (Status %08lx)\n", Status
);
1012 /* Return logon information */
1014 /* Create and return a new logon id */
1015 Status
= NtAllocateLocallyUniqueId(LogonId
);
1016 if (!NT_SUCCESS(Status
))
1018 TRACE("NtAllocateLocallyUniqueId failed (Status %08lx)\n", Status
);
1022 /* Create the logon session */
1023 Status
= DispatchTable
.CreateLogonSession(LogonId
);
1024 if (!NT_SUCCESS(Status
))
1026 TRACE("CreateLogonSession failed (Status %08lx)\n", Status
);
1030 SessionCreated
= TRUE
;
1032 /* Build and fill the interactve profile buffer */
1033 Status
= BuildInteractiveProfileBuffer(ClientRequest
,
1036 (PMSV1_0_INTERACTIVE_PROFILE
*)ProfileBuffer
,
1037 ProfileBufferLength
);
1038 if (!NT_SUCCESS(Status
))
1040 TRACE("BuildInteractiveProfileBuffer failed (Status %08lx)\n", Status
);
1044 /* Return the token information type */
1045 *TokenInformationType
= LsaTokenInformationV1
;
1047 /* Build and fill the token information buffer */
1048 Status
= BuildTokenInformationBuffer((PLSA_TOKEN_INFORMATION_V1
*)TokenInformation
,
1050 RelativeIds
.Element
[0],
1052 if (!NT_SUCCESS(Status
))
1054 TRACE("BuildTokenInformationBuffer failed (Status %08lx)\n", Status
);
1059 /* Return the account name */
1060 *AccountName
= DispatchTable
.AllocateLsaHeap(sizeof(UNICODE_STRING
));
1061 if (*AccountName
!= NULL
)
1063 (*AccountName
)->Buffer
= DispatchTable
.AllocateLsaHeap(LogonInfo
->UserName
.Length
+
1064 sizeof(UNICODE_NULL
));
1065 if ((*AccountName
)->Buffer
!= NULL
)
1067 (*AccountName
)->MaximumLength
= LogonInfo
->UserName
.Length
+
1068 sizeof(UNICODE_NULL
);
1069 RtlCopyUnicodeString(*AccountName
, &LogonInfo
->UserName
);
1073 if (!NT_SUCCESS(Status
))
1075 if (SessionCreated
== TRUE
)
1076 DispatchTable
.DeleteLogonSession(LogonId
);
1078 if (*ProfileBuffer
!= NULL
)
1080 DispatchTable
.FreeClientBuffer(ClientRequest
,
1082 *ProfileBuffer
= NULL
;
1086 if (UserHandle
!= NULL
)
1087 SamrCloseHandle(&UserHandle
);
1089 SamIFree_SAMPR_USER_INFO_BUFFER(UserInfo
,
1090 UserAllInformation
);
1091 SamIFree_SAMPR_ULONG_ARRAY(&RelativeIds
);
1092 SamIFree_SAMPR_ULONG_ARRAY(&Use
);
1094 if (DomainHandle
!= NULL
)
1095 SamrCloseHandle(&DomainHandle
);
1097 if (ServerHandle
!= NULL
)
1098 SamrCloseHandle(&ServerHandle
);
1100 if (AccountDomainSid
!= NULL
)
1101 RtlFreeHeap(RtlGetProcessHeap(), 0, AccountDomainSid
);
1103 if (Status
== STATUS_NO_SUCH_USER
||
1104 Status
== STATUS_WRONG_PASSWORD
)
1106 *SubStatus
= Status
;
1107 Status
= STATUS_LOGON_FAILURE
;
1110 TRACE("LsaApLogonUser done (Status %08lx)\n", Status
);
1122 LsaApLogonUserEx(IN PLSA_CLIENT_REQUEST ClientRequest
,
1123 IN SECURITY_LOGON_TYPE LogonType
,
1124 IN PVOID AuthenticationInformation
,
1125 IN PVOID ClientAuthenticationBase
,
1126 IN ULONG AuthenticationInformationLength
,
1127 OUT PVOID
*ProfileBuffer
,
1128 OUT PULONG ProfileBufferLength
,
1130 OUT PNTSTATUS SubStatus
,
1131 OUT PLSA_TOKEN_INFORMATION_TYPE TokenInformationType
,
1132 OUT PVOID
*TokenInformation
,
1133 OUT PUNICODE_STRING
*AccountName
,
1134 OUT PUNICODE_STRING
*AuthenticatingAuthority
,
1135 OUT PUNICODE_STRING
*MachineName
)
1139 TRACE("LogonType: %lu\n", LogonType
);
1140 TRACE("AuthenticationInformation: %p\n", AuthenticationInformation
);
1141 TRACE("AuthenticationInformationLength: %lu\n", AuthenticationInformationLength
);
1143 return STATUS_NOT_IMPLEMENTED
;
1152 LsaApLogonUserEx2(IN PLSA_CLIENT_REQUEST ClientRequest
,
1153 IN SECURITY_LOGON_TYPE LogonType
,
1154 IN PVOID ProtocolSubmitBuffer
,
1155 IN PVOID ClientBufferBase
,
1156 IN ULONG SubmitBufferSize
,
1157 OUT PVOID
*ProfileBuffer
,
1158 OUT PULONG ProfileBufferSize
,
1160 OUT PNTSTATUS SubStatus
,
1161 OUT PLSA_TOKEN_INFORMATION_TYPE TokenInformationType
,
1162 OUT PVOID
*TokenInformation
,
1163 OUT PUNICODE_STRING
*AccountName
,
1164 OUT PUNICODE_STRING
*AuthenticatingAuthority
,
1165 OUT PUNICODE_STRING
*MachineName
,
1166 OUT PSECPKG_PRIMARY_CRED PrimaryCredentials
,
1167 OUT PSECPKG_SUPPLEMENTAL_CRED_ARRAY
*SupplementalCredentials
)
1171 TRACE("LogonType: %lu\n", LogonType
);
1172 TRACE("ProtocolSubmitBuffer: %p\n", ProtocolSubmitBuffer
);
1173 TRACE("SubmitBufferSize: %lu\n", SubmitBufferSize
);
1176 return STATUS_NOT_IMPLEMENTED
;