[MSV1_0]
[reactos.git] / reactos / dll / win32 / msv1_0 / msv1_0.c
1 /*
2 * PROJECT: Authentication Package DLL
3 * LICENSE: GPL - See COPYING in the top level directory
4 * FILE: dll/win32/msv1_0/msv1_0.c
5 * PURPOSE: Main file
6 * COPYRIGHT: Copyright 2013 Eric Kohl
7 */
8
9 /* INCLUDES ****************************************************************/
10
11 #include "msv1_0.h"
12
13 WINE_DEFAULT_DEBUG_CHANNEL(msv1_0);
14
15
16 /* GLOBALS *****************************************************************/
17
18 LSA_DISPATCH_TABLE DispatchTable;
19
20
21 /* FUNCTIONS ***************************************************************/
22
23 static
24 NTSTATUS
25 GetDomainSid(PRPC_SID *Sid)
26 {
27 LSAPR_HANDLE PolicyHandle = NULL;
28 PLSAPR_POLICY_INFORMATION PolicyInfo = NULL;
29 ULONG Length = 0;
30 NTSTATUS Status;
31
32 Status = LsaIOpenPolicyTrusted(&PolicyHandle);
33 if (!NT_SUCCESS(Status))
34 {
35 TRACE("LsaIOpenPolicyTrusted() failed (Status 0x%08lx)\n", Status);
36 return Status;
37 }
38
39 Status = LsarQueryInformationPolicy(PolicyHandle,
40 PolicyAccountDomainInformation,
41 &PolicyInfo);
42 if (!NT_SUCCESS(Status))
43 {
44 TRACE("LsarQueryInformationPolicy() failed (Status 0x%08lx)\n", Status);
45 goto done;
46 }
47
48 Length = RtlLengthSid(PolicyInfo->PolicyAccountDomainInfo.Sid);
49
50 *Sid = RtlAllocateHeap(RtlGetProcessHeap(), 0, Length);
51 if (*Sid == NULL)
52 {
53 ERR("Failed to allocate SID\n");
54 Status = STATUS_INSUFFICIENT_RESOURCES;
55 goto done;
56 }
57
58 memcpy(*Sid, PolicyInfo->PolicyAccountDomainInfo.Sid, Length);
59
60 done:
61 if (PolicyInfo != NULL)
62 LsaIFree_LSAPR_POLICY_INFORMATION(PolicyAccountDomainInformation,
63 PolicyInfo);
64
65 if (PolicyHandle != NULL)
66 LsarClose(&PolicyHandle);
67
68 return Status;
69 }
70
71
72 static
73 NTSTATUS
74 BuildInteractiveProfileBuffer(IN PLSA_CLIENT_REQUEST ClientRequest,
75 IN PSAMPR_USER_INFO_BUFFER UserInfo,
76 IN PUNICODE_STRING LogonServer,
77 OUT PMSV1_0_INTERACTIVE_PROFILE *ProfileBuffer,
78 OUT PULONG ProfileBufferLength)
79 {
80 PMSV1_0_INTERACTIVE_PROFILE LocalBuffer = NULL;
81 PVOID ClientBaseAddress = NULL;
82 LPWSTR Ptr;
83 ULONG BufferLength;
84 NTSTATUS Status = STATUS_SUCCESS;
85
86 *ProfileBuffer = NULL;
87 *ProfileBufferLength = 0;
88
89 BufferLength = sizeof(MSV1_0_INTERACTIVE_PROFILE) +
90 UserInfo->All.FullName.Length + sizeof(WCHAR) +
91 UserInfo->All.HomeDirectory.Length + sizeof(WCHAR) +
92 UserInfo->All.HomeDirectoryDrive.Length + sizeof(WCHAR) +
93 UserInfo->All.ScriptPath.Length + sizeof(WCHAR) +
94 UserInfo->All.ProfilePath.Length + sizeof(WCHAR) +
95 LogonServer->Length + sizeof(WCHAR);
96
97 LocalBuffer = DispatchTable.AllocateLsaHeap(BufferLength);
98 if (LocalBuffer == NULL)
99 {
100 TRACE("Failed to allocate the local buffer!\n");
101 Status = STATUS_INSUFFICIENT_RESOURCES;
102 goto done;
103 }
104
105 Status = DispatchTable.AllocateClientBuffer(ClientRequest,
106 BufferLength,
107 &ClientBaseAddress);
108 if (!NT_SUCCESS(Status))
109 {
110 TRACE("DispatchTable.AllocateClientBuffer failed (Status 0x%08lx)\n", Status);
111 goto done;
112 }
113
114 TRACE("ClientBaseAddress: %p\n", ClientBaseAddress);
115
116 Ptr = (LPWSTR)((ULONG_PTR)LocalBuffer + sizeof(MSV1_0_INTERACTIVE_PROFILE));
117
118 LocalBuffer->MessageType = MsV1_0InteractiveProfile;
119 LocalBuffer->LogonCount = UserInfo->All.LogonCount;
120 LocalBuffer->BadPasswordCount = UserInfo->All.BadPasswordCount;
121
122 LocalBuffer->LogonTime.LowPart = UserInfo->All.LastLogon.LowPart;
123 LocalBuffer->LogonTime.HighPart = UserInfo->All.LastLogon.HighPart;
124
125 // LocalBuffer->LogoffTime.LowPart =
126 // LocalBuffer->LogoffTime.HighPart =
127
128 // LocalBuffer->KickOffTime.LowPart =
129 // LocalBuffer->KickOffTime.HighPart =
130
131 LocalBuffer->PasswordLastSet.LowPart = UserInfo->All.PasswordLastSet.LowPart;
132 LocalBuffer->PasswordLastSet.HighPart = UserInfo->All.PasswordLastSet.HighPart;
133
134 LocalBuffer->PasswordCanChange.LowPart = UserInfo->All.PasswordCanChange.LowPart;
135 LocalBuffer->PasswordCanChange.HighPart = UserInfo->All.PasswordCanChange.HighPart;
136
137 LocalBuffer->PasswordMustChange.LowPart = UserInfo->All.PasswordMustChange.LowPart;
138 LocalBuffer->PasswordMustChange.HighPart = UserInfo->All.PasswordMustChange.HighPart;
139
140 LocalBuffer->LogonScript.Length = UserInfo->All.ScriptPath.Length;
141 LocalBuffer->LogonScript.MaximumLength = UserInfo->All.ScriptPath.Length + sizeof(WCHAR);
142 LocalBuffer->LogonScript.Buffer = (LPWSTR)((ULONG_PTR)ClientBaseAddress + (ULONG_PTR)Ptr - (ULONG_PTR)LocalBuffer);
143 memcpy(Ptr,
144 UserInfo->All.ScriptPath.Buffer,
145 UserInfo->All.ScriptPath.Length);
146
147 Ptr = (LPWSTR)((ULONG_PTR)Ptr + LocalBuffer->LogonScript.MaximumLength);
148
149 LocalBuffer->HomeDirectory.Length = UserInfo->All.HomeDirectory.Length;
150 LocalBuffer->HomeDirectory.MaximumLength = UserInfo->All.HomeDirectory.Length + sizeof(WCHAR);
151 LocalBuffer->HomeDirectory.Buffer = (LPWSTR)((ULONG_PTR)ClientBaseAddress + (ULONG_PTR)Ptr - (ULONG_PTR)LocalBuffer);
152 memcpy(Ptr,
153 UserInfo->All.HomeDirectory.Buffer,
154 UserInfo->All.HomeDirectory.Length);
155
156 Ptr = (LPWSTR)((ULONG_PTR)Ptr + LocalBuffer->HomeDirectory.MaximumLength);
157
158 LocalBuffer->FullName.Length = UserInfo->All.FullName.Length;
159 LocalBuffer->FullName.MaximumLength = UserInfo->All.FullName.Length + sizeof(WCHAR);
160 LocalBuffer->FullName.Buffer = (LPWSTR)((ULONG_PTR)ClientBaseAddress + (ULONG_PTR)Ptr - (ULONG_PTR)LocalBuffer);
161 memcpy(Ptr,
162 UserInfo->All.FullName.Buffer,
163 UserInfo->All.FullName.Length);
164 TRACE("FullName.Buffer: %p\n", LocalBuffer->FullName.Buffer);
165
166 Ptr = (LPWSTR)((ULONG_PTR)Ptr + LocalBuffer->FullName.MaximumLength);
167
168 LocalBuffer->ProfilePath.Length = UserInfo->All.ProfilePath.Length;
169 LocalBuffer->ProfilePath.MaximumLength = UserInfo->All.ProfilePath.Length + sizeof(WCHAR);
170 LocalBuffer->ProfilePath.Buffer = (LPWSTR)((ULONG_PTR)ClientBaseAddress + (ULONG_PTR)Ptr - (ULONG_PTR)LocalBuffer);
171 memcpy(Ptr,
172 UserInfo->All.ProfilePath.Buffer,
173 UserInfo->All.ProfilePath.Length);
174
175 Ptr = (LPWSTR)((ULONG_PTR)Ptr + LocalBuffer->ProfilePath.MaximumLength);
176
177 LocalBuffer->HomeDirectoryDrive.Length = UserInfo->All.HomeDirectoryDrive.Length;
178 LocalBuffer->HomeDirectoryDrive.MaximumLength = UserInfo->All.HomeDirectoryDrive.Length + sizeof(WCHAR);
179 LocalBuffer->HomeDirectoryDrive.Buffer = (LPWSTR)((ULONG_PTR)ClientBaseAddress + (ULONG_PTR)Ptr - (ULONG_PTR)LocalBuffer);
180 memcpy(Ptr,
181 UserInfo->All.HomeDirectoryDrive.Buffer,
182 UserInfo->All.HomeDirectoryDrive.Length);
183
184 Ptr = (LPWSTR)((ULONG_PTR)Ptr + LocalBuffer->HomeDirectoryDrive.MaximumLength);
185
186 LocalBuffer->LogonServer.Length = LogonServer->Length;
187 LocalBuffer->LogonServer.MaximumLength = LogonServer->Length + sizeof(WCHAR);
188 LocalBuffer->LogonServer.Buffer = (LPWSTR)((ULONG_PTR)ClientBaseAddress + (ULONG_PTR)Ptr - (ULONG_PTR)LocalBuffer);;
189 memcpy(Ptr,
190 LogonServer->Buffer,
191 LogonServer->Length);
192
193 LocalBuffer->UserFlags = 0;
194
195 Status = DispatchTable.CopyToClientBuffer(ClientRequest,
196 BufferLength,
197 ClientBaseAddress,
198 LocalBuffer);
199 if (!NT_SUCCESS(Status))
200 {
201 TRACE("DispatchTable.CopyToClientBuffer failed (Status 0x%08lx)\n", Status);
202 goto done;
203 }
204
205 *ProfileBuffer = (PMSV1_0_INTERACTIVE_PROFILE)ClientBaseAddress;
206 *ProfileBufferLength = BufferLength;
207
208 done:
209 if (LocalBuffer != NULL)
210 DispatchTable.FreeLsaHeap(LocalBuffer);
211
212 if (!NT_SUCCESS(Status))
213 {
214 if (ClientBaseAddress != NULL)
215 DispatchTable.FreeClientBuffer(ClientRequest,
216 ClientBaseAddress);
217 }
218
219 return Status;
220 }
221
222
223 static
224 PSID
225 AppendRidToSid(PSID SrcSid,
226 ULONG Rid)
227 {
228 PSID DstSid = NULL;
229 UCHAR RidCount;
230
231 RidCount = *RtlSubAuthorityCountSid(SrcSid);
232 if (RidCount >= 8)
233 return NULL;
234
235 DstSid = DispatchTable.AllocateLsaHeap(RtlLengthRequiredSid(RidCount + 1));
236 if (DstSid == NULL)
237 return NULL;
238
239 RtlCopyMemory(DstSid,
240 SrcSid,
241 RtlLengthRequiredSid(RidCount));
242
243 *RtlSubAuthorityCountSid(DstSid) = RidCount + 1;
244 *RtlSubAuthoritySid(DstSid, RidCount) = Rid;
245
246 return DstSid;
247 }
248
249 static
250 NTSTATUS
251 BuildTokenUser(OUT PTOKEN_USER User,
252 IN PSID AccountDomainSid,
253 IN ULONG RelativeId)
254 {
255 User->User.Sid = AppendRidToSid(AccountDomainSid,
256 RelativeId);
257 if (User->User.Sid == NULL)
258 {
259 ERR("Could not create the user SID\n");
260 return STATUS_UNSUCCESSFUL;
261 }
262
263 User->User.Attributes = 0;
264
265 return STATUS_SUCCESS;
266 }
267
268
269 static
270 NTSTATUS
271 BuildTokenGroups(IN PSID AccountDomainSid,
272 IN PLUID LogonId,
273 OUT PTOKEN_GROUPS *Groups,
274 OUT PSID *PrimaryGroupSid,
275 OUT PSID *OwnerSid)
276 {
277 SID_IDENTIFIER_AUTHORITY WorldAuthority = {SECURITY_WORLD_SID_AUTHORITY};
278 SID_IDENTIFIER_AUTHORITY LocalAuthority = {SECURITY_LOCAL_SID_AUTHORITY};
279 SID_IDENTIFIER_AUTHORITY SystemAuthority = {SECURITY_NT_AUTHORITY};
280 PTOKEN_GROUPS TokenGroups;
281 #define MAX_GROUPS 8
282 DWORD GroupCount = 0;
283 PSID Sid;
284 NTSTATUS Status = STATUS_SUCCESS;
285
286 TokenGroups = DispatchTable.AllocateLsaHeap(sizeof(TOKEN_GROUPS) +
287 MAX_GROUPS * sizeof(SID_AND_ATTRIBUTES));
288 if (TokenGroups == NULL)
289 {
290 return STATUS_INSUFFICIENT_RESOURCES;
291 }
292
293 Sid = AppendRidToSid(AccountDomainSid, DOMAIN_GROUP_RID_USERS);
294 if (Sid == NULL)
295 {
296
297 }
298
299 /* Member of the domain */
300 TokenGroups->Groups[GroupCount].Sid = Sid;
301 TokenGroups->Groups[GroupCount].Attributes =
302 SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
303 *PrimaryGroupSid = Sid;
304 GroupCount++;
305
306 /* Member of 'Everyone' */
307 RtlAllocateAndInitializeSid(&WorldAuthority,
308 1,
309 SECURITY_WORLD_RID,
310 SECURITY_NULL_RID,
311 SECURITY_NULL_RID,
312 SECURITY_NULL_RID,
313 SECURITY_NULL_RID,
314 SECURITY_NULL_RID,
315 SECURITY_NULL_RID,
316 SECURITY_NULL_RID,
317 &Sid);
318 TokenGroups->Groups[GroupCount].Sid = Sid;
319 TokenGroups->Groups[GroupCount].Attributes =
320 SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
321 GroupCount++;
322
323 #if 1
324 /* Member of 'Administrators' */
325 RtlAllocateAndInitializeSid(&SystemAuthority,
326 2,
327 SECURITY_BUILTIN_DOMAIN_RID,
328 DOMAIN_ALIAS_RID_ADMINS,
329 SECURITY_NULL_RID,
330 SECURITY_NULL_RID,
331 SECURITY_NULL_RID,
332 SECURITY_NULL_RID,
333 SECURITY_NULL_RID,
334 SECURITY_NULL_RID,
335 &Sid);
336 TokenGroups->Groups[GroupCount].Sid = Sid;
337 TokenGroups->Groups[GroupCount].Attributes =
338 SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
339 GroupCount++;
340 #else
341 TRACE("Not adding user to Administrators group\n");
342 #endif
343
344 /* Member of 'Users' */
345 RtlAllocateAndInitializeSid(&SystemAuthority,
346 2,
347 SECURITY_BUILTIN_DOMAIN_RID,
348 DOMAIN_ALIAS_RID_USERS,
349 SECURITY_NULL_RID,
350 SECURITY_NULL_RID,
351 SECURITY_NULL_RID,
352 SECURITY_NULL_RID,
353 SECURITY_NULL_RID,
354 SECURITY_NULL_RID,
355 &Sid);
356 TokenGroups->Groups[GroupCount].Sid = Sid;
357 TokenGroups->Groups[GroupCount].Attributes =
358 SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
359 GroupCount++;
360
361 /* Logon SID */
362 RtlAllocateAndInitializeSid(&SystemAuthority,
363 SECURITY_LOGON_IDS_RID_COUNT,
364 SECURITY_LOGON_IDS_RID,
365 LogonId->HighPart,
366 LogonId->LowPart,
367 SECURITY_NULL_RID,
368 SECURITY_NULL_RID,
369 SECURITY_NULL_RID,
370 SECURITY_NULL_RID,
371 SECURITY_NULL_RID,
372 &Sid);
373 TokenGroups->Groups[GroupCount].Sid = Sid;
374 TokenGroups->Groups[GroupCount].Attributes =
375 SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY | SE_GROUP_LOGON_ID;
376 GroupCount++;
377 *OwnerSid = Sid;
378
379 /* Member of 'Local users */
380 RtlAllocateAndInitializeSid(&LocalAuthority,
381 1,
382 SECURITY_LOCAL_RID,
383 SECURITY_NULL_RID,
384 SECURITY_NULL_RID,
385 SECURITY_NULL_RID,
386 SECURITY_NULL_RID,
387 SECURITY_NULL_RID,
388 SECURITY_NULL_RID,
389 SECURITY_NULL_RID,
390 &Sid);
391 TokenGroups->Groups[GroupCount].Sid = Sid;
392 TokenGroups->Groups[GroupCount].Attributes =
393 SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
394 GroupCount++;
395
396 /* Member of 'Interactive users' */
397 RtlAllocateAndInitializeSid(&SystemAuthority,
398 1,
399 SECURITY_INTERACTIVE_RID,
400 SECURITY_NULL_RID,
401 SECURITY_NULL_RID,
402 SECURITY_NULL_RID,
403 SECURITY_NULL_RID,
404 SECURITY_NULL_RID,
405 SECURITY_NULL_RID,
406 SECURITY_NULL_RID,
407 &Sid);
408 TokenGroups->Groups[GroupCount].Sid = Sid;
409 TokenGroups->Groups[GroupCount].Attributes =
410 SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
411 GroupCount++;
412
413 /* Member of 'Authenticated users' */
414 RtlAllocateAndInitializeSid(&SystemAuthority,
415 1,
416 SECURITY_AUTHENTICATED_USER_RID,
417 SECURITY_NULL_RID,
418 SECURITY_NULL_RID,
419 SECURITY_NULL_RID,
420 SECURITY_NULL_RID,
421 SECURITY_NULL_RID,
422 SECURITY_NULL_RID,
423 SECURITY_NULL_RID,
424 &Sid);
425 TokenGroups->Groups[GroupCount].Sid = Sid;
426 TokenGroups->Groups[GroupCount].Attributes =
427 SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
428 GroupCount++;
429
430 TokenGroups->GroupCount = GroupCount;
431 ASSERT(TokenGroups->GroupCount <= MAX_GROUPS);
432
433 *Groups = TokenGroups;
434
435 return Status;
436 }
437
438
439 static
440 NTSTATUS
441 BuildTokenPrimaryGroup(PTOKEN_PRIMARY_GROUP PrimaryGroup,
442 PSID PrimaryGroupSid)
443 {
444 ULONG RidCount;
445 ULONG Size;
446
447 RidCount = *RtlSubAuthorityCountSid(PrimaryGroupSid);
448 Size = RtlLengthRequiredSid(RidCount);
449
450 PrimaryGroup->PrimaryGroup = DispatchTable.AllocateLsaHeap(Size);
451 if (PrimaryGroup->PrimaryGroup == NULL)
452 {
453 return STATUS_INSUFFICIENT_RESOURCES;
454 }
455
456 RtlCopyMemory(PrimaryGroup->PrimaryGroup,
457 PrimaryGroupSid,
458 Size);
459
460 return STATUS_SUCCESS;
461 }
462
463 static
464 NTSTATUS
465 BuildTokenPrivileges(PTOKEN_PRIVILEGES *TokenPrivileges)
466 {
467 /* FIXME shouldn't use hard-coded list of privileges */
468 static struct
469 {
470 LPCWSTR PrivName;
471 DWORD Attributes;
472 }
473 DefaultPrivs[] =
474 {
475 { L"SeMachineAccountPrivilege", 0 },
476 { L"SeSecurityPrivilege", 0 },
477 { L"SeTakeOwnershipPrivilege", 0 },
478 { L"SeLoadDriverPrivilege", 0 },
479 { L"SeSystemProfilePrivilege", 0 },
480 { L"SeSystemtimePrivilege", 0 },
481 { L"SeProfileSingleProcessPrivilege", 0 },
482 { L"SeIncreaseBasePriorityPrivilege", 0 },
483 { L"SeCreatePagefilePrivilege", 0 },
484 { L"SeBackupPrivilege", 0 },
485 { L"SeRestorePrivilege", 0 },
486 { L"SeShutdownPrivilege", 0 },
487 { L"SeDebugPrivilege", 0 },
488 { L"SeSystemEnvironmentPrivilege", 0 },
489 { L"SeChangeNotifyPrivilege", SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
490 { L"SeRemoteShutdownPrivilege", 0 },
491 { L"SeUndockPrivilege", 0 },
492 { L"SeEnableDelegationPrivilege", 0 },
493 { L"SeImpersonatePrivilege", SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
494 { L"SeCreateGlobalPrivilege", SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT }
495 };
496 PTOKEN_PRIVILEGES Privileges = NULL;
497 ULONG i;
498 RPC_UNICODE_STRING PrivilegeName;
499 LSAPR_HANDLE PolicyHandle = NULL;
500 NTSTATUS Status = STATUS_SUCCESS;
501
502 Status = LsaIOpenPolicyTrusted(&PolicyHandle);
503 if (!NT_SUCCESS(Status))
504 {
505 goto done;
506 }
507
508 /* Allocate and initialize token privileges */
509 Privileges = DispatchTable.AllocateLsaHeap(sizeof(TOKEN_PRIVILEGES) +
510 sizeof(DefaultPrivs) / sizeof(DefaultPrivs[0]) *
511 sizeof(LUID_AND_ATTRIBUTES));
512 if (Privileges == NULL)
513 {
514 Status = STATUS_INSUFFICIENT_RESOURCES;
515 goto done;
516 }
517
518 Privileges->PrivilegeCount = 0;
519 for (i = 0; i < sizeof(DefaultPrivs) / sizeof(DefaultPrivs[0]); i++)
520 {
521 PrivilegeName.Length = wcslen(DefaultPrivs[i].PrivName) * sizeof(WCHAR);
522 PrivilegeName.MaximumLength = PrivilegeName.Length + sizeof(WCHAR);
523 PrivilegeName.Buffer = (LPWSTR)DefaultPrivs[i].PrivName;
524
525 Status = LsarLookupPrivilegeValue(PolicyHandle,
526 &PrivilegeName,
527 &Privileges->Privileges[Privileges->PrivilegeCount].Luid);
528 if (!NT_SUCCESS(Status))
529 {
530 WARN("Can't set privilege %S\n", DefaultPrivs[i].PrivName);
531 }
532 else
533 {
534 Privileges->Privileges[Privileges->PrivilegeCount].Attributes = DefaultPrivs[i].Attributes;
535 Privileges->PrivilegeCount++;
536 }
537 }
538
539 *TokenPrivileges = Privileges;
540
541 done:
542 if (PolicyHandle != NULL)
543 LsarClose(PolicyHandle);
544
545 return Status;
546 }
547
548
549 static
550 NTSTATUS
551 BuildTokenOwner(PTOKEN_OWNER Owner,
552 PSID OwnerSid)
553 {
554 ULONG RidCount;
555 ULONG Size;
556
557 RidCount = *RtlSubAuthorityCountSid(OwnerSid);
558 Size = RtlLengthRequiredSid(RidCount);
559
560 Owner->Owner = DispatchTable.AllocateLsaHeap(Size);
561 if (Owner->Owner == NULL)
562 {
563 return STATUS_INSUFFICIENT_RESOURCES;
564 }
565
566 RtlCopyMemory(Owner->Owner,
567 OwnerSid,
568 Size);
569
570 return STATUS_SUCCESS;
571 }
572
573
574 static
575 NTSTATUS
576 BuildTokenDefaultDacl(PTOKEN_DEFAULT_DACL DefaultDacl,
577 PSID OwnerSid)
578 {
579 SID_IDENTIFIER_AUTHORITY SystemAuthority = {SECURITY_NT_AUTHORITY};
580 PSID LocalSystemSid = NULL;
581 PACL Dacl = NULL;
582 NTSTATUS Status = STATUS_SUCCESS;
583
584 RtlAllocateAndInitializeSid(&SystemAuthority,
585 1,
586 SECURITY_LOCAL_SYSTEM_RID,
587 SECURITY_NULL_RID,
588 SECURITY_NULL_RID,
589 SECURITY_NULL_RID,
590 SECURITY_NULL_RID,
591 SECURITY_NULL_RID,
592 SECURITY_NULL_RID,
593 SECURITY_NULL_RID,
594 &LocalSystemSid);
595
596 Dacl = DispatchTable.AllocateLsaHeap(1024);
597 if (Dacl == NULL)
598 {
599 Status = STATUS_INSUFFICIENT_RESOURCES;
600 goto done;
601 }
602
603 Status = RtlCreateAcl(Dacl, 1024, ACL_REVISION);
604 if (!NT_SUCCESS(Status))
605 goto done;
606
607 RtlAddAccessAllowedAce(Dacl,
608 ACL_REVISION,
609 GENERIC_ALL,
610 OwnerSid);
611
612 /* SID: S-1-5-18 */
613 RtlAddAccessAllowedAce(Dacl,
614 ACL_REVISION,
615 GENERIC_ALL,
616 LocalSystemSid);
617
618 DefaultDacl->DefaultDacl = Dacl;
619
620 done:
621 if (!NT_SUCCESS(Status))
622 {
623 if (Dacl != NULL)
624 DispatchTable.FreeLsaHeap(Dacl);
625 }
626
627 if (LocalSystemSid != NULL)
628 RtlFreeSid(LocalSystemSid);
629
630 return Status;
631 }
632
633
634 static
635 NTSTATUS
636 BuildTokenInformationBuffer(PLSA_TOKEN_INFORMATION_V1 *TokenInformation,
637 PRPC_SID AccountDomainSid,
638 ULONG RelativeId,
639 PLUID LogonId)
640 {
641 PLSA_TOKEN_INFORMATION_V1 Buffer = NULL;
642 PSID OwnerSid = NULL;
643 PSID PrimaryGroupSid = NULL;
644 ULONG i;
645 NTSTATUS Status = STATUS_SUCCESS;
646
647 Buffer = DispatchTable.AllocateLsaHeap(sizeof(LSA_TOKEN_INFORMATION_V1));
648 if (Buffer == NULL)
649 {
650 TRACE("Failed to allocate the local buffer!\n");
651 Status = STATUS_INSUFFICIENT_RESOURCES;
652 goto done;
653 }
654
655 /* FIXME: */
656 Buffer->ExpirationTime.QuadPart = -1;
657
658 Status = BuildTokenUser(&Buffer->User,
659 (PSID)AccountDomainSid,
660 RelativeId);
661 if (!NT_SUCCESS(Status))
662 goto done;
663
664 Status = BuildTokenGroups((PSID)AccountDomainSid,
665 LogonId,
666 &Buffer->Groups,
667 &PrimaryGroupSid,
668 &OwnerSid);
669 if (!NT_SUCCESS(Status))
670 goto done;
671
672 Status = BuildTokenPrimaryGroup(&Buffer->PrimaryGroup,
673 PrimaryGroupSid);
674 if (!NT_SUCCESS(Status))
675 goto done;
676
677 Status = BuildTokenPrivileges(&Buffer->Privileges);
678 if (!NT_SUCCESS(Status))
679 goto done;
680
681 Status = BuildTokenOwner(&Buffer->Owner,
682 OwnerSid);
683 if (!NT_SUCCESS(Status))
684 goto done;
685
686 Status = BuildTokenDefaultDacl(&Buffer->DefaultDacl,
687 OwnerSid);
688 if (!NT_SUCCESS(Status))
689 goto done;
690
691 *TokenInformation = Buffer;
692
693 done:
694 if (!NT_SUCCESS(Status))
695 {
696 if (Buffer != NULL)
697 {
698 if (Buffer->User.User.Sid != NULL)
699 DispatchTable.FreeLsaHeap(Buffer->User.User.Sid);
700
701 if (Buffer->Groups != NULL)
702 {
703 for (i = 0; i < Buffer->Groups->GroupCount; i++)
704 {
705 if (Buffer->Groups->Groups[i].Sid != NULL)
706 DispatchTable.FreeLsaHeap(Buffer->Groups->Groups[i].Sid);
707 }
708
709 DispatchTable.FreeLsaHeap(Buffer->Groups);
710 }
711
712 if (Buffer->PrimaryGroup.PrimaryGroup != NULL)
713 DispatchTable.FreeLsaHeap(Buffer->PrimaryGroup.PrimaryGroup);
714
715 if (Buffer->Privileges != NULL)
716 DispatchTable.FreeLsaHeap(Buffer->Privileges);
717
718 if (Buffer->Owner.Owner != NULL)
719 DispatchTable.FreeLsaHeap(Buffer->Owner.Owner);
720
721 if (Buffer->DefaultDacl.DefaultDacl != NULL)
722 DispatchTable.FreeLsaHeap(Buffer->DefaultDacl.DefaultDacl);
723
724 DispatchTable.FreeLsaHeap(Buffer);
725 }
726 }
727
728 return Status;
729 }
730
731
732 static
733 NTSTATUS
734 ChangePassword(IN PLSA_CLIENT_REQUEST ClientRequest,
735 IN PVOID ProtocolSubmitBuffer,
736 IN PVOID ClientBufferBase,
737 IN ULONG SubmitBufferLength,
738 OUT PVOID *ProtocolReturnBuffer,
739 OUT PULONG ReturnBufferLength,
740 OUT PNTSTATUS ProtocolStatus)
741 {
742 PMSV1_0_CHANGEPASSWORD_REQUEST RequestBuffer;
743 ULONG_PTR PtrOffset;
744
745 TRACE("()\n");
746
747 RequestBuffer = (PMSV1_0_CHANGEPASSWORD_REQUEST)ProtocolSubmitBuffer;
748
749 /* Fix-up pointers in the request buffer info */
750 PtrOffset = (ULONG_PTR)ProtocolSubmitBuffer - (ULONG_PTR)ClientBufferBase;
751
752 RequestBuffer->DomainName.Buffer = (PWSTR)((ULONG_PTR)RequestBuffer->DomainName.Buffer + PtrOffset);
753 RequestBuffer->AccountName.Buffer = (PWSTR)((ULONG_PTR)RequestBuffer->AccountName.Buffer + PtrOffset);
754 RequestBuffer->OldPassword.Buffer = (PWSTR)((ULONG_PTR)RequestBuffer->OldPassword.Buffer + PtrOffset);
755 RequestBuffer->NewPassword.Buffer = (PWSTR)((ULONG_PTR)RequestBuffer->NewPassword.Buffer + PtrOffset);
756
757 TRACE("Domain: %S\n", RequestBuffer->DomainName.Buffer);
758 TRACE("Account: %S\n", RequestBuffer->AccountName.Buffer);
759 TRACE("Old Password: %S\n", RequestBuffer->OldPassword.Buffer);
760 TRACE("New Password: %S\n", RequestBuffer->NewPassword.Buffer);
761
762
763 return STATUS_SUCCESS;
764 }
765
766
767 static
768 NTSTATUS
769 MsvpCheckPassword(PUNICODE_STRING UserPassword,
770 PSAMPR_USER_INFO_BUFFER UserInfo)
771 {
772 ENCRYPTED_NT_OWF_PASSWORD UserNtPassword;
773 ENCRYPTED_LM_OWF_PASSWORD UserLmPassword;
774 BOOLEAN UserLmPasswordPresent = FALSE;
775 BOOLEAN UserNtPasswordPresent = FALSE;
776 OEM_STRING LmPwdString;
777 CHAR LmPwdBuffer[15];
778 NTSTATUS Status;
779
780 TRACE("(%p %p)\n", UserPassword, UserInfo);
781
782 /* Calculate the LM password and hash for the users password */
783 LmPwdString.Length = 15;
784 LmPwdString.MaximumLength = 15;
785 LmPwdString.Buffer = LmPwdBuffer;
786 ZeroMemory(LmPwdString.Buffer, LmPwdString.MaximumLength);
787
788 Status = RtlUpcaseUnicodeStringToOemString(&LmPwdString,
789 UserPassword,
790 FALSE);
791 if (NT_SUCCESS(Status))
792 {
793 /* Calculate the LM hash value of the users password */
794 Status = SystemFunction006(LmPwdString.Buffer,
795 (LPSTR)&UserLmPassword);
796 if (NT_SUCCESS(Status))
797 {
798 UserLmPasswordPresent = TRUE;
799 }
800 }
801
802 /* Calculate the NT hash of the users password */
803 Status = SystemFunction007(UserPassword,
804 (LPBYTE)&UserNtPassword);
805 if (NT_SUCCESS(Status))
806 {
807 UserNtPasswordPresent = TRUE;
808 }
809
810 Status = STATUS_SUCCESS;
811
812 if (UserNtPasswordPresent && UserInfo->All.NtPasswordPresent)
813 {
814 TRACE("Check NT password hashes:\n");
815 if (!RtlEqualMemory(&UserNtPassword,
816 UserInfo->All.NtOwfPassword.Buffer,
817 sizeof(ENCRYPTED_NT_OWF_PASSWORD)))
818 {
819 TRACE(" failed!\n");
820 Status = STATUS_WRONG_PASSWORD;
821 }
822 }
823 else if (UserLmPasswordPresent && UserInfo->All.LmPasswordPresent)
824 {
825 TRACE("Check LM password hashes:\n");
826 if (!RtlEqualMemory(&UserLmPassword,
827 UserInfo->All.LmOwfPassword.Buffer,
828 sizeof(ENCRYPTED_LM_OWF_PASSWORD)))
829 {
830 TRACE(" failed!\n");
831 Status = STATUS_WRONG_PASSWORD;
832 }
833 }
834 else
835 {
836 TRACE("No matching hashes available!\n");
837 Status = STATUS_WRONG_PASSWORD;
838 }
839
840 return Status;
841 }
842
843
844 /*
845 * @unimplemented
846 */
847 NTSTATUS
848 NTAPI
849 LsaApCallPackage(IN PLSA_CLIENT_REQUEST ClientRequest,
850 IN PVOID ProtocolSubmitBuffer,
851 IN PVOID ClientBufferBase,
852 IN ULONG SubmitBufferLength,
853 OUT PVOID *ProtocolReturnBuffer,
854 OUT PULONG ReturnBufferLength,
855 OUT PNTSTATUS ProtocolStatus)
856 {
857 ULONG MessageType;
858 NTSTATUS Status;
859
860 TRACE("()\n");
861
862 if (SubmitBufferLength < sizeof(MSV1_0_PROTOCOL_MESSAGE_TYPE))
863 return STATUS_INVALID_PARAMETER;
864
865 MessageType = (ULONG)*((PMSV1_0_PROTOCOL_MESSAGE_TYPE)ProtocolSubmitBuffer);
866
867 *ProtocolReturnBuffer = NULL;
868 *ReturnBufferLength = 0;
869
870 switch (MessageType)
871 {
872 case MsV1_0Lm20ChallengeRequest:
873 case MsV1_0Lm20GetChallengeResponse:
874 case MsV1_0EnumerateUsers:
875 case MsV1_0GetUserInfo:
876 case MsV1_0ReLogonUsers:
877 Status = STATUS_NOT_IMPLEMENTED;
878 break;
879
880 case MsV1_0ChangePassword:
881 Status = ChangePassword(ClientRequest,
882 ProtocolSubmitBuffer,
883 ClientBufferBase,
884 SubmitBufferLength,
885 ProtocolReturnBuffer,
886 ReturnBufferLength,
887 ProtocolStatus);
888 break;
889
890 case MsV1_0ChangeCachedPassword:
891 case MsV1_0GenericPassthrough:
892 case MsV1_0CacheLogon:
893 case MsV1_0SubAuth:
894 case MsV1_0DeriveCredential:
895 case MsV1_0CacheLookup:
896 Status = STATUS_NOT_IMPLEMENTED;
897 break;
898
899 default:
900 return STATUS_INVALID_PARAMETER;
901 }
902
903 return Status;
904 }
905
906
907 /*
908 * @unimplemented
909 */
910 NTSTATUS
911 NTAPI
912 LsaApCallPackagePassthrough(IN PLSA_CLIENT_REQUEST ClientRequest,
913 IN PVOID ProtocolSubmitBuffer,
914 IN PVOID ClientBufferBase,
915 IN ULONG SubmitBufferLength,
916 OUT PVOID *ProtocolReturnBuffer,
917 OUT PULONG ReturnBufferLength,
918 OUT PNTSTATUS ProtocolStatus)
919 {
920 TRACE("()\n");
921 return STATUS_NOT_IMPLEMENTED;
922 }
923
924
925 /*
926 * @unimplemented
927 */
928 NTSTATUS
929 NTAPI
930 LsaApCallPackageUntrusted(IN PLSA_CLIENT_REQUEST ClientRequest,
931 IN PVOID ProtocolSubmitBuffer,
932 IN PVOID ClientBufferBase,
933 IN ULONG SubmitBufferLength,
934 OUT PVOID *ProtocolReturnBuffer,
935 OUT PULONG ReturnBufferLength,
936 OUT PNTSTATUS ProtocolStatus)
937 {
938 TRACE("()\n");
939 return STATUS_NOT_IMPLEMENTED;
940 }
941
942
943 /*
944 * @unimplemented
945 */
946 NTSTATUS
947 NTAPI
948 LsaApInitializePackage(IN ULONG AuthenticationPackageId,
949 IN PLSA_DISPATCH_TABLE LsaDispatchTable,
950 IN PLSA_STRING Database OPTIONAL,
951 IN PLSA_STRING Confidentiality OPTIONAL,
952 OUT PLSA_STRING *AuthenticationPackageName)
953 {
954 PANSI_STRING NameString;
955 PCHAR NameBuffer;
956
957 TRACE("(%lu %p %p %p %p)\n",
958 AuthenticationPackageId, LsaDispatchTable, Database,
959 Confidentiality, AuthenticationPackageName);
960
961 /* Get the dispatch table entries */
962 DispatchTable.CreateLogonSession = LsaDispatchTable->CreateLogonSession;
963 DispatchTable.DeleteLogonSession = LsaDispatchTable->DeleteLogonSession;
964 DispatchTable.AddCredential = LsaDispatchTable->AddCredential;
965 DispatchTable.GetCredentials = LsaDispatchTable->GetCredentials;
966 DispatchTable.DeleteCredential = LsaDispatchTable->DeleteCredential;
967 DispatchTable.AllocateLsaHeap = LsaDispatchTable->AllocateLsaHeap;
968 DispatchTable.FreeLsaHeap = LsaDispatchTable->FreeLsaHeap;
969 DispatchTable.AllocateClientBuffer = LsaDispatchTable->AllocateClientBuffer;
970 DispatchTable.FreeClientBuffer = LsaDispatchTable->FreeClientBuffer;
971 DispatchTable.CopyToClientBuffer = LsaDispatchTable->CopyToClientBuffer;
972 DispatchTable.CopyFromClientBuffer = LsaDispatchTable->CopyFromClientBuffer;
973
974 /* Return the package name */
975 NameString = DispatchTable.AllocateLsaHeap(sizeof(LSA_STRING));
976 if (NameString == NULL)
977 return STATUS_INSUFFICIENT_RESOURCES;
978
979 NameBuffer = DispatchTable.AllocateLsaHeap(sizeof(MSV1_0_PACKAGE_NAME));
980 if (NameBuffer == NULL)
981 {
982 DispatchTable.FreeLsaHeap(NameString);
983 return STATUS_INSUFFICIENT_RESOURCES;
984 }
985
986 strcpy(NameBuffer, MSV1_0_PACKAGE_NAME);
987
988 RtlInitAnsiString(NameString, NameBuffer);
989
990 *AuthenticationPackageName = (PLSA_STRING)NameString;
991
992 return STATUS_SUCCESS;
993 }
994
995
996 /*
997 * @unimplemented
998 */
999 VOID
1000 NTAPI
1001 LsaApLogonTerminated(IN PLUID LogonId)
1002 {
1003 TRACE("()\n");
1004 }
1005
1006
1007 /*
1008 * @unimplemented
1009 */
1010 NTSTATUS
1011 NTAPI
1012 LsaApLogonUser(IN PLSA_CLIENT_REQUEST ClientRequest,
1013 IN SECURITY_LOGON_TYPE LogonType,
1014 IN PVOID AuthenticationInformation,
1015 IN PVOID ClientAuthenticationBase,
1016 IN ULONG AuthenticationInformationLength,
1017 OUT PVOID *ProfileBuffer,
1018 OUT PULONG ProfileBufferLength,
1019 OUT PLUID LogonId,
1020 OUT PNTSTATUS SubStatus,
1021 OUT PLSA_TOKEN_INFORMATION_TYPE TokenInformationType,
1022 OUT PVOID *TokenInformation,
1023 OUT PLSA_UNICODE_STRING *AccountName,
1024 OUT PLSA_UNICODE_STRING *AuthenticatingAuthority)
1025 {
1026 PMSV1_0_INTERACTIVE_LOGON LogonInfo;
1027
1028 SAMPR_HANDLE ServerHandle = NULL;
1029 SAMPR_HANDLE DomainHandle = NULL;
1030 SAMPR_HANDLE UserHandle = NULL;
1031 PRPC_SID AccountDomainSid = NULL;
1032 RPC_UNICODE_STRING Names[1];
1033 SAMPR_ULONG_ARRAY RelativeIds = {0, NULL};
1034 SAMPR_ULONG_ARRAY Use = {0, NULL};
1035 PSAMPR_USER_INFO_BUFFER UserInfo = NULL;
1036 UNICODE_STRING LogonServer;
1037 BOOLEAN SessionCreated = FALSE;
1038 NTSTATUS Status;
1039
1040 TRACE("()\n");
1041
1042 TRACE("LogonType: %lu\n", LogonType);
1043 TRACE("AuthenticationInformation: %p\n", AuthenticationInformation);
1044 TRACE("AuthenticationInformationLength: %lu\n", AuthenticationInformationLength);
1045
1046 *ProfileBuffer = NULL;
1047 *ProfileBufferLength = 0;
1048 *SubStatus = STATUS_SUCCESS;
1049
1050 if (LogonType == Interactive ||
1051 LogonType == Batch ||
1052 LogonType == Service)
1053 {
1054 ULONG_PTR PtrOffset;
1055
1056 LogonInfo = (PMSV1_0_INTERACTIVE_LOGON)AuthenticationInformation;
1057
1058 /* Fix-up pointers in the authentication info */
1059 PtrOffset = (ULONG_PTR)AuthenticationInformation - (ULONG_PTR)ClientAuthenticationBase;
1060
1061 LogonInfo->LogonDomainName.Buffer = FIXUP_POINTER(LogonInfo->LogonDomainName.Buffer, PtrOffset);
1062 LogonInfo->UserName.Buffer = FIXUP_POINTER(LogonInfo->UserName.Buffer, PtrOffset);
1063 LogonInfo->Password.Buffer = FIXUP_POINTER(LogonInfo->Password.Buffer, PtrOffset);
1064
1065 TRACE("Domain: %S\n", LogonInfo->LogonDomainName.Buffer);
1066 TRACE("User: %S\n", LogonInfo->UserName.Buffer);
1067 TRACE("Password: %S\n", LogonInfo->Password.Buffer);
1068
1069 RtlInitUnicodeString(&LogonServer, L"Testserver");
1070 }
1071 else
1072 {
1073 FIXME("LogonType %lu is not supported yet!\n", LogonType);
1074 return STATUS_NOT_IMPLEMENTED;
1075 }
1076
1077 Status = GetDomainSid(&AccountDomainSid);
1078 if (!NT_SUCCESS(Status))
1079 {
1080 TRACE("GetDomainSid() failed (Status 0x%08lx)\n", Status);
1081 return Status;
1082 }
1083
1084 /* Connect to the SAM server */
1085 Status = SamIConnect(NULL,
1086 &ServerHandle,
1087 SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN,
1088 TRUE);
1089 if (!NT_SUCCESS(Status))
1090 {
1091 TRACE("SamIConnect() failed (Status 0x%08lx)\n", Status);
1092 goto done;
1093 }
1094
1095 /* Open the account domain */
1096 Status = SamrOpenDomain(ServerHandle,
1097 DOMAIN_LOOKUP,
1098 AccountDomainSid,
1099 &DomainHandle);
1100 if (!NT_SUCCESS(Status))
1101 {
1102 TRACE("SamrOpenDomain failed (Status %08lx)\n", Status);
1103 goto done;
1104 }
1105
1106 Names[0].Length = LogonInfo->UserName.Length;
1107 Names[0].MaximumLength = LogonInfo->UserName.MaximumLength;
1108 Names[0].Buffer = LogonInfo->UserName.Buffer;
1109
1110 /* Try to get the RID for the user name */
1111 Status = SamrLookupNamesInDomain(DomainHandle,
1112 1,
1113 Names,
1114 &RelativeIds,
1115 &Use);
1116 if (!NT_SUCCESS(Status))
1117 {
1118 TRACE("SamrLookupNamesInDomain failed (Status %08lx)\n", Status);
1119 Status = STATUS_NO_SUCH_USER;
1120 goto done;
1121 }
1122
1123 /* Fail, if it is not a user account */
1124 if (Use.Element[0] != SidTypeUser)
1125 {
1126 TRACE("Account is not a user account!\n");
1127 Status = STATUS_NO_SUCH_USER;
1128 goto done;
1129 }
1130
1131 /* Open the user object */
1132 Status = SamrOpenUser(DomainHandle,
1133 USER_READ_GENERAL | USER_READ_LOGON |
1134 USER_READ_ACCOUNT | USER_READ_PREFERENCES, /* FIXME */
1135 RelativeIds.Element[0],
1136 &UserHandle);
1137 if (!NT_SUCCESS(Status))
1138 {
1139 TRACE("SamrOpenUser failed (Status %08lx)\n", Status);
1140 goto done;
1141 }
1142
1143 Status = SamrQueryInformationUser(UserHandle,
1144 UserAllInformation,
1145 &UserInfo);
1146 if (!NT_SUCCESS(Status))
1147 {
1148 TRACE("SamrQueryInformationUser failed (Status %08lx)\n", Status);
1149 goto done;
1150 }
1151
1152
1153 TRACE("UserName: %S\n", UserInfo->All.UserName.Buffer);
1154
1155 /* FIXME: Check restrictions */
1156
1157 /* Check the password */
1158 if ((UserInfo->All.UserAccountControl & USER_PASSWORD_NOT_REQUIRED) == 0)
1159 {
1160 Status = MsvpCheckPassword(&(LogonInfo->Password),
1161 UserInfo);
1162 if (!NT_SUCCESS(Status))
1163 {
1164 TRACE("MsvpCheckPassword failed (Status %08lx)\n", Status);
1165 goto done;
1166 }
1167 }
1168
1169 /* Return logon information */
1170
1171 /* Create and return a new logon id */
1172 Status = NtAllocateLocallyUniqueId(LogonId);
1173 if (!NT_SUCCESS(Status))
1174 {
1175 TRACE("NtAllocateLocallyUniqueId failed (Status %08lx)\n", Status);
1176 goto done;
1177 }
1178
1179 /* Create the logon session */
1180 Status = DispatchTable.CreateLogonSession(LogonId);
1181 if (!NT_SUCCESS(Status))
1182 {
1183 TRACE("CreateLogonSession failed (Status %08lx)\n", Status);
1184 goto done;
1185 }
1186
1187 SessionCreated = TRUE;
1188
1189 /* Build and fill the interactve profile buffer */
1190 Status = BuildInteractiveProfileBuffer(ClientRequest,
1191 UserInfo,
1192 &LogonServer,
1193 (PMSV1_0_INTERACTIVE_PROFILE*)ProfileBuffer,
1194 ProfileBufferLength);
1195 if (!NT_SUCCESS(Status))
1196 {
1197 TRACE("BuildInteractiveProfileBuffer failed (Status %08lx)\n", Status);
1198 goto done;
1199 }
1200
1201 /* Return the token information type */
1202 *TokenInformationType = LsaTokenInformationV1;
1203
1204 /* Build and fill the token information buffer */
1205 Status = BuildTokenInformationBuffer((PLSA_TOKEN_INFORMATION_V1*)TokenInformation,
1206 AccountDomainSid,
1207 RelativeIds.Element[0],
1208 LogonId);
1209 if (!NT_SUCCESS(Status))
1210 {
1211 TRACE("BuildTokenInformationBuffer failed (Status %08lx)\n", Status);
1212 goto done;
1213 }
1214
1215 done:
1216 /* Return the account name */
1217 *AccountName = DispatchTable.AllocateLsaHeap(sizeof(UNICODE_STRING));
1218 if (*AccountName != NULL)
1219 {
1220 (*AccountName)->Buffer = DispatchTable.AllocateLsaHeap(LogonInfo->UserName.Length +
1221 sizeof(UNICODE_NULL));
1222 if ((*AccountName)->Buffer != NULL)
1223 {
1224 (*AccountName)->MaximumLength = LogonInfo->UserName.Length +
1225 sizeof(UNICODE_NULL);
1226 RtlCopyUnicodeString(*AccountName, &LogonInfo->UserName);
1227 }
1228 }
1229
1230 if (!NT_SUCCESS(Status))
1231 {
1232 if (SessionCreated == TRUE)
1233 DispatchTable.DeleteLogonSession(LogonId);
1234
1235 if (*ProfileBuffer != NULL)
1236 {
1237 DispatchTable.FreeClientBuffer(ClientRequest,
1238 *ProfileBuffer);
1239 *ProfileBuffer = NULL;
1240 }
1241 }
1242
1243 if (UserHandle != NULL)
1244 SamrCloseHandle(&UserHandle);
1245
1246 SamIFree_SAMPR_USER_INFO_BUFFER(UserInfo,
1247 UserAllInformation);
1248 SamIFree_SAMPR_ULONG_ARRAY(&RelativeIds);
1249 SamIFree_SAMPR_ULONG_ARRAY(&Use);
1250
1251 if (DomainHandle != NULL)
1252 SamrCloseHandle(&DomainHandle);
1253
1254 if (ServerHandle != NULL)
1255 SamrCloseHandle(&ServerHandle);
1256
1257 if (AccountDomainSid != NULL)
1258 RtlFreeHeap(RtlGetProcessHeap(), 0, AccountDomainSid);
1259
1260 if (Status == STATUS_NO_SUCH_USER ||
1261 Status == STATUS_WRONG_PASSWORD)
1262 {
1263 *SubStatus = Status;
1264 Status = STATUS_LOGON_FAILURE;
1265 }
1266
1267 TRACE("LsaApLogonUser done (Status %08lx)\n", Status);
1268
1269 return Status;
1270 }
1271
1272
1273 /*
1274 * @unimplemented
1275 */
1276 #if 0
1277 NTSTATUS
1278 NTAPI
1279 LsaApLogonUserEx(IN PLSA_CLIENT_REQUEST ClientRequest,
1280 IN SECURITY_LOGON_TYPE LogonType,
1281 IN PVOID AuthenticationInformation,
1282 IN PVOID ClientAuthenticationBase,
1283 IN ULONG AuthenticationInformationLength,
1284 OUT PVOID *ProfileBuffer,
1285 OUT PULONG ProfileBufferLength,
1286 OUT PLUID LogonId,
1287 OUT PNTSTATUS SubStatus,
1288 OUT PLSA_TOKEN_INFORMATION_TYPE TokenInformationType,
1289 OUT PVOID *TokenInformation,
1290 OUT PUNICODE_STRING *AccountName,
1291 OUT PUNICODE_STRING *AuthenticatingAuthority,
1292 OUT PUNICODE_STRING *MachineName)
1293 {
1294 TRACE("()\n");
1295
1296 TRACE("LogonType: %lu\n", LogonType);
1297 TRACE("AuthenticationInformation: %p\n", AuthenticationInformation);
1298 TRACE("AuthenticationInformationLength: %lu\n", AuthenticationInformationLength);
1299
1300 return STATUS_NOT_IMPLEMENTED;
1301 }
1302
1303
1304 /*
1305 * @unimplemented
1306 */
1307 NTSTATUS
1308 NTAPI
1309 LsaApLogonUserEx2(IN PLSA_CLIENT_REQUEST ClientRequest,
1310 IN SECURITY_LOGON_TYPE LogonType,
1311 IN PVOID ProtocolSubmitBuffer,
1312 IN PVOID ClientBufferBase,
1313 IN ULONG SubmitBufferSize,
1314 OUT PVOID *ProfileBuffer,
1315 OUT PULONG ProfileBufferSize,
1316 OUT PLUID LogonId,
1317 OUT PNTSTATUS SubStatus,
1318 OUT PLSA_TOKEN_INFORMATION_TYPE TokenInformationType,
1319 OUT PVOID *TokenInformation,
1320 OUT PUNICODE_STRING *AccountName,
1321 OUT PUNICODE_STRING *AuthenticatingAuthority,
1322 OUT PUNICODE_STRING *MachineName,
1323 OUT PSECPKG_PRIMARY_CRED PrimaryCredentials,
1324 OUT PSECPKG_SUPPLEMENTAL_CRED_ARRAY *SupplementalCredentials)
1325 {
1326 TRACE("()\n");
1327
1328 TRACE("LogonType: %lu\n", LogonType);
1329 TRACE("ProtocolSubmitBuffer: %p\n", ProtocolSubmitBuffer);
1330 TRACE("SubmitBufferSize: %lu\n", SubmitBufferSize);
1331
1332
1333 return STATUS_NOT_IMPLEMENTED;
1334 }
1335 #endif
1336
1337 /* EOF */