2 * PROJECT: Authentication Package DLL
3 * LICENSE: GPL - See COPYING in the top level directory
4 * FILE: dll/win32/msv1_0/msv1_0.c
6 * COPYRIGHT: Copyright 2013 Eric Kohl
9 /* INCLUDES ****************************************************************/
13 WINE_DEFAULT_DEBUG_CHANNEL(msv1_0
);
16 /* GLOBALS *****************************************************************/
18 LSA_DISPATCH_TABLE DispatchTable
;
21 /* FUNCTIONS ***************************************************************/
25 GetDomainSid(PRPC_SID
*Sid
)
27 LSAPR_HANDLE PolicyHandle
= NULL
;
28 PLSAPR_POLICY_INFORMATION PolicyInfo
= NULL
;
32 Status
= LsaIOpenPolicyTrusted(&PolicyHandle
);
33 if (!NT_SUCCESS(Status
))
35 TRACE("LsaIOpenPolicyTrusted() failed (Status 0x%08lx)\n", Status
);
39 Status
= LsarQueryInformationPolicy(PolicyHandle
,
40 PolicyAccountDomainInformation
,
42 if (!NT_SUCCESS(Status
))
44 TRACE("LsarQueryInformationPolicy() failed (Status 0x%08lx)\n", Status
);
48 Length
= RtlLengthSid(PolicyInfo
->PolicyAccountDomainInfo
.Sid
);
50 *Sid
= RtlAllocateHeap(RtlGetProcessHeap(), 0, Length
);
53 ERR("Failed to allocate SID\n");
54 Status
= STATUS_INSUFFICIENT_RESOURCES
;
58 memcpy(*Sid
, PolicyInfo
->PolicyAccountDomainInfo
.Sid
, Length
);
61 if (PolicyInfo
!= NULL
)
62 LsaIFree_LSAPR_POLICY_INFORMATION(PolicyAccountDomainInformation
,
65 if (PolicyHandle
!= NULL
)
66 LsarClose(&PolicyHandle
);
74 BuildInteractiveProfileBuffer(IN PLSA_CLIENT_REQUEST ClientRequest
,
75 IN PSAMPR_USER_INFO_BUFFER UserInfo
,
76 IN PUNICODE_STRING LogonServer
,
77 OUT PMSV1_0_INTERACTIVE_PROFILE
*ProfileBuffer
,
78 OUT PULONG ProfileBufferLength
)
80 PMSV1_0_INTERACTIVE_PROFILE LocalBuffer
= NULL
;
81 PVOID ClientBaseAddress
= NULL
;
84 NTSTATUS Status
= STATUS_SUCCESS
;
86 *ProfileBuffer
= NULL
;
87 *ProfileBufferLength
= 0;
89 BufferLength
= sizeof(MSV1_0_INTERACTIVE_PROFILE
) +
90 UserInfo
->All
.FullName
.Length
+ sizeof(WCHAR
) +
91 UserInfo
->All
.HomeDirectory
.Length
+ sizeof(WCHAR
) +
92 UserInfo
->All
.HomeDirectoryDrive
.Length
+ sizeof(WCHAR
) +
93 UserInfo
->All
.ScriptPath
.Length
+ sizeof(WCHAR
) +
94 UserInfo
->All
.ProfilePath
.Length
+ sizeof(WCHAR
) +
95 LogonServer
->Length
+ sizeof(WCHAR
);
97 LocalBuffer
= DispatchTable
.AllocateLsaHeap(BufferLength
);
98 if (LocalBuffer
== NULL
)
100 TRACE("Failed to allocate the local buffer!\n");
101 Status
= STATUS_INSUFFICIENT_RESOURCES
;
105 Status
= DispatchTable
.AllocateClientBuffer(ClientRequest
,
108 if (!NT_SUCCESS(Status
))
110 TRACE("DispatchTable.AllocateClientBuffer failed (Status 0x%08lx)\n", Status
);
114 TRACE("ClientBaseAddress: %p\n", ClientBaseAddress
);
116 Ptr
= (LPWSTR
)((ULONG_PTR
)LocalBuffer
+ sizeof(MSV1_0_INTERACTIVE_PROFILE
));
118 LocalBuffer
->MessageType
= MsV1_0InteractiveProfile
;
119 LocalBuffer
->LogonCount
= UserInfo
->All
.LogonCount
;
120 LocalBuffer
->BadPasswordCount
= UserInfo
->All
.BadPasswordCount
;
122 LocalBuffer
->LogonTime
.LowPart
= UserInfo
->All
.LastLogon
.LowPart
;
123 LocalBuffer
->LogonTime
.HighPart
= UserInfo
->All
.LastLogon
.HighPart
;
125 // LocalBuffer->LogoffTime.LowPart =
126 // LocalBuffer->LogoffTime.HighPart =
128 // LocalBuffer->KickOffTime.LowPart =
129 // LocalBuffer->KickOffTime.HighPart =
131 LocalBuffer
->PasswordLastSet
.LowPart
= UserInfo
->All
.PasswordLastSet
.LowPart
;
132 LocalBuffer
->PasswordLastSet
.HighPart
= UserInfo
->All
.PasswordLastSet
.HighPart
;
134 LocalBuffer
->PasswordCanChange
.LowPart
= UserInfo
->All
.PasswordCanChange
.LowPart
;
135 LocalBuffer
->PasswordCanChange
.HighPart
= UserInfo
->All
.PasswordCanChange
.HighPart
;
137 LocalBuffer
->PasswordMustChange
.LowPart
= UserInfo
->All
.PasswordMustChange
.LowPart
;
138 LocalBuffer
->PasswordMustChange
.HighPart
= UserInfo
->All
.PasswordMustChange
.HighPart
;
140 LocalBuffer
->LogonScript
.Length
= UserInfo
->All
.ScriptPath
.Length
;
141 LocalBuffer
->LogonScript
.MaximumLength
= UserInfo
->All
.ScriptPath
.Length
+ sizeof(WCHAR
);
142 LocalBuffer
->LogonScript
.Buffer
= (LPWSTR
)((ULONG_PTR
)ClientBaseAddress
+ (ULONG_PTR
)Ptr
- (ULONG_PTR
)LocalBuffer
);
144 UserInfo
->All
.ScriptPath
.Buffer
,
145 UserInfo
->All
.ScriptPath
.Length
);
147 Ptr
= (LPWSTR
)((ULONG_PTR
)Ptr
+ LocalBuffer
->LogonScript
.MaximumLength
);
149 LocalBuffer
->HomeDirectory
.Length
= UserInfo
->All
.HomeDirectory
.Length
;
150 LocalBuffer
->HomeDirectory
.MaximumLength
= UserInfo
->All
.HomeDirectory
.Length
+ sizeof(WCHAR
);
151 LocalBuffer
->HomeDirectory
.Buffer
= (LPWSTR
)((ULONG_PTR
)ClientBaseAddress
+ (ULONG_PTR
)Ptr
- (ULONG_PTR
)LocalBuffer
);
153 UserInfo
->All
.HomeDirectory
.Buffer
,
154 UserInfo
->All
.HomeDirectory
.Length
);
156 Ptr
= (LPWSTR
)((ULONG_PTR
)Ptr
+ LocalBuffer
->HomeDirectory
.MaximumLength
);
158 LocalBuffer
->FullName
.Length
= UserInfo
->All
.FullName
.Length
;
159 LocalBuffer
->FullName
.MaximumLength
= UserInfo
->All
.FullName
.Length
+ sizeof(WCHAR
);
160 LocalBuffer
->FullName
.Buffer
= (LPWSTR
)((ULONG_PTR
)ClientBaseAddress
+ (ULONG_PTR
)Ptr
- (ULONG_PTR
)LocalBuffer
);
162 UserInfo
->All
.FullName
.Buffer
,
163 UserInfo
->All
.FullName
.Length
);
164 TRACE("FullName.Buffer: %p\n", LocalBuffer
->FullName
.Buffer
);
166 Ptr
= (LPWSTR
)((ULONG_PTR
)Ptr
+ LocalBuffer
->FullName
.MaximumLength
);
168 LocalBuffer
->ProfilePath
.Length
= UserInfo
->All
.ProfilePath
.Length
;
169 LocalBuffer
->ProfilePath
.MaximumLength
= UserInfo
->All
.ProfilePath
.Length
+ sizeof(WCHAR
);
170 LocalBuffer
->ProfilePath
.Buffer
= (LPWSTR
)((ULONG_PTR
)ClientBaseAddress
+ (ULONG_PTR
)Ptr
- (ULONG_PTR
)LocalBuffer
);
172 UserInfo
->All
.ProfilePath
.Buffer
,
173 UserInfo
->All
.ProfilePath
.Length
);
175 Ptr
= (LPWSTR
)((ULONG_PTR
)Ptr
+ LocalBuffer
->ProfilePath
.MaximumLength
);
177 LocalBuffer
->HomeDirectoryDrive
.Length
= UserInfo
->All
.HomeDirectoryDrive
.Length
;
178 LocalBuffer
->HomeDirectoryDrive
.MaximumLength
= UserInfo
->All
.HomeDirectoryDrive
.Length
+ sizeof(WCHAR
);
179 LocalBuffer
->HomeDirectoryDrive
.Buffer
= (LPWSTR
)((ULONG_PTR
)ClientBaseAddress
+ (ULONG_PTR
)Ptr
- (ULONG_PTR
)LocalBuffer
);
181 UserInfo
->All
.HomeDirectoryDrive
.Buffer
,
182 UserInfo
->All
.HomeDirectoryDrive
.Length
);
184 Ptr
= (LPWSTR
)((ULONG_PTR
)Ptr
+ LocalBuffer
->HomeDirectoryDrive
.MaximumLength
);
186 LocalBuffer
->LogonServer
.Length
= LogonServer
->Length
;
187 LocalBuffer
->LogonServer
.MaximumLength
= LogonServer
->Length
+ sizeof(WCHAR
);
188 LocalBuffer
->LogonServer
.Buffer
= (LPWSTR
)((ULONG_PTR
)ClientBaseAddress
+ (ULONG_PTR
)Ptr
- (ULONG_PTR
)LocalBuffer
);;
191 LogonServer
->Length
);
193 LocalBuffer
->UserFlags
= 0;
195 Status
= DispatchTable
.CopyToClientBuffer(ClientRequest
,
199 if (!NT_SUCCESS(Status
))
201 TRACE("DispatchTable.CopyToClientBuffer failed (Status 0x%08lx)\n", Status
);
205 *ProfileBuffer
= (PMSV1_0_INTERACTIVE_PROFILE
)ClientBaseAddress
;
206 *ProfileBufferLength
= BufferLength
;
209 if (LocalBuffer
!= NULL
)
210 DispatchTable
.FreeLsaHeap(LocalBuffer
);
212 if (!NT_SUCCESS(Status
))
214 if (ClientBaseAddress
!= NULL
)
215 DispatchTable
.FreeClientBuffer(ClientRequest
,
225 AppendRidToSid(PSID SrcSid
,
231 RidCount
= *RtlSubAuthorityCountSid(SrcSid
);
235 DstSid
= DispatchTable
.AllocateLsaHeap(RtlLengthRequiredSid(RidCount
+ 1));
239 RtlCopyMemory(DstSid
,
241 RtlLengthRequiredSid(RidCount
));
243 *RtlSubAuthorityCountSid(DstSid
) = RidCount
+ 1;
244 *RtlSubAuthoritySid(DstSid
, RidCount
) = Rid
;
251 BuildTokenUser(OUT PTOKEN_USER User
,
252 IN PSID AccountDomainSid
,
255 User
->User
.Sid
= AppendRidToSid(AccountDomainSid
,
257 if (User
->User
.Sid
== NULL
)
259 ERR("Could not create the user SID\n");
260 return STATUS_INSUFFICIENT_RESOURCES
;
263 User
->User
.Attributes
= 0;
265 return STATUS_SUCCESS
;
271 BuildTokenPrimaryGroup(OUT PTOKEN_PRIMARY_GROUP PrimaryGroup
,
272 IN PSID AccountDomainSid
,
275 PrimaryGroup
->PrimaryGroup
= AppendRidToSid(AccountDomainSid
,
277 if (PrimaryGroup
->PrimaryGroup
== NULL
)
279 ERR("Could not create the primary group SID\n");
280 return STATUS_INSUFFICIENT_RESOURCES
;
283 return STATUS_SUCCESS
;
289 BuildTokenGroups(OUT PTOKEN_GROUPS
*Groups
,
290 IN PSID AccountDomainSid
)
292 SID_IDENTIFIER_AUTHORITY SystemAuthority
= {SECURITY_NT_AUTHORITY
};
293 PTOKEN_GROUPS TokenGroups
;
295 DWORD GroupCount
= 0;
297 NTSTATUS Status
= STATUS_SUCCESS
;
299 TokenGroups
= DispatchTable
.AllocateLsaHeap(sizeof(TOKEN_GROUPS
) +
300 MAX_GROUPS
* sizeof(SID_AND_ATTRIBUTES
));
301 if (TokenGroups
== NULL
)
303 return STATUS_INSUFFICIENT_RESOURCES
;
306 Sid
= AppendRidToSid(AccountDomainSid
, DOMAIN_GROUP_RID_USERS
);
312 /* Member of the domain */
313 TokenGroups
->Groups
[GroupCount
].Sid
= Sid
;
314 TokenGroups
->Groups
[GroupCount
].Attributes
=
315 SE_GROUP_ENABLED
| SE_GROUP_ENABLED_BY_DEFAULT
| SE_GROUP_MANDATORY
;
320 /* Member of 'Administrators' */
321 RtlAllocateAndInitializeSid(&SystemAuthority
,
323 SECURITY_BUILTIN_DOMAIN_RID
,
324 DOMAIN_ALIAS_RID_ADMINS
,
332 TokenGroups
->Groups
[GroupCount
].Sid
= Sid
;
333 TokenGroups
->Groups
[GroupCount
].Attributes
=
334 SE_GROUP_ENABLED
| SE_GROUP_ENABLED_BY_DEFAULT
| SE_GROUP_MANDATORY
;
337 TRACE("Not adding user to Administrators group\n");
340 /* Member of 'Users' */
341 RtlAllocateAndInitializeSid(&SystemAuthority
,
343 SECURITY_BUILTIN_DOMAIN_RID
,
344 DOMAIN_ALIAS_RID_USERS
,
352 TokenGroups
->Groups
[GroupCount
].Sid
= Sid
;
353 TokenGroups
->Groups
[GroupCount
].Attributes
=
354 SE_GROUP_ENABLED
| SE_GROUP_ENABLED_BY_DEFAULT
| SE_GROUP_MANDATORY
;
358 /* Member of 'Authenticated users' */
359 RtlAllocateAndInitializeSid(&SystemAuthority
,
361 SECURITY_AUTHENTICATED_USER_RID
,
370 TokenGroups
->Groups
[GroupCount
].Sid
= Sid
;
371 TokenGroups
->Groups
[GroupCount
].Attributes
=
372 SE_GROUP_ENABLED
| SE_GROUP_ENABLED_BY_DEFAULT
| SE_GROUP_MANDATORY
;
375 TokenGroups
->GroupCount
= GroupCount
;
376 ASSERT(TokenGroups
->GroupCount
<= MAX_GROUPS
);
378 *Groups
= TokenGroups
;
386 BuildTokenPrivileges(PTOKEN_PRIVILEGES
*TokenPrivileges
)
388 /* FIXME shouldn't use hard-coded list of privileges */
396 { L
"SeMachineAccountPrivilege", 0 },
397 { L
"SeSecurityPrivilege", 0 },
398 { L
"SeTakeOwnershipPrivilege", 0 },
399 { L
"SeLoadDriverPrivilege", 0 },
400 { L
"SeSystemProfilePrivilege", 0 },
401 { L
"SeSystemtimePrivilege", 0 },
402 { L
"SeProfileSingleProcessPrivilege", 0 },
403 { L
"SeIncreaseBasePriorityPrivilege", 0 },
404 { L
"SeCreatePagefilePrivilege", 0 },
405 { L
"SeBackupPrivilege", 0 },
406 { L
"SeRestorePrivilege", 0 },
407 { L
"SeShutdownPrivilege", 0 },
408 { L
"SeDebugPrivilege", 0 },
409 { L
"SeSystemEnvironmentPrivilege", 0 },
410 { L
"SeChangeNotifyPrivilege", SE_PRIVILEGE_ENABLED
| SE_PRIVILEGE_ENABLED_BY_DEFAULT
},
411 { L
"SeRemoteShutdownPrivilege", 0 },
412 { L
"SeUndockPrivilege", 0 },
413 { L
"SeEnableDelegationPrivilege", 0 },
414 { L
"SeImpersonatePrivilege", SE_PRIVILEGE_ENABLED
| SE_PRIVILEGE_ENABLED_BY_DEFAULT
},
415 { L
"SeCreateGlobalPrivilege", SE_PRIVILEGE_ENABLED
| SE_PRIVILEGE_ENABLED_BY_DEFAULT
}
417 PTOKEN_PRIVILEGES Privileges
= NULL
;
419 RPC_UNICODE_STRING PrivilegeName
;
420 LSAPR_HANDLE PolicyHandle
= NULL
;
421 NTSTATUS Status
= STATUS_SUCCESS
;
423 Status
= LsaIOpenPolicyTrusted(&PolicyHandle
);
424 if (!NT_SUCCESS(Status
))
429 /* Allocate and initialize token privileges */
430 Privileges
= DispatchTable
.AllocateLsaHeap(sizeof(TOKEN_PRIVILEGES
) +
431 sizeof(DefaultPrivs
) / sizeof(DefaultPrivs
[0]) *
432 sizeof(LUID_AND_ATTRIBUTES
));
433 if (Privileges
== NULL
)
435 Status
= STATUS_INSUFFICIENT_RESOURCES
;
439 Privileges
->PrivilegeCount
= 0;
440 for (i
= 0; i
< sizeof(DefaultPrivs
) / sizeof(DefaultPrivs
[0]); i
++)
442 PrivilegeName
.Length
= wcslen(DefaultPrivs
[i
].PrivName
) * sizeof(WCHAR
);
443 PrivilegeName
.MaximumLength
= PrivilegeName
.Length
+ sizeof(WCHAR
);
444 PrivilegeName
.Buffer
= (LPWSTR
)DefaultPrivs
[i
].PrivName
;
446 Status
= LsarLookupPrivilegeValue(PolicyHandle
,
448 &Privileges
->Privileges
[Privileges
->PrivilegeCount
].Luid
);
449 if (!NT_SUCCESS(Status
))
451 WARN("Can't set privilege %S\n", DefaultPrivs
[i
].PrivName
);
455 Privileges
->Privileges
[Privileges
->PrivilegeCount
].Attributes
= DefaultPrivs
[i
].Attributes
;
456 Privileges
->PrivilegeCount
++;
460 *TokenPrivileges
= Privileges
;
463 if (PolicyHandle
!= NULL
)
464 LsarClose(&PolicyHandle
);
472 BuildTokenInformationBuffer(PLSA_TOKEN_INFORMATION_V1
*TokenInformation
,
473 PRPC_SID AccountDomainSid
,
474 PSAMPR_USER_INFO_BUFFER UserInfo
)
476 PLSA_TOKEN_INFORMATION_V1 Buffer
= NULL
;
478 NTSTATUS Status
= STATUS_SUCCESS
;
480 Buffer
= DispatchTable
.AllocateLsaHeap(sizeof(LSA_TOKEN_INFORMATION_V1
));
483 TRACE("Failed to allocate the local buffer!\n");
484 Status
= STATUS_INSUFFICIENT_RESOURCES
;
489 Buffer
->ExpirationTime
.QuadPart
= -1;
491 Status
= BuildTokenUser(&Buffer
->User
,
492 (PSID
)AccountDomainSid
,
493 UserInfo
->All
.UserId
);
494 if (!NT_SUCCESS(Status
))
497 Status
= BuildTokenPrimaryGroup(&Buffer
->PrimaryGroup
,
498 (PSID
)AccountDomainSid
,
499 UserInfo
->All
.PrimaryGroupId
);
500 if (!NT_SUCCESS(Status
))
503 Status
= BuildTokenGroups(&Buffer
->Groups
,
504 (PSID
)AccountDomainSid
);
505 if (!NT_SUCCESS(Status
))
508 Status
= BuildTokenPrivileges(&Buffer
->Privileges
);
509 if (!NT_SUCCESS(Status
))
512 *TokenInformation
= Buffer
;
515 if (!NT_SUCCESS(Status
))
519 if (Buffer
->User
.User
.Sid
!= NULL
)
520 DispatchTable
.FreeLsaHeap(Buffer
->User
.User
.Sid
);
522 if (Buffer
->Groups
!= NULL
)
524 for (i
= 0; i
< Buffer
->Groups
->GroupCount
; i
++)
526 if (Buffer
->Groups
->Groups
[i
].Sid
!= NULL
)
527 DispatchTable
.FreeLsaHeap(Buffer
->Groups
->Groups
[i
].Sid
);
530 DispatchTable
.FreeLsaHeap(Buffer
->Groups
);
533 if (Buffer
->PrimaryGroup
.PrimaryGroup
!= NULL
)
534 DispatchTable
.FreeLsaHeap(Buffer
->PrimaryGroup
.PrimaryGroup
);
536 if (Buffer
->Privileges
!= NULL
)
537 DispatchTable
.FreeLsaHeap(Buffer
->Privileges
);
539 if (Buffer
->DefaultDacl
.DefaultDacl
!= NULL
)
540 DispatchTable
.FreeLsaHeap(Buffer
->DefaultDacl
.DefaultDacl
);
542 DispatchTable
.FreeLsaHeap(Buffer
);
552 MsvpChangePassword(IN PLSA_CLIENT_REQUEST ClientRequest
,
553 IN PVOID ProtocolSubmitBuffer
,
554 IN PVOID ClientBufferBase
,
555 IN ULONG SubmitBufferLength
,
556 OUT PVOID
*ProtocolReturnBuffer
,
557 OUT PULONG ReturnBufferLength
,
558 OUT PNTSTATUS ProtocolStatus
)
560 PMSV1_0_CHANGEPASSWORD_REQUEST RequestBuffer
;
565 RequestBuffer
= (PMSV1_0_CHANGEPASSWORD_REQUEST
)ProtocolSubmitBuffer
;
567 /* Fix-up pointers in the request buffer info */
568 PtrOffset
= (ULONG_PTR
)ProtocolSubmitBuffer
- (ULONG_PTR
)ClientBufferBase
;
570 RequestBuffer
->DomainName
.Buffer
= FIXUP_POINTER(RequestBuffer
->DomainName
.Buffer
, PtrOffset
);
571 RequestBuffer
->AccountName
.Buffer
= FIXUP_POINTER(RequestBuffer
->AccountName
.Buffer
, PtrOffset
);
572 RequestBuffer
->OldPassword
.Buffer
= FIXUP_POINTER(RequestBuffer
->OldPassword
.Buffer
, PtrOffset
);
573 RequestBuffer
->NewPassword
.Buffer
= FIXUP_POINTER(RequestBuffer
->NewPassword
.Buffer
, PtrOffset
);
575 TRACE("Domain: %S\n", RequestBuffer
->DomainName
.Buffer
);
576 TRACE("Account: %S\n", RequestBuffer
->AccountName
.Buffer
);
577 TRACE("Old Password: %S\n", RequestBuffer
->OldPassword
.Buffer
);
578 TRACE("New Password: %S\n", RequestBuffer
->NewPassword
.Buffer
);
581 return STATUS_SUCCESS
;
587 MsvpCheckPassword(PUNICODE_STRING UserPassword
,
588 PSAMPR_USER_INFO_BUFFER UserInfo
)
590 ENCRYPTED_NT_OWF_PASSWORD UserNtPassword
;
591 ENCRYPTED_LM_OWF_PASSWORD UserLmPassword
;
592 BOOLEAN UserLmPasswordPresent
= FALSE
;
593 BOOLEAN UserNtPasswordPresent
= FALSE
;
594 OEM_STRING LmPwdString
;
595 CHAR LmPwdBuffer
[15];
598 TRACE("(%p %p)\n", UserPassword
, UserInfo
);
600 /* Calculate the LM password and hash for the users password */
601 LmPwdString
.Length
= 15;
602 LmPwdString
.MaximumLength
= 15;
603 LmPwdString
.Buffer
= LmPwdBuffer
;
604 ZeroMemory(LmPwdString
.Buffer
, LmPwdString
.MaximumLength
);
606 Status
= RtlUpcaseUnicodeStringToOemString(&LmPwdString
,
609 if (NT_SUCCESS(Status
))
611 /* Calculate the LM hash value of the users password */
612 Status
= SystemFunction006(LmPwdString
.Buffer
,
613 (LPSTR
)&UserLmPassword
);
614 if (NT_SUCCESS(Status
))
616 UserLmPasswordPresent
= TRUE
;
620 /* Calculate the NT hash of the users password */
621 Status
= SystemFunction007(UserPassword
,
622 (LPBYTE
)&UserNtPassword
);
623 if (NT_SUCCESS(Status
))
625 UserNtPasswordPresent
= TRUE
;
628 Status
= STATUS_WRONG_PASSWORD
;
630 /* Succeed, if no password has been set */
631 if (UserInfo
->All
.NtPasswordPresent
== FALSE
&&
632 UserInfo
->All
.LmPasswordPresent
== FALSE
)
634 TRACE("No password check!\n");
635 Status
= STATUS_SUCCESS
;
639 /* Succeed, if NT password matches */
640 if (UserNtPasswordPresent
&& UserInfo
->All
.NtPasswordPresent
)
642 TRACE("Check NT password hashes:\n");
643 if (RtlEqualMemory(&UserNtPassword
,
644 UserInfo
->All
.NtOwfPassword
.Buffer
,
645 sizeof(ENCRYPTED_NT_OWF_PASSWORD
)))
647 TRACE(" success!\n");
648 Status
= STATUS_SUCCESS
;
655 /* Succeed, if LM password matches */
656 if (UserLmPasswordPresent
&& UserInfo
->All
.LmPasswordPresent
)
658 TRACE("Check LM password hashes:\n");
659 if (RtlEqualMemory(&UserLmPassword
,
660 UserInfo
->All
.LmOwfPassword
.Buffer
,
661 sizeof(ENCRYPTED_LM_OWF_PASSWORD
)))
663 TRACE(" success!\n");
664 Status
= STATUS_SUCCESS
;
680 LsaApCallPackage(IN PLSA_CLIENT_REQUEST ClientRequest
,
681 IN PVOID ProtocolSubmitBuffer
,
682 IN PVOID ClientBufferBase
,
683 IN ULONG SubmitBufferLength
,
684 OUT PVOID
*ProtocolReturnBuffer
,
685 OUT PULONG ReturnBufferLength
,
686 OUT PNTSTATUS ProtocolStatus
)
693 if (SubmitBufferLength
< sizeof(MSV1_0_PROTOCOL_MESSAGE_TYPE
))
694 return STATUS_INVALID_PARAMETER
;
696 MessageType
= (ULONG
)*((PMSV1_0_PROTOCOL_MESSAGE_TYPE
)ProtocolSubmitBuffer
);
698 *ProtocolReturnBuffer
= NULL
;
699 *ReturnBufferLength
= 0;
703 case MsV1_0Lm20ChallengeRequest
:
704 case MsV1_0Lm20GetChallengeResponse
:
705 case MsV1_0EnumerateUsers
:
706 case MsV1_0GetUserInfo
:
707 case MsV1_0ReLogonUsers
:
708 Status
= STATUS_NOT_IMPLEMENTED
;
711 case MsV1_0ChangePassword
:
712 Status
= MsvpChangePassword(ClientRequest
,
713 ProtocolSubmitBuffer
,
716 ProtocolReturnBuffer
,
721 case MsV1_0ChangeCachedPassword
:
722 case MsV1_0GenericPassthrough
:
723 case MsV1_0CacheLogon
:
725 case MsV1_0DeriveCredential
:
726 case MsV1_0CacheLookup
:
727 Status
= STATUS_NOT_IMPLEMENTED
;
731 return STATUS_INVALID_PARAMETER
;
743 LsaApCallPackagePassthrough(IN PLSA_CLIENT_REQUEST ClientRequest
,
744 IN PVOID ProtocolSubmitBuffer
,
745 IN PVOID ClientBufferBase
,
746 IN ULONG SubmitBufferLength
,
747 OUT PVOID
*ProtocolReturnBuffer
,
748 OUT PULONG ReturnBufferLength
,
749 OUT PNTSTATUS ProtocolStatus
)
752 return STATUS_NOT_IMPLEMENTED
;
761 LsaApCallPackageUntrusted(IN PLSA_CLIENT_REQUEST ClientRequest
,
762 IN PVOID ProtocolSubmitBuffer
,
763 IN PVOID ClientBufferBase
,
764 IN ULONG SubmitBufferLength
,
765 OUT PVOID
*ProtocolReturnBuffer
,
766 OUT PULONG ReturnBufferLength
,
767 OUT PNTSTATUS ProtocolStatus
)
770 return STATUS_NOT_IMPLEMENTED
;
779 LsaApInitializePackage(IN ULONG AuthenticationPackageId
,
780 IN PLSA_DISPATCH_TABLE LsaDispatchTable
,
781 IN PLSA_STRING Database OPTIONAL
,
782 IN PLSA_STRING Confidentiality OPTIONAL
,
783 OUT PLSA_STRING
*AuthenticationPackageName
)
785 PANSI_STRING NameString
;
788 TRACE("(%lu %p %p %p %p)\n",
789 AuthenticationPackageId
, LsaDispatchTable
, Database
,
790 Confidentiality
, AuthenticationPackageName
);
792 /* Get the dispatch table entries */
793 DispatchTable
.CreateLogonSession
= LsaDispatchTable
->CreateLogonSession
;
794 DispatchTable
.DeleteLogonSession
= LsaDispatchTable
->DeleteLogonSession
;
795 DispatchTable
.AddCredential
= LsaDispatchTable
->AddCredential
;
796 DispatchTable
.GetCredentials
= LsaDispatchTable
->GetCredentials
;
797 DispatchTable
.DeleteCredential
= LsaDispatchTable
->DeleteCredential
;
798 DispatchTable
.AllocateLsaHeap
= LsaDispatchTable
->AllocateLsaHeap
;
799 DispatchTable
.FreeLsaHeap
= LsaDispatchTable
->FreeLsaHeap
;
800 DispatchTable
.AllocateClientBuffer
= LsaDispatchTable
->AllocateClientBuffer
;
801 DispatchTable
.FreeClientBuffer
= LsaDispatchTable
->FreeClientBuffer
;
802 DispatchTable
.CopyToClientBuffer
= LsaDispatchTable
->CopyToClientBuffer
;
803 DispatchTable
.CopyFromClientBuffer
= LsaDispatchTable
->CopyFromClientBuffer
;
805 /* Return the package name */
806 NameString
= DispatchTable
.AllocateLsaHeap(sizeof(LSA_STRING
));
807 if (NameString
== NULL
)
808 return STATUS_INSUFFICIENT_RESOURCES
;
810 NameBuffer
= DispatchTable
.AllocateLsaHeap(sizeof(MSV1_0_PACKAGE_NAME
));
811 if (NameBuffer
== NULL
)
813 DispatchTable
.FreeLsaHeap(NameString
);
814 return STATUS_INSUFFICIENT_RESOURCES
;
817 strcpy(NameBuffer
, MSV1_0_PACKAGE_NAME
);
819 RtlInitAnsiString(NameString
, NameBuffer
);
821 *AuthenticationPackageName
= (PLSA_STRING
)NameString
;
823 return STATUS_SUCCESS
;
832 LsaApLogonTerminated(IN PLUID LogonId
)
843 LsaApLogonUser(IN PLSA_CLIENT_REQUEST ClientRequest
,
844 IN SECURITY_LOGON_TYPE LogonType
,
845 IN PVOID AuthenticationInformation
,
846 IN PVOID ClientAuthenticationBase
,
847 IN ULONG AuthenticationInformationLength
,
848 OUT PVOID
*ProfileBuffer
,
849 OUT PULONG ProfileBufferLength
,
851 OUT PNTSTATUS SubStatus
,
852 OUT PLSA_TOKEN_INFORMATION_TYPE TokenInformationType
,
853 OUT PVOID
*TokenInformation
,
854 OUT PLSA_UNICODE_STRING
*AccountName
,
855 OUT PLSA_UNICODE_STRING
*AuthenticatingAuthority
)
857 PMSV1_0_INTERACTIVE_LOGON LogonInfo
;
859 SAMPR_HANDLE ServerHandle
= NULL
;
860 SAMPR_HANDLE DomainHandle
= NULL
;
861 SAMPR_HANDLE UserHandle
= NULL
;
862 PRPC_SID AccountDomainSid
= NULL
;
863 RPC_UNICODE_STRING Names
[1];
864 SAMPR_ULONG_ARRAY RelativeIds
= {0, NULL
};
865 SAMPR_ULONG_ARRAY Use
= {0, NULL
};
866 PSAMPR_USER_INFO_BUFFER UserInfo
= NULL
;
867 UNICODE_STRING LogonServer
;
868 BOOLEAN SessionCreated
= FALSE
;
873 TRACE("LogonType: %lu\n", LogonType
);
874 TRACE("AuthenticationInformation: %p\n", AuthenticationInformation
);
875 TRACE("AuthenticationInformationLength: %lu\n", AuthenticationInformationLength
);
877 *ProfileBuffer
= NULL
;
878 *ProfileBufferLength
= 0;
879 *SubStatus
= STATUS_SUCCESS
;
881 if (LogonType
== Interactive
||
882 LogonType
== Batch
||
883 LogonType
== Service
)
887 LogonInfo
= (PMSV1_0_INTERACTIVE_LOGON
)AuthenticationInformation
;
889 /* Fix-up pointers in the authentication info */
890 PtrOffset
= (ULONG_PTR
)AuthenticationInformation
- (ULONG_PTR
)ClientAuthenticationBase
;
892 LogonInfo
->LogonDomainName
.Buffer
= FIXUP_POINTER(LogonInfo
->LogonDomainName
.Buffer
, PtrOffset
);
893 LogonInfo
->UserName
.Buffer
= FIXUP_POINTER(LogonInfo
->UserName
.Buffer
, PtrOffset
);
894 LogonInfo
->Password
.Buffer
= FIXUP_POINTER(LogonInfo
->Password
.Buffer
, PtrOffset
);
896 TRACE("Domain: %S\n", LogonInfo
->LogonDomainName
.Buffer
);
897 TRACE("User: %S\n", LogonInfo
->UserName
.Buffer
);
898 TRACE("Password: %S\n", LogonInfo
->Password
.Buffer
);
900 RtlInitUnicodeString(&LogonServer
, L
"Testserver");
904 FIXME("LogonType %lu is not supported yet!\n", LogonType
);
905 return STATUS_NOT_IMPLEMENTED
;
908 Status
= GetDomainSid(&AccountDomainSid
);
909 if (!NT_SUCCESS(Status
))
911 TRACE("GetDomainSid() failed (Status 0x%08lx)\n", Status
);
915 /* Connect to the SAM server */
916 Status
= SamIConnect(NULL
,
918 SAM_SERVER_CONNECT
| SAM_SERVER_LOOKUP_DOMAIN
,
920 if (!NT_SUCCESS(Status
))
922 TRACE("SamIConnect() failed (Status 0x%08lx)\n", Status
);
926 /* Open the account domain */
927 Status
= SamrOpenDomain(ServerHandle
,
931 if (!NT_SUCCESS(Status
))
933 TRACE("SamrOpenDomain failed (Status %08lx)\n", Status
);
937 Names
[0].Length
= LogonInfo
->UserName
.Length
;
938 Names
[0].MaximumLength
= LogonInfo
->UserName
.MaximumLength
;
939 Names
[0].Buffer
= LogonInfo
->UserName
.Buffer
;
941 /* Try to get the RID for the user name */
942 Status
= SamrLookupNamesInDomain(DomainHandle
,
947 if (!NT_SUCCESS(Status
))
949 TRACE("SamrLookupNamesInDomain failed (Status %08lx)\n", Status
);
950 Status
= STATUS_NO_SUCH_USER
;
954 /* Fail, if it is not a user account */
955 if (Use
.Element
[0] != SidTypeUser
)
957 TRACE("Account is not a user account!\n");
958 Status
= STATUS_NO_SUCH_USER
;
962 /* Open the user object */
963 Status
= SamrOpenUser(DomainHandle
,
964 USER_READ_GENERAL
| USER_READ_LOGON
|
965 USER_READ_ACCOUNT
| USER_READ_PREFERENCES
, /* FIXME */
966 RelativeIds
.Element
[0],
968 if (!NT_SUCCESS(Status
))
970 TRACE("SamrOpenUser failed (Status %08lx)\n", Status
);
974 Status
= SamrQueryInformationUser(UserHandle
,
977 if (!NT_SUCCESS(Status
))
979 TRACE("SamrQueryInformationUser failed (Status %08lx)\n", Status
);
984 TRACE("UserName: %S\n", UserInfo
->All
.UserName
.Buffer
);
986 /* FIXME: Check restrictions */
988 /* Check the password */
989 if ((UserInfo
->All
.UserAccountControl
& USER_PASSWORD_NOT_REQUIRED
) == 0)
991 Status
= MsvpCheckPassword(&(LogonInfo
->Password
),
993 if (!NT_SUCCESS(Status
))
995 TRACE("MsvpCheckPassword failed (Status %08lx)\n", Status
);
1000 /* Return logon information */
1002 /* Create and return a new logon id */
1003 Status
= NtAllocateLocallyUniqueId(LogonId
);
1004 if (!NT_SUCCESS(Status
))
1006 TRACE("NtAllocateLocallyUniqueId failed (Status %08lx)\n", Status
);
1010 /* Create the logon session */
1011 Status
= DispatchTable
.CreateLogonSession(LogonId
);
1012 if (!NT_SUCCESS(Status
))
1014 TRACE("CreateLogonSession failed (Status %08lx)\n", Status
);
1018 SessionCreated
= TRUE
;
1020 /* Build and fill the interactve profile buffer */
1021 Status
= BuildInteractiveProfileBuffer(ClientRequest
,
1024 (PMSV1_0_INTERACTIVE_PROFILE
*)ProfileBuffer
,
1025 ProfileBufferLength
);
1026 if (!NT_SUCCESS(Status
))
1028 TRACE("BuildInteractiveProfileBuffer failed (Status %08lx)\n", Status
);
1032 /* Return the token information type */
1033 *TokenInformationType
= LsaTokenInformationV1
;
1035 /* Build and fill the token information buffer */
1036 Status
= BuildTokenInformationBuffer((PLSA_TOKEN_INFORMATION_V1
*)TokenInformation
,
1039 if (!NT_SUCCESS(Status
))
1041 TRACE("BuildTokenInformationBuffer failed (Status %08lx)\n", Status
);
1046 /* Return the account name */
1047 *AccountName
= DispatchTable
.AllocateLsaHeap(sizeof(UNICODE_STRING
));
1048 if (*AccountName
!= NULL
)
1050 (*AccountName
)->Buffer
= DispatchTable
.AllocateLsaHeap(LogonInfo
->UserName
.Length
+
1051 sizeof(UNICODE_NULL
));
1052 if ((*AccountName
)->Buffer
!= NULL
)
1054 (*AccountName
)->MaximumLength
= LogonInfo
->UserName
.Length
+
1055 sizeof(UNICODE_NULL
);
1056 RtlCopyUnicodeString(*AccountName
, &LogonInfo
->UserName
);
1060 if (!NT_SUCCESS(Status
))
1062 if (SessionCreated
== TRUE
)
1063 DispatchTable
.DeleteLogonSession(LogonId
);
1065 if (*ProfileBuffer
!= NULL
)
1067 DispatchTable
.FreeClientBuffer(ClientRequest
,
1069 *ProfileBuffer
= NULL
;
1073 if (UserHandle
!= NULL
)
1074 SamrCloseHandle(&UserHandle
);
1076 SamIFree_SAMPR_USER_INFO_BUFFER(UserInfo
,
1077 UserAllInformation
);
1078 SamIFree_SAMPR_ULONG_ARRAY(&RelativeIds
);
1079 SamIFree_SAMPR_ULONG_ARRAY(&Use
);
1081 if (DomainHandle
!= NULL
)
1082 SamrCloseHandle(&DomainHandle
);
1084 if (ServerHandle
!= NULL
)
1085 SamrCloseHandle(&ServerHandle
);
1087 if (AccountDomainSid
!= NULL
)
1088 RtlFreeHeap(RtlGetProcessHeap(), 0, AccountDomainSid
);
1090 if (Status
== STATUS_NO_SUCH_USER
||
1091 Status
== STATUS_WRONG_PASSWORD
)
1093 *SubStatus
= Status
;
1094 Status
= STATUS_LOGON_FAILURE
;
1097 TRACE("LsaApLogonUser done (Status %08lx)\n", Status
);
1109 LsaApLogonUserEx(IN PLSA_CLIENT_REQUEST ClientRequest
,
1110 IN SECURITY_LOGON_TYPE LogonType
,
1111 IN PVOID AuthenticationInformation
,
1112 IN PVOID ClientAuthenticationBase
,
1113 IN ULONG AuthenticationInformationLength
,
1114 OUT PVOID
*ProfileBuffer
,
1115 OUT PULONG ProfileBufferLength
,
1117 OUT PNTSTATUS SubStatus
,
1118 OUT PLSA_TOKEN_INFORMATION_TYPE TokenInformationType
,
1119 OUT PVOID
*TokenInformation
,
1120 OUT PUNICODE_STRING
*AccountName
,
1121 OUT PUNICODE_STRING
*AuthenticatingAuthority
,
1122 OUT PUNICODE_STRING
*MachineName
)
1126 TRACE("LogonType: %lu\n", LogonType
);
1127 TRACE("AuthenticationInformation: %p\n", AuthenticationInformation
);
1128 TRACE("AuthenticationInformationLength: %lu\n", AuthenticationInformationLength
);
1130 return STATUS_NOT_IMPLEMENTED
;
1139 LsaApLogonUserEx2(IN PLSA_CLIENT_REQUEST ClientRequest
,
1140 IN SECURITY_LOGON_TYPE LogonType
,
1141 IN PVOID ProtocolSubmitBuffer
,
1142 IN PVOID ClientBufferBase
,
1143 IN ULONG SubmitBufferSize
,
1144 OUT PVOID
*ProfileBuffer
,
1145 OUT PULONG ProfileBufferSize
,
1147 OUT PNTSTATUS SubStatus
,
1148 OUT PLSA_TOKEN_INFORMATION_TYPE TokenInformationType
,
1149 OUT PVOID
*TokenInformation
,
1150 OUT PUNICODE_STRING
*AccountName
,
1151 OUT PUNICODE_STRING
*AuthenticatingAuthority
,
1152 OUT PUNICODE_STRING
*MachineName
,
1153 OUT PSECPKG_PRIMARY_CRED PrimaryCredentials
,
1154 OUT PSECPKG_SUPPLEMENTAL_CRED_ARRAY
*SupplementalCredentials
)
1158 TRACE("LogonType: %lu\n", LogonType
);
1159 TRACE("ProtocolSubmitBuffer: %p\n", ProtocolSubmitBuffer
);
1160 TRACE("SubmitBufferSize: %lu\n", SubmitBufferSize
);
1163 return STATUS_NOT_IMPLEMENTED
;