#include <advapi32.h>
WINE_DEFAULT_DEBUG_CHANNEL(advapi);
+/* GLOBALS *****************************************************************/
+
+HANDLE LsaHandle = NULL;
+ULONG AuthenticationPackage = 0;
/* FUNCTIONS ***************************************************************/
+static
+NTSTATUS
+OpenLogonLsaHandle(VOID)
+{
+ LSA_STRING LogonProcessName;
+ LSA_STRING PackageName;
+ LSA_OPERATIONAL_MODE SecurityMode = 0;
+ NTSTATUS Status;
+
+ RtlInitAnsiString((PANSI_STRING)&LogonProcessName,
+ "User32LogonProcess");
+
+ Status = LsaRegisterLogonProcess(&LogonProcessName,
+ &LsaHandle,
+ &SecurityMode);
+ if (!NT_SUCCESS(Status))
+ {
+ TRACE("LsaRegisterLogonProcess failed (Status 0x%08lx)\n", Status);
+ goto done;
+ }
+
+ RtlInitAnsiString((PANSI_STRING)&PackageName,
+ MSV1_0_PACKAGE_NAME);
+
+ Status = LsaLookupAuthenticationPackage(LsaHandle,
+ &PackageName,
+ &AuthenticationPackage);
+ if (!NT_SUCCESS(Status))
+ {
+ TRACE("LsaLookupAuthenticationPackage failed (Status 0x%08lx)\n", Status);
+ goto done;
+ }
+
+ TRACE("AuthenticationPackage: 0x%08lx\n", AuthenticationPackage);
+
+done:
+ if (!NT_SUCCESS(Status))
+ {
+ if (LsaHandle != NULL)
+ {
+ Status = LsaDeregisterLogonProcess(LsaHandle);
+ if (!NT_SUCCESS(Status))
+ {
+ TRACE("LsaDeregisterLogonProcess failed (Status 0x%08lx)\n", Status);
+ }
+ }
+ }
+
+ return Status;
+}
+
+
+NTSTATUS
+CloseLogonLsaHandle(VOID)
+{
+ NTSTATUS Status = STATUS_SUCCESS;
+
+ if (LsaHandle != NULL)
+ {
+ Status = LsaDeregisterLogonProcess(LsaHandle);
+ if (!NT_SUCCESS(Status))
+ {
+ TRACE("LsaDeregisterLogonProcess failed (Status 0x%08lx)\n", Status);
+ }
+ }
+
+ return Status;
+}
+
+
/*
* @implemented
*/
PROCESS_ACCESS_TOKEN AccessToken;
NTSTATUS Status;
+ TRACE("%p %s %s %p %p %d 0x%08x %p %s %p %p\n", hToken, debugstr_a(lpApplicationName),
+ debugstr_a(lpCommandLine), lpProcessAttributes, lpThreadAttributes, bInheritHandles,
+ dwCreationFlags, lpEnvironment, debugstr_a(lpCurrentDirectory), lpStartupInfo, lpProcessInformation);
+
/* Create the process with a suspended main thread */
if (!CreateProcessA(lpApplicationName,
lpCommandLine,
lpStartupInfo,
lpProcessInformation))
{
+ ERR("CreateProcessA failed! GLE: %d\n", GetLastError());
return FALSE;
}
sizeof(AccessToken));
if (!NT_SUCCESS (Status))
{
+ ERR("NtSetInformationProcess failed: 0x%08x\n", Status);
+ TerminateProcess(lpProcessInformation->hProcess, Status);
SetLastError(RtlNtStatusToDosError(Status));
return FALSE;
}
/* Resume the main thread */
if (!(dwCreationFlags & CREATE_SUSPENDED))
{
- ResumeThread(lpProcessInformation->hThread);
+ ResumeThread(lpProcessInformation->hThread);
}
return TRUE;
PROCESS_ACCESS_TOKEN AccessToken;
NTSTATUS Status;
+ TRACE("%p %s %s %p %p %d 0x%08x %p %s %p %p\n", hToken, debugstr_w(lpApplicationName),
+ debugstr_w(lpCommandLine), lpProcessAttributes, lpThreadAttributes, bInheritHandles,
+ dwCreationFlags, lpEnvironment, debugstr_w(lpCurrentDirectory), lpStartupInfo, lpProcessInformation);
+
/* Create the process with a suspended main thread */
if (!CreateProcessW(lpApplicationName,
lpCommandLine,
lpStartupInfo,
lpProcessInformation))
{
+ ERR("CreateProcessW failed! GLE: %d\n", GetLastError());
return FALSE;
}
sizeof(AccessToken));
if (!NT_SUCCESS (Status))
{
+ ERR("NtSetInformationProcess failed: 0x%08x\n", Status);
+ TerminateProcess(lpProcessInformation->hProcess, Status);
SetLastError(RtlNtStatusToDosError(Status));
return FALSE;
}
return TRUE;
}
-/*
- * @unimplemented
- */
-BOOL WINAPI
-CreateProcessWithLogonW(LPCWSTR lpUsername,
- LPCWSTR lpDomain,
- LPCWSTR lpPassword,
- DWORD dwLogonFlags,
- LPCWSTR lpApplicationName,
- LPWSTR lpCommandLine,
- DWORD dwCreationFlags,
- LPVOID lpEnvironment,
- LPCWSTR lpCurrentDirectory,
- LPSTARTUPINFOW lpStartupInfo,
- LPPROCESS_INFORMATION lpProcessInformation)
-{
- FIXME("%s %s %s 0x%08x %s %s 0x%08x %p %s %p %p stub\n", debugstr_w(lpUsername), debugstr_w(lpDomain),
- debugstr_w(lpPassword), dwLogonFlags, debugstr_w(lpApplicationName),
- debugstr_w(lpCommandLine), dwCreationFlags, lpEnvironment, debugstr_w(lpCurrentDirectory),
- lpStartupInfo, lpProcessInformation);
-
- return FALSE;
-}
-
/*
* @implemented
*/
}
-static BOOL WINAPI
-GetAccountDomainSid(PSID *Sid)
+/*
+ * @implemented
+ */
+BOOL WINAPI
+LogonUserW(LPWSTR lpszUsername,
+ LPWSTR lpszDomain,
+ LPWSTR lpszPassword,
+ DWORD dwLogonType,
+ DWORD dwLogonProvider,
+ PHANDLE phToken)
{
- PPOLICY_ACCOUNT_DOMAIN_INFO Info = NULL;
- LSA_OBJECT_ATTRIBUTES ObjectAttributes;
- LSA_HANDLE PolicyHandle;
- PSID lpSid;
- ULONG Length;
+ SID_IDENTIFIER_AUTHORITY LocalAuthority = {SECURITY_LOCAL_SID_AUTHORITY};
+ SID_IDENTIFIER_AUTHORITY SystemAuthority = {SECURITY_NT_AUTHORITY};
+ PSID LogonSid = NULL;
+ PSID LocalSid = NULL;
+ LSA_STRING OriginName;
+ UNICODE_STRING DomainName;
+ UNICODE_STRING UserName;
+ UNICODE_STRING Password;
+ PMSV1_0_INTERACTIVE_LOGON AuthInfo = NULL;
+ ULONG AuthInfoLength;
+ ULONG_PTR Ptr;
+ TOKEN_SOURCE TokenSource;
+ PTOKEN_GROUPS TokenGroups = NULL;
+ PMSV1_0_INTERACTIVE_PROFILE ProfileBuffer = NULL;
+ ULONG ProfileBufferLength = 0;
+ LUID Luid = {0, 0};
+ LUID LogonId = {0, 0};
+ HANDLE TokenHandle = NULL;
+ QUOTA_LIMITS QuotaLimits;
+ SECURITY_LOGON_TYPE LogonType;
+ NTSTATUS SubStatus = STATUS_SUCCESS;
NTSTATUS Status;
- *Sid = NULL;
-
- memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES));
- ObjectAttributes.Length = sizeof(LSA_OBJECT_ATTRIBUTES);
+ *phToken = NULL;
- Status = LsaOpenPolicy(NULL,
- &ObjectAttributes,
- POLICY_VIEW_LOCAL_INFORMATION,
- &PolicyHandle);
- if (!NT_SUCCESS(Status))
+ switch (dwLogonType)
{
- ERR("LsaOpenPolicy failed (Status: 0x%08lx)\n", Status);
- return FALSE;
+ case LOGON32_LOGON_INTERACTIVE:
+ LogonType = Interactive;
+ break;
+
+ case LOGON32_LOGON_NETWORK:
+ LogonType = Network;
+ break;
+
+ case LOGON32_LOGON_BATCH:
+ LogonType = Batch;
+ break;
+
+ case LOGON32_LOGON_SERVICE:
+ LogonType = Service;
+ break;
+
+ default:
+ ERR("Invalid logon type: %ul\n", dwLogonType);
+ Status = STATUS_INVALID_PARAMETER;
+ goto done;
}
- Status = LsaQueryInformationPolicy(PolicyHandle,
- PolicyAccountDomainInformation,
- (PVOID *)&Info);
- if (!NT_SUCCESS(Status))
+ if (LsaHandle == NULL)
{
- ERR("LsaQueryInformationPolicy failed (Status: 0x%08lx)\n", Status);
- LsaClose(PolicyHandle);
- return FALSE;
+ Status = OpenLogonLsaHandle();
+ if (!NT_SUCCESS(Status))
+ goto done;
}
- Length = RtlLengthSid(Info->DomainSid);
-
- lpSid = RtlAllocateHeap(RtlGetProcessHeap(),
- 0,
- Length);
- if (lpSid == NULL)
- {
- ERR("Failed to allocate SID buffer!\n");
- LsaFreeMemory(Info);
- LsaClose(PolicyHandle);
- return FALSE;
- }
-
- memcpy(lpSid, Info->DomainSid, Length);
-
- *Sid = lpSid;
-
- LsaFreeMemory(Info);
- LsaClose(PolicyHandle);
+ RtlInitAnsiString((PANSI_STRING)&OriginName,
+ "Advapi32 Logon");
- return TRUE;
-}
-
-
-static PSID
-AppendRidToSid(PSID SrcSid,
- ULONG Rid)
-{
- ULONG Rids[8] = {0, 0, 0, 0, 0, 0, 0, 0};
- UCHAR RidCount;
- PSID DstSid;
- ULONG i;
-
- RidCount = *RtlSubAuthorityCountSid(SrcSid);
- if (RidCount >= 8)
- return NULL;
-
- for (i = 0; i < RidCount; i++)
- Rids[i] = *RtlSubAuthoritySid(SrcSid, i);
-
- Rids[RidCount] = Rid;
- RidCount++;
-
- RtlAllocateAndInitializeSid(RtlIdentifierAuthoritySid(SrcSid),
- RidCount,
- Rids[0],
- Rids[1],
- Rids[2],
- Rids[3],
- Rids[4],
- Rids[5],
- Rids[6],
- Rids[7],
- &DstSid);
-
- return DstSid;
-}
-
-
-static BOOL WINAPI
-GetUserSid(LPCWSTR UserName,
- PSID *Sid)
-{
- PSID SidBuffer = NULL;
- PWSTR DomainBuffer = NULL;
- DWORD cbSidSize = 0;
- DWORD cchDomSize = 0;
- SID_NAME_USE Use;
- BOOL res = TRUE;
-
- *Sid = NULL;
-
- LookupAccountNameW(NULL,
- UserName,
- NULL,
- &cbSidSize,
- NULL,
- &cchDomSize,
- &Use);
-
- if (cbSidSize == 0 || cchDomSize == 0)
- return FALSE;
+ RtlInitUnicodeString(&DomainName,
+ lpszDomain);
- SidBuffer = RtlAllocateHeap(RtlGetProcessHeap(),
- HEAP_ZERO_MEMORY,
- cbSidSize);
- if (SidBuffer == NULL)
- return FALSE;
+ RtlInitUnicodeString(&UserName,
+ lpszUsername);
- DomainBuffer = RtlAllocateHeap(RtlGetProcessHeap(),
- HEAP_ZERO_MEMORY,
- cchDomSize * sizeof(WCHAR));
- if (DomainBuffer == NULL)
- {
- res = FALSE;
- goto done;
- }
+ RtlInitUnicodeString(&Password,
+ lpszPassword);
- if (!LookupAccountNameW(NULL,
- UserName,
- SidBuffer,
- &cbSidSize,
- DomainBuffer,
- &cchDomSize,
- &Use))
- {
- res = FALSE;
- goto done;
- }
+ AuthInfoLength = sizeof(MSV1_0_INTERACTIVE_LOGON)+
+ DomainName.MaximumLength +
+ UserName.MaximumLength +
+ Password.MaximumLength;
- if (Use != SidTypeUser)
+ AuthInfo = RtlAllocateHeap(RtlGetProcessHeap(),
+ HEAP_ZERO_MEMORY,
+ AuthInfoLength);
+ if (AuthInfo == NULL)
{
- res = FALSE;
+ Status = STATUS_INSUFFICIENT_RESOURCES;
goto done;
}
- *Sid = SidBuffer;
+ AuthInfo->MessageType = MsV1_0InteractiveLogon;
-done:
- if (DomainBuffer != NULL)
- RtlFreeHeap(RtlGetProcessHeap(), 0, DomainBuffer);
+ Ptr = (ULONG_PTR)AuthInfo + sizeof(MSV1_0_INTERACTIVE_LOGON);
- if (res == FALSE)
+ AuthInfo->LogonDomainName.Length = DomainName.Length;
+ AuthInfo->LogonDomainName.MaximumLength = DomainName.MaximumLength;
+ AuthInfo->LogonDomainName.Buffer = (DomainName.Buffer == NULL) ? NULL : (PWCHAR)Ptr;
+ if (DomainName.MaximumLength > 0)
{
- if (SidBuffer != NULL)
- RtlFreeHeap(RtlGetProcessHeap(), 0, SidBuffer);
- }
-
- return res;
-}
-
+ RtlCopyMemory(AuthInfo->LogonDomainName.Buffer,
+ DomainName.Buffer,
+ DomainName.MaximumLength);
-static PTOKEN_GROUPS
-AllocateGroupSids(OUT PSID *PrimaryGroupSid,
- OUT PSID *OwnerSid)
-{
- SID_IDENTIFIER_AUTHORITY WorldAuthority = {SECURITY_WORLD_SID_AUTHORITY};
- SID_IDENTIFIER_AUTHORITY LocalAuthority = {SECURITY_LOCAL_SID_AUTHORITY};
- SID_IDENTIFIER_AUTHORITY SystemAuthority = {SECURITY_NT_AUTHORITY};
- PTOKEN_GROUPS TokenGroups;
-#define MAX_GROUPS 8
- DWORD GroupCount = 0;
- PSID DomainSid;
- PSID Sid;
- LUID Luid;
- NTSTATUS Status;
+ Ptr += DomainName.MaximumLength;
+ }
- Status = NtAllocateLocallyUniqueId(&Luid);
+ AuthInfo->UserName.Length = UserName.Length;
+ AuthInfo->UserName.MaximumLength = UserName.MaximumLength;
+ AuthInfo->UserName.Buffer = (PWCHAR)Ptr;
+ if (UserName.MaximumLength > 0)
+ RtlCopyMemory(AuthInfo->UserName.Buffer,
+ UserName.Buffer,
+ UserName.MaximumLength);
+
+ Ptr += UserName.MaximumLength;
+
+ AuthInfo->Password.Length = Password.Length;
+ AuthInfo->Password.MaximumLength = Password.MaximumLength;
+ AuthInfo->Password.Buffer = (PWCHAR)Ptr;
+ if (Password.MaximumLength > 0)
+ RtlCopyMemory(AuthInfo->Password.Buffer,
+ Password.Buffer,
+ Password.MaximumLength);
+
+ /* Create the Logon SID*/
+ AllocateLocallyUniqueId(&LogonId);
+ Status = RtlAllocateAndInitializeSid(&SystemAuthority,
+ SECURITY_LOGON_IDS_RID_COUNT,
+ SECURITY_LOGON_IDS_RID,
+ LogonId.HighPart,
+ LogonId.LowPart,
+ SECURITY_NULL_RID,
+ SECURITY_NULL_RID,
+ SECURITY_NULL_RID,
+ SECURITY_NULL_RID,
+ SECURITY_NULL_RID,
+ &LogonSid);
if (!NT_SUCCESS(Status))
- return NULL;
+ goto done;
- if (!GetAccountDomainSid(&DomainSid))
- return NULL;
+ /* Create the Local SID*/
+ Status = RtlAllocateAndInitializeSid(&LocalAuthority,
+ 1,
+ SECURITY_LOCAL_RID,
+ SECURITY_NULL_RID,
+ SECURITY_NULL_RID,
+ SECURITY_NULL_RID,
+ SECURITY_NULL_RID,
+ SECURITY_NULL_RID,
+ SECURITY_NULL_RID,
+ SECURITY_NULL_RID,
+ &LocalSid);
+ if (!NT_SUCCESS(Status))
+ goto done;
- TokenGroups = RtlAllocateHeap(
- GetProcessHeap(), 0,
- sizeof(TOKEN_GROUPS) +
- MAX_GROUPS * sizeof(SID_AND_ATTRIBUTES));
+ /* Allocate and set the token groups */
+ TokenGroups = RtlAllocateHeap(RtlGetProcessHeap(),
+ HEAP_ZERO_MEMORY,
+ sizeof(TOKEN_GROUPS) + ((2 - ANYSIZE_ARRAY) * sizeof(SID_AND_ATTRIBUTES)));
if (TokenGroups == NULL)
{
- RtlFreeHeap(RtlGetProcessHeap(), 0, DomainSid);
- return NULL;
+ Status = STATUS_INSUFFICIENT_RESOURCES;
+ goto done;
}
- Sid = AppendRidToSid(DomainSid, DOMAIN_GROUP_RID_USERS);
- RtlFreeHeap(RtlGetProcessHeap(), 0, DomainSid);
-
- /* Member of the domain */
- TokenGroups->Groups[GroupCount].Sid = Sid;
- TokenGroups->Groups[GroupCount].Attributes =
- SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
- *PrimaryGroupSid = Sid;
- GroupCount++;
-
- /* Member of 'Everyone' */
- RtlAllocateAndInitializeSid(&WorldAuthority,
- 1,
- SECURITY_WORLD_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- &Sid);
- TokenGroups->Groups[GroupCount].Sid = Sid;
- TokenGroups->Groups[GroupCount].Attributes =
- SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
- GroupCount++;
-
-#if 1
- /* Member of 'Administrators' */
- RtlAllocateAndInitializeSid(&SystemAuthority,
- 2,
- SECURITY_BUILTIN_DOMAIN_RID,
- DOMAIN_ALIAS_RID_ADMINS,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- &Sid);
- TokenGroups->Groups[GroupCount].Sid = Sid;
- TokenGroups->Groups[GroupCount].Attributes =
- SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
- GroupCount++;
-#else
- TRACE("Not adding user to Administrators group\n");
-#endif
-
- /* Member of 'Users' */
- RtlAllocateAndInitializeSid(&SystemAuthority,
- 2,
- SECURITY_BUILTIN_DOMAIN_RID,
- DOMAIN_ALIAS_RID_USERS,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- &Sid);
- TokenGroups->Groups[GroupCount].Sid = Sid;
- TokenGroups->Groups[GroupCount].Attributes =
- SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
- GroupCount++;
-
- /* Logon SID */
- RtlAllocateAndInitializeSid(&SystemAuthority,
- SECURITY_LOGON_IDS_RID_COUNT,
- SECURITY_LOGON_IDS_RID,
- Luid.HighPart,
- Luid.LowPart,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- &Sid);
- TokenGroups->Groups[GroupCount].Sid = Sid;
- TokenGroups->Groups[GroupCount].Attributes =
- SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY | SE_GROUP_LOGON_ID;
- GroupCount++;
- *OwnerSid = Sid;
-
- /* Member of 'Local users */
- RtlAllocateAndInitializeSid(&LocalAuthority,
- 1,
- SECURITY_LOCAL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- &Sid);
- TokenGroups->Groups[GroupCount].Sid = Sid;
- TokenGroups->Groups[GroupCount].Attributes =
- SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
- GroupCount++;
-
- /* Member of 'Interactive users' */
- RtlAllocateAndInitializeSid(&SystemAuthority,
- 1,
- SECURITY_INTERACTIVE_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- &Sid);
- TokenGroups->Groups[GroupCount].Sid = Sid;
- TokenGroups->Groups[GroupCount].Attributes =
- SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
- GroupCount++;
-
- /* Member of 'Authenticated users' */
- RtlAllocateAndInitializeSid(&SystemAuthority,
- 1,
- SECURITY_AUTHENTICATED_USER_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- &Sid);
- TokenGroups->Groups[GroupCount].Sid = Sid;
- TokenGroups->Groups[GroupCount].Attributes =
- SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
- GroupCount++;
-
- TokenGroups->GroupCount = GroupCount;
- ASSERT(TokenGroups->GroupCount <= MAX_GROUPS);
-
- return TokenGroups;
-}
-
-
-static VOID
-FreeGroupSids(PTOKEN_GROUPS TokenGroups)
-{
- ULONG i;
-
- for (i = 0; i < TokenGroups->GroupCount; i++)
+ TokenGroups->GroupCount = 2;
+ TokenGroups->Groups[0].Sid = LogonSid;
+ TokenGroups->Groups[0].Attributes = SE_GROUP_MANDATORY | SE_GROUP_ENABLED |
+ SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_LOGON_ID;
+ TokenGroups->Groups[1].Sid = LocalSid;
+ TokenGroups->Groups[1].Attributes = SE_GROUP_MANDATORY | SE_GROUP_ENABLED |
+ SE_GROUP_ENABLED_BY_DEFAULT;
+
+ /* Set the token source */
+ strncpy(TokenSource.SourceName, "Advapi ", sizeof(TokenSource.SourceName));
+ AllocateLocallyUniqueId(&TokenSource.SourceIdentifier);
+
+ Status = LsaLogonUser(LsaHandle,
+ &OriginName,
+ LogonType,
+ AuthenticationPackage,
+ (PVOID)AuthInfo,
+ AuthInfoLength,
+ TokenGroups,
+ &TokenSource,
+ (PVOID*)&ProfileBuffer,
+ &ProfileBufferLength,
+ &Luid,
+ &TokenHandle,
+ &QuotaLimits,
+ &SubStatus);
+ if (!NT_SUCCESS(Status))
{
- if (TokenGroups->Groups[i].Sid != NULL)
- RtlFreeHeap(GetProcessHeap(), 0, TokenGroups->Groups[i].Sid);
+ ERR("LsaLogonUser failed (Status 0x%08lx)\n", Status);
+ goto done;
}
- RtlFreeHeap(GetProcessHeap(), 0, TokenGroups);
-}
-
-
-/*
- * @unimplemented
- */
-BOOL WINAPI
-LogonUserW(LPWSTR lpszUsername,
- LPWSTR lpszDomain,
- LPWSTR lpszPassword,
- DWORD dwLogonType,
- DWORD dwLogonProvider,
- PHANDLE phToken)
-{
- /* FIXME shouldn't use hard-coded list of privileges */
- static struct
+ if (ProfileBuffer != NULL)
{
- LPCWSTR PrivName;
- DWORD Attributes;
- }
- DefaultPrivs[] =
- {
- { L"SeMachineAccountPrivilege", 0 },
- { L"SeSecurityPrivilege", 0 },
- { L"SeTakeOwnershipPrivilege", 0 },
- { L"SeLoadDriverPrivilege", 0 },
- { L"SeSystemProfilePrivilege", 0 },
- { L"SeSystemtimePrivilege", 0 },
- { L"SeProfileSingleProcessPrivilege", 0 },
- { L"SeIncreaseBasePriorityPrivilege", 0 },
- { L"SeCreatePagefilePrivilege", 0 },
- { L"SeBackupPrivilege", 0 },
- { L"SeRestorePrivilege", 0 },
- { L"SeShutdownPrivilege", 0 },
- { L"SeDebugPrivilege", 0 },
- { L"SeSystemEnvironmentPrivilege", 0 },
- { L"SeChangeNotifyPrivilege", SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
- { L"SeRemoteShutdownPrivilege", 0 },
- { L"SeUndockPrivilege", 0 },
- { L"SeEnableDelegationPrivilege", 0 },
- { L"SeImpersonatePrivilege", SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT },
- { L"SeCreateGlobalPrivilege", SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT }
- };
- OBJECT_ATTRIBUTES ObjectAttributes;
- SECURITY_QUALITY_OF_SERVICE Qos;
- TOKEN_USER TokenUser;
- TOKEN_OWNER TokenOwner;
- TOKEN_PRIMARY_GROUP TokenPrimaryGroup;
- PTOKEN_GROUPS TokenGroups = NULL;
- PTOKEN_PRIVILEGES TokenPrivileges = NULL;
- TOKEN_DEFAULT_DACL TokenDefaultDacl;
- LARGE_INTEGER ExpirationTime;
- LUID AuthenticationId;
- TOKEN_SOURCE TokenSource;
- PSID UserSid = NULL;
- PSID PrimaryGroupSid = NULL;
- PSID OwnerSid = NULL;
- PSID LocalSystemSid;
- PACL Dacl = NULL;
- SID_IDENTIFIER_AUTHORITY SystemAuthority = {SECURITY_NT_AUTHORITY};
- unsigned i;
- NTSTATUS Status = STATUS_SUCCESS;
+ TRACE("ProfileBuffer: %p\n", ProfileBuffer);
+ TRACE("MessageType: %u\n", ProfileBuffer->MessageType);
- Qos.Length = sizeof(SECURITY_QUALITY_OF_SERVICE);
- Qos.ImpersonationLevel = SecurityAnonymous;
- Qos.ContextTrackingMode = SECURITY_STATIC_TRACKING;
- Qos.EffectiveOnly = FALSE;
+ TRACE("FullName: %p\n", ProfileBuffer->FullName.Buffer);
+ TRACE("FullName: %S\n", ProfileBuffer->FullName.Buffer);
- ObjectAttributes.Length = sizeof(OBJECT_ATTRIBUTES);
- ObjectAttributes.RootDirectory = NULL;
- ObjectAttributes.ObjectName = NULL;
- ObjectAttributes.Attributes = 0;
- ObjectAttributes.SecurityDescriptor = NULL;
- ObjectAttributes.SecurityQualityOfService = &Qos;
-
- Status = NtAllocateLocallyUniqueId(&AuthenticationId);
- if (!NT_SUCCESS(Status))
- {
- return FALSE;
+ TRACE("LogonServer: %p\n", ProfileBuffer->LogonServer.Buffer);
+ TRACE("LogonServer: %S\n", ProfileBuffer->LogonServer.Buffer);
}
- ExpirationTime.QuadPart = -1;
+ TRACE("Luid: 0x%08lx%08lx\n", Luid.HighPart, Luid.LowPart);
- /* Get the user SID from the registry */
- if (!GetUserSid (lpszUsername, &UserSid))
+ if (TokenHandle != NULL)
{
- ERR("GetUserSid() failed\n");
- return FALSE;
+ TRACE("TokenHandle: %p\n", TokenHandle);
}
- TokenUser.User.Sid = UserSid;
- TokenUser.User.Attributes = 0;
+ *phToken = TokenHandle;
- /* Allocate and initialize token groups */
- TokenGroups = AllocateGroupSids(&PrimaryGroupSid,
- &OwnerSid);
- if (TokenGroups == NULL)
- {
- Status = STATUS_INSUFFICIENT_RESOURCES;
- goto done;
- }
+done:
+ if (ProfileBuffer != NULL)
+ LsaFreeReturnBuffer(ProfileBuffer);
- /* Allocate and initialize token privileges */
- TokenPrivileges = RtlAllocateHeap(GetProcessHeap(), 0,
- sizeof(TOKEN_PRIVILEGES)
- + sizeof(DefaultPrivs) / sizeof(DefaultPrivs[0])
- * sizeof(LUID_AND_ATTRIBUTES));
- if (TokenPrivileges == NULL)
+ if (!NT_SUCCESS(Status))
{
- Status = STATUS_INSUFFICIENT_RESOURCES;
- goto done;
+ if (TokenHandle != NULL)
+ CloseHandle(TokenHandle);
}
- TokenPrivileges->PrivilegeCount = 0;
- for (i = 0; i < sizeof(DefaultPrivs) / sizeof(DefaultPrivs[0]); i++)
- {
- if (! LookupPrivilegeValueW(NULL,
- DefaultPrivs[i].PrivName,
- &TokenPrivileges->Privileges[TokenPrivileges->PrivilegeCount].Luid))
- {
- WARN("Can't set privilege %S\n", DefaultPrivs[i].PrivName);
- }
- else
- {
- TokenPrivileges->Privileges[TokenPrivileges->PrivilegeCount].Attributes = DefaultPrivs[i].Attributes;
- TokenPrivileges->PrivilegeCount++;
- }
- }
+ if (TokenGroups != NULL)
+ RtlFreeHeap(RtlGetProcessHeap(), 0, TokenGroups);
- TokenOwner.Owner = OwnerSid;
- TokenPrimaryGroup.PrimaryGroup = PrimaryGroupSid;
+ if (LocalSid != NULL)
+ RtlFreeSid(LocalSid);
- Dacl = RtlAllocateHeap(GetProcessHeap(), 0, 1024);
- if (Dacl == NULL)
- {
- Status = STATUS_INSUFFICIENT_RESOURCES;
- goto done;
- }
+ if (LogonSid != NULL)
+ RtlFreeSid(LogonSid);
- Status = RtlCreateAcl(Dacl, 1024, ACL_REVISION);
- if (!NT_SUCCESS(Status))
- goto done;
+ if (AuthInfo != NULL)
+ RtlFreeHeap(RtlGetProcessHeap(), 0, AuthInfo);
- RtlAddAccessAllowedAce(Dacl,
- ACL_REVISION,
- GENERIC_ALL,
- OwnerSid);
-
- RtlAllocateAndInitializeSid(&SystemAuthority,
- 1,
- SECURITY_LOCAL_SYSTEM_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- SECURITY_NULL_RID,
- &LocalSystemSid);
-
- /* SID: S-1-5-18 */
- RtlAddAccessAllowedAce(Dacl,
- ACL_REVISION,
- GENERIC_ALL,
- LocalSystemSid);
-
- RtlFreeSid(LocalSystemSid);
-
- TokenDefaultDacl.DefaultDacl = Dacl;
-
- memcpy(TokenSource.SourceName,
- "User32 ",
- 8);
-
- Status = NtAllocateLocallyUniqueId(&TokenSource.SourceIdentifier);
if (!NT_SUCCESS(Status))
{
- RtlFreeHeap(GetProcessHeap(), 0, Dacl);
- FreeGroupSids(TokenGroups);
- RtlFreeHeap(GetProcessHeap(), 0, TokenPrivileges);
- RtlFreeSid(UserSid);
- return FALSE;
+ SetLastError(RtlNtStatusToDosError(Status));
+ return FALSE;
}
- Status = NtCreateToken(phToken,
- TOKEN_ALL_ACCESS,
- &ObjectAttributes,
- TokenPrimary,
- &AuthenticationId,
- &ExpirationTime,
- &TokenUser,
- TokenGroups,
- TokenPrivileges,
- &TokenOwner,
- &TokenPrimaryGroup,
- &TokenDefaultDacl,
- &TokenSource);
-
-done:
- if (Dacl != NULL)
- RtlFreeHeap(GetProcessHeap(), 0, Dacl);
-
- if (TokenGroups != NULL)
- FreeGroupSids(TokenGroups);
-
- if (TokenPrivileges != NULL)
- RtlFreeHeap(GetProcessHeap(), 0, TokenPrivileges);
-
- if (UserSid != NULL)
- RtlFreeHeap(GetProcessHeap(), 0, UserSid);
-
- return NT_SUCCESS(Status);
+ return TRUE;
}
/* EOF */