- Token handle duplication must be the last step because we cannot close the duplicated token handle if something fails.
- Call LsaApLogonTerminated(), delete the logon session and free the profile buffer if something fails.
- /* Duplicate the token handle into the client process */
- Status = NtDuplicateObject(NtCurrentProcess(),
- TokenHandle,
- LogonContext->ClientProcessHandle,
- &RequestMsg->LogonUser.Reply.Token,
- 0,
- 0,
- DUPLICATE_SAME_ACCESS | DUPLICATE_SAME_ATTRIBUTES | DUPLICATE_CLOSE_SOURCE);
- if (!NT_SUCCESS(Status))
- {
- ERR("NtDuplicateObject failed (Status 0x%08lx)\n", Status);
- goto done;
- }
-
-// TokenHandle = NULL;
-
if (LogonType == Interactive ||
LogonType == Batch ||
LogonType == Service)
if (LogonType == Interactive ||
LogonType == Batch ||
LogonType == Service)
+ /*
+ * Duplicate the token handle into the client process.
+ * This must be the last step because we cannot
+ * close the duplicated token handle in case something fails.
+ */
+ Status = NtDuplicateObject(NtCurrentProcess(),
+ TokenHandle,
+ LogonContext->ClientProcessHandle,
+ &RequestMsg->LogonUser.Reply.Token,
+ 0,
+ 0,
+ DUPLICATE_SAME_ACCESS | DUPLICATE_SAME_ATTRIBUTES | DUPLICATE_CLOSE_SOURCE);
+ if (!NT_SUCCESS(Status))
+ {
+ ERR("NtDuplicateObject failed (Status 0x%08lx)\n", Status);
+ goto done;
+ }
+
-// if (!NT_SUCCESS(Status))
-// {
- if (TokenHandle != NULL)
- NtClose(TokenHandle);
-// }
+ if (!NT_SUCCESS(Status))
+ {
+ /* Notify the authentification package of the failure */
+ Package->LsaApLogonTerminated(&RequestMsg->LogonUser.Reply.LogonId);
+
+ /* Delete the logon session */
+ LsapDeleteLogonSession(&RequestMsg->LogonUser.Reply.LogonId);
+
+ /* Release the profile buffer */
+ LsapFreeClientBuffer((PLSA_CLIENT_REQUEST)LogonContext,
+ RequestMsg->LogonUser.Reply.ProfileBuffer);
+ RequestMsg->LogonUser.Reply.ProfileBuffer = NULL;
+ }
+
+ if (TokenHandle != NULL)
+ NtClose(TokenHandle);
/* Free the local groups */
if (LocalGroups != NULL)
/* Free the local groups */
if (LocalGroups != NULL)