[LSASRV] Improvements to LsapLogonUser()

- Token handle duplication must be the last step because we cannot close the duplicated token handle if something fails.
- Call LsaApLogonTerminated(), delete the logon session and free the profile buffer if something fails.

diff --git a/dll/win32/lsasrv/authpackage.c b/dll/win32/lsasrv/authpackage.c
index 6c8b47a..29bb465 100644 (file)
--- a/dll/win32/lsasrv/authpackage.c
+++ b/dll/win32/lsasrv/authpackage.c
@@ -1641,22 +1641,6 @@ LsapLogonUser(PLSA_API_MSG RequestMsg,
         goto done;
     }
 
         goto done;
     }
 

-    /* Duplicate the token handle into the client process */
-    Status = NtDuplicateObject(NtCurrentProcess(),
-                               TokenHandle,
-                               LogonContext->ClientProcessHandle,
-                               &RequestMsg->LogonUser.Reply.Token,
-                               0,
-                               0,
-                               DUPLICATE_SAME_ACCESS | DUPLICATE_SAME_ATTRIBUTES | DUPLICATE_CLOSE_SOURCE);
-    if (!NT_SUCCESS(Status))
-    {
-        ERR("NtDuplicateObject failed (Status 0x%08lx)\n", Status);
-        goto done;
-    }
-
-//    TokenHandle = NULL;
-

     if (LogonType == Interactive ||
         LogonType == Batch ||
         LogonType == Service)
     if (LogonType == Interactive ||
         LogonType == Batch ||
         LogonType == Service)


@@ -1680,12 +1664,41 @@ LsapLogonUser(PLSA_API_MSG RequestMsg,
         goto done;
     }
 
         goto done;
     }
 

+    /*
+     * Duplicate the token handle into the client process.
+     * This must be the last step because we cannot
+     * close the duplicated token handle in case something fails.
+     */
+    Status = NtDuplicateObject(NtCurrentProcess(),
+                               TokenHandle,
+                               LogonContext->ClientProcessHandle,
+                               &RequestMsg->LogonUser.Reply.Token,
+                               0,
+                               0,
+                               DUPLICATE_SAME_ACCESS | DUPLICATE_SAME_ATTRIBUTES | DUPLICATE_CLOSE_SOURCE);
+    if (!NT_SUCCESS(Status))
+    {
+        ERR("NtDuplicateObject failed (Status 0x%08lx)\n", Status);
+        goto done;
+    }
+

 done:
 done:

-//    if (!NT_SUCCESS(Status))
-//    {
-        if (TokenHandle != NULL)
-            NtClose(TokenHandle);
-//    }
+    if (!NT_SUCCESS(Status))
+    {
+        /* Notify the authentification package of the failure */
+        Package->LsaApLogonTerminated(&RequestMsg->LogonUser.Reply.LogonId);
+
+        /* Delete the logon session */
+        LsapDeleteLogonSession(&RequestMsg->LogonUser.Reply.LogonId);
+
+        /* Release the profile buffer */
+        LsapFreeClientBuffer((PLSA_CLIENT_REQUEST)LogonContext,
+                             RequestMsg->LogonUser.Reply.ProfileBuffer);
+        RequestMsg->LogonUser.Reply.ProfileBuffer = NULL;
+    }
+
+    if (TokenHandle != NULL)
+        NtClose(TokenHandle);

 
     /* Free the local groups */
     if (LocalGroups != NULL)
 
     /* Free the local groups */
     if (LocalGroups != NULL)