From: Eric Kohl Date: Thu, 25 Sep 2014 12:37:19 +0000 (+0000) Subject: [SECUR32][LSASRV][LSALIB] X-Git-Tag: backups/0.3.17@66124~474 X-Git-Url: https://git.reactos.org/?p=reactos.git;a=commitdiff_plain;h=ed83e65c340f4f2069e7771390f26bcf0b358f7b;ds=sidebyside [SECUR32][LSASRV][LSALIB] - Move the stubs LsaEnumerateLogonSessions, LsaGetLogonSessionData, LsaRegisterPolicyChangeNotification and LsaUnregisterPolicyChangeNotification from lsalib to secur32, because these functions are exported by secur32.dll only. - Add new LPC connection code to secur32.dll for use by non-logon related functions. - Implement LsaEnumerateLogonSessions in secur32.dll and LsapEnumLogonSessions in lsasrv.dll. svn path=/trunk/; revision=64266 --- diff --git a/reactos/dll/win32/lsasrv/authpackage.c b/reactos/dll/win32/lsasrv/authpackage.c index f07e1fd3935..8122ad251fc 100644 --- a/reactos/dll/win32/lsasrv/authpackage.c +++ b/reactos/dll/win32/lsasrv/authpackage.c @@ -8,7 +8,6 @@ #include "lsasrv.h" -#include #include #include diff --git a/reactos/dll/win32/lsasrv/authport.c b/reactos/dll/win32/lsasrv/authport.c index 61527ea2f0a..89598dc1bf4 100644 --- a/reactos/dll/win32/lsasrv/authport.c +++ b/reactos/dll/win32/lsasrv/authport.c @@ -9,7 +9,6 @@ #include "lsasrv.h" #include -#include static LIST_ENTRY LsapLogonContextList; @@ -92,18 +91,21 @@ LsapHandlePortConnection(PLSA_API_MSG RequestMsg) HANDLE ConnectionHandle = NULL; BOOLEAN Accept; REMOTE_PORT_VIEW RemotePortView; - NTSTATUS Status; + NTSTATUS Status = STATUS_SUCCESS; TRACE("(%p)\n", RequestMsg); TRACE("Logon Process Name: %s\n", RequestMsg->ConnectInfo.LogonProcessNameBuffer); - Status = LsapCheckLogonProcess(RequestMsg, - &LogonContext); + if (RequestMsg->ConnectInfo.CreateContext == TRUE) + { + Status = LsapCheckLogonProcess(RequestMsg, + &LogonContext); - RequestMsg->ConnectInfo.OperationalMode = 0x43218765; + RequestMsg->ConnectInfo.OperationalMode = 0x43218765; - RequestMsg->ConnectInfo.Status = Status; + RequestMsg->ConnectInfo.Status = Status; + } if (NT_SUCCESS(Status)) { @@ -129,10 +131,13 @@ LsapHandlePortConnection(PLSA_API_MSG RequestMsg) if (Accept == TRUE) { - LogonContext->ConnectionHandle = ConnectionHandle; + if (LogonContext != NULL) + { + LogonContext->ConnectionHandle = ConnectionHandle; - InsertHeadList(&LsapLogonContextList, - &LogonContext->Entry); + InsertHeadList(&LsapLogonContextList, + &LogonContext->Entry); + } Status = NtCompleteConnectPort(ConnectionHandle); if (!NT_SUCCESS(Status)) @@ -227,6 +232,11 @@ AuthPortThreadRoutine(PVOID Param) ReplyMsg = &RequestMsg; break; + case LSASS_REQUEST_ENUM_LOGON_SESSIONS: + RequestMsg.Status = LsapEnumLogonSessions(&RequestMsg); + ReplyMsg = &RequestMsg; + break; + default: RequestMsg.Status = STATUS_INVALID_SYSTEM_SERVICE; ReplyMsg = &RequestMsg; diff --git a/reactos/dll/win32/lsasrv/lsasrv.h b/reactos/dll/win32/lsasrv/lsasrv.h index 46d7ab18ad0..f6016a5c0b1 100644 --- a/reactos/dll/win32/lsasrv/lsasrv.h +++ b/reactos/dll/win32/lsasrv/lsasrv.h @@ -23,7 +23,9 @@ #define NTOS_MODE_USER #include #include +#include #include +#include #include #include @@ -402,6 +404,9 @@ LsapDeleteLogonSession(IN PLUID LogonId); NTSTATUS LsapSetLogonSessionData(IN PLUID LogonId); +NTSTATUS +LsapEnumLogonSessions(IN OUT PLSA_API_MSG RequestMsg); + /* utils.c */ INT LsapLoadString(HINSTANCE hInstance, diff --git a/reactos/dll/win32/lsasrv/session.c b/reactos/dll/win32/lsasrv/session.c index b2c1292d99e..6edbf0da9f2 100644 --- a/reactos/dll/win32/lsasrv/session.c +++ b/reactos/dll/win32/lsasrv/session.c @@ -122,4 +122,93 @@ LsapDeleteLogonSession(IN PLUID LogonId) return STATUS_SUCCESS; } + +NTSTATUS +LsapEnumLogonSessions(IN OUT PLSA_API_MSG RequestMsg) +{ + OBJECT_ATTRIBUTES ObjectAttributes; + HANDLE ProcessHandle = NULL; + PLIST_ENTRY SessionEntry; + PLSAP_LOGON_SESSION CurrentSession; + PLUID SessionList; + ULONG i, Length; + PVOID ClientBaseAddress; + NTSTATUS Status; + + TRACE("LsapEnumLogonSessions()\n"); + + Length = SessionCount * sizeof(LUID); + SessionList = RtlAllocateHeap(RtlGetProcessHeap(), + HEAP_ZERO_MEMORY, + Length); + if (SessionList == NULL) + return STATUS_INSUFFICIENT_RESOURCES; + + i = 0; + SessionEntry = SessionListHead.Flink; + while (SessionEntry != &SessionListHead) + { + CurrentSession = CONTAINING_RECORD(SessionEntry, + LSAP_LOGON_SESSION, + Entry); + + RtlCopyLuid(&SessionList[i], + &CurrentSession->LogonId); + + SessionEntry = SessionEntry->Flink; + i++; + } + + InitializeObjectAttributes(&ObjectAttributes, + NULL, + 0, + NULL, + NULL); + + Status = NtOpenProcess(&ProcessHandle, + PROCESS_VM_READ | PROCESS_VM_WRITE | PROCESS_VM_OPERATION | PROCESS_DUP_HANDLE, + &ObjectAttributes, + &RequestMsg->h.ClientId); + if (!NT_SUCCESS(Status)) + { + TRACE("NtOpenProcess() failed (Status %lx)\n", Status); + goto done; + } + + Status = NtAllocateVirtualMemory(ProcessHandle, + &ClientBaseAddress, + 0, + &Length, + MEM_COMMIT, + PAGE_READWRITE); + if (!NT_SUCCESS(Status)) + { + TRACE("NtAllocateVirtualMemory() failed (Status %lx)\n", Status); + goto done; + } + + Status = NtWriteVirtualMemory(ProcessHandle, + ClientBaseAddress, + SessionList, + Length, + NULL); + if (!NT_SUCCESS(Status)) + { + TRACE("NtWriteVirtualMemory() failed (Status %lx)\n", Status); + goto done; + } + + RequestMsg->EnumLogonSessions.Reply.LogonSessionCount = SessionCount; + RequestMsg->EnumLogonSessions.Reply.LogonSessionBuffer = ClientBaseAddress; + +done: + if (ProcessHandle != NULL) + NtClose(ProcessHandle); + + if (SessionList != NULL) + RtlFreeHeap(RtlGetProcessHeap(), 0, SessionList); + + return Status; +} + /* EOF */ diff --git a/reactos/dll/win32/secur32/CMakeLists.txt b/reactos/dll/win32/secur32/CMakeLists.txt index 94a2b747151..874adc16a6e 100644 --- a/reactos/dll/win32/secur32/CMakeLists.txt +++ b/reactos/dll/win32/secur32/CMakeLists.txt @@ -6,6 +6,7 @@ spec2def(secur32.dll secur32.spec ADD_IMPORTLIB) list(APPEND SOURCE dllmain.c + lsalpc.c secext.c sspi.c stubs.c diff --git a/reactos/dll/win32/secur32/dllmain.c b/reactos/dll/win32/secur32/dllmain.c index bed6f5abc0e..b1f71ecc441 100644 --- a/reactos/dll/win32/secur32/dllmain.c +++ b/reactos/dll/win32/secur32/dllmain.c @@ -9,6 +9,9 @@ #include "precomp.h" +VOID LsapInitLsaPort(VOID); +VOID LsapCloseLsaPort(VOID); + /* GLOBALS *******************************************************************/ HANDLE Secur32Heap; @@ -29,9 +32,11 @@ DllMain(HINSTANCE hInstance, { return FALSE; } + LsapInitLsaPort(); break; case DLL_PROCESS_DETACH: + LsapCloseLsaPort(); if (!RtlDestroyHeap(Secur32Heap)) { return FALSE; diff --git a/reactos/dll/win32/secur32/lsalpc.c b/reactos/dll/win32/secur32/lsalpc.c new file mode 100644 index 00000000000..1b62770021e --- /dev/null +++ b/reactos/dll/win32/secur32/lsalpc.c @@ -0,0 +1,188 @@ +/* + * COPYRIGHT: See COPYING in the top level directory + * PROJECT: ReactOS system libraries + * FILE: dll/win32/secur32/lsalpc.c + * PURPOSE: LSA LPC port functions + */ + +/* INCLUDES ******************************************************************/ + +#include "precomp.h" + +#include +#include +#include +#include +#include +#include +#include + +#include +WINE_DEFAULT_DEBUG_CHANNEL(secur32); + + +/* GLOBALS *******************************************************************/ + +HANDLE LsaPortHandle; + +extern HANDLE Secur32Heap; + + +/* FUNCTIONS *****************************************************************/ + +VOID +LsapInitLsaPort(VOID) +{ + LsaPortHandle = NULL; +} + + +VOID +LsapCloseLsaPort(VOID) +{ + if (LsaPortHandle != NULL) + { + NtClose(LsaPortHandle); + LsaPortHandle = NULL; + } +} + + +NTSTATUS +LsapOpenLsaPort(VOID) +{ + UNICODE_STRING PortName; + SECURITY_QUALITY_OF_SERVICE SecurityQos; + LSA_CONNECTION_INFO ConnectInfo; + ULONG ConnectInfoLength; + NTSTATUS Status; + + TRACE("LsapOpenLsaPort()\n"); + + if (LsaPortHandle != NULL) + return STATUS_SUCCESS; + + RtlInitUnicodeString(&PortName, + L"\\LsaAuthenticationPort"); + + SecurityQos.Length = sizeof(SecurityQos); + SecurityQos.ImpersonationLevel = SecurityIdentification; + SecurityQos.ContextTrackingMode = SECURITY_DYNAMIC_TRACKING; + SecurityQos.EffectiveOnly = TRUE; + + RtlZeroMemory(&ConnectInfo, + ConnectInfoLength); + + ConnectInfo.CreateContext = FALSE; + + ConnectInfoLength = sizeof(LSA_CONNECTION_INFO); + Status = NtConnectPort(&LsaPortHandle, + &PortName, + &SecurityQos, + NULL, + NULL, + NULL, + &ConnectInfo, + &ConnectInfoLength); + if (!NT_SUCCESS(Status)) + { + TRACE("NtConnectPort failed (Status 0x%08lx)\n", Status); + } + + return Status; +/* + if (!NT_SUCCESS(ConnectInfo.Status)) + { + DPRINT1("ConnectInfo.Status: 0x%08lx\n", ConnectInfo.Status); + } + + return ConnectInfo.Status; +*/ +} + + +/* PUBLIC FUNCTIONS **********************************************************/ + +/* + * @implemented + */ +NTSTATUS +NTAPI +LsaEnumerateLogonSessions(PULONG LogonSessionCount, + PLUID *LogonSessionList) +{ + LSA_API_MSG ApiMessage; + NTSTATUS Status; + + TRACE("LsaEnumerateLogonSessions(%p %p)\n", LogonSessionCount, LogonSessionList); + + Status = LsapOpenLsaPort(); + if (!NT_SUCCESS(Status)) + return Status; + + ApiMessage.ApiNumber = LSASS_REQUEST_ENUM_LOGON_SESSIONS; + ApiMessage.h.u1.s1.DataLength = LSA_PORT_DATA_SIZE(ApiMessage.EnumLogonSessions); + ApiMessage.h.u1.s1.TotalLength = LSA_PORT_MESSAGE_SIZE; + ApiMessage.h.u2.ZeroInit = 0; + + Status = NtRequestWaitReplyPort(LsaPortHandle, + (PPORT_MESSAGE)&ApiMessage, + (PPORT_MESSAGE)&ApiMessage); + if (!NT_SUCCESS(Status)) + { + ERR("NtRequestWaitReplyPort() failed (Status 0x%08lx)\n", Status); + return Status; + } + + if (!NT_SUCCESS(ApiMessage.Status)) + { + ERR("NtRequestWaitReplyPort() failed (ApiMessage.Status 0x%08lx)\n", ApiMessage.Status); + return ApiMessage.Status; + } + + *LogonSessionCount = ApiMessage.EnumLogonSessions.Reply.LogonSessionCount; + *LogonSessionList = ApiMessage.EnumLogonSessions.Reply.LogonSessionBuffer; + + return Status; +} + + +/* + * @unimplemented + */ +NTSTATUS +NTAPI +LsaGetLogonSessionData(PLUID LogonId, + PSECURITY_LOGON_SESSION_DATA *ppLogonSessionData) +{ + UNIMPLEMENTED; + return STATUS_NOT_IMPLEMENTED; +} + + +/* + * @unimplemented + */ +NTSTATUS +NTAPI +LsaRegisterPolicyChangeNotification(POLICY_NOTIFICATION_INFORMATION_CLASS InformationClass, + HANDLE NotificationEventHandle) +{ + UNIMPLEMENTED; + return STATUS_NOT_IMPLEMENTED; +} + + +/* + * @unimplemented + */ +NTSTATUS +NTAPI +LsaUnregisterPolicyChangeNotification(POLICY_NOTIFICATION_INFORMATION_CLASS InformationClass, + HANDLE NotificationEventHandle) +{ + UNIMPLEMENTED; + return STATUS_NOT_IMPLEMENTED; +} + +/* EOF */ diff --git a/reactos/include/psdk/ntsecapi.h b/reactos/include/psdk/ntsecapi.h index e3711eb9eef..0f077d525c1 100644 --- a/reactos/include/psdk/ntsecapi.h +++ b/reactos/include/psdk/ntsecapi.h @@ -699,6 +699,7 @@ NTSTATUS NTAPI LsaEnumerateAccounts(LSA_HANDLE,PLSA_ENUMERATION_HANDLE,PVOID*, ULONG,PULONG); NTSTATUS NTAPI LsaEnumerateAccountsWithUserRight(LSA_HANDLE,PLSA_UNICODE_STRING, PVOID*,PULONG); +NTSTATUS NTAPI LsaEnumerateLogonSessions(PULONG,PLUID*); NTSTATUS NTAPI LsaEnumeratePrivileges(LSA_HANDLE,PLSA_ENUMERATION_HANDLE, PVOID*,ULONG,PULONG); NTSTATUS NTAPI LsaEnumeratePrivilegesOfAccount(LSA_HANDLE,PPRIVILEGE_SET*); diff --git a/reactos/include/reactos/subsys/lsass/lsass.h b/reactos/include/reactos/subsys/lsass/lsass.h index 96b0497aa2b..5a4616dff44 100644 --- a/reactos/include/reactos/subsys/lsass/lsass.h +++ b/reactos/include/reactos/subsys/lsass/lsass.h @@ -21,6 +21,7 @@ typedef enum _LSA_API_NUMBER LSASS_REQUEST_DEREGISTER_LOGON_PROCESS, LSASS_REQUEST_LOGON_USER, LSASS_REQUEST_LOOKUP_AUTHENTICATION_PACKAGE, + LSASS_REQUEST_ENUM_LOGON_SESSIONS, LSASS_REQUEST_MAXIMUM } LSA_API_NUMBER, *PLSA_API_NUMBER; @@ -31,6 +32,7 @@ typedef struct _LSA_CONNECTION_INFO LSA_OPERATIONAL_MODE OperationalMode; ULONG Length; CHAR LogonProcessNameBuffer[LSASS_MAX_LOGON_PROCESS_NAME_LENGTH + 1]; + BOOL CreateContext; } LSA_CONNECTION_INFO, *PLSA_CONNECTION_INFO; @@ -69,21 +71,12 @@ typedef struct _LSA_CALL_AUTHENTICATION_PACKAGE_MSG { struct { -#if 0 - ULONG AuthenticationPackage; - ULONG InBufferLength; - UCHAR InBuffer[0]; -#endif ULONG AuthenticationPackage; PVOID ProtocolSubmitBuffer; ULONG SubmitBufferLength; } Request; struct { -#if 0 - ULONG OutBufferLength; - UCHAR OutBuffer[0]; -#endif PVOID ProtocolReturnBuffer; ULONG ReturnBufferLength; NTSTATUS ProtocolStatus; @@ -125,6 +118,24 @@ typedef struct _LSA_LOOKUP_AUTHENTICATION_PACKAGE_MSG } LSA_LOOKUP_AUTHENTICATION_PACKAGE_MSG, *PLSA_LOOKUP_AUTHENTICATION_PACKAGE_MSG; +typedef struct _LSA_ENUM_LOGON_SESSIONS_MSG +{ + union + { + struct + { + ULONG Dummy; + } Request; + struct + { + ULONG LogonSessionCount; + ULONG LogonSessionBufferLength; + PVOID LogonSessionBuffer; + } Reply; + }; +} LSA_ENUM_LOGON_SESSIONS_MSG, *PLSA_ENUM_LOGON_SESSIONS_MSG; + + typedef struct _LSA_API_MSG { PORT_MESSAGE h; @@ -141,6 +152,7 @@ typedef struct _LSA_API_MSG LSA_CALL_AUTHENTICATION_PACKAGE_MSG CallAuthenticationPackage; LSA_DEREGISTER_LOGON_PROCESS_MSG DeregisterLogonProcess; LSA_LOOKUP_AUTHENTICATION_PACKAGE_MSG LookupAuthenticationPackage; + LSA_ENUM_LOGON_SESSIONS_MSG EnumLogonSessions; }; }; }; diff --git a/reactos/lib/lsalib/lsa.c b/reactos/lib/lsalib/lsa.c index 210fb22854f..eb4f60ac53b 100644 --- a/reactos/lib/lsalib/lsa.c +++ b/reactos/lib/lsalib/lsa.c @@ -92,6 +92,8 @@ LsaConnectUntrusted(PHANDLE LsaHandle) RtlZeroMemory(&ConnectInfo, ConnectInfoLength); + ConnectInfo.CreateContext = TRUE; + Status = ZwConnectPort(LsaHandle, &PortName, &SecurityQos, @@ -328,6 +330,7 @@ LsaRegisterLogonProcess(PLSA_STRING LsaLogonProcessName, LsaLogonProcessName->Length); ConnectInfo.Length = LsaLogonProcessName->Length; ConnectInfo.LogonProcessNameBuffer[ConnectInfo.Length] = '\0'; + ConnectInfo.CreateContext = TRUE; Status = ZwConnectPort(Handle, &PortName, @@ -354,54 +357,3 @@ LsaRegisterLogonProcess(PLSA_STRING LsaLogonProcessName, return ConnectInfo.Status; } - -/* - * @unimplemented - */ -NTSTATUS -WINAPI -LsaEnumerateLogonSessions(PULONG LogonSessionCount, - PLUID *LogonSessionList) -{ - UNIMPLEMENTED; - return STATUS_NOT_IMPLEMENTED; -} - - -/* - * @unimplemented - */ -NTSTATUS -WINAPI -LsaGetLogonSessionData(PLUID LogonId, - PSECURITY_LOGON_SESSION_DATA *ppLogonSessionData) -{ - UNIMPLEMENTED; - return STATUS_NOT_IMPLEMENTED; -} - - -/* - * @unimplemented - */ -NTSTATUS -WINAPI -LsaRegisterPolicyChangeNotification(POLICY_NOTIFICATION_INFORMATION_CLASS InformationClass, - HANDLE NotificationEventHandle) -{ - UNIMPLEMENTED; - return STATUS_NOT_IMPLEMENTED; -} - - -/* - * @unimplemented - */ -NTSTATUS -WINAPI -LsaUnregisterPolicyChangeNotification(POLICY_NOTIFICATION_INFORMATION_CLASS InformationClass, - HANDLE NotificationEventHandle) -{ - UNIMPLEMENTED; - return STATUS_NOT_IMPLEMENTED; -}