ReactOS 0.4.16-dev-1520-gb558596
Functions | Variables
lsa.c File Reference
#include "msgina.h"
Include dependency graph for lsa.c:

Go to the source code of this file.

Functions

NTSTATUS ConnectToLsa (PGINA_CONTEXT pgContext)
 
 C_ASSERT (sizeof(User32TokenSourceName)==RTL_FIELD_SIZE(TOKEN_SOURCE, SourceName)+1)
 
NTSTATUS MyLogonUser (HANDLE LsaHandle, ULONG AuthenticationPackage, LPWSTR lpszUsername, LPWSTR lpszDomain, LPWSTR lpszPassword, PHANDLE phToken, PNTSTATUS SubStatus)
 

Variables

static const CHAR User32TokenSourceName [] = "User32 "
 

Function Documentation

◆ C_ASSERT()

C_ASSERT ( sizeof(User32TokenSourceName = =RTL_FIELD_SIZE(TOKEN_SOURCESourceName)+1)

◆ ConnectToLsa()

NTSTATUS ConnectToLsa ( PGINA_CONTEXT  pgContext)

Definition at line 11 of file lsa.c.

13{
14 LSA_STRING LogonProcessName;
15 LSA_STRING PackageName;
16 LSA_OPERATIONAL_MODE SecurityMode = 0;
17 NTSTATUS Status;
18
19 /* We are already connected to the LSA */
20 if (pgContext->LsaHandle != NULL)
21 return STATUS_SUCCESS;
22
23 /* Connect to the LSA server */
24 RtlInitAnsiString((PANSI_STRING)&LogonProcessName,
25 "MSGINA");
26
27 Status = LsaRegisterLogonProcess(&LogonProcessName,
28 &pgContext->LsaHandle,
29 &SecurityMode);
30 if (!NT_SUCCESS(Status))
31 {
32 ERR("LsaRegisterLogonProcess failed (Status 0x%08lx)\n", Status);
33 return Status;
34 }
35
36 /* Get the authentication package */
37 RtlInitAnsiString((PANSI_STRING)&PackageName,
38 MSV1_0_PACKAGE_NAME);
39
40 Status = LsaLookupAuthenticationPackage(pgContext->LsaHandle,
41 &PackageName,
42 &pgContext->AuthenticationPackage);
43 if (!NT_SUCCESS(Status))
44 {
45 ERR("LsaLookupAuthenticationPackage failed (Status 0x%08lx)\n", Status);
46 }
47
48 return Status;
49}
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
ERR
#define ERR(fmt,...)
Definition: precomp.h:57
NULL
#define NULL
Definition: types.h:112
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:33
Status
Status
Definition: gdiplustypes.h:25
RtlInitAnsiString
NTSYSAPI VOID NTAPI RtlInitAnsiString(PANSI_STRING DestinationString, PCSZ SourceString)
SecurityMode
_IRQL_requires_same_ _Out_ PHANDLE _Out_ PLSA_OPERATIONAL_MODE SecurityMode
Definition: ntifs.template.h:699
LsaLookupAuthenticationPackage
NTSTATUS NTAPI LsaLookupAuthenticationPackage(HANDLE, PLSA_STRING, PULONG)
MSV1_0_PACKAGE_NAME
#define MSV1_0_PACKAGE_NAME
Definition: ntsecapi.h:42
LSA_OPERATIONAL_MODE
ULONG LSA_OPERATIONAL_MODE
Definition: ntsecapi.h:367
LsaRegisterLogonProcess
NTSTATUS NTAPI LsaRegisterLogonProcess(PLSA_STRING, PHANDLE, PLSA_OPERATIONAL_MODE)
STATUS_SUCCESS
#define STATUS_SUCCESS
Definition: shellext.h:65
GINA_CONTEXT::LsaHandle
HANDLE LsaHandle
Definition: msgina.h:39
GINA_CONTEXT::AuthenticationPackage
ULONG AuthenticationPackage
Definition: msgina.h:40
_ANSI_STRING
Definition: env_spec_w32.h:375
_LSA_STRING
Definition: ntsecapi.h:171

Referenced by DoAdminUnlock(), DoChangePassword(), DoLoginTasks(), and TUILockedSAS().

◆ MyLogonUser()

NTSTATUS MyLogonUser ( HANDLE  LsaHandle,
ULONG  AuthenticationPackage,
LPWSTR  lpszUsername,
LPWSTR  lpszDomain,
LPWSTR  lpszPassword,
PHANDLE  phToken,
PNTSTATUS  SubStatus 
)

Definition at line 55 of file lsa.c.

63{
64 SID_IDENTIFIER_AUTHORITY LocalAuthority = {SECURITY_LOCAL_SID_AUTHORITY};
65 SID_IDENTIFIER_AUTHORITY SystemAuthority = {SECURITY_NT_AUTHORITY};
66 PSID LogonSid = NULL;
67 PSID LocalSid = NULL;
68 LSA_STRING OriginName;
69 UNICODE_STRING DomainName;
70 UNICODE_STRING UserName;
71 UNICODE_STRING Password;
72 PMSV1_0_INTERACTIVE_LOGON AuthInfo = NULL;
73 ULONG AuthInfoLength;
74 ULONG_PTR Ptr;
75 TOKEN_SOURCE TokenSource;
76 PTOKEN_GROUPS TokenGroups = NULL;
77 PMSV1_0_INTERACTIVE_PROFILE ProfileBuffer = NULL;
78 ULONG ProfileBufferLength = 0;
79 LUID Luid = {0, 0};
80 LUID LogonId = {0, 0};
81 HANDLE TokenHandle = NULL;
82 QUOTA_LIMITS QuotaLimits;
83 NTSTATUS Status;
84
85 *phToken = NULL;
86
87 RtlInitAnsiString((PANSI_STRING)&OriginName,
88 "MSGINA Logon");
89
90 RtlInitUnicodeString(&DomainName,
91 lpszDomain);
92
93 RtlInitUnicodeString(&UserName,
94 lpszUsername);
95
96 RtlInitUnicodeString(&Password,
97 lpszPassword);
98
99 AuthInfoLength = sizeof(MSV1_0_INTERACTIVE_LOGON)+
100 DomainName.MaximumLength +
101 UserName.MaximumLength +
102 Password.MaximumLength;
103
104 AuthInfo = RtlAllocateHeap(RtlGetProcessHeap(),
105 HEAP_ZERO_MEMORY,
106 AuthInfoLength);
107 if (AuthInfo == NULL)
108 {
109 Status = STATUS_INSUFFICIENT_RESOURCES;
110 goto done;
111 }
112
113 AuthInfo->MessageType = MsV1_0InteractiveLogon;
114
115 Ptr = (ULONG_PTR)AuthInfo + sizeof(MSV1_0_INTERACTIVE_LOGON);
116
117 AuthInfo->LogonDomainName.Length = DomainName.Length;
118 AuthInfo->LogonDomainName.MaximumLength = DomainName.MaximumLength;
119 AuthInfo->LogonDomainName.Buffer = (DomainName.Buffer == NULL) ? NULL : (PWCHAR)Ptr;
120 if (DomainName.MaximumLength > 0)
121 {
122 RtlCopyMemory(AuthInfo->LogonDomainName.Buffer,
123 DomainName.Buffer,
124 DomainName.MaximumLength);
125
126 Ptr += DomainName.MaximumLength;
127 }
128
129 AuthInfo->UserName.Length = UserName.Length;
130 AuthInfo->UserName.MaximumLength = UserName.MaximumLength;
131 AuthInfo->UserName.Buffer = (PWCHAR)Ptr;
132 if (UserName.MaximumLength > 0)
133 {
134 RtlCopyMemory(AuthInfo->UserName.Buffer,
135 UserName.Buffer,
136 UserName.MaximumLength);
137 }
138
139 Ptr += UserName.MaximumLength;
140
141 AuthInfo->Password.Length = Password.Length;
142 AuthInfo->Password.MaximumLength = Password.MaximumLength;
143 AuthInfo->Password.Buffer = (PWCHAR)Ptr;
144 if (Password.MaximumLength > 0)
145 {
146 RtlCopyMemory(AuthInfo->Password.Buffer,
147 Password.Buffer,
148 Password.MaximumLength);
149 }
150
151 /* Create the Logon SID*/
152 AllocateLocallyUniqueId(&LogonId);
153 Status = RtlAllocateAndInitializeSid(&SystemAuthority,
154 SECURITY_LOGON_IDS_RID_COUNT,
155 SECURITY_LOGON_IDS_RID,
156 LogonId.HighPart,
157 LogonId.LowPart,
158 SECURITY_NULL_RID,
159 SECURITY_NULL_RID,
160 SECURITY_NULL_RID,
161 SECURITY_NULL_RID,
162 SECURITY_NULL_RID,
163 &LogonSid);
164 if (!NT_SUCCESS(Status))
165 goto done;
166
167 /* Create the Local SID*/
168 Status = RtlAllocateAndInitializeSid(&LocalAuthority,
169 1,
170 SECURITY_LOCAL_RID,
171 SECURITY_NULL_RID,
172 SECURITY_NULL_RID,
173 SECURITY_NULL_RID,
174 SECURITY_NULL_RID,
175 SECURITY_NULL_RID,
176 SECURITY_NULL_RID,
177 SECURITY_NULL_RID,
178 &LocalSid);
179 if (!NT_SUCCESS(Status))
180 goto done;
181
182 /* Allocate and set the token groups */
183 TokenGroups = RtlAllocateHeap(RtlGetProcessHeap(),
184 HEAP_ZERO_MEMORY,
185 sizeof(TOKEN_GROUPS) + ((2 - ANYSIZE_ARRAY) * sizeof(SID_AND_ATTRIBUTES)));
186 if (TokenGroups == NULL)
187 {
188 Status = STATUS_INSUFFICIENT_RESOURCES;
189 goto done;
190 }
191
192 TokenGroups->GroupCount = 2;
193 TokenGroups->Groups[0].Sid = LogonSid;
194 TokenGroups->Groups[0].Attributes = SE_GROUP_MANDATORY | SE_GROUP_ENABLED |
195 SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_LOGON_ID;
196 TokenGroups->Groups[1].Sid = LocalSid;
197 TokenGroups->Groups[1].Attributes = SE_GROUP_MANDATORY | SE_GROUP_ENABLED |
198 SE_GROUP_ENABLED_BY_DEFAULT;
199
200 /* Set the token source */
201 RtlCopyMemory(TokenSource.SourceName, User32TokenSourceName, sizeof(TokenSource.SourceName));
202 AllocateLocallyUniqueId(&TokenSource.SourceIdentifier);
203
204 Status = LsaLogonUser(LsaHandle,
205 &OriginName,
206 Interactive,
207 AuthenticationPackage,
208 (PVOID)AuthInfo,
209 AuthInfoLength,
210 TokenGroups,
211 &TokenSource,
212 (PVOID*)&ProfileBuffer,
213 &ProfileBufferLength,
214 &Luid,
215 &TokenHandle,
216 &QuotaLimits,
217 SubStatus);
218 if (!NT_SUCCESS(Status))
219 {
220 ERR("LsaLogonUser failed (Status 0x%08lx)\n", Status);
221 goto done;
222 }
223
224 if (ProfileBuffer != NULL)
225 {
226 TRACE("ProfileBuffer: %p\n", ProfileBuffer);
227 TRACE("MessageType: %u\n", ProfileBuffer->MessageType);
228
229 TRACE("FullName: %p\n", ProfileBuffer->FullName.Buffer);
230 TRACE("FullName: %S\n", ProfileBuffer->FullName.Buffer);
231
232 TRACE("LogonServer: %p\n", ProfileBuffer->LogonServer.Buffer);
233 TRACE("LogonServer: %S\n", ProfileBuffer->LogonServer.Buffer);
234 }
235
236 TRACE("Luid: 0x%08lx%08lx\n", Luid.HighPart, Luid.LowPart);
237
238 if (TokenHandle != NULL)
239 TRACE("TokenHandle: %p\n", TokenHandle);
240
241 *phToken = TokenHandle;
242
243done:
244 SecureZeroMemory(&Password, sizeof(Password));
245
246 if (ProfileBuffer != NULL)
247 LsaFreeReturnBuffer(ProfileBuffer);
248
249 if (!NT_SUCCESS(Status) && (TokenHandle != NULL))
250 CloseHandle(TokenHandle);
251
252 if (TokenGroups != NULL)
253 RtlFreeHeap(RtlGetProcessHeap(), 0, TokenGroups);
254
255 if (LocalSid != NULL)
256 RtlFreeSid(LocalSid);
257
258 if (LogonSid != NULL)
259 RtlFreeSid(LogonSid);
260
261 if (AuthInfo != NULL)
262 {
263 /* Zero out the password buffers before freeing */
264 SecureZeroMemory(AuthInfo->Password.Buffer, AuthInfo->Password.MaximumLength);
265 SecureZeroMemory(&AuthInfo->Password, sizeof(AuthInfo->Password));
266 RtlFreeHeap(RtlGetProcessHeap(), 0, AuthInfo);
267 }
268
269 return Status;
270}
LocalSid
PSID LocalSid
Definition: globals.c:15
LsaHandle
HANDLE LsaHandle
Definition: wkssvc.c:41
RtlAllocateHeap
PVOID NTAPI RtlAllocateHeap(IN PVOID HeapHandle, IN ULONG Flags, IN SIZE_T Size)
Definition: heap.c:616
RtlFreeHeap
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
Definition: heap.c:634
AuthenticationPackage
ULONG AuthenticationPackage
Definition: logon.c:18
AllocateLocallyUniqueId
BOOL WINAPI AllocateLocallyUniqueId(PLUID Luid)
Definition: security.c:1218
CloseHandle
#define CloseHandle
Definition: compat.h:739
HEAP_ZERO_MEMORY
#define HEAP_ZERO_MEMORY
Definition: compat.h:134
User32TokenSourceName
static const CHAR User32TokenSourceName[]
Definition: lsa.c:51
ULONG_PTR
#define ULONG_PTR
Definition: config.h:101
Ptr
_Must_inspect_result_ _In_ PFSRTL_PER_STREAM_CONTEXT Ptr
Definition: fsrtlfuncs.h:898
SystemAuthority
static SID_IDENTIFIER_AUTHORITY SystemAuthority
Definition: msgina.c:38
TokenHandle
_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE TokenHandle
Definition: psfuncs.h:726
RtlFreeSid
NTSYSAPI PVOID NTAPI RtlFreeSid(_In_ _Post_invalid_ PSID Sid)
SE_GROUP_LOGON_ID
#define SE_GROUP_LOGON_ID
Definition: setypes.h:98
SE_GROUP_MANDATORY
#define SE_GROUP_MANDATORY
Definition: setypes.h:90
SE_GROUP_ENABLED_BY_DEFAULT
#define SE_GROUP_ENABLED_BY_DEFAULT
Definition: setypes.h:91
SE_GROUP_ENABLED
#define SE_GROUP_ENABLED
Definition: setypes.h:92
RtlInitUnicodeString
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
SubStatus
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE _Out_ PQUOTA_LIMITS _Out_ PNTSTATUS SubStatus
Definition: ntifs.template.h:719
ProfileBuffer
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID * ProfileBuffer
Definition: ntifs.template.h:714
ProfileBufferLength
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG ProfileBufferLength
Definition: ntifs.template.h:715
LogonId
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID LogonId
Definition: ntifs.template.h:716
OriginName
_IRQL_requires_same_ _In_ PLSA_STRING OriginName
Definition: ntifs.template.h:707
RtlAllocateAndInitializeSid
NTSYSAPI NTSTATUS NTAPI RtlAllocateAndInitializeSid(IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, IN UCHAR SubAuthorityCount, IN ULONG SubAuthority0, IN ULONG SubAuthority1, IN ULONG SubAuthority2, IN ULONG SubAuthority3, IN ULONG SubAuthority4, IN ULONG SubAuthority5, IN ULONG SubAuthority6, IN ULONG SubAuthority7, OUT PSID *Sid)
Definition: sid.c:290
LsaLogonUser
NTSTATUS NTAPI LsaLogonUser(HANDLE, PLSA_STRING, SECURITY_LOGON_TYPE, ULONG, PVOID, ULONG, PTOKEN_GROUPS, PTOKEN_SOURCE, PVOID *, PULONG, PLUID, PHANDLE, PQUOTA_LIMITS, PNTSTATUS)
Interactive
@ Interactive
Definition: ntsecapi.h:289
LsaFreeReturnBuffer
NTSTATUS NTAPI LsaFreeReturnBuffer(PVOID)
MSV1_0_INTERACTIVE_LOGON
struct _MSV1_0_INTERACTIVE_LOGON MSV1_0_INTERACTIVE_LOGON
MsV1_0InteractiveLogon
@ MsV1_0InteractiveLogon
Definition: ntsecapi.h:199
TRACE
#define TRACE(s)
Definition: solgame.cpp:4
_LSA_STRING::Buffer
PCHAR Buffer
Definition: ntsecapi.h:174
_LUID
Definition: devicetopology.idl:137
_LUID::HighPart
LONG HighPart
Definition: devicetopology.idl:139
_LUID::LowPart
DWORD LowPart
Definition: devicetopology.idl:138
_MSV1_0_INTERACTIVE_LOGON
Definition: ntsecapi.h:433
_MSV1_0_INTERACTIVE_LOGON::Password
UNICODE_STRING Password
Definition: ntsecapi.h:437
_MSV1_0_INTERACTIVE_LOGON::UserName
UNICODE_STRING UserName
Definition: ntsecapi.h:436
_MSV1_0_INTERACTIVE_LOGON::MessageType
MSV1_0_LOGON_SUBMIT_TYPE MessageType
Definition: ntsecapi.h:434
_MSV1_0_INTERACTIVE_LOGON::LogonDomainName
UNICODE_STRING LogonDomainName
Definition: ntsecapi.h:435
_MSV1_0_INTERACTIVE_PROFILE
Definition: ntsecapi.h:439
_QUOTA_LIMITS
Definition: lsa.idl:286
_SID_AND_ATTRIBUTES
Definition: setypes.h:502
_SID_IDENTIFIER_AUTHORITY
Definition: ms-dtyp.idl:194
_SID
Definition: ms-dtyp.idl:198
_TOKEN_GROUPS
Definition: setypes.h:1025
_TOKEN_SOURCE
Definition: imports.h:277
_UNICODE_STRING
Definition: env_spec_w32.h:368
_UNICODE_STRING::Length
USHORT Length
Definition: env_spec_w32.h:369
_UNICODE_STRING::MaximumLength
USHORT MaximumLength
Definition: env_spec_w32.h:370
_UNICODE_STRING::Buffer
PWSTR Buffer
Definition: env_spec_w32.h:371
Password
@ Password
Definition: telnetd.h:65
ANYSIZE_ARRAY
#define ANYSIZE_ARRAY
Definition: typedefs.h:46
RtlCopyMemory
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
ULONG_PTR
uint32_t ULONG_PTR
Definition: typedefs.h:65
PWCHAR
uint16_t * PWCHAR
Definition: typedefs.h:56
ULONG
uint32_t ULONG
Definition: typedefs.h:59
STATUS_INSUFFICIENT_RESOURCES
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
SecureZeroMemory
#define SecureZeroMemory
Definition: winbase.h:1754
phToken
_In_opt_ LPSTR _In_opt_ LPSTR _In_ DWORD _In_ DWORD _Out_opt_ PHANDLE phToken
Definition: winbase.h:2756
lpszPassword
_In_opt_ LPSTR _In_opt_ LPSTR lpszPassword
Definition: winbase.h:2753
lpszDomain
_In_opt_ LPSTR lpszDomain
Definition: winbase.h:2752
SECURITY_LOGON_IDS_RID
#define SECURITY_LOGON_IDS_RID
Definition: setypes.h:560
SECURITY_LOCAL_SID_AUTHORITY
#define SECURITY_LOCAL_SID_AUTHORITY
Definition: setypes.h:530
SECURITY_LOCAL_RID
#define SECURITY_LOCAL_RID
Definition: setypes.h:542
SECURITY_NULL_RID
#define SECURITY_NULL_RID
Definition: setypes.h:540
SECURITY_NT_AUTHORITY
#define SECURITY_NT_AUTHORITY
Definition: setypes.h:554
TokenSource
@ TokenSource
Definition: setypes.h:984
TokenGroups
@ TokenGroups
Definition: setypes.h:979
SECURITY_LOGON_IDS_RID_COUNT
#define SECURITY_LOGON_IDS_RID_COUNT
Definition: setypes.h:561

Referenced by DoAdminUnlock(), DoLoginTasks(), and TUILockedSAS().

Variable Documentation

◆ User32TokenSourceName

const CHAR User32TokenSourceName[] = "User32 "
static

Definition at line 51 of file lsa.c.

Referenced by MyLogonUser().