ReactOS  0.4.14-dev-1256-g2125fec
Functions | Variables
lsa.c File Reference
#include "msgina.h"
Include dependency graph for lsa.c:

Go to the source code of this file.

Functions

NTSTATUS ConnectToLsa (PGINA_CONTEXT pgContext)
 
 C_ASSERT (sizeof(User32TokenSourceName)==RTL_FIELD_SIZE(TOKEN_SOURCE, SourceName)+1)
 
NTSTATUS MyLogonUser (HANDLE LsaHandle, ULONG AuthenticationPackage, LPWSTR lpszUsername, LPWSTR lpszDomain, LPWSTR lpszPassword, PHANDLE phToken, PNTSTATUS SubStatus)
 

Variables

static const CHAR User32TokenSourceName [] = "User32 "
 

Function Documentation

◆ C_ASSERT()

C_ASSERT ( sizeof(User32TokenSourceName = =RTL_FIELD_SIZE(TOKEN_SOURCESourceName)+1)

◆ ConnectToLsa()

NTSTATUS ConnectToLsa ( PGINA_CONTEXT  pgContext)

Definition at line 11 of file lsa.c.

13 {
14  LSA_STRING LogonProcessName;
15  LSA_STRING PackageName;
16  LSA_OPERATIONAL_MODE SecurityMode = 0;
17  NTSTATUS Status;
18 
19  /* We are already connected to the LSA */
20  if (pgContext->LsaHandle != NULL)
21  return STATUS_SUCCESS;
22 
23  /* Connect to the LSA server */
24  RtlInitAnsiString((PANSI_STRING)&LogonProcessName,
25  "MSGINA");
26 
27  Status = LsaRegisterLogonProcess(&LogonProcessName,
28  &pgContext->LsaHandle,
29  &SecurityMode);
30  if (!NT_SUCCESS(Status))
31  {
32  ERR("LsaRegisterLogonProcess failed (Status 0x%08lx)\n", Status);
33  return Status;
34  }
35 
36  /* Get the authentication package */
37  RtlInitAnsiString((PANSI_STRING)&PackageName,
38  MSV1_0_PACKAGE_NAME);
39 
40  Status = LsaLookupAuthenticationPackage(pgContext->LsaHandle,
41  &PackageName,
42  &pgContext->AuthenticationPackage);
43  if (!NT_SUCCESS(Status))
44  {
45  ERR("LsaLookupAuthenticationPackage failed (Status 0x%08lx)\n", Status);
46  }
47 
48  return Status;
49 }
MSV1_0_PACKAGE_NAME
#define MSV1_0_PACKAGE_NAME
Definition: ntsecapi.h:42
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
RtlInitAnsiString
NTSYSAPI VOID NTAPI RtlInitAnsiString(PANSI_STRING DestinationString, PCSZ SourceString)
_ANSI_STRING
Definition: env_spec_w32.h:375
LsaLookupAuthenticationPackage
NTSTATUS NTAPI LsaLookupAuthenticationPackage(IN HANDLE LsaHandle, IN PLSA_STRING PackageName, OUT PULONG AuthenticationPackage)
Definition: lsa.c:136
SecurityMode
_IRQL_requires_same_ _Out_ PHANDLE _Out_ PLSA_OPERATIONAL_MODE SecurityMode
Definition: ntifs.template.h:698
NULL
smooth NULL
Definition: ftsmooth.c:416
GINA_CONTEXT::LsaHandle
HANDLE LsaHandle
Definition: msgina.h:39
LSA_OPERATIONAL_MODE
ULONG LSA_OPERATIONAL_MODE
Definition: ntsecapi.h:367
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
GINA_CONTEXT::AuthenticationPackage
ULONG AuthenticationPackage
Definition: msgina.h:40
Status
Status
Definition: gdiplustypes.h:24
ERR
#define ERR(fmt,...)
Definition: debug.h:109
LsaRegisterLogonProcess
NTSTATUS NTAPI LsaRegisterLogonProcess(IN PLSA_STRING LogonProcessName, OUT PHANDLE LsaHandle, OUT PLSA_OPERATIONAL_MODE OperationalMode)
Definition: lsa.c:249
_LSA_STRING
Definition: ntsecapi.h:171
STATUS_SUCCESS
return STATUS_SUCCESS
Definition: btrfs.c:2938

Referenced by DoAdminUnlock(), DoChangePassword(), DoLoginTasks(), and TUILockedSAS().

◆ MyLogonUser()

NTSTATUS MyLogonUser ( HANDLE  LsaHandle,
ULONG  AuthenticationPackage,
LPWSTR  lpszUsername,
LPWSTR  lpszDomain,
LPWSTR  lpszPassword,
PHANDLE  phToken,
PNTSTATUS  SubStatus 
)

Definition at line 55 of file lsa.c.

63 {
64  SID_IDENTIFIER_AUTHORITY LocalAuthority = {SECURITY_LOCAL_SID_AUTHORITY};
65  SID_IDENTIFIER_AUTHORITY SystemAuthority = {SECURITY_NT_AUTHORITY};
66  PSID LogonSid = NULL;
67  PSID LocalSid = NULL;
68  LSA_STRING OriginName;
69  UNICODE_STRING DomainName;
70  UNICODE_STRING UserName;
71  UNICODE_STRING Password;
72  PMSV1_0_INTERACTIVE_LOGON AuthInfo = NULL;
73  ULONG AuthInfoLength;
74  ULONG_PTR Ptr;
75  TOKEN_SOURCE TokenSource;
76  PTOKEN_GROUPS TokenGroups = NULL;
77  PMSV1_0_INTERACTIVE_PROFILE ProfileBuffer = NULL;
78  ULONG ProfileBufferLength = 0;
79  LUID Luid = {0, 0};
80  LUID LogonId = {0, 0};
81  HANDLE TokenHandle = NULL;
82  QUOTA_LIMITS QuotaLimits;
83  NTSTATUS Status;
84 
85  *phToken = NULL;
86 
87  RtlInitAnsiString((PANSI_STRING)&OriginName,
88  "MSGINA Logon");
89 
90  RtlInitUnicodeString(&DomainName,
91  lpszDomain);
92 
93  RtlInitUnicodeString(&UserName,
94  lpszUsername);
95 
96  RtlInitUnicodeString(&Password,
97  lpszPassword);
98 
99  AuthInfoLength = sizeof(MSV1_0_INTERACTIVE_LOGON)+
100  DomainName.MaximumLength +
101  UserName.MaximumLength +
102  Password.MaximumLength;
103 
104  AuthInfo = RtlAllocateHeap(RtlGetProcessHeap(),
105  HEAP_ZERO_MEMORY,
106  AuthInfoLength);
107  if (AuthInfo == NULL)
108  {
109  Status = STATUS_INSUFFICIENT_RESOURCES;
110  goto done;
111  }
112 
113  AuthInfo->MessageType = MsV1_0InteractiveLogon;
114 
115  Ptr = (ULONG_PTR)AuthInfo + sizeof(MSV1_0_INTERACTIVE_LOGON);
116 
117  AuthInfo->LogonDomainName.Length = DomainName.Length;
118  AuthInfo->LogonDomainName.MaximumLength = DomainName.MaximumLength;
119  AuthInfo->LogonDomainName.Buffer = (DomainName.Buffer == NULL) ? NULL : (PWCHAR)Ptr;
120  if (DomainName.MaximumLength > 0)
121  {
122  RtlCopyMemory(AuthInfo->LogonDomainName.Buffer,
123  DomainName.Buffer,
124  DomainName.MaximumLength);
125 
126  Ptr += DomainName.MaximumLength;
127  }
128 
129  AuthInfo->UserName.Length = UserName.Length;
130  AuthInfo->UserName.MaximumLength = UserName.MaximumLength;
131  AuthInfo->UserName.Buffer = (PWCHAR)Ptr;
132  if (UserName.MaximumLength > 0)
133  RtlCopyMemory(AuthInfo->UserName.Buffer,
134  UserName.Buffer,
135  UserName.MaximumLength);
136 
137  Ptr += UserName.MaximumLength;
138 
139  AuthInfo->Password.Length = Password.Length;
140  AuthInfo->Password.MaximumLength = Password.MaximumLength;
141  AuthInfo->Password.Buffer = (PWCHAR)Ptr;
142  if (Password.MaximumLength > 0)
143  RtlCopyMemory(AuthInfo->Password.Buffer,
144  Password.Buffer,
145  Password.MaximumLength);
146 
147  /* Create the Logon SID*/
148  AllocateLocallyUniqueId(&LogonId);
149  Status = RtlAllocateAndInitializeSid(&SystemAuthority,
150  SECURITY_LOGON_IDS_RID_COUNT,
151  SECURITY_LOGON_IDS_RID,
152  LogonId.HighPart,
153  LogonId.LowPart,
154  SECURITY_NULL_RID,
155  SECURITY_NULL_RID,
156  SECURITY_NULL_RID,
157  SECURITY_NULL_RID,
158  SECURITY_NULL_RID,
159  &LogonSid);
160  if (!NT_SUCCESS(Status))
161  goto done;
162 
163  /* Create the Local SID*/
164  Status = RtlAllocateAndInitializeSid(&LocalAuthority,
165  1,
166  SECURITY_LOCAL_RID,
167  SECURITY_NULL_RID,
168  SECURITY_NULL_RID,
169  SECURITY_NULL_RID,
170  SECURITY_NULL_RID,
171  SECURITY_NULL_RID,
172  SECURITY_NULL_RID,
173  SECURITY_NULL_RID,
174  &LocalSid);
175  if (!NT_SUCCESS(Status))
176  goto done;
177 
178  /* Allocate and set the token groups */
179  TokenGroups = RtlAllocateHeap(RtlGetProcessHeap(),
180  HEAP_ZERO_MEMORY,
181  sizeof(TOKEN_GROUPS) + ((2 - ANYSIZE_ARRAY) * sizeof(SID_AND_ATTRIBUTES)));
182  if (TokenGroups == NULL)
183  {
184  Status = STATUS_INSUFFICIENT_RESOURCES;
185  goto done;
186  }
187 
188  TokenGroups->GroupCount = 2;
189  TokenGroups->Groups[0].Sid = LogonSid;
190  TokenGroups->Groups[0].Attributes = SE_GROUP_MANDATORY | SE_GROUP_ENABLED |
191  SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_LOGON_ID;
192  TokenGroups->Groups[1].Sid = LocalSid;
193  TokenGroups->Groups[1].Attributes = SE_GROUP_MANDATORY | SE_GROUP_ENABLED |
194  SE_GROUP_ENABLED_BY_DEFAULT;
195 
196  /* Set the token source */
197  RtlCopyMemory(TokenSource.SourceName, User32TokenSourceName, sizeof(TokenSource.SourceName));
198  AllocateLocallyUniqueId(&TokenSource.SourceIdentifier);
199 
200  Status = LsaLogonUser(LsaHandle,
201  &OriginName,
202  Interactive,
203  AuthenticationPackage,
204  (PVOID)AuthInfo,
205  AuthInfoLength,
206  TokenGroups,
207  &TokenSource,
208  (PVOID*)&ProfileBuffer,
209  &ProfileBufferLength,
210  &Luid,
211  &TokenHandle,
212  &QuotaLimits,
213  SubStatus);
214  if (!NT_SUCCESS(Status))
215  {
216  ERR("LsaLogonUser failed (Status 0x%08lx)\n", Status);
217  goto done;
218  }
219 
220  if (ProfileBuffer != NULL)
221  {
222  TRACE("ProfileBuffer: %p\n", ProfileBuffer);
223  TRACE("MessageType: %u\n", ProfileBuffer->MessageType);
224 
225  TRACE("FullName: %p\n", ProfileBuffer->FullName.Buffer);
226  TRACE("FullName: %S\n", ProfileBuffer->FullName.Buffer);
227 
228  TRACE("LogonServer: %p\n", ProfileBuffer->LogonServer.Buffer);
229  TRACE("LogonServer: %S\n", ProfileBuffer->LogonServer.Buffer);
230  }
231 
232  TRACE("Luid: 0x%08lx%08lx\n", Luid.HighPart, Luid.LowPart);
233 
234  if (TokenHandle != NULL)
235  {
236  TRACE("TokenHandle: %p\n", TokenHandle);
237  }
238 
239  *phToken = TokenHandle;
240 
241 done:
242  if (ProfileBuffer != NULL)
243  LsaFreeReturnBuffer(ProfileBuffer);
244 
245  if (!NT_SUCCESS(Status))
246  {
247  if (TokenHandle != NULL)
248  CloseHandle(TokenHandle);
249  }
250 
251  if (TokenGroups != NULL)
252  RtlFreeHeap(RtlGetProcessHeap(), 0, TokenGroups);
253 
254  if (LocalSid != NULL)
255  RtlFreeSid(LocalSid);
256 
257  if (LogonSid != NULL)
258  RtlFreeSid(LogonSid);
259 
260  if (AuthInfo != NULL)
261  RtlFreeHeap(RtlGetProcessHeap(), 0, AuthInfo);
262 
263  return Status;
264 }
RtlCopyMemory
NTSYSAPI VOID NTAPI RtlCopyMemory(VOID UNALIGNED *Destination, CONST VOID UNALIGNED *Source, ULONG Length)
CloseHandle
#define CloseHandle
Definition: compat.h:406
STATUS_INSUFFICIENT_RESOURCES
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
_MSV1_0_INTERACTIVE_LOGON::MessageType
MSV1_0_LOGON_SUBMIT_TYPE MessageType
Definition: ntsecapi.h:434
_TOKEN_GROUPS
Definition: setypes.h:959
_SID
Definition: ms-dtyp.idl:198
_UNICODE_STRING::MaximumLength
USHORT MaximumLength
Definition: env_spec_w32.h:370
ANYSIZE_ARRAY
#define ANYSIZE_ARRAY
Definition: typedefs.h:46
RtlFreeSid
NTSYSAPI PVOID NTAPI RtlFreeSid(_In_ _Post_invalid_ PSID Sid)
Ptr
_Must_inspect_result_ _In_ PFSRTL_PER_STREAM_CONTEXT Ptr
Definition: fsrtlfuncs.h:898
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
_UNICODE_STRING::Length
USHORT Length
Definition: env_spec_w32.h:369
RtlFreeHeap
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
Definition: heap.c:606
lpszPassword
_In_opt_ LPSTR _In_opt_ LPSTR lpszPassword
Definition: winbase.h:2674
ProfileBufferLength
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG ProfileBufferLength
Definition: ntifs.template.h:711
PWCHAR
uint16_t * PWCHAR
Definition: typedefs.h:55
LocalSid
PSID LocalSid
Definition: globals.c:15
RtlAllocateAndInitializeSid
NTSYSAPI NTSTATUS NTAPI RtlAllocateAndInitializeSid(IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, IN UCHAR SubAuthorityCount, IN ULONG SubAuthority0, IN ULONG SubAuthority1, IN ULONG SubAuthority2, IN ULONG SubAuthority3, IN ULONG SubAuthority4, IN ULONG SubAuthority5, IN ULONG SubAuthority6, IN ULONG SubAuthority7, OUT PSID *Sid)
Definition: sid.c:290
OriginName
_IRQL_requires_same_ _In_ PLSA_STRING OriginName
Definition: ntifs.template.h:707
_MSV1_0_INTERACTIVE_LOGON::Password
UNICODE_STRING Password
Definition: ntsecapi.h:437
LsaLogonUser
NTSTATUS NTAPI LsaLogonUser(IN HANDLE LsaHandle, IN PLSA_STRING OriginName, IN SECURITY_LOGON_TYPE LogonType, IN ULONG AuthenticationPackage, IN PVOID AuthenticationInformation, IN ULONG AuthenticationInformationLength, IN PTOKEN_GROUPS LocalGroups OPTIONAL, IN PTOKEN_SOURCE SourceContext, OUT PVOID *ProfileBuffer, OUT PULONG ProfileBufferLength, OUT PLUID LogonId, OUT PHANDLE Token, OUT PQUOTA_LIMITS Quotas, OUT PNTSTATUS SubStatus)
Definition: lsa.c:184
_MSV1_0_INTERACTIVE_PROFILE
Definition: ntsecapi.h:439
RtlInitAnsiString
NTSYSAPI VOID NTAPI RtlInitAnsiString(PANSI_STRING DestinationString, PCSZ SourceString)
ULONG_PTR
uint32_t ULONG_PTR
Definition: typedefs.h:64
SECURITY_LOGON_IDS_RID_COUNT
#define SECURITY_LOGON_IDS_RID_COUNT
Definition: setypes.h:533
LsaHandle
HANDLE LsaHandle
Definition: logon.c:17
SubStatus
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE _Out_ PQUOTA_LIMITS _Out_ PNTSTATUS SubStatus
Definition: ntifs.template.h:711
_LUID
Definition: devicetopology.idl:136
SECURITY_LOCAL_SID_AUTHORITY
#define SECURITY_LOCAL_SID_AUTHORITY
Definition: setypes.h:502
_UNICODE_STRING::Buffer
PWSTR Buffer
Definition: env_spec_w32.h:371
_ANSI_STRING
Definition: env_spec_w32.h:375
NULL
smooth NULL
Definition: ftsmooth.c:416
SE_GROUP_ENABLED_BY_DEFAULT
#define SE_GROUP_ENABLED_BY_DEFAULT
Definition: setypes.h:91
TokenHandle
_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE TokenHandle
Definition: psfuncs.h:715
SECURITY_NT_AUTHORITY
#define SECURITY_NT_AUTHORITY
Definition: setypes.h:526
RtlAllocateHeap
PVOID NTAPI RtlAllocateHeap(IN PVOID HeapHandle, IN ULONG Flags, IN SIZE_T Size)
Definition: heap.c:588
MSV1_0_INTERACTIVE_LOGON
struct _MSV1_0_INTERACTIVE_LOGON MSV1_0_INTERACTIVE_LOGON
_MSV1_0_INTERACTIVE_LOGON::UserName
UNICODE_STRING UserName
Definition: ntsecapi.h:436
TRACE
#define TRACE(s)
Definition: solgame.cpp:4
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
SE_GROUP_ENABLED
#define SE_GROUP_ENABLED
Definition: setypes.h:92
_LUID::LowPart
DWORD LowPart
Definition: devicetopology.idl:138
_SID_AND_ATTRIBUTES
Definition: setypes.h:474
User32TokenSourceName
static const CHAR User32TokenSourceName[]
Definition: lsa.c:51
SECURITY_LOCAL_RID
#define SECURITY_LOCAL_RID
Definition: setypes.h:514
phToken
_In_opt_ LPSTR _In_opt_ LPSTR _In_ DWORD _In_ DWORD _Out_opt_ PHANDLE phToken
Definition: winbase.h:2674
_LSA_STRING::Buffer
PCHAR Buffer
Definition: ntsecapi.h:174
SE_GROUP_MANDATORY
#define SE_GROUP_MANDATORY
Definition: setypes.h:90
_QUOTA_LIMITS
Definition: lsa.idl:286
SECURITY_NULL_RID
#define SECURITY_NULL_RID
Definition: setypes.h:512
_LUID::HighPart
LONG HighPart
Definition: devicetopology.idl:139
_SID_IDENTIFIER_AUTHORITY
Definition: ms-dtyp.idl:194
ProfileBuffer
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID * ProfileBuffer
Definition: ntifs.template.h:711
AuthenticationPackage
ULONG AuthenticationPackage
Definition: logon.c:18
Status
Status
Definition: gdiplustypes.h:24
_TOKEN_SOURCE
Definition: imports.h:277
SE_GROUP_LOGON_ID
#define SE_GROUP_LOGON_ID
Definition: setypes.h:98
LsaFreeReturnBuffer
NTSTATUS NTAPI LsaFreeReturnBuffer(IN PVOID Buffer)
Definition: lsa.c:120
ERR
#define ERR(fmt,...)
Definition: debug.h:109
_UNICODE_STRING
Definition: env_spec_w32.h:368
AllocateLocallyUniqueId
BOOL WINAPI AllocateLocallyUniqueId(PLUID Luid)
Definition: security.c:1097
lpszDomain
_In_opt_ LPSTR lpszDomain
Definition: winbase.h:2674
LogonId
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID LogonId
Definition: ntifs.template.h:711
HEAP_ZERO_MEMORY
#define HEAP_ZERO_MEMORY
Definition: compat.h:123
SECURITY_LOGON_IDS_RID
#define SECURITY_LOGON_IDS_RID
Definition: setypes.h:532
ULONG
unsigned int ULONG
Definition: retypes.h:1
RtlInitUnicodeString
NTSYSAPI VOID NTAPI RtlInitUnicodeString(PUNICODE_STRING DestinationString, PCWSTR SourceString)
ULONG_PTR
#define ULONG_PTR
Definition: config.h:101
_LSA_STRING
Definition: ntsecapi.h:171
_MSV1_0_INTERACTIVE_LOGON
Definition: ntsecapi.h:433
_MSV1_0_INTERACTIVE_LOGON::LogonDomainName
UNICODE_STRING LogonDomainName
Definition: ntsecapi.h:435
SystemAuthority
static SID_IDENTIFIER_AUTHORITY SystemAuthority
Definition: msgina.c:38

Referenced by DoAdminUnlock(), DoLoginTasks(), and TUILockedSAS().

Variable Documentation

◆ User32TokenSourceName

const CHAR User32TokenSourceName[] = "User32 "
static

Definition at line 51 of file lsa.c.

Referenced by MyLogonUser().