ReactOS  0.4.15-dev-2993-g14fbe80
authpackage.c
Go to the documentation of this file.
1 /*
2  * PROJECT: Local Security Authority Server DLL
3  * LICENSE: GPL - See COPYING in the top level directory
4  * FILE: dll/win32/lsasrv/authpackage.c
5  * PURPOSE: Authentication package management routines
6  * COPYRIGHT: Copyright 2013 Eric Kohl
7  */
8 
9 #include "lsasrv.h"
10 
11 #include <ndk/sefuncs.h>
12 #include <ndk/umfuncs.h>
13 
15 {
19 
21 {
25 
27 {
36 
38 
49  PVOID, PVOID);
51  ULONG, PVOID, PVOID);
52 
53 typedef struct LSA_DISPATCH_TABLE
54 {
67 
68 
81  PUNICODE_STRING *, PVOID /*PSECPKG_PRIMARY_CRED*/, PVOID /*PSECPKG_SUPPLEMENTAL_CRED_ARRAY **/);
85  PUNICODE_STRING *);
86 
90 
91 typedef struct _AUTH_PACKAGE
92 {
97 
107 
108 VOID
109 NTAPI
111 
112 typedef wchar_t *PSAMPR_SERVER_NAME;
113 typedef void *SAMPR_HANDLE;
114 
116 {
119 
120 typedef struct _SAMPR_PSID_ARRAY
121 {
122  unsigned long Count;
125 
126 NTSTATUS
127 NTAPI
129  PSAMPR_SERVER_NAME ServerName,
130  SAMPR_HANDLE *ServerHandle,
132  BOOLEAN Trusted);
133 
134 VOID
135 NTAPI
138 
139 NTSTATUS
140 __stdcall
142  SAMPR_HANDLE *SamHandle);
143 
144 NTSTATUS
145 __stdcall
147  SAMPR_HANDLE ServerHandle,
149  PRPC_SID DomainId,
150  SAMPR_HANDLE *DomainHandle);
151 
152 NTSTATUS
153 __stdcall
155  SAMPR_HANDLE DomainHandle,
156  PSAMPR_PSID_ARRAY SidArray,
157  PSAMPR_ULONG_ARRAY Membership);
158 
159 
160 /* GLOBALS *****************************************************************/
161 
165 
166 #define CONST_LUID(x1, x2) {x1, x2}
170 
171 
172 /* FUNCTIONS ***************************************************************/
173 
174 static
175 NTSTATUS
176 NTAPI
181  IN PVOID Context,
183 {
184  PAUTH_PACKAGE Package = NULL;
185  UNICODE_STRING PackageName;
186  STRING ProcName;
187  PULONG Id;
189 
190  TRACE("LsapAddAuthPackage()\n");
191 
192  PackageName.Length = (USHORT)ValueLength - sizeof(WCHAR);
193  PackageName.MaximumLength = (USHORT)ValueLength;
194  PackageName.Buffer = ValueData;
195 
196  Id = (PULONG)Context;
197 
198  Package = RtlAllocateHeap(RtlGetProcessHeap(),
200  sizeof(AUTH_PACKAGE));
201  if (Package == NULL)
203 
205  NULL,
206  &PackageName,
207  &Package->ModuleHandle);
208  if (!NT_SUCCESS(Status))
209  {
210  TRACE("LdrLoadDll failed (Status 0x%08lx)\n", Status);
211  goto done;
212  }
213 
214  RtlInitAnsiString(&ProcName, "LsaApInitializePackage");
216  &ProcName,
217  0,
218  (PVOID *)&Package->LsaApInitializePackage);
219  if (!NT_SUCCESS(Status))
220  {
221  TRACE("LdrGetProcedureAddress() failed (Status 0x%08lx)\n", Status);
222  goto done;
223  }
224 
225  RtlInitAnsiString(&ProcName, "LsaApCallPackage");
227  &ProcName,
228  0,
229  (PVOID *)&Package->LsaApCallPackage);
230  if (!NT_SUCCESS(Status))
231  {
232  TRACE("LdrGetProcedureAddress() failed (Status 0x%08lx)\n", Status);
233  goto done;
234  }
235 
236  RtlInitAnsiString(&ProcName, "LsaApCallPackagePassthrough");
238  &ProcName,
239  0,
240  (PVOID *)&Package->LsaApCallPackagePassthrough);
241  if (!NT_SUCCESS(Status))
242  {
243  TRACE("LdrGetProcedureAddress() failed (Status 0x%08lx)\n", Status);
244  goto done;
245  }
246 
247  RtlInitAnsiString(&ProcName, "LsaApCallPackageUntrusted");
249  &ProcName,
250  0,
251  (PVOID *)&Package->LsaApCallPackageUntrusted);
252  if (!NT_SUCCESS(Status))
253  {
254  TRACE("LdrGetProcedureAddress() failed (Status 0x%08lx)\n", Status);
255  goto done;
256  }
257 
258  RtlInitAnsiString(&ProcName, "LsaApLogonTerminated");
260  &ProcName,
261  0,
262  (PVOID *)&Package->LsaApLogonTerminated);
263  if (!NT_SUCCESS(Status))
264  {
265  TRACE("LdrGetProcedureAddress() failed (Status 0x%08lx)\n", Status);
266  goto done;
267  }
268 
269  RtlInitAnsiString(&ProcName, "LsaApLogonUserEx2");
271  &ProcName,
272  0,
273  (PVOID *)&Package->LsaApLogonUserEx2);
274  if (!NT_SUCCESS(Status))
275  {
276  RtlInitAnsiString(&ProcName, "LsaApLogonUserEx");
278  &ProcName,
279  0,
280  (PVOID *)&Package->LsaApLogonUserEx);
281  if (!NT_SUCCESS(Status))
282  {
283  RtlInitAnsiString(&ProcName, "LsaApLogonUser");
285  &ProcName,
286  0,
287  (PVOID *)&Package->LsaApLogonUser);
288  if (!NT_SUCCESS(Status))
289  {
290  TRACE("LdrGetProcedureAddress() failed (Status 0x%08lx)\n", Status);
291  goto done;
292  }
293  }
294  }
295 
296  /* Initialize the current package */
297  Status = Package->LsaApInitializePackage(*Id,
298  &DispatchTable,
299  NULL,
300  NULL,
301  &Package->Name);
302  if (!NT_SUCCESS(Status))
303  {
304  TRACE("Package->LsaApInitializePackage() failed (Status 0x%08lx)\n", Status);
305  goto done;
306  }
307 
308  TRACE("Package Name: %s\n", Package->Name->Buffer);
309 
310  Package->Id = *Id;
311  (*Id)++;
312 
313  InsertTailList(&PackageListHead, &Package->Entry);
314 
315 done:
316  if (!NT_SUCCESS(Status))
317  {
318  if (Package != NULL)
319  {
320  if (Package->ModuleHandle != NULL)
321  LdrUnloadDll(Package->ModuleHandle);
322 
323  if (Package->Name != NULL)
324  {
325  if (Package->Name->Buffer != NULL)
326  RtlFreeHeap(RtlGetProcessHeap(), 0, Package->Name->Buffer);
327 
328  RtlFreeHeap(RtlGetProcessHeap(), 0, Package->Name);
329  }
330 
331  RtlFreeHeap(RtlGetProcessHeap(), 0, Package);
332  }
333  }
334 
335  return Status;
336 }
337 
338 
339 static
342 {
343  PLIST_ENTRY ListEntry;
344  PAUTH_PACKAGE Package;
345 
346  ListEntry = PackageListHead.Flink;
347  while (ListEntry != &PackageListHead)
348  {
349  Package = CONTAINING_RECORD(ListEntry, AUTH_PACKAGE, Entry);
350 
351  if (Package->Id == PackageId)
352  {
353  return Package;
354  }
355 
356  ListEntry = ListEntry->Flink;
357  }
358 
359  return NULL;
360 }
361 
362 
363 PVOID
364 NTAPI
366 {
367  return RtlAllocateHeap(RtlGetProcessHeap(), 0, Length);
368 }
369 
370 
371 PVOID
372 NTAPI
374 {
375  return RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, Length);
376 }
377 
378 
379 VOID
380 NTAPI
382 {
383  RtlFreeHeap(RtlGetProcessHeap(), 0, Base);
384 }
385 
386 
387 static
388 NTSTATUS
389 NTAPI
391  IN ULONG LengthRequired,
392  OUT PVOID *ClientBaseAddress)
393 {
394  PLSAP_LOGON_CONTEXT LogonContext;
395  SIZE_T Length;
396 
397  *ClientBaseAddress = NULL;
398 
399  LogonContext = (PLSAP_LOGON_CONTEXT)ClientRequest;
400 
401  Length = LengthRequired;
402  return NtAllocateVirtualMemory(LogonContext->ClientProcessHandle,
403  ClientBaseAddress,
404  0,
405  &Length,
406  MEM_COMMIT,
408 }
409 
410 
411 static
412 NTSTATUS
413 NTAPI
415  IN PVOID ClientBaseAddress)
416 {
417  PLSAP_LOGON_CONTEXT LogonContext;
418  SIZE_T Length;
419 
420  if (ClientBaseAddress == NULL)
421  return STATUS_SUCCESS;
422 
423  LogonContext = (PLSAP_LOGON_CONTEXT)ClientRequest;
424 
425  Length = 0;
426  return NtFreeVirtualMemory(LogonContext->ClientProcessHandle,
427  &ClientBaseAddress,
428  &Length,
429  MEM_RELEASE);
430 }
431 
432 
433 static
434 NTSTATUS
435 NTAPI
437  IN ULONG Length,
438  IN PVOID ClientBaseAddress,
439  IN PVOID BufferToCopy)
440 {
441  PLSAP_LOGON_CONTEXT LogonContext;
442 
443  LogonContext = (PLSAP_LOGON_CONTEXT)ClientRequest;
444 
445  return NtWriteVirtualMemory(LogonContext->ClientProcessHandle,
446  ClientBaseAddress,
447  BufferToCopy,
448  Length,
449  NULL);
450 }
451 
452 
453 static
454 NTSTATUS
455 NTAPI
457  IN ULONG Length,
458  IN PVOID BufferToCopy,
459  IN PVOID ClientBaseAddress)
460 {
461  PLSAP_LOGON_CONTEXT LogonContext;
462 
463  LogonContext = (PLSAP_LOGON_CONTEXT)ClientRequest;
464 
465  return NtReadVirtualMemory(LogonContext->ClientProcessHandle,
466  ClientBaseAddress,
467  BufferToCopy,
468  Length,
469  NULL);
470 }
471 
472 
473 NTSTATUS
475 {
476  RTL_QUERY_REGISTRY_TABLE AuthPackageTable[] = {
477  {LsapAddAuthPackage, 0, L"Authentication Packages", NULL, REG_NONE, NULL, 0},
478  {NULL, 0, NULL, NULL, REG_NONE, NULL, 0}};
479 
481 
483  PackageId = 0;
484 
485  /* Initialize the dispatch table */
486  DispatchTable.CreateLogonSession = &LsapCreateLogonSession;
487  DispatchTable.DeleteLogonSession = &LsapDeleteLogonSession;
488  DispatchTable.AddCredential = &LsapAddCredential;
489  DispatchTable.GetCredentials = &LsapGetCredentials;
490  DispatchTable.DeleteCredential = &LsapDeleteCredential;
491  DispatchTable.AllocateLsaHeap = &LsapAllocateHeapZero;
492  DispatchTable.FreeLsaHeap = &LsapFreeHeap;
493  DispatchTable.AllocateClientBuffer = &LsapAllocateClientBuffer;
494  DispatchTable.FreeClientBuffer = &LsapFreeClientBuffer;
495  DispatchTable.CopyToClientBuffer = &LsapCopyToClientBuffer;
496  DispatchTable.CopyFromClientBuffer = &LsapCopyFromClientBuffer;
497 
498  /* Add registered authentication packages */
500  L"Lsa",
501  AuthPackageTable,
502  &PackageId,
503  NULL);
504 
505  return Status;
506 }
507 
508 
509 NTSTATUS
511  PLSAP_LOGON_CONTEXT LogonContext)
512 {
513  PLIST_ENTRY ListEntry;
514  PAUTH_PACKAGE Package;
515  ULONG PackageNameLength;
516  PCHAR PackageName;
517 
518  TRACE("(%p %p)\n", RequestMsg, LogonContext);
519 
520  PackageNameLength = RequestMsg->LookupAuthenticationPackage.Request.PackageNameLength;
521  PackageName = RequestMsg->LookupAuthenticationPackage.Request.PackageName;
522 
523  TRACE("PackageName: %s\n", PackageName);
524 
525  ListEntry = PackageListHead.Flink;
526  while (ListEntry != &PackageListHead)
527  {
528  Package = CONTAINING_RECORD(ListEntry, AUTH_PACKAGE, Entry);
529 
530  if ((PackageNameLength == Package->Name->Length) &&
531  (_strnicmp(PackageName, Package->Name->Buffer, Package->Name->Length) == 0))
532  {
533  RequestMsg->LookupAuthenticationPackage.Reply.Package = Package->Id;
534  return STATUS_SUCCESS;
535  }
536 
537  ListEntry = ListEntry->Flink;
538  }
539 
540  return STATUS_NO_SUCH_PACKAGE;
541 }
542 
543 
544 VOID
547 {
548  PLIST_ENTRY ListEntry;
549  PAUTH_PACKAGE Package;
550 
551  ListEntry = PackageListHead.Flink;
552  while (ListEntry != &PackageListHead)
553  {
554  Package = CONTAINING_RECORD(ListEntry, AUTH_PACKAGE, Entry);
555 
556  Package->LsaApLogonTerminated(LogonId);
557 
558  ListEntry = ListEntry->Flink;
559  }
560 }
561 
562 
563 NTSTATUS
565  PLSAP_LOGON_CONTEXT LogonContext)
566 {
567  PAUTH_PACKAGE Package;
568  PVOID LocalBuffer = NULL;
571 
572  TRACE("(%p %p)\n", RequestMsg, LogonContext);
573 
574  PackageId = RequestMsg->CallAuthenticationPackage.Request.AuthenticationPackage;
575 
576  /* Get the right authentication package */
578  if (Package == NULL)
579  {
580  TRACE("LsapGetAuthenticationPackage() failed to find a package\n");
581  return STATUS_NO_SUCH_PACKAGE;
582  }
583 
584  if (RequestMsg->CallAuthenticationPackage.Request.SubmitBufferLength > 0)
585  {
586  LocalBuffer = RtlAllocateHeap(RtlGetProcessHeap(),
588  RequestMsg->CallAuthenticationPackage.Request.SubmitBufferLength);
589  if (LocalBuffer == NULL)
590  {
592  }
593 
595  RequestMsg->CallAuthenticationPackage.Request.ProtocolSubmitBuffer,
596  LocalBuffer,
597  RequestMsg->CallAuthenticationPackage.Request.SubmitBufferLength,
598  NULL);
599  if (!NT_SUCCESS(Status))
600  {
601  TRACE("NtReadVirtualMemory() failed (Status 0x%08lx)\n", Status);
602  RtlFreeHeap(RtlGetProcessHeap(), 0, LocalBuffer);
603  return Status;
604  }
605  }
606 
607  if (LogonContext->TrustedCaller)
608  Status = Package->LsaApCallPackage((PLSA_CLIENT_REQUEST)LogonContext,
609  LocalBuffer,
610  RequestMsg->CallAuthenticationPackage.Request.ProtocolSubmitBuffer,
611  RequestMsg->CallAuthenticationPackage.Request.SubmitBufferLength,
612  &RequestMsg->CallAuthenticationPackage.Reply.ProtocolReturnBuffer,
613  &RequestMsg->CallAuthenticationPackage.Reply.ReturnBufferLength,
614  &RequestMsg->CallAuthenticationPackage.Reply.ProtocolStatus);
615  else
616  Status = Package->LsaApCallPackageUntrusted((PLSA_CLIENT_REQUEST)LogonContext,
617  LocalBuffer,
618  RequestMsg->CallAuthenticationPackage.Request.ProtocolSubmitBuffer,
619  RequestMsg->CallAuthenticationPackage.Request.SubmitBufferLength,
620  &RequestMsg->CallAuthenticationPackage.Reply.ProtocolReturnBuffer,
621  &RequestMsg->CallAuthenticationPackage.Reply.ReturnBufferLength,
622  &RequestMsg->CallAuthenticationPackage.Reply.ProtocolStatus);
623  if (!NT_SUCCESS(Status))
624  {
625  TRACE("Package->LsaApCallPackage() failed (Status 0x%08lx)\n", Status);
626  }
627 
628  if (LocalBuffer != NULL)
629  RtlFreeHeap(RtlGetProcessHeap(), 0, LocalBuffer);
630 
631  return Status;
632 }
633 
634 
635 static
636 NTSTATUS
638  IN PLSAP_LOGON_CONTEXT LogonContext,
639  IN PTOKEN_GROUPS ClientGroups,
640  IN ULONG ClientGroupsCount,
642 {
643  ULONG LocalGroupsLength = 0;
645  ULONG SidHeaderLength = 0;
646  PSID SidHeader = NULL;
647  PSID SrcSid, DstSid;
648  ULONG SidLength;
649  ULONG AllocatedSids = 0;
650  ULONG i;
652 
653  LocalGroupsLength = sizeof(TOKEN_GROUPS) +
654  (ClientGroupsCount - ANYSIZE_ARRAY) * sizeof(SID_AND_ATTRIBUTES);
655  LocalGroups = RtlAllocateHeap(RtlGetProcessHeap(),
657  LocalGroupsLength);
658  if (LocalGroups == NULL)
659  {
660  TRACE("RtlAllocateHeap() failed\n");
662  }
663 
664  Status = NtReadVirtualMemory(LogonContext->ClientProcessHandle,
665  ClientGroups,
666  LocalGroups,
667  LocalGroupsLength,
668  NULL);
669  if (!NT_SUCCESS(Status))
670  goto done;
671 
672 
673  SidHeaderLength = RtlLengthRequiredSid(0);
674  SidHeader = RtlAllocateHeap(RtlGetProcessHeap(),
676  SidHeaderLength);
677  if (SidHeader == NULL)
678  {
680  goto done;
681  }
682 
683  for (i = 0; i < ClientGroupsCount; i++)
684  {
685  SrcSid = LocalGroups->Groups[i].Sid;
686 
687  Status = NtReadVirtualMemory(LogonContext->ClientProcessHandle,
688  SrcSid,
689  SidHeader,
690  SidHeaderLength,
691  NULL);
692  if (!NT_SUCCESS(Status))
693  goto done;
694 
695  SidLength = RtlLengthSid(SidHeader);
696  TRACE("Sid %lu: Length %lu\n", i, SidLength);
697 
698  DstSid = RtlAllocateHeap(RtlGetProcessHeap(),
700  SidLength);
701  if (DstSid == NULL)
702  {
704  goto done;
705  }
706 
707  Status = NtReadVirtualMemory(LogonContext->ClientProcessHandle,
708  SrcSid,
709  DstSid,
710  SidLength,
711  NULL);
712  if (!NT_SUCCESS(Status))
713  {
714  RtlFreeHeap(RtlGetProcessHeap(), 0, DstSid);
715  goto done;
716  }
717 
718  LocalGroups->Groups[i].Sid = DstSid;
719  AllocatedSids++;
720  }
721 
723 
724 done:
725  if (SidHeader != NULL)
726  RtlFreeHeap(RtlGetProcessHeap(), 0, SidHeader);
727 
728  if (!NT_SUCCESS(Status))
729  {
730  if (LocalGroups != NULL)
731  {
732  for (i = 0; i < AllocatedSids; i++)
733  RtlFreeHeap(RtlGetProcessHeap(), 0, LocalGroups->Groups[i].Sid);
734 
735  RtlFreeHeap(RtlGetProcessHeap(), 0, LocalGroups);
736  }
737  }
738 
739  return Status;
740 }
741 
742 
743 static
744 NTSTATUS
746  IN PVOID TokenInformation,
747  IN LSA_TOKEN_INFORMATION_TYPE TokenInformationType,
749 {
750  PLSA_TOKEN_INFORMATION_V1 TokenInfo1;
752  ULONG Length;
753  ULONG i;
754  ULONG j;
755 
756  if (LocalGroups == NULL || LocalGroups->GroupCount == 0)
757  return STATUS_SUCCESS;
758 
759  if (TokenInformationType == LsaTokenInformationV1)
760  {
761  TokenInfo1 = (PLSA_TOKEN_INFORMATION_V1)TokenInformation;
762 
763  if (TokenInfo1->Groups != NULL)
764  {
765  Length = sizeof(TOKEN_GROUPS) +
766  (LocalGroups->GroupCount + TokenInfo1->Groups->GroupCount - ANYSIZE_ARRAY) * sizeof(SID_AND_ATTRIBUTES);
767 
768  Groups = RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, Length);
769  if (Groups == NULL)
770  {
771  ERR("Group buffer allocation failed!\n");
773  }
774 
775  Groups->GroupCount = LocalGroups->GroupCount + TokenInfo1->Groups->GroupCount;
776 
777  for (i = 0; i < TokenInfo1->Groups->GroupCount; i++)
778  {
779  Groups->Groups[i].Sid = TokenInfo1->Groups->Groups[i].Sid;
780  Groups->Groups[i].Attributes = TokenInfo1->Groups->Groups[i].Attributes;
781  }
782 
783  for (j = 0; j < LocalGroups->GroupCount; i++, j++)
784  {
785  Groups->Groups[i].Sid = LocalGroups->Groups[j].Sid;
786  Groups->Groups[i].Attributes = LocalGroups->Groups[j].Attributes;
787  LocalGroups->Groups[j].Sid = NULL;
788  }
789 
790  RtlFreeHeap(RtlGetProcessHeap(), 0, TokenInfo1->Groups);
791 
792  TokenInfo1->Groups = Groups;
793  }
794  else
795  {
796  Length = sizeof(TOKEN_GROUPS) +
797  (LocalGroups->GroupCount - ANYSIZE_ARRAY) * sizeof(SID_AND_ATTRIBUTES);
798 
799  Groups = RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, Length);
800  if (Groups == NULL)
801  {
802  ERR("Group buffer allocation failed!\n");
804  }
805 
806  Groups->GroupCount = LocalGroups->GroupCount;
807 
808  for (i = 0; i < LocalGroups->GroupCount; i++)
809  {
810  Groups->Groups[i].Sid = LocalGroups->Groups[i].Sid;
811  Groups->Groups[i].Attributes = LocalGroups->Groups[i].Attributes;
812  }
813 
814  TokenInfo1->Groups = Groups;
815  }
816  }
817  else
818  {
819  FIXME("TokenInformationType %d is not supported!\n", TokenInformationType);
820  return STATUS_NOT_IMPLEMENTED;
821  }
822 
823  return STATUS_SUCCESS;
824 }
825 
826 static
827 NTSTATUS
829  IN PVOID TokenInformation,
830  IN LSA_TOKEN_INFORMATION_TYPE TokenInformationType,
832 {
833  PLSA_TOKEN_INFORMATION_V1 TokenInfo1;
835  ULONG i, Length;
836  PSID SrcSid;
837 
838  if (TokenInformationType == LsaTokenInformationV1)
839  {
840  TokenInfo1 = (PLSA_TOKEN_INFORMATION_V1)TokenInformation;
841 
842  if (TokenInfo1->Groups != NULL)
843  {
844  Length = sizeof(TOKEN_GROUPS) +
845  (TokenInfo1->Groups->GroupCount + 2 - ANYSIZE_ARRAY) * sizeof(SID_AND_ATTRIBUTES);
846 
847  Groups = RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, Length);
848  if (Groups == NULL)
849  {
850  ERR("Group buffer allocation failed!\n");
852  }
853 
854  Groups->GroupCount = TokenInfo1->Groups->GroupCount;
855 
856  for (i = 0; i < TokenInfo1->Groups->GroupCount; i++)
857  {
858  Groups->Groups[i].Sid = TokenInfo1->Groups->Groups[i].Sid;
859  Groups->Groups[i].Attributes = TokenInfo1->Groups->Groups[i].Attributes;
860  }
861 
862  RtlFreeHeap(RtlGetProcessHeap(), 0, TokenInfo1->Groups);
863 
864  TokenInfo1->Groups = Groups;
865 
866  }
867  else
868  {
869  Length = sizeof(TOKEN_GROUPS) +
870  (2 - ANYSIZE_ARRAY) * sizeof(SID_AND_ATTRIBUTES);
871 
872  Groups = RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, Length);
873  if (Groups == NULL)
874  {
875  ERR("Group buffer allocation failed!\n");
877  }
878 
879  TokenInfo1->Groups = Groups;
880  }
881 
882  /* Append the World SID (aka Everyone) */
884  Groups->Groups[Groups->GroupCount].Sid = RtlAllocateHeap(RtlGetProcessHeap(),
886  Length);
887  if (Groups->Groups[Groups->GroupCount].Sid == NULL)
889 
890  RtlCopyMemory(Groups->Groups[Groups->GroupCount].Sid,
891  LsapWorldSid,
892  Length);
893 
894  Groups->Groups[Groups->GroupCount].Attributes =
896 
897  Groups->GroupCount++;
898 
899  /* Append the logon type SID */
900  switch (LogonType)
901  {
902  case Interactive:
903  SrcSid = LsapInteractiveSid;
904  break;
905 
906  case Network:
907  SrcSid = LsapNetworkSid;
908  break;
909 
910  case Batch:
911  SrcSid = LsapBatchSid;
912  break;
913 
914  case Service:
915  SrcSid = LsapServiceSid;
916  break;
917 
918  default:
919  FIXME("LogonType %d is not supported!\n", LogonType);
920  return STATUS_NOT_IMPLEMENTED;
921  }
922 
923  Length = RtlLengthSid(SrcSid);
924  Groups->Groups[Groups->GroupCount].Sid = RtlAllocateHeap(RtlGetProcessHeap(),
926  Length);
927  if (Groups->Groups[Groups->GroupCount].Sid == NULL)
929 
930  RtlCopyMemory(Groups->Groups[Groups->GroupCount].Sid,
931  SrcSid,
932  Length);
933 
934  Groups->Groups[Groups->GroupCount].Attributes =
936 
937  Groups->GroupCount++;
938  }
939  else
940  {
941  FIXME("TokenInformationType %d is not supported!\n", TokenInformationType);
942  return STATUS_NOT_IMPLEMENTED;
943  }
944 
945  return STATUS_SUCCESS;
946 }
947 
948 
949 static
950 NTSTATUS
953  IN PSID DomainSid,
954  IN ULONG RelativeId)
955 {
957  PSID Sid;
958  ULONG Length;
959  ULONG i;
960 
961  Sid = LsapAppendRidToSid(DomainSid, RelativeId);
962  if (Sid == NULL)
963  {
964  ERR("Group SID creation failed!\n");
966  }
967 
968  if (*TokenGroups == NULL)
969  {
970  Length = sizeof(TOKEN_GROUPS) +
971  (1 - ANYSIZE_ARRAY) * sizeof(SID_AND_ATTRIBUTES);
972 
973  Groups = RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, Length);
974  if (Groups == NULL)
975  {
976  ERR("Group buffer allocation failed!\n");
978  }
979 
980  Groups->GroupCount = 1;
981 
982  Groups->Groups[0].Sid = Sid;
983  Groups->Groups[0].Attributes =
985 
986  *TokenGroups = Groups;
987  }
988  else
989  {
990  for (i = 0; i < (*TokenGroups)->GroupCount; i++)
991  {
992  if (RtlEqualSid((*TokenGroups)->Groups[i].Sid, Sid))
993  {
994  RtlFreeHeap(RtlGetProcessHeap(), 0, Sid);
995  return STATUS_SUCCESS;
996  }
997  }
998 
999  Length = sizeof(TOKEN_GROUPS) +
1000  ((*TokenGroups)->GroupCount + 1 - ANYSIZE_ARRAY) * sizeof(SID_AND_ATTRIBUTES);
1001 
1002  Groups = RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, Length);
1003  if (Groups == NULL)
1004  {
1005  ERR("Group buffer allocation failed!\n");
1007  }
1008 
1009  Groups->GroupCount = (*TokenGroups)->GroupCount;
1010 
1011  for (i = 0; i < (*TokenGroups)->GroupCount; i++)
1012  {
1013  Groups->Groups[i].Sid = (*TokenGroups)->Groups[i].Sid;
1014  Groups->Groups[i].Attributes = (*TokenGroups)->Groups[i].Attributes;
1015  }
1016 
1017  Groups->Groups[Groups->GroupCount].Sid = Sid;
1018  Groups->Groups[Groups->GroupCount].Attributes =
1020 
1021  Groups->GroupCount++;
1022 
1023  RtlFreeHeap(RtlGetProcessHeap(), 0, *TokenGroups);
1024 
1025  *TokenGroups = Groups;
1026  }
1027 
1028  return STATUS_SUCCESS;
1029 }
1030 
1031 
1032 static
1033 NTSTATUS
1035  IN PVOID TokenInformation,
1036  IN LSA_TOKEN_INFORMATION_TYPE TokenInformationType)
1037 {
1038  PLSA_TOKEN_INFORMATION_V1 TokenInfo1;
1039  SAMPR_HANDLE ServerHandle = NULL;
1040  SAMPR_HANDLE BuiltinDomainHandle = NULL;
1041  SAMPR_HANDLE AccountDomainHandle = NULL;
1042  SAMPR_PSID_ARRAY SidArray;
1043  SAMPR_ULONG_ARRAY BuiltinMembership;
1044  SAMPR_ULONG_ARRAY AccountMembership;
1045  ULONG i;
1047 
1048  if (TokenInformationType != LsaTokenInformationV1)
1049  return STATUS_SUCCESS;
1050 
1051  TokenInfo1 = (PLSA_TOKEN_INFORMATION_V1)TokenInformation;
1052 
1053  SidArray.Count = TokenInfo1->Groups->GroupCount + 1;
1054  SidArray.Sids = RtlAllocateHeap(RtlGetProcessHeap(),
1056  (TokenInfo1->Groups->GroupCount + 1) * sizeof(PRPC_SID));
1057  if (SidArray.Sids == NULL)
1059 
1060  SidArray.Sids[0].SidPointer = TokenInfo1->User.User.Sid;
1061  for (i = 0; i < TokenInfo1->Groups->GroupCount; i++)
1062  SidArray.Sids[i + 1].SidPointer = TokenInfo1->Groups->Groups[i].Sid;
1063 
1064  BuiltinMembership.Element = NULL;
1065  AccountMembership.Element = NULL;
1066 
1068  &ServerHandle,
1070  FALSE);
1071  if (!NT_SUCCESS(Status))
1072  {
1073  TRACE("SamIConnect failed (Status %08lx)\n", Status);
1074  goto done;
1075  }
1076 
1077  Status = SamrOpenDomain(ServerHandle,
1080  &BuiltinDomainHandle);
1081  if (!NT_SUCCESS(Status))
1082  {
1083  TRACE("SamrOpenDomain failed (Status %08lx)\n", Status);
1084  goto done;
1085  }
1086 
1087  Status = SamrOpenDomain(ServerHandle,
1090  &AccountDomainHandle);
1091  if (!NT_SUCCESS(Status))
1092  {
1093  TRACE("SamrOpenDomain failed (Status %08lx)\n", Status);
1094  goto done;
1095  }
1096 
1097  Status = SamrGetAliasMembership(BuiltinDomainHandle,
1098  &SidArray,
1099  &BuiltinMembership);
1100  if (!NT_SUCCESS(Status))
1101  {
1102  TRACE("SamrGetAliasMembership failed (Status %08lx)\n", Status);
1103  goto done;
1104  }
1105 
1106  Status = SamrGetAliasMembership(AccountDomainHandle,
1107  &SidArray,
1108  &AccountMembership);
1109  if (!NT_SUCCESS(Status))
1110  {
1111  TRACE("SamrGetAliasMembership failed (Status %08lx)\n", Status);
1112  goto done;
1113  }
1114 
1115  TRACE("Builtin Memberships: %lu\n", BuiltinMembership.Count);
1116  for (i = 0; i < BuiltinMembership.Count; i++)
1117  {
1118  TRACE("RID %lu: %lu (0x%lx)\n", i, BuiltinMembership.Element[i], BuiltinMembership.Element[i]);
1119  Status = LsapAppendSidToGroups(&TokenInfo1->Groups,
1121  BuiltinMembership.Element[i]);
1122  if (!NT_SUCCESS(Status))
1123  {
1124  TRACE("LsapAppendSidToGroups failed (Status %08lx)\n", Status);
1125  goto done;
1126  }
1127  }
1128 
1129  TRACE("Account Memberships: %lu\n", AccountMembership.Count);
1130  for (i = 0; i < AccountMembership.Count; i++)
1131  {
1132  TRACE("RID %lu: %lu (0x%lx)\n", i, AccountMembership.Element[i], AccountMembership.Element[i]);
1133  Status = LsapAppendSidToGroups(&TokenInfo1->Groups,
1135  AccountMembership.Element[i]);
1136  if (!NT_SUCCESS(Status))
1137  {
1138  TRACE("LsapAppendSidToGroups failed (Status %08lx)\n", Status);
1139  goto done;
1140  }
1141  }
1142 
1143 done:
1144  RtlFreeHeap(RtlGetProcessHeap(), 0, SidArray.Sids);
1145 
1146  if (AccountMembership.Element != NULL)
1147  SamIFree_SAMPR_ULONG_ARRAY(&AccountMembership);
1148 
1149  if (BuiltinMembership.Element != NULL)
1150  SamIFree_SAMPR_ULONG_ARRAY(&BuiltinMembership);
1151 
1152  if (AccountDomainHandle != NULL)
1153  SamrCloseHandle(&AccountDomainHandle);
1154 
1155  if (BuiltinDomainHandle != NULL)
1156  SamrCloseHandle(&BuiltinDomainHandle);
1157 
1158  if (ServerHandle != NULL)
1159  SamrCloseHandle(&ServerHandle);
1160 
1161 // return Status;
1162 
1163  return STATUS_SUCCESS;
1164 }
1165 
1166 
1167 static
1168 NTSTATUS
1170  IN PVOID TokenInformation,
1171  IN LSA_TOKEN_INFORMATION_TYPE TokenInformationType)
1172 {
1173  PLSA_TOKEN_INFORMATION_V1 TokenInfo1;
1174  PSID_AND_ATTRIBUTES OwnerSid = NULL;
1175  ULONG i, Length;
1176 
1177  if (TokenInformationType == LsaTokenInformationV1)
1178  {
1179  TokenInfo1 = (PLSA_TOKEN_INFORMATION_V1)TokenInformation;
1180 
1181  if (TokenInfo1->Owner.Owner != NULL)
1182  return STATUS_SUCCESS;
1183 
1184  OwnerSid = &TokenInfo1->User.User;
1185  for (i = 0; i < TokenInfo1->Groups->GroupCount; i++)
1186  {
1187  if (EqualSid(TokenInfo1->Groups->Groups[i].Sid, LsapAdministratorsSid))
1188  {
1189  OwnerSid = &TokenInfo1->Groups->Groups[i];
1190  break;
1191  }
1192  }
1193 
1194  Length = RtlLengthSid(OwnerSid->Sid);
1195  TokenInfo1->Owner.Owner = DispatchTable.AllocateLsaHeap(Length);
1196  if (TokenInfo1->Owner.Owner == NULL)
1198 
1199  RtlCopyMemory(TokenInfo1->Owner.Owner,
1200  OwnerSid->Sid,
1201  Length);
1202  OwnerSid->Attributes |= SE_GROUP_OWNER;
1203  }
1204 
1205  return STATUS_SUCCESS;
1206 }
1207 
1208 
1209 static
1210 NTSTATUS
1212  IN PVOID TokenInformation,
1213  IN LSA_TOKEN_INFORMATION_TYPE TokenInformationType)
1214 {
1215  PLSA_TOKEN_INFORMATION_V1 TokenInfo1;
1216  PACL Dacl = NULL;
1217  ULONG Length;
1218 
1219  if (TokenInformationType == LsaTokenInformationV1)
1220  {
1221  TokenInfo1 = (PLSA_TOKEN_INFORMATION_V1)TokenInformation;
1222 
1223  if (TokenInfo1->DefaultDacl.DefaultDacl != NULL)
1224  return STATUS_SUCCESS;
1225 
1226  Length = sizeof(ACL) +
1227  (2 * sizeof(ACCESS_ALLOWED_ACE)) +
1228  RtlLengthSid(TokenInfo1->Owner.Owner) +
1230 
1231  Dacl = DispatchTable.AllocateLsaHeap(Length);
1232  if (Dacl == NULL)
1234 
1236 
1238  ACL_REVISION,
1239  GENERIC_ALL,
1240  TokenInfo1->Owner.Owner);
1241 
1242  /* SID: S-1-5-18 */
1244  ACL_REVISION,
1245  GENERIC_ALL,
1247 
1248  TokenInfo1->DefaultDacl.DefaultDacl = Dacl;
1249  }
1250 
1251  return STATUS_SUCCESS;
1252 }
1253 
1254 
1255 static
1256 NTSTATUS
1259 {
1260  PTOKEN_PRIVILEGES LocalPrivileges;
1261  ULONG Length, TokenPrivilegeCount, i;
1263 
1264  if (*TokenPrivileges == NULL)
1265  {
1266  Length = sizeof(TOKEN_PRIVILEGES) +
1267  (1 - ANYSIZE_ARRAY) * sizeof(LUID_AND_ATTRIBUTES);
1268  LocalPrivileges = RtlAllocateHeap(RtlGetProcessHeap(),
1269  0,
1270  Length);
1271  if (LocalPrivileges == NULL)
1273 
1274  LocalPrivileges->PrivilegeCount = 1;
1275  LocalPrivileges->Privileges[0].Luid = Privilege->Luid;
1276  LocalPrivileges->Privileges[0].Attributes = Privilege->Attributes;
1277  }
1278  else
1279  {
1280  TokenPrivilegeCount = (*TokenPrivileges)->PrivilegeCount;
1281 
1282  for (i = 0; i < TokenPrivilegeCount; i++)
1283  {
1284  if (RtlEqualLuid(&(*TokenPrivileges)->Privileges[i].Luid, &Privilege->Luid))
1285  return STATUS_SUCCESS;
1286  }
1287 
1288  Length = sizeof(TOKEN_PRIVILEGES) +
1289  (TokenPrivilegeCount + 1 - ANYSIZE_ARRAY) * sizeof(LUID_AND_ATTRIBUTES);
1290  LocalPrivileges = RtlAllocateHeap(RtlGetProcessHeap(),
1291  0,
1292  Length);
1293  if (LocalPrivileges == NULL)
1295 
1296  LocalPrivileges->PrivilegeCount = TokenPrivilegeCount + 1;
1297  for (i = 0; i < TokenPrivilegeCount; i++)
1298  {
1299  LocalPrivileges->Privileges[i].Luid = (*TokenPrivileges)->Privileges[i].Luid;
1300  LocalPrivileges->Privileges[i].Attributes = (*TokenPrivileges)->Privileges[i].Attributes;
1301  }
1302 
1303  LocalPrivileges->Privileges[TokenPrivilegeCount].Luid = Privilege->Luid;
1304  LocalPrivileges->Privileges[TokenPrivilegeCount].Attributes = Privilege->Attributes;
1305 
1306  RtlFreeHeap(RtlGetProcessHeap(), 0, *TokenPrivileges);
1307  }
1308 
1309  *TokenPrivileges = LocalPrivileges;
1310 
1311  return Status;
1312 }
1313 
1314 static
1315 NTSTATUS
1317  IN PVOID TokenInformation,
1318  IN LSA_TOKEN_INFORMATION_TYPE TokenInformationType)
1319 {
1320  PLSA_TOKEN_INFORMATION_V1 TokenInfo1;
1321  LSAPR_HANDLE PolicyHandle = NULL;
1322  LSAPR_HANDLE AccountHandle = NULL;
1324  ULONG i, j;
1325  NTSTATUS Status;
1326 
1327  if (TokenInformationType == LsaTokenInformationV1)
1328  {
1329  TokenInfo1 = (PLSA_TOKEN_INFORMATION_V1)TokenInformation;
1330 
1332  NULL,
1333  0,
1334  &PolicyHandle);
1335  if (!NT_SUCCESS(Status))
1336  return Status;
1337 
1338  for (i = 0; i < TokenInfo1->Groups->GroupCount; i++)
1339  {
1340  Status = LsarOpenAccount(PolicyHandle,
1341  TokenInfo1->Groups->Groups[i].Sid,
1342  ACCOUNT_VIEW,
1343  &AccountHandle);
1344  if (!NT_SUCCESS(Status))
1345  continue;
1346 
1347  Status = LsarEnumeratePrivilegesAccount(AccountHandle,
1348  &Privileges);
1349  if (NT_SUCCESS(Status))
1350  {
1351  for (j = 0; j < Privileges->PrivilegeCount; j++)
1352  {
1354  &(Privileges->Privilege[j]));
1355  if (!NT_SUCCESS(Status))
1356  {
1357  /* We failed, clean everything and return */
1359  LsarClose(&AccountHandle);
1360  LsarClose(&PolicyHandle);
1361 
1362  return Status;
1363  }
1364  }
1365 
1367  Privileges = NULL;
1368  }
1369 
1370  LsarClose(&AccountHandle);
1371  }
1372 
1373  LsarClose(&PolicyHandle);
1374 
1375  if (TokenInfo1->Privileges != NULL)
1376  {
1377  for (i = 0; i < TokenInfo1->Privileges->PrivilegeCount; i++)
1378  {
1382  {
1384  }
1385  }
1386  }
1387  }
1388 
1389  return STATUS_SUCCESS;
1390 }
1391 
1392 
1393 NTSTATUS
1395  PLSAP_LOGON_CONTEXT LogonContext)
1396 {
1397  PAUTH_PACKAGE Package;
1400  LSA_TOKEN_INFORMATION_TYPE TokenInformationType;
1401  PVOID TokenInformation = NULL;
1402  PLSA_TOKEN_INFORMATION_NULL TokenInfo0 = NULL;
1403  PLSA_TOKEN_INFORMATION_V1 TokenInfo1 = NULL;
1404  PUNICODE_STRING AccountName = NULL;
1405  PUNICODE_STRING AuthenticatingAuthority = NULL;
1407  PVOID LocalAuthInfo = NULL;
1410  ULONG i;
1411  ULONG PackageId;
1413  NTSTATUS Status;
1414 
1415  PUNICODE_STRING UserName = NULL;
1416  PUNICODE_STRING LogonDomainName = NULL;
1417 // UNICODE_STRING LogonServer;
1418 
1419 
1420  TRACE("LsapLogonUser(%p %p)\n", RequestMsg, LogonContext);
1421 
1422  PackageId = RequestMsg->LogonUser.Request.AuthenticationPackage;
1423  LogonType = RequestMsg->LogonUser.Request.LogonType;
1424 
1425  /* Get the right authentication package */
1427  if (Package == NULL)
1428  {
1429  ERR("LsapGetAuthenticationPackage() failed to find a package\n");
1430  return STATUS_NO_SUCH_PACKAGE;
1431  }
1432 
1433  if (RequestMsg->LogonUser.Request.AuthenticationInformationLength > 0)
1434  {
1435  /* Allocate the local authentication info buffer */
1436  LocalAuthInfo = RtlAllocateHeap(RtlGetProcessHeap(),
1438  RequestMsg->LogonUser.Request.AuthenticationInformationLength);
1439  if (LocalAuthInfo == NULL)
1440  {
1441  ERR("RtlAllocateHeap() failed\n");
1443  }
1444 
1445  /* Read the authentication info from the callers address space */
1447  RequestMsg->LogonUser.Request.AuthenticationInformation,
1448  LocalAuthInfo,
1449  RequestMsg->LogonUser.Request.AuthenticationInformationLength,
1450  NULL);
1451  if (!NT_SUCCESS(Status))
1452  {
1453  ERR("NtReadVirtualMemory() failed (Status 0x%08lx)\n", Status);
1454  RtlFreeHeap(RtlGetProcessHeap(), 0, LocalAuthInfo);
1455  return Status;
1456  }
1457  }
1458 
1459  if (RequestMsg->LogonUser.Request.LocalGroupsCount > 0)
1460  {
1461  Status = LsapCopyLocalGroups(LogonContext,
1462  RequestMsg->LogonUser.Request.LocalGroups,
1463  RequestMsg->LogonUser.Request.LocalGroupsCount,
1464  &LocalGroups);
1465  if (!NT_SUCCESS(Status))
1466  {
1467  ERR("LsapCopyLocalGroups failed (Status 0x%08lx)\n", Status);
1468  goto done;
1469  }
1470 
1471  TRACE("GroupCount: %lu\n", LocalGroups->GroupCount);
1472  }
1473 
1474  if (Package->LsaApLogonUserEx2 != NULL)
1475  {
1476  Status = Package->LsaApLogonUserEx2((PLSA_CLIENT_REQUEST)LogonContext,
1477  RequestMsg->LogonUser.Request.LogonType,
1478  LocalAuthInfo,
1479  RequestMsg->LogonUser.Request.AuthenticationInformation,
1480  RequestMsg->LogonUser.Request.AuthenticationInformationLength,
1481  &RequestMsg->LogonUser.Reply.ProfileBuffer,
1482  &RequestMsg->LogonUser.Reply.ProfileBufferLength,
1483  &RequestMsg->LogonUser.Reply.LogonId,
1484  &RequestMsg->LogonUser.Reply.SubStatus,
1485  &TokenInformationType,
1486  &TokenInformation,
1487  &AccountName,
1488  &AuthenticatingAuthority,
1489  &MachineName,
1490  NULL, /* FIXME: PSECPKG_PRIMARY_CRED PrimaryCredentials */
1491  NULL); /* FIXME: PSECPKG_SUPPLEMENTAL_CRED_ARRAY *SupplementalCredentials */
1492  }
1493  else if (Package->LsaApLogonUserEx != NULL)
1494  {
1495  Status = Package->LsaApLogonUserEx((PLSA_CLIENT_REQUEST)LogonContext,
1496  RequestMsg->LogonUser.Request.LogonType,
1497  LocalAuthInfo,
1498  RequestMsg->LogonUser.Request.AuthenticationInformation,
1499  RequestMsg->LogonUser.Request.AuthenticationInformationLength,
1500  &RequestMsg->LogonUser.Reply.ProfileBuffer,
1501  &RequestMsg->LogonUser.Reply.ProfileBufferLength,
1502  &RequestMsg->LogonUser.Reply.LogonId,
1503  &RequestMsg->LogonUser.Reply.SubStatus,
1504  &TokenInformationType,
1505  &TokenInformation,
1506  &AccountName,
1507  &AuthenticatingAuthority,
1508  &MachineName);
1509  }
1510  else
1511  {
1512  Status = Package->LsaApLogonUser((PLSA_CLIENT_REQUEST)LogonContext,
1513  RequestMsg->LogonUser.Request.LogonType,
1514  LocalAuthInfo,
1515  RequestMsg->LogonUser.Request.AuthenticationInformation,
1516  RequestMsg->LogonUser.Request.AuthenticationInformationLength,
1517  &RequestMsg->LogonUser.Reply.ProfileBuffer,
1518  &RequestMsg->LogonUser.Reply.ProfileBufferLength,
1519  &RequestMsg->LogonUser.Reply.LogonId,
1520  &RequestMsg->LogonUser.Reply.SubStatus,
1521  &TokenInformationType,
1522  &TokenInformation,
1523  &AccountName,
1524  &AuthenticatingAuthority);
1525  }
1526 
1527  if (!NT_SUCCESS(Status))
1528  {
1529  ERR("LsaApLogonUser/Ex/2 failed (Status 0x%08lx)\n", Status);
1530  goto done;
1531  }
1532 
1533  if (LocalGroups->GroupCount > 0)
1534  {
1535  /* Add local groups to the token information */
1536  Status = LsapAddLocalGroups(TokenInformation,
1537  TokenInformationType,
1538  LocalGroups);
1539  if (!NT_SUCCESS(Status))
1540  {
1541  ERR("LsapAddLocalGroupsToTokenInfo() failed (Status 0x%08lx)\n", Status);
1542  goto done;
1543  }
1544  }
1545 
1546  Status = LsapAddDefaultGroups(TokenInformation,
1547  TokenInformationType,
1548  LogonType);
1549  if (!NT_SUCCESS(Status))
1550  {
1551  ERR("LsapAddDefaultGroups() failed (Status 0x%08lx)\n", Status);
1552  goto done;
1553  }
1554 
1555  Status = LsapAddSamGroups(TokenInformation,
1556  TokenInformationType);
1557  if (!NT_SUCCESS(Status))
1558  {
1559  ERR("LsapAddSamGroups() failed (Status 0x%08lx)\n", Status);
1560  goto done;
1561  }
1562 
1563  Status = LsapSetTokenOwner(TokenInformation,
1564  TokenInformationType);
1565  if (!NT_SUCCESS(Status))
1566  {
1567  ERR("LsapSetTokenOwner() failed (Status 0x%08lx)\n", Status);
1568  goto done;
1569  }
1570 
1571  Status = LsapAddTokenDefaultDacl(TokenInformation,
1572  TokenInformationType);
1573  if (!NT_SUCCESS(Status))
1574  {
1575  ERR("LsapAddTokenDefaultDacl() failed (Status 0x%08lx)\n", Status);
1576  goto done;
1577  }
1578 
1579  Status = LsapSetPrivileges(TokenInformation,
1580  TokenInformationType);
1581  if (!NT_SUCCESS(Status))
1582  {
1583  ERR("LsapSetPrivileges() failed (Status 0x%08lx)\n", Status);
1584  goto done;
1585  }
1586 
1587  if (TokenInformationType == LsaTokenInformationNull)
1588  {
1591  TOKEN_GROUPS NoGroups = {0};
1592  TOKEN_PRIVILEGES NoPrivileges = {0};
1593 
1594  TokenInfo0 = (PLSA_TOKEN_INFORMATION_NULL)TokenInformation;
1595 
1596  TokenUser.User.Sid = LsapWorldSid;
1597  TokenUser.User.Attributes = 0;
1598  TokenPrimaryGroup.PrimaryGroup = LsapWorldSid;
1599 
1600  Qos.Length = sizeof(SECURITY_QUALITY_OF_SERVICE);
1603  Qos.EffectiveOnly = TRUE;
1604 
1606  ObjectAttributes.RootDirectory = NULL;
1607  ObjectAttributes.ObjectName = NULL;
1608  ObjectAttributes.Attributes = 0;
1609  ObjectAttributes.SecurityDescriptor = NULL;
1610  ObjectAttributes.SecurityQualityOfService = &Qos;
1611 
1612  /* Create the logon token */
1617  &RequestMsg->LogonUser.Reply.LogonId,
1618  &TokenInfo0->ExpirationTime,
1619  &TokenUser,
1620  &NoGroups,
1621  &NoPrivileges,
1622  NULL,
1624  NULL,
1625  &RequestMsg->LogonUser.Request.SourceContext);
1626  }
1627  else if (TokenInformationType == LsaTokenInformationV1)
1628  {
1629  TOKEN_PRIVILEGES NoPrivileges = {0};
1630 
1631  TokenInfo1 = (PLSA_TOKEN_INFORMATION_V1)TokenInformation;
1632 
1633  Qos.Length = sizeof(SECURITY_QUALITY_OF_SERVICE);
1636  Qos.EffectiveOnly = FALSE;
1637 
1639  ObjectAttributes.RootDirectory = NULL;
1640  ObjectAttributes.ObjectName = NULL;
1641  ObjectAttributes.Attributes = 0;
1642  ObjectAttributes.SecurityDescriptor = NULL;
1643  ObjectAttributes.SecurityQualityOfService = &Qos;
1644 
1645  /* Create the logon token */
1649  (RequestMsg->LogonUser.Request.LogonType == Network) ? TokenImpersonation : TokenPrimary,
1650  &RequestMsg->LogonUser.Reply.LogonId,
1651  &TokenInfo1->ExpirationTime,
1652  &TokenInfo1->User,
1653  TokenInfo1->Groups,
1654  TokenInfo1->Privileges ? TokenInfo1->Privileges : &NoPrivileges,
1655  &TokenInfo1->Owner,
1656  &TokenInfo1->PrimaryGroup,
1657  &TokenInfo1->DefaultDacl,
1658  &RequestMsg->LogonUser.Request.SourceContext);
1659  if (!NT_SUCCESS(Status))
1660  {
1661  ERR("NtCreateToken failed (Status 0x%08lx)\n", Status);
1662  goto done;
1663  }
1664  }
1665  else
1666  {
1667  FIXME("TokenInformationType %d is not supported!\n", TokenInformationType);
1669  goto done;
1670  }
1671 
1672  if (LogonType == Interactive ||
1673  LogonType == Batch ||
1674  LogonType == Service)
1675  {
1676  UserName = &((PMSV1_0_INTERACTIVE_LOGON)LocalAuthInfo)->UserName;
1677  LogonDomainName = &((PMSV1_0_INTERACTIVE_LOGON)LocalAuthInfo)->LogonDomainName;
1678  }
1679  else
1680  {
1681  FIXME("LogonType %lu is not supported yet!\n", LogonType);
1682  }
1683 
1684  Status = LsapSetLogonSessionData(&RequestMsg->LogonUser.Reply.LogonId,
1685  LogonType,
1686  UserName,
1687  LogonDomainName,
1688  TokenInfo1->User.User.Sid);
1689  if (!NT_SUCCESS(Status))
1690  {
1691  ERR("LsapSetLogonSessionData failed (Status 0x%08lx)\n", Status);
1692  goto done;
1693  }
1694 
1695  /*
1696  * Duplicate the token handle into the client process.
1697  * This must be the last step because we cannot
1698  * close the duplicated token handle in case something fails.
1699  */
1701  TokenHandle,
1702  LogonContext->ClientProcessHandle,
1703  &RequestMsg->LogonUser.Reply.Token,
1704  0,
1705  0,
1707  if (!NT_SUCCESS(Status))
1708  {
1709  ERR("NtDuplicateObject failed (Status 0x%08lx)\n", Status);
1710  goto done;
1711  }
1712 
1713 done:
1714  if (!NT_SUCCESS(Status))
1715  {
1716  /* Notify the authentification package of the failure */
1717  Package->LsaApLogonTerminated(&RequestMsg->LogonUser.Reply.LogonId);
1718 
1719  /* Delete the logon session */
1720  LsapDeleteLogonSession(&RequestMsg->LogonUser.Reply.LogonId);
1721 
1722  /* Release the profile buffer */
1724  RequestMsg->LogonUser.Reply.ProfileBuffer);
1725  RequestMsg->LogonUser.Reply.ProfileBuffer = NULL;
1726  }
1727 
1728  if (TokenHandle != NULL)
1730 
1731  /* Free the local groups */
1732  if (LocalGroups != NULL)
1733  {
1734  for (i = 0; i < LocalGroups->GroupCount; i++)
1735  {
1736  if (LocalGroups->Groups[i].Sid != NULL)
1737  RtlFreeHeap(RtlGetProcessHeap(), 0, LocalGroups->Groups[i].Sid);
1738  }
1739 
1740  RtlFreeHeap(RtlGetProcessHeap(), 0, LocalGroups);
1741  }
1742 
1743  /* Free the local authentication info buffer */
1744  if (LocalAuthInfo != NULL)
1745  RtlFreeHeap(RtlGetProcessHeap(), 0, LocalAuthInfo);
1746 
1747  /* Free the token information */
1748  if (TokenInformation != NULL)
1749  {
1750  if (TokenInformationType == LsaTokenInformationNull)
1751  {
1752  TokenInfo0 = (PLSA_TOKEN_INFORMATION_NULL)TokenInformation;
1753 
1754  if (TokenInfo0 != NULL)
1755  {
1756  if (TokenInfo0->Groups != NULL)
1757  {
1758  for (i = 0; i < TokenInfo0->Groups->GroupCount; i++)
1759  {
1760  if (TokenInfo0->Groups->Groups[i].Sid != NULL)
1761  LsapFreeHeap(TokenInfo0->Groups->Groups[i].Sid);
1762  }
1763 
1764  LsapFreeHeap(TokenInfo0->Groups);
1765  }
1766 
1767  LsapFreeHeap(TokenInfo0);
1768  }
1769  }
1770  else if (TokenInformationType == LsaTokenInformationV1)
1771  {
1772  TokenInfo1 = (PLSA_TOKEN_INFORMATION_V1)TokenInformation;
1773 
1774  if (TokenInfo1 != NULL)
1775  {
1776  if (TokenInfo1->User.User.Sid != NULL)
1777  LsapFreeHeap(TokenInfo1->User.User.Sid);
1778 
1779  if (TokenInfo1->Groups != NULL)
1780  {
1781  for (i = 0; i < TokenInfo1->Groups->GroupCount; i++)
1782  {
1783  if (TokenInfo1->Groups->Groups[i].Sid != NULL)
1784  LsapFreeHeap(TokenInfo1->Groups->Groups[i].Sid);
1785  }
1786 
1787  LsapFreeHeap(TokenInfo1->Groups);
1788  }
1789 
1790  if (TokenInfo1->PrimaryGroup.PrimaryGroup != NULL)
1791  LsapFreeHeap(TokenInfo1->PrimaryGroup.PrimaryGroup);
1792 
1793  if (TokenInfo1->Privileges != NULL)
1794  LsapFreeHeap(TokenInfo1->Privileges);
1795 
1796  if (TokenInfo1->Owner.Owner != NULL)
1797  LsapFreeHeap(TokenInfo1->Owner.Owner);
1798 
1799  if (TokenInfo1->DefaultDacl.DefaultDacl != NULL)
1800  LsapFreeHeap(TokenInfo1->DefaultDacl.DefaultDacl);
1801 
1802  LsapFreeHeap(TokenInfo1);
1803  }
1804  }
1805  else
1806  {
1807  FIXME("TokenInformationType %d is not supported!\n", TokenInformationType);
1808  }
1809  }
1810 
1811  /* Free the account name */
1812  if (AccountName != NULL)
1813  {
1814  if (AccountName->Buffer != NULL)
1815  LsapFreeHeap(AccountName->Buffer);
1816 
1817  LsapFreeHeap(AccountName);
1818  }
1819 
1820  /* Free the authentication authority */
1821  if (AuthenticatingAuthority != NULL)
1822  {
1823  if (AuthenticatingAuthority->Buffer != NULL)
1824  LsapFreeHeap(AuthenticatingAuthority->Buffer);
1825 
1826  LsapFreeHeap(AuthenticatingAuthority);
1827  }
1828 
1829  /* Free the machine name */
1830  if (MachineName != NULL)
1831  {
1832  if (MachineName->Buffer != NULL)
1833  LsapFreeHeap(MachineName->Buffer);
1834 
1836  }
1837 
1838  TRACE("LsapLogonUser done (Status 0x%08lx)\n", Status);
1839 
1840  return Status;
1841 }
1842 
1843 /* EOF */
PLSA_FREE_CLIENT_BUFFER FreeClientBuffer
Definition: authpackage.c:63
PLSA_COPY_TO_CLIENT_BUFFER CopyToClientBuffer
Definition: authpackage.c:64
LARGE_INTEGER ExpirationTime
Definition: authpackage.c:22
signed char * PCHAR
Definition: retypes.h:7
static NTSTATUS LsapAddDefaultGroups(IN PVOID TokenInformation, IN LSA_TOKEN_INFORMATION_TYPE TokenInformationType, IN SECURITY_LOGON_TYPE LogonType)
Definition: authpackage.c:828
NTSTATUS LsapLogonUser(PLSA_API_MSG RequestMsg, PLSAP_LOGON_CONTEXT LogonContext)
Definition: authpackage.c:1394
* PNTSTATUS
Definition: strlen.c:14
unsigned long * Element
Definition: lsasrv.h:88
struct _LSA_LOOKUP_AUTHENTICATION_PACKAGE_MSG::@3424::@3426 Request
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
#define SAM_SERVER_CONNECT
Definition: ntsam.h:99
PLSA_AP_LOGON_TERMINATED LsaApLogonTerminated
Definition: authpackage.c:102
PLSA_AP_LOGON_USER_EX2 LsaApLogonUserEx2
Definition: authpackage.c:103
#define IN
Definition: typedefs.h:39
#define DUPLICATE_CLOSE_SOURCE
LSA_LOGON_USER_MSG LogonUser
Definition: lsass.h:187
LARGE_INTEGER ExpirationTime
Definition: authpackage.c:28
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
PLSA_AP_LOGON_USER_INTERNAL LsaApLogonUser
Definition: authpackage.c:105
#define GENERIC_ALL
Definition: nt_native.h:92
static NTSTATUS LsapAddSamGroups(IN PVOID TokenInformation, IN LSA_TOKEN_INFORMATION_TYPE TokenInformationType)
Definition: authpackage.c:1034
NTSTATUS __stdcall SamrGetAliasMembership(SAMPR_HANDLE DomainHandle, PSAMPR_PSID_ARRAY SidArray, PSAMPR_ULONG_ARRAY Membership)
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
_In_ ULONG _In_ ULONG _In_ ULONG Length
Definition: ntddpcm.h:101
LSA_LOOKUP_AUTHENTICATION_PACKAGE_MSG LookupAuthenticationPackage
Definition: lsass.h:190
BOOL TrustedCaller
Definition: lsasrv.h:82
NTSYSAPI NTSTATUS WINAPI RtlQueryRegistryValues(ULONG, PCWSTR, PRTL_QUERY_REGISTRY_TABLE, PVOID, PVOID)
NTSTATUS __stdcall SamrOpenDomain(SAMPR_HANDLE ServerHandle, ACCESS_MASK DesiredAccess, PRPC_SID DomainId, SAMPR_HANDLE *DomainHandle)
#define DOMAIN_GET_ALIAS_MEMBERSHIP
Definition: ntsam.h:40
NTSTATUS(NTAPI * PLSA_AP_CALL_PACKAGE_PASSTHROUGH)(PLSA_CLIENT_REQUEST, PVOID, PVOID, ULONG, PVOID *, PULONG, PNTSTATUS)
Definition: authpackage.c:73
USHORT MaximumLength
Definition: env_spec_w32.h:370
#define CONST_LUID(x1, x2)
Definition: authpackage.c:166
#define ANYSIZE_ARRAY
Definition: typedefs.h:46
struct _LSAP_LOGON_CONTEXT * PLSAP_LOGON_CONTEXT
_LSA_TOKEN_INFORMATION_TYPE
Definition: authpackage.c:14
NTSTATUS NTAPI LsapCreateLogonSession(IN PLUID LogonId)
Definition: session.c:159
#define TRUE
Definition: types.h:120
uint16_t * PWSTR
Definition: typedefs.h:56
BOOL WINAPI EqualSid(PSID pSid1, PSID pSid2)
Definition: security.c:708
wchar_t * PSAMPR_SERVER_NAME
Definition: authpackage.c:112
PLSA_GET_CREDENTIALS GetCredentials
Definition: authpackage.c:58
_Must_inspect_result_ _In_ PFSRTL_PER_STREAM_CONTEXT Ptr
Definition: fsrtlfuncs.h:898
struct _LUID * PLUID
LONG NTSTATUS
Definition: precomp.h:26
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
Definition: heap.c:606
_In_opt_ ULONG Base
Definition: rtlfuncs.h:2386
NTSTATUS LsapSetLogonSessionData(_In_ PLUID LogonId, _In_ ULONG LogonType, _In_ PUNICODE_STRING UserName, _In_ PUNICODE_STRING LogonDomain, _In_ PSID Sid)
Definition: session.c:67
struct _LUID_AND_ATTRIBUTES LUID_AND_ATTRIBUTES
#define STATUS_NO_SUCH_PACKAGE
Definition: ntstatus.h:490
static NTSTATUS NTAPI LsapFreeClientBuffer(IN PLSA_CLIENT_REQUEST ClientRequest, IN PVOID ClientBaseAddress)
Definition: authpackage.c:414
NTSTATUS NTAPI LsapDeleteLogonSession(IN PLUID LogonId)
Definition: session.c:201
$ULONG PrivilegeCount
Definition: setypes.h:973
PLSA_FREE_LSA_HEAP FreeLsaHeap
Definition: authpackage.c:61
PLSA_ALLOCATE_LSA_HEAP AllocateLsaHeap
Definition: authpackage.c:60
static NTSTATUS NTAPI LsapAddAuthPackage(IN PWSTR ValueName, IN ULONG ValueType, IN PVOID ValueData, IN ULONG ValueLength, IN PVOID Context, IN PVOID EntryContext)
Definition: authpackage.c:177
_In_ DWORD _Out_ PDWORD _In_opt_ PCSTR MachineName
Definition: setupapi.h:1286
unsigned short Length
Definition: sprintf.c:451
HANDLE ClientProcessHandle
Definition: lsasrv.h:80
NTSTATUS LsapCallAuthenticationPackage(PLSA_API_MSG RequestMsg, PLSAP_LOGON_CONTEXT LogonContext)
Definition: authpackage.c:564
VOID NTAPI LsaIFree_LSAPR_PRIVILEGE_SET(IN PLSAPR_PRIVILEGE_SET Ptr)
Definition: lsasrv.c:181
struct _LSA_TOKEN_INFORMATION_V1 LSA_TOKEN_INFORMATION_V1
PSID BuiltinDomainSid
Definition: globals.c:16
#define RTL_REGISTRY_CONTROL
Definition: nt_native.h:163
NTSTATUS WINAPI LsarEnumeratePrivilegesAccount(LSAPR_HANDLE AccountHandle, PLSAPR_PRIVILEGE_SET *Privileges)
Definition: lsarpc.c:1504
#define InsertTailList(ListHead, Entry)
NTSYSAPI NTSTATUS WINAPI RtlAddAccessAllowedAce(PACL, DWORD, DWORD, PSID)
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS LocalGroups
PVOID ModuleHandle
Definition: authpackage.c:96
TOpcodeData Groups[17][8]
_Must_inspect_result_ _In_ WDFKEY _In_ PCUNICODE_STRING _In_ ULONG _Out_opt_ PULONG _Out_opt_ PULONG ValueType
Definition: wdfregistry.h:279
struct _LSA_CALL_AUTHENTICATION_PACKAGE_MSG::@3416::@3418 Request
#define MEM_COMMIT
Definition: nt_native.h:1313
static NTSTATUS LsapSetTokenOwner(IN PVOID TokenInformation, IN LSA_TOKEN_INFORMATION_TYPE TokenInformationType)
Definition: authpackage.c:1169
struct _LSA_TOKEN_INFORMATION_V1 * PLSA_TOKEN_INFORMATION_V1
PLSA_AP_LOGON_USER_EX LsaApLogonUserEx
Definition: authpackage.c:104
SECURITY_CONTEXT_TRACKING_MODE ContextTrackingMode
Definition: lsa.idl:66
static NTSTATUS LsapCopyLocalGroups(IN PLSAP_LOGON_CONTEXT LogonContext, IN PTOKEN_GROUPS ClientGroups, IN ULONG ClientGroupsCount, OUT PTOKEN_GROUPS *TokenGroups)
Definition: authpackage.c:637
DWORD Id
NTSYSAPI NTSTATUS NTAPI RtlCreateAcl(PACL Acl, ULONG AclSize, ULONG AclRevision)
NTSYSAPI VOID NTAPI RtlInitAnsiString(PANSI_STRING DestinationString, PCSZ SourceString)
NTSTATUS(NTAPI * PLSA_AP_LOGON_USER_INTERNAL)(PLSA_CLIENT_REQUEST, SECURITY_LOGON_TYPE, PVOID, PVOID, ULONG, PVOID *, PULONG, PLUID, PNTSTATUS, PLSA_TOKEN_INFORMATION_TYPE, PVOID *, PUNICODE_STRING *, PUNICODE_STRING *)
Definition: authpackage.c:87
static LIST_ENTRY PackageListHead
Definition: authpackage.c:162
#define ACCOUNT_VIEW
Definition: ntlsa.h:28
PSID LsapWorldSid
Definition: lookup.c:78
NTSTATUS NTAPI SamIConnect(PSAMPR_SERVER_NAME ServerName, SAMPR_HANDLE *ServerHandle, ACCESS_MASK DesiredAccess, BOOLEAN Trusted)
return STATUS_NOT_IMPLEMENTED
struct _MSV1_0_INTERACTIVE_LOGON * PMSV1_0_INTERACTIVE_LOGON
static NTSTATUS LsapAddLocalGroups(IN PVOID TokenInformation, IN LSA_TOKEN_INFORMATION_TYPE TokenInformationType, IN PTOKEN_GROUPS LocalGroups)
Definition: authpackage.c:745
#define SE_PRIVILEGE_ENABLED
Definition: setypes.h:63
PVOID NTAPI LsapAllocateHeapZero(IN ULONG Length)
Definition: authpackage.c:373
NTSTATUS NTAPI LsapGetCredentials(_In_ PLUID LogonId, _In_ ULONG AuthenticationPackage, _Inout_ PULONG QueryContext, _In_ BOOLEAN RetrieveAllCredentials, _Inout_ PLSA_STRING PrimaryKeyValue, _Out_ PULONG PrimaryKeyLength, _Out_ PLSA_STRING Credentials)
Definition: session.c:272
void * Buffer
Definition: sprintf.c:453
#define DUPLICATE_SAME_ACCESS
NTSTATUS(* NTAPI)(IN PFILE_FULL_EA_INFORMATION EaBuffer, IN ULONG EaLength, OUT PULONG ErrorOffset)
Definition: IoEaTest.cpp:117
#define SE_GROUP_OWNER
Definition: setypes.h:93
#define FALSE
Definition: types.h:117
struct LSA_DISPATCH_TABLE * PLSA_DISPATCH_TABLE
PLSA_AP_CALL_PACKAGE_PASSTHROUGH LsaApCallPackagePassthrough
Definition: authpackage.c:100
PVOID(NTAPI * PLSA_ALLOCATE_LSA_HEAP)(ULONG)
Definition: authpackage.c:44
#define RtlEqualLuid(Luid1, Luid2)
Definition: rtlfuncs.h:301
PLSA_CREATE_LOGON_SESSION CreateLogonSession
Definition: authpackage.c:55
#define FIXME(fmt,...)
Definition: debug.h:111
struct LSA_DISPATCH_TABLE LSA_DISPATCH_TABLE
#define SE_CREATE_GLOBAL_PRIVILEGE
Definition: security.c:684
NTSTATUS NTAPI LdrGetProcedureAddress(IN PVOID BaseAddress, IN PANSI_STRING Name, IN ULONG Ordinal, OUT PVOID *ProcedureAddress)
Definition: ldrapi.c:823
unsigned char BOOLEAN
_In_ PCWSTR _Inout_ _At_ QueryTable EntryContext
Definition: rtlfuncs.h:4155
struct _TOKEN_PRIVILEGES TOKEN_PRIVILEGES
struct _ACL ACL
PVOID NTAPI LsapAllocateHeap(IN ULONG Length)
Definition: authpackage.c:365
#define SE_GROUP_ENABLED_BY_DEFAULT
Definition: setypes.h:91
enum _LSA_TOKEN_INFORMATION_TYPE * PLSA_TOKEN_INFORMATION_TYPE
#define _In_
Definition: ms_sal.h:308
#define SAM_SERVER_LOOKUP_DOMAIN
Definition: ntsam.h:104
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1103
PSID Owner
Definition: setypes.h:978
struct _LSA_CALL_AUTHENTICATION_PACKAGE_MSG::@3416::@3419 Reply
_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE TokenHandle
Definition: psfuncs.h:715
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
Definition: sid.c:150
void * PVOID
Definition: retypes.h:9
struct _SAMPR_SID_INFORMATION SAMPR_SID_INFORMATION
unsigned long Count
Definition: lsasrv.h:87
NTSTATUS WINAPI LsarOpenAccount(LSAPR_HANDLE PolicyHandle, PRPC_SID AccountSid, ACCESS_MASK DesiredAccess, LSAPR_HANDLE *AccountHandle)
Definition: lsarpc.c:1465
PFLT_MESSAGE_WAITER_QUEUE CONTAINING_RECORD(Csq, DEVICE_EXTENSION, IrpQueue)) -> WaiterQ.mLock) _IRQL_raises_(DISPATCH_LEVEL) VOID NTAPI FltpAcquireMessageWaiterLock(_In_ PIO_CSQ Csq, _Out_ PKIRQL Irql)
Definition: Messaging.c:560
PSID LsapBatchSid
Definition: lookup.c:80
LIST_ENTRY Entry
Definition: authpackage.c:93
struct _OBJECT_ATTRIBUTES OBJECT_ATTRIBUTES
NTSTATUS(NTAPI * PLSA_COPY_TO_CLIENT_BUFFER)(PLSA_CLIENT_REQUEST, ULONG, PVOID, PVOID)
Definition: authpackage.c:48
#define NtCurrentProcess()
Definition: nt_native.h:1657
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint GLint GLint j
Definition: glfuncs.h:250
NTSTATUS(NTAPI * PLSA_AP_INITIALIZE_PACKAGE)(ULONG, PLSA_DISPATCH_TABLE, PLSA_STRING, PLSA_STRING, PLSA_STRING *)
Definition: authpackage.c:69
VOID NTAPI LsapFreeHeap(IN PVOID Base)
Definition: authpackage.c:381
PVOID NTAPI RtlAllocateHeap(IN PVOID HeapHandle, IN ULONG Flags, IN SIZE_T Size)
Definition: heap.c:588
NTSTATUS LsapInitAuthPackages(VOID)
Definition: authpackage.c:474
Status
Definition: gdiplustypes.h:24
#define SE_CHANGE_NOTIFY_PRIVILEGE
Definition: security.c:677
NTSTATUS NTAPI LsapAddCredential(_In_ PLUID LogonId, _In_ ULONG AuthenticationPackage, _In_ PLSA_STRING PrimaryKeyValue, _In_ PLSA_STRING Credential)
Definition: session.c:259
struct _LIST_ENTRY * Flink
Definition: typedefs.h:121
#define SE_PRIVILEGE_ENABLED_BY_DEFAULT
Definition: setypes.h:62
PLSA_DELETE_CREDENTIAL DeleteCredential
Definition: authpackage.c:59
static NTSTATUS LsapAppendSidToGroups(IN PTOKEN_GROUPS *TokenGroups, IN PSID DomainSid, IN ULONG RelativeId)
Definition: authpackage.c:951
TOKEN_PRIMARY_GROUP PrimaryGroup
Definition: authpackage.c:31
#define TRACE(s)
Definition: solgame.cpp:4
NTSTATUS(NTAPI * PLSA_CREATE_LOGON_SESSION)(PLUID)
Definition: authpackage.c:39
static NTSTATUS NTAPI LsapCopyFromClientBuffer(IN PLSA_CLIENT_REQUEST ClientRequest, IN ULONG Length, IN PVOID BufferToCopy, IN PVOID ClientBaseAddress)
Definition: authpackage.c:456
struct _LSA_TOKEN_INFORMATION_NULL * PLSA_TOKEN_INFORMATION_NULL
PSID LsapAdministratorsSid
Definition: lookup.c:84
struct _LSA_LOGON_USER_MSG::@3412::@3415 Reply
static NTSTATUS LsapAddTokenDefaultDacl(IN PVOID TokenInformation, IN LSA_TOKEN_INFORMATION_TYPE TokenInformationType)
Definition: authpackage.c:1211
PSID LsapInteractiveSid
Definition: lookup.c:81
__wchar_t WCHAR
Definition: xmlstorage.h:180
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define SE_GROUP_ENABLED
Definition: setypes.h:92
PVOID PLSA_CLIENT_REQUEST
Definition: authpackage.c:37
PLSA_AP_CALL_PACKAGE_UNTRUSTED LsaApCallPackageUntrusted
Definition: authpackage.c:101
struct _SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES
struct _LSA_LOGON_USER_MSG::@3412::@3414 Request
NTSTATUS(NTAPI * PLSA_AP_CALL_PACKAGE_UNTRUSTED)(PLSA_CLIENT_REQUEST, PVOID, PVOID, ULONG, PVOID *, PULONG, PNTSTATUS)
Definition: authpackage.c:75
struct _LSA_LOOKUP_AUTHENTICATION_PACKAGE_MSG::@3424::@3427 Reply
struct _SAMPR_PSID_ARRAY SAMPR_PSID_ARRAY
_In_ GUID _In_ PVOID ValueData
Definition: hubbusif.h:311
#define TOKEN_ALL_ACCESS
Definition: setypes.h:896
PSAMPR_SID_INFORMATION Sids
Definition: authpackage.c:123
NTSTATUS(NTAPI * PLSA_ALLOCATE_CLIENT_BUFFER)(PLSA_CLIENT_REQUEST, ULONG, PVOID *)
Definition: authpackage.c:46
#define _strnicmp(_String1, _String2, _MaxCount)
Definition: compat.h:23
#define __stdcall
Definition: typedefs.h:25
static const LUID SeChangeNotifyPrivilege
Definition: authpackage.c:167
BOOL Privilege(LPTSTR pszPrivilege, BOOL bEnable)
Definition: user_lib.cpp:531
static NTSTATUS LsapAddPrivilegeToTokenPrivileges(PTOKEN_PRIVILEGES *TokenPrivileges, PLSAPR_LUID_AND_ATTRIBUTES Privilege)
Definition: authpackage.c:1257
#define SE_GROUP_MANDATORY
Definition: setypes.h:90
NTSTATUS NTAPI NtReadVirtualMemory(IN HANDLE ProcessHandle, IN PVOID BaseAddress, OUT PVOID Buffer, IN SIZE_T NumberOfBytesToRead, OUT PSIZE_T NumberOfBytesRead OPTIONAL)
Definition: virtual.c:2805
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:13
NTSTATUS NTAPI NtClose(IN HANDLE Handle)
Definition: obhandle.c:3398
PLSA_DELETE_LOGON_SESSION DeleteLogonSession
Definition: authpackage.c:56
static const LUID SeCreateGlobalPrivilege
Definition: authpackage.c:168
NTSTATUS WINAPI LsarClose(LSAPR_HANDLE *ObjectHandle)
Definition: lsarpc.c:125
std::wstring STRING
Definition: fontsub.cpp:33
_Must_inspect_result_ _In_ WDFKEY _In_ PCUNICODE_STRING ValueName
Definition: wdfregistry.h:240
PLSA_COPY_FROM_CLIENT_BUFFER CopyFromClientBuffer
Definition: authpackage.c:65
PSID LsapServiceSid
Definition: lookup.c:82
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL Dacl
Definition: rtlfuncs.h:1552
NTSTATUS(NTAPI * PLSA_AP_LOGON_USER_EX2)(PLSA_CLIENT_REQUEST, SECURITY_LOGON_TYPE, PVOID, PVOID, ULONG, PVOID *, PULONG, PLUID, PNTSTATUS, PLSA_TOKEN_INFORMATION_TYPE, PVOID *, PUNICODE_STRING *, PUNICODE_STRING *, PUNICODE_STRING *, PVOID, PVOID)
Definition: authpackage.c:78
#define SECURITY_DYNAMIC_TRACKING
Definition: setypes.h:103
NTSTATUS(NTAPI * PLSA_AP_LOGON_USER_EX)(PLSA_CLIENT_REQUEST, SECURITY_LOGON_TYPE, PVOID, PVOID, ULONG, PVOID *, PULONG, PLUID, PNTSTATUS, PLSA_TOKEN_INFORMATION_TYPE, PVOID *, PUNICODE_STRING *, PUNICODE_STRING *, PUNICODE_STRING *)
Definition: authpackage.c:82
static const WCHAR L[]
Definition: oid.c:1250
NTSTATUS(NTAPI * PLSA_FREE_CLIENT_BUFFER)(PLSA_CLIENT_REQUEST, PVOID)
Definition: authpackage.c:47
__kernel_entry NTSTATUS NTAPI NtCreateToken(_Out_ PHANDLE TokenHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ TOKEN_TYPE TokenType, _In_ PLUID AuthenticationId, _In_ PLARGE_INTEGER ExpirationTime, _In_ PTOKEN_USER TokenUser, _In_ PTOKEN_GROUPS TokenGroups, _In_ PTOKEN_PRIVILEGES TokenPrivileges, _In_opt_ PTOKEN_OWNER TokenOwner, _In_ PTOKEN_PRIMARY_GROUP TokenPrimaryGroup, _In_opt_ PTOKEN_DEFAULT_DACL TokenDefaultDacl, _In_ PTOKEN_SOURCE TokenSource)
Definition: token.c:3991
#define NTSTATUS
Definition: precomp.h:20
#define VOID
Definition: acefi.h:82
NTSTATUS NTAPI DECLSPEC_HOTPATCH LdrLoadDll(IN PWSTR SearchPath OPTIONAL, IN PULONG DllCharacteristics OPTIONAL, IN PUNICODE_STRING DllName, OUT PVOID *BaseAddress)
Definition: ldrapi.c:310
Definition: typedefs.h:119
PLSA_ADD_CREDENTIAL AddCredential
Definition: authpackage.c:57
NTSTATUS(NTAPI * PLSA_GET_CREDENTIALS)(PLUID, ULONG, PULONG, BOOLEAN, PLSA_STRING, PULONG, PLSA_STRING)
Definition: authpackage.c:42
struct _TOKEN_GROUPS TOKEN_GROUPS
enum _LSA_TOKEN_INFORMATION_TYPE LSA_TOKEN_INFORMATION_TYPE
struct _AUTH_PACKAGE * PAUTH_PACKAGE
#define ERR(fmt,...)
Definition: debug.h:110
LSA_CALL_AUTHENTICATION_PACKAGE_MSG CallAuthenticationPackage
Definition: lsass.h:188
PTOKEN_PRIVILEGES Privileges
Definition: authpackage.c:32
NTSTATUS LsapLookupAuthenticationPackage(PLSA_API_MSG RequestMsg, PLSAP_LOGON_CONTEXT LogonContext)
Definition: authpackage.c:510
unsigned long Count
Definition: authpackage.c:122
ULONG_PTR SIZE_T
Definition: typedefs.h:80
#define SE_IMPERSONATE_PRIVILEGE
Definition: security.c:683
NTSTATUS(NTAPI * PLSA_AP_CALL_PACKAGE_INTERNAL)(PLSA_CLIENT_REQUEST, PVOID, PVOID, ULONG, PVOID *, PULONG, PNTSTATUS)
Definition: authpackage.c:71
NTSTATUS NTAPI LdrUnloadDll(IN PVOID BaseAddress)
Definition: ldrapi.c:1322
VOID NTAPI SamIFree_SAMPR_ULONG_ARRAY(PSAMPR_ULONG_ARRAY Ptr)
Definition: samsrv.c:524
NTSTATUS NTAPI NtAllocateVirtualMemory(IN HANDLE ProcessHandle, IN OUT PVOID *UBaseAddress, IN ULONG_PTR ZeroBits, IN OUT PSIZE_T URegionSize, IN ULONG AllocationType, IN ULONG Protect)
Definition: virtual.c:4481
PLSA_ALLOCATE_CLIENT_BUFFER AllocateClientBuffer
Definition: authpackage.c:62
PLSA_AP_INITIALIZE_PACKAGE LsaApInitializePackage
Definition: authpackage.c:98
PSID LsapNetworkSid
Definition: lookup.c:79
struct _LSA_TOKEN_INFORMATION_NULL LSA_TOKEN_INFORMATION_NULL
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
VOID(NTAPI * PLSA_AP_LOGON_TERMINATED)(PLUID)
Definition: authpackage.c:77
unsigned short USHORT
Definition: pedump.c:61
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE LogonType
struct _SAMPR_PSID_ARRAY * PSAMPR_PSID_ARRAY
#define InitializeListHead(ListHead)
Definition: env_spec_w32.h:944
NTSTATUS(NTAPI * PLSA_ADD_CREDENTIAL)(PLUID, ULONG, PLSA_STRING, PLSA_STRING)
Definition: authpackage.c:41
#define DUPLICATE_SAME_ATTRIBUTES
Definition: obtypes.h:153
enum _SECURITY_LOGON_TYPE SECURITY_LOGON_TYPE
static NTSTATUS LsapSetPrivileges(IN PVOID TokenInformation, IN LSA_TOKEN_INFORMATION_TYPE TokenInformationType)
Definition: authpackage.c:1316
SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY]
Definition: setypes.h:968
static LSA_DISPATCH_TABLE DispatchTable
Definition: authpackage.c:164
#define SECURITY_STATIC_TRACKING
Definition: setypes.h:104
PLSA_AP_CALL_PACKAGE_INTERNAL LsaApCallPackage
Definition: authpackage.c:99
NTSTATUS __stdcall SamrCloseHandle(SAMPR_HANDLE *SamHandle)
TOKEN_DEFAULT_DACL DefaultDacl
Definition: authpackage.c:34
struct _SECURITY_QUALITY_OF_SERVICE SECURITY_QUALITY_OF_SERVICE
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: lsa.idl:65
unsigned int * PULONG
Definition: retypes.h:1
VOID(NTAPI * PLSA_FREE_LSA_HEAP)(PVOID)
Definition: authpackage.c:45
#define NULL
Definition: types.h:112
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID LogonId
struct _LSA_STRING * PLSA_STRING
NTSTATUS WINAPI LsarOpenPolicy(LPWSTR SystemName, PLSAPR_OBJECT_ATTRIBUTES ObjectAttributes, ACCESS_MASK DesiredAccess, LSAPR_HANDLE *PolicyHandle)
Definition: lsarpc.c:495
#define HEAP_ZERO_MEMORY
Definition: compat.h:134
NTSTATUS(NTAPI * PLSA_DELETE_LOGON_SESSION)(PLUID)
Definition: authpackage.c:40
LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY]
Definition: setypes.h:974
static NTSTATUS NTAPI LsapCopyToClientBuffer(IN PLSA_CLIENT_REQUEST ClientRequest, IN ULONG Length, IN PVOID ClientBaseAddress, IN PVOID BufferToCopy)
Definition: authpackage.c:436
PSID LsapAppendRidToSid(PSID SrcSid, ULONG Rid)
Definition: utils.c:152
#define ACL_REVISION
Definition: setypes.h:39
#define MEM_RELEASE
Definition: nt_native.h:1316
static PAUTH_PACKAGE LsapGetAuthenticationPackage(IN ULONG PackageId)
Definition: authpackage.c:341
$ULONG GroupCount
Definition: setypes.h:964
NTSTATUS(NTAPI * PLSA_DELETE_CREDENTIAL)(PLUID, ULONG, PLSA_STRING)
Definition: authpackage.c:43
#define BOOLEAN
Definition: pedump.c:73
NTSTATUS NTAPI NtDuplicateObject(IN HANDLE SourceProcessHandle, IN HANDLE SourceHandle, IN HANDLE TargetProcessHandle OPTIONAL, OUT PHANDLE TargetHandle OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG HandleAttributes, IN ULONG Options)
Definition: obhandle.c:3406
#define OUT
Definition: typedefs.h:40
NTSTATUS NTAPI LsapDeleteCredential(_In_ PLUID LogonId, _In_ ULONG AuthenticationPackage, _In_ PLSA_STRING PrimaryKeyValue)
Definition: session.c:288
unsigned int ULONG
Definition: retypes.h:1
SID_AND_ATTRIBUTES User
Definition: setypes.h:960
PSID AccountDomainSid
Definition: database.c:24
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
struct _AUTH_PACKAGE AUTH_PACKAGE
#define STATUS_SUCCESS
Definition: shellext.h:65
#define REG_NONE
Definition: nt_native.h:1492
NTSTATUS NTAPI NtWriteVirtualMemory(IN HANDLE ProcessHandle, IN PVOID BaseAddress, IN PVOID Buffer, IN SIZE_T NumberOfBytesToWrite, OUT PSIZE_T NumberOfBytesWritten OPTIONAL)
Definition: virtual.c:2919
_In_ PWDFDEVICE_INIT _In_ PWDF_PDO_EVENT_CALLBACKS DispatchTable
Definition: wdfpdo.h:245
NTSTATUS(NTAPI * PLSA_COPY_FROM_CLIENT_BUFFER)(PLSA_CLIENT_REQUEST, ULONG, PVOID, PVOID)
Definition: authpackage.c:50
static ULONG PackageId
Definition: authpackage.c:163
ULONG ACCESS_MASK
Definition: nt_native.h:40
base of all file and directory entries
Definition: entries.h:82
PSTRING Name
Definition: authpackage.c:94
NTSYSAPI BOOLEAN NTAPI RtlEqualSid(_In_ PSID Sid1, _In_ PSID Sid2)
struct _SAMPR_SID_INFORMATION * PSAMPR_SID_INFORMATION
VOID LsapTerminateLogon(_In_ PLUID LogonId)
Definition: authpackage.c:545
NTSYSAPI ULONG NTAPI RtlLengthRequiredSid(IN ULONG SubAuthorityCount)
Definition: sid.c:54
#define PAGE_READWRITE
Definition: nt_native.h:1304
void * SAMPR_HANDLE
Definition: authpackage.c:113
static const LUID SeImpersonatePrivilege
Definition: authpackage.c:169
NTSTATUS NTAPI NtFreeVirtualMemory(IN HANDLE ProcessHandle, IN PVOID *UBaseAddress, IN PSIZE_T URegionSize, IN ULONG FreeType)
Definition: virtual.c:5204
_Must_inspect_result_ _In_ WDFKEY _In_ PCUNICODE_STRING _In_ ULONG ValueLength
Definition: wdfregistry.h:271
static NTSTATUS NTAPI LsapAllocateClientBuffer(IN PLSA_CLIENT_REQUEST ClientRequest, IN ULONG LengthRequired, OUT PVOID *ClientBaseAddress)
Definition: authpackage.c:390
PSID LsapLocalSystemSid
Definition: lookup.c:83