ReactOS  0.4.15-dev-1638-gc0caa5c
authpackage.c
Go to the documentation of this file.
1 /*
2  * PROJECT: Local Security Authority Server DLL
3  * LICENSE: GPL - See COPYING in the top level directory
4  * FILE: dll/win32/lsasrv/authpackage.c
5  * PURPOSE: Authentication package management routines
6  * COPYRIGHT: Copyright 2013 Eric Kohl
7  */
8 
9 #include "lsasrv.h"
10 
11 #include <ndk/sefuncs.h>
12 #include <ndk/umfuncs.h>
13 
14 typedef enum _LSA_TOKEN_INFORMATION_TYPE
15 {
16  LsaTokenInformationNull,
17  LsaTokenInformationV1
18 } LSA_TOKEN_INFORMATION_TYPE, *PLSA_TOKEN_INFORMATION_TYPE;
19 
20 typedef struct _LSA_TOKEN_INFORMATION_NULL
21 {
22  LARGE_INTEGER ExpirationTime;
23  PTOKEN_GROUPS Groups;
24 } LSA_TOKEN_INFORMATION_NULL, *PLSA_TOKEN_INFORMATION_NULL;
25 
26 typedef struct _LSA_TOKEN_INFORMATION_V1
27 {
28  LARGE_INTEGER ExpirationTime;
29  TOKEN_USER User;
30  PTOKEN_GROUPS Groups;
31  TOKEN_PRIMARY_GROUP PrimaryGroup;
32  PTOKEN_PRIVILEGES Privileges;
33  TOKEN_OWNER Owner;
34  TOKEN_DEFAULT_DACL DefaultDacl;
35 } LSA_TOKEN_INFORMATION_V1, *PLSA_TOKEN_INFORMATION_V1;
36 
37 typedef PVOID PLSA_CLIENT_REQUEST;
38 
39 typedef NTSTATUS (NTAPI *PLSA_CREATE_LOGON_SESSION)(PLUID);
40 typedef NTSTATUS (NTAPI *PLSA_DELETE_LOGON_SESSION)(PLUID);
41 typedef NTSTATUS (NTAPI *PLSA_ADD_CREDENTIAL)(PLUID, ULONG, PLSA_STRING, PLSA_STRING);
42 typedef NTSTATUS (NTAPI *PLSA_GET_CREDENTIALS)(PLUID, ULONG, PULONG, BOOLEAN, PLSA_STRING, PULONG, PLSA_STRING);
43 typedef NTSTATUS (NTAPI *PLSA_DELETE_CREDENTIAL)(PLUID, ULONG, PLSA_STRING);
44 typedef PVOID (NTAPI *PLSA_ALLOCATE_LSA_HEAP)(ULONG);
45 typedef VOID (NTAPI *PLSA_FREE_LSA_HEAP)(PVOID);
46 typedef NTSTATUS (NTAPI *PLSA_ALLOCATE_CLIENT_BUFFER)(PLSA_CLIENT_REQUEST, ULONG, PVOID*);
47 typedef NTSTATUS (NTAPI *PLSA_FREE_CLIENT_BUFFER)(PLSA_CLIENT_REQUEST, PVOID);
48 typedef NTSTATUS (NTAPI *PLSA_COPY_TO_CLIENT_BUFFER)(PLSA_CLIENT_REQUEST, ULONG,
49  PVOID, PVOID);
50 typedef NTSTATUS (NTAPI *PLSA_COPY_FROM_CLIENT_BUFFER)(PLSA_CLIENT_REQUEST,
51  ULONG, PVOID, PVOID);
52 
53 typedef struct LSA_DISPATCH_TABLE
54 {
55  PLSA_CREATE_LOGON_SESSION CreateLogonSession;
56  PLSA_DELETE_LOGON_SESSION DeleteLogonSession;
57  PLSA_ADD_CREDENTIAL AddCredential;
58  PLSA_GET_CREDENTIALS GetCredentials;
59  PLSA_DELETE_CREDENTIAL DeleteCredential;
60  PLSA_ALLOCATE_LSA_HEAP AllocateLsaHeap;
61  PLSA_FREE_LSA_HEAP FreeLsaHeap;
62  PLSA_ALLOCATE_CLIENT_BUFFER AllocateClientBuffer;
63  PLSA_FREE_CLIENT_BUFFER FreeClientBuffer;
64  PLSA_COPY_TO_CLIENT_BUFFER CopyToClientBuffer;
65  PLSA_COPY_FROM_CLIENT_BUFFER CopyFromClientBuffer;
66 } LSA_DISPATCH_TABLE, *PLSA_DISPATCH_TABLE;
67 
68 
69 typedef NTSTATUS (NTAPI *PLSA_AP_INITIALIZE_PACKAGE)(ULONG, PLSA_DISPATCH_TABLE,
70  PLSA_STRING, PLSA_STRING, PLSA_STRING *);
71 typedef NTSTATUS (NTAPI *PLSA_AP_CALL_PACKAGE_INTERNAL)(PLSA_CLIENT_REQUEST, PVOID, PVOID,
72  ULONG, PVOID *, PULONG, PNTSTATUS);
73 typedef NTSTATUS (NTAPI *PLSA_AP_CALL_PACKAGE_PASSTHROUGH)(PLSA_CLIENT_REQUEST,
74  PVOID, PVOID, ULONG, PVOID *, PULONG, PNTSTATUS);
75 typedef NTSTATUS (NTAPI *PLSA_AP_CALL_PACKAGE_UNTRUSTED)(PLSA_CLIENT_REQUEST,
76  PVOID, PVOID, ULONG, PVOID *, PULONG, PNTSTATUS);
77 typedef VOID (NTAPI *PLSA_AP_LOGON_TERMINATED)(PLUID);
78 typedef NTSTATUS (NTAPI *PLSA_AP_LOGON_USER_EX2)(PLSA_CLIENT_REQUEST,
79  SECURITY_LOGON_TYPE, PVOID, PVOID, ULONG, PVOID *, PULONG, PLUID, PNTSTATUS,
80  PLSA_TOKEN_INFORMATION_TYPE, PVOID *, PUNICODE_STRING *, PUNICODE_STRING *,
81  PUNICODE_STRING *, PVOID /*PSECPKG_PRIMARY_CRED*/, PVOID /*PSECPKG_SUPPLEMENTAL_CRED_ARRAY **/);
82 typedef NTSTATUS (NTAPI *PLSA_AP_LOGON_USER_EX)(PLSA_CLIENT_REQUEST,
83  SECURITY_LOGON_TYPE, PVOID, PVOID, ULONG, PVOID *, PULONG, PLUID, PNTSTATUS,
84  PLSA_TOKEN_INFORMATION_TYPE, PVOID *, PUNICODE_STRING *, PUNICODE_STRING *,
85  PUNICODE_STRING *);
86 
87 typedef NTSTATUS (NTAPI *PLSA_AP_LOGON_USER_INTERNAL)(PLSA_CLIENT_REQUEST, SECURITY_LOGON_TYPE,
88  PVOID, PVOID, ULONG, PVOID *, PULONG, PLUID, PNTSTATUS, PLSA_TOKEN_INFORMATION_TYPE,
89  PVOID *, PUNICODE_STRING *, PUNICODE_STRING *);
90 
91 typedef struct _AUTH_PACKAGE
92 {
93  LIST_ENTRY Entry;
94  PSTRING Name;
95  ULONG Id;
96  PVOID ModuleHandle;
97 
98  PLSA_AP_INITIALIZE_PACKAGE LsaApInitializePackage;
99  PLSA_AP_CALL_PACKAGE_INTERNAL LsaApCallPackage;
100  PLSA_AP_CALL_PACKAGE_PASSTHROUGH LsaApCallPackagePassthrough;
101  PLSA_AP_CALL_PACKAGE_UNTRUSTED LsaApCallPackageUntrusted;
102  PLSA_AP_LOGON_TERMINATED LsaApLogonTerminated;
103  PLSA_AP_LOGON_USER_EX2 LsaApLogonUserEx2;
104  PLSA_AP_LOGON_USER_EX LsaApLogonUserEx;
105  PLSA_AP_LOGON_USER_INTERNAL LsaApLogonUser;
106 } AUTH_PACKAGE, *PAUTH_PACKAGE;
107 
108 VOID
109 NTAPI
110 LsaIFree_LSAPR_PRIVILEGE_SET(IN PLSAPR_PRIVILEGE_SET Ptr);
111 
112 typedef wchar_t *PSAMPR_SERVER_NAME;
113 typedef void *SAMPR_HANDLE;
114 
115 typedef struct _SAMPR_SID_INFORMATION
116 {
117  PRPC_SID SidPointer;
118 } SAMPR_SID_INFORMATION, *PSAMPR_SID_INFORMATION;
119 
120 typedef struct _SAMPR_PSID_ARRAY
121 {
122  unsigned long Count;
123  PSAMPR_SID_INFORMATION Sids;
124 } SAMPR_PSID_ARRAY, *PSAMPR_PSID_ARRAY;
125 
126 NTSTATUS
127 NTAPI
128 SamIConnect(
129  PSAMPR_SERVER_NAME ServerName,
130  SAMPR_HANDLE *ServerHandle,
131  ACCESS_MASK DesiredAccess,
132  BOOLEAN Trusted);
133 
134 VOID
135 NTAPI
136 SamIFree_SAMPR_ULONG_ARRAY(
137  PSAMPR_ULONG_ARRAY Ptr);
138 
139 NTSTATUS
140 __stdcall
141 SamrCloseHandle(
142  SAMPR_HANDLE *SamHandle);
143 
144 NTSTATUS
145 __stdcall
146 SamrOpenDomain(
147  SAMPR_HANDLE ServerHandle,
148  ACCESS_MASK DesiredAccess,
149  PRPC_SID DomainId,
150  SAMPR_HANDLE *DomainHandle);
151 
152 NTSTATUS
153 __stdcall
154 SamrGetAliasMembership(
155  SAMPR_HANDLE DomainHandle,
156  PSAMPR_PSID_ARRAY SidArray,
157  PSAMPR_ULONG_ARRAY Membership);
158 
159 
160 /* GLOBALS *****************************************************************/
161 
162 static LIST_ENTRY PackageListHead;
163 static ULONG PackageId;
164 static LSA_DISPATCH_TABLE DispatchTable;
165 
166 #define CONST_LUID(x1, x2) {x1, x2}
167 static const LUID SeChangeNotifyPrivilege = CONST_LUID(SE_CHANGE_NOTIFY_PRIVILEGE, 0);
168 static const LUID SeCreateGlobalPrivilege = CONST_LUID(SE_CREATE_GLOBAL_PRIVILEGE, 0);
169 static const LUID SeImpersonatePrivilege = CONST_LUID(SE_IMPERSONATE_PRIVILEGE, 0);
170 
171 
172 /* FUNCTIONS ***************************************************************/
173 
174 static
175 NTSTATUS
176 NTAPI
177 LsapAddAuthPackage(IN PWSTR ValueName,
178  IN ULONG ValueType,
179  IN PVOID ValueData,
180  IN ULONG ValueLength,
181  IN PVOID Context,
182  IN PVOID EntryContext)
183 {
184  PAUTH_PACKAGE Package = NULL;
185  UNICODE_STRING PackageName;
186  STRING ProcName;
187  PULONG Id;
188  NTSTATUS Status = STATUS_SUCCESS;
189 
190  TRACE("LsapAddAuthPackage()\n");
191 
192  PackageName.Length = (USHORT)ValueLength - sizeof(WCHAR);
193  PackageName.MaximumLength = (USHORT)ValueLength;
194  PackageName.Buffer = ValueData;
195 
196  Id = (PULONG)Context;
197 
198  Package = RtlAllocateHeap(RtlGetProcessHeap(),
199  HEAP_ZERO_MEMORY,
200  sizeof(AUTH_PACKAGE));
201  if (Package == NULL)
202  return STATUS_INSUFFICIENT_RESOURCES;
203 
204  Status = LdrLoadDll(NULL,
205  NULL,
206  &PackageName,
207  &Package->ModuleHandle);
208  if (!NT_SUCCESS(Status))
209  {
210  TRACE("LdrLoadDll failed (Status 0x%08lx)\n", Status);
211  goto done;
212  }
213 
214  RtlInitAnsiString(&ProcName, "LsaApInitializePackage");
215  Status = LdrGetProcedureAddress(Package->ModuleHandle,
216  &ProcName,
217  0,
218  (PVOID *)&Package->LsaApInitializePackage);
219  if (!NT_SUCCESS(Status))
220  {
221  TRACE("LdrGetProcedureAddress() failed (Status 0x%08lx)\n", Status);
222  goto done;
223  }
224 
225  RtlInitAnsiString(&ProcName, "LsaApCallPackage");
226  Status = LdrGetProcedureAddress(Package->ModuleHandle,
227  &ProcName,
228  0,
229  (PVOID *)&Package->LsaApCallPackage);
230  if (!NT_SUCCESS(Status))
231  {
232  TRACE("LdrGetProcedureAddress() failed (Status 0x%08lx)\n", Status);
233  goto done;
234  }
235 
236  RtlInitAnsiString(&ProcName, "LsaApCallPackagePassthrough");
237  Status = LdrGetProcedureAddress(Package->ModuleHandle,
238  &ProcName,
239  0,
240  (PVOID *)&Package->LsaApCallPackagePassthrough);
241  if (!NT_SUCCESS(Status))
242  {
243  TRACE("LdrGetProcedureAddress() failed (Status 0x%08lx)\n", Status);
244  goto done;
245  }
246 
247  RtlInitAnsiString(&ProcName, "LsaApCallPackageUntrusted");
248  Status = LdrGetProcedureAddress(Package->ModuleHandle,
249  &ProcName,
250  0,
251  (PVOID *)&Package->LsaApCallPackageUntrusted);
252  if (!NT_SUCCESS(Status))
253  {
254  TRACE("LdrGetProcedureAddress() failed (Status 0x%08lx)\n", Status);
255  goto done;
256  }
257 
258  RtlInitAnsiString(&ProcName, "LsaApLogonTerminated");
259  Status = LdrGetProcedureAddress(Package->ModuleHandle,
260  &ProcName,
261  0,
262  (PVOID *)&Package->LsaApLogonTerminated);
263  if (!NT_SUCCESS(Status))
264  {
265  TRACE("LdrGetProcedureAddress() failed (Status 0x%08lx)\n", Status);
266  goto done;
267  }
268 
269  RtlInitAnsiString(&ProcName, "LsaApLogonUserEx2");
270  Status = LdrGetProcedureAddress(Package->ModuleHandle,
271  &ProcName,
272  0,
273  (PVOID *)&Package->LsaApLogonUserEx2);
274  if (!NT_SUCCESS(Status))
275  {
276  RtlInitAnsiString(&ProcName, "LsaApLogonUserEx");
277  Status = LdrGetProcedureAddress(Package->ModuleHandle,
278  &ProcName,
279  0,
280  (PVOID *)&Package->LsaApLogonUserEx);
281  if (!NT_SUCCESS(Status))
282  {
283  RtlInitAnsiString(&ProcName, "LsaApLogonUser");
284  Status = LdrGetProcedureAddress(Package->ModuleHandle,
285  &ProcName,
286  0,
287  (PVOID *)&Package->LsaApLogonUser);
288  if (!NT_SUCCESS(Status))
289  {
290  TRACE("LdrGetProcedureAddress() failed (Status 0x%08lx)\n", Status);
291  goto done;
292  }
293  }
294  }
295 
296  /* Initialize the current package */
297  Status = Package->LsaApInitializePackage(*Id,
298  &DispatchTable,
299  NULL,
300  NULL,
301  &Package->Name);
302  if (!NT_SUCCESS(Status))
303  {
304  TRACE("Package->LsaApInitializePackage() failed (Status 0x%08lx)\n", Status);
305  goto done;
306  }
307 
308  TRACE("Package Name: %s\n", Package->Name->Buffer);
309 
310  Package->Id = *Id;
311  (*Id)++;
312 
313  InsertTailList(&PackageListHead, &Package->Entry);
314 
315 done:
316  if (!NT_SUCCESS(Status))
317  {
318  if (Package != NULL)
319  {
320  if (Package->ModuleHandle != NULL)
321  LdrUnloadDll(Package->ModuleHandle);
322 
323  if (Package->Name != NULL)
324  {
325  if (Package->Name->Buffer != NULL)
326  RtlFreeHeap(RtlGetProcessHeap(), 0, Package->Name->Buffer);
327 
328  RtlFreeHeap(RtlGetProcessHeap(), 0, Package->Name);
329  }
330 
331  RtlFreeHeap(RtlGetProcessHeap(), 0, Package);
332  }
333  }
334 
335  return Status;
336 }
337 
338 
339 static
340 PAUTH_PACKAGE
341 LsapGetAuthenticationPackage(IN ULONG PackageId)
342 {
343  PLIST_ENTRY ListEntry;
344  PAUTH_PACKAGE Package;
345 
346  ListEntry = PackageListHead.Flink;
347  while (ListEntry != &PackageListHead)
348  {
349  Package = CONTAINING_RECORD(ListEntry, AUTH_PACKAGE, Entry);
350 
351  if (Package->Id == PackageId)
352  {
353  return Package;
354  }
355 
356  ListEntry = ListEntry->Flink;
357  }
358 
359  return NULL;
360 }
361 
362 
363 PVOID
364 NTAPI
365 LsapAllocateHeap(IN ULONG Length)
366 {
367  return RtlAllocateHeap(RtlGetProcessHeap(), 0, Length);
368 }
369 
370 
371 PVOID
372 NTAPI
373 LsapAllocateHeapZero(IN ULONG Length)
374 {
375  return RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, Length);
376 }
377 
378 
379 VOID
380 NTAPI
381 LsapFreeHeap(IN PVOID Base)
382 {
383  RtlFreeHeap(RtlGetProcessHeap(), 0, Base);
384 }
385 
386 
387 static
388 NTSTATUS
389 NTAPI
390 LsapAllocateClientBuffer(IN PLSA_CLIENT_REQUEST ClientRequest,
391  IN ULONG LengthRequired,
392  OUT PVOID *ClientBaseAddress)
393 {
394  PLSAP_LOGON_CONTEXT LogonContext;
395  SIZE_T Length;
396 
397  *ClientBaseAddress = NULL;
398 
399  LogonContext = (PLSAP_LOGON_CONTEXT)ClientRequest;
400 
401  Length = LengthRequired;
402  return NtAllocateVirtualMemory(LogonContext->ClientProcessHandle,
403  ClientBaseAddress,
404  0,
405  &Length,
406  MEM_COMMIT,
407  PAGE_READWRITE);
408 }
409 
410 
411 static
412 NTSTATUS
413 NTAPI
414 LsapFreeClientBuffer(IN PLSA_CLIENT_REQUEST ClientRequest,
415  IN PVOID ClientBaseAddress)
416 {
417  PLSAP_LOGON_CONTEXT LogonContext;
418  SIZE_T Length;
419 
420  if (ClientBaseAddress == NULL)
421  return STATUS_SUCCESS;
422 
423  LogonContext = (PLSAP_LOGON_CONTEXT)ClientRequest;
424 
425  Length = 0;
426  return NtFreeVirtualMemory(LogonContext->ClientProcessHandle,
427  &ClientBaseAddress,
428  &Length,
429  MEM_RELEASE);
430 }
431 
432 
433 static
434 NTSTATUS
435 NTAPI
436 LsapCopyToClientBuffer(IN PLSA_CLIENT_REQUEST ClientRequest,
437  IN ULONG Length,
438  IN PVOID ClientBaseAddress,
439  IN PVOID BufferToCopy)
440 {
441  PLSAP_LOGON_CONTEXT LogonContext;
442 
443  LogonContext = (PLSAP_LOGON_CONTEXT)ClientRequest;
444 
445  return NtWriteVirtualMemory(LogonContext->ClientProcessHandle,
446  ClientBaseAddress,
447  BufferToCopy,
448  Length,
449  NULL);
450 }
451 
452 
453 static
454 NTSTATUS
455 NTAPI
456 LsapCopyFromClientBuffer(IN PLSA_CLIENT_REQUEST ClientRequest,
457  IN ULONG Length,
458  IN PVOID BufferToCopy,
459  IN PVOID ClientBaseAddress)
460 {
461  PLSAP_LOGON_CONTEXT LogonContext;
462 
463  LogonContext = (PLSAP_LOGON_CONTEXT)ClientRequest;
464 
465  return NtReadVirtualMemory(LogonContext->ClientProcessHandle,
466  ClientBaseAddress,
467  BufferToCopy,
468  Length,
469  NULL);
470 }
471 
472 
473 NTSTATUS
474 LsapInitAuthPackages(VOID)
475 {
476  RTL_QUERY_REGISTRY_TABLE AuthPackageTable[] = {
477  {LsapAddAuthPackage, 0, L"Authentication Packages", NULL, REG_NONE, NULL, 0},
478  {NULL, 0, NULL, NULL, REG_NONE, NULL, 0}};
479 
480  NTSTATUS Status;
481 
482  InitializeListHead(&PackageListHead);
483  PackageId = 0;
484 
485  /* Initialize the dispatch table */
486  DispatchTable.CreateLogonSession = &LsapCreateLogonSession;
487  DispatchTable.DeleteLogonSession = &LsapDeleteLogonSession;
488  DispatchTable.AddCredential = &LsapAddCredential;
489  DispatchTable.GetCredentials = &LsapGetCredentials;
490  DispatchTable.DeleteCredential = &LsapDeleteCredential;
491  DispatchTable.AllocateLsaHeap = &LsapAllocateHeapZero;
492  DispatchTable.FreeLsaHeap = &LsapFreeHeap;
493  DispatchTable.AllocateClientBuffer = &LsapAllocateClientBuffer;
494  DispatchTable.FreeClientBuffer = &LsapFreeClientBuffer;
495  DispatchTable.CopyToClientBuffer = &LsapCopyToClientBuffer;
496  DispatchTable.CopyFromClientBuffer = &LsapCopyFromClientBuffer;
497 
498  /* Add registered authentication packages */
499  Status = RtlQueryRegistryValues(RTL_REGISTRY_CONTROL,
500  L"Lsa",
501  AuthPackageTable,
502  &PackageId,
503  NULL);
504 
505  return Status;
506 }
507 
508 
509 NTSTATUS
510 LsapLookupAuthenticationPackage(PLSA_API_MSG RequestMsg,
511  PLSAP_LOGON_CONTEXT LogonContext)
512 {
513  PLIST_ENTRY ListEntry;
514  PAUTH_PACKAGE Package;
515  ULONG PackageNameLength;
516  PCHAR PackageName;
517 
518  TRACE("(%p %p)\n", RequestMsg, LogonContext);
519 
520  PackageNameLength = RequestMsg->LookupAuthenticationPackage.Request.PackageNameLength;
521  PackageName = RequestMsg->LookupAuthenticationPackage.Request.PackageName;
522 
523  TRACE("PackageName: %s\n", PackageName);
524 
525  ListEntry = PackageListHead.Flink;
526  while (ListEntry != &PackageListHead)
527  {
528  Package = CONTAINING_RECORD(ListEntry, AUTH_PACKAGE, Entry);
529 
530  if ((PackageNameLength == Package->Name->Length) &&
531  (_strnicmp(PackageName, Package->Name->Buffer, Package->Name->Length) == 0))
532  {
533  RequestMsg->LookupAuthenticationPackage.Reply.Package = Package->Id;
534  return STATUS_SUCCESS;
535  }
536 
537  ListEntry = ListEntry->Flink;
538  }
539 
540  return STATUS_NO_SUCH_PACKAGE;
541 }
542 
543 
544 NTSTATUS
545 LsapCallAuthenticationPackage(PLSA_API_MSG RequestMsg,
546  PLSAP_LOGON_CONTEXT LogonContext)
547 {
548  PAUTH_PACKAGE Package;
549  PVOID LocalBuffer = NULL;
550  ULONG PackageId;
551  NTSTATUS Status;
552 
553  TRACE("(%p %p)\n", RequestMsg, LogonContext);
554 
555  PackageId = RequestMsg->CallAuthenticationPackage.Request.AuthenticationPackage;
556 
557  /* Get the right authentication package */
558  Package = LsapGetAuthenticationPackage(PackageId);
559  if (Package == NULL)
560  {
561  TRACE("LsapGetAuthenticationPackage() failed to find a package\n");
562  return STATUS_NO_SUCH_PACKAGE;
563  }
564 
565  if (RequestMsg->CallAuthenticationPackage.Request.SubmitBufferLength > 0)
566  {
567  LocalBuffer = RtlAllocateHeap(RtlGetProcessHeap(),
568  HEAP_ZERO_MEMORY,
569  RequestMsg->CallAuthenticationPackage.Request.SubmitBufferLength);
570  if (LocalBuffer == NULL)
571  {
572  return STATUS_INSUFFICIENT_RESOURCES;
573  }
574 
575  Status = NtReadVirtualMemory(LogonContext->ClientProcessHandle,
576  RequestMsg->CallAuthenticationPackage.Request.ProtocolSubmitBuffer,
577  LocalBuffer,
578  RequestMsg->CallAuthenticationPackage.Request.SubmitBufferLength,
579  NULL);
580  if (!NT_SUCCESS(Status))
581  {
582  TRACE("NtReadVirtualMemory() failed (Status 0x%08lx)\n", Status);
583  RtlFreeHeap(RtlGetProcessHeap(), 0, LocalBuffer);
584  return Status;
585  }
586  }
587 
588  if (LogonContext->Untrusted)
589  Status = Package->LsaApCallPackageUntrusted((PLSA_CLIENT_REQUEST)LogonContext,
590  LocalBuffer,
591  RequestMsg->CallAuthenticationPackage.Request.ProtocolSubmitBuffer,
592  RequestMsg->CallAuthenticationPackage.Request.SubmitBufferLength,
593  &RequestMsg->CallAuthenticationPackage.Reply.ProtocolReturnBuffer,
594  &RequestMsg->CallAuthenticationPackage.Reply.ReturnBufferLength,
595  &RequestMsg->CallAuthenticationPackage.Reply.ProtocolStatus);
596  else
597  Status = Package->LsaApCallPackage((PLSA_CLIENT_REQUEST)LogonContext,
598  LocalBuffer,
599  RequestMsg->CallAuthenticationPackage.Request.ProtocolSubmitBuffer,
600  RequestMsg->CallAuthenticationPackage.Request.SubmitBufferLength,
601  &RequestMsg->CallAuthenticationPackage.Reply.ProtocolReturnBuffer,
602  &RequestMsg->CallAuthenticationPackage.Reply.ReturnBufferLength,
603  &RequestMsg->CallAuthenticationPackage.Reply.ProtocolStatus);
604  if (!NT_SUCCESS(Status))
605  {
606  TRACE("Package->LsaApCallPackage() failed (Status 0x%08lx)\n", Status);
607  }
608 
609  if (LocalBuffer != NULL)
610  RtlFreeHeap(RtlGetProcessHeap(), 0, LocalBuffer);
611 
612  return Status;
613 }
614 
615 
616 static
617 NTSTATUS
618 LsapCopyLocalGroups(
619  IN PLSAP_LOGON_CONTEXT LogonContext,
620  IN PTOKEN_GROUPS ClientGroups,
621  IN ULONG ClientGroupsCount,
622  OUT PTOKEN_GROUPS *TokenGroups)
623 {
624  ULONG LocalGroupsLength = 0;
625  PTOKEN_GROUPS LocalGroups = NULL;
626  ULONG SidHeaderLength = 0;
627  PSID SidHeader = NULL;
628  PSID SrcSid, DstSid;
629  ULONG SidLength;
630  ULONG AllocatedSids = 0;
631  ULONG i;
632  NTSTATUS Status;
633 
634  LocalGroupsLength = sizeof(TOKEN_GROUPS) +
635  (ClientGroupsCount - ANYSIZE_ARRAY) * sizeof(SID_AND_ATTRIBUTES);
636  LocalGroups = RtlAllocateHeap(RtlGetProcessHeap(),
637  HEAP_ZERO_MEMORY,
638  LocalGroupsLength);
639  if (LocalGroups == NULL)
640  {
641  TRACE("RtlAllocateHeap() failed\n");
642  return STATUS_INSUFFICIENT_RESOURCES;
643  }
644 
645  Status = NtReadVirtualMemory(LogonContext->ClientProcessHandle,
646  ClientGroups,
647  LocalGroups,
648  LocalGroupsLength,
649  NULL);
650  if (!NT_SUCCESS(Status))
651  goto done;
652 
653 
654  SidHeaderLength = RtlLengthRequiredSid(0);
655  SidHeader = RtlAllocateHeap(RtlGetProcessHeap(),
656  HEAP_ZERO_MEMORY,
657  SidHeaderLength);
658  if (SidHeader == NULL)
659  {
660  Status = STATUS_INSUFFICIENT_RESOURCES;
661  goto done;
662  }
663 
664  for (i = 0; i < ClientGroupsCount; i++)
665  {
666  SrcSid = LocalGroups->Groups[i].Sid;
667 
668  Status = NtReadVirtualMemory(LogonContext->ClientProcessHandle,
669  SrcSid,
670  SidHeader,
671  SidHeaderLength,
672  NULL);
673  if (!NT_SUCCESS(Status))
674  goto done;
675 
676  SidLength = RtlLengthSid(SidHeader);
677  TRACE("Sid %lu: Length %lu\n", i, SidLength);
678 
679  DstSid = RtlAllocateHeap(RtlGetProcessHeap(),
680  HEAP_ZERO_MEMORY,
681  SidLength);
682  if (DstSid == NULL)
683  {
684  Status = STATUS_INSUFFICIENT_RESOURCES;
685  goto done;
686  }
687 
688  Status = NtReadVirtualMemory(LogonContext->ClientProcessHandle,
689  SrcSid,
690  DstSid,
691  SidLength,
692  NULL);
693  if (!NT_SUCCESS(Status))
694  {
695  RtlFreeHeap(RtlGetProcessHeap(), 0, DstSid);
696  goto done;
697  }
698 
699  LocalGroups->Groups[i].Sid = DstSid;
700  AllocatedSids++;
701  }
702 
703  *TokenGroups = LocalGroups;
704 
705 done:
706  if (SidHeader != NULL)
707  RtlFreeHeap(RtlGetProcessHeap(), 0, SidHeader);
708 
709  if (!NT_SUCCESS(Status))
710  {
711  if (LocalGroups != NULL)
712  {
713  for (i = 0; i < AllocatedSids; i++)
714  RtlFreeHeap(RtlGetProcessHeap(), 0, LocalGroups->Groups[i].Sid);
715 
716  RtlFreeHeap(RtlGetProcessHeap(), 0, LocalGroups);
717  }
718  }
719 
720  return Status;
721 }
722 
723 
724 static
725 NTSTATUS
726 LsapAddLocalGroups(
727  IN PVOID TokenInformation,
728  IN LSA_TOKEN_INFORMATION_TYPE TokenInformationType,
729  IN PTOKEN_GROUPS LocalGroups)
730 {
731  PLSA_TOKEN_INFORMATION_V1 TokenInfo1;
732  PTOKEN_GROUPS Groups;
733  ULONG Length;
734  ULONG i;
735  ULONG j;
736 
737  if (LocalGroups == NULL || LocalGroups->GroupCount == 0)
738  return STATUS_SUCCESS;
739 
740  if (TokenInformationType == LsaTokenInformationV1)
741  {
742  TokenInfo1 = (PLSA_TOKEN_INFORMATION_V1)TokenInformation;
743 
744  if (TokenInfo1->Groups != NULL)
745  {
746  Length = sizeof(TOKEN_GROUPS) +
747  (LocalGroups->GroupCount + TokenInfo1->Groups->GroupCount - ANYSIZE_ARRAY) * sizeof(SID_AND_ATTRIBUTES);
748 
749  Groups = RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, Length);
750  if (Groups == NULL)
751  {
752  ERR("Group buffer allocation failed!\n");
753  return STATUS_INSUFFICIENT_RESOURCES;
754  }
755 
756  Groups->GroupCount = LocalGroups->GroupCount + TokenInfo1->Groups->GroupCount;
757 
758  for (i = 0; i < TokenInfo1->Groups->GroupCount; i++)
759  {
760  Groups->Groups[i].Sid = TokenInfo1->Groups->Groups[i].Sid;
761  Groups->Groups[i].Attributes = TokenInfo1->Groups->Groups[i].Attributes;
762  }
763 
764  for (j = 0; j < LocalGroups->GroupCount; i++, j++)
765  {
766  Groups->Groups[i].Sid = LocalGroups->Groups[j].Sid;
767  Groups->Groups[i].Attributes = LocalGroups->Groups[j].Attributes;
768  LocalGroups->Groups[j].Sid = NULL;
769  }
770 
771  RtlFreeHeap(RtlGetProcessHeap(), 0, TokenInfo1->Groups);
772 
773  TokenInfo1->Groups = Groups;
774  }
775  else
776  {
777  Length = sizeof(TOKEN_GROUPS) +
778  (LocalGroups->GroupCount - ANYSIZE_ARRAY) * sizeof(SID_AND_ATTRIBUTES);
779 
780  Groups = RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, Length);
781  if (Groups == NULL)
782  {
783  ERR("Group buffer allocation failed!\n");
784  return STATUS_INSUFFICIENT_RESOURCES;
785  }
786 
787  Groups->GroupCount = LocalGroups->GroupCount;
788 
789  for (i = 0; i < LocalGroups->GroupCount; i++)
790  {
791  Groups->Groups[i].Sid = LocalGroups->Groups[i].Sid;
792  Groups->Groups[i].Attributes = LocalGroups->Groups[i].Attributes;
793  }
794 
795  TokenInfo1->Groups = Groups;
796  }
797  }
798  else
799  {
800  FIXME("TokenInformationType %d is not supported!\n", TokenInformationType);
801  return STATUS_NOT_IMPLEMENTED;
802  }
803 
804  return STATUS_SUCCESS;
805 }
806 
807 static
808 NTSTATUS
809 LsapAddDefaultGroups(
810  IN PVOID TokenInformation,
811  IN LSA_TOKEN_INFORMATION_TYPE TokenInformationType,
812  IN SECURITY_LOGON_TYPE LogonType)
813 {
814  PLSA_TOKEN_INFORMATION_V1 TokenInfo1;
815  PTOKEN_GROUPS Groups;
816  ULONG i, Length;
817  PSID SrcSid;
818 
819  if (TokenInformationType == LsaTokenInformationV1)
820  {
821  TokenInfo1 = (PLSA_TOKEN_INFORMATION_V1)TokenInformation;
822 
823  if (TokenInfo1->Groups != NULL)
824  {
825  Length = sizeof(TOKEN_GROUPS) +
826  (TokenInfo1->Groups->GroupCount + 2 - ANYSIZE_ARRAY) * sizeof(SID_AND_ATTRIBUTES);
827 
828  Groups = RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, Length);
829  if (Groups == NULL)
830  {
831  ERR("Group buffer allocation failed!\n");
832  return STATUS_INSUFFICIENT_RESOURCES;
833  }
834 
835  Groups->GroupCount = TokenInfo1->Groups->GroupCount;
836 
837  for (i = 0; i < TokenInfo1->Groups->GroupCount; i++)
838  {
839  Groups->Groups[i].Sid = TokenInfo1->Groups->Groups[i].Sid;
840  Groups->Groups[i].Attributes = TokenInfo1->Groups->Groups[i].Attributes;
841  }
842 
843  RtlFreeHeap(RtlGetProcessHeap(), 0, TokenInfo1->Groups);
844 
845  TokenInfo1->Groups = Groups;
846 
847  }
848  else
849  {
850  Length = sizeof(TOKEN_GROUPS) +
851  (2 - ANYSIZE_ARRAY) * sizeof(SID_AND_ATTRIBUTES);
852 
853  Groups = RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, Length);
854  if (Groups == NULL)
855  {
856  ERR("Group buffer allocation failed!\n");
857  return STATUS_INSUFFICIENT_RESOURCES;
858  }
859 
860  TokenInfo1->Groups = Groups;
861  }
862 
863  /* Append the World SID (aka Everyone) */
864  Length = RtlLengthSid(LsapWorldSid);
865  Groups->Groups[Groups->GroupCount].Sid = RtlAllocateHeap(RtlGetProcessHeap(),
866  HEAP_ZERO_MEMORY,
867  Length);
868  if (Groups->Groups[Groups->GroupCount].Sid == NULL)
869  return STATUS_INSUFFICIENT_RESOURCES;
870 
871  RtlCopyMemory(Groups->Groups[Groups->GroupCount].Sid,
872  LsapWorldSid,
873  Length);
874 
875  Groups->Groups[Groups->GroupCount].Attributes =
876  SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
877 
878  Groups->GroupCount++;
879 
880  /* Append the logon type SID */
881  switch (LogonType)
882  {
883  case Interactive:
884  SrcSid = LsapInteractiveSid;
885  break;
886 
887  case Network:
888  SrcSid = LsapNetworkSid;
889  break;
890 
891  case Batch:
892  SrcSid = LsapBatchSid;
893  break;
894 
895  case Service:
896  SrcSid = LsapServiceSid;
897  break;
898 
899  default:
900  FIXME("LogonType %d is not supported!\n", LogonType);
901  return STATUS_NOT_IMPLEMENTED;
902  }
903 
904  Length = RtlLengthSid(SrcSid);
905  Groups->Groups[Groups->GroupCount].Sid = RtlAllocateHeap(RtlGetProcessHeap(),
906  HEAP_ZERO_MEMORY,
907  Length);
908  if (Groups->Groups[Groups->GroupCount].Sid == NULL)
909  return STATUS_INSUFFICIENT_RESOURCES;
910 
911  RtlCopyMemory(Groups->Groups[Groups->GroupCount].Sid,
912  SrcSid,
913  Length);
914 
915  Groups->Groups[Groups->GroupCount].Attributes =
916  SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
917 
918  Groups->GroupCount++;
919  }
920  else
921  {
922  FIXME("TokenInformationType %d is not supported!\n", TokenInformationType);
923  return STATUS_NOT_IMPLEMENTED;
924  }
925 
926  return STATUS_SUCCESS;
927 }
928 
929 
930 static
931 NTSTATUS
932 LsapAppendSidToGroups(
933  IN PTOKEN_GROUPS *TokenGroups,
934  IN PSID DomainSid,
935  IN ULONG RelativeId)
936 {
937  PTOKEN_GROUPS Groups;
938  PSID Sid;
939  ULONG Length;
940  ULONG i;
941 
942  Sid = LsapAppendRidToSid(DomainSid, RelativeId);
943  if (Sid == NULL)
944  {
945  ERR("Group SID creation failed!\n");
946  return STATUS_INSUFFICIENT_RESOURCES;
947  }
948 
949  if (*TokenGroups == NULL)
950  {
951  Length = sizeof(TOKEN_GROUPS) +
952  (1 - ANYSIZE_ARRAY) * sizeof(SID_AND_ATTRIBUTES);
953 
954  Groups = RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, Length);
955  if (Groups == NULL)
956  {
957  ERR("Group buffer allocation failed!\n");
958  return STATUS_INSUFFICIENT_RESOURCES;
959  }
960 
961  Groups->GroupCount = 1;
962 
963  Groups->Groups[0].Sid = Sid;
964  Groups->Groups[0].Attributes =
965  SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
966 
967  *TokenGroups = Groups;
968  }
969  else
970  {
971  for (i = 0; i < (*TokenGroups)->GroupCount; i++)
972  {
973  if (RtlEqualSid((*TokenGroups)->Groups[i].Sid, Sid))
974  {
975  RtlFreeHeap(RtlGetProcessHeap(), 0, Sid);
976  return STATUS_SUCCESS;
977  }
978  }
979 
980  Length = sizeof(TOKEN_GROUPS) +
981  ((*TokenGroups)->GroupCount + 1 - ANYSIZE_ARRAY) * sizeof(SID_AND_ATTRIBUTES);
982 
983  Groups = RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, Length);
984  if (Groups == NULL)
985  {
986  ERR("Group buffer allocation failed!\n");
987  return STATUS_INSUFFICIENT_RESOURCES;
988  }
989 
990  Groups->GroupCount = (*TokenGroups)->GroupCount;
991 
992  for (i = 0; i < (*TokenGroups)->GroupCount; i++)
993  {
994  Groups->Groups[i].Sid = (*TokenGroups)->Groups[i].Sid;
995  Groups->Groups[i].Attributes = (*TokenGroups)->Groups[i].Attributes;
996  }
997 
998  Groups->Groups[Groups->GroupCount].Sid = Sid;
999  Groups->Groups[Groups->GroupCount].Attributes =
1000  SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
1001 
1002  Groups->GroupCount++;
1003 
1004  RtlFreeHeap(RtlGetProcessHeap(), 0, *TokenGroups);
1005 
1006  *TokenGroups = Groups;
1007  }
1008 
1009  return STATUS_SUCCESS;
1010 }
1011 
1012 
1013 static
1014 NTSTATUS
1015 LsapAddSamGroups(
1016  IN PVOID TokenInformation,
1017  IN LSA_TOKEN_INFORMATION_TYPE TokenInformationType)
1018 {
1019  PLSA_TOKEN_INFORMATION_V1 TokenInfo1;
1020  SAMPR_HANDLE ServerHandle = NULL;
1021  SAMPR_HANDLE BuiltinDomainHandle = NULL;
1022  SAMPR_HANDLE AccountDomainHandle = NULL;
1023  SAMPR_PSID_ARRAY SidArray;
1024  SAMPR_ULONG_ARRAY BuiltinMembership;
1025  SAMPR_ULONG_ARRAY AccountMembership;
1026  ULONG i;
1027  NTSTATUS Status = STATUS_SUCCESS;
1028 
1029  if (TokenInformationType != LsaTokenInformationV1)
1030  return STATUS_SUCCESS;
1031 
1032  TokenInfo1 = (PLSA_TOKEN_INFORMATION_V1)TokenInformation;
1033 
1034  SidArray.Count = TokenInfo1->Groups->GroupCount + 1;
1035  SidArray.Sids = RtlAllocateHeap(RtlGetProcessHeap(),
1036  HEAP_ZERO_MEMORY,
1037  (TokenInfo1->Groups->GroupCount + 1) * sizeof(PRPC_SID));
1038  if (SidArray.Sids == NULL)
1039  return STATUS_INSUFFICIENT_RESOURCES;
1040 
1041  SidArray.Sids[0].SidPointer = TokenInfo1->User.User.Sid;
1042  for (i = 0; i < TokenInfo1->Groups->GroupCount; i++)
1043  SidArray.Sids[i + 1].SidPointer = TokenInfo1->Groups->Groups[i].Sid;
1044 
1045  BuiltinMembership.Element = NULL;
1046  AccountMembership.Element = NULL;
1047 
1048  Status = SamIConnect(NULL,
1049  &ServerHandle,
1050  SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN,
1051  FALSE);
1052  if (!NT_SUCCESS(Status))
1053  {
1054  TRACE("SamIConnect failed (Status %08lx)\n", Status);
1055  goto done;
1056  }
1057 
1058  Status = SamrOpenDomain(ServerHandle,
1059  DOMAIN_GET_ALIAS_MEMBERSHIP,
1060  BuiltinDomainSid,
1061  &BuiltinDomainHandle);
1062  if (!NT_SUCCESS(Status))
1063  {
1064  TRACE("SamrOpenDomain failed (Status %08lx)\n", Status);
1065  goto done;
1066  }
1067 
1068  Status = SamrOpenDomain(ServerHandle,
1069  DOMAIN_GET_ALIAS_MEMBERSHIP,
1070  AccountDomainSid,
1071  &AccountDomainHandle);
1072  if (!NT_SUCCESS(Status))
1073  {
1074  TRACE("SamrOpenDomain failed (Status %08lx)\n", Status);
1075  goto done;
1076  }
1077 
1078  Status = SamrGetAliasMembership(BuiltinDomainHandle,
1079  &SidArray,
1080  &BuiltinMembership);
1081  if (!NT_SUCCESS(Status))
1082  {
1083  TRACE("SamrGetAliasMembership failed (Status %08lx)\n", Status);
1084  goto done;
1085  }
1086 
1087  Status = SamrGetAliasMembership(AccountDomainHandle,
1088  &SidArray,
1089  &AccountMembership);
1090  if (!NT_SUCCESS(Status))
1091  {
1092  TRACE("SamrGetAliasMembership failed (Status %08lx)\n", Status);
1093  goto done;
1094  }
1095 
1096  TRACE("Builtin Memberships: %lu\n", BuiltinMembership.Count);
1097  for (i = 0; i < BuiltinMembership.Count; i++)
1098  {
1099  TRACE("RID %lu: %lu (0x%lx)\n", i, BuiltinMembership.Element[i], BuiltinMembership.Element[i]);
1100  Status = LsapAppendSidToGroups(&TokenInfo1->Groups,
1101  BuiltinDomainSid,
1102  BuiltinMembership.Element[i]);
1103  if (!NT_SUCCESS(Status))
1104  {
1105  TRACE("LsapAppendSidToGroups failed (Status %08lx)\n", Status);
1106  goto done;
1107  }
1108  }
1109 
1110  TRACE("Account Memberships: %lu\n", AccountMembership.Count);
1111  for (i = 0; i < AccountMembership.Count; i++)
1112  {
1113  TRACE("RID %lu: %lu (0x%lx)\n", i, AccountMembership.Element[i], AccountMembership.Element[i]);
1114  Status = LsapAppendSidToGroups(&TokenInfo1->Groups,
1115  AccountDomainSid,
1116  AccountMembership.Element[i]);
1117  if (!NT_SUCCESS(Status))
1118  {
1119  TRACE("LsapAppendSidToGroups failed (Status %08lx)\n", Status);
1120  goto done;
1121  }
1122  }
1123 
1124 done:
1125  RtlFreeHeap(RtlGetProcessHeap(), 0, SidArray.Sids);
1126 
1127  if (AccountMembership.Element != NULL)
1128  SamIFree_SAMPR_ULONG_ARRAY(&AccountMembership);
1129 
1130  if (BuiltinMembership.Element != NULL)
1131  SamIFree_SAMPR_ULONG_ARRAY(&BuiltinMembership);
1132 
1133  if (AccountDomainHandle != NULL)
1134  SamrCloseHandle(&AccountDomainHandle);
1135 
1136  if (BuiltinDomainHandle != NULL)
1137  SamrCloseHandle(&BuiltinDomainHandle);
1138 
1139  if (ServerHandle != NULL)
1140  SamrCloseHandle(&ServerHandle);
1141 
1142 // return Status;
1143 
1144  return STATUS_SUCCESS;
1145 }
1146 
1147 
1148 static
1149 NTSTATUS
1150 LsapSetTokenOwner(
1151  IN PVOID TokenInformation,
1152  IN LSA_TOKEN_INFORMATION_TYPE TokenInformationType)
1153 {
1154  PLSA_TOKEN_INFORMATION_V1 TokenInfo1;
1155  PSID_AND_ATTRIBUTES OwnerSid = NULL;
1156  ULONG i, Length;
1157 
1158  if (TokenInformationType == LsaTokenInformationV1)
1159  {
1160  TokenInfo1 = (PLSA_TOKEN_INFORMATION_V1)TokenInformation;
1161 
1162  if (TokenInfo1->Owner.Owner != NULL)
1163  return STATUS_SUCCESS;
1164 
1165  OwnerSid = &TokenInfo1->User.User;
1166  for (i = 0; i < TokenInfo1->Groups->GroupCount; i++)
1167  {
1168  if (EqualSid(TokenInfo1->Groups->Groups[i].Sid, LsapAdministratorsSid))
1169  {
1170  OwnerSid = &TokenInfo1->Groups->Groups[i];
1171  break;
1172  }
1173  }
1174 
1175  Length = RtlLengthSid(OwnerSid->Sid);
1176  TokenInfo1->Owner.Owner = DispatchTable.AllocateLsaHeap(Length);
1177  if (TokenInfo1->Owner.Owner == NULL)
1178  return STATUS_INSUFFICIENT_RESOURCES;
1179 
1180  RtlCopyMemory(TokenInfo1->Owner.Owner,
1181  OwnerSid->Sid,
1182  Length);
1183  OwnerSid->Attributes |= SE_GROUP_OWNER;
1184  }
1185 
1186  return STATUS_SUCCESS;
1187 }
1188 
1189 
1190 static
1191 NTSTATUS
1192 LsapAddTokenDefaultDacl(
1193  IN PVOID TokenInformation,
1194  IN LSA_TOKEN_INFORMATION_TYPE TokenInformationType)
1195 {
1196  PLSA_TOKEN_INFORMATION_V1 TokenInfo1;
1197  PACL Dacl = NULL;
1198  ULONG Length;
1199 
1200  if (TokenInformationType == LsaTokenInformationV1)
1201  {
1202  TokenInfo1 = (PLSA_TOKEN_INFORMATION_V1)TokenInformation;
1203 
1204  if (TokenInfo1->DefaultDacl.DefaultDacl != NULL)
1205  return STATUS_SUCCESS;
1206 
1207  Length = sizeof(ACL) +
1208  (2 * sizeof(ACCESS_ALLOWED_ACE)) +
1209  RtlLengthSid(TokenInfo1->Owner.Owner) +
1210  RtlLengthSid(LsapLocalSystemSid);
1211 
1212  Dacl = DispatchTable.AllocateLsaHeap(Length);
1213  if (Dacl == NULL)
1214  return STATUS_INSUFFICIENT_RESOURCES;
1215 
1216  RtlCreateAcl(Dacl, Length, ACL_REVISION);
1217 
1218  RtlAddAccessAllowedAce(Dacl,
1219  ACL_REVISION,
1220  GENERIC_ALL,
1221  TokenInfo1->Owner.Owner);
1222 
1223  /* SID: S-1-5-18 */
1224  RtlAddAccessAllowedAce(Dacl,
1225  ACL_REVISION,
1226  GENERIC_ALL,
1227  LsapLocalSystemSid);
1228 
1229  TokenInfo1->DefaultDacl.DefaultDacl = Dacl;
1230  }
1231 
1232  return STATUS_SUCCESS;
1233 }
1234 
1235 
1236 static
1237 NTSTATUS
1238 LsapAddPrivilegeToTokenPrivileges(PTOKEN_PRIVILEGES *TokenPrivileges,
1239  PLSAPR_LUID_AND_ATTRIBUTES Privilege)
1240 {
1241  PTOKEN_PRIVILEGES LocalPrivileges;
1242  ULONG Length, TokenPrivilegeCount, i;
1243  NTSTATUS Status = STATUS_SUCCESS;
1244 
1245  if (*TokenPrivileges == NULL)
1246  {
1247  Length = sizeof(TOKEN_PRIVILEGES) +
1248  (1 - ANYSIZE_ARRAY) * sizeof(LUID_AND_ATTRIBUTES);
1249  LocalPrivileges = RtlAllocateHeap(RtlGetProcessHeap(),
1250  0,
1251  Length);
1252  if (LocalPrivileges == NULL)
1253  return STATUS_INSUFFICIENT_RESOURCES;
1254 
1255  LocalPrivileges->PrivilegeCount = 1;
1256  LocalPrivileges->Privileges[0].Luid = Privilege->Luid;
1257  LocalPrivileges->Privileges[0].Attributes = Privilege->Attributes;
1258  }
1259  else
1260  {
1261  TokenPrivilegeCount = (*TokenPrivileges)->PrivilegeCount;
1262 
1263  for (i = 0; i < TokenPrivilegeCount; i++)
1264  {
1265  if (RtlEqualLuid(&(*TokenPrivileges)->Privileges[i].Luid, &Privilege->Luid))
1266  return STATUS_SUCCESS;
1267  }
1268 
1269  Length = sizeof(TOKEN_PRIVILEGES) +
1270  (TokenPrivilegeCount + 1 - ANYSIZE_ARRAY) * sizeof(LUID_AND_ATTRIBUTES);
1271  LocalPrivileges = RtlAllocateHeap(RtlGetProcessHeap(),
1272  0,
1273  Length);
1274  if (LocalPrivileges == NULL)
1275  return STATUS_INSUFFICIENT_RESOURCES;
1276 
1277  LocalPrivileges->PrivilegeCount = TokenPrivilegeCount + 1;
1278  for (i = 0; i < TokenPrivilegeCount; i++)
1279  {
1280  LocalPrivileges->Privileges[i].Luid = (*TokenPrivileges)->Privileges[i].Luid;
1281  LocalPrivileges->Privileges[i].Attributes = (*TokenPrivileges)->Privileges[i].Attributes;
1282  }
1283 
1284  LocalPrivileges->Privileges[TokenPrivilegeCount].Luid = Privilege->Luid;
1285  LocalPrivileges->Privileges[TokenPrivilegeCount].Attributes = Privilege->Attributes;
1286 
1287  RtlFreeHeap(RtlGetProcessHeap(), 0, *TokenPrivileges);
1288  }
1289 
1290  *TokenPrivileges = LocalPrivileges;
1291 
1292  return Status;
1293 }
1294 
1295 static
1296 NTSTATUS
1297 LsapSetPrivileges(
1298  IN PVOID TokenInformation,
1299  IN LSA_TOKEN_INFORMATION_TYPE TokenInformationType)
1300 {
1301  PLSA_TOKEN_INFORMATION_V1 TokenInfo1;
1302  LSAPR_HANDLE PolicyHandle = NULL;
1303  LSAPR_HANDLE AccountHandle = NULL;
1304  PLSAPR_PRIVILEGE_SET Privileges = NULL;
1305  ULONG i, j;
1306  NTSTATUS Status;
1307 
1308  if (TokenInformationType == LsaTokenInformationV1)
1309  {
1310  TokenInfo1 = (PLSA_TOKEN_INFORMATION_V1)TokenInformation;
1311 
1312  Status = LsarOpenPolicy(NULL,
1313  NULL,
1314  0,
1315  &PolicyHandle);
1316  if (!NT_SUCCESS(Status))
1317  return Status;
1318 
1319  for (i = 0; i < TokenInfo1->Groups->GroupCount; i++)
1320  {
1321  Status = LsarOpenAccount(PolicyHandle,
1322  TokenInfo1->Groups->Groups[i].Sid,
1323  ACCOUNT_VIEW,
1324  &AccountHandle);
1325  if (!NT_SUCCESS(Status))
1326  continue;
1327 
1328  Status = LsarEnumeratePrivilegesAccount(AccountHandle,
1329  &Privileges);
1330  if (NT_SUCCESS(Status))
1331  {
1332  for (j = 0; j < Privileges->PrivilegeCount; j++)
1333  {
1334  Status = LsapAddPrivilegeToTokenPrivileges(&TokenInfo1->Privileges,
1335  &(Privileges->Privilege[j]));
1336  if (!NT_SUCCESS(Status))
1337  {
1338  /* We failed, clean everything and return */
1339  LsaIFree_LSAPR_PRIVILEGE_SET(Privileges);
1340  LsarClose(&AccountHandle);
1341  LsarClose(&PolicyHandle);
1342 
1343  return Status;
1344  }
1345  }
1346 
1347  LsaIFree_LSAPR_PRIVILEGE_SET(Privileges);
1348  Privileges = NULL;
1349  }
1350 
1351  LsarClose(&AccountHandle);
1352  }
1353 
1354  LsarClose(&PolicyHandle);
1355 
1356  if (TokenInfo1->Privileges != NULL)
1357  {
1358  for (i = 0; i < TokenInfo1->Privileges->PrivilegeCount; i++)
1359  {
1360  if (RtlEqualLuid(&TokenInfo1->Privileges->Privileges[i].Luid, &SeChangeNotifyPrivilege) ||
1361  RtlEqualLuid(&TokenInfo1->Privileges->Privileges[i].Luid, &SeCreateGlobalPrivilege) ||
1362  RtlEqualLuid(&TokenInfo1->Privileges->Privileges[i].Luid, &SeImpersonatePrivilege))
1363  {
1364  TokenInfo1->Privileges->Privileges[i].Attributes |= SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT;
1365  }
1366  }
1367  }
1368  }
1369 
1370  return STATUS_SUCCESS;
1371 }
1372 
1373 
1374 NTSTATUS
1375 LsapLogonUser(PLSA_API_MSG RequestMsg,
1376  PLSAP_LOGON_CONTEXT LogonContext)
1377 {
1378  PAUTH_PACKAGE Package;
1379  OBJECT_ATTRIBUTES ObjectAttributes;
1380  SECURITY_QUALITY_OF_SERVICE Qos;
1381  LSA_TOKEN_INFORMATION_TYPE TokenInformationType;
1382  PVOID TokenInformation = NULL;
1383  PLSA_TOKEN_INFORMATION_NULL TokenInfo0 = NULL;
1384  PLSA_TOKEN_INFORMATION_V1 TokenInfo1 = NULL;
1385  PUNICODE_STRING AccountName = NULL;
1386  PUNICODE_STRING AuthenticatingAuthority = NULL;
1387  PUNICODE_STRING MachineName = NULL;
1388  PVOID LocalAuthInfo = NULL;
1389  PTOKEN_GROUPS LocalGroups = NULL;
1390  HANDLE TokenHandle = NULL;
1391  ULONG i;
1392  ULONG PackageId;
1393  SECURITY_LOGON_TYPE LogonType;
1394  NTSTATUS Status;
1395 
1396  PUNICODE_STRING UserName = NULL;
1397  PUNICODE_STRING LogonDomainName = NULL;
1398 // UNICODE_STRING LogonServer;
1399 
1400 
1401  TRACE("LsapLogonUser(%p %p)\n", RequestMsg, LogonContext);
1402 
1403  PackageId = RequestMsg->LogonUser.Request.AuthenticationPackage;
1404  LogonType = RequestMsg->LogonUser.Request.LogonType;
1405 
1406  /* Get the right authentication package */
1407  Package = LsapGetAuthenticationPackage(PackageId);
1408  if (Package == NULL)
1409  {
1410  ERR("LsapGetAuthenticationPackage() failed to find a package\n");
1411  return STATUS_NO_SUCH_PACKAGE;
1412  }
1413 
1414  if (RequestMsg->LogonUser.Request.AuthenticationInformationLength > 0)
1415  {
1416  /* Allocate the local authentication info buffer */
1417  LocalAuthInfo = RtlAllocateHeap(RtlGetProcessHeap(),
1418  HEAP_ZERO_MEMORY,
1419  RequestMsg->LogonUser.Request.AuthenticationInformationLength);
1420  if (LocalAuthInfo == NULL)
1421  {
1422  ERR("RtlAllocateHeap() failed\n");
1423  return STATUS_INSUFFICIENT_RESOURCES;
1424  }
1425 
1426  /* Read the authentication info from the callers address space */
1427  Status = NtReadVirtualMemory(LogonContext->ClientProcessHandle,
1428  RequestMsg->LogonUser.Request.AuthenticationInformation,
1429  LocalAuthInfo,
1430  RequestMsg->LogonUser.Request.AuthenticationInformationLength,
1431  NULL);
1432  if (!NT_SUCCESS(Status))
1433  {
1434  ERR("NtReadVirtualMemory() failed (Status 0x%08lx)\n", Status);
1435  RtlFreeHeap(RtlGetProcessHeap(), 0, LocalAuthInfo);
1436  return Status;
1437  }
1438  }
1439 
1440  if (RequestMsg->LogonUser.Request.LocalGroupsCount > 0)
1441  {
1442  Status = LsapCopyLocalGroups(LogonContext,
1443  RequestMsg->LogonUser.Request.LocalGroups,
1444  RequestMsg->LogonUser.Request.LocalGroupsCount,
1445  &LocalGroups);
1446  if (!NT_SUCCESS(Status))
1447  {
1448  ERR("LsapCopyLocalGroups failed (Status 0x%08lx)\n", Status);
1449  goto done;
1450  }
1451 
1452  TRACE("GroupCount: %lu\n", LocalGroups->GroupCount);
1453  }
1454 
1455  if (Package->LsaApLogonUserEx2 != NULL)
1456  {
1457  Status = Package->LsaApLogonUserEx2((PLSA_CLIENT_REQUEST)LogonContext,
1458  RequestMsg->LogonUser.Request.LogonType,
1459  LocalAuthInfo,
1460  RequestMsg->LogonUser.Request.AuthenticationInformation,
1461  RequestMsg->LogonUser.Request.AuthenticationInformationLength,
1462  &RequestMsg->LogonUser.Reply.ProfileBuffer,
1463  &RequestMsg->LogonUser.Reply.ProfileBufferLength,
1464  &RequestMsg->LogonUser.Reply.LogonId,
1465  &RequestMsg->LogonUser.Reply.SubStatus,
1466  &TokenInformationType,
1467  &TokenInformation,
1468  &AccountName,
1469  &AuthenticatingAuthority,
1470  &MachineName,
1471  NULL, /* FIXME: PSECPKG_PRIMARY_CRED PrimaryCredentials */
1472  NULL); /* FIXME: PSECPKG_SUPPLEMENTAL_CRED_ARRAY *SupplementalCredentials */
1473  }
1474  else if (Package->LsaApLogonUserEx != NULL)
1475  {
1476  Status = Package->LsaApLogonUserEx((PLSA_CLIENT_REQUEST)LogonContext,
1477  RequestMsg->LogonUser.Request.LogonType,
1478  LocalAuthInfo,
1479  RequestMsg->LogonUser.Request.AuthenticationInformation,
1480  RequestMsg->LogonUser.Request.AuthenticationInformationLength,
1481  &RequestMsg->LogonUser.Reply.ProfileBuffer,
1482  &RequestMsg->LogonUser.Reply.ProfileBufferLength,
1483  &RequestMsg->LogonUser.Reply.LogonId,
1484  &RequestMsg->LogonUser.Reply.SubStatus,
1485  &TokenInformationType,
1486  &TokenInformation,
1487  &AccountName,
1488  &AuthenticatingAuthority,
1489  &MachineName);
1490  }
1491  else
1492  {
1493  Status = Package->LsaApLogonUser((PLSA_CLIENT_REQUEST)LogonContext,
1494  RequestMsg->LogonUser.Request.LogonType,
1495  LocalAuthInfo,
1496  RequestMsg->LogonUser.Request.AuthenticationInformation,
1497  RequestMsg->LogonUser.Request.AuthenticationInformationLength,
1498  &RequestMsg->LogonUser.Reply.ProfileBuffer,
1499  &RequestMsg->LogonUser.Reply.ProfileBufferLength,
1500  &RequestMsg->LogonUser.Reply.LogonId,
1501  &RequestMsg->LogonUser.Reply.SubStatus,
1502  &TokenInformationType,
1503  &TokenInformation,
1504  &AccountName,
1505  &AuthenticatingAuthority);
1506  }
1507 
1508  if (!NT_SUCCESS(Status))
1509  {
1510  ERR("LsaApLogonUser/Ex/2 failed (Status 0x%08lx)\n", Status);
1511  goto done;
1512  }
1513 
1514  if (LocalGroups->GroupCount > 0)
1515  {
1516  /* Add local groups to the token information */
1517  Status = LsapAddLocalGroups(TokenInformation,
1518  TokenInformationType,
1519  LocalGroups);
1520  if (!NT_SUCCESS(Status))
1521  {
1522  ERR("LsapAddLocalGroupsToTokenInfo() failed (Status 0x%08lx)\n", Status);
1523  goto done;
1524  }
1525  }
1526 
1527  Status = LsapAddDefaultGroups(TokenInformation,
1528  TokenInformationType,
1529  LogonType);
1530  if (!NT_SUCCESS(Status))
1531  {
1532  ERR("LsapAddDefaultGroups() failed (Status 0x%08lx)\n", Status);
1533  goto done;
1534  }
1535 
1536  Status = LsapAddSamGroups(TokenInformation,
1537  TokenInformationType);
1538  if (!NT_SUCCESS(Status))
1539  {
1540  ERR("LsapAddSamGroups() failed (Status 0x%08lx)\n", Status);
1541  goto done;
1542  }
1543 
1544  Status = LsapSetTokenOwner(TokenInformation,
1545  TokenInformationType);
1546  if (!NT_SUCCESS(Status))
1547  {
1548  ERR("LsapSetTokenOwner() failed (Status 0x%08lx)\n", Status);
1549  goto done;
1550  }
1551 
1552  Status = LsapAddTokenDefaultDacl(TokenInformation,
1553  TokenInformationType);
1554  if (!NT_SUCCESS(Status))
1555  {
1556  ERR("LsapAddTokenDefaultDacl() failed (Status 0x%08lx)\n", Status);
1557  goto done;
1558  }
1559 
1560  Status = LsapSetPrivileges(TokenInformation,
1561  TokenInformationType);
1562  if (!NT_SUCCESS(Status))
1563  {
1564  ERR("LsapSetPrivileges() failed (Status 0x%08lx)\n", Status);
1565  goto done;
1566  }
1567 
1568  if (TokenInformationType == LsaTokenInformationNull)
1569  {
1570  TOKEN_USER TokenUser;
1571  TOKEN_PRIMARY_GROUP TokenPrimaryGroup;
1572  TOKEN_GROUPS NoGroups = {0};
1573  TOKEN_PRIVILEGES NoPrivileges = {0};
1574 
1575  TokenInfo0 = (PLSA_TOKEN_INFORMATION_NULL)TokenInformation;
1576 
1577  TokenUser.User.Sid = LsapWorldSid;
1578  TokenUser.User.Attributes = 0;
1579  TokenPrimaryGroup.PrimaryGroup = LsapWorldSid;
1580 
1581  Qos.Length = sizeof(SECURITY_QUALITY_OF_SERVICE);
1582  Qos.ImpersonationLevel = SecurityImpersonation;
1583  Qos.ContextTrackingMode = SECURITY_STATIC_TRACKING;
1584  Qos.EffectiveOnly = TRUE;
1585 
1586  ObjectAttributes.Length = sizeof(OBJECT_ATTRIBUTES);
1587  ObjectAttributes.RootDirectory = NULL;
1588  ObjectAttributes.ObjectName = NULL;
1589  ObjectAttributes.Attributes = 0;
1590  ObjectAttributes.SecurityDescriptor = NULL;
1591  ObjectAttributes.SecurityQualityOfService = &Qos;
1592 
1593  /* Create the logon token */
1594  Status = NtCreateToken(&TokenHandle,
1595  TOKEN_ALL_ACCESS,
1596  &ObjectAttributes,
1597  TokenImpersonation,
1598  &RequestMsg->LogonUser.Reply.LogonId,
1599  &TokenInfo0->ExpirationTime,
1600  &TokenUser,
1601  &NoGroups,
1602  &NoPrivileges,
1603  NULL,
1604  &TokenPrimaryGroup,
1605  NULL,
1606  &RequestMsg->LogonUser.Request.SourceContext);
1607  }
1608  else if (TokenInformationType == LsaTokenInformationV1)
1609  {
1610  TOKEN_PRIVILEGES NoPrivileges = {0};
1611 
1612  TokenInfo1 = (PLSA_TOKEN_INFORMATION_V1)TokenInformation;
1613 
1614  Qos.Length = sizeof(SECURITY_QUALITY_OF_SERVICE);
1615  Qos.ImpersonationLevel = SecurityImpersonation;
1616  Qos.ContextTrackingMode = SECURITY_DYNAMIC_TRACKING;
1617  Qos.EffectiveOnly = FALSE;
1618 
1619  ObjectAttributes.Length = sizeof(OBJECT_ATTRIBUTES);
1620  ObjectAttributes.RootDirectory = NULL;
1621  ObjectAttributes.ObjectName = NULL;
1622  ObjectAttributes.Attributes = 0;
1623  ObjectAttributes.SecurityDescriptor = NULL;
1624  ObjectAttributes.SecurityQualityOfService = &Qos;
1625 
1626  /* Create the logon token */
1627  Status = NtCreateToken(&TokenHandle,
1628  TOKEN_ALL_ACCESS,
1629  &ObjectAttributes,
1630  (RequestMsg->LogonUser.Request.LogonType == Network) ? TokenImpersonation : TokenPrimary,
1631  &RequestMsg->LogonUser.Reply.LogonId,
1632  &TokenInfo1->ExpirationTime,
1633  &TokenInfo1->User,
1634  TokenInfo1->Groups,
1635  TokenInfo1->Privileges ? TokenInfo1->Privileges : &NoPrivileges,
1636  &TokenInfo1->Owner,
1637  &TokenInfo1->PrimaryGroup,
1638  &TokenInfo1->DefaultDacl,
1639  &RequestMsg->LogonUser.Request.SourceContext);
1640  if (!NT_SUCCESS(Status))
1641  {
1642  ERR("NtCreateToken failed (Status 0x%08lx)\n", Status);
1643  goto done;
1644  }
1645  }
1646  else
1647  {
1648  FIXME("TokenInformationType %d is not supported!\n", TokenInformationType);
1649  Status = STATUS_NOT_IMPLEMENTED;
1650  goto done;
1651  }
1652 
1653  if (LogonType == Interactive ||
1654  LogonType == Batch ||
1655  LogonType == Service)
1656  {
1657  UserName = &((PMSV1_0_INTERACTIVE_LOGON)LocalAuthInfo)->UserName;
1658  LogonDomainName = &((PMSV1_0_INTERACTIVE_LOGON)LocalAuthInfo)->LogonDomainName;
1659  }
1660  else
1661  {
1662  FIXME("LogonType %lu is not supported yet!\n", LogonType);
1663  }
1664 
1665  Status = LsapSetLogonSessionData(&RequestMsg->LogonUser.Reply.LogonId,
1666  LogonType,
1667  UserName,
1668  LogonDomainName,
1669  TokenInfo1->User.User.Sid);
1670  if (!NT_SUCCESS(Status))
1671  {
1672  ERR("LsapSetLogonSessionData failed (Status 0x%08lx)\n", Status);
1673  goto done;
1674  }
1675 
1676  /*
1677  * Duplicate the token handle into the client process.
1678  * This must be the last step because we cannot
1679  * close the duplicated token handle in case something fails.
1680  */
1681  Status = NtDuplicateObject(NtCurrentProcess(),
1682  TokenHandle,
1683  LogonContext->ClientProcessHandle,
1684  &RequestMsg->LogonUser.Reply.Token,
1685  0,
1686  0,
1687  DUPLICATE_SAME_ACCESS | DUPLICATE_SAME_ATTRIBUTES | DUPLICATE_CLOSE_SOURCE);
1688  if (!NT_SUCCESS(Status))
1689  {
1690  ERR("NtDuplicateObject failed (Status 0x%08lx)\n", Status);
1691  goto done;
1692  }
1693 
1694 done:
1695  if (!NT_SUCCESS(Status))
1696  {
1697  /* Notify the authentification package of the failure */
1698  Package->LsaApLogonTerminated(&RequestMsg->LogonUser.Reply.LogonId);
1699 
1700  /* Delete the logon session */
1701  LsapDeleteLogonSession(&RequestMsg->LogonUser.Reply.LogonId);
1702 
1703  /* Release the profile buffer */
1704  LsapFreeClientBuffer((PLSA_CLIENT_REQUEST)LogonContext,
1705  RequestMsg->LogonUser.Reply.ProfileBuffer);
1706  RequestMsg->LogonUser.Reply.ProfileBuffer = NULL;
1707  }
1708 
1709  if (TokenHandle != NULL)
1710  NtClose(TokenHandle);
1711 
1712  /* Free the local groups */
1713  if (LocalGroups != NULL)
1714  {
1715  for (i = 0; i < LocalGroups->GroupCount; i++)
1716  {
1717  if (LocalGroups->Groups[i].Sid != NULL)
1718  RtlFreeHeap(RtlGetProcessHeap(), 0, LocalGroups->Groups[i].Sid);
1719  }
1720 
1721  RtlFreeHeap(RtlGetProcessHeap(), 0, LocalGroups);
1722  }
1723 
1724  /* Free the local authentication info buffer */
1725  if (LocalAuthInfo != NULL)
1726  RtlFreeHeap(RtlGetProcessHeap(), 0, LocalAuthInfo);
1727 
1728  /* Free the token information */
1729  if (TokenInformation != NULL)
1730  {
1731  if (TokenInformationType == LsaTokenInformationNull)
1732  {
1733  TokenInfo0 = (PLSA_TOKEN_INFORMATION_NULL)TokenInformation;
1734 
1735  if (TokenInfo0 != NULL)
1736  {
1737  if (TokenInfo0->Groups != NULL)
1738  {
1739  for (i = 0; i < TokenInfo0->Groups->GroupCount; i++)
1740  {
1741  if (TokenInfo0->Groups->Groups[i].Sid != NULL)
1742  LsapFreeHeap(TokenInfo0->Groups->Groups[i].Sid);
1743  }
1744 
1745  LsapFreeHeap(TokenInfo0->Groups);
1746  }
1747 
1748  LsapFreeHeap(TokenInfo0);
1749  }
1750  }
1751  else if (TokenInformationType == LsaTokenInformationV1)
1752  {
1753  TokenInfo1 = (PLSA_TOKEN_INFORMATION_V1)TokenInformation;
1754 
1755  if (TokenInfo1 != NULL)
1756  {
1757  if (TokenInfo1->User.User.Sid != NULL)
1758  LsapFreeHeap(TokenInfo1->User.User.Sid);
1759 
1760  if (TokenInfo1->Groups != NULL)
1761  {
1762  for (i = 0; i < TokenInfo1->Groups->GroupCount; i++)
1763  {
1764  if (TokenInfo1->Groups->Groups[i].Sid != NULL)
1765  LsapFreeHeap(TokenInfo1->Groups->Groups[i].Sid);
1766  }
1767 
1768  LsapFreeHeap(TokenInfo1->Groups);
1769  }
1770 
1771  if (TokenInfo1->PrimaryGroup.PrimaryGroup != NULL)
1772  LsapFreeHeap(TokenInfo1->PrimaryGroup.PrimaryGroup);
1773 
1774  if (TokenInfo1->Privileges != NULL)
1775  LsapFreeHeap(TokenInfo1->Privileges);
1776 
1777  if (TokenInfo1->Owner.Owner != NULL)
1778  LsapFreeHeap(TokenInfo1->Owner.Owner);
1779 
1780  if (TokenInfo1->DefaultDacl.DefaultDacl != NULL)
1781  LsapFreeHeap(TokenInfo1->DefaultDacl.DefaultDacl);
1782 
1783  LsapFreeHeap(TokenInfo1);
1784  }
1785  }
1786  else
1787  {
1788  FIXME("TokenInformationType %d is not supported!\n", TokenInformationType);
1789  }
1790  }
1791 
1792  /* Free the account name */
1793  if (AccountName != NULL)
1794  {
1795  if (AccountName->Buffer != NULL)
1796  LsapFreeHeap(AccountName->Buffer);
1797 
1798  LsapFreeHeap(AccountName);
1799  }
1800 
1801  /* Free the authentication authority */
1802  if (AuthenticatingAuthority != NULL)
1803  {
1804  if (AuthenticatingAuthority->Buffer != NULL)
1805  LsapFreeHeap(AuthenticatingAuthority->Buffer);
1806 
1807  LsapFreeHeap(AuthenticatingAuthority);
1808  }
1809 
1810  /* Free the machine name */
1811  if (MachineName != NULL)
1812  {
1813  if (MachineName->Buffer != NULL)
1814  LsapFreeHeap(MachineName->Buffer);
1815 
1816  LsapFreeHeap(MachineName);
1817  }
1818 
1819  TRACE("LsapLogonUser done (Status 0x%08lx)\n", Status);
1820 
1821  return Status;
1822 }
1823 
1824 /* EOF */
LSA_DISPATCH_TABLE::FreeClientBuffer
PLSA_FREE_CLIENT_BUFFER FreeClientBuffer
Definition: authpackage.c:63
LSA_DISPATCH_TABLE::CopyToClientBuffer
PLSA_COPY_TO_CLIENT_BUFFER CopyToClientBuffer
Definition: authpackage.c:64
_LSA_TOKEN_INFORMATION_NULL::ExpirationTime
LARGE_INTEGER ExpirationTime
Definition: authpackage.c:22
_SAMPR_PSID_ARRAY
Definition: authpackage.c:120
PCHAR
signed char * PCHAR
Definition: retypes.h:7
_TOKEN_PRIMARY_GROUP::PrimaryGroup
PSID PrimaryGroup
Definition: setypes.h:978
LsapAddDefaultGroups
static NTSTATUS LsapAddDefaultGroups(IN PVOID TokenInformation, IN LSA_TOKEN_INFORMATION_TYPE TokenInformationType, IN SECURITY_LOGON_TYPE LogonType)
Definition: authpackage.c:809
LsapLogonUser
NTSTATUS LsapLogonUser(PLSA_API_MSG RequestMsg, PLSAP_LOGON_CONTEXT LogonContext)
Definition: authpackage.c:1375
PNTSTATUS
* PNTSTATUS
Definition: strlen.c:14
_SAMPR_ULONG_ARRAY::Element
unsigned long * Element
Definition: lsasrv.h:88
LSA_DISPATCH_TABLE
Definition: authpackage.c:53
ObjectAttributes
IN PUNICODE_STRING IN POBJECT_ATTRIBUTES ObjectAttributes
Definition: conport.c:35
_LSA_TOKEN_INFORMATION_V1::Owner
TOKEN_OWNER Owner
Definition: authpackage.c:33
SAM_SERVER_CONNECT
#define SAM_SERVER_CONNECT
Definition: ntsam.h:99
_AUTH_PACKAGE::LsaApLogonTerminated
PLSA_AP_LOGON_TERMINATED LsaApLogonTerminated
Definition: authpackage.c:102
_LSA_LOOKUP_AUTHENTICATION_PACKAGE_MSG::Request
struct _LSA_LOOKUP_AUTHENTICATION_PACKAGE_MSG::@3458::@3460 Request
_AUTH_PACKAGE::LsaApLogonUserEx2
PLSA_AP_LOGON_USER_EX2 LsaApLogonUserEx2
Definition: authpackage.c:103
IN
#define IN
Definition: typedefs.h:39
DUPLICATE_CLOSE_SOURCE
#define DUPLICATE_CLOSE_SOURCE
_LSA_API_MSG::LogonUser
LSA_LOGON_USER_MSG LogonUser
Definition: lsass.h:187
_LSA_TOKEN_INFORMATION_V1::ExpirationTime
LARGE_INTEGER ExpirationTime
Definition: authpackage.c:28
DesiredAccess
_Must_inspect_result_ _In_ WDFDEVICE _In_ ULONG _In_ ACCESS_MASK DesiredAccess
Definition: wdfdevice.h:2654
_AUTH_PACKAGE::LsaApLogonUser
PLSA_AP_LOGON_USER_INTERNAL LsaApLogonUser
Definition: authpackage.c:105
GENERIC_ALL
#define GENERIC_ALL
Definition: nt_native.h:92
_TOKEN_DEFAULT_DACL
Definition: setypes.h:981
LsapAddSamGroups
static NTSTATUS LsapAddSamGroups(IN PVOID TokenInformation, IN LSA_TOKEN_INFORMATION_TYPE TokenInformationType)
Definition: authpackage.c:1015
SamrGetAliasMembership
NTSTATUS __stdcall SamrGetAliasMembership(SAMPR_HANDLE DomainHandle, PSAMPR_PSID_ARRAY SidArray, PSAMPR_ULONG_ARRAY Membership)
_LSA_LOOKUP_AUTHENTICATION_PACKAGE_MSG::Reply
struct _LSA_LOOKUP_AUTHENTICATION_PACKAGE_MSG::@3458::@3461 Reply
STATUS_INSUFFICIENT_RESOURCES
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
_SID_AND_ATTRIBUTES::Sid
PSID Sid
Definition: setypes.h:478
Length
_In_ ULONG _In_ ULONG _In_ ULONG Length
Definition: ntddpcm.h:101
_LSA_API_MSG::LookupAuthenticationPackage
LSA_LOOKUP_AUTHENTICATION_PACKAGE_MSG LookupAuthenticationPackage
Definition: lsass.h:190
RtlQueryRegistryValues
NTSYSAPI NTSTATUS WINAPI RtlQueryRegistryValues(ULONG, PCWSTR, PRTL_QUERY_REGISTRY_TABLE, PVOID, PVOID)
_TOKEN_GROUPS
Definition: setypes.h:959
_SID
Definition: ms-dtyp.idl:198
SamrOpenDomain
NTSTATUS __stdcall SamrOpenDomain(SAMPR_HANDLE ServerHandle, ACCESS_MASK DesiredAccess, PRPC_SID DomainId, SAMPR_HANDLE *DomainHandle)
DOMAIN_GET_ALIAS_MEMBERSHIP
#define DOMAIN_GET_ALIAS_MEMBERSHIP
Definition: ntsam.h:40
_ACCESS_ALLOWED_ACE
Definition: ms-dtyp.idl:215
PLSA_AP_CALL_PACKAGE_PASSTHROUGH
NTSTATUS(NTAPI * PLSA_AP_CALL_PACKAGE_PASSTHROUGH)(PLSA_CLIENT_REQUEST, PVOID, PVOID, ULONG, PVOID *, PULONG, PNTSTATUS)
Definition: authpackage.c:73
_UNICODE_STRING::MaximumLength
USHORT MaximumLength
Definition: env_spec_w32.h:370
CONST_LUID
#define CONST_LUID(x1, x2)
Definition: authpackage.c:166
_LSA_LOGON_USER_MSG::Request
struct _LSA_LOGON_USER_MSG::@3446::@3448 Request
ANYSIZE_ARRAY
#define ANYSIZE_ARRAY
Definition: typedefs.h:46
PLSAP_LOGON_CONTEXT
struct _LSAP_LOGON_CONTEXT * PLSAP_LOGON_CONTEXT
_LSA_TOKEN_INFORMATION_TYPE
_LSA_TOKEN_INFORMATION_TYPE
Definition: authpackage.c:14
LsapCreateLogonSession
NTSTATUS NTAPI LsapCreateLogonSession(IN PLUID LogonId)
Definition: session.c:159
_TOKEN_PRIVILEGES
Definition: setypes.h:968
TRUE
#define TRUE
Definition: types.h:120
_OBJECT_ATTRIBUTES
Definition: umtypes.h:181
_ACL
Definition: ms-dtyp.idl:293
_LSAP_LOGON_CONTEXT::Untrusted
BOOL Untrusted
Definition: lsasrv.h:82
PWSTR
uint16_t * PWSTR
Definition: typedefs.h:56
_LSAP_LOGON_CONTEXT
Definition: lsasrv.h:77
EqualSid
BOOL WINAPI EqualSid(PSID pSid1, PSID pSid2)
Definition: security.c:708
_TOKEN_PRIMARY_GROUP
Definition: setypes.h:977
PSAMPR_SERVER_NAME
wchar_t * PSAMPR_SERVER_NAME
Definition: authpackage.c:112
LSA_DISPATCH_TABLE::GetCredentials
PLSA_GET_CREDENTIALS GetCredentials
Definition: authpackage.c:58
Ptr
_Must_inspect_result_ _In_ PFSRTL_PER_STREAM_CONTEXT Ptr
Definition: fsrtlfuncs.h:898
PLUID
struct _LUID * PLUID
Definition: devicetopology.idl:142
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
_UNICODE_STRING::Length
USHORT Length
Definition: env_spec_w32.h:369
RtlFreeHeap
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
Definition: heap.c:606
Base
_In_opt_ ULONG Base
Definition: rtlfuncs.h:2373
LsapSetLogonSessionData
NTSTATUS LsapSetLogonSessionData(_In_ PLUID LogonId, _In_ ULONG LogonType, _In_ PUNICODE_STRING UserName, _In_ PUNICODE_STRING LogonDomain, _In_ PSID Sid)
Definition: session.c:67
LUID_AND_ATTRIBUTES
struct _LUID_AND_ATTRIBUTES LUID_AND_ATTRIBUTES
STATUS_NO_SUCH_PACKAGE
#define STATUS_NO_SUCH_PACKAGE
Definition: ntstatus.h:490
LsapFreeClientBuffer
static NTSTATUS NTAPI LsapFreeClientBuffer(IN PLSA_CLIENT_REQUEST ClientRequest, IN PVOID ClientBaseAddress)
Definition: authpackage.c:414
LsapDeleteLogonSession
NTSTATUS NTAPI LsapDeleteLogonSession(IN PLUID LogonId)
Definition: session.c:201
_SAMPR_ULONG_ARRAY
Definition: lsasrv.h:85
_LSAPR_PRIVILEGE_SET
Definition: lsa.idl:525
_TOKEN_PRIVILEGES::PrivilegeCount
$ULONG PrivilegeCount
Definition: setypes.h:969
LSA_DISPATCH_TABLE::FreeLsaHeap
PLSA_FREE_LSA_HEAP FreeLsaHeap
Definition: authpackage.c:61
LSA_DISPATCH_TABLE::AllocateLsaHeap
PLSA_ALLOCATE_LSA_HEAP AllocateLsaHeap
Definition: authpackage.c:60
LsapAddAuthPackage
static NTSTATUS NTAPI LsapAddAuthPackage(IN PWSTR ValueName, IN ULONG ValueType, IN PVOID ValueData, IN ULONG ValueLength, IN PVOID Context, IN PVOID EntryContext)
Definition: authpackage.c:177
MachineName
_In_ DWORD _Out_ PDWORD _In_opt_ PCSTR MachineName
Definition: setupapi.h:1286
_STRING::Length
unsigned short Length
Definition: sprintf.c:451
_LSAP_LOGON_CONTEXT::ClientProcessHandle
HANDLE ClientProcessHandle
Definition: lsasrv.h:80
LsapCallAuthenticationPackage
NTSTATUS LsapCallAuthenticationPackage(PLSA_API_MSG RequestMsg, PLSAP_LOGON_CONTEXT LogonContext)
Definition: authpackage.c:545
_LSA_CALL_AUTHENTICATION_PACKAGE_MSG::Request
struct _LSA_CALL_AUTHENTICATION_PACKAGE_MSG::@3450::@3452 Request
LsaIFree_LSAPR_PRIVILEGE_SET
VOID NTAPI LsaIFree_LSAPR_PRIVILEGE_SET(IN PLSAPR_PRIVILEGE_SET Ptr)
Definition: lsasrv.c:181
LSA_TOKEN_INFORMATION_V1
struct _LSA_TOKEN_INFORMATION_V1 LSA_TOKEN_INFORMATION_V1
BuiltinDomainSid
PSID BuiltinDomainSid
Definition: globals.c:16
RTL_REGISTRY_CONTROL
#define RTL_REGISTRY_CONTROL
Definition: nt_native.h:163
LsarEnumeratePrivilegesAccount
NTSTATUS WINAPI LsarEnumeratePrivilegesAccount(LSAPR_HANDLE AccountHandle, PLSAPR_PRIVILEGE_SET *Privileges)
Definition: lsarpc.c:1504
InsertTailList
#define InsertTailList(ListHead, Entry)
Definition: env_spec_w32.h:1003
RtlAddAccessAllowedAce
NTSYSAPI NTSTATUS WINAPI RtlAddAccessAllowedAce(PACL, DWORD, DWORD, PSID)
LocalGroups
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS LocalGroups
Definition: ntifs.template.h:711
_AUTH_PACKAGE::ModuleHandle
PVOID ModuleHandle
Definition: authpackage.c:96
_AUTH_PACKAGE
Definition: authpackage.c:91
Groups
TOpcodeData Groups[17][8]
Definition: disassemblerdata.h:895
ValueType
_Must_inspect_result_ _In_ WDFKEY _In_ PCUNICODE_STRING _In_ ULONG _Out_opt_ PULONG _Out_opt_ PULONG ValueType
Definition: wdfregistry.h:279
MEM_COMMIT
#define MEM_COMMIT
Definition: nt_native.h:1313
_LSA_TOKEN_INFORMATION_NULL
Definition: authpackage.c:20
LsapSetTokenOwner
static NTSTATUS LsapSetTokenOwner(IN PVOID TokenInformation, IN LSA_TOKEN_INFORMATION_TYPE TokenInformationType)
Definition: authpackage.c:1150
_SAMPR_SID_INFORMATION::SidPointer
PRPC_SID SidPointer
Definition: authpackage.c:117
PLSA_TOKEN_INFORMATION_V1
struct _LSA_TOKEN_INFORMATION_V1 * PLSA_TOKEN_INFORMATION_V1
_LUID_AND_ATTRIBUTES::Attributes
$ULONG Attributes
Definition: setypes.h:75
_AUTH_PACKAGE::LsaApLogonUserEx
PLSA_AP_LOGON_USER_EX LsaApLogonUserEx
Definition: authpackage.c:104
_SECURITY_QUALITY_OF_SERVICE::ContextTrackingMode
SECURITY_CONTEXT_TRACKING_MODE ContextTrackingMode
Definition: lsa.idl:66
LsapCopyLocalGroups
static NTSTATUS LsapCopyLocalGroups(IN PLSAP_LOGON_CONTEXT LogonContext, IN PTOKEN_GROUPS ClientGroups, IN ULONG ClientGroupsCount, OUT PTOKEN_GROUPS *TokenGroups)
Definition: authpackage.c:618
Id
DWORD Id
Definition: CLayerUIPropPage.cpp:47
RtlCreateAcl
NTSYSAPI NTSTATUS NTAPI RtlCreateAcl(PACL Acl, ULONG AclSize, ULONG AclRevision)
RtlInitAnsiString
NTSYSAPI VOID NTAPI RtlInitAnsiString(PANSI_STRING DestinationString, PCSZ SourceString)
PLSA_AP_LOGON_USER_INTERNAL
NTSTATUS(NTAPI * PLSA_AP_LOGON_USER_INTERNAL)(PLSA_CLIENT_REQUEST, SECURITY_LOGON_TYPE, PVOID, PVOID, ULONG, PVOID *, PULONG, PLUID, PNTSTATUS, PLSA_TOKEN_INFORMATION_TYPE, PVOID *, PUNICODE_STRING *, PUNICODE_STRING *)
Definition: authpackage.c:87
PackageListHead
static LIST_ENTRY PackageListHead
Definition: authpackage.c:162
ACCOUNT_VIEW
#define ACCOUNT_VIEW
Definition: ntlsa.h:28
LsapWorldSid
PSID LsapWorldSid
Definition: lookup.c:78
SamIConnect
NTSTATUS NTAPI SamIConnect(PSAMPR_SERVER_NAME ServerName, SAMPR_HANDLE *ServerHandle, ACCESS_MASK DesiredAccess, BOOLEAN Trusted)
STATUS_NOT_IMPLEMENTED
return STATUS_NOT_IMPLEMENTED
Definition: fxdriverapium.cpp:241
PMSV1_0_INTERACTIVE_LOGON
struct _MSV1_0_INTERACTIVE_LOGON * PMSV1_0_INTERACTIVE_LOGON
LsapAddLocalGroups
static NTSTATUS LsapAddLocalGroups(IN PVOID TokenInformation, IN LSA_TOKEN_INFORMATION_TYPE TokenInformationType, IN PTOKEN_GROUPS LocalGroups)
Definition: authpackage.c:726
SE_PRIVILEGE_ENABLED
#define SE_PRIVILEGE_ENABLED
Definition: setypes.h:63
LsapAllocateHeapZero
PVOID NTAPI LsapAllocateHeapZero(IN ULONG Length)
Definition: authpackage.c:373
LsapGetCredentials
NTSTATUS NTAPI LsapGetCredentials(_In_ PLUID LogonId, _In_ ULONG AuthenticationPackage, _Inout_ PULONG QueryContext, _In_ BOOLEAN RetrieveAllCredentials, _Inout_ PLSA_STRING PrimaryKeyValue, _Out_ PULONG PrimaryKeyLength, _Out_ PLSA_STRING Credentials)
Definition: session.c:269
_STRING::Buffer
void * Buffer
Definition: sprintf.c:453
DUPLICATE_SAME_ACCESS
#define DUPLICATE_SAME_ACCESS
NTAPI
NTSTATUS(* NTAPI)(IN PFILE_FULL_EA_INFORMATION EaBuffer, IN ULONG EaLength, OUT PULONG ErrorOffset)
Definition: IoEaTest.cpp:117
SE_GROUP_OWNER
#define SE_GROUP_OWNER
Definition: setypes.h:93
FALSE
#define FALSE
Definition: types.h:117
PLSA_DISPATCH_TABLE
struct LSA_DISPATCH_TABLE * PLSA_DISPATCH_TABLE
_AUTH_PACKAGE::LsaApCallPackagePassthrough
PLSA_AP_CALL_PACKAGE_PASSTHROUGH LsaApCallPackagePassthrough
Definition: authpackage.c:100
PLSA_ALLOCATE_LSA_HEAP
PVOID(NTAPI * PLSA_ALLOCATE_LSA_HEAP)(ULONG)
Definition: authpackage.c:44
_LUID
Definition: devicetopology.idl:136
RtlEqualLuid
#define RtlEqualLuid(Luid1, Luid2)
Definition: rtlfuncs.h:301
_UNICODE_STRING::Buffer
PWSTR Buffer
Definition: env_spec_w32.h:371
LSA_DISPATCH_TABLE::CreateLogonSession
PLSA_CREATE_LOGON_SESSION CreateLogonSession
Definition: authpackage.c:55
FIXME
#define FIXME(fmt,...)
Definition: debug.h:111
LSA_DISPATCH_TABLE
struct LSA_DISPATCH_TABLE LSA_DISPATCH_TABLE
SE_CREATE_GLOBAL_PRIVILEGE
#define SE_CREATE_GLOBAL_PRIVILEGE
Definition: security.c:684
LdrGetProcedureAddress
NTSTATUS NTAPI LdrGetProcedureAddress(IN PVOID BaseAddress, IN PANSI_STRING Name, IN ULONG Ordinal, OUT PVOID *ProcedureAddress)
Definition: ldrapi.c:823
BOOLEAN
unsigned char BOOLEAN
Definition: ProcessorBind.h:185
_LSA_API_MSG
Definition: lsass.h:175
EntryContext
_In_ PCWSTR _Inout_ _At_ QueryTable EntryContext
Definition: rtlfuncs.h:4142
TOKEN_PRIVILEGES
struct _TOKEN_PRIVILEGES TOKEN_PRIVILEGES
ACL
struct _ACL ACL
LsapAllocateHeap
PVOID NTAPI LsapAllocateHeap(IN ULONG Length)
Definition: authpackage.c:365
SE_GROUP_ENABLED_BY_DEFAULT
#define SE_GROUP_ENABLED_BY_DEFAULT
Definition: setypes.h:91
PLSA_TOKEN_INFORMATION_TYPE
enum _LSA_TOKEN_INFORMATION_TYPE * PLSA_TOKEN_INFORMATION_TYPE
SAM_SERVER_LOOKUP_DOMAIN
#define SAM_SERVER_LOOKUP_DOMAIN
Definition: ntsam.h:104
Sid
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1103
_TOKEN_OWNER::Owner
PSID Owner
Definition: setypes.h:974
TokenHandle
_In_ ACCESS_MASK _In_ ULONG _Out_ PHANDLE TokenHandle
Definition: psfuncs.h:715
RtlLengthSid
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
Definition: sid.c:150
_LSA_TOKEN_INFORMATION_V1::Groups
PTOKEN_GROUPS Groups
Definition: authpackage.c:30
PVOID
void * PVOID
Definition: retypes.h:9
SAMPR_SID_INFORMATION
struct _SAMPR_SID_INFORMATION SAMPR_SID_INFORMATION
_SAMPR_ULONG_ARRAY::Count
unsigned long Count
Definition: lsasrv.h:87
LsarOpenAccount
NTSTATUS WINAPI LsarOpenAccount(LSAPR_HANDLE PolicyHandle, PRPC_SID AccountSid, ACCESS_MASK DesiredAccess, LSAPR_HANDLE *AccountHandle)
Definition: lsarpc.c:1465
_AUTH_PACKAGE::Id
ULONG Id
Definition: authpackage.c:95
CONTAINING_RECORD
PFLT_MESSAGE_WAITER_QUEUE CONTAINING_RECORD(Csq, DEVICE_EXTENSION, IrpQueue)) -> WaiterQ.mLock) _IRQL_raises_(DISPATCH_LEVEL) VOID NTAPI FltpAcquireMessageWaiterLock(_In_ PIO_CSQ Csq, _Out_ PKIRQL Irql)
Definition: Messaging.c:560
LsapBatchSid
PSID LsapBatchSid
Definition: lookup.c:80
_AUTH_PACKAGE::Entry
LIST_ENTRY Entry
Definition: authpackage.c:93
OBJECT_ATTRIBUTES
struct _OBJECT_ATTRIBUTES OBJECT_ATTRIBUTES
PLSA_COPY_TO_CLIENT_BUFFER
NTSTATUS(NTAPI * PLSA_COPY_TO_CLIENT_BUFFER)(PLSA_CLIENT_REQUEST, ULONG, PVOID, PVOID)
Definition: authpackage.c:48
NtCurrentProcess
#define NtCurrentProcess()
Definition: nt_native.h:1657
j
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint GLint GLint j
Definition: glfuncs.h:250
PLSA_AP_INITIALIZE_PACKAGE
NTSTATUS(NTAPI * PLSA_AP_INITIALIZE_PACKAGE)(ULONG, PLSA_DISPATCH_TABLE, PLSA_STRING, PLSA_STRING, PLSA_STRING *)
Definition: authpackage.c:69
LsapFreeHeap
VOID NTAPI LsapFreeHeap(IN PVOID Base)
Definition: authpackage.c:381
RtlAllocateHeap
PVOID NTAPI RtlAllocateHeap(IN PVOID HeapHandle, IN ULONG Flags, IN SIZE_T Size)
Definition: heap.c:588
_LSA_TOKEN_INFORMATION_V1::User
TOKEN_USER User
Definition: authpackage.c:29
LsapInitAuthPackages
NTSTATUS LsapInitAuthPackages(VOID)
Definition: authpackage.c:474
_TOKEN_OWNER
Definition: setypes.h:973
Status
Status
Definition: gdiplustypes.h:24
SE_CHANGE_NOTIFY_PRIVILEGE
#define SE_CHANGE_NOTIFY_PRIVILEGE
Definition: security.c:677
LsapAddCredential
NTSTATUS NTAPI LsapAddCredential(_In_ PLUID LogonId, _In_ ULONG AuthenticationPackage, _In_ PLSA_STRING PrimaryKeyValue, _In_ PLSA_STRING Credential)
Definition: session.c:256
_LIST_ENTRY::Flink
struct _LIST_ENTRY * Flink
Definition: typedefs.h:121
SE_PRIVILEGE_ENABLED_BY_DEFAULT
#define SE_PRIVILEGE_ENABLED_BY_DEFAULT
Definition: setypes.h:62
LSA_DISPATCH_TABLE::DeleteCredential
PLSA_DELETE_CREDENTIAL DeleteCredential
Definition: authpackage.c:59
LsapAppendSidToGroups
static NTSTATUS LsapAppendSidToGroups(IN PTOKEN_GROUPS *TokenGroups, IN PSID DomainSid, IN ULONG RelativeId)
Definition: authpackage.c:932
_LSA_TOKEN_INFORMATION_V1::PrimaryGroup
TOKEN_PRIMARY_GROUP PrimaryGroup
Definition: authpackage.c:31
TRACE
#define TRACE(s)
Definition: solgame.cpp:4
PLSA_CREATE_LOGON_SESSION
NTSTATUS(NTAPI * PLSA_CREATE_LOGON_SESSION)(PLUID)
Definition: authpackage.c:39
LsapCopyFromClientBuffer
static NTSTATUS NTAPI LsapCopyFromClientBuffer(IN PLSA_CLIENT_REQUEST ClientRequest, IN ULONG Length, IN PVOID BufferToCopy, IN PVOID ClientBaseAddress)
Definition: authpackage.c:456
PLSA_TOKEN_INFORMATION_NULL
struct _LSA_TOKEN_INFORMATION_NULL * PLSA_TOKEN_INFORMATION_NULL
LsapAdministratorsSid
PSID LsapAdministratorsSid
Definition: lookup.c:84
_LSA_TOKEN_INFORMATION_NULL::Groups
PTOKEN_GROUPS Groups
Definition: authpackage.c:23
LsapAddTokenDefaultDacl
static NTSTATUS LsapAddTokenDefaultDacl(IN PVOID TokenInformation, IN LSA_TOKEN_INFORMATION_TYPE TokenInformationType)
Definition: authpackage.c:1192
_RTL_QUERY_REGISTRY_TABLE
Definition: nt_native.h:108
LsapInteractiveSid
PSID LsapInteractiveSid
Definition: lookup.c:81
WCHAR
__wchar_t WCHAR
Definition: xmlstorage.h:180
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
SE_GROUP_ENABLED
#define SE_GROUP_ENABLED
Definition: setypes.h:92
PLSA_CLIENT_REQUEST
PVOID PLSA_CLIENT_REQUEST
Definition: authpackage.c:37
_AUTH_PACKAGE::LsaApCallPackageUntrusted
PLSA_AP_CALL_PACKAGE_UNTRUSTED LsaApCallPackageUntrusted
Definition: authpackage.c:101
_SID_AND_ATTRIBUTES
Definition: setypes.h:474
SID_AND_ATTRIBUTES
struct _SID_AND_ATTRIBUTES SID_AND_ATTRIBUTES
_SAMPR_SID_INFORMATION
Definition: authpackage.c:115
PLSA_AP_CALL_PACKAGE_UNTRUSTED
NTSTATUS(NTAPI * PLSA_AP_CALL_PACKAGE_UNTRUSTED)(PLSA_CLIENT_REQUEST, PVOID, PVOID, ULONG, PVOID *, PULONG, PNTSTATUS)
Definition: authpackage.c:75
SAMPR_PSID_ARRAY
struct _SAMPR_PSID_ARRAY SAMPR_PSID_ARRAY
ValueData
_In_ GUID _In_ PVOID ValueData
Definition: hubbusif.h:311
TOKEN_ALL_ACCESS
#define TOKEN_ALL_ACCESS
Definition: setypes.h:892
_SAMPR_PSID_ARRAY::Sids
PSAMPR_SID_INFORMATION Sids
Definition: authpackage.c:123
PLSA_ALLOCATE_CLIENT_BUFFER
NTSTATUS(NTAPI * PLSA_ALLOCATE_CLIENT_BUFFER)(PLSA_CLIENT_REQUEST, ULONG, PVOID *)
Definition: authpackage.c:46
_strnicmp
#define _strnicmp(_String1, _String2, _MaxCount)
Definition: compat.h:23
__stdcall
#define __stdcall
Definition: typedefs.h:25
SeChangeNotifyPrivilege
static const LUID SeChangeNotifyPrivilege
Definition: authpackage.c:167
Privilege
BOOL Privilege(LPTSTR pszPrivilege, BOOL bEnable)
Definition: user_lib.cpp:531
_SECURITY_QUALITY_OF_SERVICE
Definition: lsa.idl:63
LsapAddPrivilegeToTokenPrivileges
static NTSTATUS LsapAddPrivilegeToTokenPrivileges(PTOKEN_PRIVILEGES *TokenPrivileges, PLSAPR_LUID_AND_ATTRIBUTES Privilege)
Definition: authpackage.c:1238
SE_GROUP_MANDATORY
#define SE_GROUP_MANDATORY
Definition: setypes.h:90
NtReadVirtualMemory
NTSTATUS NTAPI NtReadVirtualMemory(IN HANDLE ProcessHandle, IN PVOID BaseAddress, OUT PVOID Buffer, IN SIZE_T NumberOfBytesToRead, OUT PSIZE_T NumberOfBytesRead OPTIONAL)
Definition: virtual.c:2731
Privileges
_In_ PSECURITY_SUBJECT_CONTEXT _In_ BOOLEAN _In_ ACCESS_MASK _In_ ACCESS_MASK _Outptr_opt_ PPRIVILEGE_SET * Privileges
Definition: sefuncs.h:13
NtClose
NTSTATUS NTAPI NtClose(IN HANDLE Handle)
Definition: obhandle.c:3399
LSA_DISPATCH_TABLE::DeleteLogonSession
PLSA_DELETE_LOGON_SESSION DeleteLogonSession
Definition: authpackage.c:56
SeCreateGlobalPrivilege
static const LUID SeCreateGlobalPrivilege
Definition: authpackage.c:168
LsarClose
NTSTATUS WINAPI LsarClose(LSAPR_HANDLE *ObjectHandle)
Definition: lsarpc.c:125
STRING
std::wstring STRING
Definition: fontsub.cpp:33
_TOKEN_USER
Definition: setypes.h:955
ValueName
_Must_inspect_result_ _In_ WDFKEY _In_ PCUNICODE_STRING ValueName
Definition: wdfregistry.h:240
LSA_DISPATCH_TABLE::CopyFromClientBuffer
PLSA_COPY_FROM_CLIENT_BUFFER CopyFromClientBuffer
Definition: authpackage.c:65
LsapServiceSid
PSID LsapServiceSid
Definition: lookup.c:82
Dacl
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL Dacl
Definition: rtlfuncs.h:1552
_LSA_LOGON_USER_MSG::Reply
struct _LSA_LOGON_USER_MSG::@3446::@3449 Reply
PLSA_AP_LOGON_USER_EX2
NTSTATUS(NTAPI * PLSA_AP_LOGON_USER_EX2)(PLSA_CLIENT_REQUEST, SECURITY_LOGON_TYPE, PVOID, PVOID, ULONG, PVOID *, PULONG, PLUID, PNTSTATUS, PLSA_TOKEN_INFORMATION_TYPE, PVOID *, PUNICODE_STRING *, PUNICODE_STRING *, PUNICODE_STRING *, PVOID, PVOID)
Definition: authpackage.c:78
SECURITY_DYNAMIC_TRACKING
#define SECURITY_DYNAMIC_TRACKING
Definition: setypes.h:103
PLSA_AP_LOGON_USER_EX
NTSTATUS(NTAPI * PLSA_AP_LOGON_USER_EX)(PLSA_CLIENT_REQUEST, SECURITY_LOGON_TYPE, PVOID, PVOID, ULONG, PVOID *, PULONG, PLUID, PNTSTATUS, PLSA_TOKEN_INFORMATION_TYPE, PVOID *, PUNICODE_STRING *, PUNICODE_STRING *, PUNICODE_STRING *)
Definition: authpackage.c:82
L
static const WCHAR L[]
Definition: oid.c:1250
PLSA_FREE_CLIENT_BUFFER
NTSTATUS(NTAPI * PLSA_FREE_CLIENT_BUFFER)(PLSA_CLIENT_REQUEST, PVOID)
Definition: authpackage.c:47
NtCreateToken
__kernel_entry NTSTATUS NTAPI NtCreateToken(_Out_ PHANDLE TokenHandle, _In_ ACCESS_MASK DesiredAccess, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ TOKEN_TYPE TokenType, _In_ PLUID AuthenticationId, _In_ PLARGE_INTEGER ExpirationTime, _In_ PTOKEN_USER TokenUser, _In_ PTOKEN_GROUPS TokenGroups, _In_ PTOKEN_PRIVILEGES TokenPrivileges, _In_opt_ PTOKEN_OWNER TokenOwner, _In_ PTOKEN_PRIMARY_GROUP TokenPrimaryGroup, _In_opt_ PTOKEN_DEFAULT_DACL TokenDefaultDacl, _In_ PTOKEN_SOURCE TokenSource)
Definition: token.c:3415
NTSTATUS
#define NTSTATUS
Definition: precomp.h:20
VOID
#define VOID
Definition: acefi.h:82
LdrLoadDll
NTSTATUS NTAPI DECLSPEC_HOTPATCH LdrLoadDll(IN PWSTR SearchPath OPTIONAL, IN PULONG DllCharacteristics OPTIONAL, IN PUNICODE_STRING DllName, OUT PVOID *BaseAddress)
Definition: ldrapi.c:310
_LIST_ENTRY
Definition: typedefs.h:119
_TOKEN_DEFAULT_DACL::DefaultDacl
PACL DefaultDacl
Definition: setypes.h:982
LSA_DISPATCH_TABLE::AddCredential
PLSA_ADD_CREDENTIAL AddCredential
Definition: authpackage.c:57
PLSA_GET_CREDENTIALS
NTSTATUS(NTAPI * PLSA_GET_CREDENTIALS)(PLUID, ULONG, PULONG, BOOLEAN, PLSA_STRING, PULONG, PLSA_STRING)
Definition: authpackage.c:42
TOKEN_GROUPS
struct _TOKEN_GROUPS TOKEN_GROUPS
LSA_TOKEN_INFORMATION_TYPE
enum _LSA_TOKEN_INFORMATION_TYPE LSA_TOKEN_INFORMATION_TYPE
_LSA_CALL_AUTHENTICATION_PACKAGE_MSG::Reply
struct _LSA_CALL_AUTHENTICATION_PACKAGE_MSG::@3450::@3453 Reply
_SECURITY_QUALITY_OF_SERVICE::Length
DWORD Length
Definition: lsa.idl:64
PAUTH_PACKAGE
struct _AUTH_PACKAGE * PAUTH_PACKAGE
ERR
#define ERR(fmt,...)
Definition: debug.h:110
_LSA_API_MSG::CallAuthenticationPackage
LSA_CALL_AUTHENTICATION_PACKAGE_MSG CallAuthenticationPackage
Definition: lsass.h:188
_LSA_TOKEN_INFORMATION_V1::Privileges
PTOKEN_PRIVILEGES Privileges
Definition: authpackage.c:32
LsapLookupAuthenticationPackage
NTSTATUS LsapLookupAuthenticationPackage(PLSA_API_MSG RequestMsg, PLSAP_LOGON_CONTEXT LogonContext)
Definition: authpackage.c:510
_SAMPR_PSID_ARRAY::Count
unsigned long Count
Definition: authpackage.c:122
SIZE_T
ULONG_PTR SIZE_T
Definition: typedefs.h:80
_LSAPR_LUID_AND_ATTRIBUTES
Definition: lsa.idl:520
SE_IMPERSONATE_PRIVILEGE
#define SE_IMPERSONATE_PRIVILEGE
Definition: security.c:683
PLSA_AP_CALL_PACKAGE_INTERNAL
NTSTATUS(NTAPI * PLSA_AP_CALL_PACKAGE_INTERNAL)(PLSA_CLIENT_REQUEST, PVOID, PVOID, ULONG, PVOID *, PULONG, PNTSTATUS)
Definition: authpackage.c:71
_UNICODE_STRING
Definition: env_spec_w32.h:368
_RPC_SID
Definition: msv1_0.h:12
LdrUnloadDll
NTSTATUS NTAPI LdrUnloadDll(IN PVOID BaseAddress)
Definition: ldrapi.c:1322
SamIFree_SAMPR_ULONG_ARRAY
VOID NTAPI SamIFree_SAMPR_ULONG_ARRAY(PSAMPR_ULONG_ARRAY Ptr)
Definition: samsrv.c:520
NtAllocateVirtualMemory
NTSTATUS NTAPI NtAllocateVirtualMemory(IN HANDLE ProcessHandle, IN OUT PVOID *UBaseAddress, IN ULONG_PTR ZeroBits, IN OUT PSIZE_T URegionSize, IN ULONG AllocationType, IN ULONG Protect)
Definition: virtual.c:4407
LSA_DISPATCH_TABLE::AllocateClientBuffer
PLSA_ALLOCATE_CLIENT_BUFFER AllocateClientBuffer
Definition: authpackage.c:62
_AUTH_PACKAGE::LsaApInitializePackage
PLSA_AP_INITIALIZE_PACKAGE LsaApInitializePackage
Definition: authpackage.c:98
LsapNetworkSid
PSID LsapNetworkSid
Definition: lookup.c:79
LSA_TOKEN_INFORMATION_NULL
struct _LSA_TOKEN_INFORMATION_NULL LSA_TOKEN_INFORMATION_NULL
i
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
PLSA_AP_LOGON_TERMINATED
VOID(NTAPI * PLSA_AP_LOGON_TERMINATED)(PLUID)
Definition: authpackage.c:77
USHORT
unsigned short USHORT
Definition: pedump.c:61
LogonType
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE LogonType
Definition: ntifs.template.h:707
PSAMPR_PSID_ARRAY
struct _SAMPR_PSID_ARRAY * PSAMPR_PSID_ARRAY
_SID_AND_ATTRIBUTES::Attributes
$ULONG Attributes
Definition: setypes.h:480
InitializeListHead
#define InitializeListHead(ListHead)
Definition: env_spec_w32.h:944
PLSA_ADD_CREDENTIAL
NTSTATUS(NTAPI * PLSA_ADD_CREDENTIAL)(PLUID, ULONG, PLSA_STRING, PLSA_STRING)
Definition: authpackage.c:41
DUPLICATE_SAME_ATTRIBUTES
#define DUPLICATE_SAME_ATTRIBUTES
Definition: obtypes.h:153
SECURITY_LOGON_TYPE
enum _SECURITY_LOGON_TYPE SECURITY_LOGON_TYPE
LsapSetPrivileges
static NTSTATUS LsapSetPrivileges(IN PVOID TokenInformation, IN LSA_TOKEN_INFORMATION_TYPE TokenInformationType)
Definition: authpackage.c:1297
_TOKEN_GROUPS::Groups
SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY]
Definition: setypes.h:964
DispatchTable
static LSA_DISPATCH_TABLE DispatchTable
Definition: authpackage.c:164
SECURITY_STATIC_TRACKING
#define SECURITY_STATIC_TRACKING
Definition: setypes.h:104
_AUTH_PACKAGE::LsaApCallPackage
PLSA_AP_CALL_PACKAGE_INTERNAL LsaApCallPackage
Definition: authpackage.c:99
SamrCloseHandle
NTSTATUS __stdcall SamrCloseHandle(SAMPR_HANDLE *SamHandle)
_LSA_TOKEN_INFORMATION_V1::DefaultDacl
TOKEN_DEFAULT_DACL DefaultDacl
Definition: authpackage.c:34
SECURITY_QUALITY_OF_SERVICE
struct _SECURITY_QUALITY_OF_SERVICE SECURITY_QUALITY_OF_SERVICE
_SECURITY_QUALITY_OF_SERVICE::ImpersonationLevel
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel
Definition: lsa.idl:65
PULONG
unsigned int * PULONG
Definition: retypes.h:1
PLSA_FREE_LSA_HEAP
VOID(NTAPI * PLSA_FREE_LSA_HEAP)(PVOID)
Definition: authpackage.c:45
NULL
#define NULL
Definition: types.h:112
PLSA_STRING
struct _LSA_STRING * PLSA_STRING
LsarOpenPolicy
NTSTATUS WINAPI LsarOpenPolicy(LPWSTR SystemName, PLSAPR_OBJECT_ATTRIBUTES ObjectAttributes, ACCESS_MASK DesiredAccess, LSAPR_HANDLE *PolicyHandle)
Definition: lsarpc.c:495
HEAP_ZERO_MEMORY
#define HEAP_ZERO_MEMORY
Definition: compat.h:134
PLSA_DELETE_LOGON_SESSION
NTSTATUS(NTAPI * PLSA_DELETE_LOGON_SESSION)(PLUID)
Definition: authpackage.c:40
_TOKEN_PRIVILEGES::Privileges
LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY]
Definition: setypes.h:970
_LARGE_INTEGER
Definition: typedefs.h:102
LsapCopyToClientBuffer
static NTSTATUS NTAPI LsapCopyToClientBuffer(IN PLSA_CLIENT_REQUEST ClientRequest, IN ULONG Length, IN PVOID ClientBaseAddress, IN PVOID BufferToCopy)
Definition: authpackage.c:436
LsapAppendRidToSid
PSID LsapAppendRidToSid(PSID SrcSid, ULONG Rid)
Definition: utils.c:152
ACL_REVISION
#define ACL_REVISION
Definition: setypes.h:39
_SECURITY_QUALITY_OF_SERVICE::EffectiveOnly
BOOLEAN EffectiveOnly
Definition: lsa.idl:67
MEM_RELEASE
#define MEM_RELEASE
Definition: nt_native.h:1316
LsapGetAuthenticationPackage
static PAUTH_PACKAGE LsapGetAuthenticationPackage(IN ULONG PackageId)
Definition: authpackage.c:341
_TOKEN_GROUPS::GroupCount
$ULONG GroupCount
Definition: setypes.h:960
PLSA_DELETE_CREDENTIAL
NTSTATUS(NTAPI * PLSA_DELETE_CREDENTIAL)(PLUID, ULONG, PLSA_STRING)
Definition: authpackage.c:43
BOOLEAN
#define BOOLEAN
Definition: pedump.c:73
NtDuplicateObject
NTSTATUS NTAPI NtDuplicateObject(IN HANDLE SourceProcessHandle, IN HANDLE SourceHandle, IN HANDLE TargetProcessHandle OPTIONAL, OUT PHANDLE TargetHandle OPTIONAL, IN ACCESS_MASK DesiredAccess, IN ULONG HandleAttributes, IN ULONG Options)
Definition: obhandle.c:3407
OUT
#define OUT
Definition: typedefs.h:40
LsapDeleteCredential
NTSTATUS NTAPI LsapDeleteCredential(_In_ PLUID LogonId, _In_ ULONG AuthenticationPackage, _In_ PLSA_STRING PrimaryKeyValue)
Definition: session.c:285
ULONG
unsigned int ULONG
Definition: retypes.h:1
_TOKEN_USER::User
SID_AND_ATTRIBUTES User
Definition: setypes.h:956
AccountDomainSid
PSID AccountDomainSid
Definition: database.c:22
RtlCopyMemory
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
AUTH_PACKAGE
struct _AUTH_PACKAGE AUTH_PACKAGE
_LSA_TOKEN_INFORMATION_V1
Definition: authpackage.c:26
_LUID_AND_ATTRIBUTES::Luid
LUID Luid
Definition: setypes.h:74
STATUS_SUCCESS
#define STATUS_SUCCESS
Definition: shellext.h:65
_LSA_STRING
Definition: ntsecapi.h:171
REG_NONE
#define REG_NONE
Definition: nt_native.h:1492
NtWriteVirtualMemory
NTSTATUS NTAPI NtWriteVirtualMemory(IN HANDLE ProcessHandle, IN PVOID BaseAddress, IN PVOID Buffer, IN SIZE_T NumberOfBytesToWrite, OUT PSIZE_T NumberOfBytesWritten OPTIONAL)
Definition: virtual.c:2845
DispatchTable
_In_ PWDFDEVICE_INIT _In_ PWDF_PDO_EVENT_CALLBACKS DispatchTable
Definition: wdfpdo.h:245
PLSA_COPY_FROM_CLIENT_BUFFER
NTSTATUS(NTAPI * PLSA_COPY_FROM_CLIENT_BUFFER)(PLSA_CLIENT_REQUEST, ULONG, PVOID, PVOID)
Definition: authpackage.c:50
PackageId
static ULONG PackageId
Definition: authpackage.c:163
ACCESS_MASK
ULONG ACCESS_MASK
Definition: nt_native.h:40
_STRING
Definition: sprintf.c:449
Entry
base of all file and directory entries
Definition: entries.h:82
_AUTH_PACKAGE::Name
PSTRING Name
Definition: authpackage.c:94
RtlEqualSid
NTSYSAPI BOOLEAN NTAPI RtlEqualSid(_In_ PSID Sid1, _In_ PSID Sid2)
PSAMPR_SID_INFORMATION
struct _SAMPR_SID_INFORMATION * PSAMPR_SID_INFORMATION
RtlLengthRequiredSid
NTSYSAPI ULONG NTAPI RtlLengthRequiredSid(IN ULONG SubAuthorityCount)
Definition: sid.c:54
PAGE_READWRITE
#define PAGE_READWRITE
Definition: nt_native.h:1304
SAMPR_HANDLE
void * SAMPR_HANDLE
Definition: authpackage.c:113
SeImpersonatePrivilege
static const LUID SeImpersonatePrivilege
Definition: authpackage.c:169
NtFreeVirtualMemory
NTSTATUS NTAPI NtFreeVirtualMemory(IN HANDLE ProcessHandle, IN PVOID *UBaseAddress, IN PSIZE_T URegionSize, IN ULONG FreeType)
Definition: virtual.c:5130
ValueLength
_Must_inspect_result_ _In_ WDFKEY _In_ PCUNICODE_STRING _In_ ULONG ValueLength
Definition: wdfregistry.h:271
LsapAllocateClientBuffer
static NTSTATUS NTAPI LsapAllocateClientBuffer(IN PLSA_CLIENT_REQUEST ClientRequest, IN ULONG LengthRequired, OUT PVOID *ClientBaseAddress)
Definition: authpackage.c:390
LsapLocalSystemSid
PSID LsapLocalSystemSid
Definition: lookup.c:83