ReactOS  0.4.14-dev-833-g5f692ed
msv1_0.c File Reference
#include "msv1_0.h"
Include dependency graph for msv1_0.c:

Go to the source code of this file.

Functions

 WINE_DEFAULT_DEBUG_CHANNEL (msv1_0)
 
static NTSTATUS GetAccountDomainSid (PRPC_SID *Sid)
 
static NTSTATUS GetNtAuthorityDomainSid (PRPC_SID *Sid)
 
static NTSTATUS BuildInteractiveProfileBuffer (IN PLSA_CLIENT_REQUEST ClientRequest, IN PSAMPR_USER_INFO_BUFFER UserInfo, IN PWSTR ComputerName, OUT PMSV1_0_INTERACTIVE_PROFILE *ProfileBuffer, OUT PULONG ProfileBufferLength)
 
static PSID AppendRidToSid (PSID SrcSid, ULONG Rid)
 
static NTSTATUS BuildTokenUser (OUT PTOKEN_USER User, IN PSID AccountDomainSid, IN ULONG RelativeId)
 
static NTSTATUS BuildTokenPrimaryGroup (OUT PTOKEN_PRIMARY_GROUP PrimaryGroup, IN PSID AccountDomainSid, IN ULONG RelativeId)
 
static NTSTATUS BuildTokenGroups (OUT PTOKEN_GROUPS *Groups, IN PSID AccountDomainSid, IN ULONG RelativeId, IN BOOL SpecialAccount)
 
static NTSTATUS BuildTokenInformationBuffer (PLSA_TOKEN_INFORMATION_V1 *TokenInformation, PRPC_SID AccountDomainSid, PSAMPR_USER_INFO_BUFFER UserInfo, BOOL SpecialAccount)
 
static NTSTATUS MsvpChangePassword (IN PLSA_CLIENT_REQUEST ClientRequest, IN PVOID ProtocolSubmitBuffer, IN PVOID ClientBufferBase, IN ULONG SubmitBufferLength, OUT PVOID *ProtocolReturnBuffer, OUT PULONG ReturnBufferLength, OUT PNTSTATUS ProtocolStatus)
 
static NTSTATUS MsvpCheckPassword (PUNICODE_STRING UserPassword, PSAMPR_USER_INFO_BUFFER UserInfo)
 
static BOOL MsvpCheckLogonHours (_In_ PSAMPR_LOGON_HOURS LogonHours, _In_ PLARGE_INTEGER LogonTime)
 
static BOOL MsvpCheckWorkstations (_In_ PRPC_UNICODE_STRING WorkStations, _In_ PWSTR ComputerName)
 
NTSTATUS NTAPI LsaApCallPackage (IN PLSA_CLIENT_REQUEST ClientRequest, IN PVOID ProtocolSubmitBuffer, IN PVOID ClientBufferBase, IN ULONG SubmitBufferLength, OUT PVOID *ProtocolReturnBuffer, OUT PULONG ReturnBufferLength, OUT PNTSTATUS ProtocolStatus)
 
NTSTATUS NTAPI LsaApCallPackagePassthrough (IN PLSA_CLIENT_REQUEST ClientRequest, IN PVOID ProtocolSubmitBuffer, IN PVOID ClientBufferBase, IN ULONG SubmitBufferLength, OUT PVOID *ProtocolReturnBuffer, OUT PULONG ReturnBufferLength, OUT PNTSTATUS ProtocolStatus)
 
NTSTATUS NTAPI LsaApCallPackageUntrusted (IN PLSA_CLIENT_REQUEST ClientRequest, IN PVOID ProtocolSubmitBuffer, IN PVOID ClientBufferBase, IN ULONG SubmitBufferLength, OUT PVOID *ProtocolReturnBuffer, OUT PULONG ReturnBufferLength, OUT PNTSTATUS ProtocolStatus)
 
NTSTATUS NTAPI LsaApInitializePackage (IN ULONG AuthenticationPackageId, IN PLSA_DISPATCH_TABLE LsaDispatchTable, IN PLSA_STRING Database OPTIONAL, IN PLSA_STRING Confidentiality OPTIONAL, OUT PLSA_STRING *AuthenticationPackageName)
 
VOID NTAPI LsaApLogonTerminated (IN PLUID LogonId)
 
NTSTATUS NTAPI LsaApLogonUserEx2 (IN PLSA_CLIENT_REQUEST ClientRequest, IN SECURITY_LOGON_TYPE LogonType, IN PVOID ProtocolSubmitBuffer, IN PVOID ClientBufferBase, IN ULONG SubmitBufferSize, OUT PVOID *ProfileBuffer, OUT PULONG ProfileBufferSize, OUT PLUID LogonId, OUT PNTSTATUS SubStatus, OUT PLSA_TOKEN_INFORMATION_TYPE TokenInformationType, OUT PVOID *TokenInformation, OUT PUNICODE_STRING *AccountName, OUT PUNICODE_STRING *AuthenticatingAuthority, OUT PUNICODE_STRING *MachineName, OUT PSECPKG_PRIMARY_CRED PrimaryCredentials, OUT PSECPKG_SUPPLEMENTAL_CRED_ARRAY *SupplementalCredentials)
 
NTSTATUS NTAPI SpLsaModeInitialize (_In_ ULONG LsaVersion, _Out_ PULONG PackageVersion, _Out_ PSECPKG_FUNCTION_TABLE *ppTables, _Out_ PULONG pcTables)
 
NTSTATUS WINAPI SpUserModeInitialize (_In_ ULONG LsaVersion, _Out_ PULONG PackageVersion, _Out_ PSECPKG_USER_FUNCTION_TABLE *ppTables, _Out_ PULONG pcTables)
 

Variables

LSA_DISPATCH_TABLE DispatchTable
 

Function Documentation

◆ AppendRidToSid()

static PSID AppendRidToSid ( PSID  SrcSid,
ULONG  Rid 
)
static

Definition at line 245 of file msv1_0.c.

247 {
248  PSID DstSid = NULL;
249  UCHAR RidCount;
250 
251  RidCount = *RtlSubAuthorityCountSid(SrcSid);
252  if (RidCount >= 8)
253  return NULL;
254 
255  DstSid = DispatchTable.AllocateLsaHeap(RtlLengthRequiredSid(RidCount + 1));
256  if (DstSid == NULL)
257  return NULL;
258 
259  RtlCopyMemory(DstSid,
260  SrcSid,
261  RtlLengthRequiredSid(RidCount));
262 
263  *RtlSubAuthorityCountSid(DstSid) = RidCount + 1;
264  *RtlSubAuthoritySid(DstSid, RidCount) = Rid;
265 
266  return DstSid;
267 }
NTSYSAPI VOID NTAPI RtlCopyMemory(VOID UNALIGNED *Destination, CONST VOID UNALIGNED *Source, ULONG Length)
PLSA_ALLOCATE_LSA_HEAP AllocateLsaHeap
Definition: authpackage.c:60
NTSYSAPI PULONG NTAPI RtlSubAuthoritySid(_In_ PSID Sid, _In_ ULONG SubAuthority)
smooth NULL
Definition: ftsmooth.c:416
LSA_DISPATCH_TABLE DispatchTable
Definition: msv1_0.c:18
NTSYSAPI PUCHAR NTAPI RtlSubAuthorityCountSid(IN PSID Sid)
Definition: sid.c:104
unsigned char UCHAR
Definition: xmlstorage.h:181
NTSYSAPI ULONG NTAPI RtlLengthRequiredSid(IN ULONG SubAuthorityCount)
Definition: sid.c:54

Referenced by BuildTokenGroups(), BuildTokenPrimaryGroup(), BuildTokenUser(), SampCreateAccountSid(), SampInitializeSAM(), and SampSetupCreateUserAccount().

◆ BuildInteractiveProfileBuffer()

static NTSTATUS BuildInteractiveProfileBuffer ( IN PLSA_CLIENT_REQUEST  ClientRequest,
IN PSAMPR_USER_INFO_BUFFER  UserInfo,
IN PWSTR  ComputerName,
OUT PMSV1_0_INTERACTIVE_PROFILE ProfileBuffer,
OUT PULONG  ProfileBufferLength 
)
static

Definition at line 95 of file msv1_0.c.

100 {
101  PMSV1_0_INTERACTIVE_PROFILE LocalBuffer = NULL;
102  PVOID ClientBaseAddress = NULL;
103  LPWSTR Ptr;
106 
107  *ProfileBuffer = NULL;
108  *ProfileBufferLength = 0;
109 
111  UserInfo->All.FullName.Length + sizeof(WCHAR) +
112  UserInfo->All.HomeDirectory.Length + sizeof(WCHAR) +
113  UserInfo->All.HomeDirectoryDrive.Length + sizeof(WCHAR) +
114  UserInfo->All.ScriptPath.Length + sizeof(WCHAR) +
115  UserInfo->All.ProfilePath.Length + sizeof(WCHAR) +
116  ((wcslen(ComputerName) + 3) * sizeof(WCHAR));
117 
119  if (LocalBuffer == NULL)
120  {
121  TRACE("Failed to allocate the local buffer!\n");
123  goto done;
124  }
125 
126  Status = DispatchTable.AllocateClientBuffer(ClientRequest,
127  BufferLength,
128  &ClientBaseAddress);
129  if (!NT_SUCCESS(Status))
130  {
131  TRACE("DispatchTable.AllocateClientBuffer failed (Status 0x%08lx)\n", Status);
132  goto done;
133  }
134 
135  TRACE("ClientBaseAddress: %p\n", ClientBaseAddress);
136 
137  Ptr = (LPWSTR)((ULONG_PTR)LocalBuffer + sizeof(MSV1_0_INTERACTIVE_PROFILE));
138 
139  LocalBuffer->MessageType = MsV1_0InteractiveProfile;
140  LocalBuffer->LogonCount = UserInfo->All.LogonCount;
141  LocalBuffer->BadPasswordCount = UserInfo->All.BadPasswordCount;
142 
143  LocalBuffer->LogonTime.LowPart = UserInfo->All.LastLogon.LowPart;
144  LocalBuffer->LogonTime.HighPart = UserInfo->All.LastLogon.HighPart;
145 
146  LocalBuffer->LogoffTime.LowPart = UserInfo->All.AccountExpires.LowPart;
147  LocalBuffer->LogoffTime.HighPart = UserInfo->All.AccountExpires.HighPart;
148 
149  LocalBuffer->KickOffTime.LowPart = UserInfo->All.AccountExpires.LowPart;
150  LocalBuffer->KickOffTime.HighPart = UserInfo->All.AccountExpires.HighPart;
151 
152  LocalBuffer->PasswordLastSet.LowPart = UserInfo->All.PasswordLastSet.LowPart;
153  LocalBuffer->PasswordLastSet.HighPart = UserInfo->All.PasswordLastSet.HighPart;
154 
155  LocalBuffer->PasswordCanChange.LowPart = UserInfo->All.PasswordCanChange.LowPart;
156  LocalBuffer->PasswordCanChange.HighPart = UserInfo->All.PasswordCanChange.HighPart;
157 
158  LocalBuffer->PasswordMustChange.LowPart = UserInfo->All.PasswordMustChange.LowPart;
159  LocalBuffer->PasswordMustChange.HighPart = UserInfo->All.PasswordMustChange.HighPart;
160 
161  LocalBuffer->LogonScript.Length = UserInfo->All.ScriptPath.Length;
162  LocalBuffer->LogonScript.MaximumLength = UserInfo->All.ScriptPath.Length + sizeof(WCHAR);
163  LocalBuffer->LogonScript.Buffer = (LPWSTR)((ULONG_PTR)ClientBaseAddress + (ULONG_PTR)Ptr - (ULONG_PTR)LocalBuffer);
164  memcpy(Ptr,
165  UserInfo->All.ScriptPath.Buffer,
166  UserInfo->All.ScriptPath.Length);
167 
168  Ptr = (LPWSTR)((ULONG_PTR)Ptr + LocalBuffer->LogonScript.MaximumLength);
169 
170  LocalBuffer->HomeDirectory.Length = UserInfo->All.HomeDirectory.Length;
171  LocalBuffer->HomeDirectory.MaximumLength = UserInfo->All.HomeDirectory.Length + sizeof(WCHAR);
172  LocalBuffer->HomeDirectory.Buffer = (LPWSTR)((ULONG_PTR)ClientBaseAddress + (ULONG_PTR)Ptr - (ULONG_PTR)LocalBuffer);
173  memcpy(Ptr,
174  UserInfo->All.HomeDirectory.Buffer,
175  UserInfo->All.HomeDirectory.Length);
176 
177  Ptr = (LPWSTR)((ULONG_PTR)Ptr + LocalBuffer->HomeDirectory.MaximumLength);
178 
179  LocalBuffer->FullName.Length = UserInfo->All.FullName.Length;
180  LocalBuffer->FullName.MaximumLength = UserInfo->All.FullName.Length + sizeof(WCHAR);
181  LocalBuffer->FullName.Buffer = (LPWSTR)((ULONG_PTR)ClientBaseAddress + (ULONG_PTR)Ptr - (ULONG_PTR)LocalBuffer);
182  memcpy(Ptr,
183  UserInfo->All.FullName.Buffer,
184  UserInfo->All.FullName.Length);
185  TRACE("FullName.Buffer: %p\n", LocalBuffer->FullName.Buffer);
186 
187  Ptr = (LPWSTR)((ULONG_PTR)Ptr + LocalBuffer->FullName.MaximumLength);
188 
189  LocalBuffer->ProfilePath.Length = UserInfo->All.ProfilePath.Length;
190  LocalBuffer->ProfilePath.MaximumLength = UserInfo->All.ProfilePath.Length + sizeof(WCHAR);
191  LocalBuffer->ProfilePath.Buffer = (LPWSTR)((ULONG_PTR)ClientBaseAddress + (ULONG_PTR)Ptr - (ULONG_PTR)LocalBuffer);
192  memcpy(Ptr,
193  UserInfo->All.ProfilePath.Buffer,
194  UserInfo->All.ProfilePath.Length);
195 
196  Ptr = (LPWSTR)((ULONG_PTR)Ptr + LocalBuffer->ProfilePath.MaximumLength);
197 
198  LocalBuffer->HomeDirectoryDrive.Length = UserInfo->All.HomeDirectoryDrive.Length;
199  LocalBuffer->HomeDirectoryDrive.MaximumLength = UserInfo->All.HomeDirectoryDrive.Length + sizeof(WCHAR);
200  LocalBuffer->HomeDirectoryDrive.Buffer = (LPWSTR)((ULONG_PTR)ClientBaseAddress + (ULONG_PTR)Ptr - (ULONG_PTR)LocalBuffer);
201  memcpy(Ptr,
202  UserInfo->All.HomeDirectoryDrive.Buffer,
203  UserInfo->All.HomeDirectoryDrive.Length);
204 
206 
207  LocalBuffer->LogonServer.Length = (wcslen(ComputerName) + 2) * sizeof(WCHAR);
208  LocalBuffer->LogonServer.MaximumLength = LocalBuffer->LogonServer.Length + sizeof(WCHAR);
209  LocalBuffer->LogonServer.Buffer = (LPWSTR)((ULONG_PTR)ClientBaseAddress + (ULONG_PTR)Ptr - (ULONG_PTR)LocalBuffer);
210  wcscpy(Ptr, L"\\");
211  wcscat(Ptr, ComputerName);
212 
213  LocalBuffer->UserFlags = 0;
214 
215  Status = DispatchTable.CopyToClientBuffer(ClientRequest,
216  BufferLength,
217  ClientBaseAddress,
218  LocalBuffer);
219  if (!NT_SUCCESS(Status))
220  {
221  TRACE("DispatchTable.CopyToClientBuffer failed (Status 0x%08lx)\n", Status);
222  goto done;
223  }
224 
225  *ProfileBuffer = (PMSV1_0_INTERACTIVE_PROFILE)ClientBaseAddress;
227 
228 done:
229  if (LocalBuffer != NULL)
230  DispatchTable.FreeLsaHeap(LocalBuffer);
231 
232  if (!NT_SUCCESS(Status))
233  {
234  if (ClientBaseAddress != NULL)
235  DispatchTable.FreeClientBuffer(ClientRequest,
236  ClientBaseAddress);
237  }
238 
239  return Status;
240 }
PLSA_FREE_CLIENT_BUFFER FreeClientBuffer
Definition: authpackage.c:63
PLSA_COPY_TO_CLIENT_BUFFER CopyToClientBuffer
Definition: authpackage.c:64
struct _MSV1_0_INTERACTIVE_PROFILE MSV1_0_INTERACTIVE_PROFILE
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
LARGE_INTEGER LogoffTime
Definition: ntsecapi.h:441
UNICODE_STRING ProfilePath
Definition: ntsecapi.h:449
USHORT MaximumLength
Definition: env_spec_w32.h:370
UNICODE_STRING HomeDirectory
Definition: ntsecapi.h:447
_Must_inspect_result_ _In_ PFSRTL_PER_STREAM_CONTEXT Ptr
Definition: fsrtlfuncs.h:898
LONG NTSTATUS
Definition: precomp.h:26
struct _MSV1_0_INTERACTIVE_PROFILE * PMSV1_0_INTERACTIVE_PROFILE
PLSA_FREE_LSA_HEAP FreeLsaHeap
Definition: authpackage.c:61
PLSA_ALLOCATE_LSA_HEAP AllocateLsaHeap
Definition: authpackage.c:60
UNICODE_STRING LogonScript
Definition: ntsecapi.h:446
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG ProfileBufferLength
LARGE_INTEGER PasswordMustChange
Definition: ntsecapi.h:445
UNICODE_STRING FullName
Definition: ntsecapi.h:448
uint32_t ULONG_PTR
Definition: typedefs.h:63
_In_ ULONG BufferLength
Definition: usbdlib.h:225
LARGE_INTEGER PasswordLastSet
Definition: ntsecapi.h:443
smooth NULL
Definition: ftsmooth.c:416
LARGE_INTEGER LogonTime
Definition: ntsecapi.h:440
#define TRACE(s)
Definition: solgame.cpp:4
LARGE_INTEGER KickOffTime
Definition: ntsecapi.h:442
__wchar_t WCHAR
Definition: xmlstorage.h:180
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
LSA_DISPATCH_TABLE DispatchTable
Definition: msv1_0.c:18
UNICODE_STRING LogonServer
Definition: ntsecapi.h:451
_CRTIMP wchar_t *__cdecl wcscpy(_Out_writes_z_(_String_length_(_Source)+1) wchar_t *_Dest, _In_z_ const wchar_t *_Source)
static const WCHAR L[]
Definition: oid.c:1250
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID * ProfileBuffer
ULONG LowPart
Definition: typedefs.h:104
#define memcpy(s1, s2, n)
Definition: mkisofs.h:878
Status
Definition: gdiplustypes.h:24
PLSA_ALLOCATE_CLIENT_BUFFER AllocateClientBuffer
Definition: authpackage.c:62
LARGE_INTEGER PasswordCanChange
Definition: ntsecapi.h:444
MSV1_0_PROFILE_BUFFER_TYPE MessageType
Definition: ntsecapi.h:437
UNICODE_STRING HomeDirectoryDrive
Definition: ntsecapi.h:450
_CRTIMP wchar_t *__cdecl wcscat(_Inout_updates_z_(_String_length_(_Dest)+_String_length_(_Source)+1) wchar_t *_Dest, _In_z_ const wchar_t *_Source)
unsigned int ULONG
Definition: retypes.h:1
#define ULONG_PTR
Definition: config.h:101
WCHAR * LPWSTR
Definition: xmlstorage.h:184
return STATUS_SUCCESS
Definition: btrfs.c:2938
size_t __cdecl wcslen(_In_z_ const wchar_t *_Str)

Referenced by LsaApLogonUserEx2().

◆ BuildTokenGroups()

static NTSTATUS BuildTokenGroups ( OUT PTOKEN_GROUPS Groups,
IN PSID  AccountDomainSid,
IN ULONG  RelativeId,
IN BOOL  SpecialAccount 
)
static

Definition at line 310 of file msv1_0.c.

314 {
317  DWORD GroupCount = 0;
318  DWORD MaxGroups = 2;
319  PSID Sid;
321 
322  if (SpecialAccount)
323  MaxGroups++;
324 
326  MaxGroups * sizeof(SID_AND_ATTRIBUTES));
327  if (TokenGroups == NULL)
328  {
330  }
331 
332  if (SpecialAccount)
333  {
334  /* Self */
335  Sid = AppendRidToSid(AccountDomainSid, RelativeId);
336  if (Sid == NULL)
337  {
338 
339  }
340 
341  TokenGroups->Groups[GroupCount].Sid = Sid;
342  TokenGroups->Groups[GroupCount].Attributes =
344  GroupCount++;
345 
346  /* Member of 'Users' alias */
348  2,
357  &Sid);
358  TokenGroups->Groups[GroupCount].Sid = Sid;
359  TokenGroups->Groups[GroupCount].Attributes =
361  GroupCount++;
362  }
363  else
364  {
365  /* Member of the domains users group */
367  if (Sid == NULL)
368  {
369 
370  }
371 
372  TokenGroups->Groups[GroupCount].Sid = Sid;
373  TokenGroups->Groups[GroupCount].Attributes =
375  GroupCount++;
376  }
377 
378  /* Member of 'Authenticated users' */
380  1,
389  &Sid);
390  TokenGroups->Groups[GroupCount].Sid = Sid;
391  TokenGroups->Groups[GroupCount].Attributes =
393  GroupCount++;
394 
395  TokenGroups->GroupCount = GroupCount;
396  ASSERT(TokenGroups->GroupCount <= MaxGroups);
397 
398  *Groups = TokenGroups;
399 
400  return Status;
401 }
#define SECURITY_AUTHENTICATED_USER_RID
Definition: setypes.h:540
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
LONG NTSTATUS
Definition: precomp.h:26
static PSID AppendRidToSid(PSID SrcSid, ULONG Rid)
Definition: msv1_0.c:245
PLSA_ALLOCATE_LSA_HEAP AllocateLsaHeap
Definition: authpackage.c:60
TOpcodeData Groups[17][8]
NTSYSAPI NTSTATUS NTAPI RtlAllocateAndInitializeSid(IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, IN UCHAR SubAuthorityCount, IN ULONG SubAuthority0, IN ULONG SubAuthority1, IN ULONG SubAuthority2, IN ULONG SubAuthority3, IN ULONG SubAuthority4, IN ULONG SubAuthority5, IN ULONG SubAuthority6, IN ULONG SubAuthority7, OUT PSID *Sid)
Definition: sid.c:290
smooth NULL
Definition: ftsmooth.c:416
#define SE_GROUP_ENABLED_BY_DEFAULT
Definition: setypes.h:91
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1104
#define SECURITY_NT_AUTHORITY
Definition: setypes.h:526
#define SECURITY_BUILTIN_DOMAIN_RID
Definition: setypes.h:553
#define SE_GROUP_ENABLED
Definition: setypes.h:92
LSA_DISPATCH_TABLE DispatchTable
Definition: msv1_0.c:18
unsigned long DWORD
Definition: ntddk_ex.h:95
#define SE_GROUP_MANDATORY
Definition: setypes.h:90
ASSERT((InvokeOnSuccess||InvokeOnError||InvokeOnCancel) ?(CompletionRoutine !=NULL) :TRUE)
#define SECURITY_NULL_RID
Definition: setypes.h:512
Status
Definition: gdiplustypes.h:24
#define DOMAIN_ALIAS_RID_USERS
Definition: setypes.h:625
#define DOMAIN_GROUP_RID_USERS
Definition: setypes.h:612
PSID AccountDomainSid
Definition: database.c:22
return STATUS_SUCCESS
Definition: btrfs.c:2938
static SID_IDENTIFIER_AUTHORITY SystemAuthority
Definition: msgina.c:38

Referenced by BuildTokenInformationBuffer().

◆ BuildTokenInformationBuffer()

static NTSTATUS BuildTokenInformationBuffer ( PLSA_TOKEN_INFORMATION_V1 TokenInformation,
PRPC_SID  AccountDomainSid,
PSAMPR_USER_INFO_BUFFER  UserInfo,
BOOL  SpecialAccount 
)
static

Definition at line 406 of file msv1_0.c.

410 {
412  ULONG i;
414 
416  if (Buffer == NULL)
417  {
418  WARN("Failed to allocate the local buffer!\n");
420  goto done;
421  }
422 
423  Buffer->ExpirationTime.LowPart = UserInfo->All.AccountExpires.LowPart;
424  Buffer->ExpirationTime.HighPart = UserInfo->All.AccountExpires.HighPart;
425 
426  Status = BuildTokenUser(&Buffer->User,
428  UserInfo->All.UserId);
429  if (!NT_SUCCESS(Status))
430  {
431  WARN("BuildTokenUser() failed (Status 0x%08lx)\n", Status);
432  goto done;
433  }
434 
435  Status = BuildTokenPrimaryGroup(&Buffer->PrimaryGroup,
437  UserInfo->All.PrimaryGroupId);
438  if (!NT_SUCCESS(Status))
439  {
440  WARN("BuildTokenPrimaryGroup() failed (Status 0x%08lx)\n", Status);
441  goto done;
442  }
443 
444  Status = BuildTokenGroups(&Buffer->Groups,
446  UserInfo->All.UserId,
447  SpecialAccount);
448  if (!NT_SUCCESS(Status))
449  {
450  WARN("BuildTokenGroups() failed (Status 0x%08lx)\n", Status);
451  goto done;
452  }
453 
454  *TokenInformation = Buffer;
455 
456 done:
457  if (!NT_SUCCESS(Status))
458  {
459  if (Buffer != NULL)
460  {
461  if (Buffer->User.User.Sid != NULL)
462  DispatchTable.FreeLsaHeap(Buffer->User.User.Sid);
463 
464  if (Buffer->Groups != NULL)
465  {
466  for (i = 0; i < Buffer->Groups->GroupCount; i++)
467  {
468  if (Buffer->Groups->Groups[i].Sid != NULL)
469  DispatchTable.FreeLsaHeap(Buffer->Groups->Groups[i].Sid);
470  }
471 
473  }
474 
475  if (Buffer->PrimaryGroup.PrimaryGroup != NULL)
476  DispatchTable.FreeLsaHeap(Buffer->PrimaryGroup.PrimaryGroup);
477 
478  if (Buffer->DefaultDacl.DefaultDacl != NULL)
479  DispatchTable.FreeLsaHeap(Buffer->DefaultDacl.DefaultDacl);
480 
482  }
483  }
484 
485  return Status;
486 }
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
#define WARN(fmt,...)
Definition: debug.h:111
unsigned long UserId
Definition: msv1_0.h:131
LONG NTSTATUS
Definition: precomp.h:26
PLSA_FREE_LSA_HEAP FreeLsaHeap
Definition: authpackage.c:61
PLSA_ALLOCATE_LSA_HEAP AllocateLsaHeap
Definition: authpackage.c:60
SAMPR_USER_ALL_INFORMATION All
Definition: msv1_0.h:172
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
smooth NULL
Definition: ftsmooth.c:416
Definition: bufpool.h:45
OLD_LARGE_INTEGER AccountExpires
Definition: msv1_0.h:114
static NTSTATUS BuildTokenGroups(OUT PTOKEN_GROUPS *Groups, IN PSID AccountDomainSid, IN ULONG RelativeId, IN BOOL SpecialAccount)
Definition: msv1_0.c:310
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
LSA_DISPATCH_TABLE DispatchTable
Definition: msv1_0.c:18
unsigned long PrimaryGroupId
Definition: msv1_0.h:132
Status
Definition: gdiplustypes.h:24
unsigned long LowPart
Definition: msv1_0.h:63
unsigned int ULONG
Definition: retypes.h:1
PSID AccountDomainSid
Definition: database.c:22
IN BOOLEAN OUT PSTR Buffer
Definition: progress.h:34
return STATUS_SUCCESS
Definition: btrfs.c:2938
static NTSTATUS BuildTokenPrimaryGroup(OUT PTOKEN_PRIMARY_GROUP PrimaryGroup, IN PSID AccountDomainSid, IN ULONG RelativeId)
Definition: msv1_0.c:292
static NTSTATUS BuildTokenUser(OUT PTOKEN_USER User, IN PSID AccountDomainSid, IN ULONG RelativeId)
Definition: msv1_0.c:272

Referenced by LsaApLogonUserEx2().

◆ BuildTokenPrimaryGroup()

static NTSTATUS BuildTokenPrimaryGroup ( OUT PTOKEN_PRIMARY_GROUP  PrimaryGroup,
IN PSID  AccountDomainSid,
IN ULONG  RelativeId 
)
static

Definition at line 292 of file msv1_0.c.

295 {
297  RelativeId);
298  if (PrimaryGroup->PrimaryGroup == NULL)
299  {
300  ERR("Could not create the primary group SID\n");
302  }
303 
304  return STATUS_SUCCESS;
305 }
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
static PSID AppendRidToSid(PSID SrcSid, ULONG Rid)
Definition: msv1_0.c:245
smooth NULL
Definition: ftsmooth.c:416
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID _Inout_ PULONG _Out_writes_bytes_to_opt_ PrimaryGroupSize PSID PrimaryGroup
Definition: rtlfuncs.h:1559
#define ERR(fmt,...)
Definition: debug.h:109
PSID AccountDomainSid
Definition: database.c:22
return STATUS_SUCCESS
Definition: btrfs.c:2938

Referenced by BuildTokenInformationBuffer().

◆ BuildTokenUser()

static NTSTATUS BuildTokenUser ( OUT PTOKEN_USER  User,
IN PSID  AccountDomainSid,
IN ULONG  RelativeId 
)
static

Definition at line 272 of file msv1_0.c.

275 {
276  User->User.Sid = AppendRidToSid(AccountDomainSid,
277  RelativeId);
278  if (User->User.Sid == NULL)
279  {
280  ERR("Could not create the user SID\n");
282  }
283 
284  User->User.Attributes = 0;
285 
286  return STATUS_SUCCESS;
287 }
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
static PSID AppendRidToSid(PSID SrcSid, ULONG Rid)
Definition: msv1_0.c:245
smooth NULL
Definition: ftsmooth.c:416
#define ERR(fmt,...)
Definition: debug.h:109
PSID AccountDomainSid
Definition: database.c:22
return STATUS_SUCCESS
Definition: btrfs.c:2938

Referenced by BuildTokenInformationBuffer().

◆ GetAccountDomainSid()

static NTSTATUS GetAccountDomainSid ( PRPC_SID Sid)
static

Definition at line 25 of file msv1_0.c.

26 {
27  LSAPR_HANDLE PolicyHandle = NULL;
28  PLSAPR_POLICY_INFORMATION PolicyInfo = NULL;
29  ULONG Length = 0;
31 
32  Status = LsaIOpenPolicyTrusted(&PolicyHandle);
33  if (!NT_SUCCESS(Status))
34  {
35  TRACE("LsaIOpenPolicyTrusted() failed (Status 0x%08lx)\n", Status);
36  return Status;
37  }
38 
39  Status = LsarQueryInformationPolicy(PolicyHandle,
41  &PolicyInfo);
42  if (!NT_SUCCESS(Status))
43  {
44  TRACE("LsarQueryInformationPolicy() failed (Status 0x%08lx)\n", Status);
45  goto done;
46  }
47 
49 
50  *Sid = RtlAllocateHeap(RtlGetProcessHeap(), 0, Length);
51  if (*Sid == NULL)
52  {
53  ERR("Failed to allocate SID\n");
55  goto done;
56  }
57 
59 
60 done:
61  if (PolicyInfo != NULL)
63  PolicyInfo);
64 
65  if (PolicyHandle != NULL)
66  LsarClose(&PolicyHandle);
67 
68  return Status;
69 }
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
LONG NTSTATUS
Definition: precomp.h:26
LSAPR_POLICY_ACCOUNT_DOM_INFO PolicyAccountDomainInfo
Definition: msv1_0.h:307
NTSTATUS WINAPI LsaIOpenPolicyTrusted(OUT LSAPR_HANDLE *PolicyHandle)
Definition: policy.c:15
VOID NTAPI LsaIFree_LSAPR_POLICY_INFORMATION(IN POLICY_INFORMATION_CLASS InformationClass, IN PLSAPR_POLICY_INFORMATION PolicyInformation)
Definition: lsasrv.c:51
smooth NULL
Definition: ftsmooth.c:416
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1104
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
Definition: sid.c:150
PVOID NTAPI RtlAllocateHeap(IN PVOID HeapHandle, IN ULONG Flags, IN SIZE_T Size)
Definition: heap.c:588
NTSTATUS WINAPI LsarQueryInformationPolicy(LSAPR_HANDLE PolicyHandle, POLICY_INFORMATION_CLASS InformationClass, PLSAPR_POLICY_INFORMATION *PolicyInformation)
Definition: lsarpc.c:531
#define TRACE(s)
Definition: solgame.cpp:4
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
_In_ ULONG _In_ ULONG _In_ ULONG Length
Definition: ntddpcm.h:101
NTSTATUS WINAPI LsarClose(LSAPR_HANDLE *ObjectHandle)
Definition: lsarpc.c:125
#define memcpy(s1, s2, n)
Definition: mkisofs.h:878
Status
Definition: gdiplustypes.h:24
#define ERR(fmt,...)
Definition: debug.h:109
unsigned int ULONG
Definition: retypes.h:1

Referenced by LsaApLogonUserEx2(), NetUserEnum(), NetUserGetGroups(), NetUserGetInfo(), NetUserGetLocalGroups(), and NetUserModalsGet().

◆ GetNtAuthorityDomainSid()

static NTSTATUS GetNtAuthorityDomainSid ( PRPC_SID Sid)
static

Definition at line 74 of file msv1_0.c.

75 {
77  ULONG Length = 0;
78 
80  *Sid = RtlAllocateHeap(RtlGetProcessHeap(), 0, Length);
81  if (*Sid == NULL)
82  {
83  ERR("Failed to allocate SID\n");
85  }
86 
88 
89  return STATUS_SUCCESS;
90 }
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
NTSYSAPI NTSTATUS NTAPI RtlInitializeSid(IN OUT PSID Sid, IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, IN UCHAR SubAuthorityCount)
smooth NULL
Definition: ftsmooth.c:416
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1104
#define SECURITY_NT_AUTHORITY
Definition: setypes.h:526
PVOID NTAPI RtlAllocateHeap(IN PVOID HeapHandle, IN ULONG Flags, IN SIZE_T Size)
Definition: heap.c:588
_In_ ULONG _In_ ULONG _In_ ULONG Length
Definition: ntddpcm.h:101
#define ERR(fmt,...)
Definition: debug.h:109
unsigned int ULONG
Definition: retypes.h:1
return STATUS_SUCCESS
Definition: btrfs.c:2938
SID_IDENTIFIER_AUTHORITY NtAuthority
Definition: database.c:19
NTSYSAPI ULONG NTAPI RtlLengthRequiredSid(IN ULONG SubAuthorityCount)
Definition: sid.c:54

Referenced by LsaApLogonUserEx2().

◆ LsaApCallPackage()

NTSTATUS NTAPI LsaApCallPackage ( IN PLSA_CLIENT_REQUEST  ClientRequest,
IN PVOID  ProtocolSubmitBuffer,
IN PVOID  ClientBufferBase,
IN ULONG  SubmitBufferLength,
OUT PVOID ProtocolReturnBuffer,
OUT PULONG  ReturnBufferLength,
OUT PNTSTATUS  ProtocolStatus 
)

Definition at line 968 of file msv1_0.c.

975 {
977  MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
978 
979  TRACE("LsaApCallPackage()\n");
980 
981  if (SubmitBufferLength < sizeof(MSV1_0_PROTOCOL_MESSAGE_TYPE))
983 
984  MessageType = *((PMSV1_0_PROTOCOL_MESSAGE_TYPE)ProtocolSubmitBuffer);
985 
986  *ProtocolReturnBuffer = NULL;
987  *ReturnBufferLength = 0;
988 
989  switch (MessageType)
990  {
994  break;
995 
997  case MsV1_0GetUserInfo:
998  case MsV1_0ReLogonUsers:
1000  break;
1001 
1002  case MsV1_0ChangePassword:
1003  Status = MsvpChangePassword(ClientRequest,
1004  ProtocolSubmitBuffer,
1005  ClientBufferBase,
1006  SubmitBufferLength,
1007  ProtocolReturnBuffer,
1008  ReturnBufferLength,
1009  ProtocolStatus);
1010  break;
1011 
1014  case MsV1_0CacheLogon:
1015  case MsV1_0SubAuth:
1017  case MsV1_0CacheLookup:
1019  break;
1020 
1021  default:
1022  return STATUS_INVALID_PARAMETER;
1023  }
1024 
1025  return Status;
1026 }
#define STATUS_NOT_IMPLEMENTED
Definition: ntstatus.h:225
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
LONG NTSTATUS
Definition: precomp.h:26
VOID NTAPI ProtocolStatus(NDIS_HANDLE BindingContext, NDIS_STATUS GenerelStatus, PVOID StatusBuffer, UINT StatusBufferSize)
Called by NDIS when the underlying driver has changed state.
Definition: lan.c:461
enum _MSV1_0_PROTOCOL_MESSAGE_TYPE * PMSV1_0_PROTOCOL_MESSAGE_TYPE
smooth NULL
Definition: ftsmooth.c:416
#define TRACE(s)
Definition: solgame.cpp:4
Status
Definition: gdiplustypes.h:24
static NTSTATUS MsvpChangePassword(IN PLSA_CLIENT_REQUEST ClientRequest, IN PVOID ProtocolSubmitBuffer, IN PVOID ClientBufferBase, IN ULONG SubmitBufferLength, OUT PVOID *ProtocolReturnBuffer, OUT PULONG ReturnBufferLength, OUT PNTSTATUS ProtocolStatus)
Definition: msv1_0.c:491
enum _MSV1_0_PROTOCOL_MESSAGE_TYPE MSV1_0_PROTOCOL_MESSAGE_TYPE

Referenced by SpLsaModeInitialize().

◆ LsaApCallPackagePassthrough()

NTSTATUS NTAPI LsaApCallPackagePassthrough ( IN PLSA_CLIENT_REQUEST  ClientRequest,
IN PVOID  ProtocolSubmitBuffer,
IN PVOID  ClientBufferBase,
IN ULONG  SubmitBufferLength,
OUT PVOID ProtocolReturnBuffer,
OUT PULONG  ReturnBufferLength,
OUT PNTSTATUS  ProtocolStatus 
)

Definition at line 1034 of file msv1_0.c.

1041 {
1042  TRACE("LsaApCallPackagePassthrough()\n");
1043  return STATUS_NOT_IMPLEMENTED;
1044 }
#define STATUS_NOT_IMPLEMENTED
Definition: ntstatus.h:225
#define TRACE(s)
Definition: solgame.cpp:4

Referenced by SpLsaModeInitialize().

◆ LsaApCallPackageUntrusted()

NTSTATUS NTAPI LsaApCallPackageUntrusted ( IN PLSA_CLIENT_REQUEST  ClientRequest,
IN PVOID  ProtocolSubmitBuffer,
IN PVOID  ClientBufferBase,
IN ULONG  SubmitBufferLength,
OUT PVOID ProtocolReturnBuffer,
OUT PULONG  ReturnBufferLength,
OUT PNTSTATUS  ProtocolStatus 
)

Definition at line 1052 of file msv1_0.c.

1059 {
1060  ULONG MessageType;
1061  NTSTATUS Status;
1062 
1063  TRACE("LsaApCallPackageUntrusted()\n");
1064 
1065  if (SubmitBufferLength < sizeof(MSV1_0_PROTOCOL_MESSAGE_TYPE))
1066  return STATUS_INVALID_PARAMETER;
1067 
1068  MessageType = (ULONG)*((PMSV1_0_PROTOCOL_MESSAGE_TYPE)ProtocolSubmitBuffer);
1069 
1070  *ProtocolReturnBuffer = NULL;
1071  *ReturnBufferLength = 0;
1072 
1073  if (MessageType == MsV1_0ChangePassword)
1074  Status = MsvpChangePassword(ClientRequest,
1075  ProtocolSubmitBuffer,
1076  ClientBufferBase,
1077  SubmitBufferLength,
1078  ProtocolReturnBuffer,
1079  ReturnBufferLength,
1080  ProtocolStatus);
1081  else
1083 
1084  return Status;
1085 }
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
LONG NTSTATUS
Definition: precomp.h:26
VOID NTAPI ProtocolStatus(NDIS_HANDLE BindingContext, NDIS_STATUS GenerelStatus, PVOID StatusBuffer, UINT StatusBufferSize)
Called by NDIS when the underlying driver has changed state.
Definition: lan.c:461
enum _MSV1_0_PROTOCOL_MESSAGE_TYPE * PMSV1_0_PROTOCOL_MESSAGE_TYPE
smooth NULL
Definition: ftsmooth.c:416
#define TRACE(s)
Definition: solgame.cpp:4
#define STATUS_ACCESS_DENIED
Definition: udferr_usr.h:145
Status
Definition: gdiplustypes.h:24
static NTSTATUS MsvpChangePassword(IN PLSA_CLIENT_REQUEST ClientRequest, IN PVOID ProtocolSubmitBuffer, IN PVOID ClientBufferBase, IN ULONG SubmitBufferLength, OUT PVOID *ProtocolReturnBuffer, OUT PULONG ReturnBufferLength, OUT PNTSTATUS ProtocolStatus)
Definition: msv1_0.c:491
unsigned int ULONG
Definition: retypes.h:1
enum _MSV1_0_PROTOCOL_MESSAGE_TYPE MSV1_0_PROTOCOL_MESSAGE_TYPE

Referenced by SpLsaModeInitialize().

◆ LsaApInitializePackage()

NTSTATUS NTAPI LsaApInitializePackage ( IN ULONG  AuthenticationPackageId,
IN PLSA_DISPATCH_TABLE  LsaDispatchTable,
IN PLSA_STRING Database  OPTIONAL,
IN PLSA_STRING Confidentiality  OPTIONAL,
OUT PLSA_STRING AuthenticationPackageName 
)

Definition at line 1093 of file msv1_0.c.

1098 {
1099  PANSI_STRING NameString;
1100  PCHAR NameBuffer;
1101 
1102  TRACE("LsaApInitializePackage(%lu %p %p %p %p)\n",
1103  AuthenticationPackageId, LsaDispatchTable, Database,
1104  Confidentiality, AuthenticationPackageName);
1105 
1106  /* Get the dispatch table entries */
1107  DispatchTable.CreateLogonSession = LsaDispatchTable->CreateLogonSession;
1108  DispatchTable.DeleteLogonSession = LsaDispatchTable->DeleteLogonSession;
1109  DispatchTable.AddCredential = LsaDispatchTable->AddCredential;
1110  DispatchTable.GetCredentials = LsaDispatchTable->GetCredentials;
1111  DispatchTable.DeleteCredential = LsaDispatchTable->DeleteCredential;
1112  DispatchTable.AllocateLsaHeap = LsaDispatchTable->AllocateLsaHeap;
1113  DispatchTable.FreeLsaHeap = LsaDispatchTable->FreeLsaHeap;
1114  DispatchTable.AllocateClientBuffer = LsaDispatchTable->AllocateClientBuffer;
1115  DispatchTable.FreeClientBuffer = LsaDispatchTable->FreeClientBuffer;
1116  DispatchTable.CopyToClientBuffer = LsaDispatchTable->CopyToClientBuffer;
1117  DispatchTable.CopyFromClientBuffer = LsaDispatchTable->CopyFromClientBuffer;
1118 
1119  /* Return the package name */
1120  NameString = DispatchTable.AllocateLsaHeap(sizeof(LSA_STRING));
1121  if (NameString == NULL)
1123 
1124  NameBuffer = DispatchTable.AllocateLsaHeap(sizeof(MSV1_0_PACKAGE_NAME));
1125  if (NameBuffer == NULL)
1126  {
1127  DispatchTable.FreeLsaHeap(NameString);
1129  }
1130 
1131  strcpy(NameBuffer, MSV1_0_PACKAGE_NAME);
1132 
1133  RtlInitAnsiString(NameString, NameBuffer);
1134 
1135  *AuthenticationPackageName = (PLSA_STRING)NameString;
1136 
1137  return STATUS_SUCCESS;
1138 }
PLSA_FREE_CLIENT_BUFFER FreeClientBuffer
Definition: authpackage.c:63
PLSA_COPY_TO_CLIENT_BUFFER CopyToClientBuffer
Definition: authpackage.c:64
signed char * PCHAR
Definition: retypes.h:7
#define MSV1_0_PACKAGE_NAME
Definition: ntsecapi.h:42
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
PLSA_GET_CREDENTIALS GetCredentials
Definition: authpackage.c:58
PLSA_FREE_LSA_HEAP FreeLsaHeap
Definition: authpackage.c:61
PLSA_ALLOCATE_LSA_HEAP AllocateLsaHeap
Definition: authpackage.c:60
NTSYSAPI VOID NTAPI RtlInitAnsiString(PANSI_STRING DestinationString, PCSZ SourceString)
PLSA_CREATE_LOGON_SESSION CreateLogonSession
Definition: authpackage.c:55
smooth NULL
Definition: ftsmooth.c:416
PLSA_DELETE_CREDENTIAL DeleteCredential
Definition: authpackage.c:59
#define TRACE(s)
Definition: solgame.cpp:4
LSA_DISPATCH_TABLE DispatchTable
Definition: msv1_0.c:18
PLSA_DELETE_LOGON_SESSION DeleteLogonSession
Definition: authpackage.c:56
PLSA_COPY_FROM_CLIENT_BUFFER CopyFromClientBuffer
Definition: authpackage.c:65
PLSA_ADD_CREDENTIAL AddCredential
Definition: authpackage.c:57
PLSA_ALLOCATE_CLIENT_BUFFER AllocateClientBuffer
Definition: authpackage.c:62
struct _LSA_STRING * PLSA_STRING
char * strcpy(char *DstString, const char *SrcString)
Definition: utclib.c:388
return STATUS_SUCCESS
Definition: btrfs.c:2938

Referenced by SpLsaModeInitialize().

◆ LsaApLogonTerminated()

VOID NTAPI LsaApLogonTerminated ( IN PLUID  LogonId)

Definition at line 1146 of file msv1_0.c.

1147 {
1148  TRACE("LsaApLogonTerminated()\n");
1149 }
#define TRACE(s)
Definition: solgame.cpp:4

Referenced by SpLsaModeInitialize().

◆ LsaApLogonUserEx2()

NTSTATUS NTAPI LsaApLogonUserEx2 ( IN PLSA_CLIENT_REQUEST  ClientRequest,
IN SECURITY_LOGON_TYPE  LogonType,
IN PVOID  ProtocolSubmitBuffer,
IN PVOID  ClientBufferBase,
IN ULONG  SubmitBufferSize,
OUT PVOID ProfileBuffer,
OUT PULONG  ProfileBufferSize,
OUT PLUID  LogonId,
OUT PNTSTATUS  SubStatus,
OUT PLSA_TOKEN_INFORMATION_TYPE  TokenInformationType,
OUT PVOID TokenInformation,
OUT PUNICODE_STRING AccountName,
OUT PUNICODE_STRING AuthenticatingAuthority,
OUT PUNICODE_STRING MachineName,
OUT PSECPKG_PRIMARY_CRED  PrimaryCredentials,
OUT PSECPKG_SUPPLEMENTAL_CRED_ARRAY SupplementalCredentials 
)

Definition at line 1157 of file msv1_0.c.

1173 {
1174  static const UNICODE_STRING NtAuthorityU = RTL_CONSTANT_STRING(L"NT AUTHORITY");
1175  static const UNICODE_STRING LocalServiceU = RTL_CONSTANT_STRING(L"LocalService");
1176  static const UNICODE_STRING NetworkServiceU = RTL_CONSTANT_STRING(L"NetworkService");
1177 
1178  NTSTATUS Status;
1179  PMSV1_0_INTERACTIVE_LOGON LogonInfo;
1180  WCHAR ComputerName[MAX_COMPUTERNAME_LENGTH + 1];
1181  SAMPR_HANDLE ServerHandle = NULL;
1182  SAMPR_HANDLE DomainHandle = NULL;
1183  SAMPR_HANDLE UserHandle = NULL;
1186  SAMPR_ULONG_ARRAY RelativeIds = {0, NULL};
1187  SAMPR_ULONG_ARRAY Use = {0, NULL};
1188  PSAMPR_USER_INFO_BUFFER UserInfo = NULL;
1189  BOOLEAN SessionCreated = FALSE;
1190  LARGE_INTEGER LogonTime;
1191  LARGE_INTEGER AccountExpires;
1192  LARGE_INTEGER PasswordMustChange;
1193  LARGE_INTEGER PasswordLastSet;
1194  DWORD ComputerNameSize;
1195  BOOL SpecialAccount = FALSE;
1196 
1197  TRACE("LsaApLogonUserEx2()\n");
1198 
1199  TRACE("LogonType: %lu\n", LogonType);
1200  TRACE("ProtocolSubmitBuffer: %p\n", ProtocolSubmitBuffer);
1201  TRACE("SubmitBufferSize: %lu\n", SubmitBufferSize);
1202 
1203  *ProfileBuffer = NULL;
1204  *ProfileBufferSize = 0;
1206  *AccountName = NULL;
1207  *AuthenticatingAuthority = NULL;
1208 
1209  /* Parameters validation */
1210  if (LogonType == Interactive ||
1211  LogonType == Batch ||
1212  LogonType == Service)
1213  {
1215 
1216  if (SubmitBufferSize < sizeof(MSV1_0_INTERACTIVE_LOGON))
1217  {
1218  ERR("Invalid SubmitBufferSize %lu\n", SubmitBufferSize);
1219  return STATUS_INVALID_PARAMETER;
1220  }
1221 
1222  LogonInfo = (PMSV1_0_INTERACTIVE_LOGON)ProtocolSubmitBuffer;
1223 
1224  if (LogonInfo->MessageType != MsV1_0InteractiveLogon &&
1226  {
1227  ERR("Invalid MessageType %lu\n", LogonInfo->MessageType);
1229  }
1230 
1231 #if 0 // FIXME: These checks happen to be done on Windows. We however keep them general on ReactOS for now...
1232  if (LogonInfo->UserName.Length > 512) // CRED_MAX_STRING_LENGTH * sizeof(WCHAR) or (CREDUI_MAX_USERNAME_LENGTH (== CRED_MAX_USERNAME_LENGTH) - 1) * sizeof(WCHAR)
1233  {
1234  ERR("UserName too long (%lu, maximum 512)\n", LogonInfo->UserName.Length);
1235  return STATUS_NAME_TOO_LONG;
1236  }
1237  if (LogonInfo->Password.Length > 512) // CREDUI_MAX_PASSWORD_LENGTH * sizeof(WCHAR)
1238  {
1239  ERR("Password too long (%lu, maximum 512)\n", LogonInfo->Password.Length);
1240  return STATUS_NAME_TOO_LONG;
1241  }
1242 #endif
1243 
1244  /* Fix-up pointers in the authentication info */
1245  PtrOffset = (ULONG_PTR)ProtocolSubmitBuffer - (ULONG_PTR)ClientBufferBase;
1246 
1248  if (!NT_SUCCESS(Status))
1249  return STATUS_INVALID_PARAMETER;
1250  /* LogonDomainName is optional and can be an empty string */
1251  if (LogonInfo->LogonDomainName.Length)
1252  {
1253  // TODO: Check for Buffer limits wrt. ClientBufferBase and alignment.
1255  LogonInfo->LogonDomainName.MaximumLength = LogonInfo->LogonDomainName.Length;
1256  }
1257  else
1258  {
1259  LogonInfo->LogonDomainName.Buffer = NULL;
1260  LogonInfo->LogonDomainName.MaximumLength = 0;
1261  }
1262 
1263  Status = RtlValidateUnicodeString(0, &LogonInfo->UserName);
1264  if (!NT_SUCCESS(Status))
1265  return STATUS_INVALID_PARAMETER;
1266  /* UserName is mandatory and cannot be an empty string */
1267  // TODO: Check for Buffer limits wrt. ClientBufferBase and alignment.
1268  LogonInfo->UserName.Buffer = FIXUP_POINTER(LogonInfo->UserName.Buffer, PtrOffset);
1269  LogonInfo->UserName.MaximumLength = LogonInfo->UserName.Length;
1270 
1271  Status = RtlValidateUnicodeString(0, &LogonInfo->Password);
1272  if (!NT_SUCCESS(Status))
1273  return STATUS_INVALID_PARAMETER;
1274  /* Password is optional and can be an empty string */
1275  if (LogonInfo->Password.Length)
1276  {
1277  // TODO: Check for Buffer limits wrt. ClientBufferBase and alignment.
1278  LogonInfo->Password.Buffer = FIXUP_POINTER(LogonInfo->Password.Buffer, PtrOffset);
1279  LogonInfo->Password.MaximumLength = LogonInfo->Password.Length;
1280  }
1281  else
1282  {
1283  LogonInfo->Password.Buffer = NULL;
1284  LogonInfo->Password.MaximumLength = 0;
1285  }
1286 
1287  TRACE("Domain: %S\n", LogonInfo->LogonDomainName.Buffer);
1288  TRACE("User: %S\n", LogonInfo->UserName.Buffer);
1289  TRACE("Password: %S\n", LogonInfo->Password.Buffer);
1290 
1291  // TODO: If LogonType == Service, do some extra work using LogonInfo->Password.
1292  }
1293  else
1294  {
1295  FIXME("LogonType %lu is not supported yet!\n", LogonType);
1296  return STATUS_NOT_IMPLEMENTED;
1297  }
1298  // TODO: Add other LogonType validity checks.
1299 
1300  /* Get the logon time */
1301  NtQuerySystemTime(&LogonTime);
1302 
1303  /* Get the computer name */
1304  ComputerNameSize = ARRAYSIZE(ComputerName);
1305  GetComputerNameW(ComputerName, &ComputerNameSize);
1306 
1307  /* Check for special accounts */
1308  // FIXME: Windows does not do this that way!! (msv1_0 does not contain these hardcoded values)
1309  if (RtlEqualUnicodeString(&LogonInfo->LogonDomainName, &NtAuthorityU, TRUE))
1310  {
1311  SpecialAccount = TRUE;
1312 
1313  /* Get the authority domain SID */
1315  if (!NT_SUCCESS(Status))
1316  {
1317  ERR("GetNtAuthorityDomainSid() failed (Status 0x%08lx)\n", Status);
1318  return Status;
1319  }
1320 
1321  if (RtlEqualUnicodeString(&LogonInfo->UserName, &LocalServiceU, TRUE))
1322  {
1323  TRACE("SpecialAccount: LocalService\n");
1324 
1325  if (LogonType != Service)
1326  return STATUS_LOGON_FAILURE;
1327 
1328  UserInfo = RtlAllocateHeap(RtlGetProcessHeap(),
1330  sizeof(SAMPR_USER_ALL_INFORMATION));
1331  if (UserInfo == NULL)
1332  {
1334  goto done;
1335  }
1336 
1339  }
1340  else if (RtlEqualUnicodeString(&LogonInfo->UserName, &NetworkServiceU, TRUE))
1341  {
1342  TRACE("SpecialAccount: NetworkService\n");
1343 
1344  if (LogonType != Service)
1345  return STATUS_LOGON_FAILURE;
1346 
1347  UserInfo = RtlAllocateHeap(RtlGetProcessHeap(),
1349  sizeof(SAMPR_USER_ALL_INFORMATION));
1350  if (UserInfo == NULL)
1351  {
1353  goto done;
1354  }
1355 
1358  }
1359  else
1360  {
1362  goto done;
1363  }
1364  }
1365  else
1366  {
1367  TRACE("NormalAccount\n");
1368 
1369  /* Get the account domain SID */
1371  if (!NT_SUCCESS(Status))
1372  {
1373  ERR("GetAccountDomainSid() failed (Status 0x%08lx)\n", Status);
1374  return Status;
1375  }
1376 
1377  /* Connect to the SAM server */
1379  &ServerHandle,
1381  TRUE);
1382  if (!NT_SUCCESS(Status))
1383  {
1384  TRACE("SamIConnect() failed (Status 0x%08lx)\n", Status);
1385  goto done;
1386  }
1387 
1388  /* Open the account domain */
1389  Status = SamrOpenDomain(ServerHandle,
1390  DOMAIN_LOOKUP,
1392  &DomainHandle);
1393  if (!NT_SUCCESS(Status))
1394  {
1395  ERR("SamrOpenDomain failed (Status %08lx)\n", Status);
1396  goto done;
1397  }
1398 
1399  Names[0].Length = LogonInfo->UserName.Length;
1400  Names[0].MaximumLength = LogonInfo->UserName.MaximumLength;
1401  Names[0].Buffer = LogonInfo->UserName.Buffer;
1402 
1403  /* Try to get the RID for the user name */
1404  Status = SamrLookupNamesInDomain(DomainHandle,
1405  1,
1406  Names,
1407  &RelativeIds,
1408  &Use);
1409  if (!NT_SUCCESS(Status))
1410  {
1411  ERR("SamrLookupNamesInDomain failed (Status %08lx)\n", Status);
1413  goto done;
1414  }
1415 
1416  /* Fail, if it is not a user account */
1417  if (Use.Element[0] != SidTypeUser)
1418  {
1419  ERR("Account is not a user account!\n");
1421  goto done;
1422  }
1423 
1424  /* Open the user object */
1425  Status = SamrOpenUser(DomainHandle,
1428  RelativeIds.Element[0],
1429  &UserHandle);
1430  if (!NT_SUCCESS(Status))
1431  {
1432  ERR("SamrOpenUser failed (Status %08lx)\n", Status);
1433  goto done;
1434  }
1435 
1436  Status = SamrQueryInformationUser(UserHandle,
1438  &UserInfo);
1439  if (!NT_SUCCESS(Status))
1440  {
1441  ERR("SamrQueryInformationUser failed (Status %08lx)\n", Status);
1442  goto done;
1443  }
1444 
1445  TRACE("UserName: %S\n", UserInfo->All.UserName.Buffer);
1446 
1447  /* Check the password */
1448  if ((UserInfo->All.UserAccountControl & USER_PASSWORD_NOT_REQUIRED) == 0)
1449  {
1450  Status = MsvpCheckPassword(&LogonInfo->Password,
1451  UserInfo);
1452  if (!NT_SUCCESS(Status))
1453  {
1454  ERR("MsvpCheckPassword failed (Status %08lx)\n", Status);
1455  goto done;
1456  }
1457  }
1458 
1459  /* Check account restrictions for non-administrator accounts */
1460  if (RelativeIds.Element[0] != DOMAIN_USER_RID_ADMIN)
1461  {
1462  /* Check if the account has been disabled */
1464  {
1465  ERR("Account disabled!\n");
1468  goto done;
1469  }
1470 
1471  /* Check if the account has been locked */
1473  {
1474  ERR("Account locked!\n");
1477  goto done;
1478  }
1479 
1480  /* Check if the account expired */
1481  AccountExpires.LowPart = UserInfo->All.AccountExpires.LowPart;
1482  AccountExpires.HighPart = UserInfo->All.AccountExpires.HighPart;
1483  if (LogonTime.QuadPart >= AccountExpires.QuadPart)
1484  {
1485  ERR("Account expired!\n");
1488  goto done;
1489  }
1490 
1491  /* Check if the password expired */
1492  PasswordMustChange.LowPart = UserInfo->All.PasswordMustChange.LowPart;
1493  PasswordMustChange.HighPart = UserInfo->All.PasswordMustChange.HighPart;
1494  PasswordLastSet.LowPart = UserInfo->All.PasswordLastSet.LowPart;
1495  PasswordLastSet.HighPart = UserInfo->All.PasswordLastSet.HighPart;
1496 
1497  if (LogonTime.QuadPart >= PasswordMustChange.QuadPart)
1498  {
1499  ERR("Password expired!\n");
1500  if (PasswordLastSet.QuadPart == 0)
1502  else
1504 
1506  goto done;
1507  }
1508 
1509  /* Check logon hours */
1510  if (!MsvpCheckLogonHours(&UserInfo->All.LogonHours, &LogonTime))
1511  {
1512  ERR("Invalid logon hours!\n");
1515  goto done;
1516  }
1517 
1518  /* Check workstations */
1519  if (!MsvpCheckWorkstations(&UserInfo->All.WorkStations, ComputerName))
1520  {
1521  ERR("Invalid workstation!\n");
1524  goto done;
1525  }
1526  }
1527  }
1528 
1529  /* Return logon information */
1530 
1531  /* Create and return a new logon id */
1533  if (!NT_SUCCESS(Status))
1534  {
1535  TRACE("NtAllocateLocallyUniqueId failed (Status %08lx)\n", Status);
1536  goto done;
1537  }
1538 
1539  /* Create the logon session */
1541  if (!NT_SUCCESS(Status))
1542  {
1543  TRACE("CreateLogonSession failed (Status %08lx)\n", Status);
1544  goto done;
1545  }
1546 
1547  SessionCreated = TRUE;
1548 
1549  /* Build and fill the interactive profile buffer */
1550  Status = BuildInteractiveProfileBuffer(ClientRequest,
1551  UserInfo,
1552  ComputerName,
1554  ProfileBufferSize);
1555  if (!NT_SUCCESS(Status))
1556  {
1557  TRACE("BuildInteractiveProfileBuffer failed (Status %08lx)\n", Status);
1558  goto done;
1559  }
1560 
1561  /* Return the token information type */
1562  *TokenInformationType = LsaTokenInformationV1;
1563 
1564  /* Build and fill the token information buffer */
1567  UserInfo,
1568  SpecialAccount);
1569  if (!NT_SUCCESS(Status))
1570  {
1571  TRACE("BuildTokenInformationBuffer failed (Status %08lx)\n", Status);
1572  goto done;
1573  }
1574 
1575 done:
1576  /* Update the logon time/count or the bad password time/count */
1577  if ((UserHandle != NULL) &&
1579  {
1580  SAMPR_USER_INFO_BUFFER InternalInfo;
1581 
1582  RtlZeroMemory(&InternalInfo, sizeof(InternalInfo));
1583 
1584  if (Status == STATUS_SUCCESS)
1585  InternalInfo.Internal2.Flags = USER_LOGON_SUCCESS;
1586  else
1587  InternalInfo.Internal2.Flags = USER_LOGON_BAD_PASSWORD;
1588 
1589  SamrSetInformationUser(UserHandle,
1591  &InternalInfo);
1592  }
1593 
1594  /* Return the account name */
1595  *AccountName = DispatchTable.AllocateLsaHeap(sizeof(UNICODE_STRING));
1596  if (*AccountName != NULL)
1597  {
1598  (*AccountName)->Buffer = DispatchTable.AllocateLsaHeap(LogonInfo->UserName.Length +
1599  sizeof(UNICODE_NULL));
1600  if ((*AccountName)->Buffer != NULL)
1601  {
1602  (*AccountName)->MaximumLength = LogonInfo->UserName.Length +
1603  sizeof(UNICODE_NULL);
1604  RtlCopyUnicodeString(*AccountName, &LogonInfo->UserName);
1605  }
1606  }
1607 
1608  /* Return the authenticating authority */
1609  *AuthenticatingAuthority = DispatchTable.AllocateLsaHeap(sizeof(UNICODE_STRING));
1610  if (*AuthenticatingAuthority != NULL)
1611  {
1612  (*AuthenticatingAuthority)->Buffer = DispatchTable.AllocateLsaHeap(LogonInfo->LogonDomainName.Length +
1613  sizeof(UNICODE_NULL));
1614  if ((*AuthenticatingAuthority)->Buffer != NULL)
1615  {
1616  (*AuthenticatingAuthority)->MaximumLength = LogonInfo->LogonDomainName.Length +
1617  sizeof(UNICODE_NULL);
1618  RtlCopyUnicodeString(*AuthenticatingAuthority, &LogonInfo->LogonDomainName);
1619  }
1620  }
1621 
1622  /* Return the machine name */
1624  if (*MachineName != NULL)
1625  {
1626  (*MachineName)->Buffer = DispatchTable.AllocateLsaHeap((ComputerNameSize + 1) * sizeof(WCHAR));
1627  if ((*MachineName)->Buffer != NULL)
1628  {
1629  (*MachineName)->MaximumLength = (ComputerNameSize + 1) * sizeof(WCHAR);
1630  (*MachineName)->Length = ComputerNameSize * sizeof(WCHAR);
1631  RtlCopyMemory((*MachineName)->Buffer, ComputerName, (*MachineName)->MaximumLength);
1632  }
1633  }
1634 
1635  if (!NT_SUCCESS(Status))
1636  {
1637  if (SessionCreated != FALSE)
1639 
1640  if (*ProfileBuffer != NULL)
1641  {
1642  DispatchTable.FreeClientBuffer(ClientRequest,
1643  *ProfileBuffer);
1644  *ProfileBuffer = NULL;
1645  }
1646  }
1647 
1648  if (UserHandle != NULL)
1649  SamrCloseHandle(&UserHandle);
1650 
1653  SamIFree_SAMPR_ULONG_ARRAY(&RelativeIds);
1655 
1656  if (DomainHandle != NULL)
1657  SamrCloseHandle(&DomainHandle);
1658 
1659  if (ServerHandle != NULL)
1660  SamrCloseHandle(&ServerHandle);
1661 
1662  if (AccountDomainSid != NULL)
1663  RtlFreeHeap(RtlGetProcessHeap(), 0, AccountDomainSid);
1664 
1665  if (Status == STATUS_NO_SUCH_USER ||
1667  {
1668  *SubStatus = Status;
1670  }
1671 
1672  TRACE("LsaApLogonUserEx2 done (Status 0x%08lx, SubStatus 0x%08lx)\n", Status, *SubStatus);
1673 
1674  return Status;
1675 }
PLSA_FREE_CLIENT_BUFFER FreeClientBuffer
Definition: authpackage.c:63
unsigned long * Element
Definition: lsasrv.h:88
#define STATUS_WRONG_PASSWORD
Definition: ntstatus.h:328
RPC_UNICODE_STRING UserName
Definition: msv1_0.h:117
#define SAM_SERVER_CONNECT
Definition: ntsam.h:99
static NTSTATUS BuildTokenInformationBuffer(PLSA_TOKEN_INFORMATION_V1 *TokenInformation, PRPC_SID AccountDomainSid, PSAMPR_USER_INFO_BUFFER UserInfo, BOOL SpecialAccount)
Definition: msv1_0.c:406
PWSTR Names[NAMES_COUNT]
static BOOL MsvpCheckWorkstations(_In_ PRPC_UNICODE_STRING WorkStations, _In_ PWSTR ComputerName)
Definition: msv1_0.c:917
#define TRUE
Definition: types.h:120
NTSYSAPI VOID NTAPI RtlCopyMemory(VOID UNALIGNED *Destination, CONST VOID UNALIGNED *Source, ULONG Length)
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
#define USER_PASSWORD_NOT_REQUIRED
Definition: ntsam.h:169
MSV1_0_LOGON_SUBMIT_TYPE MessageType
Definition: ntsecapi.h:431
NTSTATUS __stdcall SamrOpenDomain(SAMPR_HANDLE ServerHandle, ACCESS_MASK DesiredAccess, PRPC_SID DomainId, SAMPR_HANDLE *DomainHandle)
#define STATUS_NOT_IMPLEMENTED
Definition: ntstatus.h:225
USHORT MaximumLength
Definition: env_spec_w32.h:370
#define PtrOffset(BASE, OFFSET)
Definition: cdprocs.h:1557
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
static NTSTATUS GetNtAuthorityDomainSid(PRPC_SID *Sid)
Definition: msv1_0.c:74
unsigned long UserId
Definition: msv1_0.h:131
LONG NTSTATUS
Definition: precomp.h:26
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
Definition: heap.c:606
#define ARRAYSIZE(array)
Definition: filtermapper.c:47
PLSA_ALLOCATE_LSA_HEAP AllocateLsaHeap
Definition: authpackage.c:60
OLD_LARGE_INTEGER PasswordLastSet
Definition: msv1_0.h:113
_In_ DWORD _Out_ PDWORD _In_opt_ PCSTR MachineName
Definition: setupapi.h:1286
NTSTATUS NTAPI SamrLookupNamesInDomain(IN SAMPR_HANDLE DomainHandle, IN ULONG Count, IN RPC_UNICODE_STRING Names[], OUT PSAMPR_ULONG_ARRAY RelativeIds, OUT PSAMPR_ULONG_ARRAY Use)
Definition: samrpc.c:3567
#define STATUS_ACCOUNT_LOCKED_OUT
Definition: ntstatus.h:682
BOOL WINAPI GetComputerNameW(LPWSTR lpBuffer, LPDWORD lpnSize)
Definition: compname.c:443
NTSTATUS NTAPI NtAllocateLocallyUniqueId(OUT LUID *LocallyUniqueId)
Definition: uuid.c:353
UNICODE_STRING Password
Definition: ntsecapi.h:434
#define STATUS_ACCOUNT_EXPIRED
Definition: ntstatus.h:622
SAMPR_USER_ALL_INFORMATION All
Definition: msv1_0.h:172
NTSYSAPI VOID NTAPI RtlCopyUnicodeString(PUNICODE_STRING DestinationString, PUNICODE_STRING SourceString)
#define STATUS_INVALID_LOGON_HOURS
Definition: ntstatus.h:333
#define USER_ACCOUNT_DISABLED
Definition: ntsam.h:167
#define STATUS_ACCOUNT_RESTRICTION
Definition: ntstatus.h:332
uint32_t ULONG_PTR
Definition: typedefs.h:63
NTSTATUS NTAPI SamIConnect(PSAMPR_SERVER_NAME ServerName, SAMPR_HANDLE *ServerHandle, ACCESS_MASK DesiredAccess, BOOLEAN Trusted)
struct _MSV1_0_INTERACTIVE_LOGON * PMSV1_0_INTERACTIVE_LOGON
static NTSTATUS GetAccountDomainSid(PRPC_SID *Sid)
Definition: msv1_0.c:25
#define FIXUP_POINTER(Pointer, Offset)
Definition: msv1_0.h:40
#define USER_READ_GENERAL
Definition: ntsam.h:126
#define UNICODE_NULL
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE _Out_ PQUOTA_LIMITS _Out_ PNTSTATUS SubStatus
unsigned int BOOL
Definition: ntddk_ex.h:94
#define DOMAIN_USER_RID_ADMIN
Definition: setypes.h:603
PLSA_CREATE_LOGON_SESSION CreateLogonSession
Definition: authpackage.c:55
#define FIXME(fmt,...)
Definition: debug.h:110
static NTSTATUS BuildInteractiveProfileBuffer(IN PLSA_CLIENT_REQUEST ClientRequest, IN PSAMPR_USER_INFO_BUFFER UserInfo, IN PWSTR ComputerName, OUT PMSV1_0_INTERACTIVE_PROFILE *ProfileBuffer, OUT PULONG ProfileBufferLength)
Definition: msv1_0.c:95
NTSYSAPI NTSTATUS NTAPI RtlValidateUnicodeString(_In_ ULONG Flags, _In_ PCUNICODE_STRING String)
Definition: unicode.c:2544
unsigned char BOOLEAN
smooth NULL
Definition: ftsmooth.c:416
#define SAM_SERVER_LOOKUP_DOMAIN
Definition: ntsam.h:104
OLD_LARGE_INTEGER AccountExpires
Definition: msv1_0.h:114
#define SECURITY_LOCAL_SERVICE_RID
Definition: setypes.h:547
#define STATUS_NAME_TOO_LONG
Definition: ntstatus.h:484
PVOID NTAPI RtlAllocateHeap(IN PVOID HeapHandle, IN ULONG Flags, IN SIZE_T Size)
Definition: heap.c:588
#define STATUS_NO_SUCH_USER
Definition: ntstatus.h:322
#define STATUS_ACCOUNT_DISABLED
Definition: ntstatus.h:336
OLD_LARGE_INTEGER PasswordMustChange
Definition: msv1_0.h:116
UNICODE_STRING UserName
Definition: ntsecapi.h:433
#define TRACE(s)
Definition: solgame.cpp:4
#define STATUS_PASSWORD_EXPIRED
Definition: ntstatus.h:335
__wchar_t WCHAR
Definition: xmlstorage.h:180
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define USER_READ_ACCOUNT
Definition: ntsam.h:130
LSA_DISPATCH_TABLE DispatchTable
Definition: msv1_0.c:18
unsigned long DWORD
Definition: ntddk_ex.h:95
static NTSTATUS MsvpCheckPassword(PUNICODE_STRING UserPassword, PSAMPR_USER_INFO_BUFFER UserInfo)
Definition: msv1_0.c:789
SAMPR_LOGON_HOURS LogonHours
Definition: msv1_0.h:135
PLSA_DELETE_LOGON_SESSION DeleteLogonSession
Definition: authpackage.c:56
#define USER_LOGON_SUCCESS
Definition: msv1_0.h:98
unsigned long PrimaryGroupId
Definition: msv1_0.h:132
#define USER_LOGON_BAD_PASSWORD
Definition: msv1_0.h:97
#define STATUS_BAD_VALIDATION_CLASS
Definition: ntstatus.h:389
static const WCHAR L[]
Definition: oid.c:1250
#define USER_ACCOUNT_AUTO_LOCKED
Definition: ntsam.h:177
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID * ProfileBuffer
ULONG LowPart
Definition: typedefs.h:104
#define SECURITY_NETWORK_SERVICE_RID
Definition: setypes.h:548
VOID NTAPI SamIFree_SAMPR_USER_INFO_BUFFER(PSAMPR_USER_INFO_BUFFER Ptr, USER_INFORMATION_CLASS InformationClass)
Definition: samsrv.c:531
Status
Definition: gdiplustypes.h:24
#define ERR(fmt,...)
Definition: debug.h:109
#define MAX_COMPUTERNAME_LENGTH
Definition: winbase.h:240
VOID NTAPI SamIFree_SAMPR_ULONG_ARRAY(PSAMPR_ULONG_ARRAY Ptr)
Definition: samsrv.c:515
#define STATUS_INVALID_WORKSTATION
Definition: ntstatus.h:334
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE LogonType
#define STATUS_PASSWORD_MUST_CHANGE
Definition: ntstatus.h:666
unsigned long UserAccountControl
Definition: msv1_0.h:133
unsigned long LowPart
Definition: msv1_0.h:63
NTSTATUS NTAPI SamrSetInformationUser(IN SAMPR_HANDLE UserHandle, IN USER_INFORMATION_CLASS UserInformationClass, IN PSAMPR_USER_INFO_BUFFER Buffer)
Definition: samrpc.c:8128
NTSTATUS __stdcall SamrCloseHandle(SAMPR_HANDLE *SamHandle)
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID LogonId
#define HEAP_ZERO_MEMORY
Definition: compat.h:123
NTSTATUS NTAPI SamrOpenUser(IN SAMPR_HANDLE DomainHandle, IN ACCESS_MASK DesiredAccess, IN ULONG UserId, OUT SAMPR_HANDLE *UserHandle)
#define USER_READ_PREFERENCES
Definition: ntsam.h:127
#define DOMAIN_LOOKUP
Definition: ntsam.h:42
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:261
SAMPR_USER_INTERNAL2_INFORMATION Internal2
Definition: msv1_0.h:168
#define ULONG_PTR
Definition: config.h:101
NTSTATUS NTAPI NtQuerySystemTime(OUT PLARGE_INTEGER SystemTime)
Definition: time.c:417
PSID AccountDomainSid
Definition: database.c:22
NTSTATUS NTAPI SamrQueryInformationUser(IN SAMPR_HANDLE UserHandle, IN USER_INFORMATION_CLASS UserInformationClass, OUT PSAMPR_USER_INFO_BUFFER *Buffer)
Definition: samrpc.c:7337
return STATUS_SUCCESS
Definition: btrfs.c:2938
static BOOL MsvpCheckLogonHours(_In_ PSAMPR_LOGON_HOURS LogonHours, _In_ PLARGE_INTEGER LogonTime)
Definition: msv1_0.c:879
NTSYSAPI BOOLEAN NTAPI RtlEqualUnicodeString(PUNICODE_STRING String1, PUNICODE_STRING String2, BOOLEAN CaseInSensitive)
#define USER_READ_LOGON
Definition: ntsam.h:129
#define STATUS_LOGON_FAILURE
Definition: ntstatus.h:331
RPC_UNICODE_STRING WorkStations
Definition: msv1_0.h:124
LONGLONG QuadPart
Definition: typedefs.h:112
UNICODE_STRING LogonDomainName
Definition: ntsecapi.h:432
wchar_t * Buffer
Definition: msv1_0.h:55
#define RTL_CONSTANT_STRING(s)
Definition: tunneltest.c:14

Referenced by SpLsaModeInitialize().

◆ MsvpChangePassword()

static NTSTATUS MsvpChangePassword ( IN PLSA_CLIENT_REQUEST  ClientRequest,
IN PVOID  ProtocolSubmitBuffer,
IN PVOID  ClientBufferBase,
IN ULONG  SubmitBufferLength,
OUT PVOID ProtocolReturnBuffer,
OUT PULONG  ReturnBufferLength,
OUT PNTSTATUS  ProtocolStatus 
)
static

Definition at line 491 of file msv1_0.c.

498 {
500  PMSV1_0_CHANGEPASSWORD_REQUEST RequestBuffer;
502 
503  SAMPR_HANDLE ServerHandle = NULL;
504  SAMPR_HANDLE DomainHandle = NULL;
505  SAMPR_HANDLE UserHandle = NULL;
506  PRPC_SID DomainSid = NULL;
508  SAMPR_ULONG_ARRAY RelativeIds = {0, NULL};
509  SAMPR_ULONG_ARRAY Use = {0, NULL};
510 
511  ENCRYPTED_NT_OWF_PASSWORD OldNtPassword;
512  ENCRYPTED_NT_OWF_PASSWORD NewNtPassword;
513  ENCRYPTED_LM_OWF_PASSWORD OldLmPassword;
514  ENCRYPTED_LM_OWF_PASSWORD NewLmPassword;
515  OEM_STRING LmPwdString;
516  CHAR LmPwdBuffer[15];
517  BOOLEAN OldLmPasswordPresent = FALSE;
518  BOOLEAN NewLmPasswordPresent = FALSE;
519 
520  ENCRYPTED_LM_OWF_PASSWORD OldLmEncryptedWithNewLm;
521  ENCRYPTED_LM_OWF_PASSWORD NewLmEncryptedWithOldLm;
522  ENCRYPTED_LM_OWF_PASSWORD OldNtEncryptedWithNewNt;
523  ENCRYPTED_LM_OWF_PASSWORD NewNtEncryptedWithOldNt;
524  PENCRYPTED_LM_OWF_PASSWORD pOldLmEncryptedWithNewLm = NULL;
525  PENCRYPTED_LM_OWF_PASSWORD pNewLmEncryptedWithOldLm = NULL;
526 
527  TRACE("MsvpChangePassword()\n");
528 
529  /* Parameters validation */
530 
531  if (SubmitBufferLength < sizeof(MSV1_0_CHANGEPASSWORD_REQUEST))
532  {
533  ERR("Invalid SubmitBufferLength %lu\n", SubmitBufferLength);
535  }
536 
537  RequestBuffer = (PMSV1_0_CHANGEPASSWORD_REQUEST)ProtocolSubmitBuffer;
538 
539  /* Fix-up pointers in the request buffer info */
540  PtrOffset = (ULONG_PTR)ProtocolSubmitBuffer - (ULONG_PTR)ClientBufferBase;
541 
542  Status = RtlValidateUnicodeString(0, &RequestBuffer->DomainName);
543  if (!NT_SUCCESS(Status))
545  // TODO: Check for Buffer limits wrt. ClientBufferBase and alignment.
546  RequestBuffer->DomainName.Buffer = FIXUP_POINTER(RequestBuffer->DomainName.Buffer, PtrOffset);
547  RequestBuffer->DomainName.MaximumLength = RequestBuffer->DomainName.Length;
548 
549  Status = RtlValidateUnicodeString(0, &RequestBuffer->AccountName);
550  if (!NT_SUCCESS(Status))
552  // TODO: Check for Buffer limits wrt. ClientBufferBase and alignment.
553  RequestBuffer->AccountName.Buffer = FIXUP_POINTER(RequestBuffer->AccountName.Buffer, PtrOffset);
554  RequestBuffer->AccountName.MaximumLength = RequestBuffer->AccountName.Length;
555 
556  Status = RtlValidateUnicodeString(0, &RequestBuffer->OldPassword);
557  if (!NT_SUCCESS(Status))
559  // TODO: Check for Buffer limits wrt. ClientBufferBase and alignment.
560  RequestBuffer->OldPassword.Buffer = FIXUP_POINTER(RequestBuffer->OldPassword.Buffer, PtrOffset);
561  RequestBuffer->OldPassword.MaximumLength = RequestBuffer->OldPassword.Length;
562 
563  Status = RtlValidateUnicodeString(0, &RequestBuffer->NewPassword);
564  if (!NT_SUCCESS(Status))
566  // TODO: Check for Buffer limits wrt. ClientBufferBase and alignment.
567  RequestBuffer->NewPassword.Buffer = FIXUP_POINTER(RequestBuffer->NewPassword.Buffer, PtrOffset);
568  RequestBuffer->NewPassword.MaximumLength = RequestBuffer->NewPassword.Length;
569 
570  TRACE("Domain: %S\n", RequestBuffer->DomainName.Buffer);
571  TRACE("Account: %S\n", RequestBuffer->AccountName.Buffer);
572  TRACE("Old Password: %S\n", RequestBuffer->OldPassword.Buffer);
573  TRACE("New Password: %S\n", RequestBuffer->NewPassword.Buffer);
574 
575  /* Connect to the SAM server */
577  &ServerHandle,
579  TRUE);
580  if (!NT_SUCCESS(Status))
581  {
582  TRACE("SamIConnect() failed (Status 0x%08lx)\n", Status);
583  goto done;
584  }
585 
586  /* Get the domain SID */
587  Status = SamrLookupDomainInSamServer(ServerHandle,
588  (PRPC_UNICODE_STRING)&RequestBuffer->DomainName,
589  &DomainSid);
590  if (!NT_SUCCESS(Status))
591  {
592  TRACE("SamrLookupDomainInSamServer failed (Status %08lx)\n", Status);
593  goto done;
594  }
595 
596  /* Open the domain */
597  Status = SamrOpenDomain(ServerHandle,
599  DomainSid,
600  &DomainHandle);
601  if (!NT_SUCCESS(Status))
602  {
603  TRACE("SamrOpenDomain failed (Status %08lx)\n", Status);
604  goto done;
605  }
606 
607  Names[0].Length = RequestBuffer->AccountName.Length;
608  Names[0].MaximumLength = RequestBuffer->AccountName.MaximumLength;
609  Names[0].Buffer = RequestBuffer->AccountName.Buffer;
610 
611  /* Try to get the RID for the user name */
612  Status = SamrLookupNamesInDomain(DomainHandle,
613  1,
614  Names,
615  &RelativeIds,
616  &Use);
617  if (!NT_SUCCESS(Status))
618  {
619  TRACE("SamrLookupNamesInDomain failed (Status %08lx)\n", Status);
621  goto done;
622  }
623 
624  /* Fail, if it is not a user account */
625  if (Use.Element[0] != SidTypeUser)
626  {
627  TRACE("Account is not a user account!\n");
629  goto done;
630  }
631 
632  /* Open the user object */
633  Status = SamrOpenUser(DomainHandle,
635  RelativeIds.Element[0],
636  &UserHandle);
637  if (!NT_SUCCESS(Status))
638  {
639  TRACE("SamrOpenUser failed (Status %08lx)\n", Status);
640  goto done;
641  }
642 
643 
644  /* Calculate the NT hash for the old password */
645  Status = SystemFunction007(&RequestBuffer->OldPassword,
646  (LPBYTE)&OldNtPassword);
647  if (!NT_SUCCESS(Status))
648  {
649  TRACE("SystemFunction007 failed (Status 0x%08lx)\n", Status);
650  goto done;
651  }
652 
653  /* Calculate the NT hash for the new password */
654  Status = SystemFunction007(&RequestBuffer->NewPassword,
655  (LPBYTE)&NewNtPassword);
656  if (!NT_SUCCESS(Status))
657  {
658  TRACE("SystemFunction007 failed (Status 0x%08lx)\n", Status);
659  goto done;
660  }
661 
662  /* Calculate the LM password and hash for the old password */
663  LmPwdString.Length = 15;
664  LmPwdString.MaximumLength = 15;
665  LmPwdString.Buffer = LmPwdBuffer;
666  ZeroMemory(LmPwdString.Buffer, LmPwdString.MaximumLength);
667 
669  &RequestBuffer->OldPassword,
670  FALSE);
671  if (NT_SUCCESS(Status))
672  {
673  /* Calculate the LM hash value of the password */
674  Status = SystemFunction006(LmPwdString.Buffer,
675  (LPSTR)&OldLmPassword);
676  if (NT_SUCCESS(Status))
677  {
678  OldLmPasswordPresent = TRUE;
679  }
680  }
681 
682  /* Calculate the LM password and hash for the new password */
683  LmPwdString.Length = 15;
684  LmPwdString.MaximumLength = 15;
685  LmPwdString.Buffer = LmPwdBuffer;
686  ZeroMemory(LmPwdString.Buffer, LmPwdString.MaximumLength);
687 
689  &RequestBuffer->NewPassword,
690  FALSE);
691  if (NT_SUCCESS(Status))
692  {
693  /* Calculate the LM hash value of the password */
694  Status = SystemFunction006(LmPwdString.Buffer,
695  (LPSTR)&NewLmPassword);
696  if (NT_SUCCESS(Status))
697  {
698  NewLmPasswordPresent = TRUE;
699  }
700  }
701 
702  /* Encrypt the old and new LM passwords, if they exist */
703  if (OldLmPasswordPresent && NewLmPasswordPresent)
704  {
705  /* Encrypt the old LM password */
706  Status = SystemFunction012((const BYTE *)&OldLmPassword,
707  (const BYTE *)&NewLmPassword,
708  (LPBYTE)&OldLmEncryptedWithNewLm);
709  if (!NT_SUCCESS(Status))
710  {
711  TRACE("SystemFunction012 failed (Status 0x%08lx)\n", Status);
712  goto done;
713  }
714 
715  /* Encrypt the new LM password */
716  Status = SystemFunction012((const BYTE *)&NewLmPassword,
717  (const BYTE *)&OldLmPassword,
718  (LPBYTE)&NewLmEncryptedWithOldLm);
719  if (!NT_SUCCESS(Status))
720  {
721  TRACE("SystemFunction012 failed (Status 0x%08lx)\n", Status);
722  goto done;
723  }
724 
725  pOldLmEncryptedWithNewLm = &OldLmEncryptedWithNewLm;
726  pNewLmEncryptedWithOldLm = &NewLmEncryptedWithOldLm;
727  }
728 
729  /* Encrypt the old NT password */
730  Status = SystemFunction012((const BYTE *)&OldNtPassword,
731  (const BYTE *)&NewNtPassword,
732  (LPBYTE)&OldNtEncryptedWithNewNt);
733  if (!NT_SUCCESS(Status))
734  {
735  TRACE("SystemFunction012 failed (Status 0x%08lx)\n", Status);
736  goto done;
737  }
738 
739  /* Encrypt the new NT password */
740  Status = SystemFunction012((const BYTE *)&NewNtPassword,
741  (const BYTE *)&OldNtPassword,
742  (LPBYTE)&NewNtEncryptedWithOldNt);
743  if (!NT_SUCCESS(Status))
744  {
745  TRACE("SystemFunction012 failed (Status 0x%08lx)\n", Status);
746  goto done;
747  }
748 
749  /* Change the password */
750  Status = SamrChangePasswordUser(UserHandle,
751  OldLmPasswordPresent && NewLmPasswordPresent,
752  pOldLmEncryptedWithNewLm,
753  pNewLmEncryptedWithOldLm,
754  TRUE,
755  &OldNtEncryptedWithNewNt,
756  &NewNtEncryptedWithOldNt,
757  FALSE,
758  NULL,
759  FALSE,
760  NULL);
761  if (!NT_SUCCESS(Status))
762  {
763  TRACE("SamrChangePasswordUser failed (Status %08lx)\n", Status);
764  goto done;
765  }
766 
767 done:
768  if (UserHandle != NULL)
769  SamrCloseHandle(&UserHandle);
770 
771  SamIFree_SAMPR_ULONG_ARRAY(&RelativeIds);
773 
774  if (DomainHandle != NULL)
775  SamrCloseHandle(&DomainHandle);
776 
777  if (DomainSid != NULL)
778  SamIFreeVoid(DomainSid);
779 
780  if (ServerHandle != NULL)
781  SamrCloseHandle(&ServerHandle);
782 
783  return Status;
784 }
unsigned long * Element
Definition: lsasrv.h:88
struct _MSV1_0_CHANGEPASSWORD_REQUEST * PMSV1_0_CHANGEPASSWORD_REQUEST
#define SAM_SERVER_CONNECT
Definition: ntsam.h:99
PWSTR Names[NAMES_COUNT]
#define TRUE
Definition: types.h:120
NTSTATUS __stdcall SamrOpenDomain(SAMPR_HANDLE ServerHandle, ACCESS_MASK DesiredAccess, PRPC_SID DomainId, SAMPR_HANDLE *DomainHandle)
USHORT MaximumLength
Definition: env_spec_w32.h:370
#define PtrOffset(BASE, OFFSET)
Definition: cdprocs.h:1557
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
char CHAR
Definition: xmlstorage.h:175
LONG NTSTATUS
Definition: precomp.h:26
#define ZeroMemory
Definition: winbase.h:1642
NTSTATUS NTAPI SamrLookupNamesInDomain(IN SAMPR_HANDLE DomainHandle, IN ULONG Count, IN RPC_UNICODE_STRING Names[], OUT PSAMPR_ULONG_ARRAY RelativeIds, OUT PSAMPR_ULONG_ARRAY Use)
Definition: samrpc.c:3567
NTSTATUS NTAPI SamrChangePasswordUser(IN SAMPR_HANDLE UserHandle, IN unsigned char LmPresent, IN PENCRYPTED_LM_OWF_PASSWORD OldLmEncryptedWithNewLm, IN PENCRYPTED_LM_OWF_PASSWORD NewLmEncryptedWithOldLm, IN unsigned char NtPresent, IN PENCRYPTED_NT_OWF_PASSWORD OldNtEncryptedWithNewNt, IN PENCRYPTED_NT_OWF_PASSWORD NewNtEncryptedWithOldNt, IN unsigned char NtCrossEncryptionPresent, IN PENCRYPTED_NT_OWF_PASSWORD NewNtEncryptedWithNewLm, IN unsigned char LmCrossEncryptionPresent, IN PENCRYPTED_LM_OWF_PASSWORD NewLmEncryptedWithNewNt)
Definition: samrpc.c:8333
NTSTATUS WINAPI SystemFunction006(LPCSTR password, LPSTR hash)
Definition: crypt_lmhash.c:53
STRING OEM_STRING
Definition: umtypes.h:203
char * LPSTR
Definition: xmlstorage.h:182
NTSTATUS NTAPI SamrLookupDomainInSamServer(IN SAMPR_HANDLE ServerHandle, IN PRPC_UNICODE_STRING Name, OUT PRPC_SID *DomainId)
Definition: samrpc.c:497
UNICODE_STRING AccountName
Definition: ntsecapi.h:510
uint32_t ULONG_PTR
Definition: typedefs.h:63
NTSTATUS NTAPI SamIConnect(PSAMPR_SERVER_NAME ServerName, SAMPR_HANDLE *ServerHandle, ACCESS_MASK DesiredAccess, BOOLEAN Trusted)
VOID NTAPI SamIFreeVoid(PVOID Ptr)
Definition: samsrv.c:146
#define FIXUP_POINTER(Pointer, Offset)
Definition: msv1_0.h:40
unsigned char * LPBYTE
Definition: typedefs.h:52
NTSTATUS WINAPI SystemFunction012(const BYTE *in, const BYTE *key, LPBYTE out)
Definition: sysfunc.c:353
NTSYSAPI NTSTATUS NTAPI RtlUpcaseUnicodeStringToOemString(POEM_STRING DestinationString, PCUNICODE_STRING SourceString, BOOLEAN AllocateDestinationString)
NTSYSAPI NTSTATUS NTAPI RtlValidateUnicodeString(_In_ ULONG Flags, _In_ PCUNICODE_STRING String)
Definition: unicode.c:2544
unsigned char BOOLEAN
smooth NULL
Definition: ftsmooth.c:416
#define SAM_SERVER_LOOKUP_DOMAIN
Definition: ntsam.h:104
#define STATUS_NO_SUCH_USER
Definition: ntstatus.h:322
#define TRACE(s)
Definition: solgame.cpp:4
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
NTSTATUS WINAPI SystemFunction007(const UNICODE_STRING *string, LPBYTE hash)
Definition: sysfunc.c:245
UNICODE_STRING NewPassword
Definition: ntsecapi.h:512
unsigned char BYTE
Definition: mem.h:68
Status
Definition: gdiplustypes.h:24
#define ERR(fmt,...)
Definition: debug.h:109
VOID NTAPI SamIFree_SAMPR_ULONG_ARRAY(PSAMPR_ULONG_ARRAY Ptr)
Definition: samsrv.c:515
NTSTATUS __stdcall SamrCloseHandle(SAMPR_HANDLE *SamHandle)
NTSTATUS NTAPI SamrOpenUser(IN SAMPR_HANDLE DomainHandle, IN ACCESS_MASK DesiredAccess, IN ULONG UserId, OUT SAMPR_HANDLE *UserHandle)
UNICODE_STRING OldPassword
Definition: ntsecapi.h:511
#define DOMAIN_LOOKUP
Definition: ntsam.h:42
#define ULONG_PTR
Definition: config.h:101
#define USER_CHANGE_PASSWORD
Definition: ntsam.h:132

Referenced by LsaApCallPackage(), and LsaApCallPackageUntrusted().

◆ MsvpCheckLogonHours()

static BOOL MsvpCheckLogonHours ( _In_ PSAMPR_LOGON_HOURS  LogonHours,
_In_ PLARGE_INTEGER  LogonTime 
)
static

Definition at line 879 of file msv1_0.c.

882 {
883 #if 0
884  LARGE_INTEGER LocalLogonTime;
886  USHORT MinutesPerUnit, Offset;
887  BOOL bFound;
888 
889  FIXME("MsvpCheckLogonHours(%p %p)\n", LogonHours, LogonTime);
890 
891  if (LogonHours->UnitsPerWeek == 0 || LogonHours->LogonHours == NULL)
892  {
893  FIXME("No logon hours!\n");
894  return TRUE;
895  }
896 
897  RtlSystemTimeToLocalTime(LogonTime, &LocalLogonTime);
898  RtlTimeToTimeFields(&LocalLogonTime, &TimeFields);
899 
900  FIXME("UnitsPerWeek: %u\n", LogonHours->UnitsPerWeek);
901  MinutesPerUnit = 10080 / LogonHours->UnitsPerWeek;
902 
903  Offset = ((TimeFields.Weekday * 24 + TimeFields.Hour) * 60 + TimeFields.Minute) / MinutesPerUnit;
904  FIXME("Offset: %us\n", Offset);
905 
906  bFound = (BOOL)(LogonHours->LogonHours[Offset / 8] & (1 << (Offset % 8)));
907  FIXME("Logon permitted: %s\n", bFound ? "Yes" : "No");
908 
909  return bFound;
910 #endif
911  return TRUE;
912 }
USHORT Weekday
Definition: env_spec_w32.h:718
#define TRUE
Definition: types.h:120
#define BOOL
Definition: nt_native.h:43
_In_ ULONG _In_ ULONG Offset
Definition: ntddpcm.h:101
unsigned int BOOL
Definition: ntddk_ex.h:94
#define FIXME(fmt,...)
Definition: debug.h:110
smooth NULL
Definition: ftsmooth.c:416
NTSYSAPI NTSTATUS NTAPI RtlSystemTimeToLocalTime(_In_ PLARGE_INTEGER SystemTime, _Out_ PLARGE_INTEGER LocalTime)
BOOLEAN RtlTimeToTimeFields(IN PLARGE_INTEGER Time, IN PTIME_FIELDS TimeFields)
unsigned short USHORT
Definition: pedump.c:61
static PTIME_FIELDS TimeFields
Definition: time.c:104

Referenced by LsaApLogonUserEx2().

◆ MsvpCheckPassword()

static NTSTATUS MsvpCheckPassword ( PUNICODE_STRING  UserPassword,
PSAMPR_USER_INFO_BUFFER  UserInfo 
)
static

Definition at line 789 of file msv1_0.c.

791 {
792  ENCRYPTED_NT_OWF_PASSWORD UserNtPassword;
793  ENCRYPTED_LM_OWF_PASSWORD UserLmPassword;
794  BOOLEAN UserLmPasswordPresent = FALSE;
795  BOOLEAN UserNtPasswordPresent = FALSE;
796  OEM_STRING LmPwdString;
797  CHAR LmPwdBuffer[15];
799 
800  TRACE("(%p %p)\n", UserPassword, UserInfo);
801 
802  /* Calculate the LM password and hash for the users password */
803  LmPwdString.Length = 15;
804  LmPwdString.MaximumLength = 15;
805  LmPwdString.Buffer = LmPwdBuffer;
806  ZeroMemory(LmPwdString.Buffer, LmPwdString.MaximumLength);
807 
809  UserPassword,
810  FALSE);
811  if (NT_SUCCESS(Status))
812  {
813  /* Calculate the LM hash value of the users password */
814  Status = SystemFunction006(LmPwdString.Buffer,
815  (LPSTR)&UserLmPassword);
816  if (NT_SUCCESS(Status))
817  {
818  UserLmPasswordPresent = TRUE;
819  }
820  }
821 
822  /* Calculate the NT hash of the users password */
823  Status = SystemFunction007(UserPassword,
824  (LPBYTE)&UserNtPassword);
825  if (NT_SUCCESS(Status))
826  {
827  UserNtPasswordPresent = TRUE;
828  }
829 
831 
832  /* Succeed, if no password has been set */
833  if (UserInfo->All.NtPasswordPresent == FALSE &&
834  UserInfo->All.LmPasswordPresent == FALSE)
835  {
836  TRACE("No password check!\n");
838  goto done;
839  }
840 
841  /* Succeed, if NT password matches */
842  if (UserNtPasswordPresent && UserInfo->All.NtPasswordPresent)
843  {
844  TRACE("Check NT password hashes:\n");
845  if (RtlEqualMemory(&UserNtPassword,
846  UserInfo->All.NtOwfPassword.Buffer,
847  sizeof(ENCRYPTED_NT_OWF_PASSWORD)))
848  {
849  TRACE(" success!\n");
851  goto done;
852  }
853 
854  TRACE(" failed!\n");
855  }
856 
857  /* Succeed, if LM password matches */
858  if (UserLmPasswordPresent && UserInfo->All.LmPasswordPresent)
859  {
860  TRACE("Check LM password hashes:\n");
861  if (RtlEqualMemory(&UserLmPassword,
862  UserInfo->All.LmOwfPassword.Buffer,
863  sizeof(ENCRYPTED_LM_OWF_PASSWORD)))
864  {
865  TRACE(" success!\n");
867  goto done;
868  }
869  TRACE(" failed!\n");
870  }
871 
872 done:
873  return Status;
874 }
RPC_SHORT_BLOB LmOwfPassword
Definition: msv1_0.h:127
#define STATUS_WRONG_PASSWORD
Definition: ntstatus.h:328
#define TRUE
Definition: types.h:120
char CHAR
Definition: xmlstorage.h:175
LONG NTSTATUS
Definition: precomp.h:26
#define ZeroMemory
Definition: winbase.h:1642
unsigned short * Buffer
Definition: msv1_0.h:71
NTSTATUS WINAPI SystemFunction006(LPCSTR password, LPSTR hash)
Definition: crypt_lmhash.c:53
STRING OEM_STRING
Definition: umtypes.h:203
char * LPSTR
Definition: xmlstorage.h:182
SAMPR_USER_ALL_INFORMATION All
Definition: msv1_0.h:172
unsigned char * LPBYTE
Definition: typedefs.h:52
NTSYSAPI NTSTATUS NTAPI RtlUpcaseUnicodeStringToOemString(POEM_STRING DestinationString, PCUNICODE_STRING SourceString, BOOLEAN AllocateDestinationString)
unsigned char BOOLEAN
#define TRACE(s)
Definition: solgame.cpp:4
NTSYSAPI ULONG NTAPI RtlEqualMemory(CONST VOID *Source1, CONST VOID *Source2, ULONG Length)
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
NTSTATUS WINAPI SystemFunction007(const UNICODE_STRING *string, LPBYTE hash)
Definition: sysfunc.c:245
unsigned char LmPasswordPresent
Definition: msv1_0.h:140
Status
Definition: gdiplustypes.h:24
RPC_SHORT_BLOB NtOwfPassword
Definition: msv1_0.h:128
return STATUS_SUCCESS
Definition: btrfs.c:2938
unsigned char NtPasswordPresent
Definition: msv1_0.h:141

Referenced by LsaApLogonUserEx2().

◆ MsvpCheckWorkstations()

static BOOL MsvpCheckWorkstations ( _In_ PRPC_UNICODE_STRING  WorkStations,
_In_ PWSTR  ComputerName 
)
static

Definition at line 917 of file msv1_0.c.

920 {
921  PWSTR pStart, pEnd;
922  BOOL bFound = FALSE;
923 
924  TRACE("MsvpCheckWorkstations(%p %S)\n", WorkStations, ComputerName);
925 
926  if (WorkStations->Length == 0 || WorkStations->Buffer == NULL)
927  {
928  TRACE("No workstations!\n");
929  return TRUE;
930  }
931 
932  TRACE("Workstations: %wZ\n", WorkStations);
933 
934  pStart = WorkStations->Buffer;
935  for (;;)
936  {
937  pEnd = wcschr(pStart, L',');
938  if (pEnd != NULL)
939  *pEnd = UNICODE_NULL;
940 
941  TRACE("Comparing '%S' and '%S'\n", ComputerName, pStart);
942  if (_wcsicmp(ComputerName, pStart) == 0)
943  {
944  bFound = TRUE;
945  if (pEnd != NULL)
946  *pEnd = L',';
947  break;
948  }
949 
950  if (pEnd == NULL)
951  break;
952 
953  *pEnd = L',';
954  pStart = pEnd + 1;
955  }
956 
957  TRACE("Found allowed workstation: %s\n", (bFound) ? "Yes" : "No");
958 
959  return bFound;
960 }
#define TRUE
Definition: types.h:120
uint16_t * PWSTR
Definition: typedefs.h:54
#define UNICODE_NULL
unsigned int BOOL
Definition: ntddk_ex.h:94
smooth NULL
Definition: ftsmooth.c:416
#define TRACE(s)
Definition: solgame.cpp:4
_CONST_RETURN wchar_t *__cdecl wcschr(_In_z_ const wchar_t *_Str, wchar_t _Ch)
static const WCHAR L[]
Definition: oid.c:1250
_Check_return_ _CRTIMP int __cdecl _wcsicmp(_In_z_ const wchar_t *_Str1, _In_z_ const wchar_t *_Str2)

Referenced by LsaApLogonUserEx2().

◆ SpLsaModeInitialize()

NTSTATUS NTAPI SpLsaModeInitialize ( _In_ ULONG  LsaVersion,
_Out_ PULONG  PackageVersion,
_Out_ PSECPKG_FUNCTION_TABLE ppTables,
_Out_ PULONG  pcTables 
)

Definition at line 1683 of file msv1_0.c.

1688 {
1689  SECPKG_FUNCTION_TABLE Tables[1];
1690 
1691  TRACE("SpLsaModeInitialize(0x%lx %p %p %p)\n",
1692  LsaVersion, PackageVersion, ppTables, pcTables);
1693 
1694  if (LsaVersion != SECPKG_INTERFACE_VERSION)
1695  return STATUS_INVALID_PARAMETER;
1696 
1697  *PackageVersion = SECPKG_INTERFACE_VERSION;
1698 
1699  RtlZeroMemory(&Tables, sizeof(Tables));
1700 
1702 // Tables[0].LogonUser = NULL;
1707 // Tables[0].LogonUserEx = NULL;
1708  Tables[0].LogonUserEx2 = LsaApLogonUserEx2;
1709 // Tables[0].Initialize = SpInitialize;
1710 // Tables[0].Shutdown = NULL;
1711 // Tables[0].GetInfo = NULL;
1712 // Tables[0].AcceptCredentials = NULL;
1713 // Tables[0].SpAcquireCredentialsHandle = NULL;
1714 // Tables[0].SpQueryCredentialsAttributes = NULL;
1715 // Tables[0].FreeCredentialsHandle = NULL;
1716 // Tables[0].SaveCredentials = NULL;
1717 // Tables[0].GetCredentials = NULL;
1718 // Tables[0].DeleteCredentials = NULL;
1719 // Tables[0].InitLsaModeContext = NULL;
1720 // Tables[0].AcceptLsaModeContext = NULL;
1721 // Tables[0].DeleteContext = NULL;
1722 // Tables[0].ApplyControlToken = NULL;
1723 // Tables[0].GetUserInfo = NULL;
1724 // Tables[0].GetExtendedInformation = NULL;
1725 // Tables[0].SpQueryContextAttributes = NULL;
1726 // Tables[0].SpAddCredentials = NULL;
1727 // Tables[0].SetExtendedInformation = NULL;
1728 
1729  *ppTables = Tables;
1730  *pcTables = 1;
1731 
1732  return STATUS_SUCCESS;
1733 }
NTSTATUS NTAPI LsaApCallPackage(IN PLSA_CLIENT_REQUEST ClientRequest, IN PVOID ProtocolSubmitBuffer, IN PVOID ClientBufferBase, IN ULONG SubmitBufferLength, OUT PVOID *ProtocolReturnBuffer, OUT PULONG ReturnBufferLength, OUT PNTSTATUS ProtocolStatus)
Definition: msv1_0.c:968
NTSTATUS NTAPI LsaApInitializePackage(IN ULONG AuthenticationPackageId, IN PLSA_DISPATCH_TABLE LsaDispatchTable, IN PLSA_STRING Database OPTIONAL, IN PLSA_STRING Confidentiality OPTIONAL, OUT PLSA_STRING *AuthenticationPackageName)
Definition: msv1_0.c:1093
NTSTATUS(NTAPI * PLSA_AP_CALL_PACKAGE_PASSTHROUGH)(PLSA_CLIENT_REQUEST, PVOID, PVOID, ULONG, PVOID *, PULONG, PNTSTATUS)
Definition: authpackage.c:73
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
PLSA_AP_CALL_PACKAGE_UNTRUSTED CallPackageUntrusted
Definition: ntsecpkg.h:429
VOID NTAPI LsaApLogonTerminated(IN PLUID LogonId)
Definition: msv1_0.c:1146
PLSA_AP_CALL_PACKAGE CallPackage
Definition: ntsecpkg.h:427
#define SECPKG_INTERFACE_VERSION
Definition: ntsecpkg.h:34
NTSTATUS(NTAPI * PLSA_AP_CALL_PACKAGE)(PUNICODE_STRING, PVOID, ULONG, PVOID *, PULONG, PNTSTATUS)
Definition: ntsecpkg.h:333
PLSA_AP_INITIALIZE_PACKAGE InitializePackage
Definition: ntsecpkg.h:425
#define TRACE(s)
Definition: solgame.cpp:4
PLSA_AP_LOGON_USER_EX2 LogonUserEx2
Definition: ntsecpkg.h:432
PLSA_AP_CALL_PACKAGE_PASSTHROUGH CallPackagePassthrough
Definition: ntsecpkg.h:430
NTSTATUS NTAPI LsaApCallPackagePassthrough(IN PLSA_CLIENT_REQUEST ClientRequest, IN PVOID ProtocolSubmitBuffer, IN PVOID ClientBufferBase, IN ULONG SubmitBufferLength, OUT PVOID *ProtocolReturnBuffer, OUT PULONG ReturnBufferLength, OUT PNTSTATUS ProtocolStatus)
Definition: msv1_0.c:1034
NTSTATUS NTAPI LsaApCallPackageUntrusted(IN PLSA_CLIENT_REQUEST ClientRequest, IN PVOID ProtocolSubmitBuffer, IN PVOID ClientBufferBase, IN ULONG SubmitBufferLength, OUT PVOID *ProtocolReturnBuffer, OUT PULONG ReturnBufferLength, OUT PNTSTATUS ProtocolStatus)
Definition: msv1_0.c:1052
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:261
NTSTATUS NTAPI LsaApLogonUserEx2(IN PLSA_CLIENT_REQUEST ClientRequest, IN SECURITY_LOGON_TYPE LogonType, IN PVOID ProtocolSubmitBuffer, IN PVOID ClientBufferBase, IN ULONG SubmitBufferSize, OUT PVOID *ProfileBuffer, OUT PULONG ProfileBufferSize, OUT PLUID LogonId, OUT PNTSTATUS SubStatus, OUT PLSA_TOKEN_INFORMATION_TYPE TokenInformationType, OUT PVOID *TokenInformation, OUT PUNICODE_STRING *AccountName, OUT PUNICODE_STRING *AuthenticatingAuthority, OUT PUNICODE_STRING *MachineName, OUT PSECPKG_PRIMARY_CRED PrimaryCredentials, OUT PSECPKG_SUPPLEMENTAL_CRED_ARRAY *SupplementalCredentials)
Definition: msv1_0.c:1157
return STATUS_SUCCESS
Definition: btrfs.c:2938
PLSA_AP_LOGON_TERMINATED LogonTerminated
Definition: ntsecpkg.h:428

◆ SpUserModeInitialize()

NTSTATUS WINAPI SpUserModeInitialize ( _In_ ULONG  LsaVersion,
_Out_ PULONG  PackageVersion,
_Out_ PSECPKG_USER_FUNCTION_TABLE ppTables,
_Out_ PULONG  pcTables 
)

Definition at line 1741 of file msv1_0.c.

1746 {
1747  SECPKG_USER_FUNCTION_TABLE Tables[1];
1748 
1749  TRACE("SpUserModeInitialize(0x%lx %p %p %p)\n",
1750  LsaVersion, PackageVersion, ppTables, pcTables);
1751 
1752  if (LsaVersion != SECPKG_INTERFACE_VERSION)
1753  return STATUS_INVALID_PARAMETER;
1754 
1755  *PackageVersion = SECPKG_INTERFACE_VERSION;
1756 
1757  RtlZeroMemory(&Tables, sizeof(Tables));
1758 
1759 // Tables[0].InstanceInit = SpInstanceInit;
1760 // Tables[0].InitUserModeContext = NULL;
1761 // Tables[0].MakeSignature = NULL;
1762 // Tables[0].VerifySignature = NULL;
1763 // Tables[0].SealMessage = NULL;
1764 // Tables[0].UnsealMessage = NULL;
1765 // Tables[0].GetContextToken = NULL;
1766 // Tables[0].SpQueryContextAttributes = NULL;
1767 // Tables[0].CompleteAuthToken = NULL;
1768 // Tables[0].DeleteUserModeContext = NULL;
1769 // Tables[0].FormatCredentials = NULL;
1770 // Tables[0].MarshallSupplementalCreds = NULL;
1771 // Tables[0].ExportContext = NULL;
1772 // Tables[0].ImportContext = NULL;
1773 
1774  *ppTables = Tables;
1775  *pcTables = 1;
1776 
1777  return STATUS_SUCCESS;
1778 }
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
#define SECPKG_INTERFACE_VERSION
Definition: ntsecpkg.h:34
#define TRACE(s)
Definition: solgame.cpp:4
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:261
return STATUS_SUCCESS
Definition: btrfs.c:2938

◆ WINE_DEFAULT_DEBUG_CHANNEL()

WINE_DEFAULT_DEBUG_CHANNEL ( msv1_0  )

Variable Documentation

◆ DispatchTable