ReactOS  0.4.15-dev-2996-gf777e6b
msv1_0.c
Go to the documentation of this file.
1 /*
2  * PROJECT: Authentication Package DLL
3  * LICENSE: GPL - See COPYING in the top level directory
4  * FILE: dll/win32/msv1_0/msv1_0.c
5  * PURPOSE: Main file
6  * COPYRIGHT: Copyright 2013 Eric Kohl
7  */
8 
9 /* INCLUDES ****************************************************************/
10 
11 #include "precomp.h"
12 
14 
15 
16 /* GLOBALS *****************************************************************/
17 
19 
20 
21 /* FUNCTIONS ***************************************************************/
22 
23 static
26 {
27  LSAPR_HANDLE PolicyHandle = NULL;
28  PLSAPR_POLICY_INFORMATION PolicyInfo = NULL;
29  ULONG Length = 0;
31 
32  Status = LsaIOpenPolicyTrusted(&PolicyHandle);
33  if (!NT_SUCCESS(Status))
34  {
35  TRACE("LsaIOpenPolicyTrusted() failed (Status 0x%08lx)\n", Status);
36  return Status;
37  }
38 
39  Status = LsarQueryInformationPolicy(PolicyHandle,
41  &PolicyInfo);
42  if (!NT_SUCCESS(Status))
43  {
44  TRACE("LsarQueryInformationPolicy() failed (Status 0x%08lx)\n", Status);
45  goto done;
46  }
47 
49 
50  *Sid = RtlAllocateHeap(RtlGetProcessHeap(), 0, Length);
51  if (*Sid == NULL)
52  {
53  ERR("Failed to allocate SID\n");
55  goto done;
56  }
57 
59 
60 done:
61  if (PolicyInfo != NULL)
63  PolicyInfo);
64 
65  if (PolicyHandle != NULL)
66  LsarClose(&PolicyHandle);
67 
68  return Status;
69 }
70 
71 
72 static
75 {
77  ULONG Length = 0;
78 
80  *Sid = RtlAllocateHeap(RtlGetProcessHeap(), 0, Length);
81  if (*Sid == NULL)
82  {
83  ERR("Failed to allocate SID\n");
85  }
86 
88 
89  return STATUS_SUCCESS;
90 }
91 
92 
93 static
96  IN PSAMPR_USER_INFO_BUFFER UserInfo,
97  IN PWSTR ComputerName,
100 {
101  PMSV1_0_INTERACTIVE_PROFILE LocalBuffer = NULL;
102  PVOID ClientBaseAddress = NULL;
103  LPWSTR Ptr;
105  USHORT ComputerNameLength;
107 
108  *ProfileBuffer = NULL;
109  *ProfileBufferLength = 0;
110 
111  if (UIntPtrToUShort(wcslen(ComputerName), &ComputerNameLength) != S_OK)
112  {
114  }
115 
117  UserInfo->All.FullName.Length + sizeof(WCHAR) +
118  UserInfo->All.HomeDirectory.Length + sizeof(WCHAR) +
119  UserInfo->All.HomeDirectoryDrive.Length + sizeof(WCHAR) +
120  UserInfo->All.ScriptPath.Length + sizeof(WCHAR) +
121  UserInfo->All.ProfilePath.Length + sizeof(WCHAR) +
122  ((ComputerNameLength + 3) * sizeof(WCHAR));
123 
124  LocalBuffer = DispatchTable.AllocateLsaHeap(BufferLength);
125  if (LocalBuffer == NULL)
126  {
127  TRACE("Failed to allocate the local buffer!\n");
129  goto done;
130  }
131 
132  Status = DispatchTable.AllocateClientBuffer(ClientRequest,
133  BufferLength,
134  &ClientBaseAddress);
135  if (!NT_SUCCESS(Status))
136  {
137  TRACE("DispatchTable.AllocateClientBuffer failed (Status 0x%08lx)\n", Status);
138  goto done;
139  }
140 
141  TRACE("ClientBaseAddress: %p\n", ClientBaseAddress);
142 
143  Ptr = (LPWSTR)((ULONG_PTR)LocalBuffer + sizeof(MSV1_0_INTERACTIVE_PROFILE));
144 
145  LocalBuffer->MessageType = MsV1_0InteractiveProfile;
146  LocalBuffer->LogonCount = UserInfo->All.LogonCount;
147  LocalBuffer->BadPasswordCount = UserInfo->All.BadPasswordCount;
148 
149  LocalBuffer->LogonTime.LowPart = UserInfo->All.LastLogon.LowPart;
150  LocalBuffer->LogonTime.HighPart = UserInfo->All.LastLogon.HighPart;
151 
152  LocalBuffer->LogoffTime.LowPart = UserInfo->All.AccountExpires.LowPart;
153  LocalBuffer->LogoffTime.HighPart = UserInfo->All.AccountExpires.HighPart;
154 
155  LocalBuffer->KickOffTime.LowPart = UserInfo->All.AccountExpires.LowPart;
156  LocalBuffer->KickOffTime.HighPart = UserInfo->All.AccountExpires.HighPart;
157 
158  LocalBuffer->PasswordLastSet.LowPart = UserInfo->All.PasswordLastSet.LowPart;
159  LocalBuffer->PasswordLastSet.HighPart = UserInfo->All.PasswordLastSet.HighPart;
160 
161  LocalBuffer->PasswordCanChange.LowPart = UserInfo->All.PasswordCanChange.LowPart;
162  LocalBuffer->PasswordCanChange.HighPart = UserInfo->All.PasswordCanChange.HighPart;
163 
164  LocalBuffer->PasswordMustChange.LowPart = UserInfo->All.PasswordMustChange.LowPart;
165  LocalBuffer->PasswordMustChange.HighPart = UserInfo->All.PasswordMustChange.HighPart;
166 
167  LocalBuffer->LogonScript.Length = UserInfo->All.ScriptPath.Length;
168  LocalBuffer->LogonScript.MaximumLength = UserInfo->All.ScriptPath.Length + sizeof(WCHAR);
169  LocalBuffer->LogonScript.Buffer = (LPWSTR)((ULONG_PTR)ClientBaseAddress + (ULONG_PTR)Ptr - (ULONG_PTR)LocalBuffer);
170  memcpy(Ptr,
171  UserInfo->All.ScriptPath.Buffer,
172  UserInfo->All.ScriptPath.Length);
173 
174  Ptr = (LPWSTR)((ULONG_PTR)Ptr + LocalBuffer->LogonScript.MaximumLength);
175 
176  LocalBuffer->HomeDirectory.Length = UserInfo->All.HomeDirectory.Length;
177  LocalBuffer->HomeDirectory.MaximumLength = UserInfo->All.HomeDirectory.Length + sizeof(WCHAR);
178  LocalBuffer->HomeDirectory.Buffer = (LPWSTR)((ULONG_PTR)ClientBaseAddress + (ULONG_PTR)Ptr - (ULONG_PTR)LocalBuffer);
179  memcpy(Ptr,
180  UserInfo->All.HomeDirectory.Buffer,
181  UserInfo->All.HomeDirectory.Length);
182 
183  Ptr = (LPWSTR)((ULONG_PTR)Ptr + LocalBuffer->HomeDirectory.MaximumLength);
184 
185  LocalBuffer->FullName.Length = UserInfo->All.FullName.Length;
186  LocalBuffer->FullName.MaximumLength = UserInfo->All.FullName.Length + sizeof(WCHAR);
187  LocalBuffer->FullName.Buffer = (LPWSTR)((ULONG_PTR)ClientBaseAddress + (ULONG_PTR)Ptr - (ULONG_PTR)LocalBuffer);
188  memcpy(Ptr,
189  UserInfo->All.FullName.Buffer,
190  UserInfo->All.FullName.Length);
191  TRACE("FullName.Buffer: %p\n", LocalBuffer->FullName.Buffer);
192 
193  Ptr = (LPWSTR)((ULONG_PTR)Ptr + LocalBuffer->FullName.MaximumLength);
194 
195  LocalBuffer->ProfilePath.Length = UserInfo->All.ProfilePath.Length;
196  LocalBuffer->ProfilePath.MaximumLength = UserInfo->All.ProfilePath.Length + sizeof(WCHAR);
197  LocalBuffer->ProfilePath.Buffer = (LPWSTR)((ULONG_PTR)ClientBaseAddress + (ULONG_PTR)Ptr - (ULONG_PTR)LocalBuffer);
198  memcpy(Ptr,
199  UserInfo->All.ProfilePath.Buffer,
200  UserInfo->All.ProfilePath.Length);
201 
202  Ptr = (LPWSTR)((ULONG_PTR)Ptr + LocalBuffer->ProfilePath.MaximumLength);
203 
204  LocalBuffer->HomeDirectoryDrive.Length = UserInfo->All.HomeDirectoryDrive.Length;
205  LocalBuffer->HomeDirectoryDrive.MaximumLength = UserInfo->All.HomeDirectoryDrive.Length + sizeof(WCHAR);
206  LocalBuffer->HomeDirectoryDrive.Buffer = (LPWSTR)((ULONG_PTR)ClientBaseAddress + (ULONG_PTR)Ptr - (ULONG_PTR)LocalBuffer);
207  memcpy(Ptr,
208  UserInfo->All.HomeDirectoryDrive.Buffer,
209  UserInfo->All.HomeDirectoryDrive.Length);
210 
212 
213  LocalBuffer->LogonServer.Length = (ComputerNameLength + 2) * sizeof(WCHAR);
214  LocalBuffer->LogonServer.MaximumLength = LocalBuffer->LogonServer.Length + sizeof(WCHAR);
215  LocalBuffer->LogonServer.Buffer = (LPWSTR)((ULONG_PTR)ClientBaseAddress + (ULONG_PTR)Ptr - (ULONG_PTR)LocalBuffer);
216  wcscpy(Ptr, L"\\");
217  wcscat(Ptr, ComputerName);
218 
219  LocalBuffer->UserFlags = 0;
220 
221  Status = DispatchTable.CopyToClientBuffer(ClientRequest,
222  BufferLength,
223  ClientBaseAddress,
224  LocalBuffer);
225  if (!NT_SUCCESS(Status))
226  {
227  TRACE("DispatchTable.CopyToClientBuffer failed (Status 0x%08lx)\n", Status);
228  goto done;
229  }
230 
231  *ProfileBuffer = (PMSV1_0_INTERACTIVE_PROFILE)ClientBaseAddress;
233 
234 done:
235  if (LocalBuffer != NULL)
236  DispatchTable.FreeLsaHeap(LocalBuffer);
237 
238  if (!NT_SUCCESS(Status))
239  {
240  if (ClientBaseAddress != NULL)
241  DispatchTable.FreeClientBuffer(ClientRequest,
242  ClientBaseAddress);
243  }
244 
245  return Status;
246 }
247 
248 
249 static
250 PSID
252  ULONG Rid)
253 {
254  PSID DstSid = NULL;
255  UCHAR RidCount;
256 
257  RidCount = *RtlSubAuthorityCountSid(SrcSid);
258  if (RidCount >= 8)
259  return NULL;
260 
261  DstSid = DispatchTable.AllocateLsaHeap(RtlLengthRequiredSid(RidCount + 1));
262  if (DstSid == NULL)
263  return NULL;
264 
265  RtlCopyMemory(DstSid,
266  SrcSid,
267  RtlLengthRequiredSid(RidCount));
268 
269  *RtlSubAuthorityCountSid(DstSid) = RidCount + 1;
270  *RtlSubAuthoritySid(DstSid, RidCount) = Rid;
271 
272  return DstSid;
273 }
274 
275 
276 static
277 NTSTATUS
280  IN ULONG RelativeId)
281 {
282  User->User.Sid = AppendRidToSid(AccountDomainSid,
283  RelativeId);
284  if (User->User.Sid == NULL)
285  {
286  ERR("Could not create the user SID\n");
288  }
289 
290  User->User.Attributes = 0;
291 
292  return STATUS_SUCCESS;
293 }
294 
295 
296 static
297 NTSTATUS
300  IN ULONG RelativeId)
301 {
303  RelativeId);
304  if (PrimaryGroup->PrimaryGroup == NULL)
305  {
306  ERR("Could not create the primary group SID\n");
308  }
309 
310  return STATUS_SUCCESS;
311 }
312 
313 
314 static
315 NTSTATUS
318  IN ULONG RelativeId,
319  IN BOOL SpecialAccount)
320 {
323  DWORD GroupCount = 0;
324  DWORD MaxGroups = 2;
325  PSID Sid;
327 
328  if (SpecialAccount)
329  MaxGroups++;
330 
331  TokenGroups = DispatchTable.AllocateLsaHeap(sizeof(TOKEN_GROUPS) +
332  MaxGroups * sizeof(SID_AND_ATTRIBUTES));
333  if (TokenGroups == NULL)
334  {
336  }
337 
338  if (SpecialAccount)
339  {
340  /* Self */
341  Sid = AppendRidToSid(AccountDomainSid, RelativeId);
342  if (Sid == NULL)
343  {
344 
345  }
346 
347  TokenGroups->Groups[GroupCount].Sid = Sid;
348  TokenGroups->Groups[GroupCount].Attributes =
350  GroupCount++;
351 
352  /* Member of 'Users' alias */
354  2,
363  &Sid);
364  TokenGroups->Groups[GroupCount].Sid = Sid;
365  TokenGroups->Groups[GroupCount].Attributes =
367  GroupCount++;
368  }
369  else
370  {
371  /* Member of the domains users group */
373  if (Sid == NULL)
374  {
375 
376  }
377 
378  TokenGroups->Groups[GroupCount].Sid = Sid;
379  TokenGroups->Groups[GroupCount].Attributes =
381  GroupCount++;
382  }
383 
384  /* Member of 'Authenticated users' */
386  1,
395  &Sid);
396  TokenGroups->Groups[GroupCount].Sid = Sid;
397  TokenGroups->Groups[GroupCount].Attributes =
399  GroupCount++;
400 
401  TokenGroups->GroupCount = GroupCount;
402  ASSERT(TokenGroups->GroupCount <= MaxGroups);
403 
404  *Groups = TokenGroups;
405 
406  return Status;
407 }
408 
409 
410 static
411 NTSTATUS
414  PSAMPR_USER_INFO_BUFFER UserInfo,
415  BOOL SpecialAccount)
416 {
418  ULONG i;
420 
421  Buffer = DispatchTable.AllocateLsaHeap(sizeof(LSA_TOKEN_INFORMATION_V1));
422  if (Buffer == NULL)
423  {
424  WARN("Failed to allocate the local buffer!\n");
426  goto done;
427  }
428 
429  Buffer->ExpirationTime.LowPart = UserInfo->All.AccountExpires.LowPart;
430  Buffer->ExpirationTime.HighPart = UserInfo->All.AccountExpires.HighPart;
431 
432  Status = BuildTokenUser(&Buffer->User,
434  UserInfo->All.UserId);
435  if (!NT_SUCCESS(Status))
436  {
437  WARN("BuildTokenUser() failed (Status 0x%08lx)\n", Status);
438  goto done;
439  }
440 
441  Status = BuildTokenPrimaryGroup(&Buffer->PrimaryGroup,
443  UserInfo->All.PrimaryGroupId);
444  if (!NT_SUCCESS(Status))
445  {
446  WARN("BuildTokenPrimaryGroup() failed (Status 0x%08lx)\n", Status);
447  goto done;
448  }
449 
450  Status = BuildTokenGroups(&Buffer->Groups,
452  UserInfo->All.UserId,
453  SpecialAccount);
454  if (!NT_SUCCESS(Status))
455  {
456  WARN("BuildTokenGroups() failed (Status 0x%08lx)\n", Status);
457  goto done;
458  }
459 
460  *TokenInformation = Buffer;
461 
462 done:
463  if (!NT_SUCCESS(Status))
464  {
465  if (Buffer != NULL)
466  {
467  if (Buffer->User.User.Sid != NULL)
468  DispatchTable.FreeLsaHeap(Buffer->User.User.Sid);
469 
470  if (Buffer->Groups != NULL)
471  {
472  for (i = 0; i < Buffer->Groups->GroupCount; i++)
473  {
474  if (Buffer->Groups->Groups[i].Sid != NULL)
475  DispatchTable.FreeLsaHeap(Buffer->Groups->Groups[i].Sid);
476  }
477 
478  DispatchTable.FreeLsaHeap(Buffer->Groups);
479  }
480 
481  if (Buffer->PrimaryGroup.PrimaryGroup != NULL)
482  DispatchTable.FreeLsaHeap(Buffer->PrimaryGroup.PrimaryGroup);
483 
484  if (Buffer->DefaultDacl.DefaultDacl != NULL)
485  DispatchTable.FreeLsaHeap(Buffer->DefaultDacl.DefaultDacl);
486 
487  DispatchTable.FreeLsaHeap(Buffer);
488  }
489  }
490 
491  return Status;
492 }
493 
494 
495 static
496 NTSTATUS
498  IN PVOID ProtocolSubmitBuffer,
499  IN PVOID ClientBufferBase,
500  IN ULONG SubmitBufferLength,
501  OUT PVOID *ProtocolReturnBuffer,
502  OUT PULONG ReturnBufferLength,
504 {
506  PMSV1_0_CHANGEPASSWORD_REQUEST RequestBuffer;
508 
509  SAMPR_HANDLE ServerHandle = NULL;
510  SAMPR_HANDLE DomainHandle = NULL;
511  SAMPR_HANDLE UserHandle = NULL;
512  PRPC_SID DomainSid = NULL;
514  SAMPR_ULONG_ARRAY RelativeIds = {0, NULL};
515  SAMPR_ULONG_ARRAY Use = {0, NULL};
516 
517  ENCRYPTED_NT_OWF_PASSWORD OldNtPassword;
518  ENCRYPTED_NT_OWF_PASSWORD NewNtPassword;
519  ENCRYPTED_LM_OWF_PASSWORD OldLmPassword;
520  ENCRYPTED_LM_OWF_PASSWORD NewLmPassword;
521  OEM_STRING LmPwdString;
522  CHAR LmPwdBuffer[15];
523  BOOLEAN OldLmPasswordPresent = FALSE;
524  BOOLEAN NewLmPasswordPresent = FALSE;
525 
526  ENCRYPTED_LM_OWF_PASSWORD OldLmEncryptedWithNewLm;
527  ENCRYPTED_LM_OWF_PASSWORD NewLmEncryptedWithOldLm;
528  ENCRYPTED_LM_OWF_PASSWORD OldNtEncryptedWithNewNt;
529  ENCRYPTED_LM_OWF_PASSWORD NewNtEncryptedWithOldNt;
530  PENCRYPTED_LM_OWF_PASSWORD pOldLmEncryptedWithNewLm = NULL;
531  PENCRYPTED_LM_OWF_PASSWORD pNewLmEncryptedWithOldLm = NULL;
532 
533  TRACE("MsvpChangePassword()\n");
534 
535  /* Parameters validation */
536 
537  if (SubmitBufferLength < sizeof(MSV1_0_CHANGEPASSWORD_REQUEST))
538  {
539  ERR("Invalid SubmitBufferLength %lu\n", SubmitBufferLength);
541  }
542 
543  RequestBuffer = (PMSV1_0_CHANGEPASSWORD_REQUEST)ProtocolSubmitBuffer;
544 
545  /* Fix-up pointers in the request buffer info */
546  PtrOffset = (ULONG_PTR)ProtocolSubmitBuffer - (ULONG_PTR)ClientBufferBase;
547 
548  Status = RtlValidateUnicodeString(0, &RequestBuffer->DomainName);
549  if (!NT_SUCCESS(Status))
551  // TODO: Check for Buffer limits wrt. ClientBufferBase and alignment.
552  RequestBuffer->DomainName.Buffer = FIXUP_POINTER(RequestBuffer->DomainName.Buffer, PtrOffset);
553  RequestBuffer->DomainName.MaximumLength = RequestBuffer->DomainName.Length;
554 
555  Status = RtlValidateUnicodeString(0, &RequestBuffer->AccountName);
556  if (!NT_SUCCESS(Status))
558  // TODO: Check for Buffer limits wrt. ClientBufferBase and alignment.
559  RequestBuffer->AccountName.Buffer = FIXUP_POINTER(RequestBuffer->AccountName.Buffer, PtrOffset);
560  RequestBuffer->AccountName.MaximumLength = RequestBuffer->AccountName.Length;
561 
562  Status = RtlValidateUnicodeString(0, &RequestBuffer->OldPassword);
563  if (!NT_SUCCESS(Status))
565  // TODO: Check for Buffer limits wrt. ClientBufferBase and alignment.
566  RequestBuffer->OldPassword.Buffer = FIXUP_POINTER(RequestBuffer->OldPassword.Buffer, PtrOffset);
567  RequestBuffer->OldPassword.MaximumLength = RequestBuffer->OldPassword.Length;
568 
569  Status = RtlValidateUnicodeString(0, &RequestBuffer->NewPassword);
570  if (!NT_SUCCESS(Status))
572  // TODO: Check for Buffer limits wrt. ClientBufferBase and alignment.
573  RequestBuffer->NewPassword.Buffer = FIXUP_POINTER(RequestBuffer->NewPassword.Buffer, PtrOffset);
574  RequestBuffer->NewPassword.MaximumLength = RequestBuffer->NewPassword.Length;
575 
576  TRACE("Domain: %S\n", RequestBuffer->DomainName.Buffer);
577  TRACE("Account: %S\n", RequestBuffer->AccountName.Buffer);
578  TRACE("Old Password: %S\n", RequestBuffer->OldPassword.Buffer);
579  TRACE("New Password: %S\n", RequestBuffer->NewPassword.Buffer);
580 
581  /* Connect to the SAM server */
583  &ServerHandle,
585  TRUE);
586  if (!NT_SUCCESS(Status))
587  {
588  TRACE("SamIConnect() failed (Status 0x%08lx)\n", Status);
589  goto done;
590  }
591 
592  /* Get the domain SID */
593  Status = SamrLookupDomainInSamServer(ServerHandle,
594  (PRPC_UNICODE_STRING)&RequestBuffer->DomainName,
595  &DomainSid);
596  if (!NT_SUCCESS(Status))
597  {
598  TRACE("SamrLookupDomainInSamServer failed (Status %08lx)\n", Status);
599  goto done;
600  }
601 
602  /* Open the domain */
603  Status = SamrOpenDomain(ServerHandle,
605  DomainSid,
606  &DomainHandle);
607  if (!NT_SUCCESS(Status))
608  {
609  TRACE("SamrOpenDomain failed (Status %08lx)\n", Status);
610  goto done;
611  }
612 
613  Names[0].Length = RequestBuffer->AccountName.Length;
614  Names[0].MaximumLength = RequestBuffer->AccountName.MaximumLength;
615  Names[0].Buffer = RequestBuffer->AccountName.Buffer;
616 
617  /* Try to get the RID for the user name */
618  Status = SamrLookupNamesInDomain(DomainHandle,
619  1,
620  Names,
621  &RelativeIds,
622  &Use);
623  if (!NT_SUCCESS(Status))
624  {
625  TRACE("SamrLookupNamesInDomain failed (Status %08lx)\n", Status);
627  goto done;
628  }
629 
630  /* Fail, if it is not a user account */
631  if (Use.Element[0] != SidTypeUser)
632  {
633  TRACE("Account is not a user account!\n");
635  goto done;
636  }
637 
638  /* Open the user object */
639  Status = SamrOpenUser(DomainHandle,
641  RelativeIds.Element[0],
642  &UserHandle);
643  if (!NT_SUCCESS(Status))
644  {
645  TRACE("SamrOpenUser failed (Status %08lx)\n", Status);
646  goto done;
647  }
648 
649 
650  /* Calculate the NT hash for the old password */
651  Status = SystemFunction007(&RequestBuffer->OldPassword,
652  (LPBYTE)&OldNtPassword);
653  if (!NT_SUCCESS(Status))
654  {
655  TRACE("SystemFunction007 failed (Status 0x%08lx)\n", Status);
656  goto done;
657  }
658 
659  /* Calculate the NT hash for the new password */
660  Status = SystemFunction007(&RequestBuffer->NewPassword,
661  (LPBYTE)&NewNtPassword);
662  if (!NT_SUCCESS(Status))
663  {
664  TRACE("SystemFunction007 failed (Status 0x%08lx)\n", Status);
665  goto done;
666  }
667 
668  /* Calculate the LM password and hash for the old password */
669  LmPwdString.Length = 15;
670  LmPwdString.MaximumLength = 15;
671  LmPwdString.Buffer = LmPwdBuffer;
672  ZeroMemory(LmPwdString.Buffer, LmPwdString.MaximumLength);
673 
675  &RequestBuffer->OldPassword,
676  FALSE);
677  if (NT_SUCCESS(Status))
678  {
679  /* Calculate the LM hash value of the password */
680  Status = SystemFunction006(LmPwdString.Buffer,
681  (LPSTR)&OldLmPassword);
682  if (NT_SUCCESS(Status))
683  {
684  OldLmPasswordPresent = TRUE;
685  }
686  }
687 
688  /* Calculate the LM password and hash for the new password */
689  LmPwdString.Length = 15;
690  LmPwdString.MaximumLength = 15;
691  LmPwdString.Buffer = LmPwdBuffer;
692  ZeroMemory(LmPwdString.Buffer, LmPwdString.MaximumLength);
693 
695  &RequestBuffer->NewPassword,
696  FALSE);
697  if (NT_SUCCESS(Status))
698  {
699  /* Calculate the LM hash value of the password */
700  Status = SystemFunction006(LmPwdString.Buffer,
701  (LPSTR)&NewLmPassword);
702  if (NT_SUCCESS(Status))
703  {
704  NewLmPasswordPresent = TRUE;
705  }
706  }
707 
708  /* Encrypt the old and new LM passwords, if they exist */
709  if (OldLmPasswordPresent && NewLmPasswordPresent)
710  {
711  /* Encrypt the old LM password */
712  Status = SystemFunction012((const BYTE *)&OldLmPassword,
713  (const BYTE *)&NewLmPassword,
714  (LPBYTE)&OldLmEncryptedWithNewLm);
715  if (!NT_SUCCESS(Status))
716  {
717  TRACE("SystemFunction012 failed (Status 0x%08lx)\n", Status);
718  goto done;
719  }
720 
721  /* Encrypt the new LM password */
722  Status = SystemFunction012((const BYTE *)&NewLmPassword,
723  (const BYTE *)&OldLmPassword,
724  (LPBYTE)&NewLmEncryptedWithOldLm);
725  if (!NT_SUCCESS(Status))
726  {
727  TRACE("SystemFunction012 failed (Status 0x%08lx)\n", Status);
728  goto done;
729  }
730 
731  pOldLmEncryptedWithNewLm = &OldLmEncryptedWithNewLm;
732  pNewLmEncryptedWithOldLm = &NewLmEncryptedWithOldLm;
733  }
734 
735  /* Encrypt the old NT password */
736  Status = SystemFunction012((const BYTE *)&OldNtPassword,
737  (const BYTE *)&NewNtPassword,
738  (LPBYTE)&OldNtEncryptedWithNewNt);
739  if (!NT_SUCCESS(Status))
740  {
741  TRACE("SystemFunction012 failed (Status 0x%08lx)\n", Status);
742  goto done;
743  }
744 
745  /* Encrypt the new NT password */
746  Status = SystemFunction012((const BYTE *)&NewNtPassword,
747  (const BYTE *)&OldNtPassword,
748  (LPBYTE)&NewNtEncryptedWithOldNt);
749  if (!NT_SUCCESS(Status))
750  {
751  TRACE("SystemFunction012 failed (Status 0x%08lx)\n", Status);
752  goto done;
753  }
754 
755  /* Change the password */
756  Status = SamrChangePasswordUser(UserHandle,
757  OldLmPasswordPresent && NewLmPasswordPresent,
758  pOldLmEncryptedWithNewLm,
759  pNewLmEncryptedWithOldLm,
760  TRUE,
761  &OldNtEncryptedWithNewNt,
762  &NewNtEncryptedWithOldNt,
763  FALSE,
764  NULL,
765  FALSE,
766  NULL);
767  if (!NT_SUCCESS(Status))
768  {
769  TRACE("SamrChangePasswordUser failed (Status %08lx)\n", Status);
770  goto done;
771  }
772 
773 done:
774  if (UserHandle != NULL)
775  SamrCloseHandle(&UserHandle);
776 
777  SamIFree_SAMPR_ULONG_ARRAY(&RelativeIds);
779 
780  if (DomainHandle != NULL)
781  SamrCloseHandle(&DomainHandle);
782 
783  if (DomainSid != NULL)
784  SamIFreeVoid(DomainSid);
785 
786  if (ServerHandle != NULL)
787  SamrCloseHandle(&ServerHandle);
788 
789  return Status;
790 }
791 
792 
793 static
794 NTSTATUS
796  PSAMPR_USER_INFO_BUFFER UserInfo)
797 {
798  ENCRYPTED_NT_OWF_PASSWORD UserNtPassword;
799  ENCRYPTED_LM_OWF_PASSWORD UserLmPassword;
800  BOOLEAN UserLmPasswordPresent = FALSE;
801  BOOLEAN UserNtPasswordPresent = FALSE;
802  OEM_STRING LmPwdString;
803  CHAR LmPwdBuffer[15];
805 
806  TRACE("(%p %p)\n", UserPassword, UserInfo);
807 
808  /* Calculate the LM password and hash for the users password */
809  LmPwdString.Length = 15;
810  LmPwdString.MaximumLength = 15;
811  LmPwdString.Buffer = LmPwdBuffer;
812  ZeroMemory(LmPwdString.Buffer, LmPwdString.MaximumLength);
813 
815  UserPassword,
816  FALSE);
817  if (NT_SUCCESS(Status))
818  {
819  /* Calculate the LM hash value of the users password */
820  Status = SystemFunction006(LmPwdString.Buffer,
821  (LPSTR)&UserLmPassword);
822  if (NT_SUCCESS(Status))
823  {
824  UserLmPasswordPresent = TRUE;
825  }
826  }
827 
828  /* Calculate the NT hash of the users password */
829  Status = SystemFunction007(UserPassword,
830  (LPBYTE)&UserNtPassword);
831  if (NT_SUCCESS(Status))
832  {
833  UserNtPasswordPresent = TRUE;
834  }
835 
837 
838  /* Succeed, if no password has been set */
839  if (UserInfo->All.NtPasswordPresent == FALSE &&
840  UserInfo->All.LmPasswordPresent == FALSE)
841  {
842  TRACE("No password check!\n");
844  goto done;
845  }
846 
847  /* Succeed, if NT password matches */
848  if (UserNtPasswordPresent && UserInfo->All.NtPasswordPresent)
849  {
850  TRACE("Check NT password hashes:\n");
851  if (RtlEqualMemory(&UserNtPassword,
852  UserInfo->All.NtOwfPassword.Buffer,
853  sizeof(ENCRYPTED_NT_OWF_PASSWORD)))
854  {
855  TRACE(" success!\n");
857  goto done;
858  }
859 
860  TRACE(" failed!\n");
861  }
862 
863  /* Succeed, if LM password matches */
864  if (UserLmPasswordPresent && UserInfo->All.LmPasswordPresent)
865  {
866  TRACE("Check LM password hashes:\n");
867  if (RtlEqualMemory(&UserLmPassword,
868  UserInfo->All.LmOwfPassword.Buffer,
869  sizeof(ENCRYPTED_LM_OWF_PASSWORD)))
870  {
871  TRACE(" success!\n");
873  goto done;
874  }
875  TRACE(" failed!\n");
876  }
877 
878 done:
879  return Status;
880 }
881 
882 
883 static
884 BOOL
886  _In_ PSAMPR_LOGON_HOURS LogonHours,
887  _In_ PLARGE_INTEGER LogonTime)
888 {
889 #if 0
890  LARGE_INTEGER LocalLogonTime;
892  USHORT MinutesPerUnit, Offset;
893  BOOL bFound;
894 
895  FIXME("MsvpCheckLogonHours(%p %p)\n", LogonHours, LogonTime);
896 
897  if (LogonHours->UnitsPerWeek == 0 || LogonHours->LogonHours == NULL)
898  {
899  FIXME("No logon hours!\n");
900  return TRUE;
901  }
902 
903  RtlSystemTimeToLocalTime(LogonTime, &LocalLogonTime);
904  RtlTimeToTimeFields(&LocalLogonTime, &TimeFields);
905 
906  FIXME("UnitsPerWeek: %u\n", LogonHours->UnitsPerWeek);
907  MinutesPerUnit = 10080 / LogonHours->UnitsPerWeek;
908 
909  Offset = ((TimeFields.Weekday * 24 + TimeFields.Hour) * 60 + TimeFields.Minute) / MinutesPerUnit;
910  FIXME("Offset: %us\n", Offset);
911 
912  bFound = (BOOL)(LogonHours->LogonHours[Offset / 8] & (1 << (Offset % 8)));
913  FIXME("Logon permitted: %s\n", bFound ? "Yes" : "No");
914 
915  return bFound;
916 #endif
917  return TRUE;
918 }
919 
920 
921 static
922 BOOL
924  _In_ PRPC_UNICODE_STRING WorkStations,
925  _In_ PWSTR ComputerName)
926 {
927  PWSTR pStart, pEnd;
928  BOOL bFound = FALSE;
929 
930  TRACE("MsvpCheckWorkstations(%p %S)\n", WorkStations, ComputerName);
931 
932  if (WorkStations->Length == 0 || WorkStations->Buffer == NULL)
933  {
934  TRACE("No workstations!\n");
935  return TRUE;
936  }
937 
938  TRACE("Workstations: %wZ\n", WorkStations);
939 
940  pStart = WorkStations->Buffer;
941  for (;;)
942  {
943  pEnd = wcschr(pStart, L',');
944  if (pEnd != NULL)
945  *pEnd = UNICODE_NULL;
946 
947  TRACE("Comparing '%S' and '%S'\n", ComputerName, pStart);
948  if (_wcsicmp(ComputerName, pStart) == 0)
949  {
950  bFound = TRUE;
951  if (pEnd != NULL)
952  *pEnd = L',';
953  break;
954  }
955 
956  if (pEnd == NULL)
957  break;
958 
959  *pEnd = L',';
960  pStart = pEnd + 1;
961  }
962 
963  TRACE("Found allowed workstation: %s\n", (bFound) ? "Yes" : "No");
964 
965  return bFound;
966 }
967 
968 
969 /*
970  * @unimplemented
971  */
972 NTSTATUS
973 NTAPI
975  IN PVOID ProtocolSubmitBuffer,
976  IN PVOID ClientBufferBase,
977  IN ULONG SubmitBufferLength,
978  OUT PVOID *ProtocolReturnBuffer,
979  OUT PULONG ReturnBufferLength,
981 {
983  MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
984 
985  TRACE("LsaApCallPackage()\n");
986 
987  if (SubmitBufferLength < sizeof(MSV1_0_PROTOCOL_MESSAGE_TYPE))
989 
990  MessageType = *((PMSV1_0_PROTOCOL_MESSAGE_TYPE)ProtocolSubmitBuffer);
991 
992  *ProtocolReturnBuffer = NULL;
993  *ReturnBufferLength = 0;
994 
995  switch (MessageType)
996  {
1000  break;
1001 
1002  case MsV1_0EnumerateUsers:
1003  case MsV1_0GetUserInfo:
1004  case MsV1_0ReLogonUsers:
1006  break;
1007 
1008  case MsV1_0ChangePassword:
1009  Status = MsvpChangePassword(ClientRequest,
1010  ProtocolSubmitBuffer,
1011  ClientBufferBase,
1012  SubmitBufferLength,
1013  ProtocolReturnBuffer,
1014  ReturnBufferLength,
1015  ProtocolStatus);
1016  break;
1017 
1020  case MsV1_0CacheLogon:
1021  case MsV1_0SubAuth:
1023  case MsV1_0CacheLookup:
1025  break;
1026 
1027  default:
1028  return STATUS_INVALID_PARAMETER;
1029  }
1030 
1031  return Status;
1032 }
1033 
1034 
1035 /*
1036  * @unimplemented
1037  */
1038 NTSTATUS
1039 NTAPI
1041  IN PVOID ProtocolSubmitBuffer,
1042  IN PVOID ClientBufferBase,
1043  IN ULONG SubmitBufferLength,
1044  OUT PVOID *ProtocolReturnBuffer,
1045  OUT PULONG ReturnBufferLength,
1047 {
1048  TRACE("LsaApCallPackagePassthrough()\n");
1049  return STATUS_NOT_IMPLEMENTED;
1050 }
1051 
1052 
1053 /*
1054  * @implemented
1055  */
1056 NTSTATUS
1057 NTAPI
1059  IN PVOID ProtocolSubmitBuffer,
1060  IN PVOID ClientBufferBase,
1061  IN ULONG SubmitBufferLength,
1062  OUT PVOID *ProtocolReturnBuffer,
1063  OUT PULONG ReturnBufferLength,
1065 {
1066  ULONG MessageType;
1067  NTSTATUS Status;
1068 
1069  TRACE("LsaApCallPackageUntrusted()\n");
1070 
1071  if (SubmitBufferLength < sizeof(MSV1_0_PROTOCOL_MESSAGE_TYPE))
1072  return STATUS_INVALID_PARAMETER;
1073 
1074  MessageType = (ULONG)*((PMSV1_0_PROTOCOL_MESSAGE_TYPE)ProtocolSubmitBuffer);
1075 
1076  *ProtocolReturnBuffer = NULL;
1077  *ReturnBufferLength = 0;
1078 
1079  if (MessageType == MsV1_0ChangePassword)
1080  Status = MsvpChangePassword(ClientRequest,
1081  ProtocolSubmitBuffer,
1082  ClientBufferBase,
1083  SubmitBufferLength,
1084  ProtocolReturnBuffer,
1085  ReturnBufferLength,
1086  ProtocolStatus);
1087  else
1089 
1090  return Status;
1091 }
1092 
1093 
1094 /*
1095  * @implemented
1096  */
1097 NTSTATUS
1098 NTAPI
1099 LsaApInitializePackage(IN ULONG AuthenticationPackageId,
1100  IN PLSA_DISPATCH_TABLE LsaDispatchTable,
1102  IN PLSA_STRING Confidentiality OPTIONAL,
1103  OUT PLSA_STRING *AuthenticationPackageName)
1104 {
1105  PANSI_STRING NameString;
1106  PCHAR NameBuffer;
1107 
1108  TRACE("LsaApInitializePackage(%lu %p %p %p %p)\n",
1109  AuthenticationPackageId, LsaDispatchTable, Database,
1110  Confidentiality, AuthenticationPackageName);
1111 
1112  /* Get the dispatch table entries */
1113  DispatchTable.CreateLogonSession = LsaDispatchTable->CreateLogonSession;
1114  DispatchTable.DeleteLogonSession = LsaDispatchTable->DeleteLogonSession;
1115  DispatchTable.AddCredential = LsaDispatchTable->AddCredential;
1116  DispatchTable.GetCredentials = LsaDispatchTable->GetCredentials;
1117  DispatchTable.DeleteCredential = LsaDispatchTable->DeleteCredential;
1118  DispatchTable.AllocateLsaHeap = LsaDispatchTable->AllocateLsaHeap;
1119  DispatchTable.FreeLsaHeap = LsaDispatchTable->FreeLsaHeap;
1120  DispatchTable.AllocateClientBuffer = LsaDispatchTable->AllocateClientBuffer;
1121  DispatchTable.FreeClientBuffer = LsaDispatchTable->FreeClientBuffer;
1122  DispatchTable.CopyToClientBuffer = LsaDispatchTable->CopyToClientBuffer;
1123  DispatchTable.CopyFromClientBuffer = LsaDispatchTable->CopyFromClientBuffer;
1124 
1125  /* Return the package name */
1126  NameString = DispatchTable.AllocateLsaHeap(sizeof(LSA_STRING));
1127  if (NameString == NULL)
1129 
1130  NameBuffer = DispatchTable.AllocateLsaHeap(sizeof(MSV1_0_PACKAGE_NAME));
1131  if (NameBuffer == NULL)
1132  {
1133  DispatchTable.FreeLsaHeap(NameString);
1135  }
1136 
1137  strcpy(NameBuffer, MSV1_0_PACKAGE_NAME);
1138 
1139  RtlInitAnsiString(NameString, NameBuffer);
1140 
1141  *AuthenticationPackageName = (PLSA_STRING)NameString;
1142 
1143  return STATUS_SUCCESS;
1144 }
1145 
1146 
1147 /*
1148  * @unimplemented
1149  */
1150 VOID
1151 NTAPI
1153 {
1154  TRACE("LsaApLogonTerminated()\n");
1155 }
1156 
1157 
1158 /*
1159  * @implemented
1160  */
1161 NTSTATUS
1162 NTAPI
1165  IN PVOID ProtocolSubmitBuffer,
1166  IN PVOID ClientBufferBase,
1167  IN ULONG SubmitBufferSize,
1169  OUT PULONG ProfileBufferSize,
1170  OUT PLUID LogonId,
1172  OUT PLSA_TOKEN_INFORMATION_TYPE TokenInformationType,
1173  OUT PVOID *TokenInformation,
1174  OUT PUNICODE_STRING *AccountName,
1175  OUT PUNICODE_STRING *AuthenticatingAuthority,
1177  OUT PSECPKG_PRIMARY_CRED PrimaryCredentials, /* Not supported yet */
1178  OUT PSECPKG_SUPPLEMENTAL_CRED_ARRAY *SupplementalCredentials) /* Not supported yet */
1179 {
1180  static const UNICODE_STRING NtAuthorityU = RTL_CONSTANT_STRING(L"NT AUTHORITY");
1181  static const UNICODE_STRING LocalServiceU = RTL_CONSTANT_STRING(L"LocalService");
1182  static const UNICODE_STRING NetworkServiceU = RTL_CONSTANT_STRING(L"NetworkService");
1183 
1184  NTSTATUS Status;
1185  PMSV1_0_INTERACTIVE_LOGON LogonInfo;
1186  WCHAR ComputerName[MAX_COMPUTERNAME_LENGTH + 1];
1187  SAMPR_HANDLE ServerHandle = NULL;
1188  SAMPR_HANDLE DomainHandle = NULL;
1189  SAMPR_HANDLE UserHandle = NULL;
1192  SAMPR_ULONG_ARRAY RelativeIds = {0, NULL};
1193  SAMPR_ULONG_ARRAY Use = {0, NULL};
1194  PSAMPR_USER_INFO_BUFFER UserInfo = NULL;
1195  BOOLEAN SessionCreated = FALSE;
1196  LARGE_INTEGER LogonTime;
1197  LARGE_INTEGER AccountExpires;
1198  LARGE_INTEGER PasswordMustChange;
1199  LARGE_INTEGER PasswordLastSet;
1200  DWORD ComputerNameSize;
1201  BOOL SpecialAccount = FALSE;
1202  UCHAR LogonPassHash;
1203  PUNICODE_STRING ErasePassword = NULL;
1204 
1205  TRACE("LsaApLogonUserEx2()\n");
1206 
1207  TRACE("LogonType: %lu\n", LogonType);
1208  TRACE("ProtocolSubmitBuffer: %p\n", ProtocolSubmitBuffer);
1209  TRACE("SubmitBufferSize: %lu\n", SubmitBufferSize);
1210 
1211  *ProfileBuffer = NULL;
1212  *ProfileBufferSize = 0;
1214  *AccountName = NULL;
1215  *AuthenticatingAuthority = NULL;
1216 
1217  /* Parameters validation */
1218  if (LogonType == Interactive ||
1219  LogonType == Batch ||
1220  LogonType == Service)
1221  {
1223 
1224  if (SubmitBufferSize < sizeof(MSV1_0_INTERACTIVE_LOGON))
1225  {
1226  ERR("Invalid SubmitBufferSize %lu\n", SubmitBufferSize);
1227  return STATUS_INVALID_PARAMETER;
1228  }
1229 
1230  LogonInfo = (PMSV1_0_INTERACTIVE_LOGON)ProtocolSubmitBuffer;
1231 
1232  if (LogonInfo->MessageType != MsV1_0InteractiveLogon &&
1234  {
1235  ERR("Invalid MessageType %lu\n", LogonInfo->MessageType);
1237  }
1238 
1239 #if 0 // FIXME: These checks happen to be done on Windows. We however keep them general on ReactOS for now...
1240  if (LogonInfo->UserName.Length > 512) // CRED_MAX_STRING_LENGTH * sizeof(WCHAR) or (CREDUI_MAX_USERNAME_LENGTH (== CRED_MAX_USERNAME_LENGTH) - 1) * sizeof(WCHAR)
1241  {
1242  ERR("UserName too long (%lu, maximum 512)\n", LogonInfo->UserName.Length);
1243  return STATUS_NAME_TOO_LONG;
1244  }
1245  if (LogonInfo->Password.Length > 512) // CREDUI_MAX_PASSWORD_LENGTH * sizeof(WCHAR)
1246  {
1247  ERR("Password too long (%lu, maximum 512)\n", LogonInfo->Password.Length);
1248  return STATUS_NAME_TOO_LONG;
1249  }
1250 #endif
1251 
1252  /* Fix-up pointers in the authentication info */
1253  PtrOffset = (ULONG_PTR)ProtocolSubmitBuffer - (ULONG_PTR)ClientBufferBase;
1254 
1255  /* LogonDomainName is optional and can be an empty string */
1256  if (LogonInfo->LogonDomainName.Length)
1257  {
1258  // TODO: Check for Buffer limits wrt. ClientBufferBase and alignment.
1260  LogonInfo->LogonDomainName.MaximumLength = LogonInfo->LogonDomainName.Length;
1261  }
1262  else
1263  {
1264  LogonInfo->LogonDomainName.Buffer = NULL;
1265  LogonInfo->LogonDomainName.MaximumLength = 0;
1266  }
1268  if (!NT_SUCCESS(Status))
1269  return STATUS_INVALID_PARAMETER;
1270 
1271  /* UserName is mandatory and cannot be an empty string */
1272  // TODO: Check for Buffer limits wrt. ClientBufferBase and alignment.
1273  LogonInfo->UserName.Buffer = FIXUP_POINTER(LogonInfo->UserName.Buffer, PtrOffset);
1274  LogonInfo->UserName.MaximumLength = LogonInfo->UserName.Length;
1275 
1276  Status = RtlValidateUnicodeString(0, &LogonInfo->UserName);
1277  if (!NT_SUCCESS(Status))
1278  return STATUS_INVALID_PARAMETER;
1279 
1280  /* MS docs says max length is 0xFF bytes. But thats not the full story:
1281  *
1282  * A Quote from https://groups.google.com/forum/#!topic/microsoft.public.win32.programmer.kernel/eFGcCo_ZObk:
1283  * "... At least on my WinXP SP2. Domain and UserName are passed
1284  * in clear text, but the Password is NOT. ..."
1285  *
1286  * If the higher byte of length != 0 we have to use RtlRunDecodeUnicodeString.
1287  */
1288  LogonPassHash = (LogonInfo->Password.Length >> 8) & 0xFF;
1289  LogonInfo->Password.Length = LogonInfo->Password.Length & 0xFF;
1290 
1291  /* Password is optional and can be an empty string */
1292  if (LogonInfo->Password.Length)
1293  {
1294  // TODO: Check for Buffer limits wrt. ClientBufferBase and alignment.
1295  LogonInfo->Password.Buffer = FIXUP_POINTER(LogonInfo->Password.Buffer, PtrOffset);
1296  LogonInfo->Password.MaximumLength = LogonInfo->Password.Length;
1297  }
1298  else
1299  {
1300  LogonInfo->Password.Buffer = NULL;
1301  LogonInfo->Password.MaximumLength = 0;
1302  }
1303 
1304  /* Decode password */
1305  if (LogonPassHash > 0)
1306  {
1307  RtlRunDecodeUnicodeString(LogonPassHash, &LogonInfo->Password);
1308  }
1309 
1310  /* ErasePassword will be "erased" before we return */
1311  ErasePassword = &LogonInfo->Password;
1312 
1313  Status = RtlValidateUnicodeString(0, &LogonInfo->Password);
1314  if (!NT_SUCCESS(Status))
1315  return STATUS_INVALID_PARAMETER;
1316 
1317  TRACE("Domain: %wZ\n", &LogonInfo->LogonDomainName);
1318  TRACE("User: %wZ\n", &LogonInfo->UserName);
1319  TRACE("Password: %wZ\n", &LogonInfo->Password);
1320 
1321  // TODO: If LogonType == Service, do some extra work using LogonInfo->Password.
1322  }
1323  else
1324  {
1325  FIXME("LogonType %lu is not supported yet!\n", LogonType);
1326  return STATUS_NOT_IMPLEMENTED;
1327  }
1328  // TODO: Add other LogonType validity checks.
1329 
1330  /* Get the logon time */
1331  NtQuerySystemTime(&LogonTime);
1332 
1333  /* Get the computer name */
1334  ComputerNameSize = ARRAYSIZE(ComputerName);
1335  GetComputerNameW(ComputerName, &ComputerNameSize);
1336 
1337  /* Check for special accounts */
1338  // FIXME: Windows does not do this that way!! (msv1_0 does not contain these hardcoded values)
1339  if (RtlEqualUnicodeString(&LogonInfo->LogonDomainName, &NtAuthorityU, TRUE))
1340  {
1341  SpecialAccount = TRUE;
1342 
1343  /* Get the authority domain SID */
1345  if (!NT_SUCCESS(Status))
1346  {
1347  ERR("GetNtAuthorityDomainSid() failed (Status 0x%08lx)\n", Status);
1348  return Status;
1349  }
1350 
1351  if (RtlEqualUnicodeString(&LogonInfo->UserName, &LocalServiceU, TRUE))
1352  {
1353  TRACE("SpecialAccount: LocalService\n");
1354 
1355  if (LogonType != Service)
1356  return STATUS_LOGON_FAILURE;
1357 
1358  UserInfo = RtlAllocateHeap(RtlGetProcessHeap(),
1360  sizeof(SAMPR_USER_ALL_INFORMATION));
1361  if (UserInfo == NULL)
1362  {
1364  goto done;
1365  }
1366 
1369  }
1370  else if (RtlEqualUnicodeString(&LogonInfo->UserName, &NetworkServiceU, TRUE))
1371  {
1372  TRACE("SpecialAccount: NetworkService\n");
1373 
1374  if (LogonType != Service)
1375  return STATUS_LOGON_FAILURE;
1376 
1377  UserInfo = RtlAllocateHeap(RtlGetProcessHeap(),
1379  sizeof(SAMPR_USER_ALL_INFORMATION));
1380  if (UserInfo == NULL)
1381  {
1383  goto done;
1384  }
1385 
1388  }
1389  else
1390  {
1392  goto done;
1393  }
1394  }
1395  else
1396  {
1397  TRACE("NormalAccount\n");
1398 
1399  /* Get the account domain SID */
1401  if (!NT_SUCCESS(Status))
1402  {
1403  ERR("GetAccountDomainSid() failed (Status 0x%08lx)\n", Status);
1404  return Status;
1405  }
1406 
1407  /* Connect to the SAM server */
1409  &ServerHandle,
1411  TRUE);
1412  if (!NT_SUCCESS(Status))
1413  {
1414  TRACE("SamIConnect() failed (Status 0x%08lx)\n", Status);
1415  goto done;
1416  }
1417 
1418  /* Open the account domain */
1419  Status = SamrOpenDomain(ServerHandle,
1420  DOMAIN_LOOKUP,
1422  &DomainHandle);
1423  if (!NT_SUCCESS(Status))
1424  {
1425  ERR("SamrOpenDomain failed (Status %08lx)\n", Status);
1426  goto done;
1427  }
1428 
1429  Names[0].Length = LogonInfo->UserName.Length;
1430  Names[0].MaximumLength = LogonInfo->UserName.MaximumLength;
1431  Names[0].Buffer = LogonInfo->UserName.Buffer;
1432 
1433  /* Try to get the RID for the user name */
1434  Status = SamrLookupNamesInDomain(DomainHandle,
1435  1,
1436  Names,
1437  &RelativeIds,
1438  &Use);
1439  if (!NT_SUCCESS(Status))
1440  {
1441  ERR("SamrLookupNamesInDomain failed (Status %08lx)\n", Status);
1443  goto done;
1444  }
1445 
1446  /* Fail, if it is not a user account */
1447  if (Use.Element[0] != SidTypeUser)
1448  {
1449  ERR("Account is not a user account!\n");
1451  goto done;
1452  }
1453 
1454  /* Open the user object */
1455  Status = SamrOpenUser(DomainHandle,
1458  RelativeIds.Element[0],
1459  &UserHandle);
1460  if (!NT_SUCCESS(Status))
1461  {
1462  ERR("SamrOpenUser failed (Status %08lx)\n", Status);
1463  goto done;
1464  }
1465 
1466  Status = SamrQueryInformationUser(UserHandle,
1468  &UserInfo);
1469  if (!NT_SUCCESS(Status))
1470  {
1471  ERR("SamrQueryInformationUser failed (Status %08lx)\n", Status);
1472  goto done;
1473  }
1474 
1475  TRACE("UserName: %wZ\n", &UserInfo->All.UserName);
1476 
1477  /* Check the password */
1478  if ((UserInfo->All.UserAccountControl & USER_PASSWORD_NOT_REQUIRED) == 0)
1479  {
1480  Status = MsvpCheckPassword(&LogonInfo->Password,
1481  UserInfo);
1482  if (!NT_SUCCESS(Status))
1483  {
1484  ERR("MsvpCheckPassword failed (Status %08lx)\n", Status);
1485  goto done;
1486  }
1487  }
1488 
1489  /* Check account restrictions for non-administrator accounts */
1490  if (RelativeIds.Element[0] != DOMAIN_USER_RID_ADMIN)
1491  {
1492  /* Check if the account has been disabled */
1494  {
1495  ERR("Account disabled!\n");
1498  goto done;
1499  }
1500 
1501  /* Check if the account has been locked */
1503  {
1504  ERR("Account locked!\n");
1507  goto done;
1508  }
1509 
1510  /* Check if the account expired */
1511  AccountExpires.LowPart = UserInfo->All.AccountExpires.LowPart;
1512  AccountExpires.HighPart = UserInfo->All.AccountExpires.HighPart;
1513  if (LogonTime.QuadPart >= AccountExpires.QuadPart)
1514  {
1515  ERR("Account expired!\n");
1518  goto done;
1519  }
1520 
1521  /* Check if the password expired */
1522  PasswordMustChange.LowPart = UserInfo->All.PasswordMustChange.LowPart;
1523  PasswordMustChange.HighPart = UserInfo->All.PasswordMustChange.HighPart;
1524  PasswordLastSet.LowPart = UserInfo->All.PasswordLastSet.LowPart;
1525  PasswordLastSet.HighPart = UserInfo->All.PasswordLastSet.HighPart;
1526 
1527  if (LogonTime.QuadPart >= PasswordMustChange.QuadPart)
1528  {
1529  ERR("Password expired!\n");
1530  if (PasswordLastSet.QuadPart == 0)
1532  else
1534 
1536  goto done;
1537  }
1538 
1539  /* Check logon hours */
1540  if (!MsvpCheckLogonHours(&UserInfo->All.LogonHours, &LogonTime))
1541  {
1542  ERR("Invalid logon hours!\n");
1545  goto done;
1546  }
1547 
1548  /* Check workstations */
1549  if (!MsvpCheckWorkstations(&UserInfo->All.WorkStations, ComputerName))
1550  {
1551  ERR("Invalid workstation!\n");
1554  goto done;
1555  }
1556  }
1557  }
1558 
1559  /* Return logon information */
1560 
1561  /* Create and return a new logon id */
1563  if (!NT_SUCCESS(Status))
1564  {
1565  TRACE("NtAllocateLocallyUniqueId failed (Status %08lx)\n", Status);
1566  goto done;
1567  }
1568 
1569  /* Create the logon session */
1570  Status = DispatchTable.CreateLogonSession(LogonId);
1571  if (!NT_SUCCESS(Status))
1572  {
1573  TRACE("CreateLogonSession failed (Status %08lx)\n", Status);
1574  goto done;
1575  }
1576 
1577  SessionCreated = TRUE;
1578 
1579  /* Build and fill the interactive profile buffer */
1580  Status = BuildInteractiveProfileBuffer(ClientRequest,
1581  UserInfo,
1582  ComputerName,
1584  ProfileBufferSize);
1585  if (!NT_SUCCESS(Status))
1586  {
1587  TRACE("BuildInteractiveProfileBuffer failed (Status %08lx)\n", Status);
1588  goto done;
1589  }
1590 
1591  /* Return the token information type */
1592  *TokenInformationType = LsaTokenInformationV1;
1593 
1594  /* Build and fill the token information buffer */
1597  UserInfo,
1598  SpecialAccount);
1599  if (!NT_SUCCESS(Status))
1600  {
1601  TRACE("BuildTokenInformationBuffer failed (Status %08lx)\n", Status);
1602  goto done;
1603  }
1604 
1605 done:
1606  /* Erase password */
1607  if (ErasePassword)
1608  {
1609  RtlEraseUnicodeString(ErasePassword);
1610  }
1611 
1612  /* Update the logon time/count or the bad password time/count */
1613  if ((UserHandle != NULL) &&
1615  {
1616  SAMPR_USER_INFO_BUFFER InternalInfo;
1617 
1618  RtlZeroMemory(&InternalInfo, sizeof(InternalInfo));
1619 
1620  if (Status == STATUS_SUCCESS)
1621  InternalInfo.Internal2.Flags = USER_LOGON_SUCCESS;
1622  else
1623  InternalInfo.Internal2.Flags = USER_LOGON_BAD_PASSWORD;
1624 
1625  SamrSetInformationUser(UserHandle,
1627  &InternalInfo);
1628  }
1629 
1630  /* Return the account name */
1631  *AccountName = DispatchTable.AllocateLsaHeap(sizeof(UNICODE_STRING));
1632  if (*AccountName != NULL)
1633  {
1634  (*AccountName)->Buffer = DispatchTable.AllocateLsaHeap(LogonInfo->UserName.Length +
1635  sizeof(UNICODE_NULL));
1636  if ((*AccountName)->Buffer != NULL)
1637  {
1638  (*AccountName)->MaximumLength = LogonInfo->UserName.Length +
1639  sizeof(UNICODE_NULL);
1640  RtlCopyUnicodeString(*AccountName, &LogonInfo->UserName);
1641  }
1642  }
1643 
1644  /* Return the authenticating authority */
1645  *AuthenticatingAuthority = DispatchTable.AllocateLsaHeap(sizeof(UNICODE_STRING));
1646  if (*AuthenticatingAuthority != NULL)
1647  {
1648  (*AuthenticatingAuthority)->Buffer = DispatchTable.AllocateLsaHeap(LogonInfo->LogonDomainName.Length +
1649  sizeof(UNICODE_NULL));
1650  if ((*AuthenticatingAuthority)->Buffer != NULL)
1651  {
1652  (*AuthenticatingAuthority)->MaximumLength = LogonInfo->LogonDomainName.Length +
1653  sizeof(UNICODE_NULL);
1654  RtlCopyUnicodeString(*AuthenticatingAuthority, &LogonInfo->LogonDomainName);
1655  }
1656  }
1657 
1658  /* Return the machine name */
1659  *MachineName = DispatchTable.AllocateLsaHeap(sizeof(UNICODE_STRING));
1660  if (*MachineName != NULL)
1661  {
1662  (*MachineName)->Buffer = DispatchTable.AllocateLsaHeap((ComputerNameSize + 1) * sizeof(WCHAR));
1663  if ((*MachineName)->Buffer != NULL)
1664  {
1665  (*MachineName)->MaximumLength = (ComputerNameSize + 1) * sizeof(WCHAR);
1666  (*MachineName)->Length = ComputerNameSize * sizeof(WCHAR);
1667  RtlCopyMemory((*MachineName)->Buffer, ComputerName, (*MachineName)->MaximumLength);
1668  }
1669  }
1670 
1671  if (!NT_SUCCESS(Status))
1672  {
1673  if (SessionCreated != FALSE)
1674  DispatchTable.DeleteLogonSession(LogonId);
1675 
1676  if (*ProfileBuffer != NULL)
1677  {
1678  DispatchTable.FreeClientBuffer(ClientRequest,
1679  *ProfileBuffer);
1680  *ProfileBuffer = NULL;
1681  }
1682  }
1683 
1684  if (UserHandle != NULL)
1685  SamrCloseHandle(&UserHandle);
1686 
1689  SamIFree_SAMPR_ULONG_ARRAY(&RelativeIds);
1691 
1692  if (DomainHandle != NULL)
1693  SamrCloseHandle(&DomainHandle);
1694 
1695  if (ServerHandle != NULL)
1696  SamrCloseHandle(&ServerHandle);
1697 
1698  if (AccountDomainSid != NULL)
1699  RtlFreeHeap(RtlGetProcessHeap(), 0, AccountDomainSid);
1700 
1701  if (Status == STATUS_NO_SUCH_USER ||
1703  {
1704  *SubStatus = Status;
1706  }
1707 
1708  TRACE("LsaApLogonUserEx2 done (Status 0x%08lx, SubStatus 0x%08lx)\n", Status, *SubStatus);
1709 
1710  return Status;
1711 }
1712 
1713 
1714 /*
1715  * @unimplemented
1716  */
1717 NTSTATUS
1718 NTAPI
1720  _In_ ULONG LsaVersion,
1721  _Out_ PULONG PackageVersion,
1722  _Out_ PSECPKG_FUNCTION_TABLE *ppTables,
1723  _Out_ PULONG pcTables)
1724 {
1725  TRACE("SpLsaModeInitialize(0x%lx %p %p %p)\n",
1726  LsaVersion, PackageVersion, ppTables, pcTables);
1727 
1728  if (LsaVersion != SECPKG_INTERFACE_VERSION)
1729  return STATUS_INVALID_PARAMETER;
1730 
1731  *PackageVersion = SECPKG_INTERFACE_VERSION;
1732 
1733  RtlZeroMemory(NtlmLsaFn, sizeof(NtlmLsaFn));
1734 
1735  /* msv1_0 (XP, win2k) returns NULL for
1736  * InitializePackage, LsaLogonUser,LsaLogonUserEx,
1737  * SpQueryContextAttributes and SpAddCredentials */
1744  NtlmLsaFn[0].LogonUserEx = NULL;
1765 
1766  *ppTables = NtlmLsaFn;
1767  *pcTables = 1;
1768 
1769  return STATUS_SUCCESS;
1770 }
1771 
1772 
1773 /*
1774  * @unimplemented
1775  */
1776 NTSTATUS
1777 WINAPI
1779  _In_ ULONG LsaVersion,
1780  _Out_ PULONG PackageVersion,
1782  _Out_ PULONG pcTables)
1783 {
1784  SECPKG_USER_FUNCTION_TABLE Tables[1];
1785 
1786  TRACE("SpUserModeInitialize(0x%lx %p %p %p)\n",
1787  LsaVersion, PackageVersion, ppTables, pcTables);
1788 
1789  if (LsaVersion != SECPKG_INTERFACE_VERSION)
1790  return STATUS_INVALID_PARAMETER;
1791 
1792  *PackageVersion = SECPKG_INTERFACE_VERSION;
1793 
1794  RtlZeroMemory(&Tables, sizeof(Tables));
1795 
1796 // Tables[0].InstanceInit = SpInstanceInit;
1797 // Tables[0].InitUserModeContext = NULL;
1798 // Tables[0].MakeSignature = NULL;
1799 // Tables[0].VerifySignature = NULL;
1800 // Tables[0].SealMessage = NULL;
1801 // Tables[0].UnsealMessage = NULL;
1802 // Tables[0].GetContextToken = NULL;
1803 // Tables[0].SpQueryContextAttributes = NULL;
1804 // Tables[0].CompleteAuthToken = NULL;
1805 // Tables[0].DeleteUserModeContext = NULL;
1806 // Tables[0].FormatCredentials = NULL;
1807 // Tables[0].MarshallSupplementalCreds = NULL;
1808 // Tables[0].ExportContext = NULL;
1809 // Tables[0].ImportContext = NULL;
1810 
1811  *ppTables = Tables;
1812  *pcTables = 1;
1813 
1814  return STATUS_SUCCESS;
1815 }
1816 
1817 /* EOF */
USHORT Weekday
Definition: env_spec_w32.h:718
RPC_SHORT_BLOB LmOwfPassword
Definition: msv1_0.h:96
signed char * PCHAR
Definition: retypes.h:7
* PNTSTATUS
Definition: strlen.c:14
unsigned long * Element
Definition: lsasrv.h:88
struct _MSV1_0_CHANGEPASSWORD_REQUEST * PMSV1_0_CHANGEPASSWORD_REQUEST
#define STATUS_WRONG_PASSWORD
Definition: ntstatus.h:342
RPC_UNICODE_STRING UserName
Definition: msv1_0.h:86
NTSTATUS NTAPI LsaApCallPackage(IN PLSA_CLIENT_REQUEST ClientRequest, IN PVOID ProtocolSubmitBuffer, IN PVOID ClientBufferBase, IN ULONG SubmitBufferLength, OUT PVOID *ProtocolReturnBuffer, OUT PULONG ReturnBufferLength, OUT PNTSTATUS ProtocolStatus)
Definition: msv1_0.c:974
SpQueryCredentialsAttributesFn * SpQueryCredentialsAttributes
Definition: ntsecpkg.h:478
struct _MSV1_0_INTERACTIVE_PROFILE MSV1_0_INTERACTIVE_PROFILE
#define SAM_SERVER_CONNECT
Definition: ntsam.h:99
#define IN
Definition: typedefs.h:39
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ ULONG BufferLength
Definition: wdfdevice.h:3767
static NTSTATUS BuildTokenInformationBuffer(PLSA_TOKEN_INFORMATION_V1 *TokenInformation, PRPC_SID AccountDomainSid, PSAMPR_USER_INFO_BUFFER UserInfo, BOOL SpecialAccount)
Definition: msv1_0.c:412
static BOOL MsvpCheckWorkstations(_In_ PRPC_UNICODE_STRING WorkStations, _In_ PWSTR ComputerName)
Definition: msv1_0.c:923
#define SECURITY_AUTHENTICATED_USER_RID
Definition: setypes.h:540
#define MSV1_0_PACKAGE_NAME
Definition: ntsecapi.h:42
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
_In_ ULONG _In_ ULONG _In_ ULONG Length
Definition: ntddpcm.h:101
#define USER_PASSWORD_NOT_REQUIRED
Definition: ntsam.h:169
VOID NTAPI RtlRunDecodeUnicodeString(IN UCHAR Hash, IN OUT PUNICODE_STRING String)
Definition: encode.c:20
NTSTATUS NTAPI LsaApInitializePackage(IN ULONG AuthenticationPackageId, IN PLSA_DISPATCH_TABLE LsaDispatchTable, IN PLSA_STRING Database OPTIONAL, IN PLSA_STRING Confidentiality OPTIONAL, OUT PLSA_STRING *AuthenticationPackageName)
Definition: msv1_0.c:1099
NTSTATUS NTAPI LsaSpShutDown(VOID)
Definition: lsa.c:31
MSV1_0_LOGON_SUBMIT_TYPE MessageType
Definition: ntsecapi.h:434
LARGE_INTEGER LogoffTime
Definition: ntsecapi.h:444
UNICODE_STRING ProfilePath
Definition: ntsecapi.h:452
NTSTATUS __stdcall SamrOpenDomain(SAMPR_HANDLE ServerHandle, ACCESS_MASK DesiredAccess, PRPC_SID DomainId, SAMPR_HANDLE *DomainHandle)
USHORT MaximumLength
Definition: env_spec_w32.h:370
#define _Out_
Definition: ms_sal.h:345
UNICODE_STRING HomeDirectory
Definition: ntsecapi.h:450
#define PtrOffset(BASE, OFFSET)
Definition: cdprocs.h:1547
IN BOOLEAN OUT PSTR Buffer
Definition: progress.h:34
PWSTR Names[]
NTSTATUS NTAPI LsaSpDeleteContext(_In_ LSA_SEC_HANDLE ContextHandle)
Definition: lsa.c:180
#define TRUE
Definition: types.h:120
NTSTATUS NTAPI SpInitialize(_In_ ULONG_PTR PackageId, _In_ PSECPKG_PARAMETERS Parameters, _In_ PLSA_SECPKG_FUNCTION_TABLE FunctionTable)
Definition: lsa.c:19
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
uint16_t * PWSTR
Definition: typedefs.h:56
NTSTATUS NTAPI LsaSpDeleteCredentials(_In_ LSA_SEC_HANDLE CredentialHandle, _In_ PSecBuffer Key)
Definition: lsa.c:113
static NTSTATUS GetNtAuthorityDomainSid(PRPC_SID *Sid)
Definition: msv1_0.c:74
PLSA_AP_LOGON_USER LsaLogonUser
Definition: ntsecpkg.h:466
char CHAR
Definition: xmlstorage.h:175
_Must_inspect_result_ _In_ PFSRTL_PER_STREAM_CONTEXT Ptr
Definition: fsrtlfuncs.h:898
#define WARN(fmt,...)
Definition: debug.h:112
unsigned long UserId
Definition: msv1_0.h:100
LONG NTSTATUS
Definition: precomp.h:26
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
Definition: heap.c:606
struct _MSV1_0_INTERACTIVE_PROFILE * PMSV1_0_INTERACTIVE_PROFILE
NTSYSAPI VOID NTAPI RtlEraseUnicodeString(_Inout_ PUNICODE_STRING String)
NTSTATUS NTAPI SpLsaModeInitialize(_In_ ULONG LsaVersion, _Out_ PULONG PackageVersion, _Out_ PSECPKG_FUNCTION_TABLE *ppTables, _Out_ PULONG pcTables)
Definition: msv1_0.c:1719
#define ARRAYSIZE(array)
Definition: filtermapper.c:47
static PSID AppendRidToSid(PSID SrcSid, ULONG Rid)
Definition: msv1_0.c:251
SpFreeCredentialsHandleFn * FreeCredentialsHandle
Definition: ntsecpkg.h:479
UNICODE_STRING LogonScript
Definition: ntsecapi.h:449
OLD_LARGE_INTEGER PasswordLastSet
Definition: msv1_0.h:82
_In_ DWORD _Out_ PDWORD _In_opt_ PCSTR MachineName
Definition: setupapi.h:1286
#define ZeroMemory
Definition: winbase.h:1664
NTSYSAPI PULONG NTAPI RtlSubAuthoritySid(_In_ PSID Sid, _In_ ULONG SubAuthority)
NTSTATUS NTAPI SamrLookupNamesInDomain(IN SAMPR_HANDLE DomainHandle, IN ULONG Count, IN RPC_UNICODE_STRING Names[], OUT PSAMPR_ULONG_ARRAY RelativeIds, OUT PSAMPR_ULONG_ARRAY Use)
Definition: samrpc.c:3464
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG ProfileBufferLength
unsigned short * Buffer
Definition: msv1_0.h:40
NTSTATUS NTAPI SamrChangePasswordUser(IN SAMPR_HANDLE UserHandle, IN unsigned char LmPresent, IN PENCRYPTED_LM_OWF_PASSWORD OldLmEncryptedWithNewLm, IN PENCRYPTED_LM_OWF_PASSWORD NewLmEncryptedWithOldLm, IN unsigned char NtPresent, IN PENCRYPTED_NT_OWF_PASSWORD OldNtEncryptedWithNewNt, IN PENCRYPTED_NT_OWF_PASSWORD NewNtEncryptedWithOldNt, IN unsigned char NtCrossEncryptionPresent, IN PENCRYPTED_NT_OWF_PASSWORD NewNtEncryptedWithNewLm, IN unsigned char LmCrossEncryptionPresent, IN PENCRYPTED_LM_OWF_PASSWORD NewLmEncryptedWithNewNt)
Definition: samrpc.c:7864
NTSTATUS WINAPI SystemFunction006(LPCSTR password, LPSTR hash)
Definition: crypt_lmhash.c:53
#define STATUS_ACCOUNT_LOCKED_OUT
Definition: ntstatus.h:696
BOOL WINAPI GetComputerNameW(LPWSTR lpBuffer, LPDWORD lpnSize)
Definition: compname.c:446
STRING OEM_STRING
Definition: umtypes.h:203
TOpcodeData Groups[17][8]
char * LPSTR
Definition: xmlstorage.h:182
NTSTATUS NTAPI NtAllocateLocallyUniqueId(OUT LUID *LocallyUniqueId)
Definition: uuid.c:348
LSAPR_POLICY_ACCOUNT_DOM_INFO PolicyAccountDomainInfo
Definition: msv1_0.h:276
NTSTATUS NTAPI SamrLookupDomainInSamServer(IN SAMPR_HANDLE ServerHandle, IN PRPC_UNICODE_STRING Name, OUT PRPC_SID *DomainId)
Definition: samrpc.c:504
SpAcceptLsaModeContextFn * AcceptLsaModeContext
Definition: ntsecpkg.h:484
NTSTATUS NTAPI LsaSpQueryCredentialsAttributes(_In_ LSA_SEC_HANDLE CredentialHandle, _In_ ULONG CredentialAttribute, _Inout_ PVOID Buffer)
Definition: lsa.c:72
NTSYSAPI NTSTATUS NTAPI RtlAllocateAndInitializeSid(IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, IN UCHAR SubAuthorityCount, IN ULONG SubAuthority0, IN ULONG SubAuthority1, IN ULONG SubAuthority2, IN ULONG SubAuthority3, IN ULONG SubAuthority4, IN ULONG SubAuthority5, IN ULONG SubAuthority6, IN ULONG SubAuthority7, OUT PSID *Sid)
Definition: sid.c:290
#define BOOL
Definition: nt_native.h:43
LARGE_INTEGER PasswordMustChange
Definition: ntsecapi.h:448
UNICODE_STRING Password
Definition: ntsecapi.h:437
PLSA_AP_CALL_PACKAGE_UNTRUSTED CallPackageUntrusted
Definition: ntsecpkg.h:469
UNICODE_STRING AccountName
Definition: ntsecapi.h:513
#define STATUS_ACCOUNT_EXPIRED
Definition: ntstatus.h:636
UNICODE_STRING FullName
Definition: ntsecapi.h:451
SAMPR_USER_ALL_INFORMATION All
Definition: msv1_0.h:141
NTSYSAPI VOID NTAPI RtlCopyUnicodeString(PUNICODE_STRING DestinationString, PUNICODE_STRING SourceString)
#define STATUS_INVALID_LOGON_HOURS
Definition: ntstatus.h:347
NTSTATUS WINAPI LsaIOpenPolicyTrusted(OUT LSAPR_HANDLE *PolicyHandle)
Definition: policy.c:15
#define USER_ACCOUNT_DISABLED
Definition: ntsam.h:167
#define STATUS_ACCOUNT_RESTRICTION
Definition: ntstatus.h:346
NTSYSAPI VOID NTAPI RtlInitAnsiString(PANSI_STRING DestinationString, PCSZ SourceString)
uint32_t ULONG_PTR
Definition: typedefs.h:65
WINE_DEFAULT_DEBUG_CHANNEL(msv1_0)
VOID NTAPI LsaIFree_LSAPR_POLICY_INFORMATION(IN POLICY_INFORMATION_CLASS InformationClass, IN PLSAPR_POLICY_INFORMATION PolicyInformation)
Definition: lsasrv.c:51
NTSTATUS NTAPI SamIConnect(PSAMPR_SERVER_NAME ServerName, SAMPR_HANDLE *ServerHandle, ACCESS_MASK DesiredAccess, BOOLEAN Trusted)
return STATUS_NOT_IMPLEMENTED
struct _MSV1_0_INTERACTIVE_LOGON * PMSV1_0_INTERACTIVE_LOGON
NTSYSAPI NTSTATUS NTAPI RtlInitializeSid(IN OUT PSID Sid, IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, IN UCHAR SubAuthorityCount)
VOID NTAPI SamIFreeVoid(PVOID Ptr)
Definition: samsrv.c:155
static NTSTATUS GetAccountDomainSid(PRPC_SID *Sid)
Definition: msv1_0.c:25
#define FIXUP_POINTER(Pointer, Offset)
Definition: msv1_0.h:9
unsigned char * LPBYTE
Definition: typedefs.h:53
VOID NTAPI ProtocolStatus(NDIS_HANDLE BindingContext, NDIS_STATUS GenerelStatus, PVOID StatusBuffer, UINT StatusBufferSize)
Called by NDIS when the underlying driver has changed state.
Definition: lan.c:461
#define USER_READ_GENERAL
Definition: ntsam.h:126
NTSTATUS WINAPI SystemFunction012(const BYTE *in, const BYTE *key, LPBYTE out)
Definition: sysfunc.c:353
NTSTATUS(* NTAPI)(IN PFILE_FULL_EA_INFORMATION EaBuffer, IN ULONG EaLength, OUT PULONG ErrorOffset)
Definition: IoEaTest.cpp:117
#define FALSE
Definition: types.h:117
#define UNICODE_NULL
SpQueryContextAttributesFn * SpQueryContextAttributes
Definition: ntsecpkg.h:489
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE _Out_ PQUOTA_LIMITS _Out_ PNTSTATUS SubStatus
VOID NTAPI LsaApLogonTerminated(IN PLUID LogonId)
Definition: msv1_0.c:1152
enum _MSV1_0_PROTOCOL_MESSAGE_TYPE * PMSV1_0_PROTOCOL_MESSAGE_TYPE
unsigned int BOOL
Definition: ntddk_ex.h:94
#define DOMAIN_USER_RID_ADMIN
Definition: setypes.h:603
NTSYSAPI NTSTATUS NTAPI RtlUpcaseUnicodeStringToOemString(POEM_STRING DestinationString, PCUNICODE_STRING SourceString, BOOLEAN AllocateDestinationString)
LARGE_INTEGER PasswordLastSet
Definition: ntsecapi.h:446
NTSTATUS NTAPI SpAcceptCredentials(_In_ SECURITY_LOGON_TYPE LogonType, _In_ PUNICODE_STRING AccountName, _In_ PSECPKG_PRIMARY_CRED PrimaryCredentials, _In_ PSECPKG_SUPPLEMENTAL_CRED SupplementalCredentials)
Definition: lsa.c:40
#define FIXME(fmt,...)
Definition: debug.h:111
static NTSTATUS BuildInteractiveProfileBuffer(IN PLSA_CLIENT_REQUEST ClientRequest, IN PSAMPR_USER_INFO_BUFFER UserInfo, IN PWSTR ComputerName, OUT PMSV1_0_INTERACTIVE_PROFILE *ProfileBuffer, OUT PULONG ProfileBufferLength)
Definition: msv1_0.c:95
PLSA_AP_CALL_PACKAGE CallPackage
Definition: ntsecpkg.h:467
NTSYSAPI NTSTATUS NTAPI RtlValidateUnicodeString(_In_ ULONG Flags, _In_ PCUNICODE_STRING String)
Definition: unicode.c:2559
unsigned char BOOLEAN
NTSTATUS NTAPI LsaSpApplyControlToken(_In_ LSA_SEC_HANDLE ContextHandle, _In_ PSecBufferDesc ControlToken)
Definition: lsa.c:189
#define SE_GROUP_ENABLED_BY_DEFAULT
Definition: setypes.h:91
enum _LSA_TOKEN_INFORMATION_TYPE * PLSA_TOKEN_INFORMATION_TYPE
#define _In_
Definition: ms_sal.h:308
#define SAM_SERVER_LOOKUP_DOMAIN
Definition: ntsam.h:104
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1103
LARGE_INTEGER LogonTime
Definition: ntsecapi.h:443
NTSTATUS NTAPI LsaSpGetInfoW(_Out_ PSecPkgInfoW PackageInfo)
Definition: lsa.c:123
NTSYSAPI NTSTATUS NTAPI RtlSystemTimeToLocalTime(_In_ PLARGE_INTEGER SystemTime, _Out_ PLARGE_INTEGER LocalTime)
Definition: bufpool.h:45
OLD_LARGE_INTEGER AccountExpires
Definition: msv1_0.h:83
#define SECPKG_INTERFACE_VERSION
Definition: ntsecpkg.h:34
SpAcceptCredentialsFn * AcceptCredentials
Definition: ntsecpkg.h:476
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
Definition: sid.c:150
#define SECURITY_LOCAL_SERVICE_RID
Definition: setypes.h:547
NTSTATUS NTAPI LsaSpSaveCredentials(_In_ LSA_SEC_HANDLE CredentialHandle, _In_ PSecBuffer Credentials)
Definition: lsa.c:93
#define SECURITY_NT_AUTHORITY
Definition: setypes.h:526
#define STATUS_NAME_TOO_LONG
Definition: ntstatus.h:498
PLSA_AP_INITIALIZE_PACKAGE InitializePackage
Definition: ntsecpkg.h:465
SECPKG_FUNCTION_TABLE NtlmLsaFn[1]
Definition: lsa.c:15
PVOID NTAPI RtlAllocateHeap(IN PVOID HeapHandle, IN ULONG Flags, IN SIZE_T Size)
Definition: heap.c:588
Status
Definition: gdiplustypes.h:24
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID _Inout_ PULONG _Out_writes_bytes_to_opt_ PrimaryGroupSize PSID PrimaryGroup
Definition: rtlfuncs.h:1558
#define STATUS_NO_SUCH_USER
Definition: ntstatus.h:336
BOOLEAN RtlTimeToTimeFields(IN PLARGE_INTEGER Time, IN PTIME_FIELDS TimeFields)
NTSTATUS WINAPI LsarQueryInformationPolicy(LSAPR_HANDLE PolicyHandle, POLICY_INFORMATION_CLASS InformationClass, PLSAPR_POLICY_INFORMATION *PolicyInformation)
Definition: lsarpc.c:531
#define STATUS_ACCOUNT_DISABLED
Definition: ntstatus.h:350
OLD_LARGE_INTEGER PasswordMustChange
Definition: msv1_0.h:85
NTSTATUS NTAPI LsaSpAcquireCredentialsHandle(_In_ PUNICODE_STRING PrincipalName, _In_ ULONG CredentialUseFlags, _In_ PLUID LogonId, _In_ PVOID AuthorizationData, _In_ PVOID GetKeyFunciton, _In_ PVOID GetKeyArgument, _Out_ PLSA_SEC_HANDLE CredentialHandle, _Out_ PTimeStamp ExpirationTime)
Definition: lsa.c:53
static NTSTATUS BuildTokenGroups(OUT PTOKEN_GROUPS *Groups, IN PSID AccountDomainSid, IN ULONG RelativeId, IN BOOL SpecialAccount)
Definition: msv1_0.c:316
NTSTATUS NTAPI LsaSpGetUserInfo(_In_ PLUID LogonId, _In_ ULONG Flags, _Out_ PSecurityUserData *UserData)
Definition: lsa.c:199
UNICODE_STRING UserName
Definition: ntsecapi.h:436
#define TRACE(s)
Definition: solgame.cpp:4
PLSA_AP_LOGON_USER_EX2 LogonUserEx2
Definition: ntsecpkg.h:472
LARGE_INTEGER KickOffTime
Definition: ntsecapi.h:445
#define SECURITY_BUILTIN_DOMAIN_RID
Definition: setypes.h:553
_CONST_RETURN wchar_t *__cdecl wcschr(_In_z_ const wchar_t *_Str, wchar_t _Ch)
#define ASSERT(a)
Definition: mode.c:44
NTSYSAPI ULONG NTAPI RtlEqualMemory(CONST VOID *Source1, CONST VOID *Source2, ULONG Length)
#define STATUS_PASSWORD_EXPIRED
Definition: ntstatus.h:349
__wchar_t WCHAR
Definition: xmlstorage.h:180
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define USER_READ_ACCOUNT
Definition: ntsam.h:130
#define SE_GROUP_ENABLED
Definition: setypes.h:92
LSA_DISPATCH_TABLE DispatchTable
Definition: msv1_0.c:18
NTSTATUS WINAPI SystemFunction007(const UNICODE_STRING *string, LPBYTE hash)
Definition: sysfunc.c:245
NTSYSAPI PUCHAR NTAPI RtlSubAuthorityCountSid(IN PSID Sid)
Definition: sid.c:104
UNICODE_STRING NewPassword
Definition: ntsecapi.h:515
#define WINAPI
Definition: msvc.h:6
PLSA_AP_CALL_PACKAGE_PASSTHROUGH CallPackagePassthrough
Definition: ntsecpkg.h:470
unsigned long DWORD
Definition: ntddk_ex.h:95
SpDeleteContextFn * DeleteContext
Definition: ntsecpkg.h:485
static NTSTATUS MsvpCheckPassword(PUNICODE_STRING UserPassword, PSAMPR_USER_INFO_BUFFER UserInfo)
Definition: msv1_0.c:795
#define STATUS_ACCESS_DENIED
Definition: udferr_usr.h:145
NTSTATUS NTAPI LsaSpGetCredentials(_In_ LSA_SEC_HANDLE CredentialHandle, _Inout_ PSecBuffer Credentials)
Definition: lsa.c:103
#define SE_GROUP_MANDATORY
Definition: setypes.h:90
UNICODE_STRING LogonServer
Definition: ntsecapi.h:454
SAMPR_LOGON_HOURS LogonHours
Definition: msv1_0.h:104
#define USER_LOGON_SUCCESS
Definition: msv1_0.h:67
NTSTATUS WINAPI LsarClose(LSAPR_HANDLE *ObjectHandle)
Definition: lsarpc.c:125
unsigned long PrimaryGroupId
Definition: msv1_0.h:101
#define SECURITY_NULL_RID
Definition: setypes.h:512
#define USER_LOGON_BAD_PASSWORD
Definition: msv1_0.h:66
SpInitLsaModeContextFn * InitLsaModeContext
Definition: ntsecpkg.h:483
unsigned char UCHAR
Definition: xmlstorage.h:181
NTSTATUS NTAPI LsaSpSetExtendedInformation(_In_ SECPKG_EXTENDED_INFORMATION_CLASS Class, _In_ PSECPKG_EXTENDED_INFORMATION Info)
Definition: lsa.c:221
#define STATUS_BAD_VALIDATION_CLASS
Definition: ntstatus.h:403
_CRTIMP wchar_t *__cdecl wcscpy(_Out_writes_z_(_String_length_(_Source)+1) wchar_t *_Dest, _In_z_ const wchar_t *_Source)
static const WCHAR L[]
Definition: oid.c:1250
#define USER_ACCOUNT_AUTO_LOCKED
Definition: ntsam.h:177
SpAddCredentialsFn * SpAddCredentials
Definition: ntsecpkg.h:490
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID * ProfileBuffer
ULONG LowPart
Definition: typedefs.h:106
#define memcpy(s1, s2, n)
Definition: mkisofs.h:878
SpInitializeFn * Initialize
Definition: ntsecpkg.h:473
unsigned char LmPasswordPresent
Definition: msv1_0.h:109
NTSTATUS WINAPI SpUserModeInitialize(_In_ ULONG LsaVersion, _Out_ PULONG PackageVersion, _Out_ PSECPKG_USER_FUNCTION_TABLE *ppTables, _Out_ PULONG pcTables)
Definition: msv1_0.c:1778
#define SECURITY_NETWORK_SERVICE_RID
Definition: setypes.h:548
unsigned char BYTE
Definition: xxhash.c:193
VOID NTAPI SamIFree_SAMPR_USER_INFO_BUFFER(PSAMPR_USER_INFO_BUFFER Ptr, USER_INFORMATION_CLASS InformationClass)
Definition: samsrv.c:540
static NTSTATUS MsvpChangePassword(IN PLSA_CLIENT_REQUEST ClientRequest, IN PVOID ProtocolSubmitBuffer, IN PVOID ClientBufferBase, IN ULONG SubmitBufferLength, OUT PVOID *ProtocolReturnBuffer, OUT PULONG ReturnBufferLength, OUT PNTSTATUS ProtocolStatus)
Definition: msv1_0.c:497
_In_ ULONG _In_ ULONG Offset
Definition: ntddpcm.h:101
#define ERR(fmt,...)
Definition: debug.h:110
#define MAX_COMPUTERNAME_LENGTH
Definition: winbase.h:240
#define S_OK
Definition: intsafe.h:52
VOID NTAPI SamIFree_SAMPR_ULONG_ARRAY(PSAMPR_ULONG_ARRAY Ptr)
Definition: samsrv.c:524
#define STATUS_INVALID_WORKSTATION
Definition: ntstatus.h:348
NTSTATUS NTAPI LsaApCallPackagePassthrough(IN PLSA_CLIENT_REQUEST ClientRequest, IN PVOID ProtocolSubmitBuffer, IN PVOID ClientBufferBase, IN ULONG SubmitBufferLength, OUT PVOID *ProtocolReturnBuffer, OUT PULONG ReturnBufferLength, OUT PNTSTATUS ProtocolStatus)
Definition: msv1_0.c:1040
NTSTATUS NTAPI LsaApCallPackageUntrusted(IN PLSA_CLIENT_REQUEST ClientRequest, IN PVOID ProtocolSubmitBuffer, IN PVOID ClientBufferBase, IN ULONG SubmitBufferLength, OUT PVOID *ProtocolReturnBuffer, OUT PULONG ReturnBufferLength, OUT PNTSTATUS ProtocolStatus)
Definition: msv1_0.c:1058
LARGE_INTEGER PasswordCanChange
Definition: ntsecapi.h:447
SpApplyControlTokenFn * ApplyControlToken
Definition: ntsecpkg.h:486
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
NTSTATUS NTAPI LsaSpInitLsaModeContext(_In_ LSA_SEC_HANDLE CredentialHandle, _In_ LSA_SEC_HANDLE ContextHandle, _In_ PUNICODE_STRING TargetName, _In_ ULONG ContextRequirements, _In_ ULONG TargetDataRep, _In_ PSecBufferDesc InputBuffers, _Out_ PLSA_SEC_HANDLE NewContextHandle, _Inout_ PSecBufferDesc OutputBuffers, _Out_ PULONG ContextAttributes, _Out_ PTimeStamp ExpirationTime, _Out_ PBOOLEAN MappedContext, _Out_ PSecBuffer ContextData)
Definition: lsa.c:132
SpSetExtendedInformationFn * SetExtendedInformation
Definition: ntsecpkg.h:491
#define DOMAIN_ALIAS_RID_USERS
Definition: setypes.h:625
unsigned short USHORT
Definition: pedump.c:61
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE LogonType
SpGetUserInfoFn * GetUserInfo
Definition: ntsecpkg.h:487
#define STATUS_PASSWORD_MUST_CHANGE
Definition: ntstatus.h:680
SpSaveCredentialsFn * SaveCredentials
Definition: ntsecpkg.h:480
unsigned long UserAccountControl
Definition: msv1_0.h:102
MSV1_0_PROFILE_BUFFER_TYPE MessageType
Definition: ntsecapi.h:440
unsigned long LowPart
Definition: msv1_0.h:32
NTSTATUS NTAPI SamrSetInformationUser(IN SAMPR_HANDLE UserHandle, IN USER_INFORMATION_CLASS UserInformationClass, IN PSAMPR_USER_INFO_BUFFER Buffer)
Definition: samrpc.c:7848
enum _SECURITY_LOGON_TYPE SECURITY_LOGON_TYPE
SpGetInfoFn * GetInfo
Definition: ntsecpkg.h:475
NTSTATUS __stdcall SamrCloseHandle(SAMPR_HANDLE *SamHandle)
PLSA_AP_LOGON_USER_EX LogonUserEx
Definition: ntsecpkg.h:471
UNICODE_STRING HomeDirectoryDrive
Definition: ntsecapi.h:453
_CRTIMP wchar_t *__cdecl wcscat(_Inout_updates_z_(_String_length_(_Dest)+_String_length_(_Source)+1) wchar_t *_Dest, _In_z_ const wchar_t *_Source)
#define DOMAIN_GROUP_RID_USERS
Definition: setypes.h:612
unsigned int * PULONG
Definition: retypes.h:1
#define NULL
Definition: types.h:112
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID LogonId
struct _LSA_STRING * PLSA_STRING
#define HEAP_ZERO_MEMORY
Definition: compat.h:134
SpShutDownFn * Shutdown
Definition: ntsecpkg.h:474
_CRTIMP size_t __cdecl wcslen(_In_z_ const wchar_t *_Str)
NTSTATUS NTAPI SamrOpenUser(IN SAMPR_HANDLE DomainHandle, IN ACCESS_MASK DesiredAccess, IN ULONG UserId, OUT SAMPR_HANDLE *UserHandle)
#define USER_READ_PREFERENCES
Definition: ntsam.h:127
RPC_SHORT_BLOB NtOwfPassword
Definition: msv1_0.h:97
#define OUT
Definition: typedefs.h:40
UNICODE_STRING OldPassword
Definition: ntsecapi.h:514
char * strcpy(char *DstString, const char *SrcString)
Definition: utclib.c:388
unsigned int ULONG
Definition: retypes.h:1
SpGetExtendedInformationFn * GetExtendedInformation
Definition: ntsecpkg.h:488
#define DOMAIN_LOOKUP
Definition: ntsam.h:42
SpGetCredentialsFn * GetCredentials
Definition: ntsecpkg.h:481
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:262
NTSTATUS NTAPI LsaSpFreeCredentialsHandle(_In_ LSA_SEC_HANDLE CredentialHandle)
Definition: lsa.c:84
SAMPR_USER_INTERNAL2_INFORMATION Internal2
Definition: msv1_0.h:137
#define ULONG_PTR
Definition: config.h:101
NTSTATUS NTAPI NtQuerySystemTime(OUT PLARGE_INTEGER SystemTime)
Definition: time.c:472
PSID AccountDomainSid
Definition: database.c:24
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
NTSTATUS NTAPI LsaApLogonUserEx2(IN PLSA_CLIENT_REQUEST ClientRequest, IN SECURITY_LOGON_TYPE LogonType, IN PVOID ProtocolSubmitBuffer, IN PVOID ClientBufferBase, IN ULONG SubmitBufferSize, OUT PVOID *ProfileBuffer, OUT PULONG ProfileBufferSize, OUT PLUID LogonId, OUT PNTSTATUS SubStatus, OUT PLSA_TOKEN_INFORMATION_TYPE TokenInformationType, OUT PVOID *TokenInformation, OUT PUNICODE_STRING *AccountName, OUT PUNICODE_STRING *AuthenticatingAuthority, OUT PUNICODE_STRING *MachineName, OUT PSECPKG_PRIMARY_CRED PrimaryCredentials, OUT PSECPKG_SUPPLEMENTAL_CRED_ARRAY *SupplementalCredentials)
Definition: msv1_0.c:1163
enum _MSV1_0_PROTOCOL_MESSAGE_TYPE MSV1_0_PROTOCOL_MESSAGE_TYPE
#define STATUS_SUCCESS
Definition: shellext.h:65
SpDeleteCredentialsFn * DeleteCredentials
Definition: ntsecpkg.h:482
NTSTATUS NTAPI SamrQueryInformationUser(IN SAMPR_HANDLE UserHandle, IN USER_INFORMATION_CLASS UserInformationClass, OUT PSAMPR_USER_INFO_BUFFER *Buffer)
Definition: samrpc.c:7234
WCHAR * LPWSTR
Definition: xmlstorage.h:184
static PTIME_FIELDS TimeFields
Definition: time.c:104
_In_ PWDFDEVICE_INIT _In_ PWDF_PDO_EVENT_CALLBACKS DispatchTable
Definition: wdfpdo.h:245
static BOOL MsvpCheckLogonHours(_In_ PSAMPR_LOGON_HOURS LogonHours, _In_ PLARGE_INTEGER LogonTime)
Definition: msv1_0.c:885
static NTSTATUS BuildTokenPrimaryGroup(OUT PTOKEN_PRIMARY_GROUP PrimaryGroup, IN PSID AccountDomainSid, IN ULONG RelativeId)
Definition: msv1_0.c:298
NTSYSAPI BOOLEAN NTAPI RtlEqualUnicodeString(PUNICODE_STRING String1, PUNICODE_STRING String2, BOOLEAN CaseInSensitive)
PLSA_AP_LOGON_TERMINATED LogonTerminated
Definition: ntsecpkg.h:468
#define USER_READ_LOGON
Definition: ntsam.h:129
NTSTATUS NTAPI LsaSpAcceptLsaModeContext(_In_ LSA_SEC_HANDLE CredentialHandle, _In_ LSA_SEC_HANDLE ContextHandle, _In_ PSecBufferDesc InputBuffer, _In_ ULONG ContextRequirements, _In_ ULONG TargetDataRep, _Out_ PLSA_SEC_HANDLE NewContextHandle, _Inout_ PSecBufferDesc OutputBuffer, _Out_ PULONG ContextAttributes, _Out_ PTimeStamp ExpirationTime, _Out_ PBOOLEAN MappedContext, _Out_ PSecBuffer ContextData)
Definition: lsa.c:157
static NTSTATUS BuildTokenUser(OUT PTOKEN_USER User, IN PSID AccountDomainSid, IN ULONG RelativeId)
Definition: msv1_0.c:278
_Check_return_ _CRTIMP int __cdecl _wcsicmp(_In_z_ const wchar_t *_Str1, _In_z_ const wchar_t *_Str2)
SpAcquireCredentialsHandleFn * SpAcquireCredentialsHandle
Definition: ntsecpkg.h:477
#define STATUS_LOGON_FAILURE
Definition: ntstatus.h:345
unsigned char NtPasswordPresent
Definition: msv1_0.h:110
RPC_UNICODE_STRING WorkStations
Definition: msv1_0.h:93
SID_IDENTIFIER_AUTHORITY NtAuthority
Definition: database.c:21
LONGLONG QuadPart
Definition: typedefs.h:114
NTSTATUS NTAPI LsaSpGetExtendedInformation(_In_ SECPKG_EXTENDED_INFORMATION_CLASS Class, _Out_ PSECPKG_EXTENDED_INFORMATION *ppInfo)
Definition: lsa.c:210
UNICODE_STRING LogonDomainName
Definition: ntsecapi.h:435
NTSYSAPI ULONG NTAPI RtlLengthRequiredSid(IN ULONG SubAuthorityCount)
Definition: sid.c:54
#define USER_CHANGE_PASSWORD
Definition: ntsam.h:132
static SID_IDENTIFIER_AUTHORITY SystemAuthority
Definition: msgina.c:38
#define RTL_CONSTANT_STRING(s)
Definition: tunneltest.c:14
PULONG MinorVersion OPTIONAL
Definition: CrossNt.h:68