ReactOS  0.4.15-dev-509-g96a357b
msv1_0.c
Go to the documentation of this file.
1 /*
2  * PROJECT: Authentication Package DLL
3  * LICENSE: GPL - See COPYING in the top level directory
4  * FILE: dll/win32/msv1_0/msv1_0.c
5  * PURPOSE: Main file
6  * COPYRIGHT: Copyright 2013 Eric Kohl
7  */
8 
9 /* INCLUDES ****************************************************************/
10 
11 #include "precomp.h"
12 
14 
15 
16 /* GLOBALS *****************************************************************/
17 
19 
20 
21 /* FUNCTIONS ***************************************************************/
22 
23 static
26 {
27  LSAPR_HANDLE PolicyHandle = NULL;
28  PLSAPR_POLICY_INFORMATION PolicyInfo = NULL;
29  ULONG Length = 0;
31 
32  Status = LsaIOpenPolicyTrusted(&PolicyHandle);
33  if (!NT_SUCCESS(Status))
34  {
35  TRACE("LsaIOpenPolicyTrusted() failed (Status 0x%08lx)\n", Status);
36  return Status;
37  }
38 
39  Status = LsarQueryInformationPolicy(PolicyHandle,
41  &PolicyInfo);
42  if (!NT_SUCCESS(Status))
43  {
44  TRACE("LsarQueryInformationPolicy() failed (Status 0x%08lx)\n", Status);
45  goto done;
46  }
47 
49 
50  *Sid = RtlAllocateHeap(RtlGetProcessHeap(), 0, Length);
51  if (*Sid == NULL)
52  {
53  ERR("Failed to allocate SID\n");
55  goto done;
56  }
57 
59 
60 done:
61  if (PolicyInfo != NULL)
63  PolicyInfo);
64 
65  if (PolicyHandle != NULL)
66  LsarClose(&PolicyHandle);
67 
68  return Status;
69 }
70 
71 
72 static
75 {
77  ULONG Length = 0;
78 
80  *Sid = RtlAllocateHeap(RtlGetProcessHeap(), 0, Length);
81  if (*Sid == NULL)
82  {
83  ERR("Failed to allocate SID\n");
85  }
86 
88 
89  return STATUS_SUCCESS;
90 }
91 
92 
93 static
96  IN PSAMPR_USER_INFO_BUFFER UserInfo,
97  IN PWSTR ComputerName,
100 {
101  PMSV1_0_INTERACTIVE_PROFILE LocalBuffer = NULL;
102  PVOID ClientBaseAddress = NULL;
103  LPWSTR Ptr;
106 
107  *ProfileBuffer = NULL;
108  *ProfileBufferLength = 0;
109 
111  UserInfo->All.FullName.Length + sizeof(WCHAR) +
112  UserInfo->All.HomeDirectory.Length + sizeof(WCHAR) +
113  UserInfo->All.HomeDirectoryDrive.Length + sizeof(WCHAR) +
114  UserInfo->All.ScriptPath.Length + sizeof(WCHAR) +
115  UserInfo->All.ProfilePath.Length + sizeof(WCHAR) +
116  ((wcslen(ComputerName) + 3) * sizeof(WCHAR));
117 
119  if (LocalBuffer == NULL)
120  {
121  TRACE("Failed to allocate the local buffer!\n");
123  goto done;
124  }
125 
126  Status = DispatchTable.AllocateClientBuffer(ClientRequest,
127  BufferLength,
128  &ClientBaseAddress);
129  if (!NT_SUCCESS(Status))
130  {
131  TRACE("DispatchTable.AllocateClientBuffer failed (Status 0x%08lx)\n", Status);
132  goto done;
133  }
134 
135  TRACE("ClientBaseAddress: %p\n", ClientBaseAddress);
136 
137  Ptr = (LPWSTR)((ULONG_PTR)LocalBuffer + sizeof(MSV1_0_INTERACTIVE_PROFILE));
138 
139  LocalBuffer->MessageType = MsV1_0InteractiveProfile;
140  LocalBuffer->LogonCount = UserInfo->All.LogonCount;
141  LocalBuffer->BadPasswordCount = UserInfo->All.BadPasswordCount;
142 
143  LocalBuffer->LogonTime.LowPart = UserInfo->All.LastLogon.LowPart;
144  LocalBuffer->LogonTime.HighPart = UserInfo->All.LastLogon.HighPart;
145 
146  LocalBuffer->LogoffTime.LowPart = UserInfo->All.AccountExpires.LowPart;
147  LocalBuffer->LogoffTime.HighPart = UserInfo->All.AccountExpires.HighPart;
148 
149  LocalBuffer->KickOffTime.LowPart = UserInfo->All.AccountExpires.LowPart;
150  LocalBuffer->KickOffTime.HighPart = UserInfo->All.AccountExpires.HighPart;
151 
152  LocalBuffer->PasswordLastSet.LowPart = UserInfo->All.PasswordLastSet.LowPart;
153  LocalBuffer->PasswordLastSet.HighPart = UserInfo->All.PasswordLastSet.HighPart;
154 
155  LocalBuffer->PasswordCanChange.LowPart = UserInfo->All.PasswordCanChange.LowPart;
156  LocalBuffer->PasswordCanChange.HighPart = UserInfo->All.PasswordCanChange.HighPart;
157 
158  LocalBuffer->PasswordMustChange.LowPart = UserInfo->All.PasswordMustChange.LowPart;
159  LocalBuffer->PasswordMustChange.HighPart = UserInfo->All.PasswordMustChange.HighPart;
160 
161  LocalBuffer->LogonScript.Length = UserInfo->All.ScriptPath.Length;
162  LocalBuffer->LogonScript.MaximumLength = UserInfo->All.ScriptPath.Length + sizeof(WCHAR);
163  LocalBuffer->LogonScript.Buffer = (LPWSTR)((ULONG_PTR)ClientBaseAddress + (ULONG_PTR)Ptr - (ULONG_PTR)LocalBuffer);
164  memcpy(Ptr,
165  UserInfo->All.ScriptPath.Buffer,
166  UserInfo->All.ScriptPath.Length);
167 
168  Ptr = (LPWSTR)((ULONG_PTR)Ptr + LocalBuffer->LogonScript.MaximumLength);
169 
170  LocalBuffer->HomeDirectory.Length = UserInfo->All.HomeDirectory.Length;
171  LocalBuffer->HomeDirectory.MaximumLength = UserInfo->All.HomeDirectory.Length + sizeof(WCHAR);
172  LocalBuffer->HomeDirectory.Buffer = (LPWSTR)((ULONG_PTR)ClientBaseAddress + (ULONG_PTR)Ptr - (ULONG_PTR)LocalBuffer);
173  memcpy(Ptr,
174  UserInfo->All.HomeDirectory.Buffer,
175  UserInfo->All.HomeDirectory.Length);
176 
177  Ptr = (LPWSTR)((ULONG_PTR)Ptr + LocalBuffer->HomeDirectory.MaximumLength);
178 
179  LocalBuffer->FullName.Length = UserInfo->All.FullName.Length;
180  LocalBuffer->FullName.MaximumLength = UserInfo->All.FullName.Length + sizeof(WCHAR);
181  LocalBuffer->FullName.Buffer = (LPWSTR)((ULONG_PTR)ClientBaseAddress + (ULONG_PTR)Ptr - (ULONG_PTR)LocalBuffer);
182  memcpy(Ptr,
183  UserInfo->All.FullName.Buffer,
184  UserInfo->All.FullName.Length);
185  TRACE("FullName.Buffer: %p\n", LocalBuffer->FullName.Buffer);
186 
187  Ptr = (LPWSTR)((ULONG_PTR)Ptr + LocalBuffer->FullName.MaximumLength);
188 
189  LocalBuffer->ProfilePath.Length = UserInfo->All.ProfilePath.Length;
190  LocalBuffer->ProfilePath.MaximumLength = UserInfo->All.ProfilePath.Length + sizeof(WCHAR);
191  LocalBuffer->ProfilePath.Buffer = (LPWSTR)((ULONG_PTR)ClientBaseAddress + (ULONG_PTR)Ptr - (ULONG_PTR)LocalBuffer);
192  memcpy(Ptr,
193  UserInfo->All.ProfilePath.Buffer,
194  UserInfo->All.ProfilePath.Length);
195 
196  Ptr = (LPWSTR)((ULONG_PTR)Ptr + LocalBuffer->ProfilePath.MaximumLength);
197 
198  LocalBuffer->HomeDirectoryDrive.Length = UserInfo->All.HomeDirectoryDrive.Length;
199  LocalBuffer->HomeDirectoryDrive.MaximumLength = UserInfo->All.HomeDirectoryDrive.Length + sizeof(WCHAR);
200  LocalBuffer->HomeDirectoryDrive.Buffer = (LPWSTR)((ULONG_PTR)ClientBaseAddress + (ULONG_PTR)Ptr - (ULONG_PTR)LocalBuffer);
201  memcpy(Ptr,
202  UserInfo->All.HomeDirectoryDrive.Buffer,
203  UserInfo->All.HomeDirectoryDrive.Length);
204 
206 
207  LocalBuffer->LogonServer.Length = (wcslen(ComputerName) + 2) * sizeof(WCHAR);
208  LocalBuffer->LogonServer.MaximumLength = LocalBuffer->LogonServer.Length + sizeof(WCHAR);
209  LocalBuffer->LogonServer.Buffer = (LPWSTR)((ULONG_PTR)ClientBaseAddress + (ULONG_PTR)Ptr - (ULONG_PTR)LocalBuffer);
210  wcscpy(Ptr, L"\\");
211  wcscat(Ptr, ComputerName);
212 
213  LocalBuffer->UserFlags = 0;
214 
215  Status = DispatchTable.CopyToClientBuffer(ClientRequest,
216  BufferLength,
217  ClientBaseAddress,
218  LocalBuffer);
219  if (!NT_SUCCESS(Status))
220  {
221  TRACE("DispatchTable.CopyToClientBuffer failed (Status 0x%08lx)\n", Status);
222  goto done;
223  }
224 
225  *ProfileBuffer = (PMSV1_0_INTERACTIVE_PROFILE)ClientBaseAddress;
227 
228 done:
229  if (LocalBuffer != NULL)
230  DispatchTable.FreeLsaHeap(LocalBuffer);
231 
232  if (!NT_SUCCESS(Status))
233  {
234  if (ClientBaseAddress != NULL)
235  DispatchTable.FreeClientBuffer(ClientRequest,
236  ClientBaseAddress);
237  }
238 
239  return Status;
240 }
241 
242 
243 static
244 PSID
246  ULONG Rid)
247 {
248  PSID DstSid = NULL;
249  UCHAR RidCount;
250 
251  RidCount = *RtlSubAuthorityCountSid(SrcSid);
252  if (RidCount >= 8)
253  return NULL;
254 
255  DstSid = DispatchTable.AllocateLsaHeap(RtlLengthRequiredSid(RidCount + 1));
256  if (DstSid == NULL)
257  return NULL;
258 
259  RtlCopyMemory(DstSid,
260  SrcSid,
261  RtlLengthRequiredSid(RidCount));
262 
263  *RtlSubAuthorityCountSid(DstSid) = RidCount + 1;
264  *RtlSubAuthoritySid(DstSid, RidCount) = Rid;
265 
266  return DstSid;
267 }
268 
269 
270 static
271 NTSTATUS
274  IN ULONG RelativeId)
275 {
276  User->User.Sid = AppendRidToSid(AccountDomainSid,
277  RelativeId);
278  if (User->User.Sid == NULL)
279  {
280  ERR("Could not create the user SID\n");
282  }
283 
284  User->User.Attributes = 0;
285 
286  return STATUS_SUCCESS;
287 }
288 
289 
290 static
291 NTSTATUS
294  IN ULONG RelativeId)
295 {
297  RelativeId);
298  if (PrimaryGroup->PrimaryGroup == NULL)
299  {
300  ERR("Could not create the primary group SID\n");
302  }
303 
304  return STATUS_SUCCESS;
305 }
306 
307 
308 static
309 NTSTATUS
312  IN ULONG RelativeId,
313  IN BOOL SpecialAccount)
314 {
317  DWORD GroupCount = 0;
318  DWORD MaxGroups = 2;
319  PSID Sid;
321 
322  if (SpecialAccount)
323  MaxGroups++;
324 
326  MaxGroups * sizeof(SID_AND_ATTRIBUTES));
327  if (TokenGroups == NULL)
328  {
330  }
331 
332  if (SpecialAccount)
333  {
334  /* Self */
335  Sid = AppendRidToSid(AccountDomainSid, RelativeId);
336  if (Sid == NULL)
337  {
338 
339  }
340 
341  TokenGroups->Groups[GroupCount].Sid = Sid;
342  TokenGroups->Groups[GroupCount].Attributes =
344  GroupCount++;
345 
346  /* Member of 'Users' alias */
348  2,
357  &Sid);
358  TokenGroups->Groups[GroupCount].Sid = Sid;
359  TokenGroups->Groups[GroupCount].Attributes =
361  GroupCount++;
362  }
363  else
364  {
365  /* Member of the domains users group */
367  if (Sid == NULL)
368  {
369 
370  }
371 
372  TokenGroups->Groups[GroupCount].Sid = Sid;
373  TokenGroups->Groups[GroupCount].Attributes =
375  GroupCount++;
376  }
377 
378  /* Member of 'Authenticated users' */
380  1,
389  &Sid);
390  TokenGroups->Groups[GroupCount].Sid = Sid;
391  TokenGroups->Groups[GroupCount].Attributes =
393  GroupCount++;
394 
395  TokenGroups->GroupCount = GroupCount;
396  ASSERT(TokenGroups->GroupCount <= MaxGroups);
397 
398  *Groups = TokenGroups;
399 
400  return Status;
401 }
402 
403 
404 static
405 NTSTATUS
408  PSAMPR_USER_INFO_BUFFER UserInfo,
409  BOOL SpecialAccount)
410 {
412  ULONG i;
414 
416  if (Buffer == NULL)
417  {
418  WARN("Failed to allocate the local buffer!\n");
420  goto done;
421  }
422 
423  Buffer->ExpirationTime.LowPart = UserInfo->All.AccountExpires.LowPart;
424  Buffer->ExpirationTime.HighPart = UserInfo->All.AccountExpires.HighPart;
425 
426  Status = BuildTokenUser(&Buffer->User,
428  UserInfo->All.UserId);
429  if (!NT_SUCCESS(Status))
430  {
431  WARN("BuildTokenUser() failed (Status 0x%08lx)\n", Status);
432  goto done;
433  }
434 
435  Status = BuildTokenPrimaryGroup(&Buffer->PrimaryGroup,
437  UserInfo->All.PrimaryGroupId);
438  if (!NT_SUCCESS(Status))
439  {
440  WARN("BuildTokenPrimaryGroup() failed (Status 0x%08lx)\n", Status);
441  goto done;
442  }
443 
444  Status = BuildTokenGroups(&Buffer->Groups,
446  UserInfo->All.UserId,
447  SpecialAccount);
448  if (!NT_SUCCESS(Status))
449  {
450  WARN("BuildTokenGroups() failed (Status 0x%08lx)\n", Status);
451  goto done;
452  }
453 
454  *TokenInformation = Buffer;
455 
456 done:
457  if (!NT_SUCCESS(Status))
458  {
459  if (Buffer != NULL)
460  {
461  if (Buffer->User.User.Sid != NULL)
462  DispatchTable.FreeLsaHeap(Buffer->User.User.Sid);
463 
464  if (Buffer->Groups != NULL)
465  {
466  for (i = 0; i < Buffer->Groups->GroupCount; i++)
467  {
468  if (Buffer->Groups->Groups[i].Sid != NULL)
469  DispatchTable.FreeLsaHeap(Buffer->Groups->Groups[i].Sid);
470  }
471 
473  }
474 
475  if (Buffer->PrimaryGroup.PrimaryGroup != NULL)
476  DispatchTable.FreeLsaHeap(Buffer->PrimaryGroup.PrimaryGroup);
477 
478  if (Buffer->DefaultDacl.DefaultDacl != NULL)
479  DispatchTable.FreeLsaHeap(Buffer->DefaultDacl.DefaultDacl);
480 
482  }
483  }
484 
485  return Status;
486 }
487 
488 
489 static
490 NTSTATUS
492  IN PVOID ProtocolSubmitBuffer,
493  IN PVOID ClientBufferBase,
494  IN ULONG SubmitBufferLength,
495  OUT PVOID *ProtocolReturnBuffer,
496  OUT PULONG ReturnBufferLength,
498 {
500  PMSV1_0_CHANGEPASSWORD_REQUEST RequestBuffer;
502 
503  SAMPR_HANDLE ServerHandle = NULL;
504  SAMPR_HANDLE DomainHandle = NULL;
505  SAMPR_HANDLE UserHandle = NULL;
506  PRPC_SID DomainSid = NULL;
508  SAMPR_ULONG_ARRAY RelativeIds = {0, NULL};
509  SAMPR_ULONG_ARRAY Use = {0, NULL};
510 
511  ENCRYPTED_NT_OWF_PASSWORD OldNtPassword;
512  ENCRYPTED_NT_OWF_PASSWORD NewNtPassword;
513  ENCRYPTED_LM_OWF_PASSWORD OldLmPassword;
514  ENCRYPTED_LM_OWF_PASSWORD NewLmPassword;
515  OEM_STRING LmPwdString;
516  CHAR LmPwdBuffer[15];
517  BOOLEAN OldLmPasswordPresent = FALSE;
518  BOOLEAN NewLmPasswordPresent = FALSE;
519 
520  ENCRYPTED_LM_OWF_PASSWORD OldLmEncryptedWithNewLm;
521  ENCRYPTED_LM_OWF_PASSWORD NewLmEncryptedWithOldLm;
522  ENCRYPTED_LM_OWF_PASSWORD OldNtEncryptedWithNewNt;
523  ENCRYPTED_LM_OWF_PASSWORD NewNtEncryptedWithOldNt;
524  PENCRYPTED_LM_OWF_PASSWORD pOldLmEncryptedWithNewLm = NULL;
525  PENCRYPTED_LM_OWF_PASSWORD pNewLmEncryptedWithOldLm = NULL;
526 
527  TRACE("MsvpChangePassword()\n");
528 
529  /* Parameters validation */
530 
531  if (SubmitBufferLength < sizeof(MSV1_0_CHANGEPASSWORD_REQUEST))
532  {
533  ERR("Invalid SubmitBufferLength %lu\n", SubmitBufferLength);
535  }
536 
537  RequestBuffer = (PMSV1_0_CHANGEPASSWORD_REQUEST)ProtocolSubmitBuffer;
538 
539  /* Fix-up pointers in the request buffer info */
540  PtrOffset = (ULONG_PTR)ProtocolSubmitBuffer - (ULONG_PTR)ClientBufferBase;
541 
542  Status = RtlValidateUnicodeString(0, &RequestBuffer->DomainName);
543  if (!NT_SUCCESS(Status))
545  // TODO: Check for Buffer limits wrt. ClientBufferBase and alignment.
546  RequestBuffer->DomainName.Buffer = FIXUP_POINTER(RequestBuffer->DomainName.Buffer, PtrOffset);
547  RequestBuffer->DomainName.MaximumLength = RequestBuffer->DomainName.Length;
548 
549  Status = RtlValidateUnicodeString(0, &RequestBuffer->AccountName);
550  if (!NT_SUCCESS(Status))
552  // TODO: Check for Buffer limits wrt. ClientBufferBase and alignment.
553  RequestBuffer->AccountName.Buffer = FIXUP_POINTER(RequestBuffer->AccountName.Buffer, PtrOffset);
554  RequestBuffer->AccountName.MaximumLength = RequestBuffer->AccountName.Length;
555 
556  Status = RtlValidateUnicodeString(0, &RequestBuffer->OldPassword);
557  if (!NT_SUCCESS(Status))
559  // TODO: Check for Buffer limits wrt. ClientBufferBase and alignment.
560  RequestBuffer->OldPassword.Buffer = FIXUP_POINTER(RequestBuffer->OldPassword.Buffer, PtrOffset);
561  RequestBuffer->OldPassword.MaximumLength = RequestBuffer->OldPassword.Length;
562 
563  Status = RtlValidateUnicodeString(0, &RequestBuffer->NewPassword);
564  if (!NT_SUCCESS(Status))
566  // TODO: Check for Buffer limits wrt. ClientBufferBase and alignment.
567  RequestBuffer->NewPassword.Buffer = FIXUP_POINTER(RequestBuffer->NewPassword.Buffer, PtrOffset);
568  RequestBuffer->NewPassword.MaximumLength = RequestBuffer->NewPassword.Length;
569 
570  TRACE("Domain: %S\n", RequestBuffer->DomainName.Buffer);
571  TRACE("Account: %S\n", RequestBuffer->AccountName.Buffer);
572  TRACE("Old Password: %S\n", RequestBuffer->OldPassword.Buffer);
573  TRACE("New Password: %S\n", RequestBuffer->NewPassword.Buffer);
574 
575  /* Connect to the SAM server */
577  &ServerHandle,
579  TRUE);
580  if (!NT_SUCCESS(Status))
581  {
582  TRACE("SamIConnect() failed (Status 0x%08lx)\n", Status);
583  goto done;
584  }
585 
586  /* Get the domain SID */
587  Status = SamrLookupDomainInSamServer(ServerHandle,
588  (PRPC_UNICODE_STRING)&RequestBuffer->DomainName,
589  &DomainSid);
590  if (!NT_SUCCESS(Status))
591  {
592  TRACE("SamrLookupDomainInSamServer failed (Status %08lx)\n", Status);
593  goto done;
594  }
595 
596  /* Open the domain */
597  Status = SamrOpenDomain(ServerHandle,
599  DomainSid,
600  &DomainHandle);
601  if (!NT_SUCCESS(Status))
602  {
603  TRACE("SamrOpenDomain failed (Status %08lx)\n", Status);
604  goto done;
605  }
606 
607  Names[0].Length = RequestBuffer->AccountName.Length;
608  Names[0].MaximumLength = RequestBuffer->AccountName.MaximumLength;
609  Names[0].Buffer = RequestBuffer->AccountName.Buffer;
610 
611  /* Try to get the RID for the user name */
612  Status = SamrLookupNamesInDomain(DomainHandle,
613  1,
614  Names,
615  &RelativeIds,
616  &Use);
617  if (!NT_SUCCESS(Status))
618  {
619  TRACE("SamrLookupNamesInDomain failed (Status %08lx)\n", Status);
621  goto done;
622  }
623 
624  /* Fail, if it is not a user account */
625  if (Use.Element[0] != SidTypeUser)
626  {
627  TRACE("Account is not a user account!\n");
629  goto done;
630  }
631 
632  /* Open the user object */
633  Status = SamrOpenUser(DomainHandle,
635  RelativeIds.Element[0],
636  &UserHandle);
637  if (!NT_SUCCESS(Status))
638  {
639  TRACE("SamrOpenUser failed (Status %08lx)\n", Status);
640  goto done;
641  }
642 
643 
644  /* Calculate the NT hash for the old password */
645  Status = SystemFunction007(&RequestBuffer->OldPassword,
646  (LPBYTE)&OldNtPassword);
647  if (!NT_SUCCESS(Status))
648  {
649  TRACE("SystemFunction007 failed (Status 0x%08lx)\n", Status);
650  goto done;
651  }
652 
653  /* Calculate the NT hash for the new password */
654  Status = SystemFunction007(&RequestBuffer->NewPassword,
655  (LPBYTE)&NewNtPassword);
656  if (!NT_SUCCESS(Status))
657  {
658  TRACE("SystemFunction007 failed (Status 0x%08lx)\n", Status);
659  goto done;
660  }
661 
662  /* Calculate the LM password and hash for the old password */
663  LmPwdString.Length = 15;
664  LmPwdString.MaximumLength = 15;
665  LmPwdString.Buffer = LmPwdBuffer;
666  ZeroMemory(LmPwdString.Buffer, LmPwdString.MaximumLength);
667 
669  &RequestBuffer->OldPassword,
670  FALSE);
671  if (NT_SUCCESS(Status))
672  {
673  /* Calculate the LM hash value of the password */
674  Status = SystemFunction006(LmPwdString.Buffer,
675  (LPSTR)&OldLmPassword);
676  if (NT_SUCCESS(Status))
677  {
678  OldLmPasswordPresent = TRUE;
679  }
680  }
681 
682  /* Calculate the LM password and hash for the new password */
683  LmPwdString.Length = 15;
684  LmPwdString.MaximumLength = 15;
685  LmPwdString.Buffer = LmPwdBuffer;
686  ZeroMemory(LmPwdString.Buffer, LmPwdString.MaximumLength);
687 
689  &RequestBuffer->NewPassword,
690  FALSE);
691  if (NT_SUCCESS(Status))
692  {
693  /* Calculate the LM hash value of the password */
694  Status = SystemFunction006(LmPwdString.Buffer,
695  (LPSTR)&NewLmPassword);
696  if (NT_SUCCESS(Status))
697  {
698  NewLmPasswordPresent = TRUE;
699  }
700  }
701 
702  /* Encrypt the old and new LM passwords, if they exist */
703  if (OldLmPasswordPresent && NewLmPasswordPresent)
704  {
705  /* Encrypt the old LM password */
706  Status = SystemFunction012((const BYTE *)&OldLmPassword,
707  (const BYTE *)&NewLmPassword,
708  (LPBYTE)&OldLmEncryptedWithNewLm);
709  if (!NT_SUCCESS(Status))
710  {
711  TRACE("SystemFunction012 failed (Status 0x%08lx)\n", Status);
712  goto done;
713  }
714 
715  /* Encrypt the new LM password */
716  Status = SystemFunction012((const BYTE *)&NewLmPassword,
717  (const BYTE *)&OldLmPassword,
718  (LPBYTE)&NewLmEncryptedWithOldLm);
719  if (!NT_SUCCESS(Status))
720  {
721  TRACE("SystemFunction012 failed (Status 0x%08lx)\n", Status);
722  goto done;
723  }
724 
725  pOldLmEncryptedWithNewLm = &OldLmEncryptedWithNewLm;
726  pNewLmEncryptedWithOldLm = &NewLmEncryptedWithOldLm;
727  }
728 
729  /* Encrypt the old NT password */
730  Status = SystemFunction012((const BYTE *)&OldNtPassword,
731  (const BYTE *)&NewNtPassword,
732  (LPBYTE)&OldNtEncryptedWithNewNt);
733  if (!NT_SUCCESS(Status))
734  {
735  TRACE("SystemFunction012 failed (Status 0x%08lx)\n", Status);
736  goto done;
737  }
738 
739  /* Encrypt the new NT password */
740  Status = SystemFunction012((const BYTE *)&NewNtPassword,
741  (const BYTE *)&OldNtPassword,
742  (LPBYTE)&NewNtEncryptedWithOldNt);
743  if (!NT_SUCCESS(Status))
744  {
745  TRACE("SystemFunction012 failed (Status 0x%08lx)\n", Status);
746  goto done;
747  }
748 
749  /* Change the password */
750  Status = SamrChangePasswordUser(UserHandle,
751  OldLmPasswordPresent && NewLmPasswordPresent,
752  pOldLmEncryptedWithNewLm,
753  pNewLmEncryptedWithOldLm,
754  TRUE,
755  &OldNtEncryptedWithNewNt,
756  &NewNtEncryptedWithOldNt,
757  FALSE,
758  NULL,
759  FALSE,
760  NULL);
761  if (!NT_SUCCESS(Status))
762  {
763  TRACE("SamrChangePasswordUser failed (Status %08lx)\n", Status);
764  goto done;
765  }
766 
767 done:
768  if (UserHandle != NULL)
769  SamrCloseHandle(&UserHandle);
770 
771  SamIFree_SAMPR_ULONG_ARRAY(&RelativeIds);
773 
774  if (DomainHandle != NULL)
775  SamrCloseHandle(&DomainHandle);
776 
777  if (DomainSid != NULL)
778  SamIFreeVoid(DomainSid);
779 
780  if (ServerHandle != NULL)
781  SamrCloseHandle(&ServerHandle);
782 
783  return Status;
784 }
785 
786 
787 static
788 NTSTATUS
790  PSAMPR_USER_INFO_BUFFER UserInfo)
791 {
792  ENCRYPTED_NT_OWF_PASSWORD UserNtPassword;
793  ENCRYPTED_LM_OWF_PASSWORD UserLmPassword;
794  BOOLEAN UserLmPasswordPresent = FALSE;
795  BOOLEAN UserNtPasswordPresent = FALSE;
796  OEM_STRING LmPwdString;
797  CHAR LmPwdBuffer[15];
799 
800  TRACE("(%p %p)\n", UserPassword, UserInfo);
801 
802  /* Calculate the LM password and hash for the users password */
803  LmPwdString.Length = 15;
804  LmPwdString.MaximumLength = 15;
805  LmPwdString.Buffer = LmPwdBuffer;
806  ZeroMemory(LmPwdString.Buffer, LmPwdString.MaximumLength);
807 
809  UserPassword,
810  FALSE);
811  if (NT_SUCCESS(Status))
812  {
813  /* Calculate the LM hash value of the users password */
814  Status = SystemFunction006(LmPwdString.Buffer,
815  (LPSTR)&UserLmPassword);
816  if (NT_SUCCESS(Status))
817  {
818  UserLmPasswordPresent = TRUE;
819  }
820  }
821 
822  /* Calculate the NT hash of the users password */
823  Status = SystemFunction007(UserPassword,
824  (LPBYTE)&UserNtPassword);
825  if (NT_SUCCESS(Status))
826  {
827  UserNtPasswordPresent = TRUE;
828  }
829 
831 
832  /* Succeed, if no password has been set */
833  if (UserInfo->All.NtPasswordPresent == FALSE &&
834  UserInfo->All.LmPasswordPresent == FALSE)
835  {
836  TRACE("No password check!\n");
838  goto done;
839  }
840 
841  /* Succeed, if NT password matches */
842  if (UserNtPasswordPresent && UserInfo->All.NtPasswordPresent)
843  {
844  TRACE("Check NT password hashes:\n");
845  if (RtlEqualMemory(&UserNtPassword,
846  UserInfo->All.NtOwfPassword.Buffer,
847  sizeof(ENCRYPTED_NT_OWF_PASSWORD)))
848  {
849  TRACE(" success!\n");
851  goto done;
852  }
853 
854  TRACE(" failed!\n");
855  }
856 
857  /* Succeed, if LM password matches */
858  if (UserLmPasswordPresent && UserInfo->All.LmPasswordPresent)
859  {
860  TRACE("Check LM password hashes:\n");
861  if (RtlEqualMemory(&UserLmPassword,
862  UserInfo->All.LmOwfPassword.Buffer,
863  sizeof(ENCRYPTED_LM_OWF_PASSWORD)))
864  {
865  TRACE(" success!\n");
867  goto done;
868  }
869  TRACE(" failed!\n");
870  }
871 
872 done:
873  return Status;
874 }
875 
876 
877 static
878 BOOL
880  _In_ PSAMPR_LOGON_HOURS LogonHours,
881  _In_ PLARGE_INTEGER LogonTime)
882 {
883 #if 0
884  LARGE_INTEGER LocalLogonTime;
886  USHORT MinutesPerUnit, Offset;
887  BOOL bFound;
888 
889  FIXME("MsvpCheckLogonHours(%p %p)\n", LogonHours, LogonTime);
890 
891  if (LogonHours->UnitsPerWeek == 0 || LogonHours->LogonHours == NULL)
892  {
893  FIXME("No logon hours!\n");
894  return TRUE;
895  }
896 
897  RtlSystemTimeToLocalTime(LogonTime, &LocalLogonTime);
898  RtlTimeToTimeFields(&LocalLogonTime, &TimeFields);
899 
900  FIXME("UnitsPerWeek: %u\n", LogonHours->UnitsPerWeek);
901  MinutesPerUnit = 10080 / LogonHours->UnitsPerWeek;
902 
903  Offset = ((TimeFields.Weekday * 24 + TimeFields.Hour) * 60 + TimeFields.Minute) / MinutesPerUnit;
904  FIXME("Offset: %us\n", Offset);
905 
906  bFound = (BOOL)(LogonHours->LogonHours[Offset / 8] & (1 << (Offset % 8)));
907  FIXME("Logon permitted: %s\n", bFound ? "Yes" : "No");
908 
909  return bFound;
910 #endif
911  return TRUE;
912 }
913 
914 
915 static
916 BOOL
918  _In_ PRPC_UNICODE_STRING WorkStations,
919  _In_ PWSTR ComputerName)
920 {
921  PWSTR pStart, pEnd;
922  BOOL bFound = FALSE;
923 
924  TRACE("MsvpCheckWorkstations(%p %S)\n", WorkStations, ComputerName);
925 
926  if (WorkStations->Length == 0 || WorkStations->Buffer == NULL)
927  {
928  TRACE("No workstations!\n");
929  return TRUE;
930  }
931 
932  TRACE("Workstations: %wZ\n", WorkStations);
933 
934  pStart = WorkStations->Buffer;
935  for (;;)
936  {
937  pEnd = wcschr(pStart, L',');
938  if (pEnd != NULL)
939  *pEnd = UNICODE_NULL;
940 
941  TRACE("Comparing '%S' and '%S'\n", ComputerName, pStart);
942  if (_wcsicmp(ComputerName, pStart) == 0)
943  {
944  bFound = TRUE;
945  if (pEnd != NULL)
946  *pEnd = L',';
947  break;
948  }
949 
950  if (pEnd == NULL)
951  break;
952 
953  *pEnd = L',';
954  pStart = pEnd + 1;
955  }
956 
957  TRACE("Found allowed workstation: %s\n", (bFound) ? "Yes" : "No");
958 
959  return bFound;
960 }
961 
962 
963 /*
964  * @unimplemented
965  */
966 NTSTATUS
967 NTAPI
969  IN PVOID ProtocolSubmitBuffer,
970  IN PVOID ClientBufferBase,
971  IN ULONG SubmitBufferLength,
972  OUT PVOID *ProtocolReturnBuffer,
973  OUT PULONG ReturnBufferLength,
975 {
977  MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
978 
979  TRACE("LsaApCallPackage()\n");
980 
981  if (SubmitBufferLength < sizeof(MSV1_0_PROTOCOL_MESSAGE_TYPE))
983 
984  MessageType = *((PMSV1_0_PROTOCOL_MESSAGE_TYPE)ProtocolSubmitBuffer);
985 
986  *ProtocolReturnBuffer = NULL;
987  *ReturnBufferLength = 0;
988 
989  switch (MessageType)
990  {
994  break;
995 
997  case MsV1_0GetUserInfo:
998  case MsV1_0ReLogonUsers:
1000  break;
1001 
1002  case MsV1_0ChangePassword:
1003  Status = MsvpChangePassword(ClientRequest,
1004  ProtocolSubmitBuffer,
1005  ClientBufferBase,
1006  SubmitBufferLength,
1007  ProtocolReturnBuffer,
1008  ReturnBufferLength,
1009  ProtocolStatus);
1010  break;
1011 
1014  case MsV1_0CacheLogon:
1015  case MsV1_0SubAuth:
1017  case MsV1_0CacheLookup:
1019  break;
1020 
1021  default:
1022  return STATUS_INVALID_PARAMETER;
1023  }
1024 
1025  return Status;
1026 }
1027 
1028 
1029 /*
1030  * @unimplemented
1031  */
1032 NTSTATUS
1033 NTAPI
1035  IN PVOID ProtocolSubmitBuffer,
1036  IN PVOID ClientBufferBase,
1037  IN ULONG SubmitBufferLength,
1038  OUT PVOID *ProtocolReturnBuffer,
1039  OUT PULONG ReturnBufferLength,
1041 {
1042  TRACE("LsaApCallPackagePassthrough()\n");
1043  return STATUS_NOT_IMPLEMENTED;
1044 }
1045 
1046 
1047 /*
1048  * @implemented
1049  */
1050 NTSTATUS
1051 NTAPI
1053  IN PVOID ProtocolSubmitBuffer,
1054  IN PVOID ClientBufferBase,
1055  IN ULONG SubmitBufferLength,
1056  OUT PVOID *ProtocolReturnBuffer,
1057  OUT PULONG ReturnBufferLength,
1059 {
1060  ULONG MessageType;
1061  NTSTATUS Status;
1062 
1063  TRACE("LsaApCallPackageUntrusted()\n");
1064 
1065  if (SubmitBufferLength < sizeof(MSV1_0_PROTOCOL_MESSAGE_TYPE))
1066  return STATUS_INVALID_PARAMETER;
1067 
1068  MessageType = (ULONG)*((PMSV1_0_PROTOCOL_MESSAGE_TYPE)ProtocolSubmitBuffer);
1069 
1070  *ProtocolReturnBuffer = NULL;
1071  *ReturnBufferLength = 0;
1072 
1073  if (MessageType == MsV1_0ChangePassword)
1074  Status = MsvpChangePassword(ClientRequest,
1075  ProtocolSubmitBuffer,
1076  ClientBufferBase,
1077  SubmitBufferLength,
1078  ProtocolReturnBuffer,
1079  ReturnBufferLength,
1080  ProtocolStatus);
1081  else
1083 
1084  return Status;
1085 }
1086 
1087 
1088 /*
1089  * @implemented
1090  */
1091 NTSTATUS
1092 NTAPI
1093 LsaApInitializePackage(IN ULONG AuthenticationPackageId,
1094  IN PLSA_DISPATCH_TABLE LsaDispatchTable,
1096  IN PLSA_STRING Confidentiality OPTIONAL,
1097  OUT PLSA_STRING *AuthenticationPackageName)
1098 {
1099  PANSI_STRING NameString;
1100  PCHAR NameBuffer;
1101 
1102  TRACE("LsaApInitializePackage(%lu %p %p %p %p)\n",
1103  AuthenticationPackageId, LsaDispatchTable, Database,
1104  Confidentiality, AuthenticationPackageName);
1105 
1106  /* Get the dispatch table entries */
1107  DispatchTable.CreateLogonSession = LsaDispatchTable->CreateLogonSession;
1108  DispatchTable.DeleteLogonSession = LsaDispatchTable->DeleteLogonSession;
1109  DispatchTable.AddCredential = LsaDispatchTable->AddCredential;
1110  DispatchTable.GetCredentials = LsaDispatchTable->GetCredentials;
1111  DispatchTable.DeleteCredential = LsaDispatchTable->DeleteCredential;
1112  DispatchTable.AllocateLsaHeap = LsaDispatchTable->AllocateLsaHeap;
1113  DispatchTable.FreeLsaHeap = LsaDispatchTable->FreeLsaHeap;
1114  DispatchTable.AllocateClientBuffer = LsaDispatchTable->AllocateClientBuffer;
1115  DispatchTable.FreeClientBuffer = LsaDispatchTable->FreeClientBuffer;
1116  DispatchTable.CopyToClientBuffer = LsaDispatchTable->CopyToClientBuffer;
1117  DispatchTable.CopyFromClientBuffer = LsaDispatchTable->CopyFromClientBuffer;
1118 
1119  /* Return the package name */
1120  NameString = DispatchTable.AllocateLsaHeap(sizeof(LSA_STRING));
1121  if (NameString == NULL)
1123 
1124  NameBuffer = DispatchTable.AllocateLsaHeap(sizeof(MSV1_0_PACKAGE_NAME));
1125  if (NameBuffer == NULL)
1126  {
1127  DispatchTable.FreeLsaHeap(NameString);
1129  }
1130 
1131  strcpy(NameBuffer, MSV1_0_PACKAGE_NAME);
1132 
1133  RtlInitAnsiString(NameString, NameBuffer);
1134 
1135  *AuthenticationPackageName = (PLSA_STRING)NameString;
1136 
1137  return STATUS_SUCCESS;
1138 }
1139 
1140 
1141 /*
1142  * @unimplemented
1143  */
1144 VOID
1145 NTAPI
1147 {
1148  TRACE("LsaApLogonTerminated()\n");
1149 }
1150 
1151 
1152 /*
1153  * @implemented
1154  */
1155 NTSTATUS
1156 NTAPI
1159  IN PVOID ProtocolSubmitBuffer,
1160  IN PVOID ClientBufferBase,
1161  IN ULONG SubmitBufferSize,
1163  OUT PULONG ProfileBufferSize,
1164  OUT PLUID LogonId,
1166  OUT PLSA_TOKEN_INFORMATION_TYPE TokenInformationType,
1167  OUT PVOID *TokenInformation,
1168  OUT PUNICODE_STRING *AccountName,
1169  OUT PUNICODE_STRING *AuthenticatingAuthority,
1171  OUT PSECPKG_PRIMARY_CRED PrimaryCredentials, /* Not supported yet */
1172  OUT PSECPKG_SUPPLEMENTAL_CRED_ARRAY *SupplementalCredentials) /* Not supported yet */
1173 {
1174  static const UNICODE_STRING NtAuthorityU = RTL_CONSTANT_STRING(L"NT AUTHORITY");
1175  static const UNICODE_STRING LocalServiceU = RTL_CONSTANT_STRING(L"LocalService");
1176  static const UNICODE_STRING NetworkServiceU = RTL_CONSTANT_STRING(L"NetworkService");
1177 
1178  NTSTATUS Status;
1179  PMSV1_0_INTERACTIVE_LOGON LogonInfo;
1180  WCHAR ComputerName[MAX_COMPUTERNAME_LENGTH + 1];
1181  SAMPR_HANDLE ServerHandle = NULL;
1182  SAMPR_HANDLE DomainHandle = NULL;
1183  SAMPR_HANDLE UserHandle = NULL;
1186  SAMPR_ULONG_ARRAY RelativeIds = {0, NULL};
1187  SAMPR_ULONG_ARRAY Use = {0, NULL};
1188  PSAMPR_USER_INFO_BUFFER UserInfo = NULL;
1189  BOOLEAN SessionCreated = FALSE;
1190  LARGE_INTEGER LogonTime;
1191  LARGE_INTEGER AccountExpires;
1192  LARGE_INTEGER PasswordMustChange;
1193  LARGE_INTEGER PasswordLastSet;
1194  DWORD ComputerNameSize;
1195  BOOL SpecialAccount = FALSE;
1196  UCHAR LogonPassHash;
1197  PUNICODE_STRING ErasePassword = NULL;
1198 
1199  TRACE("LsaApLogonUserEx2()\n");
1200 
1201  TRACE("LogonType: %lu\n", LogonType);
1202  TRACE("ProtocolSubmitBuffer: %p\n", ProtocolSubmitBuffer);
1203  TRACE("SubmitBufferSize: %lu\n", SubmitBufferSize);
1204 
1205  *ProfileBuffer = NULL;
1206  *ProfileBufferSize = 0;
1208  *AccountName = NULL;
1209  *AuthenticatingAuthority = NULL;
1210 
1211  /* Parameters validation */
1212  if (LogonType == Interactive ||
1213  LogonType == Batch ||
1214  LogonType == Service)
1215  {
1217 
1218  if (SubmitBufferSize < sizeof(MSV1_0_INTERACTIVE_LOGON))
1219  {
1220  ERR("Invalid SubmitBufferSize %lu\n", SubmitBufferSize);
1221  return STATUS_INVALID_PARAMETER;
1222  }
1223 
1224  LogonInfo = (PMSV1_0_INTERACTIVE_LOGON)ProtocolSubmitBuffer;
1225 
1226  if (LogonInfo->MessageType != MsV1_0InteractiveLogon &&
1228  {
1229  ERR("Invalid MessageType %lu\n", LogonInfo->MessageType);
1231  }
1232 
1233 #if 0 // FIXME: These checks happen to be done on Windows. We however keep them general on ReactOS for now...
1234  if (LogonInfo->UserName.Length > 512) // CRED_MAX_STRING_LENGTH * sizeof(WCHAR) or (CREDUI_MAX_USERNAME_LENGTH (== CRED_MAX_USERNAME_LENGTH) - 1) * sizeof(WCHAR)
1235  {
1236  ERR("UserName too long (%lu, maximum 512)\n", LogonInfo->UserName.Length);
1237  return STATUS_NAME_TOO_LONG;
1238  }
1239  if (LogonInfo->Password.Length > 512) // CREDUI_MAX_PASSWORD_LENGTH * sizeof(WCHAR)
1240  {
1241  ERR("Password too long (%lu, maximum 512)\n", LogonInfo->Password.Length);
1242  return STATUS_NAME_TOO_LONG;
1243  }
1244 #endif
1245 
1246  /* Fix-up pointers in the authentication info */
1247  PtrOffset = (ULONG_PTR)ProtocolSubmitBuffer - (ULONG_PTR)ClientBufferBase;
1248 
1249  /* LogonDomainName is optional and can be an empty string */
1250  if (LogonInfo->LogonDomainName.Length)
1251  {
1252  // TODO: Check for Buffer limits wrt. ClientBufferBase and alignment.
1254  LogonInfo->LogonDomainName.MaximumLength = LogonInfo->LogonDomainName.Length;
1255  }
1256  else
1257  {
1258  LogonInfo->LogonDomainName.Buffer = NULL;
1259  LogonInfo->LogonDomainName.MaximumLength = 0;
1260  }
1262  if (!NT_SUCCESS(Status))
1263  return STATUS_INVALID_PARAMETER;
1264 
1265  /* UserName is mandatory and cannot be an empty string */
1266  // TODO: Check for Buffer limits wrt. ClientBufferBase and alignment.
1267  LogonInfo->UserName.Buffer = FIXUP_POINTER(LogonInfo->UserName.Buffer, PtrOffset);
1268  LogonInfo->UserName.MaximumLength = LogonInfo->UserName.Length;
1269 
1270  Status = RtlValidateUnicodeString(0, &LogonInfo->UserName);
1271  if (!NT_SUCCESS(Status))
1272  return STATUS_INVALID_PARAMETER;
1273 
1274  /* MS docs says max length is 0xFF bytes. But thats not the full story:
1275  *
1276  * A Quote from https://groups.google.com/forum/#!topic/microsoft.public.win32.programmer.kernel/eFGcCo_ZObk:
1277  * "... At least on my WinXP SP2. Domain and UserName are passed
1278  * in clear text, but the Password is NOT. ..."
1279  *
1280  * If the higher byte of length != 0 we have to use RtlRunDecodeUnicodeString.
1281  */
1282  LogonPassHash = (LogonInfo->Password.Length >> 8) & 0xFF;
1283  LogonInfo->Password.Length = LogonInfo->Password.Length & 0xFF;
1284 
1285  /* Password is optional and can be an empty string */
1286  if (LogonInfo->Password.Length)
1287  {
1288  // TODO: Check for Buffer limits wrt. ClientBufferBase and alignment.
1289  LogonInfo->Password.Buffer = FIXUP_POINTER(LogonInfo->Password.Buffer, PtrOffset);
1290  LogonInfo->Password.MaximumLength = LogonInfo->Password.Length;
1291  }
1292  else
1293  {
1294  LogonInfo->Password.Buffer = NULL;
1295  LogonInfo->Password.MaximumLength = 0;
1296  }
1297 
1298  /* Decode password */
1299  if (LogonPassHash > 0)
1300  {
1301  RtlRunDecodeUnicodeString(LogonPassHash, &LogonInfo->Password);
1302  }
1303 
1304  /* ErasePassword will be "erased" before we return */
1305  ErasePassword = &LogonInfo->Password;
1306 
1307  Status = RtlValidateUnicodeString(0, &LogonInfo->Password);
1308  if (!NT_SUCCESS(Status))
1309  return STATUS_INVALID_PARAMETER;
1310 
1311  TRACE("Domain: %wZ\n", &LogonInfo->LogonDomainName);
1312  TRACE("User: %wZ\n", &LogonInfo->UserName);
1313  TRACE("Password: %wZ\n", &LogonInfo->Password);
1314 
1315  // TODO: If LogonType == Service, do some extra work using LogonInfo->Password.
1316  }
1317  else
1318  {
1319  FIXME("LogonType %lu is not supported yet!\n", LogonType);
1320  return STATUS_NOT_IMPLEMENTED;
1321  }
1322  // TODO: Add other LogonType validity checks.
1323 
1324  /* Get the logon time */
1325  NtQuerySystemTime(&LogonTime);
1326 
1327  /* Get the computer name */
1328  ComputerNameSize = ARRAYSIZE(ComputerName);
1329  GetComputerNameW(ComputerName, &ComputerNameSize);
1330 
1331  /* Check for special accounts */
1332  // FIXME: Windows does not do this that way!! (msv1_0 does not contain these hardcoded values)
1333  if (RtlEqualUnicodeString(&LogonInfo->LogonDomainName, &NtAuthorityU, TRUE))
1334  {
1335  SpecialAccount = TRUE;
1336 
1337  /* Get the authority domain SID */
1339  if (!NT_SUCCESS(Status))
1340  {
1341  ERR("GetNtAuthorityDomainSid() failed (Status 0x%08lx)\n", Status);
1342  return Status;
1343  }
1344 
1345  if (RtlEqualUnicodeString(&LogonInfo->UserName, &LocalServiceU, TRUE))
1346  {
1347  TRACE("SpecialAccount: LocalService\n");
1348 
1349  if (LogonType != Service)
1350  return STATUS_LOGON_FAILURE;
1351 
1352  UserInfo = RtlAllocateHeap(RtlGetProcessHeap(),
1354  sizeof(SAMPR_USER_ALL_INFORMATION));
1355  if (UserInfo == NULL)
1356  {
1358  goto done;
1359  }
1360 
1363  }
1364  else if (RtlEqualUnicodeString(&LogonInfo->UserName, &NetworkServiceU, TRUE))
1365  {
1366  TRACE("SpecialAccount: NetworkService\n");
1367 
1368  if (LogonType != Service)
1369  return STATUS_LOGON_FAILURE;
1370 
1371  UserInfo = RtlAllocateHeap(RtlGetProcessHeap(),
1373  sizeof(SAMPR_USER_ALL_INFORMATION));
1374  if (UserInfo == NULL)
1375  {
1377  goto done;
1378  }
1379 
1382  }
1383  else
1384  {
1386  goto done;
1387  }
1388  }
1389  else
1390  {
1391  TRACE("NormalAccount\n");
1392 
1393  /* Get the account domain SID */
1395  if (!NT_SUCCESS(Status))
1396  {
1397  ERR("GetAccountDomainSid() failed (Status 0x%08lx)\n", Status);
1398  return Status;
1399  }
1400 
1401  /* Connect to the SAM server */
1403  &ServerHandle,
1405  TRUE);
1406  if (!NT_SUCCESS(Status))
1407  {
1408  TRACE("SamIConnect() failed (Status 0x%08lx)\n", Status);
1409  goto done;
1410  }
1411 
1412  /* Open the account domain */
1413  Status = SamrOpenDomain(ServerHandle,
1414  DOMAIN_LOOKUP,
1416  &DomainHandle);
1417  if (!NT_SUCCESS(Status))
1418  {
1419  ERR("SamrOpenDomain failed (Status %08lx)\n", Status);
1420  goto done;
1421  }
1422 
1423  Names[0].Length = LogonInfo->UserName.Length;
1424  Names[0].MaximumLength = LogonInfo->UserName.MaximumLength;
1425  Names[0].Buffer = LogonInfo->UserName.Buffer;
1426 
1427  /* Try to get the RID for the user name */
1428  Status = SamrLookupNamesInDomain(DomainHandle,
1429  1,
1430  Names,
1431  &RelativeIds,
1432  &Use);
1433  if (!NT_SUCCESS(Status))
1434  {
1435  ERR("SamrLookupNamesInDomain failed (Status %08lx)\n", Status);
1437  goto done;
1438  }
1439 
1440  /* Fail, if it is not a user account */
1441  if (Use.Element[0] != SidTypeUser)
1442  {
1443  ERR("Account is not a user account!\n");
1445  goto done;
1446  }
1447 
1448  /* Open the user object */
1449  Status = SamrOpenUser(DomainHandle,
1452  RelativeIds.Element[0],
1453  &UserHandle);
1454  if (!NT_SUCCESS(Status))
1455  {
1456  ERR("SamrOpenUser failed (Status %08lx)\n", Status);
1457  goto done;
1458  }
1459 
1460  Status = SamrQueryInformationUser(UserHandle,
1462  &UserInfo);
1463  if (!NT_SUCCESS(Status))
1464  {
1465  ERR("SamrQueryInformationUser failed (Status %08lx)\n", Status);
1466  goto done;
1467  }
1468 
1469  TRACE("UserName: %wZ\n", &UserInfo->All.UserName);
1470 
1471  /* Check the password */
1472  if ((UserInfo->All.UserAccountControl & USER_PASSWORD_NOT_REQUIRED) == 0)
1473  {
1474  Status = MsvpCheckPassword(&LogonInfo->Password,
1475  UserInfo);
1476  if (!NT_SUCCESS(Status))
1477  {
1478  ERR("MsvpCheckPassword failed (Status %08lx)\n", Status);
1479  goto done;
1480  }
1481  }
1482 
1483  /* Check account restrictions for non-administrator accounts */
1484  if (RelativeIds.Element[0] != DOMAIN_USER_RID_ADMIN)
1485  {
1486  /* Check if the account has been disabled */
1488  {
1489  ERR("Account disabled!\n");
1492  goto done;
1493  }
1494 
1495  /* Check if the account has been locked */
1497  {
1498  ERR("Account locked!\n");
1501  goto done;
1502  }
1503 
1504  /* Check if the account expired */
1505  AccountExpires.LowPart = UserInfo->All.AccountExpires.LowPart;
1506  AccountExpires.HighPart = UserInfo->All.AccountExpires.HighPart;
1507  if (LogonTime.QuadPart >= AccountExpires.QuadPart)
1508  {
1509  ERR("Account expired!\n");
1512  goto done;
1513  }
1514 
1515  /* Check if the password expired */
1516  PasswordMustChange.LowPart = UserInfo->All.PasswordMustChange.LowPart;
1517  PasswordMustChange.HighPart = UserInfo->All.PasswordMustChange.HighPart;
1518  PasswordLastSet.LowPart = UserInfo->All.PasswordLastSet.LowPart;
1519  PasswordLastSet.HighPart = UserInfo->All.PasswordLastSet.HighPart;
1520 
1521  if (LogonTime.QuadPart >= PasswordMustChange.QuadPart)
1522  {
1523  ERR("Password expired!\n");
1524  if (PasswordLastSet.QuadPart == 0)
1526  else
1528 
1530  goto done;
1531  }
1532 
1533  /* Check logon hours */
1534  if (!MsvpCheckLogonHours(&UserInfo->All.LogonHours, &LogonTime))
1535  {
1536  ERR("Invalid logon hours!\n");
1539  goto done;
1540  }
1541 
1542  /* Check workstations */
1543  if (!MsvpCheckWorkstations(&UserInfo->All.WorkStations, ComputerName))
1544  {
1545  ERR("Invalid workstation!\n");
1548  goto done;
1549  }
1550  }
1551  }
1552 
1553  /* Return logon information */
1554 
1555  /* Create and return a new logon id */
1557  if (!NT_SUCCESS(Status))
1558  {
1559  TRACE("NtAllocateLocallyUniqueId failed (Status %08lx)\n", Status);
1560  goto done;
1561  }
1562 
1563  /* Create the logon session */
1565  if (!NT_SUCCESS(Status))
1566  {
1567  TRACE("CreateLogonSession failed (Status %08lx)\n", Status);
1568  goto done;
1569  }
1570 
1571  SessionCreated = TRUE;
1572 
1573  /* Build and fill the interactive profile buffer */
1574  Status = BuildInteractiveProfileBuffer(ClientRequest,
1575  UserInfo,
1576  ComputerName,
1578  ProfileBufferSize);
1579  if (!NT_SUCCESS(Status))
1580  {
1581  TRACE("BuildInteractiveProfileBuffer failed (Status %08lx)\n", Status);
1582  goto done;
1583  }
1584 
1585  /* Return the token information type */
1586  *TokenInformationType = LsaTokenInformationV1;
1587 
1588  /* Build and fill the token information buffer */
1591  UserInfo,
1592  SpecialAccount);
1593  if (!NT_SUCCESS(Status))
1594  {
1595  TRACE("BuildTokenInformationBuffer failed (Status %08lx)\n", Status);
1596  goto done;
1597  }
1598 
1599 done:
1600  /* Erase password */
1601  if (ErasePassword)
1602  {
1603  RtlEraseUnicodeString(ErasePassword);
1604  }
1605 
1606  /* Update the logon time/count or the bad password time/count */
1607  if ((UserHandle != NULL) &&
1609  {
1610  SAMPR_USER_INFO_BUFFER InternalInfo;
1611 
1612  RtlZeroMemory(&InternalInfo, sizeof(InternalInfo));
1613 
1614  if (Status == STATUS_SUCCESS)
1615  InternalInfo.Internal2.Flags = USER_LOGON_SUCCESS;
1616  else
1617  InternalInfo.Internal2.Flags = USER_LOGON_BAD_PASSWORD;
1618 
1619  SamrSetInformationUser(UserHandle,
1621  &InternalInfo);
1622  }
1623 
1624  /* Return the account name */
1625  *AccountName = DispatchTable.AllocateLsaHeap(sizeof(UNICODE_STRING));
1626  if (*AccountName != NULL)
1627  {
1628  (*AccountName)->Buffer = DispatchTable.AllocateLsaHeap(LogonInfo->UserName.Length +
1629  sizeof(UNICODE_NULL));
1630  if ((*AccountName)->Buffer != NULL)
1631  {
1632  (*AccountName)->MaximumLength = LogonInfo->UserName.Length +
1633  sizeof(UNICODE_NULL);
1634  RtlCopyUnicodeString(*AccountName, &LogonInfo->UserName);
1635  }
1636  }
1637 
1638  /* Return the authenticating authority */
1639  *AuthenticatingAuthority = DispatchTable.AllocateLsaHeap(sizeof(UNICODE_STRING));
1640  if (*AuthenticatingAuthority != NULL)
1641  {
1642  (*AuthenticatingAuthority)->Buffer = DispatchTable.AllocateLsaHeap(LogonInfo->LogonDomainName.Length +
1643  sizeof(UNICODE_NULL));
1644  if ((*AuthenticatingAuthority)->Buffer != NULL)
1645  {
1646  (*AuthenticatingAuthority)->MaximumLength = LogonInfo->LogonDomainName.Length +
1647  sizeof(UNICODE_NULL);
1648  RtlCopyUnicodeString(*AuthenticatingAuthority, &LogonInfo->LogonDomainName);
1649  }
1650  }
1651 
1652  /* Return the machine name */
1654  if (*MachineName != NULL)
1655  {
1656  (*MachineName)->Buffer = DispatchTable.AllocateLsaHeap((ComputerNameSize + 1) * sizeof(WCHAR));
1657  if ((*MachineName)->Buffer != NULL)
1658  {
1659  (*MachineName)->MaximumLength = (ComputerNameSize + 1) * sizeof(WCHAR);
1660  (*MachineName)->Length = ComputerNameSize * sizeof(WCHAR);
1661  RtlCopyMemory((*MachineName)->Buffer, ComputerName, (*MachineName)->MaximumLength);
1662  }
1663  }
1664 
1665  if (!NT_SUCCESS(Status))
1666  {
1667  if (SessionCreated != FALSE)
1669 
1670  if (*ProfileBuffer != NULL)
1671  {
1672  DispatchTable.FreeClientBuffer(ClientRequest,
1673  *ProfileBuffer);
1674  *ProfileBuffer = NULL;
1675  }
1676  }
1677 
1678  if (UserHandle != NULL)
1679  SamrCloseHandle(&UserHandle);
1680 
1683  SamIFree_SAMPR_ULONG_ARRAY(&RelativeIds);
1685 
1686  if (DomainHandle != NULL)
1687  SamrCloseHandle(&DomainHandle);
1688 
1689  if (ServerHandle != NULL)
1690  SamrCloseHandle(&ServerHandle);
1691 
1692  if (AccountDomainSid != NULL)
1693  RtlFreeHeap(RtlGetProcessHeap(), 0, AccountDomainSid);
1694 
1695  if (Status == STATUS_NO_SUCH_USER ||
1697  {
1698  *SubStatus = Status;
1700  }
1701 
1702  TRACE("LsaApLogonUserEx2 done (Status 0x%08lx, SubStatus 0x%08lx)\n", Status, *SubStatus);
1703 
1704  return Status;
1705 }
1706 
1707 
1708 /*
1709  * @unimplemented
1710  */
1711 NTSTATUS
1712 NTAPI
1714  _In_ ULONG LsaVersion,
1715  _Out_ PULONG PackageVersion,
1716  _Out_ PSECPKG_FUNCTION_TABLE *ppTables,
1717  _Out_ PULONG pcTables)
1718 {
1719  TRACE("SpLsaModeInitialize(0x%lx %p %p %p)\n",
1720  LsaVersion, PackageVersion, ppTables, pcTables);
1721 
1722  if (LsaVersion != SECPKG_INTERFACE_VERSION)
1723  return STATUS_INVALID_PARAMETER;
1724 
1725  *PackageVersion = SECPKG_INTERFACE_VERSION;
1726 
1727  RtlZeroMemory(NtlmLsaFn, sizeof(NtlmLsaFn));
1728 
1729  /* msv1_0 (XP, win2k) returns NULL for
1730  * InitializePackage, LsaLogonUser,LsaLogonUserEx,
1731  * SpQueryContextAttributes and SpAddCredentials */
1738  NtlmLsaFn[0].LogonUserEx = NULL;
1759 
1760  *ppTables = NtlmLsaFn;
1761  *pcTables = 1;
1762 
1763  return STATUS_SUCCESS;
1764 }
1765 
1766 
1767 /*
1768  * @unimplemented
1769  */
1770 NTSTATUS
1771 WINAPI
1773  _In_ ULONG LsaVersion,
1774  _Out_ PULONG PackageVersion,
1776  _Out_ PULONG pcTables)
1777 {
1778  SECPKG_USER_FUNCTION_TABLE Tables[1];
1779 
1780  TRACE("SpUserModeInitialize(0x%lx %p %p %p)\n",
1781  LsaVersion, PackageVersion, ppTables, pcTables);
1782 
1783  if (LsaVersion != SECPKG_INTERFACE_VERSION)
1784  return STATUS_INVALID_PARAMETER;
1785 
1786  *PackageVersion = SECPKG_INTERFACE_VERSION;
1787 
1788  RtlZeroMemory(&Tables, sizeof(Tables));
1789 
1790 // Tables[0].InstanceInit = SpInstanceInit;
1791 // Tables[0].InitUserModeContext = NULL;
1792 // Tables[0].MakeSignature = NULL;
1793 // Tables[0].VerifySignature = NULL;
1794 // Tables[0].SealMessage = NULL;
1795 // Tables[0].UnsealMessage = NULL;
1796 // Tables[0].GetContextToken = NULL;
1797 // Tables[0].SpQueryContextAttributes = NULL;
1798 // Tables[0].CompleteAuthToken = NULL;
1799 // Tables[0].DeleteUserModeContext = NULL;
1800 // Tables[0].FormatCredentials = NULL;
1801 // Tables[0].MarshallSupplementalCreds = NULL;
1802 // Tables[0].ExportContext = NULL;
1803 // Tables[0].ImportContext = NULL;
1804 
1805  *ppTables = Tables;
1806  *pcTables = 1;
1807 
1808  return STATUS_SUCCESS;
1809 }
1810 
1811 /* EOF */
PLSA_FREE_CLIENT_BUFFER FreeClientBuffer
Definition: authpackage.c:63
PLSA_COPY_TO_CLIENT_BUFFER CopyToClientBuffer
Definition: authpackage.c:64
USHORT Weekday
Definition: env_spec_w32.h:718
RPC_SHORT_BLOB LmOwfPassword
Definition: msv1_0.h:96
signed char * PCHAR
Definition: retypes.h:7
* PNTSTATUS
Definition: strlen.c:14
unsigned long * Element
Definition: lsasrv.h:88
struct _MSV1_0_CHANGEPASSWORD_REQUEST * PMSV1_0_CHANGEPASSWORD_REQUEST
#define STATUS_WRONG_PASSWORD
Definition: ntstatus.h:328
RPC_UNICODE_STRING UserName
Definition: msv1_0.h:86
NTSTATUS NTAPI LsaApCallPackage(IN PLSA_CLIENT_REQUEST ClientRequest, IN PVOID ProtocolSubmitBuffer, IN PVOID ClientBufferBase, IN ULONG SubmitBufferLength, OUT PVOID *ProtocolReturnBuffer, OUT PULONG ReturnBufferLength, OUT PNTSTATUS ProtocolStatus)
Definition: msv1_0.c:968
SpQueryCredentialsAttributesFn * SpQueryCredentialsAttributes
Definition: ntsecpkg.h:478
struct _MSV1_0_INTERACTIVE_PROFILE MSV1_0_INTERACTIVE_PROFILE
#define SAM_SERVER_CONNECT
Definition: ntsam.h:99
#define IN
Definition: typedefs.h:39
static NTSTATUS BuildTokenInformationBuffer(PLSA_TOKEN_INFORMATION_V1 *TokenInformation, PRPC_SID AccountDomainSid, PSAMPR_USER_INFO_BUFFER UserInfo, BOOL SpecialAccount)
Definition: msv1_0.c:406
PWSTR Names[NAMES_COUNT]
static BOOL MsvpCheckWorkstations(_In_ PRPC_UNICODE_STRING WorkStations, _In_ PWSTR ComputerName)
Definition: msv1_0.c:917
#define SECURITY_AUTHENTICATED_USER_RID
Definition: setypes.h:540
#define TRUE
Definition: types.h:120
NTSYSAPI VOID NTAPI RtlCopyMemory(VOID UNALIGNED *Destination, CONST VOID UNALIGNED *Source, ULONG Length)
#define MSV1_0_PACKAGE_NAME
Definition: ntsecapi.h:42
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
#define USER_PASSWORD_NOT_REQUIRED
Definition: ntsam.h:169
VOID NTAPI RtlRunDecodeUnicodeString(IN UCHAR Hash, IN OUT PUNICODE_STRING String)
Definition: encode.c:20
NTSTATUS NTAPI LsaApInitializePackage(IN ULONG AuthenticationPackageId, IN PLSA_DISPATCH_TABLE LsaDispatchTable, IN PLSA_STRING Database OPTIONAL, IN PLSA_STRING Confidentiality OPTIONAL, OUT PLSA_STRING *AuthenticationPackageName)
Definition: msv1_0.c:1093
NTSTATUS NTAPI LsaSpShutDown(VOID)
Definition: lsa.c:31
MSV1_0_LOGON_SUBMIT_TYPE MessageType
Definition: ntsecapi.h:434
LARGE_INTEGER LogoffTime
Definition: ntsecapi.h:444
UNICODE_STRING ProfilePath
Definition: ntsecapi.h:452
NTSTATUS __stdcall SamrOpenDomain(SAMPR_HANDLE ServerHandle, ACCESS_MASK DesiredAccess, PRPC_SID DomainId, SAMPR_HANDLE *DomainHandle)
#define STATUS_NOT_IMPLEMENTED
Definition: ntstatus.h:225
USHORT MaximumLength
Definition: env_spec_w32.h:370
UNICODE_STRING HomeDirectory
Definition: ntsecapi.h:450
#define PtrOffset(BASE, OFFSET)
Definition: cdprocs.h:1547
NTSTATUS NTAPI LsaSpDeleteContext(_In_ LSA_SEC_HANDLE ContextHandle)
Definition: lsa.c:180
NTSTATUS NTAPI SpInitialize(_In_ ULONG_PTR PackageId, _In_ PSECPKG_PARAMETERS Parameters, _In_ PLSA_SECPKG_FUNCTION_TABLE FunctionTable)
Definition: lsa.c:19
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
uint16_t * PWSTR
Definition: typedefs.h:55
NTSTATUS NTAPI LsaSpDeleteCredentials(_In_ LSA_SEC_HANDLE CredentialHandle, _In_ PSecBuffer Key)
Definition: lsa.c:113
static NTSTATUS GetNtAuthorityDomainSid(PRPC_SID *Sid)
Definition: msv1_0.c:74
PLSA_AP_LOGON_USER LsaLogonUser
Definition: ntsecpkg.h:466
char CHAR
Definition: xmlstorage.h:175
PLSA_GET_CREDENTIALS GetCredentials
Definition: authpackage.c:58
_Must_inspect_result_ _In_ PFSRTL_PER_STREAM_CONTEXT Ptr
Definition: fsrtlfuncs.h:898
#define WARN(fmt,...)
Definition: debug.h:112
unsigned long UserId
Definition: msv1_0.h:100
LONG NTSTATUS
Definition: precomp.h:26
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
Definition: heap.c:606
struct _MSV1_0_INTERACTIVE_PROFILE * PMSV1_0_INTERACTIVE_PROFILE
NTSYSAPI VOID NTAPI RtlEraseUnicodeString(_Inout_ PUNICODE_STRING String)
NTSTATUS NTAPI SpLsaModeInitialize(_In_ ULONG LsaVersion, _Out_ PULONG PackageVersion, _Out_ PSECPKG_FUNCTION_TABLE *ppTables, _Out_ PULONG pcTables)
Definition: msv1_0.c:1713
PLSA_FREE_LSA_HEAP FreeLsaHeap
Definition: authpackage.c:61
#define ARRAYSIZE(array)
Definition: filtermapper.c:47
static PSID AppendRidToSid(PSID SrcSid, ULONG Rid)
Definition: msv1_0.c:245
PLSA_ALLOCATE_LSA_HEAP AllocateLsaHeap
Definition: authpackage.c:60
SpFreeCredentialsHandleFn * FreeCredentialsHandle
Definition: ntsecpkg.h:479
UNICODE_STRING LogonScript
Definition: ntsecapi.h:449
OLD_LARGE_INTEGER PasswordLastSet
Definition: msv1_0.h:82
_In_ DWORD _Out_ PDWORD _In_opt_ PCSTR MachineName
Definition: setupapi.h:1286
#define ZeroMemory
Definition: winbase.h:1648
NTSYSAPI PULONG NTAPI RtlSubAuthoritySid(_In_ PSID Sid, _In_ ULONG SubAuthority)
NTSTATUS NTAPI SamrLookupNamesInDomain(IN SAMPR_HANDLE DomainHandle, IN ULONG Count, IN RPC_UNICODE_STRING Names[], OUT PSAMPR_ULONG_ARRAY RelativeIds, OUT PSAMPR_ULONG_ARRAY Use)
Definition: samrpc.c:3567
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG ProfileBufferLength
unsigned short * Buffer
Definition: msv1_0.h:40
NTSTATUS NTAPI SamrChangePasswordUser(IN SAMPR_HANDLE UserHandle, IN unsigned char LmPresent, IN PENCRYPTED_LM_OWF_PASSWORD OldLmEncryptedWithNewLm, IN PENCRYPTED_LM_OWF_PASSWORD NewLmEncryptedWithOldLm, IN unsigned char NtPresent, IN PENCRYPTED_NT_OWF_PASSWORD OldNtEncryptedWithNewNt, IN PENCRYPTED_NT_OWF_PASSWORD NewNtEncryptedWithOldNt, IN unsigned char NtCrossEncryptionPresent, IN PENCRYPTED_NT_OWF_PASSWORD NewNtEncryptedWithNewLm, IN unsigned char LmCrossEncryptionPresent, IN PENCRYPTED_LM_OWF_PASSWORD NewLmEncryptedWithNewNt)
Definition: samrpc.c:8333
NTSTATUS WINAPI SystemFunction006(LPCSTR password, LPSTR hash)
Definition: crypt_lmhash.c:53
#define STATUS_ACCOUNT_LOCKED_OUT
Definition: ntstatus.h:682
BOOL WINAPI GetComputerNameW(LPWSTR lpBuffer, LPDWORD lpnSize)
Definition: compname.c:443
STRING OEM_STRING
Definition: umtypes.h:203
TOpcodeData Groups[17][8]
char * LPSTR
Definition: xmlstorage.h:182
NTSTATUS NTAPI NtAllocateLocallyUniqueId(OUT LUID *LocallyUniqueId)
Definition: uuid.c:353
LSAPR_POLICY_ACCOUNT_DOM_INFO PolicyAccountDomainInfo
Definition: msv1_0.h:276
NTSTATUS NTAPI SamrLookupDomainInSamServer(IN SAMPR_HANDLE ServerHandle, IN PRPC_UNICODE_STRING Name, OUT PRPC_SID *DomainId)
Definition: samrpc.c:497
SpAcceptLsaModeContextFn * AcceptLsaModeContext
Definition: ntsecpkg.h:484
NTSTATUS NTAPI LsaSpQueryCredentialsAttributes(_In_ LSA_SEC_HANDLE CredentialHandle, _In_ ULONG CredentialAttribute, _Inout_ PVOID Buffer)
Definition: lsa.c:72
NTSYSAPI NTSTATUS NTAPI RtlAllocateAndInitializeSid(IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, IN UCHAR SubAuthorityCount, IN ULONG SubAuthority0, IN ULONG SubAuthority1, IN ULONG SubAuthority2, IN ULONG SubAuthority3, IN ULONG SubAuthority4, IN ULONG SubAuthority5, IN ULONG SubAuthority6, IN ULONG SubAuthority7, OUT PSID *Sid)
Definition: sid.c:290
#define BOOL
Definition: nt_native.h:43
LARGE_INTEGER PasswordMustChange
Definition: ntsecapi.h:448
UNICODE_STRING Password
Definition: ntsecapi.h:437
PLSA_AP_CALL_PACKAGE_UNTRUSTED CallPackageUntrusted
Definition: ntsecpkg.h:469
UNICODE_STRING AccountName
Definition: ntsecapi.h:513
#define STATUS_ACCOUNT_EXPIRED
Definition: ntstatus.h:622
UNICODE_STRING FullName
Definition: ntsecapi.h:451
SAMPR_USER_ALL_INFORMATION All
Definition: msv1_0.h:141
NTSYSAPI VOID NTAPI RtlCopyUnicodeString(PUNICODE_STRING DestinationString, PUNICODE_STRING SourceString)
#define STATUS_INVALID_LOGON_HOURS
Definition: ntstatus.h:333
NTSTATUS WINAPI LsaIOpenPolicyTrusted(OUT LSAPR_HANDLE *PolicyHandle)
Definition: policy.c:15
#define USER_ACCOUNT_DISABLED
Definition: ntsam.h:167
#define STATUS_ACCOUNT_RESTRICTION
Definition: ntstatus.h:332
NTSYSAPI VOID NTAPI RtlInitAnsiString(PANSI_STRING DestinationString, PCSZ SourceString)
uint32_t ULONG_PTR
Definition: typedefs.h:64
WINE_DEFAULT_DEBUG_CHANNEL(msv1_0)
VOID NTAPI LsaIFree_LSAPR_POLICY_INFORMATION(IN POLICY_INFORMATION_CLASS InformationClass, IN PLSAPR_POLICY_INFORMATION PolicyInformation)
Definition: lsasrv.c:51
NTSTATUS NTAPI SamIConnect(PSAMPR_SERVER_NAME ServerName, SAMPR_HANDLE *ServerHandle, ACCESS_MASK DesiredAccess, BOOLEAN Trusted)
struct _MSV1_0_INTERACTIVE_LOGON * PMSV1_0_INTERACTIVE_LOGON
NTSYSAPI NTSTATUS NTAPI RtlInitializeSid(IN OUT PSID Sid, IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, IN UCHAR SubAuthorityCount)
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
VOID NTAPI SamIFreeVoid(PVOID Ptr)
Definition: samsrv.c:146
static NTSTATUS GetAccountDomainSid(PRPC_SID *Sid)
Definition: msv1_0.c:25
#define FIXUP_POINTER(Pointer, Offset)
Definition: msv1_0.h:9
unsigned char * LPBYTE
Definition: typedefs.h:53
VOID NTAPI ProtocolStatus(NDIS_HANDLE BindingContext, NDIS_STATUS GenerelStatus, PVOID StatusBuffer, UINT StatusBufferSize)
Called by NDIS when the underlying driver has changed state.
Definition: lan.c:461
#define USER_READ_GENERAL
Definition: ntsam.h:126
NTSTATUS WINAPI SystemFunction012(const BYTE *in, const BYTE *key, LPBYTE out)
Definition: sysfunc.c:353
NTSTATUS(* NTAPI)(IN PFILE_FULL_EA_INFORMATION EaBuffer, IN ULONG EaLength, OUT PULONG ErrorOffset)
Definition: IoEaTest.cpp:117
_In_ ULONG _In_ ULONG Offset
Definition: ntddpcm.h:101
#define UNICODE_NULL
SpQueryContextAttributesFn * SpQueryContextAttributes
Definition: ntsecpkg.h:489
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE _Out_ PQUOTA_LIMITS _Out_ PNTSTATUS SubStatus
VOID NTAPI LsaApLogonTerminated(IN PLUID LogonId)
Definition: msv1_0.c:1146
enum _MSV1_0_PROTOCOL_MESSAGE_TYPE * PMSV1_0_PROTOCOL_MESSAGE_TYPE
unsigned int BOOL
Definition: ntddk_ex.h:94
_In_ ULONG BufferLength
Definition: usbdlib.h:225
#define DOMAIN_USER_RID_ADMIN
Definition: setypes.h:603
PLSA_CREATE_LOGON_SESSION CreateLogonSession
Definition: authpackage.c:55
NTSYSAPI NTSTATUS NTAPI RtlUpcaseUnicodeStringToOemString(POEM_STRING DestinationString, PCUNICODE_STRING SourceString, BOOLEAN AllocateDestinationString)
LARGE_INTEGER PasswordLastSet
Definition: ntsecapi.h:446
NTSTATUS NTAPI SpAcceptCredentials(_In_ SECURITY_LOGON_TYPE LogonType, _In_ PUNICODE_STRING AccountName, _In_ PSECPKG_PRIMARY_CRED PrimaryCredentials, _In_ PSECPKG_SUPPLEMENTAL_CRED SupplementalCredentials)
Definition: lsa.c:40
#define FIXME(fmt,...)
Definition: debug.h:111
static NTSTATUS BuildInteractiveProfileBuffer(IN PLSA_CLIENT_REQUEST ClientRequest, IN PSAMPR_USER_INFO_BUFFER UserInfo, IN PWSTR ComputerName, OUT PMSV1_0_INTERACTIVE_PROFILE *ProfileBuffer, OUT PULONG ProfileBufferLength)
Definition: msv1_0.c:95
PLSA_AP_CALL_PACKAGE CallPackage
Definition: ntsecpkg.h:467
NTSYSAPI NTSTATUS NTAPI RtlValidateUnicodeString(_In_ ULONG Flags, _In_ PCUNICODE_STRING String)
Definition: unicode.c:2544
unsigned char BOOLEAN
NTSTATUS NTAPI LsaSpApplyControlToken(_In_ LSA_SEC_HANDLE ContextHandle, _In_ PSecBufferDesc ControlToken)
Definition: lsa.c:189
smooth NULL
Definition: ftsmooth.c:416
#define SE_GROUP_ENABLED_BY_DEFAULT
Definition: setypes.h:91
enum _LSA_TOKEN_INFORMATION_TYPE * PLSA_TOKEN_INFORMATION_TYPE
#define _Out_
Definition: no_sal2.h:323
#define SAM_SERVER_LOOKUP_DOMAIN
Definition: ntsam.h:104
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1103
LARGE_INTEGER LogonTime
Definition: ntsecapi.h:443
NTSTATUS NTAPI LsaSpGetInfoW(_Out_ PSecPkgInfoW PackageInfo)
Definition: lsa.c:123
NTSYSAPI NTSTATUS NTAPI RtlSystemTimeToLocalTime(_In_ PLARGE_INTEGER SystemTime, _Out_ PLARGE_INTEGER LocalTime)
Definition: bufpool.h:45
OLD_LARGE_INTEGER AccountExpires
Definition: msv1_0.h:83
#define SECPKG_INTERFACE_VERSION
Definition: ntsecpkg.h:34
SpAcceptCredentialsFn * AcceptCredentials
Definition: ntsecpkg.h:476
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
Definition: sid.c:150
#define SECURITY_LOCAL_SERVICE_RID
Definition: setypes.h:547
NTSTATUS NTAPI LsaSpSaveCredentials(_In_ LSA_SEC_HANDLE CredentialHandle, _In_ PSecBuffer Credentials)
Definition: lsa.c:93
#define SECURITY_NT_AUTHORITY
Definition: setypes.h:526
#define STATUS_NAME_TOO_LONG
Definition: ntstatus.h:484
PLSA_AP_INITIALIZE_PACKAGE InitializePackage
Definition: ntsecpkg.h:465
SECPKG_FUNCTION_TABLE NtlmLsaFn[1]
Definition: lsa.c:15
PVOID NTAPI RtlAllocateHeap(IN PVOID HeapHandle, IN ULONG Flags, IN SIZE_T Size)
Definition: heap.c:588
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID _Inout_ PULONG _Out_writes_bytes_to_opt_ PrimaryGroupSize PSID PrimaryGroup
Definition: rtlfuncs.h:1558
#define STATUS_NO_SUCH_USER
Definition: ntstatus.h:322
BOOLEAN RtlTimeToTimeFields(IN PLARGE_INTEGER Time, IN PTIME_FIELDS TimeFields)
NTSTATUS WINAPI LsarQueryInformationPolicy(LSAPR_HANDLE PolicyHandle, POLICY_INFORMATION_CLASS InformationClass, PLSAPR_POLICY_INFORMATION *PolicyInformation)
Definition: lsarpc.c:531
#define STATUS_ACCOUNT_DISABLED
Definition: ntstatus.h:336
OLD_LARGE_INTEGER PasswordMustChange
Definition: msv1_0.h:85
PLSA_DELETE_CREDENTIAL DeleteCredential
Definition: authpackage.c:59
NTSTATUS NTAPI LsaSpAcquireCredentialsHandle(_In_ PUNICODE_STRING PrincipalName, _In_ ULONG CredentialUseFlags, _In_ PLUID LogonId, _In_ PVOID AuthorizationData, _In_ PVOID GetKeyFunciton, _In_ PVOID GetKeyArgument, _Out_ PLSA_SEC_HANDLE CredentialHandle, _Out_ PTimeStamp ExpirationTime)
Definition: lsa.c:53
static NTSTATUS BuildTokenGroups(OUT PTOKEN_GROUPS *Groups, IN PSID AccountDomainSid, IN ULONG RelativeId, IN BOOL SpecialAccount)
Definition: msv1_0.c:310
NTSTATUS NTAPI LsaSpGetUserInfo(_In_ PLUID LogonId, _In_ ULONG Flags, _Out_ PSecurityUserData *UserData)
Definition: lsa.c:199
UNICODE_STRING UserName
Definition: ntsecapi.h:436
#define TRACE(s)
Definition: solgame.cpp:4
PLSA_AP_LOGON_USER_EX2 LogonUserEx2
Definition: ntsecpkg.h:472
LARGE_INTEGER KickOffTime
Definition: ntsecapi.h:445
#define SECURITY_BUILTIN_DOMAIN_RID
Definition: setypes.h:553
_CONST_RETURN wchar_t *__cdecl wcschr(_In_z_ const wchar_t *_Str, wchar_t _Ch)
NTSYSAPI ULONG NTAPI RtlEqualMemory(CONST VOID *Source1, CONST VOID *Source2, ULONG Length)
#define STATUS_PASSWORD_EXPIRED
Definition: ntstatus.h:335
__wchar_t WCHAR
Definition: xmlstorage.h:180
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
#define USER_READ_ACCOUNT
Definition: ntsam.h:130
#define SE_GROUP_ENABLED
Definition: setypes.h:92
LSA_DISPATCH_TABLE DispatchTable
Definition: msv1_0.c:18
NTSTATUS WINAPI SystemFunction007(const UNICODE_STRING *string, LPBYTE hash)
Definition: sysfunc.c:245
NTSYSAPI PUCHAR NTAPI RtlSubAuthorityCountSid(IN PSID Sid)
Definition: sid.c:104
UNICODE_STRING NewPassword
Definition: ntsecapi.h:515
#define WINAPI
Definition: msvc.h:6
PLSA_AP_CALL_PACKAGE_PASSTHROUGH CallPackagePassthrough
Definition: ntsecpkg.h:470
unsigned long DWORD
Definition: ntddk_ex.h:95
SpDeleteContextFn * DeleteContext
Definition: ntsecpkg.h:485
static NTSTATUS MsvpCheckPassword(PUNICODE_STRING UserPassword, PSAMPR_USER_INFO_BUFFER UserInfo)
Definition: msv1_0.c:789
#define STATUS_ACCESS_DENIED
Definition: udferr_usr.h:145
NTSTATUS NTAPI LsaSpGetCredentials(_In_ LSA_SEC_HANDLE CredentialHandle, _Inout_ PSecBuffer Credentials)
Definition: lsa.c:103
_In_ ULONG _In_ ULONG _In_ ULONG Length
Definition: ntddpcm.h:101
#define SE_GROUP_MANDATORY
Definition: setypes.h:90
UNICODE_STRING LogonServer
Definition: ntsecapi.h:454
SAMPR_LOGON_HOURS LogonHours
Definition: msv1_0.h:104
PLSA_DELETE_LOGON_SESSION DeleteLogonSession
Definition: authpackage.c:56
#define USER_LOGON_SUCCESS
Definition: msv1_0.h:67
NTSTATUS WINAPI LsarClose(LSAPR_HANDLE *ObjectHandle)
Definition: lsarpc.c:125
unsigned long PrimaryGroupId
Definition: msv1_0.h:101
ASSERT((InvokeOnSuccess||InvokeOnError||InvokeOnCancel) ?(CompletionRoutine !=NULL) :TRUE)
#define SECURITY_NULL_RID
Definition: setypes.h:512
#define USER_LOGON_BAD_PASSWORD
Definition: msv1_0.h:66
PLSA_COPY_FROM_CLIENT_BUFFER CopyFromClientBuffer
Definition: authpackage.c:65
SpInitLsaModeContextFn * InitLsaModeContext
Definition: ntsecpkg.h:483
unsigned char UCHAR
Definition: xmlstorage.h:181
NTSTATUS NTAPI LsaSpSetExtendedInformation(_In_ SECPKG_EXTENDED_INFORMATION_CLASS Class, _In_ PSECPKG_EXTENDED_INFORMATION Info)
Definition: lsa.c:221
#define STATUS_BAD_VALIDATION_CLASS
Definition: ntstatus.h:389
_CRTIMP wchar_t *__cdecl wcscpy(_Out_writes_z_(_String_length_(_Source)+1) wchar_t *_Dest, _In_z_ const wchar_t *_Source)
static const WCHAR L[]
Definition: oid.c:1250
#define USER_ACCOUNT_AUTO_LOCKED
Definition: ntsam.h:177
SpAddCredentialsFn * SpAddCredentials
Definition: ntsecpkg.h:490
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID * ProfileBuffer
ULONG LowPart
Definition: typedefs.h:105
#define memcpy(s1, s2, n)
Definition: mkisofs.h:878
SpInitializeFn * Initialize
Definition: ntsecpkg.h:473
unsigned char LmPasswordPresent
Definition: msv1_0.h:109
NTSTATUS WINAPI SpUserModeInitialize(_In_ ULONG LsaVersion, _Out_ PULONG PackageVersion, _Out_ PSECPKG_USER_FUNCTION_TABLE *ppTables, _Out_ PULONG pcTables)
Definition: msv1_0.c:1772
PLSA_ADD_CREDENTIAL AddCredential
Definition: authpackage.c:57
#define SECURITY_NETWORK_SERVICE_RID
Definition: setypes.h:548
unsigned char BYTE
Definition: xxhash.c:193
VOID NTAPI SamIFree_SAMPR_USER_INFO_BUFFER(PSAMPR_USER_INFO_BUFFER Ptr, USER_INFORMATION_CLASS InformationClass)
Definition: samsrv.c:531
Status
Definition: gdiplustypes.h:24
static NTSTATUS MsvpChangePassword(IN PLSA_CLIENT_REQUEST ClientRequest, IN PVOID ProtocolSubmitBuffer, IN PVOID ClientBufferBase, IN ULONG SubmitBufferLength, OUT PVOID *ProtocolReturnBuffer, OUT PULONG ReturnBufferLength, OUT PNTSTATUS ProtocolStatus)
Definition: msv1_0.c:491
#define ERR(fmt,...)
Definition: debug.h:110
#define _In_
Definition: no_sal2.h:204
#define MAX_COMPUTERNAME_LENGTH
Definition: winbase.h:240
VOID NTAPI SamIFree_SAMPR_ULONG_ARRAY(PSAMPR_ULONG_ARRAY Ptr)
Definition: samsrv.c:515
#define STATUS_INVALID_WORKSTATION
Definition: ntstatus.h:334
NTSTATUS NTAPI LsaApCallPackagePassthrough(IN PLSA_CLIENT_REQUEST ClientRequest, IN PVOID ProtocolSubmitBuffer, IN PVOID ClientBufferBase, IN ULONG SubmitBufferLength, OUT PVOID *ProtocolReturnBuffer, OUT PULONG ReturnBufferLength, OUT PNTSTATUS ProtocolStatus)
Definition: msv1_0.c:1034
PLSA_ALLOCATE_CLIENT_BUFFER AllocateClientBuffer
Definition: authpackage.c:62
NTSTATUS NTAPI LsaApCallPackageUntrusted(IN PLSA_CLIENT_REQUEST ClientRequest, IN PVOID ProtocolSubmitBuffer, IN PVOID ClientBufferBase, IN ULONG SubmitBufferLength, OUT PVOID *ProtocolReturnBuffer, OUT PULONG ReturnBufferLength, OUT PNTSTATUS ProtocolStatus)
Definition: msv1_0.c:1052
LARGE_INTEGER PasswordCanChange
Definition: ntsecapi.h:447
SpApplyControlTokenFn * ApplyControlToken
Definition: ntsecpkg.h:486
NTSTATUS NTAPI LsaSpInitLsaModeContext(_In_ LSA_SEC_HANDLE CredentialHandle, _In_ LSA_SEC_HANDLE ContextHandle, _In_ PUNICODE_STRING TargetName, _In_ ULONG ContextRequirements, _In_ ULONG TargetDataRep, _In_ PSecBufferDesc InputBuffers, _Out_ PLSA_SEC_HANDLE NewContextHandle, _Inout_ PSecBufferDesc OutputBuffers, _Out_ PULONG ContextAttributes, _Out_ PTimeStamp ExpirationTime, _Out_ PBOOLEAN MappedContext, _Out_ PSecBuffer ContextData)
Definition: lsa.c:132
SpSetExtendedInformationFn * SetExtendedInformation
Definition: ntsecpkg.h:491
#define DOMAIN_ALIAS_RID_USERS
Definition: setypes.h:625
unsigned short USHORT
Definition: pedump.c:61
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE LogonType
SpGetUserInfoFn * GetUserInfo
Definition: ntsecpkg.h:487
#define STATUS_PASSWORD_MUST_CHANGE
Definition: ntstatus.h:666
SpSaveCredentialsFn * SaveCredentials
Definition: ntsecpkg.h:480
unsigned long UserAccountControl
Definition: msv1_0.h:102
MSV1_0_PROFILE_BUFFER_TYPE MessageType
Definition: ntsecapi.h:440
unsigned long LowPart
Definition: msv1_0.h:32
NTSTATUS NTAPI SamrSetInformationUser(IN SAMPR_HANDLE UserHandle, IN USER_INFORMATION_CLASS UserInformationClass, IN PSAMPR_USER_INFO_BUFFER Buffer)
Definition: samrpc.c:8128
enum _SECURITY_LOGON_TYPE SECURITY_LOGON_TYPE
SpGetInfoFn * GetInfo
Definition: ntsecpkg.h:475
NTSTATUS __stdcall SamrCloseHandle(SAMPR_HANDLE *SamHandle)
PLSA_AP_LOGON_USER_EX LogonUserEx
Definition: ntsecpkg.h:471
UNICODE_STRING HomeDirectoryDrive
Definition: ntsecapi.h:453
_CRTIMP wchar_t *__cdecl wcscat(_Inout_updates_z_(_String_length_(_Dest)+_String_length_(_Source)+1) wchar_t *_Dest, _In_z_ const wchar_t *_Source)
#define DOMAIN_GROUP_RID_USERS
Definition: setypes.h:612
unsigned int * PULONG
Definition: retypes.h:1
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID LogonId
struct _LSA_STRING * PLSA_STRING
#define HEAP_ZERO_MEMORY
Definition: compat.h:123
SpShutDownFn * Shutdown
Definition: ntsecpkg.h:474
NTSTATUS NTAPI SamrOpenUser(IN SAMPR_HANDLE DomainHandle, IN ACCESS_MASK DesiredAccess, IN ULONG UserId, OUT SAMPR_HANDLE *UserHandle)
#define USER_READ_PREFERENCES
Definition: ntsam.h:127
RPC_SHORT_BLOB NtOwfPassword
Definition: msv1_0.h:97
#define OUT
Definition: typedefs.h:40
UNICODE_STRING OldPassword
Definition: ntsecapi.h:514
char * strcpy(char *DstString, const char *SrcString)
Definition: utclib.c:388
unsigned int ULONG
Definition: retypes.h:1
SpGetExtendedInformationFn * GetExtendedInformation
Definition: ntsecpkg.h:488
#define DOMAIN_LOOKUP
Definition: ntsam.h:42
SpGetCredentialsFn * GetCredentials
Definition: ntsecpkg.h:481
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:261
NTSTATUS NTAPI LsaSpFreeCredentialsHandle(_In_ LSA_SEC_HANDLE CredentialHandle)
Definition: lsa.c:84
SAMPR_USER_INTERNAL2_INFORMATION Internal2
Definition: msv1_0.h:137
#define ULONG_PTR
Definition: config.h:101
NTSTATUS NTAPI NtQuerySystemTime(OUT PLARGE_INTEGER SystemTime)
Definition: time.c:417
PSID AccountDomainSid
Definition: database.c:22
NTSTATUS NTAPI LsaApLogonUserEx2(IN PLSA_CLIENT_REQUEST ClientRequest, IN SECURITY_LOGON_TYPE LogonType, IN PVOID ProtocolSubmitBuffer, IN PVOID ClientBufferBase, IN ULONG SubmitBufferSize, OUT PVOID *ProfileBuffer, OUT PULONG ProfileBufferSize, OUT PLUID LogonId, OUT PNTSTATUS SubStatus, OUT PLSA_TOKEN_INFORMATION_TYPE TokenInformationType, OUT PVOID *TokenInformation, OUT PUNICODE_STRING *AccountName, OUT PUNICODE_STRING *AuthenticatingAuthority, OUT PUNICODE_STRING *MachineName, OUT PSECPKG_PRIMARY_CRED PrimaryCredentials, OUT PSECPKG_SUPPLEMENTAL_CRED_ARRAY *SupplementalCredentials)
Definition: msv1_0.c:1157
enum _MSV1_0_PROTOCOL_MESSAGE_TYPE MSV1_0_PROTOCOL_MESSAGE_TYPE
SpDeleteCredentialsFn * DeleteCredentials
Definition: ntsecpkg.h:482
NTSTATUS NTAPI SamrQueryInformationUser(IN SAMPR_HANDLE UserHandle, IN USER_INFORMATION_CLASS UserInformationClass, OUT PSAMPR_USER_INFO_BUFFER *Buffer)
Definition: samrpc.c:7337
WCHAR * LPWSTR
Definition: xmlstorage.h:184
IN BOOLEAN OUT PSTR Buffer
Definition: progress.h:34
static PTIME_FIELDS TimeFields
Definition: time.c:104
return STATUS_SUCCESS
Definition: btrfs.c:3014
static BOOL MsvpCheckLogonHours(_In_ PSAMPR_LOGON_HOURS LogonHours, _In_ PLARGE_INTEGER LogonTime)
Definition: msv1_0.c:879
static NTSTATUS BuildTokenPrimaryGroup(OUT PTOKEN_PRIMARY_GROUP PrimaryGroup, IN PSID AccountDomainSid, IN ULONG RelativeId)
Definition: msv1_0.c:292
NTSYSAPI BOOLEAN NTAPI RtlEqualUnicodeString(PUNICODE_STRING String1, PUNICODE_STRING String2, BOOLEAN CaseInSensitive)
PLSA_AP_LOGON_TERMINATED LogonTerminated
Definition: ntsecpkg.h:468
#define USER_READ_LOGON
Definition: ntsam.h:129
NTSTATUS NTAPI LsaSpAcceptLsaModeContext(_In_ LSA_SEC_HANDLE CredentialHandle, _In_ LSA_SEC_HANDLE ContextHandle, _In_ PSecBufferDesc InputBuffer, _In_ ULONG ContextRequirements, _In_ ULONG TargetDataRep, _Out_ PLSA_SEC_HANDLE NewContextHandle, _Inout_ PSecBufferDesc OutputBuffer, _Out_ PULONG ContextAttributes, _Out_ PTimeStamp ExpirationTime, _Out_ PBOOLEAN MappedContext, _Out_ PSecBuffer ContextData)
Definition: lsa.c:157
size_t __cdecl wcslen(_In_z_ const wchar_t *_Str)
static NTSTATUS BuildTokenUser(OUT PTOKEN_USER User, IN PSID AccountDomainSid, IN ULONG RelativeId)
Definition: msv1_0.c:272
_Check_return_ _CRTIMP int __cdecl _wcsicmp(_In_z_ const wchar_t *_Str1, _In_z_ const wchar_t *_Str2)
SpAcquireCredentialsHandleFn * SpAcquireCredentialsHandle
Definition: ntsecpkg.h:477
#define STATUS_LOGON_FAILURE
Definition: ntstatus.h:331
unsigned char NtPasswordPresent
Definition: msv1_0.h:110
RPC_UNICODE_STRING WorkStations
Definition: msv1_0.h:93
SID_IDENTIFIER_AUTHORITY NtAuthority
Definition: database.c:19
LONGLONG QuadPart
Definition: typedefs.h:113
NTSTATUS NTAPI LsaSpGetExtendedInformation(_In_ SECPKG_EXTENDED_INFORMATION_CLASS Class, _Out_ PSECPKG_EXTENDED_INFORMATION *ppInfo)
Definition: lsa.c:210
UNICODE_STRING LogonDomainName
Definition: ntsecapi.h:435
NTSYSAPI ULONG NTAPI RtlLengthRequiredSid(IN ULONG SubAuthorityCount)
Definition: sid.c:54
#define USER_CHANGE_PASSWORD
Definition: ntsam.h:132
static SID_IDENTIFIER_AUTHORITY SystemAuthority
Definition: msgina.c:38
#define RTL_CONSTANT_STRING(s)
Definition: tunneltest.c:14
PULONG MinorVersion OPTIONAL
Definition: CrossNt.h:68