ReactOS  0.4.15-dev-2996-gf777e6b
msv1_0.c
Go to the documentation of this file.
1 /*
2  * PROJECT: Authentication Package DLL
3  * LICENSE: GPL - See COPYING in the top level directory
4  * FILE: dll/win32/msv1_0/msv1_0.c
5  * PURPOSE: Main file
6  * COPYRIGHT: Copyright 2013 Eric Kohl
7  */
8 
9 /* INCLUDES ****************************************************************/
10 
11 #include "precomp.h"
12 
13 WINE_DEFAULT_DEBUG_CHANNEL(msv1_0);
14 
15 
16 /* GLOBALS *****************************************************************/
17 
18 LSA_DISPATCH_TABLE DispatchTable;
19 
20 
21 /* FUNCTIONS ***************************************************************/
22 
23 static
24 NTSTATUS
25 GetAccountDomainSid(PRPC_SID *Sid)
26 {
27  LSAPR_HANDLE PolicyHandle = NULL;
28  PLSAPR_POLICY_INFORMATION PolicyInfo = NULL;
29  ULONG Length = 0;
30  NTSTATUS Status;
31 
32  Status = LsaIOpenPolicyTrusted(&PolicyHandle);
33  if (!NT_SUCCESS(Status))
34  {
35  TRACE("LsaIOpenPolicyTrusted() failed (Status 0x%08lx)\n", Status);
36  return Status;
37  }
38 
39  Status = LsarQueryInformationPolicy(PolicyHandle,
40  PolicyAccountDomainInformation,
41  &PolicyInfo);
42  if (!NT_SUCCESS(Status))
43  {
44  TRACE("LsarQueryInformationPolicy() failed (Status 0x%08lx)\n", Status);
45  goto done;
46  }
47 
48  Length = RtlLengthSid(PolicyInfo->PolicyAccountDomainInfo.Sid);
49 
50  *Sid = RtlAllocateHeap(RtlGetProcessHeap(), 0, Length);
51  if (*Sid == NULL)
52  {
53  ERR("Failed to allocate SID\n");
54  Status = STATUS_INSUFFICIENT_RESOURCES;
55  goto done;
56  }
57 
58  memcpy(*Sid, PolicyInfo->PolicyAccountDomainInfo.Sid, Length);
59 
60 done:
61  if (PolicyInfo != NULL)
62  LsaIFree_LSAPR_POLICY_INFORMATION(PolicyAccountDomainInformation,
63  PolicyInfo);
64 
65  if (PolicyHandle != NULL)
66  LsarClose(&PolicyHandle);
67 
68  return Status;
69 }
70 
71 
72 static
73 NTSTATUS
74 GetNtAuthorityDomainSid(PRPC_SID *Sid)
75 {
76  SID_IDENTIFIER_AUTHORITY NtAuthority = {SECURITY_NT_AUTHORITY};
77  ULONG Length = 0;
78 
79  Length = RtlLengthRequiredSid(0);
80  *Sid = RtlAllocateHeap(RtlGetProcessHeap(), 0, Length);
81  if (*Sid == NULL)
82  {
83  ERR("Failed to allocate SID\n");
84  return STATUS_INSUFFICIENT_RESOURCES;
85  }
86 
87  RtlInitializeSid(*Sid,&NtAuthority, 0);
88 
89  return STATUS_SUCCESS;
90 }
91 
92 
93 static
94 NTSTATUS
95 BuildInteractiveProfileBuffer(IN PLSA_CLIENT_REQUEST ClientRequest,
96  IN PSAMPR_USER_INFO_BUFFER UserInfo,
97  IN PWSTR ComputerName,
98  OUT PMSV1_0_INTERACTIVE_PROFILE *ProfileBuffer,
99  OUT PULONG ProfileBufferLength)
100 {
101  PMSV1_0_INTERACTIVE_PROFILE LocalBuffer = NULL;
102  PVOID ClientBaseAddress = NULL;
103  LPWSTR Ptr;
104  ULONG BufferLength;
105  USHORT ComputerNameLength;
106  NTSTATUS Status = STATUS_SUCCESS;
107 
108  *ProfileBuffer = NULL;
109  *ProfileBufferLength = 0;
110 
111  if (UIntPtrToUShort(wcslen(ComputerName), &ComputerNameLength) != S_OK)
112  {
113  return STATUS_INVALID_PARAMETER;
114  }
115 
116  BufferLength = sizeof(MSV1_0_INTERACTIVE_PROFILE) +
117  UserInfo->All.FullName.Length + sizeof(WCHAR) +
118  UserInfo->All.HomeDirectory.Length + sizeof(WCHAR) +
119  UserInfo->All.HomeDirectoryDrive.Length + sizeof(WCHAR) +
120  UserInfo->All.ScriptPath.Length + sizeof(WCHAR) +
121  UserInfo->All.ProfilePath.Length + sizeof(WCHAR) +
122  ((ComputerNameLength + 3) * sizeof(WCHAR));
123 
124  LocalBuffer = DispatchTable.AllocateLsaHeap(BufferLength);
125  if (LocalBuffer == NULL)
126  {
127  TRACE("Failed to allocate the local buffer!\n");
128  Status = STATUS_INSUFFICIENT_RESOURCES;
129  goto done;
130  }
131 
132  Status = DispatchTable.AllocateClientBuffer(ClientRequest,
133  BufferLength,
134  &ClientBaseAddress);
135  if (!NT_SUCCESS(Status))
136  {
137  TRACE("DispatchTable.AllocateClientBuffer failed (Status 0x%08lx)\n", Status);
138  goto done;
139  }
140 
141  TRACE("ClientBaseAddress: %p\n", ClientBaseAddress);
142 
143  Ptr = (LPWSTR)((ULONG_PTR)LocalBuffer + sizeof(MSV1_0_INTERACTIVE_PROFILE));
144 
145  LocalBuffer->MessageType = MsV1_0InteractiveProfile;
146  LocalBuffer->LogonCount = UserInfo->All.LogonCount;
147  LocalBuffer->BadPasswordCount = UserInfo->All.BadPasswordCount;
148 
149  LocalBuffer->LogonTime.LowPart = UserInfo->All.LastLogon.LowPart;
150  LocalBuffer->LogonTime.HighPart = UserInfo->All.LastLogon.HighPart;
151 
152  LocalBuffer->LogoffTime.LowPart = UserInfo->All.AccountExpires.LowPart;
153  LocalBuffer->LogoffTime.HighPart = UserInfo->All.AccountExpires.HighPart;
154 
155  LocalBuffer->KickOffTime.LowPart = UserInfo->All.AccountExpires.LowPart;
156  LocalBuffer->KickOffTime.HighPart = UserInfo->All.AccountExpires.HighPart;
157 
158  LocalBuffer->PasswordLastSet.LowPart = UserInfo->All.PasswordLastSet.LowPart;
159  LocalBuffer->PasswordLastSet.HighPart = UserInfo->All.PasswordLastSet.HighPart;
160 
161  LocalBuffer->PasswordCanChange.LowPart = UserInfo->All.PasswordCanChange.LowPart;
162  LocalBuffer->PasswordCanChange.HighPart = UserInfo->All.PasswordCanChange.HighPart;
163 
164  LocalBuffer->PasswordMustChange.LowPart = UserInfo->All.PasswordMustChange.LowPart;
165  LocalBuffer->PasswordMustChange.HighPart = UserInfo->All.PasswordMustChange.HighPart;
166 
167  LocalBuffer->LogonScript.Length = UserInfo->All.ScriptPath.Length;
168  LocalBuffer->LogonScript.MaximumLength = UserInfo->All.ScriptPath.Length + sizeof(WCHAR);
169  LocalBuffer->LogonScript.Buffer = (LPWSTR)((ULONG_PTR)ClientBaseAddress + (ULONG_PTR)Ptr - (ULONG_PTR)LocalBuffer);
170  memcpy(Ptr,
171  UserInfo->All.ScriptPath.Buffer,
172  UserInfo->All.ScriptPath.Length);
173 
174  Ptr = (LPWSTR)((ULONG_PTR)Ptr + LocalBuffer->LogonScript.MaximumLength);
175 
176  LocalBuffer->HomeDirectory.Length = UserInfo->All.HomeDirectory.Length;
177  LocalBuffer->HomeDirectory.MaximumLength = UserInfo->All.HomeDirectory.Length + sizeof(WCHAR);
178  LocalBuffer->HomeDirectory.Buffer = (LPWSTR)((ULONG_PTR)ClientBaseAddress + (ULONG_PTR)Ptr - (ULONG_PTR)LocalBuffer);
179  memcpy(Ptr,
180  UserInfo->All.HomeDirectory.Buffer,
181  UserInfo->All.HomeDirectory.Length);
182 
183  Ptr = (LPWSTR)((ULONG_PTR)Ptr + LocalBuffer->HomeDirectory.MaximumLength);
184 
185  LocalBuffer->FullName.Length = UserInfo->All.FullName.Length;
186  LocalBuffer->FullName.MaximumLength = UserInfo->All.FullName.Length + sizeof(WCHAR);
187  LocalBuffer->FullName.Buffer = (LPWSTR)((ULONG_PTR)ClientBaseAddress + (ULONG_PTR)Ptr - (ULONG_PTR)LocalBuffer);
188  memcpy(Ptr,
189  UserInfo->All.FullName.Buffer,
190  UserInfo->All.FullName.Length);
191  TRACE("FullName.Buffer: %p\n", LocalBuffer->FullName.Buffer);
192 
193  Ptr = (LPWSTR)((ULONG_PTR)Ptr + LocalBuffer->FullName.MaximumLength);
194 
195  LocalBuffer->ProfilePath.Length = UserInfo->All.ProfilePath.Length;
196  LocalBuffer->ProfilePath.MaximumLength = UserInfo->All.ProfilePath.Length + sizeof(WCHAR);
197  LocalBuffer->ProfilePath.Buffer = (LPWSTR)((ULONG_PTR)ClientBaseAddress + (ULONG_PTR)Ptr - (ULONG_PTR)LocalBuffer);
198  memcpy(Ptr,
199  UserInfo->All.ProfilePath.Buffer,
200  UserInfo->All.ProfilePath.Length);
201 
202  Ptr = (LPWSTR)((ULONG_PTR)Ptr + LocalBuffer->ProfilePath.MaximumLength);
203 
204  LocalBuffer->HomeDirectoryDrive.Length = UserInfo->All.HomeDirectoryDrive.Length;
205  LocalBuffer->HomeDirectoryDrive.MaximumLength = UserInfo->All.HomeDirectoryDrive.Length + sizeof(WCHAR);
206  LocalBuffer->HomeDirectoryDrive.Buffer = (LPWSTR)((ULONG_PTR)ClientBaseAddress + (ULONG_PTR)Ptr - (ULONG_PTR)LocalBuffer);
207  memcpy(Ptr,
208  UserInfo->All.HomeDirectoryDrive.Buffer,
209  UserInfo->All.HomeDirectoryDrive.Length);
210 
211  Ptr = (LPWSTR)((ULONG_PTR)Ptr + LocalBuffer->HomeDirectoryDrive.MaximumLength);
212 
213  LocalBuffer->LogonServer.Length = (ComputerNameLength + 2) * sizeof(WCHAR);
214  LocalBuffer->LogonServer.MaximumLength = LocalBuffer->LogonServer.Length + sizeof(WCHAR);
215  LocalBuffer->LogonServer.Buffer = (LPWSTR)((ULONG_PTR)ClientBaseAddress + (ULONG_PTR)Ptr - (ULONG_PTR)LocalBuffer);
216  wcscpy(Ptr, L"\\");
217  wcscat(Ptr, ComputerName);
218 
219  LocalBuffer->UserFlags = 0;
220 
221  Status = DispatchTable.CopyToClientBuffer(ClientRequest,
222  BufferLength,
223  ClientBaseAddress,
224  LocalBuffer);
225  if (!NT_SUCCESS(Status))
226  {
227  TRACE("DispatchTable.CopyToClientBuffer failed (Status 0x%08lx)\n", Status);
228  goto done;
229  }
230 
231  *ProfileBuffer = (PMSV1_0_INTERACTIVE_PROFILE)ClientBaseAddress;
232  *ProfileBufferLength = BufferLength;
233 
234 done:
235  if (LocalBuffer != NULL)
236  DispatchTable.FreeLsaHeap(LocalBuffer);
237 
238  if (!NT_SUCCESS(Status))
239  {
240  if (ClientBaseAddress != NULL)
241  DispatchTable.FreeClientBuffer(ClientRequest,
242  ClientBaseAddress);
243  }
244 
245  return Status;
246 }
247 
248 
249 static
250 PSID
251 AppendRidToSid(PSID SrcSid,
252  ULONG Rid)
253 {
254  PSID DstSid = NULL;
255  UCHAR RidCount;
256 
257  RidCount = *RtlSubAuthorityCountSid(SrcSid);
258  if (RidCount >= 8)
259  return NULL;
260 
261  DstSid = DispatchTable.AllocateLsaHeap(RtlLengthRequiredSid(RidCount + 1));
262  if (DstSid == NULL)
263  return NULL;
264 
265  RtlCopyMemory(DstSid,
266  SrcSid,
267  RtlLengthRequiredSid(RidCount));
268 
269  *RtlSubAuthorityCountSid(DstSid) = RidCount + 1;
270  *RtlSubAuthoritySid(DstSid, RidCount) = Rid;
271 
272  return DstSid;
273 }
274 
275 
276 static
277 NTSTATUS
278 BuildTokenUser(OUT PTOKEN_USER User,
279  IN PSID AccountDomainSid,
280  IN ULONG RelativeId)
281 {
282  User->User.Sid = AppendRidToSid(AccountDomainSid,
283  RelativeId);
284  if (User->User.Sid == NULL)
285  {
286  ERR("Could not create the user SID\n");
287  return STATUS_INSUFFICIENT_RESOURCES;
288  }
289 
290  User->User.Attributes = 0;
291 
292  return STATUS_SUCCESS;
293 }
294 
295 
296 static
297 NTSTATUS
298 BuildTokenPrimaryGroup(OUT PTOKEN_PRIMARY_GROUP PrimaryGroup,
299  IN PSID AccountDomainSid,
300  IN ULONG RelativeId)
301 {
302  PrimaryGroup->PrimaryGroup = AppendRidToSid(AccountDomainSid,
303  RelativeId);
304  if (PrimaryGroup->PrimaryGroup == NULL)
305  {
306  ERR("Could not create the primary group SID\n");
307  return STATUS_INSUFFICIENT_RESOURCES;
308  }
309 
310  return STATUS_SUCCESS;
311 }
312 
313 
314 static
315 NTSTATUS
316 BuildTokenGroups(OUT PTOKEN_GROUPS *Groups,
317  IN PSID AccountDomainSid,
318  IN ULONG RelativeId,
319  IN BOOL SpecialAccount)
320 {
321  SID_IDENTIFIER_AUTHORITY SystemAuthority = {SECURITY_NT_AUTHORITY};
322  PTOKEN_GROUPS TokenGroups;
323  DWORD GroupCount = 0;
324  DWORD MaxGroups = 2;
325  PSID Sid;
326  NTSTATUS Status = STATUS_SUCCESS;
327 
328  if (SpecialAccount)
329  MaxGroups++;
330 
331  TokenGroups = DispatchTable.AllocateLsaHeap(sizeof(TOKEN_GROUPS) +
332  MaxGroups * sizeof(SID_AND_ATTRIBUTES));
333  if (TokenGroups == NULL)
334  {
335  return STATUS_INSUFFICIENT_RESOURCES;
336  }
337 
338  if (SpecialAccount)
339  {
340  /* Self */
341  Sid = AppendRidToSid(AccountDomainSid, RelativeId);
342  if (Sid == NULL)
343  {
344 
345  }
346 
347  TokenGroups->Groups[GroupCount].Sid = Sid;
348  TokenGroups->Groups[GroupCount].Attributes =
349  SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
350  GroupCount++;
351 
352  /* Member of 'Users' alias */
353  RtlAllocateAndInitializeSid(&SystemAuthority,
354  2,
355  SECURITY_BUILTIN_DOMAIN_RID,
356  DOMAIN_ALIAS_RID_USERS,
357  SECURITY_NULL_RID,
358  SECURITY_NULL_RID,
359  SECURITY_NULL_RID,
360  SECURITY_NULL_RID,
361  SECURITY_NULL_RID,
362  SECURITY_NULL_RID,
363  &Sid);
364  TokenGroups->Groups[GroupCount].Sid = Sid;
365  TokenGroups->Groups[GroupCount].Attributes =
366  SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
367  GroupCount++;
368  }
369  else
370  {
371  /* Member of the domains users group */
372  Sid = AppendRidToSid(AccountDomainSid, DOMAIN_GROUP_RID_USERS);
373  if (Sid == NULL)
374  {
375 
376  }
377 
378  TokenGroups->Groups[GroupCount].Sid = Sid;
379  TokenGroups->Groups[GroupCount].Attributes =
380  SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
381  GroupCount++;
382  }
383 
384  /* Member of 'Authenticated users' */
385  RtlAllocateAndInitializeSid(&SystemAuthority,
386  1,
387  SECURITY_AUTHENTICATED_USER_RID,
388  SECURITY_NULL_RID,
389  SECURITY_NULL_RID,
390  SECURITY_NULL_RID,
391  SECURITY_NULL_RID,
392  SECURITY_NULL_RID,
393  SECURITY_NULL_RID,
394  SECURITY_NULL_RID,
395  &Sid);
396  TokenGroups->Groups[GroupCount].Sid = Sid;
397  TokenGroups->Groups[GroupCount].Attributes =
398  SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY;
399  GroupCount++;
400 
401  TokenGroups->GroupCount = GroupCount;
402  ASSERT(TokenGroups->GroupCount <= MaxGroups);
403 
404  *Groups = TokenGroups;
405 
406  return Status;
407 }
408 
409 
410 static
411 NTSTATUS
412 BuildTokenInformationBuffer(PLSA_TOKEN_INFORMATION_V1 *TokenInformation,
413  PRPC_SID AccountDomainSid,
414  PSAMPR_USER_INFO_BUFFER UserInfo,
415  BOOL SpecialAccount)
416 {
417  PLSA_TOKEN_INFORMATION_V1 Buffer = NULL;
418  ULONG i;
419  NTSTATUS Status = STATUS_SUCCESS;
420 
421  Buffer = DispatchTable.AllocateLsaHeap(sizeof(LSA_TOKEN_INFORMATION_V1));
422  if (Buffer == NULL)
423  {
424  WARN("Failed to allocate the local buffer!\n");
425  Status = STATUS_INSUFFICIENT_RESOURCES;
426  goto done;
427  }
428 
429  Buffer->ExpirationTime.LowPart = UserInfo->All.AccountExpires.LowPart;
430  Buffer->ExpirationTime.HighPart = UserInfo->All.AccountExpires.HighPart;
431 
432  Status = BuildTokenUser(&Buffer->User,
433  (PSID)AccountDomainSid,
434  UserInfo->All.UserId);
435  if (!NT_SUCCESS(Status))
436  {
437  WARN("BuildTokenUser() failed (Status 0x%08lx)\n", Status);
438  goto done;
439  }
440 
441  Status = BuildTokenPrimaryGroup(&Buffer->PrimaryGroup,
442  (PSID)AccountDomainSid,
443  UserInfo->All.PrimaryGroupId);
444  if (!NT_SUCCESS(Status))
445  {
446  WARN("BuildTokenPrimaryGroup() failed (Status 0x%08lx)\n", Status);
447  goto done;
448  }
449 
450  Status = BuildTokenGroups(&Buffer->Groups,
451  (PSID)AccountDomainSid,
452  UserInfo->All.UserId,
453  SpecialAccount);
454  if (!NT_SUCCESS(Status))
455  {
456  WARN("BuildTokenGroups() failed (Status 0x%08lx)\n", Status);
457  goto done;
458  }
459 
460  *TokenInformation = Buffer;
461 
462 done:
463  if (!NT_SUCCESS(Status))
464  {
465  if (Buffer != NULL)
466  {
467  if (Buffer->User.User.Sid != NULL)
468  DispatchTable.FreeLsaHeap(Buffer->User.User.Sid);
469 
470  if (Buffer->Groups != NULL)
471  {
472  for (i = 0; i < Buffer->Groups->GroupCount; i++)
473  {
474  if (Buffer->Groups->Groups[i].Sid != NULL)
475  DispatchTable.FreeLsaHeap(Buffer->Groups->Groups[i].Sid);
476  }
477 
478  DispatchTable.FreeLsaHeap(Buffer->Groups);
479  }
480 
481  if (Buffer->PrimaryGroup.PrimaryGroup != NULL)
482  DispatchTable.FreeLsaHeap(Buffer->PrimaryGroup.PrimaryGroup);
483 
484  if (Buffer->DefaultDacl.DefaultDacl != NULL)
485  DispatchTable.FreeLsaHeap(Buffer->DefaultDacl.DefaultDacl);
486 
487  DispatchTable.FreeLsaHeap(Buffer);
488  }
489  }
490 
491  return Status;
492 }
493 
494 
495 static
496 NTSTATUS
497 MsvpChangePassword(IN PLSA_CLIENT_REQUEST ClientRequest,
498  IN PVOID ProtocolSubmitBuffer,
499  IN PVOID ClientBufferBase,
500  IN ULONG SubmitBufferLength,
501  OUT PVOID *ProtocolReturnBuffer,
502  OUT PULONG ReturnBufferLength,
503  OUT PNTSTATUS ProtocolStatus)
504 {
505  NTSTATUS Status;
506  PMSV1_0_CHANGEPASSWORD_REQUEST RequestBuffer;
507  ULONG_PTR PtrOffset;
508 
509  SAMPR_HANDLE ServerHandle = NULL;
510  SAMPR_HANDLE DomainHandle = NULL;
511  SAMPR_HANDLE UserHandle = NULL;
512  PRPC_SID DomainSid = NULL;
513  RPC_UNICODE_STRING Names[1];
514  SAMPR_ULONG_ARRAY RelativeIds = {0, NULL};
515  SAMPR_ULONG_ARRAY Use = {0, NULL};
516 
517  ENCRYPTED_NT_OWF_PASSWORD OldNtPassword;
518  ENCRYPTED_NT_OWF_PASSWORD NewNtPassword;
519  ENCRYPTED_LM_OWF_PASSWORD OldLmPassword;
520  ENCRYPTED_LM_OWF_PASSWORD NewLmPassword;
521  OEM_STRING LmPwdString;
522  CHAR LmPwdBuffer[15];
523  BOOLEAN OldLmPasswordPresent = FALSE;
524  BOOLEAN NewLmPasswordPresent = FALSE;
525 
526  ENCRYPTED_LM_OWF_PASSWORD OldLmEncryptedWithNewLm;
527  ENCRYPTED_LM_OWF_PASSWORD NewLmEncryptedWithOldLm;
528  ENCRYPTED_LM_OWF_PASSWORD OldNtEncryptedWithNewNt;
529  ENCRYPTED_LM_OWF_PASSWORD NewNtEncryptedWithOldNt;
530  PENCRYPTED_LM_OWF_PASSWORD pOldLmEncryptedWithNewLm = NULL;
531  PENCRYPTED_LM_OWF_PASSWORD pNewLmEncryptedWithOldLm = NULL;
532 
533  TRACE("MsvpChangePassword()\n");
534 
535  /* Parameters validation */
536 
537  if (SubmitBufferLength < sizeof(MSV1_0_CHANGEPASSWORD_REQUEST))
538  {
539  ERR("Invalid SubmitBufferLength %lu\n", SubmitBufferLength);
540  return STATUS_INVALID_PARAMETER;
541  }
542 
543  RequestBuffer = (PMSV1_0_CHANGEPASSWORD_REQUEST)ProtocolSubmitBuffer;
544 
545  /* Fix-up pointers in the request buffer info */
546  PtrOffset = (ULONG_PTR)ProtocolSubmitBuffer - (ULONG_PTR)ClientBufferBase;
547 
548  Status = RtlValidateUnicodeString(0, &RequestBuffer->DomainName);
549  if (!NT_SUCCESS(Status))
550  return STATUS_INVALID_PARAMETER;
551  // TODO: Check for Buffer limits wrt. ClientBufferBase and alignment.
552  RequestBuffer->DomainName.Buffer = FIXUP_POINTER(RequestBuffer->DomainName.Buffer, PtrOffset);
553  RequestBuffer->DomainName.MaximumLength = RequestBuffer->DomainName.Length;
554 
555  Status = RtlValidateUnicodeString(0, &RequestBuffer->AccountName);
556  if (!NT_SUCCESS(Status))
557  return STATUS_INVALID_PARAMETER;
558  // TODO: Check for Buffer limits wrt. ClientBufferBase and alignment.
559  RequestBuffer->AccountName.Buffer = FIXUP_POINTER(RequestBuffer->AccountName.Buffer, PtrOffset);
560  RequestBuffer->AccountName.MaximumLength = RequestBuffer->AccountName.Length;
561 
562  Status = RtlValidateUnicodeString(0, &RequestBuffer->OldPassword);
563  if (!NT_SUCCESS(Status))
564  return STATUS_INVALID_PARAMETER;
565  // TODO: Check for Buffer limits wrt. ClientBufferBase and alignment.
566  RequestBuffer->OldPassword.Buffer = FIXUP_POINTER(RequestBuffer->OldPassword.Buffer, PtrOffset);
567  RequestBuffer->OldPassword.MaximumLength = RequestBuffer->OldPassword.Length;
568 
569  Status = RtlValidateUnicodeString(0, &RequestBuffer->NewPassword);
570  if (!NT_SUCCESS(Status))
571  return STATUS_INVALID_PARAMETER;
572  // TODO: Check for Buffer limits wrt. ClientBufferBase and alignment.
573  RequestBuffer->NewPassword.Buffer = FIXUP_POINTER(RequestBuffer->NewPassword.Buffer, PtrOffset);
574  RequestBuffer->NewPassword.MaximumLength = RequestBuffer->NewPassword.Length;
575 
576  TRACE("Domain: %S\n", RequestBuffer->DomainName.Buffer);
577  TRACE("Account: %S\n", RequestBuffer->AccountName.Buffer);
578  TRACE("Old Password: %S\n", RequestBuffer->OldPassword.Buffer);
579  TRACE("New Password: %S\n", RequestBuffer->NewPassword.Buffer);
580 
581  /* Connect to the SAM server */
582  Status = SamIConnect(NULL,
583  &ServerHandle,
584  SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN,
585  TRUE);
586  if (!NT_SUCCESS(Status))
587  {
588  TRACE("SamIConnect() failed (Status 0x%08lx)\n", Status);
589  goto done;
590  }
591 
592  /* Get the domain SID */
593  Status = SamrLookupDomainInSamServer(ServerHandle,
594  (PRPC_UNICODE_STRING)&RequestBuffer->DomainName,
595  &DomainSid);
596  if (!NT_SUCCESS(Status))
597  {
598  TRACE("SamrLookupDomainInSamServer failed (Status %08lx)\n", Status);
599  goto done;
600  }
601 
602  /* Open the domain */
603  Status = SamrOpenDomain(ServerHandle,
604  DOMAIN_LOOKUP,
605  DomainSid,
606  &DomainHandle);
607  if (!NT_SUCCESS(Status))
608  {
609  TRACE("SamrOpenDomain failed (Status %08lx)\n", Status);
610  goto done;
611  }
612 
613  Names[0].Length = RequestBuffer->AccountName.Length;
614  Names[0].MaximumLength = RequestBuffer->AccountName.MaximumLength;
615  Names[0].Buffer = RequestBuffer->AccountName.Buffer;
616 
617  /* Try to get the RID for the user name */
618  Status = SamrLookupNamesInDomain(DomainHandle,
619  1,
620  Names,
621  &RelativeIds,
622  &Use);
623  if (!NT_SUCCESS(Status))
624  {
625  TRACE("SamrLookupNamesInDomain failed (Status %08lx)\n", Status);
626  Status = STATUS_NO_SUCH_USER;
627  goto done;
628  }
629 
630  /* Fail, if it is not a user account */
631  if (Use.Element[0] != SidTypeUser)
632  {
633  TRACE("Account is not a user account!\n");
634  Status = STATUS_NO_SUCH_USER;
635  goto done;
636  }
637 
638  /* Open the user object */
639  Status = SamrOpenUser(DomainHandle,
640  USER_CHANGE_PASSWORD,
641  RelativeIds.Element[0],
642  &UserHandle);
643  if (!NT_SUCCESS(Status))
644  {
645  TRACE("SamrOpenUser failed (Status %08lx)\n", Status);
646  goto done;
647  }
648 
649 
650  /* Calculate the NT hash for the old password */
651  Status = SystemFunction007(&RequestBuffer->OldPassword,
652  (LPBYTE)&OldNtPassword);
653  if (!NT_SUCCESS(Status))
654  {
655  TRACE("SystemFunction007 failed (Status 0x%08lx)\n", Status);
656  goto done;
657  }
658 
659  /* Calculate the NT hash for the new password */
660  Status = SystemFunction007(&RequestBuffer->NewPassword,
661  (LPBYTE)&NewNtPassword);
662  if (!NT_SUCCESS(Status))
663  {
664  TRACE("SystemFunction007 failed (Status 0x%08lx)\n", Status);
665  goto done;
666  }
667 
668  /* Calculate the LM password and hash for the old password */
669  LmPwdString.Length = 15;
670  LmPwdString.MaximumLength = 15;
671  LmPwdString.Buffer = LmPwdBuffer;
672  ZeroMemory(LmPwdString.Buffer, LmPwdString.MaximumLength);
673 
674  Status = RtlUpcaseUnicodeStringToOemString(&LmPwdString,
675  &RequestBuffer->OldPassword,
676  FALSE);
677  if (NT_SUCCESS(Status))
678  {
679  /* Calculate the LM hash value of the password */
680  Status = SystemFunction006(LmPwdString.Buffer,
681  (LPSTR)&OldLmPassword);
682  if (NT_SUCCESS(Status))
683  {
684  OldLmPasswordPresent = TRUE;
685  }
686  }
687 
688  /* Calculate the LM password and hash for the new password */
689  LmPwdString.Length = 15;
690  LmPwdString.MaximumLength = 15;
691  LmPwdString.Buffer = LmPwdBuffer;
692  ZeroMemory(LmPwdString.Buffer, LmPwdString.MaximumLength);
693 
694  Status = RtlUpcaseUnicodeStringToOemString(&LmPwdString,
695  &RequestBuffer->NewPassword,
696  FALSE);
697  if (NT_SUCCESS(Status))
698  {
699  /* Calculate the LM hash value of the password */
700  Status = SystemFunction006(LmPwdString.Buffer,
701  (LPSTR)&NewLmPassword);
702  if (NT_SUCCESS(Status))
703  {
704  NewLmPasswordPresent = TRUE;
705  }
706  }
707 
708  /* Encrypt the old and new LM passwords, if they exist */
709  if (OldLmPasswordPresent && NewLmPasswordPresent)
710  {
711  /* Encrypt the old LM password */
712  Status = SystemFunction012((const BYTE *)&OldLmPassword,
713  (const BYTE *)&NewLmPassword,
714  (LPBYTE)&OldLmEncryptedWithNewLm);
715  if (!NT_SUCCESS(Status))
716  {
717  TRACE("SystemFunction012 failed (Status 0x%08lx)\n", Status);
718  goto done;
719  }
720 
721  /* Encrypt the new LM password */
722  Status = SystemFunction012((const BYTE *)&NewLmPassword,
723  (const BYTE *)&OldLmPassword,
724  (LPBYTE)&NewLmEncryptedWithOldLm);
725  if (!NT_SUCCESS(Status))
726  {
727  TRACE("SystemFunction012 failed (Status 0x%08lx)\n", Status);
728  goto done;
729  }
730 
731  pOldLmEncryptedWithNewLm = &OldLmEncryptedWithNewLm;
732  pNewLmEncryptedWithOldLm = &NewLmEncryptedWithOldLm;
733  }
734 
735  /* Encrypt the old NT password */
736  Status = SystemFunction012((const BYTE *)&OldNtPassword,
737  (const BYTE *)&NewNtPassword,
738  (LPBYTE)&OldNtEncryptedWithNewNt);
739  if (!NT_SUCCESS(Status))
740  {
741  TRACE("SystemFunction012 failed (Status 0x%08lx)\n", Status);
742  goto done;
743  }
744 
745  /* Encrypt the new NT password */
746  Status = SystemFunction012((const BYTE *)&NewNtPassword,
747  (const BYTE *)&OldNtPassword,
748  (LPBYTE)&NewNtEncryptedWithOldNt);
749  if (!NT_SUCCESS(Status))
750  {
751  TRACE("SystemFunction012 failed (Status 0x%08lx)\n", Status);
752  goto done;
753  }
754 
755  /* Change the password */
756  Status = SamrChangePasswordUser(UserHandle,
757  OldLmPasswordPresent && NewLmPasswordPresent,
758  pOldLmEncryptedWithNewLm,
759  pNewLmEncryptedWithOldLm,
760  TRUE,
761  &OldNtEncryptedWithNewNt,
762  &NewNtEncryptedWithOldNt,
763  FALSE,
764  NULL,
765  FALSE,
766  NULL);
767  if (!NT_SUCCESS(Status))
768  {
769  TRACE("SamrChangePasswordUser failed (Status %08lx)\n", Status);
770  goto done;
771  }
772 
773 done:
774  if (UserHandle != NULL)
775  SamrCloseHandle(&UserHandle);
776 
777  SamIFree_SAMPR_ULONG_ARRAY(&RelativeIds);
778  SamIFree_SAMPR_ULONG_ARRAY(&Use);
779 
780  if (DomainHandle != NULL)
781  SamrCloseHandle(&DomainHandle);
782 
783  if (DomainSid != NULL)
784  SamIFreeVoid(DomainSid);
785 
786  if (ServerHandle != NULL)
787  SamrCloseHandle(&ServerHandle);
788 
789  return Status;
790 }
791 
792 
793 static
794 NTSTATUS
795 MsvpCheckPassword(PUNICODE_STRING UserPassword,
796  PSAMPR_USER_INFO_BUFFER UserInfo)
797 {
798  ENCRYPTED_NT_OWF_PASSWORD UserNtPassword;
799  ENCRYPTED_LM_OWF_PASSWORD UserLmPassword;
800  BOOLEAN UserLmPasswordPresent = FALSE;
801  BOOLEAN UserNtPasswordPresent = FALSE;
802  OEM_STRING LmPwdString;
803  CHAR LmPwdBuffer[15];
804  NTSTATUS Status;
805 
806  TRACE("(%p %p)\n", UserPassword, UserInfo);
807 
808  /* Calculate the LM password and hash for the users password */
809  LmPwdString.Length = 15;
810  LmPwdString.MaximumLength = 15;
811  LmPwdString.Buffer = LmPwdBuffer;
812  ZeroMemory(LmPwdString.Buffer, LmPwdString.MaximumLength);
813 
814  Status = RtlUpcaseUnicodeStringToOemString(&LmPwdString,
815  UserPassword,
816  FALSE);
817  if (NT_SUCCESS(Status))
818  {
819  /* Calculate the LM hash value of the users password */
820  Status = SystemFunction006(LmPwdString.Buffer,
821  (LPSTR)&UserLmPassword);
822  if (NT_SUCCESS(Status))
823  {
824  UserLmPasswordPresent = TRUE;
825  }
826  }
827 
828  /* Calculate the NT hash of the users password */
829  Status = SystemFunction007(UserPassword,
830  (LPBYTE)&UserNtPassword);
831  if (NT_SUCCESS(Status))
832  {
833  UserNtPasswordPresent = TRUE;
834  }
835 
836  Status = STATUS_WRONG_PASSWORD;
837 
838  /* Succeed, if no password has been set */
839  if (UserInfo->All.NtPasswordPresent == FALSE &&
840  UserInfo->All.LmPasswordPresent == FALSE)
841  {
842  TRACE("No password check!\n");
843  Status = STATUS_SUCCESS;
844  goto done;
845  }
846 
847  /* Succeed, if NT password matches */
848  if (UserNtPasswordPresent && UserInfo->All.NtPasswordPresent)
849  {
850  TRACE("Check NT password hashes:\n");
851  if (RtlEqualMemory(&UserNtPassword,
852  UserInfo->All.NtOwfPassword.Buffer,
853  sizeof(ENCRYPTED_NT_OWF_PASSWORD)))
854  {
855  TRACE(" success!\n");
856  Status = STATUS_SUCCESS;
857  goto done;
858  }
859 
860  TRACE(" failed!\n");
861  }
862 
863  /* Succeed, if LM password matches */
864  if (UserLmPasswordPresent && UserInfo->All.LmPasswordPresent)
865  {
866  TRACE("Check LM password hashes:\n");
867  if (RtlEqualMemory(&UserLmPassword,
868  UserInfo->All.LmOwfPassword.Buffer,
869  sizeof(ENCRYPTED_LM_OWF_PASSWORD)))
870  {
871  TRACE(" success!\n");
872  Status = STATUS_SUCCESS;
873  goto done;
874  }
875  TRACE(" failed!\n");
876  }
877 
878 done:
879  return Status;
880 }
881 
882 
883 static
884 BOOL
885 MsvpCheckLogonHours(
886  _In_ PSAMPR_LOGON_HOURS LogonHours,
887  _In_ PLARGE_INTEGER LogonTime)
888 {
889 #if 0
890  LARGE_INTEGER LocalLogonTime;
891  TIME_FIELDS TimeFields;
892  USHORT MinutesPerUnit, Offset;
893  BOOL bFound;
894 
895  FIXME("MsvpCheckLogonHours(%p %p)\n", LogonHours, LogonTime);
896 
897  if (LogonHours->UnitsPerWeek == 0 || LogonHours->LogonHours == NULL)
898  {
899  FIXME("No logon hours!\n");
900  return TRUE;
901  }
902 
903  RtlSystemTimeToLocalTime(LogonTime, &LocalLogonTime);
904  RtlTimeToTimeFields(&LocalLogonTime, &TimeFields);
905 
906  FIXME("UnitsPerWeek: %u\n", LogonHours->UnitsPerWeek);
907  MinutesPerUnit = 10080 / LogonHours->UnitsPerWeek;
908 
909  Offset = ((TimeFields.Weekday * 24 + TimeFields.Hour) * 60 + TimeFields.Minute) / MinutesPerUnit;
910  FIXME("Offset: %us\n", Offset);
911 
912  bFound = (BOOL)(LogonHours->LogonHours[Offset / 8] & (1 << (Offset % 8)));
913  FIXME("Logon permitted: %s\n", bFound ? "Yes" : "No");
914 
915  return bFound;
916 #endif
917  return TRUE;
918 }
919 
920 
921 static
922 BOOL
923 MsvpCheckWorkstations(
924  _In_ PRPC_UNICODE_STRING WorkStations,
925  _In_ PWSTR ComputerName)
926 {
927  PWSTR pStart, pEnd;
928  BOOL bFound = FALSE;
929 
930  TRACE("MsvpCheckWorkstations(%p %S)\n", WorkStations, ComputerName);
931 
932  if (WorkStations->Length == 0 || WorkStations->Buffer == NULL)
933  {
934  TRACE("No workstations!\n");
935  return TRUE;
936  }
937 
938  TRACE("Workstations: %wZ\n", WorkStations);
939 
940  pStart = WorkStations->Buffer;
941  for (;;)
942  {
943  pEnd = wcschr(pStart, L',');
944  if (pEnd != NULL)
945  *pEnd = UNICODE_NULL;
946 
947  TRACE("Comparing '%S' and '%S'\n", ComputerName, pStart);
948  if (_wcsicmp(ComputerName, pStart) == 0)
949  {
950  bFound = TRUE;
951  if (pEnd != NULL)
952  *pEnd = L',';
953  break;
954  }
955 
956  if (pEnd == NULL)
957  break;
958 
959  *pEnd = L',';
960  pStart = pEnd + 1;
961  }
962 
963  TRACE("Found allowed workstation: %s\n", (bFound) ? "Yes" : "No");
964 
965  return bFound;
966 }
967 
968 
969 /*
970  * @unimplemented
971  */
972 NTSTATUS
973 NTAPI
974 LsaApCallPackage(IN PLSA_CLIENT_REQUEST ClientRequest,
975  IN PVOID ProtocolSubmitBuffer,
976  IN PVOID ClientBufferBase,
977  IN ULONG SubmitBufferLength,
978  OUT PVOID *ProtocolReturnBuffer,
979  OUT PULONG ReturnBufferLength,
980  OUT PNTSTATUS ProtocolStatus)
981 {
982  NTSTATUS Status;
983  MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
984 
985  TRACE("LsaApCallPackage()\n");
986 
987  if (SubmitBufferLength < sizeof(MSV1_0_PROTOCOL_MESSAGE_TYPE))
988  return STATUS_INVALID_PARAMETER;
989 
990  MessageType = *((PMSV1_0_PROTOCOL_MESSAGE_TYPE)ProtocolSubmitBuffer);
991 
992  *ProtocolReturnBuffer = NULL;
993  *ReturnBufferLength = 0;
994 
995  switch (MessageType)
996  {
997  case MsV1_0Lm20ChallengeRequest:
998  case MsV1_0Lm20GetChallengeResponse:
999  Status = STATUS_NOT_IMPLEMENTED;
1000  break;
1001 
1002  case MsV1_0EnumerateUsers:
1003  case MsV1_0GetUserInfo:
1004  case MsV1_0ReLogonUsers:
1005  Status = STATUS_INVALID_PARAMETER;
1006  break;
1007 
1008  case MsV1_0ChangePassword:
1009  Status = MsvpChangePassword(ClientRequest,
1010  ProtocolSubmitBuffer,
1011  ClientBufferBase,
1012  SubmitBufferLength,
1013  ProtocolReturnBuffer,
1014  ReturnBufferLength,
1015  ProtocolStatus);
1016  break;
1017 
1018  case MsV1_0ChangeCachedPassword:
1019  case MsV1_0GenericPassthrough:
1020  case MsV1_0CacheLogon:
1021  case MsV1_0SubAuth:
1022  case MsV1_0DeriveCredential:
1023  case MsV1_0CacheLookup:
1024  Status = STATUS_NOT_IMPLEMENTED;
1025  break;
1026 
1027  default:
1028  return STATUS_INVALID_PARAMETER;
1029  }
1030 
1031  return Status;
1032 }
1033 
1034 
1035 /*
1036  * @unimplemented
1037  */
1038 NTSTATUS
1039 NTAPI
1040 LsaApCallPackagePassthrough(IN PLSA_CLIENT_REQUEST ClientRequest,
1041  IN PVOID ProtocolSubmitBuffer,
1042  IN PVOID ClientBufferBase,
1043  IN ULONG SubmitBufferLength,
1044  OUT PVOID *ProtocolReturnBuffer,
1045  OUT PULONG ReturnBufferLength,
1046  OUT PNTSTATUS ProtocolStatus)
1047 {
1048  TRACE("LsaApCallPackagePassthrough()\n");
1049  return STATUS_NOT_IMPLEMENTED;
1050 }
1051 
1052 
1053 /*
1054  * @implemented
1055  */
1056 NTSTATUS
1057 NTAPI
1058 LsaApCallPackageUntrusted(IN PLSA_CLIENT_REQUEST ClientRequest,
1059  IN PVOID ProtocolSubmitBuffer,
1060  IN PVOID ClientBufferBase,
1061  IN ULONG SubmitBufferLength,
1062  OUT PVOID *ProtocolReturnBuffer,
1063  OUT PULONG ReturnBufferLength,
1064  OUT PNTSTATUS ProtocolStatus)
1065 {
1066  ULONG MessageType;
1067  NTSTATUS Status;
1068 
1069  TRACE("LsaApCallPackageUntrusted()\n");
1070 
1071  if (SubmitBufferLength < sizeof(MSV1_0_PROTOCOL_MESSAGE_TYPE))
1072  return STATUS_INVALID_PARAMETER;
1073 
1074  MessageType = (ULONG)*((PMSV1_0_PROTOCOL_MESSAGE_TYPE)ProtocolSubmitBuffer);
1075 
1076  *ProtocolReturnBuffer = NULL;
1077  *ReturnBufferLength = 0;
1078 
1079  if (MessageType == MsV1_0ChangePassword)
1080  Status = MsvpChangePassword(ClientRequest,
1081  ProtocolSubmitBuffer,
1082  ClientBufferBase,
1083  SubmitBufferLength,
1084  ProtocolReturnBuffer,
1085  ReturnBufferLength,
1086  ProtocolStatus);
1087  else
1088  Status = STATUS_ACCESS_DENIED;
1089 
1090  return Status;
1091 }
1092 
1093 
1094 /*
1095  * @implemented
1096  */
1097 NTSTATUS
1098 NTAPI
1099 LsaApInitializePackage(IN ULONG AuthenticationPackageId,
1100  IN PLSA_DISPATCH_TABLE LsaDispatchTable,
1101  IN PLSA_STRING Database OPTIONAL,
1102  IN PLSA_STRING Confidentiality OPTIONAL,
1103  OUT PLSA_STRING *AuthenticationPackageName)
1104 {
1105  PANSI_STRING NameString;
1106  PCHAR NameBuffer;
1107 
1108  TRACE("LsaApInitializePackage(%lu %p %p %p %p)\n",
1109  AuthenticationPackageId, LsaDispatchTable, Database,
1110  Confidentiality, AuthenticationPackageName);
1111 
1112  /* Get the dispatch table entries */
1113  DispatchTable.CreateLogonSession = LsaDispatchTable->CreateLogonSession;
1114  DispatchTable.DeleteLogonSession = LsaDispatchTable->DeleteLogonSession;
1115  DispatchTable.AddCredential = LsaDispatchTable->AddCredential;
1116  DispatchTable.GetCredentials = LsaDispatchTable->GetCredentials;
1117  DispatchTable.DeleteCredential = LsaDispatchTable->DeleteCredential;
1118  DispatchTable.AllocateLsaHeap = LsaDispatchTable->AllocateLsaHeap;
1119  DispatchTable.FreeLsaHeap = LsaDispatchTable->FreeLsaHeap;
1120  DispatchTable.AllocateClientBuffer = LsaDispatchTable->AllocateClientBuffer;
1121  DispatchTable.FreeClientBuffer = LsaDispatchTable->FreeClientBuffer;
1122  DispatchTable.CopyToClientBuffer = LsaDispatchTable->CopyToClientBuffer;
1123  DispatchTable.CopyFromClientBuffer = LsaDispatchTable->CopyFromClientBuffer;
1124 
1125  /* Return the package name */
1126  NameString = DispatchTable.AllocateLsaHeap(sizeof(LSA_STRING));
1127  if (NameString == NULL)
1128  return STATUS_INSUFFICIENT_RESOURCES;
1129 
1130  NameBuffer = DispatchTable.AllocateLsaHeap(sizeof(MSV1_0_PACKAGE_NAME));
1131  if (NameBuffer == NULL)
1132  {
1133  DispatchTable.FreeLsaHeap(NameString);
1134  return STATUS_INSUFFICIENT_RESOURCES;
1135  }
1136 
1137  strcpy(NameBuffer, MSV1_0_PACKAGE_NAME);
1138 
1139  RtlInitAnsiString(NameString, NameBuffer);
1140 
1141  *AuthenticationPackageName = (PLSA_STRING)NameString;
1142 
1143  return STATUS_SUCCESS;
1144 }
1145 
1146 
1147 /*
1148  * @unimplemented
1149  */
1150 VOID
1151 NTAPI
1152 LsaApLogonTerminated(IN PLUID LogonId)
1153 {
1154  TRACE("LsaApLogonTerminated()\n");
1155 }
1156 
1157 
1158 /*
1159  * @implemented
1160  */
1161 NTSTATUS
1162 NTAPI
1163 LsaApLogonUserEx2(IN PLSA_CLIENT_REQUEST ClientRequest,
1164  IN SECURITY_LOGON_TYPE LogonType,
1165  IN PVOID ProtocolSubmitBuffer,
1166  IN PVOID ClientBufferBase,
1167  IN ULONG SubmitBufferSize,
1168  OUT PVOID *ProfileBuffer,
1169  OUT PULONG ProfileBufferSize,
1170  OUT PLUID LogonId,
1171  OUT PNTSTATUS SubStatus,
1172  OUT PLSA_TOKEN_INFORMATION_TYPE TokenInformationType,
1173  OUT PVOID *TokenInformation,
1174  OUT PUNICODE_STRING *AccountName,
1175  OUT PUNICODE_STRING *AuthenticatingAuthority,
1176  OUT PUNICODE_STRING *MachineName,
1177  OUT PSECPKG_PRIMARY_CRED PrimaryCredentials, /* Not supported yet */
1178  OUT PSECPKG_SUPPLEMENTAL_CRED_ARRAY *SupplementalCredentials) /* Not supported yet */
1179 {
1180  static const UNICODE_STRING NtAuthorityU = RTL_CONSTANT_STRING(L"NT AUTHORITY");
1181  static const UNICODE_STRING LocalServiceU = RTL_CONSTANT_STRING(L"LocalService");
1182  static const UNICODE_STRING NetworkServiceU = RTL_CONSTANT_STRING(L"NetworkService");
1183 
1184  NTSTATUS Status;
1185  PMSV1_0_INTERACTIVE_LOGON LogonInfo;
1186  WCHAR ComputerName[MAX_COMPUTERNAME_LENGTH + 1];
1187  SAMPR_HANDLE ServerHandle = NULL;
1188  SAMPR_HANDLE DomainHandle = NULL;
1189  SAMPR_HANDLE UserHandle = NULL;
1190  PRPC_SID AccountDomainSid = NULL;
1191  RPC_UNICODE_STRING Names[1];
1192  SAMPR_ULONG_ARRAY RelativeIds = {0, NULL};
1193  SAMPR_ULONG_ARRAY Use = {0, NULL};
1194  PSAMPR_USER_INFO_BUFFER UserInfo = NULL;
1195  BOOLEAN SessionCreated = FALSE;
1196  LARGE_INTEGER LogonTime;
1197  LARGE_INTEGER AccountExpires;
1198  LARGE_INTEGER PasswordMustChange;
1199  LARGE_INTEGER PasswordLastSet;
1200  DWORD ComputerNameSize;
1201  BOOL SpecialAccount = FALSE;
1202  UCHAR LogonPassHash;
1203  PUNICODE_STRING ErasePassword = NULL;
1204 
1205  TRACE("LsaApLogonUserEx2()\n");
1206 
1207  TRACE("LogonType: %lu\n", LogonType);
1208  TRACE("ProtocolSubmitBuffer: %p\n", ProtocolSubmitBuffer);
1209  TRACE("SubmitBufferSize: %lu\n", SubmitBufferSize);
1210 
1211  *ProfileBuffer = NULL;
1212  *ProfileBufferSize = 0;
1213  *SubStatus = STATUS_SUCCESS;
1214  *AccountName = NULL;
1215  *AuthenticatingAuthority = NULL;
1216 
1217  /* Parameters validation */
1218  if (LogonType == Interactive ||
1219  LogonType == Batch ||
1220  LogonType == Service)
1221  {
1222  ULONG_PTR PtrOffset;
1223 
1224  if (SubmitBufferSize < sizeof(MSV1_0_INTERACTIVE_LOGON))
1225  {
1226  ERR("Invalid SubmitBufferSize %lu\n", SubmitBufferSize);
1227  return STATUS_INVALID_PARAMETER;
1228  }
1229 
1230  LogonInfo = (PMSV1_0_INTERACTIVE_LOGON)ProtocolSubmitBuffer;
1231 
1232  if (LogonInfo->MessageType != MsV1_0InteractiveLogon &&
1233  LogonInfo->MessageType != MsV1_0WorkstationUnlockLogon)
1234  {
1235  ERR("Invalid MessageType %lu\n", LogonInfo->MessageType);
1236  return STATUS_BAD_VALIDATION_CLASS;
1237  }
1238 
1239 #if 0 // FIXME: These checks happen to be done on Windows. We however keep them general on ReactOS for now...
1240  if (LogonInfo->UserName.Length > 512) // CRED_MAX_STRING_LENGTH * sizeof(WCHAR) or (CREDUI_MAX_USERNAME_LENGTH (== CRED_MAX_USERNAME_LENGTH) - 1) * sizeof(WCHAR)
1241  {
1242  ERR("UserName too long (%lu, maximum 512)\n", LogonInfo->UserName.Length);
1243  return STATUS_NAME_TOO_LONG;
1244  }
1245  if (LogonInfo->Password.Length > 512) // CREDUI_MAX_PASSWORD_LENGTH * sizeof(WCHAR)
1246  {
1247  ERR("Password too long (%lu, maximum 512)\n", LogonInfo->Password.Length);
1248  return STATUS_NAME_TOO_LONG;
1249  }
1250 #endif
1251 
1252  /* Fix-up pointers in the authentication info */
1253  PtrOffset = (ULONG_PTR)ProtocolSubmitBuffer - (ULONG_PTR)ClientBufferBase;
1254 
1255  /* LogonDomainName is optional and can be an empty string */
1256  if (LogonInfo->LogonDomainName.Length)
1257  {
1258  // TODO: Check for Buffer limits wrt. ClientBufferBase and alignment.
1259  LogonInfo->LogonDomainName.Buffer = FIXUP_POINTER(LogonInfo->LogonDomainName.Buffer, PtrOffset);
1260  LogonInfo->LogonDomainName.MaximumLength = LogonInfo->LogonDomainName.Length;
1261  }
1262  else
1263  {
1264  LogonInfo->LogonDomainName.Buffer = NULL;
1265  LogonInfo->LogonDomainName.MaximumLength = 0;
1266  }
1267  Status = RtlValidateUnicodeString(0, &LogonInfo->LogonDomainName);
1268  if (!NT_SUCCESS(Status))
1269  return STATUS_INVALID_PARAMETER;
1270 
1271  /* UserName is mandatory and cannot be an empty string */
1272  // TODO: Check for Buffer limits wrt. ClientBufferBase and alignment.
1273  LogonInfo->UserName.Buffer = FIXUP_POINTER(LogonInfo->UserName.Buffer, PtrOffset);
1274  LogonInfo->UserName.MaximumLength = LogonInfo->UserName.Length;
1275 
1276  Status = RtlValidateUnicodeString(0, &LogonInfo->UserName);
1277  if (!NT_SUCCESS(Status))
1278  return STATUS_INVALID_PARAMETER;
1279 
1280  /* MS docs says max length is 0xFF bytes. But thats not the full story:
1281  *
1282  * A Quote from https://groups.google.com/forum/#!topic/microsoft.public.win32.programmer.kernel/eFGcCo_ZObk:
1283  * "... At least on my WinXP SP2. Domain and UserName are passed
1284  * in clear text, but the Password is NOT. ..."
1285  *
1286  * If the higher byte of length != 0 we have to use RtlRunDecodeUnicodeString.
1287  */
1288  LogonPassHash = (LogonInfo->Password.Length >> 8) & 0xFF;
1289  LogonInfo->Password.Length = LogonInfo->Password.Length & 0xFF;
1290 
1291  /* Password is optional and can be an empty string */
1292  if (LogonInfo->Password.Length)
1293  {
1294  // TODO: Check for Buffer limits wrt. ClientBufferBase and alignment.
1295  LogonInfo->Password.Buffer = FIXUP_POINTER(LogonInfo->Password.Buffer, PtrOffset);
1296  LogonInfo->Password.MaximumLength = LogonInfo->Password.Length;
1297  }
1298  else
1299  {
1300  LogonInfo->Password.Buffer = NULL;
1301  LogonInfo->Password.MaximumLength = 0;
1302  }
1303 
1304  /* Decode password */
1305  if (LogonPassHash > 0)
1306  {
1307  RtlRunDecodeUnicodeString(LogonPassHash, &LogonInfo->Password);
1308  }
1309 
1310  /* ErasePassword will be "erased" before we return */
1311  ErasePassword = &LogonInfo->Password;
1312 
1313  Status = RtlValidateUnicodeString(0, &LogonInfo->Password);
1314  if (!NT_SUCCESS(Status))
1315  return STATUS_INVALID_PARAMETER;
1316 
1317  TRACE("Domain: %wZ\n", &LogonInfo->LogonDomainName);
1318  TRACE("User: %wZ\n", &LogonInfo->UserName);
1319  TRACE("Password: %wZ\n", &LogonInfo->Password);
1320 
1321  // TODO: If LogonType == Service, do some extra work using LogonInfo->Password.
1322  }
1323  else
1324  {
1325  FIXME("LogonType %lu is not supported yet!\n", LogonType);
1326  return STATUS_NOT_IMPLEMENTED;
1327  }
1328  // TODO: Add other LogonType validity checks.
1329 
1330  /* Get the logon time */
1331  NtQuerySystemTime(&LogonTime);
1332 
1333  /* Get the computer name */
1334  ComputerNameSize = ARRAYSIZE(ComputerName);
1335  GetComputerNameW(ComputerName, &ComputerNameSize);
1336 
1337  /* Check for special accounts */
1338  // FIXME: Windows does not do this that way!! (msv1_0 does not contain these hardcoded values)
1339  if (RtlEqualUnicodeString(&LogonInfo->LogonDomainName, &NtAuthorityU, TRUE))
1340  {
1341  SpecialAccount = TRUE;
1342 
1343  /* Get the authority domain SID */
1344  Status = GetNtAuthorityDomainSid(&AccountDomainSid);
1345  if (!NT_SUCCESS(Status))
1346  {
1347  ERR("GetNtAuthorityDomainSid() failed (Status 0x%08lx)\n", Status);
1348  return Status;
1349  }
1350 
1351  if (RtlEqualUnicodeString(&LogonInfo->UserName, &LocalServiceU, TRUE))
1352  {
1353  TRACE("SpecialAccount: LocalService\n");
1354 
1355  if (LogonType != Service)
1356  return STATUS_LOGON_FAILURE;
1357 
1358  UserInfo = RtlAllocateHeap(RtlGetProcessHeap(),
1359  HEAP_ZERO_MEMORY,
1360  sizeof(SAMPR_USER_ALL_INFORMATION));
1361  if (UserInfo == NULL)
1362  {
1363  Status = STATUS_INSUFFICIENT_RESOURCES;
1364  goto done;
1365  }
1366 
1367  UserInfo->All.UserId = SECURITY_LOCAL_SERVICE_RID;
1368  UserInfo->All.PrimaryGroupId = SECURITY_LOCAL_SERVICE_RID;
1369  }
1370  else if (RtlEqualUnicodeString(&LogonInfo->UserName, &NetworkServiceU, TRUE))
1371  {
1372  TRACE("SpecialAccount: NetworkService\n");
1373 
1374  if (LogonType != Service)
1375  return STATUS_LOGON_FAILURE;
1376 
1377  UserInfo = RtlAllocateHeap(RtlGetProcessHeap(),
1378  HEAP_ZERO_MEMORY,
1379  sizeof(SAMPR_USER_ALL_INFORMATION));
1380  if (UserInfo == NULL)
1381  {
1382  Status = STATUS_INSUFFICIENT_RESOURCES;
1383  goto done;
1384  }
1385 
1386  UserInfo->All.UserId = SECURITY_NETWORK_SERVICE_RID;
1387  UserInfo->All.PrimaryGroupId = SECURITY_NETWORK_SERVICE_RID;
1388  }
1389  else
1390  {
1391  Status = STATUS_NO_SUCH_USER;
1392  goto done;
1393  }
1394  }
1395  else
1396  {
1397  TRACE("NormalAccount\n");
1398 
1399  /* Get the account domain SID */
1400  Status = GetAccountDomainSid(&AccountDomainSid);
1401  if (!NT_SUCCESS(Status))
1402  {
1403  ERR("GetAccountDomainSid() failed (Status 0x%08lx)\n", Status);
1404  return Status;
1405  }
1406 
1407  /* Connect to the SAM server */
1408  Status = SamIConnect(NULL,
1409  &ServerHandle,
1410  SAM_SERVER_CONNECT | SAM_SERVER_LOOKUP_DOMAIN,
1411  TRUE);
1412  if (!NT_SUCCESS(Status))
1413  {
1414  TRACE("SamIConnect() failed (Status 0x%08lx)\n", Status);
1415  goto done;
1416  }
1417 
1418  /* Open the account domain */
1419  Status = SamrOpenDomain(ServerHandle,
1420  DOMAIN_LOOKUP,
1421  AccountDomainSid,
1422  &DomainHandle);
1423  if (!NT_SUCCESS(Status))
1424  {
1425  ERR("SamrOpenDomain failed (Status %08lx)\n", Status);
1426  goto done;
1427  }
1428 
1429  Names[0].Length = LogonInfo->UserName.Length;
1430  Names[0].MaximumLength = LogonInfo->UserName.MaximumLength;
1431  Names[0].Buffer = LogonInfo->UserName.Buffer;
1432 
1433  /* Try to get the RID for the user name */
1434  Status = SamrLookupNamesInDomain(DomainHandle,
1435  1,
1436  Names,
1437  &RelativeIds,
1438  &Use);
1439  if (!NT_SUCCESS(Status))
1440  {
1441  ERR("SamrLookupNamesInDomain failed (Status %08lx)\n", Status);
1442  Status = STATUS_NO_SUCH_USER;
1443  goto done;
1444  }
1445 
1446  /* Fail, if it is not a user account */
1447  if (Use.Element[0] != SidTypeUser)
1448  {
1449  ERR("Account is not a user account!\n");
1450  Status = STATUS_NO_SUCH_USER;
1451  goto done;
1452  }
1453 
1454  /* Open the user object */
1455  Status = SamrOpenUser(DomainHandle,
1456  USER_READ_GENERAL | USER_READ_LOGON |
1457  USER_READ_ACCOUNT | USER_READ_PREFERENCES, /* FIXME */
1458  RelativeIds.Element[0],
1459  &UserHandle);
1460  if (!NT_SUCCESS(Status))
1461  {
1462  ERR("SamrOpenUser failed (Status %08lx)\n", Status);
1463  goto done;
1464  }
1465 
1466  Status = SamrQueryInformationUser(UserHandle,
1467  UserAllInformation,
1468  &UserInfo);
1469  if (!NT_SUCCESS(Status))
1470  {
1471  ERR("SamrQueryInformationUser failed (Status %08lx)\n", Status);
1472  goto done;
1473  }
1474 
1475  TRACE("UserName: %wZ\n", &UserInfo->All.UserName);
1476 
1477  /* Check the password */
1478  if ((UserInfo->All.UserAccountControl & USER_PASSWORD_NOT_REQUIRED) == 0)
1479  {
1480  Status = MsvpCheckPassword(&LogonInfo->Password,
1481  UserInfo);
1482  if (!NT_SUCCESS(Status))
1483  {
1484  ERR("MsvpCheckPassword failed (Status %08lx)\n", Status);
1485  goto done;
1486  }
1487  }
1488 
1489  /* Check account restrictions for non-administrator accounts */
1490  if (RelativeIds.Element[0] != DOMAIN_USER_RID_ADMIN)
1491  {
1492  /* Check if the account has been disabled */
1493  if (UserInfo->All.UserAccountControl & USER_ACCOUNT_DISABLED)
1494  {
1495  ERR("Account disabled!\n");
1496  *SubStatus = STATUS_ACCOUNT_DISABLED;
1497  Status = STATUS_ACCOUNT_RESTRICTION;
1498  goto done;
1499  }
1500 
1501  /* Check if the account has been locked */
1502  if (UserInfo->All.UserAccountControl & USER_ACCOUNT_AUTO_LOCKED)
1503  {
1504  ERR("Account locked!\n");
1505  *SubStatus = STATUS_ACCOUNT_LOCKED_OUT;
1506  Status = STATUS_ACCOUNT_RESTRICTION;
1507  goto done;
1508  }
1509 
1510  /* Check if the account expired */
1511  AccountExpires.LowPart = UserInfo->All.AccountExpires.LowPart;
1512  AccountExpires.HighPart = UserInfo->All.AccountExpires.HighPart;
1513  if (LogonTime.QuadPart >= AccountExpires.QuadPart)
1514  {
1515  ERR("Account expired!\n");
1516  *SubStatus = STATUS_ACCOUNT_EXPIRED;
1517  Status = STATUS_ACCOUNT_RESTRICTION;
1518  goto done;
1519  }
1520 
1521  /* Check if the password expired */
1522  PasswordMustChange.LowPart = UserInfo->All.PasswordMustChange.LowPart;
1523  PasswordMustChange.HighPart = UserInfo->All.PasswordMustChange.HighPart;
1524  PasswordLastSet.LowPart = UserInfo->All.PasswordLastSet.LowPart;
1525  PasswordLastSet.HighPart = UserInfo->All.PasswordLastSet.HighPart;
1526 
1527  if (LogonTime.QuadPart >= PasswordMustChange.QuadPart)
1528  {
1529  ERR("Password expired!\n");
1530  if (PasswordLastSet.QuadPart == 0)
1531  *SubStatus = STATUS_PASSWORD_MUST_CHANGE;
1532  else
1533  *SubStatus = STATUS_PASSWORD_EXPIRED;
1534 
1535  Status = STATUS_ACCOUNT_RESTRICTION;
1536  goto done;
1537  }
1538 
1539  /* Check logon hours */
1540  if (!MsvpCheckLogonHours(&UserInfo->All.LogonHours, &LogonTime))
1541  {
1542  ERR("Invalid logon hours!\n");
1543  *SubStatus = STATUS_INVALID_LOGON_HOURS;
1544  Status = STATUS_ACCOUNT_RESTRICTION;
1545  goto done;
1546  }
1547 
1548  /* Check workstations */
1549  if (!MsvpCheckWorkstations(&UserInfo->All.WorkStations, ComputerName))
1550  {
1551  ERR("Invalid workstation!\n");
1552  *SubStatus = STATUS_INVALID_WORKSTATION;
1553  Status = STATUS_ACCOUNT_RESTRICTION;
1554  goto done;
1555  }
1556  }
1557  }
1558 
1559  /* Return logon information */
1560 
1561  /* Create and return a new logon id */
1562  Status = NtAllocateLocallyUniqueId(LogonId);
1563  if (!NT_SUCCESS(Status))
1564  {
1565  TRACE("NtAllocateLocallyUniqueId failed (Status %08lx)\n", Status);
1566  goto done;
1567  }
1568 
1569  /* Create the logon session */
1570  Status = DispatchTable.CreateLogonSession(LogonId);
1571  if (!NT_SUCCESS(Status))
1572  {
1573  TRACE("CreateLogonSession failed (Status %08lx)\n", Status);
1574  goto done;
1575  }
1576 
1577  SessionCreated = TRUE;
1578 
1579  /* Build and fill the interactive profile buffer */
1580  Status = BuildInteractiveProfileBuffer(ClientRequest,
1581  UserInfo,
1582  ComputerName,
1583  (PMSV1_0_INTERACTIVE_PROFILE*)ProfileBuffer,
1584  ProfileBufferSize);
1585  if (!NT_SUCCESS(Status))
1586  {
1587  TRACE("BuildInteractiveProfileBuffer failed (Status %08lx)\n", Status);
1588  goto done;
1589  }
1590 
1591  /* Return the token information type */
1592  *TokenInformationType = LsaTokenInformationV1;
1593 
1594  /* Build and fill the token information buffer */
1595  Status = BuildTokenInformationBuffer((PLSA_TOKEN_INFORMATION_V1*)TokenInformation,
1596  AccountDomainSid,
1597  UserInfo,
1598  SpecialAccount);
1599  if (!NT_SUCCESS(Status))
1600  {
1601  TRACE("BuildTokenInformationBuffer failed (Status %08lx)\n", Status);
1602  goto done;
1603  }
1604 
1605 done:
1606  /* Erase password */
1607  if (ErasePassword)
1608  {
1609  RtlEraseUnicodeString(ErasePassword);
1610  }
1611 
1612  /* Update the logon time/count or the bad password time/count */
1613  if ((UserHandle != NULL) &&
1614  (Status == STATUS_SUCCESS || Status == STATUS_WRONG_PASSWORD))
1615  {
1616  SAMPR_USER_INFO_BUFFER InternalInfo;
1617 
1618  RtlZeroMemory(&InternalInfo, sizeof(InternalInfo));
1619 
1620  if (Status == STATUS_SUCCESS)
1621  InternalInfo.Internal2.Flags = USER_LOGON_SUCCESS;
1622  else
1623  InternalInfo.Internal2.Flags = USER_LOGON_BAD_PASSWORD;
1624 
1625  SamrSetInformationUser(UserHandle,
1626  UserInternal2Information,
1627  &InternalInfo);
1628  }
1629 
1630  /* Return the account name */
1631  *AccountName = DispatchTable.AllocateLsaHeap(sizeof(UNICODE_STRING));
1632  if (*AccountName != NULL)
1633  {
1634  (*AccountName)->Buffer = DispatchTable.AllocateLsaHeap(LogonInfo->UserName.Length +
1635  sizeof(UNICODE_NULL));
1636  if ((*AccountName)->Buffer != NULL)
1637  {
1638  (*AccountName)->MaximumLength = LogonInfo->UserName.Length +
1639  sizeof(UNICODE_NULL);
1640  RtlCopyUnicodeString(*AccountName, &LogonInfo->UserName);
1641  }
1642  }
1643 
1644  /* Return the authenticating authority */
1645  *AuthenticatingAuthority = DispatchTable.AllocateLsaHeap(sizeof(UNICODE_STRING));
1646  if (*AuthenticatingAuthority != NULL)
1647  {
1648  (*AuthenticatingAuthority)->Buffer = DispatchTable.AllocateLsaHeap(LogonInfo->LogonDomainName.Length +
1649  sizeof(UNICODE_NULL));
1650  if ((*AuthenticatingAuthority)->Buffer != NULL)
1651  {
1652  (*AuthenticatingAuthority)->MaximumLength = LogonInfo->LogonDomainName.Length +
1653  sizeof(UNICODE_NULL);
1654  RtlCopyUnicodeString(*AuthenticatingAuthority, &LogonInfo->LogonDomainName);
1655  }
1656  }
1657 
1658  /* Return the machine name */
1659  *MachineName = DispatchTable.AllocateLsaHeap(sizeof(UNICODE_STRING));
1660  if (*MachineName != NULL)
1661  {
1662  (*MachineName)->Buffer = DispatchTable.AllocateLsaHeap((ComputerNameSize + 1) * sizeof(WCHAR));
1663  if ((*MachineName)->Buffer != NULL)
1664  {
1665  (*MachineName)->MaximumLength = (ComputerNameSize + 1) * sizeof(WCHAR);
1666  (*MachineName)->Length = ComputerNameSize * sizeof(WCHAR);
1667  RtlCopyMemory((*MachineName)->Buffer, ComputerName, (*MachineName)->MaximumLength);
1668  }
1669  }
1670 
1671  if (!NT_SUCCESS(Status))
1672  {
1673  if (SessionCreated != FALSE)
1674  DispatchTable.DeleteLogonSession(LogonId);
1675 
1676  if (*ProfileBuffer != NULL)
1677  {
1678  DispatchTable.FreeClientBuffer(ClientRequest,
1679  *ProfileBuffer);
1680  *ProfileBuffer = NULL;
1681  }
1682  }
1683 
1684  if (UserHandle != NULL)
1685  SamrCloseHandle(&UserHandle);
1686 
1687  SamIFree_SAMPR_USER_INFO_BUFFER(UserInfo,
1688  UserAllInformation);
1689  SamIFree_SAMPR_ULONG_ARRAY(&RelativeIds);
1690  SamIFree_SAMPR_ULONG_ARRAY(&Use);
1691 
1692  if (DomainHandle != NULL)
1693  SamrCloseHandle(&DomainHandle);
1694 
1695  if (ServerHandle != NULL)
1696  SamrCloseHandle(&ServerHandle);
1697 
1698  if (AccountDomainSid != NULL)
1699  RtlFreeHeap(RtlGetProcessHeap(), 0, AccountDomainSid);
1700 
1701  if (Status == STATUS_NO_SUCH_USER ||
1702  Status == STATUS_WRONG_PASSWORD)
1703  {
1704  *SubStatus = Status;
1705  Status = STATUS_LOGON_FAILURE;
1706  }
1707 
1708  TRACE("LsaApLogonUserEx2 done (Status 0x%08lx, SubStatus 0x%08lx)\n", Status, *SubStatus);
1709 
1710  return Status;
1711 }
1712 
1713 
1714 /*
1715  * @unimplemented
1716  */
1717 NTSTATUS
1718 NTAPI
1719 SpLsaModeInitialize(
1720  _In_ ULONG LsaVersion,
1721  _Out_ PULONG PackageVersion,
1722  _Out_ PSECPKG_FUNCTION_TABLE *ppTables,
1723  _Out_ PULONG pcTables)
1724 {
1725  TRACE("SpLsaModeInitialize(0x%lx %p %p %p)\n",
1726  LsaVersion, PackageVersion, ppTables, pcTables);
1727 
1728  if (LsaVersion != SECPKG_INTERFACE_VERSION)
1729  return STATUS_INVALID_PARAMETER;
1730 
1731  *PackageVersion = SECPKG_INTERFACE_VERSION;
1732 
1733  RtlZeroMemory(NtlmLsaFn, sizeof(NtlmLsaFn));
1734 
1735  /* msv1_0 (XP, win2k) returns NULL for
1736  * InitializePackage, LsaLogonUser,LsaLogonUserEx,
1737  * SpQueryContextAttributes and SpAddCredentials */
1738  NtlmLsaFn[0].InitializePackage = NULL;
1739  NtlmLsaFn[0].LsaLogonUser = NULL;
1740  NtlmLsaFn[0].CallPackage = LsaApCallPackage;
1741  NtlmLsaFn[0].LogonTerminated = LsaApLogonTerminated;
1742  NtlmLsaFn[0].CallPackageUntrusted = LsaApCallPackageUntrusted;
1743  NtlmLsaFn[0].CallPackagePassthrough = LsaApCallPackagePassthrough;
1744  NtlmLsaFn[0].LogonUserEx = NULL;
1745  NtlmLsaFn[0].LogonUserEx2 = LsaApLogonUserEx2;
1746  NtlmLsaFn[0].Initialize = SpInitialize;
1747  NtlmLsaFn[0].Shutdown = LsaSpShutDown;
1748  NtlmLsaFn[0].GetInfo = LsaSpGetInfoW;
1749  NtlmLsaFn[0].AcceptCredentials = SpAcceptCredentials;
1750  NtlmLsaFn[0].SpAcquireCredentialsHandle = LsaSpAcquireCredentialsHandle;
1751  NtlmLsaFn[0].SpQueryCredentialsAttributes = LsaSpQueryCredentialsAttributes;
1752  NtlmLsaFn[0].FreeCredentialsHandle = LsaSpFreeCredentialsHandle;
1753  NtlmLsaFn[0].SaveCredentials = LsaSpSaveCredentials;
1754  NtlmLsaFn[0].GetCredentials = LsaSpGetCredentials;
1755  NtlmLsaFn[0].DeleteCredentials = LsaSpDeleteCredentials;
1756  NtlmLsaFn[0].InitLsaModeContext = LsaSpInitLsaModeContext;
1757  NtlmLsaFn[0].AcceptLsaModeContext = LsaSpAcceptLsaModeContext;
1758  NtlmLsaFn[0].DeleteContext = LsaSpDeleteContext;
1759  NtlmLsaFn[0].ApplyControlToken = LsaSpApplyControlToken;
1760  NtlmLsaFn[0].GetUserInfo = LsaSpGetUserInfo;
1761  NtlmLsaFn[0].GetExtendedInformation = LsaSpGetExtendedInformation;
1762  NtlmLsaFn[0].SpQueryContextAttributes = NULL;
1763  NtlmLsaFn[0].SpAddCredentials = NULL;
1764  NtlmLsaFn[0].SetExtendedInformation = LsaSpSetExtendedInformation;
1765 
1766  *ppTables = NtlmLsaFn;
1767  *pcTables = 1;
1768 
1769  return STATUS_SUCCESS;
1770 }
1771 
1772 
1773 /*
1774  * @unimplemented
1775  */
1776 NTSTATUS
1777 WINAPI
1778 SpUserModeInitialize(
1779  _In_ ULONG LsaVersion,
1780  _Out_ PULONG PackageVersion,
1781  _Out_ PSECPKG_USER_FUNCTION_TABLE *ppTables,
1782  _Out_ PULONG pcTables)
1783 {
1784  SECPKG_USER_FUNCTION_TABLE Tables[1];
1785 
1786  TRACE("SpUserModeInitialize(0x%lx %p %p %p)\n",
1787  LsaVersion, PackageVersion, ppTables, pcTables);
1788 
1789  if (LsaVersion != SECPKG_INTERFACE_VERSION)
1790  return STATUS_INVALID_PARAMETER;
1791 
1792  *PackageVersion = SECPKG_INTERFACE_VERSION;
1793 
1794  RtlZeroMemory(&Tables, sizeof(Tables));
1795 
1796 // Tables[0].InstanceInit = SpInstanceInit;
1797 // Tables[0].InitUserModeContext = NULL;
1798 // Tables[0].MakeSignature = NULL;
1799 // Tables[0].VerifySignature = NULL;
1800 // Tables[0].SealMessage = NULL;
1801 // Tables[0].UnsealMessage = NULL;
1802 // Tables[0].GetContextToken = NULL;
1803 // Tables[0].SpQueryContextAttributes = NULL;
1804 // Tables[0].CompleteAuthToken = NULL;
1805 // Tables[0].DeleteUserModeContext = NULL;
1806 // Tables[0].FormatCredentials = NULL;
1807 // Tables[0].MarshallSupplementalCreds = NULL;
1808 // Tables[0].ExportContext = NULL;
1809 // Tables[0].ImportContext = NULL;
1810 
1811  *ppTables = Tables;
1812  *pcTables = 1;
1813 
1814  return STATUS_SUCCESS;
1815 }
1816 
1817 /* EOF */
_ENCRYPTED_LM_OWF_PASSWORD
Definition: msv1_0.h:49
_TIME_FIELDS::Weekday
USHORT Weekday
Definition: env_spec_w32.h:718
_SAMPR_USER_ALL_INFORMATION::LmOwfPassword
RPC_SHORT_BLOB LmOwfPassword
Definition: msv1_0.h:96
PCHAR
signed char * PCHAR
Definition: retypes.h:7
PNTSTATUS
* PNTSTATUS
Definition: strlen.c:14
_SAMPR_ULONG_ARRAY::Element
unsigned long * Element
Definition: lsasrv.h:88
PMSV1_0_CHANGEPASSWORD_REQUEST
struct _MSV1_0_CHANGEPASSWORD_REQUEST * PMSV1_0_CHANGEPASSWORD_REQUEST
_LSAPR_POLICY_INFORMATION
Definition: msv1_0.h:270
STATUS_WRONG_PASSWORD
#define STATUS_WRONG_PASSWORD
Definition: ntstatus.h:342
LSA_DISPATCH_TABLE
Definition: authpackage.c:53
_SAMPR_USER_ALL_INFORMATION::UserName
RPC_UNICODE_STRING UserName
Definition: msv1_0.h:86
LsaApCallPackage
NTSTATUS NTAPI LsaApCallPackage(IN PLSA_CLIENT_REQUEST ClientRequest, IN PVOID ProtocolSubmitBuffer, IN PVOID ClientBufferBase, IN ULONG SubmitBufferLength, OUT PVOID *ProtocolReturnBuffer, OUT PULONG ReturnBufferLength, OUT PNTSTATUS ProtocolStatus)
Definition: msv1_0.c:974
_SECPKG_FUNCTION_TABLE::SpQueryCredentialsAttributes
SpQueryCredentialsAttributesFn * SpQueryCredentialsAttributes
Definition: ntsecpkg.h:478
MSV1_0_INTERACTIVE_PROFILE
struct _MSV1_0_INTERACTIVE_PROFILE MSV1_0_INTERACTIVE_PROFILE
_SAMPR_USER_ALL_INFORMATION
Definition: msv1_0.h:78
SAM_SERVER_CONNECT
#define SAM_SERVER_CONNECT
Definition: ntsam.h:99
IN
#define IN
Definition: typedefs.h:39
BufferLength
_Must_inspect_result_ _In_ WDFDEVICE _In_ DEVICE_REGISTRY_PROPERTY _In_ ULONG BufferLength
Definition: wdfdevice.h:3767
BuildTokenInformationBuffer
static NTSTATUS BuildTokenInformationBuffer(PLSA_TOKEN_INFORMATION_V1 *TokenInformation, PRPC_SID AccountDomainSid, PSAMPR_USER_INFO_BUFFER UserInfo, BOOL SpecialAccount)
Definition: msv1_0.c:412
MsvpCheckWorkstations
static BOOL MsvpCheckWorkstations(_In_ PRPC_UNICODE_STRING WorkStations, _In_ PWSTR ComputerName)
Definition: msv1_0.c:923
SECURITY_AUTHENTICATED_USER_RID
#define SECURITY_AUTHENTICATED_USER_RID
Definition: setypes.h:540
MSV1_0_PACKAGE_NAME
#define MSV1_0_PACKAGE_NAME
Definition: ntsecapi.h:42
STATUS_INSUFFICIENT_RESOURCES
#define STATUS_INSUFFICIENT_RESOURCES
Definition: udferr_usr.h:158
Length
_In_ ULONG _In_ ULONG _In_ ULONG Length
Definition: ntddpcm.h:101
USER_PASSWORD_NOT_REQUIRED
#define USER_PASSWORD_NOT_REQUIRED
Definition: ntsam.h:169
RtlRunDecodeUnicodeString
VOID NTAPI RtlRunDecodeUnicodeString(IN UCHAR Hash, IN OUT PUNICODE_STRING String)
Definition: encode.c:20
_SECPKG_SUPPLEMENTAL_CRED_ARRAY
Definition: ntsecpkg.h:109
LsaApInitializePackage
NTSTATUS NTAPI LsaApInitializePackage(IN ULONG AuthenticationPackageId, IN PLSA_DISPATCH_TABLE LsaDispatchTable, IN PLSA_STRING Database OPTIONAL, IN PLSA_STRING Confidentiality OPTIONAL, OUT PLSA_STRING *AuthenticationPackageName)
Definition: msv1_0.c:1099
LsaSpShutDown
NTSTATUS NTAPI LsaSpShutDown(VOID)
Definition: lsa.c:31
_MSV1_0_INTERACTIVE_LOGON::MessageType
MSV1_0_LOGON_SUBMIT_TYPE MessageType
Definition: ntsecapi.h:434
_MSV1_0_INTERACTIVE_PROFILE::LogoffTime
LARGE_INTEGER LogoffTime
Definition: ntsecapi.h:444
_TOKEN_GROUPS
Definition: setypes.h:963
_SID
Definition: ms-dtyp.idl:198
_MSV1_0_INTERACTIVE_PROFILE::ProfilePath
UNICODE_STRING ProfilePath
Definition: ntsecapi.h:452
SamrOpenDomain
NTSTATUS __stdcall SamrOpenDomain(SAMPR_HANDLE ServerHandle, ACCESS_MASK DesiredAccess, PRPC_SID DomainId, SAMPR_HANDLE *DomainHandle)
_UNICODE_STRING::MaximumLength
USHORT MaximumLength
Definition: env_spec_w32.h:370
_Out_
#define _Out_
Definition: ms_sal.h:345
_MSV1_0_INTERACTIVE_PROFILE::HomeDirectory
UNICODE_STRING HomeDirectory
Definition: ntsecapi.h:450
PtrOffset
#define PtrOffset(BASE, OFFSET)
Definition: cdprocs.h:1547
Buffer
IN BOOLEAN OUT PSTR Buffer
Definition: progress.h:34
Names
PWSTR Names[]
Definition: RtlGenerate8dot3Name.c:34
LsaSpDeleteContext
NTSTATUS NTAPI LsaSpDeleteContext(_In_ LSA_SEC_HANDLE ContextHandle)
Definition: lsa.c:180
TRUE
#define TRUE
Definition: types.h:120
SpInitialize
NTSTATUS NTAPI SpInitialize(_In_ ULONG_PTR PackageId, _In_ PSECPKG_PARAMETERS Parameters, _In_ PLSA_SECPKG_FUNCTION_TABLE FunctionTable)
Definition: lsa.c:19
STATUS_INVALID_PARAMETER
#define STATUS_INVALID_PARAMETER
Definition: udferr_usr.h:135
PWSTR
uint16_t * PWSTR
Definition: typedefs.h:56
LsaSpDeleteCredentials
NTSTATUS NTAPI LsaSpDeleteCredentials(_In_ LSA_SEC_HANDLE CredentialHandle, _In_ PSecBuffer Key)
Definition: lsa.c:113
GetNtAuthorityDomainSid
static NTSTATUS GetNtAuthorityDomainSid(PRPC_SID *Sid)
Definition: msv1_0.c:74
_TOKEN_PRIMARY_GROUP
Definition: setypes.h:981
_SECPKG_FUNCTION_TABLE::LsaLogonUser
PLSA_AP_LOGON_USER LsaLogonUser
Definition: ntsecpkg.h:466
CHAR
char CHAR
Definition: xmlstorage.h:175
_RPC_UNICODE_STRING
Definition: msv1_0.h:20
Ptr
_Must_inspect_result_ _In_ PFSRTL_PER_STREAM_CONTEXT Ptr
Definition: fsrtlfuncs.h:898
WARN
#define WARN(fmt,...)
Definition: debug.h:112
_SAMPR_USER_ALL_INFORMATION::UserId
unsigned long UserId
Definition: msv1_0.h:100
NTSTATUS
LONG NTSTATUS
Definition: precomp.h:26
_UNICODE_STRING::Length
USHORT Length
Definition: env_spec_w32.h:369
RtlFreeHeap
BOOLEAN NTAPI RtlFreeHeap(IN PVOID HeapHandle, IN ULONG Flags, IN PVOID HeapBase)
Definition: heap.c:606
PMSV1_0_INTERACTIVE_PROFILE
struct _MSV1_0_INTERACTIVE_PROFILE * PMSV1_0_INTERACTIVE_PROFILE
RtlEraseUnicodeString
NTSYSAPI VOID NTAPI RtlEraseUnicodeString(_Inout_ PUNICODE_STRING String)
_SAMPR_ULONG_ARRAY
Definition: lsasrv.h:85
SpLsaModeInitialize
NTSTATUS NTAPI SpLsaModeInitialize(_In_ ULONG LsaVersion, _Out_ PULONG PackageVersion, _Out_ PSECPKG_FUNCTION_TABLE *ppTables, _Out_ PULONG pcTables)
Definition: msv1_0.c:1719
ARRAYSIZE
#define ARRAYSIZE(array)
Definition: filtermapper.c:47
AppendRidToSid
static PSID AppendRidToSid(PSID SrcSid, ULONG Rid)
Definition: msv1_0.c:251
_SECPKG_FUNCTION_TABLE::FreeCredentialsHandle
SpFreeCredentialsHandleFn * FreeCredentialsHandle
Definition: ntsecpkg.h:479
_MSV1_0_INTERACTIVE_PROFILE::LogonScript
UNICODE_STRING LogonScript
Definition: ntsecapi.h:449
_SAMPR_USER_ALL_INFORMATION::PasswordLastSet
OLD_LARGE_INTEGER PasswordLastSet
Definition: msv1_0.h:82
MachineName
_In_ DWORD _Out_ PDWORD _In_opt_ PCSTR MachineName
Definition: setupapi.h:1286
ZeroMemory
#define ZeroMemory
Definition: winbase.h:1664
RtlSubAuthoritySid
NTSYSAPI PULONG NTAPI RtlSubAuthoritySid(_In_ PSID Sid, _In_ ULONG SubAuthority)
SamrLookupNamesInDomain
NTSTATUS NTAPI SamrLookupNamesInDomain(IN SAMPR_HANDLE DomainHandle, IN ULONG Count, IN RPC_UNICODE_STRING Names[], OUT PSAMPR_ULONG_ARRAY RelativeIds, OUT PSAMPR_ULONG_ARRAY Use)
Definition: samrpc.c:3464
ProfileBufferLength
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG ProfileBufferLength
Definition: ntifs.template.h:711
RPC_SHORT_BLOB::Buffer
unsigned short * Buffer
Definition: msv1_0.h:40
SamrChangePasswordUser
NTSTATUS NTAPI SamrChangePasswordUser(IN SAMPR_HANDLE UserHandle, IN unsigned char LmPresent, IN PENCRYPTED_LM_OWF_PASSWORD OldLmEncryptedWithNewLm, IN PENCRYPTED_LM_OWF_PASSWORD NewLmEncryptedWithOldLm, IN unsigned char NtPresent, IN PENCRYPTED_NT_OWF_PASSWORD OldNtEncryptedWithNewNt, IN PENCRYPTED_NT_OWF_PASSWORD NewNtEncryptedWithOldNt, IN unsigned char NtCrossEncryptionPresent, IN PENCRYPTED_NT_OWF_PASSWORD NewNtEncryptedWithNewLm, IN unsigned char LmCrossEncryptionPresent, IN PENCRYPTED_LM_OWF_PASSWORD NewLmEncryptedWithNewNt)
Definition: samrpc.c:7864
SystemFunction006
NTSTATUS WINAPI SystemFunction006(LPCSTR password, LPSTR hash)
Definition: crypt_lmhash.c:53
STATUS_ACCOUNT_LOCKED_OUT
#define STATUS_ACCOUNT_LOCKED_OUT
Definition: ntstatus.h:696
_MSV1_0_CHANGEPASSWORD_REQUEST
Definition: ntsecapi.h:510
GetComputerNameW
BOOL WINAPI GetComputerNameW(LPWSTR lpBuffer, LPDWORD lpnSize)
Definition: compname.c:446
OEM_STRING
STRING OEM_STRING
Definition: umtypes.h:203
Groups
TOpcodeData Groups[17][8]
Definition: disassemblerdata.h:895
LPSTR
char * LPSTR
Definition: xmlstorage.h:182
_LSAPR_POLICY_ACCOUNT_DOM_INFO::Sid
PRPC_SID Sid
Definition: msv1_0.h:247
NtAllocateLocallyUniqueId
NTSTATUS NTAPI NtAllocateLocallyUniqueId(OUT LUID *LocallyUniqueId)
Definition: uuid.c:348
_LSAPR_POLICY_INFORMATION::PolicyAccountDomainInfo
LSAPR_POLICY_ACCOUNT_DOM_INFO PolicyAccountDomainInfo
Definition: msv1_0.h:276
SamrLookupDomainInSamServer
NTSTATUS NTAPI SamrLookupDomainInSamServer(IN SAMPR_HANDLE ServerHandle, IN PRPC_UNICODE_STRING Name, OUT PRPC_SID *DomainId)
Definition: samrpc.c:504
_SECPKG_FUNCTION_TABLE::AcceptLsaModeContext
SpAcceptLsaModeContextFn * AcceptLsaModeContext
Definition: ntsecpkg.h:484
LsaSpQueryCredentialsAttributes
NTSTATUS NTAPI LsaSpQueryCredentialsAttributes(_In_ LSA_SEC_HANDLE CredentialHandle, _In_ ULONG CredentialAttribute, _Inout_ PVOID Buffer)
Definition: lsa.c:72
RtlAllocateAndInitializeSid
NTSYSAPI NTSTATUS NTAPI RtlAllocateAndInitializeSid(IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, IN UCHAR SubAuthorityCount, IN ULONG SubAuthority0, IN ULONG SubAuthority1, IN ULONG SubAuthority2, IN ULONG SubAuthority3, IN ULONG SubAuthority4, IN ULONG SubAuthority5, IN ULONG SubAuthority6, IN ULONG SubAuthority7, OUT PSID *Sid)
Definition: sid.c:290
BOOL
#define BOOL
Definition: nt_native.h:43
_MSV1_0_INTERACTIVE_PROFILE::LogonCount
USHORT LogonCount
Definition: ntsecapi.h:441
_SAMPR_LOGON_HOURS
Definition: msv1_0.h:60
_MSV1_0_INTERACTIVE_PROFILE::PasswordMustChange
LARGE_INTEGER PasswordMustChange
Definition: ntsecapi.h:448
_SAMPR_USER_INFO_BUFFER
Definition: msv1_0.h:115
_MSV1_0_INTERACTIVE_LOGON::Password
UNICODE_STRING Password
Definition: ntsecapi.h:437
_SECPKG_FUNCTION_TABLE::CallPackageUntrusted
PLSA_AP_CALL_PACKAGE_UNTRUSTED CallPackageUntrusted
Definition: ntsecpkg.h:469
_MSV1_0_CHANGEPASSWORD_REQUEST::AccountName
UNICODE_STRING AccountName
Definition: ntsecapi.h:513
STATUS_ACCOUNT_EXPIRED
#define STATUS_ACCOUNT_EXPIRED
Definition: ntstatus.h:636
_MSV1_0_INTERACTIVE_PROFILE::FullName
UNICODE_STRING FullName
Definition: ntsecapi.h:451
_SAMPR_USER_INFO_BUFFER::All
SAMPR_USER_ALL_INFORMATION All
Definition: msv1_0.h:141
RtlCopyUnicodeString
NTSYSAPI VOID NTAPI RtlCopyUnicodeString(PUNICODE_STRING DestinationString, PUNICODE_STRING SourceString)
STATUS_INVALID_LOGON_HOURS
#define STATUS_INVALID_LOGON_HOURS
Definition: ntstatus.h:347
LsaIOpenPolicyTrusted
NTSTATUS WINAPI LsaIOpenPolicyTrusted(OUT LSAPR_HANDLE *PolicyHandle)
Definition: policy.c:15
USER_ACCOUNT_DISABLED
#define USER_ACCOUNT_DISABLED
Definition: ntsam.h:167
STATUS_ACCOUNT_RESTRICTION
#define STATUS_ACCOUNT_RESTRICTION
Definition: ntstatus.h:346
_MSV1_0_INTERACTIVE_PROFILE
Definition: ntsecapi.h:439
RtlInitAnsiString
NTSYSAPI VOID NTAPI RtlInitAnsiString(PANSI_STRING DestinationString, PCSZ SourceString)
ULONG_PTR
uint32_t ULONG_PTR
Definition: typedefs.h:65
WINE_DEFAULT_DEBUG_CHANNEL
WINE_DEFAULT_DEBUG_CHANNEL(msv1_0)
LsaIFree_LSAPR_POLICY_INFORMATION
VOID NTAPI LsaIFree_LSAPR_POLICY_INFORMATION(IN POLICY_INFORMATION_CLASS InformationClass, IN PLSAPR_POLICY_INFORMATION PolicyInformation)
Definition: lsasrv.c:51
SamIConnect
NTSTATUS NTAPI SamIConnect(PSAMPR_SERVER_NAME ServerName, SAMPR_HANDLE *ServerHandle, ACCESS_MASK DesiredAccess, BOOLEAN Trusted)
STATUS_NOT_IMPLEMENTED
return STATUS_NOT_IMPLEMENTED
Definition: fxdriverapium.cpp:241
PMSV1_0_INTERACTIVE_LOGON
struct _MSV1_0_INTERACTIVE_LOGON * PMSV1_0_INTERACTIVE_LOGON
RtlInitializeSid
NTSYSAPI NTSTATUS NTAPI RtlInitializeSid(IN OUT PSID Sid, IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, IN UCHAR SubAuthorityCount)
SamIFreeVoid
VOID NTAPI SamIFreeVoid(PVOID Ptr)
Definition: samsrv.c:155
GetAccountDomainSid
static NTSTATUS GetAccountDomainSid(PRPC_SID *Sid)
Definition: msv1_0.c:25
FIXUP_POINTER
#define FIXUP_POINTER(Pointer, Offset)
Definition: msv1_0.h:9
LPBYTE
unsigned char * LPBYTE
Definition: typedefs.h:53
ProtocolStatus
VOID NTAPI ProtocolStatus(NDIS_HANDLE BindingContext, NDIS_STATUS GenerelStatus, PVOID StatusBuffer, UINT StatusBufferSize)
Called by NDIS when the underlying driver has changed state.
Definition: lan.c:461
USER_READ_GENERAL
#define USER_READ_GENERAL
Definition: ntsam.h:126
SystemFunction012
NTSTATUS WINAPI SystemFunction012(const BYTE *in, const BYTE *key, LPBYTE out)
Definition: sysfunc.c:353
NTAPI
NTSTATUS(* NTAPI)(IN PFILE_FULL_EA_INFORMATION EaBuffer, IN ULONG EaLength, OUT PULONG ErrorOffset)
Definition: IoEaTest.cpp:117
FALSE
#define FALSE
Definition: types.h:117
UNICODE_NULL
#define UNICODE_NULL
_SECPKG_FUNCTION_TABLE::SpQueryContextAttributes
SpQueryContextAttributesFn * SpQueryContextAttributes
Definition: ntsecpkg.h:489
SubStatus
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID _Out_ PHANDLE _Out_ PQUOTA_LIMITS _Out_ PNTSTATUS SubStatus
Definition: ntifs.template.h:711
_LUID
Definition: devicetopology.idl:136
LsaApLogonTerminated
VOID NTAPI LsaApLogonTerminated(IN PLUID LogonId)
Definition: msv1_0.c:1152
PMSV1_0_PROTOCOL_MESSAGE_TYPE
enum _MSV1_0_PROTOCOL_MESSAGE_TYPE * PMSV1_0_PROTOCOL_MESSAGE_TYPE
BOOL
unsigned int BOOL
Definition: ntddk_ex.h:94
_SAMPR_USER_INTERNAL2_INFORMATION::Flags
unsigned long Flags
Definition: msv1_0.h:71
_UNICODE_STRING::Buffer
PWSTR Buffer
Definition: env_spec_w32.h:371
DOMAIN_USER_RID_ADMIN
#define DOMAIN_USER_RID_ADMIN
Definition: setypes.h:603
_ANSI_STRING
Definition: env_spec_w32.h:375
RtlUpcaseUnicodeStringToOemString
NTSYSAPI NTSTATUS NTAPI RtlUpcaseUnicodeStringToOemString(POEM_STRING DestinationString, PCUNICODE_STRING SourceString, BOOLEAN AllocateDestinationString)
_MSV1_0_INTERACTIVE_PROFILE::PasswordLastSet
LARGE_INTEGER PasswordLastSet
Definition: ntsecapi.h:446
SpAcceptCredentials
NTSTATUS NTAPI SpAcceptCredentials(_In_ SECURITY_LOGON_TYPE LogonType, _In_ PUNICODE_STRING AccountName, _In_ PSECPKG_PRIMARY_CRED PrimaryCredentials, _In_ PSECPKG_SUPPLEMENTAL_CRED SupplementalCredentials)
Definition: lsa.c:40
FIXME
#define FIXME(fmt,...)
Definition: debug.h:111
BuildInteractiveProfileBuffer
static NTSTATUS BuildInteractiveProfileBuffer(IN PLSA_CLIENT_REQUEST ClientRequest, IN PSAMPR_USER_INFO_BUFFER UserInfo, IN PWSTR ComputerName, OUT PMSV1_0_INTERACTIVE_PROFILE *ProfileBuffer, OUT PULONG ProfileBufferLength)
Definition: msv1_0.c:95
_SECPKG_FUNCTION_TABLE::CallPackage
PLSA_AP_CALL_PACKAGE CallPackage
Definition: ntsecpkg.h:467
RtlValidateUnicodeString
NTSYSAPI NTSTATUS NTAPI RtlValidateUnicodeString(_In_ ULONG Flags, _In_ PCUNICODE_STRING String)
Definition: unicode.c:2559
_SECPKG_FUNCTION_TABLE
Definition: ntsecpkg.h:464
BOOLEAN
unsigned char BOOLEAN
Definition: ProcessorBind.h:185
LsaSpApplyControlToken
NTSTATUS NTAPI LsaSpApplyControlToken(_In_ LSA_SEC_HANDLE ContextHandle, _In_ PSecBufferDesc ControlToken)
Definition: lsa.c:189
_LARGE_INTEGER::HighPart
LONG HighPart
Definition: typedefs.h:107
SE_GROUP_ENABLED_BY_DEFAULT
#define SE_GROUP_ENABLED_BY_DEFAULT
Definition: setypes.h:91
PLSA_TOKEN_INFORMATION_TYPE
enum _LSA_TOKEN_INFORMATION_TYPE * PLSA_TOKEN_INFORMATION_TYPE
_In_
#define _In_
Definition: ms_sal.h:308
SAM_SERVER_LOOKUP_DOMAIN
#define SAM_SERVER_LOOKUP_DOMAIN
Definition: ntsam.h:104
Sid
_In_ ULONG _In_ ACCESS_MASK _In_ PSID Sid
Definition: rtlfuncs.h:1103
_MSV1_0_INTERACTIVE_PROFILE::LogonTime
LARGE_INTEGER LogonTime
Definition: ntsecapi.h:443
LsaSpGetInfoW
NTSTATUS NTAPI LsaSpGetInfoW(_Out_ PSecPkgInfoW PackageInfo)
Definition: lsa.c:123
RtlSystemTimeToLocalTime
NTSYSAPI NTSTATUS NTAPI RtlSystemTimeToLocalTime(_In_ PLARGE_INTEGER SystemTime, _Out_ PLARGE_INTEGER LocalTime)
Buffer
Definition: bufpool.h:45
_SAMPR_USER_ALL_INFORMATION::AccountExpires
OLD_LARGE_INTEGER AccountExpires
Definition: msv1_0.h:83
SECPKG_INTERFACE_VERSION
#define SECPKG_INTERFACE_VERSION
Definition: ntsecpkg.h:34
_SECPKG_FUNCTION_TABLE::AcceptCredentials
SpAcceptCredentialsFn * AcceptCredentials
Definition: ntsecpkg.h:476
RtlLengthSid
NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid)
Definition: sid.c:150
SECURITY_LOCAL_SERVICE_RID
#define SECURITY_LOCAL_SERVICE_RID
Definition: setypes.h:547
LsaSpSaveCredentials
NTSTATUS NTAPI LsaSpSaveCredentials(_In_ LSA_SEC_HANDLE CredentialHandle, _In_ PSecBuffer Credentials)
Definition: lsa.c:93
SECURITY_NT_AUTHORITY
#define SECURITY_NT_AUTHORITY
Definition: setypes.h:526
STATUS_NAME_TOO_LONG
#define STATUS_NAME_TOO_LONG
Definition: ntstatus.h:498
_SECPKG_FUNCTION_TABLE::InitializePackage
PLSA_AP_INITIALIZE_PACKAGE InitializePackage
Definition: ntsecpkg.h:465
NtlmLsaFn
SECPKG_FUNCTION_TABLE NtlmLsaFn[1]
Definition: lsa.c:15
RtlAllocateHeap
PVOID NTAPI RtlAllocateHeap(IN PVOID HeapHandle, IN ULONG Flags, IN SIZE_T Size)
Definition: heap.c:588
_TIME_FIELDS::Hour
USHORT Hour
Definition: env_spec_w32.h:714
Status
Status
Definition: gdiplustypes.h:24
PrimaryGroup
_Out_writes_bytes_to_opt_ AbsoluteSecurityDescriptorSize PSECURITY_DESCRIPTOR _Inout_ PULONG _Out_writes_bytes_to_opt_ DaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ SaclSize PACL _Inout_ PULONG _Out_writes_bytes_to_opt_ OwnerSize PSID _Inout_ PULONG _Out_writes_bytes_to_opt_ PrimaryGroupSize PSID PrimaryGroup
Definition: rtlfuncs.h:1558
STATUS_NO_SUCH_USER
#define STATUS_NO_SUCH_USER
Definition: ntstatus.h:336
_SECPKG_USER_FUNCTION_TABLE
Definition: ntsecpkg.h:512
RtlTimeToTimeFields
BOOLEAN RtlTimeToTimeFields(IN PLARGE_INTEGER Time, IN PTIME_FIELDS TimeFields)
Definition: env_spec_w32.cpp:895
LsarQueryInformationPolicy
NTSTATUS WINAPI LsarQueryInformationPolicy(LSAPR_HANDLE PolicyHandle, POLICY_INFORMATION_CLASS InformationClass, PLSAPR_POLICY_INFORMATION *PolicyInformation)
Definition: lsarpc.c:531
STATUS_ACCOUNT_DISABLED
#define STATUS_ACCOUNT_DISABLED
Definition: ntstatus.h:350
_SAMPR_USER_ALL_INFORMATION::PasswordMustChange
OLD_LARGE_INTEGER PasswordMustChange
Definition: msv1_0.h:85
LsaSpAcquireCredentialsHandle
NTSTATUS NTAPI LsaSpAcquireCredentialsHandle(_In_ PUNICODE_STRING PrincipalName, _In_ ULONG CredentialUseFlags, _In_ PLUID LogonId, _In_ PVOID AuthorizationData, _In_ PVOID GetKeyFunciton, _In_ PVOID GetKeyArgument, _Out_ PLSA_SEC_HANDLE CredentialHandle, _Out_ PTimeStamp ExpirationTime)
Definition: lsa.c:53
_TIME_FIELDS::Minute
USHORT Minute
Definition: env_spec_w32.h:715
BuildTokenGroups
static NTSTATUS BuildTokenGroups(OUT PTOKEN_GROUPS *Groups, IN PSID AccountDomainSid, IN ULONG RelativeId, IN BOOL SpecialAccount)
Definition: msv1_0.c:316
LsaSpGetUserInfo
NTSTATUS NTAPI LsaSpGetUserInfo(_In_ PLUID LogonId, _In_ ULONG Flags, _Out_ PSecurityUserData *UserData)
Definition: lsa.c:199
_MSV1_0_INTERACTIVE_LOGON::UserName
UNICODE_STRING UserName
Definition: ntsecapi.h:436
TRACE
#define TRACE(s)
Definition: solgame.cpp:4
_SECPKG_FUNCTION_TABLE::LogonUserEx2
PLSA_AP_LOGON_USER_EX2 LogonUserEx2
Definition: ntsecpkg.h:472
_MSV1_0_INTERACTIVE_PROFILE::KickOffTime
LARGE_INTEGER KickOffTime
Definition: ntsecapi.h:445
SECURITY_BUILTIN_DOMAIN_RID
#define SECURITY_BUILTIN_DOMAIN_RID
Definition: setypes.h:553
wcschr
_CONST_RETURN wchar_t *__cdecl wcschr(_In_z_ const wchar_t *_Str, wchar_t _Ch)
ASSERT
#define ASSERT(a)
Definition: mode.c:44
RtlEqualMemory
NTSYSAPI ULONG NTAPI RtlEqualMemory(CONST VOID *Source1, CONST VOID *Source2, ULONG Length)
STATUS_PASSWORD_EXPIRED
#define STATUS_PASSWORD_EXPIRED
Definition: ntstatus.h:349
WCHAR
__wchar_t WCHAR
Definition: xmlstorage.h:180
NT_SUCCESS
#define NT_SUCCESS(StatCode)
Definition: apphelp.c:32
USER_READ_ACCOUNT
#define USER_READ_ACCOUNT
Definition: ntsam.h:130
SE_GROUP_ENABLED
#define SE_GROUP_ENABLED
Definition: setypes.h:92
DispatchTable
LSA_DISPATCH_TABLE DispatchTable
Definition: msv1_0.c:18
SystemFunction007
NTSTATUS WINAPI SystemFunction007(const UNICODE_STRING *string, LPBYTE hash)
Definition: sysfunc.c:245
_SID_AND_ATTRIBUTES
Definition: setypes.h:474
RtlSubAuthorityCountSid
NTSYSAPI PUCHAR NTAPI RtlSubAuthorityCountSid(IN PSID Sid)
Definition: sid.c:104
_MSV1_0_CHANGEPASSWORD_REQUEST::NewPassword
UNICODE_STRING NewPassword
Definition: ntsecapi.h:515
WINAPI
#define WINAPI
Definition: msvc.h:6
_SECPKG_FUNCTION_TABLE::CallPackagePassthrough
PLSA_AP_CALL_PACKAGE_PASSTHROUGH CallPackagePassthrough
Definition: ntsecpkg.h:470
DWORD
unsigned long DWORD
Definition: ntddk_ex.h:95
_SECPKG_FUNCTION_TABLE::DeleteContext
SpDeleteContextFn * DeleteContext
Definition: ntsecpkg.h:485
MsvpCheckPassword
static NTSTATUS MsvpCheckPassword(PUNICODE_STRING UserPassword, PSAMPR_USER_INFO_BUFFER UserInfo)
Definition: msv1_0.c:795
STATUS_ACCESS_DENIED
#define STATUS_ACCESS_DENIED
Definition: udferr_usr.h:145
LsaSpGetCredentials
NTSTATUS NTAPI LsaSpGetCredentials(_In_ LSA_SEC_HANDLE CredentialHandle, _Inout_ PSecBuffer Credentials)
Definition: lsa.c:103
SE_GROUP_MANDATORY
#define SE_GROUP_MANDATORY
Definition: setypes.h:90
_MSV1_0_INTERACTIVE_PROFILE::LogonServer
UNICODE_STRING LogonServer
Definition: ntsecapi.h:454
_SAMPR_USER_ALL_INFORMATION::LogonHours
SAMPR_LOGON_HOURS LogonHours
Definition: msv1_0.h:104
USER_LOGON_SUCCESS
#define USER_LOGON_SUCCESS
Definition: msv1_0.h:67
LsarClose
NTSTATUS WINAPI LsarClose(LSAPR_HANDLE *ObjectHandle)
Definition: lsarpc.c:125
_SAMPR_USER_ALL_INFORMATION::PrimaryGroupId
unsigned long PrimaryGroupId
Definition: msv1_0.h:101
SECURITY_NULL_RID
#define SECURITY_NULL_RID
Definition: setypes.h:512
USER_LOGON_BAD_PASSWORD
#define USER_LOGON_BAD_PASSWORD
Definition: msv1_0.h:66
_TOKEN_USER
Definition: setypes.h:959
_SECPKG_FUNCTION_TABLE::InitLsaModeContext
SpInitLsaModeContextFn * InitLsaModeContext
Definition: ntsecpkg.h:483
UCHAR
unsigned char UCHAR
Definition: xmlstorage.h:181
LsaSpSetExtendedInformation
NTSTATUS NTAPI LsaSpSetExtendedInformation(_In_ SECPKG_EXTENDED_INFORMATION_CLASS Class, _In_ PSECPKG_EXTENDED_INFORMATION Info)
Definition: lsa.c:221
STATUS_BAD_VALIDATION_CLASS
#define STATUS_BAD_VALIDATION_CLASS
Definition: ntstatus.h:403
wcscpy
_CRTIMP wchar_t *__cdecl wcscpy(_Out_writes_z_(_String_length_(_Source)+1) wchar_t *_Dest, _In_z_ const wchar_t *_Source)
L
static const WCHAR L[]
Definition: oid.c:1250
USER_ACCOUNT_AUTO_LOCKED
#define USER_ACCOUNT_AUTO_LOCKED
Definition: ntsam.h:177
_SECPKG_FUNCTION_TABLE::SpAddCredentials
SpAddCredentialsFn * SpAddCredentials
Definition: ntsecpkg.h:490
_SID_IDENTIFIER_AUTHORITY
Definition: ms-dtyp.idl:194
ProfileBuffer
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID * ProfileBuffer
Definition: ntifs.template.h:711
_LARGE_INTEGER::LowPart
ULONG LowPart
Definition: typedefs.h:106
memcpy
#define memcpy(s1, s2, n)
Definition: mkisofs.h:878
_TIME_FIELDS
Definition: env_spec_w32.h:710
_SECPKG_FUNCTION_TABLE::Initialize
SpInitializeFn * Initialize
Definition: ntsecpkg.h:473
_MSV1_0_CHANGEPASSWORD_REQUEST::DomainName
UNICODE_STRING DomainName
Definition: ntsecapi.h:512
_SAMPR_USER_ALL_INFORMATION::LmPasswordPresent
unsigned char LmPasswordPresent
Definition: msv1_0.h:109
SpUserModeInitialize
NTSTATUS WINAPI SpUserModeInitialize(_In_ ULONG LsaVersion, _Out_ PULONG PackageVersion, _Out_ PSECPKG_USER_FUNCTION_TABLE *ppTables, _Out_ PULONG pcTables)
Definition: msv1_0.c:1778
SECURITY_NETWORK_SERVICE_RID
#define SECURITY_NETWORK_SERVICE_RID
Definition: setypes.h:548
_OLD_LARGE_INTEGER::HighPart
long HighPart
Definition: msv1_0.h:33
BYTE
unsigned char BYTE
Definition: xxhash.c:193
SamIFree_SAMPR_USER_INFO_BUFFER
VOID NTAPI SamIFree_SAMPR_USER_INFO_BUFFER(PSAMPR_USER_INFO_BUFFER Ptr, USER_INFORMATION_CLASS InformationClass)
Definition: samsrv.c:540
MsvpChangePassword
static NTSTATUS MsvpChangePassword(IN PLSA_CLIENT_REQUEST ClientRequest, IN PVOID ProtocolSubmitBuffer, IN PVOID ClientBufferBase, IN ULONG SubmitBufferLength, OUT PVOID *ProtocolReturnBuffer, OUT PULONG ReturnBufferLength, OUT PNTSTATUS ProtocolStatus)
Definition: msv1_0.c:497
Offset
_In_ ULONG _In_ ULONG Offset
Definition: ntddpcm.h:101
ERR
#define ERR(fmt,...)
Definition: debug.h:110
MAX_COMPUTERNAME_LENGTH
#define MAX_COMPUTERNAME_LENGTH
Definition: winbase.h:240
_UNICODE_STRING
Definition: env_spec_w32.h:368
_MSV1_0_INTERACTIVE_PROFILE::UserFlags
ULONG UserFlags
Definition: ntsecapi.h:455
_RPC_SID
Definition: msv1_0.h:12
S_OK
#define S_OK
Definition: intsafe.h:52
SamIFree_SAMPR_ULONG_ARRAY
VOID NTAPI SamIFree_SAMPR_ULONG_ARRAY(PSAMPR_ULONG_ARRAY Ptr)
Definition: samsrv.c:524
STATUS_INVALID_WORKSTATION
#define STATUS_INVALID_WORKSTATION
Definition: ntstatus.h:348
LsaApCallPackagePassthrough
NTSTATUS NTAPI LsaApCallPackagePassthrough(IN PLSA_CLIENT_REQUEST ClientRequest, IN PVOID ProtocolSubmitBuffer, IN PVOID ClientBufferBase, IN ULONG SubmitBufferLength, OUT PVOID *ProtocolReturnBuffer, OUT PULONG ReturnBufferLength, OUT PNTSTATUS ProtocolStatus)
Definition: msv1_0.c:1040
LsaApCallPackageUntrusted
NTSTATUS NTAPI LsaApCallPackageUntrusted(IN PLSA_CLIENT_REQUEST ClientRequest, IN PVOID ProtocolSubmitBuffer, IN PVOID ClientBufferBase, IN ULONG SubmitBufferLength, OUT PVOID *ProtocolReturnBuffer, OUT PULONG ReturnBufferLength, OUT PNTSTATUS ProtocolStatus)
Definition: msv1_0.c:1058
_MSV1_0_INTERACTIVE_PROFILE::PasswordCanChange
LARGE_INTEGER PasswordCanChange
Definition: ntsecapi.h:447
_SECPKG_FUNCTION_TABLE::ApplyControlToken
SpApplyControlTokenFn * ApplyControlToken
Definition: ntsecpkg.h:486
i
GLsizei GLenum const GLvoid GLsizei GLenum GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLint GLint GLint GLshort GLshort GLshort GLubyte GLubyte GLubyte GLuint GLuint GLuint GLushort GLushort GLushort GLbyte GLbyte GLbyte GLbyte GLdouble GLdouble GLdouble GLdouble GLfloat GLfloat GLfloat GLfloat GLint GLint GLint GLint GLshort GLshort GLshort GLshort GLubyte GLubyte GLubyte GLubyte GLuint GLuint GLuint GLuint GLushort GLushort GLushort GLushort GLboolean const GLdouble const GLfloat const GLint const GLshort const GLbyte const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLdouble const GLfloat const GLfloat const GLint const GLint const GLshort const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort const GLdouble const GLfloat const GLint const GLshort GLenum GLenum GLenum GLfloat GLenum GLint GLenum GLenum GLenum GLfloat GLenum GLenum GLint GLenum GLfloat GLenum GLint GLint GLushort GLenum GLenum GLfloat GLenum GLenum GLint GLfloat const GLubyte GLenum GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLint GLint GLsizei GLsizei GLint GLenum GLenum const GLvoid GLenum GLenum const GLfloat GLenum GLenum const GLint GLenum GLenum const GLdouble GLenum GLenum const GLfloat GLenum GLenum const GLint GLsizei GLuint GLfloat GLuint GLbitfield GLfloat GLint GLuint GLboolean GLenum GLfloat GLenum GLbitfield GLenum GLfloat GLfloat GLint GLint const GLfloat GLenum GLfloat GLfloat GLint GLint GLfloat GLfloat GLint GLint const GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat GLint GLfloat GLfloat const GLdouble const GLfloat const GLdouble const GLfloat GLint i
Definition: glfuncs.h:248
LsaSpInitLsaModeContext
NTSTATUS NTAPI LsaSpInitLsaModeContext(_In_ LSA_SEC_HANDLE CredentialHandle, _In_ LSA_SEC_HANDLE ContextHandle, _In_ PUNICODE_STRING TargetName, _In_ ULONG ContextRequirements, _In_ ULONG TargetDataRep, _In_ PSecBufferDesc InputBuffers, _Out_ PLSA_SEC_HANDLE NewContextHandle, _Inout_ PSecBufferDesc OutputBuffers, _Out_ PULONG ContextAttributes, _Out_ PTimeStamp ExpirationTime, _Out_ PBOOLEAN MappedContext, _Out_ PSecBuffer ContextData)
Definition: lsa.c:132
_SECPKG_FUNCTION_TABLE::SetExtendedInformation
SpSetExtendedInformationFn * SetExtendedInformation
Definition: ntsecpkg.h:491
DOMAIN_ALIAS_RID_USERS
#define DOMAIN_ALIAS_RID_USERS
Definition: setypes.h:625
USHORT
unsigned short USHORT
Definition: pedump.c:61
LogonType
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE LogonType
Definition: ntifs.template.h:707
_SECPKG_FUNCTION_TABLE::GetUserInfo
SpGetUserInfoFn * GetUserInfo
Definition: ntsecpkg.h:487
STATUS_PASSWORD_MUST_CHANGE
#define STATUS_PASSWORD_MUST_CHANGE
Definition: ntstatus.h:680
_SECPKG_FUNCTION_TABLE::SaveCredentials
SpSaveCredentialsFn * SaveCredentials
Definition: ntsecpkg.h:480
_SAMPR_USER_ALL_INFORMATION::UserAccountControl
unsigned long UserAccountControl
Definition: msv1_0.h:102
_MSV1_0_INTERACTIVE_PROFILE::MessageType
MSV1_0_PROFILE_BUFFER_TYPE MessageType
Definition: ntsecapi.h:440
_OLD_LARGE_INTEGER::LowPart
unsigned long LowPart
Definition: msv1_0.h:32
SamrSetInformationUser
NTSTATUS NTAPI SamrSetInformationUser(IN SAMPR_HANDLE UserHandle, IN USER_INFORMATION_CLASS UserInformationClass, IN PSAMPR_USER_INFO_BUFFER Buffer)
Definition: samrpc.c:7848
SECURITY_LOGON_TYPE
enum _SECURITY_LOGON_TYPE SECURITY_LOGON_TYPE
_SECPKG_FUNCTION_TABLE::GetInfo
SpGetInfoFn * GetInfo
Definition: ntsecpkg.h:475
SamrCloseHandle
NTSTATUS __stdcall SamrCloseHandle(SAMPR_HANDLE *SamHandle)
_SECPKG_FUNCTION_TABLE::LogonUserEx
PLSA_AP_LOGON_USER_EX LogonUserEx
Definition: ntsecpkg.h:471
_MSV1_0_INTERACTIVE_PROFILE::HomeDirectoryDrive
UNICODE_STRING HomeDirectoryDrive
Definition: ntsecapi.h:453
wcscat
_CRTIMP wchar_t *__cdecl wcscat(_Inout_updates_z_(_String_length_(_Dest)+_String_length_(_Source)+1) wchar_t *_Dest, _In_z_ const wchar_t *_Source)
DOMAIN_GROUP_RID_USERS
#define DOMAIN_GROUP_RID_USERS
Definition: setypes.h:612
PULONG
unsigned int * PULONG
Definition: retypes.h:1
_SECPKG_PRIMARY_CRED
Definition: ntsecpkg.h:86
NULL
#define NULL
Definition: types.h:112
_MSV1_0_INTERACTIVE_PROFILE::BadPasswordCount
USHORT BadPasswordCount
Definition: ntsecapi.h:442
LogonId
_IRQL_requires_same_ _In_ PLSA_STRING _In_ SECURITY_LOGON_TYPE _In_ ULONG _In_ ULONG _In_opt_ PTOKEN_GROUPS _In_ PTOKEN_SOURCE _Out_ PVOID _Out_ PULONG _Inout_ PLUID LogonId
Definition: ntifs.template.h:711
PLSA_STRING
struct _LSA_STRING * PLSA_STRING
HEAP_ZERO_MEMORY
#define HEAP_ZERO_MEMORY
Definition: compat.h:134
_SECPKG_FUNCTION_TABLE::Shutdown
SpShutDownFn * Shutdown
Definition: ntsecpkg.h:474
wcslen
_CRTIMP size_t __cdecl wcslen(_In_z_ const wchar_t *_Str)
SamrOpenUser
NTSTATUS NTAPI SamrOpenUser(IN SAMPR_HANDLE DomainHandle, IN ACCESS_MASK DesiredAccess, IN ULONG UserId, OUT SAMPR_HANDLE *UserHandle)
_LARGE_INTEGER
Definition: typedefs.h:102
USER_READ_PREFERENCES
#define USER_READ_PREFERENCES
Definition: ntsam.h:127
_SAMPR_USER_ALL_INFORMATION::NtOwfPassword
RPC_SHORT_BLOB NtOwfPassword
Definition: msv1_0.h:97
OUT
#define OUT
Definition: typedefs.h:40
_MSV1_0_CHANGEPASSWORD_REQUEST::OldPassword
UNICODE_STRING OldPassword
Definition: ntsecapi.h:514
strcpy
char * strcpy(char *DstString, const char *SrcString)
Definition: utclib.c:388
ULONG
unsigned int ULONG
Definition: retypes.h:1
_SECPKG_FUNCTION_TABLE::GetExtendedInformation
SpGetExtendedInformationFn * GetExtendedInformation
Definition: ntsecpkg.h:488
DOMAIN_LOOKUP
#define DOMAIN_LOOKUP
Definition: ntsam.h:42
_SECPKG_FUNCTION_TABLE::GetCredentials
SpGetCredentialsFn * GetCredentials
Definition: ntsecpkg.h:481
RtlZeroMemory
#define RtlZeroMemory(Destination, Length)
Definition: typedefs.h:262
LsaSpFreeCredentialsHandle
NTSTATUS NTAPI LsaSpFreeCredentialsHandle(_In_ LSA_SEC_HANDLE CredentialHandle)
Definition: lsa.c:84
_SAMPR_USER_INFO_BUFFER::Internal2
SAMPR_USER_INTERNAL2_INFORMATION Internal2
Definition: msv1_0.h:137
ULONG_PTR
#define ULONG_PTR
Definition: config.h:101
NtQuerySystemTime
NTSTATUS NTAPI NtQuerySystemTime(OUT PLARGE_INTEGER SystemTime)
Definition: time.c:472
AccountDomainSid
PSID AccountDomainSid
Definition: database.c:24
RtlCopyMemory
#define RtlCopyMemory(Destination, Source, Length)
Definition: typedefs.h:263
LsaApLogonUserEx2
NTSTATUS NTAPI LsaApLogonUserEx2(IN PLSA_CLIENT_REQUEST ClientRequest, IN SECURITY_LOGON_TYPE LogonType, IN PVOID ProtocolSubmitBuffer, IN PVOID ClientBufferBase, IN ULONG SubmitBufferSize, OUT PVOID *ProfileBuffer, OUT PULONG ProfileBufferSize, OUT PLUID LogonId, OUT PNTSTATUS SubStatus, OUT PLSA_TOKEN_INFORMATION_TYPE TokenInformationType, OUT PVOID *TokenInformation, OUT PUNICODE_STRING *AccountName, OUT PUNICODE_STRING *AuthenticatingAuthority, OUT PUNICODE_STRING *MachineName, OUT PSECPKG_PRIMARY_CRED PrimaryCredentials, OUT PSECPKG_SUPPLEMENTAL_CRED_ARRAY *SupplementalCredentials)
Definition: msv1_0.c:1163
_LSA_TOKEN_INFORMATION_V1
Definition: authpackage.c:26
MSV1_0_PROTOCOL_MESSAGE_TYPE
enum _MSV1_0_PROTOCOL_MESSAGE_TYPE MSV1_0_PROTOCOL_MESSAGE_TYPE
STATUS_SUCCESS
#define STATUS_SUCCESS
Definition: shellext.h:65
_SECPKG_FUNCTION_TABLE::DeleteCredentials
SpDeleteCredentialsFn * DeleteCredentials
Definition: ntsecpkg.h:482
_LSA_STRING
Definition: ntsecapi.h:171
SamrQueryInformationUser
NTSTATUS NTAPI SamrQueryInformationUser(IN SAMPR_HANDLE UserHandle, IN USER_INFORMATION_CLASS UserInformationClass, OUT PSAMPR_USER_INFO_BUFFER *Buffer)
Definition: samrpc.c:7234
LPWSTR
WCHAR * LPWSTR
Definition: xmlstorage.h:184
TimeFields
static PTIME_FIELDS TimeFields
Definition: time.c:104
DispatchTable
_In_ PWDFDEVICE_INIT _In_ PWDF_PDO_EVENT_CALLBACKS DispatchTable
Definition: wdfpdo.h:245
MsvpCheckLogonHours
static BOOL MsvpCheckLogonHours(_In_ PSAMPR_LOGON_HOURS LogonHours, _In_ PLARGE_INTEGER LogonTime)
Definition: msv1_0.c:885
BuildTokenPrimaryGroup
static NTSTATUS BuildTokenPrimaryGroup(OUT PTOKEN_PRIMARY_GROUP PrimaryGroup, IN PSID AccountDomainSid, IN ULONG RelativeId)
Definition: msv1_0.c:298
RtlEqualUnicodeString
NTSYSAPI BOOLEAN NTAPI RtlEqualUnicodeString(PUNICODE_STRING String1, PUNICODE_STRING String2, BOOLEAN CaseInSensitive)
_SECPKG_FUNCTION_TABLE::LogonTerminated
PLSA_AP_LOGON_TERMINATED LogonTerminated
Definition: ntsecpkg.h:468
USER_READ_LOGON
#define USER_READ_LOGON
Definition: ntsam.h:129
LsaSpAcceptLsaModeContext
NTSTATUS NTAPI LsaSpAcceptLsaModeContext(_In_ LSA_SEC_HANDLE CredentialHandle, _In_ LSA_SEC_HANDLE ContextHandle, _In_ PSecBufferDesc InputBuffer, _In_ ULONG ContextRequirements, _In_ ULONG TargetDataRep, _Out_ PLSA_SEC_HANDLE NewContextHandle, _Inout_ PSecBufferDesc OutputBuffer, _Out_ PULONG ContextAttributes, _Out_ PTimeStamp ExpirationTime, _Out_ PBOOLEAN MappedContext, _Out_ PSecBuffer ContextData)
Definition: lsa.c:157
BuildTokenUser
static NTSTATUS BuildTokenUser(OUT PTOKEN_USER User, IN PSID AccountDomainSid, IN ULONG RelativeId)
Definition: msv1_0.c:278
_MSV1_0_INTERACTIVE_LOGON
Definition: ntsecapi.h:433
_wcsicmp
_Check_return_ _CRTIMP int __cdecl _wcsicmp(_In_z_ const wchar_t *_Str1, _In_z_ const wchar_t *_Str2)
_SECPKG_FUNCTION_TABLE::SpAcquireCredentialsHandle
SpAcquireCredentialsHandleFn * SpAcquireCredentialsHandle
Definition: ntsecpkg.h:477
STATUS_LOGON_FAILURE
#define STATUS_LOGON_FAILURE
Definition: ntstatus.h:345
_SAMPR_USER_ALL_INFORMATION::NtPasswordPresent
unsigned char NtPasswordPresent
Definition: msv1_0.h:110
_SAMPR_USER_ALL_INFORMATION::WorkStations
RPC_UNICODE_STRING WorkStations
Definition: msv1_0.h:93
NtAuthority
SID_IDENTIFIER_AUTHORITY NtAuthority
Definition: database.c:21
_LARGE_INTEGER::QuadPart
LONGLONG QuadPart
Definition: typedefs.h:114
LsaSpGetExtendedInformation
NTSTATUS NTAPI LsaSpGetExtendedInformation(_In_ SECPKG_EXTENDED_INFORMATION_CLASS Class, _Out_ PSECPKG_EXTENDED_INFORMATION *ppInfo)
Definition: lsa.c:210
_MSV1_0_INTERACTIVE_LOGON::LogonDomainName
UNICODE_STRING LogonDomainName
Definition: ntsecapi.h:435
RtlLengthRequiredSid
NTSYSAPI ULONG NTAPI RtlLengthRequiredSid(IN ULONG SubAuthorityCount)
Definition: sid.c:54
USER_CHANGE_PASSWORD
#define USER_CHANGE_PASSWORD
Definition: ntsam.h:132
SystemAuthority
static SID_IDENTIFIER_AUTHORITY SystemAuthority
Definition: msgina.c:38
precomp.h
RTL_CONSTANT_STRING
#define RTL_CONSTANT_STRING(s)
Definition: tunneltest.c:14
OPTIONAL
PULONG MinorVersion OPTIONAL
Definition: CrossNt.h:68