static
NTSTATUS
OpenLogonLsaHandle(VOID)
{
LSA_STRING LogonProcessName;
LSA_STRING PackageName;
LSA_OPERATIONAL_MODE SecurityMode = 0;
NTSTATUS Status;
RtlInitAnsiString((PANSI_STRING)&LogonProcessName,
"User32LogonProcess");
Status = LsaRegisterLogonProcess(&LogonProcessName,
&LsaHandle,
&SecurityMode);
if (!NT_SUCCESS(Status))
{
TRACE("LsaRegisterLogonProcess failed (Status 0x%08lx)\n", Status);
goto done;
}
RtlInitAnsiString((PANSI_STRING)&PackageName,
MSV1_0_PACKAGE_NAME);
Status = LsaLookupAuthenticationPackage(LsaHandle,
&PackageName,
&AuthenticationPackage);
if (!NT_SUCCESS(Status))
{
TRACE("LsaLookupAuthenticationPackage failed (Status 0x%08lx)\n", Status);
goto done;
}
TRACE("AuthenticationPackage: 0x%08lx\n", AuthenticationPackage);
done:
if (!NT_SUCCESS(Status))
{
if (LsaHandle != NULL)
{
Status = LsaDeregisterLogonProcess(LsaHandle);
if (!NT_SUCCESS(Status))
{
TRACE("LsaDeregisterLogonProcess failed (Status 0x%08lx)\n", Status);
}
}
}
return Status;
}
bool SecurityHelper::RegisterLogonProcess(const char* logonProcessName, HANDLE* phLsa)
{
*phLsa = 0;
LSA_STRING name;
if (!_newLsaString(&name, logonProcessName)) return false;
LSA_OPERATIONAL_MODE unused;
NTSTATUS status = LsaRegisterLogonProcess(&name, phLsa, &unused);
_deleteLsaString(&name);
if (status)
{
*phLsa = 0;
LCF1(L"LsaRegisterLogonProcess failed: %d", LsaNtStatusToWinError(status));
return false;
}
return true;
}
//+-------------------------------------------------------------------------
//
// Function: CreateClient
//
// Synopsis: Creates a client representing this caller. Establishes
// a connection with the SPM.
//
// Effects:
//
// Arguments:
//
// Requires:
//
// Returns:
//
// Notes:
//
//--------------------------------------------------------------------------
NTSTATUS
CreateClient(PClient * ppClient)
{
PClient pClient;
NTSTATUS scRet;
KIRQL OldIrql;
HANDLE hEvent;
STRING LogonProcessName;
STRING PackageName;
LSA_OPERATIONAL_MODE LsaMode;
HANDLE LsaHandle = NULL;
if (!fInitialized)
{
if (!InitConnMgr())
{
DebugLog((DEB_ERROR,"InitConnMgr Failed!\n"));
return(SEC_E_INTERNAL_ERROR);
}
}
//
// Call the LSA to register this logon process.
//
RtlInitString(
&LogonProcessName,
LogonProcessString
);
scRet = LsaRegisterLogonProcess(
&LogonProcessName,
&LsaHandle,
&LsaMode
);
if (!NT_SUCCESS(scRet))
{
DebugLog((DEB_ERROR,"KSec: Connection failed, postponing\n"));
return(SEC_E_INTERNAL_ERROR);
}
//
// Lookup the authentication package.
//
RtlInitString(
&PackageName,
MSV1_0_PACKAGE_NAME
);
scRet = LsaLookupAuthenticationPackage(
LsaHandle,
&PackageName,
&PackageId
);
if (!NT_SUCCESS(scRet))
{
NtClose(LsaHandle);
return(SEC_E_INTERNAL_ERROR);
}
pClient = (PClient) ExAllocatePool(NonPagedPool, sizeof(Client));
if (!pClient)
{
DebugLog((DEB_ERROR,"KSec: ExAllocatePool returned NULL.\n"));
NtClose(LsaHandle);
return(SEC_E_INSUFFICIENT_MEMORY);
}
pClient->ProcessId = PsGetCurrentProcess();
pClient->fClient = 0;
pClient->hPort = LsaHandle;
pClient->cRefs = 1;
// Adding the connection in to the client list:
//
// This has got to be MT/MP safe, so first,
// get exclusive access to the Connection list:
KeAcquireSpinLock(&ConnectSpinLock, &OldIrql);
// Now, add the entry:
cClients++;
pClient->pNext = pClientList;
pClientList = pClient;
// Now, free the spin lock:
KeReleaseSpinLock(&ConnectSpinLock, OldIrql);
*ppClient = pClient;
return(STATUS_SUCCESS);
}
int LsaLogon(HANDLE *hToken, char homeDir[MAX_PATH], char *user,
char *pkBlob, int pkBlobSize, char *sign, int signSize,
char *data, int dataSize, int dataFellow)
{
int exitCode = 1;
NTSTATUS ntStat = 0;
LSA_STRING logonProcName;
LSA_STRING originName;
LSA_STRING authPckgName;
HANDLE hLsa = NULL;
LSA_OPERATIONAL_MODE securityMode;
/*
* Impersonation, "weak" token returned from network logon.
* We can't create process as other user via this token.
*/
HANDLE hWeakToken = NULL;
/*
* Login data.
*/
LsaAuth *lsaAuth = NULL;
ULONG lsaAuthSize = 0;
ULONG authPckgId = 0;
TOKEN_SOURCE srcToken;
PVOID profile = NULL;
ULONG profileSize;
LUID logonId;
QUOTA_LIMITS quotas;
NTSTATUS loginStat;
debug("-> LsaLogon()...");
/*
* We check only hToken arg, becouse other args are tested in AllocLsaAuth().
*/
debug("Checking args...");
FAIL(hToken == NULL);
/*
* Setup lsa strings.
*/
debug("Setting up LSA Strings...");
FAIL(InitLsaString(&logonProcName, "sshd-logon"));
FAIL(InitLsaString(&originName, "NTLM"));
FAIL(InitLsaString(&authPckgName, "SSH-LSA"));
/*
* Enable needed privilege to current running process.
*/
EnablePrivilege("SeTcbPrivilege", 1);
/*
* Register new logon process.
*/
debug("LsaRegisterLogonProcess()...");
NTFAIL(LsaRegisterLogonProcess(&logonProcName, &hLsa, &securityMode));
/*
* Retrieve Authenticated Package ID.
*/
debug("Retrieving Authentification Package ID...");
NTFAIL(LsaLookupAuthenticationPackage(hLsa, &authPckgName, &authPckgId));
/*
* Allocate LsaAuth struct.
*/
debug("Allocating LsaAuth struct...");
FAIL(AllocLsaAuth(&lsaAuth, user, pkBlob, pkBlobSize,
sign, signSize, data, dataSize, dataFellow));
lsaAuthSize = lsaAuth -> totalSize_;
/*
* Create TOKEN_SOURCE part
*/
debug("Setting up TOKEN_SOURCE...");
FAIL(AllocateLocallyUniqueId(&srcToken.SourceIdentifier) == FALSE);
memcpy(srcToken.SourceName, "**sshd**", 8);
/*
* Try to login using LsaAuth struct.
*/
debug("Login attemp...");
NTFAIL(LsaLogonUser(hLsa, &originName, Network,
authPckgId, lsaAuth, lsaAuthSize, NULL,
&srcToken, &profile, &profileSize,
&logonId, &hWeakToken, "as, &loginStat));
debug("login status: %x...", loginStat);
//FAIL(WideCharToMultiByte( CP_UTF8, 0, profile, -1, homeDir, MAX_PATH, NULL, NULL)==0);
//memcpy(homeDir, profile, MAX_PATH*sizeof(wchar_t));
lstrcpyW(homeDir, profile);
debug("homedir = [%ls]", (char *) homeDir);
//strcpy(homeDir, profile);
//PrintToken(hToken);
/*
* Duplicate 'weak' impersonation token into Primary Key token.
* We can create process using duplicated token.
*/
debug("Duplicating token...");
FAIL(DuplicateTokenEx(hWeakToken, MAXIMUM_ALLOWED,
NULL, SecurityImpersonation,
TokenPrimary, hToken) == 0);
exitCode = 0;
fail:
if (exitCode)
{
switch(ntStat)
{
case STATUS_LOGON_FAILURE:
{
debug("SSH-LSA authorization failed. "
"(err = %u, ntStat = %x).", GetLastError(), ntStat);
exitCode = 0;
break;
}
case STATUS_NO_SUCH_PACKAGE:
{
debug("SSH-LSA package not found. "
"(err = %u, ntStat = %x).", GetLastError(), ntStat);
break;
}
default:
{
debug("Cannot logon using LSA package (err = %u, ntStat = %x).",
GetLastError(), ntStat);
}
}
hToken = NULL;
}
else
{
debug("LsaLogon : OK.");
}
/*
* Clean up.
*/
CloseHandle(hWeakToken);
LsaFreeReturnBuffer(profile);
EnablePrivilege("SeTcbPrivilege", 0);
LsaDeregisterLogonProcess(hLsa);
ClearLsaString(&logonProcName);
ClearLsaString(&originName);
ClearLsaString(&authPckgName);
debug("<- LsaLogon()...");
return exitCode;
}
int
WINAPI
WinMain(
IN HINSTANCE hInstance,
IN HINSTANCE hPrevInstance,
IN LPSTR lpCmdLine,
IN int nShowCmd)
{
#if 0
LSA_STRING ProcessName, PackageName;
HANDLE LsaHandle;
LSA_OPERATIONAL_MODE Mode;
BOOLEAN Old;
ULONG AuthenticationPackage;
NTSTATUS Status;
#endif
ULONG HardErrorResponse;
MSG Msg;
UNREFERENCED_PARAMETER(hPrevInstance);
UNREFERENCED_PARAMETER(lpCmdLine);
UNREFERENCED_PARAMETER(nShowCmd);
hAppInstance = hInstance;
/* Make us critical */
RtlSetProcessIsCritical(TRUE, NULL, FALSE);
RtlSetThreadIsCritical(TRUE, NULL, FALSE);
if (!RegisterLogonProcess(GetCurrentProcessId(), TRUE))
{
ERR("WL: Could not register logon process\n");
NtRaiseHardError(STATUS_SYSTEM_PROCESS_TERMINATED, 0, 0, NULL, OptionOk, &HardErrorResponse);
ExitProcess(1);
}
WLSession = (PWLSESSION)HeapAlloc(GetProcessHeap(), 0, sizeof(WLSESSION));
if (!WLSession)
{
ERR("WL: Could not allocate memory for winlogon instance\n");
NtRaiseHardError(STATUS_SYSTEM_PROCESS_TERMINATED, 0, 0, NULL, OptionOk, &HardErrorResponse);
ExitProcess(1);
}
ZeroMemory(WLSession, sizeof(WLSESSION));
WLSession->DialogTimeout = 120; /* 2 minutes */
/* Initialize the dialog tracking list */
InitDialogListHead();
if (!CreateWindowStationAndDesktops(WLSession))
{
ERR("WL: Could not create window station and desktops\n");
NtRaiseHardError(STATUS_SYSTEM_PROCESS_TERMINATED, 0, 0, NULL, OptionOk, &HardErrorResponse);
ExitProcess(1);
}
LockWorkstation(WLSession);
/* Load default keyboard layouts */
if (!InitKeyboardLayouts())
{
ERR("WL: Could not preload keyboard layouts\n");
NtRaiseHardError(STATUS_SYSTEM_PROCESS_TERMINATED, 0, 0, NULL, OptionOk, &HardErrorResponse);
ExitProcess(1);
}
if (!StartRpcServer())
{
ERR("WL: Could not start the RPC server\n");
NtRaiseHardError(STATUS_SYSTEM_PROCESS_TERMINATED, 0, 0, NULL, OptionOk, &HardErrorResponse);
ExitProcess(1);
}
if (!StartServicesManager())
{
ERR("WL: Could not start services.exe\n");
NtRaiseHardError(STATUS_SYSTEM_PROCESS_TERMINATED, 0, 0, NULL, OptionOk, &HardErrorResponse);
ExitProcess(1);
}
if (!StartLsass())
{
ERR("WL: Failed to start lsass.exe service (error %lu)\n", GetLastError());
NtRaiseHardError(STATUS_SYSTEM_PROCESS_TERMINATED, 0, 0, NULL, OptionOk, &HardErrorResponse);
ExitProcess(1);
}
/* Wait for the LSA server */
WaitForLsass();
/* Init Notifications */
InitNotifications();
/* Load and initialize gina */
if (!GinaInit(WLSession))
{
ERR("WL: Failed to initialize Gina\n");
// FIXME: Retrieve the real name of the GINA DLL we were trying to load.
// It is known only inside the GinaInit function...
DialogBoxParam(hAppInstance, MAKEINTRESOURCE(IDD_GINALOADFAILED), GetDesktopWindow(), GinaLoadFailedWindowProc, (LPARAM)L"msgina.dll");
HandleShutdown(WLSession, WLX_SAS_ACTION_SHUTDOWN_REBOOT);
ExitProcess(1);
}
DisplayStatusMessage(WLSession, WLSession->WinlogonDesktop, IDS_REACTOSISSTARTINGUP);
#if 0
/* Connect to NetLogon service (lsass.exe) */
/* Real winlogon uses "Winlogon" */
RtlInitUnicodeString((PUNICODE_STRING)&ProcessName, L"Winlogon");
Status = LsaRegisterLogonProcess(&ProcessName, &LsaHandle, &Mode);
if (Status == STATUS_PORT_CONNECTION_REFUSED)
{
/* Add the 'SeTcbPrivilege' privilege and try again */
Status = RtlAdjustPrivilege(SE_TCB_PRIVILEGE, TRUE, TRUE, &Old);
if (!NT_SUCCESS(Status))
{
ERR("RtlAdjustPrivilege() failed with error %lu\n", LsaNtStatusToWinError(Status));
return 1;
}
Status = LsaRegisterLogonProcess(&ProcessName, &LsaHandle, &Mode);
}
if (!NT_SUCCESS(Status))
{
ERR("LsaRegisterLogonProcess() failed with error %lu\n", LsaNtStatusToWinError(Status));
return 1;
}
RtlInitUnicodeString((PUNICODE_STRING)&PackageName, MICROSOFT_KERBEROS_NAME_W);
Status = LsaLookupAuthenticationPackage(LsaHandle, &PackageName, &AuthenticationPackage);
if (!NT_SUCCESS(Status))
{
ERR("LsaLookupAuthenticationPackage() failed with error %lu\n", LsaNtStatusToWinError(Status));
LsaDeregisterLogonProcess(LsaHandle);
return 1;
}
#endif
CallNotificationDlls(WLSession, StartupHandler);
/* Create a hidden window to get SAS notifications */
if (!InitializeSAS(WLSession))
{
ERR("WL: Failed to initialize SAS\n");
ExitProcess(2);
}
// DisplayStatusMessage(Session, Session->WinlogonDesktop, IDS_PREPARENETWORKCONNECTIONS);
// DisplayStatusMessage(Session, Session->WinlogonDesktop, IDS_APPLYINGCOMPUTERSETTINGS);
/* Display logged out screen */
WLSession->LogonState = STATE_INIT;
RemoveStatusMessage(WLSession);
/* Check for pending setup */
if (GetSetupType() != 0)
{
/* Run setup and reboot when done */
TRACE("WL: Setup mode detected\n");
RunSetup();
}
else
{
PostMessageW(WLSession->SASWindow, WLX_WM_SAS, WLX_SAS_TYPE_CTRL_ALT_DEL, 0);
}
(void)LoadLibraryW(L"sfc_os.dll");
/* Tell kernel that CurrentControlSet is good (needed
* to support Last good known configuration boot) */
NtInitializeRegistry(CM_BOOT_FLAG_ACCEPTED | 1);
/* Message loop for the SAS window */
while (GetMessageW(&Msg, WLSession->SASWindow, 0, 0))
{
TranslateMessage(&Msg);
DispatchMessageW(&Msg);
}
CleanupNotifications();
/* We never go there */
return 0;
}
