static
NTSTATUS
BuildTokenDefaultDacl(PTOKEN_DEFAULT_DACL DefaultDacl,
PSID OwnerSid)
{
SID_IDENTIFIER_AUTHORITY SystemAuthority = {SECURITY_NT_AUTHORITY};
PSID LocalSystemSid = NULL;
PACL Dacl = NULL;
NTSTATUS Status = STATUS_SUCCESS;
RtlAllocateAndInitializeSid(&SystemAuthority,
1,
SECURITY_LOCAL_SYSTEM_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
SECURITY_NULL_RID,
&LocalSystemSid);
Dacl = DispatchTable.AllocateLsaHeap(1024);
if (Dacl == NULL)
{
Status = STATUS_INSUFFICIENT_RESOURCES;
goto done;
}
Status = RtlCreateAcl(Dacl, 1024, ACL_REVISION);
if (!NT_SUCCESS(Status))
goto done;
RtlAddAccessAllowedAce(Dacl,
ACL_REVISION,
GENERIC_ALL,
OwnerSid);
/* SID: S-1-5-18 */
RtlAddAccessAllowedAce(Dacl,
ACL_REVISION,
GENERIC_ALL,
LocalSystemSid);
DefaultDacl->DefaultDacl = Dacl;
done:
if (!NT_SUCCESS(Status))
{
if (Dacl != NULL)
DispatchTable.FreeLsaHeap(Dacl);
}
if (LocalSystemSid != NULL)
RtlFreeSid(LocalSystemSid);
return Status;
}
/*
* @unimplemented
*/
NTSTATUS
NTAPI
LsaApInitializePackage(IN ULONG AuthenticationPackageId,
IN PLSA_DISPATCH_TABLE LsaDispatchTable,
IN PLSA_STRING Database OPTIONAL,
IN PLSA_STRING Confidentiality OPTIONAL,
OUT PLSA_STRING *AuthenticationPackageName)
{
PANSI_STRING NameString;
PCHAR NameBuffer;
TRACE("(%lu %p %p %p %p)\n",
AuthenticationPackageId, LsaDispatchTable, Database,
Confidentiality, AuthenticationPackageName);
/* Get the dispatch table entries */
DispatchTable.CreateLogonSession = LsaDispatchTable->CreateLogonSession;
DispatchTable.DeleteLogonSession = LsaDispatchTable->DeleteLogonSession;
DispatchTable.AddCredential = LsaDispatchTable->AddCredential;
DispatchTable.GetCredentials = LsaDispatchTable->GetCredentials;
DispatchTable.DeleteCredential = LsaDispatchTable->DeleteCredential;
DispatchTable.AllocateLsaHeap = LsaDispatchTable->AllocateLsaHeap;
DispatchTable.FreeLsaHeap = LsaDispatchTable->FreeLsaHeap;
DispatchTable.AllocateClientBuffer = LsaDispatchTable->AllocateClientBuffer;
DispatchTable.FreeClientBuffer = LsaDispatchTable->FreeClientBuffer;
DispatchTable.CopyToClientBuffer = LsaDispatchTable->CopyToClientBuffer;
DispatchTable.CopyFromClientBuffer = LsaDispatchTable->CopyFromClientBuffer;
/* Return the package name */
NameString = DispatchTable.AllocateLsaHeap(sizeof(LSA_STRING));
if (NameString == NULL)
return STATUS_INSUFFICIENT_RESOURCES;
NameBuffer = DispatchTable.AllocateLsaHeap(sizeof(MSV1_0_PACKAGE_NAME));
if (NameBuffer == NULL)
{
DispatchTable.FreeLsaHeap(NameString);
return STATUS_INSUFFICIENT_RESOURCES;
}
strcpy(NameBuffer, MSV1_0_PACKAGE_NAME);
RtlInitAnsiString(NameString, NameBuffer);
*AuthenticationPackageName = (PLSA_STRING)NameString;
return STATUS_SUCCESS;
}
static
NTSTATUS
BuildInteractiveProfileBuffer(IN PLSA_CLIENT_REQUEST ClientRequest,
IN PSAMPR_USER_INFO_BUFFER UserInfo,
IN PUNICODE_STRING LogonServer,
OUT PMSV1_0_INTERACTIVE_PROFILE *ProfileBuffer,
OUT PULONG ProfileBufferLength)
{
PMSV1_0_INTERACTIVE_PROFILE LocalBuffer = NULL;
PVOID ClientBaseAddress = NULL;
LPWSTR Ptr;
ULONG BufferLength;
NTSTATUS Status = STATUS_SUCCESS;
*ProfileBuffer = NULL;
*ProfileBufferLength = 0;
BufferLength = sizeof(MSV1_0_INTERACTIVE_PROFILE) +
UserInfo->All.FullName.Length + sizeof(WCHAR) +
UserInfo->All.HomeDirectory.Length + sizeof(WCHAR) +
UserInfo->All.HomeDirectoryDrive.Length + sizeof(WCHAR) +
UserInfo->All.ScriptPath.Length + sizeof(WCHAR) +
UserInfo->All.ProfilePath.Length + sizeof(WCHAR) +
LogonServer->Length + sizeof(WCHAR);
LocalBuffer = DispatchTable.AllocateLsaHeap(BufferLength);
if (LocalBuffer == NULL)
{
TRACE("Failed to allocate the local buffer!\n");
Status = STATUS_INSUFFICIENT_RESOURCES;
goto done;
}
Status = DispatchTable.AllocateClientBuffer(ClientRequest,
BufferLength,
&ClientBaseAddress);
if (!NT_SUCCESS(Status))
{
TRACE("DispatchTable.AllocateClientBuffer failed (Status 0x%08lx)\n", Status);
goto done;
}
TRACE("ClientBaseAddress: %p\n", ClientBaseAddress);
Ptr = (LPWSTR)((ULONG_PTR)LocalBuffer + sizeof(MSV1_0_INTERACTIVE_PROFILE));
LocalBuffer->MessageType = MsV1_0InteractiveProfile;
LocalBuffer->LogonCount = UserInfo->All.LogonCount;
LocalBuffer->BadPasswordCount = UserInfo->All.BadPasswordCount;
LocalBuffer->LogonTime.LowPart = UserInfo->All.LastLogon.LowPart;
LocalBuffer->LogonTime.HighPart = UserInfo->All.LastLogon.HighPart;
// LocalBuffer->LogoffTime.LowPart =
// LocalBuffer->LogoffTime.HighPart =
// LocalBuffer->KickOffTime.LowPart =
// LocalBuffer->KickOffTime.HighPart =
LocalBuffer->PasswordLastSet.LowPart = UserInfo->All.PasswordLastSet.LowPart;
LocalBuffer->PasswordLastSet.HighPart = UserInfo->All.PasswordLastSet.HighPart;
LocalBuffer->PasswordCanChange.LowPart = UserInfo->All.PasswordCanChange.LowPart;
LocalBuffer->PasswordCanChange.HighPart = UserInfo->All.PasswordCanChange.HighPart;
LocalBuffer->PasswordMustChange.LowPart = UserInfo->All.PasswordMustChange.LowPart;
LocalBuffer->PasswordMustChange.HighPart = UserInfo->All.PasswordMustChange.HighPart;
LocalBuffer->LogonScript.Length = UserInfo->All.ScriptPath.Length;
LocalBuffer->LogonScript.MaximumLength = UserInfo->All.ScriptPath.Length + sizeof(WCHAR);
LocalBuffer->LogonScript.Buffer = (LPWSTR)((ULONG_PTR)ClientBaseAddress + (ULONG_PTR)Ptr - (ULONG_PTR)LocalBuffer);
memcpy(Ptr,
UserInfo->All.ScriptPath.Buffer,
UserInfo->All.ScriptPath.Length);
Ptr = (LPWSTR)((ULONG_PTR)Ptr + LocalBuffer->LogonScript.MaximumLength);
LocalBuffer->HomeDirectory.Length = UserInfo->All.HomeDirectory.Length;
LocalBuffer->HomeDirectory.MaximumLength = UserInfo->All.HomeDirectory.Length + sizeof(WCHAR);
LocalBuffer->HomeDirectory.Buffer = (LPWSTR)((ULONG_PTR)ClientBaseAddress + (ULONG_PTR)Ptr - (ULONG_PTR)LocalBuffer);
memcpy(Ptr,
UserInfo->All.HomeDirectory.Buffer,
UserInfo->All.HomeDirectory.Length);
Ptr = (LPWSTR)((ULONG_PTR)Ptr + LocalBuffer->HomeDirectory.MaximumLength);
LocalBuffer->FullName.Length = UserInfo->All.FullName.Length;
LocalBuffer->FullName.MaximumLength = UserInfo->All.FullName.Length + sizeof(WCHAR);
LocalBuffer->FullName.Buffer = (LPWSTR)((ULONG_PTR)ClientBaseAddress + (ULONG_PTR)Ptr - (ULONG_PTR)LocalBuffer);
memcpy(Ptr,
UserInfo->All.FullName.Buffer,
UserInfo->All.FullName.Length);
TRACE("FullName.Buffer: %p\n", LocalBuffer->FullName.Buffer);
Ptr = (LPWSTR)((ULONG_PTR)Ptr + LocalBuffer->FullName.MaximumLength);
LocalBuffer->ProfilePath.Length = UserInfo->All.ProfilePath.Length;
LocalBuffer->ProfilePath.MaximumLength = UserInfo->All.ProfilePath.Length + sizeof(WCHAR);
LocalBuffer->ProfilePath.Buffer = (LPWSTR)((ULONG_PTR)ClientBaseAddress + (ULONG_PTR)Ptr - (ULONG_PTR)LocalBuffer);
memcpy(Ptr,
UserInfo->All.ProfilePath.Buffer,
UserInfo->All.ProfilePath.Length);
Ptr = (LPWSTR)((ULONG_PTR)Ptr + LocalBuffer->ProfilePath.MaximumLength);
LocalBuffer->HomeDirectoryDrive.Length = UserInfo->All.HomeDirectoryDrive.Length;
LocalBuffer->HomeDirectoryDrive.MaximumLength = UserInfo->All.HomeDirectoryDrive.Length + sizeof(WCHAR);
LocalBuffer->HomeDirectoryDrive.Buffer = (LPWSTR)((ULONG_PTR)ClientBaseAddress + (ULONG_PTR)Ptr - (ULONG_PTR)LocalBuffer);
memcpy(Ptr,
UserInfo->All.HomeDirectoryDrive.Buffer,
UserInfo->All.HomeDirectoryDrive.Length);
Ptr = (LPWSTR)((ULONG_PTR)Ptr + LocalBuffer->HomeDirectoryDrive.MaximumLength);
LocalBuffer->LogonServer.Length = LogonServer->Length;
LocalBuffer->LogonServer.MaximumLength = LogonServer->Length + sizeof(WCHAR);
LocalBuffer->LogonServer.Buffer = (LPWSTR)((ULONG_PTR)ClientBaseAddress + (ULONG_PTR)Ptr - (ULONG_PTR)LocalBuffer);
memcpy(Ptr,
LogonServer->Buffer,
LogonServer->Length);
LocalBuffer->UserFlags = 0;
Status = DispatchTable.CopyToClientBuffer(ClientRequest,
BufferLength,
ClientBaseAddress,
LocalBuffer);
if (!NT_SUCCESS(Status))
{
TRACE("DispatchTable.CopyToClientBuffer failed (Status 0x%08lx)\n", Status);
goto done;
}
*ProfileBuffer = (PMSV1_0_INTERACTIVE_PROFILE)ClientBaseAddress;
*ProfileBufferLength = BufferLength;
done:
if (LocalBuffer != NULL)
DispatchTable.FreeLsaHeap(LocalBuffer);
if (!NT_SUCCESS(Status))
{
if (ClientBaseAddress != NULL)
DispatchTable.FreeClientBuffer(ClientRequest,
ClientBaseAddress);
}
return Status;
}
static
NTSTATUS
BuildTokenInformationBuffer(PLSA_TOKEN_INFORMATION_V1 *TokenInformation,
PRPC_SID AccountDomainSid,
PSAMPR_USER_INFO_BUFFER UserInfo,
BOOL SpecialAccount)
{
PLSA_TOKEN_INFORMATION_V1 Buffer = NULL;
ULONG i;
NTSTATUS Status = STATUS_SUCCESS;
Buffer = DispatchTable.AllocateLsaHeap(sizeof(LSA_TOKEN_INFORMATION_V1));
if (Buffer == NULL)
{
TRACE("Failed to allocate the local buffer!\n");
Status = STATUS_INSUFFICIENT_RESOURCES;
goto done;
}
/* FIXME: */
Buffer->ExpirationTime.QuadPart = -1;
Status = BuildTokenUser(&Buffer->User,
(PSID)AccountDomainSid,
UserInfo->All.UserId);
if (!NT_SUCCESS(Status))
goto done;
Status = BuildTokenPrimaryGroup(&Buffer->PrimaryGroup,
(PSID)AccountDomainSid,
UserInfo->All.PrimaryGroupId);
if (!NT_SUCCESS(Status))
goto done;
Status = BuildTokenGroups(&Buffer->Groups,
(PSID)AccountDomainSid,
UserInfo->All.UserId,
SpecialAccount);
if (!NT_SUCCESS(Status))
goto done;
*TokenInformation = Buffer;
done:
if (!NT_SUCCESS(Status))
{
if (Buffer != NULL)
{
if (Buffer->User.User.Sid != NULL)
DispatchTable.FreeLsaHeap(Buffer->User.User.Sid);
if (Buffer->Groups != NULL)
{
for (i = 0; i < Buffer->Groups->GroupCount; i++)
{
if (Buffer->Groups->Groups[i].Sid != NULL)
DispatchTable.FreeLsaHeap(Buffer->Groups->Groups[i].Sid);
}
DispatchTable.FreeLsaHeap(Buffer->Groups);
}
if (Buffer->PrimaryGroup.PrimaryGroup != NULL)
DispatchTable.FreeLsaHeap(Buffer->PrimaryGroup.PrimaryGroup);
if (Buffer->DefaultDacl.DefaultDacl != NULL)
DispatchTable.FreeLsaHeap(Buffer->DefaultDacl.DefaultDacl);
DispatchTable.FreeLsaHeap(Buffer);
}
}
return Status;
}
static
NTSTATUS
BuildTokenInformationBuffer(PLSA_TOKEN_INFORMATION_V1 *TokenInformation,
PRPC_SID AccountDomainSid,
ULONG RelativeId,
PLUID LogonId)
{
PLSA_TOKEN_INFORMATION_V1 Buffer = NULL;
PSID OwnerSid = NULL;
PSID PrimaryGroupSid = NULL;
ULONG i;
NTSTATUS Status = STATUS_SUCCESS;
Buffer = DispatchTable.AllocateLsaHeap(sizeof(LSA_TOKEN_INFORMATION_V1));
if (Buffer == NULL)
{
TRACE("Failed to allocate the local buffer!\n");
Status = STATUS_INSUFFICIENT_RESOURCES;
goto done;
}
/* FIXME: */
Buffer->ExpirationTime.QuadPart = -1;
Status = BuildTokenUser(&Buffer->User,
(PSID)AccountDomainSid,
RelativeId);
if (!NT_SUCCESS(Status))
goto done;
Status = BuildTokenGroups((PSID)AccountDomainSid,
LogonId,
&Buffer->Groups,
&PrimaryGroupSid,
&OwnerSid);
if (!NT_SUCCESS(Status))
goto done;
Status = BuildTokenPrimaryGroup(&Buffer->PrimaryGroup,
PrimaryGroupSid);
if (!NT_SUCCESS(Status))
goto done;
Status = BuildTokenPrivileges(&Buffer->Privileges);
if (!NT_SUCCESS(Status))
goto done;
Status = BuildTokenOwner(&Buffer->Owner,
OwnerSid);
if (!NT_SUCCESS(Status))
goto done;
Status = BuildTokenDefaultDacl(&Buffer->DefaultDacl,
OwnerSid);
if (!NT_SUCCESS(Status))
goto done;
*TokenInformation = Buffer;
done:
if (!NT_SUCCESS(Status))
{
if (Buffer != NULL)
{
if (Buffer->User.User.Sid != NULL)
DispatchTable.FreeLsaHeap(Buffer->User.User.Sid);
if (Buffer->Groups != NULL)
{
for (i = 0; i < Buffer->Groups->GroupCount; i++)
{
if (Buffer->Groups->Groups[i].Sid != NULL)
DispatchTable.FreeLsaHeap(Buffer->Groups->Groups[i].Sid);
}
DispatchTable.FreeLsaHeap(Buffer->Groups);
}
if (Buffer->PrimaryGroup.PrimaryGroup != NULL)
DispatchTable.FreeLsaHeap(Buffer->PrimaryGroup.PrimaryGroup);
if (Buffer->Privileges != NULL)
DispatchTable.FreeLsaHeap(Buffer->Privileges);
if (Buffer->Owner.Owner != NULL)
DispatchTable.FreeLsaHeap(Buffer->Owner.Owner);
if (Buffer->DefaultDacl.DefaultDacl != NULL)
DispatchTable.FreeLsaHeap(Buffer->DefaultDacl.DefaultDacl);
DispatchTable.FreeLsaHeap(Buffer);
}
}
return Status;
}
