[LSASRV] Improvements to LsapLogonUser()

- Token handle duplication must be the last step because we cannot close the duplicated token handle if something fails. - Call LsaApLogonTerminated(), delete the logon session and free the profile buffer if something fails.
2024-06-28 00:41:36 +00:00 · 2019-07-30 23:09:32 +02:00 · 2019-07-30 23:09:32 +02:00 · 034c6fd0c5
parent 5cff9163e9
commit 034c6fd0c5
1 changed files with 34 additions and 21 deletions
--- a/dll/win32/lsasrv/authpackage.c
+++ b/dll/win32/lsasrv/authpackage.c
@ -1641,22 +1641,6 @@ LsapLogonUser(PLSA_API_MSG RequestMsg,
        goto done;
    }

-    /* Duplicate the token handle into the client process */
-    Status = NtDuplicateObject(NtCurrentProcess(),
-                               TokenHandle,
-                               LogonContext->ClientProcessHandle,
-                               &RequestMsg->LogonUser.Reply.Token,
-                               0,
-                               0,
-                               DUPLICATE_SAME_ACCESS | DUPLICATE_SAME_ATTRIBUTES | DUPLICATE_CLOSE_SOURCE);
-    if (!NT_SUCCESS(Status))
-    {
-        ERR("NtDuplicateObject failed (Status 0x%08lx)\n", Status);
-        goto done;
-    }
-
-//    TokenHandle = NULL;
-
    if (LogonType == Interactive ||
        LogonType == Batch ||
        LogonType == Service)
@ -1680,12 +1664,41 @@ LsapLogonUser(PLSA_API_MSG RequestMsg,
        goto done;
    }

+    /*
+     * Duplicate the token handle into the client process.
+     * This must be the last step because we cannot
+     * close the duplicated token handle in case something fails.
+     */
+    Status = NtDuplicateObject(NtCurrentProcess(),
+                               TokenHandle,
+                               LogonContext->ClientProcessHandle,
+                               &RequestMsg->LogonUser.Reply.Token,
+                               0,
+                               0,
+                               DUPLICATE_SAME_ACCESS | DUPLICATE_SAME_ATTRIBUTES | DUPLICATE_CLOSE_SOURCE);
+    if (!NT_SUCCESS(Status))
+    {
+        ERR("NtDuplicateObject failed (Status 0x%08lx)\n", Status);
+        goto done;
+    }
+
 done:
-//    if (!NT_SUCCESS(Status))
-//    {
-        if (TokenHandle != NULL)
-            NtClose(TokenHandle);
-//    }
+    if (!NT_SUCCESS(Status))
+    {
+        /* Notify the authentification package of the failure */
+        Package->LsaApLogonTerminated(&RequestMsg->LogonUser.Reply.LogonId);
+
+        /* Delete the logon session */
+        LsapDeleteLogonSession(&RequestMsg->LogonUser.Reply.LogonId);
+
+        /* Release the profile buffer */
+        LsapFreeClientBuffer((PLSA_CLIENT_REQUEST)LogonContext,
+                             RequestMsg->LogonUser.Reply.ProfileBuffer);
+        RequestMsg->LogonUser.Reply.ProfileBuffer = NULL;
+    }
+
+    if (TokenHandle != NULL)
+        NtClose(TokenHandle);

    /* Free the local groups */
    if (LocalGroups != NULL)