Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2025-05-06 18:31:26 +00:00
Code Issues Projects Releases Packages Wiki Activity

[LSASRV] Improvements to LsapLogonUser()

Browse source 
- Token handle duplication must be the last step because we cannot close the duplicated token handle if something fails.
- Call LsaApLogonTerminated(), delete the logon session and free the profile buffer if something fails.
This commit is contained in:
Eric Kohl 2019-07-30 23:09:32 +02:00
parent 5cff9163e9
commit 034c6fd0c5
1 changed files with 34 additions and 21 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

55
dll/win32/lsasrv/authpackage.c
View file

@ -1641,22 +1641,6 @@ LsapLogonUser(PLSA_API_MSG RequestMsg,
goto done;
}
/* Duplicate the token handle into the client process */
Status = NtDuplicateObject(NtCurrentProcess(),
TokenHandle,
LogonContext->ClientProcessHandle,
&RequestMsg->LogonUser.Reply.Token,
0,
0,
DUPLICATE_SAME_ACCESS | DUPLICATE_SAME_ATTRIBUTES | DUPLICATE_CLOSE_SOURCE);
if (!NT_SUCCESS(Status))
{
ERR("NtDuplicateObject failed (Status 0x%08lx)\n", Status);
goto done;
}
// TokenHandle = NULL;
if (LogonType == Interactive ||
LogonType == Batch ||
LogonType == Service)
@ -1680,12 +1664,41 @@ LsapLogonUser(PLSA_API_MSG RequestMsg,
goto done;
}
/*
* Duplicate the token handle into the client process.
* This must be the last step because we cannot
* close the duplicated token handle in case something fails.
*/
Status = NtDuplicateObject(NtCurrentProcess(),
TokenHandle,
LogonContext->ClientProcessHandle,
&RequestMsg->LogonUser.Reply.Token,
0,
0,
DUPLICATE_SAME_ACCESS | DUPLICATE_SAME_ATTRIBUTES | DUPLICATE_CLOSE_SOURCE);
if (!NT_SUCCESS(Status))
{
ERR("NtDuplicateObject failed (Status 0x%08lx)\n", Status);
goto done;
}
done:
// if (!NT_SUCCESS(Status))
// {
if (TokenHandle != NULL)
NtClose(TokenHandle);
// }
if (!NT_SUCCESS(Status))
{
/* Notify the authentification package of the failure */
Package->LsaApLogonTerminated(&RequestMsg->LogonUser.Reply.LogonId);
/* Delete the logon session */
LsapDeleteLogonSession(&RequestMsg->LogonUser.Reply.LogonId);
/* Release the profile buffer */
LsapFreeClientBuffer((PLSA_CLIENT_REQUEST)LogonContext,
RequestMsg->LogonUser.Reply.ProfileBuffer);
RequestMsg->LogonUser.Reply.ProfileBuffer = NULL;
}
if (TokenHandle != NULL)
NtClose(TokenHandle);
/* Free the local groups */
if (LocalGroups != NULL)