diff --git a/reactos/dll/win32/lsasrv/authpackage.c b/reactos/dll/win32/lsasrv/authpackage.c index 2cc5044370c..496b550ca84 100644 --- a/reactos/dll/win32/lsasrv/authpackage.c +++ b/reactos/dll/win32/lsasrv/authpackage.c @@ -12,9 +12,18 @@ WINE_DEFAULT_DEBUG_CHANNEL(lsasrv); +typedef enum _LSA_TOKEN_INFORMATION_TYPE +{ + LsaTokenInformationNull, + LsaTokenInformationV1 +} LSA_TOKEN_INFORMATION_TYPE, *PLSA_TOKEN_INFORMATION_TYPE; + +typedef PVOID PLSA_CLIENT_REQUEST; typedef PVOID (NTAPI *PLSA_ALLOCATE_LSA_HEAP)(ULONG); typedef VOID (NTAPI *PLSA_FREE_LSA_HEAP)(PVOID); +typedef NTSTATUS (NTAPI *PLSA_ALLOCATE_CLIENT_BUFFER)(PLSA_CLIENT_REQUEST, ULONG, PVOID*); +typedef NTSTATUS (NTAPI *PLSA_FREE_CLIENT_BUFFER)(PLSA_CLIENT_REQUEST, PVOID); typedef struct LSA_DISPATCH_TABLE { @@ -25,8 +34,8 @@ typedef struct LSA_DISPATCH_TABLE PVOID /*PLSA_DELETE_CREDENTIAL */ DeleteCredential; PLSA_ALLOCATE_LSA_HEAP AllocateLsaHeap; PLSA_FREE_LSA_HEAP FreeLsaHeap; - PVOID /*PLSA_ALLOCATE_CLIENT_BUFFER */ AllocateClientBuffer; - PVOID /*PLSA_FREE_CLIENT_BUFFER */ FreeClientBuffer; + PLSA_ALLOCATE_CLIENT_BUFFER AllocateClientBuffer; + PLSA_FREE_CLIENT_BUFFER FreeClientBuffer; PVOID /*PLSA_COPY_TO_CLIENT_BUFFER */ CopyToClientBuffer; PVOID /*PLSA_COPY_FROM_CLIENT_BUFFER */ CopyFromClientBuffer; } LSA_DISPATCH_TABLE, *PLSA_DISPATCH_TABLE; @@ -34,23 +43,25 @@ typedef struct LSA_DISPATCH_TABLE typedef NTSTATUS (NTAPI *PLSA_AP_INITIALIZE_PACKAGE)(ULONG, PLSA_DISPATCH_TABLE, PLSA_STRING, PLSA_STRING, PLSA_STRING *); -typedef NTSTATUS (NTAPI *PLSA_AP_CALL_PACKAGE)(PUNICODE_STRING, PVOID, ULONG, - PVOID *, PULONG, PNTSTATUS); -typedef NTSTATUS (NTAPI *PLSA_AP_CALL_PACKAGE_PASSTHROUGH)(PUNICODE_STRING, +typedef NTSTATUS (NTAPI *PLSA_AP_CALL_PACKAGE_INTERNAL)(PLSA_CLIENT_REQUEST, PVOID, PVOID, + ULONG, PVOID *, PULONG, PNTSTATUS); +typedef NTSTATUS (NTAPI *PLSA_AP_CALL_PACKAGE_PASSTHROUGH)(PLSA_CLIENT_REQUEST, PVOID, PVOID, ULONG, PVOID *, PULONG, PNTSTATUS); -typedef NTSTATUS (NTAPI *PLSA_AP_CALL_PACKAGE_UNTRUSTED)(PVOID/*PLSA_CLIENT_REQUEST*/, +typedef NTSTATUS (NTAPI *PLSA_AP_CALL_PACKAGE_UNTRUSTED)(PLSA_CLIENT_REQUEST, PVOID, PVOID, ULONG, PVOID *, PULONG, PNTSTATUS); typedef VOID (NTAPI *PLSA_AP_LOGON_TERMINATED)(PLUID); -typedef NTSTATUS (NTAPI *PLSA_AP_LOGON_USER_EX2)(PVOID /*PLSA_CLIENT_REQUEST*/, +typedef NTSTATUS (NTAPI *PLSA_AP_LOGON_USER_EX2)(PLSA_CLIENT_REQUEST, SECURITY_LOGON_TYPE, PVOID, PVOID, ULONG, PVOID *, PULONG, PLUID, PNTSTATUS, - PVOID /*PLSA_TOKEN_INFORMATION_TYPE*/, PVOID *, PUNICODE_STRING *, PUNICODE_STRING *, + PLSA_TOKEN_INFORMATION_TYPE, PVOID *, PUNICODE_STRING *, PUNICODE_STRING *, PUNICODE_STRING *, PVOID /*PSECPKG_PRIMARY_CRED*/, PVOID /*PSECPKG_SUPPLEMENTAL_CRED_ARRAY **/); -typedef NTSTATUS (NTAPI *PLSA_AP_LOGON_USER_EX)(PVOID /*PLSA_CLIENT_REQUEST*/, +typedef NTSTATUS (NTAPI *PLSA_AP_LOGON_USER_EX)(PLSA_CLIENT_REQUEST, SECURITY_LOGON_TYPE, PVOID, PVOID, ULONG, PVOID *, PULONG, PLUID, PNTSTATUS, - PVOID /*PLSA_TOKEN_INFORMATION_TYPE*/, PVOID *, PUNICODE_STRING *, PUNICODE_STRING *, + PLSA_TOKEN_INFORMATION_TYPE, PVOID *, PUNICODE_STRING *, PUNICODE_STRING *, PUNICODE_STRING *); -typedef NTSTATUS (NTAPI *PLSA_AP_LOGON_USER)(LPWSTR, LPWSTR, LPWSTR, LPWSTR, - DWORD, DWORD, PHANDLE); + +typedef NTSTATUS (NTAPI *PLSA_AP_LOGON_USER_INTERNAL)(PLSA_CLIENT_REQUEST, SECURITY_LOGON_TYPE, + PVOID, PVOID, ULONG, PVOID *, PULONG, PLUID, PNTSTATUS, PLSA_TOKEN_INFORMATION_TYPE, + PVOID *, PUNICODE_STRING *, PUNICODE_STRING *); typedef struct _AUTH_PACKAGE { @@ -60,21 +71,23 @@ typedef struct _AUTH_PACKAGE PVOID ModuleHandle; PLSA_AP_INITIALIZE_PACKAGE LsaApInitializePackage; - PLSA_AP_CALL_PACKAGE LsaApCallPackage; + PLSA_AP_CALL_PACKAGE_INTERNAL LsaApCallPackage; PLSA_AP_CALL_PACKAGE_PASSTHROUGH LsaApCallPackagePassthrough; PLSA_AP_CALL_PACKAGE_UNTRUSTED LsaApCallPackageUntrusted; PLSA_AP_LOGON_TERMINATED LsaApLogonTerminated; PLSA_AP_LOGON_USER_EX2 LsaApLogonUserEx2; PLSA_AP_LOGON_USER_EX LsaApLogonUserEx; - PLSA_AP_LOGON_USER LsaApLogonUser; + PLSA_AP_LOGON_USER_INTERNAL LsaApLogonUser; } AUTH_PACKAGE, *PAUTH_PACKAGE; + /* GLOBALS *****************************************************************/ static LIST_ENTRY PackageListHead; static ULONG PackageId; static LSA_DISPATCH_TABLE DispatchTable; + /* FUNCTIONS ***************************************************************/ static @@ -242,20 +255,72 @@ done: } +static +PAUTH_PACKAGE +LsapGetAuthenticationPackage(IN ULONG PackageId) +{ + PLIST_ENTRY ListEntry; + PAUTH_PACKAGE Package; + + ListEntry = PackageListHead.Flink; + while (ListEntry != &PackageListHead) + { + Package = CONTAINING_RECORD(ListEntry, AUTH_PACKAGE, Entry); + + if (Package->Id == PackageId) + { + return Package; + } + + ListEntry = ListEntry->Flink; + } + + return NULL; +} + + static PVOID NTAPI -LsapAllocateHeap(ULONG Size) +LsapAllocateHeap(IN ULONG Length) { - return RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, Size); + return RtlAllocateHeap(RtlGetProcessHeap(), + HEAP_ZERO_MEMORY, + Length); } + static VOID NTAPI -LsapFreeHeap(PVOID Ptr) +LsapFreeHeap(IN PVOID Base) { - RtlFreeHeap(RtlGetProcessHeap(), 0, Ptr); + RtlFreeHeap(RtlGetProcessHeap(), + 0, + Base); +} + + +static +NTSTATUS +NTAPI +LsapAllocateClientBuffer(IN PLSA_CLIENT_REQUEST ClientRequest, + IN ULONG LengthRequired, + OUT PVOID *ClientBaseAddress) +{ + FIXME("() stub\n"); + return STATUS_NOT_IMPLEMENTED; +} + + +static +NTSTATUS +NTAPI +LsapFreeClientBuffer(IN PLSA_CLIENT_REQUEST ClientRequest, + IN PVOID ClientBaseAddress) +{ + FIXME("() stub\n"); + return STATUS_NOT_IMPLEMENTED; } @@ -279,8 +344,8 @@ LsapInitAuthPackages(VOID) DispatchTable.DeleteCredential = NULL; DispatchTable.AllocateLsaHeap = &LsapAllocateHeap; DispatchTable.FreeLsaHeap = &LsapFreeHeap; - DispatchTable.AllocateClientBuffer = NULL; - DispatchTable.FreeClientBuffer = NULL; + DispatchTable.AllocateClientBuffer = &LsapAllocateClientBuffer; + DispatchTable.FreeClientBuffer = &LsapFreeClientBuffer; DispatchTable.CopyToClientBuffer = NULL; DispatchTable.CopyFromClientBuffer = NULL; @@ -297,21 +362,30 @@ LsapInitAuthPackages(VOID) NTSTATUS -LsapLookupAuthenticationPackageByName(IN PSTRING PackageName, - OUT PULONG PackageId) +LsapLookupAuthenticationPackage(PLSA_API_MSG RequestMsg, + PLSAP_LOGON_CONTEXT LogonContext) { PLIST_ENTRY ListEntry; PAUTH_PACKAGE Package; + ULONG PackageNameLength; + PCHAR PackageName; + + TRACE("(%p %p)\n", RequestMsg, LogonContext); + + PackageNameLength = RequestMsg->LookupAuthenticationPackage.Request.PackageNameLength; + PackageName = RequestMsg->LookupAuthenticationPackage.Request.PackageName; + + TRACE("PackageName: %s\n", PackageName); ListEntry = PackageListHead.Flink; while (ListEntry != &PackageListHead) { Package = CONTAINING_RECORD(ListEntry, AUTH_PACKAGE, Entry); - if ((PackageName->Length == Package->Name->Length) && - (_strnicmp(PackageName->Buffer, Package->Name->Buffer, Package->Name->Length) == 0)) + if ((PackageNameLength == Package->Name->Length) && + (_strnicmp(PackageName, Package->Name->Buffer, Package->Name->Length) == 0)) { - *PackageId = Package->Id; + RequestMsg->LookupAuthenticationPackage.Reply.Package = Package->Id; return STATUS_SUCCESS; } @@ -321,4 +395,143 @@ LsapLookupAuthenticationPackageByName(IN PSTRING PackageName, return STATUS_NO_SUCH_PACKAGE; } + +NTSTATUS +LsapCallAuthenticationPackage(PLSA_API_MSG RequestMsg, + PLSAP_LOGON_CONTEXT LogonContext) +{ + PAUTH_PACKAGE Package; + ULONG PackageId; + + NTSTATUS Status; + + TRACE("(%p %p)\n", RequestMsg, LogonContext); + + PackageId = RequestMsg->CallAuthenticationPackage.Request.AuthenticationPackage; + + Package = LsapGetAuthenticationPackage(PackageId); + if (Package == NULL) + { + TRACE("LsapGetAuthenticationPackage() failed to find a package\n"); + return STATUS_NO_SUCH_PACKAGE; + } + + Status = Package->LsaApCallPackage(NULL, /* FIXME: PLSA_CLIENT_REQUEST ClientRequest */ + RequestMsg->CallAuthenticationPackage.Request.ProtocolSubmitBuffer, + NULL, /* FIXME: PVOID ClientBufferBase */ + RequestMsg->CallAuthenticationPackage.Request.SubmitBufferLength, + &RequestMsg->CallAuthenticationPackage.Reply.ProtocolReturnBuffer, + &RequestMsg->CallAuthenticationPackage.Reply.ReturnBufferLength, + &RequestMsg->CallAuthenticationPackage.Reply.ProtocolStatus); + if (!NT_SUCCESS(Status)) + { + TRACE("Package->LsaApCallPackage() failed (Status 0x%08lx)\n", Status); + } + + return Status; +} + + +NTSTATUS +LsapLogonUser(PLSA_API_MSG RequestMsg, + PLSAP_LOGON_CONTEXT LogonContext) +{ + PAUTH_PACKAGE Package; + ULONG PackageId; + NTSTATUS Status; + + LSA_TOKEN_INFORMATION_TYPE TokenInformationType; + PVOID TokenInformation = NULL; + PUNICODE_STRING AccountName = NULL; + PUNICODE_STRING AuthenticatingAuthority = NULL; + PUNICODE_STRING MachineName = NULL; + + TRACE("(%p %p)\n", RequestMsg, LogonContext); + + PackageId = RequestMsg->LogonUser.Request.AuthenticationPackage; + + Package = LsapGetAuthenticationPackage(PackageId); + if (Package == NULL) + { + TRACE("LsapGetAuthenticationPackage() failed to find a package\n"); + return STATUS_NO_SUCH_PACKAGE; + } + + if (Package->LsaApLogonUserEx2 != NULL) + { + Status = Package->LsaApLogonUserEx2(NULL, /* FIXME: PLSA_CLIENT_REQUEST ClientRequest */ + RequestMsg->LogonUser.Request.LogonType, + RequestMsg->LogonUser.Request.AuthenticationInformation, + NULL, /* FIXME: PVOID ClientBufferBase*/ + RequestMsg->LogonUser.Request.AuthenticationInformationLength, + &RequestMsg->LogonUser.Reply.ProfileBuffer, + &RequestMsg->LogonUser.Reply.ProfileBufferLength, + &RequestMsg->LogonUser.Reply.LogonId, + &RequestMsg->LogonUser.Reply.SubStatus, + &TokenInformationType, + &TokenInformation, + &AccountName, + &AuthenticatingAuthority, + &MachineName, + NULL, /* FIXME: PSECPKG_PRIMARY_CRED PrimaryCredentials */ + NULL); /* FIXME: PSECPKG_SUPPLEMENTAL_CRED_ARRAY *SupplementalCredentials */ + } + else if (Package->LsaApLogonUserEx != NULL) + { + Status = Package->LsaApLogonUserEx(NULL, /* FIXME: PLSA_CLIENT_REQUEST ClientRequest */ + RequestMsg->LogonUser.Request.LogonType, + RequestMsg->LogonUser.Request.AuthenticationInformation, + NULL, /* FIXME: PVOID ClientBufferBase*/ + RequestMsg->LogonUser.Request.AuthenticationInformationLength, + &RequestMsg->LogonUser.Reply.ProfileBuffer, + &RequestMsg->LogonUser.Reply.ProfileBufferLength, + &RequestMsg->LogonUser.Reply.LogonId, + &RequestMsg->LogonUser.Reply.SubStatus, + &TokenInformationType, + &TokenInformation, + &AccountName, + &AuthenticatingAuthority, + &MachineName); + } + else + { + Status = Package->LsaApLogonUser(NULL, /* FIXME: PLSA_CLIENT_REQUEST ClientRequest */ + RequestMsg->LogonUser.Request.LogonType, + RequestMsg->LogonUser.Request.AuthenticationInformation, + NULL, /* FIXME: PVOID ClientBufferBase*/ + RequestMsg->LogonUser.Request.AuthenticationInformationLength, + &RequestMsg->LogonUser.Reply.ProfileBuffer, + &RequestMsg->LogonUser.Reply.ProfileBufferLength, + &RequestMsg->LogonUser.Reply.LogonId, + &RequestMsg->LogonUser.Reply.SubStatus, + &TokenInformationType, + &TokenInformation, + &AccountName, + &AuthenticatingAuthority); + } + + + if (TokenInformation != NULL) + { + + } + + if (AuthenticatingAuthority != NULL) + { + + } + + if (AccountName != NULL) + { + + } + + if (MachineName != NULL) + { + + } + + return Status; +} + /* EOF */ diff --git a/reactos/dll/win32/lsasrv/authport.c b/reactos/dll/win32/lsasrv/authport.c index 83689b608da..61f27b3bae8 100644 --- a/reactos/dll/win32/lsasrv/authport.c +++ b/reactos/dll/win32/lsasrv/authport.c @@ -14,14 +14,6 @@ WINE_DEFAULT_DEBUG_CHANNEL(lsasrv); -typedef struct _LSAP_LOGON_CONTEXT -{ - LIST_ENTRY Entry; - HANDLE ClientProcessHandle; - HANDLE ConnectionHandle; -} LSAP_LOGON_CONTEXT, *PLSAP_LOGON_CONTEXT; - - static LIST_ENTRY LsapLogonContextList; static HANDLE PortThreadHandle = NULL; @@ -30,16 +22,6 @@ static HANDLE AuthPortHandle = NULL; /* FUNCTIONS ***************************************************************/ -static NTSTATUS -LsapCallAuthenticationPackage(PLSA_API_MSG RequestMsg, - PLSAP_LOGON_CONTEXT LogonContext) -{ - TRACE("(%p %p)\n", RequestMsg, LogonContext); - - return STATUS_SUCCESS; -} - - static NTSTATUS LsapDeregisterLogonProcess(PLSA_API_MSG RequestMsg, PLSAP_LOGON_CONTEXT LogonContext) @@ -57,106 +39,6 @@ LsapDeregisterLogonProcess(PLSA_API_MSG RequestMsg, } -static NTSTATUS -LsapLogonUser(PLSA_API_MSG RequestMsg, - PLSAP_LOGON_CONTEXT LogonContext) -{ - PVOID LocalAuthInfo = NULL; - NTSTATUS Status = STATUS_SUCCESS; - - TRACE("(%p %p)\n", RequestMsg, LogonContext); - - TRACE("LogonType: %lu\n", RequestMsg->LogonUser.Request.LogonType); - TRACE("AuthenticationPackage: 0x%08lx\n", RequestMsg->LogonUser.Request.AuthenticationPackage); - TRACE("AuthenticationInformation: %p\n", RequestMsg->LogonUser.Request.AuthenticationInformation); - TRACE("AuthenticationInformationLength: %lu\n", RequestMsg->LogonUser.Request.AuthenticationInformationLength); - - LocalAuthInfo = RtlAllocateHeap(RtlGetProcessHeap(), - HEAP_ZERO_MEMORY, - RequestMsg->LogonUser.Request.AuthenticationInformationLength); - if (LocalAuthInfo == NULL) - { - Status = STATUS_INSUFFICIENT_RESOURCES; - goto done; - } - - /* Read the authentication info from the callers adress space */ - Status = NtReadVirtualMemory(LogonContext->ClientProcessHandle, - RequestMsg->LogonUser.Request.AuthenticationInformation, - LocalAuthInfo, - RequestMsg->LogonUser.Request.AuthenticationInformationLength, - NULL); - if (!NT_SUCCESS(Status)) - goto done; - - if (RequestMsg->LogonUser.Request.LogonType == Interactive || - RequestMsg->LogonUser.Request.LogonType == Batch || - RequestMsg->LogonUser.Request.LogonType == Service) - { - PMSV1_0_INTERACTIVE_LOGON LogonInfo; - ULONG_PTR PtrOffset; - - LogonInfo = (PMSV1_0_INTERACTIVE_LOGON)LocalAuthInfo; - - /* Fix-up pointers in the authentication info */ - PtrOffset = (ULONG_PTR)LocalAuthInfo - (ULONG_PTR)RequestMsg->LogonUser.Request.AuthenticationInformation; - - LogonInfo->LogonDomainName.Buffer = (PWSTR)((ULONG_PTR)LogonInfo->LogonDomainName.Buffer + PtrOffset); - LogonInfo->UserName.Buffer = (PWSTR)((ULONG_PTR)LogonInfo->UserName.Buffer + PtrOffset); - LogonInfo->Password.Buffer = (PWSTR)((ULONG_PTR)LogonInfo->Password.Buffer + PtrOffset); - - TRACE("Domain: %S\n", LogonInfo->LogonDomainName.Buffer); - TRACE("User: %S\n", LogonInfo->UserName.Buffer); - TRACE("Password: %S\n", LogonInfo->Password.Buffer); - } - else - { - FIXME("LogonType %lu is not supported yet!\n", RequestMsg->LogonUser.Request.LogonType); - } - - - - RequestMsg->LogonUser.Reply.ProfileBuffer = NULL; - RequestMsg->LogonUser.Reply.ProfileBufferLength = 0; -// LUID LogonId; - RequestMsg->LogonUser.Reply.Token = NULL; -// QUOTA_LIMITS Quotas; - RequestMsg->LogonUser.Reply.SubStatus = STATUS_SUCCESS; - -done: - if (LocalAuthInfo != NULL) - RtlFreeHeap(RtlGetProcessHeap(), 0, LocalAuthInfo); - - return Status; -} - - -static NTSTATUS -LsapLookupAuthenticationPackage(PLSA_API_MSG RequestMsg, - PLSAP_LOGON_CONTEXT LogonContext) -{ - STRING PackageName; - ULONG PackageId; - NTSTATUS Status; - - TRACE("(%p %p)\n", RequestMsg, LogonContext); - TRACE("PackageName: %s\n", RequestMsg->LookupAuthenticationPackage.Request.PackageName); - - PackageName.Length = RequestMsg->LookupAuthenticationPackage.Request.PackageNameLength; - PackageName.MaximumLength = LSASS_MAX_PACKAGE_NAME_LENGTH + 1; - PackageName.Buffer = RequestMsg->LookupAuthenticationPackage.Request.PackageName; - - Status = LsapLookupAuthenticationPackageByName(&PackageName, - &PackageId); - if (NT_SUCCESS(Status)) - { - RequestMsg->LookupAuthenticationPackage.Reply.Package = PackageId; - } - - return Status; -} - - static NTSTATUS LsapCheckLogonProcess(PLSA_API_MSG RequestMsg, PLSAP_LOGON_CONTEXT *LogonContext) diff --git a/reactos/dll/win32/lsasrv/lsasrv.h b/reactos/dll/win32/lsasrv/lsasrv.h index de709d60b86..b4d048cd8a7 100644 --- a/reactos/dll/win32/lsasrv/lsasrv.h +++ b/reactos/dll/win32/lsasrv/lsasrv.h @@ -69,6 +69,12 @@ typedef struct _LSAP_POLICY_AUDIT_EVENTS_DATA DWORD AuditEvents[0]; } LSAP_POLICY_AUDIT_EVENTS_DATA, *PLSAP_POLICY_AUDIT_EVENTS_DATA; +typedef struct _LSAP_LOGON_CONTEXT +{ + LIST_ENTRY Entry; + HANDLE ClientProcessHandle; + HANDLE ConnectionHandle; +} LSAP_LOGON_CONTEXT, *PLSAP_LOGON_CONTEXT; extern SID_IDENTIFIER_AUTHORITY NullSidAuthority; extern SID_IDENTIFIER_AUTHORITY WorldSidAuthority; @@ -86,8 +92,16 @@ NTSTATUS LsapInitAuthPackages(VOID); NTSTATUS -LsapLookupAuthenticationPackageByName(IN PSTRING PackageName, - OUT PULONG PackageId); +LsapLookupAuthenticationPackage(PLSA_API_MSG RequestMsg, + PLSAP_LOGON_CONTEXT LogonContext); + +NTSTATUS +LsapCallAuthenticationPackage(PLSA_API_MSG RequestMsg, + PLSAP_LOGON_CONTEXT LogonContext); + +NTSTATUS +LsapLogonUser(PLSA_API_MSG RequestMsg, + PLSAP_LOGON_CONTEXT LogonContext); /* authport.c */ NTSTATUS