Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2025-08-05 19:03:00 +00:00
Code Issues Projects Releases Packages Wiki Activity

[MSV1_0] Use the account expiration time and check account expiration on logon

Browse source
This commit is contained in:
Eric Kohl 2018-09-04 23:15:15 +02:00
parent e25cbeba2f
commit 97382dee46
1 changed files with 19 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

32
dll/win32/msv1_0/msv1_0.c
View file

@ -143,11 +143,11 @@ BuildInteractiveProfileBuffer(IN PLSA_CLIENT_REQUEST ClientRequest,
LocalBuffer->LogonTime.LowPart = UserInfo->All.LastLogon.LowPart; LocalBuffer->LogonTime.LowPart = UserInfo->All.LastLogon.LowPart;
LocalBuffer->LogonTime.HighPart = UserInfo->All.LastLogon.HighPart; LocalBuffer->LogonTime.HighPart = UserInfo->All.LastLogon.HighPart;
// LocalBuffer->LogoffTime.LowPart = LocalBuffer->LogoffTime.LowPart = UserInfo->All.AccountExpires.LowPart;
// LocalBuffer->LogoffTime.HighPart = LocalBuffer->LogoffTime.HighPart = UserInfo->All.AccountExpires.HighPart;
// LocalBuffer->KickOffTime.LowPart = LocalBuffer->KickOffTime.LowPart = UserInfo->All.AccountExpires.LowPart;
// LocalBuffer->KickOffTime.HighPart = LocalBuffer->KickOffTime.HighPart = UserInfo->All.AccountExpires.HighPart;
LocalBuffer->PasswordLastSet.LowPart = UserInfo->All.PasswordLastSet.LowPart; LocalBuffer->PasswordLastSet.LowPart = UserInfo->All.PasswordLastSet.LowPart;
LocalBuffer->PasswordLastSet.HighPart = UserInfo->All.PasswordLastSet.HighPart; LocalBuffer->PasswordLastSet.HighPart = UserInfo->All.PasswordLastSet.HighPart;
@ -267,6 +267,7 @@ AppendRidToSid(PSID SrcSid,
return DstSid; return DstSid;
} }
static static
NTSTATUS NTSTATUS
BuildTokenUser(OUT PTOKEN_USER User, BuildTokenUser(OUT PTOKEN_USER User,
@ -415,32 +416,41 @@ BuildTokenInformationBuffer(PLSA_TOKEN_INFORMATION_V1 *TokenInformation,
Buffer = DispatchTable.AllocateLsaHeap(sizeof(LSA_TOKEN_INFORMATION_V1)); Buffer = DispatchTable.AllocateLsaHeap(sizeof(LSA_TOKEN_INFORMATION_V1));
if (Buffer == NULL) if (Buffer == NULL)
{ {
TRACE("Failed to allocate the local buffer!\n"); WARN("Failed to allocate the local buffer!\n");
Status = STATUS_INSUFFICIENT_RESOURCES; Status = STATUS_INSUFFICIENT_RESOURCES;
goto done; goto done;
} }
/* FIXME: */ Buffer->ExpirationTime.LowPart = UserInfo->All.AccountExpires.LowPart;
Buffer->ExpirationTime.QuadPart = -1; Buffer->ExpirationTime.HighPart = UserInfo->All.AccountExpires.HighPart;
Status = BuildTokenUser(&Buffer->User, Status = BuildTokenUser(&Buffer->User,
(PSID)AccountDomainSid, (PSID)AccountDomainSid,
UserInfo->All.UserId); UserInfo->All.UserId);
if (!NT_SUCCESS(Status)) if (!NT_SUCCESS(Status))
{
WARN("BuildTokenUser() failed (Status 0x%08lx)\n", Status);
goto done; goto done;
}
Status = BuildTokenPrimaryGroup(&Buffer->PrimaryGroup, Status = BuildTokenPrimaryGroup(&Buffer->PrimaryGroup,
(PSID)AccountDomainSid, (PSID)AccountDomainSid,
UserInfo->All.PrimaryGroupId); UserInfo->All.PrimaryGroupId);
if (!NT_SUCCESS(Status)) if (!NT_SUCCESS(Status))
{
WARN("BuildTokenPrimaryGroup() failed (Status 0x%08lx)\n", Status);
goto done; goto done;
}
Status = BuildTokenGroups(&Buffer->Groups, Status = BuildTokenGroups(&Buffer->Groups,
(PSID)AccountDomainSid, (PSID)AccountDomainSid,
UserInfo->All.UserId, UserInfo->All.UserId,
SpecialAccount); SpecialAccount);
if (!NT_SUCCESS(Status)) if (!NT_SUCCESS(Status))
{
WARN("BuildTokenGroups() failed (Status 0x%08lx)\n", Status);
goto done; goto done;
}
*TokenInformation = Buffer; *TokenInformation = Buffer;
@ -1029,7 +1039,7 @@ LsaApLogonUser(IN PLSA_CLIENT_REQUEST ClientRequest,
UNICODE_STRING LogonServer; UNICODE_STRING LogonServer;
BOOLEAN SessionCreated = FALSE; BOOLEAN SessionCreated = FALSE;
LARGE_INTEGER LogonTime; LARGE_INTEGER LogonTime;
// LARGE_INTEGER AccountExpires; LARGE_INTEGER AccountExpires;
LARGE_INTEGER PasswordMustChange; LARGE_INTEGER PasswordMustChange;
LARGE_INTEGER PasswordLastSet; LARGE_INTEGER PasswordLastSet;
BOOL SpecialAccount = FALSE; BOOL SpecialAccount = FALSE;
@ -1247,20 +1257,16 @@ LsaApLogonUser(IN PLSA_CLIENT_REQUEST ClientRequest,
goto done; goto done;
} }
#if 0
/* Check if the account expired */ /* Check if the account expired */
AccountExpires.LowPart = UserInfo->All.AccountExpires.LowPart; AccountExpires.LowPart = UserInfo->All.AccountExpires.LowPart;
AccountExpires.HighPart = UserInfo->All.AccountExpires.HighPart; AccountExpires.HighPart = UserInfo->All.AccountExpires.HighPart;
if (LogonTime.QuadPart >= AccountExpires.QuadPart)
if (AccountExpires.QuadPart != 0 &&
LogonTime.QuadPart >= AccountExpires.QuadPart)
{ {
ERR("Account expired!\n"); ERR("Account expired!\n");
*SubStatus = STATUS_ACCOUNT_EXPIRED; *SubStatus = STATUS_ACCOUNT_EXPIRED;
Status = STATUS_ACCOUNT_RESTRICTION; Status = STATUS_ACCOUNT_RESTRICTION;
goto done; goto done;
} }
#endif
/* Check if the password expired */ /* Check if the password expired */
PasswordMustChange.LowPart = UserInfo->All.PasswordMustChange.LowPart; PasswordMustChange.LowPart = UserInfo->All.PasswordMustChange.LowPart;