Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2025-04-05 13:11:22 +00:00
Code Issues Projects Releases Packages Wiki Activity

[MSV1_0] Use the account expiration time and check account expiration on logon

Browse source
This commit is contained in:
Eric Kohl 2018-09-04 23:15:15 +02:00
parent e25cbeba2f
commit 97382dee46
1 changed files with 19 additions and 13 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

32
dll/win32/msv1_0/msv1_0.c
View file

@ -143,11 +143,11 @@ BuildInteractiveProfileBuffer(IN PLSA_CLIENT_REQUEST ClientRequest,
LocalBuffer->LogonTime.LowPart = UserInfo->All.LastLogon.LowPart;
LocalBuffer->LogonTime.HighPart = UserInfo->All.LastLogon.HighPart;
// LocalBuffer->LogoffTime.LowPart =
// LocalBuffer->LogoffTime.HighPart =
LocalBuffer->LogoffTime.LowPart = UserInfo->All.AccountExpires.LowPart;
LocalBuffer->LogoffTime.HighPart = UserInfo->All.AccountExpires.HighPart;
// LocalBuffer->KickOffTime.LowPart =
// LocalBuffer->KickOffTime.HighPart =
LocalBuffer->KickOffTime.LowPart = UserInfo->All.AccountExpires.LowPart;
LocalBuffer->KickOffTime.HighPart = UserInfo->All.AccountExpires.HighPart;
LocalBuffer->PasswordLastSet.LowPart = UserInfo->All.PasswordLastSet.LowPart;
LocalBuffer->PasswordLastSet.HighPart = UserInfo->All.PasswordLastSet.HighPart;
@ -267,6 +267,7 @@ AppendRidToSid(PSID SrcSid,
return DstSid;
}
static
NTSTATUS
BuildTokenUser(OUT PTOKEN_USER User,
@ -415,32 +416,41 @@ BuildTokenInformationBuffer(PLSA_TOKEN_INFORMATION_V1 *TokenInformation,
Buffer = DispatchTable.AllocateLsaHeap(sizeof(LSA_TOKEN_INFORMATION_V1));
if (Buffer == NULL)
{
TRACE("Failed to allocate the local buffer!\n");
WARN("Failed to allocate the local buffer!\n");
Status = STATUS_INSUFFICIENT_RESOURCES;
goto done;
}
/* FIXME: */
Buffer->ExpirationTime.QuadPart = -1;
Buffer->ExpirationTime.LowPart = UserInfo->All.AccountExpires.LowPart;
Buffer->ExpirationTime.HighPart = UserInfo->All.AccountExpires.HighPart;
Status = BuildTokenUser(&Buffer->User,
(PSID)AccountDomainSid,
UserInfo->All.UserId);
if (!NT_SUCCESS(Status))
{
WARN("BuildTokenUser() failed (Status 0x%08lx)\n", Status);
goto done;
}
Status = BuildTokenPrimaryGroup(&Buffer->PrimaryGroup,
(PSID)AccountDomainSid,
UserInfo->All.PrimaryGroupId);
if (!NT_SUCCESS(Status))
{
WARN("BuildTokenPrimaryGroup() failed (Status 0x%08lx)\n", Status);
goto done;
}
Status = BuildTokenGroups(&Buffer->Groups,
(PSID)AccountDomainSid,
UserInfo->All.UserId,
SpecialAccount);
if (!NT_SUCCESS(Status))
{
WARN("BuildTokenGroups() failed (Status 0x%08lx)\n", Status);
goto done;
}
*TokenInformation = Buffer;
@ -1029,7 +1039,7 @@ LsaApLogonUser(IN PLSA_CLIENT_REQUEST ClientRequest,
UNICODE_STRING LogonServer;
BOOLEAN SessionCreated = FALSE;
LARGE_INTEGER LogonTime;
// LARGE_INTEGER AccountExpires;
LARGE_INTEGER AccountExpires;
LARGE_INTEGER PasswordMustChange;
LARGE_INTEGER PasswordLastSet;
BOOL SpecialAccount = FALSE;
@ -1247,20 +1257,16 @@ LsaApLogonUser(IN PLSA_CLIENT_REQUEST ClientRequest,
goto done;
}
#if 0
/* Check if the account expired */
AccountExpires.LowPart = UserInfo->All.AccountExpires.LowPart;
AccountExpires.HighPart = UserInfo->All.AccountExpires.HighPart;
if (AccountExpires.QuadPart != 0 &&
LogonTime.QuadPart >= AccountExpires.QuadPart)
if (LogonTime.QuadPart >= AccountExpires.QuadPart)
{
ERR("Account expired!\n");
*SubStatus = STATUS_ACCOUNT_EXPIRED;
Status = STATUS_ACCOUNT_RESTRICTION;
goto done;
}
#endif
/* Check if the password expired */
PasswordMustChange.LowPart = UserInfo->All.PasswordMustChange.LowPart;