From b4b9913715d21bd9c2efaac5b5cc7a06c4b31229 Mon Sep 17 00:00:00 2001 From: Eric Kohl Date: Wed, 30 Oct 2013 21:19:03 +0000 Subject: [PATCH] [ADVAPI32] Enable the new SAM-based logon system. Using your own accounts to log-on to ReactOS will still fail because of bugs in winlogon, userenv.dll and the registry. But at least the infrastructure is in place and we can start to fix the reamining bugs. All accounts still use a hard-coded privilege set, but this will be fixed as soon as possible. svn path=/trunk/; revision=60800 --- reactos/boot/bootdata/hivesft.inf | 5 +- reactos/dll/win32/advapi32/CMakeLists.txt | 2 +- reactos/dll/win32/advapi32/misc/logon.c | 194 ++++++++++++++++++++++ 3 files changed, 198 insertions(+), 3 deletions(-) diff --git a/reactos/boot/bootdata/hivesft.inf b/reactos/boot/bootdata/hivesft.inf index 143432f3ca5..909a5bfc5f2 100644 --- a/reactos/boot/bootdata/hivesft.inf +++ b/reactos/boot/bootdata/hivesft.inf @@ -324,7 +324,7 @@ HKLM,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Time Zones","IndexMapping",0x "81d", "125",\ "422", "125",\ "402", "125",\ - "427", "125",\ + "427", "125",\ "408", "130",\ "41f", "130",\ "418", "130",\ @@ -1067,7 +1067,8 @@ HKLM,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon","Shell",0x00020000, HKLM,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon","Userinit",0x00020000,"%SystemRoot%\system32\userinit.exe" HKLM,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon","AutoAdminLogon",0x00000000,"1" HKLM,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon","DefaultUserName",0x00000000,"Administrator" -HKLM,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon","DefaultPassword",0x00000000,"Secret" +;HKLM,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon","DefaultPassword",0x00000000,"Secret" +HKLM,"SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon","DefaultPassword",0x00000000,"" ; Time Zone Servers HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\DateTime\Servers","1",0x00000000,"pool.ntp.org" diff --git a/reactos/dll/win32/advapi32/CMakeLists.txt b/reactos/dll/win32/advapi32/CMakeLists.txt index 6e79c73277b..50e74231036 100644 --- a/reactos/dll/win32/advapi32/CMakeLists.txt +++ b/reactos/dll/win32/advapi32/CMakeLists.txt @@ -58,7 +58,7 @@ add_library(advapi32 SHARED ${SOURCE}) set_module_type(advapi32 win32dll UNICODE) target_link_libraries(advapi32 wine ${PSEH_LIB}) add_delay_importlibs(advapi32 rpcrt4) -add_importlibs(advapi32 msvcrt kernel32 ntdll) +add_importlibs(advapi32 secur32 msvcrt kernel32 ntdll) add_pch(advapi32 advapi32.h ${CMAKE_CURRENT_BINARY_DIR}/lsa_c.h diff --git a/reactos/dll/win32/advapi32/misc/logon.c b/reactos/dll/win32/advapi32/misc/logon.c index 950b425824c..4f0f9f0ef7e 100644 --- a/reactos/dll/win32/advapi32/misc/logon.c +++ b/reactos/dll/win32/advapi32/misc/logon.c @@ -9,6 +9,7 @@ #include WINE_DEFAULT_DEBUG_CHANNEL(advapi); +#define NEW_LOGON /* FUNCTIONS ***************************************************************/ @@ -212,6 +213,7 @@ UsernameDone: } +#ifndef NEW_LOGON static BOOL WINAPI GetAccountDomainSid(PSID *Sid) { @@ -565,6 +567,7 @@ FreeGroupSids(PTOKEN_GROUPS TokenGroups) RtlFreeHeap(GetProcessHeap(), 0, TokenGroups); } +#endif /* @@ -578,6 +581,196 @@ LogonUserW(LPWSTR lpszUsername, DWORD dwLogonProvider, PHANDLE phToken) { +#ifdef NEW_LOGON + LSA_STRING LogonProcessName; + LSA_STRING PackageName; + HANDLE LsaHandle = NULL; + LSA_OPERATIONAL_MODE SecurityMode = 0; + ULONG AuthenticationPackage = 0; + + LSA_STRING OriginName; + UNICODE_STRING DomainName; + UNICODE_STRING UserName; + UNICODE_STRING Password; + PMSV1_0_INTERACTIVE_LOGON AuthInfo = NULL; + ULONG AuthInfoLength; + ULONG_PTR Ptr; + TOKEN_SOURCE TokenSource; + + PMSV1_0_INTERACTIVE_PROFILE ProfileBuffer = NULL; + ULONG ProfileBufferLength = 0; + LUID Luid = {0, 0}; + HANDLE TokenHandle = NULL; + QUOTA_LIMITS QuotaLimits; + NTSTATUS SubStatus = STATUS_SUCCESS; + NTSTATUS Status; + + *phToken = NULL; + + RtlInitAnsiString((PANSI_STRING)&LogonProcessName, + "User32LogonProcess"); + + Status = LsaRegisterLogonProcess(&LogonProcessName, + &LsaHandle, + &SecurityMode); + if (!NT_SUCCESS(Status)) + { + TRACE("LsaRegisterLogonProcess failed (Status 0x%08lx)\n", Status); + goto done; + } + + RtlInitAnsiString((PANSI_STRING)&PackageName, + MSV1_0_PACKAGE_NAME); + + Status = LsaLookupAuthenticationPackage(LsaHandle, + &PackageName, + &AuthenticationPackage); + if (!NT_SUCCESS(Status)) + { + TRACE("LsaLookupAuthenticationPackage failed (Status 0x%08lx)\n", Status); + goto done; + } + + TRACE("AuthenticationPackage: 0x%08lx\n", AuthenticationPackage); + + + RtlInitAnsiString((PANSI_STRING)&OriginName, + "Testapp"); + + RtlInitUnicodeString(&DomainName, + lpszDomain); + + RtlInitUnicodeString(&UserName, + lpszUsername); + + RtlInitUnicodeString(&Password, + lpszPassword); + + AuthInfoLength = sizeof(MSV1_0_INTERACTIVE_LOGON)+ + DomainName.MaximumLength + + UserName.MaximumLength + + Password.MaximumLength; + + AuthInfo = RtlAllocateHeap(RtlGetProcessHeap(), + HEAP_ZERO_MEMORY, + AuthInfoLength); + if (AuthInfo == NULL) + { + Status = STATUS_INSUFFICIENT_RESOURCES; + goto done; + } + + + AuthInfo->MessageType = MsV1_0InteractiveLogon; + + Ptr = (ULONG_PTR)AuthInfo + sizeof(MSV1_0_INTERACTIVE_LOGON); + + AuthInfo->LogonDomainName.Length = DomainName.Length; + AuthInfo->LogonDomainName.MaximumLength = DomainName.MaximumLength; + AuthInfo->LogonDomainName.Buffer = (DomainName.Buffer == NULL) ? NULL : (PWCHAR)Ptr; + if (DomainName.MaximumLength > 0) + { + RtlCopyMemory(AuthInfo->LogonDomainName.Buffer, + DomainName.Buffer, + DomainName.MaximumLength); + + Ptr += DomainName.MaximumLength; + } + + AuthInfo->UserName.Length = UserName.Length; + AuthInfo->UserName.MaximumLength = UserName.MaximumLength; + AuthInfo->UserName.Buffer = (PWCHAR)Ptr; + if (UserName.MaximumLength > 0) + RtlCopyMemory(AuthInfo->UserName.Buffer, + UserName.Buffer, + UserName.MaximumLength); + + Ptr += UserName.MaximumLength; + + AuthInfo->Password.Length = Password.Length; + AuthInfo->Password.MaximumLength = Password.MaximumLength; + AuthInfo->Password.Buffer = (PWCHAR)Ptr; + if (Password.MaximumLength > 0) + RtlCopyMemory(AuthInfo->Password.Buffer, + Password.Buffer, + Password.MaximumLength); + + /* FIXME: Add LocalGroups here */ + + strcpy(TokenSource.SourceName, "Bla"); + AllocateLocallyUniqueId(&TokenSource.SourceIdentifier); + + Status = LsaLogonUser(LsaHandle, + &OriginName, + Interactive, + AuthenticationPackage, + (PVOID)AuthInfo, + AuthInfoLength, + NULL, /* LocalGroups */ + &TokenSource, + (PVOID*)&ProfileBuffer, + &ProfileBufferLength, + &Luid, + &TokenHandle, + &QuotaLimits, + &SubStatus); + if (!NT_SUCCESS(Status)) + { + TRACE("LsaLogonUser failed (Status 0x%08lx)\n", Status); + goto done; + } + + if (ProfileBuffer != NULL) + { + TRACE("ProfileBuffer: %p\n", ProfileBuffer); + TRACE("MessageType: %u\n", ProfileBuffer->MessageType); + + TRACE("FullName: %p\n", ProfileBuffer->FullName.Buffer); + TRACE("FullName: %S\n", ProfileBuffer->FullName.Buffer); + + TRACE("LogonServer: %p\n", ProfileBuffer->LogonServer.Buffer); + TRACE("LogonServer: %S\n", ProfileBuffer->LogonServer.Buffer); + } + + TRACE("Luid: 0x%08lx%08lx\n", Luid.HighPart, Luid.LowPart); + + if (TokenHandle != NULL) + { + TRACE("TokenHandle: %p\n", TokenHandle); + } + + *phToken = TokenHandle; + +done: + if (ProfileBuffer != NULL) + LsaFreeReturnBuffer(ProfileBuffer); + + if (!NT_SUCCESS(Status)) + { + if (TokenHandle != NULL) + CloseHandle(TokenHandle); + } + + if (AuthInfo != NULL) + RtlFreeHeap(RtlGetProcessHeap(), 0, AuthInfo); + + if (LsaHandle != NULL) + { + Status = LsaDeregisterLogonProcess(LsaHandle); + if (!NT_SUCCESS(Status)) + { + TRACE("LsaDeregisterLogonProcess failed (Status 0x%08lx)\n", Status); + } + } + + if (!NT_SUCCESS(Status)) + { + SetLastError(RtlNtStatusToDosError(Status)); + return FALSE; + } + + return TRUE; +#else /* FIXME shouldn't use hard-coded list of privileges */ static struct { @@ -776,6 +969,7 @@ done: RtlFreeHeap(GetProcessHeap(), 0, UserSid); return NT_SUCCESS(Status); +#endif } /* EOF */