Intravision/reactos
1
0
Fork 0
mirror of https://github.com/reactos/reactos.git synced 2025-08-03 15:36:04 +00:00
Code Issues Projects Releases Packages Wiki Activity

[MSGINA][LSASRV] Support LSA secret DefaultPassword in autologon (#7936)

Browse source
This commit is contained in:
Whindmar Saksit 2025-05-01 17:51:42 +02:00 committed by GitHub
parent 21810f11e4
commit bbd6a57c0f
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
2 changed files with 49 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

4
dll/win32/lsasrv/lsarpc.c
View file

@ -3620,6 +3620,8 @@ LsarRetrievePrivateData(
PRPC_UNICODE_STRING KeyName, PRPC_UNICODE_STRING KeyName,
PLSAPR_CR_CIPHER_VALUE *EncryptedData) PLSAPR_CR_CIPHER_VALUE *EncryptedData)
{ {
/* TODO: This should just call LsarOpenSecret(SECRET_QUERY_VALUE)+LsarQuerySecret? */
PLSA_DB_OBJECT PolicyObject = NULL; PLSA_DB_OBJECT PolicyObject = NULL;
PLSA_DB_OBJECT SecretObject = NULL; PLSA_DB_OBJECT SecretObject = NULL;
PLSAPR_CR_CIPHER_VALUE EncCurrentValue = NULL; PLSAPR_CR_CIPHER_VALUE EncCurrentValue = NULL;
@ -3633,7 +3635,7 @@ LsarRetrievePrivateData(
/* Validate the SecretHandle */ /* Validate the SecretHandle */
Status = LsapValidateDbObject(PolicyHandle, Status = LsapValidateDbObject(PolicyHandle,
LsaDbPolicyObject, LsaDbPolicyObject,
POLICY_CREATE_SECRET, POLICY_GET_PRIVATE_INFORMATION,
&PolicyObject); &PolicyObject);
if (!NT_SUCCESS(Status)) if (!NT_SUCCESS(Status))
{ {

46
dll/win32/msgina/msgina.c
View file

@ -161,6 +161,50 @@ cleanup:
HeapFree(GetProcessHeap(), 0, SystemStartOptions); HeapFree(GetProcessHeap(), 0, SystemStartOptions);
} }
static BOOL
SafeGetUnicodeString(
_In_ const LSA_UNICODE_STRING *pInput,
_Out_ PWSTR pszOutput,
_In_ SIZE_T cchMax)
{
HRESULT hr;
hr = StringCbCopyNExW(pszOutput, cchMax * sizeof(WCHAR),
pInput->Buffer, pInput->Length,
NULL, NULL,
STRSAFE_NO_TRUNCATION | STRSAFE_NULL_ON_FAILURE);
return (hr == S_OK);
}
/* Reference: https://learn.microsoft.com/en-us/windows/win32/secauthn/protecting-the-automatic-logon-password */
static BOOL
GetLsaDefaultPassword(_Inout_ PGINA_CONTEXT pgContext)
{
LSA_HANDLE hPolicy;
LSA_UNICODE_STRING Name, *pPwd;
LSA_OBJECT_ATTRIBUTES ObjectAttributes = { sizeof(ObjectAttributes) };
NTSTATUS Status = LsaOpenPolicy(NULL, &ObjectAttributes,
POLICY_GET_PRIVATE_INFORMATION, &hPolicy);
if (!NT_SUCCESS(Status))
return FALSE;
RtlInitUnicodeString(&Name, L"DefaultPassword");
Status = LsaRetrievePrivateData(hPolicy, &Name, &pPwd);
LsaClose(hPolicy);
if (Status == STATUS_SUCCESS)
{
if (!SafeGetUnicodeString(pPwd, pgContext->Password,
_countof(pgContext->Password)))
{
Status = STATUS_BUFFER_TOO_SMALL;
}
SecureZeroMemory(pPwd->Buffer, pPwd->Length);
LsaFreeMemory(pPwd);
}
return Status == STATUS_SUCCESS;
}
static static
BOOL BOOL
@ -259,6 +303,8 @@ GetRegistrySettings(PGINA_CONTEXT pgContext)
NULL, NULL,
(LPBYTE)&pgContext->Password, (LPBYTE)&pgContext->Password,
&dwSize); &dwSize);
if (rc)
GetLsaDefaultPassword(pgContext);
if (lpIgnoreShiftOverride != NULL) if (lpIgnoreShiftOverride != NULL)
HeapFree(GetProcessHeap(), 0, lpIgnoreShiftOverride); HeapFree(GetProcessHeap(), 0, lpIgnoreShiftOverride);