mirror of
https://github.com/reactos/reactos.git
synced 2025-04-29 18:48:53 +00:00
[MSGINA]
Use our own implementation of LogonUser instead of the one from advapi32 in order to use only one LSA connection. svn path=/trunk/; revision=61932
This commit is contained in:
Eric Kohl
parent
fbd003350e
commit
d6031f2244
5 changed files with 260 additions and 16 deletions
|
|
@ -829,7 +829,7 @@ DoUnlock(
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
/* Wrong user name */
|
/* Wrong user name */
|
||||||
if (DoAdminUnlock(UserName, NULL, Password))
|
if (DoAdminUnlock(pgContext, UserName, NULL, Password))
|
||||||
{
|
{
|
||||||
*Action = WLX_SAS_ACTION_UNLOCK_WKSTA;
|
*Action = WLX_SAS_ACTION_UNLOCK_WKSTA;
|
||||||
res = TRUE;
|
res = TRUE;
|
||||||
|
|
|
||||||
|
|
@ -49,4 +49,223 @@ ConnectToLsa(
|
||||||
return TRUE;
|
return TRUE;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
BOOL
|
||||||
|
MyLogonUser(
|
||||||
|
HANDLE LsaHandle,
|
||||||
|
ULONG AuthenticationPackage,
|
||||||
|
LPWSTR lpszUsername,
|
||||||
|
LPWSTR lpszDomain,
|
||||||
|
LPWSTR lpszPassword,
|
||||||
|
PHANDLE phToken)
|
||||||
|
{
|
||||||
|
SID_IDENTIFIER_AUTHORITY LocalAuthority = {SECURITY_LOCAL_SID_AUTHORITY};
|
||||||
|
SID_IDENTIFIER_AUTHORITY SystemAuthority = {SECURITY_NT_AUTHORITY};
|
||||||
|
PSID LogonSid = NULL;
|
||||||
|
PSID LocalSid = NULL;
|
||||||
|
LSA_STRING OriginName;
|
||||||
|
UNICODE_STRING DomainName;
|
||||||
|
UNICODE_STRING UserName;
|
||||||
|
UNICODE_STRING Password;
|
||||||
|
PMSV1_0_INTERACTIVE_LOGON AuthInfo = NULL;
|
||||||
|
ULONG AuthInfoLength;
|
||||||
|
ULONG_PTR Ptr;
|
||||||
|
TOKEN_SOURCE TokenSource;
|
||||||
|
PTOKEN_GROUPS TokenGroups = NULL;
|
||||||
|
PMSV1_0_INTERACTIVE_PROFILE ProfileBuffer = NULL;
|
||||||
|
ULONG ProfileBufferLength = 0;
|
||||||
|
LUID Luid = {0, 0};
|
||||||
|
LUID LogonId = {0, 0};
|
||||||
|
HANDLE TokenHandle = NULL;
|
||||||
|
QUOTA_LIMITS QuotaLimits;
|
||||||
|
NTSTATUS SubStatus = STATUS_SUCCESS;
|
||||||
|
NTSTATUS Status;
|
||||||
|
|
||||||
|
*phToken = NULL;
|
||||||
|
|
||||||
|
RtlInitAnsiString((PANSI_STRING)&OriginName,
|
||||||
|
"MSGINA Logon");
|
||||||
|
|
||||||
|
RtlInitUnicodeString(&DomainName,
|
||||||
|
lpszDomain);
|
||||||
|
|
||||||
|
RtlInitUnicodeString(&UserName,
|
||||||
|
lpszUsername);
|
||||||
|
|
||||||
|
RtlInitUnicodeString(&Password,
|
||||||
|
lpszPassword);
|
||||||
|
|
||||||
|
AuthInfoLength = sizeof(MSV1_0_INTERACTIVE_LOGON)+
|
||||||
|
DomainName.MaximumLength +
|
||||||
|
UserName.MaximumLength +
|
||||||
|
Password.MaximumLength;
|
||||||
|
|
||||||
|
AuthInfo = RtlAllocateHeap(RtlGetProcessHeap(),
|
||||||
|
HEAP_ZERO_MEMORY,
|
||||||
|
AuthInfoLength);
|
||||||
|
if (AuthInfo == NULL)
|
||||||
|
{
|
||||||
|
Status = STATUS_INSUFFICIENT_RESOURCES;
|
||||||
|
goto done;
|
||||||
|
}
|
||||||
|
|
||||||
|
AuthInfo->MessageType = MsV1_0InteractiveLogon;
|
||||||
|
|
||||||
|
Ptr = (ULONG_PTR)AuthInfo + sizeof(MSV1_0_INTERACTIVE_LOGON);
|
||||||
|
|
||||||
|
AuthInfo->LogonDomainName.Length = DomainName.Length;
|
||||||
|
AuthInfo->LogonDomainName.MaximumLength = DomainName.MaximumLength;
|
||||||
|
AuthInfo->LogonDomainName.Buffer = (DomainName.Buffer == NULL) ? NULL : (PWCHAR)Ptr;
|
||||||
|
if (DomainName.MaximumLength > 0)
|
||||||
|
{
|
||||||
|
RtlCopyMemory(AuthInfo->LogonDomainName.Buffer,
|
||||||
|
DomainName.Buffer,
|
||||||
|
DomainName.MaximumLength);
|
||||||
|
|
||||||
|
Ptr += DomainName.MaximumLength;
|
||||||
|
}
|
||||||
|
|
||||||
|
AuthInfo->UserName.Length = UserName.Length;
|
||||||
|
AuthInfo->UserName.MaximumLength = UserName.MaximumLength;
|
||||||
|
AuthInfo->UserName.Buffer = (PWCHAR)Ptr;
|
||||||
|
if (UserName.MaximumLength > 0)
|
||||||
|
RtlCopyMemory(AuthInfo->UserName.Buffer,
|
||||||
|
UserName.Buffer,
|
||||||
|
UserName.MaximumLength);
|
||||||
|
|
||||||
|
Ptr += UserName.MaximumLength;
|
||||||
|
|
||||||
|
AuthInfo->Password.Length = Password.Length;
|
||||||
|
AuthInfo->Password.MaximumLength = Password.MaximumLength;
|
||||||
|
AuthInfo->Password.Buffer = (PWCHAR)Ptr;
|
||||||
|
if (Password.MaximumLength > 0)
|
||||||
|
RtlCopyMemory(AuthInfo->Password.Buffer,
|
||||||
|
Password.Buffer,
|
||||||
|
Password.MaximumLength);
|
||||||
|
|
||||||
|
/* Create the Logon SID*/
|
||||||
|
AllocateLocallyUniqueId(&LogonId);
|
||||||
|
Status = RtlAllocateAndInitializeSid(&SystemAuthority,
|
||||||
|
SECURITY_LOGON_IDS_RID_COUNT,
|
||||||
|
SECURITY_LOGON_IDS_RID,
|
||||||
|
LogonId.HighPart,
|
||||||
|
LogonId.LowPart,
|
||||||
|
SECURITY_NULL_RID,
|
||||||
|
SECURITY_NULL_RID,
|
||||||
|
SECURITY_NULL_RID,
|
||||||
|
SECURITY_NULL_RID,
|
||||||
|
SECURITY_NULL_RID,
|
||||||
|
&LogonSid);
|
||||||
|
if (!NT_SUCCESS(Status))
|
||||||
|
goto done;
|
||||||
|
|
||||||
|
/* Create the Local SID*/
|
||||||
|
Status = RtlAllocateAndInitializeSid(&LocalAuthority,
|
||||||
|
1,
|
||||||
|
SECURITY_LOCAL_RID,
|
||||||
|
SECURITY_NULL_RID,
|
||||||
|
SECURITY_NULL_RID,
|
||||||
|
SECURITY_NULL_RID,
|
||||||
|
SECURITY_NULL_RID,
|
||||||
|
SECURITY_NULL_RID,
|
||||||
|
SECURITY_NULL_RID,
|
||||||
|
SECURITY_NULL_RID,
|
||||||
|
&LocalSid);
|
||||||
|
if (!NT_SUCCESS(Status))
|
||||||
|
goto done;
|
||||||
|
|
||||||
|
/* Allocate and set the token groups */
|
||||||
|
TokenGroups = RtlAllocateHeap(RtlGetProcessHeap(),
|
||||||
|
HEAP_ZERO_MEMORY,
|
||||||
|
sizeof(TOKEN_GROUPS) + ((2 - ANYSIZE_ARRAY) * sizeof(SID_AND_ATTRIBUTES)));
|
||||||
|
if (TokenGroups == NULL)
|
||||||
|
{
|
||||||
|
Status = STATUS_INSUFFICIENT_RESOURCES;
|
||||||
|
goto done;
|
||||||
|
}
|
||||||
|
|
||||||
|
TokenGroups->GroupCount = 2;
|
||||||
|
TokenGroups->Groups[0].Sid = LogonSid;
|
||||||
|
TokenGroups->Groups[0].Attributes = SE_GROUP_MANDATORY | SE_GROUP_ENABLED |
|
||||||
|
SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_LOGON_ID;
|
||||||
|
TokenGroups->Groups[1].Sid = LocalSid;
|
||||||
|
TokenGroups->Groups[1].Attributes = SE_GROUP_MANDATORY | SE_GROUP_ENABLED |
|
||||||
|
SE_GROUP_ENABLED_BY_DEFAULT;
|
||||||
|
|
||||||
|
/* Set the token source */
|
||||||
|
strcpy(TokenSource.SourceName, "LogonUser");
|
||||||
|
AllocateLocallyUniqueId(&TokenSource.SourceIdentifier);
|
||||||
|
|
||||||
|
Status = LsaLogonUser(LsaHandle,
|
||||||
|
&OriginName,
|
||||||
|
Interactive,
|
||||||
|
AuthenticationPackage,
|
||||||
|
(PVOID)AuthInfo,
|
||||||
|
AuthInfoLength,
|
||||||
|
TokenGroups,
|
||||||
|
&TokenSource,
|
||||||
|
(PVOID*)&ProfileBuffer,
|
||||||
|
&ProfileBufferLength,
|
||||||
|
&Luid,
|
||||||
|
&TokenHandle,
|
||||||
|
&QuotaLimits,
|
||||||
|
&SubStatus);
|
||||||
|
if (!NT_SUCCESS(Status))
|
||||||
|
{
|
||||||
|
ERR("LsaLogonUser failed (Status 0x%08lx)\n", Status);
|
||||||
|
goto done;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (ProfileBuffer != NULL)
|
||||||
|
{
|
||||||
|
TRACE("ProfileBuffer: %p\n", ProfileBuffer);
|
||||||
|
TRACE("MessageType: %u\n", ProfileBuffer->MessageType);
|
||||||
|
|
||||||
|
TRACE("FullName: %p\n", ProfileBuffer->FullName.Buffer);
|
||||||
|
TRACE("FullName: %S\n", ProfileBuffer->FullName.Buffer);
|
||||||
|
|
||||||
|
TRACE("LogonServer: %p\n", ProfileBuffer->LogonServer.Buffer);
|
||||||
|
TRACE("LogonServer: %S\n", ProfileBuffer->LogonServer.Buffer);
|
||||||
|
}
|
||||||
|
|
||||||
|
TRACE("Luid: 0x%08lx%08lx\n", Luid.HighPart, Luid.LowPart);
|
||||||
|
|
||||||
|
if (TokenHandle != NULL)
|
||||||
|
{
|
||||||
|
TRACE("TokenHandle: %p\n", TokenHandle);
|
||||||
|
}
|
||||||
|
|
||||||
|
*phToken = TokenHandle;
|
||||||
|
|
||||||
|
done:
|
||||||
|
if (ProfileBuffer != NULL)
|
||||||
|
LsaFreeReturnBuffer(ProfileBuffer);
|
||||||
|
|
||||||
|
if (!NT_SUCCESS(Status))
|
||||||
|
{
|
||||||
|
if (TokenHandle != NULL)
|
||||||
|
CloseHandle(TokenHandle);
|
||||||
|
}
|
||||||
|
|
||||||
|
if (TokenGroups != NULL)
|
||||||
|
RtlFreeHeap(RtlGetProcessHeap(), 0, TokenGroups);
|
||||||
|
|
||||||
|
if (LocalSid != NULL)
|
||||||
|
RtlFreeSid(LocalSid);
|
||||||
|
|
||||||
|
if (LogonSid != NULL)
|
||||||
|
RtlFreeSid(LogonSid);
|
||||||
|
|
||||||
|
if (AuthInfo != NULL)
|
||||||
|
RtlFreeHeap(RtlGetProcessHeap(), 0, AuthInfo);
|
||||||
|
|
||||||
|
if (!NT_SUCCESS(Status))
|
||||||
|
{
|
||||||
|
SetLastError(RtlNtStatusToDosError(Status));
|
||||||
|
return FALSE;
|
||||||
|
}
|
||||||
|
|
||||||
|
return TRUE;
|
||||||
|
}
|
||||||
|
|
||||||
/* EOF */
|
/* EOF */
|
||||||
|
|
|
||||||
|
|
@ -594,6 +594,7 @@ DuplicationString(PWSTR Str)
|
||||||
|
|
||||||
BOOL
|
BOOL
|
||||||
DoAdminUnlock(
|
DoAdminUnlock(
|
||||||
|
IN PGINA_CONTEXT pgContext,
|
||||||
IN PWSTR UserName,
|
IN PWSTR UserName,
|
||||||
IN PWSTR Domain,
|
IN PWSTR Domain,
|
||||||
IN PWSTR Password)
|
IN PWSTR Password)
|
||||||
|
|
@ -607,12 +608,15 @@ DoAdminUnlock(
|
||||||
|
|
||||||
TRACE("(%S %S %S)\n", UserName, Domain, Password);
|
TRACE("(%S %S %S)\n", UserName, Domain, Password);
|
||||||
|
|
||||||
if (!LogonUserW(UserName,
|
if (!ConnectToLsa(pgContext))
|
||||||
Domain,
|
return FALSE;
|
||||||
Password,
|
|
||||||
LOGON32_LOGON_INTERACTIVE,
|
if (!MyLogonUser(pgContext->LsaHandle,
|
||||||
LOGON32_PROVIDER_DEFAULT,
|
pgContext->AuthenticationPackage,
|
||||||
&hToken))
|
UserName,
|
||||||
|
Domain,
|
||||||
|
Password,
|
||||||
|
&pgContext->UserToken))
|
||||||
{
|
{
|
||||||
WARN("LogonUserW() failed\n");
|
WARN("LogonUserW() failed\n");
|
||||||
return FALSE;
|
return FALSE;
|
||||||
|
|
@ -683,10 +687,15 @@ DoLoginTasks(
|
||||||
DWORD dwLength;
|
DWORD dwLength;
|
||||||
BOOL bResult;
|
BOOL bResult;
|
||||||
|
|
||||||
if (!LogonUserW(UserName, Domain, Password,
|
if (!ConnectToLsa(pgContext))
|
||||||
LOGON32_LOGON_INTERACTIVE,
|
return FALSE;
|
||||||
LOGON32_PROVIDER_DEFAULT,
|
|
||||||
&pgContext->UserToken))
|
if (!MyLogonUser(pgContext->LsaHandle,
|
||||||
|
pgContext->AuthenticationPackage,
|
||||||
|
UserName,
|
||||||
|
Domain,
|
||||||
|
Password,
|
||||||
|
&pgContext->UserToken))
|
||||||
{
|
{
|
||||||
WARN("LogonUserW() failed\n");
|
WARN("LogonUserW() failed\n");
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
|
|
|
||||||
|
|
@ -90,10 +90,20 @@ BOOL
|
||||||
ConnectToLsa(
|
ConnectToLsa(
|
||||||
PGINA_CONTEXT pgContext);
|
PGINA_CONTEXT pgContext);
|
||||||
|
|
||||||
|
BOOL
|
||||||
|
MyLogonUser(
|
||||||
|
HANDLE LsaHandle,
|
||||||
|
ULONG AuthenticationPackage,
|
||||||
|
LPWSTR lpszUsername,
|
||||||
|
LPWSTR lpszDomain,
|
||||||
|
LPWSTR lpszPassword,
|
||||||
|
PHANDLE phToken);
|
||||||
|
|
||||||
/* msgina.c */
|
/* msgina.c */
|
||||||
|
|
||||||
BOOL
|
BOOL
|
||||||
DoAdminUnlock(
|
DoAdminUnlock(
|
||||||
|
IN PGINA_CONTEXT pgContext,
|
||||||
IN PWSTR UserName,
|
IN PWSTR UserName,
|
||||||
IN PWSTR Domain,
|
IN PWSTR Domain,
|
||||||
IN PWSTR Password);
|
IN PWSTR Password);
|
||||||
|
|
|
||||||
|
|
@ -233,14 +233,20 @@ TUILockedSAS(
|
||||||
if (!ReadString(IDS_ASKFORPASSWORD, Password, 256, FALSE))
|
if (!ReadString(IDS_ASKFORPASSWORD, Password, 256, FALSE))
|
||||||
return WLX_SAS_ACTION_NONE;
|
return WLX_SAS_ACTION_NONE;
|
||||||
|
|
||||||
if (!LogonUserW(UserName, NULL, Password,
|
if (!ConnectToLsa(pgContext))
|
||||||
LOGON32_LOGON_UNLOCK,
|
return WLX_SAS_ACTION_NONE;
|
||||||
LOGON32_PROVIDER_DEFAULT,
|
|
||||||
&hToken))
|
if (!MyLogonUser(pgContext->LsaHandle,
|
||||||
|
pgContext->AuthenticationPackage,
|
||||||
|
UserName,
|
||||||
|
NULL,
|
||||||
|
Password,
|
||||||
|
&hToken))
|
||||||
{
|
{
|
||||||
TRACE("LogonUserW() failed\n");
|
WARN("LogonUserW() failed\n");
|
||||||
return WLX_SAS_ACTION_NONE;
|
return WLX_SAS_ACTION_NONE;
|
||||||
}
|
}
|
||||||
|
|
||||||
CloseHandle(hToken);
|
CloseHandle(hToken);
|
||||||
return WLX_SAS_ACTION_UNLOCK_WKSTA;
|
return WLX_SAS_ACTION_UNLOCK_WKSTA;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue