[ros-diffs] [ekohl] 58303: [LSALIB/LSASRV] Make the call sequence LsaRegisterLogonProcess, LsaLookupAuthenticationPackage, LsaDeregisterLogonProcess work without failures or loss of connection. WIP.

Author: ekohl Date: Sat Feb 9 22:56:26 2013 New Revision: 58303 URL: http://svn.reactos.org/svn/reactos?rev=58303&view=rev Log: [LSALIB/LSASRV] Make the call sequence LsaRegisterLogonProcess, LsaLookupAuthenticationPackage, LsaDeregisterLogonProcess work without failures or loss of connection. WIP. Modified: trunk/reactos/dll/win32/lsasrv/authport.c trunk/reactos/include/reactos/subsys/lsass/lsass.h trunk/reactos/lib/lsalib/lsa.c Modified: trunk/reactos/dll/win32/lsasrv/authport.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/lsasrv/authport.… ============================================================================== --- trunk/reactos/dll/win32/lsasrv/authport.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/lsasrv/authport.c [iso-8859-1] Sat Feb 9 22:56:26 2013 @@ -20,16 +20,26 @@ /* FUNCTIONS ***************************************************************/ +static NTSTATUS +LsapLookupAuthenticationPackage(PLSA_API_MSG RequestMsg) +{ + RequestMsg->LookupAuthenticationPackage.Reply.Package = 0x12345678; + + return STATUS_SUCCESS; +} + + NTSTATUS WINAPI AuthPortThreadRoutine(PVOID Param) { - LSASS_REQUEST Request; - PPORT_MESSAGE Reply = NULL; + PLSA_API_MSG ReplyMsg = NULL; + LSA_API_MSG RequestMsg; NTSTATUS Status; HANDLE ConnectionHandle = NULL; PVOID Context = NULL; BOOLEAN Accept; + REMOTE_PORT_VIEW RemotePortView; TRACE("AuthPortThreadRoutine() called\n"); @@ -39,8 +49,8 @@ { Status = NtReplyWaitReceivePort(AuthPortHandle, 0, - Reply, - &Request.Header); + &ReplyMsg->h, + &RequestMsg.h); if (!NT_SUCCESS(Status)) { TRACE("NtReplyWaitReceivePort() failed (Status %lx)\n", Status); @@ -49,42 +59,62 @@ TRACE("Received message\n"); - if (Request.Header.u2.s2.Type == LPC_CONNECTION_REQUEST) + switch (RequestMsg.h.u2.s2.Type) { - TRACE("Port connection request\n"); + case LPC_CONNECTION_REQUEST: + TRACE("Port connection request\n"); - Accept = TRUE; - NtAcceptConnectPort(&ConnectionHandle, - &Context, - &Request.Header, - Accept, - NULL, - NULL); + RemotePortView.Length = sizeof(REMOTE_PORT_VIEW); + Accept = TRUE; + Status = NtAcceptConnectPort(&ConnectionHandle, + &Context, + &RequestMsg.h, + Accept, + NULL, + &RemotePortView); + if (!NT_SUCCESS(Status)) + { + ERR("NtAcceptConnectPort failed (Status 0x%lx)\n", Status); + return Status; + } - NtCompleteConnectPort(ConnectionHandle); + Status = NtCompleteConnectPort(ConnectionHandle); + if (!NT_SUCCESS(Status)) + { + ERR("NtCompleteConnectPort failed (Status 0x%lx)\n", Status); + return Status; + } - } - else if (Request.Header.u2.s2.Type == LPC_PORT_CLOSED || - Request.Header.u2.s2.Type == LPC_CLIENT_DIED) - { - TRACE("Port closed or client died request\n"); + ReplyMsg = NULL; + break; -// return STATUS_UNSUCCESSFUL; - } - else if (Request.Header.u2.s2.Type == LPC_REQUEST) - { - TRACE("Received request (Type: %lu)\n", Request.Type); + case LPC_PORT_CLOSED: + TRACE("Port closed\n"); + ReplyMsg = NULL; + break; - } - else if (Request.Header.u2.s2.Type == LPC_DATAGRAM) - { - TRACE("Received datagram\n"); + case LPC_CLIENT_DIED: + TRACE("Client died\n"); + ReplyMsg = NULL; + break; + default: + TRACE("Received request (ApiNumber: %lu)\n", RequestMsg.ApiNumber); + + if (RequestMsg.ApiNumber == LSASS_REQUEST_LOOKUP_AUTHENTICATION_PACKAGE) + { + RequestMsg.Status = LsapLookupAuthenticationPackage(&RequestMsg); + } + else + RequestMsg.Status = STATUS_SUCCESS; + + ReplyMsg = &RequestMsg; + break; } } - return Status; + return STATUS_SUCCESS; } @@ -107,9 +137,9 @@ Status = NtCreatePort(&AuthPortHandle, &ObjectAttributes, - 0, - 0x100, - 0x2000); + sizeof(LSA_CONNECTION_INFO), + sizeof(LSA_API_MSG), + sizeof(LSA_API_MSG) * 32); if (!NT_SUCCESS(Status)) { TRACE("NtCreatePort() failed (Status %lx)\n", Status); Modified: trunk/reactos/include/reactos/subsys/lsass/lsass.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/include/reactos/subsys/lsa… ============================================================================== --- trunk/reactos/include/reactos/subsys/lsass/lsass.h [iso-8859-1] (original) +++ trunk/reactos/include/reactos/subsys/lsass/lsass.h [iso-8859-1] Sat Feb 9 22:56:26 2013 @@ -14,14 +14,19 @@ #include <ntsecapi.h> #define LSASS_MAX_LOGON_PROCESS_NAME_LENGTH 127 - -#define LSASS_REQUEST_REGISTER_LOGON_PROCESS (1) -#define LSASS_REQUEST_CALL_AUTHENTICATION_PACKAGE (2) -#define LSASS_REQUEST_DEREGISTER_LOGON_PROCESS (3) -#define LSASS_REQUEST_LOGON_USER (4) -#define LSASS_REQUEST_LOOKUP_AUTHENTICATION_PACKAGE (5) -#define LSASS_REQUEST_MAXIMUM (6) - +#define LSASS_MAX_PACKAGE_NAME_LENGTH 127 + +typedef enum _LSA_API_NUMBER +{ + LSASS_REQUEST_REGISTER_LOGON_PROCESS, + LSASS_REQUEST_CALL_AUTHENTICATION_PACKAGE, + LSASS_REQUEST_DEREGISTER_LOGON_PROCESS, + LSASS_REQUEST_LOGON_USER, + LSASS_REQUEST_LOOKUP_AUTHENTICATION_PACKAGE, + LSASS_REQUEST_MAXIMUM +} LSA_API_NUMBER, *PLSA_API_NUMBER; + +#if 0 typedef struct _LSASS_LOOKUP_AUTHENTICATION_PACKAGE_REQUEST { ULONG PackageNameLength; @@ -46,6 +51,7 @@ ULONG Dummy; } LSASS_DEREGISTER_LOGON_PROCESS_REPLY, *PLSASS_DEREGISTER_LOGON_PROCESS_REPLY; +#endif typedef struct _LSASS_CALL_AUTHENTICATION_PACKAGE_REQUEST { @@ -87,6 +93,7 @@ UCHAR Data[1]; } LSASS_LOGON_USER_REPLY, *PLSASS_LOGON_USER_REPLY; +#if 0 typedef struct _LSASS_REGISTER_LOGON_PROCESS_REQUEST { ULONG Length; @@ -97,17 +104,17 @@ { LSA_OPERATIONAL_MODE OperationalMode; } LSASS_REGISTER_LOGON_PROCESS_REPLY, *PLSASS_REGISTER_LOGON_PROCESS_REPLY; - - -typedef struct _LSASS_CONNECT_DATA +#endif + +typedef struct _LSA_CONNECTION_INFO { NTSTATUS Status; LSA_OPERATIONAL_MODE OperationalMode; ULONG Length; CHAR LogonProcessNameBuffer[LSASS_MAX_LOGON_PROCESS_NAME_LENGTH + 1]; -} LSASS_CONNECT_DATA, *PLSASS_CONNECT_DATA; - - +} LSA_CONNECTION_INFO, *PLSA_CONNECTION_INFO; + +#if 0 typedef union _LSASS_REQUEST { PORT_MESSAGE Header; @@ -141,5 +148,77 @@ LookupAuthenticationPackageReply; } d; } LSASS_REPLY, *PLSASS_REPLY; +#endif + + +typedef struct _LSA_REGISTER_LOGON_PROCESS_MSG +{ + union + { + struct + { + ULONG Length; + CHAR LogonProcessNameBuffer[LSASS_MAX_LOGON_PROCESS_NAME_LENGTH + 1]; + } Request; + struct + { + LSA_OPERATIONAL_MODE OperationalMode; + } Reply; + }; +} LSA_REGISTER_LOGON_PROCESS_MSG, *PLSA_REGISTER_LOGON_PROCESS_MSG; + + +typedef struct _LSA_DEREGISTER_LOGON_PROCESS_MSG +{ + union + { + struct + { + ULONG Dummy; + } Request; + struct + { + ULONG Dummy; + } Reply; + }; +} LSA_DEREGISTER_LOGON_PROCESS_MSG, *PLSA_DEREGISTER_LOGON_PROCESS_MSG; + + +typedef struct _LSA_LOOKUP_AUTHENTICATION_PACKAGE_MSG +{ + union + { + struct + { + ULONG PackageNameLength; + CHAR PackageName[LSASS_MAX_PACKAGE_NAME_LENGTH + 1]; + } Request; + struct + { + ULONG Package; + } Reply; + }; +} LSA_LOOKUP_AUTHENTICATION_PACKAGE_MSG, *PLSA_LOOKUP_AUTHENTICATION_PACKAGE_MSG; + +typedef struct _LSA_API_MSG +{ + PORT_MESSAGE h; + struct + { + LSA_API_NUMBER ApiNumber; + NTSTATUS Status; + union + { + LSA_REGISTER_LOGON_PROCESS_MSG RegisterLogonProcess; +// LSA_LOGON_USER_MSG LogonUser; +// LSA_CALL_AUTHENTICATION_PACKAGE_MSG CallAuthenticationPackage; + LSA_DEREGISTER_LOGON_PROCESS_MSG DeregisterLogonProcess; + LSA_LOOKUP_AUTHENTICATION_PACKAGE_MSG LookupAuthenticationPackage; + }; + }; +} LSA_API_MSG, *PLSA_API_MSG; + +#define LSA_PORT_DATA_SIZE(c) (sizeof(ULONG)+sizeof(NTSTATUS)+sizeof(c)) +#define LSA_PORT_MESSAGE_SIZE (sizeof(LSA_API_MSG)) #endif /* __INCLUDE_LSASS_LSASS_H */ Modified: trunk/reactos/lib/lsalib/lsa.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/lib/lsalib/lsa.c?rev=58303… ============================================================================== --- trunk/reactos/lib/lsalib/lsa.c [iso-8859-1] (original) +++ trunk/reactos/lib/lsalib/lsa.c [iso-8859-1] Sat Feb 9 22:56:26 2013 @@ -12,6 +12,7 @@ #include <ndk/lpctypes.h> #include <ndk/lpcfuncs.h> #include <ndk/rtlfuncs.h> +#include <ndk/obfuncs.h> #include <psdk/ntsecapi.h> #include <lsass/lsass.h> @@ -30,25 +31,34 @@ NTSTATUS WINAPI LsaDeregisterLogonProcess(HANDLE LsaHandle) { - LSASS_REQUEST Request; - LSASS_REPLY Reply; + LSA_API_MSG ApiMessage; NTSTATUS Status; - Request.Header.u1.s1.DataLength = 0; - Request.Header.u1.s1.TotalLength = sizeof(LSASS_REQUEST); - Request.Type = LSASS_REQUEST_DEREGISTER_LOGON_PROCESS; + DPRINT1("LsaDeregisterLogonProcess()\n"); + + ApiMessage.ApiNumber = LSASS_REQUEST_DEREGISTER_LOGON_PROCESS; + ApiMessage.h.u1.s1.DataLength = LSA_PORT_DATA_SIZE(ApiMessage.DeregisterLogonProcess.Request); + ApiMessage.h.u1.s1.TotalLength = LSA_PORT_MESSAGE_SIZE; + ApiMessage.h.u2.ZeroInit = 0; + Status = ZwRequestWaitReplyPort(LsaHandle, - &Request.Header, - &Reply.Header); - if (!NT_SUCCESS(Status)) - { - return Status; - } - - if (!NT_SUCCESS(Reply.Status)) - { - return Reply.Status; - } + (PPORT_MESSAGE)&ApiMessage, + (PPORT_MESSAGE)&ApiMessage); + if (!NT_SUCCESS(Status)) + { + DPRINT1("ZwRequestWaitReplyPort() failed (Status 0x%08lx)\n", Status); + return Status; + } + + if (!NT_SUCCESS(ApiMessage.Status)) + { + DPRINT1("ZwRequestWaitReplyPort() failed (ApiMessage.Status 0x%08lx)\n", ApiMessage.Status); + return ApiMessage.Status; + } + + NtClose(LsaHandle); + + DPRINT1("LsaDeregisterLogonProcess() done (Status 0x%08lx)\n", Status); return Status; } @@ -77,6 +87,7 @@ PULONG ReturnBufferLength, PNTSTATUS ProtocolStatus) { +#if 0 PLSASS_REQUEST Request; PLSASS_REPLY Reply; LSASS_REQUEST RawRequest; @@ -123,6 +134,9 @@ *ReturnBufferLength); return Status; +#endif + return 0; + } @@ -144,34 +158,42 @@ PLSA_STRING PackageName, PULONG AuthenticationPackage) { + LSA_API_MSG ApiMessage; NTSTATUS Status; - PLSASS_REQUEST Request; - LSASS_REQUEST RawRequest; - LSASS_REPLY Reply; - - Request = (PLSASS_REQUEST)&RawRequest; - Request->Header.u1.s1.DataLength = sizeof(LSASS_REQUEST) + PackageName->Length - - sizeof(PORT_MESSAGE); - Request->Header.u1.s1.TotalLength = Request->Header.u1.s1.DataLength + - sizeof(PORT_MESSAGE); - Request->Type = LSASS_REQUEST_LOOKUP_AUTHENTICATION_PACKAGE; + + /* Check the package name length */ + if (PackageName->Length > LSASS_MAX_PACKAGE_NAME_LENGTH) + { + return STATUS_NAME_TOO_LONG; + } + + ApiMessage.ApiNumber = LSASS_REQUEST_LOOKUP_AUTHENTICATION_PACKAGE; + ApiMessage.h.u1.s1.DataLength = LSA_PORT_DATA_SIZE(ApiMessage.LookupAuthenticationPackage.Request); + ApiMessage.h.u1.s1.TotalLength = LSA_PORT_MESSAGE_SIZE; + ApiMessage.h.u2.ZeroInit = 0; + + ApiMessage.LookupAuthenticationPackage.Request.PackageNameLength = PackageName->Length; + strncpy(ApiMessage.LookupAuthenticationPackage.Request.PackageName, + PackageName->Buffer, + ApiMessage.LookupAuthenticationPackage.Request.PackageNameLength); + ApiMessage.LookupAuthenticationPackage.Request.PackageName[ApiMessage.LookupAuthenticationPackage.Request.PackageNameLength] = '\0'; Status = ZwRequestWaitReplyPort(LsaHandle, - &Request->Header, - &Reply.Header); - if (!NT_SUCCESS(Status)) - { - return Status; - } - - if (!NT_SUCCESS(Reply.Status)) - { - return Reply.Status; - } - - *AuthenticationPackage = Reply.d.LookupAuthenticationPackageReply.Package; - - return Reply.Status; + (PPORT_MESSAGE)&ApiMessage, + (PPORT_MESSAGE)&ApiMessage); + if (!NT_SUCCESS(Status)) + { + return Status; + } + + if (!NT_SUCCESS(ApiMessage.Status)) + { + return ApiMessage.Status; + } + + *AuthenticationPackage = ApiMessage.LookupAuthenticationPackage.Reply.Package; + + return Status; } @@ -194,6 +216,7 @@ PQUOTA_LIMITS Quotas, PNTSTATUS SubStatus) { +#if 0 ULONG RequestLength; ULONG CurrentLength; PLSASS_REQUEST Request; @@ -276,6 +299,8 @@ sizeof(Reply->d.LogonUserReply.Quotas)); return Status; +#endif + return 0; } @@ -289,25 +314,27 @@ { UNICODE_STRING PortName; // = RTL_CONSTANT_STRING(L"\\LsaAuthenticationPort"); SECURITY_QUALITY_OF_SERVICE SecurityQos; - ULONG ConnectInfoLength; + LSA_CONNECTION_INFO ConnectInfo; + ULONG ConnectInfoLength = sizeof(ConnectInfo); + LSA_API_MSG ApiMessage; + HANDLE PortHandle = NULL; NTSTATUS Status; - LSASS_CONNECT_DATA ConnectInfo; -// LSASS_REQUEST Request; -// LSASS_REPLY Reply; + + DPRINT1("LsaRegisterLogonProcess()\n"); /* Check the logon process name length */ if (LsaLogonProcessName->Length > LSASS_MAX_LOGON_PROCESS_NAME_LENGTH) return STATUS_NAME_TOO_LONG; + *Handle = NULL; + RtlInitUnicodeString(&PortName, L"\\LsaAuthenticationPort"); - SecurityQos.Length = sizeof (SecurityQos); + SecurityQos.Length = sizeof(SecurityQos); SecurityQos.ImpersonationLevel = SecurityIdentification; SecurityQos.ContextTrackingMode = SECURITY_DYNAMIC_TRACKING; SecurityQos.EffectiveOnly = TRUE; - - ConnectInfoLength = sizeof(LSASS_CONNECT_DATA); strncpy(ConnectInfo.LogonProcessNameBuffer, LsaLogonProcessName->Buffer, @@ -315,7 +342,7 @@ ConnectInfo.Length = LsaLogonProcessName->Length; ConnectInfo.LogonProcessNameBuffer[ConnectInfo.Length] = '\0'; - Status = ZwConnectPort(Handle, + Status = ZwConnectPort(&PortHandle, &PortName, &SecurityQos, NULL, @@ -325,42 +352,43 @@ &ConnectInfoLength); if (!NT_SUCCESS(Status)) { - return Status; - } + DPRINT1("ZwConnectPort failed (Status 0x%08lx)\n", Status); + return Status; + } + + ApiMessage.ApiNumber = LSASS_REQUEST_REGISTER_LOGON_PROCESS; + ApiMessage.h.u1.s1.DataLength = LSA_PORT_DATA_SIZE(ApiMessage.RegisterLogonProcess.Request); + ApiMessage.h.u1.s1.TotalLength = LSA_PORT_MESSAGE_SIZE; + ApiMessage.h.u2.ZeroInit = 0; + + ApiMessage.RegisterLogonProcess.Request.Length = LsaLogonProcessName->Length; + memcpy(ApiMessage.RegisterLogonProcess.Request.LogonProcessNameBuffer, + LsaLogonProcessName->Buffer, + ApiMessage.RegisterLogonProcess.Request.Length); + + Status = ZwRequestWaitReplyPort(PortHandle, + (PPORT_MESSAGE)&ApiMessage, + (PPORT_MESSAGE)&ApiMessage); + if (!NT_SUCCESS(Status)) + { + DPRINT1("ZwRequestWaitReplyPort failed (Status 0x%08lx)\n", Status); + NtClose(PortHandle); + return Status; + } + + if (!NT_SUCCESS(ApiMessage.Status)) + { + DPRINT1("ZwRequestWaitReplyPort failed (ApiMessage.Status 0x%08lx)\n", ApiMessage.Status); + NtClose(PortHandle); + return ApiMessage.Status; + } + + *Handle = PortHandle; + *OperationalMode = ApiMessage.RegisterLogonProcess.Reply.OperationalMode; + + DPRINT1("LsaRegisterLogonProcess() done (Status 0x%08lx)\n", Status); return Status; -#if 0 - Request.Type = LSASS_REQUEST_REGISTER_LOGON_PROCESS; - Request.Header.u1.s1.DataLength = sizeof(LSASS_REQUEST) - - sizeof(PORT_MESSAGE); - Request.Header.u1.s1.TotalLength = sizeof(LSASS_REQUEST); - - Request.d.RegisterLogonProcessRequest.Length = LsaLogonProcessName->Length; - memcpy(Request.d.RegisterLogonProcessRequest.LogonProcessNameBuffer, - LsaLogonProcessName->Buffer, - Request.d.RegisterLogonProcessRequest.Length); - - Status = ZwRequestWaitReplyPort(*Handle, - &Request.Header, - &Reply.Header); - if (!NT_SUCCESS(Status)) - { -// NtClose(*Handle); -// *Handle = NULL; - return Status; - } - - if (!NT_SUCCESS(Reply.Status)) - { -// NtClose(*Handle); -// *Handle = NULL; - return Status; - } - - *OperationalMode = Reply.d.RegisterLogonProcessReply.OperationalMode; - - return Reply.Status; -#endif }