Author: ekohl
Date: Wed Oct 30 21:19:03 2013
New Revision: 60800
URL:
http://svn.reactos.org/svn/reactos?rev=60800&view=rev
Log:
[ADVAPI32]
Enable the new SAM-based logon system.
Using your own accounts to log-on to ReactOS will still fail because of bugs in winlogon,
userenv.dll and the registry. But at least the infrastructure is in place and we can start
to fix the reamining bugs. All accounts still use a hard-coded privilege set, but this
will be fixed as soon as possible.
Modified:
trunk/reactos/boot/bootdata/hivesft.inf
trunk/reactos/dll/win32/advapi32/CMakeLists.txt
trunk/reactos/dll/win32/advapi32/misc/logon.c
Modified: trunk/reactos/boot/bootdata/hivesft.inf
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/boot/bootdata/hivesft.inf?…
==============================================================================
--- trunk/reactos/boot/bootdata/hivesft.inf [iso-8859-1] (original)
+++ trunk/reactos/boot/bootdata/hivesft.inf [iso-8859-1] Wed Oct 30 21:19:03 2013
@@ -324,7 +324,7 @@
"81d", "125",\
"422", "125",\
"402", "125",\
- "427", "125",\
+ "427", "125",\
"408", "130",\
"41f", "130",\
"418", "130",\
@@ -1067,7 +1067,8 @@
HKLM,"SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon","Userinit",0x00020000,"%SystemRoot%\system32\userinit.exe"
HKLM,"SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon","AutoAdminLogon",0x00000000,"1"
HKLM,"SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon","DefaultUserName",0x00000000,"Administrator"
-HKLM,"SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon","DefaultPassword",0x00000000,"Secret"
+;HKLM,"SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon","DefaultPassword",0x00000000,"Secret"
+HKLM,"SOFTWARE\Microsoft\Windows
NT\CurrentVersion\Winlogon","DefaultPassword",0x00000000,""
; Time Zone Servers
HKLM,"SOFTWARE\Microsoft\Windows\CurrentVersion\DateTime\Servers","1",0x00000000,"pool.ntp.org"
Modified: trunk/reactos/dll/win32/advapi32/CMakeLists.txt
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/advapi32/CMakeLi…
==============================================================================
--- trunk/reactos/dll/win32/advapi32/CMakeLists.txt [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/advapi32/CMakeLists.txt [iso-8859-1] Wed Oct 30 21:19:03 2013
@@ -58,7 +58,7 @@
set_module_type(advapi32 win32dll UNICODE)
target_link_libraries(advapi32 wine ${PSEH_LIB})
add_delay_importlibs(advapi32 rpcrt4)
-add_importlibs(advapi32 msvcrt kernel32 ntdll)
+add_importlibs(advapi32 secur32 msvcrt kernel32 ntdll)
add_pch(advapi32 advapi32.h
${CMAKE_CURRENT_BINARY_DIR}/lsa_c.h
Modified: trunk/reactos/dll/win32/advapi32/misc/logon.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/advapi32/misc/lo…
==============================================================================
--- trunk/reactos/dll/win32/advapi32/misc/logon.c [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/advapi32/misc/logon.c [iso-8859-1] Wed Oct 30 21:19:03 2013
@@ -9,6 +9,7 @@
#include <advapi32.h>
WINE_DEFAULT_DEBUG_CHANNEL(advapi);
+#define NEW_LOGON
/* FUNCTIONS ***************************************************************/
@@ -212,6 +213,7 @@
}
+#ifndef NEW_LOGON
static BOOL WINAPI
GetAccountDomainSid(PSID *Sid)
{
@@ -565,6 +567,7 @@
RtlFreeHeap(GetProcessHeap(), 0, TokenGroups);
}
+#endif
/*
@@ -578,6 +581,196 @@
DWORD dwLogonProvider,
PHANDLE phToken)
{
+#ifdef NEW_LOGON
+ LSA_STRING LogonProcessName;
+ LSA_STRING PackageName;
+ HANDLE LsaHandle = NULL;
+ LSA_OPERATIONAL_MODE SecurityMode = 0;
+ ULONG AuthenticationPackage = 0;
+
+ LSA_STRING OriginName;
+ UNICODE_STRING DomainName;
+ UNICODE_STRING UserName;
+ UNICODE_STRING Password;
+ PMSV1_0_INTERACTIVE_LOGON AuthInfo = NULL;
+ ULONG AuthInfoLength;
+ ULONG_PTR Ptr;
+ TOKEN_SOURCE TokenSource;
+
+ PMSV1_0_INTERACTIVE_PROFILE ProfileBuffer = NULL;
+ ULONG ProfileBufferLength = 0;
+ LUID Luid = {0, 0};
+ HANDLE TokenHandle = NULL;
+ QUOTA_LIMITS QuotaLimits;
+ NTSTATUS SubStatus = STATUS_SUCCESS;
+ NTSTATUS Status;
+
+ *phToken = NULL;
+
+ RtlInitAnsiString((PANSI_STRING)&LogonProcessName,
+ "User32LogonProcess");
+
+ Status = LsaRegisterLogonProcess(&LogonProcessName,
+ &LsaHandle,
+ &SecurityMode);
+ if (!NT_SUCCESS(Status))
+ {
+ TRACE("LsaRegisterLogonProcess failed (Status 0x%08lx)\n", Status);
+ goto done;
+ }
+
+ RtlInitAnsiString((PANSI_STRING)&PackageName,
+ MSV1_0_PACKAGE_NAME);
+
+ Status = LsaLookupAuthenticationPackage(LsaHandle,
+ &PackageName,
+ &AuthenticationPackage);
+ if (!NT_SUCCESS(Status))
+ {
+ TRACE("LsaLookupAuthenticationPackage failed (Status 0x%08lx)\n",
Status);
+ goto done;
+ }
+
+ TRACE("AuthenticationPackage: 0x%08lx\n", AuthenticationPackage);
+
+
+ RtlInitAnsiString((PANSI_STRING)&OriginName,
+ "Testapp");
+
+ RtlInitUnicodeString(&DomainName,
+ lpszDomain);
+
+ RtlInitUnicodeString(&UserName,
+ lpszUsername);
+
+ RtlInitUnicodeString(&Password,
+ lpszPassword);
+
+ AuthInfoLength = sizeof(MSV1_0_INTERACTIVE_LOGON)+
+ DomainName.MaximumLength +
+ UserName.MaximumLength +
+ Password.MaximumLength;
+
+ AuthInfo = RtlAllocateHeap(RtlGetProcessHeap(),
+ HEAP_ZERO_MEMORY,
+ AuthInfoLength);
+ if (AuthInfo == NULL)
+ {
+ Status = STATUS_INSUFFICIENT_RESOURCES;
+ goto done;
+ }
+
+
+ AuthInfo->MessageType = MsV1_0InteractiveLogon;
+
+ Ptr = (ULONG_PTR)AuthInfo + sizeof(MSV1_0_INTERACTIVE_LOGON);
+
+ AuthInfo->LogonDomainName.Length = DomainName.Length;
+ AuthInfo->LogonDomainName.MaximumLength = DomainName.MaximumLength;
+ AuthInfo->LogonDomainName.Buffer = (DomainName.Buffer == NULL) ? NULL :
(PWCHAR)Ptr;
+ if (DomainName.MaximumLength > 0)
+ {
+ RtlCopyMemory(AuthInfo->LogonDomainName.Buffer,
+ DomainName.Buffer,
+ DomainName.MaximumLength);
+
+ Ptr += DomainName.MaximumLength;
+ }
+
+ AuthInfo->UserName.Length = UserName.Length;
+ AuthInfo->UserName.MaximumLength = UserName.MaximumLength;
+ AuthInfo->UserName.Buffer = (PWCHAR)Ptr;
+ if (UserName.MaximumLength > 0)
+ RtlCopyMemory(AuthInfo->UserName.Buffer,
+ UserName.Buffer,
+ UserName.MaximumLength);
+
+ Ptr += UserName.MaximumLength;
+
+ AuthInfo->Password.Length = Password.Length;
+ AuthInfo->Password.MaximumLength = Password.MaximumLength;
+ AuthInfo->Password.Buffer = (PWCHAR)Ptr;
+ if (Password.MaximumLength > 0)
+ RtlCopyMemory(AuthInfo->Password.Buffer,
+ Password.Buffer,
+ Password.MaximumLength);
+
+ /* FIXME: Add LocalGroups here */
+
+ strcpy(TokenSource.SourceName, "Bla");
+ AllocateLocallyUniqueId(&TokenSource.SourceIdentifier);
+
+ Status = LsaLogonUser(LsaHandle,
+ &OriginName,
+ Interactive,
+ AuthenticationPackage,
+ (PVOID)AuthInfo,
+ AuthInfoLength,
+ NULL, /* LocalGroups */
+ &TokenSource,
+ (PVOID*)&ProfileBuffer,
+ &ProfileBufferLength,
+ &Luid,
+ &TokenHandle,
+ &QuotaLimits,
+ &SubStatus);
+ if (!NT_SUCCESS(Status))
+ {
+ TRACE("LsaLogonUser failed (Status 0x%08lx)\n", Status);
+ goto done;
+ }
+
+ if (ProfileBuffer != NULL)
+ {
+ TRACE("ProfileBuffer: %p\n", ProfileBuffer);
+ TRACE("MessageType: %u\n", ProfileBuffer->MessageType);
+
+ TRACE("FullName: %p\n", ProfileBuffer->FullName.Buffer);
+ TRACE("FullName: %S\n", ProfileBuffer->FullName.Buffer);
+
+ TRACE("LogonServer: %p\n", ProfileBuffer->LogonServer.Buffer);
+ TRACE("LogonServer: %S\n", ProfileBuffer->LogonServer.Buffer);
+ }
+
+ TRACE("Luid: 0x%08lx%08lx\n", Luid.HighPart, Luid.LowPart);
+
+ if (TokenHandle != NULL)
+ {
+ TRACE("TokenHandle: %p\n", TokenHandle);
+ }
+
+ *phToken = TokenHandle;
+
+done:
+ if (ProfileBuffer != NULL)
+ LsaFreeReturnBuffer(ProfileBuffer);
+
+ if (!NT_SUCCESS(Status))
+ {
+ if (TokenHandle != NULL)
+ CloseHandle(TokenHandle);
+ }
+
+ if (AuthInfo != NULL)
+ RtlFreeHeap(RtlGetProcessHeap(), 0, AuthInfo);
+
+ if (LsaHandle != NULL)
+ {
+ Status = LsaDeregisterLogonProcess(LsaHandle);
+ if (!NT_SUCCESS(Status))
+ {
+ TRACE("LsaDeregisterLogonProcess failed (Status 0x%08lx)\n",
Status);
+ }
+ }
+
+ if (!NT_SUCCESS(Status))
+ {
+ SetLastError(RtlNtStatusToDosError(Status));
+ return FALSE;
+ }
+
+ return TRUE;
+#else
/* FIXME shouldn't use hard-coded list of privileges */
static struct
{
@@ -776,6 +969,7 @@
RtlFreeHeap(GetProcessHeap(), 0, UserSid);
return NT_SUCCESS(Status);
+#endif
}
/* EOF */