[reactos] 01/01: [LSASRV] Improvements to LsapLogonUser() - Ros-diffs

30 Jul 2019

https://git.reactos.org/?p=reactos.git;a=commitdiff;h=034c6fd0c56e6717f97568...
commit 034c6fd0c56e6717f97568a08348cfaaa3f04e44
Author:     Eric Kohl eric.kohl@reactos.org
AuthorDate: Tue Jul 30 23:09:32 2019 +0200
Commit:     Eric Kohl eric.kohl@reactos.org
CommitDate: Tue Jul 30 23:10:33 2019 +0200
[LSASRV] Improvements to LsapLogonUser()
- Token handle duplication must be the last step because we cannot close the duplicated token handle if something fails.
    - Call LsaApLogonTerminated(), delete the logon session and free the profile buffer if something fails.
---
 dll/win32/lsasrv/authpackage.c | 55 ++++++++++++++++++++++++++----------------
 1 file changed, 34 insertions(+), 21 deletions(-)

diff --git a/dll/win32/lsasrv/authpackage.c b/dll/win32/lsasrv/authpackage.c
index 6c8b47a954f..29bb465d80b 100644
--- a/dll/win32/lsasrv/authpackage.c
+++ b/dll/win32/lsasrv/authpackage.c
@@ -1641,22 +1641,6 @@ LsapLogonUser(PLSA_API_MSG RequestMsg,
         goto done;
     }
-    /* Duplicate the token handle into the client process */
-    Status = NtDuplicateObject(NtCurrentProcess(),
-                               TokenHandle,
-                               LogonContext->ClientProcessHandle,
-                               &RequestMsg->LogonUser.Reply.Token,
-                               0,
-                               0,
-                               DUPLICATE_SAME_ACCESS | DUPLICATE_SAME_ATTRIBUTES | DUPLICATE_CLOSE_SOURCE);
-    if (!NT_SUCCESS(Status))
-    {
-        ERR("NtDuplicateObject failed (Status 0x%08lx)\n", Status);
-        goto done;
-    }
-
-//    TokenHandle = NULL;
-
     if (LogonType == Interactive ||
         LogonType == Batch ||
         LogonType == Service)
@@ -1680,12 +1664,41 @@ LsapLogonUser(PLSA_API_MSG RequestMsg,
         goto done;
     }
+    /*
+     * Duplicate the token handle into the client process.
+     * This must be the last step because we cannot
+     * close the duplicated token handle in case something fails.
+     */
+    Status = NtDuplicateObject(NtCurrentProcess(),
+                               TokenHandle,
+                               LogonContext->ClientProcessHandle,
+                               &RequestMsg->LogonUser.Reply.Token,
+                               0,
+                               0,
+                               DUPLICATE_SAME_ACCESS | DUPLICATE_SAME_ATTRIBUTES | DUPLICATE_CLOSE_SOURCE);
+    if (!NT_SUCCESS(Status))
+    {
+        ERR("NtDuplicateObject failed (Status 0x%08lx)\n", Status);
+        goto done;
+    }
+
 done:
-//    if (!NT_SUCCESS(Status))
-//    {
-        if (TokenHandle != NULL)
-            NtClose(TokenHandle);
-//    }
+    if (!NT_SUCCESS(Status))
+    {
+        /* Notify the authentification package of the failure */
+        Package->LsaApLogonTerminated(&RequestMsg->LogonUser.Reply.LogonId);
+
+        /* Delete the logon session */
+        LsapDeleteLogonSession(&RequestMsg->LogonUser.Reply.LogonId);
+
+        /* Release the profile buffer */
+        LsapFreeClientBuffer((PLSA_CLIENT_REQUEST)LogonContext,
+                             RequestMsg->LogonUser.Reply.ProfileBuffer);
+        RequestMsg->LogonUser.Reply.ProfileBuffer = NULL;
+    }
+
+    if (TokenHandle != NULL)
+        NtClose(TokenHandle);
/* Free the local groups */
     if (LocalGroups != NULL)

    