https://git.reactos.org/?p=reactos.git;a=commitdiff;h=034c6fd0c56e6717f9756…
commit 034c6fd0c56e6717f97568a08348cfaaa3f04e44
Author: Eric Kohl <eric.kohl(a)reactos.org>
AuthorDate: Tue Jul 30 23:09:32 2019 +0200
Commit: Eric Kohl <eric.kohl(a)reactos.org>
CommitDate: Tue Jul 30 23:10:33 2019 +0200
[LSASRV] Improvements to LsapLogonUser()
- Token handle duplication must be the last step because we cannot close the
duplicated token handle if something fails.
- Call LsaApLogonTerminated(), delete the logon session and free the profile buffer if
something fails.
---
dll/win32/lsasrv/authpackage.c | 55 ++++++++++++++++++++++++++----------------
1 file changed, 34 insertions(+), 21 deletions(-)
diff --git a/dll/win32/lsasrv/authpackage.c b/dll/win32/lsasrv/authpackage.c
index 6c8b47a954f..29bb465d80b 100644
--- a/dll/win32/lsasrv/authpackage.c
+++ b/dll/win32/lsasrv/authpackage.c
@@ -1641,22 +1641,6 @@ LsapLogonUser(PLSA_API_MSG RequestMsg,
goto done;
}
- /* Duplicate the token handle into the client process */
- Status = NtDuplicateObject(NtCurrentProcess(),
- TokenHandle,
- LogonContext->ClientProcessHandle,
- &RequestMsg->LogonUser.Reply.Token,
- 0,
- 0,
- DUPLICATE_SAME_ACCESS | DUPLICATE_SAME_ATTRIBUTES |
DUPLICATE_CLOSE_SOURCE);
- if (!NT_SUCCESS(Status))
- {
- ERR("NtDuplicateObject failed (Status 0x%08lx)\n", Status);
- goto done;
- }
-
-// TokenHandle = NULL;
-
if (LogonType == Interactive ||
LogonType == Batch ||
LogonType == Service)
@@ -1680,12 +1664,41 @@ LsapLogonUser(PLSA_API_MSG RequestMsg,
goto done;
}
+ /*
+ * Duplicate the token handle into the client process.
+ * This must be the last step because we cannot
+ * close the duplicated token handle in case something fails.
+ */
+ Status = NtDuplicateObject(NtCurrentProcess(),
+ TokenHandle,
+ LogonContext->ClientProcessHandle,
+ &RequestMsg->LogonUser.Reply.Token,
+ 0,
+ 0,
+ DUPLICATE_SAME_ACCESS | DUPLICATE_SAME_ATTRIBUTES |
DUPLICATE_CLOSE_SOURCE);
+ if (!NT_SUCCESS(Status))
+ {
+ ERR("NtDuplicateObject failed (Status 0x%08lx)\n", Status);
+ goto done;
+ }
+
done:
-// if (!NT_SUCCESS(Status))
-// {
- if (TokenHandle != NULL)
- NtClose(TokenHandle);
-// }
+ if (!NT_SUCCESS(Status))
+ {
+ /* Notify the authentification package of the failure */
+ Package->LsaApLogonTerminated(&RequestMsg->LogonUser.Reply.LogonId);
+
+ /* Delete the logon session */
+ LsapDeleteLogonSession(&RequestMsg->LogonUser.Reply.LogonId);
+
+ /* Release the profile buffer */
+ LsapFreeClientBuffer((PLSA_CLIENT_REQUEST)LogonContext,
+ RequestMsg->LogonUser.Reply.ProfileBuffer);
+ RequestMsg->LogonUser.Reply.ProfileBuffer = NULL;
+ }
+
+ if (TokenHandle != NULL)
+ NtClose(TokenHandle);
/* Free the local groups */
if (LocalGroups != NULL)