https://git.reactos.org/?p=reactos.git;a=commitdiff;h=8b0cfa1d3ca5d4ef98991… commit 8b0cfa1d3ca5d4ef9899147986396aa1e9cafb24 Author: Andreas Maier <staubim(a)quantentunnel.de> AuthorDate: Sun Feb 16 16:55:31 2020 +0100 Commit: GitHub <noreply(a)github.com> CommitDate: Sun Feb 16 16:55:31 2020 +0100 [MSV1_0] Improve LogonUserEx2 (#2356) - Improve traces, using %wZ for UNICODE_STRING; - Fix UNICODE_STRING validation. --- dll/win32/msv1_0/msv1_0.c | 21 +++++++++++---------- 1 file changed, 11 insertions(+), 10 deletions(-) diff --git a/dll/win32/msv1_0/msv1_0.c b/dll/win32/msv1_0/msv1_0.c index b7cdf46d9aa..a7e5c2b5a6c 100644 --- a/dll/win32/msv1_0/msv1_0.c +++ b/dll/win32/msv1_0/msv1_0.c @@ -1244,9 +1244,6 @@ LsaApLogonUserEx2(IN PLSA_CLIENT_REQUEST ClientRequest, /* Fix-up pointers in the authentication info */ PtrOffset = (ULONG_PTR)ProtocolSubmitBuffer - (ULONG_PTR)ClientBufferBase; - Status = RtlValidateUnicodeString(0, &LogonInfo->LogonDomainName); - if (!NT_SUCCESS(Status)) - return STATUS_INVALID_PARAMETER; /* LogonDomainName is optional and can be an empty string */ if (LogonInfo->LogonDomainName.Length) { @@ -1259,16 +1256,16 @@ LsaApLogonUserEx2(IN PLSA_CLIENT_REQUEST ClientRequest, LogonInfo->LogonDomainName.Buffer = NULL; LogonInfo->LogonDomainName.MaximumLength = 0; } - - Status = RtlValidateUnicodeString(0, &LogonInfo->UserName); + Status = RtlValidateUnicodeString(0, &LogonInfo->LogonDomainName); if (!NT_SUCCESS(Status)) return STATUS_INVALID_PARAMETER; + /* UserName is mandatory and cannot be an empty string */ // TODO: Check for Buffer limits wrt. ClientBufferBase and alignment. LogonInfo->UserName.Buffer = FIXUP_POINTER(LogonInfo->UserName.Buffer, PtrOffset); LogonInfo->UserName.MaximumLength = LogonInfo->UserName.Length; - Status = RtlValidateUnicodeString(0, &LogonInfo->Password); + Status = RtlValidateUnicodeString(0, &LogonInfo->UserName); if (!NT_SUCCESS(Status)) return STATUS_INVALID_PARAMETER; /* Password is optional and can be an empty string */ @@ -1284,9 +1281,13 @@ LsaApLogonUserEx2(IN PLSA_CLIENT_REQUEST ClientRequest, LogonInfo->Password.MaximumLength = 0; } - TRACE("Domain: %S\n", LogonInfo->LogonDomainName.Buffer); - TRACE("User: %S\n", LogonInfo->UserName.Buffer); - TRACE("Password: %S\n", LogonInfo->Password.Buffer); + Status = RtlValidateUnicodeString(0, &LogonInfo->Password); + if (!NT_SUCCESS(Status)) + return STATUS_INVALID_PARAMETER; + + TRACE("Domain: %wZ\n", &LogonInfo->LogonDomainName); + TRACE("User: %wZ\n", &LogonInfo->UserName); + TRACE("Password: %wZ\n", &LogonInfo->Password); // TODO: If LogonType == Service, do some extra work using LogonInfo->Password. } @@ -1442,7 +1443,7 @@ LsaApLogonUserEx2(IN PLSA_CLIENT_REQUEST ClientRequest, goto done; } - TRACE("UserName: %S\n", UserInfo->All.UserName.Buffer); + TRACE("UserName: %wZ\n", &UserInfo->All.UserName); /* Check the password */ if ((UserInfo->All.UserAccountControl & USER_PASSWORD_NOT_REQUIRED) == 0)