[hpoussin] 23520: - Start lsass.exe sooner, as Gina can call LsaRegisterLogonProcess in WlxInitialize - Check that loaded Gina has all needed functions - Set security attributes on windowstation and desktops - Ros-diffs

7 Aug 2006

Author: hpoussin
Date: Mon Aug  7 21:18:58 2006
New Revision: 23520
URL: http://svn.reactos.org/svn/reactos?rev=23520&view=rev
Log:
- Start lsass.exe sooner, as Gina can call LsaRegisterLogonProcess in WlxInitialize
- Check that loaded Gina has all needed functions
- Set security attributes on windowstation and desktops
Modified:
    trunk/reactos/base/system/winlogon/winlogon.c
    trunk/reactos/base/system/winlogon/winlogon.rbuild
    trunk/reactos/base/system/winlogon/wlx.c
Modified: trunk/reactos/base/system/winlogon/winlogon.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/base/system/winlogon/winlog...
==============================================================================

--- trunk/reactos/base/system/winlogon/winlogon.c (original)
+++ trunk/reactos/base/system/winlogon/winlogon.c Mon Aug  7 21:18:58 2006
@@ -137,7 +137,7 @@
    if (!hService)
    	goto cleanup;
 #if 0
-	if (!StartService(hService, 0, NULL))
+	if (!StartServiceW(hService, 0, NULL))
    	goto cleanup;
 #endif
@@ -615,6 +615,12 @@
    	return 0;
    }
+	if (!StartLsass())
+	{
+		DPRINT1("WL: Failed to start lsass.exe service (error %lu)\n", GetLastError());
+		return 1;
+	}
+
    /* Load and initialize gina */
    if (!GinaInit(WLSession))
    {
@@ -626,12 +632,6 @@
    }
DisplayStatusMessage(WLSession, WLSession->WinlogonDesktop, IDS_REACTOSISSTARTINGUP);
-
-	if (!StartLsass())
-	{
-		DPRINT1("WL: Failed to start lsass.exe service (error %lu)\n", GetLastError());
-		return 1;
-	}
#if 0
    /* Connect to NetLogon service (lsass.exe) */
Modified: trunk/reactos/base/system/winlogon/winlogon.rbuild
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/base/system/winlogon/winlog...
==============================================================================
--- trunk/reactos/base/system/winlogon/winlogon.rbuild (original)
+++ trunk/reactos/base/system/winlogon/winlogon.rbuild Mon Aug  7 21:18:58 2006
@@ -3,6 +3,7 @@
 <module name="winlogon" type="win32gui" installbase="system32" installname="winlogon.exe">
    <include base="winlogon">.</include>
    <define name="__USE_W32API" />
+	<define name="_WIN32_WINNT">0x0501</define>
    <library>ntdll</library>
    <library>kernel32</library>
    <library>user32</library>
Modified: trunk/reactos/base/system/winlogon/wlx.c
URL: http://svn.reactos.org/svn/reactos/trunk/reactos/base/system/winlogon/wlx.c?...
==============================================================================
--- trunk/reactos/base/system/winlogon/wlx.c (original)
+++ trunk/reactos/base/system/winlogon/wlx.c Mon Aug  7 21:18:58 2006
@@ -603,43 +603,41 @@
    	Functions->WlxActivateUserShell = (PFWLXACTIVATEUSERSHELL)GetProcAddress(hGina, "WlxActivateUserShell");
    	if (!Functions->WlxActivateUserShell) goto cleanup;
    	Functions->WlxDisplayLockedNotice = (PFWLXDISPLAYLOCKEDNOTICE)GetProcAddress(hGina, "WlxDisplayLockedNotice");
-		if (!Functions->WlxActivateUserShell) goto cleanup;
+		if (!Functions->WlxDisplayLockedNotice) goto cleanup;
    	Functions->WlxDisplaySASNotice = (PFWLXDISPLAYSASNOTICE)GetProcAddress(hGina, "WlxDisplaySASNotice");
-		if (!Functions->WlxActivateUserShell) goto cleanup;
+		if (!Functions->WlxDisplaySASNotice) goto cleanup;
    	Functions->WlxIsLockOk = (PFWLXISLOCKOK)GetProcAddress(hGina, "WlxIsLockOk");
-		if (!Functions->WlxActivateUserShell) goto cleanup;
+		if (!Functions->WlxIsLockOk) goto cleanup;
    	Functions->WlxIsLogoffOk = (PFWLXISLOGOFFOK)GetProcAddress(hGina, "WlxIsLogoffOk");
-		if (!Functions->WlxActivateUserShell) goto cleanup;
+		if (!Functions->WlxIsLogoffOk) goto cleanup;
    	Functions->WlxLoggedOnSAS = (PFWLXLOGGEDONSAS)GetProcAddress(hGina, "WlxLoggedOnSAS");
-		if (!Functions->WlxActivateUserShell) goto cleanup;
+		if (!Functions->WlxLoggedOnSAS) goto cleanup;
    	Functions->WlxLoggedOutSAS = (PFWLXLOGGEDOUTSAS)GetProcAddress(hGina, "WlxLoggedOutSAS");
-		if (!Functions->WlxActivateUserShell) goto cleanup;
+		if (!Functions->WlxLoggedOutSAS) goto cleanup;
    	Functions->WlxLogoff = (PFWLXLOGOFF)GetProcAddress(hGina, "WlxLogoff");
-		if (!Functions->WlxActivateUserShell) goto cleanup;
+		if (!Functions->WlxLogoff) goto cleanup;
    	Functions->WlxShutdown = (PFWLXSHUTDOWN)GetProcAddress(hGina, "WlxShutdown");
-		if (!Functions->WlxActivateUserShell) goto cleanup;
+		if (!Functions->WlxShutdown) goto cleanup;
    	Functions->WlxWkstaLockedSAS = (PFWLXWKSTALOCKEDSAS)GetProcAddress(hGina, "WlxWkstaLockedSAS");
-		if (!Functions->WlxActivateUserShell) goto cleanup;
+		if (!Functions->WlxWkstaLockedSAS) goto cleanup;
    }
if (*DllVersion >= WLX_VERSION_1_1)
    {
    	Functions->WlxScreenSaverNotify = (PFWLXSCREENSAVERNOTIFY)GetProcAddress(hGina, "WlxScreenSaverNotify");
-		if (!Functions->WlxActivateUserShell) goto cleanup;
    	Functions->WlxStartApplication = (PFWLXSTARTAPPLICATION)GetProcAddress(hGina, "WlxStartApplication");
-		if (!Functions->WlxActivateUserShell) goto cleanup;
    }
if (*DllVersion >= WLX_VERSION_1_3)
    {
    	Functions->WlxDisplayStatusMessage = (PFWLXDISPLAYSTATUSMESSAGE)GetProcAddress(hGina, "WlxDisplayStatusMessage");
-		if (!Functions->WlxActivateUserShell) goto cleanup;
+		if (!Functions->WlxDisplayStatusMessage) goto cleanup;
    	Functions->WlxGetStatusMessage = (PFWLXGETSTATUSMESSAGE)GetProcAddress(hGina, "WlxGetStatusMessage");
-		if (!Functions->WlxActivateUserShell) goto cleanup;
+		if (!Functions->WlxGetStatusMessage) goto cleanup;
    	Functions->WlxNetworkProviderLoad = (PFWLXNETWORKPROVIDERLOAD)GetProcAddress(hGina, "WlxNetworkProviderLoad");
-		if (!Functions->WlxActivateUserShell) goto cleanup;
+		if (!Functions->WlxNetworkProviderLoad) goto cleanup;
    	Functions->WlxRemoveStatusMessage = (PFWLXREMOVESTATUSMESSAGE)GetProcAddress(hGina, "WlxRemoveStatusMessage");
-		if (!Functions->WlxActivateUserShell) goto cleanup;
+		if (!Functions->WlxRemoveStatusMessage) goto cleanup;
    }
ret = TRUE;
@@ -670,6 +668,7 @@
    Session->SuppressStatus = FALSE;
    PreviousWindowProc = NULL;
+	TRACE("Calling WlxInitialize("%S")\n", Session->InteractiveWindowStationName);
    return Session->Gina.Functions.WlxInitialize(
    	Session->InteractiveWindowStationName,
    	(HANDLE)Session,
@@ -682,6 +681,77 @@
 CreateWindowStationAndDesktops(
    IN OUT PWLSESSION Session)
 {
+	BYTE LocalSystemBuffer[SECURITY_MAX_SID_SIZE];
+	BYTE InteractiveBuffer[SECURITY_MAX_SID_SIZE];
+	PSID pLocalSystemSid = (PSID)&LocalSystemBuffer;
+	PSID pInteractiveSid = (PSID)InteractiveBuffer;
+	DWORD SidSize, AclSize;
+	PACL pDefaultAcl = NULL;
+	PACL pUserDesktopAcl = NULL;
+	SECURITY_ATTRIBUTES DefaultSecurity;
+	SECURITY_ATTRIBUTES UserDesktopSecurity;
+	BOOL ret = FALSE;
+
+	/*
+	 * Prepare information for ACLs we will apply
+	 */
+	SidSize = SECURITY_MAX_SID_SIZE;
+	if (!CreateWellKnownSid(WinLocalSystemSid, NULL, pLocalSystemSid, &SidSize))
+	{
+		ERR("WL: CreateWellKnownSid() failed (error %lu)\n", GetLastError());
+		goto cleanup;
+	}
+	SidSize = SECURITY_MAX_SID_SIZE;
+	if (!CreateWellKnownSid(WinInteractiveSid, NULL, pInteractiveSid, &SidSize))
+	{
+		ERR("WL: CreateWellKnownSid() failed (error %lu)\n", GetLastError());
+		goto cleanup;
+	}
+
+	AclSize = sizeof(ACL)
+		+ FIELD_OFFSET(ACCESS_ALLOWED_ACE, SidStart) + GetLengthSid(pLocalSystemSid)
+		+ FIELD_OFFSET(ACCESS_ALLOWED_ACE, SidStart) + GetLengthSid(pInteractiveSid);
+	pDefaultAcl = HeapAlloc(GetProcessHeap(), 0, AclSize);
+	pUserDesktopAcl = HeapAlloc(GetProcessHeap(), 0, AclSize);
+	if (!pDefaultAcl || !pUserDesktopAcl)
+	{
+		ERR("WL: HeapAlloc() failed\n");
+		goto cleanup;
+	}
+
+	if (!InitializeAcl(pDefaultAcl, AclSize, ACL_REVISION)
+	 || !InitializeAcl(pUserDesktopAcl, AclSize, ACL_REVISION))
+	{
+		ERR("WL: InitializeAcl() failed (error %lu)\n", GetLastError());
+		goto cleanup;
+	}
+
+	/*
+	 * Create default ACL (window station, winlogon desktop, screen saver desktop)
+	 */
+	if (!AddAccessAllowedAce(pDefaultAcl, ACL_REVISION, GENERIC_ALL, pLocalSystemSid)
+	 || !AddAccessAllowedAce(pDefaultAcl, ACL_REVISION, GENERIC_READ, pInteractiveSid))
+	{
+		ERR("WL: AddAccessAllowedAce() failed (error %lu)\n", GetLastError());
+		goto cleanup;
+	}
+	DefaultSecurity.nLength = sizeof(SECURITY_ATTRIBUTES);
+	DefaultSecurity.lpSecurityDescriptor = pDefaultAcl;
+	DefaultSecurity.bInheritHandle = TRUE;
+
+	/*
+	 * Create user desktop ACL
+	 */
+	if (!AddAccessAllowedAce(pUserDesktopAcl, ACL_REVISION, GENERIC_ALL, pLocalSystemSid)
+	 || !AddAccessAllowedAce(pUserDesktopAcl, ACL_REVISION, GENERIC_ALL, pInteractiveSid))
+	{
+		ERR("WL: AddAccessAllowedAce() failed (error %lu)\n", GetLastError());
+		goto cleanup;
+	}
+	UserDesktopSecurity.nLength = sizeof(SECURITY_ATTRIBUTES);
+	UserDesktopSecurity.lpSecurityDescriptor = pUserDesktopAcl;
+	UserDesktopSecurity.bInheritHandle = TRUE;
+
    /*
     * Create the interactive window station
     */
@@ -690,13 +760,17 @@
    	Session->InteractiveWindowStationName,
    	0,
    	WINSTA_CREATEDESKTOP,
-		NULL);
+		&DefaultSecurity);
    if (!Session->InteractiveWindowStation)
    {
    	ERR("WL: Failed to create window station (%lu)\n", GetLastError());
-		return FALSE;
-	}
-	SetProcessWindowStation(Session->InteractiveWindowStation);
+		goto cleanup;
+	}
+	if (!SetProcessWindowStation(Session->InteractiveWindowStation))
+	{
+		ERR("WL: SetProcessWindowStation() failed (error %lu)\n", GetLastError());
+		goto cleanup;
+	}
/*
     * Create the application desktop
@@ -705,13 +779,13 @@
    	L"Default",
    	NULL,
    	NULL,
-		0, /* FIXME: Set some flags */
+		0, /* FIXME: Add DF_ALLOWOTHERACCOUNTHOOK flag? */
    	GENERIC_ALL,
-		NULL);
+		&UserDesktopSecurity);
    if (!Session->ApplicationDesktop)
    {
    	ERR("WL: Failed to create Default desktop (%lu)\n", GetLastError());
-		return FALSE;
+		goto cleanup;
    }
/*
@@ -721,13 +795,13 @@
    	L"Winlogon",
    	NULL,
    	NULL,
-		0, /* FIXME: Set some flags */
+		0,
    	GENERIC_ALL,
-		NULL);
+		&DefaultSecurity);
    if (!Session->WinlogonDesktop)
    {
    	ERR("WL: Failed to create Winlogon desktop (%lu)\n", GetLastError());
-		return FALSE;
+		goto cleanup;
    }
/*
@@ -737,13 +811,13 @@
    	L"Screen-Saver",
    	NULL,
    	NULL,
-		0, /* FIXME: Set some flags */
+		0,
    	GENERIC_ALL,
-		NULL);
+		&DefaultSecurity);
    if(!Session->ScreenSaverDesktop)
    {
    	ERR("WL: Failed to create Screen-Saver desktop (%lu)\n", GetLastError());
-		return FALSE;
+		goto cleanup;
    }
/* FIXME: big HACK */
@@ -756,8 +830,24 @@
        !SwitchDesktop(Session->WinlogonDesktop))
    {
    	ERR("WL: Cannot switch to Winlogon desktop (%lu)\n", GetLastError());
-		return FALSE;
-	}
-
-	return TRUE;
-}
+		goto cleanup;
+	}
+
+	ret = TRUE;
+
+cleanup:
+	if (!ret)
+	{
+		if (Session->ApplicationDesktop)
+			CloseDesktop(Session->ApplicationDesktop);
+		if (Session->WinlogonDesktop)
+			CloseDesktop(Session->WinlogonDesktop);
+		if (Session->ScreenSaverDesktop)
+			CloseDesktop(Session->ScreenSaverDesktop);
+		if (Session->InteractiveWindowStation)
+			CloseWindowStation(Session->InteractiveWindowStation);
+	}
+	HeapFree(GetProcessHeap(), 0, pDefaultAcl);
+	HeapFree(GetProcessHeap(), 0, pUserDesktopAcl);
+	return ret;
+}

    