[hpoussin] 23520: - Start lsass.exe sooner, as Gina can call LsaRegisterLogonProcess in WlxInitialize - Check that loaded Gina has all needed functions - Set security attributes on windowstation and desktops
7 Aug
2006
7 Aug
'06
5:18 p.m.
Author: hpoussin
Date: Mon Aug 7 21:18:58 2006
New Revision: 23520
URL: http://svn.reactos.org/svn/reactos?rev=23520&view=rev
Log:
- Start lsass.exe sooner, as Gina can call LsaRegisterLogonProcess in WlxInitialize
- Check that loaded Gina has all needed functions
- Set security attributes on windowstation and desktops
Modified:
trunk/reactos/base/system/winlogon/winlogon.c
trunk/reactos/base/system/winlogon/winlogon.rbuild
trunk/reactos/base/system/winlogon/wlx.c
Modified: trunk/reactos/base/system/winlogon/winlogon.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/base/system/winlogon/winlo…
==============================================================================
--- trunk/reactos/base/system/winlogon/winlogon.c (original)
+++ trunk/reactos/base/system/winlogon/winlogon.c Mon Aug 7 21:18:58 2006
@@ -137,7 +137,7 @@
if (!hService)
goto cleanup;
#if 0
- if (!StartService(hService, 0, NULL))
+ if (!StartServiceW(hService, 0, NULL))
goto cleanup;
#endif
@@ -615,6 +615,12 @@
return 0;
}
+ if (!StartLsass())
+ {
+ DPRINT1("WL: Failed to start lsass.exe service (error %lu)\n",
GetLastError());
+ return 1;
+ }
+
/* Load and initialize gina */
if (!GinaInit(WLSession))
{
@@ -626,12 +632,6 @@
}
DisplayStatusMessage(WLSession, WLSession->WinlogonDesktop,
IDS_REACTOSISSTARTINGUP);
-
- if (!StartLsass())
- {
- DPRINT1("WL: Failed to start lsass.exe service (error %lu)\n",
GetLastError());
- return 1;
- }
#if 0
/* Connect to NetLogon service (lsass.exe) */
Modified: trunk/reactos/base/system/winlogon/winlogon.rbuild
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/base/system/winlogon/winlo…
==============================================================================
--- trunk/reactos/base/system/winlogon/winlogon.rbuild (original)
+++ trunk/reactos/base/system/winlogon/winlogon.rbuild Mon Aug 7 21:18:58 2006
@@ -3,6 +3,7 @@
<module name="winlogon" type="win32gui"
installbase="system32" installname="winlogon.exe">
<include base="winlogon">.</include>
<define name="__USE_W32API" />
+ <define name="_WIN32_WINNT">0x0501</define>
<library>ntdll</library>
<library>kernel32</library>
<library>user32</library>
Modified: trunk/reactos/base/system/winlogon/wlx.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/base/system/winlogon/wlx.c…
==============================================================================
--- trunk/reactos/base/system/winlogon/wlx.c (original)
+++ trunk/reactos/base/system/winlogon/wlx.c Mon Aug 7 21:18:58 2006
@@ -603,43 +603,41 @@
Functions->WlxActivateUserShell = (PFWLXACTIVATEUSERSHELL)GetProcAddress(hGina,
"WlxActivateUserShell");
if (!Functions->WlxActivateUserShell) goto cleanup;
Functions->WlxDisplayLockedNotice = (PFWLXDISPLAYLOCKEDNOTICE)GetProcAddress(hGina,
"WlxDisplayLockedNotice");
- if (!Functions->WlxActivateUserShell) goto cleanup;
+ if (!Functions->WlxDisplayLockedNotice) goto cleanup;
Functions->WlxDisplaySASNotice = (PFWLXDISPLAYSASNOTICE)GetProcAddress(hGina,
"WlxDisplaySASNotice");
- if (!Functions->WlxActivateUserShell) goto cleanup;
+ if (!Functions->WlxDisplaySASNotice) goto cleanup;
Functions->WlxIsLockOk = (PFWLXISLOCKOK)GetProcAddress(hGina,
"WlxIsLockOk");
- if (!Functions->WlxActivateUserShell) goto cleanup;
+ if (!Functions->WlxIsLockOk) goto cleanup;
Functions->WlxIsLogoffOk = (PFWLXISLOGOFFOK)GetProcAddress(hGina,
"WlxIsLogoffOk");
- if (!Functions->WlxActivateUserShell) goto cleanup;
+ if (!Functions->WlxIsLogoffOk) goto cleanup;
Functions->WlxLoggedOnSAS = (PFWLXLOGGEDONSAS)GetProcAddress(hGina,
"WlxLoggedOnSAS");
- if (!Functions->WlxActivateUserShell) goto cleanup;
+ if (!Functions->WlxLoggedOnSAS) goto cleanup;
Functions->WlxLoggedOutSAS = (PFWLXLOGGEDOUTSAS)GetProcAddress(hGina,
"WlxLoggedOutSAS");
- if (!Functions->WlxActivateUserShell) goto cleanup;
+ if (!Functions->WlxLoggedOutSAS) goto cleanup;
Functions->WlxLogoff = (PFWLXLOGOFF)GetProcAddress(hGina, "WlxLogoff");
- if (!Functions->WlxActivateUserShell) goto cleanup;
+ if (!Functions->WlxLogoff) goto cleanup;
Functions->WlxShutdown = (PFWLXSHUTDOWN)GetProcAddress(hGina,
"WlxShutdown");
- if (!Functions->WlxActivateUserShell) goto cleanup;
+ if (!Functions->WlxShutdown) goto cleanup;
Functions->WlxWkstaLockedSAS = (PFWLXWKSTALOCKEDSAS)GetProcAddress(hGina,
"WlxWkstaLockedSAS");
- if (!Functions->WlxActivateUserShell) goto cleanup;
+ if (!Functions->WlxWkstaLockedSAS) goto cleanup;
}
if (*DllVersion >= WLX_VERSION_1_1)
{
Functions->WlxScreenSaverNotify = (PFWLXSCREENSAVERNOTIFY)GetProcAddress(hGina,
"WlxScreenSaverNotify");
- if (!Functions->WlxActivateUserShell) goto cleanup;
Functions->WlxStartApplication = (PFWLXSTARTAPPLICATION)GetProcAddress(hGina,
"WlxStartApplication");
- if (!Functions->WlxActivateUserShell) goto cleanup;
}
if (*DllVersion >= WLX_VERSION_1_3)
{
Functions->WlxDisplayStatusMessage =
(PFWLXDISPLAYSTATUSMESSAGE)GetProcAddress(hGina, "WlxDisplayStatusMessage");
- if (!Functions->WlxActivateUserShell) goto cleanup;
+ if (!Functions->WlxDisplayStatusMessage) goto cleanup;
Functions->WlxGetStatusMessage = (PFWLXGETSTATUSMESSAGE)GetProcAddress(hGina,
"WlxGetStatusMessage");
- if (!Functions->WlxActivateUserShell) goto cleanup;
+ if (!Functions->WlxGetStatusMessage) goto cleanup;
Functions->WlxNetworkProviderLoad = (PFWLXNETWORKPROVIDERLOAD)GetProcAddress(hGina,
"WlxNetworkProviderLoad");
- if (!Functions->WlxActivateUserShell) goto cleanup;
+ if (!Functions->WlxNetworkProviderLoad) goto cleanup;
Functions->WlxRemoveStatusMessage = (PFWLXREMOVESTATUSMESSAGE)GetProcAddress(hGina,
"WlxRemoveStatusMessage");
- if (!Functions->WlxActivateUserShell) goto cleanup;
+ if (!Functions->WlxRemoveStatusMessage) goto cleanup;
}
ret = TRUE;
@@ -670,6 +668,7 @@
Session->SuppressStatus = FALSE;
PreviousWindowProc = NULL;
+ TRACE("Calling WlxInitialize(\"%S\")\n",
Session->InteractiveWindowStationName);
return Session->Gina.Functions.WlxInitialize(
Session->InteractiveWindowStationName,
(HANDLE)Session,
@@ -682,6 +681,77 @@
CreateWindowStationAndDesktops(
IN OUT PWLSESSION Session)
{
+ BYTE LocalSystemBuffer[SECURITY_MAX_SID_SIZE];
+ BYTE InteractiveBuffer[SECURITY_MAX_SID_SIZE];
+ PSID pLocalSystemSid = (PSID)&LocalSystemBuffer;
+ PSID pInteractiveSid = (PSID)InteractiveBuffer;
+ DWORD SidSize, AclSize;
+ PACL pDefaultAcl = NULL;
+ PACL pUserDesktopAcl = NULL;
+ SECURITY_ATTRIBUTES DefaultSecurity;
+ SECURITY_ATTRIBUTES UserDesktopSecurity;
+ BOOL ret = FALSE;
+
+ /*
+ * Prepare information for ACLs we will apply
+ */
+ SidSize = SECURITY_MAX_SID_SIZE;
+ if (!CreateWellKnownSid(WinLocalSystemSid, NULL, pLocalSystemSid, &SidSize))
+ {
+ ERR("WL: CreateWellKnownSid() failed (error %lu)\n", GetLastError());
+ goto cleanup;
+ }
+ SidSize = SECURITY_MAX_SID_SIZE;
+ if (!CreateWellKnownSid(WinInteractiveSid, NULL, pInteractiveSid, &SidSize))
+ {
+ ERR("WL: CreateWellKnownSid() failed (error %lu)\n", GetLastError());
+ goto cleanup;
+ }
+
+ AclSize = sizeof(ACL)
+ + FIELD_OFFSET(ACCESS_ALLOWED_ACE, SidStart) + GetLengthSid(pLocalSystemSid)
+ + FIELD_OFFSET(ACCESS_ALLOWED_ACE, SidStart) + GetLengthSid(pInteractiveSid);
+ pDefaultAcl = HeapAlloc(GetProcessHeap(), 0, AclSize);
+ pUserDesktopAcl = HeapAlloc(GetProcessHeap(), 0, AclSize);
+ if (!pDefaultAcl || !pUserDesktopAcl)
+ {
+ ERR("WL: HeapAlloc() failed\n");
+ goto cleanup;
+ }
+
+ if (!InitializeAcl(pDefaultAcl, AclSize, ACL_REVISION)
+ || !InitializeAcl(pUserDesktopAcl, AclSize, ACL_REVISION))
+ {
+ ERR("WL: InitializeAcl() failed (error %lu)\n", GetLastError());
+ goto cleanup;
+ }
+
+ /*
+ * Create default ACL (window station, winlogon desktop, screen saver desktop)
+ */
+ if (!AddAccessAllowedAce(pDefaultAcl, ACL_REVISION, GENERIC_ALL, pLocalSystemSid)
+ || !AddAccessAllowedAce(pDefaultAcl, ACL_REVISION, GENERIC_READ, pInteractiveSid))
+ {
+ ERR("WL: AddAccessAllowedAce() failed (error %lu)\n", GetLastError());
+ goto cleanup;
+ }
+ DefaultSecurity.nLength = sizeof(SECURITY_ATTRIBUTES);
+ DefaultSecurity.lpSecurityDescriptor = pDefaultAcl;
+ DefaultSecurity.bInheritHandle = TRUE;
+
+ /*
+ * Create user desktop ACL
+ */
+ if (!AddAccessAllowedAce(pUserDesktopAcl, ACL_REVISION, GENERIC_ALL, pLocalSystemSid)
+ || !AddAccessAllowedAce(pUserDesktopAcl, ACL_REVISION, GENERIC_ALL, pInteractiveSid))
+ {
+ ERR("WL: AddAccessAllowedAce() failed (error %lu)\n", GetLastError());
+ goto cleanup;
+ }
+ UserDesktopSecurity.nLength = sizeof(SECURITY_ATTRIBUTES);
+ UserDesktopSecurity.lpSecurityDescriptor = pUserDesktopAcl;
+ UserDesktopSecurity.bInheritHandle = TRUE;
+
/*
* Create the interactive window station
*/
@@ -690,13 +760,17 @@
Session->InteractiveWindowStationName,
0,
WINSTA_CREATEDESKTOP,
- NULL);
+ &DefaultSecurity);
if (!Session->InteractiveWindowStation)
{
ERR("WL: Failed to create window station (%lu)\n", GetLastError());
- return FALSE;
- }
- SetProcessWindowStation(Session->InteractiveWindowStation);
+ goto cleanup;
+ }
+ if (!SetProcessWindowStation(Session->InteractiveWindowStation))
+ {
+ ERR("WL: SetProcessWindowStation() failed (error %lu)\n", GetLastError());
+ goto cleanup;
+ }
/*
* Create the application desktop
@@ -705,13 +779,13 @@
L"Default",
NULL,
NULL,
- 0, /* FIXME: Set some flags */
+ 0, /* FIXME: Add DF_ALLOWOTHERACCOUNTHOOK flag? */
GENERIC_ALL,
- NULL);
+ &UserDesktopSecurity);
if (!Session->ApplicationDesktop)
{
ERR("WL: Failed to create Default desktop (%lu)\n", GetLastError());
- return FALSE;
+ goto cleanup;
}
/*
@@ -721,13 +795,13 @@
L"Winlogon",
NULL,
NULL,
- 0, /* FIXME: Set some flags */
+ 0,
GENERIC_ALL,
- NULL);
+ &DefaultSecurity);
if (!Session->WinlogonDesktop)
{
ERR("WL: Failed to create Winlogon desktop (%lu)\n", GetLastError());
- return FALSE;
+ goto cleanup;
}
/*
@@ -737,13 +811,13 @@
L"Screen-Saver",
NULL,
NULL,
- 0, /* FIXME: Set some flags */
+ 0,
GENERIC_ALL,
- NULL);
+ &DefaultSecurity);
if(!Session->ScreenSaverDesktop)
{
ERR("WL: Failed to create Screen-Saver desktop (%lu)\n", GetLastError());
- return FALSE;
+ goto cleanup;
}
/* FIXME: big HACK */
@@ -756,8 +830,24 @@
!SwitchDesktop(Session->WinlogonDesktop))
{
ERR("WL: Cannot switch to Winlogon desktop (%lu)\n", GetLastError());
- return FALSE;
- }
-
- return TRUE;
-}
+ goto cleanup;
+ }
+
+ ret = TRUE;
+
+cleanup:
+ if (!ret)
+ {
+ if (Session->ApplicationDesktop)
+ CloseDesktop(Session->ApplicationDesktop);
+ if (Session->WinlogonDesktop)
+ CloseDesktop(Session->WinlogonDesktop);
+ if (Session->ScreenSaverDesktop)
+ CloseDesktop(Session->ScreenSaverDesktop);
+ if (Session->InteractiveWindowStation)
+ CloseWindowStation(Session->InteractiveWindowStation);
+ }
+ HeapFree(GetProcessHeap(), 0, pDefaultAcl);
+ HeapFree(GetProcessHeap(), 0, pUserDesktopAcl);
+ return ret;
+}
6647
days inactive
6647
days old
0 comments
1 participants
participants (1)
-
hpoussin@svn.reactos.org