Author: ekohl Date: Mon Dec 16 14:03:46 2013 New Revision: 61281 URL: http://svn.reactos.org/svn/reactos?rev=61281&view=rev Log: [ADVAPI32] - Remove the old logon code. It is not needed any longer. - LogonUserW: Pass two SIDs (LogonSid and LocalSid) to LsaLogonUser. - LogonUserW: Use a better token source name. Modified: trunk/reactos/dll/win32/advapi32/misc/logon.c Modified: trunk/reactos/dll/win32/advapi32/misc/logon.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/advapi32/misc/lo… ============================================================================== --- trunk/reactos/dll/win32/advapi32/misc/logon.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/advapi32/misc/logon.c [iso-8859-1] Mon Dec 16 14:03:46 2013 @@ -8,8 +8,6 @@ #include <advapi32.h> WINE_DEFAULT_DEBUG_CHANNEL(advapi); - -#define NEW_LOGON /* FUNCTIONS ***************************************************************/ @@ -64,7 +62,7 @@ /* Resume the main thread */ if (!(dwCreationFlags & CREATE_SUSPENDED)) { - ResumeThread(lpProcessInformation->hThread); + ResumeThread(lpProcessInformation->hThread); } return TRUE; @@ -213,365 +211,8 @@ } -#ifndef NEW_LOGON -static BOOL WINAPI -GetAccountDomainSid(PSID *Sid) -{ - PPOLICY_ACCOUNT_DOMAIN_INFO Info = NULL; - LSA_OBJECT_ATTRIBUTES ObjectAttributes; - LSA_HANDLE PolicyHandle; - PSID lpSid; - ULONG Length; - NTSTATUS Status; - - *Sid = NULL; - - memset(&ObjectAttributes, 0, sizeof(LSA_OBJECT_ATTRIBUTES)); - ObjectAttributes.Length = sizeof(LSA_OBJECT_ATTRIBUTES); - - Status = LsaOpenPolicy(NULL, - &ObjectAttributes, - POLICY_VIEW_LOCAL_INFORMATION, - &PolicyHandle); - if (!NT_SUCCESS(Status)) - { - ERR("LsaOpenPolicy failed (Status: 0x%08lx)\n", Status); - return FALSE; - } - - Status = LsaQueryInformationPolicy(PolicyHandle, - PolicyAccountDomainInformation, - (PVOID *)&Info); - if (!NT_SUCCESS(Status)) - { - ERR("LsaQueryInformationPolicy failed (Status: 0x%08lx)\n", Status); - LsaClose(PolicyHandle); - return FALSE; - } - - Length = RtlLengthSid(Info->DomainSid); - - lpSid = RtlAllocateHeap(RtlGetProcessHeap(), - 0, - Length); - if (lpSid == NULL) - { - ERR("Failed to allocate SID buffer!\n"); - LsaFreeMemory(Info); - LsaClose(PolicyHandle); - return FALSE; - } - - memcpy(lpSid, Info->DomainSid, Length); - - *Sid = lpSid; - - LsaFreeMemory(Info); - LsaClose(PolicyHandle); - - return TRUE; -} - - -static PSID -AppendRidToSid(PSID SrcSid, - ULONG Rid) -{ - ULONG Rids[8] = {0, 0, 0, 0, 0, 0, 0, 0}; - UCHAR RidCount; - PSID DstSid; - ULONG i; - - RidCount = *RtlSubAuthorityCountSid(SrcSid); - if (RidCount >= 8) - return NULL; - - for (i = 0; i < RidCount; i++) - Rids[i] = *RtlSubAuthoritySid(SrcSid, i); - - Rids[RidCount] = Rid; - RidCount++; - - RtlAllocateAndInitializeSid(RtlIdentifierAuthoritySid(SrcSid), - RidCount, - Rids[0], - Rids[1], - Rids[2], - Rids[3], - Rids[4], - Rids[5], - Rids[6], - Rids[7], - &DstSid); - - return DstSid; -} - - -static BOOL WINAPI -GetUserSid(LPCWSTR UserName, - PSID *Sid) -{ - PSID SidBuffer = NULL; - PWSTR DomainBuffer = NULL; - DWORD cbSidSize = 0; - DWORD cchDomSize = 0; - SID_NAME_USE Use; - BOOL res = TRUE; - - *Sid = NULL; - - LookupAccountNameW(NULL, - UserName, - NULL, - &cbSidSize, - NULL, - &cchDomSize, - &Use); - - if (cbSidSize == 0 || cchDomSize == 0) - return FALSE; - - SidBuffer = RtlAllocateHeap(RtlGetProcessHeap(), - HEAP_ZERO_MEMORY, - cbSidSize); - if (SidBuffer == NULL) - return FALSE; - - DomainBuffer = RtlAllocateHeap(RtlGetProcessHeap(), - HEAP_ZERO_MEMORY, - cchDomSize * sizeof(WCHAR)); - if (DomainBuffer == NULL) - { - res = FALSE; - goto done; - } - - if (!LookupAccountNameW(NULL, - UserName, - SidBuffer, - &cbSidSize, - DomainBuffer, - &cchDomSize, - &Use)) - { - res = FALSE; - goto done; - } - - if (Use != SidTypeUser) - { - res = FALSE; - goto done; - } - - *Sid = SidBuffer; - -done: - if (DomainBuffer != NULL) - RtlFreeHeap(RtlGetProcessHeap(), 0, DomainBuffer); - - if (res == FALSE) - { - if (SidBuffer != NULL) - RtlFreeHeap(RtlGetProcessHeap(), 0, SidBuffer); - } - - return res; -} - - -static PTOKEN_GROUPS -AllocateGroupSids(OUT PSID *PrimaryGroupSid, - OUT PSID *OwnerSid) -{ - SID_IDENTIFIER_AUTHORITY WorldAuthority = {SECURITY_WORLD_SID_AUTHORITY}; - SID_IDENTIFIER_AUTHORITY LocalAuthority = {SECURITY_LOCAL_SID_AUTHORITY}; - SID_IDENTIFIER_AUTHORITY SystemAuthority = {SECURITY_NT_AUTHORITY}; - PTOKEN_GROUPS TokenGroups; -#define MAX_GROUPS 8 - DWORD GroupCount = 0; - PSID DomainSid; - PSID Sid; - LUID Luid; - NTSTATUS Status; - - Status = NtAllocateLocallyUniqueId(&Luid); - if (!NT_SUCCESS(Status)) - return NULL; - - if (!GetAccountDomainSid(&DomainSid)) - return NULL; - - TokenGroups = RtlAllocateHeap( - GetProcessHeap(), 0, - sizeof(TOKEN_GROUPS) + - MAX_GROUPS * sizeof(SID_AND_ATTRIBUTES)); - if (TokenGroups == NULL) - { - RtlFreeHeap(RtlGetProcessHeap(), 0, DomainSid); - return NULL; - } - - Sid = AppendRidToSid(DomainSid, DOMAIN_GROUP_RID_USERS); - RtlFreeHeap(RtlGetProcessHeap(), 0, DomainSid); - - /* Member of the domain */ - TokenGroups->Groups[GroupCount].Sid = Sid; - TokenGroups->Groups[GroupCount].Attributes = - SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY; - *PrimaryGroupSid = Sid; - GroupCount++; - - /* Member of 'Everyone' */ - RtlAllocateAndInitializeSid(&WorldAuthority, - 1, - SECURITY_WORLD_RID, - SECURITY_NULL_RID, - SECURITY_NULL_RID, - SECURITY_NULL_RID, - SECURITY_NULL_RID, - SECURITY_NULL_RID, - SECURITY_NULL_RID, - SECURITY_NULL_RID, - &Sid); - TokenGroups->Groups[GroupCount].Sid = Sid; - TokenGroups->Groups[GroupCount].Attributes = - SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY; - GroupCount++; - -#if 1 - /* Member of 'Administrators' */ - RtlAllocateAndInitializeSid(&SystemAuthority, - 2, - SECURITY_BUILTIN_DOMAIN_RID, - DOMAIN_ALIAS_RID_ADMINS, - SECURITY_NULL_RID, - SECURITY_NULL_RID, - SECURITY_NULL_RID, - SECURITY_NULL_RID, - SECURITY_NULL_RID, - SECURITY_NULL_RID, - &Sid); - TokenGroups->Groups[GroupCount].Sid = Sid; - TokenGroups->Groups[GroupCount].Attributes = - SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY; - GroupCount++; -#else - TRACE("Not adding user to Administrators group\n"); -#endif - - /* Member of 'Users' */ - RtlAllocateAndInitializeSid(&SystemAuthority, - 2, - SECURITY_BUILTIN_DOMAIN_RID, - DOMAIN_ALIAS_RID_USERS, - SECURITY_NULL_RID, - SECURITY_NULL_RID, - SECURITY_NULL_RID, - SECURITY_NULL_RID, - SECURITY_NULL_RID, - SECURITY_NULL_RID, - &Sid); - TokenGroups->Groups[GroupCount].Sid = Sid; - TokenGroups->Groups[GroupCount].Attributes = - SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY; - GroupCount++; - - /* Logon SID */ - RtlAllocateAndInitializeSid(&SystemAuthority, - SECURITY_LOGON_IDS_RID_COUNT, - SECURITY_LOGON_IDS_RID, - Luid.HighPart, - Luid.LowPart, - SECURITY_NULL_RID, - SECURITY_NULL_RID, - SECURITY_NULL_RID, - SECURITY_NULL_RID, - SECURITY_NULL_RID, - &Sid); - TokenGroups->Groups[GroupCount].Sid = Sid; - TokenGroups->Groups[GroupCount].Attributes = - SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY | SE_GROUP_LOGON_ID; - GroupCount++; - *OwnerSid = Sid; - - /* Member of 'Local users */ - RtlAllocateAndInitializeSid(&LocalAuthority, - 1, - SECURITY_LOCAL_RID, - SECURITY_NULL_RID, - SECURITY_NULL_RID, - SECURITY_NULL_RID, - SECURITY_NULL_RID, - SECURITY_NULL_RID, - SECURITY_NULL_RID, - SECURITY_NULL_RID, - &Sid); - TokenGroups->Groups[GroupCount].Sid = Sid; - TokenGroups->Groups[GroupCount].Attributes = - SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY; - GroupCount++; - - /* Member of 'Interactive users' */ - RtlAllocateAndInitializeSid(&SystemAuthority, - 1, - SECURITY_INTERACTIVE_RID, - SECURITY_NULL_RID, - SECURITY_NULL_RID, - SECURITY_NULL_RID, - SECURITY_NULL_RID, - SECURITY_NULL_RID, - SECURITY_NULL_RID, - SECURITY_NULL_RID, - &Sid); - TokenGroups->Groups[GroupCount].Sid = Sid; - TokenGroups->Groups[GroupCount].Attributes = - SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY; - GroupCount++; - - /* Member of 'Authenticated users' */ - RtlAllocateAndInitializeSid(&SystemAuthority, - 1, - SECURITY_AUTHENTICATED_USER_RID, - SECURITY_NULL_RID, - SECURITY_NULL_RID, - SECURITY_NULL_RID, - SECURITY_NULL_RID, - SECURITY_NULL_RID, - SECURITY_NULL_RID, - SECURITY_NULL_RID, - &Sid); - TokenGroups->Groups[GroupCount].Sid = Sid; - TokenGroups->Groups[GroupCount].Attributes = - SE_GROUP_ENABLED | SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_MANDATORY; - GroupCount++; - - TokenGroups->GroupCount = GroupCount; - ASSERT(TokenGroups->GroupCount <= MAX_GROUPS); - - return TokenGroups; -} - - -static VOID -FreeGroupSids(PTOKEN_GROUPS TokenGroups) -{ - ULONG i; - - for (i = 0; i < TokenGroups->GroupCount; i++) - { - if (TokenGroups->Groups[i].Sid != NULL) - RtlFreeHeap(GetProcessHeap(), 0, TokenGroups->Groups[i].Sid); - } - - RtlFreeHeap(GetProcessHeap(), 0, TokenGroups); -} -#endif - - -/* - * @unimplemented +/* + * @implemented */ BOOL WINAPI LogonUserW(LPWSTR lpszUsername, @@ -581,13 +222,15 @@ DWORD dwLogonProvider, PHANDLE phToken) { -#ifdef NEW_LOGON + SID_IDENTIFIER_AUTHORITY LocalAuthority = {SECURITY_LOCAL_SID_AUTHORITY}; + SID_IDENTIFIER_AUTHORITY SystemAuthority = {SECURITY_NT_AUTHORITY}; LSA_STRING LogonProcessName; LSA_STRING PackageName; HANDLE LsaHandle = NULL; LSA_OPERATIONAL_MODE SecurityMode = 0; ULONG AuthenticationPackage = 0; - + PSID LogonSid = NULL; + PSID LocalSid = NULL; LSA_STRING OriginName; UNICODE_STRING DomainName; UNICODE_STRING UserName; @@ -596,10 +239,11 @@ ULONG AuthInfoLength; ULONG_PTR Ptr; TOKEN_SOURCE TokenSource; - + PTOKEN_GROUPS TokenGroups = NULL; PMSV1_0_INTERACTIVE_PROFILE ProfileBuffer = NULL; ULONG ProfileBufferLength = 0; LUID Luid = {0, 0}; + LUID LogonId = {0, 0}; HANDLE TokenHandle = NULL; QUOTA_LIMITS QuotaLimits; NTSTATUS SubStatus = STATUS_SUCCESS; @@ -659,7 +303,6 @@ Status = STATUS_INSUFFICIENT_RESOURCES; goto done; } - AuthInfo->MessageType = MsV1_0InteractiveLogon; @@ -695,9 +338,57 @@ Password.Buffer, Password.MaximumLength); - /* FIXME: Add LocalGroups here */ - - strcpy(TokenSource.SourceName, "Bla"); + /* Create the Logon SID*/ + AllocateLocallyUniqueId(&LogonId); + Status = RtlAllocateAndInitializeSid(&SystemAuthority, + SECURITY_LOGON_IDS_RID_COUNT, + SECURITY_LOGON_IDS_RID, + LogonId.HighPart, + LogonId.LowPart, + SECURITY_NULL_RID, + SECURITY_NULL_RID, + SECURITY_NULL_RID, + SECURITY_NULL_RID, + SECURITY_NULL_RID, + &LogonSid); + if (!NT_SUCCESS(Status)) + goto done; + + /* Create the Local SID*/ + Status = RtlAllocateAndInitializeSid(&LocalAuthority, + 1, + SECURITY_LOCAL_RID, + SECURITY_NULL_RID, + SECURITY_NULL_RID, + SECURITY_NULL_RID, + SECURITY_NULL_RID, + SECURITY_NULL_RID, + SECURITY_NULL_RID, + SECURITY_NULL_RID, + &LocalSid); + if (!NT_SUCCESS(Status)) + goto done; + + /* Allocate and set the token groups */ + TokenGroups = RtlAllocateHeap(RtlGetProcessHeap(), + HEAP_ZERO_MEMORY, + sizeof(TOKEN_GROUPS) + ((2 - ANYSIZE_ARRAY) * sizeof(SID_AND_ATTRIBUTES))); + if (TokenGroups == NULL) + { + Status = STATUS_INSUFFICIENT_RESOURCES; + goto done; + } + + TokenGroups->GroupCount = 2; + TokenGroups->Groups[0].Sid = LogonSid; + TokenGroups->Groups[0].Attributes = SE_GROUP_MANDATORY | SE_GROUP_ENABLED | + SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_LOGON_ID; + TokenGroups->Groups[1].Sid = LocalSid; + TokenGroups->Groups[1].Attributes = SE_GROUP_MANDATORY | SE_GROUP_ENABLED | + SE_GROUP_ENABLED_BY_DEFAULT; + + /* Set the token source */ + strcpy(TokenSource.SourceName, "LogonUser"); AllocateLocallyUniqueId(&TokenSource.SourceIdentifier); Status = LsaLogonUser(LsaHandle, @@ -706,7 +397,7 @@ AuthenticationPackage, (PVOID)AuthInfo, AuthInfoLength, - NULL, /* LocalGroups */ + TokenGroups, &TokenSource, (PVOID*)&ProfileBuffer, &ProfileBufferLength, @@ -751,6 +442,15 @@ CloseHandle(TokenHandle); } + if (TokenGroups != NULL) + RtlFreeHeap(RtlGetProcessHeap(), 0, TokenGroups); + + if (LocalSid != NULL) + RtlFreeSid(LocalSid); + + if (LogonSid != NULL) + RtlFreeSid(LogonSid); + if (AuthInfo != NULL) RtlFreeHeap(RtlGetProcessHeap(), 0, AuthInfo); @@ -770,206 +470,6 @@ } return TRUE; -#else - /* FIXME shouldn't use hard-coded list of privileges */ - static struct - { - LPCWSTR PrivName; - DWORD Attributes; - } - DefaultPrivs[] = - { - { L"SeMachineAccountPrivilege", 0 }, - { L"SeSecurityPrivilege", 0 }, - { L"SeTakeOwnershipPrivilege", 0 }, - { L"SeLoadDriverPrivilege", 0 }, - { L"SeSystemProfilePrivilege", 0 }, - { L"SeSystemtimePrivilege", 0 }, - { L"SeProfileSingleProcessPrivilege", 0 }, - { L"SeIncreaseBasePriorityPrivilege", 0 }, - { L"SeCreatePagefilePrivilege", 0 }, - { L"SeBackupPrivilege", 0 }, - { L"SeRestorePrivilege", 0 }, - { L"SeShutdownPrivilege", 0 }, - { L"SeDebugPrivilege", 0 }, - { L"SeSystemEnvironmentPrivilege", 0 }, - { L"SeChangeNotifyPrivilege", SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT }, - { L"SeRemoteShutdownPrivilege", 0 }, - { L"SeUndockPrivilege", 0 }, - { L"SeEnableDelegationPrivilege", 0 }, - { L"SeImpersonatePrivilege", SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT }, - { L"SeCreateGlobalPrivilege", SE_PRIVILEGE_ENABLED | SE_PRIVILEGE_ENABLED_BY_DEFAULT } - }; - OBJECT_ATTRIBUTES ObjectAttributes; - SECURITY_QUALITY_OF_SERVICE Qos; - TOKEN_USER TokenUser; - TOKEN_OWNER TokenOwner; - TOKEN_PRIMARY_GROUP TokenPrimaryGroup; - PTOKEN_GROUPS TokenGroups = NULL; - PTOKEN_PRIVILEGES TokenPrivileges = NULL; - TOKEN_DEFAULT_DACL TokenDefaultDacl; - LARGE_INTEGER ExpirationTime; - LUID AuthenticationId; - TOKEN_SOURCE TokenSource; - PSID UserSid = NULL; - PSID PrimaryGroupSid = NULL; - PSID OwnerSid = NULL; - PSID LocalSystemSid; - PACL Dacl = NULL; - SID_IDENTIFIER_AUTHORITY SystemAuthority = {SECURITY_NT_AUTHORITY}; - unsigned i; - NTSTATUS Status = STATUS_SUCCESS; - - Qos.Length = sizeof(SECURITY_QUALITY_OF_SERVICE); - Qos.ImpersonationLevel = SecurityAnonymous; - Qos.ContextTrackingMode = SECURITY_STATIC_TRACKING; - Qos.EffectiveOnly = FALSE; - - ObjectAttributes.Length = sizeof(OBJECT_ATTRIBUTES); - ObjectAttributes.RootDirectory = NULL; - ObjectAttributes.ObjectName = NULL; - ObjectAttributes.Attributes = 0; - ObjectAttributes.SecurityDescriptor = NULL; - ObjectAttributes.SecurityQualityOfService = &Qos; - - Status = NtAllocateLocallyUniqueId(&AuthenticationId); - if (!NT_SUCCESS(Status)) - { - return FALSE; - } - - ExpirationTime.QuadPart = -1; - - /* Get the user SID from the registry */ - if (!GetUserSid (lpszUsername, &UserSid)) - { - ERR("GetUserSid() failed\n"); - return FALSE; - } - - TokenUser.User.Sid = UserSid; - TokenUser.User.Attributes = 0; - - /* Allocate and initialize token groups */ - TokenGroups = AllocateGroupSids(&PrimaryGroupSid, - &OwnerSid); - if (TokenGroups == NULL) - { - Status = STATUS_INSUFFICIENT_RESOURCES; - goto done; - } - - /* Allocate and initialize token privileges */ - TokenPrivileges = RtlAllocateHeap(GetProcessHeap(), 0, - sizeof(TOKEN_PRIVILEGES) - + sizeof(DefaultPrivs) / sizeof(DefaultPrivs[0]) - * sizeof(LUID_AND_ATTRIBUTES)); - if (TokenPrivileges == NULL) - { - Status = STATUS_INSUFFICIENT_RESOURCES; - goto done; - } - - TokenPrivileges->PrivilegeCount = 0; - for (i = 0; i < sizeof(DefaultPrivs) / sizeof(DefaultPrivs[0]); i++) - { - if (! LookupPrivilegeValueW(NULL, - DefaultPrivs[i].PrivName, - &TokenPrivileges->Privileges[TokenPrivileges->PrivilegeCount].Luid)) - { - WARN("Can't set privilege %S\n", DefaultPrivs[i].PrivName); - } - else - { - TokenPrivileges->Privileges[TokenPrivileges->PrivilegeCount].Attributes = DefaultPrivs[i].Attributes; - TokenPrivileges->PrivilegeCount++; - } - } - - TokenOwner.Owner = OwnerSid; - TokenPrimaryGroup.PrimaryGroup = PrimaryGroupSid; - - Dacl = RtlAllocateHeap(GetProcessHeap(), 0, 1024); - if (Dacl == NULL) - { - Status = STATUS_INSUFFICIENT_RESOURCES; - goto done; - } - - Status = RtlCreateAcl(Dacl, 1024, ACL_REVISION); - if (!NT_SUCCESS(Status)) - goto done; - - RtlAddAccessAllowedAce(Dacl, - ACL_REVISION, - GENERIC_ALL, - OwnerSid); - - RtlAllocateAndInitializeSid(&SystemAuthority, - 1, - SECURITY_LOCAL_SYSTEM_RID, - SECURITY_NULL_RID, - SECURITY_NULL_RID, - SECURITY_NULL_RID, - SECURITY_NULL_RID, - SECURITY_NULL_RID, - SECURITY_NULL_RID, - SECURITY_NULL_RID, - &LocalSystemSid); - - /* SID: S-1-5-18 */ - RtlAddAccessAllowedAce(Dacl, - ACL_REVISION, - GENERIC_ALL, - LocalSystemSid); - - RtlFreeSid(LocalSystemSid); - - TokenDefaultDacl.DefaultDacl = Dacl; - - memcpy(TokenSource.SourceName, - "User32 ", - 8); - - Status = NtAllocateLocallyUniqueId(&TokenSource.SourceIdentifier); - if (!NT_SUCCESS(Status)) - { - RtlFreeHeap(GetProcessHeap(), 0, Dacl); - FreeGroupSids(TokenGroups); - RtlFreeHeap(GetProcessHeap(), 0, TokenPrivileges); - RtlFreeSid(UserSid); - return FALSE; - } - - Status = NtCreateToken(phToken, - TOKEN_ALL_ACCESS, - &ObjectAttributes, - TokenPrimary, - &AuthenticationId, - &ExpirationTime, - &TokenUser, - TokenGroups, - TokenPrivileges, - &TokenOwner, - &TokenPrimaryGroup, - &TokenDefaultDacl, - &TokenSource); - -done: - if (Dacl != NULL) - RtlFreeHeap(GetProcessHeap(), 0, Dacl); - - if (TokenGroups != NULL) - FreeGroupSids(TokenGroups); - - if (TokenPrivileges != NULL) - RtlFreeHeap(GetProcessHeap(), 0, TokenPrivileges); - - if (UserSid != NULL) - RtlFreeHeap(GetProcessHeap(), 0, UserSid); - - return NT_SUCCESS(Status); -#endif } /* EOF */