[ekohl] 61932: [MSGINA] Use our own implementation of LogonUser instead of the one from advapi32 in order to use only one LSA connection.
2 Feb
2014
2 Feb
'14
9:52 p.m.
Author: ekohl
Date: Sun Feb 2 21:52:27 2014
New Revision: 61932
URL: http://svn.reactos.org/svn/reactos?rev=61932&view=rev
Log:
[MSGINA]
Use our own implementation of LogonUser instead of the one from advapi32 in order to use
only one LSA connection.
Modified:
trunk/reactos/dll/win32/msgina/gui.c
trunk/reactos/dll/win32/msgina/lsa.c
trunk/reactos/dll/win32/msgina/msgina.c
trunk/reactos/dll/win32/msgina/msgina.h
trunk/reactos/dll/win32/msgina/tui.c
Modified: trunk/reactos/dll/win32/msgina/gui.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/msgina/gui.c?rev…
==============================================================================
--- trunk/reactos/dll/win32/msgina/gui.c [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/msgina/gui.c [iso-8859-1] Sun Feb 2 21:52:27 2014
@@ -829,7 +829,7 @@
else
{
/* Wrong user name */
- if (DoAdminUnlock(UserName, NULL, Password))
+ if (DoAdminUnlock(pgContext, UserName, NULL, Password))
{
*Action = WLX_SAS_ACTION_UNLOCK_WKSTA;
res = TRUE;
Modified: trunk/reactos/dll/win32/msgina/lsa.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/msgina/lsa.c?rev…
==============================================================================
--- trunk/reactos/dll/win32/msgina/lsa.c [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/msgina/lsa.c [iso-8859-1] Sun Feb 2 21:52:27 2014
@@ -49,4 +49,223 @@
return TRUE;
}
+
+BOOL
+MyLogonUser(
+ HANDLE LsaHandle,
+ ULONG AuthenticationPackage,
+ LPWSTR lpszUsername,
+ LPWSTR lpszDomain,
+ LPWSTR lpszPassword,
+ PHANDLE phToken)
+{
+ SID_IDENTIFIER_AUTHORITY LocalAuthority = {SECURITY_LOCAL_SID_AUTHORITY};
+ SID_IDENTIFIER_AUTHORITY SystemAuthority = {SECURITY_NT_AUTHORITY};
+ PSID LogonSid = NULL;
+ PSID LocalSid = NULL;
+ LSA_STRING OriginName;
+ UNICODE_STRING DomainName;
+ UNICODE_STRING UserName;
+ UNICODE_STRING Password;
+ PMSV1_0_INTERACTIVE_LOGON AuthInfo = NULL;
+ ULONG AuthInfoLength;
+ ULONG_PTR Ptr;
+ TOKEN_SOURCE TokenSource;
+ PTOKEN_GROUPS TokenGroups = NULL;
+ PMSV1_0_INTERACTIVE_PROFILE ProfileBuffer = NULL;
+ ULONG ProfileBufferLength = 0;
+ LUID Luid = {0, 0};
+ LUID LogonId = {0, 0};
+ HANDLE TokenHandle = NULL;
+ QUOTA_LIMITS QuotaLimits;
+ NTSTATUS SubStatus = STATUS_SUCCESS;
+ NTSTATUS Status;
+
+ *phToken = NULL;
+
+ RtlInitAnsiString((PANSI_STRING)&OriginName,
+ "MSGINA Logon");
+
+ RtlInitUnicodeString(&DomainName,
+ lpszDomain);
+
+ RtlInitUnicodeString(&UserName,
+ lpszUsername);
+
+ RtlInitUnicodeString(&Password,
+ lpszPassword);
+
+ AuthInfoLength = sizeof(MSV1_0_INTERACTIVE_LOGON)+
+ DomainName.MaximumLength +
+ UserName.MaximumLength +
+ Password.MaximumLength;
+
+ AuthInfo = RtlAllocateHeap(RtlGetProcessHeap(),
+ HEAP_ZERO_MEMORY,
+ AuthInfoLength);
+ if (AuthInfo == NULL)
+ {
+ Status = STATUS_INSUFFICIENT_RESOURCES;
+ goto done;
+ }
+
+ AuthInfo->MessageType = MsV1_0InteractiveLogon;
+
+ Ptr = (ULONG_PTR)AuthInfo + sizeof(MSV1_0_INTERACTIVE_LOGON);
+
+ AuthInfo->LogonDomainName.Length = DomainName.Length;
+ AuthInfo->LogonDomainName.MaximumLength = DomainName.MaximumLength;
+ AuthInfo->LogonDomainName.Buffer = (DomainName.Buffer == NULL) ? NULL :
(PWCHAR)Ptr;
+ if (DomainName.MaximumLength > 0)
+ {
+ RtlCopyMemory(AuthInfo->LogonDomainName.Buffer,
+ DomainName.Buffer,
+ DomainName.MaximumLength);
+
+ Ptr += DomainName.MaximumLength;
+ }
+
+ AuthInfo->UserName.Length = UserName.Length;
+ AuthInfo->UserName.MaximumLength = UserName.MaximumLength;
+ AuthInfo->UserName.Buffer = (PWCHAR)Ptr;
+ if (UserName.MaximumLength > 0)
+ RtlCopyMemory(AuthInfo->UserName.Buffer,
+ UserName.Buffer,
+ UserName.MaximumLength);
+
+ Ptr += UserName.MaximumLength;
+
+ AuthInfo->Password.Length = Password.Length;
+ AuthInfo->Password.MaximumLength = Password.MaximumLength;
+ AuthInfo->Password.Buffer = (PWCHAR)Ptr;
+ if (Password.MaximumLength > 0)
+ RtlCopyMemory(AuthInfo->Password.Buffer,
+ Password.Buffer,
+ Password.MaximumLength);
+
+ /* Create the Logon SID*/
+ AllocateLocallyUniqueId(&LogonId);
+ Status = RtlAllocateAndInitializeSid(&SystemAuthority,
+ SECURITY_LOGON_IDS_RID_COUNT,
+ SECURITY_LOGON_IDS_RID,
+ LogonId.HighPart,
+ LogonId.LowPart,
+ SECURITY_NULL_RID,
+ SECURITY_NULL_RID,
+ SECURITY_NULL_RID,
+ SECURITY_NULL_RID,
+ SECURITY_NULL_RID,
+ &LogonSid);
+ if (!NT_SUCCESS(Status))
+ goto done;
+
+ /* Create the Local SID*/
+ Status = RtlAllocateAndInitializeSid(&LocalAuthority,
+ 1,
+ SECURITY_LOCAL_RID,
+ SECURITY_NULL_RID,
+ SECURITY_NULL_RID,
+ SECURITY_NULL_RID,
+ SECURITY_NULL_RID,
+ SECURITY_NULL_RID,
+ SECURITY_NULL_RID,
+ SECURITY_NULL_RID,
+ &LocalSid);
+ if (!NT_SUCCESS(Status))
+ goto done;
+
+ /* Allocate and set the token groups */
+ TokenGroups = RtlAllocateHeap(RtlGetProcessHeap(),
+ HEAP_ZERO_MEMORY,
+ sizeof(TOKEN_GROUPS) + ((2 - ANYSIZE_ARRAY) *
sizeof(SID_AND_ATTRIBUTES)));
+ if (TokenGroups == NULL)
+ {
+ Status = STATUS_INSUFFICIENT_RESOURCES;
+ goto done;
+ }
+
+ TokenGroups->GroupCount = 2;
+ TokenGroups->Groups[0].Sid = LogonSid;
+ TokenGroups->Groups[0].Attributes = SE_GROUP_MANDATORY | SE_GROUP_ENABLED |
+ SE_GROUP_ENABLED_BY_DEFAULT | SE_GROUP_LOGON_ID;
+ TokenGroups->Groups[1].Sid = LocalSid;
+ TokenGroups->Groups[1].Attributes = SE_GROUP_MANDATORY | SE_GROUP_ENABLED |
+ SE_GROUP_ENABLED_BY_DEFAULT;
+
+ /* Set the token source */
+ strcpy(TokenSource.SourceName, "LogonUser");
+ AllocateLocallyUniqueId(&TokenSource.SourceIdentifier);
+
+ Status = LsaLogonUser(LsaHandle,
+ &OriginName,
+ Interactive,
+ AuthenticationPackage,
+ (PVOID)AuthInfo,
+ AuthInfoLength,
+ TokenGroups,
+ &TokenSource,
+ (PVOID*)&ProfileBuffer,
+ &ProfileBufferLength,
+ &Luid,
+ &TokenHandle,
+ &QuotaLimits,
+ &SubStatus);
+ if (!NT_SUCCESS(Status))
+ {
+ ERR("LsaLogonUser failed (Status 0x%08lx)\n", Status);
+ goto done;
+ }
+
+ if (ProfileBuffer != NULL)
+ {
+ TRACE("ProfileBuffer: %p\n", ProfileBuffer);
+ TRACE("MessageType: %u\n", ProfileBuffer->MessageType);
+
+ TRACE("FullName: %p\n", ProfileBuffer->FullName.Buffer);
+ TRACE("FullName: %S\n", ProfileBuffer->FullName.Buffer);
+
+ TRACE("LogonServer: %p\n", ProfileBuffer->LogonServer.Buffer);
+ TRACE("LogonServer: %S\n", ProfileBuffer->LogonServer.Buffer);
+ }
+
+ TRACE("Luid: 0x%08lx%08lx\n", Luid.HighPart, Luid.LowPart);
+
+ if (TokenHandle != NULL)
+ {
+ TRACE("TokenHandle: %p\n", TokenHandle);
+ }
+
+ *phToken = TokenHandle;
+
+done:
+ if (ProfileBuffer != NULL)
+ LsaFreeReturnBuffer(ProfileBuffer);
+
+ if (!NT_SUCCESS(Status))
+ {
+ if (TokenHandle != NULL)
+ CloseHandle(TokenHandle);
+ }
+
+ if (TokenGroups != NULL)
+ RtlFreeHeap(RtlGetProcessHeap(), 0, TokenGroups);
+
+ if (LocalSid != NULL)
+ RtlFreeSid(LocalSid);
+
+ if (LogonSid != NULL)
+ RtlFreeSid(LogonSid);
+
+ if (AuthInfo != NULL)
+ RtlFreeHeap(RtlGetProcessHeap(), 0, AuthInfo);
+
+ if (!NT_SUCCESS(Status))
+ {
+ SetLastError(RtlNtStatusToDosError(Status));
+ return FALSE;
+ }
+
+ return TRUE;
+}
+
/* EOF */
Modified: trunk/reactos/dll/win32/msgina/msgina.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/msgina/msgina.c?…
==============================================================================
--- trunk/reactos/dll/win32/msgina/msgina.c [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/msgina/msgina.c [iso-8859-1] Sun Feb 2 21:52:27 2014
@@ -594,6 +594,7 @@
BOOL
DoAdminUnlock(
+ IN PGINA_CONTEXT pgContext,
IN PWSTR UserName,
IN PWSTR Domain,
IN PWSTR Password)
@@ -607,12 +608,15 @@
TRACE("(%S %S %S)\n", UserName, Domain, Password);
- if (!LogonUserW(UserName,
- Domain,
- Password,
- LOGON32_LOGON_INTERACTIVE,
- LOGON32_PROVIDER_DEFAULT,
- &hToken))
+ if (!ConnectToLsa(pgContext))
+ return FALSE;
+
+ if (!MyLogonUser(pgContext->LsaHandle,
+ pgContext->AuthenticationPackage,
+ UserName,
+ Domain,
+ Password,
+ &pgContext->UserToken))
{
WARN("LogonUserW() failed\n");
return FALSE;
@@ -683,10 +687,15 @@
DWORD dwLength;
BOOL bResult;
- if (!LogonUserW(UserName, Domain, Password,
- LOGON32_LOGON_INTERACTIVE,
- LOGON32_PROVIDER_DEFAULT,
- &pgContext->UserToken))
+ if (!ConnectToLsa(pgContext))
+ return FALSE;
+
+ if (!MyLogonUser(pgContext->LsaHandle,
+ pgContext->AuthenticationPackage,
+ UserName,
+ Domain,
+ Password,
+ &pgContext->UserToken))
{
WARN("LogonUserW() failed\n");
goto cleanup;
Modified: trunk/reactos/dll/win32/msgina/msgina.h
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/msgina/msgina.h?…
==============================================================================
--- trunk/reactos/dll/win32/msgina/msgina.h [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/msgina/msgina.h [iso-8859-1] Sun Feb 2 21:52:27 2014
@@ -90,10 +90,20 @@
ConnectToLsa(
PGINA_CONTEXT pgContext);
+BOOL
+MyLogonUser(
+ HANDLE LsaHandle,
+ ULONG AuthenticationPackage,
+ LPWSTR lpszUsername,
+ LPWSTR lpszDomain,
+ LPWSTR lpszPassword,
+ PHANDLE phToken);
+
/* msgina.c */
BOOL
DoAdminUnlock(
+ IN PGINA_CONTEXT pgContext,
IN PWSTR UserName,
IN PWSTR Domain,
IN PWSTR Password);
Modified: trunk/reactos/dll/win32/msgina/tui.c
URL:
http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/msgina/tui.c?rev…
==============================================================================
--- trunk/reactos/dll/win32/msgina/tui.c [iso-8859-1] (original)
+++ trunk/reactos/dll/win32/msgina/tui.c [iso-8859-1] Sun Feb 2 21:52:27 2014
@@ -233,14 +233,20 @@
if (!ReadString(IDS_ASKFORPASSWORD, Password, 256, FALSE))
return WLX_SAS_ACTION_NONE;
- if (!LogonUserW(UserName, NULL, Password,
- LOGON32_LOGON_UNLOCK,
- LOGON32_PROVIDER_DEFAULT,
- &hToken))
- {
- TRACE("LogonUserW() failed\n");
- return WLX_SAS_ACTION_NONE;
- }
+ if (!ConnectToLsa(pgContext))
+ return WLX_SAS_ACTION_NONE;
+
+ if (!MyLogonUser(pgContext->LsaHandle,
+ pgContext->AuthenticationPackage,
+ UserName,
+ NULL,
+ Password,
+ &hToken))
+ {
+ WARN("LogonUserW() failed\n");
+ return WLX_SAS_ACTION_NONE;
+ }
+
CloseHandle(hToken);
return WLX_SAS_ACTION_UNLOCK_WKSTA;
}
3933
days inactive
3933
days old
0 comments
1 participants
participants (1)
-
ekohl@svn.reactos.org