[ekohl] 58427: [LSASRV] - Get all procedure addresses of the loaded authentication packages and keep them in the authentication package entry. - Implement parts of the lda dispatch table (allocate ...
Author: ekohl Date: Mon Mar 4 21:32:44 2013 New Revision: 58427
URL: http://svn.reactos.org/svn/reactos?rev=58427&view=rev Log: [LSASRV] - Get all procedure addresses of the loaded authentication packages and keep them in the authentication package entry. - Implement parts of the lda dispatch table (allocate heap and free heap) and pass the table to LsaApInitializePackage call. - Implement authentication package lookup by name.
[MSV1_0] - Store the dispatch table entries passed to the LsaApInitializePackage call and use them to allocate a STRING to return the package name.
Modified: trunk/reactos/dll/win32/lsasrv/authpackage.c trunk/reactos/dll/win32/lsasrv/authport.c trunk/reactos/dll/win32/lsasrv/lsasrv.h trunk/reactos/dll/win32/msv1_0/msv1_0.c
Modified: trunk/reactos/dll/win32/lsasrv/authpackage.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/lsasrv/authpackag... ============================================================================== --- trunk/reactos/dll/win32/lsasrv/authpackage.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/lsasrv/authpackage.c [iso-8859-1] Mon Mar 4 21:32:44 2013 @@ -13,29 +13,67 @@ WINE_DEFAULT_DEBUG_CHANNEL(lsasrv);
- -typedef NTSTATUS (NTAPI *PLSA_AP_INITIALIZE_PACKAGE)(ULONG, PVOID /*PLSA_DISPATCH_TABLE*/, +typedef PVOID (NTAPI *PLSA_ALLOCATE_LSA_HEAP)(ULONG); +typedef VOID (NTAPI *PLSA_FREE_LSA_HEAP)(PVOID); + +typedef struct LSA_DISPATCH_TABLE +{ + PVOID /*PLSA_CREATE_LOGON_SESSION */ CreateLogonSession; + PVOID /*PLSA_DELETE_LOGON_SESSION */ DeleteLogonSession; + PVOID /*PLSA_ADD_CREDENTIAL */ AddCredential; + PVOID /*PLSA_GET_CREDENTIALS */ GetCredentials; + PVOID /*PLSA_DELETE_CREDENTIAL */ DeleteCredential; + PLSA_ALLOCATE_LSA_HEAP AllocateLsaHeap; + PLSA_FREE_LSA_HEAP FreeLsaHeap; + PVOID /*PLSA_ALLOCATE_CLIENT_BUFFER */ AllocateClientBuffer; + PVOID /*PLSA_FREE_CLIENT_BUFFER */ FreeClientBuffer; + PVOID /*PLSA_COPY_TO_CLIENT_BUFFER */ CopyToClientBuffer; + PVOID /*PLSA_COPY_FROM_CLIENT_BUFFER */ CopyFromClientBuffer; +} LSA_DISPATCH_TABLE, *PLSA_DISPATCH_TABLE; + + +typedef NTSTATUS (NTAPI *PLSA_AP_INITIALIZE_PACKAGE)(ULONG, PLSA_DISPATCH_TABLE, PLSA_STRING, PLSA_STRING, PLSA_STRING *); +typedef NTSTATUS (NTAPI *PLSA_AP_CALL_PACKAGE)(PUNICODE_STRING, PVOID, ULONG, + PVOID *, PULONG, PNTSTATUS); +typedef NTSTATUS (NTAPI *PLSA_AP_CALL_PACKAGE_PASSTHROUGH)(PUNICODE_STRING, + PVOID, PVOID, ULONG, PVOID *, PULONG, PNTSTATUS); +typedef NTSTATUS (NTAPI *PLSA_AP_CALL_PACKAGE_UNTRUSTED)(PVOID/*PLSA_CLIENT_REQUEST*/, + PVOID, PVOID, ULONG, PVOID *, PULONG, PNTSTATUS); +typedef VOID (NTAPI *PLSA_AP_LOGON_TERMINATED)(PLUID); +typedef NTSTATUS (NTAPI *PLSA_AP_LOGON_USER_EX2)(PVOID /*PLSA_CLIENT_REQUEST*/, + SECURITY_LOGON_TYPE, PVOID, PVOID, ULONG, PVOID *, PULONG, PLUID, PNTSTATUS, + PVOID /*PLSA_TOKEN_INFORMATION_TYPE*/, PVOID *, PUNICODE_STRING *, PUNICODE_STRING *, + PUNICODE_STRING *, PVOID /*PSECPKG_PRIMARY_CRED*/, PVOID /*PSECPKG_SUPPLEMENTAL_CRED_ARRAY **/); +typedef NTSTATUS (NTAPI *PLSA_AP_LOGON_USER_EX)(PVOID /*PLSA_CLIENT_REQUEST*/, + SECURITY_LOGON_TYPE, PVOID, PVOID, ULONG, PVOID *, PULONG, PLUID, PNTSTATUS, + PVOID /*PLSA_TOKEN_INFORMATION_TYPE*/, PVOID *, PUNICODE_STRING *, PUNICODE_STRING *, + PUNICODE_STRING *); +typedef NTSTATUS (NTAPI *PLSA_AP_LOGON_USER)(LPWSTR, LPWSTR, LPWSTR, LPWSTR, + DWORD, DWORD, PHANDLE);
typedef struct _AUTH_PACKAGE { LIST_ENTRY Entry; PSTRING Name; + ULONG Id; PVOID ModuleHandle;
PLSA_AP_INITIALIZE_PACKAGE LsaApInitializePackage; -// PLSA_AP_CALL_PACKAGE LsaApCallPackage; -// PLSA_AP_CALL_PACKAGE_UNTRUSTED LsaApCallPackageUntrusted; -// PLSA_AP_LOGON_TERMINATED LsaApLogonTerminated; -// PLSA_AP_LOGON_USER_EX2 LsaApLogonUserEx2; -// PLSA_AP_LOGON_USER_EX LsaApLogonUserEx; -// PLSA_AP_LOGON_USER LsaApLogonUser; + PLSA_AP_CALL_PACKAGE LsaApCallPackage; + PLSA_AP_CALL_PACKAGE_PASSTHROUGH LsaApCallPackagePassthrough; + PLSA_AP_CALL_PACKAGE_UNTRUSTED LsaApCallPackageUntrusted; + PLSA_AP_LOGON_TERMINATED LsaApLogonTerminated; + PLSA_AP_LOGON_USER_EX2 LsaApLogonUserEx2; + PLSA_AP_LOGON_USER_EX LsaApLogonUserEx; + PLSA_AP_LOGON_USER LsaApLogonUser; } AUTH_PACKAGE, *PAUTH_PACKAGE;
/* GLOBALS *****************************************************************/
static LIST_ENTRY PackageListHead; static ULONG PackageId; +static LSA_DISPATCH_TABLE DispatchTable;
/* FUNCTIONS ***************************************************************/
@@ -90,8 +128,80 @@ goto done; }
+ RtlInitAnsiString(&ProcName, "LsaApCallPackage"); + Status = LdrGetProcedureAddress(Package->ModuleHandle, + &ProcName, + 0, + (PVOID *)&Package->LsaApCallPackage); + if (!NT_SUCCESS(Status)) + { + TRACE("LdrGetProcedureAddress() failed (Status 0x%08lx)\n", Status); + goto done; + } + + RtlInitAnsiString(&ProcName, "LsaApCallPackagePassthrough"); + Status = LdrGetProcedureAddress(Package->ModuleHandle, + &ProcName, + 0, + (PVOID *)&Package->LsaApCallPackagePassthrough); + if (!NT_SUCCESS(Status)) + { + TRACE("LdrGetProcedureAddress() failed (Status 0x%08lx)\n", Status); + goto done; + } + + RtlInitAnsiString(&ProcName, "LsaApCallPackageUntrusted"); + Status = LdrGetProcedureAddress(Package->ModuleHandle, + &ProcName, + 0, + (PVOID *)&Package->LsaApCallPackageUntrusted); + if (!NT_SUCCESS(Status)) + { + TRACE("LdrGetProcedureAddress() failed (Status 0x%08lx)\n", Status); + goto done; + } + + RtlInitAnsiString(&ProcName, "LsaApLogonTerminated"); + Status = LdrGetProcedureAddress(Package->ModuleHandle, + &ProcName, + 0, + (PVOID *)&Package->LsaApLogonTerminated); + if (!NT_SUCCESS(Status)) + { + TRACE("LdrGetProcedureAddress() failed (Status 0x%08lx)\n", Status); + goto done; + } + + RtlInitAnsiString(&ProcName, "LsaApLogonUserEx2"); + Status = LdrGetProcedureAddress(Package->ModuleHandle, + &ProcName, + 0, + (PVOID *)&Package->LsaApLogonUserEx2); + if (!NT_SUCCESS(Status)) + { + RtlInitAnsiString(&ProcName, "LsaApLogonUserEx"); + Status = LdrGetProcedureAddress(Package->ModuleHandle, + &ProcName, + 0, + (PVOID *)&Package->LsaApLogonUserEx); + if (!NT_SUCCESS(Status)) + { + RtlInitAnsiString(&ProcName, "LsaApLogonUser"); + Status = LdrGetProcedureAddress(Package->ModuleHandle, + &ProcName, + 0, + (PVOID *)&Package->LsaApLogonUser); + if (!NT_SUCCESS(Status)) + { + TRACE("LdrGetProcedureAddress() failed (Status 0x%08lx)\n", Status); + goto done; + } + } + } + + /* Initialize the current package */ Status = Package->LsaApInitializePackage(*Id, - NULL, + &DispatchTable, NULL, NULL, &Package->Name); @@ -101,6 +211,9 @@ goto done; }
+ TRACE("Package Name: %s\n", Package->Name->Buffer); + + Package->Id = *Id; *Id++;
InsertTailList(&PackageListHead, &Package->Entry); @@ -113,11 +226,36 @@ if (Package->ModuleHandle != NULL) LdrUnloadDll(Package->ModuleHandle);
+ if (Package->Name != NULL) + { + if (Package->Name->Buffer != NULL) + RtlFreeHeap(RtlGetProcessHeap(), 0, Package->Name->Buffer); + + RtlFreeHeap(RtlGetProcessHeap(), 0, Package->Name); + } + RtlFreeHeap(RtlGetProcessHeap(), 0, Package); } }
return Status; +} + + +static +PVOID +NTAPI +LsapAllocateHeap(ULONG Size) +{ + return RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, Size); +} + +static +VOID +NTAPI +LsapFreeHeap(PVOID Ptr) +{ + RtlFreeHeap(RtlGetProcessHeap(), 0, Ptr); }
@@ -132,6 +270,19 @@
InitializeListHead(&PackageListHead); PackageId = 0; + + /* Initialize the dispatch table */ + DispatchTable.CreateLogonSession = NULL; + DispatchTable.DeleteLogonSession = NULL; + DispatchTable.AddCredential = NULL; + DispatchTable.GetCredentials = NULL; + DispatchTable.DeleteCredential = NULL; + DispatchTable.AllocateLsaHeap = &LsapAllocateHeap; + DispatchTable.FreeLsaHeap = &LsapFreeHeap; + DispatchTable.AllocateClientBuffer = NULL; + DispatchTable.FreeClientBuffer = NULL; + DispatchTable.CopyToClientBuffer = NULL; + DispatchTable.CopyFromClientBuffer = NULL;
/* Add registered authentication packages */ Status = RtlQueryRegistryValues(RTL_REGISTRY_CONTROL, @@ -144,4 +295,30 @@ return STATUS_SUCCESS; }
+ +NTSTATUS +LsapLookupAuthenticationPackageByName(IN PSTRING PackageName, + OUT PULONG PackageId) +{ + PLIST_ENTRY ListEntry; + PAUTH_PACKAGE Package; + + ListEntry = PackageListHead.Flink; + while (ListEntry != &PackageListHead) + { + Package = CONTAINING_RECORD(ListEntry, AUTH_PACKAGE, Entry); + + if ((PackageName->Length == Package->Name->Length) && + (_strnicmp(PackageName->Buffer, Package->Name->Buffer, Package->Name->Length) == 0)) + { + *PackageId = Package->Id; + return STATUS_SUCCESS; + } + + ListEntry = ListEntry->Flink; + } + + return STATUS_NO_SUCH_PACKAGE; +} + /* EOF */
Modified: trunk/reactos/dll/win32/lsasrv/authport.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/lsasrv/authport.c... ============================================================================== --- trunk/reactos/dll/win32/lsasrv/authport.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/lsasrv/authport.c [iso-8859-1] Mon Mar 4 21:32:44 2013 @@ -61,6 +61,9 @@ LsapLogonUser(PLSA_API_MSG RequestMsg, PLSAP_LOGON_CONTEXT LogonContext) { + PVOID LocalAuthInfo = NULL; + NTSTATUS Status = STATUS_SUCCESS; + TRACE("(%p %p)\n", RequestMsg, LogonContext);
TRACE("LogonType: %lu\n", RequestMsg->LogonUser.Request.LogonType); @@ -68,6 +71,48 @@ TRACE("AuthenticationInformation: %p\n", RequestMsg->LogonUser.Request.AuthenticationInformation); TRACE("AuthenticationInformationLength: %lu\n", RequestMsg->LogonUser.Request.AuthenticationInformationLength);
+ LocalAuthInfo = RtlAllocateHeap(RtlGetProcessHeap(), + HEAP_ZERO_MEMORY, + RequestMsg->LogonUser.Request.AuthenticationInformationLength); + if (LocalAuthInfo == NULL) + { + Status = STATUS_INSUFFICIENT_RESOURCES; + goto done; + } + + /* Read the authentication info from the callers adress space */ + Status = NtReadVirtualMemory(LogonContext->ClientProcessHandle, + RequestMsg->LogonUser.Request.AuthenticationInformation, + LocalAuthInfo, + RequestMsg->LogonUser.Request.AuthenticationInformationLength, + NULL); + if (!NT_SUCCESS(Status)) + goto done; + + if (RequestMsg->LogonUser.Request.LogonType == Interactive || + RequestMsg->LogonUser.Request.LogonType == Batch || + RequestMsg->LogonUser.Request.LogonType == Service) + { + PMSV1_0_INTERACTIVE_LOGON LogonInfo; + ULONG_PTR PtrOffset; + + LogonInfo = (PMSV1_0_INTERACTIVE_LOGON)LocalAuthInfo; + + /* Fix-up pointers in the authentication info */ + PtrOffset = (ULONG_PTR)LocalAuthInfo - (ULONG_PTR)RequestMsg->LogonUser.Request.AuthenticationInformation; + + LogonInfo->LogonDomainName.Buffer = (PWSTR)((ULONG_PTR)LogonInfo->LogonDomainName.Buffer + PtrOffset); + LogonInfo->UserName.Buffer = (PWSTR)((ULONG_PTR)LogonInfo->UserName.Buffer + PtrOffset); + LogonInfo->Password.Buffer = (PWSTR)((ULONG_PTR)LogonInfo->Password.Buffer + PtrOffset); + + TRACE("Domain: %S\n", LogonInfo->LogonDomainName.Buffer); + TRACE("User: %S\n", LogonInfo->UserName.Buffer); + TRACE("Password: %S\n", LogonInfo->Password.Buffer); + } + else + { + FIXME("LogonType %lu is not supported yet!\n", RequestMsg->LogonUser.Request.LogonType); + }
@@ -78,7 +123,11 @@ // QUOTA_LIMITS Quotas; RequestMsg->LogonUser.Reply.SubStatus = STATUS_SUCCESS;
- return STATUS_SUCCESS; +done: + if (LocalAuthInfo != NULL) + RtlFreeHeap(RtlGetProcessHeap(), 0, LocalAuthInfo); + + return Status; }
@@ -86,13 +135,25 @@ LsapLookupAuthenticationPackage(PLSA_API_MSG RequestMsg, PLSAP_LOGON_CONTEXT LogonContext) { + STRING PackageName; + ULONG PackageId; + NTSTATUS Status; + TRACE("(%p %p)\n", RequestMsg, LogonContext); - TRACE("PackageName: %s\n", RequestMsg->LookupAuthenticationPackage.Request.PackageName);
- RequestMsg->LookupAuthenticationPackage.Reply.Package = 0x12345678; - - return STATUS_SUCCESS; + PackageName.Length = RequestMsg->LookupAuthenticationPackage.Request.PackageNameLength; + PackageName.MaximumLength = LSASS_MAX_PACKAGE_NAME_LENGTH + 1; + PackageName.Buffer = RequestMsg->LookupAuthenticationPackage.Request.PackageName; + + Status = LsapLookupAuthenticationPackageByName(&PackageName, + &PackageId); + if (NT_SUCCESS(Status)) + { + RequestMsg->LookupAuthenticationPackage.Reply.Package = PackageId; + } + + return Status; }
Modified: trunk/reactos/dll/win32/lsasrv/lsasrv.h URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/lsasrv/lsasrv.h?r... ============================================================================== --- trunk/reactos/dll/win32/lsasrv/lsasrv.h [iso-8859-1] (original) +++ trunk/reactos/dll/win32/lsasrv/lsasrv.h [iso-8859-1] Mon Mar 4 21:32:44 2013 @@ -85,6 +85,10 @@ NTSTATUS LsapInitAuthPackages(VOID);
+NTSTATUS +LsapLookupAuthenticationPackageByName(IN PSTRING PackageName, + OUT PULONG PackageId); + /* authport.c */ NTSTATUS StartAuthenticationPort(VOID);
Modified: trunk/reactos/dll/win32/msv1_0/msv1_0.c URL: http://svn.reactos.org/svn/reactos/trunk/reactos/dll/win32/msv1_0/msv1_0.c?r... ============================================================================== --- trunk/reactos/dll/win32/msv1_0/msv1_0.c [iso-8859-1] (original) +++ trunk/reactos/dll/win32/msv1_0/msv1_0.c [iso-8859-1] Mon Mar 4 21:32:44 2013 @@ -11,6 +11,11 @@ #include "msv1_0.h"
WINE_DEFAULT_DEBUG_CHANNEL(msv1_0); + + +/* GLOBALS *****************************************************************/ + +LSA_DISPATCH_TABLE DispatchTable;
/* FUNCTIONS ***************************************************************/ @@ -80,10 +85,35 @@ IN PLSA_STRING Confidentiality OPTIONAL, OUT PLSA_STRING *AuthenticationPackageName) { + PANSI_STRING NameString; + PCHAR NameBuffer; + TRACE("(%lu %p %p %p %p)\n", AuthenticationPackageId, LsaDispatchTable, Database, Confidentiality, AuthenticationPackageName);
+ /* Get the dispatch table entries */ + DispatchTable.AllocateLsaHeap = LsaDispatchTable->AllocateLsaHeap; + DispatchTable.FreeLsaHeap = LsaDispatchTable->FreeLsaHeap; + + + /* Return the package name */ + NameString = DispatchTable.AllocateLsaHeap(sizeof(LSA_STRING)); + if (NameString == NULL) + return STATUS_INSUFFICIENT_RESOURCES; + + NameBuffer = DispatchTable.AllocateLsaHeap(sizeof(MSV1_0_PACKAGE_NAME)); + if (NameBuffer == NULL) + { + DispatchTable.FreeLsaHeap(NameString); + return STATUS_INSUFFICIENT_RESOURCES; + } + + strcpy(NameBuffer, MSV1_0_PACKAGE_NAME); + + RtlInitAnsiString(NameString, NameBuffer); + + *AuthenticationPackageName = (PLSA_STRING)NameString;
return STATUS_SUCCESS; }
-
ekohl@svn.reactos.org