https://git.reactos.org/?p=reactos.git;a=commitdiff;h=97382dee461e4174fcc51… commit 97382dee461e4174fcc517d090fad9727ac41d6d Author: Eric Kohl <eric.kohl(a)reactos.org> AuthorDate: Tue Sep 4 23:15:15 2018 +0200 Commit: Eric Kohl <eric.kohl(a)reactos.org> CommitDate: Tue Sep 4 23:15:15 2018 +0200 [MSV1_0] Use the account expiration time and check account expiration on logon --- dll/win32/msv1_0/msv1_0.c | 32 +++++++++++++++++++------------- 1 file changed, 19 insertions(+), 13 deletions(-) diff --git a/dll/win32/msv1_0/msv1_0.c b/dll/win32/msv1_0/msv1_0.c index 8c9a1b617b..ce47f0819f 100644 --- a/dll/win32/msv1_0/msv1_0.c +++ b/dll/win32/msv1_0/msv1_0.c @@ -143,11 +143,11 @@ BuildInteractiveProfileBuffer(IN PLSA_CLIENT_REQUEST ClientRequest, LocalBuffer->LogonTime.LowPart = UserInfo->All.LastLogon.LowPart; LocalBuffer->LogonTime.HighPart = UserInfo->All.LastLogon.HighPart; -// LocalBuffer->LogoffTime.LowPart = -// LocalBuffer->LogoffTime.HighPart = + LocalBuffer->LogoffTime.LowPart = UserInfo->All.AccountExpires.LowPart; + LocalBuffer->LogoffTime.HighPart = UserInfo->All.AccountExpires.HighPart; -// LocalBuffer->KickOffTime.LowPart = -// LocalBuffer->KickOffTime.HighPart = + LocalBuffer->KickOffTime.LowPart = UserInfo->All.AccountExpires.LowPart; + LocalBuffer->KickOffTime.HighPart = UserInfo->All.AccountExpires.HighPart; LocalBuffer->PasswordLastSet.LowPart = UserInfo->All.PasswordLastSet.LowPart; LocalBuffer->PasswordLastSet.HighPart = UserInfo->All.PasswordLastSet.HighPart; @@ -267,6 +267,7 @@ AppendRidToSid(PSID SrcSid, return DstSid; } + static NTSTATUS BuildTokenUser(OUT PTOKEN_USER User, @@ -415,32 +416,41 @@ BuildTokenInformationBuffer(PLSA_TOKEN_INFORMATION_V1 *TokenInformation, Buffer = DispatchTable.AllocateLsaHeap(sizeof(LSA_TOKEN_INFORMATION_V1)); if (Buffer == NULL) { - TRACE("Failed to allocate the local buffer!\n"); + WARN("Failed to allocate the local buffer!\n"); Status = STATUS_INSUFFICIENT_RESOURCES; goto done; } - /* FIXME: */ - Buffer->ExpirationTime.QuadPart = -1; + Buffer->ExpirationTime.LowPart = UserInfo->All.AccountExpires.LowPart; + Buffer->ExpirationTime.HighPart = UserInfo->All.AccountExpires.HighPart; Status = BuildTokenUser(&Buffer->User, (PSID)AccountDomainSid, UserInfo->All.UserId); if (!NT_SUCCESS(Status)) + { + WARN("BuildTokenUser() failed (Status 0x%08lx)\n", Status); goto done; + } Status = BuildTokenPrimaryGroup(&Buffer->PrimaryGroup, (PSID)AccountDomainSid, UserInfo->All.PrimaryGroupId); if (!NT_SUCCESS(Status)) + { + WARN("BuildTokenPrimaryGroup() failed (Status 0x%08lx)\n", Status); goto done; + } Status = BuildTokenGroups(&Buffer->Groups, (PSID)AccountDomainSid, UserInfo->All.UserId, SpecialAccount); if (!NT_SUCCESS(Status)) + { + WARN("BuildTokenGroups() failed (Status 0x%08lx)\n", Status); goto done; + } *TokenInformation = Buffer; @@ -1029,7 +1039,7 @@ LsaApLogonUser(IN PLSA_CLIENT_REQUEST ClientRequest, UNICODE_STRING LogonServer; BOOLEAN SessionCreated = FALSE; LARGE_INTEGER LogonTime; -// LARGE_INTEGER AccountExpires; + LARGE_INTEGER AccountExpires; LARGE_INTEGER PasswordMustChange; LARGE_INTEGER PasswordLastSet; BOOL SpecialAccount = FALSE; @@ -1247,20 +1257,16 @@ LsaApLogonUser(IN PLSA_CLIENT_REQUEST ClientRequest, goto done; } -#if 0 /* Check if the account expired */ AccountExpires.LowPart = UserInfo->All.AccountExpires.LowPart; AccountExpires.HighPart = UserInfo->All.AccountExpires.HighPart; - - if (AccountExpires.QuadPart != 0 && - LogonTime.QuadPart >= AccountExpires.QuadPart) + if (LogonTime.QuadPart >= AccountExpires.QuadPart) { ERR("Account expired!\n"); *SubStatus = STATUS_ACCOUNT_EXPIRED; Status = STATUS_ACCOUNT_RESTRICTION; goto done; } -#endif /* Check if the password expired */ PasswordMustChange.LowPart = UserInfo->All.PasswordMustChange.LowPart;