drew
/
acadia-newlib
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

* cyglsa.c: Revamp debugging output. 

(LsaApInitializePackage): Open debugging output file here.
	(LsaApLogonUserEx): Replace LsaApLogonUser.  Add debugging output.
	Create machine name for accounting.  Add (disabled) code to fetch
	a token from GetAuthDataForUser/ConvertAuthDataToToken.
	* cyglsa.din: Relace LsaApLogonUser with LsaApLogonUserEx.
This commit is contained in:
Corinna Vinschen 2008-07-10 18:05:03 +00:00
parent c68cb84e88
commit ce96cfb292
3 changed files with 237 additions and 110 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
winsup/lsaauth/ChangeLog
View File

@ -1,3 +1,12 @@
2008-07-10 Corinna Vinschen <corinna@vinschen.de>
* cyglsa.c: Revamp debugging output.
(LsaApInitializePackage): Open debugging output file here.
(LsaApLogonUserEx): Replace LsaApLogonUser. Add debugging output.
Create machine name for accounting. Add (disabled) code to fetch
a token from GetAuthDataForUser/ConvertAuthDataToToken.
* cyglsa.din: Relace LsaApLogonUser with LsaApLogonUserEx.
2006-11-27 Corinna Vinschen <corinna@vinschen.de> 2006-11-27 Corinna Vinschen <corinna@vinschen.de>
Initial release of the Cygwin LSA authentication package. Initial release of the Cygwin LSA authentication package.

336
winsup/lsaauth/cyglsa.c
View File

@ -1,6 +1,6 @@
/* cyglsa.c: LSA authentication module for Cygwin /* cyglsa.c: LSA authentication module for Cygwin
Copyright 2006 Red Hat, Inc. Copyright 2006, 2008 Red Hat, Inc.
Written by Corinna Vinschen <corinna@vinschen.de> Written by Corinna Vinschen <corinna@vinschen.de>
@ -13,10 +13,12 @@ Cygwin license. Please consult the file "CYGWIN_LICENSE" for details. */
#define _CRT_SECURE_NO_DEPRECATE #define _CRT_SECURE_NO_DEPRECATE
#include <ntstatus.h> #include <ntstatus.h>
#define WIN32_NO_STATUS #define WIN32_NO_STATUS
#include <wchar.h>
#include <windows.h> #include <windows.h>
#include <wininet.h> #include <wininet.h>
#include <lm.h> #include <lm.h>
#include <ntsecapi.h> #include <ntsecapi.h>
#include <ntddk.h>
#include "../cygwin/cyglsa.h" #include "../cygwin/cyglsa.h"
#include "../cygwin/include/cygwin/version.h" #include "../cygwin/include/cygwin/version.h"
@ -37,6 +39,17 @@ DllMain (HINSTANCE inst, DWORD reason, LPVOID res)
return TRUE; return TRUE;
} }
#ifndef RtlInitEmptyUnicodeString
inline
VOID NTAPI RtlInitEmptyUnicodeString(PUNICODE_STRING dest, PCWSTR buf,
USHORT len)
{
dest->Length = 0;
dest->MaximumLength = len;
dest->Buffer = (PWSTR) buf;
}
#endif
static PUNICODE_STRING static PUNICODE_STRING
uni_alloc (PWCHAR src, DWORD len) uni_alloc (PWCHAR src, DWORD len)
{ {
@ -55,140 +68,136 @@ uni_alloc (PWCHAR src, DWORD len)
return tgt; return tgt;
} }
#ifdef DEBUGGING /* No, I don't want to include stdio.h so I take what ntdll offers. */
/* No, I don't want to include stdio.h... */ extern int _vsnprintf (char *, size_t, const char *, va_list);
extern int sprintf (const char *, const char *, ...);
static void static HANDLE fh = INVALID_HANDLE_VALUE;
print (HANDLE fh, const char *text, BOOL nl)
static int
printf (const char *format, ...)
{ {
char buf[256];
DWORD wr; DWORD wr;
int ret;
WriteFile (fh, text, strlen (text), &wr, NULL); if (fh == INVALID_HANDLE_VALUE)
if (nl) return 0;
WriteFile (fh, "\n", 1, &wr, NULL); va_list ap;
va_start (ap, format);
ret = _vsnprintf (buf, 256, format, ap);
va_end (ap);
if (ret <= 0)
return ret;
if (ret > 256)
ret = 255;
buf[255] = '\0';
WriteFile (fh, buf, ret, &wr, NULL);
return wr;
} }
static void static void
print_sid (HANDLE fh, const char *prefix, int idx, PISID sid) print_sid (const char *prefix, int idx, PISID sid)
{ {
char buf[256];
DWORD i; DWORD i;
print (fh, prefix, FALSE); printf ("%s", prefix);
if (idx >= 0) if (idx >= 0)
{ printf ("[%d] ", idx);
sprintf (buf, "[%d] ", idx); printf ("(0x%08x) ", (INT_PTR) sid);
print (fh, buf, FALSE);
}
sprintf (buf, "(0x%08x) ", (INT_PTR) sid);
print (fh, buf, FALSE);
if (!sid) if (!sid)
print (fh, "NULL", TRUE); printf ("NULL\n");
else if (IsBadReadPtr (sid, 8)) else if (IsBadReadPtr (sid, 8))
print (fh, "INVALID POINTER", TRUE); printf ("INVALID POINTER\n");
else if (!IsValidSid ((PSID) sid)) else if (!IsValidSid ((PSID) sid))
print (fh, "INVALID SID", TRUE); printf ("INVALID SID\n");
else if (IsBadReadPtr (sid, 8 + sizeof (DWORD) * sid->SubAuthorityCount)) else if (IsBadReadPtr (sid, 8 + sizeof (DWORD) * sid->SubAuthorityCount))
print (fh, "INVALID POINTER SPACE", TRUE); printf ("INVALID POINTER SPACE\n");
else else
{ {
sprintf (buf, "S-%d-%d", sid->Revision, sid->IdentifierAuthority.Value[5]); printf ("S-%d-%d", sid->Revision, sid->IdentifierAuthority.Value[5]);
for (i = 0; i < sid->SubAuthorityCount; ++i) for (i = 0; i < sid->SubAuthorityCount; ++i)
sprintf (buf + strlen (buf), "-%lu", sid->SubAuthority[i]); printf ("-%lu", sid->SubAuthority[i]);
print (fh, buf, TRUE); printf ("\n");
} }
} }
static void static void
print_groups (HANDLE fh, PTOKEN_GROUPS grps) print_groups (PTOKEN_GROUPS grps)
{ {
char buf[256];
DWORD i; DWORD i;
sprintf (buf, "Groups: (0x%08x) ", (INT_PTR) grps); printf ("Groups: (0x%08x) ", (INT_PTR) grps);
print (fh, buf, FALSE);
if (!grps) if (!grps)
print (fh, "NULL", TRUE); printf ("NULL\n");
else if (IsBadReadPtr (grps, sizeof (DWORD))) else if (IsBadReadPtr (grps, sizeof (DWORD)))
print (fh, "INVALID POINTER", TRUE); printf ("INVALID POINTER\n");
else if (IsBadReadPtr (grps, sizeof (DWORD) + sizeof (SID_AND_ATTRIBUTES) else if (IsBadReadPtr (grps, sizeof (DWORD) + sizeof (SID_AND_ATTRIBUTES)
* grps->GroupCount)) * grps->GroupCount))
print (fh, "INVALID POINTER SPACE", TRUE); printf ("INVALID POINTER SPACE\n");
else else
{ {
sprintf (buf, "Count: %lu", grps->GroupCount); printf ("Count: %lu\n", grps->GroupCount);
print (fh, buf, TRUE);
for (i = 0; i < grps->GroupCount; ++i) for (i = 0; i < grps->GroupCount; ++i)
{ {
sprintf (buf, "(attr: 0x%lx)", grps->Groups[i].Attributes); printf ("(attr: 0x%lx)", grps->Groups[i].Attributes);
print_sid (fh, " ", i, (PISID) grps->Groups[i].Sid); print_sid (" ", i, (PISID) grps->Groups[i].Sid);
} }
} }
} }
static void static void
print_privs (HANDLE fh, PTOKEN_PRIVILEGES privs) print_privs (PTOKEN_PRIVILEGES privs)
{ {
char buf[256];
DWORD i; DWORD i;
sprintf (buf, "Privileges: (0x%08x) ", (INT_PTR) privs); printf ("Privileges: (0x%08x) ", (INT_PTR) privs);
print (fh, buf, FALSE);
if (!privs) if (!privs)
print (fh, "NULL", TRUE); printf ("NULL\n");
else if (IsBadReadPtr (privs, sizeof (DWORD))) else if (IsBadReadPtr (privs, sizeof (DWORD)))
print (fh, "INVALID POINTER", TRUE); printf ("INVALID POINTER\n");
else if (IsBadReadPtr (privs, sizeof (DWORD) + sizeof (LUID_AND_ATTRIBUTES) else if (IsBadReadPtr (privs, sizeof (DWORD) + sizeof (LUID_AND_ATTRIBUTES)
* privs->PrivilegeCount)) * privs->PrivilegeCount))
print (fh, "INVALID POINTER SPACE", TRUE); printf ("INVALID POINTER SPACE\n");
else else
{ {
sprintf (buf, "Count: %lu", privs->PrivilegeCount); printf ("Count: %lu\n", privs->PrivilegeCount);
print (fh, buf, TRUE);
for (i = 0; i < privs->PrivilegeCount; ++i) for (i = 0; i < privs->PrivilegeCount; ++i)
{ printf ("Luid: {%ld, %lu} Attributes: 0x%lx\n",
sprintf (buf, "Luid: {%ld, %lu} Attributes: 0x%lx", privs->Privileges[i].Luid.HighPart,
privs->Privileges[i].Luid.HighPart, privs->Privileges[i].Luid.LowPart,
privs->Privileges[i].Luid.LowPart, privs->Privileges[i].Attributes);
privs->Privileges[i].Attributes);
print (fh, buf, TRUE);
}
} }
} }
static void static void
print_dacl (HANDLE fh, PACL dacl) print_dacl (PACL dacl)
{ {
char buf[256];
DWORD i; DWORD i;
sprintf (buf, "DefaultDacl: (0x%08x) ", (INT_PTR) dacl); printf ("DefaultDacl: (0x%08x) ", (INT_PTR) dacl);
print (fh, buf, FALSE);
if (!dacl) if (!dacl)
print (fh, "NULL", TRUE); printf ("NULL\n");
else if (IsBadReadPtr (dacl, sizeof (ACL))) else if (IsBadReadPtr (dacl, sizeof (ACL)))
print (fh, "INVALID POINTER", TRUE); printf ("INVALID POINTER\n");
else if (IsBadReadPtr (dacl, dacl->AclSize)) else if (IsBadReadPtr (dacl, dacl->AclSize))
print (fh, "INVALID POINTER SPACE", TRUE); printf ("INVALID POINTER SPACE\n");
else else
{ {
sprintf (buf, "Rev: %d, Count: %d", dacl->AclRevision, dacl->AceCount); printf ("Rev: %d, Count: %d\n", dacl->AclRevision, dacl->AceCount);
print (fh, buf, TRUE);
for (i = 0; i < dacl->AceCount; ++i) for (i = 0; i < dacl->AceCount; ++i)
{ {
PVOID vace;
PACCESS_ALLOWED_ACE ace; PACCESS_ALLOWED_ACE ace;
if (!GetAce (dacl, i, (PVOID *) &ace)) if (!GetAce (dacl, i, &vace))
{ printf ("[%lu] GetAce error %lu\n", i, GetLastError ());
sprintf (buf, "[%lu] GetAce error %lu", i, GetLastError ());
print (fh, buf, TRUE);
}
else else
{ {
sprintf (buf, "Type: %x, Flags: %x, Access: %lx, ", ace = (PACCESS_ALLOWED_ACE) vace;
ace->Header.AceType, ace->Header.AceFlags, (DWORD) ace->Mask); printf ("Type: %x, Flags: %x, Access: %lx,",
print_sid (fh, buf, i, (PISID) &ace->SidStart); ace->Header.AceType, ace->Header.AceFlags, (DWORD) ace->Mask);
print_sid (" ", i, (PISID) &ace->SidStart);
} }
} }
} }
@ -196,48 +205,39 @@ print_dacl (HANDLE fh, PACL dacl)
static void static void
print_tokinf (PLSA_TOKEN_INFORMATION_V2 ptok, size_t size, print_tokinf (PLSA_TOKEN_INFORMATION_V2 ptok, size_t size,
PVOID got_start, PVOID gotinf_start, PVOID gotinf_end) PVOID got_start, PVOID gotinf_start, PVOID gotinf_end)
{ {
HANDLE fh;
char buf[256];
fh = CreateFile ("C:\\cyglsa.dbgout", GENERIC_WRITE,
FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE,
NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
if (fh == INVALID_HANDLE_VALUE) if (fh == INVALID_HANDLE_VALUE)
return; return;
sprintf (buf, "INCOMING: start: 0x%08x infstart: 0x%08x infend: 0x%08x", printf ("INCOMING: start: 0x%08x infstart: 0x%08x infend: 0x%08x\n",
(INT_PTR) got_start, (INT_PTR) gotinf_start, (INT_PTR) got_start, (INT_PTR) gotinf_start,
(INT_PTR) gotinf_end); (INT_PTR) gotinf_end);
print (fh, buf, TRUE);
sprintf (buf, "LSA_TOKEN_INFORMATION_V2: 0x%08x - 0x%08x", printf ("LSA_TOKEN_INFORMATION_V2: 0x%08x - 0x%08x\n",
(INT_PTR) ptok, (INT_PTR) ptok + size); (INT_PTR) ptok, (INT_PTR) ptok + size);
print (fh, buf, TRUE);
/* User SID */ /* User SID */
sprintf (buf, "User: (attr: 0x%lx)", ptok->User.User.Attributes); printf ("User: (attr: 0x%lx)", ptok->User.User.Attributes);
print_sid (fh, "User: ", -1, (PISID) ptok->User.User.Sid); print_sid (" ", -1, (PISID) ptok->User.User.Sid);
/* Groups */ /* Groups */
print_groups (fh, ptok->Groups); print_groups (ptok->Groups);
/* Primary Group SID */ /* Primary Group SID */
print_sid (fh, "Primary Group: ", -1, (PISID)ptok->PrimaryGroup.PrimaryGroup); print_sid ("Primary Group: ", -1, (PISID)ptok->PrimaryGroup.PrimaryGroup);
/* Privileges */ /* Privileges */
print_privs (fh, ptok->Privileges); print_privs (ptok->Privileges);
/* Owner */ /* Owner */
print_sid (fh, "Owner: ", -1, (PISID) ptok->Owner.Owner); print_sid ("Owner: ", -1, (PISID) ptok->Owner.Owner);
/* Default DACL */ /* Default DACL */
print_dacl (fh, ptok->DefaultDacl.DefaultDacl); print_dacl (ptok->DefaultDacl.DefaultDacl);
CloseHandle (fh); // CloseHandle (fh);
} }
#endif /* DEBUGGING */
NTSTATUS NTAPI NTSTATUS NTAPI
LsaApInitializePackage (ULONG authp_id, PLSA_SECPKG_FUNCS dpt, LsaApInitializePackage (ULONG authp_id, PLSA_SECPKG_FUNCS dpt,
@ -272,16 +272,23 @@ LsaApInitializePackage (ULONG authp_id, PLSA_SECPKG_FUNCS dpt,
if (major < 5 || (major == 5 && minor == 0)) if (major < 5 || (major == 5 && minor == 0))
must_create_logon_sid = TRUE; must_create_logon_sid = TRUE;
#ifdef DEBUGGING
fh = CreateFile ("C:\\cyglsa.dbgout", GENERIC_WRITE,
FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE,
NULL, CREATE_ALWAYS, FILE_ATTRIBUTE_NORMAL, NULL);
printf ("Initialized\n");
#endif /* DEBUGGING */
return STATUS_SUCCESS; return STATUS_SUCCESS;
} }
NTSTATUS NTAPI NTSTATUS NTAPI
LsaApLogonUser (PLSA_CLIENT_REQUEST request, SECURITY_LOGON_TYPE logon_type, LsaApLogonUserEx (PLSA_CLIENT_REQUEST request, SECURITY_LOGON_TYPE logon_type,
PVOID auth, PVOID client_auth_base, ULONG auth_len, PVOID auth, PVOID client_auth_base, ULONG auth_len,
PVOID *pbuf, PULONG pbuf_len, PLUID logon_id, PVOID *pbuf, PULONG pbuf_len, PLUID logon_id,
PNTSTATUS sub_stat, PLSA_TOKEN_INFORMATION_TYPE tok_type, PNTSTATUS sub_stat, PLSA_TOKEN_INFORMATION_TYPE tok_type,
PVOID *tok, PLSA_UNICODE_STRING *account, PVOID *tok, PUNICODE_STRING *account,
PLSA_UNICODE_STRING *authority) PUNICODE_STRING *authority, PUNICODE_STRING *machine)
{ {
WCHAR user[UNLEN + 1]; WCHAR user[UNLEN + 1];
WCHAR domain[INTERNET_MAX_HOST_NAME_LENGTH + 1]; WCHAR domain[INTERNET_MAX_HOST_NAME_LENGTH + 1];
@ -296,16 +303,25 @@ LsaApLogonUser (PLSA_CLIENT_REQUEST request, SECURITY_LOGON_TYPE logon_type,
/* Check if the caller has the SeTcbPrivilege, otherwise refuse service. */ /* Check if the caller has the SeTcbPrivilege, otherwise refuse service. */
stat = funcs->GetClientInfo (&clinf); stat = funcs->GetClientInfo (&clinf);
if (stat != STATUS_SUCCESS) if (stat != STATUS_SUCCESS)
return stat; {
printf ("GetClientInfo failed: 0x%08lx\n", stat);
return stat;
}
if (!clinf.HasTcbPrivilege) if (!clinf.HasTcbPrivilege)
return STATUS_ACCESS_DENIED; {
printf ("Client has no TCB privilege. Access denied.\n");
return STATUS_ACCESS_DENIED;
}
/* Make a couple of validity checks. */ /* Make a couple of validity checks. */
if (auth_len < sizeof *authinf if (auth_len < sizeof *authinf
|| authinf->magic != CYG_LSA_MAGIC || authinf->magic != CYG_LSA_MAGIC
|| !authinf->username[0] || !authinf->username[0]
|| !authinf->domain[0]) || !authinf->domain[0])
return STATUS_INVALID_PARAMETER; {
printf ("Invalid authentication parameter.\n");
return STATUS_INVALID_PARAMETER;
}
checksum = CYGWIN_VERSION_MAGIC (CYGWIN_VERSION_DLL_MAJOR, checksum = CYGWIN_VERSION_MAGIC (CYGWIN_VERSION_DLL_MAJOR,
CYGWIN_VERSION_DLL_MINOR); CYGWIN_VERSION_DLL_MINOR);
csp = (PDWORD) &authinf->username; csp = (PDWORD) &authinf->username;
@ -313,26 +329,126 @@ LsaApLogonUser (PLSA_CLIENT_REQUEST request, SECURITY_LOGON_TYPE logon_type,
while (csp < csp_end) while (csp < csp_end)
checksum += *csp++; checksum += *csp++;
if (authinf->checksum != checksum) if (authinf->checksum != checksum)
return STATUS_INVALID_PARAMETER_3; {
printf ("Invalid checksum.\n");
return STATUS_INVALID_PARAMETER_3;
}
/* Set account to username and authority to domain resp. machine name. /* Set account to username and authority to domain resp. machine name.
The name of the logon account name as returned by LookupAccountSid The name of the logon account name as returned by LookupAccountSid
is created from here as "authority\account". */ is created from here as "authority\account". */
authinf->username[UNLEN] = '\0'; authinf->username[UNLEN] = '\0';
ulen = mbstowcs (user, authinf->username, UNLEN + 1); ulen = mbstowcs (user, authinf->username, sizeof (user));
authinf->domain[INTERNET_MAX_HOST_NAME_LENGTH] = '\0'; authinf->domain[INTERNET_MAX_HOST_NAME_LENGTH] = '\0';
dlen = mbstowcs (domain, authinf->domain, INTERNET_MAX_HOST_NAME_LENGTH + 1); dlen = mbstowcs (domain, authinf->domain, sizeof (domain));
if (account && !(*account = uni_alloc (user, ulen))) if (account && !(*account = uni_alloc (user, ulen)))
return STATUS_NO_MEMORY; {
printf ("No memory trying to create account.\n");
return STATUS_NO_MEMORY;
}
if (authority && !(*authority = uni_alloc (domain, dlen))) if (authority && !(*authority = uni_alloc (domain, dlen)))
return STATUS_NO_MEMORY; {
printf ("No memory trying to create authority.\n");
return STATUS_NO_MEMORY;
}
if (machine)
{
WCHAR mach[MAX_COMPUTERNAME_LENGTH + 1];
DWORD msize = MAX_COMPUTERNAME_LENGTH + 1;
if (!GetComputerNameW (mach, &msize))
wcscpy (mach, L"UNKNOWN");
if (!(*machine = uni_alloc (mach, wcslen (mach))))
{
printf ("No memory trying to create machine.\n");
return STATUS_NO_MEMORY;
}
}
/* Create a fake buffer in pbuf which is free'd again in the client. /* Create a fake buffer in pbuf which is free'd again in the client.
Windows 2000 tends to crash when setting this pointer to NULL. */ Windows 2000 tends to crash when setting this pointer to NULL. */
if (pbuf) if (pbuf)
{ {
#ifdef JUST_ANOTHER_NONWORKING_SOLUTION
cygprf_t prf;
WCHAR sam_username[INTERNET_MAX_HOST_NAME_LENGTH + UNLEN + 2];
SECURITY_STRING sam_user, prefix;
PUCHAR user_auth;
ULONG user_auth_size;
WCHAR flatname[UNLEN + 1];
UNICODE_STRING flatnm;
TOKEN_SOURCE ts;
HANDLE token;
#endif /* JUST_ANOTHER_NONWORKING_SOLUTION */
stat = funcs->AllocateClientBuffer (request, 64UL, pbuf); stat = funcs->AllocateClientBuffer (request, 64UL, pbuf);
if (!LSA_SUCCESS (stat)) if (!LSA_SUCCESS (stat))
return stat; {
printf ("AllocateClientBuffer failed: 0x%08lx\n", stat);
return stat;
}
#ifdef JUST_ANOTHER_NONWORKING_SOLUTION
prf.magic_pre = MAGIC_PRE;
prf.token = NULL;
prf.magic_post = MAGIC_POST;
#if 0
/* That's how it was supposed to work according to MSDN... */
wcscpy (sam_username, domain);
wcscat (sam_username, L"\\");
wcscat (sam_username, user);
#else
/* That's the only solution which worked, and then it only worked
for machine local accounts. No domain authentication possible.
STATUS_NO_SUCH_USER galore! */
wcscpy (sam_username, user);
#endif
RtlInitUnicodeString (&sam_user, sam_username);
RtlInitUnicodeString (&prefix, L"");
RtlInitEmptyUnicodeString (&flatnm, flatname,
(UNLEN + 1) * sizeof (WCHAR));
stat = funcs->GetAuthDataForUser (&sam_user, SecNameSamCompatible,
NULL, &user_auth,
&user_auth_size, &flatnm);
if (!NT_SUCCESS (stat))
{
char sam_u[INTERNET_MAX_HOST_NAME_LENGTH + UNLEN + 2];
wcstombs (sam_u, sam_user.Buffer, sizeof (sam_u));
printf ("GetAuthDataForUser (%u,%u,%s) failed: 0x%08lx\n",
sam_user.Length, sam_user.MaximumLength, sam_u, stat);
return stat;
}
memcpy (ts.SourceName, "Cygwin.1", 8);
ts.SourceIdentifier.HighPart = 0;
ts.SourceIdentifier.LowPart = 0x0104;
RtlInitEmptyUnicodeString (&flatnm, flatname,
(UNLEN + 1) * sizeof (WCHAR));
stat = funcs->ConvertAuthDataToToken (user_auth, user_auth_size,
SecurityDelegation, &ts,
Interactive, *authority,
&token, logon_id, &flatnm,
sub_stat);
if (!NT_SUCCESS (stat))
{
printf ("ConvertAuthDataToToken failed: 0x%08lx\n", stat);
return stat;
}
stat = funcs->DuplicateHandle (token, &prf.token);
if (!NT_SUCCESS (stat))
{
printf ("DuplicateHandle failed: 0x%08lx\n", stat);
return stat;
}
stat = funcs->CopyToClientBuffer (request, sizeof prf, *pbuf, &prf);
if (!NT_SUCCESS (stat))
{
printf ("CopyToClientBuffer failed: 0x%08lx\n", stat);
return stat;
}
funcs->FreeLsaHeap (user_auth);
#endif /* JUST_ANOTHER_NONWORKING_SOLUTION */
} }
if (pbuf_len) if (pbuf_len)
*pbuf_len = 64UL; *pbuf_len = 64UL;
@ -471,16 +587,16 @@ LsaApLogonUser (PLSA_CLIENT_REQUEST request, SECURITY_LOGON_TYPE logon_type,
*tok = (PVOID) tokinf; *tok = (PVOID) tokinf;
*tok_type = LsaTokenInformationV2; *tok_type = LsaTokenInformationV2;
#ifdef DEBUGGING
print_tokinf (tokinf, authinf->inf_size, authinf, &authinf->inf, print_tokinf (tokinf, authinf->inf_size, authinf, &authinf->inf,
(PVOID)((LONG_PTR) &authinf->inf + authinf->inf_size)); (PVOID)((LONG_PTR) &authinf->inf + authinf->inf_size));
#endif
/* Create logon session. */ /* Create logon session. */
if (!AllocateLocallyUniqueId (logon_id)) if (!AllocateLocallyUniqueId (logon_id))
{ {
funcs->FreeLsaHeap (*tok); funcs->FreeLsaHeap (*tok);
*tok = NULL; *tok = NULL;
printf ("AllocateLocallyUniqueId failed: Win32 error %lu\n",
GetLastError ());
return STATUS_INSUFFICIENT_RESOURCES; return STATUS_INSUFFICIENT_RESOURCES;
} }
stat = funcs->CreateLogonSession (logon_id); stat = funcs->CreateLogonSession (logon_id);
@ -488,9 +604,11 @@ LsaApLogonUser (PLSA_CLIENT_REQUEST request, SECURITY_LOGON_TYPE logon_type,
{ {
funcs->FreeLsaHeap (*tok); funcs->FreeLsaHeap (*tok);
*tok = NULL; *tok = NULL;
printf ("CreateLogonSession failed: 0x%08lx\n", stat);
return stat; return stat;
} }
printf ("BINGO!!!\n", stat);
return STATUS_SUCCESS; return STATUS_SUCCESS;
} }

2
winsup/lsaauth/cyglsa.din
View File

@ -2,7 +2,7 @@ LIBRARY "cyglsa"
EXPORTS EXPORTS
LsaApInitializePackage = LsaApInitializePackage@20 LsaApInitializePackage = LsaApInitializePackage@20
LsaApLogonUser = LsaApLogonUser@52 LsaApLogonUserEx = LsaApLogonUserEx@56
LsaApLogonTerminated = LsaApLogonTerminated@4 LsaApLogonTerminated = LsaApLogonTerminated@4
LsaApCallPackage = LsaApCallPackage@28 LsaApCallPackage = LsaApCallPackage@28
LsaApCallPackagePassthrough = LsaApCallPackage@28 LsaApCallPackagePassthrough = LsaApCallPackage@28