/* Datastructures not defined in w32api. */
typedef PVOID *PLSA_CLIENT_REQUEST;
+typedef UNICODE_STRING SECURITY_STRING, *PSECURITY_STRING;
+
typedef struct _SECPKG_CLIENT_INFO
{
LUID LogonId;
BOOLEAN Restricted;
} SECPKG_CLIENT_INFO, *PSECPKG_CLIENT_INFO;
+typedef enum _SECPKG_NAME_TYPE
+{
+ SecNameSamCompatible,
+ SecNameAlternateId,
+ SecNameFlat,
+ SecNameDN,
+ SecNameSPN
+} SECPKG_NAME_TYPE, *PSECPKG_NAME_TYPE;
+
+typedef struct _SECPKG_CALL_INFO
+{
+ ULONG ProcessId;
+ ULONG ThreadId;
+ ULONG Attributes;
+ ULONG CallCount;
+} SECPKG_CALL_INFO, *PSECPKG_CALL_INFO;
+
/* The table returned by LsaApInitializePackage is actually a
LSA_SECPKG_FUNCTION_TABLE even though that's not documented.
We need only a subset of this table, basically the LSA_DISPATCH_TABLE
{
NTSTATUS (NTAPI *CreateLogonSession)(PLUID);
NTSTATUS (NTAPI *DeleteLogonSession)(PLUID);
- NTSTATUS (NTAPI *AddCredentials)(PVOID); /* wrong prototype, unused */
+ NTSTATUS (NTAPI *AddCredentials)(PLUID, ULONG, PLSA_STRING, PLSA_STRING);
NTSTATUS (NTAPI *GetCredentials)(PVOID); /* wrong prototype, unused */
NTSTATUS (NTAPI *DeleteCredentials)(PVOID); /* wrong prototype, unused */
PVOID (NTAPI *AllocateLsaHeap)(ULONG);
PVOID, PVOID);
NTSTATUS (NTAPI *ImpersonateClient)(VOID);
NTSTATUS (NTAPI *UnloadPackage)(VOID);
- NTSTATUS (NTAPI *DuplicateHandle)(HANDLE,PHANDLE);
+ NTSTATUS (NTAPI *DuplicateHandle)(HANDLE, PHANDLE);
NTSTATUS (NTAPI *SaveSupplementalCredentials)(VOID);
NTSTATUS (NTAPI *CreateThread)(PVOID); /* wrong prototype, unused */
NTSTATUS (NTAPI *GetClientInfo)(PSECPKG_CLIENT_INFO);
+ NTSTATUS (NTAPI *RegisterNotification)(PVOID); /* wrong prototype, unused */
+ NTSTATUS (NTAPI *CancelNotification)(PVOID); /* wrong prototype, unused */
+ NTSTATUS (NTAPI *MapBuffer)(PVOID); /* wrong prototype, unused */
+ NTSTATUS (NTAPI *CreateToken)(PVOID); /* wrong prototype, unused */
+ NTSTATUS (NTAPI *AuditLogon)(PVOID); /* wrong prototype, unused */
+ NTSTATUS (NTAPI *CallPackage)(PVOID); /* wrong prototype, unused */
+ NTSTATUS (NTAPI *FreeReturnBuffer)(PVOID); /* wrong prototype, unused */
+ BOOLEAN (NTAPI *GetCallInfo)(PSECPKG_CALL_INFO);
+ NTSTATUS (NTAPI *CallPackageEx)(PVOID); /* wrong prototype, unused */
+ NTSTATUS (NTAPI *CreateSharedMemory)(PVOID); /* wrong prototype, unused */
+ NTSTATUS (NTAPI *AllocateSharedMemory)(PVOID); /* wrong prototype, unused */
+ NTSTATUS (NTAPI *FreeSharedMemory)(PVOID); /* wrong prototype, unused */
+ NTSTATUS (NTAPI *DeleteSharedMemory)(PVOID); /* wrong prototype, unused */
+ NTSTATUS (NTAPI *OpenSamUser)(PSECURITY_STRING, SECPKG_NAME_TYPE,
+ PSECURITY_STRING, BOOLEAN, ULONG, PVOID *);
+ NTSTATUS (NTAPI *GetUserCredentials)(PVOID, PVOID, PULONG, PVOID *, PULONG);
+ NTSTATUS (NTAPI *GetUserAuthData)(PVOID, PUCHAR *, PULONG);
+ NTSTATUS (NTAPI *CloseSamUser)(PVOID);
+ NTSTATUS (NTAPI *ConvertAuthDataToToken)(PVOID, ULONG,
+ SECURITY_IMPERSONATION_LEVEL,
+ PTOKEN_SOURCE, SECURITY_LOGON_TYPE,
+ PUNICODE_STRING, PHANDLE, PLUID,
+ PUNICODE_STRING, PNTSTATUS);
+ NTSTATUS (NTAPI *ClientCallback)(PVOID); /* wrong prototype, unused */
+ NTSTATUS (NTAPI *UpdateCredentials)(PVOID); /* wrong prototype, unused */
+ NTSTATUS (NTAPI *GetAuthDataForUser)(PSECURITY_STRING, SECPKG_NAME_TYPE,
+ PSECURITY_STRING, PUCHAR *, PULONG,
+ PUNICODE_STRING);
+ NTSTATUS (NTAPI *CrackSingleName)(PVOID); /* wrong prototype, unused */
+ NTSTATUS (NTAPI *AuditAccountLogon)(PVOID); /* wrong prototype, unused */
+ NTSTATUS (NTAPI *CallPackagePassthrough)(PVOID); /* wrong prototype, unused */
} LSA_SECPKG_FUNCS, *PLSA_SECPKG_FUNCS;
typedef enum _LSA_TOKEN_INFORMATION_TYPE
BYTE data[1];
} cyglsa_t;
+typedef struct
+{
+ DWORD magic_pre;
+ HANDLE token;
+ DWORD magic_post;
+} cygprf_t;
+
+#define MAGIC_PRE 0x12345678UL
+#define MAGIC_POST 0x87654321UL
+
#ifdef __cplusplus
}
#endif
authinf_size += gsize; /* Groups + Group SIDs */
/* When trying to define the admins group as primary group on Vista,
LsaLogonUser fails with error STATUS_INVALID_OWNER. As workaround
- we define "Local" as primary group here. First, this adds the otherwise
- missing "Local" group to the group list and second, seteuid32
- sets the primary group to the group set in /etc/passwd anyway. */
- pgrpsid = well_known_local_sid;
+ we define "Local" as primary group here. Seteuid32 sets the primary
+ group to the group set in /etc/passwd anyway. */
+ if (new_groups.pgsid == well_known_admins_sid)
+ pgrpsid = well_known_local_sid;
+ else
+ pgrpsid = new_groups.pgsid;
+
authinf_size += GetLengthSid (pgrpsid); /* Primary Group SID */
authinf_size += psize; /* Privileges */
goto out;
}
if (profile)
- LsaFreeReturnBuffer (profile);
+ {
+#ifdef JUST_ANOTHER_NONWORKING_SOLUTION
+ /* See ../lsaauth/cyglsa.c. */
+ cygprf_t *prf = (cygprf_t *) profile;
+ if (prf->magic_pre == MAGIC_PRE && prf->magic_post == MAGIC_POST
+ && prf->token)
+ {
+ CloseHandle (user_token);
+ user_token = prf->token;
+ system_printf ("Got token through profile: %p", user_token);
+ }
+#endif /* JUST_ANOTHER_NONWORKING_SOLUTION */
+ LsaFreeReturnBuffer (profile);
+ }
if (wincap.has_mandatory_integrity_control ())
{