https://git.reactos.org/?p=reactos.git;a=commitdiff;h=034c6fd0c56e6717f97568a08348cfaaa3f04e44
commit 034c6fd0c56e6717f97568a08348cfaaa3f04e44 Author: Eric Kohl <[email protected]> AuthorDate: Tue Jul 30 23:09:32 2019 +0200 Commit: Eric Kohl <[email protected]> CommitDate: Tue Jul 30 23:10:33 2019 +0200 [LSASRV] Improvements to LsapLogonUser() - Token handle duplication must be the last step because we cannot close the duplicated token handle if something fails. - Call LsaApLogonTerminated(), delete the logon session and free the profile buffer if something fails. --- dll/win32/lsasrv/authpackage.c | 55 ++++++++++++++++++++++++++---------------- 1 file changed, 34 insertions(+), 21 deletions(-) diff --git a/dll/win32/lsasrv/authpackage.c b/dll/win32/lsasrv/authpackage.c index 6c8b47a954f..29bb465d80b 100644 --- a/dll/win32/lsasrv/authpackage.c +++ b/dll/win32/lsasrv/authpackage.c @@ -1641,22 +1641,6 @@ LsapLogonUser(PLSA_API_MSG RequestMsg, goto done; } - /* Duplicate the token handle into the client process */ - Status = NtDuplicateObject(NtCurrentProcess(), - TokenHandle, - LogonContext->ClientProcessHandle, - &RequestMsg->LogonUser.Reply.Token, - 0, - 0, - DUPLICATE_SAME_ACCESS | DUPLICATE_SAME_ATTRIBUTES | DUPLICATE_CLOSE_SOURCE); - if (!NT_SUCCESS(Status)) - { - ERR("NtDuplicateObject failed (Status 0x%08lx)\n", Status); - goto done; - } - -// TokenHandle = NULL; - if (LogonType == Interactive || LogonType == Batch || LogonType == Service) @@ -1680,12 +1664,41 @@ LsapLogonUser(PLSA_API_MSG RequestMsg, goto done; } + /* + * Duplicate the token handle into the client process. + * This must be the last step because we cannot + * close the duplicated token handle in case something fails. + */ + Status = NtDuplicateObject(NtCurrentProcess(), + TokenHandle, + LogonContext->ClientProcessHandle, + &RequestMsg->LogonUser.Reply.Token, + 0, + 0, + DUPLICATE_SAME_ACCESS | DUPLICATE_SAME_ATTRIBUTES | DUPLICATE_CLOSE_SOURCE); + if (!NT_SUCCESS(Status)) + { + ERR("NtDuplicateObject failed (Status 0x%08lx)\n", Status); + goto done; + } + done: -// if (!NT_SUCCESS(Status)) -// { - if (TokenHandle != NULL) - NtClose(TokenHandle); -// } + if (!NT_SUCCESS(Status)) + { + /* Notify the authentification package of the failure */ + Package->LsaApLogonTerminated(&RequestMsg->LogonUser.Reply.LogonId); + + /* Delete the logon session */ + LsapDeleteLogonSession(&RequestMsg->LogonUser.Reply.LogonId); + + /* Release the profile buffer */ + LsapFreeClientBuffer((PLSA_CLIENT_REQUEST)LogonContext, + RequestMsg->LogonUser.Reply.ProfileBuffer); + RequestMsg->LogonUser.Reply.ProfileBuffer = NULL; + } + + if (TokenHandle != NULL) + NtClose(TokenHandle); /* Free the local groups */ if (LocalGroups != NULL)
