Implementation of Custom Windows Authentication Package - LsaApUserLogonEx

Question

I have been working on LSA auth package for introducing my custom logon mechanism in windows 10. So far, I have been successful in registering the auth package and get my LsaLogonUserEx method called by LSA. Now the thing which I am stuck at is how to prepare the OUT parameters of LsaApLogOnUser method.

NTSTATUS NTAPI
LsaApLogonUserEx(
IN PLSA_CLIENT_REQUEST ClientRequest,
IN SECURITY_LOGON_TYPE LogonType,
IN PVOID ProtocolSubmitBuffer,
IN PVOID ClientBufferBase,
IN ULONG SubmitBufferSize,
OUT PVOID *ProfileBuffer,
OUT PULONG ProfileBufferSize,
OUT PLUID LogonId,
OUT PNTSTATUS SubStatus,
OUT PLSA_TOKEN_INFORMATION_TYPE TokenInformationType,
OUT PVOID *TokenInformation,
OUT PUNICODE_STRING *AccountName,
OUT PUNICODE_STRING *AuthenticatingAuthority,
OUT PUNICODE_STRING *MachineName
);

Especially Profile buffer and Token information. Am i supposed to only allocate memory for them or is there a need to properly determine there values and then assign them?

Answer 1

The following is all in the docs, albeit a little convoluted if you're not used to.

• TokenInformation: The type of struct that you return is determined by the TokenInformationType parameter, which you also set yourself. So in the end you determine what type of struct you return. Here is a list of possible types and related structs. Basically, it is either LSA_TOKEN_INFORMATION_V1 or LSA_TOKEN_INFORMATION_NULL.

• ProfileBuffer: Note the docs "The contents of this buffer are determined by the authentication package.". So you put in there whatever you deem useful for your provider/authentication. Just make sure that (quoted from the docs) "The authentication package is responsible for allocating the ProfileBuffer buffer within the client process by calling the AllocateClientBuffer function".

In general the documentation for LsaApLogonUserEx documentation says some things about when you (as a package) need to allocate (or free!) the arguments/memory and when the LSA does it for you. It also does that for the parameters you are especially concerned about.

The last point is also the reason why you need to use the AllocateClientBuffer function for the ProfileBuffer argument: so that the LSA can use the matching "free" function and not corrupt memory.