Re: Authentication Package and LSA
From: Richard Ward (richardw_at_delete-yellow-dogs.com)
Date: 12/30/03
- Next message: Richard Ward: "Re: How can i detect "Password expiry warning" on Windows NT/2000"
- Previous message: Richard Ward: "Re: Custom Authorization Package with the Microsoft GINA..."
- In reply to: tedo: "Authentication Package and LSA"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 29 Dec 2003 23:41:19 -0800
Hmm, you may be better off using LSA_TOKEN_INFORMATION_V2,
which is the same syntactically, except that it is treated as a monolithic
chunk
of memory, and the variant fields are not freed individually by the LSA
after
the token is constructed.
"tedo" <tedo_423@hotmail.com> wrote in message
news:OdsMSZ5xDHA.1744@TK2MSFTNGP12.phx.gbl...
> Hi all
>
>
>
> I am running into an issue that seems like it might be an XP bug, but I am
> not sure.
>
> Any advice would be much appreciated.
>
> I am writing an authentication package for windows, and I've run into a
> strange problem in my implementation of LsaApLogonUserEx2(also happens
> with
> LsaApLogonUser).
>
> On Win2k(debug/checked), everything works fine, but on Windows
> XP(debug/checked) the LSA hits a debug breakpoint when it tries to release
> the memory allocated for the Groups member of the LSA_TOKEN_INFORMATION_V1
> structure.
>
> The same thing happens when it tries to free the memory allocated for the
> Sid member of the SID_AND_ATTRIBUTE structure in the Groups array.
>
> These are all allocated using the AllocateLsaHeap function passed to the
> authentication package in the LSA_DISPATCH_TABLE.
>
> In all cases, the LSA is complaining that the memory is in the wrong heap.
> I can see from the assertion message in the debugger that the LSA is
> trying
> to free the correct addresses; it just doesn't like the heap they are in.
> Using LocalAlloc and HeapAlloc(GetProcessHeap(), ...) produces the same
> result. This is the message I get:
>
> 696.792> SPM-Error: LsapFreePrivateHeap tried to free 000CC578 from wrong
> heap 696.792> Assert-FAILED: pvMemory == 0
>
> (d:\xpsp1\ds\security\base\lsa\server\sphelp.cxx:649)
>
> And this is the stack at the time of the assertion:
>
> 00cefc30 7454a29a ntdll!DbgBreakPoint
>
> 00cefc40 744e8276 LSASRV!_DsysAssertEx+0x146
>
> 00cefc5c 744f6392 LSASRV!LsapFreePrivateHeap+0x46
>
> 00cefc74 744f63d8 LSASRV!LsapFreeTokenGroups+0x1d
>
> 00cefc84 744f2600 LSASRV!LsapFreeTokenInformationV1+0x17
>
> 00cefc9c 744f3688 LSASRV!LsapAuSetTokenInformation+0xce
>
> 00cefd24 744f68fc LSASRV!LsapAuUserLogonPolicyFilter+0x37d
>
> 00cefe94 744db999 LSASRV!LsapAuApiDispatchLogonUser+0x4ab
>
> 00cefea8 744dcc56 LSASRV!LpcLsaLogonUser+0x20
>
> 00cefec0 744d9d3c LSASRV!DispatchAPI+0x6c
>
> 00ceff50 744eb64e LSASRV!LpcHandler+0x1c0
>
> 00ceff74 744e8960 LSASRV!SpmPoolThreadBase+0xc6
>
> 00ceffb4 7dddb177 LSASRV!LsapThreadBase+0x63
>
> 00ceffec 00000000 kernel32!BaseThreadStart+0x37
>
> Anyone have any idea which memory allocation function to use to keep the
> LSA
> happy, or is this a bug?
>
> Thanks
>
>
- Next message: Richard Ward: "Re: How can i detect "Password expiry warning" on Windows NT/2000"
- Previous message: Richard Ward: "Re: Custom Authorization Package with the Microsoft GINA..."
- In reply to: tedo: "Authentication Package and LSA"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
