Magic-Mirror/gecko-dev
1
0
Fork 0
mirror of https://github.com/mozilla/gecko-dev.git synced 2024-11-30 16:22:00 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Bug 1574259 - Improve resource management in ReauthenticateUserWindows r=dmajor,mhowell

Browse Source 
Differential Revision: https://phabricator.services.mozilla.com/D82393
This commit is contained in:
R. Martinho Fernandes 2020-07-07 14:46:41 +00:00
parent d3be11d148
commit 821813e242
1 changed files with 12 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
security/manager/ssl/OSReauthenticator.cpp
View File

@ -63,8 +63,17 @@ struct BufferFreer {
CoTaskMemFree(b); CoTaskMemFree(b);
} }
}; };
struct LsaDeregistrator {
typedef HANDLE pointer;
void operator()(HANDLE h) {
if (h != INVALID_HANDLE_VALUE) {
LsaDeregisterLogonProcess(h);
}
}
};
typedef std::unique_ptr<HANDLE, HandleCloser> ScopedHANDLE; typedef std::unique_ptr<HANDLE, HandleCloser> ScopedHANDLE;
typedef std::unique_ptr<LPVOID, BufferFreer> ScopedBuffer; typedef std::unique_ptr<LPVOID, BufferFreer> ScopedBuffer;
typedef std::unique_ptr<HANDLE, LsaDeregistrator> ScopedLsaHANDLE;
constexpr int64_t Int32Modulo = 2147483648; constexpr int64_t Int32Modulo = 2147483648;
@ -293,7 +302,7 @@ static nsresult ReauthenticateUserWindows(
credui.hbmBanner = nullptr; // ignored credui.hbmBanner = nullptr; // ignored
while (!reauthenticated) { while (!reauthenticated) {
HANDLE lsa; HANDLE lsa = INVALID_HANDLE_VALUE;
// Get authentication handle for future user authentications. // Get authentication handle for future user authentications.
// https://docs.microsoft.com/en-us/windows/desktop/api/ntsecapi/nf-ntsecapi-lsaconnectuntrusted // https://docs.microsoft.com/en-us/windows/desktop/api/ntsecapi/nf-ntsecapi-lsaconnectuntrusted
if (LsaConnectUntrusted(&lsa) != ERROR_SUCCESS) { if (LsaConnectUntrusted(&lsa) != ERROR_SUCCESS) {
@ -301,7 +310,7 @@ static nsresult ReauthenticateUserWindows(
("Error acquiring lsa. Authentication attempts will fail.")); ("Error acquiring lsa. Authentication attempts will fail."));
return NS_ERROR_FAILURE; return NS_ERROR_FAILURE;
} }
ScopedHANDLE scopedLsa(lsa); ScopedLsaHANDLE scopedLsa(lsa);
if (!userTokenInfo || lsa == INVALID_HANDLE_VALUE) { if (!userTokenInfo || lsa == INVALID_HANDLE_VALUE) {
MOZ_LOG(gCredentialManagerSecretLog, LogLevel::Debug, MOZ_LOG(gCredentialManagerSecretLog, LogLevel::Debug,
@ -349,7 +358,7 @@ static nsresult ReauthenticateUserWindows(
ULONG profileBufferLength = 0; ULONG profileBufferLength = 0;
QUOTA_LIMITS limits = {0}; QUOTA_LIMITS limits = {0};
LUID luid; LUID luid;
HANDLE token; HANDLE token = INVALID_HANDLE_VALUE;
LSA_STRING name; LSA_STRING name;
name.Buffer = contextName; name.Buffer = contextName;
name.Length = strlen(name.Buffer); name.Length = strlen(name.Buffer);
@ -361,7 +370,6 @@ static nsresult ReauthenticateUserWindows(
&profileBuffer, &profileBufferLength, &luid, &token, &limits, &substs); &profileBuffer, &profileBufferLength, &luid, &token, &limits, &substs);
ScopedHANDLE scopedToken(token); ScopedHANDLE scopedToken(token);
LsaFreeReturnBuffer(profileBuffer); LsaFreeReturnBuffer(profileBuffer);
LsaDeregisterLogonProcess(scopedLsa.get());
if (sts == ERROR_SUCCESS) { if (sts == ERROR_SUCCESS) {
MOZ_LOG(gCredentialManagerSecretLog, LogLevel::Debug, MOZ_LOG(gCredentialManagerSecretLog, LogLevel::Debug,
("User logged in successfully.")); ("User logged in successfully."));