KFW Network Provider Improvements

Change event log name from "KFW Logon" to "MIT Kerberos".  This
is being done to avoid confusion with the "KFW Logon" functionality
that was provided by older versions of OpenAFS. (kfwlogon.h)

Remove logging of the inability to access the "Debug" registry value.
On Vista, kfwlogon.dll is no longer loaded by winlogin.exe.  Instead
it is loaded by mpnotify.exe which is spawned once for each logon
request.  (kfwcommon.c)

Add a test to ensure that RegisterEventSource succeeded before calling
ReportEvent.  (kfwcommon.c)

Absolutely make sure that krb5_init_context() succeeded before calling
any other krb5 functions.  (kfwcommon.c)

Add a comment explaining why NPGetCaps() says we are a file system even
though we are not.  "It won't work otherwise."  (kfwlogon.c)

Change all comparisions for Windows Station and AuthentInfoType names
to case insensitive comparisons.  Vista does not use the same case as XP.
(kfwlogon.c)

Change the requested access to the temporary cache file from "All" to
"Read | Delete" when importing its contents into the API cache.
Otherwise, the access test will fail on Vista.  (kfwlogon.c)

ticket: new
component: windows
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19476 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/windows/kfwlogon/kfwcommon.c b/src/windows/kfwlogon/kfwcommon.c
index 1a2de0826ee16ee81dddc8e3c3803b6485ae7a3e..23295b93bdb0bb71f2494f053fcaf04080829eb1 100644 (file)
--- a/src/windows/kfwlogon/kfwcommon.c
+++ b/src/windows/kfwlogon/kfwcommon.c
@@ -304,30 +304,9 @@ BOOL IsDebugLogging(void)
        LSPsize=sizeof(dwDebug);\r
        if (RegQueryValueEx(NPKey, "Debug", NULL, NULL, (LPBYTE)&dwDebug, &LSPsize) != ERROR_SUCCESS) \r
        {\r
-           static int once = 0;\r
-\r
            dwDebug = FALSE;\r
-\r
-           if (!once) {\r
-               HANDLE h; char *ptbuf[1];\r
-               h = RegisterEventSource(NULL, KFW_LOGON_EVENT_NAME);\r
-               ptbuf[0] = "Unable to read debug value";\r
-               ReportEvent(h, EVENTLOG_INFORMATION_TYPE, 0, 0, NULL, 1, 0, (const char **)ptbuf, NULL);\r
-               DeregisterEventSource(h);\r
-               once++;\r
-           }\r
        }\r
        RegCloseKey (NPKey);\r
-    } else {\r
-       static int once = 0;\r
-       if (!once) {\r
-           HANDLE h; char *ptbuf[1];\r
-           h = RegisterEventSource(NULL, KFW_LOGON_EVENT_NAME);\r
-           ptbuf[0] = "Unable to open network provider key";\r
-           ReportEvent(h, EVENTLOG_INFORMATION_TYPE, 0, 0, NULL, 1, 0, (const char **)ptbuf, NULL);\r
-           DeregisterEventSource(h);\r
-           once++;\r
-       }\r
     }\r
 \r
     return(dwDebug ? TRUE : FALSE);\r
@@ -339,9 +318,11 @@ void DebugEvent0(char *a)
     \r
     if (IsDebugLogging()) {\r
        h = RegisterEventSource(NULL, KFW_LOGON_EVENT_NAME);\r
-       ptbuf[0] = a;\r
-       ReportEvent(h, EVENTLOG_INFORMATION_TYPE, 0, 0, NULL, 1, 0, (const char **)ptbuf, NULL);\r
-       DeregisterEventSource(h);\r
+       if (h) {\r
+            ptbuf[0] = a;\r
+            ReportEvent(h, EVENTLOG_INFORMATION_TYPE, 0, 0, NULL, 1, 0, (const char **)ptbuf, NULL);\r
+            DeregisterEventSource(h);\r
+        }\r
     }\r
 }\r
 \r
@@ -353,13 +334,15 @@ void DebugEvent(char *b,...)
 \r
     if (IsDebugLogging()) {\r
        h = RegisterEventSource(NULL, KFW_LOGON_EVENT_NAME);\r
-       va_start(marker,b);\r
-       StringCbVPrintf(buf, MAXBUF_+1,b,marker);\r
-       buf[MAXBUF_] = '\0';\r
-       ptbuf[0] = buf;\r
-       ReportEvent(h, EVENTLOG_INFORMATION_TYPE, 0, 0, NULL, 1, 0, (const char **)ptbuf, NULL);\r
-       DeregisterEventSource(h);\r
-       va_end(marker);\r
+        if (h) {\r
+            va_start(marker,b);\r
+            StringCbVPrintf(buf, MAXBUF_+1,b,marker);\r
+            buf[MAXBUF_] = '\0';\r
+            ptbuf[0] = buf;\r
+            ReportEvent(h, EVENTLOG_INFORMATION_TYPE, 0, 0, NULL, 1, 0, (const char **)ptbuf, NULL);\r
+            DeregisterEventSource(h);\r
+            va_end(marker);\r
+        }\r
     }\r
 }\r
 \r
@@ -1112,10 +1095,10 @@ KFW_copy_file_cache_to_default_cache(char * filename)
     if ( strlen(filename) + sizeof("FILE:") > sizeof(cachename) )\r
         return 1;\r
 \r
-    strcat(cachename, filename);\r
-\r
     code = pkrb5_init_context(&ctx);\r
-    if (code) ctx = 0;\r
+    if (code) return 1;\r
+\r
+    strcat(cachename, filename);\r
 \r
     code = pkrb5_cc_resolve(ctx, cachename, &cc);\r
     if (code) {\r
@@ -1189,10 +1172,10 @@ KFW_copy_file_cache_to_api_cache(char * filename)
     if ( strlen(filename) + sizeof("FILE:") > sizeof(cachename) )\r
         return 1;\r
 \r
-    strcat(cachename, filename);\r
-\r
     code = pkrb5_init_context(&ctx);\r
-    if (code) ctx = 0;\r
+    if (code) return 1;\r
+\r
+    strcat(cachename, filename);\r
 \r
     code = pkrb5_cc_resolve(ctx, cachename, &cc);\r
     if (code) {\r
@@ -1271,7 +1254,7 @@ KFW_destroy_tickets_for_principal(char * user)
         return 0;\r
 \r
     code = pkrb5_init_context(&ctx);\r
-    if (code) ctx = 0;\r
+    if (code) return 1;\r
 \r
     code = pkrb5_parse_name(ctx, user, &princ);\r
     if (code) goto loop_cleanup;\r

diff --git a/src/windows/kfwlogon/kfwlogon.c b/src/windows/kfwlogon/kfwlogon.c
index ebfca873dcd60783db649d159955803c7acef1df..b05e38fd8c5923ca4b9484a28aaf072c59a61878 100644 (file)
--- a/src/windows/kfwlogon/kfwlogon.c
+++ b/src/windows/kfwlogon/kfwlogon.c
@@ -64,15 +64,12 @@ BOOLEAN APIENTRY DllEntryPoint(HANDLE dll, DWORD reason, PVOID reserved)
     return TRUE;\r
 }\r
 \r
-\r
-\r
 DWORD APIENTRY NPGetCaps(DWORD index)\r
 {\r
     switch (index) {\r
     case WNNC_NET_TYPE:\r
-        /* Don't have our own type; use somebody else's. */\r
+        /* We aren't a file system; We don't have our own type; use somebody else's. */\r
         return WNNC_NET_SUN_PC_NFS;\r
-\r
     case WNNC_START:\r
         /* Say we are already started, even though we might wait after we receive NPLogonNotify */\r
         return 1;\r
@@ -82,6 +79,7 @@ DWORD APIENTRY NPGetCaps(DWORD index)
     }\r
 }       \r
 \r
+\r
 static BOOL\r
 WINAPI\r
 UnicodeStringToANSI(UNICODE_STRING uInputString, LPSTR lpszOutputString, int nOutStringLen)\r
@@ -134,6 +132,7 @@ is_windows_vista(void)
    return fIsWinVista;\r
 }\r
 \r
+\r
 /* Construct a Logon Script that will cause the LogonEventHandler to be executed\r
  * under in the logon session \r
  */\r
@@ -178,6 +177,7 @@ ConfigureLogonScript(LPWSTR *lpLogonScript, char * filename) {
     free(lpTemp);\r
 }\r
 \r
+\r
 DWORD APIENTRY NPLogonNotify(\r
        PLUID lpLogonId,\r
        LPCWSTR lpAuthentInfoType,\r
@@ -199,17 +199,30 @@ DWORD APIENTRY NPLogonNotify(
     char *reason;\r
     char *ctemp;\r
 \r
-    BOOLEAN interactive;\r
+    BOOLEAN interactive = TRUE;\r
     HWND hwndOwner = (HWND)StationHandle;\r
     BOOLEAN lowercased_name = TRUE;\r
 \r
-    /* Are we interactive? */\r
-    interactive = (wcscmp(lpStationName, L"WinSta0") == 0);\r
-\r
-    if ( !interactive || !KFW_is_available() )\r
-       return 0;\r
+    /* Can we load KFW binaries? */\r
+    if ( !KFW_is_available() )\r
+        return 0;\r
 \r
-    DebugEvent("NPLogonNotify - LoginId(%d,%d)", lpLogonId->HighPart, lpLogonId->LowPart);\r
+    /* Are we interactive? */\r
+    if (lpStationName)\r
+        interactive = (wcsicmp(lpStationName, L"WinSta0") == 0);\r
+\r
+    if ( !interactive ) {\r
+       char station[64]="station";\r
+        DWORD rv;\r
+\r
+        SetLastError(0);\r
+       rv = WideCharToMultiByte(CP_UTF8, 0, lpStationName, -1, \r
+                           station, sizeof(station), NULL, NULL);\r
+        DebugEvent("Skipping NPLogonNotify- LoginId(%d,%d) - Interactive(%d:%s) - gle %d", \r
+                    lpLogonId->HighPart, lpLogonId->LowPart, interactive, rv != 0 ? station : "failure", GetLastError());\r
+        return 0;\r
+    } else\r
+        DebugEvent("NPLogonNotify - LoginId(%d,%d)", lpLogonId->HighPart, lpLogonId->LowPart);\r
 \r
     /* Initialize Logon Script to none */\r
     *lpLogonScript=NULL;\r
@@ -217,11 +230,11 @@ DWORD APIENTRY NPLogonNotify(
     /* MSV1_0_INTERACTIVE_LOGON and KERB_INTERACTIVE_LOGON are equivalent for\r
      * our purposes */\r
 \r
-    if ( wcscmp(lpAuthentInfoType,L"MSV1_0:Interactive") && \r
-         wcscmp(lpAuthentInfoType,L"Kerberos:Interactive") )\r
+    if ( wcsicmp(lpAuthentInfoType,L"MSV1_0:Interactive") && \r
+         wcsicmp(lpAuthentInfoType,L"Kerberos:Interactive") )\r
     {\r
        char msg[64];\r
-       WideCharToMultiByte(CP_ACP, 0, lpAuthentInfoType, 0, \r
+       WideCharToMultiByte(CP_ACP, 0, lpAuthentInfoType, -1, \r
                            msg, sizeof(msg), NULL, NULL);\r
        msg[sizeof(msg)-1]='\0';\r
         DebugEvent("NPLogonNotify - Unsupported Authentication Info Type: %s", msg);\r
@@ -230,8 +243,6 @@ DWORD APIENTRY NPLogonNotify(
 \r
     IL = (MSV1_0_INTERACTIVE_LOGON *) lpAuthentInfo;\r
 \r
-    DebugEvent("Interactive %s", interactive ? "yes" : "no");\r
-\r
     /* Convert from Unicode to ANSI */\r
 \r
     /*TODO: Use SecureZeroMemory to erase passwords */\r
@@ -568,10 +579,10 @@ LogonEventHandlerA(HWND hwnd, HINSTANCE hinst, LPSTR lpszCmdLine, int nCmdShow)
     DebugEvent0("LogonEventHandler - Start");\r
 \r
     /* Validate lpszCmdLine as a file */\r
-    hf = CreateFile(lpszCmdLine, FILE_ALL_ACCESS, 0, NULL, OPEN_EXISTING, \r
+    hf = CreateFile(lpszCmdLine, GENERIC_READ | DELETE, 0, NULL, OPEN_EXISTING, \r
                    FILE_ATTRIBUTE_NORMAL, NULL);\r
     if (hf == INVALID_HANDLE_VALUE) {\r
-        DebugEvent0("LogonEventHandler - file cannot be opened");\r
+        DebugEvent("LogonEventHandler - \"%s\" cannot be opened", lpszCmdLine);\r
        return;\r
     }\r
     CloseHandle(hf);\r

diff --git a/src/windows/kfwlogon/kfwlogon.h b/src/windows/kfwlogon/kfwlogon.h
index d9bf13d06510246df931b2fceb857969fa9b2d8a..0d7ddd91fcdc2be39505f394b30d2c4ec65cb90d 100644 (file)
--- a/src/windows/kfwlogon/kfwlogon.h
+++ b/src/windows/kfwlogon/kfwlogon.h
@@ -159,7 +159,7 @@ cc_free_NC_info,
 #define MAX_PASSWORD_LENGTH 256\r
 #define MAX_DOMAIN_LENGTH 256\r
 \r
-#define KFW_LOGON_EVENT_NAME TEXT("KFW Logon")\r
+#define KFW_LOGON_EVENT_NAME TEXT("MIT Kerberos")\r
 \r
 BOOLEAN APIENTRY DllEntryPoint(HANDLE dll, DWORD reason, PVOID reserved);\r
 \r