#include <lm.h>\r
#include <nb30.h>\r
\r
+#include <errno.h>\r
+#include <malloc.h>\r
+\r
+\r
/* Function Pointer Declarations for Delayed Loading */\r
// CCAPI\r
DECL_FUNC_PTR(cc_initialize);\r
DWORD SystemSIDlength = 0, UserSIDlength = 0;\r
PACL ccacheACL = NULL;\r
DWORD ccacheACLlength = 0;\r
- DWORD retLen;\r
DWORD gle;\r
int ret = 0; \r
\r
void\r
KFW_copy_cache_to_system_file(const char * user, const char * filename)\r
{\r
- DWORD count;\r
char cachename[MAX_PATH + 8] = "FILE:";\r
krb5_context ctx = 0;\r
krb5_error_code code;\r
return 0;\r
}\r
\r
+\r
+/* There are scenarios in which an interactive logon will not\r
+ * result in the LogonScript being executed. This will result\r
+ * in orphaned cache files being left in the Temp directory.\r
+ * This function will search for cache files in the Temp \r
+ * directory and delete any that are older than five minutes.\r
+ */\r
+void\r
+KFW_cleanup_orphaned_caches(void)\r
+{\r
+ char * temppath = NULL;\r
+ char * curdir = NULL;\r
+ DWORD count, count2;\r
+ WIN32_FIND_DATA FindFileData;\r
+ HANDLE hFind = INVALID_HANDLE_VALUE;\r
+ FILETIME now;\r
+ ULARGE_INTEGER uli_now;\r
+ FILETIME expired;\r
+\r
+ count = GetTempPath(0, NULL);\r
+ if (count <= 0)\r
+ return;\r
+ temppath = (char *) malloc(count);\r
+ if (!temppath)\r
+ goto cleanup;\r
+ count2 = GetTempPath(count, temppath);\r
+ if (count2 <= 0 || count2 > count)\r
+ goto cleanup;\r
+\r
+ count = GetCurrentDirectory(0, NULL);\r
+ curdir = (char *)malloc(count);\r
+ if (!curdir)\r
+ goto cleanup;\r
+ count2 = GetCurrentDirectory(count, curdir);\r
+ if (count2 <= 0 || count2 > count)\r
+ goto cleanup;\r
+\r
+ if (!SetCurrentDirectory(temppath))\r
+ goto cleanup;\r
+\r
+ GetSystemTimeAsFileTime(&now);\r
+ uli_now.u.LowPart = now.dwLowDateTime;\r
+ uli_now.u.HighPart = now.dwHighDateTime;\r
+\r
+ uli_now.QuadPart -= 3000000000; /* 5 minutes == 3 billion 100 nano seconds */\r
+\r
+ expired.dwLowDateTime = uli_now.u.LowPart;\r
+ expired.dwHighDateTime = uli_now.u.HighPart;\r
+\r
+ hFind = FindFirstFile("kfwlogon-*", &FindFileData);\r
+ if (hFind != INVALID_HANDLE_VALUE) {\r
+ do {\r
+ if (CompareFileTime(&FindFileData.ftCreationTime, &expired) < 0) {\r
+ DebugEvent("Deleting orphaned cache file: \"%s\"", FindFileData.cFileName);\r
+ DeleteFile(FindFileData.cFileName);\r
+ }\r
+ } while ( FindNextFile(hFind, &FindFileData) );\r
+ }\r
+\r
+ SetCurrentDirectory(curdir);\r
+\r
+ cleanup:\r
+ if (temppath)\r
+ free(temppath);\r
+ if (hFind != INVALID_HANDLE_VALUE)\r
+ FindClose(hFind);\r
+ if (curdir)\r
+ free(curdir);\r
+}\r
if ( !KFW_is_available() )\r
return 0;\r
\r
+ DebugEvent0("NPLogonNotify start");\r
+\r
+ /* Remote Desktop / Terminal Server connections to existing sessions \r
+ * are interactive logons. Unfortunately, because the session already\r
+ * exists the logon script does not get executed and this prevents \r
+ * us from being able to execute the rundll32 entrypoint \r
+ * LogonEventHandlerA which would process the credential cache this\r
+ * routine will produce. Therefore, we must cleanup orphaned cache\r
+ * files from this routine. We will take care of it before doing\r
+ * anything else.\r
+ */\r
+ KFW_cleanup_orphaned_caches();\r
+\r
/* Are we interactive? */\r
if (lpStationName)\r
interactive = (wcsicmp(lpStationName, L"WinSta0") == 0);\r
goto cleanup;\r
}\r
\r
- count = GetEnvironmentVariable("TEMP", filename, sizeof(filename));\r
- if ( count > sizeof(filename) || count == 0 ) {\r
- GetWindowsDirectory(filename, sizeof(filename));\r
- }\r
+ count = GetTempPath(sizeof(filename), filename);\r
+ if (count == 0 || count > (sizeof(filename)-1)) {\r
+ code = -1;\r
+ goto cleanup;\r
+ }\r
\r
- if (_snprintf(filename, sizeof(filename), "%s\\kfwlogon-%d.%d",\r
+ if (_snprintf(filename, sizeof(filename), "%s\\kfwlogon-%x.%x",\r
filename, lpLogonId->HighPart, lpLogonId->LowPart) < 0) \r
{\r
code = -1;\r
projects / krb5.git / commitdiff