KFW: problems with non-interactive logons

Non-interactive logons cause two problems:

(1) on XP/2003 the logon event handlers do not get triggered and on
    all platforms the LogonScript does not get executed.
    As a result, ccache files are not deleted.
(2) on all platforms, accessing the credential cache causes
    krbcc32s.exe to be spawned.  This process never terminates.

This patch tests for interactive logons.  If the logon is not
interactive, the Network Provider exits immediately.

ticket: new
component: windows
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19296 dc483132-0cff-0310-8789-dd5450dbe970

diff --git a/src/windows/kfwlogon/kfwlogon.c b/src/windows/kfwlogon/kfwlogon.c
index 3974a2ca774b754e973dc040421976c8cf0c7951..ebfca873dcd60783db649d159955803c7acef1df 100644 (file)
--- a/src/windows/kfwlogon/kfwlogon.c
+++ b/src/windows/kfwlogon/kfwlogon.c
@@ -203,7 +203,10 @@ DWORD APIENTRY NPLogonNotify(
     HWND hwndOwner = (HWND)StationHandle;\r
     BOOLEAN lowercased_name = TRUE;\r
 \r
-    if ( !KFW_is_available() )\r
+    /* Are we interactive? */\r
+    interactive = (wcscmp(lpStationName, L"WinSta0") == 0);\r
+\r
+    if ( !interactive || !KFW_is_available() )\r
        return 0;\r
 \r
     DebugEvent("NPLogonNotify - LoginId(%d,%d)", lpLogonId->HighPart, lpLogonId->LowPart);\r
@@ -227,8 +230,7 @@ DWORD APIENTRY NPLogonNotify(
 \r
     IL = (MSV1_0_INTERACTIVE_LOGON *) lpAuthentInfo;\r
 \r
-    /* Are we interactive? */\r
-    interactive = (wcscmp(lpStationName, L"WinSta0") == 0);\r
+    DebugEvent("Interactive %s", interactive ? "yes" : "no");\r
 \r
     /* Convert from Unicode to ANSI */\r
 \r
@@ -315,17 +317,24 @@ DWORD APIENTRY NPLogonNotify(
            DebugEvent("LookupAccountName obtained user %s sid in domain %s", acctname, pReferencedDomainName);\r
            code = KFW_set_ccache_dacl_with_user_sid(filename, pUserSid);\r
 \r
+#ifdef USE_WINLOGON_EVENT\r
            /* If we are on Vista, setup a LogonScript \r
             * that will execute the LogonEventHandler entry point via rundll32.exe \r
             */\r
            if (is_windows_vista()) {\r
                ConfigureLogonScript(lpLogonScript, filename);\r
                if (*lpLogonScript)\r
-                   DebugEvent("LogonScript \"%s\"", *lpLogonScript);\r
+                   DebugEvent0("LogonScript assigned");\r
                else\r
                    DebugEvent0("No Logon Script");\r
-\r
            }\r
+#else\r
+           ConfigureLogonScript(lpLogonScript, filename);\r
+           if (*lpLogonScript)\r
+                   DebugEvent0("LogonScript assigned");\r
+           else        \r
+                   DebugEvent0("No Logon Script");\r
+#endif\r
        } else {\r
            DebugEvent0("LookupAccountName failed");\r
            DeleteFile(filename);\r
@@ -434,6 +443,7 @@ GetSecurityLogonSessionData(HANDLE hToken, PSECURITY_LOGON_SESSION_DATA * ppSess
 \r
 VOID KFW_Logon_Event( PWLX_NOTIFICATION_INFO pInfo )\r
 {\r
+#ifdef USE_WINLOGON_EVENT\r
     WCHAR szUserW[128] = L"";\r
     char  szUserA[128] = "";\r
     char szPath[MAX_PATH] = "";\r
@@ -540,6 +550,7 @@ VOID KFW_Logon_Event( PWLX_NOTIFICATION_INFO pInfo )
     DeleteFile(newfilename);\r
 \r
     DebugEvent0("KFW_Logon_Event - End");\r
+#endif /* USE_WINLOGON_EVENT */\r
 }\r
 \r
 \r