From: Jeffrey Altman Date: Tue, 17 Apr 2007 04:00:28 +0000 (+0000) Subject: KFW Network Provider Improvements X-Git-Tag: krb5-1.7-alpha1~1136 X-Git-Url: http://git.tremily.us/?a=commitdiff_plain;h=3c6941dd292b0e72dc5d21dc0d0dedd249de716a;p=krb5.git KFW Network Provider Improvements Change event log name from "KFW Logon" to "MIT Kerberos". This is being done to avoid confusion with the "KFW Logon" functionality that was provided by older versions of OpenAFS. (kfwlogon.h) Remove logging of the inability to access the "Debug" registry value. On Vista, kfwlogon.dll is no longer loaded by winlogin.exe. Instead it is loaded by mpnotify.exe which is spawned once for each logon request. (kfwcommon.c) Add a test to ensure that RegisterEventSource succeeded before calling ReportEvent. (kfwcommon.c) Absolutely make sure that krb5_init_context() succeeded before calling any other krb5 functions. (kfwcommon.c) Add a comment explaining why NPGetCaps() says we are a file system even though we are not. "It won't work otherwise." (kfwlogon.c) Change all comparisions for Windows Station and AuthentInfoType names to case insensitive comparisons. Vista does not use the same case as XP. (kfwlogon.c) Change the requested access to the temporary cache file from "All" to "Read | Delete" when importing its contents into the API cache. Otherwise, the access test will fail on Vista. (kfwlogon.c) ticket: new component: windows tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19476 dc483132-0cff-0310-8789-dd5450dbe970 --- diff --git a/src/windows/kfwlogon/kfwcommon.c b/src/windows/kfwlogon/kfwcommon.c index 1a2de0826..23295b93b 100644 --- a/src/windows/kfwlogon/kfwcommon.c +++ b/src/windows/kfwlogon/kfwcommon.c @@ -304,30 +304,9 @@ BOOL IsDebugLogging(void) LSPsize=sizeof(dwDebug); if (RegQueryValueEx(NPKey, "Debug", NULL, NULL, (LPBYTE)&dwDebug, &LSPsize) != ERROR_SUCCESS) { - static int once = 0; - dwDebug = FALSE; - - if (!once) { - HANDLE h; char *ptbuf[1]; - h = RegisterEventSource(NULL, KFW_LOGON_EVENT_NAME); - ptbuf[0] = "Unable to read debug value"; - ReportEvent(h, EVENTLOG_INFORMATION_TYPE, 0, 0, NULL, 1, 0, (const char **)ptbuf, NULL); - DeregisterEventSource(h); - once++; - } } RegCloseKey (NPKey); - } else { - static int once = 0; - if (!once) { - HANDLE h; char *ptbuf[1]; - h = RegisterEventSource(NULL, KFW_LOGON_EVENT_NAME); - ptbuf[0] = "Unable to open network provider key"; - ReportEvent(h, EVENTLOG_INFORMATION_TYPE, 0, 0, NULL, 1, 0, (const char **)ptbuf, NULL); - DeregisterEventSource(h); - once++; - } } return(dwDebug ? TRUE : FALSE); @@ -339,9 +318,11 @@ void DebugEvent0(char *a) if (IsDebugLogging()) { h = RegisterEventSource(NULL, KFW_LOGON_EVENT_NAME); - ptbuf[0] = a; - ReportEvent(h, EVENTLOG_INFORMATION_TYPE, 0, 0, NULL, 1, 0, (const char **)ptbuf, NULL); - DeregisterEventSource(h); + if (h) { + ptbuf[0] = a; + ReportEvent(h, EVENTLOG_INFORMATION_TYPE, 0, 0, NULL, 1, 0, (const char **)ptbuf, NULL); + DeregisterEventSource(h); + } } } @@ -353,13 +334,15 @@ void DebugEvent(char *b,...) if (IsDebugLogging()) { h = RegisterEventSource(NULL, KFW_LOGON_EVENT_NAME); - va_start(marker,b); - StringCbVPrintf(buf, MAXBUF_+1,b,marker); - buf[MAXBUF_] = '\0'; - ptbuf[0] = buf; - ReportEvent(h, EVENTLOG_INFORMATION_TYPE, 0, 0, NULL, 1, 0, (const char **)ptbuf, NULL); - DeregisterEventSource(h); - va_end(marker); + if (h) { + va_start(marker,b); + StringCbVPrintf(buf, MAXBUF_+1,b,marker); + buf[MAXBUF_] = '\0'; + ptbuf[0] = buf; + ReportEvent(h, EVENTLOG_INFORMATION_TYPE, 0, 0, NULL, 1, 0, (const char **)ptbuf, NULL); + DeregisterEventSource(h); + va_end(marker); + } } } @@ -1112,10 +1095,10 @@ KFW_copy_file_cache_to_default_cache(char * filename) if ( strlen(filename) + sizeof("FILE:") > sizeof(cachename) ) return 1; - strcat(cachename, filename); - code = pkrb5_init_context(&ctx); - if (code) ctx = 0; + if (code) return 1; + + strcat(cachename, filename); code = pkrb5_cc_resolve(ctx, cachename, &cc); if (code) { @@ -1189,10 +1172,10 @@ KFW_copy_file_cache_to_api_cache(char * filename) if ( strlen(filename) + sizeof("FILE:") > sizeof(cachename) ) return 1; - strcat(cachename, filename); - code = pkrb5_init_context(&ctx); - if (code) ctx = 0; + if (code) return 1; + + strcat(cachename, filename); code = pkrb5_cc_resolve(ctx, cachename, &cc); if (code) { @@ -1271,7 +1254,7 @@ KFW_destroy_tickets_for_principal(char * user) return 0; code = pkrb5_init_context(&ctx); - if (code) ctx = 0; + if (code) return 1; code = pkrb5_parse_name(ctx, user, &princ); if (code) goto loop_cleanup; diff --git a/src/windows/kfwlogon/kfwlogon.c b/src/windows/kfwlogon/kfwlogon.c index ebfca873d..b05e38fd8 100644 --- a/src/windows/kfwlogon/kfwlogon.c +++ b/src/windows/kfwlogon/kfwlogon.c @@ -64,15 +64,12 @@ BOOLEAN APIENTRY DllEntryPoint(HANDLE dll, DWORD reason, PVOID reserved) return TRUE; } - - DWORD APIENTRY NPGetCaps(DWORD index) { switch (index) { case WNNC_NET_TYPE: - /* Don't have our own type; use somebody else's. */ + /* We aren't a file system; We don't have our own type; use somebody else's. */ return WNNC_NET_SUN_PC_NFS; - case WNNC_START: /* Say we are already started, even though we might wait after we receive NPLogonNotify */ return 1; @@ -82,6 +79,7 @@ DWORD APIENTRY NPGetCaps(DWORD index) } } + static BOOL WINAPI UnicodeStringToANSI(UNICODE_STRING uInputString, LPSTR lpszOutputString, int nOutStringLen) @@ -134,6 +132,7 @@ is_windows_vista(void) return fIsWinVista; } + /* Construct a Logon Script that will cause the LogonEventHandler to be executed * under in the logon session */ @@ -178,6 +177,7 @@ ConfigureLogonScript(LPWSTR *lpLogonScript, char * filename) { free(lpTemp); } + DWORD APIENTRY NPLogonNotify( PLUID lpLogonId, LPCWSTR lpAuthentInfoType, @@ -199,17 +199,30 @@ DWORD APIENTRY NPLogonNotify( char *reason; char *ctemp; - BOOLEAN interactive; + BOOLEAN interactive = TRUE; HWND hwndOwner = (HWND)StationHandle; BOOLEAN lowercased_name = TRUE; - /* Are we interactive? */ - interactive = (wcscmp(lpStationName, L"WinSta0") == 0); - - if ( !interactive || !KFW_is_available() ) - return 0; + /* Can we load KFW binaries? */ + if ( !KFW_is_available() ) + return 0; - DebugEvent("NPLogonNotify - LoginId(%d,%d)", lpLogonId->HighPart, lpLogonId->LowPart); + /* Are we interactive? */ + if (lpStationName) + interactive = (wcsicmp(lpStationName, L"WinSta0") == 0); + + if ( !interactive ) { + char station[64]="station"; + DWORD rv; + + SetLastError(0); + rv = WideCharToMultiByte(CP_UTF8, 0, lpStationName, -1, + station, sizeof(station), NULL, NULL); + DebugEvent("Skipping NPLogonNotify- LoginId(%d,%d) - Interactive(%d:%s) - gle %d", + lpLogonId->HighPart, lpLogonId->LowPart, interactive, rv != 0 ? station : "failure", GetLastError()); + return 0; + } else + DebugEvent("NPLogonNotify - LoginId(%d,%d)", lpLogonId->HighPart, lpLogonId->LowPart); /* Initialize Logon Script to none */ *lpLogonScript=NULL; @@ -217,11 +230,11 @@ DWORD APIENTRY NPLogonNotify( /* MSV1_0_INTERACTIVE_LOGON and KERB_INTERACTIVE_LOGON are equivalent for * our purposes */ - if ( wcscmp(lpAuthentInfoType,L"MSV1_0:Interactive") && - wcscmp(lpAuthentInfoType,L"Kerberos:Interactive") ) + if ( wcsicmp(lpAuthentInfoType,L"MSV1_0:Interactive") && + wcsicmp(lpAuthentInfoType,L"Kerberos:Interactive") ) { char msg[64]; - WideCharToMultiByte(CP_ACP, 0, lpAuthentInfoType, 0, + WideCharToMultiByte(CP_ACP, 0, lpAuthentInfoType, -1, msg, sizeof(msg), NULL, NULL); msg[sizeof(msg)-1]='\0'; DebugEvent("NPLogonNotify - Unsupported Authentication Info Type: %s", msg); @@ -230,8 +243,6 @@ DWORD APIENTRY NPLogonNotify( IL = (MSV1_0_INTERACTIVE_LOGON *) lpAuthentInfo; - DebugEvent("Interactive %s", interactive ? "yes" : "no"); - /* Convert from Unicode to ANSI */ /*TODO: Use SecureZeroMemory to erase passwords */ @@ -568,10 +579,10 @@ LogonEventHandlerA(HWND hwnd, HINSTANCE hinst, LPSTR lpszCmdLine, int nCmdShow) DebugEvent0("LogonEventHandler - Start"); /* Validate lpszCmdLine as a file */ - hf = CreateFile(lpszCmdLine, FILE_ALL_ACCESS, 0, NULL, OPEN_EXISTING, + hf = CreateFile(lpszCmdLine, GENERIC_READ | DELETE, 0, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); if (hf == INVALID_HANDLE_VALUE) { - DebugEvent0("LogonEventHandler - file cannot be opened"); + DebugEvent("LogonEventHandler - \"%s\" cannot be opened", lpszCmdLine); return; } CloseHandle(hf); diff --git a/src/windows/kfwlogon/kfwlogon.h b/src/windows/kfwlogon/kfwlogon.h index d9bf13d06..0d7ddd91f 100644 --- a/src/windows/kfwlogon/kfwlogon.h +++ b/src/windows/kfwlogon/kfwlogon.h @@ -159,7 +159,7 @@ cc_free_NC_info, #define MAX_PASSWORD_LENGTH 256 #define MAX_DOMAIN_LENGTH 256 -#define KFW_LOGON_EVENT_NAME TEXT("KFW Logon") +#define KFW_LOGON_EVENT_NAME TEXT("MIT Kerberos") BOOLEAN APIENTRY DllEntryPoint(HANDLE dll, DWORD reason, PVOID reserved);