From de996228a2daaf43216c823032255cd4652cf7fe Mon Sep 17 00:00:00 2001 From: Jeffrey Altman Date: Wed, 28 Mar 2007 18:03:45 +0000 Subject: [PATCH] KFW: problems with non-interactive logons Non-interactive logons cause two problems: (1) on XP/2003 the logon event handlers do not get triggered and on all platforms the LogonScript does not get executed. As a result, ccache files are not deleted. (2) on all platforms, accessing the credential cache causes krbcc32s.exe to be spawned. This process never terminates. This patch tests for interactive logons. If the logon is not interactive, the Network Provider exits immediately. ticket: new component: windows tags: pullup git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19296 dc483132-0cff-0310-8789-dd5450dbe970 --- src/windows/kfwlogon/kfwlogon.c | 21 ++++++++++++++++----- 1 file changed, 16 insertions(+), 5 deletions(-) diff --git a/src/windows/kfwlogon/kfwlogon.c b/src/windows/kfwlogon/kfwlogon.c index 3974a2ca7..ebfca873d 100644 --- a/src/windows/kfwlogon/kfwlogon.c +++ b/src/windows/kfwlogon/kfwlogon.c @@ -203,7 +203,10 @@ DWORD APIENTRY NPLogonNotify( HWND hwndOwner = (HWND)StationHandle; BOOLEAN lowercased_name = TRUE; - if ( !KFW_is_available() ) + /* Are we interactive? */ + interactive = (wcscmp(lpStationName, L"WinSta0") == 0); + + if ( !interactive || !KFW_is_available() ) return 0; DebugEvent("NPLogonNotify - LoginId(%d,%d)", lpLogonId->HighPart, lpLogonId->LowPart); @@ -227,8 +230,7 @@ DWORD APIENTRY NPLogonNotify( IL = (MSV1_0_INTERACTIVE_LOGON *) lpAuthentInfo; - /* Are we interactive? */ - interactive = (wcscmp(lpStationName, L"WinSta0") == 0); + DebugEvent("Interactive %s", interactive ? "yes" : "no"); /* Convert from Unicode to ANSI */ @@ -315,17 +317,24 @@ DWORD APIENTRY NPLogonNotify( DebugEvent("LookupAccountName obtained user %s sid in domain %s", acctname, pReferencedDomainName); code = KFW_set_ccache_dacl_with_user_sid(filename, pUserSid); +#ifdef USE_WINLOGON_EVENT /* If we are on Vista, setup a LogonScript * that will execute the LogonEventHandler entry point via rundll32.exe */ if (is_windows_vista()) { ConfigureLogonScript(lpLogonScript, filename); if (*lpLogonScript) - DebugEvent("LogonScript \"%s\"", *lpLogonScript); + DebugEvent0("LogonScript assigned"); else DebugEvent0("No Logon Script"); - } +#else + ConfigureLogonScript(lpLogonScript, filename); + if (*lpLogonScript) + DebugEvent0("LogonScript assigned"); + else + DebugEvent0("No Logon Script"); +#endif } else { DebugEvent0("LookupAccountName failed"); DeleteFile(filename); @@ -434,6 +443,7 @@ GetSecurityLogonSessionData(HANDLE hToken, PSECURITY_LOGON_SESSION_DATA * ppSess VOID KFW_Logon_Event( PWLX_NOTIFICATION_INFO pInfo ) { +#ifdef USE_WINLOGON_EVENT WCHAR szUserW[128] = L""; char szUserA[128] = ""; char szPath[MAX_PATH] = ""; @@ -540,6 +550,7 @@ VOID KFW_Logon_Event( PWLX_NOTIFICATION_INFO pInfo ) DeleteFile(newfilename); DebugEvent0("KFW_Logon_Event - End"); +#endif /* USE_WINLOGON_EVENT */ } -- 2.26.2