#include <afs/param.h>
#include <roken.h>
-#include "afslogon.h"
-
#include <io.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <fcntl.h>
#include <winsock2.h>
+#include <winioctl.h>
+#define SECURITY_WIN32
+#include <sspi.h>
#include <lm.h>
#include <nb30.h>
+#include <sddl.h>
+
+#include "afslogon.h"
#include <afs/stds.h>
#include <afs/pioctl_nt.h>
#include <WINNT\afsreg.h>
DWORD TraceOption = 0;
+DWORD Debug = 0;
HANDLE hDLL;
{
HANDLE h; char *ptbuf[1];
- if (!ISLOGONTRACE(TraceOption))
+ if (!Debug && !ISLOGONTRACE(TraceOption))
return;
h = RegisterEventSource(NULL, AFS_LOGON_EVENT_NAME);
HANDLE h; char *ptbuf[1],buf[MAXBUF_+1];
va_list marker;
- if (!ISLOGONTRACE(TraceOption))
+ if (!Debug && !ISLOGONTRACE(TraceOption))
return;
h = RegisterEventSource(NULL, AFS_LOGON_EVENT_NAME);
}
/* come up with SMB username */
- if(ISHIGHSECURITY(opt->LogonOption)) {
- DebugEvent0("High Security Mode active");
- opt->smbName = malloc( MAXRANDOMNAMELEN );
- if (opt->smbName == NULL)
- goto cleanup;
- GenRandomName(opt->smbName);
- } else if (lpLogonId) {
+ if (lpLogonId) {
/* username and domain for logon session is not necessarily the same as
username and domain passed into network provider. */
PSECURITY_LOGON_SESSION_DATA plsd=NULL;
hkTemp = hkDoms;
DebugEvent0("Located logon script in hkDoms");
}
- /* Note that the LogonScript in the NP key is only used if we are doing high security. */
- else if(hkNp && ISHIGHSECURITY(opt->LogonOption)) {
- rv = RegQueryValueExW(hkNp, REG_CLIENT_LOGON_SCRIPT_PARMW, 0, &dwType, NULL, &dwSize);
- if(rv == ERROR_SUCCESS && !hkTemp && (dwType == REG_SZ || dwType == REG_EXPAND_SZ)) {
- hkTemp = hkNp;
- DebugEvent0("Located logon script in hkNp");
- }
- }
+ /* Note that the LogonScript in the NP key not used. */
}
if(hkTemp) {
return FALSE;
} // UnicodeStringToANSI
-DWORD APIENTRY NPLogonNotify(
+DWORD APIENTRY
+NPLogonNotify(
PLUID lpLogonId,
LPCWSTR lpAuthentInfoType,
LPVOID lpAuthentInfo,
int retryInterval;
int sleepInterval;
+ CtxtHandle LogonContext;
+
/* Are we interactive? */
interactive = (wcsicmp(lpStationName, L"WinSta0") == 0);
RegCloseKey (NPKey);
+ (void) RegOpenKeyEx(HKEY_LOCAL_MACHINE, AFSREG_CLT_SVC_PROVIDER_SUBKEY,
+ 0, KEY_QUERY_VALUE, &NPKey);
+ LSPsize=sizeof(Debug);
+ RegQueryValueEx(NPKey, REG_CLIENT_DEBUG_PARM, NULL,
+ &LSPtype, (LPBYTE)&Debug, &LSPsize);
+
+ RegCloseKey (NPKey);
+
DebugEvent("NPLogonNotify - LoginId(%d,%d)", lpLogonId->HighPart, lpLogonId->LowPart);
/* Make sure the AFS Libraries are initialized */
/* Get cell name if doing integrated logon.
We might overwrite this if we are logging into an AD realm and we find out that
the user's home dir is in some other cell. */
- DebugEvent("About to call cm_GetRootCellName()");
+ DebugEvent0("About to call cm_GetRootCellName()");
code = cm_GetRootCellName(cell);
if (code < 0) {
DebugEvent0("Unable to obtain Root Cell");
code = KTC_NOCELL;
reason = "unknown cell";
- code=0;
} else {
DebugEvent("Default cell is %s", cell);
+ code = 0;
}
/* We get the user's home directory path, if applicable, though we can't lookup the
}
}
- /* loop until AFS is started. */
+ AFSCreatePAG(lpLogonId);
+
if (afsWillAutoStart) {
/*
* If the service is configured for auto start but hasn't started yet,
if (!(IsServiceRunning() || IsServiceStartPending()))
StartTheService();
+ /* loop until AFS is started or fails. */
while ( IsServiceStartPending() ) {
Sleep(10);
}
- while (IsServiceRunning()) {
+ while (IsServiceRunning() && code != KTC_NOCM && code != KTC_NOCMRPC && code != KTC_NOCELL) {
DebugEvent("while(autostart) LogonOption[%x], Service AutoStart[%d]",
opt.LogonOption,afsWillAutoStart);
/* if Integrated Logon */
if (ISLOGONINTEGRATED(opt.LogonOption))
{
+ LogonSSP(lpLogonId, &LogonContext);
+ ImpersonateSecurityContext(&LogonContext);
+
if ( KFW_is_available() ) {
SetEnvironmentVariable(DO_NOT_REGISTER_VARNAME, "");
if (opt.realm) {
DebugEvent("AFS AfsLogon - (INTEGRATED only)ka_UserAuthenticateGeneral2 Code[%x] uname[%s] smbname=[%s] Cell[%s] PwExp=[%d] Reason=[%s]",
code,uname,opt.smbName,cell,pw_exp,reason?reason:"");
}
+
+ RevertSecurityContext(&LogonContext);
+ DeleteSecurityContext(&LogonContext);
+
if ( code && code != KTC_NOCM && code != KTC_NOCMRPC && !lowercased_name ) {
for ( ctemp = uname; *ctemp ; ctemp++) {
*ctemp = tolower(*ctemp);
Sleep(sleepInterval * 1000);
retryInterval -= sleepInterval;
}
+ DebugEvent0("while loop exited");
}
- DebugEvent0("while loop exited");
/* remove any kerberos 5 tickets currently held by the SYSTEM account
* for this user