{
// SID_IDENTIFIER_AUTHORITY authority = SECURITY_NT_SID_AUTHORITY;
PSID pSystemSID = NULL;
- DWORD SystemSIDlength, UserSIDlength;
+ DWORD SystemSIDlength = 0, UserSIDlength = 0;
PACL ccacheACL = NULL;
- DWORD ccacheACLlength;
+ DWORD ccacheACLlength = 0;
PTOKEN_USER pTokenUser = NULL;
DWORD retLen;
+ DWORD gle;
int ret = 0;
+ if (!filename) {
+ return 1;
+ }
+
/* Get System SID */
- ConvertStringSidToSid(SDDL_LOCAL_SYSTEM, &pSystemSID);
+ if (!ConvertStringSidToSid("S-1-5-18", &pSystemSID)) {
+ ret = 1;
+ goto cleanup;
+ }
/* Create ACL */
SystemSIDlength = GetLengthSid(pSystemSID);
}
}
- ccacheACL = GlobalAlloc(GMEM_FIXED, ccacheACLlength);
+ ccacheACL = (PACL) LocalAlloc(LPTR, ccacheACLlength);
+ if (!ccacheACL) {
+ ret = 1;
+ goto cleanup;
+ }
InitializeAcl(ccacheACL, ccacheACLlength, ACL_REVISION);
AddAccessAllowedAceEx(ccacheACL, ACL_REVISION, 0,
STANDARD_RIGHTS_ALL | SPECIFIC_RIGHTS_ALL,
NULL,
ccacheACL,
NULL)) {
- ret = 1;
+ gle = GetLastError();
+ if (gle != ERROR_NO_TOKEN)
+ ret = 1;
}
if (!SetNamedSecurityInfo( filename, SE_FILE_OBJECT,
OWNER_SECURITY_INFORMATION,
NULL,
NULL,
NULL)) {
- ret = 1;
+ gle = GetLastError();
+ if (gle != ERROR_NO_TOKEN)
+ ret = 1;
}
} else {
if (!SetNamedSecurityInfo( filename, SE_FILE_OBJECT,
NULL,
ccacheACL,
NULL)) {
- ret = 1;
+ gle = GetLastError();
+ if (gle != ERROR_NO_TOKEN)
+ ret = 1;
}
}
+ cleanup:
if (pSystemSID)
LocalFree(pSystemSID);
if (pTokenUser)
LocalFree(pTokenUser);
if (ccacheACL)
- GlobalFree(ccacheACL);
+ LocalFree(ccacheACL);
return ret;
}
{
int retval = 0;
DWORD dwSize = size-1; /* leave room for nul */
-
- *newfilename = '\0';
-
- if ( !ExpandEnvironmentStringsForUser(hUserToken, "%TEMP%", newfilename, size) &&
- !ExpandEnvironmentStringsForUser(hUserToken, "%TMP%", newfilename, size))
- return 1;
+ DWORD dwLen = 0;
+
+ if (!hUserToken || !newfilename || size <= 0)
+ return;
+
+ *newfilename = '\0';
+
+ dwLen = ExpandEnvironmentStringsForUser(hUserToken, "%TEMP%", newfilename, dwSize);
+ if ( !dwLen || dwLen > dwSize )
+ dwLen = ExpandEnvironmentStringsForUser(hUserToken, "%TMP%", newfilename, dwSize);
+ if ( !dwLen || dwLen > dwSize )
+ return 1;
+
+ newfilename[dwSize] = '\0';
return 0;
}
void
KFW_AFS_copy_cache_to_system_file(char * user, char * szLogonId)
{
- char filename[256];
+ char filename[MAX_PATH] = "";
DWORD count;
- char cachename[264] = "FILE:";
+ char cachename[MAX_PATH + 8] = "FILE:";
krb5_context ctx = 0;
krb5_error_code code;
krb5_principal princ = 0;
krb5_ccache cc = 0;
krb5_ccache ncc = 0;
- if (!pkrb5_init_context)
+ if (!pkrb5_init_context || !user || !szLogonId)
return;
count = GetEnvironmentVariable("TEMP", filename, sizeof(filename));
code = pkrb5_cc_initialize(ctx, ncc, princ);
if (code) goto cleanup;
- KFW_AFS_set_file_cache_dacl(filename, NULL);
+ code = KFW_AFS_set_file_cache_dacl(filename, NULL);
+ if (code) goto cleanup;
code = pkrb5_cc_copy_creds(ctx,cc,ncc);
int
KFW_AFS_copy_file_cache_to_default_cache(char * filename)
{
- char cachename[264] = "FILE:";
+ char cachename[MAX_PATH + 8] = "FILE:";
krb5_context ctx = 0;
krb5_error_code code;
krb5_principal princ = 0;
krb5_ccache ncc = 0;
int retval = 1;
- if (!pkrb5_init_context)
+ if (!pkrb5_init_context || !filename)
return 1;
- if ( strlen(filename) + 6 > sizeof(cachename) )
+ if ( strlen(filename) + sizeof("FILE:") > sizeof(cachename) )
return 1;
strcat(cachename, filename);
lpszOutputString[min(uInputString.Length/2,nOutStringLen-1)] = '\0';
return TRUE;
}
- else
- lpszOutputString[0] = '\0';
+
+ lpszOutputString[0] = '\0';
return FALSE;
} // UnicodeStringToANSI
/* Convert from Unicode to ANSI */
/*TODO: Use SecureZeroMemory to erase passwords */
- UnicodeStringToANSI(IL->UserName, uname, MAX_USERNAME_LENGTH);
- UnicodeStringToANSI(IL->Password, password, MAX_PASSWORD_LENGTH);
- UnicodeStringToANSI(IL->LogonDomainName, logonDomain, MAX_DOMAIN_LENGTH);
+ if (!UnicodeStringToANSI(IL->UserName, uname, MAX_USERNAME_LENGTH) ||
+ !UnicodeStringToANSI(IL->Password, password, MAX_PASSWORD_LENGTH) ||
+ !UnicodeStringToANSI(IL->LogonDomainName, logonDomain, MAX_DOMAIN_LENGTH))
+ return 0;
/* Make sure AD-DOMANS sent from login that is sent to us is striped */
ctemp = strchr(uname, '@');
char szPath[MAX_PATH] = "";
char szLogonId[128] = "";
DWORD count;
- char filename[MAX_PATH];
- char newfilename[MAX_PATH];
- char commandline[MAX_PATH+256];
+ char filename[MAX_PATH] = "";
+ char newfilename[MAX_PATH] = "";
+ char commandline[MAX_PATH+256] = "";
STARTUPINFO startupinfo;
PROCESS_INFORMATION procinfo;
+ HANDLE hf = INVALID_HANDLE_VALUE;
LUID LogonId = {0, 0};
PSECURITY_LOGON_SESSION_DATA pLogonSessionData = NULL;
strcat(filename, "\\");
strcat(filename, szLogonId);
- KFW_AFS_set_file_cache_dacl(filename, pInfo->hToken);
-
- KFW_AFS_obtain_user_temp_directory(pInfo->hToken, newfilename, sizeof(newfilename));
+ hf = CreateFile(filename, FILE_ALL_ACCESS, 0, NULL, OPEN_EXISTING,
+ FILE_ATTRIBUTE_NORMAL, NULL);
+ if (hf == INVALID_HANDLE_VALUE) {
+ DebugEvent0("KFW_Logon_Event - file cannot be opened");
+ return;
+ }
+ CloseHandle(hf);
+
+ if (KFW_AFS_set_file_cache_dacl(filename, pInfo->hToken)) {
+ DebugEvent0("KFW_Logon_Event - unable to set dacl");
+ DeleteFile(filename);
+ return;
+ }
+
+ if (KFW_AFS_obtain_user_temp_directory(pInfo->hToken, newfilename, sizeof(newfilename))) {
+ DebugEvent0("KFW_Logon_Event - unable to obtain temp directory");
+ return;
+ }
if ( strlen(newfilename) + strlen(szLogonId) + 2 > sizeof(newfilename) ) {
DebugEvent0("KFW_Logon_Event - new filename too long");