#include "afskfw.h"
#include "lanahelper.h"
+/* Allocated in Windows Driver Kit */
+#ifndef WNNC_NET_OPENAFS
+#define WNNC_NET_OPENAFS 0x00390000
+#endif
+
#include <WINNT\afsreg.h>
DWORD TraceOption = 0;
return;
h = RegisterEventSource(NULL, AFS_LOGON_EVENT_NAME);
- ptbuf[0] = a;
- ReportEvent(h, EVENTLOG_INFORMATION_TYPE, 0, 0, NULL, 1, 0, (const char **)ptbuf, NULL);
- DeregisterEventSource(h);
+ if (h != INVALID_HANDLE_VALUE) {
+ ptbuf[0] = a;
+ ReportEvent(h, EVENTLOG_INFORMATION_TYPE, 0, 1008, NULL, 1, 0, (const char **)ptbuf, NULL);
+ DeregisterEventSource(h);
+ }
}
#define MAXBUF_ 512
return;
h = RegisterEventSource(NULL, AFS_LOGON_EVENT_NAME);
- va_start(marker,b);
- StringCbVPrintf(buf, MAXBUF_+1,b,marker);
- buf[MAXBUF_] = '\0';
- ptbuf[0] = buf;
- ReportEvent(h, EVENTLOG_INFORMATION_TYPE, 0, 0, NULL, 1, 0, (const char **)ptbuf, NULL);
- DeregisterEventSource(h);
- va_end(marker);
+ if (h != INVALID_HANDLE_VALUE) {
+ va_start(marker,b);
+ StringCbVPrintf(buf, MAXBUF_+1,b,marker);
+ buf[MAXBUF_] = '\0';
+ ptbuf[0] = buf;
+ ReportEvent(h, EVENTLOG_INFORMATION_TYPE, 0, 1008, NULL, 1, 0, (const char **)ptbuf, NULL);
+ DeregisterEventSource(h);
+ va_end(marker);
+ }
}
static HANDLE hInitMutex = NULL;
BOOLEAN APIENTRY DllEntryPoint(HANDLE dll, DWORD reason, PVOID reserved)
{
+ WSADATA wsaData;
hDLL = dll;
+
switch (reason) {
case DLL_PROCESS_ATTACH:
- /* Initialization Mutex */
- if (!bInit) {
+ /* Initialization Mutex */
+ if (!hInitMutex)
hInitMutex = CreateMutex(NULL, FALSE, NULL);
- SetEnvironmentVariable(DO_NOT_REGISTER_VARNAME, "");
- }
+
+ WSAStartup( MAKEWORD(2,2), &wsaData );
break;
case DLL_PROCESS_DETACH:
- /* do nothing on unload because we might
- * be reloaded.
- */
+ WSACleanup();
CloseHandle(hInitMutex);
hInitMutex = NULL;
bInit = FALSE;
switch (index) {
case WNNC_NET_TYPE:
/* Don't have our own type; use somebody else's. */
- return WNNC_NET_SUN_PC_NFS;
+ return WNNC_NET_OPENAFS;
case WNNC_START:
/* Say we are already started, even though we might wait after we receive NPLogonNotify */
if(hkDom) { \
dwSize = sizeof(v); \
rv = RegQueryValueEx(hkDom, n, 0, &dwType, (LPBYTE) &(v), &dwSize); \
- if(rv == ERROR_SUCCESS) DebugEvent(#v " found in hkDom with type [%d]", dwType); \
+ if(rv == ERROR_SUCCESS || rv == ERROR_MORE_DATA) \
+ DebugEvent(#v " found in hkDom with type [%d]", dwType); \
} \
- if(hkDoms && (rv != ERROR_SUCCESS || dwType != t)) { \
+ if(hkDoms && ((rv != ERROR_SUCCESS && rv != ERROR_MORE_DATA) || dwType != t)) { \
dwSize = sizeof(v); \
rv = RegQueryValueEx(hkDoms, n, 0, &dwType, (LPBYTE) &(v), &dwSize); \
- if(rv == ERROR_SUCCESS) DebugEvent(#v " found in hkDoms with type [%d]", dwType); \
+ if(rv == ERROR_SUCCESS || rv == ERROR_MORE_DATA) \
+ DebugEvent(#v " found in hkDoms with type [%d]", dwType); \
} \
- if(hkNp && (rv != ERROR_SUCCESS || dwType != t)) { \
+ if(hkNp && ((rv != ERROR_SUCCESS && rv != ERROR_MORE_DATA) || dwType != t)) { \
dwSize = sizeof(v); \
rv = RegQueryValueEx(hkNp, n, 0, &dwType, (LPBYTE) &(v), &dwSize); \
- if(rv == ERROR_SUCCESS) DebugEvent(#v " found in hkNp with type [%d]", dwType); \
+ if(rv == ERROR_SUCCESS || rv == ERROR_MORE_DATA) \
+ DebugEvent(#v " found in hkNp with type [%d]", dwType); \
} \
- if(rv != ERROR_SUCCESS || dwType != t) { \
+ if((rv != ERROR_SUCCESS && rv != ERROR_MORE_DATA) || dwType != t) { \
v = d; \
- DebugEvent(#v " being set to default"); \
+ DebugEvent0(#v " being set to default"); \
} \
} while(0)
DWORD dwSize;
DWORD dwType;
DWORD dwDummy;
- char computerName[MAX_COMPUTERNAME_LENGTH + 1];
- char *effDomain;
+ char computerName[MAX_COMPUTERNAME_LENGTH + 1]="";
+ char *effDomain = NULL;
memset(opt, 0, sizeof(LogonOptions_t));
/* If the domain is the same as the Netbios computer name, we use the LOCALHOST domain name*/
opt->flags = LOGON_FLAG_REMOTE;
if(domain) {
- dwSize = MAX_COMPUTERNAME_LENGTH;
+ dwSize = MAX_COMPUTERNAME_LENGTH + 1;
if(GetComputerName(computerName, &dwSize)) {
- if(!stricmp(computerName, domain)) {
+ if(!cm_stricmp_utf8(computerName, domain)) {
effDomain = "LOCALHOST";
opt->flags = LOGON_FLAG_LOCAL;
}
- else
- effDomain = domain;
}
- } else
- effDomain = NULL;
+ if (effDomain == NULL)
+ effDomain = domain;
+ }
rv = RegOpenKeyEx( HKEY_LOCAL_MACHINE, AFSREG_CLT_SVC_PARAM_SUBKEY, 0, KEY_READ, &hkParm );
if(rv != ERROR_SUCCESS) {
hkDoms = NULL;
}
} else
- DebugEvent("Not opening domain key for [%s]", effDomain);
+ DebugEvent0("Not opening domain key");
/* Each individual can either be specified on the domain key, the domains key or in the
net provider key. They fail over in that order. If none is found, we just use the
rv = RegQueryValueEx(hkParm, REG_CLIENT_FAIL_SILENTLY_PARM, 0, &dwType, (LPBYTE) &dwDummy, &dwSize);
if (rv != ERROR_SUCCESS)
LOOKUPKEYCHAIN(dwDummy, REG_DWORD, DEFAULT_FAIL_SILENTLY, REG_CLIENT_FAIL_SILENTLY_PARM);
- opt->failSilently = !!dwDummy;
+ opt->failSilently = dwDummy ? 1 :0;
/* Retry interval */
LOOKUPKEYCHAIN(opt->retryInterval, REG_DWORD, DEFAULT_RETRY_INTERVAL, REG_CLIENT_RETRY_INTERVAL_PARM);
/* Sleep interval */
LOOKUPKEYCHAIN(opt->sleepInterval, REG_DWORD, DEFAULT_SLEEP_INTERVAL, REG_CLIENT_SLEEP_INTERVAL_PARM);
- opt->logonScript = NULL;
- opt->smbName = NULL;
-
if(!ISLOGONINTEGRATED(opt->LogonOption)) {
+ DebugEvent0("Integrated logon disabled");
goto cleanup; /* no need to lookup the logon script */
}
/* come up with SMB username */
if(ISHIGHSECURITY(opt->LogonOption)) {
+ DebugEvent0("High Security Mode active");
opt->smbName = malloc( MAXRANDOMNAMELEN );
+ if (opt->smbName == NULL)
+ goto cleanup;
GenRandomName(opt->smbName);
} else if (lpLogonId) {
/* username and domain for logon session is not necessarily the same as
username and domain passed into network provider. */
- PSECURITY_LOGON_SESSION_DATA plsd;
- char lsaUsername[MAX_USERNAME_LENGTH];
- char lsaDomain[MAX_DOMAIN_LENGTH];
+ PSECURITY_LOGON_SESSION_DATA plsd=NULL;
+ char lsaUsername[MAX_USERNAME_LENGTH]="";
+ char lsaDomain[MAX_DOMAIN_LENGTH]="";
size_t len, tlen;
+ NTSTATUS Status;
- LsaGetLogonSessionData(lpLogonId, &plsd);
+ Status = LsaGetLogonSessionData(lpLogonId, &plsd);
+ if ( FAILED(Status) || plsd == NULL ) {
+ DebugEvent("LsaGetLogonSessionData failed [0x%x]", Status);
+ goto bad_strings;
+ }
- UnicodeStringToANSI(plsd->UserName, lsaUsername, MAX_USERNAME_LENGTH);
- UnicodeStringToANSI(plsd->LogonDomain, lsaDomain, MAX_DOMAIN_LENGTH);
+ if (!UnicodeStringToANSI(plsd->UserName, lsaUsername, MAX_USERNAME_LENGTH))
+ goto bad_strings;
+
+ if (!UnicodeStringToANSI(plsd->LogonDomain, lsaDomain, MAX_DOMAIN_LENGTH))
+ goto bad_strings;
DebugEvent("PLSD username[%s] domain[%s]",lsaUsername,lsaDomain);
len += 2;
opt->smbName = malloc(len);
+ if (opt->smbName == NULL)
+ goto cleanup;
StringCbCopy(opt->smbName, len, lsaDomain);
StringCbCat(opt->smbName, len, "\\");
strlwr(opt->smbName);
bad_strings:
- LsaFreeReturnBuffer(plsd);
- } else {
+ if (plsd)
+ LsaFreeReturnBuffer(plsd);
+ }
+ if (opt->smbName == NULL) {
size_t len;
- DebugEvent("No LUID given. Constructing username using [%s] and [%s]",
+ DebugEvent("Constructing username using [%s] and [%s]",
username, domain);
len = strlen(username) + strlen(domain) + 2;
opt->smbName = malloc(len);
+ if (opt->smbName == NULL)
+ goto cleanup;
- StringCbCopy(opt->smbName, len, username);
+ StringCbCopy(opt->smbName, len, domain);
StringCbCat(opt->smbName, len, "\\");
- StringCbCat(opt->smbName, len, domain);
+ StringCbCat(opt->smbName, len, username);
strlwr(opt->smbName);
}
- DebugEvent("Looking up logon script");
+ DebugEvent0("Looking up logon script");
/* Logon script */
/* First find out where the key is */
hkTemp = NULL;
rv = RegQueryValueExW(hkDom, REG_CLIENT_LOGON_SCRIPT_PARMW, 0, &dwType, NULL, &dwSize);
if(rv == ERROR_SUCCESS && (dwType == REG_SZ || dwType == REG_EXPAND_SZ)) {
hkTemp = hkDom;
- DebugEvent("Located logon script in hkDom");
+ DebugEvent0("Located logon script in hkDom");
}
- else if(hkDoms)
+ else if(hkDoms) {
rv = RegQueryValueExW(hkDoms, REG_CLIENT_LOGON_SCRIPT_PARMW, 0, &dwType, NULL, &dwSize);
- if(rv == ERROR_SUCCESS && !hkTemp && (dwType == REG_SZ || dwType == REG_EXPAND_SZ)) {
- hkTemp = hkDoms;
- DebugEvent("Located logon script in hkDoms");
- }
- /* Note that the LogonScript in the NP key is only used if we are doing high security. */
- else if(hkNp && ISHIGHSECURITY(opt->LogonOption))
- rv = RegQueryValueExW(hkNp, REG_CLIENT_LOGON_SCRIPT_PARMW, 0, &dwType, NULL, &dwSize);
- if(rv == ERROR_SUCCESS && !hkTemp && (dwType == REG_SZ || dwType == REG_EXPAND_SZ)) {
- hkTemp = hkNp;
- DebugEvent("Located logon script in hkNp");
+ if(rv == ERROR_SUCCESS && !hkTemp && (dwType == REG_SZ || dwType == REG_EXPAND_SZ)) {
+ hkTemp = hkDoms;
+ DebugEvent0("Located logon script in hkDoms");
+ }
+ /* Note that the LogonScript in the NP key is only used if we are doing high security. */
+ else if(hkNp && ISHIGHSECURITY(opt->LogonOption)) {
+ rv = RegQueryValueExW(hkNp, REG_CLIENT_LOGON_SCRIPT_PARMW, 0, &dwType, NULL, &dwSize);
+ if(rv == ERROR_SUCCESS && !hkTemp && (dwType == REG_SZ || dwType == REG_EXPAND_SZ)) {
+ hkTemp = hkNp;
+ DebugEvent0("Located logon script in hkNp");
+ }
+ }
}
if(hkTemp) {
len ++;
wuname = malloc(len * sizeof(WCHAR));
+ if (!wuname)
+ goto doneLogonScript;
MultiByteToWideChar(CP_ACP,0,opt->smbName,-1,wuname,(int)(len*sizeof(WCHAR)));
DebugEvent("Username is set for [%S]", wuname);
/* dwSize still has the size of the required buffer in bytes. */
regscript = malloc(dwSize);
+ if (!regscript)
+ goto doneLogonScript;
rv = RegQueryValueExW(hkTemp, REG_CLIENT_LOGON_SCRIPT_PARMW, 0, &dwType, (LPBYTE) regscript, &dwSize);
if(rv != ERROR_SUCCESS) {/* what the ..? */
- DebugEvent("Can't look up logon script [%d]",rv);
+ DebugEvent("Can't look up logon script rv [%d] size [%d] gle %d",rv, dwSize, GetLastError());
goto doneLogonScript;
}
dwSize += MAX_PATH * sizeof(WCHAR); /* make room for environment expansion. */
regexscript = malloc(dwSize);
+ if (!regexscript)
+ goto doneLogonScript;
dwReq = ExpandEnvironmentStringsW(regscript, regexscript, dwSize / sizeof(WCHAR));
free(regscript);
regscript = regexscript;
regexscript = NULL;
if(dwReq > (dwSize / sizeof(WCHAR))) {
- DebugEvent("Overflow while expanding environment strings.");
+ DebugEvent0("Overflow while expanding environment strings.");
goto doneLogonScript;
}
}
if(wcsstr(regscript, L"%s")) {
dwSize += (DWORD)(len * sizeof(WCHAR)); /* make room for username expansion */
regexuscript = (WCHAR *) LocalAlloc(LMEM_FIXED, dwSize);
+ if (!regexuscript)
+ goto doneLogonScript;
hr = StringCbPrintfW(regexuscript, dwSize, regscript, wuname);
} else {
regexuscript = (WCHAR *) LocalAlloc(LMEM_FIXED, dwSize);
+ if (!regexuscript)
+ goto doneLogonScript;
hr = StringCbCopyW(regexuscript, dwSize, regscript);
}
if(regexscript) free(regexscript);
}
- DebugEvent("Looking up TheseCells");
- /* Logon script */
+ DebugEvent0("Looking up TheseCells");
+ /* TheseCells */
/* First find out where the key is */
hkTemp = NULL;
rv = ~ERROR_SUCCESS;
- dwType = 0;
+ dwSize = 0;
if (hkDom)
rv = RegQueryValueEx(hkDom, REG_CLIENT_THESE_CELLS_PARM, 0, &dwType, NULL, &dwSize);
if (rv == ERROR_SUCCESS && dwType == REG_MULTI_SZ) {
hkTemp = hkDom;
- DebugEvent("Located TheseCells in hkDom");
- } else if (hkDoms)
+ DebugEvent("Located TheseCells in hkDom size %d", dwSize);
+ } else if (hkDoms) {
rv = RegQueryValueEx(hkDoms, REG_CLIENT_THESE_CELLS_PARM, 0, &dwType, NULL, &dwSize);
- if (rv == ERROR_SUCCESS && !hkTemp && dwType == REG_MULTI_SZ) {
- hkTemp = hkDoms;
- DebugEvent("Located TheseCells in hkDoms");
- } else if (hkNp)
- rv = RegQueryValueEx(hkNp, REG_CLIENT_THESE_CELLS_PARM, 0, &dwType, NULL, &dwSize);
- if (rv == ERROR_SUCCESS && !hkTemp && dwType == REG_MULTI_SZ) {
- hkTemp = hkNp;
- DebugEvent("Located TheseCells in hkNp");
+ if (rv == ERROR_SUCCESS && !hkTemp && dwType == REG_MULTI_SZ) {
+ hkTemp = hkDoms;
+ DebugEvent("Located TheseCells in hkDoms size %d", dwSize);
+ } else if (hkNp) {
+ rv = RegQueryValueEx(hkNp, REG_CLIENT_THESE_CELLS_PARM, 0, &dwType, NULL, &dwSize);
+ if (rv == ERROR_SUCCESS && !hkTemp && dwType == REG_MULTI_SZ) {
+ hkTemp = hkNp;
+ DebugEvent("Located TheseCells in hkNp size %d", dwSize);
+ }
+ }
}
if (hkTemp) {
- CHAR * thesecells;
+ CHAR * thesecells = NULL;
/* dwSize still has the size of the required buffer in bytes. */
- thesecells = malloc(dwSize);
- rv = RegQueryValueEx(hkTemp, REG_CLIENT_THESE_CELLS_PARM, 0, &dwType, (LPBYTE) thesecells, &dwSize);
+ thesecells = malloc(dwSize*2);
+ if (!thesecells)
+ goto doneTheseCells;
+ dwSize *= 2;
+ SetLastError(0);
+ rv = RegQueryValueEx(hkTemp, REG_CLIENT_THESE_CELLS_PARM, 0, NULL, (LPBYTE) thesecells, &dwSize);
if(rv != ERROR_SUCCESS) {/* what the ..? */
- DebugEvent("Can't look up TheseCells [%d]",rv);
+ DebugEvent("Can't look up TheseCells rv [%d] size [%d] gle [%d]",rv, dwSize, GetLastError());
goto doneTheseCells;
}
DebugEvent("Found TheseCells [%s]", thesecells);
opt->theseCells = thesecells;
+ thesecells = NULL;
doneTheseCells:
- ;
+ if (thesecells) free(thesecells);
+ }
+
+ DebugEvent0("Looking up Realm");
+ /* Realm */
+ /* First find out where the key is */
+ hkTemp = NULL;
+ rv = ~ERROR_SUCCESS;
+ dwSize = 0;
+ if (hkDom)
+ rv = RegQueryValueEx(hkDom, REG_CLIENT_REALM_PARM, 0, &dwType, NULL, &dwSize);
+ if (rv == ERROR_SUCCESS && dwType == REG_SZ) {
+ hkTemp = hkDom;
+ DebugEvent("Located Realm in hkDom size %d", dwSize);
+ } else if (hkDoms) {
+ rv = RegQueryValueEx(hkDoms, REG_CLIENT_REALM_PARM, 0, &dwType, NULL, &dwSize);
+ if (rv == ERROR_SUCCESS && !hkTemp && dwType == REG_SZ) {
+ hkTemp = hkDoms;
+ DebugEvent("Located Realm in hkDoms size %d", dwSize);
+ } else if (hkNp) {
+ rv = RegQueryValueEx(hkNp, REG_CLIENT_REALM_PARM, 0, &dwType, NULL, &dwSize);
+ if (rv == ERROR_SUCCESS && !hkTemp && dwType == REG_SZ) {
+ hkTemp = hkNp;
+ DebugEvent("Located Realm in hkNp size %d", dwSize);
+ }
+ }
+ }
+
+ if (hkTemp) {
+ CHAR * realm = NULL;
+
+ /* dwSize still has the size of the required buffer in bytes. */
+ realm = malloc(dwSize*2);
+ if (!realm)
+ goto doneRealm;
+ dwSize *=2;
+ SetLastError(0);
+ rv = RegQueryValueEx(hkTemp, REG_CLIENT_REALM_PARM, 0, NULL, (LPBYTE) realm, &dwSize);
+ if(rv != ERROR_SUCCESS) {/* what the ..? */
+ DebugEvent("Can't look up Realm rv [%d] size [%d] gle [%d]",rv, dwSize, GetLastError());
+ goto doneRealm;
+ }
+
+ DebugEvent("Found Realm [%s]", realm);
+ opt->realm = realm;
+ realm = NULL;
+
+ doneRealm:
+ if (realm) free(realm);
}
cleanup:
lpszOutputString[min(uInputString.Length/2,nOutStringLen-1)] = '\0';
return TRUE;
}
- else
- lpszOutputString[0] = '\0';
+
+ lpszOutputString[0] = '\0';
return FALSE;
} // UnicodeStringToANSI
int retryInterval;
int sleepInterval;
+ /* Are we interactive? */
+ interactive = (wcsicmp(lpStationName, L"WinSta0") == 0);
+
+#ifdef DISABLE_NON_INTERACTIVE
+ /* Do not do anything if the logon session is not interactive. */
+ if (!interactive)
+ return 0;
+#endif
+
(void) RegOpenKeyEx(HKEY_LOCAL_MACHINE, AFSREG_CLT_SVC_PARAM_SUBKEY,
0, KEY_QUERY_VALUE, &NPKey);
LSPsize=sizeof(TraceOption);
/* MSV1_0_INTERACTIVE_LOGON and KERB_INTERACTIVE_LOGON are equivalent for
* our purposes */
- if ( wcscmp(lpAuthentInfoType,L"MSV1_0:Interactive") &&
- wcscmp(lpAuthentInfoType,L"Kerberos:Interactive") )
+ if ( wcsicmp(lpAuthentInfoType,L"MSV1_0:Interactive") &&
+ wcsicmp(lpAuthentInfoType,L"Kerberos:Interactive") )
{
DebugEvent("Unsupported Authentication Info Type: %S",
lpAuthentInfoType);
IL = (MSV1_0_INTERACTIVE_LOGON *) lpAuthentInfo;
- /* Are we interactive? */
- interactive = (wcscmp(lpStationName, L"WinSta0") == 0);
-
/* Convert from Unicode to ANSI */
/*TODO: Use SecureZeroMemory to erase passwords */
- UnicodeStringToANSI(IL->UserName, uname, MAX_USERNAME_LENGTH);
- UnicodeStringToANSI(IL->Password, password, MAX_PASSWORD_LENGTH);
- UnicodeStringToANSI(IL->LogonDomainName, logonDomain, MAX_DOMAIN_LENGTH);
+ if (!UnicodeStringToANSI(IL->UserName, uname, MAX_USERNAME_LENGTH) ||
+ !UnicodeStringToANSI(IL->Password, password, MAX_PASSWORD_LENGTH) ||
+ !UnicodeStringToANSI(IL->LogonDomainName, logonDomain, MAX_DOMAIN_LENGTH))
+ return 0;
- /* Make sure AD-DOMANS sent from login that is sent to us is striped */
+ /* Make sure AD-DOMAINS sent from login that is sent to us is striped */
ctemp = strchr(uname, '@');
- if (ctemp) *ctemp = 0;
+ if (ctemp) {
+ *ctemp = 0;
+ ctemp++;
+ if ( logonDomain[0] == '\0' )
+ StringCchCopy(logonDomain, MAX_DOMAIN_LENGTH, ctemp);
+ }
/* is the name all lowercase? */
for ( ctemp = uname; *ctemp ; ctemp++) {
/* Check for zero length password if integrated logon*/
if ( ISLOGONINTEGRATED(opt.LogonOption) ) {
if ( password[0] == 0 ) {
- DebugEvent("Password is the empty string");
+ DebugEvent0("Password is the empty string");
code = GT_PW_NULL;
reason = "zero length password is illegal";
code=0;
DebugEvent("About to call cm_GetRootCellName(%s)",cell);
code = cm_GetRootCellName(cell);
if (code < 0) {
- DebugEvent("Unable to obtain Root Cell");
+ DebugEvent0("Unable to obtain Root Cell");
code = KTC_NOCELL;
reason = "unknown cell";
code=0;
cell right away because the client service may not have started yet. This call
also sets the AD_REALM flag in opt.flags if applicable. */
if (ISREMOTE(opt.flags)) {
- DebugEvent("Is Remote");
+ DebugEvent0("Is Remote");
GetAdHomePath(homePath,MAX_PATH,lpLogonId,&opt);
}
}
if (ISLOGONINTEGRATED(opt.LogonOption))
{
if ( KFW_is_available() ) {
- code = KFW_AFS_get_cred(uname, cell, password, 0, opt.smbName, &reason);
- DebugEvent("KFW_AFS_get_cred uname=[%s] smbname=[%s] cell=[%s] code=[%d]",
- uname,opt.smbName,cell,code);
- if (code == 0 && opt.theseCells) {
+ SetEnvironmentVariable(DO_NOT_REGISTER_VARNAME, "");
+ if (opt.realm) {
char * principal, *p;
size_t len, tlen;
- StringCchLength(cell, MAX_DOMAIN_LENGTH, &tlen);
+ StringCchLength(opt.realm, MAX_DOMAIN_LENGTH, &tlen);
len = tlen;
StringCchLength(uname, MAX_USERNAME_LENGTH, &tlen);
len += tlen + 2;
StringCchCopy(principal, len, uname);
p = principal + tlen;
*p++ = '@';
- StringCchCopy(p, len - tlen - 1, cell);
- for ( ;*p; p++) {
- *p = toupper(*p);
- }
+ StringCchCopy(p, len - tlen -1, opt.realm);
+ code = KFW_AFS_get_cred(principal, cell, password, 0, opt.smbName, &reason);
+ DebugEvent("KFW_AFS_get_cred uname=[%s] smbname=[%s] cell=[%s] code=[%d]",
+ principal,opt.smbName,cell,code);
+ free(principal);
+ }
+ } else {
+ code = KFW_AFS_get_cred(uname, cell, password, 0, opt.smbName, &reason);
+ DebugEvent("KFW_AFS_get_cred uname=[%s] smbname=[%s] cell=[%s] code=[%d]",
+ uname,opt.smbName,cell,code);
+ }
+ SetEnvironmentVariable(DO_NOT_REGISTER_VARNAME, NULL);
+ if (code == 0 && opt.theseCells) {
+ char * principal, *p;
+ size_t len, tlen;
+
+ StringCchLength(opt.realm ? opt.realm : cell, MAX_DOMAIN_LENGTH, &tlen);
+ len = tlen;
+ StringCchLength(uname, MAX_USERNAME_LENGTH, &tlen);
+ len += tlen + 2;
+ /* tlen is now the length of uname in characters */
+ principal = (char *)malloc(len * sizeof(char));
+ if ( principal ) {
+ StringCchCopy(principal, len, uname);
+ p = principal + tlen;
+ *p++ = '@';
+ if (opt.realm) {
+ StringCchCopy(p, len - tlen -1, opt.realm);
+ } else {
+ StringCchCopy(p, len - tlen - 1, cell);
+ for ( ;*p; p++) {
+ *p = toupper(*p);
+ }
+ }
p = opt.theseCells;
while ( *p ) {
- code2 = KFW_AFS_get_cred(principal, p, 0, 0, opt.smbName, &reason);
- DebugEvent("KFW_AFS_get_cred uname=[%s] smbname=[%s] cell=[%s] code=[%d]",
- principal,opt.smbName,p,code2);
+ if ( cm_stricmp_utf8(p, cell) ) {
+ SetEnvironmentVariable(DO_NOT_REGISTER_VARNAME, "");
+ code2 = KFW_AFS_get_cred(principal, p, 0, 0, opt.smbName, &reason);
+ SetEnvironmentVariable(DO_NOT_REGISTER_VARNAME, NULL);
+ DebugEvent("KFW_AFS_get_cred uname=[%s] smbname=[%s] cell=[%s] code=[%d]",
+ principal,opt.smbName,p,code2);
+ }
p += strlen(p) + 1;
}
free(principal);
retryInterval -= sleepInterval;
}
}
- DebugEvent("while loop exited");
+ DebugEvent0("while loop exited");
+
/* remove any kerberos 5 tickets currently held by the SYSTEM account
* for this user
*/
+
if (ISLOGONINTEGRATED(opt.LogonOption) && KFW_is_available()) {
+#ifdef KFW_LOGON
sprintf(szLogonId,"%d.%d",lpLogonId->HighPart, lpLogonId->LowPart);
KFW_AFS_copy_cache_to_system_file(uname, szLogonId);
-
+#endif
KFW_AFS_destroy_tickets_for_principal(uname);
}
if (opt.theseCells) free(opt.theseCells);
if (opt.smbName) free(opt.smbName);
+ if (opt.realm) free(opt.realm);
DebugEvent("AFS AfsLogon - Exit","Return Code[%x]",code);
return code;
LPVOID StationHandle,
DWORD dwChangeInfo)
{
+ BOOLEAN interactive;
+
+ /* Are we interactive? */
+ interactive = (wcsicmp(lpStationName, L"WinSta0") == 0);
+
+ /* Do not do anything if the logon session is not interactive. */
+ if (!interactive)
+ return 0;
+
/* Make sure the AFS Libraries are initialized */
AfsLogonInit();
/* We can't use pInfo->Domain for the domain since in the cross realm case
* this is source domain and not the destination domain.
*/
- if (QueryAdHomePathFromSid( profileDir, sizeof(profileDir), tokenUser->User.Sid, pInfo->Domain)) {
+ if (tokenUser && QueryAdHomePathFromSid( profileDir, sizeof(profileDir), tokenUser->User.Sid, pInfo->Domain)) {
WCHAR Domain[64]=L"";
GetLocalShortDomain(Domain, sizeof(Domain));
if (QueryAdHomePathFromSid( profileDir, sizeof(profileDir), tokenUser->User.Sid, Domain)) {
/* We can't use pInfo->Domain for the domain since in the cross realm case
* this is source domain and not the destination domain.
*/
- if (QueryAdHomePathFromSid( profileDir, sizeof(profileDir), tokenUser->User.Sid, pInfo->Domain)) {
+ if (tokenUser && QueryAdHomePathFromSid( profileDir, sizeof(profileDir), tokenUser->User.Sid, pInfo->Domain)) {
WCHAR Domain[64]=L"";
GetLocalShortDomain(Domain, sizeof(Domain));
if (QueryAdHomePathFromSid( profileDir, sizeof(profileDir), tokenUser->User.Sid, Domain)) {
VOID KFW_Logon_Event( PWLX_NOTIFICATION_INFO pInfo )
{
+#ifdef KFW_LOGON
WCHAR szUserW[128] = L"";
char szUserA[128] = "";
char szPath[MAX_PATH] = "";
char szLogonId[128] = "";
DWORD count;
- char filename[MAX_PATH];
- char newfilename[MAX_PATH];
- char commandline[MAX_PATH+256];
+ char filename[MAX_PATH] = "";
+ char newfilename[MAX_PATH] = "";
+ char commandline[MAX_PATH+256] = "";
STARTUPINFO startupinfo;
PROCESS_INFORMATION procinfo;
+ HANDLE hf = INVALID_HANDLE_VALUE;
LUID LogonId = {0, 0};
PSECURITY_LOGON_SESSION_DATA pLogonSessionData = NULL;
strcat(filename, "\\");
strcat(filename, szLogonId);
- KFW_AFS_set_file_cache_dacl(filename, pInfo->hToken);
-
- KFW_AFS_obtain_user_temp_directory(pInfo->hToken, newfilename, sizeof(newfilename));
+ hf = CreateFile(filename, FILE_ALL_ACCESS, 0, NULL, OPEN_EXISTING,
+ FILE_ATTRIBUTE_NORMAL, NULL);
+ if (hf == INVALID_HANDLE_VALUE) {
+ DebugEvent0("KFW_Logon_Event - file cannot be opened");
+ return;
+ }
+ CloseHandle(hf);
+
+ if (KFW_AFS_set_file_cache_dacl(filename, pInfo->hToken)) {
+ DebugEvent0("KFW_Logon_Event - unable to set dacl");
+ DeleteFile(filename);
+ return;
+ }
+
+ if (KFW_AFS_obtain_user_temp_directory(pInfo->hToken, newfilename, sizeof(newfilename))) {
+ DebugEvent0("KFW_Logon_Event - unable to obtain temp directory");
+ return;
+ }
if ( strlen(newfilename) + strlen(szLogonId) + 2 > sizeof(newfilename) ) {
DebugEvent0("KFW_Logon_Event - new filename too long");
DeleteFile(filename);
DebugEvent0("KFW_Logon_Event - End");
+#endif
}