integrated-logon-20040323
authorJeffrey Altman <jaltman@mit.edu>
Wed, 24 Mar 2004 08:25:39 +0000 (08:25 +0000)
committerJeffrey Altman <jaltman@secure-endpoints.com>
Wed, 24 Mar 2004 08:25:39 +0000 (08:25 +0000)
Cleanup the integrated logon code.  Remove memory overwrites.  Refactor
the rest of the code.  Make it readable.

src/WINNT/afsd/afslogon.c
src/WINNT/afsd/cm_ioctl.c
src/WINNT/afsd/cm_vnodeops.c

index 0605559..db4d54a 100644 (file)
@@ -90,6 +90,7 @@ void DebugEvent(char *a,char *b,...)
        h = RegisterEventSource(NULL, AFS_DAEMON_EVENT_NAME);
        va_start(marker,b);
        _vsnprintf(buf,MAXBUF_,b,marker);
+    buf[MAXBUF_] = '\0';
        ptbuf[0] = buf;
        ReportEvent(h, EVENTLOG_INFORMATION_TYPE, 0, 0, NULL, 1, 0, (const char **)ptbuf, NULL);\
        DeregisterEventSource(h);
@@ -320,10 +321,10 @@ DWORD APIENTRY NPLogonNotify(
        LPVOID StationHandle,
        LPWSTR *lpLogonScript)
 {
-       char uname[256];
+       char uname[256]="";
        char *ctemp;
-       char password[256];
-       char cell[256];
+       char password[256]="";
+       char cell[256]="<non-integrated logon>";
        MSV1_0_INTERACTIVE_LOGON *IL;
        DWORD code;
        int pw_exp;
@@ -338,6 +339,8 @@ DWORD APIENTRY NPLogonNotify(
     int sleepInterval = DEFAULT_SLEEP_INTERVAL;        /* seconds        */
     BOOLEAN afsWillAutoStart;
        CHAR RandomName[MAXRANDOMNAMELEN];
+
+    /* Initialize Logon Script to none */
        *lpLogonScript=NULL;
         
        IL = (MSV1_0_INTERACTIVE_LOGON *) lpAuthentInfo;
@@ -376,44 +379,42 @@ DWORD APIENTRY NPLogonNotify(
                LogonOption=LOGON_OPTION_INTEGRATED;    /*default to integrated logon only*/
        DebugEvent("AFS AfsLogon - NPLogonNotify","LogonOption[%x], Service AutoStart[%d]",
                 LogonOption,AFSWillAutoStart());
-       /* Check for zero length password if integrated logon*/
-       if ( ISLOGONINTEGRATED(LogonOption) && (password[0] == 0) )  {
-               code = GT_PW_NULL;
-               reason = "zero length password is illegal";
-               code=0;
-       }
 
-       /* Get cell name if doing integrated logon */
-       if (ISLOGONINTEGRATED(LogonOption))
-       {
+    
+    /* Get local machine specified login behavior (or defaults) */
+    GetLoginBehavior(&retryInterval, &failSilently);
+        
+    afsWillAutoStart = AFSWillAutoStart();
+        
+    /* Check for zero length password if integrated logon*/
+       if ( ISLOGONINTEGRATED(LogonOption) )  {
+        if ( password[0] == 0 ) {
+            code = GT_PW_NULL;
+            reason = "zero length password is illegal";
+            code=0;
+        }
+
+        /* Get cell name if doing integrated logon */
                code = cm_GetRootCellName(cell);
                if (code < 0) { 
                        code = KTC_NOCELL;
                        reason = "unknown cell";
                        code=0;
                }
-       }
 
-    /* Get user specified login behavior (or defaults) */
-    GetLoginBehavior(&retryInterval, &failSilently);
-        
-    afsWillAutoStart = AFSWillAutoStart();
-        
-    /*only do if high security option is on*/
-    if (ISHIGHSECURITY(LogonOption))
-        *lpLogonScript = GetLogonScript(GenRandomName(RandomName));    
-    else
-        *lpLogonScript = GetLogonScript(uname);        
+        /*only do if high security option is on*/
+        if (ISHIGHSECURITY(LogonOption))
+            *lpLogonScript = GetLogonScript(GenRandomName(RandomName));        
+    }
 
     /* loop until AFS is started. */
     while (TRUE) {
         code=0;
                
         /* is service started yet?*/
-
-        
         DebugEvent("AFS AfsLogon - ka_UserAuthenticateGeneral2","Code[%x] uname[%s] Cell[%s]",
                    code,uname,cell);
+
         /* if Integrated Logon only */
         if (ISLOGONINTEGRATED(LogonOption) && !ISHIGHSECURITY(LogonOption))
                {                       
@@ -492,16 +493,18 @@ DWORD APIENTRY NPLogonNotify(
         }
            code = MapAuthError(code);
                SetLastError(code);
-               if (ISHIGHSECURITY(LogonOption) && (code!=0))
+
+               if (ISLOGONINTEGRATED(LogonOption) && (code!=0))
                {
                        if (*lpLogonScript)
                                LocalFree(*lpLogonScript);
                        *lpLogonScript = NULL;
-                       if (!(afsWillAutoStart || ISLOGONINTEGRATED(LogonOption)))      // its not running, so if not autostart or integrated logon then just skip
-                               return 0;
+                       if (!afsWillAutoStart)  // its not running, so if not autostart or integrated logon then just skip
+                               code = 0;
 
                }
        }
+
        DebugEvent("AFS AfsLogon - Exit","Return Code[%x]",code);
        return code;
 }
index 0f00d67..9138bb1 100644 (file)
@@ -1155,53 +1155,53 @@ long cm_IoctlStoreBehind(struct smb_ioctl *ioctlp, struct cm_user *userp)
 long cm_IoctlCreateMountPoint(struct smb_ioctl *ioctlp, struct cm_user *userp)
 {
        char leaf[256];
-        long code;
-        cm_scache_t *dscp;
-        cm_attr_t tattr;
-        char *cp;
+    long code;
+    cm_scache_t *dscp;
+    cm_attr_t tattr;
+    char *cp;
        cm_req_t req;
-        char mpInfo[256];
-        char fullCell[256];
+    char mpInfo[256];
+    char fullCell[256];
        char volume[256];
        char cell[256];
        int ttl;
 
        cm_InitReq(&req);
         
-        code = cm_ParseIoctlParent(ioctlp, userp, &req, &dscp, leaf);
-        if (code) return code;
+    code = cm_ParseIoctlParent(ioctlp, userp, &req, &dscp, leaf);
+    if (code) return code;
 
-        /* Translate chars for the mount point name */
-        TranslateExtendedChars(leaf);
+    /* Translate chars for the mount point name */
+    TranslateExtendedChars(leaf);
 
-        /* 
-         * The fs command allows the user to specify partial cell names on NT.  These must
-         * be expanded to the full cell name for mount points so that the mount points will
-         * work on UNIX clients.
-         */
+    /* 
+     * The fs command allows the user to specify partial cell names on NT.  These must
+     * be expanded to the full cell name for mount points so that the mount points will
+     * work on UNIX clients.
+     */
 
        /* Extract the possibly partial cell name */
        strcpy(cell, ioctlp->inDatap + 1);      /* Skip the mp type character */
         
-        if (cp = strchr(cell, ':')) {
+    if (cp = strchr(cell, ':')) {
                /* Extract the volume name */
-               *cp = 0;
+        *cp = 0;
                strcpy(volume,  cp + 1);
        
-               /* Get the full name for this cell */
-               code = cm_SearchCellFile(cell, fullCell, 0, 0);
+        /* Get the full name for this cell */
+        code = cm_SearchCellFile(cell, fullCell, 0, 0);
 #ifdef AFS_AFSDB_ENV
                if (code && cm_dnsEnabled)
-                  code = cm_SearchCellByDNS(cell, fullCell, &ttl, 0, 0);
+            code = cm_SearchCellByDNS(cell, fullCell, &ttl, 0, 0);
 #endif
-                 if (code)
+        if (code)
                        return CM_ERROR_NOSUCHCELL;
        
-               sprintf(mpInfo, "%c%s:%s", *ioctlp->inDatap, fullCell, volume);
+        sprintf(mpInfo, "%c%s:%s", *ioctlp->inDatap, fullCell, volume);
        } else {
-               /* No cell name specified */
-               strcpy(mpInfo, ioctlp->inDatap);
-        }
+        /* No cell name specified */
+        strcpy(mpInfo, ioctlp->inDatap);
+    }
 
 #ifdef AFS_FREELANCE_CLIENT
        if (cm_freelanceEnabled && dscp == cm_rootSCachep) {
@@ -1212,21 +1212,20 @@ long cm_IoctlCreateMountPoint(struct smb_ioctl *ioctlp, struct cm_user *userp)
        }
 #endif
        /* create the symlink with mode 644.  The lack of X bits tells
-         * us that it is a mount point.
-         */
+     * us that it is a mount point.
+     */
        tattr.mask = CM_ATTRMASK_UNIXMODEBITS | CM_ATTRMASK_CLIENTMODTIME;
-        tattr.unixModeBits = 0644;
+    tattr.unixModeBits = 0644;
        tattr.clientModTime = time(NULL);
 
-        code = cm_SymLink(dscp, leaf, mpInfo, 0, &tattr, userp, &req);
+    code = cm_SymLink(dscp, leaf, mpInfo, 0, &tattr, userp, &req);
        if (code == 0 && (dscp->flags & CM_SCACHEFLAG_ANYWATCH))
                smb_NotifyChange(FILE_ACTION_ADDED,
-                                FILE_NOTIFY_CHANGE_DIR_NAME,
-                                dscp, leaf, NULL, TRUE);
-
-        cm_ReleaseSCache(dscp);
+                         FILE_NOTIFY_CHANGE_DIR_NAME,
+                         dscp, leaf, NULL, TRUE);
 
-        return code;
+    cm_ReleaseSCache(dscp);
+    return code;
 }
 
 long cm_IoctlSymlink(struct smb_ioctl *ioctlp, struct cm_user *userp)
index 4bf8e8e..3eae73d 100644 (file)
@@ -959,16 +959,16 @@ long cm_Lookup(cm_scache_t *dscp, char *namep, long flags, cm_user_t *userp,
 {
        long code;
        int dnlcHit = 1;        /* did we hit in the dnlc? yes, we did */
-        cm_scache_t *tscp = NULL;
-        cm_scache_t *mountedScp;
-        cm_lookupSearch_t rock;
-        char tname[256];
+    cm_scache_t *tscp = NULL;
+    cm_scache_t *mountedScp;
+    cm_lookupSearch_t rock;
+    char tname[256];
        int getroot;
 
        if (dscp->fid.vnode == 1 && dscp->fid.unique == 1
-           && strcmp(namep, "..") == 0) {
+         && strcmp(namep, "..") == 0) {
                if (dscp->dotdotFidp == (cm_fid_t *)NULL
-                   || dscp->dotdotFidp->volume == 0)
+             || dscp->dotdotFidp->volume == 0)
                        return CM_ERROR_NOSUCHVOLUME;
                rock.fid = *dscp->dotdotFidp;
                goto haveFid;
@@ -976,98 +976,100 @@ long cm_Lookup(cm_scache_t *dscp, char *namep, long flags, cm_user_t *userp,
 
        if (cm_ExpandSysName(namep, tname, sizeof(tname))) {
                namep = tname;
-        }
+    }
        memset(&rock, 0, sizeof(rock));
-        rock.fid.cell = dscp->fid.cell;
-        rock.fid.volume = dscp->fid.volume;
-        rock.searchNamep = namep;
-        rock.caseFold = (flags & CM_FLAG_CASEFOLD);
+    rock.fid.cell = dscp->fid.cell;
+    rock.fid.volume = dscp->fid.volume;
+    rock.searchNamep = namep;
+    rock.caseFold = (flags & CM_FLAG_CASEFOLD);
        rock.hasTilde = ((strchr(namep, '~') != NULL) ? 1 : 0);
 
        /* If NOMOUNTCHASE, bypass DNLC by passing NULL scp pointer */
        code = cm_ApplyDir(dscp, cm_LookupSearchProc, &rock, NULL, userp, reqp,
-                          (flags & CM_FLAG_NOMOUNTCHASE) ? NULL : &tscp);
+                       (flags & CM_FLAG_NOMOUNTCHASE) ? NULL : &tscp);
 
        /* code == 0 means we fell off the end of the dir, while stopnow means
-         * that we stopped early, probably because we found the entry we're
+     * that we stopped early, probably because we found the entry we're
         * looking for.  Any other non-zero code is an error.
-         */
-        if (code && code != CM_ERROR_STOPNOW) return code;
+     */
+    if (code && code != CM_ERROR_STOPNOW) 
+        return code;
 
        getroot = (dscp==cm_rootSCachep) ;
-        if (!rock.found) {
-         if (!cm_freelanceEnabled || !getroot) {
-               if (flags & CM_FLAG_CHECKPATH)
-                       return CM_ERROR_NOSUCHPATH;
-               else
-                       return CM_ERROR_NOSUCHFILE;
-         }
-         else {  /* nonexistent dir on freelance root, so add it */
-           code = cm_FreelanceAddMount(namep, namep, "root.cell.",
+    if (!rock.found) {
+        if (!cm_freelanceEnabled || !getroot) {
+            if (flags & CM_FLAG_CHECKPATH)
+                return CM_ERROR_NOSUCHPATH;
+            else
+                return CM_ERROR_NOSUCHFILE;
+        }
+        else {  /* nonexistent dir on freelance root, so add it */
+            code = cm_FreelanceAddMount(namep, namep, "root.cell.",
                                        &rock.fid);
-           if (code < 0) {   /* add mount point failed, so give up */
-             if (flags & CM_FLAG_CHECKPATH)
-               return CM_ERROR_NOSUCHPATH;
-             else
-               return CM_ERROR_NOSUCHFILE;
-           }
-           tscp = NULL;   /* to force call of cm_GetSCache */
-         }
+            if (code < 0) {   /* add mount point failed, so give up */
+                if (flags & CM_FLAG_CHECKPATH)
+                    return CM_ERROR_NOSUCHPATH;
+                else
+                    return CM_ERROR_NOSUCHFILE;
+            }
+            tscp = NULL;   /* to force call of cm_GetSCache */
+        }
        }
-        
+
 haveFid:       
        if ( !tscp )    /* we did not find it in the dnlc */
        {
                dnlcHit = 0;    
-               code = cm_GetSCache(&rock.fid, &tscp, userp, reqp);
-               if (code) return code;
+        code = cm_GetSCache(&rock.fid, &tscp, userp, reqp);
+        if (code) 
+            return code;
        }
-        /* tscp is now held */
-        
+    /* tscp is now held */
+
        lock_ObtainMutex(&tscp->mx);
        code = cm_SyncOp(tscp, NULL, userp, reqp, 0,
-               CM_SCACHESYNC_GETSTATUS | CM_SCACHESYNC_NEEDCALLBACK);
-        if (code) {
+                      CM_SCACHESYNC_GETSTATUS | CM_SCACHESYNC_NEEDCALLBACK);
+    if (code) { 
                lock_ReleaseMutex(&tscp->mx);
                cm_ReleaseSCache(tscp);
-               return code;
+        return code;
        }
-        /* tscp is now locked */
+    /* tscp is now locked */
 
-        if (!(flags & CM_FLAG_NOMOUNTCHASE)
+    if (!(flags & CM_FLAG_NOMOUNTCHASE)
              && tscp->fileType == CM_SCACHETYPE_MOUNTPOINT) {
                /* mount points are funny: they have a volume name to mount
-                 * the root of.
-                 */
+         * the root of.
+         */
                code = cm_ReadMountPoint(tscp, userp, reqp);
-                if (code == 0)
+        if (code == 0)
                        code = cm_FollowMountPoint(tscp, dscp, userp, reqp,
-                                                  &mountedScp);
+                                        &mountedScp);
                lock_ReleaseMutex(&tscp->mx);
                cm_ReleaseSCache(tscp);
                if (code) {
-                        return code;
-                }
-                tscp = mountedScp;
+            return code;
         }
+        tscp = mountedScp;
+    }
        else {
                lock_ReleaseMutex(&tscp->mx);
        }
 
        /* copy back pointer */
-        *outpScpp = tscp;
+    *outpScpp = tscp;
 
        /* insert scache in dnlc */
        if ( !dnlcHit && !(flags & CM_FLAG_NOMOUNTCHASE) ) {
            /* lock the directory entry to prevent racing callback revokes */
            lock_ObtainMutex(&dscp->mx);
            if ( dscp->cbServerp && dscp->cbExpires )
-               cm_dnlcEnter(dscp, namep, tscp);
+            cm_dnlcEnter(dscp, namep, tscp);
            lock_ReleaseMutex(&dscp->mx);
        }
 
        /* and return */
-        return 0;
+    return 0;
 }
 
 long cm_Unlink(cm_scache_t *dscp, char *namep, cm_user_t *userp, cm_req_t *reqp)