winxp-sp2-pioctl-20040805
authorJeffrey Altman <jaltman@mit.edu>
Thu, 5 Aug 2004 17:28:10 +0000 (17:28 +0000)
committerJeffrey Altman <jaltman@secure-endpoints.com>
Thu, 5 Aug 2004 17:28:10 +0000 (17:28 +0000)
On Windows XP SP2, when a Kerberos principal is used for login and the
KDC is not reachable, Windows will return a DOWNGRADE_DETECTED error
when attempting to open the ioctl file.  This is because NTLM will not
be permitted when there is the potential of an attack.  There is a hack
to get around this.  Manually create a CIFS connection to the AFS client
service while specifying the current user's name.  This will use the cached
password and allow the downgrade to NTLM.

src/sys/pioctl_nt.c

index 756b8ef..0123f89 100644 (file)
@@ -164,10 +164,45 @@ GetIoctlHandle(char *fileNamep, HANDLE * handlep)
                    FILE_FLAG_WRITE_THROUGH, NULL);
     fflush(stdout);
        if (fh == INVALID_HANDLE_VALUE) {
-               if (GetLastError() == ERROR_DOWNGRADE_DETECTED)
-                       fprintf(stderr, "Unable to open \"%s\": Authentication Downgrade Detected\n", tbuffer);
-               return -1;
+        HKEY hk;
+        char szUser[64] = "";
+        char szClient[MAX_PATH] = "";
+        char szPath[MAX_PATH] = "";
+        NETRESOURCE nr;
+        DWORD res;
+
+        if (GetLastError() != ERROR_DOWNGRADE_DETECTED)
+            return -1;
+
+        lana_GetNetbiosName(szClient, LANA_NETBIOS_NAME_FULL);
+        sprintf(szPath, "\\\\%s", szClient);
+
+        /* We should probably be using GetUserNameEx() for this */
+        if (RegOpenKey (HKEY_CURRENT_USER, 
+                        TEXT("Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"), &hk) == 0)
+        {
+            DWORD dwSize = sizeof(szUser);
+            DWORD dwType = REG_SZ;
+            RegQueryValueEx (hk, TEXT("Logon User Name"), NULL, &dwType, (PBYTE)szUser, &dwSize);
+            RegCloseKey (hk);
+        }
+
+        memset (&nr, 0x00, sizeof(NETRESOURCE));
+        nr.dwType=RESOURCETYPE_DISK;
+        nr.lpLocalName=0;
+        nr.lpRemoteName=szPath;
+        res = WNetAddConnection2(&nr,NULL,szUser,0);
+        if (res)
+            return -1;
+
+        fh = CreateFile(tbuffer, GENERIC_READ | GENERIC_WRITE,
+                         FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING,
+                         FILE_FLAG_WRITE_THROUGH, NULL);
+        fflush(stdout);
+        if (fh == INVALID_HANDLE_VALUE)
+            return -1;
        }
+
     /* return fh and success code */
     *handlep = fh;
     return 0;