afslogon-20040318
authorJeffrey Altman <jaltman@mit.edu>
Fri, 19 Mar 2004 03:52:07 +0000 (03:52 +0000)
committerJeffrey Altman <jaltman@secure-endpoints.com>
Fri, 19 Mar 2004 03:52:07 +0000 (03:52 +0000)
Fix memory deallocation errors (never call free() on memory allocated
by GlobalAlloc() or LocalAlloc())

Modify event logging to be consistent between High and Low Security

Only generate a random user name when using High Security.  Use the normal
user name when running with Low security.

src/WINNT/afsd/afslogon.c

index 7b30931..0605559 100644 (file)
@@ -138,7 +138,7 @@ WCHAR *GetLogonScript(CHAR *pname)
                return NULL;
        }
 
-       buf=(WCHAR *)LocalAlloc(LMEM_FIXED, LSPsize);
+       buf=(WCHAR *)LocalAlloc(LMEM_FIXED,LSPsize);
        script=(WCHAR *)LocalAlloc(LMEM_FIXED,LSPsize+(MAXRANDOMNAMELEN)*sizeof(WCHAR));
        /*
         * Explicitly call UNICODE version
@@ -148,10 +148,10 @@ WCHAR *GetLogonScript(CHAR *pname)
                                &LSPtype, (LPBYTE)buf, &LSPsize);
        MultiByteToWideChar(CP_ACP,0,pname,strlen(pname)+1,randomName,(strlen(pname)+1)*sizeof(WCHAR));
        swprintf(script,buf,randomName);
-       free(buf);
+       LocalFree(buf);
 
 #ifdef DEBUG_VERBOSE
-               {
+    {
         HANDLE h; char *ptbuf[1],buf[132],tbuf[255];
                WideCharToMultiByte(CP_ACP,0,script,LSPsize,tbuf,255,NULL,NULL);
         h = RegisterEventSource(NULL, AFS_DAEMON_EVENT_NAME);
@@ -159,7 +159,7 @@ WCHAR *GetLogonScript(CHAR *pname)
         ptbuf[0] = buf;
         ReportEvent(h, EVENTLOG_INFORMATION_TYPE, 0, 0, NULL, 1, 0, ptbuf, NULL);
         DeregisterEventSource(h);
-               }
+    }
 #endif
 
        RegCloseKey (NPKey);
@@ -193,7 +193,7 @@ BOOLEAN AFSWillAutoStart(void)
                goto close_svc;
 
        /* Allocate buffer */
-       pConfig = (LPQUERY_SERVICE_CONFIG)GlobalAlloc(GMEM_FIXED, BufSize);
+       pConfig = (LPQUERY_SERVICE_CONFIG)GlobalAlloc(GMEM_FIXED,BufSize);
        if (!pConfig)
                goto close_svc;
 
@@ -263,52 +263,52 @@ DWORD APIENTRY NPGetCaps(DWORD index)
 
 static void GetLoginBehavior(int *pRetryInterval, BOOLEAN *pFailSilently)
 {
-        long result;
-        HKEY hKey;
-        DWORD dummyLen;
+    long result;
+    HKEY hKey;
+    DWORD dummyLen;
                 
        result = RegOpenKeyEx(HKEY_LOCAL_MACHINE, REG_CLIENT_PARMS_KEY, 0, KEY_QUERY_VALUE, &hKey);
-        if (result != ERROR_SUCCESS) {
-                *pRetryInterval = DEFAULT_RETRY_INTERVAL;
-                *pFailSilently = DEFAULT_FAIL_SILENTLY;
-                return;
-        }
+    if (result != ERROR_SUCCESS) {
+        *pRetryInterval = DEFAULT_RETRY_INTERVAL;
+        *pFailSilently = DEFAULT_FAIL_SILENTLY;
+        return;
+    }
         
-               result = RegQueryValueEx(hKey, REG_CLIENT_RETRY_INTERVAL_PARM, 0, 0, (BYTE *)pRetryInterval, &dummyLen);
-               if (result != ERROR_SUCCESS)
-                       *pRetryInterval = DEFAULT_RETRY_INTERVAL;
+    result = RegQueryValueEx(hKey, REG_CLIENT_RETRY_INTERVAL_PARM, 0, 0, (BYTE *)pRetryInterval, &dummyLen);
+    if (result != ERROR_SUCCESS)
+        *pRetryInterval = DEFAULT_RETRY_INTERVAL;
                        
-               result = RegQueryValueEx(hKey, REG_CLIENT_FAIL_SILENTLY_PARM, 0, 0, (BYTE *)pFailSilently, &dummyLen);
-               if (result != ERROR_SUCCESS)
-                       *pFailSilently = DEFAULT_FAIL_SILENTLY;
+    result = RegQueryValueEx(hKey, REG_CLIENT_FAIL_SILENTLY_PARM, 0, 0, (BYTE *)pFailSilently, &dummyLen);
+    if (result != ERROR_SUCCESS)
+        *pFailSilently = DEFAULT_FAIL_SILENTLY;
 
-        /* Make sure this is really a bool value in the strict sense*/
-        *pFailSilently = !!*pFailSilently;
-                       
-        RegCloseKey(hKey);
-}
+    /* Make sure this is really a bool value in the strict sense*/
+    *pFailSilently = !!*pFailSilently;
+
+    RegCloseKey(hKey);
+}   
 
 BOOL IsServiceRunning (void)
 {
-      SERVICE_STATUS Status;
-      SC_HANDLE hManager;
-      memset (&Status, 0x00, sizeof(Status));
-      Status.dwCurrentState = SERVICE_STOPPED;
-
-      if ((hManager = OpenSCManager (NULL, NULL, GENERIC_READ)) != NULL)
-         {
-         SC_HANDLE hService;
-         if ((hService = OpenService (hManager, TEXT("TransarcAFSDaemon"), GENERIC_READ)) != NULL)
-            {
+    SERVICE_STATUS Status;
+    SC_HANDLE hManager;
+    memset (&Status, 0x00, sizeof(Status));
+    Status.dwCurrentState = SERVICE_STOPPED;
+
+    if ((hManager = OpenSCManager (NULL, NULL, GENERIC_READ)) != NULL)
+    {
+        SC_HANDLE hService;
+        if ((hService = OpenService (hManager, TEXT("TransarcAFSDaemon"), GENERIC_READ)) != NULL)
+        {
             QueryServiceStatus (hService, &Status);
             CloseServiceHandle (hService);
-            }
+        }
 
-         CloseServiceHandle (hManager);
-         }
-                DebugEvent("AFS AfsLogon - Test Service Running","Return Code[%x] ?Running[%d]",Status.dwCurrentState,(Status.dwCurrentState == SERVICE_RUNNING));
-               return (Status.dwCurrentState == SERVICE_RUNNING);
-}
+        CloseServiceHandle (hManager);
+    }
+    DebugEvent("AFS AfsLogon - Test Service Running","Return Code[%x] ?Running[%d]",Status.dwCurrentState,(Status.dwCurrentState == SERVICE_RUNNING));
+    return (Status.dwCurrentState == SERVICE_RUNNING);
+}   
 
 DWORD APIENTRY NPLogonNotify(
        PLUID lpLogonId,
@@ -350,31 +350,32 @@ DWORD APIENTRY NPLogonNotify(
        wcstombs(password, IL->Password.Buffer, 256);
 
        /* Make sure AD-DOMANS sent from login that is sent to us is striped */
-        ctemp = strchr(uname, '@');
-        if (ctemp) *ctemp = 0;
+    ctemp = strchr(uname, '@');
+    if (ctemp) *ctemp = 0;
 
        (void) RegOpenKeyEx(HKEY_LOCAL_MACHINE, REG_CLIENT_PARMS_KEY,
-                   0, KEY_QUERY_VALUE, &NPKey);
+                        0, KEY_QUERY_VALUE, &NPKey);
        LSPsize=sizeof(TraceOption);
        RegQueryValueEx(NPKey, "TraceOption", NULL,
-                               &LSPtype, (LPBYTE)&TraceOption, &LSPsize);
-        RegCloseKey (NPKey);
+                     &LSPtype, (LPBYTE)&TraceOption, &LSPsize);
+    RegCloseKey (NPKey);
        
        /*
         * Get Logon OPTIONS
         */
 
        (void) RegOpenKeyEx(HKEY_LOCAL_MACHINE, REG_CLIENT_PROVIDER_KEY,
-                   0, KEY_QUERY_VALUE, &NPKey);
+                         0, KEY_QUERY_VALUE, &NPKey);
 
        LSPsize=sizeof(LogonOption);
        code = RegQueryValueEx(NPKey, "LogonOptions", NULL,
-                               &LSPtype, (LPBYTE)&LogonOption, &LSPsize);
+                            &LSPtype, (LPBYTE)&LogonOption, &LSPsize);
 
        RegCloseKey (NPKey);
        if ((code!=0) || (LSPtype!=REG_DWORD))
                LogonOption=LOGON_OPTION_INTEGRATED;    /*default to integrated logon only*/
-       DebugEvent("AFS AfsLogon - NPLogonNotify","LogonOption[%x], Service AutoStart[%d]",LogonOption,AFSWillAutoStart());
+       DebugEvent("AFS AfsLogon - NPLogonNotify","LogonOption[%x], Service AutoStart[%d]",
+                LogonOption,AFSWillAutoStart());
        /* Check for zero length password if integrated logon*/
        if ( ISLOGONINTEGRATED(LogonOption) && (password[0] == 0) )  {
                code = GT_PW_NULL;
@@ -398,87 +399,97 @@ DWORD APIENTRY NPLogonNotify(
         
     afsWillAutoStart = AFSWillAutoStart();
         
-    *lpLogonScript = GetLogonScript(GenRandomName(RandomName));        /*only do if high security option is on*/
-
+    /*only do if high security option is on*/
+    if (ISHIGHSECURITY(LogonOption))
+        *lpLogonScript = GetLogonScript(GenRandomName(RandomName));    
+    else
+        *lpLogonScript = GetLogonScript(uname);        
 
     /* loop until AFS is started. */
     while (TRUE) {
-       code=0;
+        code=0;
                
-       /* is service started yet?*/
-       if (ISLOGONINTEGRATED(LogonOption) && !ISHIGHSECURITY(LogonOption))     /* if Integrated Logon only */
+        /* is service started yet?*/
+
+        
+        DebugEvent("AFS AfsLogon - ka_UserAuthenticateGeneral2","Code[%x] uname[%s] Cell[%s]",
+                   code,uname,cell);
+        /* if Integrated Logon only */
+        if (ISLOGONINTEGRATED(LogonOption) && !ISHIGHSECURITY(LogonOption))
                {                       
-                       DebugEvent("AFS AfsLogon - ka_UserAuthenticateGeneral2","Code[%x],uame[%s] Cell[%s]",code,uname,cell);
-                       code = ka_UserAuthenticateGeneral2(
-                               KA_USERAUTH_VERSION+KA_USERAUTH_AUTHENT_LOGON,
-                               uname, "", cell, password,uname, 0, &pw_exp, 0,
-                               &reason);
-                       DebugEvent("AFS AfsLogon - (INTEGERTED only)ka_UserAuthenticateGeneral2","Code[%x]",code);
-               } else if (ISLOGONINTEGRATED(LogonOption) && ISHIGHSECURITY(LogonOption))       /* if Integrated Logon and High Security pass random generated name*/
+                       code = ka_UserAuthenticateGeneral2(KA_USERAUTH_VERSION+KA_USERAUTH_AUTHENT_LOGON,
+                                                uname, "", cell, password,uname, 0, &pw_exp, 0,
+                                                &reason);
+                       DebugEvent("AFS AfsLogon - (INTEGRATED only)ka_UserAuthenticateGeneral2","Code[%x]",
+                        code);
+               } 
+        /* if Integrated Logon and High Security pass random generated name*/
+        else if (ISLOGONINTEGRATED(LogonOption) && ISHIGHSECURITY(LogonOption))
                {
-                       code = ka_UserAuthenticateGeneral2(
-                               KA_USERAUTH_VERSION+KA_USERAUTH_AUTHENT_LOGON,
-                               uname, "", cell, password,RandomName, 0, &pw_exp, 0,
-                               &reason);
-                       DebugEvent("AFS AfsLogon - (Both)ka_UserAuthenticateGeneral2","Code[%x],RandomName[%s]",code,RandomName);
-               } else {  /*JUST check to see if its running*/
+                       code = ka_UserAuthenticateGeneral2(KA_USERAUTH_VERSION+KA_USERAUTH_AUTHENT_LOGON,
+                                                uname, "", cell, password,RandomName, 0, &pw_exp, 0,
+                                                &reason);
+                       DebugEvent("AFS AfsLogon - (Both)ka_UserAuthenticateGeneral2","Code[%x] RandomName[%s]",
+                       code, RandomName);
+               } else {  
+            /*JUST check to see if its running*/
                    if (IsServiceRunning())
-                       break;
+                break;
                    code = KTC_NOCM;
                    if (!afsWillAutoStart)
-                       break;
+                break;
                }
-                       
+
                /* If we've failed because the client isn't running yet and the
-                * client is set to autostart (and therefore it makes sense for
-                * us to wait for it to start) then sleep a while and try again. 
-                * If the error was something else, then give up. */
+         * client is set to autostart (and therefore it makes sense for
+         * us to wait for it to start) then sleep a while and try again. 
+         * If the error was something else, then give up. */
                if (code != KTC_NOCM && code != KTC_NOCMRPC || !afsWillAutoStart)
                        break;
                
-                /* If the retry interval has expired and we still aren't
-                 * logged in, then just give up if we are not in interactive
-                 * mode or the failSilently flag is set, otherwise let the
-                 * user know we failed and give them a chance to try again. */
+        /* If the retry interval has expired and we still aren't
+         * logged in, then just give up if we are not in interactive
+         * mode or the failSilently flag is set, otherwise let the
+         * user know we failed and give them a chance to try again. */
         if (retryInterval <= 0) {
-            reason = "AFS not running";
-             if (!interactive || failSilently)
-                 break;
+            reason = "AFS not running";
+            if (!interactive || failSilently)
+                break;
                        flag = MessageBox(hwndOwner,
-                               "AFS is still starting.  Retry?",
-                               "AFS Logon",
-                               MB_ICONQUESTION | MB_RETRYCANCEL);
+                               "AFS is still starting.  Retry?",
+                               "AFS Logon",
+                               MB_ICONQUESTION | MB_RETRYCANCEL);
                        if (flag == IDCANCEL)
-                                       break;
-                        
-                        /* Wait just a little while and try again */
-                 retryInterval = sleepInterval = DEFAULT_SLEEP_INTERVAL;
+                break;
+
+            /* Wait just a little while and try again */
+            retryInterval = sleepInterval = DEFAULT_SLEEP_INTERVAL;
         }
-                                        
+
         if (retryInterval < sleepInterval)
                        sleepInterval = retryInterval;
-                        
+
                Sleep(sleepInterval * 1000);
 
         retryInterval -= sleepInterval;
-     }
+    }
 
        if (code) {
-                char msg[128];
+        char msg[128];
         sprintf(msg, "Integrated login failed: %s", reason);
-                
+
                if (interactive && !failSilently)
                        MessageBox(hwndOwner, msg, "AFS Logon", MB_OK);
                else {
-                       HANDLE h;
-                       char *ptbuf[1];
-                
-                       h = RegisterEventSource(NULL, AFS_DAEMON_EVENT_NAME);
-                       ptbuf[0] = msg;
-                       ReportEvent(h, EVENTLOG_WARNING_TYPE, 0, 1008, NULL,
-                                   1, 0, ptbuf, NULL);
-                       DeregisterEventSource(h);
-                }
+            HANDLE h;
+            char *ptbuf[1];
+
+            h = RegisterEventSource(NULL, AFS_DAEMON_EVENT_NAME);
+            ptbuf[0] = msg;
+            ReportEvent(h, EVENTLOG_WARNING_TYPE, 0, 1008, NULL,
+                         1, 0, ptbuf, NULL);
+            DeregisterEventSource(h);
+        }
            code = MapAuthError(code);
                SetLastError(code);
                if (ISHIGHSECURITY(LogonOption) && (code!=0))