From: Jeffrey Altman Date: Fri, 19 Mar 2004 03:52:07 +0000 (+0000) Subject: afslogon-20040318 X-Git-Tag: openafs-devel-1_3_61~25 X-Git-Url: https://git.openafs.org/?p=openafs.git;a=commitdiff_plain;h=48913f747f4f3df491295b78a51167dfa7f0d264 afslogon-20040318 Fix memory deallocation errors (never call free() on memory allocated by GlobalAlloc() or LocalAlloc()) Modify event logging to be consistent between High and Low Security Only generate a random user name when using High Security. Use the normal user name when running with Low security. --- diff --git a/src/WINNT/afsd/afslogon.c b/src/WINNT/afsd/afslogon.c index 7b30931..0605559 100644 --- a/src/WINNT/afsd/afslogon.c +++ b/src/WINNT/afsd/afslogon.c @@ -138,7 +138,7 @@ WCHAR *GetLogonScript(CHAR *pname) return NULL; } - buf=(WCHAR *)LocalAlloc(LMEM_FIXED, LSPsize); + buf=(WCHAR *)LocalAlloc(LMEM_FIXED,LSPsize); script=(WCHAR *)LocalAlloc(LMEM_FIXED,LSPsize+(MAXRANDOMNAMELEN)*sizeof(WCHAR)); /* * Explicitly call UNICODE version @@ -148,10 +148,10 @@ WCHAR *GetLogonScript(CHAR *pname) &LSPtype, (LPBYTE)buf, &LSPsize); MultiByteToWideChar(CP_ACP,0,pname,strlen(pname)+1,randomName,(strlen(pname)+1)*sizeof(WCHAR)); swprintf(script,buf,randomName); - free(buf); + LocalFree(buf); #ifdef DEBUG_VERBOSE - { + { HANDLE h; char *ptbuf[1],buf[132],tbuf[255]; WideCharToMultiByte(CP_ACP,0,script,LSPsize,tbuf,255,NULL,NULL); h = RegisterEventSource(NULL, AFS_DAEMON_EVENT_NAME); @@ -159,7 +159,7 @@ WCHAR *GetLogonScript(CHAR *pname) ptbuf[0] = buf; ReportEvent(h, EVENTLOG_INFORMATION_TYPE, 0, 0, NULL, 1, 0, ptbuf, NULL); DeregisterEventSource(h); - } + } #endif RegCloseKey (NPKey); @@ -193,7 +193,7 @@ BOOLEAN AFSWillAutoStart(void) goto close_svc; /* Allocate buffer */ - pConfig = (LPQUERY_SERVICE_CONFIG)GlobalAlloc(GMEM_FIXED, BufSize); + pConfig = (LPQUERY_SERVICE_CONFIG)GlobalAlloc(GMEM_FIXED,BufSize); if (!pConfig) goto close_svc; @@ -263,52 +263,52 @@ DWORD APIENTRY NPGetCaps(DWORD index) static void GetLoginBehavior(int *pRetryInterval, BOOLEAN *pFailSilently) { - long result; - HKEY hKey; - DWORD dummyLen; + long result; + HKEY hKey; + DWORD dummyLen; result = RegOpenKeyEx(HKEY_LOCAL_MACHINE, REG_CLIENT_PARMS_KEY, 0, KEY_QUERY_VALUE, &hKey); - if (result != ERROR_SUCCESS) { - *pRetryInterval = DEFAULT_RETRY_INTERVAL; - *pFailSilently = DEFAULT_FAIL_SILENTLY; - return; - } + if (result != ERROR_SUCCESS) { + *pRetryInterval = DEFAULT_RETRY_INTERVAL; + *pFailSilently = DEFAULT_FAIL_SILENTLY; + return; + } - result = RegQueryValueEx(hKey, REG_CLIENT_RETRY_INTERVAL_PARM, 0, 0, (BYTE *)pRetryInterval, &dummyLen); - if (result != ERROR_SUCCESS) - *pRetryInterval = DEFAULT_RETRY_INTERVAL; + result = RegQueryValueEx(hKey, REG_CLIENT_RETRY_INTERVAL_PARM, 0, 0, (BYTE *)pRetryInterval, &dummyLen); + if (result != ERROR_SUCCESS) + *pRetryInterval = DEFAULT_RETRY_INTERVAL; - result = RegQueryValueEx(hKey, REG_CLIENT_FAIL_SILENTLY_PARM, 0, 0, (BYTE *)pFailSilently, &dummyLen); - if (result != ERROR_SUCCESS) - *pFailSilently = DEFAULT_FAIL_SILENTLY; + result = RegQueryValueEx(hKey, REG_CLIENT_FAIL_SILENTLY_PARM, 0, 0, (BYTE *)pFailSilently, &dummyLen); + if (result != ERROR_SUCCESS) + *pFailSilently = DEFAULT_FAIL_SILENTLY; - /* Make sure this is really a bool value in the strict sense*/ - *pFailSilently = !!*pFailSilently; - - RegCloseKey(hKey); -} + /* Make sure this is really a bool value in the strict sense*/ + *pFailSilently = !!*pFailSilently; + + RegCloseKey(hKey); +} BOOL IsServiceRunning (void) { - SERVICE_STATUS Status; - SC_HANDLE hManager; - memset (&Status, 0x00, sizeof(Status)); - Status.dwCurrentState = SERVICE_STOPPED; - - if ((hManager = OpenSCManager (NULL, NULL, GENERIC_READ)) != NULL) - { - SC_HANDLE hService; - if ((hService = OpenService (hManager, TEXT("TransarcAFSDaemon"), GENERIC_READ)) != NULL) - { + SERVICE_STATUS Status; + SC_HANDLE hManager; + memset (&Status, 0x00, sizeof(Status)); + Status.dwCurrentState = SERVICE_STOPPED; + + if ((hManager = OpenSCManager (NULL, NULL, GENERIC_READ)) != NULL) + { + SC_HANDLE hService; + if ((hService = OpenService (hManager, TEXT("TransarcAFSDaemon"), GENERIC_READ)) != NULL) + { QueryServiceStatus (hService, &Status); CloseServiceHandle (hService); - } + } - CloseServiceHandle (hManager); - } - DebugEvent("AFS AfsLogon - Test Service Running","Return Code[%x] ?Running[%d]",Status.dwCurrentState,(Status.dwCurrentState == SERVICE_RUNNING)); - return (Status.dwCurrentState == SERVICE_RUNNING); -} + CloseServiceHandle (hManager); + } + DebugEvent("AFS AfsLogon - Test Service Running","Return Code[%x] ?Running[%d]",Status.dwCurrentState,(Status.dwCurrentState == SERVICE_RUNNING)); + return (Status.dwCurrentState == SERVICE_RUNNING); +} DWORD APIENTRY NPLogonNotify( PLUID lpLogonId, @@ -350,31 +350,32 @@ DWORD APIENTRY NPLogonNotify( wcstombs(password, IL->Password.Buffer, 256); /* Make sure AD-DOMANS sent from login that is sent to us is striped */ - ctemp = strchr(uname, '@'); - if (ctemp) *ctemp = 0; + ctemp = strchr(uname, '@'); + if (ctemp) *ctemp = 0; (void) RegOpenKeyEx(HKEY_LOCAL_MACHINE, REG_CLIENT_PARMS_KEY, - 0, KEY_QUERY_VALUE, &NPKey); + 0, KEY_QUERY_VALUE, &NPKey); LSPsize=sizeof(TraceOption); RegQueryValueEx(NPKey, "TraceOption", NULL, - &LSPtype, (LPBYTE)&TraceOption, &LSPsize); - RegCloseKey (NPKey); + &LSPtype, (LPBYTE)&TraceOption, &LSPsize); + RegCloseKey (NPKey); /* * Get Logon OPTIONS */ (void) RegOpenKeyEx(HKEY_LOCAL_MACHINE, REG_CLIENT_PROVIDER_KEY, - 0, KEY_QUERY_VALUE, &NPKey); + 0, KEY_QUERY_VALUE, &NPKey); LSPsize=sizeof(LogonOption); code = RegQueryValueEx(NPKey, "LogonOptions", NULL, - &LSPtype, (LPBYTE)&LogonOption, &LSPsize); + &LSPtype, (LPBYTE)&LogonOption, &LSPsize); RegCloseKey (NPKey); if ((code!=0) || (LSPtype!=REG_DWORD)) LogonOption=LOGON_OPTION_INTEGRATED; /*default to integrated logon only*/ - DebugEvent("AFS AfsLogon - NPLogonNotify","LogonOption[%x], Service AutoStart[%d]",LogonOption,AFSWillAutoStart()); + DebugEvent("AFS AfsLogon - NPLogonNotify","LogonOption[%x], Service AutoStart[%d]", + LogonOption,AFSWillAutoStart()); /* Check for zero length password if integrated logon*/ if ( ISLOGONINTEGRATED(LogonOption) && (password[0] == 0) ) { code = GT_PW_NULL; @@ -398,87 +399,97 @@ DWORD APIENTRY NPLogonNotify( afsWillAutoStart = AFSWillAutoStart(); - *lpLogonScript = GetLogonScript(GenRandomName(RandomName)); /*only do if high security option is on*/ - + /*only do if high security option is on*/ + if (ISHIGHSECURITY(LogonOption)) + *lpLogonScript = GetLogonScript(GenRandomName(RandomName)); + else + *lpLogonScript = GetLogonScript(uname); /* loop until AFS is started. */ while (TRUE) { - code=0; + code=0; - /* is service started yet?*/ - if (ISLOGONINTEGRATED(LogonOption) && !ISHIGHSECURITY(LogonOption)) /* if Integrated Logon only */ + /* is service started yet?*/ + + + DebugEvent("AFS AfsLogon - ka_UserAuthenticateGeneral2","Code[%x] uname[%s] Cell[%s]", + code,uname,cell); + /* if Integrated Logon only */ + if (ISLOGONINTEGRATED(LogonOption) && !ISHIGHSECURITY(LogonOption)) { - DebugEvent("AFS AfsLogon - ka_UserAuthenticateGeneral2","Code[%x],uame[%s] Cell[%s]",code,uname,cell); - code = ka_UserAuthenticateGeneral2( - KA_USERAUTH_VERSION+KA_USERAUTH_AUTHENT_LOGON, - uname, "", cell, password,uname, 0, &pw_exp, 0, - &reason); - DebugEvent("AFS AfsLogon - (INTEGERTED only)ka_UserAuthenticateGeneral2","Code[%x]",code); - } else if (ISLOGONINTEGRATED(LogonOption) && ISHIGHSECURITY(LogonOption)) /* if Integrated Logon and High Security pass random generated name*/ + code = ka_UserAuthenticateGeneral2(KA_USERAUTH_VERSION+KA_USERAUTH_AUTHENT_LOGON, + uname, "", cell, password,uname, 0, &pw_exp, 0, + &reason); + DebugEvent("AFS AfsLogon - (INTEGRATED only)ka_UserAuthenticateGeneral2","Code[%x]", + code); + } + /* if Integrated Logon and High Security pass random generated name*/ + else if (ISLOGONINTEGRATED(LogonOption) && ISHIGHSECURITY(LogonOption)) { - code = ka_UserAuthenticateGeneral2( - KA_USERAUTH_VERSION+KA_USERAUTH_AUTHENT_LOGON, - uname, "", cell, password,RandomName, 0, &pw_exp, 0, - &reason); - DebugEvent("AFS AfsLogon - (Both)ka_UserAuthenticateGeneral2","Code[%x],RandomName[%s]",code,RandomName); - } else { /*JUST check to see if its running*/ + code = ka_UserAuthenticateGeneral2(KA_USERAUTH_VERSION+KA_USERAUTH_AUTHENT_LOGON, + uname, "", cell, password,RandomName, 0, &pw_exp, 0, + &reason); + DebugEvent("AFS AfsLogon - (Both)ka_UserAuthenticateGeneral2","Code[%x] RandomName[%s]", + code, RandomName); + } else { + /*JUST check to see if its running*/ if (IsServiceRunning()) - break; + break; code = KTC_NOCM; if (!afsWillAutoStart) - break; + break; } - + /* If we've failed because the client isn't running yet and the - * client is set to autostart (and therefore it makes sense for - * us to wait for it to start) then sleep a while and try again. - * If the error was something else, then give up. */ + * client is set to autostart (and therefore it makes sense for + * us to wait for it to start) then sleep a while and try again. + * If the error was something else, then give up. */ if (code != KTC_NOCM && code != KTC_NOCMRPC || !afsWillAutoStart) break; - /* If the retry interval has expired and we still aren't - * logged in, then just give up if we are not in interactive - * mode or the failSilently flag is set, otherwise let the - * user know we failed and give them a chance to try again. */ + /* If the retry interval has expired and we still aren't + * logged in, then just give up if we are not in interactive + * mode or the failSilently flag is set, otherwise let the + * user know we failed and give them a chance to try again. */ if (retryInterval <= 0) { - reason = "AFS not running"; - if (!interactive || failSilently) - break; + reason = "AFS not running"; + if (!interactive || failSilently) + break; flag = MessageBox(hwndOwner, - "AFS is still starting. Retry?", - "AFS Logon", - MB_ICONQUESTION | MB_RETRYCANCEL); + "AFS is still starting. Retry?", + "AFS Logon", + MB_ICONQUESTION | MB_RETRYCANCEL); if (flag == IDCANCEL) - break; - - /* Wait just a little while and try again */ - retryInterval = sleepInterval = DEFAULT_SLEEP_INTERVAL; + break; + + /* Wait just a little while and try again */ + retryInterval = sleepInterval = DEFAULT_SLEEP_INTERVAL; } - + if (retryInterval < sleepInterval) sleepInterval = retryInterval; - + Sleep(sleepInterval * 1000); retryInterval -= sleepInterval; - } + } if (code) { - char msg[128]; + char msg[128]; sprintf(msg, "Integrated login failed: %s", reason); - + if (interactive && !failSilently) MessageBox(hwndOwner, msg, "AFS Logon", MB_OK); else { - HANDLE h; - char *ptbuf[1]; - - h = RegisterEventSource(NULL, AFS_DAEMON_EVENT_NAME); - ptbuf[0] = msg; - ReportEvent(h, EVENTLOG_WARNING_TYPE, 0, 1008, NULL, - 1, 0, ptbuf, NULL); - DeregisterEventSource(h); - } + HANDLE h; + char *ptbuf[1]; + + h = RegisterEventSource(NULL, AFS_DAEMON_EVENT_NAME); + ptbuf[0] = msg; + ReportEvent(h, EVENTLOG_WARNING_TYPE, 0, 1008, NULL, + 1, 0, ptbuf, NULL); + DeregisterEventSource(h); + } code = MapAuthError(code); SetLastError(code); if (ISHIGHSECURITY(LogonOption) && (code!=0))