From: Jeffrey Altman <jaltman@secure-endpoints.com>
Date: Thu, 30 Jun 2005 19:02:03 +0000 (+0000)
Subject: windows-logon-20050630
X-Git-Tag: openafs-devel-1_5_0~468
X-Git-Url: https://git.openafs.org/?p=openafs.git;a=commitdiff_plain;h=ed54c889202b51361f3f01df80930e9577baa914

windows-logon-20050630


Add a method to disable the deletion of tokens at logoff

====================
This delta was composed from multiple commits as part of the CVS->Git migration.
The checkin message with each commit was inconsistent.
The following are the additional commit messages.
====================

add a registry entry to prevent token destruction at logoff
---

diff --git a/src/WINNT/afsd/afslogon.c b/src/WINNT/afsd/afslogon.c
index d955e6c..506ea71 100644
--- a/src/WINNT/afsd/afslogon.c
+++ b/src/WINNT/afsd/afslogon.c
@@ -1007,52 +1007,64 @@ VOID AFS_Logoff_Event( PWLX_NOTIFICATION_INFO pInfo )
     DWORD  len = 1024;
     PTOKEN_USER  tokenUser = NULL;
     DWORD  retLen;
+    DWORD LSPtype, LSPsize;
+    HKEY NPKey;
+    DWORD LogoffPreserveTokens = 0;
 
     /* Make sure the AFS Libraries are initialized */
     AfsLogonInit();
 
     DebugEvent0("AFS_Logoff_Event - Start");
 
-    if (!GetTokenInformation(pInfo->hToken, TokenUser, NULL, 0, &retLen))
-    {
-        if ( GetLastError() == ERROR_INSUFFICIENT_BUFFER ) {
-            tokenUser = (PTOKEN_USER) LocalAlloc(LPTR, retLen);
+    (void) RegOpenKeyEx(HKEY_LOCAL_MACHINE, AFSREG_CLT_SVC_PARAM_SUBKEY,
+                         0, KEY_QUERY_VALUE, &NPKey);
+    LSPsize=sizeof(LogoffPreserveTokens);
+    RegQueryValueEx(NPKey, REG_CLIENT_LOGOFF_TOKENS_PARM, NULL,
+                     &LSPtype, (LPBYTE)&LogoffPreserveTokens, &LSPsize);
+    RegCloseKey (NPKey);
 
-            if (!GetTokenInformation(pInfo->hToken, TokenUser, tokenUser, retLen, &retLen))
-            {
-                DebugEvent("AFS_Logoff_Event - GetTokenInformation failed: GLE = %lX", GetLastError());
+    if (LogoffPreserveTokens) {
+        if (!GetTokenInformation(pInfo->hToken, TokenUser, NULL, 0, &retLen))
+        {
+            if ( GetLastError() == ERROR_INSUFFICIENT_BUFFER ) {
+                tokenUser = (PTOKEN_USER) LocalAlloc(LPTR, retLen);
+
+                if (!GetTokenInformation(pInfo->hToken, TokenUser, tokenUser, retLen, &retLen))
+                {
+                    DebugEvent("AFS_Logoff_Event - GetTokenInformation failed: GLE = %lX", GetLastError());
+                }
             }
         }
-    }
 
-    /* We can't use pInfo->Domain for the domain since in the cross realm case 
-     * this is source domain and not the destination domain.
-     */
-    if (QueryAdHomePathFromSid( profileDir, sizeof(profileDir), tokenUser->User.Sid, pInfo->Domain)) {
-        WCHAR Domain[64]=L"";
-        GetLocalShortDomain(Domain, sizeof(Domain));
-        if (QueryAdHomePathFromSid( profileDir, sizeof(profileDir), tokenUser->User.Sid, Domain)) {
-            if (NetUserGetProfilePath(pInfo->Domain, pInfo->UserName, profileDir, len))
-                GetUserProfileDirectory(pInfo->hToken, profileDir, &len);
+        /* We can't use pInfo->Domain for the domain since in the cross realm case 
+         * this is source domain and not the destination domain.
+         */
+        if (QueryAdHomePathFromSid( profileDir, sizeof(profileDir), tokenUser->User.Sid, pInfo->Domain)) {
+            WCHAR Domain[64]=L"";
+            GetLocalShortDomain(Domain, sizeof(Domain));
+            if (QueryAdHomePathFromSid( profileDir, sizeof(profileDir), tokenUser->User.Sid, Domain)) {
+                if (NetUserGetProfilePath(pInfo->Domain, pInfo->UserName, profileDir, len))
+                    GetUserProfileDirectory(pInfo->hToken, profileDir, &len);
+            }
         }
-    }
-    
-    if (strlen(profileDir)) {
-        DebugEvent("AFS_Logoff_Event - Profile Directory: %s", profileDir);
-        if (!IsPathInAfs(profileDir)) {
-            if (code = ktc_ForgetAllTokens())
-                DebugEvent("AFS_Logoff_Event - ForgetAllTokens failed [%lX]",code);
-            else
-                DebugEvent0("AFS_Logoff_Event - ForgetAllTokens succeeded");
+
+        if (strlen(profileDir)) {
+            DebugEvent("AFS_Logoff_Event - Profile Directory: %s", profileDir);
+            if (!IsPathInAfs(profileDir)) {
+                if (code = ktc_ForgetAllTokens())
+                    DebugEvent("AFS_Logoff_Event - ForgetAllTokens failed [%lX]",code);
+                else
+                    DebugEvent0("AFS_Logoff_Event - ForgetAllTokens succeeded");
+            } else {
+                DebugEvent0("AFS_Logoff_Event - Tokens left in place; profile in AFS");
+            }
         } else {
-            DebugEvent0("AFS_Logoff_Event - Tokens left in place; profile in AFS");
+            DebugEvent0("AFS_Logoff_Event - Unable to load profile");
         }
-    } else {
-        DebugEvent0("AFS_Logoff_Event - Unable to load profile");
-    }
 
-    if ( tokenUser )
-        LocalFree(tokenUser);
+        if ( tokenUser )
+            LocalFree(tokenUser);
+    }
 
     DebugEvent0("AFS_Logoff_Event - End");
 }   
diff --git a/src/WINNT/afsd/afslogon.h b/src/WINNT/afsd/afslogon.h
index c37e438..46aa28b 100644
--- a/src/WINNT/afsd/afslogon.h
+++ b/src/WINNT/afsd/afslogon.h
@@ -40,6 +40,7 @@ SOFTWARE.
 #define REG_CLIENT_LOGON_OPTION_PARM	"LogonOptions"
 #define REG_CLIENT_LOGON_SCRIPT_PARMW	L"LogonScript"
 #define REG_CLIENT_THESE_CELLS_PARM     "TheseCells"
+#define REG_CLIENT_LOGOFF_TOKENS_PARM	"LogoffPreserveTokens"
 #define DEFAULT_RETRY_INTERVAL          60                        /* seconds*/
 #define DEFAULT_FAIL_SILENTLY           FALSE
 #define DEFAULT_SLEEP_INTERVAL          5                         /* seconds*/