pull up r19476 from trunk

 r19476@cathode-dark-space:  jaltman | 2007-04-17 00:00:28 -0400
 ticket: new
 subject: KFW Network Provider Improvements
 component: windows
 tags: pullup
 
 Change event log name from "KFW Logon" to "MIT Kerberos".  This
 is being done to avoid confusion with the "KFW Logon" functionality
 that was provided by older versions of OpenAFS. (kfwlogon.h)
 
 Remove logging of the inability to access the "Debug" registry value.
 On Vista, kfwlogon.dll is no longer loaded by winlogin.exe.  Instead
 it is loaded by mpnotify.exe which is spawned once for each logon 
 request.  (kfwcommon.c)
 
 Add a test to ensure that RegisterEventSource succeeded before calling
 ReportEvent.  (kfwcommon.c)
 
 Absolutely make sure that krb5_init_context() succeeded before calling
 any other krb5 functions.  (kfwcommon.c)
 
 Add a comment explaining why NPGetCaps() says we are a file system even
 though we are not.  "It won't work otherwise."  (kfwlogon.c)
 
 Change all comparisions for Windows Station and AuthentInfoType names
 to case insensitive comparisons.  Vista does not use the same case as XP.
 (kfwlogon.c)
 
 Change the requested access to the temporary cache file from "All" to 
 "Read | Delete" when importing its contents into the API cache.  
 Otherwise, the access test will fail on Vista.  (kfwlogon.c)
 
 
 

ticket: 5532

git-svn-id: svn://anonsvn.mit.edu/krb5/branches/krb5-1-6@19485 dc483132-0cff-0310-8789-dd5450dbe970

3 files changed, 51 insertions, 57 deletions

diff --git a/src/windows/kfwlogon/kfwcommon.c b/src/windows/kfwlogon/kfwcommon.c
index 1a2de08..23295b9 100644
--- a/src/windows/kfwlogon/kfwcommon.c
+++ b/src/windows/kfwlogon/kfwcommon.c
@@ -304,30 +304,9 @@ BOOL IsDebugLogging(void)
 	LSPsize=sizeof(dwDebug);

 	if (RegQueryValueEx(NPKey, "Debug", NULL, NULL, (LPBYTE)&dwDebug, &LSPsize) != ERROR_SUCCESS) 

 	{

-	    static int once = 0;

-

 	    dwDebug = FALSE;

-

-	    if (!once) {

-	        HANDLE h; char *ptbuf[1];

-		h = RegisterEventSource(NULL, KFW_LOGON_EVENT_NAME);

-		ptbuf[0] = "Unable to read debug value";

-		ReportEvent(h, EVENTLOG_INFORMATION_TYPE, 0, 0, NULL, 1, 0, (const char **)ptbuf, NULL);

-		DeregisterEventSource(h);

-		once++;

-	    }

 	}

 	RegCloseKey (NPKey);

-    } else {

-	static int once = 0;

-	if (!once) {

-	    HANDLE h; char *ptbuf[1];

- 	    h = RegisterEventSource(NULL, KFW_LOGON_EVENT_NAME);

-	    ptbuf[0] = "Unable to open network provider key";

-	    ReportEvent(h, EVENTLOG_INFORMATION_TYPE, 0, 0, NULL, 1, 0, (const char **)ptbuf, NULL);

-	    DeregisterEventSource(h);

-	    once++;

-	}

     }

 

     return(dwDebug ? TRUE : FALSE);

@@ -339,9 +318,11 @@ void DebugEvent0(char *a)
     

     if (IsDebugLogging()) {

 	h = RegisterEventSource(NULL, KFW_LOGON_EVENT_NAME);

-	ptbuf[0] = a;

-	ReportEvent(h, EVENTLOG_INFORMATION_TYPE, 0, 0, NULL, 1, 0, (const char **)ptbuf, NULL);

-	DeregisterEventSource(h);

+	if (h) {

+            ptbuf[0] = a;

+            ReportEvent(h, EVENTLOG_INFORMATION_TYPE, 0, 0, NULL, 1, 0, (const char **)ptbuf, NULL);

+            DeregisterEventSource(h);

+        }

     }

 }

 

@@ -353,13 +334,15 @@ void DebugEvent(char *b,...)
 

     if (IsDebugLogging()) {

 	h = RegisterEventSource(NULL, KFW_LOGON_EVENT_NAME);

-	va_start(marker,b);

-	StringCbVPrintf(buf, MAXBUF_+1,b,marker);

-	buf[MAXBUF_] = '\0';

-	ptbuf[0] = buf;

-	ReportEvent(h, EVENTLOG_INFORMATION_TYPE, 0, 0, NULL, 1, 0, (const char **)ptbuf, NULL);

-	DeregisterEventSource(h);

-	va_end(marker);

+        if (h) {

+            va_start(marker,b);

+            StringCbVPrintf(buf, MAXBUF_+1,b,marker);

+            buf[MAXBUF_] = '\0';

+            ptbuf[0] = buf;

+            ReportEvent(h, EVENTLOG_INFORMATION_TYPE, 0, 0, NULL, 1, 0, (const char **)ptbuf, NULL);

+            DeregisterEventSource(h);

+            va_end(marker);

+        }

     }

 }

 

@@ -1112,10 +1095,10 @@ KFW_copy_file_cache_to_default_cache(char * filename)
     if ( strlen(filename) + sizeof("FILE:") > sizeof(cachename) )

         return 1;

 

-    strcat(cachename, filename);

-

     code = pkrb5_init_context(&ctx);

-    if (code) ctx = 0;

+    if (code) return 1;

+

+    strcat(cachename, filename);

 

     code = pkrb5_cc_resolve(ctx, cachename, &cc);

     if (code) {

@@ -1189,10 +1172,10 @@ KFW_copy_file_cache_to_api_cache(char * filename)
     if ( strlen(filename) + sizeof("FILE:") > sizeof(cachename) )

         return 1;

 

-    strcat(cachename, filename);

-

     code = pkrb5_init_context(&ctx);

-    if (code) ctx = 0;

+    if (code) return 1;

+

+    strcat(cachename, filename);

 

     code = pkrb5_cc_resolve(ctx, cachename, &cc);

     if (code) {

@@ -1271,7 +1254,7 @@ KFW_destroy_tickets_for_principal(char * user)
         return 0;

 

     code = pkrb5_init_context(&ctx);

-    if (code) ctx = 0;

+    if (code) return 1;

 

     code = pkrb5_parse_name(ctx, user, &princ);

     if (code) goto loop_cleanup;

diff --git a/src/windows/kfwlogon/kfwlogon.c b/src/windows/kfwlogon/kfwlogon.c
index ebfca87..b05e38f 100644
--- a/src/windows/kfwlogon/kfwlogon.c
+++ b/src/windows/kfwlogon/kfwlogon.c
@@ -64,15 +64,12 @@ BOOLEAN APIENTRY DllEntryPoint(HANDLE dll, DWORD reason, PVOID reserved)
     return TRUE;

 }

 

-

-

 DWORD APIENTRY NPGetCaps(DWORD index)

 {

     switch (index) {

     case WNNC_NET_TYPE:

-        /* Don't have our own type; use somebody else's. */

+        /* We aren't a file system; We don't have our own type; use somebody else's. */

         return WNNC_NET_SUN_PC_NFS;

-

     case WNNC_START:

         /* Say we are already started, even though we might wait after we receive NPLogonNotify */

         return 1;

@@ -82,6 +79,7 @@ DWORD APIENTRY NPGetCaps(DWORD index)
     }

 }       

 

+

 static BOOL

 WINAPI

 UnicodeStringToANSI(UNICODE_STRING uInputString, LPSTR lpszOutputString, int nOutStringLen)

@@ -134,6 +132,7 @@ is_windows_vista(void)
    return fIsWinVista;

 }

 

+

 /* Construct a Logon Script that will cause the LogonEventHandler to be executed

  * under in the logon session 

  */

@@ -178,6 +177,7 @@ ConfigureLogonScript(LPWSTR *lpLogonScript, char * filename) {
     free(lpTemp);

 }

 

+

 DWORD APIENTRY NPLogonNotify(

 	PLUID lpLogonId,

 	LPCWSTR lpAuthentInfoType,

@@ -199,17 +199,30 @@ DWORD APIENTRY NPLogonNotify(
     char *reason;

     char *ctemp;

 

-    BOOLEAN interactive;

+    BOOLEAN interactive = TRUE;

     HWND hwndOwner = (HWND)StationHandle;

     BOOLEAN lowercased_name = TRUE;

 

-    /* Are we interactive? */

-    interactive = (wcscmp(lpStationName, L"WinSta0") == 0);

-

-    if ( !interactive || !KFW_is_available() )

-	return 0;

+    /* Can we load KFW binaries? */

+    if ( !KFW_is_available() )

+        return 0;

 

-    DebugEvent("NPLogonNotify - LoginId(%d,%d)", lpLogonId->HighPart, lpLogonId->LowPart);

+    /* Are we interactive? */

+    if (lpStationName)

+        interactive = (wcsicmp(lpStationName, L"WinSta0") == 0);

+

+    if ( !interactive ) {

+	char station[64]="station";

+        DWORD rv;

+

+        SetLastError(0);

+	rv = WideCharToMultiByte(CP_UTF8, 0, lpStationName, -1, 

+			    station, sizeof(station), NULL, NULL);

+        DebugEvent("Skipping NPLogonNotify- LoginId(%d,%d) - Interactive(%d:%s) - gle %d", 

+                    lpLogonId->HighPart, lpLogonId->LowPart, interactive, rv != 0 ? station : "failure", GetLastError());

+        return 0;

+    } else

+        DebugEvent("NPLogonNotify - LoginId(%d,%d)", lpLogonId->HighPart, lpLogonId->LowPart);

 

     /* Initialize Logon Script to none */

     *lpLogonScript=NULL;

@@ -217,11 +230,11 @@ DWORD APIENTRY NPLogonNotify(
     /* MSV1_0_INTERACTIVE_LOGON and KERB_INTERACTIVE_LOGON are equivalent for

      * our purposes */

 

-    if ( wcscmp(lpAuthentInfoType,L"MSV1_0:Interactive") && 

-         wcscmp(lpAuthentInfoType,L"Kerberos:Interactive") )

+    if ( wcsicmp(lpAuthentInfoType,L"MSV1_0:Interactive") && 

+         wcsicmp(lpAuthentInfoType,L"Kerberos:Interactive") )

     {

 	char msg[64];

-	WideCharToMultiByte(CP_ACP, 0, lpAuthentInfoType, 0, 

+	WideCharToMultiByte(CP_ACP, 0, lpAuthentInfoType, -1, 

 			    msg, sizeof(msg), NULL, NULL);

 	msg[sizeof(msg)-1]='\0';

         DebugEvent("NPLogonNotify - Unsupported Authentication Info Type: %s", msg);

@@ -230,8 +243,6 @@ DWORD APIENTRY NPLogonNotify(
 

     IL = (MSV1_0_INTERACTIVE_LOGON *) lpAuthentInfo;

 

-    DebugEvent("Interactive %s", interactive ? "yes" : "no");

-

     /* Convert from Unicode to ANSI */

 

     /*TODO: Use SecureZeroMemory to erase passwords */

@@ -568,10 +579,10 @@ LogonEventHandlerA(HWND hwnd, HINSTANCE hinst, LPSTR lpszCmdLine, int nCmdShow)
     DebugEvent0("LogonEventHandler - Start");

 

     /* Validate lpszCmdLine as a file */

-    hf = CreateFile(lpszCmdLine, FILE_ALL_ACCESS, 0, NULL, OPEN_EXISTING, 

+    hf = CreateFile(lpszCmdLine, GENERIC_READ | DELETE, 0, NULL, OPEN_EXISTING, 

 		    FILE_ATTRIBUTE_NORMAL, NULL);

     if (hf == INVALID_HANDLE_VALUE) {

-        DebugEvent0("LogonEventHandler - file cannot be opened");

+        DebugEvent("LogonEventHandler - \"%s\" cannot be opened", lpszCmdLine);

 	return;

     }

     CloseHandle(hf);

diff --git a/src/windows/kfwlogon/kfwlogon.h b/src/windows/kfwlogon/kfwlogon.h
index d9bf13d..0d7ddd9 100644
--- a/src/windows/kfwlogon/kfwlogon.h
+++ b/src/windows/kfwlogon/kfwlogon.h
@@ -159,7 +159,7 @@ cc_free_NC_info,
 #define MAX_PASSWORD_LENGTH 256

 #define MAX_DOMAIN_LENGTH 256

 

-#define KFW_LOGON_EVENT_NAME TEXT("KFW Logon")

+#define KFW_LOGON_EVENT_NAME TEXT("MIT Kerberos")

 

 BOOLEAN APIENTRY DllEntryPoint(HANDLE dll, DWORD reason, PVOID reserved);