KFW Network Provider Improvements

Change event log name from "KFW Logon" to "MIT Kerberos".  This
is being done to avoid confusion with the "KFW Logon" functionality
that was provided by older versions of OpenAFS. (kfwlogon.h)

Remove logging of the inability to access the "Debug" registry value.
On Vista, kfwlogon.dll is no longer loaded by winlogin.exe.  Instead
it is loaded by mpnotify.exe which is spawned once for each logon 
request.  (kfwcommon.c)

Add a test to ensure that RegisterEventSource succeeded before calling
ReportEvent.  (kfwcommon.c)

Absolutely make sure that krb5_init_context() succeeded before calling
any other krb5 functions.  (kfwcommon.c)

Add a comment explaining why NPGetCaps() says we are a file system even
though we are not.  "It won't work otherwise."  (kfwlogon.c)

Change all comparisions for Windows Station and AuthentInfoType names
to case insensitive comparisons.  Vista does not use the same case as XP.
(kfwlogon.c)

Change the requested access to the temporary cache file from "All" to 
"Read | Delete" when importing its contents into the API cache.  
Otherwise, the access test will fail on Vista.  (kfwlogon.c)

ticket: new
component: windows
tags: pullup

git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19476 dc483132-0cff-0310-8789-dd5450dbe970

3 files changed, 51 insertions, 57 deletions

diff --git a/src/windows/kfwlogon/kfwcommon.c b/src/windows/kfwlogon/kfwcommon.c
index 1a2de0826e..23295b93bd 100644
--- a/src/windows/kfwlogon/kfwcommon.c
+++ b/src/windows/kfwlogon/kfwcommon.c
@@ -304,30 +304,9 @@ BOOL IsDebugLogging(void)
 	LSPsize=sizeof(dwDebug);

 	if (RegQueryValueEx(NPKey, "Debug", NULL, NULL, (LPBYTE)&dwDebug, &LSPsize) != ERROR_SUCCESS) 

 	{

-	    static int once = 0;

-

 	    dwDebug = FALSE;

-

-	    if (!once) {

-	        HANDLE h; char *ptbuf[1];

-		h = RegisterEventSource(NULL, KFW_LOGON_EVENT_NAME);

-		ptbuf[0] = "Unable to read debug value";

-		ReportEvent(h, EVENTLOG_INFORMATION_TYPE, 0, 0, NULL, 1, 0, (const char **)ptbuf, NULL);

-		DeregisterEventSource(h);

-		once++;

-	    }

 	}

 	RegCloseKey (NPKey);

-    } else {

-	static int once = 0;

-	if (!once) {

-	    HANDLE h; char *ptbuf[1];

- 	    h = RegisterEventSource(NULL, KFW_LOGON_EVENT_NAME);

-	    ptbuf[0] = "Unable to open network provider key";

-	    ReportEvent(h, EVENTLOG_INFORMATION_TYPE, 0, 0, NULL, 1, 0, (const char **)ptbuf, NULL);

-	    DeregisterEventSource(h);

-	    once++;

-	}

     }

 

     return(dwDebug ? TRUE : FALSE);

@@ -339,9 +318,11 @@ void DebugEvent0(char *a)
     

     if (IsDebugLogging()) {

 	h = RegisterEventSource(NULL, KFW_LOGON_EVENT_NAME);

-	ptbuf[0] = a;

-	ReportEvent(h, EVENTLOG_INFORMATION_TYPE, 0, 0, NULL, 1, 0, (const char **)ptbuf, NULL);

-	DeregisterEventSource(h);

+	if (h) {

+            ptbuf[0] = a;

+            ReportEvent(h, EVENTLOG_INFORMATION_TYPE, 0, 0, NULL, 1, 0, (const char **)ptbuf, NULL);

+            DeregisterEventSource(h);

+        }

     }

 }

 

@@ -353,13 +334,15 @@ void DebugEvent(char *b,...)
 

     if (IsDebugLogging()) {

 	h = RegisterEventSource(NULL, KFW_LOGON_EVENT_NAME);

-	va_start(marker,b);

-	StringCbVPrintf(buf, MAXBUF_+1,b,marker);

-	buf[MAXBUF_] = '\0';

-	ptbuf[0] = buf;

-	ReportEvent(h, EVENTLOG_INFORMATION_TYPE, 0, 0, NULL, 1, 0, (const char **)ptbuf, NULL);

-	DeregisterEventSource(h);

-	va_end(marker);

+        if (h) {

+            va_start(marker,b);

+            StringCbVPrintf(buf, MAXBUF_+1,b,marker);

+            buf[MAXBUF_] = '\0';

+            ptbuf[0] = buf;

+            ReportEvent(h, EVENTLOG_INFORMATION_TYPE, 0, 0, NULL, 1, 0, (const char **)ptbuf, NULL);

+            DeregisterEventSource(h);

+            va_end(marker);

+        }

     }

 }

 

@@ -1112,10 +1095,10 @@ KFW_copy_file_cache_to_default_cache(char * filename)
     if ( strlen(filename) + sizeof("FILE:") > sizeof(cachename) )

         return 1;

 

-    strcat(cachename, filename);

-

     code = pkrb5_init_context(&ctx);

-    if (code) ctx = 0;

+    if (code) return 1;

+

+    strcat(cachename, filename);

 

     code = pkrb5_cc_resolve(ctx, cachename, &cc);

     if (code) {

@@ -1189,10 +1172,10 @@ KFW_copy_file_cache_to_api_cache(char * filename)
     if ( strlen(filename) + sizeof("FILE:") > sizeof(cachename) )

         return 1;

 

-    strcat(cachename, filename);

-

     code = pkrb5_init_context(&ctx);

-    if (code) ctx = 0;

+    if (code) return 1;

+

+    strcat(cachename, filename);

 

     code = pkrb5_cc_resolve(ctx, cachename, &cc);

     if (code) {

@@ -1271,7 +1254,7 @@ KFW_destroy_tickets_for_principal(char * user)
         return 0;

 

     code = pkrb5_init_context(&ctx);

-    if (code) ctx = 0;

+    if (code) return 1;

 

     code = pkrb5_parse_name(ctx, user, &princ);

     if (code) goto loop_cleanup;

diff --git a/src/windows/kfwlogon/kfwlogon.c b/src/windows/kfwlogon/kfwlogon.c
index ebfca873dc..b05e38fd8c 100644
--- a/src/windows/kfwlogon/kfwlogon.c
+++ b/src/windows/kfwlogon/kfwlogon.c
@@ -64,15 +64,12 @@ BOOLEAN APIENTRY DllEntryPoint(HANDLE dll, DWORD reason, PVOID reserved)
     return TRUE;

 }

 

-

-

 DWORD APIENTRY NPGetCaps(DWORD index)

 {

     switch (index) {

     case WNNC_NET_TYPE:

-        /* Don't have our own type; use somebody else's. */

+        /* We aren't a file system; We don't have our own type; use somebody else's. */

         return WNNC_NET_SUN_PC_NFS;

-

     case WNNC_START:

         /* Say we are already started, even though we might wait after we receive NPLogonNotify */

         return 1;

@@ -82,6 +79,7 @@ DWORD APIENTRY NPGetCaps(DWORD index)
     }

 }       

 

+

 static BOOL

 WINAPI

 UnicodeStringToANSI(UNICODE_STRING uInputString, LPSTR lpszOutputString, int nOutStringLen)

@@ -134,6 +132,7 @@ is_windows_vista(void)
    return fIsWinVista;

 }

 

+

 /* Construct a Logon Script that will cause the LogonEventHandler to be executed

  * under in the logon session 

  */

@@ -178,6 +177,7 @@ ConfigureLogonScript(LPWSTR *lpLogonScript, char * filename) {
     free(lpTemp);

 }

 

+

 DWORD APIENTRY NPLogonNotify(

 	PLUID lpLogonId,

 	LPCWSTR lpAuthentInfoType,

@@ -199,17 +199,30 @@ DWORD APIENTRY NPLogonNotify(
     char *reason;

     char *ctemp;

 

-    BOOLEAN interactive;

+    BOOLEAN interactive = TRUE;

     HWND hwndOwner = (HWND)StationHandle;

     BOOLEAN lowercased_name = TRUE;

 

-    /* Are we interactive? */

-    interactive = (wcscmp(lpStationName, L"WinSta0") == 0);

-

-    if ( !interactive || !KFW_is_available() )

-	return 0;

+    /* Can we load KFW binaries? */

+    if ( !KFW_is_available() )

+        return 0;

 

-    DebugEvent("NPLogonNotify - LoginId(%d,%d)", lpLogonId->HighPart, lpLogonId->LowPart);

+    /* Are we interactive? */

+    if (lpStationName)

+        interactive = (wcsicmp(lpStationName, L"WinSta0") == 0);

+

+    if ( !interactive ) {

+	char station[64]="station";

+        DWORD rv;

+

+        SetLastError(0);

+	rv = WideCharToMultiByte(CP_UTF8, 0, lpStationName, -1, 

+			    station, sizeof(station), NULL, NULL);

+        DebugEvent("Skipping NPLogonNotify- LoginId(%d,%d) - Interactive(%d:%s) - gle %d", 

+                    lpLogonId->HighPart, lpLogonId->LowPart, interactive, rv != 0 ? station : "failure", GetLastError());

+        return 0;

+    } else

+        DebugEvent("NPLogonNotify - LoginId(%d,%d)", lpLogonId->HighPart, lpLogonId->LowPart);

 

     /* Initialize Logon Script to none */

     *lpLogonScript=NULL;

@@ -217,11 +230,11 @@ DWORD APIENTRY NPLogonNotify(
     /* MSV1_0_INTERACTIVE_LOGON and KERB_INTERACTIVE_LOGON are equivalent for

      * our purposes */

 

-    if ( wcscmp(lpAuthentInfoType,L"MSV1_0:Interactive") && 

-         wcscmp(lpAuthentInfoType,L"Kerberos:Interactive") )

+    if ( wcsicmp(lpAuthentInfoType,L"MSV1_0:Interactive") && 

+         wcsicmp(lpAuthentInfoType,L"Kerberos:Interactive") )

     {

 	char msg[64];

-	WideCharToMultiByte(CP_ACP, 0, lpAuthentInfoType, 0, 

+	WideCharToMultiByte(CP_ACP, 0, lpAuthentInfoType, -1, 

 			    msg, sizeof(msg), NULL, NULL);

 	msg[sizeof(msg)-1]='\0';

         DebugEvent("NPLogonNotify - Unsupported Authentication Info Type: %s", msg);

@@ -230,8 +243,6 @@ DWORD APIENTRY NPLogonNotify(
 

     IL = (MSV1_0_INTERACTIVE_LOGON *) lpAuthentInfo;

 

-    DebugEvent("Interactive %s", interactive ? "yes" : "no");

-

     /* Convert from Unicode to ANSI */

 

     /*TODO: Use SecureZeroMemory to erase passwords */

@@ -568,10 +579,10 @@ LogonEventHandlerA(HWND hwnd, HINSTANCE hinst, LPSTR lpszCmdLine, int nCmdShow)
     DebugEvent0("LogonEventHandler - Start");

 

     /* Validate lpszCmdLine as a file */

-    hf = CreateFile(lpszCmdLine, FILE_ALL_ACCESS, 0, NULL, OPEN_EXISTING, 

+    hf = CreateFile(lpszCmdLine, GENERIC_READ | DELETE, 0, NULL, OPEN_EXISTING, 

 		    FILE_ATTRIBUTE_NORMAL, NULL);

     if (hf == INVALID_HANDLE_VALUE) {

-        DebugEvent0("LogonEventHandler - file cannot be opened");

+        DebugEvent("LogonEventHandler - \"%s\" cannot be opened", lpszCmdLine);

 	return;

     }

     CloseHandle(hf);

diff --git a/src/windows/kfwlogon/kfwlogon.h b/src/windows/kfwlogon/kfwlogon.h
index d9bf13d065..0d7ddd91fc 100644
--- a/src/windows/kfwlogon/kfwlogon.h
+++ b/src/windows/kfwlogon/kfwlogon.h
@@ -159,7 +159,7 @@ cc_free_NC_info,
 #define MAX_PASSWORD_LENGTH 256

 #define MAX_DOMAIN_LENGTH 256

 

-#define KFW_LOGON_EVENT_NAME TEXT("KFW Logon")

+#define KFW_LOGON_EVENT_NAME TEXT("MIT Kerberos")

 

 BOOLEAN APIENTRY DllEntryPoint(HANDLE dll, DWORD reason, PVOID reserved);