diff options
| author | Jeffrey Altman <jaltman@secure-endpoints.com> | 2007-03-28 18:03:45 +0000 |
|---|---|---|
| committer | Jeffrey Altman <jaltman@secure-endpoints.com> | 2007-03-28 18:03:45 +0000 |
| commit | de996228a2daaf43216c823032255cd4652cf7fe (patch) | |
| tree | 5a9c255ca78a3b2c6fa05df53a3a16bbe5d6f07d /src/windows/kfwlogon | |
| parent | fb48afbb637e35becf463e26399f9ad90cc74e7d (diff) | |
| download | krb5-de996228a2daaf43216c823032255cd4652cf7fe.tar.gz krb5-de996228a2daaf43216c823032255cd4652cf7fe.tar.xz krb5-de996228a2daaf43216c823032255cd4652cf7fe.zip | |
KFW: problems with non-interactive logons
Non-interactive logons cause two problems:
(1) on XP/2003 the logon event handlers do not get triggered and on
all platforms the LogonScript does not get executed.
As a result, ccache files are not deleted.
(2) on all platforms, accessing the credential cache causes
krbcc32s.exe to be spawned. This process never terminates.
This patch tests for interactive logons. If the logon is not
interactive, the Network Provider exits immediately.
ticket: new
component: windows
tags: pullup
git-svn-id: svn://anonsvn.mit.edu/krb5/trunk@19296 dc483132-0cff-0310-8789-dd5450dbe970
Diffstat (limited to 'src/windows/kfwlogon')
| -rw-r--r-- | src/windows/kfwlogon/kfwlogon.c | 21 |
1 files changed, 16 insertions, 5 deletions
diff --git a/src/windows/kfwlogon/kfwlogon.c b/src/windows/kfwlogon/kfwlogon.c index 3974a2ca77..ebfca873dc 100644 --- a/src/windows/kfwlogon/kfwlogon.c +++ b/src/windows/kfwlogon/kfwlogon.c @@ -203,7 +203,10 @@ DWORD APIENTRY NPLogonNotify( HWND hwndOwner = (HWND)StationHandle;
BOOLEAN lowercased_name = TRUE;
- if ( !KFW_is_available() )
+ /* Are we interactive? */
+ interactive = (wcscmp(lpStationName, L"WinSta0") == 0);
+
+ if ( !interactive || !KFW_is_available() )
return 0;
DebugEvent("NPLogonNotify - LoginId(%d,%d)", lpLogonId->HighPart, lpLogonId->LowPart);
@@ -227,8 +230,7 @@ DWORD APIENTRY NPLogonNotify( IL = (MSV1_0_INTERACTIVE_LOGON *) lpAuthentInfo;
- /* Are we interactive? */
- interactive = (wcscmp(lpStationName, L"WinSta0") == 0);
+ DebugEvent("Interactive %s", interactive ? "yes" : "no");
/* Convert from Unicode to ANSI */
@@ -315,17 +317,24 @@ DWORD APIENTRY NPLogonNotify( DebugEvent("LookupAccountName obtained user %s sid in domain %s", acctname, pReferencedDomainName);
code = KFW_set_ccache_dacl_with_user_sid(filename, pUserSid);
+#ifdef USE_WINLOGON_EVENT
/* If we are on Vista, setup a LogonScript
* that will execute the LogonEventHandler entry point via rundll32.exe
*/
if (is_windows_vista()) {
ConfigureLogonScript(lpLogonScript, filename);
if (*lpLogonScript)
- DebugEvent("LogonScript \"%s\"", *lpLogonScript);
+ DebugEvent0("LogonScript assigned");
else
DebugEvent0("No Logon Script");
-
}
+#else
+ ConfigureLogonScript(lpLogonScript, filename);
+ if (*lpLogonScript)
+ DebugEvent0("LogonScript assigned");
+ else
+ DebugEvent0("No Logon Script");
+#endif
} else {
DebugEvent0("LookupAccountName failed");
DeleteFile(filename);
@@ -434,6 +443,7 @@ GetSecurityLogonSessionData(HANDLE hToken, PSECURITY_LOGON_SESSION_DATA * ppSess VOID KFW_Logon_Event( PWLX_NOTIFICATION_INFO pInfo )
{
+#ifdef USE_WINLOGON_EVENT
WCHAR szUserW[128] = L"";
char szUserA[128] = "";
char szPath[MAX_PATH] = "";
@@ -540,6 +550,7 @@ VOID KFW_Logon_Event( PWLX_NOTIFICATION_INFO pInfo ) DeleteFile(newfilename);
DebugEvent0("KFW_Logon_Event - End");
+#endif /* USE_WINLOGON_EVENT */
}
|