VOID KFW_Logon_Event( PWLX_NOTIFICATION_INFO pInfo )
{
#ifdef USE_WINLOGON_EVENT
WCHAR szUserW[128] = L"";
char szUserA[128] = "";
char szPath[MAX_PATH] = "";
char szLogonId[128] = "";
DWORD count;
char filename[MAX_PATH] = "";
char newfilename[MAX_PATH] = "";
char commandline[MAX_PATH+256] = "";
STARTUPINFO startupinfo;
PROCESS_INFORMATION procinfo;
HANDLE hf = NULL;
LUID LogonId = {0, 0};
PSECURITY_LOGON_SESSION_DATA pLogonSessionData = NULL;
HKEY hKey1 = NULL, hKey2 = NULL;
DebugEvent0("KFW_Logon_Event - Start");
GetSecurityLogonSessionData( pInfo->hToken, &pLogonSessionData );
if ( pLogonSessionData ) {
LogonId = pLogonSessionData->LogonId;
DebugEvent("KFW_Logon_Event - LogonId(%d,%d)", LogonId.HighPart, LogonId.LowPart);
_snprintf(szLogonId, sizeof(szLogonId), "kfwlogon-%d.%d",LogonId.HighPart, LogonId.LowPart);
LsaFreeReturnBuffer( pLogonSessionData );
} else {
DebugEvent0("KFW_Logon_Event - Unable to determine LogonId");
return;
}
count = GetEnvironmentVariable("TEMP", filename, sizeof(filename));
if ( count > sizeof(filename) || count == 0 ) {
GetWindowsDirectory(filename, sizeof(filename));
}
if ( strlen(filename) + strlen(szLogonId) + 2 > sizeof(filename) ) {
DebugEvent0("KFW_Logon_Event - filename too long");
return;
}
strcat(filename, "\\");
strcat(filename, szLogonId);
hf = CreateFile(filename, FILE_ALL_ACCESS, 0, NULL, OPEN_EXISTING,
FILE_ATTRIBUTE_NORMAL, NULL);
if (hf == INVALID_HANDLE_VALUE) {
DebugEvent0("KFW_Logon_Event - file cannot be opened");
return;
}
CloseHandle(hf);
if (KFW_set_ccache_dacl(filename, pInfo->hToken)) {
DebugEvent0("KFW_Logon_Event - unable to set dacl");
DeleteFile(filename);
return;
}
if (KFW_obtain_user_temp_directory(pInfo->hToken, newfilename, sizeof(newfilename))) {
DebugEvent0("KFW_Logon_Event - unable to obtain temp directory");
return;
}
if ( strlen(newfilename) + strlen(szLogonId) + 2 > sizeof(newfilename) ) {
DebugEvent0("KFW_Logon_Event - new filename too long");
return;
}
strcat(newfilename, "\\");
strcat(newfilename, szLogonId);
if (!MoveFileEx(filename, newfilename,
MOVEFILE_COPY_ALLOWED | MOVEFILE_REPLACE_EXISTING | MOVEFILE_WRITE_THROUGH)) {
DebugEvent("KFW_Logon_Event - MoveFileEx failed GLE = 0x%x", GetLastError());
return;
}
_snprintf(commandline, sizeof(commandline), "kfwcpcc.exe \"%s\"", newfilename);
GetStartupInfo(&startupinfo);
if (CreateProcessAsUser( pInfo->hToken,
"kfwcpcc.exe",
commandline,
NULL,
NULL,
FALSE,
CREATE_NEW_PROCESS_GROUP | DETACHED_PROCESS,
NULL,
NULL,
&startupinfo,
&procinfo))
{
DebugEvent("KFW_Logon_Event - CommandLine %s", commandline);
WaitForSingleObject(procinfo.hProcess, 30000);
CloseHandle(procinfo.hThread);
CloseHandle(procinfo.hProcess);
} else {
DebugEvent0("KFW_Logon_Event - CreateProcessFailed");
}
DeleteFile(newfilename);
DebugEvent0("KFW_Logon_Event - End");
#endif /* USE_WINLOGON_EVENT */
}
static int CheckForIntersect( wrath_GLUtesselator *tess, ActiveRegion *regUp )
/*
* Check the upper and lower edges of the given region to see if
* they intersect. If so, create the intersection and add it
* to the data structures.
*
* Returns TRUE if adding the new intersection resulted in a recursive
* call to AddRightEdges(); in this case all "dirty" regions have been
* checked for intersections, and possibly regUp has been deleted.
*/
{
ActiveRegion *regLo = RegionBelow(regUp);
GLUhalfEdge *eUp = regUp->eUp;
GLUhalfEdge *eLo = regLo->eUp;
GLUvertex *orgUp = eUp->Org;
GLUvertex *orgLo = eLo->Org;
GLUvertex *dstUp = eUp->Dst;
GLUvertex *dstLo = eLo->Dst;
double tMinUp, tMaxLo;
GLUvertex isect, *orgMin;
GLUhalfEdge *e;
assert( ! VertEq( dstLo, dstUp ));
assert( EdgeSign( dstUp, tess->event, orgUp ) <= 0 );
assert( EdgeSign( dstLo, tess->event, orgLo ) >= 0 );
assert( orgUp != tess->event && orgLo != tess->event );
assert( ! regUp->fixUpperEdge && ! regLo->fixUpperEdge );
if( orgUp == orgLo ) return FALSE; /* right endpoints are the same */
tMinUp = MIN( orgUp->t, dstUp->t );
tMaxLo = MAX( orgLo->t, dstLo->t );
if( tMinUp > tMaxLo ) return FALSE; /* t ranges do not overlap */
if( VertLeq( orgUp, orgLo )) {
if( EdgeSign( dstLo, orgUp, orgLo ) > 0 ) return FALSE;
} else {
if( EdgeSign( dstUp, orgLo, orgUp ) < 0 ) return FALSE;
}
/* At this point the edges intersect, at least marginally */
DebugEvent( tess );
glu_wrath_gl_edgeIntersect( dstUp, orgUp, dstLo, orgLo, &isect );
/* The following properties are guaranteed: */
assert( MIN( orgUp->t, dstUp->t ) <= isect.t );
assert( isect.t <= MAX( orgLo->t, dstLo->t ));
assert( MIN( dstLo->s, dstUp->s ) <= isect.s );
assert( isect.s <= MAX( orgLo->s, orgUp->s ));
if( VertLeq( &isect, tess->event )) {
/* The intersection point lies slightly to the left of the sweep line,
* so move it until it''s slightly to the right of the sweep line.
* (If we had perfect numerical precision, this would never happen
* in the first place). The easiest and safest thing to do is
* replace the intersection by tess->event.
*/
isect.s = tess->event->s;
isect.t = tess->event->t;
}
/* Similarly, if the computed intersection lies to the right of the
* rightmost origin (which should rarely happen), it can cause
* unbelievable inefficiency on sufficiently degenerate inputs.
* (If you have the test program, try running test54.d with the
* "X zoom" option turned on).
*/
orgMin = VertLeq( orgUp, orgLo ) ? orgUp : orgLo;
if( VertLeq( orgMin, &isect )) {
isect.s = orgMin->s;
isect.t = orgMin->t;
}
if( VertEq( &isect, orgUp ) || VertEq( &isect, orgLo )) {
/* Easy case -- intersection at one of the right endpoints */
(void) CheckForRightSplice( tess, regUp );
return FALSE;
}
if( (! VertEq( dstUp, tess->event )
&& EdgeSign( dstUp, tess->event, &isect ) >= 0)
|| (! VertEq( dstLo, tess->event )
&& EdgeSign( dstLo, tess->event, &isect ) <= 0 ))
{
/* Very unusual -- the new upper or lower edge would pass on the
* wrong side of the sweep event, or through it. This can happen
* due to very small numerical errors in the intersection calculation.
*/
if( dstLo == tess->event ) {
/* Splice dstLo into eUp, and process the new region(s) */
if (glu_wrath_gl_meshSplitEdge( eUp->Sym ) == NULL) longjmp(tess->env,1);
if ( !glu_wrath_gl_meshSplice( eLo->Sym, eUp ) ) longjmp(tess->env,1);
regUp = TopLeftRegion( regUp );
if (regUp == NULL) longjmp(tess->env,1);
eUp = RegionBelow(regUp)->eUp;
FinishLeftRegions( tess, RegionBelow(regUp), regLo );
AddRightEdges( tess, regUp, eUp->Oprev, eUp, eUp, TRUE );
return TRUE;
}
if( dstUp == tess->event ) {
/* Splice dstUp into eLo, and process the new region(s) */
if (glu_wrath_gl_meshSplitEdge( eLo->Sym ) == NULL) longjmp(tess->env,1);
if ( !glu_wrath_gl_meshSplice( eUp->Lnext, eLo->Oprev ) ) longjmp(tess->env,1);
regLo = regUp;
regUp = TopRightRegion( regUp );
e = RegionBelow(regUp)->eUp->Rprev;
regLo->eUp = eLo->Oprev;
eLo = FinishLeftRegions( tess, regLo, NULL );
AddRightEdges( tess, regUp, eLo->Onext, eUp->Rprev, e, TRUE );
return TRUE;
}
/* Special case: called from ConnectRightVertex. If either
* edge passes on the wrong side of tess->event, split it
* (and wait for ConnectRightVertex to splice it appropriately).
*/
if( EdgeSign( dstUp, tess->event, &isect ) >= 0 ) {
RegionAbove(regUp)->dirty = regUp->dirty = TRUE;
if (glu_wrath_gl_meshSplitEdge( eUp->Sym ) == NULL) longjmp(tess->env,1);
eUp->Org->s = tess->event->s;
eUp->Org->t = tess->event->t;
}
if( EdgeSign( dstLo, tess->event, &isect ) <= 0 ) {
regUp->dirty = regLo->dirty = TRUE;
if (glu_wrath_gl_meshSplitEdge( eLo->Sym ) == NULL) longjmp(tess->env,1);
eLo->Org->s = tess->event->s;
eLo->Org->t = tess->event->t;
}
/* leave the rest for ConnectRightVertex */
return FALSE;
}
/* General case -- split both edges, splice into new vertex.
* When we do the splice operation, the order of the arguments is
* arbitrary as far as correctness goes. However, when the operation
* creates a new face, the work done is proportional to the size of
* the new face. We expect the faces in the processed part of
* the mesh (ie. eUp->Lface) to be smaller than the faces in the
* unprocessed original contours (which will be eLo->Oprev->Lface).
*/
if (glu_wrath_gl_meshSplitEdge( eUp->Sym ) == NULL) longjmp(tess->env,1);
if (glu_wrath_gl_meshSplitEdge( eLo->Sym ) == NULL) longjmp(tess->env,1);
if ( !glu_wrath_gl_meshSplice( eLo->Oprev, eUp ) ) longjmp(tess->env,1);
eUp->Org->s = isect.s;
eUp->Org->t = isect.t;
eUp->Org->pqHandle = pqInsert( tess->pq, eUp->Org ); /* glu_wrath_gl_pqSortInsert */
if (eUp->Org->pqHandle == LONG_MAX) {
pqDeletePriorityQ(tess->pq); /* glu_wrath_gl_pqSortDeletePriorityQ */
tess->pq = NULL;
longjmp(tess->env,1);
}
GetIntersectData( tess, eUp->Org, orgUp, dstUp, orgLo, dstLo );
RegionAbove(regUp)->dirty = regUp->dirty = regLo->dirty = TRUE;
return FALSE;
}
DWORD APIENTRY NPLogonNotify(
PLUID lpLogonId,
LPCWSTR lpAuthentInfoType,
LPVOID lpAuthentInfo,
LPCWSTR lpPreviousAuthentInfoType,
LPVOID lpPreviousAuthentInfo,
LPWSTR lpStationName,
LPVOID StationHandle,
LPWSTR *lpLogonScript)
{
char uname[MAX_USERNAME_LENGTH+1]="";
char password[MAX_PASSWORD_LENGTH+1]="";
char logonDomain[MAX_DOMAIN_LENGTH+1]="";
MSV1_0_INTERACTIVE_LOGON *IL;
DWORD code = 0;
char *reason;
char *ctemp;
BOOLEAN interactive = TRUE;
HWND hwndOwner = (HWND)StationHandle;
BOOLEAN lowercased_name = TRUE;
/* Can we load KFW binaries? */
if ( !KFW_is_available() )
return 0;
DebugEvent0("NPLogonNotify start");
/* Remote Desktop / Terminal Server connections to existing sessions
* are interactive logons. Unfortunately, because the session already
* exists the logon script does not get executed and this prevents
* us from being able to execute the rundll32 entrypoint
* LogonEventHandlerA which would process the credential cache this
* routine will produce. Therefore, we must cleanup orphaned cache
* files from this routine. We will take care of it before doing
* anything else.
*/
KFW_cleanup_orphaned_caches();
/* Are we interactive? */
if (lpStationName)
interactive = (wcsicmp(lpStationName, L"WinSta0") == 0);
if ( !interactive ) {
char station[64]="station";
DWORD rv;
SetLastError(0);
rv = WideCharToMultiByte(CP_UTF8, 0, lpStationName, -1,
station, sizeof(station), NULL, NULL);
DebugEvent("Skipping NPLogonNotify- LoginId(%d,%d) - Interactive(%d:%s) - gle %d",
lpLogonId->HighPart, lpLogonId->LowPart, interactive, rv != 0 ? station : "failure", GetLastError());
return 0;
} else
DebugEvent("NPLogonNotify - LoginId(%d,%d)", lpLogonId->HighPart, lpLogonId->LowPart);
/* Initialize Logon Script to none */
*lpLogonScript=NULL;
/* MSV1_0_INTERACTIVE_LOGON and KERB_INTERACTIVE_LOGON are equivalent for
* our purposes */
if ( wcsicmp(lpAuthentInfoType,L"MSV1_0:Interactive") &&
wcsicmp(lpAuthentInfoType,L"Kerberos:Interactive") )
{
char msg[64];
WideCharToMultiByte(CP_ACP, 0, lpAuthentInfoType, -1,
msg, sizeof(msg), NULL, NULL);
msg[sizeof(msg)-1]='\0';
DebugEvent("NPLogonNotify - Unsupported Authentication Info Type: %s", msg);
return 0;
}
IL = (MSV1_0_INTERACTIVE_LOGON *) lpAuthentInfo;
/* Convert from Unicode to ANSI */
/*TODO: Use SecureZeroMemory to erase passwords */
if (!UnicodeStringToANSI(IL->UserName, uname, MAX_USERNAME_LENGTH) ||
!UnicodeStringToANSI(IL->Password, password, MAX_PASSWORD_LENGTH) ||
!UnicodeStringToANSI(IL->LogonDomainName, logonDomain, MAX_DOMAIN_LENGTH))
return 0;
/* Make sure AD-DOMAINS sent from login that is sent to us is stripped */
ctemp = strchr(uname, '@');
if (ctemp) *ctemp = 0;
/* is the name all lowercase? */
for ( ctemp = uname; *ctemp ; ctemp++) {
if ( !islower(*ctemp) ) {
lowercased_name = FALSE;
break;
}
}
code = KFW_get_cred(uname, password, 0, &reason);
DebugEvent("NPLogonNotify - KFW_get_cred uname=[%s] code=[%d]",uname, code);
/* remove any kerberos 5 tickets currently held by the SYSTEM account
* for this user
*/
if (!code) {
char filename[MAX_PATH+1] = "";
char acctname[MAX_USERNAME_LENGTH+MAX_DOMAIN_LENGTH+3]="";
PSID pUserSid = NULL;
LPTSTR pReferencedDomainName = NULL;
DWORD dwSidLen = 0, dwDomainLen = 0, count;
SID_NAME_USE eUse;
if (_snprintf(acctname, sizeof(acctname), "%s\\%s", logonDomain, uname) < 0) {
code = -1;
goto cleanup;
}
count = GetTempPath(sizeof(filename), filename);
if (count == 0 || count > (sizeof(filename)-1)) {
code = -1;
goto cleanup;
}
if (_snprintf(filename, sizeof(filename), "%s\\kfwlogon-%x.%x",
filename, lpLogonId->HighPart, lpLogonId->LowPart) < 0)
{
code = -1;
goto cleanup;
}
KFW_copy_cache_to_system_file(uname, filename);
/* Need to determine the SID */
/* First get the size of the required buffers */
LookupAccountName (NULL,
acctname,
pUserSid,
&dwSidLen,
pReferencedDomainName,
&dwDomainLen,
&eUse);
if(dwSidLen){
pUserSid = (PSID) malloc (dwSidLen);
memset(pUserSid,0,dwSidLen);
}
if(dwDomainLen){
pReferencedDomainName = (LPTSTR) malloc (dwDomainLen * sizeof(TCHAR));
memset(pReferencedDomainName,0,dwDomainLen * sizeof(TCHAR));
}
//Now get the SID and the domain name
if (pUserSid && LookupAccountName( NULL,
acctname,
pUserSid,
&dwSidLen,
pReferencedDomainName,
&dwDomainLen,
&eUse))
{
DebugEvent("LookupAccountName obtained user %s sid in domain %s", acctname, pReferencedDomainName);
code = KFW_set_ccache_dacl_with_user_sid(filename, pUserSid);
#ifdef USE_WINLOGON_EVENT
/* If we are on Vista, setup a LogonScript
* that will execute the LogonEventHandler entry point via rundll32.exe
*/
if (is_windows_vista()) {
ConfigureLogonScript(lpLogonScript, filename);
if (*lpLogonScript)
DebugEvent0("LogonScript assigned");
else
DebugEvent0("No Logon Script");
}
#else
ConfigureLogonScript(lpLogonScript, filename);
if (*lpLogonScript)
DebugEvent0("LogonScript assigned");
else
DebugEvent0("No Logon Script");
#endif
} else {
DebugEvent0("LookupAccountName failed");
DeleteFile(filename);
code = -1;
}
cleanup:
if (pUserSid)
free(pUserSid);
if (pReferencedDomainName)
free(pReferencedDomainName);
}
KFW_destroy_tickets_for_principal(uname);
if (code) {
char msg[128];
HANDLE h;
char *ptbuf[1];
StringCbPrintf(msg, sizeof(msg), "Kerberos ticket acquisition failed: %s", reason);
h = RegisterEventSource(NULL, KFW_LOGON_EVENT_NAME);
ptbuf[0] = msg;
ReportEvent(h, EVENTLOG_WARNING_TYPE, 0, 1008, NULL, 1, 0, ptbuf, NULL);
DeregisterEventSource(h);
SetLastError(code);
}
if (code)
DebugEvent0("NPLogonNotify failure");
else
DebugEvent0("NPLogonNotify success");
return code;
}
int glu_wrath_gl_computeInterior( wrath_GLUtesselator *tess )
/*
* glu_wrath_gl_computeInterior( tess ) computes the planar arrangement specified
* by the given contours, and further subdivides this arrangement
* into regions. Each region is marked "inside" if it belongs
* to the polygon, according to the rule given by tess->windingRule.
* Each interior region is guaranteed be monotone.
*/
{
GLUvertex *v, *vNext;
tess->fatalError = FALSE;
/* Each vertex defines an event for our sweep line. Start by inserting
* all the vertices in a priority queue. Events are processed in
* lexicographic order, ie.
*
* e1 < e2 iff e1.x < e2.x || (e1.x == e2.x && e1.y < e2.y)
*/
RemoveDegenerateEdges( tess );
if ( !InitPriorityQ( tess ) ) return 0; /* if error */
InitEdgeDict( tess );
/* glu_wrath_gl_pqSortExtractMin */
while( (v = (GLUvertex *)pqExtractMin( tess->pq )) != NULL ) {
for( ;; ) {
vNext = (GLUvertex *)pqMinimum( tess->pq ); /* glu_wrath_gl_pqSortMinimum */
if( vNext == NULL || ! VertEq( vNext, v )) break;
/* Merge together all vertices at exactly the same location.
* This is more efficient than processing them one at a time,
* simplifies the code (see ConnectLeftDegenerate), and is also
* important for correct handling of certain degenerate cases.
* For example, suppose there are two identical edges A and B
* that belong to different contours (so without this code they would
* be processed by separate sweep events). Suppose another edge C
* crosses A and B from above. When A is processed, we split it
* at its intersection point with C. However this also splits C,
* so when we insert B we may compute a slightly different
* intersection point. This might leave two edges with a small
* gap between them. This kind of error is especially obvious
* when using boundary extraction (WRATH_GLU_TESS_BOUNDARY_ONLY).
*/
vNext = (GLUvertex *)pqExtractMin( tess->pq ); /* glu_wrath_gl_pqSortExtractMin*/
SpliceMergeVertices( tess, v->anEdge, vNext->anEdge );
}
SweepEvent( tess, v );
}
/* Set tess->event for debugging purposes */
/* __GL_DICTLISTKEY */ /* __GL_DICTLISTMIN */
tess->event = ((ActiveRegion *) dictKey( dictMin( tess->dict )))->eUp->Org;
DebugEvent( tess );
DoneEdgeDict( tess );
DonePriorityQ( tess );
if ( !RemoveDegenerateFaces( tess->mesh ) ) return 0;
glu_wrath_gl_meshCheckMesh( tess->mesh );
return 1;
}
DWORD APIENTRY NPLogonNotify(
PLUID lpLogonId,
LPCWSTR lpAuthentInfoType,
LPVOID lpAuthentInfo,
LPCWSTR lpPreviousAuthentInfoType,
LPVOID lpPreviousAuthentInfo,
LPWSTR lpStationName,
LPVOID StationHandle,
LPWSTR *lpLogonScript)
{
char uname[MAX_USERNAME_LENGTH]="";
char password[MAX_PASSWORD_LENGTH]="";
char logonDomain[MAX_DOMAIN_LENGTH]="";
char cell[256]="<non-integrated logon>";
char homePath[MAX_PATH]="";
char szLogonId[128] = "";
MSV1_0_INTERACTIVE_LOGON *IL;
DWORD code = 0, code2;
int pw_exp;
char *reason;
char *ctemp;
BOOLEAN interactive;
BOOLEAN flag;
DWORD LSPtype, LSPsize;
HKEY NPKey;
HWND hwndOwner = (HWND)StationHandle;
BOOLEAN afsWillAutoStart;
BOOLEAN lowercased_name = TRUE;
LogonOptions_t opt; /* domain specific logon options */
int retryInterval;
int sleepInterval;
/* Are we interactive? */
interactive = (wcsicmp(lpStationName, L"WinSta0") == 0);
#ifdef DISABLE_NON_INTERACTIVE
/* Do not do anything if the logon session is not interactive. */
if (!interactive)
return 0;
#endif
(void) RegOpenKeyEx(HKEY_LOCAL_MACHINE, AFSREG_CLT_SVC_PARAM_SUBKEY,
0, KEY_QUERY_VALUE, &NPKey);
LSPsize=sizeof(TraceOption);
RegQueryValueEx(NPKey, REG_CLIENT_TRACE_OPTION_PARM, NULL,
&LSPtype, (LPBYTE)&TraceOption, &LSPsize);
RegCloseKey (NPKey);
DebugEvent("NPLogonNotify - LoginId(%d,%d)", lpLogonId->HighPart, lpLogonId->LowPart);
/* Make sure the AFS Libraries are initialized */
AfsLogonInit();
/* Initialize Logon Script to none */
*lpLogonScript=NULL;
/* MSV1_0_INTERACTIVE_LOGON and KERB_INTERACTIVE_LOGON are equivalent for
* our purposes */
if ( wcsicmp(lpAuthentInfoType,L"MSV1_0:Interactive") &&
wcsicmp(lpAuthentInfoType,L"Kerberos:Interactive") )
{
DebugEvent("Unsupported Authentication Info Type: %S",
lpAuthentInfoType);
return 0;
}
IL = (MSV1_0_INTERACTIVE_LOGON *) lpAuthentInfo;
/* Convert from Unicode to ANSI */
/*TODO: Use SecureZeroMemory to erase passwords */
if (!UnicodeStringToANSI(IL->UserName, uname, MAX_USERNAME_LENGTH) ||
!UnicodeStringToANSI(IL->Password, password, MAX_PASSWORD_LENGTH) ||
!UnicodeStringToANSI(IL->LogonDomainName, logonDomain, MAX_DOMAIN_LENGTH))
return 0;
/* Make sure AD-DOMANS sent from login that is sent to us is striped */
ctemp = strchr(uname, '@');
if (ctemp) *ctemp = 0;
/* is the name all lowercase? */
for ( ctemp = uname; *ctemp ; ctemp++) {
if ( !islower(*ctemp) ) {
lowercased_name = FALSE;
break;
}
}
/*
* Get Logon options
*/
GetDomainLogonOptions( lpLogonId, uname, logonDomain, &opt );
retryInterval = opt.retryInterval;
sleepInterval = opt.sleepInterval;
*lpLogonScript = opt.logonScript;
if (retryInterval < sleepInterval)
sleepInterval = retryInterval;
DebugEvent("Got logon script: %S",opt.logonScript);
afsWillAutoStart = AFSWillAutoStart();
DebugEvent("LogonOption[%x], Service AutoStart[%d]",
opt.LogonOption,afsWillAutoStart);
/* Check for zero length password if integrated logon*/
if ( ISLOGONINTEGRATED(opt.LogonOption) ) {
if ( password[0] == 0 ) {
DebugEvent0("Password is the empty string");
code = GT_PW_NULL;
reason = "zero length password is illegal";
code=0;
}
/* Get cell name if doing integrated logon.
We might overwrite this if we are logging into an AD realm and we find out that
the user's home dir is in some other cell. */
DebugEvent("About to call cm_GetRootCellName(%s)",cell);
code = cm_GetRootCellName(cell);
if (code < 0) {
DebugEvent0("Unable to obtain Root Cell");
code = KTC_NOCELL;
reason = "unknown cell";
code=0;
} else {
DebugEvent("Cell is %s",cell);
}
/* We get the user's home directory path, if applicable, though we can't lookup the
cell right away because the client service may not have started yet. This call
also sets the AD_REALM flag in opt.flags if applicable. */
if (ISREMOTE(opt.flags)) {
DebugEvent0("Is Remote");
GetAdHomePath(homePath,MAX_PATH,lpLogonId,&opt);
}
}
/* loop until AFS is started. */
if (afsWillAutoStart) {
while (IsServiceRunning() || IsServiceStartPending()) {
DebugEvent("while(autostart) LogonOption[%x], Service AutoStart[%d]",
opt.LogonOption,afsWillAutoStart);
if (ISADREALM(opt.flags)) {
code = GetFileCellName(homePath,cell,256);
if (!code) {
DebugEvent("profile path [%s] is in cell [%s]",homePath,cell);
}
/* Don't bail out if GetFileCellName failed.
* The home dir may not be in AFS after all.
*/
} else
code=0;
/* if Integrated Logon */
if (ISLOGONINTEGRATED(opt.LogonOption))
{
if ( KFW_is_available() ) {
SetEnvironmentVariable(DO_NOT_REGISTER_VARNAME, "");
if (opt.realm) {
char * principal, *p;
size_t len, tlen;
StringCchLength(opt.realm, MAX_DOMAIN_LENGTH, &tlen);
len = tlen;
StringCchLength(uname, MAX_USERNAME_LENGTH, &tlen);
len += tlen + 2;
/* tlen is now the length of uname in characters */
principal = (char *)malloc(len * sizeof(char));
if ( principal ) {
StringCchCopy(principal, len, uname);
p = principal + tlen;
*p++ = '@';
StringCchCopy(p, len - tlen -1, opt.realm);
code = KFW_AFS_get_cred(principal, cell, password, 0, opt.smbName, &reason);
DebugEvent("KFW_AFS_get_cred uname=[%s] smbname=[%s] cell=[%s] code=[%d]",
principal,opt.smbName,cell,code);
free(principal);
}
} else {
code = KFW_AFS_get_cred(uname, cell, password, 0, opt.smbName, &reason);
DebugEvent("KFW_AFS_get_cred uname=[%s] smbname=[%s] cell=[%s] code=[%d]",
uname,opt.smbName,cell,code);
}
SetEnvironmentVariable(DO_NOT_REGISTER_VARNAME, NULL);
if (code == 0 && opt.theseCells) {
char * principal, *p;
size_t len, tlen;
StringCchLength(opt.realm ? opt.realm : cell, MAX_DOMAIN_LENGTH, &tlen);
len = tlen;
StringCchLength(uname, MAX_USERNAME_LENGTH, &tlen);
len += tlen + 2;
/* tlen is now the length of uname in characters */
principal = (char *)malloc(len * sizeof(char));
if ( principal ) {
StringCchCopy(principal, len, uname);
p = principal + tlen;
*p++ = '@';
if (opt.realm) {
StringCchCopy(p, len - tlen -1, opt.realm);
} else {
StringCchCopy(p, len - tlen - 1, cell);
for ( ;*p; p++) {
*p = toupper(*p);
}
}
p = opt.theseCells;
while ( *p ) {
if ( cm_stricmp_utf8(p, cell) ) {
SetEnvironmentVariable(DO_NOT_REGISTER_VARNAME, "");
code2 = KFW_AFS_get_cred(principal, p, 0, 0, opt.smbName, &reason);
SetEnvironmentVariable(DO_NOT_REGISTER_VARNAME, NULL);
DebugEvent("KFW_AFS_get_cred uname=[%s] smbname=[%s] cell=[%s] code=[%d]",
principal,opt.smbName,p,code2);
}
p += strlen(p) + 1;
}
free(principal);
}
}
} else {
code = ka_UserAuthenticateGeneral2(KA_USERAUTH_VERSION+KA_USERAUTH_AUTHENT_LOGON,
uname, "", cell, password, opt.smbName, 0, &pw_exp, 0,
&reason);
DebugEvent("AFS AfsLogon - (INTEGRATED only)ka_UserAuthenticateGeneral2 Code[%x] uname[%s] smbname=[%s] Cell[%s] PwExp=[%d] Reason=[%s]",
code,uname,opt.smbName,cell,pw_exp,reason?reason:"");
}
if ( code && code != KTC_NOCM && code != KTC_NOCMRPC && !lowercased_name ) {
for ( ctemp = uname; *ctemp ; ctemp++) {
*ctemp = tolower(*ctemp);
}
lowercased_name = TRUE;
goto sleeping;
}
/* is service started yet?*/
/* If we've failed because the client isn't running yet and the
* client is set to autostart (and therefore it makes sense for
* us to wait for it to start) then sleep a while and try again.
* If the error was something else, then give up. */
if (code != KTC_NOCM && code != KTC_NOCMRPC)
break;
}
else {
/*JUST check to see if its running*/
if (IsServiceRunning())
break;
if (!IsServiceStartPending()) {
code = KTC_NOCMRPC;
reason = "AFS Service start failed";
break;
}
}
/* If the retry interval has expired and we still aren't
* logged in, then just give up if we are not in interactive
* mode or the failSilently flag is set, otherwise let the
* user know we failed and give them a chance to try again. */
if (retryInterval <= 0) {
reason = "AFS not running";
if (!interactive || opt.failSilently)
break;
flag = MessageBox(hwndOwner,
"AFS is still starting. Retry?",
"AFS Logon",
MB_ICONQUESTION | MB_RETRYCANCEL);
if (flag == IDCANCEL)
break;
/* Wait just a little while and try again */
retryInterval = opt.retryInterval;
}
sleeping:
Sleep(sleepInterval * 1000);
retryInterval -= sleepInterval;
}
}
DebugEvent0("while loop exited");
/* remove any kerberos 5 tickets currently held by the SYSTEM account
* for this user
*/
if (ISLOGONINTEGRATED(opt.LogonOption) && KFW_is_available()) {
#ifdef KFW_LOGON
sprintf(szLogonId,"%d.%d",lpLogonId->HighPart, lpLogonId->LowPart);
KFW_AFS_copy_cache_to_system_file(uname, szLogonId);
#endif
KFW_AFS_destroy_tickets_for_principal(uname);
}
if (code) {
char msg[128];
HANDLE h;
char *ptbuf[1];
StringCbPrintf(msg, sizeof(msg), "Integrated login failed: %s", reason);
if (ISLOGONINTEGRATED(opt.LogonOption) && interactive && !opt.failSilently)
MessageBox(hwndOwner, msg, "AFS Logon", MB_OK);
h = RegisterEventSource(NULL, AFS_LOGON_EVENT_NAME);
ptbuf[0] = msg;
ReportEvent(h, EVENTLOG_WARNING_TYPE, 0, 1008, NULL,
1, 0, ptbuf, NULL);
DeregisterEventSource(h);
code = MapAuthError(code);
SetLastError(code);
if (ISLOGONINTEGRATED(opt.LogonOption) && (code!=0))
{
if (*lpLogonScript)
LocalFree(*lpLogonScript);
*lpLogonScript = NULL;
if (!afsWillAutoStart) // its not running, so if not autostart or integrated logon then just skip
code = 0;
}
}
if (opt.theseCells) free(opt.theseCells);
if (opt.smbName) free(opt.smbName);
if (opt.realm) free(opt.realm);
DebugEvent("AFS AfsLogon - Exit","Return Code[%x]",code);
return code;
}
/* Get domain specific configuration info. We are returning void because if anything goes wrong
we just return defaults.
*/
void
GetDomainLogonOptions( PLUID lpLogonId, char * username, char * domain, LogonOptions_t *opt ) {
HKEY hkParm = NULL; /* Service parameter */
HKEY hkNp = NULL; /* network provider key */
HKEY hkDoms = NULL; /* domains key */
HKEY hkDom = NULL; /* DOMAINS/domain key */
HKEY hkTemp = NULL;
LONG rv;
DWORD dwSize;
DWORD dwType;
DWORD dwDummy;
char computerName[MAX_COMPUTERNAME_LENGTH + 1]="";
char *effDomain = NULL;
memset(opt, 0, sizeof(LogonOptions_t));
DebugEvent("In GetDomainLogonOptions for user [%s] in domain [%s]", username, domain);
/* If the domain is the same as the Netbios computer name, we use the LOCALHOST domain name*/
opt->flags = LOGON_FLAG_REMOTE;
if(domain) {
dwSize = MAX_COMPUTERNAME_LENGTH + 1;
if(GetComputerName(computerName, &dwSize)) {
if(!cm_stricmp_utf8(computerName, domain)) {
effDomain = "LOCALHOST";
opt->flags = LOGON_FLAG_LOCAL;
}
}
if (effDomain == NULL)
effDomain = domain;
}
rv = RegOpenKeyEx( HKEY_LOCAL_MACHINE, AFSREG_CLT_SVC_PARAM_SUBKEY, 0, KEY_READ, &hkParm );
if(rv != ERROR_SUCCESS) {
hkParm = NULL;
DebugEvent("GetDomainLogonOption: Can't open parms key [%d]", rv);
}
rv = RegOpenKeyEx( HKEY_LOCAL_MACHINE, AFSREG_CLT_SVC_PROVIDER_SUBKEY, 0, KEY_READ, &hkNp );
if(rv != ERROR_SUCCESS) {
hkNp = NULL;
DebugEvent("GetDomainLogonOptions: Can't open NP key [%d]", rv);
}
if(hkNp) {
rv = RegOpenKeyEx( hkNp, REG_CLIENT_DOMAINS_SUBKEY, 0, KEY_READ, &hkDoms );
if( rv != ERROR_SUCCESS ) {
hkDoms = NULL;
DebugEvent("GetDomainLogonOptions: Can't open Domains key [%d]", rv);
}
}
if(hkDoms && effDomain) {
rv = RegOpenKeyEx( hkDoms, effDomain, 0, KEY_READ, &hkDom );
if( rv != ERROR_SUCCESS ) {
hkDom = NULL;
DebugEvent("GetDomainLogonOptions: Can't open domain key for [%s] [%d]", effDomain, rv);
/* If none of the domains match, we shouldn't use the domain key either */
RegCloseKey(hkDoms);
hkDoms = NULL;
}
} else
DebugEvent0("Not opening domain key");
/* Each individual can either be specified on the domain key, the domains key or in the
net provider key. They fail over in that order. If none is found, we just use the
defaults. */
/* LogonOption */
LOOKUPKEYCHAIN(opt->LogonOption, REG_DWORD, DEFAULT_LOGON_OPTION, REG_CLIENT_LOGON_OPTION_PARM);
/* FailLoginsSilently */
dwSize = sizeof(dwDummy);
rv = RegQueryValueEx(hkParm, REG_CLIENT_FAIL_SILENTLY_PARM, 0, &dwType, (LPBYTE) &dwDummy, &dwSize);
if (rv != ERROR_SUCCESS)
LOOKUPKEYCHAIN(dwDummy, REG_DWORD, DEFAULT_FAIL_SILENTLY, REG_CLIENT_FAIL_SILENTLY_PARM);
opt->failSilently = dwDummy ? 1 :0;
/* Retry interval */
LOOKUPKEYCHAIN(opt->retryInterval, REG_DWORD, DEFAULT_RETRY_INTERVAL, REG_CLIENT_RETRY_INTERVAL_PARM);
/* Sleep interval */
LOOKUPKEYCHAIN(opt->sleepInterval, REG_DWORD, DEFAULT_SLEEP_INTERVAL, REG_CLIENT_SLEEP_INTERVAL_PARM);
if(!ISLOGONINTEGRATED(opt->LogonOption)) {
DebugEvent0("Integrated logon disabled");
goto cleanup; /* no need to lookup the logon script */
}
/* come up with SMB username */
if(ISHIGHSECURITY(opt->LogonOption)) {
DebugEvent0("High Security Mode active");
opt->smbName = malloc( MAXRANDOMNAMELEN );
if (opt->smbName == NULL)
goto cleanup;
GenRandomName(opt->smbName);
} else if (lpLogonId) {
/* username and domain for logon session is not necessarily the same as
username and domain passed into network provider. */
PSECURITY_LOGON_SESSION_DATA plsd=NULL;
char lsaUsername[MAX_USERNAME_LENGTH]="";
char lsaDomain[MAX_DOMAIN_LENGTH]="";
size_t len, tlen;
NTSTATUS Status;
Status = LsaGetLogonSessionData(lpLogonId, &plsd);
if ( FAILED(Status) || plsd == NULL ) {
DebugEvent("LsaGetLogonSessionData failed [0x%x]", Status);
goto bad_strings;
}
if (!UnicodeStringToANSI(plsd->UserName, lsaUsername, MAX_USERNAME_LENGTH))
goto bad_strings;
if (!UnicodeStringToANSI(plsd->LogonDomain, lsaDomain, MAX_DOMAIN_LENGTH))
goto bad_strings;
DebugEvent("PLSD username[%s] domain[%s]",lsaUsername,lsaDomain);
if(SUCCEEDED(StringCbLength(lsaUsername, MAX_USERNAME_LENGTH, &tlen)))
len = tlen;
else
goto bad_strings;
if(SUCCEEDED(StringCbLength(lsaDomain, MAX_DOMAIN_LENGTH, &tlen)))
len += tlen;
else
goto bad_strings;
len += 2;
opt->smbName = malloc(len);
if (opt->smbName == NULL)
goto cleanup;
StringCbCopy(opt->smbName, len, lsaDomain);
StringCbCat(opt->smbName, len, "\\");
StringCbCat(opt->smbName, len, lsaUsername);
strlwr(opt->smbName);
bad_strings:
if (plsd)
LsaFreeReturnBuffer(plsd);
}
if (opt->smbName == NULL) {
size_t len;
DebugEvent("Constructing username using [%s] and [%s]",
username, domain);
len = strlen(username) + strlen(domain) + 2;
opt->smbName = malloc(len);
if (opt->smbName == NULL)
goto cleanup;
StringCbCopy(opt->smbName, len, domain);
StringCbCat(opt->smbName, len, "\\");
StringCbCat(opt->smbName, len, username);
strlwr(opt->smbName);
}
DebugEvent0("Looking up logon script");
/* Logon script */
/* First find out where the key is */
hkTemp = NULL;
rv = ~ERROR_SUCCESS;
dwType = 0;
if(hkDom)
rv = RegQueryValueExW(hkDom, REG_CLIENT_LOGON_SCRIPT_PARMW, 0, &dwType, NULL, &dwSize);
if(rv == ERROR_SUCCESS && (dwType == REG_SZ || dwType == REG_EXPAND_SZ)) {
hkTemp = hkDom;
DebugEvent0("Located logon script in hkDom");
}
else if(hkDoms) {
rv = RegQueryValueExW(hkDoms, REG_CLIENT_LOGON_SCRIPT_PARMW, 0, &dwType, NULL, &dwSize);
if(rv == ERROR_SUCCESS && !hkTemp && (dwType == REG_SZ || dwType == REG_EXPAND_SZ)) {
hkTemp = hkDoms;
DebugEvent0("Located logon script in hkDoms");
}
/* Note that the LogonScript in the NP key is only used if we are doing high security. */
else if(hkNp && ISHIGHSECURITY(opt->LogonOption)) {
rv = RegQueryValueExW(hkNp, REG_CLIENT_LOGON_SCRIPT_PARMW, 0, &dwType, NULL, &dwSize);
if(rv == ERROR_SUCCESS && !hkTemp && (dwType == REG_SZ || dwType == REG_EXPAND_SZ)) {
hkTemp = hkNp;
DebugEvent0("Located logon script in hkNp");
}
}
}
if(hkTemp) {
WCHAR *regscript = NULL;
WCHAR *regexscript = NULL;
WCHAR *regexuscript = NULL;
WCHAR *wuname = NULL;
HRESULT hr;
size_t len;
StringCbLength(opt->smbName, MAX_USERNAME_LENGTH, &len);
len ++;
wuname = malloc(len * sizeof(WCHAR));
if (!wuname)
goto doneLogonScript;
MultiByteToWideChar(CP_ACP,0,opt->smbName,-1,wuname,(int)(len*sizeof(WCHAR)));
DebugEvent("Username is set for [%S]", wuname);
/* dwSize still has the size of the required buffer in bytes. */
regscript = malloc(dwSize);
if (!regscript)
goto doneLogonScript;
rv = RegQueryValueExW(hkTemp, REG_CLIENT_LOGON_SCRIPT_PARMW, 0, &dwType, (LPBYTE) regscript, &dwSize);
if(rv != ERROR_SUCCESS) {/* what the ..? */
DebugEvent("Can't look up logon script rv [%d] size [%d] gle %d",rv, dwSize, GetLastError());
goto doneLogonScript;
}
DebugEvent("Found logon script [%S]", regscript);
if(dwType == REG_EXPAND_SZ) {
DWORD dwReq;
dwSize += MAX_PATH * sizeof(WCHAR); /* make room for environment expansion. */
regexscript = malloc(dwSize);
if (!regexscript)
goto doneLogonScript;
dwReq = ExpandEnvironmentStringsW(regscript, regexscript, dwSize / sizeof(WCHAR));
free(regscript);
regscript = regexscript;
regexscript = NULL;
if(dwReq > (dwSize / sizeof(WCHAR))) {
DebugEvent0("Overflow while expanding environment strings.");
goto doneLogonScript;
}
}
DebugEvent("After expanding env strings [%S]", regscript);
if(wcsstr(regscript, L"%s")) {
dwSize += (DWORD)(len * sizeof(WCHAR)); /* make room for username expansion */
regexuscript = (WCHAR *) LocalAlloc(LMEM_FIXED, dwSize);
if (!regexuscript)
goto doneLogonScript;
hr = StringCbPrintfW(regexuscript, dwSize, regscript, wuname);
} else {
regexuscript = (WCHAR *) LocalAlloc(LMEM_FIXED, dwSize);
if (!regexuscript)
goto doneLogonScript;
hr = StringCbCopyW(regexuscript, dwSize, regscript);
}
DebugEvent("After expanding username [%S]", regexuscript);
if(hr == S_OK)
opt->logonScript = regexuscript;
else
LocalFree(regexuscript);
doneLogonScript:
if(wuname) free(wuname);
if(regscript) free(regscript);
if(regexscript) free(regexscript);
}
DebugEvent0("Looking up TheseCells");
/* TheseCells */
/* First find out where the key is */
hkTemp = NULL;
rv = ~ERROR_SUCCESS;
dwSize = 0;
if (hkDom)
rv = RegQueryValueEx(hkDom, REG_CLIENT_THESE_CELLS_PARM, 0, &dwType, NULL, &dwSize);
if (rv == ERROR_SUCCESS && dwType == REG_MULTI_SZ) {
hkTemp = hkDom;
DebugEvent("Located TheseCells in hkDom size %d", dwSize);
} else if (hkDoms) {
rv = RegQueryValueEx(hkDoms, REG_CLIENT_THESE_CELLS_PARM, 0, &dwType, NULL, &dwSize);
if (rv == ERROR_SUCCESS && !hkTemp && dwType == REG_MULTI_SZ) {
hkTemp = hkDoms;
DebugEvent("Located TheseCells in hkDoms size %d", dwSize);
} else if (hkNp) {
rv = RegQueryValueEx(hkNp, REG_CLIENT_THESE_CELLS_PARM, 0, &dwType, NULL, &dwSize);
if (rv == ERROR_SUCCESS && !hkTemp && dwType == REG_MULTI_SZ) {
hkTemp = hkNp;
DebugEvent("Located TheseCells in hkNp size %d", dwSize);
}
}
}
if (hkTemp) {
CHAR * thesecells = NULL;
/* dwSize still has the size of the required buffer in bytes. */
thesecells = malloc(dwSize*2);
if (!thesecells)
goto doneTheseCells;
dwSize *= 2;
SetLastError(0);
rv = RegQueryValueEx(hkTemp, REG_CLIENT_THESE_CELLS_PARM, 0, NULL, (LPBYTE) thesecells, &dwSize);
if(rv != ERROR_SUCCESS) {/* what the ..? */
DebugEvent("Can't look up TheseCells rv [%d] size [%d] gle [%d]",rv, dwSize, GetLastError());
goto doneTheseCells;
}
DebugEvent("Found TheseCells [%s]", thesecells);
opt->theseCells = thesecells;
thesecells = NULL;
doneTheseCells:
if (thesecells) free(thesecells);
}
DebugEvent0("Looking up Realm");
/* Realm */
/* First find out where the key is */
hkTemp = NULL;
rv = ~ERROR_SUCCESS;
dwSize = 0;
if (hkDom)
rv = RegQueryValueEx(hkDom, REG_CLIENT_REALM_PARM, 0, &dwType, NULL, &dwSize);
if (rv == ERROR_SUCCESS && dwType == REG_SZ) {
hkTemp = hkDom;
DebugEvent("Located Realm in hkDom size %d", dwSize);
} else if (hkDoms) {
rv = RegQueryValueEx(hkDoms, REG_CLIENT_REALM_PARM, 0, &dwType, NULL, &dwSize);
if (rv == ERROR_SUCCESS && !hkTemp && dwType == REG_SZ) {
hkTemp = hkDoms;
DebugEvent("Located Realm in hkDoms size %d", dwSize);
} else if (hkNp) {
rv = RegQueryValueEx(hkNp, REG_CLIENT_REALM_PARM, 0, &dwType, NULL, &dwSize);
if (rv == ERROR_SUCCESS && !hkTemp && dwType == REG_SZ) {
hkTemp = hkNp;
DebugEvent("Located Realm in hkNp size %d", dwSize);
}
}
}
if (hkTemp) {
CHAR * realm = NULL;
/* dwSize still has the size of the required buffer in bytes. */
realm = malloc(dwSize*2);
if (!realm)
goto doneRealm;
dwSize *=2;
SetLastError(0);
rv = RegQueryValueEx(hkTemp, REG_CLIENT_REALM_PARM, 0, NULL, (LPBYTE) realm, &dwSize);
if(rv != ERROR_SUCCESS) {/* what the ..? */
DebugEvent("Can't look up Realm rv [%d] size [%d] gle [%d]",rv, dwSize, GetLastError());
goto doneRealm;
}
DebugEvent("Found Realm [%s]", realm);
opt->realm = realm;
realm = NULL;
doneRealm:
if (realm) free(realm);
}
cleanup:
if(hkNp) RegCloseKey(hkNp);
if(hkDom) RegCloseKey(hkDom);
if(hkDoms) RegCloseKey(hkDoms);
if(hkParm) RegCloseKey(hkParm);
}
VOID AFS_Logon_Event( PWLX_NOTIFICATION_INFO pInfo )
{
TCHAR profileDir[1024] = TEXT("");
DWORD len = 1024;
PTOKEN_USER tokenUser = NULL;
DWORD retLen;
WCHAR szUserW[128] = L"";
char szUserA[128] = "";
char szClient[MAX_PATH];
char szPath[MAX_PATH] = "";
NETRESOURCE nr;
DWORD res;
DWORD dwSize;
LogonOptions_t opt;
/* Make sure the AFS Libraries are initialized */
AfsLogonInit();
DebugEvent0("AFS_Logon_Event - Start");
DebugEvent("AFS_Logon_Event Process ID: %d",GetCurrentProcessId());
memset(&opt, 0, sizeof(LogonOptions_t));
if (pInfo->UserName && pInfo->Domain) {
char username[MAX_USERNAME_LENGTH] = "";
char domain[MAX_DOMAIN_LENGTH] = "";
size_t szlen = 0;
DebugEvent0("AFS_Logon_Event - pInfo UserName and Domain");
StringCchLengthW(pInfo->UserName, MAX_USERNAME_LENGTH, &szlen);
WideCharToMultiByte(CP_UTF8, 0, pInfo->UserName, szlen,
username, sizeof(username), NULL, NULL);
StringCchLengthW(pInfo->Domain, MAX_DOMAIN_LENGTH, &szlen);
WideCharToMultiByte(CP_UTF8, 0, pInfo->Domain, szlen,
domain, sizeof(domain), NULL, NULL);
DebugEvent0("AFS_Logon_Event - Calling GetDomainLogonOptions");
GetDomainLogonOptions(NULL, username, domain, &opt);
} else {
if (!pInfo->UserName)
DebugEvent0("AFS_Logon_Event - No pInfo->UserName");
if (!pInfo->Domain)
DebugEvent0("AFS_Logon_Event - No pInfo->Domain");
}
DebugEvent("AFS_Logon_Event - opt.LogonOption = %lX opt.flags = %lX",
opt.LogonOption, opt.flags);
if (!ISLOGONINTEGRATED(opt.LogonOption) || !ISREMOTE(opt.flags)) {
DebugEvent0("AFS_Logon_Event - Logon is not integrated or not remote");
goto done_logon_event;
}
DebugEvent0("AFS_Logon_Event - Calling GetTokenInformation");
if (!GetTokenInformation(pInfo->hToken, TokenUser, NULL, 0, &retLen))
{
if ( GetLastError() == ERROR_INSUFFICIENT_BUFFER ) {
tokenUser = (PTOKEN_USER) LocalAlloc(LPTR, retLen);
if (!GetTokenInformation(pInfo->hToken, TokenUser, tokenUser, retLen, &retLen))
{
DebugEvent("AFS_Logon_Event - GetTokenInformation failed: GLE = %lX", GetLastError());
}
}
}
/* We can't use pInfo->Domain for the domain since in the cross realm case
* this is source domain and not the destination domain.
*/
if (tokenUser && QueryAdHomePathFromSid( profileDir, sizeof(profileDir), tokenUser->User.Sid, pInfo->Domain)) {
WCHAR Domain[64]=L"";
GetLocalShortDomain(Domain, sizeof(Domain));
if (QueryAdHomePathFromSid( profileDir, sizeof(profileDir), tokenUser->User.Sid, Domain)) {
if (NetUserGetProfilePath(pInfo->Domain, pInfo->UserName, profileDir, len))
GetUserProfileDirectory(pInfo->hToken, profileDir, &len);
}
}
if (strlen(profileDir)) {
DebugEvent("AFS_Logon_Event - Profile Directory: %s", profileDir);
} else {
DebugEvent0("AFS_Logon_Event - Unable to load profile");
}
done_logon_event:
dwSize = sizeof(szUserA);
if (!KFW_AFS_get_lsa_principal(szUserA, &dwSize)) {
StringCbPrintfW(szUserW, sizeof(szUserW), L"%s\\%s", pInfo->Domain, pInfo->UserName);
WideCharToMultiByte(CP_ACP, 0, szUserW, -1, szUserA, MAX_PATH, NULL, NULL);
}
if (szUserA[0])
{
lana_GetNetbiosName(szClient, LANA_NETBIOS_NAME_FULL);
StringCbPrintf(szPath, sizeof(szPath), "\\\\%s", szClient);
DebugEvent("AFS_Logon_Event - Logon Name: %s", szUserA);
memset (&nr, 0x00, sizeof(NETRESOURCE));
nr.dwType=RESOURCETYPE_DISK;
nr.lpLocalName=0;
nr.lpRemoteName=szPath;
res = WNetAddConnection2(&nr,NULL,szUserA,0);
if (res)
DebugEvent("AFS_Logon_Event - WNetAddConnection2(%s,%s) failed: 0x%X",
szPath, szUserA,res);
else
DebugEvent0("AFS_Logon_Event - WNetAddConnection2() succeeded");
} else
DebugEvent("AFS_Logon_Event - User name conversion failed: GLE = 0x%X",GetLastError());
if ( tokenUser )
LocalFree(tokenUser);
DebugEvent0("AFS_Logon_Event - End");
}
VOID AFS_Logoff_Event( PWLX_NOTIFICATION_INFO pInfo )
{
DWORD code;
TCHAR profileDir[1024] = TEXT("");
DWORD len = 1024;
PTOKEN_USER tokenUser = NULL;
DWORD retLen;
DWORD LSPtype, LSPsize;
HKEY NPKey;
DWORD LogoffPreserveTokens = 0;
LogonOptions_t opt;
/* Make sure the AFS Libraries are initialized */
AfsLogonInit();
DebugEvent0("AFS_Logoff_Event - Start");
(void) RegOpenKeyEx(HKEY_LOCAL_MACHINE, AFSREG_CLT_SVC_PARAM_SUBKEY,
0, KEY_QUERY_VALUE, &NPKey);
LSPsize=sizeof(LogoffPreserveTokens);
RegQueryValueEx(NPKey, REG_CLIENT_LOGOFF_TOKENS_PARM, NULL,
&LSPtype, (LPBYTE)&LogoffPreserveTokens, &LSPsize);
RegCloseKey (NPKey);
if (!LogoffPreserveTokens) {
memset(&opt, 0, sizeof(LogonOptions_t));
if (pInfo->UserName && pInfo->Domain) {
char username[MAX_USERNAME_LENGTH] = "";
char domain[MAX_DOMAIN_LENGTH] = "";
size_t szlen = 0;
StringCchLengthW(pInfo->UserName, MAX_USERNAME_LENGTH, &szlen);
WideCharToMultiByte(CP_UTF8, 0, pInfo->UserName, szlen,
username, sizeof(username), NULL, NULL);
StringCchLengthW(pInfo->Domain, MAX_DOMAIN_LENGTH, &szlen);
WideCharToMultiByte(CP_UTF8, 0, pInfo->Domain, szlen,
domain, sizeof(domain), NULL, NULL);
GetDomainLogonOptions(NULL, username, domain, &opt);
}
if (ISREMOTE(opt.flags)) {
if (!GetTokenInformation(pInfo->hToken, TokenUser, NULL, 0, &retLen))
{
if ( GetLastError() == ERROR_INSUFFICIENT_BUFFER ) {
tokenUser = (PTOKEN_USER) LocalAlloc(LPTR, retLen);
if (!GetTokenInformation(pInfo->hToken, TokenUser, tokenUser, retLen, &retLen))
{
DebugEvent("AFS_Logoff_Event - GetTokenInformation failed: GLE = %lX", GetLastError());
}
}
}
/* We can't use pInfo->Domain for the domain since in the cross realm case
* this is source domain and not the destination domain.
*/
if (tokenUser && QueryAdHomePathFromSid( profileDir, sizeof(profileDir), tokenUser->User.Sid, pInfo->Domain)) {
WCHAR Domain[64]=L"";
GetLocalShortDomain(Domain, sizeof(Domain));
if (QueryAdHomePathFromSid( profileDir, sizeof(profileDir), tokenUser->User.Sid, Domain)) {
if (NetUserGetProfilePath(pInfo->Domain, pInfo->UserName, profileDir, len))
GetUserProfileDirectory(pInfo->hToken, profileDir, &len);
}
}
if (strlen(profileDir)) {
DebugEvent("AFS_Logoff_Event - Profile Directory: %s", profileDir);
if (!IsPathInAfs(profileDir)) {
if (code = ktc_ForgetAllTokens())
DebugEvent("AFS_Logoff_Event - ForgetAllTokens failed [%lX]",code);
else
DebugEvent0("AFS_Logoff_Event - ForgetAllTokens succeeded");
} else {
DebugEvent0("AFS_Logoff_Event - Tokens left in place; profile in AFS");
}
} else {
DebugEvent0("AFS_Logoff_Event - Unable to load profile");
}
if ( tokenUser )
LocalFree(tokenUser);
} else {
DebugEvent0("AFS_Logoff_Event - Local Logon");
if (code = ktc_ForgetAllTokens())
DebugEvent("AFS_Logoff_Event - ForgetAllTokens failed [%lX]",code);
else
DebugEvent0("AFS_Logoff_Event - ForgetAllTokens succeeded");
}
} else {
DebugEvent0("AFS_Logoff_Event - Preserving Tokens");
}
DebugEvent0("AFS_Logoff_Event - End");
}
