jimzah/openafs
1
0
Fork 0
mirror of https://git.openafs.org/openafs.git synced 2025-02-01 05:57:43 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

winxp-sp2-pioctl-20040805

Browse Source 
On Windows XP SP2, when a Kerberos principal is used for login and the
KDC is not reachable, Windows will return a DOWNGRADE_DETECTED error
when attempting to open the ioctl file.  This is because NTLM will not
be permitted when there is the potential of an attack.  There is a hack
to get around this.  Manually create a CIFS connection to the AFS client
service while specifying the current user's name.  This will use the cached
password and allow the downgrade to NTLM.
This commit is contained in:
Jeffrey Altman 2004-08-05 17:28:10 +00:00 committed by Jeffrey Altman
parent 0ce0ec8586
commit 1adc134670
1 changed files with 38 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

39
src/sys/pioctl_nt.c
View File

@ -164,10 +164,45 @@ GetIoctlHandle(char *fileNamep, HANDLE * handlep)
FILE_FLAG_WRITE_THROUGH, NULL); FILE_FLAG_WRITE_THROUGH, NULL);
fflush(stdout); fflush(stdout);
if (fh == INVALID_HANDLE_VALUE) { if (fh == INVALID_HANDLE_VALUE) {
if (GetLastError() == ERROR_DOWNGRADE_DETECTED) HKEY hk;
fprintf(stderr, "Unable to open \"%s\": Authentication Downgrade Detected\n", tbuffer); char szUser[64] = "";
char szClient[MAX_PATH] = "";
char szPath[MAX_PATH] = "";
NETRESOURCE nr;
DWORD res;
if (GetLastError() != ERROR_DOWNGRADE_DETECTED)
return -1;
lana_GetNetbiosName(szClient, LANA_NETBIOS_NAME_FULL);
sprintf(szPath, "\\\\%s", szClient);
/* We should probably be using GetUserNameEx() for this */
if (RegOpenKey (HKEY_CURRENT_USER,
TEXT("Software\\Microsoft\\Windows\\CurrentVersion\\Explorer"), &hk) == 0)
{
DWORD dwSize = sizeof(szUser);
DWORD dwType = REG_SZ;
RegQueryValueEx (hk, TEXT("Logon User Name"), NULL, &dwType, (PBYTE)szUser, &dwSize);
RegCloseKey (hk);
}
memset (&nr, 0x00, sizeof(NETRESOURCE));
nr.dwType=RESOURCETYPE_DISK;
nr.lpLocalName=0;
nr.lpRemoteName=szPath;
res = WNetAddConnection2(&nr,NULL,szUser,0);
if (res)
return -1;
fh = CreateFile(tbuffer, GENERIC_READ | GENERIC_WRITE,
FILE_SHARE_READ | FILE_SHARE_WRITE, NULL, OPEN_EXISTING,
FILE_FLAG_WRITE_THROUGH, NULL);
fflush(stdout);
if (fh == INVALID_HANDLE_VALUE)
return -1; return -1;
} }
/* return fh and success code */ /* return fh and success code */
*handlep = fh; *handlep = fh;
return 0; return 0;