jimzah/openafs
1
0
Fork 0
mirror of https://git.openafs.org/openafs.git synced 2025-02-01 05:57:43 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

afslogon-20040318

Browse Source 
Fix memory deallocation errors (never call free() on memory allocated
by GlobalAlloc() or LocalAlloc())

Modify event logging to be consistent between High and Low Security

Only generate a random user name when using High Security.  Use the normal
user name when running with Low security.
This commit is contained in:
Jeffrey Altman 2004-03-19 03:52:07 +00:00 committed by Jeffrey Altman
parent e8fc0557d3
commit 48913f747f
1 changed files with 110 additions and 99 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

191
src/WINNT/afsd/afslogon.c
View File

@ -138,7 +138,7 @@ WCHAR *GetLogonScript(CHAR *pname)
return NULL; return NULL;
} }
buf=(WCHAR *)LocalAlloc(LMEM_FIXED, LSPsize); buf=(WCHAR *)LocalAlloc(LMEM_FIXED,LSPsize);
script=(WCHAR *)LocalAlloc(LMEM_FIXED,LSPsize+(MAXRANDOMNAMELEN)*sizeof(WCHAR)); script=(WCHAR *)LocalAlloc(LMEM_FIXED,LSPsize+(MAXRANDOMNAMELEN)*sizeof(WCHAR));
/* /*
* Explicitly call UNICODE version * Explicitly call UNICODE version
@ -148,10 +148,10 @@ WCHAR *GetLogonScript(CHAR *pname)
&LSPtype, (LPBYTE)buf, &LSPsize); &LSPtype, (LPBYTE)buf, &LSPsize);
MultiByteToWideChar(CP_ACP,0,pname,strlen(pname)+1,randomName,(strlen(pname)+1)*sizeof(WCHAR)); MultiByteToWideChar(CP_ACP,0,pname,strlen(pname)+1,randomName,(strlen(pname)+1)*sizeof(WCHAR));
swprintf(script,buf,randomName); swprintf(script,buf,randomName);
free(buf); LocalFree(buf);
#ifdef DEBUG_VERBOSE #ifdef DEBUG_VERBOSE
{ {
HANDLE h; char *ptbuf[1],buf[132],tbuf[255]; HANDLE h; char *ptbuf[1],buf[132],tbuf[255];
WideCharToMultiByte(CP_ACP,0,script,LSPsize,tbuf,255,NULL,NULL); WideCharToMultiByte(CP_ACP,0,script,LSPsize,tbuf,255,NULL,NULL);
h = RegisterEventSource(NULL, AFS_DAEMON_EVENT_NAME); h = RegisterEventSource(NULL, AFS_DAEMON_EVENT_NAME);
@ -159,7 +159,7 @@ WCHAR *GetLogonScript(CHAR *pname)
ptbuf[0] = buf; ptbuf[0] = buf;
ReportEvent(h, EVENTLOG_INFORMATION_TYPE, 0, 0, NULL, 1, 0, ptbuf, NULL); ReportEvent(h, EVENTLOG_INFORMATION_TYPE, 0, 0, NULL, 1, 0, ptbuf, NULL);
DeregisterEventSource(h); DeregisterEventSource(h);
} }
#endif #endif
RegCloseKey (NPKey); RegCloseKey (NPKey);
@ -193,7 +193,7 @@ BOOLEAN AFSWillAutoStart(void)
goto close_svc; goto close_svc;
/* Allocate buffer */ /* Allocate buffer */
pConfig = (LPQUERY_SERVICE_CONFIG)GlobalAlloc(GMEM_FIXED, BufSize); pConfig = (LPQUERY_SERVICE_CONFIG)GlobalAlloc(GMEM_FIXED,BufSize);
if (!pConfig) if (!pConfig)
goto close_svc; goto close_svc;
@ -263,51 +263,51 @@ DWORD APIENTRY NPGetCaps(DWORD index)
static void GetLoginBehavior(int *pRetryInterval, BOOLEAN *pFailSilently) static void GetLoginBehavior(int *pRetryInterval, BOOLEAN *pFailSilently)
{ {
long result; long result;
HKEY hKey; HKEY hKey;
DWORD dummyLen; DWORD dummyLen;
result = RegOpenKeyEx(HKEY_LOCAL_MACHINE, REG_CLIENT_PARMS_KEY, 0, KEY_QUERY_VALUE, &hKey); result = RegOpenKeyEx(HKEY_LOCAL_MACHINE, REG_CLIENT_PARMS_KEY, 0, KEY_QUERY_VALUE, &hKey);
if (result != ERROR_SUCCESS) { if (result != ERROR_SUCCESS) {
*pRetryInterval = DEFAULT_RETRY_INTERVAL; *pRetryInterval = DEFAULT_RETRY_INTERVAL;
*pFailSilently = DEFAULT_FAIL_SILENTLY; *pFailSilently = DEFAULT_FAIL_SILENTLY;
return; return;
} }
result = RegQueryValueEx(hKey, REG_CLIENT_RETRY_INTERVAL_PARM, 0, 0, (BYTE *)pRetryInterval, &dummyLen); result = RegQueryValueEx(hKey, REG_CLIENT_RETRY_INTERVAL_PARM, 0, 0, (BYTE *)pRetryInterval, &dummyLen);
if (result != ERROR_SUCCESS) if (result != ERROR_SUCCESS)
*pRetryInterval = DEFAULT_RETRY_INTERVAL; *pRetryInterval = DEFAULT_RETRY_INTERVAL;
result = RegQueryValueEx(hKey, REG_CLIENT_FAIL_SILENTLY_PARM, 0, 0, (BYTE *)pFailSilently, &dummyLen); result = RegQueryValueEx(hKey, REG_CLIENT_FAIL_SILENTLY_PARM, 0, 0, (BYTE *)pFailSilently, &dummyLen);
if (result != ERROR_SUCCESS) if (result != ERROR_SUCCESS)
*pFailSilently = DEFAULT_FAIL_SILENTLY; *pFailSilently = DEFAULT_FAIL_SILENTLY;
/* Make sure this is really a bool value in the strict sense*/ /* Make sure this is really a bool value in the strict sense*/
*pFailSilently = !!*pFailSilently; *pFailSilently = !!*pFailSilently;
RegCloseKey(hKey); RegCloseKey(hKey);
} }
BOOL IsServiceRunning (void) BOOL IsServiceRunning (void)
{ {
SERVICE_STATUS Status; SERVICE_STATUS Status;
SC_HANDLE hManager; SC_HANDLE hManager;
memset (&Status, 0x00, sizeof(Status)); memset (&Status, 0x00, sizeof(Status));
Status.dwCurrentState = SERVICE_STOPPED; Status.dwCurrentState = SERVICE_STOPPED;
if ((hManager = OpenSCManager (NULL, NULL, GENERIC_READ)) != NULL) if ((hManager = OpenSCManager (NULL, NULL, GENERIC_READ)) != NULL)
{ {
SC_HANDLE hService; SC_HANDLE hService;
if ((hService = OpenService (hManager, TEXT("TransarcAFSDaemon"), GENERIC_READ)) != NULL) if ((hService = OpenService (hManager, TEXT("TransarcAFSDaemon"), GENERIC_READ)) != NULL)
{ {
QueryServiceStatus (hService, &Status); QueryServiceStatus (hService, &Status);
CloseServiceHandle (hService); CloseServiceHandle (hService);
} }
CloseServiceHandle (hManager); CloseServiceHandle (hManager);
} }
DebugEvent("AFS AfsLogon - Test Service Running","Return Code[%x] ?Running[%d]",Status.dwCurrentState,(Status.dwCurrentState == SERVICE_RUNNING)); DebugEvent("AFS AfsLogon - Test Service Running","Return Code[%x] ?Running[%d]",Status.dwCurrentState,(Status.dwCurrentState == SERVICE_RUNNING));
return (Status.dwCurrentState == SERVICE_RUNNING); return (Status.dwCurrentState == SERVICE_RUNNING);
} }
DWORD APIENTRY NPLogonNotify( DWORD APIENTRY NPLogonNotify(
@ -350,31 +350,32 @@ DWORD APIENTRY NPLogonNotify(
wcstombs(password, IL->Password.Buffer, 256); wcstombs(password, IL->Password.Buffer, 256);
/* Make sure AD-DOMANS sent from login that is sent to us is striped */ /* Make sure AD-DOMANS sent from login that is sent to us is striped */
ctemp = strchr(uname, '@'); ctemp = strchr(uname, '@');
if (ctemp) *ctemp = 0; if (ctemp) *ctemp = 0;
(void) RegOpenKeyEx(HKEY_LOCAL_MACHINE, REG_CLIENT_PARMS_KEY, (void) RegOpenKeyEx(HKEY_LOCAL_MACHINE, REG_CLIENT_PARMS_KEY,
0, KEY_QUERY_VALUE, &NPKey); 0, KEY_QUERY_VALUE, &NPKey);
LSPsize=sizeof(TraceOption); LSPsize=sizeof(TraceOption);
RegQueryValueEx(NPKey, "TraceOption", NULL, RegQueryValueEx(NPKey, "TraceOption", NULL,
&LSPtype, (LPBYTE)&TraceOption, &LSPsize); &LSPtype, (LPBYTE)&TraceOption, &LSPsize);
RegCloseKey (NPKey); RegCloseKey (NPKey);
/* /*
* Get Logon OPTIONS * Get Logon OPTIONS
*/ */
(void) RegOpenKeyEx(HKEY_LOCAL_MACHINE, REG_CLIENT_PROVIDER_KEY, (void) RegOpenKeyEx(HKEY_LOCAL_MACHINE, REG_CLIENT_PROVIDER_KEY,
0, KEY_QUERY_VALUE, &NPKey); 0, KEY_QUERY_VALUE, &NPKey);
LSPsize=sizeof(LogonOption); LSPsize=sizeof(LogonOption);
code = RegQueryValueEx(NPKey, "LogonOptions", NULL, code = RegQueryValueEx(NPKey, "LogonOptions", NULL,
&LSPtype, (LPBYTE)&LogonOption, &LSPsize); &LSPtype, (LPBYTE)&LogonOption, &LSPsize);
RegCloseKey (NPKey); RegCloseKey (NPKey);
if ((code!=0) || (LSPtype!=REG_DWORD)) if ((code!=0) || (LSPtype!=REG_DWORD))
LogonOption=LOGON_OPTION_INTEGRATED; /*default to integrated logon only*/ LogonOption=LOGON_OPTION_INTEGRATED; /*default to integrated logon only*/
DebugEvent("AFS AfsLogon - NPLogonNotify","LogonOption[%x], Service AutoStart[%d]",LogonOption,AFSWillAutoStart()); DebugEvent("AFS AfsLogon - NPLogonNotify","LogonOption[%x], Service AutoStart[%d]",
LogonOption,AFSWillAutoStart());
/* Check for zero length password if integrated logon*/ /* Check for zero length password if integrated logon*/
if ( ISLOGONINTEGRATED(LogonOption) && (password[0] == 0) ) { if ( ISLOGONINTEGRATED(LogonOption) && (password[0] == 0) ) {
code = GT_PW_NULL; code = GT_PW_NULL;
@ -398,61 +399,71 @@ DWORD APIENTRY NPLogonNotify(
afsWillAutoStart = AFSWillAutoStart(); afsWillAutoStart = AFSWillAutoStart();
*lpLogonScript = GetLogonScript(GenRandomName(RandomName)); /*only do if high security option is on*/ /*only do if high security option is on*/
if (ISHIGHSECURITY(LogonOption))
*lpLogonScript = GetLogonScript(GenRandomName(RandomName));
else
*lpLogonScript = GetLogonScript(uname);
/* loop until AFS is started. */ /* loop until AFS is started. */
while (TRUE) { while (TRUE) {
code=0; code=0;
/* is service started yet?*/ /* is service started yet?*/
if (ISLOGONINTEGRATED(LogonOption) && !ISHIGHSECURITY(LogonOption)) /* if Integrated Logon only */
DebugEvent("AFS AfsLogon - ka_UserAuthenticateGeneral2","Code[%x] uname[%s] Cell[%s]",
code,uname,cell);
/* if Integrated Logon only */
if (ISLOGONINTEGRATED(LogonOption) && !ISHIGHSECURITY(LogonOption))
{ {
DebugEvent("AFS AfsLogon - ka_UserAuthenticateGeneral2","Code[%x],uame[%s] Cell[%s]",code,uname,cell); code = ka_UserAuthenticateGeneral2(KA_USERAUTH_VERSION+KA_USERAUTH_AUTHENT_LOGON,
code = ka_UserAuthenticateGeneral2( uname, "", cell, password,uname, 0, &pw_exp, 0,
KA_USERAUTH_VERSION+KA_USERAUTH_AUTHENT_LOGON, &reason);
uname, "", cell, password,uname, 0, &pw_exp, 0, DebugEvent("AFS AfsLogon - (INTEGRATED only)ka_UserAuthenticateGeneral2","Code[%x]",
&reason); code);
DebugEvent("AFS AfsLogon - (INTEGERTED only)ka_UserAuthenticateGeneral2","Code[%x]",code); }
} else if (ISLOGONINTEGRATED(LogonOption) && ISHIGHSECURITY(LogonOption)) /* if Integrated Logon and High Security pass random generated name*/ /* if Integrated Logon and High Security pass random generated name*/
else if (ISLOGONINTEGRATED(LogonOption) && ISHIGHSECURITY(LogonOption))
{ {
code = ka_UserAuthenticateGeneral2( code = ka_UserAuthenticateGeneral2(KA_USERAUTH_VERSION+KA_USERAUTH_AUTHENT_LOGON,
KA_USERAUTH_VERSION+KA_USERAUTH_AUTHENT_LOGON, uname, "", cell, password,RandomName, 0, &pw_exp, 0,
uname, "", cell, password,RandomName, 0, &pw_exp, 0, &reason);
&reason); DebugEvent("AFS AfsLogon - (Both)ka_UserAuthenticateGeneral2","Code[%x] RandomName[%s]",
DebugEvent("AFS AfsLogon - (Both)ka_UserAuthenticateGeneral2","Code[%x],RandomName[%s]",code,RandomName); code, RandomName);
} else { /*JUST check to see if its running*/ } else {
/*JUST check to see if its running*/
if (IsServiceRunning()) if (IsServiceRunning())
break; break;
code = KTC_NOCM; code = KTC_NOCM;
if (!afsWillAutoStart) if (!afsWillAutoStart)
break; break;
} }
/* If we've failed because the client isn't running yet and the /* If we've failed because the client isn't running yet and the
* client is set to autostart (and therefore it makes sense for * client is set to autostart (and therefore it makes sense for
* us to wait for it to start) then sleep a while and try again. * us to wait for it to start) then sleep a while and try again.
* If the error was something else, then give up. */ * If the error was something else, then give up. */
if (code != KTC_NOCM && code != KTC_NOCMRPC || !afsWillAutoStart) if (code != KTC_NOCM && code != KTC_NOCMRPC || !afsWillAutoStart)
break; break;
/* If the retry interval has expired and we still aren't /* If the retry interval has expired and we still aren't
* logged in, then just give up if we are not in interactive * logged in, then just give up if we are not in interactive
* mode or the failSilently flag is set, otherwise let the * mode or the failSilently flag is set, otherwise let the
* user know we failed and give them a chance to try again. */ * user know we failed and give them a chance to try again. */
if (retryInterval <= 0) { if (retryInterval <= 0) {
reason = "AFS not running"; reason = "AFS not running";
if (!interactive || failSilently) if (!interactive || failSilently)
break; break;
flag = MessageBox(hwndOwner, flag = MessageBox(hwndOwner,
"AFS is still starting. Retry?", "AFS is still starting. Retry?",
"AFS Logon", "AFS Logon",
MB_ICONQUESTION | MB_RETRYCANCEL); MB_ICONQUESTION | MB_RETRYCANCEL);
if (flag == IDCANCEL) if (flag == IDCANCEL)
break; break;
/* Wait just a little while and try again */ /* Wait just a little while and try again */
retryInterval = sleepInterval = DEFAULT_SLEEP_INTERVAL; retryInterval = sleepInterval = DEFAULT_SLEEP_INTERVAL;
} }
if (retryInterval < sleepInterval) if (retryInterval < sleepInterval)
@ -461,24 +472,24 @@ DWORD APIENTRY NPLogonNotify(
Sleep(sleepInterval * 1000); Sleep(sleepInterval * 1000);
retryInterval -= sleepInterval; retryInterval -= sleepInterval;
} }
if (code) { if (code) {
char msg[128]; char msg[128];
sprintf(msg, "Integrated login failed: %s", reason); sprintf(msg, "Integrated login failed: %s", reason);
if (interactive && !failSilently) if (interactive && !failSilently)
MessageBox(hwndOwner, msg, "AFS Logon", MB_OK); MessageBox(hwndOwner, msg, "AFS Logon", MB_OK);
else { else {
HANDLE h; HANDLE h;
char *ptbuf[1]; char *ptbuf[1];
h = RegisterEventSource(NULL, AFS_DAEMON_EVENT_NAME); h = RegisterEventSource(NULL, AFS_DAEMON_EVENT_NAME);
ptbuf[0] = msg; ptbuf[0] = msg;
ReportEvent(h, EVENTLOG_WARNING_TYPE, 0, 1008, NULL, ReportEvent(h, EVENTLOG_WARNING_TYPE, 0, 1008, NULL,
1, 0, ptbuf, NULL); 1, 0, ptbuf, NULL);
DeregisterEventSource(h); DeregisterEventSource(h);
} }
code = MapAuthError(code); code = MapAuthError(code);
SetLastError(code); SetLastError(code);
if (ISHIGHSECURITY(LogonOption) && (code!=0)) if (ISHIGHSECURITY(LogonOption) && (code!=0))