From: Jeffrey Altman Date: Wed, 26 Jul 2006 13:54:36 +0000 (+0000) Subject: STABLE14-windows-integrated-logon-20060726 X-Git-Tag: openafs-stable-1_4_2b3~33 X-Git-Url: https://git.michaelhowe.org/gitweb/?a=commitdiff_plain;h=41da99898e2e7663e3a9b77ff5582bffadb8a69e;p=packages%2Fo%2Fopenafs.git STABLE14-windows-integrated-logon-20060726 delta windows-integrated-logon-20060724 would cause Windows 2000 systems to blue screen with an exception in winlogon.exe. (cherry picked from commit 3167f707fdf582c8ca851a353ca0c82b92ccc947) --- diff --git a/src/WINNT/afsd/afskfw.c b/src/WINNT/afsd/afskfw.c index a7a8038ad..7123c4512 100644 --- a/src/WINNT/afsd/afskfw.c +++ b/src/WINNT/afsd/afskfw.c @@ -3499,15 +3499,23 @@ KFW_AFS_set_file_cache_dacl(char *filename, HANDLE hUserToken) { // SID_IDENTIFIER_AUTHORITY authority = SECURITY_NT_SID_AUTHORITY; PSID pSystemSID = NULL; - DWORD SystemSIDlength, UserSIDlength; + DWORD SystemSIDlength = 0, UserSIDlength = 0; PACL ccacheACL = NULL; - DWORD ccacheACLlength; + DWORD ccacheACLlength = 0; PTOKEN_USER pTokenUser = NULL; DWORD retLen; + DWORD gle; int ret = 0; + if (!filename) { + return 1; + } + /* Get System SID */ - ConvertStringSidToSid(SDDL_LOCAL_SYSTEM, &pSystemSID); + if (!ConvertStringSidToSid("S-1-5-18", &pSystemSID)) { + ret = 1; + goto cleanup; + } /* Create ACL */ SystemSIDlength = GetLengthSid(pSystemSID); @@ -3532,7 +3540,11 @@ KFW_AFS_set_file_cache_dacl(char *filename, HANDLE hUserToken) } } - ccacheACL = GlobalAlloc(GMEM_FIXED, ccacheACLlength); + ccacheACL = (PACL) LocalAlloc(LPTR, ccacheACLlength); + if (!ccacheACL) { + ret = 1; + goto cleanup; + } InitializeAcl(ccacheACL, ccacheACLlength, ACL_REVISION); AddAccessAllowedAceEx(ccacheACL, ACL_REVISION, 0, STANDARD_RIGHTS_ALL | SPECIFIC_RIGHTS_ALL, @@ -3547,7 +3559,9 @@ KFW_AFS_set_file_cache_dacl(char *filename, HANDLE hUserToken) NULL, ccacheACL, NULL)) { - ret = 1; + gle = GetLastError(); + if (gle != ERROR_NO_TOKEN) + ret = 1; } if (!SetNamedSecurityInfo( filename, SE_FILE_OBJECT, OWNER_SECURITY_INFORMATION, @@ -3555,7 +3569,9 @@ KFW_AFS_set_file_cache_dacl(char *filename, HANDLE hUserToken) NULL, NULL, NULL)) { - ret = 1; + gle = GetLastError(); + if (gle != ERROR_NO_TOKEN) + ret = 1; } } else { if (!SetNamedSecurityInfo( filename, SE_FILE_OBJECT, @@ -3564,16 +3580,19 @@ KFW_AFS_set_file_cache_dacl(char *filename, HANDLE hUserToken) NULL, ccacheACL, NULL)) { - ret = 1; + gle = GetLastError(); + if (gle != ERROR_NO_TOKEN) + ret = 1; } } + cleanup: if (pSystemSID) LocalFree(pSystemSID); if (pTokenUser) LocalFree(pTokenUser); if (ccacheACL) - GlobalFree(ccacheACL); + LocalFree(ccacheACL); return ret; } @@ -3582,28 +3601,36 @@ KFW_AFS_obtain_user_temp_directory(HANDLE hUserToken, char *newfilename, int siz { int retval = 0; DWORD dwSize = size-1; /* leave room for nul */ - - *newfilename = '\0'; - - if ( !ExpandEnvironmentStringsForUser(hUserToken, "%TEMP%", newfilename, size) && - !ExpandEnvironmentStringsForUser(hUserToken, "%TMP%", newfilename, size)) - return 1; + DWORD dwLen = 0; + + if (!hUserToken || !newfilename || size <= 0) + return; + + *newfilename = '\0'; + + dwLen = ExpandEnvironmentStringsForUser(hUserToken, "%TEMP%", newfilename, dwSize); + if ( !dwLen || dwLen > dwSize ) + dwLen = ExpandEnvironmentStringsForUser(hUserToken, "%TMP%", newfilename, dwSize); + if ( !dwLen || dwLen > dwSize ) + return 1; + + newfilename[dwSize] = '\0'; return 0; } void KFW_AFS_copy_cache_to_system_file(char * user, char * szLogonId) { - char filename[256]; + char filename[MAX_PATH] = ""; DWORD count; - char cachename[264] = "FILE:"; + char cachename[MAX_PATH + 8] = "FILE:"; krb5_context ctx = 0; krb5_error_code code; krb5_principal princ = 0; krb5_ccache cc = 0; krb5_ccache ncc = 0; - if (!pkrb5_init_context) + if (!pkrb5_init_context || !user || !szLogonId) return; count = GetEnvironmentVariable("TEMP", filename, sizeof(filename)); @@ -3636,7 +3663,8 @@ KFW_AFS_copy_cache_to_system_file(char * user, char * szLogonId) code = pkrb5_cc_initialize(ctx, ncc, princ); if (code) goto cleanup; - KFW_AFS_set_file_cache_dacl(filename, NULL); + code = KFW_AFS_set_file_cache_dacl(filename, NULL); + if (code) goto cleanup; code = pkrb5_cc_copy_creds(ctx,cc,ncc); @@ -3661,8 +3689,7 @@ KFW_AFS_copy_cache_to_system_file(char * user, char * szLogonId) int KFW_AFS_copy_file_cache_to_default_cache(char * filename) { - DWORD count; - char cachename[264] = "FILE:"; + char cachename[MAX_PATH * 8] = "FILE:"; HANDLE hFile; krb5_context ctx = 0; krb5_error_code code; @@ -3671,10 +3698,10 @@ KFW_AFS_copy_file_cache_to_default_cache(char * filename) krb5_ccache ncc = 0; int retval = 1; - if (!pkrb5_init_context) + if (!pkrb5_init_context || !filename) return 1; - if ( strlen(filename) + 6 > sizeof(cachename) ) + if ( strlen(filename) + sizeof("FILE:") > sizeof(cachename) ) return 1; strcat(cachename, filename); diff --git a/src/WINNT/afsd/afslogon.c b/src/WINNT/afsd/afslogon.c index d03dc73ce..e2b989559 100644 --- a/src/WINNT/afsd/afslogon.c +++ b/src/WINNT/afsd/afslogon.c @@ -670,8 +670,8 @@ UnicodeStringToANSI(UNICODE_STRING uInputString, LPSTR lpszOutputString, int nOu lpszOutputString[min(uInputString.Length/2,nOutStringLen-1)] = '\0'; return TRUE; } - else - lpszOutputString[0] = '\0'; + + lpszOutputString[0] = '\0'; return FALSE; } // UnicodeStringToANSI @@ -750,9 +750,10 @@ DWORD APIENTRY NPLogonNotify( /* Convert from Unicode to ANSI */ /*TODO: Use SecureZeroMemory to erase passwords */ - UnicodeStringToANSI(IL->UserName, uname, MAX_USERNAME_LENGTH); - UnicodeStringToANSI(IL->Password, password, MAX_PASSWORD_LENGTH); - UnicodeStringToANSI(IL->LogonDomainName, logonDomain, MAX_DOMAIN_LENGTH); + if (!UnicodeStringToANSI(IL->UserName, uname, MAX_USERNAME_LENGTH) || + !UnicodeStringToANSI(IL->Password, password, MAX_PASSWORD_LENGTH) || + !UnicodeStringToANSI(IL->LogonDomainName, logonDomain, MAX_DOMAIN_LENGTH)) + return 0; /* Make sure AD-DOMANS sent from login that is sent to us is striped */ ctemp = strchr(uname, '@'); @@ -1296,11 +1297,12 @@ VOID KFW_Logon_Event( PWLX_NOTIFICATION_INFO pInfo ) char szPath[MAX_PATH] = ""; char szLogonId[128] = ""; DWORD count; - char filename[MAX_PATH]; - char newfilename[MAX_PATH]; - char commandline[MAX_PATH+256]; + char filename[MAX_PATH] = ""; + char newfilename[MAX_PATH] = ""; + char commandline[MAX_PATH+256] = ""; STARTUPINFO startupinfo; PROCESS_INFORMATION procinfo; + HANDLE hf = INVALID_HANDLE_VALUE; LUID LogonId = {0, 0}; PSECURITY_LOGON_SESSION_DATA pLogonSessionData = NULL; @@ -1343,9 +1345,24 @@ VOID KFW_Logon_Event( PWLX_NOTIFICATION_INFO pInfo ) strcat(filename, "\\"); strcat(filename, szLogonId); - KFW_AFS_set_file_cache_dacl(filename, pInfo->hToken); - - KFW_AFS_obtain_user_temp_directory(pInfo->hToken, newfilename, sizeof(newfilename)); + hf = CreateFile(filename, FILE_ALL_ACCESS, 0, NULL, OPEN_EXISTING, + FILE_ATTRIBUTE_NORMAL, NULL); + if (hf == INVALID_HANDLE_VALUE) { + DebugEvent0("KFW_Logon_Event - file cannot be opened"); + return; + } + CloseHandle(hf); + + if (KFW_AFS_set_file_cache_dacl(filename, pInfo->hToken)) { + DebugEvent0("KFW_Logon_Event - unable to set dacl"); + DeleteFile(filename); + return; + } + + if (KFW_AFS_obtain_user_temp_directory(pInfo->hToken, newfilename, sizeof(newfilename))) { + DebugEvent0("KFW_Logon_Event - unable to obtain temp directory"); + return; + } if ( strlen(newfilename) + strlen(szLogonId) + 2 > sizeof(newfilename) ) { DebugEvent0("KFW_Logon_Event - new filename too long");