From 04379cf3498c6ab9786e2fd95030c9d590fbbf4d Mon Sep 17 00:00:00 2001 From: Jeffrey Altman Date: Wed, 26 Jul 2006 13:51:21 +0000 Subject: [PATCH] DEVEL15-windows-integrated-logon-20060726 delta windows-integrated-logon-20060724 would cause Windows 2000 systems to blue screen with an exception in winlogon.exe. (cherry picked from commit 3167f707fdf582c8ca851a353ca0c82b92ccc947) --- src/WINNT/afsd/afskfw.c | 70 +++++++++++++++++++++++++++------------ src/WINNT/afsd/afslogon.c | 39 ++++++++++++++++------ 2 files changed, 77 insertions(+), 32 deletions(-) diff --git a/src/WINNT/afsd/afskfw.c b/src/WINNT/afsd/afskfw.c index c1f55ee36..465708e31 100644 --- a/src/WINNT/afsd/afskfw.c +++ b/src/WINNT/afsd/afskfw.c @@ -3500,15 +3500,23 @@ KFW_AFS_set_file_cache_dacl(char *filename, HANDLE hUserToken) { // SID_IDENTIFIER_AUTHORITY authority = SECURITY_NT_SID_AUTHORITY; PSID pSystemSID = NULL; - DWORD SystemSIDlength, UserSIDlength; + DWORD SystemSIDlength = 0, UserSIDlength = 0; PACL ccacheACL = NULL; - DWORD ccacheACLlength; + DWORD ccacheACLlength = 0; PTOKEN_USER pTokenUser = NULL; DWORD retLen; + DWORD gle; int ret = 0; + if (!filename) { + return 1; + } + /* Get System SID */ - ConvertStringSidToSid(SDDL_LOCAL_SYSTEM, &pSystemSID); + if (!ConvertStringSidToSid("S-1-5-18", &pSystemSID)) { + ret = 1; + goto cleanup; + } /* Create ACL */ SystemSIDlength = GetLengthSid(pSystemSID); @@ -3533,7 +3541,11 @@ KFW_AFS_set_file_cache_dacl(char *filename, HANDLE hUserToken) } } - ccacheACL = GlobalAlloc(GMEM_FIXED, ccacheACLlength); + ccacheACL = (PACL) LocalAlloc(LPTR, ccacheACLlength); + if (!ccacheACL) { + ret = 1; + goto cleanup; + } InitializeAcl(ccacheACL, ccacheACLlength, ACL_REVISION); AddAccessAllowedAceEx(ccacheACL, ACL_REVISION, 0, STANDARD_RIGHTS_ALL | SPECIFIC_RIGHTS_ALL, @@ -3548,7 +3560,9 @@ KFW_AFS_set_file_cache_dacl(char *filename, HANDLE hUserToken) NULL, ccacheACL, NULL)) { - ret = 1; + gle = GetLastError(); + if (gle != ERROR_NO_TOKEN) + ret = 1; } if (!SetNamedSecurityInfo( filename, SE_FILE_OBJECT, OWNER_SECURITY_INFORMATION, @@ -3556,7 +3570,9 @@ KFW_AFS_set_file_cache_dacl(char *filename, HANDLE hUserToken) NULL, NULL, NULL)) { - ret = 1; + gle = GetLastError(); + if (gle != ERROR_NO_TOKEN) + ret = 1; } } else { if (!SetNamedSecurityInfo( filename, SE_FILE_OBJECT, @@ -3565,16 +3581,19 @@ KFW_AFS_set_file_cache_dacl(char *filename, HANDLE hUserToken) NULL, ccacheACL, NULL)) { - ret = 1; + gle = GetLastError(); + if (gle != ERROR_NO_TOKEN) + ret = 1; } } + cleanup: if (pSystemSID) LocalFree(pSystemSID); if (pTokenUser) LocalFree(pTokenUser); if (ccacheACL) - GlobalFree(ccacheACL); + LocalFree(ccacheACL); return ret; } @@ -3583,28 +3602,36 @@ KFW_AFS_obtain_user_temp_directory(HANDLE hUserToken, char *newfilename, int siz { int retval = 0; DWORD dwSize = size-1; /* leave room for nul */ - - *newfilename = '\0'; - - if ( !ExpandEnvironmentStringsForUser(hUserToken, "%TEMP%", newfilename, size) && - !ExpandEnvironmentStringsForUser(hUserToken, "%TMP%", newfilename, size)) - return 1; + DWORD dwLen = 0; + + if (!hUserToken || !newfilename || size <= 0) + return; + + *newfilename = '\0'; + + dwLen = ExpandEnvironmentStringsForUser(hUserToken, "%TEMP%", newfilename, dwSize); + if ( !dwLen || dwLen > dwSize ) + dwLen = ExpandEnvironmentStringsForUser(hUserToken, "%TMP%", newfilename, dwSize); + if ( !dwLen || dwLen > dwSize ) + return 1; + + newfilename[dwSize] = '\0'; return 0; } void KFW_AFS_copy_cache_to_system_file(char * user, char * szLogonId) { - char filename[256]; + char filename[MAX_PATH] = ""; DWORD count; - char cachename[264] = "FILE:"; + char cachename[MAX_PATH + 8] = "FILE:"; krb5_context ctx = 0; krb5_error_code code; krb5_principal princ = 0; krb5_ccache cc = 0; krb5_ccache ncc = 0; - if (!pkrb5_init_context) + if (!pkrb5_init_context || !user || !szLogonId) return; count = GetEnvironmentVariable("TEMP", filename, sizeof(filename)); @@ -3637,7 +3664,8 @@ KFW_AFS_copy_cache_to_system_file(char * user, char * szLogonId) code = pkrb5_cc_initialize(ctx, ncc, princ); if (code) goto cleanup; - KFW_AFS_set_file_cache_dacl(filename, NULL); + code = KFW_AFS_set_file_cache_dacl(filename, NULL); + if (code) goto cleanup; code = pkrb5_cc_copy_creds(ctx,cc,ncc); @@ -3662,7 +3690,7 @@ KFW_AFS_copy_cache_to_system_file(char * user, char * szLogonId) int KFW_AFS_copy_file_cache_to_default_cache(char * filename) { - char cachename[264] = "FILE:"; + char cachename[MAX_PATH + 8] = "FILE:"; krb5_context ctx = 0; krb5_error_code code; krb5_principal princ = 0; @@ -3670,10 +3698,10 @@ KFW_AFS_copy_file_cache_to_default_cache(char * filename) krb5_ccache ncc = 0; int retval = 1; - if (!pkrb5_init_context) + if (!pkrb5_init_context || !filename) return 1; - if ( strlen(filename) + 6 > sizeof(cachename) ) + if ( strlen(filename) + sizeof("FILE:") > sizeof(cachename) ) return 1; strcat(cachename, filename); diff --git a/src/WINNT/afsd/afslogon.c b/src/WINNT/afsd/afslogon.c index 98e38b3e2..a390b6a26 100644 --- a/src/WINNT/afsd/afslogon.c +++ b/src/WINNT/afsd/afslogon.c @@ -670,8 +670,8 @@ UnicodeStringToANSI(UNICODE_STRING uInputString, LPSTR lpszOutputString, int nOu lpszOutputString[min(uInputString.Length/2,nOutStringLen-1)] = '\0'; return TRUE; } - else - lpszOutputString[0] = '\0'; + + lpszOutputString[0] = '\0'; return FALSE; } // UnicodeStringToANSI @@ -750,9 +750,10 @@ DWORD APIENTRY NPLogonNotify( /* Convert from Unicode to ANSI */ /*TODO: Use SecureZeroMemory to erase passwords */ - UnicodeStringToANSI(IL->UserName, uname, MAX_USERNAME_LENGTH); - UnicodeStringToANSI(IL->Password, password, MAX_PASSWORD_LENGTH); - UnicodeStringToANSI(IL->LogonDomainName, logonDomain, MAX_DOMAIN_LENGTH); + if (!UnicodeStringToANSI(IL->UserName, uname, MAX_USERNAME_LENGTH) || + !UnicodeStringToANSI(IL->Password, password, MAX_PASSWORD_LENGTH) || + !UnicodeStringToANSI(IL->LogonDomainName, logonDomain, MAX_DOMAIN_LENGTH)) + return 0; /* Make sure AD-DOMANS sent from login that is sent to us is striped */ ctemp = strchr(uname, '@'); @@ -1294,11 +1295,12 @@ VOID KFW_Logon_Event( PWLX_NOTIFICATION_INFO pInfo ) char szPath[MAX_PATH] = ""; char szLogonId[128] = ""; DWORD count; - char filename[MAX_PATH]; - char newfilename[MAX_PATH]; - char commandline[MAX_PATH+256]; + char filename[MAX_PATH] = ""; + char newfilename[MAX_PATH] = ""; + char commandline[MAX_PATH+256] = ""; STARTUPINFO startupinfo; PROCESS_INFORMATION procinfo; + HANDLE hf = INVALID_HANDLE_VALUE; LUID LogonId = {0, 0}; PSECURITY_LOGON_SESSION_DATA pLogonSessionData = NULL; @@ -1341,9 +1343,24 @@ VOID KFW_Logon_Event( PWLX_NOTIFICATION_INFO pInfo ) strcat(filename, "\\"); strcat(filename, szLogonId); - KFW_AFS_set_file_cache_dacl(filename, pInfo->hToken); - - KFW_AFS_obtain_user_temp_directory(pInfo->hToken, newfilename, sizeof(newfilename)); + hf = CreateFile(filename, FILE_ALL_ACCESS, 0, NULL, OPEN_EXISTING, + FILE_ATTRIBUTE_NORMAL, NULL); + if (hf == INVALID_HANDLE_VALUE) { + DebugEvent0("KFW_Logon_Event - file cannot be opened"); + return; + } + CloseHandle(hf); + + if (KFW_AFS_set_file_cache_dacl(filename, pInfo->hToken)) { + DebugEvent0("KFW_Logon_Event - unable to set dacl"); + DeleteFile(filename); + return; + } + + if (KFW_AFS_obtain_user_temp_directory(pInfo->hToken, newfilename, sizeof(newfilename))) { + DebugEvent0("KFW_Logon_Event - unable to obtain temp directory"); + return; + } if ( strlen(newfilename) + strlen(szLogonId) + 2 > sizeof(newfilename) ) { DebugEvent0("KFW_Logon_Event - new filename too long"); -- 2.39.5