VirtualBox

source: vbox/trunk/src/VBox/Additions/WINNT/VBoxCredProv/VBoxCredProvCredential.cpp@ 61559

Last change on this file since 61559 was 57358, checked in by vboxsync, 9 years ago

*: scm cleanup run.

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 35.0 KB
Line 
1/* $Id: VBoxCredProvCredential.cpp 57358 2015-08-14 15:16:38Z vboxsync $ */
2/** @file
3 * VBoxCredProvCredential - Class for keeping and handling the passed credentials.
4 */
5
6/*
7 * Copyright (C) 2012 Oracle Corporation
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.virtualbox.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 */
17
18
19/*********************************************************************************************************************************
20* Header Files *
21*********************************************************************************************************************************/
22#ifndef WIN32_NO_STATUS
23# include <ntstatus.h>
24# define WIN32_NO_STATUS
25#endif
26#include <intsafe.h>
27
28#include "VBoxCredentialProvider.h"
29
30#include "VBoxCredProvProvider.h"
31#include "VBoxCredProvCredential.h"
32#include "VBoxCredProvUtils.h"
33
34#include <lm.h>
35
36#include <iprt/initterm.h>
37#include <iprt/mem.h>
38#include <iprt/string.h>
39
40
41
42
43VBoxCredProvCredential::VBoxCredProvCredential(void) :
44 m_enmUsageScenario(CPUS_INVALID),
45 m_cRefs(1),
46 m_pEvents(NULL),
47 m_fHaveCreds(false)
48{
49 VBoxCredProvVerbose(0, "VBoxCredProvCredential: Created\n");
50 VBoxCredentialProviderAcquire();
51 RT_BZERO(m_apwszCredentials, sizeof(PRTUTF16) * VBOXCREDPROV_NUM_FIELDS);
52}
53
54
55VBoxCredProvCredential::~VBoxCredProvCredential(void)
56{
57 VBoxCredProvVerbose(0, "VBoxCredProvCredential: Destroying\n");
58 Reset();
59 VBoxCredentialProviderRelease();
60}
61
62
63ULONG
64VBoxCredProvCredential::AddRef(void)
65{
66 LONG cRefs = InterlockedIncrement(&m_cRefs);
67 VBoxCredProvVerbose(0, "VBoxCredProvCredential::AddRef: Returning refcount=%ld\n",
68 cRefs);
69 return cRefs;
70}
71
72
73ULONG
74VBoxCredProvCredential::Release(void)
75{
76 LONG cRefs = InterlockedDecrement(&m_cRefs);
77 VBoxCredProvVerbose(0, "VBoxCredProvCredential::Release: Returning refcount=%ld\n",
78 cRefs);
79 if (!cRefs)
80 {
81 VBoxCredProvVerbose(0, "VBoxCredProvCredential: Calling destructor\n");
82 delete this;
83 }
84 return cRefs;
85}
86
87
88HRESULT
89VBoxCredProvCredential::QueryInterface(REFIID interfaceID, void **ppvInterface)
90{
91 HRESULT hr = S_OK;;
92 if (ppvInterface)
93 {
94 if ( IID_IUnknown == interfaceID
95 || IID_ICredentialProviderCredential == interfaceID)
96 {
97 *ppvInterface = static_cast<IUnknown*>(this);
98 reinterpret_cast<IUnknown*>(*ppvInterface)->AddRef();
99 }
100 else
101 {
102 *ppvInterface = NULL;
103 hr = E_NOINTERFACE;
104 }
105 }
106 else
107 hr = E_INVALIDARG;
108
109 return hr;
110}
111
112
113/**
114 * Assigns or copies a RTUTF16 string to a UNICODE_STRING.
115 *
116 * When fCopy is false, this does *not* copy its contents
117 * and only assigns its code points to the destination!
118 * When fCopy is true, the actual string buffer gets copied.
119 *
120 * Does not take terminating \0 into account.
121 *
122 * @return HRESULT
123 * @param pUnicodeDest Unicode string assigning the UTF16 string to.
124 * @param pwszSource UTF16 string to assign.
125 * @param fCopy Whether to just assign or copy the actual buffer
126 * contents from source -> dest.
127 */
128HRESULT
129VBoxCredProvCredential::RTUTF16ToUnicode(PUNICODE_STRING pUnicodeDest, PRTUTF16 pwszSource, bool fCopy)
130{
131 AssertPtrReturn(pUnicodeDest, E_POINTER);
132 AssertPtrReturn(pwszSource, E_POINTER);
133
134 size_t cbLen = RTUtf16Len(pwszSource) * sizeof(RTUTF16);
135 AssertReturn(cbLen <= USHORT_MAX, E_INVALIDARG);
136
137 HRESULT hr;
138
139 if (fCopy)
140 {
141 if (cbLen <= pUnicodeDest->MaximumLength)
142 {
143 memcpy(pUnicodeDest->Buffer, pwszSource, cbLen);
144 pUnicodeDest->Length = (USHORT)cbLen;
145 hr = S_OK;
146 }
147 else
148 hr = E_INVALIDARG;
149 }
150 else /* Just assign the buffer. */
151 {
152 pUnicodeDest->Buffer = pwszSource;
153 pUnicodeDest->Length = (USHORT)cbLen;
154 hr = S_OK;
155 }
156
157 return hr;
158}
159
160
161HRESULT
162VBoxCredProvCredential::AllocateLogonPackage(const KERB_INTERACTIVE_UNLOCK_LOGON &rUnlockLogon, PBYTE *ppPackage, DWORD *pcbPackage)
163{
164 AssertPtrReturn(ppPackage, E_INVALIDARG);
165 AssertPtrReturn(pcbPackage, E_INVALIDARG);
166
167 const KERB_INTERACTIVE_LOGON *pLogonIn = &rUnlockLogon.Logon;
168
169 /*
170 * First, allocate enough space for the logon structure itself and separate
171 * string buffers right after it to store the actual user, password and domain
172 * credentials.
173 */
174 DWORD cbLogon = sizeof(KERB_INTERACTIVE_UNLOCK_LOGON)
175 + pLogonIn->LogonDomainName.Length +
176 + pLogonIn->UserName.Length +
177 + pLogonIn->Password.Length;
178
179#ifdef DEBUG
180 VBoxCredProvVerbose(3, "VBoxCredProvCredential::AllocateLogonPackage: Allocating %ld bytes (%d bytes credentials)\n",
181 cbLogon, cbLogon - sizeof(KERB_INTERACTIVE_UNLOCK_LOGON));
182#endif
183
184 KERB_INTERACTIVE_UNLOCK_LOGON *pLogon = (KERB_INTERACTIVE_UNLOCK_LOGON*)CoTaskMemAlloc(cbLogon);
185 if (!pLogon)
186 return E_OUTOFMEMORY;
187
188 /* Let our byte buffer point to the end of our allocated structure so that it can
189 * be used to store the credential data sequentially in a binary blob
190 * (without terminating \0). */
191 PBYTE pbBuffer = (PBYTE)pLogon + sizeof(KERB_INTERACTIVE_UNLOCK_LOGON);
192
193 /* The buffer of the packed destination string does not contain the actual
194 * string content but a relative offset starting at the given
195 * KERB_INTERACTIVE_UNLOCK_LOGON structure. */
196#define KERB_CRED_INIT_PACKED(StringDst, StringSrc, LogonOffset) \
197 StringDst.Length = StringSrc.Length; \
198 StringDst.MaximumLength = StringSrc.Length; \
199 StringDst.Buffer = (PWSTR)pbBuffer; \
200 memcpy(StringDst.Buffer, StringSrc.Buffer, StringDst.Length); \
201 StringDst.Buffer = (PWSTR)(pbBuffer - (PBYTE)LogonOffset); \
202 pbBuffer += StringDst.Length;
203
204 RT_BZERO(&pLogon->LogonId, sizeof(LUID));
205
206 KERB_INTERACTIVE_LOGON *pLogonOut = &pLogon->Logon;
207 pLogonOut->MessageType = pLogonIn->MessageType;
208
209 KERB_CRED_INIT_PACKED(pLogonOut->LogonDomainName, pLogonIn->LogonDomainName, pLogon);
210 KERB_CRED_INIT_PACKED(pLogonOut->UserName , pLogonIn->UserName, pLogon);
211 KERB_CRED_INIT_PACKED(pLogonOut->Password , pLogonIn->Password, pLogon);
212
213 *ppPackage = (PBYTE)pLogon;
214 *pcbPackage = cbLogon;
215
216#undef KERB_CRED_INIT_PACKED
217
218 return S_OK;
219}
220
221
222/**
223 * Resets (wipes) stored credentials.
224 *
225 * @return HRESULT
226 */
227HRESULT
228VBoxCredProvCredential::Reset(void)
229{
230
231 VBoxCredProvVerbose(0, "VBoxCredProvCredential::Reset: Wiping credentials user=%ls, pw=%ls, domain=%ls\n",
232 m_apwszCredentials[VBOXCREDPROV_FIELDID_USERNAME],
233#ifdef DEBUG
234 m_apwszCredentials[VBOXCREDPROV_FIELDID_PASSWORD],
235#else
236 L"XXX" /* Don't show any passwords in release mode. */,
237#endif
238 m_apwszCredentials[VBOXCREDPROV_FIELDID_DOMAINNAME]);
239
240 VbglR3CredentialsDestroyUtf16(m_apwszCredentials[VBOXCREDPROV_FIELDID_USERNAME],
241 m_apwszCredentials[VBOXCREDPROV_FIELDID_PASSWORD],
242 m_apwszCredentials[VBOXCREDPROV_FIELDID_DOMAINNAME],
243 3 /* Passes */);
244 HRESULT hr = S_OK;
245 if (m_pEvents)
246 {
247 /* Note: On Windows 8, set "this" to "nullptr". */
248 HRESULT hr2 = m_pEvents->SetFieldString(this, VBOXCREDPROV_FIELDID_USERNAME, L"");
249 if (SUCCEEDED(hr))
250 hr = hr2;
251 hr2 = m_pEvents->SetFieldString(this, VBOXCREDPROV_FIELDID_PASSWORD, L"");
252 if (SUCCEEDED(hr))
253 hr = hr2;
254 hr2 = m_pEvents->SetFieldString(this, VBOXCREDPROV_FIELDID_DOMAINNAME, L"");
255 if (SUCCEEDED(hr))
256 hr = hr2;
257 }
258
259 VBoxCredProvVerbose(0, "VBoxCredProvCredential::Reset: Returned hr=%08x\n", hr);
260 return hr;
261}
262
263
264/**
265 * Checks and retrieves credentials provided by the host + does account lookup on eventually
266 * renamed user accounts.
267 *
268 * @return IPRT status code.
269 */
270int
271VBoxCredProvCredential::RetrieveCredentials(void)
272{
273 int rc = VbglR3CredentialsQueryAvailability();
274 if (RT_SUCCESS(rc))
275 {
276 /*
277 * Set status to "terminating" to let the host know this module now
278 * tries to receive and use passed credentials so that credentials from
279 * the host won't be sent twice.
280 */
281 VBoxCredProvReportStatus(VBoxGuestFacilityStatus_Terminating);
282
283 rc = VbglR3CredentialsRetrieveUtf16(&m_apwszCredentials[VBOXCREDPROV_FIELDID_USERNAME],
284 &m_apwszCredentials[VBOXCREDPROV_FIELDID_PASSWORD],
285 &m_apwszCredentials[VBOXCREDPROV_FIELDID_DOMAINNAME]);
286
287 VBoxCredProvVerbose(0, "VBoxCredProvCredential::RetrieveCredentials: Retrieved credentials with rc=%Rrc\n", rc);
288 }
289
290 if (RT_SUCCESS(rc))
291 {
292 VBoxCredProvVerbose(0, "VBoxCredProvCredential::RetrieveCredentials: User=%ls, Password=%ls, Domain=%ls\n",
293 m_apwszCredentials[VBOXCREDPROV_FIELDID_USERNAME],
294#ifdef DEBUG
295 m_apwszCredentials[VBOXCREDPROV_FIELDID_PASSWORD],
296#else
297 L"XXX" /* Don't show any passwords in release mode. */,
298#endif
299 m_apwszCredentials[VBOXCREDPROV_FIELDID_DOMAINNAME]);
300
301 /*
302 * In case we got a "display name" (e.g. "John Doe")
303 * instead of the real user name (e.g. "jdoe") we have
304 * to translate the data first ...
305 */
306 PWSTR pwszAcount;
307 if (TranslateAccountName(m_apwszCredentials[VBOXCREDPROV_FIELDID_USERNAME], &pwszAcount))
308 {
309 VBoxCredProvVerbose(0, "VBoxCredProvCredential::RetrieveCredentials: Translated account name %ls -> %ls\n",
310 m_apwszCredentials[VBOXCREDPROV_FIELDID_USERNAME], pwszAcount);
311
312 if (m_apwszCredentials[VBOXCREDPROV_FIELDID_USERNAME])
313 {
314 RTMemWipeThoroughly(m_apwszCredentials[VBOXCREDPROV_FIELDID_USERNAME],
315 RTUtf16Len(m_apwszCredentials[VBOXCREDPROV_FIELDID_USERNAME]) + sizeof(RTUTF16),
316 3 /* Passes */);
317 RTUtf16Free(m_apwszCredentials[VBOXCREDPROV_FIELDID_USERNAME]);
318 }
319 m_apwszCredentials[VBOXCREDPROV_FIELDID_USERNAME] = pwszAcount;
320 }
321 else
322 {
323 /*
324 * Okay, no display name, but maybe it's a
325 * principal name from which we have to extract the domain from?
326 * ([email protected] -> jdoe in domain my-domain.sub.net.com.)
327 */
328 PWSTR pwszDomain;
329 if (ExtractAccoutData(m_apwszCredentials[VBOXCREDPROV_FIELDID_USERNAME],
330 &pwszAcount, &pwszDomain))
331 {
332 /* Update user name. */
333 if (m_apwszCredentials[VBOXCREDPROV_FIELDID_USERNAME])
334 {
335 RTMemWipeThoroughly(m_apwszCredentials[VBOXCREDPROV_FIELDID_USERNAME],
336 RTUtf16Len(m_apwszCredentials[VBOXCREDPROV_FIELDID_USERNAME]) + sizeof(RTUTF16),
337 3 /* Passes */);
338 RTUtf16Free(m_apwszCredentials[VBOXCREDPROV_FIELDID_USERNAME]);
339 }
340 m_apwszCredentials[VBOXCREDPROV_FIELDID_USERNAME] = pwszAcount;
341
342 /* Update domain. */
343 if (m_apwszCredentials[VBOXCREDPROV_FIELDID_DOMAINNAME])
344 {
345 RTMemWipeThoroughly(m_apwszCredentials[VBOXCREDPROV_FIELDID_DOMAINNAME],
346 RTUtf16Len(m_apwszCredentials[VBOXCREDPROV_FIELDID_DOMAINNAME]) + sizeof(RTUTF16),
347 3 /* Passes */);
348 RTUtf16Free(m_apwszCredentials[VBOXCREDPROV_FIELDID_DOMAINNAME]);
349 }
350 m_apwszCredentials[VBOXCREDPROV_FIELDID_DOMAINNAME] = pwszDomain;
351
352 VBoxCredProvVerbose(0, "VBoxCredProvCredential::RetrieveCredentials: Extracted account data pwszAccount=%ls, pwszDomain=%ls\n",
353 m_apwszCredentials[VBOXCREDPROV_FIELDID_USERNAME],
354 m_apwszCredentials[VBOXCREDPROV_FIELDID_DOMAINNAME]);
355 }
356 }
357
358 m_fHaveCreds = true;
359 }
360 else
361 {
362 /* If credentials already were retrieved by a former call, don't try to retrieve new ones
363 * and just report back the already retrieved ones. */
364 if (m_fHaveCreds)
365 {
366 VBoxCredProvVerbose(0, "VBoxCredProvCredential::RetrieveCredentials: Credentials already retrieved\n");
367 rc = VINF_SUCCESS;
368 }
369 }
370
371 VBoxCredProvVerbose(0, "VBoxCredProvCredential::RetrieveCredentials: Returned rc=%Rrc\n", rc);
372 return rc;
373}
374
375
376/**
377 * Initializes this credential with the current credential provider
378 * usage scenario.
379 */
380HRESULT
381VBoxCredProvCredential::Initialize(CREDENTIAL_PROVIDER_USAGE_SCENARIO enmUsageScenario)
382{
383 VBoxCredProvVerbose(0, "VBoxCredProvCredential::Initialize: enmUsageScenario=%ld\n", enmUsageScenario);
384 m_enmUsageScenario = enmUsageScenario;
385 return S_OK;
386}
387
388
389/**
390 * Called by LogonUI when it needs this credential's advice.
391 *
392 * At the moment we only grab the credential provider events so that we can
393 * trigger a re-enumeration of the credentials later.
394 */
395HRESULT
396VBoxCredProvCredential::Advise(ICredentialProviderCredentialEvents *pEvents)
397{
398 VBoxCredProvVerbose(0, "VBoxCredProvCredential::Advise: pEvents=0x%p\n",
399 pEvents);
400
401 if (m_pEvents)
402 {
403 m_pEvents->Release();
404 m_pEvents = NULL;
405 }
406
407 m_pEvents = pEvents;
408 if (m_pEvents)
409 m_pEvents->AddRef();
410
411 return S_OK;
412}
413
414
415/**
416 * Called by LogonUI when it's finished with handling this credential.
417 *
418 * We only need to release the credential provider events, if any.
419 */
420HRESULT
421VBoxCredProvCredential::UnAdvise(void)
422{
423 VBoxCredProvVerbose(0, "VBoxCredProvCredential::UnAdvise\n");
424
425 if (m_pEvents)
426 {
427 m_pEvents->Release();
428 m_pEvents = NULL;
429 }
430
431 return S_OK;
432}
433
434
435/**
436 * Called by LogonUI when a user profile (tile) has been selected.
437 *
438 * As we don't want Winlogon to try logging in immediately we set pfAutoLogon
439 * to FALSE (if set).
440 */
441HRESULT
442VBoxCredProvCredential::SetSelected(PBOOL pfAutoLogon)
443{
444 VBoxCredProvVerbose(0, "VBoxCredProvCredential::SetSelected\n");
445
446 /*
447 * Don't do auto logon here because it would retry too often with
448 * every credential field (user name, password, domain, ...) which makes
449 * winlogon wait before new login attempts can be made.
450 */
451 if (pfAutoLogon)
452 *pfAutoLogon = FALSE;
453 return S_OK;
454}
455
456
457/**
458 * Called by LogonUI when a user profile (tile) has been unselected again.
459 */
460HRESULT
461VBoxCredProvCredential::SetDeselected(void)
462{
463 VBoxCredProvVerbose(0, "VBoxCredProvCredential::SetDeselected\n");
464
465 Reset();
466
467 if (m_pEvents)
468 m_pEvents->SetFieldString(this, VBOXCREDPROV_FIELDID_PASSWORD, L"");
469
470 return S_OK;
471}
472
473
474/**
475 * Called by LogonUI to retrieve the (interactive) state of a UI field.
476 */
477HRESULT
478VBoxCredProvCredential::GetFieldState(DWORD dwFieldID, CREDENTIAL_PROVIDER_FIELD_STATE *pFieldState,
479 CREDENTIAL_PROVIDER_FIELD_INTERACTIVE_STATE *pFieldstateInteractive)
480{
481 VBoxCredProvVerbose(0, "VBoxCredProvCredential::GetFieldState: dwFieldID=%ld\n", dwFieldID);
482
483 HRESULT hr = S_OK;
484
485 if ( (dwFieldID < VBOXCREDPROV_NUM_FIELDS)
486 && pFieldState
487 && pFieldstateInteractive)
488 {
489 *pFieldState = s_VBoxCredProvFields[dwFieldID].state;
490 *pFieldstateInteractive = s_VBoxCredProvFields[dwFieldID].stateInteractive;
491 }
492 else
493 hr = E_INVALIDARG;
494
495 return hr;
496}
497
498
499/**
500 * Searches the account name based on a display (real) name (e.g. "John Doe" -> "jdoe").
501 * Result "ppwszAccoutName" needs to be freed with CoTaskMemFree!
502 */
503BOOL
504VBoxCredProvCredential::TranslateAccountName(PWSTR pwszDisplayName, PWSTR *ppwszAccoutName)
505{
506 AssertPtrReturn(pwszDisplayName, FALSE);
507 VBoxCredProvVerbose(0, "VBoxCredProvCredential::TranslateAccountName: Getting account name for \"%ls\" ...\n",
508 pwszDisplayName);
509
510 /** @todo Do we need ADS support (e.g. TranslateNameW) here? */
511 BOOL fFound = FALSE; /* Did we find the desired user? */
512 NET_API_STATUS rcStatus;
513 DWORD dwLevel = 2; /* Detailed information about user accounts. */
514 DWORD dwPrefMaxLen = MAX_PREFERRED_LENGTH;
515 DWORD dwEntriesRead = 0;
516 DWORD dwTotalEntries = 0;
517 DWORD dwResumeHandle = 0;
518 LPUSER_INFO_2 pBuf = NULL;
519 LPUSER_INFO_2 pCurBuf = NULL;
520 do
521 {
522 rcStatus = NetUserEnum(NULL, /* Server name, NULL for localhost. */
523 dwLevel,
524 FILTER_NORMAL_ACCOUNT,
525 (LPBYTE*)&pBuf,
526 dwPrefMaxLen,
527 &dwEntriesRead,
528 &dwTotalEntries,
529 &dwResumeHandle);
530 if ( rcStatus == NERR_Success
531 || rcStatus == ERROR_MORE_DATA)
532 {
533 if ((pCurBuf = pBuf) != NULL)
534 {
535 for (DWORD i = 0; i < dwEntriesRead; i++)
536 {
537 /*
538 * Search for the "display name" - that might be
539 * "John Doe" or something similar the user recognizes easier
540 * and may not the same as the "account" name (e.g. "jdoe").
541 */
542 if ( pCurBuf
543 && pCurBuf->usri2_full_name
544 && StrCmpI(pwszDisplayName, pCurBuf->usri2_full_name) == 0)
545 {
546 /*
547 * Copy the real user name (e.g. "jdoe") to our
548 * output buffer.
549 */
550 LPWSTR pwszTemp;
551 HRESULT hr = SHStrDupW(pCurBuf->usri2_name, &pwszTemp);
552 if (hr == S_OK)
553 {
554 *ppwszAccoutName = pwszTemp;
555 fFound = TRUE;
556 }
557 else
558 VBoxCredProvVerbose(0, "VBoxCredProvCredential::TranslateAccountName: Error copying data, hr=%08x\n", hr);
559 break;
560 }
561 pCurBuf++;
562 }
563 }
564 if (pBuf != NULL)
565 {
566 NetApiBufferFree(pBuf);
567 pBuf = NULL;
568 }
569 }
570 } while (rcStatus == ERROR_MORE_DATA && !fFound);
571
572 if (pBuf != NULL)
573 {
574 NetApiBufferFree(pBuf);
575 pBuf = NULL;
576 }
577
578 VBoxCredProvVerbose(0, "VBoxCredProvCredential::TranslateAccountName returned rcStatus=%ld, fFound=%RTbool\n",
579 rcStatus, fFound);
580 return fFound;
581
582#if 0
583 DWORD dwErr = NO_ERROR;
584 ULONG cbLen = 0;
585 if ( TranslateNameW(pwszName, NameUnknown, NameUserPrincipal, NULL, &cbLen)
586 && cbLen > 0)
587 {
588 VBoxCredProvVerbose(0, "VBoxCredProvCredential::GetAccountName: Translated ADS name has %u characters\n", cbLen));
589
590 ppwszAccoutName = (PWSTR)RTMemAlloc(cbLen * sizeof(WCHAR));
591 AssertPtrReturn(pwszName, FALSE);
592 if (TranslateNameW(pwszName, NameUnknown, NameUserPrincipal, ppwszAccoutName, &cbLen))
593 {
594 VBoxCredProvVerbose(0, "VBoxCredProvCredential::GetAccountName: Real ADS account name of '%ls' is '%ls'\n",
595 pwszName, ppwszAccoutName));
596 }
597 else
598 {
599 RTMemFree(ppwszAccoutName);
600 dwErr = GetLastError();
601 }
602 }
603 else
604 dwErr = GetLastError();
605 /* The above method for looking up in ADS failed, try another one. */
606 if (dwErr != NO_ERROR)
607 {
608 dwErr = NO_ERROR;
609
610 }
611#endif
612}
613
614
615/**
616 * Extracts the actual account name & domain from a (raw) account data string.
617 *
618 * This might be a principal or FQDN string.
619 */
620BOOL
621VBoxCredProvCredential::ExtractAccoutData(PWSTR pwszAccountData, PWSTR *ppwszAccoutName, PWSTR *ppwszDomain)
622{
623 AssertPtrReturn(pwszAccountData, FALSE);
624 VBoxCredProvVerbose(0, "VBoxCredProvCredential::ExtractAccoutData: Getting account name for \"%ls\" ...\n",
625 pwszAccountData);
626 HRESULT hr = E_FAIL;
627
628 /* Try to figure out whether this is a principal name (user@domain). */
629 LPWSTR pPos = NULL;
630 if ( (pPos = StrChrW(pwszAccountData, L'@')) != NULL
631 && pPos != pwszAccountData)
632 {
633 size_t cbSize = (pPos - pwszAccountData) * sizeof(WCHAR);
634 LPWSTR pwszName = (LPWSTR)CoTaskMemAlloc(cbSize + sizeof(WCHAR)); /* Space for terminating zero. */
635 LPWSTR pwszDomain = NULL;
636 AssertPtr(pwszName);
637 hr = StringCbCopyN(pwszName, cbSize + sizeof(WCHAR), pwszAccountData, cbSize);
638 if (SUCCEEDED(hr))
639 {
640 *ppwszAccoutName = pwszName;
641 pPos++; /* Skip @, point to domain name (if any). */
642 if ( pPos != NULL
643 && *pPos != L'\0')
644 {
645 hr = SHStrDupW(pPos, &pwszDomain);
646 if (SUCCEEDED(hr))
647 {
648 *ppwszDomain = pwszDomain;
649 }
650 else
651 VBoxCredProvVerbose(0, "VBoxCredProvCredential::ExtractAccoutData: Error copying domain data, hr=%08x\n", hr);
652 }
653 else
654 {
655 hr = E_FAIL;
656 VBoxCredProvVerbose(0, "VBoxCredProvCredential::ExtractAccoutData: No domain name found!\n");
657 }
658 }
659 else
660 VBoxCredProvVerbose(0, "VBoxCredProvCredential::ExtractAccoutData: Error copying account data, hr=%08x\n", hr);
661
662 if (hr != S_OK)
663 {
664 CoTaskMemFree(pwszName);
665 if (pwszDomain)
666 CoTaskMemFree(pwszDomain);
667 }
668 }
669 else
670 VBoxCredProvVerbose(0, "VBoxCredProvCredential::ExtractAccoutData: No valid principal account name found!\n");
671
672 return (hr == S_OK);
673}
674
675
676/**
677 * Returns the value of a specified LogonUI field.
678 *
679 * @return IPRT status code.
680 * @param dwFieldID Field ID to get value for.
681 * @param ppwszString Pointer that receives the actual value of the specified field.
682 */
683HRESULT
684VBoxCredProvCredential::GetStringValue(DWORD dwFieldID, PWSTR *ppwszString)
685{
686 HRESULT hr;
687 if ( dwFieldID < VBOXCREDPROV_NUM_FIELDS
688 && ppwszString)
689 {
690 switch (dwFieldID)
691 {
692 case VBOXCREDPROV_FIELDID_SUBMIT_BUTTON:
693 /* Fill in standard value to make Winlogon happy. */
694 hr = SHStrDupW(L"Submit", ppwszString);
695 break;
696
697 default:
698 if ( m_apwszCredentials[dwFieldID]
699 && RTUtf16Len(m_apwszCredentials[dwFieldID]))
700 hr = SHStrDupW(m_apwszCredentials[dwFieldID], ppwszString);
701 else /* Fill in an empty value. */
702 hr = SHStrDupW(L"", ppwszString);
703 break;
704 }
705#ifdef DEBUG
706 if (SUCCEEDED(hr))
707 VBoxCredProvVerbose(0, "VBoxCredProvCredential::GetStringValue: dwFieldID=%ld, ppwszString=%ls\n",
708 dwFieldID, *ppwszString);
709#endif
710 }
711 else
712 hr = E_INVALIDARG;
713 return hr;
714}
715
716
717/**
718 * Returns back the field ID of which the submit button should be put next to.
719 *
720 * We always want to be the password field put next to the submit button
721 * currently.
722 *
723 * @return HRESULT
724 * @param dwFieldID Field ID of the submit button.
725 * @param pdwAdjacentTo Field ID where to put the submit button next to.
726 */
727HRESULT
728VBoxCredProvCredential::GetSubmitButtonValue(DWORD dwFieldID, DWORD *pdwAdjacentTo)
729{
730 VBoxCredProvVerbose(0, "VBoxCredProvCredential::GetSubmitButtonValue: dwFieldID=%ld\n",
731 dwFieldID);
732
733 HRESULT hr = S_OK;
734
735 /* Validate parameters. */
736 if ( dwFieldID == VBOXCREDPROV_FIELDID_SUBMIT_BUTTON
737 && pdwAdjacentTo)
738 {
739 /* pdwAdjacentTo is a pointer to the fieldID you want the submit button to appear next to. */
740 *pdwAdjacentTo = VBOXCREDPROV_FIELDID_PASSWORD;
741 VBoxCredProvVerbose(0, "VBoxCredProvCredential::GetSubmitButtonValue: dwFieldID=%ld, *pdwAdjacentTo=%ld\n",
742 dwFieldID, *pdwAdjacentTo);
743 }
744 else
745 hr = E_INVALIDARG;
746
747 return hr;
748}
749
750
751/**
752 * Sets the value of a specified field. Currently not used.
753 *
754 * @return HRESULT
755 * @param dwFieldID Field to set value for.
756 * @param pcwzString Actual value to set.
757 */
758HRESULT
759VBoxCredProvCredential::SetStringValue(DWORD dwFieldID, PCWSTR pcwzString)
760{
761#ifdef DEBUG
762 VBoxCredProvVerbose(0, "VBoxCredProvCredential::SetStringValue: dwFieldID=%ld, pcwzString=%ls\n",
763 dwFieldID, pcwzString);
764#endif
765
766 /* Do more things here later. */
767 HRESULT hr = S_OK;
768
769 VBoxCredProvVerbose(0, "VBoxCredProvCredential::SetStringValue returned with hr=%08x\n", hr);
770 return hr;
771}
772
773
774HRESULT
775VBoxCredProvCredential::GetBitmapValue(DWORD dwFieldID, HBITMAP *phBitmap)
776{
777 NOREF(dwFieldID);
778 NOREF(phBitmap);
779
780 /* We don't do own bitmaps. */
781 return E_NOTIMPL;
782}
783
784
785HRESULT
786VBoxCredProvCredential::GetCheckboxValue(DWORD dwFieldID, BOOL *pfChecked, PWSTR *ppwszLabel)
787{
788 NOREF(dwFieldID);
789 NOREF(pfChecked);
790 NOREF(ppwszLabel);
791 return E_NOTIMPL;
792}
793
794
795HRESULT
796VBoxCredProvCredential::GetComboBoxValueCount(DWORD dwFieldID, DWORD *pcItems, DWORD *pdwSelectedItem)
797{
798 NOREF(dwFieldID);
799 NOREF(pcItems);
800 NOREF(pdwSelectedItem);
801 return E_NOTIMPL;
802}
803
804
805HRESULT
806VBoxCredProvCredential::GetComboBoxValueAt(DWORD dwFieldID, DWORD dwItem, PWSTR *ppwszItem)
807{
808 NOREF(dwFieldID);
809 NOREF(dwItem);
810 NOREF(ppwszItem);
811 return E_NOTIMPL;
812}
813
814
815HRESULT
816VBoxCredProvCredential::SetCheckboxValue(DWORD dwFieldID, BOOL fChecked)
817{
818 NOREF(dwFieldID);
819 NOREF(fChecked);
820 return E_NOTIMPL;
821}
822
823
824HRESULT
825VBoxCredProvCredential::SetComboBoxSelectedValue(DWORD dwFieldId, DWORD dwSelectedItem)
826{
827 NOREF(dwFieldId);
828 NOREF(dwSelectedItem);
829 return E_NOTIMPL;
830}
831
832
833HRESULT
834VBoxCredProvCredential::CommandLinkClicked(DWORD dwFieldID)
835{
836 NOREF(dwFieldID);
837 return E_NOTIMPL;
838}
839
840
841/**
842 * Does the actual authentication stuff to attempt a login.
843 *
844 * @return HRESULT
845 * @param pcpGetSerializationResponse Credential serialization response.
846 * @param pcpCredentialSerialization Details about the current credential.
847 * @param ppwszOptionalStatusText Text to set. Optional.
848 * @param pcpsiOptionalStatusIcon Status icon to set. Optional.
849 */
850HRESULT
851VBoxCredProvCredential::GetSerialization(CREDENTIAL_PROVIDER_GET_SERIALIZATION_RESPONSE *pcpGetSerializationResponse,
852 CREDENTIAL_PROVIDER_CREDENTIAL_SERIALIZATION *pcpCredentialSerialization,
853 PWSTR *ppwszOptionalStatusText,
854 CREDENTIAL_PROVIDER_STATUS_ICON *pcpsiOptionalStatusIcon)
855{
856 NOREF(ppwszOptionalStatusText);
857 NOREF(pcpsiOptionalStatusIcon);
858
859 KERB_INTERACTIVE_UNLOCK_LOGON KerberosUnlockLogon;
860 RT_BZERO(&KerberosUnlockLogon, sizeof(KerberosUnlockLogon));
861
862 /* Save a pointer to the interactive logon struct. */
863 KERB_INTERACTIVE_LOGON *pKerberosLogon = &KerberosUnlockLogon.Logon;
864 AssertPtr(pKerberosLogon);
865
866 HRESULT hr;
867
868#ifdef DEBUG
869 VBoxCredProvVerbose(0, "VBoxCredProvCredential::GetSerialization: Username=%ls, Password=%ls, Domain=%ls\n",
870 m_apwszCredentials[VBOXCREDPROV_FIELDID_USERNAME],
871 m_apwszCredentials[VBOXCREDPROV_FIELDID_PASSWORD],
872 m_apwszCredentials[VBOXCREDPROV_FIELDID_DOMAINNAME]);
873#endif
874
875 /* Do we have a domain name set? */
876 if ( m_apwszCredentials[VBOXCREDPROV_FIELDID_DOMAINNAME]
877 && RTUtf16Len(m_apwszCredentials[VBOXCREDPROV_FIELDID_DOMAINNAME]))
878 {
879 hr = RTUTF16ToUnicode(&pKerberosLogon->LogonDomainName,
880 m_apwszCredentials[VBOXCREDPROV_FIELDID_DOMAINNAME],
881 false /* Just assign, no copy */);
882 }
883 else /* No domain (FQDN) given, try local computer name. */
884 {
885 WCHAR wszComputerName[MAX_COMPUTERNAME_LENGTH + 1];
886 DWORD cch = ARRAYSIZE(wszComputerName);
887 if (GetComputerNameW(wszComputerName, &cch))
888 {
889 /* Is a domain name missing? Then use the name of the local computer. */
890 hr = RTUTF16ToUnicode(&pKerberosLogon->LogonDomainName,
891 wszComputerName,
892 false /* Just assign, no copy */);
893
894 VBoxCredProvVerbose(0, "VBoxCredProvCredential::GetSerialization: Local computer name=%ls\n",
895 wszComputerName);
896 }
897 else
898 hr = HRESULT_FROM_WIN32(GetLastError());
899 }
900
901 /* Fill in the username and password. */
902 if (SUCCEEDED(hr))
903 {
904 hr = RTUTF16ToUnicode(&pKerberosLogon->UserName,
905 m_apwszCredentials[VBOXCREDPROV_FIELDID_USERNAME],
906 false /* Just assign, no copy */);
907 if (SUCCEEDED(hr))
908 {
909 hr = RTUTF16ToUnicode(&pKerberosLogon->Password,
910 m_apwszCredentials[VBOXCREDPROV_FIELDID_PASSWORD],
911 false /* Just assign, no copy */);
912 if (SUCCEEDED(hr))
913 {
914 /* Set credential type according to current usage scenario. */
915 AssertPtr(pKerberosLogon);
916 switch (m_enmUsageScenario)
917 {
918 case CPUS_UNLOCK_WORKSTATION:
919 pKerberosLogon->MessageType = KerbWorkstationUnlockLogon;
920 break;
921
922 case CPUS_LOGON:
923 pKerberosLogon->MessageType = KerbInteractiveLogon;
924 break;
925
926 case CPUS_CREDUI:
927 pKerberosLogon->MessageType = (KERB_LOGON_SUBMIT_TYPE)0; /* No message type required here. */
928 break;
929
930 default:
931 hr = E_FAIL;
932 break;
933 }
934
935 if (FAILED(hr))
936 VBoxCredProvVerbose(0, "VBoxCredProvCredential::GetSerialization: Unknown usage scenario=%ld\n", m_enmUsageScenario);
937
938 if (SUCCEEDED(hr)) /* Build the logon package. */
939 {
940 hr = AllocateLogonPackage(KerberosUnlockLogon,
941 &pcpCredentialSerialization->rgbSerialization,
942 &pcpCredentialSerialization->cbSerialization);
943 if (FAILED(hr))
944 VBoxCredProvVerbose(0, "VBoxCredProvCredential::GetSerialization: Failed to allocate logon package, hr=0x%08x\n", hr);
945 }
946
947 if (SUCCEEDED(hr))
948 {
949 ULONG ulAuthPackage;
950
951 HANDLE hLsa;
952 NTSTATUS s = LsaConnectUntrusted(&hLsa);
953 if (SUCCEEDED(HRESULT_FROM_NT(s)))
954 {
955 LSA_STRING lsaszKerberosName;
956 size_t cchKerberosName;
957 hr = StringCchLengthA(NEGOSSP_NAME_A, USHORT_MAX, &cchKerberosName);
958 if (SUCCEEDED(hr))
959 {
960 USHORT usLength;
961 hr = SizeTToUShort(cchKerberosName, &usLength);
962 if (SUCCEEDED(hr))
963 {
964 lsaszKerberosName.Buffer = (PCHAR)NEGOSSP_NAME_A;
965 lsaszKerberosName.Length = usLength;
966 lsaszKerberosName.MaximumLength = lsaszKerberosName.Length + 1;
967
968 }
969 }
970
971 if (SUCCEEDED(hr))
972 {
973 s = LsaLookupAuthenticationPackage(hLsa, &lsaszKerberosName,
974 &ulAuthPackage);
975 if (FAILED(HRESULT_FROM_NT(s)))
976 {
977 hr = HRESULT_FROM_NT(s);
978 VBoxCredProvVerbose(0, "VBoxCredProvCredential::GetSerialization: Failed looking up authentication package, hr=0x%08x\n", hr);
979 }
980 }
981
982 LsaDeregisterLogonProcess(hLsa);
983 }
984
985 if (SUCCEEDED(hr))
986 {
987 pcpCredentialSerialization->ulAuthenticationPackage = ulAuthPackage;
988 pcpCredentialSerialization->clsidCredentialProvider = CLSID_VBoxCredProvider;
989
990 /* We're done -- let the logon UI know. */
991 *pcpGetSerializationResponse = CPGSR_RETURN_CREDENTIAL_FINISHED;
992 }
993 }
994 }
995 else
996 VBoxCredProvVerbose(0, "VBoxCredProvCredential::GetSerialization: Error copying password, hr=0x%08x\n", hr);
997 }
998 else
999 VBoxCredProvVerbose(0, "VBoxCredProvCredential::GetSerialization: Error copying user name, hr=0x%08x\n", hr);
1000 }
1001
1002 VBoxCredProvVerbose(0, "VBoxCredProvCredential::GetSerialization returned hr=0x%08x\n", hr);
1003 return hr;
1004}
1005
1006
1007/**
1008 * Called by LogonUI after a logon attempt was made -- here we could set an additional status
1009 * text and/or icon.
1010 *
1011 * Currently not used.
1012 *
1013 * @return HRESULT
1014 * @param ntStatus NT status of logon attempt reported by Winlogon.
1015 * @param ntSubStatus NT substatus of logon attempt reported by Winlogon.
1016 * @param ppwszOptionalStatusText Pointer that receives the optional status text.
1017 * @param pcpsiOptionalStatusIcon Pointer that receives the optional status icon.
1018 */
1019HRESULT
1020VBoxCredProvCredential::ReportResult(NTSTATUS ntStatus,
1021 NTSTATUS ntSubStatus,
1022 PWSTR *ppwszOptionalStatusText,
1023 CREDENTIAL_PROVIDER_STATUS_ICON *pcpsiOptionalStatusIcon)
1024{
1025 VBoxCredProvVerbose(0, "VBoxCredProvCredential::ReportResult: ntStatus=%ld, ntSubStatus=%ld\n",
1026 ntStatus, ntSubStatus);
1027 return S_OK;
1028}
1029
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette