Changeset 35581 in vbox

Timestamp:

Jan 17, 2011 12:21:28 PM (14 years ago)

Author:

vboxsync

svn:sync-xref-src-repo-rev:

69471

Message:

VBoxCredProv: Added support for unlocking workstations.

Location:

trunk/src/VBox/Additions/WINNT/VBoxCredProv

Files:

• VBoxCredential.cpp (modified) (2 diffs)
• helpers.cpp (modified) (3 diffs)
• helpers.h (modified) (3 diffs)

trunk/src/VBox/Additions/WINNT/VBoxCredProv/VBoxCredential.cpp

@@ -696 +696 @@
     UNREFERENCED_PARAMETER(pcpsiOptionalStatusIcon);
 
-    KERB_INTERACTIVE_LOGON kil;
-    ZeroMemory(&kil, sizeof(kil));
+    KERB_INTERACTIVE_UNLOCK_LOGON kiul;
+    ZeroMemory(&kiul, sizeof(kiul));
+
+    /* Save a pointer to the interactive logon struct. */
+    KERB_INTERACTIVE_LOGON* pkil = &kiul.Logon;
+    AssertPtr(pkil);
 
     HRESULT hr;
@@ -707 +711 @@
         /* Is a domain name missing? Then use the name of the local computer. */
         if (NULL == m_rgFieldStrings [SFI_DOMAINNAME])
-            hr = UnicodeStringInitWithString(wszComputerName, &kil.LogonDomainName);
+            hr = UnicodeStringInitWithString(wszComputerName, &pkil->LogonDomainName);
         else
             hr = UnicodeStringInitWithString(m_rgFieldStrings [SFI_DOMAINNAME],
-                                             &kil.LogonDomainName);
+                                             &pkil->LogonDomainName);
 
         /* Fill in the username and password. */
         if (SUCCEEDED(hr))
         {
-            hr = UnicodeStringInitWithString(m_rgFieldStrings[SFI_USERNAME], &kil.UserName);
+            hr = UnicodeStringInitWithString(m_rgFieldStrings[SFI_USERNAME], &pkil->UserName);
             if (SUCCEEDED(hr))
             {
-                hr = UnicodeStringInitWithString(m_rgFieldStrings[SFI_PASSWORD], &kil.Password);
+                hr = UnicodeStringInitWithString(m_rgFieldStrings[SFI_PASSWORD], &pkil->Password);
                 if (SUCCEEDED(hr))
                 {
-                    /* Allocate copies of, and package, the strings in a binary blob. */
-                    kil.MessageType = KerbInteractiveLogon;
-                    hr = KerbInteractiveLogonPack(kil,
-                                                  &pcpCredentialSerialization->rgbSerialization,
-                                                  &pcpCredentialSerialization->cbSerialization);
+                    /* Set credential type according to current usage scenario. */
+                    AssertPtr(pkil);
+                    switch (m_cpUS)
+                    {
+                        case CPUS_UNLOCK_WORKSTATION:
+                            pkil->MessageType = KerbWorkstationUnlockLogon;
+                            break;
+
+                        case CPUS_LOGON:
+                            pkil->MessageType = KerbInteractiveLogon;
+                            break;
+
+                        case CPUS_CREDUI:
+                            pkil->MessageType = (KERB_LOGON_SUBMIT_TYPE)0; /* No message type required here. */
+                            break;
+
+                        default:
+                            hr = E_FAIL;
+                            break;
+                    }
+
+                    if (SUCCEEDED(hr))
+                    {
+                        /* Allocate copies of, and package, the strings in a binary blob. */
+                        hr = KerbInteractiveUnlockLogonPack(kiul,
+                                                            &pcpCredentialSerialization->rgbSerialization,
+                                                            &pcpCredentialSerialization->cbSerialization);
+                    }
                     if (SUCCEEDED(hr))
                     {

trunk/src/VBox/Additions/WINNT/VBoxCredProv/helpers.cpp

@@ -170 +170 @@
 
 //
-// WinLogon and LSA consume "packed" KERB_INTERACTIVE_LOGONs.  In these, the PWSTR members of each
+// WinLogon and LSA consume "packed" KERB_INTERACTIVE_UNLOCK_LOGONs.  In these, the PWSTR members of each
 // UNICODE_STRING are not actually pointers but byte offsets into the overall buffer represented
-// by the packed KERB_INTERACTIVE_LOGON.  For example:
-//
-// kil.LogonDomainName.Length = 14                             -> Length is in bytes, not characters
-// kil.LogonDomainName.Buffer = sizeof(KERB_INTERACTIVE_LOGON) -> LogonDomainName begins immediately
-//                                                                after the KERB_... struct in the buffer
-// kil.UserName.Length = 10
-// kil.UserName.Buffer = sizeof(KERB_INTERACTIVE_LOGON) + 14   -> UNICODE_STRINGS are NOT null-terminated
-//
-// kil.Password.Length = 16
-// kil.Password.Buffer = sizeof(KERB_INTERACTIVE_LOGON) + 14 + 10
+// by the packed KERB_INTERACTIVE_UNLOCK_LOGON.  For example:
+//
+// rkiulIn.Logon.LogonDomainName.Length = 14                                    -> Length is in bytes, not characters
+// rkiulIn.Logon.LogonDomainName.Buffer = sizeof(KERB_INTERACTIVE_UNLOCK_LOGON) -> LogonDomainName begins immediately
+//                                                                              after the KERB_... struct in the buffer
+// rkiulIn.Logon.UserName.Length = 10
+// rkiulIn.Logon.UserName.Buffer = sizeof(KERB_INTERACTIVE_UNLOCK_LOGON) + 14   -> UNICODE_STRINGS are NOT null-terminated
+//
+// rkiulIn.Logon.Password.Length = 16
+// rkiulIn.Logon.Password.Buffer = sizeof(KERB_INTERACTIVE_UNLOCK_LOGON) + 14 + 10
 //
 // There's more information on this at:
 // http://msdn.microsoft.com/msdnmag/issues/05/06/SecurityBriefs/#void
 //
-
-HRESULT KerbInteractiveLogonPack(
-                                 const KERB_INTERACTIVE_LOGON& rkil,
-                                 BYTE** prgb,
-                                 DWORD* pcb
-                                 )
-{
-    HRESULT hr;
+HRESULT KerbInteractiveUnlockLogonPack(
+                                       const KERB_INTERACTIVE_UNLOCK_LOGON& rkiulIn,
+                                       BYTE** prgb,
+                                       DWORD* pcb
+                                       )
+{
+    HRESULT hr;
+
+    const KERB_INTERACTIVE_LOGON* pkilIn = &rkiulIn.Logon;
 
     // alloc space for struct plus extra for the three strings
-    DWORD cb = sizeof(rkil) +
-        rkil.LogonDomainName.Length +
-        rkil.UserName.Length +
-        rkil.Password.Length;
-
-    KERB_INTERACTIVE_LOGON* pkil = (KERB_INTERACTIVE_LOGON*)CoTaskMemAlloc(cb);
-
-    if (pkil)
-    {
-        pkil->MessageType = rkil.MessageType;
+    DWORD cb = sizeof(rkiulIn) +
+        pkilIn->LogonDomainName.Length +
+        pkilIn->UserName.Length +
+        pkilIn->Password.Length;
+
+    KERB_INTERACTIVE_UNLOCK_LOGON* pkiulOut = (KERB_INTERACTIVE_UNLOCK_LOGON*)CoTaskMemAlloc(cb);
+
+    if (pkiulOut)
+    {
+        ZeroMemory(&pkiulOut->LogonId, sizeof(LUID));
 
         //
         // point pbBuffer at the beginning of the extra space
         //
-        BYTE* pbBuffer = (BYTE*)pkil + sizeof(KERB_INTERACTIVE_LOGON);
+        BYTE* pbBuffer = (BYTE*)pkiulOut + sizeof(*pkiulOut);
+
+        //
+        // set up the Logon structure within the KERB_INTERACTIVE_UNLOCK_LOGON
+        //
+        KERB_INTERACTIVE_LOGON* pkilOut = &pkiulOut->Logon;
+
+        pkilOut->MessageType = pkilIn->MessageType;
 
         //
@@ -217 +225 @@
         // advance buffer pointer over copied characters in extra space
         //
-        _UnicodeStringPackedUnicodeStringCopy(rkil.LogonDomainName, (PWSTR)pbBuffer, &pkil->LogonDomainName);
-        pkil->LogonDomainName.Buffer = (PWSTR)(pbBuffer - (BYTE*)pkil);
-        pbBuffer += pkil->LogonDomainName.Length;
-
-        _UnicodeStringPackedUnicodeStringCopy(rkil.UserName, (PWSTR)pbBuffer, &pkil->UserName);
-        pkil->UserName.Buffer = (PWSTR)(pbBuffer - (BYTE*)pkil);
-        pbBuffer += pkil->UserName.Length;
-
-        _UnicodeStringPackedUnicodeStringCopy(rkil.Password, (PWSTR)pbBuffer, &pkil->Password);
-        pkil->Password.Buffer = (PWSTR)(pbBuffer - (BYTE*)pkil);
-
-        *prgb = (BYTE*)pkil;
+        _UnicodeStringPackedUnicodeStringCopy(pkilIn->LogonDomainName, (PWSTR)pbBuffer, &pkilOut->LogonDomainName);
+        pkilOut->LogonDomainName.Buffer = (PWSTR)(pbBuffer - (BYTE*)pkiulOut);
+        pbBuffer += pkilOut->LogonDomainName.Length;
+
+        _UnicodeStringPackedUnicodeStringCopy(pkilIn->UserName, (PWSTR)pbBuffer, &pkilOut->UserName);
+        pkilOut->UserName.Buffer = (PWSTR)(pbBuffer - (BYTE*)pkiulOut);
+        pbBuffer += pkilOut->UserName.Length;
+
+        _UnicodeStringPackedUnicodeStringCopy(pkilIn->Password, (PWSTR)pbBuffer, &pkilOut->Password);
+        pkilOut->Password.Buffer = (PWSTR)(pbBuffer - (BYTE*)pkiulOut);
+
+        *prgb = (BYTE*)pkiulOut;
         *pcb = cb;
 
@@ -246 +254 @@
 // memory space boundary is not going to work -- repack it if necessary!
 //
-//
-// Unpack a KERB_INTERACTIVE_UNLOCK_LOGON *in place*.  That is, reset the Buffers from being offsets to
-// being real pointers.  This means, of course, that passing the resultant struct across any sort of
-// memory space boundary is not going to work -- repack it if necessary!
-//
-void KerbInteractiveLogonUnpackInPlace(
+void KerbInteractiveUnlockLogonUnpackInPlace(
     __inout_bcount(cb) KERB_INTERACTIVE_UNLOCK_LOGON* pkiul
     )

trunk/src/VBox/Additions/WINNT/VBoxCredProv/helpers.h

@@ -44 +44 @@
 
 //packages the credentials into the buffer that the system expects
-HRESULT KerbInteractiveLogonPack(
-    const KERB_INTERACTIVE_LOGON& rkil,
+HRESULT KerbInteractiveUnlockLogonPack(
+    const KERB_INTERACTIVE_UNLOCK_LOGON& rkiulIn,
     BYTE** prgb,
     DWORD* pcb
@@ -51 +51 @@
 
 //unpacks the "packed" version of the creds in-place into the "unpacked" version
-void KerbInteractiveLogonUnpackInPlace(
+void KerbInteractiveUnlockLogonUnpackInPlace(
     KERB_INTERACTIVE_UNLOCK_LOGON* pkiul
     );
-
 
 //get the authentication package that will be used for our logon attempt
@@ -60 +59 @@
     ULONG * pulAuthPackage
     );
+