archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 5c6fe3db62
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c6fe3db62'
${ noResults }
windows-server-2003/ds/security/gina/common/optlogon.c

444 lines
12 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (c) 2001 Microsoft Corporation
  5. Module Name:
  7. optlogon.c
  9. Abstract:
  11. This module contains the shared rountines for the optimized logon.
  13. Author:
  15. Cenk Ergan (cenke) - 2001/05/07
  17. Environment:
  19. User Mode
  21. --*/
  23. #include <nt.h>
  24. #include <ntrtl.h>
  25. #include <nturtl.h>
  26. #include <windows.h>
  27. #include <ginacomn.h>
  29. //
  30. // The registry values under ProfileList\%UserSidString% checked when
  31. // determining if we should logon by cached credentials by default.
  32. //
  34. #define GC_PROFILE_LIST_PATH L"Software\\Microsoft\\Windows NT\\CurrentVersion\\ProfileList"
  35. #define GC_NEXT_LOGON_CACHEABLE_VALUE_NAME L"NextLogonCacheable"
  36. #define GC_SYNC_LOGON_SCRIPT_VALUE_NAME L"RunLogonScriptSync"
  37. #define GC_OPTIMIZED_LOGON_VALUE_NAME L"OptimizedLogonStatus"
  39. /***************************************************************************\
  40. * GcCheckIfProfileAllowsCachedLogon
  41. *
  42. * Returns whether profile settings are not compatible with doing fast-cached
  43. * logons every logon, e.g. roaming profile, remote home directory etc.
  44. *
  45. * History:
  46. * 03-23-01 Cenke Created
  47. \***************************************************************************/
  48. DWORD
  49. GcCheckIfProfileAllowsCachedLogon(
  50. PUNICODE_STRING HomeDirectory,
  51. PUNICODE_STRING ProfilePath,
  52. PWCHAR UserSidString,
  53. PDWORD NextLogonCacheable
  54. )
  55. {
  56. DWORD ErrorCode;
  57. DWORD LogonCacheable;
  58. DWORD UserPreference;
  60. //
  61. // Start with the assumption that the logon is not cacheable.
  62. //
  64. ErrorCode = ERROR_SUCCESS;
  65. LogonCacheable = FALSE;
  67. //
  68. // Is the home directory on the network (i.e. a UNC path)?
  69. //
  71. if (HomeDirectory &&
  72. HomeDirectory->Length > 4 &&
  73. GcIsUNCPath(HomeDirectory->Buffer)) {
  74. goto cleanup;
  75. }
  77. //
  78. // Is the profile path on the network (i.e. a UNC path)?
  79. //
  81. if (ProfilePath &&
  82. ProfilePath->Length > 4 &&
  83. GcIsUNCPath(ProfilePath->Buffer)) {
  85. //
  86. // Check if the user has explicitly requested his roaming profile to
  87. // be local on this machine.
  88. //
  90. UserPreference = GcGetUserPreferenceValue(UserSidString);
  92. //
  93. // If user preference is not 0, then the roaming user profile is not
  94. // set to be local on this machine: we can't do optimized logon.
  95. //
  97. if (UserPreference) {
  98. goto cleanup;
  99. }
  100. }
  102. //
  103. // The logon is cacheable.
  104. //
  106. LogonCacheable = TRUE;
  108. cleanup:
  110. if (ErrorCode == ERROR_SUCCESS) {
  111. *NextLogonCacheable = LogonCacheable;
  112. }
  114. return ErrorCode;
  115. }
  117. /***************************************************************************\
  118. * GcCheckIfLogonScriptsRunSync
  119. *
  120. * Returns whether logons scripts are to be run synchronously.
  121. * Default is asynchronous.
  122. *
  123. * History:
  124. * 04-25-01 Cenke Created
  125. \***************************************************************************/
  126. BOOL
  127. GcCheckIfLogonScriptsRunSync(
  128. PWCHAR UserSidString
  129. )
  130. {
  131. DWORD ErrorCode;
  132. BOOL bSync = FALSE;
  134. ErrorCode = GcAccessProfileListUserSetting(UserSidString,
  135. FALSE,
  136. GC_SYNC_LOGON_SCRIPT_VALUE_NAME,
  137. &(DWORD)bSync);
  139. if (ErrorCode != ERROR_SUCCESS) {
  140. bSync = FALSE;
  141. }
  143. return bSync;
  144. }
  146. /***************************************************************************\
  147. * GcAccessProfileListUserSetting
  148. *
  149. * Queries or sets a DWORD value for the specified user under the local
  150. * machine profile list key.
  151. *
  152. * History:
  153. * 05-01-01 Cenke Created
  154. \***************************************************************************/
  155. DWORD
  156. GcAccessProfileListUserSetting (
  157. PWCHAR UserSidString,
  158. BOOL SetValue,
  159. PWCHAR ValueName,
  160. PDWORD Value
  161. )
  162. {
  163. HKEY ProfileListKey;
  164. HKEY UserProfileKey;
  165. ULONG Result;
  166. DWORD ErrorCode;
  167. DWORD ValueType;
  168. DWORD Size;
  170. //
  171. // Initialize locals.
  172. //
  174. UserProfileKey = NULL;
  175. ProfileListKey = NULL;
  177. //
  178. // Open the ProfileList registry key.
  179. //
  181. Result = RegOpenKeyEx(HKEY_LOCAL_MACHINE,
  182. GC_PROFILE_LIST_PATH,
  183. 0,
  184. KEY_READ,
  185. &ProfileListKey);
  187. if (Result != ERROR_SUCCESS) {
  188. ErrorCode = Result;
  189. goto cleanup;
  190. }
  192. //
  193. // Open the user's profile key under the ProfileList key using user's SID.
  194. //
  196. Result = RegOpenKeyEx(ProfileListKey,
  197. UserSidString,
  198. 0,
  199. KEY_READ | KEY_WRITE,
  200. &UserProfileKey);
  202. if (Result != ERROR_SUCCESS) {
  203. ErrorCode = Result;
  204. goto cleanup;
  205. }
  207. if (SetValue) {
  209. //
  210. // Set the value.
  211. //
  213. Result = RegSetValueEx(UserProfileKey,
  214. ValueName,
  215. 0,
  216. REG_DWORD,
  217. (BYTE *) Value,
  218. sizeof(DWORD));
  220. if (Result != ERROR_SUCCESS) {
  221. ErrorCode = Result;
  222. goto cleanup;
  223. }
  225. } else {
  227. //
  228. // Query the value.
  229. //
  231. Size = sizeof(DWORD);
  233. Result = RegQueryValueEx(UserProfileKey,
  234. ValueName,
  235. 0,
  236. &ValueType,
  237. (BYTE *) Value,
  238. &Size);
  240. if (Result != ERROR_SUCCESS) {
  241. ErrorCode = Result;
  242. goto cleanup;
  243. }
  245. }
  247. //
  248. // We are done.
  249. //
  251. ErrorCode = ERROR_SUCCESS;
  253. cleanup:
  255. if (ProfileListKey) {
  256. RegCloseKey(ProfileListKey);
  257. }
  259. if (UserProfileKey) {
  260. RegCloseKey(UserProfileKey);
  261. }
  263. return ErrorCode;
  264. }
  267. /***************************************************************************\
  268. * GcGetNextLogonCacheable
  269. *
  270. * Returns whether we are allowed to perform a cached logon at the next logon.
  271. * For instance, if last time we logged on using cached credentials, our attempt
  272. * at background logon failed for a reason (e.g. password expired) we want to
  273. * force the user to hit the network logon path to deal with.
  274. *
  275. * History:
  276. * 03-23-01 Cenke Created
  277. \***************************************************************************/
  278. DWORD
  279. GcGetNextLogonCacheable(
  280. PWCHAR UserSidString,
  281. PDWORD NextLogonCacheable
  282. )
  283. {
  284. DWORD ErrorCode;
  286. ErrorCode = GcAccessProfileListUserSetting(UserSidString,
  287. FALSE,
  288. GC_NEXT_LOGON_CACHEABLE_VALUE_NAME,
  289. NextLogonCacheable);
  291. return ErrorCode;
  292. }
  294. /***************************************************************************\
  295. * GcSetNextLogonCacheable
  296. *
  297. * Sets whether we are allowed to perform a cached logon at the next logon.
  298. * For instance, if after logging on the user with cached credentials our attempt
  299. * at background logon fails for a reason (e.g. password expired) we want to
  300. * force the user to hit the network logon path to deal with.
  301. *
  302. * History:
  303. * 03-23-01 Cenke Created
  304. \***************************************************************************/
  305. DWORD
  306. GcSetNextLogonCacheable(
  307. PWCHAR UserSidString,
  308. DWORD NextLogonCacheable
  309. )
  310. {
  311. DWORD ErrorCode;
  313. ErrorCode = GcAccessProfileListUserSetting(UserSidString,
  314. TRUE,
  315. GC_NEXT_LOGON_CACHEABLE_VALUE_NAME,
  316. &NextLogonCacheable);
  318. return ErrorCode;
  319. }
  321. /***************************************************************************\
  322. * GcSetOptimizedLogonStatus
  323. *
  324. * Saves optimized logon status for the user in the profile list.
  325. *
  326. * History:
  327. * 03-23-01 Cenke Created
  328. \***************************************************************************/
  329. DWORD
  330. GcSetOptimizedLogonStatus(
  331. PWCHAR UserSidString,
  332. DWORD OptimizedLogonStatus
  333. )
  334. {
  335. DWORD ErrorCode;
  337. ErrorCode = GcAccessProfileListUserSetting(UserSidString,
  338. TRUE,
  339. GC_OPTIMIZED_LOGON_VALUE_NAME,
  340. &OptimizedLogonStatus);
  342. return ErrorCode;
  343. }
  345. /***************************************************************************\
  346. * GcGetUserPreferenceValue
  347. *
  348. * Gets user preference flags on whether the user's roaming profile is set
  349. * to be local on this machine.
  350. *
  351. * History:
  352. * 05-01-01 Cenke Copied from gina\userenv\profile.cpp
  353. \***************************************************************************/
  354. #define SYSTEM_POLICIES_KEY TEXT("Software\\Policies\\Microsoft\\Windows\\System")
  355. #define PROFILE_LOCALONLY TEXT("LocalProfile")
  356. #define USER_PREFERENCE TEXT("UserPreference")
  357. #define USERINFO_LOCAL 0
  358. #define USERINFO_UNDEFINED 99
  359. const TCHAR c_szBAK[] = TEXT(".bak");
  361. DWORD
  362. GcGetUserPreferenceValue(
  363. LPTSTR SidString
  364. )
  365. {
  366. TCHAR LocalProfileKey[MAX_PATH];
  367. DWORD RegErr, dwType, dwSize, dwTmpVal, dwRetVal = USERINFO_UNDEFINED;
  368. LPTSTR lpEnd;
  369. HKEY hkeyProfile, hkeyPolicy;
  371. if (RegOpenKeyEx(HKEY_LOCAL_MACHINE,
  372. SYSTEM_POLICIES_KEY,
  373. 0, KEY_READ,
  374. &hkeyPolicy) == ERROR_SUCCESS) {
  376. dwSize = sizeof(dwTmpVal);
  377. RegQueryValueEx(hkeyPolicy,
  378. PROFILE_LOCALONLY,
  379. NULL, &dwType,
  380. (LPBYTE) &dwTmpVal,
  381. &dwSize);
  383. RegCloseKey (hkeyPolicy);
  384. if (dwTmpVal == 1) {
  385. dwRetVal = USERINFO_LOCAL;
  386. return dwRetVal;
  387. }
  388. }
  390. if (SidString != NULL) {
  392. //
  393. // Query for the UserPreference value
  394. //
  396. lstrcpy(LocalProfileKey, GC_PROFILE_LIST_PATH);
  397. lpEnd = GcCheckSlash (LocalProfileKey);
  398. lstrcpy(lpEnd, SidString);
  400. RegErr = RegOpenKeyEx(HKEY_LOCAL_MACHINE,
  401. LocalProfileKey,
  402. 0,
  403. KEY_READ,
  404. &hkeyProfile);
  407. if (RegErr == ERROR_SUCCESS) {
  409. dwSize = sizeof(dwRetVal);
  410. RegQueryValueEx(hkeyProfile,
  411. USER_PREFERENCE,
  412. NULL,
  413. &dwType,
  414. (LPBYTE) &dwRetVal,
  415. &dwSize);
  417. RegCloseKey (hkeyProfile);
  418. }
  420. lstrcat(LocalProfileKey, c_szBAK);
  421. RegErr = RegOpenKeyEx(HKEY_LOCAL_MACHINE,
  422. LocalProfileKey,
  423. 0,
  424. KEY_READ,
  425. &hkeyProfile);
  428. if (RegErr == ERROR_SUCCESS) {
  430. dwSize = sizeof(dwRetVal);
  431. RegQueryValueEx(hkeyProfile,
  432. USER_PREFERENCE,
  433. NULL,
  434. &dwType,
  435. (LPBYTE) &dwRetVal,
  436. &dwSize);
  438. RegCloseKey (hkeyProfile);
  439. }
  440. }
  442. return dwRetVal;
  443. }