You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2408 lines
73 KiB
2408 lines
73 KiB
//e+---------------------------------------------------------------------------
|
|
//
|
|
// Microsoft Windows
|
|
// Copyright (C) Microsoft Corporation, 1992 - 1993.
|
|
//
|
|
// File: mslock.c
|
|
//
|
|
// Contents: Microsoft Logon GUI DLL
|
|
//
|
|
// History: 7-14-94 RichardW Created
|
|
//
|
|
//----------------------------------------------------------------------------
|
|
|
|
#include "msgina.h"
|
|
#include <stdio.h>
|
|
#include <wchar.h>
|
|
#include "shlwapi.h"
|
|
#include "shlwapip.h"
|
|
|
|
#define WM_SMARTCARD_ASYNC_MESSAGE (WM_USER + 201)
|
|
#define WM_SMARTCARD_ERROR_DISPLAY_1 (WM_USER + 202)
|
|
#define WM_SMARTCARD_ERROR_DISPLAY_2 (WM_USER + 203)
|
|
|
|
#define MSGINA_DLG_ASYNC_PROCESSING 122
|
|
|
|
static UINT ctrlNoDomain[] =
|
|
{
|
|
IDOK,
|
|
IDCANCEL,
|
|
IDD_UNLOCK_OPTIONS,
|
|
IDD_KBLAYOUT_ICON,
|
|
};
|
|
|
|
static UINT ctrlNoUserName[] =
|
|
{
|
|
IDD_UNLOCK_DOMAIN,
|
|
IDD_UNLOCK_DOMAIN_LABEL,
|
|
IDD_UNLOCK_PASSWORD,
|
|
IDC_UNLOCK_PASSWORD_LABEL,
|
|
IDOK,
|
|
IDCANCEL,
|
|
IDD_UNLOCK_OPTIONS,
|
|
IDD_KBLAYOUT_ICON,
|
|
};
|
|
|
|
//
|
|
// Define the structure used to pass data into the lock dialogs
|
|
//
|
|
|
|
typedef enum _LOCKED_STATE_DIALOGS {
|
|
LockedDialog,
|
|
PasswordDialog,
|
|
PINDialog
|
|
} LOCKED_STATE_DIALOGS ;
|
|
|
|
typedef enum _ACTION_TAKEN {
|
|
None,
|
|
SmartCardInserted,
|
|
SmartCardRemoved,
|
|
CancelHit
|
|
} ACTION_TAKEN ;
|
|
|
|
typedef struct {
|
|
PGLOBALS pGlobals;
|
|
TIME LockTime;
|
|
} LOCK_DATA;
|
|
typedef LOCK_DATA *PLOCK_DATA;
|
|
|
|
typedef struct _UNLOCK_DLG_STATE {
|
|
PGLOBALS pGlobals ;
|
|
DWORD dwSasType ;
|
|
ACTION_TAKEN ActionTaken;
|
|
BOOL fKillTimer;
|
|
BOOL fUserBeingPrompted;
|
|
BOOL fCardRemoved;
|
|
} UNLOCK_DLG_STATE, * PUNLOCK_DLG_STATE ;
|
|
|
|
typedef struct _ASYNC_UNLOCK_DATA {
|
|
PGLOBALS pGlobals;
|
|
HWND hDlg;
|
|
PUNLOCK_DLG_STATE pUnlockDlgState;
|
|
UNICODE_STRING UserName;
|
|
UNICODE_STRING Domain;
|
|
UNICODE_STRING Password;
|
|
DWORD Reserved;
|
|
} ASYNC_UNLOCK_DATA, * PASYNC_UNLOCK_DATA;
|
|
|
|
typedef struct _UNLOCK_MESSAGE {
|
|
NTSTATUS Status ;
|
|
UINT Resource ;
|
|
} UNLOCK_MESSAGE, * PUNLOCK_MESSAGE ;
|
|
|
|
UNLOCK_MESSAGE UnlockMessages[] = {
|
|
{ STATUS_LOGON_FAILURE, IDS_UNLOCK_FAILED_BAD_PWD },
|
|
{ STATUS_INVALID_LOGON_HOURS, IDS_INVALID_LOGON_HOURS },
|
|
{ STATUS_INVALID_WORKSTATION, IDS_INVALID_WORKSTATION },
|
|
{ STATUS_ACCOUNT_DISABLED, IDS_ACCOUNT_DISABLED },
|
|
{ STATUS_NO_LOGON_SERVERS, IDS_LOGON_NO_DOMAIN },
|
|
{ STATUS_LOGON_TYPE_NOT_GRANTED, IDS_LOGON_TYPE_NOT_GRANTED },
|
|
{ STATUS_NO_TRUST_LSA_SECRET, IDS_NO_TRUST_LSA_SECRET },
|
|
{ STATUS_TRUSTED_DOMAIN_FAILURE, IDS_TRUSTED_DOMAIN_FAILURE },
|
|
{ STATUS_TRUSTED_RELATIONSHIP_FAILURE, IDS_TRUSTED_RELATIONSHIP_FAILURE },
|
|
{ STATUS_ACCOUNT_EXPIRED, IDS_ACCOUNT_EXPIRED },
|
|
{ STATUS_NETLOGON_NOT_STARTED, IDS_NETLOGON_NOT_STARTED },
|
|
{ STATUS_ACCOUNT_LOCKED_OUT, IDS_ACCOUNT_LOCKED },
|
|
{ STATUS_SMARTCARD_WRONG_PIN, IDS_STATUS_SMARTCARD_WRONG_PIN_UNLOCK },
|
|
{ STATUS_SMARTCARD_CARD_BLOCKED, IDS_STATUS_SMARTCARD_CARD_BLOCKED_UNLOCK },
|
|
{ STATUS_SMARTCARD_NO_CARD, IDS_STATUS_SMARTCARD_NO_CARD_UNLOCK },
|
|
{ STATUS_SMARTCARD_NO_KEY_CONTAINER, IDS_STATUS_SMARTCARD_NO_KEY_CONTAINER_UNLOCK },
|
|
{ STATUS_SMARTCARD_NO_CERTIFICATE, IDS_STATUS_SMARTCARD_NO_CERTIFICATE_UNLOCK },
|
|
{ STATUS_SMARTCARD_NO_KEYSET, IDS_STATUS_SMARTCARD_NO_KEYSET_UNLOCK },
|
|
{ STATUS_SMARTCARD_IO_ERROR, IDS_STATUS_SMARTCARD_IO_ERROR_UNLOCK },
|
|
{ STATUS_SMARTCARD_CERT_EXPIRED, IDS_STATUS_SMARTCARD_CERT_EXPIRED_UNLOCK },
|
|
{ STATUS_SMARTCARD_CERT_REVOKED, IDS_STATUS_SMARTCARD_CERT_REVOKED_UNLOCK },
|
|
{ STATUS_ISSUING_CA_UNTRUSTED, IDS_STATUS_ISSUING_CA_UNTRUSTED_UNLOCK },
|
|
{ STATUS_REVOCATION_OFFLINE_C, IDS_STATUS_REVOCATION_OFFLINE_C_UNLOCK },
|
|
{ STATUS_PKINIT_CLIENT_FAILURE, IDS_STATUS_PKINIT_CLIENT_FAILURE_UNLOCK },
|
|
{ STATUS_SMARTCARD_LOGON_REQUIRED, IDS_STATUS_SMARTCARD_LOGON_REQUIRED_UNLOCK },
|
|
{ STATUS_PASSWORD_EXPIRED, IDS_UNLOCK_PWD_CHANGE },
|
|
{ STATUS_PASSWORD_MUST_CHANGE, IDS_UNLOCK_PWD_CHANGE }
|
|
};
|
|
|
|
|
|
//
|
|
// Private prototypes
|
|
//
|
|
BOOL LockedDlgInit(HWND, PGLOBALS);
|
|
BOOL UnlockDlgInit(HWND, PGLOBALS, DWORD SasType);
|
|
INT_PTR AttemptUnlock(HWND, PGLOBALS, PUNLOCK_DLG_STATE);
|
|
//INT_PTR CALLBACK LogoffWaitDlgProc(HWND, UINT, WPARAM, LPARAM);
|
|
VOID UnlockShowOptions(PGLOBALS pGlobals, HWND hDlg, BOOL fShow);
|
|
VOID DisplaySmartCardUnlockErrMessage(PGLOBALS pGlobals, HWND hDlg, DWORD dwErrorType, NTSTATUS Status, INT_PTR *pResult);
|
|
BOOL ValidateSC(PGLOBALS pGlobals);
|
|
|
|
HICON hLockedIcon = NULL;
|
|
HICON hUnlockIcon = NULL;
|
|
|
|
// declared in mslogon.c
|
|
LRESULT CALLBACK DisableEditSubClassProc (HWND hwnd, UINT uMsg, WPARAM wParam, LPARAM lParam, UINT_PTR uiID, DWORD_PTR dwRefData);
|
|
BOOL ReplacedPossibleDisplayName (WCHAR *pszUsername, int nUserMax);
|
|
|
|
void
|
|
SetLockedInfo(
|
|
PGLOBALS pGlobals,
|
|
HWND hDlg,
|
|
UINT ControlId)
|
|
{
|
|
TCHAR Buffer1[MAX_STRING_BYTES] = TEXT("");
|
|
TCHAR Buffer2[MAX_STRING_BYTES] = TEXT("");
|
|
|
|
|
|
//
|
|
// Set the locked message
|
|
//
|
|
|
|
if ( pGlobals->Domain[0] == TEXT('\0') )
|
|
{
|
|
if (lstrlen(pGlobals->UserFullName) == 0) {
|
|
|
|
//
|
|
// There is no full name, so don't try to print one out
|
|
//
|
|
|
|
LoadString(hDllInstance, IDS_LOCKED_EMAIL_NFN_MESSAGE, Buffer1, MAX_STRING_BYTES);
|
|
|
|
_snwprintf(Buffer2, sizeof(Buffer2)/sizeof(TCHAR), Buffer1, pGlobals->UserName );
|
|
|
|
} else {
|
|
|
|
LoadString(hDllInstance, IDS_LOCKED_EMAIL_MESSAGE, Buffer1, MAX_STRING_BYTES);
|
|
|
|
_snwprintf(Buffer2, sizeof(Buffer2)/sizeof(TCHAR), Buffer1, pGlobals->UserName, pGlobals->UserFullName);
|
|
}
|
|
|
|
}
|
|
else
|
|
{
|
|
if (lstrlen(pGlobals->UserFullName) == 0) {
|
|
|
|
//
|
|
// There is no full name, so don't try to print one out
|
|
//
|
|
|
|
LoadString(hDllInstance, IDS_LOCKED_NFN_MESSAGE, Buffer1, MAX_STRING_BYTES);
|
|
|
|
_snwprintf(Buffer2, sizeof(Buffer2)/sizeof(TCHAR), Buffer1, pGlobals->Domain, pGlobals->UserName );
|
|
|
|
} else {
|
|
|
|
LoadString(hDllInstance, IDS_LOCKED_MESSAGE, Buffer1, MAX_STRING_BYTES);
|
|
|
|
_snwprintf(Buffer2, sizeof(Buffer2)/sizeof(TCHAR), Buffer1, pGlobals->Domain, pGlobals->UserName, pGlobals->UserFullName);
|
|
}
|
|
}
|
|
|
|
Buffer2[ sizeof(Buffer2)/sizeof(TCHAR) - 1 ] = 0;
|
|
SetWindowText(GetDlgItem(hDlg, ControlId), Buffer2);
|
|
|
|
}
|
|
|
|
|
|
/***************************************************************************\
|
|
* FUNCTION: LockedDlgProc
|
|
*
|
|
* PURPOSE: Processes messages for the workstation locked dialog
|
|
*
|
|
* RETURNS:
|
|
* DLG_SUCCESS - the user pressed Ctrl-Alt-Del
|
|
* DLG_LOGOFF() - the user was asynchronously logged off.
|
|
* DLG_SCREEN_SAVER_TIMEOUT - the screen-saver should be started
|
|
* DLG_FAILURE - the dialog could not be displayed.
|
|
*
|
|
* HISTORY:
|
|
*
|
|
* 12-09-91 Davidc Created.
|
|
*
|
|
\***************************************************************************/
|
|
|
|
INT_PTR
|
|
CALLBACK
|
|
LockedDlgProc(
|
|
HWND hDlg,
|
|
UINT message,
|
|
WPARAM wParam,
|
|
LPARAM lParam
|
|
)
|
|
{
|
|
|
|
PGLOBALS pGlobals = (PGLOBALS) GetWindowLongPtr( hDlg, GWLP_USERDATA);
|
|
|
|
switch (message)
|
|
{
|
|
case WM_INITDIALOG:
|
|
SetWindowLongPtr(hDlg, GWLP_USERDATA, lParam);
|
|
|
|
pGlobals = (PGLOBALS) lParam ;
|
|
|
|
if (GetDisableCad(pGlobals))
|
|
{
|
|
// Set our size to zero so we we don't appear
|
|
SetWindowPos(hDlg, NULL, 0, 0, 0, 0, SWP_NOACTIVATE | SWP_NOMOVE |
|
|
SWP_NOREDRAW | SWP_NOZORDER);
|
|
|
|
pWlxFuncs->WlxSasNotify( pGlobals->hGlobalWlx,
|
|
WLX_SAS_TYPE_CTRL_ALT_DEL );
|
|
}
|
|
else
|
|
{
|
|
if (!LockedDlgInit(hDlg, pGlobals)) {
|
|
EndDialog(hDlg, DLG_FAILURE);
|
|
}
|
|
}
|
|
return(TRUE);
|
|
|
|
case WLX_WM_SAS:
|
|
if ( wParam != WLX_SAS_TYPE_SC_REMOVE &&
|
|
wParam != WLX_SAS_TYPE_SC_FIRST_READER_ARRIVED &&
|
|
wParam != WLX_SAS_TYPE_SC_LAST_READER_REMOVED )
|
|
{
|
|
EndDialog(hDlg, MSGINA_DLG_SUCCESS);
|
|
}
|
|
return(TRUE);
|
|
|
|
case WM_ERASEBKGND:
|
|
return PaintBranding(hDlg, (HDC)wParam, 0, FALSE, FALSE, COLOR_BTNFACE);
|
|
|
|
case WM_QUERYNEWPALETTE:
|
|
return BrandingQueryNewPalete(hDlg);
|
|
|
|
case WM_PALETTECHANGED:
|
|
return BrandingPaletteChanged(hDlg, (HWND)wParam);
|
|
}
|
|
|
|
// We didn't process this message
|
|
return FALSE;
|
|
}
|
|
|
|
|
|
/***************************************************************************\
|
|
* FUNCTION: LockedDlgInit
|
|
*
|
|
* PURPOSE: Handles initialization of locked workstation dialog
|
|
*
|
|
* RETURNS: TRUE on success, FALSE on failure
|
|
*
|
|
* HISTORY:
|
|
*
|
|
* 12-09-91 Davidc Created.
|
|
*
|
|
\***************************************************************************/
|
|
|
|
BOOL
|
|
LockedDlgInit(
|
|
HWND hDlg,
|
|
PGLOBALS pGlobals
|
|
)
|
|
{
|
|
|
|
ULONG_PTR Value;
|
|
|
|
SetWelcomeCaption(hDlg);
|
|
SetLockedInfo(pGlobals, hDlg, IDD_LOCKED_NAME_INFO);
|
|
SetupSystemMenu(hDlg);
|
|
|
|
// Size for the branding image we are going to add.
|
|
SizeForBranding(hDlg, FALSE);
|
|
|
|
if ( !hLockedIcon )
|
|
{
|
|
hLockedIcon = LoadImage( hDllInstance,
|
|
MAKEINTRESOURCE( IDI_LOCKED),
|
|
IMAGE_ICON,
|
|
0, 0,
|
|
LR_DEFAULTCOLOR );
|
|
}
|
|
|
|
SendMessage( GetDlgItem(hDlg, IDD_LOCKED_ICON),
|
|
STM_SETICON,
|
|
(WPARAM)hLockedIcon,
|
|
0 );
|
|
|
|
// Stop filtering SC events so SC unlock works
|
|
pWlxFuncs->WlxSetOption( pGlobals->hGlobalWlx,
|
|
WLX_OPTION_USE_SMART_CARD,
|
|
1,
|
|
NULL
|
|
);
|
|
|
|
//
|
|
// is this a smartcard gina?
|
|
//
|
|
|
|
pWlxFuncs->WlxGetOption( pGlobals->hGlobalWlx,
|
|
WLX_OPTION_SMART_CARD_PRESENT,
|
|
&Value
|
|
);
|
|
|
|
if ( Value )
|
|
{
|
|
TCHAR szInsertCard[256];
|
|
szInsertCard[0] = 0;
|
|
|
|
// Also change unlock message to mention smartcard
|
|
LoadString(hDllInstance, IDS_INSERTCARDORSAS_UNLOCK, szInsertCard, ARRAYSIZE(szInsertCard));
|
|
|
|
SetDlgItemText(hDlg, IDD_LOCKED_INSTRUCTIONS, szInsertCard);
|
|
}
|
|
|
|
CentreWindow(hDlg);
|
|
|
|
return TRUE;
|
|
}
|
|
|
|
|
|
//+---------------------------------------------------------------------------
|
|
//
|
|
// Function: WlxDisplayLockedNotice
|
|
//
|
|
// Synopsis:
|
|
//
|
|
// Effects:
|
|
//
|
|
// Arguments: [pWlxContext] --
|
|
//
|
|
// Requires:
|
|
//
|
|
// Returns:
|
|
//
|
|
// Signals:
|
|
//
|
|
// Modifies:
|
|
//
|
|
// Algorithm:
|
|
//
|
|
// History: 6-16-98 RichardW Created
|
|
//
|
|
// Notes:
|
|
//
|
|
//----------------------------------------------------------------------------
|
|
|
|
|
|
VOID
|
|
WINAPI
|
|
WlxDisplayLockedNotice(
|
|
PVOID pWlxContext
|
|
)
|
|
{
|
|
PGLOBALS pGlobals;
|
|
|
|
pGlobals = (PGLOBALS) pWlxContext;
|
|
|
|
GetSystemTimeAsFileTime( (LPFILETIME) &pGlobals->LockTime);
|
|
|
|
pWlxFuncs->WlxSetTimeout(pGlobals->hGlobalWlx, LOGON_TIMEOUT);
|
|
pWlxFuncs->WlxDialogBoxParam( pGlobals->hGlobalWlx,
|
|
hDllInstance,
|
|
(LPWSTR) MAKEINTRESOURCE(IDD_LOCKED_DIALOG),
|
|
NULL,
|
|
LockedDlgProc,
|
|
(LPARAM) pGlobals );
|
|
|
|
}
|
|
|
|
BOOL
|
|
SmartCardInsterted(
|
|
PGLOBALS pGlobals)
|
|
{
|
|
PWLX_SC_NOTIFICATION_INFO ScInfo = NULL ;
|
|
|
|
pWlxFuncs->WlxGetOption( pGlobals->hGlobalWlx,
|
|
WLX_OPTION_SMART_CARD_INFO,
|
|
(ULONG_PTR *) &ScInfo );
|
|
|
|
if ( ScInfo )
|
|
{
|
|
LocalFree(ScInfo);
|
|
return (TRUE);
|
|
}
|
|
else
|
|
{
|
|
return (FALSE);
|
|
}
|
|
}
|
|
|
|
|
|
|
|
int
|
|
WINAPI
|
|
WlxWkstaLockedSAS(
|
|
PVOID pWlxContext,
|
|
DWORD dwSasType
|
|
)
|
|
{
|
|
PGLOBALS pGlobals;
|
|
DWORD Result;
|
|
UNLOCK_DLG_STATE UnlockDlgState ;
|
|
BOOL fContinue = FALSE;
|
|
ULONG_PTR ulOption;
|
|
|
|
LOCKED_STATE_DIALOGS PreviousState;
|
|
LOCKED_STATE_DIALOGS CurrentState;
|
|
pGlobals = (PGLOBALS) pWlxContext;
|
|
|
|
UnlockDlgState.pGlobals = pGlobals ;
|
|
UnlockDlgState.dwSasType = dwSasType ;
|
|
UnlockDlgState.ActionTaken = None ;
|
|
|
|
//
|
|
// Set the previous state based on whether CAD is disabled, and
|
|
// the current SAS type
|
|
//
|
|
if (GetDisableCad(pGlobals))
|
|
{
|
|
PreviousState = PasswordDialog;
|
|
|
|
//
|
|
// If the CAD is disabled, then go directly to the PIN dialog
|
|
//
|
|
if (SmartCardInsterted(pGlobals))
|
|
{
|
|
UnlockDlgState.dwSasType = WLX_SAS_TYPE_SC_INSERT;
|
|
CurrentState = PINDialog;
|
|
}
|
|
else
|
|
{
|
|
CurrentState = PasswordDialog;
|
|
}
|
|
}
|
|
else
|
|
{
|
|
PreviousState = LockedDialog;
|
|
|
|
//
|
|
// Set the current state based on the SAS we are receiving
|
|
//
|
|
if (dwSasType == WLX_SAS_TYPE_SC_INSERT)
|
|
{
|
|
CurrentState = PINDialog;
|
|
}
|
|
else
|
|
{
|
|
CurrentState = PasswordDialog;
|
|
}
|
|
}
|
|
|
|
do
|
|
{
|
|
UnlockDlgState.ActionTaken = None;
|
|
fContinue = FALSE;
|
|
|
|
// Make sure we monitor SC events
|
|
ulOption = 1;
|
|
pWlxFuncs->WlxSetOption( pGlobals->hGlobalWlx,
|
|
WLX_OPTION_USE_SMART_CARD,
|
|
ulOption,
|
|
NULL );
|
|
|
|
Result = pWlxFuncs->WlxDialogBoxParam(
|
|
pGlobals->hGlobalWlx,
|
|
hDllInstance,
|
|
MAKEINTRESOURCE(IDD_UNLOCK_DIALOG),
|
|
NULL,
|
|
UnlockDlgProc,
|
|
(LPARAM) &UnlockDlgState );
|
|
|
|
//
|
|
// Make a transition based on the current dialog
|
|
// (the one that has just ended)
|
|
//
|
|
switch (CurrentState)
|
|
{
|
|
|
|
case PasswordDialog:
|
|
|
|
//
|
|
// If the password dialog was just being displayed
|
|
// and a smartcard was inserted, then loop back
|
|
// and display the PIN dialog, otherwise, if the
|
|
// password dialog was dismissed for any other reason,
|
|
// then get out.
|
|
//
|
|
if (UnlockDlgState.ActionTaken == SmartCardInserted)
|
|
{
|
|
PreviousState = PasswordDialog;
|
|
CurrentState = PINDialog;
|
|
UnlockDlgState.dwSasType = WLX_SAS_TYPE_SC_INSERT; // go to PIN dlg
|
|
fContinue = TRUE;
|
|
}
|
|
break;
|
|
|
|
case PINDialog:
|
|
|
|
//
|
|
// If the PIN dialog was just being displayed
|
|
// and a smartcard was removed or cancel was hit, AND
|
|
// the dialog that was displayed before this was the
|
|
// password dialog, then loop back and display the
|
|
// password dialog again, otherwise, if the PIN dialog
|
|
// was dismissed for any other reason, then get out.
|
|
//
|
|
if ((UnlockDlgState.ActionTaken == SmartCardRemoved) ||
|
|
(UnlockDlgState.ActionTaken == CancelHit))
|
|
{
|
|
if (PreviousState == PasswordDialog)
|
|
{
|
|
CurrentState = PasswordDialog;
|
|
UnlockDlgState.dwSasType = WLX_SAS_TYPE_CTRL_ALT_DEL; // go to PWD Dlg
|
|
fContinue = TRUE;
|
|
|
|
// This will force winlogon to forget the last sc event
|
|
pWlxFuncs->WlxSetOption( pGlobals->hGlobalWlx,
|
|
WLX_OPTION_USE_SMART_CARD,
|
|
0,
|
|
NULL );
|
|
}
|
|
}
|
|
|
|
break;
|
|
}
|
|
|
|
} while (fContinue);
|
|
|
|
if ( Result == MSGINA_DLG_SUCCESS )
|
|
{
|
|
if ( (pGlobals->SmartCardOption == 0) || (!pGlobals->SmartCardLogon) )
|
|
{
|
|
// As no action will be taken on SC removal, we can filter these events
|
|
ulOption = 0;
|
|
}
|
|
else
|
|
{
|
|
//
|
|
// Continue to monitor the s/c device
|
|
//
|
|
NOTHING ;
|
|
}
|
|
}
|
|
else
|
|
{
|
|
// This will force winlogon to forget the last sc event
|
|
ulOption = 0;
|
|
}
|
|
if (ulOption == 0)
|
|
{
|
|
pWlxFuncs->WlxSetOption( pGlobals->hGlobalWlx,
|
|
WLX_OPTION_USE_SMART_CARD,
|
|
0,
|
|
NULL );
|
|
}
|
|
|
|
switch (Result)
|
|
{
|
|
case MSGINA_DLG_SUCCESS:
|
|
|
|
CheckPasswordExpiry( pGlobals, FALSE );
|
|
return(WLX_SAS_ACTION_UNLOCK_WKSTA);
|
|
|
|
case MSGINA_DLG_FAILURE:
|
|
case WLX_DLG_INPUT_TIMEOUT:
|
|
case WLX_DLG_SCREEN_SAVER_TIMEOUT:
|
|
return(WLX_SAS_ACTION_NONE);
|
|
|
|
case WLX_DLG_USER_LOGOFF:
|
|
return(WLX_SAS_ACTION_LOGOFF);
|
|
|
|
case MSGINA_DLG_FORCE_LOGOFF:
|
|
return(WLX_SAS_ACTION_FORCE_LOGOFF);
|
|
|
|
default:
|
|
DebugLog((DEB_WARN, "Unexpected return code from UnlockDlgProc, %d\n", Result));
|
|
return(WLX_SAS_ACTION_NONE);
|
|
|
|
}
|
|
}
|
|
|
|
BOOL
|
|
ValidateSC(
|
|
PGLOBALS pGlobals)
|
|
{
|
|
PWLX_SC_NOTIFICATION_INFO ScInfo = NULL ;
|
|
|
|
pWlxFuncs->WlxGetOption( pGlobals->hGlobalWlx,
|
|
WLX_OPTION_SMART_CARD_INFO,
|
|
(ULONG_PTR *) &ScInfo );
|
|
|
|
//
|
|
// Validate the SC info against some common user
|
|
// errors before the PIN dialog appears
|
|
//
|
|
|
|
if ( ScInfo )
|
|
{
|
|
if ( ( ScInfo->pszReader ) &&
|
|
( ScInfo->pszCard == NULL ) )
|
|
{
|
|
//
|
|
// The card could not be read. Might not be
|
|
// inserted correctly.
|
|
//
|
|
|
|
LocalFree(ScInfo);
|
|
|
|
TimeoutMessageBox( NULL, pGlobals, IDS_CARD_NOT_RECOGNIZED,
|
|
IDS_LOGON_MESSAGE,
|
|
MB_OK | MB_ICONEXCLAMATION,
|
|
LOGON_TIMEOUT );
|
|
|
|
return FALSE;
|
|
}
|
|
|
|
if ( ( ScInfo->pszReader ) &&
|
|
( ScInfo->pszCryptoProvider == NULL ) )
|
|
{
|
|
//
|
|
// Got a card, but the CSP for it could not be
|
|
// found.
|
|
//
|
|
|
|
LocalFree(ScInfo);
|
|
|
|
TimeoutMessageBox( NULL, pGlobals, IDS_CARD_CSP_NOT_RECOGNIZED,
|
|
IDS_LOGON_MESSAGE,
|
|
MB_OK | MB_ICONEXCLAMATION,
|
|
LOGON_TIMEOUT );
|
|
|
|
return FALSE;
|
|
}
|
|
|
|
LocalFree(ScInfo);
|
|
}
|
|
|
|
return TRUE;
|
|
|
|
}
|
|
|
|
/***************************************************************************\
|
|
* FUNCTION: UnlockDlgProc
|
|
*
|
|
* PURPOSE: Processes messages for the workstation unlock dialog
|
|
*
|
|
* RETURNS:
|
|
* DLG_SUCCESS - the user unlocked the workstation successfully.
|
|
* DLG_FAILURE - the user failed to unlock the workstation.
|
|
* DLG_INTERRUPTED() - this is a set of possible interruptions (see winlogon.h)
|
|
*
|
|
* HISTORY:
|
|
*
|
|
* 12-09-91 Davidc Created.
|
|
*
|
|
\***************************************************************************/
|
|
|
|
static UINT ctrlNoCancel[] =
|
|
{
|
|
IDOK,
|
|
};
|
|
|
|
INT_PTR
|
|
CALLBACK
|
|
UnlockDlgProc(
|
|
HWND hDlg,
|
|
UINT message,
|
|
WPARAM wParam,
|
|
LPARAM lParam
|
|
)
|
|
{
|
|
PGLOBALS pGlobals = NULL;
|
|
INT_PTR Result;
|
|
PUNLOCK_DLG_STATE pUnlockDlgState;
|
|
|
|
pUnlockDlgState = (PUNLOCK_DLG_STATE) GetWindowLongPtr(hDlg, GWLP_USERDATA);
|
|
|
|
if (message != WM_INITDIALOG)
|
|
{
|
|
pGlobals = pUnlockDlgState->pGlobals;
|
|
}
|
|
|
|
switch (message)
|
|
{
|
|
case WM_INITDIALOG:
|
|
|
|
pUnlockDlgState = (PUNLOCK_DLG_STATE) lParam ;
|
|
|
|
// Screen saver will run if set to expire >= 2 minutes
|
|
|
|
pWlxFuncs->WlxSetTimeout(pUnlockDlgState->pGlobals->hGlobalWlx,
|
|
(GetDisableCad(pUnlockDlgState->pGlobals) ? TIMEOUT_NONE : LOGON_TIMEOUT) );
|
|
|
|
|
|
// Limit the maximum password length to 127
|
|
|
|
SendDlgItemMessage(hDlg, IDD_UNLOCK_PASSWORD, EM_SETLIMITTEXT, (WPARAM) 127, 0);
|
|
|
|
SetWindowLongPtr(hDlg, GWLP_USERDATA, (ULONG_PTR) pUnlockDlgState );
|
|
|
|
//
|
|
// If this is an sc insert, then make sure the card is inserted correctly.
|
|
//
|
|
if ( pUnlockDlgState->dwSasType == WLX_SAS_TYPE_SC_INSERT )
|
|
{
|
|
if (!ValidateSC( pUnlockDlgState->pGlobals ))
|
|
{
|
|
EndDialog(hDlg, DLG_FAILURE);
|
|
}
|
|
}
|
|
|
|
if (!UnlockDlgInit(hDlg, pUnlockDlgState->pGlobals, pUnlockDlgState->dwSasType ))
|
|
{
|
|
EndDialog(hDlg, DLG_FAILURE);
|
|
}
|
|
|
|
// Disable edits in username / password box
|
|
SetWindowSubclass(GetDlgItem(hDlg, IDD_UNLOCK_NAME) , DisableEditSubClassProc, IDD_UNLOCK_NAME , 0);
|
|
SetWindowSubclass(GetDlgItem(hDlg, IDD_UNLOCK_PASSWORD), DisableEditSubClassProc, IDD_UNLOCK_PASSWORD, 0);
|
|
|
|
|
|
return(SetPasswordFocus(hDlg));
|
|
|
|
case WM_ERASEBKGND:
|
|
return PaintBranding(hDlg, (HDC)wParam, 0, FALSE, FALSE, COLOR_BTNFACE);
|
|
|
|
case WM_QUERYNEWPALETTE:
|
|
return BrandingQueryNewPalete(hDlg);
|
|
|
|
case WM_PALETTECHANGED:
|
|
return BrandingPaletteChanged(hDlg, (HWND)wParam);
|
|
|
|
case WM_COMMAND:
|
|
switch (LOWORD(wParam))
|
|
{
|
|
case IDD_UNLOCK_NAME:
|
|
switch (HIWORD(wParam))
|
|
{
|
|
case EN_CHANGE:
|
|
// Ensure the domain box is enabled/disabled correctly
|
|
// in case of a UPN name
|
|
EnableDomainForUPN((HWND) lParam, GetDlgItem(hDlg, IDD_UNLOCK_DOMAIN));
|
|
return TRUE;
|
|
default:
|
|
break;
|
|
}
|
|
break;
|
|
case IDCANCEL:
|
|
|
|
pUnlockDlgState->ActionTaken = CancelHit;
|
|
EndDialog(hDlg, DLG_FAILURE);
|
|
|
|
return TRUE;
|
|
|
|
case IDOK:
|
|
|
|
//
|
|
// Deal with combo-box UI requirements
|
|
//
|
|
|
|
if (HandleComboBoxOK(hDlg, IDD_UNLOCK_DOMAIN))
|
|
{
|
|
return(TRUE);
|
|
}
|
|
|
|
|
|
Result = AttemptUnlock(hDlg, pGlobals, pUnlockDlgState);
|
|
|
|
if (Result != MSGINA_DLG_ASYNC_PROCESSING)
|
|
{
|
|
//
|
|
// If they failed, let them try again, otherwise get out.
|
|
//
|
|
|
|
if (Result != DLG_FAILURE)
|
|
{
|
|
EndDialog(hDlg, Result);
|
|
}
|
|
|
|
// Clear the password field
|
|
SetDlgItemText(hDlg, IDD_UNLOCK_PASSWORD, NULL);
|
|
SetPasswordFocus(hDlg);
|
|
}
|
|
else
|
|
{
|
|
//
|
|
// Let the async thread do the work, then it will send a
|
|
// WM_SMARTCARD_ASYNC_MESSAGE message when it is done.
|
|
// Meanwhile, disable controls so they don't get mucked with
|
|
//
|
|
EnableWindow( GetDlgItem(hDlg, IDD_UNLOCK_PASSWORD), FALSE );
|
|
EnableWindow( GetDlgItem(hDlg, IDOK), FALSE );
|
|
EnableWindow( GetDlgItem(hDlg, IDCANCEL), FALSE );
|
|
EnableWindow( GetDlgItem(hDlg, IDC_UNLOCK_PASSWORD_LABEL), FALSE );
|
|
}
|
|
|
|
return TRUE;
|
|
|
|
case IDD_UNLOCK_OPTIONS:
|
|
UnlockShowOptions(pGlobals, hDlg, !pGlobals->UnlockOptionsShown);
|
|
return TRUE;
|
|
}
|
|
break;
|
|
|
|
case WM_SMARTCARD_ASYNC_MESSAGE:
|
|
|
|
switch (wParam)
|
|
{
|
|
case MSGINA_DLG_SUCCESS:
|
|
|
|
EndDialog(hDlg, MSGINA_DLG_SUCCESS);
|
|
break;
|
|
|
|
case MSGINA_DLG_FORCE_LOGOFF:
|
|
|
|
EndDialog(hDlg, MSGINA_DLG_FORCE_LOGOFF);
|
|
break;
|
|
|
|
case MSGINA_DLG_FAILURE:
|
|
|
|
EnableWindow( GetDlgItem(hDlg, IDD_UNLOCK_PASSWORD), TRUE );
|
|
EnableWindow( GetDlgItem(hDlg, IDOK), TRUE );
|
|
EnableWindow( GetDlgItem(hDlg, IDCANCEL), TRUE );
|
|
EnableWindow( GetDlgItem(hDlg, IDC_UNLOCK_PASSWORD_LABEL), TRUE );
|
|
|
|
// Clear the password field
|
|
SetDlgItemText(hDlg, IDD_UNLOCK_PASSWORD, NULL);
|
|
SetPasswordFocus(hDlg);
|
|
|
|
break;
|
|
}
|
|
|
|
break;
|
|
|
|
case WM_SMARTCARD_ERROR_DISPLAY_1:
|
|
|
|
DisplaySmartCardUnlockErrMessage(pGlobals, hDlg, 1, (NTSTATUS) wParam, (INT_PTR *) lParam);
|
|
return (TRUE);
|
|
break;
|
|
|
|
case WM_SMARTCARD_ERROR_DISPLAY_2:
|
|
|
|
DisplaySmartCardUnlockErrMessage(pGlobals, hDlg, 2, (NTSTATUS) wParam, (INT_PTR *) lParam);
|
|
return (TRUE);
|
|
|
|
break;
|
|
|
|
case WLX_WM_SAS:
|
|
|
|
// Ignore it
|
|
if ( wParam == WLX_SAS_TYPE_CTRL_ALT_DEL )
|
|
{
|
|
return( TRUE );
|
|
}
|
|
|
|
//
|
|
// If we are in the middle of a smart card unlock then...
|
|
//
|
|
if ( pGlobals->LogonInProgress )
|
|
{
|
|
//
|
|
// SC_REMOVE is really the only interesting SAS, if we get it,
|
|
// kill the dialog.
|
|
//
|
|
if ( wParam == WLX_SAS_TYPE_SC_REMOVE )
|
|
{
|
|
//
|
|
// If the card removal happened while the user is being
|
|
// prompted for a yes/no question, then just note that
|
|
// we got the removal and deal with it after the questions
|
|
// is answered.
|
|
//
|
|
// Otherwise, kill the dialog
|
|
//
|
|
if ( pUnlockDlgState->fUserBeingPrompted )
|
|
{
|
|
pUnlockDlgState->fCardRemoved = TRUE;
|
|
ShowWindow(hDlg, SW_HIDE);
|
|
}
|
|
else
|
|
{
|
|
pUnlockDlgState->ActionTaken = SmartCardRemoved;
|
|
EndDialog(hDlg, DLG_FAILURE);
|
|
}
|
|
}
|
|
|
|
return( TRUE );
|
|
}
|
|
|
|
//
|
|
// If this is an insert and we are in the password state, then
|
|
// go to the PIN state
|
|
//
|
|
if ( ( wParam == WLX_SAS_TYPE_SC_INSERT ) &&
|
|
( IsWindowVisible( GetDlgItem( hDlg, IDD_UNLOCK_OPTIONS ) ) == TRUE ) )
|
|
{
|
|
//
|
|
// Check for some common SC problems before ending the dialog and
|
|
// going to the PIN state
|
|
//
|
|
if ( !ValidateSC( pGlobals ) )
|
|
{
|
|
return( TRUE );
|
|
}
|
|
|
|
pUnlockDlgState->ActionTaken = SmartCardInserted;
|
|
EndDialog(hDlg, DLG_FAILURE);
|
|
}
|
|
|
|
//
|
|
// if this is a smart card unlock, if it is removed, kill the dialog.
|
|
//
|
|
if ( ( wParam == WLX_SAS_TYPE_SC_REMOVE ) &&
|
|
( IsWindowVisible( GetDlgItem( hDlg, IDD_UNLOCK_OPTIONS ) ) == FALSE ) )
|
|
{
|
|
pUnlockDlgState->ActionTaken = SmartCardRemoved;
|
|
EndDialog(hDlg, DLG_FAILURE);
|
|
}
|
|
else if(wParam == WLX_SAS_TYPE_SC_REMOVE)
|
|
{
|
|
//
|
|
// Already in the password dialog
|
|
//
|
|
return ( TRUE );
|
|
}
|
|
|
|
if ( wParam == WLX_SAS_TYPE_AUTHENTICATED ) {
|
|
EndDialog( hDlg, MSGINA_DLG_SUCCESS );
|
|
return TRUE;
|
|
} else if ( wParam == WLX_SAS_TYPE_USER_LOGOFF ) {
|
|
EndDialog( hDlg, MSGINA_DLG_USER_LOGOFF );
|
|
return TRUE;
|
|
}
|
|
|
|
return( FALSE );
|
|
|
|
case WM_CLOSE:
|
|
break;
|
|
|
|
case WM_DESTROY:
|
|
|
|
FreeLayoutInfo (LAYOUT_CUR_USER);
|
|
|
|
if ( pGlobals->ActiveArray )
|
|
{
|
|
DCacheFreeArray( pGlobals->ActiveArray );
|
|
pGlobals->ActiveArray = NULL ;
|
|
}
|
|
|
|
RemoveWindowSubclass(GetDlgItem(hDlg, IDD_UNLOCK_NAME), DisableEditSubClassProc, IDD_UNLOCK_NAME);
|
|
RemoveWindowSubclass(GetDlgItem(hDlg, IDD_UNLOCK_PASSWORD), DisableEditSubClassProc, IDD_UNLOCK_PASSWORD);
|
|
|
|
break;
|
|
|
|
case WM_TIMER:
|
|
|
|
if ( wParam == 0 )
|
|
{
|
|
HDC hDC;
|
|
|
|
RtlEnterCriticalSection(&pGlobals->csGlobals);
|
|
|
|
if ( pGlobals->LogonInProgress )
|
|
{
|
|
if (pGlobals->cxBand != 0)
|
|
{
|
|
pGlobals->xBandOffset = (pGlobals->xBandOffset+5) % pGlobals->cxBand;
|
|
}
|
|
}
|
|
|
|
if ( !pGlobals->LogonInProgress || pUnlockDlgState->fKillTimer )
|
|
{
|
|
|
|
pGlobals->xBandOffset = 0;
|
|
KillTimer(hDlg, 0);
|
|
|
|
//
|
|
// Reset timeout to normal
|
|
//
|
|
pWlxFuncs->WlxSetTimeout(
|
|
pGlobals->hGlobalWlx,
|
|
(GetDisableCad(pGlobals) ? TIMEOUT_NONE : LOGON_TIMEOUT));
|
|
|
|
}
|
|
|
|
RtlLeaveCriticalSection(&pGlobals->csGlobals);
|
|
|
|
hDC = GetDC(hDlg);
|
|
if ( hDC )
|
|
{
|
|
PaintBranding( hDlg, hDC, pGlobals->xBandOffset, TRUE, FALSE, COLOR_BTNFACE );
|
|
ReleaseDC( hDlg, hDC );
|
|
}
|
|
|
|
return FALSE;
|
|
}
|
|
else if ( wParam == TIMER_MYLANGUAGECHECK )
|
|
{
|
|
LayoutCheckHandler(hDlg, LAYOUT_CUR_USER);
|
|
}
|
|
|
|
break;
|
|
}
|
|
|
|
// We didn't process the message
|
|
return(FALSE);
|
|
}
|
|
|
|
|
|
/***************************************************************************\
|
|
* FUNCTION: UnlockDlgInit
|
|
*
|
|
* PURPOSE: Handles initialization of security options dialog
|
|
*
|
|
* RETURNS: TRUE on success, FALSE on failure
|
|
*
|
|
* HISTORY:
|
|
*
|
|
* 12-09-91 Davidc Created.
|
|
*
|
|
\***************************************************************************/
|
|
|
|
static UINT ctrlNoOptions[] =
|
|
{
|
|
IDOK,
|
|
IDCANCEL,
|
|
IDD_KBLAYOUT_ICON,
|
|
};
|
|
|
|
BOOL
|
|
UnlockDlgInit(
|
|
HWND hDlg,
|
|
PGLOBALS pGlobals,
|
|
DWORD SasType
|
|
)
|
|
{
|
|
RECT rc, rc2;
|
|
WCHAR Label[ MAX_PATH ];
|
|
|
|
int err ;
|
|
DWORD dwSize ;
|
|
DWORD dwType ;
|
|
DWORD dwValue ;
|
|
|
|
dwSize = sizeof( DWORD );
|
|
dwValue = 0 ;
|
|
|
|
err = RegQueryValueEx( WinlogonKey,
|
|
FORCE_UNLOCK_LOGON,
|
|
0,
|
|
&dwType,
|
|
(PBYTE) &dwValue,
|
|
&dwSize );
|
|
|
|
if ( err || ( dwType != REG_DWORD ) )
|
|
{
|
|
dwValue = 0 ;
|
|
}
|
|
|
|
if ( dwValue )
|
|
{
|
|
pGlobals->UnlockBehavior |= UNLOCK_FORCE_AUTHENTICATION ;
|
|
}
|
|
else
|
|
{
|
|
pGlobals->UnlockBehavior &= ~(UNLOCK_FORCE_AUTHENTICATION );
|
|
}
|
|
|
|
SetWelcomeCaption( hDlg );
|
|
|
|
SetLockedInfo( pGlobals, hDlg, IDD_UNLOCK_NAME_INFO );
|
|
|
|
if ( !hLockedIcon )
|
|
{
|
|
hLockedIcon = LoadImage( hDllInstance,
|
|
MAKEINTRESOURCE( IDI_LOCKED),
|
|
IMAGE_ICON,
|
|
0, 0,
|
|
LR_DEFAULTCOLOR );
|
|
}
|
|
|
|
SendMessage( GetDlgItem( hDlg, IDD_UNLOCK_ICON),
|
|
STM_SETICON,
|
|
(WPARAM)hLockedIcon,
|
|
0 );
|
|
|
|
DisplayLanguageIcon (hDlg, LAYOUT_CUR_USER, GetKeyboardLayout(0));
|
|
|
|
// Size for the branding image we are going to add.
|
|
SizeForBranding(hDlg, FALSE);
|
|
|
|
pGlobals->xBandOffset = 0;
|
|
|
|
//
|
|
// Fill in the username
|
|
//
|
|
|
|
if ( SasType == WLX_SAS_TYPE_SC_INSERT )
|
|
{
|
|
//
|
|
// No username, hide the field and move other controls up
|
|
//
|
|
GetWindowRect(GetDlgItem(hDlg, IDD_UNLOCK_MESSAGE), &rc);
|
|
GetWindowRect(GetDlgItem(hDlg, IDD_UNLOCK_PASSWORD), &rc2);
|
|
|
|
MoveControls(hDlg, ctrlNoUserName,
|
|
sizeof(ctrlNoUserName)/sizeof(ctrlNoUserName[0]),
|
|
0, -(rc2.top-rc.top),
|
|
TRUE);
|
|
|
|
// Hide the unnecessary text for SC insert
|
|
ShowDlgItem( hDlg, IDD_UNLOCK_MESSAGE, FALSE);
|
|
ShowDlgItem( hDlg, IDD_UNLOCK_NAME_INFO, FALSE);
|
|
|
|
// Also remove the unlock icon; when the dialog gets this small, there
|
|
// isn't room for this guy and the kblayout icon.
|
|
ShowDlgItem( hDlg, IDD_UNLOCK_ICON, FALSE);
|
|
|
|
|
|
ShowDlgItem( hDlg, IDD_UNLOCK_NAME, FALSE );
|
|
EnableWindow( GetDlgItem(hDlg, IDD_UNLOCK_NAME), FALSE );
|
|
ShowDlgItem( hDlg, IDC_UNLOCK_NAME_LABEL, FALSE );
|
|
|
|
// Disable and hide domain
|
|
ShowDlgItem( hDlg, IDD_UNLOCK_DOMAIN, FALSE );
|
|
EnableWindow( GetDlgItem(hDlg, IDD_UNLOCK_DOMAIN), FALSE);
|
|
ShowDlgItem( hDlg, IDD_UNLOCK_DOMAIN_LABEL, FALSE);
|
|
|
|
LoadString(hDllInstance, IDS_PIN, Label, MAX_PATH);
|
|
SetDlgItemText( hDlg, IDC_UNLOCK_PASSWORD_LABEL, Label );
|
|
|
|
GetWindowRect(GetDlgItem(hDlg, IDD_UNLOCK_PASSWORD), &rc);
|
|
GetWindowRect(GetDlgItem(hDlg, IDD_UNLOCK_DOMAIN), &rc2);
|
|
|
|
MoveControls(hDlg, ctrlNoDomain,
|
|
ARRAYSIZE(ctrlNoDomain),
|
|
0, -(rc2.bottom-rc.bottom),
|
|
TRUE);
|
|
|
|
pGlobals->ShowDomainBox = FALSE;
|
|
|
|
//
|
|
// The options button is useless, remove it
|
|
//
|
|
|
|
GetWindowRect(GetDlgItem(hDlg, IDCANCEL), &rc);
|
|
GetWindowRect(GetDlgItem(hDlg, IDD_UNLOCK_OPTIONS), &rc2);
|
|
|
|
MoveControls(hDlg, ctrlNoOptions,
|
|
sizeof(ctrlNoOptions)/sizeof(ctrlNoOptions[0]),
|
|
rc2.right-rc.right, 0,
|
|
FALSE);
|
|
|
|
ShowDlgItem(hDlg, IDD_UNLOCK_OPTIONS, FALSE);
|
|
}
|
|
else if (ForceNoDomainUI())
|
|
{
|
|
// Populate username
|
|
SetDlgItemText(hDlg, IDD_UNLOCK_NAME, pGlobals->UserName);
|
|
|
|
// Disable and hide domain
|
|
ShowDlgItem( hDlg, IDD_UNLOCK_DOMAIN, FALSE );
|
|
EnableWindow( GetDlgItem(hDlg, IDD_UNLOCK_DOMAIN), FALSE);
|
|
ShowDlgItem( hDlg, IDD_UNLOCK_DOMAIN_LABEL, FALSE);
|
|
|
|
GetWindowRect(GetDlgItem(hDlg, IDD_UNLOCK_PASSWORD), &rc);
|
|
GetWindowRect(GetDlgItem(hDlg, IDD_UNLOCK_DOMAIN), &rc2);
|
|
|
|
MoveControls(hDlg, ctrlNoDomain,
|
|
ARRAYSIZE(ctrlNoDomain),
|
|
0, -(rc2.bottom-rc.bottom),
|
|
TRUE);
|
|
|
|
pGlobals->ShowDomainBox = FALSE;
|
|
}
|
|
else
|
|
{
|
|
SetDlgItemText(hDlg, IDD_UNLOCK_NAME, pGlobals->UserName);
|
|
|
|
pGlobals->ShowDomainBox = TRUE;
|
|
}
|
|
|
|
//
|
|
// Get trusted domain list and select appropriate domain
|
|
//
|
|
|
|
if ( !DCacheValidateCache( pGlobals->Cache ) )
|
|
{
|
|
ASSERT( pGlobals->ActiveArray == NULL );
|
|
|
|
DCacheUpdateMinimal( pGlobals->Cache,
|
|
pGlobals->Domain,
|
|
TRUE );
|
|
|
|
}
|
|
|
|
pGlobals->ActiveArray = DCacheCopyCacheArray( pGlobals->Cache );
|
|
|
|
if ( pGlobals->ActiveArray )
|
|
{
|
|
DCachePopulateListBoxFromArray( pGlobals->ActiveArray,
|
|
GetDlgItem( hDlg, IDD_UNLOCK_DOMAIN ),
|
|
pGlobals->Domain );
|
|
}
|
|
else
|
|
{
|
|
EndDialog( hDlg, MSGINA_DLG_FAILURE );
|
|
}
|
|
|
|
#if 0
|
|
//
|
|
// Ensure that the domain the user logged on with is always in the
|
|
// combo-box so even if the Lsa is in a bad way the user will always
|
|
// be able to unlock the workstation. Don't do this if the user is logged
|
|
// in locally or else we'll get TWO local machines in the list
|
|
//
|
|
|
|
cchComputer = ARRAYSIZE(szComputer);
|
|
szComputer[0] = 0;
|
|
GetComputerName(szComputer, &cchComputer);
|
|
|
|
if ( pGlobals->Domain[0] && (0 != lstrcmpi(szComputer, pGlobals->Domain)))
|
|
{
|
|
HWND hwndDomain = GetDlgItem(hDlg, IDD_UNLOCK_DOMAIN);
|
|
if (SendMessage(hwndDomain, CB_FINDSTRINGEXACT, (WPARAM)-1, (LPARAM)pGlobals->Domain) == CB_ERR)
|
|
{
|
|
DebugLog((DEB_ERROR, "Domain combo-box doesn't contain logged on domain, adding it manually for unlock\n"));
|
|
SendMessage(hwndDomain, CB_ADDSTRING, 0, (LPARAM)pGlobals->Domain);
|
|
}
|
|
}
|
|
#endif
|
|
|
|
//
|
|
// If we are not part fo the domain then lets rip out the domain field,
|
|
// and if we do that lets remove the options button.
|
|
//
|
|
|
|
if ( !IsMachineDomainMember() )
|
|
{
|
|
//
|
|
// If we're not part of a domain, make sure to hide the domain field
|
|
//
|
|
|
|
GetWindowRect(GetDlgItem(hDlg, IDCANCEL), &rc);
|
|
GetWindowRect(GetDlgItem(hDlg, IDD_UNLOCK_OPTIONS), &rc2);
|
|
|
|
MoveControls(hDlg, ctrlNoOptions,
|
|
sizeof(ctrlNoOptions)/sizeof(ctrlNoOptions[0]),
|
|
rc2.right-rc.right, 0,
|
|
FALSE);
|
|
|
|
ShowDlgItem(hDlg, IDD_UNLOCK_DOMAIN_LABEL, FALSE);
|
|
ShowDlgItem(hDlg, IDD_UNLOCK_DOMAIN, FALSE);
|
|
ShowDlgItem(hDlg, IDD_UNLOCK_OPTIONS, FALSE);
|
|
}
|
|
|
|
// remove the cancel button if no C-A-D required
|
|
// NOTE: if we are going to the PIN dialog we always need a cancel button
|
|
if ((GetDisableCad(pGlobals)) && (SasType != WLX_SAS_TYPE_SC_INSERT))
|
|
EnableDlgItem(hDlg, IDCANCEL, FALSE);
|
|
|
|
// Position window on screen
|
|
CentreWindow(hDlg);
|
|
|
|
// Hide the options pane
|
|
pGlobals->UnlockOptionsShown = TRUE;
|
|
UnlockShowOptions(pGlobals, hDlg, FALSE);
|
|
|
|
return TRUE;
|
|
}
|
|
|
|
VOID
|
|
DisplaySmartCardUnlockErrMessage(
|
|
PGLOBALS pGlobals,
|
|
HWND hDlg,
|
|
DWORD dwErrorType,
|
|
NTSTATUS Status,
|
|
INT_PTR *pResult)
|
|
{
|
|
int i;
|
|
UINT Resource = 0;
|
|
TCHAR Buffer1[MAX_STRING_BYTES] = TEXT("");
|
|
TCHAR Buffer2[MAX_STRING_BYTES] = TEXT("");
|
|
BOOL fStringFound = FALSE;
|
|
|
|
if ( dwErrorType == 1 )
|
|
{
|
|
*pResult = DisplayForceLogoffWarning(hDlg,
|
|
pGlobals,
|
|
MB_OKCANCEL | MB_ICONEXCLAMATION | MB_DEFBUTTON2,
|
|
TIMEOUT_CURRENT);
|
|
|
|
return;
|
|
}
|
|
|
|
//
|
|
// At this point we need to display an error message, and the just
|
|
// relinquish control back to the unlock dialog thread
|
|
//
|
|
|
|
for ( i = 0 ;
|
|
i < sizeof( UnlockMessages ) / sizeof( UNLOCK_MESSAGE ) ;
|
|
i++ )
|
|
{
|
|
if ( UnlockMessages[i].Status == Status )
|
|
{
|
|
if (Status == STATUS_LOGON_FAILURE)
|
|
{
|
|
Resource = IDS_UNLOCK_FAILED_BAD_PIN ;
|
|
}
|
|
else
|
|
{
|
|
Resource = UnlockMessages[i].Resource ;
|
|
}
|
|
|
|
break;
|
|
}
|
|
}
|
|
|
|
if ( Resource != 0 )
|
|
{
|
|
if( Resource == IDS_LOGON_NO_DOMAIN )
|
|
{
|
|
// Need to build the domain name into the string.
|
|
LoadString(hDllInstance, Resource, Buffer1, MAX_STRING_BYTES);
|
|
_snwprintf(Buffer2, sizeof(Buffer2)/sizeof(TCHAR), Buffer1, pGlobals->Domain);
|
|
}
|
|
else
|
|
{
|
|
LoadString(hDllInstance, Resource, Buffer2, MAX_STRING_BYTES);
|
|
}
|
|
|
|
fStringFound = TRUE;
|
|
}
|
|
|
|
if ( !fStringFound )
|
|
{
|
|
//
|
|
// They're not the logged on user and they're not an admin.
|
|
// Tell them they failed to unlock the workstation.
|
|
//
|
|
|
|
if ( lstrlen(pGlobals->UserFullName) == 0 )
|
|
{
|
|
if ( pGlobals->Domain[0] == L'\0' )
|
|
{
|
|
LoadString(hDllInstance, IDS_UNLOCK_FAILED_EMAIL_NFN, Buffer1, MAX_STRING_BYTES);
|
|
_snwprintf(Buffer2, sizeof(Buffer2)/sizeof(TCHAR), Buffer1,
|
|
pGlobals->UserName
|
|
);
|
|
|
|
}
|
|
else
|
|
{
|
|
LoadString(hDllInstance, IDS_UNLOCK_FAILED_NFN, Buffer1, MAX_STRING_BYTES);
|
|
_snwprintf(Buffer2, sizeof(Buffer2)/sizeof(TCHAR), Buffer1, pGlobals->Domain,
|
|
pGlobals->UserName
|
|
);
|
|
}
|
|
|
|
}
|
|
else
|
|
{
|
|
if ( pGlobals->Domain[0] == L'\0' )
|
|
{
|
|
LoadString(hDllInstance, IDS_UNLOCK_FAILED_EMAIL, Buffer1, MAX_STRING_BYTES);
|
|
_snwprintf(Buffer2, sizeof(Buffer2)/sizeof(TCHAR), Buffer1,
|
|
pGlobals->UserName,
|
|
pGlobals->UserFullName
|
|
);
|
|
|
|
}
|
|
else
|
|
{
|
|
LoadString(hDllInstance, IDS_UNLOCK_FAILED, Buffer1, MAX_STRING_BYTES);
|
|
_snwprintf(Buffer2, sizeof(Buffer2)/sizeof(TCHAR), Buffer1, pGlobals->Domain,
|
|
pGlobals->UserName,
|
|
pGlobals->UserFullName
|
|
);
|
|
}
|
|
}
|
|
}
|
|
|
|
// Covers all _snwprintf(Buffer2 in this function
|
|
Buffer2[ sizeof(Buffer2)/sizeof(TCHAR) - 1 ] = 0;
|
|
|
|
Buffer1[0] = 0;
|
|
LoadString(hDllInstance, IDS_WORKSTATION_LOCKED, Buffer1, MAX_STRING_BYTES);
|
|
|
|
*pResult = TimeoutMessageBoxlpstr(
|
|
hDlg,
|
|
pGlobals,
|
|
Buffer2,
|
|
Buffer1,
|
|
MB_OK | MB_ICONSTOP,
|
|
TIMEOUT_CURRENT);
|
|
}
|
|
|
|
//+---------------------------------------------------------------------------
|
|
//
|
|
// Function: SmartCardUnlockLogonThread
|
|
//
|
|
// Synopsis: Does the logon call in an async thread so that a pulsing bar
|
|
// can be shown in the UI.
|
|
//
|
|
// Arguments: [pData] --
|
|
//
|
|
// History:
|
|
//
|
|
// Notes:
|
|
//
|
|
//----------------------------------------------------------------------------
|
|
DWORD
|
|
WINAPI
|
|
SmartCardUnlockLogonThread(
|
|
PASYNC_UNLOCK_DATA pData)
|
|
{
|
|
INT_PTR Result;
|
|
BOOL IsLoggedOnUser;
|
|
BOOL IsAdmin;
|
|
NTSTATUS Status;
|
|
BOOL Unlocked;
|
|
PGLOBALS pGlobals = pData->pGlobals;
|
|
|
|
//
|
|
// Kick off the call to the LSA
|
|
//
|
|
Unlocked = UnlockLogon(
|
|
pData->pGlobals,
|
|
TRUE,
|
|
pData->UserName.Buffer,
|
|
pData->Domain.Buffer,
|
|
&pData->Password,
|
|
&Status,
|
|
&IsAdmin,
|
|
&IsLoggedOnUser,
|
|
NULL,
|
|
NULL );
|
|
|
|
//
|
|
// Logon thread is done running, so stop showing the pulsing bar
|
|
//
|
|
pData->pUnlockDlgState->fKillTimer = TRUE;
|
|
|
|
//
|
|
// Get rid of the PIN
|
|
//
|
|
RtlZeroMemory( pData->Password.Buffer, pData->Password.Length );
|
|
|
|
if ( Unlocked && IsLoggedOnUser )
|
|
{
|
|
pGlobals->SmartCardLogon = TRUE;
|
|
|
|
//
|
|
// Logon succeeded, so tell the main thread that
|
|
//
|
|
PostMessage( pData->hDlg, WM_SMARTCARD_ASYNC_MESSAGE, MSGINA_DLG_SUCCESS, 0 );
|
|
|
|
goto Return;
|
|
}
|
|
else if ( Unlocked && IsAdmin)
|
|
{
|
|
//
|
|
// This is an admin trying to logon over another user, so send a message to the
|
|
// main dialog so it can ask the user if they would like to continue
|
|
//
|
|
pData->pUnlockDlgState->fUserBeingPrompted = TRUE;
|
|
SendMessage( pData->hDlg, WM_SMARTCARD_ERROR_DISPLAY_1, Status, (LPARAM) &Result );
|
|
|
|
//
|
|
// If the smart card was removed while the user was being prompted, and
|
|
// the user elected not to logoff the current user, then just go back
|
|
// to the locked dialog
|
|
//
|
|
if ( (pData->pUnlockDlgState->fCardRemoved) && (Result != MSGINA_DLG_SUCCESS) )
|
|
{
|
|
//
|
|
// Simulate the "card removed" SAS
|
|
//
|
|
pGlobals->LogonInProgress = FALSE;
|
|
PostMessage( pData->hDlg, WLX_WM_SAS, WLX_SAS_TYPE_SC_REMOVE, (LPARAM) NULL );
|
|
}
|
|
else
|
|
{
|
|
//
|
|
// Post the result of the prompt back to the main thread and then get out of this thread
|
|
//
|
|
PostMessage(
|
|
pData->hDlg,
|
|
WM_SMARTCARD_ASYNC_MESSAGE,
|
|
(Result == MSGINA_DLG_SUCCESS) ? MSGINA_DLG_FORCE_LOGOFF : MSGINA_DLG_FAILURE,
|
|
Result );
|
|
}
|
|
|
|
|
|
goto Return;
|
|
}
|
|
|
|
//
|
|
// At this point an error occurred, so ask the main thread to display an error message,
|
|
//
|
|
SendMessage( pData->hDlg, WM_SMARTCARD_ERROR_DISPLAY_2, Status, (LPARAM) &Result );
|
|
|
|
if (DLG_INTERRUPTED(Result))
|
|
{
|
|
Result = SetInterruptFlag( MSGINA_DLG_FAILURE ) ;
|
|
}
|
|
|
|
//
|
|
// Let the main thread know that this thread is exiting
|
|
//
|
|
PostMessage( pData->hDlg, WM_SMARTCARD_ASYNC_MESSAGE, MSGINA_DLG_FAILURE, Result );
|
|
|
|
Return:
|
|
|
|
pGlobals->LogonInProgress = FALSE;
|
|
|
|
LocalFree( pData );
|
|
|
|
return( 0 );
|
|
}
|
|
|
|
//+---------------------------------------------------------------------------
|
|
//
|
|
// Function: UnlockLogonThread
|
|
//
|
|
// Synopsis: Does the logon call in an async thread so that the user
|
|
// unlock is faster.
|
|
//
|
|
// Arguments: [pData] --
|
|
//
|
|
// History: 7-03-96 RichardW Created
|
|
//
|
|
// Notes:
|
|
//
|
|
//----------------------------------------------------------------------------
|
|
DWORD
|
|
WINAPI
|
|
UnlockLogonThread(
|
|
PASYNC_UNLOCK_DATA pData)
|
|
{
|
|
BOOL Ignored ;
|
|
NTSTATUS Status ;
|
|
//
|
|
// Give everything a moment to switch back, restart, etc.
|
|
//
|
|
|
|
Sleep( 500 );
|
|
|
|
//
|
|
// Kick off the call to the LSA
|
|
//
|
|
|
|
if( !UnlockLogon(
|
|
pData->pGlobals,
|
|
FALSE,
|
|
pData->UserName.Buffer,
|
|
pData->Domain.Buffer,
|
|
&pData->Password,
|
|
&Status,
|
|
&Ignored,
|
|
&Ignored,
|
|
NULL,
|
|
NULL ) )
|
|
{
|
|
//
|
|
// audit this event as the above call will generate
|
|
// an audit failure and we have already unlocked the workstation
|
|
//
|
|
GenerateCachedUnlockAudit(
|
|
pData->pGlobals->UserProcessData.UserSid,
|
|
pData->UserName.Buffer,
|
|
pData->Domain.Buffer);
|
|
}
|
|
|
|
|
|
//
|
|
// Get rid of the password, then free the parameters
|
|
//
|
|
|
|
RtlZeroMemory( pData->Password.Buffer, pData->Password.Length );
|
|
|
|
LocalFree( pData );
|
|
|
|
return( 0 );
|
|
|
|
}
|
|
|
|
//+---------------------------------------------------------------------------
|
|
//
|
|
// Function: UnlockLogonAsync
|
|
//
|
|
// Synopsis: Sets up the async thread so that
|
|
//
|
|
// Effects:
|
|
//
|
|
// Arguments: [pGlobals] --
|
|
// [UserName] --
|
|
// [Domain] --
|
|
// [PasswordString] --
|
|
//
|
|
// Requires:
|
|
//
|
|
// Returns:
|
|
//
|
|
// Signals:
|
|
//
|
|
// Modifies:
|
|
//
|
|
// Algorithm:
|
|
//
|
|
// History: 7-03-96 RichardW Created
|
|
//
|
|
// Notes:
|
|
//
|
|
//----------------------------------------------------------------------------
|
|
|
|
|
|
BOOL
|
|
UnlockLogonAsync(
|
|
IN PGLOBALS pGlobals,
|
|
IN PUNLOCK_DLG_STATE pUnlockDlgState,
|
|
IN PWCHAR UserName,
|
|
IN PWCHAR Domain,
|
|
IN PUNICODE_STRING PasswordString,
|
|
IN HWND hDlg,
|
|
IN BOOL SmartCardUnlock
|
|
)
|
|
{
|
|
DWORD UserLength;
|
|
DWORD DomainLength;
|
|
PASYNC_UNLOCK_DATA pData;
|
|
HANDLE Thread;
|
|
DWORD Tid;
|
|
|
|
|
|
UserLength = (DWORD) wcslen( UserName ) * sizeof(WCHAR);
|
|
DomainLength = (DWORD) wcslen( Domain ) * sizeof(WCHAR);
|
|
|
|
pData = LocalAlloc( LMEM_FIXED, sizeof( ASYNC_UNLOCK_DATA ) +
|
|
UserLength + DomainLength +
|
|
PasswordString->Length + 3 * sizeof(WCHAR) );
|
|
|
|
if ( !pData )
|
|
{
|
|
return FALSE;
|
|
}
|
|
|
|
pData->pGlobals = pGlobals;
|
|
pData->hDlg = hDlg;
|
|
pData->pUnlockDlgState = pUnlockDlgState;
|
|
pData->UserName.Length = (WORD)UserLength;
|
|
pData->UserName.MaximumLength = (WORD)(UserLength + sizeof(WCHAR));
|
|
pData->UserName.Buffer = (PWSTR) (pData + 1);
|
|
CopyMemory( pData->UserName.Buffer, UserName, UserLength + sizeof(WCHAR) );
|
|
|
|
pData->Domain.Length = (WORD)DomainLength;
|
|
pData->Domain.MaximumLength = (WORD)(DomainLength + sizeof(WCHAR));
|
|
pData->Domain.Buffer = pData->UserName.Buffer + (UserLength / 2) + 1;
|
|
CopyMemory( pData->Domain.Buffer, Domain, DomainLength + sizeof(WCHAR) );
|
|
|
|
pData->Password.Length = PasswordString->Length;
|
|
pData->Password.MaximumLength = PasswordString->Length + sizeof(WCHAR) ;
|
|
pData->Password.Buffer = pData->Domain.Buffer + (DomainLength / 2) + 1;
|
|
CopyMemory( pData->Password.Buffer,
|
|
PasswordString->Buffer,
|
|
PasswordString->Length + 2);
|
|
|
|
|
|
Thread = CreateThread( NULL,
|
|
0,
|
|
SmartCardUnlock ? SmartCardUnlockLogonThread: UnlockLogonThread,
|
|
pData,
|
|
0,
|
|
&Tid );
|
|
|
|
if ( Thread )
|
|
{
|
|
CloseHandle( Thread );
|
|
|
|
}
|
|
else
|
|
{
|
|
ZeroMemory( pData->Password.Buffer, pData->Password.Length );
|
|
|
|
LocalFree( pData );
|
|
|
|
return ( FALSE );
|
|
}
|
|
|
|
return ( TRUE );
|
|
}
|
|
|
|
|
|
|
|
/***************************************************************************\
|
|
* FUNCTION: AttemptUnlock
|
|
*
|
|
* PURPOSE: Tries to unlock the workstation using the current values in the
|
|
* unlock dialog controls
|
|
*
|
|
* RETURNS:
|
|
* DLG_SUCCESS - the user unlocked the workstation successfully.
|
|
* DLG_FAILURE - the user failed to unlock the workstation.
|
|
* DLG_INTERRUPTED() - this is a set of possible interruptions (see winlogon.h)
|
|
*
|
|
* HISTORY:
|
|
*
|
|
* 12-09-91 Davidc Created.
|
|
*
|
|
\***************************************************************************/
|
|
|
|
INT_PTR
|
|
AttemptUnlock(
|
|
HWND hDlg,
|
|
PGLOBALS pGlobals,
|
|
PUNLOCK_DLG_STATE pUnlockDlgState)
|
|
{
|
|
TCHAR UserName[MAX_STRING_BYTES];
|
|
TCHAR Domain[MAX_STRING_BYTES];
|
|
TCHAR Password[MAX_STRING_BYTES];
|
|
UCHAR PasswordHash[ PASSWORD_HASH_SIZE ];
|
|
BOOL Unlocked;
|
|
BOOL DifferentAccount;
|
|
INT_PTR Result;
|
|
UNICODE_STRING PasswordString;
|
|
TCHAR Buffer1[MAX_STRING_BYTES];
|
|
TCHAR Buffer2[MAX_STRING_BYTES];
|
|
DWORD StringSize;
|
|
BOOL SmartCardUnlock ;
|
|
BOOL IsAdmin = FALSE;
|
|
BOOL IsLoggedOnUser ;
|
|
BOOL AlreadyLogged ;
|
|
BOOL NewPassword ;
|
|
NTSTATUS Status = STATUS_SUCCESS ;
|
|
HWND hwndDomain = GetDlgItem(hDlg, IDD_UNLOCK_DOMAIN);
|
|
INT iDomainSelection;
|
|
PDOMAIN_CACHE_ENTRY Entry ;
|
|
BOOL PasswordExpiryWarning;
|
|
PVOID ProfileBuffer;
|
|
ULONG ProfileBufferLength;
|
|
BOOL fStringFound = FALSE;
|
|
RECT rc;
|
|
DWORD dwAnimationTimeSlice;
|
|
|
|
UserName[0] = TEXT('\0');
|
|
Domain[0] = TEXT('\0');
|
|
Password[0] = TEXT('\0');
|
|
Buffer1[0] = TEXT('\0');
|
|
Buffer2[0] = TEXT('\0');
|
|
|
|
//
|
|
// We need to do some things differently when a smart card is used. The way to
|
|
// tell is find out if the username field is active.
|
|
//
|
|
|
|
AlreadyLogged = FALSE ;
|
|
NewPassword = FALSE ;
|
|
Unlocked = FALSE;
|
|
|
|
if ( !IsWindowEnabled( GetDlgItem( hDlg, IDD_UNLOCK_NAME ) ) )
|
|
{
|
|
SmartCardUnlock = TRUE ;
|
|
|
|
DifferentAccount = TRUE ;
|
|
}
|
|
else
|
|
{
|
|
SmartCardUnlock = FALSE ;
|
|
|
|
//
|
|
// Force smart card unlock for normal boot
|
|
//
|
|
if( (SafeBootMode != SAFEBOOT_MINIMAL) && (SafeBootMode != SAFEBOOT_DSREPAIR) &&
|
|
GetSCForceOption() )
|
|
{
|
|
LoadString(hDllInstance,
|
|
IDS_UNLOCK_SC_REQUIRED,
|
|
Buffer2, MAX_STRING_BYTES);
|
|
goto FastErrorExit;
|
|
}
|
|
|
|
StringSize = GetDlgItemText(hDlg, IDD_UNLOCK_NAME, UserName, MAX_STRING_BYTES);
|
|
if (StringSize == MAX_STRING_BYTES)
|
|
{
|
|
UserName[MAX_STRING_BYTES-1] = TEXT('\0');
|
|
}
|
|
|
|
//
|
|
// check to see if this is the fancy "my computer" entry or the somewhat less fancy
|
|
// "use the UPN" entry
|
|
//
|
|
|
|
iDomainSelection = (INT)SendMessage(hwndDomain, CB_GETCURSEL, 0, 0);
|
|
Entry = (PDOMAIN_CACHE_ENTRY) SendMessage(hwndDomain, CB_GETITEMDATA, (WPARAM)iDomainSelection, 0);
|
|
|
|
if ( Entry == (PDOMAIN_CACHE_ENTRY) CB_ERR )
|
|
{
|
|
//
|
|
// Our list is hosed in some way.
|
|
//
|
|
|
|
GetDlgItemText( hDlg, IDD_UNLOCK_DOMAIN, Domain, MAX_STRING_BYTES );
|
|
}
|
|
else
|
|
{
|
|
// MAX_STRING_BYTES is the size of pGlobals->Domain (WlxInitialize)
|
|
// Truncation should never occur
|
|
lstrcpyn( Domain, Entry->FlatName.Buffer, MAX_STRING_BYTES );
|
|
}
|
|
|
|
// If we are forcing a NoDomainUI, populate the domain with the local machine name now
|
|
if (ForceNoDomainUI())
|
|
{
|
|
DWORD chSize = ARRAYSIZE(Domain);
|
|
|
|
if (!GetComputerName(Domain, &chSize))
|
|
{
|
|
*Domain = 0;
|
|
}
|
|
}
|
|
|
|
|
|
if ( wcspbrk( UserName, TEXT("@\\") ) )
|
|
{
|
|
Domain[0] = TEXT('\0');
|
|
}
|
|
|
|
DifferentAccount = (lstrcmpi(UserName, pGlobals->UserName)) ||
|
|
(lstrcmpi(Domain, pGlobals->Domain)) ;
|
|
}
|
|
|
|
StringSize = GetDlgItemText(hDlg, IDD_UNLOCK_PASSWORD, Password, MAX_STRING_BYTES);
|
|
if (StringSize == MAX_STRING_BYTES)
|
|
{
|
|
Password[MAX_STRING_BYTES-1] = TEXT('\0');
|
|
}
|
|
|
|
RtlInitUnicodeString( &PasswordString, Password );
|
|
HashPassword(&PasswordString, PasswordHash );
|
|
|
|
//
|
|
// Check if this is the logged-on user. Do it through the security package
|
|
// if this was a smart card logon to begin with, if this is a smart card unlock,
|
|
// or if we're supposed to under all circumstances.
|
|
//
|
|
|
|
//
|
|
// Also check if password expiry warning will appear after unklocking. If so, then
|
|
// for a hit to the DC to update our profile info to make sure the user didn't
|
|
// already change their password on another machine.
|
|
//
|
|
PasswordExpiryWarning = ShouldPasswordExpiryWarningBeShown(pGlobals, FALSE, NULL);
|
|
|
|
if ( ( PasswordExpiryWarning ) ||
|
|
( pGlobals->UnlockBehavior & UNLOCK_FORCE_AUTHENTICATION ) ||
|
|
( SmartCardUnlock ) ||
|
|
( pGlobals->SmartCardLogon ) ||
|
|
( DifferentAccount ) )
|
|
{
|
|
//
|
|
// Init profile buffer
|
|
//
|
|
ProfileBuffer = NULL;
|
|
|
|
AlreadyLogged = TRUE ;
|
|
|
|
if ( SmartCardUnlock )
|
|
{
|
|
//
|
|
// Use the LogonInProgress bool to signal the fact that SmartCardAsyncUnlock
|
|
// is in progress
|
|
//
|
|
pGlobals->LogonInProgress = TRUE;
|
|
|
|
GetClientRect( hDlg, &rc );
|
|
pGlobals->cxBand = rc.right-rc.left;
|
|
|
|
pUnlockDlgState->fKillTimer = FALSE;
|
|
pUnlockDlgState->fUserBeingPrompted = FALSE;
|
|
pUnlockDlgState->fCardRemoved = FALSE;
|
|
|
|
dwAnimationTimeSlice = GetAnimationTimeInterval(pGlobals);
|
|
SetTimer(hDlg, 0, dwAnimationTimeSlice, NULL);
|
|
|
|
// Set timeout to infinite while attempting to logon
|
|
pWlxFuncs->WlxSetTimeout( pGlobals->hGlobalWlx, TIMEOUT_NONE );
|
|
|
|
//
|
|
// Kick off the thread to do the unlock
|
|
//
|
|
if (UnlockLogonAsync( pGlobals,
|
|
pUnlockDlgState,
|
|
UserName,
|
|
Domain,
|
|
&PasswordString,
|
|
hDlg,
|
|
TRUE ))
|
|
{
|
|
ErasePassword( &PasswordString );
|
|
return ( MSGINA_DLG_ASYNC_PROCESSING );
|
|
}
|
|
else
|
|
{
|
|
//Status = STATUS_E_FAIL; // SET THIS TO SOMETHING REASONABLE
|
|
goto AsyncUnlockError;
|
|
}
|
|
}
|
|
|
|
Unlocked = UnlockLogon( pGlobals,
|
|
SmartCardUnlock,
|
|
UserName,
|
|
Domain,
|
|
&PasswordString,
|
|
&Status,
|
|
&IsAdmin,
|
|
&IsLoggedOnUser,
|
|
&ProfileBuffer,
|
|
&ProfileBufferLength );
|
|
|
|
// Special handling for failed unlock on personal or professional
|
|
// machines that are NOT joined to a domain. In this case it's
|
|
// probably a user who disabled friendly UI and only knows of
|
|
// their "display name" not their real "logon name". This
|
|
// transparently maps one to the other to allow unlocks using
|
|
// the "display name".
|
|
|
|
if ((Status == STATUS_LOGON_FAILURE) &&
|
|
(IsOS(OS_PERSONAL) || IsOS(OS_PROFESSIONAL)) &&
|
|
!IsMachineDomainMember()) // using our version to optimize caching
|
|
{
|
|
if (ReplacedPossibleDisplayName(UserName, MAX_STRING_BYTES))
|
|
{
|
|
DifferentAccount = (lstrcmpi(UserName, pGlobals->UserName)) ||
|
|
(lstrcmpi(Domain, pGlobals->Domain)) ;
|
|
Unlocked = UnlockLogon( pGlobals,
|
|
SmartCardUnlock,
|
|
UserName,
|
|
Domain,
|
|
&PasswordString,
|
|
&Status,
|
|
&IsAdmin,
|
|
&IsLoggedOnUser,
|
|
&ProfileBuffer,
|
|
&ProfileBufferLength );
|
|
}
|
|
}
|
|
|
|
//
|
|
// If this unlocked, and is the logged on user,
|
|
// then check to see if we should update all the in-memory passwords
|
|
//
|
|
|
|
if ( ( Unlocked ) &&
|
|
( IsLoggedOnUser ) )
|
|
{
|
|
//
|
|
// Could be a password update. Check:
|
|
//
|
|
if (RtlEqualMemory( PasswordHash, pGlobals->PasswordHash, PASSWORD_HASH_SIZE ) == FALSE )
|
|
{
|
|
|
|
// RevealPassword( &pGlobals->PasswordString );
|
|
|
|
UpdateWithChangedPassword(
|
|
pGlobals,
|
|
hDlg,
|
|
TRUE,
|
|
UserName,
|
|
Domain,
|
|
L"",
|
|
Password,
|
|
(PMSV1_0_INTERACTIVE_PROFILE)ProfileBuffer );
|
|
|
|
//
|
|
// Do not hide! Update will rehide the global copy of the password.
|
|
//
|
|
}
|
|
}
|
|
|
|
//
|
|
// Free profile buffer
|
|
//
|
|
if ( ProfileBuffer )
|
|
{
|
|
LsaFreeReturnBuffer(ProfileBuffer);
|
|
}
|
|
|
|
if ( Unlocked )
|
|
{
|
|
DifferentAccount = !IsLoggedOnUser ;
|
|
}
|
|
}
|
|
|
|
//
|
|
// Used to be just "else" here, ie:
|
|
// !PasswordExpiryWarning &&
|
|
// !( pGlobals->UnlockBehavior & UNLOCK_FORCE_AUTHENTICATION ) &&
|
|
// !SmartCardUnlock && !pGlobals->SmartCardLogon
|
|
// !DifferentAccount
|
|
// but that's not enough if the user ignored all expiry warnings to date
|
|
// and his password expired while locked (#404780)
|
|
//
|
|
// So the new logic is:
|
|
// If we didn't enter the previous block (tested by means of AlreadyLogged) or
|
|
// we entered it but it failed (and cached unlock is allowed and we didn't
|
|
// previously unlocked/logged on with a SC)
|
|
//
|
|
if ( ( AlreadyLogged == FALSE ) ||
|
|
( ( Unlocked == FALSE ) &&
|
|
!( pGlobals->UnlockBehavior & UNLOCK_FORCE_AUTHENTICATION ) &&
|
|
!( pGlobals->SmartCardLogon )
|
|
)
|
|
)
|
|
{
|
|
//
|
|
// un-hide the original password text so that we can
|
|
// do the compare.
|
|
//
|
|
// WARNING: We originally tried doing this comparison
|
|
// with old and new passwords hidden. This is
|
|
// not a good idea because the hide routine
|
|
// will allow matches that shouldn't match.
|
|
//
|
|
|
|
// RevealPassword( &pGlobals->PasswordString );
|
|
|
|
Unlocked = ( (lstrcmp(Domain, pGlobals->Domain) == 0) &&
|
|
(lstrcmpi(UserName, pGlobals->UserName) == 0) &&
|
|
(RtlEqualMemory( PasswordHash, pGlobals->PasswordHash, PASSWORD_HASH_SIZE ) == TRUE ) );
|
|
|
|
//
|
|
// re-hide the original password - use the same seed
|
|
//
|
|
|
|
// HidePassword( &pGlobals->Seed, &pGlobals->PasswordString );
|
|
|
|
if ( ( !Unlocked ) &&
|
|
( AlreadyLogged == FALSE ) ) // We already tried UnlockLogon otherwise
|
|
{
|
|
//
|
|
// The password doesn't match what we have cached. User
|
|
// could have changed the password from another machine.
|
|
// Let's do the logon, and it if works, we update everything.
|
|
//
|
|
|
|
//
|
|
// Init profile buffer
|
|
//
|
|
ProfileBuffer = NULL;
|
|
|
|
AlreadyLogged = TRUE ;
|
|
|
|
Unlocked = UnlockLogon( pGlobals,
|
|
FALSE,
|
|
UserName,
|
|
Domain,
|
|
&PasswordString,
|
|
&Status,
|
|
&IsAdmin,
|
|
&IsLoggedOnUser,
|
|
&ProfileBuffer,
|
|
&ProfileBufferLength );
|
|
|
|
if ( ( Unlocked ) && ( IsLoggedOnUser ) )
|
|
{
|
|
//
|
|
// This logon worked. Must be a new password.
|
|
//
|
|
|
|
// RevealPassword( &pGlobals->PasswordString );
|
|
|
|
UpdateWithChangedPassword(
|
|
pGlobals,
|
|
hDlg,
|
|
TRUE,
|
|
UserName,
|
|
Domain,
|
|
L"",
|
|
Password,
|
|
(PMSV1_0_INTERACTIVE_PROFILE)ProfileBuffer );
|
|
|
|
//
|
|
// Do not hide! Update will rehide the global copy of the password.
|
|
//
|
|
}
|
|
|
|
//
|
|
// Free profile buffer
|
|
//
|
|
if ( ProfileBuffer )
|
|
{
|
|
LsaFreeReturnBuffer(ProfileBuffer);
|
|
}
|
|
|
|
if ( Unlocked )
|
|
{
|
|
DifferentAccount = !IsLoggedOnUser ;
|
|
}
|
|
}
|
|
}
|
|
|
|
|
|
if (Unlocked && !DifferentAccount ) {
|
|
|
|
if ( (!AlreadyLogged) &&
|
|
( ( pGlobals->UnlockBehavior & UNLOCK_NO_NETWORK) == 0 ) )
|
|
{
|
|
UnlockLogonAsync( pGlobals,
|
|
NULL,
|
|
UserName,
|
|
Domain,
|
|
&PasswordString,
|
|
NULL,
|
|
FALSE );
|
|
}
|
|
|
|
//
|
|
// Hide the new password to prevent it being paged cleartext.
|
|
//
|
|
|
|
ErasePassword( &PasswordString );
|
|
|
|
pGlobals->SmartCardLogon = SmartCardUnlock;
|
|
|
|
return(MSGINA_DLG_SUCCESS);
|
|
}
|
|
|
|
|
|
//
|
|
// Check for an admin logon and force the user off
|
|
//
|
|
|
|
if ( DifferentAccount )
|
|
{
|
|
if ( !AlreadyLogged )
|
|
{
|
|
// PJM... Unreachable.
|
|
|
|
IsAdmin = TestUserForAdmin( pGlobals,
|
|
UserName,
|
|
Domain,
|
|
&PasswordString );
|
|
}
|
|
|
|
if ( IsAdmin ) {
|
|
|
|
//
|
|
// Hide the new password to prevent it being paged cleartext.
|
|
//
|
|
ErasePassword( &PasswordString );
|
|
|
|
Result = DisplayForceLogoffWarning(hDlg,
|
|
pGlobals,
|
|
MB_OKCANCEL | MB_ICONEXCLAMATION | MB_DEFBUTTON2,
|
|
TIMEOUT_CURRENT);
|
|
|
|
if (Result == MSGINA_DLG_SUCCESS) {
|
|
|
|
return(MSGINA_DLG_FORCE_LOGOFF);
|
|
}
|
|
|
|
|
|
return(Result);
|
|
}
|
|
}
|
|
else
|
|
{
|
|
|
|
//
|
|
// Cheap way to force a logon attempt, and hit the lockout yada yada
|
|
//
|
|
|
|
if ( !AlreadyLogged )
|
|
{
|
|
// PJM... Unreachable.
|
|
|
|
UnlockLogon( pGlobals,
|
|
SmartCardUnlock,
|
|
UserName,
|
|
Domain,
|
|
&PasswordString,
|
|
&Status,
|
|
&IsAdmin,
|
|
&IsLoggedOnUser,
|
|
NULL,
|
|
NULL );
|
|
|
|
}
|
|
|
|
}
|
|
|
|
AsyncUnlockError:
|
|
//
|
|
// Hide the password to prevent it being paged cleartext.
|
|
//
|
|
ErasePassword( &PasswordString );
|
|
|
|
if ( !DifferentAccount )
|
|
{
|
|
int i ;
|
|
UINT Resource = 0 ;
|
|
|
|
for ( i = 0 ;
|
|
i < sizeof( UnlockMessages ) / sizeof( UNLOCK_MESSAGE ) ;
|
|
i++ )
|
|
{
|
|
if ( UnlockMessages[i].Status == Status )
|
|
{
|
|
Resource = UnlockMessages[i].Resource ;
|
|
break;
|
|
}
|
|
}
|
|
|
|
if ( Resource == 0 )
|
|
{
|
|
Resource = IDS_UNLOCK_FAILED_BAD_PWD ;
|
|
}
|
|
|
|
if(Resource == IDS_LOGON_NO_DOMAIN)
|
|
{
|
|
// Need to build the domain name into the string.
|
|
LoadString(hDllInstance, Resource, Buffer1, MAX_STRING_BYTES);
|
|
_snwprintf(Buffer2, sizeof(Buffer2)/sizeof(TCHAR), Buffer1, pGlobals->Domain);
|
|
}
|
|
else
|
|
{
|
|
LoadString(hDllInstance, Resource, Buffer2, MAX_STRING_BYTES);
|
|
}
|
|
|
|
fStringFound = TRUE;
|
|
}
|
|
else
|
|
{
|
|
//
|
|
// They're not the logged on user and they're not an admin.
|
|
// Tell them they failed to unlock the workstation.
|
|
//
|
|
|
|
if ( lstrlen(pGlobals->UserFullName) == 0 ) {
|
|
|
|
//
|
|
// No full name.
|
|
//
|
|
|
|
if ( pGlobals->Domain[0] == L'\0' )
|
|
{
|
|
//
|
|
// UPN logon:
|
|
//
|
|
|
|
LoadString(hDllInstance, IDS_UNLOCK_FAILED_EMAIL_NFN, Buffer1, MAX_STRING_BYTES);
|
|
|
|
_snwprintf(Buffer2, sizeof(Buffer2)/sizeof(TCHAR), Buffer1,
|
|
pGlobals->UserName
|
|
);
|
|
|
|
}
|
|
else
|
|
{
|
|
LoadString(hDllInstance, IDS_UNLOCK_FAILED_NFN, Buffer1, MAX_STRING_BYTES);
|
|
|
|
_snwprintf(Buffer2, sizeof(Buffer2)/sizeof(TCHAR), Buffer1, pGlobals->Domain,
|
|
pGlobals->UserName
|
|
);
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
if ( pGlobals->Domain[0] == L'\0' )
|
|
{
|
|
//
|
|
// UPN Logon:
|
|
//
|
|
LoadString(hDllInstance, IDS_UNLOCK_FAILED_EMAIL, Buffer1, MAX_STRING_BYTES);
|
|
|
|
_snwprintf(Buffer2, sizeof(Buffer2)/sizeof(TCHAR), Buffer1,
|
|
pGlobals->UserName,
|
|
pGlobals->UserFullName
|
|
);
|
|
|
|
}
|
|
else
|
|
{
|
|
|
|
LoadString(hDllInstance, IDS_UNLOCK_FAILED, Buffer1, MAX_STRING_BYTES);
|
|
|
|
_snwprintf(Buffer2, sizeof(Buffer2)/sizeof(TCHAR), Buffer1, pGlobals->Domain,
|
|
pGlobals->UserName,
|
|
pGlobals->UserFullName
|
|
);
|
|
}
|
|
}
|
|
}
|
|
// Covers all _snwprintf(Buffer2 in this function
|
|
Buffer2[ sizeof(Buffer2)/sizeof(TCHAR) - 1 ] = 0;
|
|
|
|
FastErrorExit:
|
|
Buffer1[0] = 0;
|
|
LoadString(hDllInstance, IDS_WORKSTATION_LOCKED, Buffer1, MAX_STRING_BYTES);
|
|
|
|
Result = TimeoutMessageBoxlpstr(hDlg,
|
|
pGlobals,
|
|
Buffer2,
|
|
Buffer1,
|
|
MB_OK | MB_ICONSTOP,
|
|
TIMEOUT_CURRENT);
|
|
if (DLG_INTERRUPTED(Result)) {
|
|
return( SetInterruptFlag( MSGINA_DLG_FAILURE ) );
|
|
}
|
|
|
|
return(MSGINA_DLG_FAILURE);
|
|
}
|
|
|
|
|
|
/****************************************************************************\
|
|
*
|
|
* FUNCTION: UnlockShowOptions
|
|
*
|
|
* PURPOSE: Hide the options part of the unlock dialog
|
|
*
|
|
* RETURNS: Nothing
|
|
*
|
|
* HISTORY:
|
|
*
|
|
* 15-dec-97 daviddv - Created
|
|
*
|
|
\****************************************************************************/
|
|
|
|
VOID UnlockShowOptions(PGLOBALS pGlobals, HWND hDlg, BOOL fShow)
|
|
{
|
|
RECT rc, rc2;
|
|
INT dy;
|
|
TCHAR szBuffer[32];
|
|
|
|
if ( pGlobals->UnlockOptionsShown != fShow )
|
|
{
|
|
//
|
|
// Show hide optional fields in the dialog
|
|
//
|
|
|
|
if (pGlobals->ShowDomainBox)
|
|
{
|
|
GetWindowRect(GetDlgItem(hDlg, IDD_UNLOCK_PASSWORD), &rc);
|
|
GetWindowRect(GetDlgItem(hDlg, IDD_UNLOCK_DOMAIN), &rc2);
|
|
dy = rc2.bottom-rc.bottom;
|
|
|
|
MoveControls(hDlg, ctrlNoDomain,
|
|
sizeof(ctrlNoDomain)/sizeof(ctrlNoDomain[0]),
|
|
0, fShow ? dy:-dy,
|
|
TRUE);
|
|
|
|
ShowDlgItem(hDlg, IDD_UNLOCK_DOMAIN_LABEL, fShow);
|
|
ShowDlgItem(hDlg, IDD_UNLOCK_DOMAIN, fShow);
|
|
}
|
|
|
|
ShowDlgItem(hDlg, IDD_KBLAYOUT_ICON, fShow);
|
|
//
|
|
// Change the options button to reflect the open/close state
|
|
//
|
|
|
|
LoadString(hDllInstance, fShow ? IDS_LESSOPTIONS:IDS_MOREOPTIONS,
|
|
szBuffer, sizeof(szBuffer)/sizeof(szBuffer[0]));
|
|
|
|
SetDlgItemText(hDlg, IDD_UNLOCK_OPTIONS, szBuffer);
|
|
}
|
|
|
|
pGlobals->UnlockOptionsShown = fShow;
|
|
|
|
// Enable or disable the domain box depending on whether a UPN name has been typed
|
|
EnableDomainForUPN(GetDlgItem(hDlg, IDD_UNLOCK_NAME), GetDlgItem(hDlg, IDD_UNLOCK_DOMAIN));
|
|
}
|
|
|