1. 首頁
  2. 問答
  3. 如何正確調用LsaLogonUser進行交互式登錄?

如何正確調用LsaLogonUser進行交互式登錄?

2011-10-02 40 views
5

我正嘗試使用LsaLogonUser創建交互式登錄會話,但始終返回STATUS_INVALID_INFO_CLASS(0xc0000003)。從我在網上搜索中發現的結果來看,KERB_INTERACTIVE_LOGON結構的內存佈局非常棘手,但我確信我做得很對。如何正確調用LsaLogonUser進行交互式登錄?

我也嘗試使用MSV1.0而不是Kerberos,請與MSV1_0_INTERACTIVE_LOGON的認證結構和MSV1_0_PACKAGE_NAME作爲包名,但失敗STATUS_BAD_VALIDATION_CLASS(0xc00000a7)。

任何人都可以告訴我在這裏做錯了嗎?這是代碼,大部分的錯誤處理都被剝離了。顯然這不是生產質量;我只是想獲得一個工作樣本。


// see below for definitions of these 
size_t wcsByteLen(const wchar_t* str); 
void InitUnicodeString(UNICODE_STRING& str, const wchar_t* value, BYTE* buffer, size_t& offset); 

int main(int argc, char * argv[]) 
{ 
    // connect to the LSA 
    HANDLE lsa; 
    LsaConnectUntrusted(&lsa); 

    const wchar_t* domain = L"mydomain"; 
    const wchar_t* user = L"someuser"; 
    const wchar_t* password = L"scaryplaintextpassword"; 

    // prepare the authentication info 
    ULONG authInfoSize = sizeof(KERB_INTERACTIVE_LOGON) + 
    wcsByteLen(domain) + wcsByteLen(user) + wcsByteLen(password); 
    BYTE* authInfoBuf = new BYTE[authInfoSize]; 
    KERB_INTERACTIVE_LOGON* authInfo = (KERB_INTERACTIVE_LOGON*)authInfoBuf; 
    authInfo->MessageType = KerbInteractiveLogon; 
    size_t offset = sizeof(KERB_INTERACTIVE_LOGON); 
    InitUnicodeString(authInfo->LogonDomainName, domain, authInfoBuf, offset); 
    InitUnicodeString(authInfo->UserName, user, authInfoBuf, offset); 
    InitUnicodeString(authInfo->Password, password, authInfoBuf, offset); 

    // find the Kerberos security package 
    char packageNameRaw[] = MICROSOFT_KERBEROS_NAME_A; 
    LSA_STRING packageName; 
    packageName.Buffer = packageNameRaw; 
    packageName.Length = packageName.MaximumLength = (USHORT)strlen(packageName.Buffer); 
    ULONG packageId; 
    LsaLookupAuthenticationPackage(lsa, &packageName, &packageId); 

    // create a dummy origin and token source 
    LSA_STRING origin = {}; 
    origin.Buffer = _strdup("TestAppFoo"); 
    origin.Length = (USHORT)strlen(origin.Buffer); 
    origin.MaximumLength = origin.Length; 
    TOKEN_SOURCE source = {}; 
    strcpy(source.SourceName, "foobar"); 
    AllocateLocallyUniqueId(&source.SourceIdentifier); 

    void* profileBuffer; 
    DWORD profileBufLen; 
    LUID luid; 
    HANDLE token; 
    QUOTA_LIMITS qlimits; 
    NTSTATUS subStatus; 
    NTSTATUS status = LsaLogonUser(lsa, &origin, Interactive, packageId, 
    &authInfo, authInfoSize, 0, &source, &profileBuffer, &profileBufLen, 
    &luid, &token, &qlimits, &subStatus); 
    if(status != ERROR_SUCCESS) 
    { 
     ULONG err = LsaNtStatusToWinError(status); 
     printf("LsaLogonUser failed: %x\n", status); 
     return 1; 
    } 
} 

size_t wcsByteLen(const wchar_t* str) 
{ 
    return wcslen(str) * sizeof(wchar_t); 
} 

void InitUnicodeString(UNICODE_STRING& str, const wchar_t* value, 
BYTE* buffer, size_t& offset) 
{ 
    size_t size = wcsByteLen(value); 
    str.Length = str.MaximumLength = (USHORT)size; 
    str.Buffer = (PWSTR)(buffer + offset); 
    memcpy(str.Buffer, value, size); 
    offset += size; 
}

來源

2011-10-02 Charlie

回答

6

你對LsaLogonUser()中的一個參數進行了僞裝,而不是&authInfo你應該只通過authInfo。發生在每個人:)

來源

2011-10-03 15:38:46 Luke

+1

哎喲,多麼愚蠢的錯誤。當我解決這個問題時它工作正常 - 謝謝! – Charlie

相關問題

 相關問題