5
我正嘗試使用LsaLogonUser創建交互式登錄會話,但始終返回STATUS_INVALID_INFO_CLASS
(0xc0000003)。從我在網上搜索中發現的結果來看,KERB_INTERACTIVE_LOGON
結構的內存佈局非常棘手,但我確信我做得很對。如何正確調用LsaLogonUser進行交互式登錄?
我也嘗試使用MSV1.0而不是Kerberos,請與MSV1_0_INTERACTIVE_LOGON
的認證結構和MSV1_0_PACKAGE_NAME
作爲包名,但失敗STATUS_BAD_VALIDATION_CLASS
(0xc00000a7)。
任何人都可以告訴我在這裏做錯了嗎?這是代碼,大部分的錯誤處理都被剝離了。顯然這不是生產質量;我只是想獲得一個工作樣本。
// see below for definitions of these
size_t wcsByteLen(const wchar_t* str);
void InitUnicodeString(UNICODE_STRING& str, const wchar_t* value, BYTE* buffer, size_t& offset);
int main(int argc, char * argv[])
{
// connect to the LSA
HANDLE lsa;
LsaConnectUntrusted(&lsa);
const wchar_t* domain = L"mydomain";
const wchar_t* user = L"someuser";
const wchar_t* password = L"scaryplaintextpassword";
// prepare the authentication info
ULONG authInfoSize = sizeof(KERB_INTERACTIVE_LOGON) +
wcsByteLen(domain) + wcsByteLen(user) + wcsByteLen(password);
BYTE* authInfoBuf = new BYTE[authInfoSize];
KERB_INTERACTIVE_LOGON* authInfo = (KERB_INTERACTIVE_LOGON*)authInfoBuf;
authInfo->MessageType = KerbInteractiveLogon;
size_t offset = sizeof(KERB_INTERACTIVE_LOGON);
InitUnicodeString(authInfo->LogonDomainName, domain, authInfoBuf, offset);
InitUnicodeString(authInfo->UserName, user, authInfoBuf, offset);
InitUnicodeString(authInfo->Password, password, authInfoBuf, offset);
// find the Kerberos security package
char packageNameRaw[] = MICROSOFT_KERBEROS_NAME_A;
LSA_STRING packageName;
packageName.Buffer = packageNameRaw;
packageName.Length = packageName.MaximumLength = (USHORT)strlen(packageName.Buffer);
ULONG packageId;
LsaLookupAuthenticationPackage(lsa, &packageName, &packageId);
// create a dummy origin and token source
LSA_STRING origin = {};
origin.Buffer = _strdup("TestAppFoo");
origin.Length = (USHORT)strlen(origin.Buffer);
origin.MaximumLength = origin.Length;
TOKEN_SOURCE source = {};
strcpy(source.SourceName, "foobar");
AllocateLocallyUniqueId(&source.SourceIdentifier);
void* profileBuffer;
DWORD profileBufLen;
LUID luid;
HANDLE token;
QUOTA_LIMITS qlimits;
NTSTATUS subStatus;
NTSTATUS status = LsaLogonUser(lsa, &origin, Interactive, packageId,
&authInfo, authInfoSize, 0, &source, &profileBuffer, &profileBufLen,
&luid, &token, &qlimits, &subStatus);
if(status != ERROR_SUCCESS)
{
ULONG err = LsaNtStatusToWinError(status);
printf("LsaLogonUser failed: %x\n", status);
return 1;
}
}
size_t wcsByteLen(const wchar_t* str)
{
return wcslen(str) * sizeof(wchar_t);
}
void InitUnicodeString(UNICODE_STRING& str, const wchar_t* value,
BYTE* buffer, size_t& offset)
{
size_t size = wcsByteLen(value);
str.Length = str.MaximumLength = (USHORT)size;
str.Buffer = (PWSTR)(buffer + offset);
memcpy(str.Buffer, value, size);
offset += size;
}
哎喲,多麼愚蠢的錯誤。當我解決這個問題時它工作正常 - 謝謝! – Charlie