如何正确调用LsaLogonUser进行交互式登录? [英] How do I correctly call LsaLogonUser for an interactive logon?

查看:563
本文介绍了如何正确调用LsaLogonUser进行交互式登录?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我正在尝试使用LsaLogonUser创建交互式登录会话,但它始终返回STATUS_INVALID_INFO_CLASS(0xc0000003).根据我在在线搜索中发现的内容,KERB_INTERACTIVE_LOGON结构的内存布局有些棘手,但是我敢肯定我做对了.

I'm trying to use LsaLogonUser to create an interactive logon session, but it always returns STATUS_INVALID_INFO_CLASS (0xc0000003). From what I have found in searching online, the memory layout of the KERB_INTERACTIVE_LOGON structure is tricky, but I'm pretty sure I've done that right.

我还尝试过使用MSV1.0代替Kerberos,并使用MSV1_0_INTERACTIVE_LOGON作为身份验证结构,并使用MSV1_0_PACKAGE_NAME作为程序包名称,但是以STATUS_BAD_VALIDATION_CLASS(0xc00000a7)失败.

I've also tried using MSV1.0 instead of Kerberos, with MSV1_0_INTERACTIVE_LOGON for the authentication structure and MSV1_0_PACKAGE_NAME as the package name, but that fails with STATUS_BAD_VALIDATION_CLASS (0xc00000a7).

有人可以告诉我我在做什么错吗?这是代码,其中去除了大多数错误处理.显然,这不是生产质量.我只是想获取一个工作样本.

Can anyone tell what I'm doing wrong here? Here's the code, with most of the error handling stripped. Clearly this isn't production-quality; I'm just trying to get a working sample.


// see below for definitions of these
size_t wcsByteLen( const wchar_t* str );
void InitUnicodeString( UNICODE_STRING& str, const wchar_t* value, BYTE* buffer, size_t& offset );

int main( int argc, char * argv[] )
{
    // connect to the LSA
    HANDLE lsa;
    LsaConnectUntrusted( &lsa );

    const wchar_t* domain = L"mydomain";
    const wchar_t* user = L"someuser";
    const wchar_t* password = L"scaryplaintextpassword";

    // prepare the authentication info
    ULONG authInfoSize = sizeof(KERB_INTERACTIVE_LOGON) +
     wcsByteLen( domain ) + wcsByteLen( user ) + wcsByteLen( password );
    BYTE* authInfoBuf = new BYTE[authInfoSize];
    KERB_INTERACTIVE_LOGON* authInfo = (KERB_INTERACTIVE_LOGON*)authInfoBuf;
    authInfo->MessageType = KerbInteractiveLogon;
    size_t offset = sizeof(KERB_INTERACTIVE_LOGON);
    InitUnicodeString( authInfo->LogonDomainName, domain, authInfoBuf, offset );
    InitUnicodeString( authInfo->UserName, user, authInfoBuf, offset );
    InitUnicodeString( authInfo->Password, password, authInfoBuf, offset );

    // find the Kerberos security package
    char packageNameRaw[] = MICROSOFT_KERBEROS_NAME_A;
    LSA_STRING packageName;
    packageName.Buffer = packageNameRaw;
    packageName.Length = packageName.MaximumLength = (USHORT)strlen( packageName.Buffer );
    ULONG packageId;
    LsaLookupAuthenticationPackage( lsa, &packageName, &packageId );

    // create a dummy origin and token source
    LSA_STRING origin = {};
    origin.Buffer = _strdup( "TestAppFoo" );
    origin.Length = (USHORT)strlen( origin.Buffer );
    origin.MaximumLength = origin.Length;
    TOKEN_SOURCE source = {};
    strcpy( source.SourceName, "foobar" );
    AllocateLocallyUniqueId( &source.SourceIdentifier );

    void* profileBuffer;
    DWORD profileBufLen;
    LUID luid;
    HANDLE token;
    QUOTA_LIMITS qlimits;
    NTSTATUS subStatus;
    NTSTATUS status = LsaLogonUser( lsa, &origin, Interactive, packageId,
     &authInfo, authInfoSize, 0, &source, &profileBuffer, &profileBufLen,
     &luid, &token, &qlimits, &subStatus );
    if( status != ERROR_SUCCESS )
    {
        ULONG err = LsaNtStatusToWinError( status );
        printf( "LsaLogonUser failed: %x\n", status );
        return 1;
    }
}

size_t wcsByteLen( const wchar_t* str )
{
    return wcslen( str ) * sizeof(wchar_t);
}

void InitUnicodeString( UNICODE_STRING& str, const wchar_t* value,
 BYTE* buffer, size_t& offset )
{
    size_t size = wcsByteLen( value );
    str.Length = str.MaximumLength = (USHORT)size;
    str.Buffer = (PWSTR)(buffer + offset);
    memcpy( str.Buffer, value, size );
    offset += size;
}

推荐答案

您迷惑了LsaLogonUser()的参数之一;而不是&authInfo,您应该只传递authInfo.发生在每个人身上:)

You goofed up on one of the parameters to LsaLogonUser(); instead of &authInfo you should pass just authInfo. Happens to everyone :)

这篇关于如何正确调用LsaLogonUser进行交互式登录?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆