1. 首页
  2. 问答
  3. 如何正确调用LsaLogonUser进行交互式登录?

如何正确调用LsaLogonUser进行交互式登录?

2011-10-02 124 views
5

我正尝试使用LsaLogonUser创建交互式登录会话,但始终返回STATUS_INVALID_INFO_CLASS(0xc0000003)。从我在网上搜索中发现的结果来看,KERB_INTERACTIVE_LOGON结构的内存布局非常棘手,但我确信我做得很对。如何正确调用LsaLogonUser进行交互式登录?

我也尝试使用MSV1.0而不是Kerberos,请与MSV1_0_INTERACTIVE_LOGON的认证结构和MSV1_0_PACKAGE_NAME作为包名,但失败STATUS_BAD_VALIDATION_CLASS(0xc00000a7)。

任何人都可以告诉我在这里做错了吗?这是代码,大部分的错误处理都被剥离了。显然这不是生产质量;我只是想获得一个工作样本。


// see below for definitions of these 
size_t wcsByteLen(const wchar_t* str); 
void InitUnicodeString(UNICODE_STRING& str, const wchar_t* value, BYTE* buffer, size_t& offset); 

int main(int argc, char * argv[]) 
{ 
    // connect to the LSA 
    HANDLE lsa; 
    LsaConnectUntrusted(&lsa); 

    const wchar_t* domain = L"mydomain"; 
    const wchar_t* user = L"someuser"; 
    const wchar_t* password = L"scaryplaintextpassword"; 

    // prepare the authentication info 
    ULONG authInfoSize = sizeof(KERB_INTERACTIVE_LOGON) + 
    wcsByteLen(domain) + wcsByteLen(user) + wcsByteLen(password); 
    BYTE* authInfoBuf = new BYTE[authInfoSize]; 
    KERB_INTERACTIVE_LOGON* authInfo = (KERB_INTERACTIVE_LOGON*)authInfoBuf; 
    authInfo->MessageType = KerbInteractiveLogon; 
    size_t offset = sizeof(KERB_INTERACTIVE_LOGON); 
    InitUnicodeString(authInfo->LogonDomainName, domain, authInfoBuf, offset); 
    InitUnicodeString(authInfo->UserName, user, authInfoBuf, offset); 
    InitUnicodeString(authInfo->Password, password, authInfoBuf, offset); 

    // find the Kerberos security package 
    char packageNameRaw[] = MICROSOFT_KERBEROS_NAME_A; 
    LSA_STRING packageName; 
    packageName.Buffer = packageNameRaw; 
    packageName.Length = packageName.MaximumLength = (USHORT)strlen(packageName.Buffer); 
    ULONG packageId; 
    LsaLookupAuthenticationPackage(lsa, &packageName, &packageId); 

    // create a dummy origin and token source 
    LSA_STRING origin = {}; 
    origin.Buffer = _strdup("TestAppFoo"); 
    origin.Length = (USHORT)strlen(origin.Buffer); 
    origin.MaximumLength = origin.Length; 
    TOKEN_SOURCE source = {}; 
    strcpy(source.SourceName, "foobar"); 
    AllocateLocallyUniqueId(&source.SourceIdentifier); 

    void* profileBuffer; 
    DWORD profileBufLen; 
    LUID luid; 
    HANDLE token; 
    QUOTA_LIMITS qlimits; 
    NTSTATUS subStatus; 
    NTSTATUS status = LsaLogonUser(lsa, &origin, Interactive, packageId, 
    &authInfo, authInfoSize, 0, &source, &profileBuffer, &profileBufLen, 
    &luid, &token, &qlimits, &subStatus); 
    if(status != ERROR_SUCCESS) 
    { 
     ULONG err = LsaNtStatusToWinError(status); 
     printf("LsaLogonUser failed: %x\n", status); 
     return 1; 
    } 
} 

size_t wcsByteLen(const wchar_t* str) 
{ 
    return wcslen(str) * sizeof(wchar_t); 
} 

void InitUnicodeString(UNICODE_STRING& str, const wchar_t* value, 
BYTE* buffer, size_t& offset) 
{ 
    size_t size = wcsByteLen(value); 
    str.Length = str.MaximumLength = (USHORT)size; 
    str.Buffer = (PWSTR)(buffer + offset); 
    memcpy(str.Buffer, value, size); 
    offset += size; 
}

来源

2011-10-02 Charlie

回答

6

你对LsaLogonUser()中的一个参数进行了伪装,而不是&authInfo你应该只通过authInfo。发生在每个人:)

来源

2011-10-03 15:38:46 Luke

+1

哎哟,多么愚蠢的错误。当我解决这个问题时它工作正常 - 谢谢! – Charlie

相关问题

 相关问题