windows 如何正确调用 LsaLogonUser 进行交互式登录?
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/7627750/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
How do I correctly call LsaLogonUser for an interactive logon?
提问by Charlie
I'm trying to use LsaLogonUser to create an interactive logon session, but it always returns STATUS_INVALID_INFO_CLASS(0xc0000003). From what I have found in searching online, the memory layout of the KERB_INTERACTIVE_LOGONstructure is tricky, but I'm pretty sure I've done that right.
我正在尝试使用 LsaLogonUser 创建交互式登录会话,但它总是返回STATUS_INVALID_INFO_CLASS(0xc0000003)。从我在网上搜索的结果来看,KERB_INTERACTIVE_LOGON结构的内存布局很棘手,但我很确定我做得对。
I've also tried using MSV1.0 instead of Kerberos, with MSV1_0_INTERACTIVE_LOGONfor the authentication structure and MSV1_0_PACKAGE_NAMEas the package name, but that fails with STATUS_BAD_VALIDATION_CLASS(0xc00000a7).
我还尝试使用 MSV1.0 而不是 Kerberos,MSV1_0_INTERACTIVE_LOGON作为身份验证结构和MSV1_0_PACKAGE_NAME包名称,但失败了STATUS_BAD_VALIDATION_CLASS(0xc00000a7)。
Can anyone tell what I'm doing wrong here? Here's the code, with most of the error handling stripped. Clearly this isn't production-quality; I'm just trying to get a working sample.
谁能告诉我在这里做错了什么?这是代码,大部分错误处理都被剥离了。显然,这不是生产质量;我只是想得到一个工作样本。
// see below for definitions of these
size_t wcsByteLen( const wchar_t* str );
void InitUnicodeString( UNICODE_STRING& str, const wchar_t* value, BYTE* buffer, size_t& offset );
int main( int argc, char * argv[] )
{
// connect to the LSA
HANDLE lsa;
LsaConnectUntrusted( &lsa );
const wchar_t* domain = L"mydomain";
const wchar_t* user = L"someuser";
const wchar_t* password = L"scaryplaintextpassword";
// prepare the authentication info
ULONG authInfoSize = sizeof(KERB_INTERACTIVE_LOGON) +
wcsByteLen( domain ) + wcsByteLen( user ) + wcsByteLen( password );
BYTE* authInfoBuf = new BYTE[authInfoSize];
KERB_INTERACTIVE_LOGON* authInfo = (KERB_INTERACTIVE_LOGON*)authInfoBuf;
authInfo->MessageType = KerbInteractiveLogon;
size_t offset = sizeof(KERB_INTERACTIVE_LOGON);
InitUnicodeString( authInfo->LogonDomainName, domain, authInfoBuf, offset );
InitUnicodeString( authInfo->UserName, user, authInfoBuf, offset );
InitUnicodeString( authInfo->Password, password, authInfoBuf, offset );
// find the Kerberos security package
char packageNameRaw[] = MICROSOFT_KERBEROS_NAME_A;
LSA_STRING packageName;
packageName.Buffer = packageNameRaw;
packageName.Length = packageName.MaximumLength = (USHORT)strlen( packageName.Buffer );
ULONG packageId;
LsaLookupAuthenticationPackage( lsa, &packageName, &packageId );
// create a dummy origin and token source
LSA_STRING origin = {};
origin.Buffer = _strdup( "TestAppFoo" );
origin.Length = (USHORT)strlen( origin.Buffer );
origin.MaximumLength = origin.Length;
TOKEN_SOURCE source = {};
strcpy( source.SourceName, "foobar" );
AllocateLocallyUniqueId( &source.SourceIdentifier );
void* profileBuffer;
DWORD profileBufLen;
LUID luid;
HANDLE token;
QUOTA_LIMITS qlimits;
NTSTATUS subStatus;
NTSTATUS status = LsaLogonUser( lsa, &origin, Interactive, packageId,
&authInfo, authInfoSize, 0, &source, &profileBuffer, &profileBufLen,
&luid, &token, &qlimits, &subStatus );
if( status != ERROR_SUCCESS )
{
ULONG err = LsaNtStatusToWinError( status );
printf( "LsaLogonUser failed: %x\n", status );
return 1;
}
}
size_t wcsByteLen( const wchar_t* str )
{
return wcslen( str ) * sizeof(wchar_t);
}
void InitUnicodeString( UNICODE_STRING& str, const wchar_t* value,
BYTE* buffer, size_t& offset )
{
size_t size = wcsByteLen( value );
str.Length = str.MaximumLength = (USHORT)size;
str.Buffer = (PWSTR)(buffer + offset);
memcpy( str.Buffer, value, size );
offset += size;
}
回答by Luke
You goofed up on one of the parameters to LsaLogonUser(); instead of &authInfoyou should pass just authInfo. Happens to everyone :)
你搞砸了 LsaLogonUser(); 的参数之一。而不是&authInfo你应该通过 just authInfo. 发生在每个人身上:)
