Index: /trunk/src/VBox/Additions/WINNT/VBoxCredProv/VBoxCredential.cpp =================================================================== --- /trunk/src/VBox/Additions/WINNT/VBoxCredProv/VBoxCredential.cpp (revision 35580) +++ /trunk/src/VBox/Additions/WINNT/VBoxCredProv/VBoxCredential.cpp (revision 35581) @@ -696,6 +696,10 @@ UNREFERENCED_PARAMETER(pcpsiOptionalStatusIcon); - KERB_INTERACTIVE_LOGON kil; - ZeroMemory(&kil, sizeof(kil)); + KERB_INTERACTIVE_UNLOCK_LOGON kiul; + ZeroMemory(&kiul, sizeof(kiul)); + + /* Save a pointer to the interactive logon struct. */ + KERB_INTERACTIVE_LOGON* pkil = &kiul.Logon; + AssertPtr(pkil); HRESULT hr; @@ -707,23 +711,46 @@ /* Is a domain name missing? Then use the name of the local computer. */ if (NULL == m_rgFieldStrings [SFI_DOMAINNAME]) - hr = UnicodeStringInitWithString(wszComputerName, &kil.LogonDomainName); + hr = UnicodeStringInitWithString(wszComputerName, &pkil->LogonDomainName); else hr = UnicodeStringInitWithString(m_rgFieldStrings [SFI_DOMAINNAME], - &kil.LogonDomainName); + &pkil->LogonDomainName); /* Fill in the username and password. */ if (SUCCEEDED(hr)) { - hr = UnicodeStringInitWithString(m_rgFieldStrings[SFI_USERNAME], &kil.UserName); + hr = UnicodeStringInitWithString(m_rgFieldStrings[SFI_USERNAME], &pkil->UserName); if (SUCCEEDED(hr)) { - hr = UnicodeStringInitWithString(m_rgFieldStrings[SFI_PASSWORD], &kil.Password); + hr = UnicodeStringInitWithString(m_rgFieldStrings[SFI_PASSWORD], &pkil->Password); if (SUCCEEDED(hr)) { - /* Allocate copies of, and package, the strings in a binary blob. */ - kil.MessageType = KerbInteractiveLogon; - hr = KerbInteractiveLogonPack(kil, - &pcpCredentialSerialization->rgbSerialization, - &pcpCredentialSerialization->cbSerialization); + /* Set credential type according to current usage scenario. */ + AssertPtr(pkil); + switch (m_cpUS) + { + case CPUS_UNLOCK_WORKSTATION: + pkil->MessageType = KerbWorkstationUnlockLogon; + break; + + case CPUS_LOGON: + pkil->MessageType = KerbInteractiveLogon; + break; + + case CPUS_CREDUI: + pkil->MessageType = (KERB_LOGON_SUBMIT_TYPE)0; /* No message type required here. */ + break; + + default: + hr = E_FAIL; + break; + } + + if (SUCCEEDED(hr)) + { + /* Allocate copies of, and package, the strings in a binary blob. */ + hr = KerbInteractiveUnlockLogonPack(kiul, + &pcpCredentialSerialization->rgbSerialization, + &pcpCredentialSerialization->cbSerialization); + } if (SUCCEEDED(hr)) { Index: /trunk/src/VBox/Additions/WINNT/VBoxCredProv/helpers.cpp =================================================================== --- /trunk/src/VBox/Additions/WINNT/VBoxCredProv/helpers.cpp (revision 35580) +++ /trunk/src/VBox/Additions/WINNT/VBoxCredProv/helpers.cpp (revision 35581) @@ -170,45 +170,53 @@ // -// WinLogon and LSA consume "packed" KERB_INTERACTIVE_LOGONs. In these, the PWSTR members of each +// WinLogon and LSA consume "packed" KERB_INTERACTIVE_UNLOCK_LOGONs. In these, the PWSTR members of each // UNICODE_STRING are not actually pointers but byte offsets into the overall buffer represented -// by the packed KERB_INTERACTIVE_LOGON. For example: -// -// kil.LogonDomainName.Length = 14 -> Length is in bytes, not characters -// kil.LogonDomainName.Buffer = sizeof(KERB_INTERACTIVE_LOGON) -> LogonDomainName begins immediately -// after the KERB_... struct in the buffer -// kil.UserName.Length = 10 -// kil.UserName.Buffer = sizeof(KERB_INTERACTIVE_LOGON) + 14 -> UNICODE_STRINGS are NOT null-terminated -// -// kil.Password.Length = 16 -// kil.Password.Buffer = sizeof(KERB_INTERACTIVE_LOGON) + 14 + 10 +// by the packed KERB_INTERACTIVE_UNLOCK_LOGON. For example: +// +// rkiulIn.Logon.LogonDomainName.Length = 14 -> Length is in bytes, not characters +// rkiulIn.Logon.LogonDomainName.Buffer = sizeof(KERB_INTERACTIVE_UNLOCK_LOGON) -> LogonDomainName begins immediately +// after the KERB_... struct in the buffer +// rkiulIn.Logon.UserName.Length = 10 +// rkiulIn.Logon.UserName.Buffer = sizeof(KERB_INTERACTIVE_UNLOCK_LOGON) + 14 -> UNICODE_STRINGS are NOT null-terminated +// +// rkiulIn.Logon.Password.Length = 16 +// rkiulIn.Logon.Password.Buffer = sizeof(KERB_INTERACTIVE_UNLOCK_LOGON) + 14 + 10 // // There's more information on this at: // http://msdn.microsoft.com/msdnmag/issues/05/06/SecurityBriefs/#void // - -HRESULT KerbInteractiveLogonPack( - const KERB_INTERACTIVE_LOGON& rkil, - BYTE** prgb, - DWORD* pcb - ) -{ - HRESULT hr; +HRESULT KerbInteractiveUnlockLogonPack( + const KERB_INTERACTIVE_UNLOCK_LOGON& rkiulIn, + BYTE** prgb, + DWORD* pcb + ) +{ + HRESULT hr; + + const KERB_INTERACTIVE_LOGON* pkilIn = &rkiulIn.Logon; // alloc space for struct plus extra for the three strings - DWORD cb = sizeof(rkil) + - rkil.LogonDomainName.Length + - rkil.UserName.Length + - rkil.Password.Length; - - KERB_INTERACTIVE_LOGON* pkil = (KERB_INTERACTIVE_LOGON*)CoTaskMemAlloc(cb); - - if (pkil) - { - pkil->MessageType = rkil.MessageType; + DWORD cb = sizeof(rkiulIn) + + pkilIn->LogonDomainName.Length + + pkilIn->UserName.Length + + pkilIn->Password.Length; + + KERB_INTERACTIVE_UNLOCK_LOGON* pkiulOut = (KERB_INTERACTIVE_UNLOCK_LOGON*)CoTaskMemAlloc(cb); + + if (pkiulOut) + { + ZeroMemory(&pkiulOut->LogonId, sizeof(LUID)); // // point pbBuffer at the beginning of the extra space // - BYTE* pbBuffer = (BYTE*)pkil + sizeof(KERB_INTERACTIVE_LOGON); + BYTE* pbBuffer = (BYTE*)pkiulOut + sizeof(*pkiulOut); + + // + // set up the Logon structure within the KERB_INTERACTIVE_UNLOCK_LOGON + // + KERB_INTERACTIVE_LOGON* pkilOut = &pkiulOut->Logon; + + pkilOut->MessageType = pkilIn->MessageType; // @@ -217,16 +225,16 @@ // advance buffer pointer over copied characters in extra space // - _UnicodeStringPackedUnicodeStringCopy(rkil.LogonDomainName, (PWSTR)pbBuffer, &pkil->LogonDomainName); - pkil->LogonDomainName.Buffer = (PWSTR)(pbBuffer - (BYTE*)pkil); - pbBuffer += pkil->LogonDomainName.Length; - - _UnicodeStringPackedUnicodeStringCopy(rkil.UserName, (PWSTR)pbBuffer, &pkil->UserName); - pkil->UserName.Buffer = (PWSTR)(pbBuffer - (BYTE*)pkil); - pbBuffer += pkil->UserName.Length; - - _UnicodeStringPackedUnicodeStringCopy(rkil.Password, (PWSTR)pbBuffer, &pkil->Password); - pkil->Password.Buffer = (PWSTR)(pbBuffer - (BYTE*)pkil); - - *prgb = (BYTE*)pkil; + _UnicodeStringPackedUnicodeStringCopy(pkilIn->LogonDomainName, (PWSTR)pbBuffer, &pkilOut->LogonDomainName); + pkilOut->LogonDomainName.Buffer = (PWSTR)(pbBuffer - (BYTE*)pkiulOut); + pbBuffer += pkilOut->LogonDomainName.Length; + + _UnicodeStringPackedUnicodeStringCopy(pkilIn->UserName, (PWSTR)pbBuffer, &pkilOut->UserName); + pkilOut->UserName.Buffer = (PWSTR)(pbBuffer - (BYTE*)pkiulOut); + pbBuffer += pkilOut->UserName.Length; + + _UnicodeStringPackedUnicodeStringCopy(pkilIn->Password, (PWSTR)pbBuffer, &pkilOut->Password); + pkilOut->Password.Buffer = (PWSTR)(pbBuffer - (BYTE*)pkiulOut); + + *prgb = (BYTE*)pkiulOut; *pcb = cb; @@ -246,10 +254,5 @@ // memory space boundary is not going to work -- repack it if necessary! // -// -// Unpack a KERB_INTERACTIVE_UNLOCK_LOGON *in place*. That is, reset the Buffers from being offsets to -// being real pointers. This means, of course, that passing the resultant struct across any sort of -// memory space boundary is not going to work -- repack it if necessary! -// -void KerbInteractiveLogonUnpackInPlace( +void KerbInteractiveUnlockLogonUnpackInPlace( __inout_bcount(cb) KERB_INTERACTIVE_UNLOCK_LOGON* pkiul ) Index: /trunk/src/VBox/Additions/WINNT/VBoxCredProv/helpers.h =================================================================== --- /trunk/src/VBox/Additions/WINNT/VBoxCredProv/helpers.h (revision 35580) +++ /trunk/src/VBox/Additions/WINNT/VBoxCredProv/helpers.h (revision 35581) @@ -44,6 +44,6 @@ //packages the credentials into the buffer that the system expects -HRESULT KerbInteractiveLogonPack( - const KERB_INTERACTIVE_LOGON& rkil, +HRESULT KerbInteractiveUnlockLogonPack( + const KERB_INTERACTIVE_UNLOCK_LOGON& rkiulIn, BYTE** prgb, DWORD* pcb @@ -51,8 +51,7 @@ //unpacks the "packed" version of the creds in-place into the "unpacked" version -void KerbInteractiveLogonUnpackInPlace( +void KerbInteractiveUnlockLogonUnpackInPlace( KERB_INTERACTIVE_UNLOCK_LOGON* pkiul ); - //get the authentication package that will be used for our logon attempt @@ -60,2 +59,3 @@ ULONG * pulAuthPackage ); +