如何正确调用LsaLogonUser进行交互式login?

我试图使用LsaLogonUser来创build交互式login会话,但它始终返回STATUS_INVALID_INFO_CLASS (0xc0000003)。 从我在网上search中发现的情况来看, KERB_INTERACTIVE_LOGON结构的内存布局是非常棘手的,但是我确信我做的是正确的。

我也尝试使用MSV1.0而不是Kerberos, MSV1_0_INTERACTIVE_LOGON用于身份validation结构, MSV1_0_PACKAGE_NAME用作包名称,但是失败,并显示STATUS_BAD_VALIDATION_CLASS (0xc00000a7)。

任何人都可以告诉我在这里做错了吗? 这是代码,大部分的error handling都被剥离了。 显然这不是生产质量; 我只是想得到一个工作样本。

 // see below for definitions of these size_t wcsByteLen( const wchar_t* str ); void InitUnicodeString( UNICODE_STRING& str, const wchar_t* value, BYTE* buffer, size_t& offset ); int main( int argc, char * argv[] ) { // connect to the LSA HANDLE lsa; LsaConnectUntrusted( &lsa ); const wchar_t* domain = L"mydomain"; const wchar_t* user = L"someuser"; const wchar_t* password = L"scaryplaintextpassword"; // prepare the authentication info ULONG authInfoSize = sizeof(KERB_INTERACTIVE_LOGON) + wcsByteLen( domain ) + wcsByteLen( user ) + wcsByteLen( password ); BYTE* authInfoBuf = new BYTE[authInfoSize]; KERB_INTERACTIVE_LOGON* authInfo = (KERB_INTERACTIVE_LOGON*)authInfoBuf; authInfo->MessageType = KerbInteractiveLogon; size_t offset = sizeof(KERB_INTERACTIVE_LOGON); InitUnicodeString( authInfo->LogonDomainName, domain, authInfoBuf, offset ); InitUnicodeString( authInfo->UserName, user, authInfoBuf, offset ); InitUnicodeString( authInfo->Password, password, authInfoBuf, offset ); // find the Kerberos security package char packageNameRaw[] = MICROSOFT_KERBEROS_NAME_A; LSA_STRING packageName; packageName.Buffer = packageNameRaw; packageName.Length = packageName.MaximumLength = (USHORT)strlen( packageName.Buffer ); ULONG packageId; LsaLookupAuthenticationPackage( lsa, &packageName, &packageId ); // create a dummy origin and token source LSA_STRING origin = {}; origin.Buffer = _strdup( "TestAppFoo" ); origin.Length = (USHORT)strlen( origin.Buffer ); origin.MaximumLength = origin.Length; TOKEN_SOURCE source = {}; strcpy( source.SourceName, "foobar" ); AllocateLocallyUniqueId( &source.SourceIdentifier ); void* profileBuffer; DWORD profileBufLen; LUID luid; HANDLE token; QUOTA_LIMITS qlimits; NTSTATUS subStatus; NTSTATUS status = LsaLogonUser( lsa, &origin, Interactive, packageId, &authInfo, authInfoSize, 0, &source, &profileBuffer, &profileBufLen, &luid, &token, &qlimits, &subStatus ); if( status != ERROR_SUCCESS ) { ULONG err = LsaNtStatusToWinError( status ); printf( "LsaLogonUser failed: %x\n", status ); return 1; } } size_t wcsByteLen( const wchar_t* str ) { return wcslen( str ) * sizeof(wchar_t); } void InitUnicodeString( UNICODE_STRING& str, const wchar_t* value, BYTE* buffer, size_t& offset ) { size_t size = wcsByteLen( value ); str.Length = str.MaximumLength = (USHORT)size; str.Buffer = (PWSTR)(buffer + offset); memcpy( str.Buffer, value, size ); offset += size; } 

Solutions Collecting From Web of "如何正确调用LsaLogonUser进行交互式login?"