1

单击提交按钮并检查用户密码后如何添加我的代码?

在成功调用 KerbInteractiveUnlockLogonPack 和 RetrieveNegotiateAuthPackage 后,我在 GetSerialization 函数中添加了我的代码。但在这种状态下,首先运行我的代码,然后检查用户密码。

我想先检查用户密码,如果正确,然后运行我的代码。我该怎么办?

if (_fIsLocalUser)
{
    PWSTR pwzProtectedPassword;
    hr = ProtectIfNecessaryAndCopyPassword(_rgFieldStrings[SFI_PASSWORD], _cpus, &pwzProtectedPassword);
    if (SUCCEEDED(hr))
    {
        PWSTR pszDomain;
        PWSTR pszUsername;
        hr = SplitDomainAndUsername(_pszQualifiedUserName, &pszDomain, &pszUsername);
        if (SUCCEEDED(hr))
        {
            KERB_INTERACTIVE_UNLOCK_LOGON kiul;
            hr = KerbInteractiveUnlockLogonInit(pszDomain, pszUsername, pwzProtectedPassword, _cpus, &kiul);
            if (SUCCEEDED(hr))
            {
                // We use KERB_INTERACTIVE_UNLOCK_LOGON in both unlock and logon scenarios.  It contains a
                // KERB_INTERACTIVE_LOGON to hold the creds plus a LUID that is filled in for us by Winlogon
                // as necessary.
                hr = KerbInteractiveUnlockLogonPack(kiul, &pcpcs->rgbSerialization, &pcpcs->cbSerialization);
                if (SUCCEEDED(hr))
                {
                    ULONG ulAuthPackage;
                    hr = RetrieveNegotiateAuthPackage(&ulAuthPackage);
                    if (SUCCEEDED(hr))
                    {
                        pcpcs->ulAuthenticationPackage = ulAuthPackage;
                        pcpcs->clsidCredentialProvider = CLSID_CSample;
                        // At this point the credential has created the serialized credential used for logon
                        // By setting this to CPGSR_RETURN_CREDENTIAL_FINISHED we are letting logonUI know
                        // that we have all the information we need and it should attempt to submit the
                        // serialized credential.
                        *pcpgsr = CPGSR_RETURN_CREDENTIAL_FINISHED;
                    }
                }
            }
            CoTaskMemFree(pszDomain);
            CoTaskMemFree(pszUsername);
        }
        CoTaskMemFree(pwzProtectedPassword);
    }
}
4

1 回答 1

2

我在代码中找到了以下行来检查用户名/密码对:

    bRet = LogonUserExA(lpszUsername, NULL, lpszPassword, LOGON32_LOGON_NETWORK, 
        LOGON32_PROVIDER_DEFAULT, NULL, NULL, NULL, NULL, NULL);

lpszUsername我们使用其中一种形式的完整 UPNdomain\useruser@domain.
关键常数是LOGON32_LOGON_NETWORK

此登录类型旨在供高性能服务器验证明文密码。LogonUserEx函数不缓存此登录类型的凭据。

有关参数和常量值的详细信息,请参阅 MS Docs,并查看备注部分。

在您的情况下,它可能如下所示:

if(LogonUserEx(_pszQualifiedUserName, NULL, _rgFieldStrings[SFI_PASSWORD],
    LOGON32_LOGON_NETWORK, LOGON32_PROVIDER_DEFAULT, NULL, NULL, NULL, NULL, NULL))
{
    ...
}
于 2020-05-17T15:37:18.613 回答