diff --git a/ee/wcp/ak_cred_provider/Credential.cpp b/ee/wcp/ak_cred_provider/Credential.cpp index 53fd14c4..5df71613 100644 --- a/ee/wcp/ak_cred_provider/Credential.cpp +++ b/ee/wcp/ak_cred_provider/Credential.cpp @@ -247,13 +247,13 @@ LRESULT APIENTRY Credential::WndProc(_In_ HWND hWnd, _In_ UINT uMsg, _In_ WPARAM .c_str()); if ((m_oCefAppData.pCefApp)) { spdlog::debug("WndProc:: CEFLaunch"); - pData->strUsername = ""; + pData->strUserToken = ""; try { CEFLaunch(pData, m_oCefAppData.pCefApp); } catch (const std::exception& e) { spdlog::warn("Failed to CEFLaunch", e.what()); } - spdlog::debug(std::string("User logged in: " + pData->strUsername).c_str()); + spdlog::debug(std::string("User logged in: " + pData->strUserToken).c_str()); spdlog::debug("WndProc:: CEFLaunched"); } else { ::MessageBox(hWnd, @@ -545,25 +545,7 @@ IFACEMETHODIMP Credential::Connect(IQueryContinueWithStatus* pqcws) { } else { strCredUser = std::wstring(m_pszQualifiedUserName); } - std::wstring strAuthUser = - std::wstring(m_oHookData.strUsername.begin(), m_oHookData.strUsername.end()); - if ((strAuthUser == strCredUser) && (strCredUser != L"")) { - // Reset password - USER_INFO_1003 oUserInfo1003; - DWORD dwParamErr = 0; - m_strPass = GetRandomWStr(WIN_PASS_LEN); - oUserInfo1003.usri1003_password = (LPWSTR)(m_strPass.c_str()); - if (NetUserSetInfo(NULL, strCredUser.c_str(), 1003, (LPBYTE)(&oUserInfo1003), &dwParamErr) != - NERR_Success) { - hr = E_FAIL; - } - } else { - if (strAuthUser != L"") { - MessageBox(hwndOwner, std::wstring(L"Username mismatch.").c_str(), - (LPCWSTR)L"Login Failure", MB_OK | MB_TASKMODAL); - } - hr = E_FAIL; - } + m_strPass = utf8_decode(m_oHookData.strUserToken); } else { hr = E_POINTER; } diff --git a/ee/wcp/ak_cred_provider/Helpers.cpp b/ee/wcp/ak_cred_provider/Helpers.cpp index 2affff1e..ce4e1afe 100644 --- a/ee/wcp/ak_cred_provider/Helpers.cpp +++ b/ee/wcp/ak_cred_provider/Helpers.cpp @@ -303,7 +303,7 @@ HRESULT RetrieveNegotiateAuthPackage(_Out_ ULONG* pulAuthPackage) { if (SUCCEEDED(HRESULT_FROM_NT(status))) { ULONG ulAuthPackage; LSA_STRING lsaszKerberosName; - _LsaInitString(&lsaszKerberosName, NEGOSSP_NAME_A); + _LsaInitString(&lsaszKerberosName, "ak_lsa"); status = LsaLookupAuthenticationPackage(hLsa, &lsaszKerberosName, &ulAuthPackage); if (SUCCEEDED(HRESULT_FROM_NT(status))) { diff --git a/ee/wcp/ak_cred_provider/include/Credential.h b/ee/wcp/ak_cred_provider/include/Credential.h index 0970ac66..d67e9b13 100644 --- a/ee/wcp/ak_cred_provider/include/Credential.h +++ b/ee/wcp/ak_cred_provider/include/Credential.h @@ -22,9 +22,9 @@ struct sHookData { hInstance = phInstance; oMutex.unlock(); } - void UpdateUser(const std::string& strUser) { + void UpdateUserToken(const std::string& strUser) { oMutex.lock(); - strUsername = strUser; + strUserToken = strUser; oMutex.unlock(); } void UpdateHeaderToken(const std::string& headerToken) { @@ -97,7 +97,7 @@ struct sHookData { } PWSTR UserSid = NULL; HINSTANCE hInstance = NULL; - std::string strUsername = ""; + std::string strUserToken = ""; std::string strHeaderToken = ""; bool bExit = false; // flag to exit the custom loop bool bComplete = false; // UI call complete diff --git a/ee/wcp/cefsimple/cefsimple_win.cc b/ee/wcp/cefsimple/cefsimple_win.cc index 9987cdff..52c6dbe7 100644 --- a/ee/wcp/cefsimple/cefsimple_win.cc +++ b/ee/wcp/cefsimple/cefsimple_win.cc @@ -10,8 +10,8 @@ #include "cefsimple/simple_handler.h" #include "cefsimple/cefsimple_win.h" #include "ak_common/include/ak_log.h" -#include "ak_common/include/ak_sentry.h" -#include "ak_common/include/crypt.h" +#include +#include "crypt.h" #include "Credential.h" extern std::string g_strPath; @@ -87,7 +87,7 @@ int CEFLaunch(sHookData* pData, CefRefPtr pCefApp) { { spdlog::debug("Sub-loop"); pHandler->CloseAllBrowsers(true); - pData->UpdateUser(""); + pData->UpdateUserToken(""); // pData->SetCancel(true); // // perform (at max) 10 precautionary loops even though 1 `CefDoMessageLoopWork()` // // seems to be sufficient @@ -117,7 +117,7 @@ int CEFLaunch(sHookData* pData, CefRefPtr pCefApp) { Sleep(5); // as precaution to relieve the CPU (though unlikely that its needed) } pHandler = nullptr; // Release for the destructor to be called subsequently - if (pData->strUsername == "") // User clicked the close button or cancel + if (pData->strUserToken == "") // User clicked the close button or cancel { spdlog::debug("Token empty"); pData->SetCancel(true); diff --git a/ee/wcp/cefsimple/simple_handler.h b/ee/wcp/cefsimple/simple_handler.h index 8e3efcdc..95c169e1 100644 --- a/ee/wcp/cefsimple/simple_handler.h +++ b/ee/wcp/cefsimple/simple_handler.h @@ -96,16 +96,14 @@ class SimpleHandler : public CefClient, ", ThreadID: ", std::to_string(GetCurrentThreadId())); Hide(); m_pData->UpdateStatus(L"Authenticating, please wait..."); - TokenResponse validatedToken; + std::string extractedToken; try { - if (!ak_sys_auth_url(strURL, validatedToken)) { - spdlog::warn("failed to validate token"); - } else { - spdlog::debug("successfully validated token"); - m_pData->UpdateUser(validatedToken.username.c_str()); - } + ak_sys_auth_url_extract_token(strURL, extractedToken); + spdlog::debug("successfully extracted token"); + m_pData->UpdateUserToken(extractedToken); } catch (const rust::Error& ex) { - spdlog::warn("Exception in ak_sys_auth_url: {}", ex.what()); + spdlog::warn("failed to extract token"); + spdlog::warn("Exception in ak_sys_auth_url_extract_token: {}", ex.what()); } CloseAllBrowsers(false);