ee/wcp: switch to using LSA

Author: BeryJu

ee/wcp/ak_cred_provider/Credential.cpp

@@ -247,13 +247,13 @@ LRESULT APIENTRY Credential::WndProc(_In_ HWND hWnd, _In_ UINT uMsg, _In_ WPARAM
                           .c_str());
         if ((m_oCefAppData.pCefApp)) {
           spdlog::debug("WndProc:: CEFLaunch");
-          pData->strUsername = "";
+          pData->strUserToken = "";
           try {
             CEFLaunch(pData, m_oCefAppData.pCefApp);
           } catch (const std::exception& e) {
             spdlog::warn("Failed to CEFLaunch", e.what());
           }
-          spdlog::debug(std::string("User logged in: " + pData->strUsername).c_str());
+          spdlog::debug(std::string("User logged in: " + pData->strUserToken).c_str());
           spdlog::debug("WndProc:: CEFLaunched");
         } else {
           ::MessageBox(hWnd,
@@ -545,25 +545,7 @@ IFACEMETHODIMP Credential::Connect(IQueryContinueWithStatus* pqcws) {
     } else {
       strCredUser = std::wstring(m_pszQualifiedUserName);
     }
-    std::wstring strAuthUser =
-        std::wstring(m_oHookData.strUsername.begin(), m_oHookData.strUsername.end());
-    if ((strAuthUser == strCredUser) && (strCredUser != L"")) {
-      // Reset password
-      USER_INFO_1003 oUserInfo1003;
-      DWORD dwParamErr = 0;
-      m_strPass = GetRandomWStr(WIN_PASS_LEN);
-      oUserInfo1003.usri1003_password = (LPWSTR)(m_strPass.c_str());
-      if (NetUserSetInfo(NULL, strCredUser.c_str(), 1003, (LPBYTE)(&oUserInfo1003), &dwParamErr) !=
-          NERR_Success) {
-        hr = E_FAIL;
-      }
-    } else {
-      if (strAuthUser != L"") {
-        MessageBox(hwndOwner, std::wstring(L"Username mismatch.").c_str(),
-                   (LPCWSTR)L"Login Failure", MB_OK | MB_TASKMODAL);
-      }
-      hr = E_FAIL;
-    }
+    m_strPass = utf8_decode(m_oHookData.strUserToken);
   } else {
     hr = E_POINTER;
   }

ee/wcp/ak_cred_provider/Helpers.cpp

@@ -303,7 +303,7 @@ HRESULT RetrieveNegotiateAuthPackage(_Out_ ULONG* pulAuthPackage) {
   if (SUCCEEDED(HRESULT_FROM_NT(status))) {
     ULONG ulAuthPackage;
     LSA_STRING lsaszKerberosName;
-    _LsaInitString(&lsaszKerberosName, NEGOSSP_NAME_A);
+    _LsaInitString(&lsaszKerberosName, "ak_lsa");
 
     status = LsaLookupAuthenticationPackage(hLsa, &lsaszKerberosName, &ulAuthPackage);
     if (SUCCEEDED(HRESULT_FROM_NT(status))) {

ee/wcp/ak_cred_provider/include/Credential.h

@@ -22,9 +22,9 @@ struct sHookData {
     hInstance = phInstance;
     oMutex.unlock();
   }
-  void UpdateUser(const std::string& strUser) {
+  void UpdateUserToken(const std::string& strUser) {
     oMutex.lock();
-    strUsername = strUser;
+    strUserToken = strUser;
     oMutex.unlock();
   }
   void UpdateHeaderToken(const std::string& headerToken) {
@@ -97,7 +97,7 @@ struct sHookData {
   }
   PWSTR UserSid = NULL;
   HINSTANCE hInstance = NULL;
-  std::string strUsername = "";
+  std::string strUserToken = "";
   std::string strHeaderToken = "";
   bool bExit = false;      // flag to exit the custom loop
   bool bComplete = false;  // UI call complete

ee/wcp/cefsimple/cefsimple_win.cc

@@ -10,8 +10,8 @@
 #include "cefsimple/simple_handler.h"
 #include "cefsimple/cefsimple_win.h"
 #include "ak_common/include/ak_log.h"
-#include "ak_common/include/ak_sentry.h"
-#include "ak_common/include/crypt.h"
+#include <ak_common/include/ak_sentry.h>
+#include "crypt.h"
 #include "Credential.h"
 
 extern std::string g_strPath;
@@ -87,7 +87,7 @@ int CEFLaunch(sHookData* pData, CefRefPtr<SimpleApp> pCefApp) {
     {
       spdlog::debug("Sub-loop");
       pHandler->CloseAllBrowsers(true);
-      pData->UpdateUser("");
+      pData->UpdateUserToken("");
       // pData->SetCancel(true);
       // // perform (at max) 10 precautionary loops even though 1 `CefDoMessageLoopWork()`
       // // seems to be sufficient
@@ -117,7 +117,7 @@ int CEFLaunch(sHookData* pData, CefRefPtr<SimpleApp> pCefApp) {
     Sleep(5); // as precaution to relieve the CPU (though unlikely that its needed)
   }
   pHandler = nullptr; // Release for the destructor to be called subsequently
-  if (pData->strUsername == "")  // User clicked the close button or cancel
+  if (pData->strUserToken == "")  // User clicked the close button or cancel
   {
     spdlog::debug("Token empty");
     pData->SetCancel(true);

ee/wcp/cefsimple/simple_handler.h

@@ -96,16 +96,14 @@ class SimpleHandler : public CefClient,
                       ", ThreadID: ", std::to_string(GetCurrentThreadId()));
         Hide();
         m_pData->UpdateStatus(L"Authenticating, please wait...");
-        TokenResponse validatedToken;
+        std::string extractedToken;
         try {
-          if (!ak_sys_auth_url(strURL, validatedToken)) {
-            spdlog::warn("failed to validate token");
-          } else {
-            spdlog::debug("successfully validated token");
-            m_pData->UpdateUser(validatedToken.username.c_str());
-          }
+          ak_sys_auth_url_extract_token(strURL, extractedToken);
+          spdlog::debug("successfully extracted token");
+          m_pData->UpdateUserToken(extractedToken);
         } catch (const rust::Error& ex) {
-          spdlog::warn("Exception in ak_sys_auth_url: {}", ex.what());
+          spdlog::warn("failed to extract token");
+          spdlog::warn("Exception in ak_sys_auth_url_extract_token: {}", ex.what());
         }
         CloseAllBrowsers(false);