Re: WinLogon calling WlxWkstaLockedSAS and WlxLoggedOnSAS simultaneous

From: Eric Perlin [MS] (ericperl_at_online.microsoft.com)
Date: 01/10/05 

Date: Mon, 10 Jan 2005 11:50:51 -0800

As mentioned in other threads, WlxSasNotify wasn't meant to be called from
random threads.
I suggested to post private messages to the main thread (the UI thread) and
have that thread call WlxSasNotify.
Isn't the default smartcard monitoring from winlogon working for you?
Why do you have to do it yourself? 

-- 
Eric Perlin [MS]
This posting is provided "AS IS" with no warranties, and confers no rights.
---
"Marco van Nieuwenhoven" <MarcovanNieuwenhoven@discussions.microsoft.com>
wrote in message news:D19C8F29-C4EF-4152-83C6-3F7714F2AA86@microsoft.com...
> Hi all.
>
> I have made a Gina replacement module which is a full implementation for
all
> the commands based on  WLX_VERSION_1_0.
>
> I'll first describe what happens. Below that is the full story with
> implementation details.
>
> The result I am getting is the following. I insert a USB token and a get a
> call to WlxWkstaLockedSAS followed by WlxLoggedOnSAS when the
> WlxWkstaLockedSAS was not even finished. This should not happen at all.
The
> PC was in locked state and then I should only get WlxWkstaLockedSAS. The
> strange thing is that the WlxLoggedOnSAS already is called by WinLogon
before
> the WlxWkstaLockedSAS has returned.
>
> Here it is step by step:
> The job description was to have a logon based on an insertion of a USB
token
> (Rainbow iKey1000).
>
> >>>>>
> WinLogon calls DllMain(ProcesAttach) is called and stored the hWlx
>
> WinLogon calls WlxNegotiate is called and it detects version 1.4 which is
> Windows XP
> We set parameter 2 to WLX_VERSION_1_0 because this is the first
> implementation of these calls. The rest will follow.
>
> WinLogon calls WlxInitialize. Here I create a background hread which
> monitors insertion and removal of the iKey 1000. Every seconds it does a
> check for the presence. What exactly happens when an event occurs is
> described later.
>
> WinLogon calls WlxDisplaySASNotice. The dialog IDD_DLG_DISPLAYSASNOTICE
pops
> up and waits for a sas event. When then the USB token is inserted the
message
> WM_COMMAND,IDD_BUTTON_VIRTUAL_INSERT is sent to the dialog handle of
> IDD_DLG_DISPLAYSASNOTICE. This is captured by the DlgProc function. The
> DlgProc does
> EndDialog (IDD_BUTTON_VIRTUAL_INSERT)which is then returned as
dialogresult
> from WlxDialogBoxParam. Inside WlxDisplaySASNotice the function
> WlxSasNotify(WLX_SAS_TYPE_SC_INSERT) is called because WlxDisplaySASNotice
is
> a void function.
>
> WinLogon calls WlxLoggedOutSAS because is has received the
> WLX_SAS_TYPE_SC_INSERT notification. The dialog IDD_DLG_LOGGEDOUTSAS pops
up.
> After pressing OK the message IDD_BUTTON_OK is sent to the DlgProc
function.
> The DlgProc does LogonUser, on ok it sets the UserToken, does
> GetTokenInformation and sets the AuthenticationId, makes a TOKEN_GROUPS
> structure and sets it to the LogonSID. When credentials are all ok we
finaly
> return WLX_SAS_ACTION_LOGON.
>
> Still following me? I hope so.
>
> WinLogon calls WlxActivateUserShell and here we call
> %Windows%\System32\userinit.exe. Got userinit command from
> HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Don't
> forget to loose the comma).
>
> After this the desktop pops up ok. Now the USB token can be removed.
>
> The thread which detects the USB token removal calls
> WlxSasNotify(WLX_SAS_TYPE_SC_REMOVE).
>
> WinLogon calls WlxLoggedOnSAS which sees dwSasType ==
WLX_SAS_TYPE_SC_REMOVE
> then returns WLX_SAS_ACTION_LOCK_WKSTA.
>
> WinLogon calls WlxDisplayLockedNotice. The dialog
> IDD_DLG_DISPLAYLOCKEDNOTICE pops up and waits for a sas event.
>
> Insert the USB Token.
>
> The thread which detects the USB token insertion calls
> WlxSasNotify(WLX_SAS_TYPE_SC_INSERT).
>
> WinLogon calls WlxWkstaLockedSAS. The DlgProc gets a command WM_COMMAND
with
> lParam 1954.
>
> NOW IT HAPPENS!
>
> WinLogon calls WlxLoggedOnSAS even before WlxWkstaLockedSAS is finished.
> Huh? I thought that the machine was locked and I should not receive
> WlxLoggedOnSAS in this stage.
> <<<<<
>
> Oh yeah, I promised to tell about the thread. I got some global variables
> which remember all the dialog handles. When a dialog pops up the
> corresponding global is filled and on exit the global is cleared. When now
> the thread gets an event it looks if there is a dialog present. when so it
> does a global SendMessage (WM_COMMAND) with a specific event code. When
there
> is no dialog present it calls WlxSasNotify(WLX_SAS_TYPE_SC_?????).
>
>
> Has anyone have any idea? I am willing to share my full source code.
>