Re: WinLogon calling WlxWkstaLockedSAS and WlxLoggedOnSAS simultan

From: Marco van Nieuwenhoven (Nieuwenhoven_at_discussions.microsoft.com)
Date: 01/10/05 

Date: Mon, 10 Jan 2005 13:21:03 -0800

Hi Eric,

Thanks for the reply. The answer you gave me I already found in the weekend
so I already did the following adjusment: (with the same result as described
in my original message)

First let me answer the last question. I have choosen not to pick the
standard SmartCard implementation because the types of USB Tokens can differ.
This is depending on the type of security needed for the specific user. A
high level user must use a smartcard but a standard user can use another type
of USB device like a USB memory stick.

I created a window called CommandHelper inside WlxInitialize.
When inside the thread I detect a USB token insert I do the following:
A: when there is a Gina Dialog active I do SendMessage(hDlg, WM_COMMAND,
VIRTUAL_INSERT) to the active dialog (hDlg)
B: When there is no Gina window present I send the message to the
CommandHelper window.

I created the CommandHelper the following way:
>>>>>
        g_pgContext = pgContext;
        g_hGinaCommandHelperWnd = CreateDialog(
                (HINSTANCE)pgContext->hDllInstance,
                MAKEINTRESOURCE(IDD_DLG_COMMANDHELPER),
                NULL,
                (DLGPROC)CommandHelper_DlgProc);
        ShowWindow(g_hGinaCommandHelperWnd, SW_HIDE);
<<<<<

Inside the CommandHelper_DlgProc I pick up the WM_COMMAND,VIRTUAL_INSERT and
from there call WlxSasNotify. I think this should implement the way you
already sggested before.

If you prefer I can send a zipfile with the complete project.

Best regards,
Marco.

Of yeah, I forgot to use my logon account from my MSDN Universal subscription.

"Eric Perlin [MS]" wrote:
> As mentioned in other threads, WlxSasNotify wasn't meant to be called from
> random threads.
> I suggested to post private messages to the main thread (the UI thread) and
> have that thread call WlxSasNotify.
> Isn't the default smartcard monitoring from winlogon working for you?
> Why do you have to do it yourself?
> --
> Eric Perlin [MS]
> This posting is provided "AS IS" with no warranties, and confers no rights.
> ---
>
> "Marco van Nieuwenhoven" <MarcovanNieuwenhoven@discussions.microsoft.com>
> wrote in message news:D19C8F29-C4EF-4152-83C6-3F7714F2AA86@microsoft.com...
> > Hi all.
> >
> > I have made a Gina replacement module which is a full implementation for
> all
> > the commands based on WLX_VERSION_1_0.
> >
> > I'll first describe what happens. Below that is the full story with
> > implementation details.
> >
> > The result I am getting is the following. I insert a USB token and a get a
> > call to WlxWkstaLockedSAS followed by WlxLoggedOnSAS when the
> > WlxWkstaLockedSAS was not even finished. This should not happen at all.
> The
> > PC was in locked state and then I should only get WlxWkstaLockedSAS. The
> > strange thing is that the WlxLoggedOnSAS already is called by WinLogon
> before
> > the WlxWkstaLockedSAS has returned.
> >
> > Here it is step by step:
> > The job description was to have a logon based on an insertion of a USB
> token
> > (Rainbow iKey1000).
> >
> > >>>>>
> > WinLogon calls DllMain(ProcesAttach) is called and stored the hWlx
> >
> > WinLogon calls WlxNegotiate is called and it detects version 1.4 which is
> > Windows XP
> > We set parameter 2 to WLX_VERSION_1_0 because this is the first
> > implementation of these calls. The rest will follow.
> >
> > WinLogon calls WlxInitialize. Here I create a background hread which
> > monitors insertion and removal of the iKey 1000. Every seconds it does a
> > check for the presence. What exactly happens when an event occurs is
> > described later.
> >
> > WinLogon calls WlxDisplaySASNotice. The dialog IDD_DLG_DISPLAYSASNOTICE
> pops
> > up and waits for a sas event. When then the USB token is inserted the
> message
> > WM_COMMAND,IDD_BUTTON_VIRTUAL_INSERT is sent to the dialog handle of
> > IDD_DLG_DISPLAYSASNOTICE. This is captured by the DlgProc function. The
> > DlgProc does
> > EndDialog (IDD_BUTTON_VIRTUAL_INSERT)which is then returned as
> dialogresult
> > from WlxDialogBoxParam. Inside WlxDisplaySASNotice the function
> > WlxSasNotify(WLX_SAS_TYPE_SC_INSERT) is called because WlxDisplaySASNotice
> is
> > a void function.
> >
> > WinLogon calls WlxLoggedOutSAS because is has received the
> > WLX_SAS_TYPE_SC_INSERT notification. The dialog IDD_DLG_LOGGEDOUTSAS pops
> up.
> > After pressing OK the message IDD_BUTTON_OK is sent to the DlgProc
> function.
> > The DlgProc does LogonUser, on ok it sets the UserToken, does
> > GetTokenInformation and sets the AuthenticationId, makes a TOKEN_GROUPS
> > structure and sets it to the LogonSID. When credentials are all ok we
> finaly
> > return WLX_SAS_ACTION_LOGON.
> >
> > Still following me? I hope so.
> >
> > WinLogon calls WlxActivateUserShell and here we call
> > %Windows%\System32\userinit.exe. Got userinit command from
> > HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Don't
> > forget to loose the comma).
> >
> > After this the desktop pops up ok. Now the USB token can be removed.
> >
> > The thread which detects the USB token removal calls
> > WlxSasNotify(WLX_SAS_TYPE_SC_REMOVE).
> >
> > WinLogon calls WlxLoggedOnSAS which sees dwSasType ==
> WLX_SAS_TYPE_SC_REMOVE
> > then returns WLX_SAS_ACTION_LOCK_WKSTA.
> >
> > WinLogon calls WlxDisplayLockedNotice. The dialog
> > IDD_DLG_DISPLAYLOCKEDNOTICE pops up and waits for a sas event.
> >
> > Insert the USB Token.
> >
> > The thread which detects the USB token insertion calls
> > WlxSasNotify(WLX_SAS_TYPE_SC_INSERT).
> >
> > WinLogon calls WlxWkstaLockedSAS. The DlgProc gets a command WM_COMMAND
> with
> > lParam 1954.
> >
> > NOW IT HAPPENS!
> >
> > WinLogon calls WlxLoggedOnSAS even before WlxWkstaLockedSAS is finished.
> > Huh? I thought that the machine was locked and I should not receive
> > WlxLoggedOnSAS in this stage.
> > <<<<<
> >
> > Oh yeah, I promised to tell about the thread. I got some global variables
> > which remember all the dialog handles. When a dialog pops up the
> > corresponding global is filled and on exit the global is cleared. When now
> > the thread gets an event it looks if there is a dialog present. when so it
> > does a global SendMessage (WM_COMMAND) with a specific event code. When
> there
> > is no dialog present it calls WlxSasNotify(WLX_SAS_TYPE_SC_?????).
> >
> >
> > Has anyone have any idea? I am willing to share my full source code.
> >
>
>
>