Re: KERB_SMART_CARD_LOGON
- From: Mats Pettersson <MatsPettersson@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 13 Jun 2007 23:26:00 -0700
Thanks for the reply Dave, but this requires Vista and that is not an option
for me.
"DaveMo" wrote:
On Jun 11, 5:14 am, Mats Pettersson.
<MatsPetters...@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote:
Thanks for the replys, but this information wont help me with the solution.
The big question is: what is the format of the marshalled data?
"DaveMo" wrote:
On Jun 10, 5:04 am, "Jan Spooren" <jspoo...@xxxxxxxxxxxxx> wrote:
Hi Dave,
Did you find any information on this?
I tried this a while ago as well, using some sort of badly documented
format
information for the CspData field that came up when I googled for
KERB_SMART_CARD_LOGON and LsaLogonUser, but I always got
STATUS_INVALID_PARAMETER (0xc000000d). (Though I did get LsaLogonUser to
work with the MSV1_0_INTERACTIVE_LOGON structure for username + password)
Did you have any more luck?
Cheers,
Jan.
According to MS, this data is CSP specific which is why they don't
document it. Does your SC come with it's own CSP? If so, you should be
able to get the information you need from the SC vendor.
I think this is incorrect Dave. As far as I know this field is used to pass
the smart card reader name, CSP name etc to LSA. This is therefore not CSP
dependant. Besides, the CSP never receives this information.
I don't think BTW, that I will be able to get this information from myself
or my coworkers, as you suggested. <grin>
Jan.
I did receive this tidbit of information. Hope it helps:
"It was a PIN + some marshalled data representing the certificate on
the smartcard.
The marshaled data was uniquely tied to the CSP being used, and was
mainly used to ensure session correctness in terminal services - e.g.
finding the remote card reader tied to MSTSC."
Dave- Hide quoted text -
- Show quoted text -
This just in!
Hope it helps.
Dave
------------------- Begin content from Microsoft source
----------------------
The following should be posted on MSDN but the link is broken. You can
use this. It is public.
KERB_SMARTCARD_CSP_INFO
The KERB_SMARTCARD_CSP_INFO structure contains information about a
smart card cryptographic service provider (CSP).
This structure is not declared in a public header.
typedef struct _KERB_SMARTCARD_CSP_INFO {
DWORD dwCspInfoLen;
DWORD MessageType;
union {
PVOID ContextInformation;
ULONG64 SpaceHolderForWow64;
};
DWORD flags;
DWORD KeySpec;
ULONG nCardNameOffset;
ULONG nReaderNameOffset;
ULONG nContainerNameOffset;
ULONG nCSPNameOffset;
TCHAR bBuffer;
} KERB_SMARTCARD_CSP_INFO,
*PKERB_SMARTCARD_CSP_INFO;
Members
dwCspInfoLen
The size, in bytes, of this structure, including any appended data.
MessageType
The type of message being passed. This member must be set to 1.
ContextInformation
Reserved.
SpaceHolderForWow64
Reserved.
flags
Reserved.
KeySpec
The private key to use from the key container specified within the
buffer bBuffer. The key can be one of the following values, defined in
WinCrypt.h.
Value
Meaning
AT_KEYEXCHANGE
1
The key is a key-exchange key.
AT_SIGNATURE
2
The key is a signature key.
nCardNameOffset
The number of characters in the bBuffer buffer that precede the name
of the smart card in that buffer. If this member is 0, no smart card
name is provided.
nReaderNameOffset
The number of characters in the bBuffer buffer that precede the name
of the smart card reader in that buffer. If this member is 0, no smart
card reader name is provided.
nContainerNameOffset
The number of characters in the bBuffer buffer that precede the name
of the key container in that buffer.
nCSPNameOffset
The number of characters in the bBuffer buffer that precede the name
of the CSP in that buffer.
bBuffer
An array of characters initialized to a length of sizeof(DWORD). This
buffer contains the names referred to by the nCardNameOffset,
nReaderNameOffset, nContainerNameOffset, and nCSPNameOffset members,
as well as any additional data provided by the CSP.
Remarks
When this structure is serialized, the structure members must be
aligned to boundaries that are multiples of 2 bytes.
Requirements
Client
Requires Windows Vista.
Server
Requires Windows Server "Longhorn".
KERB_CERTIFICATE_LOGON
[This documentation is preliminary and is subject to change.]
The KERB_CERTIFICATE_LOGON structure contains information about a
smart card logon session.
It is passed as the AuthenticationInformation parameter to the
LsaLogonUser function when using the Kerberos security package to
perform an interactive smart card logon.
typedef struct _KERB_CERTIFICATE_LOGON {
KERB_LOGON_SUBMIT_TYPE MessageType;
UNICODE_STRING DomainName;
UNICODE_STRING UserName;
UNICODE_STRING Pin;
ULONG Flags;
ULONG CspDataLength;
PUCHAR CspData;
} KERB_CERTIFICATE_LOGON,
*PKERB_CERTIFICATE_LOGON;
Members
MessageType
A member of the KERB_LOGON_SUBMIT_TYPE enumeration that indicates how
this structure is used. This can be one of the following values.
Value
Meaning
KerbCertificateLogon
13
This structure is passed as the AuthenticationInformation parameter
to the LsaLogonUser function to perform an interactive smart card
logon.
KerbCertificateUnlockLogon
15
This structure is used as the Logon member of a
KERB_CERTIFICATE_UNLOCK_LOGON structure.
DomainName
The domain name of the user to authenticate. The value of this member
can be NULL. If the value of this member is not NULL, LsaLogonUser
uses the value of this member to locate the Key Distribution Center.
If the value of this member is NULL, LsaLogonUser attempts to
authenticate against the domain to which the computer is joined.
UserName
The user name of the user to authenticate. The value of this member
can be NULL. If the value of this member is not NULL, LsaLogonUser
uses the value of this member to locate the user account to
authenticate.
Pin
The PIN to use to authenticate the user. The Length member of this
structure does not include the terminating null character of the PIN.
Flags
Specifies optional flags that control the behavior of the
authentication. The following value is defined.
Value
Meaning
KERB_CERTIFICATE_LOGON_FLAG_CHECK_DUPLICATES
0x1
The KDC checks the certificate for multiple account mappings.
CspDataLength
The length, in characters, of the CspData member.
CspData
A pointer to a KERB_SMARTCARD_CSP_INFO structure that contains
information about the smart card cryptographic service provider
(CSP).
Remarks
This structure, along with the data pointed to by the DomainName,
UserName, Pin, and CspData members, are contained in a single block of
contiguous memory. When serializing this structure, the offsets
specified by each of these members must be multiples of two.
Requirements
Client
Requires Windows Vista.
Server
Requires Windows Server "Longhorn".
Header
Declared in Kerberos.h
- References:
- Re: KERB_SMART_CARD_LOGON
- From: Jan Spooren
- Re: KERB_SMART_CARD_LOGON
- From: DaveMo
- Re: KERB_SMART_CARD_LOGON
- From: Jan Spooren
- Re: KERB_SMART_CARD_LOGON
- From: DaveMo
- Re: KERB_SMART_CARD_LOGON
- From: DaveMo
- Re: KERB_SMART_CARD_LOGON
- Prev by Date: Thanks Eric, Please tell about 64 bit Credential Provider or VS 2005 VC++ Settings for Vista 64???
- Next by Date: LoadUserProfile failing
- Previous by thread: Re: KERB_SMART_CARD_LOGON
- Next by thread: Writing a credential provider
- Index(es):
Relevant Pages
|
