RE: Basics of Implementing a new authentication provider
- From: Mounir IDRASSI <moonidra@xxxxxxxxxxxxxxxxx>
- Date: Fri, 13 Jun 2008 16:46:01 -0700
Hi Chris,
I have implemented a small stub authentication package ( "idxauth" )like you
and it's loaded by LSA wthout any problem. Like you, I have put the dll
"idxauth.dll" in System32 and I added the name of the dll ("idxauth" without
the the extension) to the registry value "Authentication Packages" AFTER
msv1_0 . I have done this test under Windows XP SP2.
You can download my Visual C++ 2005 solution from the following link :
http://www.idrix.fr/Root/Samples/AuthenticationPackage.zip
Maybe if you put your dll after msv1_0 like me it will work.
Let me know if you the same problem using my source.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
to reach : mounir_idrix_fr (replace the underscores with the at and dot
characters respectively)
"Chris Smith" wrote:
Hi,.
I'm having an inordinate number of problems just trying to replace the
Windows authentication process. It's been a number of years since I've
done Windows development, so maybe I'm missing something obvious.
As a minimal first step, I'm looking at replacing authentication with one
that ignores the password, picks a random number, and has a 50% chance of
either failing or succeeding. Here's what I'm doing:
1. I'm building a DLL that implements all of the functions at
http://msdn.microsoft.com/en-us/library/aa374731
(VS.85).aspx#functions_implemented_by_authentication_packages
(sorry the URL is wrapping).
The LsaApInitialize function looks like this:
extern "C"
TESTLOGIN_API NTSTATUS LsaApInitializePackage(
__in ULONG AuthenticationPackageId,
__in PLSA_DISPATCH_TABLE LsaDispatchTable,
__in_opt PLSA_STRING Database,
__in_opt PLSA_STRING Confidentiality,
__out PLSA_STRING* AuthenticationPackageName
)
{
srand(time(NULL));
PLSA_STRING name = NULL;
dispatch = LsaDispatchTable;
/* Allocate and set the name of the authentication package. */
if (!(name = (LSA_STRING *)
dispatch->AllocateLsaHeap (sizeof *name)))
{
return STATUS_NO_MEMORY;
}
if (!(name->Buffer = (char *) dispatch->AllocateLsaHeap(
sizeof (TESTLOGIN_PKG_NAME) + 1)))
{
dispatch->FreeLsaHeap(name);
return STATUS_NO_MEMORY;
}
name->Length = sizeof(TESTLOGIN_PKG_NAME) - 1;
name->MaximumLength = sizeof(TESTLOGIN_PKG_NAME);
strcpy(name->Buffer, TESTLOGIN_PKG_NAME);
(*AuthenticationPackageName) = name;
return STATUS_SUCCESS;
}
The remaining functions are just stubbed out at the moment, but it
doesn't appear that I'm getting far enough for there to be any chance
they are called.
2. I'm taking the resulting DLL, and copying it into Windows\System32.
3. I'm adding the name of the DLL (I've tried with and without the
extension, and with and without a full path) to HKEY_LOCAL_SYSTEM\SYSTEM
\CurrentControlSet\Control\Lsa\Authentication Packages. I've added this
DLL first, though I don't know if that matters.
But then when I reboot the system, the login proceeds as normal. This
means that I always get in with the correct password, and never with the
incorrect one. I'd expect something to change, but it looks like Windows
is still using its own authentication.
So what am I missing here? Or alternatively, can anyone point me to a
set of publicly available sample code to do something like this?
Thanks,
--
Chris Smith
- Follow-Ups:
- Re: Basics of Implementing a new authentication provider
- From: Yannick
- Re: Basics of Implementing a new authentication provider
- References:
- Basics of Implementing a new authentication provider
- From: Chris Smith
- Basics of Implementing a new authentication provider
- Prev by Date: Authentication providers again
- Next by Date: How can I create a PFx certificate with specific keypair?
- Previous by thread: Basics of Implementing a new authentication provider
- Next by thread: Re: Basics of Implementing a new authentication provider
- Index(es):
Relevant Pages
|
Loading
