Windows Server 2003 GINA RRS feed

  • Question

  • I originally posted this question on the TechNet Window Server forum but it was suggested that this would be a better forum.

    I’m writing a version of GINA based on the code provided by Keith Brown (and I’m very grateful for his contribution) for use primarily for Windows Server 2003.  I’m using a checked build of the OS to get debug traces from Winlogon.

    To gain a better understanding of GINA I’ve modified GinaHook (which is a wrapper around MSGina) to trace Wlx functions calls and its arguments passed between MSGina and Winlogon.

    In my WlxGetConsoleSwitchCredentials function I copy the information required by the structure, “WLX_CONSOLESWITCH_CREDENTIALS_INFO_V1_0” from that returned by a call to LsaLogonUser. Embedded in WLX_CONSOLESWITCH_CREDENTIALS_INFO_V1_0 is effectively the structure MSV1_0_INTERACTIVE_PROFILE, however strings in MSV1_0_INTERACTIVE_PROFILE are declared as UNICODE_STRING whereas they are declared as PWSTR in the embedded WLX_CONSOLESWITCH_CREDENTIALS_INFO_V1_0 struct.  I suspect this is not really a problem, however, although they are declared as PWSTR, in the associated description they are described as UNICODE_STRING in the MSDN documentation – I suspect this might be a typo.

    Question 1: Is it safe to assume that the UNICODE_STRINGs returned by LsaLogonUser in the MSV1_0_INTERACTIVE_PROFILE struct are null terminated?

    Question2:  Can you please clarify the definition of ProfileLength in WLX_CONSOLESWITCH_CREDENTIALS_INFO_V1_0?  I have seen the ProfileLength set to the size of MSV1_0_INTERACTIVE_PROFILE, but this disregards the difference in how strings are declared and also ignores the two trailing data members in WLX_CONSOLESWITCH_CREDENTIALS_INFO_V1_0  – i.e. PrivateDataLen and PrivateData.  In the case of MSGINA the ProfileLength is set to 140 (dec) but it also has a PrivateDataLen of 16 bytes.  From the MSGINA value I have not been able to calculate what is included in the user’s profile. 

    I have noticed some differences between my GINA and MSGINA under the following scenario:

    1.  Boot Windows Server 2003 and logon from the console (session 0)

    2. Logon using Remote Desktop (session 1)

    3. From session 1 switch/connect to the user on the console (the console is running session 2 after the switch)

    4.  Log off the user from the remote console session

    5.  Re-logon from the console.


    Question 3: After I enter my credentials from the console in step 5 I can see a call to WlxGetConsoleSwitchCredentials.  After this point the WlxDialogBoxParam dialog box running in the remote console session is closed by WinLogon.  In the case of MSGINA the dialog box is closed with a return value of 118 and in my GINA is closed with a return value of WLX_DLG_SAS (101). It also appears that the value returned by MSGINA is undefined in WinWlx.   I was planning to use this return value by the dialog box to trigger a return value for WlxLoggedOutSAS of WLX_SAS_ACTION_SWITCH_CONSOLE (17). In the process of trying to identify any differences between MSGINA and my GINA that might cause this I noticed something a little unusual.


    Question 4: After I log off from the remote console in step 4 and after the WlxLogoff call from Winlogon on remote console thread there is a WlxRemoveStatusMessage call on the same thread (nothing unusual so far).  While MSGINA is processing the WlxRemoveStatusMessage function there is a WlxDisconnectNotify function call on the same thread.  For this to happen in my GINA I need to return control back to Winlogon within my WlxRemoveStatusMessage function but I’m not sure how to do this.   I do see the WlxDisconnectNotify function call but it occurs later, after the creation of the WlxDialogBoxParam in the WlXloggedOutSAS of the remote console session as this is the first time control is given back to WinLogon.


    Ross Clemens
    Friday, October 7, 2011 4:12 AM