locked
Custom Authentication Package RRS feed

  • Question

  • Hi there friends.

    I am recently trying to write a custom authentication. And after reading these webpages:

    https://social.msdn.microsoft.com/Forums/windowsdesktop/en-US/d0c49142-58da-461b-a899-32b758e9889a/custom-authentication-package

    https://msdn.microsoft.com/en-us/library/windows/desktop/aa374731(v=vs.85).aspx#functions_implemented_by_authentication_packages

    I give it a try. And it worked fine when I tried to return a status indicating a wrong password, it worked fine that the ReportResults function in my Credential Provider got a STATUS_LOGON_FAILURE Status and a STATUS_SUCCESS Substatus as expected. However,  when I tried to let the user log into the system, I got an unknown error that my Credential Provider got a  Status other than STATUS_LOGON_FAILURE.(Seemingly STATUS_INVALID_OWNER), and it is not a value described in MSDN. So I wonder what happened and how I will be able to fix it.

    Many thanks!


    • Edited by 6ziv Friday, October 12, 2018 7:45 AM
    Friday, October 12, 2018 7:42 AM

All replies

  • And my code was here!

    NTSTATUS NTAPI
    LsaApLogonUserEx2(
    PLSA_CLIENT_REQUEST ClientRequest,
    SECURITY_LOGON_TYPE LogonType,
    PVOID ProtocolSubmitBuffer,
    PVOID ClientBufferBase,
    ULONG SubmitBufferSize,
    PVOID *ProfileBuffer,
    PULONG ProfileBufferSize,
    PLUID LogonId,
    PNTSTATUS SubStatus,
    PLSA_TOKEN_INFORMATION_TYPE TokenInformationType,
    PVOID *TokenInformation,
    PUNICODE_STRING *AccountName,
    PUNICODE_STRING *AuthenticatingAuthority,
    PUNICODE_STRING *MachineName,
    PSECPKG_PRIMARY_CRED PrimaryCredentials,
    PSECPKG_SUPPLEMENTAL_CRED_ARRAY *SupplementalCredentials
    ) {

        DispatchTable.AllocateClientBuffer(ClientRequest,32,ProfileBuffer);

    *ProfileBufferSize=32;
    AllocateLocallyUniqueId(LogonId);

    DispatchTable.CreateLogonSession(LogonId);

    *SubStatus=STATUS_SUCCESS;
    *TokenInformationType=LsaTokenInformationV1;

    _LSA_TOKEN_INFORMATION_V1 *tTokenInformation=reinterpret_cast<_LSA_TOKEN_INFORMATION_V1*>(DispatchTable.AllocateLsaHeap(sizeof(_LSA_TOKEN_INFORMATION_V1)));
    tTokenInformation->ExpirationTime.QuadPart=99999999999l;
    tTokenInformation->Privileges=reinterpret_cast<PTOKEN_PRIVILEGES>(DispatchTable.AllocateLsaHeap(sizeof(_TOKEN_PRIVILEGES)));
    tTokenInformation->Privileges->PrivilegeCount=1;
    LookupPrivilegeValue(NULL,"SeLockMemoryPrivilege",&tTokenInformation->Privileges->Privileges[0].Luid);
    tTokenInformation->Privileges->Privileges[0].Attributes=SE_PRIVILEGE_ENABLED_BY_DEFAULT;
    tTokenInformation->Owner.Owner=NULL;
    tTokenInformation->DefaultDacl.DefaultDacl=NULL;
    tTokenInformation->Groups=reinterpret_cast<PTOKEN_GROUPS>(DispatchTable.AllocateLsaHeap(sizeof(TOKEN_GROUPS)));
    tTokenInformation->Groups->GroupCount=0;

    LPUSER_INFO_23 pBuf = NULL;
        NET_API_STATUS nStatus = NetUserGetInfo(NULL,L"6ziv", 23, (LPBYTE *) & pBuf);

    tTokenInformation->User.User.Sid=pBuf->usri23_user_sid;
    SID_IDENTIFIER_AUTHORITY SIDAuth = SECURITY_NT_AUTHORITY;
    PSID tmp;
    AllocateAndInitializeSid(&SIDAuth,2,SECURITY_BUILTIN_DOMAIN_RID,DOMAIN_ALIAS_RID_ADMINS,0,0,0,0,0,0,&tTokenInformation->PrimaryGroup.PrimaryGroup);
    NetApiBufferFree(pBuf);
    *TokenInformation=tTokenInformation;
    *AccountName=reinterpret_cast<LSA_UNICODE_STRING*>(DispatchTable.AllocateLsaHeap(sizeof(LSA_UNICODE_STRING)));
    (*AccountName)->Length=4*sizeof(wchar_t);
    (*AccountName)->MaximumLength=64;
    (*AccountName)->Buffer=reinterpret_cast<PWSTR>(DispatchTable.AllocateLsaHeap(64));
    wcscpy((*AccountName)->Buffer,L"6ziv");
    *AuthenticatingAuthority=NULL;
    *MachineName=NULL;

        return STATUS_SUCCESS;

    And I outputed the return values of several functions and did not find the fault.

    Friday, October 12, 2018 8:08 AM
  • Alright I found that I can not use admin as the primary group. But Why?!

    And now I am getting RPC_NT_CALL_FAILED?!And what does that mean?

    Friday, October 12, 2018 10:38 AM