locked
GINA RRS feed

  • Question

  • Hi guys,

    How can I use GINA in Windows XP so that after a user enters in all their credentials and Windows decides it all valid then it runs through my C++ application (packaged to an exe) and then based on that either turns off the machine or lets it continue to load.

     

    many thanks in advance.

    • Moved by lucy-liu Friday, April 1, 2011 2:58 AM it is not related c++ (From:Visual C++ General)
    Wednesday, March 30, 2011 1:58 PM

All replies

  • Nope, needs to be GINA (or similar). Do not want a third party thing like TrueCrypt going on.
    Wednesday, March 30, 2011 11:16 PM
  • Hi Aussie,

    I am moving this thread from ”Visual C++ General" forum to “Security for Applications in Microsoft Windowsforum. Since the issue is related to Security for Applications. There are more experts in the “Security for Applications in Microsoft Windowsforum.

    Thank you for your understanding!

     

    Best regards,

    Lucy


    Lucy Liu [MSFT]
    MSDN Community Support | Feedback to us
    Get or Request Code Sample from Microsoft
    Please remember to mark the replies as answers if they help and unmark them if they provide no help.

    Friday, April 1, 2011 2:57 AM
  • Okay, maybe someone there can help me. Cheers
    Friday, April 1, 2011 12:40 PM
  • Hi,

    You can implement your requirement by using a Gina hook dll where the entry point WlxLoggedOutSAS will call the original one from msgina.dll and if it returns WLX_SAS_ACTION_LOGON then you will run your application : if this application allows you to continue, simply return WLX_SAS_ACTION_LOGON, otherwise return WLX_SAS_ACTION_SHUTDOWN.

    I have written a small Gina hook that implement this strategy by using a Message Box instead of the C++ application for getting the permission to continue or shutdown.
    You can download the full source code with Visual Studio 2008 project file from the following link : http://www.idrix.fr/Root/Samples/GinaWithShutdown.zip

    I hope this will help.
    Cheers,
    --
    Mounir IDRASSI
    IDRIX
    http://www.idrix.fr


    Mounir IDRASSI IDRIX http://www.idrix.fr
    • Proposed as answer by Mounir IDRASSI Wednesday, April 20, 2011 3:23 PM
    Tuesday, April 19, 2011 5:02 AM
  • Thanks for this,

    Just one question:

    Which bit of the code can I modify to check the current user against a REGKEY?

    Cheers


    Friday, May 13, 2011 2:50 AM
  • I have done this http://www.rohos.com/gina-authentication-module.htm for you code and nothing happens
    Friday, May 13, 2011 3:30 AM
  • Now I have rebooted the PC and I get the following error on startup:

    "User Interface Failure"

    "The Logon User Interface DLL GinaWithShutdow.dll failed to load."

    "Contact your system administrator to replace the DLL, or restore the original DLL."

    any ideas why?

    Friday, May 13, 2011 3:35 AM
  • Hi Aussie,

    Concerning the error you are getting, it is certainly due to the fact that the DEBUG configuration of the project I posted on my web site is using the dynamic C runtime (MDd) which links the dll to the CRT dlls. Apparently, your XP machine lacks the correct VC++ runtime component.

    To solve your problem, change the DEBUG configuration in order to use the static C runtime (MTd). The RELEASE configuration is already using it (MT).

    Of couse, this supposes that you don't have a PATH problem and that Winlogon can find the gina dll. Usually, we put a Gina dll in "c:\Windows\System32".

    In your other question, you were asking how to check the current user. You can do this inside the function WlxLoggedOutSAS by using the parameter pMprNotifyInfo of type PWLX_MPR_NOTIFY_INFO: it contains the fields pszUserName and pszDomain that will give you the identification of the currently logged on user.

    I hope this will help.
    Cheers,
    --
    Mounir IDRASSI
    IDRIX
    http://www.idrix.fr

    • Edited by Mounir IDRASSI Saturday, May 14, 2011 12:24 PM correct formatting
    Saturday, May 14, 2011 12:19 PM
  • I managed to set the path correctly (so must be the runtime component), thanks for the advice, no XP at home so will give it a shot on Monday.

    Thanks so much.

    I maybe should have reworded my above post, it needs to check the user against a REGKEY and log them out automatically if they are not in that REGKEY.
    Saturday, May 14, 2011 3:28 PM
  • Hi,

    First, there was a problem in the DEBUG configuration of the original project I posted on my website (missing def file) that made the output dll unusable since it didn't export any symbols. The RELEASE configuration was OK. I have corrected since then the project file.

    Concerning you need, I have updated the implementation of my sample (http://www.idrix.fr/Root/Samples/GinaWithShutdown.zip) in order to check the user against a registry key in order to allow it to log on or not : Under "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon", a REG_SZ value named "AllowedUserName" should hold the value of the user name allowed to log onto the station. Its format is "name@domain" or simply "name" for local users.

    In my sample, I shutdown the system if a non authorized user tries to login. If you only want to log him off, then you simply change WLX_SAS_ACTION_SHUTDOWN by WLX_SAS_ACTION_LOGOFF in the WlxLoggedOutSAS implementation.

    I hope this will help.
    Cheers,
    --
    Mounir IDRASSI
    IDRIX
    http://www.idrix.fr


    Mounir IDRASSI IDRIX http://www.idrix.fr
    Friday, June 10, 2011 4:51 AM