none
Returning an NTSTATUS to an unmanaged caller from .NET RRS feed

  • Question

  • Hi,

    I'm currently trying to implement a Sub Authentication package for kerberos logons, and this requires getting Windows to call a DLL of mine (by entering the DLL name in a specific registry entry). I know ideally this should be in unmanaged C++ but as I only know VB.NET I'm trying to do it from that as I've done plenty of P/Invoke from it in the past. I've used a utility to export the function signature so that unmanaged code (the Windows logon process in this case) can call it, and I know that part is working fine as I can see my function is actually being called because I have it write the current time to a text file and that text file is indeed being updated every time a logon attempt takes place on the domain. However, the problem is that I don't seem to be returning the correct value as it acts as if I've returned an error code and therefore refuses to let anyone logon.

    The documentation on MSDN for this function I've implemented in my .NET DLL is here (Msv1_0SubAuthenticationFilter: http://msdn.microsoft.com/en-gb/library/windows/desktop/aa378751(v=vs.85).aspx) and as you can see it says to just return STATUS_SUCCESS if you want to indicate that the logon validation was successful. According to everything I can find an NTSTATUS type is just a LONG really, and the platform invoke description here (http://msdn.microsoft.com/en-US/library/ac7ay120(v=vs.80).aspx) says a Long should just be an Int32 in .NET. So as I want to return STATUS_SUCCESS I just return 0 but as mentioned in the previous paragraph that doesn't seem to work. Do I need to marshal the Int32 that I'm returning back in some way?

    Here's how I've currently got the method signature declared:

    <DllExport()> _
    Public Shared Function Msv1_0SubAuthenticationFilter(ByVal LogonLevel As UInt32, ByVal LogonInformation As IntPtr, ByVal Flags As UInteger, ByVal UserAll As IntPtr, ByRef WhichFields As UInteger, ByRef UserFlags As UInteger, ByRef Authoritative As Byte, ByRef LogoffTime As LARGE_INTEGER, ByRef KickoffTime As LARGE_INTEGER) As UInteger
       

    I was originally returning a regular signed 32 bit integer but as you can see I've now changed that to an unsigned 32 bit integer just to test but that didn't make any difference.

    Any ideas where I'm going wrong?

    Thanks

    Chris

     


    My website (free apps I've written for IT Pro's) : www.cjwdev.co.uk My blog: cjwdev.wordpress.com

    Saturday, May 18, 2013 2:44 AM

Answers

  • Do you also set the output parameters (marked with [out] in documentation for Msv1_0SubAuthenticationFilter)?

    • Marked as answer by Chris128 Saturday, May 18, 2013 1:54 PM
    Saturday, May 18, 2013 6:06 AM
  • Do you also set the output parameters (marked with [out] in documentation for Msv1_0SubAuthenticationFilter)?

    Looks like that did the trick :) thanks!

    For anyone else looking to do a similar thing, here's what I've got in my function just to make it work and allow logons (I've removed the line where I write to a text file for the sake of this example) :

    <DllExport()> _
    Public Shared Function Msv1_0SubAuthenticationFilter(ByVal LogonLevel As UInteger, ByVal LogonInformation As IntPtr, ByVal Flags As UInteger, ByVal UserAll As IntPtr, ByRef WhichFields As UInteger, ByRef UserFlags As UInteger, ByRef Authoritative As Byte, ByRef LogoffTime As LARGE_INTEGER, ByRef KickoffTime As LARGE_INTEGER) As UInteger
            Authoritative = 1
            UserFlags = 0
            WhichFields = 0
            LogoffTime.QuadPart = Int64.MaxValue
            KickoffTime.QuadPart = Int64.MaxValue
            Return 0
    End Function


    My website (free apps I've written for IT Pro's) : www.cjwdev.co.uk My blog: cjwdev.wordpress.com


    • Marked as answer by Chris128 Saturday, May 18, 2013 1:54 PM
    • Edited by Chris128 Saturday, May 18, 2013 1:55 PM
    Saturday, May 18, 2013 1:54 PM

All replies

  • Do you also set the output parameters (marked with [out] in documentation for Msv1_0SubAuthenticationFilter)?

    • Marked as answer by Chris128 Saturday, May 18, 2013 1:54 PM
    Saturday, May 18, 2013 6:06 AM
  • I'm not doing anything with those parameters no, as the documentation for each of them indicates that they only need setting if you want to return various options that I don't want to return. It also says that the only one of them that could affect whether or not the authentication is deemed successful (the parameter named "Authoritative") is ignored when this function is being called by the Kerberos auth package - which is what I'm using in my tests. Do you think I need to just set them all to 0 or to Null anyway? 

    My website (free apps I've written for IT Pro's) : www.cjwdev.co.uk My blog: cjwdev.wordpress.com

    Saturday, May 18, 2013 1:32 PM
  • Do you also set the output parameters (marked with [out] in documentation for Msv1_0SubAuthenticationFilter)?

    Looks like that did the trick :) thanks!

    For anyone else looking to do a similar thing, here's what I've got in my function just to make it work and allow logons (I've removed the line where I write to a text file for the sake of this example) :

    <DllExport()> _
    Public Shared Function Msv1_0SubAuthenticationFilter(ByVal LogonLevel As UInteger, ByVal LogonInformation As IntPtr, ByVal Flags As UInteger, ByVal UserAll As IntPtr, ByRef WhichFields As UInteger, ByRef UserFlags As UInteger, ByRef Authoritative As Byte, ByRef LogoffTime As LARGE_INTEGER, ByRef KickoffTime As LARGE_INTEGER) As UInteger
            Authoritative = 1
            UserFlags = 0
            WhichFields = 0
            LogoffTime.QuadPart = Int64.MaxValue
            KickoffTime.QuadPart = Int64.MaxValue
            Return 0
    End Function


    My website (free apps I've written for IT Pro's) : www.cjwdev.co.uk My blog: cjwdev.wordpress.com


    • Marked as answer by Chris128 Saturday, May 18, 2013 1:54 PM
    • Edited by Chris128 Saturday, May 18, 2013 1:55 PM
    Saturday, May 18, 2013 1:54 PM