Реализация пользовательского пакета проверки подлинности Windows

Question

Реализация пользовательского пакета проверки подлинности Windows

Я работал над реализацией пользовательского пакета аутентификации для Windows 10. После прочтения следующей документации Windows https://msdn.microsoft.com/en-us/library/windows/desktop/aa374731(v=vs.85).aspx Я реализовал необходимые методы пакета auth. Код, который я написал для реализации пакета auth:

    LSA_DISPATCH_TABLE DispatchTable;

NTSTATUS NTAPI
LsaApCallPackagePassthrough(IN PLSA_CLIENT_REQUEST ClientRequest,
    IN PVOID ProtocolSubmitBuffer,
    IN PVOID ClientBufferBase,
    IN ULONG SubmitBufferLength,
    OUT PVOID *ProtocolReturnBuffer,
    OUT PULONG ReturnBufferLength,
    OUT PNTSTATUS ProtocolStatus);
NTSTATUS NTAPI
LsaApCallPackage(
    IN PLSA_CLIENT_REQUEST ClientRequest,
    IN PVOID ProtocolSubmitBuffer,
    IN PVOID ClientBufferBase,
    IN ULONG SubmitBufferLength,
    OUT PVOID *ProtocolReturnBuffer,
    OUT PULONG ReturnBufferLength,
    OUT PNTSTATUS ProtocolStatus
);
NTSTATUS
NTAPI
LsaApCallPackageUntrusted(IN PLSA_CLIENT_REQUEST ClientRequest,
    IN PVOID ProtocolSubmitBuffer,
    IN PVOID ClientBufferBase,
    IN ULONG SubmitBufferLength,
    OUT PVOID *ProtocolReturnBuffer,
    OUT PULONG ReturnBufferLength,
    OUT PNTSTATUS ProtocolStatus);
NTSTATUS LsaApInitializePackage(
    _In_     ULONG               AuthenticationPackageId,
    _In_     PLSA_DISPATCH_TABLE LsaDispatchTable,
    _In_opt_ PLSA_STRING         Database,
    _In_opt_ PLSA_STRING         Confidentiality,
    _Out_    PLSA_STRING         *AuthenticationPackageName
);
VOID NTAPI
LsaApLogonTerminated(
    IN PLUID LogonId
);
NTSTATUS NTAPI
LsaApLogonUserEx(
    IN PLSA_CLIENT_REQUEST ClientRequest,
    IN SECURITY_LOGON_TYPE LogonType,
    IN PVOID ProtocolSubmitBuffer,
    IN PVOID ClientBufferBase,
    IN ULONG SubmitBufferSize,
    OUT PVOID *ProfileBuffer,
    OUT PULONG ProfileBufferSize,
    OUT PLUID LogonId,
    OUT PNTSTATUS SubStatus,
    OUT PLSA_TOKEN_INFORMATION_TYPE TokenInformationType,
    OUT PVOID *TokenInformation,
    OUT PUNICODE_STRING *AccountName,
    OUT PUNICODE_STRING *AuthenticatingAuthority,
    OUT PUNICODE_STRING *MachineName
);
NTSTATUS NTAPI
LsaApLogonUser(
    IN PLSA_CLIENT_REQUEST ClientRequest,
    IN SECURITY_LOGON_TYPE LogonType,
    IN PVOID ProtocolSubmitBuffer,
    IN PVOID ClientBufferBase,
    IN ULONG SubmitBufferSize,
    OUT PVOID *ProfileBuffer,
    OUT PULONG ProfileBufferSize,
    OUT PLUID LogonId,
    OUT PNTSTATUS SubStatus,
    OUT PLSA_TOKEN_INFORMATION_TYPE TokenInformationType,
    OUT PVOID *TokenInformation,
    OUT PUNICODE_STRING *AccountName,
    OUT PUNICODE_STRING *AuthenticatingAuthority,
    OUT PUNICODE_STRING *MachineName
);
NTSTATUS NTAPI
LsaApLogonUserEx2(
    IN PLSA_CLIENT_REQUEST ClientRequest,
    IN SECURITY_LOGON_TYPE LogonType,
    IN PVOID ProtocolSubmitBuffer,
    IN PVOID ClientBufferBase,
    IN ULONG SubmitBufferSize,
    OUT PVOID *ProfileBuffer,
    OUT PULONG ProfileBufferSize,
    OUT PLUID LogonId,
    OUT PNTSTATUS SubStatus,
    OUT PLSA_TOKEN_INFORMATION_TYPE TokenInformationType,
    OUT PVOID *TokenInformation,
    OUT PUNICODE_STRING *AccountName,
    OUT PUNICODE_STRING *AuthenticatingAuthority,
    OUT PUNICODE_STRING *MachineName
);



NTSTATUS NTAPI
LsaApCallPackagePassthrough(IN PLSA_CLIENT_REQUEST ClientRequest,
    IN PVOID ProtocolSubmitBuffer,
    IN PVOID ClientBufferBase,
    IN ULONG SubmitBufferLength,
    OUT PVOID *ProtocolReturnBuffer,
    OUT PULONG ReturnBufferLength,
    OUT PNTSTATUS ProtocolStatus)
    {
        ofstream myfile;
        myfile.open("C:/Users/administrator.LEO/Desktop/InItPack.txt",std::ofstream::app);
        myfile << "LsaApCallPackagePassthrough.\n";
        myfile.close();

        return STATUS_NOT_IMPLEMENTED;
    }


NTSTATUS NTAPI
LsaApCallPackage(
    IN PLSA_CLIENT_REQUEST ClientRequest,
    IN PVOID ProtocolSubmitBuffer,
    IN PVOID ClientBufferBase,
    IN ULONG SubmitBufferLength,
    OUT PVOID *ProtocolReturnBuffer,
    OUT PULONG ReturnBufferLength,
    OUT PNTSTATUS ProtocolStatus
)
{
    ofstream myfile;
    myfile.open("C:/Users/administrator.LEO/Desktop/InItPack.txt", std::ofstream::app);
    myfile << "LsaApCallPackage.\n";
    myfile.close();
    ULONG MessageType;

    //
    // Get the messsage type from the protocol submit buffer.
    //

    if (SubmitBufferLength < sizeof(MSV1_0_PROTOCOL_MESSAGE_TYPE)) {
        return STATUS_INVALID_PARAMETER;
    }

    MessageType =
        (ULONG) *((PMSV1_0_PROTOCOL_MESSAGE_TYPE)(ProtocolSubmitBuffer));

    /*if (MessageType >=
        (sizeof(MspCallPackageDispatch) / sizeof(MspCallPackageDispatch[0]))) {

        return STATUS_INVALID_PARAMETER;
    }*/

    //
    // Allow the dispatch routines to only set the return buffer information
    // on success conditions.
    //

    *ProtocolReturnBuffer = NULL;
    *ReturnBufferLength = 0;

    //
    // Call the appropriate routine for this message.
    //

    return STATUS_NOT_IMPLEMENTED;

}
NTSTATUS
 NTAPI NTAPI
 LsaApCallPackageUntrusted(IN PLSA_CLIENT_REQUEST ClientRequest,
                               IN PVOID ProtocolSubmitBuffer,
                               IN PVOID ClientBufferBase,
                               IN ULONG SubmitBufferLength,
                               OUT PVOID *ProtocolReturnBuffer,
                               OUT PULONG ReturnBufferLength,
                               OUT PNTSTATUS ProtocolStatus)
     {
    ofstream myfile;
    myfile.open("C:/Users/administrator.LEO/Desktop/InItPack.txt", std::ofstream::app);
    myfile << "LsaApCallPackageUntrusted.\n";
    myfile.close();
         return STATUS_NOT_IMPLEMENTED;
     }

NTSTATUS NTAPI LsaApInitializePackage(
    _In_     ULONG               AuthenticationPackageId,
    _In_     PLSA_DISPATCH_TABLE LsaDispatchTable,
    _In_opt_ PLSA_STRING         Database,
    _In_opt_ PLSA_STRING         Confidentiality,
    _Out_    PLSA_STRING         *AuthenticationPackageName
)
{
    ofstream myfile;
    myfile.open("C:/Users/administrator.LEO/Desktop/InItPack.txt",std::ofstream::app);
    myfile << "Call.\n";
    myfile.close();

    PLSA_STRING name = NULL;



    //
    // Use the process heap for memory allocations.
    //



    //
    // Save our assigned authentication package ID.
    //



    DispatchTable.CreateLogonSession = LsaDispatchTable->CreateLogonSession;
    DispatchTable.DeleteLogonSession = LsaDispatchTable->DeleteLogonSession;
    DispatchTable.AddCredential = LsaDispatchTable->AddCredential;
    DispatchTable.GetCredentials = LsaDispatchTable->GetCredentials;
    DispatchTable.DeleteCredential = LsaDispatchTable->DeleteCredential;
    DispatchTable.AllocateLsaHeap = LsaDispatchTable->AllocateLsaHeap;
    DispatchTable.FreeLsaHeap = LsaDispatchTable->FreeLsaHeap;
    DispatchTable.AllocateClientBuffer = LsaDispatchTable->AllocateClientBuffer;
    DispatchTable.FreeClientBuffer = LsaDispatchTable->FreeClientBuffer;
    DispatchTable.CopyToClientBuffer = LsaDispatchTable->CopyToClientBuffer;
    DispatchTable.CopyFromClientBuffer = LsaDispatchTable->CopyFromClientBuffer;






    name = (LSA_STRING *)LsaDispatchTable->AllocateLsaHeap(sizeof *name);
    name->Buffer = (char *)LsaDispatchTable->AllocateLsaHeap(sizeof("SubAuth") + 1);

    name->Length = sizeof("SubAuth") - 1;
    name->MaximumLength = sizeof("SubAuth");
    strcpy_s(name->Buffer, sizeof("SubAuth") + 1, "SubAuth");

    (*AuthenticationPackageName) = name;

    /*(*AuthenticationPackageName) = (LSA_STRING *)
        LsaDispatchTable->AllocateLsaHeap(sizeof(LSA_STRING));

    if (NULL != (*AuthenticationPackageName))
    {
        ofstream myfile;
        myfile.open("C:/Users/administrator.LEO/Desktop/InItPack.txt", std::ofstream::app);
        myfile << "FirstBoolTrue.\n";
        myfile.close();

        (*AuthenticationPackageName)->Buffer = (char *)
            LsaDispatchTable->AllocateLsaHeap((ULONG)strlen
            ("SubAuth") + 1);

        if (NULL != (*AuthenticationPackageName)->Buffer)
        {
            ofstream myfile;
            myfile.open("C:/Users/administrator.LEO/Desktop/InItPack.txt", std::ofstream::app);
            myfile << "SecondBoolTrue.\n";
            myfile.close();

            (*AuthenticationPackageName)->Length =
                strlen("SubAuth");

            (*AuthenticationPackageName)->MaximumLength =
                strlen("SubAuth") + 1;

            strcpy(
                (*AuthenticationPackageName)->Buffer,
                "SubAuth");

            return STATUS_SUCCESS;

        }

    }*/

    return STATUS_SUCCESS;

}
VOID NTAPI
LsaApLogonTerminated(
    IN PLUID LogonId
)
{
    ofstream myfile;
    myfile.open("C:/Users/administrator.LEO/Desktop/InItPack.txt", std::ofstream::app);
    myfile << "LsaApLogonTerminated.\n";
    myfile.close();
}
NTSTATUS NTAPI
LsaApLogonUserEx(
    IN PLSA_CLIENT_REQUEST ClientRequest,
    IN SECURITY_LOGON_TYPE LogonType,
    IN PVOID ProtocolSubmitBuffer,
    IN PVOID ClientBufferBase,
    IN ULONG SubmitBufferSize,
    OUT PVOID *ProfileBuffer,
    OUT PULONG ProfileBufferSize,
    OUT PLUID LogonId,
    OUT PNTSTATUS SubStatus,
    OUT PLSA_TOKEN_INFORMATION_TYPE TokenInformationType,
    OUT PVOID *TokenInformation,
    OUT PUNICODE_STRING *AccountName,
    OUT PUNICODE_STRING *AuthenticatingAuthority,
    OUT PUNICODE_STRING *MachineName
){
    ofstream myfile;
    myfile.open("C:/Users/administrator.LEO/Desktop/InItPack.txt", std::ofstream::app);
    myfile << "LsaApLogonUserEx.\n";
    myfile.close();

    return STATUS_SUCCESS;
}
NTSTATUS NTAPI
LsaApLogonUser(
    IN PLSA_CLIENT_REQUEST ClientRequest,
    IN SECURITY_LOGON_TYPE LogonType,
    IN PVOID ProtocolSubmitBuffer,
    IN PVOID ClientBufferBase,
    IN ULONG SubmitBufferSize,
    OUT PVOID *ProfileBuffer,
    OUT PULONG ProfileBufferSize,
    OUT PLUID LogonId,
    OUT PNTSTATUS SubStatus,
    OUT PLSA_TOKEN_INFORMATION_TYPE TokenInformationType,
    OUT PVOID *TokenInformation,
    OUT PUNICODE_STRING *AccountName,
    OUT PUNICODE_STRING *AuthenticatingAuthority,
    OUT PUNICODE_STRING *MachineName
) {
    ofstream myfile;
    myfile.open("C:/Users/administrator.LEO/Desktop/InItPack.txt", std::ofstream::app);
    myfile << "LsaApLogonUser.\n";
    myfile.close();

    return STATUS_SUCCESS;
}
NTSTATUS NTAPI
LsaApLogonUserEx2(
    IN PLSA_CLIENT_REQUEST ClientRequest,
    IN SECURITY_LOGON_TYPE LogonType,
    IN PVOID ProtocolSubmitBuffer,
    IN PVOID ClientBufferBase,
    IN ULONG SubmitBufferSize,
    OUT PVOID *ProfileBuffer,
    OUT PULONG ProfileBufferSize,
    OUT PLUID LogonId,
    OUT PNTSTATUS SubStatus,
    OUT PLSA_TOKEN_INFORMATION_TYPE TokenInformationType,
    OUT PVOID *TokenInformation,
    OUT PUNICODE_STRING *AccountName,
    OUT PUNICODE_STRING *AuthenticatingAuthority,
    OUT PUNICODE_STRING *MachineName
) {
    ofstream myfile;
    myfile.open("C:/Users/administrator.LEO/Desktop/InItPack.txt", std::ofstream::app);
    myfile << "LsaApLogonUserEx2.\n";
    myfile.close();

    return STATUS_SUCCESS;
}

Мой файл определения:

LIBRARY SUBAUTH

EXPORTS
LsaApInitializePackage
LsaApCallPackage
LsaApCallPackagePassthrough
LsaApCallPackageUntrusted
LsaApLogonTerminated
LsaApLogonUserEx

Но проблема в том, что когда я помещаю dll своего пакета в system32 и регистрирую пакет в значении ключа реестра "Пакеты аутентификации" в папке Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa и перезагружаю компьютер, мой пакет инициализируется, но когда Я вхожу в систему, мои реализованные методы входа в систему пакета не вызываются, хотя при завершении сеанса LsaApLogonTeridity вызывается. Я также реализовал пользовательский провайдер учетных данных, в котором я ищу свой пакет аутентификации, и провайдер находит его успешно, но процедуры входа в систему не вызываются.

Кто-нибудь может подсказать мне, что я здесь делаю не так?

5

c winapi windows-authentication winlogon local-security-authority

Источник

user5164579 10 июн '18 в 16:20

0 ответов

Другие вопросы по тегам c winapi windows-authentication winlogon local-security-authority