3,245
社区成员
发帖
与我相关
我的任务
分享为什么我做的Credential Provider开始时能用后来为什么突然不能用了呢?
如题,我做了一个Credential Provider的DLL,用来替代系统自带的密码登陆机制。
主要是增加了一个输入密码的编辑框,用来输入安全key的密码。
在虚拟机和真实的windows 2008系统上,我发现,开始的时候这个CP的DLL是可以正常工作的,
但是用了一段时间后,突然就不好使了。
主要表现为:
在系统启动时,登陆系统是可以正常工作。
但是锁定计算机时,就没有反应了。
log显示一切正常,没有什么错误,但就是不能解除锁定,不知道是怎么回事?
不知道大家有没有遇见过这样情况?
主要是增加了一个输入密码的编辑框,用来输入安全key的密码。
在虚拟机和真实的windows 2008系统上,我发现,开始的时候这个CP的DLL是可以正常工作的,
但是用了一段时间后,突然就不好使了。
主要表现为:
在系统启动时,登陆系统是可以正常工作。
但是锁定计算机时,就没有反应了。
log显示一切正常,没有什么错误,但就是不能解除锁定,不知道是怎么回事?
不知道大家有没有遇见过这样情况?
...全文
请发表友善的回复…
发表回复
明月惊鹊 2011-07-12
- 打赏
- 举报
我也正在玩win7的登陆,。
EddyCoffee 2011-07-01
- 打赏
- 举报
我现在正在做WIN7下的CP,有时间能指点一下不,我主要是做LINUX/UNIX开发,对WINDOWS实在不熟
明月惊鹊 2011-06-27
- 打赏
- 举报
顶楼上。
matrix2009 2010-06-23
- 打赏
- 举报
知道是怎么回事了
在编译一个新的CP替换旧的CP时,
要先把旧的CP在system32里删除掉,
然后再把新的CP复制过来就可以了。
不可以直接覆盖
不然就可能会出现CP不能用的问题
在编译一个新的CP替换旧的CP时,
要先把旧的CP在system32里删除掉,
然后再把新的CP复制过来就可以了。
不可以直接覆盖
不然就可能会出现CP不能用的问题
wangk 2010-06-10
- 打赏
- 举报
建议GetSerialization对CPUS_LOGON和CPUS_UNLOCK_WORKSTATION的处理时产生的授权包格式是否正确?
就是KerbWorkstationUnlockLogonPack函数改动过吗?
我记不清楚了为什么以前的代码要在GetSerialization中对这两个状态分开产生对应的授权包,
不过建议你还是分开。
如果你确信GetSerialization代码没什么问题的话,
就检查ICredentialProvider::SetUsageScenario的处理代码吧。
反正就两三处要改。
就是KerbWorkstationUnlockLogonPack函数改动过吗?
我记不清楚了为什么以前的代码要在GetSerialization中对这两个状态分开产生对应的授权包,
不过建议你还是分开。
如果你确信GetSerialization代码没什么问题的话,
就检查ICredentialProvider::SetUsageScenario的处理代码吧。
反正就两三处要改。
matrix2009 2010-06-10
- 打赏
- 举报
系统是windows 2008
输入的USB Key的密码是正确的,验证通过了。
最大的问题是,刚开始使用的时候,CP是可以用的,登录、解锁都是可以的,
用了一段时间就不行了。只能登录,不能解锁。
我都郁闷死了
输入的USB Key的密码是正确的,验证通过了。
最大的问题是,刚开始使用的时候,CP是可以用的,登录、解锁都是可以的,
用了一段时间就不行了。只能登录,不能解锁。
我都郁闷死了
matrix2009 2010-06-10
- 打赏
- 举报
ICredentialProviderCredential::GetSerialization里面的代码我基本上没有怎么动,都是按照示例程序来的。只是加入了一点去USB key的密码的处理
HRESULT CSampleCredential::GetSerialization(
CREDENTIAL_PROVIDER_GET_SERIALIZATION_RESPONSE* pcpgsr,
CREDENTIAL_PROVIDER_CREDENTIAL_SERIALIZATION* pcpcs,
PWSTR* ppwszOptionalStatusText,
CREDENTIAL_PROVIDER_STATUS_ICON* pcpsiOptionalStatusIcon
)
{
UNREFERENCED_PARAMETER(ppwszOptionalStatusText);
UNREFERENCED_PARAMETER(pcpsiOptionalStatusIcon);
WriteLog("CSampleCredential::GetSerialization");
HRESULT hr;
size_t lenPin;
char pin[16] = {0};
DWORD dwPinLen = 0;
WCHAR wsz[MAX_COMPUTERNAME_LENGTH+1];
DWORD cch = ARRAYSIZE(wsz);
if (GetComputerNameW(wsz, &cch))
{
//获取pin码长度
hr = StringCchLengthW(_rgFieldStrings[SFI_PIN], 128, &(lenPin));//scott
if (SUCCEEDED(hr))
{
if (lenPin == 0)
{
MessageBox(0,"请输入pin码","提示",MB_OK|MB_SERVICE_NOTIFICATION);
return S_FALSE;
}
//将Unicode字符串转换为ansi字符串
dwPinLen = UnicodeToAnsi(_rgFieldStrings[SFI_PIN],pin,sizeof(pin));
//验证key信息
hr = CheckKeyInfo(pin,dwPinLen);
if (hr != S_OK)
{
WriteLog("CSampleCredential::GetSerialization----CheckKeyInfo fail!");
return S_FALSE;
}
PWSTR pwzProtectedPassword;
hr = ProtectIfNecessaryAndCopyPassword(_rgFieldStrings[SFI_PASSWORD], _cpus, &pwzProtectedPassword);
if (SUCCEEDED(hr))
{
KERB_INTERACTIVE_UNLOCK_LOGON kiul;
hr = KerbInteractiveUnlockLogonInit(wsz, _rgFieldStrings[SFI_EDIT_TEXT], pwzProtectedPassword, _cpus, &kiul);
if (SUCCEEDED(hr))
{
// We use KERB_INTERACTIVE_UNLOCK_LOGON in both unlock and logon scenarios. It contains a
// KERB_INTERACTIVE_LOGON to hold the creds plus a LUID that is filled in for us by Winlogon
// as necessary.
hr = KerbInteractiveUnlockLogonPack(kiul, &pcpcs->rgbSerialization, &pcpcs->cbSerialization);
if (SUCCEEDED(hr))
{
ULONG ulAuthPackage;
hr = RetrieveNegotiateAuthPackage(&ulAuthPackage);
if (SUCCEEDED(hr))
{
WriteLog("RetrieveNegotiateAuthPackage success");
pcpcs->ulAuthenticationPackage = ulAuthPackage;
pcpcs->clsidCredentialProvider = CLSID_CSampleProvider;
// At this point the credential has created the serialized credential used for logon
// By setting this to CPGSR_RETURN_CREDENTIAL_FINISHED we are letting logonUI know
// that we have all the information we need and it should attempt to submit the
// serialized credential.
*pcpgsr = CPGSR_RETURN_CREDENTIAL_FINISHED;
}//RetrieveNegotiateAuthPackage
}//KerbInteractiveUnlockLogonPack
}//KerbInteractiveUnlockLogonInit
CoTaskMemFree(pwzProtectedPassword);
}//ProtectIfNecessaryAndCopyPassword
}//StringCchLengthW
}//GetComputerNameW
else
{
WriteLog("CSampleCredential::GetSerialization----GetComputerNameW fail");
DWORD dwErr = GetLastError();
hr = HRESULT_FROM_WIN32(dwErr);
}
if (hr == S_OK)
{
WriteLog("Notice ProCtrl.exe to register callback!");
.......................................
}
return hr;
}
HRESULT CSampleCredential::GetSerialization(
CREDENTIAL_PROVIDER_GET_SERIALIZATION_RESPONSE* pcpgsr,
CREDENTIAL_PROVIDER_CREDENTIAL_SERIALIZATION* pcpcs,
PWSTR* ppwszOptionalStatusText,
CREDENTIAL_PROVIDER_STATUS_ICON* pcpsiOptionalStatusIcon
)
{
UNREFERENCED_PARAMETER(ppwszOptionalStatusText);
UNREFERENCED_PARAMETER(pcpsiOptionalStatusIcon);
WriteLog("CSampleCredential::GetSerialization");
HRESULT hr;
size_t lenPin;
char pin[16] = {0};
DWORD dwPinLen = 0;
WCHAR wsz[MAX_COMPUTERNAME_LENGTH+1];
DWORD cch = ARRAYSIZE(wsz);
if (GetComputerNameW(wsz, &cch))
{
//获取pin码长度
hr = StringCchLengthW(_rgFieldStrings[SFI_PIN], 128, &(lenPin));//scott
if (SUCCEEDED(hr))
{
if (lenPin == 0)
{
MessageBox(0,"请输入pin码","提示",MB_OK|MB_SERVICE_NOTIFICATION);
return S_FALSE;
}
//将Unicode字符串转换为ansi字符串
dwPinLen = UnicodeToAnsi(_rgFieldStrings[SFI_PIN],pin,sizeof(pin));
//验证key信息
hr = CheckKeyInfo(pin,dwPinLen);
if (hr != S_OK)
{
WriteLog("CSampleCredential::GetSerialization----CheckKeyInfo fail!");
return S_FALSE;
}
PWSTR pwzProtectedPassword;
hr = ProtectIfNecessaryAndCopyPassword(_rgFieldStrings[SFI_PASSWORD], _cpus, &pwzProtectedPassword);
if (SUCCEEDED(hr))
{
KERB_INTERACTIVE_UNLOCK_LOGON kiul;
hr = KerbInteractiveUnlockLogonInit(wsz, _rgFieldStrings[SFI_EDIT_TEXT], pwzProtectedPassword, _cpus, &kiul);
if (SUCCEEDED(hr))
{
// We use KERB_INTERACTIVE_UNLOCK_LOGON in both unlock and logon scenarios. It contains a
// KERB_INTERACTIVE_LOGON to hold the creds plus a LUID that is filled in for us by Winlogon
// as necessary.
hr = KerbInteractiveUnlockLogonPack(kiul, &pcpcs->rgbSerialization, &pcpcs->cbSerialization);
if (SUCCEEDED(hr))
{
ULONG ulAuthPackage;
hr = RetrieveNegotiateAuthPackage(&ulAuthPackage);
if (SUCCEEDED(hr))
{
WriteLog("RetrieveNegotiateAuthPackage success");
pcpcs->ulAuthenticationPackage = ulAuthPackage;
pcpcs->clsidCredentialProvider = CLSID_CSampleProvider;
// At this point the credential has created the serialized credential used for logon
// By setting this to CPGSR_RETURN_CREDENTIAL_FINISHED we are letting logonUI know
// that we have all the information we need and it should attempt to submit the
// serialized credential.
*pcpgsr = CPGSR_RETURN_CREDENTIAL_FINISHED;
}//RetrieveNegotiateAuthPackage
}//KerbInteractiveUnlockLogonPack
}//KerbInteractiveUnlockLogonInit
CoTaskMemFree(pwzProtectedPassword);
}//ProtectIfNecessaryAndCopyPassword
}//StringCchLengthW
}//GetComputerNameW
else
{
WriteLog("CSampleCredential::GetSerialization----GetComputerNameW fail");
DWORD dwErr = GetLastError();
hr = HRESULT_FROM_WIN32(dwErr);
}
if (hr == S_OK)
{
WriteLog("Notice ProCtrl.exe to register callback!");
.......................................
}
return hr;
}
wangk 2010-06-10
- 打赏
- 举报
ICredentialProviderCredential::GetSerialization里面处理了
CPUS_UNLOCK_WORKSTATION的情况吗?
CPUS_UNLOCK_WORKSTATION的情况吗?
if(g_cpus==CPUS_LOGON)
{
kiul.Logon.MessageType = KerbInteractiveLogon;
hr = KerbInteractiveLogonPack(kiul.Logon, &pcpcs->rgbSerialization, &pcpcs->cbSerialization);
}
else if(g_cpus==CPUS_UNLOCK_WORKSTATION)
{
kiul.Logon.MessageType = KerbWorkstationUnlockLogon;
hr = FindUnlockWorkStationInfo(kiul);
if(SUCCEEDED(hr))
{
hr = KerbWorkstationUnlockLogonPack(kiul, &pcpcs->rgbSerialization, &pcpcs->cbSerialization);
}
}
else
{
hr = HRESULT_FROM_NT(STATUS_NO_SUCH_PACKAGE);
}
matrix2009 2010-06-10
- 打赏
- 举报
我是在微软提供的五个示例程序的SampleAllControlsCredentialProvider的基础上改的,大部分的代码没有动,只是增加了一个输入key密码的文本框。
matrix2009 2010-06-10
- 打赏
- 举报
log如下:
2010-6-10 14:10:30 CSampleCredential::GetSerialization
2010-6-10 14:10:30 CSampleCredential::CheckKeyInfo
2010-6-10 14:10:30 GetCurrentKeyUserName
2010-6-10 14:10:38 ProtectIfNecessaryAndCopyPassword
2010-6-10 14:10:38 pwzPassword && *pwzPassword
2010-6-10 14:10:38 CredIsProtectedW(pwzPassword, &protectionType)
2010-6-10 14:10:38 KerbInteractiveUnlockLogonInit
2010-6-10 14:10:38 pkil->MessageType = KerbInteractiveLogon;
2010-6-10 14:10:38 KerbInteractiveUnlockLogonPack
2010-6-10 14:10:38 RetrieveNegotiateAuthPackage
2010-6-10 14:10:38 RetrieveNegotiateAuthPackage success
2010-6-10 14:10:38 Notice ProCtrl.exe to register callback!
以上是正常登陆的log
2010-6-10 14:13:47 CSampleCredential::GetSerialization
2010-6-10 14:13:47 CSampleCredential::CheckKeyInfo
2010-6-10 14:13:47 GetCurrentKeyUserName
2010-6-10 14:13:51 用户名相同,不下载策略
2010-6-10 14:13:51 ProtectIfNecessaryAndCopyPassword
2010-6-10 14:13:51 pwzPassword && *pwzPassword
2010-6-10 14:13:51 CredIsProtectedW(pwzPassword, &protectionType)
2010-6-10 14:13:51 KerbInteractiveUnlockLogonInit
2010-6-10 14:13:51 pkil->MessageType = KerbWorkstationUnlockLogon
2010-6-10 14:13:51 KerbInteractiveUnlockLogonPack
2010-6-10 14:13:51 RetrieveNegotiateAuthPackage
2010-6-10 14:13:51 RetrieveNegotiateAuthPackage success
2010-6-10 14:13:51 Notice ProCtrl.exe to register callback!
以上是拔key锁定计算机然后输入密码解锁时的log,但是就是停在登陆的界面上,没有反应。
2010-6-10 14:16:53 CSampleCredential::GetSerialization
2010-6-10 14:16:53 CSampleCredential::CheckKeyInfo
2010-6-10 14:16:53 GetCurrentKeyUserName
2010-6-10 14:16:56 CSampleCredential::GetSerialization----CheckKeyInfo fail!
2010-6-10 14:17:7 CSampleCredential::GetSerialization
2010-6-10 14:17:7 CSampleCredential::CheckKeyInfo
2010-6-10 14:17:7 GetCurrentKeyUserName
2010-6-10 14:17:10 用户名相同,不下载策略
2010-6-10 14:17:10 ProtectIfNecessaryAndCopyPassword
2010-6-10 14:17:10 pwzPassword && *pwzPassword
2010-6-10 14:17:10 CredIsProtectedW(pwzPassword, &protectionType)
2010-6-10 14:17:10 KerbInteractiveUnlockLogonInit
2010-6-10 14:17:10 pkil->MessageType = KerbInteractiveLogon;
2010-6-10 14:17:10 KerbInteractiveUnlockLogonPack
2010-6-10 14:17:10 RetrieveNegotiateAuthPackage
2010-6-10 14:17:10 RetrieveNegotiateAuthPackage success
2010-6-10 14:17:10 Notice ProCtrl.exe to register callback!
以上是我点切换用户,然后输入CTRL+ALT+DEL,再次登陆时的log。
奇怪的是只有系统启动时CP才能正常工作。
2010-6-10 14:10:30 CSampleCredential::GetSerialization
2010-6-10 14:10:30 CSampleCredential::CheckKeyInfo
2010-6-10 14:10:30 GetCurrentKeyUserName
2010-6-10 14:10:38 ProtectIfNecessaryAndCopyPassword
2010-6-10 14:10:38 pwzPassword && *pwzPassword
2010-6-10 14:10:38 CredIsProtectedW(pwzPassword, &protectionType)
2010-6-10 14:10:38 KerbInteractiveUnlockLogonInit
2010-6-10 14:10:38 pkil->MessageType = KerbInteractiveLogon;
2010-6-10 14:10:38 KerbInteractiveUnlockLogonPack
2010-6-10 14:10:38 RetrieveNegotiateAuthPackage
2010-6-10 14:10:38 RetrieveNegotiateAuthPackage success
2010-6-10 14:10:38 Notice ProCtrl.exe to register callback!
以上是正常登陆的log
2010-6-10 14:13:47 CSampleCredential::GetSerialization
2010-6-10 14:13:47 CSampleCredential::CheckKeyInfo
2010-6-10 14:13:47 GetCurrentKeyUserName
2010-6-10 14:13:51 用户名相同,不下载策略
2010-6-10 14:13:51 ProtectIfNecessaryAndCopyPassword
2010-6-10 14:13:51 pwzPassword && *pwzPassword
2010-6-10 14:13:51 CredIsProtectedW(pwzPassword, &protectionType)
2010-6-10 14:13:51 KerbInteractiveUnlockLogonInit
2010-6-10 14:13:51 pkil->MessageType = KerbWorkstationUnlockLogon
2010-6-10 14:13:51 KerbInteractiveUnlockLogonPack
2010-6-10 14:13:51 RetrieveNegotiateAuthPackage
2010-6-10 14:13:51 RetrieveNegotiateAuthPackage success
2010-6-10 14:13:51 Notice ProCtrl.exe to register callback!
以上是拔key锁定计算机然后输入密码解锁时的log,但是就是停在登陆的界面上,没有反应。
2010-6-10 14:16:53 CSampleCredential::GetSerialization
2010-6-10 14:16:53 CSampleCredential::CheckKeyInfo
2010-6-10 14:16:53 GetCurrentKeyUserName
2010-6-10 14:16:56 CSampleCredential::GetSerialization----CheckKeyInfo fail!
2010-6-10 14:17:7 CSampleCredential::GetSerialization
2010-6-10 14:17:7 CSampleCredential::CheckKeyInfo
2010-6-10 14:17:7 GetCurrentKeyUserName
2010-6-10 14:17:10 用户名相同,不下载策略
2010-6-10 14:17:10 ProtectIfNecessaryAndCopyPassword
2010-6-10 14:17:10 pwzPassword && *pwzPassword
2010-6-10 14:17:10 CredIsProtectedW(pwzPassword, &protectionType)
2010-6-10 14:17:10 KerbInteractiveUnlockLogonInit
2010-6-10 14:17:10 pkil->MessageType = KerbInteractiveLogon;
2010-6-10 14:17:10 KerbInteractiveUnlockLogonPack
2010-6-10 14:17:10 RetrieveNegotiateAuthPackage
2010-6-10 14:17:10 RetrieveNegotiateAuthPackage success
2010-6-10 14:17:10 Notice ProCtrl.exe to register callback!
以上是我点切换用户,然后输入CTRL+ALT+DEL,再次登陆时的log。
奇怪的是只有系统启动时CP才能正常工作。
