Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Custom Authentication Package initialization problem

330 views
Skip to first unread message

Gunther Schneidereit

unread,
May 21, 2002, 10:21:00 AM5/21/02
to
Does anyone have any pointers on how to properly register
new authentication package? I'm having a problem in that
it seems to register OK, but I can't find it when I
perform a lookup.

I found an article on MSDN that says all you have to do is
add your package name to
the 'HKLM\System\CurrentControlSet\Control\Lsa\Authenticati
on Packages' key and the LSA should load your package on
reboot. The msv1_0 package is already in the list and I
added mine after it delimiting it with a space (leaving
off the .dll). Inside my dll I'm tracing the entering of
any functions that Lsa calls. The only one that is entered
so far is 'LsaApInitializePackage' at boot time, where I
currently only define my package name as the 'out
parameter' (Here's the code that I'm using):

//initialize package name for return
DRMTRACE ( DrmDebugInfo, L"ENTER;\r\n" );
PLSA_STRING pAPName = NULL;
const char* pchApName = NULL;
pchApName = (char*)LsaDispatchTable->AllocateLsaHeap
(sizeof(char));
if(pchApName)
{
pchApName = "DermalogAP"; //same as in registry...
pAPName = (PLSA_STRING)LsaDispatchTable-
>AllocateLsaHeap(sizeof(LSA_STRING));
if(pAPName)
{
int nLen = lstrlenA(pchApName);
pAPName->Length = nLen;
pAPName->MaximumLength = nLen;
pAPName->Buffer = (PCHAR)pAPName;
AuthenticationPackageName = &pAPName;
}
else
{
DRMTRACE ( DrmDebugInfo, L"pAPName allocation
failed.\r\n" );
}
}
else
{
DRMTRACE ( DrmDebugInfo, L"pchApName allocation
failed.\r\n" );
}

DRMTRACE ( DrmDebugInfo, L"DrmAP LsaApInitialize:
EXIT;\r\n" );
return STATUS_SUCCESS;


What I'm currently doing is to get an 'untrusted
connection' to the LSA (for testing purposes) and
calling 'LsaLookupAuthenticationPackage' which always
results in an NTSTATUS = STATUS_NO_SUCH_PACKAGE.
The code I'm using is as follows:

//tryimg to get the ID of the AP
NTSTATUS status;
char* psAP = "DermalogAP";
LSA_STRING sAPName;
sAPName.Length = lstrlenA(psAP);
sAPName.MaximumLength = lstrlenA(psAP);
sAPName.Buffer = psAP;
ULONG ulAP;
status = LsaLookupAuthenticationPackage(m_hLSA,
&sAPName, &ulAP);

if(status == STATUS_SUCCESS)
{
...
}
else
{
...
}

...

CloseLsaHandle();


But if I use 'Kerberos'
or 'MICROSOFT_AUTHENTICATION_PACKAGE_V1_0' instead of my
package name the result always is STATUS_SUCCESS.

Is there some other process that must be followed so that
the LSA knows about all of the authentication packages
that have been installed (such as another registry key
that must be modified)? Any help on this would be greatly
appreciated.

thanks,
Gunther

Stephan Wardell

unread,
May 21, 2002, 5:41:56 PM5/21/02
to
Hi,

I think the problem may be the line:

AuthenticationPackageName = &pAPName;

see if this works:

*AuthenticationPackageName = pAPName;

---------------------------
Stephan Wardell

Stephan...@Hotmail.com

>.
>

Gunther Schneidereit

unread,
May 22, 2002, 3:25:52 AM5/22/02
to
Hi Stephan,

I tried your suggestion 'and it worked', but the results
were the same - STATUS_NO_SUCH_PACKAGE. And for the
package names like 'Kerberos'
and ''MICROSOFT_AUTHENTICATION_PACKAGE_V1_0' -
'STATUS_SUCCESS'.

Because the other Authentication Package names do work I'm
tempted to say the problem is not the code, but some other
precautions I have to take into account, like another
registry entry or something like that. But until now I
couldn't find any other relevant registry entries
regarding the working Authentication Package names I
mentiioned above. So I'm returning to the code...

I'm really stuck!

Maybe (like a saying in german) I can't see the forest
because of all the trees...

;)
Gunther

>.
>

Stephan Wardell

unread,
May 22, 2002, 4:46:37 PM5/22/02
to
Hi Gunther,

Here's a very basic implementation of
LsaApInitializePackage which I've gotten to work:

NTSTATUS NTAPI LsaApInitializePackage(...)
{

(*AuthenticationPackageName) = (LSA_STRING *)
LsaDispatchTable->AllocateLsaHeap(sizeof(LSA_STRING));

if(NULL != (*AuthenticationPackageName))
{

(*AuthenticationPackageName)->Buffer = (char *)
LsaDispatchTable->AllocateLsaHeap((ULONG) strlen
("YourPackageName") + 1);

if(NULL != (*AuthenticationPackageName)->Buffer)
{

(*AuthenticationPackageName)->Length =
strlen("YourPackageName");

(*AuthenticationPackageName)->MaximumLength =
strlen("YourPackageName") + 1;

strcpy(
(*AuthenticationPackageName)->Buffer,
"YourPackageName");

return STATUS_SUCCESS;

}

}

return STATUS_UNSUCCESSFUL;

}

Hope this helps,

Stephan

>>> //tryimg to Í{ wÀ È "ðü=$
>>´o?
> ìù get the ID of the AP

Gunther Schneidereit

unread,
May 23, 2002, 6:13:20 AM5/23/02
to
Hi Stephan,

I got it working!

thanks a lot!

bye,
Gunther

>>>> PLSA_STRING pAPName = NUÍ{ wÀ # Læ Rt9/ROu? ìd LL;

0 new messages