Windows下實現USBkey桌面登錄

1 本地登錄原理

1.1登錄流程

 

1 用戶按下Ctrl+Alt+Del，激活Winlogon.exe程序

2 winlogon.exe檢查註冊表項 MACHINE/Software/Microsoft/Windows NT/CurrentVersion/Winlogon/GinaDll，如果沒有，默認爲msgina.dll

3 winlogon.exe調用Gina

4 Gina檢查用戶的狀態

5 如果用戶是在未登錄狀態，彈出對話框讓用戶輸入帳號口令

6 用戶輸入帳號口令

7 Gina傳到LSA檢查用戶的帳號口令

8 LSA從SAM比較用戶的帳號口令

9 如果匹配，返回用戶的SID

10 Gina返回用戶登錄token

11 winlogon返回用戶登錄桌面

1.2 SAS事件

Winlogon和GINA 之間傳遞的SAS消息。GINA監聽SAS消息，並通過WlxSasNotify方法通知Winlogon SAS消息，Winlogon收到SAS消息後，調用GINA相應的處理方法。（ms-help://MS.VSCC.v80/MS.MSDN.v80/MS.WIN32COM.v10.en/secauthn/security/interaction_between_winlogon_and_gina.htm）：

Workstation boot:

Winlogon calls the GINA's WlxNegotiate function to notify the GINA about the version of Winlogon in use.

Winlogon calls the GINA's WlxInitialize function to give the GINA the addresses of the support functions, a handle to Winlogon, and to obtain thecontext information for the GINA (to be used in all future calls to the GINA).

Winlogon is in the logged-out state.

No one is logged on:

(The GINA monitors devices for SAS events).

The GINA calls Winlogon's WlxSasNotify function when a SAS event has been received.

Winlogon calls the GINA's WlxLoggedOutSAS function, allowing the GINA to process a user's identification and authentication information.

When logon is successful, Winlogon is in the logged-on state.

The user is logged on:

(The GINA monitors devices for SAS events).

The GINA calls Winlogon's WlxSasNotify function when a SAS event has been received.

Winlogon calls the GINA's WlxLoggedOnSAS function, allowing the GINA to present options to the user who is currently logged on.

The user is logged on and wants to lock computer:

(The GINA monitors devices for SAS events).

The GINA calls the WlxSasNotify function.

Winlogon calls the GINA's WlxLoggedOnSAS function.

The GINA returns WLX_SAS_ACTION_LOCK_WKSTA.

Winlogon is in the workstation-locked state

The user is logged on; the workstation is locked; and the user wants to unlock computer:

(The GINA monitors devices for SAS events).

The GINA calls the WlxSasNotify function.

Winlogon calls the GINA's WlxWkstaLockedSAS function.

The GINA returns WLX_SAS_ACTION_UNLOCK_WKSTA.

The user is logged on, and the program calls the ExitWindowsEx function:

Winlogon calls the GINA's WlxLogoff function.

The user is logged on and wants to log off using SAS:

(The GINA monitors devices for SAS events).

The GINA calls the WlxSasNotify function.

Winlogon calls the GINA's WlxLoggedOnSAS function.

The GINA returns WLX_SAS_ACTION_LOGOFF.

Winlogon calls the GINA's WlxLogoff function.

The user is logged on and wants to log off and shut down using ExitWindowsEx:

Winlogon calls the GINA's WlxLogoff function.

Winlogon calls the GINA's WlxShutdown function.

The user is logged on and wants to log off and shut down using SAS:

(The GINA monitors devices for SAS events).

The GINA calls the WlxSasNotify function.

Winlogon calls the GINA's WlxLoggedOnSAS function.

The GINA returns WLX_SAS_ACTION_SHUTDOWN.

Winlogon calls the GINA's WlxLogoff function.

Winlogon calls the GINA's WlxShutdown function.

1.3登錄狀態轉化

2 域登錄原理

 

3 實現USBkey證書登錄

message=WM_DEVICECHANGE

lPar= (PDEV_BROADCAST_HDR)

USBkey插入事件

wPar=DBT_DEVICEARRIVAL

USBkey拔出事件

wPar=DBT_DEVICEREMOVECOMPLETE

 

RegisterDeviceNotification方法註冊接收硬件的通知消息

 

實現流程：

1 安裝USBkey驅動，把USBkey的登錄證書寫入系統註冊表

2 實現GINA，重寫WlxLoggedOutSAS、WlxLoggedOnSAS等方法，GINA監聽USBkey的插入或拔出事件。

當USBkey插入時，判斷當前狀態是否log off或locked，通過WlxSasNotify方法通知Winlogon予WLX_SAS_ACTION_LOGON消息
當USBkey插入時，判斷當前狀態是否log off或locked，通過WlxSasNotify方法通知Winlogon予WLX_SAS_ACTION_LOGON消息

3 安裝GINA，修改註冊表項MACHINE/Software/Microsoft/Windows NT/CurrentVersion/Winlogon/GinaDll