Windows下实现USBkey桌面登录

1 本地登录原理

1.1登录流程

 

1 用户按下Ctrl+Alt+Del，激活Winlogon.exe程序

2 winlogon.exe检查注册表项 MACHINE/Software/Microsoft/Windows NT/CurrentVersion/Winlogon/GinaDll，如果没有，默认为msgina.dll

3 winlogon.exe调用Gina

4 Gina检查用户的状态

5 如果用户是在未登录状态，弹出对话框让用户输入帐号口令

6 用户输入帐号口令

7 Gina传到LSA检查用户的帐号口令

8 LSA从SAM比较用户的帐号口令

9 如果匹配，返回用户的SID

10 Gina返回用户登录token

11 winlogon返回用户登录桌面

1.2 SAS事件

Winlogon和GINA 之间传递的SAS消息。GINA监听SAS消息，并通过WlxSasNotify方法通知Winlogon SAS消息，Winlogon收到SAS消息后，调用GINA相应的处理方法。（ms-help://MS.VSCC.v80/MS.MSDN.v80/MS.WIN32COM.v10.en/secauthn/security/interaction_between_winlogon_and_gina.htm）：

Workstation boot:

Winlogon calls the GINA's WlxNegotiate function to notify the GINA about the version of Winlogon in use.

Winlogon calls the GINA's WlxInitialize function to give the GINA the addresses of the support functions, a handle to Winlogon, and to obtain thecontext information for the GINA (to be used in all future calls to the GINA).

Winlogon is in the logged-out state.

No one is logged on:

(The GINA monitors devices for SAS events).

The GINA calls Winlogon's WlxSasNotify function when a SAS event has been received.

Winlogon calls the GINA's WlxLoggedOutSAS function, allowing the GINA to process a user's identification and authentication information.

When logon is successful, Winlogon is in the logged-on state.

The user is logged on:

(The GINA monitors devices for SAS events).

The GINA calls Winlogon's WlxSasNotify function when a SAS event has been received.

Winlogon calls the GINA's WlxLoggedOnSAS function, allowing the GINA to present options to the user who is currently logged on.

The user is logged on and wants to lock computer:

(The GINA monitors devices for SAS events).

The GINA calls the WlxSasNotify function.

Winlogon calls the GINA's WlxLoggedOnSAS function.

The GINA returns WLX_SAS_ACTION_LOCK_WKSTA.

Winlogon is in the workstation-locked state

The user is logged on; the workstation is locked; and the user wants to unlock computer:

(The GINA monitors devices for SAS events).

The GINA calls the WlxSasNotify function.

Winlogon calls the GINA's WlxWkstaLockedSAS function.

The GINA returns WLX_SAS_ACTION_UNLOCK_WKSTA.

The user is logged on, and the program calls the ExitWindowsEx function:

Winlogon calls the GINA's WlxLogoff function.

The user is logged on and wants to log off using SAS:

(The GINA monitors devices for SAS events).

The GINA calls the WlxSasNotify function.

Winlogon calls the GINA's WlxLoggedOnSAS function.

The GINA returns WLX_SAS_ACTION_LOGOFF.

Winlogon calls the GINA's WlxLogoff function.

The user is logged on and wants to log off and shut down using ExitWindowsEx:

Winlogon calls the GINA's WlxLogoff function.

Winlogon calls the GINA's WlxShutdown function.

The user is logged on and wants to log off and shut down using SAS:

(The GINA monitors devices for SAS events).

The GINA calls the WlxSasNotify function.

Winlogon calls the GINA's WlxLoggedOnSAS function.

The GINA returns WLX_SAS_ACTION_SHUTDOWN.

Winlogon calls the GINA's WlxLogoff function.

Winlogon calls the GINA's WlxShutdown function.

1.3登录状态转化

2 域登录原理

 

3 实现USBkey证书登录

message=WM_DEVICECHANGE

lPar= (PDEV_BROADCAST_HDR)

USBkey插入事件

wPar=DBT_DEVICEARRIVAL

USBkey拔出事件

wPar=DBT_DEVICEREMOVECOMPLETE

 

RegisterDeviceNotification方法注册接收硬件的通知消息

 

实现流程：

1 安装USBkey驱动，把USBkey的登录证书写入系统注册表

2 实现GINA，重写WlxLoggedOutSAS、WlxLoggedOnSAS等方法，GINA监听USBkey的插入或拔出事件。

当USBkey插入时，判断当前状态是否log off或locked，通过WlxSasNotify方法通知Winlogon予WLX_SAS_ACTION_LOGON消息
当USBkey插入时，判断当前状态是否log off或locked，通过WlxSasNotify方法通知Winlogon予WLX_SAS_ACTION_LOGON消息

3 安装GINA，修改注册表项MACHINE/Software/Microsoft/Windows NT/CurrentVersion/Winlogon/GinaDll