Stack Overflow
Stack Overflow

Questions tagged [local-security-authority]

Local Security Authority is a security subsystem of Microsoft Windows used to authenticate users on the local system and maintains the security policy of the system.

Local Security Authority is a protected subsystem in Microsoft Windows which authenticates users on the local system. It also maintains information about local security, also known as the Local Security Policy.

26 questions
7
votes
1 answer

How do I correctly call LsaLogonUser for an interactive logon?

I'm trying to use LsaLogonUser to create an interactive logon session, but it always returns STATUS_INVALID_INFO_CLASS (0xc0000003). From what I have found in searching online, the memory layout of the KERB_INTERACTIVE_LOGON structure is tricky, but…
Charlie
  • 44,214
  • 4
  • 43
  • 69
6
votes
2 answers

Implementing custom windows authentication package

I'm building a custom authentication subpackage for MSV1_0 for Windows 7. I've used the msvsubauth sample in from the Windows SDK and I have 2 questions regarding some problems I'm facing with that: When I'm trying just to make sure that the…
Karim Agha
  • 3,606
  • 4
  • 32
  • 48
5
votes
0 answers

Implementation of Custom Windows Authentication Package

I have been working on implementing custom authentication package for windows 10. After reading the following documentation of Windows…
Manan
  • 81
  • 6
5
votes
0 answers

KERB_CERTIFICATE_LOGON and custom KSP

I'm implementing an OTP solution based on the Microsoft's whitepaper "Strong Authentication with One-Time Passwords in Windows 7 and Windows Server 2008 R2". The summary of the relevant part of that whitepaper is to essentially fake presence of a…
Alexander Frost
  • 631
  • 8
  • 17
4
votes
3 answers

How to determine whether an LSA session is active in Windows XP

I'm trying to get the list of users currently logged into a machine. On Windows 7, I can call LsaEnumerateLogonSessions, then WTSQuerySessionInformation with WTSConnectState. But on XP, each LSA session has 0 for the TS Session field (unless it's a…
Excel Kobayashi
  • 578
  • 1
  • 6
  • 19
4
votes
3 answers

How to programmatically figure out if a user account is a member of a particular group in Windows?

Given a group name and a user account, I would like to know if the supplied user belongs to a particular group. The user can be a local user or a domain user and the group could be a local group or a domain group and the group could also be nested…
msvcyc
  • 2,569
  • 4
  • 24
  • 30
2
votes
3 answers

How do I convert a std::wstring to an LSA_UNICODE_STRING

Today I was able to write a simple C++ program that granted a user the "Log on as a service" privilege. Part of this involved converting between a LPCWSTR and an LSA_UNICODE_STRING. The code to do that is here: LSA_UNICODE_STRING…
Justin Dearing
  • 14,270
  • 22
  • 88
  • 161
2
votes
0 answers

How to translate or query SAM account name of cached domain user using UPN name from local cache in credential provider when domain is offline?

I am writing a credential provider in Windows and I am trying to add UPN name login support to it and doing so I used TranslateNameW TranslateNameW(UPName, NameUserPrincipal, NameSamCompatible, buffer, &size);which gives me SAM account name when…
Mohit
  • 343
  • 5
  • 18
2
votes
0 answers

winapi: LsaCallAuthenticationPackage returns STATUS_UNSUCCESSFUL

I'm new with Lsa and came accross to this problem. Here is my code: LsaConnectUntrusted(&Lsa) LsaLookupAuthenticationPackage(Lsa, &PacketName, &PackId) printf("Lsa return -> %x.\n", LsaCallAuthenticationPackage(Lsa, PackId, buf, Size, &resp,…
Ojs
  • 924
  • 1
  • 12
  • 26
1
vote
2 answers

Custom Windows Authentication Package not loaded

I'm writing a custom windows authentication package, but the LSA does not load my Dll. I have the following methods exported via the .def file EXTERN_C __declspec(dllexport) NTSTATUS NTAPI SpLsaModeInitialize( ULONG LsaVersion, PULONG…
Sency
  • 2,818
  • 8
  • 42
  • 59
1
vote
0 answers

How to serialize credentials in smart card credential provider for a domain account for logon and unlock?

I am building a credential provider which works same like windows smart card credential provider i.e this works only with domain accounts. I am facing an issue when passing the credentials to Negotiate SSP and I am using microsoft base smart card…
Mohit
  • 343
  • 5
  • 18
1
vote
1 answer

How can I write and deploy a custom authentication package in windows?

I am trying to implement a custom authentication package where I can pass only user name from the custom credential provider to custom Authentication package and the Authentication package should check if that user name exists in Sam database if yes…
Mohit
  • 343
  • 5
  • 18
1
vote
1 answer

sphinx-build with -blinkcheck and custom CA

We have our own company wide certificate authority which we use to signa SSL certificates. Mostly, this is working fine as long as you have your OS (CentOS 7 in our case) register that authority. It is stored…
Sardathrion - against SE abuse
  • 17,269
  • 27
  • 101
  • 156
1
vote
1 answer

Custom Windows Authentication Package Logon Failed

I have developed custom authentication package that I would like to use for interactive logon. It creates the access token in the LsaApUserLogon function. When I call LsaUserLogon from an application I can enumerate new user sessions, but when I…
Jasim Uddin
  • 33
  • 3
1
vote
0 answers

What is small according to microsoft? `cryptprotectdata` data upper limit

In the documentation about the CryptProtectData function Microsoft tells to only use CryptProtectData with small buffers. This call can be slow and a memory hog, and unreliable. Use only with small buffers. CryptProtect/UnprotectData makes a…
Mare Infinitus
  • 8,024
  • 8
  • 64
  • 113
1
2