Hi,
I'm really excited by all the recent WinLogon work! Congratulations to Hervé for working on this.
Some questions:
Will the GINA be 100% compatible with NT WinLogon? I hope so. Also, there is a fully FOSS GINA project out there, I'm sure it can be useful. MSDN also has a lot of information, and I can help with some Winlogon internals, by email only please, I'm not and won't be on IRC for a while.
Are we also going to support GUI-on-demand? That was largely the big problem with Winlogon, and both Thomas and I (And others) think GUI On Demand is a big hack that currently screws up more stuff then it helps... If yes, then how's winlogon going to work? As a text-mode login problem as well? Hopefully that won't hack GINA compatibility.
Since this was supposed to be an SoC program, I propose that we setup a personal fund (and advertise) on the website for Hervé to get paid. I'll also try talking to Google (since our SoC GINA guy failed) to see if they'd be willing to set up an exchange. Unless Hervé disagrees, of course.
Good luck to all.
Great Idea. I think many people would pay some money (I would) It's woth the money, I think
MfG
Daniel "EmuandCo" Reimer
Hello,
-----Message d'origine----- De la part de Alex Ionescu
I'm really excited by all the recent WinLogon work! Congratulations to Hervé for working on this.
Thanks Alex.
Some questions:
Will the GINA be 100% compatible with NT WinLogon? I hope so. Also, there is a fully FOSS GINA project out there, I'm sure it can be useful. MSDN also has a lot of information, and I can help with some Winlogon internals, by email only please, I'm not and won't be on IRC for a while.
The goal is to be fully compatible with Windows 2000 WinLogon at the first time, and then add Remote Desktop functionality. I've currently managed to load Windows XP msgina.dll, but it doesn't work yet. For information, I mostly use these links: http://www.microsoft.com/technet/prodtechnol/windows2000serv/maintain/securi ty/msgina.mspx http://msdn.microsoft.com/msdnmag/issues/05/05/SecurityBriefs/ http://msdn.microsoft.com/msdnmag/issues/05/06/SecurityBriefs/ http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secauthn/se curity/authentication_functions.asp http://www.pgina.org/
Are we also going to support GUI-on-demand? That was largely the big problem with Winlogon, and both Thomas and I (And others) think GUI On Demand is a big hack that currently screws up more stuff then it helps... If yes, then how's winlogon going to work? As a text-mode login problem as well? Hopefully that won't hack GINA compatibility.
I kept GUI-on-demand, but I moved the functionnality from Winlogon to Gina. ReactOS Gina contains 2 User Interfaces: one in graphic mode (in gui.c) and the other in text mode (tui.c). By default, the graphical one is used. To use the text one, you have to add /CMDCONS parameter to your freeldr.ini. I know that Windows uses this parameter for Recovery Console, but we can change its name later. By the way, if I remember right, Windows asks for a username/password in text mode when using this switch. (May it be located in Windows Gina by chance?) For information, the second thing changed by /CMDCONS is the runned the shell. The shell program is read in HKLM\SOFTWARE\ReactOS\Windows NT\Winlogon\ConsoleShell key instead of HKLM\SOFTWARE\ReactOS\Windows NT\Winlogon\Shell, and defaults to cmd.exe instead of explorer.exe
Since this was supposed to be an SoC program, I propose that we setup a personal fund (and advertise) on the website for Hervé to get paid. I'll also try talking to Google (since our SoC GINA guy failed) to see if they'd be willing to set up an exchange. Unless Hervé disagrees, of course.
I never disagree to beeing paid, even very little ;) By the way, at the moment, I'm only working on winlogon/msgina, which means the User Interface but not the authentification framework which is behind (lsass/advapi32)
Now, let's move to the bad part of this email.
I've still some problems which I'm not sure to be able to solve myself. 1) SwitchDestkop seems to be not working. To test, remove the hack I've added in winlogon/wlx.c:CreateWindowStationAndDesktops and you will never see the shell. 2) The current shutdown procedure is not correct. I directly call NtShutdownSystem in Winlogon instead of notifying SMSS. See http://www.reactos.org/wiki/index.php/ShutdownProcess for more details about the shutdown process. 3) And the last one, specially for Filip ;) When trying to enter a user name which is not Administrator, I get a BSOD in So, I'm asking here for help, if anyone can take a look at this.
Thanks,
Hervé
PS 1: Be sure that no new hardware wizard will appear at next boot, and try to add /CMDCONS to freeldr.ini. You will boot in text mode. PS 2: Try to press SHIFT during boot to prevent autologon and you will be able to see some Gina dialogs. Logoff is also supposed to work.
Hervé Poussineau wrote:
Hello,
The goal is to be fully compatible with Windows 2000 WinLogon at the first time, and then add Remote Desktop functionality. I've currently managed to load Windows XP msgina.dll, but it doesn't work yet. For information, I mostly use these links: http://www.microsoft.com/technet/prodtechnol/windows2000serv/maintain/securi ty/msgina.mspx http://msdn.microsoft.com/msdnmag/issues/05/05/SecurityBriefs/ http://msdn.microsoft.com/msdnmag/issues/05/06/SecurityBriefs/ http://msdn.microsoft.com/library/default.asp?url=/library/en-us/secauthn/se curity/authentication_functions.asp http://www.pgina.org/
http://www.microsoft.com/windows2000/docs/msgina.doc is a good whitepaper as well.
I kept GUI-on-demand, but I moved the functionnality from Winlogon to
Gina.
ReactOS Gina contains 2 User Interfaces: one in graphic mode (in gui.c) and the other in text mode (tui.c). By default, the graphical one is used. To use the text one, you have to add /CMDCONS parameter to your freeldr.ini. I know that Windows uses this parameter for Recovery Console, but we can change its name later.
Yeah, a name change would be wise.
By the way, if I remember right, Windows asks for a username/password in text mode when using this switch. (May it be located in Windows Gina by chance?)
That's the ERD, which is implemented, believe it or not, as a system driver! If you look at it with the .PDB you'll see it has a bunch of functions for talking to ksecdd.sys and reading the password hash from the registry. Winlogon/user-mode programs have nothign to do with it.
For information, the second thing changed by /CMDCONS is the runned the shell. The shell program is read in HKLM\SOFTWARE\ReactOS\Windows NT\Winlogon\ConsoleShell key instead of HKLM\SOFTWARE\ReactOS\Windows NT\Winlogon\Shell, and defaults to cmd.exe instead of explorer.exe
Awesome!
I never disagree to beeing paid, even very little ;) By the way, at the moment, I'm only working on winlogon/msgina, which means the User Interface but not the authentification framework which is behind (lsass/advapi32)
Yes, that was the original plan for the SoC stuff too.
Now, let's move to the bad part of this email.
I've still some problems which I'm not sure to be able to solve myself.
- SwitchDestkop seems to be not working. To test, remove the hack I've
added in winlogon/wlx.c:CreateWindowStationAndDesktops and you will never see the shell.
Sadly my Win32K internals only apply to NT... Thomas worked on the Desktop implementation, he should know.
- The current shutdown procedure is not correct. I directly call
NtShutdownSystem in Winlogon instead of notifying SMSS. See http://www.reactos.org/wiki/index.php/ShutdownProcess for more details about the shutdown process.
I know that the shutdown procedure is a bit broken in kernel-mode, but again, I don't know how our SMSS stuff was designed.
- And the last one, specially for Filip ;) When trying to enter a user name
which is not Administrator, I get a BSOD in So, I'm asking here for help, if anyone can take a look at this.
Thanks,
Hervé
PS 1: Be sure that no new hardware wizard will appear at next boot, and try to add /CMDCONS to freeldr.ini. You will boot in text mode. PS 2: Try to press SHIFT during boot to prevent autologon and you will be able to see some Gina dialogs. Logoff is also supposed to work.
I'll try that when I get the chance, cool!
There are a few possible ideas about this: 1. Add a text at a donation page, which will name our developers "funds". So that the donator just writes "I want this donation to go to ... for his ... work", and we transfer it to him.
2. This is more complex than the 1st idea, but I think it worths discussing. Say, each month we choose developers who did the most important contributions to the reactos project, and transfer them some amount from the ReactOS foundation (gathered from donations, adsense, something else).
Every developer can nominate any other developer for this payment.
Further discussions are welcome...
WBR, Aleksey Bragin.
On Aug 5, 2006, at 4:52 AM, Alex Ionescu wrote:
Since this was supposed to be an SoC program, I propose that we setup a personal fund (and advertise) on the website for Hervé to get paid. I'll also try talking to Google (since our SoC GINA guy failed) to see if they'd be willing to set up an exchange. Unless Hervé disagrees, of course.
Good luck to all.
-- Best regards, Alex Ionescu Project Lead, TinyKRNL Kernel-Mode Software Design Engineer, ReactOS
There is currently work ongoing to bring a bounty system to the ReactOS website. Micheal Wirth is working on such a system and it may be available this summer. For the meanwhile we can use a paypal form on our donation page where the donors can specific the reactos foundation or a single dev.
Klemens
2006/8/5, Aleksey Bragin aleksey@studiocerebral.com:
There are a few possible ideas about this:
- Add a text at a donation page, which will name our developers
"funds". So that the donator just writes "I want this donation to go to ... for his ... work", and we transfer it to him.
- This is more complex than the 1st idea, but I think it worths
discussing. Say, each month we choose developers who did the most important contributions to the reactos project, and transfer them some amount from the ReactOS foundation (gathered from donations, adsense, something else).
Every developer can nominate any other developer for this payment.
Further discussions are welcome...
WBR, Aleksey Bragin.
On Aug 5, 2006, at 4:52 AM, Alex Ionescu wrote:
Since this was supposed to be an SoC program, I propose that we setup a personal fund (and advertise) on the website for Hervé to get paid. I'll also try talking to Google (since our SoC GINA guy failed) to see if they'd be willing to set up an exchange. Unless Hervé disagrees, of course.
Good luck to all.
-- Best regards, Alex Ionescu Project Lead, TinyKRNL Kernel-Mode Software Design Engineer, ReactOS
Ros-dev mailing list Ros-dev@reactos.org http://www.reactos.org/mailman/listinfo/ros-dev
Aleksey Bragin wrote:
There are a few possible ideas about this:
- Add a text at a donation page, which will name our developers
"funds". So that the donator just writes "I want this donation to go to ... for his ... work", and we transfer it to him.
- This is more complex than the 1st idea, but I think it worths
discussing. Say, each month we choose developers who did the most important contributions to the reactos project, and transfer them some amount from the ReactOS foundation (gathered from donations, adsense, something else).
I think this is a good idea even if it is only like 15 dollars a month or something. It would really keep the spark on the project.
Every developer can nominate any other developer for this payment.
Further discussions are welcome...
WBR, Aleksey Bragin.
Aleksey Bragin wrote:
- This is more complex than the 1st idea, but I think it worths
discussing. Say, each month we choose developers who did the most important contributions to the reactos project, and transfer them some amount from the ReactOS foundation (gathered from donations, adsense, something else).
I agree 100000% with this!
*twiddles fingers and looks around the room suspciously* *laughs like a maniac*
-
Aleksey Bragin -
Alex Ionescu -
Brandon Turner -
Daniel Reimer -
Hervé Poussineau -
Klemens Friedl