How to implement an authentication package passthrough authentication ?
Hello,
I am trying to develop a custom authentication package, maybe even a SSP/AP if I need to.
For now I succeeded developing a very basic POC custom authentication package, with no check at all, and by using a custom credential provider in parallel that use this AP I can log in into local accounts, or directly on a domain controller.
Now the question is basically how can I use this authentication package from a workstation in a domain, authenticating on the domain controller?
Reading this Microsoft documentation page, I learnt the MSV1 AP use the Netlogon service to do passthrough authentication.
So trying to do the same and reading the MS-NRPC specifications I need to call the NetrLogonSamLogonEx RPC method, but to do so I need to establish a secure connection using NetrServerAuthenticate3.
But to compute the session key to establish this connection, I apparently need to use the computer account password.
Now using LsaRetrievePrivateData("$machine.acc") I seem to be able to retrieve it but it's in an encrypted form and I can't find any documentation how?
I actually found some code on the internet that seems to be able to decrypt it (reverse engineered or did I miss something?), but if it's really undocumented I guess that's subject to change and break my application if I were to do the same.
So at this point I am just wondering if I am even going in the right direction?
Isn't there some higher level API doing all this secure workstation/DC communication by itself? Maybe the whole SSPI/SSP thing, but I admit I have trouble understanding how to use it. Can I use a builtin SSP, handling all the communication, giving it my message and specifying it which authentication package to give it on the other end?
Any pointers would be appreciated,
Thanks