nlp.h

安全支持提供器接口（SSPI）源码

/*++

Copyright (c) 1989  Microsoft Corporation

Module Name:

    nlp.h

Abstract:

    NETLOGON private definitions.




Author:

    Jim Kelly 11-Apr-1991

Revision History:
   Chandana Surlu         21-Jul-96      Stolen from \\kernel\razzle3\src\security\msv1_0\nlp.h

--*/

#ifndef _NLP_
#define _NLP_

#include <windef.h>
#include <winbase.h>
#include <crypt.h>
#include <lmcons.h>
#include <ntsam.h>
#include <ntsamp.h>
#include <logonmsv.h>
#include <samrpc.h>
#include <align.h>
#include <dsgetdc.h>
#include <ntdsapi.h>


//
// nlmain.c will #include this file with NLP_ALLOCATE defined.
// That will cause each of these variables to be allocated.
//
#ifdef NLP_ALLOCATE
#define EXTERN
#define INIT(_X) = _X
#else
#define EXTERN extern
#define INIT(_X)
#endif

//
// Amount of time to wait for netlogon to start.
//  Do this AFTER waiting for SAM to start.
//  Since Netlogon depends on SAM, don't timeout too soon.
#define NETLOGON_STARTUP_TIME   45          // 45 seconds

//
// Amount of time to wait for SAM to start.
//  DS recovery can take a very long time.
#define SAM_STARTUP_TIME        (20*60)     // 20 minutes

///////////////////////////////////////////////////////////////////////////////
//                                                                           //
// Private data structures                                                   //
//                                                                           //
///////////////////////////////////////////////////////////////////////////////

//
// Structure used to keep track of all private information related to a
//  particular LogonId.
//

typedef struct _PACTIVE_LOGON {

    LUID LogonId;               // The logon Id of this logon session

    ULONG EnumHandle;           // The enumeration handle of this logon session

    SECURITY_LOGON_TYPE LogonType;  // Type of logon (interactive or service)

    PSID UserSid;               // Sid of the logged on user

    UNICODE_STRING UserName;    // SAM Account name of the logged on user (Required)

    UNICODE_STRING LogonDomainName; // Netbios name of the domain logged onto (Required)

    UNICODE_STRING LogonServer; // Name of the server which logged this user on

    ULONG Flags;                    // Attributes of this entry.

#define LOGON_BY_NETLOGON   0x01    // Entry was validated by NETLOGON service
#define LOGON_BY_CACHE      0x02    // Entry was validated by local cache
#define LOGON_BY_OTHER_PACKAGE 0x04 // Entry was validated by another authentication package
#define LOGON_BY_LOCAL 0x08         // Entry was validated by local sam
#define LOGON_BY_NTLM3_DC   0x10    // Entry was validated by DC that understands NTLM3

    struct _PACTIVE_LOGON * Next;   // Next entry in linked list.

} ACTIVE_LOGON, *PACTIVE_LOGON;


///////////////////////////////////////////////////////////////////////////////
//                                                                           //
//       CREDENTIAL Related Data Structures                                  //
//                                                                           //
///////////////////////////////////////////////////////////////////////////////

//
//   Following is a description of the content and format of each type
//   of credential maintained by the MsV1_0 authentication package.
//
//   The MsV1_0 authentication package defines the following credential
//   primary key string values:
//
//       "Primary" - Is used to hold the primary credentials provided at
//           initial logon time.  This includes the username and both
//           case-sensitive and case-insensitive forms of the user's
//           password.
//
//   NOTE: All poitners stored in credentials must be
//   changed to be an offset to the body rather than a pointer.  This is
//   because credential fields are copied by the LSA and so the pointer
//   would become invalid.
//


//
// MsV1_0 Primary Credentials
//
//
//        The PrimaryKeyValue string of this type of credential contains the
//        following string:
//
//                  "Primary"
//
//        The Credential string of a Primary credential contains the following
//        values:
//
//             o  The user's username
//
//             o  A one-way function of the user's password as typed.
//
//             o  A one-way function of the user's password upper-cased.
//
//        These values are structured as follows:
//

#define MSV1_0_PRIMARY_KEY "Primary"

typedef struct _MSV1_0_PRIMARY_CREDENTIAL {
    UNICODE_STRING LogonDomainName;
    UNICODE_STRING UserName;
    NT_OWF_PASSWORD NtOwfPassword;
    LM_OWF_PASSWORD LmOwfPassword;
    BOOLEAN NtPasswordPresent;
    BOOLEAN LmPasswordPresent;
} MSV1_0_PRIMARY_CREDENTIAL, *PMSV1_0_PRIMARY_CREDENTIAL;



//
// Structure describing a buffer in the clients address space.
//

typedef struct _CLIENT_BUFFER_DESC {
    PLSA_CLIENT_REQUEST ClientRequest;
    LPBYTE UserBuffer;      // Address of buffer in client's address space
    LPBYTE MsvBuffer;       // Address of mirror buffer in MSV's address space
    ULONG StringOffset;     // Current offset to variable length data
    ULONG TotalSize;        // Size (in bytes) of buffer
} CLIENT_BUFFER_DESC, *PCLIENT_BUFFER_DESC;



///////////////////////////////////////////////////////////////////////////////
//                                                                           //
// Internal routine definitions                                              //
//                                                                           //
///////////////////////////////////////////////////////////////////////////////

//
// From nlmain.c.
//

NTSTATUS
NlSamInitialize(
    ULONG Timeout
    );

//
// From nlp.c.
//

VOID
NlpPutString(
    IN PUNICODE_STRING OutString,
    IN PUNICODE_STRING InString,
    IN PUCHAR *Where
    );

VOID
NlpInitClientBuffer(
    OUT PCLIENT_BUFFER_DESC ClientBufferDesc,
    IN PLSA_CLIENT_REQUEST ClientRequest
    );

NTSTATUS
NlpAllocateClientBuffer(
    IN OUT PCLIENT_BUFFER_DESC ClientBufferDesc,
    IN ULONG FixedSize,
    IN ULONG TotalSize
    );

NTSTATUS
NlpFlushClientBuffer(
    IN OUT PCLIENT_BUFFER_DESC ClientBufferDesc,
    OUT PVOID* UserBuffer
    );

VOID
NlpFreeClientBuffer(
    IN OUT PCLIENT_BUFFER_DESC ClientBufferDesc
    );

VOID
NlpPutClientString(
    IN OUT PCLIENT_BUFFER_DESC ClientBufferDesc,
    IN PUNICODE_STRING OutString,
    IN PUNICODE_STRING InString
    );

VOID
NlpMakeRelativeString(
    IN PUCHAR BaseAddress,
    IN OUT PUNICODE_STRING String
    );

VOID
NlpRelativeToAbsolute(
    IN PVOID BaseAddress,
    IN OUT PULONG_PTR RelativeValue
    );

BOOLEAN
NlpFindActiveLogon(
    IN PLUID LogonId,
    OUT PACTIVE_LOGON **ActiveLogon
    );

ULONG
NlpCountActiveLogon(
    IN PUNICODE_STRING LogonDomainName,
    IN PUNICODE_STRING UserName
    );

NTSTATUS
NlpAllocateInteractiveProfile (
    IN PLSA_CLIENT_REQUEST ClientRequest,
    OUT PMSV1_0_INTERACTIVE_PROFILE *ProfileBuffer,
    OUT PULONG ProfileBufferSize,
    IN  PNETLOGON_VALIDATION_SAM_INFO2 NlpUser
    );

NTSTATUS
NlpAllocateNetworkProfile (
    IN PLSA_CLIENT_REQUEST ClientRequest,
    OUT PMSV1_0_LM20_LOGON_PROFILE *ProfileBuffer,
    OUT PULONG ProfileBufferSize,
    IN  PNETLOGON_VALIDATION_SAM_INFO2 NlpUser,
    IN  ULONG ParameterControl
    );

PSID
NlpMakeDomainRelativeSid(
    IN PSID DomainId,
    IN ULONG RelativeId
    );

NTSTATUS
NlpMakeTokenInformationV2(
    IN  PNETLOGON_VALIDATION_SAM_INFO2 NlpUser,
    OUT PLSA_TOKEN_INFORMATION_V1 *TokenInformation
    );

VOID
NlpPutOwfsInPrimaryCredential(
    IN PUNICODE_STRING CleartextPassword,
    OUT PMSV1_0_PRIMARY_CREDENTIAL Credential
    );

NTSTATUS
NlpMakePrimaryCredential(
    IN  PUNICODE_STRING LogonDomainName,