nlp.h

安全支持提供器接口（SSPI）源码

    IN  PUNICODE_STRING UserName,
    IN PUNICODE_STRING CleartextPassword,
    OUT PMSV1_0_PRIMARY_CREDENTIAL *CredentialBuffer,
    OUT PULONG CredentialSize
    );

NTSTATUS
NlpMakePrimaryCredentialFromMsvCredential(
    IN  PUNICODE_STRING LogonDomainName,
    IN  PUNICODE_STRING UserName,
    IN  PMSV1_0_SUPPLEMENTAL_CREDENTIAL MsvCredential,
    OUT PMSV1_0_PRIMARY_CREDENTIAL *CredentialBuffer,
    OUT PULONG CredentialSize
    );

NTSTATUS
NlpAddPrimaryCredential(
    IN PLUID LogonId,
    IN PMSV1_0_PRIMARY_CREDENTIAL Credential,
    IN ULONG CredentialSize
    );

NTSTATUS
NlpGetPrimaryCredential(
    IN PLUID LogonId,
    OUT PMSV1_0_PRIMARY_CREDENTIAL *CredentialBuffer,
    OUT PULONG CredentialSize
    );

NTSTATUS
NlpGetPrimaryCredentialByUserDomain(
    IN  PUNICODE_STRING LogonDomainName,
    IN  PUNICODE_STRING UserName,
    OUT PMSV1_0_PRIMARY_CREDENTIAL *CredentialBuffer,
    OUT PULONG CredentialSize OPTIONAL
    );

NTSTATUS
NlpDeletePrimaryCredential(
    IN PLUID LogonId
    );

NTSTATUS
NlpChangePassword(
    IN PUNICODE_STRING DomainName,
    IN PUNICODE_STRING UserName,
    IN PUNICODE_STRING Password
    );

NTSTATUS
NlpChangePasswordByLogonId(
    IN PLUID LogonId,
    IN PUNICODE_STRING Password
    );

VOID
NlpGetAccountNames(
    IN  PNETLOGON_LOGON_IDENTITY_INFO LogonInfo,
    IN  PNETLOGON_VALIDATION_SAM_INFO2 NlpUser,
    OUT PUNICODE_STRING SamAccountName,
    OUT PUNICODE_STRING NetbiosDomainName,
    OUT PUNICODE_STRING DnsDomainName,
    OUT PUNICODE_STRING Upn
    );


//
// msvsam.c
//

BOOLEAN
MsvpPasswordValidate (
    IN BOOLEAN UasCompatibilityRequired,
    IN NETLOGON_LOGON_INFO_CLASS LogonLevel,
    IN PVOID LogonInformation,
    IN PUSER_INTERNAL1_INFORMATION Passwords,
    OUT PULONG UserFlags,
    OUT PUSER_SESSION_KEY UserSessionKey,
    OUT PLM_SESSION_KEY LmSessionKey
);




//
// nlnetapi.c
//

VOID
NlpLoadNetapiDll (
    VOID
    );

VOID
NlpLoadNetlogonDll (
    VOID
    );

//
// subauth.c
//

VOID
Msv1_0SubAuthenticationInitialization(
    VOID
);


///////////////////////////////////////////////////////////////////////
//                                                                   //
// Global variables                                                  //
//                                                                   //
///////////////////////////////////////////////////////////////////////

////////////////////////////////////////////////////////////////////////
//                                                                    //
//                   READ ONLY  Variables                             //
//                                                                    //
////////////////////////////////////////////////////////////////////////


//
// Null copies of Lanman and NT OWF password.
//
//

EXTERN LM_OWF_PASSWORD NlpNullLmOwfPassword;
EXTERN NT_OWF_PASSWORD NlpNullNtOwfPassword;

//
// Flag indicating our support for the LM challenge response protocol.
// If the flag is set to NoLm, MSV1_0 will not ever compute a LM
// challenge response. If it is set to AllowLm, MSV1_0 will not return
// it unless requested. Otherwise it will do the normal behaviour of
// returning both NT and LM challenge responses
//

typedef enum _LM_PROTOCOL_SUPPORT {
    UseLm,              // send LM response, NTLM response
    AllowLm,            // same as UseLm; for b/w compat w/lsa2-fix
    NoLm, //UseNtlm,            // Send NTLM response only; for b/w compat w/lsa2-fix
    UseNtlm3,           // Send NTLM3 response even if no target domain\server specified
    RefuseLm,           // Refuse LM responses (no Win9x clients) -- unsupported, reserved
    RefuseNtlm,         // Refuse LM and NTLM responses (require all clients are upgraded)
    RefuseNtlm3NoTarget // Refuse NTLM3 response witout domain and server info
} LM_PROTOCOL_SUPPORT, *PLM_PROTOCOL_SUPPORT;

#if 0

//
// This macro determines whether or not to return an LM challenge response.
// If NlpProtocolSupport == UseLm, we always return it. If it is
// AllowLm, only return it if the RETURN_LM_RESPONSE flag is set. Otherwise
// don't return it ever.
//

#define NlpReturnLmResponse(_Flags_) \
    ((NlpLmProtocolSupport == UseLm) || \
     ((NlpLmProtocolSupport == AllowLm) && \
      (((_Flags_) & RETURN_NON_NT_USER_SESSION_KEY) != 0)))

#define NlpChallengeResponseRequestSupported( _Flags_ ) \
 ((((_Flags_) & RETURN_NON_NT_USER_SESSION_KEY) == 0) || (NlpLmProtocolSupport != NoLm))

#endif


NET_API_STATUS NET_API_FUNCTION RxNetUserPasswordSet(LPWSTR, LPWSTR, LPWSTR, LPWSTR);
NTSTATUS NetpApiStatusToNtStatus( NET_API_STATUS );

//
// Routines in netlogon.dll
//

EXTERN HANDLE NlpNetlogonDllHandle;
EXTERN PNETLOGON_SAM_LOGON_PROCEDURE NlpNetLogonSamLogon;
EXTERN PNETLOGON_SAM_LOGOFF_PROCEDURE NlpNetLogonSamLogoff;



//
// TRUE if package is initialized
//

EXTERN BOOLEAN NlpMsvInitialized INIT(FALSE);

//
// TRUE if this is a workstation.
//

EXTERN BOOLEAN NlpWorkstation INIT(TRUE);

//
// TRUE once the MSV AP has initialized its connection to SAM.
//

EXTERN BOOLEAN NlpSamInitialized INIT(FALSE);

//
// TRUE if the MSV AP has initialized its connection to the NETLOGON service
//

EXTERN BOOLEAN NlpNetlogonInitialized INIT(FALSE);

//
// TRUE if LanMan is installed.
//

EXTERN BOOLEAN NlpLanmanInstalled INIT(FALSE);

//
// Computername of this computer.
//

EXTERN UNICODE_STRING NlpComputerName;

//
// Domain of which I am a member.
//

EXTERN UNICODE_STRING NlpPrimaryDomainName;

//
// Name of the MSV1_0 package
//

EXTERN UNICODE_STRING NlpMsv1_0PackageName;


//
// Name and domain id of the SAM account database.
//

EXTERN UNICODE_STRING NlpSamDomainName;
EXTERN PSID NlpSamDomainId;
EXTERN SAMPR_HANDLE NlpSamDomainHandle;
EXTERN BOOLEAN NlpUasCompatibilityRequired INIT(TRUE);

//
// Trusted Handle to the Lsa database.
//

EXTERN LSA_HANDLE NlpPolicyHandle INIT(NULL);

//
// TRUE if there is a subauthentication package zero
//

EXTERN BOOLEAN NlpSubAuthZeroExists INIT(TRUE);


////////////////////////////////////////////////////////////////////////
//                                                                    //
//                   READ/WRITE Variables                             //
//                                                                    //
////////////////////////////////////////////////////////////////////////

//
// Define the list of active interactive logons.
//
// The NlpActiveLogonLock must be locked while referencing the list or
// any of its elements.
//

#define NlpLockActiveLogons()   RtlEnterCriticalSection(&NlpActiveLogonLock)
#define NlpUnlockActiveLogons() RtlLeaveCriticalSection(&NlpActiveLogonLock)

EXTERN RTL_CRITICAL_SECTION NlpActiveLogonLock;
EXTERN PACTIVE_LOGON NlpActiveLogons;

//
// Define the running enumeration handle.
//
// This variable defines the enumeration handle to assign to a logon
//  session.  It will be incremented prior to assigning it value to
//  the next created logon session.  Access is serialize using
//  NlpActiveLogonLocks.

EXTERN ULONG NlpEnumerationHandle;

//
// Define a running Session Number which is incremented once for each
// challenge given to the server.
//

EXTERN RTL_CRITICAL_SECTION NlpSessionCountLock;
EXTERN ULONG NlpSessionCount;
EXTERN ULONG NlpLogonAttemptCount;


#undef EXTERN
#undef INIT
#endif _NLP_