|
|
//+---------------------------------------------------------------------------
//
// Microsoft Windows
// Copyright (C) Microsoft Corporation, 1992 - 1996.
//
// File: lsa.hxx
//
// Contents:
//
// Classes:
//
// Functions: None.
//
// History: 15-May-96 MarkBl Created
//
//----------------------------------------------------------------------------
#ifndef __LSA_HXX__
#define __LSA_HXX__
#define MAX_SECRET_SIZE 65536 // Maximum LSA secret size
#define HASH_DATA_SIZE 64 // MD5 hash data size, less salt.
#define LAST_HASH_BYTE(pbHashedData) pbHashedData[HASH_DATA_SIZE-1]
#define USN_SIZE (sizeof(DWORD))
#define SAC_HEADER_SIZE (USN_SIZE + sizeof(DWORD))
#define SAI_HEADER_SIZE (USN_SIZE + sizeof(DWORD))
//
// With scavenger cleanup of the SAI/SAC information in the LSA, this marker,
// a sequence of bytes, is used to mark identity/credential entries pending
// removal. To mark an entry for removal, the initial marker size number of
// entry bytes are overwritten with this marker.
//
// Size of the following sequence of ANSI characters (see lsa.cxx):
// DELETED_ENTRY
//
extern BYTE grgbDeletedEntryMarker[];#define DELETED_ENTRY_MARKER_SIZE 13
#define DELETED_ENTRY(pb) \
(memcmp(pb, grgbDeletedEntryMarker, DELETED_ENTRY_MARKER_SIZE) == 0)#define MARK_DELETED_ENTRY(pb) { \
CopyMemory(pb, grgbDeletedEntryMarker, DELETED_ENTRY_MARKER_SIZE); \}
#ifdef NOSTATIC
#define STATIC
#else
#define STATIC static
#endif
HRESULT ReadSecurityDBase( DWORD * pcbSAI, BYTE ** ppbSAI, DWORD * pcbSAC, BYTE ** ppbSAC);
HRESULT WriteSecurityDBase( DWORD cbSAI, BYTE * pbSAI, DWORD cbSAC, BYTE * pbSAC);
HRESULT SACAddCredential( BYTE * pbCredentialIdentity, DWORD cbEncryptedData, BYTE * pbEncryptedData, DWORD * pcbSAC, BYTE ** ppbSAC);
HRESULT SACFindCredential ( BYTE * pbCredentialIdentity, DWORD cbSAC, BYTE * pbSAC, DWORD * pdwCredentialIndex, DWORD * pcbEncryptedData, BYTE ** ppbFoundCredential);
HRESULT SACIndexCredential( DWORD dwCredentialIndex, DWORD cbSAC, BYTE * pbSAC, DWORD * pcbCredential, BYTE ** ppbFoundCredential);
HRESULT SACRemoveCredential( DWORD CredentialIndex, DWORD * pcbSAC, BYTE ** ppbSAC);
HRESULT SACUpdateCredential( DWORD cbEncryptedData, BYTE * pbEncryptedData, DWORD cbPrevCredential, BYTE * pbPrevCredential, DWORD * pcbSAC, BYTE ** ppbSAC);
HRESULT SAIAddIdentity( BYTE * pbIdentity, DWORD * pcbSAI, BYTE ** ppbSAI);
HRESULT SAIFindIdentity( BYTE * pbIdentity, DWORD cbSAI, BYTE * pbSAI, DWORD * pdwCredentialIndex, BOOL * pfIsPasswordNull = NULL, BYTE ** ppbFoundIdentity = NULL, DWORD * pdwSetSubCount = NULL, BYTE ** ppbSet = NULL);
HRESULT SAIIndexIdentity( DWORD cbSAI, BYTE * pbSAI, DWORD dwSetArrayIndex, DWORD dwSetIndex, BYTE ** ppbFoundIdentity = NULL, DWORD * pdwSetSubCount = NULL, BYTE ** ppbSet = NULL);
HRESULT SAIInsertIdentity( BYTE * pbIdentity, BYTE * pbSAIIndex, DWORD * pcbSAI, BYTE ** ppbSAI);
HRESULT SAIRemoveIdentity( BYTE * pbJobIdentity, BYTE * pbSet, DWORD * pcbSAI, BYTE ** ppbSAI, DWORD CredentialIndex, DWORD * pcbSAC, BYTE ** ppbSAC);
HRESULT SAIUpdateIdentity( const BYTE * pbNewIdentity, BYTE * pbFoundIdentity, DWORD cbSAI, BYTE * pbSAI);
HRESULT SACCoalesceDeletedEntries( DWORD * pcbSAC, BYTE ** ppbSAC);
HRESULT SAICoalesceDeletedEntries( DWORD * pcbSAI, BYTE ** ppbSAI);
void ScavengeSASecurityDBase(void);
HRESULT ReadLsaData( WORD cbKey, LPCWSTR pwszKey, DWORD * pcbData, BYTE ** ppbData);
HRESULT WriteLsaData( WORD cbKey, LPCWSTR pwszKey, DWORD cbData, BYTE * pbData);
HRESULT DeleteLsaData( WORD cbKey, LPCWSTR pwszKey);
void SetMysteryDWORDValue( void);
#if DBG == 1
#define ASSERT_SECURITY_DBASE_CORRUPT() { \
schAssert( \ 0 && "Scheduling Agent security database corruption detected!"); \}#else
#define ASSERT_SECURITY_DBASE_CORRUPT()
#endif // DBG
#endif // __LSA_HXX__
|
