|
|
/*++
Copyright (c) 1991-1996 Microsoft Corporation
Module Name:
ssiinit.h
Abstract:
Private global variables, defines, and routine declarations used for to implement SSI.
Author:
Cliff Van Dyke (cliffv) 25-Jul-1991
Environment:
User mode only. Contains NT-specific code. Requires ANSI C extensions: slash-slash comments, long external names.
Revision History:
02-Jan-1992 (madana) added support for builtin/multidomain replication.
04-10-1992 (madana) added support for LSA replication.
--*/
// general purpose mainfests
//
// Define UserAccountControl bit to indicate an NT 5.0 interdomain trust.
//
// This is not really a SAM account. But UserAccountControl is used for all
// other trust types.
//
// Pick a bit that will never be used in the future to indicate a different
// account type.
//
#define USER_DNS_DOMAIN_TRUST_ACCOUNT USER_ACCOUNT_AUTO_LOCKED
//
// Maximum time we'll wait during full sync in an attempt to decrease
// wan link utilization.
//
#define MAX_SYNC_SLEEP_TIME (60*60*1000) // 1 hour
//
// How big a buffer we request on a SAM delta or a SAM sync.
//
#define SAM_DELTA_BUFFER_SIZE (128*1024)
//
// The size of the largest mailslot message.
//
// All mailslot messages we receive are broadcast. The Win32 spec says
// the limit on broadcast mailslot is 400 bytes. Really it is
// 444 bytes (512 minus SMB header etc) - size of the mailslot name.
// I'll use 444 to ensure this size is the largest I'll ever need.
//
// The NETLOGON_SAM_LOGON_RESPONSE_EX structure isn't packed into a mailslot
// packet so it may be larger.
//
#define NETLOGON_MAX_MS_SIZE max(444, sizeof(NETLOGON_SAM_LOGON_RESPONSE_EX))
//
// Structure describing a transport supported by redir/server and browser.
//
typedef struct _NL_TRANSPORT { //
// List of all transports headed by NlTransportListHead.
// (Serialized by NlTransportCritSect)
//
LIST_ENTRY Next;
//
// True if the transport is currently enabled.
// We never delete a transport in order to avoid maintaining a reference count.
//
BOOLEAN TransportEnabled;
//
// True if transport is an IP transport.
//
BOOLEAN IsIpTransport;
//
// True if transport is direct host IPX transport
//
BOOLEAN DirectHostIpx;
//
// IP Address for this transport.
// Zero if not IP or none yet assigned.
//
ULONG IpAddress;
//
// Handle to the transport device
//
HANDLE DeviceHandle;
//
// Name of the transport.
//
WCHAR TransportName[1];
} NL_TRANSPORT, *PNL_TRANSPORT;
/////////////////////////////////////////////////////////////////////////////
//
// Client Session definitions
//
/////////////////////////////////////////////////////////////////////////////
//
// An internal timer used to schedule a periodic event.
//
typedef struct _TIMER { LARGE_INTEGER StartTime; // Start of period (NT absolute time)
DWORD Period; // length of period (miliseconds)
#define TIMER_MAX_PERIOD (MAILSLOT_WAIT_FOREVER - 1)
} TIMER, *PTIMER;
#define NL_MILLISECONDS_PER_SECOND (1000)
#define NL_MILLISECONDS_PER_MINUTE (60 * NL_MILLISECONDS_PER_SECOND)
#define NL_MILLISECONDS_PER_HOUR (60 * NL_MILLISECONDS_PER_MINUTE)
#define NL_MILLISECONDS_PER_DAY (24 * NL_MILLISECONDS_PER_HOUR)
//
// Structure the describes an API call over the secure channel
//
typedef struct _CLIENT_API {
//
// Each API call made across this secure channel is timed by this timer.
// If the timer expires, the session to the server is forcefully
// terminated to ensure the client doesn't hang for a dead server.
//
// Access serialized by DomainInfo->DomTrustListCritSect.
//
TIMER CaApiTimer;
#define SHORT_API_CALL_PERIOD (45*1000) // Logon API lasts 45 seconds
#define LONG_API_CALL_PERIOD (15*60*1000) // Replication API 15 minute
#define BINDING_CACHE_PERIOD (3*60*1000) // Cache RPC handle for 3 minutes
#define WRITER_WAIT_PERIOD NlGlobalParameters.ShortApiCallPeriod // Max time to wait to become writer
#define IsApiActive( _ClientApi ) ((_ClientApi)->CaApiTimer.Period != MAILSLOT_WAIT_FOREVER )
//
// Handle to the thread doing the API.
//
// Access serialized by DomainInfo->DomTrustListCritSect.
//
HANDLE CaThreadHandle;
//
// Access serialized by DomainInfo->DomTrustListCritSect.
//
DWORD CaFlags;
#define CA_BINDING_CACHED 0x1 // Set if the binding handle is cached
#define CA_TCP_BINDING 0x2 // Set if the cached binding handle is TCP/IP
#define CA_BINDING_AUTHENTICATED 0x4 // Set if the binding handle is marked authenticated
#define CA_ENTRY_IN_USE 0x8 // Entry is in use by a thread
//
// Rpc context handle for this call.
//
// Access serialized by DomainInfo->DomTrustListCritSect.
//
handle_t CaRpcHandle;
//
// When an api is in progress,
// this is the CsSessionCount at the start of the API call.
//
// Access serialized by CsWriterSemaphore.
//
DWORD CaSessionCount;
//
// UNC server name
//
WCHAR CaUncServerName[DNS_MAX_NAME_LENGTH + 3];
} CLIENT_API, * PCLIENT_API;
//
// Client session.
//
// Structure to define the client side of a session to a DC.
//
typedef struct _CLIENT_SESSION {
//
// Each client session entry is in a doubly linked list defined by
// DomTrustList.
//
// Access serialized by DomTrustListCritSect.
//
LIST_ENTRY CsNext;
//
// Time when the last authentication attempt was made.
//
// When the CsState is CS_AUTHENTICATED, this field is the time the
// secure channel was setup.
//
// When the CsState is CS_IDLE, this field is the time of the last
// failed discovery or session setup. Or it may be zero, to indicate
// that it is OK to do another discovery at any time.
//
// When the CsState is CS_DC_PICKED, this field is zero indicating it is
// OK to do the session setup at any time. Or it may be the time of the
// last failed session setup if different threads did the setup/discovery.
//
// Access serialized by NlGlobalDcDiscoveryCritSect
//
LARGE_INTEGER CsLastAuthenticationTry;
//
// Time when the last discovery attempt was made.
//
// The time is the time of completion of the last discovery attempt regardless
// of the success or failure of that attempt or the discovery type (with or without account)
//
// Access serialized by NlGlobalDcDiscoveryCritSect
//
LARGE_INTEGER CsLastDiscoveryTime;
//
// Time when the last discovery attempt with account was made
// regardless of the success or failure of that attempt
//
LARGE_INTEGER CsLastDiscoveryWithAccountTime;
//
// Time when the session was refreshed last time
//
LARGE_INTEGER CsLastRefreshTime;
//
// Time when the forest trust info was refreshed last time.
// Access serialized by DomTrustListCritSect.
//
LARGE_INTEGER CsLastFtInfoRefreshTime;
//
// WorkItem for Async discovery
//
WORKER_ITEM CsAsyncDiscoveryWorkItem;
//
// Name/Guid of the domain this connection is to
//
// Access serialized by DomTrustListCritSect.
//
GUID CsDomainGuidBuffer; UNICODE_STRING CsNetbiosDomainName; CHAR CsOemNetbiosDomainName[DNLEN+1]; ULONG CsOemNetbiosDomainNameLength; UNICODE_STRING CsDnsDomainName; LPSTR CsUtf8DnsDomainName; GUID *CsDomainGuid; // NULL if domain has no GUID.
// Either the Netbios or Dns Domain name.
// Suitable for debug. Suitable for Eventlog messages.
LPWSTR CsDebugDomainName;
//
// Name of the local trusted domain object.
//
PUNICODE_STRING CsTrustName;
//
// Name of the account on the server.
// For NT 5.0 interdomain trust, this is the dns name of this domain.
//
LPWSTR CsAccountName;
//
// Domain ID of the domain this connection is to
//
// Access serialized by either DomTrustListCritSect or CsWriter.
// Modifications must lock both.
PSID CsDomainId;
//
// Hosted domain this session is for
//
PDOMAIN_INFO CsDomainInfo;
//
// Type of CsAccountName
//
NETLOGON_SECURE_CHANNEL_TYPE CsSecureChannelType;
//
// State of the connection to the server.
//
// Access serialized by NlGlobalDcDiscoveryCritSect
// This field can be read without the crit sect locked if
// the answer will only be used as a hint.
//
DWORD CsState;
#define CS_IDLE 0 // No session is currently active
#define CS_DC_PICKED 1 // The session has picked a DC for session
#define CS_AUTHENTICATED 2 // The session is currently active
//
// Status of latest attempt to contact the server.
//
// When the CsState is CS_AUTHENTICATED, this field is STATUS_SUCCESS.
//
// When the CsState is CS_IDLE, this field is a non-successful status.
//
// When the CsState is CS_DC_PICKED, this field is the same non-successful
// status from when the CsState was last CS_IDLE.
//
// Access serialized by NlGlobalDcDiscoveryCritSect
// This field can be read without the crit sect locked if
// the answer will only be used as a hint.
//
NTSTATUS CsConnectionStatus;
//
// Access serialized by DomTrustListCritSect
//
DWORD CsFlags;
#define CS_UPDATE_PASSWORD 0x01 // Set if the password has already
// been changed on the client and
// needs changing on the server.
#define CS_PASSWORD_REFUSED 0x02 // Set if DC refused a password change.
#define CS_NT5_DOMAIN_TRUST 0x04 // Trust is to an NT 5 domain.
#define CS_WRITER 0x08 // Entry is being modified
#define CS_DIRECT_TRUST 0x10 // We have a direct trust to the specified
// domain.
#define CS_CHECK_DIRECT_TRUST 0x20 // Set if we need to check the password
// and forest trust info
#define CS_PICK_DC 0x40 // Set if we need to Pick a DC
#define CS_REDISCOVER_DC 0x80 // Set when we need to Rediscover a DC
#define CS_HANDLE_API_TIMER 0x400 // Set if we need to handle API timer expiration
#define CS_NOT_IN_LSA 0x800 // Flag to delete this entry if it's
// not later proved to be in the LSA.
#define CS_ZERO_LAST_AUTH 0x2000 // Set if we need to zero CsLastAuthenticationTry
#define CS_DOMAIN_IN_FOREST 0x4000 // Set if trusted domain is in same forest as this domain.
#define CS_NEW_TRUST 0x8000 // Set on a newly allocated trusted domain
// until async discovery has been tried
#define CS_DC_PICKED_ONCE 0x10000 // Set if DC was picked at least once.
// Access serialized by writer lock
//
// Trust attributes for the trusted domain object
//
ULONG CsTrustAttributes;
//
// Pointer to client session that represents the direct trust that's
// the closest route to the domain of this client session.
//
// The pointed to client session will always be marked CS_DIRECT_TRUST.
//
// If this is a CS_DIRECT_TRUST session,
// this field will point to this client session.
//
struct _CLIENT_SESSION *CsDirectClientSession;
//
// Flags describing capabilities of both client and server.
//
ULONG CsNegotiatedFlags;
//
// Time Number of authentication attempts since last success.
//
// Access serialized by CsWriterSemaphore.
//
DWORD CsAuthAlertCount;
//
// Number of times the secure channel has been dropped.
//
// Access serialized by CsWriterSemaphore.
//
DWORD CsSessionCount;
//
// Number of threads referencing this entry.
//
// Access serialized by DomTrustListCritSect.
//
DWORD CsReferenceCount;
//
// Writer semaphore.
//
// This semaphore is locked whenever there is a writer modifying
// fields in this client session.
//
HANDLE CsWriterSemaphore;
#ifdef _DC_NETLOGON
//
// The following fields are used by the NlDiscoverDc to keep track
// of discovery state.
//
// Access serialized by NlGlobalDcDiscoveryCritSect
//
DWORD CsDiscoveryFlags;#define CS_DISCOVERY_DEAD_DOMAIN 0x001 // This is a dead domain disocvery
#define CS_DISCOVERY_ASYNCHRONOUS 0x002 // Discovery being processed in worker thread
#define CS_DISCOVERY_HAS_DS 0x004 // Discovered DS has a DS
#define CS_DISCOVERY_IS_CLOSE 0x008 // Discovered DS is in a close site
#define CS_DISCOVERY_HAS_IP 0x010 // Discovered DC has IP address
#define CS_DISCOVERY_USE_MAILSLOT 0x020 // Discovered DC should be pinged using mailslot mechanism
#define CS_DISCOVERY_USE_LDAP 0x040 // Discovered DC should be pinged using LDAP mechanism
#define CS_DISCOVERY_HAS_TIMESERV 0x080 // Discovered DC runs the Windows Time Service
#define CS_DISCOVERY_DNS_SERVER 0x100 // Discovered DC name is DNS (if off, the name is Netbios)
#define CS_DISCOVERY_NO_PWD_ATTR_MONITOR 0x200 // Discovered DC cannot process NetrServerTrustPasswordsAndAttribGet
//
// This event is set to indicate that discovery is not in progress on this
// client session.
//
HANDLE CsDiscoveryEvent;#endif // _DC_NETLOGON
//
// API timout count. After each logon/logoff API call made to the
// server this count is incremented if the time taken to execute the
// this API is more than MAX_DC_API_TIMEOUT.
//
// The count is decremented each time there are FAST_DC_API_THRESHOLD calls
// that execute in FAST_DC_API_TIMEOUT seconds.
//
//
// Access serialized by CsWriterSemaphore.
//
DWORD CsTimeoutCount;
#define MAX_DC_TIMEOUT_COUNT 2 // drop the session after this
// many timeouts and when it is
// time to reauthenticate.
#define MAX_DC_API_TIMEOUT (long) (15L*1000L) // 15 seconds
#define MAX_DC_REAUTHENTICATION_WAIT (long) (5L*60L*1000L) // 5 mins
#define MAX_DC_REFRESH_TIMEOUT (45 * 60 * 1000) // 45 minutes
#define FAST_DC_API_THRESHOLD 5 // Number of fast calls needed before
// we decrement timeout count
#define FAST_DC_API_TIMEOUT (1000) // 1 second
//
// Count of Fast Calls
//
// Access serialized by CsWriterSemaphore.
//
DWORD CsFastCallCount;
//
// Authentication information.
//
// Access serialized by CsWriterSemaphore.
//
NETLOGON_CREDENTIAL CsAuthenticationSeed; NETLOGON_SESSION_KEY CsSessionKey;
PVOID ClientAuthData; CredHandle CsCredHandle;
#ifdef _DC_NETLOGON
//
// Transport the server was discovered on.
//
PNL_TRANSPORT CsTransport;#endif // _DC_NETLOGON
//
// Rid of the account used to contact server
//
ULONG CsAccountRid;
//
// Know good password for this secure channel.
//
// After secure channel setup, it is the password used to setup the channel.
// After a password change, it is the password successfully set on the DC.
//
NT_OWF_PASSWORD CsNtOwfPassword;
//
// Name of the server this connection is to (may be DNS or Netbios) and its
// IP address (if any).
//
// Access serialized by CsWriterSemaphore or NlGlobalDcDiscoveryCritSect.
// Modification from Null to non-null serialized by
// NlGlobalDcDiscoveryCritSect
// (Modification from non-null to null requires both to be locked.)
//
LPWSTR CsUncServerName;
SOCKET_ADDRESS CsServerSockAddr; SOCKADDR_IN CsServerSockAddrIn;
//
// API semaphore.
//
// This semaphore has one reference for each slot in CsClientApi.
// (Except the zeroth slot which is special.)
//
HANDLE CsApiSemaphore;
//
// List of API calls outstanding on this session
//
// Access serialized by DomainInfo->DomTrustListCritSect.
//
CLIENT_API CsClientApi[1];
#define ClientApiIndex( _ClientSession, _ClientApi ) \
((LONG) ((_ClientApi)-&((_ClientSession)->CsClientApi[0])) )
#define UseConcurrentRpc( _ClientSession, _ClientApi ) \
(ClientApiIndex( _ClientSession, _ClientApi ) != 0 )
} CLIENT_SESSION, * PCLIENT_SESSION;
#define LOCK_TRUST_LIST(_DI) EnterCriticalSection( &(_DI)->DomTrustListCritSect )
#define UNLOCK_TRUST_LIST(_DI) LeaveCriticalSection( &(_DI)->DomTrustListCritSect )
//
// For member workstations,
// maintain a list of domains trusted by our primary domain.
//
// Access serialized by NlGlobalDcDiscoveryCritSect
//
typedef struct { WCHAR UnicodeNetbiosDomainName[DNLEN+1]; LPSTR Utf8DnsDomainName;} TRUSTED_DOMAIN, *PTRUSTED_DOMAIN;
#ifdef _DC_NETLOGON
/////////////////////////////////////////////////////////////////////////////
//
// Server Session definitions
//
/////////////////////////////////////////////////////////////////////////////
//
// Sam Sync Context.
//
// A Sam sync context is maintained on the PDC for each BDC/member currently
// doing a full sync.
//
typedef struct _SAM_SYNC_CONTEXT {
//
// The Sync state indicates tracks the progression of the sync.
//
SYNC_STATE SyncState;
//
// A serial number indicating the number of times the BDC/member
// has called us. We use this as a resume handle.
//
ULONG SyncSerial;
//
// The current Sam Enumeration information
//
SAM_ENUMERATE_HANDLE SamEnumHandle; // Current Sam Enum Handle
PSAMPR_ENUMERATION_BUFFER SamEnum; // Sam returned buffer
PULONG RidArray; // Array of enumerated Rids
ULONG Index; // Index to current entry
ULONG Count; // Total Number of entries
BOOL SamAllDone; // True, if Sam has completed
} SAM_SYNC_CONTEXT, *PSAM_SYNC_CONTEXT;
#define SAM_SYNC_PREF_MAX 1024 // Preferred max for Sam Sync
//
// Lsa Sync Context.
//
// A Lsa sync context is maintained on the PDC for each BDC/member
// currently doing a full sync.
//
typedef struct _LSA_SYNC_CONTEXT {
//
// The Sync state indicates tracks the progression of the sync.
//
enum { AccountState, TDomainState, SecretState, LsaDoneState } SyncState;
//
// A serial number indicating the number of times the BDC/member
// has called us. We use this as a resume handle.
//
ULONG SyncSerial;
//
// The current Lsa Enumeration information
//
LSA_ENUMERATION_HANDLE LsaEnumHandle; // Current Lsa Enum Handle
enum { AccountEnumBuffer, TDomainEnumBuffer, SecretEnumBuffer, EmptyEnumBuffer } LsaEnumBufferType;
union { LSAPR_ACCOUNT_ENUM_BUFFER Account; LSAPR_TRUSTED_ENUM_BUFFER TDomain; PVOID Secret; } LsaEnum; // Lsa returned buffer
ULONG Index; // Index to current entry
ULONG Count; // Total Number of entries
BOOL LsaAllDone; // True, if Lsa has completed
} LSA_SYNC_CONTEXT, *PLSA_SYNC_CONTEXT;
//
// union of lsa and sam context
//
typedef struct _SYNC_CONTEXT { enum { LsaDBContextType, SamDBContextType } DBContextType;
union { LSA_SYNC_CONTEXT Lsa; SAM_SYNC_CONTEXT Sam; } DBContext;} SYNC_CONTEXT, *PSYNC_CONTEXT;
//
// Macro used to free any resources allocated by SAM.
//
// ?? check LsaIFree_LSAPR_* call parameters.
//
#define CLEAN_SYNC_CONTEXT( _Sync ) { \
if ( (_Sync)->DBContextType == LsaDBContextType ) { \ if ( (_Sync)->DBContext.Lsa.LsaEnumBufferType != \ EmptyEnumBuffer) { \ if ( (_Sync)->DBContext.Lsa.LsaEnumBufferType == \ AccountEnumBuffer) { \ LsaIFree_LSAPR_ACCOUNT_ENUM_BUFFER( \ &((_Sync)->DBContext.Lsa.LsaEnum.Account) ); \ } \ else if ( (_Sync)->DBContext.Lsa.LsaEnumBufferType == \ TDomainEnumBuffer) { \ LsaIFree_LSAPR_TRUSTED_ENUM_BUFFER( \ &((_Sync)->DBContext.Lsa.LsaEnum.TDomain) ); \ } \ else { \ LsaIFree_LSAI_SECRET_ENUM_BUFFER ( \ (_Sync)->DBContext.Lsa.LsaEnum.Secret, \ (_Sync)->DBContext.Lsa.Count ); \ (_Sync)->DBContext.Lsa.LsaEnum.Secret = NULL; \ } \ (_Sync)->DBContext.Lsa.LsaEnumBufferType = \ EmptyEnumBuffer; \ } \ } else { \ if ( (_Sync)->DBContext.Sam.SamEnum != NULL ) { \ SamIFree_SAMPR_ENUMERATION_BUFFER( \ (_Sync)->DBContext.Sam.SamEnum ); \ (_Sync)->DBContext.Sam.SamEnum = NULL; \ } \ if ( (_Sync)->DBContext.Sam.RidArray != NULL ) { \ MIDL_user_free( (_Sync)->DBContext.Sam.RidArray );\ (_Sync)->DBContext.Sam.RidArray = NULL; \ } \ } \}
//
// Macro to initialize Sync Context
//
#define INIT_SYNC_CONTEXT( _Sync, _ContextType ) { \
RtlZeroMemory( (_Sync), sizeof( *(_Sync) ) ) ; \ (_Sync)->DBContextType = (_ContextType) ; \}
//
// Server Session structure
//
// This structure represents the server side of a connection to a DC.
//
// ISSUE-2000/09/15-CliffV: This structure could be made smaller by using SsSecureChannelType
// as a discriminator. Many fields are specific to a BDC server session entry. Others
// are specific to a domain server session entry. However, most entries are member workstation
// server session entries that don't use either of the fields.
//
typedef struct _SERVER_SESSION { //
// Each server session entry is in a doubly linked list for each hash bucket.
// Indexed by SsComputerName
//
LIST_ENTRY SsHashList;
//
// Each server session entry is in a doubly linked list defined by
// DomainInfo->DomServerSessionTable.
//
LIST_ENTRY SsSeqList;
//
// List of all BDCs headed by NlGlobalBdcServerSessionList.
//
// (The field is set only on BDC server session entries)
//
// Access serialized by NlGlobalServerSessionTableCritSect.
//
LIST_ENTRY SsBdcList;
//
// List of BDC's which have a pulse pending.
//
LIST_ENTRY SsPendingBdcList;
//
// Time when the last pulse was sent to this machine
//
// (The field is set only on BDC server session entries)
//
LARGE_INTEGER SsLastPulseTime;
//
// Current serial numbers of each database on the BDC.
//
// (The field is set only on BDC server session entries)
//
LARGE_INTEGER SsBdcDbSerialNumber[NUM_DBS];
//
// The computername uniquely identifies this server session entry.
//
NETLOGON_SECURE_CHANNEL_TYPE SsSecureChannelType; CHAR SsComputerName[CNLEN+1];
//
// Rid of the account to authenticate with
//
ULONG SsAccountRid;
//
// The number of times there has been no response to a pulse.
//
USHORT SsPulseTimeoutCount;
//
// Hosted domain for this server session.
//
PDOMAIN_INFO SsDomainInfo;
//
// The number of times this entry has been scavanged.
//
USHORT SsCheck;
//
// Flags describing the state of the current entry.
// See the SS_ defines below.
//
USHORT SsFlags;
#define SS_BDC_FORCE_DELETE 0x0001 // Unless set, BDC server session won't be deleted
#define SS_AUTHENTICATED 0x0002 // Remote side has been authenticated
#define SS_LOCKED 0x0004 // Delay deletion requests for this entry
// While set, SsSessionKey may be referenced
#define SS_DELETE_ON_UNLOCK 0x0008 // Delete entry when it is unlocked
#define SS_BDC 0x0010 // BDC account exists for this Client
#define SS_FOREST_TRANSITIVE 0x0020 // TDO has TRUST_ATTRIBUTE_FOREST_TRANSITIVE set
#define SS_PENDING_BDC 0x0040 // BDC is on pending BDC list.
#define SS_FORCE_PULSE 0x0200 // Force a pulse message to this BDC.
#define SS_PULSE_SENT 0x0400 // Pulse has been sent but has not
// been responded to yet
#define SS_LSA_REPL_NEEDED 0x2000 // BDC needs LSA DB replicated
#define SS_ACCOUNT_REPL_NEEDED 0x4000 // BDC needs SAM Account DB replicated
#define SS_BUILTIN_REPL_NEEDED 0x8000 // BDC needs SAM Builtin DB replicated
#define SS_REPL_MASK 0xE000 // BDC needs replication mask
#define SS_REPL_LSA_MASK 0x2000 // BDC needs LSA replication mask
#define SS_REPL_SAM_MASK 0xC000 // BDC needs SAM replication mask
// Don't clear these on session setup
#define SS_PERMANENT_FLAGS \
( SS_BDC | SS_PENDING_BDC | SS_FORCE_PULSE | SS_REPL_MASK )
//
// Flags describing capabilities of both client and server.
//
ULONG SsNegotiatedFlags;
//
// Transport the client connected over.
//
PNL_TRANSPORT SsTransport;
//
// This is the ClientCredential (after authentication is complete).
//
NETLOGON_CREDENTIAL SsAuthenticationSeed;
//
// This is the ServerChallenge (during the challenge phase) and later
// the SessionKey (after authentication is complete).
//
NETLOGON_SESSION_KEY SsSessionKey;
//
// A pointer to the Sync context.
//
// (The field is set only on BDC server session entries)
//
PSYNC_CONTEXT SsSync;
//
// Each server session entry is in a doubly linked list for each hash bucket.
// Indexed by SsTdoName
//
// (This field is set only on *uplevel* interdomain trust entries.)
//
LIST_ENTRY SsTdoNameHashList;
UNICODE_STRING SsTdoName;
} SERVER_SESSION, *PSERVER_SESSION;#endif // _DC_NETLOGON
//
// Structure shared by all PDC and BDC sync routines.
// (And other users of secure channels.)
//
typedef struct _SESSION_INFO {
//
// Session Key shared by both client and server.
//
NETLOGON_SESSION_KEY SessionKey;
//
// Flags describing capabilities of both client and server.
//
ULONG NegotiatedFlags;
} SESSION_INFO, *PSESSION_INFO;
//
// Macro for tranlating the negotiated database replication flags to the mask of
// which databases to replicate/
//
#define NlMaxReplMask( _NegotiatedFlags ) \
((((_NegotiatedFlags) & NETLOGON_SUPPORTS_AVOID_SAM_REPL) ? 0 : SS_REPL_SAM_MASK ) | \ (((_NegotiatedFlags) & NETLOGON_SUPPORTS_AVOID_LSA_REPL) ? 0 : SS_REPL_LSA_MASK ) )
/////////////////////////////////////////////////////////////////////////////
//
// Structures and variables describing the database info.
//
/////////////////////////////////////////////////////////////////////////////
typedef struct _DB_Info { LARGE_INTEGER CreationTime; // database creation time
DWORD DBIndex; // index of Database table
SAM_HANDLE DBHandle; // database handle to access
LPWSTR DBName; // Name of the database
DWORD DBSessionFlag; // SS_ Flag representing this database
} DB_INFO, *PDB_INFO;
/////////////////////////////////////////////////////////////////////////////
//
// Replication timing macros
//
/////////////////////////////////////////////////////////////////////////////
#if NETLOGONDBG
///////////////////////////////////////////////////////////////////////////////
#define DEFPACKTIMER DWORD PackTimer, PackTimerTicks
#define INITPACKTIMER PackTimer = 0;
#define STARTPACKTIMER \
IF_NL_DEBUG( REPL_OBJ_TIME ) { \ PackTimerTicks = GetTickCount(); \ }
#define STOPPACKTIMER \
IF_NL_DEBUG( REPL_OBJ_TIME ) { \ PackTimer += GetTickCount() - PackTimerTicks; \ }
#define PRINTPACKTIMER \
IF_NL_DEBUG( REPL_OBJ_TIME ) { \ NlPrint((NL_REPL_OBJ_TIME,"\tTime Taken to PACK this object = %d msecs\n", \ PackTimer )); \ }
///////////////////////////////////////////////////////////////////////////////
#define DEFSAMTIMER DWORD SamTimer, SamTimerTicks
#define INITSAMTIMER SamTimer = 0;
#define STARTSAMTIMER \
IF_NL_DEBUG( REPL_OBJ_TIME ) { \ SamTimerTicks = GetTickCount(); \ }
#define STOPSAMTIMER \
IF_NL_DEBUG( REPL_OBJ_TIME ) { \ SamTimer += GetTickCount() - SamTimerTicks; \ }
#define PRINTSAMTIMER \
IF_NL_DEBUG( REPL_OBJ_TIME ) { \ NlPrint((NL_REPL_OBJ_TIME, \ "\tTime spent in SAM calls = %d msecs\n", \ SamTimer )); \ }
///////////////////////////////////////////////////////////////////////////////
#define DEFLSATIMER DWORD LsaTimer, LsaTimerTicks
#define INITLSATIMER LsaTimer = 0;
#define STARTLSATIMER \
IF_NL_DEBUG( REPL_OBJ_TIME ) { \ LsaTimerTicks = GetTickCount(); \ }
#define STOPLSATIMER \
IF_NL_DEBUG( REPL_OBJ_TIME ) { \ LsaTimer += GetTickCount() - LsaTimerTicks; \ }
#define PRINTLSATIMER \
IF_NL_DEBUG( REPL_OBJ_TIME ) { \ NlPrint((NL_REPL_OBJ_TIME, \ "\tTime spent in LSA calls = %d msecs\n", \ LsaTimer )); \ }
///////////////////////////////////////////////////////////////////////////////
#define DEFSSIAPITIMER DWORD SsiApiTimer, SsiApiTimerTicks
#define INITSSIAPITIMER SsiApiTimer = 0;
#define STARTSSIAPITIMER \
IF_NL_DEBUG( REPL_TIME ) { \ SsiApiTimerTicks = GetTickCount(); \ }
#define STOPSSIAPITIMER \
IF_NL_DEBUG( REPL_TIME ) { \ SsiApiTimer += GetTickCount() - \ SsiApiTimerTicks; \ }
#define PRINTSSIAPITIMER \
IF_NL_DEBUG( REPL_TIME ) { \ NlPrint((NL_REPL_TIME, \ "\tTime Taken by this SSIAPI call = %d msecs\n", \ SsiApiTimer )); \ }
#else // NETLOGONDBG
#define DEFPACKTIMER
#define INITPACKTIMER
#define STARTPACKTIMER
#define STOPPACKTIMER
#define PRINTPACKTIMER
#define DEFSAMTIMER
#define INITSAMTIMER
#define STARTSAMTIMER
#define STOPSAMTIMER
#define PRINTSAMTIMER
#define DEFLSATIMER
#define INITLSATIMER
#define STARTLSATIMER
#define STOPLSATIMER
#define PRINTLSATIMER
#define DEFSSIAPITIMER
#define INITSSIAPITIMER
#define STARTSSIAPITIMER
#define STOPSSIAPITIMER
#define PRINTSSIAPITIMER
#endif // NETLOGONDBG
//
// macros used in pack and unpack routines
//
#define SECURITYINFORMATION OWNER_SECURITY_INFORMATION | \
GROUP_SECURITY_INFORMATION | \ SACL_SECURITY_INFORMATION | \ DACL_SECURITY_INFORMATION
#define INIT_PLACE_HOLDER(_x) \
RtlInitString( (PSTRING) &(_x)->DummyString1, NULL ); \ RtlInitString( (PSTRING) &(_x)->DummyString2, NULL ); \ RtlInitString( (PSTRING) &(_x)->DummyString3, NULL ); \ RtlInitString( (PSTRING) &(_x)->DummyString4, NULL ); \ (_x)->DummyLong1 = 0; \ (_x)->DummyLong2 = 0; \ (_x)->DummyLong3 = 0; \ (_x)->DummyLong4 = 0;
#define QUERY_LSA_SECOBJ_INFO(_x) \
STARTLSATIMER; \ Status = LsarQuerySecurityObject( \ (_x), \ SECURITYINFORMATION, \ &SecurityDescriptor );\ STOPLSATIMER; \\ if (!NT_SUCCESS(Status)) { \ SecurityDescriptor = NULL; \ goto Cleanup; \ }
#define QUERY_SAM_SECOBJ_INFO(_x) \
STARTSAMTIMER; \ Status = SamrQuerySecurityObject( \ (_x), \ SECURITYINFORMATION, \ &SecurityDescriptor );\ STOPSAMTIMER; \\ if (!NT_SUCCESS(Status)) { \ SecurityDescriptor = NULL; \ goto Cleanup; \ }
#define SET_LSA_SECOBJ_INFO(_x, _y) \
SecurityDescriptor.Length = (_x)->SecuritySize; \ SecurityDescriptor.SecurityDescriptor = (_x)->SecurityDescriptor; \\ STARTLSATIMER; \ Status = LsarSetSecurityObject( \ (_y), \ (_x)->SecurityInformation, \ &SecurityDescriptor ); \ STOPLSATIMER; \\ if (!NT_SUCCESS(Status)) { \ NlPrint((NL_CRITICAL, \ "LsarSetSecurityObject failed (%lx)\n", \ Status )); \ goto Cleanup; \ }
#define SET_SAM_SECOBJ_INFO(_x, _y) \
SecurityDescriptor.Length = (_x)->SecuritySize; \ SecurityDescriptor.SecurityDescriptor = (_x)->SecurityDescriptor; \\ STARTSAMTIMER; \ Status = SamrSetSecurityObject( \ (_y), \ (_x)->SecurityInformation, \ &SecurityDescriptor ); \ STOPSAMTIMER; \\ if (!NT_SUCCESS(Status)) { \ NlPrint((NL_CRITICAL, \ "SamrSetSecurityObject failed (%lx)\n", \ Status )); \ goto Cleanup; \ }
#define DELTA_SECOBJ_INFO(_x) \
(_x)->SecurityInformation = SECURITYINFORMATION;\ (_x)->SecuritySize = SecurityDescriptor->Length;\\ *BufferSize += NlCopyData( \ (LPBYTE *)&SecurityDescriptor->SecurityDescriptor, \ (LPBYTE *)&(_x)->SecurityDescriptor, \ SecurityDescriptor->Length );
//
// Values of WorkstationFlags field of NETLOGON_WORKSTATION_INFO
//
#define NL_NEED_BIDIRECTIONAL_TRUSTS 0x0001 // Client wants inbound trusts, too
#define NL_CLIENT_HANDLES_SPN 0x0002 // Client handles updating SPN
#define NL_GET_DOMAIN_INFO_SUPPORTED 0x0003 // Mask of all bits supported
//
// Structure describing failed user logon.
// We keep a small cache of failed use logons
// with bad password.
//
typedef struct _NL_FAILED_USER_LOGON {
//
// Link to next entry in the list of failed forwarded logons
// (Serialized by DomainInfo->DomTrustListCritSect)
//
LIST_ENTRY FuNext;
//
// Last time we forwarded the logon to the PDC
//
ULONG FuLastTimeSentToPdc;
//
// Count of failed local logons
//
ULONG FuBadLogonCount;
//
// The user name (must be lat field in struct)
//
WCHAR FuUserName[ANYSIZE_ARRAY];
} NL_FAILED_USER_LOGON, *PNL_FAILED_USER_LOGON;
//
// The number of failed user logons we keep per domain.
// (The maximum number of negative cache entries we keep
// before throwing the least recently used one.)
//
#define NL_MAX_FAILED_USER_LOGONS 50
//
// Number of failed logons for a given user after which we refrain from
// forwarding subsequent user logons to the PDC for some period of time
//
#define NL_FAILED_USER_MAX_LOGON_COUNT 10
//
// Time period during which we refrain from forwarding a given
// user logon to the PDC once number of failed user logons
// reaches the above limit
//
#define NL_FAILED_USER_FORWARD_LOGON_TIMEOUT 300000 // 5 minutes
///////////////////////////////////////////////////////////////////////////////
//
// Procedure forwards.
//
///////////////////////////////////////////////////////////////////////////////
#ifdef _DC_NETLOGON
//
// srvsess.c
//
NET_API_STATUSNlTransportOpen( VOID );
BOOLNlTransportAddTransportName( IN LPWSTR TransportName, OUT PBOOLEAN IpTransportChanged );
BOOLEANNlTransportDisableTransportName( IN LPWSTR TransportName );
PNL_TRANSPORTNlTransportLookupTransportName( IN LPWSTR TransportName );
PNL_TRANSPORTNlTransportLookup( IN LPWSTR ClientName );
VOIDNlTransportClose( VOID );
ULONGNlTransportGetIpAddresses( IN ULONG HeaderSize, IN BOOLEAN ReturnOffsets, OUT PSOCKET_ADDRESS *RetIpAddresses, OUT PULONG RetIpAddressSize );
BOOLEANNlHandleWsaPnp( VOID );
PSERVER_SESSIONNlFindNamedServerSession( IN PDOMAIN_INFO DomainInfo, IN LPWSTR ComputerName );
VOIDNlSetServerSessionAttributesByTdoName( IN PDOMAIN_INFO DomainInfo, IN PUNICODE_STRING TdoName, IN ULONG TrustAttributes );
NTSTATUSNlInsertServerSession( IN PDOMAIN_INFO DomainInfo, IN LPWSTR ComputerName, IN LPWSTR TdoName OPTIONAL, IN NETLOGON_SECURE_CHANNEL_TYPE SecureChannelType, IN DWORD Flags, IN ULONG AccountRid, IN ULONG NegotiatedFlags, IN PNL_TRANSPORT Transport OPTIONAL, IN PNETLOGON_SESSION_KEY SessionKey OPTIONAL, IN PNETLOGON_CREDENTIAL AuthenticationSeed OPTIONAL );
NTSTATUSNlCheckServerSession( IN ULONG ServerRid, IN PUNICODE_STRING AccountName OPTIONAL, IN NETLOGON_SECURE_CHANNEL_TYPE SecureChannelType );
NTSTATUSNlBuildNtBdcList( PDOMAIN_INFO DomainInfo );
BOOLEANNlFreeServerSession( IN PSERVER_SESSION ServerSession );
VOIDNlUnlockServerSession( IN PSERVER_SESSION ServerSession );
VOIDNlFreeNamedServerSession( IN PDOMAIN_INFO DomainInfo, IN LPWSTR ComputerName, IN BOOLEAN AccountBeingDeleted );
VOIDNlFreeServerSessionForAccount( IN PUNICODE_STRING AccountName );
VOIDNlServerSessionScavenger( IN PDOMAIN_INFO DomainInfo );#endif // _DC_NETLOGON
//
// ssiauth.c
//
NTSTATUSNlMakeSessionKey( IN ULONG NegotiatedFlags, IN PNT_OWF_PASSWORD CryptKey, IN PNETLOGON_CREDENTIAL ClientChallenge, IN PNETLOGON_CREDENTIAL ServerChallenge, OUT PNETLOGON_SESSION_KEY SessionKey );
#ifdef _DC_NETLOGON
NTSTATUSNlCheckAuthenticator( IN OUT PSERVER_SESSION ServerServerSession, IN PNETLOGON_AUTHENTICATOR Authenticator, OUT PNETLOGON_AUTHENTICATOR ReturnAuthenticator );#endif _DC_NETLOGON
VOIDNlComputeCredentials( IN PNETLOGON_CREDENTIAL Challenge, OUT PNETLOGON_CREDENTIAL Credential, IN PNETLOGON_SESSION_KEY SessionKey );
VOIDNlComputeChallenge( OUT PNETLOGON_CREDENTIAL Challenge );
VOIDNlBuildAuthenticator( IN OUT PNETLOGON_CREDENTIAL AuthenticationSeed, IN PNETLOGON_SESSION_KEY SessionKey, OUT PNETLOGON_AUTHENTICATOR Authenticator );
BOOLNlUpdateSeed( IN OUT PNETLOGON_CREDENTIAL AuthenticationSeed, IN PNETLOGON_CREDENTIAL TargetCredential, IN PNETLOGON_SESSION_KEY SessionKey );
VOIDNlEncryptRC4( IN OUT PVOID Buffer, IN ULONG BufferSize, IN PSESSION_INFO SessionInfo );
VOIDNlDecryptRC4( IN OUT PVOID Buffer, IN ULONG BufferSize, IN PSESSION_INFO SessionInfo );
VOIDNlPrintTrustedDomain( PDS_DOMAIN_TRUSTSW TrustedDomain, IN BOOLEAN VerbosePrint, IN BOOLEAN AnsiOutput );
//
// trustutl.c
//
//
// Extended trust information passed via I_NetLogonGetDomainInfo
//
typedef struct _NL_TRUST_EXTENSION { ULONG Flags; ULONG ParentIndex; ULONG TrustType; ULONG TrustAttributes;} NL_TRUST_EXTENSION, *PNL_TRUST_EXTENSION;
PCLIENT_SESSIONNlFindNamedClientSession( IN PDOMAIN_INFO DomainInfo, IN PUNICODE_STRING DomainName, IN ULONG Flags, OUT PBOOLEAN TransitiveUsed OPTIONAL );
PCLIENT_SESSIONNlAllocateClientSession( IN PDOMAIN_INFO DomainInfo, IN PUNICODE_STRING DomainName, IN PUNICODE_STRING DnsDomainName OPTIONAL, IN PSID DomainId, IN GUID *DomainGuid OPTIONAL, IN ULONG Flags, IN NETLOGON_SECURE_CHANNEL_TYPE SecureChannelType, IN ULONG TrustAttributes );
VOIDNlFreeClientSession( IN PCLIENT_SESSION ClientSession );
VOIDNlRefClientSession( IN PCLIENT_SESSION ClientSession );
VOIDNlUnrefClientSession( IN PCLIENT_SESSION ClientSession );
PCLIENT_APINlAllocateClientApi( IN PCLIENT_SESSION ClientSession, IN DWORD Timeout );
VOIDNlFreeClientApi( IN PCLIENT_SESSION ClientSession, IN PCLIENT_API ClientApi );
BOOLNlTimeoutSetWriterClientSession( IN PCLIENT_SESSION ClientSession, IN DWORD Timeout );
VOIDNlResetWriterClientSession( IN PCLIENT_SESSION ClientSession );
NTSTATUSNlCaptureServerClientSession ( IN PCLIENT_SESSION ClientSession, OUT LPWSTR *UncServerName, OUT DWORD *DiscoveryFlags OPTIONAL );
NTSTATUSNlCaptureNetbiosServerClientSession ( IN PCLIENT_SESSION ClientSession, OUT WCHAR NetbiosUncServerName[UNCLEN+1] );
BOOLNlSetNamesClientSession( IN PCLIENT_SESSION ClientSession, IN PUNICODE_STRING DomainName OPTIONAL, IN PUNICODE_STRING DnsDomainName OPTIONAL, IN PSID DomainId OPTIONAL, IN GUID *DomainGuid OPTIONAL );
VOIDNlSetStatusClientSession( IN PCLIENT_SESSION ClientSession, IN NTSTATUS CsConnectionStatus );
#ifdef _DC_NETLOGON
NTSTATUSNlInitTrustList( IN PDOMAIN_INFO DomainInfo );
VOIDNlPickTrustedDcForEntireTrustList( IN PDOMAIN_INFO DomainInfo, IN BOOLEAN OnlyDoNewTrusts );#endif // _DC_NETLOGON
NTSTATUSNlUpdatePrimaryDomainInfo( IN LSAPR_HANDLE PolicyHandle, IN PUNICODE_STRING NetbiosDomainName, IN PUNICODE_STRING DnsDomainName, IN PUNICODE_STRING DnsForestName, IN GUID *DomainGuid );
VOIDNlSetForestTrustList ( IN PDOMAIN_INFO DomainInfo, IN OUT PDS_DOMAIN_TRUSTSW *ForestTrustList, IN ULONG ForestTrustListSize, IN ULONG ForestTrustListCount );
NET_API_STATUSNlReadRegTrustedDomainList ( IN PDOMAIN_INFO DomainInfo, IN BOOL DeleteName, OUT PDS_DOMAIN_TRUSTSW *RetForestTrustList, OUT PULONG RetForestTrustListSize, OUT PULONG RetForestTrustListCount );
NET_API_STATUSNlReadFileTrustedDomainList ( IN PDOMAIN_INFO DomainInfo, IN LPWSTR FileSuffix, IN BOOL DeleteName, IN ULONG Flags, OUT PDS_DOMAIN_TRUSTSW *RetForestTrustList, OUT PULONG RetForestTrustListSize, OUT PULONG RetForestTrustListCount );
NET_API_STATUSNlpEnumerateDomainTrusts ( IN PDOMAIN_INFO DomainInfo, IN ULONG Flags, OUT PULONG RetForestTrustListCount, OUT PDS_DOMAIN_TRUSTSW *RetForestTrustList );
BOOLEANNlIsDomainTrusted ( IN PUNICODE_STRING DomainName );
NET_API_STATUSNlGetTrustedDomainNames ( IN PDOMAIN_INFO DomainInfo, IN LPWSTR DomainName, OUT LPWSTR *TrustedDnsDomainName, OUT LPWSTR *TrustedNetbiosDomainName );
typedef enum _DISCOVERY_TYPE {#ifdef _DC_NETLOGON
DT_DeadDomain, DT_Asynchronous,#endif // _DC_NETLOGON
DT_Synchronous} DISCOVERY_TYPE;
NET_API_STATUSNlSetServerClientSession( IN OUT PCLIENT_SESSION ClientSession, IN PNL_DC_CACHE_ENTRY NlDcCacheEntry, IN BOOL DcDiscoveredWithAccount, IN BOOL SessionRefresh );
NTSTATUSNlDiscoverDc ( IN OUT PCLIENT_SESSION ClientSession, IN DISCOVERY_TYPE DiscoveryType, IN BOOLEAN InDiscoveryThread, IN BOOLEAN DiscoverWithAccount );
VOIDNlFlushCacheOnPnp ( VOID );
BOOLNlReadSamLogonResponse ( IN HANDLE ResponseMailslotHandle, IN LPWSTR AccountName, OUT LPDWORD Opcode, OUT LPWSTR *LogonServer, OUT PNL_DC_CACHE_ENTRY *NlDcCacheEntry OPTIONAL );
#ifdef _DC_NETLOGON
NTSTATUSNlPickDomainWithAccount ( IN PDOMAIN_INFO DomainInfo, IN PUNICODE_STRING InAccountNameString, IN PUNICODE_STRING InDomainNameString OPTIONAL, IN ULONG AllowableAccountControlBits, IN NETLOGON_SECURE_CHANNEL_TYPE SecureChannelType, IN BOOLEAN ExpediteToRoot, IN BOOLEAN CrossForestHop, OUT LPWSTR *RealSamAccountName, OUT LPWSTR *RealDomainName, OUT PULONG RealExtraFlags );#endif // _DC_NETLOGON
#ifdef _NETLOGON_SERVER
NTSTATUSNlGetConfigurationName( DWORD which, DWORD *pcbName, DSNAME *pName );
NTSTATUSNlGetConfigurationNamesList( DWORD which, DWORD dwFlags, ULONG * pcbNames, DSNAME ** padsNames );
NTSTATUSNlGetDnsRootAlias( WCHAR * pDnsRootAlias, WCHAR * pRootDnsRootAlias);
DWORDNlDsGetServersAndSitesForNetLogon( WCHAR * pNDNC, SERVERSITEPAIR ** ppaRes);
VOIDNlDsFreeServersAndSitesForNetLogon( SERVERSITEPAIR * paServerSites );
NTSTATUSNlCrackSingleName( DWORD formatOffered, // one of DS_NAME_FORMAT in ntdsapi.h
BOOL fPerformAtGC, // whether to go to GC or not
WCHAR *pNameIn, // name to crack
DWORD formatDesired, // one of DS_NAME_FORMAT in ntdsapi.h
DWORD *pccDnsDomain, // char count of following argument
WCHAR *pDnsDomain, // buffer for DNS domain name
DWORD *pccNameOut, // char count of following argument
WCHAR *pNameOut, // buffer for formatted name
DWORD *pErr); // one of DS_NAME_ERROR in ntdsapi.h
BOOLNlIsMangledRDNExternal( WCHAR * pszRDN, ULONG cchRDN, PULONG pcchUnMangled OPTIONAL );#endif // _NETLOGON_SERVER
//
// Macros to wrap all API calls over the secure channel.
//
// Here's a sample calling sequence"
//
// NL_API_START( Status, ClientSession, TRUE ) {
//
// Status = /* Call the secure channel API */
//
// } NL_API_ELSE ( Status, ClientSession, FALSE ) {
//
// /* Do whatever you'd do if the secure channel was timed out */
//
// } NL_API_END;
// Loop through each of the appropriate RPC bindings for this ClientSession.
// Avoid the real API call altogether if we can't bind.
#define NL_API_START_EX( _NtStatus, _ClientSession, _QuickApiCall, _ClientApi ) \
{ \ ULONG _BindingLoopCount; \\ _NtStatus = RPC_NT_PROTSEQ_NOT_SUPPORTED; \ for ( _BindingLoopCount=0; _BindingLoopCount<2; _BindingLoopCount++ ) { \ _NtStatus = NlStartApiClientSession( (_ClientSession), (_QuickApiCall), _BindingLoopCount, _NtStatus, _ClientApi ); \\ if ( NT_SUCCESS(_NtStatus) ) {
#define NL_API_START( _NtStatus, _ClientSession, _QuickApiCall ) \
NL_API_START_EX( _NtStatus, _ClientSession, _QuickApiCall, &(_ClientSession)->CsClientApi[0] )
// If the real API indicates the endpoint isn't registered,
// fall back to another binding.
//
// EPT_NT_NOT_REGISTERED: from NlStartApiClientSession
// RPC_NT_SERVER_UNAVAILABLE: From server if TCP not configured at all
// RPC_NT_PROTSEQ_NOT_SUPPORTED: From client or server if TCP/IP not supported
//
#define NL_API_ELSE_EX( _NtStatus, _ClientSession, _OkToKillSession, _AmWriter, _ClientApi ) \
\ } \\ if ( _NtStatus == EPT_NT_NOT_REGISTERED || \ _NtStatus == RPC_NT_SERVER_UNAVAILABLE || \ _NtStatus == RPC_NT_PROTSEQ_NOT_SUPPORTED ) { \ continue; \ } \\ break; \\ } \\ if ( !NlFinishApiClientSession( (_ClientSession), (_OkToKillSession), (_AmWriter), (_ClientApi) ) ) {
#define NL_API_ELSE( _NtStatus, _ClientSession, _OkToKillSession ) \
NL_API_ELSE_EX( _NtStatus, _ClientSession, _OkToKillSession, TRUE, &(_ClientSession)->CsClientApi[0] ) \
#define NL_API_END \
} \ } \
NTSTATUSNlStartApiClientSession( IN PCLIENT_SESSION ClientSession, IN BOOLEAN QuickApiCall, IN ULONG RetryIndex, IN NTSTATUS DefaultStatus, IN PCLIENT_API ClientApi );
BOOLEANNlFinishApiClientSession( IN PCLIENT_SESSION ClientSession, IN BOOLEAN OkToKillSession, IN BOOLEAN AmWriter, IN PCLIENT_API ClientApi );
VOIDNlTimeoutApiClientSession( IN PDOMAIN_INFO DomainInfo );
typedefDWORD(*PDsBindW)( LPCWSTR DomainControllerName, // in, optional
LPCWSTR DnsDomainName, // in, optional
HANDLE *phDS);
typedefDWORD(*PDsUnBindW)( HANDLE *phDS); // in
typedef NTSTATUS(*PCrackSingleName)( DWORD formatOffered, DWORD dwFlags, WCHAR *pNameIn, DWORD formatDesired, DWORD *pccDnsDomain, WCHAR *pDnsDomain, DWORD *pccNameOut, WCHAR *pNameOut, DWORD *pErr);
typedef NTSTATUS(*PGetConfigurationName)( DWORD which, DWORD *pcbName, DSNAME *pName);
typedef NTSTATUS(*PGetConfigurationNamesList)( DWORD which, DWORD dwFlags, ULONG * pcbNames, DSNAME ** padsNames);
typedef NTSTATUS(*PGetDnsRootAlias)( WCHAR * pDnsRootAlias, WCHAR * pRootDnsRootAlias);
typedef DWORD(*PDsGetServersAndSitesForNetLogon)( WCHAR * pNDNC, SERVERSITEPAIR ** ppaRes);
typedef VOID(*PDsFreeServersAndSitesForNetLogon)( SERVERSITEPAIR * paServerSites);
typedef BOOL(*PIsMangledRDNExternal)( WCHAR * pszRDN, ULONG cchRDN, PULONG pcchUnMangled OPTIONAL );
NTSTATUSNlLoadNtdsaDll( VOID );
//
// secpkg.c
//
PVOIDNlBuildAuthData( PCLIENT_SESSION ClientSession );
BOOLNlEqualClientSessionKey( PCLIENT_SESSION ClientSession, PVOID ClientContext );
BOOLNlStartNetlogonCall( VOID );
VOIDNlEndNetlogonCall( VOID );
//
// ssiapi.c
//
NTSTATUSNlGetAnyDCName ( IN PCLIENT_SESSION ClientSession, IN BOOL RequireIp, IN BOOL DoDiscoveryWithAccount, OUT PNL_DC_CACHE_ENTRY *NlDcCacheEntry, OUT PBOOLEAN DcRediscovered );
NET_API_STATUSNlSetDsSPN( IN BOOLEAN Synchronous, IN BOOLEAN SetSpn, IN BOOLEAN SetDnsHostName, IN PDOMAIN_INFO DomainInfo, IN LPWSTR UncDcName, IN LPWSTR ComputerName, IN LPWSTR DnsHostName );
NET_API_STATUSNlPingDcName ( IN PCLIENT_SESSION ClientSession, IN ULONG DcNamePingFlags, IN BOOL CachePingedDc, IN BOOL RequireIp, IN BOOL DoPingWithAccount, IN BOOL RefreshClientSession, IN LPWSTR DcName OPTIONAL, OUT PNL_DC_CACHE_ENTRY *NlDcCacheEntry OPTIONAL );
VOIDNlFreePingContext( IN PNL_GETDC_CONTEXT PingContext );
VOIDNlScavengeOldChallenges( VOID );
VOIDNlRemoveChallengeForClient( IN LPWSTR ClientName OPTIONAL, IN LPWSTR AccountName OPTIONAL, IN BOOL InterdomainTrustAccount );
//
// logonapi.c
//
NTSTATUSNlpUserValidateHigher ( IN PCLIENT_SESSION ClientSession, IN BOOLEAN DoingIndirectTrust, IN NETLOGON_LOGON_INFO_CLASS LogonLevel, IN LPBYTE LogonInformation, IN NETLOGON_VALIDATION_INFO_CLASS ValidationLevel, OUT LPBYTE * ValidationInformation, OUT PBOOLEAN Authoritative, IN OUT PULONG ExtraFlags );
VOIDNlScavengeOldFailedLogons( IN PDOMAIN_INFO DomainInfo );
VOIDDsFlagsToString( IN DWORD Flags, OUT LPSTR Buffer );
NET_API_STATUSNlInitializeAuthzRM( VOID );
VOIDNlFreeAuthzRm( VOID );
//
// ftinfo.c
//
NTSTATUSNlpGetForestTrustInfoHigher( IN PCLIENT_SESSION ClientSession, IN DWORD Flags, IN BOOLEAN ImpersonateCaller, IN BOOLEAN SessionAlreadyAuthenticated, OUT PLSA_FOREST_TRUST_INFORMATION *ForestTrustInfo );
|
