archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 5c6fe3db62
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c6fe3db62'
${ noResults }
windows-server-2003/ds/security/protocols/kerberos/server/secdata.hxx

442 lines
10 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. //+-----------------------------------------------------------------------
  2. //
  3. // File: SECDATA.hxx
  4. //
  5. // Contents: Structures for KDC global data mgmt
  6. //
  7. //
  8. // History:
  9. //
  10. //------------------------------------------------------------------------
  12. #ifndef INC__SECDATA_HXX
  13. #define INC__SECDATA_HXX
  15. // A bunch of include files that this file depends on...
  17. extern "C" {
  18. #include <nturtl.h>
  19. }
  20. #include "kdcsvr.hxx"
  23. //+---------------------------------------------------------------------------
  24. ///////////////////////////////////////////////////////////////
  25. //
  26. //
  27. // Constants and #define macros
  28. //
  29. //
  30. // Class: CSecurityData ()
  31. //
  32. // Purpose: Global data for KDC.
  33. //
  34. // Interface:
  35. // CSecurityData -- Constructor (need to call Init(), too)
  36. // ~CSecurityData -- Frees the strings.
  37. // Init -- Initializes the data.
  38. // NextJob -- Gets a job from the job queue.
  39. // AddJob -- Adds a job to the job queue.
  40. // GetJobEvent -- Gets a handle to an event that is
  41. // set when there's a job in the queue.
  42. // KdcRealm -- return the current realm.
  43. // KdcServiceName -- return "krbtgt"
  44. // KdcFullServiceName -- return "realm\krbtgt"
  45. // MachineName -- return machine name
  46. // KdcTgtTicketLifespan --
  47. // KdcTgsTicketLifespan --
  48. // KdcTicketRenewSpan --
  49. // KdcFlags --
  50. // DebugShowState --
  51. // DebugSetState --
  52. // DebugGetState --
  53. //
  54. // History: 4-02-93 WadeR Created
  55. //
  56. // Notes:
  57. //
  58. //----------------------------------------------------------------------------
  60. class CSecurityData {
  61. private:
  62. //
  63. // Private data
  64. //
  67. // Site constants
  68. KERB_REALM _KerbRealmName;
  69. KERB_REALM _KerbDnsRealmName;
  70. UNICODE_STRING _RealmName;
  71. UNICODE_STRING _DnsRealmName;
  72. UNICODE_STRING _KDC_Name;
  73. UNICODE_STRING _KDC_FullName;
  74. UNICODE_STRING _KDC_FullDnsName;
  75. UNICODE_STRING _KDC_FullKdcName;
  76. UNICODE_STRING _MachineName;
  77. UNICODE_STRING _SamMachineName; // got a $
  78. UNICODE_STRING _MachineUpn;
  79. UNICODE_STRING _ForestRoot;
  80. PKERB_INTERNAL_NAME _KrbtgtServiceName;
  81. PKERB_INTERNAL_NAME _KpasswdServiceName;
  82. LARGE_INTEGER _KDC_TgsTicketLifespan;
  83. LARGE_INTEGER _KDC_TgtTicketLifespan;
  84. LARGE_INTEGER _KDC_TicketRenewSpan;
  85. LARGE_INTEGER _KDC_DomainPasswordReplSkew;
  86. LARGE_INTEGER _KDC_RestrictionLifetime; // how long after a ticket is issued do we need to start checking restrictions again
  87. DWORD _KDC_Flags;
  88. ULONG _KDC_AuditEvents;
  89. KDC_TICKET_INFO _KrbtgtTicketInfo;
  90. BOOLEAN _KrbtgtTicketInfoValid;
  91. BOOLEAN _KDC_CrossForestEnabled;
  92. BOOLEAN _KDC_IsForestRoot;
  93. LARGE_INTEGER _KrbtgtPasswordLastSet;
  95. // Locks
  96. RTL_RESOURCE _Monitor;
  97. BOOLEAN _fMonitorInitialized;
  99. //
  100. // Private functions
  101. //
  103. public:
  105. //
  106. // Public functions
  107. //
  109. CSecurityData();
  110. ~CSecurityData(void);
  111. VOID Cleanup();
  113. NTSTATUS InitLock();
  114. NTSTATUS Init();
  115. NTSTATUS LoadParameters(SAM_HANDLE Domain);
  116. NTSTATUS ReloadPolicy(POLICY_NOTIFICATION_INFORMATION_CLASS Class);
  117. KERBERR GetKrbtgtTicketInfo(PKDC_TICKET_INFO TicketInfo);
  118. NTSTATUS UpdateKrbtgtTicketInfo();
  119. NTSTATUS SetForestRoot(PUNICODE_STRING NewForestRoot);
  122. // Site (domain) constants
  123. inline PUNICODE_STRING KdcRealmName();
  124. inline PUNICODE_STRING KdcDnsRealmName();
  125. inline KERB_REALM KdcKerbDnsRealmName();
  126. inline PUNICODE_STRING KdcServiceName();
  127. inline PUNICODE_STRING KdcFullServiceName();
  128. inline PUNICODE_STRING KdcFullServiceDnsName();
  129. inline PUNICODE_STRING KdcFullServiceKdcName();
  130. inline PUNICODE_STRING MachineName();
  131. inline PUNICODE_STRING MachineUpn();
  132. inline NTSTATUS GetKdcForestRoot(PUNICODE_STRING Temp);
  133. inline PKERB_INTERNAL_NAME KdcInternalName();
  134. inline PKERB_INTERNAL_NAME KpasswdInternalName();
  135. inline LARGE_INTEGER KdcTgtTicketLifespan();
  136. inline LARGE_INTEGER KdcTgsTicketLifespan();
  137. inline LARGE_INTEGER KdcTicketRenewSpan();
  138. inline LARGE_INTEGER KdcDomainPasswordReplSkew();
  139. inline LARGE_INTEGER KdcRestrictionLifetime();
  140. inline DWORD KdcFlags();
  141. inline VOID SetCrossForestEnabled(BOOLEAN NewState);
  142. inline VOID ReadLock();
  143. inline VOID WriteLock();
  144. inline VOID Unlock();
  145. #if DBG
  146. inline BOOL IsLocked();
  147. #endif
  148. inline BOOL AuditKdcEvent( ULONG EventToAudit );
  149. inline BOOLEAN IsCrossForestEnabled();
  150. inline BOOLEAN IsForestRoot( );
  151. inline BOOLEAN IsOurMachineName(PUNICODE_STRING Name);
  152. inline BOOLEAN IsOurRealm(PUNICODE_STRING Realm);
  153. inline BOOLEAN IsOurRealm(PKERB_REALM Realm);
  154. inline LARGE_INTEGER KrbtgtPasswordLastSet();
  156. #if DBG
  157. void DebugShowState(void);
  158. HRESULT DebugSetState(DWORD, LARGE_INTEGER, LARGE_INTEGER );
  159. HRESULT DebugGetState(DWORD *, LARGE_INTEGER *, LARGE_INTEGER * );
  160. #endif
  161. };
  164. //
  165. // Inline functions
  166. //
  168. inline PUNICODE_STRING
  169. CSecurityData::KdcServiceName()
  170. {
  171. return( &_KDC_Name);
  172. };
  174. inline PUNICODE_STRING
  175. CSecurityData::KdcFullServiceName()
  176. {
  177. return( &_KDC_FullName);
  178. };
  180. inline PUNICODE_STRING
  181. CSecurityData::KdcFullServiceDnsName()
  182. {
  183. return( &_KDC_FullDnsName);
  184. };
  187. inline NTSTATUS
  188. CSecurityData::GetKdcForestRoot(PUNICODE_STRING Output)
  189. {
  190. NTSTATUS Status = STATUS_POLICY_OBJECT_NOT_FOUND;
  192. ReadLock();
  194. if (_ForestRoot.Buffer != NULL)
  195. {
  196. Status = KerbDuplicateString(
  197. Output,
  198. &_ForestRoot
  199. );
  200. }
  202. Unlock();
  204. return ( Status );
  205. };
  207. inline BOOLEAN
  208. CSecurityData::IsCrossForestEnabled()
  209. {
  210. return( _KDC_CrossForestEnabled);
  211. };
  213. inline BOOLEAN
  214. CSecurityData::IsForestRoot()
  215. {
  216. return( _KDC_IsForestRoot);
  217. };
  222. inline VOID
  223. CSecurityData::SetCrossForestEnabled(BOOLEAN NewState)
  224. {
  225. WriteLock();
  227. _KDC_CrossForestEnabled = NewState;
  229. Unlock();
  230. }
  233. inline PUNICODE_STRING
  234. CSecurityData::KdcFullServiceKdcName()
  235. {
  236. return( &_KDC_FullKdcName);
  237. };
  240. inline PUNICODE_STRING
  241. CSecurityData::KdcRealmName()
  242. {
  243. return( &_RealmName );
  244. }
  246. inline PUNICODE_STRING
  247. CSecurityData::KdcDnsRealmName()
  248. {
  249. return( &_DnsRealmName );
  250. }
  252. inline KERB_REALM
  253. CSecurityData::KdcKerbDnsRealmName()
  254. {
  255. return( _KerbDnsRealmName );
  256. }
  258. inline PKERB_INTERNAL_NAME
  259. CSecurityData::KdcInternalName()
  260. {
  261. return( _KrbtgtServiceName );
  262. }
  264. inline PKERB_INTERNAL_NAME
  265. CSecurityData::KpasswdInternalName()
  266. {
  267. return( _KpasswdServiceName );
  268. }
  271. inline BOOLEAN
  272. CSecurityData::IsOurMachineName(
  273. IN PUNICODE_STRING Name
  274. )
  275. {
  276. return (RtlEqualUnicodeString(Name, &_MachineName, TRUE) ||
  277. RtlEqualUnicodeString(Name, &_SamMachineName, TRUE));
  279. }
  282. inline BOOLEAN
  283. CSecurityData::IsOurRealm(
  284. IN PKERB_REALM Realm
  285. )
  286. {
  288. return(KerbCompareRealmNames(
  289. Realm,
  290. &_KerbDnsRealmName
  291. ) ||
  292. KerbCompareRealmNames(
  293. Realm,
  294. &_KerbRealmName));
  295. }
  297. inline BOOLEAN
  298. CSecurityData::IsOurRealm(
  299. IN PUNICODE_STRING Realm
  300. )
  301. {
  303. return(KerbCompareUnicodeRealmNames(
  304. Realm,
  305. &_DnsRealmName
  306. ) ||
  307. KerbCompareUnicodeRealmNames(
  308. Realm,
  309. &_RealmName
  310. ));
  311. }
  314. inline PUNICODE_STRING
  315. CSecurityData::MachineName()
  316. {
  317. return( &_MachineName);
  318. };
  320. inline PUNICODE_STRING
  321. CSecurityData::MachineUpn()
  322. {
  323. return( &_MachineUpn);
  324. };
  326. inline LARGE_INTEGER
  327. CSecurityData::KdcTgtTicketLifespan()
  328. {
  329. LARGE_INTEGER Temp;
  330. ReadLock();
  331. Temp = _KDC_TgtTicketLifespan;
  332. Unlock();
  333. return(Temp);
  335. };
  337. inline LARGE_INTEGER
  338. CSecurityData::KdcTgsTicketLifespan()
  339. {
  340. LARGE_INTEGER Temp;
  341. ReadLock();
  342. Temp = _KDC_TgsTicketLifespan;
  343. Unlock();
  344. return(Temp);
  346. };
  348. inline LARGE_INTEGER
  349. CSecurityData::KdcTicketRenewSpan()
  350. {
  351. LARGE_INTEGER Temp;
  352. ReadLock();
  353. Temp = _KDC_TicketRenewSpan;
  354. Unlock();
  355. return( Temp );
  356. };
  358. inline LARGE_INTEGER
  359. CSecurityData::KdcDomainPasswordReplSkew()
  360. {
  361. LARGE_INTEGER Temp;
  362. ReadLock();
  363. Temp = _KDC_DomainPasswordReplSkew;
  364. Unlock();
  365. return( Temp );
  366. };
  368. inline LARGE_INTEGER
  369. CSecurityData::KdcRestrictionLifetime()
  370. {
  371. LARGE_INTEGER Temp;
  372. ReadLock();
  373. Temp = _KDC_RestrictionLifetime;
  374. Unlock();
  375. return( Temp );
  376. };
  378. inline DWORD
  379. CSecurityData::KdcFlags()
  380. {
  381. ULONG Temp;
  382. ReadLock();
  383. Temp = _KDC_Flags;
  384. Unlock();
  385. return( Temp );
  386. };
  388. inline BOOL
  389. CSecurityData::AuditKdcEvent(
  390. IN ULONG AuditEvent
  391. )
  392. {
  393. return( ( (_KDC_AuditEvents & AuditEvent) != 0) ? TRUE : FALSE);
  394. };
  396. inline VOID
  397. CSecurityData::ReadLock()
  398. {
  399. RtlAcquireResourceShared(&_Monitor, TRUE);
  400. }
  402. inline VOID
  403. CSecurityData::WriteLock()
  404. {
  405. RtlAcquireResourceExclusive(&_Monitor, TRUE);
  406. }
  408. inline VOID
  409. CSecurityData::Unlock()
  410. {
  411. RtlReleaseResource(&_Monitor);
  412. }
  414. #if DBG
  415. BOOL
  416. CSecurityData::IsLocked()
  417. {
  418. BOOLEAN IsLocked;
  420. RtlEnterCriticalSection( &_Monitor.CriticalSection );
  421. IsLocked = ( _Monitor.NumberOfActive != 0);
  422. RtlLeaveCriticalSection( &_Monitor.CriticalSection );
  424. return IsLocked;
  425. }
  426. #endif
  428. inline LARGE_INTEGER
  429. CSecurityData::KrbtgtPasswordLastSet()
  430. {
  431. LARGE_INTEGER Temp = {0};
  432. ReadLock();
  433. if (_KrbtgtTicketInfoValid)
  434. {
  435. Temp = _KrbtgtPasswordLastSet;
  436. }
  437. Unlock();
  438. return( Temp );
  440. }
  442. #endif // INC__SECDATA_HXX