archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 5c6fe3db62
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c6fe3db62'
${ noResults }
windows-server-2003/public/internal/ds/inc/ntsamp.h

354 lines
11 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. /*++
  3. Copyright (c) 1992 Microsoft Corporation
  5. Module Name:
  7. ntsamp.h
  9. Abstract:
  11. This file contains structures that would normally be part of ntsam.h
  12. but are intended for system use only.
  14. Author:
  16. David Chalmers (Davidc) 27-Mar-1992
  18. Environment:
  20. User Mode - Win32
  22. Revision History:
  25. --*/
  28. #ifndef _NTSAMPRIVATE_
  29. #define _NTSAMPRIVATE_
  33. #include <crypt.h>
  34. #include <lsass.h>
  39. //
  40. // Structures usable in SetUserInformation and QueryUserInformation API calls
  41. // by trusted clients only
  42. //
  45. typedef struct _USER_INTERNAL1_INFORMATION {
  46. NT_OWF_PASSWORD NtOwfPassword;
  47. LM_OWF_PASSWORD LmOwfPassword;
  48. BOOLEAN NtPasswordPresent;
  49. BOOLEAN LmPasswordPresent;
  50. BOOLEAN PasswordExpired; // A 'write-only' flag
  51. } USER_INTERNAL1_INFORMATION, *PUSER_INTERNAL1_INFORMATION;
  54. typedef struct _USER_INTERNAL2_INFORMATION {
  55. ULONG StatisticsToApply;
  56. OLD_LARGE_INTEGER LastLogon;
  57. OLD_LARGE_INTEGER LastLogoff;
  58. USHORT BadPasswordCount;
  59. USHORT LogonCount;
  60. } USER_INTERNAL2_INFORMATION;
  62. typedef struct _USER_INTERNAL2A_INFORMATION {
  63. ULONG StatisticsToApply;
  64. OLD_LARGE_INTEGER LastLogon;
  65. OLD_LARGE_INTEGER LastLogoff;
  66. USHORT BadPasswordCount;
  67. USHORT LogonCount;
  68. UNICODE_STRING Workstation;
  69. } USER_INTERNAL2A_INFORMATION, *PUSER_INTERNAL2A_INFORMATION;
  71. //
  72. //
  73. //
  74. // The following flags may be used in the StatisticsToApply field.
  75. //
  76. // USER_LOGON_STAT_LAST_LOGOFF - Replace the LastLogoff time in the
  77. // user record.
  78. //
  79. // USER_LOGON_STATUS_LAST_LOGON - Replace the LastLogon time in the
  80. // user record.
  81. //
  82. // USER_LOGON_STATUS_BAD_PWD_COUNT - Replace the BadPasswordCount
  83. // field in the user record.
  84. //
  85. // USER_LOGON_STATUS_LOGON_COUNT - Replace the LogonCount field in the
  86. // user record.
  87. //
  88. // USER_LOGON_SUCCESSFUL_LOGON - Change user field values to indicate
  89. // that a successful logon has occurred.
  90. //
  91. // USER_LOGON_SUCCESSFUL_LOGOFF - Change user field values to indicate
  92. // that a successful logoff has occurred.
  93. //
  94. // USER_LOGON_BAD_PASSWORD - Change user field values to indicate that
  95. // an attempt was made to logon to the account with a bad password.
  96. //
  97. // USER_LOGON_BAD_PASSWORD_WKSTA - Change user field values to indicate that
  98. // an attempt was made to logon to the account with a bad password.
  99. // The client workstation name is being supplied in the INTERNAL2A
  100. // structure.
  101. //
  102. // USER_LOGON_TYPE_KERBEROS - Indicates the authentication type was
  103. // KERBEROS.
  104. //
  105. // USER_LOGON_TYPE_NTLM - Indicates the authentication type was NTLM.
  106. //
  107. // USER_LOGON_NO_LOGON_SERVERS -- Indicates that no logon servers could be
  108. // found (specifically no GC's could be found)
  109. // (this is a failure case).
  110. //
  111. // USER_LOGON_NO_WRITE -- Indicates to SAM not to update the logon statistics
  112. // This can be useful to notify SAM that a logon
  113. // has completed, but not have the penalty of writing
  114. // to the disk
  115. //
  116. // USER_LOGON_INTER_FAILURE -- this indicates that it was an interactive
  117. // logon that failed
  118. //
  119. // USER_LOGON_PDC_RETRY_SUCCESS -- this indicates that the authentication
  120. // had previously failed locally but
  121. // succeeded at the PDC
  122. //
  123. // NOTE:
  124. // USER_LOGON_INTER_SUCCESS_LOGOFF
  125. // USER_LOGON_NET_SUCCESS_LOGOFF
  126. //
  127. // may not be used in conjunction with ANY other flags (including
  128. // each other). That is, when one of these flags is used, there
  129. // may be NO other flags set in StatisticsToApply.
  130. //
  131. // NOTE2:
  132. //
  133. // USER_LOGON_BAD_PASSWORD
  134. // USER_LOGON_INTER_SUCCESS_LOGON
  135. // USER_LOGON_NET_SUCCESS_LOGON
  136. //
  137. // may be used in conjunction ONLY with ONE of USER_LOGON_TYPE_KERBEROS or
  138. // USER_LOGON_TYPE_NTLM.
  140. #define USER_LOGON_STAT_LAST_LOGOFF (0x00000001L)
  141. #define USER_LOGON_STAT_LAST_LOGON (0x00000002L)
  142. #define USER_LOGON_STAT_BAD_PWD_COUNT (0x00000004L)
  143. #define USER_LOGON_STAT_LOGON_COUNT (0x00000008L)
  145. #define USER_LOGON_PDC_RETRY_SUCCESS (0x00100000L)
  146. #define USER_LOGON_INTER_FAILURE (0x00200000L)
  147. #define USER_LOGON_NO_WRITE (0x00400000L)
  148. #define USER_LOGON_NO_LOGON_SERVERS (0x00800000L)
  149. #define USER_LOGON_INTER_SUCCESS_LOGON (0x01000000L)
  150. #define USER_LOGON_TYPE_NTLM (0x02000000L)
  151. #define USER_LOGON_TYPE_KERBEROS (0x04000000L)
  152. #define USER_LOGON_BAD_PASSWORD (0x08000000L)
  153. #define USER_LOGON_BAD_PASSWORD_WKSTA (0x10000000L)
  154. #define USER_LOGON_INTER_SUCCESS_LOGOFF (0x20000000L)
  155. #define USER_LOGON_NET_SUCCESS_LOGON (0x40000000L)
  156. #define USER_LOGON_NET_SUCCESS_LOGOFF (0x80000000L)
  159. typedef struct _USER_INTERNAL3_INFORMATION {
  160. USER_ALL_INFORMATION I1;
  161. LARGE_INTEGER LastBadPasswordTime;
  162. } USER_INTERNAL3_INFORMATION, *PUSER_INTERNAL3_INFORMATION;
  165. typedef struct _USER_ALLOWED_TO_DELEGATE_TO_LIST {
  166. ULONG Size;
  167. ULONG NumSPNs;
  168. UNICODE_STRING SPNList[ANYSIZE_ARRAY];
  169. } USER_ALLOWED_TO_DELEGATE_TO_LIST, *PUSER_ALLOWED_TO_DELEGATE_TO_LIST;
  171. typedef USER_ALLOWED_TO_DELEGATE_TO_LIST USER_SPN_LIST, *PUSER_SPN_LIST;
  174. typedef struct _USER_INTERNAL6_INFORMATION {
  175. USER_ALL_INFORMATION I1;
  176. LARGE_INTEGER LastBadPasswordTime;
  177. ULONG ExtendedFields;
  178. BOOLEAN UPNDefaulted;
  179. UNICODE_STRING UPN;
  180. PUSER_ALLOWED_TO_DELEGATE_TO_LIST A2D2List;
  181. PUSER_SPN_LIST RegisteredSPNs;
  182. ULONG KeyVersionNumber;
  183. ULONG LockoutThreshold;
  184. } USER_INTERNAL6_INFORMATION, *PUSER_INTERNAL6_INFORMATION;
  186. //
  187. // The following fields are to be used in the extended fields
  188. // member of USER_INTERNAL6_INFORMATION
  189. //
  192. #define USER_EXTENDED_FIELD_UPN (0x00000001L)
  193. #define USER_EXTENDED_FIELD_A2D2 (0x00000002L)
  194. #define USER_EXTENDED_FIELD_SPN (0x00000004L)
  195. #define USER_EXTENDED_FIELD_KVNO (0x00000008L)
  196. #define USER_EXTENDED_FIELD_LOCKOUT_THRESHOLD (0x00000010L)
  198. // Reserved for internal use
  199. #define USER_EXTENDED_FIELD_RESERVED (0xFF000000L)
  201. //
  202. // The following is for SamrGetUserDomainPasswordInformation(), which is
  203. // only used in wrappers.c.
  204. //
  206. typedef struct _USER_DOMAIN_PASSWORD_INFORMATION {
  207. USHORT MinPasswordLength;
  208. ULONG PasswordProperties;
  209. } USER_DOMAIN_PASSWORD_INFORMATION, *PUSER_DOMAIN_PASSWORD_INFORMATION;
  212. //
  213. // This flag may be or'd with the length field of SAMP_USER_PASSWORD to
  214. // indicate that the password is not case sensitive.
  215. //
  217. #define SAM_PASSWORD_CASE_INSENSITIVE 0x80000000
  219. //
  220. // Structure to pass an encrypted password over the wire. The Length is the
  221. // length of the password, which should be placed at the end of the buffer.
  222. // The size of the buffer (256) should be kept in sync with
  223. // SAM_MAX_PASSWORD_LENGTH, which is defined in ntsam.h. Unfortunately,
  224. // MIDL does not let #define'd constants be imported, so we have to
  225. // use 256 instead of the constant here.
  226. //
  228. typedef struct _SAMPR_USER_PASSWORD {
  229. WCHAR Buffer[SAM_MAX_PASSWORD_LENGTH];
  230. ULONG Length;
  231. } SAMPR_USER_PASSWORD, *PSAMPR_USER_PASSWORD;
  233. typedef struct _SAMPR_USER_PASSWORD_NEW {
  234. WCHAR Buffer[SAM_MAX_PASSWORD_LENGTH];
  235. ULONG Length;
  236. UCHAR ClearSalt[SAM_PASSWORD_ENCRYPTION_SALT_LEN];
  237. } SAMPR_USER_PASSWORD_NEW, *PSAMPR_USER_PASSWORD_NEW;
  240. //
  241. // Buffer - contains random fill with the password filling up the end
  242. // of the buffer (the last Length bytes).
  243. // Length - Length, in bytes, of the buffer.
  244. //
  246. //
  247. // This is the encrypted version of the above structure, and is passed
  248. // on the wire.
  249. //
  251. typedef struct _SAMPR_ENCRYPTED_USER_PASSWORD {
  252. UCHAR Buffer[ (SAM_MAX_PASSWORD_LENGTH * 2) + 4 ];
  253. } SAMPR_ENCRYPTED_USER_PASSWORD, *PSAMPR_ENCRYPTED_USER_PASSWORD;
  256. typedef struct _SAMPR_ENCRYPTED_USER_PASSWORD_NEW {
  257. UCHAR Buffer[ (SAM_MAX_PASSWORD_LENGTH * 2) + 4 + 16];
  258. } SAMPR_ENCRYPTED_USER_PASSWORD_NEW, *PSAMPR_ENCRYPTED_USER_PASSWORD_NEW;
  261. typedef enum _SAMPR_BOOT_TYPE {
  262. SamBootKeyNone = 0,
  263. SamBootKeyStored,
  264. SamBootKeyPassword,
  265. SamBootKeyDisk,
  266. SamBootChangePasswordEncryptionKey
  267. } SAMPR_BOOT_TYPE, *PSAMPR_BOOT_TYPE;
  270. //
  271. // ChangePassword API for One-Way-Function-aware clients
  272. //
  274. NTSTATUS
  275. SamiChangePasswordUser(
  276. IN SAM_HANDLE UserHandle,
  277. IN BOOLEAN LmOldPresent,
  278. IN PLM_OWF_PASSWORD LmOldOwfPassword,
  279. IN PLM_OWF_PASSWORD LmNewOwfPassword,
  280. IN BOOLEAN NtPresent,
  281. IN PNT_OWF_PASSWORD NtOldOwfPassword,
  282. IN PNT_OWF_PASSWORD NtNewOwfPassword
  283. );
  286. NTSTATUS
  287. SamiLmChangePasswordUser(
  288. IN SAM_HANDLE UserHandle,
  289. IN PENCRYPTED_LM_OWF_PASSWORD LmOldEncryptedWithLmNew,
  290. IN PENCRYPTED_LM_OWF_PASSWORD LmNewEncryptedWithLmOld
  291. );
  293. NTSTATUS
  294. SamiEncryptPasswords(
  295. IN PUNICODE_STRING OldPassword,
  296. IN PUNICODE_STRING NewPassword,
  297. OUT PSAMPR_ENCRYPTED_USER_PASSWORD NewEncryptedWithOldNt,
  298. OUT PENCRYPTED_NT_OWF_PASSWORD OldNtOwfEncryptedWithNewNt,
  299. OUT PBOOLEAN LmPresent,
  300. OUT PSAMPR_ENCRYPTED_USER_PASSWORD NewEncryptedWithOldLm,
  301. OUT PENCRYPTED_NT_OWF_PASSWORD OldLmOwfEncryptedWithNewNt
  302. );
  304. NTSTATUS
  305. SamiChangePasswordUser2(
  306. PUNICODE_STRING ServerName,
  307. PUNICODE_STRING UserName,
  308. PSAMPR_ENCRYPTED_USER_PASSWORD NewPasswordEncryptedWithOldNt,
  309. PENCRYPTED_NT_OWF_PASSWORD OldNtOwfPasswordEncryptedWithNewNt,
  310. BOOLEAN LmPresent,
  311. PSAMPR_ENCRYPTED_USER_PASSWORD NewPasswordEncryptedWithOldLm,
  312. PENCRYPTED_LM_OWF_PASSWORD OldLmOwfPasswordEncryptedWithNewLmOrNt
  313. );
  315. NTSTATUS
  316. SamiOemChangePasswordUser2(
  317. PSTRING ServerName,
  318. PSTRING UserName,
  319. PSAMPR_ENCRYPTED_USER_PASSWORD NewPasswordEncryptedWithOldLm,
  320. PENCRYPTED_LM_OWF_PASSWORD OldLmOwfPasswordEncryptedWithNewLm
  321. );
  323. NTSTATUS
  324. SamiGetBootKeyInformation(
  325. IN SAM_HANDLE DomainHandle,
  326. OUT PSAMPR_BOOT_TYPE BootOptions
  327. );
  329. NTSTATUS
  330. SamiSetBootKeyInformation(
  331. IN SAM_HANDLE DomainHandle,
  332. IN SAMPR_BOOT_TYPE BootOptions,
  333. IN PUNICODE_STRING OldBootKey, OPTIONAL
  334. IN PUNICODE_STRING NewBootKey OPTIONAL
  335. );
  337. NTSTATUS
  338. SamiSetDSRMPassword(
  339. IN PUNICODE_STRING ServerName,
  340. IN ULONG UserId,
  341. IN PUNICODE_STRING ClearPassword
  342. );
  344. NTSTATUS
  345. SamiSetDSRMPasswordOWF(
  346. IN PUNICODE_STRING ServerName,
  347. IN ULONG UserId,
  348. IN PNT_OWF_PASSWORD NtPassword
  349. );
  351. NTSTATUS
  352. SamiChangeKeys();
  354. #endif // _NTSAMPRIVATE_