//+----------------------------------------------------------------------- // // Microsoft Windows // // Copyright (c) Microsoft Corporation 1991 - 1992 // // File: SPMLPC.H // // Contents: Defines for the LPC to the SPMgr // // // History: 2 Mar 94 MikeSw Created // //------------------------------------------------------------------------ #ifndef __SPMLPC_H__ #define __SPMLPC_H__ // // Pickup the LSA lpc messages for compatiblity // #pragma warning(disable:4200) #include #include #define SPM_PORTNAME L"\\LsaAuthenticationPort" #define SPM_EVENTNAME L"\\SECURITY\\LSA_AUTHENTICATION_INITIALIZED" #define SPM_AUTH_PKG_FLAG 0x00001000 // // Buffers that will fit into the message are placed in there and the // their pointers will be replaced with this value. Since all buffers and // strings are sent with their lengths, to unpack the data move pull out the // buffers in the order they are listed in the API message. // // Since all buffers must be passed from VM, any address above 0x80000000 // will not be confused for an address // #define SEC_PACKED_BUFFER_VALUE (IntToPtr(0xFFFFFFFF)) // // Max secbuffers allowed in a SecBufferDesc // #define MAX_SECBUFFERS 10 // // This bit gets set in the SecurityMode word, indicating that the DLL // is running in the LSA process. The DLL will turn around and get the // direct dispatch routine, and avoid the whole LPC issue // #define LSA_MODE_SAME_PROCESS 0x00010000 // // This flag is added to the version information in a SecBufferDesc to // indicate that the memory is already mapped to the LSA. // #define LSA_MEMORY_KERNEL_MAP 0x80000000 #define LSA_SECBUFFER_VERSION_MASK 0x0000FFFF // // Conditional type definition for Wow64 environment. The LPC messages // are kept "native" size, so pointers are full size. The WOW environment // will do the thunking. LPC messages are defined with types that are // always the correct size using these "aliases". // #ifdef BUILD_WOW64 #pragma message("Building for WOW64") #define ALIGN_WOW64 __declspec(align(8)) #define GET_WOW64_PTR(_Wow64Ptr_) PtrToUlong(_Wow64Ptr_) #define POINTER_FORMAT "%I64X" #if 0 typedef WCHAR * __ptr64 PWSTR_LPC ; typedef VOID * __ptr64 PVOID_LPC ; #else typedef ULONGLONG PWSTR_LPC ; typedef ULONGLONG PVOID_LPC ; typedef ULONGLONG PSID_LPC ; #endif typedef struct _SECURITY_STRING_WOW64 { USHORT Length ; USHORT MaximumLength ; PWSTR_LPC Buffer ; } SECURITY_STRING_WOW64, * PSECURITY_STRING_WOW64 ; typedef struct _SEC_HANDLE_WOW64 { PVOID_LPC dwLower ; PVOID_LPC dwUpper ; } SEC_HANDLE_WOW64, * PSEC_HANDLE_WOW64 ; typedef struct _SEC_BUFFER_WOW64 { unsigned long cbBuffer ; unsigned long BufferType ; PVOID_LPC pvBuffer ; } SEC_BUFFER_WOW64, * PSEC_BUFFER_WOW64 ; typedef struct _SEC_BUFFER_DESC_WOW64 { unsigned long ulVersion ; unsigned long cBuffers ; PVOID_LPC pBuffers ; } SEC_BUFFER_DESC_WOW64, * PSEC_BUFFER_DESC_WOW64 ; typedef struct _SECPKG_INFO_WOW64 { ULONG fCapabilities; USHORT wVersion; USHORT wRPCID; ULONG cbMaxToken; PWSTR_LPC Name; PWSTR_LPC Comment; } SECPKG_INFO_WOW64, * PSECPKG_INFO_WOW64; typedef struct _SECPKGCONTEXT_NEGOTIATIONINFOWOW64 { PVOID_LPC pPackageInfo64; ULONG NegotiationState; } SECPKGCONTEXT_NEGOTIATIONINFOWOW64, *PSECPKGCONTEXT_NEGOTIATIONINFOWOW64; typedef struct _SECURITY_USER_DATA_WOW64 { SECURITY_STRING_WOW64 UserName; SECURITY_STRING_WOW64 LogonDomainName; SECURITY_STRING_WOW64 LogonServer; PSID_LPC pSid; } SECURITY_USER_DATA_WOW64, * PSECURITY_USER_DATA_WOW64; typedef SECURITY_STRING_WOW64 SECURITY_STRING_LPC ; typedef SEC_HANDLE_WOW64 SEC_HANDLE_LPC ; typedef SEC_BUFFER_DESC_WOW64 SEC_BUFFER_DESC_LPC ; typedef SEC_BUFFER_WOW64 SEC_BUFFER_LPC ; typedef PVOID_LPC LSA_SEC_HANDLE_LPC ; #define SecpSecurityStringToLpc( L, S ) \ (L)->Length = (S)->Length ; \ (L)->MaximumLength = (S)->MaximumLength ; \ (L)->Buffer = (PWSTR_LPC) GET_WOW64_PTR(((S)->Buffer)) ; #define SecpLpcStringToSecurityString( S, L ) \ (S)->Length = (L)->Length ; \ (S)->MaximumLength = (L)->MaximumLength ; \ (S)->Buffer = (PWSTR) ( (L)->Buffer ); \ #define SecpSecBufferToLpc( L, S )\ (L)->cbBuffer = (S)->cbBuffer ; \ (L)->BufferType = (S)->BufferType ; \ (L)->pvBuffer = (PVOID_LPC) GET_WOW64_PTR((S)->pvBuffer) ; #define SecpLpcBufferToSecBuffer( S, L ) \ (S)->cbBuffer = (L)->cbBuffer ; \ (S)->BufferType = (L)->BufferType ; \ (S)->pvBuffer = (PVOID) (L)->pvBuffer ; #define SecpSecBufferDescToLpc( L, S )\ (L)->ulVersion = (S)->ulVersion ; \ (L)->cBuffers = (S)->cBuffers ; \ (L)->pBuffers = (PVOID_LPC) GET_WOW64_PTR((S)->pBuffers) ; #define SecpLpcBufferDescToSecBufferDesc( S, L ) \ (S)->ulVersion = (L)->ulVersion ; \ (S)->cBuffers = (L)->cBuffers ; \ (S)->pBuffers = (PSecBuffer) (L)->pBuffers ; #define SecpSecPkgInfoToLpc( L, S ) \ (L)->fCapabilities = (S)->fCapabilities ; \ (L)->wVersion = (S)->wVersion ; \ (L)->wRPCID = (S)->wRPCID ; \ (L)->cbMaxToken = (S)->cbMaxToken ; \ (L)->Name = (PWSTR_LPC) (S)->Name ; \ (L)->Comment = (PWSTR_LPC) GET_WOW64_PTR((S)->Comment) ; #define SecpLpcPkgInfoToSecPkgInfo( S, L ) \ (S)->fCapabilities = (L)->fCapabilities ; \ (S)->wVersion = (L)->wVersion ; \ (S)->wRPCID = (L)->wRPCID ; \ (S)->cbMaxToken = (L)->cbMaxToken ; \ (S)->Name = (SEC_WCHAR *) (L)->Name ; \ (S)->Comment = (SEC_WCHAR *) (L)->Comment ; #else #define ALIGN_WOW64 #define POINTER_FORMAT "%p" typedef SECURITY_STRING SECURITY_STRING_LPC ; typedef PVOID PVOID_LPC ; typedef SecHandle SEC_HANDLE_LPC ; typedef SecBufferDesc SEC_BUFFER_DESC_LPC ; typedef SecBuffer SEC_BUFFER_LPC ; typedef PWSTR PWSTR_LPC ; typedef LSA_SEC_HANDLE LSA_SEC_HANDLE_LPC ; #define SecpSecurityStringToLpc( L, S ) \ *(L) = *(S) ; #define SecpLpcStringToSecurityString( S, L ) \ *(S) = *(L) ; #define SecpSecBufferToLpc( L, S ) \ *(L) = *(S) ; #define SecpLpcBufferToSecBuffer( S, L ) \ *(S) = *(L) ; #define SecpSecBufferDescToLpc( L, S ) \ *(L) = *(S) ; #define SecpLpcBufferDescToSecBufferDesc( S, L ) \ *(S) = *(L) ; #endif typedef SEC_HANDLE_LPC CRED_HANDLE_LPC, * PCRED_HANDLE_LPC ; typedef SEC_HANDLE_LPC CONTEXT_HANDLE_LPC, * PCONTEXT_HANDLE_LPC ; typedef SEC_HANDLE_LPC * PSEC_HANDLE_LPC ; typedef SEC_BUFFER_LPC * PSEC_BUFFER_LPC ; // // Connection specific data types // // // The following are message structures for internal routines, such as // synchronization and state messages // #define PACKAGEINFO_THUNKS 16 typedef struct _SEC_PACKAGE_BINDING_INFO_LPC { SECURITY_STRING_LPC PackageName; SECURITY_STRING_LPC Comment; SECURITY_STRING_LPC ModuleName; ULONG PackageIndex; ULONG fCapabilities; ULONG Flags; ULONG RpcId; ULONG Version; ULONG TokenSize; ULONG ContextThunksCount ; ULONG ContextThunks[ PACKAGEINFO_THUNKS ] ; } SEC_PACKAGE_BINDING_INFO_LPC, * PSEC_PACKAGE_BINDING_INFO_LPC ; #ifdef BUILD_WOW64 typedef struct _SEC_PACKAGE_BINDING_INFO { SECURITY_STRING PackageName; SECURITY_STRING Comment; SECURITY_STRING ModuleName; ULONG PackageIndex; ULONG fCapabilities; ULONG Flags; ULONG RpcId; ULONG Version; ULONG TokenSize; ULONG ContextThunksCount ; ULONG ContextThunks[ PACKAGEINFO_THUNKS ] ; } SEC_PACKAGE_BINDING_INFO, * PSEC_PACKAGE_BINDING_INFO ; #else typedef SEC_PACKAGE_BINDING_INFO_LPC SEC_PACKAGE_BINDING_INFO ; typedef SEC_PACKAGE_BINDING_INFO_LPC * PSEC_PACKAGE_BINDING_INFO ; #endif #define PACKAGEINFO_BUILTIN 0x00000001 #define PACKAGEINFO_AUTHPKG 0x00000002 #define PACKAGEINFO_SIGNED 0x00000004 typedef struct _SPMGetBindingAPI { LSA_SEC_HANDLE_LPC ulPackageId; SEC_PACKAGE_BINDING_INFO_LPC BindingInfo; } SPMGetBindingAPI; // // Internal SetSession API. // not supported in Wow64 // typedef struct _SPMSetSession { ULONG Request; ULONG_PTR Argument ; ULONG_PTR Response; PVOID ResponsePtr; PVOID Extra ; } SPMSetSessionAPI; #define SETSESSION_GET_STATUS 0x00000001 #define SETSESSION_ADD_WORKQUEUE 0x00000002 #define SETSESSION_REMOVE_WORKQUEUE 0x00000003 #define SETSESSION_GET_DISPATCH 0x00000004 typedef struct _SPMFindPackageAPI { SECURITY_STRING_LPC ssPackageName; LSA_SEC_HANDLE_LPC ulPackageId; } SPMFindPackageAPI; // The following are message structures. Not surprisingly, they look a // lot like the API signatures. Keep that in mind. // EnumeratePackages API typedef struct _SPMEnumPackagesAPI { ULONG cPackages; // OUT PSecPkgInfo pPackages; // OUT } SPMEnumPackagesAPI; // // Credential APIs // // AcquireCredentialsHandle API typedef struct _SPMAcquireCredsAPI { SECURITY_STRING_LPC ssPrincipal; // IN SECURITY_STRING_LPC ssSecPackage; // IN ULONG fCredentialUse; // IN LUID LogonID; // IN PVOID_LPC pvAuthData; // IN PVOID_LPC pvGetKeyFn; // IN PVOID_LPC ulGetKeyArgument; // IN CRED_HANDLE_LPC hCredential; // OUT TimeStamp tsExpiry; // OUT SEC_BUFFER_LPC AuthData ; // IN } SPMAcquireCredsAPI; // EstablishCredentials API // not supported in Wow64 typedef struct _SPMEstablishCredsAPI { SECURITY_STRING Name; // IN SECURITY_STRING Package; // IN ULONG cbKey; // IN PUCHAR pbKey; // IN CredHandle hCredentials; // OUT TimeStamp tsExpiry; // OUT } SPMEstablishCredsAPI; // FreeCredentialsHandle API typedef struct _SPMFreeCredHandleAPI { CRED_HANDLE_LPC hCredential; } SPMFreeCredHandleAPI; // // Context APIs // // InitializeSecurityContext API typedef struct _SPMInitSecContextAPI { CRED_HANDLE_LPC hCredential; // IN CONTEXT_HANDLE_LPC hContext; // IN SECURITY_STRING_LPC ssTarget; // IN ULONG fContextReq; // IN ULONG dwReserved1; // IN ULONG TargetDataRep; // IN SEC_BUFFER_DESC_LPC sbdInput; // IN ULONG dwReserved2; // IN CONTEXT_HANDLE_LPC hNewContext; // OUT SEC_BUFFER_DESC_LPC sbdOutput; // IN OUT ULONG fContextAttr; // OUT TimeStamp tsExpiry; // OUT BOOLEAN MappedContext; // OUT SEC_BUFFER_LPC ContextData; // OUT SEC_BUFFER_LPC sbData[0]; // IN } SPMInitContextAPI; // AcceptSecurityContext API typedef struct _SPMAcceptContextAPI { CRED_HANDLE_LPC hCredential; // IN CONTEXT_HANDLE_LPC hContext; // IN SEC_BUFFER_DESC_LPC sbdInput; // IN ULONG fContextReq; // IN ULONG TargetDataRep; // IN CHAR IpAddress[LSAP_ADDRESS_LENGTH]; // IN CONTEXT_HANDLE_LPC hNewContext; // OUT SEC_BUFFER_DESC_LPC sbdOutput; // IN OUT ULONG fContextAttr; // OUT TimeStamp tsExpiry; // OUT BOOLEAN MappedContext; // OUT SEC_BUFFER_LPC ContextData; // OUT SEC_BUFFER_LPC sbData[0]; // IN OUT } SPMAcceptContextAPI; // // ApplyControlToken API // typedef struct _SPMApplyTokenAPI { CONTEXT_HANDLE_LPC hContext ; SEC_BUFFER_DESC_LPC sbdInput ; SEC_BUFFER_LPC sbInputBuffer[ MAX_SECBUFFERS ]; } SPMApplyTokenAPI; // DeleteContext API typedef struct _SPMDeleteContextAPI { CONTEXT_HANDLE_LPC hContext; // IN - Context to delete } SPMDeleteContextAPI; // // Miscelanneous, extension APIs // // QueryPackage API typedef struct _SPMQueryPackageAPI { SECURITY_STRING_LPC ssPackageName; PSecPkgInfo pPackageInfo; } SPMQueryPackageAPI; // GetSecurityUserInfo // not supported in Wow64 typedef struct _SPMGetUserInfoAPI { LUID LogonId; // IN ULONG fFlags; // IN PSecurityUserData pUserInfo; // OUT } SPMGetUserInfoAPI; // // Credentials APIs. Not used. // typedef struct _SPMGetCredsAPI { CredHandle hCredentials; // IN SecBuffer Credentials; // OUT } SPMGetCredsAPI; typedef struct _SPMSaveCredsAPI { CredHandle hCredentials; // IN SecBuffer Credentials; // IN } SPMSaveCredsAPI; typedef struct _SPMQueryCredAttributesAPI { CRED_HANDLE_LPC hCredentials; ULONG ulAttribute; PVOID_LPC pBuffer; ULONG Allocs ; PVOID_LPC Buffers[MAX_BUFFERS_IN_CALL]; } SPMQueryCredAttributesAPI; typedef struct _SPMAddPackageAPI { SECURITY_STRING_LPC Package; ULONG OptionsFlags; } SPMAddPackageAPI ; typedef struct _SPMDeletePackageAPI { SECURITY_STRING_LPC Package; } SPMDeletePackageAPI ; typedef struct _SPMQueryContextAttrAPI { CONTEXT_HANDLE_LPC hContext ; ULONG ulAttribute ; PVOID_LPC pBuffer ; ULONG Allocs ; PVOID_LPC Buffers[MAX_BUFFERS_IN_CALL]; } SPMQueryContextAttrAPI ; typedef struct _SPMSetContextAttrAPI { CONTEXT_HANDLE_LPC hContext ; ULONG ulAttribute ; PVOID_LPC pBuffer ; ULONG cbBuffer; } SPMSetContextAttrAPI ; // // Kernel mode EFS API. None of these are Wow64 // typedef struct _SPMEfsGenerateKeyAPI { PVOID EfsStream; PVOID DirectoryEfsStream; ULONG DirectoryEfsStreamLength; PVOID Fek; ULONG BufferLength; PVOID BufferBase; } SPMEfsGenerateKeyAPI; typedef struct _SPMEfsGenerateDirEfsAPI { PVOID DirectoryEfsStream; ULONG DirectoryEfsStreamLength; PVOID EfsStream; PVOID BufferBase; ULONG BufferLength; } SPMEfsGenerateDirEfsAPI; typedef struct _SPMEfsDecryptFekAPI { PVOID Fek; PVOID EfsStream; ULONG EfsStreamLength; ULONG OpenType; PVOID NewEfs; PVOID BufferBase; ULONG BufferLength; } SPMEfsDecryptFekAPI; typedef struct _SPMEfsGenerateSessionKeyAPI { PVOID InitDataExg; } SPMEfsGenerateSessionKeyAPI; // // Usermode policy change notifications // // // Note: Instead of a HANDLE structure use a ULONG64 for EventHandle member // to guarantee that passed value will be 64 bits. If not, in Wow64 the passed // handle will be 32 bits, while the server side expects it to be 64 bits. // Therefore always extend the handle to a 64 bit variable. // typedef struct _SPMLsaPolicyChangeNotifyAPI { ULONG Options; BOOLEAN Register; ULONG64 EventHandle; POLICY_NOTIFICATION_INFORMATION_CLASS NotifyInfoClass; } SPMLsaPolicyChangeNotifyAPI; typedef struct _SPMCallbackAPI { ULONG Type; PVOID_LPC CallbackFunction; PVOID_LPC Argument1; PVOID_LPC Argument2; SEC_BUFFER_LPC Input ; SEC_BUFFER_LPC Output ; } SPMCallbackAPI ; #define SPM_CALLBACK_INTERNAL 0x00000001 // Handled by the security DLL #define SPM_CALLBACK_GETKEY 0x00000002 // Getkey function being called #define SPM_CALLBACK_PACKAGE 0x00000003 // Package function #define SPM_CALLBACK_EXPORT 0x00000004 // Ptr to string // // Fast name lookup // typedef struct _SPMGetUserNameXAPI { ULONG Options ; SECURITY_STRING_LPC Name; } SPMGetUserNameXAPI ; #define SPM_NAME_OPTION_MASK 0xFFFF0000 #define SPM_NAME_OPTION_NT4_ONLY 0x00010000 // GetUserNameX only, not Ex #define SPM_NAME_OPTION_FLUSH 0x00020000 // // AddCredential API. // typedef struct _SPMAddCredential { CRED_HANDLE_LPC hCredentials ; SECURITY_STRING_LPC ssPrincipal; // IN SECURITY_STRING_LPC ssSecPackage; // IN ULONG fCredentialUse; // IN LUID LogonID; // IN PVOID_LPC pvAuthData; // IN PVOID_LPC pvGetKeyFn; // IN PVOID_LPC ulGetKeyArgument; // IN TimeStamp tsExpiry; // OUT } SPMAddCredentialAPI ; typedef struct _SPMEnumLogonSession { PVOID_LPC LogonSessionList ; // OUT ULONG LogonSessionCount ; // OUT } SPMEnumLogonSessionAPI ; typedef struct _SPMGetLogonSessionData { LUID LogonId ; // IN PVOID_LPC LogonSessionInfo ; // OUT } SPMGetLogonSessionDataAPI ; // // Internal codes: // #define SPM_CALLBACK_ADDRESS_CHECK 1 // Setting up shared buffer #define SPM_CALLBACK_SHUTDOWN 2 // Inproc shutdown notification // // SID translation APIs (for kmode callers, primarily) // typedef struct _SPMLookupAccountSidX { PVOID_LPC Sid; // IN SECURITY_STRING_LPC Name ; // OUT SECURITY_STRING_LPC Domain ; // OUT SID_NAME_USE NameUse ; // OUT } SPMLookupAccountSidXAPI ; typedef struct _SPMLookupAccountNameX { SECURITY_STRING_LPC Name ; // IN SECURITY_STRING_LPC Domain ; // OUT PVOID_LPC Sid ; // OUT SID_NAME_USE NameUse ; // OUT } SPMLookupAccountNameXAPI ; typedef struct _SPMLookupWellKnownSid { WELL_KNOWN_SID_TYPE SidType ; PVOID_LPC Sid ; } SPMLookupWellKnownSidAPI ; // this is the wrapper for all messages. typedef union { SPMGetBindingAPI GetBinding; SPMSetSessionAPI SetSession; SPMFindPackageAPI FindPackage; SPMEnumPackagesAPI EnumPackages; SPMAcquireCredsAPI AcquireCreds; SPMEstablishCredsAPI EstablishCreds; SPMFreeCredHandleAPI FreeCredHandle; SPMInitContextAPI InitContext; SPMAcceptContextAPI AcceptContext; SPMApplyTokenAPI ApplyToken; SPMDeleteContextAPI DeleteContext; SPMQueryPackageAPI QueryPackage; SPMGetUserInfoAPI GetUserInfo; SPMGetCredsAPI GetCreds; SPMSaveCredsAPI SaveCreds; SPMQueryCredAttributesAPI QueryCredAttributes; SPMAddPackageAPI AddPackage; SPMDeletePackageAPI DeletePackage ; SPMEfsGenerateKeyAPI EfsGenerateKey; SPMEfsGenerateDirEfsAPI EfsGenerateDirEfs; SPMEfsDecryptFekAPI EfsDecryptFek; SPMEfsGenerateSessionKeyAPI EfsGenerateSessionKey; SPMQueryContextAttrAPI QueryContextAttr ; SPMCallbackAPI Callback ; SPMLsaPolicyChangeNotifyAPI LsaPolicyChangeNotify; SPMGetUserNameXAPI GetUserNameX ; SPMAddCredentialAPI AddCredential ; SPMEnumLogonSessionAPI EnumLogonSession ; SPMGetLogonSessionDataAPI GetLogonSessionData ; SPMSetContextAttrAPI SetContextAttr ; SPMLookupAccountSidXAPI LookupAccountSidX ; SPMLookupAccountNameXAPI LookupAccountNameX ; SPMLookupWellKnownSidAPI LookupWellKnownSid ; } SPM_API; // // This extends the range of LSA functions with the SPM functions // typedef enum _SPM_API_NUMBER { SPMAPI_GetBinding = (LsapAuMaxApiNumber + 1), SPMAPI_SetSession, SPMAPI_FindPackage, SPMAPI_EnumPackages, SPMAPI_AcquireCreds, SPMAPI_EstablishCreds, SPMAPI_FreeCredHandle, SPMAPI_InitContext, SPMAPI_AcceptContext, SPMAPI_ApplyToken, SPMAPI_DeleteContext, SPMAPI_QueryPackage, SPMAPI_GetUserInfo, SPMAPI_GetCreds, SPMAPI_SaveCreds, SPMAPI_QueryCredAttributes, SPMAPI_AddPackage, SPMAPI_DeletePackage, SPMAPI_EfsGenerateKey, SPMAPI_EfsGenerateDirEfs, SPMAPI_EfsDecryptFek, SPMAPI_EfsGenerateSessionKey, SPMAPI_Callback, SPMAPI_QueryContextAttr, SPMAPI_LsaPolicyChangeNotify, SPMAPI_GetUserNameX, SPMAPI_AddCredential, SPMAPI_EnumLogonSession, SPMAPI_GetLogonSessionData, SPMAPI_SetContextAttr, SPMAPI_LookupAccountNameX, SPMAPI_LookupAccountSidX, SPMAPI_LookupWellKnownSid, SPMAPI_MaxApiNumber } SPM_API_NUMBER, *PSPM_API_NUMBER; // // These are the valid flags to set in the fAPI field // #define SPMAPI_FLAG_ERROR_RET 0x0001 // Indicates an error return #define SPMAPI_FLAG_MEMORY 0x0002 // Memory was allocated in client #define SPMAPI_FLAG_PREPACK 0x0004 // Data packed in bData field #define SPMAPI_FLAG_GETSTATE 0x0008 // driver should call GetState #define SPMAPI_FLAG_ANSI_CALL 0x0010 // Called via ANSI stub #define SPMAPI_FLAG_HANDLE_CHG 0x0020 // A handle was changed #define SPMAPI_FLAG_CALLBACK 0x0040 // Callback to calling process #define SPMAPI_FLAG_ALLOCS 0x0080 // VM Allocs were placed in prepack #define SPMAPI_FLAG_EXEC_NOW 0x0100 // Execute in LPC thread #define SPMAPI_FLAG_WIN32_ERROR 0x0200 // Status is a win32 error #define SPMAPI_FLAG_KMAP_MEM 0x0400 // Call contains buffers in the kmap // // This structure contains all the information needed for SPM api's // typedef struct _SPMLPCAPI { USHORT fAPI ; USHORT VMOffset ; PVOID_LPC ContextPointer ; SPM_API API; } SPMLPCAPI, * PSPMLPCAPI; // // This union contains all the info for LSA api's // typedef union { LSAP_LOOKUP_PACKAGE_ARGS LookupPackage; LSAP_LOGON_USER_ARGS LogonUser; LSAP_CALL_PACKAGE_ARGS CallPackage; } LSA_API; // // This union contains both SPM and LSA api's // typedef union _SPM_LSA_ARGUMENTS { LSA_API LsaArguments; SPMLPCAPI SpmArguments; } SPM_LSA_ARGUMENTS, *PSPM_LSA_ARGUMENTS; // // For performance, some APIs will attempt to pack small parameters in the // message being sent to the SPM, rather than have the SPM read it out of // their memory. So, this value defines how much data can be stuck in the // message. // // Two items are defined here. One, CBAPIHDR, is the size of everything // in the message except the packed data. The other, CBPREPACK, is the // left over space. I subtract 4 at the end to avoid potential boundary // problems with an LPC message. // #define CBAPIHDR (sizeof(PORT_MESSAGE) + sizeof(ULONG) + sizeof(HRESULT) + \ sizeof(SPM_LSA_ARGUMENTS)) #define CBPREPACK (PORT_MAXIMUM_MESSAGE_LENGTH - CBAPIHDR - sizeof( PVOID_LPC )) #define NUM_SECBUFFERS ( CBPREPACK / sizeof(SecBuffer) ) // // This structure is sent over during an API call rather than a connect // message // typedef struct _SPM_API_MESSAGE { SPM_API_NUMBER dwAPI; HRESULT scRet; SPM_LSA_ARGUMENTS Args; UCHAR bData[CBPREPACK]; } SPM_API_MESSAGE, *PSPM_API_MESSAGE; #define SecBaseMessageSize( Api ) \ ( sizeof( SPM_API_NUMBER ) + sizeof( HRESULT ) + \ ( sizeof( SPM_LSA_ARGUMENTS ) - sizeof( SPM_API ) + \ sizeof( SPM##Api##API ) ) ) // // This is the actual message sent over LPC - it contains both the // connection request information and the api message // typedef struct _SPM_LPC_MESSAGE { PORT_MESSAGE pmMessage; union { LSAP_AU_REGISTER_CONNECT_INFO ConnectionRequest; SPM_API_MESSAGE ApiMessage; }; } SPM_LPC_MESSAGE, *PSPM_LPC_MESSAGE; // // Macros to help prepare LPC messages // #ifdef SECURITY_USERMODE #define PREPARE_MESSAGE_EX( Message, Api, Flags, Context ) \ RtlZeroMemory( &(Message), sizeof( SPM_LSA_ARGUMENTS ) + sizeof( PORT_MESSAGE ) ); \ (Message).pmMessage.u1.s1.DataLength = \ ( sizeof( SPM_API_NUMBER ) + sizeof( HRESULT ) + \ ( sizeof( SPM_LSA_ARGUMENTS ) - sizeof( SPM_API ) + \ sizeof( SPM##Api##API ) ) ); \ (Message).pmMessage.u1.s1.TotalLength = (Message).pmMessage.u1.s1.DataLength + \ sizeof( PORT_MESSAGE ); \ (Message).pmMessage.u2.ZeroInit = 0L; \ (Message).ApiMessage.scRet = 0L; \ (Message).ApiMessage.dwAPI = SPMAPI_##Api ; \ (Message).ApiMessage.Args.SpmArguments.fAPI = (USHORT)(Flags); \ (Message).ApiMessage.Args.SpmArguments.ContextPointer = (Context); #else #define PREPARE_MESSAGE_EX( Message, Api, Flags, Context ) \ RtlZeroMemory( &(Message), sizeof( SPM_LSA_ARGUMENTS ) + sizeof( PORT_MESSAGE ) ); \ (Message).pmMessage.u1.s1.DataLength = \ ( sizeof( SPM_API_NUMBER ) + sizeof( HRESULT ) + \ ( sizeof( SPM_LSA_ARGUMENTS ) - sizeof( SPM_API ) + \ sizeof( SPM##Api##API ) ) ); \ (Message).pmMessage.u1.s1.TotalLength = (Message).pmMessage.u1.s1.DataLength + \ sizeof( PORT_MESSAGE ); \ (Message).pmMessage.u2.ZeroInit = 0L; \ (Message).ApiMessage.scRet = 0L; \ (Message).ApiMessage.dwAPI = SPMAPI_##Api ; \ (Message).ApiMessage.Args.SpmArguments.fAPI = (USHORT)(Flags); \ (Message).ApiMessage.Args.SpmArguments.ContextPointer = (Context); \ (Message).pmMessage.u2.s2.Type |= LPC_KERNELMODE_MESSAGE; #endif #define PREPARE_MESSAGE(Message, Api) PREPARE_MESSAGE_EX(Message, Api, 0, 0 ) #define LPC_MESSAGE_ARGS( Message, Api )\ ( & (Message).ApiMessage.Args.SpmArguments.API.Api ) #define LPC_MESSAGE_ARGSP( Message, Api )\ ( & (Message)->ApiMessage.Args.SpmArguments.API.Api ) #define DECLARE_ARGS( ArgPointer, Message, Api )\ SPM##Api##API * ArgPointer = & (Message).ApiMessage.Args.SpmArguments.API.Api #define DECLARE_ARGSP( ArgPointer, Message, Api)\ SPM##Api##API * ArgPointer = & (Message)->ApiMessage.Args.SpmArguments.API.Api #define PREPACK_START FIELD_OFFSET( SPM_LPC_MESSAGE, ApiMessage.bData ) #define LPC_DATA_LENGTH( Length )\ (USHORT) ((PREPACK_START) + (Length) - sizeof( PORT_MESSAGE ) ) #define LPC_TOTAL_LENGTH( Length )\ (USHORT) ((PREPACK_START) + (Length)) BOOLEAN FORCEINLINE SecLpcIsPointerInMessage( PSPM_LPC_MESSAGE Message, PVOID_LPC Pointer ) { ULONG_PTR P ; ULONG_PTR B ; P = (ULONG_PTR) Pointer ; B = (ULONG_PTR) ((ULONG_PTR) Message->ApiMessage.bData) - (ULONG_PTR) Message ; return ( ( P >= B ) && (P < B + CBPREPACK ) ); } PVOID_LPC FORCEINLINE SecLpcFixupPointer( PSPM_LPC_MESSAGE Message, PVOID_LPC Pointer ) { return (PVOID_LPC) ((PUCHAR) Message + (ULONG_PTR) Pointer ); } // // Prototype for the direct dispatch function: // typedef NTSTATUS (SEC_ENTRY LSA_DISPATCH_FN)( PSPM_LPC_MESSAGE ); typedef LSA_DISPATCH_FN * PLSA_DISPATCH_FN; // // structs used to manage memory shared between the LSA and KSEC driver // #define LSA_MAX_KMAP_SIZE 65535 // // This structure describes a chunk of pool that has been copied into // a kmap buffer. The original pool address and the location in the // kmap are here, as is the size of the chunk. On IA64, this ends up // with a wasted 32bit padding area // typedef struct _KSEC_LSA_POOL_MAP { PVOID_LPC Pool ; // Region of pool USHORT Offset ; // Offset into kmap USHORT Size ; // size of chunk } KSEC_LSA_POOL_MAP, PKSEC_LSA_POOL_MAP ; #define KSEC_LSA_MAX_MAPS 4 typedef struct _KSEC_LSA_MEMORY_HEADER { ULONG Size ; // Size of the reserved region ULONG Commit ; // Size of the committed space ULONG Consumed ; // Amount consumed USHORT Preserve ; // Size of the area to keep for ksec USHORT MapCount ; // number of entries in array KSEC_LSA_POOL_MAP PoolMap[ KSEC_LSA_MAX_MAPS ]; } KSEC_LSA_MEMORY_HEADER, * PKSEC_LSA_MEMORY_HEADER ; // // This buffer type is used to indicate the header in the // message from the driver to the LSA. It is ignored if // the call did not originate from kernel mode // #define SECBUFFER_KMAP_HEADER 0x00008001 #pragma warning(default:4200) #endif // __SPMLPC_H__