You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
755 lines
23 KiB
755 lines
23 KiB
/*++
|
|
|
|
Copyright (c) 1987-1991 Microsoft Corporation
|
|
|
|
Module Name:
|
|
|
|
logonmsv.h
|
|
|
|
Abstract:
|
|
|
|
Definition of API's to the Netlogon service which are callable
|
|
by the MSV1_0 authentication package.
|
|
|
|
Author:
|
|
|
|
Cliff Van Dyke (cliffv) 23-Jun-1991
|
|
|
|
Environment:
|
|
|
|
User mode only.
|
|
Contains NT-specific code.
|
|
Requires ANSI C extensions: slash-slash comments, long external names.
|
|
|
|
Revision History:
|
|
|
|
--*/
|
|
|
|
#ifndef __LOGONMSV_H__
|
|
#define __LOGONMSV_H__
|
|
#include <lsass.h> // OLD_LARGE_INTEGER
|
|
|
|
//
|
|
// Name of secret in LSA secret storage where account passwords are kept.
|
|
//
|
|
|
|
#define SSI_SECRET_PREFIX L"$"
|
|
#define SSI_SECRET_PREFIX_LENGTH 1
|
|
#define SSI_SECRET_POSTFIX L"MACHINE.ACC"
|
|
#define SSI_SECRET_NAME L"$MACHINE.ACC"
|
|
|
|
//
|
|
// Name of the event used to synchronize between the security process and
|
|
// the service controller.
|
|
//
|
|
|
|
#define SECURITY_SERVICES_STARTED L"SECURITY_SERVICES_STARTED"
|
|
|
|
|
|
//
|
|
// The structures supporting remote logon APIs
|
|
//
|
|
|
|
typedef CYPHER_BLOCK NETLOGON_CREDENTIAL, *PNETLOGON_CREDENTIAL ;
|
|
|
|
typedef struct _NETLOGON_AUTHENTICATOR {
|
|
NETLOGON_CREDENTIAL Credential;
|
|
DWORD timestamp;
|
|
} NETLOGON_AUTHENTICATOR, *PNETLOGON_AUTHENTICATOR ;
|
|
|
|
typedef struct _NETLOGON_SESSION_KEY {
|
|
BYTE Key[CRYPT_TXT_LEN * 2];
|
|
} NETLOGON_SESSION_KEY, *PNETLOGON_SESSION_KEY;
|
|
|
|
typedef enum _NETLOGON_SECURE_CHANNEL_TYPE {
|
|
NullSecureChannel = 0,
|
|
MsvApSecureChannel,
|
|
WorkstationSecureChannel,
|
|
TrustedDnsDomainSecureChannel,
|
|
TrustedDomainSecureChannel,
|
|
UasServerSecureChannel,
|
|
ServerSecureChannel
|
|
} NETLOGON_SECURE_CHANNEL_TYPE;
|
|
|
|
#define IsDomainSecureChannelType( _T ) \
|
|
( (_T) == TrustedDnsDomainSecureChannel || \
|
|
(_T) == TrustedDomainSecureChannel )
|
|
|
|
|
|
//
|
|
// Input information to NetLogonSamLogon.
|
|
//
|
|
// begin_ntsubauth
|
|
|
|
typedef enum _NETLOGON_LOGON_INFO_CLASS {
|
|
NetlogonInteractiveInformation = 1,
|
|
NetlogonNetworkInformation,
|
|
NetlogonServiceInformation,
|
|
NetlogonGenericInformation,
|
|
NetlogonInteractiveTransitiveInformation,
|
|
NetlogonNetworkTransitiveInformation,
|
|
NetlogonServiceTransitiveInformation
|
|
} NETLOGON_LOGON_INFO_CLASS;
|
|
|
|
typedef struct _NETLOGON_LOGON_IDENTITY_INFO {
|
|
UNICODE_STRING LogonDomainName;
|
|
ULONG ParameterControl;
|
|
OLD_LARGE_INTEGER LogonId;
|
|
UNICODE_STRING UserName;
|
|
UNICODE_STRING Workstation;
|
|
} NETLOGON_LOGON_IDENTITY_INFO,
|
|
*PNETLOGON_LOGON_IDENTITY_INFO;
|
|
|
|
typedef struct _NETLOGON_INTERACTIVE_INFO {
|
|
NETLOGON_LOGON_IDENTITY_INFO Identity;
|
|
LM_OWF_PASSWORD LmOwfPassword;
|
|
NT_OWF_PASSWORD NtOwfPassword;
|
|
} NETLOGON_INTERACTIVE_INFO,
|
|
*PNETLOGON_INTERACTIVE_INFO;
|
|
|
|
typedef struct _NETLOGON_SERVICE_INFO {
|
|
NETLOGON_LOGON_IDENTITY_INFO Identity;
|
|
LM_OWF_PASSWORD LmOwfPassword;
|
|
NT_OWF_PASSWORD NtOwfPassword;
|
|
} NETLOGON_SERVICE_INFO, *PNETLOGON_SERVICE_INFO;
|
|
|
|
typedef struct _NETLOGON_NETWORK_INFO {
|
|
NETLOGON_LOGON_IDENTITY_INFO Identity;
|
|
LM_CHALLENGE LmChallenge;
|
|
STRING NtChallengeResponse;
|
|
STRING LmChallengeResponse;
|
|
} NETLOGON_NETWORK_INFO, *PNETLOGON_NETWORK_INFO;
|
|
|
|
typedef struct _NETLOGON_GENERIC_INFO {
|
|
NETLOGON_LOGON_IDENTITY_INFO Identity;
|
|
UNICODE_STRING PackageName;
|
|
ULONG DataLength;
|
|
#ifdef MIDL_PASS
|
|
[size_is(DataLength)]
|
|
#endif
|
|
PUCHAR LogonData;
|
|
} NETLOGON_GENERIC_INFO, *PNETLOGON_GENERIC_INFO;
|
|
|
|
// end_ntsubauth
|
|
|
|
//
|
|
// Structure to pass a SID_AND_ATTRIBUTES over the network.
|
|
//
|
|
|
|
typedef struct _NETLOGON_SID_AND_ATTRIBUTES {
|
|
#if defined(MIDL_PASS) || defined(RPC_SERVER)
|
|
PISID Sid;
|
|
#else
|
|
PSID Sid;
|
|
#endif
|
|
ULONG Attributes;
|
|
} NETLOGON_SID_AND_ATTRIBUTES, *PNETLOGON_SID_AND_ATTRIBUTES;
|
|
|
|
//
|
|
// Values of ParameterControl
|
|
//
|
|
// (Obsolete: Use the ParameterControl values from ntmsv1_0.h)
|
|
|
|
#define CLEARTEXT_PASSWORD_ALLOWED 0x02 // Challenge response fields may
|
|
// actually be clear text passwords.
|
|
|
|
|
|
//
|
|
// Output information to NetLogonSamLogon.
|
|
//
|
|
|
|
typedef enum _NETLOGON_VALIDATION_INFO_CLASS {
|
|
NetlogonValidationUasInfo = 1,
|
|
NetlogonValidationSamInfo,
|
|
NetlogonValidationSamInfo2,
|
|
NetlogonValidationGenericInfo,
|
|
NetlogonValidationGenericInfo2,
|
|
NetlogonValidationSamInfo4
|
|
} NETLOGON_VALIDATION_INFO_CLASS;
|
|
|
|
typedef struct _NETLOGON_VALIDATION_SAM_INFO {
|
|
//
|
|
// Information retrieved from SAM.
|
|
//
|
|
OLD_LARGE_INTEGER LogonTime; // 0 for Network logon
|
|
OLD_LARGE_INTEGER LogoffTime;
|
|
OLD_LARGE_INTEGER KickOffTime;
|
|
OLD_LARGE_INTEGER PasswordLastSet; // 0 for Network logon
|
|
OLD_LARGE_INTEGER PasswordCanChange; // 0 for Network logon
|
|
OLD_LARGE_INTEGER PasswordMustChange; // 0 for Network logon
|
|
UNICODE_STRING EffectiveName; // 0 for Network logon
|
|
UNICODE_STRING FullName; // 0 for Network logon
|
|
UNICODE_STRING LogonScript; // 0 for Network logon
|
|
UNICODE_STRING ProfilePath; // 0 for Network logon
|
|
UNICODE_STRING HomeDirectory; // 0 for Network logon
|
|
UNICODE_STRING HomeDirectoryDrive; // 0 for Network logon
|
|
USHORT LogonCount; // 0 for Network logon
|
|
USHORT BadPasswordCount; // 0 for Network logon
|
|
ULONG UserId;
|
|
ULONG PrimaryGroupId;
|
|
ULONG GroupCount;
|
|
#ifdef MIDL_PASS
|
|
[size_is(GroupCount)]
|
|
#endif // MIDL_PASS
|
|
PGROUP_MEMBERSHIP GroupIds;
|
|
|
|
//
|
|
// Information supplied by the MSV AP/Netlogon service.
|
|
//
|
|
ULONG UserFlags;
|
|
USER_SESSION_KEY UserSessionKey;
|
|
UNICODE_STRING LogonServer;
|
|
UNICODE_STRING LogonDomainName;
|
|
#if defined(MIDL_PASS) || defined(RPC_SERVER)
|
|
PISID LogonDomainId;
|
|
#else
|
|
PSID LogonDomainId;
|
|
#endif
|
|
|
|
ULONG ExpansionRoom[10]; // Put new fields here
|
|
} NETLOGON_VALIDATION_SAM_INFO, *PNETLOGON_VALIDATION_SAM_INFO ;
|
|
|
|
//
|
|
// New output information for NetLogonSamLogon. This structure is identical
|
|
// to the above structure with some new fields added at the end.
|
|
//
|
|
|
|
typedef struct _NETLOGON_VALIDATION_SAM_INFO2 {
|
|
//
|
|
// Information retrieved from SAM.
|
|
//
|
|
OLD_LARGE_INTEGER LogonTime; // 0 for Network logon
|
|
OLD_LARGE_INTEGER LogoffTime;
|
|
OLD_LARGE_INTEGER KickOffTime;
|
|
OLD_LARGE_INTEGER PasswordLastSet; // 0 for Network logon
|
|
OLD_LARGE_INTEGER PasswordCanChange; // 0 for Network logon
|
|
OLD_LARGE_INTEGER PasswordMustChange; // 0 for Network logon
|
|
UNICODE_STRING EffectiveName; // 0 for Network logon
|
|
UNICODE_STRING FullName; // 0 for Network logon
|
|
UNICODE_STRING LogonScript; // 0 for Network logon
|
|
UNICODE_STRING ProfilePath; // 0 for Network logon
|
|
UNICODE_STRING HomeDirectory; // 0 for Network logon
|
|
UNICODE_STRING HomeDirectoryDrive; // 0 for Network logon
|
|
USHORT LogonCount; // 0 for Network logon
|
|
USHORT BadPasswordCount; // 0 for Network logon
|
|
ULONG UserId;
|
|
ULONG PrimaryGroupId;
|
|
ULONG GroupCount;
|
|
#ifdef MIDL_PASS
|
|
[size_is(GroupCount)]
|
|
#endif // MIDL_PASS
|
|
PGROUP_MEMBERSHIP GroupIds;
|
|
|
|
//
|
|
// Information supplied by the MSV AP/Netlogon service.
|
|
//
|
|
ULONG UserFlags;
|
|
USER_SESSION_KEY UserSessionKey;
|
|
UNICODE_STRING LogonServer;
|
|
UNICODE_STRING LogonDomainName;
|
|
#if defined(MIDL_PASS) || defined(RPC_SERVER)
|
|
PISID LogonDomainId;
|
|
#else
|
|
PSID LogonDomainId;
|
|
#endif
|
|
|
|
ULONG ExpansionRoom[10]; // Put new fields here
|
|
|
|
//
|
|
// The new fields in this structure are a count and a pointer to
|
|
// an array of SIDs and attributes.
|
|
//
|
|
|
|
ULONG SidCount;
|
|
|
|
#ifdef MIDL_PASS
|
|
[size_is(SidCount)]
|
|
#endif // MIDL_PASS
|
|
PNETLOGON_SID_AND_ATTRIBUTES ExtraSids;
|
|
|
|
} NETLOGON_VALIDATION_SAM_INFO2, *PNETLOGON_VALIDATION_SAM_INFO2 ;
|
|
|
|
|
|
//
|
|
// Info level 3 is a version used internally by kerberos. It never appears on the wire.
|
|
//
|
|
typedef struct _NETLOGON_VALIDATION_SAM_INFO3 {
|
|
//
|
|
// Information retrieved from SAM.
|
|
//
|
|
OLD_LARGE_INTEGER LogonTime; // 0 for Network logon
|
|
OLD_LARGE_INTEGER LogoffTime;
|
|
OLD_LARGE_INTEGER KickOffTime;
|
|
OLD_LARGE_INTEGER PasswordLastSet; // 0 for Network logon
|
|
OLD_LARGE_INTEGER PasswordCanChange; // 0 for Network logon
|
|
OLD_LARGE_INTEGER PasswordMustChange; // 0 for Network logon
|
|
UNICODE_STRING EffectiveName; // 0 for Network logon
|
|
UNICODE_STRING FullName; // 0 for Network logon
|
|
UNICODE_STRING LogonScript; // 0 for Network logon
|
|
UNICODE_STRING ProfilePath; // 0 for Network logon
|
|
UNICODE_STRING HomeDirectory; // 0 for Network logon
|
|
UNICODE_STRING HomeDirectoryDrive; // 0 for Network logon
|
|
USHORT LogonCount; // 0 for Network logon
|
|
USHORT BadPasswordCount; // 0 for Network logon
|
|
ULONG UserId;
|
|
ULONG PrimaryGroupId;
|
|
ULONG GroupCount;
|
|
#ifdef MIDL_PASS
|
|
[size_is(GroupCount)]
|
|
#endif // MIDL_PASS
|
|
PGROUP_MEMBERSHIP GroupIds;
|
|
|
|
//
|
|
// Information supplied by the MSV AP/Netlogon service.
|
|
//
|
|
ULONG UserFlags;
|
|
USER_SESSION_KEY UserSessionKey;
|
|
UNICODE_STRING LogonServer;
|
|
UNICODE_STRING LogonDomainName;
|
|
#if defined(MIDL_PASS) || defined(RPC_SERVER)
|
|
PISID LogonDomainId;
|
|
#else
|
|
PSID LogonDomainId;
|
|
#endif
|
|
|
|
ULONG ExpansionRoom[10]; // Put new fields here
|
|
|
|
//
|
|
// The new fields in this structure are a count and a pointer to
|
|
// an array of SIDs and attributes.
|
|
//
|
|
|
|
ULONG SidCount;
|
|
|
|
#ifdef MIDL_PASS
|
|
[size_is(SidCount)]
|
|
#endif // MIDL_PASS
|
|
|
|
PNETLOGON_SID_AND_ATTRIBUTES ExtraSids;
|
|
|
|
//
|
|
// Resource groups. These are present if LOGON_RESOURCE_GROUPS bit is
|
|
// set in the user flags
|
|
//
|
|
|
|
#if defined(MIDL_PASS) || defined(RPC_SERVER)
|
|
PISID ResourceGroupDomainSid;
|
|
#else
|
|
PSID ResourceGroupDomainSid;
|
|
#endif
|
|
ULONG ResourceGroupCount;
|
|
#ifdef MIDL_PASS
|
|
[size_is(ResourceGroupCount)]
|
|
#endif // MIDL_PASS
|
|
PGROUP_MEMBERSHIP ResourceGroupIds;
|
|
|
|
} NETLOGON_VALIDATION_SAM_INFO3, *PNETLOGON_VALIDATION_SAM_INFO3 ;
|
|
|
|
//
|
|
// New output information for NetLogonSamLogon. This structure is identical
|
|
// to the NETLOGON_VALIDATION_SAM_INFO2 with some new fields added at the end.
|
|
//
|
|
// This version was introduced in Whistler.
|
|
//
|
|
|
|
typedef struct _NETLOGON_VALIDATION_SAM_INFO4 {
|
|
//
|
|
// Information retrieved from SAM.
|
|
//
|
|
OLD_LARGE_INTEGER LogonTime; // 0 for Network logon
|
|
OLD_LARGE_INTEGER LogoffTime;
|
|
OLD_LARGE_INTEGER KickOffTime;
|
|
OLD_LARGE_INTEGER PasswordLastSet; // 0 for Network logon
|
|
OLD_LARGE_INTEGER PasswordCanChange; // 0 for Network logon
|
|
OLD_LARGE_INTEGER PasswordMustChange; // 0 for Network logon
|
|
UNICODE_STRING EffectiveName; // 0 for Network logon
|
|
UNICODE_STRING FullName; // 0 for Network logon
|
|
UNICODE_STRING LogonScript; // 0 for Network logon
|
|
UNICODE_STRING ProfilePath; // 0 for Network logon
|
|
UNICODE_STRING HomeDirectory; // 0 for Network logon
|
|
UNICODE_STRING HomeDirectoryDrive; // 0 for Network logon
|
|
USHORT LogonCount; // 0 for Network logon
|
|
USHORT BadPasswordCount; // 0 for Network logon
|
|
ULONG UserId;
|
|
ULONG PrimaryGroupId;
|
|
ULONG GroupCount;
|
|
#ifdef MIDL_PASS
|
|
[size_is(GroupCount)]
|
|
#endif // MIDL_PASS
|
|
PGROUP_MEMBERSHIP GroupIds;
|
|
|
|
//
|
|
// Information supplied by the MSV AP/Netlogon service.
|
|
//
|
|
ULONG UserFlags;
|
|
USER_SESSION_KEY UserSessionKey;
|
|
UNICODE_STRING LogonServer;
|
|
UNICODE_STRING LogonDomainName;
|
|
#if defined(MIDL_PASS) || defined(RPC_SERVER)
|
|
PISID LogonDomainId;
|
|
#else
|
|
PSID LogonDomainId;
|
|
#endif
|
|
//
|
|
// The First two longwords (8 bytes) of ExpansionRoom are reserved for the
|
|
// LanManSession Key.
|
|
//
|
|
#define SAMINFO_LM_SESSION_KEY 0
|
|
#define SAMINFO_LM_SESSION_KEY_EXT 1
|
|
#define SAMINFO_LM_SESSION_KEY_SIZE (2*sizeof(ULONG))
|
|
|
|
//
|
|
// The third longword (4 bytes) of ExpansionRoom is the user account
|
|
// control flag from the account.
|
|
//
|
|
|
|
#define SAMINFO_USER_ACCOUNT_CONTROL 2
|
|
#define SAMINFO_USER_ACCOUNT_CONTROL_SIZE sizeof(ULONG)
|
|
|
|
//
|
|
// The fourth longword (4 bytes) of ExpansionRoom is for the status
|
|
// returned for subauth users, not from subauth packages (NT5 onwards)
|
|
//
|
|
|
|
#define SAMINFO_SUBAUTH_STATUS 3
|
|
#define SAMINFO_SUBAUTH_STATUS_SIZE sizeof(ULONG)
|
|
|
|
ULONG ExpansionRoom[10]; // Put new fields here
|
|
|
|
//
|
|
// The new fields in this structure are a count and a pointer to
|
|
// an array of SIDs and attributes.
|
|
//
|
|
|
|
ULONG SidCount;
|
|
|
|
#ifdef MIDL_PASS
|
|
[size_is(SidCount)]
|
|
#endif // MIDL_PASS
|
|
PNETLOGON_SID_AND_ATTRIBUTES ExtraSids;
|
|
|
|
//
|
|
// New fields added for version 4 of the structure
|
|
//
|
|
|
|
UNICODE_STRING DnsLogonDomainName; // Dns version of LogonDomainName
|
|
|
|
UNICODE_STRING Upn; // UPN of the user account
|
|
|
|
UNICODE_STRING ExpansionString1; // Put new strings here
|
|
UNICODE_STRING ExpansionString2; // Put new strings here
|
|
UNICODE_STRING ExpansionString3; // Put new strings here
|
|
UNICODE_STRING ExpansionString4; // Put new strings here
|
|
UNICODE_STRING ExpansionString5; // Put new strings here
|
|
UNICODE_STRING ExpansionString6; // Put new strings here
|
|
UNICODE_STRING ExpansionString7; // Put new strings here
|
|
UNICODE_STRING ExpansionString8; // Put new strings here
|
|
UNICODE_STRING ExpansionString9; // Put new strings here
|
|
UNICODE_STRING ExpansionString10; // Put new strings here
|
|
|
|
} NETLOGON_VALIDATION_SAM_INFO4, *PNETLOGON_VALIDATION_SAM_INFO4 ;
|
|
|
|
// This structure is bogus since it doesn't have a size_is
|
|
// Everyone should use the generic info2 structure
|
|
typedef struct _NETLOGON_VALIDATION_GENERIC_INFO {
|
|
ULONG DataLength;
|
|
PUCHAR ValidationData;
|
|
} NETLOGON_VALIDATION_GENERIC_INFO, *PNETLOGON_VALIDATION_GENERIC_INFO;
|
|
|
|
typedef struct _NETLOGON_VALIDATION_GENERIC_INFO2 {
|
|
ULONG DataLength;
|
|
#ifdef MIDL_PASS
|
|
[size_is(DataLength)]
|
|
#endif // MIDL_PASS
|
|
PUCHAR ValidationData;
|
|
} NETLOGON_VALIDATION_GENERIC_INFO2, *PNETLOGON_VALIDATION_GENERIC_INFO2;
|
|
|
|
|
|
//
|
|
// S4U Delegation Info
|
|
//
|
|
|
|
typedef struct _S4U_DELEGATION_INFO {
|
|
UNICODE_STRING S4U2proxyTarget;
|
|
ULONG TransitedListSize;
|
|
#ifdef MIDL_PASS
|
|
[size_is(TransitedListSize)]
|
|
#endif // MIDL_PASS
|
|
PUNICODE_STRING S4UTransitedServices;
|
|
} S4U_DELEGATION_INFO, * PS4U_DELEGATION_INFO;
|
|
|
|
|
|
//
|
|
// Status codes that indicate the password is bad and the call should
|
|
// be passed through to the PDC of the domain.
|
|
//
|
|
|
|
#define BAD_PASSWORD( _x ) \
|
|
((_x) == STATUS_WRONG_PASSWORD || \
|
|
(_x) == STATUS_PASSWORD_EXPIRED || \
|
|
(_x) == STATUS_PASSWORD_MUST_CHANGE || \
|
|
(_x) == STATUS_ACCOUNT_LOCKED_OUT )
|
|
|
|
//
|
|
// Error status codes from the PDC that indicate that the bad password
|
|
// count should be zeroed locally on the BDC.
|
|
//
|
|
|
|
#define ZERO_BAD_PWD_COUNT( _x ) \
|
|
((_x) == STATUS_PASSWORD_EXPIRED || \
|
|
(_x) == STATUS_PASSWORD_MUST_CHANGE )
|
|
|
|
//
|
|
// The actual logon and logoff routines.
|
|
//
|
|
|
|
// The following 2 procedure definitions must match
|
|
NTSTATUS
|
|
I_NetLogonSamLogon(
|
|
IN LPWSTR LogonServer OPTIONAL,
|
|
IN LPWSTR ComputerName OPTIONAL,
|
|
IN PNETLOGON_AUTHENTICATOR Authenticator OPTIONAL,
|
|
OUT PNETLOGON_AUTHENTICATOR ReturnAuthenticator OPTIONAL,
|
|
IN NETLOGON_LOGON_INFO_CLASS LogonLevel,
|
|
IN LPBYTE LogonInformation,
|
|
IN NETLOGON_VALIDATION_INFO_CLASS ValidationLevel,
|
|
OUT LPBYTE * ValidationInformation,
|
|
OUT PBOOLEAN Authoritative
|
|
);
|
|
|
|
typedef NTSTATUS
|
|
(*PNETLOGON_SAM_LOGON_PROCEDURE)(
|
|
IN LPWSTR LogonServer OPTIONAL,
|
|
IN LPWSTR ComputerName OPTIONAL,
|
|
IN PNETLOGON_AUTHENTICATOR Authenticator OPTIONAL,
|
|
OUT PNETLOGON_AUTHENTICATOR ReturnAuthenticator OPTIONAL,
|
|
IN NETLOGON_LOGON_INFO_CLASS LogonLevel,
|
|
IN LPBYTE LogonInformation,
|
|
IN NETLOGON_VALIDATION_INFO_CLASS ValidationLevel,
|
|
OUT LPBYTE * ValidationInformation,
|
|
OUT PBOOLEAN Authoritative
|
|
);
|
|
|
|
//
|
|
// Values of ExtraFlags
|
|
//
|
|
// For OS earlier that WIN 2K. This field didn't exist.
|
|
//
|
|
// A WIN 2K client always passes zero and ignores the return.
|
|
// A WIN 2K server always returns what it is passed.
|
|
//
|
|
// A whistler client can pass the NETLOGON_SUPPORTS_CROSS_FOREST bits and ignores the return.
|
|
// A whistler server always returns what it is passed.
|
|
//
|
|
// In all cases, the flags correspond to the hop at hand. Each hop computes which flags it
|
|
// want to pass to the next hop. It will only set bits that it understands.
|
|
//
|
|
|
|
// Flags introduced with NETLOGON_SUPPORTS_CROSS_FOREST
|
|
#define NL_EXFLAGS_EXPEDITE_TO_ROOT 0x0001 // Pass this request to DC at root of forest
|
|
#define NL_EXFLAGS_CROSS_FOREST_HOP 0x0002 // Request is first hop over cross forest trust TDO
|
|
|
|
NTSTATUS
|
|
I_NetLogonSamLogonEx (
|
|
IN PVOID ContextHandle,
|
|
IN LPWSTR LogonServer OPTIONAL,
|
|
IN LPWSTR ComputerName OPTIONAL,
|
|
IN NETLOGON_LOGON_INFO_CLASS LogonLevel,
|
|
IN LPBYTE LogonInformation,
|
|
IN NETLOGON_VALIDATION_INFO_CLASS ValidationLevel,
|
|
OUT LPBYTE * ValidationInformation,
|
|
OUT PBOOLEAN Authoritative,
|
|
IN OUT PULONG ExtraFlags,
|
|
OUT PBOOLEAN RpcFailed
|
|
);
|
|
|
|
NTSTATUS
|
|
I_NetLogonSamLogonWithFlags (
|
|
IN LPWSTR LogonServer OPTIONAL,
|
|
IN LPWSTR ComputerName OPTIONAL,
|
|
IN PNETLOGON_AUTHENTICATOR Authenticator OPTIONAL,
|
|
OUT PNETLOGON_AUTHENTICATOR ReturnAuthenticator OPTIONAL,
|
|
IN NETLOGON_LOGON_INFO_CLASS LogonLevel,
|
|
IN LPBYTE LogonInformation,
|
|
IN NETLOGON_VALIDATION_INFO_CLASS ValidationLevel,
|
|
OUT LPBYTE * ValidationInformation,
|
|
OUT PBOOLEAN Authoritative,
|
|
IN OUT PULONG ExtraFlags
|
|
);
|
|
|
|
|
|
// The following 2 procedure definitions must match
|
|
NTSTATUS
|
|
I_NetLogonSamLogoff (
|
|
IN LPWSTR LogonServer OPTIONAL,
|
|
IN LPWSTR ComputerName OPTIONAL,
|
|
IN PNETLOGON_AUTHENTICATOR Authenticator OPTIONAL,
|
|
OUT PNETLOGON_AUTHENTICATOR ReturnAuthenticator OPTIONAL,
|
|
IN NETLOGON_LOGON_INFO_CLASS LogonLevel,
|
|
IN LPBYTE LogonInformation
|
|
);
|
|
|
|
typedef NTSTATUS
|
|
(*PNETLOGON_SAM_LOGOFF_PROCEDURE) (
|
|
IN LPWSTR LogonServer OPTIONAL,
|
|
IN LPWSTR ComputerName OPTIONAL,
|
|
IN PNETLOGON_AUTHENTICATOR Authenticator OPTIONAL,
|
|
OUT PNETLOGON_AUTHENTICATOR ReturnAuthenticator OPTIONAL,
|
|
IN NETLOGON_LOGON_INFO_CLASS LogonLevel,
|
|
IN LPBYTE LogonInformation
|
|
);
|
|
|
|
//
|
|
// Actual logon/logoff routines for Cairo
|
|
//
|
|
|
|
NET_API_STATUS
|
|
NetlogonInitialize(
|
|
PVOID Context
|
|
);
|
|
|
|
NTSTATUS
|
|
NetlogonSamLogon (
|
|
IN NETLOGON_LOGON_INFO_CLASS LogonLevel,
|
|
IN LPBYTE LogonInformation,
|
|
IN NETLOGON_VALIDATION_INFO_CLASS ValidationLevel,
|
|
OUT LPBYTE *ValidationInformation,
|
|
OUT PBOOLEAN Authoritative
|
|
);
|
|
|
|
//
|
|
// Routine to get a list of NT DC's in the specified domain.
|
|
//
|
|
NET_API_STATUS NET_API_FUNCTION
|
|
I_NetGetDCList (
|
|
IN LPWSTR ServerName OPTIONAL,
|
|
IN LPWSTR TrustedDomainName,
|
|
OUT PULONG DCCount,
|
|
OUT PUNICODE_STRING * DCNames
|
|
);
|
|
|
|
//
|
|
// Validation routine which lives in msv1_0.dll
|
|
//
|
|
NTSTATUS
|
|
MsvSamValidate (
|
|
IN SAM_HANDLE DomainHandle,
|
|
IN BOOLEAN UasCompatibilityRequired,
|
|
IN NETLOGON_SECURE_CHANNEL_TYPE SecureChannelType,
|
|
IN PUNICODE_STRING LogonServer,
|
|
IN PUNICODE_STRING LogonDomainName,
|
|
IN PSID LogonDomainId,
|
|
IN NETLOGON_LOGON_INFO_CLASS LogonLevel,
|
|
IN PVOID LogonInformation,
|
|
IN NETLOGON_VALIDATION_INFO_CLASS ValidationLevel,
|
|
OUT PVOID * ValidationInformation,
|
|
OUT PBOOLEAN Authoritative,
|
|
OUT PBOOLEAN BadPasswordCountZeroed,
|
|
IN DWORD AccountsToTry
|
|
);
|
|
|
|
//
|
|
// Routine to get running number of logon attempts which lives in msv1_0.dll
|
|
//
|
|
ULONG
|
|
MsvGetLogonAttemptCount (
|
|
VOID
|
|
);
|
|
|
|
// Values for AccountsToTry
|
|
#define MSVSAM_SPECIFIED 0x01 // Try specified account
|
|
#define MSVSAM_GUEST 0x02 // Try guest account
|
|
|
|
NTSTATUS
|
|
MsvSamLogoff (
|
|
IN SAM_HANDLE DomainHandle,
|
|
IN NETLOGON_LOGON_INFO_CLASS LogonLevel,
|
|
IN PVOID LogonInformation
|
|
);
|
|
|
|
// begin_ntsubauth
|
|
|
|
// Values for Flags
|
|
#define MSV1_0_PASSTHRU 0x01
|
|
#define MSV1_0_GUEST_LOGON 0x02
|
|
|
|
NTSTATUS NTAPI
|
|
Msv1_0SubAuthenticationRoutine(
|
|
IN NETLOGON_LOGON_INFO_CLASS LogonLevel,
|
|
IN PVOID LogonInformation,
|
|
IN ULONG Flags,
|
|
IN PUSER_ALL_INFORMATION UserAll,
|
|
OUT PULONG WhichFields,
|
|
OUT PULONG UserFlags,
|
|
OUT PBOOLEAN Authoritative,
|
|
OUT PLARGE_INTEGER LogoffTime,
|
|
OUT PLARGE_INTEGER KickoffTime
|
|
);
|
|
|
|
typedef struct _MSV1_0_VALIDATION_INFO {
|
|
LARGE_INTEGER LogoffTime;
|
|
LARGE_INTEGER KickoffTime;
|
|
UNICODE_STRING LogonServer;
|
|
UNICODE_STRING LogonDomainName;
|
|
USER_SESSION_KEY SessionKey;
|
|
BOOLEAN Authoritative;
|
|
ULONG UserFlags;
|
|
ULONG WhichFields;
|
|
ULONG UserId;
|
|
} MSV1_0_VALIDATION_INFO, *PMSV1_0_VALIDATION_INFO;
|
|
|
|
// values for WhichFields
|
|
|
|
#define MSV1_0_VALIDATION_LOGOFF_TIME 0x00000001
|
|
#define MSV1_0_VALIDATION_KICKOFF_TIME 0x00000002
|
|
#define MSV1_0_VALIDATION_LOGON_SERVER 0x00000004
|
|
#define MSV1_0_VALIDATION_LOGON_DOMAIN 0x00000008
|
|
#define MSV1_0_VALIDATION_SESSION_KEY 0x00000010
|
|
#define MSV1_0_VALIDATION_USER_FLAGS 0x00000020
|
|
#define MSV1_0_VALIDATION_USER_ID 0x00000040
|
|
|
|
// legal values for ActionsPerformed
|
|
#define MSV1_0_SUBAUTH_ACCOUNT_DISABLED 0x00000001
|
|
#define MSV1_0_SUBAUTH_PASSWORD 0x00000002
|
|
#define MSV1_0_SUBAUTH_WORKSTATIONS 0x00000004
|
|
#define MSV1_0_SUBAUTH_LOGON_HOURS 0x00000008
|
|
#define MSV1_0_SUBAUTH_ACCOUNT_EXPIRY 0x00000010
|
|
#define MSV1_0_SUBAUTH_PASSWORD_EXPIRY 0x00000020
|
|
#define MSV1_0_SUBAUTH_ACCOUNT_TYPE 0x00000040
|
|
#define MSV1_0_SUBAUTH_LOCKOUT 0x00000080
|
|
|
|
NTSTATUS NTAPI
|
|
Msv1_0SubAuthenticationRoutineEx(
|
|
IN NETLOGON_LOGON_INFO_CLASS LogonLevel,
|
|
IN PVOID LogonInformation,
|
|
IN ULONG Flags,
|
|
IN PUSER_ALL_INFORMATION UserAll,
|
|
IN SAM_HANDLE UserHandle,
|
|
IN OUT PMSV1_0_VALIDATION_INFO ValidationInfo,
|
|
OUT PULONG ActionsPerformed
|
|
);
|
|
|
|
NTSTATUS NTAPI
|
|
Msv1_0SubAuthenticationRoutineGeneric(
|
|
IN PVOID SubmitBuffer,
|
|
IN ULONG SubmitBufferLength,
|
|
OUT PULONG ReturnBufferLength,
|
|
OUT PVOID *ReturnBuffer
|
|
);
|
|
|
|
NTSTATUS NTAPI
|
|
Msv1_0SubAuthenticationFilter(
|
|
IN NETLOGON_LOGON_INFO_CLASS LogonLevel,
|
|
IN PVOID LogonInformation,
|
|
IN ULONG Flags,
|
|
IN PUSER_ALL_INFORMATION UserAll,
|
|
OUT PULONG WhichFields,
|
|
OUT PULONG UserFlags,
|
|
OUT PBOOLEAN Authoritative,
|
|
OUT PLARGE_INTEGER LogoffTime,
|
|
OUT PLARGE_INTEGER KickoffTime
|
|
);
|
|
|
|
// end_ntsubauth
|
|
|
|
#endif // __LOGONMSV_H__
|