Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

416 lines
17 KiB

/****************************************************************************/
/* asmint.h */
/* */
/* Security Manager Internal Functions */
/* */
/* Copyright (C) 1997-1999 Microsoft Corp. */
/****************************************************************************/
#ifndef _H_ASMINT
#define _H_ASMINT
/****************************************************************************/
/* Include required system headers */
/* And some prototypes for which I can't use the system header because it */
/* also has icky user mode stuff */
/****************************************************************************/
#include <ntnls.h>
#include <fipsapi.h>
NTSYSAPI
VOID
NTAPI
RtlGetDefaultCodePage(
OUT PUSHORT AnsiCodePage,
OUT PUSHORT OemCodePage
);
NTSYSAPI
NTSTATUS
NTAPI
RtlMultiByteToUnicodeN(
PWSTR UnicodeString,
ULONG MaxBytesInUnicodeString,
PULONG BytesInUnicodeString,
PCHAR MultiByteString,
ULONG BytesInMultiByteString
);
NTSYSAPI
NTSTATUS
NTAPI
RtlUnicodeToMultiByteN(
PCHAR MultiByteString,
ULONG MaxBytesInMultiByteString,
PULONG BytesInMultiByteString,
PWSTR UnicodeString,
ULONG BytesInUnicodeString
);
NTSYSAPI
VOID
NTAPI
RtlInitCodePageTable(
IN PUSHORT TableBase,
OUT PCPTABLEINFO CodePageTable
);
NTSYSAPI
NTSTATUS
NTAPI
RtlCustomCPToUnicodeN(
IN PCPTABLEINFO CustomCP,
OUT PWCH UnicodeString,
IN ULONG MaxBytesInUnicodeString,
OUT PULONG BytesInUnicodeString OPTIONAL,
IN PCH CustomCPString,
IN ULONG BytesInCustomCPString
);
NTSYSAPI
NTSTATUS
NTAPI
RtlUnicodeToCustomCPN(
IN PCPTABLEINFO CustomCP,
OUT PCH CustomCPString,
IN ULONG MaxBytesInCustomCPString,
OUT PULONG BytesInCustomCPString OPTIONAL,
IN PWCH UnicodeString,
IN ULONG BytesInUnicodeString
);
/****************************************************************************/
/* Include T.120 headers */
/****************************************************************************/
#include <at128.h>
#include "license.h"
#include <tssec.h>
#include <at120ex.h>
/****************************************************************************/
/* Include SM API */
/****************************************************************************/
#include <asmapi.h>
/****************************************************************************/
/* Include other Share APIs */
/****************************************************************************/
#include <nwdwapi.h>
/****************************************************************************/
/* Constants */
/****************************************************************************/
#define WIN_DONTDISPLAYLASTUSERNAME_DFLT 0
/****************************************************************************/
/* Security config defaults */
/****************************************************************************/
#define WIN_MINENCRYPTIONLEVEL_DFLT 1
#define WIN_DISABLEENCRYPTION_DFLT FALSE
/****************************************************************************/
/* SM States */
/****************************************************************************/
#define SM_STATE_STARTED 0
#define SM_STATE_INITIALIZED 1
#define SM_STATE_NM_CONNECTING 2
#define SM_STATE_SM_CONNECTING 3
#define SM_STATE_LICENSING 4
#define SM_STATE_CONNECTED 5
#define SM_STATE_SC_REGISTERED 6
#define SM_STATE_DISCONNECTING 7
#define SM_NUM_STATES 8
/****************************************************************************/
/* SM Events */
/****************************************************************************/
#define SM_EVT_INIT 0
#define SM_EVT_TERM 1
#define SM_EVT_REGISTER 2
#define SM_EVT_CONNECT 3
#define SM_EVT_DISCONNECT 4
#define SM_EVT_CONNECTED 5
#define SM_EVT_DISCONNECTED 6
#define SM_EVT_DATA_PACKET 7
// Note that Alloc & Send have the same event ID, as the conditions
// under which these may be called are identical.
#define SM_EVT_ALLOCBUFFER 8
#define SM_EVT_SENDDATA 8
#define SM_EVT_SEC_PACKET 9
#define SM_EVT_LIC_PACKET 10
#define SM_EVT_ALIVE 11
#define SM_NUM_EVENTS 12
/****************************************************************************/
/* Values in the state table */
/****************************************************************************/
#define SM_TABLE_OK 0
#define SM_TABLE_WARN 1
#define SM_TABLE_ERROR 2
/****************************************************************************/
/* SM_CHECK_STATE checks whether we have violated the SM state table. */
/* */
/* smStateTable is filled in in ASMDATA.C. */
/* */
/* Possible values of STATE are defined in ASMINT.H. */
/* Possible events are defined in ASMINT.H */
/****************************************************************************/
#define SM_CHECK_STATE(event) \
{ \
if (smStateTable[event][pRealSMHandle->state] != SM_TABLE_OK) \
{ \
if (smStateTable[event][pRealSMHandle->state] == SM_TABLE_WARN) \
{ \
TRC_ALT((TB, "Unusual event %s in state %s", \
smEventName[event], smStateName[pRealSMHandle->state]));\
} \
else \
{ \
TRC_ABORT((TB, "Invalid event %s in state %s", \
smEventName[event], smStateName[pRealSMHandle->state]));\
} \
DC_QUIT; \
} \
}
// Query version which supports properly predicting branches.
// Assumes that the "else" case will be the end of the function.
#ifdef DC_DEBUG
#define SM_CHECK_STATE_Q(event) SMCheckState(pRealSMHandle, event)
#else
#define SM_CHECK_STATE_Q(event) \
(smStateTable[event][pRealSMHandle->state] == SM_TABLE_OK)
#endif
/****************************************************************************/
/* SM_SET_STATE - set the SLCstate */
/****************************************************************************/
#define SM_SET_STATE(newstate) \
{ \
TRC_NRM((TB, "Set state from %s to %s", \
smStateName[pRealSMHandle->state], smStateName[newstate])); \
pRealSMHandle->state = newstate; \
}
typedef struct tagSM_CONSOLE_BUFFER
{
LIST_ENTRY links;
PVOID buffer;
UINT32 length;
} SM_CONSOLE_BUFFER, *PSM_CONSOLE_BUFFER;
//
// Instrumentation enabled to track discarded packets
// (to help track VC decompression break).
//
#define INSTRUM_TRACK_DISCARDED 1
typedef struct _SM_FIPS_Data {
BYTE bEncKey[MAX_FIPS_SESSION_KEY_SIZE];
BYTE bDecKey[MAX_FIPS_SESSION_KEY_SIZE];
DES3TABLE EncTable;
DES3TABLE DecTable;
BYTE bEncIv[FIPS_BLOCK_LEN];
BYTE bDecIv[FIPS_BLOCK_LEN];
BYTE bSignKey[MAX_SIGNKEY_SIZE];
PDEVICE_OBJECT pDeviceObject;
PFILE_OBJECT pFileObject;
FIPS_FUNCTION_TABLE FipsFunctionTable;
} SM_FIPS_Data, FAR * PSM_FIPS_Data;
/****************************************************************************/
/* Structure: SM_HANDLE_DATA */
/* */
/* Description: Structure of context-specific data maintained by SM */
/****************************************************************************/
typedef struct tagSM_HANDLE_DATA
{
/************************************************************************/
/* winstation encryption level. */
/************************************************************************/
UINT32 encryptionLevel;
UINT32 encryptionMethodsSupported;
UINT32 encryptionMethodSelected;
BOOLEAN frenchClient;
BOOLEAN encryptAfterLogon;
/************************************************************************/
/* Are we encrypting? */
/************************************************************************/
BOOLEAN encrypting; // Whether the client is encrypting input.
BOOLEAN encryptDisplayData; // Whether server is encrypting output.
BOOLEAN encryptingLicToClient; // Whether S->C license data is encrypted
//
// whether server should send data using safe checksum style
//
BOOLEAN useSafeChecksumMethod;
/************************************************************************/
/* State information */
/************************************************************************/
BOOLEAN bDisconnectWorkerSent;
BOOLEAN dead;
UINT32 state;
#ifdef INSTRUM_TRACK_DISCARDED
//
// Debug information
//
UINT32 nDiscardVCDataWhenDead;
UINT32 nDiscardPDUBadState;
UINT32 nDiscardNonVCPDUWhenDead;
#endif
/************************************************************************/
/* User data to pass back to Client */
/************************************************************************/
PRNS_UD_SC_SEC pUserData;
/************************************************************************/
/* WDW handle, passed back on WDW_SMCallback calls */
/************************************************************************/
PTSHARE_WD pWDHandle;
#ifdef USE_LICENSE
/************************************************************************/
/* License Manager handle */
/************************************************************************/
PVOID pLicenseHandle;
#endif
/************************************************************************/
/* MCS User and Channel IDs */
/************************************************************************/
UINT32 userID;
UINT16 channelID;
/************************************************************************/
/* Max size of a PDU reported by NM */
/************************************************************************/
UINT32 maxPDUSize;
/************************************************************************/
/* The type of certificate that is used in the security key exchange. */
/************************************************************************/
CERT_TYPE CertType;
/************************************************************************/
/* Client and server random keys that make the client/server session */
/* keys. */
/************************************************************************/
PBYTE pEncClientRandom;
UINT32 encClientRandomLen;
BOOLEAN recvdClientRandom;
// state of whether share class is ready for data forwarding or not
BOOLEAN bForwardDataToSC;
/************************************************************************/
/* encrypt/decrypt session keys. key length is 8 for 40 bit encryption */
/* and 16 for 128 encryption. */
/************************************************************************/
BOOLEAN bSessionKeysMade;
UINT32 keyLength;
UINT32 encryptCount;
UINT32 totalEncryptCount;
UINT32 encryptHeaderLen;
// Used if encryptDisplayData is FALSE, but we want to encrypt this particular S->C packet
UINT32 encryptHeaderLenIfForceEncrypt;
BYTE startEncryptKey[MAX_SESSION_KEY_SIZE];
BYTE currentEncryptKey[MAX_SESSION_KEY_SIZE];
struct RC4_KEYSTRUCT rc4EncryptKey;
UINT32 decryptCount;
UINT32 totalDecryptCount;
BYTE startDecryptKey[MAX_SESSION_KEY_SIZE];
BYTE currentDecryptKey[MAX_SESSION_KEY_SIZE];
struct RC4_KEYSTRUCT rc4DecryptKey;
BYTE macSaltKey[MAX_SESSION_KEY_SIZE];
LIST_ENTRY consoleBufferList;
UINT32 consoleBufferCount;
SM_FIPS_Data FIPSData;
} SM_HANDLE_DATA, * PSM_HANDLE_DATA;
/****************************************************************************/
/* Functions */
/****************************************************************************/
BOOL RDPCALL SMDecryptPacket(PSM_HANDLE_DATA pRealSMHandle,
PVOID pData,
unsigned dataLen,
BOOL fUseSafeChecksum);
BOOLEAN RDPCALL SMContinueSecurityExchange(PSM_HANDLE_DATA pRealSMHandle,
PVOID pData,
UINT32 dataLen);
BOOLEAN RDPCALL SMSecurityExchangeInfo(PSM_HANDLE_DATA pRealSMHandle,
PVOID pData,
UINT32 dataLen);
BOOLEAN RDPCALL SMSecurityExchangeKey(PSM_HANDLE_DATA pRealSMHandle,
PVOID pData,
UINT32 dataLen);
void RDPCALL SMFreeInitResources(PSM_HANDLE_DATA pRealSMHandle);
void RDPCALL SMFreeConnectResources(PSM_HANDLE_DATA pRealSMHandle);
INT ConvertToAndFromWideChar(PSM_HANDLE_DATA pRealSMHandle,
UINT CodePage, LPWSTR WideCharString,
INT BytesInWideCharString, LPSTR MultiByteString,
INT BytesInMultiByteString, BOOL ConvertToWideChar);
BOOL RDPCALL SMCheckState(PSM_HANDLE_DATA, unsigned);
BOOL TSFIPS_Init(PSM_FIPS_Data pFipsData);
void TSFIPS_Term(PSM_FIPS_Data pFipsData);
UINT32 TSFIPS_AdjustDataLen(UINT32 dataLen);
BOOL TSFIPS_MakeSessionKeys(PSM_FIPS_Data pFipsData, LPRANDOM_KEYS_PAIR pRandomKey, CryptMethod *pEnumMethod, BOOL bPassThroughStack);
BOOL TSFIPS_EncryptData(
PSM_FIPS_Data pFipsData,
LPBYTE pbData,
DWORD dwDataLen,
DWORD dwPadLen,
LPBYTE pbSignature,
DWORD dwEncryptionCount);
BOOL TSFIPS_DecryptData(
PSM_FIPS_Data pFipsData,
LPBYTE pbData,
DWORD dwDataLen,
DWORD dwPadLen,
LPBYTE pbSignature,
DWORD dwDecryptionCount);
// Win16 code page driver-global caching data.
extern FAST_MUTEX fmCodePage;
extern ULONG LastCodePageTranslated;
extern PVOID LastNlsTableBuffer;
extern CPTABLEINFO LastCPTableInfo;
extern UINT NlsTableUseCount;
#endif /* _H_ASMINT */