Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

664 lines
14 KiB

/*++
Copyright (c) 1987-1996 Microsoft Corporation
Module Name:
logonsrv.h
Abstract:
Netlogon service internal constants and definitions.
Author:
Ported from Lan Man 2.0
Revision History:
21-May-1991 (cliffv)
Ported to NT. Converted to NT style.
--*/
//
// Define _DC_NETLOGON if _WKSTA_NETLOGON is not defined.
//
#ifndef _WKSTA_NETLOGON
#define _DC_NETLOGON
#endif // _WKSTA_NETLOGON
////////////////////////////////////////////////////////////////////////////
//
// Common include files needed by ALL netlogon server files
//
////////////////////////////////////////////////////////////////////////////
#if ( _MSC_VER >= 800 )
#pragma warning ( 3 : 4100 ) // enable "Unreferenced formal parameter"
#pragma warning ( 3 : 4219 ) // enable "trailing ',' used for variable argument list"
#endif
#include <nt.h> // LARGE_INTEGER definition
#include <ntrtl.h> // LARGE_INTEGER definition
#include <nturtl.h> // LARGE_INTEGER definition
#include <ntlsa.h> // Needed by lsrvdata.h
#define NOMINMAX // Avoid redefinition of min and max in stdlib.h
#include <rpc.h> // Needed by logon_s.h
#define INCL_WINSOCK_API_PROTOTYPES 1
#include <winsock2.h> // Winsock support
#include <logon_s.h> // includes lmcons.h, lmaccess.h, netlogon.h, ssi.h, windef.h
#include <windows.h>
#include <alertmsg.h> // ALERT_* defines
#include <align.h> // ROUND_UP_COUNT ...
#include <config.h> // net config helpers.
#include <confname.h> // SECTION_ equates, NETLOGON_KEYWORD_ equates.
#include <debugfmt.h> // FORMAT_*
//#define SDK_DNS_RECORD 1 // Needed for dnsapi.h
#include <windns.h> // DNS API
#include <dnsapi.h> // Dns API
#include <icanon.h> // NAMETYPE_* defines
#include <lmapibuf.h> // NetApiBufferFree
#include <lmerr.h> // NERR_ equates.
#include <lmerrlog.h> // NELOG_*
#include <lmserver.h> // Server API defines and prototypes
#include <lmshare.h> // share API functions and prototypes
#include <lmsname.h> // Needed for NETLOGON service name
#include <lmsvc.h> // SERVICE_UIC codes are defined here
#include <logonp.h> // NetpLogon routines
#include <lsarpc.h> // Needed by lsrvdata.h and logonsrv.h
#include <lsaisrv.h> // LsaI routines
#include <wincrypt.h> // CryptoAPI
#ifndef NETSETUP_JOIN
#define SECURITY_KERBEROS
#include <security.h> // Interface to LSA/Kerberos
#include <secint.h> // needed to get Kerberos interfaces.
#include <sspi.h> // Needed by ssiinit.h
// #include <secext.h> // Needed by secpkg.h
#include <secpkg.h> // Needed by sphelp.h
#endif
#include <names.h> // NetpIsUserNameValid
#include <netlib.h> // NetpCopy...
#include <netlibnt.h> // NetpNtStatusToApiStatus
#include "nlp.h" // Nlp routine
#include <ntddbrow.h> // Interface to browser driver
#include <ntrpcp.h> // Rpcp routines
#include <samrpc.h> // Needed by lsrvdata.h and logonsrv.h
#include <samisrv.h> // SamIFree routines
#include <secobj.h> // NetpAccessCheck
#include <stddef.h> // offsetof()
#include <stdlib.h> // C library functions (rand, etc)
#include <tstring.h> // Transitional string routines.
#include <lmjoin.h> // Needed by netsetup.h
#include <netsetup.h> // NetpSetDnsComputerNameAsRequired
#include <wmistr.h> // WMI trace
#include <evntrace.h> // TRACEHANDLE
#ifndef NETSETUP_JOIN
#include <cryptdll.h>
#include <ntdsa.h>
#include <ntdsapi.h>
#include <ntdsapip.h>
#endif
//
// Netlogon specific header files.
//
#include <nlrepl.h> // I_Net*
#include <dsgetdc.h> // DsGetDcName()
#include <dsgetdcp.h> // DsGetDcOpen()
#include "worker.h" // Worker routines
#include "nlbind.h" // Netlogon RPC binding cache routines
#include "nlcommon.h" // Routines shared with logonsrv\common
#include "domain.h" // Hosted domain definitions
#include "nldns.h" // DNS name registration
#include "changelg.h" // Change Log support
#include "chutil.h" // Change Log utilities
#include "iniparm.h" // DEFAULT_, MIN_, and MAX_ equates.
#include "ssiinit.h" // Misc global definitions
#include "replutil.h"
#include "nldebug.h" // Netlogon debugging
#include "nlsecure.h" // Security Descriptor for APIs
#include "ismapi.h"
#include "nlsite.h"
#include "lsrvdata.h" // Globals
//
// RtlCopyMemory on IA64 is now optimized to do aligned copies inline.
// This doesn't work for us as we use RtlCopyMemory to copy data from
// unaligned buffers to aligned ones, so we cause unaligment exception.
// To avoid this, revert to the old unoptimized version.
//
#if defined(_M_IA64)
#undef RtlCopyMemory
NTSYSAPI
VOID
NTAPI
RtlCopyMemory (
VOID UNALIGNED *Destination,
CONST VOID UNALIGNED *Source,
SIZE_T Length
);
#endif // _M_IA64
#ifdef _DC_NETLOGON
#define NETLOGON_SCRIPTS_SHARE L"NETLOGON"
#define NETLOGON_SYSVOL_SHARE L"SYSVOL"
#endif // _DC_NETLOGON
#define MAX_LOGONREQ_COUNT 3
#define NETLOGON_INSTALL_WAIT 60000 // 60 secs
//
// Exit codes for NlExit
//
typedef enum {
DontLogError,
LogError,
LogErrorAndNtStatus,
LogErrorAndNetStatus
} NL_EXIT_CODE;
////////////////////////////////////////////////////////////////////////
//
// Procedure Forwards
//
////////////////////////////////////////////////////////////////////////
//
// error.c
//
NET_API_STATUS
NlCleanup(
VOID
);
VOID
NlExit(
IN DWORD ServiceError,
IN DWORD Data,
IN NL_EXIT_CODE ExitCode,
IN LPWSTR ErrorString
);
BOOL
GiveInstallHints(
IN BOOL Started
);
#ifdef _DC_NETLOGON
VOID
NlControlHandler(
IN DWORD opcode
);
#endif // _DC_NETLOGON
VOID
RaiseAlert(
IN DWORD alert_no,
IN LPWSTR *string_array
);
//
// Nlparse.c
//
BOOL
Nlparse(
IN PNETLOGON_PARAMETERS NlParameters,
IN PNETLOGON_PARAMETERS DefaultParameters OPTIONAL,
IN BOOLEAN IsChangeNotify
);
VOID
NlParseFree(
IN PNETLOGON_PARAMETERS NlParameters
);
VOID
NlReparse(
VOID
);
BOOL
NlparseAllSections(
IN PNETLOGON_PARAMETERS NlParameters,
IN BOOLEAN IsChangeNotify
);
//
// announce.c
//
VOID
NlRemovePendingBdc(
IN PSERVER_SESSION ServerSession
);
VOID
NlPrimaryAnnouncementFinish(
IN PSERVER_SESSION ServerSession,
IN DWORD DatabaseId,
IN PLARGE_INTEGER SerialNumber
);
VOID
NlPrimaryAnnouncementTimeout(
VOID
);
VOID
NlPrimaryAnnouncement(
IN DWORD AnnounceFlags
);
#define ANNOUNCE_FORCE 0x01
#define ANNOUNCE_CONTINUE 0x02
#define ANNOUNCE_IMMEDIATE 0x04
//
// lsrvutil.c
//
NTSTATUS
NlGetOutgoingPassword(
IN PCLIENT_SESSION ClientSession,
OUT PUNICODE_STRING *CurrentValue,
OUT PUNICODE_STRING *OldValue,
OUT PDWORD CurrentVersionNumber,
OUT PLARGE_INTEGER LastSetTime OPTIONAL
);
NTSTATUS
NlSessionSetup(
IN OUT PCLIENT_SESSION ClientSession
);
NTSTATUS
NlEnsureSessionAuthenticated(
IN PCLIENT_SESSION ClientSession,
IN DWORD DesiredFlags
);
BOOLEAN
NlTimeHasElapsedEx(
IN PLARGE_INTEGER StartTime,
IN PLARGE_INTEGER Period,
OUT PULONG RemainingTime OPTIONAL
);
BOOLEAN
NlTimeToReauthenticate(
IN PCLIENT_SESSION ClientSession
);
BOOLEAN
NlTimeToRediscover(
IN PCLIENT_SESSION ClientSession,
BOOLEAN WithAccount
);
NTSTATUS
NlUpdateDomainInfo(
IN PCLIENT_SESSION ClientSession
);
NET_API_STATUS
NlCreateShare(
LPWSTR SharePath,
LPWSTR ShareName,
BOOLEAN AllowAuthenticatedUsers,
BOOL UpdateExclusiveShareAccess,
BOOL AllowExclusiveShareAccess
);
NET_API_STATUS
NlCacheJoinDomainControllerInfo(
VOID
);
NTSTATUS
NlSamOpenNamedUser(
IN PDOMAIN_INFO DomainInfo,
IN LPCWSTR UserName,
OUT SAMPR_HANDLE *UserHandle OPTIONAL,
OUT PULONG UserId OPTIONAL,
PSAMPR_USER_INFO_BUFFER *UserAllInfo OPTIONAL
);
NTSTATUS
NlSamChangePasswordNamedUser(
IN PDOMAIN_INFO DomainInfo,
IN LPCWSTR UserName,
IN PUNICODE_STRING ClearTextPassword OPTIONAL,
IN PNT_OWF_PASSWORD OwfPassword OPTIONAL
);
NTSTATUS
NlGetIncomingPassword(
IN PDOMAIN_INFO DomainInfo,
IN LPCWSTR AccountName,
IN NETLOGON_SECURE_CHANNEL_TYPE SecureChannelType,
IN ULONG AllowableAccountControlBits,
IN BOOL CheckAccountDisabled,
OUT PNT_OWF_PASSWORD OwfPassword OPTIONAL,
OUT PNT_OWF_PASSWORD OwfPreviousPassword OPTIONAL,
OUT PULONG AccountRid OPTIONAL,
OUT PULONG TrustAttributes OPTIONAL,
OUT PBOOL IsDnsDomainTrustAccount OPTIONAL
);
NTSTATUS
NlSetIncomingPassword(
IN PDOMAIN_INFO DomainInfo,
IN LPWSTR AccountName,
IN NETLOGON_SECURE_CHANNEL_TYPE SecureChannelType,
IN PUNICODE_STRING ClearTextPassword OPTIONAL,
IN DWORD ClearPasswordVersionNumber,
IN PNT_OWF_PASSWORD OwfPassword OPTIONAL
);
NTSTATUS
NlChangePassword(
IN PCLIENT_SESSION ClientSession,
IN BOOLEAN ForcePasswordChange,
OUT PULONG RetCallAgainPeriod OPTIONAL
);
NTSTATUS
NlChangePasswordHigher(
IN PCLIENT_SESSION ClientSession,
IN LPWSTR AccountName,
IN NETLOGON_SECURE_CHANNEL_TYPE AccountType,
IN PLM_OWF_PASSWORD NewOwfPassword OPTIONAL,
IN PUNICODE_STRING NewClearPassword OPTIONAL,
IN PDWORD ClearPasswordVersionNumber OPTIONAL
);
NTSTATUS
NlGetUserPriv(
IN PDOMAIN_INFO DomainInfo,
IN ULONG GroupCount,
IN PGROUP_MEMBERSHIP Groups,
IN ULONG UserRelativeId,
OUT LPDWORD Priv,
OUT LPDWORD AuthFlags
);
BOOLEAN
NlGenerateRandomBits(
PUCHAR pBuffer,
ULONG cbBuffer
);
//
// netlogon.c
//
#ifdef _DC_NETLOGON
BOOL
TimerExpired(
IN PTIMER Timer,
IN PLARGE_INTEGER TimeNow,
IN OUT LPDWORD Timeout
);
ULONG
NlGetDomainFlags(
IN PDOMAIN_INFO DomainInfo
);
NTSTATUS
NlWaitForService(
LPWSTR ServiceName,
ULONG Timeout,
BOOLEAN RequireAutoStart
);
int
NlNetlogonMain(
IN DWORD argc,
IN LPWSTR *argv
);
NTSTATUS
NlInitLsaDBInfo(
PDOMAIN_INFO DomainInfo,
DWORD DBIndex
);
NTSTATUS
NlInitSamDBInfo(
PDOMAIN_INFO DomainInfo,
DWORD DBIndex
);
BOOL
NlCreateSysvolShares(
VOID
);
#endif // _DC_NETLOGON
//
// mailslot.c
//
NTSTATUS
NlpWriteMailslot(
IN LPWSTR MailslotName,
IN LPVOID Buffer,
IN DWORD BufferSize
);
#ifdef _DC_NETLOGON
HANDLE
NlBrowserCreateEvent(
VOID
);
VOID
NlBrowserCloseEvent(
IN HANDLE EventHandle
);
BOOL
NlBrowserOpen(
VOID
);
VOID
NlBrowserClose(
VOID
);
NTSTATUS
NlBrowserSendDatagramA(
IN PDOMAIN_INFO DomainInfo,
IN ULONG IpAddress,
IN LPSTR OemServerName,
IN DGRECEIVER_NAME_TYPE NameType,
IN LPWSTR TransportName,
IN LPSTR OemMailslotName,
IN PVOID Buffer,
IN ULONG BufferSize
);
NET_API_STATUS
NlBrowserFixAllNames(
IN PDOMAIN_INFO DomainInfo,
IN PVOID Context
);
VOID
NlBrowserAddName(
IN PDOMAIN_INFO DomainInfo
);
VOID
NlBrowserDelName(
IN PDOMAIN_INFO DomainInfo
);
VOID
NlBrowserUpdate(
IN PDOMAIN_INFO DomainInfo,
IN DWORD Role
);
NTSTATUS
NlBrowserRenameDomain(
IN LPWSTR OldDomainName OPTIONAL,
IN LPWSTR NewDomainName
);
NET_API_STATUS
NlBrowserGetTransportList(
OUT PLMDR_TRANSPORT_LIST *TransportList
);
VOID
NlBrowserSyncHostedDomains(
VOID
);
VOID
NlMailslotPostRead(
IN BOOLEAN IgnoreDuplicatesOfPreviousMessage
);
BOOL
NlMailslotOverlappedResult(
OUT LPBYTE *Message,
OUT PULONG BytesRead,
OUT LPWSTR *TransportName,
OUT PNL_TRANSPORT *Transport,
OUT PSOCKADDR *ClientSockAddr,
OUT LPWSTR *DestinationName,
OUT PBOOLEAN IgnoreDuplicatesOfPreviousMessage,
OUT PNETLOGON_PNP_OPCODE NlPnpOpcode
);
NET_API_STATUS
NlServerComputerNameAdd(
IN LPWSTR HostedDomainName,
IN LPWSTR HostedServerName
);
//
// oldstub.c
//
void _fgs__NETLOGON_DELTA_ENUM (NETLOGON_DELTA_ENUM * _source);
// Use this to free all memory allocated by SAM.
#define SamLsaFreeMemory( _X ) MIDL_user_free(_X)
//
// ds.c
//
NET_API_STATUS
NlGetRoleInformation(
PDOMAIN_INFO DomainInfo,
PBOOLEAN IsPdc,
PBOOLEAN Nt4MixedDomain
);
//
// rgroups.c
//
NTSTATUS
NlpExpandResourceGroupMembership(
IN NETLOGON_VALIDATION_INFO_CLASS ValidationLevel,
IN OUT PNETLOGON_VALIDATION_SAM_INFO4 * UserInfo,
IN PDOMAIN_INFO DomainInfo,
IN ULONG ComputerAccountId
);
NTSTATUS
NlpAddResourceGroupsToSamInfo (
IN NETLOGON_VALIDATION_INFO_CLASS ValidationLevel,
IN OUT PNETLOGON_VALIDATION_SAM_INFO4 *ValidationInformation,
IN PSAMPR_PSID_ARRAY ResourceGroups
);
NTSTATUS
NlpAddOtherOrganizationSid (
IN NETLOGON_VALIDATION_INFO_CLASS ValidationLevel,
IN OUT PNETLOGON_VALIDATION_SAM_INFO4 *ValidationInformation
);
#endif // _DC_NETLOGON
//
// nltrace.c
//
ULONG
_stdcall
NlpInitializeTrace(PVOID Param);
VOID
NlpTraceEvent(
IN ULONG WmiEventType,
IN ULONG TraceGuid );
VOID
NlpTraceServerAuthEvent(
IN ULONG WmiEventType,
IN LPWSTR ComputerName,
IN LPWSTR AccountName,
IN NETLOGON_SECURE_CHANNEL_TYPE SecureChannelType,
IN PULONG NegotiatedFlags,
IN NTSTATUS Status
);
//
// The following "typedef enum" actually is the index of LPGUID in
// the table of NlpTraceGuids[] (defined in nltrace.c). We should
// always change NlpTraceGuids[] if we add any other entry
// in the following enum type.
//
typedef enum _NLPTRACE_GUID {
NlpGuidServerAuth,
NlpGuidSecureChannelSetup
} NLPTRACE_GUID;
//
// parse.c
//
NET_API_STATUS
NlParseOne(
IN LPNET_CONFIG_HANDLE SectionHandle,
IN BOOL GpSection,
IN LPWSTR Keyword,
IN ULONG DefaultValue,
IN ULONG MinimumValue,
IN ULONG MaximumValue,
OUT PULONG Value
);