You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2055 lines
52 KiB
2055 lines
52 KiB
/*++
|
|
|
|
Copyright (c) 1991-1996 Microsoft Corporation
|
|
|
|
Module Name:
|
|
|
|
ssiinit.h
|
|
|
|
Abstract:
|
|
|
|
Private global variables, defines, and routine declarations used for
|
|
to implement SSI.
|
|
|
|
Author:
|
|
|
|
Cliff Van Dyke (cliffv) 25-Jul-1991
|
|
|
|
Environment:
|
|
|
|
User mode only.
|
|
Contains NT-specific code.
|
|
Requires ANSI C extensions: slash-slash comments, long external names.
|
|
|
|
Revision History:
|
|
|
|
02-Jan-1992 (madana)
|
|
added support for builtin/multidomain replication.
|
|
|
|
04-10-1992 (madana)
|
|
added support for LSA replication.
|
|
|
|
--*/
|
|
|
|
// general purpose mainfests
|
|
//
|
|
// Define UserAccountControl bit to indicate an NT 5.0 interdomain trust.
|
|
//
|
|
// This is not really a SAM account. But UserAccountControl is used for all
|
|
// other trust types.
|
|
//
|
|
// Pick a bit that will never be used in the future to indicate a different
|
|
// account type.
|
|
//
|
|
#define USER_DNS_DOMAIN_TRUST_ACCOUNT USER_ACCOUNT_AUTO_LOCKED
|
|
|
|
//
|
|
// Maximum time we'll wait during full sync in an attempt to decrease
|
|
// wan link utilization.
|
|
//
|
|
#define MAX_SYNC_SLEEP_TIME (60*60*1000) // 1 hour
|
|
|
|
|
|
//
|
|
// How big a buffer we request on a SAM delta or a SAM sync.
|
|
//
|
|
#define SAM_DELTA_BUFFER_SIZE (128*1024)
|
|
|
|
//
|
|
// The size of the largest mailslot message.
|
|
//
|
|
// All mailslot messages we receive are broadcast. The Win32 spec says
|
|
// the limit on broadcast mailslot is 400 bytes. Really it is
|
|
// 444 bytes (512 minus SMB header etc) - size of the mailslot name.
|
|
// I'll use 444 to ensure this size is the largest I'll ever need.
|
|
//
|
|
// The NETLOGON_SAM_LOGON_RESPONSE_EX structure isn't packed into a mailslot
|
|
// packet so it may be larger.
|
|
//
|
|
|
|
#define NETLOGON_MAX_MS_SIZE max(444, sizeof(NETLOGON_SAM_LOGON_RESPONSE_EX))
|
|
|
|
//
|
|
// Structure describing a transport supported by redir/server and browser.
|
|
//
|
|
typedef struct _NL_TRANSPORT {
|
|
//
|
|
// List of all transports headed by NlTransportListHead.
|
|
// (Serialized by NlTransportCritSect)
|
|
//
|
|
|
|
LIST_ENTRY Next;
|
|
|
|
//
|
|
// True if the transport is currently enabled.
|
|
// We never delete a transport in order to avoid maintaining a reference count.
|
|
//
|
|
|
|
BOOLEAN TransportEnabled;
|
|
|
|
//
|
|
// True if transport is an IP transport.
|
|
//
|
|
|
|
BOOLEAN IsIpTransport;
|
|
|
|
//
|
|
// True if transport is direct host IPX transport
|
|
//
|
|
|
|
BOOLEAN DirectHostIpx;
|
|
|
|
//
|
|
// IP Address for this transport.
|
|
// Zero if not IP or none yet assigned.
|
|
//
|
|
|
|
ULONG IpAddress;
|
|
|
|
//
|
|
// Handle to the transport device
|
|
//
|
|
|
|
HANDLE DeviceHandle;
|
|
|
|
//
|
|
// Name of the transport.
|
|
//
|
|
|
|
WCHAR TransportName[1];
|
|
|
|
|
|
} NL_TRANSPORT, *PNL_TRANSPORT;
|
|
|
|
|
|
/////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// Client Session definitions
|
|
//
|
|
/////////////////////////////////////////////////////////////////////////////
|
|
|
|
//
|
|
// An internal timer used to schedule a periodic event.
|
|
//
|
|
|
|
typedef struct _TIMER {
|
|
LARGE_INTEGER StartTime; // Start of period (NT absolute time)
|
|
DWORD Period; // length of period (miliseconds)
|
|
#define TIMER_MAX_PERIOD (MAILSLOT_WAIT_FOREVER - 1)
|
|
|
|
} TIMER, *PTIMER;
|
|
|
|
#define NL_MILLISECONDS_PER_SECOND (1000)
|
|
#define NL_MILLISECONDS_PER_MINUTE (60 * NL_MILLISECONDS_PER_SECOND)
|
|
#define NL_MILLISECONDS_PER_HOUR (60 * NL_MILLISECONDS_PER_MINUTE)
|
|
#define NL_MILLISECONDS_PER_DAY (24 * NL_MILLISECONDS_PER_HOUR)
|
|
|
|
//
|
|
// Structure the describes an API call over the secure channel
|
|
//
|
|
|
|
|
|
typedef struct _CLIENT_API {
|
|
|
|
|
|
//
|
|
// Each API call made across this secure channel is timed by this timer.
|
|
// If the timer expires, the session to the server is forcefully
|
|
// terminated to ensure the client doesn't hang for a dead server.
|
|
//
|
|
// Access serialized by DomainInfo->DomTrustListCritSect.
|
|
//
|
|
|
|
TIMER CaApiTimer;
|
|
|
|
#define SHORT_API_CALL_PERIOD (45*1000) // Logon API lasts 45 seconds
|
|
#define LONG_API_CALL_PERIOD (15*60*1000) // Replication API 15 minute
|
|
#define BINDING_CACHE_PERIOD (3*60*1000) // Cache RPC handle for 3 minutes
|
|
#define WRITER_WAIT_PERIOD NlGlobalParameters.ShortApiCallPeriod // Max time to wait to become writer
|
|
|
|
#define IsApiActive( _ClientApi ) ((_ClientApi)->CaApiTimer.Period != MAILSLOT_WAIT_FOREVER )
|
|
|
|
//
|
|
// Handle to the thread doing the API.
|
|
//
|
|
// Access serialized by DomainInfo->DomTrustListCritSect.
|
|
//
|
|
|
|
HANDLE CaThreadHandle;
|
|
|
|
|
|
//
|
|
// Access serialized by DomainInfo->DomTrustListCritSect.
|
|
//
|
|
|
|
DWORD CaFlags;
|
|
|
|
|
|
#define CA_BINDING_CACHED 0x1 // Set if the binding handle is cached
|
|
|
|
#define CA_TCP_BINDING 0x2 // Set if the cached binding handle is TCP/IP
|
|
|
|
#define CA_BINDING_AUTHENTICATED 0x4 // Set if the binding handle is marked authenticated
|
|
|
|
#define CA_ENTRY_IN_USE 0x8 // Entry is in use by a thread
|
|
|
|
//
|
|
// Rpc context handle for this call.
|
|
//
|
|
// Access serialized by DomainInfo->DomTrustListCritSect.
|
|
//
|
|
handle_t CaRpcHandle;
|
|
|
|
//
|
|
// When an api is in progress,
|
|
// this is the CsSessionCount at the start of the API call.
|
|
//
|
|
// Access serialized by CsWriterSemaphore.
|
|
//
|
|
|
|
DWORD CaSessionCount;
|
|
|
|
//
|
|
// UNC server name
|
|
//
|
|
|
|
WCHAR CaUncServerName[DNS_MAX_NAME_LENGTH + 3];
|
|
|
|
} CLIENT_API, * PCLIENT_API;
|
|
|
|
|
|
//
|
|
// Client session.
|
|
//
|
|
// Structure to define the client side of a session to a DC.
|
|
//
|
|
|
|
typedef struct _CLIENT_SESSION {
|
|
|
|
//
|
|
// Each client session entry is in a doubly linked list defined by
|
|
// DomTrustList.
|
|
//
|
|
// Access serialized by DomTrustListCritSect.
|
|
//
|
|
|
|
LIST_ENTRY CsNext;
|
|
|
|
|
|
//
|
|
// Time when the last authentication attempt was made.
|
|
//
|
|
// When the CsState is CS_AUTHENTICATED, this field is the time the
|
|
// secure channel was setup.
|
|
//
|
|
// When the CsState is CS_IDLE, this field is the time of the last
|
|
// failed discovery or session setup. Or it may be zero, to indicate
|
|
// that it is OK to do another discovery at any time.
|
|
//
|
|
// When the CsState is CS_DC_PICKED, this field is zero indicating it is
|
|
// OK to do the session setup at any time. Or it may be the time of the
|
|
// last failed session setup if different threads did the setup/discovery.
|
|
//
|
|
// Access serialized by NlGlobalDcDiscoveryCritSect
|
|
//
|
|
|
|
LARGE_INTEGER CsLastAuthenticationTry;
|
|
|
|
//
|
|
// Time when the last discovery attempt was made.
|
|
//
|
|
// The time is the time of completion of the last discovery attempt regardless
|
|
// of the success or failure of that attempt or the discovery type (with or without account)
|
|
//
|
|
// Access serialized by NlGlobalDcDiscoveryCritSect
|
|
//
|
|
|
|
LARGE_INTEGER CsLastDiscoveryTime;
|
|
|
|
//
|
|
// Time when the last discovery attempt with account was made
|
|
// regardless of the success or failure of that attempt
|
|
//
|
|
|
|
LARGE_INTEGER CsLastDiscoveryWithAccountTime;
|
|
|
|
//
|
|
// Time when the session was refreshed last time
|
|
//
|
|
|
|
LARGE_INTEGER CsLastRefreshTime;
|
|
|
|
//
|
|
// Time when the forest trust info was refreshed last time.
|
|
// Access serialized by DomTrustListCritSect.
|
|
//
|
|
|
|
LARGE_INTEGER CsLastFtInfoRefreshTime;
|
|
|
|
//
|
|
// WorkItem for Async discovery
|
|
//
|
|
|
|
WORKER_ITEM CsAsyncDiscoveryWorkItem;
|
|
|
|
//
|
|
// Name/Guid of the domain this connection is to
|
|
//
|
|
// Access serialized by DomTrustListCritSect.
|
|
//
|
|
|
|
GUID CsDomainGuidBuffer;
|
|
UNICODE_STRING CsNetbiosDomainName;
|
|
CHAR CsOemNetbiosDomainName[DNLEN+1];
|
|
ULONG CsOemNetbiosDomainNameLength;
|
|
UNICODE_STRING CsDnsDomainName;
|
|
LPSTR CsUtf8DnsDomainName;
|
|
GUID *CsDomainGuid; // NULL if domain has no GUID.
|
|
|
|
// Either the Netbios or Dns Domain name.
|
|
// Suitable for debug. Suitable for Eventlog messages.
|
|
LPWSTR CsDebugDomainName;
|
|
|
|
//
|
|
// Name of the local trusted domain object.
|
|
//
|
|
PUNICODE_STRING CsTrustName;
|
|
|
|
|
|
//
|
|
// Name of the account on the server.
|
|
// For NT 5.0 interdomain trust, this is the dns name of this domain.
|
|
//
|
|
|
|
LPWSTR CsAccountName;
|
|
|
|
|
|
|
|
//
|
|
// Domain ID of the domain this connection is to
|
|
//
|
|
// Access serialized by either DomTrustListCritSect or CsWriter.
|
|
// Modifications must lock both.
|
|
|
|
PSID CsDomainId;
|
|
|
|
|
|
//
|
|
// Hosted domain this session is for
|
|
//
|
|
|
|
PDOMAIN_INFO CsDomainInfo;
|
|
|
|
//
|
|
// Type of CsAccountName
|
|
//
|
|
|
|
NETLOGON_SECURE_CHANNEL_TYPE CsSecureChannelType;
|
|
|
|
//
|
|
// State of the connection to the server.
|
|
//
|
|
// Access serialized by NlGlobalDcDiscoveryCritSect
|
|
// This field can be read without the crit sect locked if
|
|
// the answer will only be used as a hint.
|
|
//
|
|
|
|
DWORD CsState;
|
|
|
|
#define CS_IDLE 0 // No session is currently active
|
|
#define CS_DC_PICKED 1 // The session has picked a DC for session
|
|
#define CS_AUTHENTICATED 2 // The session is currently active
|
|
|
|
|
|
//
|
|
// Status of latest attempt to contact the server.
|
|
//
|
|
// When the CsState is CS_AUTHENTICATED, this field is STATUS_SUCCESS.
|
|
//
|
|
// When the CsState is CS_IDLE, this field is a non-successful status.
|
|
//
|
|
// When the CsState is CS_DC_PICKED, this field is the same non-successful
|
|
// status from when the CsState was last CS_IDLE.
|
|
//
|
|
// Access serialized by NlGlobalDcDiscoveryCritSect
|
|
// This field can be read without the crit sect locked if
|
|
// the answer will only be used as a hint.
|
|
//
|
|
|
|
NTSTATUS CsConnectionStatus;
|
|
|
|
//
|
|
// Access serialized by DomTrustListCritSect
|
|
//
|
|
|
|
DWORD CsFlags;
|
|
|
|
#define CS_UPDATE_PASSWORD 0x01 // Set if the password has already
|
|
// been changed on the client and
|
|
// needs changing on the server.
|
|
|
|
#define CS_PASSWORD_REFUSED 0x02 // Set if DC refused a password change.
|
|
|
|
#define CS_NT5_DOMAIN_TRUST 0x04 // Trust is to an NT 5 domain.
|
|
|
|
#define CS_WRITER 0x08 // Entry is being modified
|
|
|
|
#define CS_DIRECT_TRUST 0x10 // We have a direct trust to the specified
|
|
// domain.
|
|
|
|
#define CS_CHECK_DIRECT_TRUST 0x20 // Set if we need to check the password
|
|
// and forest trust info
|
|
|
|
#define CS_PICK_DC 0x40 // Set if we need to Pick a DC
|
|
|
|
#define CS_REDISCOVER_DC 0x80 // Set when we need to Rediscover a DC
|
|
|
|
#define CS_HANDLE_API_TIMER 0x400 // Set if we need to handle API timer expiration
|
|
|
|
#define CS_NOT_IN_LSA 0x800 // Flag to delete this entry if it's
|
|
// not later proved to be in the LSA.
|
|
|
|
#define CS_ZERO_LAST_AUTH 0x2000 // Set if we need to zero CsLastAuthenticationTry
|
|
|
|
#define CS_DOMAIN_IN_FOREST 0x4000 // Set if trusted domain is in same forest as this domain.
|
|
|
|
#define CS_NEW_TRUST 0x8000 // Set on a newly allocated trusted domain
|
|
// until async discovery has been tried
|
|
|
|
#define CS_DC_PICKED_ONCE 0x10000 // Set if DC was picked at least once.
|
|
// Access serialized by writer lock
|
|
|
|
//
|
|
// Trust attributes for the trusted domain object
|
|
//
|
|
|
|
ULONG CsTrustAttributes;
|
|
|
|
//
|
|
// Pointer to client session that represents the direct trust that's
|
|
// the closest route to the domain of this client session.
|
|
//
|
|
// The pointed to client session will always be marked CS_DIRECT_TRUST.
|
|
//
|
|
// If this is a CS_DIRECT_TRUST session,
|
|
// this field will point to this client session.
|
|
//
|
|
|
|
struct _CLIENT_SESSION *CsDirectClientSession;
|
|
|
|
//
|
|
// Flags describing capabilities of both client and server.
|
|
//
|
|
|
|
ULONG CsNegotiatedFlags;
|
|
|
|
//
|
|
// Time Number of authentication attempts since last success.
|
|
//
|
|
// Access serialized by CsWriterSemaphore.
|
|
//
|
|
|
|
DWORD CsAuthAlertCount;
|
|
|
|
//
|
|
// Number of times the secure channel has been dropped.
|
|
//
|
|
// Access serialized by CsWriterSemaphore.
|
|
//
|
|
|
|
DWORD CsSessionCount;
|
|
|
|
//
|
|
// Number of threads referencing this entry.
|
|
//
|
|
// Access serialized by DomTrustListCritSect.
|
|
//
|
|
|
|
DWORD CsReferenceCount;
|
|
|
|
//
|
|
// Writer semaphore.
|
|
//
|
|
// This semaphore is locked whenever there is a writer modifying
|
|
// fields in this client session.
|
|
//
|
|
|
|
HANDLE CsWriterSemaphore;
|
|
|
|
|
|
#ifdef _DC_NETLOGON
|
|
//
|
|
// The following fields are used by the NlDiscoverDc to keep track
|
|
// of discovery state.
|
|
//
|
|
// Access serialized by NlGlobalDcDiscoveryCritSect
|
|
//
|
|
|
|
DWORD CsDiscoveryFlags;
|
|
#define CS_DISCOVERY_DEAD_DOMAIN 0x001 // This is a dead domain disocvery
|
|
#define CS_DISCOVERY_ASYNCHRONOUS 0x002 // Discovery being processed in worker thread
|
|
#define CS_DISCOVERY_HAS_DS 0x004 // Discovered DS has a DS
|
|
#define CS_DISCOVERY_IS_CLOSE 0x008 // Discovered DS is in a close site
|
|
#define CS_DISCOVERY_HAS_IP 0x010 // Discovered DC has IP address
|
|
#define CS_DISCOVERY_USE_MAILSLOT 0x020 // Discovered DC should be pinged using mailslot mechanism
|
|
#define CS_DISCOVERY_USE_LDAP 0x040 // Discovered DC should be pinged using LDAP mechanism
|
|
#define CS_DISCOVERY_HAS_TIMESERV 0x080 // Discovered DC runs the Windows Time Service
|
|
#define CS_DISCOVERY_DNS_SERVER 0x100 // Discovered DC name is DNS (if off, the name is Netbios)
|
|
#define CS_DISCOVERY_NO_PWD_ATTR_MONITOR 0x200 // Discovered DC cannot process NetrServerTrustPasswordsAndAttribGet
|
|
|
|
//
|
|
// This event is set to indicate that discovery is not in progress on this
|
|
// client session.
|
|
//
|
|
|
|
HANDLE CsDiscoveryEvent;
|
|
#endif // _DC_NETLOGON
|
|
|
|
//
|
|
// API timout count. After each logon/logoff API call made to the
|
|
// server this count is incremented if the time taken to execute the
|
|
// this API is more than MAX_DC_API_TIMEOUT.
|
|
//
|
|
// The count is decremented each time there are FAST_DC_API_THRESHOLD calls
|
|
// that execute in FAST_DC_API_TIMEOUT seconds.
|
|
//
|
|
//
|
|
// Access serialized by CsWriterSemaphore.
|
|
//
|
|
|
|
DWORD CsTimeoutCount;
|
|
|
|
#define MAX_DC_TIMEOUT_COUNT 2 // drop the session after this
|
|
// many timeouts and when it is
|
|
// time to reauthenticate.
|
|
|
|
#define MAX_DC_API_TIMEOUT (long) (15L*1000L) // 15 seconds
|
|
|
|
#define MAX_DC_REAUTHENTICATION_WAIT (long) (5L*60L*1000L) // 5 mins
|
|
|
|
#define MAX_DC_REFRESH_TIMEOUT (45 * 60 * 1000) // 45 minutes
|
|
|
|
#define FAST_DC_API_THRESHOLD 5 // Number of fast calls needed before
|
|
// we decrement timeout count
|
|
|
|
#define FAST_DC_API_TIMEOUT (1000) // 1 second
|
|
|
|
//
|
|
// Count of Fast Calls
|
|
//
|
|
// Access serialized by CsWriterSemaphore.
|
|
//
|
|
|
|
DWORD CsFastCallCount;
|
|
|
|
//
|
|
// Authentication information.
|
|
//
|
|
// Access serialized by CsWriterSemaphore.
|
|
//
|
|
|
|
NETLOGON_CREDENTIAL CsAuthenticationSeed;
|
|
NETLOGON_SESSION_KEY CsSessionKey;
|
|
|
|
PVOID ClientAuthData;
|
|
CredHandle CsCredHandle;
|
|
|
|
#ifdef _DC_NETLOGON
|
|
//
|
|
// Transport the server was discovered on.
|
|
//
|
|
|
|
PNL_TRANSPORT CsTransport;
|
|
#endif // _DC_NETLOGON
|
|
|
|
|
|
//
|
|
// Rid of the account used to contact server
|
|
//
|
|
|
|
ULONG CsAccountRid;
|
|
|
|
//
|
|
// Know good password for this secure channel.
|
|
//
|
|
// After secure channel setup, it is the password used to setup the channel.
|
|
// After a password change, it is the password successfully set on the DC.
|
|
//
|
|
NT_OWF_PASSWORD CsNtOwfPassword;
|
|
|
|
//
|
|
// Name of the server this connection is to (may be DNS or Netbios) and its
|
|
// IP address (if any).
|
|
//
|
|
// Access serialized by CsWriterSemaphore or NlGlobalDcDiscoveryCritSect.
|
|
// Modification from Null to non-null serialized by
|
|
// NlGlobalDcDiscoveryCritSect
|
|
// (Modification from non-null to null requires both to be locked.)
|
|
//
|
|
|
|
LPWSTR CsUncServerName;
|
|
|
|
SOCKET_ADDRESS CsServerSockAddr;
|
|
SOCKADDR_IN CsServerSockAddrIn;
|
|
|
|
//
|
|
// API semaphore.
|
|
//
|
|
// This semaphore has one reference for each slot in CsClientApi.
|
|
// (Except the zeroth slot which is special.)
|
|
//
|
|
|
|
HANDLE CsApiSemaphore;
|
|
|
|
//
|
|
// List of API calls outstanding on this session
|
|
//
|
|
// Access serialized by DomainInfo->DomTrustListCritSect.
|
|
//
|
|
|
|
CLIENT_API CsClientApi[1];
|
|
|
|
#define ClientApiIndex( _ClientSession, _ClientApi ) \
|
|
((LONG) ((_ClientApi)-&((_ClientSession)->CsClientApi[0])) )
|
|
|
|
#define UseConcurrentRpc( _ClientSession, _ClientApi ) \
|
|
(ClientApiIndex( _ClientSession, _ClientApi ) != 0 )
|
|
|
|
|
|
} CLIENT_SESSION, * PCLIENT_SESSION;
|
|
|
|
|
|
#define LOCK_TRUST_LIST(_DI) EnterCriticalSection( &(_DI)->DomTrustListCritSect )
|
|
#define UNLOCK_TRUST_LIST(_DI) LeaveCriticalSection( &(_DI)->DomTrustListCritSect )
|
|
|
|
//
|
|
// For member workstations,
|
|
// maintain a list of domains trusted by our primary domain.
|
|
//
|
|
// Access serialized by NlGlobalDcDiscoveryCritSect
|
|
//
|
|
|
|
typedef struct {
|
|
WCHAR UnicodeNetbiosDomainName[DNLEN+1];
|
|
LPSTR Utf8DnsDomainName;
|
|
} TRUSTED_DOMAIN, *PTRUSTED_DOMAIN;
|
|
|
|
|
|
|
|
#ifdef _DC_NETLOGON
|
|
/////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// Server Session definitions
|
|
//
|
|
/////////////////////////////////////////////////////////////////////////////
|
|
|
|
//
|
|
// Sam Sync Context.
|
|
//
|
|
// A Sam sync context is maintained on the PDC for each BDC/member currently
|
|
// doing a full sync.
|
|
//
|
|
typedef struct _SAM_SYNC_CONTEXT {
|
|
|
|
//
|
|
// The Sync state indicates tracks the progression of the sync.
|
|
//
|
|
|
|
SYNC_STATE SyncState;
|
|
|
|
//
|
|
// A serial number indicating the number of times the BDC/member
|
|
// has called us. We use this as a resume handle.
|
|
//
|
|
|
|
ULONG SyncSerial;
|
|
|
|
//
|
|
// The current Sam Enumeration information
|
|
//
|
|
|
|
SAM_ENUMERATE_HANDLE SamEnumHandle; // Current Sam Enum Handle
|
|
PSAMPR_ENUMERATION_BUFFER SamEnum; // Sam returned buffer
|
|
PULONG RidArray; // Array of enumerated Rids
|
|
ULONG Index; // Index to current entry
|
|
ULONG Count; // Total Number of entries
|
|
|
|
BOOL SamAllDone; // True, if Sam has completed
|
|
|
|
} SAM_SYNC_CONTEXT, *PSAM_SYNC_CONTEXT;
|
|
|
|
#define SAM_SYNC_PREF_MAX 1024 // Preferred max for Sam Sync
|
|
|
|
|
|
//
|
|
// Lsa Sync Context.
|
|
//
|
|
// A Lsa sync context is maintained on the PDC for each BDC/member
|
|
// currently doing a full sync.
|
|
//
|
|
typedef struct _LSA_SYNC_CONTEXT {
|
|
|
|
//
|
|
// The Sync state indicates tracks the progression of the sync.
|
|
//
|
|
|
|
enum {
|
|
AccountState,
|
|
TDomainState,
|
|
SecretState,
|
|
LsaDoneState
|
|
} SyncState;
|
|
|
|
//
|
|
// A serial number indicating the number of times the BDC/member
|
|
// has called us. We use this as a resume handle.
|
|
//
|
|
|
|
ULONG SyncSerial;
|
|
|
|
//
|
|
// The current Lsa Enumeration information
|
|
//
|
|
|
|
LSA_ENUMERATION_HANDLE LsaEnumHandle; // Current Lsa Enum Handle
|
|
|
|
enum {
|
|
AccountEnumBuffer,
|
|
TDomainEnumBuffer,
|
|
SecretEnumBuffer,
|
|
EmptyEnumBuffer
|
|
} LsaEnumBufferType;
|
|
|
|
union {
|
|
LSAPR_ACCOUNT_ENUM_BUFFER Account;
|
|
LSAPR_TRUSTED_ENUM_BUFFER TDomain;
|
|
PVOID Secret;
|
|
} LsaEnum; // Lsa returned buffer
|
|
|
|
ULONG Index; // Index to current entry
|
|
ULONG Count; // Total Number of entries
|
|
|
|
BOOL LsaAllDone; // True, if Lsa has completed
|
|
|
|
} LSA_SYNC_CONTEXT, *PLSA_SYNC_CONTEXT;
|
|
|
|
//
|
|
// union of lsa and sam context
|
|
//
|
|
|
|
typedef struct _SYNC_CONTEXT {
|
|
enum {
|
|
LsaDBContextType,
|
|
SamDBContextType
|
|
} DBContextType;
|
|
|
|
union {
|
|
LSA_SYNC_CONTEXT Lsa;
|
|
SAM_SYNC_CONTEXT Sam;
|
|
} DBContext;
|
|
} SYNC_CONTEXT, *PSYNC_CONTEXT;
|
|
|
|
//
|
|
// Macro used to free any resources allocated by SAM.
|
|
//
|
|
// ?? check LsaIFree_LSAPR_* call parameters.
|
|
//
|
|
|
|
#define CLEAN_SYNC_CONTEXT( _Sync ) { \
|
|
if ( (_Sync)->DBContextType == LsaDBContextType ) { \
|
|
if ( (_Sync)->DBContext.Lsa.LsaEnumBufferType != \
|
|
EmptyEnumBuffer) { \
|
|
if ( (_Sync)->DBContext.Lsa.LsaEnumBufferType == \
|
|
AccountEnumBuffer) { \
|
|
LsaIFree_LSAPR_ACCOUNT_ENUM_BUFFER( \
|
|
&((_Sync)->DBContext.Lsa.LsaEnum.Account) ); \
|
|
} \
|
|
else if ( (_Sync)->DBContext.Lsa.LsaEnumBufferType == \
|
|
TDomainEnumBuffer) { \
|
|
LsaIFree_LSAPR_TRUSTED_ENUM_BUFFER( \
|
|
&((_Sync)->DBContext.Lsa.LsaEnum.TDomain) ); \
|
|
} \
|
|
else { \
|
|
LsaIFree_LSAI_SECRET_ENUM_BUFFER ( \
|
|
(_Sync)->DBContext.Lsa.LsaEnum.Secret, \
|
|
(_Sync)->DBContext.Lsa.Count ); \
|
|
(_Sync)->DBContext.Lsa.LsaEnum.Secret = NULL; \
|
|
} \
|
|
(_Sync)->DBContext.Lsa.LsaEnumBufferType = \
|
|
EmptyEnumBuffer; \
|
|
} \
|
|
} else { \
|
|
if ( (_Sync)->DBContext.Sam.SamEnum != NULL ) { \
|
|
SamIFree_SAMPR_ENUMERATION_BUFFER( \
|
|
(_Sync)->DBContext.Sam.SamEnum ); \
|
|
(_Sync)->DBContext.Sam.SamEnum = NULL; \
|
|
} \
|
|
if ( (_Sync)->DBContext.Sam.RidArray != NULL ) { \
|
|
MIDL_user_free( (_Sync)->DBContext.Sam.RidArray );\
|
|
(_Sync)->DBContext.Sam.RidArray = NULL; \
|
|
} \
|
|
} \
|
|
}
|
|
|
|
//
|
|
// Macro to initialize Sync Context
|
|
//
|
|
#define INIT_SYNC_CONTEXT( _Sync, _ContextType ) { \
|
|
RtlZeroMemory( (_Sync), sizeof( *(_Sync) ) ) ; \
|
|
(_Sync)->DBContextType = (_ContextType) ; \
|
|
}
|
|
|
|
//
|
|
// Server Session structure
|
|
//
|
|
// This structure represents the server side of a connection to a DC.
|
|
//
|
|
// ISSUE-2000/09/15-CliffV: This structure could be made smaller by using SsSecureChannelType
|
|
// as a discriminator. Many fields are specific to a BDC server session entry. Others
|
|
// are specific to a domain server session entry. However, most entries are member workstation
|
|
// server session entries that don't use either of the fields.
|
|
//
|
|
|
|
typedef struct _SERVER_SESSION {
|
|
//
|
|
// Each server session entry is in a doubly linked list for each hash bucket.
|
|
// Indexed by SsComputerName
|
|
//
|
|
|
|
LIST_ENTRY SsHashList;
|
|
|
|
//
|
|
// Each server session entry is in a doubly linked list defined by
|
|
// DomainInfo->DomServerSessionTable.
|
|
//
|
|
|
|
LIST_ENTRY SsSeqList;
|
|
|
|
//
|
|
// List of all BDCs headed by NlGlobalBdcServerSessionList.
|
|
//
|
|
// (The field is set only on BDC server session entries)
|
|
//
|
|
// Access serialized by NlGlobalServerSessionTableCritSect.
|
|
//
|
|
|
|
LIST_ENTRY SsBdcList;
|
|
|
|
//
|
|
// List of BDC's which have a pulse pending.
|
|
//
|
|
|
|
LIST_ENTRY SsPendingBdcList;
|
|
|
|
//
|
|
// Time when the last pulse was sent to this machine
|
|
//
|
|
// (The field is set only on BDC server session entries)
|
|
//
|
|
|
|
LARGE_INTEGER SsLastPulseTime;
|
|
|
|
//
|
|
// Current serial numbers of each database on the BDC.
|
|
//
|
|
// (The field is set only on BDC server session entries)
|
|
//
|
|
|
|
LARGE_INTEGER SsBdcDbSerialNumber[NUM_DBS];
|
|
|
|
//
|
|
// The computername uniquely identifies this server session entry.
|
|
//
|
|
|
|
NETLOGON_SECURE_CHANNEL_TYPE SsSecureChannelType;
|
|
CHAR SsComputerName[CNLEN+1];
|
|
|
|
//
|
|
// Rid of the account to authenticate with
|
|
//
|
|
|
|
ULONG SsAccountRid;
|
|
|
|
//
|
|
// The number of times there has been no response to a pulse.
|
|
//
|
|
|
|
USHORT SsPulseTimeoutCount;
|
|
|
|
//
|
|
// Hosted domain for this server session.
|
|
//
|
|
|
|
PDOMAIN_INFO SsDomainInfo;
|
|
|
|
//
|
|
// The number of times this entry has been scavanged.
|
|
//
|
|
|
|
USHORT SsCheck;
|
|
|
|
//
|
|
// Flags describing the state of the current entry.
|
|
// See the SS_ defines below.
|
|
//
|
|
|
|
USHORT SsFlags;
|
|
|
|
#define SS_BDC_FORCE_DELETE 0x0001 // Unless set, BDC server session won't be deleted
|
|
#define SS_AUTHENTICATED 0x0002 // Remote side has been authenticated
|
|
|
|
#define SS_LOCKED 0x0004 // Delay deletion requests for this entry
|
|
// While set, SsSessionKey may be referenced
|
|
#define SS_DELETE_ON_UNLOCK 0x0008 // Delete entry when it is unlocked
|
|
|
|
#define SS_BDC 0x0010 // BDC account exists for this Client
|
|
#define SS_FOREST_TRANSITIVE 0x0020 // TDO has TRUST_ATTRIBUTE_FOREST_TRANSITIVE set
|
|
#define SS_PENDING_BDC 0x0040 // BDC is on pending BDC list.
|
|
|
|
#define SS_FORCE_PULSE 0x0200 // Force a pulse message to this BDC.
|
|
#define SS_PULSE_SENT 0x0400 // Pulse has been sent but has not
|
|
// been responded to yet
|
|
#define SS_LSA_REPL_NEEDED 0x2000 // BDC needs LSA DB replicated
|
|
#define SS_ACCOUNT_REPL_NEEDED 0x4000 // BDC needs SAM Account DB replicated
|
|
#define SS_BUILTIN_REPL_NEEDED 0x8000 // BDC needs SAM Builtin DB replicated
|
|
#define SS_REPL_MASK 0xE000 // BDC needs replication mask
|
|
#define SS_REPL_LSA_MASK 0x2000 // BDC needs LSA replication mask
|
|
#define SS_REPL_SAM_MASK 0xC000 // BDC needs SAM replication mask
|
|
|
|
// Don't clear these on session setup
|
|
#define SS_PERMANENT_FLAGS \
|
|
( SS_BDC | SS_PENDING_BDC | SS_FORCE_PULSE | SS_REPL_MASK )
|
|
|
|
//
|
|
// Flags describing capabilities of both client and server.
|
|
//
|
|
|
|
ULONG SsNegotiatedFlags;
|
|
|
|
//
|
|
// Transport the client connected over.
|
|
//
|
|
|
|
PNL_TRANSPORT SsTransport;
|
|
|
|
|
|
//
|
|
// This is the ClientCredential (after authentication is complete).
|
|
//
|
|
|
|
NETLOGON_CREDENTIAL SsAuthenticationSeed;
|
|
|
|
//
|
|
// This is the ServerChallenge (during the challenge phase) and later
|
|
// the SessionKey (after authentication is complete).
|
|
//
|
|
|
|
NETLOGON_SESSION_KEY SsSessionKey;
|
|
|
|
|
|
//
|
|
// A pointer to the Sync context.
|
|
//
|
|
// (The field is set only on BDC server session entries)
|
|
//
|
|
|
|
PSYNC_CONTEXT SsSync;
|
|
|
|
//
|
|
// Each server session entry is in a doubly linked list for each hash bucket.
|
|
// Indexed by SsTdoName
|
|
//
|
|
// (This field is set only on *uplevel* interdomain trust entries.)
|
|
//
|
|
|
|
LIST_ENTRY SsTdoNameHashList;
|
|
|
|
UNICODE_STRING SsTdoName;
|
|
|
|
} SERVER_SESSION, *PSERVER_SESSION;
|
|
#endif // _DC_NETLOGON
|
|
|
|
|
|
//
|
|
// Structure shared by all PDC and BDC sync routines.
|
|
// (And other users of secure channels.)
|
|
//
|
|
|
|
typedef struct _SESSION_INFO {
|
|
|
|
//
|
|
// Session Key shared by both client and server.
|
|
//
|
|
|
|
NETLOGON_SESSION_KEY SessionKey;
|
|
|
|
//
|
|
// Flags describing capabilities of both client and server.
|
|
//
|
|
|
|
ULONG NegotiatedFlags;
|
|
|
|
} SESSION_INFO, *PSESSION_INFO;
|
|
|
|
//
|
|
// Macro for tranlating the negotiated database replication flags to the mask of
|
|
// which databases to replicate/
|
|
//
|
|
|
|
#define NlMaxReplMask( _NegotiatedFlags ) \
|
|
((((_NegotiatedFlags) & NETLOGON_SUPPORTS_AVOID_SAM_REPL) ? 0 : SS_REPL_SAM_MASK ) | \
|
|
(((_NegotiatedFlags) & NETLOGON_SUPPORTS_AVOID_LSA_REPL) ? 0 : SS_REPL_LSA_MASK ) )
|
|
|
|
|
|
/////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// Structures and variables describing the database info.
|
|
//
|
|
/////////////////////////////////////////////////////////////////////////////
|
|
|
|
typedef struct _DB_Info {
|
|
LARGE_INTEGER CreationTime; // database creation time
|
|
DWORD DBIndex; // index of Database table
|
|
SAM_HANDLE DBHandle; // database handle to access
|
|
LPWSTR DBName; // Name of the database
|
|
DWORD DBSessionFlag; // SS_ Flag representing this database
|
|
} DB_INFO, *PDB_INFO;
|
|
|
|
|
|
|
|
|
|
|
|
/////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// Replication timing macros
|
|
//
|
|
/////////////////////////////////////////////////////////////////////////////
|
|
|
|
#if NETLOGONDBG
|
|
|
|
///////////////////////////////////////////////////////////////////////////////
|
|
|
|
#define DEFPACKTIMER DWORD PackTimer, PackTimerTicks
|
|
|
|
#define INITPACKTIMER PackTimer = 0;
|
|
|
|
#define STARTPACKTIMER \
|
|
IF_NL_DEBUG( REPL_OBJ_TIME ) { \
|
|
PackTimerTicks = GetTickCount(); \
|
|
}
|
|
|
|
#define STOPPACKTIMER \
|
|
IF_NL_DEBUG( REPL_OBJ_TIME ) { \
|
|
PackTimer += GetTickCount() - PackTimerTicks; \
|
|
}
|
|
|
|
|
|
#define PRINTPACKTIMER \
|
|
IF_NL_DEBUG( REPL_OBJ_TIME ) { \
|
|
NlPrint((NL_REPL_OBJ_TIME,"\tTime Taken to PACK this object = %d msecs\n", \
|
|
PackTimer )); \
|
|
}
|
|
|
|
///////////////////////////////////////////////////////////////////////////////
|
|
|
|
#define DEFSAMTIMER DWORD SamTimer, SamTimerTicks
|
|
|
|
#define INITSAMTIMER SamTimer = 0;
|
|
|
|
#define STARTSAMTIMER \
|
|
IF_NL_DEBUG( REPL_OBJ_TIME ) { \
|
|
SamTimerTicks = GetTickCount(); \
|
|
}
|
|
|
|
#define STOPSAMTIMER \
|
|
IF_NL_DEBUG( REPL_OBJ_TIME ) { \
|
|
SamTimer += GetTickCount() - SamTimerTicks; \
|
|
}
|
|
|
|
|
|
#define PRINTSAMTIMER \
|
|
IF_NL_DEBUG( REPL_OBJ_TIME ) { \
|
|
NlPrint((NL_REPL_OBJ_TIME, \
|
|
"\tTime spent in SAM calls = %d msecs\n", \
|
|
SamTimer )); \
|
|
}
|
|
|
|
///////////////////////////////////////////////////////////////////////////////
|
|
|
|
#define DEFLSATIMER DWORD LsaTimer, LsaTimerTicks
|
|
|
|
#define INITLSATIMER LsaTimer = 0;
|
|
|
|
#define STARTLSATIMER \
|
|
IF_NL_DEBUG( REPL_OBJ_TIME ) { \
|
|
LsaTimerTicks = GetTickCount(); \
|
|
}
|
|
|
|
#define STOPLSATIMER \
|
|
IF_NL_DEBUG( REPL_OBJ_TIME ) { \
|
|
LsaTimer += GetTickCount() - LsaTimerTicks; \
|
|
}
|
|
|
|
|
|
#define PRINTLSATIMER \
|
|
IF_NL_DEBUG( REPL_OBJ_TIME ) { \
|
|
NlPrint((NL_REPL_OBJ_TIME, \
|
|
"\tTime spent in LSA calls = %d msecs\n", \
|
|
LsaTimer )); \
|
|
}
|
|
|
|
///////////////////////////////////////////////////////////////////////////////
|
|
|
|
#define DEFSSIAPITIMER DWORD SsiApiTimer, SsiApiTimerTicks
|
|
|
|
#define INITSSIAPITIMER SsiApiTimer = 0;
|
|
|
|
#define STARTSSIAPITIMER \
|
|
IF_NL_DEBUG( REPL_TIME ) { \
|
|
SsiApiTimerTicks = GetTickCount(); \
|
|
}
|
|
|
|
#define STOPSSIAPITIMER \
|
|
IF_NL_DEBUG( REPL_TIME ) { \
|
|
SsiApiTimer += GetTickCount() - \
|
|
SsiApiTimerTicks; \
|
|
}
|
|
|
|
|
|
#define PRINTSSIAPITIMER \
|
|
IF_NL_DEBUG( REPL_TIME ) { \
|
|
NlPrint((NL_REPL_TIME, \
|
|
"\tTime Taken by this SSIAPI call = %d msecs\n", \
|
|
SsiApiTimer )); \
|
|
}
|
|
|
|
#else // NETLOGONDBG
|
|
|
|
#define DEFPACKTIMER
|
|
#define INITPACKTIMER
|
|
#define STARTPACKTIMER
|
|
#define STOPPACKTIMER
|
|
#define PRINTPACKTIMER
|
|
|
|
#define DEFSAMTIMER
|
|
#define INITSAMTIMER
|
|
#define STARTSAMTIMER
|
|
#define STOPSAMTIMER
|
|
#define PRINTSAMTIMER
|
|
|
|
#define DEFLSATIMER
|
|
#define INITLSATIMER
|
|
#define STARTLSATIMER
|
|
#define STOPLSATIMER
|
|
#define PRINTLSATIMER
|
|
|
|
#define DEFSSIAPITIMER
|
|
#define INITSSIAPITIMER
|
|
#define STARTSSIAPITIMER
|
|
#define STOPSSIAPITIMER
|
|
#define PRINTSSIAPITIMER
|
|
|
|
#endif // NETLOGONDBG
|
|
|
|
//
|
|
// macros used in pack and unpack routines
|
|
//
|
|
|
|
#define SECURITYINFORMATION OWNER_SECURITY_INFORMATION | \
|
|
GROUP_SECURITY_INFORMATION | \
|
|
SACL_SECURITY_INFORMATION | \
|
|
DACL_SECURITY_INFORMATION
|
|
|
|
#define INIT_PLACE_HOLDER(_x) \
|
|
RtlInitString( (PSTRING) &(_x)->DummyString1, NULL ); \
|
|
RtlInitString( (PSTRING) &(_x)->DummyString2, NULL ); \
|
|
RtlInitString( (PSTRING) &(_x)->DummyString3, NULL ); \
|
|
RtlInitString( (PSTRING) &(_x)->DummyString4, NULL ); \
|
|
(_x)->DummyLong1 = 0; \
|
|
(_x)->DummyLong2 = 0; \
|
|
(_x)->DummyLong3 = 0; \
|
|
(_x)->DummyLong4 = 0;
|
|
|
|
#define QUERY_LSA_SECOBJ_INFO(_x) \
|
|
STARTLSATIMER; \
|
|
Status = LsarQuerySecurityObject( \
|
|
(_x), \
|
|
SECURITYINFORMATION, \
|
|
&SecurityDescriptor );\
|
|
STOPLSATIMER; \
|
|
\
|
|
if (!NT_SUCCESS(Status)) { \
|
|
SecurityDescriptor = NULL; \
|
|
goto Cleanup; \
|
|
}
|
|
|
|
#define QUERY_SAM_SECOBJ_INFO(_x) \
|
|
STARTSAMTIMER; \
|
|
Status = SamrQuerySecurityObject( \
|
|
(_x), \
|
|
SECURITYINFORMATION, \
|
|
&SecurityDescriptor );\
|
|
STOPSAMTIMER; \
|
|
\
|
|
if (!NT_SUCCESS(Status)) { \
|
|
SecurityDescriptor = NULL; \
|
|
goto Cleanup; \
|
|
}
|
|
|
|
|
|
#define SET_LSA_SECOBJ_INFO(_x, _y) \
|
|
SecurityDescriptor.Length = (_x)->SecuritySize; \
|
|
SecurityDescriptor.SecurityDescriptor = (_x)->SecurityDescriptor; \
|
|
\
|
|
STARTLSATIMER; \
|
|
Status = LsarSetSecurityObject( \
|
|
(_y), \
|
|
(_x)->SecurityInformation, \
|
|
&SecurityDescriptor ); \
|
|
STOPLSATIMER; \
|
|
\
|
|
if (!NT_SUCCESS(Status)) { \
|
|
NlPrint((NL_CRITICAL, \
|
|
"LsarSetSecurityObject failed (%lx)\n", \
|
|
Status )); \
|
|
goto Cleanup; \
|
|
}
|
|
|
|
#define SET_SAM_SECOBJ_INFO(_x, _y) \
|
|
SecurityDescriptor.Length = (_x)->SecuritySize; \
|
|
SecurityDescriptor.SecurityDescriptor = (_x)->SecurityDescriptor; \
|
|
\
|
|
STARTSAMTIMER; \
|
|
Status = SamrSetSecurityObject( \
|
|
(_y), \
|
|
(_x)->SecurityInformation, \
|
|
&SecurityDescriptor ); \
|
|
STOPSAMTIMER; \
|
|
\
|
|
if (!NT_SUCCESS(Status)) { \
|
|
NlPrint((NL_CRITICAL, \
|
|
"SamrSetSecurityObject failed (%lx)\n", \
|
|
Status )); \
|
|
goto Cleanup; \
|
|
}
|
|
|
|
|
|
#define DELTA_SECOBJ_INFO(_x) \
|
|
(_x)->SecurityInformation = SECURITYINFORMATION;\
|
|
(_x)->SecuritySize = SecurityDescriptor->Length;\
|
|
\
|
|
*BufferSize += NlCopyData( \
|
|
(LPBYTE *)&SecurityDescriptor->SecurityDescriptor, \
|
|
(LPBYTE *)&(_x)->SecurityDescriptor, \
|
|
SecurityDescriptor->Length );
|
|
|
|
//
|
|
// Values of WorkstationFlags field of NETLOGON_WORKSTATION_INFO
|
|
//
|
|
|
|
#define NL_NEED_BIDIRECTIONAL_TRUSTS 0x0001 // Client wants inbound trusts, too
|
|
#define NL_CLIENT_HANDLES_SPN 0x0002 // Client handles updating SPN
|
|
|
|
#define NL_GET_DOMAIN_INFO_SUPPORTED 0x0003 // Mask of all bits supported
|
|
|
|
//
|
|
// Structure describing failed user logon.
|
|
// We keep a small cache of failed use logons
|
|
// with bad password.
|
|
//
|
|
|
|
typedef struct _NL_FAILED_USER_LOGON {
|
|
|
|
//
|
|
// Link to next entry in the list of failed forwarded logons
|
|
// (Serialized by DomainInfo->DomTrustListCritSect)
|
|
//
|
|
LIST_ENTRY FuNext;
|
|
|
|
//
|
|
// Last time we forwarded the logon to the PDC
|
|
//
|
|
ULONG FuLastTimeSentToPdc;
|
|
|
|
//
|
|
// Count of failed local logons
|
|
//
|
|
ULONG FuBadLogonCount;
|
|
|
|
//
|
|
// The user name (must be lat field in struct)
|
|
//
|
|
WCHAR FuUserName[ANYSIZE_ARRAY];
|
|
|
|
} NL_FAILED_USER_LOGON, *PNL_FAILED_USER_LOGON;
|
|
|
|
//
|
|
// The number of failed user logons we keep per domain.
|
|
// (The maximum number of negative cache entries we keep
|
|
// before throwing the least recently used one.)
|
|
//
|
|
#define NL_MAX_FAILED_USER_LOGONS 50
|
|
|
|
//
|
|
// Number of failed logons for a given user after which we refrain from
|
|
// forwarding subsequent user logons to the PDC for some period of time
|
|
//
|
|
#define NL_FAILED_USER_MAX_LOGON_COUNT 10
|
|
|
|
//
|
|
// Time period during which we refrain from forwarding a given
|
|
// user logon to the PDC once number of failed user logons
|
|
// reaches the above limit
|
|
//
|
|
#define NL_FAILED_USER_FORWARD_LOGON_TIMEOUT 300000 // 5 minutes
|
|
|
|
|
|
///////////////////////////////////////////////////////////////////////////////
|
|
//
|
|
// Procedure forwards.
|
|
//
|
|
///////////////////////////////////////////////////////////////////////////////
|
|
|
|
#ifdef _DC_NETLOGON
|
|
//
|
|
// srvsess.c
|
|
//
|
|
|
|
|
|
NET_API_STATUS
|
|
NlTransportOpen(
|
|
VOID
|
|
);
|
|
|
|
BOOL
|
|
NlTransportAddTransportName(
|
|
IN LPWSTR TransportName,
|
|
OUT PBOOLEAN IpTransportChanged
|
|
);
|
|
|
|
BOOLEAN
|
|
NlTransportDisableTransportName(
|
|
IN LPWSTR TransportName
|
|
);
|
|
|
|
PNL_TRANSPORT
|
|
NlTransportLookupTransportName(
|
|
IN LPWSTR TransportName
|
|
);
|
|
|
|
PNL_TRANSPORT
|
|
NlTransportLookup(
|
|
IN LPWSTR ClientName
|
|
);
|
|
|
|
VOID
|
|
NlTransportClose(
|
|
VOID
|
|
);
|
|
|
|
ULONG
|
|
NlTransportGetIpAddresses(
|
|
IN ULONG HeaderSize,
|
|
IN BOOLEAN ReturnOffsets,
|
|
OUT PSOCKET_ADDRESS *RetIpAddresses,
|
|
OUT PULONG RetIpAddressSize
|
|
);
|
|
|
|
BOOLEAN
|
|
NlHandleWsaPnp(
|
|
VOID
|
|
);
|
|
|
|
|
|
PSERVER_SESSION
|
|
NlFindNamedServerSession(
|
|
IN PDOMAIN_INFO DomainInfo,
|
|
IN LPWSTR ComputerName
|
|
);
|
|
|
|
VOID
|
|
NlSetServerSessionAttributesByTdoName(
|
|
IN PDOMAIN_INFO DomainInfo,
|
|
IN PUNICODE_STRING TdoName,
|
|
IN ULONG TrustAttributes
|
|
);
|
|
|
|
NTSTATUS
|
|
NlInsertServerSession(
|
|
IN PDOMAIN_INFO DomainInfo,
|
|
IN LPWSTR ComputerName,
|
|
IN LPWSTR TdoName OPTIONAL,
|
|
IN NETLOGON_SECURE_CHANNEL_TYPE SecureChannelType,
|
|
IN DWORD Flags,
|
|
IN ULONG AccountRid,
|
|
IN ULONG NegotiatedFlags,
|
|
IN PNL_TRANSPORT Transport OPTIONAL,
|
|
IN PNETLOGON_SESSION_KEY SessionKey OPTIONAL,
|
|
IN PNETLOGON_CREDENTIAL AuthenticationSeed OPTIONAL
|
|
);
|
|
|
|
NTSTATUS
|
|
NlCheckServerSession(
|
|
IN ULONG ServerRid,
|
|
IN PUNICODE_STRING AccountName OPTIONAL,
|
|
IN NETLOGON_SECURE_CHANNEL_TYPE SecureChannelType
|
|
);
|
|
|
|
NTSTATUS
|
|
NlBuildNtBdcList(
|
|
PDOMAIN_INFO DomainInfo
|
|
);
|
|
|
|
BOOLEAN
|
|
NlFreeServerSession(
|
|
IN PSERVER_SESSION ServerSession
|
|
);
|
|
|
|
VOID
|
|
NlUnlockServerSession(
|
|
IN PSERVER_SESSION ServerSession
|
|
);
|
|
|
|
VOID
|
|
NlFreeNamedServerSession(
|
|
IN PDOMAIN_INFO DomainInfo,
|
|
IN LPWSTR ComputerName,
|
|
IN BOOLEAN AccountBeingDeleted
|
|
);
|
|
|
|
VOID
|
|
NlFreeServerSessionForAccount(
|
|
IN PUNICODE_STRING AccountName
|
|
);
|
|
|
|
VOID
|
|
NlServerSessionScavenger(
|
|
IN PDOMAIN_INFO DomainInfo
|
|
);
|
|
#endif // _DC_NETLOGON
|
|
|
|
|
|
//
|
|
// ssiauth.c
|
|
//
|
|
|
|
|
|
NTSTATUS
|
|
NlMakeSessionKey(
|
|
IN ULONG NegotiatedFlags,
|
|
IN PNT_OWF_PASSWORD CryptKey,
|
|
IN PNETLOGON_CREDENTIAL ClientChallenge,
|
|
IN PNETLOGON_CREDENTIAL ServerChallenge,
|
|
OUT PNETLOGON_SESSION_KEY SessionKey
|
|
);
|
|
|
|
#ifdef _DC_NETLOGON
|
|
NTSTATUS
|
|
NlCheckAuthenticator(
|
|
IN OUT PSERVER_SESSION ServerServerSession,
|
|
IN PNETLOGON_AUTHENTICATOR Authenticator,
|
|
OUT PNETLOGON_AUTHENTICATOR ReturnAuthenticator
|
|
);
|
|
#endif _DC_NETLOGON
|
|
|
|
VOID
|
|
NlComputeCredentials(
|
|
IN PNETLOGON_CREDENTIAL Challenge,
|
|
OUT PNETLOGON_CREDENTIAL Credential,
|
|
IN PNETLOGON_SESSION_KEY SessionKey
|
|
);
|
|
|
|
VOID
|
|
NlComputeChallenge(
|
|
OUT PNETLOGON_CREDENTIAL Challenge
|
|
);
|
|
|
|
VOID
|
|
NlBuildAuthenticator(
|
|
IN OUT PNETLOGON_CREDENTIAL AuthenticationSeed,
|
|
IN PNETLOGON_SESSION_KEY SessionKey,
|
|
OUT PNETLOGON_AUTHENTICATOR Authenticator
|
|
);
|
|
|
|
BOOL
|
|
NlUpdateSeed(
|
|
IN OUT PNETLOGON_CREDENTIAL AuthenticationSeed,
|
|
IN PNETLOGON_CREDENTIAL TargetCredential,
|
|
IN PNETLOGON_SESSION_KEY SessionKey
|
|
);
|
|
|
|
VOID
|
|
NlEncryptRC4(
|
|
IN OUT PVOID Buffer,
|
|
IN ULONG BufferSize,
|
|
IN PSESSION_INFO SessionInfo
|
|
);
|
|
|
|
VOID
|
|
NlDecryptRC4(
|
|
IN OUT PVOID Buffer,
|
|
IN ULONG BufferSize,
|
|
IN PSESSION_INFO SessionInfo
|
|
);
|
|
|
|
VOID
|
|
NlPrintTrustedDomain(
|
|
PDS_DOMAIN_TRUSTSW TrustedDomain,
|
|
IN BOOLEAN VerbosePrint,
|
|
IN BOOLEAN AnsiOutput
|
|
);
|
|
|
|
//
|
|
// trustutl.c
|
|
//
|
|
|
|
//
|
|
// Extended trust information passed via I_NetLogonGetDomainInfo
|
|
//
|
|
typedef struct _NL_TRUST_EXTENSION {
|
|
ULONG Flags;
|
|
ULONG ParentIndex;
|
|
ULONG TrustType;
|
|
ULONG TrustAttributes;
|
|
} NL_TRUST_EXTENSION, *PNL_TRUST_EXTENSION;
|
|
|
|
PCLIENT_SESSION
|
|
NlFindNamedClientSession(
|
|
IN PDOMAIN_INFO DomainInfo,
|
|
IN PUNICODE_STRING DomainName,
|
|
IN ULONG Flags,
|
|
OUT PBOOLEAN TransitiveUsed OPTIONAL
|
|
);
|
|
|
|
|
|
PCLIENT_SESSION
|
|
NlAllocateClientSession(
|
|
IN PDOMAIN_INFO DomainInfo,
|
|
IN PUNICODE_STRING DomainName,
|
|
IN PUNICODE_STRING DnsDomainName OPTIONAL,
|
|
IN PSID DomainId,
|
|
IN GUID *DomainGuid OPTIONAL,
|
|
IN ULONG Flags,
|
|
IN NETLOGON_SECURE_CHANNEL_TYPE SecureChannelType,
|
|
IN ULONG TrustAttributes
|
|
);
|
|
|
|
VOID
|
|
NlFreeClientSession(
|
|
IN PCLIENT_SESSION ClientSession
|
|
);
|
|
|
|
VOID
|
|
NlRefClientSession(
|
|
IN PCLIENT_SESSION ClientSession
|
|
);
|
|
|
|
VOID
|
|
NlUnrefClientSession(
|
|
IN PCLIENT_SESSION ClientSession
|
|
);
|
|
|
|
PCLIENT_API
|
|
NlAllocateClientApi(
|
|
IN PCLIENT_SESSION ClientSession,
|
|
IN DWORD Timeout
|
|
);
|
|
|
|
VOID
|
|
NlFreeClientApi(
|
|
IN PCLIENT_SESSION ClientSession,
|
|
IN PCLIENT_API ClientApi
|
|
);
|
|
|
|
BOOL
|
|
NlTimeoutSetWriterClientSession(
|
|
IN PCLIENT_SESSION ClientSession,
|
|
IN DWORD Timeout
|
|
);
|
|
|
|
VOID
|
|
NlResetWriterClientSession(
|
|
IN PCLIENT_SESSION ClientSession
|
|
);
|
|
|
|
NTSTATUS
|
|
NlCaptureServerClientSession (
|
|
IN PCLIENT_SESSION ClientSession,
|
|
OUT LPWSTR *UncServerName,
|
|
OUT DWORD *DiscoveryFlags OPTIONAL
|
|
);
|
|
|
|
NTSTATUS
|
|
NlCaptureNetbiosServerClientSession (
|
|
IN PCLIENT_SESSION ClientSession,
|
|
OUT WCHAR NetbiosUncServerName[UNCLEN+1]
|
|
);
|
|
|
|
BOOL
|
|
NlSetNamesClientSession(
|
|
IN PCLIENT_SESSION ClientSession,
|
|
IN PUNICODE_STRING DomainName OPTIONAL,
|
|
IN PUNICODE_STRING DnsDomainName OPTIONAL,
|
|
IN PSID DomainId OPTIONAL,
|
|
IN GUID *DomainGuid OPTIONAL
|
|
);
|
|
|
|
VOID
|
|
NlSetStatusClientSession(
|
|
IN PCLIENT_SESSION ClientSession,
|
|
IN NTSTATUS CsConnectionStatus
|
|
);
|
|
|
|
#ifdef _DC_NETLOGON
|
|
NTSTATUS
|
|
NlInitTrustList(
|
|
IN PDOMAIN_INFO DomainInfo
|
|
);
|
|
|
|
VOID
|
|
NlPickTrustedDcForEntireTrustList(
|
|
IN PDOMAIN_INFO DomainInfo,
|
|
IN BOOLEAN OnlyDoNewTrusts
|
|
);
|
|
#endif // _DC_NETLOGON
|
|
|
|
NTSTATUS
|
|
NlUpdatePrimaryDomainInfo(
|
|
IN LSAPR_HANDLE PolicyHandle,
|
|
IN PUNICODE_STRING NetbiosDomainName,
|
|
IN PUNICODE_STRING DnsDomainName,
|
|
IN PUNICODE_STRING DnsForestName,
|
|
IN GUID *DomainGuid
|
|
);
|
|
|
|
VOID
|
|
NlSetForestTrustList (
|
|
IN PDOMAIN_INFO DomainInfo,
|
|
IN OUT PDS_DOMAIN_TRUSTSW *ForestTrustList,
|
|
IN ULONG ForestTrustListSize,
|
|
IN ULONG ForestTrustListCount
|
|
);
|
|
|
|
NET_API_STATUS
|
|
NlReadRegTrustedDomainList (
|
|
IN PDOMAIN_INFO DomainInfo,
|
|
IN BOOL DeleteName,
|
|
OUT PDS_DOMAIN_TRUSTSW *RetForestTrustList,
|
|
OUT PULONG RetForestTrustListSize,
|
|
OUT PULONG RetForestTrustListCount
|
|
);
|
|
|
|
NET_API_STATUS
|
|
NlReadFileTrustedDomainList (
|
|
IN PDOMAIN_INFO DomainInfo,
|
|
IN LPWSTR FileSuffix,
|
|
IN BOOL DeleteName,
|
|
IN ULONG Flags,
|
|
OUT PDS_DOMAIN_TRUSTSW *RetForestTrustList,
|
|
OUT PULONG RetForestTrustListSize,
|
|
OUT PULONG RetForestTrustListCount
|
|
);
|
|
|
|
NET_API_STATUS
|
|
NlpEnumerateDomainTrusts (
|
|
IN PDOMAIN_INFO DomainInfo,
|
|
IN ULONG Flags,
|
|
OUT PULONG RetForestTrustListCount,
|
|
OUT PDS_DOMAIN_TRUSTSW *RetForestTrustList
|
|
);
|
|
|
|
BOOLEAN
|
|
NlIsDomainTrusted (
|
|
IN PUNICODE_STRING DomainName
|
|
);
|
|
|
|
NET_API_STATUS
|
|
NlGetTrustedDomainNames (
|
|
IN PDOMAIN_INFO DomainInfo,
|
|
IN LPWSTR DomainName,
|
|
OUT LPWSTR *TrustedDnsDomainName,
|
|
OUT LPWSTR *TrustedNetbiosDomainName
|
|
);
|
|
|
|
typedef enum _DISCOVERY_TYPE {
|
|
#ifdef _DC_NETLOGON
|
|
DT_DeadDomain,
|
|
DT_Asynchronous,
|
|
#endif // _DC_NETLOGON
|
|
DT_Synchronous
|
|
} DISCOVERY_TYPE;
|
|
|
|
NET_API_STATUS
|
|
NlSetServerClientSession(
|
|
IN OUT PCLIENT_SESSION ClientSession,
|
|
IN PNL_DC_CACHE_ENTRY NlDcCacheEntry,
|
|
IN BOOL DcDiscoveredWithAccount,
|
|
IN BOOL SessionRefresh
|
|
);
|
|
|
|
NTSTATUS
|
|
NlDiscoverDc (
|
|
IN OUT PCLIENT_SESSION ClientSession,
|
|
IN DISCOVERY_TYPE DiscoveryType,
|
|
IN BOOLEAN InDiscoveryThread,
|
|
IN BOOLEAN DiscoverWithAccount
|
|
);
|
|
|
|
VOID
|
|
NlFlushCacheOnPnp (
|
|
VOID
|
|
);
|
|
|
|
BOOL
|
|
NlReadSamLogonResponse (
|
|
IN HANDLE ResponseMailslotHandle,
|
|
IN LPWSTR AccountName,
|
|
OUT LPDWORD Opcode,
|
|
OUT LPWSTR *LogonServer,
|
|
OUT PNL_DC_CACHE_ENTRY *NlDcCacheEntry OPTIONAL
|
|
);
|
|
|
|
#ifdef _DC_NETLOGON
|
|
NTSTATUS
|
|
NlPickDomainWithAccount (
|
|
IN PDOMAIN_INFO DomainInfo,
|
|
IN PUNICODE_STRING InAccountNameString,
|
|
IN PUNICODE_STRING InDomainNameString OPTIONAL,
|
|
IN ULONG AllowableAccountControlBits,
|
|
IN NETLOGON_SECURE_CHANNEL_TYPE SecureChannelType,
|
|
IN BOOLEAN ExpediteToRoot,
|
|
IN BOOLEAN CrossForestHop,
|
|
OUT LPWSTR *RealSamAccountName,
|
|
OUT LPWSTR *RealDomainName,
|
|
OUT PULONG RealExtraFlags
|
|
);
|
|
#endif // _DC_NETLOGON
|
|
|
|
#ifdef _NETLOGON_SERVER
|
|
NTSTATUS
|
|
NlGetConfigurationName(
|
|
DWORD which,
|
|
DWORD *pcbName,
|
|
DSNAME *pName );
|
|
|
|
NTSTATUS
|
|
NlGetConfigurationNamesList(
|
|
DWORD which,
|
|
DWORD dwFlags,
|
|
ULONG * pcbNames,
|
|
DSNAME ** padsNames );
|
|
|
|
NTSTATUS
|
|
NlGetDnsRootAlias(
|
|
WCHAR * pDnsRootAlias,
|
|
WCHAR * pRootDnsRootAlias);
|
|
|
|
DWORD
|
|
NlDsGetServersAndSitesForNetLogon(
|
|
WCHAR * pNDNC,
|
|
SERVERSITEPAIR ** ppaRes);
|
|
|
|
VOID
|
|
NlDsFreeServersAndSitesForNetLogon(
|
|
SERVERSITEPAIR * paServerSites
|
|
);
|
|
|
|
NTSTATUS
|
|
NlCrackSingleName(
|
|
DWORD formatOffered, // one of DS_NAME_FORMAT in ntdsapi.h
|
|
BOOL fPerformAtGC, // whether to go to GC or not
|
|
WCHAR *pNameIn, // name to crack
|
|
DWORD formatDesired, // one of DS_NAME_FORMAT in ntdsapi.h
|
|
DWORD *pccDnsDomain, // char count of following argument
|
|
WCHAR *pDnsDomain, // buffer for DNS domain name
|
|
DWORD *pccNameOut, // char count of following argument
|
|
WCHAR *pNameOut, // buffer for formatted name
|
|
DWORD *pErr); // one of DS_NAME_ERROR in ntdsapi.h
|
|
|
|
|
|
BOOL
|
|
NlIsMangledRDNExternal(
|
|
WCHAR * pszRDN,
|
|
ULONG cchRDN,
|
|
PULONG pcchUnMangled OPTIONAL
|
|
);
|
|
#endif // _NETLOGON_SERVER
|
|
|
|
//
|
|
// Macros to wrap all API calls over the secure channel.
|
|
//
|
|
// Here's a sample calling sequence"
|
|
//
|
|
// NL_API_START( Status, ClientSession, TRUE ) {
|
|
//
|
|
// Status = /* Call the secure channel API */
|
|
//
|
|
// } NL_API_ELSE ( Status, ClientSession, FALSE ) {
|
|
//
|
|
// /* Do whatever you'd do if the secure channel was timed out */
|
|
//
|
|
// } NL_API_END;
|
|
|
|
|
|
// Loop through each of the appropriate RPC bindings for this ClientSession.
|
|
// Avoid the real API call altogether if we can't bind.
|
|
#define NL_API_START_EX( _NtStatus, _ClientSession, _QuickApiCall, _ClientApi ) \
|
|
{ \
|
|
ULONG _BindingLoopCount; \
|
|
\
|
|
_NtStatus = RPC_NT_PROTSEQ_NOT_SUPPORTED; \
|
|
for ( _BindingLoopCount=0; _BindingLoopCount<2; _BindingLoopCount++ ) { \
|
|
_NtStatus = NlStartApiClientSession( (_ClientSession), (_QuickApiCall), _BindingLoopCount, _NtStatus, _ClientApi ); \
|
|
\
|
|
if ( NT_SUCCESS(_NtStatus) ) {
|
|
|
|
#define NL_API_START( _NtStatus, _ClientSession, _QuickApiCall ) \
|
|
NL_API_START_EX( _NtStatus, _ClientSession, _QuickApiCall, &(_ClientSession)->CsClientApi[0] )
|
|
|
|
|
|
|
|
// If the real API indicates the endpoint isn't registered,
|
|
// fall back to another binding.
|
|
//
|
|
// EPT_NT_NOT_REGISTERED: from NlStartApiClientSession
|
|
// RPC_NT_SERVER_UNAVAILABLE: From server if TCP not configured at all
|
|
// RPC_NT_PROTSEQ_NOT_SUPPORTED: From client or server if TCP/IP not supported
|
|
//
|
|
|
|
#define NL_API_ELSE_EX( _NtStatus, _ClientSession, _OkToKillSession, _AmWriter, _ClientApi ) \
|
|
\
|
|
} \
|
|
\
|
|
if ( _NtStatus == EPT_NT_NOT_REGISTERED || \
|
|
_NtStatus == RPC_NT_SERVER_UNAVAILABLE || \
|
|
_NtStatus == RPC_NT_PROTSEQ_NOT_SUPPORTED ) { \
|
|
continue; \
|
|
} \
|
|
\
|
|
break; \
|
|
\
|
|
} \
|
|
\
|
|
if ( !NlFinishApiClientSession( (_ClientSession), (_OkToKillSession), (_AmWriter), (_ClientApi) ) ) {
|
|
|
|
#define NL_API_ELSE( _NtStatus, _ClientSession, _OkToKillSession ) \
|
|
NL_API_ELSE_EX( _NtStatus, _ClientSession, _OkToKillSession, TRUE, &(_ClientSession)->CsClientApi[0] ) \
|
|
|
|
|
|
|
|
#define NL_API_END \
|
|
} \
|
|
} \
|
|
|
|
NTSTATUS
|
|
NlStartApiClientSession(
|
|
IN PCLIENT_SESSION ClientSession,
|
|
IN BOOLEAN QuickApiCall,
|
|
IN ULONG RetryIndex,
|
|
IN NTSTATUS DefaultStatus,
|
|
IN PCLIENT_API ClientApi
|
|
);
|
|
|
|
BOOLEAN
|
|
NlFinishApiClientSession(
|
|
IN PCLIENT_SESSION ClientSession,
|
|
IN BOOLEAN OkToKillSession,
|
|
IN BOOLEAN AmWriter,
|
|
IN PCLIENT_API ClientApi
|
|
);
|
|
|
|
VOID
|
|
NlTimeoutApiClientSession(
|
|
IN PDOMAIN_INFO DomainInfo
|
|
);
|
|
|
|
typedef
|
|
DWORD
|
|
(*PDsBindW)(
|
|
LPCWSTR DomainControllerName, // in, optional
|
|
LPCWSTR DnsDomainName, // in, optional
|
|
HANDLE *phDS);
|
|
|
|
typedef
|
|
DWORD
|
|
(*PDsUnBindW)(
|
|
HANDLE *phDS); // in
|
|
|
|
typedef NTSTATUS
|
|
(*PCrackSingleName)(
|
|
DWORD formatOffered,
|
|
DWORD dwFlags,
|
|
WCHAR *pNameIn,
|
|
DWORD formatDesired,
|
|
DWORD *pccDnsDomain,
|
|
WCHAR *pDnsDomain,
|
|
DWORD *pccNameOut,
|
|
WCHAR *pNameOut,
|
|
DWORD *pErr);
|
|
|
|
typedef NTSTATUS
|
|
(*PGetConfigurationName)(
|
|
DWORD which,
|
|
DWORD *pcbName,
|
|
DSNAME *pName);
|
|
|
|
typedef NTSTATUS
|
|
(*PGetConfigurationNamesList)(
|
|
DWORD which,
|
|
DWORD dwFlags,
|
|
ULONG * pcbNames,
|
|
DSNAME ** padsNames);
|
|
|
|
typedef NTSTATUS
|
|
(*PGetDnsRootAlias)(
|
|
WCHAR * pDnsRootAlias,
|
|
WCHAR * pRootDnsRootAlias);
|
|
|
|
typedef DWORD
|
|
(*PDsGetServersAndSitesForNetLogon)(
|
|
WCHAR * pNDNC,
|
|
SERVERSITEPAIR ** ppaRes);
|
|
|
|
typedef VOID
|
|
(*PDsFreeServersAndSitesForNetLogon)(
|
|
SERVERSITEPAIR * paServerSites);
|
|
|
|
typedef BOOL
|
|
(*PIsMangledRDNExternal)(
|
|
WCHAR * pszRDN,
|
|
ULONG cchRDN,
|
|
PULONG pcchUnMangled OPTIONAL );
|
|
|
|
NTSTATUS
|
|
NlLoadNtdsaDll(
|
|
VOID
|
|
);
|
|
|
|
//
|
|
// secpkg.c
|
|
//
|
|
|
|
PVOID
|
|
NlBuildAuthData(
|
|
PCLIENT_SESSION ClientSession
|
|
);
|
|
|
|
BOOL
|
|
NlEqualClientSessionKey(
|
|
PCLIENT_SESSION ClientSession,
|
|
PVOID ClientContext
|
|
);
|
|
|
|
BOOL
|
|
NlStartNetlogonCall(
|
|
VOID
|
|
);
|
|
|
|
VOID
|
|
NlEndNetlogonCall(
|
|
VOID
|
|
);
|
|
|
|
//
|
|
// ssiapi.c
|
|
//
|
|
|
|
NTSTATUS
|
|
NlGetAnyDCName (
|
|
IN PCLIENT_SESSION ClientSession,
|
|
IN BOOL RequireIp,
|
|
IN BOOL DoDiscoveryWithAccount,
|
|
OUT PNL_DC_CACHE_ENTRY *NlDcCacheEntry,
|
|
OUT PBOOLEAN DcRediscovered
|
|
);
|
|
|
|
NET_API_STATUS
|
|
NlSetDsSPN(
|
|
IN BOOLEAN Synchronous,
|
|
IN BOOLEAN SetSpn,
|
|
IN BOOLEAN SetDnsHostName,
|
|
IN PDOMAIN_INFO DomainInfo,
|
|
IN LPWSTR UncDcName,
|
|
IN LPWSTR ComputerName,
|
|
IN LPWSTR DnsHostName
|
|
);
|
|
|
|
NET_API_STATUS
|
|
NlPingDcName (
|
|
IN PCLIENT_SESSION ClientSession,
|
|
IN ULONG DcNamePingFlags,
|
|
IN BOOL CachePingedDc,
|
|
IN BOOL RequireIp,
|
|
IN BOOL DoPingWithAccount,
|
|
IN BOOL RefreshClientSession,
|
|
IN LPWSTR DcName OPTIONAL,
|
|
OUT PNL_DC_CACHE_ENTRY *NlDcCacheEntry OPTIONAL
|
|
);
|
|
|
|
VOID
|
|
NlFreePingContext(
|
|
IN PNL_GETDC_CONTEXT PingContext
|
|
);
|
|
|
|
VOID
|
|
NlScavengeOldChallenges(
|
|
VOID
|
|
);
|
|
|
|
VOID
|
|
NlRemoveChallengeForClient(
|
|
IN LPWSTR ClientName OPTIONAL,
|
|
IN LPWSTR AccountName OPTIONAL,
|
|
IN BOOL InterdomainTrustAccount
|
|
);
|
|
|
|
//
|
|
// logonapi.c
|
|
//
|
|
|
|
NTSTATUS
|
|
NlpUserValidateHigher (
|
|
IN PCLIENT_SESSION ClientSession,
|
|
IN BOOLEAN DoingIndirectTrust,
|
|
IN NETLOGON_LOGON_INFO_CLASS LogonLevel,
|
|
IN LPBYTE LogonInformation,
|
|
IN NETLOGON_VALIDATION_INFO_CLASS ValidationLevel,
|
|
OUT LPBYTE * ValidationInformation,
|
|
OUT PBOOLEAN Authoritative,
|
|
IN OUT PULONG ExtraFlags
|
|
);
|
|
|
|
VOID
|
|
NlScavengeOldFailedLogons(
|
|
IN PDOMAIN_INFO DomainInfo
|
|
);
|
|
|
|
VOID
|
|
DsFlagsToString(
|
|
IN DWORD Flags,
|
|
OUT LPSTR Buffer
|
|
);
|
|
|
|
NET_API_STATUS
|
|
NlInitializeAuthzRM(
|
|
VOID
|
|
);
|
|
|
|
VOID
|
|
NlFreeAuthzRm(
|
|
VOID
|
|
);
|
|
|
|
//
|
|
// ftinfo.c
|
|
//
|
|
|
|
NTSTATUS
|
|
NlpGetForestTrustInfoHigher(
|
|
IN PCLIENT_SESSION ClientSession,
|
|
IN DWORD Flags,
|
|
IN BOOLEAN ImpersonateCaller,
|
|
IN BOOLEAN SessionAlreadyAuthenticated,
|
|
OUT PLSA_FOREST_TRUST_INFORMATION *ForestTrustInfo
|
|
);
|
|
|