archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
0 Tags
2.0 GiB
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
windows-xp/Source/XPSP1/NT/ds/security/base/lsa/server/lsasrvp.h

551 lines
13 KiB
Raw Permalink Normal View History

Add source files
4 years ago
  1. /*++
  3. Copyright (c) 1991 Microsoft Corporation
  5. Module Name:
  7. lsasrvp.h
  9. Abstract:
  11. LSA Subsystem - Private Includes for Server Side
  13. This file contains includes that are global to the Lsa Server Side
  15. Author:
  17. Scott Birrell (ScottBi) January 22, 1992
  19. Environment:
  21. Revision History:
  23. --*/
  25. #ifndef _LSASRVP_
  26. #define _LSASRVP_
  29. //
  30. // The LSA Server Is UNICODE Based. Define UNICODE before global includes
  31. // so that it is defined before the TEXT macro.
  32. //
  34. #ifndef UNICODE
  36. #define UNICODE
  38. #endif // UNICODE
  40. //
  41. // Set the EXTERN macro so only one file allocates all the globals.
  42. //
  44. #ifdef ALLOC_EXTERN
  45. #define EXTERN
  46. #else
  47. #define EXTERN extern
  48. #endif // ALLOC_EXTERN
  50. #include <lsacomp.h>
  51. #include <wincred.h>
  52. #include <alloca.h>
  53. #include <malloc.h>
  56. //
  57. // The following come from \nt\private\inc
  58. #include <align.h>
  59. #include <samrpc.h>
  60. #include <samsrv.h>
  61. #include <samisrv.h>
  62. #include <lsarpc.h>
  63. #include <lsaisrv.h>
  64. #include <nlrepl.h>
  65. #include <seposix.h>
  67. //
  68. // The following all come from \nt\private\lsa\server
  69. //
  71. #include "lsasrvmm.h"
  72. #include "au.h"
  73. #include "db.h"
  74. #include "adt.h"
  75. #include "dblookup.h"
  76. #include "lsads.h"
  77. #include "lsads.h"
  78. #include "lsastr.h"
  79. #include "lsawow.h"
  82. //////////////////////////////////////////////////////////////////////
  83. // //
  84. // The following define controls the diagnostic capabilities that //
  85. // are built into LSA. //
  86. // //
  87. //////////////////////////////////////////////////////////////////////
  89. #if DBG
  90. #define LSAP_DIAGNOSTICS 1
  91. #endif // DBG
  94. //
  95. // These definitions are useful diagnostics aids
  96. //
  98. #if LSAP_DIAGNOSTICS
  100. //
  101. // Diagnostics included in build
  102. //
  104. //
  105. // Test for diagnostics enabled
  106. //
  108. #define IF_LSAP_GLOBAL( FlagName ) \
  109. if (LsapGlobalFlag & (LSAP_DIAG_##FlagName))
  111. //
  112. // Diagnostics print statement
  113. //
  115. #define LsapDiagPrint( FlagName, _Text_ ) \
  116. IF_LSAP_GLOBAL( FlagName ) \
  117. DbgPrint _Text_
  120. //
  121. // Make sure no thread leaves with any open state
  122. //
  124. #define LSAP_TRACK_DBLOCK
  126. #ifdef LSAP_TRACK_DBLOCK
  127. #define LsarpReturnCheckSetup() \
  128. ULONG __lsarpthreadusecountstart; \
  129. {\
  130. PLSADS_PER_THREAD_INFO __lsarpCurrentThreadInfo = (PLSADS_PER_THREAD_INFO) LsapQueryThreadInfo() ;\
  131. if (__lsarpCurrentThreadInfo!=NULL)\
  132. __lsarpthreadusecountstart = __lsarpCurrentThreadInfo->UseCount;\
  133. else \
  134. __lsarpthreadusecountstart =0;\
  135. }
  137. #define LsarpReturnPrologue() \
  138. {\
  139. PLSADS_PER_THREAD_INFO __lsarpCurrentThreadInfoEnd = (PLSADS_PER_THREAD_INFO)LsapQueryThreadInfo() ;\
  140. ULONG __lsarpthreadusecountend ; \
  141. if (__lsarpCurrentThreadInfoEnd!=NULL)\
  142. __lsarpthreadusecountend = __lsarpCurrentThreadInfoEnd->UseCount;\
  143. else\
  144. __lsarpthreadusecountend = 0;\
  145. ASSERT (__lsarpthreadusecountstart==__lsarpthreadusecountend);\
  146. }
  148. #else
  150. #define LsarpReturnPrologue()
  151. #define LsarpReturnCheckSetup()
  153. #endif
  157. #else
  159. //
  160. // No diagnostics included in build
  161. //
  163. //
  164. // Test for diagnostics enabled
  165. //
  167. #define IF_LSAP_GLOBAL( FlagName ) if (FALSE)
  170. //
  171. // Diagnostics print statement (nothing)
  172. //
  174. #define LsapDiagPrint( FlagName, Text ) ;
  176. #define LsarpReturnPrologue()
  177. #define LsarpReturnCheckSetup()
  179. #endif // LSAP_DIAGNOSTICS
  182. //
  183. // The following flags enable or disable various diagnostic
  184. // capabilities within LSA. These flags are set in
  185. // LsapGlobalFlag
  186. //
  187. // DB_LOOKUP_WORK_LIST - Display activities related to sid/name lookups.
  188. //
  189. // AU_TRACK_THREADS - Display dynamic AU thread creation / deletion
  190. // information.
  191. //
  192. // AU_MESSAGES - Display information related to the processing of
  193. // Authentication messages.
  194. //
  195. // AU_LOGON_SESSIONS - Display information about the creation/deletion
  196. // of logon sessions within LSA.
  197. //
  198. // DB_INIT - Display information about the initialization of LSA.
  199. //
  201. #define LSAP_DIAG_DB_LOOKUP_WORK_LIST ((ULONG) 0x00000001L)
  202. #define LSAP_DIAG_AU_TRACK_THREADS ((ULONG) 0x00000002L)
  203. #define LSAP_DIAG_AU_MESSAGES ((ULONG) 0x00000004L)
  204. #define LSAP_DIAG_AU_LOGON_SESSIONS ((ULONG) 0x00000008L)
  205. #define LSAP_DIAG_DB_INIT ((ULONG) 0x00000010L)
  211. //////////////////////////////////////////////////////////////////////
  212. // //
  213. // Other defines //
  214. // //
  215. //////////////////////////////////////////////////////////////////////
  218. //
  219. // Heap available for general use throughout LSA
  220. //
  222. EXTERN PVOID LsapHeap;
  224. //
  225. // LSA Private Global State Data Structure
  226. //
  228. typedef struct _LSAP_STATE {
  230. HANDLE LsaCommandPortHandle;
  231. HANDLE RmCommandPortHandle;
  232. HANDLE AuditLogFileHandle;
  233. HANDLE AuditLogSectionHandle;
  234. PVOID AuditLogBaseAddress;
  235. ULONG AuditLogViewSize;
  236. LARGE_INTEGER AuditLogInitSize;
  237. LARGE_INTEGER AuditLogMaximumSizeOfSection;
  238. OBJECT_ATTRIBUTES AuditLogObjectAttributes;
  239. STRING AuditLogNameString;
  240. GENERIC_MAPPING GenericMapping;
  241. UNICODE_STRING SubsystemName;
  242. PRIVILEGE_SET Privileges;
  243. BOOLEAN GenerateOnClose;
  244. BOOLEAN SystemShutdownPending;
  246. } LSAP_STATE, *PLSAP_STATE;
  248. extern LSAP_STATE LsapState;
  250. extern BOOLEAN LsapInitialized;
  252. //
  253. // Global handle to LSA's policy object.
  254. // This handle is opened for trusted client.
  255. //
  257. extern LSAPR_HANDLE LsapPolicyHandle;
  259. //
  260. // LSA Server Command Dispatch Table Entry
  261. //
  263. typedef NTSTATUS (*PLSA_COMMAND_WORKER)(PLSA_COMMAND_MESSAGE, PLSA_REPLY_MESSAGE);
  265. //
  266. // LSA Client Control Block
  267. //
  268. // This structure contains context information relevant to a successful
  269. // LsaOpenLsa call.
  270. //
  272. typedef struct _LSAP_CLIENT_CONTROL_BLOCK {
  273. HANDLE KeyHandle; // Configuration Registry Key
  274. ACCESS_MASK GrantedAccess; // Accesses granted to LSA Database Object
  275. } LSAP_CLIENT_CONTROL_BLOCK, *PLSAP_CLIENT_CONTROL_BLOCK;
  278. //
  279. // LSA Privilege Pseudo-Object Types and Flags
  280. //
  282. // *********************** IMPORTANT NOTE ************************
  283. //
  284. // Privilege objects (privileges containing a list of users who have that
  285. // privilge) are pseudo-objects that use the account objects as a backing
  286. // stored. There are currently no public interfaces to open a privilege
  287. // object, so there need not be public access flags.
  288. //
  290. #define PRIVILEGE_VIEW 0x00000001L
  291. #define PRIVILEGE_ADJUST 0x00000002L
  292. #define PRIVILEGE_ALL (STANDARD_RIGHTS_REQUIRED | \
  293. PRIVILEGE_VIEW | \
  294. PRIVILEGE_ADJUST)
  298. //
  299. // LSA API Error Handling Cleanup Flags
  300. //
  301. // These flags specify cleanup operations to be performed after an LSA
  302. // API call has hit a fatal error. They are passed in the ErrorCleanupFlags
  303. // variable of the API or worker's error handling routine.
  304. //
  306. #define LSAP_CLEANUP_REVERT_TO_SELF (0x00000001L)
  307. #define LSAP_CLEANUP_CLOSE_LSA_HANDLE (0x00000002L)
  308. #define LSAP_CLEANUP_FREE_USTRING (0x00000004L)
  309. #define LSAP_CLEANUP_CLOSE_REG_KEY (0x00000008L)
  310. #define LSAP_CLEANUP_DELETE_REG_KEY (0x00000010L)
  311. #define LSAP_CLEANUP_DB_UNLOCK (0x00000020L)
  313. BOOLEAN
  314. LsapRmInitializeServer(
  315. );
  317. VOID
  318. LsapRmServerThread(
  319. );
  321. NTSTATUS
  322. LsapRPCInit(
  323. );
  325. BOOLEAN
  326. LsapAuInit( // Authentication initialization
  327. );
  329. NTSTATUS
  330. LsapDbInitializeRights(
  331. );
  333. VOID
  334. LsapDbCleanupRights(
  335. );
  337. NTSTATUS
  338. LsapCallRm(
  339. IN RM_COMMAND_NUMBER CommandNumber,
  340. IN OPTIONAL PVOID CommandParams,
  341. IN ULONG CommandParamsLength,
  342. OUT OPTIONAL PVOID ReplyBuffer,
  343. IN ULONG ReplyBufferLength
  344. );
  346. NTSTATUS
  347. LsapLogonSessionDeletedWrkr(
  348. IN PLSA_COMMAND_MESSAGE CommandMessage,
  349. OUT PLSA_REPLY_MESSAGE ReplyMessage
  350. );
  352. NTSTATUS
  353. LsapComponentTestWrkr(
  354. IN PLSA_COMMAND_MESSAGE CommandMessage,
  355. OUT PLSA_REPLY_MESSAGE ReplyMessage
  356. );
  358. //
  359. // Prototypes of RPC free routines used by LsaIFree.c
  360. //
  362. void _fgs__STRING (STRING * _source);
  363. void _fgs__LSAPR_SID_INFORMATION (LSAPR_SID_INFORMATION * _source);
  364. void _fgs__LSAPR_SID_ENUM_BUFFER (LSAPR_SID_ENUM_BUFFER * _source);
  365. void _fgs__LSAPR_ACCOUNT_INFORMATION (LSAPR_ACCOUNT_INFORMATION * _source);
  366. void _fgs__LSAPR_ACCOUNT_ENUM_BUFFER (LSAPR_ACCOUNT_ENUM_BUFFER * _source);
  367. void _fgs__LSAPR_UNICODE_STRING (LSAPR_UNICODE_STRING * _source);
  368. void _fgs__LSAPR_SECURITY_DESCRIPTOR (LSAPR_SECURITY_DESCRIPTOR * _source);
  369. void _fgs__LSAPR_SR_SECURITY_DESCRIPTOR (LSAPR_SR_SECURITY_DESCRIPTOR * _source);
  370. void _fgs__LSAPR_POLICY_PRIVILEGE_DEF (LSAPR_POLICY_PRIVILEGE_DEF * _source);
  371. void _fgs__LSAPR_PRIVILEGE_ENUM_BUFFER (LSAPR_PRIVILEGE_ENUM_BUFFER * _source);
  372. void _fgs__LSAPR_OBJECT_ATTRIBUTES (LSAPR_OBJECT_ATTRIBUTES * _source);
  373. void _fgs__LSAPR_CR_CIPHER_VALUE (LSAPR_CR_CIPHER_VALUE * _source);
  374. void _fgs__LSAPR_TRUST_INFORMATION (LSAPR_TRUST_INFORMATION * _source);
  375. void _fgs__LSAPR_TRUSTED_ENUM_BUFFER (LSAPR_TRUSTED_ENUM_BUFFER * _source);
  376. void _fgs__LSAPR_TRUSTED_ENUM_BUFFER_EX (LSAPR_TRUSTED_ENUM_BUFFER_EX * _source);
  377. void _fgs__LSAPR_REFERENCED_DOMAIN_LIST (LSAPR_REFERENCED_DOMAIN_LIST * _source);
  378. void _fgs__LSAPR_TRANSLATED_SIDS (LSAPR_TRANSLATED_SIDS * _source);
  379. void _fgs__LSAPR_TRANSLATED_NAME (LSAPR_TRANSLATED_NAME * _source);
  380. void _fgs__LSAPR_TRANSLATED_NAMES (LSAPR_TRANSLATED_NAMES * _source);
  381. void _fgs__LSAPR_POLICY_ACCOUNT_DOM_INFO (LSAPR_POLICY_ACCOUNT_DOM_INFO * _source);
  382. void _fgs__LSAPR_POLICY_PRIMARY_DOM_INFO (LSAPR_POLICY_PRIMARY_DOM_INFO * _source);
  383. void _fgs__LSAPR_POLICY_PD_ACCOUNT_INFO (LSAPR_POLICY_PD_ACCOUNT_INFO * _source);
  384. void _fgs__LSAPR_POLICY_REPLICA_SRCE_INFO (LSAPR_POLICY_REPLICA_SRCE_INFO * _source);
  385. void _fgs__LSAPR_POLICY_AUDIT_EVENTS_INFO (LSAPR_POLICY_AUDIT_EVENTS_INFO * _source);
  386. void _fgs__LSAPR_TRUSTED_DOMAIN_NAME_INFO (LSAPR_TRUSTED_DOMAIN_NAME_INFO * _source);
  387. void _fgs__LSAPR_TRUSTED_CONTROLLERS_INFO (LSAPR_TRUSTED_CONTROLLERS_INFO * _source);
  388. void _fgu__LSAPR_POLICY_INFORMATION (LSAPR_POLICY_INFORMATION * _source, POLICY_INFORMATION_CLASS _branch);
  389. void _fgu__LSAPR_POLICY_DOMAIN_INFORMATION (LSAPR_POLICY_DOMAIN_INFORMATION * _source,
  390. POLICY_DOMAIN_INFORMATION_CLASS _branch);
  391. void _fgu__LSAPR_TRUSTED_DOMAIN_INFO (LSAPR_TRUSTED_DOMAIN_INFO * _source, TRUSTED_INFORMATION_CLASS _branch);
  393. //
  394. // Old worker prototypes - These are temporary
  395. //
  397. #define LsapComponentTestCommandWrkr LsapComponentTestWrkr
  398. #define LsapWriteAuditMessageCommandWrkr LsapAdtWriteLogWrkr
  400. NTSTATUS
  401. ServiceInit (
  402. );
  404. NTSTATUS
  405. LsapInitLsa(
  406. );
  408. BOOLEAN
  409. LsapSeSetWellKnownValues(
  410. );
  412. VOID
  413. RtlConvertSidToText(
  414. IN PSID Sid,
  415. OUT PUCHAR Buffer
  416. );
  418. ULONG
  419. RtlSizeANSISid(
  420. IN PSID Sid
  421. );
  423. NTSTATUS
  424. LsapGetMessageStrings(
  425. LPVOID Resource,
  426. DWORD Index1,
  427. PUNICODE_STRING String1,
  428. DWORD Index2,
  429. PUNICODE_STRING String2 OPTIONAL
  430. );
  433. VOID
  434. LsapLogError(
  435. IN OPTIONAL PUCHAR Message,
  436. IN NTSTATUS Status
  437. );
  439. NTSTATUS
  440. LsapWinerrorToNtStatus(
  441. IN DWORD WinError
  442. );
  444. NTSTATUS
  445. LsapNtStatusFromLastWinError( VOID );
  448. NTSTATUS
  449. LsapGetPrivilegesAndQuotas(
  450. IN SECURITY_LOGON_TYPE LogonType,
  451. IN ULONG IdCount,
  452. IN PSID_AND_ATTRIBUTES Ids,
  453. OUT PULONG PrivilegeCount,
  454. OUT PLUID_AND_ATTRIBUTES *Privileges,
  455. OUT PQUOTA_LIMITS QuotaLimits
  456. );
  459. NTSTATUS
  460. LsapQueryClientInfo(
  461. PTOKEN_USER *UserSid,
  462. PLUID AuthenticationId
  463. );
  466. NTSTATUS
  467. LsapGetAccountDomainInfo(
  468. PPOLICY_ACCOUNT_DOMAIN_INFO *PolicyAccountDomainInfo
  469. );
  471. NTSTATUS
  472. LsapOpenSam( VOID );
  474. NTSTATUS
  475. LsapOpenSamEx(
  476. BOOLEAN DuringStartup
  477. );
  479. NTSTATUS
  480. LsapNotifyProcessNotificationEvent(
  481. IN POLICY_NOTIFICATION_INFORMATION_CLASS InformationClass,
  482. IN HANDLE EventHandle,
  483. IN ULONG OwnerProcess,
  484. IN HANDLE OwnerEventHandle,
  485. IN BOOLEAN Register
  486. );
  490. /////////////////////////////////////////////////////////////////////////
  491. // //
  492. // Shared Global Variables //
  493. // //
  494. /////////////////////////////////////////////////////////////////////////
  496. //
  497. // Handles used to talk to SAM directly.
  498. // Also, a flag to indicate whether or not the handles are valid.
  499. //
  502. extern BOOLEAN LsapSamOpened;
  504. extern SAMPR_HANDLE LsapAccountDomainHandle;
  505. extern SAMPR_HANDLE LsapBuiltinDomainHandle;
  509. //
  510. // These variables are used to control the number of
  511. // threads used for processing Logon Process calls.
  512. // See auloop.c for a description of these variables.
  513. //
  515. extern RTL_RESOURCE LsapAuThreadCountLock;
  516. extern LONG LsapAuActiveThreads;
  517. extern LONG LsapAuFreeThreads;
  518. extern LONG LsapAuFreeThreadsGoal;
  519. extern LONG LsapAuMinimumThreads;
  520. extern LONG LsapAuMaximumThreads;
  521. extern LONG LsapAuCallsToProcess;
  524. #if DBG
  526. //
  527. // Used to extend the resource timeout for lsass.exe to
  528. // prevent it from hitting deadlock warnings in stress tests.
  529. //
  531. extern IMAGE_LOAD_CONFIG_DIRECTORY _load_config_used;
  532. #endif \\DBG
  535. #if LSAP_DIAGNOSTICS
  537. //
  538. // Used as a global diagnostics control flag within lsass.exe
  539. //
  541. extern ULONG LsapGlobalFlag;
  542. #endif // LSAP_DIAGNOSTICS
  544. //
  545. // Fast version of NtQuerySystemTime
  546. //
  548. #define LsapQuerySystemTime( _Time ) GetSystemTimeAsFileTime( (LPFILETIME)(_Time) )
  551. #endif // _LSASRVP_