Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

361 lines
11 KiB

  1. /*++ BUILD Version: 0005 Increment this if a change has global effects
  2. Copyright (c) Microsoft Corporation. All rights reserved.
  3. Module Name:
  4. subauth.h
  5. Abstract:
  6. This module defines types and macros for Subauthentication Packages.
  7. Revision History:
  8. --*/
  9. #ifndef _NTSUBAUTH_
  10. #define _NTSUBAUTH_
  11. #ifdef __cplusplus
  12. extern "C" {
  13. #endif
  14. #if (!defined(_NTDEF_)) && (!defined(_NTSECAPI_))
  15. typedef LONG NTSTATUS, *PNTSTATUS;
  16. typedef struct _UNICODE_STRING {
  17. USHORT Length;
  18. USHORT MaximumLength;
  19. PWSTR Buffer;
  20. } UNICODE_STRING, *PUNICODE_STRING;
  21. typedef struct _STRING {
  22. USHORT Length;
  23. USHORT MaximumLength;
  24. PCHAR Buffer;
  25. } STRING, *PSTRING;
  26. #endif
  27. #ifndef _NTDEF_
  28. typedef struct _OLD_LARGE_INTEGER {
  29. ULONG LowPart;
  30. LONG HighPart;
  31. } OLD_LARGE_INTEGER, *POLD_LARGE_INTEGER;
  32. #define NT_SUCCESS(Status) ((NTSTATUS)(Status) >= 0)
  33. #endif
  34. #ifndef _NTSAM_SAM_HANDLE_
  35. typedef PVOID SAM_HANDLE, *PSAM_HANDLE;
  36. #define _NTSAM_SAM_HANDLE_
  37. #endif
  38. #ifndef _NTSAM_USER_ACCOUNT_FLAGS_
  39. //
  40. // User account control flags...
  41. //
  42. #define USER_ACCOUNT_DISABLED (0x00000001)
  43. #define USER_HOME_DIRECTORY_REQUIRED (0x00000002)
  44. #define USER_PASSWORD_NOT_REQUIRED (0x00000004)
  45. #define USER_TEMP_DUPLICATE_ACCOUNT (0x00000008)
  46. #define USER_NORMAL_ACCOUNT (0x00000010)
  47. #define USER_MNS_LOGON_ACCOUNT (0x00000020)
  48. #define USER_INTERDOMAIN_TRUST_ACCOUNT (0x00000040)
  49. #define USER_WORKSTATION_TRUST_ACCOUNT (0x00000080)
  50. #define USER_SERVER_TRUST_ACCOUNT (0x00000100)
  51. #define USER_DONT_EXPIRE_PASSWORD (0x00000200)
  52. #define USER_ACCOUNT_AUTO_LOCKED (0x00000400)
  53. #define USER_ENCRYPTED_TEXT_PASSWORD_ALLOWED (0x00000800)
  54. #define USER_SMARTCARD_REQUIRED (0x00001000)
  55. #define USER_TRUSTED_FOR_DELEGATION (0x00002000)
  56. #define USER_NOT_DELEGATED (0x00004000)
  57. #define USER_USE_DES_KEY_ONLY (0x00008000)
  58. #define USER_DONT_REQUIRE_PREAUTH (0x00010000)
  59. #define USER_PASSWORD_EXPIRED (0x00020000)
  60. #define USER_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION (0x00040000)
  61. #define NEXT_FREE_ACCOUNT_CONTROL_BIT (USER_TRUSTED_TO_AUTHENTICATE_FOR_DELEGATION << 1)
  62. #define USER_MACHINE_ACCOUNT_MASK \
  63. ( USER_INTERDOMAIN_TRUST_ACCOUNT |\
  64. USER_WORKSTATION_TRUST_ACCOUNT |\
  65. USER_SERVER_TRUST_ACCOUNT)
  66. #define USER_ACCOUNT_TYPE_MASK \
  67. ( USER_TEMP_DUPLICATE_ACCOUNT |\
  68. USER_NORMAL_ACCOUNT |\
  69. USER_MACHINE_ACCOUNT_MASK )
  70. //
  71. // Logon times may be expressed in day, hour, or minute granularity.
  72. //
  73. // Days per week = 7
  74. // Hours per week = 168
  75. // Minutes per week = 10080
  76. //
  77. #define SAM_DAYS_PER_WEEK (7)
  78. #define SAM_HOURS_PER_WEEK (24 * SAM_DAYS_PER_WEEK)
  79. #define SAM_MINUTES_PER_WEEK (60 * SAM_HOURS_PER_WEEK)
  80. typedef struct _LOGON_HOURS {
  81. USHORT UnitsPerWeek;
  82. //
  83. // UnitsPerWeek is the number of equal length time units the week is
  84. // divided into. This value is used to compute the length of the bit
  85. // string in logon_hours. Must be less than or equal to
  86. // SAM_UNITS_PER_WEEK (10080) for this release.
  87. //
  88. // LogonHours is a bit map of valid logon times. Each bit represents
  89. // a unique division in a week. The largest bit map supported is 1260
  90. // bytes (10080 bits), which represents minutes per week. In this case
  91. // the first bit (bit 0, byte 0) is Sunday, 00:00:00 - 00-00:59; bit 1,
  92. // byte 0 is Sunday, 00:01:00 - 00:01:59, etc. A NULL pointer means
  93. // DONT_CHANGE for SamSetInformationUser() calls.
  94. //
  95. PUCHAR LogonHours;
  96. } LOGON_HOURS, *PLOGON_HOURS;
  97. typedef struct _SR_SECURITY_DESCRIPTOR {
  98. ULONG Length;
  99. PUCHAR SecurityDescriptor;
  100. } SR_SECURITY_DESCRIPTOR, *PSR_SECURITY_DESCRIPTOR;
  101. #define _NTSAM_USER_ACCOUNT_FLAG_
  102. #endif
  103. #ifndef _NTSAM_USER_ALL_INFO_
  104. #include "pshpack4.h"
  105. typedef struct _USER_ALL_INFORMATION {
  106. LARGE_INTEGER LastLogon;
  107. LARGE_INTEGER LastLogoff;
  108. LARGE_INTEGER PasswordLastSet;
  109. LARGE_INTEGER AccountExpires;
  110. LARGE_INTEGER PasswordCanChange;
  111. LARGE_INTEGER PasswordMustChange;
  112. UNICODE_STRING UserName;
  113. UNICODE_STRING FullName;
  114. UNICODE_STRING HomeDirectory;
  115. UNICODE_STRING HomeDirectoryDrive;
  116. UNICODE_STRING ScriptPath;
  117. UNICODE_STRING ProfilePath;
  118. UNICODE_STRING AdminComment;
  119. UNICODE_STRING WorkStations;
  120. UNICODE_STRING UserComment;
  121. UNICODE_STRING Parameters;
  122. UNICODE_STRING LmPassword;
  123. UNICODE_STRING NtPassword;
  124. UNICODE_STRING PrivateData;
  125. SR_SECURITY_DESCRIPTOR SecurityDescriptor;
  126. ULONG UserId;
  127. ULONG PrimaryGroupId;
  128. ULONG UserAccountControl;
  129. ULONG WhichFields;
  130. LOGON_HOURS LogonHours;
  131. USHORT BadPasswordCount;
  132. USHORT LogonCount;
  133. USHORT CountryCode;
  134. USHORT CodePage;
  135. BOOLEAN LmPasswordPresent;
  136. BOOLEAN NtPasswordPresent;
  137. BOOLEAN PasswordExpired;
  138. BOOLEAN PrivateDataSensitive;
  139. } USER_ALL_INFORMATION, *PUSER_ALL_INFORMATION;
  140. #include "poppack.h"
  141. #define _NTSAM_USER_ALL_INFO_
  142. #endif
  143. #ifndef _NTSAM_SAM_USER_PARMS_
  144. #define USER_ALL_PARAMETERS 0x00200000
  145. #define _NTSAM_SAM_USER_PARMS_
  146. #endif
  147. #define CLEAR_BLOCK_LENGTH 8
  148. typedef struct _CLEAR_BLOCK {
  149. CHAR data[CLEAR_BLOCK_LENGTH];
  150. } CLEAR_BLOCK;
  151. typedef CLEAR_BLOCK * PCLEAR_BLOCK;
  152. #define CYPHER_BLOCK_LENGTH 8
  153. typedef struct _CYPHER_BLOCK {
  154. CHAR data[CYPHER_BLOCK_LENGTH];
  155. } CYPHER_BLOCK;
  156. typedef CYPHER_BLOCK * PCYPHER_BLOCK;
  157. typedef struct _LM_OWF_PASSWORD {
  158. CYPHER_BLOCK data[2];
  159. } LM_OWF_PASSWORD;
  160. typedef LM_OWF_PASSWORD * PLM_OWF_PASSWORD;
  161. typedef CLEAR_BLOCK LM_CHALLENGE;
  162. typedef LM_CHALLENGE * PLM_CHALLENGE;
  163. typedef LM_OWF_PASSWORD NT_OWF_PASSWORD;
  164. typedef NT_OWF_PASSWORD * PNT_OWF_PASSWORD;
  165. typedef LM_CHALLENGE NT_CHALLENGE;
  166. typedef NT_CHALLENGE * PNT_CHALLENGE;
  167. #define USER_SESSION_KEY_LENGTH (CYPHER_BLOCK_LENGTH * 2)
  168. typedef struct _USER_SESSION_KEY {
  169. CYPHER_BLOCK data[2];
  170. } USER_SESSION_KEY;
  171. typedef USER_SESSION_KEY * PUSER_SESSION_KEY;
  172. typedef enum _NETLOGON_LOGON_INFO_CLASS {
  173. NetlogonInteractiveInformation = 1,
  174. NetlogonNetworkInformation,
  175. NetlogonServiceInformation,
  176. NetlogonGenericInformation,
  177. NetlogonInteractiveTransitiveInformation,
  178. NetlogonNetworkTransitiveInformation,
  179. NetlogonServiceTransitiveInformation
  180. } NETLOGON_LOGON_INFO_CLASS;
  181. typedef struct _NETLOGON_LOGON_IDENTITY_INFO {
  182. UNICODE_STRING LogonDomainName;
  183. ULONG ParameterControl;
  184. OLD_LARGE_INTEGER LogonId;
  185. UNICODE_STRING UserName;
  186. UNICODE_STRING Workstation;
  187. } NETLOGON_LOGON_IDENTITY_INFO,
  188. *PNETLOGON_LOGON_IDENTITY_INFO;
  189. typedef struct _NETLOGON_INTERACTIVE_INFO {
  190. NETLOGON_LOGON_IDENTITY_INFO Identity;
  191. LM_OWF_PASSWORD LmOwfPassword;
  192. NT_OWF_PASSWORD NtOwfPassword;
  193. } NETLOGON_INTERACTIVE_INFO,
  194. *PNETLOGON_INTERACTIVE_INFO;
  195. typedef struct _NETLOGON_SERVICE_INFO {
  196. NETLOGON_LOGON_IDENTITY_INFO Identity;
  197. LM_OWF_PASSWORD LmOwfPassword;
  198. NT_OWF_PASSWORD NtOwfPassword;
  199. } NETLOGON_SERVICE_INFO, *PNETLOGON_SERVICE_INFO;
  200. typedef struct _NETLOGON_NETWORK_INFO {
  201. NETLOGON_LOGON_IDENTITY_INFO Identity;
  202. LM_CHALLENGE LmChallenge;
  203. STRING NtChallengeResponse;
  204. STRING LmChallengeResponse;
  205. } NETLOGON_NETWORK_INFO, *PNETLOGON_NETWORK_INFO;
  206. typedef struct _NETLOGON_GENERIC_INFO {
  207. NETLOGON_LOGON_IDENTITY_INFO Identity;
  208. UNICODE_STRING PackageName;
  209. ULONG DataLength;
  210. #ifdef MIDL_PASS
  211. [size_is(DataLength)]
  212. #endif
  213. PUCHAR LogonData;
  214. } NETLOGON_GENERIC_INFO, *PNETLOGON_GENERIC_INFO;
  215. // Values for Flags
  216. #define MSV1_0_PASSTHRU 0x01
  217. #define MSV1_0_GUEST_LOGON 0x02
  218. NTSTATUS NTAPI
  219. Msv1_0SubAuthenticationRoutine(
  220. IN NETLOGON_LOGON_INFO_CLASS LogonLevel,
  221. IN PVOID LogonInformation,
  222. IN ULONG Flags,
  223. IN PUSER_ALL_INFORMATION UserAll,
  224. OUT PULONG WhichFields,
  225. OUT PULONG UserFlags,
  226. OUT PBOOLEAN Authoritative,
  227. OUT PLARGE_INTEGER LogoffTime,
  228. OUT PLARGE_INTEGER KickoffTime
  229. );
  230. typedef struct _MSV1_0_VALIDATION_INFO {
  231. LARGE_INTEGER LogoffTime;
  232. LARGE_INTEGER KickoffTime;
  233. UNICODE_STRING LogonServer;
  234. UNICODE_STRING LogonDomainName;
  235. USER_SESSION_KEY SessionKey;
  236. BOOLEAN Authoritative;
  237. ULONG UserFlags;
  238. ULONG WhichFields;
  239. ULONG UserId;
  240. } MSV1_0_VALIDATION_INFO, *PMSV1_0_VALIDATION_INFO;
  241. // values for WhichFields
  242. #define MSV1_0_VALIDATION_LOGOFF_TIME 0x00000001
  243. #define MSV1_0_VALIDATION_KICKOFF_TIME 0x00000002
  244. #define MSV1_0_VALIDATION_LOGON_SERVER 0x00000004
  245. #define MSV1_0_VALIDATION_LOGON_DOMAIN 0x00000008
  246. #define MSV1_0_VALIDATION_SESSION_KEY 0x00000010
  247. #define MSV1_0_VALIDATION_USER_FLAGS 0x00000020
  248. #define MSV1_0_VALIDATION_USER_ID 0x00000040
  249. // legal values for ActionsPerformed
  250. #define MSV1_0_SUBAUTH_ACCOUNT_DISABLED 0x00000001
  251. #define MSV1_0_SUBAUTH_PASSWORD 0x00000002
  252. #define MSV1_0_SUBAUTH_WORKSTATIONS 0x00000004
  253. #define MSV1_0_SUBAUTH_LOGON_HOURS 0x00000008
  254. #define MSV1_0_SUBAUTH_ACCOUNT_EXPIRY 0x00000010
  255. #define MSV1_0_SUBAUTH_PASSWORD_EXPIRY 0x00000020
  256. #define MSV1_0_SUBAUTH_ACCOUNT_TYPE 0x00000040
  257. #define MSV1_0_SUBAUTH_LOCKOUT 0x00000080
  258. NTSTATUS NTAPI
  259. Msv1_0SubAuthenticationRoutineEx(
  260. IN NETLOGON_LOGON_INFO_CLASS LogonLevel,
  261. IN PVOID LogonInformation,
  262. IN ULONG Flags,
  263. IN PUSER_ALL_INFORMATION UserAll,
  264. IN SAM_HANDLE UserHandle,
  265. IN OUT PMSV1_0_VALIDATION_INFO ValidationInfo,
  266. OUT PULONG ActionsPerformed
  267. );
  268. NTSTATUS NTAPI
  269. Msv1_0SubAuthenticationRoutineGeneric(
  270. IN PVOID SubmitBuffer,
  271. IN ULONG SubmitBufferLength,
  272. OUT PULONG ReturnBufferLength,
  273. OUT PVOID *ReturnBuffer
  274. );
  275. NTSTATUS NTAPI
  276. Msv1_0SubAuthenticationFilter(
  277. IN NETLOGON_LOGON_INFO_CLASS LogonLevel,
  278. IN PVOID LogonInformation,
  279. IN ULONG Flags,
  280. IN PUSER_ALL_INFORMATION UserAll,
  281. OUT PULONG WhichFields,
  282. OUT PULONG UserFlags,
  283. OUT PBOOLEAN Authoritative,
  284. OUT PLARGE_INTEGER LogoffTime,
  285. OUT PLARGE_INTEGER KickoffTime
  286. );
  287. #define STATUS_SUCCESS ((NTSTATUS)0x00000000L)
  288. #define STATUS_INVALID_INFO_CLASS ((NTSTATUS)0xC0000003L)
  289. #define STATUS_NO_SUCH_USER ((NTSTATUS)0xC0000064L)
  290. #define STATUS_WRONG_PASSWORD ((NTSTATUS)0xC000006AL)
  291. #define STATUS_PASSWORD_RESTRICTION ((NTSTATUS)0xC000006CL)
  292. #define STATUS_LOGON_FAILURE ((NTSTATUS)0xC000006DL)
  293. #define STATUS_ACCOUNT_RESTRICTION ((NTSTATUS)0xC000006EL)
  294. #define STATUS_INVALID_LOGON_HOURS ((NTSTATUS)0xC000006FL)
  295. #define STATUS_INVALID_WORKSTATION ((NTSTATUS)0xC0000070L)
  296. #define STATUS_PASSWORD_EXPIRED ((NTSTATUS)0xC0000071L)
  297. #define STATUS_ACCOUNT_DISABLED ((NTSTATUS)0xC0000072L)
  298. #define STATUS_INSUFFICIENT_RESOURCES ((NTSTATUS)0xC000009AL)
  299. #define STATUS_ACCOUNT_EXPIRED ((NTSTATUS)0xC0000193L)
  300. #define STATUS_PASSWORD_MUST_CHANGE ((NTSTATUS)0xC0000224L)
  301. #define STATUS_ACCOUNT_LOCKED_OUT ((NTSTATUS)0xC0000234L)
  302. #ifdef __cplusplus
  303. }
  304. #endif
  305. #endif /* _NTSUBAUTH_ */