Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

455 lines
14 KiB

  1. /*++
  2. Copyright (c) 1989 Microsoft Corporation
  3. Module Name:
  4. msp.h
  5. Abstract:
  6. MSV1_0 authentication package private definitions.
  7. Author:
  8. Jim Kelly 11-Apr-1991
  9. Revision History:
  10. Scott Field (sfield) 05-Oct-98 Add NTLM3
  11. Scott Field (sfield) 15-Jan-98 Add MspNtDeriveCredential
  12. Chandana Surlu 21-Jul-96 Stolen from \\kernel\razzle3\src\security\msv1_0\msv1_0.c
  13. --*/
  14. #ifndef _MSP_
  15. #define _MSP_
  16. #if ( _MSC_VER >= 800 )
  17. #pragma warning ( 3 : 4100 ) // enable "Unreferenced formal parameter"
  18. #pragma warning ( 3 : 4219 ) // enable "trailing ',' used for variable argument list"
  19. #endif
  20. #include <nt.h>
  21. #include <ntrtl.h>
  22. #include <nturtl.h>
  23. #include <crypt.h>
  24. #include <ntmsv1_0.h>
  25. #include <windows.h>
  26. #ifndef SECURITY_WIN32
  27. #define SECURITY_WIN32
  28. #endif // SECURITY_WIN32
  29. #define SECURITY_PACKAGE
  30. #define SECURITY_NTLM
  31. #include <security.h>
  32. #include <secint.h>
  33. ///////////////////////////////////////////////////////////////////////////////
  34. // //
  35. // Miscellaneous macros //
  36. // //
  37. ///////////////////////////////////////////////////////////////////////////////
  38. //
  39. // RELOCATE_ONE - Relocate a single pointer in a client buffer.
  40. //
  41. // Note: this macro is dependent on parameter names as indicated in the
  42. // description below. On error, this macro goes to 'Cleanup' with
  43. // 'Status' set to the NT Status code.
  44. //
  45. // The MaximumLength is forced to be Length.
  46. //
  47. // Define a macro to relocate a pointer in the buffer the client passed in
  48. // to be relative to 'ProtocolSubmitBuffer' rather than being relative to
  49. // 'ClientBufferBase'. The result is checked to ensure the pointer and
  50. // the data pointed to is within the first 'SubmitBufferSize' of the
  51. // 'ProtocolSubmitBuffer'.
  52. //
  53. // The relocated field must be aligned to a WCHAR boundary.
  54. //
  55. // _q - Address of UNICODE_STRING structure which points to data to be
  56. // relocated
  57. //
  58. #define RELOCATE_ONE( _q ) \
  59. { \
  60. ULONG_PTR Offset; \
  61. \
  62. Offset = (((PUCHAR)((_q)->Buffer)) - ((PUCHAR)ClientBufferBase)); \
  63. if ( Offset >= SubmitBufferSize || \
  64. Offset + (_q)->Length > SubmitBufferSize || \
  65. !COUNT_IS_ALIGNED( Offset, ALIGN_WCHAR) ) { \
  66. \
  67. SspPrint((SSP_CRITICAL, "Failed RELOCATE_ONE\n")); \
  68. Status = STATUS_INVALID_PARAMETER; \
  69. goto Cleanup; \
  70. } \
  71. \
  72. (_q)->Buffer = (PWSTR)(((PUCHAR)ProtocolSubmitBuffer) + Offset); \
  73. (_q)->MaximumLength = (_q)->Length ; \
  74. }
  75. //
  76. // NULL_RELOCATE_ONE - Relocate a single (possibly NULL) pointer in a client
  77. // buffer.
  78. //
  79. // This macro special cases a NULL pointer then calls RELOCATE_ONE. Hence
  80. // it has all the restrictions of RELOCATE_ONE.
  81. //
  82. //
  83. // _q - Address of UNICODE_STRING structure which points to data to be
  84. // relocated
  85. //
  86. #define NULL_RELOCATE_ONE( _q ) \
  87. { \
  88. if ( (_q)->Buffer == NULL ) { \
  89. if ( (_q)->Length != 0 ) { \
  90. SspPrint((SSP_CRITICAL, "Failed NULL_RELOCATE_ONE\n")); \
  91. Status = STATUS_INVALID_PARAMETER; \
  92. goto Cleanup; \
  93. } \
  94. } else if ( (_q)->Length == 0 ) { \
  95. (_q)->Buffer = NULL; \
  96. } else { \
  97. RELOCATE_ONE( _q ); \
  98. } \
  99. }
  100. //
  101. // RELOCATE_ONE_ENCODED - Relocate a unicode string pointer in a client
  102. // buffer. The upper byte of the length field may be an encryption seed
  103. // and should not be used for error checking.
  104. //
  105. // Note: this macro is dependent on parameter names as indicated in the
  106. // description below. On error, this macro goes to 'Cleanup' with
  107. // 'Status' set to the NT Status code.
  108. //
  109. // The MaximumLength is forced to be Length & 0x00ff.
  110. //
  111. // Define a macro to relocate a pointer in the buffer the client passed in
  112. // to be relative to 'ProtocolSubmitBuffer' rather than being relative to
  113. // 'ClientBufferBase'. The result is checked to ensure the pointer and
  114. // the data pointed to is within the first 'SubmitBufferSize' of the
  115. // 'ProtocolSubmitBuffer'.
  116. //
  117. // The relocated field must be aligned to a WCHAR boundary.
  118. //
  119. // _q - Address of UNICODE_STRING structure which points to data to be
  120. // relocated
  121. //
  122. #define RELOCATE_ONE_ENCODED( _q ) \
  123. { \
  124. ULONG_PTR Offset; \
  125. \
  126. Offset = (((PUCHAR)((_q)->Buffer)) - ((PUCHAR)ClientBufferBase)); \
  127. if ( Offset >= SubmitBufferSize || \
  128. Offset + ((_q)->Length & 0x00ff) > SubmitBufferSize || \
  129. !COUNT_IS_ALIGNED( Offset, ALIGN_WCHAR) ) { \
  130. \
  131. SspPrint((SSP_CRITICAL, "Failed RELOCATE_ONE_ENCODED\n")); \
  132. Status = STATUS_INVALID_PARAMETER; \
  133. goto Cleanup; \
  134. } \
  135. \
  136. (_q)->Buffer = (PWSTR)(((PUCHAR)ProtocolSubmitBuffer) + Offset); \
  137. (_q)->MaximumLength = (_q)->Length & 0x00ff; \
  138. }
  139. ///////////////////////////////////////////////////////////////////////
  140. // //
  141. // Authentication package dispatch routine definitions //
  142. // //
  143. ///////////////////////////////////////////////////////////////////////
  144. NTSTATUS
  145. LsaApInitializePackage(
  146. IN ULONG AuthenticationPackageId,
  147. IN PLSA_DISPATCH_TABLE LsaDispatchTable,
  148. IN PSTRING Database OPTIONAL,
  149. IN PSTRING Confidentiality OPTIONAL,
  150. OUT PSTRING *AuthenticationPackageName
  151. );
  152. NTSTATUS
  153. LsaApLogonUser(
  154. IN PLSA_CLIENT_REQUEST ClientRequest,
  155. IN SECURITY_LOGON_TYPE LogonType,
  156. IN PVOID AuthenticationInformation,
  157. IN PVOID ClientAuthenticationBase,
  158. IN ULONG AuthenticationInformationLength,
  159. OUT PVOID *ProfileBuffer,
  160. OUT PULONG ProfileBufferSize,
  161. OUT PLUID LogonId,
  162. OUT PNTSTATUS SubStatus,
  163. OUT PLSA_TOKEN_INFORMATION_TYPE TokenInformationType,
  164. OUT PVOID *TokenInformation,
  165. OUT PUNICODE_STRING *AccountName,
  166. OUT PUNICODE_STRING *AuthenticatingAuthority
  167. );
  168. NTSTATUS
  169. LsaApCallPackage(
  170. IN PLSA_CLIENT_REQUEST ClientRequest,
  171. IN PVOID ProtocolSubmitBuffer,
  172. IN PVOID ClientBufferBase,
  173. IN ULONG SubmitBufferSize,
  174. OUT PVOID *ProtocolReturnBuffer,
  175. OUT PULONG ReturnBufferSize,
  176. OUT PNTSTATUS ProtocolStatus
  177. );
  178. NTSTATUS
  179. LsaApCallPackagePassthrough(
  180. IN PLSA_CLIENT_REQUEST ClientRequest,
  181. IN PVOID ProtocolSubmitBuffer,
  182. IN PVOID ClientBufferBase,
  183. IN ULONG SubmitBufferSize,
  184. OUT PVOID *ProtocolReturnBuffer,
  185. OUT PULONG ReturnBufferSize,
  186. OUT PNTSTATUS ProtocolStatus
  187. );
  188. VOID
  189. LsaApLogonTerminated(
  190. IN PLUID LogonId
  191. );
  192. ///////////////////////////////////////////////////////////////////////
  193. // //
  194. // LsaApCallPackage function dispatch routines //
  195. // //
  196. ///////////////////////////////////////////////////////////////////////
  197. NTSTATUS
  198. MspLm20Challenge(
  199. IN PLSA_CLIENT_REQUEST ClientRequest,
  200. IN PVOID ProtocolSubmitBuffer,
  201. IN PVOID ClientBufferBase,
  202. IN ULONG SubmitBufferSize,
  203. OUT PVOID *ProtocolReturnBuffer,
  204. OUT PULONG ReturnBufferSize,
  205. OUT PNTSTATUS ProtocolStatus
  206. );
  207. NTSTATUS
  208. MspLm20GetChallengeResponse(
  209. IN PLSA_CLIENT_REQUEST ClientRequest,
  210. IN PVOID ProtocolSubmitBuffer,
  211. IN PVOID ClientBufferBase,
  212. IN ULONG SubmitBufferSize,
  213. OUT PVOID *ProtocolReturnBuffer,
  214. OUT PULONG ReturnBufferSize,
  215. OUT PNTSTATUS ProtocolStatus
  216. );
  217. NTSTATUS
  218. MspLm20EnumUsers(
  219. IN PLSA_CLIENT_REQUEST ClientRequest,
  220. IN PVOID ProtocolSubmitBuffer,
  221. IN PVOID ClientBufferBase,
  222. IN ULONG SubmitBufferSize,
  223. OUT PVOID *ProtocolReturnBuffer,
  224. OUT PULONG ReturnBufferSize,
  225. OUT PNTSTATUS ProtocolStatus
  226. );
  227. NTSTATUS
  228. MspLm20GetUserInfo(
  229. IN PLSA_CLIENT_REQUEST ClientRequest,
  230. IN PVOID ProtocolSubmitBuffer,
  231. IN PVOID ClientBufferBase,
  232. IN ULONG SubmitBufferSize,
  233. OUT PVOID *ProtocolReturnBuffer,
  234. OUT PULONG ReturnBufferSize,
  235. OUT PNTSTATUS ProtocolStatus
  236. );
  237. NTSTATUS
  238. MspLm20ReLogonUsers(
  239. IN PLSA_CLIENT_REQUEST ClientRequest,
  240. IN PVOID ProtocolSubmitBuffer,
  241. IN PVOID ClientBufferBase,
  242. IN ULONG SubmitBufferSize,
  243. OUT PVOID *ProtocolReturnBuffer,
  244. OUT PULONG ReturnBufferSize,
  245. OUT PNTSTATUS ProtocolStatus
  246. );
  247. NTSTATUS
  248. MspLm20ChangePassword(
  249. IN PLSA_CLIENT_REQUEST ClientRequest,
  250. IN PVOID ProtocolSubmitBuffer,
  251. IN PVOID ClientBufferBase,
  252. IN ULONG SubmitBufferSize,
  253. OUT PVOID *ProtocolReturnBuffer,
  254. OUT PULONG ReturnBufferSize,
  255. OUT PNTSTATUS ProtocolStatus
  256. );
  257. NTSTATUS
  258. MspLm20GenericPassthrough(
  259. IN PLSA_CLIENT_REQUEST ClientRequest,
  260. IN PVOID ProtocolSubmitBuffer,
  261. IN PVOID ClientBufferBase,
  262. IN ULONG SubmitBufferSize,
  263. OUT PVOID *ProtocolReturnBuffer,
  264. OUT PULONG ReturnBufferSize,
  265. OUT PNTSTATUS ProtocolStatus
  266. );
  267. NTSTATUS
  268. MspLm20CacheLogon(
  269. IN PLSA_CLIENT_REQUEST ClientRequest,
  270. IN PVOID ProtocolSubmitBuffer,
  271. IN PVOID ClientBufferBase,
  272. IN ULONG SubmitBufferSize,
  273. OUT PVOID *ProtocolReturnBuffer,
  274. OUT PULONG ReturnBufferSize,
  275. OUT PNTSTATUS ProtocolStatus
  276. );
  277. NTSTATUS
  278. MspLm20CacheLookup(
  279. IN PLSA_CLIENT_REQUEST ClientRequest,
  280. IN PVOID ProtocolSubmitBuffer,
  281. IN PVOID ClientBufferBase,
  282. IN ULONG SubmitBufferSize,
  283. OUT PVOID *ProtocolReturnBuffer,
  284. OUT PULONG ReturnBufferSize,
  285. OUT PNTSTATUS ProtocolStatus
  286. );
  287. NTSTATUS
  288. MspNtSubAuth(
  289. IN PLSA_CLIENT_REQUEST ClientRequest,
  290. IN PVOID ProtocolSubmitBuffer,
  291. IN PVOID ClientBufferBase,
  292. IN ULONG SubmitBufferSize,
  293. OUT PVOID *ProtocolReturnBuffer,
  294. OUT PULONG ReturnBufferSize,
  295. OUT PNTSTATUS ProtocolStatus
  296. );
  297. NTSTATUS
  298. MspNtDeriveCredential(
  299. IN PLSA_CLIENT_REQUEST ClientRequest,
  300. IN PVOID ProtocolSubmitBuffer,
  301. IN PVOID ClientBufferBase,
  302. IN ULONG SubmitBufferSize,
  303. OUT PVOID *ProtocolReturnBuffer,
  304. OUT PULONG ReturnBufferSize,
  305. OUT PNTSTATUS ProtocolStatus
  306. );
  307. NTSTATUS
  308. MspSetProcessOption(
  309. IN PLSA_CLIENT_REQUEST ClientRequest,
  310. IN PVOID ProtocolSubmitBuffer,
  311. IN PVOID ClientBufferBase,
  312. IN ULONG SubmitBufferSize,
  313. OUT PVOID *ProtocolReturnBuffer,
  314. OUT PULONG ReturnBufferSize,
  315. OUT PNTSTATUS ProtocolStatus
  316. );
  317. ///////////////////////////////////////////////////////////////////////
  318. // //
  319. // NETLOGON routines visible to main msv1_0 code //
  320. // //
  321. ///////////////////////////////////////////////////////////////////////
  322. NTSTATUS
  323. NlInitialize(
  324. VOID
  325. );
  326. NTSTATUS
  327. MspLm20LogonUser (
  328. IN PLSA_CLIENT_REQUEST ClientRequest,
  329. IN SECURITY_LOGON_TYPE LogonType,
  330. IN PVOID AuthenticationInformation,
  331. IN PVOID ClientAuthenticationBase,
  332. IN ULONG AuthenticationInformationSize,
  333. OUT PVOID *ProfileBuffer,
  334. OUT PULONG ProfileBufferSize,
  335. OUT PLUID LogonId,
  336. OUT PNTSTATUS SubStatus,
  337. OUT PLSA_TOKEN_INFORMATION_TYPE TokenInformationType,
  338. OUT PVOID *TokenInformation
  339. );
  340. VOID
  341. MsvLm20LogonTerminated (
  342. IN PLUID LogonId
  343. );
  344. ///////////////////////////////////////////////////////////////////////
  345. // //
  346. // Global variables //
  347. // //
  348. ///////////////////////////////////////////////////////////////////////
  349. //
  350. // Variables defined in msvars.c
  351. //
  352. extern ULONG MspAuthenticationPackageId;
  353. extern LSA_SECPKG_FUNCTION_TABLE Lsa;
  354. //
  355. // Change password log support routines
  356. //
  357. #ifndef DONT_LOG_PASSWORD_CHANGES
  358. ULONG
  359. MsvPaswdInitializeLog(
  360. VOID
  361. );
  362. ULONG
  363. MsvPaswdSetAndClearLog(
  364. VOID
  365. );
  366. ULONG
  367. MsvPaswdCloseLog(
  368. VOID
  369. );
  370. VOID
  371. MsvPaswdLogPrintRoutine(
  372. IN LPSTR Format,
  373. ...
  374. );
  375. #define MsvPaswdLogPrint( x ) MsvPaswdLogPrintRoutine x
  376. #else
  377. #define MsvPaswdInitializeLog()
  378. #define MsvPaswdCloseLog()
  379. #define MsvPaswdLogPrint( x )
  380. #define MsvPaswdSetAndClearLog()
  381. #endif
  382. #endif // _MSP_