Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

490 lines
17 KiB

  1. /*++
  2. Copyright (c) Microsoft Corporation. All rights reserved.
  3. Module Name:
  4. netlogon.h
  5. Abstract:
  6. Definition of mailslot messages and Internal APIs to the Netlogon service.
  7. This file is shared by the Netlogon service, the Workstation service,
  8. the XACT server, and the MSV1_0 authentication package.
  9. Author:
  10. Cliff Van Dyke (cliffv) 16-May-1991
  11. Environment:
  12. User mode only.
  13. Contains NT-specific code.
  14. Requires ANSI C extensions: slash-slash comments, long external names.
  15. Revision History:
  16. 16-May-1991 (cliffv)
  17. Ported from LanMan 2.1.
  18. 02-Jan-1992 (madana)
  19. added support for builtin/multidomain replication.
  20. --*/
  21. #ifndef _NETLOGON_H_
  22. #define _NETLOGON_H_
  23. #include <smbtypes.h> // need by smbgtpt.h
  24. #include <smbgtpt.h> // SmbPutUlong
  25. //
  26. // define version bit
  27. //
  28. // All netlogon messages that are compatible to NT VERSION 1 will
  29. // have the following bit set in the version field of the message
  30. // otherwise the message will not be processed by this version
  31. // of software. In addition to this the message should carry NT
  32. // token in it.
  33. //
  34. #define NETLOGON_NT_VERSION_1 0x00000001
  35. //
  36. // Starting in NT 5.0, some messages became more DS/DNS aware. Those
  37. // messages additionally have the following bits set to indicate the
  38. // presence of the additional fields.
  39. #define NETLOGON_NT_VERSION_5 0x00000002
  40. //
  41. // Starting in NT 5.0, some client can handle the _EX version of
  42. // logon responses.
  43. #define NETLOGON_NT_VERSION_5EX 0x00000004
  44. //
  45. // 5EX responses in mailslot messages will also include the IP address of
  46. // the responding DC.
  47. //
  48. #define NETLOGON_NT_VERSION_5EX_WITH_IP 0x00000008
  49. //
  50. // Set on Logon requests to indicate caller is querying for a PDC.
  51. #define NETLOGON_NT_VERSION_PDC 0x10000000
  52. //
  53. // Set on Logon requests to indicate caller is querying for a DC running IP
  54. #define NETLOGON_NT_VERSION_IP 0x20000000
  55. //
  56. // Set on Logon requests to indicate caller is local machine
  57. #define NETLOGON_NT_VERSION_LOCAL 0x40000000
  58. //
  59. // Set on Logon requests to indicate caller is querying for a GC.
  60. #define NETLOGON_NT_VERSION_GC 0x80000000
  61. //
  62. // Set on Logon requests to indicate caller wants to avoid NT4.0 emulation.
  63. #define NETLOGON_NT_VERSION_AVOID_NT4EMUL 0x01000000
  64. //
  65. //
  66. //
  67. // Name of the mailslot the Netlogon service listens to.
  68. //
  69. #define NETLOGON_LM_MAILSLOT_W L"\\MAILSLOT\\NET\\NETLOGON"
  70. #define NETLOGON_LM_MAILSLOT_A "\\MAILSLOT\\NET\\NETLOGON"
  71. #define NETLOGON_LM_MAILSLOT_LEN 22 // Length in characters (w/o NULL)
  72. #define NETLOGON_NT_MAILSLOT_W L"\\MAILSLOT\\NET\\NTLOGON"
  73. #define NETLOGON_NT_MAILSLOT_A "\\MAILSLOT\\NET\\NTLOGON"
  74. #define NETLOGON_NT_MAILSLOT_LEN 21 // Length in characters (w/o NULL)
  75. //
  76. // Opcodes for netlogon mailslot data
  77. //
  78. #define LOGON_REQUEST 0 // LM1.0/2.0 LOGON Request from client
  79. #define LOGON_RESPONSE 1 // LM1.0 Response to LOGON_REQUEST
  80. #define LOGON_CENTRAL_QUERY 2 // LM1.0 QUERY for centralized init
  81. #define LOGON_DISTRIB_QUERY 3 // LM1.0 QUERY for non-centralized init
  82. #define LOGON_CENTRAL_RESPONSE 4 // LM1.0 response to LOGON_CENTRAL_QUERY
  83. #define LOGON_DISTRIB_RESPONSE 5 // LM1.0 resp to LOGON_DISTRIB_QUERY
  84. #define LOGON_RESPONSE2 6 // LM2.0 Response to LOGON_REQUEST
  85. #define LOGON_PRIMARY_QUERY 7 // QUERY for Primary DC
  86. #define LOGON_START_PRIMARY 8 // announce startup of Primary DC
  87. #define LOGON_FAIL_PRIMARY 9 // announce failed Primary DC
  88. #define LOGON_UAS_CHANGE 10 // announce change to UAS or SAM
  89. #define LOGON_NO_USER 11 // announce no user on machine
  90. #define LOGON_PRIMARY_RESPONSE 12 // response to LOGON_PRIMARY_QUERY
  91. #define LOGON_RELOGON_RESPONSE 13 // LM1.0/2.0 resp to relogn request
  92. #define LOGON_WKSTINFO_RESPONSE 14 // LM1.0/2.0 resp to interrogate request
  93. #define LOGON_PAUSE_RESPONSE 15 // LM2.0 resp when NETLOGON is paused
  94. #define LOGON_USER_UNKNOWN 16 // LM2.0 response when user is unknown
  95. #define LOGON_UPDATE_ACCOUNT 17 // LM2.1 announce account updates
  96. #define LOGON_SAM_LOGON_REQUEST 18 // SAM LOGON request from client
  97. #define LOGON_SAM_LOGON_RESPONSE 19 // SAM Response to SAM logon request
  98. #define LOGON_SAM_PAUSE_RESPONSE 20 // SAM response when NETLOGON is paused
  99. #define LOGON_SAM_USER_UNKNOWN 21 // SAM response when user is unknown
  100. #define LOGON_SAM_LOGON_RESPONSE_EX 23 // SAM Response to SAM logon request
  101. #define LOGON_SAM_PAUSE_RESPONSE_EX 24 // SAM response when NETLOGON is paused
  102. #define LOGON_SAM_USER_UNKNOWN_EX 25 // SAM response when user is unknown
  103. //
  104. // These structures are defined for their maximum case. In many instances,
  105. // the strings are packed immediately following one another. In that case
  106. // the comments below indicate that the offset of certain fields should
  107. // not be used.
  108. //
  109. //
  110. // NETLOGON_LOGON_QUERY:
  111. //
  112. // This structure is used for the following Opcodes:
  113. // LOGON_PRIMARY_QUERY, (all LanMan versions)
  114. // LOGON_CENTRAL_QUERY, (LM 1.0 only)
  115. // LOGON_CENTRAL_RESPONSE, (LM 1.0 only)
  116. // LOGON_DISTRIB_QUERY, (LM 1.0 only)
  117. // LOGON_DISTRIB_RESPONSE. (LM 1.0 only)
  118. //
  119. //
  120. typedef struct _NETLOGON_LOGON_QUERY {
  121. USHORT Opcode;
  122. CHAR ComputerName[LM20_CNLEN+1]; // This field is always ASCII.
  123. CHAR MailslotName[LM20_PATHLEN]; // Do not use offset of this field
  124. //
  125. // This field is always ASCII.
  126. //
  127. CHAR Pad; // Possible pad to WCHAR boundary
  128. WCHAR UnicodeComputerName[CNLEN+1]; // Do not use offset of this field
  129. //
  130. // This field is only present if
  131. // this is a LOGON_PRIMARY_QUERY
  132. // from an NT system.
  133. //
  134. _ULONG (NtVersion); // Do not use offset of this field
  135. _USHORT (LmNtToken); // Do not use offset of this field
  136. _USHORT (Lm20Token); // Do not use offset of this field
  137. } NETLOGON_LOGON_QUERY, * PNETLOGON_LOGON_QUERY;
  138. //
  139. // NETLOGON_LOGON_REQUEST
  140. //
  141. // This structure is used for the following Opcodes:
  142. // LOGON_REQUEST (LM 1.0 and LM 2.0 Only)
  143. //
  144. typedef struct _NETLOGON_LOGON_REQUEST {
  145. USHORT Opcode;
  146. CHAR ComputerName[LM20_CNLEN+1];
  147. CHAR UserName[LM20_UNLEN+1]; // Do not use offset of this field
  148. CHAR MailslotName[LM20_PATHLEN+1]; // Do not use offset of this field
  149. //
  150. // This field is always ASCII.
  151. //
  152. _USHORT (RequestCount); // Do not use offset of this field
  153. _USHORT (Lm20Token); // Do not use offset of this field
  154. } NETLOGON_LOGON_REQUEST, * PNETLOGON_LOGON_REQUEST;
  155. //
  156. // NETLOGON_LOGON_RESPONSE:
  157. //
  158. // This structure is used for the following Opcodes:
  159. // LOGON_RESPONSE (To LM 1.0 clients only).
  160. //
  161. typedef struct _NETLOGON_LOGON_RESPONSE {
  162. USHORT Opcode;
  163. CHAR UseName[2 + LM20_CNLEN + 1 + LM20_NNLEN +1];
  164. CHAR ScriptName[(2*LM20_PATHLEN) + LM20_UNLEN + LM20_CNLEN + LM20_NNLEN + 8]; // Do not use offset of this field
  165. } NETLOGON_LOGON_RESPONSE, *PNETLOGON_LOGON_RESPONSE;
  166. //
  167. // NETLOGON_PRIMARY
  168. //
  169. // This structure is used for the following Opcodes:
  170. // LOGON_START_PRIMARY
  171. // LOGON_PRIMARY_RESPONSE
  172. //
  173. typedef struct _NETLOGON_PRIMARY {
  174. USHORT Opcode;
  175. CHAR PrimaryDCName[LM20_CNLEN + 1]; // This field is always ASCII.
  176. //
  177. // The following fields are only present if this message is from
  178. // an NT system.
  179. //
  180. CHAR Pad; // Possible pad to WCHAR boundary
  181. WCHAR UnicodePrimaryDCName[CNLEN+1]; // Do not use offset of this field
  182. WCHAR UnicodeDomainName[DNLEN+1]; // Do not use offset of this field
  183. _ULONG (NtVersion); // Do not use offset of this field
  184. _USHORT (LmNtToken); // Do not use offset of this field
  185. _USHORT (Lm20Token); // Do not use offset of this field
  186. } NETLOGON_PRIMARY, * PNETLOGON_PRIMARY;
  187. //
  188. // NETLOGON_FAIL_PRIMARY
  189. //
  190. // This structure is used for the following Opcodes:
  191. // LOGON_FAIL_PRIMARY (All LanMan versions)
  192. //
  193. typedef struct _NETLOGON_FAIL_PRIMARY {
  194. USHORT Opcode;
  195. _ULONG (NtVersion); // Do not use offset of this field
  196. _USHORT (LmNtToken); // Do not use offset of this field
  197. _USHORT (Lm20Token); // Do not use offset of this field
  198. } NETLOGON_FAIL_PRIMARY, *PNETLOGON_FAIL_PRIMARY;
  199. //
  200. // NETLOGON_LOGON_RESPONSE2
  201. //
  202. // This structure is used for the following Opcodes:
  203. // LOGON_RESPONSE2 (LM 2.0 only)
  204. // LOGON_USER_UNKNOWN (LM 2.0 only)
  205. // LOGON_PAUSE_RESPONSE (LM 2.0 only)
  206. //
  207. typedef struct _NETLOGON_LOGON_RESPONSE2 {
  208. USHORT Opcode;
  209. CHAR LogonServer[LM20_UNCLEN+1];
  210. _USHORT (Lm20Token); // Do not use offset of this field
  211. } NETLOGON_LOGON_RESPONSE2, *PNETLOGON_LOGON_RESPONSE2;
  212. //
  213. // The following structures are densely packed to be compatible with LM2.0.
  214. // Poorly aligned fields should only be accessed using the SmbPut and SmbGet
  215. // family of macros.
  216. //
  217. //
  218. // Force misalignment of the following structures
  219. //
  220. #ifndef NO_PACKING
  221. #include <packon.h>
  222. #endif // ndef NO_PACKING
  223. //
  224. // NETLOGON_UAS_CHANGE
  225. //
  226. // This structure is used for the following Opcodes:
  227. // LOGON_UAS_CHANGE
  228. //
  229. //
  230. // DB_CHANGE_INFO structure contains per database change info.
  231. //
  232. typedef struct _DB_CHANGE_INFO {
  233. DWORD DBIndex;
  234. LARGE_INTEGER LargeSerialNumber;
  235. LARGE_INTEGER NtDateAndTime;
  236. } DB_CHANGE_INFO, *PDB_CHANGE_INFO;
  237. //
  238. // NETLOGON_DB_STRUCTURE contains common change info for all databases and
  239. // array of per database change info. First half of this structure is
  240. // identical to downlevel NETLOGON_UAS_CHANGE message and contains SAM
  241. // database change info.
  242. //
  243. typedef struct _NETLOGON_DB_CHANGE {
  244. USHORT Opcode;
  245. _ULONG (LowSerialNumber);
  246. _ULONG (DateAndTime);
  247. _ULONG (Pulse);
  248. _ULONG (Random);
  249. CHAR PrimaryDCName[LM20_CNLEN + 1];
  250. CHAR DomainName[LM20_DNLEN + 1]; // Do not use offset of this field
  251. //
  252. // The following fields are only present if this message is from
  253. // an NT system.
  254. //
  255. CHAR Pad; // Possible pad to WCHAR boundary
  256. WCHAR UnicodePrimaryDCName[CNLEN+1]; // Do not use offset of this field
  257. WCHAR UnicodeDomainName[DNLEN+1]; // Do not use offset of this field
  258. DWORD DBCount; // Do not use offset of this field
  259. DB_CHANGE_INFO DBChangeInfo[1]; // Do not use offset of this field
  260. DWORD DomainSidSize; // Do not use offset of this field
  261. CHAR DomainSid[1]; // Do not use offset of this field
  262. _ULONG (NtVersion); // Do not use offset of this field
  263. _USHORT (LmNtToken); // Do not use offset of this field
  264. _USHORT (Lm20Token); // Do not use offset of this field
  265. } NETLOGON_DB_CHANGE, *PNETLOGON_DB_CHANGE;
  266. //
  267. // Turn structure packing back off
  268. //
  269. #ifndef NO_PACKING
  270. #include <packoff.h>
  271. #endif // ndef NO_PACKING
  272. //
  273. // NETLOGON_SAM_LOGON_REQUEST
  274. //
  275. // This structure is used for the following Opcodes:
  276. // LOGON_SAM_LOGON_REQUEST (SAM Only)
  277. //
  278. // This message exceeds the maximum size for broadcast mailslot messages. In
  279. // practice, this will only be a problem if the UnicodeUserName is over 100
  280. // characters long.
  281. //
  282. typedef struct _NETLOGON_SAM_LOGON_REQUEST {
  283. USHORT Opcode;
  284. USHORT RequestCount;
  285. WCHAR UnicodeComputerName[CNLEN+1];
  286. WCHAR UnicodeUserName[((64>LM20_UNLEN)?64:LM20_UNLEN)+1]; // Do not use offset of this field
  287. // Note: UNLEN is way too large since
  288. // it makes the message larger than
  289. // 512 bytes.
  290. CHAR MailslotName[LM20_PATHLEN+1]; // Do not use offset of this field
  291. // This field is always ASCII.
  292. _ULONG (AllowableAccountControlBits); // Do not use offset of this field
  293. DWORD DomainSidSize; // Do not use offset of this field
  294. CHAR DomainSid[1]; // Do not use offset of this field
  295. _ULONG (NtVersion); // Do not use offset of this field
  296. _USHORT (LmNtToken); // Do not use offset of this field
  297. _USHORT (Lm20Token); // Do not use offset of this field
  298. } NETLOGON_SAM_LOGON_REQUEST, * PNETLOGON_SAM_LOGON_REQUEST;
  299. //
  300. // NETLOGON_SAM_LOGON_RESPONSE
  301. //
  302. // This structure is used for the following Opcodes:
  303. // LOGON_SAM_LOGON_RESPONSE (SAM only)
  304. // LOGON_SAM_USER_UNKNOWN (SAM only)
  305. // LOGON_SAM_PAUSE_RESPONSE (SAM only)
  306. //
  307. typedef struct _NETLOGON_SAM_LOGON_RESPONSE {
  308. USHORT Opcode;
  309. WCHAR UnicodeLogonServer[UNCLEN+1];
  310. WCHAR UnicodeUserName[((64>LM20_UNLEN)?64:LM20_UNLEN)+1]; // Do not use offset of this field
  311. // Note: UNLEN is way too large since
  312. // it makes the message larger than
  313. // 512 bytes.
  314. WCHAR UnicodeDomainName[DNLEN+1]; // Do not use offset of this field
  315. // The following fields are only present for NETLOGON_NT_VERSION_5
  316. GUID DomainGuid; // Do not use offset of this field
  317. GUID SiteGuid; // Do not use offset of this field
  318. CHAR DnsForestName[256]; // Do not use offset of this field
  319. // This field counted UTF-8
  320. CHAR DnsDomainName[sizeof(WORD)]; // Do not use offset of this field
  321. // This field counted UTF-8
  322. // This field compressed ala RFC 1035
  323. CHAR DnsHostName[sizeof(WORD)]; // Do not use offset of this field
  324. // This field counted UTF-8
  325. // This field compressed ala RFC 1035
  326. _ULONG (DcIpAddress); // Do not use offset of this field
  327. // Host byte order
  328. _ULONG (Flags); // Do not use offset of this field
  329. // The previous fields are only present for NETLOGON_NT_VERSION_5
  330. _ULONG (NtVersion); // Do not use offset of this field
  331. _USHORT (LmNtToken); // Do not use offset of this field
  332. _USHORT (Lm20Token); // Do not use offset of this field
  333. } NETLOGON_SAM_LOGON_RESPONSE, *PNETLOGON_SAM_LOGON_RESPONSE;
  334. //
  335. // NETLOGON_SAM_LOGON_RESPONSE_EX
  336. //
  337. // This structure is used for the following Opcodes:
  338. // LOGON_SAM_LOGON_RESPONSE_EX (SAM only)
  339. // LOGON_SAM_USER_UNKNOWN_EX (SAM only)
  340. // LOGON_SAM_PAUSE_RESPONSE_EX (SAM only)
  341. //
  342. // All character fields are UTF-8 and are compressed ala RFC 1035
  343. typedef struct _NETLOGON_SAM_LOGON_RESPONSE_EX {
  344. USHORT Opcode;
  345. USHORT Sbz;
  346. ULONG Flags;
  347. GUID DomainGuid;
  348. CHAR DnsForestName[256]; // Do not use offset of this field
  349. CHAR DnsDomainName[sizeof(WORD)]; // Do not use offset of this field
  350. CHAR DnsHostName[sizeof(WORD)]; // Do not use offset of this field
  351. CHAR NetbiosDomainName[DNLEN+1]; // Do not use offset of this field
  352. CHAR NetbiosComputerName[UNCLEN+1]; // Do not use offset of this field
  353. CHAR UserName[64]; // Do not use offset of this field
  354. // Note: UNLEN is way too large since
  355. // it makes the message larger than
  356. // 512 bytes.
  357. CHAR DcSiteName[64]; // Do not use offset of this field
  358. CHAR ClientSiteName[64]; // Do not use offset of this field
  359. // The DcSockAddrSize field is only present for NETLOGON_NT_VERSION_5EX_WITH_IP
  360. CHAR(DcSockAddrSize); // Do not use offset of this field
  361. // The next DcSockAddrSize byte are a
  362. // SOCKADDR structure representing the
  363. // IP address of the DC
  364. _ULONG (NtVersion); // Do not use offset of this field
  365. _USHORT (LmNtToken); // Do not use offset of this field
  366. _USHORT (Lm20Token); // Do not use offset of this field
  367. } NETLOGON_SAM_LOGON_RESPONSE_EX, *PNETLOGON_SAM_LOGON_RESPONSE_EX;
  368. #endif // _NETLOGON_H_