archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7 Commits
1 Branch
0 Tags
2.0 GiB
Tree: 9769ad7c3d
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '9769ad7c3d'
${ noResults }
windows-xp/Source/XPSP1/NT/net/upnp/host/upnphost/inc/authhlp.h

82 lines
3.1 KiB
Raw Normal View History

Add source files
4 years ago
  1. /*--
  2. Copyright (c) 1999 Microsoft Corporation
  3. Module Name: AUTHHLP
  4. Abstract: NTLM Authentication for telnetd.
  5. --*/
  7. /****************************************************************************
  8. USAGE
  10. Call AuthHelpValidateUser(A/W), depending on whether the user name and
  11. password are in ANSI or UNICODE strings. The ACL is always in UNICODE
  12. in CE because it is typically read from the registry. The function will
  13. return TRUE if access is allowed and FALSE if it is not allowed.
  15. Access may be denied if the user is not a valid user on the domain, or
  16. if they are not in the Access Control List (ACL).
  17. The ACL is a string, each element separeted by a semicolon, that specifies
  18. the name of a group or user to either allow or deny service to. To specify
  19. a group, put a "@" immediatly before it. To specify either a user or a group
  20. is to be denied access, put a "-" before it.
  23. For instance, ACL = "good_user1; @good_group1; -bad_user1; -@bad_group1; good_user2"
  24. will allow users named good_user1, good_user2, and anyone who is a member of
  25. the group good_group1 access (assuming they've succesfully been authenticated
  26. by NTLM). It will deny access to anyone named bad_user1 and in bad_group1.
  28. The checks are made from left to right, and the check will stop being made
  29. as soon as a match (either positive or negative) is made.
  31. In the above example, if good_user1 is also a member of bad_group1, they will
  32. recieve access because good_user1 came before bad_group1. However, if
  33. good_user2 is a member of bad_group1, they will be denied access because
  34. bad_group1 came before good_user2.
  36. A "*" in the ACL list means that all users are granted access, provided they
  37. have not been disqualified by any of the arguments to the left of the arg
  38. list.
  40. For instance, if ACL = "-bad_user1; *" then all users will be granted
  41. access, except for bad_user1.
  44. IMPORTANT SECURITY CONSIDERATIONS
  46. Note that there is some danger in using this API set over a public network
  47. such as the Internet if the passwords are not encrypted by the calling
  48. application. It is possible for a malicious user to intercept packets sent
  49. to your network application and to learn the password, either on the
  50. Domain or on the CE device, depending on which options are used. Use
  51. this with care.
  54. See the telnetd sample for an example of how to use this API.
  56. ****************************************************************************/
  59. #ifndef _AUTH_H_
  60. #define _AUTH_H_
  62. #ifndef UNDER_CE
  63. #define SECURITY_WIN32
  64. #endif
  66. #include <windows.h>
  67. #include <sspi.h>
  68. #include <issperr.h>
  69. #include <tchar.h>
  71. BOOL AuthHelpValidateUserA(PSTR pszRemoteUser, PSTR pszPassword, TCHAR *pszACL, DWORD dwFlags);
  72. BOOL AuthHelpValidateUserW(PWSTR wszRemoteUser, PWSTR wszPassword, TCHAR *pszACL, DWORD dwFlags);
  73. BOOL AuthHelpValidateUser(TCHAR *pszRemoteUser, TCHAR *pszPassword, TCHAR * pszACL, DWORD dwFlags);
  74. BOOL IsAccessAllowed(TCHAR *pszRemoteUser, TCHAR *pszRemoteUserGroups, TCHAR *pszACL, BOOL fPeek);
  77. BOOL AuthHelpUnload();
  78. BOOL AuthHelpInitialize();
  81. #define AUTH_HELP_FLAGS_NO_NTLM 0x01 // Set if we skip NTLM checking
  82. #endif // _AUTH_H_