182 lines
4.3 KiB
C++
182 lines
4.3 KiB
C++
//+---------------------------------------------------------------------------
|
|
//
|
|
// Microsoft Windows
|
|
// Copyright (C) Microsoft Corporation, 1992 - 1996.
|
|
//
|
|
// File: lsa.hxx
|
|
//
|
|
// Contents:
|
|
//
|
|
// Classes:
|
|
//
|
|
// Functions: None.
|
|
//
|
|
// History: 15-May-96 MarkBl Created
|
|
//
|
|
//----------------------------------------------------------------------------
|
|
|
|
#ifndef __LSA_HXX__
|
|
#define __LSA_HXX__
|
|
|
|
#define MAX_SECRET_SIZE 65536 // Maximum LSA secret size
|
|
#define HASH_DATA_SIZE 64 // MD5 hash data size, less salt.
|
|
#define LAST_HASH_BYTE(pbHashedData) pbHashedData[HASH_DATA_SIZE-1]
|
|
#define USN_SIZE (sizeof(DWORD))
|
|
#define SAC_HEADER_SIZE (USN_SIZE + sizeof(DWORD))
|
|
#define SAI_HEADER_SIZE (USN_SIZE + sizeof(DWORD))
|
|
|
|
//
|
|
// With scavenger cleanup of the SAI/SAC information in the LSA, this marker,
|
|
// a sequence of bytes, is used to mark identity/credential entries pending
|
|
// removal. To mark an entry for removal, the initial marker size number of
|
|
// entry bytes are overwritten with this marker.
|
|
//
|
|
// Size of the following sequence of ANSI characters (see lsa.cxx):
|
|
// DELETED_ENTRY
|
|
//
|
|
extern BYTE grgbDeletedEntryMarker[];
|
|
#define DELETED_ENTRY_MARKER_SIZE 13
|
|
#define DELETED_ENTRY(pb) \
|
|
(memcmp(pb, grgbDeletedEntryMarker, DELETED_ENTRY_MARKER_SIZE) == 0)
|
|
#define MARK_DELETED_ENTRY(pb) { \
|
|
CopyMemory(pb, grgbDeletedEntryMarker, DELETED_ENTRY_MARKER_SIZE); \
|
|
}
|
|
|
|
#ifdef NOSTATIC
|
|
#define STATIC
|
|
#else
|
|
#define STATIC static
|
|
#endif
|
|
|
|
HRESULT ReadSecurityDBase(
|
|
DWORD * pcbSAI,
|
|
BYTE ** ppbSAI,
|
|
DWORD * pcbSAC,
|
|
BYTE ** ppbSAC);
|
|
|
|
HRESULT WriteSecurityDBase(
|
|
DWORD cbSAI,
|
|
BYTE * pbSAI,
|
|
DWORD cbSAC,
|
|
BYTE * pbSAC);
|
|
|
|
HRESULT SACAddCredential(
|
|
BYTE * pbCredentialIdentity,
|
|
DWORD cbEncryptedData,
|
|
BYTE * pbEncryptedData,
|
|
DWORD * pcbSAC,
|
|
BYTE ** ppbSAC);
|
|
|
|
HRESULT SACFindCredential (
|
|
BYTE * pbCredentialIdentity,
|
|
DWORD cbSAC,
|
|
BYTE * pbSAC,
|
|
DWORD * pdwCredentialIndex,
|
|
DWORD * pcbEncryptedData,
|
|
BYTE ** ppbFoundCredential);
|
|
|
|
HRESULT SACIndexCredential(
|
|
DWORD dwCredentialIndex,
|
|
DWORD cbSAC,
|
|
BYTE * pbSAC,
|
|
DWORD * pcbCredential,
|
|
BYTE ** ppbFoundCredential);
|
|
|
|
HRESULT SACRemoveCredential(
|
|
DWORD CredentialIndex,
|
|
DWORD * pcbSAC,
|
|
BYTE ** ppbSAC);
|
|
|
|
HRESULT SACUpdateCredential(
|
|
DWORD cbEncryptedData,
|
|
BYTE * pbEncryptedData,
|
|
DWORD cbPrevCredential,
|
|
BYTE * pbPrevCredential,
|
|
DWORD * pcbSAC,
|
|
BYTE ** ppbSAC);
|
|
|
|
HRESULT SAIAddIdentity(
|
|
BYTE * pbIdentity,
|
|
DWORD * pcbSAI,
|
|
BYTE ** ppbSAI);
|
|
|
|
HRESULT SAIFindIdentity(
|
|
BYTE * pbIdentity,
|
|
DWORD cbSAI,
|
|
BYTE * pbSAI,
|
|
DWORD * pdwCredentialIndex,
|
|
BOOL * pfIsPasswordNull = NULL,
|
|
BYTE ** ppbFoundIdentity = NULL,
|
|
DWORD * pdwSetSubCount = NULL,
|
|
BYTE ** ppbSet = NULL);
|
|
|
|
HRESULT SAIIndexIdentity(
|
|
DWORD cbSAI,
|
|
BYTE * pbSAI,
|
|
DWORD dwSetArrayIndex,
|
|
DWORD dwSetIndex,
|
|
BYTE ** ppbFoundIdentity = NULL,
|
|
DWORD * pdwSetSubCount = NULL,
|
|
BYTE ** ppbSet = NULL);
|
|
|
|
HRESULT SAIInsertIdentity(
|
|
BYTE * pbIdentity,
|
|
BYTE * pbSAIIndex,
|
|
DWORD * pcbSAI,
|
|
BYTE ** ppbSAI);
|
|
|
|
HRESULT SAIRemoveIdentity(
|
|
BYTE * pbJobIdentity,
|
|
BYTE * pbSet,
|
|
DWORD * pcbSAI,
|
|
BYTE ** ppbSAI,
|
|
DWORD CredentialIndex,
|
|
DWORD * pcbSAC,
|
|
BYTE ** ppbSAC);
|
|
|
|
HRESULT SAIUpdateIdentity(
|
|
const BYTE * pbNewIdentity,
|
|
BYTE * pbFoundIdentity,
|
|
DWORD cbSAI,
|
|
BYTE * pbSAI);
|
|
|
|
HRESULT SACCoalesceDeletedEntries(
|
|
DWORD * pcbSAC,
|
|
BYTE ** ppbSAC);
|
|
|
|
HRESULT SAICoalesceDeletedEntries(
|
|
DWORD * pcbSAI,
|
|
BYTE ** ppbSAI);
|
|
|
|
void ScavengeSASecurityDBase(void);
|
|
|
|
HRESULT ReadLsaData(
|
|
WORD cbKey,
|
|
LPCWSTR pwszKey,
|
|
DWORD * pcbData,
|
|
BYTE ** ppbData);
|
|
|
|
HRESULT WriteLsaData(
|
|
WORD cbKey,
|
|
LPCWSTR pwszKey,
|
|
DWORD cbData,
|
|
BYTE * pbData);
|
|
|
|
HRESULT DeleteLsaData(
|
|
WORD cbKey,
|
|
LPCWSTR pwszKey);
|
|
|
|
void SetMysteryDWORDValue(
|
|
void);
|
|
|
|
#if DBG == 1
|
|
#define ASSERT_SECURITY_DBASE_CORRUPT() { \
|
|
schAssert( \
|
|
0 && "Scheduling Agent security database corruption detected!"); \
|
|
}
|
|
#else
|
|
#define ASSERT_SECURITY_DBASE_CORRUPT()
|
|
#endif // DBG
|
|
|
|
#endif // __LSA_HXX__
|