Windows2003-3790/public/internal/ds/inc/logonmsv.h
2020-09-30 16:53:55 +02:00

756 lines
23 KiB
C

/*++
Copyright (c) 1987-1991 Microsoft Corporation
Module Name:
logonmsv.h
Abstract:
Definition of API's to the Netlogon service which are callable
by the MSV1_0 authentication package.
Author:
Cliff Van Dyke (cliffv) 23-Jun-1991
Environment:
User mode only.
Contains NT-specific code.
Requires ANSI C extensions: slash-slash comments, long external names.
Revision History:
--*/
#ifndef __LOGONMSV_H__
#define __LOGONMSV_H__
#include <lsass.h> // OLD_LARGE_INTEGER
//
// Name of secret in LSA secret storage where account passwords are kept.
//
#define SSI_SECRET_PREFIX L"$"
#define SSI_SECRET_PREFIX_LENGTH 1
#define SSI_SECRET_POSTFIX L"MACHINE.ACC"
#define SSI_SECRET_NAME L"$MACHINE.ACC"
//
// Name of the event used to synchronize between the security process and
// the service controller.
//
#define SECURITY_SERVICES_STARTED L"SECURITY_SERVICES_STARTED"
//
// The structures supporting remote logon APIs
//
typedef CYPHER_BLOCK NETLOGON_CREDENTIAL, *PNETLOGON_CREDENTIAL ;
typedef struct _NETLOGON_AUTHENTICATOR {
NETLOGON_CREDENTIAL Credential;
DWORD timestamp;
} NETLOGON_AUTHENTICATOR, *PNETLOGON_AUTHENTICATOR ;
typedef struct _NETLOGON_SESSION_KEY {
BYTE Key[CRYPT_TXT_LEN * 2];
} NETLOGON_SESSION_KEY, *PNETLOGON_SESSION_KEY;
typedef enum _NETLOGON_SECURE_CHANNEL_TYPE {
NullSecureChannel = 0,
MsvApSecureChannel,
WorkstationSecureChannel,
TrustedDnsDomainSecureChannel,
TrustedDomainSecureChannel,
UasServerSecureChannel,
ServerSecureChannel
} NETLOGON_SECURE_CHANNEL_TYPE;
#define IsDomainSecureChannelType( _T ) \
( (_T) == TrustedDnsDomainSecureChannel || \
(_T) == TrustedDomainSecureChannel )
//
// Input information to NetLogonSamLogon.
//
// begin_ntsubauth
typedef enum _NETLOGON_LOGON_INFO_CLASS {
NetlogonInteractiveInformation = 1,
NetlogonNetworkInformation,
NetlogonServiceInformation,
NetlogonGenericInformation,
NetlogonInteractiveTransitiveInformation,
NetlogonNetworkTransitiveInformation,
NetlogonServiceTransitiveInformation
} NETLOGON_LOGON_INFO_CLASS;
typedef struct _NETLOGON_LOGON_IDENTITY_INFO {
UNICODE_STRING LogonDomainName;
ULONG ParameterControl;
OLD_LARGE_INTEGER LogonId;
UNICODE_STRING UserName;
UNICODE_STRING Workstation;
} NETLOGON_LOGON_IDENTITY_INFO,
*PNETLOGON_LOGON_IDENTITY_INFO;
typedef struct _NETLOGON_INTERACTIVE_INFO {
NETLOGON_LOGON_IDENTITY_INFO Identity;
LM_OWF_PASSWORD LmOwfPassword;
NT_OWF_PASSWORD NtOwfPassword;
} NETLOGON_INTERACTIVE_INFO,
*PNETLOGON_INTERACTIVE_INFO;
typedef struct _NETLOGON_SERVICE_INFO {
NETLOGON_LOGON_IDENTITY_INFO Identity;
LM_OWF_PASSWORD LmOwfPassword;
NT_OWF_PASSWORD NtOwfPassword;
} NETLOGON_SERVICE_INFO, *PNETLOGON_SERVICE_INFO;
typedef struct _NETLOGON_NETWORK_INFO {
NETLOGON_LOGON_IDENTITY_INFO Identity;
LM_CHALLENGE LmChallenge;
STRING NtChallengeResponse;
STRING LmChallengeResponse;
} NETLOGON_NETWORK_INFO, *PNETLOGON_NETWORK_INFO;
typedef struct _NETLOGON_GENERIC_INFO {
NETLOGON_LOGON_IDENTITY_INFO Identity;
UNICODE_STRING PackageName;
ULONG DataLength;
#ifdef MIDL_PASS
[size_is(DataLength)]
#endif
PUCHAR LogonData;
} NETLOGON_GENERIC_INFO, *PNETLOGON_GENERIC_INFO;
// end_ntsubauth
//
// Structure to pass a SID_AND_ATTRIBUTES over the network.
//
typedef struct _NETLOGON_SID_AND_ATTRIBUTES {
#if defined(MIDL_PASS) || defined(RPC_SERVER)
PISID Sid;
#else
PSID Sid;
#endif
ULONG Attributes;
} NETLOGON_SID_AND_ATTRIBUTES, *PNETLOGON_SID_AND_ATTRIBUTES;
//
// Values of ParameterControl
//
// (Obsolete: Use the ParameterControl values from ntmsv1_0.h)
#define CLEARTEXT_PASSWORD_ALLOWED 0x02 // Challenge response fields may
// actually be clear text passwords.
//
// Output information to NetLogonSamLogon.
//
typedef enum _NETLOGON_VALIDATION_INFO_CLASS {
NetlogonValidationUasInfo = 1,
NetlogonValidationSamInfo,
NetlogonValidationSamInfo2,
NetlogonValidationGenericInfo,
NetlogonValidationGenericInfo2,
NetlogonValidationSamInfo4
} NETLOGON_VALIDATION_INFO_CLASS;
typedef struct _NETLOGON_VALIDATION_SAM_INFO {
//
// Information retrieved from SAM.
//
OLD_LARGE_INTEGER LogonTime; // 0 for Network logon
OLD_LARGE_INTEGER LogoffTime;
OLD_LARGE_INTEGER KickOffTime;
OLD_LARGE_INTEGER PasswordLastSet; // 0 for Network logon
OLD_LARGE_INTEGER PasswordCanChange; // 0 for Network logon
OLD_LARGE_INTEGER PasswordMustChange; // 0 for Network logon
UNICODE_STRING EffectiveName; // 0 for Network logon
UNICODE_STRING FullName; // 0 for Network logon
UNICODE_STRING LogonScript; // 0 for Network logon
UNICODE_STRING ProfilePath; // 0 for Network logon
UNICODE_STRING HomeDirectory; // 0 for Network logon
UNICODE_STRING HomeDirectoryDrive; // 0 for Network logon
USHORT LogonCount; // 0 for Network logon
USHORT BadPasswordCount; // 0 for Network logon
ULONG UserId;
ULONG PrimaryGroupId;
ULONG GroupCount;
#ifdef MIDL_PASS
[size_is(GroupCount)]
#endif // MIDL_PASS
PGROUP_MEMBERSHIP GroupIds;
//
// Information supplied by the MSV AP/Netlogon service.
//
ULONG UserFlags;
USER_SESSION_KEY UserSessionKey;
UNICODE_STRING LogonServer;
UNICODE_STRING LogonDomainName;
#if defined(MIDL_PASS) || defined(RPC_SERVER)
PISID LogonDomainId;
#else
PSID LogonDomainId;
#endif
ULONG ExpansionRoom[10]; // Put new fields here
} NETLOGON_VALIDATION_SAM_INFO, *PNETLOGON_VALIDATION_SAM_INFO ;
//
// New output information for NetLogonSamLogon. This structure is identical
// to the above structure with some new fields added at the end.
//
typedef struct _NETLOGON_VALIDATION_SAM_INFO2 {
//
// Information retrieved from SAM.
//
OLD_LARGE_INTEGER LogonTime; // 0 for Network logon
OLD_LARGE_INTEGER LogoffTime;
OLD_LARGE_INTEGER KickOffTime;
OLD_LARGE_INTEGER PasswordLastSet; // 0 for Network logon
OLD_LARGE_INTEGER PasswordCanChange; // 0 for Network logon
OLD_LARGE_INTEGER PasswordMustChange; // 0 for Network logon
UNICODE_STRING EffectiveName; // 0 for Network logon
UNICODE_STRING FullName; // 0 for Network logon
UNICODE_STRING LogonScript; // 0 for Network logon
UNICODE_STRING ProfilePath; // 0 for Network logon
UNICODE_STRING HomeDirectory; // 0 for Network logon
UNICODE_STRING HomeDirectoryDrive; // 0 for Network logon
USHORT LogonCount; // 0 for Network logon
USHORT BadPasswordCount; // 0 for Network logon
ULONG UserId;
ULONG PrimaryGroupId;
ULONG GroupCount;
#ifdef MIDL_PASS
[size_is(GroupCount)]
#endif // MIDL_PASS
PGROUP_MEMBERSHIP GroupIds;
//
// Information supplied by the MSV AP/Netlogon service.
//
ULONG UserFlags;
USER_SESSION_KEY UserSessionKey;
UNICODE_STRING LogonServer;
UNICODE_STRING LogonDomainName;
#if defined(MIDL_PASS) || defined(RPC_SERVER)
PISID LogonDomainId;
#else
PSID LogonDomainId;
#endif
ULONG ExpansionRoom[10]; // Put new fields here
//
// The new fields in this structure are a count and a pointer to
// an array of SIDs and attributes.
//
ULONG SidCount;
#ifdef MIDL_PASS
[size_is(SidCount)]
#endif // MIDL_PASS
PNETLOGON_SID_AND_ATTRIBUTES ExtraSids;
} NETLOGON_VALIDATION_SAM_INFO2, *PNETLOGON_VALIDATION_SAM_INFO2 ;
//
// Info level 3 is a version used internally by kerberos. It never appears on the wire.
//
typedef struct _NETLOGON_VALIDATION_SAM_INFO3 {
//
// Information retrieved from SAM.
//
OLD_LARGE_INTEGER LogonTime; // 0 for Network logon
OLD_LARGE_INTEGER LogoffTime;
OLD_LARGE_INTEGER KickOffTime;
OLD_LARGE_INTEGER PasswordLastSet; // 0 for Network logon
OLD_LARGE_INTEGER PasswordCanChange; // 0 for Network logon
OLD_LARGE_INTEGER PasswordMustChange; // 0 for Network logon
UNICODE_STRING EffectiveName; // 0 for Network logon
UNICODE_STRING FullName; // 0 for Network logon
UNICODE_STRING LogonScript; // 0 for Network logon
UNICODE_STRING ProfilePath; // 0 for Network logon
UNICODE_STRING HomeDirectory; // 0 for Network logon
UNICODE_STRING HomeDirectoryDrive; // 0 for Network logon
USHORT LogonCount; // 0 for Network logon
USHORT BadPasswordCount; // 0 for Network logon
ULONG UserId;
ULONG PrimaryGroupId;
ULONG GroupCount;
#ifdef MIDL_PASS
[size_is(GroupCount)]
#endif // MIDL_PASS
PGROUP_MEMBERSHIP GroupIds;
//
// Information supplied by the MSV AP/Netlogon service.
//
ULONG UserFlags;
USER_SESSION_KEY UserSessionKey;
UNICODE_STRING LogonServer;
UNICODE_STRING LogonDomainName;
#if defined(MIDL_PASS) || defined(RPC_SERVER)
PISID LogonDomainId;
#else
PSID LogonDomainId;
#endif
ULONG ExpansionRoom[10]; // Put new fields here
//
// The new fields in this structure are a count and a pointer to
// an array of SIDs and attributes.
//
ULONG SidCount;
#ifdef MIDL_PASS
[size_is(SidCount)]
#endif // MIDL_PASS
PNETLOGON_SID_AND_ATTRIBUTES ExtraSids;
//
// Resource groups. These are present if LOGON_RESOURCE_GROUPS bit is
// set in the user flags
//
#if defined(MIDL_PASS) || defined(RPC_SERVER)
PISID ResourceGroupDomainSid;
#else
PSID ResourceGroupDomainSid;
#endif
ULONG ResourceGroupCount;
#ifdef MIDL_PASS
[size_is(ResourceGroupCount)]
#endif // MIDL_PASS
PGROUP_MEMBERSHIP ResourceGroupIds;
} NETLOGON_VALIDATION_SAM_INFO3, *PNETLOGON_VALIDATION_SAM_INFO3 ;
//
// New output information for NetLogonSamLogon. This structure is identical
// to the NETLOGON_VALIDATION_SAM_INFO2 with some new fields added at the end.
//
// This version was introduced in Whistler.
//
typedef struct _NETLOGON_VALIDATION_SAM_INFO4 {
//
// Information retrieved from SAM.
//
OLD_LARGE_INTEGER LogonTime; // 0 for Network logon
OLD_LARGE_INTEGER LogoffTime;
OLD_LARGE_INTEGER KickOffTime;
OLD_LARGE_INTEGER PasswordLastSet; // 0 for Network logon
OLD_LARGE_INTEGER PasswordCanChange; // 0 for Network logon
OLD_LARGE_INTEGER PasswordMustChange; // 0 for Network logon
UNICODE_STRING EffectiveName; // 0 for Network logon
UNICODE_STRING FullName; // 0 for Network logon
UNICODE_STRING LogonScript; // 0 for Network logon
UNICODE_STRING ProfilePath; // 0 for Network logon
UNICODE_STRING HomeDirectory; // 0 for Network logon
UNICODE_STRING HomeDirectoryDrive; // 0 for Network logon
USHORT LogonCount; // 0 for Network logon
USHORT BadPasswordCount; // 0 for Network logon
ULONG UserId;
ULONG PrimaryGroupId;
ULONG GroupCount;
#ifdef MIDL_PASS
[size_is(GroupCount)]
#endif // MIDL_PASS
PGROUP_MEMBERSHIP GroupIds;
//
// Information supplied by the MSV AP/Netlogon service.
//
ULONG UserFlags;
USER_SESSION_KEY UserSessionKey;
UNICODE_STRING LogonServer;
UNICODE_STRING LogonDomainName;
#if defined(MIDL_PASS) || defined(RPC_SERVER)
PISID LogonDomainId;
#else
PSID LogonDomainId;
#endif
//
// The First two longwords (8 bytes) of ExpansionRoom are reserved for the
// LanManSession Key.
//
#define SAMINFO_LM_SESSION_KEY 0
#define SAMINFO_LM_SESSION_KEY_EXT 1
#define SAMINFO_LM_SESSION_KEY_SIZE (2*sizeof(ULONG))
//
// The third longword (4 bytes) of ExpansionRoom is the user account
// control flag from the account.
//
#define SAMINFO_USER_ACCOUNT_CONTROL 2
#define SAMINFO_USER_ACCOUNT_CONTROL_SIZE sizeof(ULONG)
//
// The fourth longword (4 bytes) of ExpansionRoom is for the status
// returned for subauth users, not from subauth packages (NT5 onwards)
//
#define SAMINFO_SUBAUTH_STATUS 3
#define SAMINFO_SUBAUTH_STATUS_SIZE sizeof(ULONG)
ULONG ExpansionRoom[10]; // Put new fields here
//
// The new fields in this structure are a count and a pointer to
// an array of SIDs and attributes.
//
ULONG SidCount;
#ifdef MIDL_PASS
[size_is(SidCount)]
#endif // MIDL_PASS
PNETLOGON_SID_AND_ATTRIBUTES ExtraSids;
//
// New fields added for version 4 of the structure
//
UNICODE_STRING DnsLogonDomainName; // Dns version of LogonDomainName
UNICODE_STRING Upn; // UPN of the user account
UNICODE_STRING ExpansionString1; // Put new strings here
UNICODE_STRING ExpansionString2; // Put new strings here
UNICODE_STRING ExpansionString3; // Put new strings here
UNICODE_STRING ExpansionString4; // Put new strings here
UNICODE_STRING ExpansionString5; // Put new strings here
UNICODE_STRING ExpansionString6; // Put new strings here
UNICODE_STRING ExpansionString7; // Put new strings here
UNICODE_STRING ExpansionString8; // Put new strings here
UNICODE_STRING ExpansionString9; // Put new strings here
UNICODE_STRING ExpansionString10; // Put new strings here
} NETLOGON_VALIDATION_SAM_INFO4, *PNETLOGON_VALIDATION_SAM_INFO4 ;
// This structure is bogus since it doesn't have a size_is
// Everyone should use the generic info2 structure
typedef struct _NETLOGON_VALIDATION_GENERIC_INFO {
ULONG DataLength;
PUCHAR ValidationData;
} NETLOGON_VALIDATION_GENERIC_INFO, *PNETLOGON_VALIDATION_GENERIC_INFO;
typedef struct _NETLOGON_VALIDATION_GENERIC_INFO2 {
ULONG DataLength;
#ifdef MIDL_PASS
[size_is(DataLength)]
#endif // MIDL_PASS
PUCHAR ValidationData;
} NETLOGON_VALIDATION_GENERIC_INFO2, *PNETLOGON_VALIDATION_GENERIC_INFO2;
//
// S4U Delegation Info
//
typedef struct _S4U_DELEGATION_INFO {
UNICODE_STRING S4U2proxyTarget;
ULONG TransitedListSize;
#ifdef MIDL_PASS
[size_is(TransitedListSize)]
#endif // MIDL_PASS
PUNICODE_STRING S4UTransitedServices;
} S4U_DELEGATION_INFO, * PS4U_DELEGATION_INFO;
//
// Status codes that indicate the password is bad and the call should
// be passed through to the PDC of the domain.
//
#define BAD_PASSWORD( _x ) \
((_x) == STATUS_WRONG_PASSWORD || \
(_x) == STATUS_PASSWORD_EXPIRED || \
(_x) == STATUS_PASSWORD_MUST_CHANGE || \
(_x) == STATUS_ACCOUNT_LOCKED_OUT )
//
// Error status codes from the PDC that indicate that the bad password
// count should be zeroed locally on the BDC.
//
#define ZERO_BAD_PWD_COUNT( _x ) \
((_x) == STATUS_PASSWORD_EXPIRED || \
(_x) == STATUS_PASSWORD_MUST_CHANGE )
//
// The actual logon and logoff routines.
//
// The following 2 procedure definitions must match
NTSTATUS
I_NetLogonSamLogon(
IN LPWSTR LogonServer OPTIONAL,
IN LPWSTR ComputerName OPTIONAL,
IN PNETLOGON_AUTHENTICATOR Authenticator OPTIONAL,
OUT PNETLOGON_AUTHENTICATOR ReturnAuthenticator OPTIONAL,
IN NETLOGON_LOGON_INFO_CLASS LogonLevel,
IN LPBYTE LogonInformation,
IN NETLOGON_VALIDATION_INFO_CLASS ValidationLevel,
OUT LPBYTE * ValidationInformation,
OUT PBOOLEAN Authoritative
);
typedef NTSTATUS
(*PNETLOGON_SAM_LOGON_PROCEDURE)(
IN LPWSTR LogonServer OPTIONAL,
IN LPWSTR ComputerName OPTIONAL,
IN PNETLOGON_AUTHENTICATOR Authenticator OPTIONAL,
OUT PNETLOGON_AUTHENTICATOR ReturnAuthenticator OPTIONAL,
IN NETLOGON_LOGON_INFO_CLASS LogonLevel,
IN LPBYTE LogonInformation,
IN NETLOGON_VALIDATION_INFO_CLASS ValidationLevel,
OUT LPBYTE * ValidationInformation,
OUT PBOOLEAN Authoritative
);
//
// Values of ExtraFlags
//
// For OS earlier that WIN 2K. This field didn't exist.
//
// A WIN 2K client always passes zero and ignores the return.
// A WIN 2K server always returns what it is passed.
//
// A whistler client can pass the NETLOGON_SUPPORTS_CROSS_FOREST bits and ignores the return.
// A whistler server always returns what it is passed.
//
// In all cases, the flags correspond to the hop at hand. Each hop computes which flags it
// want to pass to the next hop. It will only set bits that it understands.
//
// Flags introduced with NETLOGON_SUPPORTS_CROSS_FOREST
#define NL_EXFLAGS_EXPEDITE_TO_ROOT 0x0001 // Pass this request to DC at root of forest
#define NL_EXFLAGS_CROSS_FOREST_HOP 0x0002 // Request is first hop over cross forest trust TDO
NTSTATUS
I_NetLogonSamLogonEx (
IN PVOID ContextHandle,
IN LPWSTR LogonServer OPTIONAL,
IN LPWSTR ComputerName OPTIONAL,
IN NETLOGON_LOGON_INFO_CLASS LogonLevel,
IN LPBYTE LogonInformation,
IN NETLOGON_VALIDATION_INFO_CLASS ValidationLevel,
OUT LPBYTE * ValidationInformation,
OUT PBOOLEAN Authoritative,
IN OUT PULONG ExtraFlags,
OUT PBOOLEAN RpcFailed
);
NTSTATUS
I_NetLogonSamLogonWithFlags (
IN LPWSTR LogonServer OPTIONAL,
IN LPWSTR ComputerName OPTIONAL,
IN PNETLOGON_AUTHENTICATOR Authenticator OPTIONAL,
OUT PNETLOGON_AUTHENTICATOR ReturnAuthenticator OPTIONAL,
IN NETLOGON_LOGON_INFO_CLASS LogonLevel,
IN LPBYTE LogonInformation,
IN NETLOGON_VALIDATION_INFO_CLASS ValidationLevel,
OUT LPBYTE * ValidationInformation,
OUT PBOOLEAN Authoritative,
IN OUT PULONG ExtraFlags
);
// The following 2 procedure definitions must match
NTSTATUS
I_NetLogonSamLogoff (
IN LPWSTR LogonServer OPTIONAL,
IN LPWSTR ComputerName OPTIONAL,
IN PNETLOGON_AUTHENTICATOR Authenticator OPTIONAL,
OUT PNETLOGON_AUTHENTICATOR ReturnAuthenticator OPTIONAL,
IN NETLOGON_LOGON_INFO_CLASS LogonLevel,
IN LPBYTE LogonInformation
);
typedef NTSTATUS
(*PNETLOGON_SAM_LOGOFF_PROCEDURE) (
IN LPWSTR LogonServer OPTIONAL,
IN LPWSTR ComputerName OPTIONAL,
IN PNETLOGON_AUTHENTICATOR Authenticator OPTIONAL,
OUT PNETLOGON_AUTHENTICATOR ReturnAuthenticator OPTIONAL,
IN NETLOGON_LOGON_INFO_CLASS LogonLevel,
IN LPBYTE LogonInformation
);
//
// Actual logon/logoff routines for Cairo
//
NET_API_STATUS
NetlogonInitialize(
PVOID Context
);
NTSTATUS
NetlogonSamLogon (
IN NETLOGON_LOGON_INFO_CLASS LogonLevel,
IN LPBYTE LogonInformation,
IN NETLOGON_VALIDATION_INFO_CLASS ValidationLevel,
OUT LPBYTE *ValidationInformation,
OUT PBOOLEAN Authoritative
);
//
// Routine to get a list of NT DC's in the specified domain.
//
NET_API_STATUS NET_API_FUNCTION
I_NetGetDCList (
IN LPWSTR ServerName OPTIONAL,
IN LPWSTR TrustedDomainName,
OUT PULONG DCCount,
OUT PUNICODE_STRING * DCNames
);
//
// Validation routine which lives in msv1_0.dll
//
NTSTATUS
MsvSamValidate (
IN SAM_HANDLE DomainHandle,
IN BOOLEAN UasCompatibilityRequired,
IN NETLOGON_SECURE_CHANNEL_TYPE SecureChannelType,
IN PUNICODE_STRING LogonServer,
IN PUNICODE_STRING LogonDomainName,
IN PSID LogonDomainId,
IN NETLOGON_LOGON_INFO_CLASS LogonLevel,
IN PVOID LogonInformation,
IN NETLOGON_VALIDATION_INFO_CLASS ValidationLevel,
OUT PVOID * ValidationInformation,
OUT PBOOLEAN Authoritative,
OUT PBOOLEAN BadPasswordCountZeroed,
IN DWORD AccountsToTry
);
//
// Routine to get running number of logon attempts which lives in msv1_0.dll
//
ULONG
MsvGetLogonAttemptCount (
VOID
);
// Values for AccountsToTry
#define MSVSAM_SPECIFIED 0x01 // Try specified account
#define MSVSAM_GUEST 0x02 // Try guest account
NTSTATUS
MsvSamLogoff (
IN SAM_HANDLE DomainHandle,
IN NETLOGON_LOGON_INFO_CLASS LogonLevel,
IN PVOID LogonInformation
);
// begin_ntsubauth
// Values for Flags
#define MSV1_0_PASSTHRU 0x01
#define MSV1_0_GUEST_LOGON 0x02
NTSTATUS NTAPI
Msv1_0SubAuthenticationRoutine(
IN NETLOGON_LOGON_INFO_CLASS LogonLevel,
IN PVOID LogonInformation,
IN ULONG Flags,
IN PUSER_ALL_INFORMATION UserAll,
OUT PULONG WhichFields,
OUT PULONG UserFlags,
OUT PBOOLEAN Authoritative,
OUT PLARGE_INTEGER LogoffTime,
OUT PLARGE_INTEGER KickoffTime
);
typedef struct _MSV1_0_VALIDATION_INFO {
LARGE_INTEGER LogoffTime;
LARGE_INTEGER KickoffTime;
UNICODE_STRING LogonServer;
UNICODE_STRING LogonDomainName;
USER_SESSION_KEY SessionKey;
BOOLEAN Authoritative;
ULONG UserFlags;
ULONG WhichFields;
ULONG UserId;
} MSV1_0_VALIDATION_INFO, *PMSV1_0_VALIDATION_INFO;
// values for WhichFields
#define MSV1_0_VALIDATION_LOGOFF_TIME 0x00000001
#define MSV1_0_VALIDATION_KICKOFF_TIME 0x00000002
#define MSV1_0_VALIDATION_LOGON_SERVER 0x00000004
#define MSV1_0_VALIDATION_LOGON_DOMAIN 0x00000008
#define MSV1_0_VALIDATION_SESSION_KEY 0x00000010
#define MSV1_0_VALIDATION_USER_FLAGS 0x00000020
#define MSV1_0_VALIDATION_USER_ID 0x00000040
// legal values for ActionsPerformed
#define MSV1_0_SUBAUTH_ACCOUNT_DISABLED 0x00000001
#define MSV1_0_SUBAUTH_PASSWORD 0x00000002
#define MSV1_0_SUBAUTH_WORKSTATIONS 0x00000004
#define MSV1_0_SUBAUTH_LOGON_HOURS 0x00000008
#define MSV1_0_SUBAUTH_ACCOUNT_EXPIRY 0x00000010
#define MSV1_0_SUBAUTH_PASSWORD_EXPIRY 0x00000020
#define MSV1_0_SUBAUTH_ACCOUNT_TYPE 0x00000040
#define MSV1_0_SUBAUTH_LOCKOUT 0x00000080
NTSTATUS NTAPI
Msv1_0SubAuthenticationRoutineEx(
IN NETLOGON_LOGON_INFO_CLASS LogonLevel,
IN PVOID LogonInformation,
IN ULONG Flags,
IN PUSER_ALL_INFORMATION UserAll,
IN SAM_HANDLE UserHandle,
IN OUT PMSV1_0_VALIDATION_INFO ValidationInfo,
OUT PULONG ActionsPerformed
);
NTSTATUS NTAPI
Msv1_0SubAuthenticationRoutineGeneric(
IN PVOID SubmitBuffer,
IN ULONG SubmitBufferLength,
OUT PULONG ReturnBufferLength,
OUT PVOID *ReturnBuffer
);
NTSTATUS NTAPI
Msv1_0SubAuthenticationFilter(
IN NETLOGON_LOGON_INFO_CLASS LogonLevel,
IN PVOID LogonInformation,
IN ULONG Flags,
IN PUSER_ALL_INFORMATION UserAll,
OUT PULONG WhichFields,
OUT PULONG UserFlags,
OUT PBOOLEAN Authoritative,
OUT PLARGE_INTEGER LogoffTime,
OUT PLARGE_INTEGER KickoffTime
);
// end_ntsubauth
#endif // __LOGONMSV_H__