newlib/winsup/cygwin/cyglsa.h
Corinna Vinschen 9a51257715 Change length for domain buffers from INTERNET_MAX_HOST_NAME_LENGTH to
MAX_DOMAIN_NAME_LEN throughout.
	* cyglsa.h (CYG_LSA_MAGIC): New value.
	(cyglsa_t): Define username and domain as WCHAR arrays.
	* errno.cc (errmap): Add mapping for ERROR_NONE_MAPPED.
	* sec_auth.cc: Drop 'w' prefix from WCHAR string variable names where
	appropriate.
	(extract_nt_dom_user): Prefer resolving by SID before resolving by
	domain\name pair.
	(cygwin_logon_user): Don't print cleartext password in debug output.
	Change comment.
	(get_user_groups): Revert calls to LookupAccountNameW to use NULL
	server instead of explicit server name, according to MSDN.
	(get_user_local_groups): Ditto.
	(get_server_groups): Fetch domain and user name from usersid per
	LookupAccountSidW instead of calling extract_nt_dom_user.
	(lsaauth): Fetch domain and user name from usersid per LookupAccountSidW
	instead of calling extract_nt_dom_user.
	* sec_helper.cc (cygpriv): Convert to wchar_t pointer array.
	(privilege_luid): Convert first parameter to  PWCHAR.
	(privilege_name): Return wchar_t pointer.
	(set_privileges): Accommodate debug output.
	* security.h (privilege_luid): Change prototype accordingly.
2008-07-11 10:00:36 +00:00

214 lines
6.9 KiB
C

/* cyglsa.h: Header file for Cygwin LSA authentication
Copyright 2006 Red Hat, Inc.
Written by Corinna Vinschen <corinna@vinschen.de>
This file is part of Cygwin.
This software is a copyrighted work licensed under the terms of the
Cygwin license. Please consult the file "CYGWIN_LICENSE" for details. */
#ifndef _CYGLSA_H
#define _CYGLSA_H
#ifdef __cplusplus
extern "C" {
#endif
#define CYG_LSA_PKGNAME "CygwinLsa"
#define CYG_LSA_MAGIC_OLD1 0x0379f014LU
/* First change to cyglsa_t.
- Username and domain are now of type WCHAR instead of char.
- domain is MAX_DOMAIN_NAME_LEN instead of INTERNET_MAX_HOST_NAME_LENGTH. */
#define CYG_LSA_MAGIC 0x0379f115LU
/* Datastructures not defined in w32api. */
typedef PVOID *PLSA_CLIENT_REQUEST;
typedef UNICODE_STRING SECURITY_STRING, *PSECURITY_STRING;
typedef struct _SECPKG_CLIENT_INFO
{
LUID LogonId;
ULONG ProcessID;
ULONG ThreadID;
BOOLEAN HasTcbPrivilege;
BOOLEAN Impersonating;
BOOLEAN Restricted;
} SECPKG_CLIENT_INFO, *PSECPKG_CLIENT_INFO;
typedef enum _SECPKG_NAME_TYPE
{
SecNameSamCompatible,
SecNameAlternateId,
SecNameFlat,
SecNameDN,
SecNameSPN
} SECPKG_NAME_TYPE, *PSECPKG_NAME_TYPE;
typedef struct _SECPKG_CALL_INFO
{
ULONG ProcessId;
ULONG ThreadId;
ULONG Attributes;
ULONG CallCount;
} SECPKG_CALL_INFO, *PSECPKG_CALL_INFO;
/* The table returned by LsaApInitializePackage is actually a
LSA_SECPKG_FUNCTION_TABLE even though that's not documented.
We need only a subset of this table, basically the LSA_DISPATCH_TABLE
plus the pointer to the GetClientInfo function. */
typedef struct _LSA_SECPKG_FUNCS
{
NTSTATUS (NTAPI *CreateLogonSession)(PLUID);
NTSTATUS (NTAPI *DeleteLogonSession)(PLUID);
NTSTATUS (NTAPI *AddCredentials)(PLUID, ULONG, PLSA_STRING, PLSA_STRING);
NTSTATUS (NTAPI *GetCredentials)(PVOID); /* wrong prototype, unused */
NTSTATUS (NTAPI *DeleteCredentials)(PVOID); /* wrong prototype, unused */
PVOID (NTAPI *AllocateLsaHeap)(ULONG);
VOID (NTAPI *FreeLsaHeap)(PVOID);
NTSTATUS (NTAPI *AllocateClientBuffer)(PLSA_CLIENT_REQUEST, ULONG, PVOID *);
NTSTATUS (NTAPI *FreeClientBuffer)(PLSA_CLIENT_REQUEST, PVOID);
NTSTATUS (NTAPI *CopyToClientBuffer)(PLSA_CLIENT_REQUEST, ULONG,
PVOID, PVOID);
NTSTATUS (NTAPI *CopyFromClientBuffer)(PLSA_CLIENT_REQUEST, ULONG,
PVOID, PVOID);
NTSTATUS (NTAPI *ImpersonateClient)(VOID);
NTSTATUS (NTAPI *UnloadPackage)(VOID);
NTSTATUS (NTAPI *DuplicateHandle)(HANDLE, PHANDLE);
NTSTATUS (NTAPI *SaveSupplementalCredentials)(VOID);
NTSTATUS (NTAPI *CreateThread)(PVOID); /* wrong prototype, unused */
NTSTATUS (NTAPI *GetClientInfo)(PSECPKG_CLIENT_INFO);
NTSTATUS (NTAPI *RegisterNotification)(PVOID); /* wrong prototype, unused */
NTSTATUS (NTAPI *CancelNotification)(PVOID); /* wrong prototype, unused */
NTSTATUS (NTAPI *MapBuffer)(PVOID); /* wrong prototype, unused */
NTSTATUS (NTAPI *CreateToken)(PVOID); /* wrong prototype, unused */
NTSTATUS (NTAPI *AuditLogon)(PVOID); /* wrong prototype, unused */
NTSTATUS (NTAPI *CallPackage)(PVOID); /* wrong prototype, unused */
NTSTATUS (NTAPI *FreeReturnBuffer)(PVOID); /* wrong prototype, unused */
BOOLEAN (NTAPI *GetCallInfo)(PSECPKG_CALL_INFO);
NTSTATUS (NTAPI *CallPackageEx)(PVOID); /* wrong prototype, unused */
NTSTATUS (NTAPI *CreateSharedMemory)(PVOID); /* wrong prototype, unused */
NTSTATUS (NTAPI *AllocateSharedMemory)(PVOID); /* wrong prototype, unused */
NTSTATUS (NTAPI *FreeSharedMemory)(PVOID); /* wrong prototype, unused */
NTSTATUS (NTAPI *DeleteSharedMemory)(PVOID); /* wrong prototype, unused */
NTSTATUS (NTAPI *OpenSamUser)(PSECURITY_STRING, SECPKG_NAME_TYPE,
PSECURITY_STRING, BOOLEAN, ULONG, PVOID *);
NTSTATUS (NTAPI *GetUserCredentials)(PVOID, PVOID, PULONG, PVOID *, PULONG);
NTSTATUS (NTAPI *GetUserAuthData)(PVOID, PUCHAR *, PULONG);
NTSTATUS (NTAPI *CloseSamUser)(PVOID);
NTSTATUS (NTAPI *ConvertAuthDataToToken)(PVOID, ULONG,
SECURITY_IMPERSONATION_LEVEL,
PTOKEN_SOURCE, SECURITY_LOGON_TYPE,
PUNICODE_STRING, PHANDLE, PLUID,
PUNICODE_STRING, PNTSTATUS);
NTSTATUS (NTAPI *ClientCallback)(PVOID); /* wrong prototype, unused */
NTSTATUS (NTAPI *UpdateCredentials)(PVOID); /* wrong prototype, unused */
NTSTATUS (NTAPI *GetAuthDataForUser)(PSECURITY_STRING, SECPKG_NAME_TYPE,
PSECURITY_STRING, PUCHAR *, PULONG,
PUNICODE_STRING);
NTSTATUS (NTAPI *CrackSingleName)(PVOID); /* wrong prototype, unused */
NTSTATUS (NTAPI *AuditAccountLogon)(PVOID); /* wrong prototype, unused */
NTSTATUS (NTAPI *CallPackagePassthrough)(PVOID); /* wrong prototype, unused */
} LSA_SECPKG_FUNCS, *PLSA_SECPKG_FUNCS;
typedef enum _LSA_TOKEN_INFORMATION_TYPE
{
LsaTokenInformationNull,
LsaTokenInformationV1,
LsaTokenInformationV2
} LSA_TOKEN_INFORMATION_TYPE, *PLSA_TOKEN_INFORMATION_TYPE;
typedef struct _LSA_TOKEN_INFORMATION_V2
{
LARGE_INTEGER ExpirationTime;
TOKEN_USER User;
PTOKEN_GROUPS Groups;
TOKEN_PRIMARY_GROUP PrimaryGroup;
PTOKEN_PRIVILEGES Privileges;
TOKEN_OWNER Owner;
TOKEN_DEFAULT_DACL DefaultDacl;
} LSA_TOKEN_INFORMATION_V2, *PLSA_TOKEN_INFORMATION_V2;
/* These structures are eqivalent to the appropriate Windows structures,
using 32 bit offsets instead of pointers. These datastructures are
used to transfer the logon information to the LSA authentication package.
We can't use the LSA_TOKEN_INFORMATION_V2 structure directly, because
its size differs between 32 bit and 64 bit Windows. */
typedef DWORD OFFSET;
typedef struct _CYG_SID_AND_ATTRIBUTES
{
OFFSET Sid;
DWORD Attributes;
} CYG_SID_AND_ATTRIBUTES, *PCYG_SID_AND_ATTRIBUTES;
typedef struct _CYG_TOKEN_USER
{
CYG_SID_AND_ATTRIBUTES User;
} CYG_TOKEN_USER, *PCYG_TOKEN_USER;
typedef struct _CYG_TOKEN_GROUPS
{
DWORD GroupCount;
CYG_SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY];
} CYG_TOKEN_GROUPS, *PCYG_TOKEN_GROUPS;
typedef struct _CYG_TOKEN_PRIMARY_GROUP
{
OFFSET PrimaryGroup;
} CYG_TOKEN_PRIMARY_GROUP, *PCYG_TOKEN_PRIMARY_GROUP;
typedef struct _CYG_TOKEN_OWNER
{
OFFSET Owner;
} CYG_TOKEN_OWNER, *PCYG_TOKEN_OWNER;
typedef struct _CYG_TOKEN_DEFAULT_DACL
{
OFFSET DefaultDacl;
} CYG_TOKEN_DEFAULT_DACL, *PCYG_TOKEN_DEFAULT_DACL;
typedef struct _CYG_LSA_TOKEN_INFORMATION
{
LARGE_INTEGER ExpirationTime;
CYG_TOKEN_USER User;
OFFSET Groups;
CYG_TOKEN_PRIMARY_GROUP PrimaryGroup;
OFFSET Privileges;
CYG_TOKEN_OWNER Owner;
CYG_TOKEN_DEFAULT_DACL DefaultDacl;
} CYG_LSA_TOKEN_INFORMATION, *PCYG_LSA_TOKEN_INFORMATION;
/* This is the structure created by security.cc:lsaauth(), which is given to
LsaApLogonUser to create the token information returned to the LSA. */
typedef struct
{
DWORD magic;
DWORD checksum;
WCHAR username[UNLEN + 1];
WCHAR domain[MAX_DOMAIN_NAME_LEN + 1];
ULONG inf_size;
CYG_LSA_TOKEN_INFORMATION inf;
BYTE data[1];
} cyglsa_t;
typedef struct
{
DWORD magic_pre;
HANDLE token;
DWORD magic_post;
} cygprf_t;
#define MAGIC_PRE 0x12345678UL
#define MAGIC_POST 0x87654321UL
#ifdef __cplusplus
}
#endif
#endif /* _CYGLSA_H */