newlib/winsup/cygwin/cyglsa.h
Corinna Vinschen c68cb84e88 * cyglsa.h (SECURITY_STRING): Define.
(enum _SECPKG_NAME_TYPE): Define.
	(struct _SECPKG_CALL_INFO): Define.
	(struct _LSA_SECPKG_FUNCS): Extend to full size.  Define unused
	functions lazily.
	(cygprf_t): Define.
	* sec_auth.cc (lsaauth): Use actual primary group if no admins group.
	Add (disabled) code to fetch token from profil data.
2008-07-10 18:01:25 +00:00

210 lines
6.7 KiB
C

/* cyglsa.h: Header file for Cygwin LSA authentication
Copyright 2006 Red Hat, Inc.
Written by Corinna Vinschen <corinna@vinschen.de>
This file is part of Cygwin.
This software is a copyrighted work licensed under the terms of the
Cygwin license. Please consult the file "CYGWIN_LICENSE" for details. */
#ifndef _CYGLSA_H
#define _CYGLSA_H
#ifdef __cplusplus
extern "C" {
#endif
#define CYG_LSA_PKGNAME "CygwinLsa"
#define CYG_LSA_MAGIC 0x0379f014LU
/* Datastructures not defined in w32api. */
typedef PVOID *PLSA_CLIENT_REQUEST;
typedef UNICODE_STRING SECURITY_STRING, *PSECURITY_STRING;
typedef struct _SECPKG_CLIENT_INFO
{
LUID LogonId;
ULONG ProcessID;
ULONG ThreadID;
BOOLEAN HasTcbPrivilege;
BOOLEAN Impersonating;
BOOLEAN Restricted;
} SECPKG_CLIENT_INFO, *PSECPKG_CLIENT_INFO;
typedef enum _SECPKG_NAME_TYPE
{
SecNameSamCompatible,
SecNameAlternateId,
SecNameFlat,
SecNameDN,
SecNameSPN
} SECPKG_NAME_TYPE, *PSECPKG_NAME_TYPE;
typedef struct _SECPKG_CALL_INFO
{
ULONG ProcessId;
ULONG ThreadId;
ULONG Attributes;
ULONG CallCount;
} SECPKG_CALL_INFO, *PSECPKG_CALL_INFO;
/* The table returned by LsaApInitializePackage is actually a
LSA_SECPKG_FUNCTION_TABLE even though that's not documented.
We need only a subset of this table, basically the LSA_DISPATCH_TABLE
plus the pointer to the GetClientInfo function. */
typedef struct _LSA_SECPKG_FUNCS
{
NTSTATUS (NTAPI *CreateLogonSession)(PLUID);
NTSTATUS (NTAPI *DeleteLogonSession)(PLUID);
NTSTATUS (NTAPI *AddCredentials)(PLUID, ULONG, PLSA_STRING, PLSA_STRING);
NTSTATUS (NTAPI *GetCredentials)(PVOID); /* wrong prototype, unused */
NTSTATUS (NTAPI *DeleteCredentials)(PVOID); /* wrong prototype, unused */
PVOID (NTAPI *AllocateLsaHeap)(ULONG);
VOID (NTAPI *FreeLsaHeap)(PVOID);
NTSTATUS (NTAPI *AllocateClientBuffer)(PLSA_CLIENT_REQUEST, ULONG, PVOID *);
NTSTATUS (NTAPI *FreeClientBuffer)(PLSA_CLIENT_REQUEST, PVOID);
NTSTATUS (NTAPI *CopyToClientBuffer)(PLSA_CLIENT_REQUEST, ULONG,
PVOID, PVOID);
NTSTATUS (NTAPI *CopyFromClientBuffer)(PLSA_CLIENT_REQUEST, ULONG,
PVOID, PVOID);
NTSTATUS (NTAPI *ImpersonateClient)(VOID);
NTSTATUS (NTAPI *UnloadPackage)(VOID);
NTSTATUS (NTAPI *DuplicateHandle)(HANDLE, PHANDLE);
NTSTATUS (NTAPI *SaveSupplementalCredentials)(VOID);
NTSTATUS (NTAPI *CreateThread)(PVOID); /* wrong prototype, unused */
NTSTATUS (NTAPI *GetClientInfo)(PSECPKG_CLIENT_INFO);
NTSTATUS (NTAPI *RegisterNotification)(PVOID); /* wrong prototype, unused */
NTSTATUS (NTAPI *CancelNotification)(PVOID); /* wrong prototype, unused */
NTSTATUS (NTAPI *MapBuffer)(PVOID); /* wrong prototype, unused */
NTSTATUS (NTAPI *CreateToken)(PVOID); /* wrong prototype, unused */
NTSTATUS (NTAPI *AuditLogon)(PVOID); /* wrong prototype, unused */
NTSTATUS (NTAPI *CallPackage)(PVOID); /* wrong prototype, unused */
NTSTATUS (NTAPI *FreeReturnBuffer)(PVOID); /* wrong prototype, unused */
BOOLEAN (NTAPI *GetCallInfo)(PSECPKG_CALL_INFO);
NTSTATUS (NTAPI *CallPackageEx)(PVOID); /* wrong prototype, unused */
NTSTATUS (NTAPI *CreateSharedMemory)(PVOID); /* wrong prototype, unused */
NTSTATUS (NTAPI *AllocateSharedMemory)(PVOID); /* wrong prototype, unused */
NTSTATUS (NTAPI *FreeSharedMemory)(PVOID); /* wrong prototype, unused */
NTSTATUS (NTAPI *DeleteSharedMemory)(PVOID); /* wrong prototype, unused */
NTSTATUS (NTAPI *OpenSamUser)(PSECURITY_STRING, SECPKG_NAME_TYPE,
PSECURITY_STRING, BOOLEAN, ULONG, PVOID *);
NTSTATUS (NTAPI *GetUserCredentials)(PVOID, PVOID, PULONG, PVOID *, PULONG);
NTSTATUS (NTAPI *GetUserAuthData)(PVOID, PUCHAR *, PULONG);
NTSTATUS (NTAPI *CloseSamUser)(PVOID);
NTSTATUS (NTAPI *ConvertAuthDataToToken)(PVOID, ULONG,
SECURITY_IMPERSONATION_LEVEL,
PTOKEN_SOURCE, SECURITY_LOGON_TYPE,
PUNICODE_STRING, PHANDLE, PLUID,
PUNICODE_STRING, PNTSTATUS);
NTSTATUS (NTAPI *ClientCallback)(PVOID); /* wrong prototype, unused */
NTSTATUS (NTAPI *UpdateCredentials)(PVOID); /* wrong prototype, unused */
NTSTATUS (NTAPI *GetAuthDataForUser)(PSECURITY_STRING, SECPKG_NAME_TYPE,
PSECURITY_STRING, PUCHAR *, PULONG,
PUNICODE_STRING);
NTSTATUS (NTAPI *CrackSingleName)(PVOID); /* wrong prototype, unused */
NTSTATUS (NTAPI *AuditAccountLogon)(PVOID); /* wrong prototype, unused */
NTSTATUS (NTAPI *CallPackagePassthrough)(PVOID); /* wrong prototype, unused */
} LSA_SECPKG_FUNCS, *PLSA_SECPKG_FUNCS;
typedef enum _LSA_TOKEN_INFORMATION_TYPE
{
LsaTokenInformationNull,
LsaTokenInformationV1,
LsaTokenInformationV2
} LSA_TOKEN_INFORMATION_TYPE, *PLSA_TOKEN_INFORMATION_TYPE;
typedef struct _LSA_TOKEN_INFORMATION_V2
{
LARGE_INTEGER ExpirationTime;
TOKEN_USER User;
PTOKEN_GROUPS Groups;
TOKEN_PRIMARY_GROUP PrimaryGroup;
PTOKEN_PRIVILEGES Privileges;
TOKEN_OWNER Owner;
TOKEN_DEFAULT_DACL DefaultDacl;
} LSA_TOKEN_INFORMATION_V2, *PLSA_TOKEN_INFORMATION_V2;
/* These structures are eqivalent to the appropriate Windows structures,
using 32 bit offsets instead of pointers. These datastructures are
used to transfer the logon information to the LSA authentication package.
We can't use the LSA_TOKEN_INFORMATION_V2 structure directly, because
its size differs between 32 bit and 64 bit Windows. */
typedef DWORD OFFSET;
typedef struct _CYG_SID_AND_ATTRIBUTES
{
OFFSET Sid;
DWORD Attributes;
} CYG_SID_AND_ATTRIBUTES, *PCYG_SID_AND_ATTRIBUTES;
typedef struct _CYG_TOKEN_USER
{
CYG_SID_AND_ATTRIBUTES User;
} CYG_TOKEN_USER, *PCYG_TOKEN_USER;
typedef struct _CYG_TOKEN_GROUPS
{
DWORD GroupCount;
CYG_SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY];
} CYG_TOKEN_GROUPS, *PCYG_TOKEN_GROUPS;
typedef struct _CYG_TOKEN_PRIMARY_GROUP
{
OFFSET PrimaryGroup;
} CYG_TOKEN_PRIMARY_GROUP, *PCYG_TOKEN_PRIMARY_GROUP;
typedef struct _CYG_TOKEN_OWNER
{
OFFSET Owner;
} CYG_TOKEN_OWNER, *PCYG_TOKEN_OWNER;
typedef struct _CYG_TOKEN_DEFAULT_DACL
{
OFFSET DefaultDacl;
} CYG_TOKEN_DEFAULT_DACL, *PCYG_TOKEN_DEFAULT_DACL;
typedef struct _CYG_LSA_TOKEN_INFORMATION
{
LARGE_INTEGER ExpirationTime;
CYG_TOKEN_USER User;
OFFSET Groups;
CYG_TOKEN_PRIMARY_GROUP PrimaryGroup;
OFFSET Privileges;
CYG_TOKEN_OWNER Owner;
CYG_TOKEN_DEFAULT_DACL DefaultDacl;
} CYG_LSA_TOKEN_INFORMATION, *PCYG_LSA_TOKEN_INFORMATION;
/* This is the structure created by security.cc:lsaauth(), which is given to
LsaApLogonUser to create the token information returned to the LSA. */
typedef struct
{
DWORD magic;
DWORD checksum;
CHAR username[UNLEN + 1];
CHAR domain[INTERNET_MAX_HOST_NAME_LENGTH + 1];
ULONG inf_size;
CYG_LSA_TOKEN_INFORMATION inf;
BYTE data[1];
} cyglsa_t;
typedef struct
{
DWORD magic_pre;
HANDLE token;
DWORD magic_post;
} cygprf_t;
#define MAGIC_PRE 0x12345678UL
#define MAGIC_POST 0x87654321UL
#ifdef __cplusplus
}
#endif
#endif /* _CYGLSA_H */