1 /* cyglsa.h: Header file for Cygwin LSA authentication
3 Copyright 2006 Red Hat, Inc.
5 Written by Corinna Vinschen <corinna@vinschen.de>
7 This file is part of Cygwin.
9 This software is a copyrighted work licensed under the terms of the
10 Cygwin license. Please consult the file "CYGWIN_LICENSE" for details. */
19 #define CYG_LSA_PKGNAME "CygwinLsa"
21 #define CYG_LSA_MAGIC_OLD1 0x0379f014LU
22 /* First change to cyglsa_t.
23 - Username and domain are now of type WCHAR instead of char.
24 - domain is MAX_DOMAIN_NAME_LEN instead of INTERNET_MAX_HOST_NAME_LENGTH. */
25 #define CYG_LSA_MAGIC 0x0379f115LU
27 /* Datastructures not defined in w32api. */
28 typedef PVOID *PLSA_CLIENT_REQUEST;
30 typedef UNICODE_STRING SECURITY_STRING, *PSECURITY_STRING;
32 typedef struct _SECPKG_CLIENT_INFO
37 BOOLEAN HasTcbPrivilege;
38 BOOLEAN Impersonating;
40 } SECPKG_CLIENT_INFO, *PSECPKG_CLIENT_INFO;
42 typedef enum _SECPKG_NAME_TYPE
49 } SECPKG_NAME_TYPE, *PSECPKG_NAME_TYPE;
51 typedef struct _SECPKG_CALL_INFO
57 } SECPKG_CALL_INFO, *PSECPKG_CALL_INFO;
59 /* The table returned by LsaApInitializePackage is actually a
60 LSA_SECPKG_FUNCTION_TABLE even though that's not documented.
61 We need only a subset of this table, basically the LSA_DISPATCH_TABLE
62 plus the pointer to the GetClientInfo function. */
63 typedef struct _LSA_SECPKG_FUNCS
65 NTSTATUS (NTAPI *CreateLogonSession)(PLUID);
66 NTSTATUS (NTAPI *DeleteLogonSession)(PLUID);
67 NTSTATUS (NTAPI *AddCredentials)(PLUID, ULONG, PLSA_STRING, PLSA_STRING);
68 NTSTATUS (NTAPI *GetCredentials)(PVOID); /* wrong prototype, unused */
69 NTSTATUS (NTAPI *DeleteCredentials)(PVOID); /* wrong prototype, unused */
70 PVOID (NTAPI *AllocateLsaHeap)(ULONG);
71 VOID (NTAPI *FreeLsaHeap)(PVOID);
72 NTSTATUS (NTAPI *AllocateClientBuffer)(PLSA_CLIENT_REQUEST, ULONG, PVOID *);
73 NTSTATUS (NTAPI *FreeClientBuffer)(PLSA_CLIENT_REQUEST, PVOID);
74 NTSTATUS (NTAPI *CopyToClientBuffer)(PLSA_CLIENT_REQUEST, ULONG,
76 NTSTATUS (NTAPI *CopyFromClientBuffer)(PLSA_CLIENT_REQUEST, ULONG,
78 NTSTATUS (NTAPI *ImpersonateClient)(VOID);
79 NTSTATUS (NTAPI *UnloadPackage)(VOID);
80 NTSTATUS (NTAPI *DuplicateHandle)(HANDLE, PHANDLE);
81 NTSTATUS (NTAPI *SaveSupplementalCredentials)(VOID);
82 NTSTATUS (NTAPI *CreateThread)(PVOID); /* wrong prototype, unused */
83 NTSTATUS (NTAPI *GetClientInfo)(PSECPKG_CLIENT_INFO);
84 NTSTATUS (NTAPI *RegisterNotification)(PVOID); /* wrong prototype, unused */
85 NTSTATUS (NTAPI *CancelNotification)(PVOID); /* wrong prototype, unused */
86 NTSTATUS (NTAPI *MapBuffer)(PVOID); /* wrong prototype, unused */
87 NTSTATUS (NTAPI *CreateToken)(PVOID); /* wrong prototype, unused */
88 NTSTATUS (NTAPI *AuditLogon)(PVOID); /* wrong prototype, unused */
89 NTSTATUS (NTAPI *CallPackage)(PVOID); /* wrong prototype, unused */
90 NTSTATUS (NTAPI *FreeReturnBuffer)(PVOID); /* wrong prototype, unused */
91 BOOLEAN (NTAPI *GetCallInfo)(PSECPKG_CALL_INFO);
92 NTSTATUS (NTAPI *CallPackageEx)(PVOID); /* wrong prototype, unused */
93 NTSTATUS (NTAPI *CreateSharedMemory)(PVOID); /* wrong prototype, unused */
94 NTSTATUS (NTAPI *AllocateSharedMemory)(PVOID); /* wrong prototype, unused */
95 NTSTATUS (NTAPI *FreeSharedMemory)(PVOID); /* wrong prototype, unused */
96 NTSTATUS (NTAPI *DeleteSharedMemory)(PVOID); /* wrong prototype, unused */
97 NTSTATUS (NTAPI *OpenSamUser)(PSECURITY_STRING, SECPKG_NAME_TYPE,
98 PSECURITY_STRING, BOOLEAN, ULONG, PVOID *);
99 NTSTATUS (NTAPI *GetUserCredentials)(PVOID, PVOID, PULONG, PVOID *, PULONG);
100 NTSTATUS (NTAPI *GetUserAuthData)(PVOID, PUCHAR *, PULONG);
101 NTSTATUS (NTAPI *CloseSamUser)(PVOID);
102 NTSTATUS (NTAPI *ConvertAuthDataToToken)(PVOID, ULONG,
103 SECURITY_IMPERSONATION_LEVEL,
104 PTOKEN_SOURCE, SECURITY_LOGON_TYPE,
105 PUNICODE_STRING, PHANDLE, PLUID,
106 PUNICODE_STRING, PNTSTATUS);
107 NTSTATUS (NTAPI *ClientCallback)(PVOID); /* wrong prototype, unused */
108 NTSTATUS (NTAPI *UpdateCredentials)(PVOID); /* wrong prototype, unused */
109 NTSTATUS (NTAPI *GetAuthDataForUser)(PSECURITY_STRING, SECPKG_NAME_TYPE,
110 PSECURITY_STRING, PUCHAR *, PULONG,
112 NTSTATUS (NTAPI *CrackSingleName)(PVOID); /* wrong prototype, unused */
113 NTSTATUS (NTAPI *AuditAccountLogon)(PVOID); /* wrong prototype, unused */
114 NTSTATUS (NTAPI *CallPackagePassthrough)(PVOID); /* wrong prototype, unused */
115 } LSA_SECPKG_FUNCS, *PLSA_SECPKG_FUNCS;
117 typedef enum _LSA_TOKEN_INFORMATION_TYPE
119 LsaTokenInformationNull,
120 LsaTokenInformationV1,
121 LsaTokenInformationV2
122 } LSA_TOKEN_INFORMATION_TYPE, *PLSA_TOKEN_INFORMATION_TYPE;
124 typedef struct _LSA_TOKEN_INFORMATION_V2
126 LARGE_INTEGER ExpirationTime;
128 PTOKEN_GROUPS Groups;
129 TOKEN_PRIMARY_GROUP PrimaryGroup;
130 PTOKEN_PRIVILEGES Privileges;
132 TOKEN_DEFAULT_DACL DefaultDacl;
133 } LSA_TOKEN_INFORMATION_V2, *PLSA_TOKEN_INFORMATION_V2;
135 /* These structures are eqivalent to the appropriate Windows structures,
136 using 32 bit offsets instead of pointers. These datastructures are
137 used to transfer the logon information to the LSA authentication package.
138 We can't use the LSA_TOKEN_INFORMATION_V2 structure directly, because
139 its size differs between 32 bit and 64 bit Windows. */
141 typedef DWORD OFFSET;
143 typedef struct _CYG_SID_AND_ATTRIBUTES
147 } CYG_SID_AND_ATTRIBUTES, *PCYG_SID_AND_ATTRIBUTES;
149 typedef struct _CYG_TOKEN_USER
151 CYG_SID_AND_ATTRIBUTES User;
152 } CYG_TOKEN_USER, *PCYG_TOKEN_USER;
154 typedef struct _CYG_TOKEN_GROUPS
157 CYG_SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY];
158 } CYG_TOKEN_GROUPS, *PCYG_TOKEN_GROUPS;
160 typedef struct _CYG_TOKEN_PRIMARY_GROUP
163 } CYG_TOKEN_PRIMARY_GROUP, *PCYG_TOKEN_PRIMARY_GROUP;
165 typedef struct _CYG_TOKEN_OWNER
168 } CYG_TOKEN_OWNER, *PCYG_TOKEN_OWNER;
170 typedef struct _CYG_TOKEN_DEFAULT_DACL
173 } CYG_TOKEN_DEFAULT_DACL, *PCYG_TOKEN_DEFAULT_DACL;
175 typedef struct _CYG_LSA_TOKEN_INFORMATION
177 LARGE_INTEGER ExpirationTime;
180 CYG_TOKEN_PRIMARY_GROUP PrimaryGroup;
182 CYG_TOKEN_OWNER Owner;
183 CYG_TOKEN_DEFAULT_DACL DefaultDacl;
184 } CYG_LSA_TOKEN_INFORMATION, *PCYG_LSA_TOKEN_INFORMATION;
186 /* This is the structure created by security.cc:lsaauth(), which is given to
187 LsaApLogonUser to create the token information returned to the LSA. */
192 WCHAR username[UNLEN + 1];
193 WCHAR domain[MAX_DOMAIN_NAME_LEN + 1];
195 CYG_LSA_TOKEN_INFORMATION inf;
206 #define MAGIC_PRE 0x12345678UL
207 #define MAGIC_POST 0x87654321UL
213 #endif /* _CYGLSA_H */