976 lines
28 KiB
C
976 lines
28 KiB
C
//+-----------------------------------------------------------------------
|
|
//
|
|
// Microsoft Windows
|
|
//
|
|
// Copyright (c) Microsoft Corporation 1991 - 1992
|
|
//
|
|
// File: SPMLPC.H
|
|
//
|
|
// Contents: Defines for the LPC to the SPMgr
|
|
//
|
|
//
|
|
// History: 2 Mar 94 MikeSw Created
|
|
//
|
|
//------------------------------------------------------------------------
|
|
|
|
#ifndef __SPMLPC_H__
|
|
#define __SPMLPC_H__
|
|
|
|
//
|
|
// Pickup the LSA lpc messages for compatiblity
|
|
//
|
|
#pragma warning(disable:4200)
|
|
|
|
#include <efsstruc.h>
|
|
#include <aup.h>
|
|
|
|
|
|
#define SPM_PORTNAME L"\\LsaAuthenticationPort"
|
|
#define SPM_EVENTNAME L"\\SECURITY\\LSA_AUTHENTICATION_INITIALIZED"
|
|
|
|
|
|
#define SPM_AUTH_PKG_FLAG 0x00001000
|
|
|
|
//
|
|
// Buffers that will fit into the message are placed in there and the
|
|
// their pointers will be replaced with this value. Since all buffers and
|
|
// strings are sent with their lengths, to unpack the data move pull out the
|
|
// buffers in the order they are listed in the API message.
|
|
//
|
|
// Since all buffers must be passed from VM, any address above 0x80000000
|
|
// will not be confused for an address
|
|
//
|
|
|
|
#define SEC_PACKED_BUFFER_VALUE (IntToPtr(0xFFFFFFFF))
|
|
|
|
//
|
|
// Max secbuffers allowed in a SecBufferDesc
|
|
//
|
|
|
|
#define MAX_SECBUFFERS 10
|
|
|
|
//
|
|
// This bit gets set in the SecurityMode word, indicating that the DLL
|
|
// is running in the LSA process. The DLL will turn around and get the
|
|
// direct dispatch routine, and avoid the whole LPC issue
|
|
//
|
|
|
|
#define LSA_MODE_SAME_PROCESS 0x00010000
|
|
|
|
//
|
|
// This flag is added to the version information in a SecBufferDesc to
|
|
// indicate that the memory is already mapped to the LSA.
|
|
//
|
|
|
|
#define LSA_MEMORY_KERNEL_MAP 0x80000000
|
|
#define LSA_SECBUFFER_VERSION_MASK 0x0000FFFF
|
|
|
|
|
|
|
|
//
|
|
// Conditional type definition for Wow64 environment. The LPC messages
|
|
// are kept "native" size, so pointers are full size. The WOW environment
|
|
// will do the thunking. LPC messages are defined with types that are
|
|
// always the correct size using these "aliases".
|
|
//
|
|
|
|
#ifdef BUILD_WOW64
|
|
|
|
#pragma message("Building for WOW64")
|
|
|
|
#define ALIGN_WOW64 __declspec(align(8))
|
|
|
|
#define POINTER_FORMAT "%I64X"
|
|
|
|
#if 0
|
|
typedef WCHAR * __ptr64 PWSTR_LPC ;
|
|
typedef VOID * __ptr64 PVOID_LPC ;
|
|
#else
|
|
typedef ULONGLONG PWSTR_LPC ;
|
|
typedef ULONGLONG PVOID_LPC ;
|
|
typedef ULONGLONG PSID_LPC ;
|
|
#endif
|
|
|
|
typedef struct _SECURITY_STRING_WOW64 {
|
|
USHORT Length ;
|
|
USHORT MaximumLength ;
|
|
PWSTR_LPC Buffer ;
|
|
} SECURITY_STRING_WOW64, * PSECURITY_STRING_WOW64 ;
|
|
|
|
typedef struct _SEC_HANDLE_WOW64 {
|
|
PVOID_LPC dwLower ;
|
|
PVOID_LPC dwUpper ;
|
|
} SEC_HANDLE_WOW64, * PSEC_HANDLE_WOW64 ;
|
|
|
|
typedef struct _SEC_BUFFER_WOW64 {
|
|
unsigned long cbBuffer ;
|
|
unsigned long BufferType ;
|
|
PVOID_LPC pvBuffer ;
|
|
} SEC_BUFFER_WOW64, * PSEC_BUFFER_WOW64 ;
|
|
|
|
typedef struct _SEC_BUFFER_DESC_WOW64 {
|
|
unsigned long ulVersion ;
|
|
unsigned long cBuffers ;
|
|
PVOID_LPC pBuffers ;
|
|
} SEC_BUFFER_DESC_WOW64, * PSEC_BUFFER_DESC_WOW64 ;
|
|
|
|
typedef struct _SECPKG_INFO_WOW64 {
|
|
ULONG fCapabilities;
|
|
USHORT wVersion;
|
|
USHORT wRPCID;
|
|
ULONG cbMaxToken;
|
|
PWSTR_LPC Name;
|
|
PWSTR_LPC Comment;
|
|
}
|
|
SECPKG_INFO_WOW64, * PSECPKG_INFO_WOW64;
|
|
|
|
typedef struct _SECPKGCONTEXT_NEGOTIATIONINFOWOW64
|
|
{
|
|
PVOID_LPC pPackageInfo64;
|
|
ULONG NegotiationState;
|
|
}
|
|
SECPKGCONTEXT_NEGOTIATIONINFOWOW64, *PSECPKGCONTEXT_NEGOTIATIONINFOWOW64;
|
|
|
|
typedef struct _SECURITY_USER_DATA_WOW64 {
|
|
SECURITY_STRING_WOW64 UserName;
|
|
SECURITY_STRING_WOW64 LogonDomainName;
|
|
SECURITY_STRING_WOW64 LogonServer;
|
|
PSID_LPC pSid;
|
|
}
|
|
SECURITY_USER_DATA_WOW64, * PSECURITY_USER_DATA_WOW64;
|
|
|
|
typedef SECURITY_STRING_WOW64 SECURITY_STRING_LPC ;
|
|
typedef SEC_HANDLE_WOW64 SEC_HANDLE_LPC ;
|
|
typedef SEC_BUFFER_DESC_WOW64 SEC_BUFFER_DESC_LPC ;
|
|
typedef SEC_BUFFER_WOW64 SEC_BUFFER_LPC ;
|
|
typedef PVOID_LPC LSA_SEC_HANDLE_LPC ;
|
|
|
|
#define SecpSecurityStringToLpc( L, S ) \
|
|
(L)->Length = (S)->Length ; \
|
|
(L)->MaximumLength = (S)->MaximumLength ; \
|
|
(L)->Buffer = (PWSTR_LPC) ((S)->Buffer) ;
|
|
|
|
#define SecpLpcStringToSecurityString( S, L ) \
|
|
(S)->Length = (L)->Length ; \
|
|
(S)->MaximumLength = (L)->MaximumLength ; \
|
|
(S)->Buffer = (PWSTR) ( (L)->Buffer ); \
|
|
|
|
#define SecpSecBufferToLpc( L, S )\
|
|
(L)->cbBuffer = (S)->cbBuffer ; \
|
|
(L)->BufferType = (S)->BufferType ; \
|
|
(L)->pvBuffer = (PVOID_LPC) (S)->pvBuffer ;
|
|
|
|
#define SecpLpcBufferToSecBuffer( S, L ) \
|
|
(S)->cbBuffer = (L)->cbBuffer ; \
|
|
(S)->BufferType = (L)->BufferType ; \
|
|
(S)->pvBuffer = (PVOID) (L)->pvBuffer ;
|
|
|
|
#define SecpSecBufferDescToLpc( L, S )\
|
|
(L)->ulVersion = (S)->ulVersion ; \
|
|
(L)->cBuffers = (S)->cBuffers ; \
|
|
(L)->pBuffers = (PVOID_LPC) (S)->pBuffers ;
|
|
|
|
#define SecpLpcBufferDescToSecBufferDesc( S, L ) \
|
|
(S)->ulVersion = (L)->ulVersion ; \
|
|
(S)->cBuffers = (L)->cBuffers ; \
|
|
(S)->pBuffers = (PSecBuffer) (L)->pBuffers ;
|
|
|
|
#define SecpSecPkgInfoToLpc( L, S ) \
|
|
(L)->fCapabilities = (S)->fCapabilities ; \
|
|
(L)->wVersion = (S)->wVersion ; \
|
|
(L)->wRPCID = (S)->wRPCID ; \
|
|
(L)->cbMaxToken = (S)->cbMaxToken ; \
|
|
(L)->Name = (PWSTR_LPC) (S)->Name ; \
|
|
(L)->Comment = (PWSTR_LPC) (S)->Comment ;
|
|
|
|
#define SecpLpcPkgInfoToSecPkgInfo( S, L ) \
|
|
(S)->fCapabilities = (L)->fCapabilities ; \
|
|
(S)->wVersion = (L)->wVersion ; \
|
|
(S)->wRPCID = (L)->wRPCID ; \
|
|
(S)->cbMaxToken = (L)->cbMaxToken ; \
|
|
(S)->Name = (SEC_WCHAR *) (L)->Name ; \
|
|
(S)->Comment = (SEC_WCHAR *) (L)->Comment ;
|
|
|
|
#else
|
|
|
|
#define ALIGN_WOW64
|
|
|
|
#define POINTER_FORMAT "%p"
|
|
|
|
typedef SECURITY_STRING SECURITY_STRING_LPC ;
|
|
typedef PVOID PVOID_LPC ;
|
|
typedef SecHandle SEC_HANDLE_LPC ;
|
|
typedef SecBufferDesc SEC_BUFFER_DESC_LPC ;
|
|
typedef SecBuffer SEC_BUFFER_LPC ;
|
|
typedef PWSTR PWSTR_LPC ;
|
|
typedef LSA_SEC_HANDLE LSA_SEC_HANDLE_LPC ;
|
|
|
|
#define SecpSecurityStringToLpc( L, S ) \
|
|
*(L) = *(S) ;
|
|
|
|
#define SecpLpcStringToSecurityString( S, L ) \
|
|
*(S) = *(L) ;
|
|
|
|
#define SecpSecBufferToLpc( L, S ) \
|
|
*(L) = *(S) ;
|
|
|
|
#define SecpLpcBufferToSecBuffer( S, L ) \
|
|
*(S) = *(L) ;
|
|
|
|
#define SecpSecBufferDescToLpc( L, S ) \
|
|
*(L) = *(S) ;
|
|
|
|
#define SecpLpcBufferDescToSecBufferDesc( S, L ) \
|
|
*(S) = *(L) ;
|
|
#endif
|
|
|
|
typedef SEC_HANDLE_LPC CRED_HANDLE_LPC, * PCRED_HANDLE_LPC ;
|
|
typedef SEC_HANDLE_LPC CONTEXT_HANDLE_LPC, * PCONTEXT_HANDLE_LPC ;
|
|
typedef SEC_HANDLE_LPC * PSEC_HANDLE_LPC ;
|
|
typedef SEC_BUFFER_LPC * PSEC_BUFFER_LPC ;
|
|
|
|
typedef struct _SPMConnectReq {
|
|
ULONG Flags;
|
|
} SPMConnectReq, * PSPMConnectReq;
|
|
|
|
typedef struct _SPMConnectReply {
|
|
ULONG cPackages;
|
|
ULONG dwSessionID;
|
|
PVOID pvFastDispatch;
|
|
} SPMConnectReply, * PSPMConnectReply;
|
|
|
|
typedef struct _SPMConnect {
|
|
ULONG dwVersion;
|
|
ULONG dwMessageType;
|
|
union {
|
|
SPMConnectReq Request;
|
|
SPMConnectReply Reply;
|
|
} ConnectData;
|
|
} SPMConnect, * PSPMConnect;
|
|
|
|
|
|
|
|
//
|
|
// this structures is used with NtAcceptPort, etc., which puts the data
|
|
// following the PORT_MESSAGE structure
|
|
//
|
|
|
|
typedef struct _SPMConnectMessage {
|
|
PORT_MESSAGE Message;
|
|
SPMConnect Connect;
|
|
} SPMConnectMessage, *PSPMConnectMessage;
|
|
|
|
#define SPM_MSG_CONNECTREQ 1
|
|
#define SPM_MSG_CONNECTREP 2
|
|
|
|
|
|
//
|
|
// Connection specific data types
|
|
//
|
|
|
|
|
|
//
|
|
// The following are message structures for internal routines, such as
|
|
// synchronization and state messages
|
|
//
|
|
#define PACKAGEINFO_THUNKS 16
|
|
|
|
typedef struct _SEC_PACKAGE_BINDING_INFO_LPC {
|
|
SECURITY_STRING_LPC PackageName;
|
|
SECURITY_STRING_LPC Comment;
|
|
SECURITY_STRING_LPC ModuleName;
|
|
ULONG PackageIndex;
|
|
ULONG fCapabilities;
|
|
ULONG Flags;
|
|
ULONG RpcId;
|
|
ULONG Version;
|
|
ULONG TokenSize;
|
|
ULONG ContextThunksCount ;
|
|
ULONG ContextThunks[ PACKAGEINFO_THUNKS ] ;
|
|
} SEC_PACKAGE_BINDING_INFO_LPC, * PSEC_PACKAGE_BINDING_INFO_LPC ;
|
|
|
|
#ifdef BUILD_WOW64
|
|
|
|
typedef struct _SEC_PACKAGE_BINDING_INFO {
|
|
SECURITY_STRING PackageName;
|
|
SECURITY_STRING Comment;
|
|
SECURITY_STRING ModuleName;
|
|
ULONG PackageIndex;
|
|
ULONG fCapabilities;
|
|
ULONG Flags;
|
|
ULONG RpcId;
|
|
ULONG Version;
|
|
ULONG TokenSize;
|
|
ULONG ContextThunksCount ;
|
|
ULONG ContextThunks[ PACKAGEINFO_THUNKS ] ;
|
|
} SEC_PACKAGE_BINDING_INFO, * PSEC_PACKAGE_BINDING_INFO ;
|
|
|
|
#else
|
|
|
|
typedef SEC_PACKAGE_BINDING_INFO_LPC SEC_PACKAGE_BINDING_INFO ;
|
|
typedef SEC_PACKAGE_BINDING_INFO_LPC * PSEC_PACKAGE_BINDING_INFO ;
|
|
|
|
#endif
|
|
|
|
#define PACKAGEINFO_BUILTIN 0x00000001
|
|
#define PACKAGEINFO_AUTHPKG 0x00000002
|
|
#define PACKAGEINFO_SIGNED 0x00000004
|
|
|
|
|
|
typedef struct _SPMGetBindingAPI {
|
|
LSA_SEC_HANDLE_LPC ulPackageId;
|
|
SEC_PACKAGE_BINDING_INFO_LPC BindingInfo;
|
|
} SPMGetBindingAPI;
|
|
|
|
|
|
//
|
|
// Internal SetSession API.
|
|
// not supported in Wow64
|
|
//
|
|
|
|
typedef struct _SPMSetSession {
|
|
ULONG Request;
|
|
ULONG_PTR Argument ;
|
|
ULONG_PTR Response;
|
|
PVOID ResponsePtr;
|
|
PVOID Extra ;
|
|
} SPMSetSessionAPI;
|
|
|
|
#define SETSESSION_GET_STATUS 0x00000001
|
|
#define SETSESSION_ADD_WORKQUEUE 0x00000002
|
|
#define SETSESSION_REMOVE_WORKQUEUE 0x00000003
|
|
#define SETSESSION_GET_DISPATCH 0x00000004
|
|
|
|
|
|
typedef struct _SPMFindPackageAPI {
|
|
SECURITY_STRING_LPC ssPackageName;
|
|
LSA_SEC_HANDLE_LPC ulPackageId;
|
|
} SPMFindPackageAPI;
|
|
|
|
|
|
// The following are message structures. Not surprisingly, they look a
|
|
// lot like the API signatures. Keep that in mind.
|
|
|
|
|
|
|
|
// EnumeratePackages API
|
|
|
|
typedef struct _SPMEnumPackagesAPI {
|
|
ULONG cPackages; // OUT
|
|
PSecPkgInfo pPackages; // OUT
|
|
} SPMEnumPackagesAPI;
|
|
|
|
|
|
//
|
|
// Credential APIs
|
|
//
|
|
|
|
|
|
// AcquireCredentialsHandle API
|
|
|
|
typedef struct _SPMAcquireCredsAPI {
|
|
SECURITY_STRING_LPC ssPrincipal; // IN
|
|
SECURITY_STRING_LPC ssSecPackage; // IN
|
|
ULONG fCredentialUse; // IN
|
|
LUID LogonID; // IN
|
|
PVOID_LPC pvAuthData; // IN
|
|
PVOID_LPC pvGetKeyFn; // IN
|
|
PVOID_LPC ulGetKeyArgument; // IN
|
|
CRED_HANDLE_LPC hCredential; // OUT
|
|
TimeStamp tsExpiry; // OUT
|
|
SEC_BUFFER_LPC AuthData ; // IN
|
|
} SPMAcquireCredsAPI;
|
|
|
|
|
|
// EstablishCredentials API
|
|
// not supported in Wow64
|
|
|
|
typedef struct _SPMEstablishCredsAPI {
|
|
SECURITY_STRING Name; // IN
|
|
SECURITY_STRING Package; // IN
|
|
ULONG cbKey; // IN
|
|
PUCHAR pbKey; // IN
|
|
CredHandle hCredentials; // OUT
|
|
TimeStamp tsExpiry; // OUT
|
|
} SPMEstablishCredsAPI;
|
|
|
|
// FreeCredentialsHandle API
|
|
|
|
typedef struct _SPMFreeCredHandleAPI {
|
|
CRED_HANDLE_LPC hCredential;
|
|
} SPMFreeCredHandleAPI;
|
|
|
|
|
|
//
|
|
// Context APIs
|
|
//
|
|
|
|
// InitializeSecurityContext API
|
|
|
|
typedef struct _SPMInitSecContextAPI {
|
|
CRED_HANDLE_LPC hCredential; // IN
|
|
CONTEXT_HANDLE_LPC hContext; // IN
|
|
SECURITY_STRING_LPC ssTarget; // IN
|
|
ULONG fContextReq; // IN
|
|
ULONG dwReserved1; // IN
|
|
ULONG TargetDataRep; // IN
|
|
SEC_BUFFER_DESC_LPC sbdInput; // IN
|
|
ULONG dwReserved2; // IN
|
|
CONTEXT_HANDLE_LPC hNewContext; // OUT
|
|
SEC_BUFFER_DESC_LPC sbdOutput; // IN OUT
|
|
ULONG fContextAttr; // OUT
|
|
TimeStamp tsExpiry; // OUT
|
|
BOOLEAN MappedContext; // OUT
|
|
SEC_BUFFER_LPC ContextData; // OUT
|
|
SEC_BUFFER_LPC sbData[0]; // IN
|
|
} SPMInitContextAPI;
|
|
|
|
|
|
|
|
// AcceptSecurityContext API
|
|
|
|
typedef struct _SPMAcceptContextAPI {
|
|
CRED_HANDLE_LPC hCredential; // IN
|
|
CONTEXT_HANDLE_LPC hContext; // IN
|
|
SEC_BUFFER_DESC_LPC sbdInput; // IN
|
|
ULONG fContextReq; // IN
|
|
ULONG TargetDataRep; // IN
|
|
CONTEXT_HANDLE_LPC hNewContext; // OUT
|
|
SEC_BUFFER_DESC_LPC sbdOutput; // IN OUT
|
|
ULONG fContextAttr; // OUT
|
|
TimeStamp tsExpiry; // OUT
|
|
BOOLEAN MappedContext; // OUT
|
|
SEC_BUFFER_LPC ContextData; // OUT
|
|
SEC_BUFFER_LPC sbData[0]; // IN OUT
|
|
} SPMAcceptContextAPI;
|
|
|
|
//
|
|
// ApplyControlToken API
|
|
//
|
|
|
|
typedef struct _SPMApplyTokenAPI {
|
|
CONTEXT_HANDLE_LPC hContext ;
|
|
SEC_BUFFER_DESC_LPC sbdInput ;
|
|
SEC_BUFFER_LPC sbInputBuffer[ MAX_SECBUFFERS ];
|
|
} SPMApplyTokenAPI;
|
|
|
|
// DeleteContext API
|
|
|
|
typedef struct _SPMDeleteContextAPI {
|
|
CONTEXT_HANDLE_LPC hContext; // IN - Context to delete
|
|
} SPMDeleteContextAPI;
|
|
|
|
|
|
|
|
//
|
|
// Miscelanneous, extension APIs
|
|
//
|
|
|
|
|
|
// QueryPackage API
|
|
|
|
typedef struct _SPMQueryPackageAPI {
|
|
SECURITY_STRING_LPC ssPackageName;
|
|
PSecPkgInfo pPackageInfo;
|
|
} SPMQueryPackageAPI;
|
|
|
|
|
|
|
|
// GetSecurityUserInfo
|
|
// not supported in Wow64
|
|
|
|
typedef struct _SPMGetUserInfoAPI {
|
|
LUID LogonId; // IN
|
|
ULONG fFlags; // IN
|
|
PSecurityUserData pUserInfo; // OUT
|
|
} SPMGetUserInfoAPI;
|
|
|
|
|
|
//
|
|
// Credentials APIs. Not used.
|
|
//
|
|
|
|
typedef struct _SPMGetCredsAPI {
|
|
CredHandle hCredentials; // IN
|
|
SecBuffer Credentials; // OUT
|
|
} SPMGetCredsAPI;
|
|
|
|
typedef struct _SPMSaveCredsAPI {
|
|
CredHandle hCredentials; // IN
|
|
SecBuffer Credentials; // IN
|
|
} SPMSaveCredsAPI;
|
|
|
|
typedef struct _SPMDeleteCredsAPI {
|
|
CredHandle hCredentials; // IN
|
|
SecBuffer Key; // IN
|
|
} SPMDeleteCredsAPI;
|
|
|
|
|
|
typedef struct _SPMQueryCredAttributesAPI {
|
|
CRED_HANDLE_LPC hCredentials;
|
|
ULONG ulAttribute;
|
|
PVOID_LPC pBuffer;
|
|
ULONG Allocs ;
|
|
PVOID_LPC Buffers[1];
|
|
} SPMQueryCredAttributesAPI;
|
|
|
|
|
|
typedef struct _SPMAddPackageAPI {
|
|
SECURITY_STRING_LPC Package;
|
|
ULONG OptionsFlags;
|
|
} SPMAddPackageAPI ;
|
|
|
|
typedef struct _SPMDeletePackageAPI {
|
|
SECURITY_STRING_LPC Package;
|
|
} SPMDeletePackageAPI ;
|
|
|
|
typedef struct _SPMQueryContextAttrAPI {
|
|
CONTEXT_HANDLE_LPC hContext ;
|
|
ULONG ulAttribute ;
|
|
PVOID_LPC pBuffer ;
|
|
ULONG Allocs ;
|
|
PVOID_LPC Buffers[1];
|
|
} SPMQueryContextAttrAPI ;
|
|
|
|
typedef struct _SPMSetContextAttrAPI {
|
|
CONTEXT_HANDLE_LPC hContext ;
|
|
ULONG ulAttribute ;
|
|
PVOID_LPC pBuffer ;
|
|
ULONG cbBuffer;
|
|
} SPMSetContextAttrAPI ;
|
|
|
|
|
|
//
|
|
// Kernel mode EFS API. None of these are Wow64
|
|
//
|
|
|
|
typedef struct _SPMEfsGenerateKeyAPI {
|
|
PVOID EfsStream;
|
|
PVOID DirectoryEfsStream;
|
|
ULONG DirectoryEfsStreamLength;
|
|
PVOID Fek;
|
|
ULONG BufferLength;
|
|
PVOID BufferBase;
|
|
} SPMEfsGenerateKeyAPI;
|
|
|
|
typedef struct _SPMEfsGenerateDirEfsAPI {
|
|
PVOID DirectoryEfsStream;
|
|
ULONG DirectoryEfsStreamLength;
|
|
PVOID EfsStream;
|
|
PVOID BufferBase;
|
|
ULONG BufferLength;
|
|
} SPMEfsGenerateDirEfsAPI;
|
|
|
|
typedef struct _SPMEfsDecryptFekAPI {
|
|
PVOID Fek;
|
|
PVOID EfsStream;
|
|
ULONG EfsStreamLength;
|
|
ULONG OpenType;
|
|
PVOID NewEfs;
|
|
PVOID BufferBase;
|
|
ULONG BufferLength;
|
|
} SPMEfsDecryptFekAPI;
|
|
|
|
typedef struct _SPMEfsGenerateSessionKeyAPI {
|
|
PVOID InitDataExg;
|
|
} SPMEfsGenerateSessionKeyAPI;
|
|
|
|
|
|
|
|
//
|
|
// Usermode policy change notifications
|
|
//
|
|
typedef struct _SPMLsaPolicyChangeNotifyAPI {
|
|
ULONG Options;
|
|
BOOLEAN Register;
|
|
HANDLE EventHandle;
|
|
POLICY_NOTIFICATION_INFORMATION_CLASS NotifyInfoClass;
|
|
} SPMLsaPolicyChangeNotifyAPI;
|
|
|
|
|
|
typedef struct _SPMCallbackAPI {
|
|
ULONG Type;
|
|
PVOID_LPC CallbackFunction;
|
|
PVOID_LPC Argument1;
|
|
PVOID_LPC Argument2;
|
|
SEC_BUFFER_LPC Input ;
|
|
SEC_BUFFER_LPC Output ;
|
|
} SPMCallbackAPI ;
|
|
|
|
#define SPM_CALLBACK_INTERNAL 0x00000001 // Handled by the security DLL
|
|
#define SPM_CALLBACK_GETKEY 0x00000002 // Getkey function being called
|
|
#define SPM_CALLBACK_PACKAGE 0x00000003 // Package function
|
|
#define SPM_CALLBACK_EXPORT 0x00000004 // Ptr to string
|
|
|
|
//
|
|
// Fast name lookup
|
|
//
|
|
|
|
typedef struct _SPMGetUserNameXAPI {
|
|
ULONG Options ;
|
|
SECURITY_STRING_LPC Name;
|
|
} SPMGetUserNameXAPI ;
|
|
|
|
#define SPM_NAME_OPTION_MASK 0xFFFF0000
|
|
|
|
#define SPM_NAME_OPTION_NT4_ONLY 0x00010000 // GetUserNameX only, not Ex
|
|
#define SPM_NAME_OPTION_FLUSH 0x00020000
|
|
|
|
//
|
|
// AddCredential API.
|
|
//
|
|
|
|
typedef struct _SPMAddCredential {
|
|
CRED_HANDLE_LPC hCredentials ;
|
|
SECURITY_STRING_LPC ssPrincipal; // IN
|
|
SECURITY_STRING_LPC ssSecPackage; // IN
|
|
ULONG fCredentialUse; // IN
|
|
LUID LogonID; // IN
|
|
PVOID_LPC pvAuthData; // IN
|
|
PVOID_LPC pvGetKeyFn; // IN
|
|
PVOID_LPC ulGetKeyArgument; // IN
|
|
TimeStamp tsExpiry; // OUT
|
|
} SPMAddCredentialAPI ;
|
|
|
|
typedef struct _SPMEnumLogonSession {
|
|
PVOID_LPC LogonSessionList ; // OUT
|
|
ULONG LogonSessionCount ; // OUT
|
|
} SPMEnumLogonSessionAPI ;
|
|
|
|
typedef struct _SPMGetLogonSessionData {
|
|
LUID LogonId ; // IN
|
|
PVOID_LPC LogonSessionInfo ; // OUT
|
|
} SPMGetLogonSessionDataAPI ;
|
|
|
|
//
|
|
// Internal codes:
|
|
//
|
|
|
|
#define SPM_CALLBACK_ADDRESS_CHECK 1 // Setting up shared buffer
|
|
#define SPM_CALLBACK_SHUTDOWN 2 // Inproc shutdown notification
|
|
|
|
|
|
//
|
|
// SID translation APIs (for kmode callers, primarily)
|
|
//
|
|
|
|
typedef struct _SPMLookupAccountSidX {
|
|
PVOID_LPC Sid; // IN
|
|
SECURITY_STRING_LPC Name ; // OUT
|
|
SECURITY_STRING_LPC Domain ; // OUT
|
|
SID_NAME_USE NameUse ; // OUT
|
|
} SPMLookupAccountSidXAPI ;
|
|
|
|
typedef struct _SPMLookupAccountNameX {
|
|
SECURITY_STRING_LPC Name ; // IN
|
|
SECURITY_STRING_LPC Domain ; // OUT
|
|
PVOID_LPC Sid ; // OUT
|
|
SID_NAME_USE NameUse ; // OUT
|
|
} SPMLookupAccountNameXAPI ;
|
|
|
|
|
|
// this is the wrapper for all messages.
|
|
|
|
typedef union {
|
|
SPMGetBindingAPI GetBinding;
|
|
SPMSetSessionAPI SetSession;
|
|
SPMFindPackageAPI FindPackage;
|
|
SPMEnumPackagesAPI EnumPackages;
|
|
SPMAcquireCredsAPI AcquireCreds;
|
|
SPMEstablishCredsAPI EstablishCreds;
|
|
SPMFreeCredHandleAPI FreeCredHandle;
|
|
SPMInitContextAPI InitContext;
|
|
SPMAcceptContextAPI AcceptContext;
|
|
SPMApplyTokenAPI ApplyToken;
|
|
SPMDeleteContextAPI DeleteContext;
|
|
SPMQueryPackageAPI QueryPackage;
|
|
SPMGetUserInfoAPI GetUserInfo;
|
|
SPMGetCredsAPI GetCreds;
|
|
SPMSaveCredsAPI SaveCreds;
|
|
SPMDeleteCredsAPI DeleteCreds;
|
|
SPMQueryCredAttributesAPI QueryCredAttributes;
|
|
SPMAddPackageAPI AddPackage;
|
|
SPMDeletePackageAPI DeletePackage ;
|
|
SPMEfsGenerateKeyAPI EfsGenerateKey;
|
|
SPMEfsGenerateDirEfsAPI EfsGenerateDirEfs;
|
|
SPMEfsDecryptFekAPI EfsDecryptFek;
|
|
SPMEfsGenerateSessionKeyAPI EfsGenerateSessionKey;
|
|
SPMQueryContextAttrAPI QueryContextAttr ;
|
|
SPMCallbackAPI Callback ;
|
|
SPMLsaPolicyChangeNotifyAPI LsaPolicyChangeNotify;
|
|
SPMGetUserNameXAPI GetUserNameX ;
|
|
SPMAddCredentialAPI AddCredential ;
|
|
SPMEnumLogonSessionAPI EnumLogonSession ;
|
|
SPMGetLogonSessionDataAPI GetLogonSessionData ;
|
|
SPMSetContextAttrAPI SetContextAttr ;
|
|
SPMLookupAccountSidXAPI LookupAccountSidX ;
|
|
SPMLookupAccountNameXAPI LookupAccountNameX ;
|
|
} SPM_API;
|
|
|
|
//
|
|
// This extends the range of LSA functions with the SPM functions
|
|
//
|
|
|
|
typedef enum _SPM_API_NUMBER {
|
|
SPMAPI_GetBinding = (LsapAuMaxApiNumber + 1),
|
|
SPMAPI_SetSession,
|
|
SPMAPI_FindPackage,
|
|
SPMAPI_EnumPackages,
|
|
SPMAPI_AcquireCreds,
|
|
SPMAPI_EstablishCreds,
|
|
SPMAPI_FreeCredHandle,
|
|
SPMAPI_InitContext,
|
|
SPMAPI_AcceptContext,
|
|
SPMAPI_ApplyToken,
|
|
SPMAPI_DeleteContext,
|
|
SPMAPI_QueryPackage,
|
|
SPMAPI_GetUserInfo,
|
|
SPMAPI_GetCreds,
|
|
SPMAPI_SaveCreds,
|
|
SPMAPI_DeleteCreds,
|
|
SPMAPI_QueryCredAttributes,
|
|
SPMAPI_AddPackage,
|
|
SPMAPI_DeletePackage,
|
|
SPMAPI_EfsGenerateKey,
|
|
SPMAPI_EfsGenerateDirEfs,
|
|
SPMAPI_EfsDecryptFek,
|
|
SPMAPI_EfsGenerateSessionKey,
|
|
SPMAPI_Callback,
|
|
SPMAPI_QueryContextAttr,
|
|
SPMAPI_LsaPolicyChangeNotify,
|
|
SPMAPI_GetUserNameX,
|
|
SPMAPI_AddCredential,
|
|
SPMAPI_EnumLogonSession,
|
|
SPMAPI_GetLogonSessionData,
|
|
SPMAPI_SetContextAttr,
|
|
SPMAPI_LookupAccountNameX,
|
|
SPMAPI_LookupAccountSidX,
|
|
SPMAPI_MaxApiNumber
|
|
} SPM_API_NUMBER, *PSPM_API_NUMBER;
|
|
|
|
//
|
|
// These are the valid flags to set in the fAPI field
|
|
//
|
|
|
|
#define SPMAPI_FLAG_ERROR_RET 0x0001 // Indicates an error return
|
|
#define SPMAPI_FLAG_MEMORY 0x0002 // Memory was allocated in client
|
|
#define SPMAPI_FLAG_PREPACK 0x0004 // Data packed in bData field
|
|
#define SPMAPI_FLAG_GETSTATE 0x0008 // driver should call GetState
|
|
|
|
#define SPMAPI_FLAG_ANSI_CALL 0x0010 // Called via ANSI stub
|
|
#define SPMAPI_FLAG_HANDLE_CHG 0x0020 // A handle was changed
|
|
#define SPMAPI_FLAG_CALLBACK 0x0040 // Callback to calling process
|
|
#define SPMAPI_FLAG_ALLOCS 0x0080 // VM Allocs were placed in prepack
|
|
#define SPMAPI_FLAG_EXEC_NOW 0x0100 // Execute in LPC thread
|
|
#define SPMAPI_FLAG_WIN32_ERROR 0x0200 // Status is a win32 error
|
|
#define SPMAPI_FLAG_KMAP_MEM 0x0400 // Call contains buffers in the kmap
|
|
|
|
//
|
|
// These are the state flags (currently unused in client)
|
|
//
|
|
|
|
#define SPMSTATE_PRIVACY_OK 0x00000010 // Privacy support is enabled
|
|
#define SPMSTATE_OLDLSA_OK 0x00000020 // Old LSA packages present
|
|
#define SPMSTATE_FAKE_MSV 0x00000040 // Faked MSV1_0 package
|
|
#define SPMSTATE_SAME_PROC 0x00000080 // Security DLL is operating in LSA process
|
|
#define SPMSTATE_DISABLE_POPUPS 0x00000100 // Disable popups
|
|
|
|
//
|
|
// Compatibility flag mask:
|
|
//
|
|
|
|
#define SPMSTATE_LSAMODE_MASK 0x0000000F // Gets LSA_MODE bits for compat.
|
|
|
|
//
|
|
// This structure contains all the information needed for SPM api's
|
|
//
|
|
|
|
typedef struct _SPMLPCAPI {
|
|
USHORT fAPI ;
|
|
USHORT VMOffset ;
|
|
PVOID_LPC ContextPointer ;
|
|
SPM_API API;
|
|
} SPMLPCAPI, * PSPMLPCAPI;
|
|
|
|
//
|
|
// This union contains all the info for LSA api's
|
|
//
|
|
|
|
typedef union {
|
|
LSAP_LOOKUP_PACKAGE_ARGS LookupPackage;
|
|
LSAP_LOGON_USER_ARGS LogonUser;
|
|
LSAP_CALL_PACKAGE_ARGS CallPackage;
|
|
} LSA_API;
|
|
|
|
|
|
//
|
|
// This union contains both SPM and LSA api's
|
|
//
|
|
|
|
typedef union _SPM_LSA_ARGUMENTS {
|
|
LSA_API LsaArguments;
|
|
SPMLPCAPI SpmArguments;
|
|
} SPM_LSA_ARGUMENTS, *PSPM_LSA_ARGUMENTS;
|
|
|
|
//
|
|
// For performance, some APIs will attempt to pack small parameters in the
|
|
// message being sent to the SPM, rather than have the SPM read it out of
|
|
// their memory. So, this value defines how much data can be stuck in the
|
|
// message.
|
|
//
|
|
// Two items are defined here. One, CBAPIHDR, is the size of everything
|
|
// in the message except the packed data. The other, CBPREPACK, is the
|
|
// left over space. I subtract 4 at the end to avoid potential boundary
|
|
// problems with an LPC message.
|
|
//
|
|
|
|
#define CBAPIHDR (sizeof(PORT_MESSAGE) + sizeof(ULONG) + sizeof(HRESULT) + \
|
|
sizeof(SPM_LSA_ARGUMENTS))
|
|
|
|
#define CBPREPACK (PORT_MAXIMUM_MESSAGE_LENGTH - CBAPIHDR - sizeof( PVOID_LPC ))
|
|
|
|
#define NUM_SECBUFFERS ( CBPREPACK / sizeof(SecBuffer) )
|
|
|
|
//
|
|
// This structure is sent over during an API call rather than a connect
|
|
// message
|
|
//
|
|
|
|
typedef struct _SPM_API_MESSAGE {
|
|
SPM_API_NUMBER dwAPI;
|
|
HRESULT scRet;
|
|
SPM_LSA_ARGUMENTS Args;
|
|
UCHAR bData[CBPREPACK];
|
|
} SPM_API_MESSAGE, *PSPM_API_MESSAGE;
|
|
|
|
#define SecBaseMessageSize( Api ) \
|
|
( sizeof( SPM_API_NUMBER ) + sizeof( HRESULT ) + \
|
|
( sizeof( SPM_LSA_ARGUMENTS ) - sizeof( SPM_API ) + \
|
|
sizeof( SPM##Api##API ) ) )
|
|
|
|
|
|
//
|
|
// This is the actual message sent over LPC - it contains both the
|
|
// connection request information and the api message
|
|
//
|
|
|
|
|
|
typedef struct _SPM_LPC_MESSAGE {
|
|
PORT_MESSAGE pmMessage;
|
|
union {
|
|
LSAP_AU_REGISTER_CONNECT_INFO ConnectionRequest;
|
|
SPM_API_MESSAGE ApiMessage;
|
|
};
|
|
} SPM_LPC_MESSAGE, *PSPM_LPC_MESSAGE;
|
|
|
|
|
|
//
|
|
// Macros to help prepare LPC messages
|
|
//
|
|
|
|
#ifdef SECURITY_USERMODE
|
|
#define PREPARE_MESSAGE_EX( Message, Api, Flags, Context ) \
|
|
RtlZeroMemory( &Message, sizeof( SPM_LSA_ARGUMENTS ) + sizeof( PORT_MESSAGE ) ); \
|
|
(Message).pmMessage.u1.s1.DataLength = \
|
|
( sizeof( SPM_API_NUMBER ) + sizeof( HRESULT ) + \
|
|
( sizeof( SPM_LSA_ARGUMENTS ) - sizeof( SPM_API ) + \
|
|
sizeof( SPM##Api##API ) ) ); \
|
|
(Message).pmMessage.u1.s1.TotalLength = (Message).pmMessage.u1.s1.DataLength + \
|
|
sizeof( PORT_MESSAGE ); \
|
|
(Message).pmMessage.u2.ZeroInit = 0L; \
|
|
(Message).ApiMessage.scRet = 0L; \
|
|
(Message).ApiMessage.dwAPI = SPMAPI_##Api ; \
|
|
(Message).ApiMessage.Args.SpmArguments.fAPI = (USHORT)(Flags); \
|
|
(Message).ApiMessage.Args.SpmArguments.ContextPointer = Context ;
|
|
#else
|
|
#define PREPARE_MESSAGE_EX( Message, Api, Flags, Context ) \
|
|
RtlZeroMemory( &Message, sizeof( SPM_LSA_ARGUMENTS ) + sizeof( PORT_MESSAGE ) ); \
|
|
(Message).pmMessage.u1.s1.DataLength = \
|
|
( sizeof( SPM_API_NUMBER ) + sizeof( HRESULT ) + \
|
|
( sizeof( SPM_LSA_ARGUMENTS ) - sizeof( SPM_API ) + \
|
|
sizeof( SPM##Api##API ) ) ); \
|
|
(Message).pmMessage.u1.s1.TotalLength = (Message).pmMessage.u1.s1.DataLength + \
|
|
sizeof( PORT_MESSAGE ); \
|
|
(Message).pmMessage.u2.ZeroInit = 0L; \
|
|
(Message).ApiMessage.scRet = 0L; \
|
|
(Message).ApiMessage.dwAPI = SPMAPI_##Api ; \
|
|
(Message).ApiMessage.Args.SpmArguments.fAPI = (USHORT)(Flags); \
|
|
(Message).ApiMessage.Args.SpmArguments.ContextPointer = Context ; \
|
|
(Message).pmMessage.u2.s2.Type |= LPC_KERNELMODE_MESSAGE;
|
|
#endif
|
|
|
|
#define PREPARE_MESSAGE(Message, Api) PREPARE_MESSAGE_EX( Message, Api, 0, 0 )
|
|
|
|
#define LPC_MESSAGE_ARGS( Message, Api )\
|
|
( & (Message).ApiMessage.Args.SpmArguments.API.Api )
|
|
|
|
#define LPC_MESSAGE_ARGSP( Message, Api )\
|
|
( & (Message)->ApiMessage.Args.SpmArguments.API.Api )
|
|
|
|
#define DECLARE_ARGS( Args, Message, Api )\
|
|
SPM##Api##API * Args = & (Message).ApiMessage.Args.SpmArguments.API.Api
|
|
|
|
#define DECLARE_ARGSP( Args, Message, Api)\
|
|
SPM##Api##API * Args = & (Message)->ApiMessage.Args.SpmArguments.API.Api
|
|
|
|
#define PREPACK_START FIELD_OFFSET( SPM_LPC_MESSAGE, ApiMessage.bData )
|
|
|
|
#define LPC_DATA_LENGTH( Length )\
|
|
(USHORT) ((PREPACK_START) + Length - sizeof( PORT_MESSAGE ) )
|
|
|
|
#define LPC_TOTAL_LENGTH( Length )\
|
|
(USHORT) ((PREPACK_START) + Length )
|
|
|
|
//
|
|
// Prototype for the direct dispatch function:
|
|
//
|
|
|
|
typedef NTSTATUS (SEC_ENTRY LSA_DISPATCH_FN)(
|
|
PSPM_LPC_MESSAGE );
|
|
|
|
typedef LSA_DISPATCH_FN * PLSA_DISPATCH_FN;
|
|
|
|
|
|
//
|
|
// structs used to manage memory shared between the LSA and KSEC driver
|
|
//
|
|
|
|
#define LSA_MAX_KMAP_SIZE 65535
|
|
|
|
|
|
//
|
|
// This structure describes a chunk of pool that has been copied into
|
|
// a kmap buffer. The original pool address and the location in the
|
|
// kmap are here, as is the size of the chunk. On IA64, this ends up
|
|
// with a wasted 32bit padding area
|
|
//
|
|
typedef struct _KSEC_LSA_POOL_MAP {
|
|
PVOID_LPC Pool ; // Region of pool
|
|
USHORT Offset ; // Offset into kmap
|
|
USHORT Size ; // size of chunk
|
|
} KSEC_LSA_POOL_MAP, PKSEC_LSA_POOL_MAP ;
|
|
|
|
#define KSEC_LSA_MAX_MAPS 4
|
|
|
|
typedef struct _KSEC_LSA_MEMORY_HEADER {
|
|
ULONG Size ; // Size of the reserved region
|
|
ULONG Commit ; // Size of the committed space
|
|
ULONG Consumed ; // Amount consumed
|
|
USHORT Preserve ; // Size of the area to keep for ksec
|
|
USHORT MapCount ; // number of entries in array
|
|
KSEC_LSA_POOL_MAP PoolMap[ KSEC_LSA_MAX_MAPS ];
|
|
} KSEC_LSA_MEMORY_HEADER, * PKSEC_LSA_MEMORY_HEADER ;
|
|
|
|
//
|
|
// This buffer type is used to indicate the header in the
|
|
// message from the driver to the LSA. It is ignored if
|
|
// the call did not originate from kernel mode
|
|
//
|
|
|
|
#define SECBUFFER_KMAP_HEADER 0x00008001
|
|
|
|
#pragma warning(default:4200)
|
|
|
|
#endif // __SPMLPC_H__
|
|
|