Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

2058 lines
63 KiB

  1. //+---------------------------------------------------------------------------
  2. //
  3. // Microsoft Windows
  4. // Copyright (C) Microsoft Corporation, 1992-1999.
  5. //
  6. // File: sspi.h
  7. //
  8. // Contents: Security Support Provider Interface
  9. // Prototypes and structure definitions
  10. //
  11. // Functions: Security Support Provider API
  12. //
  13. // History: 11-24-93 RichardW Created
  14. //
  15. //----------------------------------------------------------------------------
  16. // begin_ntifs
  17. #ifndef __SSPI_H__
  18. #define __SSPI_H__
  19. // end_ntifs
  20. #if _MSC_VER > 1000
  21. #pragma once
  22. #endif
  23. #ifdef __cplusplus
  24. extern "C" {
  25. #endif
  26. //
  27. // Determine environment:
  28. //
  29. #ifdef SECURITY_WIN32
  30. #define ISSP_LEVEL 32
  31. #define ISSP_MODE 1
  32. #endif // SECURITY_WIN32
  33. #ifdef SECURITY_KERNEL
  34. #define ISSP_LEVEL 32 // ntifs
  35. //
  36. // SECURITY_KERNEL trumps SECURITY_WIN32. Undefine ISSP_MODE so that
  37. // we don't get redefine errors.
  38. //
  39. #ifdef ISSP_MODE
  40. #undef ISSP_MODE
  41. #endif
  42. #define ISSP_MODE 0 // ntifs
  43. #endif // SECURITY_KERNEL
  44. #ifdef SECURITY_MAC
  45. #define ISSP_LEVEL 32
  46. #define ISSP_MODE 1
  47. #endif // SECURITY_MAC
  48. #ifndef ISSP_LEVEL
  49. #error You must define one of SECURITY_WIN32, SECURITY_KERNEL, or
  50. #error SECURITY_MAC
  51. #endif // !ISSP_LEVEL
  52. //
  53. // Now, define platform specific mappings:
  54. //
  55. // begin_ntifs
  56. typedef WCHAR SEC_WCHAR;
  57. typedef CHAR SEC_CHAR;
  58. #ifndef __SECSTATUS_DEFINED__
  59. typedef LONG SECURITY_STATUS;
  60. #define __SECSTATUS_DEFINED__
  61. #endif
  62. #define SEC_TEXT TEXT
  63. #define SEC_FAR
  64. #define SEC_ENTRY __stdcall
  65. // end_ntifs
  66. //
  67. // Decide what a string - 32 bits only since for 16 bits it is clear.
  68. //
  69. #ifdef UNICODE
  70. typedef SEC_WCHAR SEC_FAR * SECURITY_PSTR;
  71. typedef CONST SEC_WCHAR SEC_FAR * SECURITY_PCSTR;
  72. #else // UNICODE
  73. typedef SEC_CHAR SEC_FAR * SECURITY_PSTR;
  74. typedef CONST SEC_CHAR SEC_FAR * SECURITY_PCSTR;
  75. #endif // UNICODE
  76. //
  77. // Equivalent string for rpcrt:
  78. //
  79. #define __SEC_FAR SEC_FAR
  80. //
  81. // Okay, security specific types:
  82. //
  83. // begin_ntifs
  84. #ifndef __SECHANDLE_DEFINED__
  85. typedef struct _SecHandle
  86. {
  87. ULONG_PTR dwLower ;
  88. ULONG_PTR dwUpper ;
  89. } SecHandle, * PSecHandle ;
  90. #define __SECHANDLE_DEFINED__
  91. #endif // __SECHANDLE_DEFINED__
  92. #define SecInvalidateHandle( x ) \
  93. ((PSecHandle) x)->dwLower = ((ULONG_PTR) ((INT_PTR)-1)) ; \
  94. ((PSecHandle) x)->dwUpper = ((ULONG_PTR) ((INT_PTR)-1)) ; \
  95. #define SecIsValidHandle( x ) \
  96. ( ( ((PSecHandle) x)->dwLower != ((ULONG_PTR) ((INT_PTR) -1 ))) && \
  97. ( ((PSecHandle) x)->dwUpper != ((ULONG_PTR) ((INT_PTR) -1 ))) )
  98. typedef SecHandle CredHandle;
  99. typedef PSecHandle PCredHandle;
  100. typedef SecHandle CtxtHandle;
  101. typedef PSecHandle PCtxtHandle;
  102. // end_ntifs
  103. # ifdef WIN32_CHICAGO
  104. typedef unsigned __int64 QWORD;
  105. typedef QWORD SECURITY_INTEGER, *PSECURITY_INTEGER;
  106. #define SEC_SUCCESS(Status) ((Status) >= 0)
  107. # elif defined(_NTDEF_) || defined(_WINNT_)
  108. typedef LARGE_INTEGER _SECURITY_INTEGER, SECURITY_INTEGER, *PSECURITY_INTEGER; // ntifs
  109. # else // _NTDEF_ || _WINNT_
  110. typedef struct _SECURITY_INTEGER
  111. {
  112. unsigned long LowPart;
  113. long HighPart;
  114. } SECURITY_INTEGER, *PSECURITY_INTEGER;
  115. # endif // _NTDEF_ || _WINNT_
  116. # ifndef SECURITY_MAC
  117. typedef SECURITY_INTEGER TimeStamp; // ntifs
  118. typedef SECURITY_INTEGER SEC_FAR * PTimeStamp; // ntifs
  119. # else // SECURITY_MAC
  120. typedef unsigned long TimeStamp;
  121. typedef unsigned long * PTimeStamp;
  122. # endif // SECUIRT_MAC
  123. //
  124. // If we are in 32 bit mode, define the SECURITY_STRING structure,
  125. // as a clone of the base UNICODE_STRING structure. This is used
  126. // internally in security components, an as the string interface
  127. // for kernel components (e.g. FSPs)
  128. //
  129. # ifndef _NTDEF_
  130. typedef struct _SECURITY_STRING {
  131. unsigned short Length;
  132. unsigned short MaximumLength;
  133. # ifdef MIDL_PASS
  134. [size_is(MaximumLength / 2), length_is(Length / 2)]
  135. # endif // MIDL_PASS
  136. unsigned short * Buffer;
  137. } SECURITY_STRING, * PSECURITY_STRING;
  138. # else // _NTDEF_
  139. typedef UNICODE_STRING SECURITY_STRING, *PSECURITY_STRING; // ntifs
  140. # endif // _NTDEF_
  141. // begin_ntifs
  142. //
  143. // SecPkgInfo structure
  144. //
  145. // Provides general information about a security provider
  146. //
  147. typedef struct _SecPkgInfoW
  148. {
  149. unsigned long fCapabilities; // Capability bitmask
  150. unsigned short wVersion; // Version of driver
  151. unsigned short wRPCID; // ID for RPC Runtime
  152. unsigned long cbMaxToken; // Size of authentication token (max)
  153. #ifdef MIDL_PASS
  154. [string]
  155. #endif
  156. SEC_WCHAR SEC_FAR * Name; // Text name
  157. #ifdef MIDL_PASS
  158. [string]
  159. #endif
  160. SEC_WCHAR SEC_FAR * Comment; // Comment
  161. } SecPkgInfoW, SEC_FAR * PSecPkgInfoW;
  162. // end_ntifs
  163. typedef struct _SecPkgInfoA
  164. {
  165. unsigned long fCapabilities; // Capability bitmask
  166. unsigned short wVersion; // Version of driver
  167. unsigned short wRPCID; // ID for RPC Runtime
  168. unsigned long cbMaxToken; // Size of authentication token (max)
  169. #ifdef MIDL_PASS
  170. [string]
  171. #endif
  172. SEC_CHAR SEC_FAR * Name; // Text name
  173. #ifdef MIDL_PASS
  174. [string]
  175. #endif
  176. SEC_CHAR SEC_FAR * Comment; // Comment
  177. } SecPkgInfoA, SEC_FAR * PSecPkgInfoA;
  178. #ifdef UNICODE
  179. # define SecPkgInfo SecPkgInfoW // ntifs
  180. # define PSecPkgInfo PSecPkgInfoW // ntifs
  181. #else
  182. # define SecPkgInfo SecPkgInfoA
  183. # define PSecPkgInfo PSecPkgInfoA
  184. #endif // !UNICODE
  185. // begin_ntifs
  186. //
  187. // Security Package Capabilities
  188. //
  189. #define SECPKG_FLAG_INTEGRITY 0x00000001 // Supports integrity on messages
  190. #define SECPKG_FLAG_PRIVACY 0x00000002 // Supports privacy (confidentiality)
  191. #define SECPKG_FLAG_TOKEN_ONLY 0x00000004 // Only security token needed
  192. #define SECPKG_FLAG_DATAGRAM 0x00000008 // Datagram RPC support
  193. #define SECPKG_FLAG_CONNECTION 0x00000010 // Connection oriented RPC support
  194. #define SECPKG_FLAG_MULTI_REQUIRED 0x00000020 // Full 3-leg required for re-auth.
  195. #define SECPKG_FLAG_CLIENT_ONLY 0x00000040 // Server side functionality not available
  196. #define SECPKG_FLAG_EXTENDED_ERROR 0x00000080 // Supports extended error msgs
  197. #define SECPKG_FLAG_IMPERSONATION 0x00000100 // Supports impersonation
  198. #define SECPKG_FLAG_ACCEPT_WIN32_NAME 0x00000200 // Accepts Win32 names
  199. #define SECPKG_FLAG_STREAM 0x00000400 // Supports stream semantics
  200. #define SECPKG_FLAG_NEGOTIABLE 0x00000800 // Can be used by the negotiate package
  201. #define SECPKG_FLAG_GSS_COMPATIBLE 0x00001000 // GSS Compatibility Available
  202. #define SECPKG_FLAG_LOGON 0x00002000 // Supports common LsaLogonUser
  203. #define SECPKG_FLAG_ASCII_BUFFERS 0x00004000 // Token Buffers are in ASCII
  204. #define SECPKG_FLAG_FRAGMENT 0x00008000 // Package can fragment to fit
  205. #define SECPKG_FLAG_MUTUAL_AUTH 0x00010000 // Package can perform mutual authentication
  206. #define SECPKG_FLAG_DELEGATION 0x00020000 // Package can delegate
  207. #define SECPKG_FLAG_READONLY_WITH_CHECKSUM 0x00040000 // Package can delegate
  208. #define SECPKG_ID_NONE 0xFFFF
  209. //
  210. // SecBuffer
  211. //
  212. // Generic memory descriptors for buffers passed in to the security
  213. // API
  214. //
  215. typedef struct _SecBuffer {
  216. unsigned long cbBuffer; // Size of the buffer, in bytes
  217. unsigned long BufferType; // Type of the buffer (below)
  218. void SEC_FAR * pvBuffer; // Pointer to the buffer
  219. } SecBuffer, SEC_FAR * PSecBuffer;
  220. typedef struct _SecBufferDesc {
  221. unsigned long ulVersion; // Version number
  222. unsigned long cBuffers; // Number of buffers
  223. #ifdef MIDL_PASS
  224. [size_is(cBuffers)]
  225. #endif
  226. PSecBuffer pBuffers; // Pointer to array of buffers
  227. } SecBufferDesc, SEC_FAR * PSecBufferDesc;
  228. #define SECBUFFER_VERSION 0
  229. #define SECBUFFER_EMPTY 0 // Undefined, replaced by provider
  230. #define SECBUFFER_DATA 1 // Packet data
  231. #define SECBUFFER_TOKEN 2 // Security token
  232. #define SECBUFFER_PKG_PARAMS 3 // Package specific parameters
  233. #define SECBUFFER_MISSING 4 // Missing Data indicator
  234. #define SECBUFFER_EXTRA 5 // Extra data
  235. #define SECBUFFER_STREAM_TRAILER 6 // Security Trailer
  236. #define SECBUFFER_STREAM_HEADER 7 // Security Header
  237. #define SECBUFFER_NEGOTIATION_INFO 8 // Hints from the negotiation pkg
  238. #define SECBUFFER_PADDING 9 // non-data padding
  239. #define SECBUFFER_STREAM 10 // whole encrypted message
  240. #define SECBUFFER_MECHLIST 11
  241. #define SECBUFFER_MECHLIST_SIGNATURE 12
  242. #define SECBUFFER_TARGET 13
  243. #define SECBUFFER_CHANNEL_BINDINGS 14
  244. #define SECBUFFER_ATTRMASK 0xF0000000
  245. #define SECBUFFER_READONLY 0x80000000 // Buffer is read-only, no checksum
  246. #define SECBUFFER_READONLY_WITH_CHECKSUM 0x10000000 // Buffer is read-only, and checksummed
  247. #define SECBUFFER_RESERVED 0x60000000 // Flags reserved to security system
  248. typedef struct _SEC_NEGOTIATION_INFO {
  249. unsigned long Size; // Size of this structure
  250. unsigned long NameLength; // Length of name hint
  251. SEC_WCHAR SEC_FAR * Name; // Name hint
  252. void SEC_FAR * Reserved; // Reserved
  253. } SEC_NEGOTIATION_INFO, SEC_FAR * PSEC_NEGOTIATION_INFO ;
  254. typedef struct _SEC_CHANNEL_BINDINGS {
  255. unsigned long dwInitiatorAddrType;
  256. unsigned long cbInitiatorLength;
  257. unsigned long dwInitiatorOffset;
  258. unsigned long dwAcceptorAddrType;
  259. unsigned long cbAcceptorLength;
  260. unsigned long dwAcceptorOffset;
  261. unsigned long cbApplicationDataLength;
  262. unsigned long dwApplicationDataOffset;
  263. } SEC_CHANNEL_BINDINGS, SEC_FAR * PSEC_CHANNEL_BINDINGS ;
  264. //
  265. // Data Representation Constant:
  266. //
  267. #define SECURITY_NATIVE_DREP 0x00000010
  268. #define SECURITY_NETWORK_DREP 0x00000000
  269. //
  270. // Credential Use Flags
  271. //
  272. #define SECPKG_CRED_INBOUND 0x00000001
  273. #define SECPKG_CRED_OUTBOUND 0x00000002
  274. #define SECPKG_CRED_BOTH 0x00000003
  275. #define SECPKG_CRED_DEFAULT 0x00000004
  276. #define SECPKG_CRED_RESERVED 0xF0000000
  277. //
  278. // InitializeSecurityContext Requirement and return flags:
  279. //
  280. #define ISC_REQ_DELEGATE 0x00000001
  281. #define ISC_REQ_MUTUAL_AUTH 0x00000002
  282. #define ISC_REQ_REPLAY_DETECT 0x00000004
  283. #define ISC_REQ_SEQUENCE_DETECT 0x00000008
  284. #define ISC_REQ_CONFIDENTIALITY 0x00000010
  285. #define ISC_REQ_USE_SESSION_KEY 0x00000020
  286. #define ISC_REQ_PROMPT_FOR_CREDS 0x00000040
  287. #define ISC_REQ_USE_SUPPLIED_CREDS 0x00000080
  288. #define ISC_REQ_ALLOCATE_MEMORY 0x00000100
  289. #define ISC_REQ_USE_DCE_STYLE 0x00000200
  290. #define ISC_REQ_DATAGRAM 0x00000400
  291. #define ISC_REQ_CONNECTION 0x00000800
  292. #define ISC_REQ_CALL_LEVEL 0x00001000
  293. #define ISC_REQ_FRAGMENT_SUPPLIED 0x00002000
  294. #define ISC_REQ_EXTENDED_ERROR 0x00004000
  295. #define ISC_REQ_STREAM 0x00008000
  296. #define ISC_REQ_INTEGRITY 0x00010000
  297. #define ISC_REQ_IDENTIFY 0x00020000
  298. #define ISC_REQ_NULL_SESSION 0x00040000
  299. #define ISC_REQ_MANUAL_CRED_VALIDATION 0x00080000
  300. #define ISC_REQ_RESERVED1 0x00100000
  301. #define ISC_REQ_FRAGMENT_TO_FIT 0x00200000
  302. #define ISC_RET_DELEGATE 0x00000001
  303. #define ISC_RET_MUTUAL_AUTH 0x00000002
  304. #define ISC_RET_REPLAY_DETECT 0x00000004
  305. #define ISC_RET_SEQUENCE_DETECT 0x00000008
  306. #define ISC_RET_CONFIDENTIALITY 0x00000010
  307. #define ISC_RET_USE_SESSION_KEY 0x00000020
  308. #define ISC_RET_USED_COLLECTED_CREDS 0x00000040
  309. #define ISC_RET_USED_SUPPLIED_CREDS 0x00000080
  310. #define ISC_RET_ALLOCATED_MEMORY 0x00000100
  311. #define ISC_RET_USED_DCE_STYLE 0x00000200
  312. #define ISC_RET_DATAGRAM 0x00000400
  313. #define ISC_RET_CONNECTION 0x00000800
  314. #define ISC_RET_INTERMEDIATE_RETURN 0x00001000
  315. #define ISC_RET_CALL_LEVEL 0x00002000
  316. #define ISC_RET_EXTENDED_ERROR 0x00004000
  317. #define ISC_RET_STREAM 0x00008000
  318. #define ISC_RET_INTEGRITY 0x00010000
  319. #define ISC_RET_IDENTIFY 0x00020000
  320. #define ISC_RET_NULL_SESSION 0x00040000
  321. #define ISC_RET_MANUAL_CRED_VALIDATION 0x00080000
  322. #define ISC_RET_RESERVED1 0x00100000
  323. #define ISC_RET_FRAGMENT_ONLY 0x00200000
  324. #define ASC_REQ_DELEGATE 0x00000001
  325. #define ASC_REQ_MUTUAL_AUTH 0x00000002
  326. #define ASC_REQ_REPLAY_DETECT 0x00000004
  327. #define ASC_REQ_SEQUENCE_DETECT 0x00000008
  328. #define ASC_REQ_CONFIDENTIALITY 0x00000010
  329. #define ASC_REQ_USE_SESSION_KEY 0x00000020
  330. #define ASC_REQ_ALLOCATE_MEMORY 0x00000100
  331. #define ASC_REQ_USE_DCE_STYLE 0x00000200
  332. #define ASC_REQ_DATAGRAM 0x00000400
  333. #define ASC_REQ_CONNECTION 0x00000800
  334. #define ASC_REQ_CALL_LEVEL 0x00001000
  335. #define ASC_REQ_EXTENDED_ERROR 0x00008000
  336. #define ASC_REQ_STREAM 0x00010000
  337. #define ASC_REQ_INTEGRITY 0x00020000
  338. #define ASC_REQ_LICENSING 0x00040000
  339. #define ASC_REQ_IDENTIFY 0x00080000
  340. #define ASC_REQ_ALLOW_NULL_SESSION 0x00100000
  341. #define ASC_REQ_ALLOW_NON_USER_LOGONS 0x00200000
  342. #define ASC_REQ_ALLOW_CONTEXT_REPLAY 0x00400000
  343. #define ASC_REQ_FRAGMENT_TO_FIT 0x00800000
  344. #define ASC_REQ_FRAGMENT_SUPPLIED 0x00002000
  345. #define ASC_REQ_NO_TOKEN 0x01000000
  346. #define ASC_RET_DELEGATE 0x00000001
  347. #define ASC_RET_MUTUAL_AUTH 0x00000002
  348. #define ASC_RET_REPLAY_DETECT 0x00000004
  349. #define ASC_RET_SEQUENCE_DETECT 0x00000008
  350. #define ASC_RET_CONFIDENTIALITY 0x00000010
  351. #define ASC_RET_USE_SESSION_KEY 0x00000020
  352. #define ASC_RET_ALLOCATED_MEMORY 0x00000100
  353. #define ASC_RET_USED_DCE_STYLE 0x00000200
  354. #define ASC_RET_DATAGRAM 0x00000400
  355. #define ASC_RET_CONNECTION 0x00000800
  356. #define ASC_RET_CALL_LEVEL 0x00002000 // skipped 1000 to be like ISC_
  357. #define ASC_RET_THIRD_LEG_FAILED 0x00004000
  358. #define ASC_RET_EXTENDED_ERROR 0x00008000
  359. #define ASC_RET_STREAM 0x00010000
  360. #define ASC_RET_INTEGRITY 0x00020000
  361. #define ASC_RET_LICENSING 0x00040000
  362. #define ASC_RET_IDENTIFY 0x00080000
  363. #define ASC_RET_NULL_SESSION 0x00100000
  364. #define ASC_RET_ALLOW_NON_USER_LOGONS 0x00200000
  365. #define ASC_RET_ALLOW_CONTEXT_REPLAY 0x00400000
  366. #define ASC_RET_FRAGMENT_ONLY 0x00800000
  367. #define ASC_RET_NO_TOKEN 0x01000000
  368. //
  369. // Security Credentials Attributes:
  370. //
  371. #define SECPKG_CRED_ATTR_NAMES 1
  372. typedef struct _SecPkgCredentials_NamesW
  373. {
  374. SEC_WCHAR SEC_FAR * sUserName;
  375. } SecPkgCredentials_NamesW, SEC_FAR * PSecPkgCredentials_NamesW;
  376. // end_ntifs
  377. typedef struct _SecPkgCredentials_NamesA
  378. {
  379. SEC_CHAR SEC_FAR * sUserName;
  380. } SecPkgCredentials_NamesA, SEC_FAR * PSecPkgCredentials_NamesA;
  381. #ifdef UNICODE
  382. # define SecPkgCredentials_Names SecPkgCredentials_NamesW // ntifs
  383. # define PSecPkgCredentials_Names PSecPkgCredentials_NamesW // ntifs
  384. #else
  385. # define SecPkgCredentials_Names SecPkgCredentials_NamesA
  386. # define PSecPkgCredentials_Names PSecPkgCredentials_NamesA
  387. #endif // !UNICODE
  388. // begin_ntifs
  389. //
  390. // Security Context Attributes:
  391. //
  392. #define SECPKG_ATTR_SIZES 0
  393. #define SECPKG_ATTR_NAMES 1
  394. #define SECPKG_ATTR_LIFESPAN 2
  395. #define SECPKG_ATTR_DCE_INFO 3
  396. #define SECPKG_ATTR_STREAM_SIZES 4
  397. #define SECPKG_ATTR_KEY_INFO 5
  398. #define SECPKG_ATTR_AUTHORITY 6
  399. #define SECPKG_ATTR_PROTO_INFO 7
  400. #define SECPKG_ATTR_PASSWORD_EXPIRY 8
  401. #define SECPKG_ATTR_SESSION_KEY 9
  402. #define SECPKG_ATTR_PACKAGE_INFO 10
  403. #define SECPKG_ATTR_USER_FLAGS 11
  404. #define SECPKG_ATTR_NEGOTIATION_INFO 12
  405. #define SECPKG_ATTR_NATIVE_NAMES 13
  406. #define SECPKG_ATTR_FLAGS 14
  407. #define SECPKG_ATTR_USE_VALIDATED 15
  408. #define SECPKG_ATTR_CREDENTIAL_NAME 16
  409. #define SECPKG_ATTR_TARGET_INFORMATION 17
  410. #define SECPKG_ATTR_ACCESS_TOKEN 18
  411. #define SECPKG_ATTR_TARGET 19
  412. #define SECPKG_ATTR_AUTHENTICATION_ID 20
  413. typedef struct _SecPkgContext_Sizes
  414. {
  415. unsigned long cbMaxToken;
  416. unsigned long cbMaxSignature;
  417. unsigned long cbBlockSize;
  418. unsigned long cbSecurityTrailer;
  419. } SecPkgContext_Sizes, SEC_FAR * PSecPkgContext_Sizes;
  420. typedef struct _SecPkgContext_StreamSizes
  421. {
  422. unsigned long cbHeader;
  423. unsigned long cbTrailer;
  424. unsigned long cbMaximumMessage;
  425. unsigned long cBuffers;
  426. unsigned long cbBlockSize;
  427. } SecPkgContext_StreamSizes, * PSecPkgContext_StreamSizes;
  428. typedef struct _SecPkgContext_NamesW
  429. {
  430. SEC_WCHAR SEC_FAR * sUserName;
  431. } SecPkgContext_NamesW, SEC_FAR * PSecPkgContext_NamesW;
  432. // end_ntifs
  433. typedef struct _SecPkgContext_NamesA
  434. {
  435. SEC_CHAR SEC_FAR * sUserName;
  436. } SecPkgContext_NamesA, SEC_FAR * PSecPkgContext_NamesA;
  437. #ifdef UNICODE
  438. # define SecPkgContext_Names SecPkgContext_NamesW // ntifs
  439. # define PSecPkgContext_Names PSecPkgContext_NamesW // ntifs
  440. #else
  441. # define SecPkgContext_Names SecPkgContext_NamesA
  442. # define PSecPkgContext_Names PSecPkgContext_NamesA
  443. #endif // !UNICODE
  444. // begin_ntifs
  445. typedef struct _SecPkgContext_Lifespan
  446. {
  447. TimeStamp tsStart;
  448. TimeStamp tsExpiry;
  449. } SecPkgContext_Lifespan, SEC_FAR * PSecPkgContext_Lifespan;
  450. typedef struct _SecPkgContext_DceInfo
  451. {
  452. unsigned long AuthzSvc;
  453. void SEC_FAR * pPac;
  454. } SecPkgContext_DceInfo, SEC_FAR * PSecPkgContext_DceInfo;
  455. // end_ntifs
  456. typedef struct _SecPkgContext_KeyInfoA
  457. {
  458. SEC_CHAR SEC_FAR * sSignatureAlgorithmName;
  459. SEC_CHAR SEC_FAR * sEncryptAlgorithmName;
  460. unsigned long KeySize;
  461. unsigned long SignatureAlgorithm;
  462. unsigned long EncryptAlgorithm;
  463. } SecPkgContext_KeyInfoA, SEC_FAR * PSecPkgContext_KeyInfoA;
  464. // begin_ntifs
  465. typedef struct _SecPkgContext_KeyInfoW
  466. {
  467. SEC_WCHAR SEC_FAR * sSignatureAlgorithmName;
  468. SEC_WCHAR SEC_FAR * sEncryptAlgorithmName;
  469. unsigned long KeySize;
  470. unsigned long SignatureAlgorithm;
  471. unsigned long EncryptAlgorithm;
  472. } SecPkgContext_KeyInfoW, SEC_FAR * PSecPkgContext_KeyInfoW;
  473. // end_ntifs
  474. #ifdef UNICODE
  475. #define SecPkgContext_KeyInfo SecPkgContext_KeyInfoW // ntifs
  476. #define PSecPkgContext_KeyInfo PSecPkgContext_KeyInfoW // ntifs
  477. #else
  478. #define SecPkgContext_KeyInfo SecPkgContext_KeyInfoA
  479. #define PSecPkgContext_KeyInfo PSecPkgContext_KeyInfoA
  480. #endif
  481. typedef struct _SecPkgContext_AuthorityA
  482. {
  483. SEC_CHAR SEC_FAR * sAuthorityName;
  484. } SecPkgContext_AuthorityA, * PSecPkgContext_AuthorityA;
  485. // begin_ntifs
  486. typedef struct _SecPkgContext_AuthorityW
  487. {
  488. SEC_WCHAR SEC_FAR * sAuthorityName;
  489. } SecPkgContext_AuthorityW, * PSecPkgContext_AuthorityW;
  490. // end_ntifs
  491. #ifdef UNICODE
  492. #define SecPkgContext_Authority SecPkgContext_AuthorityW // ntifs
  493. #define PSecPkgContext_Authority PSecPkgContext_AuthorityW // ntifs
  494. #else
  495. #define SecPkgContext_Authority SecPkgContext_AuthorityA
  496. #define PSecPkgContext_Authority PSecPkgContext_AuthorityA
  497. #endif
  498. typedef struct _SecPkgContext_ProtoInfoA
  499. {
  500. SEC_CHAR SEC_FAR * sProtocolName;
  501. unsigned long majorVersion;
  502. unsigned long minorVersion;
  503. } SecPkgContext_ProtoInfoA, SEC_FAR * PSecPkgContext_ProtoInfoA;
  504. // begin_ntifs
  505. typedef struct _SecPkgContext_ProtoInfoW
  506. {
  507. SEC_WCHAR SEC_FAR * sProtocolName;
  508. unsigned long majorVersion;
  509. unsigned long minorVersion;
  510. } SecPkgContext_ProtoInfoW, SEC_FAR * PSecPkgContext_ProtoInfoW;
  511. // end_ntifs
  512. #ifdef UNICODE
  513. #define SecPkgContext_ProtoInfo SecPkgContext_ProtoInfoW // ntifs
  514. #define PSecPkgContext_ProtoInfo PSecPkgContext_ProtoInfoW // ntifs
  515. #else
  516. #define SecPkgContext_ProtoInfo SecPkgContext_ProtoInfoA
  517. #define PSecPkgContext_ProtoInfo PSecPkgContext_ProtoInfoA
  518. #endif
  519. // begin_ntifs
  520. typedef struct _SecPkgContext_PasswordExpiry
  521. {
  522. TimeStamp tsPasswordExpires;
  523. } SecPkgContext_PasswordExpiry, SEC_FAR * PSecPkgContext_PasswordExpiry;
  524. typedef struct _SecPkgContext_SessionKey
  525. {
  526. unsigned long SessionKeyLength;
  527. unsigned char SEC_FAR * SessionKey;
  528. } SecPkgContext_SessionKey, *PSecPkgContext_SessionKey;
  529. typedef struct _SecPkgContext_PackageInfoW
  530. {
  531. PSecPkgInfoW PackageInfo;
  532. } SecPkgContext_PackageInfoW, SEC_FAR * PSecPkgContext_PackageInfoW;
  533. // end_ntifs
  534. typedef struct _SecPkgContext_PackageInfoA
  535. {
  536. PSecPkgInfoA PackageInfo;
  537. } SecPkgContext_PackageInfoA, SEC_FAR * PSecPkgContext_PackageInfoA;
  538. // begin_ntifs
  539. typedef struct _SecPkgContext_UserFlags
  540. {
  541. unsigned long UserFlags;
  542. } SecPkgContext_UserFlags, SEC_FAR * PSecPkgContext_UserFlags;
  543. typedef struct _SecPkgContext_Flags
  544. {
  545. unsigned long Flags;
  546. } SecPkgContext_Flags, SEC_FAR * PSecPkgContext_Flags;
  547. // end_ntifs
  548. #ifdef UNICODE
  549. #define SecPkgContext_PackageInfo SecPkgContext_PackageInfoW // ntifs
  550. #define PSecPkgContext_PackageInfo PSecPkgContext_PackageInfoW // ntifs
  551. #else
  552. #define SecPkgContext_PackageInfo SecPkgContext_PackageInfoA
  553. #define PSecPkgContext_PackageInfo PSecPkgContext_PackageInfoA
  554. #endif
  555. typedef struct _SecPkgContext_NegotiationInfoA
  556. {
  557. PSecPkgInfoA PackageInfo ;
  558. unsigned long NegotiationState ;
  559. } SecPkgContext_NegotiationInfoA, SEC_FAR * PSecPkgContext_NegotiationInfoA ;
  560. // begin_ntifs
  561. typedef struct _SecPkgContext_NegotiationInfoW
  562. {
  563. PSecPkgInfoW PackageInfo ;
  564. unsigned long NegotiationState ;
  565. } SecPkgContext_NegotiationInfoW, SEC_FAR * PSecPkgContext_NegotiationInfoW ;
  566. // end_ntifs
  567. #ifdef UNICODE
  568. #define SecPkgContext_NegotiationInfo SecPkgContext_NegotiationInfoW
  569. #define PSecPkgContext_NegotiationInfo PSecPkgContext_NegotiationInfoW
  570. #else
  571. #define SecPkgContext_NegotiationInfo SecPkgContext_NegotiationInfoA
  572. #define PSecPkgContext_NegotiationInfo PSecPkgContext_NegotiationInfoA
  573. #endif
  574. #define SECPKG_NEGOTIATION_COMPLETE 0
  575. #define SECPKG_NEGOTIATION_OPTIMISTIC 1
  576. #define SECPKG_NEGOTIATION_IN_PROGRESS 2
  577. #define SECPKG_NEGOTIATION_DIRECT 3
  578. #define SECPKG_NEGOTIATION_TRY_MULTICRED 4
  579. typedef struct _SecPkgContext_NativeNamesW
  580. {
  581. SEC_WCHAR SEC_FAR * sClientName;
  582. SEC_WCHAR SEC_FAR * sServerName;
  583. } SecPkgContext_NativeNamesW, SEC_FAR * PSecPkgContext_NativeNamesW;
  584. typedef struct _SecPkgContext_NativeNamesA
  585. {
  586. SEC_CHAR SEC_FAR * sClientName;
  587. SEC_CHAR SEC_FAR * sServerName;
  588. } SecPkgContext_NativeNamesA, SEC_FAR * PSecPkgContext_NativeNamesA;
  589. #ifdef UNICODE
  590. # define SecPkgContext_NativeNames SecPkgContext_NativeNamesW // ntifs
  591. # define PSecPkgContext_NativeNames PSecPkgContext_NativeNamesW // ntifs
  592. #else
  593. # define SecPkgContext_NativeNames SecPkgContext_NativeNamesA
  594. # define PSecPkgContext_NativeNames PSecPkgContext_NativeNamesA
  595. #endif // !UNICODE
  596. // begin_ntifs
  597. typedef struct _SecPkgContext_CredentialNameW
  598. {
  599. unsigned long CredentialType;
  600. SEC_WCHAR SEC_FAR *sCredentialName;
  601. } SecPkgContext_CredentialNameW, SEC_FAR * PSecPkgContext_CredentialNameW;
  602. // end_ntifs
  603. typedef struct _SecPkgContext_CredentialNameA
  604. {
  605. unsigned long CredentialType;
  606. SEC_CHAR SEC_FAR *sCredentialName;
  607. } SecPkgContext_CredentialNameA, SEC_FAR * PSecPkgContext_CredentialNameA;
  608. #ifdef UNICODE
  609. # define SecPkgContext_CredentialName SecPkgContext_CredentialNameW // ntifs
  610. # define PSecPkgContext_CredentialName PSecPkgContext_CredentialNameW // ntifs
  611. #else
  612. # define SecPkgContext_CredentialName SecPkgContext_CredentialNameA
  613. # define PSecPkgContext_CredentialName PSecPkgContext_CredentialNameA
  614. #endif // !UNICODE
  615. typedef struct _SecPkgContext_AccessToken
  616. {
  617. void SEC_FAR * AccessToken;
  618. } SecPkgContext_AccessToken, SEC_FAR * PSecPkgContext_AccessToken;
  619. typedef struct _SecPkgContext_TargetInformation
  620. {
  621. unsigned long MarshalledTargetInfoLength;
  622. unsigned char SEC_FAR * MarshalledTargetInfo;
  623. } SecPkgContext_TargetInformation, SEC_FAR * PSecPkgContext_TargetInformation;
  624. typedef struct _SecPkgContext_AuthzID
  625. {
  626. unsigned long AuthzIDLength;
  627. char SEC_FAR * AuthzID;
  628. } SecPkgContext_AuthzID, SEC_FAR * PSecPkgContext_AuthzID;
  629. typedef struct _SecPkgContext_Target
  630. {
  631. unsigned long TargetLength;
  632. char SEC_FAR * Target;
  633. } SecPkgContext_Target, SEC_FAR * PSecPkgContext_Target;
  634. // begin_ntifs
  635. typedef void
  636. (SEC_ENTRY SEC_FAR * SEC_GET_KEY_FN) (
  637. void SEC_FAR * Arg, // Argument passed in
  638. void SEC_FAR * Principal, // Principal ID
  639. unsigned long KeyVer, // Key Version
  640. void SEC_FAR * SEC_FAR * Key, // Returned ptr to key
  641. SECURITY_STATUS SEC_FAR * Status // returned status
  642. );
  643. //
  644. // Flags for ExportSecurityContext
  645. //
  646. #define SECPKG_CONTEXT_EXPORT_RESET_NEW 0x00000001 // New context is reset to initial state
  647. #define SECPKG_CONTEXT_EXPORT_DELETE_OLD 0x00000002 // Old context is deleted during export
  648. SECURITY_STATUS SEC_ENTRY
  649. AcquireCredentialsHandleW(
  650. #if ISSP_MODE == 0 // For Kernel mode
  651. PSECURITY_STRING pPrincipal,
  652. PSECURITY_STRING pPackage,
  653. #else
  654. SEC_WCHAR SEC_FAR * pszPrincipal, // Name of principal
  655. SEC_WCHAR SEC_FAR * pszPackage, // Name of package
  656. #endif
  657. unsigned long fCredentialUse, // Flags indicating use
  658. void SEC_FAR * pvLogonId, // Pointer to logon ID
  659. void SEC_FAR * pAuthData, // Package specific data
  660. SEC_GET_KEY_FN pGetKeyFn, // Pointer to GetKey() func
  661. void SEC_FAR * pvGetKeyArgument, // Value to pass to GetKey()
  662. PCredHandle phCredential, // (out) Cred Handle
  663. PTimeStamp ptsExpiry // (out) Lifetime (optional)
  664. );
  665. typedef SECURITY_STATUS
  666. (SEC_ENTRY * ACQUIRE_CREDENTIALS_HANDLE_FN_W)(
  667. #if ISSP_MODE == 0
  668. PSECURITY_STRING,
  669. PSECURITY_STRING,
  670. #else
  671. SEC_WCHAR SEC_FAR *,
  672. SEC_WCHAR SEC_FAR *,
  673. #endif
  674. unsigned long,
  675. void SEC_FAR *,
  676. void SEC_FAR *,
  677. SEC_GET_KEY_FN,
  678. void SEC_FAR *,
  679. PCredHandle,
  680. PTimeStamp);
  681. // end_ntifs
  682. SECURITY_STATUS SEC_ENTRY
  683. AcquireCredentialsHandleA(
  684. SEC_CHAR SEC_FAR * pszPrincipal, // Name of principal
  685. SEC_CHAR SEC_FAR * pszPackage, // Name of package
  686. unsigned long fCredentialUse, // Flags indicating use
  687. void SEC_FAR * pvLogonId, // Pointer to logon ID
  688. void SEC_FAR * pAuthData, // Package specific data
  689. SEC_GET_KEY_FN pGetKeyFn, // Pointer to GetKey() func
  690. void SEC_FAR * pvGetKeyArgument, // Value to pass to GetKey()
  691. PCredHandle phCredential, // (out) Cred Handle
  692. PTimeStamp ptsExpiry // (out) Lifetime (optional)
  693. );
  694. typedef SECURITY_STATUS
  695. (SEC_ENTRY * ACQUIRE_CREDENTIALS_HANDLE_FN_A)(
  696. SEC_CHAR SEC_FAR *,
  697. SEC_CHAR SEC_FAR *,
  698. unsigned long,
  699. void SEC_FAR *,
  700. void SEC_FAR *,
  701. SEC_GET_KEY_FN,
  702. void SEC_FAR *,
  703. PCredHandle,
  704. PTimeStamp);
  705. #ifdef UNICODE
  706. # define AcquireCredentialsHandle AcquireCredentialsHandleW // ntifs
  707. # define ACQUIRE_CREDENTIALS_HANDLE_FN ACQUIRE_CREDENTIALS_HANDLE_FN_W // ntifs
  708. #else
  709. # define AcquireCredentialsHandle AcquireCredentialsHandleA
  710. # define ACQUIRE_CREDENTIALS_HANDLE_FN ACQUIRE_CREDENTIALS_HANDLE_FN_A
  711. #endif // !UNICODE
  712. // begin_ntifs
  713. SECURITY_STATUS SEC_ENTRY
  714. FreeCredentialsHandle(
  715. PCredHandle phCredential // Handle to free
  716. );
  717. typedef SECURITY_STATUS
  718. (SEC_ENTRY * FREE_CREDENTIALS_HANDLE_FN)(
  719. PCredHandle );
  720. SECURITY_STATUS SEC_ENTRY
  721. AddCredentialsW(
  722. PCredHandle hCredentials,
  723. #if ISSP_MODE == 0 // For Kernel mode
  724. PSECURITY_STRING pPrincipal,
  725. PSECURITY_STRING pPackage,
  726. #else
  727. SEC_WCHAR SEC_FAR * pszPrincipal, // Name of principal
  728. SEC_WCHAR SEC_FAR * pszPackage, // Name of package
  729. #endif
  730. unsigned long fCredentialUse, // Flags indicating use
  731. void SEC_FAR * pAuthData, // Package specific data
  732. SEC_GET_KEY_FN pGetKeyFn, // Pointer to GetKey() func
  733. void SEC_FAR * pvGetKeyArgument, // Value to pass to GetKey()
  734. PTimeStamp ptsExpiry // (out) Lifetime (optional)
  735. );
  736. typedef SECURITY_STATUS
  737. (SEC_ENTRY * ADD_CREDENTIALS_FN_W)(
  738. PCredHandle,
  739. #if ISSP_MODE == 0
  740. PSECURITY_STRING,
  741. PSECURITY_STRING,
  742. #else
  743. SEC_WCHAR SEC_FAR *,
  744. SEC_WCHAR SEC_FAR *,
  745. #endif
  746. unsigned long,
  747. void SEC_FAR *,
  748. SEC_GET_KEY_FN,
  749. void SEC_FAR *,
  750. PTimeStamp);
  751. SECURITY_STATUS SEC_ENTRY
  752. AddCredentialsA(
  753. PCredHandle hCredentials,
  754. SEC_CHAR SEC_FAR * pszPrincipal, // Name of principal
  755. SEC_CHAR SEC_FAR * pszPackage, // Name of package
  756. unsigned long fCredentialUse, // Flags indicating use
  757. void SEC_FAR * pAuthData, // Package specific data
  758. SEC_GET_KEY_FN pGetKeyFn, // Pointer to GetKey() func
  759. void SEC_FAR * pvGetKeyArgument, // Value to pass to GetKey()
  760. PTimeStamp ptsExpiry // (out) Lifetime (optional)
  761. );
  762. typedef SECURITY_STATUS
  763. (SEC_ENTRY * ADD_CREDENTIALS_FN_A)(
  764. PCredHandle,
  765. SEC_CHAR SEC_FAR *,
  766. SEC_CHAR SEC_FAR *,
  767. unsigned long,
  768. void SEC_FAR *,
  769. SEC_GET_KEY_FN,
  770. void SEC_FAR *,
  771. PTimeStamp);
  772. #ifdef UNICODE
  773. #define AddCredentials AddCredentialsW
  774. #define ADD_CREDENTIALS_FN ADD_CREDENTIALS_FN_W
  775. #else
  776. #define AddCredentials AddCredentialsA
  777. #define ADD_CREDENTIALS_FN ADD_CREDENTIALS_FN_A
  778. #endif
  779. ////////////////////////////////////////////////////////////////////////
  780. ///
  781. /// Context Management Functions
  782. ///
  783. ////////////////////////////////////////////////////////////////////////
  784. SECURITY_STATUS SEC_ENTRY
  785. InitializeSecurityContextW(
  786. PCredHandle phCredential, // Cred to base context
  787. PCtxtHandle phContext, // Existing context (OPT)
  788. #if ISSP_MODE == 0
  789. PSECURITY_STRING pTargetName,
  790. #else
  791. SEC_WCHAR SEC_FAR * pszTargetName, // Name of target
  792. #endif
  793. unsigned long fContextReq, // Context Requirements
  794. unsigned long Reserved1, // Reserved, MBZ
  795. unsigned long TargetDataRep, // Data rep of target
  796. PSecBufferDesc pInput, // Input Buffers
  797. unsigned long Reserved2, // Reserved, MBZ
  798. PCtxtHandle phNewContext, // (out) New Context handle
  799. PSecBufferDesc pOutput, // (inout) Output Buffers
  800. unsigned long SEC_FAR * pfContextAttr, // (out) Context attrs
  801. PTimeStamp ptsExpiry // (out) Life span (OPT)
  802. );
  803. typedef SECURITY_STATUS
  804. (SEC_ENTRY * INITIALIZE_SECURITY_CONTEXT_FN_W)(
  805. PCredHandle,
  806. PCtxtHandle,
  807. #if ISSP_MODE == 0
  808. PSECURITY_STRING,
  809. #else
  810. SEC_WCHAR SEC_FAR *,
  811. #endif
  812. unsigned long,
  813. unsigned long,
  814. unsigned long,
  815. PSecBufferDesc,
  816. unsigned long,
  817. PCtxtHandle,
  818. PSecBufferDesc,
  819. unsigned long SEC_FAR *,
  820. PTimeStamp);
  821. // end_ntifs
  822. SECURITY_STATUS SEC_ENTRY
  823. InitializeSecurityContextA(
  824. PCredHandle phCredential, // Cred to base context
  825. PCtxtHandle phContext, // Existing context (OPT)
  826. SEC_CHAR SEC_FAR * pszTargetName, // Name of target
  827. unsigned long fContextReq, // Context Requirements
  828. unsigned long Reserved1, // Reserved, MBZ
  829. unsigned long TargetDataRep, // Data rep of target
  830. PSecBufferDesc pInput, // Input Buffers
  831. unsigned long Reserved2, // Reserved, MBZ
  832. PCtxtHandle phNewContext, // (out) New Context handle
  833. PSecBufferDesc pOutput, // (inout) Output Buffers
  834. unsigned long SEC_FAR * pfContextAttr, // (out) Context attrs
  835. PTimeStamp ptsExpiry // (out) Life span (OPT)
  836. );
  837. typedef SECURITY_STATUS
  838. (SEC_ENTRY * INITIALIZE_SECURITY_CONTEXT_FN_A)(
  839. PCredHandle,
  840. PCtxtHandle,
  841. SEC_CHAR SEC_FAR *,
  842. unsigned long,
  843. unsigned long,
  844. unsigned long,
  845. PSecBufferDesc,
  846. unsigned long,
  847. PCtxtHandle,
  848. PSecBufferDesc,
  849. unsigned long SEC_FAR *,
  850. PTimeStamp);
  851. #ifdef UNICODE
  852. # define InitializeSecurityContext InitializeSecurityContextW // ntifs
  853. # define INITIALIZE_SECURITY_CONTEXT_FN INITIALIZE_SECURITY_CONTEXT_FN_W // ntifs
  854. #else
  855. # define InitializeSecurityContext InitializeSecurityContextA
  856. # define INITIALIZE_SECURITY_CONTEXT_FN INITIALIZE_SECURITY_CONTEXT_FN_A
  857. #endif // !UNICODE
  858. // begin_ntifs
  859. SECURITY_STATUS SEC_ENTRY
  860. AcceptSecurityContext(
  861. PCredHandle phCredential, // Cred to base context
  862. PCtxtHandle phContext, // Existing context (OPT)
  863. PSecBufferDesc pInput, // Input buffer
  864. unsigned long fContextReq, // Context Requirements
  865. unsigned long TargetDataRep, // Target Data Rep
  866. PCtxtHandle phNewContext, // (out) New context handle
  867. PSecBufferDesc pOutput, // (inout) Output buffers
  868. unsigned long SEC_FAR * pfContextAttr, // (out) Context attributes
  869. PTimeStamp ptsExpiry // (out) Life span (OPT)
  870. );
  871. typedef SECURITY_STATUS
  872. (SEC_ENTRY * ACCEPT_SECURITY_CONTEXT_FN)(
  873. PCredHandle,
  874. PCtxtHandle,
  875. PSecBufferDesc,
  876. unsigned long,
  877. unsigned long,
  878. PCtxtHandle,
  879. PSecBufferDesc,
  880. unsigned long SEC_FAR *,
  881. PTimeStamp);
  882. SECURITY_STATUS SEC_ENTRY
  883. CompleteAuthToken(
  884. PCtxtHandle phContext, // Context to complete
  885. PSecBufferDesc pToken // Token to complete
  886. );
  887. typedef SECURITY_STATUS
  888. (SEC_ENTRY * COMPLETE_AUTH_TOKEN_FN)(
  889. PCtxtHandle,
  890. PSecBufferDesc);
  891. SECURITY_STATUS SEC_ENTRY
  892. ImpersonateSecurityContext(
  893. PCtxtHandle phContext // Context to impersonate
  894. );
  895. typedef SECURITY_STATUS
  896. (SEC_ENTRY * IMPERSONATE_SECURITY_CONTEXT_FN)(
  897. PCtxtHandle);
  898. SECURITY_STATUS SEC_ENTRY
  899. RevertSecurityContext(
  900. PCtxtHandle phContext // Context from which to re
  901. );
  902. typedef SECURITY_STATUS
  903. (SEC_ENTRY * REVERT_SECURITY_CONTEXT_FN)(
  904. PCtxtHandle);
  905. SECURITY_STATUS SEC_ENTRY
  906. QuerySecurityContextToken(
  907. PCtxtHandle phContext,
  908. void SEC_FAR * SEC_FAR * Token
  909. );
  910. typedef SECURITY_STATUS
  911. (SEC_ENTRY * QUERY_SECURITY_CONTEXT_TOKEN_FN)(
  912. PCtxtHandle, void SEC_FAR * SEC_FAR *);
  913. SECURITY_STATUS SEC_ENTRY
  914. DeleteSecurityContext(
  915. PCtxtHandle phContext // Context to delete
  916. );
  917. typedef SECURITY_STATUS
  918. (SEC_ENTRY * DELETE_SECURITY_CONTEXT_FN)(
  919. PCtxtHandle);
  920. SECURITY_STATUS SEC_ENTRY
  921. ApplyControlToken(
  922. PCtxtHandle phContext, // Context to modify
  923. PSecBufferDesc pInput // Input token to apply
  924. );
  925. typedef SECURITY_STATUS
  926. (SEC_ENTRY * APPLY_CONTROL_TOKEN_FN)(
  927. PCtxtHandle, PSecBufferDesc);
  928. SECURITY_STATUS SEC_ENTRY
  929. QueryContextAttributesW(
  930. PCtxtHandle phContext, // Context to query
  931. unsigned long ulAttribute, // Attribute to query
  932. void SEC_FAR * pBuffer // Buffer for attributes
  933. );
  934. typedef SECURITY_STATUS
  935. (SEC_ENTRY * QUERY_CONTEXT_ATTRIBUTES_FN_W)(
  936. PCtxtHandle,
  937. unsigned long,
  938. void SEC_FAR *);
  939. // end_ntifs
  940. SECURITY_STATUS SEC_ENTRY
  941. QueryContextAttributesA(
  942. PCtxtHandle phContext, // Context to query
  943. unsigned long ulAttribute, // Attribute to query
  944. void SEC_FAR * pBuffer // Buffer for attributes
  945. );
  946. typedef SECURITY_STATUS
  947. (SEC_ENTRY * QUERY_CONTEXT_ATTRIBUTES_FN_A)(
  948. PCtxtHandle,
  949. unsigned long,
  950. void SEC_FAR *);
  951. #ifdef UNICODE
  952. # define QueryContextAttributes QueryContextAttributesW // ntifs
  953. # define QUERY_CONTEXT_ATTRIBUTES_FN QUERY_CONTEXT_ATTRIBUTES_FN_W // ntifs
  954. #else
  955. # define QueryContextAttributes QueryContextAttributesA
  956. # define QUERY_CONTEXT_ATTRIBUTES_FN QUERY_CONTEXT_ATTRIBUTES_FN_A
  957. #endif // !UNICODE
  958. // begin_ntifs
  959. SECURITY_STATUS SEC_ENTRY
  960. SetContextAttributesW(
  961. PCtxtHandle phContext, // Context to Set
  962. unsigned long ulAttribute, // Attribute to Set
  963. void SEC_FAR * pBuffer, // Buffer for attributes
  964. unsigned long cbBuffer // Size (in bytes) of Buffer
  965. );
  966. typedef SECURITY_STATUS
  967. (SEC_ENTRY * SET_CONTEXT_ATTRIBUTES_FN_W)(
  968. PCtxtHandle,
  969. unsigned long,
  970. void SEC_FAR *,
  971. unsigned long );
  972. // end_ntifs
  973. SECURITY_STATUS SEC_ENTRY
  974. SetContextAttributesA(
  975. PCtxtHandle phContext, // Context to Set
  976. unsigned long ulAttribute, // Attribute to Set
  977. void SEC_FAR * pBuffer, // Buffer for attributes
  978. unsigned long cbBuffer // Size (in bytes) of Buffer
  979. );
  980. typedef SECURITY_STATUS
  981. (SEC_ENTRY * SET_CONTEXT_ATTRIBUTES_FN_A)(
  982. PCtxtHandle,
  983. unsigned long,
  984. void SEC_FAR *,
  985. unsigned long );
  986. #ifdef UNICODE
  987. # define SetContextAttributes SetContextAttributesW // ntifs
  988. # define SET_CONTEXT_ATTRIBUTES_FN SET_CONTEXT_ATTRIBUTES_FN_W // ntifs
  989. #else
  990. # define SetContextAttributes SetContextAttributesA
  991. # define SET_CONTEXT_ATTRIBUTES_FN SET_CONTEXT_ATTRIBUTES_FN_A
  992. #endif // !UNICODE
  993. // begin_ntifs
  994. SECURITY_STATUS SEC_ENTRY
  995. QueryCredentialsAttributesW(
  996. PCredHandle phCredential, // Credential to query
  997. unsigned long ulAttribute, // Attribute to query
  998. void SEC_FAR * pBuffer // Buffer for attributes
  999. );
  1000. typedef SECURITY_STATUS
  1001. (SEC_ENTRY * QUERY_CREDENTIALS_ATTRIBUTES_FN_W)(
  1002. PCredHandle,
  1003. unsigned long,
  1004. void SEC_FAR *);
  1005. // end_ntifs
  1006. SECURITY_STATUS SEC_ENTRY
  1007. QueryCredentialsAttributesA(
  1008. PCredHandle phCredential, // Credential to query
  1009. unsigned long ulAttribute, // Attribute to query
  1010. void SEC_FAR * pBuffer // Buffer for attributes
  1011. );
  1012. typedef SECURITY_STATUS
  1013. (SEC_ENTRY * QUERY_CREDENTIALS_ATTRIBUTES_FN_A)(
  1014. PCredHandle,
  1015. unsigned long,
  1016. void SEC_FAR *);
  1017. #ifdef UNICODE
  1018. # define QueryCredentialsAttributes QueryCredentialsAttributesW // ntifs
  1019. # define QUERY_CREDENTIALS_ATTRIBUTES_FN QUERY_CREDENTIALS_ATTRIBUTES_FN_W // ntifs
  1020. #else
  1021. # define QueryCredentialsAttributes QueryCredentialsAttributesA
  1022. # define QUERY_CREDENTIALS_ATTRIBUTES_FN QUERY_CREDENTIALS_ATTRIBUTES_FN_A
  1023. #endif // !UNICODE
  1024. // begin_ntifs
  1025. SECURITY_STATUS SEC_ENTRY
  1026. FreeContextBuffer(
  1027. void SEC_FAR * pvContextBuffer // buffer to free
  1028. );
  1029. typedef SECURITY_STATUS
  1030. (SEC_ENTRY * FREE_CONTEXT_BUFFER_FN)(
  1031. void SEC_FAR *);
  1032. // end_ntifs
  1033. // begin_ntifs
  1034. ///////////////////////////////////////////////////////////////////
  1035. ////
  1036. //// Message Support API
  1037. ////
  1038. //////////////////////////////////////////////////////////////////
  1039. SECURITY_STATUS SEC_ENTRY
  1040. MakeSignature(
  1041. PCtxtHandle phContext, // Context to use
  1042. unsigned long fQOP, // Quality of Protection
  1043. PSecBufferDesc pMessage, // Message to sign
  1044. unsigned long MessageSeqNo // Message Sequence Num.
  1045. );
  1046. typedef SECURITY_STATUS
  1047. (SEC_ENTRY * MAKE_SIGNATURE_FN)(
  1048. PCtxtHandle,
  1049. unsigned long,
  1050. PSecBufferDesc,
  1051. unsigned long);
  1052. SECURITY_STATUS SEC_ENTRY
  1053. VerifySignature(
  1054. PCtxtHandle phContext, // Context to use
  1055. PSecBufferDesc pMessage, // Message to verify
  1056. unsigned long MessageSeqNo, // Sequence Num.
  1057. unsigned long SEC_FAR * pfQOP // QOP used
  1058. );
  1059. typedef SECURITY_STATUS
  1060. (SEC_ENTRY * VERIFY_SIGNATURE_FN)(
  1061. PCtxtHandle,
  1062. PSecBufferDesc,
  1063. unsigned long,
  1064. unsigned long SEC_FAR *);
  1065. #define SECQOP_WRAP_NO_ENCRYPT 0x80000001
  1066. SECURITY_STATUS SEC_ENTRY
  1067. EncryptMessage( PCtxtHandle phContext,
  1068. unsigned long fQOP,
  1069. PSecBufferDesc pMessage,
  1070. unsigned long MessageSeqNo);
  1071. typedef SECURITY_STATUS
  1072. (SEC_ENTRY * ENCRYPT_MESSAGE_FN)(
  1073. PCtxtHandle, unsigned long, PSecBufferDesc, unsigned long);
  1074. SECURITY_STATUS SEC_ENTRY
  1075. DecryptMessage( PCtxtHandle phContext,
  1076. PSecBufferDesc pMessage,
  1077. unsigned long MessageSeqNo,
  1078. unsigned long * pfQOP);
  1079. typedef SECURITY_STATUS
  1080. (SEC_ENTRY * DECRYPT_MESSAGE_FN)(
  1081. PCtxtHandle, PSecBufferDesc, unsigned long,
  1082. unsigned long SEC_FAR *);
  1083. // end_ntifs
  1084. // begin_ntifs
  1085. ///////////////////////////////////////////////////////////////////////////
  1086. ////
  1087. //// Misc.
  1088. ////
  1089. ///////////////////////////////////////////////////////////////////////////
  1090. SECURITY_STATUS SEC_ENTRY
  1091. EnumerateSecurityPackagesW(
  1092. unsigned long SEC_FAR * pcPackages, // Receives num. packages
  1093. PSecPkgInfoW SEC_FAR * ppPackageInfo // Receives array of info
  1094. );
  1095. typedef SECURITY_STATUS
  1096. (SEC_ENTRY * ENUMERATE_SECURITY_PACKAGES_FN_W)(
  1097. unsigned long SEC_FAR *,
  1098. PSecPkgInfoW SEC_FAR *);
  1099. // end_ntifs
  1100. SECURITY_STATUS SEC_ENTRY
  1101. EnumerateSecurityPackagesA(
  1102. unsigned long SEC_FAR * pcPackages, // Receives num. packages
  1103. PSecPkgInfoA SEC_FAR * ppPackageInfo // Receives array of info
  1104. );
  1105. typedef SECURITY_STATUS
  1106. (SEC_ENTRY * ENUMERATE_SECURITY_PACKAGES_FN_A)(
  1107. unsigned long SEC_FAR *,
  1108. PSecPkgInfoA SEC_FAR *);
  1109. #ifdef UNICODE
  1110. # define EnumerateSecurityPackages EnumerateSecurityPackagesW // ntifs
  1111. # define ENUMERATE_SECURITY_PACKAGES_FN ENUMERATE_SECURITY_PACKAGES_FN_W // ntifs
  1112. #else
  1113. # define EnumerateSecurityPackages EnumerateSecurityPackagesA
  1114. # define ENUMERATE_SECURITY_PACKAGES_FN ENUMERATE_SECURITY_PACKAGES_FN_A
  1115. #endif // !UNICODE
  1116. // begin_ntifs
  1117. SECURITY_STATUS SEC_ENTRY
  1118. QuerySecurityPackageInfoW(
  1119. #if ISSP_MODE == 0
  1120. PSECURITY_STRING pPackageName,
  1121. #else
  1122. SEC_WCHAR SEC_FAR * pszPackageName, // Name of package
  1123. #endif
  1124. PSecPkgInfoW SEC_FAR *ppPackageInfo // Receives package info
  1125. );
  1126. typedef SECURITY_STATUS
  1127. (SEC_ENTRY * QUERY_SECURITY_PACKAGE_INFO_FN_W)(
  1128. #if ISSP_MODE == 0
  1129. PSECURITY_STRING,
  1130. #else
  1131. SEC_WCHAR SEC_FAR *,
  1132. #endif
  1133. PSecPkgInfoW SEC_FAR *);
  1134. // end_ntifs
  1135. SECURITY_STATUS SEC_ENTRY
  1136. QuerySecurityPackageInfoA(
  1137. SEC_CHAR SEC_FAR * pszPackageName, // Name of package
  1138. PSecPkgInfoA SEC_FAR *ppPackageInfo // Receives package info
  1139. );
  1140. typedef SECURITY_STATUS
  1141. (SEC_ENTRY * QUERY_SECURITY_PACKAGE_INFO_FN_A)(
  1142. SEC_CHAR SEC_FAR *,
  1143. PSecPkgInfoA SEC_FAR *);
  1144. #ifdef UNICODE
  1145. # define QuerySecurityPackageInfo QuerySecurityPackageInfoW // ntifs
  1146. # define QUERY_SECURITY_PACKAGE_INFO_FN QUERY_SECURITY_PACKAGE_INFO_FN_W // ntifs
  1147. #else
  1148. # define QuerySecurityPackageInfo QuerySecurityPackageInfoA
  1149. # define QUERY_SECURITY_PACKAGE_INFO_FN QUERY_SECURITY_PACKAGE_INFO_FN_A
  1150. #endif // !UNICODE
  1151. typedef enum _SecDelegationType {
  1152. SecFull,
  1153. SecService,
  1154. SecTree,
  1155. SecDirectory,
  1156. SecObject
  1157. } SecDelegationType, * PSecDelegationType;
  1158. SECURITY_STATUS SEC_ENTRY
  1159. DelegateSecurityContext(
  1160. PCtxtHandle phContext, // IN Active context to delegate
  1161. #if ISSP_MODE == 0
  1162. PSECURITY_STRING pTarget, // IN Target path
  1163. #else
  1164. SEC_CHAR SEC_FAR * pszTarget,
  1165. #endif
  1166. SecDelegationType DelegationType, // IN Type of delegation
  1167. PTimeStamp pExpiry, // IN OPTIONAL time limit
  1168. PSecBuffer pPackageParameters, // IN OPTIONAL package specific
  1169. PSecBufferDesc pOutput); // OUT Token for applycontroltoken.
  1170. ///////////////////////////////////////////////////////////////////////////
  1171. ////
  1172. //// Proxies
  1173. ////
  1174. ///////////////////////////////////////////////////////////////////////////
  1175. //
  1176. // Proxies are only available on NT platforms
  1177. //
  1178. // begin_ntifs
  1179. ///////////////////////////////////////////////////////////////////////////
  1180. ////
  1181. //// Context export/import
  1182. ////
  1183. ///////////////////////////////////////////////////////////////////////////
  1184. SECURITY_STATUS SEC_ENTRY
  1185. ExportSecurityContext(
  1186. PCtxtHandle phContext, // (in) context to export
  1187. ULONG fFlags, // (in) option flags
  1188. PSecBuffer pPackedContext, // (out) marshalled context
  1189. void SEC_FAR * SEC_FAR * pToken // (out, optional) token handle for impersonation
  1190. );
  1191. typedef SECURITY_STATUS
  1192. (SEC_ENTRY * EXPORT_SECURITY_CONTEXT_FN)(
  1193. PCtxtHandle,
  1194. ULONG,
  1195. PSecBuffer,
  1196. void SEC_FAR * SEC_FAR *
  1197. );
  1198. SECURITY_STATUS SEC_ENTRY
  1199. ImportSecurityContextW(
  1200. #if ISSP_MODE == 0
  1201. PSECURITY_STRING pszPackage,
  1202. #else
  1203. SEC_WCHAR SEC_FAR * pszPackage,
  1204. #endif
  1205. PSecBuffer pPackedContext, // (in) marshalled context
  1206. void SEC_FAR * Token, // (in, optional) handle to token for context
  1207. PCtxtHandle phContext // (out) new context handle
  1208. );
  1209. typedef SECURITY_STATUS
  1210. (SEC_ENTRY * IMPORT_SECURITY_CONTEXT_FN_W)(
  1211. #if ISSP_MODE == 0
  1212. PSECURITY_STRING,
  1213. #else
  1214. SEC_WCHAR SEC_FAR *,
  1215. #endif
  1216. PSecBuffer,
  1217. VOID SEC_FAR *,
  1218. PCtxtHandle
  1219. );
  1220. // end_ntifs
  1221. SECURITY_STATUS SEC_ENTRY
  1222. ImportSecurityContextA(
  1223. SEC_CHAR SEC_FAR * pszPackage,
  1224. PSecBuffer pPackedContext, // (in) marshalled context
  1225. VOID SEC_FAR * Token, // (in, optional) handle to token for context
  1226. PCtxtHandle phContext // (out) new context handle
  1227. );
  1228. typedef SECURITY_STATUS
  1229. (SEC_ENTRY * IMPORT_SECURITY_CONTEXT_FN_A)(
  1230. SEC_CHAR SEC_FAR *,
  1231. PSecBuffer,
  1232. void SEC_FAR *,
  1233. PCtxtHandle
  1234. );
  1235. #ifdef UNICODE
  1236. # define ImportSecurityContext ImportSecurityContextW // ntifs
  1237. # define IMPORT_SECURITY_CONTEXT_FN IMPORT_SECURITY_CONTEXT_FN_W // ntifs
  1238. #else
  1239. # define ImportSecurityContext ImportSecurityContextA
  1240. # define IMPORT_SECURITY_CONTEXT_FN IMPORT_SECURITY_CONTEXT_FN_A
  1241. #endif // !UNICODE
  1242. // begin_ntifs
  1243. #if ISSP_MODE == 0
  1244. NTSTATUS
  1245. NTAPI
  1246. SecMakeSPN(
  1247. IN PUNICODE_STRING ServiceClass,
  1248. IN PUNICODE_STRING ServiceName,
  1249. IN PUNICODE_STRING InstanceName OPTIONAL,
  1250. IN USHORT InstancePort OPTIONAL,
  1251. IN PUNICODE_STRING Referrer OPTIONAL,
  1252. IN OUT PUNICODE_STRING Spn,
  1253. OUT PULONG Length OPTIONAL,
  1254. IN BOOLEAN Allocate
  1255. );
  1256. NTSTATUS
  1257. NTAPI
  1258. SecMakeSPNEx(
  1259. IN PUNICODE_STRING ServiceClass,
  1260. IN PUNICODE_STRING ServiceName,
  1261. IN PUNICODE_STRING InstanceName OPTIONAL,
  1262. IN USHORT InstancePort OPTIONAL,
  1263. IN PUNICODE_STRING Referrer OPTIONAL,
  1264. IN PUNICODE_STRING TargetInfo OPTIONAL,
  1265. IN OUT PUNICODE_STRING Spn,
  1266. OUT PULONG Length OPTIONAL,
  1267. IN BOOLEAN Allocate
  1268. );
  1269. NTSTATUS
  1270. SEC_ENTRY
  1271. SecLookupAccountSid(
  1272. IN PSID Sid,
  1273. IN OUT PULONG NameSize,
  1274. OUT PUNICODE_STRING NameBuffer,
  1275. IN OUT PULONG DomainSize OPTIONAL,
  1276. OUT PUNICODE_STRING DomainBuffer OPTIONAL,
  1277. OUT PSID_NAME_USE NameUse
  1278. );
  1279. NTSTATUS
  1280. SEC_ENTRY
  1281. SecLookupAccountName(
  1282. IN PUNICODE_STRING Name,
  1283. IN OUT PULONG SidSize,
  1284. OUT PSID Sid,
  1285. OUT PSID_NAME_USE NameUse,
  1286. IN OUT PULONG DomainSize OPTIONAL,
  1287. OUT PUNICODE_STRING ReferencedDomain OPTIONAL
  1288. );
  1289. NTSTATUS
  1290. SEC_ENTRY
  1291. SecLookupWellKnownSid(
  1292. IN WELL_KNOWN_SID_TYPE SidType,
  1293. OUT PSID Sid,
  1294. ULONG SidBufferSize,
  1295. OUT PULONG SidSize OPTIONAL
  1296. );
  1297. #endif
  1298. // end_ntifs
  1299. ///////////////////////////////////////////////////////////////////////////////
  1300. ////
  1301. //// Fast access for RPC:
  1302. ////
  1303. ///////////////////////////////////////////////////////////////////////////////
  1304. #define SECURITY_ENTRYPOINT_ANSIW "InitSecurityInterfaceW"
  1305. #define SECURITY_ENTRYPOINT_ANSIA "InitSecurityInterfaceA"
  1306. #define SECURITY_ENTRYPOINTW SEC_TEXT("InitSecurityInterfaceW") // ntifs
  1307. #define SECURITY_ENTRYPOINTA SEC_TEXT("InitSecurityInterfaceA")
  1308. #define SECURITY_ENTRYPOINT16 "INITSECURITYINTERFACEA"
  1309. #ifdef SECURITY_WIN32
  1310. # ifdef UNICODE
  1311. # define SECURITY_ENTRYPOINT SECURITY_ENTRYPOINTW // ntifs
  1312. # define SECURITY_ENTRYPOINT_ANSI SECURITY_ENTRYPOINT_ANSIW
  1313. # else // UNICODE
  1314. # define SECURITY_ENTRYPOINT SECURITY_ENTRYPOINTA
  1315. # define SECURITY_ENTRYPOINT_ANSI SECURITY_ENTRYPOINT_ANSIA
  1316. # endif // UNICODE
  1317. #else // SECURITY_WIN32
  1318. # define SECURITY_ENTRYPOINT SECURITY_ENTRYPOINT16
  1319. # define SECURITY_ENTRYPOINT_ANSI SECURITY_ENTRYPOINT16
  1320. #endif // SECURITY_WIN32
  1321. // begin_ntifs
  1322. #define FreeCredentialHandle FreeCredentialsHandle
  1323. typedef struct _SECURITY_FUNCTION_TABLE_W {
  1324. unsigned long dwVersion;
  1325. ENUMERATE_SECURITY_PACKAGES_FN_W EnumerateSecurityPackagesW;
  1326. QUERY_CREDENTIALS_ATTRIBUTES_FN_W QueryCredentialsAttributesW;
  1327. ACQUIRE_CREDENTIALS_HANDLE_FN_W AcquireCredentialsHandleW;
  1328. FREE_CREDENTIALS_HANDLE_FN FreeCredentialsHandle;
  1329. void SEC_FAR * Reserved2;
  1330. INITIALIZE_SECURITY_CONTEXT_FN_W InitializeSecurityContextW;
  1331. ACCEPT_SECURITY_CONTEXT_FN AcceptSecurityContext;
  1332. COMPLETE_AUTH_TOKEN_FN CompleteAuthToken;
  1333. DELETE_SECURITY_CONTEXT_FN DeleteSecurityContext;
  1334. APPLY_CONTROL_TOKEN_FN ApplyControlToken;
  1335. QUERY_CONTEXT_ATTRIBUTES_FN_W QueryContextAttributesW;
  1336. IMPERSONATE_SECURITY_CONTEXT_FN ImpersonateSecurityContext;
  1337. REVERT_SECURITY_CONTEXT_FN RevertSecurityContext;
  1338. MAKE_SIGNATURE_FN MakeSignature;
  1339. VERIFY_SIGNATURE_FN VerifySignature;
  1340. FREE_CONTEXT_BUFFER_FN FreeContextBuffer;
  1341. QUERY_SECURITY_PACKAGE_INFO_FN_W QuerySecurityPackageInfoW;
  1342. void SEC_FAR * Reserved3;
  1343. void SEC_FAR * Reserved4;
  1344. EXPORT_SECURITY_CONTEXT_FN ExportSecurityContext;
  1345. IMPORT_SECURITY_CONTEXT_FN_W ImportSecurityContextW;
  1346. ADD_CREDENTIALS_FN_W AddCredentialsW ;
  1347. void SEC_FAR * Reserved8;
  1348. QUERY_SECURITY_CONTEXT_TOKEN_FN QuerySecurityContextToken;
  1349. ENCRYPT_MESSAGE_FN EncryptMessage;
  1350. DECRYPT_MESSAGE_FN DecryptMessage;
  1351. SET_CONTEXT_ATTRIBUTES_FN_W SetContextAttributesW;
  1352. } SecurityFunctionTableW, SEC_FAR * PSecurityFunctionTableW;
  1353. // end_ntifs
  1354. typedef struct _SECURITY_FUNCTION_TABLE_A {
  1355. unsigned long dwVersion;
  1356. ENUMERATE_SECURITY_PACKAGES_FN_A EnumerateSecurityPackagesA;
  1357. QUERY_CREDENTIALS_ATTRIBUTES_FN_A QueryCredentialsAttributesA;
  1358. ACQUIRE_CREDENTIALS_HANDLE_FN_A AcquireCredentialsHandleA;
  1359. FREE_CREDENTIALS_HANDLE_FN FreeCredentialHandle;
  1360. void SEC_FAR * Reserved2;
  1361. INITIALIZE_SECURITY_CONTEXT_FN_A InitializeSecurityContextA;
  1362. ACCEPT_SECURITY_CONTEXT_FN AcceptSecurityContext;
  1363. COMPLETE_AUTH_TOKEN_FN CompleteAuthToken;
  1364. DELETE_SECURITY_CONTEXT_FN DeleteSecurityContext;
  1365. APPLY_CONTROL_TOKEN_FN ApplyControlToken;
  1366. QUERY_CONTEXT_ATTRIBUTES_FN_A QueryContextAttributesA;
  1367. IMPERSONATE_SECURITY_CONTEXT_FN ImpersonateSecurityContext;
  1368. REVERT_SECURITY_CONTEXT_FN RevertSecurityContext;
  1369. MAKE_SIGNATURE_FN MakeSignature;
  1370. VERIFY_SIGNATURE_FN VerifySignature;
  1371. FREE_CONTEXT_BUFFER_FN FreeContextBuffer;
  1372. QUERY_SECURITY_PACKAGE_INFO_FN_A QuerySecurityPackageInfoA;
  1373. void SEC_FAR * Reserved3;
  1374. void SEC_FAR * Reserved4;
  1375. EXPORT_SECURITY_CONTEXT_FN ExportSecurityContext;
  1376. IMPORT_SECURITY_CONTEXT_FN_A ImportSecurityContextA;
  1377. ADD_CREDENTIALS_FN_A AddCredentialsA ;
  1378. void SEC_FAR * Reserved8;
  1379. QUERY_SECURITY_CONTEXT_TOKEN_FN QuerySecurityContextToken;
  1380. ENCRYPT_MESSAGE_FN EncryptMessage;
  1381. DECRYPT_MESSAGE_FN DecryptMessage;
  1382. SET_CONTEXT_ATTRIBUTES_FN_A SetContextAttributesA;
  1383. } SecurityFunctionTableA, SEC_FAR * PSecurityFunctionTableA;
  1384. #ifdef UNICODE
  1385. # define SecurityFunctionTable SecurityFunctionTableW // ntifs
  1386. # define PSecurityFunctionTable PSecurityFunctionTableW // ntifs
  1387. #else
  1388. # define SecurityFunctionTable SecurityFunctionTableA
  1389. # define PSecurityFunctionTable PSecurityFunctionTableA
  1390. #endif // !UNICODE
  1391. #define SECURITY_
  1392. // Function table has all routines through DecryptMessage
  1393. #define SECURITY_SUPPORT_PROVIDER_INTERFACE_VERSION 1 // ntifs
  1394. // Function table has all routines through SetContextAttributes
  1395. #define SECURITY_SUPPORT_PROVIDER_INTERFACE_VERSION_2 2 // ntifs
  1396. PSecurityFunctionTableA SEC_ENTRY
  1397. InitSecurityInterfaceA(
  1398. void
  1399. );
  1400. typedef PSecurityFunctionTableA
  1401. (SEC_ENTRY * INIT_SECURITY_INTERFACE_A)(void);
  1402. // begin_ntifs
  1403. PSecurityFunctionTableW SEC_ENTRY
  1404. InitSecurityInterfaceW(
  1405. void
  1406. );
  1407. typedef PSecurityFunctionTableW
  1408. (SEC_ENTRY * INIT_SECURITY_INTERFACE_W)(void);
  1409. // end_ntifs
  1410. #ifdef UNICODE
  1411. # define InitSecurityInterface InitSecurityInterfaceW // ntifs
  1412. # define INIT_SECURITY_INTERFACE INIT_SECURITY_INTERFACE_W // ntifs
  1413. #else
  1414. # define InitSecurityInterface InitSecurityInterfaceA
  1415. # define INIT_SECURITY_INTERFACE INIT_SECURITY_INTERFACE_A
  1416. #endif // !UNICODE
  1417. #ifdef SECURITY_WIN32
  1418. //
  1419. // SASL Profile Support
  1420. //
  1421. SECURITY_STATUS
  1422. SEC_ENTRY
  1423. SaslEnumerateProfilesA(
  1424. OUT LPSTR * ProfileList,
  1425. OUT ULONG * ProfileCount
  1426. );
  1427. SECURITY_STATUS
  1428. SEC_ENTRY
  1429. SaslEnumerateProfilesW(
  1430. OUT LPWSTR * ProfileList,
  1431. OUT ULONG * ProfileCount
  1432. );
  1433. #ifdef UNICODE
  1434. #define SaslEnumerateProfiles SaslEnumerateProfilesW
  1435. #else
  1436. #define SaslEnumerateProfiles SaslEnumerateProfilesA
  1437. #endif
  1438. SECURITY_STATUS
  1439. SEC_ENTRY
  1440. SaslGetProfilePackageA(
  1441. IN LPSTR ProfileName,
  1442. OUT PSecPkgInfoA * PackageInfo
  1443. );
  1444. SECURITY_STATUS
  1445. SEC_ENTRY
  1446. SaslGetProfilePackageW(
  1447. IN LPWSTR ProfileName,
  1448. OUT PSecPkgInfoW * PackageInfo
  1449. );
  1450. #ifdef UNICODE
  1451. #define SaslGetProfilePackage SaslGetProfilePackageW
  1452. #else
  1453. #define SaslGetProfilePackage SaslGetProfilePackageA
  1454. #endif
  1455. SECURITY_STATUS
  1456. SEC_ENTRY
  1457. SaslIdentifyPackageA(
  1458. IN PSecBufferDesc pInput,
  1459. OUT PSecPkgInfoA * PackageInfo
  1460. );
  1461. SECURITY_STATUS
  1462. SEC_ENTRY
  1463. SaslIdentifyPackageW(
  1464. IN PSecBufferDesc pInput,
  1465. OUT PSecPkgInfoW * PackageInfo
  1466. );
  1467. #ifdef UNICODE
  1468. #define SaslIdentifyPackage SaslIdentifyPackageW
  1469. #else
  1470. #define SaslIdentifyPackage SaslIdentifyPackageA
  1471. #endif
  1472. SECURITY_STATUS
  1473. SEC_ENTRY
  1474. SaslInitializeSecurityContextW(
  1475. PCredHandle phCredential, // Cred to base context
  1476. PCtxtHandle phContext, // Existing context (OPT)
  1477. LPWSTR pszTargetName, // Name of target
  1478. unsigned long fContextReq, // Context Requirements
  1479. unsigned long Reserved1, // Reserved, MBZ
  1480. unsigned long TargetDataRep, // Data rep of target
  1481. PSecBufferDesc pInput, // Input Buffers
  1482. unsigned long Reserved2, // Reserved, MBZ
  1483. PCtxtHandle phNewContext, // (out) New Context handle
  1484. PSecBufferDesc pOutput, // (inout) Output Buffers
  1485. unsigned long SEC_FAR * pfContextAttr, // (out) Context attrs
  1486. PTimeStamp ptsExpiry // (out) Life span (OPT)
  1487. );
  1488. SECURITY_STATUS
  1489. SEC_ENTRY
  1490. SaslInitializeSecurityContextA(
  1491. PCredHandle phCredential, // Cred to base context
  1492. PCtxtHandle phContext, // Existing context (OPT)
  1493. LPSTR pszTargetName, // Name of target
  1494. unsigned long fContextReq, // Context Requirements
  1495. unsigned long Reserved1, // Reserved, MBZ
  1496. unsigned long TargetDataRep, // Data rep of target
  1497. PSecBufferDesc pInput, // Input Buffers
  1498. unsigned long Reserved2, // Reserved, MBZ
  1499. PCtxtHandle phNewContext, // (out) New Context handle
  1500. PSecBufferDesc pOutput, // (inout) Output Buffers
  1501. unsigned long SEC_FAR * pfContextAttr, // (out) Context attrs
  1502. PTimeStamp ptsExpiry // (out) Life span (OPT)
  1503. );
  1504. #ifdef UNICODE
  1505. #define SaslInitializeSecurityContext SaslInitializeSecurityContextW
  1506. #else
  1507. #define SaslInitializeSecurityContext SaslInitializeSecurityContextA
  1508. #endif
  1509. SECURITY_STATUS
  1510. SEC_ENTRY
  1511. SaslAcceptSecurityContext(
  1512. PCredHandle phCredential, // Cred to base context
  1513. PCtxtHandle phContext, // Existing context (OPT)
  1514. PSecBufferDesc pInput, // Input buffer
  1515. unsigned long fContextReq, // Context Requirements
  1516. unsigned long TargetDataRep, // Target Data Rep
  1517. PCtxtHandle phNewContext, // (out) New context handle
  1518. PSecBufferDesc pOutput, // (inout) Output buffers
  1519. unsigned long SEC_FAR * pfContextAttr, // (out) Context attributes
  1520. PTimeStamp ptsExpiry // (out) Life span (OPT)
  1521. );
  1522. #define SASL_OPTION_SEND_SIZE 1 // Maximum size to send to peer
  1523. #define SASL_OPTION_RECV_SIZE 2 // Maximum size willing to receive
  1524. #define SASL_OPTION_AUTHZ_STRING 3 // Authorization string
  1525. #define SASL_OPTION_AUTHZ_PROCESSING 4 // Authorization string processing
  1526. typedef enum _SASL_AUTHZID_STATE {
  1527. Sasl_AuthZIDForbidden, // allow no AuthZID strings to be specified - error out (default)
  1528. Sasl_AuthZIDProcessed // AuthZID Strings processed by Application or SSP
  1529. } SASL_AUTHZID_STATE ;
  1530. SECURITY_STATUS
  1531. SEC_ENTRY
  1532. SaslSetContextOption(
  1533. PCtxtHandle ContextHandle,
  1534. ULONG Option,
  1535. PVOID Value,
  1536. ULONG Size
  1537. );
  1538. SECURITY_STATUS
  1539. SEC_ENTRY
  1540. SaslGetContextOption(
  1541. PCtxtHandle ContextHandle,
  1542. ULONG Option,
  1543. PVOID Value,
  1544. ULONG Size,
  1545. PULONG Needed OPTIONAL
  1546. );
  1547. #endif
  1548. #ifdef SECURITY_DOS
  1549. #if _MSC_VER >= 1200
  1550. #pragma warning(pop)
  1551. #else
  1552. #pragma warning(default:4147)
  1553. #endif
  1554. #endif
  1555. //
  1556. // This is the legacy credentials structure.
  1557. // The EX version below is preferred.
  1558. // begin_ntifs
  1559. #ifndef _AUTH_IDENTITY_DEFINED
  1560. #define _AUTH_IDENTITY_DEFINED
  1561. #define SEC_WINNT_AUTH_IDENTITY_ANSI 0x1
  1562. #define SEC_WINNT_AUTH_IDENTITY_UNICODE 0x2
  1563. typedef struct _SEC_WINNT_AUTH_IDENTITY_W {
  1564. unsigned short *User;
  1565. unsigned long UserLength;
  1566. unsigned short *Domain;
  1567. unsigned long DomainLength;
  1568. unsigned short *Password;
  1569. unsigned long PasswordLength;
  1570. unsigned long Flags;
  1571. } SEC_WINNT_AUTH_IDENTITY_W, *PSEC_WINNT_AUTH_IDENTITY_W;
  1572. // end_ntifs
  1573. typedef struct _SEC_WINNT_AUTH_IDENTITY_A {
  1574. unsigned char *User;
  1575. unsigned long UserLength;
  1576. unsigned char *Domain;
  1577. unsigned long DomainLength;
  1578. unsigned char *Password;
  1579. unsigned long PasswordLength;
  1580. unsigned long Flags;
  1581. } SEC_WINNT_AUTH_IDENTITY_A, *PSEC_WINNT_AUTH_IDENTITY_A;
  1582. #ifdef UNICODE
  1583. #define SEC_WINNT_AUTH_IDENTITY SEC_WINNT_AUTH_IDENTITY_W // ntifs
  1584. #define PSEC_WINNT_AUTH_IDENTITY PSEC_WINNT_AUTH_IDENTITY_W // ntifs
  1585. #define _SEC_WINNT_AUTH_IDENTITY _SEC_WINNT_AUTH_IDENTITY_W // ntifs
  1586. #else // UNICODE
  1587. #define SEC_WINNT_AUTH_IDENTITY SEC_WINNT_AUTH_IDENTITY_A
  1588. #define PSEC_WINNT_AUTH_IDENTITY PSEC_WINNT_AUTH_IDENTITY_A
  1589. #define _SEC_WINNT_AUTH_IDENTITY _SEC_WINNT_AUTH_IDENTITY_A
  1590. #endif // UNICODE
  1591. #endif //_AUTH_IDENTITY_DEFINED // ntifs
  1592. // begin_ntifs
  1593. //
  1594. // This is the combined authentication identity structure that may be
  1595. // used with the negotiate package, NTLM, Kerberos, or SCHANNEL
  1596. //
  1597. #ifndef SEC_WINNT_AUTH_IDENTITY_VERSION
  1598. #define SEC_WINNT_AUTH_IDENTITY_VERSION 0x200
  1599. typedef struct _SEC_WINNT_AUTH_IDENTITY_EXW {
  1600. unsigned long Version;
  1601. unsigned long Length;
  1602. unsigned short SEC_FAR *User;
  1603. unsigned long UserLength;
  1604. unsigned short SEC_FAR *Domain;
  1605. unsigned long DomainLength;
  1606. unsigned short SEC_FAR *Password;
  1607. unsigned long PasswordLength;
  1608. unsigned long Flags;
  1609. unsigned short SEC_FAR * PackageList;
  1610. unsigned long PackageListLength;
  1611. } SEC_WINNT_AUTH_IDENTITY_EXW, *PSEC_WINNT_AUTH_IDENTITY_EXW;
  1612. // end_ntifs
  1613. typedef struct _SEC_WINNT_AUTH_IDENTITY_EXA {
  1614. unsigned long Version;
  1615. unsigned long Length;
  1616. unsigned char SEC_FAR *User;
  1617. unsigned long UserLength;
  1618. unsigned char SEC_FAR *Domain;
  1619. unsigned long DomainLength;
  1620. unsigned char SEC_FAR *Password;
  1621. unsigned long PasswordLength;
  1622. unsigned long Flags;
  1623. unsigned char SEC_FAR * PackageList;
  1624. unsigned long PackageListLength;
  1625. } SEC_WINNT_AUTH_IDENTITY_EXA, *PSEC_WINNT_AUTH_IDENTITY_EXA;
  1626. #ifdef UNICODE
  1627. #define SEC_WINNT_AUTH_IDENTITY_EX SEC_WINNT_AUTH_IDENTITY_EXW // ntifs
  1628. #define PSEC_WINNT_AUTH_IDENTITY_EX PSEC_WINNT_AUTH_IDENTITY_EXW // ntifs
  1629. #else
  1630. #define SEC_WINNT_AUTH_IDENTITY_EX SEC_WINNT_AUTH_IDENTITY_EXA
  1631. #endif
  1632. // begin_ntifs
  1633. #endif // SEC_WINNT_AUTH_IDENTITY_VERSION
  1634. //
  1635. // Common types used by negotiable security packages
  1636. //
  1637. #define SEC_WINNT_AUTH_IDENTITY_MARSHALLED 0x4 // all data is in one buffer
  1638. #define SEC_WINNT_AUTH_IDENTITY_ONLY 0x8 // these credentials are for identity only - no PAC needed
  1639. // end_ntifs
  1640. //
  1641. // Routines for manipulating packages
  1642. //
  1643. typedef struct _SECURITY_PACKAGE_OPTIONS {
  1644. unsigned long Size;
  1645. unsigned long Type;
  1646. unsigned long Flags;
  1647. unsigned long SignatureSize;
  1648. void SEC_FAR * Signature;
  1649. } SECURITY_PACKAGE_OPTIONS, SEC_FAR * PSECURITY_PACKAGE_OPTIONS;
  1650. #define SECPKG_OPTIONS_TYPE_UNKNOWN 0
  1651. #define SECPKG_OPTIONS_TYPE_LSA 1
  1652. #define SECPKG_OPTIONS_TYPE_SSPI 2
  1653. #define SECPKG_OPTIONS_PERMANENT 0x00000001
  1654. SECURITY_STATUS
  1655. SEC_ENTRY
  1656. AddSecurityPackageA(
  1657. SEC_CHAR SEC_FAR * pszPackageName,
  1658. SECURITY_PACKAGE_OPTIONS SEC_FAR * Options
  1659. );
  1660. SECURITY_STATUS
  1661. SEC_ENTRY
  1662. AddSecurityPackageW(
  1663. SEC_WCHAR SEC_FAR * pszPackageName,
  1664. SECURITY_PACKAGE_OPTIONS SEC_FAR * Options
  1665. );
  1666. #ifdef UNICODE
  1667. #define AddSecurityPackage AddSecurityPackageW
  1668. #else
  1669. #define AddSecurityPackage AddSecurityPackageA
  1670. #endif
  1671. SECURITY_STATUS
  1672. SEC_ENTRY
  1673. DeleteSecurityPackageA(
  1674. SEC_CHAR SEC_FAR * pszPackageName );
  1675. SECURITY_STATUS
  1676. SEC_ENTRY
  1677. DeleteSecurityPackageW(
  1678. SEC_WCHAR SEC_FAR * pszPackageName );
  1679. #ifdef UNICODE
  1680. #define DeleteSecurityPackage DeleteSecurityPackageW
  1681. #else
  1682. #define DeleteSecurityPackage DeleteSecurityPackageA
  1683. #endif
  1684. #ifdef __cplusplus
  1685. } // extern "C"
  1686. #endif
  1687. // begin_ntifs
  1688. #endif // __SSPI_H__
  1689. // end_ntifs