archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
4 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 5c6fe3db62
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '5c6fe3db62'
${ noResults }
windows-server-2003/public/sdk/inc/secpkg.h

1460 lines
42 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. //+-----------------------------------------------------------------------
  2. //
  3. // Microsoft Windows
  4. //
  5. // Copyright (c) Microsoft Corporation 1991-1999
  6. //
  7. // File: secpkg.h
  8. //
  9. // Contents: Global definitions for security packages
  10. // This file will contain everything specific to writing
  11. // a security package.
  12. //
  13. //
  14. // History: 10 Mar 92 RichardW Created
  15. // 24-Mar-94 wader Changed EstablishCredentials to SystemLogon
  16. //
  17. //------------------------------------------------------------------------
  20. #ifndef __SECPKG_H__
  21. #define __SECPKG_H__
  23. #if _MSC_VER > 1000
  24. #pragma once
  25. #endif
  27. #include <ntlsa.h> // SECURITY_LOGON_TYPE
  30. // begin_ntsecpkg
  32. #ifdef SECURITY_KERNEL
  33. //
  34. // Can't use the windows.h def'ns in kernel mode.
  35. //
  36. typedef PVOID SEC_THREAD_START;
  37. typedef PVOID SEC_ATTRS;
  38. #else
  39. typedef LPTHREAD_START_ROUTINE SEC_THREAD_START;
  40. typedef LPSECURITY_ATTRIBUTES SEC_ATTRS;
  41. #endif
  44. #define SecEqualLuid(L1, L2) \
  45. ( ( ((PLUID)L1)->LowPart == ((PLUID)L2)->LowPart ) && \
  46. ( ((PLUID)L1)->HighPart == ((PLUID)L2)->HighPart ) ) \
  48. #define SecIsZeroLuid( L1 ) \
  49. ( ( L1->LowPart | L1->HighPart ) == 0 )
  51. //
  52. // The following structures are used by the helper functions
  53. //
  55. typedef struct _SECPKG_CLIENT_INFO {
  56. LUID LogonId; // Effective Logon Id
  57. ULONG ProcessID; // Process Id of caller
  58. ULONG ThreadID; // Thread Id of caller
  59. BOOLEAN HasTcbPrivilege; // Client has TCB
  60. BOOLEAN Impersonating; // Client is impersonating
  61. BOOLEAN Restricted; // Client is restricted
  63. //
  64. // NT 5.1
  65. //
  67. UCHAR ClientFlags; // Extra flags about the client
  68. SECURITY_IMPERSONATION_LEVEL ImpersonationLevel; // Impersonation level of client
  70. } SECPKG_CLIENT_INFO, * PSECPKG_CLIENT_INFO;
  72. #define SECPKG_CLIENT_PROCESS_TERMINATED 0x01 // The client process has terminated
  73. #define SECPKG_CLIENT_THREAD_TERMINATED 0x02 // The client thread has terminated
  75. typedef struct _SECPKG_CALL_INFO {
  76. ULONG ProcessId ;
  77. ULONG ThreadId ;
  78. ULONG Attributes ;
  79. ULONG CallCount ;
  80. } SECPKG_CALL_INFO, * PSECPKG_CALL_INFO ;
  82. #define SECPKG_CALL_KERNEL_MODE 0x00000001 // Call originated in kernel mode
  83. #define SECPKG_CALL_ANSI 0x00000002 // Call came from ANSI stub
  84. #define SECPKG_CALL_URGENT 0x00000004 // Call designated urgent
  85. #define SECPKG_CALL_RECURSIVE 0x00000008 // Call is recursing
  86. #define SECPKG_CALL_IN_PROC 0x00000010 // Call originated in process
  87. #define SECPKG_CALL_CLEANUP 0x00000020 // Call is cleanup from a client
  88. #define SECPKG_CALL_WOWCLIENT 0x00000040 // Call is from a WOW client process
  89. #define SECPKG_CALL_THREAD_TERM 0x00000080 // Call is from a thread that has term'd
  90. #define SECPKG_CALL_PROCESS_TERM 0x00000100 // Call is from a process that has term'd
  91. #define SECPKG_CALL_IS_TCB 0x00000200 // Call is from TCB
  94. typedef struct _SECPKG_SUPPLEMENTAL_CRED {
  95. UNICODE_STRING PackageName;
  96. ULONG CredentialSize;
  97. #ifdef MIDL_PASS
  98. [size_is(CredentialSize)]
  99. #endif // MIDL_PASS
  100. PUCHAR Credentials;
  101. } SECPKG_SUPPLEMENTAL_CRED, *PSECPKG_SUPPLEMENTAL_CRED;
  103. typedef ULONG_PTR LSA_SEC_HANDLE ;
  104. typedef LSA_SEC_HANDLE * PLSA_SEC_HANDLE ;
  105. typedef struct _SECPKG_SUPPLEMENTAL_CRED_ARRAY {
  106. ULONG CredentialCount;
  107. #ifdef MIDL_PASS
  108. [size_is(CredentialCount)] SECPKG_SUPPLEMENTAL_CRED Credentials[*];
  109. #else // MIDL_PASS
  110. SECPKG_SUPPLEMENTAL_CRED Credentials[1];
  111. #endif // MIDL_PASS
  112. } SECPKG_SUPPLEMENTAL_CRED_ARRAY, *PSECPKG_SUPPLEMENTAL_CRED_ARRAY;
  114. //
  115. // This flag is used for to indicate which buffers in the LSA are located
  116. // in the client's address space
  117. //
  119. #define SECBUFFER_UNMAPPED 0x40000000
  121. //
  122. // This flag is used to indicate that the buffer was mapped into the LSA
  123. // from kernel mode.
  124. //
  126. #define SECBUFFER_KERNEL_MAP 0x20000000
  128. typedef NTSTATUS
  129. (NTAPI LSA_CALLBACK_FUNCTION)(
  130. ULONG_PTR Argument1,
  131. ULONG_PTR Argument2,
  132. PSecBuffer InputBuffer,
  133. PSecBuffer OutputBuffer
  134. );
  136. typedef LSA_CALLBACK_FUNCTION * PLSA_CALLBACK_FUNCTION ;
  140. #define PRIMARY_CRED_CLEAR_PASSWORD 0x1
  141. #define PRIMARY_CRED_OWF_PASSWORD 0x2
  142. #define PRIMARY_CRED_UPDATE 0x4 // this is a change of existing creds
  143. #define PRIMARY_CRED_CACHED_LOGON 0x8
  144. #define PRIMARY_CRED_LOGON_NO_TCB 0x10
  146. #define PRIMARY_CRED_LOGON_PACKAGE_SHIFT 24
  147. #define PRIMARY_CRED_PACKAGE_MASK 0xff000000
  149. //
  150. // For cached logons, the RPC id of the package doing the logon is identified
  151. // by shifting the flags to the right by the PRIMARY_CRED_LOGON_PACKAGE_SHIFT.
  152. //
  154. typedef struct _SECPKG_PRIMARY_CRED {
  155. LUID LogonId;
  156. UNICODE_STRING DownlevelName; // Sam Account Name
  157. UNICODE_STRING DomainName; // Netbios domain name where account is located
  158. UNICODE_STRING Password;
  159. UNICODE_STRING OldPassword;
  160. PSID UserSid;
  161. ULONG Flags;
  162. UNICODE_STRING DnsDomainName; // DNS domain name where account is located (if known)
  163. UNICODE_STRING Upn; // UPN of account (if known)
  165. UNICODE_STRING LogonServer;
  166. UNICODE_STRING Spare1;
  167. UNICODE_STRING Spare2;
  168. UNICODE_STRING Spare3;
  169. UNICODE_STRING Spare4;
  170. } SECPKG_PRIMARY_CRED, *PSECPKG_PRIMARY_CRED;
  172. //
  173. // Maximum size of stored credentials.
  174. //
  176. #define MAX_CRED_SIZE 1024
  178. // Values for MachineState
  180. #define SECPKG_STATE_ENCRYPTION_PERMITTED 0x01
  181. #define SECPKG_STATE_STRONG_ENCRYPTION_PERMITTED 0x02
  182. #define SECPKG_STATE_DOMAIN_CONTROLLER 0x04
  183. #define SECPKG_STATE_WORKSTATION 0x08
  184. #define SECPKG_STATE_STANDALONE 0x10
  186. typedef struct _SECPKG_PARAMETERS {
  187. ULONG Version;
  188. ULONG MachineState;
  189. ULONG SetupMode;
  190. PSID DomainSid;
  191. UNICODE_STRING DomainName;
  192. UNICODE_STRING DnsDomainName;
  193. GUID DomainGuid;
  194. } SECPKG_PARAMETERS, *PSECPKG_PARAMETERS;
  197. //
  198. // Extended Package information structures
  199. //
  201. typedef enum _SECPKG_EXTENDED_INFORMATION_CLASS {
  202. SecpkgGssInfo = 1,
  203. SecpkgContextThunks,
  204. SecpkgMutualAuthLevel,
  205. SecpkgWowClientDll,
  206. SecpkgExtraOids,
  207. SecpkgMaxInfo
  208. } SECPKG_EXTENDED_INFORMATION_CLASS ;
  210. typedef struct _SECPKG_GSS_INFO {
  211. ULONG EncodedIdLength ;
  212. UCHAR EncodedId[4] ;
  213. } SECPKG_GSS_INFO, * PSECPKG_GSS_INFO ;
  215. typedef struct _SECPKG_CONTEXT_THUNKS {
  216. ULONG InfoLevelCount ;
  217. ULONG Levels[1] ;
  218. } SECPKG_CONTEXT_THUNKS, *PSECPKG_CONTEXT_THUNKS ;
  220. typedef struct _SECPKG_MUTUAL_AUTH_LEVEL {
  221. ULONG MutualAuthLevel ;
  222. } SECPKG_MUTUAL_AUTH_LEVEL, * PSECPKG_MUTUAL_AUTH_LEVEL ;
  224. typedef struct _SECPKG_WOW_CLIENT_DLL {
  225. SECURITY_STRING WowClientDllPath;
  226. } SECPKG_WOW_CLIENT_DLL, * PSECPKG_WOW_CLIENT_DLL ;
  228. #define SECPKG_MAX_OID_LENGTH 32
  230. typedef struct _SECPKG_SERIALIZED_OID {
  231. ULONG OidLength ;
  232. ULONG OidAttributes ;
  233. UCHAR OidValue[ SECPKG_MAX_OID_LENGTH ];
  234. } SECPKG_SERIALIZED_OID, * PSECPKG_SERIALIZED_OID ;
  236. typedef struct _SECPKG_EXTRA_OIDS {
  237. ULONG OidCount ;
  238. SECPKG_SERIALIZED_OID Oids[ 1 ];
  239. } SECPKG_EXTRA_OIDS, * PSECPKG_EXTRA_OIDS;
  242. typedef struct _SECPKG_EXTENDED_INFORMATION {
  243. SECPKG_EXTENDED_INFORMATION_CLASS Class ;
  244. union {
  245. SECPKG_GSS_INFO GssInfo ;
  246. SECPKG_CONTEXT_THUNKS ContextThunks ;
  247. SECPKG_MUTUAL_AUTH_LEVEL MutualAuthLevel ;
  248. SECPKG_WOW_CLIENT_DLL WowClientDll ;
  249. SECPKG_EXTRA_OIDS ExtraOids ;
  250. } Info ;
  251. } SECPKG_EXTENDED_INFORMATION, * PSECPKG_EXTENDED_INFORMATION ;
  254. #define SECPKG_ATTR_SASL_CONTEXT 0x00010000
  256. typedef struct _SecPkgContext_SaslContext {
  257. PVOID SaslContext ;
  258. } SecPkgContext_SaslContext, * PSecPkgContext_SaslContext ;
  260. //
  261. // Setting this value as the first context thunk value will cause all
  262. // calls to go to the LSA:
  263. //
  265. #define SECPKG_ATTR_THUNK_ALL 0x00010000
  268. #ifndef SECURITY_USER_DATA_DEFINED
  269. #define SECURITY_USER_DATA_DEFINED
  271. typedef struct _SECURITY_USER_DATA {
  272. SECURITY_STRING UserName; // User name
  273. SECURITY_STRING LogonDomainName; // Domain the user logged on to
  274. SECURITY_STRING LogonServer; // Server that logged the user on
  275. PSID pSid; // SID of user
  276. } SECURITY_USER_DATA, *PSECURITY_USER_DATA;
  278. typedef SECURITY_USER_DATA SecurityUserData, * PSecurityUserData;
  281. #define UNDERSTANDS_LONG_NAMES 1
  282. #define NO_LONG_NAMES 2
  284. #endif // SECURITY_USER_DATA_DEFINED
  286. //////////////////////////////////////////////////////////////////////////
  287. //
  288. // The following prototypes are to functions that are provided by the SPMgr
  289. // to security packages.
  290. //
  291. //////////////////////////////////////////////////////////////////////////
  293. typedef NTSTATUS
  294. (NTAPI LSA_IMPERSONATE_CLIENT) (
  295. VOID
  296. );
  299. typedef NTSTATUS
  300. (NTAPI LSA_UNLOAD_PACKAGE)(
  301. VOID
  302. );
  304. typedef NTSTATUS
  305. (NTAPI LSA_DUPLICATE_HANDLE)(
  306. IN HANDLE SourceHandle,
  307. OUT PHANDLE DestionationHandle);
  310. typedef NTSTATUS
  311. (NTAPI LSA_SAVE_SUPPLEMENTAL_CREDENTIALS)(
  312. IN PLUID LogonId,
  313. IN ULONG SupplementalCredSize,
  314. IN PVOID SupplementalCreds,
  315. IN BOOLEAN Synchronous
  316. );
  319. typedef HANDLE
  320. (NTAPI LSA_CREATE_THREAD)(
  321. IN SEC_ATTRS SecurityAttributes,
  322. IN ULONG StackSize,
  323. IN SEC_THREAD_START StartFunction,
  324. IN PVOID ThreadParameter,
  325. IN ULONG CreationFlags,
  326. OUT PULONG ThreadId
  327. );
  330. typedef NTSTATUS
  331. (NTAPI LSA_GET_CLIENT_INFO)(
  332. OUT PSECPKG_CLIENT_INFO ClientInfo
  333. );
  336. typedef HANDLE
  337. (NTAPI LSA_REGISTER_NOTIFICATION)(
  338. IN SEC_THREAD_START StartFunction,
  339. IN PVOID Parameter,
  340. IN ULONG NotificationType,
  341. IN ULONG NotificationClass,
  342. IN ULONG NotificationFlags,
  343. IN ULONG IntervalMinutes,
  344. IN OPTIONAL HANDLE WaitEvent
  345. );
  348. typedef NTSTATUS
  349. (NTAPI LSA_CANCEL_NOTIFICATION)(
  350. IN HANDLE NotifyHandle
  351. );
  353. typedef NTSTATUS
  354. (NTAPI LSA_MAP_BUFFER)(
  355. IN PSecBuffer InputBuffer,
  356. OUT PSecBuffer OutputBuffer
  357. );
  359. typedef NTSTATUS
  360. (NTAPI LSA_CREATE_TOKEN) (
  361. IN PLUID LogonId,
  362. IN PTOKEN_SOURCE TokenSource,
  363. IN SECURITY_LOGON_TYPE LogonType,
  364. IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,
  365. IN LSA_TOKEN_INFORMATION_TYPE TokenInformationType,
  366. IN PVOID TokenInformation,
  367. IN PTOKEN_GROUPS TokenGroups,
  368. IN PUNICODE_STRING AccountName,
  369. IN PUNICODE_STRING AuthorityName,
  370. IN PUNICODE_STRING Workstation,
  371. IN PUNICODE_STRING ProfilePath,
  372. OUT PHANDLE Token,
  373. OUT PNTSTATUS SubStatus
  374. );
  376. typedef enum _SECPKG_SESSIONINFO_TYPE {
  377. SecSessionPrimaryCred // SessionInformation is SECPKG_PRIMARY_CRED
  378. } SECPKG_SESSIONINFO_TYPE ;
  380. typedef NTSTATUS
  381. (NTAPI LSA_CREATE_TOKEN_EX) (
  382. IN PLUID LogonId,
  383. IN PTOKEN_SOURCE TokenSource,
  384. IN SECURITY_LOGON_TYPE LogonType,
  385. IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,
  386. IN LSA_TOKEN_INFORMATION_TYPE TokenInformationType,
  387. IN PVOID TokenInformation,
  388. IN PTOKEN_GROUPS TokenGroups,
  389. IN PUNICODE_STRING Workstation,
  390. IN PUNICODE_STRING ProfilePath,
  391. IN PVOID SessionInformation,
  392. IN SECPKG_SESSIONINFO_TYPE SessionInformationType,
  393. OUT PHANDLE Token,
  394. OUT PNTSTATUS SubStatus
  395. );
  397. typedef VOID
  398. (NTAPI LSA_AUDIT_LOGON) (
  399. IN NTSTATUS Status,
  400. IN NTSTATUS SubStatus,
  401. IN PUNICODE_STRING AccountName,
  402. IN PUNICODE_STRING AuthenticatingAuthority,
  403. IN PUNICODE_STRING WorkstationName,
  404. IN OPTIONAL PSID UserSid,
  405. IN SECURITY_LOGON_TYPE LogonType,
  406. IN PTOKEN_SOURCE TokenSource,
  407. IN PLUID LogonId
  408. );
  410. typedef NTSTATUS
  411. (NTAPI LSA_CALL_PACKAGE) (
  412. IN PUNICODE_STRING AuthenticationPackage,
  413. IN PVOID ProtocolSubmitBuffer,
  414. IN ULONG SubmitBufferLength,
  415. OUT PVOID *ProtocolReturnBuffer,
  416. OUT PULONG ReturnBufferLength,
  417. OUT PNTSTATUS ProtocolStatus
  418. );
  420. typedef NTSTATUS
  421. (NTAPI LSA_CALL_PACKAGEEX) (
  422. IN PUNICODE_STRING AuthenticationPackage,
  423. IN PVOID ClientBufferBase,
  424. IN PVOID ProtocolSubmitBuffer,
  425. IN ULONG SubmitBufferLength,
  426. OUT PVOID *ProtocolReturnBuffer,
  427. OUT PULONG ReturnBufferLength,
  428. OUT PNTSTATUS ProtocolStatus
  429. );
  431. typedef NTSTATUS
  432. (NTAPI LSA_CALL_PACKAGE_PASSTHROUGH) (
  433. IN PUNICODE_STRING AuthenticationPackage,
  434. IN PVOID ClientBufferBase,
  435. IN PVOID ProtocolSubmitBuffer,
  436. IN ULONG SubmitBufferLength,
  437. OUT PVOID *ProtocolReturnBuffer,
  438. OUT PULONG ReturnBufferLength,
  439. OUT PNTSTATUS ProtocolStatus
  440. );
  442. typedef BOOLEAN
  443. (NTAPI LSA_GET_CALL_INFO) (
  444. OUT PSECPKG_CALL_INFO Info
  445. );
  447. typedef PVOID
  448. (NTAPI LSA_CREATE_SHARED_MEMORY)(
  449. ULONG MaxSize,
  450. ULONG InitialSize
  451. );
  453. typedef PVOID
  454. (NTAPI LSA_ALLOCATE_SHARED_MEMORY)(
  455. PVOID SharedMem,
  456. ULONG Size
  457. );
  459. typedef VOID
  460. (NTAPI LSA_FREE_SHARED_MEMORY)(
  461. PVOID SharedMem,
  462. PVOID Memory
  463. );
  465. typedef BOOLEAN
  466. (NTAPI LSA_DELETE_SHARED_MEMORY)(
  467. PVOID SharedMem
  468. );
  470. //
  471. // Account Access
  472. //
  474. typedef enum _SECPKG_NAME_TYPE {
  475. SecNameSamCompatible,
  476. SecNameAlternateId,
  477. SecNameFlat,
  478. SecNameDN,
  479. SecNameSPN
  480. } SECPKG_NAME_TYPE ;
  482. typedef NTSTATUS
  483. (NTAPI LSA_OPEN_SAM_USER)(
  484. PSECURITY_STRING Name,
  485. SECPKG_NAME_TYPE NameType,
  486. PSECURITY_STRING Prefix,
  487. BOOLEAN AllowGuest,
  488. ULONG Reserved,
  489. PVOID * UserHandle
  490. );
  492. typedef NTSTATUS
  493. (NTAPI LSA_GET_USER_CREDENTIALS)(
  494. PVOID UserHandle,
  495. PVOID * PrimaryCreds,
  496. PULONG PrimaryCredsSize,
  497. PVOID * SupplementalCreds,
  498. PULONG SupplementalCredsSize
  499. );
  501. typedef NTSTATUS
  502. (NTAPI LSA_GET_USER_AUTH_DATA)(
  503. PVOID UserHandle,
  504. PUCHAR * UserAuthData,
  505. PULONG UserAuthDataSize
  506. );
  508. typedef NTSTATUS
  509. (NTAPI LSA_CLOSE_SAM_USER)(
  510. PVOID UserHandle
  511. );
  513. typedef NTSTATUS
  514. (NTAPI LSA_GET_AUTH_DATA_FOR_USER)(
  515. PSECURITY_STRING Name,
  516. SECPKG_NAME_TYPE NameType,
  517. PSECURITY_STRING Prefix,
  518. PUCHAR * UserAuthData,
  519. PULONG UserAuthDataSize,
  520. PUNICODE_STRING UserFlatName
  521. );
  523. typedef NTSTATUS
  524. (NTAPI LSA_CONVERT_AUTH_DATA_TO_TOKEN)(
  525. IN PVOID UserAuthData,
  526. IN ULONG UserAuthDataSize,
  527. IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,
  528. IN PTOKEN_SOURCE TokenSource,
  529. IN SECURITY_LOGON_TYPE LogonType,
  530. IN PUNICODE_STRING AuthorityName,
  531. OUT PHANDLE Token,
  532. OUT PLUID LogonId,
  533. OUT PUNICODE_STRING AccountName,
  534. OUT PNTSTATUS SubStatus
  535. );
  537. typedef NTSTATUS
  538. (NTAPI LSA_CRACK_SINGLE_NAME)(
  539. IN ULONG FormatOffered,
  540. IN BOOLEAN PerformAtGC,
  541. IN PUNICODE_STRING NameInput,
  542. IN PUNICODE_STRING Prefix OPTIONAL,
  543. IN ULONG RequestedFormat,
  544. OUT PUNICODE_STRING CrackedName,
  545. OUT PUNICODE_STRING DnsDomainName,
  546. OUT PULONG SubStatus
  547. );
  549. typedef NTSTATUS
  550. (NTAPI LSA_AUDIT_ACCOUNT_LOGON)(
  551. IN ULONG AuditId,
  552. IN BOOLEAN Success,
  553. IN PUNICODE_STRING Source,
  554. IN PUNICODE_STRING ClientName,
  555. IN PUNICODE_STRING MappedName,
  556. IN NTSTATUS Status
  557. );
  560. typedef NTSTATUS
  561. (NTAPI LSA_CLIENT_CALLBACK)(
  562. PCHAR Callback,
  563. ULONG_PTR Argument1,
  564. ULONG_PTR Argument2,
  565. PSecBuffer Input,
  566. PSecBuffer Output
  567. );
  569. typedef
  570. NTSTATUS
  571. (NTAPI LSA_REGISTER_CALLBACK)(
  572. ULONG CallbackId,
  573. PLSA_CALLBACK_FUNCTION Callback
  574. );
  576. #define NOTIFIER_FLAG_NEW_THREAD 0x00000001
  577. #define NOTIFIER_FLAG_ONE_SHOT 0x00000002
  578. #define NOTIFIER_FLAG_SECONDS 0x80000000
  580. #define NOTIFIER_TYPE_INTERVAL 1
  581. #define NOTIFIER_TYPE_HANDLE_WAIT 2
  582. #define NOTIFIER_TYPE_STATE_CHANGE 3
  583. #define NOTIFIER_TYPE_NOTIFY_EVENT 4
  584. #define NOTIFIER_TYPE_IMMEDIATE 16
  586. #define NOTIFY_CLASS_PACKAGE_CHANGE 1
  587. #define NOTIFY_CLASS_ROLE_CHANGE 2
  588. #define NOTIFY_CLASS_DOMAIN_CHANGE 3
  589. #define NOTIFY_CLASS_REGISTRY_CHANGE 4
  591. typedef struct _SECPKG_EVENT_PACKAGE_CHANGE {
  592. ULONG ChangeType;
  593. LSA_SEC_HANDLE PackageId;
  594. SECURITY_STRING PackageName;
  595. } SECPKG_EVENT_PACKAGE_CHANGE, * PSECPKG_EVENT_PACKAGE_CHANGE ;
  597. #define SECPKG_PACKAGE_CHANGE_LOAD 0
  598. #define SECPKG_PACKAGE_CHANGE_UNLOAD 1
  599. #define SECPKG_PACKAGE_CHANGE_SELECT 2
  601. typedef struct _SECPKG_EVENT_ROLE_CHANGE {
  602. ULONG PreviousRole ;
  603. ULONG NewRole ;
  604. } SECPKG_EVENT_ROLE_CHANGE, * PSECPKG_EVENT_ROLE_CHANGE ;
  606. typedef struct _SECPKG_PARAMETERS SECPKG_EVENT_DOMAIN_CHANGE ;
  607. typedef struct _SECPKG_PARAMETERS * PSECPKG_EVENT_DOMAIN_CHANGE ;
  610. typedef struct _SECPKG_EVENT_NOTIFY {
  611. ULONG EventClass;
  612. ULONG Reserved;
  613. ULONG EventDataSize;
  614. PVOID EventData;
  615. PVOID PackageParameter;
  616. } SECPKG_EVENT_NOTIFY, *PSECPKG_EVENT_NOTIFY ;
  619. typedef
  620. NTSTATUS
  621. (NTAPI LSA_UPDATE_PRIMARY_CREDENTIALS)(
  622. IN PSECPKG_PRIMARY_CRED PrimaryCredentials,
  623. IN OPTIONAL PSECPKG_SUPPLEMENTAL_CRED_ARRAY Credentials
  624. );
  626. typedef
  627. VOID
  628. (NTAPI LSA_PROTECT_MEMORY)(
  629. IN PVOID Buffer,
  630. IN ULONG BufferSize
  631. );
  633. typedef
  634. NTSTATUS
  635. (NTAPI LSA_OPEN_TOKEN_BY_LOGON_ID)(
  636. IN PLUID LogonId,
  637. OUT HANDLE *RetTokenHandle
  638. );
  640. typedef
  641. NTSTATUS
  642. (NTAPI LSA_EXPAND_AUTH_DATA_FOR_DOMAIN)(
  643. IN PUCHAR UserAuthData,
  644. IN ULONG UserAuthDataSize,
  645. IN PVOID Reserved,
  646. OUT PUCHAR * ExpandedAuthData,
  647. OUT PULONG ExpandedAuthDataSize
  648. );
  650. typedef LSA_IMPERSONATE_CLIENT * PLSA_IMPERSONATE_CLIENT;
  651. typedef LSA_UNLOAD_PACKAGE * PLSA_UNLOAD_PACKAGE;
  652. typedef LSA_DUPLICATE_HANDLE * PLSA_DUPLICATE_HANDLE ;
  653. typedef LSA_SAVE_SUPPLEMENTAL_CREDENTIALS * PLSA_SAVE_SUPPLEMENTAL_CREDENTIALS;
  654. typedef LSA_CREATE_THREAD * PLSA_CREATE_THREAD;
  655. typedef LSA_GET_CLIENT_INFO * PLSA_GET_CLIENT_INFO;
  656. typedef LSA_REGISTER_NOTIFICATION * PLSA_REGISTER_NOTIFICATION;
  657. typedef LSA_CANCEL_NOTIFICATION * PLSA_CANCEL_NOTIFICATION;
  658. typedef LSA_MAP_BUFFER * PLSA_MAP_BUFFER;
  659. typedef LSA_CREATE_TOKEN * PLSA_CREATE_TOKEN;
  660. typedef LSA_AUDIT_LOGON * PLSA_AUDIT_LOGON;
  661. typedef LSA_CALL_PACKAGE * PLSA_CALL_PACKAGE;
  662. typedef LSA_CALL_PACKAGEEX * PLSA_CALL_PACKAGEEX;
  663. typedef LSA_GET_CALL_INFO * PLSA_GET_CALL_INFO ;
  664. typedef LSA_CREATE_SHARED_MEMORY * PLSA_CREATE_SHARED_MEMORY ;
  665. typedef LSA_ALLOCATE_SHARED_MEMORY * PLSA_ALLOCATE_SHARED_MEMORY ;
  666. typedef LSA_FREE_SHARED_MEMORY * PLSA_FREE_SHARED_MEMORY ;
  667. typedef LSA_DELETE_SHARED_MEMORY * PLSA_DELETE_SHARED_MEMORY ;
  668. typedef LSA_OPEN_SAM_USER * PLSA_OPEN_SAM_USER ;
  669. typedef LSA_GET_USER_CREDENTIALS * PLSA_GET_USER_CREDENTIALS ;
  670. typedef LSA_GET_USER_AUTH_DATA * PLSA_GET_USER_AUTH_DATA ;
  671. typedef LSA_CLOSE_SAM_USER * PLSA_CLOSE_SAM_USER ;
  672. typedef LSA_CONVERT_AUTH_DATA_TO_TOKEN * PLSA_CONVERT_AUTH_DATA_TO_TOKEN ;
  673. typedef LSA_CLIENT_CALLBACK * PLSA_CLIENT_CALLBACK ;
  674. typedef LSA_REGISTER_CALLBACK * PLSA_REGISTER_CALLBACK ;
  675. typedef LSA_UPDATE_PRIMARY_CREDENTIALS * PLSA_UPDATE_PRIMARY_CREDENTIALS;
  676. typedef LSA_GET_AUTH_DATA_FOR_USER * PLSA_GET_AUTH_DATA_FOR_USER ;
  677. typedef LSA_CRACK_SINGLE_NAME * PLSA_CRACK_SINGLE_NAME ;
  678. typedef LSA_AUDIT_ACCOUNT_LOGON * PLSA_AUDIT_ACCOUNT_LOGON ;
  679. typedef LSA_CALL_PACKAGE_PASSTHROUGH * PLSA_CALL_PACKAGE_PASSTHROUGH;
  680. typedef LSA_PROTECT_MEMORY * PLSA_PROTECT_MEMORY;
  681. typedef LSA_OPEN_TOKEN_BY_LOGON_ID * PLSA_OPEN_TOKEN_BY_LOGON_ID;
  682. typedef LSA_EXPAND_AUTH_DATA_FOR_DOMAIN * PLSA_EXPAND_AUTH_DATA_FOR_DOMAIN;
  683. typedef LSA_CREATE_TOKEN_EX * PLSA_CREATE_TOKEN_EX;
  685. #ifdef _WINCRED_H_
  687. //
  688. // When passing a credential around, the CredentialBlob field is encrypted.
  689. // This structure describes this encrypted form.
  690. //
  691. //
  692. #ifndef _ENCRYPTED_CREDENTIAL_DEFINED
  693. #define _ENCRYPTED_CREDENTIAL_DEFINED
  695. typedef struct _ENCRYPTED_CREDENTIALW {
  697. //
  698. // The credential
  699. //
  700. // The CredentialBlob field points to the encrypted credential
  701. // The CredentialBlobSize field is the length (in bytes) of the encrypted credential
  702. //
  704. CREDENTIALW Cred;
  706. //
  707. // The size in bytes of the clear text credential blob
  708. //
  710. ULONG ClearCredentialBlobSize;
  711. } ENCRYPTED_CREDENTIALW, *PENCRYPTED_CREDENTIALW;
  712. #endif // _ENCRYPTED_CREDENTIAL_DEFINED
  714. //
  715. // Values for CredFlags parameter
  716. //
  718. #define CREDP_FLAGS_IN_PROCESS 0x01 // Caller is in-process. Password data may be returned
  719. #define CREDP_FLAGS_USE_MIDL_HEAP 0x02 // Allocated buffer should use MIDL_user_allocte
  720. #define CREDP_FLAGS_DONT_CACHE_TI 0x04 // TargetInformation shouldn't be cached for CredGetTargetInfo
  721. #define CREDP_FLAGS_CLEAR_PASSWORD 0x08 // Credential blob is passed in in-the-clear
  722. #define CREDP_FLAGS_USER_ENCRYPTED_PASSWORD 0x10 // Credential blob is passed protected by RtlEncryptMemory
  724. typedef NTSTATUS
  725. (NTAPI CredReadFn) (
  726. IN PLUID LogonId,
  727. IN ULONG CredFlags,
  728. IN LPWSTR TargetName,
  729. IN ULONG Type,
  730. IN ULONG Flags,
  731. OUT PENCRYPTED_CREDENTIALW *Credential
  732. );
  734. typedef NTSTATUS
  735. (NTAPI CredReadDomainCredentialsFn) (
  736. IN PLUID LogonId,
  737. IN ULONG CredFlags,
  738. IN PCREDENTIAL_TARGET_INFORMATIONW TargetInfo,
  739. IN ULONG Flags,
  740. OUT PULONG Count,
  741. OUT PENCRYPTED_CREDENTIALW **Credential
  742. );
  744. typedef VOID
  745. (NTAPI CredFreeCredentialsFn) (
  746. IN ULONG Count,
  747. IN PENCRYPTED_CREDENTIALW *Credentials OPTIONAL
  748. );
  750. typedef NTSTATUS
  751. (NTAPI CredWriteFn) (
  752. IN PLUID LogonId,
  753. IN ULONG CredFlags,
  754. IN PENCRYPTED_CREDENTIALW Credential,
  755. IN ULONG Flags
  756. );
  758. NTSTATUS
  759. CredMarshalTargetInfo (
  760. IN PCREDENTIAL_TARGET_INFORMATIONW InTargetInfo,
  761. OUT PUSHORT *Buffer,
  762. OUT PULONG BufferSize
  763. );
  765. NTSTATUS
  766. CredUnmarshalTargetInfo (
  767. IN PUSHORT Buffer,
  768. IN ULONG BufferSize,
  769. OUT PCREDENTIAL_TARGET_INFORMATIONW *RetTargetInfo OPTIONAL,
  770. OUT PULONG RetActualSize OPTIONAL
  771. );
  773. // Number of bytes consumed by the trailing size ULONG
  774. #define CRED_MARSHALED_TI_SIZE_SIZE 12
  776. #endif // _WINCRED_H_
  779. //
  780. // Pure 32-bit versions of credential structures for packages
  781. // running wow64:
  782. //
  784. typedef struct _SEC_WINNT_AUTH_IDENTITY32 {
  785. ULONG User ;
  786. ULONG UserLength ;
  787. ULONG Domain ;
  788. ULONG DomainLength ;
  789. ULONG Password ;
  790. ULONG PasswordLength ;
  791. ULONG Flags ;
  792. } SEC_WINNT_AUTH_IDENTITY32, * PSEC_WINNT_AUTH_IDENTITY32 ;
  794. typedef struct _SEC_WINNT_AUTH_IDENTITY_EX32 {
  795. ULONG Version ;
  796. ULONG Length ;
  797. ULONG User ;
  798. ULONG UserLength ;
  799. ULONG Domain ;
  800. ULONG DomainLength ;
  801. ULONG Password ;
  802. ULONG PasswordLength ;
  803. ULONG Flags ;
  804. ULONG PackageList ;
  805. ULONG PackageListLength ;
  806. } SEC_WINNT_AUTH_IDENTITY_EX32, * PSEC_WINNT_AUTH_IDENTITY_EX32 ;
  808. // Functions provided by the SPM to the packages:
  809. typedef struct _LSA_SECPKG_FUNCTION_TABLE {
  810. PLSA_CREATE_LOGON_SESSION CreateLogonSession;
  811. PLSA_DELETE_LOGON_SESSION DeleteLogonSession;
  812. PLSA_ADD_CREDENTIAL AddCredential;
  813. PLSA_GET_CREDENTIALS GetCredentials;
  814. PLSA_DELETE_CREDENTIAL DeleteCredential;
  815. PLSA_ALLOCATE_LSA_HEAP AllocateLsaHeap;
  816. PLSA_FREE_LSA_HEAP FreeLsaHeap;
  817. PLSA_ALLOCATE_CLIENT_BUFFER AllocateClientBuffer;
  818. PLSA_FREE_CLIENT_BUFFER FreeClientBuffer;
  819. PLSA_COPY_TO_CLIENT_BUFFER CopyToClientBuffer;
  820. PLSA_COPY_FROM_CLIENT_BUFFER CopyFromClientBuffer;
  821. PLSA_IMPERSONATE_CLIENT ImpersonateClient;
  822. PLSA_UNLOAD_PACKAGE UnloadPackage;
  823. PLSA_DUPLICATE_HANDLE DuplicateHandle;
  824. PLSA_SAVE_SUPPLEMENTAL_CREDENTIALS SaveSupplementalCredentials;
  825. PLSA_CREATE_THREAD CreateThread;
  826. PLSA_GET_CLIENT_INFO GetClientInfo;
  827. PLSA_REGISTER_NOTIFICATION RegisterNotification;
  828. PLSA_CANCEL_NOTIFICATION CancelNotification;
  829. PLSA_MAP_BUFFER MapBuffer;
  830. PLSA_CREATE_TOKEN CreateToken;
  831. PLSA_AUDIT_LOGON AuditLogon;
  832. PLSA_CALL_PACKAGE CallPackage;
  833. PLSA_FREE_LSA_HEAP FreeReturnBuffer;
  834. PLSA_GET_CALL_INFO GetCallInfo;
  835. PLSA_CALL_PACKAGEEX CallPackageEx;
  836. PLSA_CREATE_SHARED_MEMORY CreateSharedMemory;
  837. PLSA_ALLOCATE_SHARED_MEMORY AllocateSharedMemory;
  838. PLSA_FREE_SHARED_MEMORY FreeSharedMemory;
  839. PLSA_DELETE_SHARED_MEMORY DeleteSharedMemory;
  840. PLSA_OPEN_SAM_USER OpenSamUser ;
  841. PLSA_GET_USER_CREDENTIALS GetUserCredentials ;
  842. PLSA_GET_USER_AUTH_DATA GetUserAuthData ;
  843. PLSA_CLOSE_SAM_USER CloseSamUser ;
  844. PLSA_CONVERT_AUTH_DATA_TO_TOKEN ConvertAuthDataToToken ;
  845. PLSA_CLIENT_CALLBACK ClientCallback ;
  846. PLSA_UPDATE_PRIMARY_CREDENTIALS UpdateCredentials ;
  847. PLSA_GET_AUTH_DATA_FOR_USER GetAuthDataForUser ;
  848. PLSA_CRACK_SINGLE_NAME CrackSingleName ;
  849. PLSA_AUDIT_ACCOUNT_LOGON AuditAccountLogon ;
  850. PLSA_CALL_PACKAGE_PASSTHROUGH CallPackagePassthrough ;
  851. #ifdef _WINCRED_H_
  852. CredReadFn *CrediRead;
  853. CredReadDomainCredentialsFn *CrediReadDomainCredentials;
  854. CredFreeCredentialsFn *CrediFreeCredentials;
  855. #else // _WINCRED_H_
  856. PLSA_PROTECT_MEMORY DummyFunction1;
  857. PLSA_PROTECT_MEMORY DummyFunction2;
  858. PLSA_PROTECT_MEMORY DummyFunction3;
  859. #endif // _WINCRED_H_
  860. PLSA_PROTECT_MEMORY LsaProtectMemory;
  861. PLSA_PROTECT_MEMORY LsaUnprotectMemory;
  862. PLSA_OPEN_TOKEN_BY_LOGON_ID OpenTokenByLogonId;
  863. PLSA_EXPAND_AUTH_DATA_FOR_DOMAIN ExpandAuthDataForDomain;
  864. PLSA_ALLOCATE_PRIVATE_HEAP AllocatePrivateHeap;
  865. PLSA_FREE_PRIVATE_HEAP FreePrivateHeap;
  866. PLSA_CREATE_TOKEN_EX CreateTokenEx;
  867. #ifdef _WINCRED_H_
  868. CredWriteFn *CrediWrite;
  869. #else // _WINCRED_H_
  870. PLSA_PROTECT_MEMORY DummyFunction4;
  871. #endif // _WINCRED_H_
  872. } LSA_SECPKG_FUNCTION_TABLE, *PLSA_SECPKG_FUNCTION_TABLE;
  874. typedef struct _SECPKG_DLL_FUNCTIONS {
  875. PLSA_ALLOCATE_LSA_HEAP AllocateHeap;
  876. PLSA_FREE_LSA_HEAP FreeHeap;
  877. PLSA_REGISTER_CALLBACK RegisterCallback ;
  878. } SECPKG_DLL_FUNCTIONS, * PSECPKG_DLL_FUNCTIONS;
  883. //
  884. // The following prototypes are to functions that will be called only while
  885. // in the Security Package Manager context.
  886. //
  888. typedef NTSTATUS
  889. (NTAPI SpInitializeFn)(
  890. IN ULONG_PTR PackageId,
  891. IN PSECPKG_PARAMETERS Parameters,
  892. IN PLSA_SECPKG_FUNCTION_TABLE FunctionTable
  893. );
  895. typedef NTSTATUS
  896. (NTAPI SpShutdownFn)(
  897. VOID
  898. );
  900. typedef NTSTATUS
  901. (NTAPI SpGetInfoFn)(
  902. OUT PSecPkgInfo PackageInfo
  903. );
  905. typedef NTSTATUS
  906. (NTAPI SpGetExtendedInformationFn)(
  907. IN SECPKG_EXTENDED_INFORMATION_CLASS Class,
  908. OUT PSECPKG_EXTENDED_INFORMATION * ppInformation
  909. );
  911. typedef NTSTATUS
  912. (NTAPI SpSetExtendedInformationFn)(
  913. IN SECPKG_EXTENDED_INFORMATION_CLASS Class,
  914. IN PSECPKG_EXTENDED_INFORMATION Info
  915. );
  917. typedef NTSTATUS
  918. (LSA_AP_LOGON_USER_EX2) (
  919. IN PLSA_CLIENT_REQUEST ClientRequest,
  920. IN SECURITY_LOGON_TYPE LogonType,
  921. IN PVOID AuthenticationInformation,
  922. IN PVOID ClientAuthenticationBase,
  923. IN ULONG AuthenticationInformationLength,
  924. OUT PVOID *ProfileBuffer,
  925. OUT PULONG ProfileBufferLength,
  926. OUT PLUID LogonId,
  927. OUT PNTSTATUS SubStatus,
  928. OUT PLSA_TOKEN_INFORMATION_TYPE TokenInformationType,
  929. OUT PVOID *TokenInformation,
  930. OUT PUNICODE_STRING *AccountName,
  931. OUT PUNICODE_STRING *AuthenticatingAuthority,
  932. OUT PUNICODE_STRING *MachineName,
  933. OUT PSECPKG_PRIMARY_CRED PrimaryCredentials,
  934. OUT PSECPKG_SUPPLEMENTAL_CRED_ARRAY * CachedCredentials
  935. );
  937. typedef LSA_AP_LOGON_USER_EX2 *PLSA_AP_LOGON_USER_EX2;
  938. #define LSA_AP_NAME_LOGON_USER_EX2 "LsaApLogonUserEx2\0"
  940. typedef NTSTATUS
  941. (NTAPI SpAcceptCredentialsFn)(
  942. IN SECURITY_LOGON_TYPE LogonType,
  943. IN PUNICODE_STRING AccountName,
  944. IN PSECPKG_PRIMARY_CRED PrimaryCredentials,
  945. IN PSECPKG_SUPPLEMENTAL_CRED SupplementalCredentials
  946. );
  947. #define SP_ACCEPT_CREDENTIALS_NAME "SpAcceptCredentials\0"
  949. typedef NTSTATUS
  950. (NTAPI SpAcquireCredentialsHandleFn)(
  951. IN OPTIONAL PUNICODE_STRING PrincipalName,
  952. IN ULONG CredentialUseFlags,
  953. IN OPTIONAL PLUID LogonId,
  954. IN PVOID AuthorizationData,
  955. IN PVOID GetKeyFunciton,
  956. IN PVOID GetKeyArgument,
  957. OUT PLSA_SEC_HANDLE CredentialHandle,
  958. OUT PTimeStamp ExpirationTime
  959. );
  961. typedef NTSTATUS
  962. (NTAPI SpFreeCredentialsHandleFn)(
  963. IN LSA_SEC_HANDLE CredentialHandle
  964. );
  966. typedef NTSTATUS
  967. (NTAPI SpQueryCredentialsAttributesFn)(
  968. IN LSA_SEC_HANDLE CredentialHandle,
  969. IN ULONG CredentialAttribute,
  970. IN OUT PVOID Buffer
  971. );
  973. typedef NTSTATUS
  974. (NTAPI SpAddCredentialsFn)(
  975. IN LSA_SEC_HANDLE CredentialHandle,
  976. IN OPTIONAL PUNICODE_STRING PrincipalName,
  977. IN PUNICODE_STRING Package,
  978. IN ULONG CredentialUseFlags,
  979. IN PVOID AuthorizationData,
  980. IN PVOID GetKeyFunciton,
  981. IN PVOID GetKeyArgument,
  982. OUT PTimeStamp ExpirationTime
  983. );
  985. typedef NTSTATUS
  986. (NTAPI SpSaveCredentialsFn)(
  987. IN LSA_SEC_HANDLE CredentialHandle,
  988. IN PSecBuffer Credentials);
  990. typedef NTSTATUS
  991. (NTAPI SpGetCredentialsFn)(
  992. IN LSA_SEC_HANDLE CredentialHandle,
  993. IN OUT PSecBuffer Credentials
  994. );
  996. typedef NTSTATUS
  997. (NTAPI SpDeleteCredentialsFn)(
  998. IN LSA_SEC_HANDLE CredentialHandle,
  999. IN PSecBuffer Key
  1000. );
  1002. typedef NTSTATUS
  1003. (NTAPI SpInitLsaModeContextFn)(
  1004. IN OPTIONAL LSA_SEC_HANDLE CredentialHandle,
  1005. IN OPTIONAL LSA_SEC_HANDLE ContextHandle,
  1006. IN OPTIONAL PUNICODE_STRING TargetName,
  1007. IN ULONG ContextRequirements,
  1008. IN ULONG TargetDataRep,
  1009. IN PSecBufferDesc InputBuffers,
  1010. OUT PLSA_SEC_HANDLE NewContextHandle,
  1011. IN OUT PSecBufferDesc OutputBuffers,
  1012. OUT PULONG ContextAttributes,
  1013. OUT PTimeStamp ExpirationTime,
  1014. OUT PBOOLEAN MappedContext,
  1015. OUT PSecBuffer ContextData
  1016. );
  1021. typedef NTSTATUS
  1022. (NTAPI SpDeleteContextFn)(
  1023. IN LSA_SEC_HANDLE ContextHandle
  1024. );
  1026. typedef NTSTATUS
  1027. (NTAPI SpApplyControlTokenFn)(
  1028. IN LSA_SEC_HANDLE ContextHandle,
  1029. IN PSecBufferDesc ControlToken);
  1032. typedef NTSTATUS
  1033. (NTAPI SpAcceptLsaModeContextFn)(
  1034. IN OPTIONAL LSA_SEC_HANDLE CredentialHandle,
  1035. IN OPTIONAL LSA_SEC_HANDLE ContextHandle,
  1036. IN PSecBufferDesc InputBuffer,
  1037. IN ULONG ContextRequirements,
  1038. IN ULONG TargetDataRep,
  1039. OUT PLSA_SEC_HANDLE NewContextHandle,
  1040. OUT PSecBufferDesc OutputBuffer,
  1041. OUT PULONG ContextAttributes,
  1042. OUT PTimeStamp ExpirationTime,
  1043. OUT PBOOLEAN MappedContext,
  1044. OUT PSecBuffer ContextData
  1045. );
  1050. typedef NTSTATUS
  1051. (NTAPI SpGetUserInfoFn)(
  1052. IN PLUID LogonId,
  1053. IN ULONG Flags,
  1054. OUT PSecurityUserData * UserData
  1055. );
  1057. typedef NTSTATUS
  1058. (NTAPI SpQueryContextAttributesFn)(
  1059. IN LSA_SEC_HANDLE ContextHandle,
  1060. IN ULONG ContextAttribute,
  1061. IN OUT PVOID Buffer);
  1063. typedef NTSTATUS
  1064. (NTAPI SpSetContextAttributesFn)(
  1065. IN LSA_SEC_HANDLE ContextHandle,
  1066. IN ULONG ContextAttribute,
  1067. IN PVOID Buffer,
  1068. IN ULONG BufferSize );
  1072. typedef struct _SECPKG_FUNCTION_TABLE {
  1073. PLSA_AP_INITIALIZE_PACKAGE InitializePackage;
  1074. PLSA_AP_LOGON_USER LogonUser;
  1075. PLSA_AP_CALL_PACKAGE CallPackage;
  1076. PLSA_AP_LOGON_TERMINATED LogonTerminated;
  1077. PLSA_AP_CALL_PACKAGE_UNTRUSTED CallPackageUntrusted;
  1078. PLSA_AP_CALL_PACKAGE_PASSTHROUGH CallPackagePassthrough;
  1079. PLSA_AP_LOGON_USER_EX LogonUserEx;
  1080. PLSA_AP_LOGON_USER_EX2 LogonUserEx2;
  1081. SpInitializeFn * Initialize;
  1082. SpShutdownFn * Shutdown;
  1083. SpGetInfoFn * GetInfo;
  1084. SpAcceptCredentialsFn * AcceptCredentials;
  1085. SpAcquireCredentialsHandleFn * AcquireCredentialsHandle;
  1086. SpQueryCredentialsAttributesFn * QueryCredentialsAttributes;
  1087. SpFreeCredentialsHandleFn * FreeCredentialsHandle;
  1088. SpSaveCredentialsFn * SaveCredentials;
  1089. SpGetCredentialsFn * GetCredentials;
  1090. SpDeleteCredentialsFn * DeleteCredentials;
  1091. SpInitLsaModeContextFn * InitLsaModeContext;
  1092. SpAcceptLsaModeContextFn * AcceptLsaModeContext;
  1093. SpDeleteContextFn * DeleteContext;
  1094. SpApplyControlTokenFn * ApplyControlToken;
  1095. SpGetUserInfoFn * GetUserInfo;
  1096. SpGetExtendedInformationFn * GetExtendedInformation ;
  1097. SpQueryContextAttributesFn * QueryContextAttributes ;
  1098. SpAddCredentialsFn * AddCredentials ;
  1099. SpSetExtendedInformationFn * SetExtendedInformation ;
  1100. SpSetContextAttributesFn * SetContextAttributes ;
  1101. } SECPKG_FUNCTION_TABLE, *PSECPKG_FUNCTION_TABLE;
  1103. //
  1104. // The following prototypes are to functions that will be called while in the
  1105. // context of a user process that is using the functions through the security
  1106. // DLL.
  1107. //
  1109. typedef NTSTATUS
  1110. (NTAPI SpInstanceInitFn)(
  1111. IN ULONG Version,
  1112. IN PSECPKG_DLL_FUNCTIONS FunctionTable,
  1113. OUT PVOID * UserFunctions
  1114. );
  1117. typedef NTSTATUS
  1118. (NTAPI SpInitUserModeContextFn)(
  1119. IN LSA_SEC_HANDLE ContextHandle,
  1120. IN PSecBuffer PackedContext
  1121. );
  1123. typedef NTSTATUS
  1124. (NTAPI SpMakeSignatureFn)(
  1125. IN LSA_SEC_HANDLE ContextHandle,
  1126. IN ULONG QualityOfProtection,
  1127. IN PSecBufferDesc MessageBuffers,
  1128. IN ULONG MessageSequenceNumber
  1129. );
  1131. typedef NTSTATUS
  1132. (NTAPI SpVerifySignatureFn)(
  1133. IN LSA_SEC_HANDLE ContextHandle,
  1134. IN PSecBufferDesc MessageBuffers,
  1135. IN ULONG MessageSequenceNumber,
  1136. OUT PULONG QualityOfProtection
  1137. );
  1139. typedef NTSTATUS
  1140. (NTAPI SpSealMessageFn)(
  1141. IN LSA_SEC_HANDLE ContextHandle,
  1142. IN ULONG QualityOfProtection,
  1143. IN PSecBufferDesc MessageBuffers,
  1144. IN ULONG MessageSequenceNumber
  1145. );
  1147. typedef NTSTATUS
  1148. (NTAPI SpUnsealMessageFn)(
  1149. IN LSA_SEC_HANDLE ContextHandle,
  1150. IN PSecBufferDesc MessageBuffers,
  1151. IN ULONG MessageSequenceNumber,
  1152. OUT PULONG QualityOfProtection
  1153. );
  1156. typedef NTSTATUS
  1157. (NTAPI SpGetContextTokenFn)(
  1158. IN LSA_SEC_HANDLE ContextHandle,
  1159. OUT PHANDLE ImpersonationToken
  1160. );
  1163. typedef NTSTATUS
  1164. (NTAPI SpExportSecurityContextFn)(
  1165. LSA_SEC_HANDLE phContext, // (in) context to export
  1166. ULONG fFlags, // (in) option flags
  1167. PSecBuffer pPackedContext, // (out) marshalled context
  1168. PHANDLE pToken // (out, optional) token handle for impersonation
  1169. );
  1171. typedef NTSTATUS
  1172. (NTAPI SpImportSecurityContextFn)(
  1173. PSecBuffer pPackedContext, // (in) marshalled context
  1174. HANDLE Token, // (in, optional) handle to token for context
  1175. PLSA_SEC_HANDLE phContext // (out) new context handle
  1176. );
  1179. typedef NTSTATUS
  1180. (NTAPI SpCompleteAuthTokenFn)(
  1181. IN LSA_SEC_HANDLE ContextHandle,
  1182. IN PSecBufferDesc InputBuffer
  1183. );
  1186. typedef NTSTATUS
  1187. (NTAPI SpFormatCredentialsFn)(
  1188. IN PSecBuffer Credentials,
  1189. OUT PSecBuffer FormattedCredentials
  1190. );
  1192. typedef NTSTATUS
  1193. (NTAPI SpMarshallSupplementalCredsFn)(
  1194. IN ULONG CredentialSize,
  1195. IN PUCHAR Credentials,
  1196. OUT PULONG MarshalledCredSize,
  1197. OUT PVOID * MarshalledCreds);
  1200. typedef struct _SECPKG_USER_FUNCTION_TABLE {
  1201. SpInstanceInitFn * InstanceInit;
  1202. SpInitUserModeContextFn * InitUserModeContext;
  1203. SpMakeSignatureFn * MakeSignature;
  1204. SpVerifySignatureFn * VerifySignature;
  1205. SpSealMessageFn * SealMessage;
  1206. SpUnsealMessageFn * UnsealMessage;
  1207. SpGetContextTokenFn * GetContextToken;
  1208. SpQueryContextAttributesFn * QueryContextAttributes;
  1209. SpCompleteAuthTokenFn * CompleteAuthToken;
  1210. SpDeleteContextFn * DeleteUserModeContext;
  1211. SpFormatCredentialsFn * FormatCredentials;
  1212. SpMarshallSupplementalCredsFn * MarshallSupplementalCreds;
  1213. SpExportSecurityContextFn * ExportContext;
  1214. SpImportSecurityContextFn * ImportContext;
  1215. } SECPKG_USER_FUNCTION_TABLE, *PSECPKG_USER_FUNCTION_TABLE;
  1217. typedef NTSTATUS
  1218. (SEC_ENTRY * SpLsaModeInitializeFn)(
  1219. IN ULONG LsaVersion,
  1220. OUT PULONG PackageVersion,
  1221. OUT PSECPKG_FUNCTION_TABLE * ppTables,
  1222. OUT PULONG pcTables);
  1224. typedef NTSTATUS
  1225. (SEC_ENTRY * SpUserModeInitializeFn)(
  1226. IN ULONG LsaVersion,
  1227. OUT PULONG PackageVersion,
  1228. OUT PSECPKG_USER_FUNCTION_TABLE *ppTables,
  1229. OUT PULONG pcTables
  1230. );
  1234. #define SECPKG_LSAMODEINIT_NAME "SpLsaModeInitialize"
  1235. #define SECPKG_USERMODEINIT_NAME "SpUserModeInitialize"
  1237. //
  1238. // Version of the security package interface.
  1239. //
  1240. // These define are used for all of the following:
  1241. // * Passed by the LSA to SpLsaModeInitializeFn to indicate the version of the LSA.
  1242. // All packages currently expect the LSA to pass SECPKG_INTERFACE_VERSION.
  1243. // * Passed by secur32.dll to SpUserModeInitialzeFn to indicate the version of the secur32 DLL.
  1244. // All packages currently expect secur32 to pass SECPKG_INTERFACE_VERSION.
  1245. // * Returned from SpLsaModeInitializeFn to indicate the version of SECPKG_FUNCTION_TABLE.
  1246. // SECPKG_INTERFACE_VERSION indicates all fields through SetExtendedInformation are defined (potentially to NULL)
  1247. // SECPKG_INTERFACE_VERSION_2 indicates all fields through SetContextAttributes are defined (potentially to NULL)
  1248. // * Returned from SpUserModeInitializeFn to indicate the version of the auth package.
  1249. // All packages currently return SECPKG_INTERFACE_VERSION
  1250. //
  1252. #define SECPKG_INTERFACE_VERSION 0x00010000
  1253. #define SECPKG_INTERFACE_VERSION_2 0x00020000
  1257. typedef enum _KSEC_CONTEXT_TYPE {
  1258. KSecPaged,
  1259. KSecNonPaged
  1260. } KSEC_CONTEXT_TYPE ;
  1262. typedef struct _KSEC_LIST_ENTRY {
  1263. LIST_ENTRY List ;
  1264. LONG RefCount ;
  1265. ULONG Signature ;
  1266. PVOID OwningList ;
  1267. PVOID Reserved ;
  1268. } KSEC_LIST_ENTRY, * PKSEC_LIST_ENTRY ;
  1270. #define KsecInitializeListEntry( Entry, SigValue ) \
  1271. ((PKSEC_LIST_ENTRY) Entry)->List.Flink = ((PKSEC_LIST_ENTRY) Entry)->List.Blink = NULL ; \
  1272. ((PKSEC_LIST_ENTRY) Entry)->RefCount = 1 ; \
  1273. ((PKSEC_LIST_ENTRY) Entry)->Signature = SigValue ; \
  1274. ((PKSEC_LIST_ENTRY) Entry)->OwningList = NULL ; \
  1275. ((PKSEC_LIST_ENTRY) Entry)->Reserved = NULL ;
  1279. typedef PVOID
  1280. (SEC_ENTRY KSEC_CREATE_CONTEXT_LIST)(
  1281. IN KSEC_CONTEXT_TYPE Type
  1282. );
  1284. typedef VOID
  1285. (SEC_ENTRY KSEC_INSERT_LIST_ENTRY)(
  1286. IN PVOID List,
  1287. IN PKSEC_LIST_ENTRY Entry
  1288. );
  1290. typedef NTSTATUS
  1291. (SEC_ENTRY KSEC_REFERENCE_LIST_ENTRY)(
  1292. IN PKSEC_LIST_ENTRY Entry,
  1293. IN ULONG Signature,
  1294. IN BOOLEAN RemoveNoRef
  1295. );
  1297. typedef VOID
  1298. (SEC_ENTRY KSEC_DEREFERENCE_LIST_ENTRY)(
  1299. IN PKSEC_LIST_ENTRY Entry,
  1300. OUT BOOLEAN * Delete OPTIONAL
  1301. );
  1303. typedef NTSTATUS
  1304. (SEC_ENTRY KSEC_SERIALIZE_WINNT_AUTH_DATA)(
  1305. IN PVOID pvAuthData,
  1306. OUT PULONG Size,
  1307. OUT PVOID * SerializedData );
  1309. #ifndef MIDL_PASS
  1311. KSEC_CREATE_CONTEXT_LIST KSecCreateContextList ;
  1312. KSEC_INSERT_LIST_ENTRY KSecInsertListEntry ;
  1313. KSEC_REFERENCE_LIST_ENTRY KSecReferenceListEntry ;
  1314. KSEC_DEREFERENCE_LIST_ENTRY KSecDereferenceListEntry ;
  1315. KSEC_SERIALIZE_WINNT_AUTH_DATA KSecSerializeWinntAuthData ;
  1317. #endif // not valid for MIDL_PASS
  1319. typedef KSEC_CREATE_CONTEXT_LIST * PKSEC_CREATE_CONTEXT_LIST ;
  1320. typedef KSEC_INSERT_LIST_ENTRY * PKSEC_INSERT_LIST_ENTRY ;
  1321. typedef KSEC_REFERENCE_LIST_ENTRY * PKSEC_REFERENCE_LIST_ENTRY ;
  1322. typedef KSEC_DEREFERENCE_LIST_ENTRY * PKSEC_DEREFERENCE_LIST_ENTRY ;
  1323. typedef KSEC_SERIALIZE_WINNT_AUTH_DATA * PKSEC_SERIALIZE_WINNT_AUTH_DATA ;
  1326. typedef struct _SECPKG_KERNEL_FUNCTIONS {
  1327. PLSA_ALLOCATE_LSA_HEAP AllocateHeap;
  1328. PLSA_FREE_LSA_HEAP FreeHeap;
  1329. PKSEC_CREATE_CONTEXT_LIST CreateContextList ;
  1330. PKSEC_INSERT_LIST_ENTRY InsertListEntry ;
  1331. PKSEC_REFERENCE_LIST_ENTRY ReferenceListEntry ;
  1332. PKSEC_DEREFERENCE_LIST_ENTRY DereferenceListEntry ;
  1333. PKSEC_SERIALIZE_WINNT_AUTH_DATA SerializeWinntAuthData ;
  1334. } SECPKG_KERNEL_FUNCTIONS, *PSECPKG_KERNEL_FUNCTIONS;
  1337. typedef NTSTATUS
  1338. (NTAPI KspInitPackageFn)(
  1339. PSECPKG_KERNEL_FUNCTIONS FunctionTable
  1340. );
  1343. typedef NTSTATUS
  1344. (NTAPI KspDeleteContextFn)(
  1345. IN LSA_SEC_HANDLE ContextId,
  1346. OUT PLSA_SEC_HANDLE LsaContextId
  1347. );
  1349. typedef NTSTATUS
  1350. (NTAPI KspInitContextFn)(
  1351. IN LSA_SEC_HANDLE ContextId,
  1352. IN PSecBuffer ContextData,
  1353. OUT PLSA_SEC_HANDLE NewContextId
  1354. );
  1356. typedef NTSTATUS
  1357. (NTAPI KspMakeSignatureFn)(
  1358. IN LSA_SEC_HANDLE ContextId,
  1359. IN ULONG fQOP,
  1360. IN OUT PSecBufferDesc Message,
  1361. IN ULONG MessageSeqNo
  1362. );
  1364. typedef NTSTATUS
  1365. (NTAPI KspVerifySignatureFn)(
  1366. IN LSA_SEC_HANDLE ContextId,
  1367. IN OUT PSecBufferDesc Message,
  1368. IN ULONG MessageSeqNo,
  1369. OUT PULONG pfQOP
  1370. );
  1373. typedef NTSTATUS
  1374. (NTAPI KspSealMessageFn)(
  1375. IN LSA_SEC_HANDLE ContextId,
  1376. IN ULONG fQOP,
  1377. IN OUT PSecBufferDesc Message,
  1378. IN ULONG MessageSeqNo
  1379. );
  1381. typedef NTSTATUS
  1382. (NTAPI KspUnsealMessageFn)(
  1383. IN LSA_SEC_HANDLE ContextId,
  1384. IN OUT PSecBufferDesc Message,
  1385. IN ULONG MessageSeqNo,
  1386. OUT PULONG pfQOP
  1387. );
  1389. typedef NTSTATUS
  1390. (NTAPI KspGetTokenFn)(
  1391. IN LSA_SEC_HANDLE ContextId,
  1392. OUT PHANDLE ImpersonationToken,
  1393. OUT OPTIONAL PACCESS_TOKEN * RawToken
  1394. );
  1396. typedef NTSTATUS
  1397. (NTAPI KspQueryAttributesFn)(
  1398. IN LSA_SEC_HANDLE ContextId,
  1399. IN ULONG Attribute,
  1400. IN OUT PVOID Buffer
  1401. );
  1403. typedef NTSTATUS
  1404. (NTAPI KspCompleteTokenFn)(
  1405. IN LSA_SEC_HANDLE ContextId,
  1406. IN PSecBufferDesc Token
  1407. );
  1410. typedef NTSTATUS
  1411. (NTAPI KspMapHandleFn)(
  1412. IN LSA_SEC_HANDLE ContextId,
  1413. OUT PLSA_SEC_HANDLE LsaContextId
  1414. );
  1416. typedef NTSTATUS
  1417. (NTAPI KspSetPagingModeFn)(
  1418. IN BOOLEAN PagingMode
  1419. );
  1421. typedef NTSTATUS
  1422. (NTAPI KspSerializeAuthDataFn)(
  1423. IN PVOID pvAuthData,
  1424. OUT PULONG Size,
  1425. OUT PVOID * SerializedData
  1426. );
  1428. typedef struct _SECPKG_KERNEL_FUNCTION_TABLE {
  1429. KspInitPackageFn * Initialize;
  1430. KspDeleteContextFn * DeleteContext;
  1431. KspInitContextFn * InitContext;
  1432. KspMapHandleFn * MapHandle;
  1433. KspMakeSignatureFn * Sign;
  1434. KspVerifySignatureFn * Verify;
  1435. KspSealMessageFn * Seal;
  1436. KspUnsealMessageFn * Unseal;
  1437. KspGetTokenFn * GetToken;
  1438. KspQueryAttributesFn * QueryAttributes;
  1439. KspCompleteTokenFn * CompleteToken;
  1440. SpExportSecurityContextFn * ExportContext;
  1441. SpImportSecurityContextFn * ImportContext;
  1442. KspSetPagingModeFn * SetPackagePagingMode ;
  1443. KspSerializeAuthDataFn * SerializeAuthData ;
  1444. } SECPKG_KERNEL_FUNCTION_TABLE, *PSECPKG_KERNEL_FUNCTION_TABLE;
  1446. SECURITY_STATUS
  1447. SEC_ENTRY
  1448. KSecRegisterSecurityProvider(
  1449. PSECURITY_STRING ProviderName,
  1450. PSECPKG_KERNEL_FUNCTION_TABLE Table
  1451. );
  1455. extern SECPKG_KERNEL_FUNCTIONS KspKernelFunctions;
  1458. // end_ntsecpkg
  1460. #endif // __SECPKG_H__