archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 7b07a90fc1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '7b07a90fc1'
${ noResults }
windows-server-2003/ds/security/protocols/kerberos/client2/kerbtick.h

370 lines
10 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. //+---------------------------------------------------------------------------
  2. //
  3. // Microsoft Windows
  4. // Copyright (C) Microsoft Corporation, 1992 - 1993.
  5. //
  6. // File: kerbtick.h
  7. //
  8. // Contents: Structures for ticket request and creation
  9. //
  10. // Classes:
  11. //
  12. // Functions:
  13. //
  14. // History: 22-April-1996 Created MikeSw
  15. //
  16. //----------------------------------------------------------------------------
  18. #ifndef __KERBTICK_H__
  19. #define __KERBTICK_H__
  21. //
  22. // Macros used for building tickets
  23. //
  25. #define KERB_ENCRYPT_SIZE(_x_) (sizeof(KERB_ENCRYPTED_DATA) - 1 + (_x_))
  27. //
  28. // Structures used for AP (authentication protocol) exchanges with a server
  29. //
  31. //#define KERB_AP_INTEGRITY 0x80000000 // Integrity Request
  32. //#define KERB_AP_PRIVACY 0x40000000 // Privacy
  33. //#define KERB_AP_THREE_LEG 0x20000000 // Mutual Auth 3-leg
  34. //#define KERB_AP_RETURN_EE 0x10000000 // Return extended error info
  35. //#define KERB_AP_USE_SKEY 0x00000002 // Use session key
  36. //#define KERB_AP_MUTUAL_REQ 0x00000004
  38. //
  39. // Structure used to store GSS checksum
  40. //
  42. typedef struct _KERB_GSS_CHECKSUM {
  43. ULONG BindLength;
  44. ULONG BindHash[4];
  45. ULONG GssFlags;
  46. USHORT Delegation;
  47. USHORT DelegationLength;
  48. UCHAR DelegationInfo[ANYSIZE_ARRAY];
  49. } KERB_GSS_CHECKSUM, *PKERB_GSS_CHECKSUM;
  51. #define GSS_C_DELEG_FLAG 0x01
  52. #define GSS_C_MUTUAL_FLAG 0x02
  53. #define GSS_C_REPLAY_FLAG 0x04
  54. #define GSS_C_SEQUENCE_FLAG 0x08
  55. #define GSS_C_CONF_FLAG 0x10
  56. #define GSS_C_INTEG_FLAG 0x20
  57. #define GSS_C_ANON_FLAG 0x40
  58. #define GSS_C_DCE_STYLE 0x1000
  59. #define GSS_C_IDENTIFY_FLAG 0x2000
  60. #define GSS_C_EXTENDED_ERROR_FLAG 0x4000
  62. #define GSS_CHECKSUM_TYPE 0x8003
  63. #define GSS_CHECKSUM_SIZE 24
  65. // This was added due to sizeof() byte alignment issues on
  66. // the KREB_GSS_CHECKSUM structure.
  67. #define GSS_DELEGATE_CHECKSUM_SIZE 28
  69. //
  70. // KerbGetTgsTicket retry flags
  71. //
  73. #define KERB_MIT_NO_CANONICALIZE_RETRY 0x00000001 // for MIT no canonicalize retry case and usage of host to realm mappings
  74. #define KERB_RETRY_WITH_NEW_TGT 0x00000002
  75. #define KERB_RETRY_DISABLE_S4U 0x00000004 // Turn off S4U
  76. #define KERB_RETRY_NO_S4UMATCH 0x00000008 // cache this SPN as not avail. for S4U
  78. //
  79. // Default flags for use in ticket requests
  80. //
  82. #define KERB_DEFAULT_TICKET_FLAGS (KERB_KDC_OPTIONS_forwardable | \
  83. KERB_KDC_OPTIONS_renewable | \
  84. KERB_KDC_OPTIONS_renewable_ok | \
  85. KERB_KDC_OPTIONS_name_canonicalize )
  88. //
  89. // These flags don't have to be in the TGT in order to be honored. Reg.
  90. // configurable.
  91. //
  92. #define KERB_ADDITIONAL_KDC_OPTIONS (KERB_KDC_OPTIONS_name_canonicalize)
  95. NTSTATUS
  96. KerbGetReferralNames(
  97. IN PKERB_ENCRYPTED_KDC_REPLY KdcReply,
  98. IN PKERB_INTERNAL_NAME OriginalTargetName,
  99. OUT PUNICODE_STRING ReferralRealm
  100. );
  102. NTSTATUS
  103. KerbMITGetMachineDomain(
  104. IN PKERB_INTERNAL_NAME TargetName,
  105. IN OUT PUNICODE_STRING TargetDomainName,
  106. IN OUT PKERB_TICKET_CACHE_ENTRY *TicketGrantingTicket
  107. );
  109. NTSTATUS
  110. KerbGetTgtForService(
  111. IN PKERB_LOGON_SESSION LogonSession,
  112. IN PKERB_CREDENTIAL Credential,
  113. IN OPTIONAL PKERB_CREDMAN_CRED CredManCredentials,
  114. IN OPTIONAL PUNICODE_STRING SuppRealm,
  115. IN PUNICODE_STRING TargetDomain,
  116. IN ULONG TargetFlags,
  117. OUT PKERB_TICKET_CACHE_ENTRY * NewCacheEntry,
  118. OUT PBOOLEAN CrossRealm
  119. );
  121. NTSTATUS
  122. KerbGetTgsTicket(
  123. IN PUNICODE_STRING ClientRealm,
  124. IN PKERB_TICKET_CACHE_ENTRY TicketGrantingTicket,
  125. IN PKERB_INTERNAL_NAME TargetName,
  126. IN ULONG Flags,
  127. IN OPTIONAL ULONG TicketOptions,
  128. IN OPTIONAL ULONG EncryptionType,
  129. IN OPTIONAL PKERB_AUTHORIZATION_DATA AuthorizationData,
  130. IN OPTIONAL PKERB_PA_DATA_LIST PADataList,
  131. IN OPTIONAL PKERB_TGT_REPLY TgtReply,
  132. IN OPTIONAL PKERB_TICKET EvidenceTicket,
  133. IN OPTIONAL PTimeStamp OptionalEndTime,
  134. OUT PKERB_KDC_REPLY * KdcReply,
  135. OUT PKERB_ENCRYPTED_KDC_REPLY * ReplyBody,
  136. OUT PULONG pRetryFlags
  137. );
  139. NTSTATUS
  140. KerbGetServiceTicket(
  141. IN PKERB_LOGON_SESSION LogonSession,
  142. IN PKERB_CREDENTIAL Credential,
  143. IN OPTIONAL PKERB_CREDMAN_CRED CredManCredentials,
  144. IN PKERB_INTERNAL_NAME TargetName,
  145. IN PUNICODE_STRING TargetDomainName,
  146. IN OPTIONAL PKERB_SPN_CACHE_ENTRY SpnCacheEntry,
  147. IN ULONG Flags,
  148. IN OPTIONAL ULONG TicketOptions,
  149. IN OPTIONAL ULONG EncryptionType,
  150. IN OPTIONAL PKERB_ERROR ErrorMessage,
  151. IN OPTIONAL PKERB_AUTHORIZATION_DATA AuthorizationData,
  152. IN OPTIONAL PKERB_TGT_REPLY TgtReply,
  153. OUT PKERB_TICKET_CACHE_ENTRY * NewCacheEntry,
  154. OUT LPGUID pLogonGuid OPTIONAL
  155. );
  157. #define KERB_GET_TICKET_NO_CACHE 0x1
  158. #define KERB_GET_TICKET_NO_CANONICALIZE 0x2
  159. #define KERB_TARGET_DID_ALTNAME_LOOKUP 0x8
  161. #define KERB_TARGET_USED_SPN_CACHE 0x1000
  162. #define KERB_TARGET_UNKNOWN_SPN 0x2000
  163. #define KERB_MIT_REALM_USED 0x4000
  164. #define KERB_TARGET_REFERRAL 0x8000
  165. #define KERB_TARGET_SPN_NO_PROXY 0x10000
  167. BOOL
  168. KerbHaveKeyMaterials(
  169. IN OPTIONAL PKERB_LOGON_SESSION LogonSession,
  170. IN PKERB_PRIMARY_CREDENTIAL PrimaryCred
  171. );
  173. NTSTATUS
  174. KerbBuildApRequest(
  175. IN PKERB_LOGON_SESSION LogonSession,
  176. IN OPTIONAL PKERB_CREDENTIAL Credential,
  177. IN OPTIONAL PKERB_CREDMAN_CRED CredManCredentials,
  178. IN PKERB_TICKET_CACHE_ENTRY TicketCacheEntry,
  179. IN OPTIONAL PKERB_ERROR ErrorMessage,
  180. IN ULONG ContextAttributes,
  181. IN OUT PULONG ContextFlags,
  182. OUT PUCHAR * MarshalledApRequest,
  183. OUT PULONG ApRequestSize,
  184. OUT PULONG Nonce,
  185. OUT OPTIONAL PTimeStamp pAuthenticatorTime,
  186. OUT PKERB_ENCRYPTION_KEY SubSessionKey,
  187. IN PSEC_CHANNEL_BINDINGS pChannelBindings
  188. );
  190. NTSTATUS
  191. KerbBuildNullSessionApRequest(
  192. OUT PUCHAR * MarshalledApRequest,
  193. OUT PULONG ApRequestSize
  194. );
  196. KERBERR
  197. KerbCreateApRequest(
  198. IN PKERB_INTERNAL_NAME ClientName,
  199. IN PUNICODE_STRING ClientRealm,
  200. IN PKERB_ENCRYPTION_KEY SessionKey,
  201. IN PKERB_ENCRYPTION_KEY SubSessionKey,
  202. IN ULONG Nonce,
  203. OUT OPTIONAL PTimeStamp pAuthenticatorTime,
  204. IN PKERB_TICKET ServiceTicket,
  205. IN ULONG ApOptions,
  206. IN OPTIONAL PKERB_CHECKSUM GssChecksum,
  207. IN OPTIONAL PTimeStamp ServerSkewTime,
  208. IN BOOLEAN KdcRequest,
  209. OUT PULONG RequestSize,
  210. OUT PUCHAR * Request
  211. );
  213. NTSTATUS
  214. KerbVerifyApRequest(
  215. IN OPTIONAL PKERB_CONTEXT Context,
  216. IN PUCHAR RequestMessage,
  217. IN ULONG RequestSize,
  218. IN PKERB_LOGON_SESSION LogonSession,
  219. IN PKERB_CREDENTIAL Credential,
  220. IN BOOLEAN UseSuppliedCreds,
  221. IN BOOLEAN CheckForReplay,
  222. OUT PKERB_AP_REQUEST * ApRequest,
  223. OUT PKERB_ENCRYPTED_TICKET * NewTicket,
  224. OUT PKERB_AUTHENTICATOR * NewAuthenticator,
  225. OUT PKERB_ENCRYPTION_KEY SessionKey,
  226. OUT PKERB_ENCRYPTION_KEY TicketKey,
  227. OUT PKERB_ENCRYPTION_KEY ServerKey,
  228. OUT PULONG ContextFlags,
  229. OUT PULONG ContextAttributes,
  230. OUT PKERBERR KerbError,
  231. IN PSEC_CHANNEL_BINDINGS pChannelBindings
  232. );
  234. NTSTATUS
  235. KerbComputeGssBindHash(
  236. IN PSEC_CHANNEL_BINDINGS pChannelBindings,
  237. OUT PUCHAR HashBuffer
  238. );
  240. //
  241. // From credapi.cxx
  242. //
  244. NTSTATUS
  245. KerbCaptureSuppliedCreds(
  246. IN PKERB_LOGON_SESSION LogonSession,
  247. IN OPTIONAL PVOID AuthorizationData,
  248. IN OPTIONAL PUNICODE_STRING PrincipalName,
  249. OUT PKERB_PRIMARY_CREDENTIAL * SuppliedCreds,
  250. OUT PULONG Flags
  251. );
  253. NTSTATUS
  254. KerbBuildApReply(
  255. IN PKERB_AUTHENTICATOR InternalAuthenticator,
  256. IN PKERB_AP_REQUEST Request,
  257. IN ULONG ContextFlags,
  258. IN ULONG ContextAtributes,
  259. IN PKERB_ENCRYPTION_KEY TicketKey,
  260. IN OUT PKERB_ENCRYPTION_KEY SessionKey,
  261. OUT PULONG Nonce,
  262. OUT PUCHAR * NewReply,
  263. OUT PULONG NewReplySize
  264. );
  266. NTSTATUS
  267. KerbBuildThirdLegApReply(
  268. IN PKERB_CONTEXT Context,
  269. IN ULONG ReceiveNonce,
  270. OUT PUCHAR * NewReply,
  271. OUT PULONG NewReplySize
  272. );
  274. BOOLEAN
  275. KerbKerbTimeEqual(
  276. PKERB_TIME pt1,
  277. PKERB_TIME pt2
  278. );
  280. NTSTATUS
  281. KerbVerifyApReply(
  282. IN PKERB_CONTEXT Context,
  283. IN PUCHAR PackedReply,
  284. IN ULONG PackedReplySize,
  285. OUT PULONG ReceiveNonce
  286. );
  288. NTSTATUS
  289. KerbInitTicketHandling(
  290. VOID
  291. );
  293. NTSTATUS
  294. KerbInitGlobalVariables(
  295. VOID
  296. );
  298. VOID
  299. KerbCleanupTicketHandling(
  300. VOID
  301. );
  303. NTSTATUS
  304. KerbMakeSocketCall(
  305. IN PUNICODE_STRING RealmName,
  306. IN OPTIONAL PUNICODE_STRING AccountName,
  307. IN BOOLEAN CallPDC,
  308. IN BOOLEAN UseTcp,
  309. IN BOOLEAN CallKpasswd,
  310. IN PKERB_MESSAGE_BUFFER RequestMessage,
  311. IN PKERB_MESSAGE_BUFFER ReplyMessage,
  312. IN OPTIONAL PKERB_BINDING_CACHE_ENTRY OptionalBindingHandle,
  313. IN ULONG AdditionalFlags,
  314. OUT PBOOLEAN CalledPDC
  315. );
  317. NTSTATUS
  318. KerbHandleTgtRequest(
  319. IN PKERB_LOGON_SESSION LogonSession,
  320. IN PKERB_CREDENTIAL Credential,
  321. IN BOOLEAN UseSuppliedCreds,
  322. IN PUCHAR RequestMessage,
  323. IN ULONG RequestSize,
  324. IN ULONG ContextRequirements,
  325. IN PSecBuffer OutputToken,
  326. IN PLUID LogonId,
  327. OUT PULONG ContextAttributes,
  328. OUT PKERB_CONTEXT * Context,
  329. OUT PTimeStamp ContextLifetime,
  330. OUT PKERBERR ReturnedError
  331. );
  333. NTSTATUS
  334. KerbBuildTgtRequest(
  335. IN PKERB_INTERNAL_NAME TargetName,
  336. IN PUNICODE_STRING TargetRealm,
  337. OUT PULONG ContextAttributes,
  338. OUT PUCHAR * MarshalladTgtRequest,
  339. OUT PULONG TgtRequestSize
  340. );
  342. NTSTATUS
  343. KerbUnpackTgtReply(
  344. IN PKERB_CONTEXT Context,
  345. IN PUCHAR ReplyMessage,
  346. IN ULONG ReplySize,
  347. OUT PKERB_INTERNAL_NAME * TargetName,
  348. OUT PUNICODE_STRING TargetRealm,
  349. OUT PKERB_TGT_REPLY * Reply
  350. );
  352. NTSTATUS
  353. KerbBuildTgtErrorReply(
  354. IN PKERB_LOGON_SESSION LogonSession,
  355. IN PKERB_CREDENTIAL Credentials,
  356. IN BOOLEAN UseSuppliedCreds,
  357. IN OUT PKERB_CONTEXT Context,
  358. OUT PULONG ReplySize,
  359. OUT PBYTE * Reply
  360. );
  362. NTSTATUS
  363. KerbBuildKerbCred(
  364. IN OPTIONAL PKERB_TICKET_CACHE_ENTRY Ticket,
  365. IN PKERB_TICKET_CACHE_ENTRY DelegationTicket,
  366. OUT PUCHAR * MarshalledKerbCred,
  367. OUT PULONG KerbCredSize
  368. );
  370. #endif // __KERBTICK_H__