archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 827363a95b
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '827363a95b'
${ noResults }
windows-server-2003/ds/security/protocols/kerberos/server/tktutil.hxx

382 lines
9.8 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. //+---------------------------------------------------------------------------
  2. //
  3. // Microsoft Windows
  4. // Copyright (C) Microsoft Corporation, 1992 - 1993.
  5. //
  6. // File: tktutil.hxx
  7. //
  8. // Contents: prototypes for tktutil.cxx
  9. //
  10. // Classes:
  11. //
  12. // Functions:
  13. //
  14. // History: 05-Mar-94 wader Created
  15. //
  16. //----------------------------------------------------------------------------
  18. #ifndef __TKTUTIL_HXX__
  19. #define __TKTUTIL_HXX__
  21. #include <kdcsvr.hxx>
  22. #include <pac.hxx>
  23. #include <refer.h>
  24. #include <transit.h>
  25. #include <sockutil.h>
  27. extern "C"
  28. {
  29. #include <ntdsapi.h>
  30. #include <kdcexp.h>
  31. }
  34. //
  35. // Structures
  36. //
  38. #ifdef later
  39. typedef struct _KDC_PA_DATA_CONTEXT {
  40. struct _KDC_PA_DATA_CONTEXT * Next;
  41. ULONG PaDataType;
  42. ULONG ContextSize;
  43. PBYTE Context[ANYSIZE_ARRAY];
  44. } KDC_PA_DATA_CONTEXT, *PKDC_PA_DATA_CONTEXT;
  46. typedef NTSTATUS (*PKDC_PA_DATA_RESPONSE) (
  47. IN OUT PKDC_PA_DATA_CONTEXT * Context
  48. );
  50. typedef NTSTATUS (*PKDC_PA_DATA_CLEANUP) (
  51. IN PKDC_PA_DATA_CONTEXT Context
  52. );
  54. #endif // later
  56. typedef NTSTATUS (*PKDC_PA_DATA_REQUEST) (
  57. IN PKDC_TICKET_INFO ClientTicketInfo,
  58. IN SAMPR_HANDLE UserHandle,
  59. IN PKERB_PA_DATA_LIST PreAuthData,
  60. OUT PKERB_PA_DATA_LIST * OutputPreAuthData,
  61. OUT PBOOLEAN BuildPac,
  62. OUT PULONG Nonce,
  63. OUT PKERB_ENCRYPTION_KEY ReplyEncryptionKey
  64. );
  67. typedef struct _KDC_PA_DATA_HANDLER {
  68. ULONG PaDataType;
  69. PKDC_PA_DATA_REQUEST Request;
  70. } KDC_PA_DATA_HANDLER, *PKDC_PA_DATA_HANDLER;
  72. //
  73. // Flags for Normalize
  74. //
  76. #define KDC_NAME_CLIENT 0x01
  77. #define KDC_NAME_SERVER 0x02
  78. #define KDC_NAME_FOLLOW_REFERRALS 0x04
  79. #define KDC_NAME_INBOUND 0x08 // for trust, indicates name need not be outbound trust only
  80. #define KDC_NAME_CHECK_GC 0x10 // indicates that the client said this name should be canonicalized at the GC
  81. #define KDC_NAME_UPN_TARGET 0x20
  82. #define KDC_NAME_S4U_CLIENT 0x40 // causes name lookup to be done by AltSecId as well as UPN
  84. //
  85. // TGS process flags.
  86. //
  87. #define TGS_RENEWAL 0x1
  88. #define TGS_REFERRAL 0x2
  90. //
  91. // Prototypes.
  92. //
  94. KERBERR
  95. KdcGetTicketInfo(
  96. IN PUNICODE_STRING UserName,
  97. IN ULONG LookupFlags,
  98. IN BOOLEAN bRestrictUserAccounts,
  99. IN OPTIONAL PKERB_INTERNAL_NAME PrincipalName,
  100. IN OPTIONAL PKERB_REALM Realm,
  101. OUT PKDC_TICKET_INFO TicketInfo,
  102. OUT PKERB_EXT_ERROR pExtendedError,
  103. OUT OPTIONAL SAMPR_HANDLE * UserHandle,
  104. IN OPTIONAL ULONG WhichFields,
  105. IN OPTIONAL ULONG ExtendedFields,
  106. OUT OPTIONAL PUSER_INTERNAL6_INFORMATION * RetUserInfo,
  107. OUT OPTIONAL PSID_AND_ATTRIBUTES_LIST GroupMembership
  108. );
  110. KERBERR
  111. GetTicketInfo(
  112. IN PUNICODE_STRING pwzName,
  113. IN OPTIONAL PKERB_INTERNAL_NAME PrincipalName,
  114. IN OPTIONAL PKERB_REALM Realm,
  115. IN OUT PKDC_TICKET_INFO ptiInfo,
  116. OUT OPTIONAL SAMPR_HANDLE * UserHandle,
  117. OUT OPTIONAL PUSER_INTERNAL6_INFORMATION * UserInfo,
  118. OUT OPTIONAL PSID_AND_ATTRIBUTES_LIST ReverseMembership
  119. );
  121. VOID
  122. FreeTicketInfo( IN PKDC_TICKET_INFO ptiInfo );
  124. KERBERR
  125. KdcDuplicateCredentials(
  126. OUT PKERB_STORED_CREDENTIAL * NewCredentials,
  127. OUT PULONG CredentialSize,
  128. IN PKERB_STORED_CREDENTIAL OldCredentials,
  129. IN BOOLEAN MarshallKeys
  130. );
  132. KERBERR
  133. BuildReply(
  134. IN OPTIONAL PKDC_TICKET_INFO ClientInfo,
  135. IN ULONG Nonce,
  136. IN PKERB_PRINCIPAL_NAME ServerName,
  137. IN KERB_REALM ServerRealm,
  138. IN OPTIONAL PKERB_HOST_ADDRESSES HostAddresses,
  139. IN PKERB_TICKET Ticket,
  140. OUT PKERB_ENCRYPTED_KDC_REPLY ReplyBody
  141. );
  143. KERBERR
  144. KdcNormalize(
  145. IN PKERB_INTERNAL_NAME PrincipalName,
  146. IN OPTIONAL PUNICODE_STRING PrincipalRealm,
  147. IN OPTIONAL PUNICODE_STRING RequestRealm,
  148. IN OPTIONAL PUNICODE_STRING TgtClientRealm,
  149. IN ULONG NameFlags,
  150. IN BOOLEAN bRestrictUserAccounts,
  151. OUT PBOOLEAN Referral,
  152. OUT PUNICODE_STRING RealmName,
  153. OUT PKDC_TICKET_INFO TicketInfo,
  154. OUT PKERB_EXT_ERROR pExtendedError,
  155. OUT OPTIONAL SAMPR_HANDLE * UserHandle,
  156. IN OPTIONAL ULONG WhichFields,
  157. IN OPTIONAL ULONG ExtendedFields,
  158. OUT OPTIONAL PUSER_INTERNAL6_INFORMATION * UserInfo,
  159. OUT OPTIONAL PSID_AND_ATTRIBUTES_LIST GroupMembership
  160. );
  162. KERBERR
  163. KdcBuildTicketTimesAndFlags(
  164. IN ULONG ClientPolicyFlags,
  165. IN ULONG ServerPolicyFlags,
  166. IN PLARGE_INTEGER DomainTicketLifespan,
  167. IN PLARGE_INTEGER DomainTicketRenewspan,
  168. IN OPTIONAL PKDC_S4U_TICKET_INFO S4UTicketInfo,
  169. IN OPTIONAL PLARGE_INTEGER LogoffTime,
  170. IN OPTIONAL PLARGE_INTEGER AccountExpiry,
  171. IN PKERB_KDC_REQUEST_BODY RequestBody,
  172. IN OPTIONAL PKERB_ENCRYPTED_TICKET SourceTicket,
  173. IN OUT PKERB_ENCRYPTED_TICKET Ticket,
  174. IN OUT OPTIONAL PKERB_EXT_ERROR ExtendedError
  175. );
  177. KERBERR
  178. BuildTicketTimesAndFlags(
  179. IN ULONG ulMaxRenew,
  180. IN KERB_TICKET_FLAGS fAllowedFlags,
  181. IN PLARGE_INTEGER ptsMaxRenew,
  182. IN PLARGE_INTEGER ptsMaxLife,
  183. IN PKERB_KDC_REQUEST_BODY RequestBody,
  184. IN OUT PKERB_TICKET Ticket,
  185. IN OUT OPTIONAL PKERB_EXT_ERROR ExtendedError
  186. );
  188. KERBERR
  189. GetPacAndSuppCred(
  190. IN PUSER_INTERNAL6_INFORMATION UserInfo,
  191. IN PSID_AND_ATTRIBUTES_LIST GroupMembership,
  192. IN ULONG SignatureSize,
  193. IN OPTIONAL PKERB_ENCRYPTION_KEY CredentialKey,
  194. IN OPTIONAL PTimeStamp ClientId,
  195. IN OPTIONAL PUNICODE_STRING ClientName,
  196. OUT PPACTYPE * Pac,
  197. OUT PKERB_EXT_ERROR pExtendedError
  198. );
  200. VOID
  201. KdcFreeAuthzInfo(
  202. IN PKDC_AUTHZ_GROUP_BUFFERS InfoToFree
  203. );
  205. KERBERR
  206. KdcGetSidsFromTgt(
  207. IN PKERB_ENCRYPTED_TICKET EncryptedTicket,
  208. IN OPTIONAL PKERB_ENCRYPTION_KEY EncryptedTicketKey,
  209. IN ULONG EncryptionType,
  210. IN PKDC_TICKET_INFO TgtAccountInfo,
  211. IN OUT PKDC_AUTHZ_INFO AuthzInfo,
  212. IN OUT PKDC_AUTHZ_GROUP_BUFFERS InfoToFree,
  213. OUT NTSTATUS * pStatus
  214. );
  216. KERBERR
  217. HandleTGSRequest(
  218. IN OPTIONAL SOCKADDR * ClientAddress,
  219. IN PKERB_TGS_REQUEST RequestMessage,
  220. IN PUNICODE_STRING RequestRealm,
  221. OUT PKERB_MESSAGE_BUFFER OutputMessage,
  222. OUT PKERB_EXT_ERROR pExtendedError,
  223. OUT PUNICODE_STRING ClientStringName,
  224. OUT PUNICODE_STRING ServerStringName
  225. );
  227. KERBERR
  228. KdcVerifyKdcRequest(
  229. IN PUCHAR RequestBuffer,
  230. IN ULONG RequestSize,
  231. IN OPTIONAL SOCKADDR * ClientAddress,
  232. IN BOOLEAN IsKdcRequest,
  233. OUT OPTIONAL PKERB_AP_REQUEST * UnmarshalledRequest,
  234. OUT OPTIONAL PKERB_AUTHENTICATOR * UnmarshalledAuthenticator,
  235. OUT PKERB_ENCRYPTED_TICKET *EncryptedTicket,
  236. OUT PKERB_ENCRYPTION_KEY SessionKey,
  237. OUT PKERB_ENCRYPTION_KEY ServerKey,
  238. OUT PKDC_TICKET_INFO ServerTicketInfo,
  239. OUT PBOOLEAN UseSubKey,
  240. OUT PKERB_EXT_ERROR pExtendedError
  241. );
  243. KERBERR
  244. KdcVerifyTgsChecksum(
  245. IN PKERB_KDC_REQUEST_BODY RequestBody,
  246. IN PKERB_ENCRYPTION_KEY Key,
  247. IN PKERB_CHECKSUM OldChecksum
  248. );
  250. NTSTATUS
  251. KdcBuildPasswordList(
  252. IN PUNICODE_STRING Password,
  253. IN PUNICODE_STRING PrincipalName,
  254. IN PUNICODE_STRING DnsDomainName,
  255. IN KERB_ACCOUNT_TYPE AccountType,
  256. IN PKERB_STORED_CREDENTIAL StoredCreds,
  257. IN ULONG StoredCredSize,
  258. IN BOOLEAN MarshallKeys,
  259. IN BOOLEAN IncludeBuiltinTypes,
  260. IN ULONG Flags,
  261. IN KDC_DOMAIN_INFO_DIRECTION Direction,
  262. OUT PKERB_STORED_CREDENTIAL * PasswordList,
  263. OUT PULONG PasswordListSize
  264. );
  267. #if DBG
  268. void
  269. PrintTicket( ULONG ulDebLevel,
  270. char * pszMessage,
  271. PKERB_TICKET pkitTicket );
  273. void
  274. PrintRequest( ULONG ulDebLevel,
  275. PKERB_KDC_REQUEST_BODY pktrRequest );
  278. #else
  280. #define PrintRequest(x,y)
  281. #define PrintTicket(w,x,y)
  282. #define PrintProxyReference(w,x,y)
  283. #define PrintProxyData(w,x,y)
  285. #endif
  287. VOID
  288. KdcFreeKdcReplyBody(
  289. IN PKERB_ENCRYPTED_KDC_REPLY ReplyBody
  290. );
  292. VOID
  293. KdcFreeInternalTicket(
  294. IN PKERB_TICKET Ticket
  295. );
  297. VOID
  298. KdcFreeKdcReply(
  299. IN PKERB_KDC_REPLY Reply
  300. );
  302. KERBERR
  303. KdcGetPacAuthData(
  304. IN PUSER_INTERNAL6_INFORMATION UserInfo,
  305. IN PSID_AND_ATTRIBUTES_LIST GroupMembership,
  306. IN PKERB_ENCRYPTION_KEY ServerKey,
  307. IN PKERB_ENCRYPTION_KEY CredentialKey,
  308. IN BOOLEAN AddResourceGroups,
  309. IN OPTIONAL PKERB_ENCRYPTED_TICKET EncryptedTicket,
  310. IN OPTIONAL PKDC_S4U_TICKET_INFO S4UClientInfo,
  311. OUT PKERB_AUTHORIZATION_DATA * PacAuthData,
  312. OUT PKERB_EXT_ERROR pExtendedError
  313. );
  315. KERBERR
  316. KdcFilterNamespace(
  317. IN PKDC_TICKET_INFO ServerInfo,
  318. IN KERB_REALM ClientRealm,
  319. OUT PKERB_EXT_ERROR pExtendedError
  320. );
  322. KERBERR
  323. KdcBuildPacVerifier(
  324. IN PTimeStamp ClientId,
  325. IN PUNICODE_STRING ClientName,
  326. OUT PPAC_INFO_BUFFER * Verifier
  327. );
  330. KERBERR
  331. KdcVerifyAndResignPac(
  332. IN PKERB_ENCRYPTION_KEY OldKey,
  333. IN PKERB_ENCRYPTION_KEY NewKey,
  334. IN PKDC_TICKET_INFO OldServerInfo,
  335. IN OPTIONAL PKDC_TICKET_INFO TargetServiceInfo,
  336. IN OPTIONAL PKDC_S4U_TICKET_INFO S4UTicketInfo,
  337. IN OPTIONAL PKERB_ENCRYPTED_TICKET FinalTicket,
  338. IN BOOLEAN AddResourceGroups,
  339. IN PKERB_EXT_ERROR ExtendedError,
  340. IN OUT PKERB_AUTHORIZATION_DATA PacAuthData,
  341. OUT OPTIONAL PS4U_DELEGATION_INFO* S4UDelegationInfo
  342. );
  344. KERBERR
  345. KdcGetPacFromAuthData(
  346. IN PKERB_AUTHORIZATION_DATA AuthData,
  347. OUT PKERB_IF_RELEVANT_AUTH_DATA *ReturnIfRelevantData,
  348. OUT PKERB_AUTHORIZATION_DATA * Pac
  349. );
  351. KERBERR
  352. KdcInsertPacIntoAuthData(
  353. IN PKERB_AUTHORIZATION_DATA AuthData,
  354. IN PKERB_IF_RELEVANT_AUTH_DATA IfRelevantData,
  355. IN PKERB_AUTHORIZATION_DATA PacAuthData,
  356. OUT PKERB_AUTHORIZATION_DATA * UpdatedAuthData
  357. );
  359. VOID
  360. KdcFreeU2UTicketInfo(PKDC_U2U_TICKET_INFO U2UTicketInfo);
  362. VOID
  363. KdcFreeS4UTicketInfo(PKDC_S4U_TICKET_INFO S4UTicketInfo);
  370. NTSTATUS
  371. EnterApiCall(
  372. VOID
  373. );
  375. VOID
  376. LeaveApiCall(
  377. VOID
  378. );
  382. #endif // __TKTUTIL_HXX__