archive
/
windows-server-2003
mirror of https://github.com/selfrender/Windows-Server-2003
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3 Commits
1 Branch
0 Tags
1.5 GiB
Tree: 827363a95b
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '827363a95b'
${ noResults }
windows-server-2003/public/sdk/inc/sspi.h

2058 lines
63 KiB
Raw Normal View History

commiting as it is
4 years ago
  1. //+---------------------------------------------------------------------------
  2. //
  3. // Microsoft Windows
  4. // Copyright (C) Microsoft Corporation, 1992-1999.
  5. //
  6. // File: sspi.h
  7. //
  8. // Contents: Security Support Provider Interface
  9. // Prototypes and structure definitions
  10. //
  11. // Functions: Security Support Provider API
  12. //
  13. // History: 11-24-93 RichardW Created
  14. //
  15. //----------------------------------------------------------------------------
  17. // begin_ntifs
  18. #ifndef __SSPI_H__
  19. #define __SSPI_H__
  20. // end_ntifs
  22. #if _MSC_VER > 1000
  23. #pragma once
  24. #endif
  26. #ifdef __cplusplus
  27. extern "C" {
  28. #endif
  30. //
  31. // Determine environment:
  32. //
  34. #ifdef SECURITY_WIN32
  35. #define ISSP_LEVEL 32
  36. #define ISSP_MODE 1
  37. #endif // SECURITY_WIN32
  39. #ifdef SECURITY_KERNEL
  40. #define ISSP_LEVEL 32 // ntifs
  42. //
  43. // SECURITY_KERNEL trumps SECURITY_WIN32. Undefine ISSP_MODE so that
  44. // we don't get redefine errors.
  45. //
  46. #ifdef ISSP_MODE
  47. #undef ISSP_MODE
  48. #endif
  49. #define ISSP_MODE 0 // ntifs
  50. #endif // SECURITY_KERNEL
  52. #ifdef SECURITY_MAC
  53. #define ISSP_LEVEL 32
  54. #define ISSP_MODE 1
  55. #endif // SECURITY_MAC
  58. #ifndef ISSP_LEVEL
  59. #error You must define one of SECURITY_WIN32, SECURITY_KERNEL, or
  60. #error SECURITY_MAC
  61. #endif // !ISSP_LEVEL
  64. //
  65. // Now, define platform specific mappings:
  66. //
  69. // begin_ntifs
  71. typedef WCHAR SEC_WCHAR;
  72. typedef CHAR SEC_CHAR;
  74. #ifndef __SECSTATUS_DEFINED__
  75. typedef LONG SECURITY_STATUS;
  76. #define __SECSTATUS_DEFINED__
  77. #endif
  79. #define SEC_TEXT TEXT
  80. #define SEC_FAR
  81. #define SEC_ENTRY __stdcall
  83. // end_ntifs
  85. //
  86. // Decide what a string - 32 bits only since for 16 bits it is clear.
  87. //
  90. #ifdef UNICODE
  91. typedef SEC_WCHAR SEC_FAR * SECURITY_PSTR;
  92. typedef CONST SEC_WCHAR SEC_FAR * SECURITY_PCSTR;
  93. #else // UNICODE
  94. typedef SEC_CHAR SEC_FAR * SECURITY_PSTR;
  95. typedef CONST SEC_CHAR SEC_FAR * SECURITY_PCSTR;
  96. #endif // UNICODE
  100. //
  101. // Equivalent string for rpcrt:
  102. //
  104. #define __SEC_FAR SEC_FAR
  107. //
  108. // Okay, security specific types:
  109. //
  112. // begin_ntifs
  114. #ifndef __SECHANDLE_DEFINED__
  115. typedef struct _SecHandle
  116. {
  117. ULONG_PTR dwLower ;
  118. ULONG_PTR dwUpper ;
  119. } SecHandle, * PSecHandle ;
  121. #define __SECHANDLE_DEFINED__
  122. #endif // __SECHANDLE_DEFINED__
  124. #define SecInvalidateHandle( x ) \
  125. ((PSecHandle) x)->dwLower = ((ULONG_PTR) ((INT_PTR)-1)) ; \
  126. ((PSecHandle) x)->dwUpper = ((ULONG_PTR) ((INT_PTR)-1)) ; \
  128. #define SecIsValidHandle( x ) \
  129. ( ( ((PSecHandle) x)->dwLower != ((ULONG_PTR) ((INT_PTR) -1 ))) && \
  130. ( ((PSecHandle) x)->dwUpper != ((ULONG_PTR) ((INT_PTR) -1 ))) )
  132. typedef SecHandle CredHandle;
  133. typedef PSecHandle PCredHandle;
  135. typedef SecHandle CtxtHandle;
  136. typedef PSecHandle PCtxtHandle;
  138. // end_ntifs
  141. # ifdef WIN32_CHICAGO
  143. typedef unsigned __int64 QWORD;
  144. typedef QWORD SECURITY_INTEGER, *PSECURITY_INTEGER;
  145. #define SEC_SUCCESS(Status) ((Status) >= 0)
  147. # elif defined(_NTDEF_) || defined(_WINNT_)
  149. typedef LARGE_INTEGER _SECURITY_INTEGER, SECURITY_INTEGER, *PSECURITY_INTEGER; // ntifs
  151. # else // _NTDEF_ || _WINNT_
  153. typedef struct _SECURITY_INTEGER
  154. {
  155. unsigned long LowPart;
  156. long HighPart;
  157. } SECURITY_INTEGER, *PSECURITY_INTEGER;
  159. # endif // _NTDEF_ || _WINNT_
  161. # ifndef SECURITY_MAC
  163. typedef SECURITY_INTEGER TimeStamp; // ntifs
  164. typedef SECURITY_INTEGER SEC_FAR * PTimeStamp; // ntifs
  166. # else // SECURITY_MAC
  167. typedef unsigned long TimeStamp;
  168. typedef unsigned long * PTimeStamp;
  169. # endif // SECUIRT_MAC
  173. //
  174. // If we are in 32 bit mode, define the SECURITY_STRING structure,
  175. // as a clone of the base UNICODE_STRING structure. This is used
  176. // internally in security components, an as the string interface
  177. // for kernel components (e.g. FSPs)
  178. //
  180. # ifndef _NTDEF_
  181. typedef struct _SECURITY_STRING {
  182. unsigned short Length;
  183. unsigned short MaximumLength;
  184. # ifdef MIDL_PASS
  185. [size_is(MaximumLength / 2), length_is(Length / 2)]
  186. # endif // MIDL_PASS
  187. unsigned short * Buffer;
  188. } SECURITY_STRING, * PSECURITY_STRING;
  189. # else // _NTDEF_
  190. typedef UNICODE_STRING SECURITY_STRING, *PSECURITY_STRING; // ntifs
  191. # endif // _NTDEF_
  194. // begin_ntifs
  196. //
  197. // SecPkgInfo structure
  198. //
  199. // Provides general information about a security provider
  200. //
  202. typedef struct _SecPkgInfoW
  203. {
  204. unsigned long fCapabilities; // Capability bitmask
  205. unsigned short wVersion; // Version of driver
  206. unsigned short wRPCID; // ID for RPC Runtime
  207. unsigned long cbMaxToken; // Size of authentication token (max)
  208. #ifdef MIDL_PASS
  209. [string]
  210. #endif
  211. SEC_WCHAR SEC_FAR * Name; // Text name
  213. #ifdef MIDL_PASS
  214. [string]
  215. #endif
  216. SEC_WCHAR SEC_FAR * Comment; // Comment
  217. } SecPkgInfoW, SEC_FAR * PSecPkgInfoW;
  219. // end_ntifs
  221. typedef struct _SecPkgInfoA
  222. {
  223. unsigned long fCapabilities; // Capability bitmask
  224. unsigned short wVersion; // Version of driver
  225. unsigned short wRPCID; // ID for RPC Runtime
  226. unsigned long cbMaxToken; // Size of authentication token (max)
  227. #ifdef MIDL_PASS
  228. [string]
  229. #endif
  230. SEC_CHAR SEC_FAR * Name; // Text name
  232. #ifdef MIDL_PASS
  233. [string]
  234. #endif
  235. SEC_CHAR SEC_FAR * Comment; // Comment
  236. } SecPkgInfoA, SEC_FAR * PSecPkgInfoA;
  238. #ifdef UNICODE
  239. # define SecPkgInfo SecPkgInfoW // ntifs
  240. # define PSecPkgInfo PSecPkgInfoW // ntifs
  241. #else
  242. # define SecPkgInfo SecPkgInfoA
  243. # define PSecPkgInfo PSecPkgInfoA
  244. #endif // !UNICODE
  246. // begin_ntifs
  248. //
  249. // Security Package Capabilities
  250. //
  251. #define SECPKG_FLAG_INTEGRITY 0x00000001 // Supports integrity on messages
  252. #define SECPKG_FLAG_PRIVACY 0x00000002 // Supports privacy (confidentiality)
  253. #define SECPKG_FLAG_TOKEN_ONLY 0x00000004 // Only security token needed
  254. #define SECPKG_FLAG_DATAGRAM 0x00000008 // Datagram RPC support
  255. #define SECPKG_FLAG_CONNECTION 0x00000010 // Connection oriented RPC support
  256. #define SECPKG_FLAG_MULTI_REQUIRED 0x00000020 // Full 3-leg required for re-auth.
  257. #define SECPKG_FLAG_CLIENT_ONLY 0x00000040 // Server side functionality not available
  258. #define SECPKG_FLAG_EXTENDED_ERROR 0x00000080 // Supports extended error msgs
  259. #define SECPKG_FLAG_IMPERSONATION 0x00000100 // Supports impersonation
  260. #define SECPKG_FLAG_ACCEPT_WIN32_NAME 0x00000200 // Accepts Win32 names
  261. #define SECPKG_FLAG_STREAM 0x00000400 // Supports stream semantics
  262. #define SECPKG_FLAG_NEGOTIABLE 0x00000800 // Can be used by the negotiate package
  263. #define SECPKG_FLAG_GSS_COMPATIBLE 0x00001000 // GSS Compatibility Available
  264. #define SECPKG_FLAG_LOGON 0x00002000 // Supports common LsaLogonUser
  265. #define SECPKG_FLAG_ASCII_BUFFERS 0x00004000 // Token Buffers are in ASCII
  266. #define SECPKG_FLAG_FRAGMENT 0x00008000 // Package can fragment to fit
  267. #define SECPKG_FLAG_MUTUAL_AUTH 0x00010000 // Package can perform mutual authentication
  268. #define SECPKG_FLAG_DELEGATION 0x00020000 // Package can delegate
  269. #define SECPKG_FLAG_READONLY_WITH_CHECKSUM 0x00040000 // Package can delegate
  274. #define SECPKG_ID_NONE 0xFFFF
  277. //
  278. // SecBuffer
  279. //
  280. // Generic memory descriptors for buffers passed in to the security
  281. // API
  282. //
  284. typedef struct _SecBuffer {
  285. unsigned long cbBuffer; // Size of the buffer, in bytes
  286. unsigned long BufferType; // Type of the buffer (below)
  287. void SEC_FAR * pvBuffer; // Pointer to the buffer
  288. } SecBuffer, SEC_FAR * PSecBuffer;
  290. typedef struct _SecBufferDesc {
  291. unsigned long ulVersion; // Version number
  292. unsigned long cBuffers; // Number of buffers
  293. #ifdef MIDL_PASS
  294. [size_is(cBuffers)]
  295. #endif
  296. PSecBuffer pBuffers; // Pointer to array of buffers
  297. } SecBufferDesc, SEC_FAR * PSecBufferDesc;
  299. #define SECBUFFER_VERSION 0
  301. #define SECBUFFER_EMPTY 0 // Undefined, replaced by provider
  302. #define SECBUFFER_DATA 1 // Packet data
  303. #define SECBUFFER_TOKEN 2 // Security token
  304. #define SECBUFFER_PKG_PARAMS 3 // Package specific parameters
  305. #define SECBUFFER_MISSING 4 // Missing Data indicator
  306. #define SECBUFFER_EXTRA 5 // Extra data
  307. #define SECBUFFER_STREAM_TRAILER 6 // Security Trailer
  308. #define SECBUFFER_STREAM_HEADER 7 // Security Header
  309. #define SECBUFFER_NEGOTIATION_INFO 8 // Hints from the negotiation pkg
  310. #define SECBUFFER_PADDING 9 // non-data padding
  311. #define SECBUFFER_STREAM 10 // whole encrypted message
  312. #define SECBUFFER_MECHLIST 11
  313. #define SECBUFFER_MECHLIST_SIGNATURE 12
  314. #define SECBUFFER_TARGET 13
  315. #define SECBUFFER_CHANNEL_BINDINGS 14
  317. #define SECBUFFER_ATTRMASK 0xF0000000
  318. #define SECBUFFER_READONLY 0x80000000 // Buffer is read-only, no checksum
  319. #define SECBUFFER_READONLY_WITH_CHECKSUM 0x10000000 // Buffer is read-only, and checksummed
  320. #define SECBUFFER_RESERVED 0x60000000 // Flags reserved to security system
  323. typedef struct _SEC_NEGOTIATION_INFO {
  324. unsigned long Size; // Size of this structure
  325. unsigned long NameLength; // Length of name hint
  326. SEC_WCHAR SEC_FAR * Name; // Name hint
  327. void SEC_FAR * Reserved; // Reserved
  328. } SEC_NEGOTIATION_INFO, SEC_FAR * PSEC_NEGOTIATION_INFO ;
  330. typedef struct _SEC_CHANNEL_BINDINGS {
  331. unsigned long dwInitiatorAddrType;
  332. unsigned long cbInitiatorLength;
  333. unsigned long dwInitiatorOffset;
  334. unsigned long dwAcceptorAddrType;
  335. unsigned long cbAcceptorLength;
  336. unsigned long dwAcceptorOffset;
  337. unsigned long cbApplicationDataLength;
  338. unsigned long dwApplicationDataOffset;
  339. } SEC_CHANNEL_BINDINGS, SEC_FAR * PSEC_CHANNEL_BINDINGS ;
  342. //
  343. // Data Representation Constant:
  344. //
  345. #define SECURITY_NATIVE_DREP 0x00000010
  346. #define SECURITY_NETWORK_DREP 0x00000000
  348. //
  349. // Credential Use Flags
  350. //
  351. #define SECPKG_CRED_INBOUND 0x00000001
  352. #define SECPKG_CRED_OUTBOUND 0x00000002
  353. #define SECPKG_CRED_BOTH 0x00000003
  354. #define SECPKG_CRED_DEFAULT 0x00000004
  355. #define SECPKG_CRED_RESERVED 0xF0000000
  357. //
  358. // InitializeSecurityContext Requirement and return flags:
  359. //
  361. #define ISC_REQ_DELEGATE 0x00000001
  362. #define ISC_REQ_MUTUAL_AUTH 0x00000002
  363. #define ISC_REQ_REPLAY_DETECT 0x00000004
  364. #define ISC_REQ_SEQUENCE_DETECT 0x00000008
  365. #define ISC_REQ_CONFIDENTIALITY 0x00000010
  366. #define ISC_REQ_USE_SESSION_KEY 0x00000020
  367. #define ISC_REQ_PROMPT_FOR_CREDS 0x00000040
  368. #define ISC_REQ_USE_SUPPLIED_CREDS 0x00000080
  369. #define ISC_REQ_ALLOCATE_MEMORY 0x00000100
  370. #define ISC_REQ_USE_DCE_STYLE 0x00000200
  371. #define ISC_REQ_DATAGRAM 0x00000400
  372. #define ISC_REQ_CONNECTION 0x00000800
  373. #define ISC_REQ_CALL_LEVEL 0x00001000
  374. #define ISC_REQ_FRAGMENT_SUPPLIED 0x00002000
  375. #define ISC_REQ_EXTENDED_ERROR 0x00004000
  376. #define ISC_REQ_STREAM 0x00008000
  377. #define ISC_REQ_INTEGRITY 0x00010000
  378. #define ISC_REQ_IDENTIFY 0x00020000
  379. #define ISC_REQ_NULL_SESSION 0x00040000
  380. #define ISC_REQ_MANUAL_CRED_VALIDATION 0x00080000
  381. #define ISC_REQ_RESERVED1 0x00100000
  382. #define ISC_REQ_FRAGMENT_TO_FIT 0x00200000
  384. #define ISC_RET_DELEGATE 0x00000001
  385. #define ISC_RET_MUTUAL_AUTH 0x00000002
  386. #define ISC_RET_REPLAY_DETECT 0x00000004
  387. #define ISC_RET_SEQUENCE_DETECT 0x00000008
  388. #define ISC_RET_CONFIDENTIALITY 0x00000010
  389. #define ISC_RET_USE_SESSION_KEY 0x00000020
  390. #define ISC_RET_USED_COLLECTED_CREDS 0x00000040
  391. #define ISC_RET_USED_SUPPLIED_CREDS 0x00000080
  392. #define ISC_RET_ALLOCATED_MEMORY 0x00000100
  393. #define ISC_RET_USED_DCE_STYLE 0x00000200
  394. #define ISC_RET_DATAGRAM 0x00000400
  395. #define ISC_RET_CONNECTION 0x00000800
  396. #define ISC_RET_INTERMEDIATE_RETURN 0x00001000
  397. #define ISC_RET_CALL_LEVEL 0x00002000
  398. #define ISC_RET_EXTENDED_ERROR 0x00004000
  399. #define ISC_RET_STREAM 0x00008000
  400. #define ISC_RET_INTEGRITY 0x00010000
  401. #define ISC_RET_IDENTIFY 0x00020000
  402. #define ISC_RET_NULL_SESSION 0x00040000
  403. #define ISC_RET_MANUAL_CRED_VALIDATION 0x00080000
  404. #define ISC_RET_RESERVED1 0x00100000
  405. #define ISC_RET_FRAGMENT_ONLY 0x00200000
  407. #define ASC_REQ_DELEGATE 0x00000001
  408. #define ASC_REQ_MUTUAL_AUTH 0x00000002
  409. #define ASC_REQ_REPLAY_DETECT 0x00000004
  410. #define ASC_REQ_SEQUENCE_DETECT 0x00000008
  411. #define ASC_REQ_CONFIDENTIALITY 0x00000010
  412. #define ASC_REQ_USE_SESSION_KEY 0x00000020
  413. #define ASC_REQ_ALLOCATE_MEMORY 0x00000100
  414. #define ASC_REQ_USE_DCE_STYLE 0x00000200
  415. #define ASC_REQ_DATAGRAM 0x00000400
  416. #define ASC_REQ_CONNECTION 0x00000800
  417. #define ASC_REQ_CALL_LEVEL 0x00001000
  418. #define ASC_REQ_EXTENDED_ERROR 0x00008000
  419. #define ASC_REQ_STREAM 0x00010000
  420. #define ASC_REQ_INTEGRITY 0x00020000
  421. #define ASC_REQ_LICENSING 0x00040000
  422. #define ASC_REQ_IDENTIFY 0x00080000
  423. #define ASC_REQ_ALLOW_NULL_SESSION 0x00100000
  424. #define ASC_REQ_ALLOW_NON_USER_LOGONS 0x00200000
  425. #define ASC_REQ_ALLOW_CONTEXT_REPLAY 0x00400000
  426. #define ASC_REQ_FRAGMENT_TO_FIT 0x00800000
  427. #define ASC_REQ_FRAGMENT_SUPPLIED 0x00002000
  428. #define ASC_REQ_NO_TOKEN 0x01000000
  430. #define ASC_RET_DELEGATE 0x00000001
  431. #define ASC_RET_MUTUAL_AUTH 0x00000002
  432. #define ASC_RET_REPLAY_DETECT 0x00000004
  433. #define ASC_RET_SEQUENCE_DETECT 0x00000008
  434. #define ASC_RET_CONFIDENTIALITY 0x00000010
  435. #define ASC_RET_USE_SESSION_KEY 0x00000020
  436. #define ASC_RET_ALLOCATED_MEMORY 0x00000100
  437. #define ASC_RET_USED_DCE_STYLE 0x00000200
  438. #define ASC_RET_DATAGRAM 0x00000400
  439. #define ASC_RET_CONNECTION 0x00000800
  440. #define ASC_RET_CALL_LEVEL 0x00002000 // skipped 1000 to be like ISC_
  441. #define ASC_RET_THIRD_LEG_FAILED 0x00004000
  442. #define ASC_RET_EXTENDED_ERROR 0x00008000
  443. #define ASC_RET_STREAM 0x00010000
  444. #define ASC_RET_INTEGRITY 0x00020000
  445. #define ASC_RET_LICENSING 0x00040000
  446. #define ASC_RET_IDENTIFY 0x00080000
  447. #define ASC_RET_NULL_SESSION 0x00100000
  448. #define ASC_RET_ALLOW_NON_USER_LOGONS 0x00200000
  449. #define ASC_RET_ALLOW_CONTEXT_REPLAY 0x00400000
  450. #define ASC_RET_FRAGMENT_ONLY 0x00800000
  451. #define ASC_RET_NO_TOKEN 0x01000000
  453. //
  454. // Security Credentials Attributes:
  455. //
  457. #define SECPKG_CRED_ATTR_NAMES 1
  459. typedef struct _SecPkgCredentials_NamesW
  460. {
  461. SEC_WCHAR SEC_FAR * sUserName;
  462. } SecPkgCredentials_NamesW, SEC_FAR * PSecPkgCredentials_NamesW;
  464. // end_ntifs
  466. typedef struct _SecPkgCredentials_NamesA
  467. {
  468. SEC_CHAR SEC_FAR * sUserName;
  469. } SecPkgCredentials_NamesA, SEC_FAR * PSecPkgCredentials_NamesA;
  471. #ifdef UNICODE
  472. # define SecPkgCredentials_Names SecPkgCredentials_NamesW // ntifs
  473. # define PSecPkgCredentials_Names PSecPkgCredentials_NamesW // ntifs
  474. #else
  475. # define SecPkgCredentials_Names SecPkgCredentials_NamesA
  476. # define PSecPkgCredentials_Names PSecPkgCredentials_NamesA
  477. #endif // !UNICODE
  479. // begin_ntifs
  481. //
  482. // Security Context Attributes:
  483. //
  485. #define SECPKG_ATTR_SIZES 0
  486. #define SECPKG_ATTR_NAMES 1
  487. #define SECPKG_ATTR_LIFESPAN 2
  488. #define SECPKG_ATTR_DCE_INFO 3
  489. #define SECPKG_ATTR_STREAM_SIZES 4
  490. #define SECPKG_ATTR_KEY_INFO 5
  491. #define SECPKG_ATTR_AUTHORITY 6
  492. #define SECPKG_ATTR_PROTO_INFO 7
  493. #define SECPKG_ATTR_PASSWORD_EXPIRY 8
  494. #define SECPKG_ATTR_SESSION_KEY 9
  495. #define SECPKG_ATTR_PACKAGE_INFO 10
  496. #define SECPKG_ATTR_USER_FLAGS 11
  497. #define SECPKG_ATTR_NEGOTIATION_INFO 12
  498. #define SECPKG_ATTR_NATIVE_NAMES 13
  499. #define SECPKG_ATTR_FLAGS 14
  500. #define SECPKG_ATTR_USE_VALIDATED 15
  501. #define SECPKG_ATTR_CREDENTIAL_NAME 16
  502. #define SECPKG_ATTR_TARGET_INFORMATION 17
  503. #define SECPKG_ATTR_ACCESS_TOKEN 18
  504. #define SECPKG_ATTR_TARGET 19
  505. #define SECPKG_ATTR_AUTHENTICATION_ID 20
  507. typedef struct _SecPkgContext_Sizes
  508. {
  509. unsigned long cbMaxToken;
  510. unsigned long cbMaxSignature;
  511. unsigned long cbBlockSize;
  512. unsigned long cbSecurityTrailer;
  513. } SecPkgContext_Sizes, SEC_FAR * PSecPkgContext_Sizes;
  515. typedef struct _SecPkgContext_StreamSizes
  516. {
  517. unsigned long cbHeader;
  518. unsigned long cbTrailer;
  519. unsigned long cbMaximumMessage;
  520. unsigned long cBuffers;
  521. unsigned long cbBlockSize;
  522. } SecPkgContext_StreamSizes, * PSecPkgContext_StreamSizes;
  524. typedef struct _SecPkgContext_NamesW
  525. {
  526. SEC_WCHAR SEC_FAR * sUserName;
  527. } SecPkgContext_NamesW, SEC_FAR * PSecPkgContext_NamesW;
  529. // end_ntifs
  531. typedef struct _SecPkgContext_NamesA
  532. {
  533. SEC_CHAR SEC_FAR * sUserName;
  534. } SecPkgContext_NamesA, SEC_FAR * PSecPkgContext_NamesA;
  536. #ifdef UNICODE
  537. # define SecPkgContext_Names SecPkgContext_NamesW // ntifs
  538. # define PSecPkgContext_Names PSecPkgContext_NamesW // ntifs
  539. #else
  540. # define SecPkgContext_Names SecPkgContext_NamesA
  541. # define PSecPkgContext_Names PSecPkgContext_NamesA
  542. #endif // !UNICODE
  544. // begin_ntifs
  546. typedef struct _SecPkgContext_Lifespan
  547. {
  548. TimeStamp tsStart;
  549. TimeStamp tsExpiry;
  550. } SecPkgContext_Lifespan, SEC_FAR * PSecPkgContext_Lifespan;
  552. typedef struct _SecPkgContext_DceInfo
  553. {
  554. unsigned long AuthzSvc;
  555. void SEC_FAR * pPac;
  556. } SecPkgContext_DceInfo, SEC_FAR * PSecPkgContext_DceInfo;
  558. // end_ntifs
  560. typedef struct _SecPkgContext_KeyInfoA
  561. {
  562. SEC_CHAR SEC_FAR * sSignatureAlgorithmName;
  563. SEC_CHAR SEC_FAR * sEncryptAlgorithmName;
  564. unsigned long KeySize;
  565. unsigned long SignatureAlgorithm;
  566. unsigned long EncryptAlgorithm;
  567. } SecPkgContext_KeyInfoA, SEC_FAR * PSecPkgContext_KeyInfoA;
  569. // begin_ntifs
  571. typedef struct _SecPkgContext_KeyInfoW
  572. {
  573. SEC_WCHAR SEC_FAR * sSignatureAlgorithmName;
  574. SEC_WCHAR SEC_FAR * sEncryptAlgorithmName;
  575. unsigned long KeySize;
  576. unsigned long SignatureAlgorithm;
  577. unsigned long EncryptAlgorithm;
  578. } SecPkgContext_KeyInfoW, SEC_FAR * PSecPkgContext_KeyInfoW;
  580. // end_ntifs
  582. #ifdef UNICODE
  583. #define SecPkgContext_KeyInfo SecPkgContext_KeyInfoW // ntifs
  584. #define PSecPkgContext_KeyInfo PSecPkgContext_KeyInfoW // ntifs
  585. #else
  586. #define SecPkgContext_KeyInfo SecPkgContext_KeyInfoA
  587. #define PSecPkgContext_KeyInfo PSecPkgContext_KeyInfoA
  588. #endif
  590. typedef struct _SecPkgContext_AuthorityA
  591. {
  592. SEC_CHAR SEC_FAR * sAuthorityName;
  593. } SecPkgContext_AuthorityA, * PSecPkgContext_AuthorityA;
  595. // begin_ntifs
  597. typedef struct _SecPkgContext_AuthorityW
  598. {
  599. SEC_WCHAR SEC_FAR * sAuthorityName;
  600. } SecPkgContext_AuthorityW, * PSecPkgContext_AuthorityW;
  602. // end_ntifs
  604. #ifdef UNICODE
  605. #define SecPkgContext_Authority SecPkgContext_AuthorityW // ntifs
  606. #define PSecPkgContext_Authority PSecPkgContext_AuthorityW // ntifs
  607. #else
  608. #define SecPkgContext_Authority SecPkgContext_AuthorityA
  609. #define PSecPkgContext_Authority PSecPkgContext_AuthorityA
  610. #endif
  612. typedef struct _SecPkgContext_ProtoInfoA
  613. {
  614. SEC_CHAR SEC_FAR * sProtocolName;
  615. unsigned long majorVersion;
  616. unsigned long minorVersion;
  617. } SecPkgContext_ProtoInfoA, SEC_FAR * PSecPkgContext_ProtoInfoA;
  619. // begin_ntifs
  621. typedef struct _SecPkgContext_ProtoInfoW
  622. {
  623. SEC_WCHAR SEC_FAR * sProtocolName;
  624. unsigned long majorVersion;
  625. unsigned long minorVersion;
  626. } SecPkgContext_ProtoInfoW, SEC_FAR * PSecPkgContext_ProtoInfoW;
  628. // end_ntifs
  630. #ifdef UNICODE
  631. #define SecPkgContext_ProtoInfo SecPkgContext_ProtoInfoW // ntifs
  632. #define PSecPkgContext_ProtoInfo PSecPkgContext_ProtoInfoW // ntifs
  633. #else
  634. #define SecPkgContext_ProtoInfo SecPkgContext_ProtoInfoA
  635. #define PSecPkgContext_ProtoInfo PSecPkgContext_ProtoInfoA
  636. #endif
  638. // begin_ntifs
  640. typedef struct _SecPkgContext_PasswordExpiry
  641. {
  642. TimeStamp tsPasswordExpires;
  643. } SecPkgContext_PasswordExpiry, SEC_FAR * PSecPkgContext_PasswordExpiry;
  645. typedef struct _SecPkgContext_SessionKey
  646. {
  647. unsigned long SessionKeyLength;
  648. unsigned char SEC_FAR * SessionKey;
  649. } SecPkgContext_SessionKey, *PSecPkgContext_SessionKey;
  652. typedef struct _SecPkgContext_PackageInfoW
  653. {
  654. PSecPkgInfoW PackageInfo;
  655. } SecPkgContext_PackageInfoW, SEC_FAR * PSecPkgContext_PackageInfoW;
  657. // end_ntifs
  659. typedef struct _SecPkgContext_PackageInfoA
  660. {
  661. PSecPkgInfoA PackageInfo;
  662. } SecPkgContext_PackageInfoA, SEC_FAR * PSecPkgContext_PackageInfoA;
  664. // begin_ntifs
  666. typedef struct _SecPkgContext_UserFlags
  667. {
  668. unsigned long UserFlags;
  669. } SecPkgContext_UserFlags, SEC_FAR * PSecPkgContext_UserFlags;
  671. typedef struct _SecPkgContext_Flags
  672. {
  673. unsigned long Flags;
  674. } SecPkgContext_Flags, SEC_FAR * PSecPkgContext_Flags;
  676. // end_ntifs
  678. #ifdef UNICODE
  679. #define SecPkgContext_PackageInfo SecPkgContext_PackageInfoW // ntifs
  680. #define PSecPkgContext_PackageInfo PSecPkgContext_PackageInfoW // ntifs
  681. #else
  682. #define SecPkgContext_PackageInfo SecPkgContext_PackageInfoA
  683. #define PSecPkgContext_PackageInfo PSecPkgContext_PackageInfoA
  684. #endif
  687. typedef struct _SecPkgContext_NegotiationInfoA
  688. {
  689. PSecPkgInfoA PackageInfo ;
  690. unsigned long NegotiationState ;
  691. } SecPkgContext_NegotiationInfoA, SEC_FAR * PSecPkgContext_NegotiationInfoA ;
  693. // begin_ntifs
  694. typedef struct _SecPkgContext_NegotiationInfoW
  695. {
  696. PSecPkgInfoW PackageInfo ;
  697. unsigned long NegotiationState ;
  698. } SecPkgContext_NegotiationInfoW, SEC_FAR * PSecPkgContext_NegotiationInfoW ;
  700. // end_ntifs
  702. #ifdef UNICODE
  703. #define SecPkgContext_NegotiationInfo SecPkgContext_NegotiationInfoW
  704. #define PSecPkgContext_NegotiationInfo PSecPkgContext_NegotiationInfoW
  705. #else
  706. #define SecPkgContext_NegotiationInfo SecPkgContext_NegotiationInfoA
  707. #define PSecPkgContext_NegotiationInfo PSecPkgContext_NegotiationInfoA
  708. #endif
  710. #define SECPKG_NEGOTIATION_COMPLETE 0
  711. #define SECPKG_NEGOTIATION_OPTIMISTIC 1
  712. #define SECPKG_NEGOTIATION_IN_PROGRESS 2
  713. #define SECPKG_NEGOTIATION_DIRECT 3
  714. #define SECPKG_NEGOTIATION_TRY_MULTICRED 4
  717. typedef struct _SecPkgContext_NativeNamesW
  718. {
  719. SEC_WCHAR SEC_FAR * sClientName;
  720. SEC_WCHAR SEC_FAR * sServerName;
  721. } SecPkgContext_NativeNamesW, SEC_FAR * PSecPkgContext_NativeNamesW;
  723. typedef struct _SecPkgContext_NativeNamesA
  724. {
  725. SEC_CHAR SEC_FAR * sClientName;
  726. SEC_CHAR SEC_FAR * sServerName;
  727. } SecPkgContext_NativeNamesA, SEC_FAR * PSecPkgContext_NativeNamesA;
  730. #ifdef UNICODE
  731. # define SecPkgContext_NativeNames SecPkgContext_NativeNamesW // ntifs
  732. # define PSecPkgContext_NativeNames PSecPkgContext_NativeNamesW // ntifs
  733. #else
  734. # define SecPkgContext_NativeNames SecPkgContext_NativeNamesA
  735. # define PSecPkgContext_NativeNames PSecPkgContext_NativeNamesA
  736. #endif // !UNICODE
  738. // begin_ntifs
  739. typedef struct _SecPkgContext_CredentialNameW
  740. {
  741. unsigned long CredentialType;
  742. SEC_WCHAR SEC_FAR *sCredentialName;
  743. } SecPkgContext_CredentialNameW, SEC_FAR * PSecPkgContext_CredentialNameW;
  745. // end_ntifs
  747. typedef struct _SecPkgContext_CredentialNameA
  748. {
  749. unsigned long CredentialType;
  750. SEC_CHAR SEC_FAR *sCredentialName;
  751. } SecPkgContext_CredentialNameA, SEC_FAR * PSecPkgContext_CredentialNameA;
  753. #ifdef UNICODE
  754. # define SecPkgContext_CredentialName SecPkgContext_CredentialNameW // ntifs
  755. # define PSecPkgContext_CredentialName PSecPkgContext_CredentialNameW // ntifs
  756. #else
  757. # define SecPkgContext_CredentialName SecPkgContext_CredentialNameA
  758. # define PSecPkgContext_CredentialName PSecPkgContext_CredentialNameA
  759. #endif // !UNICODE
  761. typedef struct _SecPkgContext_AccessToken
  762. {
  763. void SEC_FAR * AccessToken;
  764. } SecPkgContext_AccessToken, SEC_FAR * PSecPkgContext_AccessToken;
  766. typedef struct _SecPkgContext_TargetInformation
  767. {
  768. unsigned long MarshalledTargetInfoLength;
  769. unsigned char SEC_FAR * MarshalledTargetInfo;
  771. } SecPkgContext_TargetInformation, SEC_FAR * PSecPkgContext_TargetInformation;
  773. typedef struct _SecPkgContext_AuthzID
  774. {
  775. unsigned long AuthzIDLength;
  776. char SEC_FAR * AuthzID;
  778. } SecPkgContext_AuthzID, SEC_FAR * PSecPkgContext_AuthzID;
  780. typedef struct _SecPkgContext_Target
  781. {
  782. unsigned long TargetLength;
  783. char SEC_FAR * Target;
  785. } SecPkgContext_Target, SEC_FAR * PSecPkgContext_Target;
  788. // begin_ntifs
  790. typedef void
  791. (SEC_ENTRY SEC_FAR * SEC_GET_KEY_FN) (
  792. void SEC_FAR * Arg, // Argument passed in
  793. void SEC_FAR * Principal, // Principal ID
  794. unsigned long KeyVer, // Key Version
  795. void SEC_FAR * SEC_FAR * Key, // Returned ptr to key
  796. SECURITY_STATUS SEC_FAR * Status // returned status
  797. );
  799. //
  800. // Flags for ExportSecurityContext
  801. //
  803. #define SECPKG_CONTEXT_EXPORT_RESET_NEW 0x00000001 // New context is reset to initial state
  804. #define SECPKG_CONTEXT_EXPORT_DELETE_OLD 0x00000002 // Old context is deleted during export
  807. SECURITY_STATUS SEC_ENTRY
  808. AcquireCredentialsHandleW(
  809. #if ISSP_MODE == 0 // For Kernel mode
  810. PSECURITY_STRING pPrincipal,
  811. PSECURITY_STRING pPackage,
  812. #else
  813. SEC_WCHAR SEC_FAR * pszPrincipal, // Name of principal
  814. SEC_WCHAR SEC_FAR * pszPackage, // Name of package
  815. #endif
  816. unsigned long fCredentialUse, // Flags indicating use
  817. void SEC_FAR * pvLogonId, // Pointer to logon ID
  818. void SEC_FAR * pAuthData, // Package specific data
  819. SEC_GET_KEY_FN pGetKeyFn, // Pointer to GetKey() func
  820. void SEC_FAR * pvGetKeyArgument, // Value to pass to GetKey()
  821. PCredHandle phCredential, // (out) Cred Handle
  822. PTimeStamp ptsExpiry // (out) Lifetime (optional)
  823. );
  825. typedef SECURITY_STATUS
  826. (SEC_ENTRY * ACQUIRE_CREDENTIALS_HANDLE_FN_W)(
  827. #if ISSP_MODE == 0
  828. PSECURITY_STRING,
  829. PSECURITY_STRING,
  830. #else
  831. SEC_WCHAR SEC_FAR *,
  832. SEC_WCHAR SEC_FAR *,
  833. #endif
  834. unsigned long,
  835. void SEC_FAR *,
  836. void SEC_FAR *,
  837. SEC_GET_KEY_FN,
  838. void SEC_FAR *,
  839. PCredHandle,
  840. PTimeStamp);
  842. // end_ntifs
  844. SECURITY_STATUS SEC_ENTRY
  845. AcquireCredentialsHandleA(
  846. SEC_CHAR SEC_FAR * pszPrincipal, // Name of principal
  847. SEC_CHAR SEC_FAR * pszPackage, // Name of package
  848. unsigned long fCredentialUse, // Flags indicating use
  849. void SEC_FAR * pvLogonId, // Pointer to logon ID
  850. void SEC_FAR * pAuthData, // Package specific data
  851. SEC_GET_KEY_FN pGetKeyFn, // Pointer to GetKey() func
  852. void SEC_FAR * pvGetKeyArgument, // Value to pass to GetKey()
  853. PCredHandle phCredential, // (out) Cred Handle
  854. PTimeStamp ptsExpiry // (out) Lifetime (optional)
  855. );
  857. typedef SECURITY_STATUS
  858. (SEC_ENTRY * ACQUIRE_CREDENTIALS_HANDLE_FN_A)(
  859. SEC_CHAR SEC_FAR *,
  860. SEC_CHAR SEC_FAR *,
  861. unsigned long,
  862. void SEC_FAR *,
  863. void SEC_FAR *,
  864. SEC_GET_KEY_FN,
  865. void SEC_FAR *,
  866. PCredHandle,
  867. PTimeStamp);
  869. #ifdef UNICODE
  870. # define AcquireCredentialsHandle AcquireCredentialsHandleW // ntifs
  871. # define ACQUIRE_CREDENTIALS_HANDLE_FN ACQUIRE_CREDENTIALS_HANDLE_FN_W // ntifs
  872. #else
  873. # define AcquireCredentialsHandle AcquireCredentialsHandleA
  874. # define ACQUIRE_CREDENTIALS_HANDLE_FN ACQUIRE_CREDENTIALS_HANDLE_FN_A
  875. #endif // !UNICODE
  877. // begin_ntifs
  879. SECURITY_STATUS SEC_ENTRY
  880. FreeCredentialsHandle(
  881. PCredHandle phCredential // Handle to free
  882. );
  884. typedef SECURITY_STATUS
  885. (SEC_ENTRY * FREE_CREDENTIALS_HANDLE_FN)(
  886. PCredHandle );
  888. SECURITY_STATUS SEC_ENTRY
  889. AddCredentialsW(
  890. PCredHandle hCredentials,
  891. #if ISSP_MODE == 0 // For Kernel mode
  892. PSECURITY_STRING pPrincipal,
  893. PSECURITY_STRING pPackage,
  894. #else
  895. SEC_WCHAR SEC_FAR * pszPrincipal, // Name of principal
  896. SEC_WCHAR SEC_FAR * pszPackage, // Name of package
  897. #endif
  898. unsigned long fCredentialUse, // Flags indicating use
  899. void SEC_FAR * pAuthData, // Package specific data
  900. SEC_GET_KEY_FN pGetKeyFn, // Pointer to GetKey() func
  901. void SEC_FAR * pvGetKeyArgument, // Value to pass to GetKey()
  902. PTimeStamp ptsExpiry // (out) Lifetime (optional)
  903. );
  905. typedef SECURITY_STATUS
  906. (SEC_ENTRY * ADD_CREDENTIALS_FN_W)(
  907. PCredHandle,
  908. #if ISSP_MODE == 0
  909. PSECURITY_STRING,
  910. PSECURITY_STRING,
  911. #else
  912. SEC_WCHAR SEC_FAR *,
  913. SEC_WCHAR SEC_FAR *,
  914. #endif
  915. unsigned long,
  916. void SEC_FAR *,
  917. SEC_GET_KEY_FN,
  918. void SEC_FAR *,
  919. PTimeStamp);
  921. SECURITY_STATUS SEC_ENTRY
  922. AddCredentialsA(
  923. PCredHandle hCredentials,
  924. SEC_CHAR SEC_FAR * pszPrincipal, // Name of principal
  925. SEC_CHAR SEC_FAR * pszPackage, // Name of package
  926. unsigned long fCredentialUse, // Flags indicating use
  927. void SEC_FAR * pAuthData, // Package specific data
  928. SEC_GET_KEY_FN pGetKeyFn, // Pointer to GetKey() func
  929. void SEC_FAR * pvGetKeyArgument, // Value to pass to GetKey()
  930. PTimeStamp ptsExpiry // (out) Lifetime (optional)
  931. );
  933. typedef SECURITY_STATUS
  934. (SEC_ENTRY * ADD_CREDENTIALS_FN_A)(
  935. PCredHandle,
  936. SEC_CHAR SEC_FAR *,
  937. SEC_CHAR SEC_FAR *,
  938. unsigned long,
  939. void SEC_FAR *,
  940. SEC_GET_KEY_FN,
  941. void SEC_FAR *,
  942. PTimeStamp);
  944. #ifdef UNICODE
  945. #define AddCredentials AddCredentialsW
  946. #define ADD_CREDENTIALS_FN ADD_CREDENTIALS_FN_W
  947. #else
  948. #define AddCredentials AddCredentialsA
  949. #define ADD_CREDENTIALS_FN ADD_CREDENTIALS_FN_A
  950. #endif
  952. ////////////////////////////////////////////////////////////////////////
  953. ///
  954. /// Context Management Functions
  955. ///
  956. ////////////////////////////////////////////////////////////////////////
  958. SECURITY_STATUS SEC_ENTRY
  959. InitializeSecurityContextW(
  960. PCredHandle phCredential, // Cred to base context
  961. PCtxtHandle phContext, // Existing context (OPT)
  962. #if ISSP_MODE == 0
  963. PSECURITY_STRING pTargetName,
  964. #else
  965. SEC_WCHAR SEC_FAR * pszTargetName, // Name of target
  966. #endif
  967. unsigned long fContextReq, // Context Requirements
  968. unsigned long Reserved1, // Reserved, MBZ
  969. unsigned long TargetDataRep, // Data rep of target
  970. PSecBufferDesc pInput, // Input Buffers
  971. unsigned long Reserved2, // Reserved, MBZ
  972. PCtxtHandle phNewContext, // (out) New Context handle
  973. PSecBufferDesc pOutput, // (inout) Output Buffers
  974. unsigned long SEC_FAR * pfContextAttr, // (out) Context attrs
  975. PTimeStamp ptsExpiry // (out) Life span (OPT)
  976. );
  978. typedef SECURITY_STATUS
  979. (SEC_ENTRY * INITIALIZE_SECURITY_CONTEXT_FN_W)(
  980. PCredHandle,
  981. PCtxtHandle,
  982. #if ISSP_MODE == 0
  983. PSECURITY_STRING,
  984. #else
  985. SEC_WCHAR SEC_FAR *,
  986. #endif
  987. unsigned long,
  988. unsigned long,
  989. unsigned long,
  990. PSecBufferDesc,
  991. unsigned long,
  992. PCtxtHandle,
  993. PSecBufferDesc,
  994. unsigned long SEC_FAR *,
  995. PTimeStamp);
  997. // end_ntifs
  999. SECURITY_STATUS SEC_ENTRY
  1000. InitializeSecurityContextA(
  1001. PCredHandle phCredential, // Cred to base context
  1002. PCtxtHandle phContext, // Existing context (OPT)
  1003. SEC_CHAR SEC_FAR * pszTargetName, // Name of target
  1004. unsigned long fContextReq, // Context Requirements
  1005. unsigned long Reserved1, // Reserved, MBZ
  1006. unsigned long TargetDataRep, // Data rep of target
  1007. PSecBufferDesc pInput, // Input Buffers
  1008. unsigned long Reserved2, // Reserved, MBZ
  1009. PCtxtHandle phNewContext, // (out) New Context handle
  1010. PSecBufferDesc pOutput, // (inout) Output Buffers
  1011. unsigned long SEC_FAR * pfContextAttr, // (out) Context attrs
  1012. PTimeStamp ptsExpiry // (out) Life span (OPT)
  1013. );
  1015. typedef SECURITY_STATUS
  1016. (SEC_ENTRY * INITIALIZE_SECURITY_CONTEXT_FN_A)(
  1017. PCredHandle,
  1018. PCtxtHandle,
  1019. SEC_CHAR SEC_FAR *,
  1020. unsigned long,
  1021. unsigned long,
  1022. unsigned long,
  1023. PSecBufferDesc,
  1024. unsigned long,
  1025. PCtxtHandle,
  1026. PSecBufferDesc,
  1027. unsigned long SEC_FAR *,
  1028. PTimeStamp);
  1030. #ifdef UNICODE
  1031. # define InitializeSecurityContext InitializeSecurityContextW // ntifs
  1032. # define INITIALIZE_SECURITY_CONTEXT_FN INITIALIZE_SECURITY_CONTEXT_FN_W // ntifs
  1033. #else
  1034. # define InitializeSecurityContext InitializeSecurityContextA
  1035. # define INITIALIZE_SECURITY_CONTEXT_FN INITIALIZE_SECURITY_CONTEXT_FN_A
  1036. #endif // !UNICODE
  1038. // begin_ntifs
  1040. SECURITY_STATUS SEC_ENTRY
  1041. AcceptSecurityContext(
  1042. PCredHandle phCredential, // Cred to base context
  1043. PCtxtHandle phContext, // Existing context (OPT)
  1044. PSecBufferDesc pInput, // Input buffer
  1045. unsigned long fContextReq, // Context Requirements
  1046. unsigned long TargetDataRep, // Target Data Rep
  1047. PCtxtHandle phNewContext, // (out) New context handle
  1048. PSecBufferDesc pOutput, // (inout) Output buffers
  1049. unsigned long SEC_FAR * pfContextAttr, // (out) Context attributes
  1050. PTimeStamp ptsExpiry // (out) Life span (OPT)
  1051. );
  1053. typedef SECURITY_STATUS
  1054. (SEC_ENTRY * ACCEPT_SECURITY_CONTEXT_FN)(
  1055. PCredHandle,
  1056. PCtxtHandle,
  1057. PSecBufferDesc,
  1058. unsigned long,
  1059. unsigned long,
  1060. PCtxtHandle,
  1061. PSecBufferDesc,
  1062. unsigned long SEC_FAR *,
  1063. PTimeStamp);
  1067. SECURITY_STATUS SEC_ENTRY
  1068. CompleteAuthToken(
  1069. PCtxtHandle phContext, // Context to complete
  1070. PSecBufferDesc pToken // Token to complete
  1071. );
  1073. typedef SECURITY_STATUS
  1074. (SEC_ENTRY * COMPLETE_AUTH_TOKEN_FN)(
  1075. PCtxtHandle,
  1076. PSecBufferDesc);
  1079. SECURITY_STATUS SEC_ENTRY
  1080. ImpersonateSecurityContext(
  1081. PCtxtHandle phContext // Context to impersonate
  1082. );
  1084. typedef SECURITY_STATUS
  1085. (SEC_ENTRY * IMPERSONATE_SECURITY_CONTEXT_FN)(
  1086. PCtxtHandle);
  1090. SECURITY_STATUS SEC_ENTRY
  1091. RevertSecurityContext(
  1092. PCtxtHandle phContext // Context from which to re
  1093. );
  1095. typedef SECURITY_STATUS
  1096. (SEC_ENTRY * REVERT_SECURITY_CONTEXT_FN)(
  1097. PCtxtHandle);
  1100. SECURITY_STATUS SEC_ENTRY
  1101. QuerySecurityContextToken(
  1102. PCtxtHandle phContext,
  1103. void SEC_FAR * SEC_FAR * Token
  1104. );
  1106. typedef SECURITY_STATUS
  1107. (SEC_ENTRY * QUERY_SECURITY_CONTEXT_TOKEN_FN)(
  1108. PCtxtHandle, void SEC_FAR * SEC_FAR *);
  1112. SECURITY_STATUS SEC_ENTRY
  1113. DeleteSecurityContext(
  1114. PCtxtHandle phContext // Context to delete
  1115. );
  1117. typedef SECURITY_STATUS
  1118. (SEC_ENTRY * DELETE_SECURITY_CONTEXT_FN)(
  1119. PCtxtHandle);
  1123. SECURITY_STATUS SEC_ENTRY
  1124. ApplyControlToken(
  1125. PCtxtHandle phContext, // Context to modify
  1126. PSecBufferDesc pInput // Input token to apply
  1127. );
  1129. typedef SECURITY_STATUS
  1130. (SEC_ENTRY * APPLY_CONTROL_TOKEN_FN)(
  1131. PCtxtHandle, PSecBufferDesc);
  1135. SECURITY_STATUS SEC_ENTRY
  1136. QueryContextAttributesW(
  1137. PCtxtHandle phContext, // Context to query
  1138. unsigned long ulAttribute, // Attribute to query
  1139. void SEC_FAR * pBuffer // Buffer for attributes
  1140. );
  1142. typedef SECURITY_STATUS
  1143. (SEC_ENTRY * QUERY_CONTEXT_ATTRIBUTES_FN_W)(
  1144. PCtxtHandle,
  1145. unsigned long,
  1146. void SEC_FAR *);
  1148. // end_ntifs
  1150. SECURITY_STATUS SEC_ENTRY
  1151. QueryContextAttributesA(
  1152. PCtxtHandle phContext, // Context to query
  1153. unsigned long ulAttribute, // Attribute to query
  1154. void SEC_FAR * pBuffer // Buffer for attributes
  1155. );
  1157. typedef SECURITY_STATUS
  1158. (SEC_ENTRY * QUERY_CONTEXT_ATTRIBUTES_FN_A)(
  1159. PCtxtHandle,
  1160. unsigned long,
  1161. void SEC_FAR *);
  1163. #ifdef UNICODE
  1164. # define QueryContextAttributes QueryContextAttributesW // ntifs
  1165. # define QUERY_CONTEXT_ATTRIBUTES_FN QUERY_CONTEXT_ATTRIBUTES_FN_W // ntifs
  1166. #else
  1167. # define QueryContextAttributes QueryContextAttributesA
  1168. # define QUERY_CONTEXT_ATTRIBUTES_FN QUERY_CONTEXT_ATTRIBUTES_FN_A
  1169. #endif // !UNICODE
  1171. // begin_ntifs
  1172. SECURITY_STATUS SEC_ENTRY
  1173. SetContextAttributesW(
  1174. PCtxtHandle phContext, // Context to Set
  1175. unsigned long ulAttribute, // Attribute to Set
  1176. void SEC_FAR * pBuffer, // Buffer for attributes
  1177. unsigned long cbBuffer // Size (in bytes) of Buffer
  1178. );
  1180. typedef SECURITY_STATUS
  1181. (SEC_ENTRY * SET_CONTEXT_ATTRIBUTES_FN_W)(
  1182. PCtxtHandle,
  1183. unsigned long,
  1184. void SEC_FAR *,
  1185. unsigned long );
  1187. // end_ntifs
  1189. SECURITY_STATUS SEC_ENTRY
  1190. SetContextAttributesA(
  1191. PCtxtHandle phContext, // Context to Set
  1192. unsigned long ulAttribute, // Attribute to Set
  1193. void SEC_FAR * pBuffer, // Buffer for attributes
  1194. unsigned long cbBuffer // Size (in bytes) of Buffer
  1195. );
  1197. typedef SECURITY_STATUS
  1198. (SEC_ENTRY * SET_CONTEXT_ATTRIBUTES_FN_A)(
  1199. PCtxtHandle,
  1200. unsigned long,
  1201. void SEC_FAR *,
  1202. unsigned long );
  1204. #ifdef UNICODE
  1205. # define SetContextAttributes SetContextAttributesW // ntifs
  1206. # define SET_CONTEXT_ATTRIBUTES_FN SET_CONTEXT_ATTRIBUTES_FN_W // ntifs
  1207. #else
  1208. # define SetContextAttributes SetContextAttributesA
  1209. # define SET_CONTEXT_ATTRIBUTES_FN SET_CONTEXT_ATTRIBUTES_FN_A
  1210. #endif // !UNICODE
  1212. // begin_ntifs
  1214. SECURITY_STATUS SEC_ENTRY
  1215. QueryCredentialsAttributesW(
  1216. PCredHandle phCredential, // Credential to query
  1217. unsigned long ulAttribute, // Attribute to query
  1218. void SEC_FAR * pBuffer // Buffer for attributes
  1219. );
  1221. typedef SECURITY_STATUS
  1222. (SEC_ENTRY * QUERY_CREDENTIALS_ATTRIBUTES_FN_W)(
  1223. PCredHandle,
  1224. unsigned long,
  1225. void SEC_FAR *);
  1227. // end_ntifs
  1229. SECURITY_STATUS SEC_ENTRY
  1230. QueryCredentialsAttributesA(
  1231. PCredHandle phCredential, // Credential to query
  1232. unsigned long ulAttribute, // Attribute to query
  1233. void SEC_FAR * pBuffer // Buffer for attributes
  1234. );
  1236. typedef SECURITY_STATUS
  1237. (SEC_ENTRY * QUERY_CREDENTIALS_ATTRIBUTES_FN_A)(
  1238. PCredHandle,
  1239. unsigned long,
  1240. void SEC_FAR *);
  1242. #ifdef UNICODE
  1243. # define QueryCredentialsAttributes QueryCredentialsAttributesW // ntifs
  1244. # define QUERY_CREDENTIALS_ATTRIBUTES_FN QUERY_CREDENTIALS_ATTRIBUTES_FN_W // ntifs
  1245. #else
  1246. # define QueryCredentialsAttributes QueryCredentialsAttributesA
  1247. # define QUERY_CREDENTIALS_ATTRIBUTES_FN QUERY_CREDENTIALS_ATTRIBUTES_FN_A
  1248. #endif // !UNICODE
  1250. // begin_ntifs
  1252. SECURITY_STATUS SEC_ENTRY
  1253. FreeContextBuffer(
  1254. void SEC_FAR * pvContextBuffer // buffer to free
  1255. );
  1257. typedef SECURITY_STATUS
  1258. (SEC_ENTRY * FREE_CONTEXT_BUFFER_FN)(
  1259. void SEC_FAR *);
  1261. // end_ntifs
  1263. // begin_ntifs
  1264. ///////////////////////////////////////////////////////////////////
  1265. ////
  1266. //// Message Support API
  1267. ////
  1268. //////////////////////////////////////////////////////////////////
  1270. SECURITY_STATUS SEC_ENTRY
  1271. MakeSignature(
  1272. PCtxtHandle phContext, // Context to use
  1273. unsigned long fQOP, // Quality of Protection
  1274. PSecBufferDesc pMessage, // Message to sign
  1275. unsigned long MessageSeqNo // Message Sequence Num.
  1276. );
  1278. typedef SECURITY_STATUS
  1279. (SEC_ENTRY * MAKE_SIGNATURE_FN)(
  1280. PCtxtHandle,
  1281. unsigned long,
  1282. PSecBufferDesc,
  1283. unsigned long);
  1287. SECURITY_STATUS SEC_ENTRY
  1288. VerifySignature(
  1289. PCtxtHandle phContext, // Context to use
  1290. PSecBufferDesc pMessage, // Message to verify
  1291. unsigned long MessageSeqNo, // Sequence Num.
  1292. unsigned long SEC_FAR * pfQOP // QOP used
  1293. );
  1295. typedef SECURITY_STATUS
  1296. (SEC_ENTRY * VERIFY_SIGNATURE_FN)(
  1297. PCtxtHandle,
  1298. PSecBufferDesc,
  1299. unsigned long,
  1300. unsigned long SEC_FAR *);
  1303. #define SECQOP_WRAP_NO_ENCRYPT 0x80000001
  1305. SECURITY_STATUS SEC_ENTRY
  1306. EncryptMessage( PCtxtHandle phContext,
  1307. unsigned long fQOP,
  1308. PSecBufferDesc pMessage,
  1309. unsigned long MessageSeqNo);
  1311. typedef SECURITY_STATUS
  1312. (SEC_ENTRY * ENCRYPT_MESSAGE_FN)(
  1313. PCtxtHandle, unsigned long, PSecBufferDesc, unsigned long);
  1316. SECURITY_STATUS SEC_ENTRY
  1317. DecryptMessage( PCtxtHandle phContext,
  1318. PSecBufferDesc pMessage,
  1319. unsigned long MessageSeqNo,
  1320. unsigned long * pfQOP);
  1323. typedef SECURITY_STATUS
  1324. (SEC_ENTRY * DECRYPT_MESSAGE_FN)(
  1325. PCtxtHandle, PSecBufferDesc, unsigned long,
  1326. unsigned long SEC_FAR *);
  1329. // end_ntifs
  1331. // begin_ntifs
  1332. ///////////////////////////////////////////////////////////////////////////
  1333. ////
  1334. //// Misc.
  1335. ////
  1336. ///////////////////////////////////////////////////////////////////////////
  1339. SECURITY_STATUS SEC_ENTRY
  1340. EnumerateSecurityPackagesW(
  1341. unsigned long SEC_FAR * pcPackages, // Receives num. packages
  1342. PSecPkgInfoW SEC_FAR * ppPackageInfo // Receives array of info
  1343. );
  1345. typedef SECURITY_STATUS
  1346. (SEC_ENTRY * ENUMERATE_SECURITY_PACKAGES_FN_W)(
  1347. unsigned long SEC_FAR *,
  1348. PSecPkgInfoW SEC_FAR *);
  1350. // end_ntifs
  1352. SECURITY_STATUS SEC_ENTRY
  1353. EnumerateSecurityPackagesA(
  1354. unsigned long SEC_FAR * pcPackages, // Receives num. packages
  1355. PSecPkgInfoA SEC_FAR * ppPackageInfo // Receives array of info
  1356. );
  1358. typedef SECURITY_STATUS
  1359. (SEC_ENTRY * ENUMERATE_SECURITY_PACKAGES_FN_A)(
  1360. unsigned long SEC_FAR *,
  1361. PSecPkgInfoA SEC_FAR *);
  1363. #ifdef UNICODE
  1364. # define EnumerateSecurityPackages EnumerateSecurityPackagesW // ntifs
  1365. # define ENUMERATE_SECURITY_PACKAGES_FN ENUMERATE_SECURITY_PACKAGES_FN_W // ntifs
  1366. #else
  1367. # define EnumerateSecurityPackages EnumerateSecurityPackagesA
  1368. # define ENUMERATE_SECURITY_PACKAGES_FN ENUMERATE_SECURITY_PACKAGES_FN_A
  1369. #endif // !UNICODE
  1371. // begin_ntifs
  1373. SECURITY_STATUS SEC_ENTRY
  1374. QuerySecurityPackageInfoW(
  1375. #if ISSP_MODE == 0
  1376. PSECURITY_STRING pPackageName,
  1377. #else
  1378. SEC_WCHAR SEC_FAR * pszPackageName, // Name of package
  1379. #endif
  1380. PSecPkgInfoW SEC_FAR *ppPackageInfo // Receives package info
  1381. );
  1383. typedef SECURITY_STATUS
  1384. (SEC_ENTRY * QUERY_SECURITY_PACKAGE_INFO_FN_W)(
  1385. #if ISSP_MODE == 0
  1386. PSECURITY_STRING,
  1387. #else
  1388. SEC_WCHAR SEC_FAR *,
  1389. #endif
  1390. PSecPkgInfoW SEC_FAR *);
  1392. // end_ntifs
  1394. SECURITY_STATUS SEC_ENTRY
  1395. QuerySecurityPackageInfoA(
  1396. SEC_CHAR SEC_FAR * pszPackageName, // Name of package
  1397. PSecPkgInfoA SEC_FAR *ppPackageInfo // Receives package info
  1398. );
  1400. typedef SECURITY_STATUS
  1401. (SEC_ENTRY * QUERY_SECURITY_PACKAGE_INFO_FN_A)(
  1402. SEC_CHAR SEC_FAR *,
  1403. PSecPkgInfoA SEC_FAR *);
  1405. #ifdef UNICODE
  1406. # define QuerySecurityPackageInfo QuerySecurityPackageInfoW // ntifs
  1407. # define QUERY_SECURITY_PACKAGE_INFO_FN QUERY_SECURITY_PACKAGE_INFO_FN_W // ntifs
  1408. #else
  1409. # define QuerySecurityPackageInfo QuerySecurityPackageInfoA
  1410. # define QUERY_SECURITY_PACKAGE_INFO_FN QUERY_SECURITY_PACKAGE_INFO_FN_A
  1411. #endif // !UNICODE
  1414. typedef enum _SecDelegationType {
  1415. SecFull,
  1416. SecService,
  1417. SecTree,
  1418. SecDirectory,
  1419. SecObject
  1420. } SecDelegationType, * PSecDelegationType;
  1422. SECURITY_STATUS SEC_ENTRY
  1423. DelegateSecurityContext(
  1424. PCtxtHandle phContext, // IN Active context to delegate
  1425. #if ISSP_MODE == 0
  1426. PSECURITY_STRING pTarget, // IN Target path
  1427. #else
  1428. SEC_CHAR SEC_FAR * pszTarget,
  1429. #endif
  1430. SecDelegationType DelegationType, // IN Type of delegation
  1431. PTimeStamp pExpiry, // IN OPTIONAL time limit
  1432. PSecBuffer pPackageParameters, // IN OPTIONAL package specific
  1433. PSecBufferDesc pOutput); // OUT Token for applycontroltoken.
  1436. ///////////////////////////////////////////////////////////////////////////
  1437. ////
  1438. //// Proxies
  1439. ////
  1440. ///////////////////////////////////////////////////////////////////////////
  1443. //
  1444. // Proxies are only available on NT platforms
  1445. //
  1447. // begin_ntifs
  1449. ///////////////////////////////////////////////////////////////////////////
  1450. ////
  1451. //// Context export/import
  1452. ////
  1453. ///////////////////////////////////////////////////////////////////////////
  1457. SECURITY_STATUS SEC_ENTRY
  1458. ExportSecurityContext(
  1459. PCtxtHandle phContext, // (in) context to export
  1460. ULONG fFlags, // (in) option flags
  1461. PSecBuffer pPackedContext, // (out) marshalled context
  1462. void SEC_FAR * SEC_FAR * pToken // (out, optional) token handle for impersonation
  1463. );
  1465. typedef SECURITY_STATUS
  1466. (SEC_ENTRY * EXPORT_SECURITY_CONTEXT_FN)(
  1467. PCtxtHandle,
  1468. ULONG,
  1469. PSecBuffer,
  1470. void SEC_FAR * SEC_FAR *
  1471. );
  1473. SECURITY_STATUS SEC_ENTRY
  1474. ImportSecurityContextW(
  1475. #if ISSP_MODE == 0
  1476. PSECURITY_STRING pszPackage,
  1477. #else
  1478. SEC_WCHAR SEC_FAR * pszPackage,
  1479. #endif
  1480. PSecBuffer pPackedContext, // (in) marshalled context
  1481. void SEC_FAR * Token, // (in, optional) handle to token for context
  1482. PCtxtHandle phContext // (out) new context handle
  1483. );
  1485. typedef SECURITY_STATUS
  1486. (SEC_ENTRY * IMPORT_SECURITY_CONTEXT_FN_W)(
  1487. #if ISSP_MODE == 0
  1488. PSECURITY_STRING,
  1489. #else
  1490. SEC_WCHAR SEC_FAR *,
  1491. #endif
  1492. PSecBuffer,
  1493. VOID SEC_FAR *,
  1494. PCtxtHandle
  1495. );
  1497. // end_ntifs
  1498. SECURITY_STATUS SEC_ENTRY
  1499. ImportSecurityContextA(
  1500. SEC_CHAR SEC_FAR * pszPackage,
  1501. PSecBuffer pPackedContext, // (in) marshalled context
  1502. VOID SEC_FAR * Token, // (in, optional) handle to token for context
  1503. PCtxtHandle phContext // (out) new context handle
  1504. );
  1506. typedef SECURITY_STATUS
  1507. (SEC_ENTRY * IMPORT_SECURITY_CONTEXT_FN_A)(
  1508. SEC_CHAR SEC_FAR *,
  1509. PSecBuffer,
  1510. void SEC_FAR *,
  1511. PCtxtHandle
  1512. );
  1514. #ifdef UNICODE
  1515. # define ImportSecurityContext ImportSecurityContextW // ntifs
  1516. # define IMPORT_SECURITY_CONTEXT_FN IMPORT_SECURITY_CONTEXT_FN_W // ntifs
  1517. #else
  1518. # define ImportSecurityContext ImportSecurityContextA
  1519. # define IMPORT_SECURITY_CONTEXT_FN IMPORT_SECURITY_CONTEXT_FN_A
  1520. #endif // !UNICODE
  1522. // begin_ntifs
  1524. #if ISSP_MODE == 0
  1525. NTSTATUS
  1526. NTAPI
  1527. SecMakeSPN(
  1528. IN PUNICODE_STRING ServiceClass,
  1529. IN PUNICODE_STRING ServiceName,
  1530. IN PUNICODE_STRING InstanceName OPTIONAL,
  1531. IN USHORT InstancePort OPTIONAL,
  1532. IN PUNICODE_STRING Referrer OPTIONAL,
  1533. IN OUT PUNICODE_STRING Spn,
  1534. OUT PULONG Length OPTIONAL,
  1535. IN BOOLEAN Allocate
  1536. );
  1538. NTSTATUS
  1539. NTAPI
  1540. SecMakeSPNEx(
  1541. IN PUNICODE_STRING ServiceClass,
  1542. IN PUNICODE_STRING ServiceName,
  1543. IN PUNICODE_STRING InstanceName OPTIONAL,
  1544. IN USHORT InstancePort OPTIONAL,
  1545. IN PUNICODE_STRING Referrer OPTIONAL,
  1546. IN PUNICODE_STRING TargetInfo OPTIONAL,
  1547. IN OUT PUNICODE_STRING Spn,
  1548. OUT PULONG Length OPTIONAL,
  1549. IN BOOLEAN Allocate
  1550. );
  1552. NTSTATUS
  1553. SEC_ENTRY
  1554. SecLookupAccountSid(
  1555. IN PSID Sid,
  1556. IN OUT PULONG NameSize,
  1557. OUT PUNICODE_STRING NameBuffer,
  1558. IN OUT PULONG DomainSize OPTIONAL,
  1559. OUT PUNICODE_STRING DomainBuffer OPTIONAL,
  1560. OUT PSID_NAME_USE NameUse
  1561. );
  1563. NTSTATUS
  1564. SEC_ENTRY
  1565. SecLookupAccountName(
  1566. IN PUNICODE_STRING Name,
  1567. IN OUT PULONG SidSize,
  1568. OUT PSID Sid,
  1569. OUT PSID_NAME_USE NameUse,
  1570. IN OUT PULONG DomainSize OPTIONAL,
  1571. OUT PUNICODE_STRING ReferencedDomain OPTIONAL
  1572. );
  1574. NTSTATUS
  1575. SEC_ENTRY
  1576. SecLookupWellKnownSid(
  1577. IN WELL_KNOWN_SID_TYPE SidType,
  1578. OUT PSID Sid,
  1579. ULONG SidBufferSize,
  1580. OUT PULONG SidSize OPTIONAL
  1581. );
  1583. #endif
  1585. // end_ntifs
  1587. ///////////////////////////////////////////////////////////////////////////////
  1588. ////
  1589. //// Fast access for RPC:
  1590. ////
  1591. ///////////////////////////////////////////////////////////////////////////////
  1593. #define SECURITY_ENTRYPOINT_ANSIW "InitSecurityInterfaceW"
  1594. #define SECURITY_ENTRYPOINT_ANSIA "InitSecurityInterfaceA"
  1595. #define SECURITY_ENTRYPOINTW SEC_TEXT("InitSecurityInterfaceW") // ntifs
  1596. #define SECURITY_ENTRYPOINTA SEC_TEXT("InitSecurityInterfaceA")
  1597. #define SECURITY_ENTRYPOINT16 "INITSECURITYINTERFACEA"
  1599. #ifdef SECURITY_WIN32
  1600. # ifdef UNICODE
  1601. # define SECURITY_ENTRYPOINT SECURITY_ENTRYPOINTW // ntifs
  1602. # define SECURITY_ENTRYPOINT_ANSI SECURITY_ENTRYPOINT_ANSIW
  1603. # else // UNICODE
  1604. # define SECURITY_ENTRYPOINT SECURITY_ENTRYPOINTA
  1605. # define SECURITY_ENTRYPOINT_ANSI SECURITY_ENTRYPOINT_ANSIA
  1606. # endif // UNICODE
  1607. #else // SECURITY_WIN32
  1608. # define SECURITY_ENTRYPOINT SECURITY_ENTRYPOINT16
  1609. # define SECURITY_ENTRYPOINT_ANSI SECURITY_ENTRYPOINT16
  1610. #endif // SECURITY_WIN32
  1612. // begin_ntifs
  1614. #define FreeCredentialHandle FreeCredentialsHandle
  1616. typedef struct _SECURITY_FUNCTION_TABLE_W {
  1617. unsigned long dwVersion;
  1618. ENUMERATE_SECURITY_PACKAGES_FN_W EnumerateSecurityPackagesW;
  1619. QUERY_CREDENTIALS_ATTRIBUTES_FN_W QueryCredentialsAttributesW;
  1620. ACQUIRE_CREDENTIALS_HANDLE_FN_W AcquireCredentialsHandleW;
  1621. FREE_CREDENTIALS_HANDLE_FN FreeCredentialsHandle;
  1622. void SEC_FAR * Reserved2;
  1623. INITIALIZE_SECURITY_CONTEXT_FN_W InitializeSecurityContextW;
  1624. ACCEPT_SECURITY_CONTEXT_FN AcceptSecurityContext;
  1625. COMPLETE_AUTH_TOKEN_FN CompleteAuthToken;
  1626. DELETE_SECURITY_CONTEXT_FN DeleteSecurityContext;
  1627. APPLY_CONTROL_TOKEN_FN ApplyControlToken;
  1628. QUERY_CONTEXT_ATTRIBUTES_FN_W QueryContextAttributesW;
  1629. IMPERSONATE_SECURITY_CONTEXT_FN ImpersonateSecurityContext;
  1630. REVERT_SECURITY_CONTEXT_FN RevertSecurityContext;
  1631. MAKE_SIGNATURE_FN MakeSignature;
  1632. VERIFY_SIGNATURE_FN VerifySignature;
  1633. FREE_CONTEXT_BUFFER_FN FreeContextBuffer;
  1634. QUERY_SECURITY_PACKAGE_INFO_FN_W QuerySecurityPackageInfoW;
  1635. void SEC_FAR * Reserved3;
  1636. void SEC_FAR * Reserved4;
  1637. EXPORT_SECURITY_CONTEXT_FN ExportSecurityContext;
  1638. IMPORT_SECURITY_CONTEXT_FN_W ImportSecurityContextW;
  1639. ADD_CREDENTIALS_FN_W AddCredentialsW ;
  1640. void SEC_FAR * Reserved8;
  1641. QUERY_SECURITY_CONTEXT_TOKEN_FN QuerySecurityContextToken;
  1642. ENCRYPT_MESSAGE_FN EncryptMessage;
  1643. DECRYPT_MESSAGE_FN DecryptMessage;
  1644. SET_CONTEXT_ATTRIBUTES_FN_W SetContextAttributesW;
  1645. } SecurityFunctionTableW, SEC_FAR * PSecurityFunctionTableW;
  1647. // end_ntifs
  1649. typedef struct _SECURITY_FUNCTION_TABLE_A {
  1650. unsigned long dwVersion;
  1651. ENUMERATE_SECURITY_PACKAGES_FN_A EnumerateSecurityPackagesA;
  1652. QUERY_CREDENTIALS_ATTRIBUTES_FN_A QueryCredentialsAttributesA;
  1653. ACQUIRE_CREDENTIALS_HANDLE_FN_A AcquireCredentialsHandleA;
  1654. FREE_CREDENTIALS_HANDLE_FN FreeCredentialHandle;
  1655. void SEC_FAR * Reserved2;
  1656. INITIALIZE_SECURITY_CONTEXT_FN_A InitializeSecurityContextA;
  1657. ACCEPT_SECURITY_CONTEXT_FN AcceptSecurityContext;
  1658. COMPLETE_AUTH_TOKEN_FN CompleteAuthToken;
  1659. DELETE_SECURITY_CONTEXT_FN DeleteSecurityContext;
  1660. APPLY_CONTROL_TOKEN_FN ApplyControlToken;
  1661. QUERY_CONTEXT_ATTRIBUTES_FN_A QueryContextAttributesA;
  1662. IMPERSONATE_SECURITY_CONTEXT_FN ImpersonateSecurityContext;
  1663. REVERT_SECURITY_CONTEXT_FN RevertSecurityContext;
  1664. MAKE_SIGNATURE_FN MakeSignature;
  1665. VERIFY_SIGNATURE_FN VerifySignature;
  1666. FREE_CONTEXT_BUFFER_FN FreeContextBuffer;
  1667. QUERY_SECURITY_PACKAGE_INFO_FN_A QuerySecurityPackageInfoA;
  1668. void SEC_FAR * Reserved3;
  1669. void SEC_FAR * Reserved4;
  1670. EXPORT_SECURITY_CONTEXT_FN ExportSecurityContext;
  1671. IMPORT_SECURITY_CONTEXT_FN_A ImportSecurityContextA;
  1672. ADD_CREDENTIALS_FN_A AddCredentialsA ;
  1673. void SEC_FAR * Reserved8;
  1674. QUERY_SECURITY_CONTEXT_TOKEN_FN QuerySecurityContextToken;
  1675. ENCRYPT_MESSAGE_FN EncryptMessage;
  1676. DECRYPT_MESSAGE_FN DecryptMessage;
  1677. SET_CONTEXT_ATTRIBUTES_FN_A SetContextAttributesA;
  1678. } SecurityFunctionTableA, SEC_FAR * PSecurityFunctionTableA;
  1680. #ifdef UNICODE
  1681. # define SecurityFunctionTable SecurityFunctionTableW // ntifs
  1682. # define PSecurityFunctionTable PSecurityFunctionTableW // ntifs
  1683. #else
  1684. # define SecurityFunctionTable SecurityFunctionTableA
  1685. # define PSecurityFunctionTable PSecurityFunctionTableA
  1686. #endif // !UNICODE
  1688. #define SECURITY_
  1690. // Function table has all routines through DecryptMessage
  1691. #define SECURITY_SUPPORT_PROVIDER_INTERFACE_VERSION 1 // ntifs
  1693. // Function table has all routines through SetContextAttributes
  1694. #define SECURITY_SUPPORT_PROVIDER_INTERFACE_VERSION_2 2 // ntifs
  1697. PSecurityFunctionTableA SEC_ENTRY
  1698. InitSecurityInterfaceA(
  1699. void
  1700. );
  1702. typedef PSecurityFunctionTableA
  1703. (SEC_ENTRY * INIT_SECURITY_INTERFACE_A)(void);
  1705. // begin_ntifs
  1707. PSecurityFunctionTableW SEC_ENTRY
  1708. InitSecurityInterfaceW(
  1709. void
  1710. );
  1712. typedef PSecurityFunctionTableW
  1713. (SEC_ENTRY * INIT_SECURITY_INTERFACE_W)(void);
  1715. // end_ntifs
  1717. #ifdef UNICODE
  1718. # define InitSecurityInterface InitSecurityInterfaceW // ntifs
  1719. # define INIT_SECURITY_INTERFACE INIT_SECURITY_INTERFACE_W // ntifs
  1720. #else
  1721. # define InitSecurityInterface InitSecurityInterfaceA
  1722. # define INIT_SECURITY_INTERFACE INIT_SECURITY_INTERFACE_A
  1723. #endif // !UNICODE
  1726. #ifdef SECURITY_WIN32
  1728. //
  1729. // SASL Profile Support
  1730. //
  1733. SECURITY_STATUS
  1734. SEC_ENTRY
  1735. SaslEnumerateProfilesA(
  1736. OUT LPSTR * ProfileList,
  1737. OUT ULONG * ProfileCount
  1738. );
  1740. SECURITY_STATUS
  1741. SEC_ENTRY
  1742. SaslEnumerateProfilesW(
  1743. OUT LPWSTR * ProfileList,
  1744. OUT ULONG * ProfileCount
  1745. );
  1747. #ifdef UNICODE
  1748. #define SaslEnumerateProfiles SaslEnumerateProfilesW
  1749. #else
  1750. #define SaslEnumerateProfiles SaslEnumerateProfilesA
  1751. #endif
  1754. SECURITY_STATUS
  1755. SEC_ENTRY
  1756. SaslGetProfilePackageA(
  1757. IN LPSTR ProfileName,
  1758. OUT PSecPkgInfoA * PackageInfo
  1759. );
  1762. SECURITY_STATUS
  1763. SEC_ENTRY
  1764. SaslGetProfilePackageW(
  1765. IN LPWSTR ProfileName,
  1766. OUT PSecPkgInfoW * PackageInfo
  1767. );
  1769. #ifdef UNICODE
  1770. #define SaslGetProfilePackage SaslGetProfilePackageW
  1771. #else
  1772. #define SaslGetProfilePackage SaslGetProfilePackageA
  1773. #endif
  1775. SECURITY_STATUS
  1776. SEC_ENTRY
  1777. SaslIdentifyPackageA(
  1778. IN PSecBufferDesc pInput,
  1779. OUT PSecPkgInfoA * PackageInfo
  1780. );
  1782. SECURITY_STATUS
  1783. SEC_ENTRY
  1784. SaslIdentifyPackageW(
  1785. IN PSecBufferDesc pInput,
  1786. OUT PSecPkgInfoW * PackageInfo
  1787. );
  1789. #ifdef UNICODE
  1790. #define SaslIdentifyPackage SaslIdentifyPackageW
  1791. #else
  1792. #define SaslIdentifyPackage SaslIdentifyPackageA
  1793. #endif
  1795. SECURITY_STATUS
  1796. SEC_ENTRY
  1797. SaslInitializeSecurityContextW(
  1798. PCredHandle phCredential, // Cred to base context
  1799. PCtxtHandle phContext, // Existing context (OPT)
  1800. LPWSTR pszTargetName, // Name of target
  1801. unsigned long fContextReq, // Context Requirements
  1802. unsigned long Reserved1, // Reserved, MBZ
  1803. unsigned long TargetDataRep, // Data rep of target
  1804. PSecBufferDesc pInput, // Input Buffers
  1805. unsigned long Reserved2, // Reserved, MBZ
  1806. PCtxtHandle phNewContext, // (out) New Context handle
  1807. PSecBufferDesc pOutput, // (inout) Output Buffers
  1808. unsigned long SEC_FAR * pfContextAttr, // (out) Context attrs
  1809. PTimeStamp ptsExpiry // (out) Life span (OPT)
  1810. );
  1812. SECURITY_STATUS
  1813. SEC_ENTRY
  1814. SaslInitializeSecurityContextA(
  1815. PCredHandle phCredential, // Cred to base context
  1816. PCtxtHandle phContext, // Existing context (OPT)
  1817. LPSTR pszTargetName, // Name of target
  1818. unsigned long fContextReq, // Context Requirements
  1819. unsigned long Reserved1, // Reserved, MBZ
  1820. unsigned long TargetDataRep, // Data rep of target
  1821. PSecBufferDesc pInput, // Input Buffers
  1822. unsigned long Reserved2, // Reserved, MBZ
  1823. PCtxtHandle phNewContext, // (out) New Context handle
  1824. PSecBufferDesc pOutput, // (inout) Output Buffers
  1825. unsigned long SEC_FAR * pfContextAttr, // (out) Context attrs
  1826. PTimeStamp ptsExpiry // (out) Life span (OPT)
  1827. );
  1829. #ifdef UNICODE
  1830. #define SaslInitializeSecurityContext SaslInitializeSecurityContextW
  1831. #else
  1832. #define SaslInitializeSecurityContext SaslInitializeSecurityContextA
  1833. #endif
  1836. SECURITY_STATUS
  1837. SEC_ENTRY
  1838. SaslAcceptSecurityContext(
  1839. PCredHandle phCredential, // Cred to base context
  1840. PCtxtHandle phContext, // Existing context (OPT)
  1841. PSecBufferDesc pInput, // Input buffer
  1842. unsigned long fContextReq, // Context Requirements
  1843. unsigned long TargetDataRep, // Target Data Rep
  1844. PCtxtHandle phNewContext, // (out) New context handle
  1845. PSecBufferDesc pOutput, // (inout) Output buffers
  1846. unsigned long SEC_FAR * pfContextAttr, // (out) Context attributes
  1847. PTimeStamp ptsExpiry // (out) Life span (OPT)
  1848. );
  1851. #define SASL_OPTION_SEND_SIZE 1 // Maximum size to send to peer
  1852. #define SASL_OPTION_RECV_SIZE 2 // Maximum size willing to receive
  1853. #define SASL_OPTION_AUTHZ_STRING 3 // Authorization string
  1854. #define SASL_OPTION_AUTHZ_PROCESSING 4 // Authorization string processing
  1856. typedef enum _SASL_AUTHZID_STATE {
  1857. Sasl_AuthZIDForbidden, // allow no AuthZID strings to be specified - error out (default)
  1858. Sasl_AuthZIDProcessed // AuthZID Strings processed by Application or SSP
  1859. } SASL_AUTHZID_STATE ;
  1861. SECURITY_STATUS
  1862. SEC_ENTRY
  1863. SaslSetContextOption(
  1864. PCtxtHandle ContextHandle,
  1865. ULONG Option,
  1866. PVOID Value,
  1867. ULONG Size
  1868. );
  1871. SECURITY_STATUS
  1872. SEC_ENTRY
  1873. SaslGetContextOption(
  1874. PCtxtHandle ContextHandle,
  1875. ULONG Option,
  1876. PVOID Value,
  1877. ULONG Size,
  1878. PULONG Needed OPTIONAL
  1879. );
  1881. #endif
  1883. #ifdef SECURITY_DOS
  1884. #if _MSC_VER >= 1200
  1885. #pragma warning(pop)
  1886. #else
  1887. #pragma warning(default:4147)
  1888. #endif
  1889. #endif
  1891. //
  1892. // This is the legacy credentials structure.
  1893. // The EX version below is preferred.
  1895. // begin_ntifs
  1896. #ifndef _AUTH_IDENTITY_DEFINED
  1897. #define _AUTH_IDENTITY_DEFINED
  1899. #define SEC_WINNT_AUTH_IDENTITY_ANSI 0x1
  1900. #define SEC_WINNT_AUTH_IDENTITY_UNICODE 0x2
  1902. typedef struct _SEC_WINNT_AUTH_IDENTITY_W {
  1903. unsigned short *User;
  1904. unsigned long UserLength;
  1905. unsigned short *Domain;
  1906. unsigned long DomainLength;
  1907. unsigned short *Password;
  1908. unsigned long PasswordLength;
  1909. unsigned long Flags;
  1910. } SEC_WINNT_AUTH_IDENTITY_W, *PSEC_WINNT_AUTH_IDENTITY_W;
  1912. // end_ntifs
  1914. typedef struct _SEC_WINNT_AUTH_IDENTITY_A {
  1915. unsigned char *User;
  1916. unsigned long UserLength;
  1917. unsigned char *Domain;
  1918. unsigned long DomainLength;
  1919. unsigned char *Password;
  1920. unsigned long PasswordLength;
  1921. unsigned long Flags;
  1922. } SEC_WINNT_AUTH_IDENTITY_A, *PSEC_WINNT_AUTH_IDENTITY_A;
  1925. #ifdef UNICODE
  1926. #define SEC_WINNT_AUTH_IDENTITY SEC_WINNT_AUTH_IDENTITY_W // ntifs
  1927. #define PSEC_WINNT_AUTH_IDENTITY PSEC_WINNT_AUTH_IDENTITY_W // ntifs
  1928. #define _SEC_WINNT_AUTH_IDENTITY _SEC_WINNT_AUTH_IDENTITY_W // ntifs
  1929. #else // UNICODE
  1930. #define SEC_WINNT_AUTH_IDENTITY SEC_WINNT_AUTH_IDENTITY_A
  1931. #define PSEC_WINNT_AUTH_IDENTITY PSEC_WINNT_AUTH_IDENTITY_A
  1932. #define _SEC_WINNT_AUTH_IDENTITY _SEC_WINNT_AUTH_IDENTITY_A
  1933. #endif // UNICODE
  1935. #endif //_AUTH_IDENTITY_DEFINED // ntifs
  1937. // begin_ntifs
  1938. //
  1939. // This is the combined authentication identity structure that may be
  1940. // used with the negotiate package, NTLM, Kerberos, or SCHANNEL
  1941. //
  1944. #ifndef SEC_WINNT_AUTH_IDENTITY_VERSION
  1945. #define SEC_WINNT_AUTH_IDENTITY_VERSION 0x200
  1947. typedef struct _SEC_WINNT_AUTH_IDENTITY_EXW {
  1948. unsigned long Version;
  1949. unsigned long Length;
  1950. unsigned short SEC_FAR *User;
  1951. unsigned long UserLength;
  1952. unsigned short SEC_FAR *Domain;
  1953. unsigned long DomainLength;
  1954. unsigned short SEC_FAR *Password;
  1955. unsigned long PasswordLength;
  1956. unsigned long Flags;
  1957. unsigned short SEC_FAR * PackageList;
  1958. unsigned long PackageListLength;
  1959. } SEC_WINNT_AUTH_IDENTITY_EXW, *PSEC_WINNT_AUTH_IDENTITY_EXW;
  1961. // end_ntifs
  1963. typedef struct _SEC_WINNT_AUTH_IDENTITY_EXA {
  1964. unsigned long Version;
  1965. unsigned long Length;
  1966. unsigned char SEC_FAR *User;
  1967. unsigned long UserLength;
  1968. unsigned char SEC_FAR *Domain;
  1969. unsigned long DomainLength;
  1970. unsigned char SEC_FAR *Password;
  1971. unsigned long PasswordLength;
  1972. unsigned long Flags;
  1973. unsigned char SEC_FAR * PackageList;
  1974. unsigned long PackageListLength;
  1975. } SEC_WINNT_AUTH_IDENTITY_EXA, *PSEC_WINNT_AUTH_IDENTITY_EXA;
  1977. #ifdef UNICODE
  1978. #define SEC_WINNT_AUTH_IDENTITY_EX SEC_WINNT_AUTH_IDENTITY_EXW // ntifs
  1979. #define PSEC_WINNT_AUTH_IDENTITY_EX PSEC_WINNT_AUTH_IDENTITY_EXW // ntifs
  1980. #else
  1981. #define SEC_WINNT_AUTH_IDENTITY_EX SEC_WINNT_AUTH_IDENTITY_EXA
  1982. #endif
  1984. // begin_ntifs
  1985. #endif // SEC_WINNT_AUTH_IDENTITY_VERSION
  1988. //
  1989. // Common types used by negotiable security packages
  1990. //
  1992. #define SEC_WINNT_AUTH_IDENTITY_MARSHALLED 0x4 // all data is in one buffer
  1993. #define SEC_WINNT_AUTH_IDENTITY_ONLY 0x8 // these credentials are for identity only - no PAC needed
  1995. // end_ntifs
  1997. //
  1998. // Routines for manipulating packages
  1999. //
  2001. typedef struct _SECURITY_PACKAGE_OPTIONS {
  2002. unsigned long Size;
  2003. unsigned long Type;
  2004. unsigned long Flags;
  2005. unsigned long SignatureSize;
  2006. void SEC_FAR * Signature;
  2007. } SECURITY_PACKAGE_OPTIONS, SEC_FAR * PSECURITY_PACKAGE_OPTIONS;
  2009. #define SECPKG_OPTIONS_TYPE_UNKNOWN 0
  2010. #define SECPKG_OPTIONS_TYPE_LSA 1
  2011. #define SECPKG_OPTIONS_TYPE_SSPI 2
  2013. #define SECPKG_OPTIONS_PERMANENT 0x00000001
  2015. SECURITY_STATUS
  2016. SEC_ENTRY
  2017. AddSecurityPackageA(
  2018. SEC_CHAR SEC_FAR * pszPackageName,
  2019. SECURITY_PACKAGE_OPTIONS SEC_FAR * Options
  2020. );
  2022. SECURITY_STATUS
  2023. SEC_ENTRY
  2024. AddSecurityPackageW(
  2025. SEC_WCHAR SEC_FAR * pszPackageName,
  2026. SECURITY_PACKAGE_OPTIONS SEC_FAR * Options
  2027. );
  2029. #ifdef UNICODE
  2030. #define AddSecurityPackage AddSecurityPackageW
  2031. #else
  2032. #define AddSecurityPackage AddSecurityPackageA
  2033. #endif
  2035. SECURITY_STATUS
  2036. SEC_ENTRY
  2037. DeleteSecurityPackageA(
  2038. SEC_CHAR SEC_FAR * pszPackageName );
  2040. SECURITY_STATUS
  2041. SEC_ENTRY
  2042. DeleteSecurityPackageW(
  2043. SEC_WCHAR SEC_FAR * pszPackageName );
  2045. #ifdef UNICODE
  2046. #define DeleteSecurityPackage DeleteSecurityPackageW
  2047. #else
  2048. #define DeleteSecurityPackage DeleteSecurityPackageA
  2049. #endif
  2052. #ifdef __cplusplus
  2053. } // extern "C"
  2054. #endif
  2056. // begin_ntifs
  2057. #endif // __SSPI_H__
  2058. // end_ntifs