//+----------------------------------------------------------------------- // // Microsoft Windows // // Copyright (c) Microsoft Corporation 1992 - 1996 // // File: kerbp.h // // Contents: global include file for Kerberos security package // // // History: 16-April-1996 Created MikeSw // //------------------------------------------------------------------------ #ifndef __KERBP_H__ #define __KERBP_H__ // // All global variables declared as EXTERN will be allocated in the file // that defines KERBP_ALLOCATE // // // Don't change the order of this enumeration, unless you also change rpcutil.cxx // typedef enum _KERBEROS_MACHINE_ROLE { KerbRoleRealmlessWksta, KerbRoleStandalone, KerbRoleWorkstation, KerbRoleDomainController } KERBEROS_MACHINE_ROLE, *PKERBEROS_MACHINE_ROLE; typedef enum _KERBEROS_STATE { KerberosLsaMode = 1, KerberosUserMode } KERBEROS_STATE, *PKERBEROS_STATE; #define ISC_REQ_DELEGATE_IF_SAFE ISC_REQ_RESERVED1 #define ISC_RET_DELEGATE_IF_SAFE ISC_RET_RESERVED1 #include "kerbdbg.h" #include "kerbdefs.h" #include "kerblist.h" #include "spncache.h" #include "kerbs4u.h" #include "bndcache.h" #include "kerbtick.h" #include "kerbutil.h" #include "kerblist.h" #include "kerbscav.h" #include "tktcache.h" #include "logonses.h" #include "credmgr.h" #include "ctxtmgr.h" #include "kerbfunc.h" #include "logonapi.h" #include "krbtoken.h" #include "rpcutil.h" #include "timesync.h" #ifndef WIN32_CHICAGO #include "pkauth.h" #include "tktlogon.h" #include "userlist.h" #endif // WIN32_CHICAGO #include "mitutil.h" #include "krbevent.h" #include "credman.h" #ifdef WIN32_CHICAGO #include #include #endif // WIN32_CHICAGO #ifdef _WIN64 #include "kerbwow.h" #endif // _WIN64 // // Macros for package information // #ifdef EXTERN #undef EXTERN #endif #ifdef KERBP_ALLOCATE #define EXTERN #else #define EXTERN extern #endif // KERBP_ALLOCATE // #define KERBEROS_CAPABILITIES ( SECPKG_FLAG_INTEGRITY | \ SECPKG_FLAG_PRIVACY | \ SECPKG_FLAG_TOKEN_ONLY | \ SECPKG_FLAG_DATAGRAM | \ SECPKG_FLAG_CONNECTION | \ SECPKG_FLAG_MULTI_REQUIRED | \ SECPKG_FLAG_EXTENDED_ERROR | \ SECPKG_FLAG_IMPERSONATION | \ SECPKG_FLAG_ACCEPT_WIN32_NAME | \ SECPKG_FLAG_NEGOTIABLE | \ SECPKG_FLAG_GSS_COMPATIBLE | \ SECPKG_FLAG_LOGON | \ SECPKG_FLAG_MUTUAL_AUTH | \ SECPKG_FLAG_DELEGATION | \ SECPKG_FLAG_READONLY_WITH_CHECKSUM ) #define KERBEROS_MAX_TOKEN 12000 #ifdef WIN32_CHICAGO #define KERBEROS_PACKAGE_NAME "Kerberos" #define KERBEROS_PACKAGE_COMMENT "Microsoft Kerberos V1.0" #else #define KERBEROS_PACKAGE_NAME L"Kerberos" #define KERBEROS_PACKAGE_COMMENT L"Microsoft Kerberos V1.0" #endif #define NETLOGON_STARTED_EVENT L"\\NETLOGON_SERVICE_STARTED" // // Global state variables // EXTERN PLSA_SECPKG_FUNCTION_TABLE LsaFunctions; EXTERN PSECPKG_DLL_FUNCTIONS UserFunctions; EXTERN SECPKG_FUNCTION_TABLE KerberosFunctionTable; EXTERN SECPKG_USER_FUNCTION_TABLE KerberosUserFunctionTable; EXTERN ULONG_PTR KerberosPackageId; EXTERN BOOLEAN KerbGlobalInitialized; EXTERN UNICODE_STRING KerbGlobalMachineName; EXTERN STRING KerbGlobalKerbMachineName; EXTERN UNICODE_STRING KerbGlobalKdcServiceName; EXTERN UNICODE_STRING KerbPackageName; EXTERN BOOLEAN KerbKdcStarted; EXTERN BOOLEAN KerbAfdStarted; EXTERN BOOLEAN KerbNetlogonStarted; EXTERN BOOLEAN KerbGlobalDomainIsPreNT5; EXTERN HMODULE KerbKdcHandle; EXTERN PKDC_VERIFY_PAC_ROUTINE KerbKdcVerifyPac; EXTERN PKDC_GET_TICKET_ROUTINE KerbKdcGetTicket; EXTERN PKDC_GET_TICKET_ROUTINE KerbKdcChangePassword; EXTERN PKDC_FREE_MEMORY_ROUTINE KerbKdcFreeMemory; EXTERN BOOLEAN KerbGlobalEnforceTime; EXTERN BOOLEAN KerbGlobalMachineNameChanged; #ifndef WIN32_CHICAGO EXTERN BOOLEAN KerbGlobalSafeModeBootOptionPresent; #endif // WIN32_CHICAGO // // Registry driven globals (see Kerberos\readme.txt for details on these) // EXTERN ULONG KerbGlobalKdcWaitTime; EXTERN ULONG KerbGlobalKdcCallTimeout; EXTERN ULONG KerbGlobalKdcCallBackoff; EXTERN ULONG KerbGlobalKdcSendRetries; EXTERN ULONG KerbGlobalMaxDatagramSize; EXTERN ULONG KerbGlobalDefaultPreauthEtype; EXTERN ULONG KerbGlobalMaxReferralCount; EXTERN ULONG KerbGlobalMaxTokenSize; EXTERN ULONG KerbGlobalKdcOptions; EXTERN BOOLEAN KerbGlobalUseStrongEncryptionForDatagram; EXTERN BOOLEAN KerbGlobalRetryPdc; EXTERN BOOLEAN KerbGlobalRunningServer; EXTERN TimeStamp KerbGlobalFarKdcTimeout; EXTERN TimeStamp KerbGlobalNearKdcTimeout; EXTERN TimeStamp KerbGlobalSkewTime; EXTERN TimeStamp KerbGlobalSpnCacheTimeout; EXTERN TimeStamp KerbGlobalS4UCacheTimeout; EXTERN TimeStamp KerbGlobalS4UTicketLifetime; EXTERN BOOLEAN KerbGlobalCacheS4UTicket; EXTERN BOOLEAN KerbGlobalUseClientIpAddresses; EXTERN DWORD KerbGlobalTgtRenewalTime; #ifndef WIN32_CHICAGO EXTERN ULONG KerbGlobalLoggingLevel; #endif // WIN32_CHICAGO // // Globals used for handling domain change or that are affected by domain // change // #ifndef WIN32_CHICAGO #define KerbGlobalReadLock() SafeAcquireResourceShared(&KerberosGlobalResource, TRUE) #define KerbGlobalWriteLock() SafeAcquireResourceExclusive(&KerberosGlobalResource, TRUE) #define KerbGlobalReleaseLock() SafeReleaseResource(&KerberosGlobalResource) EXTERN SAFE_RESOURCE KerberosGlobalResource; EXTERN PSID KerbGlobalDomainSid; #else // WIN32_CHICAGO #define KerbGlobalReadLock() #define KerbGlobalWriteLock() #define KerbGlobalReleaseLock() #endif // WIN32_CHICAGO EXTERN UNICODE_STRING KerbGlobalDomainName; EXTERN UNICODE_STRING KerbGlobalDnsDomainName; EXTERN PKERB_INTERNAL_NAME KerbGlobalMitMachineServiceName; EXTERN UNICODE_STRING KerbGlobalMachineServiceName; EXTERN KERBEROS_MACHINE_ROLE KerbGlobalRole; EXTERN UNICODE_STRING KerbGlobalInitialDcRecord; EXTERN ULONG KerbGlobalInitialDcFlags; EXTERN ULONG KerbGlobalInitialDcAddressType; EXTERN PSOCKADDR_IN KerbGlobalIpAddresses; // also protected by same lock EXTERN BOOLEAN KerbGlobalNoTcpUdp; // also protected by same lock EXTERN ULONG KerbGlobalIpAddressCount; // also protected by same lock EXTERN BOOLEAN KerbGlobalIpAddressesInitialized; // also protected by same lock EXTERN BOOLEAN KerbGlobalAllowTgtSessionKey; EXTERN LONG KerbGlobalMaxTickets; EXTERN LPWSTR g_lpLastLock; EXTERN ULONG g_uLine; // // The capabilities of the security package // #ifdef WIN32_CHICAGO EXTERN ULONG KerbGlobalCapabilities; #endif // WIN32_CHICAGO #if DBG EXTERN ULONG KerbGlobalLogonSessionsLocked; EXTERN ULONG KerbGlobalCredentialsLocked; EXTERN ULONG KerbGlobalContextsLocked; #endif // // Useful globals // EXTERN TimeStamp KerbGlobalWillNeverTime; EXTERN TimeStamp KerbGlobalHasNeverTime; EXTERN KERBEROS_STATE KerberosState; // // handle to LSA policy -- trusted. // EXTERN LSAPR_HANDLE KerbGlobalPolicyHandle; // // SAM and Domain handles for validation interface. // EXTERN SAMPR_HANDLE KerbGlobalSamHandle; EXTERN SAMPR_HANDLE KerbGlobalDomainHandle; // // Null copies of Lanman and NT OWF password. // EXTERN LM_OWF_PASSWORD KerbGlobalNullLmOwfPassword; EXTERN NT_OWF_PASSWORD KerbGlobalNullNtOwfPassword; // // Useful macros // // // Macro to return the type field of a SecBuffer // #define BUFFERTYPE(_x_) ((_x_).BufferType & ~SECBUFFER_ATTRMASK) // // Time to wait for the KDC to start, in seconds // #endif // __KERBP_H__