//+----------------------------------------------------------------------- // // Microsoft Windows // // Copyright (c) Microsoft Corporation 1992 - 1996 // // File: kerbdefs.h // // Contents: defines for all internal Kerberos lists // // // History: 03-May-1999 ChandanS Created // //------------------------------------------------------------------------ #ifndef __KERBDEFS_H__ #define __KERBDEFS_H__ #ifdef __cplusplus extern "C" { #endif #include #ifdef __cplusplus } #endif // // All Kerberos list structures are defined here // typedef struct _KERBEROS_LIST { LIST_ENTRY List; SAFE_CRITICAL_SECTION Lock; } KERBEROS_LIST, *PKERBEROS_LIST; typedef struct _KERBEROS_LIST_ENTRY { LIST_ENTRY Next; ULONG ReferenceCount; } KERBEROS_LIST_ENTRY, *PKERBEROS_LIST_ENTRY; // // NOTE: If you add members to this struct, be sure to // modify KerbDuplicateTicketCacheEntry!!!! // typedef struct _KERB_TICKET_CACHE_ENTRY { KERBEROS_LIST_ENTRY ListEntry; volatile LONG Linked; PKERB_INTERNAL_NAME ServiceName; PKERB_INTERNAL_NAME TargetName; UNICODE_STRING DomainName; UNICODE_STRING TargetDomainName; UNICODE_STRING AltTargetDomainName; UNICODE_STRING ClientDomainName; PKERB_INTERNAL_NAME ClientName; PKERB_INTERNAL_NAME AltClientName; ULONG TicketFlags; ULONG CacheFlags; KERB_ENCRYPTION_KEY SessionKey; KERB_ENCRYPTION_KEY CredentialKey; // used for pkiint only. TimeStamp StartTime; TimeStamp EndTime; TimeStamp RenewUntil; KERB_TICKET Ticket; TimeStamp TimeSkew; LUID EvidenceLogonId; void * ScavengerHandle; #if DBG LIST_ENTRY GlobalListEntry; #endif } KERB_TICKET_CACHE_ENTRY, *PKERB_TICKET_CACHE_ENTRY; typedef struct _KERB_TICKET_CACHE { LIST_ENTRY CacheEntries; TimeStamp LastCleanup; } KERB_TICKET_CACHE, *PKERB_TICKET_CACHE; // // Smartcard flags // #define CSP_DATA_INITIALIZED 0x01 #define CSP_DATA_REUSED 0x02 // // Context flags used to determine pin caching behavior. // #define CONTEXT_INITIALIZED_WITH_CRED_MAN_CREDS 0x10 #define CONTEXT_INITIALIZED_WITH_ACH 0x20 typedef struct _KERB_PUBLIC_KEY_CREDENTIALS { UNICODE_STRING Pin; UNICODE_STRING AlternateDomainName; PCCERT_CONTEXT CertContext; ULONG_PTR KerbHProv; ULONG InitializationInfo; ULONG CspDataLength; BYTE CspData[1]; } KERB_PUBLIC_KEY_CREDENTIALS, *PKERB_PUBLIC_KEY_CREDENTIALS; typedef struct _KERB_PRIMARY_CREDENTIAL { UNICODE_STRING UserName; UNICODE_STRING DomainName; UNICODE_STRING ClearPassword; // this is only present until a ticket has been obtained. UNICODE_STRING OldUserName; // original user name in explicit UNICODE_STRING OldDomainName; // original domain name in explicit cred NT_OWF_PASSWORD OldHashPassword; // hash of encrypted ClearPassword PKERB_STORED_CREDENTIAL Passwords; PKERB_STORED_CREDENTIAL OldPasswords; KERB_TICKET_CACHE ServerTicketCache; KERB_TICKET_CACHE S4UTicketCache; KERB_TICKET_CACHE AuthenticationTicketCache; PKERB_PUBLIC_KEY_CREDENTIALS PublicKeyCreds; } KERB_PRIMARY_CREDENTIAL, *PKERB_PRIMARY_CREDENTIAL; typedef struct _KERB_EXTRA_CRED { KERBEROS_LIST_ENTRY ListEntry; volatile LONG Linked; UNICODE_STRING cName; UNICODE_STRING cRealm; PKERB_STORED_CREDENTIAL Passwords; PKERB_STORED_CREDENTIAL OldPasswords; } KERB_EXTRA_CRED, *PKERB_EXTRA_CRED; typedef struct _EXTRA_CRED_LIST { KERBEROS_LIST CredList; ULONG Count; } EXTRA_CRED_LIST, *PEXTRA_CRED_LIST; typedef struct _KERB_LOGON_SESSION { KERBEROS_LIST_ENTRY ListEntry; KERBEROS_LIST CredmanCredentials; LUID LogonId; // constant TimeStamp Lifetime; SAFE_CRITICAL_SECTION Lock; KERB_PRIMARY_CREDENTIAL PrimaryCredentials; EXTRA_CRED_LIST ExtraCredentials; ULONG LogonSessionFlags; void* TaskHandle; } KERB_LOGON_SESSION, *PKERB_LOGON_SESSION; #define KERB_CREDENTIAL_TAG_ACTIVE (ULONG)'AdrC' #define KERB_CREDENTIAL_TAG_DELETE (ULONG)'DdrC' typedef struct _KERB_CREDENTIAL { KERBEROS_LIST_ENTRY ListEntry; ULONG HandleCount; LUID LogonId; // constant TimeStamp Lifetime; UNICODE_STRING CredentialName; ULONG CredentialFlags; ULONG ClientProcess; // constant PKERB_PRIMARY_CREDENTIAL SuppliedCredentials; PKERB_AUTHORIZATION_DATA AuthData; ULONG CredentialTag; } KERB_CREDENTIAL, *PKERB_CREDENTIAL; typedef struct _KERB_CREDMAN_CRED { KERBEROS_LIST_ENTRY ListEntry; ULONG CredentialFlags; UNICODE_STRING CredmanUserName; // added since TGT information can overwrite primary credentials... UNICODE_STRING CredmanDomainName; PKERB_PRIMARY_CREDENTIAL SuppliedCredentials; } KERB_CREDMAN_CRED, *PKERB_CREDMAN_CRED; typedef enum _KERB_CONTEXT_STATE { IdleState, TgtRequestSentState, TgtReplySentState, ApRequestSentState, ApReplySentState, AuthenticatedState, ErrorMessageSentState, InvalidState } KERB_CONTEXT_STATE, *PKERB_CONTEXT_STATE; #define KERB_CONTEXT_TAG_ACTIVE (ULONG)'AxtC' #define KERB_CONTEXT_TAG_DELETE (ULONG)'DxtC' typedef struct _KERB_CONTEXT { KERBEROS_LIST_ENTRY ListEntry; TimeStamp Lifetime; // end time/expiration time TimeStamp RenewTime; // time to renew until TimeStamp StartTime; UNICODE_STRING ClientName; UNICODE_STRING ClientRealm; UNICODE_STRING ClientDnsRealm; union { ULONG ClientProcess; LSA_SEC_HANDLE LsaContextHandle; }; LUID LogonId; HANDLE TokenHandle; ULONG_PTR CredentialHandle; KERB_ENCRYPTION_KEY SessionKey; ULONG Nonce; ULONG ReceiveNonce; ULONG ContextFlags; ULONG ContextAttributes; ULONG NegotiationInfo; ULONG EncryptionType; PSID UserSid; KERB_CONTEXT_STATE ContextState; ULONG Retries; KERB_ENCRYPTION_KEY TicketKey; PKERB_TICKET_CACHE_ENTRY TicketCacheEntry; // for clients, is ticket to server, for servers, is TGT used in user-to-user UNICODE_STRING ClientPrincipalName; UNICODE_STRING ServerPrincipalName; PKERB_CREDMAN_CRED CredManCredentials; // // marshalled target info for DFS/RDR. // PBYTE pbMarshalledTargetInfo; ULONG cbMarshalledTargetInfo; TimeStamp AuthenticatorTime; ULONG ContextTag; } KERB_CONTEXT, *PKERB_CONTEXT; typedef struct _KERB_PACKED_CONTEXT { ULONG ContextType ; // Indicates the type of the context ULONG Pad; // Pad data TimeStamp Lifetime; // Matches basic context above TimeStamp RenewTime ; TimeStamp StartTime; UNICODE_STRING32 ClientName ; UNICODE_STRING32 ClientRealm ; ULONG LsaContextHandle ; LUID LogonId ; ULONG TokenHandle ; ULONG CredentialHandle ; ULONG SessionKeyType ; ULONG SessionKeyOffset ; ULONG SessionKeyLength ; ULONG Nonce ; ULONG ReceiveNonce ; ULONG ContextFlags ; ULONG ContextAttributes ; ULONG EncryptionType ; KERB_CONTEXT_STATE ContextState ; ULONG Retries ; ULONG MarshalledTargetInfo; // offset ULONG MarshalledTargetInfoLength; } KERB_PACKED_CONTEXT, * PKERB_PACKED_CONTEXT; typedef struct _KERB_SESSION_KEY_ENTRY { LIST_ENTRY ListEntry; KERB_ENCRYPTION_KEY SessionKey; FILETIME ExpireTime; // time when SessionKey expires } KERB_SESSION_KEY_ENTRY, * PKERB_SESSION_KEY_ENTRY; #define KERB_PACKED_CONTEXT_MAP 0 #define KERB_PACKED_CONTEXT_EXPORT 1 // // The order of this enum is the order in which locks // must be acquired. Violating this order will result // in asserts firing in debug builds. // // Do not change the order of this enum without first verifying // thoroughly that the change is safe. // typedef enum { // // No-dependency locks // LS_LIST_LOCK_ENUM = 0, // (LSLS) LOCAL_LOOPBACK_SKEY_LOCK = 0, // (LLBK) HOST_2_REALM_LIST_LOCK = 0, // (H2RL) // // Locks with dependencies // CRED_MGR_LOCK_ENUM = 1, // (CRED) LOGON_SESSION_LOCK_ENUM, // (LOGO) CONTEXT_LIST_LOCK_ENUM, // (CLIS) --- LOGO LS_EXTRACRED_LOCK_ENUM, // (LSXC) --- LOGO LS_CREDMAN_LOCK_ENUM, // (LSCM) --- LOGO TICKET_CACHE_LOCK_ENUM, // (TICK) --- CRED LOGO CLIS LSXC LSCM GLOBAL_RESOURCE_LOCK_ENUM, // (GLOB) --- LOGO MIT_REALM_LIST_LOCK_ENUM, // (MITR) --- GLOB BINDING_CACHE_LOCK_ENUM, // (BNDC) --- GLOB SPN_CACHE_LOCK_ENUM, // (SPNC) --- GLOB CONTEXT_RESOURCE_LOCK_ENUM, // (CRES) --- TICK LSXC S4U_CACHE_LOCK_ENUM, // (S4UC) --- TICK DISABLED_SPNS_LOCK_ENUM, // (DISA) --- TICK KERB_SKEW_STATE_LOCK_ENUM, // (SKEW) --- TICK KDC_DATA_LOCK_ENUM, // (KDLK) --- LOGO LSCM KERB_MAX_LOCK_ENUM, } KERB_LOCK_ENUM; #endif // __KERBDEFS_H_