//+--------------------------------------------------------------------------- // // Microsoft Windows // Copyright (C) Microsoft Corporation, 1992-1999. // // File: sspi.h // // Contents: Security Support Provider Interface // Prototypes and structure definitions // // Functions: Security Support Provider API // // History: 11-24-93 RichardW Created // //---------------------------------------------------------------------------- // begin_ntifs #ifndef __SSPI_H__ #define __SSPI_H__ // end_ntifs #if _MSC_VER > 1000 #pragma once #endif #ifdef __cplusplus extern "C" { #endif // // Determine environment: // #ifdef SECURITY_WIN32 #define ISSP_LEVEL 32 #define ISSP_MODE 1 #endif // SECURITY_WIN32 #ifdef SECURITY_KERNEL #define ISSP_LEVEL 32 // ntifs // // SECURITY_KERNEL trumps SECURITY_WIN32. Undefine ISSP_MODE so that // we don't get redefine errors. // #ifdef ISSP_MODE #undef ISSP_MODE #endif #define ISSP_MODE 0 // ntifs #endif // SECURITY_KERNEL #ifdef SECURITY_MAC #define ISSP_LEVEL 32 #define ISSP_MODE 1 #endif // SECURITY_MAC #ifndef ISSP_LEVEL #error You must define one of SECURITY_WIN32, SECURITY_KERNEL, or #error SECURITY_MAC #endif // !ISSP_LEVEL // // Now, define platform specific mappings: // // begin_ntifs typedef WCHAR SEC_WCHAR; typedef CHAR SEC_CHAR; #ifndef __SECSTATUS_DEFINED__ typedef LONG SECURITY_STATUS; #define __SECSTATUS_DEFINED__ #endif #define SEC_TEXT TEXT #define SEC_FAR #define SEC_ENTRY __stdcall // end_ntifs // // Decide what a string - 32 bits only since for 16 bits it is clear. // #ifdef UNICODE typedef SEC_WCHAR SEC_FAR * SECURITY_PSTR; typedef CONST SEC_WCHAR SEC_FAR * SECURITY_PCSTR; #else // UNICODE typedef SEC_CHAR SEC_FAR * SECURITY_PSTR; typedef CONST SEC_CHAR SEC_FAR * SECURITY_PCSTR; #endif // UNICODE // // Equivalent string for rpcrt: // #define __SEC_FAR SEC_FAR // // Okay, security specific types: // // begin_ntifs #ifndef __SECHANDLE_DEFINED__ typedef struct _SecHandle { ULONG_PTR dwLower ; ULONG_PTR dwUpper ; } SecHandle, * PSecHandle ; #define __SECHANDLE_DEFINED__ #endif // __SECHANDLE_DEFINED__ #define SecInvalidateHandle( x ) \ ((PSecHandle) x)->dwLower = ((ULONG_PTR) ((INT_PTR)-1)) ; \ ((PSecHandle) x)->dwUpper = ((ULONG_PTR) ((INT_PTR)-1)) ; \ #define SecIsValidHandle( x ) \ ( ( ((PSecHandle) x)->dwLower != ((ULONG_PTR) ((INT_PTR) -1 ))) && \ ( ((PSecHandle) x)->dwUpper != ((ULONG_PTR) ((INT_PTR) -1 ))) ) typedef SecHandle CredHandle; typedef PSecHandle PCredHandle; typedef SecHandle CtxtHandle; typedef PSecHandle PCtxtHandle; // end_ntifs # ifdef WIN32_CHICAGO typedef unsigned __int64 QWORD; typedef QWORD SECURITY_INTEGER, *PSECURITY_INTEGER; #define SEC_SUCCESS(Status) ((Status) >= 0) # elif defined(_NTDEF_) || defined(_WINNT_) typedef LARGE_INTEGER _SECURITY_INTEGER, SECURITY_INTEGER, *PSECURITY_INTEGER; // ntifs # else // _NTDEF_ || _WINNT_ typedef struct _SECURITY_INTEGER { unsigned long LowPart; long HighPart; } SECURITY_INTEGER, *PSECURITY_INTEGER; # endif // _NTDEF_ || _WINNT_ # ifndef SECURITY_MAC typedef SECURITY_INTEGER TimeStamp; // ntifs typedef SECURITY_INTEGER SEC_FAR * PTimeStamp; // ntifs # else // SECURITY_MAC typedef unsigned long TimeStamp; typedef unsigned long * PTimeStamp; # endif // SECUIRT_MAC // // If we are in 32 bit mode, define the SECURITY_STRING structure, // as a clone of the base UNICODE_STRING structure. This is used // internally in security components, an as the string interface // for kernel components (e.g. FSPs) // # ifndef _NTDEF_ typedef struct _SECURITY_STRING { unsigned short Length; unsigned short MaximumLength; # ifdef MIDL_PASS [size_is(MaximumLength / 2), length_is(Length / 2)] # endif // MIDL_PASS unsigned short * Buffer; } SECURITY_STRING, * PSECURITY_STRING; # else // _NTDEF_ typedef UNICODE_STRING SECURITY_STRING, *PSECURITY_STRING; // ntifs # endif // _NTDEF_ // begin_ntifs // // SecPkgInfo structure // // Provides general information about a security provider // typedef struct _SecPkgInfoW { unsigned long fCapabilities; // Capability bitmask unsigned short wVersion; // Version of driver unsigned short wRPCID; // ID for RPC Runtime unsigned long cbMaxToken; // Size of authentication token (max) #ifdef MIDL_PASS [string] #endif SEC_WCHAR SEC_FAR * Name; // Text name #ifdef MIDL_PASS [string] #endif SEC_WCHAR SEC_FAR * Comment; // Comment } SecPkgInfoW, SEC_FAR * PSecPkgInfoW; // end_ntifs typedef struct _SecPkgInfoA { unsigned long fCapabilities; // Capability bitmask unsigned short wVersion; // Version of driver unsigned short wRPCID; // ID for RPC Runtime unsigned long cbMaxToken; // Size of authentication token (max) #ifdef MIDL_PASS [string] #endif SEC_CHAR SEC_FAR * Name; // Text name #ifdef MIDL_PASS [string] #endif SEC_CHAR SEC_FAR * Comment; // Comment } SecPkgInfoA, SEC_FAR * PSecPkgInfoA; #ifdef UNICODE # define SecPkgInfo SecPkgInfoW // ntifs # define PSecPkgInfo PSecPkgInfoW // ntifs #else # define SecPkgInfo SecPkgInfoA # define PSecPkgInfo PSecPkgInfoA #endif // !UNICODE // begin_ntifs // // Security Package Capabilities // #define SECPKG_FLAG_INTEGRITY 0x00000001 // Supports integrity on messages #define SECPKG_FLAG_PRIVACY 0x00000002 // Supports privacy (confidentiality) #define SECPKG_FLAG_TOKEN_ONLY 0x00000004 // Only security token needed #define SECPKG_FLAG_DATAGRAM 0x00000008 // Datagram RPC support #define SECPKG_FLAG_CONNECTION 0x00000010 // Connection oriented RPC support #define SECPKG_FLAG_MULTI_REQUIRED 0x00000020 // Full 3-leg required for re-auth. #define SECPKG_FLAG_CLIENT_ONLY 0x00000040 // Server side functionality not available #define SECPKG_FLAG_EXTENDED_ERROR 0x00000080 // Supports extended error msgs #define SECPKG_FLAG_IMPERSONATION 0x00000100 // Supports impersonation #define SECPKG_FLAG_ACCEPT_WIN32_NAME 0x00000200 // Accepts Win32 names #define SECPKG_FLAG_STREAM 0x00000400 // Supports stream semantics #define SECPKG_FLAG_NEGOTIABLE 0x00000800 // Can be used by the negotiate package #define SECPKG_FLAG_GSS_COMPATIBLE 0x00001000 // GSS Compatibility Available #define SECPKG_FLAG_LOGON 0x00002000 // Supports common LsaLogonUser #define SECPKG_FLAG_ASCII_BUFFERS 0x00004000 // Token Buffers are in ASCII #define SECPKG_FLAG_FRAGMENT 0x00008000 // Package can fragment to fit #define SECPKG_FLAG_MUTUAL_AUTH 0x00010000 // Package can perform mutual authentication #define SECPKG_FLAG_DELEGATION 0x00020000 // Package can delegate #define SECPKG_FLAG_READONLY_WITH_CHECKSUM 0x00040000 // Package can delegate #define SECPKG_ID_NONE 0xFFFF // // SecBuffer // // Generic memory descriptors for buffers passed in to the security // API // typedef struct _SecBuffer { unsigned long cbBuffer; // Size of the buffer, in bytes unsigned long BufferType; // Type of the buffer (below) void SEC_FAR * pvBuffer; // Pointer to the buffer } SecBuffer, SEC_FAR * PSecBuffer; typedef struct _SecBufferDesc { unsigned long ulVersion; // Version number unsigned long cBuffers; // Number of buffers #ifdef MIDL_PASS [size_is(cBuffers)] #endif PSecBuffer pBuffers; // Pointer to array of buffers } SecBufferDesc, SEC_FAR * PSecBufferDesc; #define SECBUFFER_VERSION 0 #define SECBUFFER_EMPTY 0 // Undefined, replaced by provider #define SECBUFFER_DATA 1 // Packet data #define SECBUFFER_TOKEN 2 // Security token #define SECBUFFER_PKG_PARAMS 3 // Package specific parameters #define SECBUFFER_MISSING 4 // Missing Data indicator #define SECBUFFER_EXTRA 5 // Extra data #define SECBUFFER_STREAM_TRAILER 6 // Security Trailer #define SECBUFFER_STREAM_HEADER 7 // Security Header #define SECBUFFER_NEGOTIATION_INFO 8 // Hints from the negotiation pkg #define SECBUFFER_PADDING 9 // non-data padding #define SECBUFFER_STREAM 10 // whole encrypted message #define SECBUFFER_MECHLIST 11 #define SECBUFFER_MECHLIST_SIGNATURE 12 #define SECBUFFER_TARGET 13 #define SECBUFFER_CHANNEL_BINDINGS 14 #define SECBUFFER_ATTRMASK 0xF0000000 #define SECBUFFER_READONLY 0x80000000 // Buffer is read-only, no checksum #define SECBUFFER_READONLY_WITH_CHECKSUM 0x10000000 // Buffer is read-only, and checksummed #define SECBUFFER_RESERVED 0x60000000 // Flags reserved to security system typedef struct _SEC_NEGOTIATION_INFO { unsigned long Size; // Size of this structure unsigned long NameLength; // Length of name hint SEC_WCHAR SEC_FAR * Name; // Name hint void SEC_FAR * Reserved; // Reserved } SEC_NEGOTIATION_INFO, SEC_FAR * PSEC_NEGOTIATION_INFO ; typedef struct _SEC_CHANNEL_BINDINGS { unsigned long dwInitiatorAddrType; unsigned long cbInitiatorLength; unsigned long dwInitiatorOffset; unsigned long dwAcceptorAddrType; unsigned long cbAcceptorLength; unsigned long dwAcceptorOffset; unsigned long cbApplicationDataLength; unsigned long dwApplicationDataOffset; } SEC_CHANNEL_BINDINGS, SEC_FAR * PSEC_CHANNEL_BINDINGS ; // // Data Representation Constant: // #define SECURITY_NATIVE_DREP 0x00000010 #define SECURITY_NETWORK_DREP 0x00000000 // // Credential Use Flags // #define SECPKG_CRED_INBOUND 0x00000001 #define SECPKG_CRED_OUTBOUND 0x00000002 #define SECPKG_CRED_BOTH 0x00000003 #define SECPKG_CRED_DEFAULT 0x00000004 #define SECPKG_CRED_RESERVED 0xF0000000 // // InitializeSecurityContext Requirement and return flags: // #define ISC_REQ_DELEGATE 0x00000001 #define ISC_REQ_MUTUAL_AUTH 0x00000002 #define ISC_REQ_REPLAY_DETECT 0x00000004 #define ISC_REQ_SEQUENCE_DETECT 0x00000008 #define ISC_REQ_CONFIDENTIALITY 0x00000010 #define ISC_REQ_USE_SESSION_KEY 0x00000020 #define ISC_REQ_PROMPT_FOR_CREDS 0x00000040 #define ISC_REQ_USE_SUPPLIED_CREDS 0x00000080 #define ISC_REQ_ALLOCATE_MEMORY 0x00000100 #define ISC_REQ_USE_DCE_STYLE 0x00000200 #define ISC_REQ_DATAGRAM 0x00000400 #define ISC_REQ_CONNECTION 0x00000800 #define ISC_REQ_CALL_LEVEL 0x00001000 #define ISC_REQ_FRAGMENT_SUPPLIED 0x00002000 #define ISC_REQ_EXTENDED_ERROR 0x00004000 #define ISC_REQ_STREAM 0x00008000 #define ISC_REQ_INTEGRITY 0x00010000 #define ISC_REQ_IDENTIFY 0x00020000 #define ISC_REQ_NULL_SESSION 0x00040000 #define ISC_REQ_MANUAL_CRED_VALIDATION 0x00080000 #define ISC_REQ_RESERVED1 0x00100000 #define ISC_REQ_FRAGMENT_TO_FIT 0x00200000 #define ISC_RET_DELEGATE 0x00000001 #define ISC_RET_MUTUAL_AUTH 0x00000002 #define ISC_RET_REPLAY_DETECT 0x00000004 #define ISC_RET_SEQUENCE_DETECT 0x00000008 #define ISC_RET_CONFIDENTIALITY 0x00000010 #define ISC_RET_USE_SESSION_KEY 0x00000020 #define ISC_RET_USED_COLLECTED_CREDS 0x00000040 #define ISC_RET_USED_SUPPLIED_CREDS 0x00000080 #define ISC_RET_ALLOCATED_MEMORY 0x00000100 #define ISC_RET_USED_DCE_STYLE 0x00000200 #define ISC_RET_DATAGRAM 0x00000400 #define ISC_RET_CONNECTION 0x00000800 #define ISC_RET_INTERMEDIATE_RETURN 0x00001000 #define ISC_RET_CALL_LEVEL 0x00002000 #define ISC_RET_EXTENDED_ERROR 0x00004000 #define ISC_RET_STREAM 0x00008000 #define ISC_RET_INTEGRITY 0x00010000 #define ISC_RET_IDENTIFY 0x00020000 #define ISC_RET_NULL_SESSION 0x00040000 #define ISC_RET_MANUAL_CRED_VALIDATION 0x00080000 #define ISC_RET_RESERVED1 0x00100000 #define ISC_RET_FRAGMENT_ONLY 0x00200000 #define ASC_REQ_DELEGATE 0x00000001 #define ASC_REQ_MUTUAL_AUTH 0x00000002 #define ASC_REQ_REPLAY_DETECT 0x00000004 #define ASC_REQ_SEQUENCE_DETECT 0x00000008 #define ASC_REQ_CONFIDENTIALITY 0x00000010 #define ASC_REQ_USE_SESSION_KEY 0x00000020 #define ASC_REQ_ALLOCATE_MEMORY 0x00000100 #define ASC_REQ_USE_DCE_STYLE 0x00000200 #define ASC_REQ_DATAGRAM 0x00000400 #define ASC_REQ_CONNECTION 0x00000800 #define ASC_REQ_CALL_LEVEL 0x00001000 #define ASC_REQ_EXTENDED_ERROR 0x00008000 #define ASC_REQ_STREAM 0x00010000 #define ASC_REQ_INTEGRITY 0x00020000 #define ASC_REQ_LICENSING 0x00040000 #define ASC_REQ_IDENTIFY 0x00080000 #define ASC_REQ_ALLOW_NULL_SESSION 0x00100000 #define ASC_REQ_ALLOW_NON_USER_LOGONS 0x00200000 #define ASC_REQ_ALLOW_CONTEXT_REPLAY 0x00400000 #define ASC_REQ_FRAGMENT_TO_FIT 0x00800000 #define ASC_REQ_FRAGMENT_SUPPLIED 0x00002000 #define ASC_REQ_NO_TOKEN 0x01000000 #define ASC_RET_DELEGATE 0x00000001 #define ASC_RET_MUTUAL_AUTH 0x00000002 #define ASC_RET_REPLAY_DETECT 0x00000004 #define ASC_RET_SEQUENCE_DETECT 0x00000008 #define ASC_RET_CONFIDENTIALITY 0x00000010 #define ASC_RET_USE_SESSION_KEY 0x00000020 #define ASC_RET_ALLOCATED_MEMORY 0x00000100 #define ASC_RET_USED_DCE_STYLE 0x00000200 #define ASC_RET_DATAGRAM 0x00000400 #define ASC_RET_CONNECTION 0x00000800 #define ASC_RET_CALL_LEVEL 0x00002000 // skipped 1000 to be like ISC_ #define ASC_RET_THIRD_LEG_FAILED 0x00004000 #define ASC_RET_EXTENDED_ERROR 0x00008000 #define ASC_RET_STREAM 0x00010000 #define ASC_RET_INTEGRITY 0x00020000 #define ASC_RET_LICENSING 0x00040000 #define ASC_RET_IDENTIFY 0x00080000 #define ASC_RET_NULL_SESSION 0x00100000 #define ASC_RET_ALLOW_NON_USER_LOGONS 0x00200000 #define ASC_RET_ALLOW_CONTEXT_REPLAY 0x00400000 #define ASC_RET_FRAGMENT_ONLY 0x00800000 #define ASC_RET_NO_TOKEN 0x01000000 // // Security Credentials Attributes: // #define SECPKG_CRED_ATTR_NAMES 1 typedef struct _SecPkgCredentials_NamesW { SEC_WCHAR SEC_FAR * sUserName; } SecPkgCredentials_NamesW, SEC_FAR * PSecPkgCredentials_NamesW; // end_ntifs typedef struct _SecPkgCredentials_NamesA { SEC_CHAR SEC_FAR * sUserName; } SecPkgCredentials_NamesA, SEC_FAR * PSecPkgCredentials_NamesA; #ifdef UNICODE # define SecPkgCredentials_Names SecPkgCredentials_NamesW // ntifs # define PSecPkgCredentials_Names PSecPkgCredentials_NamesW // ntifs #else # define SecPkgCredentials_Names SecPkgCredentials_NamesA # define PSecPkgCredentials_Names PSecPkgCredentials_NamesA #endif // !UNICODE // begin_ntifs // // Security Context Attributes: // #define SECPKG_ATTR_SIZES 0 #define SECPKG_ATTR_NAMES 1 #define SECPKG_ATTR_LIFESPAN 2 #define SECPKG_ATTR_DCE_INFO 3 #define SECPKG_ATTR_STREAM_SIZES 4 #define SECPKG_ATTR_KEY_INFO 5 #define SECPKG_ATTR_AUTHORITY 6 #define SECPKG_ATTR_PROTO_INFO 7 #define SECPKG_ATTR_PASSWORD_EXPIRY 8 #define SECPKG_ATTR_SESSION_KEY 9 #define SECPKG_ATTR_PACKAGE_INFO 10 #define SECPKG_ATTR_USER_FLAGS 11 #define SECPKG_ATTR_NEGOTIATION_INFO 12 #define SECPKG_ATTR_NATIVE_NAMES 13 #define SECPKG_ATTR_FLAGS 14 #define SECPKG_ATTR_USE_VALIDATED 15 #define SECPKG_ATTR_CREDENTIAL_NAME 16 #define SECPKG_ATTR_TARGET_INFORMATION 17 #define SECPKG_ATTR_ACCESS_TOKEN 18 #define SECPKG_ATTR_TARGET 19 #define SECPKG_ATTR_AUTHENTICATION_ID 20 typedef struct _SecPkgContext_Sizes { unsigned long cbMaxToken; unsigned long cbMaxSignature; unsigned long cbBlockSize; unsigned long cbSecurityTrailer; } SecPkgContext_Sizes, SEC_FAR * PSecPkgContext_Sizes; typedef struct _SecPkgContext_StreamSizes { unsigned long cbHeader; unsigned long cbTrailer; unsigned long cbMaximumMessage; unsigned long cBuffers; unsigned long cbBlockSize; } SecPkgContext_StreamSizes, * PSecPkgContext_StreamSizes; typedef struct _SecPkgContext_NamesW { SEC_WCHAR SEC_FAR * sUserName; } SecPkgContext_NamesW, SEC_FAR * PSecPkgContext_NamesW; // end_ntifs typedef struct _SecPkgContext_NamesA { SEC_CHAR SEC_FAR * sUserName; } SecPkgContext_NamesA, SEC_FAR * PSecPkgContext_NamesA; #ifdef UNICODE # define SecPkgContext_Names SecPkgContext_NamesW // ntifs # define PSecPkgContext_Names PSecPkgContext_NamesW // ntifs #else # define SecPkgContext_Names SecPkgContext_NamesA # define PSecPkgContext_Names PSecPkgContext_NamesA #endif // !UNICODE // begin_ntifs typedef struct _SecPkgContext_Lifespan { TimeStamp tsStart; TimeStamp tsExpiry; } SecPkgContext_Lifespan, SEC_FAR * PSecPkgContext_Lifespan; typedef struct _SecPkgContext_DceInfo { unsigned long AuthzSvc; void SEC_FAR * pPac; } SecPkgContext_DceInfo, SEC_FAR * PSecPkgContext_DceInfo; // end_ntifs typedef struct _SecPkgContext_KeyInfoA { SEC_CHAR SEC_FAR * sSignatureAlgorithmName; SEC_CHAR SEC_FAR * sEncryptAlgorithmName; unsigned long KeySize; unsigned long SignatureAlgorithm; unsigned long EncryptAlgorithm; } SecPkgContext_KeyInfoA, SEC_FAR * PSecPkgContext_KeyInfoA; // begin_ntifs typedef struct _SecPkgContext_KeyInfoW { SEC_WCHAR SEC_FAR * sSignatureAlgorithmName; SEC_WCHAR SEC_FAR * sEncryptAlgorithmName; unsigned long KeySize; unsigned long SignatureAlgorithm; unsigned long EncryptAlgorithm; } SecPkgContext_KeyInfoW, SEC_FAR * PSecPkgContext_KeyInfoW; // end_ntifs #ifdef UNICODE #define SecPkgContext_KeyInfo SecPkgContext_KeyInfoW // ntifs #define PSecPkgContext_KeyInfo PSecPkgContext_KeyInfoW // ntifs #else #define SecPkgContext_KeyInfo SecPkgContext_KeyInfoA #define PSecPkgContext_KeyInfo PSecPkgContext_KeyInfoA #endif typedef struct _SecPkgContext_AuthorityA { SEC_CHAR SEC_FAR * sAuthorityName; } SecPkgContext_AuthorityA, * PSecPkgContext_AuthorityA; // begin_ntifs typedef struct _SecPkgContext_AuthorityW { SEC_WCHAR SEC_FAR * sAuthorityName; } SecPkgContext_AuthorityW, * PSecPkgContext_AuthorityW; // end_ntifs #ifdef UNICODE #define SecPkgContext_Authority SecPkgContext_AuthorityW // ntifs #define PSecPkgContext_Authority PSecPkgContext_AuthorityW // ntifs #else #define SecPkgContext_Authority SecPkgContext_AuthorityA #define PSecPkgContext_Authority PSecPkgContext_AuthorityA #endif typedef struct _SecPkgContext_ProtoInfoA { SEC_CHAR SEC_FAR * sProtocolName; unsigned long majorVersion; unsigned long minorVersion; } SecPkgContext_ProtoInfoA, SEC_FAR * PSecPkgContext_ProtoInfoA; // begin_ntifs typedef struct _SecPkgContext_ProtoInfoW { SEC_WCHAR SEC_FAR * sProtocolName; unsigned long majorVersion; unsigned long minorVersion; } SecPkgContext_ProtoInfoW, SEC_FAR * PSecPkgContext_ProtoInfoW; // end_ntifs #ifdef UNICODE #define SecPkgContext_ProtoInfo SecPkgContext_ProtoInfoW // ntifs #define PSecPkgContext_ProtoInfo PSecPkgContext_ProtoInfoW // ntifs #else #define SecPkgContext_ProtoInfo SecPkgContext_ProtoInfoA #define PSecPkgContext_ProtoInfo PSecPkgContext_ProtoInfoA #endif // begin_ntifs typedef struct _SecPkgContext_PasswordExpiry { TimeStamp tsPasswordExpires; } SecPkgContext_PasswordExpiry, SEC_FAR * PSecPkgContext_PasswordExpiry; typedef struct _SecPkgContext_SessionKey { unsigned long SessionKeyLength; unsigned char SEC_FAR * SessionKey; } SecPkgContext_SessionKey, *PSecPkgContext_SessionKey; typedef struct _SecPkgContext_PackageInfoW { PSecPkgInfoW PackageInfo; } SecPkgContext_PackageInfoW, SEC_FAR * PSecPkgContext_PackageInfoW; // end_ntifs typedef struct _SecPkgContext_PackageInfoA { PSecPkgInfoA PackageInfo; } SecPkgContext_PackageInfoA, SEC_FAR * PSecPkgContext_PackageInfoA; // begin_ntifs typedef struct _SecPkgContext_UserFlags { unsigned long UserFlags; } SecPkgContext_UserFlags, SEC_FAR * PSecPkgContext_UserFlags; typedef struct _SecPkgContext_Flags { unsigned long Flags; } SecPkgContext_Flags, SEC_FAR * PSecPkgContext_Flags; // end_ntifs #ifdef UNICODE #define SecPkgContext_PackageInfo SecPkgContext_PackageInfoW // ntifs #define PSecPkgContext_PackageInfo PSecPkgContext_PackageInfoW // ntifs #else #define SecPkgContext_PackageInfo SecPkgContext_PackageInfoA #define PSecPkgContext_PackageInfo PSecPkgContext_PackageInfoA #endif typedef struct _SecPkgContext_NegotiationInfoA { PSecPkgInfoA PackageInfo ; unsigned long NegotiationState ; } SecPkgContext_NegotiationInfoA, SEC_FAR * PSecPkgContext_NegotiationInfoA ; // begin_ntifs typedef struct _SecPkgContext_NegotiationInfoW { PSecPkgInfoW PackageInfo ; unsigned long NegotiationState ; } SecPkgContext_NegotiationInfoW, SEC_FAR * PSecPkgContext_NegotiationInfoW ; // end_ntifs #ifdef UNICODE #define SecPkgContext_NegotiationInfo SecPkgContext_NegotiationInfoW #define PSecPkgContext_NegotiationInfo PSecPkgContext_NegotiationInfoW #else #define SecPkgContext_NegotiationInfo SecPkgContext_NegotiationInfoA #define PSecPkgContext_NegotiationInfo PSecPkgContext_NegotiationInfoA #endif #define SECPKG_NEGOTIATION_COMPLETE 0 #define SECPKG_NEGOTIATION_OPTIMISTIC 1 #define SECPKG_NEGOTIATION_IN_PROGRESS 2 #define SECPKG_NEGOTIATION_DIRECT 3 #define SECPKG_NEGOTIATION_TRY_MULTICRED 4 typedef struct _SecPkgContext_NativeNamesW { SEC_WCHAR SEC_FAR * sClientName; SEC_WCHAR SEC_FAR * sServerName; } SecPkgContext_NativeNamesW, SEC_FAR * PSecPkgContext_NativeNamesW; typedef struct _SecPkgContext_NativeNamesA { SEC_CHAR SEC_FAR * sClientName; SEC_CHAR SEC_FAR * sServerName; } SecPkgContext_NativeNamesA, SEC_FAR * PSecPkgContext_NativeNamesA; #ifdef UNICODE # define SecPkgContext_NativeNames SecPkgContext_NativeNamesW // ntifs # define PSecPkgContext_NativeNames PSecPkgContext_NativeNamesW // ntifs #else # define SecPkgContext_NativeNames SecPkgContext_NativeNamesA # define PSecPkgContext_NativeNames PSecPkgContext_NativeNamesA #endif // !UNICODE // begin_ntifs typedef struct _SecPkgContext_CredentialNameW { unsigned long CredentialType; SEC_WCHAR SEC_FAR *sCredentialName; } SecPkgContext_CredentialNameW, SEC_FAR * PSecPkgContext_CredentialNameW; // end_ntifs typedef struct _SecPkgContext_CredentialNameA { unsigned long CredentialType; SEC_CHAR SEC_FAR *sCredentialName; } SecPkgContext_CredentialNameA, SEC_FAR * PSecPkgContext_CredentialNameA; #ifdef UNICODE # define SecPkgContext_CredentialName SecPkgContext_CredentialNameW // ntifs # define PSecPkgContext_CredentialName PSecPkgContext_CredentialNameW // ntifs #else # define SecPkgContext_CredentialName SecPkgContext_CredentialNameA # define PSecPkgContext_CredentialName PSecPkgContext_CredentialNameA #endif // !UNICODE typedef struct _SecPkgContext_AccessToken { void SEC_FAR * AccessToken; } SecPkgContext_AccessToken, SEC_FAR * PSecPkgContext_AccessToken; typedef struct _SecPkgContext_TargetInformation { unsigned long MarshalledTargetInfoLength; unsigned char SEC_FAR * MarshalledTargetInfo; } SecPkgContext_TargetInformation, SEC_FAR * PSecPkgContext_TargetInformation; typedef struct _SecPkgContext_AuthzID { unsigned long AuthzIDLength; char SEC_FAR * AuthzID; } SecPkgContext_AuthzID, SEC_FAR * PSecPkgContext_AuthzID; typedef struct _SecPkgContext_Target { unsigned long TargetLength; char SEC_FAR * Target; } SecPkgContext_Target, SEC_FAR * PSecPkgContext_Target; // begin_ntifs typedef void (SEC_ENTRY SEC_FAR * SEC_GET_KEY_FN) ( void SEC_FAR * Arg, // Argument passed in void SEC_FAR * Principal, // Principal ID unsigned long KeyVer, // Key Version void SEC_FAR * SEC_FAR * Key, // Returned ptr to key SECURITY_STATUS SEC_FAR * Status // returned status ); // // Flags for ExportSecurityContext // #define SECPKG_CONTEXT_EXPORT_RESET_NEW 0x00000001 // New context is reset to initial state #define SECPKG_CONTEXT_EXPORT_DELETE_OLD 0x00000002 // Old context is deleted during export SECURITY_STATUS SEC_ENTRY AcquireCredentialsHandleW( #if ISSP_MODE == 0 // For Kernel mode PSECURITY_STRING pPrincipal, PSECURITY_STRING pPackage, #else SEC_WCHAR SEC_FAR * pszPrincipal, // Name of principal SEC_WCHAR SEC_FAR * pszPackage, // Name of package #endif unsigned long fCredentialUse, // Flags indicating use void SEC_FAR * pvLogonId, // Pointer to logon ID void SEC_FAR * pAuthData, // Package specific data SEC_GET_KEY_FN pGetKeyFn, // Pointer to GetKey() func void SEC_FAR * pvGetKeyArgument, // Value to pass to GetKey() PCredHandle phCredential, // (out) Cred Handle PTimeStamp ptsExpiry // (out) Lifetime (optional) ); typedef SECURITY_STATUS (SEC_ENTRY * ACQUIRE_CREDENTIALS_HANDLE_FN_W)( #if ISSP_MODE == 0 PSECURITY_STRING, PSECURITY_STRING, #else SEC_WCHAR SEC_FAR *, SEC_WCHAR SEC_FAR *, #endif unsigned long, void SEC_FAR *, void SEC_FAR *, SEC_GET_KEY_FN, void SEC_FAR *, PCredHandle, PTimeStamp); // end_ntifs SECURITY_STATUS SEC_ENTRY AcquireCredentialsHandleA( SEC_CHAR SEC_FAR * pszPrincipal, // Name of principal SEC_CHAR SEC_FAR * pszPackage, // Name of package unsigned long fCredentialUse, // Flags indicating use void SEC_FAR * pvLogonId, // Pointer to logon ID void SEC_FAR * pAuthData, // Package specific data SEC_GET_KEY_FN pGetKeyFn, // Pointer to GetKey() func void SEC_FAR * pvGetKeyArgument, // Value to pass to GetKey() PCredHandle phCredential, // (out) Cred Handle PTimeStamp ptsExpiry // (out) Lifetime (optional) ); typedef SECURITY_STATUS (SEC_ENTRY * ACQUIRE_CREDENTIALS_HANDLE_FN_A)( SEC_CHAR SEC_FAR *, SEC_CHAR SEC_FAR *, unsigned long, void SEC_FAR *, void SEC_FAR *, SEC_GET_KEY_FN, void SEC_FAR *, PCredHandle, PTimeStamp); #ifdef UNICODE # define AcquireCredentialsHandle AcquireCredentialsHandleW // ntifs # define ACQUIRE_CREDENTIALS_HANDLE_FN ACQUIRE_CREDENTIALS_HANDLE_FN_W // ntifs #else # define AcquireCredentialsHandle AcquireCredentialsHandleA # define ACQUIRE_CREDENTIALS_HANDLE_FN ACQUIRE_CREDENTIALS_HANDLE_FN_A #endif // !UNICODE // begin_ntifs SECURITY_STATUS SEC_ENTRY FreeCredentialsHandle( PCredHandle phCredential // Handle to free ); typedef SECURITY_STATUS (SEC_ENTRY * FREE_CREDENTIALS_HANDLE_FN)( PCredHandle ); SECURITY_STATUS SEC_ENTRY AddCredentialsW( PCredHandle hCredentials, #if ISSP_MODE == 0 // For Kernel mode PSECURITY_STRING pPrincipal, PSECURITY_STRING pPackage, #else SEC_WCHAR SEC_FAR * pszPrincipal, // Name of principal SEC_WCHAR SEC_FAR * pszPackage, // Name of package #endif unsigned long fCredentialUse, // Flags indicating use void SEC_FAR * pAuthData, // Package specific data SEC_GET_KEY_FN pGetKeyFn, // Pointer to GetKey() func void SEC_FAR * pvGetKeyArgument, // Value to pass to GetKey() PTimeStamp ptsExpiry // (out) Lifetime (optional) ); typedef SECURITY_STATUS (SEC_ENTRY * ADD_CREDENTIALS_FN_W)( PCredHandle, #if ISSP_MODE == 0 PSECURITY_STRING, PSECURITY_STRING, #else SEC_WCHAR SEC_FAR *, SEC_WCHAR SEC_FAR *, #endif unsigned long, void SEC_FAR *, SEC_GET_KEY_FN, void SEC_FAR *, PTimeStamp); SECURITY_STATUS SEC_ENTRY AddCredentialsA( PCredHandle hCredentials, SEC_CHAR SEC_FAR * pszPrincipal, // Name of principal SEC_CHAR SEC_FAR * pszPackage, // Name of package unsigned long fCredentialUse, // Flags indicating use void SEC_FAR * pAuthData, // Package specific data SEC_GET_KEY_FN pGetKeyFn, // Pointer to GetKey() func void SEC_FAR * pvGetKeyArgument, // Value to pass to GetKey() PTimeStamp ptsExpiry // (out) Lifetime (optional) ); typedef SECURITY_STATUS (SEC_ENTRY * ADD_CREDENTIALS_FN_A)( PCredHandle, SEC_CHAR SEC_FAR *, SEC_CHAR SEC_FAR *, unsigned long, void SEC_FAR *, SEC_GET_KEY_FN, void SEC_FAR *, PTimeStamp); #ifdef UNICODE #define AddCredentials AddCredentialsW #define ADD_CREDENTIALS_FN ADD_CREDENTIALS_FN_W #else #define AddCredentials AddCredentialsA #define ADD_CREDENTIALS_FN ADD_CREDENTIALS_FN_A #endif //////////////////////////////////////////////////////////////////////// /// /// Context Management Functions /// //////////////////////////////////////////////////////////////////////// SECURITY_STATUS SEC_ENTRY InitializeSecurityContextW( PCredHandle phCredential, // Cred to base context PCtxtHandle phContext, // Existing context (OPT) #if ISSP_MODE == 0 PSECURITY_STRING pTargetName, #else SEC_WCHAR SEC_FAR * pszTargetName, // Name of target #endif unsigned long fContextReq, // Context Requirements unsigned long Reserved1, // Reserved, MBZ unsigned long TargetDataRep, // Data rep of target PSecBufferDesc pInput, // Input Buffers unsigned long Reserved2, // Reserved, MBZ PCtxtHandle phNewContext, // (out) New Context handle PSecBufferDesc pOutput, // (inout) Output Buffers unsigned long SEC_FAR * pfContextAttr, // (out) Context attrs PTimeStamp ptsExpiry // (out) Life span (OPT) ); typedef SECURITY_STATUS (SEC_ENTRY * INITIALIZE_SECURITY_CONTEXT_FN_W)( PCredHandle, PCtxtHandle, #if ISSP_MODE == 0 PSECURITY_STRING, #else SEC_WCHAR SEC_FAR *, #endif unsigned long, unsigned long, unsigned long, PSecBufferDesc, unsigned long, PCtxtHandle, PSecBufferDesc, unsigned long SEC_FAR *, PTimeStamp); // end_ntifs SECURITY_STATUS SEC_ENTRY InitializeSecurityContextA( PCredHandle phCredential, // Cred to base context PCtxtHandle phContext, // Existing context (OPT) SEC_CHAR SEC_FAR * pszTargetName, // Name of target unsigned long fContextReq, // Context Requirements unsigned long Reserved1, // Reserved, MBZ unsigned long TargetDataRep, // Data rep of target PSecBufferDesc pInput, // Input Buffers unsigned long Reserved2, // Reserved, MBZ PCtxtHandle phNewContext, // (out) New Context handle PSecBufferDesc pOutput, // (inout) Output Buffers unsigned long SEC_FAR * pfContextAttr, // (out) Context attrs PTimeStamp ptsExpiry // (out) Life span (OPT) ); typedef SECURITY_STATUS (SEC_ENTRY * INITIALIZE_SECURITY_CONTEXT_FN_A)( PCredHandle, PCtxtHandle, SEC_CHAR SEC_FAR *, unsigned long, unsigned long, unsigned long, PSecBufferDesc, unsigned long, PCtxtHandle, PSecBufferDesc, unsigned long SEC_FAR *, PTimeStamp); #ifdef UNICODE # define InitializeSecurityContext InitializeSecurityContextW // ntifs # define INITIALIZE_SECURITY_CONTEXT_FN INITIALIZE_SECURITY_CONTEXT_FN_W // ntifs #else # define InitializeSecurityContext InitializeSecurityContextA # define INITIALIZE_SECURITY_CONTEXT_FN INITIALIZE_SECURITY_CONTEXT_FN_A #endif // !UNICODE // begin_ntifs SECURITY_STATUS SEC_ENTRY AcceptSecurityContext( PCredHandle phCredential, // Cred to base context PCtxtHandle phContext, // Existing context (OPT) PSecBufferDesc pInput, // Input buffer unsigned long fContextReq, // Context Requirements unsigned long TargetDataRep, // Target Data Rep PCtxtHandle phNewContext, // (out) New context handle PSecBufferDesc pOutput, // (inout) Output buffers unsigned long SEC_FAR * pfContextAttr, // (out) Context attributes PTimeStamp ptsExpiry // (out) Life span (OPT) ); typedef SECURITY_STATUS (SEC_ENTRY * ACCEPT_SECURITY_CONTEXT_FN)( PCredHandle, PCtxtHandle, PSecBufferDesc, unsigned long, unsigned long, PCtxtHandle, PSecBufferDesc, unsigned long SEC_FAR *, PTimeStamp); SECURITY_STATUS SEC_ENTRY CompleteAuthToken( PCtxtHandle phContext, // Context to complete PSecBufferDesc pToken // Token to complete ); typedef SECURITY_STATUS (SEC_ENTRY * COMPLETE_AUTH_TOKEN_FN)( PCtxtHandle, PSecBufferDesc); SECURITY_STATUS SEC_ENTRY ImpersonateSecurityContext( PCtxtHandle phContext // Context to impersonate ); typedef SECURITY_STATUS (SEC_ENTRY * IMPERSONATE_SECURITY_CONTEXT_FN)( PCtxtHandle); SECURITY_STATUS SEC_ENTRY RevertSecurityContext( PCtxtHandle phContext // Context from which to re ); typedef SECURITY_STATUS (SEC_ENTRY * REVERT_SECURITY_CONTEXT_FN)( PCtxtHandle); SECURITY_STATUS SEC_ENTRY QuerySecurityContextToken( PCtxtHandle phContext, void SEC_FAR * SEC_FAR * Token ); typedef SECURITY_STATUS (SEC_ENTRY * QUERY_SECURITY_CONTEXT_TOKEN_FN)( PCtxtHandle, void SEC_FAR * SEC_FAR *); SECURITY_STATUS SEC_ENTRY DeleteSecurityContext( PCtxtHandle phContext // Context to delete ); typedef SECURITY_STATUS (SEC_ENTRY * DELETE_SECURITY_CONTEXT_FN)( PCtxtHandle); SECURITY_STATUS SEC_ENTRY ApplyControlToken( PCtxtHandle phContext, // Context to modify PSecBufferDesc pInput // Input token to apply ); typedef SECURITY_STATUS (SEC_ENTRY * APPLY_CONTROL_TOKEN_FN)( PCtxtHandle, PSecBufferDesc); SECURITY_STATUS SEC_ENTRY QueryContextAttributesW( PCtxtHandle phContext, // Context to query unsigned long ulAttribute, // Attribute to query void SEC_FAR * pBuffer // Buffer for attributes ); typedef SECURITY_STATUS (SEC_ENTRY * QUERY_CONTEXT_ATTRIBUTES_FN_W)( PCtxtHandle, unsigned long, void SEC_FAR *); // end_ntifs SECURITY_STATUS SEC_ENTRY QueryContextAttributesA( PCtxtHandle phContext, // Context to query unsigned long ulAttribute, // Attribute to query void SEC_FAR * pBuffer // Buffer for attributes ); typedef SECURITY_STATUS (SEC_ENTRY * QUERY_CONTEXT_ATTRIBUTES_FN_A)( PCtxtHandle, unsigned long, void SEC_FAR *); #ifdef UNICODE # define QueryContextAttributes QueryContextAttributesW // ntifs # define QUERY_CONTEXT_ATTRIBUTES_FN QUERY_CONTEXT_ATTRIBUTES_FN_W // ntifs #else # define QueryContextAttributes QueryContextAttributesA # define QUERY_CONTEXT_ATTRIBUTES_FN QUERY_CONTEXT_ATTRIBUTES_FN_A #endif // !UNICODE // begin_ntifs SECURITY_STATUS SEC_ENTRY SetContextAttributesW( PCtxtHandle phContext, // Context to Set unsigned long ulAttribute, // Attribute to Set void SEC_FAR * pBuffer, // Buffer for attributes unsigned long cbBuffer // Size (in bytes) of Buffer ); typedef SECURITY_STATUS (SEC_ENTRY * SET_CONTEXT_ATTRIBUTES_FN_W)( PCtxtHandle, unsigned long, void SEC_FAR *, unsigned long ); // end_ntifs SECURITY_STATUS SEC_ENTRY SetContextAttributesA( PCtxtHandle phContext, // Context to Set unsigned long ulAttribute, // Attribute to Set void SEC_FAR * pBuffer, // Buffer for attributes unsigned long cbBuffer // Size (in bytes) of Buffer ); typedef SECURITY_STATUS (SEC_ENTRY * SET_CONTEXT_ATTRIBUTES_FN_A)( PCtxtHandle, unsigned long, void SEC_FAR *, unsigned long ); #ifdef UNICODE # define SetContextAttributes SetContextAttributesW // ntifs # define SET_CONTEXT_ATTRIBUTES_FN SET_CONTEXT_ATTRIBUTES_FN_W // ntifs #else # define SetContextAttributes SetContextAttributesA # define SET_CONTEXT_ATTRIBUTES_FN SET_CONTEXT_ATTRIBUTES_FN_A #endif // !UNICODE // begin_ntifs SECURITY_STATUS SEC_ENTRY QueryCredentialsAttributesW( PCredHandle phCredential, // Credential to query unsigned long ulAttribute, // Attribute to query void SEC_FAR * pBuffer // Buffer for attributes ); typedef SECURITY_STATUS (SEC_ENTRY * QUERY_CREDENTIALS_ATTRIBUTES_FN_W)( PCredHandle, unsigned long, void SEC_FAR *); // end_ntifs SECURITY_STATUS SEC_ENTRY QueryCredentialsAttributesA( PCredHandle phCredential, // Credential to query unsigned long ulAttribute, // Attribute to query void SEC_FAR * pBuffer // Buffer for attributes ); typedef SECURITY_STATUS (SEC_ENTRY * QUERY_CREDENTIALS_ATTRIBUTES_FN_A)( PCredHandle, unsigned long, void SEC_FAR *); #ifdef UNICODE # define QueryCredentialsAttributes QueryCredentialsAttributesW // ntifs # define QUERY_CREDENTIALS_ATTRIBUTES_FN QUERY_CREDENTIALS_ATTRIBUTES_FN_W // ntifs #else # define QueryCredentialsAttributes QueryCredentialsAttributesA # define QUERY_CREDENTIALS_ATTRIBUTES_FN QUERY_CREDENTIALS_ATTRIBUTES_FN_A #endif // !UNICODE // begin_ntifs SECURITY_STATUS SEC_ENTRY FreeContextBuffer( void SEC_FAR * pvContextBuffer // buffer to free ); typedef SECURITY_STATUS (SEC_ENTRY * FREE_CONTEXT_BUFFER_FN)( void SEC_FAR *); // end_ntifs // begin_ntifs /////////////////////////////////////////////////////////////////// //// //// Message Support API //// ////////////////////////////////////////////////////////////////// SECURITY_STATUS SEC_ENTRY MakeSignature( PCtxtHandle phContext, // Context to use unsigned long fQOP, // Quality of Protection PSecBufferDesc pMessage, // Message to sign unsigned long MessageSeqNo // Message Sequence Num. ); typedef SECURITY_STATUS (SEC_ENTRY * MAKE_SIGNATURE_FN)( PCtxtHandle, unsigned long, PSecBufferDesc, unsigned long); SECURITY_STATUS SEC_ENTRY VerifySignature( PCtxtHandle phContext, // Context to use PSecBufferDesc pMessage, // Message to verify unsigned long MessageSeqNo, // Sequence Num. unsigned long SEC_FAR * pfQOP // QOP used ); typedef SECURITY_STATUS (SEC_ENTRY * VERIFY_SIGNATURE_FN)( PCtxtHandle, PSecBufferDesc, unsigned long, unsigned long SEC_FAR *); #define SECQOP_WRAP_NO_ENCRYPT 0x80000001 SECURITY_STATUS SEC_ENTRY EncryptMessage( PCtxtHandle phContext, unsigned long fQOP, PSecBufferDesc pMessage, unsigned long MessageSeqNo); typedef SECURITY_STATUS (SEC_ENTRY * ENCRYPT_MESSAGE_FN)( PCtxtHandle, unsigned long, PSecBufferDesc, unsigned long); SECURITY_STATUS SEC_ENTRY DecryptMessage( PCtxtHandle phContext, PSecBufferDesc pMessage, unsigned long MessageSeqNo, unsigned long * pfQOP); typedef SECURITY_STATUS (SEC_ENTRY * DECRYPT_MESSAGE_FN)( PCtxtHandle, PSecBufferDesc, unsigned long, unsigned long SEC_FAR *); // end_ntifs // begin_ntifs /////////////////////////////////////////////////////////////////////////// //// //// Misc. //// /////////////////////////////////////////////////////////////////////////// SECURITY_STATUS SEC_ENTRY EnumerateSecurityPackagesW( unsigned long SEC_FAR * pcPackages, // Receives num. packages PSecPkgInfoW SEC_FAR * ppPackageInfo // Receives array of info ); typedef SECURITY_STATUS (SEC_ENTRY * ENUMERATE_SECURITY_PACKAGES_FN_W)( unsigned long SEC_FAR *, PSecPkgInfoW SEC_FAR *); // end_ntifs SECURITY_STATUS SEC_ENTRY EnumerateSecurityPackagesA( unsigned long SEC_FAR * pcPackages, // Receives num. packages PSecPkgInfoA SEC_FAR * ppPackageInfo // Receives array of info ); typedef SECURITY_STATUS (SEC_ENTRY * ENUMERATE_SECURITY_PACKAGES_FN_A)( unsigned long SEC_FAR *, PSecPkgInfoA SEC_FAR *); #ifdef UNICODE # define EnumerateSecurityPackages EnumerateSecurityPackagesW // ntifs # define ENUMERATE_SECURITY_PACKAGES_FN ENUMERATE_SECURITY_PACKAGES_FN_W // ntifs #else # define EnumerateSecurityPackages EnumerateSecurityPackagesA # define ENUMERATE_SECURITY_PACKAGES_FN ENUMERATE_SECURITY_PACKAGES_FN_A #endif // !UNICODE // begin_ntifs SECURITY_STATUS SEC_ENTRY QuerySecurityPackageInfoW( #if ISSP_MODE == 0 PSECURITY_STRING pPackageName, #else SEC_WCHAR SEC_FAR * pszPackageName, // Name of package #endif PSecPkgInfoW SEC_FAR *ppPackageInfo // Receives package info ); typedef SECURITY_STATUS (SEC_ENTRY * QUERY_SECURITY_PACKAGE_INFO_FN_W)( #if ISSP_MODE == 0 PSECURITY_STRING, #else SEC_WCHAR SEC_FAR *, #endif PSecPkgInfoW SEC_FAR *); // end_ntifs SECURITY_STATUS SEC_ENTRY QuerySecurityPackageInfoA( SEC_CHAR SEC_FAR * pszPackageName, // Name of package PSecPkgInfoA SEC_FAR *ppPackageInfo // Receives package info ); typedef SECURITY_STATUS (SEC_ENTRY * QUERY_SECURITY_PACKAGE_INFO_FN_A)( SEC_CHAR SEC_FAR *, PSecPkgInfoA SEC_FAR *); #ifdef UNICODE # define QuerySecurityPackageInfo QuerySecurityPackageInfoW // ntifs # define QUERY_SECURITY_PACKAGE_INFO_FN QUERY_SECURITY_PACKAGE_INFO_FN_W // ntifs #else # define QuerySecurityPackageInfo QuerySecurityPackageInfoA # define QUERY_SECURITY_PACKAGE_INFO_FN QUERY_SECURITY_PACKAGE_INFO_FN_A #endif // !UNICODE typedef enum _SecDelegationType { SecFull, SecService, SecTree, SecDirectory, SecObject } SecDelegationType, * PSecDelegationType; SECURITY_STATUS SEC_ENTRY DelegateSecurityContext( PCtxtHandle phContext, // IN Active context to delegate #if ISSP_MODE == 0 PSECURITY_STRING pTarget, // IN Target path #else SEC_CHAR SEC_FAR * pszTarget, #endif SecDelegationType DelegationType, // IN Type of delegation PTimeStamp pExpiry, // IN OPTIONAL time limit PSecBuffer pPackageParameters, // IN OPTIONAL package specific PSecBufferDesc pOutput); // OUT Token for applycontroltoken. /////////////////////////////////////////////////////////////////////////// //// //// Proxies //// /////////////////////////////////////////////////////////////////////////// // // Proxies are only available on NT platforms // // begin_ntifs /////////////////////////////////////////////////////////////////////////// //// //// Context export/import //// /////////////////////////////////////////////////////////////////////////// SECURITY_STATUS SEC_ENTRY ExportSecurityContext( PCtxtHandle phContext, // (in) context to export ULONG fFlags, // (in) option flags PSecBuffer pPackedContext, // (out) marshalled context void SEC_FAR * SEC_FAR * pToken // (out, optional) token handle for impersonation ); typedef SECURITY_STATUS (SEC_ENTRY * EXPORT_SECURITY_CONTEXT_FN)( PCtxtHandle, ULONG, PSecBuffer, void SEC_FAR * SEC_FAR * ); SECURITY_STATUS SEC_ENTRY ImportSecurityContextW( #if ISSP_MODE == 0 PSECURITY_STRING pszPackage, #else SEC_WCHAR SEC_FAR * pszPackage, #endif PSecBuffer pPackedContext, // (in) marshalled context void SEC_FAR * Token, // (in, optional) handle to token for context PCtxtHandle phContext // (out) new context handle ); typedef SECURITY_STATUS (SEC_ENTRY * IMPORT_SECURITY_CONTEXT_FN_W)( #if ISSP_MODE == 0 PSECURITY_STRING, #else SEC_WCHAR SEC_FAR *, #endif PSecBuffer, VOID SEC_FAR *, PCtxtHandle ); // end_ntifs SECURITY_STATUS SEC_ENTRY ImportSecurityContextA( SEC_CHAR SEC_FAR * pszPackage, PSecBuffer pPackedContext, // (in) marshalled context VOID SEC_FAR * Token, // (in, optional) handle to token for context PCtxtHandle phContext // (out) new context handle ); typedef SECURITY_STATUS (SEC_ENTRY * IMPORT_SECURITY_CONTEXT_FN_A)( SEC_CHAR SEC_FAR *, PSecBuffer, void SEC_FAR *, PCtxtHandle ); #ifdef UNICODE # define ImportSecurityContext ImportSecurityContextW // ntifs # define IMPORT_SECURITY_CONTEXT_FN IMPORT_SECURITY_CONTEXT_FN_W // ntifs #else # define ImportSecurityContext ImportSecurityContextA # define IMPORT_SECURITY_CONTEXT_FN IMPORT_SECURITY_CONTEXT_FN_A #endif // !UNICODE // begin_ntifs #if ISSP_MODE == 0 NTSTATUS NTAPI SecMakeSPN( IN PUNICODE_STRING ServiceClass, IN PUNICODE_STRING ServiceName, IN PUNICODE_STRING InstanceName OPTIONAL, IN USHORT InstancePort OPTIONAL, IN PUNICODE_STRING Referrer OPTIONAL, IN OUT PUNICODE_STRING Spn, OUT PULONG Length OPTIONAL, IN BOOLEAN Allocate ); NTSTATUS NTAPI SecMakeSPNEx( IN PUNICODE_STRING ServiceClass, IN PUNICODE_STRING ServiceName, IN PUNICODE_STRING InstanceName OPTIONAL, IN USHORT InstancePort OPTIONAL, IN PUNICODE_STRING Referrer OPTIONAL, IN PUNICODE_STRING TargetInfo OPTIONAL, IN OUT PUNICODE_STRING Spn, OUT PULONG Length OPTIONAL, IN BOOLEAN Allocate ); NTSTATUS SEC_ENTRY SecLookupAccountSid( IN PSID Sid, IN OUT PULONG NameSize, OUT PUNICODE_STRING NameBuffer, IN OUT PULONG DomainSize OPTIONAL, OUT PUNICODE_STRING DomainBuffer OPTIONAL, OUT PSID_NAME_USE NameUse ); NTSTATUS SEC_ENTRY SecLookupAccountName( IN PUNICODE_STRING Name, IN OUT PULONG SidSize, OUT PSID Sid, OUT PSID_NAME_USE NameUse, IN OUT PULONG DomainSize OPTIONAL, OUT PUNICODE_STRING ReferencedDomain OPTIONAL ); NTSTATUS SEC_ENTRY SecLookupWellKnownSid( IN WELL_KNOWN_SID_TYPE SidType, OUT PSID Sid, ULONG SidBufferSize, OUT PULONG SidSize OPTIONAL ); #endif // end_ntifs /////////////////////////////////////////////////////////////////////////////// //// //// Fast access for RPC: //// /////////////////////////////////////////////////////////////////////////////// #define SECURITY_ENTRYPOINT_ANSIW "InitSecurityInterfaceW" #define SECURITY_ENTRYPOINT_ANSIA "InitSecurityInterfaceA" #define SECURITY_ENTRYPOINTW SEC_TEXT("InitSecurityInterfaceW") // ntifs #define SECURITY_ENTRYPOINTA SEC_TEXT("InitSecurityInterfaceA") #define SECURITY_ENTRYPOINT16 "INITSECURITYINTERFACEA" #ifdef SECURITY_WIN32 # ifdef UNICODE # define SECURITY_ENTRYPOINT SECURITY_ENTRYPOINTW // ntifs # define SECURITY_ENTRYPOINT_ANSI SECURITY_ENTRYPOINT_ANSIW # else // UNICODE # define SECURITY_ENTRYPOINT SECURITY_ENTRYPOINTA # define SECURITY_ENTRYPOINT_ANSI SECURITY_ENTRYPOINT_ANSIA # endif // UNICODE #else // SECURITY_WIN32 # define SECURITY_ENTRYPOINT SECURITY_ENTRYPOINT16 # define SECURITY_ENTRYPOINT_ANSI SECURITY_ENTRYPOINT16 #endif // SECURITY_WIN32 // begin_ntifs #define FreeCredentialHandle FreeCredentialsHandle typedef struct _SECURITY_FUNCTION_TABLE_W { unsigned long dwVersion; ENUMERATE_SECURITY_PACKAGES_FN_W EnumerateSecurityPackagesW; QUERY_CREDENTIALS_ATTRIBUTES_FN_W QueryCredentialsAttributesW; ACQUIRE_CREDENTIALS_HANDLE_FN_W AcquireCredentialsHandleW; FREE_CREDENTIALS_HANDLE_FN FreeCredentialsHandle; void SEC_FAR * Reserved2; INITIALIZE_SECURITY_CONTEXT_FN_W InitializeSecurityContextW; ACCEPT_SECURITY_CONTEXT_FN AcceptSecurityContext; COMPLETE_AUTH_TOKEN_FN CompleteAuthToken; DELETE_SECURITY_CONTEXT_FN DeleteSecurityContext; APPLY_CONTROL_TOKEN_FN ApplyControlToken; QUERY_CONTEXT_ATTRIBUTES_FN_W QueryContextAttributesW; IMPERSONATE_SECURITY_CONTEXT_FN ImpersonateSecurityContext; REVERT_SECURITY_CONTEXT_FN RevertSecurityContext; MAKE_SIGNATURE_FN MakeSignature; VERIFY_SIGNATURE_FN VerifySignature; FREE_CONTEXT_BUFFER_FN FreeContextBuffer; QUERY_SECURITY_PACKAGE_INFO_FN_W QuerySecurityPackageInfoW; void SEC_FAR * Reserved3; void SEC_FAR * Reserved4; EXPORT_SECURITY_CONTEXT_FN ExportSecurityContext; IMPORT_SECURITY_CONTEXT_FN_W ImportSecurityContextW; ADD_CREDENTIALS_FN_W AddCredentialsW ; void SEC_FAR * Reserved8; QUERY_SECURITY_CONTEXT_TOKEN_FN QuerySecurityContextToken; ENCRYPT_MESSAGE_FN EncryptMessage; DECRYPT_MESSAGE_FN DecryptMessage; SET_CONTEXT_ATTRIBUTES_FN_W SetContextAttributesW; } SecurityFunctionTableW, SEC_FAR * PSecurityFunctionTableW; // end_ntifs typedef struct _SECURITY_FUNCTION_TABLE_A { unsigned long dwVersion; ENUMERATE_SECURITY_PACKAGES_FN_A EnumerateSecurityPackagesA; QUERY_CREDENTIALS_ATTRIBUTES_FN_A QueryCredentialsAttributesA; ACQUIRE_CREDENTIALS_HANDLE_FN_A AcquireCredentialsHandleA; FREE_CREDENTIALS_HANDLE_FN FreeCredentialHandle; void SEC_FAR * Reserved2; INITIALIZE_SECURITY_CONTEXT_FN_A InitializeSecurityContextA; ACCEPT_SECURITY_CONTEXT_FN AcceptSecurityContext; COMPLETE_AUTH_TOKEN_FN CompleteAuthToken; DELETE_SECURITY_CONTEXT_FN DeleteSecurityContext; APPLY_CONTROL_TOKEN_FN ApplyControlToken; QUERY_CONTEXT_ATTRIBUTES_FN_A QueryContextAttributesA; IMPERSONATE_SECURITY_CONTEXT_FN ImpersonateSecurityContext; REVERT_SECURITY_CONTEXT_FN RevertSecurityContext; MAKE_SIGNATURE_FN MakeSignature; VERIFY_SIGNATURE_FN VerifySignature; FREE_CONTEXT_BUFFER_FN FreeContextBuffer; QUERY_SECURITY_PACKAGE_INFO_FN_A QuerySecurityPackageInfoA; void SEC_FAR * Reserved3; void SEC_FAR * Reserved4; EXPORT_SECURITY_CONTEXT_FN ExportSecurityContext; IMPORT_SECURITY_CONTEXT_FN_A ImportSecurityContextA; ADD_CREDENTIALS_FN_A AddCredentialsA ; void SEC_FAR * Reserved8; QUERY_SECURITY_CONTEXT_TOKEN_FN QuerySecurityContextToken; ENCRYPT_MESSAGE_FN EncryptMessage; DECRYPT_MESSAGE_FN DecryptMessage; SET_CONTEXT_ATTRIBUTES_FN_A SetContextAttributesA; } SecurityFunctionTableA, SEC_FAR * PSecurityFunctionTableA; #ifdef UNICODE # define SecurityFunctionTable SecurityFunctionTableW // ntifs # define PSecurityFunctionTable PSecurityFunctionTableW // ntifs #else # define SecurityFunctionTable SecurityFunctionTableA # define PSecurityFunctionTable PSecurityFunctionTableA #endif // !UNICODE #define SECURITY_ // Function table has all routines through DecryptMessage #define SECURITY_SUPPORT_PROVIDER_INTERFACE_VERSION 1 // ntifs // Function table has all routines through SetContextAttributes #define SECURITY_SUPPORT_PROVIDER_INTERFACE_VERSION_2 2 // ntifs PSecurityFunctionTableA SEC_ENTRY InitSecurityInterfaceA( void ); typedef PSecurityFunctionTableA (SEC_ENTRY * INIT_SECURITY_INTERFACE_A)(void); // begin_ntifs PSecurityFunctionTableW SEC_ENTRY InitSecurityInterfaceW( void ); typedef PSecurityFunctionTableW (SEC_ENTRY * INIT_SECURITY_INTERFACE_W)(void); // end_ntifs #ifdef UNICODE # define InitSecurityInterface InitSecurityInterfaceW // ntifs # define INIT_SECURITY_INTERFACE INIT_SECURITY_INTERFACE_W // ntifs #else # define InitSecurityInterface InitSecurityInterfaceA # define INIT_SECURITY_INTERFACE INIT_SECURITY_INTERFACE_A #endif // !UNICODE #ifdef SECURITY_WIN32 // // SASL Profile Support // SECURITY_STATUS SEC_ENTRY SaslEnumerateProfilesA( OUT LPSTR * ProfileList, OUT ULONG * ProfileCount ); SECURITY_STATUS SEC_ENTRY SaslEnumerateProfilesW( OUT LPWSTR * ProfileList, OUT ULONG * ProfileCount ); #ifdef UNICODE #define SaslEnumerateProfiles SaslEnumerateProfilesW #else #define SaslEnumerateProfiles SaslEnumerateProfilesA #endif SECURITY_STATUS SEC_ENTRY SaslGetProfilePackageA( IN LPSTR ProfileName, OUT PSecPkgInfoA * PackageInfo ); SECURITY_STATUS SEC_ENTRY SaslGetProfilePackageW( IN LPWSTR ProfileName, OUT PSecPkgInfoW * PackageInfo ); #ifdef UNICODE #define SaslGetProfilePackage SaslGetProfilePackageW #else #define SaslGetProfilePackage SaslGetProfilePackageA #endif SECURITY_STATUS SEC_ENTRY SaslIdentifyPackageA( IN PSecBufferDesc pInput, OUT PSecPkgInfoA * PackageInfo ); SECURITY_STATUS SEC_ENTRY SaslIdentifyPackageW( IN PSecBufferDesc pInput, OUT PSecPkgInfoW * PackageInfo ); #ifdef UNICODE #define SaslIdentifyPackage SaslIdentifyPackageW #else #define SaslIdentifyPackage SaslIdentifyPackageA #endif SECURITY_STATUS SEC_ENTRY SaslInitializeSecurityContextW( PCredHandle phCredential, // Cred to base context PCtxtHandle phContext, // Existing context (OPT) LPWSTR pszTargetName, // Name of target unsigned long fContextReq, // Context Requirements unsigned long Reserved1, // Reserved, MBZ unsigned long TargetDataRep, // Data rep of target PSecBufferDesc pInput, // Input Buffers unsigned long Reserved2, // Reserved, MBZ PCtxtHandle phNewContext, // (out) New Context handle PSecBufferDesc pOutput, // (inout) Output Buffers unsigned long SEC_FAR * pfContextAttr, // (out) Context attrs PTimeStamp ptsExpiry // (out) Life span (OPT) ); SECURITY_STATUS SEC_ENTRY SaslInitializeSecurityContextA( PCredHandle phCredential, // Cred to base context PCtxtHandle phContext, // Existing context (OPT) LPSTR pszTargetName, // Name of target unsigned long fContextReq, // Context Requirements unsigned long Reserved1, // Reserved, MBZ unsigned long TargetDataRep, // Data rep of target PSecBufferDesc pInput, // Input Buffers unsigned long Reserved2, // Reserved, MBZ PCtxtHandle phNewContext, // (out) New Context handle PSecBufferDesc pOutput, // (inout) Output Buffers unsigned long SEC_FAR * pfContextAttr, // (out) Context attrs PTimeStamp ptsExpiry // (out) Life span (OPT) ); #ifdef UNICODE #define SaslInitializeSecurityContext SaslInitializeSecurityContextW #else #define SaslInitializeSecurityContext SaslInitializeSecurityContextA #endif SECURITY_STATUS SEC_ENTRY SaslAcceptSecurityContext( PCredHandle phCredential, // Cred to base context PCtxtHandle phContext, // Existing context (OPT) PSecBufferDesc pInput, // Input buffer unsigned long fContextReq, // Context Requirements unsigned long TargetDataRep, // Target Data Rep PCtxtHandle phNewContext, // (out) New context handle PSecBufferDesc pOutput, // (inout) Output buffers unsigned long SEC_FAR * pfContextAttr, // (out) Context attributes PTimeStamp ptsExpiry // (out) Life span (OPT) ); #define SASL_OPTION_SEND_SIZE 1 // Maximum size to send to peer #define SASL_OPTION_RECV_SIZE 2 // Maximum size willing to receive #define SASL_OPTION_AUTHZ_STRING 3 // Authorization string #define SASL_OPTION_AUTHZ_PROCESSING 4 // Authorization string processing typedef enum _SASL_AUTHZID_STATE { Sasl_AuthZIDForbidden, // allow no AuthZID strings to be specified - error out (default) Sasl_AuthZIDProcessed // AuthZID Strings processed by Application or SSP } SASL_AUTHZID_STATE ; SECURITY_STATUS SEC_ENTRY SaslSetContextOption( PCtxtHandle ContextHandle, ULONG Option, PVOID Value, ULONG Size ); SECURITY_STATUS SEC_ENTRY SaslGetContextOption( PCtxtHandle ContextHandle, ULONG Option, PVOID Value, ULONG Size, PULONG Needed OPTIONAL ); #endif #ifdef SECURITY_DOS #if _MSC_VER >= 1200 #pragma warning(pop) #else #pragma warning(default:4147) #endif #endif // // This is the legacy credentials structure. // The EX version below is preferred. // begin_ntifs #ifndef _AUTH_IDENTITY_DEFINED #define _AUTH_IDENTITY_DEFINED #define SEC_WINNT_AUTH_IDENTITY_ANSI 0x1 #define SEC_WINNT_AUTH_IDENTITY_UNICODE 0x2 typedef struct _SEC_WINNT_AUTH_IDENTITY_W { unsigned short *User; unsigned long UserLength; unsigned short *Domain; unsigned long DomainLength; unsigned short *Password; unsigned long PasswordLength; unsigned long Flags; } SEC_WINNT_AUTH_IDENTITY_W, *PSEC_WINNT_AUTH_IDENTITY_W; // end_ntifs typedef struct _SEC_WINNT_AUTH_IDENTITY_A { unsigned char *User; unsigned long UserLength; unsigned char *Domain; unsigned long DomainLength; unsigned char *Password; unsigned long PasswordLength; unsigned long Flags; } SEC_WINNT_AUTH_IDENTITY_A, *PSEC_WINNT_AUTH_IDENTITY_A; #ifdef UNICODE #define SEC_WINNT_AUTH_IDENTITY SEC_WINNT_AUTH_IDENTITY_W // ntifs #define PSEC_WINNT_AUTH_IDENTITY PSEC_WINNT_AUTH_IDENTITY_W // ntifs #define _SEC_WINNT_AUTH_IDENTITY _SEC_WINNT_AUTH_IDENTITY_W // ntifs #else // UNICODE #define SEC_WINNT_AUTH_IDENTITY SEC_WINNT_AUTH_IDENTITY_A #define PSEC_WINNT_AUTH_IDENTITY PSEC_WINNT_AUTH_IDENTITY_A #define _SEC_WINNT_AUTH_IDENTITY _SEC_WINNT_AUTH_IDENTITY_A #endif // UNICODE #endif //_AUTH_IDENTITY_DEFINED // ntifs // begin_ntifs // // This is the combined authentication identity structure that may be // used with the negotiate package, NTLM, Kerberos, or SCHANNEL // #ifndef SEC_WINNT_AUTH_IDENTITY_VERSION #define SEC_WINNT_AUTH_IDENTITY_VERSION 0x200 typedef struct _SEC_WINNT_AUTH_IDENTITY_EXW { unsigned long Version; unsigned long Length; unsigned short SEC_FAR *User; unsigned long UserLength; unsigned short SEC_FAR *Domain; unsigned long DomainLength; unsigned short SEC_FAR *Password; unsigned long PasswordLength; unsigned long Flags; unsigned short SEC_FAR * PackageList; unsigned long PackageListLength; } SEC_WINNT_AUTH_IDENTITY_EXW, *PSEC_WINNT_AUTH_IDENTITY_EXW; // end_ntifs typedef struct _SEC_WINNT_AUTH_IDENTITY_EXA { unsigned long Version; unsigned long Length; unsigned char SEC_FAR *User; unsigned long UserLength; unsigned char SEC_FAR *Domain; unsigned long DomainLength; unsigned char SEC_FAR *Password; unsigned long PasswordLength; unsigned long Flags; unsigned char SEC_FAR * PackageList; unsigned long PackageListLength; } SEC_WINNT_AUTH_IDENTITY_EXA, *PSEC_WINNT_AUTH_IDENTITY_EXA; #ifdef UNICODE #define SEC_WINNT_AUTH_IDENTITY_EX SEC_WINNT_AUTH_IDENTITY_EXW // ntifs #define PSEC_WINNT_AUTH_IDENTITY_EX PSEC_WINNT_AUTH_IDENTITY_EXW // ntifs #else #define SEC_WINNT_AUTH_IDENTITY_EX SEC_WINNT_AUTH_IDENTITY_EXA #endif // begin_ntifs #endif // SEC_WINNT_AUTH_IDENTITY_VERSION // // Common types used by negotiable security packages // #define SEC_WINNT_AUTH_IDENTITY_MARSHALLED 0x4 // all data is in one buffer #define SEC_WINNT_AUTH_IDENTITY_ONLY 0x8 // these credentials are for identity only - no PAC needed // end_ntifs // // Routines for manipulating packages // typedef struct _SECURITY_PACKAGE_OPTIONS { unsigned long Size; unsigned long Type; unsigned long Flags; unsigned long SignatureSize; void SEC_FAR * Signature; } SECURITY_PACKAGE_OPTIONS, SEC_FAR * PSECURITY_PACKAGE_OPTIONS; #define SECPKG_OPTIONS_TYPE_UNKNOWN 0 #define SECPKG_OPTIONS_TYPE_LSA 1 #define SECPKG_OPTIONS_TYPE_SSPI 2 #define SECPKG_OPTIONS_PERMANENT 0x00000001 SECURITY_STATUS SEC_ENTRY AddSecurityPackageA( SEC_CHAR SEC_FAR * pszPackageName, SECURITY_PACKAGE_OPTIONS SEC_FAR * Options ); SECURITY_STATUS SEC_ENTRY AddSecurityPackageW( SEC_WCHAR SEC_FAR * pszPackageName, SECURITY_PACKAGE_OPTIONS SEC_FAR * Options ); #ifdef UNICODE #define AddSecurityPackage AddSecurityPackageW #else #define AddSecurityPackage AddSecurityPackageA #endif SECURITY_STATUS SEC_ENTRY DeleteSecurityPackageA( SEC_CHAR SEC_FAR * pszPackageName ); SECURITY_STATUS SEC_ENTRY DeleteSecurityPackageW( SEC_WCHAR SEC_FAR * pszPackageName ); #ifdef UNICODE #define DeleteSecurityPackage DeleteSecurityPackageW #else #define DeleteSecurityPackage DeleteSecurityPackageA #endif #ifdef __cplusplus } // extern "C" #endif // begin_ntifs #endif // __SSPI_H__ // end_ntifs