Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

2058 lines
63 KiB

//+---------------------------------------------------------------------------
//
// Microsoft Windows
// Copyright (C) Microsoft Corporation, 1992-1999.
//
// File: sspi.h
//
// Contents: Security Support Provider Interface
// Prototypes and structure definitions
//
// Functions: Security Support Provider API
//
// History: 11-24-93 RichardW Created
//
//----------------------------------------------------------------------------
// begin_ntifs
#ifndef __SSPI_H__
#define __SSPI_H__
// end_ntifs
#if _MSC_VER > 1000
#pragma once
#endif
#ifdef __cplusplus
extern "C" {
#endif
//
// Determine environment:
//
#ifdef SECURITY_WIN32
#define ISSP_LEVEL 32
#define ISSP_MODE 1
#endif // SECURITY_WIN32
#ifdef SECURITY_KERNEL
#define ISSP_LEVEL 32 // ntifs
//
// SECURITY_KERNEL trumps SECURITY_WIN32. Undefine ISSP_MODE so that
// we don't get redefine errors.
//
#ifdef ISSP_MODE
#undef ISSP_MODE
#endif
#define ISSP_MODE 0 // ntifs
#endif // SECURITY_KERNEL
#ifdef SECURITY_MAC
#define ISSP_LEVEL 32
#define ISSP_MODE 1
#endif // SECURITY_MAC
#ifndef ISSP_LEVEL
#error You must define one of SECURITY_WIN32, SECURITY_KERNEL, or
#error SECURITY_MAC
#endif // !ISSP_LEVEL
//
// Now, define platform specific mappings:
//
// begin_ntifs
typedef WCHAR SEC_WCHAR;
typedef CHAR SEC_CHAR;
#ifndef __SECSTATUS_DEFINED__
typedef LONG SECURITY_STATUS;
#define __SECSTATUS_DEFINED__
#endif
#define SEC_TEXT TEXT
#define SEC_FAR
#define SEC_ENTRY __stdcall
// end_ntifs
//
// Decide what a string - 32 bits only since for 16 bits it is clear.
//
#ifdef UNICODE
typedef SEC_WCHAR SEC_FAR * SECURITY_PSTR;
typedef CONST SEC_WCHAR SEC_FAR * SECURITY_PCSTR;
#else // UNICODE
typedef SEC_CHAR SEC_FAR * SECURITY_PSTR;
typedef CONST SEC_CHAR SEC_FAR * SECURITY_PCSTR;
#endif // UNICODE
//
// Equivalent string for rpcrt:
//
#define __SEC_FAR SEC_FAR
//
// Okay, security specific types:
//
// begin_ntifs
#ifndef __SECHANDLE_DEFINED__
typedef struct _SecHandle
{
ULONG_PTR dwLower ;
ULONG_PTR dwUpper ;
} SecHandle, * PSecHandle ;
#define __SECHANDLE_DEFINED__
#endif // __SECHANDLE_DEFINED__
#define SecInvalidateHandle( x ) \
((PSecHandle) x)->dwLower = ((ULONG_PTR) ((INT_PTR)-1)) ; \
((PSecHandle) x)->dwUpper = ((ULONG_PTR) ((INT_PTR)-1)) ; \
#define SecIsValidHandle( x ) \
( ( ((PSecHandle) x)->dwLower != ((ULONG_PTR) ((INT_PTR) -1 ))) && \
( ((PSecHandle) x)->dwUpper != ((ULONG_PTR) ((INT_PTR) -1 ))) )
typedef SecHandle CredHandle;
typedef PSecHandle PCredHandle;
typedef SecHandle CtxtHandle;
typedef PSecHandle PCtxtHandle;
// end_ntifs
# ifdef WIN32_CHICAGO
typedef unsigned __int64 QWORD;
typedef QWORD SECURITY_INTEGER, *PSECURITY_INTEGER;
#define SEC_SUCCESS(Status) ((Status) >= 0)
# elif defined(_NTDEF_) || defined(_WINNT_)
typedef LARGE_INTEGER _SECURITY_INTEGER, SECURITY_INTEGER, *PSECURITY_INTEGER; // ntifs
# else // _NTDEF_ || _WINNT_
typedef struct _SECURITY_INTEGER
{
unsigned long LowPart;
long HighPart;
} SECURITY_INTEGER, *PSECURITY_INTEGER;
# endif // _NTDEF_ || _WINNT_
# ifndef SECURITY_MAC
typedef SECURITY_INTEGER TimeStamp; // ntifs
typedef SECURITY_INTEGER SEC_FAR * PTimeStamp; // ntifs
# else // SECURITY_MAC
typedef unsigned long TimeStamp;
typedef unsigned long * PTimeStamp;
# endif // SECUIRT_MAC
//
// If we are in 32 bit mode, define the SECURITY_STRING structure,
// as a clone of the base UNICODE_STRING structure. This is used
// internally in security components, an as the string interface
// for kernel components (e.g. FSPs)
//
# ifndef _NTDEF_
typedef struct _SECURITY_STRING {
unsigned short Length;
unsigned short MaximumLength;
# ifdef MIDL_PASS
[size_is(MaximumLength / 2), length_is(Length / 2)]
# endif // MIDL_PASS
unsigned short * Buffer;
} SECURITY_STRING, * PSECURITY_STRING;
# else // _NTDEF_
typedef UNICODE_STRING SECURITY_STRING, *PSECURITY_STRING; // ntifs
# endif // _NTDEF_
// begin_ntifs
//
// SecPkgInfo structure
//
// Provides general information about a security provider
//
typedef struct _SecPkgInfoW
{
unsigned long fCapabilities; // Capability bitmask
unsigned short wVersion; // Version of driver
unsigned short wRPCID; // ID for RPC Runtime
unsigned long cbMaxToken; // Size of authentication token (max)
#ifdef MIDL_PASS
[string]
#endif
SEC_WCHAR SEC_FAR * Name; // Text name
#ifdef MIDL_PASS
[string]
#endif
SEC_WCHAR SEC_FAR * Comment; // Comment
} SecPkgInfoW, SEC_FAR * PSecPkgInfoW;
// end_ntifs
typedef struct _SecPkgInfoA
{
unsigned long fCapabilities; // Capability bitmask
unsigned short wVersion; // Version of driver
unsigned short wRPCID; // ID for RPC Runtime
unsigned long cbMaxToken; // Size of authentication token (max)
#ifdef MIDL_PASS
[string]
#endif
SEC_CHAR SEC_FAR * Name; // Text name
#ifdef MIDL_PASS
[string]
#endif
SEC_CHAR SEC_FAR * Comment; // Comment
} SecPkgInfoA, SEC_FAR * PSecPkgInfoA;
#ifdef UNICODE
# define SecPkgInfo SecPkgInfoW // ntifs
# define PSecPkgInfo PSecPkgInfoW // ntifs
#else
# define SecPkgInfo SecPkgInfoA
# define PSecPkgInfo PSecPkgInfoA
#endif // !UNICODE
// begin_ntifs
//
// Security Package Capabilities
//
#define SECPKG_FLAG_INTEGRITY 0x00000001 // Supports integrity on messages
#define SECPKG_FLAG_PRIVACY 0x00000002 // Supports privacy (confidentiality)
#define SECPKG_FLAG_TOKEN_ONLY 0x00000004 // Only security token needed
#define SECPKG_FLAG_DATAGRAM 0x00000008 // Datagram RPC support
#define SECPKG_FLAG_CONNECTION 0x00000010 // Connection oriented RPC support
#define SECPKG_FLAG_MULTI_REQUIRED 0x00000020 // Full 3-leg required for re-auth.
#define SECPKG_FLAG_CLIENT_ONLY 0x00000040 // Server side functionality not available
#define SECPKG_FLAG_EXTENDED_ERROR 0x00000080 // Supports extended error msgs
#define SECPKG_FLAG_IMPERSONATION 0x00000100 // Supports impersonation
#define SECPKG_FLAG_ACCEPT_WIN32_NAME 0x00000200 // Accepts Win32 names
#define SECPKG_FLAG_STREAM 0x00000400 // Supports stream semantics
#define SECPKG_FLAG_NEGOTIABLE 0x00000800 // Can be used by the negotiate package
#define SECPKG_FLAG_GSS_COMPATIBLE 0x00001000 // GSS Compatibility Available
#define SECPKG_FLAG_LOGON 0x00002000 // Supports common LsaLogonUser
#define SECPKG_FLAG_ASCII_BUFFERS 0x00004000 // Token Buffers are in ASCII
#define SECPKG_FLAG_FRAGMENT 0x00008000 // Package can fragment to fit
#define SECPKG_FLAG_MUTUAL_AUTH 0x00010000 // Package can perform mutual authentication
#define SECPKG_FLAG_DELEGATION 0x00020000 // Package can delegate
#define SECPKG_FLAG_READONLY_WITH_CHECKSUM 0x00040000 // Package can delegate
#define SECPKG_ID_NONE 0xFFFF
//
// SecBuffer
//
// Generic memory descriptors for buffers passed in to the security
// API
//
typedef struct _SecBuffer {
unsigned long cbBuffer; // Size of the buffer, in bytes
unsigned long BufferType; // Type of the buffer (below)
void SEC_FAR * pvBuffer; // Pointer to the buffer
} SecBuffer, SEC_FAR * PSecBuffer;
typedef struct _SecBufferDesc {
unsigned long ulVersion; // Version number
unsigned long cBuffers; // Number of buffers
#ifdef MIDL_PASS
[size_is(cBuffers)]
#endif
PSecBuffer pBuffers; // Pointer to array of buffers
} SecBufferDesc, SEC_FAR * PSecBufferDesc;
#define SECBUFFER_VERSION 0
#define SECBUFFER_EMPTY 0 // Undefined, replaced by provider
#define SECBUFFER_DATA 1 // Packet data
#define SECBUFFER_TOKEN 2 // Security token
#define SECBUFFER_PKG_PARAMS 3 // Package specific parameters
#define SECBUFFER_MISSING 4 // Missing Data indicator
#define SECBUFFER_EXTRA 5 // Extra data
#define SECBUFFER_STREAM_TRAILER 6 // Security Trailer
#define SECBUFFER_STREAM_HEADER 7 // Security Header
#define SECBUFFER_NEGOTIATION_INFO 8 // Hints from the negotiation pkg
#define SECBUFFER_PADDING 9 // non-data padding
#define SECBUFFER_STREAM 10 // whole encrypted message
#define SECBUFFER_MECHLIST 11
#define SECBUFFER_MECHLIST_SIGNATURE 12
#define SECBUFFER_TARGET 13
#define SECBUFFER_CHANNEL_BINDINGS 14
#define SECBUFFER_ATTRMASK 0xF0000000
#define SECBUFFER_READONLY 0x80000000 // Buffer is read-only, no checksum
#define SECBUFFER_READONLY_WITH_CHECKSUM 0x10000000 // Buffer is read-only, and checksummed
#define SECBUFFER_RESERVED 0x60000000 // Flags reserved to security system
typedef struct _SEC_NEGOTIATION_INFO {
unsigned long Size; // Size of this structure
unsigned long NameLength; // Length of name hint
SEC_WCHAR SEC_FAR * Name; // Name hint
void SEC_FAR * Reserved; // Reserved
} SEC_NEGOTIATION_INFO, SEC_FAR * PSEC_NEGOTIATION_INFO ;
typedef struct _SEC_CHANNEL_BINDINGS {
unsigned long dwInitiatorAddrType;
unsigned long cbInitiatorLength;
unsigned long dwInitiatorOffset;
unsigned long dwAcceptorAddrType;
unsigned long cbAcceptorLength;
unsigned long dwAcceptorOffset;
unsigned long cbApplicationDataLength;
unsigned long dwApplicationDataOffset;
} SEC_CHANNEL_BINDINGS, SEC_FAR * PSEC_CHANNEL_BINDINGS ;
//
// Data Representation Constant:
//
#define SECURITY_NATIVE_DREP 0x00000010
#define SECURITY_NETWORK_DREP 0x00000000
//
// Credential Use Flags
//
#define SECPKG_CRED_INBOUND 0x00000001
#define SECPKG_CRED_OUTBOUND 0x00000002
#define SECPKG_CRED_BOTH 0x00000003
#define SECPKG_CRED_DEFAULT 0x00000004
#define SECPKG_CRED_RESERVED 0xF0000000
//
// InitializeSecurityContext Requirement and return flags:
//
#define ISC_REQ_DELEGATE 0x00000001
#define ISC_REQ_MUTUAL_AUTH 0x00000002
#define ISC_REQ_REPLAY_DETECT 0x00000004
#define ISC_REQ_SEQUENCE_DETECT 0x00000008
#define ISC_REQ_CONFIDENTIALITY 0x00000010
#define ISC_REQ_USE_SESSION_KEY 0x00000020
#define ISC_REQ_PROMPT_FOR_CREDS 0x00000040
#define ISC_REQ_USE_SUPPLIED_CREDS 0x00000080
#define ISC_REQ_ALLOCATE_MEMORY 0x00000100
#define ISC_REQ_USE_DCE_STYLE 0x00000200
#define ISC_REQ_DATAGRAM 0x00000400
#define ISC_REQ_CONNECTION 0x00000800
#define ISC_REQ_CALL_LEVEL 0x00001000
#define ISC_REQ_FRAGMENT_SUPPLIED 0x00002000
#define ISC_REQ_EXTENDED_ERROR 0x00004000
#define ISC_REQ_STREAM 0x00008000
#define ISC_REQ_INTEGRITY 0x00010000
#define ISC_REQ_IDENTIFY 0x00020000
#define ISC_REQ_NULL_SESSION 0x00040000
#define ISC_REQ_MANUAL_CRED_VALIDATION 0x00080000
#define ISC_REQ_RESERVED1 0x00100000
#define ISC_REQ_FRAGMENT_TO_FIT 0x00200000
#define ISC_RET_DELEGATE 0x00000001
#define ISC_RET_MUTUAL_AUTH 0x00000002
#define ISC_RET_REPLAY_DETECT 0x00000004
#define ISC_RET_SEQUENCE_DETECT 0x00000008
#define ISC_RET_CONFIDENTIALITY 0x00000010
#define ISC_RET_USE_SESSION_KEY 0x00000020
#define ISC_RET_USED_COLLECTED_CREDS 0x00000040
#define ISC_RET_USED_SUPPLIED_CREDS 0x00000080
#define ISC_RET_ALLOCATED_MEMORY 0x00000100
#define ISC_RET_USED_DCE_STYLE 0x00000200
#define ISC_RET_DATAGRAM 0x00000400
#define ISC_RET_CONNECTION 0x00000800
#define ISC_RET_INTERMEDIATE_RETURN 0x00001000
#define ISC_RET_CALL_LEVEL 0x00002000
#define ISC_RET_EXTENDED_ERROR 0x00004000
#define ISC_RET_STREAM 0x00008000
#define ISC_RET_INTEGRITY 0x00010000
#define ISC_RET_IDENTIFY 0x00020000
#define ISC_RET_NULL_SESSION 0x00040000
#define ISC_RET_MANUAL_CRED_VALIDATION 0x00080000
#define ISC_RET_RESERVED1 0x00100000
#define ISC_RET_FRAGMENT_ONLY 0x00200000
#define ASC_REQ_DELEGATE 0x00000001
#define ASC_REQ_MUTUAL_AUTH 0x00000002
#define ASC_REQ_REPLAY_DETECT 0x00000004
#define ASC_REQ_SEQUENCE_DETECT 0x00000008
#define ASC_REQ_CONFIDENTIALITY 0x00000010
#define ASC_REQ_USE_SESSION_KEY 0x00000020
#define ASC_REQ_ALLOCATE_MEMORY 0x00000100
#define ASC_REQ_USE_DCE_STYLE 0x00000200
#define ASC_REQ_DATAGRAM 0x00000400
#define ASC_REQ_CONNECTION 0x00000800
#define ASC_REQ_CALL_LEVEL 0x00001000
#define ASC_REQ_EXTENDED_ERROR 0x00008000
#define ASC_REQ_STREAM 0x00010000
#define ASC_REQ_INTEGRITY 0x00020000
#define ASC_REQ_LICENSING 0x00040000
#define ASC_REQ_IDENTIFY 0x00080000
#define ASC_REQ_ALLOW_NULL_SESSION 0x00100000
#define ASC_REQ_ALLOW_NON_USER_LOGONS 0x00200000
#define ASC_REQ_ALLOW_CONTEXT_REPLAY 0x00400000
#define ASC_REQ_FRAGMENT_TO_FIT 0x00800000
#define ASC_REQ_FRAGMENT_SUPPLIED 0x00002000
#define ASC_REQ_NO_TOKEN 0x01000000
#define ASC_RET_DELEGATE 0x00000001
#define ASC_RET_MUTUAL_AUTH 0x00000002
#define ASC_RET_REPLAY_DETECT 0x00000004
#define ASC_RET_SEQUENCE_DETECT 0x00000008
#define ASC_RET_CONFIDENTIALITY 0x00000010
#define ASC_RET_USE_SESSION_KEY 0x00000020
#define ASC_RET_ALLOCATED_MEMORY 0x00000100
#define ASC_RET_USED_DCE_STYLE 0x00000200
#define ASC_RET_DATAGRAM 0x00000400
#define ASC_RET_CONNECTION 0x00000800
#define ASC_RET_CALL_LEVEL 0x00002000 // skipped 1000 to be like ISC_
#define ASC_RET_THIRD_LEG_FAILED 0x00004000
#define ASC_RET_EXTENDED_ERROR 0x00008000
#define ASC_RET_STREAM 0x00010000
#define ASC_RET_INTEGRITY 0x00020000
#define ASC_RET_LICENSING 0x00040000
#define ASC_RET_IDENTIFY 0x00080000
#define ASC_RET_NULL_SESSION 0x00100000
#define ASC_RET_ALLOW_NON_USER_LOGONS 0x00200000
#define ASC_RET_ALLOW_CONTEXT_REPLAY 0x00400000
#define ASC_RET_FRAGMENT_ONLY 0x00800000
#define ASC_RET_NO_TOKEN 0x01000000
//
// Security Credentials Attributes:
//
#define SECPKG_CRED_ATTR_NAMES 1
typedef struct _SecPkgCredentials_NamesW
{
SEC_WCHAR SEC_FAR * sUserName;
} SecPkgCredentials_NamesW, SEC_FAR * PSecPkgCredentials_NamesW;
// end_ntifs
typedef struct _SecPkgCredentials_NamesA
{
SEC_CHAR SEC_FAR * sUserName;
} SecPkgCredentials_NamesA, SEC_FAR * PSecPkgCredentials_NamesA;
#ifdef UNICODE
# define SecPkgCredentials_Names SecPkgCredentials_NamesW // ntifs
# define PSecPkgCredentials_Names PSecPkgCredentials_NamesW // ntifs
#else
# define SecPkgCredentials_Names SecPkgCredentials_NamesA
# define PSecPkgCredentials_Names PSecPkgCredentials_NamesA
#endif // !UNICODE
// begin_ntifs
//
// Security Context Attributes:
//
#define SECPKG_ATTR_SIZES 0
#define SECPKG_ATTR_NAMES 1
#define SECPKG_ATTR_LIFESPAN 2
#define SECPKG_ATTR_DCE_INFO 3
#define SECPKG_ATTR_STREAM_SIZES 4
#define SECPKG_ATTR_KEY_INFO 5
#define SECPKG_ATTR_AUTHORITY 6
#define SECPKG_ATTR_PROTO_INFO 7
#define SECPKG_ATTR_PASSWORD_EXPIRY 8
#define SECPKG_ATTR_SESSION_KEY 9
#define SECPKG_ATTR_PACKAGE_INFO 10
#define SECPKG_ATTR_USER_FLAGS 11
#define SECPKG_ATTR_NEGOTIATION_INFO 12
#define SECPKG_ATTR_NATIVE_NAMES 13
#define SECPKG_ATTR_FLAGS 14
#define SECPKG_ATTR_USE_VALIDATED 15
#define SECPKG_ATTR_CREDENTIAL_NAME 16
#define SECPKG_ATTR_TARGET_INFORMATION 17
#define SECPKG_ATTR_ACCESS_TOKEN 18
#define SECPKG_ATTR_TARGET 19
#define SECPKG_ATTR_AUTHENTICATION_ID 20
typedef struct _SecPkgContext_Sizes
{
unsigned long cbMaxToken;
unsigned long cbMaxSignature;
unsigned long cbBlockSize;
unsigned long cbSecurityTrailer;
} SecPkgContext_Sizes, SEC_FAR * PSecPkgContext_Sizes;
typedef struct _SecPkgContext_StreamSizes
{
unsigned long cbHeader;
unsigned long cbTrailer;
unsigned long cbMaximumMessage;
unsigned long cBuffers;
unsigned long cbBlockSize;
} SecPkgContext_StreamSizes, * PSecPkgContext_StreamSizes;
typedef struct _SecPkgContext_NamesW
{
SEC_WCHAR SEC_FAR * sUserName;
} SecPkgContext_NamesW, SEC_FAR * PSecPkgContext_NamesW;
// end_ntifs
typedef struct _SecPkgContext_NamesA
{
SEC_CHAR SEC_FAR * sUserName;
} SecPkgContext_NamesA, SEC_FAR * PSecPkgContext_NamesA;
#ifdef UNICODE
# define SecPkgContext_Names SecPkgContext_NamesW // ntifs
# define PSecPkgContext_Names PSecPkgContext_NamesW // ntifs
#else
# define SecPkgContext_Names SecPkgContext_NamesA
# define PSecPkgContext_Names PSecPkgContext_NamesA
#endif // !UNICODE
// begin_ntifs
typedef struct _SecPkgContext_Lifespan
{
TimeStamp tsStart;
TimeStamp tsExpiry;
} SecPkgContext_Lifespan, SEC_FAR * PSecPkgContext_Lifespan;
typedef struct _SecPkgContext_DceInfo
{
unsigned long AuthzSvc;
void SEC_FAR * pPac;
} SecPkgContext_DceInfo, SEC_FAR * PSecPkgContext_DceInfo;
// end_ntifs
typedef struct _SecPkgContext_KeyInfoA
{
SEC_CHAR SEC_FAR * sSignatureAlgorithmName;
SEC_CHAR SEC_FAR * sEncryptAlgorithmName;
unsigned long KeySize;
unsigned long SignatureAlgorithm;
unsigned long EncryptAlgorithm;
} SecPkgContext_KeyInfoA, SEC_FAR * PSecPkgContext_KeyInfoA;
// begin_ntifs
typedef struct _SecPkgContext_KeyInfoW
{
SEC_WCHAR SEC_FAR * sSignatureAlgorithmName;
SEC_WCHAR SEC_FAR * sEncryptAlgorithmName;
unsigned long KeySize;
unsigned long SignatureAlgorithm;
unsigned long EncryptAlgorithm;
} SecPkgContext_KeyInfoW, SEC_FAR * PSecPkgContext_KeyInfoW;
// end_ntifs
#ifdef UNICODE
#define SecPkgContext_KeyInfo SecPkgContext_KeyInfoW // ntifs
#define PSecPkgContext_KeyInfo PSecPkgContext_KeyInfoW // ntifs
#else
#define SecPkgContext_KeyInfo SecPkgContext_KeyInfoA
#define PSecPkgContext_KeyInfo PSecPkgContext_KeyInfoA
#endif
typedef struct _SecPkgContext_AuthorityA
{
SEC_CHAR SEC_FAR * sAuthorityName;
} SecPkgContext_AuthorityA, * PSecPkgContext_AuthorityA;
// begin_ntifs
typedef struct _SecPkgContext_AuthorityW
{
SEC_WCHAR SEC_FAR * sAuthorityName;
} SecPkgContext_AuthorityW, * PSecPkgContext_AuthorityW;
// end_ntifs
#ifdef UNICODE
#define SecPkgContext_Authority SecPkgContext_AuthorityW // ntifs
#define PSecPkgContext_Authority PSecPkgContext_AuthorityW // ntifs
#else
#define SecPkgContext_Authority SecPkgContext_AuthorityA
#define PSecPkgContext_Authority PSecPkgContext_AuthorityA
#endif
typedef struct _SecPkgContext_ProtoInfoA
{
SEC_CHAR SEC_FAR * sProtocolName;
unsigned long majorVersion;
unsigned long minorVersion;
} SecPkgContext_ProtoInfoA, SEC_FAR * PSecPkgContext_ProtoInfoA;
// begin_ntifs
typedef struct _SecPkgContext_ProtoInfoW
{
SEC_WCHAR SEC_FAR * sProtocolName;
unsigned long majorVersion;
unsigned long minorVersion;
} SecPkgContext_ProtoInfoW, SEC_FAR * PSecPkgContext_ProtoInfoW;
// end_ntifs
#ifdef UNICODE
#define SecPkgContext_ProtoInfo SecPkgContext_ProtoInfoW // ntifs
#define PSecPkgContext_ProtoInfo PSecPkgContext_ProtoInfoW // ntifs
#else
#define SecPkgContext_ProtoInfo SecPkgContext_ProtoInfoA
#define PSecPkgContext_ProtoInfo PSecPkgContext_ProtoInfoA
#endif
// begin_ntifs
typedef struct _SecPkgContext_PasswordExpiry
{
TimeStamp tsPasswordExpires;
} SecPkgContext_PasswordExpiry, SEC_FAR * PSecPkgContext_PasswordExpiry;
typedef struct _SecPkgContext_SessionKey
{
unsigned long SessionKeyLength;
unsigned char SEC_FAR * SessionKey;
} SecPkgContext_SessionKey, *PSecPkgContext_SessionKey;
typedef struct _SecPkgContext_PackageInfoW
{
PSecPkgInfoW PackageInfo;
} SecPkgContext_PackageInfoW, SEC_FAR * PSecPkgContext_PackageInfoW;
// end_ntifs
typedef struct _SecPkgContext_PackageInfoA
{
PSecPkgInfoA PackageInfo;
} SecPkgContext_PackageInfoA, SEC_FAR * PSecPkgContext_PackageInfoA;
// begin_ntifs
typedef struct _SecPkgContext_UserFlags
{
unsigned long UserFlags;
} SecPkgContext_UserFlags, SEC_FAR * PSecPkgContext_UserFlags;
typedef struct _SecPkgContext_Flags
{
unsigned long Flags;
} SecPkgContext_Flags, SEC_FAR * PSecPkgContext_Flags;
// end_ntifs
#ifdef UNICODE
#define SecPkgContext_PackageInfo SecPkgContext_PackageInfoW // ntifs
#define PSecPkgContext_PackageInfo PSecPkgContext_PackageInfoW // ntifs
#else
#define SecPkgContext_PackageInfo SecPkgContext_PackageInfoA
#define PSecPkgContext_PackageInfo PSecPkgContext_PackageInfoA
#endif
typedef struct _SecPkgContext_NegotiationInfoA
{
PSecPkgInfoA PackageInfo ;
unsigned long NegotiationState ;
} SecPkgContext_NegotiationInfoA, SEC_FAR * PSecPkgContext_NegotiationInfoA ;
// begin_ntifs
typedef struct _SecPkgContext_NegotiationInfoW
{
PSecPkgInfoW PackageInfo ;
unsigned long NegotiationState ;
} SecPkgContext_NegotiationInfoW, SEC_FAR * PSecPkgContext_NegotiationInfoW ;
// end_ntifs
#ifdef UNICODE
#define SecPkgContext_NegotiationInfo SecPkgContext_NegotiationInfoW
#define PSecPkgContext_NegotiationInfo PSecPkgContext_NegotiationInfoW
#else
#define SecPkgContext_NegotiationInfo SecPkgContext_NegotiationInfoA
#define PSecPkgContext_NegotiationInfo PSecPkgContext_NegotiationInfoA
#endif
#define SECPKG_NEGOTIATION_COMPLETE 0
#define SECPKG_NEGOTIATION_OPTIMISTIC 1
#define SECPKG_NEGOTIATION_IN_PROGRESS 2
#define SECPKG_NEGOTIATION_DIRECT 3
#define SECPKG_NEGOTIATION_TRY_MULTICRED 4
typedef struct _SecPkgContext_NativeNamesW
{
SEC_WCHAR SEC_FAR * sClientName;
SEC_WCHAR SEC_FAR * sServerName;
} SecPkgContext_NativeNamesW, SEC_FAR * PSecPkgContext_NativeNamesW;
typedef struct _SecPkgContext_NativeNamesA
{
SEC_CHAR SEC_FAR * sClientName;
SEC_CHAR SEC_FAR * sServerName;
} SecPkgContext_NativeNamesA, SEC_FAR * PSecPkgContext_NativeNamesA;
#ifdef UNICODE
# define SecPkgContext_NativeNames SecPkgContext_NativeNamesW // ntifs
# define PSecPkgContext_NativeNames PSecPkgContext_NativeNamesW // ntifs
#else
# define SecPkgContext_NativeNames SecPkgContext_NativeNamesA
# define PSecPkgContext_NativeNames PSecPkgContext_NativeNamesA
#endif // !UNICODE
// begin_ntifs
typedef struct _SecPkgContext_CredentialNameW
{
unsigned long CredentialType;
SEC_WCHAR SEC_FAR *sCredentialName;
} SecPkgContext_CredentialNameW, SEC_FAR * PSecPkgContext_CredentialNameW;
// end_ntifs
typedef struct _SecPkgContext_CredentialNameA
{
unsigned long CredentialType;
SEC_CHAR SEC_FAR *sCredentialName;
} SecPkgContext_CredentialNameA, SEC_FAR * PSecPkgContext_CredentialNameA;
#ifdef UNICODE
# define SecPkgContext_CredentialName SecPkgContext_CredentialNameW // ntifs
# define PSecPkgContext_CredentialName PSecPkgContext_CredentialNameW // ntifs
#else
# define SecPkgContext_CredentialName SecPkgContext_CredentialNameA
# define PSecPkgContext_CredentialName PSecPkgContext_CredentialNameA
#endif // !UNICODE
typedef struct _SecPkgContext_AccessToken
{
void SEC_FAR * AccessToken;
} SecPkgContext_AccessToken, SEC_FAR * PSecPkgContext_AccessToken;
typedef struct _SecPkgContext_TargetInformation
{
unsigned long MarshalledTargetInfoLength;
unsigned char SEC_FAR * MarshalledTargetInfo;
} SecPkgContext_TargetInformation, SEC_FAR * PSecPkgContext_TargetInformation;
typedef struct _SecPkgContext_AuthzID
{
unsigned long AuthzIDLength;
char SEC_FAR * AuthzID;
} SecPkgContext_AuthzID, SEC_FAR * PSecPkgContext_AuthzID;
typedef struct _SecPkgContext_Target
{
unsigned long TargetLength;
char SEC_FAR * Target;
} SecPkgContext_Target, SEC_FAR * PSecPkgContext_Target;
// begin_ntifs
typedef void
(SEC_ENTRY SEC_FAR * SEC_GET_KEY_FN) (
void SEC_FAR * Arg, // Argument passed in
void SEC_FAR * Principal, // Principal ID
unsigned long KeyVer, // Key Version
void SEC_FAR * SEC_FAR * Key, // Returned ptr to key
SECURITY_STATUS SEC_FAR * Status // returned status
);
//
// Flags for ExportSecurityContext
//
#define SECPKG_CONTEXT_EXPORT_RESET_NEW 0x00000001 // New context is reset to initial state
#define SECPKG_CONTEXT_EXPORT_DELETE_OLD 0x00000002 // Old context is deleted during export
SECURITY_STATUS SEC_ENTRY
AcquireCredentialsHandleW(
#if ISSP_MODE == 0 // For Kernel mode
PSECURITY_STRING pPrincipal,
PSECURITY_STRING pPackage,
#else
SEC_WCHAR SEC_FAR * pszPrincipal, // Name of principal
SEC_WCHAR SEC_FAR * pszPackage, // Name of package
#endif
unsigned long fCredentialUse, // Flags indicating use
void SEC_FAR * pvLogonId, // Pointer to logon ID
void SEC_FAR * pAuthData, // Package specific data
SEC_GET_KEY_FN pGetKeyFn, // Pointer to GetKey() func
void SEC_FAR * pvGetKeyArgument, // Value to pass to GetKey()
PCredHandle phCredential, // (out) Cred Handle
PTimeStamp ptsExpiry // (out) Lifetime (optional)
);
typedef SECURITY_STATUS
(SEC_ENTRY * ACQUIRE_CREDENTIALS_HANDLE_FN_W)(
#if ISSP_MODE == 0
PSECURITY_STRING,
PSECURITY_STRING,
#else
SEC_WCHAR SEC_FAR *,
SEC_WCHAR SEC_FAR *,
#endif
unsigned long,
void SEC_FAR *,
void SEC_FAR *,
SEC_GET_KEY_FN,
void SEC_FAR *,
PCredHandle,
PTimeStamp);
// end_ntifs
SECURITY_STATUS SEC_ENTRY
AcquireCredentialsHandleA(
SEC_CHAR SEC_FAR * pszPrincipal, // Name of principal
SEC_CHAR SEC_FAR * pszPackage, // Name of package
unsigned long fCredentialUse, // Flags indicating use
void SEC_FAR * pvLogonId, // Pointer to logon ID
void SEC_FAR * pAuthData, // Package specific data
SEC_GET_KEY_FN pGetKeyFn, // Pointer to GetKey() func
void SEC_FAR * pvGetKeyArgument, // Value to pass to GetKey()
PCredHandle phCredential, // (out) Cred Handle
PTimeStamp ptsExpiry // (out) Lifetime (optional)
);
typedef SECURITY_STATUS
(SEC_ENTRY * ACQUIRE_CREDENTIALS_HANDLE_FN_A)(
SEC_CHAR SEC_FAR *,
SEC_CHAR SEC_FAR *,
unsigned long,
void SEC_FAR *,
void SEC_FAR *,
SEC_GET_KEY_FN,
void SEC_FAR *,
PCredHandle,
PTimeStamp);
#ifdef UNICODE
# define AcquireCredentialsHandle AcquireCredentialsHandleW // ntifs
# define ACQUIRE_CREDENTIALS_HANDLE_FN ACQUIRE_CREDENTIALS_HANDLE_FN_W // ntifs
#else
# define AcquireCredentialsHandle AcquireCredentialsHandleA
# define ACQUIRE_CREDENTIALS_HANDLE_FN ACQUIRE_CREDENTIALS_HANDLE_FN_A
#endif // !UNICODE
// begin_ntifs
SECURITY_STATUS SEC_ENTRY
FreeCredentialsHandle(
PCredHandle phCredential // Handle to free
);
typedef SECURITY_STATUS
(SEC_ENTRY * FREE_CREDENTIALS_HANDLE_FN)(
PCredHandle );
SECURITY_STATUS SEC_ENTRY
AddCredentialsW(
PCredHandle hCredentials,
#if ISSP_MODE == 0 // For Kernel mode
PSECURITY_STRING pPrincipal,
PSECURITY_STRING pPackage,
#else
SEC_WCHAR SEC_FAR * pszPrincipal, // Name of principal
SEC_WCHAR SEC_FAR * pszPackage, // Name of package
#endif
unsigned long fCredentialUse, // Flags indicating use
void SEC_FAR * pAuthData, // Package specific data
SEC_GET_KEY_FN pGetKeyFn, // Pointer to GetKey() func
void SEC_FAR * pvGetKeyArgument, // Value to pass to GetKey()
PTimeStamp ptsExpiry // (out) Lifetime (optional)
);
typedef SECURITY_STATUS
(SEC_ENTRY * ADD_CREDENTIALS_FN_W)(
PCredHandle,
#if ISSP_MODE == 0
PSECURITY_STRING,
PSECURITY_STRING,
#else
SEC_WCHAR SEC_FAR *,
SEC_WCHAR SEC_FAR *,
#endif
unsigned long,
void SEC_FAR *,
SEC_GET_KEY_FN,
void SEC_FAR *,
PTimeStamp);
SECURITY_STATUS SEC_ENTRY
AddCredentialsA(
PCredHandle hCredentials,
SEC_CHAR SEC_FAR * pszPrincipal, // Name of principal
SEC_CHAR SEC_FAR * pszPackage, // Name of package
unsigned long fCredentialUse, // Flags indicating use
void SEC_FAR * pAuthData, // Package specific data
SEC_GET_KEY_FN pGetKeyFn, // Pointer to GetKey() func
void SEC_FAR * pvGetKeyArgument, // Value to pass to GetKey()
PTimeStamp ptsExpiry // (out) Lifetime (optional)
);
typedef SECURITY_STATUS
(SEC_ENTRY * ADD_CREDENTIALS_FN_A)(
PCredHandle,
SEC_CHAR SEC_FAR *,
SEC_CHAR SEC_FAR *,
unsigned long,
void SEC_FAR *,
SEC_GET_KEY_FN,
void SEC_FAR *,
PTimeStamp);
#ifdef UNICODE
#define AddCredentials AddCredentialsW
#define ADD_CREDENTIALS_FN ADD_CREDENTIALS_FN_W
#else
#define AddCredentials AddCredentialsA
#define ADD_CREDENTIALS_FN ADD_CREDENTIALS_FN_A
#endif
////////////////////////////////////////////////////////////////////////
///
/// Context Management Functions
///
////////////////////////////////////////////////////////////////////////
SECURITY_STATUS SEC_ENTRY
InitializeSecurityContextW(
PCredHandle phCredential, // Cred to base context
PCtxtHandle phContext, // Existing context (OPT)
#if ISSP_MODE == 0
PSECURITY_STRING pTargetName,
#else
SEC_WCHAR SEC_FAR * pszTargetName, // Name of target
#endif
unsigned long fContextReq, // Context Requirements
unsigned long Reserved1, // Reserved, MBZ
unsigned long TargetDataRep, // Data rep of target
PSecBufferDesc pInput, // Input Buffers
unsigned long Reserved2, // Reserved, MBZ
PCtxtHandle phNewContext, // (out) New Context handle
PSecBufferDesc pOutput, // (inout) Output Buffers
unsigned long SEC_FAR * pfContextAttr, // (out) Context attrs
PTimeStamp ptsExpiry // (out) Life span (OPT)
);
typedef SECURITY_STATUS
(SEC_ENTRY * INITIALIZE_SECURITY_CONTEXT_FN_W)(
PCredHandle,
PCtxtHandle,
#if ISSP_MODE == 0
PSECURITY_STRING,
#else
SEC_WCHAR SEC_FAR *,
#endif
unsigned long,
unsigned long,
unsigned long,
PSecBufferDesc,
unsigned long,
PCtxtHandle,
PSecBufferDesc,
unsigned long SEC_FAR *,
PTimeStamp);
// end_ntifs
SECURITY_STATUS SEC_ENTRY
InitializeSecurityContextA(
PCredHandle phCredential, // Cred to base context
PCtxtHandle phContext, // Existing context (OPT)
SEC_CHAR SEC_FAR * pszTargetName, // Name of target
unsigned long fContextReq, // Context Requirements
unsigned long Reserved1, // Reserved, MBZ
unsigned long TargetDataRep, // Data rep of target
PSecBufferDesc pInput, // Input Buffers
unsigned long Reserved2, // Reserved, MBZ
PCtxtHandle phNewContext, // (out) New Context handle
PSecBufferDesc pOutput, // (inout) Output Buffers
unsigned long SEC_FAR * pfContextAttr, // (out) Context attrs
PTimeStamp ptsExpiry // (out) Life span (OPT)
);
typedef SECURITY_STATUS
(SEC_ENTRY * INITIALIZE_SECURITY_CONTEXT_FN_A)(
PCredHandle,
PCtxtHandle,
SEC_CHAR SEC_FAR *,
unsigned long,
unsigned long,
unsigned long,
PSecBufferDesc,
unsigned long,
PCtxtHandle,
PSecBufferDesc,
unsigned long SEC_FAR *,
PTimeStamp);
#ifdef UNICODE
# define InitializeSecurityContext InitializeSecurityContextW // ntifs
# define INITIALIZE_SECURITY_CONTEXT_FN INITIALIZE_SECURITY_CONTEXT_FN_W // ntifs
#else
# define InitializeSecurityContext InitializeSecurityContextA
# define INITIALIZE_SECURITY_CONTEXT_FN INITIALIZE_SECURITY_CONTEXT_FN_A
#endif // !UNICODE
// begin_ntifs
SECURITY_STATUS SEC_ENTRY
AcceptSecurityContext(
PCredHandle phCredential, // Cred to base context
PCtxtHandle phContext, // Existing context (OPT)
PSecBufferDesc pInput, // Input buffer
unsigned long fContextReq, // Context Requirements
unsigned long TargetDataRep, // Target Data Rep
PCtxtHandle phNewContext, // (out) New context handle
PSecBufferDesc pOutput, // (inout) Output buffers
unsigned long SEC_FAR * pfContextAttr, // (out) Context attributes
PTimeStamp ptsExpiry // (out) Life span (OPT)
);
typedef SECURITY_STATUS
(SEC_ENTRY * ACCEPT_SECURITY_CONTEXT_FN)(
PCredHandle,
PCtxtHandle,
PSecBufferDesc,
unsigned long,
unsigned long,
PCtxtHandle,
PSecBufferDesc,
unsigned long SEC_FAR *,
PTimeStamp);
SECURITY_STATUS SEC_ENTRY
CompleteAuthToken(
PCtxtHandle phContext, // Context to complete
PSecBufferDesc pToken // Token to complete
);
typedef SECURITY_STATUS
(SEC_ENTRY * COMPLETE_AUTH_TOKEN_FN)(
PCtxtHandle,
PSecBufferDesc);
SECURITY_STATUS SEC_ENTRY
ImpersonateSecurityContext(
PCtxtHandle phContext // Context to impersonate
);
typedef SECURITY_STATUS
(SEC_ENTRY * IMPERSONATE_SECURITY_CONTEXT_FN)(
PCtxtHandle);
SECURITY_STATUS SEC_ENTRY
RevertSecurityContext(
PCtxtHandle phContext // Context from which to re
);
typedef SECURITY_STATUS
(SEC_ENTRY * REVERT_SECURITY_CONTEXT_FN)(
PCtxtHandle);
SECURITY_STATUS SEC_ENTRY
QuerySecurityContextToken(
PCtxtHandle phContext,
void SEC_FAR * SEC_FAR * Token
);
typedef SECURITY_STATUS
(SEC_ENTRY * QUERY_SECURITY_CONTEXT_TOKEN_FN)(
PCtxtHandle, void SEC_FAR * SEC_FAR *);
SECURITY_STATUS SEC_ENTRY
DeleteSecurityContext(
PCtxtHandle phContext // Context to delete
);
typedef SECURITY_STATUS
(SEC_ENTRY * DELETE_SECURITY_CONTEXT_FN)(
PCtxtHandle);
SECURITY_STATUS SEC_ENTRY
ApplyControlToken(
PCtxtHandle phContext, // Context to modify
PSecBufferDesc pInput // Input token to apply
);
typedef SECURITY_STATUS
(SEC_ENTRY * APPLY_CONTROL_TOKEN_FN)(
PCtxtHandle, PSecBufferDesc);
SECURITY_STATUS SEC_ENTRY
QueryContextAttributesW(
PCtxtHandle phContext, // Context to query
unsigned long ulAttribute, // Attribute to query
void SEC_FAR * pBuffer // Buffer for attributes
);
typedef SECURITY_STATUS
(SEC_ENTRY * QUERY_CONTEXT_ATTRIBUTES_FN_W)(
PCtxtHandle,
unsigned long,
void SEC_FAR *);
// end_ntifs
SECURITY_STATUS SEC_ENTRY
QueryContextAttributesA(
PCtxtHandle phContext, // Context to query
unsigned long ulAttribute, // Attribute to query
void SEC_FAR * pBuffer // Buffer for attributes
);
typedef SECURITY_STATUS
(SEC_ENTRY * QUERY_CONTEXT_ATTRIBUTES_FN_A)(
PCtxtHandle,
unsigned long,
void SEC_FAR *);
#ifdef UNICODE
# define QueryContextAttributes QueryContextAttributesW // ntifs
# define QUERY_CONTEXT_ATTRIBUTES_FN QUERY_CONTEXT_ATTRIBUTES_FN_W // ntifs
#else
# define QueryContextAttributes QueryContextAttributesA
# define QUERY_CONTEXT_ATTRIBUTES_FN QUERY_CONTEXT_ATTRIBUTES_FN_A
#endif // !UNICODE
// begin_ntifs
SECURITY_STATUS SEC_ENTRY
SetContextAttributesW(
PCtxtHandle phContext, // Context to Set
unsigned long ulAttribute, // Attribute to Set
void SEC_FAR * pBuffer, // Buffer for attributes
unsigned long cbBuffer // Size (in bytes) of Buffer
);
typedef SECURITY_STATUS
(SEC_ENTRY * SET_CONTEXT_ATTRIBUTES_FN_W)(
PCtxtHandle,
unsigned long,
void SEC_FAR *,
unsigned long );
// end_ntifs
SECURITY_STATUS SEC_ENTRY
SetContextAttributesA(
PCtxtHandle phContext, // Context to Set
unsigned long ulAttribute, // Attribute to Set
void SEC_FAR * pBuffer, // Buffer for attributes
unsigned long cbBuffer // Size (in bytes) of Buffer
);
typedef SECURITY_STATUS
(SEC_ENTRY * SET_CONTEXT_ATTRIBUTES_FN_A)(
PCtxtHandle,
unsigned long,
void SEC_FAR *,
unsigned long );
#ifdef UNICODE
# define SetContextAttributes SetContextAttributesW // ntifs
# define SET_CONTEXT_ATTRIBUTES_FN SET_CONTEXT_ATTRIBUTES_FN_W // ntifs
#else
# define SetContextAttributes SetContextAttributesA
# define SET_CONTEXT_ATTRIBUTES_FN SET_CONTEXT_ATTRIBUTES_FN_A
#endif // !UNICODE
// begin_ntifs
SECURITY_STATUS SEC_ENTRY
QueryCredentialsAttributesW(
PCredHandle phCredential, // Credential to query
unsigned long ulAttribute, // Attribute to query
void SEC_FAR * pBuffer // Buffer for attributes
);
typedef SECURITY_STATUS
(SEC_ENTRY * QUERY_CREDENTIALS_ATTRIBUTES_FN_W)(
PCredHandle,
unsigned long,
void SEC_FAR *);
// end_ntifs
SECURITY_STATUS SEC_ENTRY
QueryCredentialsAttributesA(
PCredHandle phCredential, // Credential to query
unsigned long ulAttribute, // Attribute to query
void SEC_FAR * pBuffer // Buffer for attributes
);
typedef SECURITY_STATUS
(SEC_ENTRY * QUERY_CREDENTIALS_ATTRIBUTES_FN_A)(
PCredHandle,
unsigned long,
void SEC_FAR *);
#ifdef UNICODE
# define QueryCredentialsAttributes QueryCredentialsAttributesW // ntifs
# define QUERY_CREDENTIALS_ATTRIBUTES_FN QUERY_CREDENTIALS_ATTRIBUTES_FN_W // ntifs
#else
# define QueryCredentialsAttributes QueryCredentialsAttributesA
# define QUERY_CREDENTIALS_ATTRIBUTES_FN QUERY_CREDENTIALS_ATTRIBUTES_FN_A
#endif // !UNICODE
// begin_ntifs
SECURITY_STATUS SEC_ENTRY
FreeContextBuffer(
void SEC_FAR * pvContextBuffer // buffer to free
);
typedef SECURITY_STATUS
(SEC_ENTRY * FREE_CONTEXT_BUFFER_FN)(
void SEC_FAR *);
// end_ntifs
// begin_ntifs
///////////////////////////////////////////////////////////////////
////
//// Message Support API
////
//////////////////////////////////////////////////////////////////
SECURITY_STATUS SEC_ENTRY
MakeSignature(
PCtxtHandle phContext, // Context to use
unsigned long fQOP, // Quality of Protection
PSecBufferDesc pMessage, // Message to sign
unsigned long MessageSeqNo // Message Sequence Num.
);
typedef SECURITY_STATUS
(SEC_ENTRY * MAKE_SIGNATURE_FN)(
PCtxtHandle,
unsigned long,
PSecBufferDesc,
unsigned long);
SECURITY_STATUS SEC_ENTRY
VerifySignature(
PCtxtHandle phContext, // Context to use
PSecBufferDesc pMessage, // Message to verify
unsigned long MessageSeqNo, // Sequence Num.
unsigned long SEC_FAR * pfQOP // QOP used
);
typedef SECURITY_STATUS
(SEC_ENTRY * VERIFY_SIGNATURE_FN)(
PCtxtHandle,
PSecBufferDesc,
unsigned long,
unsigned long SEC_FAR *);
#define SECQOP_WRAP_NO_ENCRYPT 0x80000001
SECURITY_STATUS SEC_ENTRY
EncryptMessage( PCtxtHandle phContext,
unsigned long fQOP,
PSecBufferDesc pMessage,
unsigned long MessageSeqNo);
typedef SECURITY_STATUS
(SEC_ENTRY * ENCRYPT_MESSAGE_FN)(
PCtxtHandle, unsigned long, PSecBufferDesc, unsigned long);
SECURITY_STATUS SEC_ENTRY
DecryptMessage( PCtxtHandle phContext,
PSecBufferDesc pMessage,
unsigned long MessageSeqNo,
unsigned long * pfQOP);
typedef SECURITY_STATUS
(SEC_ENTRY * DECRYPT_MESSAGE_FN)(
PCtxtHandle, PSecBufferDesc, unsigned long,
unsigned long SEC_FAR *);
// end_ntifs
// begin_ntifs
///////////////////////////////////////////////////////////////////////////
////
//// Misc.
////
///////////////////////////////////////////////////////////////////////////
SECURITY_STATUS SEC_ENTRY
EnumerateSecurityPackagesW(
unsigned long SEC_FAR * pcPackages, // Receives num. packages
PSecPkgInfoW SEC_FAR * ppPackageInfo // Receives array of info
);
typedef SECURITY_STATUS
(SEC_ENTRY * ENUMERATE_SECURITY_PACKAGES_FN_W)(
unsigned long SEC_FAR *,
PSecPkgInfoW SEC_FAR *);
// end_ntifs
SECURITY_STATUS SEC_ENTRY
EnumerateSecurityPackagesA(
unsigned long SEC_FAR * pcPackages, // Receives num. packages
PSecPkgInfoA SEC_FAR * ppPackageInfo // Receives array of info
);
typedef SECURITY_STATUS
(SEC_ENTRY * ENUMERATE_SECURITY_PACKAGES_FN_A)(
unsigned long SEC_FAR *,
PSecPkgInfoA SEC_FAR *);
#ifdef UNICODE
# define EnumerateSecurityPackages EnumerateSecurityPackagesW // ntifs
# define ENUMERATE_SECURITY_PACKAGES_FN ENUMERATE_SECURITY_PACKAGES_FN_W // ntifs
#else
# define EnumerateSecurityPackages EnumerateSecurityPackagesA
# define ENUMERATE_SECURITY_PACKAGES_FN ENUMERATE_SECURITY_PACKAGES_FN_A
#endif // !UNICODE
// begin_ntifs
SECURITY_STATUS SEC_ENTRY
QuerySecurityPackageInfoW(
#if ISSP_MODE == 0
PSECURITY_STRING pPackageName,
#else
SEC_WCHAR SEC_FAR * pszPackageName, // Name of package
#endif
PSecPkgInfoW SEC_FAR *ppPackageInfo // Receives package info
);
typedef SECURITY_STATUS
(SEC_ENTRY * QUERY_SECURITY_PACKAGE_INFO_FN_W)(
#if ISSP_MODE == 0
PSECURITY_STRING,
#else
SEC_WCHAR SEC_FAR *,
#endif
PSecPkgInfoW SEC_FAR *);
// end_ntifs
SECURITY_STATUS SEC_ENTRY
QuerySecurityPackageInfoA(
SEC_CHAR SEC_FAR * pszPackageName, // Name of package
PSecPkgInfoA SEC_FAR *ppPackageInfo // Receives package info
);
typedef SECURITY_STATUS
(SEC_ENTRY * QUERY_SECURITY_PACKAGE_INFO_FN_A)(
SEC_CHAR SEC_FAR *,
PSecPkgInfoA SEC_FAR *);
#ifdef UNICODE
# define QuerySecurityPackageInfo QuerySecurityPackageInfoW // ntifs
# define QUERY_SECURITY_PACKAGE_INFO_FN QUERY_SECURITY_PACKAGE_INFO_FN_W // ntifs
#else
# define QuerySecurityPackageInfo QuerySecurityPackageInfoA
# define QUERY_SECURITY_PACKAGE_INFO_FN QUERY_SECURITY_PACKAGE_INFO_FN_A
#endif // !UNICODE
typedef enum _SecDelegationType {
SecFull,
SecService,
SecTree,
SecDirectory,
SecObject
} SecDelegationType, * PSecDelegationType;
SECURITY_STATUS SEC_ENTRY
DelegateSecurityContext(
PCtxtHandle phContext, // IN Active context to delegate
#if ISSP_MODE == 0
PSECURITY_STRING pTarget, // IN Target path
#else
SEC_CHAR SEC_FAR * pszTarget,
#endif
SecDelegationType DelegationType, // IN Type of delegation
PTimeStamp pExpiry, // IN OPTIONAL time limit
PSecBuffer pPackageParameters, // IN OPTIONAL package specific
PSecBufferDesc pOutput); // OUT Token for applycontroltoken.
///////////////////////////////////////////////////////////////////////////
////
//// Proxies
////
///////////////////////////////////////////////////////////////////////////
//
// Proxies are only available on NT platforms
//
// begin_ntifs
///////////////////////////////////////////////////////////////////////////
////
//// Context export/import
////
///////////////////////////////////////////////////////////////////////////
SECURITY_STATUS SEC_ENTRY
ExportSecurityContext(
PCtxtHandle phContext, // (in) context to export
ULONG fFlags, // (in) option flags
PSecBuffer pPackedContext, // (out) marshalled context
void SEC_FAR * SEC_FAR * pToken // (out, optional) token handle for impersonation
);
typedef SECURITY_STATUS
(SEC_ENTRY * EXPORT_SECURITY_CONTEXT_FN)(
PCtxtHandle,
ULONG,
PSecBuffer,
void SEC_FAR * SEC_FAR *
);
SECURITY_STATUS SEC_ENTRY
ImportSecurityContextW(
#if ISSP_MODE == 0
PSECURITY_STRING pszPackage,
#else
SEC_WCHAR SEC_FAR * pszPackage,
#endif
PSecBuffer pPackedContext, // (in) marshalled context
void SEC_FAR * Token, // (in, optional) handle to token for context
PCtxtHandle phContext // (out) new context handle
);
typedef SECURITY_STATUS
(SEC_ENTRY * IMPORT_SECURITY_CONTEXT_FN_W)(
#if ISSP_MODE == 0
PSECURITY_STRING,
#else
SEC_WCHAR SEC_FAR *,
#endif
PSecBuffer,
VOID SEC_FAR *,
PCtxtHandle
);
// end_ntifs
SECURITY_STATUS SEC_ENTRY
ImportSecurityContextA(
SEC_CHAR SEC_FAR * pszPackage,
PSecBuffer pPackedContext, // (in) marshalled context
VOID SEC_FAR * Token, // (in, optional) handle to token for context
PCtxtHandle phContext // (out) new context handle
);
typedef SECURITY_STATUS
(SEC_ENTRY * IMPORT_SECURITY_CONTEXT_FN_A)(
SEC_CHAR SEC_FAR *,
PSecBuffer,
void SEC_FAR *,
PCtxtHandle
);
#ifdef UNICODE
# define ImportSecurityContext ImportSecurityContextW // ntifs
# define IMPORT_SECURITY_CONTEXT_FN IMPORT_SECURITY_CONTEXT_FN_W // ntifs
#else
# define ImportSecurityContext ImportSecurityContextA
# define IMPORT_SECURITY_CONTEXT_FN IMPORT_SECURITY_CONTEXT_FN_A
#endif // !UNICODE
// begin_ntifs
#if ISSP_MODE == 0
NTSTATUS
NTAPI
SecMakeSPN(
IN PUNICODE_STRING ServiceClass,
IN PUNICODE_STRING ServiceName,
IN PUNICODE_STRING InstanceName OPTIONAL,
IN USHORT InstancePort OPTIONAL,
IN PUNICODE_STRING Referrer OPTIONAL,
IN OUT PUNICODE_STRING Spn,
OUT PULONG Length OPTIONAL,
IN BOOLEAN Allocate
);
NTSTATUS
NTAPI
SecMakeSPNEx(
IN PUNICODE_STRING ServiceClass,
IN PUNICODE_STRING ServiceName,
IN PUNICODE_STRING InstanceName OPTIONAL,
IN USHORT InstancePort OPTIONAL,
IN PUNICODE_STRING Referrer OPTIONAL,
IN PUNICODE_STRING TargetInfo OPTIONAL,
IN OUT PUNICODE_STRING Spn,
OUT PULONG Length OPTIONAL,
IN BOOLEAN Allocate
);
NTSTATUS
SEC_ENTRY
SecLookupAccountSid(
IN PSID Sid,
IN OUT PULONG NameSize,
OUT PUNICODE_STRING NameBuffer,
IN OUT PULONG DomainSize OPTIONAL,
OUT PUNICODE_STRING DomainBuffer OPTIONAL,
OUT PSID_NAME_USE NameUse
);
NTSTATUS
SEC_ENTRY
SecLookupAccountName(
IN PUNICODE_STRING Name,
IN OUT PULONG SidSize,
OUT PSID Sid,
OUT PSID_NAME_USE NameUse,
IN OUT PULONG DomainSize OPTIONAL,
OUT PUNICODE_STRING ReferencedDomain OPTIONAL
);
NTSTATUS
SEC_ENTRY
SecLookupWellKnownSid(
IN WELL_KNOWN_SID_TYPE SidType,
OUT PSID Sid,
ULONG SidBufferSize,
OUT PULONG SidSize OPTIONAL
);
#endif
// end_ntifs
///////////////////////////////////////////////////////////////////////////////
////
//// Fast access for RPC:
////
///////////////////////////////////////////////////////////////////////////////
#define SECURITY_ENTRYPOINT_ANSIW "InitSecurityInterfaceW"
#define SECURITY_ENTRYPOINT_ANSIA "InitSecurityInterfaceA"
#define SECURITY_ENTRYPOINTW SEC_TEXT("InitSecurityInterfaceW") // ntifs
#define SECURITY_ENTRYPOINTA SEC_TEXT("InitSecurityInterfaceA")
#define SECURITY_ENTRYPOINT16 "INITSECURITYINTERFACEA"
#ifdef SECURITY_WIN32
# ifdef UNICODE
# define SECURITY_ENTRYPOINT SECURITY_ENTRYPOINTW // ntifs
# define SECURITY_ENTRYPOINT_ANSI SECURITY_ENTRYPOINT_ANSIW
# else // UNICODE
# define SECURITY_ENTRYPOINT SECURITY_ENTRYPOINTA
# define SECURITY_ENTRYPOINT_ANSI SECURITY_ENTRYPOINT_ANSIA
# endif // UNICODE
#else // SECURITY_WIN32
# define SECURITY_ENTRYPOINT SECURITY_ENTRYPOINT16
# define SECURITY_ENTRYPOINT_ANSI SECURITY_ENTRYPOINT16
#endif // SECURITY_WIN32
// begin_ntifs
#define FreeCredentialHandle FreeCredentialsHandle
typedef struct _SECURITY_FUNCTION_TABLE_W {
unsigned long dwVersion;
ENUMERATE_SECURITY_PACKAGES_FN_W EnumerateSecurityPackagesW;
QUERY_CREDENTIALS_ATTRIBUTES_FN_W QueryCredentialsAttributesW;
ACQUIRE_CREDENTIALS_HANDLE_FN_W AcquireCredentialsHandleW;
FREE_CREDENTIALS_HANDLE_FN FreeCredentialsHandle;
void SEC_FAR * Reserved2;
INITIALIZE_SECURITY_CONTEXT_FN_W InitializeSecurityContextW;
ACCEPT_SECURITY_CONTEXT_FN AcceptSecurityContext;
COMPLETE_AUTH_TOKEN_FN CompleteAuthToken;
DELETE_SECURITY_CONTEXT_FN DeleteSecurityContext;
APPLY_CONTROL_TOKEN_FN ApplyControlToken;
QUERY_CONTEXT_ATTRIBUTES_FN_W QueryContextAttributesW;
IMPERSONATE_SECURITY_CONTEXT_FN ImpersonateSecurityContext;
REVERT_SECURITY_CONTEXT_FN RevertSecurityContext;
MAKE_SIGNATURE_FN MakeSignature;
VERIFY_SIGNATURE_FN VerifySignature;
FREE_CONTEXT_BUFFER_FN FreeContextBuffer;
QUERY_SECURITY_PACKAGE_INFO_FN_W QuerySecurityPackageInfoW;
void SEC_FAR * Reserved3;
void SEC_FAR * Reserved4;
EXPORT_SECURITY_CONTEXT_FN ExportSecurityContext;
IMPORT_SECURITY_CONTEXT_FN_W ImportSecurityContextW;
ADD_CREDENTIALS_FN_W AddCredentialsW ;
void SEC_FAR * Reserved8;
QUERY_SECURITY_CONTEXT_TOKEN_FN QuerySecurityContextToken;
ENCRYPT_MESSAGE_FN EncryptMessage;
DECRYPT_MESSAGE_FN DecryptMessage;
SET_CONTEXT_ATTRIBUTES_FN_W SetContextAttributesW;
} SecurityFunctionTableW, SEC_FAR * PSecurityFunctionTableW;
// end_ntifs
typedef struct _SECURITY_FUNCTION_TABLE_A {
unsigned long dwVersion;
ENUMERATE_SECURITY_PACKAGES_FN_A EnumerateSecurityPackagesA;
QUERY_CREDENTIALS_ATTRIBUTES_FN_A QueryCredentialsAttributesA;
ACQUIRE_CREDENTIALS_HANDLE_FN_A AcquireCredentialsHandleA;
FREE_CREDENTIALS_HANDLE_FN FreeCredentialHandle;
void SEC_FAR * Reserved2;
INITIALIZE_SECURITY_CONTEXT_FN_A InitializeSecurityContextA;
ACCEPT_SECURITY_CONTEXT_FN AcceptSecurityContext;
COMPLETE_AUTH_TOKEN_FN CompleteAuthToken;
DELETE_SECURITY_CONTEXT_FN DeleteSecurityContext;
APPLY_CONTROL_TOKEN_FN ApplyControlToken;
QUERY_CONTEXT_ATTRIBUTES_FN_A QueryContextAttributesA;
IMPERSONATE_SECURITY_CONTEXT_FN ImpersonateSecurityContext;
REVERT_SECURITY_CONTEXT_FN RevertSecurityContext;
MAKE_SIGNATURE_FN MakeSignature;
VERIFY_SIGNATURE_FN VerifySignature;
FREE_CONTEXT_BUFFER_FN FreeContextBuffer;
QUERY_SECURITY_PACKAGE_INFO_FN_A QuerySecurityPackageInfoA;
void SEC_FAR * Reserved3;
void SEC_FAR * Reserved4;
EXPORT_SECURITY_CONTEXT_FN ExportSecurityContext;
IMPORT_SECURITY_CONTEXT_FN_A ImportSecurityContextA;
ADD_CREDENTIALS_FN_A AddCredentialsA ;
void SEC_FAR * Reserved8;
QUERY_SECURITY_CONTEXT_TOKEN_FN QuerySecurityContextToken;
ENCRYPT_MESSAGE_FN EncryptMessage;
DECRYPT_MESSAGE_FN DecryptMessage;
SET_CONTEXT_ATTRIBUTES_FN_A SetContextAttributesA;
} SecurityFunctionTableA, SEC_FAR * PSecurityFunctionTableA;
#ifdef UNICODE
# define SecurityFunctionTable SecurityFunctionTableW // ntifs
# define PSecurityFunctionTable PSecurityFunctionTableW // ntifs
#else
# define SecurityFunctionTable SecurityFunctionTableA
# define PSecurityFunctionTable PSecurityFunctionTableA
#endif // !UNICODE
#define SECURITY_
// Function table has all routines through DecryptMessage
#define SECURITY_SUPPORT_PROVIDER_INTERFACE_VERSION 1 // ntifs
// Function table has all routines through SetContextAttributes
#define SECURITY_SUPPORT_PROVIDER_INTERFACE_VERSION_2 2 // ntifs
PSecurityFunctionTableA SEC_ENTRY
InitSecurityInterfaceA(
void
);
typedef PSecurityFunctionTableA
(SEC_ENTRY * INIT_SECURITY_INTERFACE_A)(void);
// begin_ntifs
PSecurityFunctionTableW SEC_ENTRY
InitSecurityInterfaceW(
void
);
typedef PSecurityFunctionTableW
(SEC_ENTRY * INIT_SECURITY_INTERFACE_W)(void);
// end_ntifs
#ifdef UNICODE
# define InitSecurityInterface InitSecurityInterfaceW // ntifs
# define INIT_SECURITY_INTERFACE INIT_SECURITY_INTERFACE_W // ntifs
#else
# define InitSecurityInterface InitSecurityInterfaceA
# define INIT_SECURITY_INTERFACE INIT_SECURITY_INTERFACE_A
#endif // !UNICODE
#ifdef SECURITY_WIN32
//
// SASL Profile Support
//
SECURITY_STATUS
SEC_ENTRY
SaslEnumerateProfilesA(
OUT LPSTR * ProfileList,
OUT ULONG * ProfileCount
);
SECURITY_STATUS
SEC_ENTRY
SaslEnumerateProfilesW(
OUT LPWSTR * ProfileList,
OUT ULONG * ProfileCount
);
#ifdef UNICODE
#define SaslEnumerateProfiles SaslEnumerateProfilesW
#else
#define SaslEnumerateProfiles SaslEnumerateProfilesA
#endif
SECURITY_STATUS
SEC_ENTRY
SaslGetProfilePackageA(
IN LPSTR ProfileName,
OUT PSecPkgInfoA * PackageInfo
);
SECURITY_STATUS
SEC_ENTRY
SaslGetProfilePackageW(
IN LPWSTR ProfileName,
OUT PSecPkgInfoW * PackageInfo
);
#ifdef UNICODE
#define SaslGetProfilePackage SaslGetProfilePackageW
#else
#define SaslGetProfilePackage SaslGetProfilePackageA
#endif
SECURITY_STATUS
SEC_ENTRY
SaslIdentifyPackageA(
IN PSecBufferDesc pInput,
OUT PSecPkgInfoA * PackageInfo
);
SECURITY_STATUS
SEC_ENTRY
SaslIdentifyPackageW(
IN PSecBufferDesc pInput,
OUT PSecPkgInfoW * PackageInfo
);
#ifdef UNICODE
#define SaslIdentifyPackage SaslIdentifyPackageW
#else
#define SaslIdentifyPackage SaslIdentifyPackageA
#endif
SECURITY_STATUS
SEC_ENTRY
SaslInitializeSecurityContextW(
PCredHandle phCredential, // Cred to base context
PCtxtHandle phContext, // Existing context (OPT)
LPWSTR pszTargetName, // Name of target
unsigned long fContextReq, // Context Requirements
unsigned long Reserved1, // Reserved, MBZ
unsigned long TargetDataRep, // Data rep of target
PSecBufferDesc pInput, // Input Buffers
unsigned long Reserved2, // Reserved, MBZ
PCtxtHandle phNewContext, // (out) New Context handle
PSecBufferDesc pOutput, // (inout) Output Buffers
unsigned long SEC_FAR * pfContextAttr, // (out) Context attrs
PTimeStamp ptsExpiry // (out) Life span (OPT)
);
SECURITY_STATUS
SEC_ENTRY
SaslInitializeSecurityContextA(
PCredHandle phCredential, // Cred to base context
PCtxtHandle phContext, // Existing context (OPT)
LPSTR pszTargetName, // Name of target
unsigned long fContextReq, // Context Requirements
unsigned long Reserved1, // Reserved, MBZ
unsigned long TargetDataRep, // Data rep of target
PSecBufferDesc pInput, // Input Buffers
unsigned long Reserved2, // Reserved, MBZ
PCtxtHandle phNewContext, // (out) New Context handle
PSecBufferDesc pOutput, // (inout) Output Buffers
unsigned long SEC_FAR * pfContextAttr, // (out) Context attrs
PTimeStamp ptsExpiry // (out) Life span (OPT)
);
#ifdef UNICODE
#define SaslInitializeSecurityContext SaslInitializeSecurityContextW
#else
#define SaslInitializeSecurityContext SaslInitializeSecurityContextA
#endif
SECURITY_STATUS
SEC_ENTRY
SaslAcceptSecurityContext(
PCredHandle phCredential, // Cred to base context
PCtxtHandle phContext, // Existing context (OPT)
PSecBufferDesc pInput, // Input buffer
unsigned long fContextReq, // Context Requirements
unsigned long TargetDataRep, // Target Data Rep
PCtxtHandle phNewContext, // (out) New context handle
PSecBufferDesc pOutput, // (inout) Output buffers
unsigned long SEC_FAR * pfContextAttr, // (out) Context attributes
PTimeStamp ptsExpiry // (out) Life span (OPT)
);
#define SASL_OPTION_SEND_SIZE 1 // Maximum size to send to peer
#define SASL_OPTION_RECV_SIZE 2 // Maximum size willing to receive
#define SASL_OPTION_AUTHZ_STRING 3 // Authorization string
#define SASL_OPTION_AUTHZ_PROCESSING 4 // Authorization string processing
typedef enum _SASL_AUTHZID_STATE {
Sasl_AuthZIDForbidden, // allow no AuthZID strings to be specified - error out (default)
Sasl_AuthZIDProcessed // AuthZID Strings processed by Application or SSP
} SASL_AUTHZID_STATE ;
SECURITY_STATUS
SEC_ENTRY
SaslSetContextOption(
PCtxtHandle ContextHandle,
ULONG Option,
PVOID Value,
ULONG Size
);
SECURITY_STATUS
SEC_ENTRY
SaslGetContextOption(
PCtxtHandle ContextHandle,
ULONG Option,
PVOID Value,
ULONG Size,
PULONG Needed OPTIONAL
);
#endif
#ifdef SECURITY_DOS
#if _MSC_VER >= 1200
#pragma warning(pop)
#else
#pragma warning(default:4147)
#endif
#endif
//
// This is the legacy credentials structure.
// The EX version below is preferred.
// begin_ntifs
#ifndef _AUTH_IDENTITY_DEFINED
#define _AUTH_IDENTITY_DEFINED
#define SEC_WINNT_AUTH_IDENTITY_ANSI 0x1
#define SEC_WINNT_AUTH_IDENTITY_UNICODE 0x2
typedef struct _SEC_WINNT_AUTH_IDENTITY_W {
unsigned short *User;
unsigned long UserLength;
unsigned short *Domain;
unsigned long DomainLength;
unsigned short *Password;
unsigned long PasswordLength;
unsigned long Flags;
} SEC_WINNT_AUTH_IDENTITY_W, *PSEC_WINNT_AUTH_IDENTITY_W;
// end_ntifs
typedef struct _SEC_WINNT_AUTH_IDENTITY_A {
unsigned char *User;
unsigned long UserLength;
unsigned char *Domain;
unsigned long DomainLength;
unsigned char *Password;
unsigned long PasswordLength;
unsigned long Flags;
} SEC_WINNT_AUTH_IDENTITY_A, *PSEC_WINNT_AUTH_IDENTITY_A;
#ifdef UNICODE
#define SEC_WINNT_AUTH_IDENTITY SEC_WINNT_AUTH_IDENTITY_W // ntifs
#define PSEC_WINNT_AUTH_IDENTITY PSEC_WINNT_AUTH_IDENTITY_W // ntifs
#define _SEC_WINNT_AUTH_IDENTITY _SEC_WINNT_AUTH_IDENTITY_W // ntifs
#else // UNICODE
#define SEC_WINNT_AUTH_IDENTITY SEC_WINNT_AUTH_IDENTITY_A
#define PSEC_WINNT_AUTH_IDENTITY PSEC_WINNT_AUTH_IDENTITY_A
#define _SEC_WINNT_AUTH_IDENTITY _SEC_WINNT_AUTH_IDENTITY_A
#endif // UNICODE
#endif //_AUTH_IDENTITY_DEFINED // ntifs
// begin_ntifs
//
// This is the combined authentication identity structure that may be
// used with the negotiate package, NTLM, Kerberos, or SCHANNEL
//
#ifndef SEC_WINNT_AUTH_IDENTITY_VERSION
#define SEC_WINNT_AUTH_IDENTITY_VERSION 0x200
typedef struct _SEC_WINNT_AUTH_IDENTITY_EXW {
unsigned long Version;
unsigned long Length;
unsigned short SEC_FAR *User;
unsigned long UserLength;
unsigned short SEC_FAR *Domain;
unsigned long DomainLength;
unsigned short SEC_FAR *Password;
unsigned long PasswordLength;
unsigned long Flags;
unsigned short SEC_FAR * PackageList;
unsigned long PackageListLength;
} SEC_WINNT_AUTH_IDENTITY_EXW, *PSEC_WINNT_AUTH_IDENTITY_EXW;
// end_ntifs
typedef struct _SEC_WINNT_AUTH_IDENTITY_EXA {
unsigned long Version;
unsigned long Length;
unsigned char SEC_FAR *User;
unsigned long UserLength;
unsigned char SEC_FAR *Domain;
unsigned long DomainLength;
unsigned char SEC_FAR *Password;
unsigned long PasswordLength;
unsigned long Flags;
unsigned char SEC_FAR * PackageList;
unsigned long PackageListLength;
} SEC_WINNT_AUTH_IDENTITY_EXA, *PSEC_WINNT_AUTH_IDENTITY_EXA;
#ifdef UNICODE
#define SEC_WINNT_AUTH_IDENTITY_EX SEC_WINNT_AUTH_IDENTITY_EXW // ntifs
#define PSEC_WINNT_AUTH_IDENTITY_EX PSEC_WINNT_AUTH_IDENTITY_EXW // ntifs
#else
#define SEC_WINNT_AUTH_IDENTITY_EX SEC_WINNT_AUTH_IDENTITY_EXA
#endif
// begin_ntifs
#endif // SEC_WINNT_AUTH_IDENTITY_VERSION
//
// Common types used by negotiable security packages
//
#define SEC_WINNT_AUTH_IDENTITY_MARSHALLED 0x4 // all data is in one buffer
#define SEC_WINNT_AUTH_IDENTITY_ONLY 0x8 // these credentials are for identity only - no PAC needed
// end_ntifs
//
// Routines for manipulating packages
//
typedef struct _SECURITY_PACKAGE_OPTIONS {
unsigned long Size;
unsigned long Type;
unsigned long Flags;
unsigned long SignatureSize;
void SEC_FAR * Signature;
} SECURITY_PACKAGE_OPTIONS, SEC_FAR * PSECURITY_PACKAGE_OPTIONS;
#define SECPKG_OPTIONS_TYPE_UNKNOWN 0
#define SECPKG_OPTIONS_TYPE_LSA 1
#define SECPKG_OPTIONS_TYPE_SSPI 2
#define SECPKG_OPTIONS_PERMANENT 0x00000001
SECURITY_STATUS
SEC_ENTRY
AddSecurityPackageA(
SEC_CHAR SEC_FAR * pszPackageName,
SECURITY_PACKAGE_OPTIONS SEC_FAR * Options
);
SECURITY_STATUS
SEC_ENTRY
AddSecurityPackageW(
SEC_WCHAR SEC_FAR * pszPackageName,
SECURITY_PACKAGE_OPTIONS SEC_FAR * Options
);
#ifdef UNICODE
#define AddSecurityPackage AddSecurityPackageW
#else
#define AddSecurityPackage AddSecurityPackageA
#endif
SECURITY_STATUS
SEC_ENTRY
DeleteSecurityPackageA(
SEC_CHAR SEC_FAR * pszPackageName );
SECURITY_STATUS
SEC_ENTRY
DeleteSecurityPackageW(
SEC_WCHAR SEC_FAR * pszPackageName );
#ifdef UNICODE
#define DeleteSecurityPackage DeleteSecurityPackageW
#else
#define DeleteSecurityPackage DeleteSecurityPackageA
#endif
#ifdef __cplusplus
} // extern "C"
#endif
// begin_ntifs
#endif // __SSPI_H__
// end_ntifs