You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
128 lines
3.4 KiB
128 lines
3.4 KiB
//+-----------------------------------------------------------------------
|
|
//
|
|
// Microsoft Windows
|
|
//
|
|
// Copyright (c) Microsoft Corporation 1992 - 1996
|
|
//
|
|
// File: userapi.h
|
|
//
|
|
// Contents: Structures and prototypes for user mode Kerberos functions
|
|
//
|
|
//
|
|
// History: 3-May-1996 Created MikeSw
|
|
//
|
|
//------------------------------------------------------------------------
|
|
|
|
#ifndef __USERAPI_H__
|
|
#define __USERAPI_H__
|
|
|
|
#include "krbprgma.h"
|
|
#include <gssapiP.h>
|
|
|
|
#ifdef EXTERN
|
|
#undef EXTERN
|
|
#endif
|
|
|
|
#ifdef USERAPI_ALLOCATE
|
|
#define EXTERN
|
|
#else
|
|
#define EXTERN extern
|
|
#endif // USERAPI_ALLOCATE
|
|
|
|
|
|
#ifndef WIN32_CHICAGO
|
|
EXTERN PSID KerbGlobalLocalSystemSid;
|
|
EXTERN PSID KerbGlobalAliasAdminsSid;
|
|
#endif // WIN32_CHICAGO
|
|
|
|
extern gss_OID_desc * gss_mech_krb5;
|
|
extern gss_OID_desc * gss_mech_krb5_new;
|
|
extern gss_OID_desc * gss_mech_krb5_u2u;
|
|
extern gss_OID_desc * gss_mech_krb5_spnego;
|
|
|
|
|
|
typedef struct _KERB_GSS_SIGNATURE {
|
|
BYTE SignatureAlgorithm[2]; // see below table for values
|
|
union {
|
|
BYTE SignFiller[4]; // filler, must be ff ff ff ff
|
|
struct {
|
|
BYTE SealAlgorithm[2];
|
|
BYTE SealFiller[2];
|
|
};
|
|
};
|
|
BYTE SequenceNumber[8];
|
|
BYTE Checksum[8];
|
|
} KERB_GSS_SIGNATURE, *PKERB_GSS_SIGNATURE;
|
|
|
|
#define KERB_GSS_SIG_CONFOUNDER_SIZE 8
|
|
|
|
typedef struct _KERB_GSS_SEAL_SIGNATURE {
|
|
KERB_GSS_SIGNATURE Signature;
|
|
BYTE Confounder[KERB_GSS_SIG_CONFOUNDER_SIZE];
|
|
} KERB_GSS_SEAL_SIGNATURE, *PKERB_GSS_SEAL_SIGNATURE;
|
|
|
|
typedef ULONG KERB_NULL_SIGNATURE, *PKERB_NULL_SIGNATURE;
|
|
|
|
|
|
|
|
//
|
|
// This value goes in the second bye of the signature algorithm
|
|
//
|
|
|
|
#define KERB_GSS_SIG_SECOND 0x00
|
|
|
|
//
|
|
// These values go in the first byte
|
|
//
|
|
|
|
#define KERB_GSS_SIG_DES_MAC_MD5 0x00
|
|
#define KERB_GSS_SIG_MD25 0x01
|
|
#define KERB_GSS_SIG_DES_MAC 0x02
|
|
|
|
|
|
#define KERB_GSS_SIG_HMAC 0x11
|
|
|
|
//
|
|
// These are sealing algorithm values
|
|
//
|
|
|
|
#define KERB_GSS_SEAL_DES_CBC 0x00
|
|
#define KERB_GSS_SEAL_RC4_OLD 0x11
|
|
#define KERB_GSS_SEAL_RC4 0x10
|
|
#define KERB_GSS_NO_SEAL 0xff
|
|
#define KERB_GSS_NO_SEAL_SECOND 0xff
|
|
|
|
//
|
|
// These are the flags passed in to MakeSignature and VerifySignature
|
|
// corresponding to the above flags, taken from RFC 1964
|
|
//
|
|
|
|
#define GSS_KRB5_INTEG_C_QOP_DEFAULT 0x0
|
|
#define GSS_KRB5_INTEG_C_QOP_MD5 0x1
|
|
#define GSS_KRB5_INTEG_C_QOP_DES_MD5 0x2
|
|
#define GSS_KRB5_INTEG_C_QOP_DES_MAC 0x3
|
|
|
|
|
|
/** constants **/
|
|
|
|
#define CKSUMTYPE_KG_CB 0x8003
|
|
|
|
#define KG_TOK_CTX_AP_REQ 0x0100
|
|
#define KG_TOK_CTX_AP_REP 0x0200
|
|
#define KG_TOK_CTX_ERROR 0x0300
|
|
#define KG_TOK_SIGN_MSG 0x0101
|
|
#define KG_TOK_SEAL_MSG 0x0201
|
|
#define KG_TOK_MIC_MSG 0x0101
|
|
#define KG_TOK_WRAP_MSG 0x0201
|
|
#define KG_TOK_DEL_CTX 0x0102
|
|
#define KG_TOK_CTX_TGT_REQ 0x0400
|
|
#define KG_TOK_CTX_TGT_REP 0x0401
|
|
|
|
#define KRB5_GSS_FOR_CREDS_OPTION 1
|
|
|
|
#define KERB_SIGN_FLAGS (ISC_RET_INTEGRITY | ISC_RET_SEQUENCE_DETECT | ISC_RET_REPLAY_DETECT)
|
|
|
|
#define KERB_IS_DES_ENCRYPTION(_x_) ((((_x_) >= KERB_ETYPE_DES_CBC_CRC) && \
|
|
((_x_) <= KERB_ETYPE_DES_CBC_MD5)) || \
|
|
((_x_) == KERB_ETYPE_DES_PLAIN))
|
|
#endif // __USERAPI_H__
|