Leaked source code of windows server 2003
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

1889 lines
45 KiB

//+-----------------------------------------------------------------------
//
// File: kerbcomm.h
//
// Contents: prototypes for common kerberos routines
//
//
// History: 15-May-1996 Created MikeSw
//
//------------------------------------------------------------------------
#ifndef _KERBCOMM_H_
#define _KERBCOMM_H_
#ifdef __cplusplus
extern "C"
{
#endif // __cplusplus
#include <rpc.h>
#include <rpcndr.h>
#ifndef WIN32_CHICAGO
#include <ntsam.h>
#endif // WIN32_CHICAGO
#include <windef.h>
#include <stdio.h>
#include <limits.h>
#include <winbase.h>
#include <winsock2.h>
#include <krb5.h>
#include <cryptdll.h>
#include <align.h>
#ifdef __cplusplus
}
#endif // _cplusplus
#include <krb5p.h>
#include <kerberr.h>
#include <exterr.h>
#include <kerbcred.h>
#ifndef WIN32_CHICAGO
// SECURITY_WIN32 is already defined
#include <security.h>
#endif // WIN32_CHICAGO
//////////////////////////////////////////////////////////////////////////
//
// Definitions (for lack of a better place)
//
//////////////////////////////////////////////////////////////////////////
//
// Message types
//
#define KRB_AS_REQ 10 // Request for initial authentication
#define KRB_AS_REP 11 // Response to KRB_AS_REQ request
#define KRB_TGS_REQ 12 // Request for authentication based on TGT
#define KRB_TGS_REP 13 // Response to KRB_TGS_REQ request
#define KRB_AP_REQ 14 // application request to server
#define KRB_AP_REP 15 // Response to KRB_AP_REQ_MUTUAL
#define KRB_TGT_REQ 16 // Request for TGT for user-to-user
#define KRB_TGT_REP 17 // Reply to TGT request
#define KRB_SAFE 20 // Safe (checksummed) application message
#define KRB_PRIV 21 // Private (encrypted) application message
#define KRB_CRED 22 // Private (encrypted) message to forward
// credentials
#define KRB_ERROR 30 // Error response
//
// Pre-auth data types
#define KRB5_PADATA_NONE 0
#define KRB5_PADATA_AP_REQ 1
#define KRB5_PADATA_TGS_REQ KRB5_PADATA_AP_REQ
#define KRB5_PADATA_ENC_TIMESTAMP 2
#define KRB5_PADATA_PW_SALT 3
#define KRB5_PADATA_ENC_UNIX_TIME 5 /* timestamp encrypted in key */
#define KRB5_PADATA_ENC_SANDIA_SECURID 6 /* SecurId passcode */
#define KRB5_PADATA_SESAME 7 /* Sesame project */
#define KRB5_PADATA_OSF_DCE 8 /* OSF DCE */
#define KRB5_CYBERSAFE_SECUREID 9 /* Cybersafe */
#define KRB5_PADATA_AFS3_SALT 10 /* Cygnus */
#define KRB5_PADATA_ETYPE_INFO 11 /* Etype info for preauth */
#define KRB5_PADATA_SAM_CHALLENGE 12 /* draft challenge system */
#define KRB5_PADATA_SAM_RESPONSE 13 /* draft challenge system response */
#define KRB5_PADATA_PK_AS_REQ 14 /* pkinit */
#define KRB5_PADATA_PK_AS_REP 15 /* pkinit */
#define KRB5_PADATA_PK_AS_SIGN 16 /* pkinit */
#define KRB5_PADATA_PK_KEY_REQ 17 /* pkinit */
#define KRB5_PADATA_PK_KEY_REP 18 /* pkinit */
#define KRB5_PADATA_REFERRAL_INFO 20 /* referral names for canonicalization */
#define KRB5_PADATA_PAC_REQUEST 128 /* allow client do request or ignore PAC */
#define KRB5_PADATA_FOR_USER 129 /* target client identity */
//
// Authorization data types
//
#define KERB_AUTH_OSF_DCE 64
#define KERB_AUTH_SESAME 65
//
// NT authorization data type definitions
//
#define KERB_AUTH_DATA_PAC 128 // entry id for a PAC in authorization data
#define KERB_AUTH_PROXY_ANNOTATION 139 // entry id for a proxy logon annotation string
#define KERB_AUTH_DATA_IF_RELEVANT 1 // entry id for optional auth data
#define KERB_AUTH_DATA_KDC_ISSUED 4 // entry id for data generated & signed by KDC
#define KERB_AUTH_DATA_TOKEN_RESTRICTIONS 141 // entry id for token restrictions
//
// Transited realm compression types:
//
#define DOMAIN_X500_COMPRESS 1
//
// Certificate types for PKINIT
//
#define KERB_CERTIFICATE_TYPE_X509 1
#define KERB_CERTIFICATE_TYPE_PGP 2
//
// Signature & seal types used by PKINIT
//
#define KERB_PKINIT_SIGNATURE_ALG CALG_MD5
#define KERB_PKINIT_EXPORT_SEAL_OID szOID_RSA_RC2CBC
#define KERB_PKINIT_EXPORT_SEAL_ETYPE KERB_ETYPE_RC2_CBC_ENV
#define KERB_PKINIT_SEAL_ETYPE KERB_ETYPE_DES_EDE3_CBC_ENV
#define KERB_PKINIT_SEAL_OID szOID_RSA_DES_EDE3_CBC
#define KERB_PKINIT_SIGNATURE_OID szOID_RSA_MD5RSA
#define KERB_PKINIT_KDC_CERT_TYPE szOID_PKIX_KP_SERVER_AUTH
#ifdef szOID_KP_SMARTCARD_LOGON
#define KERB_PKINIT_CLIENT_CERT_TYPE szOID_KP_SMARTCARD_LOGON
#else
#define KERB_PKINIT_CLIENT_CERT_TYPE "1.3.6.1.4.1.311.20.2.2"
#endif
//
// Transport information
//
#define KERB_KDC_PORT 88
#define KERB_KPASSWD_PORT 464
//
// KDC service principal
//
#define KDC_PRINCIPAL_NAME L"krbtgt"
#define KDC_PRINCIPAL_NAME_A "krbtgt"
#define KERB_HOST_STRING_A "host"
#define KERB_HOST_STRING L"host"
#define KERB_KPASSWD_FIRST_NAME L"kadmin"
#define KERB_KPASSWD_SECOND_NAME L"changepw"
//
// address types - corresponds to GSS types
//
#define KERB_ADDRTYPE_UNSPEC 0x0
#define KERB_ADDRTYPE_LOCAL 0x1
#define KERB_ADDRTYPE_INET 0x2
#define KERB_ADDRTYPE_IMPLINK 0x3
#define KERB_ADDRTYPE_PUP 0x4
#define KERB_ADDRTYPE_CHAOS 0x5
#define KERB_ADDRTYPE_NS 0x6
#define KERB_ADDRTYPE_NBS 0x7
#define KERB_ADDRTYPE_ECMA 0x8
#define KERB_ADDRTYPE_DATAKIT 0x9
#define KERB_ADDRTYPE_CCITT 0xA
#define KERB_ADDRTYPE_SNA 0xB
#define KERB_ADDRTYPE_DECnet 0xC
#define KERB_ADDRTYPE_DLI 0xD
#define KERB_ADDRTYPE_LAT 0xE
#define KERB_ADDRTYPE_HYLINK 0xF
#define KERB_ADDRTYPE_APPLETALK 0x10
#define KERB_ADDRTYPE_BSC 0x11
#define KERB_ADDRTYPE_DSS 0x12
#define KERB_ADDRTYPE_OSI 0x13
#define KERB_ADDRTYPE_NETBIOS 0x14
#define KERB_ADDRTYPE_X25 0x15
//
// Misc. Flags
//
#define KERB_EXPORT_KEY_FLAG 0x20000000
#define KERB_NO_KEY_VERSION 0
//
// SALT flags for encryption, from rfc1510 update 3des enctype
//
#define KERB_ENC_TIMESTAMP_SALT 1
#define KERB_TICKET_SALT 2
#define KERB_AS_REP_SALT 3
#define KERB_TGS_REQ_SESSKEY_SALT 4
#define KERB_TGS_REQ_SUBKEY_SALT 5
#define KERB_TGS_REQ_AP_REQ_AUTH_CKSUM_SALT 6
#define KERB_TGS_REQ_AP_REQ_AUTH_SALT 7
#define KERB_TGS_REP_SALT 8
#define KERB_TGS_REP_SUBKEY_SALT 9
#define KERB_AP_REQ_AUTH_CKSUM_SALT 10
#define KERB_AP_REQ_AUTH_SALT 11
#define KERB_AP_REP_SALT 12
#define KERB_PRIV_SALT 13
#define KERB_CRED_SALT 14
#define KERB_SAFE_SALT 15
#define KERB_NON_KERB_SALT 16
#define KERB_NON_KERB_CKSUM_SALT 17
#define KERB_KERB_ERROR_SALT 18
#define KERB_KDC_ISSUED_CKSUM_SALT 19
#define KERB_MANDATORY_TKT_EXT_CKSUM_SALT 20
#define KERB_AUTH_DATA_TKT_EXT_CKSUM_SALT 21
//
// Types for AP error data
//
#define KERB_AP_ERR_TYPE_NTSTATUS 1
#define KERB_AP_ERR_TYPE_SKEW_RECOVERY 2
#define KERB_ERR_TYPE_EXTENDED 3 // obselete
//
// Types for extended errors
//
#define TD_MUST_USE_USER2USER -128
#define TD_EXTENDED_ERROR -129
//
// PKINIT method errors
//
#define KERB_PKINIT_UNSPEC_ERROR 0 // not specified
#define KERB_PKINIT_BAD_PUBLIC_KEY 1 // cannot verify public key
#define KERB_PKINIT_INVALID_CERT 2 // invalid certificate
#define KERB_PKINIT_REVOKED_CERT 3 // revoked certificate
#define KERB_PKINIT_INVALID_KDC_NAME 4 // invalid KDC name
#define KERB_PKINIT_CLIENT_NAME_MISMATCH 5 // client name mismatch
//
// HACK for MAX_UNICODE_STRING, as KerbDuplicateString & others add a NULL
// terminator when doing the duplication
//
#define KERB_MAX_UNICODE_STRING (UNICODE_STRING_MAX_BYTES - sizeof(WCHAR))
#define KERB_MAX_STRING (UNICODE_STRING_MAX_BYTES - sizeof(CHAR))
//////////////////////////////////////////////////////////////////////////
//
// Structures
//
//////////////////////////////////////////////////////////////////////////
typedef struct _KERB_PREAUTH_DATA {
ULONG Flags;
} KERB_PREAUTH_DATA, *PKERB_PREAUTH_DATA;
#define KERBFLAG_LOGON 0x1
#define KERBFLAG_INTERACTIVE 0x2
//
// KDC-Kerberos interaction
//
#define KDC_START_EVENT L"\\Security\\KdcStartEvent"
#define KERB_MAX_CRYPTO_SYSTEMS 20
#define KERB_MAX_CRYPTO_SYSTEMS_SLOWBUFF 100
#define KERB_DEFAULT_AP_REQ_CSUM KERB_CHECKSUM_MD5
#define KERB_DEFAULT_PREAUTH_TYPE 0
//
// Registry parameters
//
#define KERB_PATH L"System\\CurrentControlSet\\Control\\Lsa\\Kerberos"
#define KERB_PARAMETER_PATH L"System\\CurrentControlSet\\Control\\Lsa\\Kerberos\\Parameters"
#define KERB_PARAMETER_SKEWTIME L"SkewTime"
#define KERB_PARAMETER_MAX_UDP_PACKET L"MaxPacketSize"
#define KERB_PARAMETER_START_TIME L"StartupTime"
#define KERB_PARAMETER_KDC_CALL_TIMEOUT L"KdcWaitTime"
#define KERB_PARAMETER_KDC_BACKOFF_TIME L"KdcBackoffTime"
#define KERB_PARAMETER_KDC_SEND_RETRIES L"KdcSendRetries"
#define KERB_PARAMETER_LOG_LEVEL L"LogLevel"
#define KERB_PARAMETER_DEFAULT_ETYPE L"DefaultEncryptionType"
#define KERB_PARAMETER_FAR_KDC_TIMEOUT L"FarKdcTimeout"
#define KERB_PARAMETER_NEAR_KDC_TIMEOUT L"NearKdcTimeout"
#define KERB_PARAMETER_STRONG_ENC_DG L"StronglyEncryptDatagram"
#define KERB_PARAMETER_MAX_REFERRAL_COUNT L"MaxReferralCount"
#define KERB_PARAMETER_MAX_TOKEN_SIZE L"MaxTokenSize"
#define KERB_PARAMETER_SPN_CACHE_TIMEOUT L"SpnCacheTimeout"
#define KERB_PARAMETER_S4UCACHE_TIMEOUT L"S4UCacheTimeout"
#define KERB_PARAMETER_S4UTICKET_LIFETIME L"S4UTicketLifetime"
#define KERB_PARAMETER_CACHE_S4UTICKET L"CacheS4UTickets"
#define KERB_PARAMETER_RETRY_PDC L"RetryPDC"
#define KERB_PARAMETER_REQUEST_OPTIONS L"RequestOptions"
#define KERB_PARAMETER_CLIENT_IP_ADDRESSES L"ClientIpAddresses"
#define KERB_PARAMETER_TGT_RENEWAL_TIME L"TgtRenewalTime"
#define KERB_PARAMETER_ALLOW_TGT_SESSION_KEY L"AllowTgtSessionKey"
#define KERB_PARAMETER_MAX_TICKETS L"MaximumTickets"
//
// Registry defaults
//
#define KERB_DEFAULT_LOGLEVEL 0
#define KERB_DEFAULT_USE_STRONG_ENC_DG FALSE
#define KERB_DEFAULT_CACHE_S4UTICKET TRUE
#define KERB_DEFAULT_CLIENT_IP_ADDRESSES 0
#define KERB_DEFAULT_TGT_RENEWAL_TIME 600
#define KERB_DEFAULT_ALLOW_TGT_SESSION_KEY FALSE
#define KERB_TICKET_COLLECTOR_INTERVAL 1000 * 60 * 15 // every 15 minutes
#define KERB_TICKET_COLLECTOR_THRESHHOLD 2000
//
// These are arbitrary sizes for max request and responses sizes for datagram
// requests.
//
// specifies how large a receive buffer to create for a datagram (UDP) read
#define KERB_MAX_KDC_RESPONSE_SIZE 4000
// specifies the incremental buffer size expansion to use to socket re-read
#define KERB_MAX_KDC_REQUEST_SIZE 4000
// initial setting (registry modifiable KERB_PARAMETER_MAX_UDP_PACKET)
// - controls kerberos client message size threshold for change from UDP to TCP
#define KERB_MAX_DATAGRAM_SIZE 1465
// initial setting (registry modifiable) - controls KDC message reply size threshold for request change from UDP to TCP
// original default was KERB_MAX_KDC_RESPONSE_SIZE = 4000 Raid 632547
#define KERB_MAX_DATAGRAM_REPLY_SIZE 1465
#define KERB_MAX_RETRIES 3
#define KERB_MAX_REFERRAL_COUNT 3
//
// timeout values in minutes and appropriate minimums.
//
#define KERB_BINDING_FAR_DC_TIMEOUT 10
#define KERB_BINDING_NEAR_DC_TIMEOUT 30
#define KERB_SPN_CACHE_TIMEOUT 15
#define KERB_S4U_CACHE_TIMEOUT 15
#define KERB_S4U_QUERY_INTERVAL 15
#define KERB_S4U_TICKET_LIFETIME 15
#define KERB_DEFAULT_SKEWTIME 5
#define KERB_MIN_S4UTICKET_LIFETIME 5
//
// Network service session timer callback frequency
//
#define KERB_SKLIST_CALLBACK_FEQ 10
//
// timeout values in seconds
//
#define KERB_KDC_CALL_TIMEOUT 5
#define KERB_KDC_CALL_TIMEOUT_BACKOFF 5
#define KERB_KDC_WAIT_TIME 120
//
// BER encoding values
//
#define KERB_BER_APPLICATION_TAG 0xc0
#define KERB_BER_APPLICATION_MASK 0x1f
#define KERB_TGS_REQ_TAG 12
#define KERB_AS_REQ_TAG 10
#define KERB_TGS_REP_TAG 13
#define KERB_AS_REP_TAG 11
#define KERB_ERROR_TAG 30
//
// Common types
//
typedef struct _KERB_MESSAGE_BUFFER {
ULONG BufferSize;
PUCHAR Buffer;
} KERB_MESSAGE_BUFFER, *PKERB_MESSAGE_BUFFER;
typedef enum _KERB_ACCOUNT_TYPE {
UserAccount,
MachineAccount,
DomainTrustAccount,
UnknownAccount
} KERB_ACCOUNT_TYPE, *PKERB_ACCOUNT_TYPE;
//
// This is the maximum number of elements in a KERB_INTERNAL_NAME
//
#define MAX_NAME_ELEMENTS 20
typedef struct _KERB_INTERNAL_NAME {
SHORT NameType;
USHORT NameCount;
UNICODE_STRING Names[ANYSIZE_ARRAY];
} KERB_INTERNAL_NAME, *PKERB_INTERNAL_NAME;
//
// Prototypes
//
#ifdef __cplusplus
class CAuthenticatorList;
KERBERR NTAPI
KerbCheckTicket(
IN PKERB_TICKET PackedTicket,
IN PKERB_ENCRYPTED_DATA EncryptedAuthenticator,
IN PKERB_ENCRYPTION_KEY pkKey,
IN OUT CAuthenticatorList * AuthenticatorList,
IN PTimeStamp SkewTime,
IN ULONG ServiceNameCount,
IN OPTIONAL PUNICODE_STRING ServiceName,
IN OPTIONAL PUNICODE_STRING ServiceRealm,
IN BOOLEAN CheckForReplay,
IN BOOLEAN KdcRequest,
OUT PKERB_ENCRYPTED_TICKET * EncryptTicket,
OUT PKERB_AUTHENTICATOR * Authenticator,
OUT PKERB_ENCRYPTION_KEY pkSessionKey,
OUT OPTIONAL PKERB_ENCRYPTION_KEY pkTicketKey,
OUT PBOOLEAN UseSubKey
);
extern "C" {
#endif // __cplusplus
KERBERR
KerbVerifyTicket(
IN PKERB_TICKET PackedTicket,
IN ULONG NameCount,
IN OPTIONAL PUNICODE_STRING ServiceNames,
IN OPTIONAL PUNICODE_STRING ServiceRealm,
IN PKERB_ENCRYPTION_KEY ServiceKey,
IN OPTIONAL PTimeStamp SkewTime,
OUT PKERB_ENCRYPTED_TICKET * DecryptedTicket
);
BOOLEAN
KerbVerifyClientAddress(
IN SOCKADDR * ClientAddress,
IN PKERB_HOST_ADDRESSES Addresses
);
KERBERR NTAPI
KerbPackTicket(
IN PKERB_TICKET InternalTicket,
IN PKERB_ENCRYPTION_KEY pkKey,
IN ULONG KeyVersion,
OUT PKERB_TICKET PackedTicket
);
VOID
KerbPrintPrincipalName(
IN ULONG DebugLevel,
IN PKERB_PRINCIPAL_NAME Name
);
NTSTATUS
KerbHashS4UPreauth(
IN PKERB_PA_FOR_USER S4UPreauth,
IN PKERB_ENCRYPTION_KEY Key,
IN LONG ChecksumType,
IN OUT PKERB_CHECKSUM CheckSum
);
VOID KerbPrintKerbRealm(
IN ULONG DebugLevel,
IN PKERB_REALM Realm
);
KERBERR NTAPI
KerbUnpackTicket(
IN PKERB_TICKET PackedTicket,
IN PKERB_ENCRYPTION_KEY pkKey,
OUT PKERB_ENCRYPTED_TICKET * InternalTicket
);
// VOID NTAPI
// KerbFreeTicket(
// IN PKERB_ENCRYPTED_TICKET Ticket
// );
#define KerbFreeTicket( Ticket ) \
KerbFreeData( \
KERB_ENCRYPTED_TICKET_PDU, \
(Ticket) \
)
KERBERR NTAPI
KerbDuplicateTicket(
OUT PKERB_TICKET DestinationTicket,
IN PKERB_TICKET SourceTicket
);
VOID
KerbFreeDuplicatedTicket(
IN PKERB_TICKET Ticket
);
VOID
CheckForOutsideStringToKey();
KERBERR NTAPI
KerbHashPassword(
IN PUNICODE_STRING Password,
IN ULONG EncryptionType,
OUT PKERB_ENCRYPTION_KEY Key
);
KERBERR NTAPI
KerbHashPasswordEx(
IN PUNICODE_STRING Password,
IN PUNICODE_STRING PrincipalName,
IN ULONG EncryptionType,
OUT PKERB_ENCRYPTION_KEY Key
);
KERBERR NTAPI
KerbMakeKey(
IN ULONG EncryptionType,
OUT PKERB_ENCRYPTION_KEY NewKey
);
BOOLEAN
KerbIsKeyExportable(
IN PKERB_ENCRYPTION_KEY Key
);
KERBERR
KerbMakeExportableKey(
IN ULONG KeyType,
OUT PKERB_ENCRYPTION_KEY NewKey
);
KERBERR NTAPI
KerbCreateKeyFromBuffer(
OUT PKERB_ENCRYPTION_KEY NewKey,
IN PUCHAR Buffer,
IN ULONG BufferSize,
IN ULONG EncryptionType
);
KERBERR NTAPI
KerbDuplicateKey(
OUT PKERB_ENCRYPTION_KEY NewKey,
IN PKERB_ENCRYPTION_KEY Key
);
VOID
KerbFreeKey(
IN PKERB_ENCRYPTION_KEY Key
);
PKERB_ENCRYPTION_KEY
KerbGetKeyFromList(
IN PKERB_STORED_CREDENTIAL Passwords,
IN ULONG EncryptionType
);
PKERB_ENCRYPTION_KEY
KerbGetKeyFromListByIndex(
IN PKERB_STORED_CREDENTIAL Passwords,
IN ULONG EncryptionType,
OUT PULONG pIndex
);
KERBERR
KerbFindCommonCryptSystem(
IN PKERB_CRYPT_LIST CryptList,
IN PKERB_STORED_CREDENTIAL Passwords,
IN OPTIONAL PKERB_STORED_CREDENTIAL MorePasswords,
OUT PKERB_ENCRYPTION_KEY * Key
);
KERBERR
KerbFindCommonCryptSystemForSKey(
IN PKERB_CRYPT_LIST CryptList,
IN PKERB_CRYPT_LIST CryptListSupported,
OUT ULONG * Etype
);
KERBERR NTAPI
KerbRandomFill(
IN OUT PUCHAR pbBuffer,
IN ULONG cbBuffer
);
KERBERR NTAPI
KerbCreateAuthenticator(
IN PKERB_ENCRYPTION_KEY pkKey,
IN ULONG SequenceNumber,
OUT OPTIONAL PTimeStamp pAuthenticatorTime,
IN PKERB_INTERNAL_NAME ClientName,
IN PUNICODE_STRING ClientRealm,
IN PTimeStamp ptsTime,
IN PKERB_ENCRYPTION_KEY pkSubKey,
IN OPTIONAL PKERB_CHECKSUM GssChecksum,
IN BOOLEAN KdcRequest,
OUT PKERB_ENCRYPTED_DATA Authenticator
);
KERBERR NTAPI
KerbUnpackAuthenticator(
IN PKERB_ENCRYPTION_KEY Key,
IN PKERB_ENCRYPTED_DATA EncryptedAuthenticator,
IN BOOLEAN KdcRequest,
OUT PKERB_AUTHENTICATOR * Authenticator
);
DWORD
KerbCopyDomainRelativeSid(
OUT PSID TargetSid,
IN PSID DomainId,
IN ULONG RelativeId
);
// VOID NTAPI
// KerbFreeAuthenticator(
// IN PKERB_AUTHENTICATOR Authenticator
// );
#define KerbFreeAuthenticator( Authenticator ) \
KerbFreeData( \
KERB_AUTHENTICATOR_PDU, \
(Authenticator) \
)
KERBERR NTAPI
KerbPackKdcReplyBody(
IN PKERB_ENCRYPTED_KDC_REPLY ReplyBody,
IN PKERB_ENCRYPTION_KEY Key,
IN ULONG KeyVersion,
IN ULONG KeySalt,
IN ULONG Pdu,
OUT PKERB_ENCRYPTED_DATA EncryptedReply
);
KERBERR NTAPI
KerbUnpackKdcReplyBody(
IN PKERB_ENCRYPTED_DATA EncryptedReplyBody,
IN PKERB_ENCRYPTION_KEY Key,
IN ULONG Pdu,
OUT PKERB_ENCRYPTED_KDC_REPLY * ReplyBody
);
KERBERR NTAPI
KerbPackData(
IN PVOID Data,
IN ULONG PduValue,
OUT PULONG DataSize,
OUT PUCHAR * MarshalledData
);
KERBERR NTAPI
KerbUnpackData(
IN PUCHAR Data,
IN ULONG DataSize,
IN ULONG PduValue,
OUT PVOID * DecodedData
);
VOID
KerbFreeData(
IN ULONG PduValue,
IN PVOID Data
);
// KERBERR NTAPI
// KerbPackAsReply(
// IN PKERB_KDC_REPLY ReplyMessage,
// OUT PULONG ReplySize,
// OUT PUCHAR * MarshalledReply
// );
#define KerbPackAsReply( ReplyMessage, ReplySize, MarshalledReply ) \
KerbPackData( \
(PVOID) (ReplyMessage), \
KERB_AS_REPLY_PDU, \
(ReplySize), \
(MarshalledReply) \
)
// KERBERR NTAPI
// KerbUnpackAsReply(
// IN PUCHAR ReplyMessage,
// IN ULONG ReplySize,
// OUT PKERB_KDC_REPLY * Reply
// );
#define KerbUnpackAsReply( ReplyMessage, ReplySize, Reply ) \
KerbUnpackData( \
(ReplyMessage), \
(ReplySize), \
KERB_AS_REPLY_PDU, \
(PVOID *) (Reply) \
)
// VOID
// KerbFreeAsReply(
// IN PKERB_KDC_REPLY Request
// );
#define KerbFreeAsReply( Request) \
KerbFreeData( \
KERB_AS_REPLY_PDU, \
(PVOID) (Request) \
)
// KERBERR NTAPI
// KerbPackTgsReply(
// IN PKERB_KDC_REPLY ReplyMessage,
// OUT PULONG ReplySize,
// OUT PUCHAR * MarshalledReply
// );
#define KerbPackTgsReply( ReplyMessage, ReplySize, MarshalledReply ) \
KerbPackData( \
(PVOID) (ReplyMessage), \
KERB_TGS_REPLY_PDU, \
(ReplySize), \
(MarshalledReply) \
)
// KERBERR NTAPI
// KerbUnpackTgsReply(
// IN PUCHAR ReplyMessage,
// IN ULONG ReplySize,
// OUT PKERB_KDC_REPLY * Reply
// );
#define KerbUnpackTgsReply( ReplyMessage, ReplySize, Reply ) \
KerbUnpackData( \
(ReplyMessage), \
(ReplySize), \
KERB_TGS_REPLY_PDU, \
(PVOID *) (Reply) \
)
// VOID
// KerbFreeTgsReply(
// IN PKERB_KDC_REPLY Request
// );
#define KerbFreeTgsReply( Request) \
KerbFreeData( \
KERB_TGS_REPLY_PDU, \
(PVOID) (Request) \
)
// VOID
// KerbFreeKdcReplyBody(
// IN PKERB_ENCRYPTED_KDC_REPLY Request
// );
#define KerbFreeKdcReplyBody( Request) \
KerbFreeData( \
KERB_ENCRYPTED_TGS_REPLY_PDU, \
(PVOID) (Request) \
)
// KERBERR NTAPI
// KerbPackAsRequest(
// IN PKERB_KDC_REQUEST RequestMessage,
// OUT PULONG RequestSize,
// OUT PUCHAR * MarshalledRequest
// );
#define KerbPackAsRequest( RequestMessage, RequestSize, MarshalledRequest )\
KerbPackData( \
(PVOID) (RequestMessage), \
KERB_AS_REQUEST_PDU, \
(RequestSize), \
(MarshalledRequest) \
)
// KERBERR NTAPI
// KerbUnpackAsRequest(
// IN PUCHAR RequestMessage,
// IN ULONG RequestSize,
// OUT PKERB_KDC_REQUEST * Request
// );
#define KerbUnpackAsRequest( RequestMessage, RequestSize, Request ) \
KerbUnpackData( \
(RequestMessage), \
(RequestSize), \
KERB_AS_REQUEST_PDU, \
(PVOID *) (Request) \
)
// VOID
// KerbFreeAsRequest(
// IN PKERB_KDC_REQUEST Request
// );
#define KerbFreeAsRequest( Request) \
KerbFreeData( \
KERB_TGS_REQUEST_PDU, \
(PVOID) (Request) \
)
// KERBERR NTAPI
// KerbPackTgsRequest(
// IN PKERB_KDC_REQUEST RequestMessage,
// OUT PULONG RequestSize,
// OUT PUCHAR * MarshalledRequest
// );
#define KerbPackTgsRequest( RequestMessage, RequestSize, MarshalledRequest )\
KerbPackData( \
(PVOID) (RequestMessage), \
KERB_TGS_REQUEST_PDU, \
(RequestSize), \
(MarshalledRequest) \
)
// KERBERR NTAPI
// KerbUnpackTgsRequest(
// IN PUCHAR RequestMessage,
// IN ULONG RequestSize,
// OUT PKERB_KDC_REQUEST * Request
// );
#define KerbUnpackTgsRequest( RequestMessage, RequestSize, Request ) \
KerbUnpackData( \
(RequestMessage), \
(RequestSize), \
KERB_TGS_REQUEST_PDU, \
(PVOID *) (Request) \
)
// VOID
// KerbFreeTgsRequest(
// IN PKERB_KDC_REQUEST Request
// );
#define KerbFreeTgsRequest( Request) \
KerbFreeData( \
KERB_TGS_REQUEST_PDU, \
(PVOID) (Request) \
)
// KERBERR NTAPI
// KerbPackEncryptedData(
// IN PKERB_ENCRYPTED_DATA EncryptedData,
// OUT PULONG DataSize,
// OUT PUCHAR * MarshalledData
// );
#define KerbPackEncryptedData( EncryptedData, DataSize, MarshalledData ) \
KerbPackData( \
(PVOID) (EncryptedData), \
KERB_ENCRYPTED_DATA_PDU, \
(DataSize), \
(PUCHAR *) (MarshalledData) \
)
// KERBERR NTAPI
// KerbUnpackEncryptedData(
// IN PUCHAR EncryptedData,
// IN ULONG DataSize,
// OUT PKERB_ENCRYPTED_DATA * Data
// );
#define KerbUnpackEncryptedData( EncryptedData,DataSize,Data ) \
KerbUnpackData( \
(EncryptedData), \
(DataSize), \
KERB_ENCRYPTED_DATA_PDU, \
(PVOID *) (Data) \
)
// VOID
// KerbFreeEncryptedData(
// IN PKERB_ENCRYPTED_DATA EncryptedData
// );
#define KerbFreeEncryptedData( EncryptedData) \
KerbFreeData( \
KERB_ENCRYPTED_DATA_PDU, \
(PVOID) (EncryptedData) \
)
#ifdef notdef
// KERBERR NTAPI
// KerbPackAuthData(
// IN PKERB_AUTHORIZATION_DATA AuthData,
// OUT PULONG AuthDataSize,
// OUT PUCHAR * MarshalledAuthData
// );
#define KerbPackAuthData( AuthData, AuthDataSize, MarshalledAuthData ) \
KerbPackData( \
(PVOID) (AuthData), \
KERB_AUTHORIZATION_DATA_PDU, \
(AuthDataSize), \
(MarshalledAuthData) \
)
// KERBERR NTAPI
// KerbUnpackAuthData(
// IN PUCHAR PackedAuthData,
// IN ULONG AuthDataSize,
// OUT PKERB_AUTHORIZATION_DATA * AuthData
// );
#define KerbUnpackAuthData( PackedAuthData, AuthDataSize, AuthData ) \
KerbUnpackData( \
(PackedAuthData), \
(AuthDataSize), \
KERB_AUTHORIZATION_DATA_PDU, \
(PVOID *) (AuthData) \
)
// VOID
// KerbFreeAuthData(
// IN PKERB_AUTH_DATA AuthData
// );
#define KerbFreeAuthData( AuthData) \
KerbFreeData( \
KERB_AUTHORIZATION_DATA_PDU, \
(PVOID) (AuthData) \
)
#endif // notdef
VOID
KerbFreeAuthData(
IN PKERB_AUTHORIZATION_DATA AuthData
);
// KERBERR NTAPI
// KerbPackApRequest(
// IN PKERB_AP_REQUEST ApRequestMessage,
// OUT PULONG ApRequestSize,
// OUT PUCHAR * MarshalledApRequest
// );
#define KerbPackApRequest( ApRequestMessage, ApRequestSize, MarshalledApRequest ) \
KerbPackData( \
(PVOID) (ApRequestMessage), \
KERB_AP_REQUEST_PDU, \
(ApRequestSize), \
(MarshalledApRequest) \
)
// KERBERR NTAPI
// KerbUnpackApRequest(
// IN PUCHAR ApRequestMessage,
// IN ULONG ApRequestSize,
// OUT PKERB_AP_REQUEST * ApRequest
// );
#define KerbUnpackApRequest( ApRequestMessage,ApRequestSize, ApRequest) \
KerbUnpackData( \
(ApRequestMessage), \
(ApRequestSize), \
KERB_AP_REQUEST_PDU, \
(PVOID *) (ApRequest) \
)
// VOID
// KerbFreeApRequest(
// IN PKERB_AP_REQUEST Request
// );
#define KerbFreeApRequest( Request) \
KerbFreeData( \
KERB_AP_REQUEST_PDU, \
(PVOID) (Request) \
)
// KERBERR NTAPI
// KerbPackApReply(
// IN PKERB_AP_REPLY ApReplyMessage,
// OUT PULONG ApReplySize,
// OUT PUCHAR * MarshalledApReply
// );
#define KerbPackApReply( ApReplyMessage, ApReplySize, MarshalledApReply ) \
KerbPackData( \
(PVOID) (ApReplyMessage), \
KERB_AP_REPLY_PDU, \
(ApReplySize), \
(MarshalledApReply) \
)
// KERBERR NTAPI
// KerbUnpackApReply(
// IN PUCHAR ApReplyMessage,
// IN ULONG ApReplySize,
// OUT PKERB_AP_REPLY * ApReply
// );
#define KerbUnpackApReply( ApReplyMessage,ApReplySize, ApReply) \
KerbUnpackData( \
(ApReplyMessage), \
(ApReplySize), \
KERB_AP_REPLY_PDU, \
(PVOID *) (ApReply) \
)
// VOID
// KerbFreeApReply(
// IN PKERB_AP_REPLY Reply
// );
#define KerbFreeApReply( Reply) \
KerbFreeData( \
KERB_AP_REPLY_PDU, \
(PVOID) (Reply) \
)
// KERBERR NTAPI
// KerbPackApReplyBody(
// IN PKERB_ENCRYPTED_AP_REPLY ApReplyBodyMessage,
// OUT PULONG ApReplyBodySize,
// OUT PUCHAR * MarshalledApReplyBody
// );
#define KerbPackApReplyBody( ApReplyBodyMessage, ApReplyBodySize, MarshalledApReplyBody ) \
KerbPackData( \
(PVOID) (ApReplyBodyMessage), \
KERB_ENCRYPTED_AP_REPLY_PDU, \
(ApReplyBodySize), \
(MarshalledApReplyBody) \
)
// KERBERR NTAPI
// KerbUnpackApReplyBody(
// IN PUCHAR ApReplyBodyMessage,
// IN ULONG ApReplyBodySize,
// OUT PKERB_ENCRYPTED_AP_REPLY * ApReplyBody
// );
#define KerbUnpackApReplyBody( ApReplyBodyMessage,ApReplyBodySize, ApReplyBody) \
KerbUnpackData( \
(ApReplyBodyMessage), \
(ApReplyBodySize), \
KERB_ENCRYPTED_AP_REPLY_PDU, \
(PVOID *) (ApReplyBody) \
)
// VOID
// KerbFreeApReplyBody(
// IN PKERB_ENCRYPTED_AP_REPLY ReplyBody
// );
#define KerbFreeApReplyBody( ReplyBody) \
KerbFreeData( \
KERB_ENCRYPTED_AP_REPLY_PDU, \
(PVOID) (ReplyBody) \
)
// KERBERR NTAPI
// KerbUnmarshallTicket(
// IN PUCHAR TicketMessage,
// IN ULONG TicketSize,
// OUT PKERB_ENCRYPTED_TICKET * Ticket
// );
#define KerbUnmarshallTicket( TicketMessage, TicketSize, Ticket ) \
KerbUnpackData( \
(TicketMessage), \
(TicketSize), \
KERB_ENCRYPTED_TICKET_PDU, \
(PVOID *) (Ticket) \
)
// KERBERR NTAPI
// KerbPackEncryptedCred(
// IN PKERB_ENCRYPTED_CRED EncryptedCred,
// OUT PULONG CredSize,
// OUT PUCHAR * MarshalledCred
// );
#define KerbPackEncryptedCred( EncryptedCred, CredSize, MarshalledCred ) \
KerbPackData( \
(PVOID) (EncryptedCred), \
KERB_ENCRYPTED_CRED_PDU, \
(CredSize), \
(MarshalledCred) \
)
// KERBERR NTAPI
// KerbUnpackEncryptedCred(
// IN PUCHAR EncryptedCred,
// IN ULONG CredSize,
// OUT PKERB_ENCRYPTED_CRED * Cred
// );
#define KerbUnpackEncryptedCred( EncryptedCred,CredSize,Cred ) \
KerbUnpackData( \
(EncryptedCred), \
(CredSize), \
KERB_ENCRYPTED_CRED_PDU, \
(PVOID *) (Cred) \
)
// VOID
// KerbFreeEncryptedCred(
// IN PKERB_ENCRYPTED_CRED EncryptedCred
// );
#define KerbFreeEncryptedCred( EncryptedCred) \
KerbFreeData( \
KERB_ENCRYPTED_CRED_PDU, \
(PVOID) (EncryptedCred) \
)
// KERBERR NTAPI
// KerbPackKerbCred(
// IN PKERB_CRED KerbCred,
// OUT PULONG KerbCredSize,
// OUT PUCHAR * MarshalledKerbCred
// );
#define KerbPackKerbCred( KerbCred, KerbCredSize, MarshalledKerbCred ) \
KerbPackData( \
(PVOID) (KerbCred), \
KERB_CRED_PDU, \
(KerbCredSize), \
(MarshalledKerbCred) \
)
// KERBERR NTAPI
// KerbUnpackKerbCred(
// IN PUCHAR MarshalledKerbCred,
// IN ULONG KerbCredSize,
// OUT PKERB_CRED * KerbCred
// );
#define KerbUnpackKerbCred( MarshalledKerbCred,KerbCredSize,KerbCred ) \
KerbUnpackData( \
(MarshalledKerbCred), \
(KerbCredSize), \
KERB_CRED_PDU, \
(PVOID *) (KerbCred) \
)
// VOID
// KerbFreeKerbCred(
// IN PKERB_CRED KerbCred
// );
#define KerbFreeKerbCred( KerbCred) \
KerbFreeData( \
KERB_CRED_PDU, \
(PVOID) (KerbCred) \
)
// KERBERR NTAPI
// KerbPackKerbError(
// IN PKERB_ERROR ErrorMessage,
// OUT PULONG ErrorSize,
// OUT PUCHAR * MarshalledError
// );
#define KerbPackKerbError( ErrorMessage, ErrorSize, MarshalledError ) \
KerbPackData( \
(PVOID) (ErrorMessage), \
KERB_ERROR_PDU, \
(ErrorSize), \
(MarshalledError) \
)
// KERBERR NTAPI
// KerbUnpackKerbError(
// IN PUCHAR ErrorMessage,
// IN ULONG ErrorSize,
// OUT PKERB_ERROR * Error
// );
#define KerbUnpackKerbError( ErrorMessage, ErrorSize, Error ) \
KerbUnpackData( \
(ErrorMessage), \
(ErrorSize), \
KERB_ERROR_PDU, \
(PVOID *) (Error) \
)
// VOID
// KerbFreeKerbError(
// IN PKERB_ERROR Request
// );
#define KerbFreeKerbError( Error ) \
KerbFreeData( \
KERB_ERROR_PDU, \
(PVOID) (Error) \
)
// KERBERR NTAPI
// KerbPackEncryptedTime(
// IN PKERB_ENCRYPTED_TIMESTAMP EncryptedTimeMessage,
// OUT PULONG EncryptedTimeSize,
// OUT PUCHAR * MarshalledEncryptedTime
// );
#define KerbPackEncryptedTime( EncryptedTimeMessage, EncryptedTimeSize, MarshalledEncryptedTime ) \
KerbPackData( \
(PVOID) (EncryptedTimeMessage), \
KERB_ENCRYPTED_TIMESTAMP_PDU, \
(EncryptedTimeSize), \
(MarshalledEncryptedTime) \
)
// KERBERR NTAPI
// KerbUnpackEncryptedTime(
// IN PUCHAR EncryptedTimeMessage,
// IN ULONG EncryptedTimeSize,
// OUT PKERB_ENCRYPTED_TIMESTAMP * EncryptedTime
// );
#define KerbUnpackEncryptedTime( EncryptedTimeMessage, EncryptedTimeSize, EncryptedTime ) \
KerbUnpackData( \
(EncryptedTimeMessage), \
(EncryptedTimeSize), \
KERB_ENCRYPTED_TIMESTAMP_PDU, \
(PVOID *) (EncryptedTime) \
)
// VOID
// KerbFreeEncryptedTime(
// IN PKERB_ENCRYPTED_TIMESTAMP EncryptedTime
// );
#define KerbFreeEncryptedTime( EncryptedTime ) \
KerbFreeData( \
KERB_ENCRYPTED_TIMESTAMP_PDU, \
(PVOID) (EncryptedTime) \
)
KERBERR
KerbAllocateEncryptionBuffer(
IN ULONG EncryptionType,
IN ULONG BufferSize,
OUT PUINT EncryptionBufferSize,
OUT PBYTE * EncryptionBuffer
);
KERBERR
KerbAllocateEncryptionBufferWrapper(
IN ULONG EncryptionType,
IN ULONG BufferSize,
OUT unsigned long * EncryptionBufferSize,
OUT PBYTE * EncryptionBuffer
);
KERBERR NTAPI
KerbEncryptData(
OUT PKERB_ENCRYPTED_DATA EncryptedData,
IN ULONG DataSize,
IN PUCHAR Data,
IN ULONG Algorithm,
IN PKERB_ENCRYPTION_KEY Key
);
KERBERR NTAPI
KerbDecryptData(
IN PKERB_ENCRYPTED_DATA EncryptedData,
IN PKERB_ENCRYPTION_KEY pkKey,
OUT PULONG DataSize,
OUT PUCHAR Data
);
KERBERR NTAPI
KerbEncryptDataEx(
OUT PKERB_ENCRYPTED_DATA EncryptedData,
IN ULONG DataSize,
IN PUCHAR Data,
IN ULONG KeyVersion,
IN ULONG UsageFlags,
IN PKERB_ENCRYPTION_KEY Key
);
KERBERR NTAPI
KerbDecryptDataEx(
IN PKERB_ENCRYPTED_DATA EncryptedData,
IN PKERB_ENCRYPTION_KEY pkKey,
IN ULONG UsageFlags,
OUT PULONG DataSize,
OUT PUCHAR Data
);
#ifndef WIN32_CHICAGO
KERBERR NTAPI
KerbCheckSumVerify(
IN PUCHAR pbBuffer,
IN ULONG cbBuffer,
OUT PKERB_CHECKSUM pcsCheck
);
KERBERR NTAPI
KerbCheckSum(
PUCHAR pbData,
ULONG cbData,
PCHECKSUM_FUNCTION pcsfSum,
PKERB_CHECKSUM pcsCheckSum
);
#endif // WIN32_CHICAGO
KERBERR
KerbGetEncryptionOverhead(
IN ULONG Algorithm,
OUT PULONG Overhead,
OUT OPTIONAL PULONG BlockSize
);
NTSTATUS
KerbDuplicateSid(
OUT PSID * DestinationSid,
IN PSID SourceSid
);
NTSTATUS
KerbConvertStringToSid(
IN PUNICODE_STRING String,
OUT PSID * Sid
);
NTSTATUS
KerbConvertSidToString(
IN PSID Sid,
OUT PUNICODE_STRING String,
IN BOOLEAN AllocateDestination
);
KERBERR
KerbExtractSidFromKdcName(
IN OUT PKERB_INTERNAL_NAME Name,
OUT PSID * Sid
);
KERBERR
KerbBuildFullServiceKdcNameWithSid(
IN PUNICODE_STRING DomainName,
IN PUNICODE_STRING ServiceName,
IN OPTIONAL PSID Sid,
IN ULONG NameType,
OUT PKERB_INTERNAL_NAME * FullServiceName
);
NTSTATUS
KerbDuplicateString(
OUT PUNICODE_STRING DestinationString,
IN OPTIONAL PUNICODE_STRING SourceString
);
LPWSTR
KerbBuildNullTerminatedString(
IN PUNICODE_STRING String
);
VOID
KerbFreeString(
IN OPTIONAL PUNICODE_STRING String
);
VOID
KerbFreeRealm(
IN PKERB_REALM Realm
);
KERBERR
KerbCompareUnicodeRealmToKerbRealm(
IN PKERB_REALM KerbRealm,
IN PUNICODE_STRING UnicodeRealm,
OUT PBOOLEAN Result
);
VOID
KerbFreePrincipalName(
IN PKERB_PRINCIPAL_NAME Name
);
#ifndef WIN32_CHICAGO
KERBERR
KerbCheckLogonRestrictions(
IN PVOID UserHandle,
IN PUNICODE_STRING Workstation,
IN PUSER_ALL_INFORMATION UserAll,
IN ULONG LogonRestrictionsFlags,
OUT PTimeStamp LogoffTime,
OUT PNTSTATUS RetStatus
);
#include <pacndr.h>
NTSTATUS
PAC_EncodeTokenRestrictions(
IN PKERB_TOKEN_RESTRICTIONS TokenRestrictions,
OUT PBYTE * EncodedData,
OUT PULONG DataSize
);
NTSTATUS
PAC_DecodeTokenRestrictions(
IN PBYTE EncodedData,
IN ULONG DataSize,
OUT PKERB_TOKEN_RESTRICTIONS * TokenRestrictions
);
#define KERB_TOKEN_RESTRICTION_DISABLE_GROUPS 1
#define KERB_TOKEN_RESTRICTION_RESTRICT_SIDS 2
#define KERB_TOKEN_RESTRICTION_DELETE_PRIVS 4
#endif // WIN32_CHICAGO
KERBERR
KerbConvertStringToPrincipalName(
OUT PKERB_PRINCIPAL_NAME PrincipalName,
IN PUNICODE_STRING String,
IN ULONG NameType
);
KERBERR
KerbDuplicatePrincipalName(
OUT PKERB_PRINCIPAL_NAME PrincipalName,
IN PKERB_PRINCIPAL_NAME SourcePrincipalName
);
KERBERR
KerbConvertPrincipalNameToString(
OUT PUNICODE_STRING String,
OUT PULONG NameType,
IN PKERB_PRINCIPAL_NAME PrincipalName
);
KERBERR
KerbConvertPrincipalNameToFullServiceString(
OUT PUNICODE_STRING String,
IN PKERB_PRINCIPAL_NAME PrincipalName,
IN KERB_REALM RealmName
);
BOOLEAN
KerbComparePrincipalNames(
IN PKERB_PRINCIPAL_NAME Name1,
IN PKERB_PRINCIPAL_NAME Name2
);
KERBERR
KerbConvertUnicodeStringToRealm(
OUT PKERB_REALM Realm,
IN PUNICODE_STRING String
);
KERBERR
KerbConvertRealmToUnicodeString(
OUT PUNICODE_STRING String,
IN PKERB_REALM Realm
);
KERBERR
KerbDuplicateRealm(
OUT PKERB_REALM Realm,
IN KERB_REALM SourceRealm
);
BOOLEAN
KerbCompareRealmNames(
IN PKERB_REALM Realm1,
IN PKERB_REALM Realm2
);
BOOLEAN
KerbCompareUnicodeRealmNames(
IN PUNICODE_STRING Domain1,
IN PUNICODE_STRING Domain2
);
BOOLEAN
KerbCompareStringToPrincipalName(
IN PKERB_PRINCIPAL_NAME PrincipalName,
IN PUNICODE_STRING String
);
VOID
KerbConvertLargeIntToGeneralizedTime(
OUT PKERB_TIME ClientTime,
OUT OPTIONAL int * ClientUsec,
IN PTimeStamp TimeStamp
);
VOID
KerbConvertLargeIntToGeneralizedTimeWrapper(
OUT PKERB_TIME ClientTime,
OUT OPTIONAL long * ClientUsec,
IN PTimeStamp TimeStamp
);
VOID
KerbConvertGeneralizedTimeToLargeInt(
OUT PTimeStamp TimeStamp,
IN PKERB_TIME ClientTime,
IN int ClientUsec
);
BOOLEAN
KerbCheckTimeSkew(
IN PTimeStamp CurrentTime,
IN PTimeStamp ClientTime,
IN PTimeStamp AllowedSkew
);
KERBERR
KerbConvertArrayToCryptList(
OUT PKERB_CRYPT_LIST * CryptList,
IN PULONG ETypeArray,
IN ULONG ETypeCount,
IN BOOL bIncludeOldEtypes
);
KERBERR
KerbConvertKeysToCryptList(
OUT PKERB_CRYPT_LIST * CryptList,
IN PKERB_STORED_CREDENTIAL Keys
);
KERBERR
KerbConvertCryptListToArray(
OUT PULONG * ETypeArray,
OUT PULONG ETypeCount,
IN PKERB_CRYPT_LIST CryptList
);
VOID
KerbFreeCryptList(
IN PKERB_CRYPT_LIST CryptList
);
PKERB_AUTHORIZATION_DATA
KerbFindAuthDataEntry(
IN ULONG EntryId,
IN PKERB_AUTHORIZATION_DATA AuthData
);
PKERB_PA_DATA
KerbFindPreAuthDataEntry(
IN ULONG EntryId,
IN PKERB_PA_DATA_LIST AuthData
);
VOID
KerbFreePreAuthData(
IN OPTIONAL PKERB_PA_DATA_LIST PreAuthData
);
KERBERR
KerbCopyAndAppendAuthData(
OUT PKERB_AUTHORIZATION_DATA * OutputAuthData,
IN PKERB_AUTHORIZATION_DATA InputAuthData
);
KERBERR
KerbGetPacFromAuthData(
IN PKERB_AUTHORIZATION_DATA AuthData,
OUT PKERB_IF_RELEVANT_AUTH_DATA ** ReturnIfRelevantData,
OUT PKERB_AUTHORIZATION_DATA * Pac
);
KERBERR
KerbBuildFullServiceName(
IN PUNICODE_STRING DomainName,
IN PUNICODE_STRING ServiceName,
OUT PUNICODE_STRING FullServiceName
);
KERBERR
KerbBuildUnicodeSpn(
IN PUNICODE_STRING DomainName,
IN PUNICODE_STRING ServiceName,
OUT PUNICODE_STRING UnicodeSpn
);
KERBERR
KerbBuildEmailName(
IN PUNICODE_STRING DomainName,
IN PUNICODE_STRING ServiceName,
OUT PUNICODE_STRING EmailName
);
KERBERR
KerbBuildFullServiceKdcName(
IN PUNICODE_STRING DomainName,
IN PUNICODE_STRING ServiceName,
IN ULONG NameType,
OUT PKERB_INTERNAL_NAME * FullServiceName
);
KERBERR
KerbBuildAltSecId(
OUT PUNICODE_STRING AlternateName,
IN PKERB_INTERNAL_NAME PrincipalName,
IN OPTIONAL PKERB_REALM Realm,
IN OPTIONAL PUNICODE_STRING UnicodeRealm
);
KERBERR
KerbBuildKeySalt(
IN PUNICODE_STRING DomainName,
IN PUNICODE_STRING ServiceName,
IN KERB_ACCOUNT_TYPE AccountType,
OUT PUNICODE_STRING KeySalt
);
KERBERR
KerbBuildKeySaltFromUpn(
IN PUNICODE_STRING Upn,
OUT PUNICODE_STRING Salt
);
KERBERR
KerbBuildErrorMessageEx(
IN KERBERR ErrorCode,
IN OPTIONAL PKERB_EXT_ERROR pExtendedError,
IN PUNICODE_STRING ServerRealm,
IN PKERB_INTERNAL_NAME ServerName,
IN OPTIONAL PUNICODE_STRING ClientRealm,
IN OPTIONAL PBYTE ErrorData,
IN ULONG ErrorDataSize,
OUT PULONG ErrorMessageSize,
OUT PUCHAR * ErrorMessage
);
#ifdef __cplusplus
} // extern "C"
#endif
//
// Socket functions
//
NTSTATUS
KerbInitializeSockets(
IN WORD VersionRequired,
IN ULONG MinSockets,
OUT BOOLEAN *TcpNotInstalled
);
VOID
KerbCleanupSockets(
);
NTSTATUS
KerbCallKdc(
IN PUNICODE_STRING KdcAddress,
IN ULONG AddressType,
IN ULONG Timeout,
IN BOOLEAN UseDatagram,
IN USHORT PortNumber,
IN PKERB_MESSAGE_BUFFER Input,
OUT PKERB_MESSAGE_BUFFER Output
);
NTSTATUS
KerbMapKerbError(
IN KERBERR KerbError
);
VOID
KerbFreeHostAddresses(
IN PKERB_HOST_ADDRESSES Addresses
);
KERBERR
KerbDuplicateHostAddresses(
OUT PKERB_HOST_ADDRESSES * DestAddresses,
IN PKERB_HOST_ADDRESSES SourceAddresses
);
PCHAR
KerbAllocUtf8StrFromUnicodeString(
IN PUNICODE_STRING UnicodeString
);
KERBERR
KerbUnicodeStringToKerbString(
OUT PSTRING KerbString,
IN PUNICODE_STRING String
);
KERBERR
KerbStringToUnicodeString(
OUT PUNICODE_STRING String,
IN PSTRING KerbString
);
BOOLEAN
KerbMbStringToUnicodeString(
PUNICODE_STRING pDest,
char * pszString
);
VOID
KerbFreeKdcName(
IN PKERB_INTERNAL_NAME * KdcName
);
KERBERR
KerbConvertPrincipalNameToKdcName(
OUT PKERB_INTERNAL_NAME * OutputName,
IN PKERB_PRINCIPAL_NAME PrincipalName
);
KERBERR
KerbConvertKdcNameToPrincipalName(
OUT PKERB_PRINCIPAL_NAME PrincipalName,
IN PKERB_INTERNAL_NAME KdcName
);
BOOLEAN
KerbEqualKdcNames(
IN PKERB_INTERNAL_NAME Name1,
IN PKERB_INTERNAL_NAME Name2
);
KERBERR
KerbCompareKdcNameToPrincipalName(
IN PKERB_PRINCIPAL_NAME PrincipalName,
IN PKERB_INTERNAL_NAME KdcName,
OUT PBOOLEAN Result
);
VOID
KerbPrintKdcNameEx(
IN ULONG DebugLevel,
IN ULONG InfoLevel,
IN PKERB_INTERNAL_NAME Name
);
#define KERB_INTERNAL_NAME_SIZE(NameCount) (sizeof(KERB_INTERNAL_NAME) + ((NameCount) - ANYSIZE_ARRAY) * sizeof(UNICODE_STRING))
KERBERR
KerbConvertStringToKdcName(
OUT PKERB_INTERNAL_NAME * PrincipalName,
IN PUNICODE_STRING String
);
NTSTATUS
KerbBuildKpasswdName(
OUT PKERB_INTERNAL_NAME * KpasswdName
);
KERBERR
KerbConvertKdcNameToString(
OUT PUNICODE_STRING String,
IN PKERB_INTERNAL_NAME PrincipalName,
IN PUNICODE_STRING Realm
);
NTSTATUS
KerbDuplicateKdcName(
OUT PKERB_INTERNAL_NAME * Destination,
IN PKERB_INTERNAL_NAME Source
);
PSID
KerbMakeDomainRelativeSid(
IN PSID DomainId,
IN ULONG RelativeId
);
ULONG
KerbConvertFlagsToUlong(
IN PVOID Flags
);
ULONG
KerbConvertUlongToFlagUlong(
IN ULONG Flag
);
BOOLEAN
KerbCompareObjectIds(
IN PKERB_OBJECT_ID Object1,
IN PKERB_OBJECT_ID Object2
);
KERBERR
KerbGetClientNetbiosAddress(
OUT PUNICODE_STRING ClientNetbiosAddress,
IN PKERB_HOST_ADDRESSES Addresses
);
#ifdef __WINCRYPT_H__
KERBERR
KerbCreateCertificateList(
OUT PKERB_CERTIFICATE_LIST * Certificates,
IN PCCERT_CONTEXT CertContext
);
VOID
KerbFreeCertificateList(
IN PKERB_CERTIFICATE_LIST Certificates
);
NTSTATUS
KerbGetPrincipalNameFromCertificate(
IN PCCERT_CONTEXT ClientCert,
OUT PUNICODE_STRING String
);
NTSTATUS
KerbDuplicateStringEx(
OUT PUNICODE_STRING DestinationString,
IN OPTIONAL PUNICODE_STRING SourceString,
IN BOOLEAN NullTerminate
);
NTSTATUS
KerbGetCertificateHash(
OUT LPBYTE pCertHash,
IN ULONG cbCertHash,
IN PCCERT_CONTEXT pCertContext
);
NTSTATUS
KerbCreateUnicodeStringFromBlob(
IN PBYTE Blob,
IN ULONG BlobSize,
IN OUT PUNICODE_STRING String,
IN BOOLEAN ReverseOrder
);
NTSTATUS
KerbGetCertificateIssuer(
IN PCCERT_CONTEXT Certificate,
IN OUT PUNICODE_STRING Issuer
);
NTSTATUS
KerbGetCertificateHashString(
IN PCCERT_CONTEXT Certificate,
IN OUT PUNICODE_STRING HashString
);
#if DBG
void
DebugDisplayTime(
IN ULONG DebugLevel,
IN FILETIME *pFileTime
);
#endif
#endif // __WINCRYPT_H__
#endif // _KERBCOMM_H_