You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
344 lines
8.4 KiB
344 lines
8.4 KiB
//+-----------------------------------------------------------------------
|
|
//
|
|
// Microsoft Windows
|
|
//
|
|
// Copyright (c) Microsoft Corporation 1992 - 1996
|
|
//
|
|
// File: ctxtmgr.h
|
|
//
|
|
// Contents: Structures and prototyps for Kerberos context list
|
|
//
|
|
//
|
|
// History: 17-April-1996 Created MikeSw
|
|
//
|
|
//------------------------------------------------------------------------
|
|
|
|
#ifndef __CTXTMGR_H__
|
|
#define __CTXTMGR_H__
|
|
|
|
//
|
|
// All global variables declared as EXTERN will be allocated in the file
|
|
// that defines CTXTMGR_ALLOCATE
|
|
//
|
|
#ifdef EXTERN
|
|
#undef EXTERN
|
|
#endif
|
|
|
|
#ifdef CTXTMGR_ALLOCATE
|
|
#define EXTERN
|
|
#else
|
|
#define EXTERN extern
|
|
#endif
|
|
|
|
#ifdef WIN32_CHICAGO
|
|
EXTERN CRITICAL_SECTION KerbContextResource;
|
|
#else // WIN32_CHICAGO
|
|
EXTERN SAFE_RESOURCE KerbContextResource;
|
|
#endif // WIN32_CHICAGO
|
|
|
|
#define KERB_USERLIST_COUNT (16) // count of lists
|
|
|
|
EXTERN KERBEROS_LIST KerbContextList[ KERB_USERLIST_COUNT ];
|
|
EXTERN BOOLEAN KerberosContextsInitialized;
|
|
|
|
#define KerbGetContextHandle(_Context_) ((LSA_SEC_HANDLE)(_Context_))
|
|
|
|
//
|
|
// Context flags - these are attributes of a context and are stored in
|
|
// the ContextAttributes field of a KERB_CONTEXT.
|
|
//
|
|
|
|
#define KERB_CONTEXT_MAPPED 0x1
|
|
#define KERB_CONTEXT_OUTBOUND 0x2
|
|
#define KERB_CONTEXT_INBOUND 0x4
|
|
#define KERB_CONTEXT_USED_SUPPLIED_CREDS 0x8
|
|
#define KERB_CONTEXT_USER_TO_USER 0x10
|
|
#define KERB_CONTEXT_REQ_SERVER_NAME 0x20
|
|
#define KERB_CONTEXT_REQ_SERVER_REALM 0x40
|
|
#define KERB_CONTEXT_IMPORTED 0x80
|
|
#define KERB_CONTEXT_EXPORTED 0x100
|
|
#define KERB_CONTEXT_USING_CREDMAN 0x200
|
|
|
|
|
|
|
|
//
|
|
// NOTICE: The logon session resource, credential resource, and context
|
|
// resource must all be acquired carefully to prevent deadlock. They
|
|
// can only be acquired in this order:
|
|
//
|
|
// 1. Logon Sessions
|
|
// 2. Credentials
|
|
// 3. Contexts
|
|
//
|
|
|
|
#if DBG
|
|
#ifdef WIN32_CHICAGO
|
|
#define KerbWriteLockContexts() \
|
|
{ \
|
|
DebugLog((DEB_TRACE_LOCKS,"Write locking Contexts\n")); \
|
|
EnterCriticalSection(&KerbContextResource); \
|
|
KerbGlobalContextsLocked = GetCurrentThreadId(); \
|
|
}
|
|
#define KerbReadLockContexts() \
|
|
{ \
|
|
DebugLog((DEB_TRACE_LOCKS,"Read locking Contexts\n")); \
|
|
EnterCriticalSection(&KerbContextResource); \
|
|
KerbGlobalContextsLocked = GetCurrentThreadId(); \
|
|
}
|
|
#define KerbUnlockContexts() \
|
|
{ \
|
|
DebugLog((DEB_TRACE_LOCKS,"Unlocking Contexts\n")); \
|
|
KerbGlobalContextsLocked = 0; \
|
|
LeaveCriticalSection(&KerbContextResource); \
|
|
}
|
|
#else // WIN32_CHICAGO
|
|
#define KerbWriteLockContexts() \
|
|
{ \
|
|
DebugLog((DEB_TRACE_LOCKS,"Write locking Contexts\n")); \
|
|
SafeAcquireResourceExclusive(&KerbContextResource,TRUE); \
|
|
KerbGlobalContextsLocked = GetCurrentThreadId(); \
|
|
}
|
|
#define KerbReadLockContexts() \
|
|
{ \
|
|
DebugLog((DEB_TRACE_LOCKS,"Read locking Contexts\n")); \
|
|
SafeAcquireResourceShared(&KerbContextResource, TRUE); \
|
|
KerbGlobalContextsLocked = GetCurrentThreadId(); \
|
|
}
|
|
#define KerbUnlockContexts() \
|
|
{ \
|
|
DebugLog((DEB_TRACE_LOCKS,"Unlocking Contexts\n")); \
|
|
KerbGlobalContextsLocked = 0; \
|
|
SafeReleaseResource(&KerbContextResource); \
|
|
}
|
|
#endif // WIN32_CHICAGO
|
|
#else
|
|
#ifdef WIN32_CHICAGO
|
|
#define KerbWriteLockContexts() \
|
|
EnterCriticalSection(&KerbContextResource)
|
|
#define KerbReadLockContexts() \
|
|
EnterCriticalSection(&KerbContextResource)
|
|
#define KerbUnlockContexts() \
|
|
LeaveCriticalSection(&KerbContextResource)
|
|
#else // WIN32_CHICAGO
|
|
#define KerbWriteLockContexts() \
|
|
SafeAcquireResourceExclusive(&KerbContextResource,TRUE);
|
|
#define KerbReadLockContexts() \
|
|
SafeAcquireResourceShared(&KerbContextResource, TRUE);
|
|
#define KerbUnlockContexts() \
|
|
SafeReleaseResource(&KerbContextResource);
|
|
#endif // WIN32_CHICAGO
|
|
#endif
|
|
|
|
NTSTATUS
|
|
KerbInitContextList(
|
|
VOID
|
|
);
|
|
|
|
VOID
|
|
KerbFreeContextList(
|
|
VOID
|
|
);
|
|
|
|
|
|
NTSTATUS
|
|
KerbAllocateContext(
|
|
PKERB_CONTEXT * NewContext
|
|
);
|
|
|
|
NTSTATUS
|
|
KerbInsertContext(
|
|
IN PKERB_CONTEXT Context
|
|
);
|
|
|
|
|
|
SECURITY_STATUS
|
|
KerbReferenceContext(
|
|
IN LSA_SEC_HANDLE ContextHandle,
|
|
IN BOOLEAN RemoveFromList,
|
|
OUT PKERB_CONTEXT * FoundContext
|
|
);
|
|
|
|
|
|
VOID
|
|
KerbDereferenceContext(
|
|
IN PKERB_CONTEXT Context
|
|
);
|
|
|
|
|
|
VOID
|
|
KerbReferenceContextByPointer(
|
|
IN PKERB_CONTEXT Context,
|
|
IN BOOLEAN RemoveFromList
|
|
);
|
|
|
|
|
|
NTSTATUS
|
|
KerbCreateClientContext(
|
|
IN PKERB_LOGON_SESSION LogonSession,
|
|
IN PKERB_CREDENTIAL Credential,
|
|
IN OPTIONAL PKERB_CREDMAN_CRED CredManCredentials,
|
|
IN OPTIONAL PKERB_TICKET_CACHE_ENTRY TicketCacheEntry,
|
|
IN OPTIONAL PUNICODE_STRING TargetName,
|
|
IN ULONG Nonce,
|
|
IN PTimeStamp pAuthenticatorTime,
|
|
IN ULONG ContextFlags,
|
|
IN ULONG ContextAttributes,
|
|
IN OPTIONAL PKERB_ENCRYPTION_KEY SubSessionKey,
|
|
OUT PKERB_CONTEXT * NewContext,
|
|
OUT PTimeStamp ContextLifetime
|
|
);
|
|
|
|
NTSTATUS
|
|
KerbCreateServerContext(
|
|
IN PKERB_LOGON_SESSION LogonSession,
|
|
IN PKERB_CREDENTIAL Credential,
|
|
IN PKERB_ENCRYPTED_TICKET InternalTicket,
|
|
IN PKERB_AP_REQUEST ApRequest,
|
|
IN PKERB_ENCRYPTION_KEY SessionKey,
|
|
IN PLUID LogonId,
|
|
IN OUT PSID * UserSid,
|
|
IN ULONG ContextFlags,
|
|
IN ULONG ContextAttributes,
|
|
IN ULONG NegotiationInfo,
|
|
IN ULONG Nonce,
|
|
IN ULONG ReceiveNonce,
|
|
IN OUT PHANDLE TokenHandle,
|
|
IN PUNICODE_STRING ClientName,
|
|
IN PUNICODE_STRING ClientDomain,
|
|
IN PUNICODE_STRING ClientNetbiosDomain,
|
|
OUT PKERB_CONTEXT * NewContext,
|
|
OUT PTimeStamp ContextLifetime
|
|
);
|
|
|
|
NTSTATUS
|
|
KerbUpdateServerContext(
|
|
IN PKERB_CONTEXT Context,
|
|
IN PKERB_ENCRYPTED_TICKET InternalTicket,
|
|
IN PKERB_AP_REQUEST ApRequest,
|
|
IN PKERB_ENCRYPTION_KEY SessionKey,
|
|
IN PLUID LogonId,
|
|
IN OUT PSID * UserSid,
|
|
IN ULONG ContextFlags,
|
|
IN ULONG ContextAttributes,
|
|
IN ULONG NegotiationInfo,
|
|
IN ULONG Nonce,
|
|
IN ULONG ReceiveNonce,
|
|
IN OUT PHANDLE TokenHandle,
|
|
IN PUNICODE_STRING ClientName,
|
|
IN PUNICODE_STRING ClientDomain,
|
|
IN PUNICODE_STRING ClientNetbiosDomain,
|
|
OUT PTimeStamp ContextLifetime
|
|
);
|
|
|
|
NTSTATUS
|
|
KerbCreateEmptyContext(
|
|
IN PKERB_CREDENTIAL Credential,
|
|
IN ULONG ContextFlags,
|
|
IN ULONG ContextAttributes,
|
|
IN ULONG NegotiationInfo,
|
|
IN PLUID LogonId,
|
|
OUT PKERB_CONTEXT * NewContext,
|
|
OUT PTimeStamp ContextLifetime
|
|
);
|
|
|
|
|
|
|
|
NTSTATUS
|
|
KerbMapContext(
|
|
IN PKERB_CONTEXT Context,
|
|
OUT PBOOLEAN MappedContext,
|
|
OUT PSecBuffer ContextData
|
|
);
|
|
|
|
NTSTATUS
|
|
KerbCreateUserModeContext(
|
|
IN LSA_SEC_HANDLE ContextHandle,
|
|
IN PSecBuffer MarshalledContext,
|
|
OUT PKERB_CONTEXT * NewContext
|
|
);
|
|
|
|
SECURITY_STATUS
|
|
KerbReferenceContextByLsaHandle(
|
|
IN LSA_SEC_HANDLE ContextHandle,
|
|
IN BOOLEAN RemoveFromList,
|
|
OUT PKERB_CONTEXT * FoundContext
|
|
);
|
|
|
|
NTSTATUS
|
|
KerbUpdateClientContext(
|
|
IN PKERB_CONTEXT Context,
|
|
IN PKERB_TICKET_CACHE_ENTRY TicketCacheEntry,
|
|
IN ULONG Nonce,
|
|
IN PTimeStamp pAuthenticatorTime,
|
|
IN ULONG ReceiveNonce,
|
|
IN ULONG ContextFlags,
|
|
IN ULONG ContextAttribs,
|
|
IN OPTIONAL PKERB_ENCRYPTION_KEY SubSessionKey,
|
|
OUT PTimeStamp ContextLifetime
|
|
);
|
|
|
|
NTSTATUS
|
|
KerbCreateSKeyEntry(
|
|
IN KERB_ENCRYPTION_KEY* pSessionKey,
|
|
IN FILETIME* pExpireTime
|
|
);
|
|
|
|
VOID
|
|
KerbDeleteSKeyEntry(
|
|
IN OPTIONAL KERB_ENCRYPTION_KEY* pKey
|
|
);
|
|
|
|
NTSTATUS
|
|
KerbDoesSKeyExist(
|
|
IN KERB_ENCRYPTION_KEY* pKey,
|
|
OUT BOOLEAN* pbExist
|
|
);
|
|
|
|
NTSTATUS
|
|
KerbEqualKey(
|
|
IN KERB_ENCRYPTION_KEY* pKeyFoo,
|
|
IN KERB_ENCRYPTION_KEY* pKeyBar,
|
|
OUT BOOLEAN* pbEqual
|
|
);
|
|
|
|
VOID
|
|
KerbTrimSKeyList(
|
|
VOID
|
|
);
|
|
|
|
VOID
|
|
KerbSKeyListCleanupCallback(
|
|
IN VOID* pContext,
|
|
IN BOOLEAN bTimeOut
|
|
);
|
|
|
|
NTSTATUS
|
|
KerbCreateSKeyTimer(
|
|
VOID
|
|
);
|
|
|
|
VOID
|
|
KerbFreeSKeyTimer(
|
|
VOID
|
|
);
|
|
|
|
VOID
|
|
KerbFreeSKeyEntry(
|
|
IN KERB_SESSION_KEY_ENTRY* pSKeyEntry
|
|
);
|
|
|
|
NTSTATUS
|
|
KerbProcessTargetNames(
|
|
IN PUNICODE_STRING TargetName,
|
|
IN OPTIONAL PUNICODE_STRING SuppTargetName,
|
|
IN ULONG Flags,
|
|
IN OUT PULONG ProcessFlags,
|
|
OUT PKERB_INTERNAL_NAME * FinalTarget,
|
|
OUT PUNICODE_STRING TargetRealm,
|
|
OUT OPTIONAL PKERB_SPN_CACHE_ENTRY * SpnCacheEntry
|
|
);
|
|
|
|
#define KERB_CRACK_NAME_USE_WKSTA_REALM 0x1
|
|
#define KERB_CRACK_NAME_REALM_SUPPLIED 0x2
|
|
|
|
#endif // __CTXTMGR_H__
|