You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
429 lines
11 KiB
429 lines
11 KiB
//+-----------------------------------------------------------------------
|
|
//
|
|
// Microsoft Windows
|
|
//
|
|
// Copyright (c) Microsoft Corporation 1992 - 1996
|
|
//
|
|
// File: kerbutil.h
|
|
//
|
|
// Contents: prototypes for Kerberos utility functions
|
|
//
|
|
//
|
|
// History: 16-April-1996 Created MikeSw
|
|
//
|
|
//------------------------------------------------------------------------
|
|
|
|
#ifndef __KERBUTIL_H__
|
|
#define __KERBUTIL_H__
|
|
|
|
|
|
///////////////////////////////////////////////////////////////////////////////
|
|
// //
|
|
// Miscellaneous macros //
|
|
// //
|
|
///////////////////////////////////////////////////////////////////////////////
|
|
|
|
//
|
|
// RELOCATE_ONE - Relocate a single pointer in a client buffer.
|
|
//
|
|
// Note: this macro is dependent on parameter names as indicated in the
|
|
// description below. On error, this macro goes to 'Cleanup' with
|
|
// 'Status' set to the NT Status code.
|
|
//
|
|
// The MaximumLength is forced to be Length.
|
|
//
|
|
// Define a macro to relocate a pointer in the buffer the client passed in
|
|
// to be relative to 'ProtocolSubmitBuffer' rather than being relative to
|
|
// 'ClientBufferBase'. The result is checked to ensure the pointer and
|
|
// the data pointed to is within the first 'SubmitBufferSize' of the
|
|
// 'ProtocolSubmitBuffer'.
|
|
//
|
|
// The relocated field must be aligned to a WCHAR boundary.
|
|
//
|
|
// _q - Address of UNICODE_STRING structure which points to data to be
|
|
// relocated
|
|
//
|
|
|
|
#define RELOCATE_ONE( _q ) \
|
|
{ \
|
|
ULONG_PTR Offset; \
|
|
\
|
|
Offset = (((PUCHAR)((_q)->Buffer)) - ((PUCHAR)ClientBufferBase)); \
|
|
if ( Offset >= SubmitBufferSize || \
|
|
Offset + (_q)->Length > SubmitBufferSize || \
|
|
!COUNT_IS_ALIGNED( Offset, ALIGN_WCHAR) ) { \
|
|
\
|
|
Status = STATUS_INVALID_PARAMETER; \
|
|
goto Cleanup; \
|
|
} \
|
|
\
|
|
(_q)->Buffer = (PWSTR)(((PUCHAR)ProtocolSubmitBuffer) + Offset); \
|
|
(_q)->MaximumLength = (_q)->Length ; \
|
|
}
|
|
|
|
//
|
|
// NULL_RELOCATE_ONE - Relocate a single (possibly NULL) pointer in a client
|
|
// buffer.
|
|
//
|
|
// This macro special cases a NULL pointer then calls RELOCATE_ONE. Hence
|
|
// it has all the restrictions of RELOCATE_ONE.
|
|
//
|
|
//
|
|
// _q - Address of UNICODE_STRING structure which points to data to be
|
|
// relocated
|
|
//
|
|
|
|
#define NULL_RELOCATE_ONE( _q ) \
|
|
{ \
|
|
if ( (_q)->Buffer == NULL ) { \
|
|
if ( (_q)->Length != 0 ) { \
|
|
Status = STATUS_INVALID_PARAMETER; \
|
|
goto Cleanup; \
|
|
} \
|
|
} else if ( (_q)->Length == 0 ) { \
|
|
(_q)->Buffer = NULL; \
|
|
} else { \
|
|
RELOCATE_ONE( _q ); \
|
|
} \
|
|
}
|
|
|
|
|
|
//
|
|
// RELOCATE_ONE_ENCODED - Relocate a unicode string pointer in a client
|
|
// buffer. The upper byte of the length field may be an encryption seed
|
|
// and should not be used for error checking.
|
|
//
|
|
// Note: this macro is dependent on parameter names as indicated in the
|
|
// description below. On error, this macro goes to 'Cleanup' with
|
|
// 'Status' set to the NT Status code.
|
|
//
|
|
// The MaximumLength is forced to be Length & 0x00ff.
|
|
//
|
|
// Define a macro to relocate a pointer in the buffer the client passed in
|
|
// to be relative to 'ProtocolSubmitBuffer' rather than being relative to
|
|
// 'ClientBufferBase'. The result is checked to ensure the pointer and
|
|
// the data pointed to is within the first 'SubmitBufferSize' of the
|
|
// 'ProtocolSubmitBuffer'.
|
|
//
|
|
// The relocated field must be aligned to a WCHAR boundary.
|
|
//
|
|
// _q - Address of UNICODE_STRING structure which points to data to be
|
|
// relocated
|
|
//
|
|
|
|
#define RELOCATE_ONE_ENCODED( _q ) \
|
|
{ \
|
|
ULONG_PTR Offset; \
|
|
\
|
|
Offset = ((PUCHAR)((_q)->Buffer)) - ((PUCHAR)ClientBufferBase); \
|
|
if ( Offset > SubmitBufferSize || \
|
|
Offset + ((_q)->Length & 0x00ff) > SubmitBufferSize || \
|
|
!COUNT_IS_ALIGNED( Offset, ALIGN_WCHAR) ) { \
|
|
\
|
|
Status = STATUS_INVALID_PARAMETER; \
|
|
goto Cleanup; \
|
|
} \
|
|
\
|
|
(_q)->Buffer = (PWSTR)(((PUCHAR)ProtocolSubmitBuffer) + Offset); \
|
|
(_q)->MaximumLength = (_q)->Length & 0x00ff; \
|
|
}
|
|
|
|
|
|
//
|
|
// Following macro is used to initialize UNICODE strings
|
|
//
|
|
|
|
#define CONSTANT_UNICODE_STRING(s) { sizeof( s ) - sizeof( WCHAR ), sizeof( s ), s }
|
|
#define NULL_UNICODE_STRING {0 , 0, NULL }
|
|
#define EMPTY_UNICODE_STRING(s) { (s)->Buffer = NULL; (s)->Length = 0; (s)->MaximumLength = 0; }
|
|
|
|
|
|
|
|
///VOID
|
|
// KerbSetTime(
|
|
// IN OUT PTimeStamp TimeStamp,
|
|
// IN LONGLONG Time
|
|
// )
|
|
|
|
|
|
#ifndef WIN32_CHICAGO
|
|
#define KerbSetTime(_d_, _s_) (_d_)->QuadPart = (_s_)
|
|
#else // WIN32_CHICAGO
|
|
#define KerbSetTime(_d_, _s_) *(_d_) = (_s_)
|
|
#endif // WIN32_CHICAGO
|
|
|
|
|
|
|
|
// TimeStamp
|
|
// KerbGetTime(
|
|
// IN TimeStamp Time
|
|
// )
|
|
|
|
#ifndef WIN32_CHICAGO
|
|
#define KerbGetTime(_x_) ((_x_).QuadPart)
|
|
#else // WIN32_CHICAGO
|
|
#define KerbGetTime(_x_) (_x_)
|
|
#endif // WIN32_CHICAGO
|
|
|
|
|
|
|
|
|
|
|
|
// VOID
|
|
// KerbSetTimeInMinutes(
|
|
// IN OUT PTimeStamp Time,
|
|
// IN LONG TimeInMinutes
|
|
// )
|
|
|
|
#ifndef WIN32_CHICAGO
|
|
#define KerbSetTimeInMinutes(_x_, _m_) (_x_)->QuadPart = (LONGLONG) 10000000 * 60 * (_m_)
|
|
#else // WIN32_CHICAGO
|
|
#define KerbSetTimeInMinutes(_x_, _m_) *(_x_) = (LONGLONG) 10000000 * 60 * (_m_)
|
|
#endif // WIN32_CHICAGO
|
|
|
|
|
|
|
|
|
|
|
|
NTSTATUS
|
|
KerbSplitFullServiceName(
|
|
IN PUNICODE_STRING FullServiceName,
|
|
OUT PUNICODE_STRING DomainName,
|
|
OUT PUNICODE_STRING ServiceName
|
|
);
|
|
|
|
ULONG
|
|
KerbAllocateNonce(
|
|
VOID
|
|
);
|
|
|
|
#ifndef WIN32_CHICAGO
|
|
PSID
|
|
KerbMakeDomainRelativeSid(
|
|
IN PSID DomainId,
|
|
IN ULONG RelativeId
|
|
);
|
|
#endif // WIN32_CHICAGO
|
|
|
|
#ifdef notdef
|
|
VOID
|
|
KerbFree(
|
|
IN PVOID Buffer
|
|
);
|
|
#endif
|
|
|
|
PVOID
|
|
KerbAllocate(
|
|
IN SIZE_T BufferSize
|
|
);
|
|
|
|
BOOLEAN
|
|
KerbRunningPersonal(
|
|
VOID
|
|
);
|
|
|
|
#ifndef WIN32_CHICAGO
|
|
NTSTATUS
|
|
KerbWaitForKdc(
|
|
IN ULONG Timeout
|
|
);
|
|
|
|
NTSTATUS
|
|
KerbWaitForService(
|
|
IN LPWSTR ServiceName,
|
|
IN OPTIONAL LPWSTR ServiceEvent,
|
|
IN ULONG Timeout
|
|
);
|
|
#endif // WIN32_CHICAGO
|
|
|
|
ULONG
|
|
KerbMapContextFlags(
|
|
IN ULONG ContextFlags
|
|
);
|
|
|
|
BOOLEAN
|
|
KerbIsIpAddress(
|
|
IN PUNICODE_STRING TargetName
|
|
);
|
|
|
|
|
|
VOID
|
|
KerbHidePassword(
|
|
IN OUT PUNICODE_STRING Password
|
|
);
|
|
|
|
|
|
VOID
|
|
KerbRevealPassword(
|
|
IN OUT PUNICODE_STRING Password
|
|
);
|
|
|
|
NTSTATUS
|
|
KerbDuplicatePassword(
|
|
OUT PUNICODE_STRING DestinationString,
|
|
IN OPTIONAL PUNICODE_STRING SourceString
|
|
);
|
|
|
|
|
|
#ifdef notdef
|
|
// use this if we ever need to map errors in kerb to something else.
|
|
NTSTATUS
|
|
KerbMapKerbNtStatusToNtStatus(
|
|
IN NTSTATUS Status
|
|
);
|
|
#else
|
|
#ifndef WIN32_CHICAGO
|
|
//#if DBG
|
|
//#define KerbMapKerbNtStatusToNtStatus(x) (RtlCheckForOrphanedCriticalSections(NtCurrentThread()),x)
|
|
//#else
|
|
#define KerbMapKerbNtStatusToNtStatus(x) (x)
|
|
//#endif
|
|
#else // WIN32_CHICAGO
|
|
#define KerbMapKerbNtStatusToNtStatus(x) (x)
|
|
#endif
|
|
#endif
|
|
|
|
NTSTATUS
|
|
KerbExtractDomainName(
|
|
OUT PUNICODE_STRING DomainName,
|
|
IN PKERB_INTERNAL_NAME PrincipalName,
|
|
IN PUNICODE_STRING TicketSourceDomain
|
|
);
|
|
|
|
VOID
|
|
KerbUtcTimeToLocalTime(
|
|
OUT PTimeStamp LocalTime,
|
|
IN PTimeStamp SystemTime
|
|
);
|
|
|
|
ULONG
|
|
KerbConvertKdcOptionsToTicketFlags(
|
|
IN ULONG KdcOptions
|
|
);
|
|
|
|
NTSTATUS
|
|
KerbUnpackErrorMethodData(
|
|
IN PKERB_ERROR ErrorMessage,
|
|
IN OUT OPTIONAL PKERB_ERROR_METHOD_DATA * ppErrorData
|
|
);
|
|
|
|
NTSTATUS
|
|
KerbBuildHostAddresses(
|
|
IN BOOLEAN IncludeIpAddresses,
|
|
IN BOOLEAN IncludeNetbiosAddresses,
|
|
OUT PKERB_HOST_ADDRESSES * HostAddresses
|
|
);
|
|
|
|
NTSTATUS
|
|
KerbReceiveErrorMessage(
|
|
IN PBYTE ErrorMessage,
|
|
IN ULONG ErrorMessageSize,
|
|
IN PKERB_CONTEXT Context,
|
|
OUT PKERB_ERROR * DecodedErrorMessage,
|
|
OUT PKERB_ERROR_METHOD_DATA * ErrorData
|
|
);
|
|
|
|
NTSTATUS
|
|
KerbBuildGssErrorMessage(
|
|
IN KERBERR Error,
|
|
IN PBYTE ErrorData,
|
|
IN ULONG ErrorDataSize,
|
|
IN PKERB_CONTEXT Context,
|
|
OUT PULONG ErrorMessageSize,
|
|
OUT PBYTE * ErrorMessage
|
|
);
|
|
|
|
|
|
NTSTATUS
|
|
KerbGetDnsHostName(
|
|
OUT PUNICODE_STRING DnsHostName
|
|
);
|
|
|
|
NTSTATUS
|
|
KerbSetComputerName(
|
|
VOID
|
|
);
|
|
|
|
NTSTATUS
|
|
KerbSetDomainName(
|
|
IN PUNICODE_STRING DomainName,
|
|
IN PUNICODE_STRING DnsDomainName,
|
|
IN PSID DomainSid,
|
|
IN GUID DomainGuid
|
|
);
|
|
|
|
|
|
BOOLEAN
|
|
KerbIsThisOurDomain(
|
|
IN PUNICODE_STRING DomainName
|
|
);
|
|
|
|
NTSTATUS
|
|
KerbGetOurDomainName(
|
|
OUT PUNICODE_STRING DomainName
|
|
);
|
|
|
|
KERBEROS_MACHINE_ROLE
|
|
KerbGetGlobalRole(
|
|
VOID
|
|
);
|
|
|
|
|
|
#ifndef WIN32_CHICAGO
|
|
NTSTATUS
|
|
KerbLoadKdc(
|
|
VOID
|
|
);
|
|
|
|
NTSTATUS
|
|
KerbRegisterForDomainChange(
|
|
VOID
|
|
);
|
|
|
|
VOID
|
|
KerbUnregisterForDomainChange(
|
|
VOID
|
|
);
|
|
|
|
NTSTATUS
|
|
KerbUpdateGlobalAddresses(
|
|
IN PSOCKET_ADDRESS NewAddresses,
|
|
IN ULONG NewAddressCount
|
|
);
|
|
|
|
|
|
NTSTATUS
|
|
KerbCaptureTokenRestrictions(
|
|
IN HANDLE TokenHandle,
|
|
OUT PKERB_AUTHORIZATION_DATA Restrictions
|
|
);
|
|
|
|
NTSTATUS
|
|
KerbBuildEncryptedAuthData(
|
|
OUT PKERB_ENCRYPTED_DATA EncryptedAuthData,
|
|
IN PKERB_TICKET_CACHE_ENTRY Ticket,
|
|
IN PKERB_AUTHORIZATION_DATA PlainAuthData
|
|
);
|
|
|
|
NTSTATUS
|
|
KerbGetRestrictedTgtForCredential(
|
|
IN PKERB_LOGON_SESSION LogonSession,
|
|
IN PKERB_CREDENTIAL Credential
|
|
);
|
|
|
|
NTSTATUS
|
|
KerbAddRestrictionsToCredential(
|
|
IN PKERB_LOGON_SESSION LogonSession,
|
|
IN PKERB_CREDENTIAL Credential
|
|
);
|
|
|
|
BOOLEAN
|
|
KerbRunningServer(
|
|
VOID
|
|
);
|
|
|
|
|
|
#endif // WIN32_CHICAGO
|
|
|
|
#endif // __KERBUTIL_H__
|
|
|