You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2058 lines
63 KiB
2058 lines
63 KiB
//+---------------------------------------------------------------------------
|
|
//
|
|
// Microsoft Windows
|
|
// Copyright (C) Microsoft Corporation, 1992-1999.
|
|
//
|
|
// File: sspi.h
|
|
//
|
|
// Contents: Security Support Provider Interface
|
|
// Prototypes and structure definitions
|
|
//
|
|
// Functions: Security Support Provider API
|
|
//
|
|
// History: 11-24-93 RichardW Created
|
|
//
|
|
//----------------------------------------------------------------------------
|
|
|
|
// begin_ntifs
|
|
#ifndef __SSPI_H__
|
|
#define __SSPI_H__
|
|
// end_ntifs
|
|
|
|
#if _MSC_VER > 1000
|
|
#pragma once
|
|
#endif
|
|
|
|
#ifdef __cplusplus
|
|
extern "C" {
|
|
#endif
|
|
|
|
//
|
|
// Determine environment:
|
|
//
|
|
|
|
#ifdef SECURITY_WIN32
|
|
#define ISSP_LEVEL 32
|
|
#define ISSP_MODE 1
|
|
#endif // SECURITY_WIN32
|
|
|
|
#ifdef SECURITY_KERNEL
|
|
#define ISSP_LEVEL 32 // ntifs
|
|
|
|
//
|
|
// SECURITY_KERNEL trumps SECURITY_WIN32. Undefine ISSP_MODE so that
|
|
// we don't get redefine errors.
|
|
//
|
|
#ifdef ISSP_MODE
|
|
#undef ISSP_MODE
|
|
#endif
|
|
#define ISSP_MODE 0 // ntifs
|
|
#endif // SECURITY_KERNEL
|
|
|
|
#ifdef SECURITY_MAC
|
|
#define ISSP_LEVEL 32
|
|
#define ISSP_MODE 1
|
|
#endif // SECURITY_MAC
|
|
|
|
|
|
#ifndef ISSP_LEVEL
|
|
#error You must define one of SECURITY_WIN32, SECURITY_KERNEL, or
|
|
#error SECURITY_MAC
|
|
#endif // !ISSP_LEVEL
|
|
|
|
|
|
//
|
|
// Now, define platform specific mappings:
|
|
//
|
|
|
|
|
|
// begin_ntifs
|
|
|
|
typedef WCHAR SEC_WCHAR;
|
|
typedef CHAR SEC_CHAR;
|
|
|
|
#ifndef __SECSTATUS_DEFINED__
|
|
typedef LONG SECURITY_STATUS;
|
|
#define __SECSTATUS_DEFINED__
|
|
#endif
|
|
|
|
#define SEC_TEXT TEXT
|
|
#define SEC_FAR
|
|
#define SEC_ENTRY __stdcall
|
|
|
|
// end_ntifs
|
|
|
|
//
|
|
// Decide what a string - 32 bits only since for 16 bits it is clear.
|
|
//
|
|
|
|
|
|
#ifdef UNICODE
|
|
typedef SEC_WCHAR SEC_FAR * SECURITY_PSTR;
|
|
typedef CONST SEC_WCHAR SEC_FAR * SECURITY_PCSTR;
|
|
#else // UNICODE
|
|
typedef SEC_CHAR SEC_FAR * SECURITY_PSTR;
|
|
typedef CONST SEC_CHAR SEC_FAR * SECURITY_PCSTR;
|
|
#endif // UNICODE
|
|
|
|
|
|
|
|
//
|
|
// Equivalent string for rpcrt:
|
|
//
|
|
|
|
#define __SEC_FAR SEC_FAR
|
|
|
|
|
|
//
|
|
// Okay, security specific types:
|
|
//
|
|
|
|
|
|
// begin_ntifs
|
|
|
|
#ifndef __SECHANDLE_DEFINED__
|
|
typedef struct _SecHandle
|
|
{
|
|
ULONG_PTR dwLower ;
|
|
ULONG_PTR dwUpper ;
|
|
} SecHandle, * PSecHandle ;
|
|
|
|
#define __SECHANDLE_DEFINED__
|
|
#endif // __SECHANDLE_DEFINED__
|
|
|
|
#define SecInvalidateHandle( x ) \
|
|
((PSecHandle) x)->dwLower = ((ULONG_PTR) ((INT_PTR)-1)) ; \
|
|
((PSecHandle) x)->dwUpper = ((ULONG_PTR) ((INT_PTR)-1)) ; \
|
|
|
|
#define SecIsValidHandle( x ) \
|
|
( ( ((PSecHandle) x)->dwLower != ((ULONG_PTR) ((INT_PTR) -1 ))) && \
|
|
( ((PSecHandle) x)->dwUpper != ((ULONG_PTR) ((INT_PTR) -1 ))) )
|
|
|
|
typedef SecHandle CredHandle;
|
|
typedef PSecHandle PCredHandle;
|
|
|
|
typedef SecHandle CtxtHandle;
|
|
typedef PSecHandle PCtxtHandle;
|
|
|
|
// end_ntifs
|
|
|
|
|
|
# ifdef WIN32_CHICAGO
|
|
|
|
typedef unsigned __int64 QWORD;
|
|
typedef QWORD SECURITY_INTEGER, *PSECURITY_INTEGER;
|
|
#define SEC_SUCCESS(Status) ((Status) >= 0)
|
|
|
|
# elif defined(_NTDEF_) || defined(_WINNT_)
|
|
|
|
typedef LARGE_INTEGER _SECURITY_INTEGER, SECURITY_INTEGER, *PSECURITY_INTEGER; // ntifs
|
|
|
|
# else // _NTDEF_ || _WINNT_
|
|
|
|
typedef struct _SECURITY_INTEGER
|
|
{
|
|
unsigned long LowPart;
|
|
long HighPart;
|
|
} SECURITY_INTEGER, *PSECURITY_INTEGER;
|
|
|
|
# endif // _NTDEF_ || _WINNT_
|
|
|
|
# ifndef SECURITY_MAC
|
|
|
|
typedef SECURITY_INTEGER TimeStamp; // ntifs
|
|
typedef SECURITY_INTEGER SEC_FAR * PTimeStamp; // ntifs
|
|
|
|
# else // SECURITY_MAC
|
|
typedef unsigned long TimeStamp;
|
|
typedef unsigned long * PTimeStamp;
|
|
# endif // SECUIRT_MAC
|
|
|
|
|
|
|
|
//
|
|
// If we are in 32 bit mode, define the SECURITY_STRING structure,
|
|
// as a clone of the base UNICODE_STRING structure. This is used
|
|
// internally in security components, an as the string interface
|
|
// for kernel components (e.g. FSPs)
|
|
//
|
|
|
|
# ifndef _NTDEF_
|
|
typedef struct _SECURITY_STRING {
|
|
unsigned short Length;
|
|
unsigned short MaximumLength;
|
|
# ifdef MIDL_PASS
|
|
[size_is(MaximumLength / 2), length_is(Length / 2)]
|
|
# endif // MIDL_PASS
|
|
unsigned short * Buffer;
|
|
} SECURITY_STRING, * PSECURITY_STRING;
|
|
# else // _NTDEF_
|
|
typedef UNICODE_STRING SECURITY_STRING, *PSECURITY_STRING; // ntifs
|
|
# endif // _NTDEF_
|
|
|
|
|
|
// begin_ntifs
|
|
|
|
//
|
|
// SecPkgInfo structure
|
|
//
|
|
// Provides general information about a security provider
|
|
//
|
|
|
|
typedef struct _SecPkgInfoW
|
|
{
|
|
unsigned long fCapabilities; // Capability bitmask
|
|
unsigned short wVersion; // Version of driver
|
|
unsigned short wRPCID; // ID for RPC Runtime
|
|
unsigned long cbMaxToken; // Size of authentication token (max)
|
|
#ifdef MIDL_PASS
|
|
[string]
|
|
#endif
|
|
SEC_WCHAR SEC_FAR * Name; // Text name
|
|
|
|
#ifdef MIDL_PASS
|
|
[string]
|
|
#endif
|
|
SEC_WCHAR SEC_FAR * Comment; // Comment
|
|
} SecPkgInfoW, SEC_FAR * PSecPkgInfoW;
|
|
|
|
// end_ntifs
|
|
|
|
typedef struct _SecPkgInfoA
|
|
{
|
|
unsigned long fCapabilities; // Capability bitmask
|
|
unsigned short wVersion; // Version of driver
|
|
unsigned short wRPCID; // ID for RPC Runtime
|
|
unsigned long cbMaxToken; // Size of authentication token (max)
|
|
#ifdef MIDL_PASS
|
|
[string]
|
|
#endif
|
|
SEC_CHAR SEC_FAR * Name; // Text name
|
|
|
|
#ifdef MIDL_PASS
|
|
[string]
|
|
#endif
|
|
SEC_CHAR SEC_FAR * Comment; // Comment
|
|
} SecPkgInfoA, SEC_FAR * PSecPkgInfoA;
|
|
|
|
#ifdef UNICODE
|
|
# define SecPkgInfo SecPkgInfoW // ntifs
|
|
# define PSecPkgInfo PSecPkgInfoW // ntifs
|
|
#else
|
|
# define SecPkgInfo SecPkgInfoA
|
|
# define PSecPkgInfo PSecPkgInfoA
|
|
#endif // !UNICODE
|
|
|
|
// begin_ntifs
|
|
|
|
//
|
|
// Security Package Capabilities
|
|
//
|
|
#define SECPKG_FLAG_INTEGRITY 0x00000001 // Supports integrity on messages
|
|
#define SECPKG_FLAG_PRIVACY 0x00000002 // Supports privacy (confidentiality)
|
|
#define SECPKG_FLAG_TOKEN_ONLY 0x00000004 // Only security token needed
|
|
#define SECPKG_FLAG_DATAGRAM 0x00000008 // Datagram RPC support
|
|
#define SECPKG_FLAG_CONNECTION 0x00000010 // Connection oriented RPC support
|
|
#define SECPKG_FLAG_MULTI_REQUIRED 0x00000020 // Full 3-leg required for re-auth.
|
|
#define SECPKG_FLAG_CLIENT_ONLY 0x00000040 // Server side functionality not available
|
|
#define SECPKG_FLAG_EXTENDED_ERROR 0x00000080 // Supports extended error msgs
|
|
#define SECPKG_FLAG_IMPERSONATION 0x00000100 // Supports impersonation
|
|
#define SECPKG_FLAG_ACCEPT_WIN32_NAME 0x00000200 // Accepts Win32 names
|
|
#define SECPKG_FLAG_STREAM 0x00000400 // Supports stream semantics
|
|
#define SECPKG_FLAG_NEGOTIABLE 0x00000800 // Can be used by the negotiate package
|
|
#define SECPKG_FLAG_GSS_COMPATIBLE 0x00001000 // GSS Compatibility Available
|
|
#define SECPKG_FLAG_LOGON 0x00002000 // Supports common LsaLogonUser
|
|
#define SECPKG_FLAG_ASCII_BUFFERS 0x00004000 // Token Buffers are in ASCII
|
|
#define SECPKG_FLAG_FRAGMENT 0x00008000 // Package can fragment to fit
|
|
#define SECPKG_FLAG_MUTUAL_AUTH 0x00010000 // Package can perform mutual authentication
|
|
#define SECPKG_FLAG_DELEGATION 0x00020000 // Package can delegate
|
|
#define SECPKG_FLAG_READONLY_WITH_CHECKSUM 0x00040000 // Package can delegate
|
|
|
|
|
|
|
|
|
|
#define SECPKG_ID_NONE 0xFFFF
|
|
|
|
|
|
//
|
|
// SecBuffer
|
|
//
|
|
// Generic memory descriptors for buffers passed in to the security
|
|
// API
|
|
//
|
|
|
|
typedef struct _SecBuffer {
|
|
unsigned long cbBuffer; // Size of the buffer, in bytes
|
|
unsigned long BufferType; // Type of the buffer (below)
|
|
void SEC_FAR * pvBuffer; // Pointer to the buffer
|
|
} SecBuffer, SEC_FAR * PSecBuffer;
|
|
|
|
typedef struct _SecBufferDesc {
|
|
unsigned long ulVersion; // Version number
|
|
unsigned long cBuffers; // Number of buffers
|
|
#ifdef MIDL_PASS
|
|
[size_is(cBuffers)]
|
|
#endif
|
|
PSecBuffer pBuffers; // Pointer to array of buffers
|
|
} SecBufferDesc, SEC_FAR * PSecBufferDesc;
|
|
|
|
#define SECBUFFER_VERSION 0
|
|
|
|
#define SECBUFFER_EMPTY 0 // Undefined, replaced by provider
|
|
#define SECBUFFER_DATA 1 // Packet data
|
|
#define SECBUFFER_TOKEN 2 // Security token
|
|
#define SECBUFFER_PKG_PARAMS 3 // Package specific parameters
|
|
#define SECBUFFER_MISSING 4 // Missing Data indicator
|
|
#define SECBUFFER_EXTRA 5 // Extra data
|
|
#define SECBUFFER_STREAM_TRAILER 6 // Security Trailer
|
|
#define SECBUFFER_STREAM_HEADER 7 // Security Header
|
|
#define SECBUFFER_NEGOTIATION_INFO 8 // Hints from the negotiation pkg
|
|
#define SECBUFFER_PADDING 9 // non-data padding
|
|
#define SECBUFFER_STREAM 10 // whole encrypted message
|
|
#define SECBUFFER_MECHLIST 11
|
|
#define SECBUFFER_MECHLIST_SIGNATURE 12
|
|
#define SECBUFFER_TARGET 13
|
|
#define SECBUFFER_CHANNEL_BINDINGS 14
|
|
|
|
#define SECBUFFER_ATTRMASK 0xF0000000
|
|
#define SECBUFFER_READONLY 0x80000000 // Buffer is read-only, no checksum
|
|
#define SECBUFFER_READONLY_WITH_CHECKSUM 0x10000000 // Buffer is read-only, and checksummed
|
|
#define SECBUFFER_RESERVED 0x60000000 // Flags reserved to security system
|
|
|
|
|
|
typedef struct _SEC_NEGOTIATION_INFO {
|
|
unsigned long Size; // Size of this structure
|
|
unsigned long NameLength; // Length of name hint
|
|
SEC_WCHAR SEC_FAR * Name; // Name hint
|
|
void SEC_FAR * Reserved; // Reserved
|
|
} SEC_NEGOTIATION_INFO, SEC_FAR * PSEC_NEGOTIATION_INFO ;
|
|
|
|
typedef struct _SEC_CHANNEL_BINDINGS {
|
|
unsigned long dwInitiatorAddrType;
|
|
unsigned long cbInitiatorLength;
|
|
unsigned long dwInitiatorOffset;
|
|
unsigned long dwAcceptorAddrType;
|
|
unsigned long cbAcceptorLength;
|
|
unsigned long dwAcceptorOffset;
|
|
unsigned long cbApplicationDataLength;
|
|
unsigned long dwApplicationDataOffset;
|
|
} SEC_CHANNEL_BINDINGS, SEC_FAR * PSEC_CHANNEL_BINDINGS ;
|
|
|
|
|
|
//
|
|
// Data Representation Constant:
|
|
//
|
|
#define SECURITY_NATIVE_DREP 0x00000010
|
|
#define SECURITY_NETWORK_DREP 0x00000000
|
|
|
|
//
|
|
// Credential Use Flags
|
|
//
|
|
#define SECPKG_CRED_INBOUND 0x00000001
|
|
#define SECPKG_CRED_OUTBOUND 0x00000002
|
|
#define SECPKG_CRED_BOTH 0x00000003
|
|
#define SECPKG_CRED_DEFAULT 0x00000004
|
|
#define SECPKG_CRED_RESERVED 0xF0000000
|
|
|
|
//
|
|
// InitializeSecurityContext Requirement and return flags:
|
|
//
|
|
|
|
#define ISC_REQ_DELEGATE 0x00000001
|
|
#define ISC_REQ_MUTUAL_AUTH 0x00000002
|
|
#define ISC_REQ_REPLAY_DETECT 0x00000004
|
|
#define ISC_REQ_SEQUENCE_DETECT 0x00000008
|
|
#define ISC_REQ_CONFIDENTIALITY 0x00000010
|
|
#define ISC_REQ_USE_SESSION_KEY 0x00000020
|
|
#define ISC_REQ_PROMPT_FOR_CREDS 0x00000040
|
|
#define ISC_REQ_USE_SUPPLIED_CREDS 0x00000080
|
|
#define ISC_REQ_ALLOCATE_MEMORY 0x00000100
|
|
#define ISC_REQ_USE_DCE_STYLE 0x00000200
|
|
#define ISC_REQ_DATAGRAM 0x00000400
|
|
#define ISC_REQ_CONNECTION 0x00000800
|
|
#define ISC_REQ_CALL_LEVEL 0x00001000
|
|
#define ISC_REQ_FRAGMENT_SUPPLIED 0x00002000
|
|
#define ISC_REQ_EXTENDED_ERROR 0x00004000
|
|
#define ISC_REQ_STREAM 0x00008000
|
|
#define ISC_REQ_INTEGRITY 0x00010000
|
|
#define ISC_REQ_IDENTIFY 0x00020000
|
|
#define ISC_REQ_NULL_SESSION 0x00040000
|
|
#define ISC_REQ_MANUAL_CRED_VALIDATION 0x00080000
|
|
#define ISC_REQ_RESERVED1 0x00100000
|
|
#define ISC_REQ_FRAGMENT_TO_FIT 0x00200000
|
|
|
|
#define ISC_RET_DELEGATE 0x00000001
|
|
#define ISC_RET_MUTUAL_AUTH 0x00000002
|
|
#define ISC_RET_REPLAY_DETECT 0x00000004
|
|
#define ISC_RET_SEQUENCE_DETECT 0x00000008
|
|
#define ISC_RET_CONFIDENTIALITY 0x00000010
|
|
#define ISC_RET_USE_SESSION_KEY 0x00000020
|
|
#define ISC_RET_USED_COLLECTED_CREDS 0x00000040
|
|
#define ISC_RET_USED_SUPPLIED_CREDS 0x00000080
|
|
#define ISC_RET_ALLOCATED_MEMORY 0x00000100
|
|
#define ISC_RET_USED_DCE_STYLE 0x00000200
|
|
#define ISC_RET_DATAGRAM 0x00000400
|
|
#define ISC_RET_CONNECTION 0x00000800
|
|
#define ISC_RET_INTERMEDIATE_RETURN 0x00001000
|
|
#define ISC_RET_CALL_LEVEL 0x00002000
|
|
#define ISC_RET_EXTENDED_ERROR 0x00004000
|
|
#define ISC_RET_STREAM 0x00008000
|
|
#define ISC_RET_INTEGRITY 0x00010000
|
|
#define ISC_RET_IDENTIFY 0x00020000
|
|
#define ISC_RET_NULL_SESSION 0x00040000
|
|
#define ISC_RET_MANUAL_CRED_VALIDATION 0x00080000
|
|
#define ISC_RET_RESERVED1 0x00100000
|
|
#define ISC_RET_FRAGMENT_ONLY 0x00200000
|
|
|
|
#define ASC_REQ_DELEGATE 0x00000001
|
|
#define ASC_REQ_MUTUAL_AUTH 0x00000002
|
|
#define ASC_REQ_REPLAY_DETECT 0x00000004
|
|
#define ASC_REQ_SEQUENCE_DETECT 0x00000008
|
|
#define ASC_REQ_CONFIDENTIALITY 0x00000010
|
|
#define ASC_REQ_USE_SESSION_KEY 0x00000020
|
|
#define ASC_REQ_ALLOCATE_MEMORY 0x00000100
|
|
#define ASC_REQ_USE_DCE_STYLE 0x00000200
|
|
#define ASC_REQ_DATAGRAM 0x00000400
|
|
#define ASC_REQ_CONNECTION 0x00000800
|
|
#define ASC_REQ_CALL_LEVEL 0x00001000
|
|
#define ASC_REQ_EXTENDED_ERROR 0x00008000
|
|
#define ASC_REQ_STREAM 0x00010000
|
|
#define ASC_REQ_INTEGRITY 0x00020000
|
|
#define ASC_REQ_LICENSING 0x00040000
|
|
#define ASC_REQ_IDENTIFY 0x00080000
|
|
#define ASC_REQ_ALLOW_NULL_SESSION 0x00100000
|
|
#define ASC_REQ_ALLOW_NON_USER_LOGONS 0x00200000
|
|
#define ASC_REQ_ALLOW_CONTEXT_REPLAY 0x00400000
|
|
#define ASC_REQ_FRAGMENT_TO_FIT 0x00800000
|
|
#define ASC_REQ_FRAGMENT_SUPPLIED 0x00002000
|
|
#define ASC_REQ_NO_TOKEN 0x01000000
|
|
|
|
#define ASC_RET_DELEGATE 0x00000001
|
|
#define ASC_RET_MUTUAL_AUTH 0x00000002
|
|
#define ASC_RET_REPLAY_DETECT 0x00000004
|
|
#define ASC_RET_SEQUENCE_DETECT 0x00000008
|
|
#define ASC_RET_CONFIDENTIALITY 0x00000010
|
|
#define ASC_RET_USE_SESSION_KEY 0x00000020
|
|
#define ASC_RET_ALLOCATED_MEMORY 0x00000100
|
|
#define ASC_RET_USED_DCE_STYLE 0x00000200
|
|
#define ASC_RET_DATAGRAM 0x00000400
|
|
#define ASC_RET_CONNECTION 0x00000800
|
|
#define ASC_RET_CALL_LEVEL 0x00002000 // skipped 1000 to be like ISC_
|
|
#define ASC_RET_THIRD_LEG_FAILED 0x00004000
|
|
#define ASC_RET_EXTENDED_ERROR 0x00008000
|
|
#define ASC_RET_STREAM 0x00010000
|
|
#define ASC_RET_INTEGRITY 0x00020000
|
|
#define ASC_RET_LICENSING 0x00040000
|
|
#define ASC_RET_IDENTIFY 0x00080000
|
|
#define ASC_RET_NULL_SESSION 0x00100000
|
|
#define ASC_RET_ALLOW_NON_USER_LOGONS 0x00200000
|
|
#define ASC_RET_ALLOW_CONTEXT_REPLAY 0x00400000
|
|
#define ASC_RET_FRAGMENT_ONLY 0x00800000
|
|
#define ASC_RET_NO_TOKEN 0x01000000
|
|
|
|
//
|
|
// Security Credentials Attributes:
|
|
//
|
|
|
|
#define SECPKG_CRED_ATTR_NAMES 1
|
|
|
|
typedef struct _SecPkgCredentials_NamesW
|
|
{
|
|
SEC_WCHAR SEC_FAR * sUserName;
|
|
} SecPkgCredentials_NamesW, SEC_FAR * PSecPkgCredentials_NamesW;
|
|
|
|
// end_ntifs
|
|
|
|
typedef struct _SecPkgCredentials_NamesA
|
|
{
|
|
SEC_CHAR SEC_FAR * sUserName;
|
|
} SecPkgCredentials_NamesA, SEC_FAR * PSecPkgCredentials_NamesA;
|
|
|
|
#ifdef UNICODE
|
|
# define SecPkgCredentials_Names SecPkgCredentials_NamesW // ntifs
|
|
# define PSecPkgCredentials_Names PSecPkgCredentials_NamesW // ntifs
|
|
#else
|
|
# define SecPkgCredentials_Names SecPkgCredentials_NamesA
|
|
# define PSecPkgCredentials_Names PSecPkgCredentials_NamesA
|
|
#endif // !UNICODE
|
|
|
|
// begin_ntifs
|
|
|
|
//
|
|
// Security Context Attributes:
|
|
//
|
|
|
|
#define SECPKG_ATTR_SIZES 0
|
|
#define SECPKG_ATTR_NAMES 1
|
|
#define SECPKG_ATTR_LIFESPAN 2
|
|
#define SECPKG_ATTR_DCE_INFO 3
|
|
#define SECPKG_ATTR_STREAM_SIZES 4
|
|
#define SECPKG_ATTR_KEY_INFO 5
|
|
#define SECPKG_ATTR_AUTHORITY 6
|
|
#define SECPKG_ATTR_PROTO_INFO 7
|
|
#define SECPKG_ATTR_PASSWORD_EXPIRY 8
|
|
#define SECPKG_ATTR_SESSION_KEY 9
|
|
#define SECPKG_ATTR_PACKAGE_INFO 10
|
|
#define SECPKG_ATTR_USER_FLAGS 11
|
|
#define SECPKG_ATTR_NEGOTIATION_INFO 12
|
|
#define SECPKG_ATTR_NATIVE_NAMES 13
|
|
#define SECPKG_ATTR_FLAGS 14
|
|
#define SECPKG_ATTR_USE_VALIDATED 15
|
|
#define SECPKG_ATTR_CREDENTIAL_NAME 16
|
|
#define SECPKG_ATTR_TARGET_INFORMATION 17
|
|
#define SECPKG_ATTR_ACCESS_TOKEN 18
|
|
#define SECPKG_ATTR_TARGET 19
|
|
#define SECPKG_ATTR_AUTHENTICATION_ID 20
|
|
|
|
typedef struct _SecPkgContext_Sizes
|
|
{
|
|
unsigned long cbMaxToken;
|
|
unsigned long cbMaxSignature;
|
|
unsigned long cbBlockSize;
|
|
unsigned long cbSecurityTrailer;
|
|
} SecPkgContext_Sizes, SEC_FAR * PSecPkgContext_Sizes;
|
|
|
|
typedef struct _SecPkgContext_StreamSizes
|
|
{
|
|
unsigned long cbHeader;
|
|
unsigned long cbTrailer;
|
|
unsigned long cbMaximumMessage;
|
|
unsigned long cBuffers;
|
|
unsigned long cbBlockSize;
|
|
} SecPkgContext_StreamSizes, * PSecPkgContext_StreamSizes;
|
|
|
|
typedef struct _SecPkgContext_NamesW
|
|
{
|
|
SEC_WCHAR SEC_FAR * sUserName;
|
|
} SecPkgContext_NamesW, SEC_FAR * PSecPkgContext_NamesW;
|
|
|
|
// end_ntifs
|
|
|
|
typedef struct _SecPkgContext_NamesA
|
|
{
|
|
SEC_CHAR SEC_FAR * sUserName;
|
|
} SecPkgContext_NamesA, SEC_FAR * PSecPkgContext_NamesA;
|
|
|
|
#ifdef UNICODE
|
|
# define SecPkgContext_Names SecPkgContext_NamesW // ntifs
|
|
# define PSecPkgContext_Names PSecPkgContext_NamesW // ntifs
|
|
#else
|
|
# define SecPkgContext_Names SecPkgContext_NamesA
|
|
# define PSecPkgContext_Names PSecPkgContext_NamesA
|
|
#endif // !UNICODE
|
|
|
|
// begin_ntifs
|
|
|
|
typedef struct _SecPkgContext_Lifespan
|
|
{
|
|
TimeStamp tsStart;
|
|
TimeStamp tsExpiry;
|
|
} SecPkgContext_Lifespan, SEC_FAR * PSecPkgContext_Lifespan;
|
|
|
|
typedef struct _SecPkgContext_DceInfo
|
|
{
|
|
unsigned long AuthzSvc;
|
|
void SEC_FAR * pPac;
|
|
} SecPkgContext_DceInfo, SEC_FAR * PSecPkgContext_DceInfo;
|
|
|
|
// end_ntifs
|
|
|
|
typedef struct _SecPkgContext_KeyInfoA
|
|
{
|
|
SEC_CHAR SEC_FAR * sSignatureAlgorithmName;
|
|
SEC_CHAR SEC_FAR * sEncryptAlgorithmName;
|
|
unsigned long KeySize;
|
|
unsigned long SignatureAlgorithm;
|
|
unsigned long EncryptAlgorithm;
|
|
} SecPkgContext_KeyInfoA, SEC_FAR * PSecPkgContext_KeyInfoA;
|
|
|
|
// begin_ntifs
|
|
|
|
typedef struct _SecPkgContext_KeyInfoW
|
|
{
|
|
SEC_WCHAR SEC_FAR * sSignatureAlgorithmName;
|
|
SEC_WCHAR SEC_FAR * sEncryptAlgorithmName;
|
|
unsigned long KeySize;
|
|
unsigned long SignatureAlgorithm;
|
|
unsigned long EncryptAlgorithm;
|
|
} SecPkgContext_KeyInfoW, SEC_FAR * PSecPkgContext_KeyInfoW;
|
|
|
|
// end_ntifs
|
|
|
|
#ifdef UNICODE
|
|
#define SecPkgContext_KeyInfo SecPkgContext_KeyInfoW // ntifs
|
|
#define PSecPkgContext_KeyInfo PSecPkgContext_KeyInfoW // ntifs
|
|
#else
|
|
#define SecPkgContext_KeyInfo SecPkgContext_KeyInfoA
|
|
#define PSecPkgContext_KeyInfo PSecPkgContext_KeyInfoA
|
|
#endif
|
|
|
|
typedef struct _SecPkgContext_AuthorityA
|
|
{
|
|
SEC_CHAR SEC_FAR * sAuthorityName;
|
|
} SecPkgContext_AuthorityA, * PSecPkgContext_AuthorityA;
|
|
|
|
// begin_ntifs
|
|
|
|
typedef struct _SecPkgContext_AuthorityW
|
|
{
|
|
SEC_WCHAR SEC_FAR * sAuthorityName;
|
|
} SecPkgContext_AuthorityW, * PSecPkgContext_AuthorityW;
|
|
|
|
// end_ntifs
|
|
|
|
#ifdef UNICODE
|
|
#define SecPkgContext_Authority SecPkgContext_AuthorityW // ntifs
|
|
#define PSecPkgContext_Authority PSecPkgContext_AuthorityW // ntifs
|
|
#else
|
|
#define SecPkgContext_Authority SecPkgContext_AuthorityA
|
|
#define PSecPkgContext_Authority PSecPkgContext_AuthorityA
|
|
#endif
|
|
|
|
typedef struct _SecPkgContext_ProtoInfoA
|
|
{
|
|
SEC_CHAR SEC_FAR * sProtocolName;
|
|
unsigned long majorVersion;
|
|
unsigned long minorVersion;
|
|
} SecPkgContext_ProtoInfoA, SEC_FAR * PSecPkgContext_ProtoInfoA;
|
|
|
|
// begin_ntifs
|
|
|
|
typedef struct _SecPkgContext_ProtoInfoW
|
|
{
|
|
SEC_WCHAR SEC_FAR * sProtocolName;
|
|
unsigned long majorVersion;
|
|
unsigned long minorVersion;
|
|
} SecPkgContext_ProtoInfoW, SEC_FAR * PSecPkgContext_ProtoInfoW;
|
|
|
|
// end_ntifs
|
|
|
|
#ifdef UNICODE
|
|
#define SecPkgContext_ProtoInfo SecPkgContext_ProtoInfoW // ntifs
|
|
#define PSecPkgContext_ProtoInfo PSecPkgContext_ProtoInfoW // ntifs
|
|
#else
|
|
#define SecPkgContext_ProtoInfo SecPkgContext_ProtoInfoA
|
|
#define PSecPkgContext_ProtoInfo PSecPkgContext_ProtoInfoA
|
|
#endif
|
|
|
|
// begin_ntifs
|
|
|
|
typedef struct _SecPkgContext_PasswordExpiry
|
|
{
|
|
TimeStamp tsPasswordExpires;
|
|
} SecPkgContext_PasswordExpiry, SEC_FAR * PSecPkgContext_PasswordExpiry;
|
|
|
|
typedef struct _SecPkgContext_SessionKey
|
|
{
|
|
unsigned long SessionKeyLength;
|
|
unsigned char SEC_FAR * SessionKey;
|
|
} SecPkgContext_SessionKey, *PSecPkgContext_SessionKey;
|
|
|
|
|
|
typedef struct _SecPkgContext_PackageInfoW
|
|
{
|
|
PSecPkgInfoW PackageInfo;
|
|
} SecPkgContext_PackageInfoW, SEC_FAR * PSecPkgContext_PackageInfoW;
|
|
|
|
// end_ntifs
|
|
|
|
typedef struct _SecPkgContext_PackageInfoA
|
|
{
|
|
PSecPkgInfoA PackageInfo;
|
|
} SecPkgContext_PackageInfoA, SEC_FAR * PSecPkgContext_PackageInfoA;
|
|
|
|
// begin_ntifs
|
|
|
|
typedef struct _SecPkgContext_UserFlags
|
|
{
|
|
unsigned long UserFlags;
|
|
} SecPkgContext_UserFlags, SEC_FAR * PSecPkgContext_UserFlags;
|
|
|
|
typedef struct _SecPkgContext_Flags
|
|
{
|
|
unsigned long Flags;
|
|
} SecPkgContext_Flags, SEC_FAR * PSecPkgContext_Flags;
|
|
|
|
// end_ntifs
|
|
|
|
#ifdef UNICODE
|
|
#define SecPkgContext_PackageInfo SecPkgContext_PackageInfoW // ntifs
|
|
#define PSecPkgContext_PackageInfo PSecPkgContext_PackageInfoW // ntifs
|
|
#else
|
|
#define SecPkgContext_PackageInfo SecPkgContext_PackageInfoA
|
|
#define PSecPkgContext_PackageInfo PSecPkgContext_PackageInfoA
|
|
#endif
|
|
|
|
|
|
typedef struct _SecPkgContext_NegotiationInfoA
|
|
{
|
|
PSecPkgInfoA PackageInfo ;
|
|
unsigned long NegotiationState ;
|
|
} SecPkgContext_NegotiationInfoA, SEC_FAR * PSecPkgContext_NegotiationInfoA ;
|
|
|
|
// begin_ntifs
|
|
typedef struct _SecPkgContext_NegotiationInfoW
|
|
{
|
|
PSecPkgInfoW PackageInfo ;
|
|
unsigned long NegotiationState ;
|
|
} SecPkgContext_NegotiationInfoW, SEC_FAR * PSecPkgContext_NegotiationInfoW ;
|
|
|
|
// end_ntifs
|
|
|
|
#ifdef UNICODE
|
|
#define SecPkgContext_NegotiationInfo SecPkgContext_NegotiationInfoW
|
|
#define PSecPkgContext_NegotiationInfo PSecPkgContext_NegotiationInfoW
|
|
#else
|
|
#define SecPkgContext_NegotiationInfo SecPkgContext_NegotiationInfoA
|
|
#define PSecPkgContext_NegotiationInfo PSecPkgContext_NegotiationInfoA
|
|
#endif
|
|
|
|
#define SECPKG_NEGOTIATION_COMPLETE 0
|
|
#define SECPKG_NEGOTIATION_OPTIMISTIC 1
|
|
#define SECPKG_NEGOTIATION_IN_PROGRESS 2
|
|
#define SECPKG_NEGOTIATION_DIRECT 3
|
|
#define SECPKG_NEGOTIATION_TRY_MULTICRED 4
|
|
|
|
|
|
typedef struct _SecPkgContext_NativeNamesW
|
|
{
|
|
SEC_WCHAR SEC_FAR * sClientName;
|
|
SEC_WCHAR SEC_FAR * sServerName;
|
|
} SecPkgContext_NativeNamesW, SEC_FAR * PSecPkgContext_NativeNamesW;
|
|
|
|
typedef struct _SecPkgContext_NativeNamesA
|
|
{
|
|
SEC_CHAR SEC_FAR * sClientName;
|
|
SEC_CHAR SEC_FAR * sServerName;
|
|
} SecPkgContext_NativeNamesA, SEC_FAR * PSecPkgContext_NativeNamesA;
|
|
|
|
|
|
#ifdef UNICODE
|
|
# define SecPkgContext_NativeNames SecPkgContext_NativeNamesW // ntifs
|
|
# define PSecPkgContext_NativeNames PSecPkgContext_NativeNamesW // ntifs
|
|
#else
|
|
# define SecPkgContext_NativeNames SecPkgContext_NativeNamesA
|
|
# define PSecPkgContext_NativeNames PSecPkgContext_NativeNamesA
|
|
#endif // !UNICODE
|
|
|
|
// begin_ntifs
|
|
typedef struct _SecPkgContext_CredentialNameW
|
|
{
|
|
unsigned long CredentialType;
|
|
SEC_WCHAR SEC_FAR *sCredentialName;
|
|
} SecPkgContext_CredentialNameW, SEC_FAR * PSecPkgContext_CredentialNameW;
|
|
|
|
// end_ntifs
|
|
|
|
typedef struct _SecPkgContext_CredentialNameA
|
|
{
|
|
unsigned long CredentialType;
|
|
SEC_CHAR SEC_FAR *sCredentialName;
|
|
} SecPkgContext_CredentialNameA, SEC_FAR * PSecPkgContext_CredentialNameA;
|
|
|
|
#ifdef UNICODE
|
|
# define SecPkgContext_CredentialName SecPkgContext_CredentialNameW // ntifs
|
|
# define PSecPkgContext_CredentialName PSecPkgContext_CredentialNameW // ntifs
|
|
#else
|
|
# define SecPkgContext_CredentialName SecPkgContext_CredentialNameA
|
|
# define PSecPkgContext_CredentialName PSecPkgContext_CredentialNameA
|
|
#endif // !UNICODE
|
|
|
|
typedef struct _SecPkgContext_AccessToken
|
|
{
|
|
void SEC_FAR * AccessToken;
|
|
} SecPkgContext_AccessToken, SEC_FAR * PSecPkgContext_AccessToken;
|
|
|
|
typedef struct _SecPkgContext_TargetInformation
|
|
{
|
|
unsigned long MarshalledTargetInfoLength;
|
|
unsigned char SEC_FAR * MarshalledTargetInfo;
|
|
|
|
} SecPkgContext_TargetInformation, SEC_FAR * PSecPkgContext_TargetInformation;
|
|
|
|
typedef struct _SecPkgContext_AuthzID
|
|
{
|
|
unsigned long AuthzIDLength;
|
|
char SEC_FAR * AuthzID;
|
|
|
|
} SecPkgContext_AuthzID, SEC_FAR * PSecPkgContext_AuthzID;
|
|
|
|
typedef struct _SecPkgContext_Target
|
|
{
|
|
unsigned long TargetLength;
|
|
char SEC_FAR * Target;
|
|
|
|
} SecPkgContext_Target, SEC_FAR * PSecPkgContext_Target;
|
|
|
|
|
|
// begin_ntifs
|
|
|
|
typedef void
|
|
(SEC_ENTRY SEC_FAR * SEC_GET_KEY_FN) (
|
|
void SEC_FAR * Arg, // Argument passed in
|
|
void SEC_FAR * Principal, // Principal ID
|
|
unsigned long KeyVer, // Key Version
|
|
void SEC_FAR * SEC_FAR * Key, // Returned ptr to key
|
|
SECURITY_STATUS SEC_FAR * Status // returned status
|
|
);
|
|
|
|
//
|
|
// Flags for ExportSecurityContext
|
|
//
|
|
|
|
#define SECPKG_CONTEXT_EXPORT_RESET_NEW 0x00000001 // New context is reset to initial state
|
|
#define SECPKG_CONTEXT_EXPORT_DELETE_OLD 0x00000002 // Old context is deleted during export
|
|
|
|
|
|
SECURITY_STATUS SEC_ENTRY
|
|
AcquireCredentialsHandleW(
|
|
#if ISSP_MODE == 0 // For Kernel mode
|
|
PSECURITY_STRING pPrincipal,
|
|
PSECURITY_STRING pPackage,
|
|
#else
|
|
SEC_WCHAR SEC_FAR * pszPrincipal, // Name of principal
|
|
SEC_WCHAR SEC_FAR * pszPackage, // Name of package
|
|
#endif
|
|
unsigned long fCredentialUse, // Flags indicating use
|
|
void SEC_FAR * pvLogonId, // Pointer to logon ID
|
|
void SEC_FAR * pAuthData, // Package specific data
|
|
SEC_GET_KEY_FN pGetKeyFn, // Pointer to GetKey() func
|
|
void SEC_FAR * pvGetKeyArgument, // Value to pass to GetKey()
|
|
PCredHandle phCredential, // (out) Cred Handle
|
|
PTimeStamp ptsExpiry // (out) Lifetime (optional)
|
|
);
|
|
|
|
typedef SECURITY_STATUS
|
|
(SEC_ENTRY * ACQUIRE_CREDENTIALS_HANDLE_FN_W)(
|
|
#if ISSP_MODE == 0
|
|
PSECURITY_STRING,
|
|
PSECURITY_STRING,
|
|
#else
|
|
SEC_WCHAR SEC_FAR *,
|
|
SEC_WCHAR SEC_FAR *,
|
|
#endif
|
|
unsigned long,
|
|
void SEC_FAR *,
|
|
void SEC_FAR *,
|
|
SEC_GET_KEY_FN,
|
|
void SEC_FAR *,
|
|
PCredHandle,
|
|
PTimeStamp);
|
|
|
|
// end_ntifs
|
|
|
|
SECURITY_STATUS SEC_ENTRY
|
|
AcquireCredentialsHandleA(
|
|
SEC_CHAR SEC_FAR * pszPrincipal, // Name of principal
|
|
SEC_CHAR SEC_FAR * pszPackage, // Name of package
|
|
unsigned long fCredentialUse, // Flags indicating use
|
|
void SEC_FAR * pvLogonId, // Pointer to logon ID
|
|
void SEC_FAR * pAuthData, // Package specific data
|
|
SEC_GET_KEY_FN pGetKeyFn, // Pointer to GetKey() func
|
|
void SEC_FAR * pvGetKeyArgument, // Value to pass to GetKey()
|
|
PCredHandle phCredential, // (out) Cred Handle
|
|
PTimeStamp ptsExpiry // (out) Lifetime (optional)
|
|
);
|
|
|
|
typedef SECURITY_STATUS
|
|
(SEC_ENTRY * ACQUIRE_CREDENTIALS_HANDLE_FN_A)(
|
|
SEC_CHAR SEC_FAR *,
|
|
SEC_CHAR SEC_FAR *,
|
|
unsigned long,
|
|
void SEC_FAR *,
|
|
void SEC_FAR *,
|
|
SEC_GET_KEY_FN,
|
|
void SEC_FAR *,
|
|
PCredHandle,
|
|
PTimeStamp);
|
|
|
|
#ifdef UNICODE
|
|
# define AcquireCredentialsHandle AcquireCredentialsHandleW // ntifs
|
|
# define ACQUIRE_CREDENTIALS_HANDLE_FN ACQUIRE_CREDENTIALS_HANDLE_FN_W // ntifs
|
|
#else
|
|
# define AcquireCredentialsHandle AcquireCredentialsHandleA
|
|
# define ACQUIRE_CREDENTIALS_HANDLE_FN ACQUIRE_CREDENTIALS_HANDLE_FN_A
|
|
#endif // !UNICODE
|
|
|
|
// begin_ntifs
|
|
|
|
SECURITY_STATUS SEC_ENTRY
|
|
FreeCredentialsHandle(
|
|
PCredHandle phCredential // Handle to free
|
|
);
|
|
|
|
typedef SECURITY_STATUS
|
|
(SEC_ENTRY * FREE_CREDENTIALS_HANDLE_FN)(
|
|
PCredHandle );
|
|
|
|
SECURITY_STATUS SEC_ENTRY
|
|
AddCredentialsW(
|
|
PCredHandle hCredentials,
|
|
#if ISSP_MODE == 0 // For Kernel mode
|
|
PSECURITY_STRING pPrincipal,
|
|
PSECURITY_STRING pPackage,
|
|
#else
|
|
SEC_WCHAR SEC_FAR * pszPrincipal, // Name of principal
|
|
SEC_WCHAR SEC_FAR * pszPackage, // Name of package
|
|
#endif
|
|
unsigned long fCredentialUse, // Flags indicating use
|
|
void SEC_FAR * pAuthData, // Package specific data
|
|
SEC_GET_KEY_FN pGetKeyFn, // Pointer to GetKey() func
|
|
void SEC_FAR * pvGetKeyArgument, // Value to pass to GetKey()
|
|
PTimeStamp ptsExpiry // (out) Lifetime (optional)
|
|
);
|
|
|
|
typedef SECURITY_STATUS
|
|
(SEC_ENTRY * ADD_CREDENTIALS_FN_W)(
|
|
PCredHandle,
|
|
#if ISSP_MODE == 0
|
|
PSECURITY_STRING,
|
|
PSECURITY_STRING,
|
|
#else
|
|
SEC_WCHAR SEC_FAR *,
|
|
SEC_WCHAR SEC_FAR *,
|
|
#endif
|
|
unsigned long,
|
|
void SEC_FAR *,
|
|
SEC_GET_KEY_FN,
|
|
void SEC_FAR *,
|
|
PTimeStamp);
|
|
|
|
SECURITY_STATUS SEC_ENTRY
|
|
AddCredentialsA(
|
|
PCredHandle hCredentials,
|
|
SEC_CHAR SEC_FAR * pszPrincipal, // Name of principal
|
|
SEC_CHAR SEC_FAR * pszPackage, // Name of package
|
|
unsigned long fCredentialUse, // Flags indicating use
|
|
void SEC_FAR * pAuthData, // Package specific data
|
|
SEC_GET_KEY_FN pGetKeyFn, // Pointer to GetKey() func
|
|
void SEC_FAR * pvGetKeyArgument, // Value to pass to GetKey()
|
|
PTimeStamp ptsExpiry // (out) Lifetime (optional)
|
|
);
|
|
|
|
typedef SECURITY_STATUS
|
|
(SEC_ENTRY * ADD_CREDENTIALS_FN_A)(
|
|
PCredHandle,
|
|
SEC_CHAR SEC_FAR *,
|
|
SEC_CHAR SEC_FAR *,
|
|
unsigned long,
|
|
void SEC_FAR *,
|
|
SEC_GET_KEY_FN,
|
|
void SEC_FAR *,
|
|
PTimeStamp);
|
|
|
|
#ifdef UNICODE
|
|
#define AddCredentials AddCredentialsW
|
|
#define ADD_CREDENTIALS_FN ADD_CREDENTIALS_FN_W
|
|
#else
|
|
#define AddCredentials AddCredentialsA
|
|
#define ADD_CREDENTIALS_FN ADD_CREDENTIALS_FN_A
|
|
#endif
|
|
|
|
////////////////////////////////////////////////////////////////////////
|
|
///
|
|
/// Context Management Functions
|
|
///
|
|
////////////////////////////////////////////////////////////////////////
|
|
|
|
SECURITY_STATUS SEC_ENTRY
|
|
InitializeSecurityContextW(
|
|
PCredHandle phCredential, // Cred to base context
|
|
PCtxtHandle phContext, // Existing context (OPT)
|
|
#if ISSP_MODE == 0
|
|
PSECURITY_STRING pTargetName,
|
|
#else
|
|
SEC_WCHAR SEC_FAR * pszTargetName, // Name of target
|
|
#endif
|
|
unsigned long fContextReq, // Context Requirements
|
|
unsigned long Reserved1, // Reserved, MBZ
|
|
unsigned long TargetDataRep, // Data rep of target
|
|
PSecBufferDesc pInput, // Input Buffers
|
|
unsigned long Reserved2, // Reserved, MBZ
|
|
PCtxtHandle phNewContext, // (out) New Context handle
|
|
PSecBufferDesc pOutput, // (inout) Output Buffers
|
|
unsigned long SEC_FAR * pfContextAttr, // (out) Context attrs
|
|
PTimeStamp ptsExpiry // (out) Life span (OPT)
|
|
);
|
|
|
|
typedef SECURITY_STATUS
|
|
(SEC_ENTRY * INITIALIZE_SECURITY_CONTEXT_FN_W)(
|
|
PCredHandle,
|
|
PCtxtHandle,
|
|
#if ISSP_MODE == 0
|
|
PSECURITY_STRING,
|
|
#else
|
|
SEC_WCHAR SEC_FAR *,
|
|
#endif
|
|
unsigned long,
|
|
unsigned long,
|
|
unsigned long,
|
|
PSecBufferDesc,
|
|
unsigned long,
|
|
PCtxtHandle,
|
|
PSecBufferDesc,
|
|
unsigned long SEC_FAR *,
|
|
PTimeStamp);
|
|
|
|
// end_ntifs
|
|
|
|
SECURITY_STATUS SEC_ENTRY
|
|
InitializeSecurityContextA(
|
|
PCredHandle phCredential, // Cred to base context
|
|
PCtxtHandle phContext, // Existing context (OPT)
|
|
SEC_CHAR SEC_FAR * pszTargetName, // Name of target
|
|
unsigned long fContextReq, // Context Requirements
|
|
unsigned long Reserved1, // Reserved, MBZ
|
|
unsigned long TargetDataRep, // Data rep of target
|
|
PSecBufferDesc pInput, // Input Buffers
|
|
unsigned long Reserved2, // Reserved, MBZ
|
|
PCtxtHandle phNewContext, // (out) New Context handle
|
|
PSecBufferDesc pOutput, // (inout) Output Buffers
|
|
unsigned long SEC_FAR * pfContextAttr, // (out) Context attrs
|
|
PTimeStamp ptsExpiry // (out) Life span (OPT)
|
|
);
|
|
|
|
typedef SECURITY_STATUS
|
|
(SEC_ENTRY * INITIALIZE_SECURITY_CONTEXT_FN_A)(
|
|
PCredHandle,
|
|
PCtxtHandle,
|
|
SEC_CHAR SEC_FAR *,
|
|
unsigned long,
|
|
unsigned long,
|
|
unsigned long,
|
|
PSecBufferDesc,
|
|
unsigned long,
|
|
PCtxtHandle,
|
|
PSecBufferDesc,
|
|
unsigned long SEC_FAR *,
|
|
PTimeStamp);
|
|
|
|
#ifdef UNICODE
|
|
# define InitializeSecurityContext InitializeSecurityContextW // ntifs
|
|
# define INITIALIZE_SECURITY_CONTEXT_FN INITIALIZE_SECURITY_CONTEXT_FN_W // ntifs
|
|
#else
|
|
# define InitializeSecurityContext InitializeSecurityContextA
|
|
# define INITIALIZE_SECURITY_CONTEXT_FN INITIALIZE_SECURITY_CONTEXT_FN_A
|
|
#endif // !UNICODE
|
|
|
|
// begin_ntifs
|
|
|
|
SECURITY_STATUS SEC_ENTRY
|
|
AcceptSecurityContext(
|
|
PCredHandle phCredential, // Cred to base context
|
|
PCtxtHandle phContext, // Existing context (OPT)
|
|
PSecBufferDesc pInput, // Input buffer
|
|
unsigned long fContextReq, // Context Requirements
|
|
unsigned long TargetDataRep, // Target Data Rep
|
|
PCtxtHandle phNewContext, // (out) New context handle
|
|
PSecBufferDesc pOutput, // (inout) Output buffers
|
|
unsigned long SEC_FAR * pfContextAttr, // (out) Context attributes
|
|
PTimeStamp ptsExpiry // (out) Life span (OPT)
|
|
);
|
|
|
|
typedef SECURITY_STATUS
|
|
(SEC_ENTRY * ACCEPT_SECURITY_CONTEXT_FN)(
|
|
PCredHandle,
|
|
PCtxtHandle,
|
|
PSecBufferDesc,
|
|
unsigned long,
|
|
unsigned long,
|
|
PCtxtHandle,
|
|
PSecBufferDesc,
|
|
unsigned long SEC_FAR *,
|
|
PTimeStamp);
|
|
|
|
|
|
|
|
SECURITY_STATUS SEC_ENTRY
|
|
CompleteAuthToken(
|
|
PCtxtHandle phContext, // Context to complete
|
|
PSecBufferDesc pToken // Token to complete
|
|
);
|
|
|
|
typedef SECURITY_STATUS
|
|
(SEC_ENTRY * COMPLETE_AUTH_TOKEN_FN)(
|
|
PCtxtHandle,
|
|
PSecBufferDesc);
|
|
|
|
|
|
SECURITY_STATUS SEC_ENTRY
|
|
ImpersonateSecurityContext(
|
|
PCtxtHandle phContext // Context to impersonate
|
|
);
|
|
|
|
typedef SECURITY_STATUS
|
|
(SEC_ENTRY * IMPERSONATE_SECURITY_CONTEXT_FN)(
|
|
PCtxtHandle);
|
|
|
|
|
|
|
|
SECURITY_STATUS SEC_ENTRY
|
|
RevertSecurityContext(
|
|
PCtxtHandle phContext // Context from which to re
|
|
);
|
|
|
|
typedef SECURITY_STATUS
|
|
(SEC_ENTRY * REVERT_SECURITY_CONTEXT_FN)(
|
|
PCtxtHandle);
|
|
|
|
|
|
SECURITY_STATUS SEC_ENTRY
|
|
QuerySecurityContextToken(
|
|
PCtxtHandle phContext,
|
|
void SEC_FAR * SEC_FAR * Token
|
|
);
|
|
|
|
typedef SECURITY_STATUS
|
|
(SEC_ENTRY * QUERY_SECURITY_CONTEXT_TOKEN_FN)(
|
|
PCtxtHandle, void SEC_FAR * SEC_FAR *);
|
|
|
|
|
|
|
|
SECURITY_STATUS SEC_ENTRY
|
|
DeleteSecurityContext(
|
|
PCtxtHandle phContext // Context to delete
|
|
);
|
|
|
|
typedef SECURITY_STATUS
|
|
(SEC_ENTRY * DELETE_SECURITY_CONTEXT_FN)(
|
|
PCtxtHandle);
|
|
|
|
|
|
|
|
SECURITY_STATUS SEC_ENTRY
|
|
ApplyControlToken(
|
|
PCtxtHandle phContext, // Context to modify
|
|
PSecBufferDesc pInput // Input token to apply
|
|
);
|
|
|
|
typedef SECURITY_STATUS
|
|
(SEC_ENTRY * APPLY_CONTROL_TOKEN_FN)(
|
|
PCtxtHandle, PSecBufferDesc);
|
|
|
|
|
|
|
|
SECURITY_STATUS SEC_ENTRY
|
|
QueryContextAttributesW(
|
|
PCtxtHandle phContext, // Context to query
|
|
unsigned long ulAttribute, // Attribute to query
|
|
void SEC_FAR * pBuffer // Buffer for attributes
|
|
);
|
|
|
|
typedef SECURITY_STATUS
|
|
(SEC_ENTRY * QUERY_CONTEXT_ATTRIBUTES_FN_W)(
|
|
PCtxtHandle,
|
|
unsigned long,
|
|
void SEC_FAR *);
|
|
|
|
// end_ntifs
|
|
|
|
SECURITY_STATUS SEC_ENTRY
|
|
QueryContextAttributesA(
|
|
PCtxtHandle phContext, // Context to query
|
|
unsigned long ulAttribute, // Attribute to query
|
|
void SEC_FAR * pBuffer // Buffer for attributes
|
|
);
|
|
|
|
typedef SECURITY_STATUS
|
|
(SEC_ENTRY * QUERY_CONTEXT_ATTRIBUTES_FN_A)(
|
|
PCtxtHandle,
|
|
unsigned long,
|
|
void SEC_FAR *);
|
|
|
|
#ifdef UNICODE
|
|
# define QueryContextAttributes QueryContextAttributesW // ntifs
|
|
# define QUERY_CONTEXT_ATTRIBUTES_FN QUERY_CONTEXT_ATTRIBUTES_FN_W // ntifs
|
|
#else
|
|
# define QueryContextAttributes QueryContextAttributesA
|
|
# define QUERY_CONTEXT_ATTRIBUTES_FN QUERY_CONTEXT_ATTRIBUTES_FN_A
|
|
#endif // !UNICODE
|
|
|
|
// begin_ntifs
|
|
SECURITY_STATUS SEC_ENTRY
|
|
SetContextAttributesW(
|
|
PCtxtHandle phContext, // Context to Set
|
|
unsigned long ulAttribute, // Attribute to Set
|
|
void SEC_FAR * pBuffer, // Buffer for attributes
|
|
unsigned long cbBuffer // Size (in bytes) of Buffer
|
|
);
|
|
|
|
typedef SECURITY_STATUS
|
|
(SEC_ENTRY * SET_CONTEXT_ATTRIBUTES_FN_W)(
|
|
PCtxtHandle,
|
|
unsigned long,
|
|
void SEC_FAR *,
|
|
unsigned long );
|
|
|
|
// end_ntifs
|
|
|
|
SECURITY_STATUS SEC_ENTRY
|
|
SetContextAttributesA(
|
|
PCtxtHandle phContext, // Context to Set
|
|
unsigned long ulAttribute, // Attribute to Set
|
|
void SEC_FAR * pBuffer, // Buffer for attributes
|
|
unsigned long cbBuffer // Size (in bytes) of Buffer
|
|
);
|
|
|
|
typedef SECURITY_STATUS
|
|
(SEC_ENTRY * SET_CONTEXT_ATTRIBUTES_FN_A)(
|
|
PCtxtHandle,
|
|
unsigned long,
|
|
void SEC_FAR *,
|
|
unsigned long );
|
|
|
|
#ifdef UNICODE
|
|
# define SetContextAttributes SetContextAttributesW // ntifs
|
|
# define SET_CONTEXT_ATTRIBUTES_FN SET_CONTEXT_ATTRIBUTES_FN_W // ntifs
|
|
#else
|
|
# define SetContextAttributes SetContextAttributesA
|
|
# define SET_CONTEXT_ATTRIBUTES_FN SET_CONTEXT_ATTRIBUTES_FN_A
|
|
#endif // !UNICODE
|
|
|
|
// begin_ntifs
|
|
|
|
SECURITY_STATUS SEC_ENTRY
|
|
QueryCredentialsAttributesW(
|
|
PCredHandle phCredential, // Credential to query
|
|
unsigned long ulAttribute, // Attribute to query
|
|
void SEC_FAR * pBuffer // Buffer for attributes
|
|
);
|
|
|
|
typedef SECURITY_STATUS
|
|
(SEC_ENTRY * QUERY_CREDENTIALS_ATTRIBUTES_FN_W)(
|
|
PCredHandle,
|
|
unsigned long,
|
|
void SEC_FAR *);
|
|
|
|
// end_ntifs
|
|
|
|
SECURITY_STATUS SEC_ENTRY
|
|
QueryCredentialsAttributesA(
|
|
PCredHandle phCredential, // Credential to query
|
|
unsigned long ulAttribute, // Attribute to query
|
|
void SEC_FAR * pBuffer // Buffer for attributes
|
|
);
|
|
|
|
typedef SECURITY_STATUS
|
|
(SEC_ENTRY * QUERY_CREDENTIALS_ATTRIBUTES_FN_A)(
|
|
PCredHandle,
|
|
unsigned long,
|
|
void SEC_FAR *);
|
|
|
|
#ifdef UNICODE
|
|
# define QueryCredentialsAttributes QueryCredentialsAttributesW // ntifs
|
|
# define QUERY_CREDENTIALS_ATTRIBUTES_FN QUERY_CREDENTIALS_ATTRIBUTES_FN_W // ntifs
|
|
#else
|
|
# define QueryCredentialsAttributes QueryCredentialsAttributesA
|
|
# define QUERY_CREDENTIALS_ATTRIBUTES_FN QUERY_CREDENTIALS_ATTRIBUTES_FN_A
|
|
#endif // !UNICODE
|
|
|
|
// begin_ntifs
|
|
|
|
SECURITY_STATUS SEC_ENTRY
|
|
FreeContextBuffer(
|
|
void SEC_FAR * pvContextBuffer // buffer to free
|
|
);
|
|
|
|
typedef SECURITY_STATUS
|
|
(SEC_ENTRY * FREE_CONTEXT_BUFFER_FN)(
|
|
void SEC_FAR *);
|
|
|
|
// end_ntifs
|
|
|
|
// begin_ntifs
|
|
///////////////////////////////////////////////////////////////////
|
|
////
|
|
//// Message Support API
|
|
////
|
|
//////////////////////////////////////////////////////////////////
|
|
|
|
SECURITY_STATUS SEC_ENTRY
|
|
MakeSignature(
|
|
PCtxtHandle phContext, // Context to use
|
|
unsigned long fQOP, // Quality of Protection
|
|
PSecBufferDesc pMessage, // Message to sign
|
|
unsigned long MessageSeqNo // Message Sequence Num.
|
|
);
|
|
|
|
typedef SECURITY_STATUS
|
|
(SEC_ENTRY * MAKE_SIGNATURE_FN)(
|
|
PCtxtHandle,
|
|
unsigned long,
|
|
PSecBufferDesc,
|
|
unsigned long);
|
|
|
|
|
|
|
|
SECURITY_STATUS SEC_ENTRY
|
|
VerifySignature(
|
|
PCtxtHandle phContext, // Context to use
|
|
PSecBufferDesc pMessage, // Message to verify
|
|
unsigned long MessageSeqNo, // Sequence Num.
|
|
unsigned long SEC_FAR * pfQOP // QOP used
|
|
);
|
|
|
|
typedef SECURITY_STATUS
|
|
(SEC_ENTRY * VERIFY_SIGNATURE_FN)(
|
|
PCtxtHandle,
|
|
PSecBufferDesc,
|
|
unsigned long,
|
|
unsigned long SEC_FAR *);
|
|
|
|
|
|
#define SECQOP_WRAP_NO_ENCRYPT 0x80000001
|
|
|
|
SECURITY_STATUS SEC_ENTRY
|
|
EncryptMessage( PCtxtHandle phContext,
|
|
unsigned long fQOP,
|
|
PSecBufferDesc pMessage,
|
|
unsigned long MessageSeqNo);
|
|
|
|
typedef SECURITY_STATUS
|
|
(SEC_ENTRY * ENCRYPT_MESSAGE_FN)(
|
|
PCtxtHandle, unsigned long, PSecBufferDesc, unsigned long);
|
|
|
|
|
|
SECURITY_STATUS SEC_ENTRY
|
|
DecryptMessage( PCtxtHandle phContext,
|
|
PSecBufferDesc pMessage,
|
|
unsigned long MessageSeqNo,
|
|
unsigned long * pfQOP);
|
|
|
|
|
|
typedef SECURITY_STATUS
|
|
(SEC_ENTRY * DECRYPT_MESSAGE_FN)(
|
|
PCtxtHandle, PSecBufferDesc, unsigned long,
|
|
unsigned long SEC_FAR *);
|
|
|
|
|
|
// end_ntifs
|
|
|
|
// begin_ntifs
|
|
///////////////////////////////////////////////////////////////////////////
|
|
////
|
|
//// Misc.
|
|
////
|
|
///////////////////////////////////////////////////////////////////////////
|
|
|
|
|
|
SECURITY_STATUS SEC_ENTRY
|
|
EnumerateSecurityPackagesW(
|
|
unsigned long SEC_FAR * pcPackages, // Receives num. packages
|
|
PSecPkgInfoW SEC_FAR * ppPackageInfo // Receives array of info
|
|
);
|
|
|
|
typedef SECURITY_STATUS
|
|
(SEC_ENTRY * ENUMERATE_SECURITY_PACKAGES_FN_W)(
|
|
unsigned long SEC_FAR *,
|
|
PSecPkgInfoW SEC_FAR *);
|
|
|
|
// end_ntifs
|
|
|
|
SECURITY_STATUS SEC_ENTRY
|
|
EnumerateSecurityPackagesA(
|
|
unsigned long SEC_FAR * pcPackages, // Receives num. packages
|
|
PSecPkgInfoA SEC_FAR * ppPackageInfo // Receives array of info
|
|
);
|
|
|
|
typedef SECURITY_STATUS
|
|
(SEC_ENTRY * ENUMERATE_SECURITY_PACKAGES_FN_A)(
|
|
unsigned long SEC_FAR *,
|
|
PSecPkgInfoA SEC_FAR *);
|
|
|
|
#ifdef UNICODE
|
|
# define EnumerateSecurityPackages EnumerateSecurityPackagesW // ntifs
|
|
# define ENUMERATE_SECURITY_PACKAGES_FN ENUMERATE_SECURITY_PACKAGES_FN_W // ntifs
|
|
#else
|
|
# define EnumerateSecurityPackages EnumerateSecurityPackagesA
|
|
# define ENUMERATE_SECURITY_PACKAGES_FN ENUMERATE_SECURITY_PACKAGES_FN_A
|
|
#endif // !UNICODE
|
|
|
|
// begin_ntifs
|
|
|
|
SECURITY_STATUS SEC_ENTRY
|
|
QuerySecurityPackageInfoW(
|
|
#if ISSP_MODE == 0
|
|
PSECURITY_STRING pPackageName,
|
|
#else
|
|
SEC_WCHAR SEC_FAR * pszPackageName, // Name of package
|
|
#endif
|
|
PSecPkgInfoW SEC_FAR *ppPackageInfo // Receives package info
|
|
);
|
|
|
|
typedef SECURITY_STATUS
|
|
(SEC_ENTRY * QUERY_SECURITY_PACKAGE_INFO_FN_W)(
|
|
#if ISSP_MODE == 0
|
|
PSECURITY_STRING,
|
|
#else
|
|
SEC_WCHAR SEC_FAR *,
|
|
#endif
|
|
PSecPkgInfoW SEC_FAR *);
|
|
|
|
// end_ntifs
|
|
|
|
SECURITY_STATUS SEC_ENTRY
|
|
QuerySecurityPackageInfoA(
|
|
SEC_CHAR SEC_FAR * pszPackageName, // Name of package
|
|
PSecPkgInfoA SEC_FAR *ppPackageInfo // Receives package info
|
|
);
|
|
|
|
typedef SECURITY_STATUS
|
|
(SEC_ENTRY * QUERY_SECURITY_PACKAGE_INFO_FN_A)(
|
|
SEC_CHAR SEC_FAR *,
|
|
PSecPkgInfoA SEC_FAR *);
|
|
|
|
#ifdef UNICODE
|
|
# define QuerySecurityPackageInfo QuerySecurityPackageInfoW // ntifs
|
|
# define QUERY_SECURITY_PACKAGE_INFO_FN QUERY_SECURITY_PACKAGE_INFO_FN_W // ntifs
|
|
#else
|
|
# define QuerySecurityPackageInfo QuerySecurityPackageInfoA
|
|
# define QUERY_SECURITY_PACKAGE_INFO_FN QUERY_SECURITY_PACKAGE_INFO_FN_A
|
|
#endif // !UNICODE
|
|
|
|
|
|
typedef enum _SecDelegationType {
|
|
SecFull,
|
|
SecService,
|
|
SecTree,
|
|
SecDirectory,
|
|
SecObject
|
|
} SecDelegationType, * PSecDelegationType;
|
|
|
|
SECURITY_STATUS SEC_ENTRY
|
|
DelegateSecurityContext(
|
|
PCtxtHandle phContext, // IN Active context to delegate
|
|
#if ISSP_MODE == 0
|
|
PSECURITY_STRING pTarget, // IN Target path
|
|
#else
|
|
SEC_CHAR SEC_FAR * pszTarget,
|
|
#endif
|
|
SecDelegationType DelegationType, // IN Type of delegation
|
|
PTimeStamp pExpiry, // IN OPTIONAL time limit
|
|
PSecBuffer pPackageParameters, // IN OPTIONAL package specific
|
|
PSecBufferDesc pOutput); // OUT Token for applycontroltoken.
|
|
|
|
|
|
///////////////////////////////////////////////////////////////////////////
|
|
////
|
|
//// Proxies
|
|
////
|
|
///////////////////////////////////////////////////////////////////////////
|
|
|
|
|
|
//
|
|
// Proxies are only available on NT platforms
|
|
//
|
|
|
|
// begin_ntifs
|
|
|
|
///////////////////////////////////////////////////////////////////////////
|
|
////
|
|
//// Context export/import
|
|
////
|
|
///////////////////////////////////////////////////////////////////////////
|
|
|
|
|
|
|
|
SECURITY_STATUS SEC_ENTRY
|
|
ExportSecurityContext(
|
|
PCtxtHandle phContext, // (in) context to export
|
|
ULONG fFlags, // (in) option flags
|
|
PSecBuffer pPackedContext, // (out) marshalled context
|
|
void SEC_FAR * SEC_FAR * pToken // (out, optional) token handle for impersonation
|
|
);
|
|
|
|
typedef SECURITY_STATUS
|
|
(SEC_ENTRY * EXPORT_SECURITY_CONTEXT_FN)(
|
|
PCtxtHandle,
|
|
ULONG,
|
|
PSecBuffer,
|
|
void SEC_FAR * SEC_FAR *
|
|
);
|
|
|
|
SECURITY_STATUS SEC_ENTRY
|
|
ImportSecurityContextW(
|
|
#if ISSP_MODE == 0
|
|
PSECURITY_STRING pszPackage,
|
|
#else
|
|
SEC_WCHAR SEC_FAR * pszPackage,
|
|
#endif
|
|
PSecBuffer pPackedContext, // (in) marshalled context
|
|
void SEC_FAR * Token, // (in, optional) handle to token for context
|
|
PCtxtHandle phContext // (out) new context handle
|
|
);
|
|
|
|
typedef SECURITY_STATUS
|
|
(SEC_ENTRY * IMPORT_SECURITY_CONTEXT_FN_W)(
|
|
#if ISSP_MODE == 0
|
|
PSECURITY_STRING,
|
|
#else
|
|
SEC_WCHAR SEC_FAR *,
|
|
#endif
|
|
PSecBuffer,
|
|
VOID SEC_FAR *,
|
|
PCtxtHandle
|
|
);
|
|
|
|
// end_ntifs
|
|
SECURITY_STATUS SEC_ENTRY
|
|
ImportSecurityContextA(
|
|
SEC_CHAR SEC_FAR * pszPackage,
|
|
PSecBuffer pPackedContext, // (in) marshalled context
|
|
VOID SEC_FAR * Token, // (in, optional) handle to token for context
|
|
PCtxtHandle phContext // (out) new context handle
|
|
);
|
|
|
|
typedef SECURITY_STATUS
|
|
(SEC_ENTRY * IMPORT_SECURITY_CONTEXT_FN_A)(
|
|
SEC_CHAR SEC_FAR *,
|
|
PSecBuffer,
|
|
void SEC_FAR *,
|
|
PCtxtHandle
|
|
);
|
|
|
|
#ifdef UNICODE
|
|
# define ImportSecurityContext ImportSecurityContextW // ntifs
|
|
# define IMPORT_SECURITY_CONTEXT_FN IMPORT_SECURITY_CONTEXT_FN_W // ntifs
|
|
#else
|
|
# define ImportSecurityContext ImportSecurityContextA
|
|
# define IMPORT_SECURITY_CONTEXT_FN IMPORT_SECURITY_CONTEXT_FN_A
|
|
#endif // !UNICODE
|
|
|
|
// begin_ntifs
|
|
|
|
#if ISSP_MODE == 0
|
|
NTSTATUS
|
|
NTAPI
|
|
SecMakeSPN(
|
|
IN PUNICODE_STRING ServiceClass,
|
|
IN PUNICODE_STRING ServiceName,
|
|
IN PUNICODE_STRING InstanceName OPTIONAL,
|
|
IN USHORT InstancePort OPTIONAL,
|
|
IN PUNICODE_STRING Referrer OPTIONAL,
|
|
IN OUT PUNICODE_STRING Spn,
|
|
OUT PULONG Length OPTIONAL,
|
|
IN BOOLEAN Allocate
|
|
);
|
|
|
|
NTSTATUS
|
|
NTAPI
|
|
SecMakeSPNEx(
|
|
IN PUNICODE_STRING ServiceClass,
|
|
IN PUNICODE_STRING ServiceName,
|
|
IN PUNICODE_STRING InstanceName OPTIONAL,
|
|
IN USHORT InstancePort OPTIONAL,
|
|
IN PUNICODE_STRING Referrer OPTIONAL,
|
|
IN PUNICODE_STRING TargetInfo OPTIONAL,
|
|
IN OUT PUNICODE_STRING Spn,
|
|
OUT PULONG Length OPTIONAL,
|
|
IN BOOLEAN Allocate
|
|
);
|
|
|
|
NTSTATUS
|
|
SEC_ENTRY
|
|
SecLookupAccountSid(
|
|
IN PSID Sid,
|
|
IN OUT PULONG NameSize,
|
|
OUT PUNICODE_STRING NameBuffer,
|
|
IN OUT PULONG DomainSize OPTIONAL,
|
|
OUT PUNICODE_STRING DomainBuffer OPTIONAL,
|
|
OUT PSID_NAME_USE NameUse
|
|
);
|
|
|
|
NTSTATUS
|
|
SEC_ENTRY
|
|
SecLookupAccountName(
|
|
IN PUNICODE_STRING Name,
|
|
IN OUT PULONG SidSize,
|
|
OUT PSID Sid,
|
|
OUT PSID_NAME_USE NameUse,
|
|
IN OUT PULONG DomainSize OPTIONAL,
|
|
OUT PUNICODE_STRING ReferencedDomain OPTIONAL
|
|
);
|
|
|
|
NTSTATUS
|
|
SEC_ENTRY
|
|
SecLookupWellKnownSid(
|
|
IN WELL_KNOWN_SID_TYPE SidType,
|
|
OUT PSID Sid,
|
|
ULONG SidBufferSize,
|
|
OUT PULONG SidSize OPTIONAL
|
|
);
|
|
|
|
#endif
|
|
|
|
// end_ntifs
|
|
|
|
///////////////////////////////////////////////////////////////////////////////
|
|
////
|
|
//// Fast access for RPC:
|
|
////
|
|
///////////////////////////////////////////////////////////////////////////////
|
|
|
|
#define SECURITY_ENTRYPOINT_ANSIW "InitSecurityInterfaceW"
|
|
#define SECURITY_ENTRYPOINT_ANSIA "InitSecurityInterfaceA"
|
|
#define SECURITY_ENTRYPOINTW SEC_TEXT("InitSecurityInterfaceW") // ntifs
|
|
#define SECURITY_ENTRYPOINTA SEC_TEXT("InitSecurityInterfaceA")
|
|
#define SECURITY_ENTRYPOINT16 "INITSECURITYINTERFACEA"
|
|
|
|
#ifdef SECURITY_WIN32
|
|
# ifdef UNICODE
|
|
# define SECURITY_ENTRYPOINT SECURITY_ENTRYPOINTW // ntifs
|
|
# define SECURITY_ENTRYPOINT_ANSI SECURITY_ENTRYPOINT_ANSIW
|
|
# else // UNICODE
|
|
# define SECURITY_ENTRYPOINT SECURITY_ENTRYPOINTA
|
|
# define SECURITY_ENTRYPOINT_ANSI SECURITY_ENTRYPOINT_ANSIA
|
|
# endif // UNICODE
|
|
#else // SECURITY_WIN32
|
|
# define SECURITY_ENTRYPOINT SECURITY_ENTRYPOINT16
|
|
# define SECURITY_ENTRYPOINT_ANSI SECURITY_ENTRYPOINT16
|
|
#endif // SECURITY_WIN32
|
|
|
|
// begin_ntifs
|
|
|
|
#define FreeCredentialHandle FreeCredentialsHandle
|
|
|
|
typedef struct _SECURITY_FUNCTION_TABLE_W {
|
|
unsigned long dwVersion;
|
|
ENUMERATE_SECURITY_PACKAGES_FN_W EnumerateSecurityPackagesW;
|
|
QUERY_CREDENTIALS_ATTRIBUTES_FN_W QueryCredentialsAttributesW;
|
|
ACQUIRE_CREDENTIALS_HANDLE_FN_W AcquireCredentialsHandleW;
|
|
FREE_CREDENTIALS_HANDLE_FN FreeCredentialsHandle;
|
|
void SEC_FAR * Reserved2;
|
|
INITIALIZE_SECURITY_CONTEXT_FN_W InitializeSecurityContextW;
|
|
ACCEPT_SECURITY_CONTEXT_FN AcceptSecurityContext;
|
|
COMPLETE_AUTH_TOKEN_FN CompleteAuthToken;
|
|
DELETE_SECURITY_CONTEXT_FN DeleteSecurityContext;
|
|
APPLY_CONTROL_TOKEN_FN ApplyControlToken;
|
|
QUERY_CONTEXT_ATTRIBUTES_FN_W QueryContextAttributesW;
|
|
IMPERSONATE_SECURITY_CONTEXT_FN ImpersonateSecurityContext;
|
|
REVERT_SECURITY_CONTEXT_FN RevertSecurityContext;
|
|
MAKE_SIGNATURE_FN MakeSignature;
|
|
VERIFY_SIGNATURE_FN VerifySignature;
|
|
FREE_CONTEXT_BUFFER_FN FreeContextBuffer;
|
|
QUERY_SECURITY_PACKAGE_INFO_FN_W QuerySecurityPackageInfoW;
|
|
void SEC_FAR * Reserved3;
|
|
void SEC_FAR * Reserved4;
|
|
EXPORT_SECURITY_CONTEXT_FN ExportSecurityContext;
|
|
IMPORT_SECURITY_CONTEXT_FN_W ImportSecurityContextW;
|
|
ADD_CREDENTIALS_FN_W AddCredentialsW ;
|
|
void SEC_FAR * Reserved8;
|
|
QUERY_SECURITY_CONTEXT_TOKEN_FN QuerySecurityContextToken;
|
|
ENCRYPT_MESSAGE_FN EncryptMessage;
|
|
DECRYPT_MESSAGE_FN DecryptMessage;
|
|
SET_CONTEXT_ATTRIBUTES_FN_W SetContextAttributesW;
|
|
} SecurityFunctionTableW, SEC_FAR * PSecurityFunctionTableW;
|
|
|
|
// end_ntifs
|
|
|
|
typedef struct _SECURITY_FUNCTION_TABLE_A {
|
|
unsigned long dwVersion;
|
|
ENUMERATE_SECURITY_PACKAGES_FN_A EnumerateSecurityPackagesA;
|
|
QUERY_CREDENTIALS_ATTRIBUTES_FN_A QueryCredentialsAttributesA;
|
|
ACQUIRE_CREDENTIALS_HANDLE_FN_A AcquireCredentialsHandleA;
|
|
FREE_CREDENTIALS_HANDLE_FN FreeCredentialHandle;
|
|
void SEC_FAR * Reserved2;
|
|
INITIALIZE_SECURITY_CONTEXT_FN_A InitializeSecurityContextA;
|
|
ACCEPT_SECURITY_CONTEXT_FN AcceptSecurityContext;
|
|
COMPLETE_AUTH_TOKEN_FN CompleteAuthToken;
|
|
DELETE_SECURITY_CONTEXT_FN DeleteSecurityContext;
|
|
APPLY_CONTROL_TOKEN_FN ApplyControlToken;
|
|
QUERY_CONTEXT_ATTRIBUTES_FN_A QueryContextAttributesA;
|
|
IMPERSONATE_SECURITY_CONTEXT_FN ImpersonateSecurityContext;
|
|
REVERT_SECURITY_CONTEXT_FN RevertSecurityContext;
|
|
MAKE_SIGNATURE_FN MakeSignature;
|
|
VERIFY_SIGNATURE_FN VerifySignature;
|
|
FREE_CONTEXT_BUFFER_FN FreeContextBuffer;
|
|
QUERY_SECURITY_PACKAGE_INFO_FN_A QuerySecurityPackageInfoA;
|
|
void SEC_FAR * Reserved3;
|
|
void SEC_FAR * Reserved4;
|
|
EXPORT_SECURITY_CONTEXT_FN ExportSecurityContext;
|
|
IMPORT_SECURITY_CONTEXT_FN_A ImportSecurityContextA;
|
|
ADD_CREDENTIALS_FN_A AddCredentialsA ;
|
|
void SEC_FAR * Reserved8;
|
|
QUERY_SECURITY_CONTEXT_TOKEN_FN QuerySecurityContextToken;
|
|
ENCRYPT_MESSAGE_FN EncryptMessage;
|
|
DECRYPT_MESSAGE_FN DecryptMessage;
|
|
SET_CONTEXT_ATTRIBUTES_FN_A SetContextAttributesA;
|
|
} SecurityFunctionTableA, SEC_FAR * PSecurityFunctionTableA;
|
|
|
|
#ifdef UNICODE
|
|
# define SecurityFunctionTable SecurityFunctionTableW // ntifs
|
|
# define PSecurityFunctionTable PSecurityFunctionTableW // ntifs
|
|
#else
|
|
# define SecurityFunctionTable SecurityFunctionTableA
|
|
# define PSecurityFunctionTable PSecurityFunctionTableA
|
|
#endif // !UNICODE
|
|
|
|
#define SECURITY_
|
|
|
|
// Function table has all routines through DecryptMessage
|
|
#define SECURITY_SUPPORT_PROVIDER_INTERFACE_VERSION 1 // ntifs
|
|
|
|
// Function table has all routines through SetContextAttributes
|
|
#define SECURITY_SUPPORT_PROVIDER_INTERFACE_VERSION_2 2 // ntifs
|
|
|
|
|
|
PSecurityFunctionTableA SEC_ENTRY
|
|
InitSecurityInterfaceA(
|
|
void
|
|
);
|
|
|
|
typedef PSecurityFunctionTableA
|
|
(SEC_ENTRY * INIT_SECURITY_INTERFACE_A)(void);
|
|
|
|
// begin_ntifs
|
|
|
|
PSecurityFunctionTableW SEC_ENTRY
|
|
InitSecurityInterfaceW(
|
|
void
|
|
);
|
|
|
|
typedef PSecurityFunctionTableW
|
|
(SEC_ENTRY * INIT_SECURITY_INTERFACE_W)(void);
|
|
|
|
// end_ntifs
|
|
|
|
#ifdef UNICODE
|
|
# define InitSecurityInterface InitSecurityInterfaceW // ntifs
|
|
# define INIT_SECURITY_INTERFACE INIT_SECURITY_INTERFACE_W // ntifs
|
|
#else
|
|
# define InitSecurityInterface InitSecurityInterfaceA
|
|
# define INIT_SECURITY_INTERFACE INIT_SECURITY_INTERFACE_A
|
|
#endif // !UNICODE
|
|
|
|
|
|
#ifdef SECURITY_WIN32
|
|
|
|
//
|
|
// SASL Profile Support
|
|
//
|
|
|
|
|
|
SECURITY_STATUS
|
|
SEC_ENTRY
|
|
SaslEnumerateProfilesA(
|
|
OUT LPSTR * ProfileList,
|
|
OUT ULONG * ProfileCount
|
|
);
|
|
|
|
SECURITY_STATUS
|
|
SEC_ENTRY
|
|
SaslEnumerateProfilesW(
|
|
OUT LPWSTR * ProfileList,
|
|
OUT ULONG * ProfileCount
|
|
);
|
|
|
|
#ifdef UNICODE
|
|
#define SaslEnumerateProfiles SaslEnumerateProfilesW
|
|
#else
|
|
#define SaslEnumerateProfiles SaslEnumerateProfilesA
|
|
#endif
|
|
|
|
|
|
SECURITY_STATUS
|
|
SEC_ENTRY
|
|
SaslGetProfilePackageA(
|
|
IN LPSTR ProfileName,
|
|
OUT PSecPkgInfoA * PackageInfo
|
|
);
|
|
|
|
|
|
SECURITY_STATUS
|
|
SEC_ENTRY
|
|
SaslGetProfilePackageW(
|
|
IN LPWSTR ProfileName,
|
|
OUT PSecPkgInfoW * PackageInfo
|
|
);
|
|
|
|
#ifdef UNICODE
|
|
#define SaslGetProfilePackage SaslGetProfilePackageW
|
|
#else
|
|
#define SaslGetProfilePackage SaslGetProfilePackageA
|
|
#endif
|
|
|
|
SECURITY_STATUS
|
|
SEC_ENTRY
|
|
SaslIdentifyPackageA(
|
|
IN PSecBufferDesc pInput,
|
|
OUT PSecPkgInfoA * PackageInfo
|
|
);
|
|
|
|
SECURITY_STATUS
|
|
SEC_ENTRY
|
|
SaslIdentifyPackageW(
|
|
IN PSecBufferDesc pInput,
|
|
OUT PSecPkgInfoW * PackageInfo
|
|
);
|
|
|
|
#ifdef UNICODE
|
|
#define SaslIdentifyPackage SaslIdentifyPackageW
|
|
#else
|
|
#define SaslIdentifyPackage SaslIdentifyPackageA
|
|
#endif
|
|
|
|
SECURITY_STATUS
|
|
SEC_ENTRY
|
|
SaslInitializeSecurityContextW(
|
|
PCredHandle phCredential, // Cred to base context
|
|
PCtxtHandle phContext, // Existing context (OPT)
|
|
LPWSTR pszTargetName, // Name of target
|
|
unsigned long fContextReq, // Context Requirements
|
|
unsigned long Reserved1, // Reserved, MBZ
|
|
unsigned long TargetDataRep, // Data rep of target
|
|
PSecBufferDesc pInput, // Input Buffers
|
|
unsigned long Reserved2, // Reserved, MBZ
|
|
PCtxtHandle phNewContext, // (out) New Context handle
|
|
PSecBufferDesc pOutput, // (inout) Output Buffers
|
|
unsigned long SEC_FAR * pfContextAttr, // (out) Context attrs
|
|
PTimeStamp ptsExpiry // (out) Life span (OPT)
|
|
);
|
|
|
|
SECURITY_STATUS
|
|
SEC_ENTRY
|
|
SaslInitializeSecurityContextA(
|
|
PCredHandle phCredential, // Cred to base context
|
|
PCtxtHandle phContext, // Existing context (OPT)
|
|
LPSTR pszTargetName, // Name of target
|
|
unsigned long fContextReq, // Context Requirements
|
|
unsigned long Reserved1, // Reserved, MBZ
|
|
unsigned long TargetDataRep, // Data rep of target
|
|
PSecBufferDesc pInput, // Input Buffers
|
|
unsigned long Reserved2, // Reserved, MBZ
|
|
PCtxtHandle phNewContext, // (out) New Context handle
|
|
PSecBufferDesc pOutput, // (inout) Output Buffers
|
|
unsigned long SEC_FAR * pfContextAttr, // (out) Context attrs
|
|
PTimeStamp ptsExpiry // (out) Life span (OPT)
|
|
);
|
|
|
|
#ifdef UNICODE
|
|
#define SaslInitializeSecurityContext SaslInitializeSecurityContextW
|
|
#else
|
|
#define SaslInitializeSecurityContext SaslInitializeSecurityContextA
|
|
#endif
|
|
|
|
|
|
SECURITY_STATUS
|
|
SEC_ENTRY
|
|
SaslAcceptSecurityContext(
|
|
PCredHandle phCredential, // Cred to base context
|
|
PCtxtHandle phContext, // Existing context (OPT)
|
|
PSecBufferDesc pInput, // Input buffer
|
|
unsigned long fContextReq, // Context Requirements
|
|
unsigned long TargetDataRep, // Target Data Rep
|
|
PCtxtHandle phNewContext, // (out) New context handle
|
|
PSecBufferDesc pOutput, // (inout) Output buffers
|
|
unsigned long SEC_FAR * pfContextAttr, // (out) Context attributes
|
|
PTimeStamp ptsExpiry // (out) Life span (OPT)
|
|
);
|
|
|
|
|
|
#define SASL_OPTION_SEND_SIZE 1 // Maximum size to send to peer
|
|
#define SASL_OPTION_RECV_SIZE 2 // Maximum size willing to receive
|
|
#define SASL_OPTION_AUTHZ_STRING 3 // Authorization string
|
|
#define SASL_OPTION_AUTHZ_PROCESSING 4 // Authorization string processing
|
|
|
|
typedef enum _SASL_AUTHZID_STATE {
|
|
Sasl_AuthZIDForbidden, // allow no AuthZID strings to be specified - error out (default)
|
|
Sasl_AuthZIDProcessed // AuthZID Strings processed by Application or SSP
|
|
} SASL_AUTHZID_STATE ;
|
|
|
|
SECURITY_STATUS
|
|
SEC_ENTRY
|
|
SaslSetContextOption(
|
|
PCtxtHandle ContextHandle,
|
|
ULONG Option,
|
|
PVOID Value,
|
|
ULONG Size
|
|
);
|
|
|
|
|
|
SECURITY_STATUS
|
|
SEC_ENTRY
|
|
SaslGetContextOption(
|
|
PCtxtHandle ContextHandle,
|
|
ULONG Option,
|
|
PVOID Value,
|
|
ULONG Size,
|
|
PULONG Needed OPTIONAL
|
|
);
|
|
|
|
#endif
|
|
|
|
#ifdef SECURITY_DOS
|
|
#if _MSC_VER >= 1200
|
|
#pragma warning(pop)
|
|
#else
|
|
#pragma warning(default:4147)
|
|
#endif
|
|
#endif
|
|
|
|
//
|
|
// This is the legacy credentials structure.
|
|
// The EX version below is preferred.
|
|
|
|
// begin_ntifs
|
|
#ifndef _AUTH_IDENTITY_DEFINED
|
|
#define _AUTH_IDENTITY_DEFINED
|
|
|
|
#define SEC_WINNT_AUTH_IDENTITY_ANSI 0x1
|
|
#define SEC_WINNT_AUTH_IDENTITY_UNICODE 0x2
|
|
|
|
typedef struct _SEC_WINNT_AUTH_IDENTITY_W {
|
|
unsigned short *User;
|
|
unsigned long UserLength;
|
|
unsigned short *Domain;
|
|
unsigned long DomainLength;
|
|
unsigned short *Password;
|
|
unsigned long PasswordLength;
|
|
unsigned long Flags;
|
|
} SEC_WINNT_AUTH_IDENTITY_W, *PSEC_WINNT_AUTH_IDENTITY_W;
|
|
|
|
// end_ntifs
|
|
|
|
typedef struct _SEC_WINNT_AUTH_IDENTITY_A {
|
|
unsigned char *User;
|
|
unsigned long UserLength;
|
|
unsigned char *Domain;
|
|
unsigned long DomainLength;
|
|
unsigned char *Password;
|
|
unsigned long PasswordLength;
|
|
unsigned long Flags;
|
|
} SEC_WINNT_AUTH_IDENTITY_A, *PSEC_WINNT_AUTH_IDENTITY_A;
|
|
|
|
|
|
#ifdef UNICODE
|
|
#define SEC_WINNT_AUTH_IDENTITY SEC_WINNT_AUTH_IDENTITY_W // ntifs
|
|
#define PSEC_WINNT_AUTH_IDENTITY PSEC_WINNT_AUTH_IDENTITY_W // ntifs
|
|
#define _SEC_WINNT_AUTH_IDENTITY _SEC_WINNT_AUTH_IDENTITY_W // ntifs
|
|
#else // UNICODE
|
|
#define SEC_WINNT_AUTH_IDENTITY SEC_WINNT_AUTH_IDENTITY_A
|
|
#define PSEC_WINNT_AUTH_IDENTITY PSEC_WINNT_AUTH_IDENTITY_A
|
|
#define _SEC_WINNT_AUTH_IDENTITY _SEC_WINNT_AUTH_IDENTITY_A
|
|
#endif // UNICODE
|
|
|
|
#endif //_AUTH_IDENTITY_DEFINED // ntifs
|
|
|
|
// begin_ntifs
|
|
//
|
|
// This is the combined authentication identity structure that may be
|
|
// used with the negotiate package, NTLM, Kerberos, or SCHANNEL
|
|
//
|
|
|
|
|
|
#ifndef SEC_WINNT_AUTH_IDENTITY_VERSION
|
|
#define SEC_WINNT_AUTH_IDENTITY_VERSION 0x200
|
|
|
|
typedef struct _SEC_WINNT_AUTH_IDENTITY_EXW {
|
|
unsigned long Version;
|
|
unsigned long Length;
|
|
unsigned short SEC_FAR *User;
|
|
unsigned long UserLength;
|
|
unsigned short SEC_FAR *Domain;
|
|
unsigned long DomainLength;
|
|
unsigned short SEC_FAR *Password;
|
|
unsigned long PasswordLength;
|
|
unsigned long Flags;
|
|
unsigned short SEC_FAR * PackageList;
|
|
unsigned long PackageListLength;
|
|
} SEC_WINNT_AUTH_IDENTITY_EXW, *PSEC_WINNT_AUTH_IDENTITY_EXW;
|
|
|
|
// end_ntifs
|
|
|
|
typedef struct _SEC_WINNT_AUTH_IDENTITY_EXA {
|
|
unsigned long Version;
|
|
unsigned long Length;
|
|
unsigned char SEC_FAR *User;
|
|
unsigned long UserLength;
|
|
unsigned char SEC_FAR *Domain;
|
|
unsigned long DomainLength;
|
|
unsigned char SEC_FAR *Password;
|
|
unsigned long PasswordLength;
|
|
unsigned long Flags;
|
|
unsigned char SEC_FAR * PackageList;
|
|
unsigned long PackageListLength;
|
|
} SEC_WINNT_AUTH_IDENTITY_EXA, *PSEC_WINNT_AUTH_IDENTITY_EXA;
|
|
|
|
#ifdef UNICODE
|
|
#define SEC_WINNT_AUTH_IDENTITY_EX SEC_WINNT_AUTH_IDENTITY_EXW // ntifs
|
|
#define PSEC_WINNT_AUTH_IDENTITY_EX PSEC_WINNT_AUTH_IDENTITY_EXW // ntifs
|
|
#else
|
|
#define SEC_WINNT_AUTH_IDENTITY_EX SEC_WINNT_AUTH_IDENTITY_EXA
|
|
#endif
|
|
|
|
// begin_ntifs
|
|
#endif // SEC_WINNT_AUTH_IDENTITY_VERSION
|
|
|
|
|
|
//
|
|
// Common types used by negotiable security packages
|
|
//
|
|
|
|
#define SEC_WINNT_AUTH_IDENTITY_MARSHALLED 0x4 // all data is in one buffer
|
|
#define SEC_WINNT_AUTH_IDENTITY_ONLY 0x8 // these credentials are for identity only - no PAC needed
|
|
|
|
// end_ntifs
|
|
|
|
//
|
|
// Routines for manipulating packages
|
|
//
|
|
|
|
typedef struct _SECURITY_PACKAGE_OPTIONS {
|
|
unsigned long Size;
|
|
unsigned long Type;
|
|
unsigned long Flags;
|
|
unsigned long SignatureSize;
|
|
void SEC_FAR * Signature;
|
|
} SECURITY_PACKAGE_OPTIONS, SEC_FAR * PSECURITY_PACKAGE_OPTIONS;
|
|
|
|
#define SECPKG_OPTIONS_TYPE_UNKNOWN 0
|
|
#define SECPKG_OPTIONS_TYPE_LSA 1
|
|
#define SECPKG_OPTIONS_TYPE_SSPI 2
|
|
|
|
#define SECPKG_OPTIONS_PERMANENT 0x00000001
|
|
|
|
SECURITY_STATUS
|
|
SEC_ENTRY
|
|
AddSecurityPackageA(
|
|
SEC_CHAR SEC_FAR * pszPackageName,
|
|
SECURITY_PACKAGE_OPTIONS SEC_FAR * Options
|
|
);
|
|
|
|
SECURITY_STATUS
|
|
SEC_ENTRY
|
|
AddSecurityPackageW(
|
|
SEC_WCHAR SEC_FAR * pszPackageName,
|
|
SECURITY_PACKAGE_OPTIONS SEC_FAR * Options
|
|
);
|
|
|
|
#ifdef UNICODE
|
|
#define AddSecurityPackage AddSecurityPackageW
|
|
#else
|
|
#define AddSecurityPackage AddSecurityPackageA
|
|
#endif
|
|
|
|
SECURITY_STATUS
|
|
SEC_ENTRY
|
|
DeleteSecurityPackageA(
|
|
SEC_CHAR SEC_FAR * pszPackageName );
|
|
|
|
SECURITY_STATUS
|
|
SEC_ENTRY
|
|
DeleteSecurityPackageW(
|
|
SEC_WCHAR SEC_FAR * pszPackageName );
|
|
|
|
#ifdef UNICODE
|
|
#define DeleteSecurityPackage DeleteSecurityPackageW
|
|
#else
|
|
#define DeleteSecurityPackage DeleteSecurityPackageA
|
|
#endif
|
|
|
|
|
|
#ifdef __cplusplus
|
|
} // extern "C"
|
|
#endif
|
|
|
|
// begin_ntifs
|
|
#endif // __SSPI_H__
|
|
// end_ntifs
|