Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

2071 lines
61 KiB

  1. //+---------------------------------------------------------------------------
  2. //
  3. // Microsoft Windows
  4. // Copyright (C) Microsoft Corporation, 1992-1999.
  5. //
  6. // File: sspi.h
  7. //
  8. // Contents: Security Support Provider Interface
  9. // Prototypes and structure definitions
  10. //
  11. // Functions: Security Support Provider API
  12. //
  13. // History: 11-24-93 RichardW Created
  14. //
  15. //----------------------------------------------------------------------------
  16. // begin_ntifs
  17. #ifndef __SSPI_H__
  18. #define __SSPI_H__
  19. // end_ntifs
  20. #if _MSC_VER > 1000
  21. #pragma once
  22. #endif
  23. #ifdef __cplusplus
  24. extern "C" {
  25. #endif
  26. //
  27. // Determine environment:
  28. //
  29. #ifdef SECURITY_WIN32
  30. #define ISSP_LEVEL 32
  31. #define ISSP_MODE 1
  32. #endif // SECURITY_WIN32
  33. #ifdef SECURITY_KERNEL
  34. #define ISSP_LEVEL 32 // ntifs
  35. //
  36. // SECURITY_KERNEL trumps SECURITY_WIN32. Undefine ISSP_MODE so that
  37. // we don't get redefine errors.
  38. //
  39. #ifdef ISSP_MODE
  40. #undef ISSP_MODE
  41. #endif
  42. #define ISSP_MODE 0 // ntifs
  43. #endif // SECURITY_KERNEL
  44. #ifdef SECURITY_MAC
  45. #define ISSP_LEVEL 32
  46. #define ISSP_MODE 1
  47. #endif // SECURITY_MAC
  48. #ifndef ISSP_LEVEL
  49. #error You must define one of SECURITY_WIN32, SECURITY_KERNEL, or
  50. #error SECURITY_MAC
  51. #endif // !ISSP_LEVEL
  52. //
  53. // Now, define platform specific mappings:
  54. //
  55. // begin_ntifs
  56. typedef WCHAR SEC_WCHAR;
  57. typedef CHAR SEC_CHAR;
  58. #ifndef __SECSTATUS_DEFINED__
  59. typedef LONG SECURITY_STATUS;
  60. #define __SECSTATUS_DEFINED__
  61. #endif
  62. #define SEC_TEXT TEXT
  63. #define SEC_FAR
  64. #define SEC_ENTRY __stdcall
  65. // end_ntifs
  66. //
  67. // Decide what a string - 32 bits only since for 16 bits it is clear.
  68. //
  69. #ifdef UNICODE
  70. typedef SEC_WCHAR SEC_FAR * SECURITY_PSTR;
  71. typedef CONST SEC_WCHAR SEC_FAR * SECURITY_PCSTR;
  72. #else // UNICODE
  73. typedef SEC_CHAR SEC_FAR * SECURITY_PSTR;
  74. typedef CONST SEC_CHAR SEC_FAR * SECURITY_PCSTR;
  75. #endif // UNICODE
  76. //
  77. // Equivalent string for rpcrt:
  78. //
  79. #define __SEC_FAR SEC_FAR
  80. //
  81. // Okay, security specific types:
  82. //
  83. // begin_ntifs
  84. #ifndef __SECHANDLE_DEFINED__
  85. typedef struct _SecHandle
  86. {
  87. ULONG_PTR dwLower ;
  88. ULONG_PTR dwUpper ;
  89. } SecHandle, * PSecHandle ;
  90. #define __SECHANDLE_DEFINED__
  91. #endif // __SECHANDLE_DEFINED__
  92. #define SecInvalidateHandle( x ) \
  93. ((PSecHandle) x)->dwLower = ((ULONG_PTR) ((INT_PTR)-1)) ; \
  94. ((PSecHandle) x)->dwUpper = ((ULONG_PTR) ((INT_PTR)-1)) ; \
  95. #define SecIsValidHandle( x ) \
  96. ( ( ((PSecHandle) x)->dwLower != ((ULONG_PTR) ((INT_PTR) -1 ))) && \
  97. ( ((PSecHandle) x)->dwUpper != ((ULONG_PTR) ((INT_PTR) -1 ))) )
  98. typedef SecHandle CredHandle;
  99. typedef PSecHandle PCredHandle;
  100. typedef SecHandle CtxtHandle;
  101. typedef PSecHandle PCtxtHandle;
  102. // end_ntifs
  103. # ifdef WIN32_CHICAGO
  104. typedef unsigned __int64 QWORD;
  105. typedef QWORD SECURITY_INTEGER, *PSECURITY_INTEGER;
  106. #define SEC_SUCCESS(Status) ((Status) >= 0)
  107. # elif defined(_NTDEF_) || defined(_WINNT_)
  108. typedef LARGE_INTEGER _SECURITY_INTEGER, SECURITY_INTEGER, *PSECURITY_INTEGER; // ntifs
  109. # else // _NTDEF_ || _WINNT_
  110. typedef struct _SECURITY_INTEGER
  111. {
  112. unsigned long LowPart;
  113. long HighPart;
  114. } SECURITY_INTEGER, *PSECURITY_INTEGER;
  115. # endif // _NTDEF_ || _WINNT_
  116. # ifndef SECURITY_MAC
  117. typedef SECURITY_INTEGER TimeStamp; // ntifs
  118. typedef SECURITY_INTEGER SEC_FAR * PTimeStamp; // ntifs
  119. # else // SECURITY_MAC
  120. typedef unsigned long TimeStamp;
  121. typedef unsigned long * PTimeStamp;
  122. # endif // SECUIRT_MAC
  123. //
  124. // If we are in 32 bit mode, define the SECURITY_STRING structure,
  125. // as a clone of the base UNICODE_STRING structure. This is used
  126. // internally in security components, an as the string interface
  127. // for kernel components (e.g. FSPs)
  128. //
  129. # ifndef _NTDEF_
  130. typedef struct _SECURITY_STRING {
  131. unsigned short Length;
  132. unsigned short MaximumLength;
  133. # ifdef MIDL_PASS
  134. [size_is(MaximumLength / 2), length_is(Length / 2)]
  135. # endif // MIDL_PASS
  136. unsigned short * Buffer;
  137. } SECURITY_STRING, * PSECURITY_STRING;
  138. # else // _NTDEF_
  139. typedef UNICODE_STRING SECURITY_STRING, *PSECURITY_STRING; // ntifs
  140. # endif // _NTDEF_
  141. // begin_ntifs
  142. //
  143. // SecPkgInfo structure
  144. //
  145. // Provides general information about a security provider
  146. //
  147. typedef struct _SecPkgInfoW
  148. {
  149. unsigned long fCapabilities; // Capability bitmask
  150. unsigned short wVersion; // Version of driver
  151. unsigned short wRPCID; // ID for RPC Runtime
  152. unsigned long cbMaxToken; // Size of authentication token (max)
  153. #ifdef MIDL_PASS
  154. [string]
  155. #endif
  156. SEC_WCHAR SEC_FAR * Name; // Text name
  157. #ifdef MIDL_PASS
  158. [string]
  159. #endif
  160. SEC_WCHAR SEC_FAR * Comment; // Comment
  161. } SecPkgInfoW, SEC_FAR * PSecPkgInfoW;
  162. // end_ntifs
  163. typedef struct _SecPkgInfoA
  164. {
  165. unsigned long fCapabilities; // Capability bitmask
  166. unsigned short wVersion; // Version of driver
  167. unsigned short wRPCID; // ID for RPC Runtime
  168. unsigned long cbMaxToken; // Size of authentication token (max)
  169. #ifdef MIDL_PASS
  170. [string]
  171. #endif
  172. SEC_CHAR SEC_FAR * Name; // Text name
  173. #ifdef MIDL_PASS
  174. [string]
  175. #endif
  176. SEC_CHAR SEC_FAR * Comment; // Comment
  177. } SecPkgInfoA, SEC_FAR * PSecPkgInfoA;
  178. #ifdef UNICODE
  179. # define SecPkgInfo SecPkgInfoW // ntifs
  180. # define PSecPkgInfo PSecPkgInfoW // ntifs
  181. #else
  182. # define SecPkgInfo SecPkgInfoA
  183. # define PSecPkgInfo PSecPkgInfoA
  184. #endif // !UNICODE
  185. // begin_ntifs
  186. //
  187. // Security Package Capabilities
  188. //
  189. #define SECPKG_FLAG_INTEGRITY 0x00000001 // Supports integrity on messages
  190. #define SECPKG_FLAG_PRIVACY 0x00000002 // Supports privacy (confidentiality)
  191. #define SECPKG_FLAG_TOKEN_ONLY 0x00000004 // Only security token needed
  192. #define SECPKG_FLAG_DATAGRAM 0x00000008 // Datagram RPC support
  193. #define SECPKG_FLAG_CONNECTION 0x00000010 // Connection oriented RPC support
  194. #define SECPKG_FLAG_MULTI_REQUIRED 0x00000020 // Full 3-leg required for re-auth.
  195. #define SECPKG_FLAG_CLIENT_ONLY 0x00000040 // Server side functionality not available
  196. #define SECPKG_FLAG_EXTENDED_ERROR 0x00000080 // Supports extended error msgs
  197. #define SECPKG_FLAG_IMPERSONATION 0x00000100 // Supports impersonation
  198. #define SECPKG_FLAG_ACCEPT_WIN32_NAME 0x00000200 // Accepts Win32 names
  199. #define SECPKG_FLAG_STREAM 0x00000400 // Supports stream semantics
  200. #define SECPKG_FLAG_NEGOTIABLE 0x00000800 // Can be used by the negotiate package
  201. #define SECPKG_FLAG_GSS_COMPATIBLE 0x00001000 // GSS Compatibility Available
  202. #define SECPKG_FLAG_LOGON 0x00002000 // Supports common LsaLogonUser
  203. #define SECPKG_FLAG_ASCII_BUFFERS 0x00004000 // Token Buffers are in ASCII
  204. #define SECPKG_FLAG_FRAGMENT 0x00008000 // Package can fragment to fit
  205. #define SECPKG_FLAG_MUTUAL_AUTH 0x00010000 // Package can perform mutual authentication
  206. #define SECPKG_FLAG_DELEGATION 0x00020000 // Package can delegate
  207. #define SECPKG_ID_NONE 0xFFFF
  208. //
  209. // SecBuffer
  210. //
  211. // Generic memory descriptors for buffers passed in to the security
  212. // API
  213. //
  214. typedef struct _SecBuffer {
  215. unsigned long cbBuffer; // Size of the buffer, in bytes
  216. unsigned long BufferType; // Type of the buffer (below)
  217. void SEC_FAR * pvBuffer; // Pointer to the buffer
  218. } SecBuffer, SEC_FAR * PSecBuffer;
  219. typedef struct _SecBufferDesc {
  220. unsigned long ulVersion; // Version number
  221. unsigned long cBuffers; // Number of buffers
  222. #ifdef MIDL_PASS
  223. [size_is(cBuffers)]
  224. #endif
  225. PSecBuffer pBuffers; // Pointer to array of buffers
  226. } SecBufferDesc, SEC_FAR * PSecBufferDesc;
  227. #define SECBUFFER_VERSION 0
  228. #define SECBUFFER_EMPTY 0 // Undefined, replaced by provider
  229. #define SECBUFFER_DATA 1 // Packet data
  230. #define SECBUFFER_TOKEN 2 // Security token
  231. #define SECBUFFER_PKG_PARAMS 3 // Package specific parameters
  232. #define SECBUFFER_MISSING 4 // Missing Data indicator
  233. #define SECBUFFER_EXTRA 5 // Extra data
  234. #define SECBUFFER_STREAM_TRAILER 6 // Security Trailer
  235. #define SECBUFFER_STREAM_HEADER 7 // Security Header
  236. #define SECBUFFER_NEGOTIATION_INFO 8 // Hints from the negotiation pkg
  237. #define SECBUFFER_PADDING 9 // non-data padding
  238. #define SECBUFFER_STREAM 10 // whole encrypted message
  239. #define SECBUFFER_MECHLIST 11
  240. #define SECBUFFER_MECHLIST_SIGNATURE 12
  241. #define SECBUFFER_TARGET 13
  242. #define SECBUFFER_CHANNEL_BINDINGS 14
  243. #define SECBUFFER_ATTRMASK 0xF0000000
  244. #define SECBUFFER_READONLY 0x80000000 // Buffer is read-only
  245. #define SECBUFFER_RESERVED 0x60000000 // Flags reserved to security system
  246. typedef struct _SEC_NEGOTIATION_INFO {
  247. unsigned long Size; // Size of this structure
  248. unsigned long NameLength; // Length of name hint
  249. SEC_WCHAR SEC_FAR * Name; // Name hint
  250. void SEC_FAR * Reserved; // Reserved
  251. } SEC_NEGOTIATION_INFO, SEC_FAR * PSEC_NEGOTIATION_INFO ;
  252. typedef struct _SEC_CHANNEL_BINDINGS {
  253. unsigned long dwInitiatorAddrType;
  254. unsigned long cbInitiatorLength;
  255. unsigned long dwInitiatorOffset;
  256. unsigned long dwAcceptorAddrType;
  257. unsigned long cbAcceptorLength;
  258. unsigned long dwAcceptorOffset;
  259. unsigned long cbApplicationDataLength;
  260. unsigned long dwApplicationDataOffset;
  261. } SEC_CHANNEL_BINDINGS, SEC_FAR * PSEC_CHANNEL_BINDINGS ;
  262. //
  263. // Data Representation Constant:
  264. //
  265. #define SECURITY_NATIVE_DREP 0x00000010
  266. #define SECURITY_NETWORK_DREP 0x00000000
  267. //
  268. // Credential Use Flags
  269. //
  270. #define SECPKG_CRED_INBOUND 0x00000001
  271. #define SECPKG_CRED_OUTBOUND 0x00000002
  272. #define SECPKG_CRED_BOTH 0x00000003
  273. #define SECPKG_CRED_DEFAULT 0x00000004
  274. #define SECPKG_CRED_RESERVED 0xF0000000
  275. //
  276. // InitializeSecurityContext Requirement and return flags:
  277. //
  278. #define ISC_REQ_DELEGATE 0x00000001
  279. #define ISC_REQ_MUTUAL_AUTH 0x00000002
  280. #define ISC_REQ_REPLAY_DETECT 0x00000004
  281. #define ISC_REQ_SEQUENCE_DETECT 0x00000008
  282. #define ISC_REQ_CONFIDENTIALITY 0x00000010
  283. #define ISC_REQ_USE_SESSION_KEY 0x00000020
  284. #define ISC_REQ_PROMPT_FOR_CREDS 0x00000040
  285. #define ISC_REQ_USE_SUPPLIED_CREDS 0x00000080
  286. #define ISC_REQ_ALLOCATE_MEMORY 0x00000100
  287. #define ISC_REQ_USE_DCE_STYLE 0x00000200
  288. #define ISC_REQ_DATAGRAM 0x00000400
  289. #define ISC_REQ_CONNECTION 0x00000800
  290. #define ISC_REQ_CALL_LEVEL 0x00001000
  291. #define ISC_REQ_FRAGMENT_SUPPLIED 0x00002000
  292. #define ISC_REQ_EXTENDED_ERROR 0x00004000
  293. #define ISC_REQ_STREAM 0x00008000
  294. #define ISC_REQ_INTEGRITY 0x00010000
  295. #define ISC_REQ_IDENTIFY 0x00020000
  296. #define ISC_REQ_NULL_SESSION 0x00040000
  297. #define ISC_REQ_MANUAL_CRED_VALIDATION 0x00080000
  298. #define ISC_REQ_RESERVED1 0x00100000
  299. #define ISC_REQ_FRAGMENT_TO_FIT 0x00200000
  300. #define ISC_RET_DELEGATE 0x00000001
  301. #define ISC_RET_MUTUAL_AUTH 0x00000002
  302. #define ISC_RET_REPLAY_DETECT 0x00000004
  303. #define ISC_RET_SEQUENCE_DETECT 0x00000008
  304. #define ISC_RET_CONFIDENTIALITY 0x00000010
  305. #define ISC_RET_USE_SESSION_KEY 0x00000020
  306. #define ISC_RET_USED_COLLECTED_CREDS 0x00000040
  307. #define ISC_RET_USED_SUPPLIED_CREDS 0x00000080
  308. #define ISC_RET_ALLOCATED_MEMORY 0x00000100
  309. #define ISC_RET_USED_DCE_STYLE 0x00000200
  310. #define ISC_RET_DATAGRAM 0x00000400
  311. #define ISC_RET_CONNECTION 0x00000800
  312. #define ISC_RET_INTERMEDIATE_RETURN 0x00001000
  313. #define ISC_RET_CALL_LEVEL 0x00002000
  314. #define ISC_RET_EXTENDED_ERROR 0x00004000
  315. #define ISC_RET_STREAM 0x00008000
  316. #define ISC_RET_INTEGRITY 0x00010000
  317. #define ISC_RET_IDENTIFY 0x00020000
  318. #define ISC_RET_NULL_SESSION 0x00040000
  319. #define ISC_RET_MANUAL_CRED_VALIDATION 0x00080000
  320. #define ISC_RET_RESERVED1 0x00100000
  321. #define ISC_RET_FRAGMENT_ONLY 0x00200000
  322. #define ASC_REQ_DELEGATE 0x00000001
  323. #define ASC_REQ_MUTUAL_AUTH 0x00000002
  324. #define ASC_REQ_REPLAY_DETECT 0x00000004
  325. #define ASC_REQ_SEQUENCE_DETECT 0x00000008
  326. #define ASC_REQ_CONFIDENTIALITY 0x00000010
  327. #define ASC_REQ_USE_SESSION_KEY 0x00000020
  328. #define ASC_REQ_ALLOCATE_MEMORY 0x00000100
  329. #define ASC_REQ_USE_DCE_STYLE 0x00000200
  330. #define ASC_REQ_DATAGRAM 0x00000400
  331. #define ASC_REQ_CONNECTION 0x00000800
  332. #define ASC_REQ_CALL_LEVEL 0x00001000
  333. #define ASC_REQ_EXTENDED_ERROR 0x00008000
  334. #define ASC_REQ_STREAM 0x00010000
  335. #define ASC_REQ_INTEGRITY 0x00020000
  336. #define ASC_REQ_LICENSING 0x00040000
  337. #define ASC_REQ_IDENTIFY 0x00080000
  338. #define ASC_REQ_ALLOW_NULL_SESSION 0x00100000
  339. #define ASC_REQ_ALLOW_NON_USER_LOGONS 0x00200000
  340. #define ASC_REQ_ALLOW_CONTEXT_REPLAY 0x00400000
  341. #define ASC_REQ_FRAGMENT_TO_FIT 0x00800000
  342. #define ASC_REQ_FRAGMENT_SUPPLIED 0x00002000
  343. #define ASC_RET_DELEGATE 0x00000001
  344. #define ASC_RET_MUTUAL_AUTH 0x00000002
  345. #define ASC_RET_REPLAY_DETECT 0x00000004
  346. #define ASC_RET_SEQUENCE_DETECT 0x00000008
  347. #define ASC_RET_CONFIDENTIALITY 0x00000010
  348. #define ASC_RET_USE_SESSION_KEY 0x00000020
  349. #define ASC_RET_ALLOCATED_MEMORY 0x00000100
  350. #define ASC_RET_USED_DCE_STYLE 0x00000200
  351. #define ASC_RET_DATAGRAM 0x00000400
  352. #define ASC_RET_CONNECTION 0x00000800
  353. #define ASC_RET_CALL_LEVEL 0x00002000 // skipped 1000 to be like ISC_
  354. #define ASC_RET_THIRD_LEG_FAILED 0x00004000
  355. #define ASC_RET_EXTENDED_ERROR 0x00008000
  356. #define ASC_RET_STREAM 0x00010000
  357. #define ASC_RET_INTEGRITY 0x00020000
  358. #define ASC_RET_LICENSING 0x00040000
  359. #define ASC_RET_IDENTIFY 0x00080000
  360. #define ASC_RET_NULL_SESSION 0x00100000
  361. #define ASC_RET_ALLOW_NON_USER_LOGONS 0x00200000
  362. #define ASC_RET_ALLOW_CONTEXT_REPLAY 0x00400000
  363. #define ASC_RET_FRAGMENT_ONLY 0x00800000
  364. //
  365. // Security Credentials Attributes:
  366. //
  367. #define SECPKG_CRED_ATTR_NAMES 1
  368. typedef struct _SecPkgCredentials_NamesW
  369. {
  370. SEC_WCHAR SEC_FAR * sUserName;
  371. } SecPkgCredentials_NamesW, SEC_FAR * PSecPkgCredentials_NamesW;
  372. // end_ntifs
  373. typedef struct _SecPkgCredentials_NamesA
  374. {
  375. SEC_CHAR SEC_FAR * sUserName;
  376. } SecPkgCredentials_NamesA, SEC_FAR * PSecPkgCredentials_NamesA;
  377. #ifdef UNICODE
  378. # define SecPkgCredentials_Names SecPkgCredentials_NamesW // ntifs
  379. # define PSecPkgCredentials_Names PSecPkgCredentials_NamesW // ntifs
  380. #else
  381. # define SecPkgCredentials_Names SecPkgCredentials_NamesA
  382. # define PSecPkgCredentials_Names PSecPkgCredentials_NamesA
  383. #endif // !UNICODE
  384. // begin_ntifs
  385. //
  386. // Security Context Attributes:
  387. //
  388. #define SECPKG_ATTR_SIZES 0
  389. #define SECPKG_ATTR_NAMES 1
  390. #define SECPKG_ATTR_LIFESPAN 2
  391. #define SECPKG_ATTR_DCE_INFO 3
  392. #define SECPKG_ATTR_STREAM_SIZES 4
  393. #define SECPKG_ATTR_KEY_INFO 5
  394. #define SECPKG_ATTR_AUTHORITY 6
  395. #define SECPKG_ATTR_PROTO_INFO 7
  396. #define SECPKG_ATTR_PASSWORD_EXPIRY 8
  397. #define SECPKG_ATTR_SESSION_KEY 9
  398. #define SECPKG_ATTR_PACKAGE_INFO 10
  399. #define SECPKG_ATTR_USER_FLAGS 11
  400. #define SECPKG_ATTR_NEGOTIATION_INFO 12
  401. #define SECPKG_ATTR_NATIVE_NAMES 13
  402. #define SECPKG_ATTR_FLAGS 14
  403. #define SECPKG_ATTR_USE_VALIDATED 15
  404. #define SECPKG_ATTR_CREDENTIAL_NAME 16
  405. #define SECPKG_ATTR_TARGET_INFORMATION 17
  406. #define SECPKG_ATTR_ACCESS_TOKEN 18
  407. typedef struct _SecPkgContext_Sizes
  408. {
  409. unsigned long cbMaxToken;
  410. unsigned long cbMaxSignature;
  411. unsigned long cbBlockSize;
  412. unsigned long cbSecurityTrailer;
  413. } SecPkgContext_Sizes, SEC_FAR * PSecPkgContext_Sizes;
  414. typedef struct _SecPkgContext_StreamSizes
  415. {
  416. unsigned long cbHeader;
  417. unsigned long cbTrailer;
  418. unsigned long cbMaximumMessage;
  419. unsigned long cBuffers;
  420. unsigned long cbBlockSize;
  421. } SecPkgContext_StreamSizes, * PSecPkgContext_StreamSizes;
  422. typedef struct _SecPkgContext_NamesW
  423. {
  424. SEC_WCHAR SEC_FAR * sUserName;
  425. } SecPkgContext_NamesW, SEC_FAR * PSecPkgContext_NamesW;
  426. // end_ntifs
  427. typedef struct _SecPkgContext_NamesA
  428. {
  429. SEC_CHAR SEC_FAR * sUserName;
  430. } SecPkgContext_NamesA, SEC_FAR * PSecPkgContext_NamesA;
  431. #ifdef UNICODE
  432. # define SecPkgContext_Names SecPkgContext_NamesW // ntifs
  433. # define PSecPkgContext_Names PSecPkgContext_NamesW // ntifs
  434. #else
  435. # define SecPkgContext_Names SecPkgContext_NamesA
  436. # define PSecPkgContext_Names PSecPkgContext_NamesA
  437. #endif // !UNICODE
  438. // begin_ntifs
  439. typedef struct _SecPkgContext_Lifespan
  440. {
  441. TimeStamp tsStart;
  442. TimeStamp tsExpiry;
  443. } SecPkgContext_Lifespan, SEC_FAR * PSecPkgContext_Lifespan;
  444. typedef struct _SecPkgContext_DceInfo
  445. {
  446. unsigned long AuthzSvc;
  447. void SEC_FAR * pPac;
  448. } SecPkgContext_DceInfo, SEC_FAR * PSecPkgContext_DceInfo;
  449. // end_ntifs
  450. typedef struct _SecPkgContext_KeyInfoA
  451. {
  452. SEC_CHAR SEC_FAR * sSignatureAlgorithmName;
  453. SEC_CHAR SEC_FAR * sEncryptAlgorithmName;
  454. unsigned long KeySize;
  455. unsigned long SignatureAlgorithm;
  456. unsigned long EncryptAlgorithm;
  457. } SecPkgContext_KeyInfoA, SEC_FAR * PSecPkgContext_KeyInfoA;
  458. // begin_ntifs
  459. typedef struct _SecPkgContext_KeyInfoW
  460. {
  461. SEC_WCHAR SEC_FAR * sSignatureAlgorithmName;
  462. SEC_WCHAR SEC_FAR * sEncryptAlgorithmName;
  463. unsigned long KeySize;
  464. unsigned long SignatureAlgorithm;
  465. unsigned long EncryptAlgorithm;
  466. } SecPkgContext_KeyInfoW, SEC_FAR * PSecPkgContext_KeyInfoW;
  467. // end_ntifs
  468. #ifdef UNICODE
  469. #define SecPkgContext_KeyInfo SecPkgContext_KeyInfoW // ntifs
  470. #define PSecPkgContext_KeyInfo PSecPkgContext_KeyInfoW // ntifs
  471. #else
  472. #define SecPkgContext_KeyInfo SecPkgContext_KeyInfoA
  473. #define PSecPkgContext_KeyInfo PSecPkgContext_KeyInfoA
  474. #endif
  475. typedef struct _SecPkgContext_AuthorityA
  476. {
  477. SEC_CHAR SEC_FAR * sAuthorityName;
  478. } SecPkgContext_AuthorityA, * PSecPkgContext_AuthorityA;
  479. // begin_ntifs
  480. typedef struct _SecPkgContext_AuthorityW
  481. {
  482. SEC_WCHAR SEC_FAR * sAuthorityName;
  483. } SecPkgContext_AuthorityW, * PSecPkgContext_AuthorityW;
  484. // end_ntifs
  485. #ifdef UNICODE
  486. #define SecPkgContext_Authority SecPkgContext_AuthorityW // ntifs
  487. #define PSecPkgContext_Authority PSecPkgContext_AuthorityW // ntifs
  488. #else
  489. #define SecPkgContext_Authority SecPkgContext_AuthorityA
  490. #define PSecPkgContext_Authority PSecPkgContext_AuthorityA
  491. #endif
  492. typedef struct _SecPkgContext_ProtoInfoA
  493. {
  494. SEC_CHAR SEC_FAR * sProtocolName;
  495. unsigned long majorVersion;
  496. unsigned long minorVersion;
  497. } SecPkgContext_ProtoInfoA, SEC_FAR * PSecPkgContext_ProtoInfoA;
  498. // begin_ntifs
  499. typedef struct _SecPkgContext_ProtoInfoW
  500. {
  501. SEC_WCHAR SEC_FAR * sProtocolName;
  502. unsigned long majorVersion;
  503. unsigned long minorVersion;
  504. } SecPkgContext_ProtoInfoW, SEC_FAR * PSecPkgContext_ProtoInfoW;
  505. // end_ntifs
  506. #ifdef UNICODE
  507. #define SecPkgContext_ProtoInfo SecPkgContext_ProtoInfoW // ntifs
  508. #define PSecPkgContext_ProtoInfo PSecPkgContext_ProtoInfoW // ntifs
  509. #else
  510. #define SecPkgContext_ProtoInfo SecPkgContext_ProtoInfoA
  511. #define PSecPkgContext_ProtoInfo PSecPkgContext_ProtoInfoA
  512. #endif
  513. // begin_ntifs
  514. typedef struct _SecPkgContext_PasswordExpiry
  515. {
  516. TimeStamp tsPasswordExpires;
  517. } SecPkgContext_PasswordExpiry, SEC_FAR * PSecPkgContext_PasswordExpiry;
  518. typedef struct _SecPkgContext_SessionKey
  519. {
  520. unsigned long SessionKeyLength;
  521. unsigned char SEC_FAR * SessionKey;
  522. } SecPkgContext_SessionKey, *PSecPkgContext_SessionKey;
  523. typedef struct _SecPkgContext_PackageInfoW
  524. {
  525. PSecPkgInfoW PackageInfo;
  526. } SecPkgContext_PackageInfoW, SEC_FAR * PSecPkgContext_PackageInfoW;
  527. // end_ntifs
  528. typedef struct _SecPkgContext_PackageInfoA
  529. {
  530. PSecPkgInfoA PackageInfo;
  531. } SecPkgContext_PackageInfoA, SEC_FAR * PSecPkgContext_PackageInfoA;
  532. // begin_ntifs
  533. typedef struct _SecPkgContext_UserFlags
  534. {
  535. unsigned long UserFlags;
  536. } SecPkgContext_UserFlags, SEC_FAR * PSecPkgContext_UserFlags;
  537. typedef struct _SecPkgContext_Flags
  538. {
  539. unsigned long Flags;
  540. } SecPkgContext_Flags, SEC_FAR * PSecPkgContext_Flags;
  541. // end_ntifs
  542. #ifdef UNICODE
  543. #define SecPkgContext_PackageInfo SecPkgContext_PackageInfoW // ntifs
  544. #define PSecPkgContext_PackageInfo PSecPkgContext_PackageInfoW // ntifs
  545. #else
  546. #define SecPkgContext_PackageInfo SecPkgContext_PackageInfoA
  547. #define PSecPkgContext_PackageInfo PSecPkgContext_PackageInfoA
  548. #endif
  549. typedef struct _SecPkgContext_NegotiationInfoA
  550. {
  551. PSecPkgInfoA PackageInfo ;
  552. unsigned long NegotiationState ;
  553. } SecPkgContext_NegotiationInfoA, SEC_FAR * PSecPkgContext_NegotiationInfoA ;
  554. // begin_ntifs
  555. typedef struct _SecPkgContext_NegotiationInfoW
  556. {
  557. PSecPkgInfoW PackageInfo ;
  558. unsigned long NegotiationState ;
  559. } SecPkgContext_NegotiationInfoW, SEC_FAR * PSecPkgContext_NegotiationInfoW ;
  560. // end_ntifs
  561. #ifdef UNICODE
  562. #define SecPkgContext_NegotiationInfo SecPkgContext_NegotiationInfoW
  563. #define PSecPkgContext_NegotiationInfo PSecPkgContext_NegotiationInfoW
  564. #else
  565. #define SecPkgContext_NegotiationInfo SecPkgContext_NegotiationInfoA
  566. #define PSecPkgContext_NegotiationInfo PSecPkgContext_NegotiationInfoA
  567. #endif
  568. #define SECPKG_NEGOTIATION_COMPLETE 0
  569. #define SECPKG_NEGOTIATION_OPTIMISTIC 1
  570. #define SECPKG_NEGOTIATION_IN_PROGRESS 2
  571. #define SECPKG_NEGOTIATION_DIRECT 3
  572. typedef struct _SecPkgContext_NativeNamesW
  573. {
  574. SEC_WCHAR SEC_FAR * sClientName;
  575. SEC_WCHAR SEC_FAR * sServerName;
  576. } SecPkgContext_NativeNamesW, SEC_FAR * PSecPkgContext_NativeNamesW;
  577. typedef struct _SecPkgContext_NativeNamesA
  578. {
  579. SEC_CHAR SEC_FAR * sClientName;
  580. SEC_CHAR SEC_FAR * sServerName;
  581. } SecPkgContext_NativeNamesA, SEC_FAR * PSecPkgContext_NativeNamesA;
  582. #ifdef UNICODE
  583. # define SecPkgContext_NativeNames SecPkgContext_NativeNamesW // ntifs
  584. # define PSecPkgContext_NativeNames PSecPkgContext_NativeNamesW // ntifs
  585. #else
  586. # define SecPkgContext_NativeNames SecPkgContext_NativeNamesA
  587. # define PSecPkgContext_NativeNames PSecPkgContext_NativeNamesA
  588. #endif // !UNICODE
  589. // begin_ntifs
  590. typedef struct _SecPkgContext_CredentialNameW
  591. {
  592. unsigned long CredentialType;
  593. SEC_WCHAR SEC_FAR *sCredentialName;
  594. } SecPkgContext_CredentialNameW, SEC_FAR * PSecPkgContext_CredentialNameW;
  595. // end_ntifs
  596. typedef struct _SecPkgContext_CredentialNameA
  597. {
  598. unsigned long CredentialType;
  599. SEC_CHAR SEC_FAR *sCredentialName;
  600. } SecPkgContext_CredentialNameA, SEC_FAR * PSecPkgContext_CredentialNameA;
  601. #ifdef UNICODE
  602. # define SecPkgContext_CredentialName SecPkgContext_CredentialNameW // ntifs
  603. # define PSecPkgContext_CredentialName PSecPkgContext_CredentialNameW // ntifs
  604. #else
  605. # define SecPkgContext_CredentialName SecPkgContext_CredentialNameA
  606. # define PSecPkgContext_CredentialName PSecPkgContext_CredentialNameA
  607. #endif // !UNICODE
  608. typedef struct _SecPkgContext_AccessToken
  609. {
  610. void SEC_FAR * AccessToken;
  611. } SecPkgContext_AccessToken, SEC_FAR * PSecPkgContext_AccessToken;
  612. typedef struct _SecPkgContext_TargetInformation
  613. {
  614. unsigned long MarshalledTargetInfoLength;
  615. unsigned char SEC_FAR * MarshalledTargetInfo;
  616. } SecPkgContext_TargetInformation, SEC_FAR * PSecPkgContext_TargetInformation;
  617. // begin_ntifs
  618. typedef void
  619. (SEC_ENTRY SEC_FAR * SEC_GET_KEY_FN) (
  620. void SEC_FAR * Arg, // Argument passed in
  621. void SEC_FAR * Principal, // Principal ID
  622. unsigned long KeyVer, // Key Version
  623. void SEC_FAR * SEC_FAR * Key, // Returned ptr to key
  624. SECURITY_STATUS SEC_FAR * Status // returned status
  625. );
  626. //
  627. // Flags for ExportSecurityContext
  628. //
  629. #define SECPKG_CONTEXT_EXPORT_RESET_NEW 0x00000001 // New context is reset to initial state
  630. #define SECPKG_CONTEXT_EXPORT_DELETE_OLD 0x00000002 // Old context is deleted during export
  631. SECURITY_STATUS SEC_ENTRY
  632. AcquireCredentialsHandleW(
  633. #if ISSP_MODE == 0 // For Kernel mode
  634. PSECURITY_STRING pPrincipal,
  635. PSECURITY_STRING pPackage,
  636. #else
  637. SEC_WCHAR SEC_FAR * pszPrincipal, // Name of principal
  638. SEC_WCHAR SEC_FAR * pszPackage, // Name of package
  639. #endif
  640. unsigned long fCredentialUse, // Flags indicating use
  641. void SEC_FAR * pvLogonId, // Pointer to logon ID
  642. void SEC_FAR * pAuthData, // Package specific data
  643. SEC_GET_KEY_FN pGetKeyFn, // Pointer to GetKey() func
  644. void SEC_FAR * pvGetKeyArgument, // Value to pass to GetKey()
  645. PCredHandle phCredential, // (out) Cred Handle
  646. PTimeStamp ptsExpiry // (out) Lifetime (optional)
  647. );
  648. typedef SECURITY_STATUS
  649. (SEC_ENTRY * ACQUIRE_CREDENTIALS_HANDLE_FN_W)(
  650. #if ISSP_MODE == 0
  651. PSECURITY_STRING,
  652. PSECURITY_STRING,
  653. #else
  654. SEC_WCHAR SEC_FAR *,
  655. SEC_WCHAR SEC_FAR *,
  656. #endif
  657. unsigned long,
  658. void SEC_FAR *,
  659. void SEC_FAR *,
  660. SEC_GET_KEY_FN,
  661. void SEC_FAR *,
  662. PCredHandle,
  663. PTimeStamp);
  664. // end_ntifs
  665. SECURITY_STATUS SEC_ENTRY
  666. AcquireCredentialsHandleA(
  667. SEC_CHAR SEC_FAR * pszPrincipal, // Name of principal
  668. SEC_CHAR SEC_FAR * pszPackage, // Name of package
  669. unsigned long fCredentialUse, // Flags indicating use
  670. void SEC_FAR * pvLogonId, // Pointer to logon ID
  671. void SEC_FAR * pAuthData, // Package specific data
  672. SEC_GET_KEY_FN pGetKeyFn, // Pointer to GetKey() func
  673. void SEC_FAR * pvGetKeyArgument, // Value to pass to GetKey()
  674. PCredHandle phCredential, // (out) Cred Handle
  675. PTimeStamp ptsExpiry // (out) Lifetime (optional)
  676. );
  677. typedef SECURITY_STATUS
  678. (SEC_ENTRY * ACQUIRE_CREDENTIALS_HANDLE_FN_A)(
  679. SEC_CHAR SEC_FAR *,
  680. SEC_CHAR SEC_FAR *,
  681. unsigned long,
  682. void SEC_FAR *,
  683. void SEC_FAR *,
  684. SEC_GET_KEY_FN,
  685. void SEC_FAR *,
  686. PCredHandle,
  687. PTimeStamp);
  688. #ifdef UNICODE
  689. # define AcquireCredentialsHandle AcquireCredentialsHandleW // ntifs
  690. # define ACQUIRE_CREDENTIALS_HANDLE_FN ACQUIRE_CREDENTIALS_HANDLE_FN_W // ntifs
  691. #else
  692. # define AcquireCredentialsHandle AcquireCredentialsHandleA
  693. # define ACQUIRE_CREDENTIALS_HANDLE_FN ACQUIRE_CREDENTIALS_HANDLE_FN_A
  694. #endif // !UNICODE
  695. // begin_ntifs
  696. SECURITY_STATUS SEC_ENTRY
  697. FreeCredentialsHandle(
  698. PCredHandle phCredential // Handle to free
  699. );
  700. typedef SECURITY_STATUS
  701. (SEC_ENTRY * FREE_CREDENTIALS_HANDLE_FN)(
  702. PCredHandle );
  703. SECURITY_STATUS SEC_ENTRY
  704. AddCredentialsW(
  705. PCredHandle hCredentials,
  706. #if ISSP_MODE == 0 // For Kernel mode
  707. PSECURITY_STRING pPrincipal,
  708. PSECURITY_STRING pPackage,
  709. #else
  710. SEC_WCHAR SEC_FAR * pszPrincipal, // Name of principal
  711. SEC_WCHAR SEC_FAR * pszPackage, // Name of package
  712. #endif
  713. unsigned long fCredentialUse, // Flags indicating use
  714. void SEC_FAR * pAuthData, // Package specific data
  715. SEC_GET_KEY_FN pGetKeyFn, // Pointer to GetKey() func
  716. void SEC_FAR * pvGetKeyArgument, // Value to pass to GetKey()
  717. PTimeStamp ptsExpiry // (out) Lifetime (optional)
  718. );
  719. typedef SECURITY_STATUS
  720. (SEC_ENTRY * ADD_CREDENTIALS_FN_W)(
  721. PCredHandle,
  722. #if ISSP_MODE == 0
  723. PSECURITY_STRING,
  724. PSECURITY_STRING,
  725. #else
  726. SEC_WCHAR SEC_FAR *,
  727. SEC_WCHAR SEC_FAR *,
  728. #endif
  729. unsigned long,
  730. void SEC_FAR *,
  731. SEC_GET_KEY_FN,
  732. void SEC_FAR *,
  733. PTimeStamp);
  734. SECURITY_STATUS SEC_ENTRY
  735. AddCredentialsA(
  736. PCredHandle hCredentials,
  737. SEC_CHAR SEC_FAR * pszPrincipal, // Name of principal
  738. SEC_CHAR SEC_FAR * pszPackage, // Name of package
  739. unsigned long fCredentialUse, // Flags indicating use
  740. void SEC_FAR * pAuthData, // Package specific data
  741. SEC_GET_KEY_FN pGetKeyFn, // Pointer to GetKey() func
  742. void SEC_FAR * pvGetKeyArgument, // Value to pass to GetKey()
  743. PTimeStamp ptsExpiry // (out) Lifetime (optional)
  744. );
  745. typedef SECURITY_STATUS
  746. (SEC_ENTRY * ADD_CREDENTIALS_FN_A)(
  747. PCredHandle,
  748. SEC_CHAR SEC_FAR *,
  749. SEC_CHAR SEC_FAR *,
  750. unsigned long,
  751. void SEC_FAR *,
  752. SEC_GET_KEY_FN,
  753. void SEC_FAR *,
  754. PTimeStamp);
  755. #ifdef UNICODE
  756. #define AddCredentials AddCredentialsW
  757. #define ADD_CREDENTIALS_FN ADD_CREDENTIALS_FN_W
  758. #else
  759. #define AddCredentials AddCredentialsA
  760. #define ADD_CREDENTIALS_FN ADD_CREDENTIALS_FN_A
  761. #endif
  762. // end_ntifs
  763. #ifdef WIN32_CHICAGO
  764. SECURITY_STATUS SEC_ENTRY
  765. SspiLogonUserW(
  766. SEC_WCHAR SEC_FAR * pszPackage, // Name of package
  767. SEC_WCHAR SEC_FAR * pszUserName, // Name of package
  768. SEC_WCHAR SEC_FAR * pszDomainName, // Name of package
  769. SEC_WCHAR SEC_FAR * pszPassword // Name of package
  770. );
  771. typedef SECURITY_STATUS
  772. (SEC_ENTRY * SSPI_LOGON_USER_FN_W)(
  773. SEC_CHAR SEC_FAR *,
  774. SEC_CHAR SEC_FAR *,
  775. SEC_CHAR SEC_FAR *,
  776. SEC_CHAR SEC_FAR *);
  777. SECURITY_STATUS SEC_ENTRY
  778. SspiLogonUserA(
  779. SEC_CHAR SEC_FAR * pszPackage, // Name of package
  780. SEC_CHAR SEC_FAR * pszUserName, // Name of package
  781. SEC_CHAR SEC_FAR * pszDomainName, // Name of package
  782. SEC_CHAR SEC_FAR * pszPassword // Name of package
  783. );
  784. typedef SECURITY_STATUS
  785. (SEC_ENTRY * SSPI_LOGON_USER_FN_A)(
  786. SEC_CHAR SEC_FAR *,
  787. SEC_CHAR SEC_FAR *,
  788. SEC_CHAR SEC_FAR *,
  789. SEC_CHAR SEC_FAR *);
  790. #ifdef UNICODE
  791. #define SspiLogonUser SspiLogonUserW // ntifs
  792. #define SSPI_LOGON_USER_FN SSPI_LOGON_USER_FN_W
  793. #else
  794. #define SspiLogonUser SspiLogonUserA
  795. #define SSPI_LOGON_USER_FN SSPI_LOGON_USER_FN_A
  796. #endif // !UNICODE
  797. #endif // WIN32_CHICAGO
  798. // begin_ntifs
  799. ////////////////////////////////////////////////////////////////////////
  800. ///
  801. /// Context Management Functions
  802. ///
  803. ////////////////////////////////////////////////////////////////////////
  804. SECURITY_STATUS SEC_ENTRY
  805. InitializeSecurityContextW(
  806. PCredHandle phCredential, // Cred to base context
  807. PCtxtHandle phContext, // Existing context (OPT)
  808. #if ISSP_MODE == 0
  809. PSECURITY_STRING pTargetName,
  810. #else
  811. SEC_WCHAR SEC_FAR * pszTargetName, // Name of target
  812. #endif
  813. unsigned long fContextReq, // Context Requirements
  814. unsigned long Reserved1, // Reserved, MBZ
  815. unsigned long TargetDataRep, // Data rep of target
  816. PSecBufferDesc pInput, // Input Buffers
  817. unsigned long Reserved2, // Reserved, MBZ
  818. PCtxtHandle phNewContext, // (out) New Context handle
  819. PSecBufferDesc pOutput, // (inout) Output Buffers
  820. unsigned long SEC_FAR * pfContextAttr, // (out) Context attrs
  821. PTimeStamp ptsExpiry // (out) Life span (OPT)
  822. );
  823. typedef SECURITY_STATUS
  824. (SEC_ENTRY * INITIALIZE_SECURITY_CONTEXT_FN_W)(
  825. PCredHandle,
  826. PCtxtHandle,
  827. #if ISSP_MODE == 0
  828. PSECURITY_STRING,
  829. #else
  830. SEC_WCHAR SEC_FAR *,
  831. #endif
  832. unsigned long,
  833. unsigned long,
  834. unsigned long,
  835. PSecBufferDesc,
  836. unsigned long,
  837. PCtxtHandle,
  838. PSecBufferDesc,
  839. unsigned long SEC_FAR *,
  840. PTimeStamp);
  841. // end_ntifs
  842. SECURITY_STATUS SEC_ENTRY
  843. InitializeSecurityContextA(
  844. PCredHandle phCredential, // Cred to base context
  845. PCtxtHandle phContext, // Existing context (OPT)
  846. SEC_CHAR SEC_FAR * pszTargetName, // Name of target
  847. unsigned long fContextReq, // Context Requirements
  848. unsigned long Reserved1, // Reserved, MBZ
  849. unsigned long TargetDataRep, // Data rep of target
  850. PSecBufferDesc pInput, // Input Buffers
  851. unsigned long Reserved2, // Reserved, MBZ
  852. PCtxtHandle phNewContext, // (out) New Context handle
  853. PSecBufferDesc pOutput, // (inout) Output Buffers
  854. unsigned long SEC_FAR * pfContextAttr, // (out) Context attrs
  855. PTimeStamp ptsExpiry // (out) Life span (OPT)
  856. );
  857. typedef SECURITY_STATUS
  858. (SEC_ENTRY * INITIALIZE_SECURITY_CONTEXT_FN_A)(
  859. PCredHandle,
  860. PCtxtHandle,
  861. SEC_CHAR SEC_FAR *,
  862. unsigned long,
  863. unsigned long,
  864. unsigned long,
  865. PSecBufferDesc,
  866. unsigned long,
  867. PCtxtHandle,
  868. PSecBufferDesc,
  869. unsigned long SEC_FAR *,
  870. PTimeStamp);
  871. #ifdef UNICODE
  872. # define InitializeSecurityContext InitializeSecurityContextW // ntifs
  873. # define INITIALIZE_SECURITY_CONTEXT_FN INITIALIZE_SECURITY_CONTEXT_FN_W // ntifs
  874. #else
  875. # define InitializeSecurityContext InitializeSecurityContextA
  876. # define INITIALIZE_SECURITY_CONTEXT_FN INITIALIZE_SECURITY_CONTEXT_FN_A
  877. #endif // !UNICODE
  878. // begin_ntifs
  879. SECURITY_STATUS SEC_ENTRY
  880. AcceptSecurityContext(
  881. PCredHandle phCredential, // Cred to base context
  882. PCtxtHandle phContext, // Existing context (OPT)
  883. PSecBufferDesc pInput, // Input buffer
  884. unsigned long fContextReq, // Context Requirements
  885. unsigned long TargetDataRep, // Target Data Rep
  886. PCtxtHandle phNewContext, // (out) New context handle
  887. PSecBufferDesc pOutput, // (inout) Output buffers
  888. unsigned long SEC_FAR * pfContextAttr, // (out) Context attributes
  889. PTimeStamp ptsExpiry // (out) Life span (OPT)
  890. );
  891. typedef SECURITY_STATUS
  892. (SEC_ENTRY * ACCEPT_SECURITY_CONTEXT_FN)(
  893. PCredHandle,
  894. PCtxtHandle,
  895. PSecBufferDesc,
  896. unsigned long,
  897. unsigned long,
  898. PCtxtHandle,
  899. PSecBufferDesc,
  900. unsigned long SEC_FAR *,
  901. PTimeStamp);
  902. SECURITY_STATUS SEC_ENTRY
  903. CompleteAuthToken(
  904. PCtxtHandle phContext, // Context to complete
  905. PSecBufferDesc pToken // Token to complete
  906. );
  907. typedef SECURITY_STATUS
  908. (SEC_ENTRY * COMPLETE_AUTH_TOKEN_FN)(
  909. PCtxtHandle,
  910. PSecBufferDesc);
  911. SECURITY_STATUS SEC_ENTRY
  912. ImpersonateSecurityContext(
  913. PCtxtHandle phContext // Context to impersonate
  914. );
  915. typedef SECURITY_STATUS
  916. (SEC_ENTRY * IMPERSONATE_SECURITY_CONTEXT_FN)(
  917. PCtxtHandle);
  918. SECURITY_STATUS SEC_ENTRY
  919. RevertSecurityContext(
  920. PCtxtHandle phContext // Context from which to re
  921. );
  922. typedef SECURITY_STATUS
  923. (SEC_ENTRY * REVERT_SECURITY_CONTEXT_FN)(
  924. PCtxtHandle);
  925. SECURITY_STATUS SEC_ENTRY
  926. QuerySecurityContextToken(
  927. PCtxtHandle phContext,
  928. void SEC_FAR * SEC_FAR * Token
  929. );
  930. typedef SECURITY_STATUS
  931. (SEC_ENTRY * QUERY_SECURITY_CONTEXT_TOKEN_FN)(
  932. PCtxtHandle, void SEC_FAR * SEC_FAR *);
  933. SECURITY_STATUS SEC_ENTRY
  934. DeleteSecurityContext(
  935. PCtxtHandle phContext // Context to delete
  936. );
  937. typedef SECURITY_STATUS
  938. (SEC_ENTRY * DELETE_SECURITY_CONTEXT_FN)(
  939. PCtxtHandle);
  940. SECURITY_STATUS SEC_ENTRY
  941. ApplyControlToken(
  942. PCtxtHandle phContext, // Context to modify
  943. PSecBufferDesc pInput // Input token to apply
  944. );
  945. typedef SECURITY_STATUS
  946. (SEC_ENTRY * APPLY_CONTROL_TOKEN_FN)(
  947. PCtxtHandle, PSecBufferDesc);
  948. SECURITY_STATUS SEC_ENTRY
  949. QueryContextAttributesW(
  950. PCtxtHandle phContext, // Context to query
  951. unsigned long ulAttribute, // Attribute to query
  952. void SEC_FAR * pBuffer // Buffer for attributes
  953. );
  954. typedef SECURITY_STATUS
  955. (SEC_ENTRY * QUERY_CONTEXT_ATTRIBUTES_FN_W)(
  956. PCtxtHandle,
  957. unsigned long,
  958. void SEC_FAR *);
  959. // end_ntifs
  960. SECURITY_STATUS SEC_ENTRY
  961. QueryContextAttributesA(
  962. PCtxtHandle phContext, // Context to query
  963. unsigned long ulAttribute, // Attribute to query
  964. void SEC_FAR * pBuffer // Buffer for attributes
  965. );
  966. typedef SECURITY_STATUS
  967. (SEC_ENTRY * QUERY_CONTEXT_ATTRIBUTES_FN_A)(
  968. PCtxtHandle,
  969. unsigned long,
  970. void SEC_FAR *);
  971. #ifdef UNICODE
  972. # define QueryContextAttributes QueryContextAttributesW // ntifs
  973. # define QUERY_CONTEXT_ATTRIBUTES_FN QUERY_CONTEXT_ATTRIBUTES_FN_W // ntifs
  974. #else
  975. # define QueryContextAttributes QueryContextAttributesA
  976. # define QUERY_CONTEXT_ATTRIBUTES_FN QUERY_CONTEXT_ATTRIBUTES_FN_A
  977. #endif // !UNICODE
  978. // begin_ntifs
  979. SECURITY_STATUS SEC_ENTRY
  980. SetContextAttributesW(
  981. PCtxtHandle phContext, // Context to Set
  982. unsigned long ulAttribute, // Attribute to Set
  983. void SEC_FAR * pBuffer, // Buffer for attributes
  984. unsigned long cbBuffer // Size (in bytes) of Buffer
  985. );
  986. typedef SECURITY_STATUS
  987. (SEC_ENTRY * SET_CONTEXT_ATTRIBUTES_FN_W)(
  988. PCtxtHandle,
  989. unsigned long,
  990. void SEC_FAR *,
  991. unsigned long );
  992. // end_ntifs
  993. SECURITY_STATUS SEC_ENTRY
  994. SetContextAttributesA(
  995. PCtxtHandle phContext, // Context to Set
  996. unsigned long ulAttribute, // Attribute to Set
  997. void SEC_FAR * pBuffer, // Buffer for attributes
  998. unsigned long cbBuffer // Size (in bytes) of Buffer
  999. );
  1000. typedef SECURITY_STATUS
  1001. (SEC_ENTRY * SET_CONTEXT_ATTRIBUTES_FN_A)(
  1002. PCtxtHandle,
  1003. unsigned long,
  1004. void SEC_FAR *,
  1005. unsigned long );
  1006. #ifdef UNICODE
  1007. # define SetContextAttributes SetContextAttributesW // ntifs
  1008. # define SET_CONTEXT_ATTRIBUTES_FN SET_CONTEXT_ATTRIBUTES_FN_W // ntifs
  1009. #else
  1010. # define SetContextAttributes SetContextAttributesA
  1011. # define SET_CONTEXT_ATTRIBUTES_FN SET_CONTEXT_ATTRIBUTES_FN_A
  1012. #endif // !UNICODE
  1013. // begin_ntifs
  1014. SECURITY_STATUS SEC_ENTRY
  1015. QueryCredentialsAttributesW(
  1016. PCredHandle phCredential, // Credential to query
  1017. unsigned long ulAttribute, // Attribute to query
  1018. void SEC_FAR * pBuffer // Buffer for attributes
  1019. );
  1020. typedef SECURITY_STATUS
  1021. (SEC_ENTRY * QUERY_CREDENTIALS_ATTRIBUTES_FN_W)(
  1022. PCredHandle,
  1023. unsigned long,
  1024. void SEC_FAR *);
  1025. // end_ntifs
  1026. SECURITY_STATUS SEC_ENTRY
  1027. QueryCredentialsAttributesA(
  1028. PCredHandle phCredential, // Credential to query
  1029. unsigned long ulAttribute, // Attribute to query
  1030. void SEC_FAR * pBuffer // Buffer for attributes
  1031. );
  1032. typedef SECURITY_STATUS
  1033. (SEC_ENTRY * QUERY_CREDENTIALS_ATTRIBUTES_FN_A)(
  1034. PCredHandle,
  1035. unsigned long,
  1036. void SEC_FAR *);
  1037. #ifdef UNICODE
  1038. # define QueryCredentialsAttributes QueryCredentialsAttributesW // ntifs
  1039. # define QUERY_CREDENTIALS_ATTRIBUTES_FN QUERY_CREDENTIALS_ATTRIBUTES_FN_W // ntifs
  1040. #else
  1041. # define QueryCredentialsAttributes QueryCredentialsAttributesA
  1042. # define QUERY_CREDENTIALS_ATTRIBUTES_FN QUERY_CREDENTIALS_ATTRIBUTES_FN_A
  1043. #endif // !UNICODE
  1044. // begin_ntifs
  1045. SECURITY_STATUS SEC_ENTRY
  1046. FreeContextBuffer(
  1047. void SEC_FAR * pvContextBuffer // buffer to free
  1048. );
  1049. typedef SECURITY_STATUS
  1050. (SEC_ENTRY * FREE_CONTEXT_BUFFER_FN)(
  1051. void SEC_FAR *);
  1052. // end_ntifs
  1053. // begin_ntifs
  1054. ///////////////////////////////////////////////////////////////////
  1055. ////
  1056. //// Message Support API
  1057. ////
  1058. //////////////////////////////////////////////////////////////////
  1059. SECURITY_STATUS SEC_ENTRY
  1060. MakeSignature(
  1061. PCtxtHandle phContext, // Context to use
  1062. unsigned long fQOP, // Quality of Protection
  1063. PSecBufferDesc pMessage, // Message to sign
  1064. unsigned long MessageSeqNo // Message Sequence Num.
  1065. );
  1066. typedef SECURITY_STATUS
  1067. (SEC_ENTRY * MAKE_SIGNATURE_FN)(
  1068. PCtxtHandle,
  1069. unsigned long,
  1070. PSecBufferDesc,
  1071. unsigned long);
  1072. SECURITY_STATUS SEC_ENTRY
  1073. VerifySignature(
  1074. PCtxtHandle phContext, // Context to use
  1075. PSecBufferDesc pMessage, // Message to verify
  1076. unsigned long MessageSeqNo, // Sequence Num.
  1077. unsigned long SEC_FAR * pfQOP // QOP used
  1078. );
  1079. typedef SECURITY_STATUS
  1080. (SEC_ENTRY * VERIFY_SIGNATURE_FN)(
  1081. PCtxtHandle,
  1082. PSecBufferDesc,
  1083. unsigned long,
  1084. unsigned long SEC_FAR *);
  1085. SECURITY_STATUS SEC_ENTRY
  1086. EncryptMessage( PCtxtHandle phContext,
  1087. unsigned long fQOP,
  1088. PSecBufferDesc pMessage,
  1089. unsigned long MessageSeqNo);
  1090. typedef SECURITY_STATUS
  1091. (SEC_ENTRY * ENCRYPT_MESSAGE_FN)(
  1092. PCtxtHandle, unsigned long, PSecBufferDesc, unsigned long);
  1093. SECURITY_STATUS SEC_ENTRY
  1094. DecryptMessage( PCtxtHandle phContext,
  1095. PSecBufferDesc pMessage,
  1096. unsigned long MessageSeqNo,
  1097. unsigned long * pfQOP);
  1098. typedef SECURITY_STATUS
  1099. (SEC_ENTRY * DECRYPT_MESSAGE_FN)(
  1100. PCtxtHandle, PSecBufferDesc, unsigned long,
  1101. unsigned long SEC_FAR *);
  1102. // end_ntifs
  1103. // begin_ntifs
  1104. ///////////////////////////////////////////////////////////////////////////
  1105. ////
  1106. //// Misc.
  1107. ////
  1108. ///////////////////////////////////////////////////////////////////////////
  1109. SECURITY_STATUS SEC_ENTRY
  1110. EnumerateSecurityPackagesW(
  1111. unsigned long SEC_FAR * pcPackages, // Receives num. packages
  1112. PSecPkgInfoW SEC_FAR * ppPackageInfo // Receives array of info
  1113. );
  1114. typedef SECURITY_STATUS
  1115. (SEC_ENTRY * ENUMERATE_SECURITY_PACKAGES_FN_W)(
  1116. unsigned long SEC_FAR *,
  1117. PSecPkgInfoW SEC_FAR *);
  1118. // end_ntifs
  1119. SECURITY_STATUS SEC_ENTRY
  1120. EnumerateSecurityPackagesA(
  1121. unsigned long SEC_FAR * pcPackages, // Receives num. packages
  1122. PSecPkgInfoA SEC_FAR * ppPackageInfo // Receives array of info
  1123. );
  1124. typedef SECURITY_STATUS
  1125. (SEC_ENTRY * ENUMERATE_SECURITY_PACKAGES_FN_A)(
  1126. unsigned long SEC_FAR *,
  1127. PSecPkgInfoA SEC_FAR *);
  1128. #ifdef UNICODE
  1129. # define EnumerateSecurityPackages EnumerateSecurityPackagesW // ntifs
  1130. # define ENUMERATE_SECURITY_PACKAGES_FN ENUMERATE_SECURITY_PACKAGES_FN_W // ntifs
  1131. #else
  1132. # define EnumerateSecurityPackages EnumerateSecurityPackagesA
  1133. # define ENUMERATE_SECURITY_PACKAGES_FN ENUMERATE_SECURITY_PACKAGES_FN_A
  1134. #endif // !UNICODE
  1135. // begin_ntifs
  1136. SECURITY_STATUS SEC_ENTRY
  1137. QuerySecurityPackageInfoW(
  1138. #if ISSP_MODE == 0
  1139. PSECURITY_STRING pPackageName,
  1140. #else
  1141. SEC_WCHAR SEC_FAR * pszPackageName, // Name of package
  1142. #endif
  1143. PSecPkgInfoW SEC_FAR *ppPackageInfo // Receives package info
  1144. );
  1145. typedef SECURITY_STATUS
  1146. (SEC_ENTRY * QUERY_SECURITY_PACKAGE_INFO_FN_W)(
  1147. #if ISSP_MODE == 0
  1148. PSECURITY_STRING,
  1149. #else
  1150. SEC_WCHAR SEC_FAR *,
  1151. #endif
  1152. PSecPkgInfoW SEC_FAR *);
  1153. // end_ntifs
  1154. SECURITY_STATUS SEC_ENTRY
  1155. QuerySecurityPackageInfoA(
  1156. SEC_CHAR SEC_FAR * pszPackageName, // Name of package
  1157. PSecPkgInfoA SEC_FAR *ppPackageInfo // Receives package info
  1158. );
  1159. typedef SECURITY_STATUS
  1160. (SEC_ENTRY * QUERY_SECURITY_PACKAGE_INFO_FN_A)(
  1161. SEC_CHAR SEC_FAR *,
  1162. PSecPkgInfoA SEC_FAR *);
  1163. #ifdef UNICODE
  1164. # define QuerySecurityPackageInfo QuerySecurityPackageInfoW // ntifs
  1165. # define QUERY_SECURITY_PACKAGE_INFO_FN QUERY_SECURITY_PACKAGE_INFO_FN_W // ntifs
  1166. #else
  1167. # define QuerySecurityPackageInfo QuerySecurityPackageInfoA
  1168. # define QUERY_SECURITY_PACKAGE_INFO_FN QUERY_SECURITY_PACKAGE_INFO_FN_A
  1169. #endif // !UNICODE
  1170. typedef enum _SecDelegationType {
  1171. SecFull,
  1172. SecService,
  1173. SecTree,
  1174. SecDirectory,
  1175. SecObject
  1176. } SecDelegationType, * PSecDelegationType;
  1177. SECURITY_STATUS SEC_ENTRY
  1178. DelegateSecurityContext(
  1179. PCtxtHandle phContext, // IN Active context to delegate
  1180. #if ISSP_MODE == 0
  1181. PSECURITY_STRING pTarget, // IN Target path
  1182. #else
  1183. SEC_CHAR SEC_FAR * pszTarget,
  1184. #endif
  1185. SecDelegationType DelegationType, // IN Type of delegation
  1186. PTimeStamp pExpiry, // IN OPTIONAL time limit
  1187. PSecBuffer pPackageParameters, // IN OPTIONAL package specific
  1188. PSecBufferDesc pOutput); // OUT Token for applycontroltoken.
  1189. ///////////////////////////////////////////////////////////////////////////
  1190. ////
  1191. //// Proxies
  1192. ////
  1193. ///////////////////////////////////////////////////////////////////////////
  1194. //
  1195. // Proxies are only available on NT platforms
  1196. //
  1197. // begin_ntifs
  1198. ///////////////////////////////////////////////////////////////////////////
  1199. ////
  1200. //// Context export/import
  1201. ////
  1202. ///////////////////////////////////////////////////////////////////////////
  1203. SECURITY_STATUS SEC_ENTRY
  1204. ExportSecurityContext(
  1205. PCtxtHandle phContext, // (in) context to export
  1206. ULONG fFlags, // (in) option flags
  1207. PSecBuffer pPackedContext, // (out) marshalled context
  1208. void SEC_FAR * SEC_FAR * pToken // (out, optional) token handle for impersonation
  1209. );
  1210. typedef SECURITY_STATUS
  1211. (SEC_ENTRY * EXPORT_SECURITY_CONTEXT_FN)(
  1212. PCtxtHandle,
  1213. ULONG,
  1214. PSecBuffer,
  1215. void SEC_FAR * SEC_FAR *
  1216. );
  1217. SECURITY_STATUS SEC_ENTRY
  1218. ImportSecurityContextW(
  1219. #if ISSP_MODE == 0
  1220. PSECURITY_STRING pszPackage,
  1221. #else
  1222. SEC_WCHAR SEC_FAR * pszPackage,
  1223. #endif
  1224. PSecBuffer pPackedContext, // (in) marshalled context
  1225. void SEC_FAR * Token, // (in, optional) handle to token for context
  1226. PCtxtHandle phContext // (out) new context handle
  1227. );
  1228. typedef SECURITY_STATUS
  1229. (SEC_ENTRY * IMPORT_SECURITY_CONTEXT_FN_W)(
  1230. #if ISSP_MODE == 0
  1231. PSECURITY_STRING,
  1232. #else
  1233. SEC_WCHAR SEC_FAR *,
  1234. #endif
  1235. PSecBuffer,
  1236. VOID SEC_FAR *,
  1237. PCtxtHandle
  1238. );
  1239. // end_ntifs
  1240. SECURITY_STATUS SEC_ENTRY
  1241. ImportSecurityContextA(
  1242. SEC_CHAR SEC_FAR * pszPackage,
  1243. PSecBuffer pPackedContext, // (in) marshalled context
  1244. VOID SEC_FAR * Token, // (in, optional) handle to token for context
  1245. PCtxtHandle phContext // (out) new context handle
  1246. );
  1247. typedef SECURITY_STATUS
  1248. (SEC_ENTRY * IMPORT_SECURITY_CONTEXT_FN_A)(
  1249. SEC_CHAR SEC_FAR *,
  1250. PSecBuffer,
  1251. void SEC_FAR *,
  1252. PCtxtHandle
  1253. );
  1254. #ifdef UNICODE
  1255. # define ImportSecurityContext ImportSecurityContextW // ntifs
  1256. # define IMPORT_SECURITY_CONTEXT_FN IMPORT_SECURITY_CONTEXT_FN_W // ntifs
  1257. #else
  1258. # define ImportSecurityContext ImportSecurityContextA
  1259. # define IMPORT_SECURITY_CONTEXT_FN IMPORT_SECURITY_CONTEXT_FN_A
  1260. #endif // !UNICODE
  1261. // begin_ntifs
  1262. #if ISSP_MODE == 0
  1263. NTSTATUS
  1264. NTAPI
  1265. SecMakeSPN(
  1266. IN PUNICODE_STRING ServiceClass,
  1267. IN PUNICODE_STRING ServiceName,
  1268. IN PUNICODE_STRING InstanceName OPTIONAL,
  1269. IN USHORT InstancePort OPTIONAL,
  1270. IN PUNICODE_STRING Referrer OPTIONAL,
  1271. IN OUT PUNICODE_STRING Spn,
  1272. OUT PULONG Length OPTIONAL,
  1273. IN BOOLEAN Allocate
  1274. );
  1275. NTSTATUS
  1276. NTAPI
  1277. SecMakeSPNEx(
  1278. IN PUNICODE_STRING ServiceClass,
  1279. IN PUNICODE_STRING ServiceName,
  1280. IN PUNICODE_STRING InstanceName OPTIONAL,
  1281. IN USHORT InstancePort OPTIONAL,
  1282. IN PUNICODE_STRING Referrer OPTIONAL,
  1283. IN PUNICODE_STRING TargetInfo OPTIONAL,
  1284. IN OUT PUNICODE_STRING Spn,
  1285. OUT PULONG Length OPTIONAL,
  1286. IN BOOLEAN Allocate
  1287. );
  1288. NTSTATUS
  1289. SEC_ENTRY
  1290. SecLookupAccountSid(
  1291. IN PSID Sid,
  1292. IN OUT PULONG NameSize,
  1293. OUT PUNICODE_STRING NameBuffer,
  1294. IN OUT PULONG DomainSize OPTIONAL,
  1295. OUT PUNICODE_STRING DomainBuffer OPTIONAL,
  1296. OUT PSID_NAME_USE NameUse
  1297. );
  1298. NTSTATUS
  1299. SEC_ENTRY
  1300. SecLookupAccountName(
  1301. IN PUNICODE_STRING Name,
  1302. IN OUT PULONG SidSize,
  1303. OUT PSID Sid,
  1304. OUT PSID_NAME_USE NameUse,
  1305. IN OUT PULONG DomainSize OPTIONAL,
  1306. OUT PUNICODE_STRING ReferencedDomain OPTIONAL
  1307. );
  1308. #endif
  1309. // end_ntifs
  1310. ///////////////////////////////////////////////////////////////////////////////
  1311. ////
  1312. //// Fast access for RPC:
  1313. ////
  1314. ///////////////////////////////////////////////////////////////////////////////
  1315. #define SECURITY_ENTRYPOINT_ANSIW "InitSecurityInterfaceW"
  1316. #define SECURITY_ENTRYPOINT_ANSIA "InitSecurityInterfaceA"
  1317. #define SECURITY_ENTRYPOINTW SEC_TEXT("InitSecurityInterfaceW") // ntifs
  1318. #define SECURITY_ENTRYPOINTA SEC_TEXT("InitSecurityInterfaceA")
  1319. #define SECURITY_ENTRYPOINT16 "INITSECURITYINTERFACEA"
  1320. #ifdef SECURITY_WIN32
  1321. # ifdef UNICODE
  1322. # define SECURITY_ENTRYPOINT SECURITY_ENTRYPOINTW // ntifs
  1323. # define SECURITY_ENTRYPOINT_ANSI SECURITY_ENTRYPOINT_ANSIW
  1324. # else // UNICODE
  1325. # define SECURITY_ENTRYPOINT SECURITY_ENTRYPOINTA
  1326. # define SECURITY_ENTRYPOINT_ANSI SECURITY_ENTRYPOINT_ANSIA
  1327. # endif // UNICODE
  1328. #else // SECURITY_WIN32
  1329. # define SECURITY_ENTRYPOINT SECURITY_ENTRYPOINT16
  1330. # define SECURITY_ENTRYPOINT_ANSI SECURITY_ENTRYPOINT16
  1331. #endif // SECURITY_WIN32
  1332. // begin_ntifs
  1333. #define FreeCredentialHandle FreeCredentialsHandle
  1334. typedef struct _SECURITY_FUNCTION_TABLE_W {
  1335. unsigned long dwVersion;
  1336. ENUMERATE_SECURITY_PACKAGES_FN_W EnumerateSecurityPackagesW;
  1337. QUERY_CREDENTIALS_ATTRIBUTES_FN_W QueryCredentialsAttributesW;
  1338. ACQUIRE_CREDENTIALS_HANDLE_FN_W AcquireCredentialsHandleW;
  1339. FREE_CREDENTIALS_HANDLE_FN FreeCredentialsHandle;
  1340. #ifndef WIN32_CHICAGO
  1341. void SEC_FAR * Reserved2;
  1342. #else // WIN32_CHICAGO
  1343. SSPI_LOGON_USER_FN SspiLogonUserW;
  1344. #endif // WIN32_CHICAGO
  1345. INITIALIZE_SECURITY_CONTEXT_FN_W InitializeSecurityContextW;
  1346. ACCEPT_SECURITY_CONTEXT_FN AcceptSecurityContext;
  1347. COMPLETE_AUTH_TOKEN_FN CompleteAuthToken;
  1348. DELETE_SECURITY_CONTEXT_FN DeleteSecurityContext;
  1349. APPLY_CONTROL_TOKEN_FN ApplyControlToken;
  1350. QUERY_CONTEXT_ATTRIBUTES_FN_W QueryContextAttributesW;
  1351. IMPERSONATE_SECURITY_CONTEXT_FN ImpersonateSecurityContext;
  1352. REVERT_SECURITY_CONTEXT_FN RevertSecurityContext;
  1353. MAKE_SIGNATURE_FN MakeSignature;
  1354. VERIFY_SIGNATURE_FN VerifySignature;
  1355. FREE_CONTEXT_BUFFER_FN FreeContextBuffer;
  1356. QUERY_SECURITY_PACKAGE_INFO_FN_W QuerySecurityPackageInfoW;
  1357. void SEC_FAR * Reserved3;
  1358. void SEC_FAR * Reserved4;
  1359. EXPORT_SECURITY_CONTEXT_FN ExportSecurityContext;
  1360. IMPORT_SECURITY_CONTEXT_FN_W ImportSecurityContextW;
  1361. ADD_CREDENTIALS_FN_W AddCredentialsW ;
  1362. void SEC_FAR * Reserved8;
  1363. QUERY_SECURITY_CONTEXT_TOKEN_FN QuerySecurityContextToken;
  1364. ENCRYPT_MESSAGE_FN EncryptMessage;
  1365. DECRYPT_MESSAGE_FN DecryptMessage;
  1366. SET_CONTEXT_ATTRIBUTES_FN_W SetContextAttributesW;
  1367. } SecurityFunctionTableW, SEC_FAR * PSecurityFunctionTableW;
  1368. // end_ntifs
  1369. typedef struct _SECURITY_FUNCTION_TABLE_A {
  1370. unsigned long dwVersion;
  1371. ENUMERATE_SECURITY_PACKAGES_FN_A EnumerateSecurityPackagesA;
  1372. QUERY_CREDENTIALS_ATTRIBUTES_FN_A QueryCredentialsAttributesA;
  1373. ACQUIRE_CREDENTIALS_HANDLE_FN_A AcquireCredentialsHandleA;
  1374. FREE_CREDENTIALS_HANDLE_FN FreeCredentialHandle;
  1375. #ifndef WIN32_CHICAGO
  1376. void SEC_FAR * Reserved2;
  1377. #else // WIN32_CHICAGO
  1378. SSPI_LOGON_USER_FN SspiLogonUserA;
  1379. #endif // WIN32_CHICAGO
  1380. INITIALIZE_SECURITY_CONTEXT_FN_A InitializeSecurityContextA;
  1381. ACCEPT_SECURITY_CONTEXT_FN AcceptSecurityContext;
  1382. COMPLETE_AUTH_TOKEN_FN CompleteAuthToken;
  1383. DELETE_SECURITY_CONTEXT_FN DeleteSecurityContext;
  1384. APPLY_CONTROL_TOKEN_FN ApplyControlToken;
  1385. QUERY_CONTEXT_ATTRIBUTES_FN_A QueryContextAttributesA;
  1386. IMPERSONATE_SECURITY_CONTEXT_FN ImpersonateSecurityContext;
  1387. REVERT_SECURITY_CONTEXT_FN RevertSecurityContext;
  1388. MAKE_SIGNATURE_FN MakeSignature;
  1389. VERIFY_SIGNATURE_FN VerifySignature;
  1390. FREE_CONTEXT_BUFFER_FN FreeContextBuffer;
  1391. QUERY_SECURITY_PACKAGE_INFO_FN_A QuerySecurityPackageInfoA;
  1392. void SEC_FAR * Reserved3;
  1393. void SEC_FAR * Reserved4;
  1394. EXPORT_SECURITY_CONTEXT_FN ExportSecurityContext;
  1395. IMPORT_SECURITY_CONTEXT_FN_A ImportSecurityContextA;
  1396. ADD_CREDENTIALS_FN_A AddCredentialsA ;
  1397. void SEC_FAR * Reserved8;
  1398. QUERY_SECURITY_CONTEXT_TOKEN_FN QuerySecurityContextToken;
  1399. ENCRYPT_MESSAGE_FN EncryptMessage;
  1400. DECRYPT_MESSAGE_FN DecryptMessage;
  1401. SET_CONTEXT_ATTRIBUTES_FN_A SetContextAttributesA;
  1402. } SecurityFunctionTableA, SEC_FAR * PSecurityFunctionTableA;
  1403. #ifdef UNICODE
  1404. # define SecurityFunctionTable SecurityFunctionTableW // ntifs
  1405. # define PSecurityFunctionTable PSecurityFunctionTableW // ntifs
  1406. #else
  1407. # define SecurityFunctionTable SecurityFunctionTableA
  1408. # define PSecurityFunctionTable PSecurityFunctionTableA
  1409. #endif // !UNICODE
  1410. #define SECURITY_
  1411. // Function table has all routines through DecryptMessage
  1412. #define SECURITY_SUPPORT_PROVIDER_INTERFACE_VERSION 1 // ntifs
  1413. // Function table has all routines through SetContextAttributes
  1414. #define SECURITY_SUPPORT_PROVIDER_INTERFACE_VERSION_2 2 // ntifs
  1415. PSecurityFunctionTableA SEC_ENTRY
  1416. InitSecurityInterfaceA(
  1417. void
  1418. );
  1419. typedef PSecurityFunctionTableA
  1420. (SEC_ENTRY * INIT_SECURITY_INTERFACE_A)(void);
  1421. // begin_ntifs
  1422. PSecurityFunctionTableW SEC_ENTRY
  1423. InitSecurityInterfaceW(
  1424. void
  1425. );
  1426. typedef PSecurityFunctionTableW
  1427. (SEC_ENTRY * INIT_SECURITY_INTERFACE_W)(void);
  1428. // end_ntifs
  1429. #ifdef UNICODE
  1430. # define InitSecurityInterface InitSecurityInterfaceW // ntifs
  1431. # define INIT_SECURITY_INTERFACE INIT_SECURITY_INTERFACE_W // ntifs
  1432. #else
  1433. # define InitSecurityInterface InitSecurityInterfaceA
  1434. # define INIT_SECURITY_INTERFACE INIT_SECURITY_INTERFACE_A
  1435. #endif // !UNICODE
  1436. #ifdef SECURITY_WIN32
  1437. //
  1438. // SASL Profile Support
  1439. //
  1440. SECURITY_STATUS
  1441. SEC_ENTRY
  1442. SaslEnumerateProfilesA(
  1443. OUT LPSTR * ProfileList,
  1444. OUT ULONG * ProfileCount
  1445. );
  1446. SECURITY_STATUS
  1447. SEC_ENTRY
  1448. SaslEnumerateProfilesW(
  1449. OUT LPWSTR * ProfileList,
  1450. OUT ULONG * ProfileCount
  1451. );
  1452. #ifdef UNICODE
  1453. #define SaslEnumerateProfiles SaslEnumerateProfilesW
  1454. #else
  1455. #define SaslEnumerateProfiles SaslEnumerateProfilesA
  1456. #endif
  1457. SECURITY_STATUS
  1458. SEC_ENTRY
  1459. SaslGetProfilePackageA(
  1460. IN LPSTR ProfileName,
  1461. OUT PSecPkgInfoA * PackageInfo
  1462. );
  1463. SECURITY_STATUS
  1464. SEC_ENTRY
  1465. SaslGetProfilePackageW(
  1466. IN LPWSTR ProfileName,
  1467. OUT PSecPkgInfoW * PackageInfo
  1468. );
  1469. #ifdef UNICODE
  1470. #define SaslGetProfilePackage SaslGetProfilePackageW
  1471. #else
  1472. #define SaslGetProfilePackage SaslGetProfilePackageA
  1473. #endif
  1474. SECURITY_STATUS
  1475. SEC_ENTRY
  1476. SaslIdentifyPackageA(
  1477. IN PSecBufferDesc pInput,
  1478. OUT PSecPkgInfoA * PackageInfo
  1479. );
  1480. SECURITY_STATUS
  1481. SEC_ENTRY
  1482. SaslIdentifyPackageW(
  1483. IN PSecBufferDesc pInput,
  1484. OUT PSecPkgInfoW * PackageInfo
  1485. );
  1486. #ifdef UNICODE
  1487. #define SaslIdentifyPackage SaslIdentifyPackageW
  1488. #else
  1489. #define SaslIdentifyPackage SaslIdentifyPackageA
  1490. #endif
  1491. SECURITY_STATUS
  1492. SEC_ENTRY
  1493. SaslInitializeSecurityContextW(
  1494. PCredHandle phCredential, // Cred to base context
  1495. PCtxtHandle phContext, // Existing context (OPT)
  1496. LPWSTR pszTargetName, // Name of target
  1497. unsigned long fContextReq, // Context Requirements
  1498. unsigned long Reserved1, // Reserved, MBZ
  1499. unsigned long TargetDataRep, // Data rep of target
  1500. PSecBufferDesc pInput, // Input Buffers
  1501. unsigned long Reserved2, // Reserved, MBZ
  1502. PCtxtHandle phNewContext, // (out) New Context handle
  1503. PSecBufferDesc pOutput, // (inout) Output Buffers
  1504. unsigned long SEC_FAR * pfContextAttr, // (out) Context attrs
  1505. PTimeStamp ptsExpiry // (out) Life span (OPT)
  1506. );
  1507. SECURITY_STATUS
  1508. SEC_ENTRY
  1509. SaslInitializeSecurityContextA(
  1510. PCredHandle phCredential, // Cred to base context
  1511. PCtxtHandle phContext, // Existing context (OPT)
  1512. LPSTR pszTargetName, // Name of target
  1513. unsigned long fContextReq, // Context Requirements
  1514. unsigned long Reserved1, // Reserved, MBZ
  1515. unsigned long TargetDataRep, // Data rep of target
  1516. PSecBufferDesc pInput, // Input Buffers
  1517. unsigned long Reserved2, // Reserved, MBZ
  1518. PCtxtHandle phNewContext, // (out) New Context handle
  1519. PSecBufferDesc pOutput, // (inout) Output Buffers
  1520. unsigned long SEC_FAR * pfContextAttr, // (out) Context attrs
  1521. PTimeStamp ptsExpiry // (out) Life span (OPT)
  1522. );
  1523. #ifdef UNICODE
  1524. #define SaslInitializeSecurityContext SaslInitializeSecurityContextW
  1525. #else
  1526. #define SaslInitializeSecurityContext SaslInitializeSecurityContextA
  1527. #endif
  1528. SECURITY_STATUS
  1529. SEC_ENTRY
  1530. SaslAcceptSecurityContext(
  1531. PCredHandle phCredential, // Cred to base context
  1532. PCtxtHandle phContext, // Existing context (OPT)
  1533. PSecBufferDesc pInput, // Input buffer
  1534. unsigned long fContextReq, // Context Requirements
  1535. unsigned long TargetDataRep, // Target Data Rep
  1536. PCtxtHandle phNewContext, // (out) New context handle
  1537. PSecBufferDesc pOutput, // (inout) Output buffers
  1538. unsigned long SEC_FAR * pfContextAttr, // (out) Context attributes
  1539. PTimeStamp ptsExpiry // (out) Life span (OPT)
  1540. );
  1541. #define SASL_OPTION_SEND_SIZE 1
  1542. #define SASL_OPTION_RECV_SIZE 2
  1543. #define SASL_OPTION_AUTHZ_STRING 3
  1544. SECURITY_STATUS
  1545. SEC_ENTRY
  1546. SaslSetContextOption(
  1547. PCtxtHandle ContextHandle,
  1548. ULONG Option,
  1549. PVOID Value,
  1550. ULONG Size
  1551. );
  1552. SECURITY_STATUS
  1553. SEC_ENTRY
  1554. SaslGetContextOption(
  1555. PCtxtHandle ContextHandle,
  1556. ULONG Option,
  1557. PVOID Value,
  1558. ULONG Size,
  1559. PULONG Needed OPTIONAL
  1560. );
  1561. #endif
  1562. #ifdef SECURITY_DOS
  1563. #if _MSC_VER >= 1200
  1564. #pragma warning(pop)
  1565. #else
  1566. #pragma warning(default:4147)
  1567. #endif
  1568. #endif
  1569. //
  1570. // This is the legacy credentials structure.
  1571. // The EX version below is preferred.
  1572. // begin_ntifs
  1573. #ifndef _AUTH_IDENTITY_DEFINED
  1574. #define _AUTH_IDENTITY_DEFINED
  1575. #define SEC_WINNT_AUTH_IDENTITY_ANSI 0x1
  1576. #define SEC_WINNT_AUTH_IDENTITY_UNICODE 0x2
  1577. typedef struct _SEC_WINNT_AUTH_IDENTITY_W {
  1578. unsigned short *User;
  1579. unsigned long UserLength;
  1580. unsigned short *Domain;
  1581. unsigned long DomainLength;
  1582. unsigned short *Password;
  1583. unsigned long PasswordLength;
  1584. unsigned long Flags;
  1585. } SEC_WINNT_AUTH_IDENTITY_W, *PSEC_WINNT_AUTH_IDENTITY_W;
  1586. // end_ntifs
  1587. typedef struct _SEC_WINNT_AUTH_IDENTITY_A {
  1588. unsigned char *User;
  1589. unsigned long UserLength;
  1590. unsigned char *Domain;
  1591. unsigned long DomainLength;
  1592. unsigned char *Password;
  1593. unsigned long PasswordLength;
  1594. unsigned long Flags;
  1595. } SEC_WINNT_AUTH_IDENTITY_A, *PSEC_WINNT_AUTH_IDENTITY_A;
  1596. #ifdef UNICODE
  1597. #define SEC_WINNT_AUTH_IDENTITY SEC_WINNT_AUTH_IDENTITY_W // ntifs
  1598. #define PSEC_WINNT_AUTH_IDENTITY PSEC_WINNT_AUTH_IDENTITY_W // ntifs
  1599. #define _SEC_WINNT_AUTH_IDENTITY _SEC_WINNT_AUTH_IDENTITY_W // ntifs
  1600. #else // UNICODE
  1601. #define SEC_WINNT_AUTH_IDENTITY SEC_WINNT_AUTH_IDENTITY_A
  1602. #define PSEC_WINNT_AUTH_IDENTITY PSEC_WINNT_AUTH_IDENTITY_A
  1603. #define _SEC_WINNT_AUTH_IDENTITY _SEC_WINNT_AUTH_IDENTITY_A
  1604. #endif // UNICODE
  1605. #endif //_AUTH_IDENTITY_DEFINED // ntifs
  1606. // begin_ntifs
  1607. //
  1608. // This is the combined authentication identity structure that may be
  1609. // used with the negotiate package, NTLM, Kerberos, or SCHANNEL
  1610. //
  1611. #ifndef SEC_WINNT_AUTH_IDENTITY_VERSION
  1612. #define SEC_WINNT_AUTH_IDENTITY_VERSION 0x200
  1613. typedef struct _SEC_WINNT_AUTH_IDENTITY_EXW {
  1614. unsigned long Version;
  1615. unsigned long Length;
  1616. unsigned short SEC_FAR *User;
  1617. unsigned long UserLength;
  1618. unsigned short SEC_FAR *Domain;
  1619. unsigned long DomainLength;
  1620. unsigned short SEC_FAR *Password;
  1621. unsigned long PasswordLength;
  1622. unsigned long Flags;
  1623. unsigned short SEC_FAR * PackageList;
  1624. unsigned long PackageListLength;
  1625. } SEC_WINNT_AUTH_IDENTITY_EXW, *PSEC_WINNT_AUTH_IDENTITY_EXW;
  1626. // end_ntifs
  1627. typedef struct _SEC_WINNT_AUTH_IDENTITY_EXA {
  1628. unsigned long Version;
  1629. unsigned long Length;
  1630. unsigned char SEC_FAR *User;
  1631. unsigned long UserLength;
  1632. unsigned char SEC_FAR *Domain;
  1633. unsigned long DomainLength;
  1634. unsigned char SEC_FAR *Password;
  1635. unsigned long PasswordLength;
  1636. unsigned long Flags;
  1637. unsigned char SEC_FAR * PackageList;
  1638. unsigned long PackageListLength;
  1639. } SEC_WINNT_AUTH_IDENTITY_EXA, *PSEC_WINNT_AUTH_IDENTITY_EXA;
  1640. #ifdef UNICODE
  1641. #define SEC_WINNT_AUTH_IDENTITY_EX SEC_WINNT_AUTH_IDENTITY_EXW // ntifs
  1642. #define PSEC_WINNT_AUTH_IDENTITY_EX PSEC_WINNT_AUTH_IDENTITY_EXW // ntifs
  1643. #else
  1644. #define SEC_WINNT_AUTH_IDENTITY_EX SEC_WINNT_AUTH_IDENTITY_EXA
  1645. #endif
  1646. // begin_ntifs
  1647. #endif // SEC_WINNT_AUTH_IDENTITY_VERSION
  1648. //
  1649. // Common types used by negotiable security packages
  1650. //
  1651. #define SEC_WINNT_AUTH_IDENTITY_MARSHALLED 0x4 // all data is in one buffer
  1652. #define SEC_WINNT_AUTH_IDENTITY_ONLY 0x8 // these credentials are for identity only - no PAC needed
  1653. // end_ntifs
  1654. //
  1655. // Routines for manipulating packages
  1656. //
  1657. typedef struct _SECURITY_PACKAGE_OPTIONS {
  1658. unsigned long Size;
  1659. unsigned long Type;
  1660. unsigned long Flags;
  1661. unsigned long SignatureSize;
  1662. void SEC_FAR * Signature;
  1663. } SECURITY_PACKAGE_OPTIONS, SEC_FAR * PSECURITY_PACKAGE_OPTIONS;
  1664. #define SECPKG_OPTIONS_TYPE_UNKNOWN 0
  1665. #define SECPKG_OPTIONS_TYPE_LSA 1
  1666. #define SECPKG_OPTIONS_TYPE_SSPI 2
  1667. #define SECPKG_OPTIONS_PERMANENT 0x00000001
  1668. SECURITY_STATUS
  1669. SEC_ENTRY
  1670. AddSecurityPackageA(
  1671. SEC_CHAR SEC_FAR * pszPackageName,
  1672. SECURITY_PACKAGE_OPTIONS SEC_FAR * Options
  1673. );
  1674. SECURITY_STATUS
  1675. SEC_ENTRY
  1676. AddSecurityPackageW(
  1677. SEC_WCHAR SEC_FAR * pszPackageName,
  1678. SECURITY_PACKAGE_OPTIONS SEC_FAR * Options
  1679. );
  1680. #ifdef UNICODE
  1681. #define AddSecurityPackage AddSecurityPackageW
  1682. #else
  1683. #define AddSecurityPackage AddSecurityPackageA
  1684. #endif
  1685. SECURITY_STATUS
  1686. SEC_ENTRY
  1687. DeleteSecurityPackageA(
  1688. SEC_CHAR SEC_FAR * pszPackageName );
  1689. SECURITY_STATUS
  1690. SEC_ENTRY
  1691. DeleteSecurityPackageW(
  1692. SEC_WCHAR SEC_FAR * pszPackageName );
  1693. #ifdef UNICODE
  1694. #define DeleteSecurityPackage DeleteSecurityPackageW
  1695. #else
  1696. #define DeleteSecurityPackage DeleteSecurityPackageA
  1697. #endif
  1698. #ifdef __cplusplus
  1699. } // extern "C"
  1700. #endif
  1701. // begin_ntifs
  1702. #endif // __SSPI_H__
  1703. // end_ntifs