windows-xp/Source/XPSP1/NT/ds/security/protocols/kerberos/client2/ctxtmgr.h

//+-----------------------------------------------------------------------
//
// Microsoft Windows
//
// Copyright (c) Microsoft Corporation 1992 - 1996
//
// File:        ctxtmgr.h
//
// Contents:    Structures and prototyps for Kerberos context list
//
//
// History:     17-April-1996   Created         MikeSw
//
//------------------------------------------------------------------------

#ifndef __CTXTMGR_H__
#define __CTXTMGR_H__

//
// All global variables declared as EXTERN will be allocated in the file
// that defines CTXTMGR_ALLOCATE
//
#ifdef EXTERN
#undef EXTERN
#endif

#ifdef CTXTMGR_ALLOCATE
#define EXTERN
#else
#define EXTERN extern
#endif

#ifdef WIN32_CHICAGO
EXTERN CRITICAL_SECTION KerbContextResource;
#else // WIN32_CHICAGO
EXTERN RTL_RESOURCE KerbContextResource;
#endif // WIN32_CHICAGO

#define     KERB_USERLIST_COUNT         (16)    // count of lists

EXTERN KERBEROS_LIST KerbContextList[ KERB_USERLIST_COUNT ];
EXTERN BOOLEAN KerberosContextsInitialized;

#define KerbGetContextHandle(_Context_) ((LSA_SEC_HANDLE)(_Context_))

//
// Context flags - these are attributes of a context and are stored in
// the ContextAttributes field of a KERB_CONTEXT.
//

#define KERB_CONTEXT_MAPPED                     0x1
#define KERB_CONTEXT_OUTBOUND                   0x2
#define KERB_CONTEXT_INBOUND                    0x4
#define KERB_CONTEXT_USED_SUPPLIED_CREDS        0x8
#define KERB_CONTEXT_USER_TO_USER               0x10
#define KERB_CONTEXT_REQ_SERVER_NAME            0x20
#define KERB_CONTEXT_REQ_SERVER_REALM           0x40
#define KERB_CONTEXT_IMPORTED                   0x80
#define KERB_CONTEXT_EXPORTED                   0x100
#define KERB_CONTEXT_USING_CREDMAN              0x200

//
// NOTICE: The logon session resource, credential resource, and context
// resource must all be acquired carefully to prevent deadlock. They
// can only be acquired in this order:
//
// 1. Logon Sessions
// 2. Credentials
// 3. Contexts
//

#if DBG
#ifdef WIN32_CHICAGO
#define KerbWriteLockContexts() \
{ \
    DebugLog((DEB_TRACE_LOCKS,"Write locking Contexts\n")); \
    EnterCriticalSection(&KerbContextResource); \
    KerbGlobalContextsLocked = GetCurrentThreadId(); \
}
#define KerbReadLockContexts() \
{ \
    DebugLog((DEB_TRACE_LOCKS,"Read locking Contexts\n")); \
    EnterCriticalSection(&KerbContextResource); \
    KerbGlobalContextsLocked = GetCurrentThreadId(); \
}
#define KerbUnlockContexts() \
{ \
    DebugLog((DEB_TRACE_LOCKS,"Unlocking Contexts\n")); \
    KerbGlobalContextsLocked = 0; \
    LeaveCriticalSection(&KerbContextResource); \
}
#else // WIN32_CHICAGO
#define KerbWriteLockContexts() \
{ \
    DebugLog((DEB_TRACE_LOCKS,"Write locking Contexts\n")); \
    RtlAcquireResourceExclusive(&KerbContextResource,TRUE); \
    KerbGlobalContextsLocked = GetCurrentThreadId(); \
}
#define KerbReadLockContexts() \
{ \
    DebugLog((DEB_TRACE_LOCKS,"Read locking Contexts\n")); \
    RtlAcquireResourceShared(&KerbContextResource, TRUE); \
    KerbGlobalContextsLocked = GetCurrentThreadId(); \
}
#define KerbUnlockContexts() \
{ \
    DebugLog((DEB_TRACE_LOCKS,"Unlocking Contexts\n")); \
    KerbGlobalContextsLocked = 0; \
    RtlReleaseResource(&KerbContextResource); \
}
#endif // WIN32_CHICAGO
#else
#ifdef WIN32_CHICAGO
#define KerbWriteLockContexts() \
    EnterCriticalSection(&KerbContextResource)
#define KerbReadLockContexts() \
    EnterCriticalSection(&KerbContextResource)
#define KerbUnlockContexts() \
    LeaveCriticalSection(&KerbContextResource)
#else // WIN32_CHICAGO
#define KerbWriteLockContexts() \
    RtlAcquireResourceExclusive(&KerbContextResource,TRUE);
#define KerbReadLockContexts() \
    RtlAcquireResourceShared(&KerbContextResource, TRUE);
#define KerbUnlockContexts() \
    RtlReleaseResource(&KerbContextResource);
#endif // WIN32_CHICAGO
#endif

NTSTATUS
KerbInitContextList(
    VOID
    );

VOID
KerbFreeContextList(
    VOID
    );


NTSTATUS
KerbAllocateContext(
    PKERB_CONTEXT * NewContext
    );

NTSTATUS
KerbInsertContext(
    IN PKERB_CONTEXT Context
    );


SECURITY_STATUS
KerbReferenceContext(
    IN LSA_SEC_HANDLE ContextHandle,
    IN BOOLEAN RemoveFromList,
    OUT PKERB_CONTEXT * FoundContext
    );


VOID
KerbDereferenceContext(
    IN PKERB_CONTEXT Context
    );

VOID
KerbReferenceContextByPointer(
    IN PKERB_CONTEXT Context,
    IN BOOLEAN RemoveFromList
    );

NTSTATUS
KerbCreateClientContext(
    IN PKERB_LOGON_SESSION LogonSession,
    IN PKERB_CREDENTIAL Credential,
    IN OPTIONAL PKERB_CREDMAN_CRED CredManCredentials,
    IN OPTIONAL PKERB_TICKET_CACHE_ENTRY TicketCacheEntry,
    IN OPTIONAL PUNICODE_STRING TargetName,
    IN ULONG Nonce,
    IN ULONG ContextFlags,
    IN ULONG ContextAttributes,
    IN OPTIONAL PKERB_ENCRYPTION_KEY SubSessionKey,
    OUT PKERB_CONTEXT * NewContext,
    OUT PTimeStamp ContextLifetime
    );

NTSTATUS
KerbCreateServerContext(
    IN PKERB_LOGON_SESSION LogonSession,
    IN PKERB_CREDENTIAL Credential,
    IN PKERB_ENCRYPTED_TICKET InternalTicket,
    IN PKERB_AP_REQUEST ApRequest,
    IN PKERB_ENCRYPTION_KEY SessionKey,
    IN PLUID LogonId,
    IN OUT PSID * UserSid,
    IN ULONG ContextFlags,
    IN ULONG ContextAttributes,
    IN ULONG Nonce,
    IN ULONG ReceiveNonce,
    IN OUT PHANDLE TokenHandle,
    IN PUNICODE_STRING ClientName,
    IN PUNICODE_STRING ClientDomain,
    OUT PKERB_CONTEXT * NewContext,
    OUT PTimeStamp ContextLifetime
    );

NTSTATUS
KerbUpdateServerContext(
    IN PKERB_CONTEXT Context,
    IN PKERB_ENCRYPTED_TICKET InternalTicket,
    IN PKERB_AP_REQUEST ApRequest,
    IN PKERB_ENCRYPTION_KEY SessionKey,
    IN PLUID LogonId,
    IN OUT PSID * UserSid,
    IN ULONG ContextFlags,
    IN ULONG ContextAttributes,
    IN ULONG Nonce,
    IN ULONG ReceiveNonce,
    IN OUT PHANDLE TokenHandle,
    IN PUNICODE_STRING ClientName,
    IN PUNICODE_STRING ClientDomain,
    OUT PTimeStamp ContextLifetime
    );

NTSTATUS
KerbCreateEmptyContext(
    IN PKERB_CREDENTIAL Credential,
    IN ULONG ContextFlags,
    IN ULONG ContextAttributes,
    IN PLUID LogonId,
    OUT PKERB_CONTEXT * NewContext,
    OUT PTimeStamp ContextLifetime
    );

NTSTATUS
KerbMapContext(
    IN PKERB_CONTEXT Context,
    OUT PBOOLEAN MappedContext,
    OUT PSecBuffer ContextData
    );

NTSTATUS
KerbCreateUserModeContext(
    IN LSA_SEC_HANDLE ContextHandle,
    IN PSecBuffer MarshalledContext,
    OUT PKERB_CONTEXT * NewContext
    );

SECURITY_STATUS
KerbReferenceContextByLsaHandle(
    IN LSA_SEC_HANDLE ContextHandle,
    IN BOOLEAN RemoveFromList,
    OUT PKERB_CONTEXT * FoundContext
    );

NTSTATUS
KerbUpdateClientContext(
    IN PKERB_CONTEXT Context,
    IN PKERB_TICKET_CACHE_ENTRY TicketCacheEntry,
    IN ULONG Nonce,
    IN ULONG ReceiveNonce,
    IN ULONG ContextFlags,
    IN ULONG ContextAttribs,
    IN OPTIONAL PKERB_ENCRYPTION_KEY SubSessionKey,
    OUT PTimeStamp ContextLifetime
    );

NTSTATUS
KerbCreateSKeyEntry(
    IN KERB_ENCRYPTION_KEY* pSessionKey,
    IN FILETIME* pExpireTime
    );

NTSTATUS
KerbDoesSKeyExist(
    IN KERB_ENCRYPTION_KEY* pKey,
    OUT BOOLEAN* pbExist
    );

NTSTATUS
KerbEqualKey(
    IN KERB_ENCRYPTION_KEY* pKeyFoo,
    IN KERB_ENCRYPTION_KEY* pKeyBar,
    OUT BOOLEAN* pbEqual
    );

NTSTATUS
KerbInsertSKey(
    IN KERB_SESSION_KEY_ENTRY* pSKeyEntry
    );

VOID
KerbTrimSKeyList(
    VOID
    );

VOID
KerbNetworkServiceSKeyListCleanupCallback(
    IN VOID* pContext,
    IN BOOLEAN bTimeOut
    );

NTSTATUS
KerbCreateSKeyTimer(
    VOID
    );

VOID
KerbFreeSKeyTimer(
    VOID
    );

VOID
KerbFreeSKeyEntry(
    IN KERB_SESSION_KEY_ENTRY* pSKeyEntry
    );

NTSTATUS
KerbProcessTargetNames(
    IN PUNICODE_STRING TargetName,
    IN OPTIONAL PUNICODE_STRING SuppTargetName,
    IN ULONG Flags,
    IN OUT ULONG *ProcessFlags,
    OUT PKERB_INTERNAL_NAME * FinalTarget,
    OUT PUNICODE_STRING TargetRealm,
    OUT OPTIONAL PKERB_SPN_CACHE_ENTRY * SpnCacheEntry
    );

#define KERB_CRACK_NAME_USE_WKSTA_REALM         0x1
#define KERB_CRACK_NAME_REALM_SUPPLIED          0x2

#endif // __CTXTMGR_H__