archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7 Commits
1 Branch
0 Tags
2.0 GiB
Tree: 1b390dddff
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '1b390dddff'
${ noResults }
windows-xp/Source/XPSP1/NT/ds/security/protocols/kerberos/client2/kerbtick.h

364 lines
9.4 KiB
Raw Normal View History

Add source files
4 years ago
  1. //+---------------------------------------------------------------------------
  2. //
  3. // Microsoft Windows
  4. // Copyright (C) Microsoft Corporation, 1992 - 1993.
  5. //
  6. // File: kerbtick.h
  7. //
  8. // Contents: Structures for ticket request and creation
  9. //
  10. // Classes:
  11. //
  12. // Functions:
  13. //
  14. // History: 22-April-1996 Created MikeSw
  15. //
  16. //----------------------------------------------------------------------------
  18. #ifndef __KERBTICK_H__
  19. #define __KERBTICK_H__
  21. //
  22. // Macros used for building tickets
  23. //
  25. #define KERB_ENCRYPT_SIZE(_x_) (sizeof(KERB_ENCRYPTED_DATA) - 1 + (_x_))
  27. //
  28. // Structures used for AP (authentication protocol) exchanges with a server
  29. //
  34. //#define KERB_AP_INTEGRITY 0x80000000 // Integrity Request
  35. //#define KERB_AP_PRIVACY 0x40000000 // Privacy
  36. //#define KERB_AP_THREE_LEG 0x20000000 // Mutual Auth 3-leg
  37. //#define KERB_AP_RETURN_EE 0x10000000 // Return extended error info
  38. //#define KERB_AP_USE_SKEY 0x00000002 // Use session key
  39. //#define KERB_AP_MUTUAL_REQ 0x00000004
  41. //
  42. // Structure used to store GSS checksum
  43. //
  45. typedef struct _KERB_GSS_CHECKSUM {
  46. ULONG BindLength;
  47. ULONG BindHash[4];
  48. ULONG GssFlags;
  49. USHORT Delegation;
  50. USHORT DelegationLength;
  51. UCHAR DelegationInfo[ANYSIZE_ARRAY];
  52. } KERB_GSS_CHECKSUM, *PKERB_GSS_CHECKSUM;
  54. #define GSS_C_DELEG_FLAG 0x01
  55. #define GSS_C_MUTUAL_FLAG 0x02
  56. #define GSS_C_REPLAY_FLAG 0x04
  57. #define GSS_C_SEQUENCE_FLAG 0x08
  58. #define GSS_C_CONF_FLAG 0x10
  59. #define GSS_C_INTEG_FLAG 0x20
  60. #define GSS_C_ANON_FLAG 0x40
  61. #define GSS_C_DCE_STYLE 0x1000
  62. #define GSS_C_IDENTIFY_FLAG 0x2000
  63. #define GSS_C_EXTENDED_ERROR_FLAG 0x4000
  65. #define GSS_CHECKSUM_TYPE 0x8003
  66. #define GSS_CHECKSUM_SIZE 24
  68. // This was added due to sizeof() byte alignment issues on
  69. // the KREB_GSS_CHECKSUM structure.
  70. #define GSS_DELEGATE_CHECKSUM_SIZE 28
  73. //
  74. // KerbGetTgsTicket retry flags
  75. //
  77. #define KERB_MIT_NO_CANONICALIZE_RETRY 0x00000001 // for MIT no canonicalize retry case
  78. #define KERB_RETRY_WITH_NEW_TGT 0x00000002
  81. //
  82. // Default flags for use in ticket requests
  83. //
  85. #define KERB_DEFAULT_TICKET_FLAGS (KERB_KDC_OPTIONS_forwardable | \
  86. KERB_KDC_OPTIONS_renewable | \
  87. KERB_KDC_OPTIONS_renewable_ok | \
  88. KERB_KDC_OPTIONS_name_canonicalize )
  91. //
  92. // These flags don't have to be in the TGT in order to be honored. Reg.
  93. // configurable.
  94. //
  95. #define KERB_ADDITIONAL_KDC_OPTIONS (KERB_KDC_OPTIONS_name_canonicalize)
  98. NTSTATUS
  99. KerbGetReferralNames(
  100. IN PKERB_ENCRYPTED_KDC_REPLY KdcReply,
  101. IN PKERB_INTERNAL_NAME OriginalTargetName,
  102. OUT PUNICODE_STRING ReferralRealm
  103. );
  105. NTSTATUS
  106. KerbMITGetMachineDomain(
  107. IN PKERB_LOGON_SESSION LogonSession,
  108. IN PKERB_INTERNAL_NAME TargetName,
  109. IN OUT PUNICODE_STRING TargetDomainName,
  110. IN OUT PKERB_TICKET_CACHE_ENTRY *TicketGrantingTicket
  111. );
  115. NTSTATUS
  116. KerbGetTgtForService(
  117. IN PKERB_LOGON_SESSION LogonSession,
  118. IN PKERB_CREDENTIAL Credential,
  119. IN OPTIONAL PKERB_CREDMAN_CRED CredManCredentials,
  120. IN OPTIONAL PUNICODE_STRING SuppRealm,
  121. IN PUNICODE_STRING TargetDomain,
  122. IN ULONG TargetFlags,
  123. OUT PKERB_TICKET_CACHE_ENTRY * NewCacheEntry,
  124. OUT PBOOLEAN CrossRealm
  125. );
  128. NTSTATUS
  129. KerbGetTgsTicket(
  130. IN PUNICODE_STRING ClientRealm,
  131. IN PKERB_TICKET_CACHE_ENTRY TicketGrantingTicket,
  132. IN PKERB_INTERNAL_NAME TargetName,
  133. IN ULONG Flags,
  134. IN OPTIONAL ULONG TicketOptions,
  135. IN OPTIONAL ULONG EncryptionType,
  136. IN OPTIONAL PKERB_AUTHORIZATION_DATA AuthorizationData,
  137. IN OPTIONAL PKERB_PA_DATA_LIST PADataList,
  138. IN OPTIONAL PKERB_TGT_REPLY TgtReply,
  139. OUT PKERB_KDC_REPLY * KdcReply,
  140. OUT PKERB_ENCRYPTED_KDC_REPLY * ReplyBody,
  141. OUT PULONG pRetryFlags
  142. );
  145. NTSTATUS
  146. KerbGetServiceTicket(
  147. IN PKERB_LOGON_SESSION LogonSession,
  148. IN PKERB_CREDENTIAL Credential,
  149. IN OPTIONAL PKERB_CREDMAN_CRED CredManCredentials,
  150. IN PKERB_INTERNAL_NAME TargetName,
  151. IN PUNICODE_STRING TargetDomainName,
  152. IN OPTIONAL PKERB_SPN_CACHE_ENTRY SpnCacheEntry,
  153. IN ULONG Flags,
  154. IN OPTIONAL ULONG TicketOptions,
  155. IN OPTIONAL ULONG EncryptionType,
  156. IN OPTIONAL PKERB_ERROR ErrorMessage,
  157. IN OPTIONAL PKERB_AUTHORIZATION_DATA AuthorizationData,
  158. IN OPTIONAL PKERB_TGT_REPLY TgtReply,
  159. OUT PKERB_TICKET_CACHE_ENTRY * NewCacheEntry,
  160. OUT LPGUID pLogonGuid OPTIONAL
  161. );
  163. #define KERB_GET_TICKET_NO_CACHE 0x1
  164. #define KERB_GET_TICKET_NO_CANONICALIZE 0x2
  165. #define KERB_GET_TICKET_S4U 0x4
  167. #define KERB_TARGET_USED_SPN_CACHE 0x1000
  168. #define KERB_TARGET_UNKNOWN_SPN 0x2000
  169. #define KERB_MIT_REALM_USED 0x4000
  170. #define KERB_TARGET_REFERRAL 0x8000
  172. NTSTATUS
  173. KerbBuildApRequest(
  174. IN PKERB_LOGON_SESSION LogonSession,
  175. IN OPTIONAL PKERB_CREDENTIAL Credential,
  176. IN OPTIONAL PKERB_CREDMAN_CRED CredManCredentials,
  177. IN PKERB_TICKET_CACHE_ENTRY TicketCacheEntry,
  178. IN OPTIONAL PKERB_ERROR ErrorMessage,
  179. IN ULONG ContextAttributes,
  180. IN OUT PULONG ContextFlags,
  181. OUT PUCHAR * MarshalledApRequest,
  182. OUT PULONG ApRequestSize,
  183. OUT PULONG Nonce,
  184. OUT PKERB_ENCRYPTION_KEY SubSessionKey,
  185. IN PSEC_CHANNEL_BINDINGS pChannelBindings
  186. );
  188. NTSTATUS
  189. KerbBuildNullSessionApRequest(
  190. OUT PUCHAR * MarshalledApRequest,
  191. OUT PULONG ApRequestSize
  192. );
  195. NTSTATUS
  196. KerbVerifyApRequest(
  197. IN OPTIONAL PKERB_CONTEXT Context,
  198. IN PUCHAR RequestMessage,
  199. IN ULONG RequestSize,
  200. IN PKERB_LOGON_SESSION LogonSession,
  201. IN PKERB_CREDENTIAL Credential,
  202. IN BOOLEAN UseSuppliedCreds,
  203. IN BOOLEAN CheckForReplay,
  204. OUT PKERB_AP_REQUEST * ApRequest,
  205. OUT PKERB_ENCRYPTED_TICKET * NewTicket,
  206. OUT PKERB_AUTHENTICATOR * NewAuthenticator,
  207. OUT PKERB_ENCRYPTION_KEY SessionKey,
  208. OUT PKERB_ENCRYPTION_KEY TicketKey,
  209. OUT PKERB_ENCRYPTION_KEY ServerKey,
  210. OUT PULONG ContextFlags,
  211. OUT PULONG ContextAttributes,
  212. OUT PKERBERR KerbError,
  213. IN PSEC_CHANNEL_BINDINGS pChannelBindings
  214. );
  216. NTSTATUS
  217. KerbComputeGssBindHash(
  218. IN PSEC_CHANNEL_BINDINGS pChannelBindings,
  219. OUT PUCHAR HashBuffer
  220. );
  222. //
  223. // From credapi.cxx
  224. //
  226. NTSTATUS
  227. KerbCaptureSuppliedCreds(
  228. IN PKERB_LOGON_SESSION LogonSession,
  229. IN OPTIONAL PVOID AuthorizationData,
  230. IN OPTIONAL PUNICODE_STRING PrincipalName,
  231. OUT PKERB_PRIMARY_CREDENTIAL * SuppliedCreds,
  232. OUT PULONG Flags
  233. );
  235. NTSTATUS
  236. KerbBuildApReply(
  237. IN PKERB_AUTHENTICATOR InternalAuthenticator,
  238. IN PKERB_AP_REQUEST Request,
  239. IN ULONG ContextFlags,
  240. IN ULONG ContextAtributes,
  241. IN PKERB_ENCRYPTION_KEY TicketKey,
  242. IN OUT PKERB_ENCRYPTION_KEY SessionKey,
  243. OUT PULONG Nonce,
  244. OUT PUCHAR * NewReply,
  245. OUT PULONG NewReplySize
  246. );
  248. NTSTATUS
  249. KerbBuildThirdLegApReply(
  250. IN PKERB_CONTEXT Context,
  251. IN ULONG ReceiveNonce,
  252. OUT PUCHAR * NewReply,
  253. OUT PULONG NewReplySize
  254. );
  256. NTSTATUS
  257. KerbVerifyApReply(
  258. IN PKERB_CONTEXT Context,
  259. IN PUCHAR PackedReply,
  260. IN ULONG PackedReplySize,
  261. OUT PULONG ReceiveNonce
  262. );
  264. NTSTATUS
  265. KerbInitTicketHandling(
  266. VOID
  267. );
  269. VOID
  270. KerbCleanupTicketHandling(
  271. VOID
  272. );
  275. NTSTATUS
  276. KerbMakeSocketCall(
  277. IN PUNICODE_STRING RealmName,
  278. IN OPTIONAL PUNICODE_STRING AccountName,
  279. IN BOOLEAN CallPDC,
  280. IN BOOLEAN UseTcp,
  281. IN BOOLEAN CallKpasswd,
  282. IN PKERB_MESSAGE_BUFFER RequestMessage,
  283. IN PKERB_MESSAGE_BUFFER ReplyMessage,
  284. IN OPTIONAL PKERB_BINDING_CACHE_ENTRY OptionalBindingHandle,
  285. IN ULONG AdditionalFlags,
  286. OUT PBOOLEAN CalledPDC
  287. );
  290. NTSTATUS
  291. KerbRenewTicket(
  292. IN PKERB_LOGON_SESSION LogonSession,
  293. IN OPTIONAL PKERB_CREDENTIAL Credentials,
  294. IN OPTIONAL PKERB_PRIMARY_CREDENTIAL CredManCredentials,
  295. IN PKERB_TICKET_CACHE_ENTRY Ticket,
  296. IN BOOLEAN IsTgt,
  297. OUT PKERB_TICKET_CACHE_ENTRY *NewTicket
  298. );
  300. NTSTATUS
  301. KerbRefreshPrimaryTgt(
  302. IN PKERB_LOGON_SESSION LogonSession,
  303. IN OPTIONAL PKERB_CREDENTIAL Credentials,
  304. IN OPTIONAL PKERB_CREDMAN_CRED CredManCredentials,
  305. IN OPTIONAL PUNICODE_STRING SuppRealm,
  306. IN OPTIONAL PKERB_TICKET_CACHE_ENTRY OldTgt
  307. );
  310. NTSTATUS
  311. KerbHandleTgtRequest(
  312. IN PKERB_LOGON_SESSION LogonSession,
  313. IN PKERB_CREDENTIAL Credential,
  314. IN BOOLEAN UseSuppliedCreds,
  315. IN PUCHAR RequestMessage,
  316. IN ULONG RequestSize,
  317. IN ULONG ContextRequirements,
  318. IN PSecBuffer OutputToken,
  319. IN PLUID LogonId,
  320. OUT PULONG ContextAttributes,
  321. OUT PKERB_CONTEXT * Context,
  322. OUT PTimeStamp ContextLifetime,
  323. OUT PKERBERR ReturnedError
  324. );
  326. NTSTATUS
  327. KerbBuildTgtRequest(
  328. IN PKERB_INTERNAL_NAME TargetName,
  329. IN PUNICODE_STRING TargetRealm,
  330. OUT PULONG ContextAttributes,
  331. OUT PUCHAR * MarshalladTgtRequest,
  332. OUT PULONG TgtRequestSize
  333. );
  335. NTSTATUS
  336. KerbUnpackTgtReply(
  337. IN PKERB_CONTEXT Context,
  338. IN PUCHAR ReplyMessage,
  339. IN ULONG ReplySize,
  340. OUT PKERB_INTERNAL_NAME * TargetName,
  341. OUT PUNICODE_STRING TargetRealm,
  342. OUT PKERB_TGT_REPLY * Reply
  343. );
  345. NTSTATUS
  346. KerbBuildTgtErrorReply(
  347. IN PKERB_LOGON_SESSION LogonSession,
  348. IN PKERB_CREDENTIAL Credentials,
  349. IN BOOLEAN UseSuppliedCreds,
  350. IN OUT PKERB_CONTEXT Context,
  351. OUT PULONG ReplySize,
  352. OUT PBYTE * Reply
  353. );
  355. NTSTATUS
  356. KerbBuildKerbCred(
  357. IN OPTIONAL PKERB_TICKET_CACHE_ENTRY Ticket,
  358. IN PKERB_TICKET_CACHE_ENTRY DelegationTicket,
  359. OUT PUCHAR * MarshalledKerbCred,
  360. OUT PULONG KerbCredSize
  361. );
  364. #endif // __KERBTICK_H__