archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
7 Commits
1 Branch
0 Tags
2.0 GiB
Tree: 1b390dddff
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '1b390dddff'
${ noResults }
windows-xp/Source/XPSP1/NT/ds/security/protocols/kerberos/server/tktutil.hxx

341 lines
8.1 KiB
Raw Normal View History

Add source files
4 years ago
  1. //+---------------------------------------------------------------------------
  2. //
  3. // Microsoft Windows
  4. // Copyright (C) Microsoft Corporation, 1992 - 1993.
  5. //
  6. // File: tktutil.hxx
  7. //
  8. // Contents: prototypes for tktutil.cxx
  9. //
  10. // Classes:
  11. //
  12. // Functions:
  13. //
  14. // History: 05-Mar-94 wader Created
  15. //
  16. //----------------------------------------------------------------------------
  18. #ifndef __TKTUTIL_HXX__
  19. #define __TKTUTIL_HXX__
  21. #include <kdcsvr.hxx>
  22. #include <pac.hxx>
  23. #include <refer.h>
  24. #include <transit.h>
  25. #include <sockutil.h>
  27. extern "C"
  28. {
  29. #include <ntdsapi.h>
  30. #include <kdcexp.h>
  31. }
  34. //
  35. // Structures
  36. //
  38. #ifdef later
  39. typedef struct _KDC_PA_DATA_CONTEXT {
  40. struct _KDC_PA_DATA_CONTEXT * Next;
  41. ULONG PaDataType;
  42. ULONG ContextSize;
  43. PBYTE Context[ANYSIZE_ARRAY];
  44. } KDC_PA_DATA_CONTEXT, *PKDC_PA_DATA_CONTEXT;
  46. typedef NTSTATUS (*PKDC_PA_DATA_RESPONSE) (
  47. IN OUT PKDC_PA_DATA_CONTEXT * Context
  48. );
  50. typedef NTSTATUS (*PKDC_PA_DATA_CLEANUP) (
  51. IN PKDC_PA_DATA_CONTEXT Context
  52. );
  54. #endif // later
  56. typedef NTSTATUS (*PKDC_PA_DATA_REQUEST) (
  57. IN PKDC_TICKET_INFO ClientTicketInfo,
  58. IN SAMPR_HANDLE UserHandle,
  59. IN PKERB_PA_DATA_LIST PreAuthData,
  60. OUT PKERB_PA_DATA_LIST * OutputPreAuthData,
  61. OUT PBOOLEAN BuildPac,
  62. OUT PULONG Nonce,
  63. OUT PKERB_ENCRYPTION_KEY ReplyEncryptionKey
  64. );
  67. typedef struct _KDC_PA_DATA_HANDLER {
  68. ULONG PaDataType;
  69. PKDC_PA_DATA_REQUEST Request;
  70. } KDC_PA_DATA_HANDLER, *PKDC_PA_DATA_HANDLER;
  73. //
  74. // Flags for Normalize
  75. //
  78. #define KDC_NAME_CLIENT 0x1
  79. #define KDC_NAME_SERVER 0x2
  80. #define KDC_NAME_FOLLOW_REFERRALS 0x4
  81. #define KDC_NAME_INBOUND 0x8 // for trust, indicates name need not be outbound trust only
  82. #define KDC_NAME_CHECK_GC 0x10 // indicates that the client said this name should be canonicalized at the GC
  85. //
  86. // Prototypes.
  87. //
  91. KERBERR
  92. KdcGetTicketInfo(
  93. IN PUNICODE_STRING UserName,
  94. IN ULONG LookupFlags,
  95. IN OPTIONAL PKERB_INTERNAL_NAME PrincipalName,
  96. IN OPTIONAL PKERB_REALM Realm,
  97. OUT PKDC_TICKET_INFO TicketInfo,
  98. OUT PKERB_EXT_ERROR pExtendedError,
  99. OUT OPTIONAL SAMPR_HANDLE * UserHandle,
  100. IN OPTIONAL ULONG WhichFields,
  101. IN OPTIONAL ULONG ExtendedFields,
  102. OUT OPTIONAL PUSER_INTERNAL6_INFORMATION * RetUserInfo,
  103. OUT OPTIONAL PSID_AND_ATTRIBUTES_LIST GroupMembership
  104. );
  107. KERBERR
  108. GetTicketInfo(
  109. IN PUNICODE_STRING pwzName,
  110. IN OPTIONAL PKERB_INTERNAL_NAME PrincipalName,
  111. IN OPTIONAL PKERB_REALM Realm,
  112. IN OUT PKDC_TICKET_INFO ptiInfo,
  113. OUT OPTIONAL SAMPR_HANDLE * UserHandle,
  114. OUT OPTIONAL PUSER_INTERNAL6_INFORMATION * UserInfo,
  115. OUT OPTIONAL PSID_AND_ATTRIBUTES_LIST ReverseMembership
  116. );
  118. VOID
  119. FreeTicketInfo( IN PKDC_TICKET_INFO ptiInfo );
  121. KERBERR
  122. KdcDuplicateCredentials(
  123. OUT PKERB_STORED_CREDENTIAL * NewCredentials,
  124. OUT PULONG CredentialSize,
  125. IN PKERB_STORED_CREDENTIAL OldCredentials,
  126. IN BOOLEAN MarshallKeys
  127. );
  129. KERBERR
  130. BuildReply(
  131. IN OPTIONAL PKDC_TICKET_INFO ClientInfo,
  132. IN ULONG Nonce,
  133. IN PKERB_PRINCIPAL_NAME ServerName,
  134. IN KERB_REALM ServerRealm,
  135. IN OPTIONAL PKERB_HOST_ADDRESSES HostAddresses,
  136. IN PKERB_TICKET Ticket,
  137. OUT PKERB_ENCRYPTED_KDC_REPLY ReplyBody
  138. );
  140. KERBERR
  141. KdcNormalize(
  142. IN PKERB_INTERNAL_NAME PrincipalName,
  143. IN OPTIONAL PUNICODE_STRING PrincipalRealm,
  144. IN OPTIONAL PUNICODE_STRING RequestRealm,
  145. IN ULONG NameFlags,
  146. OUT PBOOLEAN Referral,
  147. OUT PUNICODE_STRING RealmName,
  148. OUT PKDC_TICKET_INFO TicketInfo,
  149. OUT PKERB_EXT_ERROR pExtendedError,
  150. OUT OPTIONAL SAMPR_HANDLE * UserHandle,
  151. IN OPTIONAL ULONG WhichFields,
  152. IN OPTIONAL ULONG ExtendedFields,
  153. OUT OPTIONAL PUSER_INTERNAL6_INFORMATION * UserInfo,
  154. OUT OPTIONAL PSID_AND_ATTRIBUTES_LIST GroupMembership
  155. );
  157. KERBERR
  158. KdcBuildTicketTimesAndFlags(
  159. IN ULONG ClientPolicyFlags,
  160. IN ULONG ServerPolicyFlags,
  161. IN PLARGE_INTEGER DomainTicketLifespan,
  162. IN PLARGE_INTEGER DomainTicketRenewspan,
  163. IN OPTIONAL PLARGE_INTEGER LogoffTime,
  164. IN OPTIONAL PLARGE_INTEGER AccountExpiry,
  165. IN PKERB_KDC_REQUEST_BODY RequestBody,
  166. IN OPTIONAL PKERB_ENCRYPTED_TICKET SourceTicket,
  167. IN OUT PKERB_ENCRYPTED_TICKET Ticket,
  168. IN OUT OPTIONAL PKERB_EXT_ERROR ExtendedError
  169. );
  172. KERBERR
  173. BuildTicketTimesAndFlags(
  174. IN ULONG ulMaxRenew,
  175. IN KERB_TICKET_FLAGS fAllowedFlags,
  176. IN PLARGE_INTEGER ptsMaxRenew,
  177. IN PLARGE_INTEGER ptsMaxLife,
  178. IN PKERB_KDC_REQUEST_BODY RequestBody,
  179. IN OUT PKERB_TICKET Ticket,
  180. IN OUT OPTIONAL PKERB_EXT_ERROR ExtendedError
  181. );
  183. KERBERR
  184. GetPacAndSuppCred(
  185. IN PUSER_INTERNAL6_INFORMATION UserInfo,
  186. IN PSID_AND_ATTRIBUTES_LIST GroupMembership,
  187. IN ULONG SignatureSize,
  188. IN OPTIONAL PKERB_ENCRYPTION_KEY CredentialKey,
  189. IN OPTIONAL PTimeStamp ClientId,
  190. IN OPTIONAL PUNICODE_STRING ClientName,
  191. OUT PPACTYPE * Pac,
  192. OUT PKERB_EXT_ERROR pExtendedError
  193. );
  197. KERBERR
  198. HandleTGSRequest(
  199. IN OPTIONAL SOCKADDR * ClientAddress,
  200. IN PKERB_TGS_REQUEST RequestMessage,
  201. IN PUNICODE_STRING RequestRealm,
  202. OUT PKERB_MESSAGE_BUFFER OutputMessage,
  203. OUT PKERB_EXT_ERROR pExtendedError
  204. );
  206. KERBERR
  207. KdcVerifyKdcRequest(
  208. IN PUCHAR RequestBuffer,
  209. IN ULONG RequestSize,
  210. IN OPTIONAL SOCKADDR * ClientAddress,
  211. IN BOOLEAN IsKdcRequest,
  212. OUT OPTIONAL PKERB_AP_REQUEST * UnmarshalledRequest,
  213. OUT OPTIONAL PKERB_AUTHENTICATOR * UnmarshalledAuthenticator,
  214. OUT PKERB_ENCRYPTED_TICKET *EncryptedTicket,
  215. OUT PKERB_ENCRYPTION_KEY SessionKey,
  216. OUT PKERB_ENCRYPTION_KEY ServerKey,
  217. OUT PKDC_TICKET_INFO ServerTicketInfo,
  218. OUT PBOOLEAN UseSubKey,
  219. OUT PKERB_EXT_ERROR pExtendedError
  220. );
  222. KERBERR
  223. KdcVerifyClientAddress(
  224. IN SOCKADDR * ClientAddress,
  225. IN PKERB_HOST_ADDRESSES Addresses
  226. );
  228. KERBERR
  229. KdcVerifyTgsChecksum(
  230. IN PKERB_KDC_REQUEST_BODY RequestBody,
  231. IN PKERB_ENCRYPTION_KEY Key,
  232. IN PKERB_CHECKSUM OldChecksum
  233. );
  236. NTSTATUS
  237. KdcBuildPasswordList(
  238. IN PUNICODE_STRING Password,
  239. IN PUNICODE_STRING PrincipalName,
  240. IN PUNICODE_STRING DnsDomainName,
  241. IN KERB_ACCOUNT_TYPE AccountType,
  242. IN PKERB_STORED_CREDENTIAL StoredCreds,
  243. IN ULONG StoredCredSize,
  244. IN BOOLEAN MarshallKeys,
  245. IN BOOLEAN IncludeBuiltinTypes,
  246. IN ULONG Flags,
  247. IN KDC_DOMAIN_INFO_DIRECTION Direction,
  248. OUT PKERB_STORED_CREDENTIAL * PasswordList,
  249. OUT PULONG PasswordListSize
  250. );
  253. #if DBG
  254. void
  255. PrintTicket( ULONG ulDebLevel,
  256. char * pszMessage,
  257. PKERB_TICKET pkitTicket );
  259. void
  260. PrintRequest( ULONG ulDebLevel,
  261. PKERB_KDC_REQUEST_BODY pktrRequest );
  264. #else
  266. #define PrintRequest(x,y)
  267. #define PrintTicket(w,x,y)
  268. #define PrintProxyReference(w,x,y)
  269. #define PrintProxyData(w,x,y)
  271. #endif
  273. VOID
  274. KdcFreeKdcReplyBody(
  275. IN PKERB_ENCRYPTED_KDC_REPLY ReplyBody
  276. );
  278. VOID
  279. KdcFreeInternalTicket(
  280. IN PKERB_TICKET Ticket
  281. );
  283. VOID
  284. KdcFreeKdcReply(
  285. IN PKERB_KDC_REPLY Reply
  286. );
  289. KERBERR
  290. KdcGetPacAuthData(
  291. IN PUSER_INTERNAL6_INFORMATION UserInfo,
  292. IN PSID_AND_ATTRIBUTES_LIST GroupMembership,
  293. IN PKERB_ENCRYPTION_KEY ServerKey,
  294. IN PKERB_ENCRYPTION_KEY CredentialKey,
  295. IN BOOLEAN AddResourceGroups,
  296. IN OPTIONAL PKERB_ENCRYPTED_TICKET EncryptedTicket,
  297. IN OPTIONAL PKERB_INTERNAL_NAME S4UClientName,
  298. OUT PKERB_AUTHORIZATION_DATA * PacAuthData,
  299. OUT PKERB_EXT_ERROR pExtendedError
  300. );
  302. KERBERR
  303. KdcVerifyAndResignPac(
  304. IN PKERB_ENCRYPTION_KEY OldKey,
  305. IN PKERB_ENCRYPTION_KEY NewKey,
  306. IN PKDC_TICKET_INFO OldServerInfo,
  307. IN BOOLEAN AddResouceGroups,
  308. IN OUT PKERB_AUTHORIZATION_DATA PacAuthData
  309. );
  311. KERBERR
  312. KdcGetPacFromAuthData(
  313. IN PKERB_AUTHORIZATION_DATA AuthData,
  314. OUT PKERB_IF_RELEVANT_AUTH_DATA *ReturnIfRelevantData,
  315. OUT PKERB_AUTHORIZATION_DATA * Pac
  316. );
  318. KERBERR
  319. KdcInsertPacIntoAuthData(
  320. IN PKERB_AUTHORIZATION_DATA AuthData,
  321. IN PKERB_IF_RELEVANT_AUTH_DATA IfRelevantData,
  322. IN PKERB_AUTHORIZATION_DATA PacAuthData,
  323. OUT PKERB_AUTHORIZATION_DATA * UpdatedAuthData
  324. );
  329. NTSTATUS
  330. EnterApiCall(
  331. VOID
  332. );
  334. VOID
  335. LeaveApiCall(
  336. VOID
  337. );
  341. #endif // __TKTUTIL_HXX__