|
|
//+-----------------------------------------------------------------------
//
// File: kerbsupp.h
//
// Contents: prototypes for kerberos support routines
//
//
// History:
//
//------------------------------------------------------------------------
#ifndef _INC_KERBSUPP_
#define _INC_KERBSUPP_
#include <intkerb.h>
#include <tickets.h>
#include <crypto.h>
#include <samrpc.h>
//
// Global time constants
//
const TimeStamp tsInfinity = {0xFFFFFFFF, 0x7FFFFFFF};const TimeStamp tsZero = {0, 0};const LONG lInfinity = 0x7FFFFFFF;
// Prototypes
#ifdef __cplusplus
class CAuthenticatorList;class CLogonAccount;
//
// Contains domain account policies that are required for checking logon
// restrictions.
//
typedef struct _LogonPolicies { TimeStamp MaxPasswordAge;} LogonPolicies, *PLogonPolicies;
SECURITY_STATUS NTAPIKerbCheckTicket(IN PKerbTicket pktTicket, IN PEncryptedData pedAuth, IN const KerbKey& kKey, IN OUT CAuthenticatorList& alAuthenList, IN const TimeStamp& tsSkew, IN const PWCHAR pwzServiceName, OUT PKerbInternalTicket pkitTicket, OUT PKerbInternalAuthenticator pkiaAuth, OUT PKerbKey pkSessionKey );
SECURITY_STATUS NTAPICheckLogonRestrictions( IN SAMPR_HANDLE UserHandle, IN const TimeStamp& tsNow, IN const SECURITY_STRING& sMachineName, IN PLogonPolicies LogonData, OUT PULONG pcLogonSeconds );
#endif // ifdef __cplusplus
#ifdef __cplusplus
extern "C" {#endif
SECURITY_STATUS NTAPIKerbPackTicket( PKerbInternalTicket pkitTicket, PKerbKey pkKey, ULONG dwEncrType, PKerbTicket * ppktTicket);
SECURITY_STATUS NTAPIKerbUnpackTicket(PKerbTicket, PKerbKey, PKerbInternalTicket);
SECURITY_STATUS NTAPIKerbMakeKey(PKerbKey);
SECURITY_STATUS NTAPIKerbRandomFill(PUCHAR, ULONG);
SECURITY_STATUS NTAPIKerbCreateAuthenticator(IN PKerbKey pkKey, IN DWORD dwEncrType, IN DWORD dwSeq, IN PUNICODE_STRING ClientName, IN PUNICODE_STRING ClientDomainName, IN PTimeStamp ptsTime, IN PKerbKey pkSubKey, IN OUT PULONG pcbAuthenIn, OUT PEncryptedData* ppedAuthenticator );
SECURITY_STATUS NTAPIKerbUnpackAuthenticator(PKerbInternalTicket, PEncryptedData, PKerbInternalAuthenticator);
SECURITY_STATUS NTAPIKerbPackKDCReply(PKerbKDCReply, PKerbKey, ULONG, PEncryptedData *);
SECURITY_STATUS NTAPIKerbUnpackKDCReply(PEncryptedData, PKerbKey, PKerbKDCReply);
SECURITY_STATUS NTAPIKerbFreeTicket( PKerbInternalTicket pkitTicket );
SECURITY_STATUS NTAPIKerbFreeAuthenticator( PKerbInternalAuthenticator pkiaAuth );
SECURITY_STATUS NTAPIKerbFreeKDCReply( PKerbKDCReply pkrReply );
void NTAPIKerbHashPassword(PSECURITY_STRING, PKerbKey);
SECURITY_STATUS NTAPIKIEncryptData(PEncryptedData, ULONG, ULONG, PKerbKey);
SECURITY_STATUS NTAPIKIDecryptData(PEncryptedData, PKerbKey);
void * KerbSafeAlloc(unsigned long);void KerbSafeFree(void *);
typedef struct _KerbScatterBlock { ULONG cbData; PUCHAR pbData;} KerbScatterBlock, * PKerbScatterBlock;
#ifdef __CRYPTDLL_H__
SECURITY_STATUS NTAPIKICheckSum( PUCHAR pbData, ULONG cbData, PCheckSumFunction pcsfSum, PCheckSum pcsCheckSum);
SECURITY_STATUS NTAPIKICheckSumVerify( PUCHAR pbBuffer, ULONG cbBuffer, PCheckSum pcsCheck);
SECURITY_STATUS NTAPIKIScatterEncrypt( PUCHAR pbHeader, ULONG cBlocks, PKerbScatterBlock psbList, PCryptoSystem pcsCrypt, PCheckSumFunction pcsfSum, PKerbKey pkKey);
SECURITY_STATUS NTAPIKIScatterDecrypt( PUCHAR pbHeader, ULONG cBlocks, PKerbScatterBlock psbList, PCryptoSystem pcsCrypt, PCheckSumFunction pcsfSum, PKerbKey pkKey);
#endif // using CRYPTDLL.h defines
#ifdef __cplusplus
} // extern "C"
#endif
#endif // _INC_KERBSUPP_
|
