|
|
//+-----------------------------------------------------------------------
//
// Microsoft Windows
//
// Copyright (c) Microsoft Corporation 1991-1999
//
// File: secpkg.h
//
// Contents: Global definitions for security packages
// This file will contain everything specific to writing
// a security package.
//
//
// History: 10 Mar 92 RichardW Created
// 24-Mar-94 wader Changed EstablishCredentials to SystemLogon
//
//------------------------------------------------------------------------
#ifndef __SECPKG_H__
#define __SECPKG_H__
#if _MSC_VER > 1000
#pragma once
#endif
#include <ntlsa.h> // SECURITY_LOGON_TYPE
// begin_ntsecpkg
#ifdef SECURITY_KERNEL
//
// Can't use the windows.h def'ns in kernel mode.
//
typedef PVOID SEC_THREAD_START; typedef PVOID SEC_ATTRS; #else
typedef LPTHREAD_START_ROUTINE SEC_THREAD_START; typedef LPSECURITY_ATTRIBUTES SEC_ATTRS; #endif
#define SecEqualLuid(L1, L2) \
( ( ((PLUID)L1)->LowPart == ((PLUID)L2)->LowPart ) && \ ( ((PLUID)L1)->HighPart == ((PLUID)L2)->HighPart ) ) \
#define SecIsZeroLuid( L1 ) \
( ( L1->LowPart | L1->HighPart ) == 0 )
//
// The following structures are used by the helper functions
//
typedef struct _SECPKG_CLIENT_INFO { LUID LogonId; // Effective Logon Id
ULONG ProcessID; // Process Id of caller
ULONG ThreadID; // Thread Id of caller
BOOLEAN HasTcbPrivilege; // Client has TCB
BOOLEAN Impersonating; // Client is impersonating
BOOLEAN Restricted; // Client is restricted
//
// NT 5.1
//
UCHAR ClientFlags; // Extra flags about the client
SECURITY_IMPERSONATION_LEVEL ImpersonationLevel; // Impersonation level of client
} SECPKG_CLIENT_INFO, * PSECPKG_CLIENT_INFO;
#define SECPKG_CLIENT_PROCESS_TERMINATED 0x01 // The client process has terminated
#define SECPKG_CLIENT_THREAD_TERMINATED 0x02 // The client thread has terminated
typedef struct _SECPKG_CALL_INFO { ULONG ProcessId ; ULONG ThreadId ; ULONG Attributes ; ULONG CallCount ; } SECPKG_CALL_INFO, * PSECPKG_CALL_INFO ;
#define SECPKG_CALL_KERNEL_MODE 0x00000001 // Call originated in kernel mode
#define SECPKG_CALL_ANSI 0x00000002 // Call came from ANSI stub
#define SECPKG_CALL_URGENT 0x00000004 // Call designated urgent
#define SECPKG_CALL_RECURSIVE 0x00000008 // Call is recursing
#define SECPKG_CALL_IN_PROC 0x00000010 // Call originated in process
#define SECPKG_CALL_CLEANUP 0x00000020 // Call is cleanup from a client
#define SECPKG_CALL_WOWCLIENT 0x00000040 // Call is from a WOW client process
#define SECPKG_CALL_THREAD_TERM 0x00000080 // Call is from a thread that has term'd
#define SECPKG_CALL_PROCESS_TERM 0x00000100 // Call is from a process that has term'd
#define SECPKG_CALL_IS_TCB 0x00000200 // Call is from TCB
typedef struct _SECPKG_SUPPLEMENTAL_CRED { UNICODE_STRING PackageName; ULONG CredentialSize; #ifdef MIDL_PASS
[size_is(CredentialSize)] #endif // MIDL_PASS
PUCHAR Credentials; } SECPKG_SUPPLEMENTAL_CRED, *PSECPKG_SUPPLEMENTAL_CRED;
typedef ULONG_PTR LSA_SEC_HANDLE ; typedef LSA_SEC_HANDLE * PLSA_SEC_HANDLE ; typedef struct _SECPKG_SUPPLEMENTAL_CRED_ARRAY { ULONG CredentialCount; #ifdef MIDL_PASS
[size_is(CredentialCount)] SECPKG_SUPPLEMENTAL_CRED Credentials[*]; #else // MIDL_PASS
SECPKG_SUPPLEMENTAL_CRED Credentials[1]; #endif // MIDL_PASS
} SECPKG_SUPPLEMENTAL_CRED_ARRAY, *PSECPKG_SUPPLEMENTAL_CRED_ARRAY;
//
// This flag is used for to indicate which buffers in the LSA are located
// in the client's address space
//
#define SECBUFFER_UNMAPPED 0x40000000
//
// This flag is used to indicate that the buffer was mapped into the LSA
// from kernel mode.
//
#define SECBUFFER_KERNEL_MAP 0x20000000
typedef NTSTATUS (NTAPI LSA_CALLBACK_FUNCTION)( ULONG_PTR Argument1, ULONG_PTR Argument2, PSecBuffer InputBuffer, PSecBuffer OutputBuffer );
typedef LSA_CALLBACK_FUNCTION * PLSA_CALLBACK_FUNCTION ;
#define PRIMARY_CRED_CLEAR_PASSWORD 0x1
#define PRIMARY_CRED_OWF_PASSWORD 0x2
#define PRIMARY_CRED_UPDATE 0x4 // this is a change of existing creds
#define PRIMARY_CRED_CACHED_LOGON 0x8
#define PRIMARY_CRED_LOGON_PACKAGE_SHIFT 24
#define PRIMARY_CRED_PACKAGE_MASK 0xff000000
//
// For cached logons, the RPC id of the package doing the logon is identified
// by shifting the flags to the right by the PRIMARY_CRED_LOGON_PACKAGE_SHIFT.
//
typedef struct _SECPKG_PRIMARY_CRED { LUID LogonId; UNICODE_STRING DownlevelName; // Sam Account Name
UNICODE_STRING DomainName; // Netbios domain name where account is located
UNICODE_STRING Password; UNICODE_STRING OldPassword; PSID UserSid; ULONG Flags; UNICODE_STRING DnsDomainName; // DNS domain name where account is located (if known)
UNICODE_STRING Upn; // UPN of account (if known)
UNICODE_STRING LogonServer; UNICODE_STRING Spare1; UNICODE_STRING Spare2; UNICODE_STRING Spare3; UNICODE_STRING Spare4; } SECPKG_PRIMARY_CRED, *PSECPKG_PRIMARY_CRED;
//
// Maximum size of stored credentials.
//
#define MAX_CRED_SIZE 1024
// Values for MachineState
#define SECPKG_STATE_ENCRYPTION_PERMITTED 0x01
#define SECPKG_STATE_STRONG_ENCRYPTION_PERMITTED 0x02
#define SECPKG_STATE_DOMAIN_CONTROLLER 0x04
#define SECPKG_STATE_WORKSTATION 0x08
#define SECPKG_STATE_STANDALONE 0x10
typedef struct _SECPKG_PARAMETERS { ULONG Version; ULONG MachineState; ULONG SetupMode; PSID DomainSid; UNICODE_STRING DomainName; UNICODE_STRING DnsDomainName; GUID DomainGuid; } SECPKG_PARAMETERS, *PSECPKG_PARAMETERS;
//
// Extended Package information structures
//
typedef enum _SECPKG_EXTENDED_INFORMATION_CLASS { SecpkgGssInfo = 1, SecpkgContextThunks, SecpkgMutualAuthLevel, SecpkgWowClientDll, SecpkgExtraOids, SecpkgMaxInfo } SECPKG_EXTENDED_INFORMATION_CLASS ;
typedef struct _SECPKG_GSS_INFO { ULONG EncodedIdLength ; UCHAR EncodedId[4] ; } SECPKG_GSS_INFO, * PSECPKG_GSS_INFO ;
typedef struct _SECPKG_CONTEXT_THUNKS { ULONG InfoLevelCount ; ULONG Levels[1] ; } SECPKG_CONTEXT_THUNKS, *PSECPKG_CONTEXT_THUNKS ;
typedef struct _SECPKG_MUTUAL_AUTH_LEVEL { ULONG MutualAuthLevel ; } SECPKG_MUTUAL_AUTH_LEVEL, * PSECPKG_MUTUAL_AUTH_LEVEL ;
typedef struct _SECPKG_WOW_CLIENT_DLL { SECURITY_STRING WowClientDllPath; } SECPKG_WOW_CLIENT_DLL, * PSECPKG_WOW_CLIENT_DLL ;
#define SECPKG_MAX_OID_LENGTH 32
typedef struct _SECPKG_SERIALIZED_OID { ULONG OidLength ; ULONG OidAttributes ; UCHAR OidValue[ SECPKG_MAX_OID_LENGTH ]; } SECPKG_SERIALIZED_OID, * PSECPKG_SERIALIZED_OID ;
typedef struct _SECPKG_EXTRA_OIDS { ULONG OidCount ; SECPKG_SERIALIZED_OID Oids[ 1 ]; } SECPKG_EXTRA_OIDS, * PSECPKG_EXTRA_OIDS;
typedef struct _SECPKG_EXTENDED_INFORMATION { SECPKG_EXTENDED_INFORMATION_CLASS Class ; union { SECPKG_GSS_INFO GssInfo ; SECPKG_CONTEXT_THUNKS ContextThunks ; SECPKG_MUTUAL_AUTH_LEVEL MutualAuthLevel ; SECPKG_WOW_CLIENT_DLL WowClientDll ; SECPKG_EXTRA_OIDS ExtraOids ; } Info ; } SECPKG_EXTENDED_INFORMATION, * PSECPKG_EXTENDED_INFORMATION ;
#define SECPKG_ATTR_SASL_CONTEXT 0x00010000
typedef struct _SecPkgContext_SaslContext { PVOID SaslContext ; } SecPkgContext_SaslContext, * PSecPkgContext_SaslContext ;
//
// Setting this value as the first context thunk value will cause all
// calls to go to the LSA:
//
#define SECPKG_ATTR_THUNK_ALL 0x00010000
#ifndef SECURITY_USER_DATA_DEFINED
#define SECURITY_USER_DATA_DEFINED
typedef struct _SECURITY_USER_DATA { SECURITY_STRING UserName; // User name
SECURITY_STRING LogonDomainName; // Domain the user logged on to
SECURITY_STRING LogonServer; // Server that logged the user on
PSID pSid; // SID of user
} SECURITY_USER_DATA, *PSECURITY_USER_DATA;
typedef SECURITY_USER_DATA SecurityUserData, * PSecurityUserData;
#define UNDERSTANDS_LONG_NAMES 1
#define NO_LONG_NAMES 2
#endif // SECURITY_USER_DATA_DEFINED
//////////////////////////////////////////////////////////////////////////
//
// The following prototypes are to functions that are provided by the SPMgr
// to security packages.
//
//////////////////////////////////////////////////////////////////////////
typedef NTSTATUS (NTAPI LSA_IMPERSONATE_CLIENT) ( VOID );
typedef NTSTATUS (NTAPI LSA_UNLOAD_PACKAGE)( VOID );
typedef NTSTATUS (NTAPI LSA_DUPLICATE_HANDLE)( IN HANDLE SourceHandle, OUT PHANDLE DestionationHandle);
typedef NTSTATUS (NTAPI LSA_SAVE_SUPPLEMENTAL_CREDENTIALS)( IN PLUID LogonId, IN ULONG SupplementalCredSize, IN PVOID SupplementalCreds, IN BOOLEAN Synchronous );
typedef HANDLE (NTAPI LSA_CREATE_THREAD)( IN SEC_ATTRS SecurityAttributes, IN ULONG StackSize, IN SEC_THREAD_START StartFunction, IN PVOID ThreadParameter, IN ULONG CreationFlags, OUT PULONG ThreadId );
typedef NTSTATUS (NTAPI LSA_GET_CLIENT_INFO)( OUT PSECPKG_CLIENT_INFO ClientInfo );
typedef HANDLE (NTAPI LSA_REGISTER_NOTIFICATION)( IN SEC_THREAD_START StartFunction, IN PVOID Parameter, IN ULONG NotificationType, IN ULONG NotificationClass, IN ULONG NotificationFlags, IN ULONG IntervalMinutes, IN OPTIONAL HANDLE WaitEvent );
typedef NTSTATUS (NTAPI LSA_CANCEL_NOTIFICATION)( IN HANDLE NotifyHandle );
typedef NTSTATUS (NTAPI LSA_MAP_BUFFER)( IN PSecBuffer InputBuffer, OUT PSecBuffer OutputBuffer );
typedef NTSTATUS (NTAPI LSA_CREATE_TOKEN) ( IN PLUID LogonId, IN PTOKEN_SOURCE TokenSource, IN SECURITY_LOGON_TYPE LogonType, IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, IN LSA_TOKEN_INFORMATION_TYPE TokenInformationType, IN PVOID TokenInformation, IN PTOKEN_GROUPS TokenGroups, IN PUNICODE_STRING AccountName, IN PUNICODE_STRING AuthorityName, IN PUNICODE_STRING Workstation, IN PUNICODE_STRING ProfilePath, OUT PHANDLE Token, OUT PNTSTATUS SubStatus );
typedef enum _SECPKG_SESSIONINFO_TYPE { SecSessionPrimaryCred // SessionInformation is SECPKG_PRIMARY_CRED
} SECPKG_SESSIONINFO_TYPE ;
typedef NTSTATUS (NTAPI LSA_CREATE_TOKEN_EX) ( IN PLUID LogonId, IN PTOKEN_SOURCE TokenSource, IN SECURITY_LOGON_TYPE LogonType, IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, IN LSA_TOKEN_INFORMATION_TYPE TokenInformationType, IN PVOID TokenInformation, IN PTOKEN_GROUPS TokenGroups, IN PUNICODE_STRING Workstation, IN PUNICODE_STRING ProfilePath, IN PVOID SessionInformation, IN SECPKG_SESSIONINFO_TYPE SessionInformationType, OUT PHANDLE Token, OUT PNTSTATUS SubStatus );
typedef VOID (NTAPI LSA_AUDIT_LOGON) ( IN NTSTATUS Status, IN NTSTATUS SubStatus, IN PUNICODE_STRING AccountName, IN PUNICODE_STRING AuthenticatingAuthority, IN PUNICODE_STRING WorkstationName, IN OPTIONAL PSID UserSid, IN SECURITY_LOGON_TYPE LogonType, IN PTOKEN_SOURCE TokenSource, IN PLUID LogonId );
typedef NTSTATUS (NTAPI LSA_CALL_PACKAGE) ( IN PUNICODE_STRING AuthenticationPackage, IN PVOID ProtocolSubmitBuffer, IN ULONG SubmitBufferLength, OUT PVOID *ProtocolReturnBuffer, OUT PULONG ReturnBufferLength, OUT PNTSTATUS ProtocolStatus );
typedef NTSTATUS (NTAPI LSA_CALL_PACKAGEEX) ( IN PUNICODE_STRING AuthenticationPackage, IN PVOID ClientBufferBase, IN PVOID ProtocolSubmitBuffer, IN ULONG SubmitBufferLength, OUT PVOID *ProtocolReturnBuffer, OUT PULONG ReturnBufferLength, OUT PNTSTATUS ProtocolStatus );
typedef NTSTATUS (NTAPI LSA_CALL_PACKAGE_PASSTHROUGH) ( IN PUNICODE_STRING AuthenticationPackage, IN PVOID ClientBufferBase, IN PVOID ProtocolSubmitBuffer, IN ULONG SubmitBufferLength, OUT PVOID *ProtocolReturnBuffer, OUT PULONG ReturnBufferLength, OUT PNTSTATUS ProtocolStatus );
typedef BOOLEAN (NTAPI LSA_GET_CALL_INFO) ( OUT PSECPKG_CALL_INFO Info );
typedef PVOID (NTAPI LSA_CREATE_SHARED_MEMORY)( ULONG MaxSize, ULONG InitialSize );
typedef PVOID (NTAPI LSA_ALLOCATE_SHARED_MEMORY)( PVOID SharedMem, ULONG Size );
typedef VOID (NTAPI LSA_FREE_SHARED_MEMORY)( PVOID SharedMem, PVOID Memory );
typedef BOOLEAN (NTAPI LSA_DELETE_SHARED_MEMORY)( PVOID SharedMem );
//
// Account Access
//
typedef enum _SECPKG_NAME_TYPE { SecNameSamCompatible, SecNameAlternateId, SecNameFlat, SecNameDN } SECPKG_NAME_TYPE ;
typedef NTSTATUS (NTAPI LSA_OPEN_SAM_USER)( PSECURITY_STRING Name, SECPKG_NAME_TYPE NameType, PSECURITY_STRING Prefix, BOOLEAN AllowGuest, ULONG Reserved, PVOID * UserHandle );
typedef NTSTATUS (NTAPI LSA_GET_USER_CREDENTIALS)( PVOID UserHandle, PVOID * PrimaryCreds, PULONG PrimaryCredsSize, PVOID * SupplementalCreds, PULONG SupplementalCredsSize );
typedef NTSTATUS (NTAPI LSA_GET_USER_AUTH_DATA)( PVOID UserHandle, PUCHAR * UserAuthData, PULONG UserAuthDataSize );
typedef NTSTATUS (NTAPI LSA_CLOSE_SAM_USER)( PVOID UserHandle );
typedef NTSTATUS (NTAPI LSA_GET_AUTH_DATA_FOR_USER)( PSECURITY_STRING Name, SECPKG_NAME_TYPE NameType, PSECURITY_STRING Prefix, PUCHAR * UserAuthData, PULONG UserAuthDataSize, PUNICODE_STRING UserFlatName );
typedef NTSTATUS (NTAPI LSA_CONVERT_AUTH_DATA_TO_TOKEN)( IN PVOID UserAuthData, IN ULONG UserAuthDataSize, IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel, IN PTOKEN_SOURCE TokenSource, IN SECURITY_LOGON_TYPE LogonType, IN PUNICODE_STRING AuthorityName, OUT PHANDLE Token, OUT PLUID LogonId, OUT PUNICODE_STRING AccountName, OUT PNTSTATUS SubStatus );
typedef NTSTATUS (NTAPI LSA_CRACK_SINGLE_NAME)( IN ULONG FormatOffered, IN BOOLEAN PerformAtGC, IN PUNICODE_STRING NameInput, IN PUNICODE_STRING Prefix OPTIONAL, IN ULONG RequestedFormat, OUT PUNICODE_STRING CrackedName, OUT PUNICODE_STRING DnsDomainName, OUT PULONG SubStatus );
typedef NTSTATUS (NTAPI LSA_AUDIT_ACCOUNT_LOGON)( IN ULONG AuditId, IN BOOLEAN Success, IN PUNICODE_STRING Source, IN PUNICODE_STRING ClientName, IN PUNICODE_STRING MappedName, IN NTSTATUS Status );
typedef NTSTATUS (NTAPI LSA_CLIENT_CALLBACK)( PCHAR Callback, ULONG_PTR Argument1, ULONG_PTR Argument2, PSecBuffer Input, PSecBuffer Output );
typedef NTSTATUS (NTAPI LSA_REGISTER_CALLBACK)( ULONG CallbackId, PLSA_CALLBACK_FUNCTION Callback );
#define NOTIFIER_FLAG_NEW_THREAD 0x00000001
#define NOTIFIER_FLAG_ONE_SHOT 0x00000002
#define NOTIFIER_FLAG_SECONDS 0x80000000
#define NOTIFIER_TYPE_INTERVAL 1
#define NOTIFIER_TYPE_HANDLE_WAIT 2
#define NOTIFIER_TYPE_STATE_CHANGE 3
#define NOTIFIER_TYPE_NOTIFY_EVENT 4
#define NOTIFIER_TYPE_IMMEDIATE 16
#define NOTIFY_CLASS_PACKAGE_CHANGE 1
#define NOTIFY_CLASS_ROLE_CHANGE 2
#define NOTIFY_CLASS_DOMAIN_CHANGE 3
#define NOTIFY_CLASS_REGISTRY_CHANGE 4
typedef struct _SECPKG_EVENT_PACKAGE_CHANGE { ULONG ChangeType; LSA_SEC_HANDLE PackageId; SECURITY_STRING PackageName; } SECPKG_EVENT_PACKAGE_CHANGE, * PSECPKG_EVENT_PACKAGE_CHANGE ;
#define SECPKG_PACKAGE_CHANGE_LOAD 0
#define SECPKG_PACKAGE_CHANGE_UNLOAD 1
#define SECPKG_PACKAGE_CHANGE_SELECT 2
typedef struct _SECPKG_EVENT_ROLE_CHANGE { ULONG PreviousRole ; ULONG NewRole ; } SECPKG_EVENT_ROLE_CHANGE, * PSECPKG_EVENT_ROLE_CHANGE ;
typedef struct _SECPKG_PARAMETERS SECPKG_EVENT_DOMAIN_CHANGE ; typedef struct _SECPKG_PARAMETERS * PSECPKG_EVENT_DOMAIN_CHANGE ;
typedef struct _SECPKG_EVENT_NOTIFY { ULONG EventClass; ULONG Reserved; ULONG EventDataSize; PVOID EventData; PVOID PackageParameter; } SECPKG_EVENT_NOTIFY, *PSECPKG_EVENT_NOTIFY ;
typedef NTSTATUS (NTAPI LSA_UPDATE_PRIMARY_CREDENTIALS)( IN PSECPKG_PRIMARY_CRED PrimaryCredentials, IN OPTIONAL PSECPKG_SUPPLEMENTAL_CRED_ARRAY Credentials );
typedef VOID (NTAPI LSA_PROTECT_MEMORY)( IN PVOID Buffer, IN ULONG BufferSize );
typedef NTSTATUS (NTAPI LSA_OPEN_TOKEN_BY_LOGON_ID)( IN PLUID LogonId, OUT HANDLE *RetTokenHandle );
typedef NTSTATUS (NTAPI LSA_EXPAND_AUTH_DATA_FOR_DOMAIN)( IN PUCHAR UserAuthData, IN ULONG UserAuthDataSize, IN PVOID Reserved, OUT PUCHAR * ExpandedAuthData, OUT PULONG ExpandedAuthDataSize );
typedef LSA_IMPERSONATE_CLIENT * PLSA_IMPERSONATE_CLIENT; typedef LSA_UNLOAD_PACKAGE * PLSA_UNLOAD_PACKAGE; typedef LSA_DUPLICATE_HANDLE * PLSA_DUPLICATE_HANDLE ; typedef LSA_SAVE_SUPPLEMENTAL_CREDENTIALS * PLSA_SAVE_SUPPLEMENTAL_CREDENTIALS; typedef LSA_CREATE_THREAD * PLSA_CREATE_THREAD; typedef LSA_GET_CLIENT_INFO * PLSA_GET_CLIENT_INFO; typedef LSA_REGISTER_NOTIFICATION * PLSA_REGISTER_NOTIFICATION; typedef LSA_CANCEL_NOTIFICATION * PLSA_CANCEL_NOTIFICATION; typedef LSA_MAP_BUFFER * PLSA_MAP_BUFFER; typedef LSA_CREATE_TOKEN * PLSA_CREATE_TOKEN; typedef LSA_AUDIT_LOGON * PLSA_AUDIT_LOGON; typedef LSA_CALL_PACKAGE * PLSA_CALL_PACKAGE; typedef LSA_CALL_PACKAGEEX * PLSA_CALL_PACKAGEEX; typedef LSA_GET_CALL_INFO * PLSA_GET_CALL_INFO ; typedef LSA_CREATE_SHARED_MEMORY * PLSA_CREATE_SHARED_MEMORY ; typedef LSA_ALLOCATE_SHARED_MEMORY * PLSA_ALLOCATE_SHARED_MEMORY ; typedef LSA_FREE_SHARED_MEMORY * PLSA_FREE_SHARED_MEMORY ; typedef LSA_DELETE_SHARED_MEMORY * PLSA_DELETE_SHARED_MEMORY ; typedef LSA_OPEN_SAM_USER * PLSA_OPEN_SAM_USER ; typedef LSA_GET_USER_CREDENTIALS * PLSA_GET_USER_CREDENTIALS ; typedef LSA_GET_USER_AUTH_DATA * PLSA_GET_USER_AUTH_DATA ; typedef LSA_CLOSE_SAM_USER * PLSA_CLOSE_SAM_USER ; typedef LSA_CONVERT_AUTH_DATA_TO_TOKEN * PLSA_CONVERT_AUTH_DATA_TO_TOKEN ; typedef LSA_CLIENT_CALLBACK * PLSA_CLIENT_CALLBACK ; typedef LSA_REGISTER_CALLBACK * PLSA_REGISTER_CALLBACK ; typedef LSA_UPDATE_PRIMARY_CREDENTIALS * PLSA_UPDATE_PRIMARY_CREDENTIALS; typedef LSA_GET_AUTH_DATA_FOR_USER * PLSA_GET_AUTH_DATA_FOR_USER ; typedef LSA_CRACK_SINGLE_NAME * PLSA_CRACK_SINGLE_NAME ; typedef LSA_AUDIT_ACCOUNT_LOGON * PLSA_AUDIT_ACCOUNT_LOGON ; typedef LSA_CALL_PACKAGE_PASSTHROUGH * PLSA_CALL_PACKAGE_PASSTHROUGH; typedef LSA_PROTECT_MEMORY * PLSA_PROTECT_MEMORY; typedef LSA_OPEN_TOKEN_BY_LOGON_ID * PLSA_OPEN_TOKEN_BY_LOGON_ID; typedef LSA_EXPAND_AUTH_DATA_FOR_DOMAIN * PLSA_EXPAND_AUTH_DATA_FOR_DOMAIN; typedef LSA_CREATE_TOKEN_EX * PLSA_CREATE_TOKEN_EX;
#ifdef _WINCRED_H_
//
// When passing a credential around, the CredentialBlob field is encrypted.
// This structure describes this encrypted form.
//
//
#ifndef _ENCRYPTED_CREDENTIAL_DEFINED
#define _ENCRYPTED_CREDENTIAL_DEFINED
typedef struct _ENCRYPTED_CREDENTIALW {
//
// The credential
//
// The CredentialBlob field points to the encrypted credential
// The CredentialBlobSize field is the length (in bytes) of the encrypted credential
//
CREDENTIALW Cred;
//
// The size in bytes of the clear text credential blob
//
ULONG ClearCredentialBlobSize; } ENCRYPTED_CREDENTIALW, *PENCRYPTED_CREDENTIALW; #endif // _ENCRYPTED_CREDENTIAL_DEFINED
//
// Values for CredFlags parameter
//
#define CREDP_FLAGS_IN_PROCESS 0x01 // Caller is in-process. Password data may be returned
#define CREDP_FLAGS_USE_MIDL_HEAP 0x02 // Allocated buffer should use MIDL_user_allocte
#define CREDP_FLAGS_DONT_CACHE_TI 0x04 // TargetInformation shouldn't be cached for CredGetTargetInfo
#define CREDP_FLAGS_CLEAR_PASSWORD 0x08 // Credential blob is passed in in-the-clear
typedef NTSTATUS (NTAPI CredReadFn) ( IN PLUID LogonId, IN ULONG CredFlags, IN LPWSTR TargetName, IN ULONG Type, IN ULONG Flags, OUT PENCRYPTED_CREDENTIALW *Credential );
typedef NTSTATUS (NTAPI CredReadDomainCredentialsFn) ( IN PLUID LogonId, IN ULONG CredFlags, IN PCREDENTIAL_TARGET_INFORMATIONW TargetInfo, IN ULONG Flags, OUT PULONG Count, OUT PENCRYPTED_CREDENTIALW **Credential );
typedef VOID (NTAPI CredFreeCredentialsFn) ( IN ULONG Count, IN PENCRYPTED_CREDENTIALW *Credentials OPTIONAL );
NTSTATUS CredMarshalTargetInfo ( IN PCREDENTIAL_TARGET_INFORMATIONW InTargetInfo, OUT PUSHORT *Buffer, OUT PULONG BufferSize );
NTSTATUS CredUnmarshalTargetInfo ( IN PUSHORT Buffer, IN ULONG BufferSize, OUT PCREDENTIAL_TARGET_INFORMATIONW *RetTargetInfo );
#endif // _WINCRED_H_
//
// Pure 32-bit versions of credential structures for packages
// running wow64:
//
typedef struct _SEC_WINNT_AUTH_IDENTITY32 { ULONG User ; ULONG UserLength ; ULONG Domain ; ULONG DomainLength ; ULONG Password ; ULONG PasswordLength ; ULONG Flags ; } SEC_WINNT_AUTH_IDENTITY32, * PSEC_WINNT_AUTH_IDENTITY32 ;
typedef struct _SEC_WINNT_AUTH_IDENTITY_EX32 { ULONG Version ; ULONG Length ; ULONG User ; ULONG UserLength ; ULONG Domain ; ULONG DomainLength ; ULONG Password ; ULONG PasswordLength ; ULONG Flags ; ULONG PackageList ; ULONG PackageListLength ; } SEC_WINNT_AUTH_IDENTITY_EX32, * PSEC_WINNT_AUTH_IDENTITY_EX32 ;
// Functions provided by the SPM to the packages:
typedef struct _LSA_SECPKG_FUNCTION_TABLE { PLSA_CREATE_LOGON_SESSION CreateLogonSession; PLSA_DELETE_LOGON_SESSION DeleteLogonSession; PLSA_ADD_CREDENTIAL AddCredential; PLSA_GET_CREDENTIALS GetCredentials; PLSA_DELETE_CREDENTIAL DeleteCredential; PLSA_ALLOCATE_LSA_HEAP AllocateLsaHeap; PLSA_FREE_LSA_HEAP FreeLsaHeap; PLSA_ALLOCATE_CLIENT_BUFFER AllocateClientBuffer; PLSA_FREE_CLIENT_BUFFER FreeClientBuffer; PLSA_COPY_TO_CLIENT_BUFFER CopyToClientBuffer; PLSA_COPY_FROM_CLIENT_BUFFER CopyFromClientBuffer; PLSA_IMPERSONATE_CLIENT ImpersonateClient; PLSA_UNLOAD_PACKAGE UnloadPackage; PLSA_DUPLICATE_HANDLE DuplicateHandle; PLSA_SAVE_SUPPLEMENTAL_CREDENTIALS SaveSupplementalCredentials; PLSA_CREATE_THREAD CreateThread; PLSA_GET_CLIENT_INFO GetClientInfo; PLSA_REGISTER_NOTIFICATION RegisterNotification; PLSA_CANCEL_NOTIFICATION CancelNotification; PLSA_MAP_BUFFER MapBuffer; PLSA_CREATE_TOKEN CreateToken; PLSA_AUDIT_LOGON AuditLogon; PLSA_CALL_PACKAGE CallPackage; PLSA_FREE_LSA_HEAP FreeReturnBuffer; PLSA_GET_CALL_INFO GetCallInfo; PLSA_CALL_PACKAGEEX CallPackageEx; PLSA_CREATE_SHARED_MEMORY CreateSharedMemory; PLSA_ALLOCATE_SHARED_MEMORY AllocateSharedMemory; PLSA_FREE_SHARED_MEMORY FreeSharedMemory; PLSA_DELETE_SHARED_MEMORY DeleteSharedMemory; PLSA_OPEN_SAM_USER OpenSamUser ; PLSA_GET_USER_CREDENTIALS GetUserCredentials ; PLSA_GET_USER_AUTH_DATA GetUserAuthData ; PLSA_CLOSE_SAM_USER CloseSamUser ; PLSA_CONVERT_AUTH_DATA_TO_TOKEN ConvertAuthDataToToken ; PLSA_CLIENT_CALLBACK ClientCallback ; PLSA_UPDATE_PRIMARY_CREDENTIALS UpdateCredentials ; PLSA_GET_AUTH_DATA_FOR_USER GetAuthDataForUser ; PLSA_CRACK_SINGLE_NAME CrackSingleName ; PLSA_AUDIT_ACCOUNT_LOGON AuditAccountLogon ; PLSA_CALL_PACKAGE_PASSTHROUGH CallPackagePassthrough ; #ifdef _WINCRED_H_
CredReadFn *CrediRead; CredReadDomainCredentialsFn *CrediReadDomainCredentials; CredFreeCredentialsFn *CrediFreeCredentials; #else // _WINCRED_H_
PLSA_PROTECT_MEMORY DummyFunction1; PLSA_PROTECT_MEMORY DummyFunction2; PLSA_PROTECT_MEMORY DummyFunction3; #endif // _WINCRED_H_
PLSA_PROTECT_MEMORY LsaProtectMemory; PLSA_PROTECT_MEMORY LsaUnprotectMemory; PLSA_OPEN_TOKEN_BY_LOGON_ID OpenTokenByLogonId; PLSA_EXPAND_AUTH_DATA_FOR_DOMAIN ExpandAuthDataForDomain; PLSA_ALLOCATE_PRIVATE_HEAP AllocatePrivateHeap; PLSA_FREE_PRIVATE_HEAP FreePrivateHeap; PLSA_CREATE_TOKEN_EX CreateTokenEx; } LSA_SECPKG_FUNCTION_TABLE, *PLSA_SECPKG_FUNCTION_TABLE;
typedef struct _SECPKG_DLL_FUNCTIONS { PLSA_ALLOCATE_LSA_HEAP AllocateHeap; PLSA_FREE_LSA_HEAP FreeHeap; PLSA_REGISTER_CALLBACK RegisterCallback ; } SECPKG_DLL_FUNCTIONS, * PSECPKG_DLL_FUNCTIONS;
//
// The following prototypes are to functions that will be called only while
// in the Security Package Manager context.
//
typedef NTSTATUS (NTAPI SpInitializeFn)( IN ULONG_PTR PackageId, IN PSECPKG_PARAMETERS Parameters, IN PLSA_SECPKG_FUNCTION_TABLE FunctionTable );
typedef NTSTATUS (NTAPI SpShutdownFn)( VOID );
typedef NTSTATUS (NTAPI SpGetInfoFn)( OUT PSecPkgInfo PackageInfo );
typedef NTSTATUS (NTAPI SpGetExtendedInformationFn)( IN SECPKG_EXTENDED_INFORMATION_CLASS Class, OUT PSECPKG_EXTENDED_INFORMATION * ppInformation );
typedef NTSTATUS (NTAPI SpSetExtendedInformationFn)( IN SECPKG_EXTENDED_INFORMATION_CLASS Class, IN PSECPKG_EXTENDED_INFORMATION Info );
typedef NTSTATUS (LSA_AP_LOGON_USER_EX2) ( IN PLSA_CLIENT_REQUEST ClientRequest, IN SECURITY_LOGON_TYPE LogonType, IN PVOID AuthenticationInformation, IN PVOID ClientAuthenticationBase, IN ULONG AuthenticationInformationLength, OUT PVOID *ProfileBuffer, OUT PULONG ProfileBufferLength, OUT PLUID LogonId, OUT PNTSTATUS SubStatus, OUT PLSA_TOKEN_INFORMATION_TYPE TokenInformationType, OUT PVOID *TokenInformation, OUT PUNICODE_STRING *AccountName, OUT PUNICODE_STRING *AuthenticatingAuthority, OUT PUNICODE_STRING *MachineName, OUT PSECPKG_PRIMARY_CRED PrimaryCredentials, OUT PSECPKG_SUPPLEMENTAL_CRED_ARRAY * CachedCredentials );
typedef LSA_AP_LOGON_USER_EX2 *PLSA_AP_LOGON_USER_EX2; #define LSA_AP_NAME_LOGON_USER_EX2 "LsaApLogonUserEx2\0"
typedef NTSTATUS (NTAPI SpAcceptCredentialsFn)( IN SECURITY_LOGON_TYPE LogonType, IN PUNICODE_STRING AccountName, IN PSECPKG_PRIMARY_CRED PrimaryCredentials, IN PSECPKG_SUPPLEMENTAL_CRED SupplementalCredentials ); #define SP_ACCEPT_CREDENTIALS_NAME "SpAcceptCredentials\0"
typedef NTSTATUS (NTAPI SpAcquireCredentialsHandleFn)( IN OPTIONAL PUNICODE_STRING PrincipalName, IN ULONG CredentialUseFlags, IN OPTIONAL PLUID LogonId, IN PVOID AuthorizationData, IN PVOID GetKeyFunciton, IN PVOID GetKeyArgument, OUT PLSA_SEC_HANDLE CredentialHandle, OUT PTimeStamp ExpirationTime );
typedef NTSTATUS (NTAPI SpFreeCredentialsHandleFn)( IN LSA_SEC_HANDLE CredentialHandle );
typedef NTSTATUS (NTAPI SpQueryCredentialsAttributesFn)( IN LSA_SEC_HANDLE CredentialHandle, IN ULONG CredentialAttribute, IN OUT PVOID Buffer );
typedef NTSTATUS (NTAPI SpAddCredentialsFn)( IN LSA_SEC_HANDLE CredentialHandle, IN OPTIONAL PUNICODE_STRING PrincipalName, IN PUNICODE_STRING Package, IN ULONG CredentialUseFlags, IN PVOID AuthorizationData, IN PVOID GetKeyFunciton, IN PVOID GetKeyArgument, OUT PTimeStamp ExpirationTime );
typedef NTSTATUS (NTAPI SpSaveCredentialsFn)( IN LSA_SEC_HANDLE CredentialHandle, IN PSecBuffer Credentials);
typedef NTSTATUS (NTAPI SpGetCredentialsFn)( IN LSA_SEC_HANDLE CredentialHandle, IN OUT PSecBuffer Credentials );
typedef NTSTATUS (NTAPI SpDeleteCredentialsFn)( IN LSA_SEC_HANDLE CredentialHandle, IN PSecBuffer Key );
typedef NTSTATUS (NTAPI SpInitLsaModeContextFn)( IN OPTIONAL LSA_SEC_HANDLE CredentialHandle, IN OPTIONAL LSA_SEC_HANDLE ContextHandle, IN OPTIONAL PUNICODE_STRING TargetName, IN ULONG ContextRequirements, IN ULONG TargetDataRep, IN PSecBufferDesc InputBuffers, OUT PLSA_SEC_HANDLE NewContextHandle, IN OUT PSecBufferDesc OutputBuffers, OUT PULONG ContextAttributes, OUT PTimeStamp ExpirationTime, OUT PBOOLEAN MappedContext, OUT PSecBuffer ContextData );
typedef NTSTATUS (NTAPI SpDeleteContextFn)( IN LSA_SEC_HANDLE ContextHandle );
typedef NTSTATUS (NTAPI SpApplyControlTokenFn)( IN LSA_SEC_HANDLE ContextHandle, IN PSecBufferDesc ControlToken);
typedef NTSTATUS (NTAPI SpAcceptLsaModeContextFn)( IN OPTIONAL LSA_SEC_HANDLE CredentialHandle, IN OPTIONAL LSA_SEC_HANDLE ContextHandle, IN PSecBufferDesc InputBuffer, IN ULONG ContextRequirements, IN ULONG TargetDataRep, OUT PLSA_SEC_HANDLE NewContextHandle, OUT PSecBufferDesc OutputBuffer, OUT PULONG ContextAttributes, OUT PTimeStamp ExpirationTime, OUT PBOOLEAN MappedContext, OUT PSecBuffer ContextData );
typedef NTSTATUS (NTAPI SpGetUserInfoFn)( IN PLUID LogonId, IN ULONG Flags, OUT PSecurityUserData * UserData );
typedef NTSTATUS (NTAPI SpQueryContextAttributesFn)( IN LSA_SEC_HANDLE ContextHandle, IN ULONG ContextAttribute, IN OUT PVOID Buffer);
typedef NTSTATUS (NTAPI SpSetContextAttributesFn)( IN LSA_SEC_HANDLE ContextHandle, IN ULONG ContextAttribute, IN PVOID Buffer, IN ULONG BufferSize );
typedef struct _SECPKG_FUNCTION_TABLE { PLSA_AP_INITIALIZE_PACKAGE InitializePackage; PLSA_AP_LOGON_USER LogonUser; PLSA_AP_CALL_PACKAGE CallPackage; PLSA_AP_LOGON_TERMINATED LogonTerminated; PLSA_AP_CALL_PACKAGE_UNTRUSTED CallPackageUntrusted; PLSA_AP_CALL_PACKAGE_PASSTHROUGH CallPackagePassthrough; PLSA_AP_LOGON_USER_EX LogonUserEx; PLSA_AP_LOGON_USER_EX2 LogonUserEx2; SpInitializeFn * Initialize; SpShutdownFn * Shutdown; SpGetInfoFn * GetInfo; SpAcceptCredentialsFn * AcceptCredentials; SpAcquireCredentialsHandleFn * AcquireCredentialsHandle; SpQueryCredentialsAttributesFn * QueryCredentialsAttributes; SpFreeCredentialsHandleFn * FreeCredentialsHandle; SpSaveCredentialsFn * SaveCredentials; SpGetCredentialsFn * GetCredentials; SpDeleteCredentialsFn * DeleteCredentials; SpInitLsaModeContextFn * InitLsaModeContext; SpAcceptLsaModeContextFn * AcceptLsaModeContext; SpDeleteContextFn * DeleteContext; SpApplyControlTokenFn * ApplyControlToken; SpGetUserInfoFn * GetUserInfo; SpGetExtendedInformationFn * GetExtendedInformation ; SpQueryContextAttributesFn * QueryContextAttributes ; SpAddCredentialsFn * AddCredentials ; SpSetExtendedInformationFn * SetExtendedInformation ; SpSetContextAttributesFn * SetContextAttributes ; } SECPKG_FUNCTION_TABLE, *PSECPKG_FUNCTION_TABLE;
//
// The following prototypes are to functions that will be called while in the
// context of a user process that is using the functions through the security
// DLL.
//
typedef NTSTATUS (NTAPI SpInstanceInitFn)( IN ULONG Version, IN PSECPKG_DLL_FUNCTIONS FunctionTable, OUT PVOID * UserFunctions );
typedef NTSTATUS (NTAPI SpInitUserModeContextFn)( IN LSA_SEC_HANDLE ContextHandle, IN PSecBuffer PackedContext );
typedef NTSTATUS (NTAPI SpMakeSignatureFn)( IN LSA_SEC_HANDLE ContextHandle, IN ULONG QualityOfProtection, IN PSecBufferDesc MessageBuffers, IN ULONG MessageSequenceNumber );
typedef NTSTATUS (NTAPI SpVerifySignatureFn)( IN LSA_SEC_HANDLE ContextHandle, IN PSecBufferDesc MessageBuffers, IN ULONG MessageSequenceNumber, OUT PULONG QualityOfProtection );
typedef NTSTATUS (NTAPI SpSealMessageFn)( IN LSA_SEC_HANDLE ContextHandle, IN ULONG QualityOfProtection, IN PSecBufferDesc MessageBuffers, IN ULONG MessageSequenceNumber );
typedef NTSTATUS (NTAPI SpUnsealMessageFn)( IN LSA_SEC_HANDLE ContextHandle, IN PSecBufferDesc MessageBuffers, IN ULONG MessageSequenceNumber, OUT PULONG QualityOfProtection );
typedef NTSTATUS (NTAPI SpGetContextTokenFn)( IN LSA_SEC_HANDLE ContextHandle, OUT PHANDLE ImpersonationToken );
typedef NTSTATUS (NTAPI SpExportSecurityContextFn)( LSA_SEC_HANDLE phContext, // (in) context to export
ULONG fFlags, // (in) option flags
PSecBuffer pPackedContext, // (out) marshalled context
PHANDLE pToken // (out, optional) token handle for impersonation
);
typedef NTSTATUS (NTAPI SpImportSecurityContextFn)( PSecBuffer pPackedContext, // (in) marshalled context
HANDLE Token, // (in, optional) handle to token for context
PLSA_SEC_HANDLE phContext // (out) new context handle
);
typedef NTSTATUS (NTAPI SpCompleteAuthTokenFn)( IN LSA_SEC_HANDLE ContextHandle, IN PSecBufferDesc InputBuffer );
typedef NTSTATUS (NTAPI SpFormatCredentialsFn)( IN PSecBuffer Credentials, OUT PSecBuffer FormattedCredentials );
typedef NTSTATUS (NTAPI SpMarshallSupplementalCredsFn)( IN ULONG CredentialSize, IN PUCHAR Credentials, OUT PULONG MarshalledCredSize, OUT PVOID * MarshalledCreds);
typedef struct _SECPKG_USER_FUNCTION_TABLE { SpInstanceInitFn * InstanceInit; SpInitUserModeContextFn * InitUserModeContext; SpMakeSignatureFn * MakeSignature; SpVerifySignatureFn * VerifySignature; SpSealMessageFn * SealMessage; SpUnsealMessageFn * UnsealMessage; SpGetContextTokenFn * GetContextToken; SpQueryContextAttributesFn * QueryContextAttributes; SpCompleteAuthTokenFn * CompleteAuthToken; SpDeleteContextFn * DeleteUserModeContext; SpFormatCredentialsFn * FormatCredentials; SpMarshallSupplementalCredsFn * MarshallSupplementalCreds; SpExportSecurityContextFn * ExportContext; SpImportSecurityContextFn * ImportContext; } SECPKG_USER_FUNCTION_TABLE, *PSECPKG_USER_FUNCTION_TABLE;
typedef NTSTATUS (SEC_ENTRY * SpLsaModeInitializeFn)( IN ULONG LsaVersion, OUT PULONG PackageVersion, OUT PSECPKG_FUNCTION_TABLE * ppTables, OUT PULONG pcTables);
typedef NTSTATUS (SEC_ENTRY * SpUserModeInitializeFn)( IN ULONG LsaVersion, OUT PULONG PackageVersion, OUT PSECPKG_USER_FUNCTION_TABLE *ppTables, OUT PULONG pcTables );
#define SECPKG_LSAMODEINIT_NAME "SpLsaModeInitialize"
#define SECPKG_USERMODEINIT_NAME "SpUserModeInitialize"
//
// Version of the security package interface.
//
// These define are used for all of the following:
// * Passed by the LSA to SpLsaModeInitializeFn to indicate the version of the LSA.
// All packages currently expect the LSA to pass SECPKG_INTERFACE_VERSION.
// * Passed by secur32.dll to SpUserModeInitialzeFn to indicate the version of the secur32 DLL.
// All packages currently expect secur32 to pass SECPKG_INTERFACE_VERSION.
// * Returned from SpLsaModeInitializeFn to indicate the version of SECPKG_FUNCTION_TABLE.
// SECPKG_INTERFACE_VERSION indicates all fields through SetExtendedInformation are defined (potentially to NULL)
// SECPKG_INTERFACE_VERSION_2 indicates all fields through SetContextAttributes are defined (potentially to NULL)
// * Returned from SpUserModeInitializeFn to indicate the version of the auth package.
// All packages currently return SECPKG_INTERFACE_VERSION
//
#define SECPKG_INTERFACE_VERSION 0x00010000
#define SECPKG_INTERFACE_VERSION_2 0x00020000
typedef enum _KSEC_CONTEXT_TYPE { KSecPaged, KSecNonPaged } KSEC_CONTEXT_TYPE ;
typedef struct _KSEC_LIST_ENTRY { LIST_ENTRY List ; LONG RefCount ; ULONG Signature ; PVOID OwningList ; PVOID Reserved ; } KSEC_LIST_ENTRY, * PKSEC_LIST_ENTRY ;
#define KsecInitializeListEntry( Entry, SigValue ) \
((PKSEC_LIST_ENTRY) Entry)->List.Flink = ((PKSEC_LIST_ENTRY) Entry)->List.Blink = NULL ; \ ((PKSEC_LIST_ENTRY) Entry)->RefCount = 1 ; \ ((PKSEC_LIST_ENTRY) Entry)->Signature = SigValue ; \ ((PKSEC_LIST_ENTRY) Entry)->OwningList = NULL ; \ ((PKSEC_LIST_ENTRY) Entry)->Reserved = NULL ;
typedef PVOID (SEC_ENTRY KSEC_CREATE_CONTEXT_LIST)( IN KSEC_CONTEXT_TYPE Type );
typedef VOID (SEC_ENTRY KSEC_INSERT_LIST_ENTRY)( IN PVOID List, IN PKSEC_LIST_ENTRY Entry );
typedef NTSTATUS (SEC_ENTRY KSEC_REFERENCE_LIST_ENTRY)( IN PKSEC_LIST_ENTRY Entry, IN ULONG Signature, IN BOOLEAN RemoveNoRef );
typedef VOID (SEC_ENTRY KSEC_DEREFERENCE_LIST_ENTRY)( IN PKSEC_LIST_ENTRY Entry, OUT BOOLEAN * Delete OPTIONAL );
typedef NTSTATUS (SEC_ENTRY KSEC_SERIALIZE_WINNT_AUTH_DATA)( IN PVOID pvAuthData, OUT PULONG Size, OUT PVOID * SerializedData );
#ifndef MIDL_PASS
KSEC_CREATE_CONTEXT_LIST KSecCreateContextList ; KSEC_INSERT_LIST_ENTRY KSecInsertListEntry ; KSEC_REFERENCE_LIST_ENTRY KSecReferenceListEntry ; KSEC_DEREFERENCE_LIST_ENTRY KSecDereferenceListEntry ; KSEC_SERIALIZE_WINNT_AUTH_DATA KSecSerializeWinntAuthData ;
#endif // not valid for MIDL_PASS
typedef KSEC_CREATE_CONTEXT_LIST * PKSEC_CREATE_CONTEXT_LIST ; typedef KSEC_INSERT_LIST_ENTRY * PKSEC_INSERT_LIST_ENTRY ; typedef KSEC_REFERENCE_LIST_ENTRY * PKSEC_REFERENCE_LIST_ENTRY ; typedef KSEC_DEREFERENCE_LIST_ENTRY * PKSEC_DEREFERENCE_LIST_ENTRY ; typedef KSEC_SERIALIZE_WINNT_AUTH_DATA * PKSEC_SERIALIZE_WINNT_AUTH_DATA ;
typedef struct _SECPKG_KERNEL_FUNCTIONS { PLSA_ALLOCATE_LSA_HEAP AllocateHeap; PLSA_FREE_LSA_HEAP FreeHeap; PKSEC_CREATE_CONTEXT_LIST CreateContextList ; PKSEC_INSERT_LIST_ENTRY InsertListEntry ; PKSEC_REFERENCE_LIST_ENTRY ReferenceListEntry ; PKSEC_DEREFERENCE_LIST_ENTRY DereferenceListEntry ; PKSEC_SERIALIZE_WINNT_AUTH_DATA SerializeWinntAuthData ; } SECPKG_KERNEL_FUNCTIONS, *PSECPKG_KERNEL_FUNCTIONS;
typedef NTSTATUS (NTAPI KspInitPackageFn)( PSECPKG_KERNEL_FUNCTIONS FunctionTable );
typedef NTSTATUS (NTAPI KspDeleteContextFn)( IN LSA_SEC_HANDLE ContextId, OUT PLSA_SEC_HANDLE LsaContextId );
typedef NTSTATUS (NTAPI KspInitContextFn)( IN LSA_SEC_HANDLE ContextId, IN PSecBuffer ContextData, OUT PLSA_SEC_HANDLE NewContextId );
typedef NTSTATUS (NTAPI KspMakeSignatureFn)( IN LSA_SEC_HANDLE ContextId, IN ULONG fQOP, IN OUT PSecBufferDesc Message, IN ULONG MessageSeqNo );
typedef NTSTATUS (NTAPI KspVerifySignatureFn)( IN LSA_SEC_HANDLE ContextId, IN OUT PSecBufferDesc Message, IN ULONG MessageSeqNo, OUT PULONG pfQOP );
typedef NTSTATUS (NTAPI KspSealMessageFn)( IN LSA_SEC_HANDLE ContextId, IN ULONG fQOP, IN OUT PSecBufferDesc Message, IN ULONG MessageSeqNo );
typedef NTSTATUS (NTAPI KspUnsealMessageFn)( IN LSA_SEC_HANDLE ContextId, IN OUT PSecBufferDesc Message, IN ULONG MessageSeqNo, OUT PULONG pfQOP );
typedef NTSTATUS (NTAPI KspGetTokenFn)( IN LSA_SEC_HANDLE ContextId, OUT PHANDLE ImpersonationToken, OUT OPTIONAL PACCESS_TOKEN * RawToken );
typedef NTSTATUS (NTAPI KspQueryAttributesFn)( IN LSA_SEC_HANDLE ContextId, IN ULONG Attribute, IN OUT PVOID Buffer );
typedef NTSTATUS (NTAPI KspCompleteTokenFn)( IN LSA_SEC_HANDLE ContextId, IN PSecBufferDesc Token );
typedef NTSTATUS (NTAPI KspMapHandleFn)( IN LSA_SEC_HANDLE ContextId, OUT PLSA_SEC_HANDLE LsaContextId );
typedef NTSTATUS (NTAPI KspSetPagingModeFn)( IN BOOLEAN PagingMode );
typedef NTSTATUS (NTAPI KspSerializeAuthDataFn)( IN PVOID pvAuthData, OUT PULONG Size, OUT PVOID * SerializedData );
typedef struct _SECPKG_KERNEL_FUNCTION_TABLE { KspInitPackageFn * Initialize; KspDeleteContextFn * DeleteContext; KspInitContextFn * InitContext; KspMapHandleFn * MapHandle; KspMakeSignatureFn * Sign; KspVerifySignatureFn * Verify; KspSealMessageFn * Seal; KspUnsealMessageFn * Unseal; KspGetTokenFn * GetToken; KspQueryAttributesFn * QueryAttributes; KspCompleteTokenFn * CompleteToken; SpExportSecurityContextFn * ExportContext; SpImportSecurityContextFn * ImportContext; KspSetPagingModeFn * SetPackagePagingMode ; KspSerializeAuthDataFn * SerializeAuthData ; } SECPKG_KERNEL_FUNCTION_TABLE, *PSECPKG_KERNEL_FUNCTION_TABLE;
SECURITY_STATUS SEC_ENTRY KSecRegisterSecurityProvider( PSECURITY_STRING ProviderName, PSECPKG_KERNEL_FUNCTION_TABLE Table );
extern SECPKG_KERNEL_FUNCTIONS KspKernelFunctions;
// end_ntsecpkg
#endif // __SECPKG_H__
|