Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

654 lines
18 KiB

  1. //+-----------------------------------------------------------------------
  2. //
  3. // Copyright (c) 1990-1999 Microsoft Corporation
  4. //
  5. // File: KERBEROS.H
  6. //
  7. // Contents: Public Kerberos Security Package structures for use
  8. // with APIs from SECURITY.H
  9. //
  10. //
  11. // History: 26 Feb 92, RichardW Compiled from other files
  12. //
  13. //------------------------------------------------------------------------
  14. #ifndef __KERBEROS_H__
  15. #define __KERBEROS_H__
  16. #if _MSC_VER > 1000
  17. #pragma once
  18. #endif
  19. #include <ntmsv1_0.h>
  20. #include <kerbcon.h>
  21. // begin_ntsecapi
  22. #ifndef MICROSOFT_KERBEROS_NAME_A
  23. #define MICROSOFT_KERBEROS_NAME_A "Kerberos"
  24. #define MICROSOFT_KERBEROS_NAME_W L"Kerberos"
  25. #ifdef WIN32_CHICAGO
  26. #define MICROSOFT_KERBEROS_NAME MICROSOFT_KERBEROS_NAME_A
  27. #else
  28. #define MICROSOFT_KERBEROS_NAME MICROSOFT_KERBEROS_NAME_W
  29. #endif // WIN32_CHICAGO
  30. #endif // MICROSOFT_KERBEROS_NAME_A
  31. // end_ntsecapi
  32. typedef struct _KERB_INIT_CONTEXT_DATA {
  33. LARGE_INTEGER StartTime; // Start time
  34. LARGE_INTEGER EndTime; // End time
  35. LARGE_INTEGER RenewUntilTime; // Renew until time
  36. ULONG TicketOptions; // From krb5.h
  37. ULONG RequestOptions; // Options on what to return
  38. } KERB_INIT_CONTEXT_DATA, *PKERB_INIT_CONTEXT_DATA;
  39. #define KERB_INIT_RETURN_TICKET 0x1 // return raw ticket
  40. #define KERB_INIT_RETURN_MIT_AP_REQ 0x2 // return MIT style AP request
  41. // begin_ntsecapi
  42. /////////////////////////////////////////////////////////////////////////
  43. //
  44. // Quality of protection parameters for MakeSignature / EncryptMessage
  45. //
  46. /////////////////////////////////////////////////////////////////////////
  47. //
  48. // This flag indicates to EncryptMessage that the message is not to actually
  49. // be encrypted, but a header/trailer are to be produced.
  50. //
  51. #define KERB_WRAP_NO_ENCRYPT 0x80000001
  52. /////////////////////////////////////////////////////////////////////////
  53. //
  54. // LsaLogonUser parameters
  55. //
  56. /////////////////////////////////////////////////////////////////////////
  57. typedef enum _KERB_LOGON_SUBMIT_TYPE {
  58. KerbInteractiveLogon = 2,
  59. KerbSmartCardLogon = 6,
  60. KerbWorkstationUnlockLogon = 7,
  61. KerbSmartCardUnlockLogon = 8,
  62. KerbProxyLogon = 9,
  63. KerbTicketLogon = 10,
  64. KerbTicketUnlockLogon = 11,
  65. KerbS4ULogon = 12
  66. } KERB_LOGON_SUBMIT_TYPE, *PKERB_LOGON_SUBMIT_TYPE;
  67. typedef struct _KERB_INTERACTIVE_LOGON {
  68. KERB_LOGON_SUBMIT_TYPE MessageType;
  69. UNICODE_STRING LogonDomainName;
  70. UNICODE_STRING UserName;
  71. UNICODE_STRING Password;
  72. } KERB_INTERACTIVE_LOGON, *PKERB_INTERACTIVE_LOGON;
  73. typedef struct _KERB_INTERACTIVE_UNLOCK_LOGON {
  74. KERB_INTERACTIVE_LOGON Logon;
  75. LUID LogonId;
  76. } KERB_INTERACTIVE_UNLOCK_LOGON, *PKERB_INTERACTIVE_UNLOCK_LOGON;
  77. typedef struct _KERB_SMART_CARD_LOGON {
  78. KERB_LOGON_SUBMIT_TYPE MessageType;
  79. UNICODE_STRING Pin;
  80. ULONG CspDataLength;
  81. PUCHAR CspData;
  82. } KERB_SMART_CARD_LOGON, *PKERB_SMART_CARD_LOGON;
  83. typedef struct _KERB_SMART_CARD_UNLOCK_LOGON {
  84. KERB_SMART_CARD_LOGON Logon;
  85. LUID LogonId;
  86. } KERB_SMART_CARD_UNLOCK_LOGON, *PKERB_SMART_CARD_UNLOCK_LOGON;
  87. //
  88. // Structure used for a ticket-only logon
  89. //
  90. typedef struct _KERB_TICKET_LOGON {
  91. KERB_LOGON_SUBMIT_TYPE MessageType;
  92. ULONG Flags;
  93. ULONG ServiceTicketLength;
  94. ULONG TicketGrantingTicketLength;
  95. PUCHAR ServiceTicket; // REQUIRED: Service ticket "host"
  96. PUCHAR TicketGrantingTicket; // OPTIONAL: User's encdoded in a KERB_CRED message, encrypted with session key from service ticket
  97. } KERB_TICKET_LOGON, *PKERB_TICKET_LOGON;
  98. //
  99. // Flags for the ticket logon flags field
  100. //
  101. #define KERB_LOGON_FLAG_ALLOW_EXPIRED_TICKET 0x1
  102. typedef struct _KERB_TICKET_UNLOCK_LOGON {
  103. KERB_TICKET_LOGON Logon;
  104. LUID LogonId;
  105. } KERB_TICKET_UNLOCK_LOGON, *PKERB_TICKET_UNLOCK_LOGON;
  106. //
  107. // Used for S4U Client requests
  108. //
  109. //
  110. typedef struct _KERB_S4U_LOGON {
  111. KERB_LOGON_SUBMIT_TYPE MessageType;
  112. ULONG Flags;
  113. UNICODE_STRING ClientUpn; // REQUIRED: UPN for client
  114. UNICODE_STRING ClientRealm; // Optional: Client Realm, if known
  115. } KERB_S4U_LOGON, *PKERB_S4U_LOGON;
  116. //
  117. // TBD: Flags for S4UToSelf() logon
  118. //
  119. //
  120. // Use the same profile structure as MSV1_0
  121. //
  122. typedef enum _KERB_PROFILE_BUFFER_TYPE {
  123. KerbInteractiveProfile = 2,
  124. KerbSmartCardProfile = 4,
  125. KerbTicketProfile = 6
  126. } KERB_PROFILE_BUFFER_TYPE, *PKERB_PROFILE_BUFFER_TYPE;
  127. typedef struct _KERB_INTERACTIVE_PROFILE {
  128. KERB_PROFILE_BUFFER_TYPE MessageType;
  129. USHORT LogonCount;
  130. USHORT BadPasswordCount;
  131. LARGE_INTEGER LogonTime;
  132. LARGE_INTEGER LogoffTime;
  133. LARGE_INTEGER KickOffTime;
  134. LARGE_INTEGER PasswordLastSet;
  135. LARGE_INTEGER PasswordCanChange;
  136. LARGE_INTEGER PasswordMustChange;
  137. UNICODE_STRING LogonScript;
  138. UNICODE_STRING HomeDirectory;
  139. UNICODE_STRING FullName;
  140. UNICODE_STRING ProfilePath;
  141. UNICODE_STRING HomeDirectoryDrive;
  142. UNICODE_STRING LogonServer;
  143. ULONG UserFlags;
  144. } KERB_INTERACTIVE_PROFILE, *PKERB_INTERACTIVE_PROFILE;
  145. //
  146. // For smart card, we return a smart card profile, which is an interactive
  147. // profile plus a certificate
  148. //
  149. typedef struct _KERB_SMART_CARD_PROFILE {
  150. KERB_INTERACTIVE_PROFILE Profile;
  151. ULONG CertificateSize;
  152. PUCHAR CertificateData;
  153. } KERB_SMART_CARD_PROFILE, *PKERB_SMART_CARD_PROFILE;
  154. //
  155. // For a ticket logon profile, we return the session key from the ticket
  156. //
  157. typedef struct KERB_CRYPTO_KEY {
  158. LONG KeyType;
  159. ULONG Length;
  160. PUCHAR Value;
  161. } KERB_CRYPTO_KEY, *PKERB_CRYPTO_KEY;
  162. typedef struct _KERB_TICKET_PROFILE {
  163. KERB_INTERACTIVE_PROFILE Profile;
  164. KERB_CRYPTO_KEY SessionKey;
  165. } KERB_TICKET_PROFILE, *PKERB_TICKET_PROFILE;
  166. typedef enum _KERB_PROTOCOL_MESSAGE_TYPE {
  167. KerbDebugRequestMessage = 0,
  168. KerbQueryTicketCacheMessage,
  169. KerbChangeMachinePasswordMessage,
  170. KerbVerifyPacMessage,
  171. KerbRetrieveTicketMessage,
  172. KerbUpdateAddressesMessage,
  173. KerbPurgeTicketCacheMessage,
  174. KerbChangePasswordMessage,
  175. KerbRetrieveEncodedTicketMessage,
  176. KerbDecryptDataMessage,
  177. KerbAddBindingCacheEntryMessage,
  178. KerbSetPasswordMessage,
  179. KerbSetPasswordExMessage,
  180. KerbVerifyCredentialsMessage,
  181. KerbQueryTicketCacheExMessage,
  182. KerbPurgeTicketCacheExMessage,
  183. // KerbRetrieveEncodedTicketExMessage,
  184. } KERB_PROTOCOL_MESSAGE_TYPE, *PKERB_PROTOCOL_MESSAGE_TYPE;
  185. // end_ntsecapi
  186. //
  187. // Structure for a debuggin requequest
  188. //
  189. #define KERB_DEBUG_REQ_BREAKPOINT 0x1
  190. #define KERB_DEBUG_REQ_CALL_PACK 0x2
  191. #define KERB_DEBUG_REQ_DATAGRAM 0x3
  192. #define KERB_DEBUG_REQ_STATISTICS 0x4
  193. #define KERB_DEBUG_CREATE_TOKEN 0x5
  194. typedef struct _KERB_DEBUG_REQUEST {
  195. KERB_PROTOCOL_MESSAGE_TYPE MessageType;
  196. ULONG DebugRequest;
  197. } KERB_DEBUG_REQUEST, *PKERB_DEBUG_REQUEST;
  198. typedef struct _KERB_DEBUG_REPLY {
  199. KERB_PROTOCOL_MESSAGE_TYPE MessageType;
  200. UCHAR Data[ANYSIZE_ARRAY];
  201. } KERB_DEBUG_REPLY, *PKERB_DEBUG_REPLY;
  202. typedef struct _KERB_DEBUG_STATS {
  203. ULONG CacheHits;
  204. ULONG CacheMisses;
  205. ULONG SkewedRequests;
  206. ULONG SuccessRequests;
  207. LARGE_INTEGER LastSync;
  208. } KERB_DEBUG_STATS, *PKERB_DEBUG_STATS;
  209. // begin_ntsecapi
  210. //
  211. // Used both for retrieving tickets and for querying ticket cache
  212. //
  213. typedef struct _KERB_QUERY_TKT_CACHE_REQUEST {
  214. KERB_PROTOCOL_MESSAGE_TYPE MessageType;
  215. LUID LogonId;
  216. } KERB_QUERY_TKT_CACHE_REQUEST, *PKERB_QUERY_TKT_CACHE_REQUEST;
  217. typedef struct _KERB_TICKET_CACHE_INFO {
  218. UNICODE_STRING ServerName;
  219. UNICODE_STRING RealmName;
  220. LARGE_INTEGER StartTime;
  221. LARGE_INTEGER EndTime;
  222. LARGE_INTEGER RenewTime;
  223. LONG EncryptionType;
  224. ULONG TicketFlags;
  225. } KERB_TICKET_CACHE_INFO, *PKERB_TICKET_CACHE_INFO;
  226. typedef struct _KERB_TICKET_CACHE_INFO_EX {
  227. UNICODE_STRING ClientName;
  228. UNICODE_STRING ClientRealm;
  229. UNICODE_STRING ServerName;
  230. UNICODE_STRING ServerRealm;
  231. LARGE_INTEGER StartTime;
  232. LARGE_INTEGER EndTime;
  233. LARGE_INTEGER RenewTime;
  234. LONG EncryptionType;
  235. ULONG TicketFlags;
  236. } KERB_TICKET_CACHE_INFO_EX, *PKERB_TICKET_CACHE_INFO_EX;
  237. typedef struct _KERB_QUERY_TKT_CACHE_RESPONSE {
  238. KERB_PROTOCOL_MESSAGE_TYPE MessageType;
  239. ULONG CountOfTickets;
  240. KERB_TICKET_CACHE_INFO Tickets[ANYSIZE_ARRAY];
  241. } KERB_QUERY_TKT_CACHE_RESPONSE, *PKERB_QUERY_TKT_CACHE_RESPONSE;
  242. typedef struct _KERB_QUERY_TKT_CACHE_EX_RESPONSE {
  243. KERB_PROTOCOL_MESSAGE_TYPE MessageType;
  244. ULONG CountOfTickets;
  245. KERB_TICKET_CACHE_INFO_EX Tickets[ANYSIZE_ARRAY];
  246. } KERB_QUERY_TKT_CACHE_EX_RESPONSE, *PKERB_QUERY_TKT_CACHE_EX_RESPONSE;
  247. //
  248. // Types for retrieving encoded ticket from the cache
  249. //
  250. #ifndef __SECHANDLE_DEFINED__
  251. typedef struct _SecHandle
  252. {
  253. ULONG_PTR dwLower ;
  254. ULONG_PTR dwUpper ;
  255. } SecHandle, * PSecHandle ;
  256. #define __SECHANDLE_DEFINED__
  257. #endif // __SECHANDLE_DEFINED__
  258. // Ticket Flags
  259. #define KERB_USE_DEFAULT_TICKET_FLAGS 0x0
  260. // CacheOptions
  261. #define KERB_RETRIEVE_TICKET_DEFAULT 0x0
  262. #define KERB_RETRIEVE_TICKET_DONT_USE_CACHE 0x1
  263. #define KERB_RETRIEVE_TICKET_USE_CACHE_ONLY 0x2
  264. #define KERB_RETRIEVE_TICKET_USE_CREDHANDLE 0x4
  265. #define KERB_RETRIEVE_TICKET_AS_KERB_CRED 0x8
  266. #define KERB_RETRIEVE_TICKET_WITH_SEC_CRED 0x10
  267. // Encryption Type options
  268. #define KERB_ETYPE_DEFAULT 0x0 // don't specify etype in tkt req.
  269. typedef struct _KERB_AUTH_DATA {
  270. ULONG Type;
  271. ULONG Length;
  272. PUCHAR Data;
  273. } KERB_AUTH_DATA, *PKERB_AUTH_DATA;
  274. typedef struct _KERB_NET_ADDRESS {
  275. ULONG Family;
  276. ULONG Length;
  277. PCHAR Address;
  278. } KERB_NET_ADDRESS, *PKERB_NET_ADDRESS;
  279. typedef struct _KERB_NET_ADDRESSES {
  280. ULONG Number;
  281. KERB_NET_ADDRESS Addresses[ANYSIZE_ARRAY];
  282. } KERB_NET_ADDRESSES, *PKERB_NET_ADDRESSES;
  283. //
  284. // Types for the information about a ticket
  285. //
  286. typedef struct _KERB_EXTERNAL_NAME {
  287. SHORT NameType;
  288. USHORT NameCount;
  289. UNICODE_STRING Names[ANYSIZE_ARRAY];
  290. } KERB_EXTERNAL_NAME, *PKERB_EXTERNAL_NAME;
  291. typedef struct _KERB_EXTERNAL_TICKET {
  292. PKERB_EXTERNAL_NAME ServiceName;
  293. PKERB_EXTERNAL_NAME TargetName;
  294. PKERB_EXTERNAL_NAME ClientName;
  295. UNICODE_STRING DomainName;
  296. UNICODE_STRING TargetDomainName;
  297. UNICODE_STRING AltTargetDomainName;
  298. KERB_CRYPTO_KEY SessionKey;
  299. ULONG TicketFlags;
  300. ULONG Flags;
  301. LARGE_INTEGER KeyExpirationTime;
  302. LARGE_INTEGER StartTime;
  303. LARGE_INTEGER EndTime;
  304. LARGE_INTEGER RenewUntil;
  305. LARGE_INTEGER TimeSkew;
  306. ULONG EncodedTicketSize;
  307. PUCHAR EncodedTicket;
  308. } KERB_EXTERNAL_TICKET, *PKERB_EXTERNAL_TICKET;
  309. #if 0
  310. typedef struct _KERB_EXTERNAL_TICKET_EX {
  311. PKERB_EXTERNAL_NAME ClientName;
  312. PKERB_EXTERNAL_NAME ServiceName;
  313. PKERB_EXTERNAL_NAME TargetName;
  314. UNICODE_STRING ClientRealm;
  315. UNICODE_STRING ServerRealm;
  316. UNICODE_STRING TargetDomainName;
  317. UNICODE_STRING AltTargetDomainName;
  318. KERB_CRYPTO_KEY SessionKey;
  319. ULONG TicketFlags;
  320. ULONG Flags;
  321. LARGE_INTEGER KeyExpirationTime;
  322. LARGE_INTEGER StartTime;
  323. LARGE_INTEGER EndTime;
  324. LARGE_INTEGER RenewUntil;
  325. LARGE_INTEGER TimeSkew;
  326. PKERB_NET_ADDRESSES TicketAddresses;
  327. PKERB_AUTH_DATA AuthorizationData;
  328. _KERB_EXTERNAL_TICKET_EX * SecondTicket;
  329. ULONG EncodedTicketSize;
  330. PUCHAR EncodedTicket;
  331. } KERB_EXTERNAL_TICKET_EX, *PKERB_EXTERNAL_TICKET_EX;
  332. #endif // 0
  333. typedef struct _KERB_RETRIEVE_TKT_REQUEST {
  334. KERB_PROTOCOL_MESSAGE_TYPE MessageType;
  335. LUID LogonId;
  336. UNICODE_STRING TargetName;
  337. ULONG TicketFlags;
  338. ULONG CacheOptions;
  339. LONG EncryptionType;
  340. SecHandle CredentialsHandle;
  341. } KERB_RETRIEVE_TKT_REQUEST, *PKERB_RETRIEVE_TKT_REQUEST;
  342. #if 0
  343. typedef struct _KERB_RETRIEVE_TKT_EX_REQUEST {
  344. KERB_PROTOCOL_MESSAGE_TYPE MessageType;
  345. LUID LogonId;
  346. KERB_TICKET_CACHE_INFO_EX TicketTemplate;
  347. ULONG CacheOptions;
  348. SecHandle CredentialsHandle;
  349. PKERB_EXTERNAL_TICKET_EX SecondTicket;
  350. PKERB_AUTH_DATA UserAuthData;
  351. PKERB_NET_ADDRESS Addresses;
  352. } KERB_RETRIEVE_TKT_EX_REQUEST, *PKERB_RETRIEVE_TKT_EX_REQUEST;
  353. #endif // 0
  354. typedef struct _KERB_RETRIEVE_TKT_RESPONSE {
  355. KERB_EXTERNAL_TICKET Ticket;
  356. } KERB_RETRIEVE_TKT_RESPONSE, *PKERB_RETRIEVE_TKT_RESPONSE;
  357. #if 0
  358. typedef struct _KERB_RETRIEVE_TKT_EX_RESPONSE {
  359. KERB_EXTERNAL_TICKET_EX Ticket;
  360. } KERB_RETRIEVE_TKT_EX_RESPONSE, *PKERB_RETRIEVE_TKT_EX_RESPONSE;
  361. #endif // 0
  362. //
  363. // Used to purge entries from the ticket cache
  364. //
  365. typedef struct _KERB_PURGE_TKT_CACHE_REQUEST {
  366. KERB_PROTOCOL_MESSAGE_TYPE MessageType;
  367. LUID LogonId;
  368. UNICODE_STRING ServerName;
  369. UNICODE_STRING RealmName;
  370. } KERB_PURGE_TKT_CACHE_REQUEST, *PKERB_PURGE_TKT_CACHE_REQUEST;
  371. //
  372. // Flags for purge requests
  373. //
  374. #define KERB_PURGE_ALL_TICKETS 1
  375. typedef struct _KERB_PURGE_TKT_CACHE_EX_REQUEST {
  376. KERB_PROTOCOL_MESSAGE_TYPE MessageType;
  377. LUID LogonId;
  378. ULONG Flags;
  379. KERB_TICKET_CACHE_INFO_EX TicketTemplate;
  380. } KERB_PURGE_TKT_CACHE_EX_REQUEST, *PKERB_PURGE_TKT_CACHE_EX_REQUEST;
  381. // end_ntsecapi
  382. //
  383. // This must match NT_OWF_PASSWORD_LENGTH
  384. //
  385. typedef struct _KERB_CHANGE_MACH_PWD_REQUEST {
  386. KERB_PROTOCOL_MESSAGE_TYPE MessageType;
  387. UNICODE_STRING NewPassword;
  388. UNICODE_STRING OldPassword;
  389. } KERB_CHANGE_MACH_PWD_REQUEST, *PKERB_CHANGE_MACH_PWD_REQUEST;
  390. //
  391. // These messages are used by the kerberos package to verify that the PAC in a
  392. // ticket is valid. It is remoted from a workstation to a DC in the workstation's
  393. // domain. On failure there is no response message. On success there may be no
  394. // message or the same message may be used to send back a PAC updated with
  395. // local groups from the domain controller. The checksum is placed in the
  396. // final buffer first, followed by the signature.
  397. //
  398. #include <pshpack1.h>
  399. typedef struct _KERB_VERIFY_PAC_REQUEST {
  400. KERB_PROTOCOL_MESSAGE_TYPE MessageType;
  401. ULONG ChecksumLength;
  402. ULONG SignatureType;
  403. ULONG SignatureLength;
  404. UCHAR ChecksumAndSignature[ANYSIZE_ARRAY];
  405. } KERB_VERIFY_PAC_REQUEST, *PKERB_VERIFY_PAC_REQUEST;
  406. //
  407. // Message for update Kerberos's list of addresses. The address count should
  408. // be the number of addresses & the addresses should be an array of
  409. // SOCKET_ADDRESS structures. The message type should be KerbUpdateAddressesMessage
  410. //
  411. typedef struct _KERB_UPDATE_ADDRESSES_REQUEST {
  412. KERB_PROTOCOL_MESSAGE_TYPE MessageType;
  413. ULONG AddressCount;
  414. ULONG Addresses[ANYSIZE_ARRAY]; // array of SOCKET_ADDRESS structures
  415. } KERB_UPDATE_ADDRESSES_REQUEST, *PKERB_UPDATE_ADDRESSES_REQUEST;
  416. #include <poppack.h>
  417. // begin_ntsecapi
  418. //
  419. // KerbChangePassword
  420. //
  421. // KerbChangePassword changes the password on the KDC account plus
  422. // the password cache and logon credentials if applicable.
  423. //
  424. //
  425. typedef struct _KERB_CHANGEPASSWORD_REQUEST {
  426. KERB_PROTOCOL_MESSAGE_TYPE MessageType;
  427. UNICODE_STRING DomainName;
  428. UNICODE_STRING AccountName;
  429. UNICODE_STRING OldPassword;
  430. UNICODE_STRING NewPassword;
  431. BOOLEAN Impersonating;
  432. } KERB_CHANGEPASSWORD_REQUEST, *PKERB_CHANGEPASSWORD_REQUEST;
  433. //
  434. // KerbSetPassword
  435. //
  436. // KerbSetPassword changes the password on the KDC account plus
  437. // the password cache and logon credentials if applicable.
  438. //
  439. //
  440. typedef struct _KERB_SETPASSWORD_REQUEST {
  441. KERB_PROTOCOL_MESSAGE_TYPE MessageType;
  442. LUID LogonId;
  443. SecHandle CredentialsHandle;
  444. ULONG Flags;
  445. UNICODE_STRING DomainName;
  446. UNICODE_STRING AccountName;
  447. UNICODE_STRING Password;
  448. } KERB_SETPASSWORD_REQUEST, *PKERB_SETPASSWORD_REQUEST;
  449. typedef struct _KERB_SETPASSWORD_EX_REQUEST {
  450. KERB_PROTOCOL_MESSAGE_TYPE MessageType;
  451. LUID LogonId;
  452. SecHandle CredentialsHandle;
  453. ULONG Flags;
  454. UNICODE_STRING AccountRealm;
  455. UNICODE_STRING AccountName;
  456. UNICODE_STRING Password;
  457. UNICODE_STRING ClientRealm;
  458. UNICODE_STRING ClientName;
  459. BOOLEAN Impersonating;
  460. UNICODE_STRING KdcAddress;
  461. ULONG KdcAddressType;
  462. } KERB_SETPASSWORD_EX_REQUEST, *PKERB_SETPASSWORD_EX_REQUEST;
  463. #define DS_UNKNOWN_ADDRESS_TYPE 0 // anything *but* IP
  464. #define KERB_SETPASS_USE_LOGONID 1
  465. #define KERB_SETPASS_USE_CREDHANDLE 2
  466. typedef struct _KERB_DECRYPT_REQUEST {
  467. KERB_PROTOCOL_MESSAGE_TYPE MessageType;
  468. LUID LogonId;
  469. ULONG Flags;
  470. LONG CryptoType;
  471. LONG KeyUsage;
  472. KERB_CRYPTO_KEY Key; // optional
  473. ULONG EncryptedDataSize;
  474. ULONG InitialVectorSize;
  475. PUCHAR InitialVector;
  476. PUCHAR EncryptedData;
  477. } KERB_DECRYPT_REQUEST, *PKERB_DECRYPT_REQUEST;
  478. //
  479. // If set, use the primary key from the current logon session of the one provided in the LogonId field.
  480. // Otherwise, use the Key in the KERB_DECRYPT_MESSAGE.
  481. #define KERB_DECRYPT_FLAG_DEFAULT_KEY 0x00000001
  482. typedef struct _KERB_DECRYPT_RESPONSE {
  483. UCHAR DecryptedData[ANYSIZE_ARRAY];
  484. } KERB_DECRYPT_RESPONSE, *PKERB_DECRYPT_RESPONSE;
  485. //
  486. // Request structure for adding a binding cache entry. TCB privilege
  487. // is required for this operation.
  488. //
  489. typedef struct _KERB_ADD_BINDING_CACHE_ENTRY_REQUEST {
  490. KERB_PROTOCOL_MESSAGE_TYPE MessageType;
  491. UNICODE_STRING RealmName;
  492. UNICODE_STRING KdcAddress;
  493. ULONG AddressType; //dsgetdc.h DS_NETBIOS_ADDRESS||DS_INET_ADDRESS
  494. } KERB_ADD_BINDING_CACHE_ENTRY_REQUEST, *PKERB_ADD_BINDING_CACHE_ENTRY_REQUEST;
  495. // end_ntsecapi
  496. typedef struct _KERB_VERIFY_CREDENTIALS_REQUEST {
  497. KERB_PROTOCOL_MESSAGE_TYPE MessageType;
  498. UNICODE_STRING UserName;
  499. UNICODE_STRING DomainName;
  500. UNICODE_STRING Password;
  501. ULONG VerifyFlags;
  502. } KERB_VERIFY_CREDENTIALS_REQUEST, *PKERB_VERIFY_CREDENTIALS_REQUEST;
  503. //
  504. // Location of Kerb authentication package data
  505. //
  506. #define KERB_SUBAUTHENTICATION_KEY "SYSTEM\\CurrentControlSet\\Control\\Lsa\\Kerberos"
  507. #define KERB_SUBAUTHENTICATION_VALUE "Auth"
  508. #define KERB_SUBAUTHENTICATION_MASK 0x7fffffff
  509. #define KERB_SUBAUTHENTICATION_FLAG 0x80000000
  510. #endif // __KERBEROS_H__