archive
/
windows-xp
mirror of https://github.com/tongzx/nt5src
2
0
Fork 0
Code Issues Projects Releases Wiki Activity
Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6 Commits
1 Branch
0 Tags
2.0 GiB
Tree: daad8a087a
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'daad8a087a'
${ noResults }
windows-xp/Source/XPSP1/NT/ds/published/inc/secpkg.w

1440 lines
40 KiB
Raw Normal View History

Add source files
4 years ago
  1. //+-----------------------------------------------------------------------
  2. //
  3. // Microsoft Windows
  4. //
  5. // Copyright (c) Microsoft Corporation 1991-1999
  6. //
  7. // File: secpkg.h
  8. //
  9. // Contents: Global definitions for security packages
  10. // This file will contain everything specific to writing
  11. // a security package.
  12. //
  13. //
  14. // History: 10 Mar 92 RichardW Created
  15. // 24-Mar-94 wader Changed EstablishCredentials to SystemLogon
  16. //
  17. //------------------------------------------------------------------------
  20. #ifndef __SECPKG_H__
  21. #define __SECPKG_H__
  23. #if _MSC_VER > 1000
  24. #pragma once
  25. #endif
  27. #include <ntlsa.h> // SECURITY_LOGON_TYPE
  30. // begin_ntsecpkg
  32. #ifdef SECURITY_KERNEL
  33. //
  34. // Can't use the windows.h def'ns in kernel mode.
  35. //
  36. typedef PVOID SEC_THREAD_START;
  37. typedef PVOID SEC_ATTRS;
  38. #else
  39. typedef LPTHREAD_START_ROUTINE SEC_THREAD_START;
  40. typedef LPSECURITY_ATTRIBUTES SEC_ATTRS;
  41. #endif
  44. #define SecEqualLuid(L1, L2) \
  45. ( ( ((PLUID)L1)->LowPart == ((PLUID)L2)->LowPart ) && \
  46. ( ((PLUID)L1)->HighPart == ((PLUID)L2)->HighPart ) ) \
  48. #define SecIsZeroLuid( L1 ) \
  49. ( ( L1->LowPart | L1->HighPart ) == 0 )
  51. //
  52. // The following structures are used by the helper functions
  53. //
  55. typedef struct _SECPKG_CLIENT_INFO {
  56. LUID LogonId; // Effective Logon Id
  57. ULONG ProcessID; // Process Id of caller
  58. ULONG ThreadID; // Thread Id of caller
  59. BOOLEAN HasTcbPrivilege; // Client has TCB
  60. BOOLEAN Impersonating; // Client is impersonating
  61. BOOLEAN Restricted; // Client is restricted
  63. //
  64. // NT 5.1
  65. //
  67. UCHAR ClientFlags; // Extra flags about the client
  68. SECURITY_IMPERSONATION_LEVEL ImpersonationLevel; // Impersonation level of client
  70. } SECPKG_CLIENT_INFO, * PSECPKG_CLIENT_INFO;
  72. #define SECPKG_CLIENT_PROCESS_TERMINATED 0x01 // The client process has terminated
  73. #define SECPKG_CLIENT_THREAD_TERMINATED 0x02 // The client thread has terminated
  75. typedef struct _SECPKG_CALL_INFO {
  76. ULONG ProcessId ;
  77. ULONG ThreadId ;
  78. ULONG Attributes ;
  79. ULONG CallCount ;
  80. } SECPKG_CALL_INFO, * PSECPKG_CALL_INFO ;
  82. #define SECPKG_CALL_KERNEL_MODE 0x00000001 // Call originated in kernel mode
  83. #define SECPKG_CALL_ANSI 0x00000002 // Call came from ANSI stub
  84. #define SECPKG_CALL_URGENT 0x00000004 // Call designated urgent
  85. #define SECPKG_CALL_RECURSIVE 0x00000008 // Call is recursing
  86. #define SECPKG_CALL_IN_PROC 0x00000010 // Call originated in process
  87. #define SECPKG_CALL_CLEANUP 0x00000020 // Call is cleanup from a client
  88. #define SECPKG_CALL_WOWCLIENT 0x00000040 // Call is from a WOW client process
  89. #define SECPKG_CALL_THREAD_TERM 0x00000080 // Call is from a thread that has term'd
  90. #define SECPKG_CALL_PROCESS_TERM 0x00000100 // Call is from a process that has term'd
  91. #define SECPKG_CALL_IS_TCB 0x00000200 // Call is from TCB
  94. typedef struct _SECPKG_SUPPLEMENTAL_CRED {
  95. UNICODE_STRING PackageName;
  96. ULONG CredentialSize;
  97. #ifdef MIDL_PASS
  98. [size_is(CredentialSize)]
  99. #endif // MIDL_PASS
  100. PUCHAR Credentials;
  101. } SECPKG_SUPPLEMENTAL_CRED, *PSECPKG_SUPPLEMENTAL_CRED;
  103. typedef ULONG_PTR LSA_SEC_HANDLE ;
  104. typedef LSA_SEC_HANDLE * PLSA_SEC_HANDLE ;
  105. typedef struct _SECPKG_SUPPLEMENTAL_CRED_ARRAY {
  106. ULONG CredentialCount;
  107. #ifdef MIDL_PASS
  108. [size_is(CredentialCount)] SECPKG_SUPPLEMENTAL_CRED Credentials[*];
  109. #else // MIDL_PASS
  110. SECPKG_SUPPLEMENTAL_CRED Credentials[1];
  111. #endif // MIDL_PASS
  112. } SECPKG_SUPPLEMENTAL_CRED_ARRAY, *PSECPKG_SUPPLEMENTAL_CRED_ARRAY;
  114. //
  115. // This flag is used for to indicate which buffers in the LSA are located
  116. // in the client's address space
  117. //
  119. #define SECBUFFER_UNMAPPED 0x40000000
  121. //
  122. // This flag is used to indicate that the buffer was mapped into the LSA
  123. // from kernel mode.
  124. //
  126. #define SECBUFFER_KERNEL_MAP 0x20000000
  128. typedef NTSTATUS
  129. (NTAPI LSA_CALLBACK_FUNCTION)(
  130. ULONG_PTR Argument1,
  131. ULONG_PTR Argument2,
  132. PSecBuffer InputBuffer,
  133. PSecBuffer OutputBuffer
  134. );
  136. typedef LSA_CALLBACK_FUNCTION * PLSA_CALLBACK_FUNCTION ;
  140. #define PRIMARY_CRED_CLEAR_PASSWORD 0x1
  141. #define PRIMARY_CRED_OWF_PASSWORD 0x2
  142. #define PRIMARY_CRED_UPDATE 0x4 // this is a change of existing creds
  143. #define PRIMARY_CRED_CACHED_LOGON 0x8
  145. #define PRIMARY_CRED_LOGON_PACKAGE_SHIFT 24
  146. #define PRIMARY_CRED_PACKAGE_MASK 0xff000000
  148. //
  149. // For cached logons, the RPC id of the package doing the logon is identified
  150. // by shifting the flags to the right by the PRIMARY_CRED_LOGON_PACKAGE_SHIFT.
  151. //
  153. typedef struct _SECPKG_PRIMARY_CRED {
  154. LUID LogonId;
  155. UNICODE_STRING DownlevelName; // Sam Account Name
  156. UNICODE_STRING DomainName; // Netbios domain name where account is located
  157. UNICODE_STRING Password;
  158. UNICODE_STRING OldPassword;
  159. PSID UserSid;
  160. ULONG Flags;
  161. UNICODE_STRING DnsDomainName; // DNS domain name where account is located (if known)
  162. UNICODE_STRING Upn; // UPN of account (if known)
  164. UNICODE_STRING LogonServer;
  165. UNICODE_STRING Spare1;
  166. UNICODE_STRING Spare2;
  167. UNICODE_STRING Spare3;
  168. UNICODE_STRING Spare4;
  169. } SECPKG_PRIMARY_CRED, *PSECPKG_PRIMARY_CRED;
  171. //
  172. // Maximum size of stored credentials.
  173. //
  175. #define MAX_CRED_SIZE 1024
  177. // Values for MachineState
  179. #define SECPKG_STATE_ENCRYPTION_PERMITTED 0x01
  180. #define SECPKG_STATE_STRONG_ENCRYPTION_PERMITTED 0x02
  181. #define SECPKG_STATE_DOMAIN_CONTROLLER 0x04
  182. #define SECPKG_STATE_WORKSTATION 0x08
  183. #define SECPKG_STATE_STANDALONE 0x10
  185. typedef struct _SECPKG_PARAMETERS {
  186. ULONG Version;
  187. ULONG MachineState;
  188. ULONG SetupMode;
  189. PSID DomainSid;
  190. UNICODE_STRING DomainName;
  191. UNICODE_STRING DnsDomainName;
  192. GUID DomainGuid;
  193. } SECPKG_PARAMETERS, *PSECPKG_PARAMETERS;
  196. //
  197. // Extended Package information structures
  198. //
  200. typedef enum _SECPKG_EXTENDED_INFORMATION_CLASS {
  201. SecpkgGssInfo = 1,
  202. SecpkgContextThunks,
  203. SecpkgMutualAuthLevel,
  204. SecpkgWowClientDll,
  205. SecpkgExtraOids,
  206. SecpkgMaxInfo
  207. } SECPKG_EXTENDED_INFORMATION_CLASS ;
  209. typedef struct _SECPKG_GSS_INFO {
  210. ULONG EncodedIdLength ;
  211. UCHAR EncodedId[4] ;
  212. } SECPKG_GSS_INFO, * PSECPKG_GSS_INFO ;
  214. typedef struct _SECPKG_CONTEXT_THUNKS {
  215. ULONG InfoLevelCount ;
  216. ULONG Levels[1] ;
  217. } SECPKG_CONTEXT_THUNKS, *PSECPKG_CONTEXT_THUNKS ;
  219. typedef struct _SECPKG_MUTUAL_AUTH_LEVEL {
  220. ULONG MutualAuthLevel ;
  221. } SECPKG_MUTUAL_AUTH_LEVEL, * PSECPKG_MUTUAL_AUTH_LEVEL ;
  223. typedef struct _SECPKG_WOW_CLIENT_DLL {
  224. SECURITY_STRING WowClientDllPath;
  225. } SECPKG_WOW_CLIENT_DLL, * PSECPKG_WOW_CLIENT_DLL ;
  227. #define SECPKG_MAX_OID_LENGTH 32
  229. typedef struct _SECPKG_SERIALIZED_OID {
  230. ULONG OidLength ;
  231. ULONG OidAttributes ;
  232. UCHAR OidValue[ SECPKG_MAX_OID_LENGTH ];
  233. } SECPKG_SERIALIZED_OID, * PSECPKG_SERIALIZED_OID ;
  235. typedef struct _SECPKG_EXTRA_OIDS {
  236. ULONG OidCount ;
  237. SECPKG_SERIALIZED_OID Oids[ 1 ];
  238. } SECPKG_EXTRA_OIDS, * PSECPKG_EXTRA_OIDS;
  241. typedef struct _SECPKG_EXTENDED_INFORMATION {
  242. SECPKG_EXTENDED_INFORMATION_CLASS Class ;
  243. union {
  244. SECPKG_GSS_INFO GssInfo ;
  245. SECPKG_CONTEXT_THUNKS ContextThunks ;
  246. SECPKG_MUTUAL_AUTH_LEVEL MutualAuthLevel ;
  247. SECPKG_WOW_CLIENT_DLL WowClientDll ;
  248. SECPKG_EXTRA_OIDS ExtraOids ;
  249. } Info ;
  250. } SECPKG_EXTENDED_INFORMATION, * PSECPKG_EXTENDED_INFORMATION ;
  253. #define SECPKG_ATTR_SASL_CONTEXT 0x00010000
  255. typedef struct _SecPkgContext_SaslContext {
  256. PVOID SaslContext ;
  257. } SecPkgContext_SaslContext, * PSecPkgContext_SaslContext ;
  259. //
  260. // Setting this value as the first context thunk value will cause all
  261. // calls to go to the LSA:
  262. //
  264. #define SECPKG_ATTR_THUNK_ALL 0x00010000
  267. #ifndef SECURITY_USER_DATA_DEFINED
  268. #define SECURITY_USER_DATA_DEFINED
  270. typedef struct _SECURITY_USER_DATA {
  271. SECURITY_STRING UserName; // User name
  272. SECURITY_STRING LogonDomainName; // Domain the user logged on to
  273. SECURITY_STRING LogonServer; // Server that logged the user on
  274. PSID pSid; // SID of user
  275. } SECURITY_USER_DATA, *PSECURITY_USER_DATA;
  277. typedef SECURITY_USER_DATA SecurityUserData, * PSecurityUserData;
  280. #define UNDERSTANDS_LONG_NAMES 1
  281. #define NO_LONG_NAMES 2
  283. #endif // SECURITY_USER_DATA_DEFINED
  285. //////////////////////////////////////////////////////////////////////////
  286. //
  287. // The following prototypes are to functions that are provided by the SPMgr
  288. // to security packages.
  289. //
  290. //////////////////////////////////////////////////////////////////////////
  292. typedef NTSTATUS
  293. (NTAPI LSA_IMPERSONATE_CLIENT) (
  294. VOID
  295. );
  298. typedef NTSTATUS
  299. (NTAPI LSA_UNLOAD_PACKAGE)(
  300. VOID
  301. );
  303. typedef NTSTATUS
  304. (NTAPI LSA_DUPLICATE_HANDLE)(
  305. IN HANDLE SourceHandle,
  306. OUT PHANDLE DestionationHandle);
  309. typedef NTSTATUS
  310. (NTAPI LSA_SAVE_SUPPLEMENTAL_CREDENTIALS)(
  311. IN PLUID LogonId,
  312. IN ULONG SupplementalCredSize,
  313. IN PVOID SupplementalCreds,
  314. IN BOOLEAN Synchronous
  315. );
  318. typedef HANDLE
  319. (NTAPI LSA_CREATE_THREAD)(
  320. IN SEC_ATTRS SecurityAttributes,
  321. IN ULONG StackSize,
  322. IN SEC_THREAD_START StartFunction,
  323. IN PVOID ThreadParameter,
  324. IN ULONG CreationFlags,
  325. OUT PULONG ThreadId
  326. );
  329. typedef NTSTATUS
  330. (NTAPI LSA_GET_CLIENT_INFO)(
  331. OUT PSECPKG_CLIENT_INFO ClientInfo
  332. );
  335. typedef HANDLE
  336. (NTAPI LSA_REGISTER_NOTIFICATION)(
  337. IN SEC_THREAD_START StartFunction,
  338. IN PVOID Parameter,
  339. IN ULONG NotificationType,
  340. IN ULONG NotificationClass,
  341. IN ULONG NotificationFlags,
  342. IN ULONG IntervalMinutes,
  343. IN OPTIONAL HANDLE WaitEvent
  344. );
  347. typedef NTSTATUS
  348. (NTAPI LSA_CANCEL_NOTIFICATION)(
  349. IN HANDLE NotifyHandle
  350. );
  352. typedef NTSTATUS
  353. (NTAPI LSA_MAP_BUFFER)(
  354. IN PSecBuffer InputBuffer,
  355. OUT PSecBuffer OutputBuffer
  356. );
  358. typedef NTSTATUS
  359. (NTAPI LSA_CREATE_TOKEN) (
  360. IN PLUID LogonId,
  361. IN PTOKEN_SOURCE TokenSource,
  362. IN SECURITY_LOGON_TYPE LogonType,
  363. IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,
  364. IN LSA_TOKEN_INFORMATION_TYPE TokenInformationType,
  365. IN PVOID TokenInformation,
  366. IN PTOKEN_GROUPS TokenGroups,
  367. IN PUNICODE_STRING AccountName,
  368. IN PUNICODE_STRING AuthorityName,
  369. IN PUNICODE_STRING Workstation,
  370. IN PUNICODE_STRING ProfilePath,
  371. OUT PHANDLE Token,
  372. OUT PNTSTATUS SubStatus
  373. );
  375. typedef enum _SECPKG_SESSIONINFO_TYPE {
  376. SecSessionPrimaryCred // SessionInformation is SECPKG_PRIMARY_CRED
  377. } SECPKG_SESSIONINFO_TYPE ;
  379. typedef NTSTATUS
  380. (NTAPI LSA_CREATE_TOKEN_EX) (
  381. IN PLUID LogonId,
  382. IN PTOKEN_SOURCE TokenSource,
  383. IN SECURITY_LOGON_TYPE LogonType,
  384. IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,
  385. IN LSA_TOKEN_INFORMATION_TYPE TokenInformationType,
  386. IN PVOID TokenInformation,
  387. IN PTOKEN_GROUPS TokenGroups,
  388. IN PUNICODE_STRING Workstation,
  389. IN PUNICODE_STRING ProfilePath,
  390. IN PVOID SessionInformation,
  391. IN SECPKG_SESSIONINFO_TYPE SessionInformationType,
  392. OUT PHANDLE Token,
  393. OUT PNTSTATUS SubStatus
  394. );
  396. typedef VOID
  397. (NTAPI LSA_AUDIT_LOGON) (
  398. IN NTSTATUS Status,
  399. IN NTSTATUS SubStatus,
  400. IN PUNICODE_STRING AccountName,
  401. IN PUNICODE_STRING AuthenticatingAuthority,
  402. IN PUNICODE_STRING WorkstationName,
  403. IN OPTIONAL PSID UserSid,
  404. IN SECURITY_LOGON_TYPE LogonType,
  405. IN PTOKEN_SOURCE TokenSource,
  406. IN PLUID LogonId
  407. );
  409. typedef NTSTATUS
  410. (NTAPI LSA_CALL_PACKAGE) (
  411. IN PUNICODE_STRING AuthenticationPackage,
  412. IN PVOID ProtocolSubmitBuffer,
  413. IN ULONG SubmitBufferLength,
  414. OUT PVOID *ProtocolReturnBuffer,
  415. OUT PULONG ReturnBufferLength,
  416. OUT PNTSTATUS ProtocolStatus
  417. );
  419. typedef NTSTATUS
  420. (NTAPI LSA_CALL_PACKAGEEX) (
  421. IN PUNICODE_STRING AuthenticationPackage,
  422. IN PVOID ClientBufferBase,
  423. IN PVOID ProtocolSubmitBuffer,
  424. IN ULONG SubmitBufferLength,
  425. OUT PVOID *ProtocolReturnBuffer,
  426. OUT PULONG ReturnBufferLength,
  427. OUT PNTSTATUS ProtocolStatus
  428. );
  430. typedef NTSTATUS
  431. (NTAPI LSA_CALL_PACKAGE_PASSTHROUGH) (
  432. IN PUNICODE_STRING AuthenticationPackage,
  433. IN PVOID ClientBufferBase,
  434. IN PVOID ProtocolSubmitBuffer,
  435. IN ULONG SubmitBufferLength,
  436. OUT PVOID *ProtocolReturnBuffer,
  437. OUT PULONG ReturnBufferLength,
  438. OUT PNTSTATUS ProtocolStatus
  439. );
  441. typedef BOOLEAN
  442. (NTAPI LSA_GET_CALL_INFO) (
  443. OUT PSECPKG_CALL_INFO Info
  444. );
  446. typedef PVOID
  447. (NTAPI LSA_CREATE_SHARED_MEMORY)(
  448. ULONG MaxSize,
  449. ULONG InitialSize
  450. );
  452. typedef PVOID
  453. (NTAPI LSA_ALLOCATE_SHARED_MEMORY)(
  454. PVOID SharedMem,
  455. ULONG Size
  456. );
  458. typedef VOID
  459. (NTAPI LSA_FREE_SHARED_MEMORY)(
  460. PVOID SharedMem,
  461. PVOID Memory
  462. );
  464. typedef BOOLEAN
  465. (NTAPI LSA_DELETE_SHARED_MEMORY)(
  466. PVOID SharedMem
  467. );
  469. //
  470. // Account Access
  471. //
  473. typedef enum _SECPKG_NAME_TYPE {
  474. SecNameSamCompatible,
  475. SecNameAlternateId,
  476. SecNameFlat,
  477. SecNameDN
  478. } SECPKG_NAME_TYPE ;
  480. typedef NTSTATUS
  481. (NTAPI LSA_OPEN_SAM_USER)(
  482. PSECURITY_STRING Name,
  483. SECPKG_NAME_TYPE NameType,
  484. PSECURITY_STRING Prefix,
  485. BOOLEAN AllowGuest,
  486. ULONG Reserved,
  487. PVOID * UserHandle
  488. );
  490. typedef NTSTATUS
  491. (NTAPI LSA_GET_USER_CREDENTIALS)(
  492. PVOID UserHandle,
  493. PVOID * PrimaryCreds,
  494. PULONG PrimaryCredsSize,
  495. PVOID * SupplementalCreds,
  496. PULONG SupplementalCredsSize
  497. );
  499. typedef NTSTATUS
  500. (NTAPI LSA_GET_USER_AUTH_DATA)(
  501. PVOID UserHandle,
  502. PUCHAR * UserAuthData,
  503. PULONG UserAuthDataSize
  504. );
  506. typedef NTSTATUS
  507. (NTAPI LSA_CLOSE_SAM_USER)(
  508. PVOID UserHandle
  509. );
  511. typedef NTSTATUS
  512. (NTAPI LSA_GET_AUTH_DATA_FOR_USER)(
  513. PSECURITY_STRING Name,
  514. SECPKG_NAME_TYPE NameType,
  515. PSECURITY_STRING Prefix,
  516. PUCHAR * UserAuthData,
  517. PULONG UserAuthDataSize,
  518. PUNICODE_STRING UserFlatName
  519. );
  521. typedef NTSTATUS
  522. (NTAPI LSA_CONVERT_AUTH_DATA_TO_TOKEN)(
  523. IN PVOID UserAuthData,
  524. IN ULONG UserAuthDataSize,
  525. IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel,
  526. IN PTOKEN_SOURCE TokenSource,
  527. IN SECURITY_LOGON_TYPE LogonType,
  528. IN PUNICODE_STRING AuthorityName,
  529. OUT PHANDLE Token,
  530. OUT PLUID LogonId,
  531. OUT PUNICODE_STRING AccountName,
  532. OUT PNTSTATUS SubStatus
  533. );
  535. typedef NTSTATUS
  536. (NTAPI LSA_CRACK_SINGLE_NAME)(
  537. IN ULONG FormatOffered,
  538. IN BOOLEAN PerformAtGC,
  539. IN PUNICODE_STRING NameInput,
  540. IN PUNICODE_STRING Prefix OPTIONAL,
  541. IN ULONG RequestedFormat,
  542. OUT PUNICODE_STRING CrackedName,
  543. OUT PUNICODE_STRING DnsDomainName,
  544. OUT PULONG SubStatus
  545. );
  547. typedef NTSTATUS
  548. (NTAPI LSA_AUDIT_ACCOUNT_LOGON)(
  549. IN ULONG AuditId,
  550. IN BOOLEAN Success,
  551. IN PUNICODE_STRING Source,
  552. IN PUNICODE_STRING ClientName,
  553. IN PUNICODE_STRING MappedName,
  554. IN NTSTATUS Status
  555. );
  558. typedef NTSTATUS
  559. (NTAPI LSA_CLIENT_CALLBACK)(
  560. PCHAR Callback,
  561. ULONG_PTR Argument1,
  562. ULONG_PTR Argument2,
  563. PSecBuffer Input,
  564. PSecBuffer Output
  565. );
  567. typedef
  568. NTSTATUS
  569. (NTAPI LSA_REGISTER_CALLBACK)(
  570. ULONG CallbackId,
  571. PLSA_CALLBACK_FUNCTION Callback
  572. );
  574. #define NOTIFIER_FLAG_NEW_THREAD 0x00000001
  575. #define NOTIFIER_FLAG_ONE_SHOT 0x00000002
  576. #define NOTIFIER_FLAG_SECONDS 0x80000000
  578. #define NOTIFIER_TYPE_INTERVAL 1
  579. #define NOTIFIER_TYPE_HANDLE_WAIT 2
  580. #define NOTIFIER_TYPE_STATE_CHANGE 3
  581. #define NOTIFIER_TYPE_NOTIFY_EVENT 4
  582. #define NOTIFIER_TYPE_IMMEDIATE 16
  584. #define NOTIFY_CLASS_PACKAGE_CHANGE 1
  585. #define NOTIFY_CLASS_ROLE_CHANGE 2
  586. #define NOTIFY_CLASS_DOMAIN_CHANGE 3
  587. #define NOTIFY_CLASS_REGISTRY_CHANGE 4
  589. typedef struct _SECPKG_EVENT_PACKAGE_CHANGE {
  590. ULONG ChangeType;
  591. LSA_SEC_HANDLE PackageId;
  592. SECURITY_STRING PackageName;
  593. } SECPKG_EVENT_PACKAGE_CHANGE, * PSECPKG_EVENT_PACKAGE_CHANGE ;
  595. #define SECPKG_PACKAGE_CHANGE_LOAD 0
  596. #define SECPKG_PACKAGE_CHANGE_UNLOAD 1
  597. #define SECPKG_PACKAGE_CHANGE_SELECT 2
  599. typedef struct _SECPKG_EVENT_ROLE_CHANGE {
  600. ULONG PreviousRole ;
  601. ULONG NewRole ;
  602. } SECPKG_EVENT_ROLE_CHANGE, * PSECPKG_EVENT_ROLE_CHANGE ;
  604. typedef struct _SECPKG_PARAMETERS SECPKG_EVENT_DOMAIN_CHANGE ;
  605. typedef struct _SECPKG_PARAMETERS * PSECPKG_EVENT_DOMAIN_CHANGE ;
  608. typedef struct _SECPKG_EVENT_NOTIFY {
  609. ULONG EventClass;
  610. ULONG Reserved;
  611. ULONG EventDataSize;
  612. PVOID EventData;
  613. PVOID PackageParameter;
  614. } SECPKG_EVENT_NOTIFY, *PSECPKG_EVENT_NOTIFY ;
  617. typedef
  618. NTSTATUS
  619. (NTAPI LSA_UPDATE_PRIMARY_CREDENTIALS)(
  620. IN PSECPKG_PRIMARY_CRED PrimaryCredentials,
  621. IN OPTIONAL PSECPKG_SUPPLEMENTAL_CRED_ARRAY Credentials
  622. );
  624. typedef
  625. VOID
  626. (NTAPI LSA_PROTECT_MEMORY)(
  627. IN PVOID Buffer,
  628. IN ULONG BufferSize
  629. );
  631. typedef
  632. NTSTATUS
  633. (NTAPI LSA_OPEN_TOKEN_BY_LOGON_ID)(
  634. IN PLUID LogonId,
  635. OUT HANDLE *RetTokenHandle
  636. );
  638. typedef
  639. NTSTATUS
  640. (NTAPI LSA_EXPAND_AUTH_DATA_FOR_DOMAIN)(
  641. IN PUCHAR UserAuthData,
  642. IN ULONG UserAuthDataSize,
  643. IN PVOID Reserved,
  644. OUT PUCHAR * ExpandedAuthData,
  645. OUT PULONG ExpandedAuthDataSize
  646. );
  648. typedef LSA_IMPERSONATE_CLIENT * PLSA_IMPERSONATE_CLIENT;
  649. typedef LSA_UNLOAD_PACKAGE * PLSA_UNLOAD_PACKAGE;
  650. typedef LSA_DUPLICATE_HANDLE * PLSA_DUPLICATE_HANDLE ;
  651. typedef LSA_SAVE_SUPPLEMENTAL_CREDENTIALS * PLSA_SAVE_SUPPLEMENTAL_CREDENTIALS;
  652. typedef LSA_CREATE_THREAD * PLSA_CREATE_THREAD;
  653. typedef LSA_GET_CLIENT_INFO * PLSA_GET_CLIENT_INFO;
  654. typedef LSA_REGISTER_NOTIFICATION * PLSA_REGISTER_NOTIFICATION;
  655. typedef LSA_CANCEL_NOTIFICATION * PLSA_CANCEL_NOTIFICATION;
  656. typedef LSA_MAP_BUFFER * PLSA_MAP_BUFFER;
  657. typedef LSA_CREATE_TOKEN * PLSA_CREATE_TOKEN;
  658. typedef LSA_AUDIT_LOGON * PLSA_AUDIT_LOGON;
  659. typedef LSA_CALL_PACKAGE * PLSA_CALL_PACKAGE;
  660. typedef LSA_CALL_PACKAGEEX * PLSA_CALL_PACKAGEEX;
  661. typedef LSA_GET_CALL_INFO * PLSA_GET_CALL_INFO ;
  662. typedef LSA_CREATE_SHARED_MEMORY * PLSA_CREATE_SHARED_MEMORY ;
  663. typedef LSA_ALLOCATE_SHARED_MEMORY * PLSA_ALLOCATE_SHARED_MEMORY ;
  664. typedef LSA_FREE_SHARED_MEMORY * PLSA_FREE_SHARED_MEMORY ;
  665. typedef LSA_DELETE_SHARED_MEMORY * PLSA_DELETE_SHARED_MEMORY ;
  666. typedef LSA_OPEN_SAM_USER * PLSA_OPEN_SAM_USER ;
  667. typedef LSA_GET_USER_CREDENTIALS * PLSA_GET_USER_CREDENTIALS ;
  668. typedef LSA_GET_USER_AUTH_DATA * PLSA_GET_USER_AUTH_DATA ;
  669. typedef LSA_CLOSE_SAM_USER * PLSA_CLOSE_SAM_USER ;
  670. typedef LSA_CONVERT_AUTH_DATA_TO_TOKEN * PLSA_CONVERT_AUTH_DATA_TO_TOKEN ;
  671. typedef LSA_CLIENT_CALLBACK * PLSA_CLIENT_CALLBACK ;
  672. typedef LSA_REGISTER_CALLBACK * PLSA_REGISTER_CALLBACK ;
  673. typedef LSA_UPDATE_PRIMARY_CREDENTIALS * PLSA_UPDATE_PRIMARY_CREDENTIALS;
  674. typedef LSA_GET_AUTH_DATA_FOR_USER * PLSA_GET_AUTH_DATA_FOR_USER ;
  675. typedef LSA_CRACK_SINGLE_NAME * PLSA_CRACK_SINGLE_NAME ;
  676. typedef LSA_AUDIT_ACCOUNT_LOGON * PLSA_AUDIT_ACCOUNT_LOGON ;
  677. typedef LSA_CALL_PACKAGE_PASSTHROUGH * PLSA_CALL_PACKAGE_PASSTHROUGH;
  678. typedef LSA_PROTECT_MEMORY * PLSA_PROTECT_MEMORY;
  679. typedef LSA_OPEN_TOKEN_BY_LOGON_ID * PLSA_OPEN_TOKEN_BY_LOGON_ID;
  680. typedef LSA_EXPAND_AUTH_DATA_FOR_DOMAIN * PLSA_EXPAND_AUTH_DATA_FOR_DOMAIN;
  681. typedef LSA_CREATE_TOKEN_EX * PLSA_CREATE_TOKEN_EX;
  683. #ifdef _WINCRED_H_
  685. //
  686. // When passing a credential around, the CredentialBlob field is encrypted.
  687. // This structure describes this encrypted form.
  688. //
  689. //
  690. #ifndef _ENCRYPTED_CREDENTIAL_DEFINED
  691. #define _ENCRYPTED_CREDENTIAL_DEFINED
  693. typedef struct _ENCRYPTED_CREDENTIALW {
  695. //
  696. // The credential
  697. //
  698. // The CredentialBlob field points to the encrypted credential
  699. // The CredentialBlobSize field is the length (in bytes) of the encrypted credential
  700. //
  702. CREDENTIALW Cred;
  704. //
  705. // The size in bytes of the clear text credential blob
  706. //
  708. ULONG ClearCredentialBlobSize;
  709. } ENCRYPTED_CREDENTIALW, *PENCRYPTED_CREDENTIALW;
  710. #endif // _ENCRYPTED_CREDENTIAL_DEFINED
  712. //
  713. // Values for CredFlags parameter
  714. //
  716. #define CREDP_FLAGS_IN_PROCESS 0x01 // Caller is in-process. Password data may be returned
  717. #define CREDP_FLAGS_USE_MIDL_HEAP 0x02 // Allocated buffer should use MIDL_user_allocte
  718. #define CREDP_FLAGS_DONT_CACHE_TI 0x04 // TargetInformation shouldn't be cached for CredGetTargetInfo
  719. #define CREDP_FLAGS_CLEAR_PASSWORD 0x08 // Credential blob is passed in in-the-clear
  721. typedef NTSTATUS
  722. (NTAPI CredReadFn) (
  723. IN PLUID LogonId,
  724. IN ULONG CredFlags,
  725. IN LPWSTR TargetName,
  726. IN ULONG Type,
  727. IN ULONG Flags,
  728. OUT PENCRYPTED_CREDENTIALW *Credential
  729. );
  731. typedef NTSTATUS
  732. (NTAPI CredReadDomainCredentialsFn) (
  733. IN PLUID LogonId,
  734. IN ULONG CredFlags,
  735. IN PCREDENTIAL_TARGET_INFORMATIONW TargetInfo,
  736. IN ULONG Flags,
  737. OUT PULONG Count,
  738. OUT PENCRYPTED_CREDENTIALW **Credential
  739. );
  741. typedef VOID
  742. (NTAPI CredFreeCredentialsFn) (
  743. IN ULONG Count,
  744. IN PENCRYPTED_CREDENTIALW *Credentials OPTIONAL
  745. );
  747. NTSTATUS
  748. CredMarshalTargetInfo (
  749. IN PCREDENTIAL_TARGET_INFORMATIONW InTargetInfo,
  750. OUT PUSHORT *Buffer,
  751. OUT PULONG BufferSize
  752. );
  754. NTSTATUS
  755. CredUnmarshalTargetInfo (
  756. IN PUSHORT Buffer,
  757. IN ULONG BufferSize,
  758. OUT PCREDENTIAL_TARGET_INFORMATIONW *RetTargetInfo
  759. );
  761. #endif // _WINCRED_H_
  764. //
  765. // Pure 32-bit versions of credential structures for packages
  766. // running wow64:
  767. //
  769. typedef struct _SEC_WINNT_AUTH_IDENTITY32 {
  770. ULONG User ;
  771. ULONG UserLength ;
  772. ULONG Domain ;
  773. ULONG DomainLength ;
  774. ULONG Password ;
  775. ULONG PasswordLength ;
  776. ULONG Flags ;
  777. } SEC_WINNT_AUTH_IDENTITY32, * PSEC_WINNT_AUTH_IDENTITY32 ;
  779. typedef struct _SEC_WINNT_AUTH_IDENTITY_EX32 {
  780. ULONG Version ;
  781. ULONG Length ;
  782. ULONG User ;
  783. ULONG UserLength ;
  784. ULONG Domain ;
  785. ULONG DomainLength ;
  786. ULONG Password ;
  787. ULONG PasswordLength ;
  788. ULONG Flags ;
  789. ULONG PackageList ;
  790. ULONG PackageListLength ;
  791. } SEC_WINNT_AUTH_IDENTITY_EX32, * PSEC_WINNT_AUTH_IDENTITY_EX32 ;
  793. // Functions provided by the SPM to the packages:
  794. typedef struct _LSA_SECPKG_FUNCTION_TABLE {
  795. PLSA_CREATE_LOGON_SESSION CreateLogonSession;
  796. PLSA_DELETE_LOGON_SESSION DeleteLogonSession;
  797. PLSA_ADD_CREDENTIAL AddCredential;
  798. PLSA_GET_CREDENTIALS GetCredentials;
  799. PLSA_DELETE_CREDENTIAL DeleteCredential;
  800. PLSA_ALLOCATE_LSA_HEAP AllocateLsaHeap;
  801. PLSA_FREE_LSA_HEAP FreeLsaHeap;
  802. PLSA_ALLOCATE_CLIENT_BUFFER AllocateClientBuffer;
  803. PLSA_FREE_CLIENT_BUFFER FreeClientBuffer;
  804. PLSA_COPY_TO_CLIENT_BUFFER CopyToClientBuffer;
  805. PLSA_COPY_FROM_CLIENT_BUFFER CopyFromClientBuffer;
  806. PLSA_IMPERSONATE_CLIENT ImpersonateClient;
  807. PLSA_UNLOAD_PACKAGE UnloadPackage;
  808. PLSA_DUPLICATE_HANDLE DuplicateHandle;
  809. PLSA_SAVE_SUPPLEMENTAL_CREDENTIALS SaveSupplementalCredentials;
  810. PLSA_CREATE_THREAD CreateThread;
  811. PLSA_GET_CLIENT_INFO GetClientInfo;
  812. PLSA_REGISTER_NOTIFICATION RegisterNotification;
  813. PLSA_CANCEL_NOTIFICATION CancelNotification;
  814. PLSA_MAP_BUFFER MapBuffer;
  815. PLSA_CREATE_TOKEN CreateToken;
  816. PLSA_AUDIT_LOGON AuditLogon;
  817. PLSA_CALL_PACKAGE CallPackage;
  818. PLSA_FREE_LSA_HEAP FreeReturnBuffer;
  819. PLSA_GET_CALL_INFO GetCallInfo;
  820. PLSA_CALL_PACKAGEEX CallPackageEx;
  821. PLSA_CREATE_SHARED_MEMORY CreateSharedMemory;
  822. PLSA_ALLOCATE_SHARED_MEMORY AllocateSharedMemory;
  823. PLSA_FREE_SHARED_MEMORY FreeSharedMemory;
  824. PLSA_DELETE_SHARED_MEMORY DeleteSharedMemory;
  825. PLSA_OPEN_SAM_USER OpenSamUser ;
  826. PLSA_GET_USER_CREDENTIALS GetUserCredentials ;
  827. PLSA_GET_USER_AUTH_DATA GetUserAuthData ;
  828. PLSA_CLOSE_SAM_USER CloseSamUser ;
  829. PLSA_CONVERT_AUTH_DATA_TO_TOKEN ConvertAuthDataToToken ;
  830. PLSA_CLIENT_CALLBACK ClientCallback ;
  831. PLSA_UPDATE_PRIMARY_CREDENTIALS UpdateCredentials ;
  832. PLSA_GET_AUTH_DATA_FOR_USER GetAuthDataForUser ;
  833. PLSA_CRACK_SINGLE_NAME CrackSingleName ;
  834. PLSA_AUDIT_ACCOUNT_LOGON AuditAccountLogon ;
  835. PLSA_CALL_PACKAGE_PASSTHROUGH CallPackagePassthrough ;
  836. #ifdef _WINCRED_H_
  837. CredReadFn *CrediRead;
  838. CredReadDomainCredentialsFn *CrediReadDomainCredentials;
  839. CredFreeCredentialsFn *CrediFreeCredentials;
  840. #else // _WINCRED_H_
  841. PLSA_PROTECT_MEMORY DummyFunction1;
  842. PLSA_PROTECT_MEMORY DummyFunction2;
  843. PLSA_PROTECT_MEMORY DummyFunction3;
  844. #endif // _WINCRED_H_
  845. PLSA_PROTECT_MEMORY LsaProtectMemory;
  846. PLSA_PROTECT_MEMORY LsaUnprotectMemory;
  847. PLSA_OPEN_TOKEN_BY_LOGON_ID OpenTokenByLogonId;
  848. PLSA_EXPAND_AUTH_DATA_FOR_DOMAIN ExpandAuthDataForDomain;
  849. PLSA_ALLOCATE_PRIVATE_HEAP AllocatePrivateHeap;
  850. PLSA_FREE_PRIVATE_HEAP FreePrivateHeap;
  851. PLSA_CREATE_TOKEN_EX CreateTokenEx;
  852. } LSA_SECPKG_FUNCTION_TABLE, *PLSA_SECPKG_FUNCTION_TABLE;
  854. typedef struct _SECPKG_DLL_FUNCTIONS {
  855. PLSA_ALLOCATE_LSA_HEAP AllocateHeap;
  856. PLSA_FREE_LSA_HEAP FreeHeap;
  857. PLSA_REGISTER_CALLBACK RegisterCallback ;
  858. } SECPKG_DLL_FUNCTIONS, * PSECPKG_DLL_FUNCTIONS;
  863. //
  864. // The following prototypes are to functions that will be called only while
  865. // in the Security Package Manager context.
  866. //
  868. typedef NTSTATUS
  869. (NTAPI SpInitializeFn)(
  870. IN ULONG_PTR PackageId,
  871. IN PSECPKG_PARAMETERS Parameters,
  872. IN PLSA_SECPKG_FUNCTION_TABLE FunctionTable
  873. );
  875. typedef NTSTATUS
  876. (NTAPI SpShutdownFn)(
  877. VOID
  878. );
  880. typedef NTSTATUS
  881. (NTAPI SpGetInfoFn)(
  882. OUT PSecPkgInfo PackageInfo
  883. );
  885. typedef NTSTATUS
  886. (NTAPI SpGetExtendedInformationFn)(
  887. IN SECPKG_EXTENDED_INFORMATION_CLASS Class,
  888. OUT PSECPKG_EXTENDED_INFORMATION * ppInformation
  889. );
  891. typedef NTSTATUS
  892. (NTAPI SpSetExtendedInformationFn)(
  893. IN SECPKG_EXTENDED_INFORMATION_CLASS Class,
  894. IN PSECPKG_EXTENDED_INFORMATION Info
  895. );
  897. typedef NTSTATUS
  898. (LSA_AP_LOGON_USER_EX2) (
  899. IN PLSA_CLIENT_REQUEST ClientRequest,
  900. IN SECURITY_LOGON_TYPE LogonType,
  901. IN PVOID AuthenticationInformation,
  902. IN PVOID ClientAuthenticationBase,
  903. IN ULONG AuthenticationInformationLength,
  904. OUT PVOID *ProfileBuffer,
  905. OUT PULONG ProfileBufferLength,
  906. OUT PLUID LogonId,
  907. OUT PNTSTATUS SubStatus,
  908. OUT PLSA_TOKEN_INFORMATION_TYPE TokenInformationType,
  909. OUT PVOID *TokenInformation,
  910. OUT PUNICODE_STRING *AccountName,
  911. OUT PUNICODE_STRING *AuthenticatingAuthority,
  912. OUT PUNICODE_STRING *MachineName,
  913. OUT PSECPKG_PRIMARY_CRED PrimaryCredentials,
  914. OUT PSECPKG_SUPPLEMENTAL_CRED_ARRAY * CachedCredentials
  915. );
  917. typedef LSA_AP_LOGON_USER_EX2 *PLSA_AP_LOGON_USER_EX2;
  918. #define LSA_AP_NAME_LOGON_USER_EX2 "LsaApLogonUserEx2\0"
  920. typedef NTSTATUS
  921. (NTAPI SpAcceptCredentialsFn)(
  922. IN SECURITY_LOGON_TYPE LogonType,
  923. IN PUNICODE_STRING AccountName,
  924. IN PSECPKG_PRIMARY_CRED PrimaryCredentials,
  925. IN PSECPKG_SUPPLEMENTAL_CRED SupplementalCredentials
  926. );
  927. #define SP_ACCEPT_CREDENTIALS_NAME "SpAcceptCredentials\0"
  929. typedef NTSTATUS
  930. (NTAPI SpAcquireCredentialsHandleFn)(
  931. IN OPTIONAL PUNICODE_STRING PrincipalName,
  932. IN ULONG CredentialUseFlags,
  933. IN OPTIONAL PLUID LogonId,
  934. IN PVOID AuthorizationData,
  935. IN PVOID GetKeyFunciton,
  936. IN PVOID GetKeyArgument,
  937. OUT PLSA_SEC_HANDLE CredentialHandle,
  938. OUT PTimeStamp ExpirationTime
  939. );
  941. typedef NTSTATUS
  942. (NTAPI SpFreeCredentialsHandleFn)(
  943. IN LSA_SEC_HANDLE CredentialHandle
  944. );
  946. typedef NTSTATUS
  947. (NTAPI SpQueryCredentialsAttributesFn)(
  948. IN LSA_SEC_HANDLE CredentialHandle,
  949. IN ULONG CredentialAttribute,
  950. IN OUT PVOID Buffer
  951. );
  953. typedef NTSTATUS
  954. (NTAPI SpAddCredentialsFn)(
  955. IN LSA_SEC_HANDLE CredentialHandle,
  956. IN OPTIONAL PUNICODE_STRING PrincipalName,
  957. IN PUNICODE_STRING Package,
  958. IN ULONG CredentialUseFlags,
  959. IN PVOID AuthorizationData,
  960. IN PVOID GetKeyFunciton,
  961. IN PVOID GetKeyArgument,
  962. OUT PTimeStamp ExpirationTime
  963. );
  965. typedef NTSTATUS
  966. (NTAPI SpSaveCredentialsFn)(
  967. IN LSA_SEC_HANDLE CredentialHandle,
  968. IN PSecBuffer Credentials);
  970. typedef NTSTATUS
  971. (NTAPI SpGetCredentialsFn)(
  972. IN LSA_SEC_HANDLE CredentialHandle,
  973. IN OUT PSecBuffer Credentials
  974. );
  976. typedef NTSTATUS
  977. (NTAPI SpDeleteCredentialsFn)(
  978. IN LSA_SEC_HANDLE CredentialHandle,
  979. IN PSecBuffer Key
  980. );
  982. typedef NTSTATUS
  983. (NTAPI SpInitLsaModeContextFn)(
  984. IN OPTIONAL LSA_SEC_HANDLE CredentialHandle,
  985. IN OPTIONAL LSA_SEC_HANDLE ContextHandle,
  986. IN OPTIONAL PUNICODE_STRING TargetName,
  987. IN ULONG ContextRequirements,
  988. IN ULONG TargetDataRep,
  989. IN PSecBufferDesc InputBuffers,
  990. OUT PLSA_SEC_HANDLE NewContextHandle,
  991. IN OUT PSecBufferDesc OutputBuffers,
  992. OUT PULONG ContextAttributes,
  993. OUT PTimeStamp ExpirationTime,
  994. OUT PBOOLEAN MappedContext,
  995. OUT PSecBuffer ContextData
  996. );
  1001. typedef NTSTATUS
  1002. (NTAPI SpDeleteContextFn)(
  1003. IN LSA_SEC_HANDLE ContextHandle
  1004. );
  1006. typedef NTSTATUS
  1007. (NTAPI SpApplyControlTokenFn)(
  1008. IN LSA_SEC_HANDLE ContextHandle,
  1009. IN PSecBufferDesc ControlToken);
  1012. typedef NTSTATUS
  1013. (NTAPI SpAcceptLsaModeContextFn)(
  1014. IN OPTIONAL LSA_SEC_HANDLE CredentialHandle,
  1015. IN OPTIONAL LSA_SEC_HANDLE ContextHandle,
  1016. IN PSecBufferDesc InputBuffer,
  1017. IN ULONG ContextRequirements,
  1018. IN ULONG TargetDataRep,
  1019. OUT PLSA_SEC_HANDLE NewContextHandle,
  1020. OUT PSecBufferDesc OutputBuffer,
  1021. OUT PULONG ContextAttributes,
  1022. OUT PTimeStamp ExpirationTime,
  1023. OUT PBOOLEAN MappedContext,
  1024. OUT PSecBuffer ContextData
  1025. );
  1030. typedef NTSTATUS
  1031. (NTAPI SpGetUserInfoFn)(
  1032. IN PLUID LogonId,
  1033. IN ULONG Flags,
  1034. OUT PSecurityUserData * UserData
  1035. );
  1037. typedef NTSTATUS
  1038. (NTAPI SpQueryContextAttributesFn)(
  1039. IN LSA_SEC_HANDLE ContextHandle,
  1040. IN ULONG ContextAttribute,
  1041. IN OUT PVOID Buffer);
  1043. typedef NTSTATUS
  1044. (NTAPI SpSetContextAttributesFn)(
  1045. IN LSA_SEC_HANDLE ContextHandle,
  1046. IN ULONG ContextAttribute,
  1047. IN PVOID Buffer,
  1048. IN ULONG BufferSize );
  1052. typedef struct _SECPKG_FUNCTION_TABLE {
  1053. PLSA_AP_INITIALIZE_PACKAGE InitializePackage;
  1054. PLSA_AP_LOGON_USER LogonUser;
  1055. PLSA_AP_CALL_PACKAGE CallPackage;
  1056. PLSA_AP_LOGON_TERMINATED LogonTerminated;
  1057. PLSA_AP_CALL_PACKAGE_UNTRUSTED CallPackageUntrusted;
  1058. PLSA_AP_CALL_PACKAGE_PASSTHROUGH CallPackagePassthrough;
  1059. PLSA_AP_LOGON_USER_EX LogonUserEx;
  1060. PLSA_AP_LOGON_USER_EX2 LogonUserEx2;
  1061. SpInitializeFn * Initialize;
  1062. SpShutdownFn * Shutdown;
  1063. SpGetInfoFn * GetInfo;
  1064. SpAcceptCredentialsFn * AcceptCredentials;
  1065. SpAcquireCredentialsHandleFn * AcquireCredentialsHandle;
  1066. SpQueryCredentialsAttributesFn * QueryCredentialsAttributes;
  1067. SpFreeCredentialsHandleFn * FreeCredentialsHandle;
  1068. SpSaveCredentialsFn * SaveCredentials;
  1069. SpGetCredentialsFn * GetCredentials;
  1070. SpDeleteCredentialsFn * DeleteCredentials;
  1071. SpInitLsaModeContextFn * InitLsaModeContext;
  1072. SpAcceptLsaModeContextFn * AcceptLsaModeContext;
  1073. SpDeleteContextFn * DeleteContext;
  1074. SpApplyControlTokenFn * ApplyControlToken;
  1075. SpGetUserInfoFn * GetUserInfo;
  1076. SpGetExtendedInformationFn * GetExtendedInformation ;
  1077. SpQueryContextAttributesFn * QueryContextAttributes ;
  1078. SpAddCredentialsFn * AddCredentials ;
  1079. SpSetExtendedInformationFn * SetExtendedInformation ;
  1080. SpSetContextAttributesFn * SetContextAttributes ;
  1081. } SECPKG_FUNCTION_TABLE, *PSECPKG_FUNCTION_TABLE;
  1083. //
  1084. // The following prototypes are to functions that will be called while in the
  1085. // context of a user process that is using the functions through the security
  1086. // DLL.
  1087. //
  1089. typedef NTSTATUS
  1090. (NTAPI SpInstanceInitFn)(
  1091. IN ULONG Version,
  1092. IN PSECPKG_DLL_FUNCTIONS FunctionTable,
  1093. OUT PVOID * UserFunctions
  1094. );
  1097. typedef NTSTATUS
  1098. (NTAPI SpInitUserModeContextFn)(
  1099. IN LSA_SEC_HANDLE ContextHandle,
  1100. IN PSecBuffer PackedContext
  1101. );
  1103. typedef NTSTATUS
  1104. (NTAPI SpMakeSignatureFn)(
  1105. IN LSA_SEC_HANDLE ContextHandle,
  1106. IN ULONG QualityOfProtection,
  1107. IN PSecBufferDesc MessageBuffers,
  1108. IN ULONG MessageSequenceNumber
  1109. );
  1111. typedef NTSTATUS
  1112. (NTAPI SpVerifySignatureFn)(
  1113. IN LSA_SEC_HANDLE ContextHandle,
  1114. IN PSecBufferDesc MessageBuffers,
  1115. IN ULONG MessageSequenceNumber,
  1116. OUT PULONG QualityOfProtection
  1117. );
  1119. typedef NTSTATUS
  1120. (NTAPI SpSealMessageFn)(
  1121. IN LSA_SEC_HANDLE ContextHandle,
  1122. IN ULONG QualityOfProtection,
  1123. IN PSecBufferDesc MessageBuffers,
  1124. IN ULONG MessageSequenceNumber
  1125. );
  1127. typedef NTSTATUS
  1128. (NTAPI SpUnsealMessageFn)(
  1129. IN LSA_SEC_HANDLE ContextHandle,
  1130. IN PSecBufferDesc MessageBuffers,
  1131. IN ULONG MessageSequenceNumber,
  1132. OUT PULONG QualityOfProtection
  1133. );
  1136. typedef NTSTATUS
  1137. (NTAPI SpGetContextTokenFn)(
  1138. IN LSA_SEC_HANDLE ContextHandle,
  1139. OUT PHANDLE ImpersonationToken
  1140. );
  1143. typedef NTSTATUS
  1144. (NTAPI SpExportSecurityContextFn)(
  1145. LSA_SEC_HANDLE phContext, // (in) context to export
  1146. ULONG fFlags, // (in) option flags
  1147. PSecBuffer pPackedContext, // (out) marshalled context
  1148. PHANDLE pToken // (out, optional) token handle for impersonation
  1149. );
  1151. typedef NTSTATUS
  1152. (NTAPI SpImportSecurityContextFn)(
  1153. PSecBuffer pPackedContext, // (in) marshalled context
  1154. HANDLE Token, // (in, optional) handle to token for context
  1155. PLSA_SEC_HANDLE phContext // (out) new context handle
  1156. );
  1159. typedef NTSTATUS
  1160. (NTAPI SpCompleteAuthTokenFn)(
  1161. IN LSA_SEC_HANDLE ContextHandle,
  1162. IN PSecBufferDesc InputBuffer
  1163. );
  1166. typedef NTSTATUS
  1167. (NTAPI SpFormatCredentialsFn)(
  1168. IN PSecBuffer Credentials,
  1169. OUT PSecBuffer FormattedCredentials
  1170. );
  1172. typedef NTSTATUS
  1173. (NTAPI SpMarshallSupplementalCredsFn)(
  1174. IN ULONG CredentialSize,
  1175. IN PUCHAR Credentials,
  1176. OUT PULONG MarshalledCredSize,
  1177. OUT PVOID * MarshalledCreds);
  1180. typedef struct _SECPKG_USER_FUNCTION_TABLE {
  1181. SpInstanceInitFn * InstanceInit;
  1182. SpInitUserModeContextFn * InitUserModeContext;
  1183. SpMakeSignatureFn * MakeSignature;
  1184. SpVerifySignatureFn * VerifySignature;
  1185. SpSealMessageFn * SealMessage;
  1186. SpUnsealMessageFn * UnsealMessage;
  1187. SpGetContextTokenFn * GetContextToken;
  1188. SpQueryContextAttributesFn * QueryContextAttributes;
  1189. SpCompleteAuthTokenFn * CompleteAuthToken;
  1190. SpDeleteContextFn * DeleteUserModeContext;
  1191. SpFormatCredentialsFn * FormatCredentials;
  1192. SpMarshallSupplementalCredsFn * MarshallSupplementalCreds;
  1193. SpExportSecurityContextFn * ExportContext;
  1194. SpImportSecurityContextFn * ImportContext;
  1195. } SECPKG_USER_FUNCTION_TABLE, *PSECPKG_USER_FUNCTION_TABLE;
  1197. typedef NTSTATUS
  1198. (SEC_ENTRY * SpLsaModeInitializeFn)(
  1199. IN ULONG LsaVersion,
  1200. OUT PULONG PackageVersion,
  1201. OUT PSECPKG_FUNCTION_TABLE * ppTables,
  1202. OUT PULONG pcTables);
  1204. typedef NTSTATUS
  1205. (SEC_ENTRY * SpUserModeInitializeFn)(
  1206. IN ULONG LsaVersion,
  1207. OUT PULONG PackageVersion,
  1208. OUT PSECPKG_USER_FUNCTION_TABLE *ppTables,
  1209. OUT PULONG pcTables
  1210. );
  1214. #define SECPKG_LSAMODEINIT_NAME "SpLsaModeInitialize"
  1215. #define SECPKG_USERMODEINIT_NAME "SpUserModeInitialize"
  1217. //
  1218. // Version of the security package interface.
  1219. //
  1220. // These define are used for all of the following:
  1221. // * Passed by the LSA to SpLsaModeInitializeFn to indicate the version of the LSA.
  1222. // All packages currently expect the LSA to pass SECPKG_INTERFACE_VERSION.
  1223. // * Passed by secur32.dll to SpUserModeInitialzeFn to indicate the version of the secur32 DLL.
  1224. // All packages currently expect secur32 to pass SECPKG_INTERFACE_VERSION.
  1225. // * Returned from SpLsaModeInitializeFn to indicate the version of SECPKG_FUNCTION_TABLE.
  1226. // SECPKG_INTERFACE_VERSION indicates all fields through SetExtendedInformation are defined (potentially to NULL)
  1227. // SECPKG_INTERFACE_VERSION_2 indicates all fields through SetContextAttributes are defined (potentially to NULL)
  1228. // * Returned from SpUserModeInitializeFn to indicate the version of the auth package.
  1229. // All packages currently return SECPKG_INTERFACE_VERSION
  1230. //
  1232. #define SECPKG_INTERFACE_VERSION 0x00010000
  1233. #define SECPKG_INTERFACE_VERSION_2 0x00020000
  1237. typedef enum _KSEC_CONTEXT_TYPE {
  1238. KSecPaged,
  1239. KSecNonPaged
  1240. } KSEC_CONTEXT_TYPE ;
  1242. typedef struct _KSEC_LIST_ENTRY {
  1243. LIST_ENTRY List ;
  1244. LONG RefCount ;
  1245. ULONG Signature ;
  1246. PVOID OwningList ;
  1247. PVOID Reserved ;
  1248. } KSEC_LIST_ENTRY, * PKSEC_LIST_ENTRY ;
  1250. #define KsecInitializeListEntry( Entry, SigValue ) \
  1251. ((PKSEC_LIST_ENTRY) Entry)->List.Flink = ((PKSEC_LIST_ENTRY) Entry)->List.Blink = NULL ; \
  1252. ((PKSEC_LIST_ENTRY) Entry)->RefCount = 1 ; \
  1253. ((PKSEC_LIST_ENTRY) Entry)->Signature = SigValue ; \
  1254. ((PKSEC_LIST_ENTRY) Entry)->OwningList = NULL ; \
  1255. ((PKSEC_LIST_ENTRY) Entry)->Reserved = NULL ;
  1259. typedef PVOID
  1260. (SEC_ENTRY KSEC_CREATE_CONTEXT_LIST)(
  1261. IN KSEC_CONTEXT_TYPE Type
  1262. );
  1264. typedef VOID
  1265. (SEC_ENTRY KSEC_INSERT_LIST_ENTRY)(
  1266. IN PVOID List,
  1267. IN PKSEC_LIST_ENTRY Entry
  1268. );
  1270. typedef NTSTATUS
  1271. (SEC_ENTRY KSEC_REFERENCE_LIST_ENTRY)(
  1272. IN PKSEC_LIST_ENTRY Entry,
  1273. IN ULONG Signature,
  1274. IN BOOLEAN RemoveNoRef
  1275. );
  1277. typedef VOID
  1278. (SEC_ENTRY KSEC_DEREFERENCE_LIST_ENTRY)(
  1279. IN PKSEC_LIST_ENTRY Entry,
  1280. OUT BOOLEAN * Delete OPTIONAL
  1281. );
  1283. typedef NTSTATUS
  1284. (SEC_ENTRY KSEC_SERIALIZE_WINNT_AUTH_DATA)(
  1285. IN PVOID pvAuthData,
  1286. OUT PULONG Size,
  1287. OUT PVOID * SerializedData );
  1289. #ifndef MIDL_PASS
  1291. KSEC_CREATE_CONTEXT_LIST KSecCreateContextList ;
  1292. KSEC_INSERT_LIST_ENTRY KSecInsertListEntry ;
  1293. KSEC_REFERENCE_LIST_ENTRY KSecReferenceListEntry ;
  1294. KSEC_DEREFERENCE_LIST_ENTRY KSecDereferenceListEntry ;
  1295. KSEC_SERIALIZE_WINNT_AUTH_DATA KSecSerializeWinntAuthData ;
  1297. #endif // not valid for MIDL_PASS
  1299. typedef KSEC_CREATE_CONTEXT_LIST * PKSEC_CREATE_CONTEXT_LIST ;
  1300. typedef KSEC_INSERT_LIST_ENTRY * PKSEC_INSERT_LIST_ENTRY ;
  1301. typedef KSEC_REFERENCE_LIST_ENTRY * PKSEC_REFERENCE_LIST_ENTRY ;
  1302. typedef KSEC_DEREFERENCE_LIST_ENTRY * PKSEC_DEREFERENCE_LIST_ENTRY ;
  1303. typedef KSEC_SERIALIZE_WINNT_AUTH_DATA * PKSEC_SERIALIZE_WINNT_AUTH_DATA ;
  1306. typedef struct _SECPKG_KERNEL_FUNCTIONS {
  1307. PLSA_ALLOCATE_LSA_HEAP AllocateHeap;
  1308. PLSA_FREE_LSA_HEAP FreeHeap;
  1309. PKSEC_CREATE_CONTEXT_LIST CreateContextList ;
  1310. PKSEC_INSERT_LIST_ENTRY InsertListEntry ;
  1311. PKSEC_REFERENCE_LIST_ENTRY ReferenceListEntry ;
  1312. PKSEC_DEREFERENCE_LIST_ENTRY DereferenceListEntry ;
  1313. PKSEC_SERIALIZE_WINNT_AUTH_DATA SerializeWinntAuthData ;
  1314. } SECPKG_KERNEL_FUNCTIONS, *PSECPKG_KERNEL_FUNCTIONS;
  1317. typedef NTSTATUS
  1318. (NTAPI KspInitPackageFn)(
  1319. PSECPKG_KERNEL_FUNCTIONS FunctionTable
  1320. );
  1323. typedef NTSTATUS
  1324. (NTAPI KspDeleteContextFn)(
  1325. IN LSA_SEC_HANDLE ContextId,
  1326. OUT PLSA_SEC_HANDLE LsaContextId
  1327. );
  1329. typedef NTSTATUS
  1330. (NTAPI KspInitContextFn)(
  1331. IN LSA_SEC_HANDLE ContextId,
  1332. IN PSecBuffer ContextData,
  1333. OUT PLSA_SEC_HANDLE NewContextId
  1334. );
  1336. typedef NTSTATUS
  1337. (NTAPI KspMakeSignatureFn)(
  1338. IN LSA_SEC_HANDLE ContextId,
  1339. IN ULONG fQOP,
  1340. IN OUT PSecBufferDesc Message,
  1341. IN ULONG MessageSeqNo
  1342. );
  1344. typedef NTSTATUS
  1345. (NTAPI KspVerifySignatureFn)(
  1346. IN LSA_SEC_HANDLE ContextId,
  1347. IN OUT PSecBufferDesc Message,
  1348. IN ULONG MessageSeqNo,
  1349. OUT PULONG pfQOP
  1350. );
  1353. typedef NTSTATUS
  1354. (NTAPI KspSealMessageFn)(
  1355. IN LSA_SEC_HANDLE ContextId,
  1356. IN ULONG fQOP,
  1357. IN OUT PSecBufferDesc Message,
  1358. IN ULONG MessageSeqNo
  1359. );
  1361. typedef NTSTATUS
  1362. (NTAPI KspUnsealMessageFn)(
  1363. IN LSA_SEC_HANDLE ContextId,
  1364. IN OUT PSecBufferDesc Message,
  1365. IN ULONG MessageSeqNo,
  1366. OUT PULONG pfQOP
  1367. );
  1369. typedef NTSTATUS
  1370. (NTAPI KspGetTokenFn)(
  1371. IN LSA_SEC_HANDLE ContextId,
  1372. OUT PHANDLE ImpersonationToken,
  1373. OUT OPTIONAL PACCESS_TOKEN * RawToken
  1374. );
  1376. typedef NTSTATUS
  1377. (NTAPI KspQueryAttributesFn)(
  1378. IN LSA_SEC_HANDLE ContextId,
  1379. IN ULONG Attribute,
  1380. IN OUT PVOID Buffer
  1381. );
  1383. typedef NTSTATUS
  1384. (NTAPI KspCompleteTokenFn)(
  1385. IN LSA_SEC_HANDLE ContextId,
  1386. IN PSecBufferDesc Token
  1387. );
  1390. typedef NTSTATUS
  1391. (NTAPI KspMapHandleFn)(
  1392. IN LSA_SEC_HANDLE ContextId,
  1393. OUT PLSA_SEC_HANDLE LsaContextId
  1394. );
  1396. typedef NTSTATUS
  1397. (NTAPI KspSetPagingModeFn)(
  1398. IN BOOLEAN PagingMode
  1399. );
  1401. typedef NTSTATUS
  1402. (NTAPI KspSerializeAuthDataFn)(
  1403. IN PVOID pvAuthData,
  1404. OUT PULONG Size,
  1405. OUT PVOID * SerializedData
  1406. );
  1408. typedef struct _SECPKG_KERNEL_FUNCTION_TABLE {
  1409. KspInitPackageFn * Initialize;
  1410. KspDeleteContextFn * DeleteContext;
  1411. KspInitContextFn * InitContext;
  1412. KspMapHandleFn * MapHandle;
  1413. KspMakeSignatureFn * Sign;
  1414. KspVerifySignatureFn * Verify;
  1415. KspSealMessageFn * Seal;
  1416. KspUnsealMessageFn * Unseal;
  1417. KspGetTokenFn * GetToken;
  1418. KspQueryAttributesFn * QueryAttributes;
  1419. KspCompleteTokenFn * CompleteToken;
  1420. SpExportSecurityContextFn * ExportContext;
  1421. SpImportSecurityContextFn * ImportContext;
  1422. KspSetPagingModeFn * SetPackagePagingMode ;
  1423. KspSerializeAuthDataFn * SerializeAuthData ;
  1424. } SECPKG_KERNEL_FUNCTION_TABLE, *PSECPKG_KERNEL_FUNCTION_TABLE;
  1426. SECURITY_STATUS
  1427. SEC_ENTRY
  1428. KSecRegisterSecurityProvider(
  1429. PSECURITY_STRING ProviderName,
  1430. PSECPKG_KERNEL_FUNCTION_TABLE Table
  1431. );
  1435. extern SECPKG_KERNEL_FUNCTIONS KspKernelFunctions;
  1438. // end_ntsecpkg
  1440. #endif // __SECPKG_H__