Source code of Windows XP (NT5)
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

217 lines
6.6 KiB

//+-----------------------------------------------------------------------
//
// Microsoft Windows
//
// Copyright (c) Microsoft Corporation 1992 - 1996
//
// File: kerbdefs.h
//
// Contents: defines for all internal Kerberos lists
//
//
// History: 03-May-1999 ChandanS Created
//
//------------------------------------------------------------------------
#ifndef __KERBDEFS_H__
#define __KERBDEFS_H__
//
// All Kerberos list structures are defined here
//
typedef struct _KERBEROS_LIST {
LIST_ENTRY List;
RTL_CRITICAL_SECTION Lock;
} KERBEROS_LIST, *PKERBEROS_LIST;
typedef struct _KERBEROS_LIST_ENTRY {
LIST_ENTRY Next;
ULONG ReferenceCount;
} KERBEROS_LIST_ENTRY, *PKERBEROS_LIST_ENTRY;
typedef struct _KERB_TICKET_CACHE_ENTRY {
KERBEROS_LIST_ENTRY ListEntry;
volatile LONG Linked;
PKERB_INTERNAL_NAME ServiceName;
PKERB_INTERNAL_NAME TargetName;
UNICODE_STRING DomainName;
UNICODE_STRING TargetDomainName;
UNICODE_STRING AltTargetDomainName;
UNICODE_STRING ClientDomainName;
PKERB_INTERNAL_NAME ClientName;
ULONG TicketFlags;
ULONG CacheFlags;
KERB_ENCRYPTION_KEY SessionKey;
TimeStamp KeyExpirationTime;
TimeStamp StartTime;
TimeStamp EndTime;
TimeStamp RenewUntil;
KERB_TICKET Ticket;
TimeStamp TimeSkew;
} KERB_TICKET_CACHE_ENTRY, *PKERB_TICKET_CACHE_ENTRY;
typedef struct _KERB_TICKET_CACHE {
LIST_ENTRY CacheEntries;
} KERB_TICKET_CACHE, *PKERB_TICKET_CACHE;
#define CSP_DATA_INITIALIZED 0x01
#define CONTEXT_INITIALIZED_WITH_CRED_MAN_CREDS 0x02
#define CONTEXT_INITIALIZED_WITH_ACH 0x04
typedef struct _KERB_PUBLIC_KEY_CREDENTIALS {
UNICODE_STRING Pin;
LUID LogonId; // logon id used in impersonation...
PCCERT_CONTEXT CertContext;
HCRYPTPROV hProv;
ULONG InitializationInfo;
ULONG CspDataLength;
BYTE CspData[1];
} KERB_PUBLIC_KEY_CREDENTIALS, *PKERB_PUBLIC_KEY_CREDENTIALS;
typedef struct _KERB_PRIMARY_CREDENTIAL {
UNICODE_STRING UserName;
UNICODE_STRING DomainName;
UNICODE_STRING ClearPassword; // this is only present until a ticket has been obtained.
UNICODE_STRING OldUserName; // original user name in explicit
UNICODE_STRING OldDomainName; // original domain name in explicit cred
NT_OWF_PASSWORD OldHashPassword; // hash of encrypted ClearPassword
PKERB_STORED_CREDENTIAL Passwords;
PKERB_STORED_CREDENTIAL OldPasswords;
KERB_TICKET_CACHE ServerTicketCache;
KERB_TICKET_CACHE S4UTicketCache;
KERB_TICKET_CACHE AuthenticationTicketCache;
PKERB_PUBLIC_KEY_CREDENTIALS PublicKeyCreds;
} KERB_PRIMARY_CREDENTIAL, *PKERB_PRIMARY_CREDENTIAL;
typedef struct _KERB_LOGON_SESSION {
KERBEROS_LIST_ENTRY ListEntry;
LIST_ENTRY SspCredentials;
KERBEROS_LIST CredmanCredentials;
LUID LogonId; // constant
TimeStamp Lifetime;
RTL_CRITICAL_SECTION Lock;
KERB_PRIMARY_CREDENTIAL PrimaryCredentials;
ULONG LogonSessionFlags;
} KERB_LOGON_SESSION, *PKERB_LOGON_SESSION;
#define KERB_CREDENTIAL_TAG_ACTIVE (ULONG)'AdrC'
#define KERB_CREDENTIAL_TAG_DELETE (ULONG)'DdrC'
typedef struct _KERB_CREDENTIAL {
KERBEROS_LIST_ENTRY ListEntry;
ULONG HandleCount;
LIST_ENTRY NextForThisLogonSession;
LUID LogonId; // constant
TimeStamp Lifetime;
UNICODE_STRING CredentialName;
ULONG CredentialFlags;
ULONG ClientProcess; // constant
PKERB_PRIMARY_CREDENTIAL SuppliedCredentials;
PKERB_AUTHORIZATION_DATA AuthData;
ULONG CredentialTag;
} KERB_CREDENTIAL, *PKERB_CREDENTIAL;
typedef struct _KERB_CREDMAN_CRED {
KERBEROS_LIST_ENTRY ListEntry;
ULONG CredentialFlags;
UNICODE_STRING CredmanUserName; // added since TGT information can overwrite primary credentials...
UNICODE_STRING CredmanDomainName;
PKERB_PRIMARY_CREDENTIAL SuppliedCredentials;
} KERB_CREDMAN_CRED, *PKERB_CREDMAN_CRED;
typedef enum _KERB_CONTEXT_STATE {
IdleState,
TgtRequestSentState,
TgtReplySentState,
ApRequestSentState,
ApReplySentState,
AuthenticatedState,
ErrorMessageSentState,
InvalidState
} KERB_CONTEXT_STATE, *PKERB_CONTEXT_STATE;
#define KERB_CONTEXT_TAG_ACTIVE (ULONG)'AxtC'
#define KERB_CONTEXT_TAG_DELETE (ULONG)'DxtC'
typedef struct _KERB_CONTEXT {
KERBEROS_LIST_ENTRY ListEntry;
TimeStamp Lifetime; // end time/expiration time
TimeStamp RenewTime; // time to renew until
TimeStamp StartTime;
UNICODE_STRING ClientName;
UNICODE_STRING ClientRealm;
union {
ULONG ClientProcess;
LSA_SEC_HANDLE LsaContextHandle;
};
LUID LogonId;
HANDLE TokenHandle;
ULONG_PTR CredentialHandle;
KERB_ENCRYPTION_KEY SessionKey;
ULONG Nonce;
ULONG ReceiveNonce;
ULONG ContextFlags;
ULONG ContextAttributes;
ULONG EncryptionType;
PSID UserSid;
KERB_CONTEXT_STATE ContextState;
ULONG Retries;
KERB_ENCRYPTION_KEY TicketKey;
PKERB_TICKET_CACHE_ENTRY TicketCacheEntry; // for clients, is ticket to server, for servers, is TGT used in user-to-user
UNICODE_STRING ClientPrincipalName;
UNICODE_STRING ServerPrincipalName;
PKERB_CREDMAN_CRED CredManCredentials;
//
// marshalled target info for DFS/RDR.
//
PBYTE pbMarshalledTargetInfo;
ULONG cbMarshalledTargetInfo;
ULONG ContextTag;
} KERB_CONTEXT, *PKERB_CONTEXT;
typedef struct _KERB_PACKED_CONTEXT {
ULONG ContextType ; // Indicates the type of the context
ULONG Pad; // Pad data
TimeStamp Lifetime; // Matches basic context above
TimeStamp RenewTime ;
TimeStamp StartTime;
UNICODE_STRING32 ClientName ;
UNICODE_STRING32 ClientRealm ;
ULONG LsaContextHandle ;
LUID LogonId ;
ULONG TokenHandle ;
ULONG CredentialHandle ;
ULONG SessionKeyType ;
ULONG SessionKeyOffset ;
ULONG SessionKeyLength ;
ULONG Nonce ;
ULONG ReceiveNonce ;
ULONG ContextFlags ;
ULONG ContextAttributes ;
ULONG EncryptionType ;
KERB_CONTEXT_STATE ContextState ;
ULONG Retries ;
ULONG MarshalledTargetInfo; // offset
ULONG MarshalledTargetInfoLength;
} KERB_PACKED_CONTEXT, * PKERB_PACKED_CONTEXT ;
typedef struct _KERB_SESSION_KEY_ENTRY {
LIST_ENTRY ListEntry;
KERB_ENCRYPTION_KEY SessionKey;
FILETIME ExpireTime; // time when SessionKey expires
} KERB_SESSION_KEY_ENTRY, * PKERB_SESSION_KEY_ENTRY;
#define KERB_PACKED_CONTEXT_MAP 0
#define KERB_PACKED_CONTEXT_EXPORT 1
#endif // __KERBDEFS_H_