1 #ifndef __SSPI_H__ 2 #define __SSPI_H__ 3 4 // for ntifs.h: 5 #define ISSP_LEVEL 32 6 #define ISSP_MODE 0 7 8 #ifdef MIDL_PASS 9 #define MIDL_PROP(x) x 10 #else 11 #define MIDL_PROP(x) 12 #endif 13 14 #define SEC_TEXT TEXT 15 #define SEC_FAR 16 #define SEC_ENTRY __stdcall 17 18 #if defined(_NO_KSECDD_IMPORT_) 19 #define KSECDDDECLSPEC 20 #else 21 #define KSECDDDECLSPEC __declspec(dllimport) 22 #endif 23 24 #define SECQOP_WRAP_NO_ENCRYPT 0x80000001 25 #define SECQOP_WRAP_OOB_DATA 0x40000000 26 27 #define SECURITY_ENTRYPOINTW SEC_TEXT("InitSecurityInterfaceW") 28 #define SECURITY_ENTRYPOINT SECURITY_ENTRYPOINTW 29 30 #define SECURITY_SUPPORT_PROVIDER_INTERFACE_VERSION 1 31 #define SECURITY_SUPPORT_PROVIDER_INTERFACE_VERSION_2 2 32 #define SECURITY_SUPPORT_PROVIDER_INTERFACE_VERSION_3 3 33 #define SECURITY_SUPPORT_PROVIDER_INTERFACE_VERSION_4 4 34 35 #define SECURITY_NATIVE_DREP 0x00000010 36 #define SECURITY_NETWORK_DREP 0x00000000 37 38 #define SECPKG_ID_NONE 0xFFFF 39 40 #define SECPKG_CRED_ATTR_NAMES 1 41 #define SECPKG_CRED_ATTR_SSI_PROVIDER 2 42 43 #define SECPKG_ATTR_SIZES 0 44 #define SECPKG_ATTR_NAMES 1 45 #define SECPKG_ATTR_LIFESPAN 2 46 #define SECPKG_ATTR_DCE_INFO 3 47 #define SECPKG_ATTR_STREAM_SIZES 4 48 #define SECPKG_ATTR_KEY_INFO 5 49 #define SECPKG_ATTR_AUTHORITY 6 50 #define SECPKG_ATTR_PROTO_INFO 7 51 #define SECPKG_ATTR_PASSWORD_EXPIRY 8 52 #define SECPKG_ATTR_SESSION_KEY 9 53 #define SECPKG_ATTR_PACKAGE_INFO 10 54 #define SECPKG_ATTR_USER_FLAGS 11 55 #define SECPKG_ATTR_NEGOTIATION_INFO 12 56 #define SECPKG_ATTR_NATIVE_NAMES 13 57 #define SECPKG_ATTR_FLAGS 14 58 #define SECPKG_ATTR_USE_VALIDATED 15 59 #define SECPKG_ATTR_CREDENTIAL_NAME 16 60 #define SECPKG_ATTR_TARGET_INFORMATION 17 61 #define SECPKG_ATTR_ACCESS_TOKEN 18 62 #define SECPKG_ATTR_TARGET 19 63 #define SECPKG_ATTR_AUTHENTICATION_ID 20 64 #define SECPKG_ATTR_LOGOFF_TIME 21 65 #define SECPKG_ATTR_NEGO_KEYS 22 66 #define SECPKG_ATTR_PROMPTING_NEEDED 24 67 #define SECPKG_ATTR_UNIQUE_BINDINGS 25 68 #define SECPKG_ATTR_ENDPOINT_BINDINGS 26 69 #define SECPKG_ATTR_CLIENT_SPECIFIED_TARGET 27 70 #define SECPKG_ATTR_LAST_CLIENT_TOKEN_STATUS 30 71 #define SECPKG_ATTR_NEGO_PKG_INFO 31 72 #define SECPKG_ATTR_NEGO_STATUS 32 73 #define SECPKG_ATTR_CONTEXT_DELETED 33 74 75 #define SECPKG_FLAG_INTEGRITY 0x00000001 76 #define SECPKG_FLAG_PRIVACY 0x00000002 77 #define SECPKG_FLAG_TOKEN_ONLY 0x00000004 78 #define SECPKG_FLAG_DATAGRAM 0x00000008 79 #define SECPKG_FLAG_CONNECTION 0x00000010 80 #define SECPKG_FLAG_MULTI_REQUIRED 0x00000020 81 #define SECPKG_FLAG_CLIENT_ONLY 0x00000040 82 #define SECPKG_FLAG_EXTENDED_ERROR 0x00000080 83 #define SECPKG_FLAG_IMPERSONATION 0x00000100 84 #define SECPKG_FLAG_ACCEPT_WIN32_NAME 0x00000200 85 #define SECPKG_FLAG_STREAM 0x00000400 86 #define SECPKG_FLAG_NEGOTIABLE 0x00000800 87 #define SECPKG_FLAG_GSS_COMPATIBLE 0x00001000 88 #define SECPKG_FLAG_LOGON 0x00002000 89 #define SECPKG_FLAG_ASCII_BUFFERS 0x00004000 90 #define SECPKG_FLAG_FRAGMENT 0x00008000 91 #define SECPKG_FLAG_MUTUAL_AUTH 0x00010000 92 #define SECPKG_FLAG_DELEGATION 0x00020000 93 #define SECPKG_FLAG_READONLY_WITH_CHECKSUM 0x00040000 94 #define SECPKG_FLAG_RESTRICTED_TOKENS 0x00080000 95 #define SECPKG_FLAG_NEGO_EXTENDER 0x00100000 96 #define SECPKG_FLAG_NEGOTIABLE2 0x00200000 97 98 #define SECPKG_CRED_INBOUND 0x00000001 99 #define SECPKG_CRED_OUTBOUND 0x00000002 100 #define SECPKG_CRED_BOTH 0x00000003 101 #define SECPKG_CRED_DEFAULT 0x00000004 102 #define SECPKG_CRED_RESERVED 0xF0000000 103 #define SECPKG_CRED_AUTOLOGON_RESTRICTED 0x00000010 104 #define SECPKG_CRED_PROCESS_POLICY_ONLY 0x00000020 105 106 #define SECPKG_CONTEXT_EXPORT_RESET_NEW 0x00000001 107 #define SECPKG_CONTEXT_EXPORT_DELETE_OLD 0x00000002 108 #define SECPKG_CONTEXT_EXPORT_TO_KERNEL 0x00000004 109 110 #define SECPKG_ATTR_SUBJECT_SECURITY_ATTRIBUTES 128 111 #define SECPKG_ATTR_NEGO_INFO_FLAG_NO_KERBEROS 0x1 112 #define SECPKG_ATTR_NEGO_INFO_FLAG_NO_NTLM 0x2 113 114 #define SecPkgContext_NativeNames SecPkgContext_NativeNamesW 115 #define PSecPkgContext_NativeNames PSecPkgContext_NativeNamesW 116 117 #define SECBUFFER_VERSION 0 118 119 #define SECBUFFER_EMPTY 0 120 #define SECBUFFER_DATA 1 121 #define SECBUFFER_TOKEN 2 122 #define SECBUFFER_PKG_PARAMS 3 123 #define SECBUFFER_MISSING 4 124 #define SECBUFFER_EXTRA 5 125 #define SECBUFFER_STREAM_TRAILER 6 126 #define SECBUFFER_STREAM_HEADER 7 127 #define SECBUFFER_NEGOTIATION_INFO 8 128 #define SECBUFFER_PADDING 9 129 #define SECBUFFER_STREAM 10 130 #define SECBUFFER_MECHLIST 11 131 #define SECBUFFER_MECHLIST_SIGNATURE 12 132 #define SECBUFFER_TARGET 13 133 #define SECBUFFER_CHANNEL_BINDINGS 14 134 #define SECBUFFER_CHANGE_PASS_RESPONSE 15 135 #define SECBUFFER_TARGET_HOST 16 136 #define SECBUFFER_ALERT 17 137 138 #define SECBUFFER_ATTRMASK 0xF0000000 139 #define SECBUFFER_READONLY 0x80000000 140 #define SECBUFFER_READONLY_WITH_CHECKSUM 0x10000000 141 #define SECBUFFER_RESERVED 0x60000000 142 143 #define ISC_REQ_DELEGATE 0x00000001 144 #define ISC_REQ_MUTUAL_AUTH 0x00000002 145 #define ISC_REQ_REPLAY_DETECT 0x00000004 146 #define ISC_REQ_SEQUENCE_DETECT 0x00000008 147 #define ISC_REQ_CONFIDENTIALITY 0x00000010 148 #define ISC_REQ_USE_SESSION_KEY 0x00000020 149 #define ISC_REQ_PROMPT_FOR_CREDS 0x00000040 150 #define ISC_REQ_USE_SUPPLIED_CREDS 0x00000080 151 #define ISC_REQ_ALLOCATE_MEMORY 0x00000100 152 #define ISC_REQ_USE_DCE_STYLE 0x00000200 153 #define ISC_REQ_DATAGRAM 0x00000400 154 #define ISC_REQ_CONNECTION 0x00000800 155 #define ISC_REQ_CALL_LEVEL 0x00001000 156 #define ISC_REQ_FRAGMENT_SUPPLIED 0x00002000 157 #define ISC_REQ_EXTENDED_ERROR 0x00004000 158 #define ISC_REQ_STREAM 0x00008000 159 #define ISC_REQ_INTEGRITY 0x00010000 160 #define ISC_REQ_IDENTIFY 0x00020000 161 #define ISC_REQ_NULL_SESSION 0x00040000 162 #define ISC_REQ_MANUAL_CRED_VALIDATION 0x00080000 163 #define ISC_REQ_RESERVED1 0x00100000 164 #define ISC_REQ_FRAGMENT_TO_FIT 0x00200000 165 #define ISC_REQ_FORWARD_CREDENTIALS 0x00400000 166 #define ISC_REQ_NO_INTEGRITY 0x00800000 167 #define ISC_REQ_USE_HTTP_STYLE 0x01000000 168 169 #define ISC_RET_DELEGATE 0x00000001 170 #define ISC_RET_MUTUAL_AUTH 0x00000002 171 #define ISC_RET_REPLAY_DETECT 0x00000004 172 #define ISC_RET_SEQUENCE_DETECT 0x00000008 173 #define ISC_RET_CONFIDENTIALITY 0x00000010 174 #define ISC_RET_USE_SESSION_KEY 0x00000020 175 #define ISC_RET_USED_COLLECTED_CREDS 0x00000040 176 #define ISC_RET_USED_SUPPLIED_CREDS 0x00000080 177 #define ISC_RET_ALLOCATED_MEMORY 0x00000100 178 #define ISC_RET_USED_DCE_STYLE 0x00000200 179 #define ISC_RET_DATAGRAM 0x00000400 180 #define ISC_RET_CONNECTION 0x00000800 181 #define ISC_RET_INTERMEDIATE_RETURN 0x00001000 182 #define ISC_RET_CALL_LEVEL 0x00002000 183 #define ISC_RET_EXTENDED_ERROR 0x00004000 184 #define ISC_RET_STREAM 0x00008000 185 #define ISC_RET_INTEGRITY 0x00010000 186 #define ISC_RET_IDENTIFY 0x00020000 187 #define ISC_RET_NULL_SESSION 0x00040000 188 #define ISC_RET_MANUAL_CRED_VALIDATION 0x00080000 189 #define ISC_RET_RESERVED1 0x00100000 190 #define ISC_RET_FRAGMENT_ONLY 0x00200000 191 #define ISC_RET_FORWARD_CREDENTIALS 0x00400000 192 #define ISC_RET_USED_HTTP_STYLE 0x01000000 193 #define ISC_RET_NO_ADDITIONAL_TOKEN 0x02000000 194 #define ISC_RET_REAUTHENTICATION 0x08000000 195 196 #define ASC_REQ_DELEGATE 0x00000001 197 #define ASC_REQ_MUTUAL_AUTH 0x00000002 198 #define ASC_REQ_REPLAY_DETECT 0x00000004 199 #define ASC_REQ_SEQUENCE_DETECT 0x00000008 200 #define ASC_REQ_CONFIDENTIALITY 0x00000010 201 #define ASC_REQ_USE_SESSION_KEY 0x00000020 202 #define ASC_REQ_ALLOCATE_MEMORY 0x00000100 203 #define ASC_REQ_USE_DCE_STYLE 0x00000200 204 #define ASC_REQ_DATAGRAM 0x00000400 205 #define ASC_REQ_CONNECTION 0x00000800 206 #define ASC_REQ_CALL_LEVEL 0x00001000 207 #define ASC_REQ_EXTENDED_ERROR 0x00008000 208 #define ASC_REQ_STREAM 0x00010000 209 #define ASC_REQ_INTEGRITY 0x00020000 210 #define ASC_REQ_LICENSING 0x00040000 211 #define ASC_REQ_IDENTIFY 0x00080000 212 #define ASC_REQ_ALLOW_NULL_SESSION 0x00100000 213 #define ASC_REQ_ALLOW_NON_USER_LOGONS 0x00200000 214 #define ASC_REQ_ALLOW_CONTEXT_REPLAY 0x00400000 215 #define ASC_REQ_FRAGMENT_TO_FIT 0x00800000 216 #define ASC_REQ_FRAGMENT_SUPPLIED 0x00002000 217 #define ASC_REQ_NO_TOKEN 0x01000000 218 #define ASC_REQ_PROXY_BINDINGS 0x04000000 219 //#define SSP_RET_REAUTHENTICATION 0x08000000 // internal 220 221 #define ASC_REQ_ALLOW_MISSING_BINDINGS 0x10000000 222 #define ASC_RET_DELEGATE 0x00000001 223 #define ASC_RET_MUTUAL_AUTH 0x00000002 224 #define ASC_RET_REPLAY_DETECT 0x00000004 225 #define ASC_RET_SEQUENCE_DETECT 0x00000008 226 #define ASC_RET_CONFIDENTIALITY 0x00000010 227 #define ASC_RET_USE_SESSION_KEY 0x00000020 228 #define ASC_RET_ALLOCATED_MEMORY 0x00000100 229 #define ASC_RET_USED_DCE_STYLE 0x00000200 230 #define ASC_RET_DATAGRAM 0x00000400 231 #define ASC_RET_CONNECTION 0x00000800 232 #define ASC_RET_CALL_LEVEL 0x00002000 233 #define ASC_RET_THIRD_LEG_FAILED 0x00004000 234 #define ASC_RET_EXTENDED_ERROR 0x00008000 235 #define ASC_RET_STREAM 0x00010000 236 #define ASC_RET_INTEGRITY 0x00020000 237 #define ASC_RET_LICENSING 0x00040000 238 #define ASC_RET_IDENTIFY 0x00080000 239 #define ASC_RET_NULL_SESSION 0x00100000 240 #define ASC_RET_ALLOW_NON_USER_LOGONS 0x00200000 241 #define ASC_RET_ALLOW_CONTEXT_REPLAY 0x00400000 242 #define ASC_RET_FRAGMENT_ONLY 0x00800000 243 #define ASC_RET_NO_TOKEN 0x01000000 244 #define ASC_RET_NO_ADDITIONAL_TOKEN 0x02000000 245 #define ASC_RET_NO_PROXY_BINDINGS 0x04000000 246 //#define SSP_RET_REAUTHENTICATION 0x08000000 // internal 247 #define ASC_RET_MISSING_BINDINGS 0x10000000 248 249 #define SEC_DELETED_HANDLE ((ULONG_PTR)(-2)) 250 251 #define SecInvalidateHandle(x) \ 252 ((PSecHandle)(x))->dwLower = ((PSecHandle)(x))->dwUpper = ((ULONG_PTR)((INT_PTR)-1)); 253 254 #define SecIsValidHandle(x) \ 255 ( ( ((PSecHandle)(x))->dwLower != (ULONG_PTR)(INT_PTR)-1 ) && \ 256 ( ((PSecHandle)(x))->dwUpper != (ULONG_PTR)(INT_PTR)-1 ) ) 257 258 typedef WCHAR SEC_WCHAR; 259 typedef CHAR SEC_CHAR; 260 typedef LARGE_INTEGER _SECURITY_INTEGER, SECURITY_INTEGER, *PSECURITY_INTEGER; 261 typedef SECURITY_INTEGER TimeStamp, *PTimeStamp; 262 typedef UNICODE_STRING SECURITY_STRING, *PSECURITY_STRING; 263 #if ISSP_MODE == 0 264 #define PSSPI_SEC_STRING PSECURITY_STRING 265 #else 266 #define PSSPI_SEC_STRING SEC_WCHAR* 267 #endif 268 269 typedef PVOID PSEC_WINNT_AUTH_IDENTITY_OPAQUE; 270 271 #ifndef __SECSTATUS_DEFINED__ 272 typedef LONG SECURITY_STATUS; 273 #define __SECSTATUS_DEFINED__ 274 #endif 275 276 typedef enum _SECPKG_CRED_CLASS 277 { 278 SecPkgCredClass_None = 0, 279 SecPkgCredClass_Ephemeral = 10, 280 SecPkgCredClass_PersistedGeneric = 20, 281 SecPkgCredClass_PersistedSpecific = 30, 282 SecPkgCredClass_Explicit = 40, 283 } SECPKG_CRED_CLASS, *PSECPKG_CRED_CLASS; 284 285 typedef struct _SEC_NEGOTIATION_INFO 286 { 287 ULONG Size; 288 ULONG NameLength; 289 SEC_WCHAR *Name; 290 PVOID Reserved; 291 } SEC_NEGOTIATION_INFO, *PSEC_NEGOTIATION_INFO; 292 293 typedef struct _SEC_CHANNEL_BINDINGS 294 { 295 ULONG dwInitiatorAddrType; 296 ULONG cbInitiatorLength; 297 ULONG dwInitiatorOffset; 298 ULONG dwAcceptorAddrType; 299 ULONG cbAcceptorLength; 300 ULONG dwAcceptorOffset; 301 ULONG cbApplicationDataLength; 302 ULONG dwApplicationDataOffset; 303 } SEC_CHANNEL_BINDINGS, *PSEC_CHANNEL_BINDINGS; 304 305 #ifndef _AUTH_IDENTITY_EX2_DEFINED 306 #define _AUTH_IDENTITY_EX2_DEFINED 307 typedef struct _SEC_WINNT_AUTH_IDENTITY_EX2 308 { 309 ULONG Version; 310 USHORT cbHeaderLength; 311 ULONG cbStructureLength; 312 ULONG UserOffset; 313 USHORT UserLength; 314 ULONG DomainOffset; 315 USHORT DomainLength; 316 ULONG PackedCredentialsOffset; 317 USHORT PackedCredentialsLength; 318 ULONG Flags; 319 ULONG PackageListOffset; 320 USHORT PackageListLength; 321 } SEC_WINNT_AUTH_IDENTITY_EX2, *PSEC_WINNT_AUTH_IDENTITY_EX2; 322 #define SEC_WINNT_AUTH_IDENTITY_VERSION_2 0x201 323 #endif 324 325 #ifndef _AUTH_IDENTITY_DEFINED 326 #define _AUTH_IDENTITY_DEFINED 327 typedef struct _SEC_WINNT_AUTH_IDENTITY_W 328 { 329 PUSHORT User; 330 ULONG UserLength; 331 PUSHORT Domain; 332 ULONG DomainLength; 333 PUSHORT Password; 334 ULONG PasswordLength; 335 ULONG Flags; 336 } SEC_WINNT_AUTH_IDENTITY_W, *PSEC_WINNT_AUTH_IDENTITY_W; 337 #define SEC_WINNT_AUTH_IDENTITY_ANSI 0x1 338 #define SEC_WINNT_AUTH_IDENTITY_UNICODE 0x2 339 #define SEC_WINNT_AUTH_IDENTITY SEC_WINNT_AUTH_IDENTITY_W 340 #define PSEC_WINNT_AUTH_IDENTITY PSEC_WINNT_AUTH_IDENTITY_W 341 #define _SEC_WINNT_AUTH_IDENTITY _SEC_WINNT_AUTH_IDENTITY_W 342 #endif 343 344 #ifndef SEC_WINNT_AUTH_IDENTITY_VERSION 345 #define SEC_WINNT_AUTH_IDENTITY_VERSION 0x200 346 typedef struct _SEC_WINNT_AUTH_IDENTITY_EXW 347 { 348 ULONG Version; 349 ULONG Length; 350 PUSHORT User; 351 ULONG UserLength; 352 PUSHORT Domain; 353 ULONG DomainLength; 354 PUSHORT Password; 355 ULONG PasswordLength; 356 ULONG Flags; 357 PUSHORT PackageList; 358 ULONG PackageListLength; 359 } SEC_WINNT_AUTH_IDENTITY_EXW, *PSEC_WINNT_AUTH_IDENTITY_EXW; 360 #define SEC_WINNT_AUTH_IDENTITY_EX SEC_WINNT_AUTH_IDENTITY_EXW 361 #define PSEC_WINNT_AUTH_IDENTITY_EX PSEC_WINNT_AUTH_IDENTITY_EXW 362 #endif 363 364 #ifndef __SECHANDLE_DEFINED__ 365 typedef struct _SecHandle 366 { 367 ULONG_PTR dwLower; 368 ULONG_PTR dwUpper; 369 } SecHandle, *PSecHandle; 370 #define __SECHANDLE_DEFINED__ 371 #endif 372 373 typedef SecHandle CredHandle, *PCredHandle, CtxtHandle, *PCtxtHandle; 374 375 typedef struct _SecBuffer 376 { 377 ULONG cbBuffer; 378 ULONG BufferType; 379 #ifdef MIDL_PASS 380 MIDL_PROP([size_is(cbBuffer)]) PCHAR pvBuffer; 381 #else 382 _Field_size_bytes_(cbBuffer) void SEC_FAR *pvBuffer; 383 #endif 384 } SecBuffer, *PSecBuffer; 385 386 typedef struct _SecBufferDesc 387 { 388 ULONG ulVersion; 389 ULONG cBuffers; 390 MIDL_PROP([size_is(cBuffers)]) _Field_size_(cBuffers) PSecBuffer pBuffers; 391 } SecBufferDesc, SEC_FAR *PSecBufferDesc; 392 393 typedef struct _SecPkgInfoW 394 { 395 ULONG fCapabilities; 396 USHORT wVersion; 397 USHORT wRPCID; 398 ULONG cbMaxToken; 399 MIDL_PROP([string]) SEC_WCHAR *Name; 400 MIDL_PROP([string]) SEC_WCHAR *Comment; 401 } SecPkgInfoW, *PSecPkgInfoW; 402 #define SecPkgInfo SecPkgInfoW 403 #define PSecPkgInfo PSecPkgInfoW 404 405 typedef struct _SecPkgCredentials_NamesW 406 { 407 MIDL_PROP([string]) SEC_WCHAR *sUserName; 408 } SecPkgCredentials_NamesW, *PSecPkgCredentials_NamesW; 409 #define SecPkgCredentials_Names SecPkgCredentials_NamesW 410 #define PSecPkgCredentials_Names PSecPkgCredentials_NamesW 411 412 typedef struct _SecPkgContext_NamesW 413 { 414 SEC_WCHAR *sUserName; 415 } SecPkgContext_NamesW, *PSecPkgContext_NamesW; 416 #define SecPkgContext_Names SecPkgContext_NamesW 417 #define PSecPkgContext_Names PSecPkgContext_NamesW 418 419 #if OSVER(NTDDI_VERSION) > NTDDI_WIN2K 420 typedef struct _SecPkgContext_CredentialNameW 421 { 422 ULONG CredentialType; 423 SEC_WCHAR *sCredentialName; 424 } SecPkgContext_CredentialNameW, *PSecPkgContext_CredentialNameW; 425 #endif 426 #define SecPkgContext_CredentialName SecPkgContext_CredentialNameW 427 #define PSecPkgContext_CredentialName PSecPkgContext_CredentialNameW 428 429 typedef struct _SecPkgContext_SubjectAttributes 430 { 431 PVOID AttributeInfo; 432 } SecPkgContext_SubjectAttributes, *PSecPkgContext_SubjectAttributes; 433 434 typedef struct _SecPkgContext_CredInfo 435 { 436 SECPKG_CRED_CLASS CredClass; 437 ULONG IsPromptingNeeded; 438 } SecPkgContext_CredInfo, *PSecPkgContext_CredInfo; 439 440 typedef struct _SecPkgContext_NegoPackageInfo 441 { 442 ULONG PackageMask; 443 } SecPkgContext_NegoPackageInfo, *PSecPkgContext_NegoPackageInfo; 444 445 typedef struct _SecPkgContext_NegoStatus 446 { 447 ULONG LastStatus; 448 } SecPkgContext_NegoStatus, *PSecPkgContext_NegoStatus; 449 450 typedef struct _SecPkgContext_Sizes 451 { 452 ULONG cbMaxToken; 453 ULONG cbMaxSignature; 454 ULONG cbBlockSize; 455 ULONG cbSecurityTrailer; 456 } SecPkgContext_Sizes, *PSecPkgContext_Sizes; 457 458 typedef struct _SecPkgContext_StreamSizes 459 { 460 ULONG cbHeader; 461 ULONG cbTrailer; 462 ULONG cbMaximumMessage; 463 ULONG cBuffers; 464 ULONG cbBlockSize; 465 } SecPkgContext_StreamSizes, *PSecPkgContext_StreamSizes; 466 467 typedef struct _SecPkgContext_Lifespan 468 { 469 TimeStamp tsStart; 470 TimeStamp tsExpiry; 471 } SecPkgContext_Lifespan, *PSecPkgContext_Lifespan; 472 473 typedef struct _SecPkgContext_PasswordExpiry 474 { 475 TimeStamp tsPasswordExpires; 476 } SecPkgContext_PasswordExpiry, *PSecPkgContext_PasswordExpiry; 477 478 typedef struct _SecPkgContext_ProtoInfoW 479 { 480 SEC_WCHAR *sProtocolName; 481 ULONG majorVersion; 482 ULONG minorVersion; 483 } SecPkgContext_ProtoInfoW, *PSecPkgContext_ProtoInfoW; 484 #define SecPkgContext_ProtoInfo SecPkgContext_ProtoInfoW 485 #define PSecPkgContext_ProtoInfo PSecPkgContext_ProtoInfoW 486 487 typedef struct _SecPkgContext_KeyInfoW 488 { 489 SEC_WCHAR *sSignatureAlgorithmName; 490 SEC_WCHAR *sEncryptAlgorithmName; 491 ULONG KeySize; 492 ULONG SignatureAlgorithm; 493 ULONG EncryptAlgorithm; 494 } SecPkgContext_KeyInfoW, *PSecPkgContext_KeyInfoW; 495 #define SecPkgContext_KeyInfo SecPkgContext_KeyInfoW 496 #define PSecPkgContext_KeyInfo PSecPkgContext_KeyInfoW 497 498 typedef struct _SecPkgContext_SessionKey 499 { 500 ULONG SessionKeyLength; 501 _Field_size_bytes_(SessionKeyLength) PUCHAR SessionKey; 502 } SecPkgContext_SessionKey, *PSecPkgContext_SessionKey; 503 504 typedef struct _SecPkgContext_NegoKeys 505 { 506 ULONG KeyType; 507 USHORT KeyLength; 508 _Field_size_bytes_(KeyLength) PUCHAR KeyValue; 509 ULONG VerifyKeyType; 510 USHORT VerifyKeyLength; 511 _Field_size_bytes_(VerifyKeyLength) PUCHAR VerifyKeyValue; 512 } SecPkgContext_NegoKeys, *PSecPkgContext_NegoKeys; 513 514 typedef struct _SecPkgContext_DceInfo 515 { 516 ULONG AuthzSvc; 517 PVOID pPac; 518 } SecPkgContext_DceInfo, *PSecPkgContext_DceInfo; 519 520 typedef struct _SecPkgContext_PackageInfoW 521 { 522 PSecPkgInfoW PackageInfo; 523 } SecPkgContext_PackageInfoW, *PSecPkgContext_PackageInfoW; 524 #define SecPkgContext_PackageInfo SecPkgContext_PackageInfoW 525 #define PSecPkgContext_PackageInfo PSecPkgContext_PackageInfoW 526 527 typedef struct _SecPkgContext_UserFlags 528 { 529 ULONG UserFlags; 530 } SecPkgContext_UserFlags, *PSecPkgContext_UserFlags; 531 532 typedef struct _SecPkgContext_Flags 533 { 534 ULONG Flags; 535 } SecPkgContext_Flags, *PSecPkgContext_Flags; 536 537 typedef struct _SecPkgContext_NegotiationInfoW 538 { 539 PSecPkgInfoW PackageInfo ; 540 ULONG NegotiationState ; 541 } SecPkgContext_NegotiationInfoW, *PSecPkgContext_NegotiationInfoW; 542 543 typedef struct _SecPkgContext_AuthorityW 544 { 545 SEC_WCHAR *sAuthorityName; 546 } SecPkgContext_AuthorityW, *PSecPkgContext_AuthorityW; 547 #define SecPkgContext_Authority SecPkgContext_AuthorityW 548 #define PSecPkgContext_Authority PSecPkgContext_AuthorityW 549 550 551 #if NTDDI_VERSION > NTDDI_WS03 552 typedef struct _SecPkgCredentials_SSIProviderW 553 { 554 SEC_WCHAR *sProviderName; 555 ULONG ProviderInfoLength; 556 PCHAR ProviderInfo; 557 } SecPkgCredentials_SSIProviderW, *PSecPkgCredentials_SSIProviderW; 558 #define SecPkgCredentials_SSIProvider SecPkgCredentials_SSIProviderW 559 #define PSecPkgCredentials_SSIProvider PSecPkgCredentials_SSIProviderW 560 561 typedef struct _SecPkgContext_LogoffTime 562 { 563 TimeStamp tsLogoffTime; 564 } SecPkgContext_LogoffTime, *PSecPkgContext_LogoffTime; 565 #endif 566 567 /* forward declaration */ 568 typedef struct _SECURITY_FUNCTION_TABLE_W SecurityFunctionTableW, *PSecurityFunctionTableW; 569 #define SecurityFunctionTable SecurityFunctionTableW 570 #define PSecurityFunctionTable PSecurityFunctionTableW 571 572 typedef 573 VOID 574 (SEC_ENTRY * SEC_GET_KEY_FN)( 575 PVOID Arg, 576 PVOID Principal, 577 ULONG KeyVer, 578 PVOID *Key, 579 SECURITY_STATUS *Status); 580 581 KSECDDDECLSPEC 582 SECURITY_STATUS 583 SEC_ENTRY 584 AcceptSecurityContext( 585 _In_opt_ PCredHandle phCredential, 586 _In_opt_ PCtxtHandle phContext, 587 _In_opt_ PSecBufferDesc pInput, 588 _In_ ULONG fContextReq, 589 _In_ ULONG TargetDataRep, 590 _In_opt_ PCtxtHandle phNewContext, 591 _In_opt_ PSecBufferDesc pOutput, 592 _Out_ PULONG pfContextAttr, 593 _Out_opt_ PTimeStamp ptsExpiry); 594 595 typedef 596 SECURITY_STATUS 597 (SEC_ENTRY * ACCEPT_SECURITY_CONTEXT_FN)( 598 PCredHandle, 599 PCtxtHandle, 600 PSecBufferDesc, 601 ULONG, 602 ULONG, 603 PCtxtHandle, 604 PSecBufferDesc, 605 PULONG, 606 PTimeStamp); 607 608 KSECDDDECLSPEC 609 SECURITY_STATUS 610 SEC_ENTRY 611 AcquireCredentialsHandleW( 612 _In_opt_ PSSPI_SEC_STRING pPrincipal, 613 _In_ PSSPI_SEC_STRING pPackage, 614 _In_ ULONG fCredentialUse, 615 _In_opt_ PVOID pvLogonId, 616 _In_opt_ PVOID pAuthData, 617 _In_opt_ SEC_GET_KEY_FN pGetKeyFn, 618 _In_opt_ PVOID pvGetKeyArgument, 619 _Out_ PCredHandle phCredential, 620 _Out_opt_ PTimeStamp ptsExpiry); 621 #define AcquireCredentialsHandle AcquireCredentialsHandleW 622 623 typedef 624 SECURITY_STATUS 625 (SEC_ENTRY * ACQUIRE_CREDENTIALS_HANDLE_FN_W)( 626 PSSPI_SEC_STRING, 627 PSSPI_SEC_STRING, 628 ULONG, 629 PVOID, 630 PVOID, 631 SEC_GET_KEY_FN, 632 PVOID, 633 PCredHandle, 634 PTimeStamp); 635 #define ACQUIRE_CREDENTIALS_HANDLE_FN ACQUIRE_CREDENTIALS_HANDLE_FN_W 636 637 SECURITY_STATUS 638 SEC_ENTRY 639 AddCredentialsA( 640 _In_ PCredHandle hCredentials, 641 _In_opt_ LPSTR pszPrincipal, 642 _In_ LPSTR pszPackage, 643 _In_ ULONG fCredentialUse, 644 _In_opt_ PVOID pAuthData, 645 _In_opt_ SEC_GET_KEY_FN pGetKeyFn, 646 _In_opt_ PVOID pvGetKeyArgument, 647 _Out_opt_ PTimeStamp ptsExpiry); 648 649 typedef 650 SECURITY_STATUS 651 (SEC_ENTRY * ADD_CREDENTIALS_FN_A)( 652 PCredHandle, 653 SEC_CHAR *, 654 SEC_CHAR *, 655 ULONG, 656 PVOID, 657 SEC_GET_KEY_FN, 658 PVOID, 659 PTimeStamp); 660 661 KSECDDDECLSPEC 662 SECURITY_STATUS 663 SEC_ENTRY 664 AddCredentialsW( 665 _In_ PCredHandle hCredentials, 666 _In_opt_ PSSPI_SEC_STRING pPrincipal, 667 _In_ PSSPI_SEC_STRING pPackage, 668 _In_ ULONG fCredentialUse, 669 _In_opt_ PVOID pAuthData, 670 _In_opt_ SEC_GET_KEY_FN pGetKeyFn, 671 _In_opt_ PVOID pvGetKeyArgument, 672 _Out_opt_ PTimeStamp ptsExpiry); 673 674 typedef 675 SECURITY_STATUS 676 (SEC_ENTRY * ADD_CREDENTIALS_FN_W)( 677 PCredHandle, 678 PSSPI_SEC_STRING, 679 PSSPI_SEC_STRING, 680 ULONG, 681 PVOID, 682 SEC_GET_KEY_FN, 683 PVOID, 684 PTimeStamp); 685 686 #ifdef UNICODE 687 #define AddCredentials AddCredentialsW 688 #define ADD_CREDENTIALS_FN ADD_CREDENTIALS_FN_W 689 #else 690 #define AddCredentials AddCredentialsA 691 #define ADD_CREDENTIALS_FN ADD_CREDENTIALS_FN_A 692 #endif 693 694 KSECDDDECLSPEC 695 SECURITY_STATUS 696 SEC_ENTRY 697 ApplyControlToken( 698 _In_ PCtxtHandle phContext, 699 _In_ PSecBufferDesc pInput); 700 701 typedef 702 SECURITY_STATUS 703 (SEC_ENTRY * APPLY_CONTROL_TOKEN_FN)( 704 PCtxtHandle, PSecBufferDesc); 705 706 #if (ISSP_MODE != 0) 707 708 SECURITY_STATUS 709 SEC_ENTRY 710 ChangeAccountPasswordA( 711 _In_ SEC_CHAR* pszPackageName, 712 _In_ SEC_CHAR* pszDomainName, 713 _In_ SEC_CHAR* pszAccountName, 714 _In_ SEC_CHAR* pszOldPassword, 715 _In_ SEC_CHAR* pszNewPassword, 716 _In_ BOOLEAN bImpersonating, 717 _In_ ULONG dwReserved, 718 _Inout_ PSecBufferDesc pOutput); 719 720 typedef 721 SECURITY_STATUS 722 (SEC_ENTRY * CHANGE_PASSWORD_FN_A)( 723 SEC_CHAR *, 724 SEC_CHAR *, 725 SEC_CHAR *, 726 SEC_CHAR *, 727 SEC_CHAR *, 728 BOOLEAN, 729 ULONG, 730 PSecBufferDesc); 731 732 SECURITY_STATUS 733 SEC_ENTRY 734 ChangeAccountPasswordW( 735 _In_ SEC_WCHAR* pszPackageName, 736 _In_ SEC_WCHAR* pszDomainName, 737 _In_ SEC_WCHAR* pszAccountName, 738 _In_ SEC_WCHAR* pszOldPassword, 739 _In_ SEC_WCHAR* pszNewPassword, 740 _In_ BOOLEAN bImpersonating, 741 _In_ ULONG dwReserved, 742 _Inout_ PSecBufferDesc pOutput); 743 744 typedef 745 SECURITY_STATUS 746 (SEC_ENTRY * CHANGE_PASSWORD_FN_W)( 747 SEC_WCHAR *, 748 SEC_WCHAR *, 749 SEC_WCHAR *, 750 SEC_WCHAR *, 751 SEC_WCHAR *, 752 BOOLEAN, 753 ULONG, 754 PSecBufferDesc); 755 756 #ifdef UNICODE 757 #define ChangeAccountPassword ChangeAccountPasswordW 758 #define CHANGE_PASSWORD_FN CHANGE_PASSWORD_FN_W 759 #else 760 #define ChangeAccountPassword ChangeAccountPasswordA 761 #define CHANGE_PASSWORD_FN CHANGE_PASSWORD_FN_A 762 #endif 763 764 #endif /* ISSP_MODE != 0 */ 765 766 SECURITY_STATUS 767 SEC_ENTRY 768 CompleteAuthToken( 769 _In_ PCtxtHandle phContext, 770 _In_ PSecBufferDesc pToken); 771 772 typedef 773 SECURITY_STATUS 774 (SEC_ENTRY * COMPLETE_AUTH_TOKEN_FN)( 775 PCtxtHandle, 776 PSecBufferDesc); 777 778 SECURITY_STATUS 779 SEC_ENTRY 780 DecryptMessage( 781 _In_ PCtxtHandle phContext, 782 _Inout_ PSecBufferDesc pMessage, 783 _In_ ULONG MessageSeqNo, 784 _Out_opt_ PULONG pfQOP); 785 786 typedef 787 SECURITY_STATUS 788 (SEC_ENTRY * DECRYPT_MESSAGE_FN)( 789 PCtxtHandle, 790 PSecBufferDesc, 791 ULONG, 792 PULONG); 793 794 KSECDDDECLSPEC 795 SECURITY_STATUS 796 SEC_ENTRY 797 DeleteSecurityContext( 798 _In_ PCtxtHandle phContext); 799 800 typedef 801 SECURITY_STATUS 802 (SEC_ENTRY * DELETE_SECURITY_CONTEXT_FN)( 803 PCtxtHandle); 804 805 SECURITY_STATUS 806 SEC_ENTRY 807 EncryptMessage( 808 _In_ PCtxtHandle phContext, 809 _In_ ULONG fQOP, 810 _Inout_ PSecBufferDesc pMessage, 811 _In_ ULONG MessageSeqNo); 812 813 typedef 814 SECURITY_STATUS 815 (SEC_ENTRY * ENCRYPT_MESSAGE_FN)( 816 PCtxtHandle, 817 ULONG, 818 PSecBufferDesc, 819 ULONG); 820 821 KSECDDDECLSPEC 822 SECURITY_STATUS 823 SEC_ENTRY 824 EnumerateSecurityPackagesW( 825 _Out_ PULONG pcPackages, 826 _Deref_out_ PSecPkgInfoW* ppPackageInfo); 827 #define EnumerateSecurityPackages EnumerateSecurityPackagesW 828 829 typedef 830 SECURITY_STATUS 831 (SEC_ENTRY * ENUMERATE_SECURITY_PACKAGES_FN_W)( 832 PULONG, 833 PSecPkgInfoW*); 834 #define ENUMERATE_SECURITY_PACKAGES_FN ENUMERATE_SECURITY_PACKAGES_FN_W 835 836 KSECDDDECLSPEC 837 SECURITY_STATUS 838 SEC_ENTRY 839 ExportSecurityContext( 840 _In_ PCtxtHandle phContext, 841 _In_ ULONG fFlags, 842 _Out_ PSecBuffer pPackedContext, 843 _Out_ PVOID* pToken); 844 845 typedef 846 SECURITY_STATUS 847 (SEC_ENTRY * EXPORT_SECURITY_CONTEXT_FN)( 848 PCtxtHandle, 849 ULONG, 850 PSecBuffer, 851 PVOID*); 852 853 SECURITY_STATUS 854 SEC_ENTRY 855 FreeContextBuffer( 856 _Inout_ PVOID pvContextBuffer); 857 858 typedef 859 SECURITY_STATUS 860 (SEC_ENTRY * FREE_CONTEXT_BUFFER_FN)( 861 _Inout_ PVOID); 862 863 KSECDDDECLSPEC 864 SECURITY_STATUS 865 SEC_ENTRY 866 FreeCredentialsHandle( 867 _In_ PCredHandle phCredential); 868 869 typedef 870 SECURITY_STATUS 871 (SEC_ENTRY * FREE_CREDENTIALS_HANDLE_FN)( 872 PCredHandle); 873 874 KSECDDDECLSPEC 875 SECURITY_STATUS 876 SEC_ENTRY 877 ImpersonateSecurityContext( 878 _In_ PCtxtHandle phContext); 879 880 typedef 881 SECURITY_STATUS 882 (SEC_ENTRY * IMPERSONATE_SECURITY_CONTEXT_FN)( 883 PCtxtHandle); 884 885 KSECDDDECLSPEC 886 SECURITY_STATUS 887 SEC_ENTRY 888 ImportSecurityContextW( 889 _In_ PSSPI_SEC_STRING pszPackage, 890 _In_ PSecBuffer pPackedContext, 891 _In_ PVOID Token, 892 _Out_ PCtxtHandle phContext); 893 #define ImportSecurityContext ImportSecurityContextW 894 895 typedef 896 SECURITY_STATUS 897 (SEC_ENTRY * IMPORT_SECURITY_CONTEXT_FN_W)( 898 PSSPI_SEC_STRING, 899 PSecBuffer, 900 PVOID, 901 PCtxtHandle); 902 #define IMPORT_SECURITY_CONTEXT_FN IMPORT_SECURITY_CONTEXT_FN_W 903 904 KSECDDDECLSPEC 905 SECURITY_STATUS 906 SEC_ENTRY 907 InitializeSecurityContextW( 908 _In_opt_ PCredHandle phCredential, 909 _In_opt_ PCtxtHandle phContext, 910 _In_opt_ PSSPI_SEC_STRING pTargetName, 911 _In_ ULONG fContextReq, 912 _In_ ULONG Reserved1, 913 _In_ ULONG TargetDataRep, 914 _In_opt_ PSecBufferDesc pInput, 915 _In_ ULONG Reserved2, 916 _Inout_opt_ PCtxtHandle phNewContext, 917 _Inout_opt_ PSecBufferDesc pOutput, 918 _Out_ PULONG pfContextAttr, 919 _Out_opt_ PTimeStamp ptsExpiry); 920 #define InitializeSecurityContext InitializeSecurityContextW 921 922 typedef 923 SECURITY_STATUS 924 (SEC_ENTRY * INITIALIZE_SECURITY_CONTEXT_FN_W)( 925 PCredHandle, 926 PCtxtHandle, 927 PSSPI_SEC_STRING, 928 ULONG, 929 ULONG, 930 ULONG, 931 PSecBufferDesc, 932 ULONG, 933 PCtxtHandle, 934 PSecBufferDesc, 935 PULONG, 936 PTimeStamp); 937 #define INITIALIZE_SECURITY_CONTEXT_FN INITIALIZE_SECURITY_CONTEXT_FN_W 938 939 KSECDDDECLSPEC 940 PSecurityFunctionTableW 941 SEC_ENTRY 942 InitSecurityInterfaceW(VOID); 943 #define InitSecurityInterface InitSecurityInterfaceW 944 945 typedef 946 PSecurityFunctionTableW 947 (SEC_ENTRY * INIT_SECURITY_INTERFACE_W)(VOID); 948 #define INIT_SECURITY_INTERFACE INIT_SECURITY_INTERFACE_W 949 950 KSECDDDECLSPEC 951 SECURITY_STATUS 952 SEC_ENTRY 953 MakeSignature( 954 _In_ PCtxtHandle phContext, 955 _In_ ULONG fQOP, 956 _In_ PSecBufferDesc pMessage, 957 _In_ ULONG MessageSeqNo); 958 959 typedef 960 SECURITY_STATUS 961 (SEC_ENTRY * MAKE_SIGNATURE_FN)( 962 PCtxtHandle, 963 ULONG, 964 PSecBufferDesc, 965 ULONG); 966 967 KSECDDDECLSPEC 968 SECURITY_STATUS 969 SEC_ENTRY 970 QueryContextAttributesW( 971 _In_ PCtxtHandle phContext, 972 _In_ ULONG ulAttribute, 973 _Out_ PVOID pBuffer); 974 #define QueryContextAttributes QueryContextAttributesW 975 976 typedef 977 SECURITY_STATUS 978 (SEC_ENTRY * QUERY_CONTEXT_ATTRIBUTES_FN_W)( 979 PCtxtHandle, 980 ULONG, 981 PVOID); 982 #define QUERY_CONTEXT_ATTRIBUTES_FN QUERY_CONTEXT_ATTRIBUTES_FN_W 983 984 KSECDDDECLSPEC 985 SECURITY_STATUS 986 SEC_ENTRY 987 QueryCredentialsAttributesW( 988 _In_ PCredHandle phCredential, 989 _In_ ULONG ulAttribute, 990 _Inout_ PVOID pBuffer); 991 #define QueryCredentialsAttributes QueryCredentialsAttributesW 992 993 typedef 994 SECURITY_STATUS 995 (SEC_ENTRY * QUERY_CREDENTIALS_ATTRIBUTES_FN_W)( 996 PCredHandle, 997 ULONG, 998 PVOID); 999 #define QUERY_CREDENTIALS_ATTRIBUTES_FN QUERY_CREDENTIALS_ATTRIBUTES_FN_W 1000 1001 KSECDDDECLSPEC 1002 SECURITY_STATUS 1003 SEC_ENTRY 1004 QuerySecurityContextToken( 1005 _In_ PCtxtHandle phContext, 1006 _Out_ PVOID* Token); 1007 1008 typedef 1009 SECURITY_STATUS 1010 (SEC_ENTRY * QUERY_SECURITY_CONTEXT_TOKEN_FN)( 1011 PCtxtHandle, PVOID *); 1012 1013 KSECDDDECLSPEC 1014 SECURITY_STATUS 1015 SEC_ENTRY 1016 QuerySecurityPackageInfoW( 1017 _In_ PSSPI_SEC_STRING pPackageName, 1018 _Deref_out_ PSecPkgInfoW *ppPackageInfo); 1019 #define QuerySecurityPackageInfo QuerySecurityPackageInfoW 1020 1021 typedef 1022 SECURITY_STATUS 1023 (SEC_ENTRY * QUERY_SECURITY_PACKAGE_INFO_FN_W)( 1024 PSSPI_SEC_STRING, 1025 PSecPkgInfoW *); 1026 #define QUERY_SECURITY_PACKAGE_INFO_FN QUERY_SECURITY_PACKAGE_INFO_FN_W 1027 1028 KSECDDDECLSPEC 1029 SECURITY_STATUS 1030 SEC_ENTRY 1031 RevertSecurityContext( 1032 _In_ PCtxtHandle phContext); 1033 1034 typedef 1035 SECURITY_STATUS 1036 (SEC_ENTRY * REVERT_SECURITY_CONTEXT_FN)( 1037 PCtxtHandle); 1038 1039 #if (OSVER(NTDDI_VERSION) > NTDDI_WIN2K) 1040 SECURITY_STATUS 1041 SEC_ENTRY 1042 SetContextAttributesW( 1043 _In_ PCtxtHandle phContext, 1044 _In_ ULONG ulAttribute, 1045 _In_bytecount_(cbBuffer) PVOID pBuffer, 1046 _In_ ULONG cbBuffer); 1047 #define SetContextAttributes SetContextAttributesW 1048 1049 typedef 1050 SECURITY_STATUS 1051 (SEC_ENTRY * SET_CONTEXT_ATTRIBUTES_FN_W)( 1052 PCtxtHandle, 1053 ULONG, 1054 PVOID, 1055 ULONG); 1056 #define SET_CONTEXT_ATTRIBUTES_FN SET_CONTEXT_ATTRIBUTES_FN_W 1057 #endif 1058 1059 #if (NTDDI_VERSION > NTDDI_WS03) 1060 KSECDDDECLSPEC 1061 SECURITY_STATUS 1062 SEC_ENTRY 1063 SetCredentialsAttributesW( 1064 _In_ PCredHandle phCredential, 1065 _In_ ULONG ulAttribute, 1066 _In_bytecount_(cbBuffer) PVOID pBuffer, 1067 _In_ ULONG cbBuffer); 1068 #define SetCredentialsAttributes SetCredentialsAttributesW 1069 1070 typedef 1071 SECURITY_STATUS 1072 (SEC_ENTRY * SET_CREDENTIALS_ATTRIBUTES_FN_W)( 1073 PCredHandle, 1074 ULONG, 1075 PVOID, 1076 ULONG); 1077 #define SET_CREDENTIALS_ATTRIBUTES_FN SET_CREDENTIALS_ATTRIBUTES_FN_W 1078 #endif /* NTDDI_VERSION > NTDDI_WS03 */ 1079 1080 KSECDDDECLSPEC 1081 SECURITY_STATUS 1082 SEC_ENTRY 1083 VerifySignature( 1084 _In_ PCtxtHandle phContext, 1085 _In_ PSecBufferDesc pMessage, 1086 _In_ ULONG MessageSeqNo, 1087 _Out_ PULONG pfQOP); 1088 1089 typedef 1090 SECURITY_STATUS 1091 (SEC_ENTRY * VERIFY_SIGNATURE_FN)( 1092 PCtxtHandle, 1093 PSecBufferDesc, 1094 ULONG, 1095 PULONG); 1096 1097 #if (ISSP_MODE == 0) 1098 1099 KSECDDDECLSPEC 1100 NTSTATUS 1101 NTAPI 1102 SecMakeSPN( 1103 _In_ PUNICODE_STRING ServiceClass, 1104 _In_ PUNICODE_STRING ServiceName, 1105 _In_opt_ PUNICODE_STRING InstanceName, 1106 _In_opt_ USHORT InstancePort, 1107 _In_opt_ PUNICODE_STRING Referrer, 1108 _Inout_ PUNICODE_STRING Spn, 1109 _Out_opt_ PULONG Length, 1110 _In_ BOOLEAN Allocate); 1111 1112 #if (NTDDI_VERSION >= NTDDI_WINXP) 1113 KSECDDDECLSPEC 1114 NTSTATUS 1115 NTAPI 1116 SecMakeSPNEx( 1117 _In_ PUNICODE_STRING ServiceClass, 1118 _In_ PUNICODE_STRING ServiceName, 1119 _In_opt_ PUNICODE_STRING InstanceName, 1120 _In_opt_ USHORT InstancePort, 1121 _In_opt_ PUNICODE_STRING Referrer, 1122 _In_opt_ PUNICODE_STRING TargetInfo, 1123 _Inout_ PUNICODE_STRING Spn, 1124 _Out_ PULONG Length OPTIONAL, 1125 _In_ BOOLEAN Allocate); 1126 1127 KSECDDDECLSPEC 1128 NTSTATUS 1129 SEC_ENTRY 1130 SecLookupAccountSid( 1131 _In_ PSID Sid, 1132 _Out_ PULONG NameSize, 1133 _Inout_ PUNICODE_STRING NameBuffer, 1134 _Out_ PULONG DomainSize OPTIONAL, 1135 _Out_opt_ PUNICODE_STRING DomainBuffer, 1136 _Out_ PSID_NAME_USE NameUse); 1137 1138 KSECDDDECLSPEC 1139 NTSTATUS 1140 SEC_ENTRY 1141 SecLookupAccountName( 1142 _In_ PUNICODE_STRING Name, 1143 _Inout_ PULONG SidSize, 1144 _Out_ PSID Sid, 1145 _Out_ PSID_NAME_USE NameUse, 1146 _Out_opt_ PULONG DomainSize, // WDK says _Out_ only + ... OPTIONAL 1147 _Inout_opt_ PUNICODE_STRING ReferencedDomain); 1148 #endif 1149 1150 #if (NTDDI_VERSION >= NTDDI_WS03) 1151 KSECDDDECLSPEC 1152 NTSTATUS 1153 SEC_ENTRY 1154 SecLookupWellKnownSid( 1155 _In_ WELL_KNOWN_SID_TYPE SidType, 1156 _Out_ PSID Sid, 1157 _In_ ULONG SidBufferSize, 1158 _Inout_opt_ PULONG SidSize); 1159 #endif 1160 1161 #if (NTDDI_VERSION >= NTDDI_VISTA) 1162 KSECDDDECLSPEC 1163 NTSTATUS 1164 NTAPI 1165 SecMakeSPNEx2( 1166 _In_ PUNICODE_STRING ServiceClass, 1167 _In_ PUNICODE_STRING ServiceName, 1168 _In_opt_ PUNICODE_STRING InstanceName, 1169 _In_opt_ USHORT InstancePort, 1170 _In_opt_ PUNICODE_STRING Referrer, 1171 _In_opt_ PUNICODE_STRING InTargetInfo, 1172 _Inout_ PUNICODE_STRING Spn, 1173 _Out_opt_ PULONG TotalSize, 1174 _In_ BOOLEAN Allocate, 1175 _In_ BOOLEAN IsTargetInfoMarshaled); 1176 #endif 1177 1178 #endif /* ISSP_MODE == 0 */ 1179 1180 #if (NTDDI_VERSION >= NTDDI_WIN7) 1181 1182 SECURITY_STATUS 1183 SEC_ENTRY 1184 SspiEncodeAuthIdentityAsStrings( 1185 _In_ PSEC_WINNT_AUTH_IDENTITY_OPAQUE pAuthIdentity, 1186 _Deref_out_opt_ PCWSTR* ppszUserName, 1187 _Deref_out_opt_ PCWSTR* ppszDomainName, 1188 _Deref_opt_out_opt_ PCWSTR* ppszPackedCredentialsString); 1189 1190 SECURITY_STATUS 1191 SEC_ENTRY 1192 SspiValidateAuthIdentity( 1193 _In_ PSEC_WINNT_AUTH_IDENTITY_OPAQUE AuthData); 1194 1195 SECURITY_STATUS 1196 SEC_ENTRY 1197 SspiCopyAuthIdentity( 1198 _In_ PSEC_WINNT_AUTH_IDENTITY_OPAQUE AuthData, 1199 _Deref_out_ PSEC_WINNT_AUTH_IDENTITY_OPAQUE* AuthDataCopy); 1200 1201 VOID 1202 SEC_ENTRY 1203 SspiFreeAuthIdentity( 1204 _In_opt_ PSEC_WINNT_AUTH_IDENTITY_OPAQUE AuthData); 1205 1206 VOID 1207 SEC_ENTRY 1208 SspiZeroAuthIdentity( 1209 _In_opt_ PSEC_WINNT_AUTH_IDENTITY_OPAQUE AuthData); 1210 1211 VOID 1212 SEC_ENTRY 1213 SspiLocalFree( 1214 _In_opt_ PVOID DataBuffer); 1215 1216 SECURITY_STATUS 1217 SEC_ENTRY 1218 SspiEncodeStringsAsAuthIdentity( 1219 _In_opt_ PCWSTR pszUserName, 1220 _In_opt_ PCWSTR pszDomainName, 1221 _In_opt_ PCWSTR pszPackedCredentialsString, 1222 _Deref_out_ PSEC_WINNT_AUTH_IDENTITY_OPAQUE* ppAuthIdentity); 1223 1224 SECURITY_STATUS 1225 SEC_ENTRY 1226 SspiCompareAuthIdentities( 1227 _In_opt_ PSEC_WINNT_AUTH_IDENTITY_OPAQUE AuthIdentity1, 1228 _In_opt_ PSEC_WINNT_AUTH_IDENTITY_OPAQUE AuthIdentity2, 1229 _Out_opt_ PBOOLEAN SameSuppliedUser, 1230 _Out_opt_ PBOOLEAN SameSuppliedIdentity); 1231 1232 SECURITY_STATUS 1233 SEC_ENTRY 1234 SspiMarshalAuthIdentity( 1235 _In_ PSEC_WINNT_AUTH_IDENTITY_OPAQUE AuthIdentity, 1236 _Out_ PULONG AuthIdentityLength, 1237 _Outptr_result_bytebuffer_(*AuthIdentityLength) PCHAR* AuthIdentityByteArray); 1238 1239 SECURITY_STATUS 1240 SEC_ENTRY 1241 SspiUnmarshalAuthIdentity( 1242 _In_ PULONG AuthIdentityLength, 1243 _In_reads_bytes_(AuthIdentityLength) PCHAR AuthIdentityByteArray, 1244 _Outptr_ PSEC_WINNT_AUTH_IDENTITY_OPAQUE* ppAuthIdentity); 1245 1246 BOOLEAN 1247 SEC_ENTRY 1248 SspiIsPromptingNeeded( 1249 _In_ PULONG ErrorOrNtStatus); 1250 1251 SECURITY_STATUS 1252 SEC_ENTRY 1253 SspiGetTargetHostName( 1254 _In_ PCWSTR pszTargetName, 1255 _Outptr_ PWSTR* pszHostName); 1256 1257 SECURITY_STATUS 1258 SEC_ENTRY 1259 SspiExcludePackage( 1260 _In_opt_ PSEC_WINNT_AUTH_IDENTITY_OPAQUE AuthIdentity, 1261 _In_ PCWSTR pszPackageName, 1262 _Outptr_ PSEC_WINNT_AUTH_IDENTITY_OPAQUE* ppNewAuthIdentity); 1263 1264 #define SEC_WINNT_AUTH_IDENTITY_MARSHALLED 0x04 1265 #define SEC_WINNT_AUTH_IDENTITY_ONLY 0x08 1266 1267 #endif /* NTDDI_VERSION >= NTDDI_WIN7 */ 1268 1269 #define FreeCredentialHandle FreeCredentialsHandle 1270 struct _SECURITY_FUNCTION_TABLE_W 1271 { 1272 ULONG dwVersion; 1273 ENUMERATE_SECURITY_PACKAGES_FN_W EnumerateSecurityPackagesW; 1274 QUERY_CREDENTIALS_ATTRIBUTES_FN_W QueryCredentialsAttributesW; 1275 ACQUIRE_CREDENTIALS_HANDLE_FN_W AcquireCredentialsHandleW; 1276 FREE_CREDENTIALS_HANDLE_FN FreeCredentialsHandle; 1277 PVOID Reserved2; 1278 INITIALIZE_SECURITY_CONTEXT_FN_W InitializeSecurityContextW; 1279 ACCEPT_SECURITY_CONTEXT_FN AcceptSecurityContext; 1280 COMPLETE_AUTH_TOKEN_FN CompleteAuthToken; 1281 DELETE_SECURITY_CONTEXT_FN DeleteSecurityContext; 1282 APPLY_CONTROL_TOKEN_FN ApplyControlToken; 1283 QUERY_CONTEXT_ATTRIBUTES_FN_W QueryContextAttributesW; 1284 IMPERSONATE_SECURITY_CONTEXT_FN ImpersonateSecurityContext; 1285 REVERT_SECURITY_CONTEXT_FN RevertSecurityContext; 1286 MAKE_SIGNATURE_FN MakeSignature; 1287 VERIFY_SIGNATURE_FN VerifySignature; 1288 FREE_CONTEXT_BUFFER_FN FreeContextBuffer; 1289 QUERY_SECURITY_PACKAGE_INFO_FN_W QuerySecurityPackageInfoW; 1290 PVOID Reserved3; 1291 PVOID Reserved4; 1292 EXPORT_SECURITY_CONTEXT_FN ExportSecurityContext; 1293 IMPORT_SECURITY_CONTEXT_FN_W ImportSecurityContextW; 1294 ADD_CREDENTIALS_FN_W AddCredentialsW ; 1295 PVOID Reserved8; 1296 QUERY_SECURITY_CONTEXT_TOKEN_FN QuerySecurityContextToken; 1297 ENCRYPT_MESSAGE_FN EncryptMessage; 1298 DECRYPT_MESSAGE_FN DecryptMessage; 1299 #if OSVER(NTDDI_VERSION) > NTDDI_WIN2K 1300 SET_CONTEXT_ATTRIBUTES_FN_W SetContextAttributesW; 1301 #endif 1302 #if NTDDI_VERSION > NTDDI_WS03SP1 1303 SET_CREDENTIALS_ATTRIBUTES_FN_W SetCredentialsAttributesW; 1304 #endif 1305 #if ISSP_MODE != 0 1306 CHANGE_PASSWORD_FN_W ChangeAccountPasswordW; 1307 #else 1308 PVOID Reserved9; 1309 #endif 1310 }; 1311 1312 #endif /* !__SSPI_H__ */ 1313