1 /** 2 * @file ntsecpkg.h 3 * Copyright 2012, 2013 MinGW.org project 4 * 5 * Permission is hereby granted, free of charge, to any person obtaining a 6 * copy of this software and associated documentation files (the "Software"), 7 * to deal in the Software without restriction, including without limitation 8 * the rights to use, copy, modify, merge, publish, distribute, sublicense, 9 * and/or sell copies of the Software, and to permit persons to whom the 10 * Software is furnished to do so, subject to the following conditions: 11 * 12 * The above copyright notice and this permission notice (including the next 13 * paragraph) shall be included in all copies or substantial portions of the 14 * Software. 15 * 16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 19 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING 21 * FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER 22 * DEALINGS IN THE SOFTWARE. 23 */ 24 #ifndef _NTSECPKG_H 25 #define _NTSECPKG_H 26 #pragma GCC system_header 27 #include <_mingw.h> 28 29 #include "windef.h" 30 #include "ntsecapi.h" 31 #include "security.h" 32 33 #ifdef __cplusplus 34 extern "C" { 35 #endif 36 37 #define ISC_REQ_DELEGATE 1 38 #define ISC_REQ_MUTUAL_AUTH 2 39 #define ISC_REQ_REPLAY_DETECT 4 40 #define ISC_REQ_SEQUENCE_DETECT 8 41 #define ISC_REQ_CONFIDENTIALITY 16 42 #define ISC_REQ_USE_SESSION_KEY 32 43 #define ISC_REQ_PROMPT_FOR_CREDS 64 44 #define ISC_REQ_USE_SUPPLIED_CREDS 128 45 #define ISC_REQ_ALLOCATE_MEMORY 256 46 #define ISC_REQ_USE_DCE_STYLE 512 47 #define ISC_REQ_DATAGRAM 1024 48 #define ISC_REQ_CONNECTION 2048 49 #define ISC_REQ_EXTENDED_ERROR 16384 50 #define ISC_REQ_STREAM 32768 51 #define ISC_REQ_INTEGRITY 65536 52 #define ISC_REQ_MANUAL_CRED_VALIDATION 524288 53 #define ISC_REQ_HTTP 268435456 54 55 #define ISC_RET_EXTENDED_ERROR 16384 56 57 #define ASC_REQ_DELEGATE 1 58 #define ASC_REQ_MUTUAL_AUTH 2 59 #define ASC_REQ_REPLAY_DETECT 4 60 #define ASC_REQ_SEQUENCE_DETECT 8 61 #define ASC_REQ_CONFIDENTIALITY 16 62 #define ASC_REQ_USE_SESSION_KEY 32 63 #define ASC_REQ_ALLOCATE_MEMORY 256 64 #define ASC_REQ_USE_DCE_STYLE 512 65 #define ASC_REQ_DATAGRAM 1024 66 #define ASC_REQ_CONNECTION 2048 67 #define ASC_REQ_EXTENDED_ERROR 32768 68 #define ASC_REQ_STREAM 65536 69 #define ASC_REQ_INTEGRITY 131072 70 71 #define SECURITY_NATIVE_DREP 16 72 #define SECURITY_NETWORK_DREP 0 73 74 #define SECPKG_STATE_ENCRYPTION_PERMITTED 0x01 75 #define SECPKG_STATE_STRONG_ENCRYPTION_PERMITTED 0x02 76 #define SECPKG_STATE_DOMAIN_CONTROLLER 0x04 77 #define SECPKG_STATE_WORKSTATION 0x08 78 #define SECPKG_STATE_STANDALONE 0x10 79 80 /* enum definitions for Secure Service Provider/Authentication Packages */ 81 typedef enum _LSA_TOKEN_INFORMATION_TYPE { 82 LsaTokenInformationNull, 83 LsaTokenInformationV1 84 } LSA_TOKEN_INFORMATION_TYPE, *PLSA_TOKEN_INFORMATION_TYPE; 85 typedef enum _SECPKG_EXTENDED_INFORMATION_CLASS 86 { 87 SecpkgGssInfo = 1, 88 SecpkgContextThunks, 89 SecpkgMutualAuthLevel, 90 SecpkgMaxInfo 91 } SECPKG_EXTENDED_INFORMATION_CLASS; 92 typedef enum _SECPKG_NAME_TYPE { 93 SecNameSamCompatible, 94 SecNameAlternateId, 95 SecNameFlat, 96 SecNameDN 97 } SECPKG_NAME_TYPE; 98 99 /* struct definitions for SSP/AP */ 100 typedef struct _SECPKG_PRIMARY_CRED { 101 LUID LogonId; 102 UNICODE_STRING DownlevelName; 103 UNICODE_STRING DomainName; 104 UNICODE_STRING Password; 105 UNICODE_STRING OldPassword; 106 PSID UserSid; 107 ULONG Flags; 108 UNICODE_STRING DnsDomainName; 109 UNICODE_STRING Upn; 110 UNICODE_STRING LogonServer; 111 UNICODE_STRING Spare1; 112 UNICODE_STRING Spare2; 113 UNICODE_STRING Spare3; 114 UNICODE_STRING Spare4; 115 } SECPKG_PRIMARY_CRED, *PSECPKG_PRIMARY_CRED; 116 typedef struct _SECPKG_SUPPLEMENTAL_CRED { 117 UNICODE_STRING PackageName; 118 ULONG CredentialSize; 119 PUCHAR Credentials; 120 } SECPKG_SUPPLEMENTAL_CRED, *PSECPKG_SUPPLEMENTAL_CRED; 121 typedef struct _SECPKG_SUPPLEMENTAL_CRED_ARRAY { 122 ULONG CredentialCount; 123 SECPKG_SUPPLEMENTAL_CRED Credentials[1]; 124 } SECPKG_SUPPLEMENTAL_CRED_ARRAY, *PSECPKG_SUPPLEMENTAL_CRED_ARRAY; 125 typedef struct _SECPKG_PARAMETERS { 126 ULONG Version; 127 ULONG MachineState; 128 ULONG SetupMode; 129 PSID DomainSid; 130 UNICODE_STRING DomainName; 131 UNICODE_STRING DnsDomainName; 132 GUID DomainGuid; 133 } SECPKG_PARAMETERS, *PSECPKG_PARAMETERS, 134 SECPKG_EVENT_DOMAIN_CHANGE, *PSECPKG_EVENT_DOMAIN_CHANGE; 135 typedef struct _SECPKG_CLIENT_INFO { 136 LUID LogonId; 137 ULONG ProcessID; 138 ULONG ThreadID; 139 BOOLEAN HasTcbPrivilege; 140 BOOLEAN Impersonating; 141 BOOLEAN Restricted; 142 } SECPKG_CLIENT_INFO, 143 *PSECPKG_CLIENT_INFO; 144 typedef struct _SECURITY_USER_DATA { 145 SECURITY_STRING UserName; 146 SECURITY_STRING LogonDomainName; 147 SECURITY_STRING LogonServer; 148 PSID pSid; 149 } SECURITY_USER_DATA, *PSECURITY_USER_DATA, 150 SecurityUserData, *PSecurityUserData; 151 typedef struct _SECPKG_GSS_INFO { 152 ULONG EncodedIdLength; 153 UCHAR EncodedId[4]; 154 } SECPKG_GSS_INFO, *PSECPKG_GSS_INFO; 155 typedef struct _SECPKG_CONTEXT_THUNKS { 156 ULONG InfoLevelCount; 157 ULONG Levels[1]; 158 } SECPKG_CONTEXT_THUNKS, *PSECPKG_CONTEXT_THUNKS; 159 typedef struct _SECPKG_MUTUAL_AUTH_LEVEL { 160 ULONG MutualAuthLevel; 161 } SECPKG_MUTUAL_AUTH_LEVEL, *PSECPKG_MUTUAL_AUTH_LEVEL; 162 typedef struct _SECPKG_CALL_INFO { 163 ULONG ProcessId; 164 ULONG ThreadId; 165 ULONG Attributes; 166 ULONG CallCount; 167 } SECPKG_CALL_INFO, *PSECPKG_CALL_INFO; 168 typedef struct _SECPKG_EXTENDED_INFORMATION { 169 SECPKG_EXTENDED_INFORMATION_CLASS Class; 170 union { 171 SECPKG_GSS_INFO GssInfo; 172 SECPKG_CONTEXT_THUNKS ContextThunks; 173 SECPKG_MUTUAL_AUTH_LEVEL MutualAuthLevel; 174 } Info; 175 } SECPKG_EXTENDED_INFORMATION, *PSECPKG_EXTENDED_INFORMATION; 176 177 /* callbacks implemented by SSP/AP dlls and called by the LSA */ 178 typedef VOID (NTAPI *PLSA_CALLBACK_FUNCTION)(ULONG_PTR, ULONG_PTR, PSecBuffer, 179 PSecBuffer); 180 181 /* misc typedefs used in the below prototypes */ 182 typedef PVOID *PLSA_CLIENT_REQUEST; 183 typedef ULONG LSA_SEC_HANDLE, *PLSA_SEC_HANDLE; 184 typedef LPTHREAD_START_ROUTINE SEC_THREAD_START; 185 typedef PSECURITY_ATTRIBUTES SEC_ATTRS; 186 187 /* functions used by SSP/AP obtainable by dispatch tables */ 188 typedef NTSTATUS (NTAPI *PLSA_REGISTER_CALLBACK)(ULONG, PLSA_CALLBACK_FUNCTION); 189 typedef NTSTATUS (NTAPI *PLSA_CREATE_LOGON_SESSION)(PLUID); 190 typedef NTSTATUS (NTAPI *PLSA_DELETE_LOGON_SESSION)(PLUID); 191 typedef NTSTATUS (NTAPI *PLSA_ADD_CREDENTIAL)(PLUID, ULONG, PLSA_STRING, 192 PLSA_STRING); 193 typedef NTSTATUS (NTAPI *PLSA_GET_CREDENTIALS)(PLUID, ULONG, PULONG, BOOLEAN, 194 PLSA_STRING, PULONG, PLSA_STRING); 195 typedef NTSTATUS (NTAPI *PLSA_DELETE_CREDENTIAL)(PLUID, ULONG, PLSA_STRING); 196 typedef PVOID (NTAPI *PLSA_ALLOCATE_LSA_HEAP)(ULONG); 197 typedef VOID (NTAPI *PLSA_FREE_LSA_HEAP)(PVOID); 198 typedef NTSTATUS (NTAPI *PLSA_ALLOCATE_CLIENT_BUFFER)(PLSA_CLIENT_REQUEST, 199 ULONG, PVOID*); 200 typedef NTSTATUS (NTAPI *PLSA_FREE_CLIENT_BUFFER)(PLSA_CLIENT_REQUEST, PVOID); 201 typedef NTSTATUS (NTAPI *PLSA_COPY_TO_CLIENT_BUFFER)(PLSA_CLIENT_REQUEST, ULONG, 202 PVOID, PVOID); 203 typedef NTSTATUS (NTAPI *PLSA_COPY_FROM_CLIENT_BUFFER)(PLSA_CLIENT_REQUEST, 204 ULONG, PVOID, PVOID); 205 typedef NTSTATUS (NTAPI *PLSA_IMPERSONATE_CLIENT)(void); 206 typedef NTSTATUS (NTAPI *PLSA_UNLOAD_PACKAGE)(void); 207 typedef NTSTATUS (NTAPI *PLSA_DUPLICATE_HANDLE)(HANDLE, PHANDLE); 208 typedef NTSTATUS (NTAPI *PLSA_SAVE_SUPPLEMENTAL_CREDENTIALS)(PLUID, ULONG, 209 PVOID, BOOLEAN); 210 typedef HANDLE (NTAPI *PLSA_CREATE_THREAD)(SEC_ATTRS, ULONG, SEC_THREAD_START, 211 PVOID, ULONG, PULONG); 212 typedef NTSTATUS (NTAPI *PLSA_GET_CLIENT_INFO)(PSECPKG_CLIENT_INFO); 213 typedef HANDLE (NTAPI *PLSA_REGISTER_NOTIFICATION)(SEC_THREAD_START, PVOID, 214 ULONG, ULONG, ULONG, ULONG, HANDLE); 215 typedef NTSTATUS (NTAPI *PLSA_CANCEL_NOTIFICATION)(HANDLE); 216 typedef NTSTATUS (NTAPI *PLSA_MAP_BUFFER)(PSecBuffer, PSecBuffer); 217 typedef NTSTATUS (NTAPI *PLSA_CREATE_TOKEN)(PLUID, PTOKEN_SOURCE, 218 SECURITY_LOGON_TYPE, SECURITY_IMPERSONATION_LEVEL, LSA_TOKEN_INFORMATION_TYPE, 219 PVOID, PTOKEN_GROUPS, PUNICODE_STRING, PUNICODE_STRING, PUNICODE_STRING, 220 PUNICODE_STRING, PHANDLE, PNTSTATUS); 221 typedef VOID (NTAPI *PLSA_AUDIT_LOGON)(NTSTATUS, NTSTATUS, PUNICODE_STRING, 222 PUNICODE_STRING, PUNICODE_STRING, OPTIONAL PSID, SECURITY_LOGON_TYPE, 223 PTOKEN_SOURCE, PLUID); 224 typedef NTSTATUS (NTAPI *PLSA_CALL_PACKAGE)(PUNICODE_STRING, PVOID, ULONG, 225 PVOID*, PULONG, PNTSTATUS); 226 typedef VOID (NTAPI *PLSA_FREE_LSA_HEAP)(PVOID); 227 typedef BOOLEAN (NTAPI *PLSA_GET_CALL_INFO)(PSECPKG_CALL_INFO); 228 typedef NTSTATUS (NTAPI *PLSA_CALL_PACKAGEEX)(PUNICODE_STRING, PVOID, PVOID, 229 ULONG, PVOID*, PULONG, PNTSTATUS); 230 typedef PVOID (NTAPI *PLSA_CREATE_SHARED_MEMORY)(ULONG, ULONG); 231 typedef PVOID (NTAPI *PLSA_ALLOCATE_SHARED_MEMORY)(PVOID, ULONG); 232 typedef VOID (NTAPI *PLSA_FREE_SHARED_MEMORY)(PVOID, PVOID); 233 typedef BOOLEAN (NTAPI *PLSA_DELETE_SHARED_MEMORY)(PVOID); 234 typedef NTSTATUS (NTAPI *PLSA_OPEN_SAM_USER)(PSECURITY_STRING, SECPKG_NAME_TYPE, 235 PSECURITY_STRING, BOOLEAN, ULONG, PVOID*); 236 typedef NTSTATUS (NTAPI *PLSA_GET_USER_CREDENTIALS)(PVOID, PVOID *, PULONG, 237 PVOID *, PULONG); 238 typedef NTSTATUS (NTAPI *PLSA_GET_USER_AUTH_DATA)(PVOID, PUCHAR *, PULONG); 239 typedef NTSTATUS (NTAPI *PLSA_CLOSE_SAM_USER)(PVOID); 240 typedef NTSTATUS (NTAPI *PLSA_CONVERT_AUTH_DATA_TO_TOKEN)(PVOID, ULONG, 241 SECURITY_IMPERSONATION_LEVEL, PTOKEN_SOURCE, SECURITY_LOGON_TYPE, 242 PUNICODE_STRING, PHANDLE, PLUID, PUNICODE_STRING, PNTSTATUS); 243 typedef NTSTATUS (NTAPI *PLSA_CLIENT_CALLBACK)(PCHAR, ULONG_PTR, ULONG_PTR, 244 PSecBuffer, PSecBuffer); 245 typedef NTSTATUS (NTAPI *PLSA_UPDATE_PRIMARY_CREDENTIALS)(PSECPKG_PRIMARY_CRED, PSECPKG_SUPPLEMENTAL_CRED_ARRAY); 246 typedef NTSTATUS (NTAPI *PLSA_GET_AUTH_DATA_FOR_USER)(PSECURITY_STRING, 247 SECPKG_NAME_TYPE, PSECURITY_STRING, PUCHAR *, PULONG, PUNICODE_STRING); 248 typedef NTSTATUS (NTAPI *PLSA_CRACK_SINGLE_NAME)(ULONG, BOOLEAN, 249 PUNICODE_STRING, PUNICODE_STRING, ULONG, PUNICODE_STRING, PUNICODE_STRING, 250 PULONG); 251 typedef NTSTATUS (NTAPI *PLSA_AUDIT_ACCOUNT_LOGON)(ULONG, BOOLEAN, 252 PUNICODE_STRING, PUNICODE_STRING, PUNICODE_STRING, NTSTATUS); 253 typedef NTSTATUS (NTAPI *PLSA_CALL_PACKAGE_PASSTHROUGH)(PUNICODE_STRING, PVOID, 254 PVOID, ULONG, PVOID*, PULONG, PNTSTATUS); 255 256 /* Dispatch tables of functions used by SSP/AP */ 257 typedef struct SECPKG_DLL_FUNCTIONS { 258 PLSA_ALLOCATE_LSA_HEAP AllocateHeap; 259 PLSA_FREE_LSA_HEAP FreeHeap; 260 PLSA_REGISTER_CALLBACK RegisterCallback; 261 } SECPKG_DLL_FUNCTIONS, 262 *PSECPKG_DLL_FUNCTIONS; 263 typedef struct LSA_DISPATCH_TABLE { 264 PLSA_CREATE_LOGON_SESSION CreateLogonSession; 265 PLSA_DELETE_LOGON_SESSION DeleteLogonSession; 266 PLSA_ADD_CREDENTIAL AddCredential; 267 PLSA_GET_CREDENTIALS GetCredentials; 268 PLSA_DELETE_CREDENTIAL DeleteCredential; 269 PLSA_ALLOCATE_LSA_HEAP AllocateLsaHeap; 270 PLSA_FREE_LSA_HEAP FreeLsaHeap; 271 PLSA_ALLOCATE_CLIENT_BUFFER AllocateClientBuffer; 272 PLSA_FREE_CLIENT_BUFFER FreeClientBuffer; 273 PLSA_COPY_TO_CLIENT_BUFFER CopyToClientBuffer; 274 PLSA_COPY_FROM_CLIENT_BUFFER CopyFromClientBuffer; 275 } LSA_DISPATCH_TABLE, 276 *PLSA_DISPATCH_TABLE; 277 typedef struct _LSA_SECPKG_FUNCTION_TABLE { 278 PLSA_CREATE_LOGON_SESSION CreateLogonSession; 279 PLSA_DELETE_LOGON_SESSION DeleteLogonSession; 280 PLSA_ADD_CREDENTIAL AddCredential; 281 PLSA_GET_CREDENTIALS GetCredentials; 282 PLSA_DELETE_CREDENTIAL DeleteCredential; 283 PLSA_ALLOCATE_LSA_HEAP AllocateLsaHeap; 284 PLSA_FREE_LSA_HEAP FreeLsaHeap; 285 PLSA_ALLOCATE_CLIENT_BUFFER AllocateClientBuffer; 286 PLSA_FREE_CLIENT_BUFFER FreeClientBuffer; 287 PLSA_COPY_TO_CLIENT_BUFFER CopyToClientBuffer; 288 PLSA_COPY_FROM_CLIENT_BUFFER CopyFromClientBuffer; 289 PLSA_IMPERSONATE_CLIENT ImpersonateClient; 290 PLSA_UNLOAD_PACKAGE UnloadPackage; 291 PLSA_DUPLICATE_HANDLE DuplicateHandle; 292 PLSA_SAVE_SUPPLEMENTAL_CREDENTIALS SaveSupplementalCredentials; 293 PLSA_CREATE_THREAD CreateThread; 294 PLSA_GET_CLIENT_INFO GetClientInfo; 295 PLSA_REGISTER_NOTIFICATION RegisterNotification; 296 PLSA_CANCEL_NOTIFICATION CancelNotification; 297 PLSA_MAP_BUFFER MapBuffer; 298 PLSA_CREATE_TOKEN CreateToken; 299 PLSA_AUDIT_LOGON AuditLogon; 300 PLSA_CALL_PACKAGE CallPackage; 301 PLSA_FREE_LSA_HEAP FreeReturnBuffer; 302 PLSA_GET_CALL_INFO GetCallInfo; 303 PLSA_CALL_PACKAGEEX CallPackageEx; 304 PLSA_CREATE_SHARED_MEMORY CreateSharedMemory; 305 PLSA_ALLOCATE_SHARED_MEMORY AllocateSharedMemory; 306 PLSA_FREE_SHARED_MEMORY FreeSharedMemory; 307 PLSA_DELETE_SHARED_MEMORY DeleteSharedMemory; 308 PLSA_OPEN_SAM_USER OpenSamUser; 309 PLSA_GET_USER_CREDENTIALS GetUserCredentials; 310 PLSA_GET_USER_AUTH_DATA GetUserAuthData; 311 PLSA_CLOSE_SAM_USER CloseSamUser; 312 PLSA_CONVERT_AUTH_DATA_TO_TOKEN ConvertAuthDataToToken; 313 PLSA_CLIENT_CALLBACK ClientCallback; 314 PLSA_UPDATE_PRIMARY_CREDENTIALS UpdateCredentials; 315 PLSA_GET_AUTH_DATA_FOR_USER GetAuthDataForUser; 316 PLSA_CRACK_SINGLE_NAME CrackSingleName; 317 PLSA_AUDIT_ACCOUNT_LOGON AuditAccountLogon; 318 PLSA_CALL_PACKAGE_PASSTHROUGH CallPackagePassthrough; 319 } LSA_SECPKG_FUNCTION_TABLE, 320 *PLSA_SECPKG_FUNCTION_TABLE; 321 322 /* functions implemented by SSP/AP obtainable by dispatch tables */ 323 typedef NTSTATUS (NTAPI *PLSA_AP_INITIALIZE_PACKAGE)(ULONG, PLSA_DISPATCH_TABLE, 324 PLSA_STRING, PLSA_STRING, PLSA_STRING *); 325 typedef NTSTATUS (NTAPI *PLSA_AP_LOGON_USER)(LPWSTR, LPWSTR, LPWSTR, LPWSTR, 326 DWORD, DWORD, PHANDLE); 327 typedef NTSTATUS (NTAPI *PLSA_AP_CALL_PACKAGE)(PUNICODE_STRING, PVOID, ULONG, 328 PVOID *, PULONG, PNTSTATUS); 329 typedef VOID (NTAPI *PLSA_AP_LOGON_TERMINATED)(PLUID); 330 typedef NTSTATUS (NTAPI *PLSA_AP_CALL_PACKAGE_UNTRUSTED)(PLSA_CLIENT_REQUEST, 331 PVOID, PVOID, ULONG, PVOID *, PULONG, PNTSTATUS); 332 typedef NTSTATUS (NTAPI *PLSA_AP_CALL_PACKAGE_PASSTHROUGH)(PUNICODE_STRING, 333 PVOID, PVOID, ULONG, PVOID *, PULONG, PNTSTATUS); 334 typedef NTSTATUS (NTAPI *PLSA_AP_LOGON_USER_EX)(PLSA_CLIENT_REQUEST, 335 SECURITY_LOGON_TYPE, PVOID, PVOID, ULONG, PVOID *, PULONG, PLUID, PNTSTATUS, 336 PLSA_TOKEN_INFORMATION_TYPE, PVOID *, PUNICODE_STRING *, PUNICODE_STRING *, 337 PUNICODE_STRING *); 338 typedef NTSTATUS (NTAPI *PLSA_AP_LOGON_USER_EX2)(PLSA_CLIENT_REQUEST, 339 SECURITY_LOGON_TYPE, PVOID, PVOID, ULONG, PVOID *, PULONG, PLUID, PNTSTATUS, 340 PLSA_TOKEN_INFORMATION_TYPE, PVOID *, PUNICODE_STRING *, PUNICODE_STRING *, 341 PUNICODE_STRING *, PSECPKG_PRIMARY_CRED, PSECPKG_SUPPLEMENTAL_CRED_ARRAY *); 342 typedef NTSTATUS (SpInitializeFn)(ULONG_PTR, PSECPKG_PARAMETERS, 343 PLSA_SECPKG_FUNCTION_TABLE); 344 typedef NTSTATUS (NTAPI SpShutDownFn)(void); 345 typedef NTSTATUS (NTAPI SpGetInfoFn)(PSecPkgInfoW); 346 typedef NTSTATUS (NTAPI SpAcceptCredentialsFn)(SECURITY_LOGON_TYPE, 347 PUNICODE_STRING, PSECPKG_PRIMARY_CRED, PSECPKG_SUPPLEMENTAL_CRED); 348 typedef NTSTATUS (NTAPI SpAcquireCredentialsHandleFn)(PUNICODE_STRING, ULONG, 349 PLUID, PVOID, PVOID, PVOID, PLSA_SEC_HANDLE, PTimeStamp); 350 typedef NTSTATUS (NTAPI SpQueryCredentialsAttributesFn)(LSA_SEC_HANDLE, ULONG, 351 PVOID); 352 typedef NTSTATUS (NTAPI SpFreeCredentialsHandleFn)(LSA_SEC_HANDLE); 353 typedef NTSTATUS (NTAPI SpSaveCredentialsFn)(LSA_SEC_HANDLE, PSecBuffer); 354 typedef NTSTATUS (NTAPI SpGetCredentialsFn)(LSA_SEC_HANDLE, PSecBuffer); 355 typedef NTSTATUS (NTAPI SpDeleteCredentialsFn)(LSA_SEC_HANDLE, PSecBuffer); 356 typedef NTSTATUS (NTAPI SpInitLsaModeContextFn)(LSA_SEC_HANDLE, LSA_SEC_HANDLE, 357 PUNICODE_STRING, ULONG, ULONG, PSecBufferDesc, PLSA_SEC_HANDLE, PSecBufferDesc, 358 PULONG, PTimeStamp, PBOOLEAN, PSecBuffer); 359 typedef NTSTATUS (NTAPI SpAcceptLsaModeContextFn)(LSA_SEC_HANDLE, 360 LSA_SEC_HANDLE, PSecBufferDesc, ULONG, ULONG, PLSA_SEC_HANDLE, PSecBufferDesc, 361 PULONG, PTimeStamp, PBOOLEAN, PSecBuffer); 362 typedef NTSTATUS (NTAPI SpDeleteContextFn)(LSA_SEC_HANDLE); 363 typedef NTSTATUS (NTAPI SpApplyControlTokenFn)(LSA_SEC_HANDLE, PSecBufferDesc); 364 typedef NTSTATUS (NTAPI SpGetUserInfoFn)(PLUID, ULONG, PSecurityUserData *); 365 typedef NTSTATUS (NTAPI SpGetExtendedInformationFn)( 366 SECPKG_EXTENDED_INFORMATION_CLASS, PSECPKG_EXTENDED_INFORMATION *); 367 typedef NTSTATUS (NTAPI SpQueryContextAttributesFn)(LSA_SEC_HANDLE, ULONG, 368 PVOID); 369 typedef NTSTATUS (NTAPI SpAddCredentialsFn)(LSA_SEC_HANDLE, PUNICODE_STRING, 370 PUNICODE_STRING, ULONG, PVOID, PVOID, PVOID, PTimeStamp); 371 typedef NTSTATUS (NTAPI SpSetExtendedInformationFn)( 372 SECPKG_EXTENDED_INFORMATION_CLASS, PSECPKG_EXTENDED_INFORMATION); 373 typedef NTSTATUS (NTAPI SpInstanceInitFn)(ULONG, PSECPKG_DLL_FUNCTIONS, 374 PVOID *); 375 typedef NTSTATUS (NTAPI SpInitUserModeContextFn)(LSA_SEC_HANDLE, PSecBuffer); 376 typedef NTSTATUS (NTAPI SpMakeSignatureFn)(LSA_SEC_HANDLE, ULONG, 377 PSecBufferDesc, ULONG); 378 typedef NTSTATUS (NTAPI SpVerifySignatureFn)(LSA_SEC_HANDLE, PSecBufferDesc, 379 ULONG, PULONG); 380 typedef NTSTATUS (NTAPI SpSealMessageFn)(LSA_SEC_HANDLE, ULONG, PSecBufferDesc, 381 ULONG); 382 typedef NTSTATUS (NTAPI SpUnsealMessageFn)(LSA_SEC_HANDLE, PSecBufferDesc, 383 ULONG, PULONG); 384 typedef NTSTATUS (NTAPI SpGetContextTokenFn)(LSA_SEC_HANDLE, PHANDLE); 385 typedef NTSTATUS (NTAPI SpCompleteAuthTokenFn)(LSA_SEC_HANDLE, PSecBufferDesc); 386 typedef NTSTATUS (NTAPI SpFormatCredentialsFn)(PSecBuffer, PSecBuffer); 387 typedef NTSTATUS (NTAPI SpMarshallSupplementalCredsFn)(ULONG, PUCHAR, PULONG, 388 PVOID *); 389 typedef NTSTATUS (NTAPI SpExportSecurityContextFn)(LSA_SEC_HANDLE, ULONG, 390 PSecBuffer, PHANDLE); 391 typedef NTSTATUS (NTAPI SpImportSecurityContextFn)(PSecBuffer, HANDLE, 392 PLSA_SEC_HANDLE); 393 394 /* Dispatch tables of functions implemented by SSP/AP */ 395 typedef struct SECPKG_FUNCTION_TABLE { 396 PLSA_AP_INITIALIZE_PACKAGE InitializePackage; 397 PLSA_AP_LOGON_USER LogonUser; 398 PLSA_AP_CALL_PACKAGE CallPackage; 399 PLSA_AP_LOGON_TERMINATED LogonTerminated; 400 PLSA_AP_CALL_PACKAGE_UNTRUSTED CallPackageUntrusted; 401 PLSA_AP_CALL_PACKAGE_PASSTHROUGH CallPackagePassthrough; 402 PLSA_AP_LOGON_USER_EX LogonUserEx; 403 PLSA_AP_LOGON_USER_EX2 LogonUserEx2; 404 SpInitializeFn *Initialize; 405 SpShutDownFn *Shutdown; 406 SpGetInfoFn *GetInfo; 407 SpAcceptCredentialsFn *AcceptCredentials; 408 SpAcquireCredentialsHandleFn *AcquireCredentialsHandle; 409 SpQueryCredentialsAttributesFn *QueryCredentialsAttributes; 410 SpFreeCredentialsHandleFn *FreeCredentialsHandle; 411 SpSaveCredentialsFn *SaveCredentials; 412 SpGetCredentialsFn *GetCredentials; 413 SpDeleteCredentialsFn *DeleteCredentials; 414 SpInitLsaModeContextFn *InitLsaModeContext; 415 SpAcceptLsaModeContextFn *AcceptLsaModeContext; 416 SpDeleteContextFn *DeleteContext; 417 SpApplyControlTokenFn *ApplyControlToken; 418 SpGetUserInfoFn *GetUserInfo; 419 SpGetExtendedInformationFn *GetExtendedInformation; 420 SpQueryContextAttributesFn *QueryContextAttributes; 421 SpAddCredentialsFn *AddCredentials; 422 SpSetExtendedInformationFn *SetExtendedInformation; 423 } SECPKG_FUNCTION_TABLE, 424 *PSECPKG_FUNCTION_TABLE; 425 426 typedef struct SECPKG_USER_FUNCTION_TABLE { 427 SpInstanceInitFn *InstanceInit; 428 SpInitUserModeContextFn *InitUserModeContext; 429 SpMakeSignatureFn *MakeSignature; 430 SpVerifySignatureFn *VerifySignature; 431 SpSealMessageFn *SealMessage; 432 SpUnsealMessageFn *UnsealMessage; 433 SpGetContextTokenFn *GetContextToken; 434 SpQueryContextAttributesFn *QueryContextAttributes; 435 SpCompleteAuthTokenFn *CompleteAuthToken; 436 SpDeleteContextFn *DeleteUserModeContext; 437 SpFormatCredentialsFn *FormatCredentials; 438 SpMarshallSupplementalCredsFn *MarshallSupplementalCreds; 439 SpExportSecurityContextFn *ExportContext; 440 SpImportSecurityContextFn *ImportContext; 441 } SECPKG_USER_FUNCTION_TABLE, 442 *PSECPKG_USER_FUNCTION_TABLE; 443 444 /* Entry points to SSP/AP */ 445 typedef NTSTATUS (NTAPI *SpLsaModeInitializeFn)(ULONG, PULONG, 446 PSECPKG_FUNCTION_TABLE *, PULONG); 447 typedef NTSTATUS (WINAPI *SpUserModeInitializeFn)(ULONG, PULONG, 448 PSECPKG_USER_FUNCTION_TABLE *, PULONG); 449 450 #ifdef __cplusplus 451 } 452 #endif 453 454 #endif /* _NTSECPKG_H */ 455