Headers diff for secur32.dll between 5.2.3790.3959-Windows 5.0 and 6.0.6002.18005-Windows 6.0 versions



 ntsecapi.h (5.2.3790.3959-Windows 5.0)   ntsecapi.h (6.0.6002.18005-Windows 6.0) 
skipping to change at line 17 skipping to change at line 17
ntsecapi.h ntsecapi.h
Abstract: Abstract:
This module defines the Local Security Authority APIs. This module defines the Local Security Authority APIs.
Revision History: Revision History:
--*/ --*/
//
// All the subcategories are named as <Audit_CategoryName_SubCategoryName>
//
#ifdef DEFINE_GUID
/* 0cce9210-69ae-11d9-bed3-505054503030 */
#if !defined(INITGUID) || !defined(Audit_System_SecurityStateChange_defined)
DEFINE_GUID(
Audit_System_SecurityStateChange,
0x0cce9210,
0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30
);
#ifdef INITGUID
#define Audit_System_SecurityStateChange_defined
#endif
#endif
/* 0cce9211-69ae-11d9-bed3-505054503030 */
#if !defined(INITGUID) || !defined(Audit_System_SecuritySubsystemExtension_defin
ed)
DEFINE_GUID(
Audit_System_SecuritySubsystemExtension,
0x0cce9211,
0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30
);
#ifdef INITGUID
#define Audit_System_SecuritySubsystemExtension_defined
#endif
#endif
/* 0cce9212-69ae-11d9-bed3-505054503030 */
#if !defined(INITGUID) || !defined(Audit_System_Integrity_defined)
DEFINE_GUID(
Audit_System_Integrity,
0x0cce9212,
0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30
);
#ifdef INITGUID
#define Audit_System_Integrity_defined
#endif
#endif
/* 0cce9213-69ae-11d9-bed3-505054503030 */
#if !defined(INITGUID) || !defined(Audit_System_IPSecDriverEvents_defined)
DEFINE_GUID(
Audit_System_IPSecDriverEvents,
0x0cce9213,
0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30
);
#ifdef INITGUID
#define Audit_System_IPSecDriverEvents_defined
#endif
#endif
/* 0cce9214-69ae-11d9-bed3-505054503030 */
#if !defined(INITGUID) || !defined(Audit_System_Others_defined)
DEFINE_GUID(
Audit_System_Others,
0x0cce9214,
0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30
);
#ifdef INITGUID
#define Audit_System_Others_defined
#endif
#endif
/* 0cce9215-69ae-11d9-bed3-505054503030 */
#if !defined(INITGUID) || !defined(Audit_Logon_Logon_defined)
DEFINE_GUID(
Audit_Logon_Logon,
0x0cce9215,
0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30
);
#ifdef INITGUID
#define Audit_Logon_Logon_defined
#endif
#endif
/* 0cce9216-69ae-11d9-bed3-505054503030 */
#if !defined(INITGUID) || !defined(Audit_Logon_Logoff_defined)
DEFINE_GUID(
Audit_Logon_Logoff,
0x0cce9216,
0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30
);
#ifdef INITGUID
#define Audit_Logon_Logoff_defined
#endif
#endif
/* 0cce9217-69ae-11d9-bed3-505054503030 */
#if !defined(INITGUID) || !defined(Audit_Logon_AccountLockout_defined)
DEFINE_GUID(
Audit_Logon_AccountLockout,
0x0cce9217,
0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30
);
#ifdef INITGUID
#define Audit_Logon_AccountLockout_defined
#endif
#endif
/* 0cce9218-69ae-11d9-bed3-505054503030 */
#if !defined(INITGUID) || !defined(Audit_Logon_IPSecMainMode_defined)
DEFINE_GUID(
Audit_Logon_IPSecMainMode,
0x0cce9218,
0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30
);
#ifdef INITGUID
#define Audit_Logon_IPSecMainMode_defined
#endif
#endif
/* 0cce9219-69ae-11d9-bed3-505054503030 */
#if !defined(INITGUID) || !defined(Audit_Logon_IPSecQuickMode_defined)
DEFINE_GUID(
Audit_Logon_IPSecQuickMode,
0x0cce9219,
0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30
);
#ifdef INITGUID
#define Audit_Logon_IPSecQuickMode_defined
#endif
#endif
/* 0cce921a-69ae-11d9-bed3-505054503030 */
#if !defined(INITGUID) || !defined(Audit_Logon_IPSecUserMode_defined)
DEFINE_GUID(
Audit_Logon_IPSecUserMode,
0x0cce921a,
0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30
);
#ifdef INITGUID
#define Audit_Logon_IPSecUserMode_defined
#endif
#endif
/* 0cce921b-69ae-11d9-bed3-505054503030 */
#if !defined(INITGUID) || !defined(Audit_Logon_SpecialLogon_defined)
DEFINE_GUID(
Audit_Logon_SpecialLogon,
0x0cce921b,
0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30
);
#ifdef INITGUID
#define Audit_Logon_SpecialLogon_defined
#endif
#endif
/* 0cce921c-69ae-11d9-bed3-505054503030 */
#if !defined(INITGUID) || !defined(Audit_Logon_Others_defined)
DEFINE_GUID(
Audit_Logon_Others,
0x0cce921c,
0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30
);
#ifdef INITGUID
#define Audit_Logon_Others_defined
#endif
#endif
/* 0cce921d-69ae-11d9-bed3-505054503030 */
#if !defined(INITGUID) || !defined(Audit_ObjectAccess_FileSystem_defined)
DEFINE_GUID(
Audit_ObjectAccess_FileSystem,
0x0cce921d,
0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30
);
#ifdef INITGUID
#define Audit_ObjectAccess_FileSystem_defined
#endif
#endif
/* 0cce921e-69ae-11d9-bed3-505054503030 */
#if !defined(INITGUID) || !defined(Audit_ObjectAccess_Registry_defined)
DEFINE_GUID(
Audit_ObjectAccess_Registry,
0x0cce921e,
0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30
);
#ifdef INITGUID
#define Audit_ObjectAccess_Registry_defined
#endif
#endif
/* 0cce921f-69ae-11d9-bed3-505054503030 */
#if !defined(INITGUID) || !defined(Audit_ObjectAccess_Kernel_defined)
DEFINE_GUID(
Audit_ObjectAccess_Kernel,
0x0cce921f,
0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30
);
#ifdef INITGUID
#define Audit_ObjectAccess_Kernel_defined
#endif
#endif
/* 0cce9220-69ae-11d9-bed3-505054503030 */
#if !defined(INITGUID) || !defined(Audit_ObjectAccess_Sam_defined)
DEFINE_GUID(
Audit_ObjectAccess_Sam,
0x0cce9220,
0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30
);
#ifdef INITGUID
#define Audit_ObjectAccess_Sam_defined
#endif
#endif
/* 0cce9221-69ae-11d9-bed3-505054503030 */
#if !defined(INITGUID) || !defined(Audit_ObjectAccess_CertificationServices_defi
ned)
DEFINE_GUID(
Audit_ObjectAccess_CertificationServices,
0x0cce9221,
0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30
);
#ifdef INITGUID
#define Audit_ObjectAccess_CertificationServices_defined
#endif
#endif
/* 0cce9222-69ae-11d9-bed3-505054503030 */
#if !defined(INITGUID) || !defined(Audit_ObjectAccess_ApplicationGenerated_defin
ed)
DEFINE_GUID(
Audit_ObjectAccess_ApplicationGenerated,
0x0cce9222,
0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30
);
#ifdef INITGUID
#define Audit_ObjectAccess_ApplicationGenerated_defined
#endif
#endif
/*
The Audit_ObjectAccess_Handle sub-category behaves different from the other sub-
categories.
For handle based audits to be generated (Open handle AuditId: 0x1230, Close hand
le AuditId:
0x1232), the corresponding object sub-category AND Audit_ObjectAccess_Handle mus
t be
enabled. For eg, to generate handle based audits for Reg keys, both
Audit_ObjectAccess_Registry and Audit_ObjectAccess_Handle must be enabled
*/
/* 0cce9223-69ae-11d9-bed3-505054503030 */
#if !defined(INITGUID) || !defined(Audit_ObjectAccess_Handle_defined)
DEFINE_GUID(
Audit_ObjectAccess_Handle,
0x0cce9223,
0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30
);
#ifdef INITGUID
#define Audit_ObjectAccess_Handle_defined
#endif
#endif
/* 0cce9224-69ae-11d9-bed3-505054503030 */
#if !defined(INITGUID) || !defined(Audit_ObjectAccess_Share_defined)
DEFINE_GUID(
Audit_ObjectAccess_Share,
0x0cce9224,
0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30
);
#ifdef INITGUID
#define Audit_ObjectAccess_Share_defined
#endif
#endif
/* 0cce9225-69ae-11d9-bed3-505054503030 */
#if !defined(INITGUID) || !defined(Audit_ObjectAccess_FirewallPacketDrops_define
d)
DEFINE_GUID(
Audit_ObjectAccess_FirewallPacketDrops,
0x0cce9225,
0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30
);
#ifdef INITGUID
#define Audit_ObjectAccess_FirewallPacketDrops_defined
#endif
#endif
/* 0cce9226-69ae-11d9-bed3-505054503030 */
#if !defined(INITGUID) || !defined(Audit_ObjectAccess_FirewallConnection_defined
)
DEFINE_GUID(
Audit_ObjectAccess_FirewallConnection,
0x0cce9226,
0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30
);
#ifdef INITGUID
#define Audit_ObjectAccess_FirewallConnection_defined
#endif
#endif
/* 0cce9227-69ae-11d9-bed3-505054503030 */
#if !defined(INITGUID) || !defined(Audit_ObjectAccess_Other_defined)
DEFINE_GUID(
Audit_ObjectAccess_Other,
0x0cce9227,
0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30
);
#ifdef INITGUID
#define Audit_ObjectAccess_Other_defined
#endif
#endif
/* 0cce9228-69ae-11d9-bed3-505054503030 */
#if !defined(INITGUID) || !defined(Audit_PrivilegeUse_Sensitive_defined)
DEFINE_GUID(
Audit_PrivilegeUse_Sensitive,
0x0cce9228,
0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30
);
#ifdef INITGUID
#define Audit_PrivilegeUse_Sensitive_defined
#endif
#endif
/* 0cce9229-69ae-11d9-bed3-505054503030 */
#if !defined(INITGUID) || !defined(Audit_PrivilegeUse_NonSensitive_defined)
DEFINE_GUID(
Audit_PrivilegeUse_NonSensitive,
0x0cce9229,
0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30
);
#ifdef INITGUID
#define Audit_PrivilegeUse_NonSensitive_defined
#endif
#endif
/* 0cce922a-69ae-11d9-bed3-505054503030 */
#if !defined(INITGUID) || !defined(Audit_PrivilegeUse_Others_defined)
DEFINE_GUID(
Audit_PrivilegeUse_Others,
0x0cce922a,
0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30
);
#ifdef INITGUID
#define Audit_PrivilegeUse_Others_defined
#endif
#endif
/* 0cce922b-69ae-11d9-bed3-505054503030 */
#if !defined(INITGUID) || !defined(Audit_DetailedTracking_ProcessCreation_define
d)
DEFINE_GUID(
Audit_DetailedTracking_ProcessCreation,
0x0cce922b,
0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30
);
#ifdef INITGUID
#define Audit_DetailedTracking_ProcessCreation_defined
#endif
#endif
/* 0cce922c-69ae-11d9-bed3-505054503030 */
#if !defined(INITGUID) || !defined(Audit_DetailedTracking_ProcessTermination_def
ined)
DEFINE_GUID(
Audit_DetailedTracking_ProcessTermination,
0x0cce922c,
0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30
);
#ifdef INITGUID
#define Audit_DetailedTracking_ProcessTermination_defined
#endif
#endif
/* 0cce922d-69ae-11d9-bed3-505054503030 */
#if !defined(INITGUID) || !defined(Audit_DetailedTracking_DpapiActivity_defined)
DEFINE_GUID(
Audit_DetailedTracking_DpapiActivity,
0x0cce922d,
0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30
);
#ifdef INITGUID
#define Audit_DetailedTracking_DpapiActivity_defined
#endif
#endif
/* 0cce922e-69ae-11d9-bed3-505054503030 */
#if !defined(INITGUID) || !defined(Audit_DetailedTracking_RpcCall_defined)
DEFINE_GUID(
Audit_DetailedTracking_RpcCall,
0x0cce922e,
0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30
);
#ifdef INITGUID
#define Audit_DetailedTracking_RpcCall_defined
#endif
#endif
/* 0cce922f-69ae-11d9-bed3-505054503030 */
#if !defined(INITGUID) || !defined(Audit_PolicyChange_AuditPolicy_defined)
DEFINE_GUID(
Audit_PolicyChange_AuditPolicy,
0x0cce922f,
0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30
);
#ifdef INITGUID
#define Audit_PolicyChange_AuditPolicy_defined
#endif
#endif
/* 0cce9230-69ae-11d9-bed3-505054503030 */
#if !defined(INITGUID) || !defined(Audit_PolicyChange_AuthenticationPolicy_defin
ed)
DEFINE_GUID(
Audit_PolicyChange_AuthenticationPolicy,
0x0cce9230,
0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30
);
#ifdef INITGUID
#define Audit_PolicyChange_AuthenticationPolicy_defined
#endif
#endif
/* 0cce9231-69ae-11d9-bed3-505054503030 */
#if !defined(INITGUID) || !defined(Audit_PolicyChange_AuthorizationPolicy_define
d)
DEFINE_GUID(
Audit_PolicyChange_AuthorizationPolicy,
0x0cce9231,
0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30
);
#ifdef INITGUID
#define Audit_PolicyChange_AuthorizationPolicy_defined
#endif
#endif
/* 0cce9232-69ae-11d9-bed3-505054503030 */
#if !defined(INITGUID) || !defined(Audit_PolicyChange_MpsscvRulePolicy_defined)
DEFINE_GUID(
Audit_PolicyChange_MpsscvRulePolicy,
0x0cce9232,
0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30
);
#ifdef INITGUID
#define Audit_PolicyChange_MpsscvRulePolicy_defined
#endif
#endif
/* 0cce9233-69ae-11d9-bed3-505054503030 */
#if !defined(INITGUID) || !defined(Audit_PolicyChange_WfpIPSecPolicy_defined)
DEFINE_GUID(
Audit_PolicyChange_WfpIPSecPolicy,
0x0cce9233,
0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30
);
#ifdef INITGUID
#define Audit_PolicyChange_WfpIPSecPolicy_defined
#endif
#endif
/* 0cce9234-69ae-11d9-bed3-505054503030 */
#if !defined(INITGUID) || !defined(Audit_PolicyChange_Others_defined)
DEFINE_GUID(
Audit_PolicyChange_Others,
0x0cce9234,
0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30
);
#ifdef INITGUID
#define Audit_PolicyChange_Others_defined
#endif
#endif
/* 0cce9235-69ae-11d9-bed3-505054503030 */
#if !defined(INITGUID) || !defined(Audit_AccountManagement_UserAccount_defined)
DEFINE_GUID(
Audit_AccountManagement_UserAccount,
0x0cce9235,
0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30
);
#ifdef INITGUID
#define Audit_AccountManagement_UserAccount_defined
#endif
#endif
/* 0cce9236-69ae-11d9-bed3-505054503030 */
#if !defined(INITGUID) || !defined(Audit_AccountManagement_ComputerAccount_defin
ed)
DEFINE_GUID(
Audit_AccountManagement_ComputerAccount,
0x0cce9236,
0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30
);
#ifdef INITGUID
#define Audit_AccountManagement_ComputerAccount_defined
#endif
#endif
/* 0cce9237-69ae-11d9-bed3-505054503030 */
#if !defined(INITGUID) || !defined(Audit_AccountManagement_SecurityGroup_defined
)
DEFINE_GUID(
Audit_AccountManagement_SecurityGroup,
0x0cce9237,
0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30
);
#ifdef INITGUID
#define Audit_AccountManagement_SecurityGroup_defined
#endif
#endif
/* 0cce9238-69ae-11d9-bed3-505054503030 */
#if !defined(INITGUID) || !defined(Audit_AccountManagement_DistributionGroup_def
ined)
DEFINE_GUID(
Audit_AccountManagement_DistributionGroup,
0x0cce9238,
0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30
);
#ifdef INITGUID
#define Audit_AccountManagement_DistributionGroup_defined
#endif
#endif
/* 0cce9239-69ae-11d9-bed3-505054503030 */
#if !defined(INITGUID) || !defined(Audit_AccountManagement_ApplicationGroup_defi
ned)
DEFINE_GUID(
Audit_AccountManagement_ApplicationGroup,
0x0cce9239,
0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30
);
#ifdef INITGUID
#define Audit_AccountManagement_ApplicationGroup_defined
#endif
#endif
/* 0cce923a-69ae-11d9-bed3-505054503030 */
#if !defined(INITGUID) || !defined(Audit_AccountManagement_Others_defined)
DEFINE_GUID(
Audit_AccountManagement_Others,
0x0cce923a,
0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30
);
#ifdef INITGUID
#define Audit_AccountManagement_Others_defined
#endif
#endif
/* 0cce923b-69ae-11d9-bed3-505054503030 */
#if !defined(INITGUID) || !defined(Audit_DSAccess_DSAccess_defined)
DEFINE_GUID(
Audit_DSAccess_DSAccess,
0x0cce923b,
0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30
);
#ifdef INITGUID
#define Audit_DSAccess_DSAccess_defined
#endif
#endif
/* 0cce923c-69ae-11d9-bed3-505054503030 */
#if !defined(INITGUID) || !defined(Audit_DsAccess_AdAuditChanges_defined)
DEFINE_GUID(
Audit_DsAccess_AdAuditChanges,
0x0cce923c,
0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30
);
#ifdef INITGUID
#define Audit_DsAccess_AdAuditChanges_defined
#endif
#endif
/* 0cce923d-69ae-11d9-bed3-505054503030 */
#if !defined(INITGUID) || !defined(Audit_Ds_Replication_defined)
DEFINE_GUID(
Audit_Ds_Replication,
0x0cce923d,
0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30
);
#ifdef INITGUID
#define Audit_Ds_Replication_defined
#endif
#endif
/* 0cce923e-69ae-11d9-bed3-505054503030 */
#if !defined(INITGUID) || !defined(Audit_Ds_DetailedReplication_defined)
DEFINE_GUID(
Audit_Ds_DetailedReplication,
0x0cce923e,
0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30
);
#ifdef INITGUID
#define Audit_Ds_DetailedReplication_defined
#endif
#endif
/* 0cce923f-69ae-11d9-bed3-505054503030 */
#if !defined(INITGUID) || !defined(Audit_AccountLogon_CredentialValidation_defin
ed)
DEFINE_GUID(
Audit_AccountLogon_CredentialValidation,
0x0cce923f,
0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30
);
#ifdef INITGUID
#define Audit_AccountLogon_CredentialValidation_defined
#endif
#endif
/* 0cce9240-69ae-11d9-bed3-505054503030 */
#if !defined(INITGUID) || !defined(Audit_AccountLogon_Kerberos_defined)
DEFINE_GUID(
Audit_AccountLogon_Kerberos,
0x0cce9240,
0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30
);
#ifdef INITGUID
#define Audit_AccountLogon_Kerberos_defined
#endif
#endif
/* 0cce9241-69ae-11d9-bed3-505054503030 */
#if !defined(INITGUID) || !defined(Audit_AccountLogon_Others_defined)
DEFINE_GUID(
Audit_AccountLogon_Others,
0x0cce9241,
0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30
);
#ifdef INITGUID
#define Audit_AccountLogon_Others_defined
#endif
#endif
#endif // DEFINE_GUID
//
// All categories are named as <Audit_CategoryName>
//
#ifdef DEFINE_GUID
/* 69979848-797a-11d9-bed3-505054503030 */
#if !defined(INITGUID) || !defined(Audit_System_defined)
DEFINE_GUID(
Audit_System,
0x69979848,
0x797a, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30
);
#ifdef INITGUID
#define Audit_System_defined
#endif
#endif
/* 69979849-797a-11d9-bed3-505054503030 */
#if !defined(INITGUID) || !defined(Audit_Logon_defined)
DEFINE_GUID(
Audit_Logon,
0x69979849,
0x797a, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30
);
#ifdef INITGUID
#define Audit_Logon_defined
#endif
#endif
/* 6997984a-797a-11d9-bed3-505054503030 */
#if !defined(INITGUID) || !defined(Audit_ObjectAccess_defined)
DEFINE_GUID(
Audit_ObjectAccess,
0x6997984a,
0x797a, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30
);
#ifdef INITGUID
#define Audit_ObjectAccess_defined
#endif
#endif
/* 6997984b-797a-11d9-bed3-505054503030 */
#if !defined(INITGUID) || !defined(Audit_PrivilegeUse_defined)
DEFINE_GUID(
Audit_PrivilegeUse,
0x6997984b,
0x797a, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30
);
#ifdef INITGUID
#define Audit_PrivilegeUse_defined
#endif
#endif
/* 6997984c-797a-11d9-bed3-505054503030 */
#if !defined(INITGUID) || !defined(Audit_DetailedTracking_defined)
DEFINE_GUID(
Audit_DetailedTracking,
0x6997984c,
0x797a, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30
);
#ifdef INITGUID
#define Audit_DetailedTracking_defined
#endif
#endif
/* 6997984d-797a-11d9-bed3-505054503030 */
#if !defined(INITGUID) || !defined(Audit_PolicyChange_defined)
DEFINE_GUID(
Audit_PolicyChange,
0x6997984d,
0x797a, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30
);
#ifdef INITGUID
#define Audit_PolicyChange_defined
#endif
#endif
/* 6997984e-797a-11d9-bed3-505054503030 */
#if !defined(INITGUID) || !defined(Audit_AccountManagement_defined)
DEFINE_GUID(
Audit_AccountManagement,
0x6997984e,
0x797a, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30
);
#ifdef INITGUID
#define Audit_AccountManagement_defined
#endif
#endif
/* 6997984f-797a-11d9-bed3-505054503030 */
#if !defined(INITGUID) || !defined(Audit_DirectoryServiceAccess_defined)
DEFINE_GUID(
Audit_DirectoryServiceAccess,
0x6997984f,
0x797a, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30
);
#ifdef INITGUID
#define Audit_DirectoryServiceAccess_defined
#endif
#endif
/* 69979850-797a-11d9-bed3-505054503030 */
#if !defined(INITGUID) || !defined(Audit_AccountLogon_defined)
DEFINE_GUID(
Audit_AccountLogon,
0x69979850,
0x797a, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30
);
#ifdef INITGUID
#define Audit_AccountLogon_defined
#endif
#endif
#endif // DEFINE_GUID
#ifndef _NTSECAPI_ #ifndef _NTSECAPI_
#define _NTSECAPI_ #define _NTSECAPI_
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
#ifndef _NTDEF_ #ifndef _NTDEF_
typedef LONG NTSTATUS, *PNTSTATUS; typedef LONG NTSTATUS, *PNTSTATUS;
#endif #endif
skipping to change at line 89 skipping to change at line 821
#define LSA_MODE_LOG_FULL (0x00000008L) #define LSA_MODE_LOG_FULL (0x00000008L)
#ifndef _NTLSA_IFS_ #ifndef _NTLSA_IFS_
// begin_ntifs // begin_ntifs
// //
// Used by a logon process to indicate what type of logon is being // Used by a logon process to indicate what type of logon is being
// requested. // requested.
// //
typedef enum _SECURITY_LOGON_TYPE { typedef enum _SECURITY_LOGON_TYPE {
Interactive = 2, // Interactively logged on (locally or remotely) UndefinedLogonType = 0, // This is used to specify an undefied logon type
Network, // Accessing system via network Interactive = 2, // Interactively logged on (locally or remotely)
Batch, // Started via a batch queue Network, // Accessing system via network
Service, // Service started by service controller Batch, // Started via a batch queue
Proxy, // Proxy logon Service, // Service started by service controller
Unlock, // Unlock workstation Proxy, // Proxy logon
NetworkCleartext, // Network logon with cleartext credentials Unlock, // Unlock workstation
NewCredentials, // Clone caller, new default credentials NetworkCleartext, // Network logon with cleartext credentials
NewCredentials, // Clone caller, new default credentials
//The types below only exist in Windows XP and greater
#if (_WIN32_WINNT >= 0x0501)
RemoteInteractive, // Remote, yet interactive. Terminal server RemoteInteractive, // Remote, yet interactive. Terminal server
CachedInteractive, // Try cached credentials without hitting the net. CachedInteractive, // Try cached credentials without hitting the net.
// The types below only exist in Windows Server 2003 and greater
#endif
#if (_WIN32_WINNT >= 0x0502)
CachedRemoteInteractive, // Same as RemoteInteractive, this is used internal ly for auditing purpose CachedRemoteInteractive, // Same as RemoteInteractive, this is used internal ly for auditing purpose
CachedUnlock // Cached Unlock workstation CachedUnlock // Cached Unlock workstation
#endif
} SECURITY_LOGON_TYPE, *PSECURITY_LOGON_TYPE; } SECURITY_LOGON_TYPE, *PSECURITY_LOGON_TYPE;
// end_ntifs // end_ntifs
#endif // _NTLSA_IFS_ #endif // _NTLSA_IFS_
#ifndef _NTLSA_IFS_ #ifndef _NTLSA_IFS_
// begin_ntifs // begin_ntifs
//
// All of this stuff (between the Ifndef _NTLSA_AUDIT_ and its endif) were not
// present in NTIFS prior to Windows Server 2003 SP1. All of the definitions how
ever
// exist down to windows 2000 (except for the few exceptions noted in the code).
//
#ifndef _NTLSA_AUDIT_ #ifndef _NTLSA_AUDIT_
#define _NTLSA_AUDIT_ #define _NTLSA_AUDIT_
///////////////////////////////////////////////////////////////////////// /////////////////////////////////////////////////////////////////////////
// // // //
// Data types related to Auditing // // Data types related to Auditing //
// // // //
///////////////////////////////////////////////////////////////////////// /////////////////////////////////////////////////////////////////////////
// //
skipping to change at line 191 skipping to change at line 936
SeAdtParmTypeSid, //Produces 1 parameter. SeAdtParmTypeSid, //Produces 1 parameter.
//Received value: //Received value:
// //
// SID (variable length) // SID (variable length)
// //
//Results in: //Results in:
// //
// String representation of SID // String representation of SID
// //
SeAdtParmTypeLogonId, //Produces 3 parameters. SeAdtParmTypeLogonId, //Produces 4 parameters.
//Received Value: //Received Value:
// //
// LUID (fixed length) // LUID (fixed length)
// //
//Results in: //Results in:
// //
// param 1: Username string // param 1: Sid string
// param 2: domain name string // param 2: Username string
// param 3: Logon ID (Luid) string // param 3: domain name string
// param 4: Logon ID (Luid) string
SeAdtParmTypeNoLogonId, //Produces 3 parameters. SeAdtParmTypeNoLogonId, //Produces 3 parameters.
//Received value: //Received value:
// //
// None. // None.
// //
//Results in: //Results in:
// //
// param 1: "-" // param 1: "-"
// param 2: "-" // param 2: "-"
// param 3: "-" // param 3: "-"
// param 4: "-"
// //
//Note: //Note:
// //
// This type is used when a logon ID // This type is used when a logon ID
// is needed, but one is not available // is needed, but one is not available
// to pass. For example, if an // to pass. For example, if an
// impersonation logon ID is expected // impersonation logon ID is expected
// but the subject is not impersonating // but the subject is not impersonating
// anyone. // anyone.
// //
skipping to change at line 256 skipping to change at line 1003
// %%1062\n\t\t%1066\n\t\t%%601 // %%1062\n\t\t%1066\n\t\t%%601
// //
// The %%numbers are signals to the // The %%numbers are signals to the
// event viewer to perform parameter // event viewer to perform parameter
// substitution before display. // substitution before display.
// //
SeAdtParmTypePrivs, //Produces 1 parameter with formatting. SeAdtParmTypePrivs, //Produces 1 parameter with formatting.
//Received value: //Received value:
// //
// ??? Check with RobertRe and ScottBi
//
//Results in: //Results in:
// //
// formatted unicode string similar to // formatted unicode string similar to
// that for access types. Each priv // that for access types. Each priv
// will be formatted to be displayed // will be formatted to be displayed
// on its own line. E.g., // on its own line. E.g.,
// //
// %%642\n\t\t%%651\n\t\t%%655 // %%642\n\t\t%%651\n\t\t%%655
// //
skipping to change at line 285 skipping to change at line 1030
SeAdtParmTypeHexUlong, //Produces 1 parameter SeAdtParmTypeHexUlong, //Produces 1 parameter
//Received value: //Received value:
// //
// Ulong // Ulong
// //
//Results in: //Results in:
// //
// Unicode string representation of // Unicode string representation of
// unsigned integer value in hexadecimal. // unsigned integer value in hexadecimal.
// In W2k this value did not exist, it was ParmTypeLUID
SeAdtParmTypePtr, //Produces 1 parameter SeAdtParmTypePtr, //Produces 1 parameter
//Received value: //Received value:
// //
// pointer // pointer
// //
//Results in: //Results in:
// //
// Unicode string representation of // Unicode string representation of
// unsigned integer value in hexadecimal. // unsigned integer value in hexadecimal.
//
// Everything below exists only in Windows XP and greater
//
SeAdtParmTypeTime, //Produces 2 parameters SeAdtParmTypeTime, //Produces 2 parameters
//Received value: //Received value:
// //
// LARGE_INTEGER // LARGE_INTEGER
// //
//Results in: //Results in:
// //
// Unicode string representation of // Unicode string representation of
// date and time. // date and time.
skipping to change at line 317 skipping to change at line 1068
//Received value: //Received value:
// //
// GUID pointer // GUID pointer
// //
//Results in: //Results in:
// //
// Unicode string representation of GUID // Unicode string representation of GUID
// {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx} // {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx}
// //
//
// Everything below exists only in Windows Server 2003 and Greater
//
SeAdtParmTypeLuid, // SeAdtParmTypeLuid, //
//Produces 1 parameter //Produces 1 parameter
//Received value: //Received value:
// //
// LUID // LUID
// //
//Results in: //Results in:
// //
// Hex LUID // Hex LUID
// //
skipping to change at line 412 skipping to change at line 1167
SeAdtParmTypeDateTime, //Produces 1 Parameter SeAdtParmTypeDateTime, //Produces 1 Parameter
//Received value: //Received value:
// //
// LARGE_INTEGER // LARGE_INTEGER
// //
//Results in: //Results in:
// //
// Unicode string representation of // Unicode string representation of
// date and time (in _one_ string). // date and time (in _one_ string).
SeAdtParmTypeSockAddr // Produces 2 parameters SeAdtParmTypeSockAddr, // Produces 2 parameters
// //
// Received value: // Received value:
// //
// pointer to SOCKADDR_IN/SOCKADDR_IN6 // pointer to SOCKADDR_IN/SOCKADDR_IN6
// structure // structure
// //
// Results in: // Results in:
// //
// param 1: IP address string // param 1: IP address string
// param 2: Port number string // param 2: Port number string
// //
//
// Everything below this exists only in Longhorn and greater
//
SeAdtParmTypeSD, // Produces 1 parameters
//
// Received value:
//
// pointer to SECURITY_DESCRIPTOR
// structure
//
// Results in:
//
// SDDL string representation of SD
//
SeAdtParmTypeLogonHours, // Produces 1 parameters
//
// Received value:
//
// pointer to LOGON_HOURS
// structure
//
// Results in:
//
// String representation of allowed logon ho
urs
//
SeAdtParmTypeLogonIdNoSid, //Produces 3 parameters.
//Received Value:
//
// LUID (fixed length)
//
//Results in:
//
// param 1: Username string
// param 2: domain name string
// param 3: Logon ID (Luid) string
SeAdtParmTypeUlongNoConv, // Produces 1 parameter.
// Received Value:
// Ulong
//
//Results in:
// Not converted to string
//
SeAdtParmTypeSockAddrNoPort // Produces 1 parameter
//
// Received value:
//
// pointer to SOCKADDR_IN/SOCKADDR_IN6
// structure
//
// Results in:
//
// param 1: IPv4/IPv6 address string
//
} SE_ADT_PARAMETER_TYPE, *PSE_ADT_PARAMETER_TYPE; } SE_ADT_PARAMETER_TYPE, *PSE_ADT_PARAMETER_TYPE;
#ifndef GUID_DEFINED #ifndef GUID_DEFINED
#include <guiddef.h> #include <guiddef.h>
#endif /* GUID_DEFINED */ #endif /* GUID_DEFINED */
typedef struct _SE_ADT_OBJECT_TYPE { typedef struct _SE_ADT_OBJECT_TYPE {
GUID ObjectType; GUID ObjectType;
USHORT Flags; USHORT Flags;
#define SE_ADT_OBJECT_ONLY 0x1 #define SE_ADT_OBJECT_ONLY 0x1
skipping to change at line 462 skipping to change at line 1276
#define SE_MAX_AUDIT_PARAMETERS 32 #define SE_MAX_AUDIT_PARAMETERS 32
#define SE_MAX_GENERIC_AUDIT_PARAMETERS 28 #define SE_MAX_GENERIC_AUDIT_PARAMETERS 28
typedef struct _SE_ADT_PARAMETER_ARRAY { typedef struct _SE_ADT_PARAMETER_ARRAY {
ULONG CategoryId; ULONG CategoryId;
ULONG AuditId; ULONG AuditId;
ULONG ParameterCount; ULONG ParameterCount;
ULONG Length; ULONG Length;
USHORT FlatSubCategoryId;
USHORT Type; USHORT Type;
ULONG Flags; ULONG Flags;
SE_ADT_PARAMETER_ARRAY_ENTRY Parameters[ SE_MAX_AUDIT_PARAMETERS ]; SE_ADT_PARAMETER_ARRAY_ENTRY Parameters[ SE_MAX_AUDIT_PARAMETERS ];
} SE_ADT_PARAMETER_ARRAY, *PSE_ADT_PARAMETER_ARRAY; } SE_ADT_PARAMETER_ARRAY, *PSE_ADT_PARAMETER_ARRAY;
#define SE_ADT_PARAMETERS_SELF_RELATIVE 0x00000001 #define SE_ADT_PARAMETERS_SELF_RELATIVE 0x00000001
#define SE_ADT_PARAMETERS_SEND_TO_LSA 0x00000002
#define SE_ADT_PARAMETER_EXTENSIBLE_AUDIT 0x00000004
#define SE_ADT_PARAMETER_GENERIC_AUDIT 0x00000008
#define SE_ADT_PARAMETER_WRITE_SYNCHRONOUS 0x00000010
//
// This macro only existed in longhorn and after
//
#define LSAP_SE_ADT_PARAMETER_ARRAY_TRUE_SIZE(AuditParameters) \
( sizeof(SE_ADT_PARAMETER_ARRAY) - \
sizeof(SE_ADT_PARAMETER_ARRAY_ENTRY) * \
(SE_MAX_AUDIT_PARAMETERS - AuditParameters->ParameterCount) )
#endif // _NTLSA_AUDIT_ #endif // _NTLSA_AUDIT_
// end_ntifs // end_ntifs
#endif // _NTLSA_IFS_ #endif // _NTLSA_IFS_
// //
// Audit Event Categories // Audit Event Categories
// //
// The following are the built-in types or Categories of audit event. // The following are the built-in types or Categories of audit event.
// WARNING! This structure is subject to expansion. The user should not // WARNING! This structure is subject to expansion. The user should not
// compute the number of elements of this type directly, but instead // compute the number of elements of this type directly, but instead
// should obtain the count of elements by calling LsaQueryInformationPolicy() // should obtain the count of elements by calling LsaQueryInformationPolicy()
// for the PolicyAuditEventsInformation class and extracting the count from // for the PolicyAuditEventsInformation class and extracting the count from
// the MaximumAuditEventCount field of the returned structure. // the MaximumAuditEventCount field of the returned structure.
// //
typedef enum _POLICY_AUDIT_EVENT_TYPE { typedef enum _POLICY_AUDIT_EVENT_TYPE {
AuditCategorySystem, AuditCategorySystem = 0,
AuditCategoryLogon, AuditCategoryLogon,
AuditCategoryObjectAccess, AuditCategoryObjectAccess,
AuditCategoryPrivilegeUse, AuditCategoryPrivilegeUse,
AuditCategoryDetailedTracking, AuditCategoryDetailedTracking,
AuditCategoryPolicyChange, AuditCategoryPolicyChange,
AuditCategoryAccountManagement, AuditCategoryAccountManagement,
AuditCategoryDirectoryServiceAccess, AuditCategoryDirectoryServiceAccess,
AuditCategoryAccountLogon AuditCategoryAccountLogon
} POLICY_AUDIT_EVENT_TYPE, *PPOLICY_AUDIT_EVENT_TYPE; } POLICY_AUDIT_EVENT_TYPE, *PPOLICY_AUDIT_EVENT_TYPE;
skipping to change at line 590 skipping to change at line 1418
// begin_ntifs // begin_ntifs
NTSTATUS NTSTATUS
NTAPI NTAPI
LsaRegisterLogonProcess ( LsaRegisterLogonProcess (
__in PLSA_STRING LogonProcessName, __in PLSA_STRING LogonProcessName,
__out PHANDLE LsaHandle, __out PHANDLE LsaHandle,
__out PLSA_OPERATIONAL_MODE SecurityMode __out PLSA_OPERATIONAL_MODE SecurityMode
); );
//
// The function below did not exist in NTIFS before windows XP
// However, the function has always been there, so it is okay to use
// even on w2k
//
NTSTATUS NTSTATUS
NTAPI NTAPI
LsaLogonUser ( LsaLogonUser (
__in HANDLE LsaHandle, __in HANDLE LsaHandle,
__in PLSA_STRING OriginName, __in PLSA_STRING OriginName,
__in SECURITY_LOGON_TYPE LogonType, __in SECURITY_LOGON_TYPE LogonType,
__in ULONG AuthenticationPackage, __in ULONG AuthenticationPackage,
__in_bcount(AuthenticationInformationLength) PVOID AuthenticationInformation , __in_bcount(AuthenticationInformationLength) PVOID AuthenticationInformation ,
__in ULONG AuthenticationInformationLength, __in ULONG AuthenticationInformationLength,
__in_opt PTOKEN_GROUPS LocalGroups, __in_opt PTOKEN_GROUPS LocalGroups,
skipping to change at line 784 skipping to change at line 1618
// DomainIndex field. // DomainIndex field.
// //
// DomainIndex - Is the index of an entry in a related // DomainIndex - Is the index of an entry in a related
// LSA_REFERENCED_DOMAIN_LIST data structure describing the // LSA_REFERENCED_DOMAIN_LIST data structure describing the
// domain in which the account was found. // domain in which the account was found.
// //
// If there is no corresponding reference domain for an entry, then // If there is no corresponding reference domain for an entry, then
// this field will contain a negative value. // this field will contain a negative value.
// //
#if (_WIN32_WINNT >= 0x0501)
typedef struct _LSA_TRANSLATED_SID2 { typedef struct _LSA_TRANSLATED_SID2 {
SID_NAME_USE Use; SID_NAME_USE Use;
PSID Sid; PSID Sid;
LONG DomainIndex; LONG DomainIndex;
ULONG Flags; ULONG Flags;
} LSA_TRANSLATED_SID2, *PLSA_TRANSLATED_SID2; } LSA_TRANSLATED_SID2, *PLSA_TRANSLATED_SID2;
// where members have the following usage: // where members have the following usage:
skipping to change at line 808 skipping to change at line 1643
// //
// Sid - Contains the complete Sid of the tranlated SID // Sid - Contains the complete Sid of the tranlated SID
// //
// DomainIndex - Is the index of an entry in a related // DomainIndex - Is the index of an entry in a related
// LSA_REFERENCED_DOMAIN_LIST data structure describing the // LSA_REFERENCED_DOMAIN_LIST data structure describing the
// domain in which the account was found. // domain in which the account was found.
// //
// If there is no corresponding reference domain for an entry, then // If there is no corresponding reference domain for an entry, then
// this field will contain a negative value. // this field will contain a negative value.
// //
#endif
// //
// The following data type is used in SID to name lookup services to // The following data type is used in SID to name lookup services to
// describe the domains referenced in the lookup operation. // describe the domains referenced in the lookup operation.
// //
typedef struct _LSA_TRANSLATED_NAME { typedef struct _LSA_TRANSLATED_NAME {
SID_NAME_USE Use; SID_NAME_USE Use;
LSA_UNICODE_STRING Name; LSA_UNICODE_STRING Name;
skipping to change at line 851 skipping to change at line 1687
// server (primary or backup). // server (primary or backup).
// //
typedef enum _POLICY_LSA_SERVER_ROLE { typedef enum _POLICY_LSA_SERVER_ROLE {
PolicyServerRoleBackup = 2, PolicyServerRoleBackup = 2,
PolicyServerRolePrimary PolicyServerRolePrimary
} POLICY_LSA_SERVER_ROLE, *PPOLICY_LSA_SERVER_ROLE; } POLICY_LSA_SERVER_ROLE, *PPOLICY_LSA_SERVER_ROLE;
#if (_WIN32_WINNT < 0x0502)
//
// The following data type is used to represent the state of the LSA
// server (enabled or disabled). Some operations may only be performed on
// an enabled LSA server.
//
typedef enum _POLICY_SERVER_ENABLE_STATE {
PolicyServerEnabled = 2,
PolicyServerDisabled
} POLICY_SERVER_ENABLE_STATE, *PPOLICY_SERVER_ENABLE_STATE;
#endif
// //
// The following data type is used to specify the auditing options for // The following data type is used to specify the auditing options for
// an Audit Event Type. // an Audit Event Type.
// //
typedef ULONG POLICY_AUDIT_EVENT_OPTIONS, *PPOLICY_AUDIT_EVENT_OPTIONS; typedef ULONG POLICY_AUDIT_EVENT_OPTIONS, *PPOLICY_AUDIT_EVENT_OPTIONS;
// where the following flags can be set: // where the following flags can be set:
// //
// POLICY_AUDIT_EVENT_UNCHANGED - Leave existing auditing options // POLICY_AUDIT_EVENT_UNCHANGED - Leave existing auditing options
skipping to change at line 895 skipping to change at line 1746
PolicyPrimaryDomainInformation, PolicyPrimaryDomainInformation,
PolicyPdAccountInformation, PolicyPdAccountInformation,
PolicyAccountDomainInformation, PolicyAccountDomainInformation,
PolicyLsaServerRoleInformation, PolicyLsaServerRoleInformation,
PolicyReplicaSourceInformation, PolicyReplicaSourceInformation,
PolicyDefaultQuotaInformation, PolicyDefaultQuotaInformation,
PolicyModificationInformation, PolicyModificationInformation,
PolicyAuditFullSetInformation, PolicyAuditFullSetInformation,
PolicyAuditFullQueryInformation, PolicyAuditFullQueryInformation,
PolicyDnsDomainInformation, PolicyDnsDomainInformation,
PolicyDnsDomainInformationInt PolicyDnsDomainInformationInt,
PolicyLocalAccountDomainInformation,
PolicyLastEntry
} POLICY_INFORMATION_CLASS, *PPOLICY_INFORMATION_CLASS; } POLICY_INFORMATION_CLASS, *PPOLICY_INFORMATION_CLASS;
// //
// The following data type corresponds to the PolicyAuditLogInformation // The following data type corresponds to the PolicyAuditLogInformation
// information class. It is used to represent information relating to // information class. It is used to represent information relating to
// the Audit Log. // the Audit Log.
// //
// This structure may be used in both query and set operations. However, // This structure may be used in both query and set operations. However,
// when used in set operations, some fields are ignored. // when used in set operations, some fields are ignored.
skipping to change at line 996 skipping to change at line 1849
// indexed by Audit Event Type. // indexed by Audit Event Type.
// //
// MaximumAuditEventCount - Specifiesa count of the number of Audit // MaximumAuditEventCount - Specifiesa count of the number of Audit
// Event Types specified by the EventAuditingOptions parameter. If // Event Types specified by the EventAuditingOptions parameter. If
// this count is less than the number of Audit Event Types supported // this count is less than the number of Audit Event Types supported
// by the system, the Auditing Options for Event Types with IDs // by the system, the Auditing Options for Event Types with IDs
// higher than (MaximumAuditEventCount + 1) are left unchanged. // higher than (MaximumAuditEventCount + 1) are left unchanged.
// //
// //
// The following data type is used to represent information relating to
// the audit requirements.
//
typedef struct _POLICY_AUDIT_SUBCATEGORIES_INFO {
ULONG MaximumSubCategoryCount;
PPOLICY_AUDIT_EVENT_OPTIONS EventAuditingOptions;
} POLICY_AUDIT_SUBCATEGORIES_INFO, *PPOLICY_AUDIT_SUBCATEGORIES_INFO;
typedef struct _POLICY_AUDIT_CATEGORIES_INFO {
ULONG MaximumCategoryCount;
PPOLICY_AUDIT_SUBCATEGORIES_INFO SubCategoriesInfo;
} POLICY_AUDIT_CATEGORIES_INFO, *PPOLICY_AUDIT_CATEGORIES_INFO;
//
// Valid bits for Per user policy mask.
//
#define PER_USER_POLICY_UNCHANGED (0x00)
#define PER_USER_AUDIT_SUCCESS_INCLUDE (0x01)
#define PER_USER_AUDIT_SUCCESS_EXCLUDE (0x02)
#define PER_USER_AUDIT_FAILURE_INCLUDE (0x04)
#define PER_USER_AUDIT_FAILURE_EXCLUDE (0x08)
#define PER_USER_AUDIT_NONE (0x10)
#define VALID_PER_USER_AUDIT_POLICY_FLAG (PER_USER_AUDIT_SUCCESS_INCLUDE | \
PER_USER_AUDIT_SUCCESS_EXCLUDE | \
PER_USER_AUDIT_FAILURE_INCLUDE | \
PER_USER_AUDIT_FAILURE_EXCLUDE | \
PER_USER_AUDIT_NONE)
//
// The following structure corresponds to the PolicyAccountDomainInformation // The following structure corresponds to the PolicyAccountDomainInformation
// information class. // information class.
// //
typedef struct _POLICY_ACCOUNT_DOMAIN_INFO { typedef struct _POLICY_ACCOUNT_DOMAIN_INFO {
LSA_UNICODE_STRING DomainName; LSA_UNICODE_STRING DomainName;
PSID DomainSid; PSID DomainSid;
} POLICY_ACCOUNT_DOMAIN_INFO, *PPOLICY_ACCOUNT_DOMAIN_INFO; } POLICY_ACCOUNT_DOMAIN_INFO, *PPOLICY_ACCOUNT_DOMAIN_INFO;
skipping to change at line 1170 skipping to change at line 2059
} POLICY_AUDIT_FULL_QUERY_INFO, *PPOLICY_AUDIT_FULL_QUERY_INFO; } POLICY_AUDIT_FULL_QUERY_INFO, *PPOLICY_AUDIT_FULL_QUERY_INFO;
// //
// The following data type defines the classes of Policy Information // The following data type defines the classes of Policy Information
// that may be queried/set that has domain wide effect. // that may be queried/set that has domain wide effect.
// //
typedef enum _POLICY_DOMAIN_INFORMATION_CLASS { typedef enum _POLICY_DOMAIN_INFORMATION_CLASS {
// PolicyDomainQualityOfServiceInformation, // value was used in W2K; no longer #if (_WIN32_WINNT <= 0x0500)
supported PolicyDomainQualityOfServiceInformation = 1,
#endif
PolicyDomainEfsInformation = 2, PolicyDomainEfsInformation = 2,
PolicyDomainKerberosTicketInformation PolicyDomainKerberosTicketInformation
} POLICY_DOMAIN_INFORMATION_CLASS, *PPOLICY_DOMAIN_INFORMATION_CLASS; } POLICY_DOMAIN_INFORMATION_CLASS, *PPOLICY_DOMAIN_INFORMATION_CLASS;
#if (_WIN32_WINNT < 0x0502)
//
// QualityOfService information. Corresponds to PolicyDomainQualityOfServiceInf
ormation
//
#define POLICY_QOS_SCHANNEL_REQUIRED 0x00000001
#define POLICY_QOS_OUTBOUND_INTEGRITY 0x00000002
#define POLICY_QOS_OUTBOUND_CONFIDENTIALITY 0x00000004
#define POLICY_QOS_INBOUND_INTEGRITY 0x00000008
#define POLICY_QOS_INBOUND_CONFIDENTIALITY 0x00000010
#define POLICY_QOS_ALLOW_LOCAL_ROOT_CERT_STORE 0x00000020
#define POLICY_QOS_RAS_SERVER_ALLOWED 0x00000040
#define POLICY_QOS_DHCP_SERVER_ALLOWED 0x00000080
//
// Bits 0x00000100 through 0xFFFFFFFF are reserved for future use.
//
#endif
#if (_WIN32_WINNT == 0x0500)
typedef struct _POLICY_DOMAIN_QUALITY_OF_SERVICE_INFO {
ULONG QualityOfService;
} POLICY_DOMAIN_QUALITY_OF_SERVICE_INFO, *PPOLICY_DOMAIN_QUALITY_OF_SERVICE_INFO
;
//
// where the members have the following usage:
//
// QualityOfService - Determines what specific QOS actions a machine should tak
e
//
#endif
// //
// The following structure corresponds to the PolicyEfsInformation // The following structure corresponds to the PolicyEfsInformation
// information class // information class
// //
typedef struct _POLICY_DOMAIN_EFS_INFO { typedef struct _POLICY_DOMAIN_EFS_INFO {
ULONG InfoLength; ULONG InfoLength;
PUCHAR EfsBlob; PUCHAR EfsBlob;
skipping to change at line 1276 skipping to change at line 2199
TrustedPosixOffsetInformation, TrustedPosixOffsetInformation,
TrustedPasswordInformation, TrustedPasswordInformation,
TrustedDomainInformationBasic, TrustedDomainInformationBasic,
TrustedDomainInformationEx, TrustedDomainInformationEx,
TrustedDomainAuthInformation, TrustedDomainAuthInformation,
TrustedDomainFullInformation, TrustedDomainFullInformation,
TrustedDomainAuthInformationInternal, TrustedDomainAuthInformationInternal,
TrustedDomainFullInformationInternal, TrustedDomainFullInformationInternal,
TrustedDomainInformationEx2Internal, TrustedDomainInformationEx2Internal,
TrustedDomainFullInformation2Internal, TrustedDomainFullInformation2Internal,
TrustedDomainSupportedEncryptionTypes,
} TRUSTED_INFORMATION_CLASS, *PTRUSTED_INFORMATION_CLASS; } TRUSTED_INFORMATION_CLASS, *PTRUSTED_INFORMATION_CLASS;
// //
// The following data type corresponds to the TrustedDomainNameInformation // The following data type corresponds to the TrustedDomainNameInformation
// information class. // information class.
// //
typedef struct _TRUSTED_DOMAIN_NAME_INFO { typedef struct _TRUSTED_DOMAIN_NAME_INFO {
LSA_UNICODE_STRING Name; LSA_UNICODE_STRING Name;
skipping to change at line 1366 skipping to change at line 2289
// Direction of the trust // Direction of the trust
// //
#define TRUST_DIRECTION_DISABLED 0x00000000 #define TRUST_DIRECTION_DISABLED 0x00000000
#define TRUST_DIRECTION_INBOUND 0x00000001 #define TRUST_DIRECTION_INBOUND 0x00000001
#define TRUST_DIRECTION_OUTBOUND 0x00000002 #define TRUST_DIRECTION_OUTBOUND 0x00000002
#define TRUST_DIRECTION_BIDIRECTIONAL (TRUST_DIRECTION_INBOUND | TRUST_DIRECTI ON_OUTBOUND) #define TRUST_DIRECTION_BIDIRECTIONAL (TRUST_DIRECTION_INBOUND | TRUST_DIRECTI ON_OUTBOUND)
#define TRUST_TYPE_DOWNLEVEL 0x00000001 // NT4 and before #define TRUST_TYPE_DOWNLEVEL 0x00000001 // NT4 and before
#define TRUST_TYPE_UPLEVEL 0x00000002 // NT5 #define TRUST_TYPE_UPLEVEL 0x00000002 // NT5
#define TRUST_TYPE_MIT 0x00000003 // Trust with a MIT Kerberos realm #define TRUST_TYPE_MIT 0x00000003 // Trust with a MIT Kerberos realm
// #define TRUST_TYPE_DCE 0x00000004 // Trust with a DCE realm
#if (_WIN32_WINNT < 0x0502)
#define TRUST_TYPE_DCE 0x00000004 // Trust with a DCE realm
#endif
// Levels 0x5 - 0x000FFFFF reserved for future use // Levels 0x5 - 0x000FFFFF reserved for future use
// Provider specific trust levels are from 0x00100000 to 0xFFF00000 // Provider specific trust levels are from 0x00100000 to 0xFFF00000
#define TRUST_ATTRIBUTE_NON_TRANSITIVE 0x00000001 // Disallow transitivity #define TRUST_ATTRIBUTE_NON_TRANSITIVE 0x00000001 // Disallow tr
#define TRUST_ATTRIBUTE_UPLEVEL_ONLY 0x00000002 // Trust link only valid ansitivity
for uplevel client #define TRUST_ATTRIBUTE_UPLEVEL_ONLY 0x00000002 // Trust link
#define TRUST_ATTRIBUTE_QUARANTINED_DOMAIN 0x00000004 // Used to quarantine dom only valid for uplevel client
ains #if (_WIN32_WINNT == 0x0500)
#define TRUST_ATTRIBUTE_FOREST_TRANSITIVE 0x00000008 // This link may contain #define TRUST_ATTRIBUTE_TREE_PARENT 0x00400000 // Denotes that we are setti
forest trust information ng the trust
#define TRUST_ATTRIBUTE_CROSS_ORGANIZATION 0x00000010 // This trust is to a dom // to our parent in the org
ain/forest which is not part of this enterprise tree...
#define TRUST_ATTRIBUTE_WITHIN_FOREST 0x00000020 // Trust is internal to t #define TRUST_ATTRIBUTE_TREE_ROOT 0x00800000 // Denotes that we are setti
his forest ng the trust
#define TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL 0x00000040 // Trust is to be treated // to another tree root in a
as external for trust boundary purposes forest...
#define TRUST_ATTRIBUTE_TRUST_USES_RC4_ENCRYPTION 0x00000080 // MIT trust wi // Trust attributes 0x00000004 through 0x004FFFFF reserved for future use
th RC4 // Trust attributes 0x00F00000 through 0x00400000 are reserved for internal use
// Trust attributes 0x01000000 through 0xFF000000 are reserved for user
// defined values
#define TRUST_ATTRIBUTES_VALID 0xFF02FFFF
#endif
#if (_WIN32_WINNT < 0x0502)
#define TRUST_ATTRIBUTE_FILTER_SIDS 0x00000004 // Used to quarantine dom
ains
#else
#define TRUST_ATTRIBUTE_QUARANTINED_DOMAIN 0x00000004 // Used to qua
rantine domains
#endif
#if (_WIN32_WINNT >= 0x0501)
#define TRUST_ATTRIBUTE_FOREST_TRANSITIVE 0x00000008 // This link m
ay contain forest trust information
#if (_WIN32_WINNT >= 0x0502)
#define TRUST_ATTRIBUTE_CROSS_ORGANIZATION 0x00000010 // This trust
is to a domain/forest which is not part of this enterprise
#define TRUST_ATTRIBUTE_WITHIN_FOREST 0x00000020 // Trust is in
ternal to this forest
#define TRUST_ATTRIBUTE_TREAT_AS_EXTERNAL 0x00000040 // Trust is to
be treated as external for trust boundary purposes
#if (_WIN32_WINNT >= 0x0600)
#define TRUST_ATTRIBUTE_TRUST_USES_RC4_ENCRYPTION 0x00000080 // MIT trust w
ith RC4
#define TRUST_ATTRIBUTE_TRUST_USES_AES_KEYS 0x00000100 // Use AES key
s to encrypte KRB TGTs
#endif
// Trust attributes 0x00000040 through 0x00200000 are reserved for future use // Trust attributes 0x00000040 through 0x00200000 are reserved for future use
#else
// Trust attributes 0x00000010 through 0x00200000 are reserved for future use
#endif
// Trust attributes 0x00400000 through 0x00800000 were used previously (up to W2 K) and should not be re-used // Trust attributes 0x00400000 through 0x00800000 were used previously (up to W2 K) and should not be re-used
// Trust attributes 0x01000000 through 0x80000000 are reserved for user // Trust attributes 0x01000000 through 0x80000000 are reserved for user
#define TRUST_ATTRIBUTES_VALID 0xFF03FFFF #define TRUST_ATTRIBUTES_VALID 0xFF03FFFF
#endif
#define TRUST_ATTRIBUTES_USER 0xFF000000 #define TRUST_ATTRIBUTES_USER 0xFF000000
typedef struct _TRUSTED_DOMAIN_INFORMATION_EX { typedef struct _TRUSTED_DOMAIN_INFORMATION_EX {
LSA_UNICODE_STRING Name; LSA_UNICODE_STRING Name;
LSA_UNICODE_STRING FlatName; LSA_UNICODE_STRING FlatName;
PSID Sid; PSID Sid;
ULONG TrustDirection; ULONG TrustDirection;
ULONG TrustType; ULONG TrustType;
ULONG TrustAttributes; ULONG TrustAttributes;
skipping to change at line 1454 skipping to change at line 2407
} TRUSTED_DOMAIN_FULL_INFORMATION, *PTRUSTED_DOMAIN_FULL_INFORMATION; } TRUSTED_DOMAIN_FULL_INFORMATION, *PTRUSTED_DOMAIN_FULL_INFORMATION;
typedef struct _TRUSTED_DOMAIN_FULL_INFORMATION2 { typedef struct _TRUSTED_DOMAIN_FULL_INFORMATION2 {
TRUSTED_DOMAIN_INFORMATION_EX2 Information; TRUSTED_DOMAIN_INFORMATION_EX2 Information;
TRUSTED_POSIX_OFFSET_INFO PosixOffset; TRUSTED_POSIX_OFFSET_INFO PosixOffset;
TRUSTED_DOMAIN_AUTH_INFORMATION AuthInformation; TRUSTED_DOMAIN_AUTH_INFORMATION AuthInformation;
} TRUSTED_DOMAIN_FULL_INFORMATION2, *PTRUSTED_DOMAIN_FULL_INFORMATION2; } TRUSTED_DOMAIN_FULL_INFORMATION2, *PTRUSTED_DOMAIN_FULL_INFORMATION2;
typedef struct _TRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES {
ULONG SupportedEncryptionTypes;
} TRUSTED_DOMAIN_SUPPORTED_ENCRYPTION_TYPES, *PTRUSTED_DOMAIN_SUPPORTED_ENCRYPTI
ON_TYPES;
typedef enum { typedef enum {
ForestTrustTopLevelName, ForestTrustTopLevelName,
ForestTrustTopLevelNameEx, ForestTrustTopLevelNameEx,
ForestTrustDomainInfo, ForestTrustDomainInfo,
ForestTrustRecordTypeLast = ForestTrustDomainInfo ForestTrustRecordTypeLast = ForestTrustDomainInfo
} LSA_FOREST_TRUST_RECORD_TYPE; } LSA_FOREST_TRUST_RECORD_TYPE;
#if (_WIN32_WINNT < 0x0502)
#define LSA_FOREST_TRUST_RECORD_TYPE_UNRECOGNIZED 0x80000000
#endif
// //
// Bottom 16 bits of the flags are reserved for disablement reasons // Bottom 16 bits of the flags are reserved for disablement reasons
// //
#define LSA_FTRECORD_DISABLED_REASONS ( 0x0000FFFFL ) #define LSA_FTRECORD_DISABLED_REASONS ( 0x0000FFFFL )
// //
// Reasons for a top-level name forest trust record to be disabled // Reasons for a top-level name forest trust record to be disabled
// //
skipping to change at line 1498 skipping to change at line 2461
#ifdef MIDL_PASS #ifdef MIDL_PASS
PISID Sid; PISID Sid;
#else #else
PSID Sid; PSID Sid;
#endif #endif
LSA_UNICODE_STRING DnsName; LSA_UNICODE_STRING DnsName;
LSA_UNICODE_STRING NetbiosName; LSA_UNICODE_STRING NetbiosName;
} LSA_FOREST_TRUST_DOMAIN_INFO, *PLSA_FOREST_TRUST_DOMAIN_INFO; } LSA_FOREST_TRUST_DOMAIN_INFO, *PLSA_FOREST_TRUST_DOMAIN_INFO;
#if (_WIN32_WINNT >= 0x0502)
// //
// To prevent huge data to be passed in, we should put a limit on LSA_FOREST_TR UST_BINARY_DATA. // To prevent huge data to be passed in, we should put a limit on LSA_FOREST_TR UST_BINARY_DATA.
// 128K is large enough that can't be reached in the near future, and small enough not to // 128K is large enough that can't be reached in the near future, and small enough not to
// cause memory problems. // cause memory problems.
#define MAX_FOREST_TRUST_BINARY_DATA_SIZE ( 128 * 1024 ) #define MAX_FOREST_TRUST_BINARY_DATA_SIZE ( 128 * 1024 )
#endif
typedef struct _LSA_FOREST_TRUST_BINARY_DATA { typedef struct _LSA_FOREST_TRUST_BINARY_DATA {
#ifdef MIDL_PASS #ifdef MIDL_PASS
[range(0, MAX_FOREST_TRUST_BINARY_DATA_SIZE)] ULONG Length; [range(0, MAX_FOREST_TRUST_BINARY_DATA_SIZE)] ULONG Length;
[size_is( Length )] PUCHAR Buffer; [size_is( Length )] PUCHAR Buffer;
#else #else
ULONG Length; ULONG Length;
PUCHAR Buffer; PUCHAR Buffer;
#endif #endif
skipping to change at line 1543 skipping to change at line 2508
[default] LSA_FOREST_TRUST_BINARY_DATA Data; [default] LSA_FOREST_TRUST_BINARY_DATA Data;
#else #else
LSA_UNICODE_STRING TopLevelName; LSA_UNICODE_STRING TopLevelName;
LSA_FOREST_TRUST_DOMAIN_INFO DomainInfo; LSA_FOREST_TRUST_DOMAIN_INFO DomainInfo;
LSA_FOREST_TRUST_BINARY_DATA Data; // used for unrecognized types LSA_FOREST_TRUST_BINARY_DATA Data; // used for unrecognized types
#endif #endif
} ForestTrustData; } ForestTrustData;
} LSA_FOREST_TRUST_RECORD, *PLSA_FOREST_TRUST_RECORD; } LSA_FOREST_TRUST_RECORD, *PLSA_FOREST_TRUST_RECORD;
#if (_WIN32_WINNT >= 0x0502)
// //
// To prevent forest trust blobs of large size, number of records must be // To prevent forest trust blobs of large size, number of records must be
// smaller than MAX_RECORDS_IN_FOREST_TRUST_INFO // smaller than MAX_RECORDS_IN_FOREST_TRUST_INFO
// //
#define MAX_RECORDS_IN_FOREST_TRUST_INFO 4000 #define MAX_RECORDS_IN_FOREST_TRUST_INFO 4000
#endif
typedef struct _LSA_FOREST_TRUST_INFORMATION { typedef struct _LSA_FOREST_TRUST_INFORMATION {
#ifdef MIDL_PASS #ifdef MIDL_PASS
[range(0, MAX_RECORDS_IN_FOREST_TRUST_INFO)] ULONG RecordCount; [range(0, MAX_RECORDS_IN_FOREST_TRUST_INFO)] ULONG RecordCount;
[size_is( RecordCount )] PLSA_FOREST_TRUST_RECORD * Entries; [size_is( RecordCount )] PLSA_FOREST_TRUST_RECORD * Entries;
#else #else
ULONG RecordCount; ULONG RecordCount;
PLSA_FOREST_TRUST_RECORD * Entries; PLSA_FOREST_TRUST_RECORD * Entries;
#endif #endif
skipping to change at line 1622 skipping to change at line 2589
LsaFreeMemory( LsaFreeMemory(
__in_opt PVOID Buffer __in_opt PVOID Buffer
); );
NTSTATUS NTSTATUS
NTAPI NTAPI
LsaClose( LsaClose(
__in LSA_HANDLE ObjectHandle __in LSA_HANDLE ObjectHandle
); );
#if (_WIN32_WINNT >= 0x0600)
typedef struct _LSA_LAST_INTER_LOGON_INFO {
LARGE_INTEGER LastSuccessfulLogon;
LARGE_INTEGER LastFailedLogon;
ULONG FailedAttemptCountSinceLastSuccessfulLogon;
} LSA_LAST_INTER_LOGON_INFO, *PLSA_LAST_INTER_LOGON_INFO;
#endif
#if (_WIN32_WINNT >= 0x0501)
typedef struct _SECURITY_LOGON_SESSION_DATA { typedef struct _SECURITY_LOGON_SESSION_DATA {
ULONG Size ; ULONG Size;
LUID LogonId ; LUID LogonId;
LSA_UNICODE_STRING UserName ; LSA_UNICODE_STRING UserName;
LSA_UNICODE_STRING LogonDomain ; LSA_UNICODE_STRING LogonDomain;
LSA_UNICODE_STRING AuthenticationPackage ; LSA_UNICODE_STRING AuthenticationPackage;
ULONG LogonType ; ULONG LogonType;
ULONG Session ; ULONG Session;
PSID Sid ; PSID Sid;
LARGE_INTEGER LogonTime ; LARGE_INTEGER LogonTime;
// //
// new for whistler: // new for whistler:
// //
LSA_UNICODE_STRING LogonServer ; LSA_UNICODE_STRING LogonServer;
LSA_UNICODE_STRING DnsDomainName ; LSA_UNICODE_STRING DnsDomainName;
LSA_UNICODE_STRING Upn ; LSA_UNICODE_STRING Upn;
} SECURITY_LOGON_SESSION_DATA, * PSECURITY_LOGON_SESSION_DATA ;
#if (_WIN32_WINNT >= 0x0600)
//
// new for LH
//
ULONG UserFlags;
LSA_LAST_INTER_LOGON_INFO LastLogonInfo;
LSA_UNICODE_STRING LogonScript;
LSA_UNICODE_STRING ProfilePath;
LSA_UNICODE_STRING HomeDirectory;
LSA_UNICODE_STRING HomeDirectoryDrive;
LARGE_INTEGER LogoffTime;
LARGE_INTEGER KickOffTime;
LARGE_INTEGER PasswordLastSet;
LARGE_INTEGER PasswordCanChange;
LARGE_INTEGER PasswordMustChange;
#endif
} SECURITY_LOGON_SESSION_DATA, * PSECURITY_LOGON_SESSION_DATA;
NTSTATUS NTSTATUS
NTAPI NTAPI
LsaEnumerateLogonSessions( LsaEnumerateLogonSessions(
__out PULONG LogonSessionCount, __out PULONG LogonSessionCount,
__out PLUID * LogonSessionList __out PLUID * LogonSessionList
); );
NTSTATUS NTSTATUS
NTAPI NTAPI
LsaGetLogonSessionData( LsaGetLogonSessionData(
__in PLUID LogonId, __in PLUID LogonId,
__out PSECURITY_LOGON_SESSION_DATA * ppLogonSessionData __out PSECURITY_LOGON_SESSION_DATA * ppLogonSessionData
); );
#endif
NTSTATUS NTSTATUS
NTAPI NTAPI
LsaOpenPolicy( LsaOpenPolicy(
__in_opt PLSA_UNICODE_STRING SystemName, __in_opt PLSA_UNICODE_STRING SystemName,
__in PLSA_OBJECT_ATTRIBUTES ObjectAttributes, __in PLSA_OBJECT_ATTRIBUTES ObjectAttributes,
__in ACCESS_MASK DesiredAccess, __in ACCESS_MASK DesiredAccess,
__out PLSA_HANDLE PolicyHandle __out PLSA_HANDLE PolicyHandle
); );
NTSTATUS NTSTATUS
skipping to change at line 1731 skipping to change at line 2732
NTSTATUS NTSTATUS
NTAPI NTAPI
LsaLookupNames( LsaLookupNames(
__in LSA_HANDLE PolicyHandle, __in LSA_HANDLE PolicyHandle,
__in ULONG Count, __in ULONG Count,
__in PLSA_UNICODE_STRING Names, __in PLSA_UNICODE_STRING Names,
__out PLSA_REFERENCED_DOMAIN_LIST *ReferencedDomains, __out PLSA_REFERENCED_DOMAIN_LIST *ReferencedDomains,
__out PLSA_TRANSLATED_SID *Sids __out PLSA_TRANSLATED_SID *Sids
); );
#if (_WIN32_WINNT >= 0x0501)
NTSTATUS NTSTATUS
NTAPI NTAPI
LsaLookupNames2( LsaLookupNames2(
__in LSA_HANDLE PolicyHandle, __in LSA_HANDLE PolicyHandle,
__in ULONG Flags, // Reserved __in ULONG Flags, // Reserved
__in ULONG Count, __in ULONG Count,
__in PLSA_UNICODE_STRING Names, __in PLSA_UNICODE_STRING Names,
__out PLSA_REFERENCED_DOMAIN_LIST *ReferencedDomains, __out PLSA_REFERENCED_DOMAIN_LIST *ReferencedDomains,
__out PLSA_TRANSLATED_SID2 *Sids __out PLSA_TRANSLATED_SID2 *Sids
); );
#endif
NTSTATUS NTSTATUS
NTAPI NTAPI
LsaLookupSids( LsaLookupSids(
__in LSA_HANDLE PolicyHandle, __in LSA_HANDLE PolicyHandle,
__in ULONG Count, __in ULONG Count,
__in PSID *Sids, __in PSID *Sids,
__out PLSA_REFERENCED_DOMAIN_LIST *ReferencedDomains, __out PLSA_REFERENCED_DOMAIN_LIST *ReferencedDomains,
__out PLSA_TRANSLATED_NAME *Names __out PLSA_TRANSLATED_NAME *Names
); );
#define SE_INTERACTIVE_LOGON_NAME TEXT("SeInteractiveLogonRight") #define SE_INTERACTIVE_LOGON_NAME TEXT("SeInteractiveLogonRight")
#define SE_NETWORK_LOGON_NAME TEXT("SeNetworkLogonRight") #define SE_NETWORK_LOGON_NAME TEXT("SeNetworkLogonRight")
#define SE_BATCH_LOGON_NAME TEXT("SeBatchLogonRight") #define SE_BATCH_LOGON_NAME TEXT("SeBatchLogonRight")
#define SE_SERVICE_LOGON_NAME TEXT("SeServiceLogonRight") #define SE_SERVICE_LOGON_NAME TEXT("SeServiceLogonRight")
#define SE_DENY_INTERACTIVE_LOGON_NAME TEXT("SeDenyInteractiveLogonRight") #define SE_DENY_INTERACTIVE_LOGON_NAME TEXT("SeDenyInteractiveLogonRight")
#define SE_DENY_NETWORK_LOGON_NAME TEXT("SeDenyNetworkLogonRight") #define SE_DENY_NETWORK_LOGON_NAME TEXT("SeDenyNetworkLogonRight")
#define SE_DENY_BATCH_LOGON_NAME TEXT("SeDenyBatchLogonRight") #define SE_DENY_BATCH_LOGON_NAME TEXT("SeDenyBatchLogonRight")
#define SE_DENY_SERVICE_LOGON_NAME TEXT("SeDenyServiceLogonRight") #define SE_DENY_SERVICE_LOGON_NAME TEXT("SeDenyServiceLogonRight")
#if (_WIN32_WINNT >= 0x0501)
#define SE_REMOTE_INTERACTIVE_LOGON_NAME TEXT("SeRemoteInteractiveLogonRight" ) #define SE_REMOTE_INTERACTIVE_LOGON_NAME TEXT("SeRemoteInteractiveLogonRight" )
#define SE_DENY_REMOTE_INTERACTIVE_LOGON_NAME TEXT("SeDenyRemoteInteractiveLogon Right") #define SE_DENY_REMOTE_INTERACTIVE_LOGON_NAME TEXT("SeDenyRemoteInteractiveLogon Right")
#endif
// //
// This new API returns all the accounts with a certain privilege // This new API returns all the accounts with a certain privilege
// //
NTSTATUS NTSTATUS
NTAPI NTAPI
LsaEnumerateAccountsWithUserRight( LsaEnumerateAccountsWithUserRight(
__in LSA_HANDLE PolicyHandle, __in LSA_HANDLE PolicyHandle,
__in_opt PLSA_UNICODE_STRING UserRight, __in_opt PLSA_UNICODE_STRING UserRight,
skipping to change at line 1887 skipping to change at line 2892
NTSTATUS NTSTATUS
NTAPI NTAPI
LsaCreateTrustedDomainEx( LsaCreateTrustedDomainEx(
__in LSA_HANDLE PolicyHandle, __in LSA_HANDLE PolicyHandle,
__in PTRUSTED_DOMAIN_INFORMATION_EX TrustedDomainInformation, __in PTRUSTED_DOMAIN_INFORMATION_EX TrustedDomainInformation,
__in PTRUSTED_DOMAIN_AUTH_INFORMATION AuthenticationInformation, __in PTRUSTED_DOMAIN_AUTH_INFORMATION AuthenticationInformation,
__in ACCESS_MASK DesiredAccess, __in ACCESS_MASK DesiredAccess,
__out PLSA_HANDLE TrustedDomainHandle __out PLSA_HANDLE TrustedDomainHandle
); );
#if (_WIN32_WINNT >= 0x0501)
NTSTATUS NTSTATUS
NTAPI NTAPI
LsaQueryForestTrustInformation( LsaQueryForestTrustInformation(
__in LSA_HANDLE PolicyHandle, __in LSA_HANDLE PolicyHandle,
__in PLSA_UNICODE_STRING TrustedDomainName, __in PLSA_UNICODE_STRING TrustedDomainName,
__out PLSA_FOREST_TRUST_INFORMATION * ForestTrustInfo __out PLSA_FOREST_TRUST_INFORMATION * ForestTrustInfo
); );
NTSTATUS NTSTATUS
NTAPI NTAPI
skipping to change at line 1919 skipping to change at line 2925
NTSTATUS NTSTATUS
NTAPI NTAPI
LsaForestTrustFindMatch( LsaForestTrustFindMatch(
__in LSA_HANDLE PolicyHandle, __in LSA_HANDLE PolicyHandle,
__in ULONG Type, __in ULONG Type,
__in PLSA_UNICODE_STRING Name, __in PLSA_UNICODE_STRING Name,
__out PLSA_UNICODE_STRING * Match __out PLSA_UNICODE_STRING * Match
); );
#endif #endif
#endif
// //
// This API sets the workstation password (equivalent of setting/getting // This API sets the workstation password (equivalent of setting/getting
// the SSI_SECRET_NAME secret) // the SSI_SECRET_NAME secret)
// //
NTSTATUS NTSTATUS
NTAPI NTAPI
LsaStorePrivateData( LsaStorePrivateData(
__in LSA_HANDLE PolicyHandle, __in LSA_HANDLE PolicyHandle,
skipping to change at line 1965 skipping to change at line 2972
// end_ntifs // end_ntifs
// //
// SPNEGO package stuff // SPNEGO package stuff
// //
enum NEGOTIATE_MESSAGES { enum NEGOTIATE_MESSAGES {
NegEnumPackagePrefixes = 0, NegEnumPackagePrefixes = 0,
NegGetCallerName = 1, NegGetCallerName = 1,
NegCallPackageMax NegCallPackageMax
} ; };
#define NEGOTIATE_MAX_PREFIX 32 #define NEGOTIATE_MAX_PREFIX 32
typedef struct _NEGOTIATE_PACKAGE_PREFIX { typedef struct _NEGOTIATE_PACKAGE_PREFIX {
ULONG_PTR PackageId ; ULONG_PTR PackageId;
PVOID PackageDataA ; PVOID PackageDataA;
PVOID PackageDataW ; PVOID PackageDataW;
ULONG_PTR PrefixLen ; ULONG_PTR PrefixLen;
UCHAR Prefix[ NEGOTIATE_MAX_PREFIX ]; UCHAR Prefix[ NEGOTIATE_MAX_PREFIX ];
} NEGOTIATE_PACKAGE_PREFIX, * PNEGOTIATE_PACKAGE_PREFIX ; } NEGOTIATE_PACKAGE_PREFIX, * PNEGOTIATE_PACKAGE_PREFIX;
typedef struct _NEGOTIATE_PACKAGE_PREFIXES { typedef struct _NEGOTIATE_PACKAGE_PREFIXES {
ULONG MessageType ; ULONG MessageType;
ULONG PrefixCount ; ULONG PrefixCount;
ULONG Offset ; // Offset to array of _PREFIX above ULONG Offset; // Offset to array of _PREFIX above
ULONG Pad ; // Align structure for 64-bit #if(_WIN32_WINNT >= 0x0502)
} NEGOTIATE_PACKAGE_PREFIXES, *PNEGOTIATE_PACKAGE_PREFIXES ; ULONG Pad; // Align structure for 64-bit
#endif
} NEGOTIATE_PACKAGE_PREFIXES, *PNEGOTIATE_PACKAGE_PREFIXES;
typedef struct _NEGOTIATE_CALLER_NAME_REQUEST { typedef struct _NEGOTIATE_CALLER_NAME_REQUEST {
ULONG MessageType ; ULONG MessageType;
LUID LogonId ; LUID LogonId;
} NEGOTIATE_CALLER_NAME_REQUEST, *PNEGOTIATE_CALLER_NAME_REQUEST ; } NEGOTIATE_CALLER_NAME_REQUEST, *PNEGOTIATE_CALLER_NAME_REQUEST;
typedef struct _NEGOTIATE_CALLER_NAME_RESPONSE { typedef struct _NEGOTIATE_CALLER_NAME_RESPONSE {
ULONG MessageType ; ULONG MessageType;
PWSTR CallerName ; PWSTR CallerName;
} NEGOTIATE_CALLER_NAME_RESPONSE, * PNEGOTIATE_CALLER_NAME_RESPONSE ; } NEGOTIATE_CALLER_NAME_RESPONSE, * PNEGOTIATE_CALLER_NAME_RESPONSE;
#ifndef _NTDEF_ #ifndef _NTDEF_
typedef LSA_UNICODE_STRING UNICODE_STRING, *PUNICODE_STRING; typedef LSA_UNICODE_STRING UNICODE_STRING, *PUNICODE_STRING;
typedef LSA_STRING STRING, *PSTRING ; typedef LSA_STRING STRING, *PSTRING ;
#endif #endif
#ifndef _DOMAIN_PASSWORD_INFORMATION_DEFINED #ifndef _DOMAIN_PASSWORD_INFORMATION_DEFINED
#define _DOMAIN_PASSWORD_INFORMATION_DEFINED #define _DOMAIN_PASSWORD_INFORMATION_DEFINED
typedef struct _DOMAIN_PASSWORD_INFORMATION { typedef struct _DOMAIN_PASSWORD_INFORMATION {
USHORT MinPasswordLength; USHORT MinPasswordLength;
skipping to change at line 2015 skipping to change at line 3024
#if defined(MIDL_PASS) #if defined(MIDL_PASS)
OLD_LARGE_INTEGER MaxPasswordAge; OLD_LARGE_INTEGER MaxPasswordAge;
OLD_LARGE_INTEGER MinPasswordAge; OLD_LARGE_INTEGER MinPasswordAge;
#else #else
LARGE_INTEGER MaxPasswordAge; LARGE_INTEGER MaxPasswordAge;
LARGE_INTEGER MinPasswordAge; LARGE_INTEGER MinPasswordAge;
#endif #endif
} DOMAIN_PASSWORD_INFORMATION, *PDOMAIN_PASSWORD_INFORMATION; } DOMAIN_PASSWORD_INFORMATION, *PDOMAIN_PASSWORD_INFORMATION;
#endif #endif
#if (_WIN32_WINNT >= 0x0501)
// //
// PasswordProperties flags // PasswordProperties flags
// //
#define DOMAIN_PASSWORD_COMPLEX 0x00000001L #define DOMAIN_PASSWORD_COMPLEX 0x00000001L
#define DOMAIN_PASSWORD_NO_ANON_CHANGE 0x00000002L #define DOMAIN_PASSWORD_NO_ANON_CHANGE 0x00000002L
#define DOMAIN_PASSWORD_NO_CLEAR_CHANGE 0x00000004L #define DOMAIN_PASSWORD_NO_CLEAR_CHANGE 0x00000004L
#define DOMAIN_LOCKOUT_ADMINS 0x00000008L #define DOMAIN_LOCKOUT_ADMINS 0x00000008L
#define DOMAIN_PASSWORD_STORE_CLEARTEXT 0x00000010L #define DOMAIN_PASSWORD_STORE_CLEARTEXT 0x00000010L
#define DOMAIN_REFUSE_PASSWORD_CHANGE 0x00000020L #define DOMAIN_REFUSE_PASSWORD_CHANGE 0x00000020L
#if(_WIN32_WINNT >= 0x0502)
#define DOMAIN_NO_LM_OWF_CHANGE 0x00000040L
#endif
#endif
#ifndef _PASSWORD_NOTIFICATION_DEFINED #ifndef _PASSWORD_NOTIFICATION_DEFINED
#define _PASSWORD_NOTIFICATION_DEFINED #define _PASSWORD_NOTIFICATION_DEFINED
typedef NTSTATUS (*PSAM_PASSWORD_NOTIFICATION_ROUTINE) ( typedef NTSTATUS (*PSAM_PASSWORD_NOTIFICATION_ROUTINE) (
PUNICODE_STRING UserName, PUNICODE_STRING UserName,
ULONG RelativeId, ULONG RelativeId,
PUNICODE_STRING NewPassword PUNICODE_STRING NewPassword
); );
#define SAM_PASSWORD_CHANGE_NOTIFY_ROUTINE "PasswordChangeNotify" #define SAM_PASSWORD_CHANGE_NOTIFY_ROUTINE "PasswordChangeNotify"
skipping to change at line 2097 skipping to change at line 3111
// //
// MSV1.0 LsaLogonUser() submission message types. // MSV1.0 LsaLogonUser() submission message types.
// //
typedef enum _MSV1_0_LOGON_SUBMIT_TYPE { typedef enum _MSV1_0_LOGON_SUBMIT_TYPE {
MsV1_0InteractiveLogon = 2, MsV1_0InteractiveLogon = 2,
MsV1_0Lm20Logon, MsV1_0Lm20Logon,
MsV1_0NetworkLogon, MsV1_0NetworkLogon,
MsV1_0SubAuthLogon, MsV1_0SubAuthLogon,
MsV1_0WorkstationUnlockLogon = 7 MsV1_0WorkstationUnlockLogon = 7,
// defined in Longhorn and up
MsV1_0S4ULogon = 12,
} MSV1_0_LOGON_SUBMIT_TYPE, *PMSV1_0_LOGON_SUBMIT_TYPE; } MSV1_0_LOGON_SUBMIT_TYPE, *PMSV1_0_LOGON_SUBMIT_TYPE;
// //
// MSV1.0 LsaLogonUser() profile buffer types. // MSV1.0 LsaLogonUser() profile buffer types.
// //
typedef enum _MSV1_0_PROFILE_BUFFER_TYPE { typedef enum _MSV1_0_PROFILE_BUFFER_TYPE {
MsV1_0InteractiveProfile = 2, MsV1_0InteractiveProfile = 2,
MsV1_0Lm20LogonProfile, MsV1_0Lm20LogonProfile,
MsV1_0SmartCardProfile MsV1_0SmartCardProfile
skipping to change at line 2236 skipping to change at line 3252
#define MSV1_0_DONT_TRY_GUEST_ACCOUNT 0x10 #define MSV1_0_DONT_TRY_GUEST_ACCOUNT 0x10
#define MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT 0x20 #define MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT 0x20
#define MSV1_0_RETURN_PASSWORD_EXPIRY 0x40 #define MSV1_0_RETURN_PASSWORD_EXPIRY 0x40
// this next flag says that CaseInsensitiveChallengeResponse // this next flag says that CaseInsensitiveChallengeResponse
// (aka LmResponse) contains a client challenge in the first 8 bytes // (aka LmResponse) contains a client challenge in the first 8 bytes
#define MSV1_0_USE_CLIENT_CHALLENGE 0x80 #define MSV1_0_USE_CLIENT_CHALLENGE 0x80
#define MSV1_0_TRY_GUEST_ACCOUNT_ONLY 0x100 #define MSV1_0_TRY_GUEST_ACCOUNT_ONLY 0x100
#define MSV1_0_RETURN_PROFILE_PATH 0x200 #define MSV1_0_RETURN_PROFILE_PATH 0x200
#define MSV1_0_TRY_SPECIFIED_DOMAIN_ONLY 0x400 #define MSV1_0_TRY_SPECIFIED_DOMAIN_ONLY 0x400
#define MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT 0x800 #define MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT 0x800
//#if (_WIN32_WINNT >= 0x0501) -- Disabled until IIS fixes their target version.
#define MSV1_0_DISABLE_PERSONAL_FALLBACK 0x00001000 #define MSV1_0_DISABLE_PERSONAL_FALLBACK 0x00001000
#define MSV1_0_ALLOW_FORCE_GUEST 0x00002000 #define MSV1_0_ALLOW_FORCE_GUEST 0x00002000
//#endif
#if (_WIN32_WINNT >= 0x0502)
#define MSV1_0_CLEARTEXT_PASSWORD_SUPPLIED 0x00004000 #define MSV1_0_CLEARTEXT_PASSWORD_SUPPLIED 0x00004000
// Start
// Doesnt exist in Windows XP but does exist in Windows 2000 Security Rollup and
up
#define MSV1_0_USE_DOMAIN_FOR_ROUTING_ONLY 0x00008000 #define MSV1_0_USE_DOMAIN_FOR_ROUTING_ONLY 0x00008000
#endif
#define MSV1_0_SUBAUTHENTICATION_DLL_EX 0x00100000 #define MSV1_0_SUBAUTHENTICATION_DLL_EX 0x00100000
// Defined in Windows Server 2003 SP1 and above
#define MSV1_0_ALLOW_MSVCHAPV2 0x00010000 #define MSV1_0_ALLOW_MSVCHAPV2 0x00010000
#if (_WIN32_WINNT >= 0x0600)
//Defined in Longhorn and up
#define MSV1_0_S4U2SELF 0x00020000 // no password is needed
#define MSV1_0_CHECK_LOGONHOURS_FOR_S4U 0x00040000 // check logon hours for
S4U logon
#endif
// //
// The high order byte is a value indicating the SubAuthentication DLL. // The high order byte is a value indicating the SubAuthentication DLL.
// Zero indicates no SubAuthentication DLL. // Zero indicates no SubAuthentication DLL.
// //
#define MSV1_0_SUBAUTHENTICATION_DLL 0xFF000000 #define MSV1_0_SUBAUTHENTICATION_DLL 0xFF000000
#define MSV1_0_SUBAUTHENTICATION_DLL_SHIFT 24 #define MSV1_0_SUBAUTHENTICATION_DLL_SHIFT 24
#define MSV1_0_MNS_LOGON 0x01000000 #define MSV1_0_MNS_LOGON 0x01000000
// //
// This is the list of subauthentication dlls used in MS // This is the list of subauthentication dlls used in MS
skipping to change at line 2285 skipping to change at line 3316
UNICODE_STRING LogonDomainName; UNICODE_STRING LogonDomainName;
UNICODE_STRING UserName; UNICODE_STRING UserName;
UNICODE_STRING Workstation; UNICODE_STRING Workstation;
UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH]; UCHAR ChallengeToClient[MSV1_0_CHALLENGE_LENGTH];
STRING AuthenticationInfo1; STRING AuthenticationInfo1;
STRING AuthenticationInfo2; STRING AuthenticationInfo2;
ULONG ParameterControl; ULONG ParameterControl;
ULONG SubAuthPackageId; ULONG SubAuthPackageId;
} MSV1_0_SUBAUTH_LOGON, * PMSV1_0_SUBAUTH_LOGON; } MSV1_0_SUBAUTH_LOGON, * PMSV1_0_SUBAUTH_LOGON;
#if (_WIN32_WINNT >= 0x0600)
//
// s4u2self logon
//
// Defined in Longhorn and above
//
// request to enforce logon hours policy
//
#define MSV1_0_S4U_LOGON_FLAG_CHECK_LOGONHOURS 0x2
typedef struct _MSV1_0_S4U_LOGON {
MSV1_0_LOGON_SUBMIT_TYPE MessageType;
ULONG Flags;
UNICODE_STRING UserPrincipalName; // username or username@domain
UNICODE_STRING DomainName; // Optional: if missing, using the local machine
} MSV1_0_S4U_LOGON, *PMSV1_0_S4U_LOGON;
#endif
// //
// Values for UserFlags. // Values for UserFlags.
// //
#define LOGON_GUEST 0x01 #define LOGON_GUEST 0x01
#define LOGON_NOENCRYPTION 0x02 #define LOGON_NOENCRYPTION 0x02
#define LOGON_CACHED_ACCOUNT 0x04 #define LOGON_CACHED_ACCOUNT 0x04
#define LOGON_USED_LM_PASSWORD 0x08 #define LOGON_USED_LM_PASSWORD 0x08
#define LOGON_EXTRA_SIDS 0x20 #define LOGON_EXTRA_SIDS 0x20
#define LOGON_SUBAUTH_SESSION_KEY 0x40 #define LOGON_SUBAUTH_SESSION_KEY 0x40
#define LOGON_SERVER_TRUST_ACCOUNT 0x80 #define LOGON_SERVER_TRUST_ACCOUNT 0x80
#define LOGON_NTLMV2_ENABLED 0x100 // says DC understands NTLMv2 #define LOGON_NTLMV2_ENABLED 0x100 // says DC understands NTLMv2
#define LOGON_RESOURCE_GROUPS 0x200 #define LOGON_RESOURCE_GROUPS 0x200
#define LOGON_PROFILE_PATH_RETURNED 0x400 #define LOGON_PROFILE_PATH_RETURNED 0x400
// Defined in Longhorn and above
#define LOGON_NT_V2 0x800 // NT response was used for validati
on
#define LOGON_LM_V2 0x1000 // LM response was used for validati
on
#define LOGON_NTLM_V2 0x2000 // LM response was used to authentic
ate but NT response was used to derive the session key
#if (_WIN32_WINNT >= 0x0600)
#define LOGON_OPTIMIZED 0x4000 // this is an optimized logon
#define LOGON_WINLOGON 0x8000 // the logon session was created for
winlogon
#define LOGON_PKINIT 0x10000 // Kerberos PKINIT extension was use
d to authenticate the user
#define LOGON_NO_OPTIMIZED 0x20000 // optimized logon has been disabled
for this account
#endif
// //
// The high order byte is reserved for return by SubAuthentication DLLs. // The high order byte is reserved for return by SubAuthentication DLLs.
// //
#define MSV1_0_SUBAUTHENTICATION_FLAGS 0xFF000000 #define MSV1_0_SUBAUTHENTICATION_FLAGS 0xFF000000
// Values returned by the MSV1_0_MNS_LOGON SubAuthentication DLL // Values returned by the MSV1_0_MNS_LOGON SubAuthentication DLL
#define LOGON_GRACE_LOGON 0x01000000 #define LOGON_GRACE_LOGON 0x01000000
skipping to change at line 2349 skipping to change at line 3415
// NTLM3 definitions. // NTLM3 definitions.
// //
#define MSV1_0_NTLM3_RESPONSE_LENGTH 16 #define MSV1_0_NTLM3_RESPONSE_LENGTH 16
#define MSV1_0_NTLM3_OWF_LENGTH 16 #define MSV1_0_NTLM3_OWF_LENGTH 16
// //
// this is the longest amount of time we'll allow challenge response // this is the longest amount of time we'll allow challenge response
// pairs to be used. Note that this also has to allow for worst case clock skew // pairs to be used. Note that this also has to allow for worst case clock skew
// //
#if (_WIN32_WINNT == 0x0500)
#define MSV1_0_MAX_NTLM3_LIFE 1800 // 30 minutes (in seconds)
#else
#define MSV1_0_MAX_NTLM3_LIFE 129600 // 36 hours (in seconds) #define MSV1_0_MAX_NTLM3_LIFE 129600 // 36 hours (in seconds)
#endif
#define MSV1_0_MAX_AVL_SIZE 64000 #define MSV1_0_MAX_AVL_SIZE 64000
#if (_WIN32_WINNT >= 0x0501)
// //
// MsvAvFlags bit values // MsvAvFlags bit values
// //
// Exists only after Windows 2000
//
#define MSV1_0_AV_FLAG_FORCE_GUEST 0x00000001 #define MSV1_0_AV_FLAG_FORCE_GUEST 0x00000001
#if (_WIN32_WINNT >= 0x0600)
#define MSV1_0_AV_FLAG_MIC_HANDSHAKE_MESSAGES 0x00000002 // the client sup
ports
// hand-shake mes
sages integrity
#endif
#endif
// this is an MSV1_0 private data structure, defining the layout of an NTLM3 res ponse, as sent by a // this is an MSV1_0 private data structure, defining the layout of an NTLM3 res ponse, as sent by a
// client in the NtChallengeResponse field of the NETLOGON_NETWORK_INFO structu re. If can be differentiated // client in the NtChallengeResponse field of the NETLOGON_NETWORK_INFO structu re. If can be differentiated
// from an old style NT response by its length. This is crude, but it needs to pass through servers and // from an old style NT response by its length. This is crude, but it needs to pass through servers and
// the servers' DCs that do not understand NTLM3 but that are willing to pass l onger responses. // the servers' DCs that do not understand NTLM3 but that are willing to pass l onger responses.
typedef struct _MSV1_0_NTLM3_RESPONSE { typedef struct _MSV1_0_NTLM3_RESPONSE {
UCHAR Response[MSV1_0_NTLM3_RESPONSE_LENGTH]; // hash of OWF of password wit h all the following fields UCHAR Response[MSV1_0_NTLM3_RESPONSE_LENGTH]; // hash of OWF of password wit h all the following fields
UCHAR RespType; // id number of response; current is 1 UCHAR RespType; // id number of response; current is 1
UCHAR HiRespType; // highest id number understood by client UCHAR HiRespType; // highest id number understood by client
USHORT Flags; // reserved; must be sent as zero at this version USHORT Flags; // reserved; must be sent as zero at this version
ULONG MsgWord; // 32 bit message from client to server (for use by auth protocol) ULONG MsgWord; // 32 bit message from client to server (for use by auth protocol)
ULONGLONG TimeStamp; // time stamp when client generated response -- NT s ystem time, quad part ULONGLONG TimeStamp; // time stamp when client generated response -- NT s ystem time, quad part
UCHAR ChallengeFromClient[MSV1_0_CHALLENGE_LENGTH]; UCHAR ChallengeFromClient[MSV1_0_CHALLENGE_LENGTH];
ULONG AvPairsOff; // offset to start of AvPairs (to allow future expansion ) ULONG AvPairsOff; // offset to start of AvPairs (to allow future expansion )
UCHAR Buffer[1]; // start of buffer with AV pairs (or future stuff -- so use the offset) UCHAR Buffer[1]; // start of buffer with AV pairs (or future stuff -- so use the offset)
} MSV1_0_NTLM3_RESPONSE, *PMSV1_0_NTLM3_RESPONSE; } MSV1_0_NTLM3_RESPONSE, *PMSV1_0_NTLM3_RESPONSE;
#define MSV1_0_NTLM3_INPUT_LENGTH (sizeof(MSV1_0_NTLM3_RESPONSE) - MSV1_0_NTLM3_ RESPONSE_LENGTH) #define MSV1_0_NTLM3_INPUT_LENGTH (sizeof(MSV1_0_NTLM3_RESPONSE) - MSV1_0_NTLM3_ RESPONSE_LENGTH)
#if(_WIN32_WINNT >= 0x0502)
#define MSV1_0_NTLM3_MIN_NT_RESPONSE_LENGTH RTL_SIZEOF_THROUGH_FIELD(MSV1_0_NTLM 3_RESPONSE, AvPairsOff) #define MSV1_0_NTLM3_MIN_NT_RESPONSE_LENGTH RTL_SIZEOF_THROUGH_FIELD(MSV1_0_NTLM 3_RESPONSE, AvPairsOff)
#endif
typedef enum { typedef enum {
MsvAvEOL, // end of list MsvAvEOL, // end of list
MsvAvNbComputerName, // server's computer name -- NetBIOS MsvAvNbComputerName, // server's computer name -- NetBIOS
MsvAvNbDomainName, // server's domain name -- NetBIOS MsvAvNbDomainName, // server's domain name -- NetBIOS
MsvAvDnsComputerName, // server's computer name -- DNS MsvAvDnsComputerName, // server's computer name -- DNS
MsvAvDnsDomainName, // server's domain name -- DNS MsvAvDnsDomainName, // server's domain name -- DNS
#if (_WIN32_WINNT >= 0x0501)
MsvAvDnsTreeName, // server's tree name -- DNS MsvAvDnsTreeName, // server's tree name -- DNS
MsvAvFlags // server's extended flags -- DWORD mask MsvAvFlags, // server's extended flags -- DWORD mask
#if (_WIN32_WINNT >= 0x0600)
MsvAvTimestamp, // contains the server's local time in FILETIME,
// (64 bit 100 ns ticks since 1602
// (UTC)) in little endian byte order
MsvAvRestrictions, // token restrictions
#endif
#endif
} MSV1_0_AVID; } MSV1_0_AVID;
typedef struct _MSV1_0_AV_PAIR { typedef struct _MSV1_0_AV_PAIR {
USHORT AvId; USHORT AvId;
USHORT AvLen; USHORT AvLen;
// Data is treated as byte array following structure // Data is treated as byte array following structure
} MSV1_0_AV_PAIR, *PMSV1_0_AV_PAIR; } MSV1_0_AV_PAIR, *PMSV1_0_AV_PAIR;
/////////////////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////////////////
// // // //
// CALL PACKAGE Related Data Structures // // CALL PACKAGE Related Data Structures //
skipping to change at line 2416 skipping to change at line 3504
MsV1_0EnumerateUsers, // Both submission and response MsV1_0EnumerateUsers, // Both submission and response
MsV1_0GetUserInfo, // Both submission and response MsV1_0GetUserInfo, // Both submission and response
MsV1_0ReLogonUsers, // Submission only MsV1_0ReLogonUsers, // Submission only
MsV1_0ChangePassword, // Both submission and response MsV1_0ChangePassword, // Both submission and response
MsV1_0ChangeCachedPassword, // Both submission and response MsV1_0ChangeCachedPassword, // Both submission and response
MsV1_0GenericPassthrough, // Both submission and response MsV1_0GenericPassthrough, // Both submission and response
MsV1_0CacheLogon, // Submission only, no response MsV1_0CacheLogon, // Submission only, no response
MsV1_0SubAuth, // Both submission and response MsV1_0SubAuth, // Both submission and response
MsV1_0DeriveCredential, // Both submission and response MsV1_0DeriveCredential, // Both submission and response
MsV1_0CacheLookup, // Both submission and response MsV1_0CacheLookup, // Both submission and response
#if (_WIN32_WINNT >= 0x0501)
MsV1_0SetProcessOption, // Submission only, no response MsV1_0SetProcessOption, // Submission only, no response
#endif
#if (_WIN32_WINNT >= 0x0600)
MsV1_0ConfigLocalAliases,
#endif
} MSV1_0_PROTOCOL_MESSAGE_TYPE, *PMSV1_0_PROTOCOL_MESSAGE_TYPE; } MSV1_0_PROTOCOL_MESSAGE_TYPE, *PMSV1_0_PROTOCOL_MESSAGE_TYPE;
typedef struct _MSV1_0_CHANGEPASSWORD_REQUEST { typedef struct _MSV1_0_CHANGEPASSWORD_REQUEST {
MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
UNICODE_STRING DomainName; UNICODE_STRING DomainName;
UNICODE_STRING AccountName; UNICODE_STRING AccountName;
UNICODE_STRING OldPassword; UNICODE_STRING OldPassword;
UNICODE_STRING NewPassword; UNICODE_STRING NewPassword;
BOOLEAN Impersonating; BOOLEAN Impersonating;
} MSV1_0_CHANGEPASSWORD_REQUEST, *PMSV1_0_CHANGEPASSWORD_REQUEST; } MSV1_0_CHANGEPASSWORD_REQUEST, *PMSV1_0_CHANGEPASSWORD_REQUEST;
typedef struct _MSV1_0_CHANGEPASSWORD_RESPONSE { typedef struct _MSV1_0_CHANGEPASSWORD_RESPONSE {
MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
BOOLEAN PasswordInfoValid; BOOLEAN PasswordInfoValid;
DOMAIN_PASSWORD_INFORMATION DomainPasswordInfo; DOMAIN_PASSWORD_INFORMATION DomainPasswordInfo;
} MSV1_0_CHANGEPASSWORD_RESPONSE, *PMSV1_0_CHANGEPASSWORD_RESPONSE; } MSV1_0_CHANGEPASSWORD_RESPONSE, *PMSV1_0_CHANGEPASSWORD_RESPONSE;
#if(_WIN32_WINNT >= 0x0502)
// //
// MsV1_0GenericPassthrough - for remoting a CallPackage to // MsV1_0GenericPassthrough - for remoting a CallPackage to
// a domain controller on the specified domain // a domain controller on the specified domain
// //
typedef struct _MSV1_0_PASSTHROUGH_REQUEST { typedef struct _MSV1_0_PASSTHROUGH_REQUEST {
MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
UNICODE_STRING DomainName; UNICODE_STRING DomainName;
UNICODE_STRING PackageName; UNICODE_STRING PackageName;
ULONG DataLength; ULONG DataLength;
PUCHAR LogonData; PUCHAR LogonData;
ULONG Pad ; ULONG Pad ;
} MSV1_0_PASSTHROUGH_REQUEST, *PMSV1_0_PASSTHROUGH_REQUEST; } MSV1_0_PASSTHROUGH_REQUEST, *PMSV1_0_PASSTHROUGH_REQUEST;
typedef struct _MSV1_0_PASSTHROUGH_RESPONSE { typedef struct _MSV1_0_PASSTHROUGH_RESPONSE {
MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
ULONG Pad; ULONG Pad;
ULONG DataLength; ULONG DataLength;
PUCHAR ValidationData; PUCHAR ValidationData;
} MSV1_0_PASSTHROUGH_RESPONSE, *PMSV1_0_PASSTHROUGH_RESPONSE; } MSV1_0_PASSTHROUGH_RESPONSE, *PMSV1_0_PASSTHROUGH_RESPONSE;
#endif
// //
// MsV1_0SubAuthInfo submit buffer and response - for submitting a buffer to a // MsV1_0SubAuthInfo submit buffer and response - for submitting a buffer to a
// specified Subauthentication Package during an LsaCallAuthenticationPackage(). // specified Subauthentication Package during an LsaCallAuthenticationPackage().
// If this Subauthentication is to be done locally, then package this message // If this Subauthentication is to be done locally, then package this message
// in LsaCallAuthenticationPackage(). If this SubAuthentication needs to be done // in LsaCallAuthenticationPackage(). If this SubAuthentication needs to be done
// on the domain controller, then call LsaCallauthenticationPackage with the // on the domain controller, then call LsaCallauthenticationPackage with the
// message type being MsV1_0GenericPassThrough and the LogonData in this struct // message type being MsV1_0GenericPassThrough and the LogonData in this struct
// should be a PMSV1_0_SUBAUTH_REQUEST // should be a PMSV1_0_SUBAUTH_REQUEST
// //
skipping to change at line 2478 skipping to change at line 3573
ULONG SubAuthInfoLength; ULONG SubAuthInfoLength;
PUCHAR SubAuthSubmitBuffer; PUCHAR SubAuthSubmitBuffer;
} MSV1_0_SUBAUTH_REQUEST, *PMSV1_0_SUBAUTH_REQUEST; } MSV1_0_SUBAUTH_REQUEST, *PMSV1_0_SUBAUTH_REQUEST;
typedef struct _MSV1_0_SUBAUTH_RESPONSE{ typedef struct _MSV1_0_SUBAUTH_RESPONSE{
MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
ULONG SubAuthInfoLength; ULONG SubAuthInfoLength;
PUCHAR SubAuthReturnBuffer; PUCHAR SubAuthReturnBuffer;
} MSV1_0_SUBAUTH_RESPONSE, *PMSV1_0_SUBAUTH_RESPONSE; } MSV1_0_SUBAUTH_RESPONSE, *PMSV1_0_SUBAUTH_RESPONSE;
#if(_WIN32_WINNT >= 0x0501)
#define RtlGenRandom SystemFunction036 #define RtlGenRandom SystemFunction036
#endif
#if(_WIN32_WINNT >= 0x0500)
#define RtlEncryptMemory SystemFunction040 #define RtlEncryptMemory SystemFunction040
#define RtlDecryptMemory SystemFunction041 #define RtlDecryptMemory SystemFunction041
#endif
#if(_WIN32_WINNT >= 0x0501)
BOOLEAN BOOLEAN
RtlGenRandom( RtlGenRandom(
__out_bcount(RandomBufferLength) PVOID RandomBuffer, __out_bcount(RandomBufferLength) PVOID RandomBuffer,
__in ULONG RandomBufferLength __in ULONG RandomBufferLength
); );
#endif
/*
* #if(_WIN32_WINNT >= 0x0500) -- Disabled until WinHTTP fixes their target vers
ion.
*/
// //
// The buffer passed into RtlEncryptMemory and RtlDecryptMemory // The buffer passed into RtlEncryptMemory and RtlDecryptMemory
// must be a multiple of this length. // must be a multiple of this length.
// //
#define RTL_ENCRYPT_MEMORY_SIZE 8 #define RTL_ENCRYPT_MEMORY_SIZE 8
// //
// Allow Encrypt/Decrypt across process boundaries. // Allow Encrypt/Decrypt across process boundaries.
skipping to change at line 2522 skipping to change at line 3627
__in ULONG MemorySize, __in ULONG MemorySize,
__in ULONG OptionFlags __in ULONG OptionFlags
); );
NTSTATUS NTSTATUS
RtlDecryptMemory( RtlDecryptMemory(
__inout_bcount(MemorySize) PVOID Memory, __inout_bcount(MemorySize) PVOID Memory,
__in ULONG MemorySize, __in ULONG MemorySize,
__in ULONG OptionFlags __in ULONG OptionFlags
); );
//#endif
// Revision of the Kerberos Protocol. MS uses Version 5, Revision 6 // Revision of the Kerberos Protocol. MS uses Version 5, Revision 6
#define KERBEROS_VERSION 5 #define KERBEROS_VERSION 5
#define KERBEROS_REVISION 6 #define KERBEROS_REVISION 6
// Encryption Types: // Encryption Types:
// These encryption types are supported by the default MS KERBSUPP DLL // These encryption types are supported by the default MS KERBSUPP DLL
// as crypto systems. Values over 127 are local values, and may be changed // as crypto systems. Values over 127 are local values, and may be changed
// without notice. // without notice.
#define KERB_ETYPE_NULL 0 #define KERB_ETYPE_NULL 0
#define KERB_ETYPE_DES_CBC_CRC 1 #define KERB_ETYPE_DES_CBC_CRC 1
#define KERB_ETYPE_DES_CBC_MD4 2 #define KERB_ETYPE_DES_CBC_MD4 2
#define KERB_ETYPE_DES_CBC_MD5 3 #define KERB_ETYPE_DES_CBC_MD5 3
#define KERB_ETYPE_AES128_CTS_HMAC_SHA1_96 17
#define KERB_ETYPE_AES256_CTS_HMAC_SHA1_96 18
#define KERB_ETYPE_RC4_MD4 -128 // FFFFFF80 #define KERB_ETYPE_RC4_MD4 -128 // FFFFFF80
#define KERB_ETYPE_RC4_PLAIN2 -129 #define KERB_ETYPE_RC4_PLAIN2 -129
#define KERB_ETYPE_RC4_LM -130 #define KERB_ETYPE_RC4_LM -130
#define KERB_ETYPE_RC4_SHA -131 #define KERB_ETYPE_RC4_SHA -131
#define KERB_ETYPE_DES_PLAIN -132 #define KERB_ETYPE_DES_PLAIN -132
#define KERB_ETYPE_RC4_HMAC_OLD -133 // FFFFFF7B #define KERB_ETYPE_RC4_HMAC_OLD -133 // FFFFFF7B
#define KERB_ETYPE_RC4_PLAIN_OLD -134 #define KERB_ETYPE_RC4_PLAIN_OLD -134
#define KERB_ETYPE_RC4_HMAC_OLD_EXP -135 #define KERB_ETYPE_RC4_HMAC_OLD_EXP -135
#define KERB_ETYPE_RC4_PLAIN_OLD_EXP -136 #define KERB_ETYPE_RC4_PLAIN_OLD_EXP -136
#define KERB_ETYPE_RC4_PLAIN -140 #define KERB_ETYPE_RC4_PLAIN -140
#define KERB_ETYPE_RC4_PLAIN_EXP -141 #define KERB_ETYPE_RC4_PLAIN_EXP -141
// //
// used internally by userapi.cxx
//
#define KERB_ETYPE_AES128_CTS_HMAC_SHA1_96_PLAIN -148
#define KERB_ETYPE_AES256_CTS_HMAC_SHA1_96_PLAIN -149
//
// Pkinit encryption types // Pkinit encryption types
// //
#define KERB_ETYPE_DSA_SHA1_CMS 9 #define KERB_ETYPE_DSA_SHA1_CMS 9
#define KERB_ETYPE_RSA_MD5_CMS 10 #define KERB_ETYPE_RSA_MD5_CMS 10
#define KERB_ETYPE_RSA_SHA1_CMS 11 #define KERB_ETYPE_RSA_SHA1_CMS 11
#define KERB_ETYPE_RC2_CBC_ENV 12 #define KERB_ETYPE_RC2_CBC_ENV 12
#define KERB_ETYPE_RSA_ENV 13 #define KERB_ETYPE_RSA_ENV 13
#define KERB_ETYPE_RSA_ES_OEAP_ENV 14 #define KERB_ETYPE_RSA_ES_OEAP_ENV 14
#define KERB_ETYPE_DES_EDE3_CBC_ENV 15 #define KERB_ETYPE_DES_EDE3_CBC_ENV 15
skipping to change at line 2573 skipping to change at line 3688
// Deprecated // Deprecated
// //
#define KERB_ETYPE_DSA_SIGN 8 #define KERB_ETYPE_DSA_SIGN 8
#define KERB_ETYPE_RSA_PRIV 9 #define KERB_ETYPE_RSA_PRIV 9
#define KERB_ETYPE_RSA_PUB 10 #define KERB_ETYPE_RSA_PUB 10
#define KERB_ETYPE_RSA_PUB_MD5 11 #define KERB_ETYPE_RSA_PUB_MD5 11
#define KERB_ETYPE_RSA_PUB_SHA1 12 #define KERB_ETYPE_RSA_PUB_SHA1 12
#define KERB_ETYPE_PKCS7_PUB 13 #define KERB_ETYPE_PKCS7_PUB 13
#if(_WIN32_WINNT >= 0x0502)
// //
// Unsupported but defined types // Unsupported but defined types
// //
#define KERB_ETYPE_DES3_CBC_MD5 5 #define KERB_ETYPE_DES3_CBC_MD5 5
#define KERB_ETYPE_DES3_CBC_SHA1 7 #define KERB_ETYPE_DES3_CBC_SHA1 7
#define KERB_ETYPE_DES3_CBC_SHA1_KD 16 #define KERB_ETYPE_DES3_CBC_SHA1_KD 16
#endif
// //
// In use types // In use types
// //
#define KERB_ETYPE_DES_CBC_MD5_NT 20 #define KERB_ETYPE_DES_CBC_MD5_NT 20
#define KERB_ETYPE_RC4_HMAC_NT 23 #define KERB_ETYPE_RC4_HMAC_NT 23
#define KERB_ETYPE_RC4_HMAC_NT_EXP 24 #define KERB_ETYPE_RC4_HMAC_NT_EXP 24
// Checksum algorithms. // Checksum algorithms.
// These algorithms are keyed internally for our use. // These algorithms are keyed internally for our use.
#define KERB_CHECKSUM_NONE 0 #define KERB_CHECKSUM_NONE 0
#define KERB_CHECKSUM_CRC32 1 #define KERB_CHECKSUM_CRC32 1
#define KERB_CHECKSUM_MD4 2 #define KERB_CHECKSUM_MD4 2
#define KERB_CHECKSUM_KRB_DES_MAC 4 #define KERB_CHECKSUM_KRB_DES_MAC 4
#if (_WIN32_WINNT >= 0x0501)
#define KERB_CHECKSUM_KRB_DES_MAC_K 5 #define KERB_CHECKSUM_KRB_DES_MAC_K 5
#endif
#define KERB_CHECKSUM_MD5 7 #define KERB_CHECKSUM_MD5 7
#define KERB_CHECKSUM_MD5_DES 8 #define KERB_CHECKSUM_MD5_DES 8
#define KERB_CHECKSUM_SHA1_NEW 14 // defined in RFC3961
#define KERB_CHECKSUM_HMAC_SHA1_96_AES128 15
#define KERB_CHECKSUM_HMAC_SHA1_96_AES256 16
#define KERB_CHECKSUM_LM -130 #define KERB_CHECKSUM_LM -130
#define KERB_CHECKSUM_SHA1 -131 #define KERB_CHECKSUM_SHA1 -131
#define KERB_CHECKSUM_REAL_CRC32 -132 #define KERB_CHECKSUM_REAL_CRC32 -132
#define KERB_CHECKSUM_DES_MAC -133 #define KERB_CHECKSUM_DES_MAC -133
#define KERB_CHECKSUM_DES_MAC_MD5 -134 #define KERB_CHECKSUM_DES_MAC_MD5 -134
#define KERB_CHECKSUM_MD25 -135 #define KERB_CHECKSUM_MD25 -135
#define KERB_CHECKSUM_RC4_MD5 -136 #define KERB_CHECKSUM_RC4_MD5 -136
#define KERB_CHECKSUM_MD5_HMAC -137 // used by netlogon #define KERB_CHECKSUM_MD5_HMAC -137 // used by netlogon
#define KERB_CHECKSUM_HMAC_MD5 -138 // used by Kerberos #define KERB_CHECKSUM_HMAC_MD5 -138 // used by Kerberos
//
// used internally by userapi.cxx
//
#define KERB_CHECKSUM_HMAC_SHA1_96_AES128_Ki -150
#define KERB_CHECKSUM_HMAC_SHA1_96_AES256_Ki -151
#define AUTH_REQ_ALLOW_FORWARDABLE 0x00000001 #define AUTH_REQ_ALLOW_FORWARDABLE 0x00000001
#define AUTH_REQ_ALLOW_PROXIABLE 0x00000002 #define AUTH_REQ_ALLOW_PROXIABLE 0x00000002
#define AUTH_REQ_ALLOW_POSTDATE 0x00000004 #define AUTH_REQ_ALLOW_POSTDATE 0x00000004
#define AUTH_REQ_ALLOW_RENEWABLE 0x00000008 #define AUTH_REQ_ALLOW_RENEWABLE 0x00000008
#define AUTH_REQ_ALLOW_NOADDRESS 0x00000010 #define AUTH_REQ_ALLOW_NOADDRESS 0x00000010
#define AUTH_REQ_ALLOW_ENC_TKT_IN_SKEY 0x00000020 #define AUTH_REQ_ALLOW_ENC_TKT_IN_SKEY 0x00000020
#define AUTH_REQ_ALLOW_VALIDATE 0x00000040 #define AUTH_REQ_ALLOW_VALIDATE 0x00000040
#define AUTH_REQ_VALIDATE_CLIENT 0x00000080 #define AUTH_REQ_VALIDATE_CLIENT 0x00000080
#define AUTH_REQ_OK_AS_DELEGATE 0x00000100 #define AUTH_REQ_OK_AS_DELEGATE 0x00000100
#define AUTH_REQ_PREAUTH_REQUIRED 0x00000200 #define AUTH_REQ_PREAUTH_REQUIRED 0x00000200
#define AUTH_REQ_TRANSITIVE_TRUST 0x00000400 #define AUTH_REQ_TRANSITIVE_TRUST 0x00000400
#if(_WIN32_WINNT >= 0x0502)
#define AUTH_REQ_ALLOW_S4U_DELEGATE 0x00000800 #define AUTH_REQ_ALLOW_S4U_DELEGATE 0x00000800
#endif
#define AUTH_REQ_PER_USER_FLAGS (AUTH_REQ_ALLOW_FORWARDABLE | \ #define AUTH_REQ_PER_USER_FLAGS (AUTH_REQ_ALLOW_FORWARDABLE | \
AUTH_REQ_ALLOW_PROXIABLE | \ AUTH_REQ_ALLOW_PROXIABLE | \
AUTH_REQ_ALLOW_POSTDATE | \ AUTH_REQ_ALLOW_POSTDATE | \
AUTH_REQ_ALLOW_RENEWABLE | \ AUTH_REQ_ALLOW_RENEWABLE | \
AUTH_REQ_ALLOW_VALIDATE ) AUTH_REQ_ALLOW_VALIDATE )
// //
// Ticket Flags: // Ticket Flags:
// //
skipping to change at line 2646 skipping to change at line 3778
#define KERB_TICKET_FLAGS_proxy 0x08000000 #define KERB_TICKET_FLAGS_proxy 0x08000000
#define KERB_TICKET_FLAGS_may_postdate 0x04000000 #define KERB_TICKET_FLAGS_may_postdate 0x04000000
#define KERB_TICKET_FLAGS_postdated 0x02000000 #define KERB_TICKET_FLAGS_postdated 0x02000000
#define KERB_TICKET_FLAGS_invalid 0x01000000 #define KERB_TICKET_FLAGS_invalid 0x01000000
#define KERB_TICKET_FLAGS_renewable 0x00800000 #define KERB_TICKET_FLAGS_renewable 0x00800000
#define KERB_TICKET_FLAGS_initial 0x00400000 #define KERB_TICKET_FLAGS_initial 0x00400000
#define KERB_TICKET_FLAGS_pre_authent 0x00200000 #define KERB_TICKET_FLAGS_pre_authent 0x00200000
#define KERB_TICKET_FLAGS_hw_authent 0x00100000 #define KERB_TICKET_FLAGS_hw_authent 0x00100000
#define KERB_TICKET_FLAGS_ok_as_delegate 0x00040000 #define KERB_TICKET_FLAGS_ok_as_delegate 0x00040000
#define KERB_TICKET_FLAGS_name_canonicalize 0x00010000 #define KERB_TICKET_FLAGS_name_canonicalize 0x00010000
#if (_WIN32_WINNT == 0x0501)
#define KERB_TICKET_FLAGS_cname_in_pa_data 0x00040000
#endif
#define KERB_TICKET_FLAGS_reserved1 0x00000001 #define KERB_TICKET_FLAGS_reserved1 0x00000001
#if (_WIN32_WINNT >= 0x0501)
// //
// Name types // Name types
// //
#define KRB_NT_UNKNOWN 0 // Name type not known #define KRB_NT_UNKNOWN 0 // Name type not known
#define KRB_NT_PRINCIPAL 1 // Just the name of the principal as i n DCE, or for users #define KRB_NT_PRINCIPAL 1 // Just the name of the principal as i n DCE, or for users
#define KRB_NT_PRINCIPAL_AND_ID -131 // Name of the principal and its SID. #define KRB_NT_PRINCIPAL_AND_ID -131 // Name of the principal and its SID.
#define KRB_NT_SRV_INST 2 // Service and other unique instance ( krbtgt) #define KRB_NT_SRV_INST 2 // Service and other unique instance ( krbtgt)
#define KRB_NT_SRV_INST_AND_ID -132 // SPN and SID #define KRB_NT_SRV_INST_AND_ID -132 // SPN and SID
#define KRB_NT_SRV_HST 3 // Service with host name as instance (telnet, rcommands) #define KRB_NT_SRV_HST 3 // Service with host name as instance (telnet, rcommands)
skipping to change at line 2671 skipping to change at line 3807
#define KRB_NT_ENT_PRINCIPAL_AND_ID -130 // UPN and SID #define KRB_NT_ENT_PRINCIPAL_AND_ID -130 // UPN and SID
// //
// MS extensions, negative according to the RFC // MS extensions, negative according to the RFC
// //
#define KRB_NT_MS_PRINCIPAL -128 // NT4 style name #define KRB_NT_MS_PRINCIPAL -128 // NT4 style name
#define KRB_NT_MS_PRINCIPAL_AND_ID -129 // nt4 style name with sid #define KRB_NT_MS_PRINCIPAL_AND_ID -129 // nt4 style name with sid
#define KRB_NT_MS_BRANCH_ID -133 // Branch ID
#define KERB_IS_MS_PRINCIPAL(_x_) (((_x_) <= KRB_NT_MS_PRINCIPAL) || ((_x_) >= K RB_NT_ENTERPRISE_PRINCIPAL)) #define KERB_IS_MS_PRINCIPAL(_x_) (((_x_) <= KRB_NT_MS_PRINCIPAL) || ((_x_) >= K RB_NT_ENTERPRISE_PRINCIPAL))
#endif
#if (_WIN32_WINNT >= 0x0600)
#define KRB_NT_X500_PRINCIPAL 6 // Encoded X.500 Distingished name [RF
C 2253]
#endif
#ifndef MICROSOFT_KERBEROS_NAME_A #ifndef MICROSOFT_KERBEROS_NAME_A
#define MICROSOFT_KERBEROS_NAME_A "Kerberos" #define MICROSOFT_KERBEROS_NAME_A "Kerberos"
#define MICROSOFT_KERBEROS_NAME_W L"Kerberos" #define MICROSOFT_KERBEROS_NAME_W L"Kerberos"
#ifdef WIN32_CHICAGO #ifdef WIN32_CHICAGO
#define MICROSOFT_KERBEROS_NAME MICROSOFT_KERBEROS_NAME_A #define MICROSOFT_KERBEROS_NAME MICROSOFT_KERBEROS_NAME_A
#else #else
#define MICROSOFT_KERBEROS_NAME MICROSOFT_KERBEROS_NAME_W #define MICROSOFT_KERBEROS_NAME MICROSOFT_KERBEROS_NAME_W
#endif // WIN32_CHICAGO #endif // WIN32_CHICAGO
skipping to change at line 2711 skipping to change at line 3854
///////////////////////////////////////////////////////////////////////// /////////////////////////////////////////////////////////////////////////
typedef enum _KERB_LOGON_SUBMIT_TYPE { typedef enum _KERB_LOGON_SUBMIT_TYPE {
KerbInteractiveLogon = 2, KerbInteractiveLogon = 2,
KerbSmartCardLogon = 6, KerbSmartCardLogon = 6,
KerbWorkstationUnlockLogon = 7, KerbWorkstationUnlockLogon = 7,
KerbSmartCardUnlockLogon = 8, KerbSmartCardUnlockLogon = 8,
KerbProxyLogon = 9, KerbProxyLogon = 9,
KerbTicketLogon = 10, KerbTicketLogon = 10,
KerbTicketUnlockLogon = 11, KerbTicketUnlockLogon = 11,
KerbS4ULogon = 12 //#if (_WIN32_WINNT >= 0x0501) -- Disabled until IIS fixes their target version.
KerbS4ULogon = 12,
//#endif
#if (_WIN32_WINNT >= 0x0600)
KerbCertificateLogon = 13,
KerbCertificateS4ULogon = 14,
KerbCertificateUnlockLogon = 15,
#endif
} KERB_LOGON_SUBMIT_TYPE, *PKERB_LOGON_SUBMIT_TYPE; } KERB_LOGON_SUBMIT_TYPE, *PKERB_LOGON_SUBMIT_TYPE;
typedef struct _KERB_INTERACTIVE_LOGON { typedef struct _KERB_INTERACTIVE_LOGON {
KERB_LOGON_SUBMIT_TYPE MessageType; KERB_LOGON_SUBMIT_TYPE MessageType;
UNICODE_STRING LogonDomainName; UNICODE_STRING LogonDomainName;
UNICODE_STRING UserName; UNICODE_STRING UserName;
UNICODE_STRING Password; UNICODE_STRING Password;
} KERB_INTERACTIVE_LOGON, *PKERB_INTERACTIVE_LOGON; } KERB_INTERACTIVE_LOGON, *PKERB_INTERACTIVE_LOGON;
typedef struct _KERB_INTERACTIVE_UNLOCK_LOGON { typedef struct _KERB_INTERACTIVE_UNLOCK_LOGON {
skipping to change at line 2738 skipping to change at line 3888
UNICODE_STRING Pin; UNICODE_STRING Pin;
ULONG CspDataLength; ULONG CspDataLength;
PUCHAR CspData; PUCHAR CspData;
} KERB_SMART_CARD_LOGON, *PKERB_SMART_CARD_LOGON; } KERB_SMART_CARD_LOGON, *PKERB_SMART_CARD_LOGON;
typedef struct _KERB_SMART_CARD_UNLOCK_LOGON { typedef struct _KERB_SMART_CARD_UNLOCK_LOGON {
KERB_SMART_CARD_LOGON Logon; KERB_SMART_CARD_LOGON Logon;
LUID LogonId; LUID LogonId;
} KERB_SMART_CARD_UNLOCK_LOGON, *PKERB_SMART_CARD_UNLOCK_LOGON; } KERB_SMART_CARD_UNLOCK_LOGON, *PKERB_SMART_CARD_UNLOCK_LOGON;
#if (_WIN32_WINNT >= 0x0600)
//
// let the KDC detect account mapping conflicts for the same certificate.
//
#define KERB_CERTIFICATE_LOGON_FLAG_CHECK_DUPLICATES 0x1
typedef struct _KERB_CERTIFICATE_LOGON {
KERB_LOGON_SUBMIT_TYPE MessageType; // KerbCertificateLogon
UNICODE_STRING DomainName; // OPTIONAL, if supplied, used to locate the acco
unt forest
UNICODE_STRING UserName; // OPTIONAL, if supplied, used to locate the acco
unt
UNICODE_STRING Pin;
ULONG Flags; // additional flags
ULONG CspDataLength;
PUCHAR CspData; // contains the smartcard CSP data
} KERB_CERTIFICATE_LOGON, *PKERB_CERTIFICATE_LOGON;
typedef struct _KERB_CERTIFICATE_UNLOCK_LOGON {
KERB_CERTIFICATE_LOGON Logon;
LUID LogonId;
} KERB_CERTIFICATE_UNLOCK_LOGON, *PKERB_CERTIFICATE_UNLOCK_LOGON;
//
// let the KDC detect account mapping conflicts for the same certificate.
//
#define KERB_CERTIFICATE_S4U_LOGON_FLAG_CHECK_DUPLICATES 0x1
#define KERB_CERTIFICATE_S4U_LOGON_FLAG_CHECK_LOGONHOURS 0x2
typedef struct _KERB_CERTIFICATE_S4U_LOGON {
KERB_LOGON_SUBMIT_TYPE MessageType;
ULONG Flags;
UNICODE_STRING UserPrincipalName;
// OPTIONAL, certificate mapping hints: username or username@domain
UNICODE_STRING DomainName; // used to locate the forest
// OPTIONAL, certificate mapping hints: if missing, using the local
machine's domain
ULONG CertificateLength; // for the client certificate
PUCHAR Certificate; // for the client certificate, BER encoded
} KERB_CERTIFICATE_S4U_LOGON, *PKERB_CERTIFICATE_S4U_LOGON;
#endif
// //
// Structure used for a ticket-only logon // Structure used for a ticket-only logon
// //
typedef struct _KERB_TICKET_LOGON { typedef struct _KERB_TICKET_LOGON {
KERB_LOGON_SUBMIT_TYPE MessageType; KERB_LOGON_SUBMIT_TYPE MessageType;
ULONG Flags; ULONG Flags;
ULONG ServiceTicketLength; ULONG ServiceTicketLength;
ULONG TicketGrantingTicketLength; ULONG TicketGrantingTicketLength;
PUCHAR ServiceTicket; // REQUIRED: Service ticket "host" PUCHAR ServiceTicket; // REQUIRED: Service ticket "host"
skipping to change at line 2762 skipping to change at line 3955
// Flags for the ticket logon flags field // Flags for the ticket logon flags field
// //
#define KERB_LOGON_FLAG_ALLOW_EXPIRED_TICKET 0x1 #define KERB_LOGON_FLAG_ALLOW_EXPIRED_TICKET 0x1
typedef struct _KERB_TICKET_UNLOCK_LOGON { typedef struct _KERB_TICKET_UNLOCK_LOGON {
KERB_TICKET_LOGON Logon; KERB_TICKET_LOGON Logon;
LUID LogonId; LUID LogonId;
} KERB_TICKET_UNLOCK_LOGON, *PKERB_TICKET_UNLOCK_LOGON; } KERB_TICKET_UNLOCK_LOGON, *PKERB_TICKET_UNLOCK_LOGON;
//#if (_WIN32_WINNT >= 0x0501) -- Disabled until IIS fixes their target version.
// //
// Used for S4U Client requests // Used for S4U Client requests
// //
// //
#if (_WIN32_WINNT >= 0x0600)
//
// request to enforce logon hours policy
//
#define KERB_S4U_LOGON_FLAG_CHECK_LOGONHOURS 0x2
#endif
typedef struct _KERB_S4U_LOGON { typedef struct _KERB_S4U_LOGON {
KERB_LOGON_SUBMIT_TYPE MessageType; KERB_LOGON_SUBMIT_TYPE MessageType;
ULONG Flags; ULONG Flags;
UNICODE_STRING ClientUpn; // REQUIRED: UPN for client UNICODE_STRING ClientUpn; // REQUIRED: UPN for client
UNICODE_STRING ClientRealm; // Optional: Client Realm, if known UNICODE_STRING ClientRealm; // Optional: Client Realm, if known
} KERB_S4U_LOGON, *PKERB_S4U_LOGON; } KERB_S4U_LOGON, *PKERB_S4U_LOGON;
//#endif
// //
// Use the same profile structure as MSV1_0 // Use the same profile structure as MSV1_0
// //
typedef enum _KERB_PROFILE_BUFFER_TYPE { typedef enum _KERB_PROFILE_BUFFER_TYPE {
KerbInteractiveProfile = 2, KerbInteractiveProfile = 2,
KerbSmartCardProfile = 4, KerbSmartCardProfile = 4,
KerbTicketProfile = 6 KerbTicketProfile = 6
} KERB_PROFILE_BUFFER_TYPE, *PKERB_PROFILE_BUFFER_TYPE; } KERB_PROFILE_BUFFER_TYPE, *PKERB_PROFILE_BUFFER_TYPE;
skipping to change at line 2822 skipping to change at line 4028
// //
// For a ticket logon profile, we return the session key from the ticket // For a ticket logon profile, we return the session key from the ticket
// //
typedef struct KERB_CRYPTO_KEY { typedef struct KERB_CRYPTO_KEY {
LONG KeyType; LONG KeyType;
ULONG Length; ULONG Length;
PUCHAR Value; PUCHAR Value;
} KERB_CRYPTO_KEY, *PKERB_CRYPTO_KEY; } KERB_CRYPTO_KEY, *PKERB_CRYPTO_KEY;
typedef struct KERB_CRYPTO_KEY32 {
LONG KeyType;
ULONG Length;
ULONG Offset;
} KERB_CRYPTO_KEY32, *PKERB_CRYPTO_KEY32;
typedef struct _KERB_TICKET_PROFILE { typedef struct _KERB_TICKET_PROFILE {
KERB_INTERACTIVE_PROFILE Profile; KERB_INTERACTIVE_PROFILE Profile;
KERB_CRYPTO_KEY SessionKey; KERB_CRYPTO_KEY SessionKey;
} KERB_TICKET_PROFILE, *PKERB_TICKET_PROFILE; } KERB_TICKET_PROFILE, *PKERB_TICKET_PROFILE;
typedef enum _KERB_PROTOCOL_MESSAGE_TYPE { typedef enum _KERB_PROTOCOL_MESSAGE_TYPE {
KerbDebugRequestMessage = 0, KerbDebugRequestMessage = 0,
KerbQueryTicketCacheMessage, KerbQueryTicketCacheMessage,
KerbChangeMachinePasswordMessage, KerbChangeMachinePasswordMessage,
KerbVerifyPacMessage, KerbVerifyPacMessage,
KerbRetrieveTicketMessage, KerbRetrieveTicketMessage,
KerbUpdateAddressesMessage, KerbUpdateAddressesMessage,
KerbPurgeTicketCacheMessage, KerbPurgeTicketCacheMessage,
KerbChangePasswordMessage, KerbChangePasswordMessage,
KerbRetrieveEncodedTicketMessage, KerbRetrieveEncodedTicketMessage,
KerbDecryptDataMessage, KerbDecryptDataMessage,
KerbAddBindingCacheEntryMessage, KerbAddBindingCacheEntryMessage,
KerbSetPasswordMessage, KerbSetPasswordMessage,
KerbSetPasswordExMessage, KerbSetPasswordExMessage,
#if (_WIN32_WINNT == 0x0500)
KerbAddExtraCredentialsMessage = 17
#endif
#if (_WIN32_WINNT >= 0x0501)
KerbVerifyCredentialsMessage, KerbVerifyCredentialsMessage,
KerbQueryTicketCacheExMessage, KerbQueryTicketCacheExMessage,
KerbPurgeTicketCacheExMessage, KerbPurgeTicketCacheExMessage,
#endif
#if (_WIN32_WINNT >= 0x0502)
KerbRefreshSmartcardCredentialsMessage, KerbRefreshSmartcardCredentialsMessage,
KerbAddExtraCredentialsMessage, KerbAddExtraCredentialsMessage,
KerbQuerySupplementalCredentialsMessage, KerbQuerySupplementalCredentialsMessage,
#endif
#if (_WIN32_WINNT >= 0x0600)
KerbTransferCredentialsMessage, KerbTransferCredentialsMessage,
KerbQueryTicketCacheEx2Message, KerbQueryTicketCacheEx2Message,
KerbSubmitTicketMessage,
#endif
} KERB_PROTOCOL_MESSAGE_TYPE, *PKERB_PROTOCOL_MESSAGE_TYPE; } KERB_PROTOCOL_MESSAGE_TYPE, *PKERB_PROTOCOL_MESSAGE_TYPE;
// //
// Used both for retrieving tickets and for querying ticket cache // Used both for retrieving tickets and for querying ticket cache
// //
typedef struct _KERB_QUERY_TKT_CACHE_REQUEST { typedef struct _KERB_QUERY_TKT_CACHE_REQUEST {
KERB_PROTOCOL_MESSAGE_TYPE MessageType; KERB_PROTOCOL_MESSAGE_TYPE MessageType;
LUID LogonId; LUID LogonId;
} KERB_QUERY_TKT_CACHE_REQUEST, *PKERB_QUERY_TKT_CACHE_REQUEST; } KERB_QUERY_TKT_CACHE_REQUEST, *PKERB_QUERY_TKT_CACHE_REQUEST;
skipping to change at line 2870 skipping to change at line 4092
typedef struct _KERB_TICKET_CACHE_INFO { typedef struct _KERB_TICKET_CACHE_INFO {
UNICODE_STRING ServerName; UNICODE_STRING ServerName;
UNICODE_STRING RealmName; UNICODE_STRING RealmName;
LARGE_INTEGER StartTime; LARGE_INTEGER StartTime;
LARGE_INTEGER EndTime; LARGE_INTEGER EndTime;
LARGE_INTEGER RenewTime; LARGE_INTEGER RenewTime;
LONG EncryptionType; LONG EncryptionType;
ULONG TicketFlags; ULONG TicketFlags;
} KERB_TICKET_CACHE_INFO, *PKERB_TICKET_CACHE_INFO; } KERB_TICKET_CACHE_INFO, *PKERB_TICKET_CACHE_INFO;
#if (_WIN32_WINNT >= 0x0501)
typedef struct _KERB_TICKET_CACHE_INFO_EX { typedef struct _KERB_TICKET_CACHE_INFO_EX {
UNICODE_STRING ClientName; UNICODE_STRING ClientName;
UNICODE_STRING ClientRealm; UNICODE_STRING ClientRealm;
UNICODE_STRING ServerName; UNICODE_STRING ServerName;
UNICODE_STRING ServerRealm; UNICODE_STRING ServerRealm;
LARGE_INTEGER StartTime; LARGE_INTEGER StartTime;
LARGE_INTEGER EndTime; LARGE_INTEGER EndTime;
LARGE_INTEGER RenewTime; LARGE_INTEGER RenewTime;
LONG EncryptionType; LONG EncryptionType;
ULONG TicketFlags; ULONG TicketFlags;
} KERB_TICKET_CACHE_INFO_EX, *PKERB_TICKET_CACHE_INFO_EX; } KERB_TICKET_CACHE_INFO_EX, *PKERB_TICKET_CACHE_INFO_EX;
#endif
typedef struct _KERB_TICKET_CACHE_INFO_EX2 { typedef struct _KERB_TICKET_CACHE_INFO_EX2 {
UNICODE_STRING ClientName; UNICODE_STRING ClientName;
UNICODE_STRING ClientRealm; UNICODE_STRING ClientRealm;
UNICODE_STRING ServerName; UNICODE_STRING ServerName;
UNICODE_STRING ServerRealm; UNICODE_STRING ServerRealm;
LARGE_INTEGER StartTime; LARGE_INTEGER StartTime;
LARGE_INTEGER EndTime; LARGE_INTEGER EndTime;
LARGE_INTEGER RenewTime; LARGE_INTEGER RenewTime;
LONG EncryptionType; LONG EncryptionType;
skipping to change at line 2896 skipping to change at line 4120
UNICODE_STRING ServerRealm; UNICODE_STRING ServerRealm;
LARGE_INTEGER StartTime; LARGE_INTEGER StartTime;
LARGE_INTEGER EndTime; LARGE_INTEGER EndTime;
LARGE_INTEGER RenewTime; LARGE_INTEGER RenewTime;
LONG EncryptionType; LONG EncryptionType;
ULONG TicketFlags; ULONG TicketFlags;
// //
// the following are new in KERB_TICKET_CACHE_INFO_EX2 // the following are new in KERB_TICKET_CACHE_INFO_EX2
// //
ULONG SessionKeyType; ULONG SessionKeyType;
ULONG BranchId;
} KERB_TICKET_CACHE_INFO_EX2, *PKERB_TICKET_CACHE_INFO_EX2; } KERB_TICKET_CACHE_INFO_EX2, *PKERB_TICKET_CACHE_INFO_EX2;
typedef struct _KERB_QUERY_TKT_CACHE_RESPONSE { typedef struct _KERB_QUERY_TKT_CACHE_RESPONSE {
KERB_PROTOCOL_MESSAGE_TYPE MessageType; KERB_PROTOCOL_MESSAGE_TYPE MessageType;
ULONG CountOfTickets; ULONG CountOfTickets;
KERB_TICKET_CACHE_INFO Tickets[ANYSIZE_ARRAY]; KERB_TICKET_CACHE_INFO Tickets[ANYSIZE_ARRAY];
} KERB_QUERY_TKT_CACHE_RESPONSE, *PKERB_QUERY_TKT_CACHE_RESPONSE; } KERB_QUERY_TKT_CACHE_RESPONSE, *PKERB_QUERY_TKT_CACHE_RESPONSE;
#if (_WIN32_WINNT >= 0x0502)
typedef struct _KERB_QUERY_TKT_CACHE_EX_RESPONSE { typedef struct _KERB_QUERY_TKT_CACHE_EX_RESPONSE {
KERB_PROTOCOL_MESSAGE_TYPE MessageType; KERB_PROTOCOL_MESSAGE_TYPE MessageType;
ULONG CountOfTickets; ULONG CountOfTickets;
KERB_TICKET_CACHE_INFO_EX Tickets[ANYSIZE_ARRAY]; KERB_TICKET_CACHE_INFO_EX Tickets[ANYSIZE_ARRAY];
} KERB_QUERY_TKT_CACHE_EX_RESPONSE, *PKERB_QUERY_TKT_CACHE_EX_RESPONSE; } KERB_QUERY_TKT_CACHE_EX_RESPONSE, *PKERB_QUERY_TKT_CACHE_EX_RESPONSE;
#endif
typedef struct _KERB_QUERY_TKT_CACHE_EX2_RESPONSE { typedef struct _KERB_QUERY_TKT_CACHE_EX2_RESPONSE {
KERB_PROTOCOL_MESSAGE_TYPE MessageType; KERB_PROTOCOL_MESSAGE_TYPE MessageType;
ULONG CountOfTickets; ULONG CountOfTickets;
KERB_TICKET_CACHE_INFO_EX2 Tickets[ANYSIZE_ARRAY]; KERB_TICKET_CACHE_INFO_EX2 Tickets[ANYSIZE_ARRAY];
} KERB_QUERY_TKT_CACHE_EX2_RESPONSE, *PKERB_QUERY_TKT_CACHE_EX2_RESPONSE; } KERB_QUERY_TKT_CACHE_EX2_RESPONSE, *PKERB_QUERY_TKT_CACHE_EX2_RESPONSE;
// //
// Types for retrieving encoded ticket from the cache // Types for retrieving encoded ticket from the cache
// //
skipping to change at line 2932 skipping to change at line 4158
#ifndef __SECHANDLE_DEFINED__ #ifndef __SECHANDLE_DEFINED__
typedef struct _SecHandle typedef struct _SecHandle
{ {
ULONG_PTR dwLower ; ULONG_PTR dwLower ;
ULONG_PTR dwUpper ; ULONG_PTR dwUpper ;
} SecHandle, * PSecHandle ; } SecHandle, * PSecHandle ;
#define __SECHANDLE_DEFINED__ #define __SECHANDLE_DEFINED__
#endif // __SECHANDLE_DEFINED__ #endif // __SECHANDLE_DEFINED__
#if (_WIN32_WINNT >= 0x0501)
// Ticket Flags // Ticket Flags
#define KERB_USE_DEFAULT_TICKET_FLAGS 0x0 #define KERB_USE_DEFAULT_TICKET_FLAGS 0x0
// CacheOptions // CacheOptions
#define KERB_RETRIEVE_TICKET_DEFAULT 0x0 #define KERB_RETRIEVE_TICKET_DEFAULT 0x0
#endif
#define KERB_RETRIEVE_TICKET_DONT_USE_CACHE 0x1 #define KERB_RETRIEVE_TICKET_DONT_USE_CACHE 0x1
#define KERB_RETRIEVE_TICKET_USE_CACHE_ONLY 0x2 #define KERB_RETRIEVE_TICKET_USE_CACHE_ONLY 0x2
#define KERB_RETRIEVE_TICKET_USE_CREDHANDLE 0x4 #define KERB_RETRIEVE_TICKET_USE_CREDHANDLE 0x4
#if (_WIN32_WINNT >= 0x0501)
#define KERB_RETRIEVE_TICKET_AS_KERB_CRED 0x8 #define KERB_RETRIEVE_TICKET_AS_KERB_CRED 0x8
#define KERB_RETRIEVE_TICKET_WITH_SEC_CRED 0x10 #define KERB_RETRIEVE_TICKET_WITH_SEC_CRED 0x10
#endif
#if (_WIN32_WINNT >= 0x0600)
#define KERB_RETRIEVE_TICKET_CACHE_TICKET 0x20 #define KERB_RETRIEVE_TICKET_CACHE_TICKET 0x20
#endif
#if (_WIN32_WINNT >= 0x0501)
// Encryption Type options // Encryption Type options
#define KERB_ETYPE_DEFAULT 0x0 // don't specify etype in tkt req. #define KERB_ETYPE_DEFAULT 0x0 // don't specify etype in tkt req.
typedef struct _KERB_AUTH_DATA { typedef struct _KERB_AUTH_DATA {
ULONG Type; ULONG Type;
ULONG Length; ULONG Length;
PUCHAR Data; PUCHAR Data;
} KERB_AUTH_DATA, *PKERB_AUTH_DATA; } KERB_AUTH_DATA, *PKERB_AUTH_DATA;
typedef struct _KERB_NET_ADDRESS { typedef struct _KERB_NET_ADDRESS {
ULONG Family; ULONG Family;
ULONG Length; ULONG Length;
PCHAR Address; PCHAR Address;
} KERB_NET_ADDRESS, *PKERB_NET_ADDRESS; } KERB_NET_ADDRESS, *PKERB_NET_ADDRESS;
typedef struct _KERB_NET_ADDRESSES { typedef struct _KERB_NET_ADDRESSES {
ULONG Number; ULONG Number;
KERB_NET_ADDRESS Addresses[ANYSIZE_ARRAY]; KERB_NET_ADDRESS Addresses[ANYSIZE_ARRAY];
} KERB_NET_ADDRESSES, *PKERB_NET_ADDRESSES; } KERB_NET_ADDRESSES, *PKERB_NET_ADDRESSES;
#endif
// //
// Types for the information about a ticket // Types for the information about a ticket
// //
typedef struct _KERB_EXTERNAL_NAME { typedef struct _KERB_EXTERNAL_NAME {
SHORT NameType; SHORT NameType;
USHORT NameCount; USHORT NameCount;
UNICODE_STRING Names[ANYSIZE_ARRAY]; UNICODE_STRING Names[ANYSIZE_ARRAY];
} KERB_EXTERNAL_NAME, *PKERB_EXTERNAL_NAME; } KERB_EXTERNAL_NAME, *PKERB_EXTERNAL_NAME;
skipping to change at line 3018 skipping to change at line 4252
// Used to purge entries from the ticket cache // Used to purge entries from the ticket cache
// //
typedef struct _KERB_PURGE_TKT_CACHE_REQUEST { typedef struct _KERB_PURGE_TKT_CACHE_REQUEST {
KERB_PROTOCOL_MESSAGE_TYPE MessageType; KERB_PROTOCOL_MESSAGE_TYPE MessageType;
LUID LogonId; LUID LogonId;
UNICODE_STRING ServerName; UNICODE_STRING ServerName;
UNICODE_STRING RealmName; UNICODE_STRING RealmName;
} KERB_PURGE_TKT_CACHE_REQUEST, *PKERB_PURGE_TKT_CACHE_REQUEST; } KERB_PURGE_TKT_CACHE_REQUEST, *PKERB_PURGE_TKT_CACHE_REQUEST;
#if (_WIN32_WINNT >= 0x0501)
// //
// Flags for purge requests // Flags for purge requests
// //
#define KERB_PURGE_ALL_TICKETS 1 #define KERB_PURGE_ALL_TICKETS 1
typedef struct _KERB_PURGE_TKT_CACHE_EX_REQUEST { typedef struct _KERB_PURGE_TKT_CACHE_EX_REQUEST {
KERB_PROTOCOL_MESSAGE_TYPE MessageType; KERB_PROTOCOL_MESSAGE_TYPE MessageType;
LUID LogonId; LUID LogonId;
ULONG Flags; ULONG Flags;
KERB_TICKET_CACHE_INFO_EX TicketTemplate; KERB_TICKET_CACHE_INFO_EX TicketTemplate;
} KERB_PURGE_TKT_CACHE_EX_REQUEST, *PKERB_PURGE_TKT_CACHE_EX_REQUEST; } KERB_PURGE_TKT_CACHE_EX_REQUEST, *PKERB_PURGE_TKT_CACHE_EX_REQUEST;
#endif
typedef struct _KERB_SUBMIT_TKT_REQUEST {
KERB_PROTOCOL_MESSAGE_TYPE MessageType;
LUID LogonId;
ULONG Flags;
KERB_CRYPTO_KEY32 Key; // key to decrypt KERB_CRED
ULONG KerbCredSize;
ULONG KerbCredOffset;
} KERB_SUBMIT_TKT_REQUEST, *PKERB_SUBMIT_TKT_REQUEST;
// //
// KerbChangePassword // KerbChangePassword
// //
// KerbChangePassword changes the password on the KDC account plus // KerbChangePassword changes the password on the KDC account plus
// the password cache and logon credentials if applicable. // the password cache and logon credentials if applicable.
// //
// //
typedef struct _KERB_CHANGEPASSWORD_REQUEST { typedef struct _KERB_CHANGEPASSWORD_REQUEST {
skipping to change at line 3120 skipping to change at line 4365
// is required for this operation. // is required for this operation.
// //
typedef struct _KERB_ADD_BINDING_CACHE_ENTRY_REQUEST { typedef struct _KERB_ADD_BINDING_CACHE_ENTRY_REQUEST {
KERB_PROTOCOL_MESSAGE_TYPE MessageType; KERB_PROTOCOL_MESSAGE_TYPE MessageType;
UNICODE_STRING RealmName; UNICODE_STRING RealmName;
UNICODE_STRING KdcAddress; UNICODE_STRING KdcAddress;
ULONG AddressType; //dsgetdc.h DS_NETBIOS_ADDRESS||DS_INET_ ADDRESS ULONG AddressType; //dsgetdc.h DS_NETBIOS_ADDRESS||DS_INET_ ADDRESS
} KERB_ADD_BINDING_CACHE_ENTRY_REQUEST, *PKERB_ADD_BINDING_CACHE_ENTRY_REQUEST; } KERB_ADD_BINDING_CACHE_ENTRY_REQUEST, *PKERB_ADD_BINDING_CACHE_ENTRY_REQUEST;
#if (_WIN32_WINNT >= 0x0502)
// //
// Request structure for reacquiring smartcard credentials for a // Request structure for reacquiring smartcard credentials for a
// given LUID. // given LUID.
// Requires TCB. // Requires TCB.
// //
typedef struct _KERB_REFRESH_SCCRED_REQUEST { typedef struct _KERB_REFRESH_SCCRED_REQUEST {
KERB_PROTOCOL_MESSAGE_TYPE MessageType; KERB_PROTOCOL_MESSAGE_TYPE MessageType;
UNICODE_STRING CredentialBlob; // optional UNICODE_STRING CredentialBlob; // optional
LUID LogonId; LUID LogonId;
ULONG Flags; ULONG Flags;
skipping to change at line 3142 skipping to change at line 4388
// //
// Flags for KERB_REFRESH_SCCRED_REQUEST // Flags for KERB_REFRESH_SCCRED_REQUEST
// //
// KERB_REFRESH_SCCRED_RELEASE // KERB_REFRESH_SCCRED_RELEASE
// Release the smartcard handle for LUID // Release the smartcard handle for LUID
// //
// KERB_REFRESH_SCCRED_GETTGT // KERB_REFRESH_SCCRED_GETTGT
// Use the certificate hash in the blob to get a TGT for the logon // Use the certificate hash in the blob to get a TGT for the logon
// session. // session.
// //
#define KERB_REFRESH_SCCRED_RELEASE 0x0 #define KERB_REFRESH_SCCRED_RELEASE 0x0
#define KERB_REFRESH_SCCRED_GETTGT 0x1 #define KERB_REFRESH_SCCRED_GETTGT 0x1
#endif
#if (_WIN32_WINNT != 0x0501)
// //
// Request structure for adding extra Server credentials to a given // Request structure for adding extra Server credentials to a given
// logon session. Only applicable during AcceptSecurityContext, and // logon session. Only applicable during AcceptSecurityContext, and
// requires TCB to alter "other" creds // requires TCB to alter "other" creds
// //
typedef struct _KERB_ADD_CREDENTIALS_REQUEST { typedef struct _KERB_ADD_CREDENTIALS_REQUEST {
KERB_PROTOCOL_MESSAGE_TYPE MessageType; KERB_PROTOCOL_MESSAGE_TYPE MessageType;
UNICODE_STRING UserName; UNICODE_STRING UserName;
UNICODE_STRING DomainName; UNICODE_STRING DomainName;
UNICODE_STRING Password; UNICODE_STRING Password;
LUID LogonId; // optional LUID LogonId; // optional
ULONG Flags; ULONG Flags;
} KERB_ADD_CREDENTIALS_REQUEST, *PKERB_ADD_CREDENTIALS_REQUEST; } KERB_ADD_CREDENTIALS_REQUEST, *PKERB_ADD_CREDENTIALS_REQUEST;
#define KERB_REQUEST_ADD_CREDENTIAL 1 #define KERB_REQUEST_ADD_CREDENTIAL 1
#define KERB_REQUEST_REPLACE_CREDENTIAL 2 #define KERB_REQUEST_REPLACE_CREDENTIAL 2
#define KERB_REQUEST_REMOVE_CREDENTIAL 4 #define KERB_REQUEST_REMOVE_CREDENTIAL 4
#endif
// //
// Request structure for transferring credentials between 2 luids. // Request structure for transferring credentials between 2 luids.
// Requires TCB. // Requires TCB.
// //
typedef struct _KERB_TRANSFER_CRED_REQUEST { typedef struct _KERB_TRANSFER_CRED_REQUEST {
KERB_PROTOCOL_MESSAGE_TYPE MessageType; KERB_PROTOCOL_MESSAGE_TYPE MessageType;
LUID OriginLogonId; LUID OriginLogonId;
LUID DestinationLogonId; LUID DestinationLogonId;
ULONG Flags; ULONG Flags;
} KERB_TRANSFER_CRED_REQUEST, *PKERB_TRANSFER_CRED_REQUEST; } KERB_TRANSFER_CRED_REQUEST, *PKERB_TRANSFER_CRED_REQUEST;
#define KERB_TRANSFER_CRED_WITH_TICKETS 0x1
typedef struct _POLICY_AUDIT_SID_ARRAY {
ULONG UsersCount;
#ifdef MIDL_PASS
[size_is(UsersCount)] PAUDIT_SID_RPC* UserSidArray;
#else
PSID* UserSidArray;
#endif
} POLICY_AUDIT_SID_ARRAY, *PPOLICY_AUDIT_SID_ARRAY;
typedef struct _AUDIT_POLICY_INFORMATION {
GUID AuditSubCategoryGuid;
ULONG AuditingInformation;
GUID AuditCategoryGuid;
} AUDIT_POLICY_INFORMATION, *PAUDIT_POLICY_INFORMATION;
typedef const PAUDIT_POLICY_INFORMATION PCAUDIT_POLICY_INFORMATION, LPCAUDIT_POL
ICY_INFORMATION;
#define AUDIT_SET_SYSTEM_POLICY (0x0001)
#define AUDIT_QUERY_SYSTEM_POLICY (0x0002)
#define AUDIT_SET_USER_POLICY (0x0004)
#define AUDIT_QUERY_USER_POLICY (0x0008)
#define AUDIT_ENUMERATE_USERS (0x0010)
#define AUDIT_SET_MISC_POLICY (0x0020)
#define AUDIT_QUERY_MISC_POLICY (0x0040)
#define AUDIT_GENERIC_ALL (STANDARD_RIGHTS_REQUIRED |\
AUDIT_SET_SYSTEM_POLICY |\
AUDIT_QUERY_SYSTEM_POLICY |\
AUDIT_SET_USER_POLICY |\
AUDIT_QUERY_USER_POLICY |\
AUDIT_ENUMERATE_USERS |\
AUDIT_SET_MISC_POLICY |\
AUDIT_QUERY_MISC_POLICY)
#define AUDIT_GENERIC_READ (STANDARD_RIGHTS_READ |\
AUDIT_QUERY_SYSTEM_POLICY |\
AUDIT_QUERY_USER_POLICY |\
AUDIT_ENUMERATE_USERS |\
AUDIT_QUERY_MISC_POLICY)
#define AUDIT_GENERIC_WRITE (STANDARD_RIGHTS_WRITE |\
AUDIT_SET_USER_POLICY |\
AUDIT_SET_MISC_POLICY |\
AUDIT_SET_SYSTEM_POLICY)
#define AUDIT_GENERIC_EXECUTE (STANDARD_RIGHTS_EXECUTE)
BOOLEAN
NTAPI
AuditSetSystemPolicy(
__in_ecount(PolicyCount) PCAUDIT_POLICY_INFORMATION pAuditPolicy,
__in ULONG PolicyCount
);
BOOLEAN
NTAPI
AuditSetPerUserPolicy(
__in const PSID pSid,
__in_ecount(PolicyCount) PCAUDIT_POLICY_INFORMATION pAuditPolicy,
__in ULONG PolicyCount
);
BOOLEAN
NTAPI
AuditQuerySystemPolicy(
__in_ecount(PolicyCount) const GUID* pSubCategoryGuids,
__in ULONG PolicyCount,
__deref_out_ecount(PolicyCount) PAUDIT_POLICY_INFORMATION* ppAuditPolicy
);
BOOLEAN
NTAPI
AuditQueryPerUserPolicy(
__in const PSID pSid,
__in_ecount(PolicyCount) const GUID* pSubCategoryGuids,
__in ULONG PolicyCount,
__deref_out_ecount(PolicyCount) PAUDIT_POLICY_INFORMATION* ppAuditPolicy
);
BOOLEAN
NTAPI
AuditEnumeratePerUserPolicy(
__out PPOLICY_AUDIT_SID_ARRAY* ppAuditSidArray
);
BOOLEAN
NTAPI
AuditComputeEffectivePolicyBySid(
__in const PSID pSid,
__in_ecount(PolicyCount) const GUID* pSubCategoryGuids,
__in ULONG PolicyCount,
__deref_out_ecount(PolicyCount) PAUDIT_POLICY_INFORMATION* ppAuditPolicy
);
BOOLEAN
NTAPI
AuditComputeEffectivePolicyByToken(
__in HANDLE hTokenHandle,
__in_ecount(PolicyCount) const GUID* pSubCategoryGuids,
__in ULONG PolicyCount,
__deref_out_ecount(PolicyCount) PAUDIT_POLICY_INFORMATION* ppAuditPolicy
);
BOOLEAN
NTAPI
AuditEnumerateCategories(
__deref_out_ecount(*pCountReturned) GUID** ppAuditCategoriesArray,
__out PULONG pCountReturned
);
BOOLEAN
NTAPI
AuditEnumerateSubCategories(
__in_opt const GUID* pAuditCategoryGuid,
__in BOOLEAN bRetrieveAllSubCategories,
__deref_out_ecount(*pCountReturned) GUID** ppAuditSubCategoriesArray,
__out PULONG pCountReturned
);
BOOLEAN
NTAPI
AuditLookupCategoryNameW(
__in const GUID* pAuditCategoryGuid,
__deref_out PWSTR* ppszCategoryName
);
BOOLEAN
NTAPI
AuditLookupCategoryNameA(
__in const GUID* pAuditCategoryGuid,
__deref_out PSTR* ppszCategoryName
);
#ifdef UNICODE
#define AuditLookupCategoryName AuditLookupCategoryNameW
#else
#define AuditLookupCategoryName AuditLookupCategoryNameA
#endif
BOOLEAN
NTAPI
AuditLookupSubCategoryNameW(
__in const GUID* pAuditSubCategoryGuid,
__deref_out PWSTR* ppszSubCategoryName
);
BOOLEAN
NTAPI
AuditLookupSubCategoryNameA(
__in const GUID* pAuditSubCategoryGuid,
__deref_out PSTR* ppszSubCategoryName
);
#ifdef UNICODE
#define AuditLookupSubCategoryName AuditLookupSubCategoryNameW
#else
#define AuditLookupSubCategoryName AuditLookupSubCategoryNameA
#endif
BOOLEAN
NTAPI
AuditLookupCategoryIdFromCategoryGuid(
__in const GUID* pAuditCategoryGuid,
__out PPOLICY_AUDIT_EVENT_TYPE pAuditCategoryId
);
BOOLEAN
NTAPI
AuditLookupCategoryGuidFromCategoryId(
__in POLICY_AUDIT_EVENT_TYPE AuditCategoryId,
__out GUID* pAuditCategoryGuid
);
BOOLEAN
NTAPI
AuditSetSecurity(
__in SECURITY_INFORMATION SecurityInformation,
__in PSECURITY_DESCRIPTOR pSecurityDescriptor
);
BOOLEAN
NTAPI
AuditQuerySecurity(
__in SECURITY_INFORMATION SecurityInformation,
__deref_out PSECURITY_DESCRIPTOR *ppSecurityDescriptor
);
VOID
NTAPI
AuditFree(
__in PVOID Buffer
);
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
#endif /* _NTSECAPI_ */ #endif /* _NTSECAPI_ */
 End of changes. 129 change blocks. 
73 lines changed or deleted 1567 lines changed or added


 secext.h (5.2.3790.3959-Windows 5.0)   secext.h (6.0.6002.18005-Windows 6.0) 
skipping to change at line 14 skipping to change at line 14
// //
// Copyright (c) Microsoft Corporation 1991-1999 // Copyright (c) Microsoft Corporation 1991-1999
// //
// File: secext.h // File: secext.h
// //
// Contents: Security function prototypes for functions not part of // Contents: Security function prototypes for functions not part of
// the SSPI interface. This file should not be directly // the SSPI interface. This file should not be directly
// included - include security.h instead. // included - include security.h instead.
// //
// //
// History: 22 Dec 92 RichardW Created
// //
//------------------------------------------------------------------------ //------------------------------------------------------------------------
#ifndef __SECEXT_H__ #ifndef __SECEXT_H__
#define __SECEXT_H__ #define __SECEXT_H__
#if _MSC_VER > 1000 #if _MSC_VER > 1000
#pragma once #pragma once
#endif #endif
#ifdef __cplusplus #ifdef __cplusplus
skipping to change at line 105 skipping to change at line 104
// DNS domain name + SAM username // DNS domain name + SAM username
// eg: engineering.widget.com\JohnDoe // eg: engineering.widget.com\JohnDoe
NameDnsDomain = 12 NameDnsDomain = 12
} EXTENDED_NAME_FORMAT, * PEXTENDED_NAME_FORMAT ; } EXTENDED_NAME_FORMAT, * PEXTENDED_NAME_FORMAT ;
BOOLEAN BOOLEAN
SEC_ENTRY SEC_ENTRY
GetUserNameExA( GetUserNameExA(
EXTENDED_NAME_FORMAT NameFormat, __in EXTENDED_NAME_FORMAT NameFormat,
LPSTR lpNameBuffer, __out_ecount(*nSize) LPSTR lpNameBuffer,
PULONG nSize __inout PULONG nSize
); );
BOOLEAN BOOLEAN
SEC_ENTRY SEC_ENTRY
GetUserNameExW( GetUserNameExW(
EXTENDED_NAME_FORMAT NameFormat, __in EXTENDED_NAME_FORMAT NameFormat,
LPWSTR lpNameBuffer, __out_ecount_opt(*nSize) LPWSTR lpNameBuffer,
PULONG nSize __inout PULONG nSize
); );
#ifdef UNICODE #ifdef UNICODE
#define GetUserNameEx GetUserNameExW #define GetUserNameEx GetUserNameExW
#else #else
#define GetUserNameEx GetUserNameExA #define GetUserNameEx GetUserNameExA
#endif #endif
BOOLEAN BOOLEAN
SEC_ENTRY SEC_ENTRY
GetComputerObjectNameA( GetComputerObjectNameA(
EXTENDED_NAME_FORMAT NameFormat, __in EXTENDED_NAME_FORMAT NameFormat,
LPSTR lpNameBuffer, __out_ecount(*nSize) LPSTR lpNameBuffer,
PULONG nSize __inout PULONG nSize
); );
BOOLEAN BOOLEAN
SEC_ENTRY SEC_ENTRY
GetComputerObjectNameW( GetComputerObjectNameW(
EXTENDED_NAME_FORMAT NameFormat, __in EXTENDED_NAME_FORMAT NameFormat,
LPWSTR lpNameBuffer, __out_ecount(*nSize) LPWSTR lpNameBuffer,
PULONG nSize __inout PULONG nSize
); );
#ifdef UNICODE #ifdef UNICODE
#define GetComputerObjectName GetComputerObjectNameW #define GetComputerObjectName GetComputerObjectNameW
#else #else
#define GetComputerObjectName GetComputerObjectNameA #define GetComputerObjectName GetComputerObjectNameA
#endif #endif
BOOLEAN BOOLEAN
SEC_ENTRY SEC_ENTRY
TranslateNameA( TranslateNameA(
LPCSTR lpAccountName, __in LPCSTR lpAccountName,
EXTENDED_NAME_FORMAT AccountNameFormat, __in EXTENDED_NAME_FORMAT AccountNameFormat,
EXTENDED_NAME_FORMAT DesiredNameFormat, __in EXTENDED_NAME_FORMAT DesiredNameFormat,
LPSTR lpTranslatedName, __out_ecount(*nSize) LPSTR lpTranslatedName,
PULONG nSize __inout PULONG nSize
); );
BOOLEAN BOOLEAN
SEC_ENTRY SEC_ENTRY
TranslateNameW( TranslateNameW(
LPCWSTR lpAccountName, __in LPCWSTR lpAccountName,
EXTENDED_NAME_FORMAT AccountNameFormat, __in EXTENDED_NAME_FORMAT AccountNameFormat,
EXTENDED_NAME_FORMAT DesiredNameFormat, __in EXTENDED_NAME_FORMAT DesiredNameFormat,
LPWSTR lpTranslatedName, __out_ecount(*nSize) LPWSTR lpTranslatedName,
PULONG nSize __inout PULONG nSize
); );
#ifdef UNICODE #ifdef UNICODE
#define TranslateName TranslateNameW #define TranslateName TranslateNameW
#else #else
#define TranslateName TranslateNameA #define TranslateName TranslateNameA
#endif #endif
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
 End of changes. 7 change blocks. 
23 lines changed or deleted 22 lines changed or added


 sspi.h (5.2.3790.3959-Windows 5.0)   sspi.h (6.0.6002.18005-Windows 6.0) 
skipping to change at line 13 skipping to change at line 13
// Microsoft Windows // Microsoft Windows
// Copyright (C) Microsoft Corporation, 1992-1999. // Copyright (C) Microsoft Corporation, 1992-1999.
// //
// File: sspi.h // File: sspi.h
// //
// Contents: Security Support Provider Interface // Contents: Security Support Provider Interface
// Prototypes and structure definitions // Prototypes and structure definitions
// //
// Functions: Security Support Provider API // Functions: Security Support Provider API
// //
// History: 11-24-93 RichardW Created
// //
//---------------------------------------------------------------------------- //----------------------------------------------------------------------------
#include <sdkddkver.h>
// begin_ntifs // begin_ntifs
#ifndef __SSPI_H__ #ifndef __SSPI_H__
#define __SSPI_H__ #define __SSPI_H__
// end_ntifs // end_ntifs
#if _MSC_VER > 1000 #if _MSC_VER > 1000
#pragma once #pragma once
#endif #endif
#ifdef __cplusplus #ifdef __cplusplus
skipping to change at line 97 skipping to change at line 98
#define SEC_FAR #define SEC_FAR
#define SEC_ENTRY __stdcall #define SEC_ENTRY __stdcall
// end_ntifs // end_ntifs
// //
// Decide what a string - 32 bits only since for 16 bits it is clear. // Decide what a string - 32 bits only since for 16 bits it is clear.
// //
#ifdef UNICODE #ifdef UNICODE
typedef SEC_WCHAR SEC_FAR * SECURITY_PSTR; typedef SEC_WCHAR * SECURITY_PSTR;
typedef CONST SEC_WCHAR SEC_FAR * SECURITY_PCSTR; typedef CONST SEC_WCHAR * SECURITY_PCSTR;
#else // UNICODE #else // UNICODE
typedef SEC_CHAR SEC_FAR * SECURITY_PSTR; typedef SEC_CHAR * SECURITY_PSTR;
typedef CONST SEC_CHAR SEC_FAR * SECURITY_PCSTR; typedef CONST SEC_CHAR * SECURITY_PCSTR;
#endif // UNICODE #endif // UNICODE
// //
// Equivalent string for rpcrt: // Equivalent string for rpcrt:
// //
#define __SEC_FAR SEC_FAR #define __SEC_FAR SEC_FAR
// //
// Okay, security specific types: // Okay, security specific types:
skipping to change at line 127 skipping to change at line 128
typedef struct _SecHandle typedef struct _SecHandle
{ {
ULONG_PTR dwLower ; ULONG_PTR dwLower ;
ULONG_PTR dwUpper ; ULONG_PTR dwUpper ;
} SecHandle, * PSecHandle ; } SecHandle, * PSecHandle ;
#define __SECHANDLE_DEFINED__ #define __SECHANDLE_DEFINED__
#endif // __SECHANDLE_DEFINED__ #endif // __SECHANDLE_DEFINED__
#define SecInvalidateHandle( x ) \ #define SecInvalidateHandle( x ) \
((PSecHandle) x)->dwLower = ((ULONG_PTR) ((INT_PTR)-1)) ; \ ((PSecHandle) (x))->dwLower = ((PSecHandle) (x))->dwUpper = ((ULONG_
((PSecHandle) x)->dwUpper = ((ULONG_PTR) ((INT_PTR)-1)) ; \ PTR) ((INT_PTR)-1)) ;
#define SecIsValidHandle( x ) \ #define SecIsValidHandle( x ) \
( ( ((PSecHandle) x)->dwLower != ((ULONG_PTR) ((INT_PTR) -1 ))) && \ ( ( ((PSecHandle) (x))->dwLower != ((ULONG_PTR) ((INT_PTR) -1 ))) &&
( ((PSecHandle) x)->dwUpper != ((ULONG_PTR) ((INT_PTR) -1 ))) ) \
( ((PSecHandle) (x))->dwUpper != ((ULONG_PTR) ((INT_PTR) -1 ))) )
//
// pseudo handle value: the handle has already been deleted
//
#define SEC_DELETED_HANDLE ((ULONG_PTR) (-2))
typedef SecHandle CredHandle; typedef SecHandle CredHandle;
typedef PSecHandle PCredHandle; typedef PSecHandle PCredHandle;
typedef SecHandle CtxtHandle; typedef SecHandle CtxtHandle;
typedef PSecHandle PCtxtHandle; typedef PSecHandle PCtxtHandle;
// end_ntifs // end_ntifs
# ifdef WIN32_CHICAGO # ifdef WIN32_CHICAGO
skipping to change at line 165 skipping to change at line 171
{ {
unsigned long LowPart; unsigned long LowPart;
long HighPart; long HighPart;
} SECURITY_INTEGER, *PSECURITY_INTEGER; } SECURITY_INTEGER, *PSECURITY_INTEGER;
# endif // _NTDEF_ || _WINNT_ # endif // _NTDEF_ || _WINNT_
# ifndef SECURITY_MAC # ifndef SECURITY_MAC
typedef SECURITY_INTEGER TimeStamp; // ntifs typedef SECURITY_INTEGER TimeStamp; // ntifs
typedef SECURITY_INTEGER SEC_FAR * PTimeStamp; // ntifs typedef SECURITY_INTEGER * PTimeStamp; // ntifs
# else // SECURITY_MAC # else // SECURITY_MAC
typedef unsigned long TimeStamp; typedef unsigned long TimeStamp;
typedef unsigned long * PTimeStamp; typedef unsigned long * PTimeStamp;
# endif // SECUIRT_MAC # endif // SECUIRT_MAC
// //
// If we are in 32 bit mode, define the SECURITY_STRING structure, // If we are in 32 bit mode, define the SECURITY_STRING structure,
// as a clone of the base UNICODE_STRING structure. This is used // as a clone of the base UNICODE_STRING structure. This is used
// internally in security components, an as the string interface // internally in security components, an as the string interface
skipping to change at line 209 skipping to change at line 215
typedef struct _SecPkgInfoW typedef struct _SecPkgInfoW
{ {
unsigned long fCapabilities; // Capability bitmask unsigned long fCapabilities; // Capability bitmask
unsigned short wVersion; // Version of driver unsigned short wVersion; // Version of driver
unsigned short wRPCID; // ID for RPC Runtime unsigned short wRPCID; // ID for RPC Runtime
unsigned long cbMaxToken; // Size of authentication token (max) unsigned long cbMaxToken; // Size of authentication token (max)
#ifdef MIDL_PASS #ifdef MIDL_PASS
[string] [string]
#endif #endif
SEC_WCHAR SEC_FAR * Name; // Text name SEC_WCHAR * Name; // Text name
#ifdef MIDL_PASS #ifdef MIDL_PASS
[string] [string]
#endif #endif
SEC_WCHAR SEC_FAR * Comment; // Comment SEC_WCHAR * Comment; // Comment
} SecPkgInfoW, SEC_FAR * PSecPkgInfoW; } SecPkgInfoW, * PSecPkgInfoW;
// end_ntifs // end_ntifs
typedef struct _SecPkgInfoA typedef struct _SecPkgInfoA
{ {
unsigned long fCapabilities; // Capability bitmask unsigned long fCapabilities; // Capability bitmask
unsigned short wVersion; // Version of driver unsigned short wVersion; // Version of driver
unsigned short wRPCID; // ID for RPC Runtime unsigned short wRPCID; // ID for RPC Runtime
unsigned long cbMaxToken; // Size of authentication token (max) unsigned long cbMaxToken; // Size of authentication token (max)
#ifdef MIDL_PASS #ifdef MIDL_PASS
[string] [string]
#endif #endif
SEC_CHAR SEC_FAR * Name; // Text name SEC_CHAR * Name; // Text name
#ifdef MIDL_PASS #ifdef MIDL_PASS
[string] [string]
#endif #endif
SEC_CHAR SEC_FAR * Comment; // Comment SEC_CHAR * Comment; // Comment
} SecPkgInfoA, SEC_FAR * PSecPkgInfoA; } SecPkgInfoA, * PSecPkgInfoA;
#ifdef UNICODE #ifdef UNICODE
# define SecPkgInfo SecPkgInfoW // ntifs # define SecPkgInfo SecPkgInfoW // ntifs
# define PSecPkgInfo PSecPkgInfoW // ntifs # define PSecPkgInfo PSecPkgInfoW // ntifs
#else #else
# define SecPkgInfo SecPkgInfoA # define SecPkgInfo SecPkgInfoA
# define PSecPkgInfo PSecPkgInfoA # define PSecPkgInfo PSecPkgInfoA
#endif // !UNICODE #endif // !UNICODE
// begin_ntifs // begin_ntifs
// //
// Security Package Capabilities // Security Package Capabilities
// //
#define SECPKG_FLAG_INTEGRITY 0x00000001 // Supports integrity #define SECPKG_FLAG_INTEGRITY 0x00000001 // Supports integrit
on messages y on messages
#define SECPKG_FLAG_PRIVACY 0x00000002 // Supports privacy ( #define SECPKG_FLAG_PRIVACY 0x00000002 // Supports privacy
confidentiality) (confidentiality)
#define SECPKG_FLAG_TOKEN_ONLY 0x00000004 // Only security toke #define SECPKG_FLAG_TOKEN_ONLY 0x00000004 // Only security tok
n needed en needed
#define SECPKG_FLAG_DATAGRAM 0x00000008 // Datagram RPC suppo #define SECPKG_FLAG_DATAGRAM 0x00000008 // Datagram RPC supp
rt ort
#define SECPKG_FLAG_CONNECTION 0x00000010 // Connection oriente #define SECPKG_FLAG_CONNECTION 0x00000010 // Connection orient
d RPC support ed RPC support
#define SECPKG_FLAG_MULTI_REQUIRED 0x00000020 // Full 3-leg require #define SECPKG_FLAG_MULTI_REQUIRED 0x00000020 // Full 3-leg requir
d for re-auth. ed for re-auth.
#define SECPKG_FLAG_CLIENT_ONLY 0x00000040 // Server side functi #define SECPKG_FLAG_CLIENT_ONLY 0x00000040 // Server side funct
onality not available ionality not available
#define SECPKG_FLAG_EXTENDED_ERROR 0x00000080 // Supports extended #define SECPKG_FLAG_EXTENDED_ERROR 0x00000080 // Supports extended
error msgs error msgs
#define SECPKG_FLAG_IMPERSONATION 0x00000100 // Supports impersona #define SECPKG_FLAG_IMPERSONATION 0x00000100 // Supports imperson
tion ation
#define SECPKG_FLAG_ACCEPT_WIN32_NAME 0x00000200 // Accepts Win32 name #define SECPKG_FLAG_ACCEPT_WIN32_NAME 0x00000200 // Accepts Win32 nam
s es
#define SECPKG_FLAG_STREAM 0x00000400 // Supports stream se #define SECPKG_FLAG_STREAM 0x00000400 // Supports stream s
mantics emantics
#define SECPKG_FLAG_NEGOTIABLE 0x00000800 // Can be used by the #define SECPKG_FLAG_NEGOTIABLE 0x00000800 // Can be used by th
negotiate package e negotiate package
#define SECPKG_FLAG_GSS_COMPATIBLE 0x00001000 // GSS Compatibility #define SECPKG_FLAG_GSS_COMPATIBLE 0x00001000 // GSS Compatibility
Available Available
#define SECPKG_FLAG_LOGON 0x00002000 // Supports common Ls #define SECPKG_FLAG_LOGON 0x00002000 // Supports common L
aLogonUser saLogonUser
#define SECPKG_FLAG_ASCII_BUFFERS 0x00004000 // Token Buffers are #define SECPKG_FLAG_ASCII_BUFFERS 0x00004000 // Token Buffers are
in ASCII in ASCII
#define SECPKG_FLAG_FRAGMENT 0x00008000 // Package can fragme #define SECPKG_FLAG_FRAGMENT 0x00008000 // Package can fragm
nt to fit ent to fit
#define SECPKG_FLAG_MUTUAL_AUTH 0x00010000 // Package can perfor #define SECPKG_FLAG_MUTUAL_AUTH 0x00010000 // Package can perfo
m mutual authentication rm mutual authentication
#define SECPKG_FLAG_DELEGATION 0x00020000 // Package can delega #define SECPKG_FLAG_DELEGATION 0x00020000 // Package can deleg
te ate
#define SECPKG_FLAG_READONLY_WITH_CHECKSUM 0x00040000 // Package can delega #define SECPKG_FLAG_READONLY_WITH_CHECKSUM 0x00040000 // Package can deleg
te ate
#define SECPKG_FLAG_RESTRICTED_TOKENS 0x00080000 // Package supports
restricted callers
#define SECPKG_ID_NONE 0xFFFF #define SECPKG_ID_NONE 0xFFFF
// //
// SecBuffer // SecBuffer
// //
// Generic memory descriptors for buffers passed in to the security // Generic memory descriptors for buffers passed in to the security
// API // API
// //
typedef struct _SecBuffer { typedef struct _SecBuffer {
unsigned long cbBuffer; // Size of the buffer, in bytes unsigned long cbBuffer; // Size of the buffer, in bytes
unsigned long BufferType; // Type of the buffer (below) unsigned long BufferType; // Type of the buffer (below)
void SEC_FAR * pvBuffer; // Pointer to the buffer __field_bcount(cbBuffer) void SEC_FAR * pvBuffer; // Pointer to t
} SecBuffer, SEC_FAR * PSecBuffer; he buffer
} SecBuffer, * PSecBuffer;
typedef struct _SecBufferDesc { typedef struct _SecBufferDesc {
unsigned long ulVersion; // Version number unsigned long ulVersion; // Version number
unsigned long cBuffers; // Number of buffers unsigned long cBuffers; // Number of buffers
#ifdef MIDL_PASS #ifdef MIDL_PASS
[size_is(cBuffers)] [size_is(cBuffers)]
#endif #endif
PSecBuffer pBuffers; // Pointer to array of buffers __field_ecount(cBuffers) PSecBuffer pBuffers; // Pointer to a rray of buffers
} SecBufferDesc, SEC_FAR * PSecBufferDesc; } SecBufferDesc, SEC_FAR * PSecBufferDesc;
#define SECBUFFER_VERSION 0 #define SECBUFFER_VERSION 0
#define SECBUFFER_EMPTY 0 // Undefined, replaced by provider #define SECBUFFER_EMPTY 0 // Undefined, replaced by provider
#define SECBUFFER_DATA 1 // Packet data #define SECBUFFER_DATA 1 // Packet data
#define SECBUFFER_TOKEN 2 // Security token #define SECBUFFER_TOKEN 2 // Security token
#define SECBUFFER_PKG_PARAMS 3 // Package specific parameters #define SECBUFFER_PKG_PARAMS 3 // Package specific parameters
#define SECBUFFER_MISSING 4 // Missing Data indicator #define SECBUFFER_MISSING 4 // Missing Data indicator
#define SECBUFFER_EXTRA 5 // Extra data #define SECBUFFER_EXTRA 5 // Extra data
#define SECBUFFER_STREAM_TRAILER 6 // Security Trailer #define SECBUFFER_STREAM_TRAILER 6 // Security Trailer
#define SECBUFFER_STREAM_HEADER 7 // Security Header #define SECBUFFER_STREAM_HEADER 7 // Security Header
#define SECBUFFER_NEGOTIATION_INFO 8 // Hints from the negotiation pkg #define SECBUFFER_NEGOTIATION_INFO 8 // Hints from the negotiation pkg
#define SECBUFFER_PADDING 9 // non-data padding #define SECBUFFER_PADDING 9 // non-data padding
#define SECBUFFER_STREAM 10 // whole encrypted message #define SECBUFFER_STREAM 10 // whole encrypted message
#define SECBUFFER_MECHLIST 11 #define SECBUFFER_MECHLIST 11
#define SECBUFFER_MECHLIST_SIGNATURE 12 #define SECBUFFER_MECHLIST_SIGNATURE 12
#define SECBUFFER_TARGET 13 #define SECBUFFER_TARGET 13 // obsolete
#define SECBUFFER_CHANNEL_BINDINGS 14 #define SECBUFFER_CHANNEL_BINDINGS 14
#define SECBUFFER_CHANGE_PASS_RESPONSE 15
#define SECBUFFER_ATTRMASK 0xF0000000 #define SECBUFFER_ATTRMASK 0xF0000000
#define SECBUFFER_READONLY 0x80000000 // Buffer is read-onl #define SECBUFFER_READONLY 0x80000000 // Buffer is read-on
y, no checksum ly, no checksum
#define SECBUFFER_READONLY_WITH_CHECKSUM 0x10000000 // Buffer is read-onl #define SECBUFFER_READONLY_WITH_CHECKSUM 0x10000000 // Buffer is read-on
y, and checksummed ly, and checksummed
#define SECBUFFER_RESERVED 0x60000000 // Flags reserved to #define SECBUFFER_RESERVED 0x60000000 // Flags reserved to
security system security system
typedef struct _SEC_NEGOTIATION_INFO { typedef struct _SEC_NEGOTIATION_INFO {
unsigned long Size; // Size of this structure unsigned long Size; // Size of this structure
unsigned long NameLength; // Length of name hint unsigned long NameLength; // Length of name hint
SEC_WCHAR SEC_FAR * Name; // Name hint SEC_WCHAR * Name; // Name hint
void SEC_FAR * Reserved; // Reserved void * Reserved; // Reserved
} SEC_NEGOTIATION_INFO, SEC_FAR * PSEC_NEGOTIATION_INFO ; } SEC_NEGOTIATION_INFO, * PSEC_NEGOTIATION_INFO ;
typedef struct _SEC_CHANNEL_BINDINGS { typedef struct _SEC_CHANNEL_BINDINGS {
unsigned long dwInitiatorAddrType; unsigned long dwInitiatorAddrType;
unsigned long cbInitiatorLength; unsigned long cbInitiatorLength;
unsigned long dwInitiatorOffset; unsigned long dwInitiatorOffset;
unsigned long dwAcceptorAddrType; unsigned long dwAcceptorAddrType;
unsigned long cbAcceptorLength; unsigned long cbAcceptorLength;
unsigned long dwAcceptorOffset; unsigned long dwAcceptorOffset;
unsigned long cbApplicationDataLength; unsigned long cbApplicationDataLength;
unsigned long dwApplicationDataOffset; unsigned long dwApplicationDataOffset;
} SEC_CHANNEL_BINDINGS, SEC_FAR * PSEC_CHANNEL_BINDINGS ; } SEC_CHANNEL_BINDINGS, * PSEC_CHANNEL_BINDINGS ;
// //
// Data Representation Constant: // Data Representation Constant:
// //
#define SECURITY_NATIVE_DREP 0x00000010 #define SECURITY_NATIVE_DREP 0x00000010
#define SECURITY_NETWORK_DREP 0x00000000 #define SECURITY_NETWORK_DREP 0x00000000
// //
// Credential Use Flags // Credential Use Flags
// //
skipping to change at line 375 skipping to change at line 383
#define ISC_REQ_CALL_LEVEL 0x00001000 #define ISC_REQ_CALL_LEVEL 0x00001000
#define ISC_REQ_FRAGMENT_SUPPLIED 0x00002000 #define ISC_REQ_FRAGMENT_SUPPLIED 0x00002000
#define ISC_REQ_EXTENDED_ERROR 0x00004000 #define ISC_REQ_EXTENDED_ERROR 0x00004000
#define ISC_REQ_STREAM 0x00008000 #define ISC_REQ_STREAM 0x00008000
#define ISC_REQ_INTEGRITY 0x00010000 #define ISC_REQ_INTEGRITY 0x00010000
#define ISC_REQ_IDENTIFY 0x00020000 #define ISC_REQ_IDENTIFY 0x00020000
#define ISC_REQ_NULL_SESSION 0x00040000 #define ISC_REQ_NULL_SESSION 0x00040000
#define ISC_REQ_MANUAL_CRED_VALIDATION 0x00080000 #define ISC_REQ_MANUAL_CRED_VALIDATION 0x00080000
#define ISC_REQ_RESERVED1 0x00100000 #define ISC_REQ_RESERVED1 0x00100000
#define ISC_REQ_FRAGMENT_TO_FIT 0x00200000 #define ISC_REQ_FRAGMENT_TO_FIT 0x00200000
// This exists only in Longhorn and greater
#define ISC_REQ_FORWARD_CREDENTIALS 0x00400000
#define ISC_REQ_NO_INTEGRITY 0x00800000 // honored only by SPNEGO
#define ISC_RET_DELEGATE 0x00000001 #define ISC_RET_DELEGATE 0x00000001
#define ISC_RET_MUTUAL_AUTH 0x00000002 #define ISC_RET_MUTUAL_AUTH 0x00000002
#define ISC_RET_REPLAY_DETECT 0x00000004 #define ISC_RET_REPLAY_DETECT 0x00000004
#define ISC_RET_SEQUENCE_DETECT 0x00000008 #define ISC_RET_SEQUENCE_DETECT 0x00000008
#define ISC_RET_CONFIDENTIALITY 0x00000010 #define ISC_RET_CONFIDENTIALITY 0x00000010
#define ISC_RET_USE_SESSION_KEY 0x00000020 #define ISC_RET_USE_SESSION_KEY 0x00000020
#define ISC_RET_USED_COLLECTED_CREDS 0x00000040 #define ISC_RET_USED_COLLECTED_CREDS 0x00000040
#define ISC_RET_USED_SUPPLIED_CREDS 0x00000080 #define ISC_RET_USED_SUPPLIED_CREDS 0x00000080
#define ISC_RET_ALLOCATED_MEMORY 0x00000100 #define ISC_RET_ALLOCATED_MEMORY 0x00000100
skipping to change at line 398 skipping to change at line 409
#define ISC_RET_INTERMEDIATE_RETURN 0x00001000 #define ISC_RET_INTERMEDIATE_RETURN 0x00001000
#define ISC_RET_CALL_LEVEL 0x00002000 #define ISC_RET_CALL_LEVEL 0x00002000
#define ISC_RET_EXTENDED_ERROR 0x00004000 #define ISC_RET_EXTENDED_ERROR 0x00004000
#define ISC_RET_STREAM 0x00008000 #define ISC_RET_STREAM 0x00008000
#define ISC_RET_INTEGRITY 0x00010000 #define ISC_RET_INTEGRITY 0x00010000
#define ISC_RET_IDENTIFY 0x00020000 #define ISC_RET_IDENTIFY 0x00020000
#define ISC_RET_NULL_SESSION 0x00040000 #define ISC_RET_NULL_SESSION 0x00040000
#define ISC_RET_MANUAL_CRED_VALIDATION 0x00080000 #define ISC_RET_MANUAL_CRED_VALIDATION 0x00080000
#define ISC_RET_RESERVED1 0x00100000 #define ISC_RET_RESERVED1 0x00100000
#define ISC_RET_FRAGMENT_ONLY 0x00200000 #define ISC_RET_FRAGMENT_ONLY 0x00200000
// This exists only in Longhorn and greater
#define ISC_RET_FORWARD_CREDENTIALS 0x00400000
#define ISC_RET_NO_ADDITIONAL_TOKEN 0x02000000 // *INTERNAL*
#define ASC_REQ_DELEGATE 0x00000001 #define ASC_REQ_DELEGATE 0x00000001
#define ASC_REQ_MUTUAL_AUTH 0x00000002 #define ASC_REQ_MUTUAL_AUTH 0x00000002
#define ASC_REQ_REPLAY_DETECT 0x00000004 #define ASC_REQ_REPLAY_DETECT 0x00000004
#define ASC_REQ_SEQUENCE_DETECT 0x00000008 #define ASC_REQ_SEQUENCE_DETECT 0x00000008
#define ASC_REQ_CONFIDENTIALITY 0x00000010 #define ASC_REQ_CONFIDENTIALITY 0x00000010
#define ASC_REQ_USE_SESSION_KEY 0x00000020 #define ASC_REQ_USE_SESSION_KEY 0x00000020
#define ASC_REQ_ALLOCATE_MEMORY 0x00000100 #define ASC_REQ_ALLOCATE_MEMORY 0x00000100
#define ASC_REQ_USE_DCE_STYLE 0x00000200 #define ASC_REQ_USE_DCE_STYLE 0x00000200
#define ASC_REQ_DATAGRAM 0x00000400 #define ASC_REQ_DATAGRAM 0x00000400
skipping to change at line 441 skipping to change at line 455
#define ASC_RET_CONNECTION 0x00000800 #define ASC_RET_CONNECTION 0x00000800
#define ASC_RET_CALL_LEVEL 0x00002000 // skipped 1000 to be like IS C_ #define ASC_RET_CALL_LEVEL 0x00002000 // skipped 1000 to be like IS C_
#define ASC_RET_THIRD_LEG_FAILED 0x00004000 #define ASC_RET_THIRD_LEG_FAILED 0x00004000
#define ASC_RET_EXTENDED_ERROR 0x00008000 #define ASC_RET_EXTENDED_ERROR 0x00008000
#define ASC_RET_STREAM 0x00010000 #define ASC_RET_STREAM 0x00010000
#define ASC_RET_INTEGRITY 0x00020000 #define ASC_RET_INTEGRITY 0x00020000
#define ASC_RET_LICENSING 0x00040000 #define ASC_RET_LICENSING 0x00040000
#define ASC_RET_IDENTIFY 0x00080000 #define ASC_RET_IDENTIFY 0x00080000
#define ASC_RET_NULL_SESSION 0x00100000 #define ASC_RET_NULL_SESSION 0x00100000
#define ASC_RET_ALLOW_NON_USER_LOGONS 0x00200000 #define ASC_RET_ALLOW_NON_USER_LOGONS 0x00200000
#define ASC_RET_ALLOW_CONTEXT_REPLAY 0x00400000 #define ASC_RET_ALLOW_CONTEXT_REPLAY 0x00400000 // deprecated - don't use th is flag!!!
#define ASC_RET_FRAGMENT_ONLY 0x00800000 #define ASC_RET_FRAGMENT_ONLY 0x00800000
#define ASC_RET_NO_TOKEN 0x01000000 #define ASC_RET_NO_TOKEN 0x01000000
#define ASC_RET_NO_ADDITIONAL_TOKEN 0x02000000 // *INTERNAL*
// //
// Security Credentials Attributes: // Security Credentials Attributes:
// //
#define SECPKG_CRED_ATTR_NAMES 1 #define SECPKG_CRED_ATTR_NAMES 1
#define SECPKG_CRED_ATTR_SSI_PROVIDER 2 #define SECPKG_CRED_ATTR_SSI_PROVIDER 2
typedef struct _SecPkgCredentials_NamesW typedef struct _SecPkgCredentials_NamesW
{ {
SEC_WCHAR SEC_FAR * sUserName; SEC_WCHAR * sUserName;
} SecPkgCredentials_NamesW, SEC_FAR * PSecPkgCredentials_NamesW; } SecPkgCredentials_NamesW, * PSecPkgCredentials_NamesW;
// end_ntifs // end_ntifs
typedef struct _SecPkgCredentials_NamesA typedef struct _SecPkgCredentials_NamesA
{ {
SEC_CHAR SEC_FAR * sUserName; SEC_CHAR * sUserName;
} SecPkgCredentials_NamesA, SEC_FAR * PSecPkgCredentials_NamesA; } SecPkgCredentials_NamesA, * PSecPkgCredentials_NamesA;
#ifdef UNICODE #ifdef UNICODE
# define SecPkgCredentials_Names SecPkgCredentials_NamesW // ntifs # define SecPkgCredentials_Names SecPkgCredentials_NamesW // ntifs
# define PSecPkgCredentials_Names PSecPkgCredentials_NamesW // ntifs # define PSecPkgCredentials_Names PSecPkgCredentials_NamesW // ntifs
#else #else
# define SecPkgCredentials_Names SecPkgCredentials_NamesA # define SecPkgCredentials_Names SecPkgCredentials_NamesA
# define PSecPkgCredentials_Names PSecPkgCredentials_NamesA # define PSecPkgCredentials_Names PSecPkgCredentials_NamesA
#endif // !UNICODE #endif // !UNICODE
// begin_ntifs // begin_ntifs
#if NTDDI_VERSION > NTDDI_WS03
typedef struct _SecPkgCredentials_SSIProviderW typedef struct _SecPkgCredentials_SSIProviderW
{ {
SEC_WCHAR SEC_FAR * sProviderName; SEC_WCHAR * sProviderName;
unsigned long ProviderInfoLength; unsigned long ProviderInfoLength;
char SEC_FAR * ProviderInfo; char * ProviderInfo;
} SecPkgCredentials_SSIProviderW, SEC_FAR * PSecPkgCredentials_SSIProviderW; } SecPkgCredentials_SSIProviderW, * PSecPkgCredentials_SSIProviderW;
#endif // End W2k3SP1 and greater
// end ntifs // end_ntifs
typedef struct _SecPkgCredentials_SSIProviderA typedef struct _SecPkgCredentials_SSIProviderA
{ {
SEC_CHAR SEC_FAR * sProviderName; SEC_CHAR * sProviderName;
unsigned long ProviderInfoLength; unsigned long ProviderInfoLength;
char SEC_FAR * ProviderInfo; char * ProviderInfo;
} SecPkgCredentials_SSIProviderA, SEC_FAR * PSecPkgCredentials_SSIProviderA; } SecPkgCredentials_SSIProviderA, * PSecPkgCredentials_SSIProviderA;
#ifdef UNICODE #ifdef UNICODE
# define SecPkgCredentials_SSIProvider SecPkgCredentials_SSIProviderW // n tifs # define SecPkgCredentials_SSIProvider SecPkgCredentials_SSIProviderW // n tifs
# define PSecPkgCredentials_SSIProvider PSecPkgCredentials_SSIProviderW // n tifs # define PSecPkgCredentials_SSIProvider PSecPkgCredentials_SSIProviderW // n tifs
#else #else
# define SecPkgCredentials_SSIProvider SecPkgCredentials_SSIProviderA # define SecPkgCredentials_SSIProvider SecPkgCredentials_SSIProviderA
# define PSecPkgCredentials_SSIProvider PSecPkgCredentials_SSIProviderA # define PSecPkgCredentials_SSIProvider PSecPkgCredentials_SSIProviderA
#endif // !UNICODE #endif // !UNICODE
// begin_ntifs // begin_ntifs
skipping to change at line 519 skipping to change at line 535
#define SECPKG_ATTR_KEY_INFO 5 #define SECPKG_ATTR_KEY_INFO 5
#define SECPKG_ATTR_AUTHORITY 6 #define SECPKG_ATTR_AUTHORITY 6
#define SECPKG_ATTR_PROTO_INFO 7 #define SECPKG_ATTR_PROTO_INFO 7
#define SECPKG_ATTR_PASSWORD_EXPIRY 8 #define SECPKG_ATTR_PASSWORD_EXPIRY 8
#define SECPKG_ATTR_SESSION_KEY 9 #define SECPKG_ATTR_SESSION_KEY 9
#define SECPKG_ATTR_PACKAGE_INFO 10 #define SECPKG_ATTR_PACKAGE_INFO 10
#define SECPKG_ATTR_USER_FLAGS 11 #define SECPKG_ATTR_USER_FLAGS 11
#define SECPKG_ATTR_NEGOTIATION_INFO 12 #define SECPKG_ATTR_NEGOTIATION_INFO 12
#define SECPKG_ATTR_NATIVE_NAMES 13 #define SECPKG_ATTR_NATIVE_NAMES 13
#define SECPKG_ATTR_FLAGS 14 #define SECPKG_ATTR_FLAGS 14
// These attributes exist only in Win XP and greater
#define SECPKG_ATTR_USE_VALIDATED 15 #define SECPKG_ATTR_USE_VALIDATED 15
#define SECPKG_ATTR_CREDENTIAL_NAME 16 #define SECPKG_ATTR_CREDENTIAL_NAME 16
#define SECPKG_ATTR_TARGET_INFORMATION 17 #define SECPKG_ATTR_TARGET_INFORMATION 17
#define SECPKG_ATTR_ACCESS_TOKEN 18 #define SECPKG_ATTR_ACCESS_TOKEN 18
// These attributes exist only in Win2K3 and greater
#define SECPKG_ATTR_TARGET 19 #define SECPKG_ATTR_TARGET 19
#define SECPKG_ATTR_AUTHENTICATION_ID 20 #define SECPKG_ATTR_AUTHENTICATION_ID 20
// These attributes exist only in Win2K3SP1 and greater
#define SECPKG_ATTR_LOGOFF_TIME 21 #define SECPKG_ATTR_LOGOFF_TIME 21
typedef struct _SecPkgContext_Sizes typedef struct _SecPkgContext_Sizes
{ {
unsigned long cbMaxToken; unsigned long cbMaxToken;
unsigned long cbMaxSignature; unsigned long cbMaxSignature;
unsigned long cbBlockSize; unsigned long cbBlockSize;
unsigned long cbSecurityTrailer; unsigned long cbSecurityTrailer;
} SecPkgContext_Sizes, SEC_FAR * PSecPkgContext_Sizes; } SecPkgContext_Sizes, * PSecPkgContext_Sizes;
typedef struct _SecPkgContext_StreamSizes typedef struct _SecPkgContext_StreamSizes
{ {
unsigned long cbHeader; unsigned long cbHeader;
unsigned long cbTrailer; unsigned long cbTrailer;
unsigned long cbMaximumMessage; unsigned long cbMaximumMessage;
unsigned long cBuffers; unsigned long cBuffers;
unsigned long cbBlockSize; unsigned long cbBlockSize;
} SecPkgContext_StreamSizes, * PSecPkgContext_StreamSizes; } SecPkgContext_StreamSizes, * PSecPkgContext_StreamSizes;
typedef struct _SecPkgContext_NamesW typedef struct _SecPkgContext_NamesW
{ {
SEC_WCHAR SEC_FAR * sUserName; SEC_WCHAR * sUserName;
} SecPkgContext_NamesW, SEC_FAR * PSecPkgContext_NamesW; } SecPkgContext_NamesW, * PSecPkgContext_NamesW;
// end_ntifs // end_ntifs
typedef struct _SecPkgContext_NamesA typedef struct _SecPkgContext_NamesA
{ {
SEC_CHAR SEC_FAR * sUserName; SEC_CHAR * sUserName;
} SecPkgContext_NamesA, SEC_FAR * PSecPkgContext_NamesA; } SecPkgContext_NamesA, * PSecPkgContext_NamesA;
#ifdef UNICODE #ifdef UNICODE
# define SecPkgContext_Names SecPkgContext_NamesW // ntifs # define SecPkgContext_Names SecPkgContext_NamesW // ntifs
# define PSecPkgContext_Names PSecPkgContext_NamesW // ntifs # define PSecPkgContext_Names PSecPkgContext_NamesW // ntifs
#else #else
# define SecPkgContext_Names SecPkgContext_NamesA # define SecPkgContext_Names SecPkgContext_NamesA
# define PSecPkgContext_Names PSecPkgContext_NamesA # define PSecPkgContext_Names PSecPkgContext_NamesA
#endif // !UNICODE #endif // !UNICODE
// begin_ntifs // begin_ntifs
typedef struct _SecPkgContext_Lifespan typedef struct _SecPkgContext_Lifespan
{ {
TimeStamp tsStart; TimeStamp tsStart;
TimeStamp tsExpiry; TimeStamp tsExpiry;
} SecPkgContext_Lifespan, SEC_FAR * PSecPkgContext_Lifespan; } SecPkgContext_Lifespan, * PSecPkgContext_Lifespan;
typedef struct _SecPkgContext_DceInfo typedef struct _SecPkgContext_DceInfo
{ {
unsigned long AuthzSvc; unsigned long AuthzSvc;
void SEC_FAR * pPac; void * pPac;
} SecPkgContext_DceInfo, SEC_FAR * PSecPkgContext_DceInfo; } SecPkgContext_DceInfo, * PSecPkgContext_DceInfo;
// end_ntifs // end_ntifs
typedef struct _SecPkgContext_KeyInfoA typedef struct _SecPkgContext_KeyInfoA
{ {
SEC_CHAR SEC_FAR * sSignatureAlgorithmName; SEC_CHAR * sSignatureAlgorithmName;
SEC_CHAR SEC_FAR * sEncryptAlgorithmName; SEC_CHAR * sEncryptAlgorithmName;
unsigned long KeySize; unsigned long KeySize;
unsigned long SignatureAlgorithm; unsigned long SignatureAlgorithm;
unsigned long EncryptAlgorithm; unsigned long EncryptAlgorithm;
} SecPkgContext_KeyInfoA, SEC_FAR * PSecPkgContext_KeyInfoA; } SecPkgContext_KeyInfoA, * PSecPkgContext_KeyInfoA;
// begin_ntifs // begin_ntifs
typedef struct _SecPkgContext_KeyInfoW typedef struct _SecPkgContext_KeyInfoW
{ {
SEC_WCHAR SEC_FAR * sSignatureAlgorithmName; SEC_WCHAR * sSignatureAlgorithmName;
SEC_WCHAR SEC_FAR * sEncryptAlgorithmName; SEC_WCHAR * sEncryptAlgorithmName;
unsigned long KeySize; unsigned long KeySize;
unsigned long SignatureAlgorithm; unsigned long SignatureAlgorithm;
unsigned long EncryptAlgorithm; unsigned long EncryptAlgorithm;
} SecPkgContext_KeyInfoW, SEC_FAR * PSecPkgContext_KeyInfoW; } SecPkgContext_KeyInfoW, * PSecPkgContext_KeyInfoW;
// end_ntifs // end_ntifs
#ifdef UNICODE #ifdef UNICODE
#define SecPkgContext_KeyInfo SecPkgContext_KeyInfoW // ntifs #define SecPkgContext_KeyInfo SecPkgContext_KeyInfoW // ntifs
#define PSecPkgContext_KeyInfo PSecPkgContext_KeyInfoW // ntifs #define PSecPkgContext_KeyInfo PSecPkgContext_KeyInfoW // ntifs
#else #else
#define SecPkgContext_KeyInfo SecPkgContext_KeyInfoA #define SecPkgContext_KeyInfo SecPkgContext_KeyInfoA
#define PSecPkgContext_KeyInfo PSecPkgContext_KeyInfoA #define PSecPkgContext_KeyInfo PSecPkgContext_KeyInfoA
#endif #endif
typedef struct _SecPkgContext_AuthorityA typedef struct _SecPkgContext_AuthorityA
{ {
SEC_CHAR SEC_FAR * sAuthorityName; SEC_CHAR * sAuthorityName;
} SecPkgContext_AuthorityA, * PSecPkgContext_AuthorityA; } SecPkgContext_AuthorityA, * PSecPkgContext_AuthorityA;
// begin_ntifs // begin_ntifs
typedef struct _SecPkgContext_AuthorityW typedef struct _SecPkgContext_AuthorityW
{ {
SEC_WCHAR SEC_FAR * sAuthorityName; SEC_WCHAR * sAuthorityName;
} SecPkgContext_AuthorityW, * PSecPkgContext_AuthorityW; } SecPkgContext_AuthorityW, * PSecPkgContext_AuthorityW;
// end_ntifs // end_ntifs
#ifdef UNICODE #ifdef UNICODE
#define SecPkgContext_Authority SecPkgContext_AuthorityW // ntifs #define SecPkgContext_Authority SecPkgContext_AuthorityW // ntifs
#define PSecPkgContext_Authority PSecPkgContext_AuthorityW // ntifs #define PSecPkgContext_Authority PSecPkgContext_AuthorityW // ntifs
#else #else
#define SecPkgContext_Authority SecPkgContext_AuthorityA #define SecPkgContext_Authority SecPkgContext_AuthorityA
#define PSecPkgContext_Authority PSecPkgContext_AuthorityA #define PSecPkgContext_Authority PSecPkgContext_AuthorityA
#endif #endif
typedef struct _SecPkgContext_ProtoInfoA typedef struct _SecPkgContext_ProtoInfoA
{ {
SEC_CHAR SEC_FAR * sProtocolName; SEC_CHAR * sProtocolName;
unsigned long majorVersion; unsigned long majorVersion;
unsigned long minorVersion; unsigned long minorVersion;
} SecPkgContext_ProtoInfoA, SEC_FAR * PSecPkgContext_ProtoInfoA; } SecPkgContext_ProtoInfoA, * PSecPkgContext_ProtoInfoA;
// begin_ntifs // begin_ntifs
typedef struct _SecPkgContext_ProtoInfoW typedef struct _SecPkgContext_ProtoInfoW
{ {
SEC_WCHAR SEC_FAR * sProtocolName; SEC_WCHAR * sProtocolName;
unsigned long majorVersion; unsigned long majorVersion;
unsigned long minorVersion; unsigned long minorVersion;
} SecPkgContext_ProtoInfoW, SEC_FAR * PSecPkgContext_ProtoInfoW; } SecPkgContext_ProtoInfoW, * PSecPkgContext_ProtoInfoW;
// end_ntifs // end_ntifs
#ifdef UNICODE #ifdef UNICODE
#define SecPkgContext_ProtoInfo SecPkgContext_ProtoInfoW // ntifs #define SecPkgContext_ProtoInfo SecPkgContext_ProtoInfoW // ntifs
#define PSecPkgContext_ProtoInfo PSecPkgContext_ProtoInfoW // ntifs #define PSecPkgContext_ProtoInfo PSecPkgContext_ProtoInfoW // ntifs
#else #else
#define SecPkgContext_ProtoInfo SecPkgContext_ProtoInfoA #define SecPkgContext_ProtoInfo SecPkgContext_ProtoInfoA
#define PSecPkgContext_ProtoInfo PSecPkgContext_ProtoInfoA #define PSecPkgContext_ProtoInfo PSecPkgContext_ProtoInfoA
#endif #endif
// begin_ntifs // begin_ntifs
typedef struct _SecPkgContext_PasswordExpiry typedef struct _SecPkgContext_PasswordExpiry
{ {
TimeStamp tsPasswordExpires; TimeStamp tsPasswordExpires;
} SecPkgContext_PasswordExpiry, SEC_FAR * PSecPkgContext_PasswordExpiry; } SecPkgContext_PasswordExpiry, * PSecPkgContext_PasswordExpiry;
#if NTDDI_VERSION > NTDDI_WS03
typedef struct _SecPkgContext_LogoffTime typedef struct _SecPkgContext_LogoffTime
{ {
TimeStamp tsLogoffTime; TimeStamp tsLogoffTime;
} SecPkgContext_LogoffTime, SEC_FAR * PSecPkgContext_LogoffTime; } SecPkgContext_LogoffTime, * PSecPkgContext_LogoffTime;
#endif // Greater than Windows Server 2003 RTM (SP1 and greater contains this)
typedef struct _SecPkgContext_SessionKey typedef struct _SecPkgContext_SessionKey
{ {
unsigned long SessionKeyLength; unsigned long SessionKeyLength;
unsigned char SEC_FAR * SessionKey; __field_bcount(SessionKeyLength) unsigned char * SessionKey;
} SecPkgContext_SessionKey, *PSecPkgContext_SessionKey; } SecPkgContext_SessionKey, *PSecPkgContext_SessionKey;
typedef struct _SecPkgContext_PackageInfoW typedef struct _SecPkgContext_PackageInfoW
{ {
PSecPkgInfoW PackageInfo; PSecPkgInfoW PackageInfo;
} SecPkgContext_PackageInfoW, SEC_FAR * PSecPkgContext_PackageInfoW; } SecPkgContext_PackageInfoW, * PSecPkgContext_PackageInfoW;
// end_ntifs // end_ntifs
typedef struct _SecPkgContext_PackageInfoA typedef struct _SecPkgContext_PackageInfoA
{ {
PSecPkgInfoA PackageInfo; PSecPkgInfoA PackageInfo;
} SecPkgContext_PackageInfoA, SEC_FAR * PSecPkgContext_PackageInfoA; } SecPkgContext_PackageInfoA, * PSecPkgContext_PackageInfoA;
// begin_ntifs // begin_ntifs
typedef struct _SecPkgContext_UserFlags typedef struct _SecPkgContext_UserFlags
{ {
unsigned long UserFlags; unsigned long UserFlags;
} SecPkgContext_UserFlags, SEC_FAR * PSecPkgContext_UserFlags; } SecPkgContext_UserFlags, * PSecPkgContext_UserFlags;
typedef struct _SecPkgContext_Flags typedef struct _SecPkgContext_Flags
{ {
unsigned long Flags; unsigned long Flags;
} SecPkgContext_Flags, SEC_FAR * PSecPkgContext_Flags; } SecPkgContext_Flags, * PSecPkgContext_Flags;
// end_ntifs // end_ntifs
#ifdef UNICODE #ifdef UNICODE
#define SecPkgContext_PackageInfo SecPkgContext_PackageInfoW // ntifs #define SecPkgContext_PackageInfo SecPkgContext_PackageInfoW // ntifs
#define PSecPkgContext_PackageInfo PSecPkgContext_PackageInfoW // ntifs #define PSecPkgContext_PackageInfo PSecPkgContext_PackageInfoW // ntifs
#else #else
#define SecPkgContext_PackageInfo SecPkgContext_PackageInfoA #define SecPkgContext_PackageInfo SecPkgContext_PackageInfoA
#define PSecPkgContext_PackageInfo PSecPkgContext_PackageInfoA #define PSecPkgContext_PackageInfo PSecPkgContext_PackageInfoA
#endif #endif
typedef struct _SecPkgContext_NegotiationInfoA typedef struct _SecPkgContext_NegotiationInfoA
{ {
PSecPkgInfoA PackageInfo ; PSecPkgInfoA PackageInfo ;
unsigned long NegotiationState ; unsigned long NegotiationState ;
} SecPkgContext_NegotiationInfoA, SEC_FAR * PSecPkgContext_NegotiationInfoA ; } SecPkgContext_NegotiationInfoA, * PSecPkgContext_NegotiationInfoA ;
// begin_ntifs // begin_ntifs
typedef struct _SecPkgContext_NegotiationInfoW typedef struct _SecPkgContext_NegotiationInfoW
{ {
PSecPkgInfoW PackageInfo ; PSecPkgInfoW PackageInfo ;
unsigned long NegotiationState ; unsigned long NegotiationState ;
} SecPkgContext_NegotiationInfoW, SEC_FAR * PSecPkgContext_NegotiationInfoW ; } SecPkgContext_NegotiationInfoW, * PSecPkgContext_NegotiationInfoW ;
// end_ntifs // end_ntifs
#ifdef UNICODE #ifdef UNICODE
#define SecPkgContext_NegotiationInfo SecPkgContext_NegotiationInfoW #define SecPkgContext_NegotiationInfo SecPkgContext_NegotiationInfoW
#define PSecPkgContext_NegotiationInfo PSecPkgContext_NegotiationInfoW #define PSecPkgContext_NegotiationInfo PSecPkgContext_NegotiationInfoW
#else #else
#define SecPkgContext_NegotiationInfo SecPkgContext_NegotiationInfoA #define SecPkgContext_NegotiationInfo SecPkgContext_NegotiationInfoA
#define PSecPkgContext_NegotiationInfo PSecPkgContext_NegotiationInfoA #define PSecPkgContext_NegotiationInfo PSecPkgContext_NegotiationInfoA
#endif #endif
#define SECPKG_NEGOTIATION_COMPLETE 0 #define SECPKG_NEGOTIATION_COMPLETE 0
#define SECPKG_NEGOTIATION_OPTIMISTIC 1 #define SECPKG_NEGOTIATION_OPTIMISTIC 1
#define SECPKG_NEGOTIATION_IN_PROGRESS 2 #define SECPKG_NEGOTIATION_IN_PROGRESS 2
#define SECPKG_NEGOTIATION_DIRECT 3 #define SECPKG_NEGOTIATION_DIRECT 3
#define SECPKG_NEGOTIATION_TRY_MULTICRED 4 #define SECPKG_NEGOTIATION_TRY_MULTICRED 4
typedef struct _SecPkgContext_NativeNamesW typedef struct _SecPkgContext_NativeNamesW
{ {
SEC_WCHAR SEC_FAR * sClientName; SEC_WCHAR * sClientName;
SEC_WCHAR SEC_FAR * sServerName; SEC_WCHAR * sServerName;
} SecPkgContext_NativeNamesW, SEC_FAR * PSecPkgContext_NativeNamesW; } SecPkgContext_NativeNamesW, * PSecPkgContext_NativeNamesW;
typedef struct _SecPkgContext_NativeNamesA typedef struct _SecPkgContext_NativeNamesA
{ {
SEC_CHAR SEC_FAR * sClientName; SEC_CHAR * sClientName;
SEC_CHAR SEC_FAR * sServerName; SEC_CHAR * sServerName;
} SecPkgContext_NativeNamesA, SEC_FAR * PSecPkgContext_NativeNamesA; } SecPkgContext_NativeNamesA, * PSecPkgContext_NativeNamesA;
#ifdef UNICODE #ifdef UNICODE
# define SecPkgContext_NativeNames SecPkgContext_NativeNamesW // ntifs # define SecPkgContext_NativeNames SecPkgContext_NativeNamesW // ntifs
# define PSecPkgContext_NativeNames PSecPkgContext_NativeNamesW // ntifs # define PSecPkgContext_NativeNames PSecPkgContext_NativeNamesW // ntifs
#else #else
# define SecPkgContext_NativeNames SecPkgContext_NativeNamesA # define SecPkgContext_NativeNames SecPkgContext_NativeNamesA
# define PSecPkgContext_NativeNames PSecPkgContext_NativeNamesA # define PSecPkgContext_NativeNames PSecPkgContext_NativeNamesA
#endif // !UNICODE #endif // !UNICODE
// begin_ntifs // begin_ntifs
#if OSVER(NTDDI_VERSION) > NTDDI_WIN2K
typedef struct _SecPkgContext_CredentialNameW typedef struct _SecPkgContext_CredentialNameW
{ {
unsigned long CredentialType; unsigned long CredentialType;
SEC_WCHAR SEC_FAR *sCredentialName; SEC_WCHAR *sCredentialName;
} SecPkgContext_CredentialNameW, SEC_FAR * PSecPkgContext_CredentialNameW; } SecPkgContext_CredentialNameW, * PSecPkgContext_CredentialNameW;
#endif // Later than win2k
// end_ntifs // end_ntifs
typedef struct _SecPkgContext_CredentialNameA typedef struct _SecPkgContext_CredentialNameA
{ {
unsigned long CredentialType; unsigned long CredentialType;
SEC_CHAR SEC_FAR *sCredentialName; SEC_CHAR *sCredentialName;
} SecPkgContext_CredentialNameA, SEC_FAR * PSecPkgContext_CredentialNameA; } SecPkgContext_CredentialNameA, * PSecPkgContext_CredentialNameA;
#ifdef UNICODE #ifdef UNICODE
# define SecPkgContext_CredentialName SecPkgContext_CredentialNameW // ntifs # define SecPkgContext_CredentialName SecPkgContext_CredentialNameW // ntifs
# define PSecPkgContext_CredentialName PSecPkgContext_CredentialNameW // ntifs # define PSecPkgContext_CredentialName PSecPkgContext_CredentialNameW // ntifs
#else #else
# define SecPkgContext_CredentialName SecPkgContext_CredentialNameA # define SecPkgContext_CredentialName SecPkgContext_CredentialNameA
# define PSecPkgContext_CredentialName PSecPkgContext_CredentialNameA # define PSecPkgContext_CredentialName PSecPkgContext_CredentialNameA
#endif // !UNICODE #endif // !UNICODE
typedef struct _SecPkgContext_AccessToken typedef struct _SecPkgContext_AccessToken
{ {
void SEC_FAR * AccessToken; void * AccessToken;
} SecPkgContext_AccessToken, SEC_FAR * PSecPkgContext_AccessToken; } SecPkgContext_AccessToken, * PSecPkgContext_AccessToken;
typedef struct _SecPkgContext_TargetInformation typedef struct _SecPkgContext_TargetInformation
{ {
unsigned long MarshalledTargetInfoLength; unsigned long MarshalledTargetInfoLength;
unsigned char SEC_FAR * MarshalledTargetInfo; unsigned char * MarshalledTargetInfo;
} SecPkgContext_TargetInformation, SEC_FAR * PSecPkgContext_TargetInformation; } SecPkgContext_TargetInformation, * PSecPkgContext_TargetInformation;
typedef struct _SecPkgContext_AuthzID typedef struct _SecPkgContext_AuthzID
{ {
unsigned long AuthzIDLength; unsigned long AuthzIDLength;
char SEC_FAR * AuthzID; char * AuthzID;
} SecPkgContext_AuthzID, SEC_FAR * PSecPkgContext_AuthzID; } SecPkgContext_AuthzID, * PSecPkgContext_AuthzID;
typedef struct _SecPkgContext_Target typedef struct _SecPkgContext_Target
{ {
unsigned long TargetLength; unsigned long TargetLength;
char SEC_FAR * Target; char * Target;
} SecPkgContext_Target, SEC_FAR * PSecPkgContext_Target; } SecPkgContext_Target, * PSecPkgContext_Target;
// begin_ntifs // begin_ntifs
typedef void typedef void
(SEC_ENTRY SEC_FAR * SEC_GET_KEY_FN) ( (SEC_ENTRY * SEC_GET_KEY_FN) (
void SEC_FAR * Arg, // Argument passed in void * Arg, // Argument passed in
void SEC_FAR * Principal, // Principal ID void * Principal, // Principal ID
unsigned long KeyVer, // Key Version unsigned long KeyVer, // Key Version
void SEC_FAR * SEC_FAR * Key, // Returned ptr to key void * * Key, // Returned ptr to key
SECURITY_STATUS SEC_FAR * Status // returned status SECURITY_STATUS * Status // returned status
); );
// //
// Flags for ExportSecurityContext // Flags for ExportSecurityContext
// //
#define SECPKG_CONTEXT_EXPORT_RESET_NEW 0x00000001 // New context i s reset to initial state #define SECPKG_CONTEXT_EXPORT_RESET_NEW 0x00000001 // New context i s reset to initial state
#define SECPKG_CONTEXT_EXPORT_DELETE_OLD 0x00000002 // Old context i s deleted during export #define SECPKG_CONTEXT_EXPORT_DELETE_OLD 0x00000002 // Old context i s deleted during export
// This is only valid in W2K3SP1 and greater
#define SECPKG_CONTEXT_EXPORT_TO_KERNEL 0x00000004 // Context is to be transferred to the kernel #define SECPKG_CONTEXT_EXPORT_TO_KERNEL 0x00000004 // Context is to be transferred to the kernel
KSECDDDECLSPEC KSECDDDECLSPEC
SECURITY_STATUS SEC_ENTRY SECURITY_STATUS SEC_ENTRY
AcquireCredentialsHandleW( AcquireCredentialsHandleW(
#if ISSP_MODE == 0 // For Kernel mode #if ISSP_MODE == 0 // For Kernel mode
PSECURITY_STRING pPrincipal, __in_opt PSECURITY_STRING pPrincipal,
PSECURITY_STRING pPackage, __in PSECURITY_STRING pPackage,
#else #else
SEC_WCHAR SEC_FAR * pszPrincipal, // Name of principal __in_opt SEC_WCHAR * pszPrincipal, // Name of principal
SEC_WCHAR SEC_FAR * pszPackage, // Name of package __in SEC_WCHAR * pszPackage, // Name of package
#endif #endif
unsigned long fCredentialUse, // Flags indicating use __in unsigned long fCredentialUse, // Flags indicating use
void SEC_FAR * pvLogonId, // Pointer to logon ID __in_opt void * pvLogonId, // Pointer to logon ID
void SEC_FAR * pAuthData, // Package specific data __in_opt void * pAuthData, // Package specific data
SEC_GET_KEY_FN pGetKeyFn, // Pointer to GetKey() func __in_opt SEC_GET_KEY_FN pGetKeyFn, // Pointer to GetKey() func
void SEC_FAR * pvGetKeyArgument, // Value to pass to GetKey() __in_opt void * pvGetKeyArgument, // Value to pass to GetKey()
PCredHandle phCredential, // (out) Cred Handle __out PCredHandle phCredential, // (out) Cred Handle
PTimeStamp ptsExpiry // (out) Lifetime (optional) __out_opt PTimeStamp ptsExpiry // (out) Lifetime (optional)
); );
typedef SECURITY_STATUS typedef SECURITY_STATUS
(SEC_ENTRY * ACQUIRE_CREDENTIALS_HANDLE_FN_W)( (SEC_ENTRY * ACQUIRE_CREDENTIALS_HANDLE_FN_W)(
#if ISSP_MODE == 0 #if ISSP_MODE == 0
PSECURITY_STRING, PSECURITY_STRING,
PSECURITY_STRING, PSECURITY_STRING,
#else #else
SEC_WCHAR SEC_FAR *, SEC_WCHAR *,
SEC_WCHAR SEC_FAR *, SEC_WCHAR *,
#endif #endif
unsigned long, unsigned long,
void SEC_FAR *, void *,
void SEC_FAR *, void *,
SEC_GET_KEY_FN, SEC_GET_KEY_FN,
void SEC_FAR *, void *,
PCredHandle, PCredHandle,
PTimeStamp); PTimeStamp);
// end_ntifs // end_ntifs
SECURITY_STATUS SEC_ENTRY SECURITY_STATUS SEC_ENTRY
AcquireCredentialsHandleA( AcquireCredentialsHandleA(
SEC_CHAR SEC_FAR * pszPrincipal, // Name of principal __in_opt SEC_CHAR * pszPrincipal, // Name of principal
SEC_CHAR SEC_FAR * pszPackage, // Name of package __in SEC_CHAR * pszPackage, // Name of package
unsigned long fCredentialUse, // Flags indicating use __in unsigned long fCredentialUse, // Flags indicating use
void SEC_FAR * pvLogonId, // Pointer to logon ID __in_opt void * pvLogonId, // Pointer to logon ID
void SEC_FAR * pAuthData, // Package specific data __in_opt void * pAuthData, // Package specific data
SEC_GET_KEY_FN pGetKeyFn, // Pointer to GetKey() func __in_opt SEC_GET_KEY_FN pGetKeyFn, // Pointer to GetKey() func
void SEC_FAR * pvGetKeyArgument, // Value to pass to GetKey() __in_opt void * pvGetKeyArgument, // Value to pass to GetKey()
PCredHandle phCredential, // (out) Cred Handle __out PCredHandle phCredential, // (out) Cred Handle
PTimeStamp ptsExpiry // (out) Lifetime (optional) __out_opt PTimeStamp ptsExpiry // (out) Lifetime (optional)
); );
typedef SECURITY_STATUS typedef SECURITY_STATUS
(SEC_ENTRY * ACQUIRE_CREDENTIALS_HANDLE_FN_A)( (SEC_ENTRY * ACQUIRE_CREDENTIALS_HANDLE_FN_A)(
SEC_CHAR SEC_FAR *, SEC_CHAR *,
SEC_CHAR SEC_FAR *, SEC_CHAR *,
unsigned long, unsigned long,
void SEC_FAR *, void *,
void SEC_FAR *, void *,
SEC_GET_KEY_FN, SEC_GET_KEY_FN,
void SEC_FAR *, void *,
PCredHandle, PCredHandle,
PTimeStamp); PTimeStamp);
#ifdef UNICODE #ifdef UNICODE
# define AcquireCredentialsHandle AcquireCredentialsHandleW // ntifs # define AcquireCredentialsHandle AcquireCredentialsHandleW // ntifs
# define ACQUIRE_CREDENTIALS_HANDLE_FN ACQUIRE_CREDENTIALS_HANDLE_FN_W // ntifs # define ACQUIRE_CREDENTIALS_HANDLE_FN ACQUIRE_CREDENTIALS_HANDLE_FN_W // ntifs
#else #else
# define AcquireCredentialsHandle AcquireCredentialsHandleA # define AcquireCredentialsHandle AcquireCredentialsHandleA
# define ACQUIRE_CREDENTIALS_HANDLE_FN ACQUIRE_CREDENTIALS_HANDLE_FN_A # define ACQUIRE_CREDENTIALS_HANDLE_FN ACQUIRE_CREDENTIALS_HANDLE_FN_A
#endif // !UNICODE #endif // !UNICODE
// begin_ntifs // begin_ntifs
KSECDDDECLSPEC KSECDDDECLSPEC
SECURITY_STATUS SEC_ENTRY SECURITY_STATUS SEC_ENTRY
FreeCredentialsHandle( FreeCredentialsHandle(
PCredHandle phCredential // Handle to free __in PCredHandle phCredential // Handle to free
); );
typedef SECURITY_STATUS typedef SECURITY_STATUS
(SEC_ENTRY * FREE_CREDENTIALS_HANDLE_FN)( (SEC_ENTRY * FREE_CREDENTIALS_HANDLE_FN)(
PCredHandle ); PCredHandle );
KSECDDDECLSPEC KSECDDDECLSPEC
SECURITY_STATUS SEC_ENTRY SECURITY_STATUS SEC_ENTRY
AddCredentialsW( AddCredentialsW(
PCredHandle hCredentials, __in PCredHandle hCredentials,
#if ISSP_MODE == 0 // For Kernel mode #if ISSP_MODE == 0 // For Kernel mode
PSECURITY_STRING pPrincipal, __in_opt PSECURITY_STRING pPrincipal,
PSECURITY_STRING pPackage, __in PSECURITY_STRING pPackage,
#else #else
SEC_WCHAR SEC_FAR * pszPrincipal, // Name of principal __in_opt SEC_WCHAR * pszPrincipal, // Name of principal
SEC_WCHAR SEC_FAR * pszPackage, // Name of package __in SEC_WCHAR * pszPackage, // Name of package
#endif #endif
unsigned long fCredentialUse, // Flags indicating use __in unsigned long fCredentialUse, // Flags indicating use
void SEC_FAR * pAuthData, // Package specific data __in_opt void * pAuthData, // Package specific data
SEC_GET_KEY_FN pGetKeyFn, // Pointer to GetKey() func __in_opt SEC_GET_KEY_FN pGetKeyFn, // Pointer to GetKey() func
void SEC_FAR * pvGetKeyArgument, // Value to pass to GetKey() __in_opt void * pvGetKeyArgument, // Value to pass to GetKey()
PTimeStamp ptsExpiry // (out) Lifetime (optional) __out_opt PTimeStamp ptsExpiry // (out) Lifetime (optional)
); );
typedef SECURITY_STATUS typedef SECURITY_STATUS
(SEC_ENTRY * ADD_CREDENTIALS_FN_W)( (SEC_ENTRY * ADD_CREDENTIALS_FN_W)(
PCredHandle, PCredHandle,
#if ISSP_MODE == 0 #if ISSP_MODE == 0
PSECURITY_STRING, PSECURITY_STRING,
PSECURITY_STRING, PSECURITY_STRING,
#else #else
SEC_WCHAR SEC_FAR *, SEC_WCHAR *,
SEC_WCHAR SEC_FAR *, SEC_WCHAR *,
#endif #endif
unsigned long, unsigned long,
void SEC_FAR *, void *,
SEC_GET_KEY_FN, SEC_GET_KEY_FN,
void SEC_FAR *, void *,
PTimeStamp); PTimeStamp);
SECURITY_STATUS SEC_ENTRY SECURITY_STATUS SEC_ENTRY
AddCredentialsA( AddCredentialsA(
PCredHandle hCredentials, __in PCredHandle hCredentials,
SEC_CHAR SEC_FAR * pszPrincipal, // Name of principal __in_opt SEC_CHAR * pszPrincipal, // Name of principal
SEC_CHAR SEC_FAR * pszPackage, // Name of package __in SEC_CHAR * pszPackage, // Name of package
unsigned long fCredentialUse, // Flags indicating use __in unsigned long fCredentialUse, // Flags indicating use
void SEC_FAR * pAuthData, // Package specific data __in_opt void * pAuthData, // Package specific data
SEC_GET_KEY_FN pGetKeyFn, // Pointer to GetKey() func __in_opt SEC_GET_KEY_FN pGetKeyFn, // Pointer to GetKey() func
void SEC_FAR * pvGetKeyArgument, // Value to pass to GetKey() __in_opt void * pvGetKeyArgument, // Value to pass to GetKey()
PTimeStamp ptsExpiry // (out) Lifetime (optional) __out_opt PTimeStamp ptsExpiry // (out) Lifetime (optional)
); );
typedef SECURITY_STATUS typedef SECURITY_STATUS
(SEC_ENTRY * ADD_CREDENTIALS_FN_A)( (SEC_ENTRY * ADD_CREDENTIALS_FN_A)(
PCredHandle, PCredHandle,
SEC_CHAR SEC_FAR *, SEC_CHAR *,
SEC_CHAR SEC_FAR *, SEC_CHAR *,
unsigned long, unsigned long,
void SEC_FAR *, void *,
SEC_GET_KEY_FN, SEC_GET_KEY_FN,
void SEC_FAR *, void *,
PTimeStamp); PTimeStamp);
#ifdef UNICODE #ifdef UNICODE
#define AddCredentials AddCredentialsW #define AddCredentials AddCredentialsW
#define ADD_CREDENTIALS_FN ADD_CREDENTIALS_FN_W #define ADD_CREDENTIALS_FN ADD_CREDENTIALS_FN_W
#else #else
#define AddCredentials AddCredentialsA #define AddCredentials AddCredentialsA
#define ADD_CREDENTIALS_FN ADD_CREDENTIALS_FN_A #define ADD_CREDENTIALS_FN ADD_CREDENTIALS_FN_A
#endif #endif
//////////////////////////////////////////////////////////////////////// ////////////////////////////////////////////////////////////////////////
/// ///
/// Password Change Functions
///
////////////////////////////////////////////////////////////////////////
#if ISSP_MODE != 0
SECURITY_STATUS SEC_ENTRY
ChangeAccountPasswordW(
__in SEC_WCHAR * pszPackageName,
__in SEC_WCHAR * pszDomainName,
__in SEC_WCHAR * pszAccountName,
__in SEC_WCHAR * pszOldPassword,
__in SEC_WCHAR * pszNewPassword,
__in BOOLEAN bImpersonating,
__in unsigned long dwReserved,
__inout PSecBufferDesc pOutput
);
typedef SECURITY_STATUS
(SEC_ENTRY * CHANGE_PASSWORD_FN_W)(
SEC_WCHAR *,
SEC_WCHAR *,
SEC_WCHAR *,
SEC_WCHAR *,
SEC_WCHAR *,
BOOLEAN,
unsigned long,
PSecBufferDesc
);
SECURITY_STATUS SEC_ENTRY
ChangeAccountPasswordA(
__in SEC_CHAR * pszPackageName,
__in SEC_CHAR * pszDomainName,
__in SEC_CHAR * pszAccountName,
__in SEC_CHAR * pszOldPassword,
__in SEC_CHAR * pszNewPassword,
__in BOOLEAN bImpersonating,
__in unsigned long dwReserved,
__inout PSecBufferDesc pOutput
);
typedef SECURITY_STATUS
(SEC_ENTRY * CHANGE_PASSWORD_FN_A)(
SEC_CHAR *,
SEC_CHAR *,
SEC_CHAR *,
SEC_CHAR *,
SEC_CHAR *,
BOOLEAN,
unsigned long,
PSecBufferDesc
);
#ifdef UNICODE
# define ChangeAccountPassword ChangeAccountPasswordW
# define CHANGE_PASSWORD_FN CHANGE_PASSWORD_FN_W
#else
# define ChangeAccountPassword ChangeAccountPasswordA
# define CHANGE_PASSWORD_FN CHANGE_PASSWORD_FN_A
#endif // !UNICODE
#endif // ISSP_MODE
////////////////////////////////////////////////////////////////////////
///
/// Context Management Functions /// Context Management Functions
/// ///
//////////////////////////////////////////////////////////////////////// ////////////////////////////////////////////////////////////////////////
KSECDDDECLSPEC KSECDDDECLSPEC
SECURITY_STATUS SEC_ENTRY SECURITY_STATUS SEC_ENTRY
InitializeSecurityContextW( InitializeSecurityContextW(
PCredHandle phCredential, // Cred to base context __in_opt PCredHandle phCredential, // Cred to base context
PCtxtHandle phContext, // Existing context (OPT) __in_opt PCtxtHandle phContext, // Existing context (OPT
)
#if ISSP_MODE == 0 #if ISSP_MODE == 0
PSECURITY_STRING pTargetName, __in_opt PSECURITY_STRING pTargetName,
#else #else
SEC_WCHAR SEC_FAR * pszTargetName, // Name of target __in_opt SEC_WCHAR * pszTargetName, // Name of target
#endif #endif
unsigned long fContextReq, // Context Requirements __in unsigned long fContextReq, // Context Requirements
unsigned long Reserved1, // Reserved, MBZ __in unsigned long Reserved1, // Reserved, MBZ
unsigned long TargetDataRep, // Data rep of target __in unsigned long TargetDataRep, // Data rep of target
PSecBufferDesc pInput, // Input Buffers __in_opt PSecBufferDesc pInput, // Input Buffers
unsigned long Reserved2, // Reserved, MBZ __in unsigned long Reserved2, // Reserved, MBZ
PCtxtHandle phNewContext, // (out) New Context handle __inout_opt PCtxtHandle phNewContext, // (out) New Context han
PSecBufferDesc pOutput, // (inout) Output Buffers dle
unsigned long SEC_FAR * pfContextAttr, // (out) Context attrs __inout_opt PSecBufferDesc pOutput, // (inout) Output Buffer
PTimeStamp ptsExpiry // (out) Life span (OPT) s
__out unsigned long * pfContextAttr, // (out) Context attrs
__out_opt PTimeStamp ptsExpiry // (out) Life span (OPT)
); );
typedef SECURITY_STATUS typedef SECURITY_STATUS
(SEC_ENTRY * INITIALIZE_SECURITY_CONTEXT_FN_W)( (SEC_ENTRY * INITIALIZE_SECURITY_CONTEXT_FN_W)(
PCredHandle, PCredHandle,
PCtxtHandle, PCtxtHandle,
#if ISSP_MODE == 0 #if ISSP_MODE == 0
PSECURITY_STRING, PSECURITY_STRING,
#else #else
SEC_WCHAR SEC_FAR *, SEC_WCHAR *,
#endif #endif
unsigned long, unsigned long,
unsigned long, unsigned long,
unsigned long, unsigned long,
PSecBufferDesc, PSecBufferDesc,
unsigned long, unsigned long,
PCtxtHandle, PCtxtHandle,
PSecBufferDesc, PSecBufferDesc,
unsigned long SEC_FAR *, unsigned long *,
PTimeStamp); PTimeStamp);
// end_ntifs // end_ntifs
SECURITY_STATUS SEC_ENTRY SECURITY_STATUS SEC_ENTRY
InitializeSecurityContextA( InitializeSecurityContextA(
PCredHandle phCredential, // Cred to base context __in_opt PCredHandle phCredential, // Cred to base context
PCtxtHandle phContext, // Existing context (OPT) __in_opt PCtxtHandle phContext, // Existing context (OPT
SEC_CHAR SEC_FAR * pszTargetName, // Name of target )
unsigned long fContextReq, // Context Requirements __in_opt SEC_CHAR * pszTargetName, // Name of target
unsigned long Reserved1, // Reserved, MBZ __in unsigned long fContextReq, // Context Requirements
unsigned long TargetDataRep, // Data rep of target __in unsigned long Reserved1, // Reserved, MBZ
PSecBufferDesc pInput, // Input Buffers __in unsigned long TargetDataRep, // Data rep of target
unsigned long Reserved2, // Reserved, MBZ __in_opt PSecBufferDesc pInput, // Input Buffers
PCtxtHandle phNewContext, // (out) New Context handle __in unsigned long Reserved2, // Reserved, MBZ
PSecBufferDesc pOutput, // (inout) Output Buffers __inout_opt PCtxtHandle phNewContext, // (out) New Context han
unsigned long SEC_FAR * pfContextAttr, // (out) Context attrs dle
PTimeStamp ptsExpiry // (out) Life span (OPT) __inout_opt PSecBufferDesc pOutput, // (inout) Output Buffer
s
__out unsigned long * pfContextAttr, // (out) Context attrs
__out_opt PTimeStamp ptsExpiry // (out) Life span (OPT)
); );
typedef SECURITY_STATUS typedef SECURITY_STATUS
(SEC_ENTRY * INITIALIZE_SECURITY_CONTEXT_FN_A)( (SEC_ENTRY * INITIALIZE_SECURITY_CONTEXT_FN_A)(
PCredHandle, PCredHandle,
PCtxtHandle, PCtxtHandle,
SEC_CHAR SEC_FAR *, SEC_CHAR *,
unsigned long, unsigned long,
unsigned long, unsigned long,
unsigned long, unsigned long,
PSecBufferDesc, PSecBufferDesc,
unsigned long, unsigned long,
PCtxtHandle, PCtxtHandle,
PSecBufferDesc, PSecBufferDesc,
unsigned long SEC_FAR *, unsigned long *,
PTimeStamp); PTimeStamp);
#ifdef UNICODE #ifdef UNICODE
# define InitializeSecurityContext InitializeSecurityContextW // n tifs # define InitializeSecurityContext InitializeSecurityContextW // n tifs
# define INITIALIZE_SECURITY_CONTEXT_FN INITIALIZE_SECURITY_CONTEXT_FN_W // n tifs # define INITIALIZE_SECURITY_CONTEXT_FN INITIALIZE_SECURITY_CONTEXT_FN_W // n tifs
#else #else
# define InitializeSecurityContext InitializeSecurityContextA # define InitializeSecurityContext InitializeSecurityContextA
# define INITIALIZE_SECURITY_CONTEXT_FN INITIALIZE_SECURITY_CONTEXT_FN_A # define INITIALIZE_SECURITY_CONTEXT_FN INITIALIZE_SECURITY_CONTEXT_FN_A
#endif // !UNICODE #endif // !UNICODE
// begin_ntifs // begin_ntifs
KSECDDDECLSPEC KSECDDDECLSPEC
SECURITY_STATUS SEC_ENTRY SECURITY_STATUS SEC_ENTRY
AcceptSecurityContext( AcceptSecurityContext(
PCredHandle phCredential, // Cred to base context __in_opt PCredHandle phCredential, // Cred to base context
PCtxtHandle phContext, // Existing context (OPT) __in_opt PCtxtHandle phContext, // Existing context (OPT)
PSecBufferDesc pInput, // Input buffer __in_opt PSecBufferDesc pInput, // Input buffer
unsigned long fContextReq, // Context Requirements __in unsigned long fContextReq, // Context Requirements
unsigned long TargetDataRep, // Target Data Rep __in unsigned long TargetDataRep, // Target Data Rep
PCtxtHandle phNewContext, // (out) New context handle __in_opt PCtxtHandle phNewContext, // (out) New context handl
PSecBufferDesc pOutput, // (inout) Output buffers e
unsigned long SEC_FAR * pfContextAttr, // (out) Context attributes __in_opt PSecBufferDesc pOutput, // (inout) Output buffers
PTimeStamp ptsExpiry // (out) Life span (OPT) __out unsigned long * pfContextAttr, // (out) Context attributes
__out_opt PTimeStamp ptsExpiry // (out) Life span (OPT)
); );
typedef SECURITY_STATUS typedef SECURITY_STATUS
(SEC_ENTRY * ACCEPT_SECURITY_CONTEXT_FN)( (SEC_ENTRY * ACCEPT_SECURITY_CONTEXT_FN)(
PCredHandle, PCredHandle,
PCtxtHandle, PCtxtHandle,
PSecBufferDesc, PSecBufferDesc,
unsigned long, unsigned long,
unsigned long, unsigned long,
PCtxtHandle, PCtxtHandle,
PSecBufferDesc, PSecBufferDesc,
unsigned long SEC_FAR *, unsigned long *,
PTimeStamp); PTimeStamp);
SECURITY_STATUS SEC_ENTRY SECURITY_STATUS SEC_ENTRY
CompleteAuthToken( CompleteAuthToken(
PCtxtHandle phContext, // Context to complete __in PCtxtHandle phContext, // Context to complete
PSecBufferDesc pToken // Token to complete __in PSecBufferDesc pToken // Token to complete
); );
typedef SECURITY_STATUS typedef SECURITY_STATUS
(SEC_ENTRY * COMPLETE_AUTH_TOKEN_FN)( (SEC_ENTRY * COMPLETE_AUTH_TOKEN_FN)(
PCtxtHandle, PCtxtHandle,
PSecBufferDesc); PSecBufferDesc);
KSECDDDECLSPEC KSECDDDECLSPEC
SECURITY_STATUS SEC_ENTRY SECURITY_STATUS SEC_ENTRY
ImpersonateSecurityContext( ImpersonateSecurityContext(
PCtxtHandle phContext // Context to impersonate __in PCtxtHandle phContext // Context to impersonate
); );
typedef SECURITY_STATUS typedef SECURITY_STATUS
(SEC_ENTRY * IMPERSONATE_SECURITY_CONTEXT_FN)( (SEC_ENTRY * IMPERSONATE_SECURITY_CONTEXT_FN)(
PCtxtHandle); PCtxtHandle);
KSECDDDECLSPEC KSECDDDECLSPEC
SECURITY_STATUS SEC_ENTRY SECURITY_STATUS SEC_ENTRY
RevertSecurityContext( RevertSecurityContext(
PCtxtHandle phContext // Context from which to re __in PCtxtHandle phContext // Context from which to re
); );
typedef SECURITY_STATUS typedef SECURITY_STATUS
(SEC_ENTRY * REVERT_SECURITY_CONTEXT_FN)( (SEC_ENTRY * REVERT_SECURITY_CONTEXT_FN)(
PCtxtHandle); PCtxtHandle);
KSECDDDECLSPEC KSECDDDECLSPEC
SECURITY_STATUS SEC_ENTRY SECURITY_STATUS SEC_ENTRY
QuerySecurityContextToken( QuerySecurityContextToken(
PCtxtHandle phContext, __in PCtxtHandle phContext,
void SEC_FAR * SEC_FAR * Token __out void * * Token
); );
typedef SECURITY_STATUS typedef SECURITY_STATUS
(SEC_ENTRY * QUERY_SECURITY_CONTEXT_TOKEN_FN)( (SEC_ENTRY * QUERY_SECURITY_CONTEXT_TOKEN_FN)(
PCtxtHandle, void SEC_FAR * SEC_FAR *); PCtxtHandle, void * *);
KSECDDDECLSPEC KSECDDDECLSPEC
SECURITY_STATUS SEC_ENTRY SECURITY_STATUS SEC_ENTRY
DeleteSecurityContext( DeleteSecurityContext(
PCtxtHandle phContext // Context to delete __in PCtxtHandle phContext // Context to delete
); );
typedef SECURITY_STATUS typedef SECURITY_STATUS
(SEC_ENTRY * DELETE_SECURITY_CONTEXT_FN)( (SEC_ENTRY * DELETE_SECURITY_CONTEXT_FN)(
PCtxtHandle); PCtxtHandle);
KSECDDDECLSPEC KSECDDDECLSPEC
SECURITY_STATUS SEC_ENTRY SECURITY_STATUS SEC_ENTRY
ApplyControlToken( ApplyControlToken(
PCtxtHandle phContext, // Context to modify __in PCtxtHandle phContext, // Context to modify
PSecBufferDesc pInput // Input token to apply __in PSecBufferDesc pInput // Input token to apply
); );
typedef SECURITY_STATUS typedef SECURITY_STATUS
(SEC_ENTRY * APPLY_CONTROL_TOKEN_FN)( (SEC_ENTRY * APPLY_CONTROL_TOKEN_FN)(
PCtxtHandle, PSecBufferDesc); PCtxtHandle, PSecBufferDesc);
KSECDDDECLSPEC KSECDDDECLSPEC
SECURITY_STATUS SEC_ENTRY SECURITY_STATUS SEC_ENTRY
QueryContextAttributesW( QueryContextAttributesW(
PCtxtHandle phContext, // Context to query __in PCtxtHandle phContext, // Context to query
unsigned long ulAttribute, // Attribute to query __in unsigned long ulAttribute, // Attribute to query
void SEC_FAR * pBuffer // Buffer for attributes __out void * pBuffer // Buffer for attributes
); );
typedef SECURITY_STATUS typedef SECURITY_STATUS
(SEC_ENTRY * QUERY_CONTEXT_ATTRIBUTES_FN_W)( (SEC_ENTRY * QUERY_CONTEXT_ATTRIBUTES_FN_W)(
PCtxtHandle, PCtxtHandle,
unsigned long, unsigned long,
void SEC_FAR *); void *);
// end_ntifs // end_ntifs
SECURITY_STATUS SEC_ENTRY SECURITY_STATUS SEC_ENTRY
QueryContextAttributesA( QueryContextAttributesA(
PCtxtHandle phContext, // Context to query __in PCtxtHandle phContext, // Context to query
unsigned long ulAttribute, // Attribute to query __in unsigned long ulAttribute, // Attribute to query
void SEC_FAR * pBuffer // Buffer for attributes __out void * pBuffer // Buffer for attributes
); );
typedef SECURITY_STATUS typedef SECURITY_STATUS
(SEC_ENTRY * QUERY_CONTEXT_ATTRIBUTES_FN_A)( (SEC_ENTRY * QUERY_CONTEXT_ATTRIBUTES_FN_A)(
PCtxtHandle, PCtxtHandle,
unsigned long, unsigned long,
void SEC_FAR *); void *);
#ifdef UNICODE #ifdef UNICODE
# define QueryContextAttributes QueryContextAttributesW // ntifs # define QueryContextAttributes QueryContextAttributesW // ntifs
# define QUERY_CONTEXT_ATTRIBUTES_FN QUERY_CONTEXT_ATTRIBUTES_FN_W // ntifs # define QUERY_CONTEXT_ATTRIBUTES_FN QUERY_CONTEXT_ATTRIBUTES_FN_W // ntifs
#else #else
# define QueryContextAttributes QueryContextAttributesA # define QueryContextAttributes QueryContextAttributesA
# define QUERY_CONTEXT_ATTRIBUTES_FN QUERY_CONTEXT_ATTRIBUTES_FN_A # define QUERY_CONTEXT_ATTRIBUTES_FN QUERY_CONTEXT_ATTRIBUTES_FN_A
#endif // !UNICODE #endif // !UNICODE
// begin_ntifs // begin_ntifs
#if (OSVER(NTDDI_VERSION) > NTDDI_WIN2K)
SECURITY_STATUS SEC_ENTRY SECURITY_STATUS SEC_ENTRY
SetContextAttributesW( SetContextAttributesW(
PCtxtHandle phContext, // Context to Set __in PCtxtHandle phContext, // Context to Set
unsigned long ulAttribute, // Attribute to Set __in unsigned long ulAttribute, // Attribute to Set
void SEC_FAR * pBuffer, // Buffer for attributes __in_bcount(cbBuffer) void * pBuffer, // Buffer for attributes
unsigned long cbBuffer // Size (in bytes) of Buffer __in unsigned long cbBuffer // Size (in bytes) of Buffer
); );
typedef SECURITY_STATUS typedef SECURITY_STATUS
(SEC_ENTRY * SET_CONTEXT_ATTRIBUTES_FN_W)( (SEC_ENTRY * SET_CONTEXT_ATTRIBUTES_FN_W)(
PCtxtHandle, PCtxtHandle,
unsigned long, unsigned long,
void SEC_FAR *, void *,
unsigned long ); unsigned long );
#endif // Greater than w2k
// end_ntifs // end_ntifs
SECURITY_STATUS SEC_ENTRY SECURITY_STATUS SEC_ENTRY
SetContextAttributesA( SetContextAttributesA(
PCtxtHandle phContext, // Context to Set __in PCtxtHandle phContext, // Context to Set
unsigned long ulAttribute, // Attribute to Set __in unsigned long ulAttribute, // Attribute to Set
void SEC_FAR * pBuffer, // Buffer for attributes __in_bcount(cbBuffer) void * pBuffer, // Buffer for attributes
unsigned long cbBuffer // Size (in bytes) of Buffer __in unsigned long cbBuffer // Size (in bytes) of Buffer
); );
typedef SECURITY_STATUS typedef SECURITY_STATUS
(SEC_ENTRY * SET_CONTEXT_ATTRIBUTES_FN_A)( (SEC_ENTRY * SET_CONTEXT_ATTRIBUTES_FN_A)(
PCtxtHandle, PCtxtHandle,
unsigned long, unsigned long,
void SEC_FAR *, void *,
unsigned long ); unsigned long );
#ifdef UNICODE #ifdef UNICODE
# define SetContextAttributes SetContextAttributesW // ntifs # define SetContextAttributes SetContextAttributesW // ntifs
# define SET_CONTEXT_ATTRIBUTES_FN SET_CONTEXT_ATTRIBUTES_FN_W // ntifs # define SET_CONTEXT_ATTRIBUTES_FN SET_CONTEXT_ATTRIBUTES_FN_W // ntifs
#else #else
# define SetContextAttributes SetContextAttributesA # define SetContextAttributes SetContextAttributesA
# define SET_CONTEXT_ATTRIBUTES_FN SET_CONTEXT_ATTRIBUTES_FN_A # define SET_CONTEXT_ATTRIBUTES_FN SET_CONTEXT_ATTRIBUTES_FN_A
#endif // !UNICODE #endif // !UNICODE
// begin_ntifs // begin_ntifs
KSECDDDECLSPEC KSECDDDECLSPEC
SECURITY_STATUS SEC_ENTRY SECURITY_STATUS SEC_ENTRY
QueryCredentialsAttributesW( QueryCredentialsAttributesW(
PCredHandle phCredential, // Credential to query __in PCredHandle phCredential, // Credential to query
unsigned long ulAttribute, // Attribute to query __in unsigned long ulAttribute, // Attribute to query
void SEC_FAR * pBuffer // Buffer for attributes __inout void * pBuffer // Buffer for attributes
); );
typedef SECURITY_STATUS typedef SECURITY_STATUS
(SEC_ENTRY * QUERY_CREDENTIALS_ATTRIBUTES_FN_W)( (SEC_ENTRY * QUERY_CREDENTIALS_ATTRIBUTES_FN_W)(
PCredHandle, PCredHandle,
unsigned long, unsigned long,
void SEC_FAR *); void *);
// end_ntifs // end_ntifs
SECURITY_STATUS SEC_ENTRY SECURITY_STATUS SEC_ENTRY
QueryCredentialsAttributesA( QueryCredentialsAttributesA(
PCredHandle phCredential, // Credential to query __in PCredHandle phCredential, // Credential to query
unsigned long ulAttribute, // Attribute to query __in unsigned long ulAttribute, // Attribute to query
void SEC_FAR * pBuffer // Buffer for attributes __inout void * pBuffer // Buffer for attributes
); );
typedef SECURITY_STATUS typedef SECURITY_STATUS
(SEC_ENTRY * QUERY_CREDENTIALS_ATTRIBUTES_FN_A)( (SEC_ENTRY * QUERY_CREDENTIALS_ATTRIBUTES_FN_A)(
PCredHandle, PCredHandle,
unsigned long, unsigned long,
void SEC_FAR *); void *);
#ifdef UNICODE #ifdef UNICODE
# define QueryCredentialsAttributes QueryCredentialsAttributesW // n tifs # define QueryCredentialsAttributes QueryCredentialsAttributesW // n tifs
# define QUERY_CREDENTIALS_ATTRIBUTES_FN QUERY_CREDENTIALS_ATTRIBUTES_FN_W // n tifs # define QUERY_CREDENTIALS_ATTRIBUTES_FN QUERY_CREDENTIALS_ATTRIBUTES_FN_W // n tifs
#else #else
# define QueryCredentialsAttributes QueryCredentialsAttributesA # define QueryCredentialsAttributes QueryCredentialsAttributesA
# define QUERY_CREDENTIALS_ATTRIBUTES_FN QUERY_CREDENTIALS_ATTRIBUTES_FN_A # define QUERY_CREDENTIALS_ATTRIBUTES_FN QUERY_CREDENTIALS_ATTRIBUTES_FN_A
#endif // !UNICODE #endif // !UNICODE
// begin_ntifs // begin_ntifs
#if NTDDI_VERSION > NTDDI_WS03
KSECDDDECLSPEC KSECDDDECLSPEC
SECURITY_STATUS SEC_ENTRY SECURITY_STATUS SEC_ENTRY
SetCredentialsAttributesW( SetCredentialsAttributesW(
PCredHandle phCredential, // Credential to Set __in PCredHandle phCredential, // Credential to Set
unsigned long ulAttribute, // Attribute to Set __in unsigned long ulAttribute, // Attribute to Set
void SEC_FAR * pBuffer, // Buffer for attributes __in_bcount(cbBuffer) void * pBuffer, // Buffer for attributes
unsigned long cbBuffer // Size (in bytes) of Buffer __in unsigned long cbBuffer // Size (in bytes) of Buffer
); );
typedef SECURITY_STATUS typedef SECURITY_STATUS
(SEC_ENTRY * SET_CREDENTIALS_ATTRIBUTES_FN_W)( (SEC_ENTRY * SET_CREDENTIALS_ATTRIBUTES_FN_W)(
PCredHandle, PCredHandle,
unsigned long, unsigned long,
void SEC_FAR *, void *,
unsigned long ); unsigned long );
#endif // For W2k3SP1 and greater
// end_ntifs // end_ntifs
SECURITY_STATUS SEC_ENTRY SECURITY_STATUS SEC_ENTRY
SetCredentialsAttributesA( SetCredentialsAttributesA(
PCredHandle phCredential, // Credential to Set __in PCredHandle phCredential, // Credential to Set
unsigned long ulAttribute, // Attribute to Set __in unsigned long ulAttribute, // Attribute to Set
void SEC_FAR * pBuffer, // Buffer for attributes __in_bcount(cbBuffer) void * pBuffer, // Buffer for attributes
unsigned long cbBuffer // Size (in bytes) of Buffer __in unsigned long cbBuffer // Size (in bytes) of Buffer
); );
typedef SECURITY_STATUS typedef SECURITY_STATUS
(SEC_ENTRY * SET_CREDENTIALS_ATTRIBUTES_FN_A)( (SEC_ENTRY * SET_CREDENTIALS_ATTRIBUTES_FN_A)(
PCredHandle, PCredHandle,
unsigned long, unsigned long,
void SEC_FAR *, void *,
unsigned long ); unsigned long );
#ifdef UNICODE #ifdef UNICODE
# define SetCredentialsAttributes SetCredentialsAttributesW // ntifs # define SetCredentialsAttributes SetCredentialsAttributesW // ntifs
# define SET_CREDENTIALS_ATTRIBUTES_FN SET_CREDENTIALS_ATTRIBUTES_FN_W // ntifs # define SET_CREDENTIALS_ATTRIBUTES_FN SET_CREDENTIALS_ATTRIBUTES_FN_W // ntifs
#else #else
# define SetCredentialsAttributes SetCredentialsAttributesA # define SetCredentialsAttributes SetCredentialsAttributesA
# define SET_CREDENTIALS_ATTRIBUTES_FN SET_CREDENTIALS_ATTRIBUTES_FN_A # define SET_CREDENTIALS_ATTRIBUTES_FN SET_CREDENTIALS_ATTRIBUTES_FN_A
#endif // !UNICODE #endif // !UNICODE
// begin_ntifs // begin_ntifs
SECURITY_STATUS SEC_ENTRY SECURITY_STATUS SEC_ENTRY
FreeContextBuffer( FreeContextBuffer(
void SEC_FAR * pvContextBuffer // buffer to free __inout PVOID pvContextBuffer // buffer to free
); );
typedef SECURITY_STATUS typedef SECURITY_STATUS
(SEC_ENTRY * FREE_CONTEXT_BUFFER_FN)( (SEC_ENTRY * FREE_CONTEXT_BUFFER_FN)(
void SEC_FAR *); __inout PVOID
);
// end_ntifs // end_ntifs
// begin_ntifs // begin_ntifs
/////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////
//// ////
//// Message Support API //// Message Support API
//// ////
////////////////////////////////////////////////////////////////// //////////////////////////////////////////////////////////////////
KSECDDDECLSPEC KSECDDDECLSPEC
SECURITY_STATUS SEC_ENTRY SECURITY_STATUS SEC_ENTRY
MakeSignature( MakeSignature(
PCtxtHandle phContext, // Context to use __in PCtxtHandle phContext, // Context to use
unsigned long fQOP, // Quality of Protection __in unsigned long fQOP, // Quality of Protection
PSecBufferDesc pMessage, // Message to sign __in PSecBufferDesc pMessage, // Message to sign
unsigned long MessageSeqNo // Message Sequence Num. __in unsigned long MessageSeqNo // Message Sequence Num.
); );
typedef SECURITY_STATUS typedef SECURITY_STATUS
(SEC_ENTRY * MAKE_SIGNATURE_FN)( (SEC_ENTRY * MAKE_SIGNATURE_FN)(
PCtxtHandle, PCtxtHandle,
unsigned long, unsigned long,
PSecBufferDesc, PSecBufferDesc,
unsigned long); unsigned long);
KSECDDDECLSPEC KSECDDDECLSPEC
SECURITY_STATUS SEC_ENTRY SECURITY_STATUS SEC_ENTRY
VerifySignature( VerifySignature(
PCtxtHandle phContext, // Context to use __in PCtxtHandle phContext, // Context to use
PSecBufferDesc pMessage, // Message to verify __in PSecBufferDesc pMessage, // Message to verify
unsigned long MessageSeqNo, // Sequence Num. __in unsigned long MessageSeqNo, // Sequence Num.
unsigned long SEC_FAR * pfQOP // QOP used __out unsigned long * pfQOP // QOP used
); );
typedef SECURITY_STATUS typedef SECURITY_STATUS
(SEC_ENTRY * VERIFY_SIGNATURE_FN)( (SEC_ENTRY * VERIFY_SIGNATURE_FN)(
PCtxtHandle, PCtxtHandle,
PSecBufferDesc, PSecBufferDesc,
unsigned long, unsigned long,
unsigned long SEC_FAR *); unsigned long *);
// This only exists win Win2k3 and Greater
#define SECQOP_WRAP_NO_ENCRYPT 0x80000001 #define SECQOP_WRAP_NO_ENCRYPT 0x80000001
#define SECQOP_WRAP_OOB_DATA 0x40000000 #define SECQOP_WRAP_OOB_DATA 0x40000000
SECURITY_STATUS SEC_ENTRY SECURITY_STATUS SEC_ENTRY
EncryptMessage( PCtxtHandle phContext, EncryptMessage( __in PCtxtHandle phContext,
unsigned long fQOP, __in unsigned long fQOP,
PSecBufferDesc pMessage, __inout PSecBufferDesc pMessage,
unsigned long MessageSeqNo); __in unsigned long MessageSeqNo);
typedef SECURITY_STATUS typedef SECURITY_STATUS
(SEC_ENTRY * ENCRYPT_MESSAGE_FN)( (SEC_ENTRY * ENCRYPT_MESSAGE_FN)(
PCtxtHandle, unsigned long, PSecBufferDesc, unsigned long); PCtxtHandle, unsigned long, PSecBufferDesc, unsigned long);
SECURITY_STATUS SEC_ENTRY SECURITY_STATUS SEC_ENTRY
DecryptMessage( PCtxtHandle phContext, DecryptMessage( __in PCtxtHandle phContext,
PSecBufferDesc pMessage, __inout PSecBufferDesc pMessage,
unsigned long MessageSeqNo, __in unsigned long MessageSeqNo,
unsigned long * pfQOP); __out_opt unsigned long * pfQOP);
typedef SECURITY_STATUS typedef SECURITY_STATUS
(SEC_ENTRY * DECRYPT_MESSAGE_FN)( (SEC_ENTRY * DECRYPT_MESSAGE_FN)(
PCtxtHandle, PSecBufferDesc, unsigned long, PCtxtHandle, PSecBufferDesc, unsigned long,
unsigned long SEC_FAR *); unsigned long *);
// end_ntifs // end_ntifs
// begin_ntifs // begin_ntifs
/////////////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////////////
//// ////
//// Misc. //// Misc.
//// ////
/////////////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////////////
KSECDDDECLSPEC KSECDDDECLSPEC
SECURITY_STATUS SEC_ENTRY SECURITY_STATUS SEC_ENTRY
EnumerateSecurityPackagesW( EnumerateSecurityPackagesW(
unsigned long SEC_FAR * pcPackages, // Receives num. packages __out unsigned long * pcPackages, // Receives num. packages
PSecPkgInfoW SEC_FAR * ppPackageInfo // Receives array of info __deref_out PSecPkgInfoW * ppPackageInfo // Receives array of info
); );
typedef SECURITY_STATUS typedef SECURITY_STATUS
(SEC_ENTRY * ENUMERATE_SECURITY_PACKAGES_FN_W)( (SEC_ENTRY * ENUMERATE_SECURITY_PACKAGES_FN_W)(
unsigned long SEC_FAR *, unsigned long *,
PSecPkgInfoW SEC_FAR *); PSecPkgInfoW *);
// end_ntifs // end_ntifs
SECURITY_STATUS SEC_ENTRY SECURITY_STATUS SEC_ENTRY
EnumerateSecurityPackagesA( EnumerateSecurityPackagesA(
unsigned long SEC_FAR * pcPackages, // Receives num. packages __out unsigned long * pcPackages, // Receives num. packages
PSecPkgInfoA SEC_FAR * ppPackageInfo // Receives array of info __deref_out PSecPkgInfoA * ppPackageInfo // Receives array of info
); );
typedef SECURITY_STATUS typedef SECURITY_STATUS
(SEC_ENTRY * ENUMERATE_SECURITY_PACKAGES_FN_A)( (SEC_ENTRY * ENUMERATE_SECURITY_PACKAGES_FN_A)(
unsigned long SEC_FAR *, unsigned long *,
PSecPkgInfoA SEC_FAR *); PSecPkgInfoA *);
#ifdef UNICODE #ifdef UNICODE
# define EnumerateSecurityPackages EnumerateSecurityPackagesW // n tifs # define EnumerateSecurityPackages EnumerateSecurityPackagesW // n tifs
# define ENUMERATE_SECURITY_PACKAGES_FN ENUMERATE_SECURITY_PACKAGES_FN_W // n tifs # define ENUMERATE_SECURITY_PACKAGES_FN ENUMERATE_SECURITY_PACKAGES_FN_W // n tifs
#else #else
# define EnumerateSecurityPackages EnumerateSecurityPackagesA # define EnumerateSecurityPackages EnumerateSecurityPackagesA
# define ENUMERATE_SECURITY_PACKAGES_FN ENUMERATE_SECURITY_PACKAGES_FN_A # define ENUMERATE_SECURITY_PACKAGES_FN ENUMERATE_SECURITY_PACKAGES_FN_A
#endif // !UNICODE #endif // !UNICODE
// begin_ntifs // begin_ntifs
KSECDDDECLSPEC KSECDDDECLSPEC
SECURITY_STATUS SEC_ENTRY SECURITY_STATUS SEC_ENTRY
QuerySecurityPackageInfoW( QuerySecurityPackageInfoW(
#if ISSP_MODE == 0 #if ISSP_MODE == 0
PSECURITY_STRING pPackageName, __in PSECURITY_STRING pPackageName,
#else #else
SEC_WCHAR SEC_FAR * pszPackageName, // Name of package __in SEC_WCHAR * pszPackageName, // Name of package
#endif #endif
PSecPkgInfoW SEC_FAR *ppPackageInfo // Receives package info __deref_out PSecPkgInfoW *ppPackageInfo // Receives package info
); );
typedef SECURITY_STATUS typedef SECURITY_STATUS
(SEC_ENTRY * QUERY_SECURITY_PACKAGE_INFO_FN_W)( (SEC_ENTRY * QUERY_SECURITY_PACKAGE_INFO_FN_W)(
#if ISSP_MODE == 0 #if ISSP_MODE == 0
PSECURITY_STRING, PSECURITY_STRING,
#else #else
SEC_WCHAR SEC_FAR *, SEC_WCHAR *,
#endif #endif
PSecPkgInfoW SEC_FAR *); PSecPkgInfoW *);
// end_ntifs // end_ntifs
SECURITY_STATUS SEC_ENTRY SECURITY_STATUS SEC_ENTRY
QuerySecurityPackageInfoA( QuerySecurityPackageInfoA(
SEC_CHAR SEC_FAR * pszPackageName, // Name of package __in SEC_CHAR * pszPackageName, // Name of package
PSecPkgInfoA SEC_FAR *ppPackageInfo // Receives package info __deref_out PSecPkgInfoA *ppPackageInfo // Receives package info
); );
typedef SECURITY_STATUS typedef SECURITY_STATUS
(SEC_ENTRY * QUERY_SECURITY_PACKAGE_INFO_FN_A)( (SEC_ENTRY * QUERY_SECURITY_PACKAGE_INFO_FN_A)(
SEC_CHAR SEC_FAR *, SEC_CHAR *,
PSecPkgInfoA SEC_FAR *); PSecPkgInfoA *);
#ifdef UNICODE #ifdef UNICODE
# define QuerySecurityPackageInfo QuerySecurityPackageInfoW // n tifs # define QuerySecurityPackageInfo QuerySecurityPackageInfoW // n tifs
# define QUERY_SECURITY_PACKAGE_INFO_FN QUERY_SECURITY_PACKAGE_INFO_FN_W // n tifs # define QUERY_SECURITY_PACKAGE_INFO_FN QUERY_SECURITY_PACKAGE_INFO_FN_W // n tifs
#else #else
# define QuerySecurityPackageInfo QuerySecurityPackageInfoA # define QuerySecurityPackageInfo QuerySecurityPackageInfoA
# define QUERY_SECURITY_PACKAGE_INFO_FN QUERY_SECURITY_PACKAGE_INFO_FN_A # define QUERY_SECURITY_PACKAGE_INFO_FN QUERY_SECURITY_PACKAGE_INFO_FN_A
#endif // !UNICODE #endif // !UNICODE
typedef enum _SecDelegationType { typedef enum _SecDelegationType {
skipping to change at line 1488 skipping to change at line 1591
SecDirectory, SecDirectory,
SecObject SecObject
} SecDelegationType, * PSecDelegationType; } SecDelegationType, * PSecDelegationType;
SECURITY_STATUS SEC_ENTRY SECURITY_STATUS SEC_ENTRY
DelegateSecurityContext( DelegateSecurityContext(
PCtxtHandle phContext, // IN Active context to delegate PCtxtHandle phContext, // IN Active context to delegate
#if ISSP_MODE == 0 #if ISSP_MODE == 0
PSECURITY_STRING pTarget, // IN Target path PSECURITY_STRING pTarget, // IN Target path
#else #else
SEC_CHAR SEC_FAR * pszTarget, SEC_CHAR * pszTarget,
#endif #endif
SecDelegationType DelegationType, // IN Type of delegation SecDelegationType DelegationType, // IN Type of delegation
PTimeStamp pExpiry, // IN OPTIONAL time limit PTimeStamp pExpiry, // IN OPTIONAL time limit
PSecBuffer pPackageParameters, // IN OPTIONAL package specific PSecBuffer pPackageParameters, // IN OPTIONAL package specific
PSecBufferDesc pOutput); // OUT Token for applycontroltoken. PSecBufferDesc pOutput); // OUT Token for applycontroltoken.
/////////////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////////////
//// ////
//// Proxies //// Proxies
//// ////
skipping to change at line 1516 skipping to change at line 1619
/////////////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////////////
//// ////
//// Context export/import //// Context export/import
//// ////
/////////////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////////////
KSECDDDECLSPEC KSECDDDECLSPEC
SECURITY_STATUS SEC_ENTRY SECURITY_STATUS SEC_ENTRY
ExportSecurityContext( ExportSecurityContext(
PCtxtHandle phContext, // (in) context to export __in PCtxtHandle phContext, // (in) context to export
ULONG fFlags, // (in) option flags __in ULONG fFlags, // (in) option flags
PSecBuffer pPackedContext, // (out) marshalled context __out PSecBuffer pPackedContext, // (out) marshalled contex
void SEC_FAR * SEC_FAR * pToken // (out, optional) token han t
dle for impersonation __out void * * pToken // (out, optional) token handle for impers
onation
); );
typedef SECURITY_STATUS typedef SECURITY_STATUS
(SEC_ENTRY * EXPORT_SECURITY_CONTEXT_FN)( (SEC_ENTRY * EXPORT_SECURITY_CONTEXT_FN)(
PCtxtHandle, PCtxtHandle,
ULONG, ULONG,
PSecBuffer, PSecBuffer,
void SEC_FAR * SEC_FAR * void * *
); );
KSECDDDECLSPEC KSECDDDECLSPEC
SECURITY_STATUS SEC_ENTRY SECURITY_STATUS SEC_ENTRY
ImportSecurityContextW( ImportSecurityContextW(
#if ISSP_MODE == 0 #if ISSP_MODE == 0
PSECURITY_STRING pszPackage, __in PSECURITY_STRING pszPackage,
#else #else
SEC_WCHAR SEC_FAR * pszPackage, __in SEC_WCHAR * pszPackage,
#endif #endif
PSecBuffer pPackedContext, // (in) marshalled context __in PSecBuffer pPackedContext, // (in) marshalled context
void SEC_FAR * Token, // (in, optional) handle to toke __in void * Token, // (in, optional) handle to token
n for context for context
PCtxtHandle phContext // (out) new context handle __out PCtxtHandle phContext // (out) new context handl
e
); );
typedef SECURITY_STATUS typedef SECURITY_STATUS
(SEC_ENTRY * IMPORT_SECURITY_CONTEXT_FN_W)( (SEC_ENTRY * IMPORT_SECURITY_CONTEXT_FN_W)(
#if ISSP_MODE == 0 #if ISSP_MODE == 0
PSECURITY_STRING, PSECURITY_STRING,
#else #else
SEC_WCHAR SEC_FAR *, SEC_WCHAR *,
#endif #endif
PSecBuffer, PSecBuffer,
VOID SEC_FAR *, VOID *,
PCtxtHandle PCtxtHandle
); );
// end_ntifs // end_ntifs
SECURITY_STATUS SEC_ENTRY SECURITY_STATUS SEC_ENTRY
ImportSecurityContextA( ImportSecurityContextA(
SEC_CHAR SEC_FAR * pszPackage, __in SEC_CHAR * pszPackage,
PSecBuffer pPackedContext, // (in) marshalled context __in PSecBuffer pPackedContext, // (in) marshalled context
VOID SEC_FAR * Token, // (in, optional) handle to toke __in VOID * Token, // (in, optional) handle to token
n for context for context
PCtxtHandle phContext // (out) new context handle __out PCtxtHandle phContext // (out) new context handl
e
); );
typedef SECURITY_STATUS typedef SECURITY_STATUS
(SEC_ENTRY * IMPORT_SECURITY_CONTEXT_FN_A)( (SEC_ENTRY * IMPORT_SECURITY_CONTEXT_FN_A)(
SEC_CHAR SEC_FAR *, SEC_CHAR *,
PSecBuffer, PSecBuffer,
void SEC_FAR *, void *,
PCtxtHandle PCtxtHandle
); );
#ifdef UNICODE #ifdef UNICODE
# define ImportSecurityContext ImportSecurityContextW // ntifs # define ImportSecurityContext ImportSecurityContextW // ntifs
# define IMPORT_SECURITY_CONTEXT_FN IMPORT_SECURITY_CONTEXT_FN_W // ntifs # define IMPORT_SECURITY_CONTEXT_FN IMPORT_SECURITY_CONTEXT_FN_W // ntifs
#else #else
# define ImportSecurityContext ImportSecurityContextA # define ImportSecurityContext ImportSecurityContextA
# define IMPORT_SECURITY_CONTEXT_FN IMPORT_SECURITY_CONTEXT_FN_A # define IMPORT_SECURITY_CONTEXT_FN IMPORT_SECURITY_CONTEXT_FN_A
#endif // !UNICODE #endif // !UNICODE
skipping to change at line 1597 skipping to change at line 1700
IN PUNICODE_STRING ServiceClass, IN PUNICODE_STRING ServiceClass,
IN PUNICODE_STRING ServiceName, IN PUNICODE_STRING ServiceName,
IN PUNICODE_STRING InstanceName OPTIONAL, IN PUNICODE_STRING InstanceName OPTIONAL,
IN USHORT InstancePort OPTIONAL, IN USHORT InstancePort OPTIONAL,
IN PUNICODE_STRING Referrer OPTIONAL, IN PUNICODE_STRING Referrer OPTIONAL,
IN OUT PUNICODE_STRING Spn, IN OUT PUNICODE_STRING Spn,
OUT PULONG Length OPTIONAL, OUT PULONG Length OPTIONAL,
IN BOOLEAN Allocate IN BOOLEAN Allocate
); );
#if OSVER(NTDDI_VERSION) > NTDD_WIN2K
KSECDDDECLSPEC KSECDDDECLSPEC
NTSTATUS NTSTATUS
NTAPI NTAPI
SecMakeSPNEx( SecMakeSPNEx(
IN PUNICODE_STRING ServiceClass, IN PUNICODE_STRING ServiceClass,
IN PUNICODE_STRING ServiceName, IN PUNICODE_STRING ServiceName,
IN PUNICODE_STRING InstanceName OPTIONAL, IN PUNICODE_STRING InstanceName OPTIONAL,
IN USHORT InstancePort OPTIONAL, IN USHORT InstancePort OPTIONAL,
IN PUNICODE_STRING Referrer OPTIONAL, IN PUNICODE_STRING Referrer OPTIONAL,
IN PUNICODE_STRING TargetInfo OPTIONAL, IN PUNICODE_STRING TargetInfo OPTIONAL,
IN OUT PUNICODE_STRING Spn, IN OUT PUNICODE_STRING Spn,
OUT PULONG Length OPTIONAL, OUT PULONG Length OPTIONAL,
IN BOOLEAN Allocate IN BOOLEAN Allocate
); );
#if OSVER(NTDDI_VERSION) > NTDDI_WS03
KSECDDDECLSPEC
NTSTATUS
NTAPI
SecMakeSPNEx2(
IN PUNICODE_STRING ServiceClass,
IN PUNICODE_STRING ServiceName,
IN PUNICODE_STRING InstanceName OPTIONAL,
IN USHORT InstancePort OPTIONAL,
IN PUNICODE_STRING Referrer OPTIONAL,
IN PUNICODE_STRING InTargetInfo OPTIONAL,
IN OUT PUNICODE_STRING Spn,
OUT PULONG TotalSize OPTIONAL,
IN BOOLEAN Allocate,
IN BOOLEAN IsTargetInfoMarshaled
);
#endif // Longhorn and greater
KSECDDDECLSPEC KSECDDDECLSPEC
NTSTATUS NTSTATUS
SEC_ENTRY SEC_ENTRY
SecLookupAccountSid( SecLookupAccountSid(
IN PSID Sid, __in PSID Sid,
IN OUT PULONG NameSize, __out PULONG NameSize,
OUT PUNICODE_STRING NameBuffer, __inout PUNICODE_STRING NameBuffer,
IN OUT PULONG DomainSize OPTIONAL, __out PULONG DomainSize OPTIONAL,
OUT PUNICODE_STRING DomainBuffer OPTIONAL, __out_opt PUNICODE_STRING DomainBuffer OPTIONAL,
OUT PSID_NAME_USE NameUse __out PSID_NAME_USE NameUse
); );
KSECDDDECLSPEC KSECDDDECLSPEC
NTSTATUS NTSTATUS
SEC_ENTRY SEC_ENTRY
SecLookupAccountName( SecLookupAccountName(
IN PUNICODE_STRING Name, __in PUNICODE_STRING Name,
IN OUT PULONG SidSize, __inout PULONG SidSize,
OUT PSID Sid, __out PSID Sid,
OUT PSID_NAME_USE NameUse, __out PSID_NAME_USE NameUse,
IN OUT PULONG DomainSize OPTIONAL, __out PULONG DomainSize OPTIONAL,
OUT PUNICODE_STRING ReferencedDomain OPTIONAL __inout_opt PUNICODE_STRING ReferencedDomain OPTIONAL
); );
#endif // Greater than W2k
#if OSVER(NTDDI_VERSION) > NTDDI_WINXP
KSECDDDECLSPEC KSECDDDECLSPEC
NTSTATUS NTSTATUS
SEC_ENTRY SEC_ENTRY
SecLookupWellKnownSid( SecLookupWellKnownSid(
IN WELL_KNOWN_SID_TYPE SidType, __in WELL_KNOWN_SID_TYPE SidType,
OUT PSID Sid, __out PSID Sid,
ULONG SidBufferSize, __in ULONG SidBufferSize,
OUT PULONG SidSize OPTIONAL __inout_opt PULONG SidSize OPTIONAL
); );
#endif // Greater than XP
#endif #endif
// end_ntifs // end_ntifs
/////////////////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////////////////
//// ////
//// Fast access for RPC: //// Fast access for RPC:
//// ////
/////////////////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////////////////
skipping to change at line 1685 skipping to change at line 1816
// begin_ntifs // begin_ntifs
#define FreeCredentialHandle FreeCredentialsHandle #define FreeCredentialHandle FreeCredentialsHandle
typedef struct _SECURITY_FUNCTION_TABLE_W { typedef struct _SECURITY_FUNCTION_TABLE_W {
unsigned long dwVersion; unsigned long dwVersion;
ENUMERATE_SECURITY_PACKAGES_FN_W EnumerateSecurityPackagesW; ENUMERATE_SECURITY_PACKAGES_FN_W EnumerateSecurityPackagesW;
QUERY_CREDENTIALS_ATTRIBUTES_FN_W QueryCredentialsAttributesW; QUERY_CREDENTIALS_ATTRIBUTES_FN_W QueryCredentialsAttributesW;
ACQUIRE_CREDENTIALS_HANDLE_FN_W AcquireCredentialsHandleW; ACQUIRE_CREDENTIALS_HANDLE_FN_W AcquireCredentialsHandleW;
FREE_CREDENTIALS_HANDLE_FN FreeCredentialsHandle; FREE_CREDENTIALS_HANDLE_FN FreeCredentialsHandle;
void SEC_FAR * Reserved2; void * Reserved2;
INITIALIZE_SECURITY_CONTEXT_FN_W InitializeSecurityContextW; INITIALIZE_SECURITY_CONTEXT_FN_W InitializeSecurityContextW;
ACCEPT_SECURITY_CONTEXT_FN AcceptSecurityContext; ACCEPT_SECURITY_CONTEXT_FN AcceptSecurityContext;
COMPLETE_AUTH_TOKEN_FN CompleteAuthToken; COMPLETE_AUTH_TOKEN_FN CompleteAuthToken;
DELETE_SECURITY_CONTEXT_FN DeleteSecurityContext; DELETE_SECURITY_CONTEXT_FN DeleteSecurityContext;
APPLY_CONTROL_TOKEN_FN ApplyControlToken; APPLY_CONTROL_TOKEN_FN ApplyControlToken;
QUERY_CONTEXT_ATTRIBUTES_FN_W QueryContextAttributesW; QUERY_CONTEXT_ATTRIBUTES_FN_W QueryContextAttributesW;
IMPERSONATE_SECURITY_CONTEXT_FN ImpersonateSecurityContext; IMPERSONATE_SECURITY_CONTEXT_FN ImpersonateSecurityContext;
REVERT_SECURITY_CONTEXT_FN RevertSecurityContext; REVERT_SECURITY_CONTEXT_FN RevertSecurityContext;
MAKE_SIGNATURE_FN MakeSignature; MAKE_SIGNATURE_FN MakeSignature;
VERIFY_SIGNATURE_FN VerifySignature; VERIFY_SIGNATURE_FN VerifySignature;
FREE_CONTEXT_BUFFER_FN FreeContextBuffer; FREE_CONTEXT_BUFFER_FN FreeContextBuffer;
QUERY_SECURITY_PACKAGE_INFO_FN_W QuerySecurityPackageInfoW; QUERY_SECURITY_PACKAGE_INFO_FN_W QuerySecurityPackageInfoW;
void SEC_FAR * Reserved3; void * Reserved3;
void SEC_FAR * Reserved4; void * Reserved4;
EXPORT_SECURITY_CONTEXT_FN ExportSecurityContext; EXPORT_SECURITY_CONTEXT_FN ExportSecurityContext;
IMPORT_SECURITY_CONTEXT_FN_W ImportSecurityContextW; IMPORT_SECURITY_CONTEXT_FN_W ImportSecurityContextW;
ADD_CREDENTIALS_FN_W AddCredentialsW ; ADD_CREDENTIALS_FN_W AddCredentialsW ;
void SEC_FAR * Reserved8; void * Reserved8;
QUERY_SECURITY_CONTEXT_TOKEN_FN QuerySecurityContextToken; QUERY_SECURITY_CONTEXT_TOKEN_FN QuerySecurityContextToken;
ENCRYPT_MESSAGE_FN EncryptMessage; ENCRYPT_MESSAGE_FN EncryptMessage;
DECRYPT_MESSAGE_FN DecryptMessage; DECRYPT_MESSAGE_FN DecryptMessage;
#if OSVER(NTDDI_VERSION) > NTDDI_WIN2K
// Fields below this are available in OSes after w2k
SET_CONTEXT_ATTRIBUTES_FN_W SetContextAttributesW; SET_CONTEXT_ATTRIBUTES_FN_W SetContextAttributesW;
#endif // greater thean 2K
#if NTDDI_VERSION > NTDDI_WS03SP1
// Fields below this are available in OSes after W2k3SP1
SET_CREDENTIALS_ATTRIBUTES_FN_W SetCredentialsAttributesW; SET_CREDENTIALS_ATTRIBUTES_FN_W SetCredentialsAttributesW;
} SecurityFunctionTableW, SEC_FAR * PSecurityFunctionTableW; #endif
#if ISSP_MODE != 0
CHANGE_PASSWORD_FN_W ChangeAccountPasswordW;
#else
void * Reserved9;
#endif
} SecurityFunctionTableW, * PSecurityFunctionTableW;
// end_ntifs // end_ntifs
typedef struct _SECURITY_FUNCTION_TABLE_A { typedef struct _SECURITY_FUNCTION_TABLE_A {
unsigned long dwVersion; unsigned long dwVersion;
ENUMERATE_SECURITY_PACKAGES_FN_A EnumerateSecurityPackagesA; ENUMERATE_SECURITY_PACKAGES_FN_A EnumerateSecurityPackagesA;
QUERY_CREDENTIALS_ATTRIBUTES_FN_A QueryCredentialsAttributesA; QUERY_CREDENTIALS_ATTRIBUTES_FN_A QueryCredentialsAttributesA;
ACQUIRE_CREDENTIALS_HANDLE_FN_A AcquireCredentialsHandleA; ACQUIRE_CREDENTIALS_HANDLE_FN_A AcquireCredentialsHandleA;
FREE_CREDENTIALS_HANDLE_FN FreeCredentialHandle; FREE_CREDENTIALS_HANDLE_FN FreeCredentialHandle;
void SEC_FAR * Reserved2; void * Reserved2;
INITIALIZE_SECURITY_CONTEXT_FN_A InitializeSecurityContextA; INITIALIZE_SECURITY_CONTEXT_FN_A InitializeSecurityContextA;
ACCEPT_SECURITY_CONTEXT_FN AcceptSecurityContext; ACCEPT_SECURITY_CONTEXT_FN AcceptSecurityContext;
COMPLETE_AUTH_TOKEN_FN CompleteAuthToken; COMPLETE_AUTH_TOKEN_FN CompleteAuthToken;
DELETE_SECURITY_CONTEXT_FN DeleteSecurityContext; DELETE_SECURITY_CONTEXT_FN DeleteSecurityContext;
APPLY_CONTROL_TOKEN_FN ApplyControlToken; APPLY_CONTROL_TOKEN_FN ApplyControlToken;
QUERY_CONTEXT_ATTRIBUTES_FN_A QueryContextAttributesA; QUERY_CONTEXT_ATTRIBUTES_FN_A QueryContextAttributesA;
IMPERSONATE_SECURITY_CONTEXT_FN ImpersonateSecurityContext; IMPERSONATE_SECURITY_CONTEXT_FN ImpersonateSecurityContext;
REVERT_SECURITY_CONTEXT_FN RevertSecurityContext; REVERT_SECURITY_CONTEXT_FN RevertSecurityContext;
MAKE_SIGNATURE_FN MakeSignature; MAKE_SIGNATURE_FN MakeSignature;
VERIFY_SIGNATURE_FN VerifySignature; VERIFY_SIGNATURE_FN VerifySignature;
FREE_CONTEXT_BUFFER_FN FreeContextBuffer; FREE_CONTEXT_BUFFER_FN FreeContextBuffer;
QUERY_SECURITY_PACKAGE_INFO_FN_A QuerySecurityPackageInfoA; QUERY_SECURITY_PACKAGE_INFO_FN_A QuerySecurityPackageInfoA;
void SEC_FAR * Reserved3; void * Reserved3;
void SEC_FAR * Reserved4; void * Reserved4;
EXPORT_SECURITY_CONTEXT_FN ExportSecurityContext; EXPORT_SECURITY_CONTEXT_FN ExportSecurityContext;
IMPORT_SECURITY_CONTEXT_FN_A ImportSecurityContextA; IMPORT_SECURITY_CONTEXT_FN_A ImportSecurityContextA;
ADD_CREDENTIALS_FN_A AddCredentialsA ; ADD_CREDENTIALS_FN_A AddCredentialsA ;
void SEC_FAR * Reserved8; void * Reserved8;
QUERY_SECURITY_CONTEXT_TOKEN_FN QuerySecurityContextToken; QUERY_SECURITY_CONTEXT_TOKEN_FN QuerySecurityContextToken;
ENCRYPT_MESSAGE_FN EncryptMessage; ENCRYPT_MESSAGE_FN EncryptMessage;
DECRYPT_MESSAGE_FN DecryptMessage; DECRYPT_MESSAGE_FN DecryptMessage;
SET_CONTEXT_ATTRIBUTES_FN_A SetContextAttributesA; SET_CONTEXT_ATTRIBUTES_FN_A SetContextAttributesA;
SET_CREDENTIALS_ATTRIBUTES_FN_A SetCredentialsAttributesA; SET_CREDENTIALS_ATTRIBUTES_FN_A SetCredentialsAttributesA;
} SecurityFunctionTableA, SEC_FAR * PSecurityFunctionTableA; #if ISSP_MODE != 0
CHANGE_PASSWORD_FN_A ChangeAccountPasswordA;
#else
void * Reserved9;
#endif
} SecurityFunctionTableA, * PSecurityFunctionTableA;
#ifdef UNICODE #ifdef UNICODE
# define SecurityFunctionTable SecurityFunctionTableW // ntifs # define SecurityFunctionTable SecurityFunctionTableW // ntifs
# define PSecurityFunctionTable PSecurityFunctionTableW // ntifs # define PSecurityFunctionTable PSecurityFunctionTableW // ntifs
#else #else
# define SecurityFunctionTable SecurityFunctionTableA # define SecurityFunctionTable SecurityFunctionTableA
# define PSecurityFunctionTable PSecurityFunctionTableA # define PSecurityFunctionTable PSecurityFunctionTableA
#endif // !UNICODE #endif // !UNICODE
#define SECURITY_ #define SECURITY_
// Function table has all routines through DecryptMessage // Function table has all routines through DecryptMessage
#define SECURITY_SUPPORT_PROVIDER_INTERFACE_VERSION 1 // ntifs #define SECURITY_SUPPORT_PROVIDER_INTERFACE_VERSION 1 // ntifs
// Function table has all routines through SetContextAttributes // Function table has all routines through SetContextAttributes
#define SECURITY_SUPPORT_PROVIDER_INTERFACE_VERSION_2 2 // ntifs #define SECURITY_SUPPORT_PROVIDER_INTERFACE_VERSION_2 2 // ntifs
// Function table has all routines through SetCredentialsAttributes // Function table has all routines through SetCredentialsAttributes
#define SECURITY_SUPPORT_PROVIDER_INTERFACE_VERSION_3 3 // ntifs #define SECURITY_SUPPORT_PROVIDER_INTERFACE_VERSION_3 3 // ntifs
// Function table has all routines through ChangeAccountPassword
#define SECURITY_SUPPORT_PROVIDER_INTERFACE_VERSION_4 4 // ntifs
PSecurityFunctionTableA SEC_ENTRY PSecurityFunctionTableA SEC_ENTRY
InitSecurityInterfaceA( InitSecurityInterfaceA(
void void
); );
typedef PSecurityFunctionTableA typedef PSecurityFunctionTableA
(SEC_ENTRY * INIT_SECURITY_INTERFACE_A)(void); (SEC_ENTRY * INIT_SECURITY_INTERFACE_A)(void);
// begin_ntifs // begin_ntifs
skipping to change at line 1802 skipping to change at line 1953
#ifdef SECURITY_WIN32 #ifdef SECURITY_WIN32
// //
// SASL Profile Support // SASL Profile Support
// //
SECURITY_STATUS SECURITY_STATUS
SEC_ENTRY SEC_ENTRY
SaslEnumerateProfilesA( SaslEnumerateProfilesA(
OUT LPSTR * ProfileList, __deref_out LPSTR * ProfileList,
OUT ULONG * ProfileCount __out ULONG * ProfileCount
); );
SECURITY_STATUS SECURITY_STATUS
SEC_ENTRY SEC_ENTRY
SaslEnumerateProfilesW( SaslEnumerateProfilesW(
OUT LPWSTR * ProfileList, OUT LPWSTR * ProfileList,
OUT ULONG * ProfileCount OUT ULONG * ProfileCount
); );
#ifdef UNICODE #ifdef UNICODE
#define SaslEnumerateProfiles SaslEnumerateProfilesW #define SaslEnumerateProfiles SaslEnumerateProfilesW
#else #else
#define SaslEnumerateProfiles SaslEnumerateProfilesA #define SaslEnumerateProfiles SaslEnumerateProfilesA
#endif #endif
SECURITY_STATUS SECURITY_STATUS
SEC_ENTRY SEC_ENTRY
SaslGetProfilePackageA( SaslGetProfilePackageA(
IN LPSTR ProfileName, __in LPSTR ProfileName,
OUT PSecPkgInfoA * PackageInfo __deref_out PSecPkgInfoA * PackageInfo
); );
SECURITY_STATUS SECURITY_STATUS
SEC_ENTRY SEC_ENTRY
SaslGetProfilePackageW( SaslGetProfilePackageW(
IN LPWSTR ProfileName, __in LPWSTR ProfileName,
OUT PSecPkgInfoW * PackageInfo __deref_out PSecPkgInfoW * PackageInfo
); );
#ifdef UNICODE #ifdef UNICODE
#define SaslGetProfilePackage SaslGetProfilePackageW #define SaslGetProfilePackage SaslGetProfilePackageW
#else #else
#define SaslGetProfilePackage SaslGetProfilePackageA #define SaslGetProfilePackage SaslGetProfilePackageA
#endif #endif
SECURITY_STATUS SECURITY_STATUS
SEC_ENTRY SEC_ENTRY
SaslIdentifyPackageA( SaslIdentifyPackageA(
IN PSecBufferDesc pInput, __in PSecBufferDesc pInput,
OUT PSecPkgInfoA * PackageInfo __deref_out PSecPkgInfoA * PackageInfo
); );
SECURITY_STATUS SECURITY_STATUS
SEC_ENTRY SEC_ENTRY
SaslIdentifyPackageW( SaslIdentifyPackageW(
IN PSecBufferDesc pInput, __in PSecBufferDesc pInput,
OUT PSecPkgInfoW * PackageInfo __deref_out PSecPkgInfoW * PackageInfo
); );
#ifdef UNICODE #ifdef UNICODE
#define SaslIdentifyPackage SaslIdentifyPackageW #define SaslIdentifyPackage SaslIdentifyPackageW
#else #else
#define SaslIdentifyPackage SaslIdentifyPackageA #define SaslIdentifyPackage SaslIdentifyPackageA
#endif #endif
SECURITY_STATUS SECURITY_STATUS
SEC_ENTRY SEC_ENTRY
SaslInitializeSecurityContextW( SaslInitializeSecurityContextW(
PCredHandle phCredential, // Cred to base context __in_opt PCredHandle phCredential, // Cred to base
PCtxtHandle phContext, // Existing context (OPT) context
LPWSTR pszTargetName, // Name of target __in_opt PCtxtHandle phContext, // Existing cont
unsigned long fContextReq, // Context Requirements ext (OPT)
unsigned long Reserved1, // Reserved, MBZ __in_opt LPWSTR pszTargetName, // Name of targe
unsigned long TargetDataRep, // Data rep of target t
PSecBufferDesc pInput, // Input Buffers __in unsigned long fContextReq, // Context Requi
unsigned long Reserved2, // Reserved, MBZ rements
PCtxtHandle phNewContext, // (out) New Context handle __in unsigned long Reserved1, // Reserved, MBZ
PSecBufferDesc pOutput, // (inout) Output Buffers __in unsigned long TargetDataRep, // Data rep of t
unsigned long SEC_FAR * pfContextAttr, // (out) Context attrs arget
PTimeStamp ptsExpiry // (out) Life span (OPT) __in_opt PSecBufferDesc pInput, // Input Buffers
__in unsigned long Reserved2, // Reserved, MBZ
__inout_opt PCtxtHandle phNewContext, // (out) New Con
text handle
__inout_opt PSecBufferDesc pOutput, // (inout) Outpu
t Buffers
__out unsigned long * pfContextAttr, // (out) Context attrs
__out_opt PTimeStamp ptsExpiry // (out) Life sp
an (OPT)
); );
SECURITY_STATUS SECURITY_STATUS
SEC_ENTRY SEC_ENTRY
SaslInitializeSecurityContextA( SaslInitializeSecurityContextA(
PCredHandle phCredential, // Cred to base context __in_opt PCredHandle phCredential, // Cred to base
PCtxtHandle phContext, // Existing context (OPT) context
LPSTR pszTargetName, // Name of target __in_opt PCtxtHandle phContext, // Existing cont
unsigned long fContextReq, // Context Requirements ext (OPT)
unsigned long Reserved1, // Reserved, MBZ __in_opt LPSTR pszTargetName, // Name of targe
unsigned long TargetDataRep, // Data rep of target t
PSecBufferDesc pInput, // Input Buffers __in unsigned long fContextReq, // Context Requi
unsigned long Reserved2, // Reserved, MBZ rements
PCtxtHandle phNewContext, // (out) New Context handle __in unsigned long Reserved1, // Reserved, MBZ
PSecBufferDesc pOutput, // (inout) Output Buffers __in unsigned long TargetDataRep, // Data rep of t
unsigned long SEC_FAR * pfContextAttr, // (out) Context attrs arget
PTimeStamp ptsExpiry // (out) Life span (OPT) __in_opt PSecBufferDesc pInput, // Input Buffers
__in unsigned long Reserved2, // Reserved, MBZ
__inout_opt PCtxtHandle phNewContext, // (out) New Con
text handle
__inout_opt PSecBufferDesc pOutput, // (inout) Outpu
t Buffers
__out unsigned long * pfContextAttr, // (out) Context attrs
__out_opt PTimeStamp ptsExpiry // (out) Life sp
an (OPT)
); );
#ifdef UNICODE #ifdef UNICODE
#define SaslInitializeSecurityContext SaslInitializeSecurityContextW #define SaslInitializeSecurityContext SaslInitializeSecurityContextW
#else #else
#define SaslInitializeSecurityContext SaslInitializeSecurityContextA #define SaslInitializeSecurityContext SaslInitializeSecurityContextA
#endif #endif
SECURITY_STATUS SECURITY_STATUS
SEC_ENTRY SEC_ENTRY
SaslAcceptSecurityContext( SaslAcceptSecurityContext(
PCredHandle phCredential, // Cred to base context __in_opt PCredHandle phCredential, // Cred to base
PCtxtHandle phContext, // Existing context (OPT) context
PSecBufferDesc pInput, // Input buffer __in_opt PCtxtHandle phContext, // Existing cont
unsigned long fContextReq, // Context Requirements ext (OPT)
unsigned long TargetDataRep, // Target Data Rep __in_opt PSecBufferDesc pInput, // Input buffer
PCtxtHandle phNewContext, // (out) New context handle __in unsigned long fContextReq, // Context Requi
PSecBufferDesc pOutput, // (inout) Output buffers rements
unsigned long SEC_FAR * pfContextAttr, // (out) Context attributes __in unsigned long TargetDataRep, // Target Data R
PTimeStamp ptsExpiry // (out) Life span (OPT) ep
__inout_opt PCtxtHandle phNewContext, // (out) New con
text handle
__inout_opt PSecBufferDesc pOutput, // (inout) Outpu
t buffers
__out unsigned long * pfContextAttr, // (out) Context attribu
tes
__out_opt PTimeStamp ptsExpiry // (out) Life sp
an (OPT)
); );
#define SASL_OPTION_SEND_SIZE 1 // Maximum size to send to peer #define SASL_OPTION_SEND_SIZE 1 // Maximum size to send to peer
#define SASL_OPTION_RECV_SIZE 2 // Maximum size willing to receive #define SASL_OPTION_RECV_SIZE 2 // Maximum size willing to receive
#define SASL_OPTION_AUTHZ_STRING 3 // Authorization string #define SASL_OPTION_AUTHZ_STRING 3 // Authorization string
#define SASL_OPTION_AUTHZ_PROCESSING 4 // Authorization string processi ng #define SASL_OPTION_AUTHZ_PROCESSING 4 // Authorization string processi ng
typedef enum _SASL_AUTHZID_STATE { typedef enum _SASL_AUTHZID_STATE {
Sasl_AuthZIDForbidden, // allow no AuthZID strings to be specifi ed - error out (default) Sasl_AuthZIDForbidden, // allow no AuthZID strings to be specifi ed - error out (default)
Sasl_AuthZIDProcessed // AuthZID Strings processed by Applicatio n or SSP Sasl_AuthZIDProcessed // AuthZID Strings processed by Applicatio n or SSP
} SASL_AUTHZID_STATE ; } SASL_AUTHZID_STATE ;
SECURITY_STATUS SECURITY_STATUS
SEC_ENTRY SEC_ENTRY
SaslSetContextOption( SaslSetContextOption(
PCtxtHandle ContextHandle, __in PCtxtHandle ContextHandle,
ULONG Option, __in ULONG Option,
PVOID Value, __in PVOID Value,
ULONG Size __in ULONG Size
); );
SECURITY_STATUS SECURITY_STATUS
SEC_ENTRY SEC_ENTRY
SaslGetContextOption( SaslGetContextOption(
PCtxtHandle ContextHandle, __in PCtxtHandle ContextHandle,
ULONG Option, __in ULONG Option,
PVOID Value, __out PVOID Value,
ULONG Size, __in ULONG Size,
PULONG Needed OPTIONAL __out_opt PULONG Needed OPTIONAL
); );
#endif #endif
#ifdef SECURITY_DOS #ifdef SECURITY_DOS
#if _MSC_VER >= 1200 #if _MSC_VER >= 1200
#pragma warning(pop) #pragma warning(pop)
#else #else
#pragma warning(default:4147) #pragma warning(default:4147)
#endif #endif
skipping to change at line 1957 skipping to change at line 2108
#else #else
#pragma warning(default:4147) #pragma warning(default:4147)
#endif #endif
#endif #endif
// //
// This is the legacy credentials structure. // This is the legacy credentials structure.
// The EX version below is preferred. // The EX version below is preferred.
// begin_ntifs // begin_ntifs
#ifndef _AUTH_IDENTITY_DEFINED #ifndef _AUTH_IDENTITY_DEFINED
#define _AUTH_IDENTITY_DEFINED #define _AUTH_IDENTITY_DEFINED
//
// This was not defined in NTIFS.h for windows 2000 however
// this struct has always been there and are safe to use
// in windows 2000 and above.
//
#define SEC_WINNT_AUTH_IDENTITY_ANSI 0x1 #define SEC_WINNT_AUTH_IDENTITY_ANSI 0x1
#define SEC_WINNT_AUTH_IDENTITY_UNICODE 0x2 #define SEC_WINNT_AUTH_IDENTITY_UNICODE 0x2
typedef struct _SEC_WINNT_AUTH_IDENTITY_W { typedef struct _SEC_WINNT_AUTH_IDENTITY_W {
unsigned short *User; unsigned short *User;
unsigned long UserLength; unsigned long UserLength;
unsigned short *Domain; unsigned short *Domain;
unsigned long DomainLength; unsigned long DomainLength;
unsigned short *Password; unsigned short *Password;
unsigned long PasswordLength; unsigned long PasswordLength;
unsigned long Flags; unsigned long Flags;
} SEC_WINNT_AUTH_IDENTITY_W, *PSEC_WINNT_AUTH_IDENTITY_W; } SEC_WINNT_AUTH_IDENTITY_W, *PSEC_WINNT_AUTH_IDENTITY_W;
// end_ntifs // end_ntifs
#define _AUTH_IDENTITY_A_DEFINED
typedef struct _SEC_WINNT_AUTH_IDENTITY_A { typedef struct _SEC_WINNT_AUTH_IDENTITY_A {
unsigned char *User; unsigned char *User;
unsigned long UserLength; unsigned long UserLength;
unsigned char *Domain; unsigned char *Domain;
unsigned long DomainLength; unsigned long DomainLength;
unsigned char *Password; unsigned char *Password;
unsigned long PasswordLength; unsigned long PasswordLength;
unsigned long Flags; unsigned long Flags;
} SEC_WINNT_AUTH_IDENTITY_A, *PSEC_WINNT_AUTH_IDENTITY_A; } SEC_WINNT_AUTH_IDENTITY_A, *PSEC_WINNT_AUTH_IDENTITY_A;
#ifdef UNICODE #ifdef UNICODE
#define SEC_WINNT_AUTH_IDENTITY SEC_WINNT_AUTH_IDENTITY_W // ntifs #define SEC_WINNT_AUTH_IDENTITY SEC_WINNT_AUTH_IDENTITY_W // ntifs
#define PSEC_WINNT_AUTH_IDENTITY PSEC_WINNT_AUTH_IDENTITY_W // ntifs #define PSEC_WINNT_AUTH_IDENTITY PSEC_WINNT_AUTH_IDENTITY_W // ntifs
#define _SEC_WINNT_AUTH_IDENTITY _SEC_WINNT_AUTH_IDENTITY_W // ntifs #define _SEC_WINNT_AUTH_IDENTITY _SEC_WINNT_AUTH_IDENTITY_W // ntifs
#else // UNICODE #else // UNICODE
#define SEC_WINNT_AUTH_IDENTITY SEC_WINNT_AUTH_IDENTITY_A #define SEC_WINNT_AUTH_IDENTITY SEC_WINNT_AUTH_IDENTITY_A
#define PSEC_WINNT_AUTH_IDENTITY PSEC_WINNT_AUTH_IDENTITY_A #define PSEC_WINNT_AUTH_IDENTITY PSEC_WINNT_AUTH_IDENTITY_A
#define _SEC_WINNT_AUTH_IDENTITY _SEC_WINNT_AUTH_IDENTITY_A #define _SEC_WINNT_AUTH_IDENTITY _SEC_WINNT_AUTH_IDENTITY_A
#endif // UNICODE #endif // UNICODE
// begin_ntifs
#endif //_AUTH_IDENTITY_DEFINED // ntifs #endif //_AUTH_IDENTITY_DEFINED // ntifs
// begin_ntifs
// //
// This is the combined authentication identity structure that may be // This is the combined authentication identity structure that may be
// used with the negotiate package, NTLM, Kerberos, or SCHANNEL // used with the negotiate package, NTLM, Kerberos, or SCHANNEL
// //
#ifndef SEC_WINNT_AUTH_IDENTITY_VERSION #ifndef SEC_WINNT_AUTH_IDENTITY_VERSION
#define SEC_WINNT_AUTH_IDENTITY_VERSION 0x200 #define SEC_WINNT_AUTH_IDENTITY_VERSION 0x200
typedef struct _SEC_WINNT_AUTH_IDENTITY_EXW { typedef struct _SEC_WINNT_AUTH_IDENTITY_EXW {
unsigned long Version; unsigned long Version;
unsigned long Length; unsigned long Length;
unsigned short SEC_FAR *User; unsigned short *User;
unsigned long UserLength; unsigned long UserLength;
unsigned short SEC_FAR *Domain; unsigned short *Domain;
unsigned long DomainLength; unsigned long DomainLength;
unsigned short SEC_FAR *Password; unsigned short *Password;
unsigned long PasswordLength; unsigned long PasswordLength;
unsigned long Flags; unsigned long Flags;
unsigned short SEC_FAR * PackageList; unsigned short * PackageList;
unsigned long PackageListLength; unsigned long PackageListLength;
} SEC_WINNT_AUTH_IDENTITY_EXW, *PSEC_WINNT_AUTH_IDENTITY_EXW; } SEC_WINNT_AUTH_IDENTITY_EXW, *PSEC_WINNT_AUTH_IDENTITY_EXW;
// end_ntifs // end_ntifs
typedef struct _SEC_WINNT_AUTH_IDENTITY_EXA { typedef struct _SEC_WINNT_AUTH_IDENTITY_EXA {
unsigned long Version; unsigned long Version;
unsigned long Length; unsigned long Length;
unsigned char SEC_FAR *User; unsigned char *User;
unsigned long UserLength; unsigned long UserLength;
unsigned char SEC_FAR *Domain; unsigned char *Domain;
unsigned long DomainLength; unsigned long DomainLength;
unsigned char SEC_FAR *Password; unsigned char *Password;
unsigned long PasswordLength; unsigned long PasswordLength;
unsigned long Flags; unsigned long Flags;
unsigned char SEC_FAR * PackageList; unsigned char * PackageList;
unsigned long PackageListLength; unsigned long PackageListLength;
} SEC_WINNT_AUTH_IDENTITY_EXA, *PSEC_WINNT_AUTH_IDENTITY_EXA; } SEC_WINNT_AUTH_IDENTITY_EXA, *PSEC_WINNT_AUTH_IDENTITY_EXA;
#ifdef UNICODE #ifdef UNICODE
#define SEC_WINNT_AUTH_IDENTITY_EX SEC_WINNT_AUTH_IDENTITY_EXW // ntifs #define SEC_WINNT_AUTH_IDENTITY_EX SEC_WINNT_AUTH_IDENTITY_EXW // ntifs
#define PSEC_WINNT_AUTH_IDENTITY_EX PSEC_WINNT_AUTH_IDENTITY_EXW // ntifs #define PSEC_WINNT_AUTH_IDENTITY_EX PSEC_WINNT_AUTH_IDENTITY_EXW // ntifs
#else #else
#define SEC_WINNT_AUTH_IDENTITY_EX SEC_WINNT_AUTH_IDENTITY_EXA #define SEC_WINNT_AUTH_IDENTITY_EX SEC_WINNT_AUTH_IDENTITY_EXA
#endif #endif
// begin_ntifs // begin_ntifs
#endif // SEC_WINNT_AUTH_IDENTITY_VERSION #endif // SEC_WINNT_AUTH_IDENTITY_VERSION
// //
// Common types used by negotiable security packages // Common types used by negotiable security packages
// //
// These are defined after W2K
//
#define SEC_WINNT_AUTH_IDENTITY_MARSHALLED 0x4 // all data is in one bu ffer #define SEC_WINNT_AUTH_IDENTITY_MARSHALLED 0x4 // all data is in one bu ffer
#define SEC_WINNT_AUTH_IDENTITY_ONLY 0x8 // these credentials are for identity only - no PAC needed #define SEC_WINNT_AUTH_IDENTITY_ONLY 0x8 // these credentials are for identity only - no PAC needed
// end_ntifs // end_ntifs
// //
// Routines for manipulating packages // Routines for manipulating packages
// //
typedef struct _SECURITY_PACKAGE_OPTIONS { typedef struct _SECURITY_PACKAGE_OPTIONS {
unsigned long Size; unsigned long Size;
unsigned long Type; unsigned long Type;
unsigned long Flags; unsigned long Flags;
unsigned long SignatureSize; unsigned long SignatureSize;
void SEC_FAR * Signature; void * Signature;
} SECURITY_PACKAGE_OPTIONS, SEC_FAR * PSECURITY_PACKAGE_OPTIONS; } SECURITY_PACKAGE_OPTIONS, * PSECURITY_PACKAGE_OPTIONS;
#define SECPKG_OPTIONS_TYPE_UNKNOWN 0 #define SECPKG_OPTIONS_TYPE_UNKNOWN 0
#define SECPKG_OPTIONS_TYPE_LSA 1 #define SECPKG_OPTIONS_TYPE_LSA 1
#define SECPKG_OPTIONS_TYPE_SSPI 2 #define SECPKG_OPTIONS_TYPE_SSPI 2
#define SECPKG_OPTIONS_PERMANENT 0x00000001 #define SECPKG_OPTIONS_PERMANENT 0x00000001
SECURITY_STATUS SECURITY_STATUS
SEC_ENTRY SEC_ENTRY
AddSecurityPackageA( AddSecurityPackageA(
SEC_CHAR SEC_FAR * pszPackageName, __in LPSTR pszPackageName,
SECURITY_PACKAGE_OPTIONS SEC_FAR * Options __in_opt PSECURITY_PACKAGE_OPTIONS pOptions
); );
SECURITY_STATUS SECURITY_STATUS
SEC_ENTRY SEC_ENTRY
AddSecurityPackageW( AddSecurityPackageW(
SEC_WCHAR SEC_FAR * pszPackageName, __in LPWSTR pszPackageName,
SECURITY_PACKAGE_OPTIONS SEC_FAR * Options __in_opt PSECURITY_PACKAGE_OPTIONS pOptions
); );
#ifdef UNICODE #ifdef UNICODE
#define AddSecurityPackage AddSecurityPackageW #define AddSecurityPackage AddSecurityPackageW
#else #else
#define AddSecurityPackage AddSecurityPackageA #define AddSecurityPackage AddSecurityPackageA
#endif #endif
SECURITY_STATUS SECURITY_STATUS
SEC_ENTRY SEC_ENTRY
DeleteSecurityPackageA( DeleteSecurityPackageA(
SEC_CHAR SEC_FAR * pszPackageName ); __in LPSTR pszPackageName
);
SECURITY_STATUS SECURITY_STATUS
SEC_ENTRY SEC_ENTRY
DeleteSecurityPackageW( DeleteSecurityPackageW(
SEC_WCHAR SEC_FAR * pszPackageName ); __in LPWSTR pszPackageName
);
#ifdef UNICODE #ifdef UNICODE
#define DeleteSecurityPackage DeleteSecurityPackageW #define DeleteSecurityPackage DeleteSecurityPackageW
#else #else
#define DeleteSecurityPackage DeleteSecurityPackageA #define DeleteSecurityPackage DeleteSecurityPackageA
#endif #endif
#ifdef __cplusplus #ifdef __cplusplus
} // extern "C" } // extern "C"
#endif #endif
 End of changes. 212 change blocks. 
432 lines changed or deleted 635 lines changed or added

This html diff was produced by rfcdiff 1.41.