Headers diff for secur32.dll between 6.0.6002.18005-Windows 6.0 and 6.1.7601.23418-Windows 7.0 versions



 ntsecapi.h (6.0.6002.18005-Windows 6.0)   ntsecapi.h (6.1.7601.23418-Windows 7.0) 
skipping to change at line 631 skipping to change at line 631
DEFINE_GUID( DEFINE_GUID(
Audit_AccountLogon_Others, Audit_AccountLogon_Others,
0x0cce9241, 0x0cce9241,
0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30 0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30
); );
#ifdef INITGUID #ifdef INITGUID
#define Audit_AccountLogon_Others_defined #define Audit_AccountLogon_Others_defined
#endif #endif
#endif #endif
/* 0cce9242-69ae-11d9-bed3-505054503030 */
#if !defined(INITGUID) || !defined(Audit_AccountLogon_KerbCredentialValidation_d
efined)
DEFINE_GUID(
Audit_AccountLogon_KerbCredentialValidation,
0x0cce9242,
0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30
);
#ifdef INITGUID
#define Audit_AccountLogon_KerbCredentialValidation_defined
#endif
#endif
/* 0cce9243-69ae-11d9-bed3-505054503030 */
#if !defined(INITGUID) || !defined(Audit_Logon_NPS_defined)
DEFINE_GUID(
Audit_Logon_NPS,
0x0cce9243,
0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30
);
#ifdef INITGUID
#define Audit_Logon_NPS_defined
#endif
#endif
/* 0cce9244-69ae-11d9-bed3-505054503030 */
#if !defined(INITGUID) || !defined(Audit_ObjectAccess_DetailedFileShare_defined)
DEFINE_GUID(
Audit_ObjectAccess_DetailedFileShare,
0x0cce9244,
0x69ae, 0x11d9, 0xbe, 0xd3, 0x50, 0x50, 0x54, 0x50, 0x30, 0x30
);
#ifdef INITGUID
#define Audit_ObjectAccess_DetailedFileShare_defined
#endif
#endif
#endif // DEFINE_GUID #endif // DEFINE_GUID
// //
// All categories are named as <Audit_CategoryName> // All categories are named as <Audit_CategoryName>
// //
#ifdef DEFINE_GUID #ifdef DEFINE_GUID
/* 69979848-797a-11d9-bed3-505054503030 */ /* 69979848-797a-11d9-bed3-505054503030 */
#if !defined(INITGUID) || !defined(Audit_System_defined) #if !defined(INITGUID) || !defined(Audit_System_defined)
skipping to change at line 760 skipping to change at line 796
#define _NTSECAPI_ #define _NTSECAPI_
#ifdef __cplusplus #ifdef __cplusplus
extern "C" { extern "C" {
#endif #endif
#ifndef _NTDEF_ #ifndef _NTDEF_
typedef LONG NTSTATUS, *PNTSTATUS; typedef LONG NTSTATUS, *PNTSTATUS;
#endif #endif
#include <lsalookup.h>
#ifndef _NTLSA_IFS_ #ifndef _NTLSA_IFS_
// begin_ntifs // begin_ntifs
// //
// Security operation mode of the system is held in a control // Security operation mode of the system is held in a control
// longword. // longword.
// //
typedef ULONG LSA_OPERATIONAL_MODE, *PLSA_OPERATIONAL_MODE; typedef ULONG LSA_OPERATIONAL_MODE, *PLSA_OPERATIONAL_MODE;
skipping to change at line 1181 skipping to change at line 1218
// pointer to SOCKADDR_IN/SOCKADDR_IN6 // pointer to SOCKADDR_IN/SOCKADDR_IN6
// structure // structure
// //
// Results in: // Results in:
// //
// param 1: IP address string // param 1: IP address string
// param 2: Port number string // param 2: Port number string
// //
// //
// Everything below this exists only in Longhorn and greater // Everything below this exists only in Windows Server 2008 and greater
// //
SeAdtParmTypeSD, // Produces 1 parameters SeAdtParmTypeSD, // Produces 1 parameters
// //
// Received value: // Received value:
// //
// pointer to SECURITY_DESCRIPTOR // pointer to SECURITY_DESCRIPTOR
// structure // structure
// //
// Results in: // Results in:
skipping to change at line 1227 skipping to change at line 1264
// param 3: Logon ID (Luid) string // param 3: Logon ID (Luid) string
SeAdtParmTypeUlongNoConv, // Produces 1 parameter. SeAdtParmTypeUlongNoConv, // Produces 1 parameter.
// Received Value: // Received Value:
// Ulong // Ulong
// //
//Results in: //Results in:
// Not converted to string // Not converted to string
// //
SeAdtParmTypeSockAddrNoPort // Produces 1 parameter SeAdtParmTypeSockAddrNoPort, // Produces 1 parameter
// //
// Received value: // Received value:
// //
// pointer to SOCKADDR_IN/SOCKADDR_IN6 // pointer to SOCKADDR_IN/SOCKADDR_IN6
// structure // structure
// //
// Results in: // Results in:
// //
// param 1: IPv4/IPv6 address string // param 1: IPv4/IPv6 address string
// //
//
// Everything below this exists only in Windows Server 2008 and greater
//
SeAdtParmTypeAccessReason // Produces 1 parameters
//
// Received value:
//
// pointer to SECURITY_DESCRIPTOR
// structure followed by the reason code.
// The reason code could be the index
// of the ACE in the SD or privilege ID or
// other reason codes.
//
// Results in:
//
// String representation of the access reaso
n.
//
} SE_ADT_PARAMETER_TYPE, *PSE_ADT_PARAMETER_TYPE; } SE_ADT_PARAMETER_TYPE, *PSE_ADT_PARAMETER_TYPE;
#ifndef GUID_DEFINED #ifndef GUID_DEFINED
#include <guiddef.h> #include <guiddef.h>
#endif /* GUID_DEFINED */ #endif /* GUID_DEFINED */
typedef struct _SE_ADT_OBJECT_TYPE { typedef struct _SE_ADT_OBJECT_TYPE {
GUID ObjectType; GUID ObjectType;
USHORT Flags; USHORT Flags;
skipping to change at line 1262 skipping to change at line 1317
typedef struct _SE_ADT_PARAMETER_ARRAY_ENTRY { typedef struct _SE_ADT_PARAMETER_ARRAY_ENTRY {
SE_ADT_PARAMETER_TYPE Type; SE_ADT_PARAMETER_TYPE Type;
ULONG Length; ULONG Length;
ULONG_PTR Data[2]; ULONG_PTR Data[2];
PVOID Address; PVOID Address;
} SE_ADT_PARAMETER_ARRAY_ENTRY, *PSE_ADT_PARAMETER_ARRAY_ENTRY; } SE_ADT_PARAMETER_ARRAY_ENTRY, *PSE_ADT_PARAMETER_ARRAY_ENTRY;
typedef struct _SE_ADT_ACCESS_REASON{
ACCESS_MASK AccessMask;
ULONG AccessReasons[32];
ULONG ObjectTypeIndex;
ULONG AccessGranted;
PSECURITY_DESCRIPTOR SecurityDescriptor; // multple SDs may be stored her
e in self-relative way.
} SE_ADT_ACCESS_REASON, *PSE_ADT_ACCESS_REASON;
// //
// Structure that will be passed between the Reference Monitor and LSA // Structure that will be passed between the Reference Monitor and LSA
// to transmit auditing information. // to transmit auditing information.
// //
#define SE_MAX_AUDIT_PARAMETERS 32 #define SE_MAX_AUDIT_PARAMETERS 32
#define SE_MAX_GENERIC_AUDIT_PARAMETERS 28 #define SE_MAX_GENERIC_AUDIT_PARAMETERS 28
typedef struct _SE_ADT_PARAMETER_ARRAY { typedef struct _SE_ADT_PARAMETER_ARRAY {
skipping to change at line 1290 skipping to change at line 1353
} SE_ADT_PARAMETER_ARRAY, *PSE_ADT_PARAMETER_ARRAY; } SE_ADT_PARAMETER_ARRAY, *PSE_ADT_PARAMETER_ARRAY;
#define SE_ADT_PARAMETERS_SELF_RELATIVE 0x00000001 #define SE_ADT_PARAMETERS_SELF_RELATIVE 0x00000001
#define SE_ADT_PARAMETERS_SEND_TO_LSA 0x00000002 #define SE_ADT_PARAMETERS_SEND_TO_LSA 0x00000002
#define SE_ADT_PARAMETER_EXTENSIBLE_AUDIT 0x00000004 #define SE_ADT_PARAMETER_EXTENSIBLE_AUDIT 0x00000004
#define SE_ADT_PARAMETER_GENERIC_AUDIT 0x00000008 #define SE_ADT_PARAMETER_GENERIC_AUDIT 0x00000008
#define SE_ADT_PARAMETER_WRITE_SYNCHRONOUS 0x00000010 #define SE_ADT_PARAMETER_WRITE_SYNCHRONOUS 0x00000010
// //
// This macro only existed in longhorn and after // This macro only existed in Windows Server 2008 and after
// //
#define LSAP_SE_ADT_PARAMETER_ARRAY_TRUE_SIZE(AuditParameters) \ #define LSAP_SE_ADT_PARAMETER_ARRAY_TRUE_SIZE(AuditParameters) \
( sizeof(SE_ADT_PARAMETER_ARRAY) - \ ( sizeof(SE_ADT_PARAMETER_ARRAY) - \
sizeof(SE_ADT_PARAMETER_ARRAY_ENTRY) * \ sizeof(SE_ADT_PARAMETER_ARRAY_ENTRY) * \
(SE_MAX_AUDIT_PARAMETERS - AuditParameters->ParameterCount) ) (SE_MAX_AUDIT_PARAMETERS - AuditParameters->ParameterCount) )
#endif // _NTLSA_AUDIT_ #endif // _NTLSA_AUDIT_
// end_ntifs // end_ntifs
skipping to change at line 1355 skipping to change at line 1418
#define POLICY_AUDIT_EVENT_NONE (0x00000004L) #define POLICY_AUDIT_EVENT_NONE (0x00000004L)
// Mask of valid event auditing options // Mask of valid event auditing options
#define POLICY_AUDIT_EVENT_MASK \ #define POLICY_AUDIT_EVENT_MASK \
(POLICY_AUDIT_EVENT_SUCCESS | \ (POLICY_AUDIT_EVENT_SUCCESS | \
POLICY_AUDIT_EVENT_FAILURE | \ POLICY_AUDIT_EVENT_FAILURE | \
POLICY_AUDIT_EVENT_UNCHANGED | \ POLICY_AUDIT_EVENT_UNCHANGED | \
POLICY_AUDIT_EVENT_NONE) POLICY_AUDIT_EVENT_NONE)
#ifdef _NTDEF_ #ifndef _NTDEF_
// begin_ntifs
typedef UNICODE_STRING LSA_UNICODE_STRING, *PLSA_UNICODE_STRING;
typedef STRING LSA_STRING, *PLSA_STRING;
typedef OBJECT_ATTRIBUTES LSA_OBJECT_ATTRIBUTES, *PLSA_OBJECT_ATTRIBUTES;
// end_ntifs
#else // _NTDEF_
#ifndef IN #ifndef IN
#define IN #define IN
#endif #endif
#ifndef OUT #ifndef OUT
#define OUT #define OUT
#endif #endif
#ifndef OPTIONAL #ifndef OPTIONAL
#define OPTIONAL #define OPTIONAL
#endif #endif
#endif // _NTDEF_
typedef struct _LSA_UNICODE_STRING {
USHORT Length;
USHORT MaximumLength;
#ifdef MIDL_PASS
[size_is(MaximumLength/2), length_is(Length/2)]
#endif // MIDL_PASS
PWSTR Buffer;
} LSA_UNICODE_STRING, *PLSA_UNICODE_STRING;
typedef struct _LSA_STRING {
USHORT Length;
USHORT MaximumLength;
PCHAR Buffer;
} LSA_STRING, *PLSA_STRING;
typedef struct _LSA_OBJECT_ATTRIBUTES {
ULONG Length;
HANDLE RootDirectory;
PLSA_UNICODE_STRING ObjectName;
ULONG Attributes;
PVOID SecurityDescriptor; // Points to type SECURITY_DESCRIPTOR
PVOID SecurityQualityOfService; // Points to type SECURITY_QUALITY_OF_SERVI
CE
} LSA_OBJECT_ATTRIBUTES, *PLSA_OBJECT_ATTRIBUTES;
#endif // _NTDEF_
// //
// Macro for determining whether an API succeeded. // Macro for determining whether an API succeeded.
// //
#define LSA_SUCCESS(Error) ((LONG)(Error) >= 0) #define LSA_SUCCESS(Error) ((LONG)(Error) >= 0)
#ifndef _NTLSA_IFS_ #ifndef _NTLSA_IFS_
// begin_ntifs // begin_ntifs
__drv_sameIRQL
__drv_maxIRQL(PASSIVE_LEVEL)
NTSTATUS NTSTATUS
NTAPI NTAPI
LsaRegisterLogonProcess ( LsaRegisterLogonProcess (
__in PLSA_STRING LogonProcessName, __in PLSA_STRING LogonProcessName,
__out PHANDLE LsaHandle, __out PHANDLE LsaHandle,
__out PLSA_OPERATIONAL_MODE SecurityMode __out PLSA_OPERATIONAL_MODE SecurityMode
); );
// //
// The function below did not exist in NTIFS before windows XP // The function below did not exist in NTIFS before windows XP
// However, the function has always been there, so it is okay to use // However, the function has always been there, so it is okay to use
// even on w2k // even on w2k
// //
__drv_sameIRQL
__drv_maxIRQL(PASSIVE_LEVEL)
NTSTATUS NTSTATUS
NTAPI NTAPI
LsaLogonUser ( LsaLogonUser (
__in HANDLE LsaHandle, __in HANDLE LsaHandle,
__in PLSA_STRING OriginName, __in PLSA_STRING OriginName,
__in SECURITY_LOGON_TYPE LogonType, __in SECURITY_LOGON_TYPE LogonType,
__in ULONG AuthenticationPackage, __in ULONG AuthenticationPackage,
__in_bcount(AuthenticationInformationLength) PVOID AuthenticationInformation , __in_bcount(AuthenticationInformationLength) PVOID AuthenticationInformation ,
__in ULONG AuthenticationInformationLength, __in ULONG AuthenticationInformationLength,
__in_opt PTOKEN_GROUPS LocalGroups, __in_opt PTOKEN_GROUPS LocalGroups,
skipping to change at line 1445 skipping to change at line 1479
__out PVOID *ProfileBuffer, __out PVOID *ProfileBuffer,
__out PULONG ProfileBufferLength, __out PULONG ProfileBufferLength,
__out PLUID LogonId, __out PLUID LogonId,
__out PHANDLE Token, __out PHANDLE Token,
__out PQUOTA_LIMITS Quotas, __out PQUOTA_LIMITS Quotas,
__out PNTSTATUS SubStatus __out PNTSTATUS SubStatus
); );
// end_ntifs // end_ntifs
__drv_sameIRQL
__drv_maxIRQL(PASSIVE_LEVEL)
NTSTATUS NTSTATUS
NTAPI NTAPI
LsaLookupAuthenticationPackage ( LsaLookupAuthenticationPackage (
__in HANDLE LsaHandle, __in HANDLE LsaHandle,
__in PLSA_STRING PackageName, __in PLSA_STRING PackageName,
__out PULONG AuthenticationPackage __out PULONG AuthenticationPackage
); );
// begin_ntifs // begin_ntifs
__drv_sameIRQL
NTSTATUS NTSTATUS
NTAPI NTAPI
LsaFreeReturnBuffer ( LsaFreeReturnBuffer (
__in PVOID Buffer __in PVOID Buffer
); );
// end_ntifs // end_ntifs
__drv_sameIRQL
__drv_maxIRQL(PASSIVE_LEVEL)
NTSTATUS NTSTATUS
NTAPI NTAPI
LsaCallAuthenticationPackage ( LsaCallAuthenticationPackage (
__in HANDLE LsaHandle, __in HANDLE LsaHandle,
__in ULONG AuthenticationPackage, __in ULONG AuthenticationPackage,
__in_bcount(SubmitBufferLength) PVOID ProtocolSubmitBuffer, __in_bcount(SubmitBufferLength) PVOID ProtocolSubmitBuffer,
__in ULONG SubmitBufferLength, __in ULONG SubmitBufferLength,
__out_opt PVOID *ProtocolReturnBuffer, __out_opt PVOID *ProtocolReturnBuffer,
__out_opt PULONG ReturnBufferLength, __out_opt PULONG ReturnBufferLength,
__out_opt PNTSTATUS ProtocolStatus __out_opt PNTSTATUS ProtocolStatus
); );
__drv_sameIRQL
__drv_maxIRQL(PASSIVE_LEVEL)
NTSTATUS NTSTATUS
NTAPI NTAPI
LsaDeregisterLogonProcess ( LsaDeregisterLogonProcess (
__in HANDLE LsaHandle __in HANDLE LsaHandle
); );
__drv_sameIRQL
__drv_maxIRQL(PASSIVE_LEVEL)
NTSTATUS NTSTATUS
NTAPI NTAPI
LsaConnectUntrusted ( LsaConnectUntrusted (
__out PHANDLE LsaHandle __out PHANDLE LsaHandle
); );
#endif // _NTLSA_IFS_ #endif // _NTLSA_IFS_
//////////////////////////////////////////////////////////////////////////// ////////////////////////////////////////////////////////////////////////////
// // // //
// Local Security Policy Administration API datatypes and defines // // Local Security Policy Administration API datatypes and defines //
skipping to change at line 1545 skipping to change at line 1588
POLICY_SET_DEFAULT_QUOTA_LIMITS |\ POLICY_SET_DEFAULT_QUOTA_LIMITS |\
POLICY_SET_AUDIT_REQUIREMENTS |\ POLICY_SET_AUDIT_REQUIREMENTS |\
POLICY_AUDIT_LOG_ADMIN |\ POLICY_AUDIT_LOG_ADMIN |\
POLICY_SERVER_ADMIN) POLICY_SERVER_ADMIN)
#define POLICY_EXECUTE (STANDARD_RIGHTS_EXECUTE |\ #define POLICY_EXECUTE (STANDARD_RIGHTS_EXECUTE |\
POLICY_VIEW_LOCAL_INFORMATION |\ POLICY_VIEW_LOCAL_INFORMATION |\
POLICY_LOOKUP_NAMES) POLICY_LOOKUP_NAMES)
// //
// Policy object specific data types. // Legacy policy object specific data types.
//
//
// The following data type is used to identify a domain
//
typedef struct _LSA_TRUST_INFORMATION {
LSA_UNICODE_STRING Name;
PSID Sid;
} LSA_TRUST_INFORMATION, *PLSA_TRUST_INFORMATION;
// where members have the following usage:
//
// Name - The name of the domain.
//
// Sid - A pointer to the Sid of the Domain
//
//
// The following data type is used in name and SID lookup services to
// describe the domains referenced in the lookup operation.
//
typedef struct _LSA_REFERENCED_DOMAIN_LIST {
ULONG Entries;
PLSA_TRUST_INFORMATION Domains;
} LSA_REFERENCED_DOMAIN_LIST, *PLSA_REFERENCED_DOMAIN_LIST;
// where members have the following usage:
//
// Entries - Is a count of the number of domains described in the
// Domains array.
//
// Domains - Is a pointer to an array of Entries LSA_TRUST_INFORMATION data
// structures.
//
// //
// The following data type is used in name to SID lookup services to describe // The following data type is used in name to SID lookup services to describe
// the domains referenced in the lookup operation. // the domains referenced in the lookup operation.
// //
typedef struct _LSA_TRANSLATED_SID { typedef struct _LSA_TRANSLATED_SID {
SID_NAME_USE Use; SID_NAME_USE Use;
ULONG RelativeId; ULONG RelativeId;
LONG DomainIndex; LONG DomainIndex;
skipping to change at line 1618 skipping to change at line 1620
// DomainIndex field. // DomainIndex field.
// //
// DomainIndex - Is the index of an entry in a related // DomainIndex - Is the index of an entry in a related
// LSA_REFERENCED_DOMAIN_LIST data structure describing the // LSA_REFERENCED_DOMAIN_LIST data structure describing the
// domain in which the account was found. // domain in which the account was found.
// //
// If there is no corresponding reference domain for an entry, then // If there is no corresponding reference domain for an entry, then
// this field will contain a negative value. // this field will contain a negative value.
// //
#if (_WIN32_WINNT >= 0x0501)
typedef struct _LSA_TRANSLATED_SID2 {
SID_NAME_USE Use;
PSID Sid;
LONG DomainIndex;
ULONG Flags;
} LSA_TRANSLATED_SID2, *PLSA_TRANSLATED_SID2;
// where members have the following usage:
//
// Use - identifies the use of the SID. If this value is SidUnknown or
// SidInvalid, then the remainder of the record is not set and
// should be ignored.
//
// Sid - Contains the complete Sid of the tranlated SID
//
// DomainIndex - Is the index of an entry in a related
// LSA_REFERENCED_DOMAIN_LIST data structure describing the
// domain in which the account was found.
//
// If there is no corresponding reference domain for an entry, then
// this field will contain a negative value.
//
#endif
//
// The following data type is used in SID to name lookup services to
// describe the domains referenced in the lookup operation.
//
typedef struct _LSA_TRANSLATED_NAME {
SID_NAME_USE Use;
LSA_UNICODE_STRING Name;
LONG DomainIndex;
} LSA_TRANSLATED_NAME, *PLSA_TRANSLATED_NAME;
// where the members have the following usage:
//
// Use - Identifies the use of the name. If this value is SidUnknown
// or SidInvalid, then the remainder of the record is not set and
// should be ignored. If this value is SidWellKnownGroup then the
// Name field is invalid, but the DomainIndex field is not.
//
// Name - Contains the isolated name of the translated SID.
//
// DomainIndex - Is the index of an entry in a related
// LSA_REFERENCED_DOMAIN_LIST data structure describing the domain
// in which the account was found.
//
// If there is no corresponding reference domain for an entry, then
// this field will contain a negative value.
//
// //
// The following data type is used to represent the role of the LSA // The following data type is used to represent the role of the LSA
// server (primary or backup). // server (primary or backup).
// //
typedef enum _POLICY_LSA_SERVER_ROLE { typedef enum _POLICY_LSA_SERVER_ROLE {
PolicyServerRoleBackup = 2, PolicyServerRoleBackup = 2,
PolicyServerRolePrimary PolicyServerRolePrimary
skipping to change at line 1885 skipping to change at line 1830
#define PER_USER_AUDIT_FAILURE_EXCLUDE (0x08) #define PER_USER_AUDIT_FAILURE_EXCLUDE (0x08)
#define PER_USER_AUDIT_NONE (0x10) #define PER_USER_AUDIT_NONE (0x10)
#define VALID_PER_USER_AUDIT_POLICY_FLAG (PER_USER_AUDIT_SUCCESS_INCLUDE | \ #define VALID_PER_USER_AUDIT_POLICY_FLAG (PER_USER_AUDIT_SUCCESS_INCLUDE | \
PER_USER_AUDIT_SUCCESS_EXCLUDE | \ PER_USER_AUDIT_SUCCESS_EXCLUDE | \
PER_USER_AUDIT_FAILURE_INCLUDE | \ PER_USER_AUDIT_FAILURE_INCLUDE | \
PER_USER_AUDIT_FAILURE_EXCLUDE | \ PER_USER_AUDIT_FAILURE_EXCLUDE | \
PER_USER_AUDIT_NONE) PER_USER_AUDIT_NONE)
// //
// The following structure corresponds to the PolicyAccountDomainInformation
// information class.
//
typedef struct _POLICY_ACCOUNT_DOMAIN_INFO {
LSA_UNICODE_STRING DomainName;
PSID DomainSid;
} POLICY_ACCOUNT_DOMAIN_INFO, *PPOLICY_ACCOUNT_DOMAIN_INFO;
// where the members have the following usage:
//
// DomainName - Is the name of the domain
//
// DomainSid - Is the Sid of the domain
//
//
// The following structure corresponds to the PolicyPrimaryDomainInformation // The following structure corresponds to the PolicyPrimaryDomainInformation
// information class. // information class.
// //
typedef struct _POLICY_PRIMARY_DOMAIN_INFO { typedef struct _POLICY_PRIMARY_DOMAIN_INFO {
LSA_UNICODE_STRING Name; LSA_UNICODE_STRING Name;
PSID Sid; PSID Sid;
} POLICY_PRIMARY_DOMAIN_INFO, *PPOLICY_PRIMARY_DOMAIN_INFO; } POLICY_PRIMARY_DOMAIN_INFO, *PPOLICY_PRIMARY_DOMAIN_INFO;
// where the members have the following usage: // where the members have the following usage:
// //
// Name - Is the name of the domain // Name - Is the name of the domain
// //
// Sid - Is the Sid of the domain // Sid - Is the Sid of the domain
// //
// //
// The following structure corresponds to the PolicyDnsDomainInformation
// information class
//
typedef struct _POLICY_DNS_DOMAIN_INFO
{
LSA_UNICODE_STRING Name;
LSA_UNICODE_STRING DnsDomainName;
LSA_UNICODE_STRING DnsForestName;
GUID DomainGuid;
PSID Sid;
} POLICY_DNS_DOMAIN_INFO, *PPOLICY_DNS_DOMAIN_INFO;
// where the members have the following usage:
//
// Name - Is the name of the Domain
//
// DnsDomainName - Is the DNS name of the domain
//
// DnsForestName - Is the DNS forest name of the domain
//
// DomainGuid - Is the GUID of the domain
//
// Sid - Is the Sid of the domain
//
// The following structure corresponds to the PolicyPdAccountInformation // The following structure corresponds to the PolicyPdAccountInformation
// information class. This structure may be used in Query operations // information class. This structure may be used in Query operations
// only. // only.
// //
typedef struct _POLICY_PD_ACCOUNT_INFO { typedef struct _POLICY_PD_ACCOUNT_INFO {
LSA_UNICODE_STRING Name; LSA_UNICODE_STRING Name;
} POLICY_PD_ACCOUNT_INFO, *PPOLICY_PD_ACCOUNT_INFO; } POLICY_PD_ACCOUNT_INFO, *PPOLICY_PD_ACCOUNT_INFO;
skipping to change at line 2165 skipping to change at line 2064
// //
typedef enum _POLICY_NOTIFICATION_INFORMATION_CLASS { typedef enum _POLICY_NOTIFICATION_INFORMATION_CLASS {
PolicyNotifyAuditEventsInformation = 1, PolicyNotifyAuditEventsInformation = 1,
PolicyNotifyAccountDomainInformation, PolicyNotifyAccountDomainInformation,
PolicyNotifyServerRoleInformation, PolicyNotifyServerRoleInformation,
PolicyNotifyDnsDomainInformation, PolicyNotifyDnsDomainInformation,
PolicyNotifyDomainEfsInformation, PolicyNotifyDomainEfsInformation,
PolicyNotifyDomainKerberosTicketInformation, PolicyNotifyDomainKerberosTicketInformation,
PolicyNotifyMachineAccountPasswordInformation PolicyNotifyMachineAccountPasswordInformation,
PolicyNotifyGlobalSaclInformation,
PolicyNotifyMax // must always be the last entry
} POLICY_NOTIFICATION_INFORMATION_CLASS, *PPOLICY_NOTIFICATION_INFORMATION_CLASS ; } POLICY_NOTIFICATION_INFORMATION_CLASS, *PPOLICY_NOTIFICATION_INFORMATION_CLASS ;
// //
// LSA RPC Context Handle (Opaque form). Note that a Context Handle is // LSA RPC Context Handle (Opaque form). Note that a Context Handle is
// always a pointer type unlike regular handles. // always a pointer type unlike regular handles.
// //
typedef PVOID LSA_HANDLE, *PLSA_HANDLE; typedef PVOID LSA_HANDLE, *PLSA_HANDLE;
skipping to change at line 3058 skipping to change at line 2959
#define SAM_PASSWORD_CHANGE_NOTIFY_ROUTINE "PasswordChangeNotify" #define SAM_PASSWORD_CHANGE_NOTIFY_ROUTINE "PasswordChangeNotify"
typedef BOOLEAN (*PSAM_INIT_NOTIFICATION_ROUTINE) ( typedef BOOLEAN (*PSAM_INIT_NOTIFICATION_ROUTINE) (
); );
#define SAM_INIT_NOTIFICATION_ROUTINE "InitializeChangeNotify" #define SAM_INIT_NOTIFICATION_ROUTINE "InitializeChangeNotify"
#define SAM_PASSWORD_FILTER_ROUTINE "PasswordFilter" #define SAM_PASSWORD_FILTER_ROUTINE "PasswordFilter"
typedef BOOLEAN (*PSAM_PASSWORD_FILTER_ROUTINE) ( typedef BOOLEAN (*PSAM_PASSWORD_FILTER_ROUTINE) (
IN PUNICODE_STRING AccountName, __in PUNICODE_STRING AccountName,
IN PUNICODE_STRING FullName, __in PUNICODE_STRING FullName,
IN PUNICODE_STRING Password, __in PUNICODE_STRING Password,
IN BOOLEAN SetOperation __in BOOLEAN SetOperation
); );
#endif // _PASSWORD_NOTIFICATION_DEFINED #endif // _PASSWORD_NOTIFICATION_DEFINED
///////////////////////////////////////////////////////////////////////// /////////////////////////////////////////////////////////////////////////
// // // //
// Name of the MSV1_0 authentication package // // Name of the MSV1_0 authentication package //
// // // //
///////////////////////////////////////////////////////////////////////// /////////////////////////////////////////////////////////////////////////
skipping to change at line 3112 skipping to change at line 3013
// //
// MSV1.0 LsaLogonUser() submission message types. // MSV1.0 LsaLogonUser() submission message types.
// //
typedef enum _MSV1_0_LOGON_SUBMIT_TYPE { typedef enum _MSV1_0_LOGON_SUBMIT_TYPE {
MsV1_0InteractiveLogon = 2, MsV1_0InteractiveLogon = 2,
MsV1_0Lm20Logon, MsV1_0Lm20Logon,
MsV1_0NetworkLogon, MsV1_0NetworkLogon,
MsV1_0SubAuthLogon, MsV1_0SubAuthLogon,
MsV1_0WorkstationUnlockLogon = 7, MsV1_0WorkstationUnlockLogon = 7,
// defined in Longhorn and up // defined in Windows Server 2008 and up
MsV1_0S4ULogon = 12, MsV1_0S4ULogon = 12,
MsV1_0VirtualLogon = 82
} MSV1_0_LOGON_SUBMIT_TYPE, *PMSV1_0_LOGON_SUBMIT_TYPE; } MSV1_0_LOGON_SUBMIT_TYPE, *PMSV1_0_LOGON_SUBMIT_TYPE;
// //
// MSV1.0 LsaLogonUser() profile buffer types. // MSV1.0 LsaLogonUser() profile buffer types.
// //
typedef enum _MSV1_0_PROFILE_BUFFER_TYPE { typedef enum _MSV1_0_PROFILE_BUFFER_TYPE {
MsV1_0InteractiveProfile = 2, MsV1_0InteractiveProfile = 2,
MsV1_0Lm20LogonProfile, MsV1_0Lm20LogonProfile,
MsV1_0SmartCardProfile MsV1_0SmartCardProfile
skipping to change at line 3268 skipping to change at line 3170
// Start // Start
// Doesnt exist in Windows XP but does exist in Windows 2000 Security Rollup and up // Doesnt exist in Windows XP but does exist in Windows 2000 Security Rollup and up
#define MSV1_0_USE_DOMAIN_FOR_ROUTING_ONLY 0x00008000 #define MSV1_0_USE_DOMAIN_FOR_ROUTING_ONLY 0x00008000
#endif #endif
#define MSV1_0_SUBAUTHENTICATION_DLL_EX 0x00100000 #define MSV1_0_SUBAUTHENTICATION_DLL_EX 0x00100000
// Defined in Windows Server 2003 SP1 and above // Defined in Windows Server 2003 SP1 and above
#define MSV1_0_ALLOW_MSVCHAPV2 0x00010000 #define MSV1_0_ALLOW_MSVCHAPV2 0x00010000
#if (_WIN32_WINNT >= 0x0600) #if (_WIN32_WINNT >= 0x0600)
//Defined in Longhorn and up //Defined in Windows Server 2008 and up
#define MSV1_0_S4U2SELF 0x00020000 // no password is needed #define MSV1_0_S4U2SELF 0x00020000 // no password is needed
#define MSV1_0_CHECK_LOGONHOURS_FOR_S4U 0x00040000 // check logon hours for S4U logon #define MSV1_0_CHECK_LOGONHOURS_FOR_S4U 0x00040000 // check logon hours for S4U logon
#endif #endif
// //
// The high order byte is a value indicating the SubAuthentication DLL. // The high order byte is a value indicating the SubAuthentication DLL.
// Zero indicates no SubAuthentication DLL. // Zero indicates no SubAuthentication DLL.
// //
#define MSV1_0_SUBAUTHENTICATION_DLL 0xFF000000 #define MSV1_0_SUBAUTHENTICATION_DLL 0xFF000000
skipping to change at line 3321 skipping to change at line 3223
STRING AuthenticationInfo2; STRING AuthenticationInfo2;
ULONG ParameterControl; ULONG ParameterControl;
ULONG SubAuthPackageId; ULONG SubAuthPackageId;
} MSV1_0_SUBAUTH_LOGON, * PMSV1_0_SUBAUTH_LOGON; } MSV1_0_SUBAUTH_LOGON, * PMSV1_0_SUBAUTH_LOGON;
#if (_WIN32_WINNT >= 0x0600) #if (_WIN32_WINNT >= 0x0600)
// //
// s4u2self logon // s4u2self logon
// //
// Defined in Longhorn and above // Defined in Windows Server 2008 and above
// //
// request to enforce logon hours policy // request to enforce logon hours policy
// //
#define MSV1_0_S4U_LOGON_FLAG_CHECK_LOGONHOURS 0x2 #define MSV1_0_S4U_LOGON_FLAG_CHECK_LOGONHOURS 0x2
typedef struct _MSV1_0_S4U_LOGON { typedef struct _MSV1_0_S4U_LOGON {
MSV1_0_LOGON_SUBMIT_TYPE MessageType; MSV1_0_LOGON_SUBMIT_TYPE MessageType;
ULONG Flags; ULONG Flags;
skipping to change at line 3352 skipping to change at line 3254
#define LOGON_GUEST 0x01 #define LOGON_GUEST 0x01
#define LOGON_NOENCRYPTION 0x02 #define LOGON_NOENCRYPTION 0x02
#define LOGON_CACHED_ACCOUNT 0x04 #define LOGON_CACHED_ACCOUNT 0x04
#define LOGON_USED_LM_PASSWORD 0x08 #define LOGON_USED_LM_PASSWORD 0x08
#define LOGON_EXTRA_SIDS 0x20 #define LOGON_EXTRA_SIDS 0x20
#define LOGON_SUBAUTH_SESSION_KEY 0x40 #define LOGON_SUBAUTH_SESSION_KEY 0x40
#define LOGON_SERVER_TRUST_ACCOUNT 0x80 #define LOGON_SERVER_TRUST_ACCOUNT 0x80
#define LOGON_NTLMV2_ENABLED 0x100 // says DC understands NTLMv2 #define LOGON_NTLMV2_ENABLED 0x100 // says DC understands NTLMv2
#define LOGON_RESOURCE_GROUPS 0x200 #define LOGON_RESOURCE_GROUPS 0x200
#define LOGON_PROFILE_PATH_RETURNED 0x400 #define LOGON_PROFILE_PATH_RETURNED 0x400
// Defined in Longhorn and above // Defined in Windows Server 2008 and above
#define LOGON_NT_V2 0x800 // NT response was used for validati on #define LOGON_NT_V2 0x800 // NT response was used for validati on
#define LOGON_LM_V2 0x1000 // LM response was used for validati on #define LOGON_LM_V2 0x1000 // LM response was used for validati on
#define LOGON_NTLM_V2 0x2000 // LM response was used to authentic ate but NT response was used to derive the session key #define LOGON_NTLM_V2 0x2000 // LM response was used to authentic ate but NT response was used to derive the session key
#if (_WIN32_WINNT >= 0x0600) #if (_WIN32_WINNT >= 0x0600)
#define LOGON_OPTIMIZED 0x4000 // this is an optimized logon #define LOGON_OPTIMIZED 0x4000 // this is an optimized logon
#define LOGON_WINLOGON 0x8000 // the logon session was created for winlogon #define LOGON_WINLOGON 0x8000 // the logon session was created for winlogon
#define LOGON_PKINIT 0x10000 // Kerberos PKINIT extension was use d to authenticate the user #define LOGON_PKINIT 0x10000 // Kerberos PKINIT extension was use d to authenticate the user
#define LOGON_NO_OPTIMIZED 0x20000 // optimized logon has been disabled for this account #define LOGON_NO_OPTIMIZED 0x20000 // optimized logon has been disabled for this account
skipping to change at line 3471 skipping to change at line 3373
MsvAvDnsComputerName, // server's computer name -- DNS MsvAvDnsComputerName, // server's computer name -- DNS
MsvAvDnsDomainName, // server's domain name -- DNS MsvAvDnsDomainName, // server's domain name -- DNS
#if (_WIN32_WINNT >= 0x0501) #if (_WIN32_WINNT >= 0x0501)
MsvAvDnsTreeName, // server's tree name -- DNS MsvAvDnsTreeName, // server's tree name -- DNS
MsvAvFlags, // server's extended flags -- DWORD mask MsvAvFlags, // server's extended flags -- DWORD mask
#if (_WIN32_WINNT >= 0x0600) #if (_WIN32_WINNT >= 0x0600)
MsvAvTimestamp, // contains the server's local time in FILETIME, MsvAvTimestamp, // contains the server's local time in FILETIME,
// (64 bit 100 ns ticks since 1602 // (64 bit 100 ns ticks since 1602
// (UTC)) in little endian byte order // (UTC)) in little endian byte order
MsvAvRestrictions, // token restrictions MsvAvRestrictions, // token restrictions
MsvAvTargetName,
MsvAvChannelBindings,
#endif #endif
#endif #endif
} MSV1_0_AVID; } MSV1_0_AVID;
typedef struct _MSV1_0_AV_PAIR { typedef struct _MSV1_0_AV_PAIR {
USHORT AvId; USHORT AvId;
USHORT AvLen; USHORT AvLen;
// Data is treated as byte array following structure // Data is treated as byte array following structure
} MSV1_0_AV_PAIR, *PMSV1_0_AV_PAIR; } MSV1_0_AV_PAIR, *PMSV1_0_AV_PAIR;
/////////////////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////////////////
skipping to change at line 3509 skipping to change at line 3413
MsV1_0GenericPassthrough, // Both submission and response MsV1_0GenericPassthrough, // Both submission and response
MsV1_0CacheLogon, // Submission only, no response MsV1_0CacheLogon, // Submission only, no response
MsV1_0SubAuth, // Both submission and response MsV1_0SubAuth, // Both submission and response
MsV1_0DeriveCredential, // Both submission and response MsV1_0DeriveCredential, // Both submission and response
MsV1_0CacheLookup, // Both submission and response MsV1_0CacheLookup, // Both submission and response
#if (_WIN32_WINNT >= 0x0501) #if (_WIN32_WINNT >= 0x0501)
MsV1_0SetProcessOption, // Submission only, no response MsV1_0SetProcessOption, // Submission only, no response
#endif #endif
#if (_WIN32_WINNT >= 0x0600) #if (_WIN32_WINNT >= 0x0600)
MsV1_0ConfigLocalAliases, MsV1_0ConfigLocalAliases,
MsV1_0ClearCachedCredentials,
#endif #endif
} MSV1_0_PROTOCOL_MESSAGE_TYPE, *PMSV1_0_PROTOCOL_MESSAGE_TYPE; } MSV1_0_PROTOCOL_MESSAGE_TYPE, *PMSV1_0_PROTOCOL_MESSAGE_TYPE;
typedef struct _MSV1_0_CHANGEPASSWORD_REQUEST { typedef struct _MSV1_0_CHANGEPASSWORD_REQUEST {
MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType; MSV1_0_PROTOCOL_MESSAGE_TYPE MessageType;
UNICODE_STRING DomainName; UNICODE_STRING DomainName;
UNICODE_STRING AccountName; UNICODE_STRING AccountName;
UNICODE_STRING OldPassword; UNICODE_STRING OldPassword;
UNICODE_STRING NewPassword; UNICODE_STRING NewPassword;
BOOLEAN Impersonating; BOOLEAN Impersonating;
skipping to change at line 3917 skipping to change at line 3822
KERB_CERTIFICATE_LOGON Logon; KERB_CERTIFICATE_LOGON Logon;
LUID LogonId; LUID LogonId;
} KERB_CERTIFICATE_UNLOCK_LOGON, *PKERB_CERTIFICATE_UNLOCK_LOGON; } KERB_CERTIFICATE_UNLOCK_LOGON, *PKERB_CERTIFICATE_UNLOCK_LOGON;
// //
// let the KDC detect account mapping conflicts for the same certificate. // let the KDC detect account mapping conflicts for the same certificate.
// //
#define KERB_CERTIFICATE_S4U_LOGON_FLAG_CHECK_DUPLICATES 0x1 #define KERB_CERTIFICATE_S4U_LOGON_FLAG_CHECK_DUPLICATES 0x1
#define KERB_CERTIFICATE_S4U_LOGON_FLAG_CHECK_LOGONHOURS 0x2 #define KERB_CERTIFICATE_S4U_LOGON_FLAG_CHECK_LOGONHOURS 0x2
#define KERB_CERTIFICATE_S4U_LOGON_FLAG_FAIL_IF_NT_AUTH_POLICY_REQUIRED 0x4
typedef struct _KERB_CERTIFICATE_S4U_LOGON { typedef struct _KERB_CERTIFICATE_S4U_LOGON {
KERB_LOGON_SUBMIT_TYPE MessageType; KERB_LOGON_SUBMIT_TYPE MessageType;
ULONG Flags; ULONG Flags;
UNICODE_STRING UserPrincipalName; UNICODE_STRING UserPrincipalName;
// OPTIONAL, certificate mapping hints: username or username@domain // OPTIONAL, certificate mapping hints: username or username@domain
UNICODE_STRING DomainName; // used to locate the forest UNICODE_STRING DomainName; // used to locate the forest
// OPTIONAL, certificate mapping hints: if missing, using the local machine's domain // OPTIONAL, certificate mapping hints: if missing, using the local machine's domain
ULONG CertificateLength; // for the client certificate ULONG CertificateLength; // for the client certificate
PUCHAR Certificate; // for the client certificate, BER encoded PUCHAR Certificate; // for the client certificate, BER encoded
skipping to change at line 4070 skipping to change at line 3976
#endif #endif
#if (_WIN32_WINNT >= 0x0502) #if (_WIN32_WINNT >= 0x0502)
KerbRefreshSmartcardCredentialsMessage, KerbRefreshSmartcardCredentialsMessage,
KerbAddExtraCredentialsMessage, KerbAddExtraCredentialsMessage,
KerbQuerySupplementalCredentialsMessage, KerbQuerySupplementalCredentialsMessage,
#endif #endif
#if (_WIN32_WINNT >= 0x0600) #if (_WIN32_WINNT >= 0x0600)
KerbTransferCredentialsMessage, KerbTransferCredentialsMessage,
KerbQueryTicketCacheEx2Message, KerbQueryTicketCacheEx2Message,
KerbSubmitTicketMessage, KerbSubmitTicketMessage,
KerbAddExtraCredentialsExMessage,
#endif #endif
} KERB_PROTOCOL_MESSAGE_TYPE, *PKERB_PROTOCOL_MESSAGE_TYPE; } KERB_PROTOCOL_MESSAGE_TYPE, *PKERB_PROTOCOL_MESSAGE_TYPE;
// //
// Used both for retrieving tickets and for querying ticket cache // Used both for retrieving tickets and for querying ticket cache
// //
typedef struct _KERB_QUERY_TKT_CACHE_REQUEST { typedef struct _KERB_QUERY_TKT_CACHE_REQUEST {
KERB_PROTOCOL_MESSAGE_TYPE MessageType; KERB_PROTOCOL_MESSAGE_TYPE MessageType;
LUID LogonId; LUID LogonId;
skipping to change at line 4176 skipping to change at line 4083
#define KERB_RETRIEVE_TICKET_USE_CACHE_ONLY 0x2 #define KERB_RETRIEVE_TICKET_USE_CACHE_ONLY 0x2
#define KERB_RETRIEVE_TICKET_USE_CREDHANDLE 0x4 #define KERB_RETRIEVE_TICKET_USE_CREDHANDLE 0x4
#if (_WIN32_WINNT >= 0x0501) #if (_WIN32_WINNT >= 0x0501)
#define KERB_RETRIEVE_TICKET_AS_KERB_CRED 0x8 #define KERB_RETRIEVE_TICKET_AS_KERB_CRED 0x8
#define KERB_RETRIEVE_TICKET_WITH_SEC_CRED 0x10 #define KERB_RETRIEVE_TICKET_WITH_SEC_CRED 0x10
#endif #endif
#if (_WIN32_WINNT >= 0x0600) #if (_WIN32_WINNT >= 0x0600)
#define KERB_RETRIEVE_TICKET_CACHE_TICKET 0x20 #define KERB_RETRIEVE_TICKET_CACHE_TICKET 0x20
#endif #endif
#if (_WIN32_WINNT >= 0x0601)
#define KERB_RETRIEVE_TICKET_MAX_LIFETIME 0x40
#endif
#if (_WIN32_WINNT >= 0x0501) #if (_WIN32_WINNT >= 0x0501)
// Encryption Type options // Encryption Type options
#define KERB_ETYPE_DEFAULT 0x0 // don't specify etype in tkt req. #define KERB_ETYPE_DEFAULT 0x0 // don't specify etype in tkt req.
typedef struct _KERB_AUTH_DATA { typedef struct _KERB_AUTH_DATA {
ULONG Type; ULONG Type;
ULONG Length; ULONG Length;
PUCHAR Data; PUCHAR Data;
} KERB_AUTH_DATA, *PKERB_AUTH_DATA; } KERB_AUTH_DATA, *PKERB_AUTH_DATA;
skipping to change at line 4414 skipping to change at line 4325
UNICODE_STRING Password; UNICODE_STRING Password;
LUID LogonId; // optional LUID LogonId; // optional
ULONG Flags; ULONG Flags;
} KERB_ADD_CREDENTIALS_REQUEST, *PKERB_ADD_CREDENTIALS_REQUEST; } KERB_ADD_CREDENTIALS_REQUEST, *PKERB_ADD_CREDENTIALS_REQUEST;
#define KERB_REQUEST_ADD_CREDENTIAL 1 #define KERB_REQUEST_ADD_CREDENTIAL 1
#define KERB_REQUEST_REPLACE_CREDENTIAL 2 #define KERB_REQUEST_REPLACE_CREDENTIAL 2
#define KERB_REQUEST_REMOVE_CREDENTIAL 4 #define KERB_REQUEST_REMOVE_CREDENTIAL 4
#endif #endif
#if (_WIN32_WINNT >= 0x0600)
typedef struct _KERB_ADD_CREDENTIALS_REQUEST_EX {
KERB_ADD_CREDENTIALS_REQUEST Credentials;
//
// new for Ex
//
ULONG PrincipalNameCount;
UNICODE_STRING PrincipalNames[ANYSIZE_ARRAY];
} KERB_ADD_CREDENTIALS_REQUEST_EX, *PKERB_ADD_CREDENTIALS_REQUEST_EX;
#endif
// //
// Request structure for transferring credentials between 2 luids. // Request structure for transferring credentials between 2 luids.
// Requires TCB. // Requires TCB.
// //
typedef struct _KERB_TRANSFER_CRED_REQUEST { typedef struct _KERB_TRANSFER_CRED_REQUEST {
KERB_PROTOCOL_MESSAGE_TYPE MessageType; KERB_PROTOCOL_MESSAGE_TYPE MessageType;
LUID OriginLogonId; LUID OriginLogonId;
LUID DestinationLogonId; LUID DestinationLogonId;
ULONG Flags; ULONG Flags;
} KERB_TRANSFER_CRED_REQUEST, *PKERB_TRANSFER_CRED_REQUEST; } KERB_TRANSFER_CRED_REQUEST, *PKERB_TRANSFER_CRED_REQUEST;
#define KERB_TRANSFER_CRED_WITH_TICKETS 0x1 #define KERB_TRANSFER_CRED_WITH_TICKETS 0x1
typedef struct _POLICY_AUDIT_SID_ARRAY { typedef struct _POLICY_AUDIT_SID_ARRAY {
ULONG UsersCount; ULONG UsersCount;
#ifdef MIDL_PASS #ifdef MIDL_PASS
[size_is(UsersCount)] PAUDIT_SID_RPC* UserSidArray; [size_is(UsersCount)] PAUDIT_SID_RPC* UserSidArray;
#else #else
PSID* UserSidArray; PSID* UserSidArray;
#endif #endif
} POLICY_AUDIT_SID_ARRAY, *PPOLICY_AUDIT_SID_ARRAY; } POLICY_AUDIT_SID_ARRAY, *PPOLICY_AUDIT_SID_ARRAY;
typedef struct _AUDIT_POLICY_INFORMATION { typedef struct _AUDIT_POLICY_INFORMATION {
GUID AuditSubCategoryGuid; GUID AuditSubCategoryGuid;
ULONG AuditingInformation; ULONG AuditingInformation;
skipping to change at line 4482 skipping to change at line 4406
#define AUDIT_GENERIC_WRITE (STANDARD_RIGHTS_WRITE |\ #define AUDIT_GENERIC_WRITE (STANDARD_RIGHTS_WRITE |\
AUDIT_SET_USER_POLICY |\ AUDIT_SET_USER_POLICY |\
AUDIT_SET_MISC_POLICY |\ AUDIT_SET_MISC_POLICY |\
AUDIT_SET_SYSTEM_POLICY) AUDIT_SET_SYSTEM_POLICY)
#define AUDIT_GENERIC_EXECUTE (STANDARD_RIGHTS_EXECUTE) #define AUDIT_GENERIC_EXECUTE (STANDARD_RIGHTS_EXECUTE)
BOOLEAN BOOLEAN
NTAPI NTAPI
AuditSetSystemPolicy( AuditSetSystemPolicy(
__in_ecount(PolicyCount) PCAUDIT_POLICY_INFORMATION pAuditPolicy, __in_ecount(dwPolicyCount) PCAUDIT_POLICY_INFORMATION pAuditPolicy,
__in ULONG PolicyCount __in ULONG dwPolicyCount
); );
BOOLEAN BOOLEAN
NTAPI NTAPI
AuditSetPerUserPolicy( AuditSetPerUserPolicy(
__in const PSID pSid, __in const PSID pSid,
__in_ecount(PolicyCount) PCAUDIT_POLICY_INFORMATION pAuditPolicy, __in_ecount(dwPolicyCount) PCAUDIT_POLICY_INFORMATION pAuditPolicy,
__in ULONG PolicyCount __in ULONG dwPolicyCount
); );
__checkReturn
BOOLEAN BOOLEAN
NTAPI NTAPI
AuditQuerySystemPolicy( AuditQuerySystemPolicy(
__in_ecount(PolicyCount) const GUID* pSubCategoryGuids, __in_ecount(dwPolicyCount) const GUID* pSubCategoryGuids,
__in ULONG PolicyCount, __in ULONG dwPolicyCount,
__deref_out_ecount(PolicyCount) PAUDIT_POLICY_INFORMATION* ppAuditPolicy __deref_out_ecount(dwPolicyCount)
__drv_when(return != 0, __drv_allocatesMem(Mem)) PAUDIT_POLICY_INFORMATION*
ppAuditPolicy
); );
__checkReturn
BOOLEAN BOOLEAN
NTAPI NTAPI
AuditQueryPerUserPolicy( AuditQueryPerUserPolicy(
__in const PSID pSid, __in const PSID pSid,
__in_ecount(PolicyCount) const GUID* pSubCategoryGuids, __in_ecount(dwPolicyCount) const GUID* pSubCategoryGuids,
__in ULONG PolicyCount, __in ULONG dwPolicyCount,
__deref_out_ecount(PolicyCount) PAUDIT_POLICY_INFORMATION* ppAuditPolicy __deref_out_ecount(dwPolicyCount)
__drv_when(return != 0, __drv_allocatesMem(Mem)) PAUDIT_POLICY_INFORMATION*
ppAuditPolicy
); );
__checkReturn
BOOLEAN BOOLEAN
NTAPI NTAPI
AuditEnumeratePerUserPolicy( AuditEnumeratePerUserPolicy(
__out PPOLICY_AUDIT_SID_ARRAY* ppAuditSidArray __out __drv_when(return != 0, __drv_allocatesMem(Mem)) PPOLICY_AUDIT_SID_ARR AY* ppAuditSidArray
); );
__checkReturn
BOOLEAN BOOLEAN
NTAPI NTAPI
AuditComputeEffectivePolicyBySid( AuditComputeEffectivePolicyBySid(
__in const PSID pSid, __in const PSID pSid,
__in_ecount(PolicyCount) const GUID* pSubCategoryGuids, __in_ecount(dwPolicyCount) const GUID* pSubCategoryGuids,
__in ULONG PolicyCount, __in ULONG dwPolicyCount,
__deref_out_ecount(PolicyCount) PAUDIT_POLICY_INFORMATION* ppAuditPolicy __deref_out_ecount(dwPolicyCount)
__drv_when(return != 0, __drv_allocatesMem(Mem)) PAUDIT_POLICY_INFORMATION*
ppAuditPolicy
); );
__checkReturn
BOOLEAN BOOLEAN
NTAPI NTAPI
AuditComputeEffectivePolicyByToken( AuditComputeEffectivePolicyByToken(
__in HANDLE hTokenHandle, __in HANDLE hTokenHandle,
__in_ecount(PolicyCount) const GUID* pSubCategoryGuids, __in_ecount(dwPolicyCount) const GUID* pSubCategoryGuids,
__in ULONG PolicyCount, __in ULONG dwPolicyCount,
__deref_out_ecount(PolicyCount) PAUDIT_POLICY_INFORMATION* ppAuditPolicy __deref_out_ecount(dwPolicyCount)
__drv_when(return != 0, __drv_allocatesMem(Mem)) PAUDIT_POLICY_INFORMATION*
ppAuditPolicy
); );
__checkReturn
BOOLEAN BOOLEAN
NTAPI NTAPI
AuditEnumerateCategories( AuditEnumerateCategories(
__deref_out_ecount(*pCountReturned) GUID** ppAuditCategoriesArray, __deref_out_ecount(*pdwCountReturned)
__out PULONG pCountReturned __drv_when(return != 0, __drv_allocatesMem(Mem)) GUID** ppAuditCategoriesArr
ay,
__out PULONG pdwCountReturned
); );
__checkReturn
BOOLEAN BOOLEAN
NTAPI NTAPI
AuditEnumerateSubCategories( AuditEnumerateSubCategories(
__in_opt const GUID* pAuditCategoryGuid, __in_opt const GUID* pAuditCategoryGuid,
__in BOOLEAN bRetrieveAllSubCategories, __in BOOLEAN bRetrieveAllSubCategories,
__deref_out_ecount(*pCountReturned) GUID** ppAuditSubCategoriesArray, __deref_out_ecount(*pdwCountReturned)
__out PULONG pCountReturned __drv_when(return != 0, __drv_allocatesMem(Mem)) GUID** ppAuditSubCategories
Array,
__out PULONG pdwCountReturned
); );
__checkReturn
BOOLEAN BOOLEAN
NTAPI NTAPI
AuditLookupCategoryNameW( AuditLookupCategoryNameW(
__in const GUID* pAuditCategoryGuid, __in const GUID* pAuditCategoryGuid,
__deref_out PWSTR* ppszCategoryName __deref_out __drv_when(return != 0, __drv_allocatesMem(Mem)) PWSTR* ppszCate goryName
); );
__checkReturn
BOOLEAN BOOLEAN
NTAPI NTAPI
AuditLookupCategoryNameA( AuditLookupCategoryNameA(
__in const GUID* pAuditCategoryGuid, __in const GUID* pAuditCategoryGuid,
__deref_out PSTR* ppszCategoryName __deref_out __drv_when(return != 0, __drv_allocatesMem(Mem)) PSTR* ppszCateg oryName
); );
#ifdef UNICODE #ifdef UNICODE
#define AuditLookupCategoryName AuditLookupCategoryNameW #define AuditLookupCategoryName AuditLookupCategoryNameW
#else #else
#define AuditLookupCategoryName AuditLookupCategoryNameA #define AuditLookupCategoryName AuditLookupCategoryNameA
#endif #endif
__checkReturn
BOOLEAN BOOLEAN
NTAPI NTAPI
AuditLookupSubCategoryNameW( AuditLookupSubCategoryNameW(
__in const GUID* pAuditSubCategoryGuid, __in const GUID* pAuditSubCategoryGuid,
__deref_out PWSTR* ppszSubCategoryName __deref_out __drv_when(return != 0, __drv_allocatesMem(Mem)) PWSTR* ppszSubC ategoryName
); );
__checkReturn
BOOLEAN BOOLEAN
NTAPI NTAPI
AuditLookupSubCategoryNameA( AuditLookupSubCategoryNameA(
__in const GUID* pAuditSubCategoryGuid, __in const GUID* pAuditSubCategoryGuid,
__deref_out PSTR* ppszSubCategoryName __deref_out __drv_when(return != 0, __drv_allocatesMem(Mem)) PSTR* ppszSubCa tegoryName
); );
#ifdef UNICODE #ifdef UNICODE
#define AuditLookupSubCategoryName AuditLookupSubCategoryNameW #define AuditLookupSubCategoryName AuditLookupSubCategoryNameW
#else #else
#define AuditLookupSubCategoryName AuditLookupSubCategoryNameA #define AuditLookupSubCategoryName AuditLookupSubCategoryNameA
#endif #endif
BOOLEAN BOOLEAN
NTAPI NTAPI
skipping to change at line 4612 skipping to change at line 4553
__out GUID* pAuditCategoryGuid __out GUID* pAuditCategoryGuid
); );
BOOLEAN BOOLEAN
NTAPI NTAPI
AuditSetSecurity( AuditSetSecurity(
__in SECURITY_INFORMATION SecurityInformation, __in SECURITY_INFORMATION SecurityInformation,
__in PSECURITY_DESCRIPTOR pSecurityDescriptor __in PSECURITY_DESCRIPTOR pSecurityDescriptor
); );
__checkReturn
BOOLEAN BOOLEAN
NTAPI NTAPI
AuditQuerySecurity( AuditQuerySecurity(
__in SECURITY_INFORMATION SecurityInformation, __in SECURITY_INFORMATION SecurityInformation,
__deref_out PSECURITY_DESCRIPTOR *ppSecurityDescriptor __deref_out __drv_when(return != 0, __drv_allocatesMem(Mem)) PSECURITY_DESCR
IPTOR *ppSecurityDescriptor
);
BOOLEAN
NTAPI
AuditSetGlobalSaclW(
__in PCWSTR ObjectTypeName,
__in_opt PACL Acl
);
BOOLEAN
NTAPI
AuditSetGlobalSaclA(
__in PCSTR ObjectTypeName,
__in_opt PACL Acl
);
#ifdef UNICODE
#define AuditSetGlobalSacl AuditSetGlobalSaclW
#else
#define AuditSetGlobalSacl AuditSetGlobalSaclA
#endif
__checkReturn
BOOLEAN
NTAPI
AuditQueryGlobalSaclW(
__in PCWSTR ObjectTypeName,
__out __drv_when(return != 0, __drv_allocatesMem(Mem)) PACL *Acl
);
__checkReturn
BOOLEAN
NTAPI
AuditQueryGlobalSaclA(
__in PCSTR ObjectTypeName,
__out __drv_when(return != 0, __drv_allocatesMem(Mem)) PACL *Acl
); );
#ifdef UNICODE
#define AuditQueryGlobalSacl AuditQueryGlobalSaclW
#else
#define AuditQueryGlobalSacl AuditQueryGlobalSaclA
#endif
VOID VOID
NTAPI NTAPI
AuditFree( AuditFree(
__in PVOID Buffer __in __drv_freesMem(Mem) __post __notvalid PVOID Buffer
); );
#if (_WIN32_WINNT >= 0x0601)
//
// Pku2u package name
//
#define PKU2U_PACKAGE_NAME_A "pku2u"
#define PKU2U_PACKAGE_NAME L"pku2u"
#define PKU2U_PACKAGE_NAME_W PKU2U_PACKAGE_NAME
#endif // _WIN32_WINNT
#if (_WIN32_WINNT >= 0x0601)
// the following structure contains the ASN.1 encoded X.509 certificate
typedef struct _PKU2U_CERT_BLOB {
ULONG CertOffset; // each element is a byte
USHORT CertLength; //
} PKU2U_CERT_BLOB, *PPKU2U_CERT_BLOB;
#define PKU2U_CREDUI_CONTEXT_VERSION 0x4154414454524543i64 // "CERTDATA"
typedef struct _PKU2U_CREDUI_CONTEXT {
ULONG64 Version;
USHORT cbHeaderLength;
ULONG cbStructureLength;
USHORT CertArrayCount; // followed by an array of PKU2U_CERT_BLOB
ULONG CertArrayOffset; // offset to the array
} PKU2U_CREDUI_CONTEXT, *PPKU2U_CREDUI_CONTEXT;
/////////////////////////////////////////////////////////////////////////
//
// LsaLogonUser parameters
//
/////////////////////////////////////////////////////////////////////////
typedef enum _PKU2U_LOGON_SUBMIT_TYPE {
Pku2uCertificateS4ULogon = 14,
} PKU2U_LOGON_SUBMIT_TYPE, *PPKU2U_LOGON_SUBMIT_TYPE;
typedef struct _PKU2U_CERTIFICATE_S4U_LOGON {
PKU2U_LOGON_SUBMIT_TYPE MessageType;
ULONG Flags;
UNICODE_STRING UserPrincipalName;
__reserved UNICODE_STRING DomainName;
ULONG CertificateLength; // for the client certificate
__field_bcount(CertificateLength) PUCHAR Certificate; // for the client cert
ificate, BER encoded
} PKU2U_CERTIFICATE_S4U_LOGON, *PPKU2U_CERTIFICATE_S4U_LOGON;
#endif // _WIN32_WINNT
#ifdef __cplusplus #ifdef __cplusplus
} }
#endif #endif
#endif /* _NTSECAPI_ */ #endif /* _NTSECAPI_ */
 End of changes. 63 change blocks. 
221 lines changed or deleted 266 lines changed or added


 secext.h (6.0.6002.18005-Windows 6.0)   secext.h (6.1.7601.23418-Windows 7.0) 
skipping to change at line 84 skipping to change at line 84
// display name is not necessarily the defining RDN. // display name is not necessarily the defining RDN.
NameDisplay = 3, NameDisplay = 3,
// String-ized GUID as returned by IIDFromString(). // String-ized GUID as returned by IIDFromString().
// eg: {4fa050f0-f561-11cf-bdd9-00aa003a77b6} // eg: {4fa050f0-f561-11cf-bdd9-00aa003a77b6}
NameUniqueId = 6, NameUniqueId = 6,
// engineering.widget.com/software/John Doe // engineering.widget.com/software/John Doe
NameCanonical = 7, NameCanonical = 7,
// johndoe@engineering.com // someone@example.com
NameUserPrincipal = 8, NameUserPrincipal = 8,
// Same as NameCanonical except that rightmost '/' is // Same as NameCanonical except that rightmost '/' is
// replaced with '\n' - even in domain-only case. // replaced with '\n' - even in domain-only case.
// eg: engineering.widget.com/software\nJohn Doe // eg: engineering.widget.com/software\nJohn Doe
NameCanonicalEx = 9, NameCanonicalEx = 9,
// www/srv.engineering.com/engineering.com // www/srv.engineering.com/engineering.com
NameServicePrincipal = 10, NameServicePrincipal = 10,
// DNS domain name + SAM username // DNS domain name + SAM username
// eg: engineering.widget.com\JohnDoe // eg: engineering.widget.com\JohnDoe
NameDnsDomain = 12 NameDnsDomain = 12
} EXTENDED_NAME_FORMAT, * PEXTENDED_NAME_FORMAT ; } EXTENDED_NAME_FORMAT, * PEXTENDED_NAME_FORMAT ;
__success(return != 0)
BOOLEAN BOOLEAN
SEC_ENTRY SEC_ENTRY
GetUserNameExA( GetUserNameExA(
__in EXTENDED_NAME_FORMAT NameFormat, __in EXTENDED_NAME_FORMAT NameFormat,
__out_ecount(*nSize) LPSTR lpNameBuffer, __out_ecount_part_opt(*nSize,*nSize) LPSTR lpNameBuffer,
__inout PULONG nSize __inout PULONG nSize
); );
__success(return != 0)
BOOLEAN BOOLEAN
SEC_ENTRY SEC_ENTRY
GetUserNameExW( GetUserNameExW(
__in EXTENDED_NAME_FORMAT NameFormat, __in EXTENDED_NAME_FORMAT NameFormat,
__out_ecount_opt(*nSize) LPWSTR lpNameBuffer, __out_ecount_part_opt(*nSize,*nSize) LPWSTR lpNameBuffer,
__inout PULONG nSize __inout PULONG nSize
); );
#ifdef UNICODE #ifdef UNICODE
#define GetUserNameEx GetUserNameExW #define GetUserNameEx GetUserNameExW
#else #else
#define GetUserNameEx GetUserNameExA #define GetUserNameEx GetUserNameExA
#endif #endif
BOOLEAN BOOLEAN
SEC_ENTRY SEC_ENTRY
GetComputerObjectNameA( GetComputerObjectNameA(
__in EXTENDED_NAME_FORMAT NameFormat, __in EXTENDED_NAME_FORMAT NameFormat,
__out_ecount(*nSize) LPSTR lpNameBuffer, __out_ecount_part_opt(*nSize,*nSize) LPSTR lpNameBuffer,
__inout PULONG nSize __inout PULONG nSize
); );
BOOLEAN BOOLEAN
SEC_ENTRY SEC_ENTRY
GetComputerObjectNameW( GetComputerObjectNameW(
__in EXTENDED_NAME_FORMAT NameFormat, __in EXTENDED_NAME_FORMAT NameFormat,
__out_ecount(*nSize) LPWSTR lpNameBuffer, __out_ecount_part_opt(*nSize,*nSize) LPWSTR lpNameBuffer,
__inout PULONG nSize __inout PULONG nSize
); );
#ifdef UNICODE #ifdef UNICODE
#define GetComputerObjectName GetComputerObjectNameW #define GetComputerObjectName GetComputerObjectNameW
#else #else
#define GetComputerObjectName GetComputerObjectNameA #define GetComputerObjectName GetComputerObjectNameA
#endif #endif
BOOLEAN BOOLEAN
SEC_ENTRY SEC_ENTRY
TranslateNameA( TranslateNameA(
__in LPCSTR lpAccountName, __in LPCSTR lpAccountName,
__in EXTENDED_NAME_FORMAT AccountNameFormat, __in EXTENDED_NAME_FORMAT AccountNameFormat,
__in EXTENDED_NAME_FORMAT DesiredNameFormat, __in EXTENDED_NAME_FORMAT DesiredNameFormat,
__out_ecount(*nSize) LPSTR lpTranslatedName, __out_ecount_part_opt(*nSize,*nSize) LPSTR lpTranslatedName,
__inout PULONG nSize __inout PULONG nSize
); );
BOOLEAN BOOLEAN
SEC_ENTRY SEC_ENTRY
TranslateNameW( TranslateNameW(
__in LPCWSTR lpAccountName, __in LPCWSTR lpAccountName,
__in EXTENDED_NAME_FORMAT AccountNameFormat, __in EXTENDED_NAME_FORMAT AccountNameFormat,
__in EXTENDED_NAME_FORMAT DesiredNameFormat, __in EXTENDED_NAME_FORMAT DesiredNameFormat,
__out_ecount(*nSize) LPWSTR lpTranslatedName, __out_ecount_part_opt(*nSize,*nSize) LPWSTR lpTranslatedName,
__inout PULONG nSize __inout PULONG nSize
); );
#ifdef UNICODE #ifdef UNICODE
#define TranslateName TranslateNameW #define TranslateName TranslateNameW
#else #else
#define TranslateName TranslateNameA #define TranslateName TranslateNameA
#endif #endif
#ifdef __cplusplus #ifdef __cplusplus
} }
 End of changes. 9 change blocks. 
7 lines changed or deleted 10 lines changed or added


 sspi.h (6.0.6002.18005-Windows 6.0)   sspi.h (6.1.7601.23418-Windows 7.0) 
skipping to change at line 275 skipping to change at line 275
#define SECPKG_FLAG_STREAM 0x00000400 // Supports stream s emantics #define SECPKG_FLAG_STREAM 0x00000400 // Supports stream s emantics
#define SECPKG_FLAG_NEGOTIABLE 0x00000800 // Can be used by th e negotiate package #define SECPKG_FLAG_NEGOTIABLE 0x00000800 // Can be used by th e negotiate package
#define SECPKG_FLAG_GSS_COMPATIBLE 0x00001000 // GSS Compatibility Available #define SECPKG_FLAG_GSS_COMPATIBLE 0x00001000 // GSS Compatibility Available
#define SECPKG_FLAG_LOGON 0x00002000 // Supports common L saLogonUser #define SECPKG_FLAG_LOGON 0x00002000 // Supports common L saLogonUser
#define SECPKG_FLAG_ASCII_BUFFERS 0x00004000 // Token Buffers are in ASCII #define SECPKG_FLAG_ASCII_BUFFERS 0x00004000 // Token Buffers are in ASCII
#define SECPKG_FLAG_FRAGMENT 0x00008000 // Package can fragm ent to fit #define SECPKG_FLAG_FRAGMENT 0x00008000 // Package can fragm ent to fit
#define SECPKG_FLAG_MUTUAL_AUTH 0x00010000 // Package can perfo rm mutual authentication #define SECPKG_FLAG_MUTUAL_AUTH 0x00010000 // Package can perfo rm mutual authentication
#define SECPKG_FLAG_DELEGATION 0x00020000 // Package can deleg ate #define SECPKG_FLAG_DELEGATION 0x00020000 // Package can deleg ate
#define SECPKG_FLAG_READONLY_WITH_CHECKSUM 0x00040000 // Package can deleg ate #define SECPKG_FLAG_READONLY_WITH_CHECKSUM 0x00040000 // Package can deleg ate
#define SECPKG_FLAG_RESTRICTED_TOKENS 0x00080000 // Package supports restricted callers #define SECPKG_FLAG_RESTRICTED_TOKENS 0x00080000 // Package supports restricted callers
#define SECPKG_FLAG_NEGO_EXTENDER 0x00100000 // this package exte
nds SPNEGO, there is at most one
#define SECPKG_FLAG_NEGOTIABLE2 0x00200000 // this package is n
egotiated under the NegoExtender
#define SECPKG_ID_NONE 0xFFFF #define SECPKG_ID_NONE 0xFFFF
// //
// SecBuffer // SecBuffer
// //
// Generic memory descriptors for buffers passed in to the security // Generic memory descriptors for buffers passed in to the security
// API // API
// //
typedef struct _SecBuffer { typedef struct _SecBuffer {
unsigned long cbBuffer; // Size of the buffer, in bytes unsigned long cbBuffer; // Size of the buffer, in bytes
unsigned long BufferType; // Type of the buffer (below) unsigned long BufferType; // Type of the buffer (below)
#ifdef MIDL_PASS
[size_is(cbBuffer)] char * pvBuffer; // Pointer to t
he buffer
#else
__field_bcount(cbBuffer) void SEC_FAR * pvBuffer; // Pointer to t he buffer __field_bcount(cbBuffer) void SEC_FAR * pvBuffer; // Pointer to t he buffer
#endif
} SecBuffer, * PSecBuffer; } SecBuffer, * PSecBuffer;
typedef struct _SecBufferDesc { typedef struct _SecBufferDesc {
unsigned long ulVersion; // Version number unsigned long ulVersion; // Version number
unsigned long cBuffers; // Number of buffers unsigned long cBuffers; // Number of buffers
#ifdef MIDL_PASS #ifdef MIDL_PASS
[size_is(cBuffers)] [size_is(cBuffers)]
#endif #endif
__field_ecount(cBuffers) PSecBuffer pBuffers; // Pointer to a rray of buffers __field_ecount(cBuffers) PSecBuffer pBuffers; // Pointer to a rray of buffers
} SecBufferDesc, SEC_FAR * PSecBufferDesc; } SecBufferDesc, SEC_FAR * PSecBufferDesc;
skipping to change at line 318 skipping to change at line 324
#define SECBUFFER_STREAM_TRAILER 6 // Security Trailer #define SECBUFFER_STREAM_TRAILER 6 // Security Trailer
#define SECBUFFER_STREAM_HEADER 7 // Security Header #define SECBUFFER_STREAM_HEADER 7 // Security Header
#define SECBUFFER_NEGOTIATION_INFO 8 // Hints from the negotiation pkg #define SECBUFFER_NEGOTIATION_INFO 8 // Hints from the negotiation pkg
#define SECBUFFER_PADDING 9 // non-data padding #define SECBUFFER_PADDING 9 // non-data padding
#define SECBUFFER_STREAM 10 // whole encrypted message #define SECBUFFER_STREAM 10 // whole encrypted message
#define SECBUFFER_MECHLIST 11 #define SECBUFFER_MECHLIST 11
#define SECBUFFER_MECHLIST_SIGNATURE 12 #define SECBUFFER_MECHLIST_SIGNATURE 12
#define SECBUFFER_TARGET 13 // obsolete #define SECBUFFER_TARGET 13 // obsolete
#define SECBUFFER_CHANNEL_BINDINGS 14 #define SECBUFFER_CHANNEL_BINDINGS 14
#define SECBUFFER_CHANGE_PASS_RESPONSE 15 #define SECBUFFER_CHANGE_PASS_RESPONSE 15
#define SECBUFFER_TARGET_HOST 16
#define SECBUFFER_ALERT 17
#define SECBUFFER_ATTRMASK 0xF0000000 #define SECBUFFER_ATTRMASK 0xF0000000
#define SECBUFFER_READONLY 0x80000000 // Buffer is read-on ly, no checksum #define SECBUFFER_READONLY 0x80000000 // Buffer is read-on ly, no checksum
#define SECBUFFER_READONLY_WITH_CHECKSUM 0x10000000 // Buffer is read-on ly, and checksummed #define SECBUFFER_READONLY_WITH_CHECKSUM 0x10000000 // Buffer is read-on ly, and checksummed
#define SECBUFFER_RESERVED 0x60000000 // Flags reserved to security system #define SECBUFFER_RESERVED 0x60000000 // Flags reserved to security system
typedef struct _SEC_NEGOTIATION_INFO { typedef struct _SEC_NEGOTIATION_INFO {
unsigned long Size; // Size of this structure unsigned long Size; // Size of this structure
unsigned long NameLength; // Length of name hint unsigned long NameLength; // Length of name hint
SEC_WCHAR * Name; // Name hint SEC_WCHAR * Name; // Name hint
skipping to change at line 358 skipping to change at line 366
// //
// Credential Use Flags // Credential Use Flags
// //
#define SECPKG_CRED_INBOUND 0x00000001 #define SECPKG_CRED_INBOUND 0x00000001
#define SECPKG_CRED_OUTBOUND 0x00000002 #define SECPKG_CRED_OUTBOUND 0x00000002
#define SECPKG_CRED_BOTH 0x00000003 #define SECPKG_CRED_BOTH 0x00000003
#define SECPKG_CRED_DEFAULT 0x00000004 #define SECPKG_CRED_DEFAULT 0x00000004
#define SECPKG_CRED_RESERVED 0xF0000000 #define SECPKG_CRED_RESERVED 0xF0000000
// //
// SSP SHOULD prompt the user for credentials/consent, independent
// of whether credentials to be used are the 'logged on' credentials
// or retrieved from credman.
//
// An SSP may choose not to prompt, however, in circumstances determined
// by the SSP.
//
#define SECPKG_CRED_AUTOLOGON_RESTRICTED 0x00000010
//
// auth will always fail, ISC() is called to process policy data only
//
#define SECPKG_CRED_PROCESS_POLICY_ONLY 0x00000020
//
// InitializeSecurityContext Requirement and return flags: // InitializeSecurityContext Requirement and return flags:
// //
#define ISC_REQ_DELEGATE 0x00000001 #define ISC_REQ_DELEGATE 0x00000001
#define ISC_REQ_MUTUAL_AUTH 0x00000002 #define ISC_REQ_MUTUAL_AUTH 0x00000002
#define ISC_REQ_REPLAY_DETECT 0x00000004 #define ISC_REQ_REPLAY_DETECT 0x00000004
#define ISC_REQ_SEQUENCE_DETECT 0x00000008 #define ISC_REQ_SEQUENCE_DETECT 0x00000008
#define ISC_REQ_CONFIDENTIALITY 0x00000010 #define ISC_REQ_CONFIDENTIALITY 0x00000010
#define ISC_REQ_USE_SESSION_KEY 0x00000020 #define ISC_REQ_USE_SESSION_KEY 0x00000020
#define ISC_REQ_PROMPT_FOR_CREDS 0x00000040 #define ISC_REQ_PROMPT_FOR_CREDS 0x00000040
skipping to change at line 383 skipping to change at line 408
#define ISC_REQ_CALL_LEVEL 0x00001000 #define ISC_REQ_CALL_LEVEL 0x00001000
#define ISC_REQ_FRAGMENT_SUPPLIED 0x00002000 #define ISC_REQ_FRAGMENT_SUPPLIED 0x00002000
#define ISC_REQ_EXTENDED_ERROR 0x00004000 #define ISC_REQ_EXTENDED_ERROR 0x00004000
#define ISC_REQ_STREAM 0x00008000 #define ISC_REQ_STREAM 0x00008000
#define ISC_REQ_INTEGRITY 0x00010000 #define ISC_REQ_INTEGRITY 0x00010000
#define ISC_REQ_IDENTIFY 0x00020000 #define ISC_REQ_IDENTIFY 0x00020000
#define ISC_REQ_NULL_SESSION 0x00040000 #define ISC_REQ_NULL_SESSION 0x00040000
#define ISC_REQ_MANUAL_CRED_VALIDATION 0x00080000 #define ISC_REQ_MANUAL_CRED_VALIDATION 0x00080000
#define ISC_REQ_RESERVED1 0x00100000 #define ISC_REQ_RESERVED1 0x00100000
#define ISC_REQ_FRAGMENT_TO_FIT 0x00200000 #define ISC_REQ_FRAGMENT_TO_FIT 0x00200000
// This exists only in Longhorn and greater // This exists only in Windows Vista and greater
#define ISC_REQ_FORWARD_CREDENTIALS 0x00400000 #define ISC_REQ_FORWARD_CREDENTIALS 0x00400000
#define ISC_REQ_NO_INTEGRITY 0x00800000 // honored only by SPNEGO #define ISC_REQ_NO_INTEGRITY 0x00800000 // honored only by SPNEGO
#define ISC_REQ_USE_HTTP_STYLE 0x01000000
#define ISC_RET_DELEGATE 0x00000001 #define ISC_RET_DELEGATE 0x00000001
#define ISC_RET_MUTUAL_AUTH 0x00000002 #define ISC_RET_MUTUAL_AUTH 0x00000002
#define ISC_RET_REPLAY_DETECT 0x00000004 #define ISC_RET_REPLAY_DETECT 0x00000004
#define ISC_RET_SEQUENCE_DETECT 0x00000008 #define ISC_RET_SEQUENCE_DETECT 0x00000008
#define ISC_RET_CONFIDENTIALITY 0x00000010 #define ISC_RET_CONFIDENTIALITY 0x00000010
#define ISC_RET_USE_SESSION_KEY 0x00000020 #define ISC_RET_USE_SESSION_KEY 0x00000020
#define ISC_RET_USED_COLLECTED_CREDS 0x00000040 #define ISC_RET_USED_COLLECTED_CREDS 0x00000040
#define ISC_RET_USED_SUPPLIED_CREDS 0x00000080 #define ISC_RET_USED_SUPPLIED_CREDS 0x00000080
#define ISC_RET_ALLOCATED_MEMORY 0x00000100 #define ISC_RET_ALLOCATED_MEMORY 0x00000100
skipping to change at line 409 skipping to change at line 435
#define ISC_RET_INTERMEDIATE_RETURN 0x00001000 #define ISC_RET_INTERMEDIATE_RETURN 0x00001000
#define ISC_RET_CALL_LEVEL 0x00002000 #define ISC_RET_CALL_LEVEL 0x00002000
#define ISC_RET_EXTENDED_ERROR 0x00004000 #define ISC_RET_EXTENDED_ERROR 0x00004000
#define ISC_RET_STREAM 0x00008000 #define ISC_RET_STREAM 0x00008000
#define ISC_RET_INTEGRITY 0x00010000 #define ISC_RET_INTEGRITY 0x00010000
#define ISC_RET_IDENTIFY 0x00020000 #define ISC_RET_IDENTIFY 0x00020000
#define ISC_RET_NULL_SESSION 0x00040000 #define ISC_RET_NULL_SESSION 0x00040000
#define ISC_RET_MANUAL_CRED_VALIDATION 0x00080000 #define ISC_RET_MANUAL_CRED_VALIDATION 0x00080000
#define ISC_RET_RESERVED1 0x00100000 #define ISC_RET_RESERVED1 0x00100000
#define ISC_RET_FRAGMENT_ONLY 0x00200000 #define ISC_RET_FRAGMENT_ONLY 0x00200000
// This exists only in Longhorn and greater // This exists only in Windows Vista and greater
#define ISC_RET_FORWARD_CREDENTIALS 0x00400000 #define ISC_RET_FORWARD_CREDENTIALS 0x00400000
#define ISC_RET_USED_HTTP_STYLE 0x01000000
#define ISC_RET_NO_ADDITIONAL_TOKEN 0x02000000 // *INTERNAL* #define ISC_RET_NO_ADDITIONAL_TOKEN 0x02000000 // *INTERNAL*
#define ISC_RET_REAUTHENTICATION 0x08000000 // *INTERNAL*
#define ASC_REQ_DELEGATE 0x00000001 #define ASC_REQ_DELEGATE 0x00000001
#define ASC_REQ_MUTUAL_AUTH 0x00000002 #define ASC_REQ_MUTUAL_AUTH 0x00000002
#define ASC_REQ_REPLAY_DETECT 0x00000004 #define ASC_REQ_REPLAY_DETECT 0x00000004
#define ASC_REQ_SEQUENCE_DETECT 0x00000008 #define ASC_REQ_SEQUENCE_DETECT 0x00000008
#define ASC_REQ_CONFIDENTIALITY 0x00000010 #define ASC_REQ_CONFIDENTIALITY 0x00000010
#define ASC_REQ_USE_SESSION_KEY 0x00000020 #define ASC_REQ_USE_SESSION_KEY 0x00000020
#define ASC_REQ_ALLOCATE_MEMORY 0x00000100 #define ASC_REQ_ALLOCATE_MEMORY 0x00000100
#define ASC_REQ_USE_DCE_STYLE 0x00000200 #define ASC_REQ_USE_DCE_STYLE 0x00000200
#define ASC_REQ_DATAGRAM 0x00000400 #define ASC_REQ_DATAGRAM 0x00000400
skipping to change at line 435 skipping to change at line 464
#define ASC_REQ_STREAM 0x00010000 #define ASC_REQ_STREAM 0x00010000
#define ASC_REQ_INTEGRITY 0x00020000 #define ASC_REQ_INTEGRITY 0x00020000
#define ASC_REQ_LICENSING 0x00040000 #define ASC_REQ_LICENSING 0x00040000
#define ASC_REQ_IDENTIFY 0x00080000 #define ASC_REQ_IDENTIFY 0x00080000
#define ASC_REQ_ALLOW_NULL_SESSION 0x00100000 #define ASC_REQ_ALLOW_NULL_SESSION 0x00100000
#define ASC_REQ_ALLOW_NON_USER_LOGONS 0x00200000 #define ASC_REQ_ALLOW_NON_USER_LOGONS 0x00200000
#define ASC_REQ_ALLOW_CONTEXT_REPLAY 0x00400000 #define ASC_REQ_ALLOW_CONTEXT_REPLAY 0x00400000
#define ASC_REQ_FRAGMENT_TO_FIT 0x00800000 #define ASC_REQ_FRAGMENT_TO_FIT 0x00800000
#define ASC_REQ_FRAGMENT_SUPPLIED 0x00002000 #define ASC_REQ_FRAGMENT_SUPPLIED 0x00002000
#define ASC_REQ_NO_TOKEN 0x01000000 #define ASC_REQ_NO_TOKEN 0x01000000
#define ASC_REQ_PROXY_BINDINGS 0x04000000
// SSP_RET_REAUTHENTICATION 0x08000000 // *INTERNAL*
#define ASC_REQ_ALLOW_MISSING_BINDINGS 0x10000000
#define ASC_RET_DELEGATE 0x00000001 #define ASC_RET_DELEGATE 0x00000001
#define ASC_RET_MUTUAL_AUTH 0x00000002 #define ASC_RET_MUTUAL_AUTH 0x00000002
#define ASC_RET_REPLAY_DETECT 0x00000004 #define ASC_RET_REPLAY_DETECT 0x00000004
#define ASC_RET_SEQUENCE_DETECT 0x00000008 #define ASC_RET_SEQUENCE_DETECT 0x00000008
#define ASC_RET_CONFIDENTIALITY 0x00000010 #define ASC_RET_CONFIDENTIALITY 0x00000010
#define ASC_RET_USE_SESSION_KEY 0x00000020 #define ASC_RET_USE_SESSION_KEY 0x00000020
#define ASC_RET_ALLOCATED_MEMORY 0x00000100 #define ASC_RET_ALLOCATED_MEMORY 0x00000100
#define ASC_RET_USED_DCE_STYLE 0x00000200 #define ASC_RET_USED_DCE_STYLE 0x00000200
#define ASC_RET_DATAGRAM 0x00000400 #define ASC_RET_DATAGRAM 0x00000400
skipping to change at line 459 skipping to change at line 491
#define ASC_RET_STREAM 0x00010000 #define ASC_RET_STREAM 0x00010000
#define ASC_RET_INTEGRITY 0x00020000 #define ASC_RET_INTEGRITY 0x00020000
#define ASC_RET_LICENSING 0x00040000 #define ASC_RET_LICENSING 0x00040000
#define ASC_RET_IDENTIFY 0x00080000 #define ASC_RET_IDENTIFY 0x00080000
#define ASC_RET_NULL_SESSION 0x00100000 #define ASC_RET_NULL_SESSION 0x00100000
#define ASC_RET_ALLOW_NON_USER_LOGONS 0x00200000 #define ASC_RET_ALLOW_NON_USER_LOGONS 0x00200000
#define ASC_RET_ALLOW_CONTEXT_REPLAY 0x00400000 // deprecated - don't use th is flag!!! #define ASC_RET_ALLOW_CONTEXT_REPLAY 0x00400000 // deprecated - don't use th is flag!!!
#define ASC_RET_FRAGMENT_ONLY 0x00800000 #define ASC_RET_FRAGMENT_ONLY 0x00800000
#define ASC_RET_NO_TOKEN 0x01000000 #define ASC_RET_NO_TOKEN 0x01000000
#define ASC_RET_NO_ADDITIONAL_TOKEN 0x02000000 // *INTERNAL* #define ASC_RET_NO_ADDITIONAL_TOKEN 0x02000000 // *INTERNAL*
#define ASC_RET_NO_PROXY_BINDINGS 0x04000000
// SSP_RET_REAUTHENTICATION 0x08000000 // *INTERNAL*
#define ASC_RET_MISSING_BINDINGS 0x10000000
// //
// Security Credentials Attributes: // Security Credentials Attributes:
// //
#define SECPKG_CRED_ATTR_NAMES 1 #define SECPKG_CRED_ATTR_NAMES 1
#define SECPKG_CRED_ATTR_SSI_PROVIDER 2 #define SECPKG_CRED_ATTR_SSI_PROVIDER 2
typedef struct _SecPkgCredentials_NamesW typedef struct _SecPkgCredentials_NamesW
{ {
#ifdef MIDL_PASS
[string]
#endif
SEC_WCHAR * sUserName; SEC_WCHAR * sUserName;
} SecPkgCredentials_NamesW, * PSecPkgCredentials_NamesW; } SecPkgCredentials_NamesW, * PSecPkgCredentials_NamesW;
// end_ntifs // end_ntifs
typedef struct _SecPkgCredentials_NamesA typedef struct _SecPkgCredentials_NamesA
{ {
#ifdef MIDL_PASS
[string]
#endif
SEC_CHAR * sUserName; SEC_CHAR * sUserName;
} SecPkgCredentials_NamesA, * PSecPkgCredentials_NamesA; } SecPkgCredentials_NamesA, * PSecPkgCredentials_NamesA;
#ifdef UNICODE #ifdef UNICODE
# define SecPkgCredentials_Names SecPkgCredentials_NamesW // ntifs # define SecPkgCredentials_Names SecPkgCredentials_NamesW // ntifs
# define PSecPkgCredentials_Names PSecPkgCredentials_NamesW // ntifs # define PSecPkgCredentials_Names PSecPkgCredentials_NamesW // ntifs
#else #else
# define SecPkgCredentials_Names SecPkgCredentials_NamesA # define SecPkgCredentials_Names SecPkgCredentials_NamesA
# define PSecPkgCredentials_Names PSecPkgCredentials_NamesA # define PSecPkgCredentials_Names PSecPkgCredentials_NamesA
#endif // !UNICODE #endif // !UNICODE
skipping to change at line 545 skipping to change at line 588
// These attributes exist only in Win XP and greater // These attributes exist only in Win XP and greater
#define SECPKG_ATTR_USE_VALIDATED 15 #define SECPKG_ATTR_USE_VALIDATED 15
#define SECPKG_ATTR_CREDENTIAL_NAME 16 #define SECPKG_ATTR_CREDENTIAL_NAME 16
#define SECPKG_ATTR_TARGET_INFORMATION 17 #define SECPKG_ATTR_TARGET_INFORMATION 17
#define SECPKG_ATTR_ACCESS_TOKEN 18 #define SECPKG_ATTR_ACCESS_TOKEN 18
// These attributes exist only in Win2K3 and greater // These attributes exist only in Win2K3 and greater
#define SECPKG_ATTR_TARGET 19 #define SECPKG_ATTR_TARGET 19
#define SECPKG_ATTR_AUTHENTICATION_ID 20 #define SECPKG_ATTR_AUTHENTICATION_ID 20
// These attributes exist only in Win2K3SP1 and greater // These attributes exist only in Win2K3SP1 and greater
#define SECPKG_ATTR_LOGOFF_TIME 21 #define SECPKG_ATTR_LOGOFF_TIME 21
//
// win7 or greater
//
#define SECPKG_ATTR_NEGO_KEYS 22
#define SECPKG_ATTR_PROMPTING_NEEDED 24
#define SECPKG_ATTR_UNIQUE_BINDINGS 25
#define SECPKG_ATTR_ENDPOINT_BINDINGS 26
#define SECPKG_ATTR_CLIENT_SPECIFIED_TARGET 27
#define SECPKG_ATTR_LAST_CLIENT_TOKEN_STATUS 30
#define SECPKG_ATTR_NEGO_PKG_INFO 31 // contains nego info of packages
#define SECPKG_ATTR_NEGO_STATUS 32 // contains the last error
#define SECPKG_ATTR_CONTEXT_DELETED 33 // a context has been deleted
#define SECPKG_ATTR_SUBJECT_SECURITY_ATTRIBUTES 128
typedef struct _SecPkgContext_SubjectAttributes {
void* AttributeInfo; // contains a PAUTHZ_SECURITY_ATTRIBUTES_INFORMATION st
ructure
} SecPkgContext_SubjectAttributes, *PSecPkgContext_SubjectAttributes;
#define SECPKG_ATTR_NEGO_INFO_FLAG_NO_KERBEROS 0x1
#define SECPKG_ATTR_NEGO_INFO_FLAG_NO_NTLM 0x2
//
// types of credentials, used by SECPKG_ATTR_PROMPTING_NEEDED
//
typedef enum _SECPKG_CRED_CLASS {
SecPkgCredClass_None = 0, // no creds
SecPkgCredClass_Ephemeral = 10, // logon creds
SecPkgCredClass_PersistedGeneric = 20, // saved creds, not target specific
SecPkgCredClass_PersistedSpecific = 30, // saved creds, target specific
SecPkgCredClass_Explicit = 40, // explicitly supplied creds
} SECPKG_CRED_CLASS, * PSECPKG_CRED_CLASS;
typedef struct _SecPkgContext_CredInfo {
SECPKG_CRED_CLASS CredClass;
unsigned long IsPromptingNeeded;
} SecPkgContext_CredInfo, *PSecPkgContext_CredInfo;
typedef struct _SecPkgContext_NegoPackageInfo
{
unsigned long PackageMask;
} SecPkgContext_NegoPackageInfo, * PSecPkgContext_NegoPackageInfo;
typedef struct _SecPkgContext_NegoStatus
{
unsigned long LastStatus;
} SecPkgContext_NegoStatus, * PSecPkgContext_NegoStatus;
typedef struct _SecPkgContext_Sizes typedef struct _SecPkgContext_Sizes
{ {
unsigned long cbMaxToken; unsigned long cbMaxToken;
unsigned long cbMaxSignature; unsigned long cbMaxSignature;
unsigned long cbBlockSize; unsigned long cbBlockSize;
unsigned long cbSecurityTrailer; unsigned long cbSecurityTrailer;
} SecPkgContext_Sizes, * PSecPkgContext_Sizes; } SecPkgContext_Sizes, * PSecPkgContext_Sizes;
typedef struct _SecPkgContext_StreamSizes typedef struct _SecPkgContext_StreamSizes
skipping to change at line 570 skipping to change at line 662
unsigned long cbBlockSize; unsigned long cbBlockSize;
} SecPkgContext_StreamSizes, * PSecPkgContext_StreamSizes; } SecPkgContext_StreamSizes, * PSecPkgContext_StreamSizes;
typedef struct _SecPkgContext_NamesW typedef struct _SecPkgContext_NamesW
{ {
SEC_WCHAR * sUserName; SEC_WCHAR * sUserName;
} SecPkgContext_NamesW, * PSecPkgContext_NamesW; } SecPkgContext_NamesW, * PSecPkgContext_NamesW;
// end_ntifs // end_ntifs
typedef enum _SECPKG_ATTR_LCT_STATUS {
SecPkgAttrLastClientTokenYes,
SecPkgAttrLastClientTokenNo,
SecPkgAttrLastClientTokenMaybe
} SECPKG_ATTR_LCT_STATUS, * PSECPKG_ATTR_LCT_STATUS;
typedef struct _SecPkgContext_LastClientTokenStatus {
SECPKG_ATTR_LCT_STATUS LastClientTokenStatus;
} SecPkgContext_LastClientTokenStatus, * PSecPkgContext_LastClientTokenStatus;
typedef struct _SecPkgContext_NamesA typedef struct _SecPkgContext_NamesA
{ {
SEC_CHAR * sUserName; SEC_CHAR * sUserName;
} SecPkgContext_NamesA, * PSecPkgContext_NamesA; } SecPkgContext_NamesA, * PSecPkgContext_NamesA;
#ifdef UNICODE #ifdef UNICODE
# define SecPkgContext_Names SecPkgContext_NamesW // ntifs # define SecPkgContext_Names SecPkgContext_NamesW // ntifs
# define PSecPkgContext_Names PSecPkgContext_NamesW // ntifs # define PSecPkgContext_Names PSecPkgContext_NamesW // ntifs
#else #else
# define SecPkgContext_Names SecPkgContext_NamesA # define SecPkgContext_Names SecPkgContext_NamesA
skipping to change at line 663 skipping to change at line 765
SEC_CHAR * sProtocolName; SEC_CHAR * sProtocolName;
unsigned long majorVersion; unsigned long majorVersion;
unsigned long minorVersion; unsigned long minorVersion;
} SecPkgContext_ProtoInfoA, * PSecPkgContext_ProtoInfoA; } SecPkgContext_ProtoInfoA, * PSecPkgContext_ProtoInfoA;
// begin_ntifs // begin_ntifs
typedef struct _SecPkgContext_ProtoInfoW typedef struct _SecPkgContext_ProtoInfoW
{ {
SEC_WCHAR * sProtocolName; SEC_WCHAR * sProtocolName;
unsigned long majorVersion; unsigned long majorVersion;
unsigned long minorVersion; unsigned long minorVersion;
} SecPkgContext_ProtoInfoW, * PSecPkgContext_ProtoInfoW; } SecPkgContext_ProtoInfoW, * PSecPkgContext_ProtoInfoW;
// end_ntifs // end_ntifs
#ifdef UNICODE #ifdef UNICODE
#define SecPkgContext_ProtoInfo SecPkgContext_ProtoInfoW // ntifs #define SecPkgContext_ProtoInfo SecPkgContext_ProtoInfoW // ntifs
#define PSecPkgContext_ProtoInfo PSecPkgContext_ProtoInfoW // ntifs #define PSecPkgContext_ProtoInfo PSecPkgContext_ProtoInfoW // ntifs
#else #else
#define SecPkgContext_ProtoInfo SecPkgContext_ProtoInfoA #define SecPkgContext_ProtoInfo SecPkgContext_ProtoInfoA
#define PSecPkgContext_ProtoInfo PSecPkgContext_ProtoInfoA #define PSecPkgContext_ProtoInfo PSecPkgContext_ProtoInfoA
skipping to change at line 697 skipping to change at line 799
TimeStamp tsLogoffTime; TimeStamp tsLogoffTime;
} SecPkgContext_LogoffTime, * PSecPkgContext_LogoffTime; } SecPkgContext_LogoffTime, * PSecPkgContext_LogoffTime;
#endif // Greater than Windows Server 2003 RTM (SP1 and greater contains this) #endif // Greater than Windows Server 2003 RTM (SP1 and greater contains this)
typedef struct _SecPkgContext_SessionKey typedef struct _SecPkgContext_SessionKey
{ {
unsigned long SessionKeyLength; unsigned long SessionKeyLength;
__field_bcount(SessionKeyLength) unsigned char * SessionKey; __field_bcount(SessionKeyLength) unsigned char * SessionKey;
} SecPkgContext_SessionKey, *PSecPkgContext_SessionKey; } SecPkgContext_SessionKey, *PSecPkgContext_SessionKey;
// used by nego2
typedef struct _SecPkgContext_NegoKeys
{
unsigned long KeyType;
unsigned short KeyLength;
__field_bcount(KeyLength) unsigned char* KeyValue;
unsigned long VerifyKeyType;
unsigned short VerifyKeyLength;
__field_bcount(VerifyKeyLength) unsigned char* VerifyKeyValue;
} SecPkgContext_NegoKeys, * PSecPkgContext_NegoKeys;
typedef struct _SecPkgContext_PackageInfoW typedef struct _SecPkgContext_PackageInfoW
{ {
PSecPkgInfoW PackageInfo; PSecPkgInfoW PackageInfo;
} SecPkgContext_PackageInfoW, * PSecPkgContext_PackageInfoW; } SecPkgContext_PackageInfoW, * PSecPkgContext_PackageInfoW;
// end_ntifs // end_ntifs
typedef struct _SecPkgContext_PackageInfoA typedef struct _SecPkgContext_PackageInfoA
{ {
PSecPkgInfoA PackageInfo; PSecPkgInfoA PackageInfo;
skipping to change at line 833 skipping to change at line 946
} SecPkgContext_AuthzID, * PSecPkgContext_AuthzID; } SecPkgContext_AuthzID, * PSecPkgContext_AuthzID;
typedef struct _SecPkgContext_Target typedef struct _SecPkgContext_Target
{ {
unsigned long TargetLength; unsigned long TargetLength;
char * Target; char * Target;
} SecPkgContext_Target, * PSecPkgContext_Target; } SecPkgContext_Target, * PSecPkgContext_Target;
typedef struct _SecPkgContext_ClientSpecifiedTarget
{
SEC_WCHAR * sTargetName;
} SecPkgContext_ClientSpecifiedTarget, * PSecPkgContext_ClientSpecifiedTarget;
typedef struct _SecPkgContext_Bindings
{
unsigned long BindingsLength;
__field_bcount(BindingsLength) SEC_CHANNEL_BINDINGS * Bindings;
} SecPkgContext_Bindings, * PSecPkgContext_Bindings;
// begin_ntifs // begin_ntifs
typedef void typedef void
(SEC_ENTRY * SEC_GET_KEY_FN) ( (SEC_ENTRY * SEC_GET_KEY_FN) (
void * Arg, // Argument passed in void * Arg, // Argument passed in
void * Principal, // Principal ID void * Principal, // Principal ID
unsigned long KeyVer, // Key Version unsigned long KeyVer, // Key Version
void * * Key, // Returned ptr to key void * * Key, // Returned ptr to key
SECURITY_STATUS * Status // returned status SECURITY_STATUS * Status // returned status
); );
skipping to change at line 860 skipping to change at line 984
// This is only valid in W2K3SP1 and greater // This is only valid in W2K3SP1 and greater
#define SECPKG_CONTEXT_EXPORT_TO_KERNEL 0x00000004 // Context is to be transferred to the kernel #define SECPKG_CONTEXT_EXPORT_TO_KERNEL 0x00000004 // Context is to be transferred to the kernel
KSECDDDECLSPEC KSECDDDECLSPEC
SECURITY_STATUS SEC_ENTRY SECURITY_STATUS SEC_ENTRY
AcquireCredentialsHandleW( AcquireCredentialsHandleW(
#if ISSP_MODE == 0 // For Kernel mode #if ISSP_MODE == 0 // For Kernel mode
__in_opt PSECURITY_STRING pPrincipal, __in_opt PSECURITY_STRING pPrincipal,
__in PSECURITY_STRING pPackage, __in PSECURITY_STRING pPackage,
#else #else
__in_opt SEC_WCHAR * pszPrincipal, // Name of principal __in_opt LPWSTR pszPrincipal, // Name of principal
__in SEC_WCHAR * pszPackage, // Name of package __in LPWSTR pszPackage, // Name of package
#endif #endif
__in unsigned long fCredentialUse, // Flags indicating use __in unsigned long fCredentialUse, // Flags indicating use
__in_opt void * pvLogonId, // Pointer to logon ID __in_opt void * pvLogonId, // Pointer to logon ID
__in_opt void * pAuthData, // Package specific data __in_opt void * pAuthData, // Package specific data
__in_opt SEC_GET_KEY_FN pGetKeyFn, // Pointer to GetKey() func __in_opt SEC_GET_KEY_FN pGetKeyFn, // Pointer to GetKey() func
__in_opt void * pvGetKeyArgument, // Value to pass to GetKey() __in_opt void * pvGetKeyArgument, // Value to pass to GetKey()
__out PCredHandle phCredential, // (out) Cred Handle __out PCredHandle phCredential, // (out) Cred Handle
__out_opt PTimeStamp ptsExpiry // (out) Lifetime (optional) __out_opt PTimeStamp ptsExpiry // (out) Lifetime (optional)
); );
skipping to change at line 893 skipping to change at line 1017
void *, void *,
SEC_GET_KEY_FN, SEC_GET_KEY_FN,
void *, void *,
PCredHandle, PCredHandle,
PTimeStamp); PTimeStamp);
// end_ntifs // end_ntifs
SECURITY_STATUS SEC_ENTRY SECURITY_STATUS SEC_ENTRY
AcquireCredentialsHandleA( AcquireCredentialsHandleA(
__in_opt SEC_CHAR * pszPrincipal, // Name of principal __in_opt LPSTR pszPrincipal, // Name of principal
__in SEC_CHAR * pszPackage, // Name of package __in LPSTR pszPackage, // Name of package
__in unsigned long fCredentialUse, // Flags indicating use __in unsigned long fCredentialUse, // Flags indicating use
__in_opt void * pvLogonId, // Pointer to logon ID __in_opt void * pvLogonId, // Pointer to logon ID
__in_opt void * pAuthData, // Package specific data __in_opt void * pAuthData, // Package specific data
__in_opt SEC_GET_KEY_FN pGetKeyFn, // Pointer to GetKey() func __in_opt SEC_GET_KEY_FN pGetKeyFn, // Pointer to GetKey() func
__in_opt void * pvGetKeyArgument, // Value to pass to GetKey() __in_opt void * pvGetKeyArgument, // Value to pass to GetKey()
__out PCredHandle phCredential, // (out) Cred Handle __out PCredHandle phCredential, // (out) Cred Handle
__out_opt PTimeStamp ptsExpiry // (out) Lifetime (optional) __out_opt PTimeStamp ptsExpiry // (out) Lifetime (optional)
); );
typedef SECURITY_STATUS typedef SECURITY_STATUS
skipping to change at line 944 skipping to change at line 1068
PCredHandle ); PCredHandle );
KSECDDDECLSPEC KSECDDDECLSPEC
SECURITY_STATUS SEC_ENTRY SECURITY_STATUS SEC_ENTRY
AddCredentialsW( AddCredentialsW(
__in PCredHandle hCredentials, __in PCredHandle hCredentials,
#if ISSP_MODE == 0 // For Kernel mode #if ISSP_MODE == 0 // For Kernel mode
__in_opt PSECURITY_STRING pPrincipal, __in_opt PSECURITY_STRING pPrincipal,
__in PSECURITY_STRING pPackage, __in PSECURITY_STRING pPackage,
#else #else
__in_opt SEC_WCHAR * pszPrincipal, // Name of principal __in_opt LPWSTR pszPrincipal, // Name of principal
__in SEC_WCHAR * pszPackage, // Name of package __in LPWSTR pszPackage, // Name of package
#endif #endif
__in unsigned long fCredentialUse, // Flags indicating use __in unsigned long fCredentialUse, // Flags indicating use
__in_opt void * pAuthData, // Package specific data __in_opt void * pAuthData, // Package specific data
__in_opt SEC_GET_KEY_FN pGetKeyFn, // Pointer to GetKey() func __in_opt SEC_GET_KEY_FN pGetKeyFn, // Pointer to GetKey() func
__in_opt void * pvGetKeyArgument, // Value to pass to GetKey() __in_opt void * pvGetKeyArgument, // Value to pass to GetKey()
__out_opt PTimeStamp ptsExpiry // (out) Lifetime (optional) __out_opt PTimeStamp ptsExpiry // (out) Lifetime (optional)
); );
typedef SECURITY_STATUS typedef SECURITY_STATUS
(SEC_ENTRY * ADD_CREDENTIALS_FN_W)( (SEC_ENTRY * ADD_CREDENTIALS_FN_W)(
skipping to change at line 973 skipping to change at line 1097
#endif #endif
unsigned long, unsigned long,
void *, void *,
SEC_GET_KEY_FN, SEC_GET_KEY_FN,
void *, void *,
PTimeStamp); PTimeStamp);
SECURITY_STATUS SEC_ENTRY SECURITY_STATUS SEC_ENTRY
AddCredentialsA( AddCredentialsA(
__in PCredHandle hCredentials, __in PCredHandle hCredentials,
__in_opt SEC_CHAR * pszPrincipal, // Name of principal __in_opt LPSTR pszPrincipal, // Name of principal
__in SEC_CHAR * pszPackage, // Name of package __in LPSTR pszPackage, // Name of package
__in unsigned long fCredentialUse, // Flags indicating use __in unsigned long fCredentialUse, // Flags indicating use
__in_opt void * pAuthData, // Package specific data __in_opt void * pAuthData, // Package specific data
__in_opt SEC_GET_KEY_FN pGetKeyFn, // Pointer to GetKey() func __in_opt SEC_GET_KEY_FN pGetKeyFn, // Pointer to GetKey() func
__in_opt void * pvGetKeyArgument, // Value to pass to GetKey() __in_opt void * pvGetKeyArgument, // Value to pass to GetKey()
__out_opt PTimeStamp ptsExpiry // (out) Lifetime (optional) __out_opt PTimeStamp ptsExpiry // (out) Lifetime (optional)
); );
typedef SECURITY_STATUS typedef SECURITY_STATUS
(SEC_ENTRY * ADD_CREDENTIALS_FN_A)( (SEC_ENTRY * ADD_CREDENTIALS_FN_A)(
PCredHandle, PCredHandle,
skipping to change at line 1542 skipping to change at line 1666
#endif // !UNICODE #endif // !UNICODE
// begin_ntifs // begin_ntifs
KSECDDDECLSPEC KSECDDDECLSPEC
SECURITY_STATUS SEC_ENTRY SECURITY_STATUS SEC_ENTRY
QuerySecurityPackageInfoW( QuerySecurityPackageInfoW(
#if ISSP_MODE == 0 #if ISSP_MODE == 0
__in PSECURITY_STRING pPackageName, __in PSECURITY_STRING pPackageName,
#else #else
__in SEC_WCHAR * pszPackageName, // Name of package __in LPWSTR pszPackageName, // Name of package
#endif #endif
__deref_out PSecPkgInfoW *ppPackageInfo // Receives package info __deref_out PSecPkgInfoW *ppPackageInfo // Receives package info
); );
typedef SECURITY_STATUS typedef SECURITY_STATUS
(SEC_ENTRY * QUERY_SECURITY_PACKAGE_INFO_FN_W)( (SEC_ENTRY * QUERY_SECURITY_PACKAGE_INFO_FN_W)(
#if ISSP_MODE == 0 #if ISSP_MODE == 0
PSECURITY_STRING, PSECURITY_STRING,
#else #else
SEC_WCHAR *, SEC_WCHAR *,
#endif #endif
PSecPkgInfoW *); PSecPkgInfoW *);
// end_ntifs // end_ntifs
SECURITY_STATUS SEC_ENTRY SECURITY_STATUS SEC_ENTRY
QuerySecurityPackageInfoA( QuerySecurityPackageInfoA(
__in SEC_CHAR * pszPackageName, // Name of package __in LPSTR pszPackageName, // Name of package
__deref_out PSecPkgInfoA *ppPackageInfo // Receives package info __deref_out PSecPkgInfoA *ppPackageInfo // Receives package info
); );
typedef SECURITY_STATUS typedef SECURITY_STATUS
(SEC_ENTRY * QUERY_SECURITY_PACKAGE_INFO_FN_A)( (SEC_ENTRY * QUERY_SECURITY_PACKAGE_INFO_FN_A)(
SEC_CHAR *, SEC_CHAR *,
PSecPkgInfoA *); PSecPkgInfoA *);
#ifdef UNICODE #ifdef UNICODE
# define QuerySecurityPackageInfo QuerySecurityPackageInfoW // n tifs # define QuerySecurityPackageInfo QuerySecurityPackageInfoW // n tifs
skipping to change at line 1591 skipping to change at line 1715
SecDirectory, SecDirectory,
SecObject SecObject
} SecDelegationType, * PSecDelegationType; } SecDelegationType, * PSecDelegationType;
SECURITY_STATUS SEC_ENTRY SECURITY_STATUS SEC_ENTRY
DelegateSecurityContext( DelegateSecurityContext(
PCtxtHandle phContext, // IN Active context to delegate PCtxtHandle phContext, // IN Active context to delegate
#if ISSP_MODE == 0 #if ISSP_MODE == 0
PSECURITY_STRING pTarget, // IN Target path PSECURITY_STRING pTarget, // IN Target path
#else #else
SEC_CHAR * pszTarget, __in LPSTR pszTarget,
#endif #endif
SecDelegationType DelegationType, // IN Type of delegation SecDelegationType DelegationType, // IN Type of delegation
PTimeStamp pExpiry, // IN OPTIONAL time limit PTimeStamp pExpiry, // IN OPTIONAL time limit
PSecBuffer pPackageParameters, // IN OPTIONAL package specific PSecBuffer pPackageParameters, // IN OPTIONAL package specific
PSecBufferDesc pOutput); // OUT Token for applycontroltoken. PSecBufferDesc pOutput); // OUT Token for applycontroltoken.
/////////////////////////////////////////////////////////////////////////// ///////////////////////////////////////////////////////////////////////////
//// ////
//// Proxies //// Proxies
//// ////
skipping to change at line 1639 skipping to change at line 1763
PSecBuffer, PSecBuffer,
void * * void * *
); );
KSECDDDECLSPEC KSECDDDECLSPEC
SECURITY_STATUS SEC_ENTRY SECURITY_STATUS SEC_ENTRY
ImportSecurityContextW( ImportSecurityContextW(
#if ISSP_MODE == 0 #if ISSP_MODE == 0
__in PSECURITY_STRING pszPackage, __in PSECURITY_STRING pszPackage,
#else #else
__in SEC_WCHAR * pszPackage, __in LPWSTR pszPackage,
#endif #endif
__in PSecBuffer pPackedContext, // (in) marshalled context __in PSecBuffer pPackedContext, // (in) marshalled context
__in void * Token, // (in, optional) handle to token for context __in void * Token, // (in, optional) handle t o token for context
__out PCtxtHandle phContext // (out) new context handl e __out PCtxtHandle phContext // (out) new context handl e
); );
typedef SECURITY_STATUS typedef SECURITY_STATUS
(SEC_ENTRY * IMPORT_SECURITY_CONTEXT_FN_W)( (SEC_ENTRY * IMPORT_SECURITY_CONTEXT_FN_W)(
#if ISSP_MODE == 0 #if ISSP_MODE == 0
PSECURITY_STRING, PSECURITY_STRING,
#else #else
SEC_WCHAR *, SEC_WCHAR *,
#endif #endif
PSecBuffer, PSecBuffer,
VOID *, VOID *,
PCtxtHandle PCtxtHandle
); );
// end_ntifs // end_ntifs
SECURITY_STATUS SEC_ENTRY SECURITY_STATUS SEC_ENTRY
ImportSecurityContextA( ImportSecurityContextA(
__in SEC_CHAR * pszPackage, __in LPSTR pszPackage,
__in PSecBuffer pPackedContext, // (in) marshalled context __in PSecBuffer pPackedContext, // (in) marshalled context
__in VOID * Token, // (in, optional) handle to token for context __in VOID * Token, // (in, optional) handle t o token for context
__out PCtxtHandle phContext // (out) new context handl e __out PCtxtHandle phContext // (out) new context handl e
); );
typedef SECURITY_STATUS typedef SECURITY_STATUS
(SEC_ENTRY * IMPORT_SECURITY_CONTEXT_FN_A)( (SEC_ENTRY * IMPORT_SECURITY_CONTEXT_FN_A)(
SEC_CHAR *, SEC_CHAR *,
PSecBuffer, PSecBuffer,
void *, void *,
PCtxtHandle PCtxtHandle
); );
skipping to change at line 1735 skipping to change at line 1859
IN PUNICODE_STRING InstanceName OPTIONAL, IN PUNICODE_STRING InstanceName OPTIONAL,
IN USHORT InstancePort OPTIONAL, IN USHORT InstancePort OPTIONAL,
IN PUNICODE_STRING Referrer OPTIONAL, IN PUNICODE_STRING Referrer OPTIONAL,
IN PUNICODE_STRING InTargetInfo OPTIONAL, IN PUNICODE_STRING InTargetInfo OPTIONAL,
IN OUT PUNICODE_STRING Spn, IN OUT PUNICODE_STRING Spn,
OUT PULONG TotalSize OPTIONAL, OUT PULONG TotalSize OPTIONAL,
IN BOOLEAN Allocate, IN BOOLEAN Allocate,
IN BOOLEAN IsTargetInfoMarshaled IN BOOLEAN IsTargetInfoMarshaled
); );
#endif // Longhorn and greater #endif // Windows Vista and greater
KSECDDDECLSPEC KSECDDDECLSPEC
NTSTATUS NTSTATUS
SEC_ENTRY SEC_ENTRY
SecLookupAccountSid( SecLookupAccountSid(
__in PSID Sid, __in PSID Sid,
__out PULONG NameSize, __out PULONG NameSize,
__inout PUNICODE_STRING NameBuffer, __inout PUNICODE_STRING NameBuffer,
__out PULONG DomainSize OPTIONAL, __out PULONG DomainSize OPTIONAL,
__out_opt PUNICODE_STRING DomainBuffer OPTIONAL, __out_opt PUNICODE_STRING DomainBuffer OPTIONAL,
skipping to change at line 1960 skipping to change at line 2084
SECURITY_STATUS SECURITY_STATUS
SEC_ENTRY SEC_ENTRY
SaslEnumerateProfilesA( SaslEnumerateProfilesA(
__deref_out LPSTR * ProfileList, __deref_out LPSTR * ProfileList,
__out ULONG * ProfileCount __out ULONG * ProfileCount
); );
SECURITY_STATUS SECURITY_STATUS
SEC_ENTRY SEC_ENTRY
SaslEnumerateProfilesW( SaslEnumerateProfilesW(
OUT LPWSTR * ProfileList, __deref_out LPWSTR * ProfileList,
OUT ULONG * ProfileCount __out ULONG * ProfileCount
); );
#ifdef UNICODE #ifdef UNICODE
#define SaslEnumerateProfiles SaslEnumerateProfilesW #define SaslEnumerateProfiles SaslEnumerateProfilesW
#else #else
#define SaslEnumerateProfiles SaslEnumerateProfilesA #define SaslEnumerateProfiles SaslEnumerateProfilesA
#endif #endif
SECURITY_STATUS SECURITY_STATUS
SEC_ENTRY SEC_ENTRY
skipping to change at line 2109 skipping to change at line 2233
#pragma warning(default:4147) #pragma warning(default:4147)
#endif #endif
#endif #endif
// //
// This is the legacy credentials structure. // This is the legacy credentials structure.
// The EX version below is preferred. // The EX version below is preferred.
// begin_ntifs // begin_ntifs
#ifndef _AUTH_IDENTITY_EX2_DEFINED
#define _AUTH_IDENTITY_EX2_DEFINED
#define SEC_WINNT_AUTH_IDENTITY_VERSION_2 0x201
typedef struct _SEC_WINNT_AUTH_IDENTITY_EX2 {
unsigned long Version; // contains SEC_WINNT_AUTH_IDENTITY_VERSION_2
unsigned short cbHeaderLength;
unsigned long cbStructureLength;
unsigned long UserOffset; // Non-NULL terminated string, unico
de only
unsigned short UserLength; // # of bytes (NOT WCHARs), not incl
uding NULL.
unsigned long DomainOffset; // Non-NULL terminated string, unico
de only
unsigned short DomainLength; // # of bytes (NOT WCHARs), not incl
uding NULL.
unsigned long PackedCredentialsOffset; // Non-NULL terminated string, unico
de only
unsigned short PackedCredentialsLength; // # of bytes (NOT WCHARs), not incl
uding NULL.
unsigned long Flags;
unsigned long PackageListOffset; // Non-NULL terminated string, unico
de only
unsigned short PackageListLength;
} SEC_WINNT_AUTH_IDENTITY_EX2, *PSEC_WINNT_AUTH_IDENTITY_EX2;
#endif // _AUTH_IDENTITY_EX2_DEFINED
#ifndef _AUTH_IDENTITY_DEFINED #ifndef _AUTH_IDENTITY_DEFINED
#define _AUTH_IDENTITY_DEFINED #define _AUTH_IDENTITY_DEFINED
// //
// This was not defined in NTIFS.h for windows 2000 however // This was not defined in NTIFS.h for windows 2000 however
// this struct has always been there and are safe to use // this struct has always been there and are safe to use
// in windows 2000 and above. // in windows 2000 and above.
// //
#define SEC_WINNT_AUTH_IDENTITY_ANSI 0x1 #define SEC_WINNT_AUTH_IDENTITY_ANSI 0x1
#define SEC_WINNT_AUTH_IDENTITY_UNICODE 0x2 #define SEC_WINNT_AUTH_IDENTITY_UNICODE 0x2
typedef struct _SEC_WINNT_AUTH_IDENTITY_W { typedef struct _SEC_WINNT_AUTH_IDENTITY_W {
unsigned short *User; unsigned short *User; // Non-NULL terminated string.
unsigned long UserLength; unsigned long UserLength; // # of characters (NOT bytes), not including N
unsigned short *Domain; ULL.
unsigned long DomainLength; unsigned short *Domain; // Non-NULL terminated string.
unsigned short *Password; unsigned long DomainLength; // # of characters (NOT bytes), not including N
unsigned long PasswordLength; ULL.
unsigned short *Password; // Non-NULL terminated string.
unsigned long PasswordLength; // # of characters (NOT bytes), not including N
ULL.
unsigned long Flags; unsigned long Flags;
} SEC_WINNT_AUTH_IDENTITY_W, *PSEC_WINNT_AUTH_IDENTITY_W; } SEC_WINNT_AUTH_IDENTITY_W, *PSEC_WINNT_AUTH_IDENTITY_W;
// end_ntifs // end_ntifs
#define _AUTH_IDENTITY_A_DEFINED #define _AUTH_IDENTITY_A_DEFINED
typedef struct _SEC_WINNT_AUTH_IDENTITY_A { typedef struct _SEC_WINNT_AUTH_IDENTITY_A {
unsigned char *User; unsigned char *User; // Non-NULL terminated string.
unsigned long UserLength; unsigned long UserLength; // # of characters (NOT bytes), not including N
unsigned char *Domain; ULL.
unsigned long DomainLength; unsigned char *Domain; // Non-NULL terminated string.
unsigned char *Password; unsigned long DomainLength; // # of characters (NOT bytes), not including N
unsigned long PasswordLength; ULL.
unsigned char *Password; // Non-NULL terminated string.
unsigned long PasswordLength; // # of characters (NOT bytes), not including N
ULL.
unsigned long Flags; unsigned long Flags;
} SEC_WINNT_AUTH_IDENTITY_A, *PSEC_WINNT_AUTH_IDENTITY_A; } SEC_WINNT_AUTH_IDENTITY_A, *PSEC_WINNT_AUTH_IDENTITY_A;
#ifdef UNICODE #ifdef UNICODE
#define SEC_WINNT_AUTH_IDENTITY SEC_WINNT_AUTH_IDENTITY_W // ntifs #define SEC_WINNT_AUTH_IDENTITY SEC_WINNT_AUTH_IDENTITY_W // ntifs
#define PSEC_WINNT_AUTH_IDENTITY PSEC_WINNT_AUTH_IDENTITY_W // ntifs #define PSEC_WINNT_AUTH_IDENTITY PSEC_WINNT_AUTH_IDENTITY_W // ntifs
#define _SEC_WINNT_AUTH_IDENTITY _SEC_WINNT_AUTH_IDENTITY_W // ntifs #define _SEC_WINNT_AUTH_IDENTITY _SEC_WINNT_AUTH_IDENTITY_W // ntifs
#else // UNICODE #else // UNICODE
#define SEC_WINNT_AUTH_IDENTITY SEC_WINNT_AUTH_IDENTITY_A #define SEC_WINNT_AUTH_IDENTITY SEC_WINNT_AUTH_IDENTITY_A
#define PSEC_WINNT_AUTH_IDENTITY PSEC_WINNT_AUTH_IDENTITY_A #define PSEC_WINNT_AUTH_IDENTITY PSEC_WINNT_AUTH_IDENTITY_A
skipping to change at line 2170 skipping to change at line 2316
// This is the combined authentication identity structure that may be // This is the combined authentication identity structure that may be
// used with the negotiate package, NTLM, Kerberos, or SCHANNEL // used with the negotiate package, NTLM, Kerberos, or SCHANNEL
// //
#ifndef SEC_WINNT_AUTH_IDENTITY_VERSION #ifndef SEC_WINNT_AUTH_IDENTITY_VERSION
#define SEC_WINNT_AUTH_IDENTITY_VERSION 0x200 #define SEC_WINNT_AUTH_IDENTITY_VERSION 0x200
typedef struct _SEC_WINNT_AUTH_IDENTITY_EXW { typedef struct _SEC_WINNT_AUTH_IDENTITY_EXW {
unsigned long Version; unsigned long Version;
unsigned long Length; unsigned long Length;
unsigned short *User; unsigned short *User; // Non-NULL terminated string.
unsigned long UserLength; unsigned long UserLength; // # of characters (NOT bytes), not includi
unsigned short *Domain; ng NULL.
unsigned long DomainLength; unsigned short *Domain; // Non-NULL terminated string.
unsigned short *Password; unsigned long DomainLength; // # of characters (NOT bytes), not includi
unsigned long PasswordLength; ng NULL.
unsigned short *Password; // Non-NULL terminated string.
unsigned long PasswordLength; // # of characters (NOT bytes), not includi
ng NULL.
unsigned long Flags; unsigned long Flags;
unsigned short * PackageList; unsigned short *PackageList;
unsigned long PackageListLength; unsigned long PackageListLength;
} SEC_WINNT_AUTH_IDENTITY_EXW, *PSEC_WINNT_AUTH_IDENTITY_EXW; } SEC_WINNT_AUTH_IDENTITY_EXW, *PSEC_WINNT_AUTH_IDENTITY_EXW;
// end_ntifs // end_ntifs
typedef struct _SEC_WINNT_AUTH_IDENTITY_EXA { typedef struct _SEC_WINNT_AUTH_IDENTITY_EXA {
unsigned long Version; unsigned long Version;
unsigned long Length; unsigned long Length;
unsigned char *User; unsigned char *User; // Non-NULL terminated string.
unsigned long UserLength; unsigned long UserLength; // # of characters (NOT bytes), not includi
unsigned char *Domain; ng NULL.
unsigned long DomainLength; unsigned char *Domain; // Non-NULL terminated string.
unsigned char *Password; unsigned long DomainLength; // # of characters (NOT bytes), not includi
unsigned long PasswordLength; ng NULL.
unsigned char *Password; // Non-NULL terminated string.
unsigned long PasswordLength; // # of characters (NOT bytes), not includi
ng NULL.
unsigned long Flags; unsigned long Flags;
unsigned char * PackageList; unsigned char * PackageList;
unsigned long PackageListLength; unsigned long PackageListLength;
} SEC_WINNT_AUTH_IDENTITY_EXA, *PSEC_WINNT_AUTH_IDENTITY_EXA; } SEC_WINNT_AUTH_IDENTITY_EXA, *PSEC_WINNT_AUTH_IDENTITY_EXA;
#ifdef UNICODE #ifdef UNICODE
#define SEC_WINNT_AUTH_IDENTITY_EX SEC_WINNT_AUTH_IDENTITY_EXW // ntifs #define SEC_WINNT_AUTH_IDENTITY_EX SEC_WINNT_AUTH_IDENTITY_EXW // ntifs
#define PSEC_WINNT_AUTH_IDENTITY_EX PSEC_WINNT_AUTH_IDENTITY_EXW // ntifs #define PSEC_WINNT_AUTH_IDENTITY_EX PSEC_WINNT_AUTH_IDENTITY_EXW // ntifs
#else #else
#define SEC_WINNT_AUTH_IDENTITY_EX SEC_WINNT_AUTH_IDENTITY_EXA #define SEC_WINNT_AUTH_IDENTITY_EX SEC_WINNT_AUTH_IDENTITY_EXA
skipping to change at line 2205 skipping to change at line 2351
} SEC_WINNT_AUTH_IDENTITY_EXA, *PSEC_WINNT_AUTH_IDENTITY_EXA; } SEC_WINNT_AUTH_IDENTITY_EXA, *PSEC_WINNT_AUTH_IDENTITY_EXA;
#ifdef UNICODE #ifdef UNICODE
#define SEC_WINNT_AUTH_IDENTITY_EX SEC_WINNT_AUTH_IDENTITY_EXW // ntifs #define SEC_WINNT_AUTH_IDENTITY_EX SEC_WINNT_AUTH_IDENTITY_EXW // ntifs
#define PSEC_WINNT_AUTH_IDENTITY_EX PSEC_WINNT_AUTH_IDENTITY_EXW // ntifs #define PSEC_WINNT_AUTH_IDENTITY_EX PSEC_WINNT_AUTH_IDENTITY_EXW // ntifs
#else #else
#define SEC_WINNT_AUTH_IDENTITY_EX SEC_WINNT_AUTH_IDENTITY_EXA #define SEC_WINNT_AUTH_IDENTITY_EX SEC_WINNT_AUTH_IDENTITY_EXA
#endif #endif
// begin_ntifs // begin_ntifs
#endif // SEC_WINNT_AUTH_IDENTITY_VERSION #endif // SEC_WINNT_AUTH_IDENTITY_VERSION
// end_ntifs
#ifndef _AUTH_IDENTITY_INFO_DEFINED
#define _AUTH_IDENTITY_INFO_DEFINED
//
// the procedure for how to parse a SEC_WINNT_AUTH_IDENTITY_INFO structure:
//
// 1) First check the first DWORD of SEC_WINNT_AUTH_IDENTITY_INFO, if the first
// DWORD is 0x200, it is either an AuthIdExw or AuthIdExA, otherwise if the fi
rst
// DWORD is 0x201, the structure is an AuthIdEx2 structure. Otherwise the stru
cture
// is either an AuthId_a or an AuthId_w.
//
// 2) Secondly check the flags for SEC_WINNT_AUTH_IDENTITY_ANSI or
// SEC_WINNT_AUTH_IDENTITY_UNICODE, the presence of the former means the struc
ture
// is an ANSI structure. Otherwise, the structure is the wide version. Note t
hat
// AuthIdEx2 does not have an ANSI version so this check does not apply to it.
//
typedef union _SEC_WINNT_AUTH_IDENTITY_INFO {
SEC_WINNT_AUTH_IDENTITY_EXW AuthIdExw;
SEC_WINNT_AUTH_IDENTITY_EXA AuthIdExa;
SEC_WINNT_AUTH_IDENTITY_A AuthId_a;
SEC_WINNT_AUTH_IDENTITY_W AuthId_w;
SEC_WINNT_AUTH_IDENTITY_EX2 AuthIdEx2;
} SEC_WINNT_AUTH_IDENTITY_INFO, *PSEC_WINNT_AUTH_IDENTITY_INFO;
// the credential structure is encrypted via
// RtlEncryptMemory(OptionFlags = 0)
#define SEC_WINNT_AUTH_IDENTITY_FLAGS_PROCESS_ENCRYPTED 0x10
// the credential structure is protected by local system via
// RtlEncryptMemory(OptionFlags =
// IOCTL_KSEC_ENCRYPT_MEMORY_SAME_LOGON)
#define SEC_WINNT_AUTH_IDENTITY_FLAGS_SYSTEM_PROTECTED 0x20
#define SEC_WINNT_AUTH_IDENTITY_FLAGS_RESERVED 0x10000
#define SEC_WINNT_AUTH_IDENTITY_FLAGS_NULL_USER 0x20000
#define SEC_WINNT_AUTH_IDENTITY_FLAGS_NULL_DOMAIN 0x40000
//
// These bits are for communication between SspiPromptForCredentials()
// and the credential providers. Do not use these bits for any other
// purpose.
//
#define SEC_WINNT_AUTH_IDENTITY_FLAGS_SSPIPFC_USE_MASK 0xFF000000
//
// Instructs the credential provider to not save credentials itself
// when caller selects the "Remember my credential" checkbox.
//
#define SEC_WINNT_AUTH_IDENTITY_FLAGS_SSPIPFC_SAVE_CRED_BY_CALLER 0x80000000
//
// State of the "Remember my credentials" checkbox.
// When set, indicates checked; when cleared, indicates unchecked.
//
#define SEC_WINNT_AUTH_IDENTITY_FLAGS_SSPIPFC_SAVE_CRED_CHECKED 0x40000000
#define SEC_WINNT_AUTH_IDENTITY_FLAGS_VALID_SSPIPFC_FLAGS \
(SEC_WINNT_AUTH_IDENTITY_FLAGS_SSPIPFC_SAVE_CRED_BY_CALLER | \
SEC_WINNT_AUTH_IDENTITY_FLAGS_SSPIPFC_SAVE_CRED_CHECKED)
#endif // _AUTH_IDENTITY_INFO_DEFINED
#ifndef _SSPIPFC_NONE_ // the public view
// begin_ntifs
typedef PVOID PSEC_WINNT_AUTH_IDENTITY_OPAQUE; // the credential structure is op
aque
// end_ntifs
#else // the internal view
typedef PSEC_WINNT_AUTH_IDENTITY_INFO PSEC_WINNT_AUTH_IDENTITY_OPAQUE;
#endif // _SSPIPFC_NONE_
//
// dwFlags parameter of SspiPromptForCredentials():
//
//
// Indicates that the credentials should not be saved if
// the user selects the 'save' (or 'remember my password')
// checkbox in the credential dialog box. The location pointed
// to by the pfSave parameter indicates whether or not the user
// selected the checkbox.
//
// Note that some credential providers won't honour this flag and
// may save the credentials in a persistent manner anyway if the
// user selects the 'save' checbox.
//
#define SSPIPFC_SAVE_CRED_BY_CALLER 0x00000001
#define SSPIPFC_VALID_FLAGS (SSPIPFC_SAVE_CRED_BY_CALLER)
#ifndef _SSPIPFC_NONE_ // the public view
// Use SspiFreeAuthIdentity() to free the buffer returned
// in ppAuthIdentity.
unsigned long
SEC_ENTRY
SspiPromptForCredentialsW(
__in PCWSTR pszTargetName,
#ifdef _CREDUI_INFO_DEFINED
__in_opt PCREDUI_INFOW pUiInfo,
#else
__in_opt PVOID pUiInfo,
#endif // _CREDUI_INFO_DEFINED
__in unsigned long dwAuthError,
__in PCWSTR pszPackage,
__in_opt PSEC_WINNT_AUTH_IDENTITY_OPAQUE pInputAuthIdentity,
__deref_out PSEC_WINNT_AUTH_IDENTITY_OPAQUE* ppAuthIdentity,
__inout_opt int* pfSave,
__in unsigned long dwFlags
);
// Use SspiFreeAuthIdentity() to free the buffer returned
// in ppAuthIdentity.
unsigned long
SEC_ENTRY
SspiPromptForCredentialsA(
__in PCSTR pszTargetName,
#ifdef _CREDUI_INFO_DEFINED
__in_opt PCREDUI_INFOA pUiInfo,
#else
__in_opt PVOID pUiInfo,
#endif // _CREDUI_INFO_DEFINED
__in unsigned long dwAuthError,
__in PCSTR pszPackage,
__in_opt PSEC_WINNT_AUTH_IDENTITY_OPAQUE pInputAuthIdentity,
__deref_out PSEC_WINNT_AUTH_IDENTITY_OPAQUE* ppAuthIdentity,
__inout_opt int* pfSave,
__in unsigned long dwFlags
);
#endif // _SSPIPFC_NONE_
#ifdef UNICODE
#define SspiPromptForCredentials SspiPromptForCredentialsW
#else
#define SspiPromptForCredentials SspiPromptForCredentialsA
#endif
#ifdef _SEC_WINNT_AUTH_TYPES
typedef struct _SEC_WINNT_AUTH_BYTE_VECTOR {
unsigned long ByteArrayOffset; // each element is a byte
unsigned short ByteArrayLength; //
} SEC_WINNT_AUTH_BYTE_VECTOR, *PSEC_WINNT_AUTH_BYTE_VECTOR;
typedef struct _SEC_WINNT_AUTH_DATA {
GUID CredType;
SEC_WINNT_AUTH_BYTE_VECTOR CredData;
} SEC_WINNT_AUTH_DATA, *PSEC_WINNT_AUTH_DATA;
typedef struct _SEC_WINNT_AUTH_PACKED_CREDENTIALS {
unsigned short cbHeaderLength; // the length of the header
unsigned short cbStructureLength; // pay load length including the header
SEC_WINNT_AUTH_DATA AuthData;
} SEC_WINNT_AUTH_PACKED_CREDENTIALS, *PSEC_WINNT_AUTH_PACKED_CREDENTIALS;
// {28BFC32F-10F6-4738-98D1-1AC061DF716A}
static const GUID SEC_WINNT_AUTH_DATA_TYPE_PASSWORD =
{ 0x28bfc32f, 0x10f6, 0x4738, { 0x98, 0xd1, 0x1a, 0xc0, 0x61, 0xdf, 0x71, 0x6
a } };
// {235F69AD-73FB-4dbc-8203-0629E739339B}
static const GUID SEC_WINNT_AUTH_DATA_TYPE_CERT =
{ 0x235f69ad, 0x73fb, 0x4dbc, { 0x82, 0x3, 0x6, 0x29, 0xe7, 0x39, 0x33, 0x9b
} };
typedef struct _SEC_WINNT_AUTH_DATA_PASSWORD {
SEC_WINNT_AUTH_BYTE_VECTOR UnicodePassword;
} SEC_WINNT_AUTH_DATA_PASSWORD, PSEC_WINNT_AUTH_DATA_PASSWORD;
//
// smartcard cred data
//
// {68FD9879-079C-4dfe-8281-578AADC1C100}
static const GUID SEC_WINNT_AUTH_DATA_TYPE_CSP_DATA =
{ 0x68fd9879, 0x79c, 0x4dfe, { 0x82, 0x81, 0x57, 0x8a, 0xad, 0xc1, 0xc1, 0x0
} };
typedef struct _SEC_WINNT_AUTH_CERTIFICATE_DATA {
unsigned short cbHeaderLength;
unsigned short cbStructureLength;
SEC_WINNT_AUTH_BYTE_VECTOR Certificate;
} SEC_WINNT_AUTH_CERTIFICATE_DATA, *PSEC_WINNT_AUTH_CERTIFICATE_DATA;
typedef struct _SEC_WINNT_CREDUI_CONTEXT_VECTOR
{
ULONG CredUIContextArrayOffset; // offset starts at the beginning of
// this structure, and each element is a SEC_WINNT_AUTH_BYTE_VECTOR that
// describes the flat CredUI context returned by SpGetCredUIContext()
USHORT CredUIContextCount;
} SEC_WINNT_CREDUI_CONTEXT_VECTOR, *PSEC_WINNT_CREDUI_CONTEXT_VECTOR;
typedef struct _SEC_WINNT_AUTH_SHORT_VECTOR
{
ULONG ShortArrayOffset; // each element is a short
USHORT ShortArrayCount; // number of characters
} SEC_WINNT_AUTH_SHORT_VECTOR, *PSEC_WINNT_AUTH_SHORT_VECTOR;
// free the returned memory using SspiLocalFree
SECURITY_STATUS
SEC_ENTRY
SspiGetCredUIContext(
__in HANDLE ContextHandle,
__in GUID* CredType,
__in_opt LUID* LogonId, // use this LogonId, the caller must be localsystem t
o supply a logon id
__deref_out PSEC_WINNT_CREDUI_CONTEXT_VECTOR* CredUIContexts,
__out_opt HANDLE* TokenHandle
);
SECURITY_STATUS
SEC_ENTRY
SspiUpdateCredentials(
__in HANDLE ContextHandle,
__in GUID* CredType,
__in ULONG FlatCredUIContextLength,
__in_bcount(FlatCredUIContextLength) PUCHAR FlatCredUIContext
);
typedef struct _CREDUIWIN_MARSHALED_CONTEXT
{
GUID StructureType;
USHORT cbHeaderLength;
LUID LogonId; // user's logon id
GUID MarshaledDataType;
ULONG MarshaledDataOffset;
USHORT MarshaledDataLength;
} CREDUIWIN_MARSHALED_CONTEXT, *PCREDUIWIN_MARSHALED_CONTEXT;
typedef struct _SEC_WINNT_CREDUI_CONTEXT
{
USHORT cbHeaderLength;
HANDLE CredUIContextHandle; // the handle to call SspiGetCredUIContext()
#ifdef _CREDUI_INFO_DEFINED
PCREDUI_INFOW UIInfo; // input from SspiPromptForCredentials()
#else
PVOID UIInfo;
#endif // _CREDUI_INFO_DEFINED
ULONG dwAuthError; // the authentication error
PSEC_WINNT_AUTH_IDENTITY_OPAQUE pInputAuthIdentity;
PUNICODE_STRING TargetName;
} SEC_WINNT_CREDUI_CONTEXT, *PSEC_WINNT_CREDUI_CONTEXT;
// {3C3E93D9-D96B-49b5-94A7-458592088337}
static const GUID CREDUIWIN_STRUCTURE_TYPE_SSPIPFC =
{ 0x3c3e93d9, 0xd96b, 0x49b5, { 0x94, 0xa7, 0x45, 0x85, 0x92, 0x8, 0x83, 0x37 }
};
// {C2FFFE6F-503D-4c3d-A95E-BCE821213D44}
static const GUID SSPIPFC_STRUCTURE_TYPE_CREDUI_CONTEXT =
{ 0xc2fffe6f, 0x503d, 0x4c3d, { 0xa9, 0x5e, 0xbc, 0xe8, 0x21, 0x21, 0x3d, 0x44 }
};
typedef struct _SEC_WINNT_AUTH_PACKED_CREDENTIALS_EX {
unsigned short cbHeaderLength;
unsigned long Flags; // contains the Flags field in
// SEC_WINNT_AUTH_IDENTITY_EX
SEC_WINNT_AUTH_BYTE_VECTOR PackedCredentials;
SEC_WINNT_AUTH_SHORT_VECTOR PackageList;
} SEC_WINNT_AUTH_PACKED_CREDENTIALS_EX, *PSEC_WINNT_AUTH_PACKED_CREDENTIALS_EX;
//
// free the returned memory using SspiLocalFree
//
SECURITY_STATUS
SEC_ENTRY
SspiUnmarshalCredUIContext(
__in_bcount(MarshaledCredUIContextLength) PUCHAR MarshaledCredUIContext,
__in ULONG MarshaledCredUIContextLength,
__deref_out PSEC_WINNT_CREDUI_CONTEXT* CredUIContext
);
#endif // _SEC_WINNT_AUTH_TYPES
SECURITY_STATUS
SEC_ENTRY
SspiPrepareForCredRead(
__in PSEC_WINNT_AUTH_IDENTITY_OPAQUE AuthIdentity,
__in PCWSTR pszTargetName,
__out PULONG pCredmanCredentialType,
__deref_out PCWSTR* ppszCredmanTargetName
);
SECURITY_STATUS
SEC_ENTRY
SspiPrepareForCredWrite(
__in PSEC_WINNT_AUTH_IDENTITY_OPAQUE AuthIdentity,
__in_opt PCWSTR pszTargetName, // supply NULL for username-target credential
s
__out PULONG pCredmanCredentialType,
__deref_out PCWSTR* ppszCredmanTargetName,
__deref_out PCWSTR* ppszCredmanUserName,
__deref_out_bcount(*pCredentialBlobSize) PUCHAR *ppCredentialBlob,
__out PULONG pCredentialBlobSize
);
SECURITY_STATUS
SEC_ENTRY
SspiEncryptAuthIdentity(
__inout PSEC_WINNT_AUTH_IDENTITY_OPAQUE AuthData
);
SECURITY_STATUS
SEC_ENTRY
SspiDecryptAuthIdentity(
__inout PSEC_WINNT_AUTH_IDENTITY_OPAQUE EncryptedAuthData
);
BOOLEAN
SEC_ENTRY
SspiIsAuthIdentityEncrypted(
__in PSEC_WINNT_AUTH_IDENTITY_OPAQUE EncryptedAuthData
);
// begin_ntifs
#if (NTDDI_VERSION >= NTDDI_WIN7)
//
// Convert the _OPAQUE structure passed in to the
// 3 tuple <username, domainname, 'password'>.
//
// Note: The 'strings' returned need not necessarily be
// in user recognisable form. The purpose of this API
// is to 'flatten' the _OPAQUE structure into the 3 tuple.
// User recognisable <username, domainname> can always be
// obtained by passing NULL to the pszPackedCredentialsString
// parameter.
//
// zero out the pszPackedCredentialsString then
// free the returned memory using SspiLocalFree()
//
SECURITY_STATUS
SEC_ENTRY
SspiEncodeAuthIdentityAsStrings(
__in PSEC_WINNT_AUTH_IDENTITY_OPAQUE pAuthIdentity,
__deref_out_opt PCWSTR* ppszUserName,
__deref_out_opt PCWSTR* ppszDomainName,
__deref_opt_out_opt PCWSTR* ppszPackedCredentialsString
);
SECURITY_STATUS
SEC_ENTRY
SspiValidateAuthIdentity(
__in PSEC_WINNT_AUTH_IDENTITY_OPAQUE AuthData
);
//
// free the returned memory using SspiFreeAuthIdentity()
//
SECURITY_STATUS
SEC_ENTRY
SspiCopyAuthIdentity(
__in PSEC_WINNT_AUTH_IDENTITY_OPAQUE AuthData,
__deref_out PSEC_WINNT_AUTH_IDENTITY_OPAQUE* AuthDataCopy
);
//
// use only for the memory returned by SspiCopyAuthIdentity().
// Internally calls SspiZeroAuthIdentity().
//
VOID
SEC_ENTRY
SspiFreeAuthIdentity(
__in_opt PSEC_WINNT_AUTH_IDENTITY_OPAQUE AuthData
);
VOID
SEC_ENTRY
SspiZeroAuthIdentity(
__in_opt PSEC_WINNT_AUTH_IDENTITY_OPAQUE AuthData
);
VOID
SEC_ENTRY
SspiLocalFree(
__in_opt PVOID DataBuffer
);
//
// call SspiFreeAuthIdentity to free the returned AuthIdentity
// which zeroes out the credentials blob before freeing it
//
SECURITY_STATUS
SEC_ENTRY
SspiEncodeStringsAsAuthIdentity(
__in_opt PCWSTR pszUserName,
__in_opt PCWSTR pszDomainName,
__in_opt PCWSTR pszPackedCredentialsString,
__deref_out PSEC_WINNT_AUTH_IDENTITY_OPAQUE* ppAuthIdentity
);
SECURITY_STATUS
SEC_ENTRY
SspiCompareAuthIdentities(
__in_opt PSEC_WINNT_AUTH_IDENTITY_OPAQUE AuthIdentity1,
__in_opt PSEC_WINNT_AUTH_IDENTITY_OPAQUE AuthIdentity2,
__out_opt PBOOLEAN SameSuppliedUser,
__out_opt PBOOLEAN SameSuppliedIdentity
);
//
// zero out the returned AuthIdentityByteArray then
// free the returned memory using SspiLocalFree()
//
SECURITY_STATUS
SEC_ENTRY
SspiMarshalAuthIdentity(
__in PSEC_WINNT_AUTH_IDENTITY_OPAQUE AuthIdentity,
__out unsigned long* AuthIdentityLength,
__deref_out_bcount(*AuthIdentityLength) char** AuthIdentityByteArray
);
//
// free the returned auth identity using SspiFreeAuthIdentity()
//
SECURITY_STATUS
SEC_ENTRY
SspiUnmarshalAuthIdentity(
__in unsigned long AuthIdentityLength,
__in_bcount(AuthIdentityLength) char* AuthIdentityByteArray,
__deref_out PSEC_WINNT_AUTH_IDENTITY_OPAQUE* ppAuthIdentity
);
BOOLEAN
SEC_ENTRY
SspiIsPromptingNeeded(
__in unsigned long ErrorOrNtStatus
);
SECURITY_STATUS
SEC_ENTRY
SspiGetTargetHostName(
__in PCWSTR pszTargetName,
__deref_out PWSTR* pszHostName
);
SECURITY_STATUS
SEC_ENTRY
SspiExcludePackage(
__in_opt PSEC_WINNT_AUTH_IDENTITY_OPAQUE AuthIdentity,
__in PCWSTR pszPackageName,
__deref_out PSEC_WINNT_AUTH_IDENTITY_OPAQUE* ppNewAuthIdentity
);
// //
// Common types used by negotiable security packages // Common types used by negotiable security packages
// //
// These are defined after W2K // These are defined after W2K
// //
#define SEC_WINNT_AUTH_IDENTITY_MARSHALLED 0x4 // all data is in one bu ffer #define SEC_WINNT_AUTH_IDENTITY_MARSHALLED 0x4 // all data is in one bu ffer
#define SEC_WINNT_AUTH_IDENTITY_ONLY 0x8 // these credentials are for identity only - no PAC needed #define SEC_WINNT_AUTH_IDENTITY_ONLY 0x8 // these credentials are for identity only - no PAC needed
#endif // NTDDI_VERSION
// end_ntifs // end_ntifs
// //
// Routines for manipulating packages // Routines for manipulating packages
// //
typedef struct _SECURITY_PACKAGE_OPTIONS { typedef struct _SECURITY_PACKAGE_OPTIONS {
unsigned long Size; unsigned long Size;
unsigned long Type; unsigned long Type;
unsigned long Flags; unsigned long Flags;
 End of changes. 43 change blocks. 
47 lines changed or deleted 689 lines changed or added

This html diff was produced by rfcdiff 1.41.