16 #define SEC_ENTRY __stdcall
18 #if defined(_NO_KSECDD_IMPORT_)
19 #define KSECDDDECLSPEC
21 #define KSECDDDECLSPEC __declspec(dllimport)
24 #define SECQOP_WRAP_NO_ENCRYPT 0x80000001
25 #define SECQOP_WRAP_OOB_DATA 0x40000000
27 #define SECURITY_ENTRYPOINTW SEC_TEXT("InitSecurityInterfaceW")
28 #define SECURITY_ENTRYPOINT SECURITY_ENTRYPOINTW
30 #define SECURITY_SUPPORT_PROVIDER_INTERFACE_VERSION 1
31 #define SECURITY_SUPPORT_PROVIDER_INTERFACE_VERSION_2 2
32 #define SECURITY_SUPPORT_PROVIDER_INTERFACE_VERSION_3 3
33 #define SECURITY_SUPPORT_PROVIDER_INTERFACE_VERSION_4 4
35 #define SECURITY_NATIVE_DREP 0x00000010
36 #define SECURITY_NETWORK_DREP 0x00000000
38 #define SECPKG_ID_NONE 0xFFFF
40 #define SECPKG_CRED_ATTR_NAMES 1
41 #define SECPKG_CRED_ATTR_SSI_PROVIDER 2
43 #define SECPKG_ATTR_SIZES 0
44 #define SECPKG_ATTR_NAMES 1
45 #define SECPKG_ATTR_LIFESPAN 2
46 #define SECPKG_ATTR_DCE_INFO 3
47 #define SECPKG_ATTR_STREAM_SIZES 4
48 #define SECPKG_ATTR_KEY_INFO 5
49 #define SECPKG_ATTR_AUTHORITY 6
50 #define SECPKG_ATTR_PROTO_INFO 7
51 #define SECPKG_ATTR_PASSWORD_EXPIRY 8
52 #define SECPKG_ATTR_SESSION_KEY 9
53 #define SECPKG_ATTR_PACKAGE_INFO 10
54 #define SECPKG_ATTR_USER_FLAGS 11
55 #define SECPKG_ATTR_NEGOTIATION_INFO 12
56 #define SECPKG_ATTR_NATIVE_NAMES 13
57 #define SECPKG_ATTR_FLAGS 14
58 #define SECPKG_ATTR_USE_VALIDATED 15
59 #define SECPKG_ATTR_CREDENTIAL_NAME 16
60 #define SECPKG_ATTR_TARGET_INFORMATION 17
61 #define SECPKG_ATTR_ACCESS_TOKEN 18
62 #define SECPKG_ATTR_TARGET 19
63 #define SECPKG_ATTR_AUTHENTICATION_ID 20
64 #define SECPKG_ATTR_LOGOFF_TIME 21
65 #define SECPKG_ATTR_NEGO_KEYS 22
66 #define SECPKG_ATTR_PROMPTING_NEEDED 24
67 #define SECPKG_ATTR_UNIQUE_BINDINGS 25
68 #define SECPKG_ATTR_ENDPOINT_BINDINGS 26
69 #define SECPKG_ATTR_CLIENT_SPECIFIED_TARGET 27
70 #define SECPKG_ATTR_LAST_CLIENT_TOKEN_STATUS 30
71 #define SECPKG_ATTR_NEGO_PKG_INFO 31
72 #define SECPKG_ATTR_NEGO_STATUS 32
73 #define SECPKG_ATTR_CONTEXT_DELETED 33
75 #define SECPKG_FLAG_INTEGRITY 0x00000001
76 #define SECPKG_FLAG_PRIVACY 0x00000002
77 #define SECPKG_FLAG_TOKEN_ONLY 0x00000004
78 #define SECPKG_FLAG_DATAGRAM 0x00000008
79 #define SECPKG_FLAG_CONNECTION 0x00000010
80 #define SECPKG_FLAG_MULTI_REQUIRED 0x00000020
81 #define SECPKG_FLAG_CLIENT_ONLY 0x00000040
82 #define SECPKG_FLAG_EXTENDED_ERROR 0x00000080
83 #define SECPKG_FLAG_IMPERSONATION 0x00000100
84 #define SECPKG_FLAG_ACCEPT_WIN32_NAME 0x00000200
85 #define SECPKG_FLAG_STREAM 0x00000400
86 #define SECPKG_FLAG_NEGOTIABLE 0x00000800
87 #define SECPKG_FLAG_GSS_COMPATIBLE 0x00001000
88 #define SECPKG_FLAG_LOGON 0x00002000
89 #define SECPKG_FLAG_ASCII_BUFFERS 0x00004000
90 #define SECPKG_FLAG_FRAGMENT 0x00008000
91 #define SECPKG_FLAG_MUTUAL_AUTH 0x00010000
92 #define SECPKG_FLAG_DELEGATION 0x00020000
93 #define SECPKG_FLAG_READONLY_WITH_CHECKSUM 0x00040000
94 #define SECPKG_FLAG_RESTRICTED_TOKENS 0x00080000
95 #define SECPKG_FLAG_NEGO_EXTENDER 0x00100000
96 #define SECPKG_FLAG_NEGOTIABLE2 0x00200000
98 #define SECPKG_CRED_INBOUND 0x00000001
99 #define SECPKG_CRED_OUTBOUND 0x00000002
100 #define SECPKG_CRED_BOTH 0x00000003
101 #define SECPKG_CRED_DEFAULT 0x00000004
102 #define SECPKG_CRED_RESERVED 0xF0000000
103 #define SECPKG_CRED_AUTOLOGON_RESTRICTED 0x00000010
104 #define SECPKG_CRED_PROCESS_POLICY_ONLY 0x00000020
106 #define SECPKG_CONTEXT_EXPORT_RESET_NEW 0x00000001
107 #define SECPKG_CONTEXT_EXPORT_DELETE_OLD 0x00000002
108 #define SECPKG_CONTEXT_EXPORT_TO_KERNEL 0x00000004
110 #define SECPKG_ATTR_SUBJECT_SECURITY_ATTRIBUTES 128
111 #define SECPKG_ATTR_NEGO_INFO_FLAG_NO_KERBEROS 0x1
112 #define SECPKG_ATTR_NEGO_INFO_FLAG_NO_NTLM 0x2
114 #define SecPkgContext_NativeNames SecPkgContext_NativeNamesW
115 #define PSecPkgContext_NativeNames PSecPkgContext_NativeNamesW
117 #define SECBUFFER_VERSION 0
119 #define SECBUFFER_EMPTY 0
120 #define SECBUFFER_DATA 1
121 #define SECBUFFER_TOKEN 2
122 #define SECBUFFER_PKG_PARAMS 3
123 #define SECBUFFER_MISSING 4
124 #define SECBUFFER_EXTRA 5
125 #define SECBUFFER_STREAM_TRAILER 6
126 #define SECBUFFER_STREAM_HEADER 7
127 #define SECBUFFER_NEGOTIATION_INFO 8
128 #define SECBUFFER_PADDING 9
129 #define SECBUFFER_STREAM 10
130 #define SECBUFFER_MECHLIST 11
131 #define SECBUFFER_MECHLIST_SIGNATURE 12
132 #define SECBUFFER_TARGET 13
133 #define SECBUFFER_CHANNEL_BINDINGS 14
134 #define SECBUFFER_CHANGE_PASS_RESPONSE 15
135 #define SECBUFFER_TARGET_HOST 16
136 #define SECBUFFER_ALERT 17
138 #define SECBUFFER_ATTRMASK 0xF0000000
139 #define SECBUFFER_READONLY 0x80000000
140 #define SECBUFFER_READONLY_WITH_CHECKSUM 0x10000000
141 #define SECBUFFER_RESERVED 0x60000000
143 #define ISC_REQ_DELEGATE 0x00000001
144 #define ISC_REQ_MUTUAL_AUTH 0x00000002
145 #define ISC_REQ_REPLAY_DETECT 0x00000004
146 #define ISC_REQ_SEQUENCE_DETECT 0x00000008
147 #define ISC_REQ_CONFIDENTIALITY 0x00000010
148 #define ISC_REQ_USE_SESSION_KEY 0x00000020
149 #define ISC_REQ_PROMPT_FOR_CREDS 0x00000040
150 #define ISC_REQ_USE_SUPPLIED_CREDS 0x00000080
151 #define ISC_REQ_ALLOCATE_MEMORY 0x00000100
152 #define ISC_REQ_USE_DCE_STYLE 0x00000200
153 #define ISC_REQ_DATAGRAM 0x00000400
154 #define ISC_REQ_CONNECTION 0x00000800
155 #define ISC_REQ_CALL_LEVEL 0x00001000
156 #define ISC_REQ_FRAGMENT_SUPPLIED 0x00002000
157 #define ISC_REQ_EXTENDED_ERROR 0x00004000
158 #define ISC_REQ_STREAM 0x00008000
159 #define ISC_REQ_INTEGRITY 0x00010000
160 #define ISC_REQ_IDENTIFY 0x00020000
161 #define ISC_REQ_NULL_SESSION 0x00040000
162 #define ISC_REQ_MANUAL_CRED_VALIDATION 0x00080000
163 #define ISC_REQ_RESERVED1 0x00100000
164 #define ISC_REQ_FRAGMENT_TO_FIT 0x00200000
165 #define ISC_REQ_FORWARD_CREDENTIALS 0x00400000
166 #define ISC_REQ_NO_INTEGRITY 0x00800000
167 #define ISC_REQ_USE_HTTP_STYLE 0x01000000
169 #define ISC_RET_DELEGATE 0x00000001
170 #define ISC_RET_MUTUAL_AUTH 0x00000002
171 #define ISC_RET_REPLAY_DETECT 0x00000004
172 #define ISC_RET_SEQUENCE_DETECT 0x00000008
173 #define ISC_RET_CONFIDENTIALITY 0x00000010
174 #define ISC_RET_USE_SESSION_KEY 0x00000020
175 #define ISC_RET_USED_COLLECTED_CREDS 0x00000040
176 #define ISC_RET_USED_SUPPLIED_CREDS 0x00000080
177 #define ISC_RET_ALLOCATED_MEMORY 0x00000100
178 #define ISC_RET_USED_DCE_STYLE 0x00000200
179 #define ISC_RET_DATAGRAM 0x00000400
180 #define ISC_RET_CONNECTION 0x00000800
181 #define ISC_RET_INTERMEDIATE_RETURN 0x00001000
182 #define ISC_RET_CALL_LEVEL 0x00002000
183 #define ISC_RET_EXTENDED_ERROR 0x00004000
184 #define ISC_RET_STREAM 0x00008000
185 #define ISC_RET_INTEGRITY 0x00010000
186 #define ISC_RET_IDENTIFY 0x00020000
187 #define ISC_RET_NULL_SESSION 0x00040000
188 #define ISC_RET_MANUAL_CRED_VALIDATION 0x00080000
189 #define ISC_RET_RESERVED1 0x00100000
190 #define ISC_RET_FRAGMENT_ONLY 0x00200000
191 #define ISC_RET_FORWARD_CREDENTIALS 0x00400000
192 #define ISC_RET_USED_HTTP_STYLE 0x01000000
193 #define ISC_RET_NO_ADDITIONAL_TOKEN 0x02000000
194 #define ISC_RET_REAUTHENTICATION 0x08000000
196 #define ASC_REQ_DELEGATE 0x00000001
197 #define ASC_REQ_MUTUAL_AUTH 0x00000002
198 #define ASC_REQ_REPLAY_DETECT 0x00000004
199 #define ASC_REQ_SEQUENCE_DETECT 0x00000008
200 #define ASC_REQ_CONFIDENTIALITY 0x00000010
201 #define ASC_REQ_USE_SESSION_KEY 0x00000020
202 #define ASC_REQ_ALLOCATE_MEMORY 0x00000100
203 #define ASC_REQ_USE_DCE_STYLE 0x00000200
204 #define ASC_REQ_DATAGRAM 0x00000400
205 #define ASC_REQ_CONNECTION 0x00000800
206 #define ASC_REQ_CALL_LEVEL 0x00001000
207 #define ASC_REQ_EXTENDED_ERROR 0x00008000
208 #define ASC_REQ_STREAM 0x00010000
209 #define ASC_REQ_INTEGRITY 0x00020000
210 #define ASC_REQ_LICENSING 0x00040000
211 #define ASC_REQ_IDENTIFY 0x00080000
212 #define ASC_REQ_ALLOW_NULL_SESSION 0x00100000
213 #define ASC_REQ_ALLOW_NON_USER_LOGONS 0x00200000
214 #define ASC_REQ_ALLOW_CONTEXT_REPLAY 0x00400000
215 #define ASC_REQ_FRAGMENT_TO_FIT 0x00800000
216 #define ASC_REQ_FRAGMENT_SUPPLIED 0x00002000
217 #define ASC_REQ_NO_TOKEN 0x01000000
218 #define ASC_REQ_PROXY_BINDINGS 0x04000000
219 //#define SSP_RET_REAUTHENTICATION 0x08000000 // internal
221 #define ASC_REQ_ALLOW_MISSING_BINDINGS 0x10000000
222 #define ASC_RET_DELEGATE 0x00000001
223 #define ASC_RET_MUTUAL_AUTH 0x00000002
224 #define ASC_RET_REPLAY_DETECT 0x00000004
225 #define ASC_RET_SEQUENCE_DETECT 0x00000008
226 #define ASC_RET_CONFIDENTIALITY 0x00000010
227 #define ASC_RET_USE_SESSION_KEY 0x00000020
228 #define ASC_RET_ALLOCATED_MEMORY 0x00000100
229 #define ASC_RET_USED_DCE_STYLE 0x00000200
230 #define ASC_RET_DATAGRAM 0x00000400
231 #define ASC_RET_CONNECTION 0x00000800
232 #define ASC_RET_CALL_LEVEL 0x00002000
233 #define ASC_RET_THIRD_LEG_FAILED 0x00004000
234 #define ASC_RET_EXTENDED_ERROR 0x00008000
235 #define ASC_RET_STREAM 0x00010000
236 #define ASC_RET_INTEGRITY 0x00020000
237 #define ASC_RET_LICENSING 0x00040000
238 #define ASC_RET_IDENTIFY 0x00080000
239 #define ASC_RET_NULL_SESSION 0x00100000
240 #define ASC_RET_ALLOW_NON_USER_LOGONS 0x00200000
241 #define ASC_RET_ALLOW_CONTEXT_REPLAY 0x00400000
242 #define ASC_RET_FRAGMENT_ONLY 0x00800000
243 #define ASC_RET_NO_TOKEN 0x01000000
244 #define ASC_RET_NO_ADDITIONAL_TOKEN 0x02000000
245 #define ASC_RET_NO_PROXY_BINDINGS 0x04000000
246 //#define SSP_RET_REAUTHENTICATION 0x08000000 // internal
247 #define ASC_RET_MISSING_BINDINGS 0x10000000
249 #define SEC_DELETED_HANDLE ((ULONG_PTR)(-2))
251 #define SecInvalidateHandle(x) \
252 ((PSecHandle)(x))->dwLower = ((PSecHandle)(x))->dwUpper = ((ULONG_PTR)((INT_PTR)-1));
254 #define SecIsValidHandle(x) \
255 ( ( ((PSecHandle)(x))->dwLower != (ULONG_PTR)(INT_PTR)-1 ) && \
256 ( ((PSecHandle)(x))->dwUpper != (ULONG_PTR)(INT_PTR)-1 ) )
258 typedef WCHAR SEC_WCHAR
;
259 typedef CHAR SEC_CHAR
;
260 typedef LARGE_INTEGER _SECURITY_INTEGER
, SECURITY_INTEGER
, *PSECURITY_INTEGER
;
261 typedef SECURITY_INTEGER TimeStamp
, *PTimeStamp
;
262 typedef UNICODE_STRING SECURITY_STRING
, *PSECURITY_STRING
;
264 #define PSSPI_SEC_STRING PSECURITY_STRING
266 #define PSSPI_SEC_STRING SEC_WCHAR*
269 typedef PVOID PSEC_WINNT_AUTH_IDENTITY_OPAQUE
;
271 #ifndef __SECSTATUS_DEFINED__
272 typedef LONG SECURITY_STATUS
;
273 #define __SECSTATUS_DEFINED__
276 typedef enum _SECPKG_CRED_CLASS
278 SecPkgCredClass_None
= 0,
279 SecPkgCredClass_Ephemeral
= 10,
280 SecPkgCredClass_PersistedGeneric
= 20,
281 SecPkgCredClass_PersistedSpecific
= 30,
282 SecPkgCredClass_Explicit
= 40,
283 } SECPKG_CRED_CLASS
, *PSECPKG_CRED_CLASS
;
285 typedef struct _SEC_NEGOTIATION_INFO
291 } SEC_NEGOTIATION_INFO
, *PSEC_NEGOTIATION_INFO
;
293 typedef struct _SEC_CHANNEL_BINDINGS
295 ULONG dwInitiatorAddrType
;
296 ULONG cbInitiatorLength
;
297 ULONG dwInitiatorOffset
;
298 ULONG dwAcceptorAddrType
;
299 ULONG cbAcceptorLength
;
300 ULONG dwAcceptorOffset
;
301 ULONG cbApplicationDataLength
;
302 ULONG dwApplicationDataOffset
;
303 } SEC_CHANNEL_BINDINGS
, *PSEC_CHANNEL_BINDINGS
;
305 #ifndef _AUTH_IDENTITY_EX2_DEFINED
306 #define _AUTH_IDENTITY_EX2_DEFINED
307 typedef struct _SEC_WINNT_AUTH_IDENTITY_EX2
310 USHORT cbHeaderLength
;
311 ULONG cbStructureLength
;
316 ULONG PackedCredentialsOffset
;
317 USHORT PackedCredentialsLength
;
319 ULONG PackageListOffset
;
320 USHORT PackageListLength
;
321 } SEC_WINNT_AUTH_IDENTITY_EX2
, *PSEC_WINNT_AUTH_IDENTITY_EX2
;
322 #define SEC_WINNT_AUTH_IDENTITY_VERSION_2 0x201
325 #ifndef _AUTH_IDENTITY_DEFINED
326 #define _AUTH_IDENTITY_DEFINED
327 typedef struct _SEC_WINNT_AUTH_IDENTITY_W
334 ULONG PasswordLength
;
336 } SEC_WINNT_AUTH_IDENTITY_W
, *PSEC_WINNT_AUTH_IDENTITY_W
;
337 #define SEC_WINNT_AUTH_IDENTITY_ANSI 0x1
338 #define SEC_WINNT_AUTH_IDENTITY_UNICODE 0x2
339 #define SEC_WINNT_AUTH_IDENTITY SEC_WINNT_AUTH_IDENTITY_W
340 #define PSEC_WINNT_AUTH_IDENTITY PSEC_WINNT_AUTH_IDENTITY_W
341 #define _SEC_WINNT_AUTH_IDENTITY _SEC_WINNT_AUTH_IDENTITY_W
344 #ifndef SEC_WINNT_AUTH_IDENTITY_VERSION
345 #define SEC_WINNT_AUTH_IDENTITY_VERSION 0x200
346 typedef struct _SEC_WINNT_AUTH_IDENTITY_EXW
355 ULONG PasswordLength
;
358 ULONG PackageListLength
;
359 } SEC_WINNT_AUTH_IDENTITY_EXW
, *PSEC_WINNT_AUTH_IDENTITY_EXW
;
360 #define SEC_WINNT_AUTH_IDENTITY_EX SEC_WINNT_AUTH_IDENTITY_EXW
361 #define PSEC_WINNT_AUTH_IDENTITY_EX PSEC_WINNT_AUTH_IDENTITY_EXW
364 #ifndef __SECHANDLE_DEFINED__
365 typedef struct _SecHandle
369 } SecHandle
, *PSecHandle
;
370 #define __SECHANDLE_DEFINED__
373 typedef SecHandle CredHandle
, *PCredHandle
, CtxtHandle
, *PCtxtHandle
;
375 typedef struct _SecBuffer
380 MIDL_PROP([size_is(cbBuffer
)]) PCHAR pvBuffer
;
382 _Field_size_bytes_(cbBuffer
) void SEC_FAR
*pvBuffer
;
384 } SecBuffer
, *PSecBuffer
;
386 typedef struct _SecBufferDesc
390 MIDL_PROP([size_is(cBuffers
)]) _Field_size_(cBuffers
) PSecBuffer pBuffers
;
391 } SecBufferDesc
, SEC_FAR
*PSecBufferDesc
;
393 typedef struct _SecPkgInfoW
399 MIDL_PROP([string
]) SEC_WCHAR
*Name
;
400 MIDL_PROP([string
]) SEC_WCHAR
*Comment
;
401 } SecPkgInfoW
, *PSecPkgInfoW
;
402 #define SecPkgInfo SecPkgInfoW
403 #define PSecPkgInfo PSecPkgInfoW
405 typedef struct _SecPkgCredentials_NamesW
407 MIDL_PROP([string
]) SEC_WCHAR
*sUserName
;
408 } SecPkgCredentials_NamesW
, *PSecPkgCredentials_NamesW
;
409 #define SecPkgCredentials_Names SecPkgCredentials_NamesW
410 #define PSecPkgCredentials_Names PSecPkgCredentials_NamesW
412 typedef struct _SecPkgContext_NamesW
414 SEC_WCHAR
*sUserName
;
415 } SecPkgContext_NamesW
, *PSecPkgContext_NamesW
;
416 #define SecPkgContext_Names SecPkgContext_NamesW
417 #define PSecPkgContext_Names PSecPkgContext_NamesW
419 #if OSVER(NTDDI_VERSION) > NTDDI_WIN2K
420 typedef struct _SecPkgContext_CredentialNameW
422 ULONG CredentialType
;
423 SEC_WCHAR
*sCredentialName
;
424 } SecPkgContext_CredentialNameW
, *PSecPkgContext_CredentialNameW
;
426 #define SecPkgContext_CredentialName SecPkgContext_CredentialNameW
427 #define PSecPkgContext_CredentialName PSecPkgContext_CredentialNameW
429 typedef struct _SecPkgContext_SubjectAttributes
432 } SecPkgContext_SubjectAttributes
, *PSecPkgContext_SubjectAttributes
;
434 typedef struct _SecPkgContext_CredInfo
436 SECPKG_CRED_CLASS CredClass
;
437 ULONG IsPromptingNeeded
;
438 } SecPkgContext_CredInfo
, *PSecPkgContext_CredInfo
;
440 typedef struct _SecPkgContext_NegoPackageInfo
443 } SecPkgContext_NegoPackageInfo
, *PSecPkgContext_NegoPackageInfo
;
445 typedef struct _SecPkgContext_NegoStatus
448 } SecPkgContext_NegoStatus
, *PSecPkgContext_NegoStatus
;
450 typedef struct _SecPkgContext_Sizes
453 ULONG cbMaxSignature
;
455 ULONG cbSecurityTrailer
;
456 } SecPkgContext_Sizes
, *PSecPkgContext_Sizes
;
458 typedef struct _SecPkgContext_StreamSizes
462 ULONG cbMaximumMessage
;
465 } SecPkgContext_StreamSizes
, *PSecPkgContext_StreamSizes
;
467 typedef struct _SecPkgContext_Lifespan
471 } SecPkgContext_Lifespan
, *PSecPkgContext_Lifespan
;
473 typedef struct _SecPkgContext_PasswordExpiry
475 TimeStamp tsPasswordExpires
;
476 } SecPkgContext_PasswordExpiry
, *PSecPkgContext_PasswordExpiry
;
478 typedef struct _SecPkgContext_ProtoInfoW
480 SEC_WCHAR
*sProtocolName
;
483 } SecPkgContext_ProtoInfoW
, *PSecPkgContext_ProtoInfoW
;
484 #define SecPkgContext_ProtoInfo SecPkgContext_ProtoInfoW
485 #define PSecPkgContext_ProtoInfo PSecPkgContext_ProtoInfoW
487 typedef struct _SecPkgContext_KeyInfoW
489 SEC_WCHAR
*sSignatureAlgorithmName
;
490 SEC_WCHAR
*sEncryptAlgorithmName
;
492 ULONG SignatureAlgorithm
;
493 ULONG EncryptAlgorithm
;
494 } SecPkgContext_KeyInfoW
, *PSecPkgContext_KeyInfoW
;
495 #define SecPkgContext_KeyInfo SecPkgContext_KeyInfoW
496 #define PSecPkgContext_KeyInfo PSecPkgContext_KeyInfoW
498 typedef struct _SecPkgContext_SessionKey
500 ULONG SessionKeyLength
;
501 _Field_size_bytes_(SessionKeyLength
) PUCHAR SessionKey
;
502 } SecPkgContext_SessionKey
, *PSecPkgContext_SessionKey
;
504 typedef struct _SecPkgContext_NegoKeys
508 _Field_size_bytes_(KeyLength
) PUCHAR KeyValue
;
510 USHORT VerifyKeyLength
;
511 _Field_size_bytes_(VerifyKeyLength
) PUCHAR VerifyKeyValue
;
512 } SecPkgContext_NegoKeys
, *PSecPkgContext_NegoKeys
;
514 typedef struct _SecPkgContext_DceInfo
518 } SecPkgContext_DceInfo
, *PSecPkgContext_DceInfo
;
520 typedef struct _SecPkgContext_PackageInfoW
522 PSecPkgInfoW PackageInfo
;
523 } SecPkgContext_PackageInfoW
, *PSecPkgContext_PackageInfoW
;
524 #define SecPkgContext_PackageInfo SecPkgContext_PackageInfoW
525 #define PSecPkgContext_PackageInfo PSecPkgContext_PackageInfoW
527 typedef struct _SecPkgContext_UserFlags
530 } SecPkgContext_UserFlags
, *PSecPkgContext_UserFlags
;
532 typedef struct _SecPkgContext_Flags
535 } SecPkgContext_Flags
, *PSecPkgContext_Flags
;
537 typedef struct _SecPkgContext_NegotiationInfoW
539 PSecPkgInfoW PackageInfo
;
540 ULONG NegotiationState
;
541 } SecPkgContext_NegotiationInfoW
, *PSecPkgContext_NegotiationInfoW
;
543 typedef struct _SecPkgContext_AuthorityW
545 SEC_WCHAR
*sAuthorityName
;
546 } SecPkgContext_AuthorityW
, *PSecPkgContext_AuthorityW
;
547 #define SecPkgContext_Authority SecPkgContext_AuthorityW
548 #define PSecPkgContext_Authority PSecPkgContext_AuthorityW
551 #if NTDDI_VERSION > NTDDI_WS03
552 typedef struct _SecPkgCredentials_SSIProviderW
554 SEC_WCHAR
*sProviderName
;
555 ULONG ProviderInfoLength
;
557 } SecPkgCredentials_SSIProviderW
, *PSecPkgCredentials_SSIProviderW
;
558 #define SecPkgCredentials_SSIProvider SecPkgCredentials_SSIProviderW
559 #define PSecPkgCredentials_SSIProvider PSecPkgCredentials_SSIProviderW
561 typedef struct _SecPkgContext_LogoffTime
563 TimeStamp tsLogoffTime
;
564 } SecPkgContext_LogoffTime
, *PSecPkgContext_LogoffTime
;
567 /* forward declaration */
568 typedef struct _SECURITY_FUNCTION_TABLE_W SecurityFunctionTableW
, *PSecurityFunctionTableW
;
569 #define SecurityFunctionTable SecurityFunctionTableW
570 #define PSecurityFunctionTable PSecurityFunctionTableW
574 (SEC_ENTRY
* SEC_GET_KEY_FN
)(
579 SECURITY_STATUS
*Status
);
584 AcceptSecurityContext(
585 _In_opt_ PCredHandle phCredential
,
586 _In_opt_ PCtxtHandle phContext
,
587 _In_opt_ PSecBufferDesc pInput
,
588 _In_ ULONG fContextReq
,
589 _In_ ULONG TargetDataRep
,
590 _In_opt_ PCtxtHandle phNewContext
,
591 _In_opt_ PSecBufferDesc pOutput
,
592 _Out_ PULONG pfContextAttr
,
593 _Out_opt_ PTimeStamp ptsExpiry
);
597 (SEC_ENTRY
* ACCEPT_SECURITY_CONTEXT_FN
)(
611 AcquireCredentialsHandleW(
612 _In_opt_ PSSPI_SEC_STRING pPrincipal
,
613 _In_ PSSPI_SEC_STRING pPackage
,
614 _In_ ULONG fCredentialUse
,
615 _In_opt_ PVOID pvLogonId
,
616 _In_opt_ PVOID pAuthData
,
617 _In_opt_ SEC_GET_KEY_FN pGetKeyFn
,
618 _In_opt_ PVOID pvGetKeyArgument
,
619 _Out_ PCredHandle phCredential
,
620 _Out_opt_ PTimeStamp ptsExpiry
);
621 #define AcquireCredentialsHandle AcquireCredentialsHandleW
625 (SEC_ENTRY
* ACQUIRE_CREDENTIALS_HANDLE_FN_W
)(
635 #define ACQUIRE_CREDENTIALS_HANDLE_FN ACQUIRE_CREDENTIALS_HANDLE_FN_W
640 _In_ PCredHandle hCredentials
,
641 _In_opt_ LPSTR pszPrincipal
,
642 _In_ LPSTR pszPackage
,
643 _In_ ULONG fCredentialUse
,
644 _In_opt_ PVOID pAuthData
,
645 _In_opt_ SEC_GET_KEY_FN pGetKeyFn
,
646 _In_opt_ PVOID pvGetKeyArgument
,
647 _Out_opt_ PTimeStamp ptsExpiry
);
651 (SEC_ENTRY
* ADD_CREDENTIALS_FN_A
)(
665 _In_ PCredHandle hCredentials
,
666 _In_opt_ PSSPI_SEC_STRING pPrincipal
,
667 _In_ PSSPI_SEC_STRING pPackage
,
668 _In_ ULONG fCredentialUse
,
669 _In_opt_ PVOID pAuthData
,
670 _In_opt_ SEC_GET_KEY_FN pGetKeyFn
,
671 _In_opt_ PVOID pvGetKeyArgument
,
672 _Out_opt_ PTimeStamp ptsExpiry
);
676 (SEC_ENTRY
* ADD_CREDENTIALS_FN_W
)(
687 #define AddCredentials AddCredentialsW
688 #define ADD_CREDENTIALS_FN ADD_CREDENTIALS_FN_W
690 #define AddCredentials AddCredentialsA
691 #define ADD_CREDENTIALS_FN ADD_CREDENTIALS_FN_A
698 _In_ PCtxtHandle phContext
,
699 _In_ PSecBufferDesc pInput
);
703 (SEC_ENTRY
* APPLY_CONTROL_TOKEN_FN
)(
704 PCtxtHandle
, PSecBufferDesc
);
710 ChangeAccountPasswordA(
711 _In_ SEC_CHAR
* pszPackageName
,
712 _In_ SEC_CHAR
* pszDomainName
,
713 _In_ SEC_CHAR
* pszAccountName
,
714 _In_ SEC_CHAR
* pszOldPassword
,
715 _In_ SEC_CHAR
* pszNewPassword
,
716 _In_ BOOLEAN bImpersonating
,
717 _In_ ULONG dwReserved
,
718 _Inout_ PSecBufferDesc pOutput
);
722 (SEC_ENTRY
* CHANGE_PASSWORD_FN_A
)(
734 ChangeAccountPasswordW(
735 _In_ SEC_WCHAR
* pszPackageName
,
736 _In_ SEC_WCHAR
* pszDomainName
,
737 _In_ SEC_WCHAR
* pszAccountName
,
738 _In_ SEC_WCHAR
* pszOldPassword
,
739 _In_ SEC_WCHAR
* pszNewPassword
,
740 _In_ BOOLEAN bImpersonating
,
741 _In_ ULONG dwReserved
,
742 _Inout_ PSecBufferDesc pOutput
);
746 (SEC_ENTRY
* CHANGE_PASSWORD_FN_W
)(
757 #define ChangeAccountPassword ChangeAccountPasswordW
758 #define CHANGE_PASSWORD_FN CHANGE_PASSWORD_FN_W
760 #define ChangeAccountPassword ChangeAccountPasswordA
761 #define CHANGE_PASSWORD_FN CHANGE_PASSWORD_FN_A
764 #endif /* ISSP_MODE != 0 */
769 _In_ PCtxtHandle phContext
,
770 _In_ PSecBufferDesc pToken
);
774 (SEC_ENTRY
* COMPLETE_AUTH_TOKEN_FN
)(
781 _In_ PCtxtHandle phContext
,
782 _Inout_ PSecBufferDesc pMessage
,
783 _In_ ULONG MessageSeqNo
,
784 _Out_opt_ PULONG pfQOP
);
788 (SEC_ENTRY
* DECRYPT_MESSAGE_FN
)(
797 DeleteSecurityContext(
798 _In_ PCtxtHandle phContext
);
802 (SEC_ENTRY
* DELETE_SECURITY_CONTEXT_FN
)(
808 _In_ PCtxtHandle phContext
,
810 _Inout_ PSecBufferDesc pMessage
,
811 _In_ ULONG MessageSeqNo
);
815 (SEC_ENTRY
* ENCRYPT_MESSAGE_FN
)(
824 EnumerateSecurityPackagesW(
825 _Out_ PULONG pcPackages
,
826 _Deref_out_ PSecPkgInfoW
* ppPackageInfo
);
827 #define EnumerateSecurityPackages EnumerateSecurityPackagesW
831 (SEC_ENTRY
* ENUMERATE_SECURITY_PACKAGES_FN_W
)(
834 #define ENUMERATE_SECURITY_PACKAGES_FN ENUMERATE_SECURITY_PACKAGES_FN_W
839 ExportSecurityContext(
840 _In_ PCtxtHandle phContext
,
842 _Out_ PSecBuffer pPackedContext
,
843 _Out_ PVOID
* pToken
);
847 (SEC_ENTRY
* EXPORT_SECURITY_CONTEXT_FN
)(
856 _Inout_ PVOID pvContextBuffer
);
860 (SEC_ENTRY
* FREE_CONTEXT_BUFFER_FN
)(
866 FreeCredentialsHandle(
867 _In_ PCredHandle phCredential
);
871 (SEC_ENTRY
* FREE_CREDENTIALS_HANDLE_FN
)(
877 ImpersonateSecurityContext(
878 _In_ PCtxtHandle phContext
);
882 (SEC_ENTRY
* IMPERSONATE_SECURITY_CONTEXT_FN
)(
888 ImportSecurityContextW(
889 _In_ PSSPI_SEC_STRING pszPackage
,
890 _In_ PSecBuffer pPackedContext
,
892 _Out_ PCtxtHandle phContext
);
893 #define ImportSecurityContext ImportSecurityContextW
897 (SEC_ENTRY
* IMPORT_SECURITY_CONTEXT_FN_W
)(
902 #define IMPORT_SECURITY_CONTEXT_FN IMPORT_SECURITY_CONTEXT_FN_W
907 InitializeSecurityContextW(
908 _In_opt_ PCredHandle phCredential
,
909 _In_opt_ PCtxtHandle phContext
,
910 _In_opt_ PSSPI_SEC_STRING pTargetName
,
911 _In_ ULONG fContextReq
,
912 _In_ ULONG Reserved1
,
913 _In_ ULONG TargetDataRep
,
914 _In_opt_ PSecBufferDesc pInput
,
915 _In_ ULONG Reserved2
,
916 _Inout_opt_ PCtxtHandle phNewContext
,
917 _Inout_opt_ PSecBufferDesc pOutput
,
918 _Out_ PULONG pfContextAttr
,
919 _Out_opt_ PTimeStamp ptsExpiry
);
920 #define InitializeSecurityContext InitializeSecurityContextW
924 (SEC_ENTRY
* INITIALIZE_SECURITY_CONTEXT_FN_W
)(
937 #define INITIALIZE_SECURITY_CONTEXT_FN INITIALIZE_SECURITY_CONTEXT_FN_W
940 PSecurityFunctionTableW
942 InitSecurityInterfaceW(VOID
);
943 #define InitSecurityInterface InitSecurityInterfaceW
946 PSecurityFunctionTableW
947 (SEC_ENTRY
* INIT_SECURITY_INTERFACE_W
)(VOID
);
948 #define INIT_SECURITY_INTERFACE INIT_SECURITY_INTERFACE_W
954 _In_ PCtxtHandle phContext
,
956 _In_ PSecBufferDesc pMessage
,
957 _In_ ULONG MessageSeqNo
);
961 (SEC_ENTRY
* MAKE_SIGNATURE_FN
)(
970 QueryContextAttributesW(
971 _In_ PCtxtHandle phContext
,
972 _In_ ULONG ulAttribute
,
973 _Out_ PVOID pBuffer
);
974 #define QueryContextAttributes QueryContextAttributesW
978 (SEC_ENTRY
* QUERY_CONTEXT_ATTRIBUTES_FN_W
)(
982 #define QUERY_CONTEXT_ATTRIBUTES_FN QUERY_CONTEXT_ATTRIBUTES_FN_W
987 QueryCredentialsAttributesW(
988 _In_ PCredHandle phCredential
,
989 _In_ ULONG ulAttribute
,
990 _Inout_ PVOID pBuffer
);
991 #define QueryCredentialsAttributes QueryCredentialsAttributesW
995 (SEC_ENTRY
* QUERY_CREDENTIALS_ATTRIBUTES_FN_W
)(
999 #define QUERY_CREDENTIALS_ATTRIBUTES_FN QUERY_CREDENTIALS_ATTRIBUTES_FN_W
1004 QuerySecurityContextToken(
1005 _In_ PCtxtHandle phContext
,
1006 _Out_ PVOID
* Token
);
1010 (SEC_ENTRY
* QUERY_SECURITY_CONTEXT_TOKEN_FN
)(
1011 PCtxtHandle
, PVOID
*);
1016 QuerySecurityPackageInfoW(
1017 _In_ PSSPI_SEC_STRING pPackageName
,
1018 _Deref_out_ PSecPkgInfoW
*ppPackageInfo
);
1019 #define QuerySecurityPackageInfo QuerySecurityPackageInfoW
1023 (SEC_ENTRY
* QUERY_SECURITY_PACKAGE_INFO_FN_W
)(
1026 #define QUERY_SECURITY_PACKAGE_INFO_FN QUERY_SECURITY_PACKAGE_INFO_FN_W
1031 RevertSecurityContext(
1032 _In_ PCtxtHandle phContext
);
1036 (SEC_ENTRY
* REVERT_SECURITY_CONTEXT_FN
)(
1039 #if (OSVER(NTDDI_VERSION) > NTDDI_WIN2K)
1042 SetContextAttributesW(
1043 _In_ PCtxtHandle phContext
,
1044 _In_ ULONG ulAttribute
,
1045 _In_bytecount_(cbBuffer
) PVOID pBuffer
,
1046 _In_ ULONG cbBuffer
);
1047 #define SetContextAttributes SetContextAttributesW
1051 (SEC_ENTRY
* SET_CONTEXT_ATTRIBUTES_FN_W
)(
1056 #define SET_CONTEXT_ATTRIBUTES_FN SET_CONTEXT_ATTRIBUTES_FN_W
1059 #if (NTDDI_VERSION > NTDDI_WS03)
1063 SetCredentialsAttributesW(
1064 _In_ PCredHandle phCredential
,
1065 _In_ ULONG ulAttribute
,
1066 _In_bytecount_(cbBuffer
) PVOID pBuffer
,
1067 _In_ ULONG cbBuffer
);
1068 #define SetCredentialsAttributes SetCredentialsAttributesW
1072 (SEC_ENTRY
* SET_CREDENTIALS_ATTRIBUTES_FN_W
)(
1077 #define SET_CREDENTIALS_ATTRIBUTES_FN SET_CREDENTIALS_ATTRIBUTES_FN_W
1078 #endif /* NTDDI_VERSION > NTDDI_WS03 */
1084 _In_ PCtxtHandle phContext
,
1085 _In_ PSecBufferDesc pMessage
,
1086 _In_ ULONG MessageSeqNo
,
1087 _Out_ PULONG pfQOP
);
1091 (SEC_ENTRY
* VERIFY_SIGNATURE_FN
)(
1097 #if (ISSP_MODE == 0)
1103 _In_ PUNICODE_STRING ServiceClass
,
1104 _In_ PUNICODE_STRING ServiceName
,
1105 _In_opt_ PUNICODE_STRING InstanceName
,
1106 _In_opt_ USHORT InstancePort
,
1107 _In_opt_ PUNICODE_STRING Referrer
,
1108 _Inout_ PUNICODE_STRING Spn
,
1109 _Out_opt_ PULONG Length
,
1110 _In_ BOOLEAN Allocate
);
1112 #if (NTDDI_VERSION >= NTDDI_WINXP)
1117 _In_ PUNICODE_STRING ServiceClass
,
1118 _In_ PUNICODE_STRING ServiceName
,
1119 _In_opt_ PUNICODE_STRING InstanceName
,
1120 _In_opt_ USHORT InstancePort
,
1121 _In_opt_ PUNICODE_STRING Referrer
,
1122 _In_opt_ PUNICODE_STRING TargetInfo
,
1123 _Inout_ PUNICODE_STRING Spn
,
1124 _Out_ PULONG Length OPTIONAL
,
1125 _In_ BOOLEAN Allocate
);
1130 SecLookupAccountSid(
1132 _Out_ PULONG NameSize
,
1133 _Inout_ PUNICODE_STRING NameBuffer
,
1134 _Out_ PULONG DomainSize OPTIONAL
,
1135 _Out_opt_ PUNICODE_STRING DomainBuffer
,
1136 _Out_ PSID_NAME_USE NameUse
);
1141 SecLookupAccountName(
1142 _In_ PUNICODE_STRING Name
,
1143 _Inout_ PULONG SidSize
,
1145 _Out_ PSID_NAME_USE NameUse
,
1146 _Out_opt_ PULONG DomainSize
, // WDK says _Out_ only + ... OPTIONAL
1147 _Inout_opt_ PUNICODE_STRING ReferencedDomain
);
1150 #if (NTDDI_VERSION >= NTDDI_WS03)
1154 SecLookupWellKnownSid(
1155 _In_ WELL_KNOWN_SID_TYPE SidType
,
1157 _In_ ULONG SidBufferSize
,
1158 _Inout_opt_ PULONG SidSize
);
1161 #if (NTDDI_VERSION >= NTDDI_VISTA)
1166 _In_ PUNICODE_STRING ServiceClass
,
1167 _In_ PUNICODE_STRING ServiceName
,
1168 _In_opt_ PUNICODE_STRING InstanceName
,
1169 _In_opt_ USHORT InstancePort
,
1170 _In_opt_ PUNICODE_STRING Referrer
,
1171 _In_opt_ PUNICODE_STRING InTargetInfo
,
1172 _Inout_ PUNICODE_STRING Spn
,
1173 _Out_opt_ PULONG TotalSize
,
1174 _In_ BOOLEAN Allocate
,
1175 _In_ BOOLEAN IsTargetInfoMarshaled
);
1178 #endif /* ISSP_MODE == 0 */
1180 #if (NTDDI_VERSION >= NTDDI_WIN7)
1184 SspiEncodeAuthIdentityAsStrings(
1185 _In_ PSEC_WINNT_AUTH_IDENTITY_OPAQUE pAuthIdentity
,
1186 _Deref_out_opt_ PCWSTR
* ppszUserName
,
1187 _Deref_out_opt_ PCWSTR
* ppszDomainName
,
1188 _Deref_opt_out_opt_ PCWSTR
* ppszPackedCredentialsString
);
1192 SspiValidateAuthIdentity(
1193 _In_ PSEC_WINNT_AUTH_IDENTITY_OPAQUE AuthData
);
1197 SspiCopyAuthIdentity(
1198 _In_ PSEC_WINNT_AUTH_IDENTITY_OPAQUE AuthData
,
1199 _Deref_out_ PSEC_WINNT_AUTH_IDENTITY_OPAQUE
* AuthDataCopy
);
1203 SspiFreeAuthIdentity(
1204 _In_opt_ PSEC_WINNT_AUTH_IDENTITY_OPAQUE AuthData
);
1208 SspiZeroAuthIdentity(
1209 _In_opt_ PSEC_WINNT_AUTH_IDENTITY_OPAQUE AuthData
);
1214 _In_opt_ PVOID DataBuffer
);
1218 SspiEncodeStringsAsAuthIdentity(
1219 _In_opt_ PCWSTR pszUserName
,
1220 _In_opt_ PCWSTR pszDomainName
,
1221 _In_opt_ PCWSTR pszPackedCredentialsString
,
1222 _Deref_out_ PSEC_WINNT_AUTH_IDENTITY_OPAQUE
* ppAuthIdentity
);
1226 SspiCompareAuthIdentities(
1227 _In_opt_ PSEC_WINNT_AUTH_IDENTITY_OPAQUE AuthIdentity1
,
1228 _In_opt_ PSEC_WINNT_AUTH_IDENTITY_OPAQUE AuthIdentity2
,
1229 _Out_opt_ PBOOLEAN SameSuppliedUser
,
1230 _Out_opt_ PBOOLEAN SameSuppliedIdentity
);
1234 SspiMarshalAuthIdentity(
1235 _In_ PSEC_WINNT_AUTH_IDENTITY_OPAQUE AuthIdentity
,
1236 _Out_ PULONG AuthIdentityLength
,
1237 _Outptr_result_bytebuffer_(*AuthIdentityLength
) PCHAR
* AuthIdentityByteArray
);
1241 SspiUnmarshalAuthIdentity(
1242 _In_ PULONG AuthIdentityLength
,
1243 _In_reads_bytes_(AuthIdentityLength
) PCHAR AuthIdentityByteArray
,
1244 _Outptr_ PSEC_WINNT_AUTH_IDENTITY_OPAQUE
* ppAuthIdentity
);
1248 SspiIsPromptingNeeded(
1249 _In_ PULONG ErrorOrNtStatus
);
1253 SspiGetTargetHostName(
1254 _In_ PCWSTR pszTargetName
,
1255 _Outptr_ PWSTR
* pszHostName
);
1260 _In_opt_ PSEC_WINNT_AUTH_IDENTITY_OPAQUE AuthIdentity
,
1261 _In_ PCWSTR pszPackageName
,
1262 _Outptr_ PSEC_WINNT_AUTH_IDENTITY_OPAQUE
* ppNewAuthIdentity
);
1264 #define SEC_WINNT_AUTH_IDENTITY_MARSHALLED 0x04
1265 #define SEC_WINNT_AUTH_IDENTITY_ONLY 0x08
1267 #endif /* NTDDI_VERSION >= NTDDI_WIN7 */
1269 #define FreeCredentialHandle FreeCredentialsHandle
1270 struct _SECURITY_FUNCTION_TABLE_W
1273 ENUMERATE_SECURITY_PACKAGES_FN_W EnumerateSecurityPackagesW
;
1274 QUERY_CREDENTIALS_ATTRIBUTES_FN_W QueryCredentialsAttributesW
;
1275 ACQUIRE_CREDENTIALS_HANDLE_FN_W AcquireCredentialsHandleW
;
1276 FREE_CREDENTIALS_HANDLE_FN FreeCredentialsHandle
;
1278 INITIALIZE_SECURITY_CONTEXT_FN_W InitializeSecurityContextW
;
1279 ACCEPT_SECURITY_CONTEXT_FN AcceptSecurityContext
;
1280 COMPLETE_AUTH_TOKEN_FN CompleteAuthToken
;
1281 DELETE_SECURITY_CONTEXT_FN DeleteSecurityContext
;
1282 APPLY_CONTROL_TOKEN_FN ApplyControlToken
;
1283 QUERY_CONTEXT_ATTRIBUTES_FN_W QueryContextAttributesW
;
1284 IMPERSONATE_SECURITY_CONTEXT_FN ImpersonateSecurityContext
;
1285 REVERT_SECURITY_CONTEXT_FN RevertSecurityContext
;
1286 MAKE_SIGNATURE_FN MakeSignature
;
1287 VERIFY_SIGNATURE_FN VerifySignature
;
1288 FREE_CONTEXT_BUFFER_FN FreeContextBuffer
;
1289 QUERY_SECURITY_PACKAGE_INFO_FN_W QuerySecurityPackageInfoW
;
1292 EXPORT_SECURITY_CONTEXT_FN ExportSecurityContext
;
1293 IMPORT_SECURITY_CONTEXT_FN_W ImportSecurityContextW
;
1294 ADD_CREDENTIALS_FN_W AddCredentialsW
;
1296 QUERY_SECURITY_CONTEXT_TOKEN_FN QuerySecurityContextToken
;
1297 ENCRYPT_MESSAGE_FN EncryptMessage
;
1298 DECRYPT_MESSAGE_FN DecryptMessage
;
1299 #if OSVER(NTDDI_VERSION) > NTDDI_WIN2K
1300 SET_CONTEXT_ATTRIBUTES_FN_W SetContextAttributesW
;
1302 #if NTDDI_VERSION > NTDDI_WS03SP1
1303 SET_CREDENTIALS_ATTRIBUTES_FN_W SetCredentialsAttributesW
;
1306 CHANGE_PASSWORD_FN_W ChangeAccountPasswordW
;
1312 #endif /* !__SSPI_H__ */