windows-nt/Source/XPSP1/NT/ds/security/protocols/kerberos/client2/kerbdefs.h

//+-----------------------------------------------------------------------
//
// Microsoft Windows
//
// Copyright (c) Microsoft Corporation 1992 - 1996
//
// File:        kerbdefs.h
//
// Contents:    defines for all internal Kerberos lists
//
//
// History:     03-May-1999     ChandanS          Created
//
//------------------------------------------------------------------------

#ifndef __KERBDEFS_H__
#define __KERBDEFS_H__

//
// All Kerberos list structures are defined here
//

typedef struct _KERBEROS_LIST {
    LIST_ENTRY List;
    RTL_CRITICAL_SECTION Lock;
} KERBEROS_LIST, *PKERBEROS_LIST;

typedef struct _KERBEROS_LIST_ENTRY {
    LIST_ENTRY Next;
    ULONG ReferenceCount;
} KERBEROS_LIST_ENTRY, *PKERBEROS_LIST_ENTRY;

typedef struct _KERB_TICKET_CACHE_ENTRY {
    KERBEROS_LIST_ENTRY ListEntry;
    volatile LONG Linked;
    PKERB_INTERNAL_NAME ServiceName;
    PKERB_INTERNAL_NAME TargetName;
    UNICODE_STRING DomainName;
    UNICODE_STRING TargetDomainName;
    UNICODE_STRING AltTargetDomainName;
    UNICODE_STRING ClientDomainName;
    PKERB_INTERNAL_NAME ClientName;
    ULONG TicketFlags;
    ULONG CacheFlags;
    KERB_ENCRYPTION_KEY SessionKey;
    TimeStamp KeyExpirationTime;
    TimeStamp StartTime;
    TimeStamp EndTime;
    TimeStamp RenewUntil;
    KERB_TICKET Ticket;
    TimeStamp TimeSkew;
} KERB_TICKET_CACHE_ENTRY, *PKERB_TICKET_CACHE_ENTRY;

typedef struct _KERB_TICKET_CACHE {
    LIST_ENTRY CacheEntries;
} KERB_TICKET_CACHE, *PKERB_TICKET_CACHE;


#define CSP_DATA_INITIALIZED                        0x01
#define CONTEXT_INITIALIZED_WITH_CRED_MAN_CREDS     0x02
#define CONTEXT_INITIALIZED_WITH_ACH                0x04

typedef struct _KERB_PUBLIC_KEY_CREDENTIALS {
    UNICODE_STRING Pin;
    LUID    LogonId; // logon id used in impersonation...                          
    PCCERT_CONTEXT CertContext;
    HCRYPTPROV hProv;
    ULONG InitializationInfo;
    ULONG CspDataLength;
    BYTE CspData[1];
} KERB_PUBLIC_KEY_CREDENTIALS, *PKERB_PUBLIC_KEY_CREDENTIALS;

typedef struct _KERB_PRIMARY_CREDENTIAL {
    UNICODE_STRING UserName;
    UNICODE_STRING DomainName;
    UNICODE_STRING ClearPassword;           // this is only present until a ticket has been obtained.

    UNICODE_STRING OldUserName;             // original user name in explicit
    UNICODE_STRING OldDomainName;           // original domain name in explicit cred
    NT_OWF_PASSWORD OldHashPassword;        // hash of encrypted ClearPassword

    PKERB_STORED_CREDENTIAL Passwords;
    PKERB_STORED_CREDENTIAL OldPasswords;
    KERB_TICKET_CACHE ServerTicketCache;
    KERB_TICKET_CACHE S4UTicketCache;
    KERB_TICKET_CACHE AuthenticationTicketCache;
    PKERB_PUBLIC_KEY_CREDENTIALS PublicKeyCreds;
} KERB_PRIMARY_CREDENTIAL, *PKERB_PRIMARY_CREDENTIAL;

typedef struct _KERB_LOGON_SESSION {
    KERBEROS_LIST_ENTRY ListEntry;
    LIST_ENTRY SspCredentials;
    KERBEROS_LIST CredmanCredentials;
    LUID LogonId;                               // constant
    TimeStamp Lifetime;
    RTL_CRITICAL_SECTION Lock;
    KERB_PRIMARY_CREDENTIAL PrimaryCredentials;
    ULONG LogonSessionFlags;
} KERB_LOGON_SESSION, *PKERB_LOGON_SESSION;


#define KERB_CREDENTIAL_TAG_ACTIVE (ULONG)'AdrC'
#define KERB_CREDENTIAL_TAG_DELETE (ULONG)'DdrC'

typedef struct _KERB_CREDENTIAL {
    KERBEROS_LIST_ENTRY ListEntry;
    ULONG HandleCount;
    LIST_ENTRY NextForThisLogonSession;
    LUID LogonId;                               // constant
    TimeStamp Lifetime;
    UNICODE_STRING CredentialName;
    ULONG CredentialFlags;
    ULONG ClientProcess;                        // constant
    PKERB_PRIMARY_CREDENTIAL SuppliedCredentials;
    PKERB_AUTHORIZATION_DATA AuthData;
    ULONG CredentialTag;
} KERB_CREDENTIAL, *PKERB_CREDENTIAL;

typedef struct _KERB_CREDMAN_CRED {
    KERBEROS_LIST_ENTRY ListEntry;
    ULONG CredentialFlags;
    UNICODE_STRING CredmanUserName;  // added since TGT information can overwrite primary credentials...
    UNICODE_STRING CredmanDomainName;
    PKERB_PRIMARY_CREDENTIAL SuppliedCredentials;
} KERB_CREDMAN_CRED, *PKERB_CREDMAN_CRED;


typedef enum _KERB_CONTEXT_STATE {
    IdleState,
    TgtRequestSentState,
    TgtReplySentState,
    ApRequestSentState,
    ApReplySentState,
    AuthenticatedState,
    ErrorMessageSentState,
    InvalidState
} KERB_CONTEXT_STATE, *PKERB_CONTEXT_STATE;


#define KERB_CONTEXT_TAG_ACTIVE (ULONG)'AxtC'
#define KERB_CONTEXT_TAG_DELETE (ULONG)'DxtC'

typedef struct _KERB_CONTEXT {
    KERBEROS_LIST_ENTRY ListEntry;
    TimeStamp Lifetime;             // end time/expiration time
    TimeStamp RenewTime;            // time to renew until
    TimeStamp StartTime;
    UNICODE_STRING ClientName;
    UNICODE_STRING ClientRealm;
    union {
        ULONG ClientProcess;
        LSA_SEC_HANDLE LsaContextHandle;
    };
    LUID LogonId;
    HANDLE TokenHandle;
    ULONG_PTR CredentialHandle;
    KERB_ENCRYPTION_KEY SessionKey;
    ULONG Nonce;
    ULONG ReceiveNonce;
    ULONG ContextFlags;
    ULONG ContextAttributes;
    ULONG EncryptionType;
    PSID UserSid;
    KERB_CONTEXT_STATE ContextState;
    ULONG Retries;
    KERB_ENCRYPTION_KEY TicketKey;
    PKERB_TICKET_CACHE_ENTRY TicketCacheEntry;  // for clients, is ticket to server, for servers, is TGT used in user-to-user
    UNICODE_STRING ClientPrincipalName;
    UNICODE_STRING ServerPrincipalName;
    PKERB_CREDMAN_CRED CredManCredentials;

    //
    // marshalled target info for DFS/RDR.
    //

    PBYTE pbMarshalledTargetInfo;
    ULONG cbMarshalledTargetInfo;

    ULONG ContextTag;
} KERB_CONTEXT, *PKERB_CONTEXT;

typedef struct _KERB_PACKED_CONTEXT {
    ULONG   ContextType ;               // Indicates the type of the context
    ULONG   Pad;                        // Pad data
    TimeStamp Lifetime;                 // Matches basic context above
    TimeStamp RenewTime ;
    TimeStamp StartTime;
    UNICODE_STRING32 ClientName ;
    UNICODE_STRING32 ClientRealm ;
    ULONG LsaContextHandle ;
    LUID LogonId ;
    ULONG TokenHandle ;
    ULONG CredentialHandle ;
    ULONG SessionKeyType ;
    ULONG SessionKeyOffset ;
    ULONG SessionKeyLength ;
    ULONG Nonce ;
    ULONG ReceiveNonce ;
    ULONG ContextFlags ;
    ULONG ContextAttributes ;
    ULONG EncryptionType ;
    KERB_CONTEXT_STATE ContextState ;
    ULONG Retries ;
    ULONG MarshalledTargetInfo; // offset
    ULONG MarshalledTargetInfoLength;
} KERB_PACKED_CONTEXT, * PKERB_PACKED_CONTEXT ;

typedef struct _KERB_SESSION_KEY_ENTRY {
    LIST_ENTRY ListEntry;
    KERB_ENCRYPTION_KEY SessionKey;
    FILETIME ExpireTime;                   // time when SessionKey expires
} KERB_SESSION_KEY_ENTRY, * PKERB_SESSION_KEY_ENTRY;

#define KERB_PACKED_CONTEXT_MAP     0
#define KERB_PACKED_CONTEXT_EXPORT  1

#endif // __KERBDEFS_H_
Add source files 2020-09-26 03:20:57 -05:00			`//+-----------------------------------------------------------------------`
			`//`
			`// Microsoft Windows`
			`//`
			`// Copyright (c) Microsoft Corporation 1992 - 1996`
			`//`
			`// File: kerbdefs.h`
			`//`
			`// Contents: defines for all internal Kerberos lists`
			`//`
			`//`
			`// History: 03-May-1999 ChandanS Created`
			`//`
			`//------------------------------------------------------------------------`

			`#ifndef __KERBDEFS_H__`
			`#define __KERBDEFS_H__`

			`//`
			`// All Kerberos list structures are defined here`
			`//`

			`typedef struct _KERBEROS_LIST {`
			`LIST_ENTRY List;`
			`RTL_CRITICAL_SECTION Lock;`
			`} KERBEROS_LIST, *PKERBEROS_LIST;`

			`typedef struct _KERBEROS_LIST_ENTRY {`
			`LIST_ENTRY Next;`
			`ULONG ReferenceCount;`
			`} KERBEROS_LIST_ENTRY, *PKERBEROS_LIST_ENTRY;`

			`typedef struct _KERB_TICKET_CACHE_ENTRY {`
			`KERBEROS_LIST_ENTRY ListEntry;`
			`volatile LONG Linked;`
			`PKERB_INTERNAL_NAME ServiceName;`
			`PKERB_INTERNAL_NAME TargetName;`
			`UNICODE_STRING DomainName;`
			`UNICODE_STRING TargetDomainName;`
			`UNICODE_STRING AltTargetDomainName;`
			`UNICODE_STRING ClientDomainName;`
			`PKERB_INTERNAL_NAME ClientName;`
			`ULONG TicketFlags;`
			`ULONG CacheFlags;`
			`KERB_ENCRYPTION_KEY SessionKey;`
			`TimeStamp KeyExpirationTime;`
			`TimeStamp StartTime;`
			`TimeStamp EndTime;`
			`TimeStamp RenewUntil;`
			`KERB_TICKET Ticket;`
			`TimeStamp TimeSkew;`
			`} KERB_TICKET_CACHE_ENTRY, *PKERB_TICKET_CACHE_ENTRY;`

			`typedef struct _KERB_TICKET_CACHE {`
			`LIST_ENTRY CacheEntries;`
			`} KERB_TICKET_CACHE, *PKERB_TICKET_CACHE;`


			`#define CSP_DATA_INITIALIZED 0x01`
			`#define CONTEXT_INITIALIZED_WITH_CRED_MAN_CREDS 0x02`
			`#define CONTEXT_INITIALIZED_WITH_ACH 0x04`

			`typedef struct _KERB_PUBLIC_KEY_CREDENTIALS {`
			`UNICODE_STRING Pin;`
			`LUID LogonId; // logon id used in impersonation...`
			`PCCERT_CONTEXT CertContext;`
			`HCRYPTPROV hProv;`
			`ULONG InitializationInfo;`
			`ULONG CspDataLength;`
			`BYTE CspData[1];`
			`} KERB_PUBLIC_KEY_CREDENTIALS, *PKERB_PUBLIC_KEY_CREDENTIALS;`

			`typedef struct _KERB_PRIMARY_CREDENTIAL {`
			`UNICODE_STRING UserName;`
			`UNICODE_STRING DomainName;`
			`UNICODE_STRING ClearPassword; // this is only present until a ticket has been obtained.`

			`UNICODE_STRING OldUserName; // original user name in explicit`
			`UNICODE_STRING OldDomainName; // original domain name in explicit cred`
			`NT_OWF_PASSWORD OldHashPassword; // hash of encrypted ClearPassword`

			`PKERB_STORED_CREDENTIAL Passwords;`
			`PKERB_STORED_CREDENTIAL OldPasswords;`
			`KERB_TICKET_CACHE ServerTicketCache;`
			`KERB_TICKET_CACHE S4UTicketCache;`
			`KERB_TICKET_CACHE AuthenticationTicketCache;`
			`PKERB_PUBLIC_KEY_CREDENTIALS PublicKeyCreds;`
			`} KERB_PRIMARY_CREDENTIAL, *PKERB_PRIMARY_CREDENTIAL;`

			`typedef struct _KERB_LOGON_SESSION {`
			`KERBEROS_LIST_ENTRY ListEntry;`
			`LIST_ENTRY SspCredentials;`
			`KERBEROS_LIST CredmanCredentials;`
			`LUID LogonId; // constant`
			`TimeStamp Lifetime;`
			`RTL_CRITICAL_SECTION Lock;`
			`KERB_PRIMARY_CREDENTIAL PrimaryCredentials;`
			`ULONG LogonSessionFlags;`
			`} KERB_LOGON_SESSION, *PKERB_LOGON_SESSION;`


			`#define KERB_CREDENTIAL_TAG_ACTIVE (ULONG)'AdrC'`
			`#define KERB_CREDENTIAL_TAG_DELETE (ULONG)'DdrC'`

			`typedef struct _KERB_CREDENTIAL {`
			`KERBEROS_LIST_ENTRY ListEntry;`
			`ULONG HandleCount;`
			`LIST_ENTRY NextForThisLogonSession;`
			`LUID LogonId; // constant`
			`TimeStamp Lifetime;`
			`UNICODE_STRING CredentialName;`
			`ULONG CredentialFlags;`
			`ULONG ClientProcess; // constant`
			`PKERB_PRIMARY_CREDENTIAL SuppliedCredentials;`
			`PKERB_AUTHORIZATION_DATA AuthData;`
			`ULONG CredentialTag;`
			`} KERB_CREDENTIAL, *PKERB_CREDENTIAL;`

			`typedef struct _KERB_CREDMAN_CRED {`
			`KERBEROS_LIST_ENTRY ListEntry;`
			`ULONG CredentialFlags;`
			`UNICODE_STRING CredmanUserName; // added since TGT information can overwrite primary credentials...`
			`UNICODE_STRING CredmanDomainName;`
			`PKERB_PRIMARY_CREDENTIAL SuppliedCredentials;`
			`} KERB_CREDMAN_CRED, *PKERB_CREDMAN_CRED;`


			`typedef enum _KERB_CONTEXT_STATE {`
			`IdleState,`
			`TgtRequestSentState,`
			`TgtReplySentState,`
			`ApRequestSentState,`
			`ApReplySentState,`
			`AuthenticatedState,`
			`ErrorMessageSentState,`
			`InvalidState`
			`} KERB_CONTEXT_STATE, *PKERB_CONTEXT_STATE;`


			`#define KERB_CONTEXT_TAG_ACTIVE (ULONG)'AxtC'`
			`#define KERB_CONTEXT_TAG_DELETE (ULONG)'DxtC'`

			`typedef struct _KERB_CONTEXT {`
			`KERBEROS_LIST_ENTRY ListEntry;`
			`TimeStamp Lifetime; // end time/expiration time`
			`TimeStamp RenewTime; // time to renew until`
			`TimeStamp StartTime;`
			`UNICODE_STRING ClientName;`
			`UNICODE_STRING ClientRealm;`
			`union {`
			`ULONG ClientProcess;`
			`LSA_SEC_HANDLE LsaContextHandle;`
			`};`
			`LUID LogonId;`
			`HANDLE TokenHandle;`
			`ULONG_PTR CredentialHandle;`
			`KERB_ENCRYPTION_KEY SessionKey;`
			`ULONG Nonce;`
			`ULONG ReceiveNonce;`
			`ULONG ContextFlags;`
			`ULONG ContextAttributes;`
			`ULONG EncryptionType;`
			`PSID UserSid;`
			`KERB_CONTEXT_STATE ContextState;`
			`ULONG Retries;`
			`KERB_ENCRYPTION_KEY TicketKey;`
			`PKERB_TICKET_CACHE_ENTRY TicketCacheEntry; // for clients, is ticket to server, for servers, is TGT used in user-to-user`
			`UNICODE_STRING ClientPrincipalName;`
			`UNICODE_STRING ServerPrincipalName;`
			`PKERB_CREDMAN_CRED CredManCredentials;`

			`//`
			`// marshalled target info for DFS/RDR.`
			`//`

			`PBYTE pbMarshalledTargetInfo;`
			`ULONG cbMarshalledTargetInfo;`

			`ULONG ContextTag;`
			`} KERB_CONTEXT, *PKERB_CONTEXT;`

			`typedef struct _KERB_PACKED_CONTEXT {`
			`ULONG ContextType ; // Indicates the type of the context`
			`ULONG Pad; // Pad data`
			`TimeStamp Lifetime; // Matches basic context above`
			`TimeStamp RenewTime ;`
			`TimeStamp StartTime;`
			`UNICODE_STRING32 ClientName ;`
			`UNICODE_STRING32 ClientRealm ;`
			`ULONG LsaContextHandle ;`
			`LUID LogonId ;`
			`ULONG TokenHandle ;`
			`ULONG CredentialHandle ;`
			`ULONG SessionKeyType ;`
			`ULONG SessionKeyOffset ;`
			`ULONG SessionKeyLength ;`
			`ULONG Nonce ;`
			`ULONG ReceiveNonce ;`
			`ULONG ContextFlags ;`
			`ULONG ContextAttributes ;`
			`ULONG EncryptionType ;`
			`KERB_CONTEXT_STATE ContextState ;`
			`ULONG Retries ;`
			`ULONG MarshalledTargetInfo; // offset`
			`ULONG MarshalledTargetInfoLength;`
			`} KERB_PACKED_CONTEXT, * PKERB_PACKED_CONTEXT ;`

			`typedef struct _KERB_SESSION_KEY_ENTRY {`
			`LIST_ENTRY ListEntry;`
			`KERB_ENCRYPTION_KEY SessionKey;`
			`FILETIME ExpireTime; // time when SessionKey expires`
			`} KERB_SESSION_KEY_ENTRY, * PKERB_SESSION_KEY_ENTRY;`

			`#define KERB_PACKED_CONTEXT_MAP 0`
			`#define KERB_PACKED_CONTEXT_EXPORT 1`

			`#endif // __KERBDEFS_H_`