windows-nt/Source/XPSP1/NT/ds/security/protocols/kerberos/client2/kerbp.h

//+-----------------------------------------------------------------------
//
// Microsoft Windows
//
// Copyright (c) Microsoft Corporation 1992 - 1996
//
// File:        kerbp.h
//
// Contents:    global include file for Kerberos security package
//
//
// History:     16-April-1996       Created     MikeSw
//
//------------------------------------------------------------------------

#ifndef __KERBP_H__
#define __KERBP_H__

//
// All global variables declared as EXTERN will be allocated in the file
// that defines KERBP_ALLOCATE
//

typedef enum _KERBEROS_MACHINE_ROLE {
    KerbRoleRealmlessWksta,
    KerbRoleStandalone,
    KerbRoleWorkstation,
    KerbRoleDomainController
} KERBEROS_MACHINE_ROLE, *PKERBEROS_MACHINE_ROLE;


typedef enum _KERBEROS_STATE {
    KerberosLsaMode = 1,
    KerberosUserMode
} KERBEROS_STATE, *PKERBEROS_STATE;

#define ISC_REQ_DELEGATE_IF_SAFE ISC_REQ_RESERVED1
#define ISC_RET_DELEGATE_IF_SAFE ISC_RET_RESERVED1

#include "kerbdbg.h"
#include "kerbdefs.h"
#include "kerblist.h"
#include "spncache.h"
#include "kerbs4u.h"
#include "bndcache.h"
#include "kerbtick.h"
#include "kerbutil.h"
#include "kerblist.h"
#include "tktcache.h"
#include "logonses.h"
#include "credmgr.h"
#include "ctxtmgr.h"
#include "kerbfunc.h"
#include "logonapi.h"
#include "krbtoken.h"
#include "rpcutil.h"
#include "timesync.h"
#include "sidcache.h"
#ifndef WIN32_CHICAGO
#include "pkauth.h"
#include "tktlogon.h"
#include "userlist.h"
#endif // WIN32_CHICAGO
#include "mitutil.h"
#include "krbevent.h"
#include "credman.h"

#ifdef WIN32_CHICAGO
#include <kerbstub.h>
#include <debug.h>
#endif // WIN32_CHICAGO

#ifdef _WIN64
#include "kerbwow.h"
#endif // _WIN64

//
// Macros for package information
//

#ifdef EXTERN
#undef EXTERN
#endif

#ifdef KERBP_ALLOCATE
#define EXTERN
#else
#define EXTERN extern
#endif // KERBP_ALLOCATE

//

#define KERBEROS_CAPABILITIES ( SECPKG_FLAG_INTEGRITY | \
                                SECPKG_FLAG_PRIVACY | \
                                SECPKG_FLAG_TOKEN_ONLY | \
                                SECPKG_FLAG_DATAGRAM | \
                                SECPKG_FLAG_CONNECTION | \
                                SECPKG_FLAG_MULTI_REQUIRED | \
                                SECPKG_FLAG_EXTENDED_ERROR | \
                                SECPKG_FLAG_IMPERSONATION | \
                                SECPKG_FLAG_ACCEPT_WIN32_NAME | \
                                SECPKG_FLAG_NEGOTIABLE | \
                                SECPKG_FLAG_GSS_COMPATIBLE | \
                                SECPKG_FLAG_LOGON | \
                                SECPKG_FLAG_MUTUAL_AUTH | \
                                SECPKG_FLAG_DELEGATION )

#define KERBEROS_MAX_TOKEN 12000
#ifdef WIN32_CHICAGO
#define KERBEROS_PACKAGE_NAME "Kerberos"
#define KERBEROS_PACKAGE_COMMENT "Microsoft Kerberos V1.0"
#else
#define KERBEROS_PACKAGE_NAME L"Kerberos"
#define KERBEROS_PACKAGE_COMMENT L"Microsoft Kerberos V1.0"
#endif

#define NETLOGON_STARTED_EVENT L"\\NETLOGON_SERVICE_STARTED"

//
// Global state variables
//

EXTERN PLSA_SECPKG_FUNCTION_TABLE LsaFunctions;
EXTERN PSECPKG_DLL_FUNCTIONS UserFunctions;

EXTERN SECPKG_FUNCTION_TABLE KerberosFunctionTable;
EXTERN SECPKG_USER_FUNCTION_TABLE KerberosUserFunctionTable;

EXTERN ULONG_PTR KerberosPackageId;
EXTERN BOOLEAN KerbGlobalInitialized;
EXTERN BOOLEAN KerbGlobalSocketsInitialized;
EXTERN UNICODE_STRING KerbGlobalMachineName;
EXTERN STRING KerbGlobalKerbMachineName;
EXTERN UNICODE_STRING KerbGlobalKdcServiceName;
EXTERN UNICODE_STRING KerbPackageName;
EXTERN BOOLEAN KerbKdcStarted;
EXTERN BOOLEAN KerbAfdStarted;
EXTERN BOOLEAN KerbNetlogonStarted;
EXTERN BOOLEAN KerbGlobalDomainIsPreNT5;
EXTERN HMODULE KerbKdcHandle;
EXTERN PKDC_VERIFY_PAC_ROUTINE KerbKdcVerifyPac;
EXTERN PKDC_GET_TICKET_ROUTINE KerbKdcGetTicket;
EXTERN PKDC_GET_TICKET_ROUTINE KerbKdcChangePassword;
EXTERN PKDC_FREE_MEMORY_ROUTINE KerbKdcFreeMemory;
EXTERN BOOLEAN KerbGlobalEncryptionPermitted;
EXTERN BOOLEAN KerbGlobalStrongEncryptionPermitted;
EXTERN BOOLEAN KerbGlobalEnforceTime;
EXTERN BOOLEAN KerbGlobalMachineNameChanged;
#ifndef WIN32_CHICAGO
EXTERN BOOLEAN KerbGlobalSafeModeBootOptionPresent;
#endif // WIN32_CHICAGO

//
// Registry driven globals (see Kerberos\readme.txt for details on these)
//

EXTERN ULONG KerbGlobalKdcWaitTime;
EXTERN ULONG KerbGlobalKdcCallTimeout;
EXTERN ULONG KerbGlobalKdcCallBackoff;
EXTERN ULONG KerbGlobalKdcSendRetries;
EXTERN ULONG KerbGlobalMaxDatagramSize;
EXTERN ULONG KerbGlobalDefaultPreauthEtype;
EXTERN ULONG KerbGlobalMaxReferralCount;
EXTERN ULONG KerbGlobalMaxTokenSize;
EXTERN ULONG KerbGlobalKdcOptions;
EXTERN BOOLEAN KerbGlobalUseSidCache;
EXTERN BOOLEAN KerbGlobalUseStrongEncryptionForDatagram;
EXTERN BOOLEAN KerbGlobalRetryPdc;
EXTERN TimeStamp KerbGlobalFarKdcTimeout;
EXTERN TimeStamp KerbGlobalNearKdcTimeout;
EXTERN TimeStamp KerbGlobalSkewTime;
EXTERN TimeStamp KerbGlobalSpnCacheTimeout;
EXTERN BOOLEAN KerbGlobalUseClientIpAddresses;
EXTERN DWORD KerbGlobalTgtRenewalInterval;


#ifndef WIN32_CHICAGO
EXTERN ULONG KerbGlobalLoggingLevel;
#endif // WIN32_CHICAGO

//
// Globals used for handling domain change or that are affected by domain
// change
//

#ifndef WIN32_CHICAGO
#define KerbGlobalReadLock() RtlAcquireResourceShared(&KerberosGlobalResource, TRUE)
#define KerbGlobalWriteLock() RtlAcquireResourceExclusive(&KerberosGlobalResource, TRUE)
#define KerbGlobalReleaseLock() RtlReleaseResource(&KerberosGlobalResource)
EXTERN RTL_RESOURCE KerberosGlobalResource;
EXTERN PSID KerbGlobalDomainSid;
#else // WIN32_CHICAGO
#define KerbGlobalReadLock()
#define KerbGlobalWriteLock()
#define KerbGlobalReleaseLock()

#endif // WIN32_CHICAGO

EXTERN UNICODE_STRING KerbGlobalDomainName;
EXTERN UNICODE_STRING KerbGlobalDnsDomainName;
EXTERN PKERB_INTERNAL_NAME KerbGlobalInternalMachineServiceName;
EXTERN PKERB_INTERNAL_NAME KerbGlobalMitMachineServiceName;
EXTERN UNICODE_STRING KerbGlobalMachineServiceName;
EXTERN KERBEROS_MACHINE_ROLE KerbGlobalRole;
EXTERN UNICODE_STRING KerbGlobalInitialDcRecord;
EXTERN ULONG KerbGlobalInitialDcFlags;
EXTERN ULONG KerbGlobalInitialDcAddressType;
EXTERN PSOCKADDR_IN KerbGlobalIpAddresses;    // also protected by same lock
EXTERN BOOLEAN KerbGlobalNoTcpUdp;            // also protected by same lock
EXTERN ULONG KerbGlobalIpAddressCount;        // also protected by same lock
EXTERN BOOLEAN KerbGlobalIpAddressesInitialized;        // also protected by same lock

//
#ifdef WIN32_CHICAGO
// The capabilities of the security package
//

EXTERN ULONG KerbGlobalCapabilities;
#endif // WIN32_CHICAGO

#if DBG
EXTERN ULONG KerbGlobalLogonSessionsLocked;
EXTERN ULONG KerbGlobalCredentialsLocked;
EXTERN ULONG KerbGlobalContextsLocked;
#endif
//
// Useful globals
//

EXTERN TimeStamp KerbGlobalWillNeverTime;
EXTERN TimeStamp KerbGlobalHasNeverTime;


EXTERN KERBEROS_STATE KerberosState;

//
// handle to LSA policy -- trusted.
//

EXTERN LSAPR_HANDLE KerbGlobalPolicyHandle;

//
// SAM and Domain handles for validation interface.
//

EXTERN SAMPR_HANDLE KerbGlobalSamHandle;
EXTERN SAMPR_HANDLE KerbGlobalDomainHandle;

//
// Null copies of Lanman and NT OWF password.
//

EXTERN LM_OWF_PASSWORD KerbGlobalNullLmOwfPassword;
EXTERN NT_OWF_PASSWORD KerbGlobalNullNtOwfPassword;


//
// Useful macros
//

//
// Macro to return the type field of a SecBuffer
//

#define BUFFERTYPE(_x_) ((_x_).BufferType & ~SECBUFFER_ATTRMASK)

//
// Time to wait for the KDC to start, in seconds
//


#endif // __KERBP_H__
Add source files 2020-09-26 03:20:57 -05:00			`//+-----------------------------------------------------------------------`
			`//`
			`// Microsoft Windows`
			`//`
			`// Copyright (c) Microsoft Corporation 1992 - 1996`
			`//`
			`// File: kerbp.h`
			`//`
			`// Contents: global include file for Kerberos security package`
			`//`
			`//`
			`// History: 16-April-1996 Created MikeSw`
			`//`
			`//------------------------------------------------------------------------`

			`#ifndef __KERBP_H__`
			`#define __KERBP_H__`

			`//`
			`// All global variables declared as EXTERN will be allocated in the file`
			`// that defines KERBP_ALLOCATE`
			`//`

			`typedef enum _KERBEROS_MACHINE_ROLE {`
			`KerbRoleRealmlessWksta,`
			`KerbRoleStandalone,`
			`KerbRoleWorkstation,`
			`KerbRoleDomainController`
			`} KERBEROS_MACHINE_ROLE, *PKERBEROS_MACHINE_ROLE;`


			`typedef enum _KERBEROS_STATE {`
			`KerberosLsaMode = 1,`
			`KerberosUserMode`
			`} KERBEROS_STATE, *PKERBEROS_STATE;`

			`#define ISC_REQ_DELEGATE_IF_SAFE ISC_REQ_RESERVED1`
			`#define ISC_RET_DELEGATE_IF_SAFE ISC_RET_RESERVED1`

			`#include "kerbdbg.h"`
			`#include "kerbdefs.h"`
			`#include "kerblist.h"`
			`#include "spncache.h"`
			`#include "kerbs4u.h"`
			`#include "bndcache.h"`
			`#include "kerbtick.h"`
			`#include "kerbutil.h"`
			`#include "kerblist.h"`
			`#include "tktcache.h"`
			`#include "logonses.h"`
			`#include "credmgr.h"`
			`#include "ctxtmgr.h"`
			`#include "kerbfunc.h"`
			`#include "logonapi.h"`
			`#include "krbtoken.h"`
			`#include "rpcutil.h"`
			`#include "timesync.h"`
			`#include "sidcache.h"`
			`#ifndef WIN32_CHICAGO`
			`#include "pkauth.h"`
			`#include "tktlogon.h"`
			`#include "userlist.h"`
			`#endif // WIN32_CHICAGO`
			`#include "mitutil.h"`
			`#include "krbevent.h"`
			`#include "credman.h"`

			`#ifdef WIN32_CHICAGO`
			`#include <kerbstub.h>`
			`#include <debug.h>`
			`#endif // WIN32_CHICAGO`

			`#ifdef _WIN64`
			`#include "kerbwow.h"`
			`#endif // _WIN64`

			`//`
			`// Macros for package information`
			`//`

			`#ifdef EXTERN`
			`#undef EXTERN`
			`#endif`

			`#ifdef KERBP_ALLOCATE`
			`#define EXTERN`
			`#else`
			`#define EXTERN extern`
			`#endif // KERBP_ALLOCATE`

			`//`

			`#define KERBEROS_CAPABILITIES ( SECPKG_FLAG_INTEGRITY \| \`
			`SECPKG_FLAG_PRIVACY \| \`
			`SECPKG_FLAG_TOKEN_ONLY \| \`
			`SECPKG_FLAG_DATAGRAM \| \`
			`SECPKG_FLAG_CONNECTION \| \`
			`SECPKG_FLAG_MULTI_REQUIRED \| \`
			`SECPKG_FLAG_EXTENDED_ERROR \| \`
			`SECPKG_FLAG_IMPERSONATION \| \`
			`SECPKG_FLAG_ACCEPT_WIN32_NAME \| \`
			`SECPKG_FLAG_NEGOTIABLE \| \`
			`SECPKG_FLAG_GSS_COMPATIBLE \| \`
			`SECPKG_FLAG_LOGON \| \`
			`SECPKG_FLAG_MUTUAL_AUTH \| \`
			`SECPKG_FLAG_DELEGATION )`

			`#define KERBEROS_MAX_TOKEN 12000`
			`#ifdef WIN32_CHICAGO`
			`#define KERBEROS_PACKAGE_NAME "Kerberos"`
			`#define KERBEROS_PACKAGE_COMMENT "Microsoft Kerberos V1.0"`
			`#else`
			`#define KERBEROS_PACKAGE_NAME L"Kerberos"`
			`#define KERBEROS_PACKAGE_COMMENT L"Microsoft Kerberos V1.0"`
			`#endif`

			`#define NETLOGON_STARTED_EVENT L"\\NETLOGON_SERVICE_STARTED"`

			`//`
			`// Global state variables`
			`//`

			`EXTERN PLSA_SECPKG_FUNCTION_TABLE LsaFunctions;`
			`EXTERN PSECPKG_DLL_FUNCTIONS UserFunctions;`

			`EXTERN SECPKG_FUNCTION_TABLE KerberosFunctionTable;`
			`EXTERN SECPKG_USER_FUNCTION_TABLE KerberosUserFunctionTable;`

			`EXTERN ULONG_PTR KerberosPackageId;`
			`EXTERN BOOLEAN KerbGlobalInitialized;`
			`EXTERN BOOLEAN KerbGlobalSocketsInitialized;`
			`EXTERN UNICODE_STRING KerbGlobalMachineName;`
			`EXTERN STRING KerbGlobalKerbMachineName;`
			`EXTERN UNICODE_STRING KerbGlobalKdcServiceName;`
			`EXTERN UNICODE_STRING KerbPackageName;`
			`EXTERN BOOLEAN KerbKdcStarted;`
			`EXTERN BOOLEAN KerbAfdStarted;`
			`EXTERN BOOLEAN KerbNetlogonStarted;`
			`EXTERN BOOLEAN KerbGlobalDomainIsPreNT5;`
			`EXTERN HMODULE KerbKdcHandle;`
			`EXTERN PKDC_VERIFY_PAC_ROUTINE KerbKdcVerifyPac;`
			`EXTERN PKDC_GET_TICKET_ROUTINE KerbKdcGetTicket;`
			`EXTERN PKDC_GET_TICKET_ROUTINE KerbKdcChangePassword;`
			`EXTERN PKDC_FREE_MEMORY_ROUTINE KerbKdcFreeMemory;`
			`EXTERN BOOLEAN KerbGlobalEncryptionPermitted;`
			`EXTERN BOOLEAN KerbGlobalStrongEncryptionPermitted;`
			`EXTERN BOOLEAN KerbGlobalEnforceTime;`
			`EXTERN BOOLEAN KerbGlobalMachineNameChanged;`
			`#ifndef WIN32_CHICAGO`
			`EXTERN BOOLEAN KerbGlobalSafeModeBootOptionPresent;`
			`#endif // WIN32_CHICAGO`

			`//`
			`// Registry driven globals (see Kerberos\readme.txt for details on these)`
			`//`

			`EXTERN ULONG KerbGlobalKdcWaitTime;`
			`EXTERN ULONG KerbGlobalKdcCallTimeout;`
			`EXTERN ULONG KerbGlobalKdcCallBackoff;`
			`EXTERN ULONG KerbGlobalKdcSendRetries;`
			`EXTERN ULONG KerbGlobalMaxDatagramSize;`
			`EXTERN ULONG KerbGlobalDefaultPreauthEtype;`
			`EXTERN ULONG KerbGlobalMaxReferralCount;`
			`EXTERN ULONG KerbGlobalMaxTokenSize;`
			`EXTERN ULONG KerbGlobalKdcOptions;`
			`EXTERN BOOLEAN KerbGlobalUseSidCache;`
			`EXTERN BOOLEAN KerbGlobalUseStrongEncryptionForDatagram;`
			`EXTERN BOOLEAN KerbGlobalRetryPdc;`
			`EXTERN TimeStamp KerbGlobalFarKdcTimeout;`
			`EXTERN TimeStamp KerbGlobalNearKdcTimeout;`
			`EXTERN TimeStamp KerbGlobalSkewTime;`
			`EXTERN TimeStamp KerbGlobalSpnCacheTimeout;`
			`EXTERN BOOLEAN KerbGlobalUseClientIpAddresses;`
			`EXTERN DWORD KerbGlobalTgtRenewalInterval;`


			`#ifndef WIN32_CHICAGO`
			`EXTERN ULONG KerbGlobalLoggingLevel;`
			`#endif // WIN32_CHICAGO`

			`//`
			`// Globals used for handling domain change or that are affected by domain`
			`// change`
			`//`

			`#ifndef WIN32_CHICAGO`
			`#define KerbGlobalReadLock() RtlAcquireResourceShared(&KerberosGlobalResource, TRUE)`
			`#define KerbGlobalWriteLock() RtlAcquireResourceExclusive(&KerberosGlobalResource, TRUE)`
			`#define KerbGlobalReleaseLock() RtlReleaseResource(&KerberosGlobalResource)`
			`EXTERN RTL_RESOURCE KerberosGlobalResource;`
			`EXTERN PSID KerbGlobalDomainSid;`
			`#else // WIN32_CHICAGO`
			`#define KerbGlobalReadLock()`
			`#define KerbGlobalWriteLock()`
			`#define KerbGlobalReleaseLock()`

			`#endif // WIN32_CHICAGO`

			`EXTERN UNICODE_STRING KerbGlobalDomainName;`
			`EXTERN UNICODE_STRING KerbGlobalDnsDomainName;`
			`EXTERN PKERB_INTERNAL_NAME KerbGlobalInternalMachineServiceName;`
			`EXTERN PKERB_INTERNAL_NAME KerbGlobalMitMachineServiceName;`
			`EXTERN UNICODE_STRING KerbGlobalMachineServiceName;`
			`EXTERN KERBEROS_MACHINE_ROLE KerbGlobalRole;`
			`EXTERN UNICODE_STRING KerbGlobalInitialDcRecord;`
			`EXTERN ULONG KerbGlobalInitialDcFlags;`
			`EXTERN ULONG KerbGlobalInitialDcAddressType;`
			`EXTERN PSOCKADDR_IN KerbGlobalIpAddresses; // also protected by same lock`
			`EXTERN BOOLEAN KerbGlobalNoTcpUdp; // also protected by same lock`
			`EXTERN ULONG KerbGlobalIpAddressCount; // also protected by same lock`
			`EXTERN BOOLEAN KerbGlobalIpAddressesInitialized; // also protected by same lock`

			`//`
			`#ifdef WIN32_CHICAGO`
			`// The capabilities of the security package`
			`//`

			`EXTERN ULONG KerbGlobalCapabilities;`
			`#endif // WIN32_CHICAGO`

			`#if DBG`
			`EXTERN ULONG KerbGlobalLogonSessionsLocked;`
			`EXTERN ULONG KerbGlobalCredentialsLocked;`
			`EXTERN ULONG KerbGlobalContextsLocked;`
			`#endif`
			`//`
			`// Useful globals`
			`//`

			`EXTERN TimeStamp KerbGlobalWillNeverTime;`
			`EXTERN TimeStamp KerbGlobalHasNeverTime;`


			`EXTERN KERBEROS_STATE KerberosState;`

			`//`
			`// handle to LSA policy -- trusted.`
			`//`

			`EXTERN LSAPR_HANDLE KerbGlobalPolicyHandle;`

			`//`
			`// SAM and Domain handles for validation interface.`
			`//`

			`EXTERN SAMPR_HANDLE KerbGlobalSamHandle;`
			`EXTERN SAMPR_HANDLE KerbGlobalDomainHandle;`

			`//`
			`// Null copies of Lanman and NT OWF password.`
			`//`

			`EXTERN LM_OWF_PASSWORD KerbGlobalNullLmOwfPassword;`
			`EXTERN NT_OWF_PASSWORD KerbGlobalNullNtOwfPassword;`


			`//`
			`// Useful macros`
			`//`

			`//`
			`// Macro to return the type field of a SecBuffer`
			`//`

			`#define BUFFERTYPE(_x_) ((_x_).BufferType & ~SECBUFFER_ATTRMASK)`

			`//`
			`// Time to wait for the KDC to start, in seconds`
			`//`


			`#endif // __KERBP_H__`