//+----------------------------------------------------------------------- // // Microsoft Windows // // Copyright (c) Microsoft Corporation 1992 - 1996 // // File: kerbdefs.h // // Contents: defines for all internal Kerberos lists // // // History: 03-May-1999 ChandanS Created // //------------------------------------------------------------------------ #ifndef __KERBDEFS_H__ #define __KERBDEFS_H__ // // All Kerberos list structures are defined here // typedef struct _KERBEROS_LIST { LIST_ENTRY List; RTL_CRITICAL_SECTION Lock; } KERBEROS_LIST, *PKERBEROS_LIST; typedef struct _KERBEROS_LIST_ENTRY { LIST_ENTRY Next; ULONG ReferenceCount; } KERBEROS_LIST_ENTRY, *PKERBEROS_LIST_ENTRY; typedef struct _KERB_TICKET_CACHE_ENTRY { KERBEROS_LIST_ENTRY ListEntry; volatile LONG Linked; PKERB_INTERNAL_NAME ServiceName; PKERB_INTERNAL_NAME TargetName; UNICODE_STRING DomainName; UNICODE_STRING TargetDomainName; UNICODE_STRING AltTargetDomainName; UNICODE_STRING ClientDomainName; PKERB_INTERNAL_NAME ClientName; ULONG TicketFlags; ULONG CacheFlags; KERB_ENCRYPTION_KEY SessionKey; TimeStamp KeyExpirationTime; TimeStamp StartTime; TimeStamp EndTime; TimeStamp RenewUntil; KERB_TICKET Ticket; TimeStamp TimeSkew; } KERB_TICKET_CACHE_ENTRY, *PKERB_TICKET_CACHE_ENTRY; typedef struct _KERB_TICKET_CACHE { LIST_ENTRY CacheEntries; } KERB_TICKET_CACHE, *PKERB_TICKET_CACHE; #define CSP_DATA_INITIALIZED 0x01 #define CONTEXT_INITIALIZED_WITH_CRED_MAN_CREDS 0x02 #define CONTEXT_INITIALIZED_WITH_ACH 0x04 typedef struct _KERB_PUBLIC_KEY_CREDENTIALS { UNICODE_STRING Pin; LUID LogonId; // logon id used in impersonation... PCCERT_CONTEXT CertContext; HCRYPTPROV hProv; ULONG InitializationInfo; ULONG CspDataLength; BYTE CspData[1]; } KERB_PUBLIC_KEY_CREDENTIALS, *PKERB_PUBLIC_KEY_CREDENTIALS; typedef struct _KERB_PRIMARY_CREDENTIAL { UNICODE_STRING UserName; UNICODE_STRING DomainName; UNICODE_STRING ClearPassword; // this is only present until a ticket has been obtained. UNICODE_STRING OldUserName; // original user name in explicit UNICODE_STRING OldDomainName; // original domain name in explicit cred NT_OWF_PASSWORD OldHashPassword; // hash of encrypted ClearPassword PKERB_STORED_CREDENTIAL Passwords; PKERB_STORED_CREDENTIAL OldPasswords; KERB_TICKET_CACHE ServerTicketCache; KERB_TICKET_CACHE S4UTicketCache; KERB_TICKET_CACHE AuthenticationTicketCache; PKERB_PUBLIC_KEY_CREDENTIALS PublicKeyCreds; } KERB_PRIMARY_CREDENTIAL, *PKERB_PRIMARY_CREDENTIAL; typedef struct _KERB_LOGON_SESSION { KERBEROS_LIST_ENTRY ListEntry; LIST_ENTRY SspCredentials; KERBEROS_LIST CredmanCredentials; LUID LogonId; // constant TimeStamp Lifetime; RTL_CRITICAL_SECTION Lock; KERB_PRIMARY_CREDENTIAL PrimaryCredentials; ULONG LogonSessionFlags; } KERB_LOGON_SESSION, *PKERB_LOGON_SESSION; #define KERB_CREDENTIAL_TAG_ACTIVE (ULONG)'AdrC' #define KERB_CREDENTIAL_TAG_DELETE (ULONG)'DdrC' typedef struct _KERB_CREDENTIAL { KERBEROS_LIST_ENTRY ListEntry; ULONG HandleCount; LIST_ENTRY NextForThisLogonSession; LUID LogonId; // constant TimeStamp Lifetime; UNICODE_STRING CredentialName; ULONG CredentialFlags; ULONG ClientProcess; // constant PKERB_PRIMARY_CREDENTIAL SuppliedCredentials; PKERB_AUTHORIZATION_DATA AuthData; ULONG CredentialTag; } KERB_CREDENTIAL, *PKERB_CREDENTIAL; typedef struct _KERB_CREDMAN_CRED { KERBEROS_LIST_ENTRY ListEntry; ULONG CredentialFlags; UNICODE_STRING CredmanUserName; // added since TGT information can overwrite primary credentials... UNICODE_STRING CredmanDomainName; PKERB_PRIMARY_CREDENTIAL SuppliedCredentials; } KERB_CREDMAN_CRED, *PKERB_CREDMAN_CRED; typedef enum _KERB_CONTEXT_STATE { IdleState, TgtRequestSentState, TgtReplySentState, ApRequestSentState, ApReplySentState, AuthenticatedState, ErrorMessageSentState, InvalidState } KERB_CONTEXT_STATE, *PKERB_CONTEXT_STATE; #define KERB_CONTEXT_TAG_ACTIVE (ULONG)'AxtC' #define KERB_CONTEXT_TAG_DELETE (ULONG)'DxtC' typedef struct _KERB_CONTEXT { KERBEROS_LIST_ENTRY ListEntry; TimeStamp Lifetime; // end time/expiration time TimeStamp RenewTime; // time to renew until TimeStamp StartTime; UNICODE_STRING ClientName; UNICODE_STRING ClientRealm; union { ULONG ClientProcess; LSA_SEC_HANDLE LsaContextHandle; }; LUID LogonId; HANDLE TokenHandle; ULONG_PTR CredentialHandle; KERB_ENCRYPTION_KEY SessionKey; ULONG Nonce; ULONG ReceiveNonce; ULONG ContextFlags; ULONG ContextAttributes; ULONG EncryptionType; PSID UserSid; KERB_CONTEXT_STATE ContextState; ULONG Retries; KERB_ENCRYPTION_KEY TicketKey; PKERB_TICKET_CACHE_ENTRY TicketCacheEntry; // for clients, is ticket to server, for servers, is TGT used in user-to-user UNICODE_STRING ClientPrincipalName; UNICODE_STRING ServerPrincipalName; PKERB_CREDMAN_CRED CredManCredentials; // // marshalled target info for DFS/RDR. // PBYTE pbMarshalledTargetInfo; ULONG cbMarshalledTargetInfo; ULONG ContextTag; } KERB_CONTEXT, *PKERB_CONTEXT; typedef struct _KERB_PACKED_CONTEXT { ULONG ContextType ; // Indicates the type of the context ULONG Pad; // Pad data TimeStamp Lifetime; // Matches basic context above TimeStamp RenewTime ; TimeStamp StartTime; UNICODE_STRING32 ClientName ; UNICODE_STRING32 ClientRealm ; ULONG LsaContextHandle ; LUID LogonId ; ULONG TokenHandle ; ULONG CredentialHandle ; ULONG SessionKeyType ; ULONG SessionKeyOffset ; ULONG SessionKeyLength ; ULONG Nonce ; ULONG ReceiveNonce ; ULONG ContextFlags ; ULONG ContextAttributes ; ULONG EncryptionType ; KERB_CONTEXT_STATE ContextState ; ULONG Retries ; ULONG MarshalledTargetInfo; // offset ULONG MarshalledTargetInfoLength; } KERB_PACKED_CONTEXT, * PKERB_PACKED_CONTEXT ; typedef struct _KERB_SESSION_KEY_ENTRY { LIST_ENTRY ListEntry; KERB_ENCRYPTION_KEY SessionKey; FILETIME ExpireTime; // time when SessionKey expires } KERB_SESSION_KEY_ENTRY, * PKERB_SESSION_KEY_ENTRY; #define KERB_PACKED_CONTEXT_MAP 0 #define KERB_PACKED_CONTEXT_EXPORT 1 #endif // __KERBDEFS_H_