273 lines
7.3 KiB
C
273 lines
7.3 KiB
C
//+-----------------------------------------------------------------------
|
|
//
|
|
// Microsoft Windows
|
|
//
|
|
// Copyright (c) Microsoft Corporation 1992 - 1996
|
|
//
|
|
// File: kerbp.h
|
|
//
|
|
// Contents: global include file for Kerberos security package
|
|
//
|
|
//
|
|
// History: 16-April-1996 Created MikeSw
|
|
//
|
|
//------------------------------------------------------------------------
|
|
|
|
#ifndef __KERBP_H__
|
|
#define __KERBP_H__
|
|
|
|
//
|
|
// All global variables declared as EXTERN will be allocated in the file
|
|
// that defines KERBP_ALLOCATE
|
|
//
|
|
|
|
typedef enum _KERBEROS_MACHINE_ROLE {
|
|
KerbRoleRealmlessWksta,
|
|
KerbRoleStandalone,
|
|
KerbRoleWorkstation,
|
|
KerbRoleDomainController
|
|
} KERBEROS_MACHINE_ROLE, *PKERBEROS_MACHINE_ROLE;
|
|
|
|
|
|
typedef enum _KERBEROS_STATE {
|
|
KerberosLsaMode = 1,
|
|
KerberosUserMode
|
|
} KERBEROS_STATE, *PKERBEROS_STATE;
|
|
|
|
#define ISC_REQ_DELEGATE_IF_SAFE ISC_REQ_RESERVED1
|
|
#define ISC_RET_DELEGATE_IF_SAFE ISC_RET_RESERVED1
|
|
|
|
#include "kerbdbg.h"
|
|
#include "kerbdefs.h"
|
|
#include "kerblist.h"
|
|
#include "spncache.h"
|
|
#include "kerbs4u.h"
|
|
#include "bndcache.h"
|
|
#include "kerbtick.h"
|
|
#include "kerbutil.h"
|
|
#include "kerblist.h"
|
|
#include "tktcache.h"
|
|
#include "logonses.h"
|
|
#include "credmgr.h"
|
|
#include "ctxtmgr.h"
|
|
#include "kerbfunc.h"
|
|
#include "logonapi.h"
|
|
#include "krbtoken.h"
|
|
#include "rpcutil.h"
|
|
#include "timesync.h"
|
|
#include "sidcache.h"
|
|
#ifndef WIN32_CHICAGO
|
|
#include "pkauth.h"
|
|
#include "tktlogon.h"
|
|
#include "userlist.h"
|
|
#endif // WIN32_CHICAGO
|
|
#include "mitutil.h"
|
|
#include "krbevent.h"
|
|
#include "credman.h"
|
|
|
|
#ifdef WIN32_CHICAGO
|
|
#include <kerbstub.h>
|
|
#include <debug.h>
|
|
#endif // WIN32_CHICAGO
|
|
|
|
#ifdef _WIN64
|
|
#include "kerbwow.h"
|
|
#endif // _WIN64
|
|
|
|
//
|
|
// Macros for package information
|
|
//
|
|
|
|
#ifdef EXTERN
|
|
#undef EXTERN
|
|
#endif
|
|
|
|
#ifdef KERBP_ALLOCATE
|
|
#define EXTERN
|
|
#else
|
|
#define EXTERN extern
|
|
#endif // KERBP_ALLOCATE
|
|
|
|
//
|
|
|
|
#define KERBEROS_CAPABILITIES ( SECPKG_FLAG_INTEGRITY | \
|
|
SECPKG_FLAG_PRIVACY | \
|
|
SECPKG_FLAG_TOKEN_ONLY | \
|
|
SECPKG_FLAG_DATAGRAM | \
|
|
SECPKG_FLAG_CONNECTION | \
|
|
SECPKG_FLAG_MULTI_REQUIRED | \
|
|
SECPKG_FLAG_EXTENDED_ERROR | \
|
|
SECPKG_FLAG_IMPERSONATION | \
|
|
SECPKG_FLAG_ACCEPT_WIN32_NAME | \
|
|
SECPKG_FLAG_NEGOTIABLE | \
|
|
SECPKG_FLAG_GSS_COMPATIBLE | \
|
|
SECPKG_FLAG_LOGON | \
|
|
SECPKG_FLAG_MUTUAL_AUTH | \
|
|
SECPKG_FLAG_DELEGATION )
|
|
|
|
#define KERBEROS_MAX_TOKEN 12000
|
|
#ifdef WIN32_CHICAGO
|
|
#define KERBEROS_PACKAGE_NAME "Kerberos"
|
|
#define KERBEROS_PACKAGE_COMMENT "Microsoft Kerberos V1.0"
|
|
#else
|
|
#define KERBEROS_PACKAGE_NAME L"Kerberos"
|
|
#define KERBEROS_PACKAGE_COMMENT L"Microsoft Kerberos V1.0"
|
|
#endif
|
|
|
|
#define NETLOGON_STARTED_EVENT L"\\NETLOGON_SERVICE_STARTED"
|
|
|
|
//
|
|
// Global state variables
|
|
//
|
|
|
|
EXTERN PLSA_SECPKG_FUNCTION_TABLE LsaFunctions;
|
|
EXTERN PSECPKG_DLL_FUNCTIONS UserFunctions;
|
|
|
|
EXTERN SECPKG_FUNCTION_TABLE KerberosFunctionTable;
|
|
EXTERN SECPKG_USER_FUNCTION_TABLE KerberosUserFunctionTable;
|
|
|
|
EXTERN ULONG_PTR KerberosPackageId;
|
|
EXTERN BOOLEAN KerbGlobalInitialized;
|
|
EXTERN BOOLEAN KerbGlobalSocketsInitialized;
|
|
EXTERN UNICODE_STRING KerbGlobalMachineName;
|
|
EXTERN STRING KerbGlobalKerbMachineName;
|
|
EXTERN UNICODE_STRING KerbGlobalKdcServiceName;
|
|
EXTERN UNICODE_STRING KerbPackageName;
|
|
EXTERN BOOLEAN KerbKdcStarted;
|
|
EXTERN BOOLEAN KerbAfdStarted;
|
|
EXTERN BOOLEAN KerbNetlogonStarted;
|
|
EXTERN BOOLEAN KerbGlobalDomainIsPreNT5;
|
|
EXTERN HMODULE KerbKdcHandle;
|
|
EXTERN PKDC_VERIFY_PAC_ROUTINE KerbKdcVerifyPac;
|
|
EXTERN PKDC_GET_TICKET_ROUTINE KerbKdcGetTicket;
|
|
EXTERN PKDC_GET_TICKET_ROUTINE KerbKdcChangePassword;
|
|
EXTERN PKDC_FREE_MEMORY_ROUTINE KerbKdcFreeMemory;
|
|
EXTERN BOOLEAN KerbGlobalEncryptionPermitted;
|
|
EXTERN BOOLEAN KerbGlobalStrongEncryptionPermitted;
|
|
EXTERN BOOLEAN KerbGlobalEnforceTime;
|
|
EXTERN BOOLEAN KerbGlobalMachineNameChanged;
|
|
#ifndef WIN32_CHICAGO
|
|
EXTERN BOOLEAN KerbGlobalSafeModeBootOptionPresent;
|
|
#endif // WIN32_CHICAGO
|
|
|
|
//
|
|
// Registry driven globals (see Kerberos\readme.txt for details on these)
|
|
//
|
|
|
|
EXTERN ULONG KerbGlobalKdcWaitTime;
|
|
EXTERN ULONG KerbGlobalKdcCallTimeout;
|
|
EXTERN ULONG KerbGlobalKdcCallBackoff;
|
|
EXTERN ULONG KerbGlobalKdcSendRetries;
|
|
EXTERN ULONG KerbGlobalMaxDatagramSize;
|
|
EXTERN ULONG KerbGlobalDefaultPreauthEtype;
|
|
EXTERN ULONG KerbGlobalMaxReferralCount;
|
|
EXTERN ULONG KerbGlobalMaxTokenSize;
|
|
EXTERN ULONG KerbGlobalKdcOptions;
|
|
EXTERN BOOLEAN KerbGlobalUseSidCache;
|
|
EXTERN BOOLEAN KerbGlobalUseStrongEncryptionForDatagram;
|
|
EXTERN BOOLEAN KerbGlobalRetryPdc;
|
|
EXTERN TimeStamp KerbGlobalFarKdcTimeout;
|
|
EXTERN TimeStamp KerbGlobalNearKdcTimeout;
|
|
EXTERN TimeStamp KerbGlobalSkewTime;
|
|
EXTERN TimeStamp KerbGlobalSpnCacheTimeout;
|
|
EXTERN BOOLEAN KerbGlobalUseClientIpAddresses;
|
|
EXTERN DWORD KerbGlobalTgtRenewalInterval;
|
|
|
|
|
|
#ifndef WIN32_CHICAGO
|
|
EXTERN ULONG KerbGlobalLoggingLevel;
|
|
#endif // WIN32_CHICAGO
|
|
|
|
//
|
|
// Globals used for handling domain change or that are affected by domain
|
|
// change
|
|
//
|
|
|
|
#ifndef WIN32_CHICAGO
|
|
#define KerbGlobalReadLock() RtlAcquireResourceShared(&KerberosGlobalResource, TRUE)
|
|
#define KerbGlobalWriteLock() RtlAcquireResourceExclusive(&KerberosGlobalResource, TRUE)
|
|
#define KerbGlobalReleaseLock() RtlReleaseResource(&KerberosGlobalResource)
|
|
EXTERN RTL_RESOURCE KerberosGlobalResource;
|
|
EXTERN PSID KerbGlobalDomainSid;
|
|
#else // WIN32_CHICAGO
|
|
#define KerbGlobalReadLock()
|
|
#define KerbGlobalWriteLock()
|
|
#define KerbGlobalReleaseLock()
|
|
|
|
#endif // WIN32_CHICAGO
|
|
|
|
EXTERN UNICODE_STRING KerbGlobalDomainName;
|
|
EXTERN UNICODE_STRING KerbGlobalDnsDomainName;
|
|
EXTERN PKERB_INTERNAL_NAME KerbGlobalInternalMachineServiceName;
|
|
EXTERN PKERB_INTERNAL_NAME KerbGlobalMitMachineServiceName;
|
|
EXTERN UNICODE_STRING KerbGlobalMachineServiceName;
|
|
EXTERN KERBEROS_MACHINE_ROLE KerbGlobalRole;
|
|
EXTERN UNICODE_STRING KerbGlobalInitialDcRecord;
|
|
EXTERN ULONG KerbGlobalInitialDcFlags;
|
|
EXTERN ULONG KerbGlobalInitialDcAddressType;
|
|
EXTERN PSOCKADDR_IN KerbGlobalIpAddresses; // also protected by same lock
|
|
EXTERN BOOLEAN KerbGlobalNoTcpUdp; // also protected by same lock
|
|
EXTERN ULONG KerbGlobalIpAddressCount; // also protected by same lock
|
|
EXTERN BOOLEAN KerbGlobalIpAddressesInitialized; // also protected by same lock
|
|
|
|
//
|
|
#ifdef WIN32_CHICAGO
|
|
// The capabilities of the security package
|
|
//
|
|
|
|
EXTERN ULONG KerbGlobalCapabilities;
|
|
#endif // WIN32_CHICAGO
|
|
|
|
#if DBG
|
|
EXTERN ULONG KerbGlobalLogonSessionsLocked;
|
|
EXTERN ULONG KerbGlobalCredentialsLocked;
|
|
EXTERN ULONG KerbGlobalContextsLocked;
|
|
#endif
|
|
//
|
|
// Useful globals
|
|
//
|
|
|
|
EXTERN TimeStamp KerbGlobalWillNeverTime;
|
|
EXTERN TimeStamp KerbGlobalHasNeverTime;
|
|
|
|
|
|
EXTERN KERBEROS_STATE KerberosState;
|
|
|
|
//
|
|
// handle to LSA policy -- trusted.
|
|
//
|
|
|
|
EXTERN LSAPR_HANDLE KerbGlobalPolicyHandle;
|
|
|
|
//
|
|
// SAM and Domain handles for validation interface.
|
|
//
|
|
|
|
EXTERN SAMPR_HANDLE KerbGlobalSamHandle;
|
|
EXTERN SAMPR_HANDLE KerbGlobalDomainHandle;
|
|
|
|
//
|
|
// Null copies of Lanman and NT OWF password.
|
|
//
|
|
|
|
EXTERN LM_OWF_PASSWORD KerbGlobalNullLmOwfPassword;
|
|
EXTERN NT_OWF_PASSWORD KerbGlobalNullNtOwfPassword;
|
|
|
|
|
|
//
|
|
// Useful macros
|
|
//
|
|
|
|
//
|
|
// Macro to return the type field of a SecBuffer
|
|
//
|
|
|
|
#define BUFFERTYPE(_x_) ((_x_).BufferType & ~SECBUFFER_ATTRMASK)
|
|
|
|
//
|
|
// Time to wait for the KDC to start, in seconds
|
|
//
|
|
|
|
|
|
#endif // __KERBP_H__
|