Authentication Structures
Authentication structures are categorized according to usage as follows:
- SSPI Structures
- Schannel Structures
- Custom Security Package Structures
- Network Provider Structures
- GINA Structures
- Local Security Authority Structures
- Credentials Management Structures
- Smart Card Structures
SSPI Structures
The following structures, defined in Sspi.h, are used in SSPI functions.
Structure | Description |
---|---|
CREDSSP_CRED | Specifies authentication data for both Schannel and Negotiate security packages |
SEC_WINNT_AUTH_IDENTITY | Used to pass a particular user name and password to the run-time library for the purpose of authentication. |
SEC_WINNT_AUTH_IDENTITY_EX | Contains information about a user. Both an ANSI and Unicode form of this structure are provided. |
SecBuffer | Buffer allocated by a transport application to pass to a security package. |
SecBufferDesc | Array of SecBuffer structures to pass from a transport application to a security package. |
SecPkgContext_AccessToken | Contains a handle to the access token of the security context. |
SecPkgContext_ClientCreds | Specifies client credentials when calling the QueryContextAttributes (CredSSP) function. |
SecPkgContext_ConnectionInfo | Contains protocol and cipher information. This structure is used by the QueryContextAttributes (General) function. |
SecPkgContext_CredentialName | Specifies the credential name. |
SecPkgContext_DceInfo | Contains authorization data used by DCE services. |
SecPkgContext_EapKeyBlock | Contains key data used by the EAP TLS Authentication Protocol. |
SecPkgContext_Flags | Contains information about the flags in the security context. |
SecPkgContext_IssuerListInfoEx | Contains a list of trusted certification authorities (CAs). |
SecPkgContext_Lifespan | Indicates the life span of a security context. |
SecPkgContext_Names | Contains the name of the user associated with a security context. |
SecPkgContext_NativeNames | Contains the client and server principal names from the outbound ticket. |
SecPkgContext_NegotiationInfo | Contains information about the security package that is being set up or has been set up. It also gives the status on the negotiation to set up the security package. |
SecPkgContext_PackageInfo | Contains the name of a security support provider (SSP). |
SecPkgContext_PasswordExpiry | Contains information about the expiration of a password or other credential. |
SecPkgContext_SessionKey | Contains information about the session key. |
SecPkgContext_Sizes | Contains the sizes of important structures used in the message support functions. |
SecPkgContext_StreamSizes | Contains the sizes of the various stream attributes for use with the message support functions. |
SecPkgContext_TargetInformation | Contains information about the credential used for the security context. |
SecPkgCredentials_Names | Holds the name of the user associated with a context. |
SecPkgInfo | Provides general information about a security package, such as its name and capabilities. |
SECURITY_INTEGER | Structure to hold a numeric value. It is used in defining other types. |
SecurityFunctionTable | Dispatch table that contains pointers to the functions defined in SSPI. |
Schannel Structures
The following structures are defined for use with Schannel.
Structure | Description |
---|---|
SCH_CRED_PUBLIC_CERTCHAIN | Contains a single certificate. A certification chain can be built from this certificate. |
SCH_CRED_SECRET_PRIVKEY | Contains private key information needed to authenticate a client or server. |
SCHANNEL_CERT_HASH | Contains the hash store data for the certificate that Schannel uses. |
SCHANNEL_CERT_HASH_STORE | Contains the hash store data for the certificate that Schannel uses in kernel-mode. |
SCHANNEL_ALERT_TOKEN | Generates a Secure Sockets Layer Protocol (SSL) or Transport Layer Security Protocol (TSL) alert to be sent to the target of a call to either the InitializeSecurityContext (Schannel) function or the AcceptSecurityContext (Schannel) function. |
SCHANNEL_CLIENT_SIGNATURE | Specifies a client signature when a call to the InitializeSecurityContext (Schannel) function cannot access the private key for a client certificate (in this case, the function returns SEC_I_SIGNATURE_NEEDED). |
SCHANNEL_CRED | Contains the data for an Schannel credential. |
SCHANNEL_SESSION_TOKEN | Specifies whether reconnections are enabled for an authentication session created by calling either the InitializeSecurityContext (Schannel) function or the AcceptSecurityContext (Schannel) function. |
SecPkgContext_Authority | Contains the name of the authenticating authority if one is available. It can be a certification authority (CA) or the name of a server or domain that authenticated the connection. |
SecPkgContext_ConnectionInfo | Contains protocol and cipher information. This structure is used by the QueryContextAttributes (General) function. |
SecPkgContext_IssuerListInfoEx | Contains a list of trusted certification authorities. |
SecPkgContext_KeyInfo | Contains information about the session keys used in a security context. This structure has been superseded by the SecPkgContext_ConnectionInfo structure. |
SecPkgContext_ProtoInfo | Holds information about the protocol in use. |
SecPkgContext_SessionAppData | Stores application data for a session context. |
SecPkgCred_CipherStrengths | Holds the minimum and maximum strength permitted for the cipher used by the specified Schannel credential. |
SecPkgCred_SupportedAlgs | Contains identifiers for algorithms permitted with a specified Schannel credential. |
SecPkgCred_SupportedProtocols | Indicates the protocols permitted with a specified Schannel credential. |
X509Certificate | Represents an X.509 certificate. |
Custom Security Package Structures
Custom security package use the following structures.
Structure | Description |
---|---|
LSA_SECPKG_FUNCTION_TABLE | A table of pointers to the Local Security Authority (LSA) functions that custom security packages can call. |
SECPKG_CALL_INFO | Contains information about an executing function call. |
SECPKG_CLIENT_INFO | Contains information about the user of a security package. |
SECPK_CONTEXT_THUNKS | Contains information about calls to the security package that will be executed in-process with the LSA. |
SECPKG_DLL_FUNCTIONS | Contains the functions available to custom security packages executing in-process with a client/server application. |
SECPKG_EVENT_DOMAIN_CHANGE | Contains session and computer information. This structure name is an alias for the SECPKG_PARAMETERS structure. |
SECPKG_EVENT_NOTIFY | Contains information about a security-related event. |
SECPKG_EVENT_PACKAGE_CHANGE | Contains information about security package availability and use. |
SECPKG_EXTENDED_INFORMATION | Contains extended information about the security package. |
SECPKG_FUNCTION_TABLE | Contains pointers to the functions implemented by security packages. |
SECPKG_GSS_INFO | Contains information on the GSS OID used to identify a security package. |
SECPKG_MUTUAL_AUTH_LEVEL | Contains information about the mutual authentication level used by a security package. |
SECPKG_PARAMETERS | Contains session and machine information. |
SECPKG_PRIMARY_CRED | Contains primary credentials information. |
SECPKG_SUPPLEMENTAL_CRED | Contains supplemental credentials information. |
SECPKG_SUPPLEMENTAL_CRED_ARRAY | Contains supplemental credentials information. |
SECPKG_USER_FUNCTION_TABLE | Contains the functions implemented by a security package loaded in-process with client/server applications. |
SecurityUserData | Contains information about the logged on user. |
Network Provider Structures
The following structures are used by the Network Provider APIs and related functions.
Structure | Description |
---|---|
NETCONNECTINFOSTRUCT | Contains information about the performance of a network connection. |
NETRESOURCE | Contains information about an enumerated network resource. |
NOTIFYADD | Contains the details of a network connect operation. |
NOTIFYCANCEL | Contains the details of a network disconnect operation. |
NOTIFYINFO | Contains status information about a network connect or disconnect operation. |
REMOTE_NAME_INFO | Contains information about a remote universal name. |
UNIVERSAL_NAME_INFO | Contains a local universal name. |
GINA Structures
GINA interface functions and Winlogon support functions use the following structures.
Structure | Description |
---|---|
WLX_CLIENT_CREDENTIALS_INFO_V1_0 | Contains client credential information. |
WLX_CONSOLESWITCH_CREDENTIALS_INFO_V1_0 | Contains the client credentials allowing credentials to be transparently transferred to a target session. |
WLX_DESKTOP | Contains desktop information. |
WLX_DISPATCH_VERSION_1_0 | Contains the Winlogon, version 1.0 dispatch table. |
WLX_DISPATCH_VERSION_1_1 | Contains the Winlogon, version 1.1 dispatch table. |
WLX_DISPATCH_VERSION_1_2 | Contains the Winlogon, version 1.2 dispatch table. |
WLX_DISPATCH_VERSION_1_3 | Contains the Winlogon, version 1.3 dispatch table. |
WLX_DISPATCH_VERSION_1_4 | Contains the Winlogon, version 1.4 dispatch table. |
WLX_MPR_NOTIFY_INFO | Contains authentication and identification information. |
WLX_PROFILE_V1_0 | Contains information used for setting up the initial environment. |
WLX_PROFILE_V2_0 | Contains information used for setting up the initial environment. |
WLX_TERMINAL_SERVICES_DATA | Contains the Terminal Services profile path and home directory information. |
Local Security Authority Structures
Local Security Authority (LSA) uses the following structures.
Structure | Description |
---|---|
DOMAIN_PASSWORD_INFORMATION | Contains information about a domain's password policy, such as the minimum length for passwords and how unique passwords must be. |
KERB_ADD_CREDENTIALS_REQUEST | Specifies a message to add, remove, or replace an extra server credential for a logon session. |
KERB_ADD_CREDENTIALS_REQUEST_EX | Specifies a message to add, remove, or replace an extra server credential for a logon session, and the service principal names (SPNs) associated with that credential. |
KERB_CERTIFICATE_LOGON | Contains information about a smart card logon session. |
KERB_CERTIFICATE_UNLOCK_LOGON | Contains information used to unlock a workstation that has been locked during an interactive smart card logon session. |
KERB_CHANGEPASSWORD_REQUEST | Contains information used to change a password. |
KERB_CRYPTO_KEY | Contains information about a Kerberos cryptographic session key. |
KERB_EXTERNAL_NAME | Contains information about an external name. |
KERB_EXTERNAL_TICKET | Contains information about an external ticket. |
KERB_INTERACTIVE_LOGON | Contains information about an interactive logon session. |
KERB_INTERACTIVE_PROFILE | Contains information about an interactive logon profile. |
KERB_INTERACTIVE_UNLOCK_LOGON | Contains information used to unlock a workstation that has been locked during an interactive logon session. |
KERB_PURGE_TKT_CACHE_REQUEST | Contains information used to delete entries from the ticket cache. |
KERB_QUERY_TKT_CACHE_REQUEST | Used to retrieve information about all of the cached tickets for the specified user logon session. |
KERB_QUERY_TKT_CACHE_RESPONSE | Contains the results of querying the ticket cache. |
KERB_RETRIEVE_TKT_REQUEST | Contains information used to retrieve a ticket. |
KERB_RETRIEVE_TKT_RESPONSE | Contains the response from retrieving a ticket. |
KERB_S4U_LOGON | Contains information about a service for user (S4U) logon session. |
KERB_SMARTCARD_CSP_INFO | Contains information about a smart card cryptographic service provider (CSP). |
KERB_SMART_CARD_LOGON | Contains information about a smart card logon session. |
KERB_SMART_CARD_UNLOCK_LOGON | Contains information used to unlock a workstation that has been locked during a smart card logon session. |
KERB_TICKET_CACHE_INFO | Contains information about a cached Kerberos ticket. |
KERB_TICKET_LOGON | Contains profile information for a network logon. |
KERB_TICKET_PROFILE | Contains information about an interactive logon profile. |
KERB_TICKET_UNLOCK_LOGON | Contains information to unlock a workstation. |
LSA_DISPATCH_TABLE | A table of pointers to the LSA functions that Windows authentication packages can call. |
LSA_STRING | Contains an ANSI string and its length information. |
LSA_FOREST_TRUST_BINARY_DATA | Contains binary data used in LSA forest trust operations. |
LSA_FOREST_TRUST_COLLISION_INFORMATION | Contains information about LSA forest trust collisions. |
LSA_FOREST_TRUST_RECORD | Contains information about an LSA forest trust collision. |
LSA_FOREST_TRUST_DOMAIN_INFO | Contains identifying information for a domain. |
LSA_FOREST_TRUST_INFORMATION | Contains LSA forest trust information. |
LSA_FOREST_TRUST_RECORD | Contains an LSA forest trust record. |
LSA_TOKEN_INFORMATION_NULL | Used in cases where a non-authenticated system access is needed. This structure has no contents. |
LSA_TOKEN_INFORMATION_V1 | Contains information that an authentication package can place in a Version 1 Windows token object. |
MSV1_0_CHANGEPASSWORD_REQUEST | Obsolete. |
MSV1_0_CHANGEPASSWORD_RESPONSE | Obsolete. |
MSV1_0_ENUMUSERS_REQUEST | Obsolete. |
MSV1_0_ENUMUSERS_RESPONSE | Obsolete. |
MSV1_0_GETUSERINFO_REQUEST | Obsolete. |
MSV1_0_GETUSERINFO_RESPONSE | Obsolete. |
MSV1_0_INTERACTIVE_LOGON | Contains user logon information for an interactive logon. |
MSV1_0_INTERACTIVE_PROFILE | Contains information about an interactive logon profile. |
MSV1_0_LM20_LOGON | Contains logon information used in network logons. |
MSV1_0_LM20_LOGON_PROFILE | Contains information about a network logon session. |
MSV1_0_SUBAUTH_LOGON | Used by subauthentication DLLs. |
MSV1_0_SUBAUTH_REQUEST | Contains information to pass to a subauthentication package. |
MSV1_0_SUBAUTH_RESPONSE | Contains the response from a subauthentication package. |
MSV1_0_SUPPLEMENTAL_CREDENTIAL | Used to pass credentials into MSV1_0 from Kerberos or custom authentication packages. |
NETLOGON_LOGON_IDENTITY_INFO | Used by the Msv1_0SubAuthenticationRoutine and Msv1_0SubAuthenticationFilter to pass information about a user for logon subauthentication. |
OLD_LARGE_INTEGER | Used to represent a 64-bit signed integer value as two 32-bit integers. |
QUOTA_LIMITS | Describes the amount of system resources available to a user. |
SR_SECURITY_DESCRIPTOR | Contains information on the security privileges of the user. |
USER_ALL_INFORMATION | Contains information on the session user. Used with subauthentication packages. |
Credentials Management Structures
The Credentials Management API includes the following structures.
Structure | Description |
---|---|
CERT_CREDENTIAL_INFO | Contains a reference to a certificate. |
CREDENTIAL | Contains an individual credential. |
CREDENTIAL_ATTRIBUTE | Contains an application-defined attribute of the credential. |
CREDENTIAL_TARGET_INFORMATION | Contains the target computer's name, domain, and tree. |
CREDUI_INFO | Controls the appearance of the Credentials Management dialog boxes. |
USERNAME_TARGET_CREDENTIAL_INFO | Contains a reference to a credential. This structure is used to pass a user name into the CredMarshalCredential function and out of the CredUnmarshalCredential. |
Smart Card Structures
Smart Card provides the following structures.
Structure | Description |
---|---|
OPENCARD_SEARCH_CRITERIA | Provides specific search information used by the SCardUIDlgSelectCard function. |
OPENCARDNAME | Provides information used by the GetOpenCardName function. |
OPENCARDNAME_EX | Provides information used by the SCardUIDlgSelectCard function. |
SCARD_ATRMASK | Locates cards using SCardLocateCardsByATR. |
SCARD_IO_REQUEST | Begins a protocol control information structure. |
SCARD_READERSTATE | Tracks smart cards within a reader. |
Σχόλια
https://aka.ms/ContentUserFeedback.
Σύντομα διαθέσιμα: Καθ' όλη τη διάρκεια του 2024 θα καταργήσουμε σταδιακά τα ζητήματα GitHub ως μηχανισμό ανάδρασης για το περιεχόμενο και θα το αντικαταστήσουμε με ένα νέο σύστημα ανάδρασης. Για περισσότερες πληροφορίες, ανατρέξτε στο θέμα:Υποβολή και προβολή σχολίων για