Edit

Share via


ntsecpkg.h header

This header is used by multiple technologies. For more information, see:

ntsecpkg.h contains the following programming interfaces:

Functions

 
CredMarshalTargetInfo

Serializes the specified target into an array of byte values.

Callback functions

 
CredFreeCredentialsFn

Frees memory used to store credentials used by a security package.
CrediUnmarshalandDecodeStringFn

Transforms a marshaled string back into its original form, and decrypts the unmarshaled string.
CredReadDomainCredentialsFn

Reads a domain credential from the Credential Manager.
CredReadFn

Reads a credential from the Credential Manager.
CredWriteFn

Writes the specified credential to the Credential Manager.
KspDeleteContextFn

Deletes a security context.
KspMakeSignatureFn

Generates a signature based on the specified message and security context.
KspVerifySignatureFn

Verifies that the message received is correct according to the signature.
LSA_ADD_CREDENTIAL

Adds credentials to a logon session.
LSA_ALLOCATE_CLIENT_BUFFER

Allocates a buffer in the client's address space.
LSA_ALLOCATE_LSA_HEAP

Allocates memory on the heap. Some information passed back to the LSA is expected to be allocated using this function.
LSA_ALLOCATE_PRIVATE_HEAP

Allocates memory on the private heap.
LSA_ALLOCATE_SHARED_MEMORY

The AllocateSharedMemory function allocates a block of shared memory from a section of memory previously reserved by a call to the CreateSharedMemory function.
LSA_AP_CALL_PACKAGE

Called by the Local Security Authority (LSA) when a logon application with a trusted connection to the LSA calls the LsaCallAuthenticationPackage function and specifies the authentication package's identifier.
LSA_AP_CALL_PACKAGE_PASSTHROUGH

The dispatch function for pass-through logon requests sent to the LsaCallAuthenticationPackage function.
LSA_AP_INITIALIZE_PACKAGE

Called once by the Local Security Authority (LSA) during system initialization to provide the authentication package a chance to initialize itself.
LSA_AP_LOGON_TERMINATED

Used to notify an authentication package when a logon session terminates. A logon session terminates when the last token referencing the logon session is deleted.
LSA_AP_LOGON_USER

The LSA_AP_LOGON_USER (ntsecpkg.h) callback function authenticates a user's logon credentials.
LSA_AP_LOGON_USER_EX

The LSA_AP_LOGON_USER_EX (ntsecpkg.h) callback function authenticates a user's logon credentials.
LSA_AP_LOGON_USER_EX2

Used to authenticate a user logon attempt on the user's initial logon. A new logon session is established for the user, and validation information for the user is returned.
LSA_AUDIT_ACCOUNT_LOGON

The AuditAccountLogon function produces an audit record that represents the mapping of a foreign principal name onto a Windows account.
LSA_AUDIT_LOGON

The AuditLogon function is used to audit a logon attempt.
LSA_CALL_PACKAGE

The CallPackage function is used to call another security package to access its services.
LSA_CALL_PACKAGE_PASSTHROUGH

The CallPackagePassthrough function is used to call another security package to access its services.
LSA_CALL_PACKAGEEX

The CallPackageEx function is used to call another security package to access its services.
LSA_CANCEL_NOTIFICATION

The CancelNotification function cancels a previously registered notification.
LSA_CLIENT_CALLBACK

Allows a Local Security Authority (LSA)-mode security package to call back to its user-mode package and invoke a function in its DLL there.
LSA_CLOSE_SAM_USER

Closes a handle to a Security Accounts Manager (SAM) user account.
LSA_CONVERT_AUTH_DATA_TO_TOKEN

The ConvertAuthDataToToken function creates an access token from the authorization data returned from the GetAuthDataForUser or GetUserAuthData functions.
LSA_COPY_FROM_CLIENT_BUFFER

Copies information from the address space of a client process into a buffer in the current process.
LSA_COPY_TO_CLIENT_BUFFER

Copies information from a buffer in the current process into a client process's address space.
LSA_CRACK_SINGLE_NAME

The CrackSingleName function converts a name from one format to another.
LSA_CREATE_LOGON_SESSION

Creates logon sessions.
LSA_CREATE_SHARED_MEMORY

The CreateSharedMemory function creates a section of memory that is shared by client processes and the security package.
LSA_CREATE_THREAD

A wrapper for the Windows CreateThread function that should be used by the Local Security Authority (LSA).
LSA_CREATE_TOKEN

The CreateToken function is used by SSP/APs to create tokens while processing calls to SpAcceptLsaModeContext.
LSA_CREATE_TOKEN_EX

Creates tokens while processing calls to SpAcceptLsaModeContext.
LSA_DELETE_CREDENTIAL

Deletes an existing credential.
LSA_DELETE_LOGON_SESSION

Cleans up any logon sessions created while determining whether a user's authentication information is legitimate.
LSA_DELETE_SHARED_MEMORY

The DeleteSharedMemory function releases a section of memory that is shared by clients and a security package.
LSA_DUPLICATE_HANDLE

The DuplicateHandle function creates a duplicate handle. The returned duplicate is in the caller's process space.
LSA_EXPAND_AUTH_DATA_FOR_DOMAIN

Expands the domain groups in the specified user authentication data.
LSA_FREE_CLIENT_BUFFER

Frees a client buffer previously allocated with the AllocateClientBuffer function.
LSA_FREE_LSA_HEAP

The FreeReturnBuffer function is used to free buffers allocated by the Local Security Authority (LSA) and returned to the security package. The package calls this function when the information in the returned buffer is no longer needed.
LSA_FREE_PRIVATE_HEAP

Frees memory that was allocated by using the AllocatePrivateHeap function.
LSA_FREE_SHARED_MEMORY

The FreeSharedMemory function frees a block of shared memory previously allocated by the AllocateSharedMemory function.
LSA_GET_AUTH_DATA_FOR_USER

The GetAuthDataForUser function retrieves authentication information for a user from the Security Accounts Manager (SAM) database and puts it into a format suitable for the ConvertAuthDataToToken function.
LSA_GET_CALL_INFO

The GetCallInfo function retrieves information about the most recent function call.
LSA_GET_CLIENT_INFO

The GetClientInfo function gets information about the client process, such as thread and process ID, and flags indicating the client's state and privileges.
LSA_GET_CREDENTIALS

Retrieves credentials associated with a logon session.
LSA_GET_USER_AUTH_DATA

The GetUserAuthData function returns the authorization data for the user in a single buffer.
LSA_MAP_BUFFER

Maps a SecBuffer structure into the address space of the security support provider/authentication package (SSP/AP).
LSA_OPEN_SAM_USER

Retrieves a handle to a user account in the Security Accounts Manager (SAM) database.
LSA_OPEN_TOKEN_BY_LOGON_ID

Opens the user access token associated with the specified user logon.
LSA_PROTECT_MEMORY

Encrypts the specified memory buffer.
LSA_REGISTER_NOTIFICATION

Provides a mechanism whereby the security package is notified. Notification can occur at fixed intervals, when an event object is signaled, or during certain system events.
LSA_UPDATE_PRIMARY_CREDENTIALS

Provides a mechanism for one security package to notify other packages that the credentials for a logon session have changed.
SpAcceptCredentialsFn

Called by the Local Security Authority (LSA) to pass the security package any credentials stored for the authenticated security principal.
SpAcceptLsaModeContextFn

Server dispatch function used to create a security context shared by a server and client.
SpAcquireCredentialsHandleFn

Called to obtain a handle to a principal's credentials.
SpAddCredentialsFn

Used to add credentials for a security principal.
SpApplyControlTokenFn

Applies a control token to a security context. This function is not currently called by the Local Security Authority (LSA).
SpCompleteAuthTokenFn

Completes an authentication token.S
SpDeleteCredentialsFn

Deletes credentials from a security package's list of primary or supplemental credentials.
SpExchangeMetaDataFn

Sends metadata to a security support provider.
SpExportSecurityContextFn

Exports a security context to another process.
SpFormatCredentialsFn

Formats credentials to be stored in a user object.
SpFreeCredentialsHandleFn

Frees credentials acquired by calling the SpAcquireCredentialsHandle function.
SpGetContextTokenFn

Obtains the token to impersonate.
SpGetCredentialsFn

Retrieves the primary and supplemental credentials from the user object.
SpGetCredUIContextFn

Retrieves context information from a credential provider. (SpGetCredUIContextFn)
SpGetExtendedInformationFn

Provides extended information about a security package.
SpGetInfoFn

Provides general information about the security package, such as its name and capabilities.
SpGetUserInfoFn

Retrieves information about a logon session.
SpImportSecurityContextFn

Imports a security context from another process.
SpInitializeFn

Is called once by the Local Security Authority (LSA) to provide a security package with general security information and a dispatch table of support functions.
SpInitLsaModeContextFn

The client dispatch function used to establish a security context between a server and client.
SpInitUserModeContextFn

Creates a user-mode security context from a packed Local Security Authority (LSA)-mode context.
SpInstanceInitFn

Initializes user-mode security packages in an SSP/AP.
SpLsaModeInitializeFn

Provides the LSA with pointers to the functions implemented by each security package in the SSP/AP DLL.
SpMarshallSupplementalCredsFn

Converts supplemental credentials from a public format into a format suitable for local procedure calls.
SpQueryContextAttributesFn

Retrieves the attributes of a security context.
SpQueryCredentialsAttributesFn

Retrieves the attributes for a credential.
SpQueryMetaDataFn

Gets metadata from a security support provider (SSP) when it is initiating a security context.
SpSaveCredentialsFn

Saves a supplemental credential to the user object.
SpSealMessageFn

Encrypts a message exchanged between a client and server.
SpSetExtendedInformationFn

Sets extended information about the security package.
SpUnsealMessageFn

Decrypts a message that was previously encrypted with the SpSealMessage function.
SpUpdateCredentialsFn

Updates the credentials associated with the specified context. (SpUpdateCredentialsFn)
SpUserModeInitializeFn

Called when a security support provider/authentication package (SSP/AP) DLL is loaded into the process space of a client/server application. This function provides the SECPKG_USER_FUNCTION_TABLE tables for each security package in the SSP/AP DLL.
SpValidateTargetInfoFn

Validates that the specified SECPKG_TARGETINFO structure represents a valid target.

Structures

 
ENCRYPTED_CREDENTIALW

Represents an encrypted credential.
LSA_DISPATCH_TABLE

Contains pointers to the Local Security Authority (LSA) functions that Windows authentication packages can call.
LSA_SECPKG_FUNCTION_TABLE

Contains pointers to the LSA functions that a security package can call. The Local Security Authority (LSA) passes this structure to a security package when it calls the package's SpInitialize function.
LSA_TOKEN_INFORMATION_NULL

Used in cases where a non-authenticated system access is needed.
LSA_TOKEN_INFORMATION_V1

Contains information an authentication package can place in a Version 2 Windows token object and has superceded LSA_TOKEN_INFORMATION_V1.
LSA_TOKEN_INFORMATION_V3

Adds claim support to the LSA token and contains information an authentication package can place in a Version 3 Windows token object and has superceded LSA_TOKEN_INFORMATION_V1.
SECPKG_BYTE_VECTOR

Specifies the byte vector information.
SECPKG_CALL_INFO

Contains information about a currently executing call.
SECPKG_CLIENT_INFO

The SECPKG_CLIENT_INFO structure holds information about a security package's client. This structure is used by the GetClientInfo function.
SECPKG_CONTEXT_THUNKS

The SECPKG_CONTEXT_THUNKS structure contains information about QueryContextAttributes (General) calls to be executed in LSA mode.This structure is used by the SpGetExtendedInformation and SpSetExtendedInformation functions.
SECPKG_CREDENTIAL

Specifies the credentials.
SECPKG_DLL_FUNCTIONS

The SECPKG_DLL_FUNCTIONS structure contains pointers to the LSA functions that a security package can call while executing in-process with a client/server application.
SECPKG_EVENT_NOTIFY

The SECPKG_EVENT_NOTIFY structure contains information about security events. This structure is passed to a function registered to receive event notifications. Event notification functions are registered by calling the RegisterNotification function.
SECPKG_EVENT_PACKAGE_CHANGE

The SECPKG_EVENT_PACKAGE_CHANGE structure contains information about changes in security package availability.
SECPKG_EXTENDED_INFORMATION

The SECPKG_EXTENDED_INFORMATION structure is used to hold information about optional package capabilities.This structure is used by the SpGetExtendedInformation and SpSetExtendedInformation functions.
SECPKG_EXTRA_OIDS

Contains the object identifiers (OIDs) for the extended security package.
SECPKG_FUNCTION_TABLE

The SECPKG_FUNCTION_TABLE structure contains pointers to the LSA functions that a security package must implement. The Local Security Authority (LSA) obtains this structure from an SSP/AP DLL when it calls the SpLsaModeInitialize function.
SECPKG_GSS_INFO

A SECPKG_GSS_INFO structure contains information used for GSS-compatible negotiations.
SECPKG_MUTUAL_AUTH_LEVEL

The SECPKG_MUTUAL_AUTH_LEVEL structure contains the authentication level used by a security package.
SECPKG_NEGO2_INFO

Contains extended package information used for NEGO2 negotiations.
SECPKG_PARAMETERS

The SECPKG_PARAMETERS structure contains information about the computer system. This structure is used by the SpInitialize function.
SECPKG_PRIMARY_CRED

The SECPKG_PRIMARY_CRED structure contains the primary credentials. This structure is used by the LsaApLogonUserEx2 and SpAcceptCredentials functions.
SECPKG_SERIALIZED_OID

Contains the security package's object identifier (OID).
SECPKG_SHORT_VECTOR

Specifies the short vector information.
SECPKG_SUPPLEMENTAL_CRED

The SECPKG_SUPPLEMENTAL_CRED structure contains supplemental credentials recognized by the security package.
SECPKG_SUPPLEMENTAL_CRED_ARRAY

The SECPKG_SUPPLEMENTAL_CRED_ARRAY structure contains supplemental credentials information. This structure is used by the LsaApLogonUserEx2 and UpdateCredentials functions.
SECPKG_SUPPLIED_CREDENTIAL

Specifies the supplied credentials.
SECPKG_TARGETINFO

Specifies the target of an authentication request.
SECPKG_USER_FUNCTION_TABLE

The SECPKG_USER_FUNCTION_TABLE structure contains pointers to the functions that a security package implements to support executing in process with client/server applications. This structure is provided by the SpUserModeInitialize function.
SECPKG_WOW_CLIENT_DLL

Contains the path to the WOW-aware 32-bit DLL.
SECURITY_USER_DATA

The SecurityUserData structure contains information about the user of a security support provider/authentication package. This structure is used by the SpGetUserInfo function.

Enumerations

 
LSA_TOKEN_INFORMATION_TYPE

Specifies the levels of information that can be included in a logon token.
SECPKG_EXTENDED_INFORMATION_CLASS

The SECPKG_EXTENDED_INFORMATION_CLASS enumeration describes the type of information to set or get for a security package.This enumeration is used by the SpGetExtendedInformation and SpSetExtendedInformation functions.
SECPKG_NAME_TYPE

The SECPKG_NAME_TYPE enumeration is used to describe the type of name specified for an account.The SECPKG_NAME_TYPE enumeration is used by the GetAuthDataForUser and OpenSamUser functions.
SECPKG_SESSIONINFO_TYPE

Specifies the format of session information.