Редагувати

Поділитися через


Authentication Structures

Authentication structures are categorized according to usage as follows:

SSPI Structures

The following structures, defined in Sspi.h, are used in SSPI functions.

Structure Description
CREDSSP_CRED Specifies authentication data for both Schannel and Negotiate security packages
SEC_WINNT_AUTH_IDENTITY Used to pass a particular user name and password to the run-time library for the purpose of authentication.
SEC_WINNT_AUTH_IDENTITY_EX Contains information about a user. Both an ANSI and Unicode form of this structure are provided.
SecBuffer Buffer allocated by a transport application to pass to a security package.
SecBufferDesc Array of SecBuffer structures to pass from a transport application to a security package.
SecPkgContext_AccessToken Contains a handle to the access token of the security context.
SecPkgContext_ClientCreds Specifies client credentials when calling the QueryContextAttributes (CredSSP) function.
SecPkgContext_ConnectionInfo Contains protocol and cipher information. This structure is used by the QueryContextAttributes (General) function.
SecPkgContext_CredentialName Specifies the credential name.
SecPkgContext_DceInfo Contains authorization data used by DCE services.
SecPkgContext_EapKeyBlock Contains key data used by the EAP TLS Authentication Protocol.
SecPkgContext_Flags Contains information about the flags in the security context.
SecPkgContext_IssuerListInfoEx Contains a list of trusted certification authorities (CAs).
SecPkgContext_Lifespan Indicates the life span of a security context.
SecPkgContext_Names Contains the name of the user associated with a security context.
SecPkgContext_NativeNames Contains the client and server principal names from the outbound ticket.
SecPkgContext_NegotiationInfo Contains information about the security package that is being set up or has been set up. It also gives the status on the negotiation to set up the security package.
SecPkgContext_PackageInfo Contains the name of a security support provider (SSP).
SecPkgContext_PasswordExpiry Contains information about the expiration of a password or other credential.
SecPkgContext_SessionKey Contains information about the session key.
SecPkgContext_Sizes Contains the sizes of important structures used in the message support functions.
SecPkgContext_StreamSizes Contains the sizes of the various stream attributes for use with the message support functions.
SecPkgContext_TargetInformation Contains information about the credential used for the security context.
SecPkgCredentials_Names Holds the name of the user associated with a context.
SecPkgInfo Provides general information about a security package, such as its name and capabilities.
SECURITY_INTEGER Structure to hold a numeric value. It is used in defining other types.
SecurityFunctionTable Dispatch table that contains pointers to the functions defined in SSPI.

Schannel Structures

The following structures are defined for use with Schannel.

Structure Description
SCH_CRED_PUBLIC_CERTCHAIN Contains a single certificate. A certification chain can be built from this certificate.
SCH_CRED_SECRET_PRIVKEY Contains private key information needed to authenticate a client or server.
SCHANNEL_CERT_HASH Contains the hash store data for the certificate that Schannel uses.
SCHANNEL_CERT_HASH_STORE Contains the hash store data for the certificate that Schannel uses in kernel-mode.
SCHANNEL_ALERT_TOKEN Generates a Secure Sockets Layer Protocol (SSL) or Transport Layer Security Protocol (TSL) alert to be sent to the target of a call to either the InitializeSecurityContext (Schannel) function or the AcceptSecurityContext (Schannel) function.
SCHANNEL_CLIENT_SIGNATURE Specifies a client signature when a call to the InitializeSecurityContext (Schannel) function cannot access the private key for a client certificate (in this case, the function returns SEC_I_SIGNATURE_NEEDED).
SCHANNEL_CRED Contains the data for an Schannel credential.
SCHANNEL_SESSION_TOKEN Specifies whether reconnections are enabled for an authentication session created by calling either the InitializeSecurityContext (Schannel) function or the AcceptSecurityContext (Schannel) function.
SecPkgContext_Authority Contains the name of the authenticating authority if one is available. It can be a certification authority (CA) or the name of a server or domain that authenticated the connection.
SecPkgContext_ConnectionInfo Contains protocol and cipher information. This structure is used by the QueryContextAttributes (General) function.
SecPkgContext_IssuerListInfoEx Contains a list of trusted certification authorities.
SecPkgContext_KeyInfo Contains information about the session keys used in a security context. This structure has been superseded by the SecPkgContext_ConnectionInfo structure.
SecPkgContext_ProtoInfo Holds information about the protocol in use.
SecPkgContext_SessionAppData Stores application data for a session context.
SecPkgCred_CipherStrengths Holds the minimum and maximum strength permitted for the cipher used by the specified Schannel credential.
SecPkgCred_SupportedAlgs Contains identifiers for algorithms permitted with a specified Schannel credential.
SecPkgCred_SupportedProtocols Indicates the protocols permitted with a specified Schannel credential.
X509Certificate Represents an X.509 certificate.

Custom Security Package Structures

Custom security package use the following structures.

Structure Description
LSA_SECPKG_FUNCTION_TABLE A table of pointers to the Local Security Authority (LSA) functions that custom security packages can call.
SECPKG_CALL_INFO Contains information about an executing function call.
SECPKG_CLIENT_INFO Contains information about the user of a security package.
SECPK_CONTEXT_THUNKS Contains information about calls to the security package that will be executed in-process with the LSA.
SECPKG_DLL_FUNCTIONS Contains the functions available to custom security packages executing in-process with a client/server application.
SECPKG_EVENT_DOMAIN_CHANGE Contains session and computer information. This structure name is an alias for the SECPKG_PARAMETERS structure.
SECPKG_EVENT_NOTIFY Contains information about a security-related event.
SECPKG_EVENT_PACKAGE_CHANGE Contains information about security package availability and use.
SECPKG_EXTENDED_INFORMATION Contains extended information about the security package.
SECPKG_FUNCTION_TABLE Contains pointers to the functions implemented by security packages.
SECPKG_GSS_INFO Contains information on the GSS OID used to identify a security package.
SECPKG_MUTUAL_AUTH_LEVEL Contains information about the mutual authentication level used by a security package.
SECPKG_PARAMETERS Contains session and machine information.
SECPKG_PRIMARY_CRED Contains primary credentials information.
SECPKG_SUPPLEMENTAL_CRED Contains supplemental credentials information.
SECPKG_SUPPLEMENTAL_CRED_ARRAY Contains supplemental credentials information.
SECPKG_USER_FUNCTION_TABLE Contains the functions implemented by a security package loaded in-process with client/server applications.
SecurityUserData Contains information about the logged on user.

Network Provider Structures

The following structures are used by the Network Provider APIs and related functions.

Structure Description
NETCONNECTINFOSTRUCT Contains information about the performance of a network connection.
NETRESOURCE Contains information about an enumerated network resource.
NOTIFYADD Contains the details of a network connect operation.
NOTIFYCANCEL Contains the details of a network disconnect operation.
NOTIFYINFO Contains status information about a network connect or disconnect operation.
REMOTE_NAME_INFO Contains information about a remote universal name.
UNIVERSAL_NAME_INFO Contains a local universal name.

GINA Structures

GINA interface functions and Winlogon support functions use the following structures.

Structure Description
WLX_CLIENT_CREDENTIALS_INFO_V1_0 Contains client credential information.
WLX_CONSOLESWITCH_CREDENTIALS_INFO_V1_0 Contains the client credentials allowing credentials to be transparently transferred to a target session.
WLX_DESKTOP Contains desktop information.
WLX_DISPATCH_VERSION_1_0 Contains the Winlogon, version 1.0 dispatch table.
WLX_DISPATCH_VERSION_1_1 Contains the Winlogon, version 1.1 dispatch table.
WLX_DISPATCH_VERSION_1_2 Contains the Winlogon, version 1.2 dispatch table.
WLX_DISPATCH_VERSION_1_3 Contains the Winlogon, version 1.3 dispatch table.
WLX_DISPATCH_VERSION_1_4 Contains the Winlogon, version 1.4 dispatch table.
WLX_MPR_NOTIFY_INFO Contains authentication and identification information.
WLX_PROFILE_V1_0 Contains information used for setting up the initial environment.
WLX_PROFILE_V2_0 Contains information used for setting up the initial environment.
WLX_TERMINAL_SERVICES_DATA Contains the Terminal Services profile path and home directory information.

Local Security Authority Structures

Local Security Authority (LSA) uses the following structures.

Structure Description
DOMAIN_PASSWORD_INFORMATION Contains information about a domain's password policy, such as the minimum length for passwords and how unique passwords must be.
KERB_ADD_CREDENTIALS_REQUEST Specifies a message to add, remove, or replace an extra server credential for a logon session.
KERB_ADD_CREDENTIALS_REQUEST_EX Specifies a message to add, remove, or replace an extra server credential for a logon session, and the service principal names (SPNs) associated with that credential.
KERB_CERTIFICATE_LOGON Contains information about a smart card logon session.
KERB_CERTIFICATE_UNLOCK_LOGON Contains information used to unlock a workstation that has been locked during an interactive smart card logon session.
KERB_CHANGEPASSWORD_REQUEST Contains information used to change a password.
KERB_CRYPTO_KEY Contains information about a Kerberos cryptographic session key.
KERB_EXTERNAL_NAME Contains information about an external name.
KERB_EXTERNAL_TICKET Contains information about an external ticket.
KERB_INTERACTIVE_LOGON Contains information about an interactive logon session.
KERB_INTERACTIVE_PROFILE Contains information about an interactive logon profile.
KERB_INTERACTIVE_UNLOCK_LOGON Contains information used to unlock a workstation that has been locked during an interactive logon session.
KERB_PURGE_TKT_CACHE_REQUEST Contains information used to delete entries from the ticket cache.
KERB_QUERY_TKT_CACHE_REQUEST Used to retrieve information about all of the cached tickets for the specified user logon session.
KERB_QUERY_TKT_CACHE_RESPONSE Contains the results of querying the ticket cache.
KERB_RETRIEVE_TKT_REQUEST Contains information used to retrieve a ticket.
KERB_RETRIEVE_TKT_RESPONSE Contains the response from retrieving a ticket.
KERB_S4U_LOGON Contains information about a service for user (S4U) logon session.
KERB_SMARTCARD_CSP_INFO Contains information about a smart card cryptographic service provider (CSP).
KERB_SMART_CARD_LOGON Contains information about a smart card logon session.
KERB_SMART_CARD_UNLOCK_LOGON Contains information used to unlock a workstation that has been locked during a smart card logon session.
KERB_TICKET_CACHE_INFO Contains information about a cached Kerberos ticket.
KERB_TICKET_LOGON Contains profile information for a network logon.
KERB_TICKET_PROFILE Contains information about an interactive logon profile.
KERB_TICKET_UNLOCK_LOGON Contains information to unlock a workstation.
LSA_DISPATCH_TABLE A table of pointers to the LSA functions that Windows authentication packages can call.
LSA_STRING Contains an ANSI string and its length information.
LSA_FOREST_TRUST_BINARY_DATA Contains binary data used in LSA forest trust operations.
LSA_FOREST_TRUST_COLLISION_INFORMATION Contains information about LSA forest trust collisions.
LSA_FOREST_TRUST_RECORD Contains information about an LSA forest trust collision.
LSA_FOREST_TRUST_DOMAIN_INFO Contains identifying information for a domain.
LSA_FOREST_TRUST_INFORMATION Contains LSA forest trust information.
LSA_FOREST_TRUST_RECORD Contains an LSA forest trust record.
LSA_TOKEN_INFORMATION_NULL Used in cases where a non-authenticated system access is needed. This structure has no contents.
LSA_TOKEN_INFORMATION_V1 Contains information that an authentication package can place in a Version 1 Windows token object.
MSV1_0_CHANGEPASSWORD_REQUEST Obsolete.
MSV1_0_CHANGEPASSWORD_RESPONSE Obsolete.
MSV1_0_ENUMUSERS_REQUEST Obsolete.
MSV1_0_ENUMUSERS_RESPONSE Obsolete.
MSV1_0_GETUSERINFO_REQUEST Obsolete.
MSV1_0_GETUSERINFO_RESPONSE Obsolete.
MSV1_0_INTERACTIVE_LOGON Contains user logon information for an interactive logon.
MSV1_0_INTERACTIVE_PROFILE Contains information about an interactive logon profile.
MSV1_0_LM20_LOGON Contains logon information used in network logons.
MSV1_0_LM20_LOGON_PROFILE Contains information about a network logon session.
MSV1_0_SUBAUTH_LOGON Used by subauthentication DLLs.
MSV1_0_SUBAUTH_REQUEST Contains information to pass to a subauthentication package.
MSV1_0_SUBAUTH_RESPONSE Contains the response from a subauthentication package.
MSV1_0_SUPPLEMENTAL_CREDENTIAL Used to pass credentials into MSV1_0 from Kerberos or custom authentication packages.
NETLOGON_LOGON_IDENTITY_INFO Used by the Msv1_0SubAuthenticationRoutine and Msv1_0SubAuthenticationFilter to pass information about a user for logon subauthentication.
OLD_LARGE_INTEGER Used to represent a 64-bit signed integer value as two 32-bit integers.
QUOTA_LIMITS Describes the amount of system resources available to a user.
SR_SECURITY_DESCRIPTOR Contains information on the security privileges of the user.
USER_ALL_INFORMATION Contains information on the session user. Used with subauthentication packages.

Credentials Management Structures

The Credentials Management API includes the following structures.

Structure Description
CERT_CREDENTIAL_INFO Contains a reference to a certificate.
CREDENTIAL Contains an individual credential.
CREDENTIAL_ATTRIBUTE Contains an application-defined attribute of the credential.
CREDENTIAL_TARGET_INFORMATION Contains the target computer's name, domain, and tree.
CREDUI_INFO Controls the appearance of the Credentials Management dialog boxes.
USERNAME_TARGET_CREDENTIAL_INFO Contains a reference to a credential. This structure is used to pass a user name into the CredMarshalCredential function and out of the CredUnmarshalCredential.

Smart Card Structures

Smart Card provides the following structures.

Structure Description
OPENCARD_SEARCH_CRITERIA Provides specific search information used by the SCardUIDlgSelectCard function.
OPENCARDNAME Provides information used by the GetOpenCardName function.
OPENCARDNAME_EX Provides information used by the SCardUIDlgSelectCard function.
SCARD_ATRMASK Locates cards using SCardLocateCardsByATR.
SCARD_IO_REQUEST Begins a protocol control information structure.
SCARD_READERSTATE Tracks smart cards within a reader.