blob: f6194024e8afc8cacd90f35b41b4ace7122f3970 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
|
//+-----------------------------------------------------------------------
//
// File: KERBCON.H
//
// Contents: Microsoft Kerberos constants
//
//
// History: 25 Feb 92 RichardW Compiled from other files
//
//------------------------------------------------------------------------
#ifndef __KERBCON_H__
#define __KERBCON_H__
// Revision of the Kerberos Protocol. MS uses Version 5, Revision 4
#define KERBEROS_VERSION 5
#define KERBEROS_REVISION 4
// Encryption Types:
// These encryption types are supported by the default MS KERBSUPP DLL
// as crypto systems. Values over 127 are local values, and may be changed
// without notice.
#define KERB_ETYPE_NULL 0
#define KERB_ETYPE_DES_CBC_CRC 1
#define KERB_ETYPE_DES_CBC_MD4 2
#define KERB_ETYPE_DES_CBC_MD5 3
#define KERB_ETYPE_RC4_MD4 128
#define KERB_ETYPE_RC4_MD5 129
#define KERB_ETYPE_RC2_MD4 130
#define KERB_ETYPE_RC2_MD5 131
// Checksum algorithms.
// These algorithms are keyed internally for our use.
#define KERB_CHECKSUM_NONE 0
#define KERB_CHECKSUM_CRC32 1
#define KERB_CHECKSUM_MD4 2
#define KERB_CHECKSUM_MD5 3
// Ticket Flags:
// Ticket flags are used within a ticket and in the reply to indicate
// what options are enabled for the ticket.
#define KERBFLAG_FORWARDABLE 0x40000000
#define KERBFLAG_FORWARDED 0x20000000
#define KERBFLAG_PROXIABLE 0x10000000
#define KERBFLAG_PROXY 0x08000000
#define KERBFLAG_MAY_POSTDATE 0x04000000
#define KERBFLAG_POSTDATED 0x02000000
#define KERBFLAG_INVALID 0x01000000
#define KERBFLAG_RENEWABLE 0x00800000
#define KERBFLAG_INITIAL 0x00400000
#define KERBFLAG_PRE_AUTHENT 0x00200000
#define KERBFLAG_HW_AUTHENT 0x00100000
#define KERBFLAG_REFERRAL 0x00000001
#define KERBFLAG_RESERVED 0x800FFFFE
// Options:
// Option bits can be set and passed to the KDC in a TGS request.
#define KERBOPT_FORWARDABLE 0x40000000
#define KERBOPT_FORWARDED 0x20000000
#define KERBOPT_PROXIABLE 0x10000000
#define KERBOPT_PROXY 0x08000000
#define KERBOPT_ALLOW_POSTDATE 0x04000000
#define KERBOPT_POSTDATED 0x02000000
#define KERBOPT_UNUSED 0x01000000
#define KERBOPT_RENEWABLE 0x00800000
#define KERBOPT_RENEWABLE_OK 0x00000010
#define KERBOPT_ENC_TKT_IN_SKEY 0x00000008
#define KERBOPT_RENEW 0x00000002
#define KERBOPT_VALIDATE 0x00000001
#define KERBOPT_RESERVED 0x807FFFE4
//
// Sizes
//
#define KERBSIZE_AP_REPLY (2*sizeof(ULONG) + \
(((sizeof(TimeStamp) + \
(2 * sizeof(unsigned long) + \
16 * sizeof(unsigned char)) + \
2 * sizeof(ULONG)) +7) & ~7) + \
2 * sizeof(ULONG) + \
16 * sizeof(UCHAR) + \
24 )
// Authentication options. These values can be set in either of
//
// PSDomainPolicy::AuthOptions
// PSLoginParameters::AuthOptions
#define AUTH_REQ_ALLOW_FORWARDABLE 0x40000000
#define AUTH_REQ_ALLOW_PROXIABLE 0x10000000
#define AUTH_REQ_ALLOW_POSTDATE 0x04000000
#define AUTH_REQ_ALLOW_RENEWABLE 0x00800000
#define AUTH_REQ_ALLOW_NOADDRESS 0x00100000
#define AUTH_REQ_ALLOW_ENC_TKT_IN_SKEY 0x00000008
#define AUTH_REQ_ALLOW_VALIDATE 0x00000001
#endif // __KERBCON_H__
|
