mirrors
/
FreeRDP
mirror of https://github.com/FreeRDP/FreeRDP
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Kerberos User 2 User support (#8070) 

* add support for 64-bit big-endian encoding

* kerberos: drop reliance on gssapi and add user 2 user support

* Fix local variable declared in the middle of the function body

* kerberos: add ccache server option

Co-authored-by: fifthdegree <fifthdegree@protonmail.com>
Co-authored-by: David Fort <contact@hardening-consulting.com>
This commit is contained in:
fifthdegree 2022-08-17 06:25:26 -04:00 committed by GitHub
parent 8dfadc5885
commit 7901a26a16
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
11 changed files with 1269 additions and 2182 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
libfreerdp/core/nla.c
View File

@ -1022,7 +1022,7 @@ static int nla_client_init(rdpNla* nla)
* ISC_REQ_USE_SESSION_KEY
* ISC_REQ_ALLOCATE_MEMORY
*/
nla->fContextReq = ISC_REQ_MUTUAL_AUTH | ISC_REQ_CONFIDENTIALITY | ISC_REQ_USE_SESSION_KEY;
nla->fContextReq = ISC_REQ_MUTUAL_AUTH | ISC_REQ_CONFIDENTIALITY;
return 1;
}

2
server/shadow/shadow.c
View File

@ -73,6 +73,8 @@ int main(int argc, char** argv)
"NTLM SAM file for NLA authentication" },
{ "keytab", COMMAND_LINE_VALUE_REQUIRED, "<file>", NULL, NULL, -1, NULL,
"Kerberos keytab file for NLA authentication" },
{ "ccache", COMMAND_LINE_VALUE_REQUIRED, "<file>", NULL, NULL, -1, NULL,
"Kerberos host ccache file for NLA authentication" },
{ "gfx-progressive", COMMAND_LINE_VALUE_BOOL, NULL, BoolValueTrue, NULL, -1, NULL,
"Allow GFX progressive codec" },
{ "gfx-rfx", COMMAND_LINE_VALUE_BOOL, NULL, BoolValueTrue, NULL, -1, NULL,

5
server/shadow/shadow_server.c
View File

@ -397,6 +397,11 @@ int shadow_server_parse_command_line(rdpShadowServer* server, int argc, char** a
if (!freerdp_settings_set_string(settings, FreeRDP_KerberosKeytab, arg->Value))
return COMMAND_LINE_ERROR;
}
CommandLineSwitchCase(arg, "ccache")
{
if (!freerdp_settings_set_string(settings, FreeRDP_KerberosCache, arg->Value))
return COMMAND_LINE_ERROR;
}
CommandLineSwitchDefault(arg)
{
}

2
winpr/include/winpr/asn1.h
View File

@ -126,6 +126,7 @@ extern "C"
WINPR_API size_t WinPrAsn1DecReadOctetString(WinPrAsn1Decoder* dec,
WinPrAsn1_OctetString* target, BOOL allocate);
WINPR_API size_t WinPrAsn1DecReadIA5String(WinPrAsn1Decoder* dec, WinPrAsn1_IA5STRING* target);
WINPR_API size_t WinPrAsn1DecReadGeneralString(WinPrAsn1Decoder* dec, WinPrAsn1_STRING* target);
WINPR_API size_t WinPrAsn1DecReadUtcTime(WinPrAsn1Decoder* dec, WinPrAsn1_UTCTIME* target);
WINPR_API size_t WinPrAsn1DecReadNull(WinPrAsn1Decoder* dec);
@ -192,6 +193,7 @@ extern "C"
WINPR_API size_t WinPrAsn1EncContextualOctetString(WinPrAsn1Encoder* enc, WinPrAsn1_tagId tagId,
const WinPrAsn1_OctetString* oid);
WINPR_API size_t WinPrAsn1EncIA5String(WinPrAsn1Encoder* enc, WinPrAsn1_IA5STRING ia5);
WINPR_API size_t WinPrAsn1EncGeneralString(WinPrAsn1Encoder* enc, WinPrAsn1_STRING str);
WINPR_API size_t WinPrAsn1EncContextualIA5String(WinPrAsn1Encoder* enc, WinPrAsn1_tagId tagId,
WinPrAsn1_IA5STRING ia5);
WINPR_API size_t WinPrAsn1EncUtcTime(WinPrAsn1Encoder* enc, const WinPrAsn1_UTCTIME* utc);

18
winpr/include/winpr/endian.h
View File

@ -98,6 +98,17 @@ extern "C"
(((UINT64)(*((const BYTE*)_d + 7))) << 56); \
} while (0)
#define Data_Read_UINT64_BE(_d, _v) \
do \
{ \
_v = (((UINT64)(*((const BYTE*)_d))) << 56) + (((UINT64)(*((const BYTE*)_d + 1))) << 48) + \
(((UINT64)(*((const BYTE*)_d + 2))) << 40) + \
(((UINT64)(*((const BYTE*)_d + 3))) << 32) + \
(((UINT64)(*((const BYTE*)_d + 4))) << 24) + \
(((UINT64)(*((const BYTE*)_d + 5))) << 16) + \
(((UINT64)(*((const BYTE*)_d + 6))) << 8) + (((UINT64)(*((const BYTE*)_d + 7)))); \
} while (0)
#define Data_Write_UINT8_NE(_d, _v) \
do \
{ \
@ -171,6 +182,13 @@ extern "C"
*((BYTE*)_d + 7) = ((UINT64)(_v) >> 56) & 0xFF; \
} while (0)
#define Data_Write_UINT64_BE(_d, _v) \
do \
{ \
Data_Write_UINT32_BE((BYTE*)_d, ((_v) >> 32 & 0xFFFFFFFF)); \
Data_Write_UINT32_BE((BYTE*)_d + 4, ((_v)&0xFFFFFFFF)); \
} while (0)
#ifdef __cplusplus
}
#endif

1531
winpr/libwinpr/sspi/Kerberos/kerberos.c
View File

File diff suppressed because it is too large Load Diff

1
winpr/libwinpr/sspi/Kerberos/kerberos.h
View File

@ -29,7 +29,6 @@
#ifdef WITH_GSSAPI
#include <krb5/krb5.h>
#include <gssapi.h>
#endif
typedef struct s_KRB_CONTEXT KRB_CONTEXT;

42
winpr/libwinpr/sspi/Negotiate/negotiate.c
View File

@ -88,20 +88,32 @@ const SecPkgInfoW NEGOTIATE_SecPkgInfoW = {
};
static const WinPrAsn1_OID spnego_OID = { 6, (BYTE*)"\x2b\x06\x01\x05\x05\x02" };
static const WinPrAsn1_OID kerberos_u2u_OID = { 10,
(BYTE*)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x03" };
static const WinPrAsn1_OID kerberos_OID = { 9, (BYTE*)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02" };
static const WinPrAsn1_OID kerberos_wrong_OID = { 9,
(BYTE*)"\x2a\x86\x48\x82\xf7\x12\x01\x02\x02" };
static const WinPrAsn1_OID ntlm_OID = { 10, (BYTE*)"\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a" };
#ifdef WITH_GSSAPI
static const SecPkg SecPkgTable[] = {
{ KERBEROS_SSP_NAME, &KERBEROS_SecurityFunctionTableA, &KERBEROS_SecurityFunctionTableW },
{ NTLM_SSP_NAME, &NTLM_SecurityFunctionTableA, &NTLM_SecurityFunctionTableW }
};
static const Mech MechTable[] = {
{ &kerberos_OID, &SecPkgTable[0], 0, TRUE },
{ &kerberos_u2u_OID, &SecPkgTable[0], ISC_REQ_INTEGRITY | ISC_REQ_USE_SESSION_KEY, TRUE },
{ &kerberos_OID, &SecPkgTable[0], ISC_REQ_INTEGRITY, TRUE },
{ &ntlm_OID, &SecPkgTable[1], 0, FALSE },
};
#else
static const SecPkg SecPkgTable[] = { { NTLM_SSP_NAME, &NTLM_SecurityFunctionTableA,
&NTLM_SecurityFunctionTableW } };
static const Mech MechTable[] = {
{ &ntlm_OID, &SecPkgTable[0], 0, FALSE },
};
#endif
static const size_t MECH_COUNT = sizeof(MechTable) / sizeof(Mech);
@ -158,23 +170,17 @@ static void negotiate_ContextFree(NEGOTIATE_CONTEXT* context)
free(context);
}
static BOOL negotiate_oid_compare(const WinPrAsn1_OID* oid1, const WinPrAsn1_OID* oid2)
{
WINPR_ASSERT(oid1);
WINPR_ASSERT(oid2);
return (oid1->len == oid2->len) && (memcmp(oid1->data, oid2->data, oid1->len) == 0);
}
static const char* negotiate_mech_name(const WinPrAsn1_OID* oid)
{
if (negotiate_oid_compare(oid, &spnego_OID))
if (sspi_gss_oid_compare(oid, &spnego_OID))
return "SPNEGO (1.3.6.1.5.5.2)";
else if (negotiate_oid_compare(oid, &kerberos_OID))
else if (sspi_gss_oid_compare(oid, &kerberos_u2u_OID))
return "Kerberos user to user (1.2.840.113554.1.2.2.3)";
else if (sspi_gss_oid_compare(oid, &kerberos_OID))
return "Kerberos (1.2.840.113554.1.2.2)";
else if (negotiate_oid_compare(oid, &kerberos_wrong_OID))
else if (sspi_gss_oid_compare(oid, &kerberos_wrong_OID))
return "Kerberos [wrong OID] (1.2.840.48018.1.2.2)";
else if (negotiate_oid_compare(oid, &ntlm_OID))
else if (sspi_gss_oid_compare(oid, &ntlm_OID))
return "NTLM (1.3.6.1.4.1.311.2.2.10)";
else
return "Unknown mechanism";
@ -186,7 +192,7 @@ static const Mech* negotiate_GetMechByOID(const WinPrAsn1_OID* oid)
WinPrAsn1_OID testOid = *oid;
if (negotiate_oid_compare(oid, &kerberos_wrong_OID))
if (sspi_gss_oid_compare(&oid, &kerberos_wrong_OID))
{
testOid.len = kerberos_OID.len;
testOid.data = kerberos_OID.data;
@ -194,7 +200,7 @@ static const Mech* negotiate_GetMechByOID(const WinPrAsn1_OID* oid)
for (size_t i = 0; i < MECH_COUNT; i++)
{
if (negotiate_oid_compare(&testOid, MechTable[i].oid))
if (sspi_gss_oid_compare(&testOid, MechTable[i].oid))
return &MechTable[i];
}
return NULL;
@ -402,7 +408,7 @@ static BOOL negotiate_read_neg_token(PSecBuffer input, NegToken* token)
if (!WinPrAsn1DecReadOID(&dec, &oid, FALSE))
return FALSE;
if (!negotiate_oid_compare(&spnego_OID, &oid))
if (!sspi_gss_oid_compare(&spnego_OID, &oid))
return FALSE;
/* [0] NegTokenInit */
@ -690,7 +696,7 @@ static SECURITY_STATUS SEC_ENTRY negotiate_InitializeSecurityContextW(
/* On first response check if the server doesn't like out prefered mech */
if (context->state == NEGOTIATE_STATE_INITIAL && input_token.supportedMech.len &&
!negotiate_oid_compare(&input_token.supportedMech, context->mech->oid))
!sspi_gss_oid_compare(&input_token.supportedMech, context->mech->oid))
{
mech = negotiate_GetMechByOID(&input_token.supportedMech);
if (!mech)
@ -835,7 +841,7 @@ static const Mech* guessMech(PSecBuffer input_buffer, BOOL* spNego, WinPrAsn1_OI
if (!WinPrAsn1DecReadOID(&appDecoder, oid, FALSE))
return NULL;
if (negotiate_oid_compare(oid, &spnego_OID))
if (sspi_gss_oid_compare(oid, &spnego_OID))
{
*spNego = TRUE;
return NULL;

1116
winpr/libwinpr/sspi/sspi_gss.c
View File

File diff suppressed because it is too large Load Diff

696
winpr/libwinpr/sspi/sspi_gss.h
View File

@ -22,54 +22,20 @@
#ifndef WINPR_SSPI_GSS_PRIVATE_H
#define WINPR_SSPI_GSS_PRIVATE_H
#include <winpr/crt.h>
#include <winpr/sspi.h>
#include <winpr/asn1.h>
/**
* The following are ABI-compatible, non-conflicting GSSAPI definitions
*
* http://tools.ietf.org/html/rfc2743
* http://tools.ietf.org/html/rfc2744
*/
#define SSPI_GSSAPI
#define SSPI_GSSOID
typedef struct sspi_gss_name_struct* sspi_gss_name_t;
typedef struct sspi_gss_cred_id_struct* sspi_gss_cred_id_t;
typedef struct sspi_gss_ctx_id_struct* sspi_gss_ctx_id_t;
typedef struct sspi_gss_OID_desc_struct
#ifdef WITH_GSSAPI
#include <krb5/krb5.h>
typedef krb5_data sspi_gss_data;
#else
typedef struct
{
UINT32 length;
void* elements;
} sspi_gss_OID_desc, *sspi_gss_OID;
typedef struct sspi_gss_OID_set_desc_struct
{
size_t count;
sspi_gss_OID elements;
} sspi_gss_OID_set_desc, *sspi_gss_OID_set;
typedef struct sspi_gss_buffer_desc_struct
{
size_t length;
void* value;
} sspi_gss_buffer_desc, *sspi_gss_buffer_t;
typedef struct sspi_gss_channel_bindings_struct
{
UINT32 initiator_addrtype;
sspi_gss_buffer_desc initiator_address;
UINT32 acceptor_addrtype;
sspi_gss_buffer_desc acceptor_address;
sspi_gss_buffer_desc application_data;
} * sspi_gss_channel_bindings_t;
typedef UINT32 sspi_gss_qop_t;
typedef int sspi_gss_cred_usage_t;
int32_t magic;
unsigned int length;
char* data;
} sspi_gss_data;
#endif
#define SSPI_GSS_C_DELEG_FLAG 1
#define SSPI_GSS_C_MUTUAL_FLAG 2
@ -77,630 +43,40 @@ typedef int sspi_gss_cred_usage_t;
#define SSPI_GSS_C_SEQUENCE_FLAG 8
#define SSPI_GSS_C_CONF_FLAG 16
#define SSPI_GSS_C_INTEG_FLAG 32
#define SSPI_GSS_C_ANON_FLAG 64
#define SSPI_GSS_C_PROT_READY_FLAG 128
#define SSPI_GSS_C_TRANS_FLAG 256
#define SSPI_GSS_C_DELEG_POLICY_FLAG 32768
#define SSPI_GSS_C_BOTH 0
#define SSPI_GSS_C_INITIATE 1
#define SSPI_GSS_C_ACCEPT 2
#define FLAG_SENDER_IS_ACCEPTOR 0x01
#define FLAG_WRAP_CONFIDENTIAL 0x02
#define FLAG_ACCEPTOR_SUBKEY 0x04
#define SSPI_GSS_C_GSS_CODE 1
#define SSPI_GSS_C_MECH_CODE 2
#define KG_USAGE_ACCEPTOR_SEAL 22
#define KG_USAGE_ACCEPTOR_SIGN 23
#define KG_USAGE_INITIATOR_SEAL 24
#define KG_USAGE_INITIATOR_SIGN 25
#define SSPI_GSS_C_AF_UNSPEC 0
#define SSPI_GSS_C_AF_LOCAL 1
#define SSPI_GSS_C_AF_INET 2
#define SSPI_GSS_C_AF_IMPLINK 3
#define SSPI_GSS_C_AF_PUP 4
#define SSPI_GSS_C_AF_CHAOS 5
#define SSPI_GSS_C_AF_NS 6
#define SSPI_GSS_C_AF_NBS 7
#define SSPI_GSS_C_AF_ECMA 8
#define SSPI_GSS_C_AF_DATAKIT 9
#define SSPI_GSS_C_AF_CCITT 10
#define SSPI_GSS_C_AF_SNA 11
#define SSPI_GSS_C_AF_DECnet 12
#define SSPI_GSS_C_AF_DLI 13
#define SSPI_GSS_C_AF_LAT 14
#define SSPI_GSS_C_AF_HYLINK 15
#define SSPI_GSS_C_AF_APPLETALK 16
#define SSPI_GSS_C_AF_BSC 17
#define SSPI_GSS_C_AF_DSS 18
#define SSPI_GSS_C_AF_OSI 19
#define SSPI_GSS_C_AF_NETBIOS 20
#define SSPI_GSS_C_AF_X25 21
#define SSPI_GSS_C_AF_NULLADDR 255
#define TOK_ID_AP_REQ 0x0100
#define TOK_ID_AP_REP 0x0200
#define TOK_ID_ERROR 0x0300
#define TOK_ID_TGT_REQ 0x0400
#define TOK_ID_TGT_REP 0x0401
#define SSPI_GSS_C_NO_NAME ((sspi_gss_name_t)0)
#define SSPI_GSS_C_NO_BUFFER ((sspi_gss_buffer_t)0)
#define SSPI_GSS_C_NO_OID ((sspi_gss_OID)0)
#define SSPI_GSS_C_NO_OID_SET ((sspi_gss_OID_set)0)
#define SSPI_GSS_C_NO_CONTEXT ((sspi_gss_ctx_id_t)0)
#define SSPI_GSS_C_NO_CREDENTIAL ((sspi_gss_cred_id_t)0)
#define SSPI_GSS_C_NO_CHANNEL_BINDINGS ((sspi_gss_channel_bindings_t)0)
#define SSPI_GSS_C_EMPTY_BUFFER \
{ \
0, NULL \
}
#define TOK_ID_MIC 0x0404
#define TOK_ID_WRAP 0x0504
#define TOK_ID_MIC_V1 0x0101
#define TOK_ID_WRAP_V1 0x0201
#define SSPI_GSS_C_NULL_OID SSPI_GSS_C_NO_OID
#define SSPI_GSS_C_NULL_OID_SET SSPI_GSS_C_NO_OID_SET
#define GSS_CHECKSUM_TYPE 0x8003
#define SSPI_GSS_C_QOP_DEFAULT 0
#define SSPI_GSS_C_INDEFINITE ((UINT32)0xFFFFFFFF)
#define SSPI_GSS_S_COMPLETE 0
#define SSPI_GSS_C_CALLING_ERROR_OFFSET 24
#define SSPI_GSS_C_ROUTINE_ERROR_OFFSET 16
#define SSPI_GSS_C_SUPPLEMENTARY_OFFSET 0
#define SSPI_GSS_C_CALLING_ERROR_MASK ((UINT32)0377)
#define SSPI_GSS_C_ROUTINE_ERROR_MASK ((UINT32)0377)
#define SSPI_GSS_C_SUPPLEMENTARY_MASK ((UINT32)0177777)
#define SSPI_GSS_CALLING_ERROR(_x) \
((_x) & (SSPI_GSS_C_CALLING_ERROR_MASK << SSPI_GSS_C_CALLING_ERROR_OFFSET))
#define SSPI_GSS_ROUTINE_ERROR(_x) \
((_x) & (SSPI_GSS_C_ROUTINE_ERROR_MASK << SSPI_GSS_C_ROUTINE_ERROR_OFFSET))
#define SSPI_GSS_SUPPLEMENTARY_INFO(_x) \
((_x) & (SSPI_GSS_C_SUPPLEMENTARY_MASK << SSPI_GSS_C_SUPPLEMENTARY_OFFSET))
#define SSPI_GSS_ERROR(_x) \
((_x) & ((SSPI_GSS_C_CALLING_ERROR_MASK << SSPI_GSS_C_CALLING_ERROR_OFFSET) | \
(SSPI_GSS_C_ROUTINE_ERROR_MASK << SSPI_GSS_C_ROUTINE_ERROR_OFFSET)))
#define SSPI_GSS_S_CALL_INACCESSIBLE_READ (((UINT32)1) << SSPI_GSS_C_CALLING_ERROR_OFFSET)
#define SSPI_GSS_S_CALL_INACCESSIBLE_WRITE (((UINT32)2) << SSPI_GSS_C_CALLING_ERROR_OFFSET)
#define SSPI_GSS_S_CALL_BAD_STRUCTURE (((UINT32)3) << SSPI_GSS_C_CALLING_ERROR_OFFSET)
#define SSPI_GSS_S_BAD_MECH (((UINT32)1) << SSPI_GSS_C_ROUTINE_ERROR_OFFSET)
#define SSPI_GSS_S_BAD_NAME (((UINT32)2) << SSPI_GSS_C_ROUTINE_ERROR_OFFSET)
#define SSPI_GSS_S_BAD_NAMETYPE (((UINT32)3) << SSPI_GSS_C_ROUTINE_ERROR_OFFSET)
#define SSPI_GSS_S_BAD_BINDINGS (((UINT32)4) << SSPI_GSS_C_ROUTINE_ERROR_OFFSET)
#define SSPI_GSS_S_BAD_STATUS (((UINT32)5) << SSPI_GSS_C_ROUTINE_ERROR_OFFSET)
#define SSPI_GSS_S_BAD_SIG (((UINT32)6) << SSPI_GSS_C_ROUTINE_ERROR_OFFSET)
#define SSPI_GSS_S_NO_CRED (((UINT32)7) << SSPI_GSS_C_ROUTINE_ERROR_OFFSET)
#define SSPI_GSS_S_NO_CONTEXT (((UINT32)8) << SSPI_GSS_C_ROUTINE_ERROR_OFFSET)
#define SSPI_GSS_S_DEFECTIVE_TOKEN (((UINT32)9) << SSPI_GSS_C_ROUTINE_ERROR_OFFSET)
#define SSPI_GSS_S_DEFECTIVE_CREDENTIAL (((UINT32)10) << SSPI_GSS_C_ROUTINE_ERROR_OFFSET)
#define SSPI_GSS_S_CREDENTIALS_EXPIRED (((UINT32)11) << SSPI_GSS_C_ROUTINE_ERROR_OFFSET)
#define SSPI_GSS_S_CONTEXT_EXPIRED (((UINT32)12) << SSPI_GSS_C_ROUTINE_ERROR_OFFSET)
#define SSPI_GSS_S_FAILURE (((UINT32)13) << SSPI_GSS_C_ROUTINE_ERROR_OFFSET)
#define SSPI_GSS_S_BAD_QOP (((UINT32)14) << SSPI_GSS_C_ROUTINE_ERROR_OFFSET)
#define SSPI_GSS_S_UNAUTHORIZED (((UINT32)15) << SSPI_GSS_C_ROUTINE_ERROR_OFFSET)
#define SSPI_GSS_S_UNAVAILABLE (((UINT32)16) << SSPI_GSS_C_ROUTINE_ERROR_OFFSET)
#define SSPI_GSS_S_DUPLICATE_ELEMENT (((UINT32)17) << SSPI_GSS_C_ROUTINE_ERROR_OFFSET)
#define SSPI_GSS_S_NAME_NOT_MN (((UINT32)18) << SSPI_GSS_C_ROUTINE_ERROR_OFFSET)
#define SSPI_GSS_S_BAD_MECH_ATTR (((UINT32)19) << SSPI_GSS_C_ROUTINE_ERROR_OFFSET)
#define SSPI_GSS_S_CONTINUE_NEEDED (1 << (SSPI_GSS_C_SUPPLEMENTARY_OFFSET + 0))
#define SSPI_GSS_S_DUPLICATE_TOKEN (1 << (SSPI_GSS_C_SUPPLEMENTARY_OFFSET + 1))
#define SSPI_GSS_S_OLD_TOKEN (1 << (SSPI_GSS_C_SUPPLEMENTARY_OFFSET + 2))
#define SSPI_GSS_S_UNSEQ_TOKEN (1 << (SSPI_GSS_C_SUPPLEMENTARY_OFFSET + 3))
#define SSPI_GSS_S_GAP_TOKEN (1 << (SSPI_GSS_C_SUPPLEMENTARY_OFFSET + 4))
#define SSPI_GSS_C_PRF_KEY_FULL 0
#define SSPI_GSS_C_PRF_KEY_PARTIAL 1
#ifdef __cplusplus
extern "C"
static INLINE BOOL sspi_gss_oid_compare(const WinPrAsn1_OID* oid1, const WinPrAsn1_OID* oid2)
{
#endif
WINPR_ASSERT(oid1);
WINPR_ASSERT(oid2);
SSPI_GSSOID extern sspi_gss_OID SSPI_GSS_C_NT_USER_NAME;
SSPI_GSSOID extern sspi_gss_OID SSPI_GSS_C_NT_MACHINE_UID_NAME;
SSPI_GSSOID extern sspi_gss_OID SSPI_GSS_C_NT_STRING_UID_NAME;
SSPI_GSSOID extern sspi_gss_OID SSPI_GSS_C_NT_HOSTBASED_SERVICE_X;
SSPI_GSSOID extern sspi_gss_OID SSPI_GSS_C_NT_HOSTBASED_SERVICE;
SSPI_GSSOID extern sspi_gss_OID SSPI_GSS_C_NT_ANONYMOUS;
SSPI_GSSOID extern sspi_gss_OID SSPI_GSS_C_NT_EXPORT_NAME;
UINT32 SSPI_GSSAPI sspi_gss_acquire_cred(UINT32* minor_status, sspi_gss_name_t desired_name,
UINT32 time_req, sspi_gss_OID_set desired_mechs,
sspi_gss_cred_usage_t cred_usage,
sspi_gss_cred_id_t* output_cred_handle,
sspi_gss_OID_set* actual_mechs, UINT32* time_rec);
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_acquire_cred)(
UINT32* minor_status, sspi_gss_name_t desired_name, UINT32 time_req,
sspi_gss_OID_set desired_mechs, sspi_gss_cred_usage_t cred_usage,
sspi_gss_cred_id_t* output_cred_handle, sspi_gss_OID_set* actual_mechs, UINT32* time_rec);
UINT32 SSPI_GSSAPI sspi_gss_release_cred(UINT32* minor_status, sspi_gss_cred_id_t* cred_handle);
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_release_cred)(UINT32* minor_status,
sspi_gss_cred_id_t* cred_handle);
UINT32 SSPI_GSSAPI sspi_gss_init_sec_context(
UINT32* minor_status, sspi_gss_cred_id_t claimant_cred_handle,
sspi_gss_ctx_id_t* context_handle, sspi_gss_name_t target_name, sspi_gss_OID mech_type,
UINT32 req_flags, UINT32 time_req, sspi_gss_channel_bindings_t input_chan_bindings,
sspi_gss_buffer_t input_token, sspi_gss_OID* actual_mech_type,
sspi_gss_buffer_t output_token, UINT32* ret_flags, UINT32* time_rec);
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_init_sec_context)(
UINT32* minor_status, sspi_gss_cred_id_t claimant_cred_handle,
sspi_gss_ctx_id_t* context_handle, sspi_gss_name_t target_name, sspi_gss_OID mech_type,
UINT32 req_flags, UINT32 time_req, sspi_gss_channel_bindings_t input_chan_bindings,
sspi_gss_buffer_t input_token, sspi_gss_OID* actual_mech_type,
sspi_gss_buffer_t output_token, UINT32* ret_flags, UINT32* time_rec);
UINT32 SSPI_GSSAPI sspi_gss_accept_sec_context(
UINT32* minor_status, sspi_gss_ctx_id_t* context_handle,
sspi_gss_cred_id_t acceptor_cred_handle, sspi_gss_buffer_t input_token_buffer,
sspi_gss_channel_bindings_t input_chan_bindings, sspi_gss_name_t* src_name,
sspi_gss_OID* mech_type, sspi_gss_buffer_t output_token, UINT32* ret_flags,
UINT32* time_rec, sspi_gss_cred_id_t* delegated_cred_handle);
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_accept_sec_context)(
UINT32* minor_status, sspi_gss_ctx_id_t* context_handle,
sspi_gss_cred_id_t acceptor_cred_handle, sspi_gss_buffer_t input_token_buffer,
sspi_gss_channel_bindings_t input_chan_bindings, sspi_gss_name_t* src_name,
sspi_gss_OID* mech_type, sspi_gss_buffer_t output_token, UINT32* ret_flags,
UINT32* time_rec, sspi_gss_cred_id_t* delegated_cred_handle);
UINT32 SSPI_GSSAPI sspi_gss_process_context_token(UINT32* minor_status,
sspi_gss_ctx_id_t context_handle,
sspi_gss_buffer_t token_buffer);
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_process_context_token)(UINT32* minor_status,
sspi_gss_ctx_id_t context_handle,
sspi_gss_buffer_t token_buffer);
UINT32 SSPI_GSSAPI sspi_gss_delete_sec_context(UINT32* minor_status,
sspi_gss_ctx_id_t* context_handle,
sspi_gss_buffer_t output_token);
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_delete_sec_context)(UINT32* minor_status,
sspi_gss_ctx_id_t* context_handle,
sspi_gss_buffer_t output_token);
UINT32 SSPI_GSSAPI sspi_gss_context_time(UINT32* minor_status, sspi_gss_ctx_id_t context_handle,
UINT32* time_rec);
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_context_time)(UINT32* minor_status,
sspi_gss_ctx_id_t context_handle,
UINT32* time_rec);
UINT32 SSPI_GSSAPI sspi_gss_get_mic(UINT32* minor_status, sspi_gss_ctx_id_t context_handle,
sspi_gss_qop_t qop_req, sspi_gss_buffer_t message_buffer,
sspi_gss_buffer_t message_token);
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_get_mic)(UINT32* minor_status,
sspi_gss_ctx_id_t context_handle,
sspi_gss_qop_t qop_req,
sspi_gss_buffer_t message_buffer,
sspi_gss_buffer_t message_token);
UINT32 SSPI_GSSAPI sspi_gss_verify_mic(UINT32* minor_status, sspi_gss_ctx_id_t context_handle,
sspi_gss_buffer_t message_buffer,
sspi_gss_buffer_t message_token,
sspi_gss_qop_t* qop_state);
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_verify_mic)(UINT32* minor_status,
sspi_gss_ctx_id_t context_handle,
sspi_gss_buffer_t message_buffer,
sspi_gss_buffer_t message_token,
sspi_gss_qop_t* qop_state);
UINT32 SSPI_GSSAPI sspi_gss_wrap(UINT32* minor_status, sspi_gss_ctx_id_t context_handle,
int conf_req_flag, sspi_gss_qop_t qop_req,
sspi_gss_buffer_t input_message_buffer, int* conf_state,
sspi_gss_buffer_t output_message_buffer);
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_wrap)(UINT32* minor_status,
sspi_gss_ctx_id_t context_handle,
int conf_req_flag, sspi_gss_qop_t qop_req,
sspi_gss_buffer_t input_message_buffer,
int* conf_state,
sspi_gss_buffer_t output_message_buffer);
UINT32 SSPI_GSSAPI sspi_gss_unwrap(UINT32* minor_status, const sspi_gss_ctx_id_t context_handle,
const sspi_gss_buffer_t input_message_buffer,
sspi_gss_buffer_t output_message_buffer, int* conf_state,
sspi_gss_qop_t* qop_state);
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_unwrap)(UINT32* minor_status,
sspi_gss_ctx_id_t context_handle,
sspi_gss_buffer_t input_message_buffer,
sspi_gss_buffer_t output_message_buffer,
int* conf_state, sspi_gss_qop_t* qop_state);
UINT32 SSPI_GSSAPI sspi_gss_display_status(UINT32* minor_status, UINT32 status_value,
int status_type, sspi_gss_OID mech_type,
UINT32* message_context,
sspi_gss_buffer_t status_string);
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_display_status)(UINT32* minor_status,
UINT32 status_value, int status_type,
sspi_gss_OID mech_type,
UINT32* message_context,
sspi_gss_buffer_t status_string);
UINT32 SSPI_GSSAPI sspi_gss_indicate_mechs(UINT32* minor_status, sspi_gss_OID_set* mech_set);
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_indicate_mechs)(UINT32* minor_status,
sspi_gss_OID_set* mech_set);
UINT32 SSPI_GSSAPI sspi_gss_compare_name(UINT32* minor_status, sspi_gss_name_t name1,
sspi_gss_name_t name2, int* name_equal);
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_compare_name)(UINT32* minor_status,
sspi_gss_name_t name1,
sspi_gss_name_t name2, int* name_equal);
UINT32 SSPI_GSSAPI sspi_gss_display_name(UINT32* minor_status, sspi_gss_name_t input_name,
sspi_gss_buffer_t output_name_buffer,
sspi_gss_OID* output_name_type);
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_display_name)(UINT32* minor_status,
sspi_gss_name_t input_name,
sspi_gss_buffer_t output_name_buffer,
sspi_gss_OID* output_name_type);
UINT32 SSPI_GSSAPI sspi_gss_import_name(UINT32* minor_status,
sspi_gss_buffer_t input_name_buffer,
sspi_gss_OID input_name_type,
sspi_gss_name_t* output_name);
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_import_name)(UINT32* minor_status,
sspi_gss_buffer_t input_name_buffer,
sspi_gss_OID input_name_type,
sspi_gss_name_t* output_name);
UINT32 SSPI_GSSAPI sspi_gss_release_name(UINT32* minor_status, sspi_gss_name_t* input_name);
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_release_name)(UINT32* minor_status,
sspi_gss_name_t* input_name);
UINT32 SSPI_GSSAPI sspi_gss_release_buffer(UINT32* minor_status, sspi_gss_buffer_t buffer);
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_release_buffer)(UINT32* minor_status,
sspi_gss_buffer_t buffer);
UINT32 SSPI_GSSAPI sspi_gss_release_oid_set(UINT32* minor_status, sspi_gss_OID_set* set);
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_release_oid_set)(UINT32* minor_status,
sspi_gss_OID_set* set);
UINT32 SSPI_GSSAPI sspi_gss_inquire_cred(UINT32* minor_status, sspi_gss_cred_id_t cred_handle,
sspi_gss_name_t* name, UINT32* lifetime,
sspi_gss_cred_usage_t* cred_usage,
sspi_gss_OID_set* mechanisms);
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_inquire_cred)(UINT32* minor_status,
sspi_gss_cred_id_t cred_handle,
sspi_gss_name_t* name, UINT32* lifetime,
sspi_gss_cred_usage_t* cred_usage,
sspi_gss_OID_set* mechanisms);
UINT32 SSPI_GSSAPI sspi_gss_inquire_context(UINT32* minor_status,
sspi_gss_ctx_id_t context_handle,
sspi_gss_name_t* src_name,
sspi_gss_name_t* targ_name, UINT32* lifetime_rec,
sspi_gss_OID* mech_type, UINT32* ctx_flags,
int* locally_initiated, int* open);
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_inquire_context)(
UINT32* minor_status, sspi_gss_ctx_id_t context_handle, sspi_gss_name_t* src_name,
sspi_gss_name_t* targ_name, UINT32* lifetime_rec, sspi_gss_OID* mech_type,
UINT32* ctx_flags, int* locally_initiated, int* open);
UINT32 SSPI_GSSAPI sspi_gss_wrap_size_limit(UINT32* minor_status,
sspi_gss_ctx_id_t context_handle, int conf_req_flag,
sspi_gss_qop_t qop_req, UINT32 req_output_size,
UINT32* max_input_size);
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_wrap_size_limit)(
UINT32* minor_status, sspi_gss_ctx_id_t context_handle, int conf_req_flag,
sspi_gss_qop_t qop_req, UINT32 req_output_size, UINT32* max_input_size);
UINT32 SSPI_GSSAPI sspi_gss_import_name_object(UINT32* minor_status, void* input_name,
sspi_gss_OID input_name_type,
sspi_gss_name_t* output_name);
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_import_name_object)(UINT32* minor_status,
void* input_name,
sspi_gss_OID input_name_type,
sspi_gss_name_t* output_name);
UINT32 SSPI_GSSAPI sspi_gss_export_name_object(UINT32* minor_status, sspi_gss_name_t input_name,
sspi_gss_OID desired_name_type,
void** output_name);
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_export_name_object)(UINT32* minor_status,
sspi_gss_name_t input_name,
sspi_gss_OID desired_name_type,
void** output_name);
UINT32 SSPI_GSSAPI sspi_gss_add_cred(UINT32* minor_status, sspi_gss_cred_id_t input_cred_handle,
sspi_gss_name_t desired_name, sspi_gss_OID desired_mech,
sspi_gss_cred_usage_t cred_usage,
UINT32 initiator_time_req, UINT32 acceptor_time_req,
sspi_gss_cred_id_t* output_cred_handle,
sspi_gss_OID_set* actual_mechs, UINT32* initiator_time_rec,
UINT32* acceptor_time_rec);
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_add_cred)(
UINT32* minor_status, sspi_gss_cred_id_t input_cred_handle, sspi_gss_name_t desired_name,
sspi_gss_OID desired_mech, sspi_gss_cred_usage_t cred_usage, UINT32 initiator_time_req,
UINT32 acceptor_time_req, sspi_gss_cred_id_t* output_cred_handle,
sspi_gss_OID_set* actual_mechs, UINT32* initiator_time_rec, UINT32* acceptor_time_rec);
UINT32 SSPI_GSSAPI sspi_gss_inquire_cred_by_mech(UINT32* minor_status,
sspi_gss_cred_id_t cred_handle,
sspi_gss_OID mech_type, sspi_gss_name_t* name,
UINT32* initiator_lifetime,
UINT32* acceptor_lifetime,
sspi_gss_cred_usage_t* cred_usage);
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_inquire_cred_by_mech)(
UINT32* minor_status, sspi_gss_cred_id_t cred_handle, sspi_gss_OID mech_type,
sspi_gss_name_t* name, UINT32* initiator_lifetime, UINT32* acceptor_lifetime,
sspi_gss_cred_usage_t* cred_usage);
UINT32 SSPI_GSSAPI sspi_gss_export_sec_context(UINT32* minor_status,
sspi_gss_ctx_id_t* context_handle,
sspi_gss_buffer_t interprocess_token);
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_export_sec_context)(
UINT32* minor_status, sspi_gss_ctx_id_t* context_handle,
sspi_gss_buffer_t interprocess_token);
UINT32 SSPI_GSSAPI sspi_gss_import_sec_context(UINT32* minor_status,
sspi_gss_buffer_t interprocess_token,
sspi_gss_ctx_id_t* context_handle);
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_import_sec_context)(
UINT32* minor_status, sspi_gss_buffer_t interprocess_token,
sspi_gss_ctx_id_t* context_handle);
UINT32 SSPI_GSSAPI sspi_gss_release_oid(UINT32* minor_status, sspi_gss_OID* oid);
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_release_oid)(UINT32* minor_status, sspi_gss_OID* oid);
UINT32 SSPI_GSSAPI sspi_gss_create_empty_oid_set(UINT32* minor_status,
sspi_gss_OID_set* oid_set);
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_create_empty_oid_set)(UINT32* minor_status,
sspi_gss_OID_set* oid_set);
UINT32 SSPI_GSSAPI sspi_gss_add_oid_set_member(UINT32* minor_status, sspi_gss_OID member_oid,
sspi_gss_OID_set* oid_set);
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_add_oid_set_member)(UINT32* minor_status,
sspi_gss_OID member_oid,
sspi_gss_OID_set* oid_set);
UINT32 SSPI_GSSAPI sspi_gss_test_oid_set_member(UINT32* minor_status, sspi_gss_OID member,
sspi_gss_OID_set set, int* present);
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_test_oid_set_member)(UINT32* minor_status,
sspi_gss_OID member,
sspi_gss_OID_set set,
int* present);
UINT32 SSPI_GSSAPI sspi_gss_str_to_oid(UINT32* minor_status, sspi_gss_buffer_t oid_str,
sspi_gss_OID* oid);
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_str_to_oid)(UINT32* minor_status,
sspi_gss_buffer_t oid_str,
sspi_gss_OID* oid);
UINT32 SSPI_GSSAPI sspi_gss_oid_to_str(UINT32* minor_status, sspi_gss_OID oid,
sspi_gss_buffer_t oid_str);
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_oid_to_str)(UINT32* minor_status, sspi_gss_OID oid,
sspi_gss_buffer_t oid_str);
UINT32 SSPI_GSSAPI sspi_gss_inquire_names_for_mech(UINT32* minor_status, sspi_gss_OID mechanism,
sspi_gss_OID_set* name_types);
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_inquire_names_for_mech)(UINT32* minor_status,
sspi_gss_OID mechanism,
sspi_gss_OID_set* name_types);
UINT32 SSPI_GSSAPI sspi_gss_inquire_mechs_for_name(UINT32* minor_status,
const sspi_gss_name_t input_name,
sspi_gss_OID_set* mech_types);
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_inquire_mechs_for_name)(
UINT32* minor_status, const sspi_gss_name_t input_name, sspi_gss_OID_set* mech_types);
UINT32 SSPI_GSSAPI sspi_gss_sign(UINT32* minor_status, sspi_gss_ctx_id_t context_handle,
int qop_req, sspi_gss_buffer_t message_buffer,
sspi_gss_buffer_t message_token);
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_sign)(UINT32* minor_status,
sspi_gss_ctx_id_t context_handle, int qop_req,
sspi_gss_buffer_t message_buffer,
sspi_gss_buffer_t message_token);
UINT32 SSPI_GSSAPI sspi_gss_verify(UINT32* minor_status, sspi_gss_ctx_id_t context_handle,
sspi_gss_buffer_t message_buffer,
sspi_gss_buffer_t token_buffer, int* qop_state);
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_verify)(UINT32* minor_status,
sspi_gss_ctx_id_t context_handle,
sspi_gss_buffer_t message_buffer,
sspi_gss_buffer_t token_buffer, int* qop_state);
UINT32 SSPI_GSSAPI sspi_gss_seal(UINT32* minor_status, sspi_gss_ctx_id_t context_handle,
int conf_req_flag, int qop_req,
sspi_gss_buffer_t input_message_buffer, int* conf_state,
sspi_gss_buffer_t output_message_buffer);
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_seal)(UINT32* minor_status,
sspi_gss_ctx_id_t context_handle,
int conf_req_flag, int qop_req,
sspi_gss_buffer_t input_message_buffer,
int* conf_state,
sspi_gss_buffer_t output_message_buffer);
UINT32 SSPI_GSSAPI sspi_gss_unseal(UINT32* minor_status, sspi_gss_ctx_id_t context_handle,
sspi_gss_buffer_t input_message_buffer,
sspi_gss_buffer_t output_message_buffer, int* conf_state,
int* qop_state);
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_unseal)(UINT32* minor_status,
sspi_gss_ctx_id_t context_handle,
sspi_gss_buffer_t input_message_buffer,
sspi_gss_buffer_t output_message_buffer,
int* conf_state, int* qop_state);
UINT32 SSPI_GSSAPI sspi_gss_export_name(UINT32* minor_status, const sspi_gss_name_t input_name,
sspi_gss_buffer_t exported_name);
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_export_name)(UINT32* minor_status,
const sspi_gss_name_t input_name,
sspi_gss_buffer_t exported_name);
UINT32 SSPI_GSSAPI sspi_gss_duplicate_name(UINT32* minor_status,
const sspi_gss_name_t input_name,
sspi_gss_name_t* dest_name);
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_duplicate_name)(UINT32* minor_status,
const sspi_gss_name_t input_name,
sspi_gss_name_t* dest_name);
UINT32 SSPI_GSSAPI sspi_gss_canonicalize_name(UINT32* minor_status,
const sspi_gss_name_t input_name,
const sspi_gss_OID mech_type,
sspi_gss_name_t* output_name);
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_canonicalize_name)(UINT32* minor_status,
const sspi_gss_name_t input_name,
const sspi_gss_OID mech_type,
sspi_gss_name_t* output_name);
UINT32 SSPI_GSSAPI sspi_gss_pseudo_random(UINT32* minor_status, sspi_gss_ctx_id_t context,
int prf_key, const sspi_gss_buffer_t prf_in,
SSIZE_T desired_output_len,
sspi_gss_buffer_t prf_out);
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_pseudo_random)(UINT32* minor_status,
sspi_gss_ctx_id_t context, int prf_key,
const sspi_gss_buffer_t prf_in,
SSIZE_T desired_output_len,
sspi_gss_buffer_t prf_out);
UINT32 SSPI_GSSAPI sspi_gss_store_cred(UINT32* minor_status,
const sspi_gss_cred_id_t input_cred_handle,
sspi_gss_cred_usage_t input_usage,
const sspi_gss_OID desired_mech, UINT32 overwrite_cred,
UINT32 default_cred, sspi_gss_OID_set* elements_stored,
sspi_gss_cred_usage_t* cred_usage_stored);
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_store_cred)(UINT32* minor_status,
const sspi_gss_cred_id_t input_cred_handle,
sspi_gss_cred_usage_t input_usage,
const sspi_gss_OID desired_mech,
UINT32 overwrite_cred, UINT32 default_cred,
sspi_gss_OID_set* elements_stored,
sspi_gss_cred_usage_t* cred_usage_stored);
UINT32 SSPI_GSSAPI sspi_gss_set_neg_mechs(UINT32* minor_status, sspi_gss_cred_id_t cred_handle,
const sspi_gss_OID_set mech_set);
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_set_neg_mechs)(UINT32* minor_status,
sspi_gss_cred_id_t cred_handle,
const sspi_gss_OID_set mech_set);
struct sspi_gss_key_value_element_struct
{
const char* key;
const char* value;
};
typedef struct sspi_gss_key_value_element_struct sspi_gss_key_value_element_desc;
struct sspi_gss_key_value_set_struct
{
UINT32 count;
sspi_gss_key_value_element_desc* elements;
};
typedef struct sspi_gss_key_value_set_struct sspi_gss_key_value_set_desc;
typedef const sspi_gss_key_value_set_desc* sspi_gss_const_key_value_set_t;
UINT32 SSPI_GSSAPI sspi_gss_acquire_cred_from(UINT32* minor_status,
sspi_gss_name_t desired_name, UINT32 time_req,
sspi_gss_OID_set desired_mechs,
sspi_gss_cred_usage_t cred_usage,
sspi_gss_const_key_value_set_t cred_store,
sspi_gss_cred_id_t* output_cred_handle,
sspi_gss_OID_set* actual_mechs, UINT32* time_rec);
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_acquire_cred_from)(
UINT32* minor_status, sspi_gss_name_t desired_name, UINT32 time_req,
sspi_gss_OID_set desired_mechs, sspi_gss_cred_usage_t cred_usage,
sspi_gss_const_key_value_set_t cred_store, sspi_gss_cred_id_t* output_cred_handle,
sspi_gss_OID_set* actual_mechs, UINT32* time_rec);
#ifdef __cplusplus
return (oid1->len == oid2->len) && (memcmp(oid1->data, oid2->data, oid1->len) == 0);
}
#endif
typedef struct
{
fn_sspi_gss_acquire_cred gss_acquire_cred;
fn_sspi_gss_release_cred gss_release_cred;
fn_sspi_gss_init_sec_context gss_init_sec_context;
fn_sspi_gss_accept_sec_context gss_accept_sec_context;
fn_sspi_gss_process_context_token gss_process_context_token;
fn_sspi_gss_delete_sec_context gss_delete_sec_context;
fn_sspi_gss_context_time gss_context_time;
fn_sspi_gss_get_mic gss_get_mic;
fn_sspi_gss_verify_mic gss_verify_mic;
fn_sspi_gss_wrap gss_wrap;
fn_sspi_gss_unwrap gss_unwrap;
fn_sspi_gss_display_status gss_display_status;
fn_sspi_gss_indicate_mechs gss_indicate_mechs;
fn_sspi_gss_compare_name gss_compare_name;
fn_sspi_gss_display_name gss_display_name;
fn_sspi_gss_import_name gss_import_name;
fn_sspi_gss_release_name gss_release_name;
fn_sspi_gss_release_buffer gss_release_buffer;
fn_sspi_gss_release_oid_set gss_release_oid_set;
fn_sspi_gss_inquire_cred gss_inquire_cred;
fn_sspi_gss_inquire_context gss_inquire_context;
fn_sspi_gss_wrap_size_limit gss_wrap_size_limit;
fn_sspi_gss_import_name_object gss_import_name_object;
fn_sspi_gss_export_name_object gss_export_name_object;
fn_sspi_gss_add_cred gss_add_cred;
fn_sspi_gss_inquire_cred_by_mech gss_inquire_cred_by_mech;
fn_sspi_gss_export_sec_context gss_export_sec_context;
fn_sspi_gss_import_sec_context gss_import_sec_context;
fn_sspi_gss_release_oid gss_release_oid;
fn_sspi_gss_create_empty_oid_set gss_create_empty_oid_set;
fn_sspi_gss_add_oid_set_member gss_add_oid_set_member;
fn_sspi_gss_test_oid_set_member gss_test_oid_set_member;
fn_sspi_gss_str_to_oid gss_str_to_oid;
fn_sspi_gss_oid_to_str gss_oid_to_str;
fn_sspi_gss_inquire_names_for_mech gss_inquire_names_for_mech;
fn_sspi_gss_inquire_mechs_for_name gss_inquire_mechs_for_name;
fn_sspi_gss_sign gss_sign;
fn_sspi_gss_verify gss_verify;
fn_sspi_gss_seal gss_seal;
fn_sspi_gss_unseal gss_unseal;
fn_sspi_gss_export_name gss_export_name;
fn_sspi_gss_duplicate_name gss_duplicate_name;
fn_sspi_gss_canonicalize_name gss_canonicalize_name;
fn_sspi_gss_pseudo_random gss_pseudo_random;
fn_sspi_gss_store_cred gss_store_cred;
fn_sspi_gss_set_neg_mechs gss_set_neg_mechs;
fn_sspi_gss_acquire_cred_from gss_acquire_cred_from;
} GSSAPI_FUNCTION_TABLE;
GSSAPI_FUNCTION_TABLE* SEC_ENTRY gssApi_InitSecurityInterface(void);
#ifdef __cplusplus
extern "C"
{
#endif
#ifdef __cplusplus
}
#endif
BOOL sspi_gss_wrap_token(SecBuffer* buf, const WinPrAsn1_OID* oid, uint16_t tok_id,
const sspi_gss_data* token);
BOOL sspi_gss_unwrap_token(const SecBuffer* buf, WinPrAsn1_OID* oid, uint16_t* tok_id,
sspi_gss_data* token);
#endif /* WINPR_SSPI_GSS_PRIVATE_H */

36
winpr/libwinpr/utils/asn1/asn1.c
View File

@ -695,6 +695,15 @@ size_t WinPrAsn1EncIA5String(WinPrAsn1Encoder* enc, WinPrAsn1_IA5STRING ia5)
return WinPrAsn1EncMemoryChunk(enc, ER_TAG_IA5STRING, &chunk);
}
size_t WinPrAsn1EncGeneralString(WinPrAsn1Encoder* enc, WinPrAsn1_STRING str)
{
WinPrAsn1_MemoryChunk chunk;
WINPR_ASSERT(str);
chunk.data = (BYTE*)str;
chunk.len = strlen(str);
return WinPrAsn1EncMemoryChunk(enc, ER_TAG_GENERAL_STRING, &chunk);
}
size_t WinPrAsn1EncContextualMemoryChunk(WinPrAsn1Encoder* enc, BYTE wireType,
WinPrAsn1_tagId tagId, const WinPrAsn1_MemoryChunk* mchunk)
{
@ -1107,6 +1116,33 @@ size_t WinPrAsn1DecReadIA5String(WinPrAsn1Decoder* dec, WinPrAsn1_IA5STRING* tar
return ret;
}
size_t WinPrAsn1DecReadGeneralString(WinPrAsn1Decoder* dec, WinPrAsn1_STRING* target)
{
WinPrAsn1_tag tag;
size_t len;
size_t ret;
WinPrAsn1_IA5STRING s;
WINPR_ASSERT(dec);
WINPR_ASSERT(target);
ret = readTagAndLen(dec, &dec->source, &tag, &len);
if (!ret || tag != ER_TAG_GENERAL_STRING)
return 0;
if (Stream_GetRemainingLength(&dec->source) < len)
return 0;
ret += len;
s = malloc(len + 1);
if (!s)
return 0;
Stream_Read(&dec->source, s, len);
s[len] = 0;
*target = s;
return ret;
}
static int read2digits(wStream* s)
{
int ret = 0;