Kerberos User 2 User support (#8070)
* add support for 64-bit big-endian encoding * kerberos: drop reliance on gssapi and add user 2 user support * Fix local variable declared in the middle of the function body * kerberos: add ccache server option Co-authored-by: fifthdegree <fifthdegree@protonmail.com> Co-authored-by: David Fort <contact@hardening-consulting.com>
This commit is contained in:
fifthdegree
GitHub
parent
8dfadc5885
commit
7901a26a16
@ -1022,7 +1022,7 @@ static int nla_client_init(rdpNla* nla)
|
||||
* ISC_REQ_USE_SESSION_KEY
|
||||
* ISC_REQ_ALLOCATE_MEMORY
|
||||
*/
|
||||
nla->fContextReq = ISC_REQ_MUTUAL_AUTH | ISC_REQ_CONFIDENTIALITY | ISC_REQ_USE_SESSION_KEY;
|
||||
nla->fContextReq = ISC_REQ_MUTUAL_AUTH | ISC_REQ_CONFIDENTIALITY;
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
||||
@ -73,6 +73,8 @@ int main(int argc, char** argv)
|
||||
"NTLM SAM file for NLA authentication" },
|
||||
{ "keytab", COMMAND_LINE_VALUE_REQUIRED, "<file>", NULL, NULL, -1, NULL,
|
||||
"Kerberos keytab file for NLA authentication" },
|
||||
{ "ccache", COMMAND_LINE_VALUE_REQUIRED, "<file>", NULL, NULL, -1, NULL,
|
||||
"Kerberos host ccache file for NLA authentication" },
|
||||
{ "gfx-progressive", COMMAND_LINE_VALUE_BOOL, NULL, BoolValueTrue, NULL, -1, NULL,
|
||||
"Allow GFX progressive codec" },
|
||||
{ "gfx-rfx", COMMAND_LINE_VALUE_BOOL, NULL, BoolValueTrue, NULL, -1, NULL,
|
||||
|
||||
@ -397,6 +397,11 @@ int shadow_server_parse_command_line(rdpShadowServer* server, int argc, char** a
|
||||
if (!freerdp_settings_set_string(settings, FreeRDP_KerberosKeytab, arg->Value))
|
||||
return COMMAND_LINE_ERROR;
|
||||
}
|
||||
CommandLineSwitchCase(arg, "ccache")
|
||||
{
|
||||
if (!freerdp_settings_set_string(settings, FreeRDP_KerberosCache, arg->Value))
|
||||
return COMMAND_LINE_ERROR;
|
||||
}
|
||||
CommandLineSwitchDefault(arg)
|
||||
{
|
||||
}
|
||||
|
||||
@ -126,6 +126,7 @@ extern "C"
|
||||
WINPR_API size_t WinPrAsn1DecReadOctetString(WinPrAsn1Decoder* dec,
|
||||
WinPrAsn1_OctetString* target, BOOL allocate);
|
||||
WINPR_API size_t WinPrAsn1DecReadIA5String(WinPrAsn1Decoder* dec, WinPrAsn1_IA5STRING* target);
|
||||
WINPR_API size_t WinPrAsn1DecReadGeneralString(WinPrAsn1Decoder* dec, WinPrAsn1_STRING* target);
|
||||
WINPR_API size_t WinPrAsn1DecReadUtcTime(WinPrAsn1Decoder* dec, WinPrAsn1_UTCTIME* target);
|
||||
WINPR_API size_t WinPrAsn1DecReadNull(WinPrAsn1Decoder* dec);
|
||||
|
||||
@ -192,6 +193,7 @@ extern "C"
|
||||
WINPR_API size_t WinPrAsn1EncContextualOctetString(WinPrAsn1Encoder* enc, WinPrAsn1_tagId tagId,
|
||||
const WinPrAsn1_OctetString* oid);
|
||||
WINPR_API size_t WinPrAsn1EncIA5String(WinPrAsn1Encoder* enc, WinPrAsn1_IA5STRING ia5);
|
||||
WINPR_API size_t WinPrAsn1EncGeneralString(WinPrAsn1Encoder* enc, WinPrAsn1_STRING str);
|
||||
WINPR_API size_t WinPrAsn1EncContextualIA5String(WinPrAsn1Encoder* enc, WinPrAsn1_tagId tagId,
|
||||
WinPrAsn1_IA5STRING ia5);
|
||||
WINPR_API size_t WinPrAsn1EncUtcTime(WinPrAsn1Encoder* enc, const WinPrAsn1_UTCTIME* utc);
|
||||
|
||||
@ -98,6 +98,17 @@ extern "C"
|
||||
(((UINT64)(*((const BYTE*)_d + 7))) << 56); \
|
||||
} while (0)
|
||||
|
||||
#define Data_Read_UINT64_BE(_d, _v) \
|
||||
do \
|
||||
{ \
|
||||
_v = (((UINT64)(*((const BYTE*)_d))) << 56) + (((UINT64)(*((const BYTE*)_d + 1))) << 48) + \
|
||||
(((UINT64)(*((const BYTE*)_d + 2))) << 40) + \
|
||||
(((UINT64)(*((const BYTE*)_d + 3))) << 32) + \
|
||||
(((UINT64)(*((const BYTE*)_d + 4))) << 24) + \
|
||||
(((UINT64)(*((const BYTE*)_d + 5))) << 16) + \
|
||||
(((UINT64)(*((const BYTE*)_d + 6))) << 8) + (((UINT64)(*((const BYTE*)_d + 7)))); \
|
||||
} while (0)
|
||||
|
||||
#define Data_Write_UINT8_NE(_d, _v) \
|
||||
do \
|
||||
{ \
|
||||
@ -171,6 +182,13 @@ extern "C"
|
||||
*((BYTE*)_d + 7) = ((UINT64)(_v) >> 56) & 0xFF; \
|
||||
} while (0)
|
||||
|
||||
#define Data_Write_UINT64_BE(_d, _v) \
|
||||
do \
|
||||
{ \
|
||||
Data_Write_UINT32_BE((BYTE*)_d, ((_v) >> 32 & 0xFFFFFFFF)); \
|
||||
Data_Write_UINT32_BE((BYTE*)_d + 4, ((_v)&0xFFFFFFFF)); \
|
||||
} while (0)
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@ -29,7 +29,6 @@
|
||||
|
||||
#ifdef WITH_GSSAPI
|
||||
#include <krb5/krb5.h>
|
||||
#include <gssapi.h>
|
||||
#endif
|
||||
|
||||
typedef struct s_KRB_CONTEXT KRB_CONTEXT;
|
||||
|
||||
@ -88,20 +88,32 @@ const SecPkgInfoW NEGOTIATE_SecPkgInfoW = {
|
||||
};
|
||||
|
||||
static const WinPrAsn1_OID spnego_OID = { 6, (BYTE*)"\x2b\x06\x01\x05\x05\x02" };
|
||||
static const WinPrAsn1_OID kerberos_u2u_OID = { 10,
|
||||
(BYTE*)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02\x03" };
|
||||
static const WinPrAsn1_OID kerberos_OID = { 9, (BYTE*)"\x2a\x86\x48\x86\xf7\x12\x01\x02\x02" };
|
||||
static const WinPrAsn1_OID kerberos_wrong_OID = { 9,
|
||||
(BYTE*)"\x2a\x86\x48\x82\xf7\x12\x01\x02\x02" };
|
||||
static const WinPrAsn1_OID ntlm_OID = { 10, (BYTE*)"\x2b\x06\x01\x04\x01\x82\x37\x02\x02\x0a" };
|
||||
|
||||
#ifdef WITH_GSSAPI
|
||||
static const SecPkg SecPkgTable[] = {
|
||||
{ KERBEROS_SSP_NAME, &KERBEROS_SecurityFunctionTableA, &KERBEROS_SecurityFunctionTableW },
|
||||
{ NTLM_SSP_NAME, &NTLM_SecurityFunctionTableA, &NTLM_SecurityFunctionTableW }
|
||||
};
|
||||
|
||||
static const Mech MechTable[] = {
|
||||
{ &kerberos_OID, &SecPkgTable[0], 0, TRUE },
|
||||
{ &kerberos_u2u_OID, &SecPkgTable[0], ISC_REQ_INTEGRITY | ISC_REQ_USE_SESSION_KEY, TRUE },
|
||||
{ &kerberos_OID, &SecPkgTable[0], ISC_REQ_INTEGRITY, TRUE },
|
||||
{ &ntlm_OID, &SecPkgTable[1], 0, FALSE },
|
||||
};
|
||||
#else
|
||||
static const SecPkg SecPkgTable[] = { { NTLM_SSP_NAME, &NTLM_SecurityFunctionTableA,
|
||||
&NTLM_SecurityFunctionTableW } };
|
||||
|
||||
static const Mech MechTable[] = {
|
||||
{ &ntlm_OID, &SecPkgTable[0], 0, FALSE },
|
||||
};
|
||||
#endif
|
||||
|
||||
static const size_t MECH_COUNT = sizeof(MechTable) / sizeof(Mech);
|
||||
|
||||
@ -158,23 +170,17 @@ static void negotiate_ContextFree(NEGOTIATE_CONTEXT* context)
|
||||
free(context);
|
||||
}
|
||||
|
||||
static BOOL negotiate_oid_compare(const WinPrAsn1_OID* oid1, const WinPrAsn1_OID* oid2)
|
||||
{
|
||||
WINPR_ASSERT(oid1);
|
||||
WINPR_ASSERT(oid2);
|
||||
|
||||
return (oid1->len == oid2->len) && (memcmp(oid1->data, oid2->data, oid1->len) == 0);
|
||||
}
|
||||
|
||||
static const char* negotiate_mech_name(const WinPrAsn1_OID* oid)
|
||||
{
|
||||
if (negotiate_oid_compare(oid, &spnego_OID))
|
||||
if (sspi_gss_oid_compare(oid, &spnego_OID))
|
||||
return "SPNEGO (1.3.6.1.5.5.2)";
|
||||
else if (negotiate_oid_compare(oid, &kerberos_OID))
|
||||
else if (sspi_gss_oid_compare(oid, &kerberos_u2u_OID))
|
||||
return "Kerberos user to user (1.2.840.113554.1.2.2.3)";
|
||||
else if (sspi_gss_oid_compare(oid, &kerberos_OID))
|
||||
return "Kerberos (1.2.840.113554.1.2.2)";
|
||||
else if (negotiate_oid_compare(oid, &kerberos_wrong_OID))
|
||||
else if (sspi_gss_oid_compare(oid, &kerberos_wrong_OID))
|
||||
return "Kerberos [wrong OID] (1.2.840.48018.1.2.2)";
|
||||
else if (negotiate_oid_compare(oid, &ntlm_OID))
|
||||
else if (sspi_gss_oid_compare(oid, &ntlm_OID))
|
||||
return "NTLM (1.3.6.1.4.1.311.2.2.10)";
|
||||
else
|
||||
return "Unknown mechanism";
|
||||
@ -186,7 +192,7 @@ static const Mech* negotiate_GetMechByOID(const WinPrAsn1_OID* oid)
|
||||
|
||||
WinPrAsn1_OID testOid = *oid;
|
||||
|
||||
if (negotiate_oid_compare(oid, &kerberos_wrong_OID))
|
||||
if (sspi_gss_oid_compare(&oid, &kerberos_wrong_OID))
|
||||
{
|
||||
testOid.len = kerberos_OID.len;
|
||||
testOid.data = kerberos_OID.data;
|
||||
@ -194,7 +200,7 @@ static const Mech* negotiate_GetMechByOID(const WinPrAsn1_OID* oid)
|
||||
|
||||
for (size_t i = 0; i < MECH_COUNT; i++)
|
||||
{
|
||||
if (negotiate_oid_compare(&testOid, MechTable[i].oid))
|
||||
if (sspi_gss_oid_compare(&testOid, MechTable[i].oid))
|
||||
return &MechTable[i];
|
||||
}
|
||||
return NULL;
|
||||
@ -402,7 +408,7 @@ static BOOL negotiate_read_neg_token(PSecBuffer input, NegToken* token)
|
||||
if (!WinPrAsn1DecReadOID(&dec, &oid, FALSE))
|
||||
return FALSE;
|
||||
|
||||
if (!negotiate_oid_compare(&spnego_OID, &oid))
|
||||
if (!sspi_gss_oid_compare(&spnego_OID, &oid))
|
||||
return FALSE;
|
||||
|
||||
/* [0] NegTokenInit */
|
||||
@ -690,7 +696,7 @@ static SECURITY_STATUS SEC_ENTRY negotiate_InitializeSecurityContextW(
|
||||
|
||||
/* On first response check if the server doesn't like out prefered mech */
|
||||
if (context->state == NEGOTIATE_STATE_INITIAL && input_token.supportedMech.len &&
|
||||
!negotiate_oid_compare(&input_token.supportedMech, context->mech->oid))
|
||||
!sspi_gss_oid_compare(&input_token.supportedMech, context->mech->oid))
|
||||
{
|
||||
mech = negotiate_GetMechByOID(&input_token.supportedMech);
|
||||
if (!mech)
|
||||
@ -835,7 +841,7 @@ static const Mech* guessMech(PSecBuffer input_buffer, BOOL* spNego, WinPrAsn1_OI
|
||||
if (!WinPrAsn1DecReadOID(&appDecoder, oid, FALSE))
|
||||
return NULL;
|
||||
|
||||
if (negotiate_oid_compare(oid, &spnego_OID))
|
||||
if (sspi_gss_oid_compare(oid, &spnego_OID))
|
||||
{
|
||||
*spNego = TRUE;
|
||||
return NULL;
|
||||
|
||||
File diff suppressed because it is too large
Load Diff
@ -22,54 +22,20 @@
|
||||
#ifndef WINPR_SSPI_GSS_PRIVATE_H
|
||||
#define WINPR_SSPI_GSS_PRIVATE_H
|
||||
|
||||
#include <winpr/crt.h>
|
||||
#include <winpr/sspi.h>
|
||||
#include <winpr/asn1.h>
|
||||
|
||||
/**
|
||||
* The following are ABI-compatible, non-conflicting GSSAPI definitions
|
||||
*
|
||||
* http://tools.ietf.org/html/rfc2743
|
||||
* http://tools.ietf.org/html/rfc2744
|
||||
*/
|
||||
|
||||
#define SSPI_GSSAPI
|
||||
#define SSPI_GSSOID
|
||||
|
||||
typedef struct sspi_gss_name_struct* sspi_gss_name_t;
|
||||
|
||||
typedef struct sspi_gss_cred_id_struct* sspi_gss_cred_id_t;
|
||||
|
||||
typedef struct sspi_gss_ctx_id_struct* sspi_gss_ctx_id_t;
|
||||
|
||||
typedef struct sspi_gss_OID_desc_struct
|
||||
#ifdef WITH_GSSAPI
|
||||
#include <krb5/krb5.h>
|
||||
typedef krb5_data sspi_gss_data;
|
||||
#else
|
||||
typedef struct
|
||||
{
|
||||
UINT32 length;
|
||||
void* elements;
|
||||
} sspi_gss_OID_desc, *sspi_gss_OID;
|
||||
|
||||
typedef struct sspi_gss_OID_set_desc_struct
|
||||
{
|
||||
size_t count;
|
||||
sspi_gss_OID elements;
|
||||
} sspi_gss_OID_set_desc, *sspi_gss_OID_set;
|
||||
|
||||
typedef struct sspi_gss_buffer_desc_struct
|
||||
{
|
||||
size_t length;
|
||||
void* value;
|
||||
} sspi_gss_buffer_desc, *sspi_gss_buffer_t;
|
||||
|
||||
typedef struct sspi_gss_channel_bindings_struct
|
||||
{
|
||||
UINT32 initiator_addrtype;
|
||||
sspi_gss_buffer_desc initiator_address;
|
||||
UINT32 acceptor_addrtype;
|
||||
sspi_gss_buffer_desc acceptor_address;
|
||||
sspi_gss_buffer_desc application_data;
|
||||
} * sspi_gss_channel_bindings_t;
|
||||
|
||||
typedef UINT32 sspi_gss_qop_t;
|
||||
typedef int sspi_gss_cred_usage_t;
|
||||
int32_t magic;
|
||||
unsigned int length;
|
||||
char* data;
|
||||
} sspi_gss_data;
|
||||
#endif
|
||||
|
||||
#define SSPI_GSS_C_DELEG_FLAG 1
|
||||
#define SSPI_GSS_C_MUTUAL_FLAG 2
|
||||
@ -77,630 +43,40 @@ typedef int sspi_gss_cred_usage_t;
|
||||
#define SSPI_GSS_C_SEQUENCE_FLAG 8
|
||||
#define SSPI_GSS_C_CONF_FLAG 16
|
||||
#define SSPI_GSS_C_INTEG_FLAG 32
|
||||
#define SSPI_GSS_C_ANON_FLAG 64
|
||||
#define SSPI_GSS_C_PROT_READY_FLAG 128
|
||||
#define SSPI_GSS_C_TRANS_FLAG 256
|
||||
#define SSPI_GSS_C_DELEG_POLICY_FLAG 32768
|
||||
|
||||
#define SSPI_GSS_C_BOTH 0
|
||||
#define SSPI_GSS_C_INITIATE 1
|
||||
#define SSPI_GSS_C_ACCEPT 2
|
||||
#define FLAG_SENDER_IS_ACCEPTOR 0x01
|
||||
#define FLAG_WRAP_CONFIDENTIAL 0x02
|
||||
#define FLAG_ACCEPTOR_SUBKEY 0x04
|
||||
|
||||
#define SSPI_GSS_C_GSS_CODE 1
|
||||
#define SSPI_GSS_C_MECH_CODE 2
|
||||
#define KG_USAGE_ACCEPTOR_SEAL 22
|
||||
#define KG_USAGE_ACCEPTOR_SIGN 23
|
||||
#define KG_USAGE_INITIATOR_SEAL 24
|
||||
#define KG_USAGE_INITIATOR_SIGN 25
|
||||
|
||||
#define SSPI_GSS_C_AF_UNSPEC 0
|
||||
#define SSPI_GSS_C_AF_LOCAL 1
|
||||
#define SSPI_GSS_C_AF_INET 2
|
||||
#define SSPI_GSS_C_AF_IMPLINK 3
|
||||
#define SSPI_GSS_C_AF_PUP 4
|
||||
#define SSPI_GSS_C_AF_CHAOS 5
|
||||
#define SSPI_GSS_C_AF_NS 6
|
||||
#define SSPI_GSS_C_AF_NBS 7
|
||||
#define SSPI_GSS_C_AF_ECMA 8
|
||||
#define SSPI_GSS_C_AF_DATAKIT 9
|
||||
#define SSPI_GSS_C_AF_CCITT 10
|
||||
#define SSPI_GSS_C_AF_SNA 11
|
||||
#define SSPI_GSS_C_AF_DECnet 12
|
||||
#define SSPI_GSS_C_AF_DLI 13
|
||||
#define SSPI_GSS_C_AF_LAT 14
|
||||
#define SSPI_GSS_C_AF_HYLINK 15
|
||||
#define SSPI_GSS_C_AF_APPLETALK 16
|
||||
#define SSPI_GSS_C_AF_BSC 17
|
||||
#define SSPI_GSS_C_AF_DSS 18
|
||||
#define SSPI_GSS_C_AF_OSI 19
|
||||
#define SSPI_GSS_C_AF_NETBIOS 20
|
||||
#define SSPI_GSS_C_AF_X25 21
|
||||
#define SSPI_GSS_C_AF_NULLADDR 255
|
||||
#define TOK_ID_AP_REQ 0x0100
|
||||
#define TOK_ID_AP_REP 0x0200
|
||||
#define TOK_ID_ERROR 0x0300
|
||||
#define TOK_ID_TGT_REQ 0x0400
|
||||
#define TOK_ID_TGT_REP 0x0401
|
||||
|
||||
#define SSPI_GSS_C_NO_NAME ((sspi_gss_name_t)0)
|
||||
#define SSPI_GSS_C_NO_BUFFER ((sspi_gss_buffer_t)0)
|
||||
#define SSPI_GSS_C_NO_OID ((sspi_gss_OID)0)
|
||||
#define SSPI_GSS_C_NO_OID_SET ((sspi_gss_OID_set)0)
|
||||
#define SSPI_GSS_C_NO_CONTEXT ((sspi_gss_ctx_id_t)0)
|
||||
#define SSPI_GSS_C_NO_CREDENTIAL ((sspi_gss_cred_id_t)0)
|
||||
#define SSPI_GSS_C_NO_CHANNEL_BINDINGS ((sspi_gss_channel_bindings_t)0)
|
||||
#define SSPI_GSS_C_EMPTY_BUFFER \
|
||||
{ \
|
||||
0, NULL \
|
||||
}
|
||||
#define TOK_ID_MIC 0x0404
|
||||
#define TOK_ID_WRAP 0x0504
|
||||
#define TOK_ID_MIC_V1 0x0101
|
||||
#define TOK_ID_WRAP_V1 0x0201
|
||||
|
||||
#define SSPI_GSS_C_NULL_OID SSPI_GSS_C_NO_OID
|
||||
#define SSPI_GSS_C_NULL_OID_SET SSPI_GSS_C_NO_OID_SET
|
||||
#define GSS_CHECKSUM_TYPE 0x8003
|
||||
|
||||
#define SSPI_GSS_C_QOP_DEFAULT 0
|
||||
|
||||
#define SSPI_GSS_C_INDEFINITE ((UINT32)0xFFFFFFFF)
|
||||
|
||||
#define SSPI_GSS_S_COMPLETE 0
|
||||
|
||||
#define SSPI_GSS_C_CALLING_ERROR_OFFSET 24
|
||||
#define SSPI_GSS_C_ROUTINE_ERROR_OFFSET 16
|
||||
#define SSPI_GSS_C_SUPPLEMENTARY_OFFSET 0
|
||||
#define SSPI_GSS_C_CALLING_ERROR_MASK ((UINT32)0377)
|
||||
#define SSPI_GSS_C_ROUTINE_ERROR_MASK ((UINT32)0377)
|
||||
#define SSPI_GSS_C_SUPPLEMENTARY_MASK ((UINT32)0177777)
|
||||
|
||||
#define SSPI_GSS_CALLING_ERROR(_x) \
|
||||
((_x) & (SSPI_GSS_C_CALLING_ERROR_MASK << SSPI_GSS_C_CALLING_ERROR_OFFSET))
|
||||
#define SSPI_GSS_ROUTINE_ERROR(_x) \
|
||||
((_x) & (SSPI_GSS_C_ROUTINE_ERROR_MASK << SSPI_GSS_C_ROUTINE_ERROR_OFFSET))
|
||||
#define SSPI_GSS_SUPPLEMENTARY_INFO(_x) \
|
||||
((_x) & (SSPI_GSS_C_SUPPLEMENTARY_MASK << SSPI_GSS_C_SUPPLEMENTARY_OFFSET))
|
||||
#define SSPI_GSS_ERROR(_x) \
|
||||
((_x) & ((SSPI_GSS_C_CALLING_ERROR_MASK << SSPI_GSS_C_CALLING_ERROR_OFFSET) | \
|
||||
(SSPI_GSS_C_ROUTINE_ERROR_MASK << SSPI_GSS_C_ROUTINE_ERROR_OFFSET)))
|
||||
|
||||
#define SSPI_GSS_S_CALL_INACCESSIBLE_READ (((UINT32)1) << SSPI_GSS_C_CALLING_ERROR_OFFSET)
|
||||
#define SSPI_GSS_S_CALL_INACCESSIBLE_WRITE (((UINT32)2) << SSPI_GSS_C_CALLING_ERROR_OFFSET)
|
||||
#define SSPI_GSS_S_CALL_BAD_STRUCTURE (((UINT32)3) << SSPI_GSS_C_CALLING_ERROR_OFFSET)
|
||||
|
||||
#define SSPI_GSS_S_BAD_MECH (((UINT32)1) << SSPI_GSS_C_ROUTINE_ERROR_OFFSET)
|
||||
#define SSPI_GSS_S_BAD_NAME (((UINT32)2) << SSPI_GSS_C_ROUTINE_ERROR_OFFSET)
|
||||
#define SSPI_GSS_S_BAD_NAMETYPE (((UINT32)3) << SSPI_GSS_C_ROUTINE_ERROR_OFFSET)
|
||||
#define SSPI_GSS_S_BAD_BINDINGS (((UINT32)4) << SSPI_GSS_C_ROUTINE_ERROR_OFFSET)
|
||||
#define SSPI_GSS_S_BAD_STATUS (((UINT32)5) << SSPI_GSS_C_ROUTINE_ERROR_OFFSET)
|
||||
#define SSPI_GSS_S_BAD_SIG (((UINT32)6) << SSPI_GSS_C_ROUTINE_ERROR_OFFSET)
|
||||
#define SSPI_GSS_S_NO_CRED (((UINT32)7) << SSPI_GSS_C_ROUTINE_ERROR_OFFSET)
|
||||
#define SSPI_GSS_S_NO_CONTEXT (((UINT32)8) << SSPI_GSS_C_ROUTINE_ERROR_OFFSET)
|
||||
#define SSPI_GSS_S_DEFECTIVE_TOKEN (((UINT32)9) << SSPI_GSS_C_ROUTINE_ERROR_OFFSET)
|
||||
#define SSPI_GSS_S_DEFECTIVE_CREDENTIAL (((UINT32)10) << SSPI_GSS_C_ROUTINE_ERROR_OFFSET)
|
||||
#define SSPI_GSS_S_CREDENTIALS_EXPIRED (((UINT32)11) << SSPI_GSS_C_ROUTINE_ERROR_OFFSET)
|
||||
#define SSPI_GSS_S_CONTEXT_EXPIRED (((UINT32)12) << SSPI_GSS_C_ROUTINE_ERROR_OFFSET)
|
||||
#define SSPI_GSS_S_FAILURE (((UINT32)13) << SSPI_GSS_C_ROUTINE_ERROR_OFFSET)
|
||||
#define SSPI_GSS_S_BAD_QOP (((UINT32)14) << SSPI_GSS_C_ROUTINE_ERROR_OFFSET)
|
||||
#define SSPI_GSS_S_UNAUTHORIZED (((UINT32)15) << SSPI_GSS_C_ROUTINE_ERROR_OFFSET)
|
||||
#define SSPI_GSS_S_UNAVAILABLE (((UINT32)16) << SSPI_GSS_C_ROUTINE_ERROR_OFFSET)
|
||||
#define SSPI_GSS_S_DUPLICATE_ELEMENT (((UINT32)17) << SSPI_GSS_C_ROUTINE_ERROR_OFFSET)
|
||||
#define SSPI_GSS_S_NAME_NOT_MN (((UINT32)18) << SSPI_GSS_C_ROUTINE_ERROR_OFFSET)
|
||||
#define SSPI_GSS_S_BAD_MECH_ATTR (((UINT32)19) << SSPI_GSS_C_ROUTINE_ERROR_OFFSET)
|
||||
|
||||
#define SSPI_GSS_S_CONTINUE_NEEDED (1 << (SSPI_GSS_C_SUPPLEMENTARY_OFFSET + 0))
|
||||
#define SSPI_GSS_S_DUPLICATE_TOKEN (1 << (SSPI_GSS_C_SUPPLEMENTARY_OFFSET + 1))
|
||||
#define SSPI_GSS_S_OLD_TOKEN (1 << (SSPI_GSS_C_SUPPLEMENTARY_OFFSET + 2))
|
||||
#define SSPI_GSS_S_UNSEQ_TOKEN (1 << (SSPI_GSS_C_SUPPLEMENTARY_OFFSET + 3))
|
||||
#define SSPI_GSS_S_GAP_TOKEN (1 << (SSPI_GSS_C_SUPPLEMENTARY_OFFSET + 4))
|
||||
|
||||
#define SSPI_GSS_C_PRF_KEY_FULL 0
|
||||
#define SSPI_GSS_C_PRF_KEY_PARTIAL 1
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C"
|
||||
static INLINE BOOL sspi_gss_oid_compare(const WinPrAsn1_OID* oid1, const WinPrAsn1_OID* oid2)
|
||||
{
|
||||
#endif
|
||||
WINPR_ASSERT(oid1);
|
||||
WINPR_ASSERT(oid2);
|
||||
|
||||
SSPI_GSSOID extern sspi_gss_OID SSPI_GSS_C_NT_USER_NAME;
|
||||
SSPI_GSSOID extern sspi_gss_OID SSPI_GSS_C_NT_MACHINE_UID_NAME;
|
||||
SSPI_GSSOID extern sspi_gss_OID SSPI_GSS_C_NT_STRING_UID_NAME;
|
||||
SSPI_GSSOID extern sspi_gss_OID SSPI_GSS_C_NT_HOSTBASED_SERVICE_X;
|
||||
SSPI_GSSOID extern sspi_gss_OID SSPI_GSS_C_NT_HOSTBASED_SERVICE;
|
||||
SSPI_GSSOID extern sspi_gss_OID SSPI_GSS_C_NT_ANONYMOUS;
|
||||
SSPI_GSSOID extern sspi_gss_OID SSPI_GSS_C_NT_EXPORT_NAME;
|
||||
|
||||
UINT32 SSPI_GSSAPI sspi_gss_acquire_cred(UINT32* minor_status, sspi_gss_name_t desired_name,
|
||||
UINT32 time_req, sspi_gss_OID_set desired_mechs,
|
||||
sspi_gss_cred_usage_t cred_usage,
|
||||
sspi_gss_cred_id_t* output_cred_handle,
|
||||
sspi_gss_OID_set* actual_mechs, UINT32* time_rec);
|
||||
|
||||
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_acquire_cred)(
|
||||
UINT32* minor_status, sspi_gss_name_t desired_name, UINT32 time_req,
|
||||
sspi_gss_OID_set desired_mechs, sspi_gss_cred_usage_t cred_usage,
|
||||
sspi_gss_cred_id_t* output_cred_handle, sspi_gss_OID_set* actual_mechs, UINT32* time_rec);
|
||||
|
||||
UINT32 SSPI_GSSAPI sspi_gss_release_cred(UINT32* minor_status, sspi_gss_cred_id_t* cred_handle);
|
||||
|
||||
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_release_cred)(UINT32* minor_status,
|
||||
sspi_gss_cred_id_t* cred_handle);
|
||||
|
||||
UINT32 SSPI_GSSAPI sspi_gss_init_sec_context(
|
||||
UINT32* minor_status, sspi_gss_cred_id_t claimant_cred_handle,
|
||||
sspi_gss_ctx_id_t* context_handle, sspi_gss_name_t target_name, sspi_gss_OID mech_type,
|
||||
UINT32 req_flags, UINT32 time_req, sspi_gss_channel_bindings_t input_chan_bindings,
|
||||
sspi_gss_buffer_t input_token, sspi_gss_OID* actual_mech_type,
|
||||
sspi_gss_buffer_t output_token, UINT32* ret_flags, UINT32* time_rec);
|
||||
|
||||
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_init_sec_context)(
|
||||
UINT32* minor_status, sspi_gss_cred_id_t claimant_cred_handle,
|
||||
sspi_gss_ctx_id_t* context_handle, sspi_gss_name_t target_name, sspi_gss_OID mech_type,
|
||||
UINT32 req_flags, UINT32 time_req, sspi_gss_channel_bindings_t input_chan_bindings,
|
||||
sspi_gss_buffer_t input_token, sspi_gss_OID* actual_mech_type,
|
||||
sspi_gss_buffer_t output_token, UINT32* ret_flags, UINT32* time_rec);
|
||||
|
||||
UINT32 SSPI_GSSAPI sspi_gss_accept_sec_context(
|
||||
UINT32* minor_status, sspi_gss_ctx_id_t* context_handle,
|
||||
sspi_gss_cred_id_t acceptor_cred_handle, sspi_gss_buffer_t input_token_buffer,
|
||||
sspi_gss_channel_bindings_t input_chan_bindings, sspi_gss_name_t* src_name,
|
||||
sspi_gss_OID* mech_type, sspi_gss_buffer_t output_token, UINT32* ret_flags,
|
||||
UINT32* time_rec, sspi_gss_cred_id_t* delegated_cred_handle);
|
||||
|
||||
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_accept_sec_context)(
|
||||
UINT32* minor_status, sspi_gss_ctx_id_t* context_handle,
|
||||
sspi_gss_cred_id_t acceptor_cred_handle, sspi_gss_buffer_t input_token_buffer,
|
||||
sspi_gss_channel_bindings_t input_chan_bindings, sspi_gss_name_t* src_name,
|
||||
sspi_gss_OID* mech_type, sspi_gss_buffer_t output_token, UINT32* ret_flags,
|
||||
UINT32* time_rec, sspi_gss_cred_id_t* delegated_cred_handle);
|
||||
|
||||
UINT32 SSPI_GSSAPI sspi_gss_process_context_token(UINT32* minor_status,
|
||||
sspi_gss_ctx_id_t context_handle,
|
||||
sspi_gss_buffer_t token_buffer);
|
||||
|
||||
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_process_context_token)(UINT32* minor_status,
|
||||
sspi_gss_ctx_id_t context_handle,
|
||||
sspi_gss_buffer_t token_buffer);
|
||||
|
||||
UINT32 SSPI_GSSAPI sspi_gss_delete_sec_context(UINT32* minor_status,
|
||||
sspi_gss_ctx_id_t* context_handle,
|
||||
sspi_gss_buffer_t output_token);
|
||||
|
||||
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_delete_sec_context)(UINT32* minor_status,
|
||||
sspi_gss_ctx_id_t* context_handle,
|
||||
sspi_gss_buffer_t output_token);
|
||||
|
||||
UINT32 SSPI_GSSAPI sspi_gss_context_time(UINT32* minor_status, sspi_gss_ctx_id_t context_handle,
|
||||
UINT32* time_rec);
|
||||
|
||||
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_context_time)(UINT32* minor_status,
|
||||
sspi_gss_ctx_id_t context_handle,
|
||||
UINT32* time_rec);
|
||||
|
||||
UINT32 SSPI_GSSAPI sspi_gss_get_mic(UINT32* minor_status, sspi_gss_ctx_id_t context_handle,
|
||||
sspi_gss_qop_t qop_req, sspi_gss_buffer_t message_buffer,
|
||||
sspi_gss_buffer_t message_token);
|
||||
|
||||
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_get_mic)(UINT32* minor_status,
|
||||
sspi_gss_ctx_id_t context_handle,
|
||||
sspi_gss_qop_t qop_req,
|
||||
sspi_gss_buffer_t message_buffer,
|
||||
sspi_gss_buffer_t message_token);
|
||||
|
||||
UINT32 SSPI_GSSAPI sspi_gss_verify_mic(UINT32* minor_status, sspi_gss_ctx_id_t context_handle,
|
||||
sspi_gss_buffer_t message_buffer,
|
||||
sspi_gss_buffer_t message_token,
|
||||
sspi_gss_qop_t* qop_state);
|
||||
|
||||
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_verify_mic)(UINT32* minor_status,
|
||||
sspi_gss_ctx_id_t context_handle,
|
||||
sspi_gss_buffer_t message_buffer,
|
||||
sspi_gss_buffer_t message_token,
|
||||
sspi_gss_qop_t* qop_state);
|
||||
|
||||
UINT32 SSPI_GSSAPI sspi_gss_wrap(UINT32* minor_status, sspi_gss_ctx_id_t context_handle,
|
||||
int conf_req_flag, sspi_gss_qop_t qop_req,
|
||||
sspi_gss_buffer_t input_message_buffer, int* conf_state,
|
||||
sspi_gss_buffer_t output_message_buffer);
|
||||
|
||||
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_wrap)(UINT32* minor_status,
|
||||
sspi_gss_ctx_id_t context_handle,
|
||||
int conf_req_flag, sspi_gss_qop_t qop_req,
|
||||
sspi_gss_buffer_t input_message_buffer,
|
||||
int* conf_state,
|
||||
sspi_gss_buffer_t output_message_buffer);
|
||||
|
||||
UINT32 SSPI_GSSAPI sspi_gss_unwrap(UINT32* minor_status, const sspi_gss_ctx_id_t context_handle,
|
||||
const sspi_gss_buffer_t input_message_buffer,
|
||||
sspi_gss_buffer_t output_message_buffer, int* conf_state,
|
||||
sspi_gss_qop_t* qop_state);
|
||||
|
||||
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_unwrap)(UINT32* minor_status,
|
||||
sspi_gss_ctx_id_t context_handle,
|
||||
sspi_gss_buffer_t input_message_buffer,
|
||||
sspi_gss_buffer_t output_message_buffer,
|
||||
int* conf_state, sspi_gss_qop_t* qop_state);
|
||||
|
||||
UINT32 SSPI_GSSAPI sspi_gss_display_status(UINT32* minor_status, UINT32 status_value,
|
||||
int status_type, sspi_gss_OID mech_type,
|
||||
UINT32* message_context,
|
||||
sspi_gss_buffer_t status_string);
|
||||
|
||||
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_display_status)(UINT32* minor_status,
|
||||
UINT32 status_value, int status_type,
|
||||
sspi_gss_OID mech_type,
|
||||
UINT32* message_context,
|
||||
sspi_gss_buffer_t status_string);
|
||||
|
||||
UINT32 SSPI_GSSAPI sspi_gss_indicate_mechs(UINT32* minor_status, sspi_gss_OID_set* mech_set);
|
||||
|
||||
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_indicate_mechs)(UINT32* minor_status,
|
||||
sspi_gss_OID_set* mech_set);
|
||||
|
||||
UINT32 SSPI_GSSAPI sspi_gss_compare_name(UINT32* minor_status, sspi_gss_name_t name1,
|
||||
sspi_gss_name_t name2, int* name_equal);
|
||||
|
||||
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_compare_name)(UINT32* minor_status,
|
||||
sspi_gss_name_t name1,
|
||||
sspi_gss_name_t name2, int* name_equal);
|
||||
|
||||
UINT32 SSPI_GSSAPI sspi_gss_display_name(UINT32* minor_status, sspi_gss_name_t input_name,
|
||||
sspi_gss_buffer_t output_name_buffer,
|
||||
sspi_gss_OID* output_name_type);
|
||||
|
||||
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_display_name)(UINT32* minor_status,
|
||||
sspi_gss_name_t input_name,
|
||||
sspi_gss_buffer_t output_name_buffer,
|
||||
sspi_gss_OID* output_name_type);
|
||||
|
||||
UINT32 SSPI_GSSAPI sspi_gss_import_name(UINT32* minor_status,
|
||||
sspi_gss_buffer_t input_name_buffer,
|
||||
sspi_gss_OID input_name_type,
|
||||
sspi_gss_name_t* output_name);
|
||||
|
||||
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_import_name)(UINT32* minor_status,
|
||||
sspi_gss_buffer_t input_name_buffer,
|
||||
sspi_gss_OID input_name_type,
|
||||
sspi_gss_name_t* output_name);
|
||||
|
||||
UINT32 SSPI_GSSAPI sspi_gss_release_name(UINT32* minor_status, sspi_gss_name_t* input_name);
|
||||
|
||||
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_release_name)(UINT32* minor_status,
|
||||
sspi_gss_name_t* input_name);
|
||||
|
||||
UINT32 SSPI_GSSAPI sspi_gss_release_buffer(UINT32* minor_status, sspi_gss_buffer_t buffer);
|
||||
|
||||
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_release_buffer)(UINT32* minor_status,
|
||||
sspi_gss_buffer_t buffer);
|
||||
|
||||
UINT32 SSPI_GSSAPI sspi_gss_release_oid_set(UINT32* minor_status, sspi_gss_OID_set* set);
|
||||
|
||||
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_release_oid_set)(UINT32* minor_status,
|
||||
sspi_gss_OID_set* set);
|
||||
|
||||
UINT32 SSPI_GSSAPI sspi_gss_inquire_cred(UINT32* minor_status, sspi_gss_cred_id_t cred_handle,
|
||||
sspi_gss_name_t* name, UINT32* lifetime,
|
||||
sspi_gss_cred_usage_t* cred_usage,
|
||||
sspi_gss_OID_set* mechanisms);
|
||||
|
||||
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_inquire_cred)(UINT32* minor_status,
|
||||
sspi_gss_cred_id_t cred_handle,
|
||||
sspi_gss_name_t* name, UINT32* lifetime,
|
||||
sspi_gss_cred_usage_t* cred_usage,
|
||||
sspi_gss_OID_set* mechanisms);
|
||||
|
||||
UINT32 SSPI_GSSAPI sspi_gss_inquire_context(UINT32* minor_status,
|
||||
sspi_gss_ctx_id_t context_handle,
|
||||
sspi_gss_name_t* src_name,
|
||||
sspi_gss_name_t* targ_name, UINT32* lifetime_rec,
|
||||
sspi_gss_OID* mech_type, UINT32* ctx_flags,
|
||||
int* locally_initiated, int* open);
|
||||
|
||||
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_inquire_context)(
|
||||
UINT32* minor_status, sspi_gss_ctx_id_t context_handle, sspi_gss_name_t* src_name,
|
||||
sspi_gss_name_t* targ_name, UINT32* lifetime_rec, sspi_gss_OID* mech_type,
|
||||
UINT32* ctx_flags, int* locally_initiated, int* open);
|
||||
|
||||
UINT32 SSPI_GSSAPI sspi_gss_wrap_size_limit(UINT32* minor_status,
|
||||
sspi_gss_ctx_id_t context_handle, int conf_req_flag,
|
||||
sspi_gss_qop_t qop_req, UINT32 req_output_size,
|
||||
UINT32* max_input_size);
|
||||
|
||||
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_wrap_size_limit)(
|
||||
UINT32* minor_status, sspi_gss_ctx_id_t context_handle, int conf_req_flag,
|
||||
sspi_gss_qop_t qop_req, UINT32 req_output_size, UINT32* max_input_size);
|
||||
|
||||
UINT32 SSPI_GSSAPI sspi_gss_import_name_object(UINT32* minor_status, void* input_name,
|
||||
sspi_gss_OID input_name_type,
|
||||
sspi_gss_name_t* output_name);
|
||||
|
||||
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_import_name_object)(UINT32* minor_status,
|
||||
void* input_name,
|
||||
sspi_gss_OID input_name_type,
|
||||
sspi_gss_name_t* output_name);
|
||||
|
||||
UINT32 SSPI_GSSAPI sspi_gss_export_name_object(UINT32* minor_status, sspi_gss_name_t input_name,
|
||||
sspi_gss_OID desired_name_type,
|
||||
void** output_name);
|
||||
|
||||
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_export_name_object)(UINT32* minor_status,
|
||||
sspi_gss_name_t input_name,
|
||||
sspi_gss_OID desired_name_type,
|
||||
void** output_name);
|
||||
|
||||
UINT32 SSPI_GSSAPI sspi_gss_add_cred(UINT32* minor_status, sspi_gss_cred_id_t input_cred_handle,
|
||||
sspi_gss_name_t desired_name, sspi_gss_OID desired_mech,
|
||||
sspi_gss_cred_usage_t cred_usage,
|
||||
UINT32 initiator_time_req, UINT32 acceptor_time_req,
|
||||
sspi_gss_cred_id_t* output_cred_handle,
|
||||
sspi_gss_OID_set* actual_mechs, UINT32* initiator_time_rec,
|
||||
UINT32* acceptor_time_rec);
|
||||
|
||||
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_add_cred)(
|
||||
UINT32* minor_status, sspi_gss_cred_id_t input_cred_handle, sspi_gss_name_t desired_name,
|
||||
sspi_gss_OID desired_mech, sspi_gss_cred_usage_t cred_usage, UINT32 initiator_time_req,
|
||||
UINT32 acceptor_time_req, sspi_gss_cred_id_t* output_cred_handle,
|
||||
sspi_gss_OID_set* actual_mechs, UINT32* initiator_time_rec, UINT32* acceptor_time_rec);
|
||||
|
||||
UINT32 SSPI_GSSAPI sspi_gss_inquire_cred_by_mech(UINT32* minor_status,
|
||||
sspi_gss_cred_id_t cred_handle,
|
||||
sspi_gss_OID mech_type, sspi_gss_name_t* name,
|
||||
UINT32* initiator_lifetime,
|
||||
UINT32* acceptor_lifetime,
|
||||
sspi_gss_cred_usage_t* cred_usage);
|
||||
|
||||
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_inquire_cred_by_mech)(
|
||||
UINT32* minor_status, sspi_gss_cred_id_t cred_handle, sspi_gss_OID mech_type,
|
||||
sspi_gss_name_t* name, UINT32* initiator_lifetime, UINT32* acceptor_lifetime,
|
||||
sspi_gss_cred_usage_t* cred_usage);
|
||||
|
||||
UINT32 SSPI_GSSAPI sspi_gss_export_sec_context(UINT32* minor_status,
|
||||
sspi_gss_ctx_id_t* context_handle,
|
||||
sspi_gss_buffer_t interprocess_token);
|
||||
|
||||
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_export_sec_context)(
|
||||
UINT32* minor_status, sspi_gss_ctx_id_t* context_handle,
|
||||
sspi_gss_buffer_t interprocess_token);
|
||||
|
||||
UINT32 SSPI_GSSAPI sspi_gss_import_sec_context(UINT32* minor_status,
|
||||
sspi_gss_buffer_t interprocess_token,
|
||||
sspi_gss_ctx_id_t* context_handle);
|
||||
|
||||
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_import_sec_context)(
|
||||
UINT32* minor_status, sspi_gss_buffer_t interprocess_token,
|
||||
sspi_gss_ctx_id_t* context_handle);
|
||||
|
||||
UINT32 SSPI_GSSAPI sspi_gss_release_oid(UINT32* minor_status, sspi_gss_OID* oid);
|
||||
|
||||
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_release_oid)(UINT32* minor_status, sspi_gss_OID* oid);
|
||||
|
||||
UINT32 SSPI_GSSAPI sspi_gss_create_empty_oid_set(UINT32* minor_status,
|
||||
sspi_gss_OID_set* oid_set);
|
||||
|
||||
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_create_empty_oid_set)(UINT32* minor_status,
|
||||
sspi_gss_OID_set* oid_set);
|
||||
|
||||
UINT32 SSPI_GSSAPI sspi_gss_add_oid_set_member(UINT32* minor_status, sspi_gss_OID member_oid,
|
||||
sspi_gss_OID_set* oid_set);
|
||||
|
||||
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_add_oid_set_member)(UINT32* minor_status,
|
||||
sspi_gss_OID member_oid,
|
||||
sspi_gss_OID_set* oid_set);
|
||||
|
||||
UINT32 SSPI_GSSAPI sspi_gss_test_oid_set_member(UINT32* minor_status, sspi_gss_OID member,
|
||||
sspi_gss_OID_set set, int* present);
|
||||
|
||||
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_test_oid_set_member)(UINT32* minor_status,
|
||||
sspi_gss_OID member,
|
||||
sspi_gss_OID_set set,
|
||||
int* present);
|
||||
|
||||
UINT32 SSPI_GSSAPI sspi_gss_str_to_oid(UINT32* minor_status, sspi_gss_buffer_t oid_str,
|
||||
sspi_gss_OID* oid);
|
||||
|
||||
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_str_to_oid)(UINT32* minor_status,
|
||||
sspi_gss_buffer_t oid_str,
|
||||
sspi_gss_OID* oid);
|
||||
|
||||
UINT32 SSPI_GSSAPI sspi_gss_oid_to_str(UINT32* minor_status, sspi_gss_OID oid,
|
||||
sspi_gss_buffer_t oid_str);
|
||||
|
||||
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_oid_to_str)(UINT32* minor_status, sspi_gss_OID oid,
|
||||
sspi_gss_buffer_t oid_str);
|
||||
|
||||
UINT32 SSPI_GSSAPI sspi_gss_inquire_names_for_mech(UINT32* minor_status, sspi_gss_OID mechanism,
|
||||
sspi_gss_OID_set* name_types);
|
||||
|
||||
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_inquire_names_for_mech)(UINT32* minor_status,
|
||||
sspi_gss_OID mechanism,
|
||||
sspi_gss_OID_set* name_types);
|
||||
|
||||
UINT32 SSPI_GSSAPI sspi_gss_inquire_mechs_for_name(UINT32* minor_status,
|
||||
const sspi_gss_name_t input_name,
|
||||
sspi_gss_OID_set* mech_types);
|
||||
|
||||
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_inquire_mechs_for_name)(
|
||||
UINT32* minor_status, const sspi_gss_name_t input_name, sspi_gss_OID_set* mech_types);
|
||||
|
||||
UINT32 SSPI_GSSAPI sspi_gss_sign(UINT32* minor_status, sspi_gss_ctx_id_t context_handle,
|
||||
int qop_req, sspi_gss_buffer_t message_buffer,
|
||||
sspi_gss_buffer_t message_token);
|
||||
|
||||
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_sign)(UINT32* minor_status,
|
||||
sspi_gss_ctx_id_t context_handle, int qop_req,
|
||||
sspi_gss_buffer_t message_buffer,
|
||||
sspi_gss_buffer_t message_token);
|
||||
|
||||
UINT32 SSPI_GSSAPI sspi_gss_verify(UINT32* minor_status, sspi_gss_ctx_id_t context_handle,
|
||||
sspi_gss_buffer_t message_buffer,
|
||||
sspi_gss_buffer_t token_buffer, int* qop_state);
|
||||
|
||||
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_verify)(UINT32* minor_status,
|
||||
sspi_gss_ctx_id_t context_handle,
|
||||
sspi_gss_buffer_t message_buffer,
|
||||
sspi_gss_buffer_t token_buffer, int* qop_state);
|
||||
|
||||
UINT32 SSPI_GSSAPI sspi_gss_seal(UINT32* minor_status, sspi_gss_ctx_id_t context_handle,
|
||||
int conf_req_flag, int qop_req,
|
||||
sspi_gss_buffer_t input_message_buffer, int* conf_state,
|
||||
sspi_gss_buffer_t output_message_buffer);
|
||||
|
||||
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_seal)(UINT32* minor_status,
|
||||
sspi_gss_ctx_id_t context_handle,
|
||||
int conf_req_flag, int qop_req,
|
||||
sspi_gss_buffer_t input_message_buffer,
|
||||
int* conf_state,
|
||||
sspi_gss_buffer_t output_message_buffer);
|
||||
|
||||
UINT32 SSPI_GSSAPI sspi_gss_unseal(UINT32* minor_status, sspi_gss_ctx_id_t context_handle,
|
||||
sspi_gss_buffer_t input_message_buffer,
|
||||
sspi_gss_buffer_t output_message_buffer, int* conf_state,
|
||||
int* qop_state);
|
||||
|
||||
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_unseal)(UINT32* minor_status,
|
||||
sspi_gss_ctx_id_t context_handle,
|
||||
sspi_gss_buffer_t input_message_buffer,
|
||||
sspi_gss_buffer_t output_message_buffer,
|
||||
int* conf_state, int* qop_state);
|
||||
|
||||
UINT32 SSPI_GSSAPI sspi_gss_export_name(UINT32* minor_status, const sspi_gss_name_t input_name,
|
||||
sspi_gss_buffer_t exported_name);
|
||||
|
||||
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_export_name)(UINT32* minor_status,
|
||||
const sspi_gss_name_t input_name,
|
||||
sspi_gss_buffer_t exported_name);
|
||||
|
||||
UINT32 SSPI_GSSAPI sspi_gss_duplicate_name(UINT32* minor_status,
|
||||
const sspi_gss_name_t input_name,
|
||||
sspi_gss_name_t* dest_name);
|
||||
|
||||
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_duplicate_name)(UINT32* minor_status,
|
||||
const sspi_gss_name_t input_name,
|
||||
sspi_gss_name_t* dest_name);
|
||||
|
||||
UINT32 SSPI_GSSAPI sspi_gss_canonicalize_name(UINT32* minor_status,
|
||||
const sspi_gss_name_t input_name,
|
||||
const sspi_gss_OID mech_type,
|
||||
sspi_gss_name_t* output_name);
|
||||
|
||||
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_canonicalize_name)(UINT32* minor_status,
|
||||
const sspi_gss_name_t input_name,
|
||||
const sspi_gss_OID mech_type,
|
||||
sspi_gss_name_t* output_name);
|
||||
|
||||
UINT32 SSPI_GSSAPI sspi_gss_pseudo_random(UINT32* minor_status, sspi_gss_ctx_id_t context,
|
||||
int prf_key, const sspi_gss_buffer_t prf_in,
|
||||
SSIZE_T desired_output_len,
|
||||
sspi_gss_buffer_t prf_out);
|
||||
|
||||
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_pseudo_random)(UINT32* minor_status,
|
||||
sspi_gss_ctx_id_t context, int prf_key,
|
||||
const sspi_gss_buffer_t prf_in,
|
||||
SSIZE_T desired_output_len,
|
||||
sspi_gss_buffer_t prf_out);
|
||||
|
||||
UINT32 SSPI_GSSAPI sspi_gss_store_cred(UINT32* minor_status,
|
||||
const sspi_gss_cred_id_t input_cred_handle,
|
||||
sspi_gss_cred_usage_t input_usage,
|
||||
const sspi_gss_OID desired_mech, UINT32 overwrite_cred,
|
||||
UINT32 default_cred, sspi_gss_OID_set* elements_stored,
|
||||
sspi_gss_cred_usage_t* cred_usage_stored);
|
||||
|
||||
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_store_cred)(UINT32* minor_status,
|
||||
const sspi_gss_cred_id_t input_cred_handle,
|
||||
sspi_gss_cred_usage_t input_usage,
|
||||
const sspi_gss_OID desired_mech,
|
||||
UINT32 overwrite_cred, UINT32 default_cred,
|
||||
sspi_gss_OID_set* elements_stored,
|
||||
sspi_gss_cred_usage_t* cred_usage_stored);
|
||||
|
||||
UINT32 SSPI_GSSAPI sspi_gss_set_neg_mechs(UINT32* minor_status, sspi_gss_cred_id_t cred_handle,
|
||||
const sspi_gss_OID_set mech_set);
|
||||
|
||||
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_set_neg_mechs)(UINT32* minor_status,
|
||||
sspi_gss_cred_id_t cred_handle,
|
||||
const sspi_gss_OID_set mech_set);
|
||||
|
||||
struct sspi_gss_key_value_element_struct
|
||||
{
|
||||
const char* key;
|
||||
const char* value;
|
||||
};
|
||||
typedef struct sspi_gss_key_value_element_struct sspi_gss_key_value_element_desc;
|
||||
|
||||
struct sspi_gss_key_value_set_struct
|
||||
{
|
||||
UINT32 count;
|
||||
sspi_gss_key_value_element_desc* elements;
|
||||
};
|
||||
typedef struct sspi_gss_key_value_set_struct sspi_gss_key_value_set_desc;
|
||||
typedef const sspi_gss_key_value_set_desc* sspi_gss_const_key_value_set_t;
|
||||
|
||||
UINT32 SSPI_GSSAPI sspi_gss_acquire_cred_from(UINT32* minor_status,
|
||||
sspi_gss_name_t desired_name, UINT32 time_req,
|
||||
sspi_gss_OID_set desired_mechs,
|
||||
sspi_gss_cred_usage_t cred_usage,
|
||||
sspi_gss_const_key_value_set_t cred_store,
|
||||
sspi_gss_cred_id_t* output_cred_handle,
|
||||
sspi_gss_OID_set* actual_mechs, UINT32* time_rec);
|
||||
|
||||
typedef UINT32(SSPI_GSSAPI* fn_sspi_gss_acquire_cred_from)(
|
||||
UINT32* minor_status, sspi_gss_name_t desired_name, UINT32 time_req,
|
||||
sspi_gss_OID_set desired_mechs, sspi_gss_cred_usage_t cred_usage,
|
||||
sspi_gss_const_key_value_set_t cred_store, sspi_gss_cred_id_t* output_cred_handle,
|
||||
sspi_gss_OID_set* actual_mechs, UINT32* time_rec);
|
||||
|
||||
#ifdef __cplusplus
|
||||
return (oid1->len == oid2->len) && (memcmp(oid1->data, oid2->data, oid1->len) == 0);
|
||||
}
|
||||
#endif
|
||||
|
||||
typedef struct
|
||||
{
|
||||
fn_sspi_gss_acquire_cred gss_acquire_cred;
|
||||
fn_sspi_gss_release_cred gss_release_cred;
|
||||
fn_sspi_gss_init_sec_context gss_init_sec_context;
|
||||
fn_sspi_gss_accept_sec_context gss_accept_sec_context;
|
||||
fn_sspi_gss_process_context_token gss_process_context_token;
|
||||
fn_sspi_gss_delete_sec_context gss_delete_sec_context;
|
||||
fn_sspi_gss_context_time gss_context_time;
|
||||
fn_sspi_gss_get_mic gss_get_mic;
|
||||
fn_sspi_gss_verify_mic gss_verify_mic;
|
||||
fn_sspi_gss_wrap gss_wrap;
|
||||
fn_sspi_gss_unwrap gss_unwrap;
|
||||
fn_sspi_gss_display_status gss_display_status;
|
||||
fn_sspi_gss_indicate_mechs gss_indicate_mechs;
|
||||
fn_sspi_gss_compare_name gss_compare_name;
|
||||
fn_sspi_gss_display_name gss_display_name;
|
||||
fn_sspi_gss_import_name gss_import_name;
|
||||
fn_sspi_gss_release_name gss_release_name;
|
||||
fn_sspi_gss_release_buffer gss_release_buffer;
|
||||
fn_sspi_gss_release_oid_set gss_release_oid_set;
|
||||
fn_sspi_gss_inquire_cred gss_inquire_cred;
|
||||
fn_sspi_gss_inquire_context gss_inquire_context;
|
||||
fn_sspi_gss_wrap_size_limit gss_wrap_size_limit;
|
||||
fn_sspi_gss_import_name_object gss_import_name_object;
|
||||
fn_sspi_gss_export_name_object gss_export_name_object;
|
||||
fn_sspi_gss_add_cred gss_add_cred;
|
||||
fn_sspi_gss_inquire_cred_by_mech gss_inquire_cred_by_mech;
|
||||
fn_sspi_gss_export_sec_context gss_export_sec_context;
|
||||
fn_sspi_gss_import_sec_context gss_import_sec_context;
|
||||
fn_sspi_gss_release_oid gss_release_oid;
|
||||
fn_sspi_gss_create_empty_oid_set gss_create_empty_oid_set;
|
||||
fn_sspi_gss_add_oid_set_member gss_add_oid_set_member;
|
||||
fn_sspi_gss_test_oid_set_member gss_test_oid_set_member;
|
||||
fn_sspi_gss_str_to_oid gss_str_to_oid;
|
||||
fn_sspi_gss_oid_to_str gss_oid_to_str;
|
||||
fn_sspi_gss_inquire_names_for_mech gss_inquire_names_for_mech;
|
||||
fn_sspi_gss_inquire_mechs_for_name gss_inquire_mechs_for_name;
|
||||
fn_sspi_gss_sign gss_sign;
|
||||
fn_sspi_gss_verify gss_verify;
|
||||
fn_sspi_gss_seal gss_seal;
|
||||
fn_sspi_gss_unseal gss_unseal;
|
||||
fn_sspi_gss_export_name gss_export_name;
|
||||
fn_sspi_gss_duplicate_name gss_duplicate_name;
|
||||
fn_sspi_gss_canonicalize_name gss_canonicalize_name;
|
||||
fn_sspi_gss_pseudo_random gss_pseudo_random;
|
||||
fn_sspi_gss_store_cred gss_store_cred;
|
||||
fn_sspi_gss_set_neg_mechs gss_set_neg_mechs;
|
||||
fn_sspi_gss_acquire_cred_from gss_acquire_cred_from;
|
||||
} GSSAPI_FUNCTION_TABLE;
|
||||
|
||||
GSSAPI_FUNCTION_TABLE* SEC_ENTRY gssApi_InitSecurityInterface(void);
|
||||
|
||||
#ifdef __cplusplus
|
||||
extern "C"
|
||||
{
|
||||
#endif
|
||||
|
||||
#ifdef __cplusplus
|
||||
}
|
||||
#endif
|
||||
BOOL sspi_gss_wrap_token(SecBuffer* buf, const WinPrAsn1_OID* oid, uint16_t tok_id,
|
||||
const sspi_gss_data* token);
|
||||
BOOL sspi_gss_unwrap_token(const SecBuffer* buf, WinPrAsn1_OID* oid, uint16_t* tok_id,
|
||||
sspi_gss_data* token);
|
||||
|
||||
#endif /* WINPR_SSPI_GSS_PRIVATE_H */
|
||||
|
||||
@ -695,6 +695,15 @@ size_t WinPrAsn1EncIA5String(WinPrAsn1Encoder* enc, WinPrAsn1_IA5STRING ia5)
|
||||
return WinPrAsn1EncMemoryChunk(enc, ER_TAG_IA5STRING, &chunk);
|
||||
}
|
||||
|
||||
size_t WinPrAsn1EncGeneralString(WinPrAsn1Encoder* enc, WinPrAsn1_STRING str)
|
||||
{
|
||||
WinPrAsn1_MemoryChunk chunk;
|
||||
WINPR_ASSERT(str);
|
||||
chunk.data = (BYTE*)str;
|
||||
chunk.len = strlen(str);
|
||||
return WinPrAsn1EncMemoryChunk(enc, ER_TAG_GENERAL_STRING, &chunk);
|
||||
}
|
||||
|
||||
size_t WinPrAsn1EncContextualMemoryChunk(WinPrAsn1Encoder* enc, BYTE wireType,
|
||||
WinPrAsn1_tagId tagId, const WinPrAsn1_MemoryChunk* mchunk)
|
||||
{
|
||||
@ -1107,6 +1116,33 @@ size_t WinPrAsn1DecReadIA5String(WinPrAsn1Decoder* dec, WinPrAsn1_IA5STRING* tar
|
||||
return ret;
|
||||
}
|
||||
|
||||
size_t WinPrAsn1DecReadGeneralString(WinPrAsn1Decoder* dec, WinPrAsn1_STRING* target)
|
||||
{
|
||||
WinPrAsn1_tag tag;
|
||||
size_t len;
|
||||
size_t ret;
|
||||
WinPrAsn1_IA5STRING s;
|
||||
|
||||
WINPR_ASSERT(dec);
|
||||
WINPR_ASSERT(target);
|
||||
|
||||
ret = readTagAndLen(dec, &dec->source, &tag, &len);
|
||||
if (!ret || tag != ER_TAG_GENERAL_STRING)
|
||||
return 0;
|
||||
if (Stream_GetRemainingLength(&dec->source) < len)
|
||||
return 0;
|
||||
|
||||
ret += len;
|
||||
|
||||
s = malloc(len + 1);
|
||||
if (!s)
|
||||
return 0;
|
||||
Stream_Read(&dec->source, s, len);
|
||||
s[len] = 0;
|
||||
*target = s;
|
||||
return ret;
|
||||
}
|
||||
|
||||
static int read2digits(wStream* s)
|
||||
{
|
||||
int ret = 0;
|
||||
|
||||
Loading…
Reference in New Issue
Block a user