970 lines
35 KiB
C
970 lines
35 KiB
C
/**
|
|
* WinPR: Windows Portable Runtime
|
|
* Security Support Provider Interface (SSPI)
|
|
*
|
|
* Copyright 2012 Marc-Andre Moreau <marcandre.moreau@gmail.com>
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
|
|
#ifndef WINPR_SSPI_H
|
|
#define WINPR_SSPI_H
|
|
|
|
#include "config.h"
|
|
|
|
//#define NATIVE_SSPI
|
|
|
|
#include <wchar.h>
|
|
#include <winpr/winpr.h>
|
|
#include <winpr/wtypes.h>
|
|
#include <winpr/windows.h>
|
|
|
|
#ifdef _WIN32
|
|
|
|
#include <tchar.h>
|
|
#include <winerror.h>
|
|
|
|
#ifdef NATIVE_SSPI
|
|
#define SECURITY_WIN32
|
|
#include <sspi.h>
|
|
#include <security.h>
|
|
#else
|
|
#define WINPR_SSPI
|
|
#define SEC_ENTRY __stdcall
|
|
#endif
|
|
|
|
#else
|
|
|
|
#define WINPR_SSPI
|
|
|
|
#endif
|
|
|
|
#ifdef WINPR_SSPI
|
|
|
|
#ifndef SEC_ENTRY
|
|
#define SEC_ENTRY
|
|
#endif
|
|
|
|
typedef CHAR SEC_CHAR;
|
|
typedef WCHAR SEC_WCHAR;
|
|
|
|
struct _SECURITY_INTEGER
|
|
{
|
|
UINT32 LowPart;
|
|
INT32 HighPart;
|
|
};
|
|
typedef struct _SECURITY_INTEGER SECURITY_INTEGER;
|
|
|
|
typedef SECURITY_INTEGER TimeStamp;
|
|
typedef SECURITY_INTEGER* PTimeStamp;
|
|
|
|
typedef UINT32 SECURITY_STATUS;
|
|
|
|
struct _SecPkgInfoA
|
|
{
|
|
UINT32 fCapabilities;
|
|
UINT16 wVersion;
|
|
UINT16 wRPCID;
|
|
UINT32 cbMaxToken;
|
|
SEC_CHAR* Name;
|
|
SEC_CHAR* Comment;
|
|
};
|
|
typedef struct _SecPkgInfoA SecPkgInfoA;
|
|
typedef SecPkgInfoA* PSecPkgInfoA;
|
|
|
|
struct _SecPkgInfoW
|
|
{
|
|
UINT32 fCapabilities;
|
|
UINT16 wVersion;
|
|
UINT16 wRPCID;
|
|
UINT32 cbMaxToken;
|
|
SEC_WCHAR* Name;
|
|
SEC_WCHAR* Comment;
|
|
};
|
|
typedef struct _SecPkgInfoW SecPkgInfoW;
|
|
typedef SecPkgInfoW* PSecPkgInfoW;
|
|
|
|
#ifdef UNICODE
|
|
#define SecPkgInfo SecPkgInfoW
|
|
#define PSecPkgInfo PSecPkgInfoW
|
|
#else
|
|
#define SecPkgInfo SecPkgInfoA
|
|
#define PSecPkgInfo PSecPkgInfoA
|
|
#endif
|
|
|
|
#define NTLMSP_NAME _T("NTLM")
|
|
|
|
#endif
|
|
|
|
#define SECPKG_ID_NONE 0xFFFF
|
|
|
|
#define SECPKG_FLAG_INTEGRITY 0x00000001
|
|
#define SECPKG_FLAG_PRIVACY 0x00000002
|
|
#define SECPKG_FLAG_TOKEN_ONLY 0x00000004
|
|
#define SECPKG_FLAG_DATAGRAM 0x00000008
|
|
#define SECPKG_FLAG_CONNECTION 0x00000010
|
|
#define SECPKG_FLAG_MULTI_REQUIRED 0x00000020
|
|
#define SECPKG_FLAG_CLIENT_ONLY 0x00000040
|
|
#define SECPKG_FLAG_EXTENDED_ERROR 0x00000080
|
|
#define SECPKG_FLAG_IMPERSONATION 0x00000100
|
|
#define SECPKG_FLAG_ACCEPT_WIN32_NAME 0x00000200
|
|
#define SECPKG_FLAG_STREAM 0x00000400
|
|
#define SECPKG_FLAG_NEGOTIABLE 0x00000800
|
|
#define SECPKG_FLAG_GSS_COMPATIBLE 0x00001000
|
|
#define SECPKG_FLAG_LOGON 0x00002000
|
|
#define SECPKG_FLAG_ASCII_BUFFERS 0x00004000
|
|
#define SECPKG_FLAG_FRAGMENT 0x00008000
|
|
#define SECPKG_FLAG_MUTUAL_AUTH 0x00010000
|
|
#define SECPKG_FLAG_DELEGATION 0x00020000
|
|
#define SECPKG_FLAG_READONLY_WITH_CHECKSUM 0x00040000
|
|
#define SECPKG_FLAG_RESTRICTED_TOKENS 0x00080000
|
|
#define SECPKG_FLAG_NEGO_EXTENDER 0x00100000
|
|
#define SECPKG_FLAG_NEGOTIABLE2 0x00200000
|
|
|
|
#ifndef _WINERROR_
|
|
|
|
#define SEC_E_OK 0x00000000
|
|
#define SEC_E_INSUFFICIENT_MEMORY 0x80090300
|
|
#define SEC_E_INVALID_HANDLE 0x80090301
|
|
#define SEC_E_UNSUPPORTED_FUNCTION 0x80090302
|
|
#define SEC_E_TARGET_UNKNOWN 0x80090303
|
|
#define SEC_E_INTERNAL_ERROR 0x80090304
|
|
#define SEC_E_SECPKG_NOT_FOUND 0x80090305
|
|
#define SEC_E_NOT_OWNER 0x80090306
|
|
#define SEC_E_CANNOT_INSTALL 0x80090307
|
|
#define SEC_E_INVALID_TOKEN 0x80090308
|
|
#define SEC_E_CANNOT_PACK 0x80090309
|
|
#define SEC_E_QOP_NOT_SUPPORTED 0x8009030A
|
|
#define SEC_E_NO_IMPERSONATION 0x8009030B
|
|
#define SEC_E_LOGON_DENIED 0x8009030C
|
|
#define SEC_E_UNKNOWN_CREDENTIALS 0x8009030D
|
|
#define SEC_E_NO_CREDENTIALS 0x8009030E
|
|
#define SEC_E_MESSAGE_ALTERED 0x8009030F
|
|
#define SEC_E_OUT_OF_SEQUENCE 0x80090310
|
|
#define SEC_E_NO_AUTHENTICATING_AUTHORITY 0x80090311
|
|
#define SEC_E_BAD_PKGID 0x80090316
|
|
#define SEC_E_CONTEXT_EXPIRED 0x80090317
|
|
#define SEC_E_INCOMPLETE_MESSAGE 0x80090318
|
|
#define SEC_E_INCOMPLETE_CREDENTIALS 0x80090320
|
|
#define SEC_E_BUFFER_TOO_SMALL 0x80090321
|
|
#define SEC_E_WRONG_PRINCIPAL 0x80090322
|
|
#define SEC_E_TIME_SKEW 0x80090324
|
|
#define SEC_E_UNTRUSTED_ROOT 0x80090325
|
|
#define SEC_E_ILLEGAL_MESSAGE 0x80090326
|
|
#define SEC_E_CERT_UNKNOWN 0x80090327
|
|
#define SEC_E_CERT_EXPIRED 0x80090328
|
|
#define SEC_E_ENCRYPT_FAILURE 0x80090329
|
|
#define SEC_E_DECRYPT_FAILURE 0x80090330
|
|
#define SEC_E_ALGORITHM_MISMATCH 0x80090331
|
|
#define SEC_E_SECURITY_QOS_FAILED 0x80090332
|
|
#define SEC_E_UNFINISHED_CONTEXT_DELETED 0x80090333
|
|
#define SEC_E_NO_TGT_REPLY 0x80090334
|
|
#define SEC_E_NO_IP_ADDRESSES 0x80090335
|
|
#define SEC_E_WRONG_CREDENTIAL_HANDLE 0x80090336
|
|
#define SEC_E_CRYPTO_SYSTEM_INVALID 0x80090337
|
|
#define SEC_E_MAX_REFERRALS_EXCEEDED 0x80090338
|
|
#define SEC_E_MUST_BE_KDC 0x80090339
|
|
#define SEC_E_STRONG_CRYPTO_NOT_SUPPORTED 0x8009033A
|
|
#define SEC_E_TOO_MANY_PRINCIPALS 0x8009033B
|
|
#define SEC_E_NO_PA_DATA 0x8009033C
|
|
#define SEC_E_PKINIT_NAME_MISMATCH 0x8009033D
|
|
#define SEC_E_SMARTCARD_LOGON_REQUIRED 0x8009033E
|
|
#define SEC_E_SHUTDOWN_IN_PROGRESS 0x8009033F
|
|
#define SEC_E_KDC_INVALID_REQUEST 0x80090340
|
|
#define SEC_E_KDC_UNABLE_TO_REFER 0x80090341
|
|
#define SEC_E_KDC_UNKNOWN_ETYPE 0x80090342
|
|
#define SEC_E_UNSUPPORTED_PREAUTH 0x80090343
|
|
#define SEC_E_DELEGATION_REQUIRED 0x80090345
|
|
#define SEC_E_BAD_BINDINGS 0x80090346
|
|
#define SEC_E_MULTIPLE_ACCOUNTS 0x80090347
|
|
#define SEC_E_NO_KERB_KEY 0x80090348
|
|
#define SEC_E_CERT_WRONG_USAGE 0x80090349
|
|
#define SEC_E_DOWNGRADE_DETECTED 0x80090350
|
|
#define SEC_E_SMARTCARD_CERT_REVOKED 0x80090351
|
|
#define SEC_E_ISSUING_CA_UNTRUSTED 0x80090352
|
|
#define SEC_E_REVOCATION_OFFLINE_C 0x80090353
|
|
#define SEC_E_PKINIT_CLIENT_FAILURE 0x80090354
|
|
#define SEC_E_SMARTCARD_CERT_EXPIRED 0x80090355
|
|
#define SEC_E_NO_S4U_PROT_SUPPORT 0x80090356
|
|
#define SEC_E_CROSSREALM_DELEGATION_FAILURE 0x80090357
|
|
#define SEC_E_REVOCATION_OFFLINE_KDC 0x80090358
|
|
#define SEC_E_ISSUING_CA_UNTRUSTED_KDC 0x80090359
|
|
#define SEC_E_KDC_CERT_EXPIRED 0x8009035A
|
|
#define SEC_E_KDC_CERT_REVOKED 0x8009035B
|
|
#define SEC_E_INVALID_PARAMETER 0x8009035D
|
|
#define SEC_E_DELEGATION_POLICY 0x8009035E
|
|
#define SEC_E_POLICY_NLTM_ONLY 0x8009035F
|
|
#define SEC_E_NO_CONTEXT 0x80090361
|
|
#define SEC_E_PKU2U_CERT_FAILURE 0x80090362
|
|
#define SEC_E_MUTUAL_AUTH_FAILED 0x80090363
|
|
|
|
#define SEC_I_CONTINUE_NEEDED 0x00090312
|
|
#define SEC_I_COMPLETE_NEEDED 0x00090313
|
|
#define SEC_I_COMPLETE_AND_CONTINUE 0x00090314
|
|
#define SEC_I_LOCAL_LOGON 0x00090315
|
|
#define SEC_I_CONTEXT_EXPIRED 0x00090317
|
|
#define SEC_I_INCOMPLETE_CREDENTIALS 0x00090320
|
|
#define SEC_I_RENEGOTIATE 0x00090321
|
|
#define SEC_I_NO_LSA_CONTEXT 0x00090323
|
|
#define SEC_I_SIGNATURE_NEEDED 0x0009035C
|
|
#define SEC_I_NO_RENEGOTIATION 0x00090360
|
|
|
|
#endif
|
|
|
|
#define SECURITY_NATIVE_DREP 0x00000010
|
|
#define SECURITY_NETWORK_DREP 0x00000000
|
|
|
|
#define SECPKG_CRED_INBOUND 0x00000001
|
|
#define SECPKG_CRED_OUTBOUND 0x00000002
|
|
#define SECPKG_CRED_BOTH 0x00000003
|
|
#define SECPKG_CRED_AUTOLOGON_RESTRICTED 0x00000010
|
|
#define SECPKG_CRED_PROCESS_POLICY_ONLY 0x00000020
|
|
|
|
/* Security Context Attributes */
|
|
|
|
#define SECPKG_ATTR_SIZES 0
|
|
#define SECPKG_ATTR_NAMES 1
|
|
#define SECPKG_ATTR_LIFESPAN 2
|
|
#define SECPKG_ATTR_DCE_INFO 3
|
|
#define SECPKG_ATTR_STREAM_SIZES 4
|
|
#define SECPKG_ATTR_KEY_INFO 5
|
|
#define SECPKG_ATTR_AUTHORITY 6
|
|
#define SECPKG_ATTR_PROTO_INFO 7
|
|
#define SECPKG_ATTR_PASSWORD_EXPIRY 8
|
|
#define SECPKG_ATTR_SESSION_KEY 9
|
|
#define SECPKG_ATTR_PACKAGE_INFO 10
|
|
#define SECPKG_ATTR_USER_FLAGS 11
|
|
#define SECPKG_ATTR_NEGOTIATION_INFO 12
|
|
#define SECPKG_ATTR_NATIVE_NAMES 13
|
|
#define SECPKG_ATTR_FLAGS 14
|
|
#define SECPKG_ATTR_USE_VALIDATED 15
|
|
#define SECPKG_ATTR_CREDENTIAL_NAME 16
|
|
#define SECPKG_ATTR_TARGET_INFORMATION 17
|
|
#define SECPKG_ATTR_ACCESS_TOKEN 18
|
|
#define SECPKG_ATTR_TARGET 19
|
|
#define SECPKG_ATTR_AUTHENTICATION_ID 20
|
|
#define SECPKG_ATTR_LOGOFF_TIME 21
|
|
#define SECPKG_ATTR_NEGO_KEYS 22
|
|
#define SECPKG_ATTR_PROMPTING_NEEDED 24
|
|
#define SECPKG_ATTR_UNIQUE_BINDINGS 25
|
|
#define SECPKG_ATTR_ENDPOINT_BINDINGS 26
|
|
#define SECPKG_ATTR_CLIENT_SPECIFIED_TARGET 27
|
|
#define SECPKG_ATTR_LAST_CLIENT_TOKEN_STATUS 30
|
|
#define SECPKG_ATTR_NEGO_PKG_INFO 31
|
|
#define SECPKG_ATTR_NEGO_STATUS 32
|
|
#define SECPKG_ATTR_CONTEXT_DELETED 33
|
|
|
|
#ifdef WINPR_SSPI
|
|
|
|
struct _SecPkgContext_AccessToken
|
|
{
|
|
void* AccessToken;
|
|
};
|
|
typedef struct _SecPkgContext_AccessToken SecPkgContext_AccessToken;
|
|
|
|
struct _SecPkgContext_SessionAppData
|
|
{
|
|
UINT32 dwFlags;
|
|
UINT32 cbAppData;
|
|
BYTE* pbAppData;
|
|
};
|
|
typedef struct _SecPkgContext_SessionAppData SecPkgContext_SessionAppData;
|
|
|
|
struct _SecPkgContext_Authority
|
|
{
|
|
char* sAuthorityName;
|
|
};
|
|
typedef struct _SecPkgContext_Authority SecPkgContext_Authority;
|
|
|
|
struct _SecPkgContext_ClientSpecifiedTarget
|
|
{
|
|
char* sTargetName;
|
|
};
|
|
typedef struct _SecPkgContext_ClientSpecifiedTarget SecPkgContext_ClientSpecifiedTarget;
|
|
|
|
typedef UINT32 ALG_ID;
|
|
|
|
struct _SecPkgContext_ConnectionInfo
|
|
{
|
|
UINT32 dwProtocol;
|
|
ALG_ID aiCipher;
|
|
UINT32 dwCipherStrength;
|
|
ALG_ID aiHash;
|
|
UINT32 dwHashStrength;
|
|
ALG_ID aiExch;
|
|
UINT32 dwExchStrength;
|
|
};
|
|
typedef struct _SecPkgContext_ConnectionInfo SecPkgContext_ConnectionInfo;
|
|
|
|
struct _SecPkgContext_ClientCreds
|
|
{
|
|
UINT32 AuthBufferLen;
|
|
BYTE* AuthBuffer;
|
|
};
|
|
typedef struct _SecPkgContext_ClientCreds SecPkgContext_ClientCreds;
|
|
|
|
struct _SecPkgContex_DceInfo
|
|
{
|
|
UINT32 AuthzSvc;
|
|
void* pPac;
|
|
};
|
|
typedef struct _SecPkgContex_DceInfo SecPkgContex_DceInfo;
|
|
|
|
struct _SEC_CHANNEL_BINDINGS
|
|
{
|
|
UINT32 dwInitiatorAddrType;
|
|
UINT32 cbInitiatorLength;
|
|
UINT32 dwInitiatorOffset;
|
|
UINT32 dwAcceptorAddrType;
|
|
UINT32 cbAcceptorLength;
|
|
UINT32 dwAcceptorOffset;
|
|
UINT32 cbApplicationDataLength;
|
|
UINT32 dwApplicationDataOffset;
|
|
};
|
|
typedef struct _SEC_CHANNEL_BINDINGS SEC_CHANNEL_BINDINGS;
|
|
|
|
struct _SecPkgContext_Bindings
|
|
{
|
|
UINT32 BindingsLength;
|
|
SEC_CHANNEL_BINDINGS* Bindings;
|
|
};
|
|
typedef struct _SecPkgContext_Bindings SecPkgContext_Bindings;
|
|
|
|
struct _SecPkgContext_EapKeyBlock
|
|
{
|
|
BYTE rgbKeys[128];
|
|
BYTE rgbIVs[64];
|
|
};
|
|
typedef struct _SecPkgContext_EapKeyBlock SecPkgContext_EapKeyBlock;
|
|
|
|
struct _SecPkgContext_Flags
|
|
{
|
|
UINT32 Flags;
|
|
};
|
|
typedef struct _SecPkgContext_Flags SecPkgContext_Flags;
|
|
|
|
struct _SecPkgContext_KeyInfo
|
|
{
|
|
char* sSignatureAlgorithmName;
|
|
char* sEncryptAlgorithmName;
|
|
UINT32 KeySize;
|
|
UINT32 SignatureAlgorithm;
|
|
UINT32 EncryptAlgorithm;
|
|
};
|
|
typedef struct _SecPkgContext_KeyInfo SecPkgContext_KeyInfo;
|
|
|
|
struct _SecPkgContext_Lifespan
|
|
{
|
|
TimeStamp tsStart;
|
|
TimeStamp tsExpiry;
|
|
};
|
|
typedef struct _SecPkgContext_Lifespan SecPkgContext_Lifespan;
|
|
|
|
struct _SecPkgContext_Names
|
|
{
|
|
char* sUserName;
|
|
};
|
|
typedef struct _SecPkgContext_Names SecPkgContext_Names;
|
|
|
|
struct _SecPkgContext_NativeNames
|
|
{
|
|
char* sClientName;
|
|
char* sServerName;
|
|
};
|
|
typedef struct _SecPkgContext_NativeNames SecPkgContext_NativeNames;
|
|
|
|
struct _SecPkgContext_NegotiationInfo
|
|
{
|
|
SecPkgInfo* PackageInfo;
|
|
UINT32 NegotiationState;
|
|
};
|
|
typedef struct _SecPkgContext_NegotiationInfo SecPkgContext_NegotiationInfo;
|
|
|
|
struct _SecPkgContext_PackageInfo
|
|
{
|
|
SecPkgInfo* PackageInfo;
|
|
};
|
|
typedef struct _SecPkgContext_PackageInfo SecPkgContext_PackageInfo;
|
|
|
|
struct _SecPkgContext_PasswordExpiry
|
|
{
|
|
TimeStamp tsPasswordExpires;
|
|
};
|
|
typedef struct _SecPkgContext_PasswordExpiry SecPkgContext_PasswordExpiry;
|
|
|
|
struct _SecPkgContext_SessionKey
|
|
{
|
|
UINT32 SessionKeyLength;
|
|
BYTE* SessionKey;
|
|
};
|
|
typedef struct _SecPkgContext_SessionKey SecPkgContext_SessionKey;
|
|
|
|
struct _SecPkgContext_SessionInfo
|
|
{
|
|
UINT32 dwFlags;
|
|
UINT32 cbSessionId;
|
|
BYTE rgbSessionId[32];
|
|
};
|
|
typedef struct _SecPkgContext_SessionInfo SecPkgContext_SessionInfo;
|
|
|
|
struct _SecPkgContext_Sizes
|
|
{
|
|
UINT32 cbMaxToken;
|
|
UINT32 cbMaxSignature;
|
|
UINT32 cbBlockSize;
|
|
UINT32 cbSecurityTrailer;
|
|
};
|
|
typedef struct _SecPkgContext_Sizes SecPkgContext_Sizes;
|
|
|
|
struct _SecPkgContext_StreamSizes
|
|
{
|
|
UINT32 cbHeader;
|
|
UINT32 cbTrailer;
|
|
UINT32 cbMaximumMessage;
|
|
UINT32 cBuffers;
|
|
UINT32 cbBlockSize;
|
|
};
|
|
typedef struct _SecPkgContext_StreamSizes SecPkgContext_StreamSizes;
|
|
|
|
struct _SecPkgContext_SubjectAttributes
|
|
{
|
|
void* AttributeInfo;
|
|
};
|
|
typedef struct _SecPkgContext_SubjectAttributes SecPkgContext_SubjectAttributes;
|
|
|
|
struct _SecPkgContext_SupportedSignatures
|
|
{
|
|
UINT16 cSignatureAndHashAlgorithms;
|
|
UINT16* pSignatureAndHashAlgorithms;
|
|
};
|
|
typedef struct _SecPkgContext_SupportedSignatures SecPkgContext_SupportedSignatures;
|
|
|
|
struct _SecPkgContext_TargetInformation
|
|
{
|
|
UINT32 MarshalledTargetInfoLength;
|
|
BYTE* MarshalledTargetInfo;
|
|
};
|
|
typedef struct _SecPkgContext_TargetInformation SecPkgContext_TargetInformation;
|
|
|
|
/* Security Credentials Attributes */
|
|
|
|
#define SECPKG_CRED_ATTR_NAMES 1
|
|
|
|
struct _SecPkgCredentials_NamesA
|
|
{
|
|
SEC_CHAR* sUserName;
|
|
};
|
|
typedef struct _SecPkgCredentials_NamesA SecPkgCredentials_NamesA;
|
|
typedef SecPkgCredentials_NamesA* PSecPkgCredentials_NamesA;
|
|
|
|
struct _SecPkgCredentials_NamesW
|
|
{
|
|
SEC_WCHAR* sUserName;
|
|
};
|
|
typedef struct _SecPkgCredentials_NamesW SecPkgCredentials_NamesW;
|
|
typedef SecPkgCredentials_NamesW* PSecPkgCredentials_NamesW;
|
|
|
|
#ifdef UNICODE
|
|
#define SecPkgCredentials_Names SecPkgCredentials_NamesW
|
|
#define PSecPkgCredentials_Names PSecPkgCredentials_NamesW
|
|
#else
|
|
#define SecPkgCredentials_Names SecPkgCredentials_NamesA
|
|
#define PSecPkgCredentials_Names PSecPkgCredentials_NamesA
|
|
#endif
|
|
|
|
#endif
|
|
|
|
/* InitializeSecurityContext Flags */
|
|
|
|
#define ISC_REQ_DELEGATE 0x00000001
|
|
#define ISC_REQ_MUTUAL_AUTH 0x00000002
|
|
#define ISC_REQ_REPLAY_DETECT 0x00000004
|
|
#define ISC_REQ_SEQUENCE_DETECT 0x00000008
|
|
#define ISC_REQ_CONFIDENTIALITY 0x00000010
|
|
#define ISC_REQ_USE_SESSION_KEY 0x00000020
|
|
#define ISC_REQ_PROMPT_FOR_CREDS 0x00000040
|
|
#define ISC_REQ_USE_SUPPLIED_CREDS 0x00000080
|
|
#define ISC_REQ_ALLOCATE_MEMORY 0x00000100
|
|
#define ISC_REQ_USE_DCE_STYLE 0x00000200
|
|
#define ISC_REQ_DATAGRAM 0x00000400
|
|
#define ISC_REQ_CONNECTION 0x00000800
|
|
#define ISC_REQ_CALL_LEVEL 0x00001000
|
|
#define ISC_REQ_FRAGMENT_SUPPLIED 0x00002000
|
|
#define ISC_REQ_EXTENDED_ERROR 0x00004000
|
|
#define ISC_REQ_STREAM 0x00008000
|
|
#define ISC_REQ_INTEGRITY 0x00010000
|
|
#define ISC_REQ_IDENTIFY 0x00020000
|
|
#define ISC_REQ_NULL_SESSION 0x00040000
|
|
#define ISC_REQ_MANUAL_CRED_VALIDATION 0x00080000
|
|
#define ISC_REQ_RESERVED1 0x00100000
|
|
#define ISC_REQ_FRAGMENT_TO_FIT 0x00200000
|
|
#define ISC_REQ_FORWARD_CREDENTIALS 0x00400000
|
|
#define ISC_REQ_NO_INTEGRITY 0x00800000
|
|
#define ISC_REQ_USE_HTTP_STYLE 0x01000000
|
|
|
|
#define ISC_RET_DELEGATE 0x00000001
|
|
#define ISC_RET_MUTUAL_AUTH 0x00000002
|
|
#define ISC_RET_REPLAY_DETECT 0x00000004
|
|
#define ISC_RET_SEQUENCE_DETECT 0x00000008
|
|
#define ISC_RET_CONFIDENTIALITY 0x00000010
|
|
#define ISC_RET_USE_SESSION_KEY 0x00000020
|
|
#define ISC_RET_USED_COLLECTED_CREDS 0x00000040
|
|
#define ISC_RET_USED_SUPPLIED_CREDS 0x00000080
|
|
#define ISC_RET_ALLOCATED_MEMORY 0x00000100
|
|
#define ISC_RET_USED_DCE_STYLE 0x00000200
|
|
#define ISC_RET_DATAGRAM 0x00000400
|
|
#define ISC_RET_CONNECTION 0x00000800
|
|
#define ISC_RET_INTERMEDIATE_RETURN 0x00001000
|
|
#define ISC_RET_CALL_LEVEL 0x00002000
|
|
#define ISC_RET_EXTENDED_ERROR 0x00004000
|
|
#define ISC_RET_STREAM 0x00008000
|
|
#define ISC_RET_INTEGRITY 0x00010000
|
|
#define ISC_RET_IDENTIFY 0x00020000
|
|
#define ISC_RET_NULL_SESSION 0x00040000
|
|
#define ISC_RET_MANUAL_CRED_VALIDATION 0x00080000
|
|
#define ISC_RET_RESERVED1 0x00100000
|
|
#define ISC_RET_FRAGMENT_ONLY 0x00200000
|
|
#define ISC_RET_FORWARD_CREDENTIALS 0x00400000
|
|
#define ISC_RET_USED_HTTP_STYLE 0x01000000
|
|
|
|
/* AcceptSecurityContext Flags */
|
|
|
|
#define ASC_REQ_DELEGATE 0x00000001
|
|
#define ASC_REQ_MUTUAL_AUTH 0x00000002
|
|
#define ASC_REQ_REPLAY_DETECT 0x00000004
|
|
#define ASC_REQ_SEQUENCE_DETECT 0x00000008
|
|
#define ASC_REQ_CONFIDENTIALITY 0x00000010
|
|
#define ASC_REQ_USE_SESSION_KEY 0x00000020
|
|
#define ASC_REQ_ALLOCATE_MEMORY 0x00000100
|
|
#define ASC_REQ_USE_DCE_STYLE 0x00000200
|
|
#define ASC_REQ_DATAGRAM 0x00000400
|
|
#define ASC_REQ_CONNECTION 0x00000800
|
|
#define ASC_REQ_CALL_LEVEL 0x00001000
|
|
#define ASC_REQ_EXTENDED_ERROR 0x00008000
|
|
#define ASC_REQ_STREAM 0x00010000
|
|
#define ASC_REQ_INTEGRITY 0x00020000
|
|
#define ASC_REQ_LICENSING 0x00040000
|
|
#define ASC_REQ_IDENTIFY 0x00080000
|
|
#define ASC_REQ_ALLOW_NULL_SESSION 0x00100000
|
|
#define ASC_REQ_ALLOW_NON_USER_LOGONS 0x00200000
|
|
#define ASC_REQ_ALLOW_CONTEXT_REPLAY 0x00400000
|
|
#define ASC_REQ_FRAGMENT_TO_FIT 0x00800000
|
|
#define ASC_REQ_FRAGMENT_SUPPLIED 0x00002000
|
|
#define ASC_REQ_NO_TOKEN 0x01000000
|
|
#define ASC_REQ_PROXY_BINDINGS 0x04000000
|
|
#define ASC_REQ_ALLOW_MISSING_BINDINGS 0x10000000
|
|
|
|
#define ASC_RET_DELEGATE 0x00000001
|
|
#define ASC_RET_MUTUAL_AUTH 0x00000002
|
|
#define ASC_RET_REPLAY_DETECT 0x00000004
|
|
#define ASC_RET_SEQUENCE_DETECT 0x00000008
|
|
#define ASC_RET_CONFIDENTIALITY 0x00000010
|
|
#define ASC_RET_USE_SESSION_KEY 0x00000020
|
|
#define ASC_RET_ALLOCATED_MEMORY 0x00000100
|
|
#define ASC_RET_USED_DCE_STYLE 0x00000200
|
|
#define ASC_RET_DATAGRAM 0x00000400
|
|
#define ASC_RET_CONNECTION 0x00000800
|
|
#define ASC_RET_CALL_LEVEL 0x00002000
|
|
#define ASC_RET_THIRD_LEG_FAILED 0x00004000
|
|
#define ASC_RET_EXTENDED_ERROR 0x00008000
|
|
#define ASC_RET_STREAM 0x00010000
|
|
#define ASC_RET_INTEGRITY 0x00020000
|
|
#define ASC_RET_LICENSING 0x00040000
|
|
#define ASC_RET_IDENTIFY 0x00080000
|
|
#define ASC_RET_NULL_SESSION 0x00100000
|
|
#define ASC_RET_ALLOW_NON_USER_LOGONS 0x00200000
|
|
#define ASC_RET_FRAGMENT_ONLY 0x00800000
|
|
#define ASC_RET_NO_TOKEN 0x01000000
|
|
#define ASC_RET_NO_PROXY_BINDINGS 0x04000000
|
|
#define ASC_RET_MISSING_BINDINGS 0x10000000
|
|
|
|
#define SEC_WINNT_AUTH_IDENTITY_ANSI 0x1
|
|
#define SEC_WINNT_AUTH_IDENTITY_UNICODE 0x2
|
|
|
|
#ifdef WINPR_SSPI
|
|
|
|
struct _SEC_WINNT_AUTH_IDENTITY
|
|
{
|
|
UINT16* User;
|
|
UINT32 UserLength;
|
|
UINT16* Domain;
|
|
UINT32 DomainLength;
|
|
UINT16* Password;
|
|
UINT32 PasswordLength;
|
|
UINT32 Flags;
|
|
};
|
|
typedef struct _SEC_WINNT_AUTH_IDENTITY SEC_WINNT_AUTH_IDENTITY;
|
|
|
|
struct _SecHandle
|
|
{
|
|
ULONG_PTR dwLower;
|
|
ULONG_PTR dwUpper;
|
|
};
|
|
typedef struct _SecHandle SecHandle;
|
|
|
|
typedef SecHandle CredHandle;
|
|
typedef CredHandle* PCredHandle;
|
|
typedef SecHandle CtxtHandle;
|
|
typedef CtxtHandle* PCtxtHandle;
|
|
|
|
#endif
|
|
|
|
#define SECBUFFER_VERSION 0
|
|
|
|
/* Buffer Types */
|
|
#define SECBUFFER_EMPTY 0
|
|
#define SECBUFFER_DATA 1
|
|
#define SECBUFFER_TOKEN 2
|
|
#define SECBUFFER_PKG_PARAMS 3
|
|
#define SECBUFFER_MISSING 4
|
|
#define SECBUFFER_EXTRA 5
|
|
#define SECBUFFER_STREAM_TRAILER 6
|
|
#define SECBUFFER_STREAM_HEADER 7
|
|
#define SECBUFFER_NEGOTIATION_INFO 8
|
|
#define SECBUFFER_PADDING 9
|
|
#define SECBUFFER_STREAM 10
|
|
#define SECBUFFER_MECHLIST 11
|
|
#define SECBUFFER_MECHLIST_SIGNATURE 12
|
|
#define SECBUFFER_TARGET 13
|
|
#define SECBUFFER_CHANNEL_BINDINGS 14
|
|
#define SECBUFFER_CHANGE_PASS_RESPONSE 15
|
|
#define SECBUFFER_TARGET_HOST 16
|
|
#define SECBUFFER_ALERT 17
|
|
|
|
/* Security Buffer Flags */
|
|
#define SECBUFFER_ATTRMASK 0xF0000000
|
|
#define SECBUFFER_READONLY 0x80000000
|
|
#define SECBUFFER_READONLY_WITH_CHECKSUM 0x10000000
|
|
#define SECBUFFER_RESERVED 0x60000000
|
|
|
|
#ifdef WINPR_SSPI
|
|
|
|
struct _SecBuffer
|
|
{
|
|
ULONG cbBuffer;
|
|
ULONG BufferType;
|
|
void* pvBuffer;
|
|
};
|
|
typedef struct _SecBuffer SecBuffer;
|
|
typedef SecBuffer* PSecBuffer;
|
|
|
|
struct _SecBufferDesc
|
|
{
|
|
ULONG ulVersion;
|
|
ULONG cBuffers;
|
|
PSecBuffer pBuffers;
|
|
};
|
|
typedef struct _SecBufferDesc SecBufferDesc;
|
|
typedef SecBufferDesc* PSecBufferDesc;
|
|
|
|
typedef void (SEC_ENTRY * SEC_GET_KEY_FN)(void* Arg, void* Principal, UINT32 KeyVer, void** Key, SECURITY_STATUS* Status);
|
|
|
|
typedef SECURITY_STATUS (SEC_ENTRY * ENUMERATE_SECURITY_PACKAGES_FN_A)(UINT32* pcPackages, PSecPkgInfoA* ppPackageInfo);
|
|
typedef SECURITY_STATUS (SEC_ENTRY * ENUMERATE_SECURITY_PACKAGES_FN_W)(UINT32* pcPackages, PSecPkgInfoW* ppPackageInfo);
|
|
|
|
#ifdef UNICODE
|
|
#define EnumerateSecurityPackages EnumerateSecurityPackagesW
|
|
#define ENUMERATE_SECURITY_PACKAGES_FN ENUMERATE_SECURITY_PACKAGES_FN_W
|
|
#else
|
|
#define EnumerateSecurityPackages EnumerateSecurityPackagesA
|
|
#define ENUMERATE_SECURITY_PACKAGES_FN ENUMERATE_SECURITY_PACKAGES_FN_A
|
|
#endif
|
|
|
|
typedef SECURITY_STATUS (SEC_ENTRY * QUERY_CREDENTIALS_ATTRIBUTES_FN_A)(PCredHandle phCredential, ULONG ulAttribute, void* pBuffer);
|
|
typedef SECURITY_STATUS (SEC_ENTRY * QUERY_CREDENTIALS_ATTRIBUTES_FN_W)(PCredHandle phCredential, ULONG ulAttribute, void* pBuffer);
|
|
|
|
#ifdef UNICODE
|
|
#define QueryCredentialsAttributes QueryCredentialsAttributesW
|
|
#define QUERY_CREDENTIALS_ATTRIBUTES_FN QUERY_CREDENTIALS_ATTRIBUTES_FN_W
|
|
#else
|
|
#define QueryCredentialsAttributes QueryCredentialsAttributesA
|
|
#define QUERY_CREDENTIALS_ATTRIBUTES_FN QUERY_CREDENTIALS_ATTRIBUTES_FN_A
|
|
#endif
|
|
|
|
typedef SECURITY_STATUS (SEC_ENTRY * ACQUIRE_CREDENTIALS_HANDLE_FN_A)(LPSTR pszPrincipal, LPSTR pszPackage,
|
|
ULONG fCredentialUse, PLUID pvLogonID, void* pAuthData, void* pGetKeyFn,
|
|
void* pvGetKeyArgument, PCredHandle phCredential, PTimeStamp ptsExpiry);
|
|
typedef SECURITY_STATUS (SEC_ENTRY * ACQUIRE_CREDENTIALS_HANDLE_FN_W)(LPWSTR pszPrincipal, LPWSTR pszPackage,
|
|
ULONG fCredentialUse, PLUID pvLogonID, void* pAuthData, void* pGetKeyFn,
|
|
void* pvGetKeyArgument, PCredHandle phCredential, PTimeStamp ptsExpiry);
|
|
|
|
#ifdef UNICODE
|
|
#define AcquireCredentialsHandle AcquireCredentialsHandleW
|
|
#define ACQUIRE_CREDENTIALS_HANDLE_FN ACQUIRE_CREDENTIALS_HANDLE_FN_W
|
|
#else
|
|
#define AcquireCredentialsHandle AcquireCredentialsHandleA
|
|
#define ACQUIRE_CREDENTIALS_HANDLE_FN ACQUIRE_CREDENTIALS_HANDLE_FN_A
|
|
#endif
|
|
|
|
typedef SECURITY_STATUS (SEC_ENTRY * FREE_CREDENTIALS_HANDLE_FN)(PCredHandle phCredential);
|
|
|
|
typedef SECURITY_STATUS (SEC_ENTRY * INITIALIZE_SECURITY_CONTEXT_FN_A)(PCredHandle phCredential, PCtxtHandle phContext,
|
|
SEC_CHAR* pszTargetName, ULONG fContextReq, ULONG Reserved1, ULONG TargetDataRep,
|
|
PSecBufferDesc pInput, ULONG Reserved2, PCtxtHandle phNewContext,
|
|
PSecBufferDesc pOutput, PULONG pfContextAttr, PTimeStamp ptsExpiry);
|
|
typedef SECURITY_STATUS (SEC_ENTRY * INITIALIZE_SECURITY_CONTEXT_FN_W)(PCredHandle phCredential, PCtxtHandle phContext,
|
|
SEC_WCHAR* pszTargetName, ULONG fContextReq, ULONG Reserved1, ULONG TargetDataRep,
|
|
PSecBufferDesc pInput, ULONG Reserved2, PCtxtHandle phNewContext,
|
|
PSecBufferDesc pOutput, PULONG pfContextAttr, PTimeStamp ptsExpiry);
|
|
|
|
#ifdef UNICODE
|
|
#define InitializeSecurityContext InitializeSecurityContextW
|
|
#define INITIALIZE_SECURITY_CONTEXT_FN INITIALIZE_SECURITY_CONTEXT_FN_W
|
|
#else
|
|
#define InitializeSecurityContext InitializeSecurityContextA
|
|
#define INITIALIZE_SECURITY_CONTEXT_FN INITIALIZE_SECURITY_CONTEXT_FN_A
|
|
#endif
|
|
|
|
typedef SECURITY_STATUS (SEC_ENTRY * ACCEPT_SECURITY_CONTEXT_FN)(PCredHandle phCredential, PCtxtHandle phContext,
|
|
PSecBufferDesc pInput, ULONG fContextReq, ULONG TargetDataRep, PCtxtHandle phNewContext,
|
|
PSecBufferDesc pOutput, PULONG pfContextAttr, PTimeStamp ptsTimeStamp);
|
|
|
|
typedef SECURITY_STATUS (SEC_ENTRY * COMPLETE_AUTH_TOKEN_FN)(PCtxtHandle phContext, PSecBufferDesc pToken);
|
|
|
|
typedef SECURITY_STATUS (SEC_ENTRY * DELETE_SECURITY_CONTEXT_FN)(PCtxtHandle phContext);
|
|
|
|
typedef SECURITY_STATUS (SEC_ENTRY * APPLY_CONTROL_TOKEN_FN)(PCtxtHandle phContext, PSecBufferDesc pInput);
|
|
|
|
typedef SECURITY_STATUS (SEC_ENTRY * QUERY_CONTEXT_ATTRIBUTES_FN_A)(PCtxtHandle phContext, ULONG ulAttribute, void* pBuffer);
|
|
typedef SECURITY_STATUS (SEC_ENTRY * QUERY_CONTEXT_ATTRIBUTES_FN_W)(PCtxtHandle phContext, ULONG ulAttribute, void* pBuffer);
|
|
|
|
#ifdef UNICODE
|
|
#define QueryContextAttributes QueryContextAttributesW
|
|
#define QUERY_CONTEXT_ATTRIBUTES_FN QUERY_CONTEXT_ATTRIBUTES_FN_W
|
|
#else
|
|
#define QueryContextAttributes QueryContextAttributesA
|
|
#define QUERY_CONTEXT_ATTRIBUTES_FN QUERY_CONTEXT_ATTRIBUTES_FN_A
|
|
#endif
|
|
|
|
typedef SECURITY_STATUS (SEC_ENTRY * IMPERSONATE_SECURITY_CONTEXT_FN)(PCtxtHandle phContext);
|
|
|
|
typedef SECURITY_STATUS (SEC_ENTRY * REVERT_SECURITY_CONTEXT_FN)(PCtxtHandle phContext);
|
|
|
|
typedef SECURITY_STATUS (SEC_ENTRY * MAKE_SIGNATURE_FN)(PCtxtHandle phContext, ULONG fQOP, PSecBufferDesc pMessage, ULONG MessageSeqNo);
|
|
|
|
typedef SECURITY_STATUS (SEC_ENTRY * VERIFY_SIGNATURE_FN)(PCtxtHandle phContext, PSecBufferDesc pMessage, ULONG MessageSeqNo, PULONG pfQOP);
|
|
|
|
typedef SECURITY_STATUS (SEC_ENTRY * FREE_CONTEXT_BUFFER_FN)(void* pvContextBuffer);
|
|
|
|
typedef SECURITY_STATUS (SEC_ENTRY * QUERY_SECURITY_PACKAGE_INFO_FN_A)(SEC_CHAR* pszPackageName, PSecPkgInfoA* ppPackageInfo);
|
|
typedef SECURITY_STATUS (SEC_ENTRY * QUERY_SECURITY_PACKAGE_INFO_FN_W)(SEC_WCHAR* pszPackageName, PSecPkgInfoW* ppPackageInfo);
|
|
|
|
#ifdef UNICODE
|
|
#define QuerySecurityPackageInfo QuerySecurityPackageInfoW
|
|
#define QUERY_SECURITY_PACKAGE_INFO_FN QUERY_SECURITY_PACKAGE_INFO_FN_W
|
|
#else
|
|
#define QuerySecurityPackageInfo QuerySecurityPackageInfoA
|
|
#define QUERY_SECURITY_PACKAGE_INFO_FN QUERY_SECURITY_PACKAGE_INFO_FN_A
|
|
#endif
|
|
|
|
typedef SECURITY_STATUS (SEC_ENTRY * EXPORT_SECURITY_CONTEXT_FN)(PCtxtHandle phContext, UINT32 fFlags, PSecBuffer pPackedContext, void* pToken);
|
|
|
|
typedef SECURITY_STATUS (SEC_ENTRY * IMPORT_SECURITY_CONTEXT_FN_A)(SEC_CHAR* pszPackage, PSecBuffer pPackedContext, void* pToken, PCtxtHandle phContext);
|
|
typedef SECURITY_STATUS (SEC_ENTRY * IMPORT_SECURITY_CONTEXT_FN_W)(SEC_WCHAR* pszPackage, PSecBuffer pPackedContext, void* pToken, PCtxtHandle phContext);
|
|
|
|
#ifdef UNICODE
|
|
#define ImportSecurityContext ImportSecurityContextW
|
|
#define IMPORT_SECURITY_CONTEXT_FN IMPORT_SECURITY_CONTEXT_FN_W
|
|
#else
|
|
#define ImportSecurityContext ImportSecurityContextA
|
|
#define IMPORT_SECURITY_CONTEXT_FN IMPORT_SECURITY_CONTEXT_FN_A
|
|
#endif
|
|
|
|
typedef SECURITY_STATUS (SEC_ENTRY * ADD_CREDENTIALS_FN_A)(PCredHandle hCredentials, SEC_CHAR* pszPrincipal, SEC_CHAR* pszPackage,
|
|
UINT32 fCredentialUse, void* pAuthData, SEC_GET_KEY_FN pGetKeyFn, void* pvGetKeyArgument, PTimeStamp ptsExpiry);
|
|
typedef SECURITY_STATUS (SEC_ENTRY * ADD_CREDENTIALS_FN_W)(PCredHandle hCredentials, SEC_WCHAR* pszPrincipal, SEC_WCHAR* pszPackage,
|
|
UINT32 fCredentialUse, void* pAuthData, SEC_GET_KEY_FN pGetKeyFn, void* pvGetKeyArgument, PTimeStamp ptsExpiry);
|
|
|
|
#ifdef UNICODE
|
|
#define AddCredentials AddCredentialsW
|
|
#define ADD_CREDENTIALS_FN ADD_CREDENTIALS_FN_W
|
|
#else
|
|
#define AddCredentials AddCredentialsA
|
|
#define ADD_CREDENTIALS_FN ADD_CREDENTIALS_FN_A
|
|
#endif
|
|
|
|
typedef SECURITY_STATUS (SEC_ENTRY * QUERY_SECURITY_CONTEXT_TOKEN_FN)(PCtxtHandle phContext, void* phToken);
|
|
|
|
typedef SECURITY_STATUS (SEC_ENTRY * ENCRYPT_MESSAGE_FN)(PCtxtHandle phContext, ULONG fQOP, PSecBufferDesc pMessage, ULONG MessageSeqNo);
|
|
|
|
typedef SECURITY_STATUS (SEC_ENTRY * DECRYPT_MESSAGE_FN)(PCtxtHandle phContext, PSecBufferDesc pMessage, ULONG MessageSeqNo, PULONG pfQOP);
|
|
|
|
typedef SECURITY_STATUS (SEC_ENTRY * SET_CONTEXT_ATTRIBUTES_FN_A)(PCtxtHandle phContext, ULONG ulAttribute, void* pBuffer, ULONG cbBuffer);
|
|
typedef SECURITY_STATUS (SEC_ENTRY * SET_CONTEXT_ATTRIBUTES_FN_W)(PCtxtHandle phContext, ULONG ulAttribute, void* pBuffer, ULONG cbBuffer);
|
|
|
|
#ifdef UNICODE
|
|
#define SetContextAttributes SetContextAttributesW
|
|
#define SET_CONTEXT_ATTRIBUTES_FN SET_CONTEXT_ATTRIBUTES_FN_W
|
|
#else
|
|
#define SetContextAttributes SetContextAttributesA
|
|
#define SET_CONTEXT_ATTRIBUTES_FN SET_CONTEXT_ATTRIBUTES_FN_A
|
|
#endif
|
|
|
|
#define SECURITY_SUPPORT_PROVIDER_INTERFACE_VERSION 1 /* Interface has all routines through DecryptMessage */
|
|
#define SECURITY_SUPPORT_PROVIDER_INTERFACE_VERSION_2 2 /* Interface has all routines through SetContextAttributes */
|
|
#define SECURITY_SUPPORT_PROVIDER_INTERFACE_VERSION_3 3 /* Interface has all routines through SetCredentialsAttributes */
|
|
#define SECURITY_SUPPORT_PROVIDER_INTERFACE_VERSION_4 4 /* Interface has all routines through ChangeAccountPassword */
|
|
|
|
struct _SecurityFunctionTableA
|
|
{
|
|
UINT32 dwVersion;
|
|
ENUMERATE_SECURITY_PACKAGES_FN_A EnumerateSecurityPackagesA;
|
|
QUERY_CREDENTIALS_ATTRIBUTES_FN_A QueryCredentialsAttributesA;
|
|
ACQUIRE_CREDENTIALS_HANDLE_FN_A AcquireCredentialsHandleA;
|
|
FREE_CREDENTIALS_HANDLE_FN FreeCredentialsHandle;
|
|
void* Reserved2;
|
|
INITIALIZE_SECURITY_CONTEXT_FN_A InitializeSecurityContextA;
|
|
ACCEPT_SECURITY_CONTEXT_FN AcceptSecurityContext;
|
|
COMPLETE_AUTH_TOKEN_FN CompleteAuthToken;
|
|
DELETE_SECURITY_CONTEXT_FN DeleteSecurityContext;
|
|
APPLY_CONTROL_TOKEN_FN ApplyControlToken;
|
|
QUERY_CONTEXT_ATTRIBUTES_FN_A QueryContextAttributesA;
|
|
IMPERSONATE_SECURITY_CONTEXT_FN ImpersonateSecurityContext;
|
|
REVERT_SECURITY_CONTEXT_FN RevertSecurityContext;
|
|
MAKE_SIGNATURE_FN MakeSignature;
|
|
VERIFY_SIGNATURE_FN VerifySignature;
|
|
FREE_CONTEXT_BUFFER_FN FreeContextBuffer;
|
|
QUERY_SECURITY_PACKAGE_INFO_FN_A QuerySecurityPackageInfoA;
|
|
void* Reserved3;
|
|
void* Reserved4;
|
|
EXPORT_SECURITY_CONTEXT_FN ExportSecurityContext;
|
|
IMPORT_SECURITY_CONTEXT_FN_A ImportSecurityContextA;
|
|
ADD_CREDENTIALS_FN_A AddCredentialsA;
|
|
void* Reserved8;
|
|
QUERY_SECURITY_CONTEXT_TOKEN_FN QuerySecurityContextToken;
|
|
ENCRYPT_MESSAGE_FN EncryptMessage;
|
|
DECRYPT_MESSAGE_FN DecryptMessage;
|
|
SET_CONTEXT_ATTRIBUTES_FN_A SetContextAttributesA;
|
|
};
|
|
typedef struct _SecurityFunctionTableA SecurityFunctionTableA;
|
|
typedef SecurityFunctionTableA* PSecurityFunctionTableA;
|
|
|
|
struct _SecurityFunctionTableW
|
|
{
|
|
UINT32 dwVersion;
|
|
ENUMERATE_SECURITY_PACKAGES_FN_W EnumerateSecurityPackagesW;
|
|
QUERY_CREDENTIALS_ATTRIBUTES_FN_W QueryCredentialsAttributesW;
|
|
ACQUIRE_CREDENTIALS_HANDLE_FN_W AcquireCredentialsHandleW;
|
|
FREE_CREDENTIALS_HANDLE_FN FreeCredentialsHandle;
|
|
void* Reserved2;
|
|
INITIALIZE_SECURITY_CONTEXT_FN_W InitializeSecurityContextW;
|
|
ACCEPT_SECURITY_CONTEXT_FN AcceptSecurityContext;
|
|
COMPLETE_AUTH_TOKEN_FN CompleteAuthToken;
|
|
DELETE_SECURITY_CONTEXT_FN DeleteSecurityContext;
|
|
APPLY_CONTROL_TOKEN_FN ApplyControlToken;
|
|
QUERY_CONTEXT_ATTRIBUTES_FN_W QueryContextAttributesW;
|
|
IMPERSONATE_SECURITY_CONTEXT_FN ImpersonateSecurityContext;
|
|
REVERT_SECURITY_CONTEXT_FN RevertSecurityContext;
|
|
MAKE_SIGNATURE_FN MakeSignature;
|
|
VERIFY_SIGNATURE_FN VerifySignature;
|
|
FREE_CONTEXT_BUFFER_FN FreeContextBuffer;
|
|
QUERY_SECURITY_PACKAGE_INFO_FN_W QuerySecurityPackageInfoW;
|
|
void* Reserved3;
|
|
void* Reserved4;
|
|
EXPORT_SECURITY_CONTEXT_FN ExportSecurityContext;
|
|
IMPORT_SECURITY_CONTEXT_FN_W ImportSecurityContextW;
|
|
ADD_CREDENTIALS_FN_W AddCredentialsW;
|
|
void* Reserved8;
|
|
QUERY_SECURITY_CONTEXT_TOKEN_FN QuerySecurityContextToken;
|
|
ENCRYPT_MESSAGE_FN EncryptMessage;
|
|
DECRYPT_MESSAGE_FN DecryptMessage;
|
|
SET_CONTEXT_ATTRIBUTES_FN_W SetContextAttributesW;
|
|
};
|
|
typedef struct _SecurityFunctionTableW SecurityFunctionTableW;
|
|
typedef SecurityFunctionTableW* PSecurityFunctionTableW;
|
|
|
|
#ifdef UNICODE
|
|
#define InitSecurityInterface InitSecurityInterfaceW
|
|
#define SecurityFunctionTable SecurityFunctionTableW
|
|
#define PSecurityFunctionTable PSecurityFunctionTableW
|
|
#else
|
|
#define InitSecurityInterface InitSecurityInterfaceA
|
|
#define SecurityFunctionTable SecurityFunctionTableA
|
|
#define PSecurityFunctionTable PSecurityFunctionTableA
|
|
#endif
|
|
|
|
/* Package Management */
|
|
|
|
WINPR_API SECURITY_STATUS SEC_ENTRY EnumerateSecurityPackagesA(UINT32* pcPackages, PSecPkgInfoA* ppPackageInfo);
|
|
WINPR_API SECURITY_STATUS SEC_ENTRY EnumerateSecurityPackagesW(UINT32* pcPackages, PSecPkgInfoW* ppPackageInfo);
|
|
WINPR_API SecurityFunctionTableA* SEC_ENTRY InitSecurityInterfaceA(void);
|
|
WINPR_API SecurityFunctionTableW* SEC_ENTRY InitSecurityInterfaceW(void);
|
|
WINPR_API SECURITY_STATUS SEC_ENTRY QuerySecurityPackageInfoA(SEC_CHAR* pszPackageName, PSecPkgInfoA* ppPackageInfo);
|
|
WINPR_API SECURITY_STATUS SEC_ENTRY QuerySecurityPackageInfoW(SEC_WCHAR* pszPackageName, PSecPkgInfoW* ppPackageInfo);
|
|
|
|
/* Credential Management */
|
|
|
|
WINPR_API SECURITY_STATUS SEC_ENTRY AcquireCredentialsHandleA(SEC_CHAR* pszPrincipal, SEC_CHAR* pszPackage,
|
|
ULONG fCredentialUse, PLUID pvLogonID, void* pAuthData, void* pGetKeyFn,
|
|
void* pvGetKeyArgument, PCredHandle phCredential, PTimeStamp ptsExpiry);
|
|
WINPR_API SECURITY_STATUS SEC_ENTRY AcquireCredentialsHandleW(SEC_WCHAR* pszPrincipal, SEC_WCHAR* pszPackage,
|
|
ULONG fCredentialUse, PLUID pvLogonID, void* pAuthData, void* pGetKeyFn,
|
|
void* pvGetKeyArgument, PCredHandle phCredential, PTimeStamp ptsExpiry);
|
|
|
|
WINPR_API SECURITY_STATUS SEC_ENTRY ExportSecurityContext(PCtxtHandle phContext, UINT32 fFlags, PSecBuffer pPackedContext, void* pToken);
|
|
WINPR_API SECURITY_STATUS SEC_ENTRY FreeCredentialsHandle(PCredHandle phCredential);
|
|
|
|
WINPR_API SECURITY_STATUS SEC_ENTRY ImportSecurityContextA(SEC_CHAR* pszPackage, PSecBuffer pPackedContext, void* pToken, PCtxtHandle phContext);
|
|
WINPR_API SECURITY_STATUS SEC_ENTRY ImportSecurityContextW(SEC_WCHAR* pszPackage, PSecBuffer pPackedContext, void* pToken, PCtxtHandle phContext);
|
|
|
|
WINPR_API SECURITY_STATUS SEC_ENTRY QueryCredentialsAttributesA(PCredHandle phCredential, ULONG ulAttribute, void* pBuffer);
|
|
WINPR_API SECURITY_STATUS SEC_ENTRY QueryCredentialsAttributesW(PCredHandle phCredential, ULONG ulAttribute, void* pBuffer);
|
|
|
|
/* Context Management */
|
|
|
|
WINPR_API SECURITY_STATUS SEC_ENTRY AcceptSecurityContext(PCredHandle phCredential, PCtxtHandle phContext,
|
|
PSecBufferDesc pInput, ULONG fContextReq, ULONG TargetDataRep, PCtxtHandle phNewContext,
|
|
PSecBufferDesc pOutput, PULONG pfContextAttr, PTimeStamp ptsTimeStamp);
|
|
|
|
WINPR_API SECURITY_STATUS SEC_ENTRY ApplyControlToken(PCtxtHandle phContext, PSecBufferDesc pInput);
|
|
WINPR_API SECURITY_STATUS SEC_ENTRY CompleteAuthToken(PCtxtHandle phContext, PSecBufferDesc pToken);
|
|
WINPR_API SECURITY_STATUS SEC_ENTRY DeleteSecurityContext(PCtxtHandle phContext);
|
|
WINPR_API SECURITY_STATUS SEC_ENTRY FreeContextBuffer(void* pvContextBuffer);
|
|
WINPR_API SECURITY_STATUS SEC_ENTRY ImpersonateSecurityContext(PCtxtHandle phContext);
|
|
|
|
WINPR_API SECURITY_STATUS SEC_ENTRY InitializeSecurityContextA(PCredHandle phCredential, PCtxtHandle phContext,
|
|
SEC_CHAR* pszTargetName, ULONG fContextReq, ULONG Reserved1, ULONG TargetDataRep,
|
|
PSecBufferDesc pInput, ULONG Reserved2, PCtxtHandle phNewContext,
|
|
PSecBufferDesc pOutput, PULONG pfContextAttr, PTimeStamp ptsExpiry);
|
|
WINPR_API SECURITY_STATUS SEC_ENTRY InitializeSecurityContextW(PCredHandle phCredential, PCtxtHandle phContext,
|
|
SEC_WCHAR* pszTargetName, ULONG fContextReq, ULONG Reserved1, ULONG TargetDataRep,
|
|
PSecBufferDesc pInput, ULONG Reserved2, PCtxtHandle phNewContext,
|
|
PSecBufferDesc pOutput, PULONG pfContextAttr, PTimeStamp ptsExpiry);
|
|
|
|
WINPR_API SECURITY_STATUS SEC_ENTRY QueryContextAttributes(PCtxtHandle phContext, ULONG ulAttribute, void* pBuffer);
|
|
WINPR_API SECURITY_STATUS SEC_ENTRY QuerySecurityContextToken(PCtxtHandle phContext, void* phToken);
|
|
WINPR_API SECURITY_STATUS SEC_ENTRY SetContextAttributes(PCtxtHandle phContext, ULONG ulAttribute, void* pBuffer, ULONG cbBuffer);
|
|
WINPR_API SECURITY_STATUS SEC_ENTRY RevertSecurityContext(PCtxtHandle phContext);
|
|
|
|
/* Message Support */
|
|
|
|
WINPR_API SECURITY_STATUS SEC_ENTRY DecryptMessage(PCtxtHandle phContext, PSecBufferDesc pMessage, ULONG MessageSeqNo, PULONG pfQOP);
|
|
WINPR_API SECURITY_STATUS SEC_ENTRY EncryptMessage(PCtxtHandle phContext, ULONG fQOP, PSecBufferDesc pMessage, ULONG MessageSeqNo);
|
|
WINPR_API SECURITY_STATUS SEC_ENTRY MakeSignature(PCtxtHandle phContext, ULONG fQOP, PSecBufferDesc pMessage, ULONG MessageSeqNo);
|
|
WINPR_API SECURITY_STATUS SEC_ENTRY VerifySignature(PCtxtHandle phContext, PSecBufferDesc pMessage, ULONG MessageSeqNo, PULONG pfQOP);
|
|
|
|
#endif
|
|
|
|
/* Custom API */
|
|
|
|
WINPR_API void sspi_GlobalInit();
|
|
WINPR_API void sspi_GlobalFinish();
|
|
|
|
WINPR_API void sspi_SecBufferAlloc(PSecBuffer SecBuffer, size_t size);
|
|
WINPR_API void sspi_SecBufferFree(PSecBuffer SecBuffer);
|
|
|
|
WINPR_API void sspi_SetAuthIdentity(SEC_WINNT_AUTH_IDENTITY* identity, char* user, char* domain, char* password);
|
|
WINPR_API void sspi_CopyAuthIdentity(SEC_WINNT_AUTH_IDENTITY* identity, SEC_WINNT_AUTH_IDENTITY* srcIdentity);
|
|
|
|
#endif /* WINPR_SSPI_H */
|